Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate
Am 06.07.16 um 23:35 schrieb Dr. Stephen Henson: ... Yes, the other version cannot decrypt the CMS object generated by OpenSSL. I did some tests with Bouncy Castle, and it also cannot decrypt the CMS object. What might be interesting is that on the other hand Windows CryptoAPI is able to decrypt the CMS object (tested on Windows 10). Just to clarify: you're saying that neither this third party version nor BouncyCastler can decrypt the OpenSSL generated CMS objects? No, I didn't want to say that. BouncyCastle is unable to decrypt the third-party CMS object that I sent as an attachment in the initial email of this thread. OpenSSL and BouncyCastle interoperate just fine, I can encrypt and decrypt CMS messages in both directions without problems. -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate
Am 07.07.16 um 00:16 schrieb Dr. Stephen Henson: On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote: While doing research on this, we found one thing that looks suspicious in the CMS objects generated by OpenSSL 1.0.2. When dumping the CMS object with dumpasn1, the key wrap algorithm is encoded as follows: SEQUENCE { OBJECT IDENTIFIER '1 3 132 1 11 3' SEQUENCE { OBJECT IDENTIFIER aes256-wrap (2 16 840 1 101 3 4 1 45) NULL } } That's strange: I just tried OpenSSL 1.0.2 and the master branch and I don't get a NULL in either case. I apologize, you are right. I tracked this down to the fact that the CMS object was created with an OpenSSL 1.0.2 beta version. Sorry for the confusion. Also that algorithm isn't something you'd get by default with OpenSSL. Has it been modified in some way? It has not been modified. The algorithm is set with the EVP_PKEY_CTX_ctrl_str() function: EVP_PKEY_CTX_ctrl_str(ctx, "ecdh_kdf_md", "sha256"); -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate
On Wed, Jul 06, 2016, Stephan M?hlstrasser wrote: > Am 06.07.16 um 05:15 schrieb Dr. Stephen Henson: > >... > >>Is the CMS object broken, or is this a problem in OpenSSL? > >> > > > >Well the OpenSSL version does interop OK with the Bouncy Castle version of > >ECDH and CMS. I've checked through your test message and the problem is that > >the AES unwrapping algorithm checks fail meaning it can't proceed any > >further. > >That could be down to a CMS problem, an ECDH issue or a problem with the wrap > >algorithm either in the version you are testing or OpenSSL. > > > >Is it possible to get any debugging information from the other version you > >are > >using: for example the content encryption key it is expecting or the ECDH > >shared secret? > > I don't know whether that is possible, I will check. > > >Have you tried generating an message with OpenSSL and decrypting it with the > >other version? > > Yes, the other version cannot decrypt the CMS object generated by > OpenSSL. I did some tests with Bouncy Castle, and it also cannot > decrypt the CMS object. > > What might be interesting is that on the other hand Windows > CryptoAPI is able to decrypt the CMS object (tested on Windows 10). > Just to clarify: you're saying that neither this third party version nor BouncyCastler can decrypt the OpenSSL generated CMS objects? > While doing research on this, we found one thing that looks > suspicious in the CMS objects generated by OpenSSL 1.0.2. When > dumping the CMS object with dumpasn1, the key wrap algorithm is > encoded as follows: > > SEQUENCE { > OBJECT IDENTIFIER '1 3 132 1 11 3' > SEQUENCE { >OBJECT IDENTIFIER aes256-wrap (2 16 840 1 101 3 4 1 45) >NULL >} > } > > Note the NULL parameter in the aes256-wrap algorithm identifier. > Compare that to RFC 3565, "2.3.2. AES CEK Wrap Process": > > https://tools.ietf.org/html/rfc3565#section-2.3.2 > > "In all cases the parameters field MUST be absent." > > Does this refer to the parameters field of the AlgorithmIdentifier > of the AES key wrap algorithm? Then it would be incorrect to include > the NULL here. > I'll check. That looks like a bug as the code should be excluding the NULL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate
Am 06.07.16 um 05:15 schrieb Dr. Stephen Henson: ... Is the CMS object broken, or is this a problem in OpenSSL? Well the OpenSSL version does interop OK with the Bouncy Castle version of ECDH and CMS. I've checked through your test message and the problem is that the AES unwrapping algorithm checks fail meaning it can't proceed any further. That could be down to a CMS problem, an ECDH issue or a problem with the wrap algorithm either in the version you are testing or OpenSSL. Is it possible to get any debugging information from the other version you are using: for example the content encryption key it is expecting or the ECDH shared secret? I don't know whether that is possible, I will check. Have you tried generating an message with OpenSSL and decrypting