diff options
| author | K1 <dongbeiouba@gmail.com> | 2022-09-13 20:16:43 +0800 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-09-15 17:03:56 +0200 |
| commit | 48963ff6d0d07648e09e63d2dca9fb6069241f42 (patch) | |
| tree | a041320da0c9dd267b15dc61229e9220185fc954 | |
| parent | ef6d6e452dc57ef4a55d7a6ec0693be650009bb5 (diff) | |
| download | openssl-new-48963ff6d0d07648e09e63d2dca9fb6069241f42.tar.gz | |
Add support for PBE using hmacWithSM3
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19204)
| -rw-r--r-- | crypto/evp/evp_pbe.c | 3 | ||||
| -rw-r--r-- | crypto/objects/obj_dat.h | 15 | ||||
| -rw-r--r-- | crypto/objects/obj_mac.num | 1 | ||||
| -rw-r--r-- | crypto/objects/objects.txt | 3 | ||||
| -rw-r--r-- | fuzz/oids.txt | 1 | ||||
| -rw-r--r-- | include/openssl/obj_mac.h | 4 | ||||
| -rw-r--r-- | test/recipes/25-test_pkcs8.t | 40 |
7 files changed, 62 insertions, 5 deletions
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 87b1856c19..71e757c28d 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -83,6 +83,9 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_PRF, NID_hmac_sha3_512, -1, NID_sha3_512, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0}, +#ifndef OPENSSL_NO_SM3 + {EVP_PBE_TYPE_PRF, NID_hmacWithSM3, -1, NID_sm3, 0}, +#endif {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen, &PKCS5_v2_PBKDF2_keyivgen_ex}, #ifndef OPENSSL_NO_SCRYPT {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen, &PKCS5_v2_scrypt_keyivgen_ex} diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 5ce78310a7..eaecb61a51 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[8316] = { +static const unsigned char so[8326] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1148,9 +1148,10 @@ static const unsigned char so[8316] = { 0x04,0x00,0x81,0x95,0x32,0x01,0x05, /* [ 8290] OBJ_id_aa_ATSHashIndex_v3 */ 0x04,0x00,0x81,0x95,0x32,0x01,0x06, /* [ 8297] OBJ_signedAssertion */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x30, /* [ 8304] OBJ_id_aa_ets_archiveTimestampV2 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,0x03,0x01, /* [ 8315] OBJ_hmacWithSM3 */ }; -#define NUM_NID 1281 +#define NUM_NID 1282 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2433,9 +2434,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"id-aa-ATSHashIndex-v3", "id-aa-ATSHashIndex-v3", NID_id_aa_ATSHashIndex_v3, 7, &so[8290]}, {"signedAssertion", "signedAssertion", NID_signedAssertion, 7, &so[8297]}, {"id-aa-ets-archiveTimestampV2", "id-aa-ets-archiveTimestampV2", NID_id_aa_ets_archiveTimestampV2, 11, &so[8304]}, + {"hmacWithSM3", "hmacWithSM3", NID_hmacWithSM3, 10, &so[8315]}, }; -#define NUM_SN 1272 +#define NUM_SN 1273 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2946,6 +2948,7 @@ static const unsigned int sn_objs[NUM_SN] = { 801, /* "hmacWithSHA512" */ 1193, /* "hmacWithSHA512-224" */ 1194, /* "hmacWithSHA512-256" */ + 1281, /* "hmacWithSM3" */ 432, /* "holdInstructionCallIssuer" */ 430, /* "holdInstructionCode" */ 431, /* "holdInstructionNone" */ @@ -3711,7 +3714,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1272 +#define NUM_LN 1273 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -4258,6 +4261,7 @@ static const unsigned int ln_objs[NUM_LN] = { 801, /* "hmacWithSHA512" */ 1193, /* "hmacWithSHA512-224" */ 1194, /* "hmacWithSHA512-256" */ + 1281, /* "hmacWithSM3" */ 486, /* "homePostalAddress" */ 473, /* "homeTelephoneNumber" */ 