Add CMS AuthEnvelopedData with AES-GCM support

Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM parameter as defined in RFC 5084. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8024)
author: Jakub Zelenka <jakub.openssl@gmail.com> 2020-09-06 19:11:34 +0100
committer: Tomas Mraz <tmraz@fedoraproject.org> 2020-09-08 15:43:11 +0200
commit: 924663c36d47066d5307937da77fed7e872730c7 (patch)
tree: a60cfe385cc29402bdaceaaa5a8b069ca6a6a50a /include
parent: d96486dc809b5d134055785bfa6d707195d95534 (diff)
5 files changed, 29 insertions, 0 deletions
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index 624df3cb05..6e1d396851 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/asn1.h>
+
 /* Internal ASN1 structures and functions: not for application use */
 
 /* ASN1 public key method structure */
@@ -124,3 +126,10 @@ struct asn1_pctx_st {
     unsigned long oid_flags;
     unsigned long str_flags;
 } /* ASN1_PCTX */ ;
+
+/* ASN1 type functions */
+
+int asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
+                                  unsigned char *data, int len);
+int asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len);
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 7008e490e8..c488834511 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -511,6 +511,18 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
                              (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
                              cipher##_init_key, NULL, NULL, NULL, NULL)
 
+typedef struct {
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    unsigned int iv_len;
+    unsigned int tag_len;
+} evp_cipher_aead_asn1_params;
+
+int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
+                                evp_cipher_aead_asn1_params *params);
+
+int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
+                                evp_cipher_aead_asn1_params *params);
+
 /*
  * An EVP_PKEY can have the following states:
  *
diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h
index f610d8816d..b58339ba47 100644
--- a/include/openssl/asn1err.h
+++ b/include/openssl/asn1err.h
@@ -82,6 +82,7 @@ int ERR_load_ASN1_strings(void);
 #  define ASN1_F_ASN1_TIME_ADJ                             0
 #  define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             0
 #  define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 0
+#  define ASN1_F_ASN1_TYPE_GET_OCTETSTRING_INT             0
 #  define ASN1_F_ASN1_UTCTIME_ADJ                          0
 #  define ASN1_F_ASN1_VERIFY                               0
 #  define ASN1_F_B64_READ_ASN1                             0
diff --git a/include/openssl/cms.h b/include/openssl/cms.h
index 7397008fcb..ad6718dd6f 100644
--- a/include/openssl/cms.h
+++ b/include/openssl/cms.h
@@ -189,6 +189,11 @@ int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_ContentInfo *
+CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
+                                         OPENSSL_CTX *ctx,
+                                         const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
                                                       OPENSSL_CTX *ctx,
diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h
index 97704bfa52..1e7daf044b 100644
--- a/include/openssl/cmserr.h
+++ b/include/openssl/cmserr.h
@@ -131,6 +131,8 @@ int ERR_load_CMS_strings(void);
 #  define CMS_R_CERTIFICATE_ALREADY_PRESENT                175
 #  define CMS_R_CERTIFICATE_HAS_NO_KEYID                   160
 #  define CMS_R_CERTIFICATE_VERIFY_ERROR                   100
+#  define CMS_R_CIPHER_AEAD_SET_TAG_ERROR                  184
+#  define CMS_R_CIPHER_GET_TAG                             185
 #  define CMS_R_CIPHER_INITIALISATION_ERROR                101
 #  define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR      102
 #  define CMS_R_CMS_DATAFINAL_ERROR                        103
author	Jakub Zelenka <jakub.openssl@gmail.com>	2020-09-06 19:11:34 +0100
committer	Tomas Mraz <tmraz@fedoraproject.org>	2020-09-08 15:43:11 +0200
commit	924663c36d47066d5307937da77fed7e872730c7 (patch)
tree	a60cfe385cc29402bdaceaaa5a8b069ca6a6a50a /include
parent	d96486dc809b5d134055785bfa6d707195d95534 (diff)