it with the other version? Yes, the other version cannot decrypt the CMS object generated by OpenSSL. I did some tests with Bouncy Castle, and it also cannot decrypt the CMS object. What might be interesting is that on the other hand Windows CryptoAPI is able to decrypt the CMS object (tested on Windows 10). While doing research on this, we found one thing that looks suspicious in the CMS objects generated by OpenSSL 1.0.2. When dumping the CMS object with dumpasn1, the key wrap algorithm is encoded as follows: SEQUENCE { OBJECT IDENTIFIER '1 3 132 1 11 3' SEQUENCE { OBJECT IDENTIFIER aes256-wrap (2 16 840 1 101 3 4 1 45) NULL } } Note the NULL parameter in the aes256-wrap algorithm identifier. Compare that to RFC 3565, "2.3.2. AES CEK Wrap Process": https://tools.ietf.org/html/rfc3565#section-2.3.2 "In all cases the parameters field MUST be absent." Does this refer to the parameters field of the AlgorithmIdentifier of the AES key wrap algorithm? Then it would be incorrect to include the NULL here. -- Stephan -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate
On Fri, Jul 01, 2016, Stephan M?hlstrasser wrote: > Hi, > > we are testing OpenSSL interoperability with a third-party > application, and we cannot decrypt a CMS object that is encrypted by > the third-party application with a prime256v1 elliptic-curve > certificate. > > I have attached the following files: > > demo_signer_ec_secp256r1.cms.der: DER-encoded CMS object > demo_signer_ec_secp256r1.cert.pem: recipient certificate > demo_signer_ec_secp256r1.pkey.pem. recipient private key (no password) > > I try to decrypt the CMS object with the following command using > OpenSSL 1.0.2: > > $ openssl version > OpenSSL 1.0.2h 3 May 2016 > $ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der -inform > DER -recip demo_signer_ec_secp256r1.cert.pem -inkey > demo_signer_ec_secp256r1.pkey.pem > Error decrypting CMS using private key > > When I use OpenSSL 1.1.0 beta from today's HEAD of the master > branch, I see an additional error message: > > $ openssl version > OpenSSL 1.1.0-pre6-dev xx XXX > $ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der -inform > DER -recip demo_signer_ec_secp256r1.cert.pem -inkey > demo_signer_ec_secp256r1.pkey.pem > Error decrypting CMS using private key > 140735294530304:error:0D06E0A4:asn1 encoding > routines:asn1_do_adb:unsupported any defined by > type:crypto/asn1/tasn_utl.c:238: > The final error is bogus: fixed in current master. > Is the CMS object broken, or is this a problem in OpenSSL? > Well the OpenSSL version does interop OK with the Bouncy Castle version of ECDH and CMS. I've checked through your test message and the problem is that the AES unwrapping algorithm checks fail meaning it can't proceed any further. That could be down to a CMS problem, an ECDH issue or a problem with the wrap algorithm either in the version you are testing or OpenSSL. Is it possible to get any debugging information from the other version you are using: for example the content encryption key it is expecting or the ECDH shared secret? Have you tried generating an message with OpenSSL and decrypting it with the other version? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Unable to decrypt CMS object encrypted with EC prime256v1 certificate
Hi, we are testing OpenSSL interoperability with a third-party application, and we cannot decrypt a CMS object that is encrypted by the third-party application with a prime256v1 elliptic-curve certificate. I have attached the following files: demo_signer_ec_secp256r1.cms.der: DER-encoded CMS object demo_signer_ec_secp256r1.cert.pem: recipient certificate demo_signer_ec_secp256r1.pkey.pem. recipient private key (no password) I try to decrypt the CMS object with the following command using OpenSSL 1.0.2: $ openssl version OpenSSL 1.0.2h 3 May 2016 $ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der -inform DER -recip demo_signer_ec_secp256r1.cert.pem -inkey demo_signer_ec_secp256r1.pkey.pem Error decrypting CMS using private key When I use OpenSSL 1.1.0 beta from today's HEAD of the master branch, I see an additional error message: $ openssl version OpenSSL 1.1.0-pre6-dev xx XXX $ openssl cms -decrypt -in demo_signer_ec_secp256r1.cms.der -inform DER -recip demo_signer_ec_secp256r1.cert.pem -inkey demo_signer_ec_secp256r1.pkey.pem Error decrypting CMS using private key 140735294530304:error:0D06E0A4:asn1 encoding routines:asn1_do_adb:unsupported any defined by type:crypto/asn1/tasn_utl.c:238: Is the CMS object broken, or is this a problem in OpenSSL? Thanks -- Stephan demo_signer_ec_secp256r1.cert.pem Description: application/x509-ca-cert demo_signer_ec_secp256r1.cms.der Description: application/x509-ca-cert demo_signer_ec_secp256r1.pkey.pem Description: application/x509-ca-cert -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users