466, /* "host" */ @@ -4987,7 +4991,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1143 +#define NUM_OBJ 1144 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5987,6 +5991,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ 456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ 457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ + 1281, /* OBJ_hmacWithSM3 1 2 156 10197 1 401 3 1 */ 1152, /* OBJ_dstu28147 1 2 804 2 1 1 1 1 1 1 */ 1156, /* OBJ_hmacWithDstu34311 1 2 804 2 1 1 1 1 1 2 */ 1157, /* OBJ_dstu34311 1 2 804 2 1 1 1 1 2 1 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index f64d7bbfa8..0a92288d1c 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1278,3 +1278,4 @@ id_aa_ATSHashIndex_v2 1277 id_aa_ATSHashIndex_v3 1278 signedAssertion 1279 id_aa_ets_archiveTimestampV2 1280 +hmacWithSM3 1281 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 58f00cf9a4..f413d27400 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -402,6 +402,9 @@ sm-scheme 504 : RSA-SM3 : sm3WithRSAEncryption sm-scheme 501 : SM2-SM3 : SM2-with-SM3 +# From GM/T 0091-2020 +sm3 3 1 : : hmacWithSM3 + # From RFC4231 rsadsi 2 8 : : hmacWithSHA224 rsadsi 2 9 : : hmacWithSHA256 diff --git a/fuzz/oids.txt b/fuzz/oids.txt index 0d43eaf67d..05c40eb79a 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1144,3 +1144,4 @@ OBJ_id_aa_ATSHashIndex_v2="\x04\x00\x81\x95\x32\x01\x04" OBJ_id_aa_ATSHashIndex_v3="\x04\x00\x81\x95\x32\x01\x05" OBJ_signedAssertion="\x04\x00\x81\x95\x32\x01\x06" OBJ_id_aa_ets_archiveTimestampV2="\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x30" +OBJ_hmacWithSM3="\x2A\x81\x1C\xCF\x55\x01\x83\x11\x03\x01" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 1e678ead22..f329fdfbb1 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -1237,6 +1237,10 @@ #define NID_SM2_with_SM3 1204 #define OBJ_SM2_with_SM3 OBJ_sm_scheme,501L +#define LN_hmacWithSM3 "hmacWithSM3" +#define NID_hmacWithSM3 1281 +#define OBJ_hmacWithSM3 OBJ_sm3,3L,1L + #define LN_hmacWithSHA224 "hmacWithSHA224" #define NID_hmacWithSHA224 798 #define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L diff --git a/test/recipes/25-test_pkcs8.t b/test/recipes/25-test_pkcs8.t new file mode 100644 index 0000000000..7e1758645b --- /dev/null +++ b/test/recipes/25-test_pkcs8.t @@ -0,0 +1,40 @@ +#! /usr/bin/env perl +# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test::Utils; +use File::Compare qw(compare_text); +use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips is_nofips/; + +setup("test_pkcs8"); + +plan tests => 3; + +SKIP: { + skip "SM2, SM3 or SM4 is not supported by this OpenSSL build", 3 + if disabled("sm2") || disabled("sm3") || disabled("sm4"); + + ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8', + '-in', srctop_file('test', 'certs', 'sm2.key'), + '-out', 'sm2-pbes2-sm4-hmacWithSM3.key', + '-passout', 'pass:password', + '-v2', 'sm4', '-v2prf', 'hmacWithSM3']))), + "Convert a private key to PKCS#5 v2.0 format using SM4 and hmacWithSM3"); + + ok_nofips(run(app(([ 'openssl', 'pkcs8', '-topk8', + '-in', 'sm2-pbes2-sm4-hmacWithSM3.key', + '-out', 'sm2.key', + '-passin', 'pass:password', '-nocrypt', + '-v2', 'sm4', '-v2prf', 'hmacWithSM3']))), + "Convert from PKCS#5 v2.0 format to PKCS#8 unencrypted format"); + + is_nofips(compare_text(srctop_file('test', 'certs', 'sm2.key'), 'sm2.key'), 0, + "compare test/certs/sm2.key to sm2.key") +} |