diff mbox series

[ima-evm-utils,v3] ima-evm-utils: Support SM2 algorithm for sign and verify

Message ID 20210526084455.56705-1-tianjia.zhang@linux.alibaba.com (mailing list archive)
State New, archived
Headers show
Series [ima-evm-utils,v3] ima-evm-utils: Support SM2 algorithm for sign and verify | expand

Commit Message

tianjia.zhang May 26, 2021, 8:44 a.m. UTC
The combination of SM2 and SM3 algorithms has been implemented in the
kernel. At present, the ima-evm-utils signature tool does not support
this combination of algorithms. Because in the current version of
OpenSSL 1.1.1, the SM2 algorithm and the public key using the EC
algorithm share the same ID 'EVP_PKEY_EC', and the specific algorithm
can only be distinguished by the curve name used. This patch supports
this feature.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 src/libimaevm.c        | 20 ++++++++++++++++++++
 tests/gen-keys.sh      | 22 ++++++++++++++++++++++
 tests/ima_hash.test    |  3 +--
 tests/sign_verify.test |  2 ++
 4 files changed, 45 insertions(+), 2 deletions(-)

Comments

tianjia.zhang July 2, 2021, 3:18 a.m. UTC | #1
Hi,

Any comment?

Cheers,
Tianjia

On 5/26/21 4:44 PM, Tianjia Zhang wrote:
> The combination of SM2 and SM3 algorithms has been implemented in the
> kernel. At present, the ima-evm-utils signature tool does not support
> this combination of algorithms. Because in the current version of
> OpenSSL 1.1.1, the SM2 algorithm and the public key using the EC
> algorithm share the same ID 'EVP_PKEY_EC', and the specific algorithm
> can only be distinguished by the curve name used. This patch supports
> this feature.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> ---
>   src/libimaevm.c        | 20 ++++++++++++++++++++
>   tests/gen-keys.sh      | 22 ++++++++++++++++++++++
>   tests/ima_hash.test    |  3 +--
>   tests/sign_verify.test |  2 ++
>   4 files changed, 45 insertions(+), 2 deletions(-)
> 
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index fa6c278..589dd09 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -518,6 +518,16 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
>   		return -1;
>   	}
>   
> +#ifdef EVP_PKEY_SM2
> +	/* If EC key are used, check whether it is SM2 key */
> +	if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
> +		EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
> +		int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
> +		if (curve == NID_sm2)
> +			EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
> +	}
> +#endif
> +
>   	st = "EVP_PKEY_CTX_new";
>   	if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
>   		goto err;
> @@ -932,6 +942,16 @@ static int sign_hash_v2(const char *algo, const unsigned char *hash,
>   		return -1;
>   	}
>   
> +#ifdef EVP_PKEY_SM2
> +	/* If EC key are used, check whether it is SM2 key */
> +	if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
> +		EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
> +		int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
> +		if (curve == NID_sm2)
> +			EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
> +	}
> +#endif
> +
>   	calc_keyid_v2(&keyid, name, pkey);
>   	hdr->keyid = keyid;
>   
> diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
> index 46130cf..a75dc2e 100755
> --- a/tests/gen-keys.sh
> +++ b/tests/gen-keys.sh
> @@ -112,6 +112,28 @@ for m in \
>       fi
>   done
>   
> +# SM2
> +for curve in sm2; do
> +  if [ "$1" = clean ] || [ "$1" = force ]; then
> +    rm -f test-$curve.cer test-$curve.key test-$curve.pub
> +  fi
> +  if [ "$1" = clean ]; then
> +    continue
> +  fi
> +  if [ ! -e test-$curve.key ]; then
> +    log openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 \
> +      -sm3 -sigopt "distid:1234567812345678" \
> +      -config test-ca.conf \
> +      -copy_extensions copyall \
> +      -newkey $curve \
> +      -out test-$curve.cer -outform DER \
> +      -keyout test-$curve.key
> +    if [ -s test-$curve.key ]; then
> +      log openssl pkey -in test-$curve.key -out test-$curve.pub -pubout
> +    fi
> +  fi
> +done
> +
>   # This script leaves test-ca.conf, *.cer, *.pub, *.key files for sing/verify tests.
>   # They are never deleted except by `make distclean'.
>   
> diff --git a/tests/ima_hash.test b/tests/ima_hash.test
> index 8d66e59..46de4c9 100755
> --- a/tests/ima_hash.test
> +++ b/tests/ima_hash.test
> @@ -70,8 +70,7 @@ expect_pass check  sha256     0x0404 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649
>   expect_pass check  sha384     0x0405 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
>   expect_pass check  sha512     0x0406 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
>   expect_pass check  rmd160     0x0403 9c1185a5c5e9fc54612808977ee8f548b2258d31
> -expect_fail check  sm3        0x01
> -expect_fail check  sm3-256    0x01
> +expect_pass check  sm3        0x01 1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b
>   _enable_gost_engine
>   expect_pass check  md_gost12_256 0x0412 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
>   expect_pass check  streebog256   0x0412 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
> diff --git a/tests/sign_verify.test b/tests/sign_verify.test
> index 3d7aa51..7ad2d96 100755
> --- a/tests/sign_verify.test
> +++ b/tests/sign_verify.test
> @@ -387,6 +387,8 @@ sign_verify  prime256v1 sha256 0x030204:K:004[345678]
>   sign_verify  prime256v1 sha384 0x030205:K:004[345678]
>   sign_verify  prime256v1 sha512 0x030206:K:004[345678]
>   
> +sign_verify  sm2        sm3    0x030211:K:004[345678]
> +
>   # Test v2 signatures with EC-RDSA
>   _enable_gost_engine
>   sign_verify  gost2012_256-A md_gost12_256 0x030212:K:0040
>
Mimi Zohar July 7, 2021, 2:28 a.m. UTC | #2
On Fri, 2021-07-02 at 11:18 +0800, Tianjia Zhang wrote:
> Hi,
> 
> Any comment?

Except for a few older distros, Travis complains:

 openssl dgst  -sm3 sm3-hash.txt
+ evmctl -v  ima_hash --hashalgo sm3 --xattr-user sm3-hash.txt
  hash(sm3):
04111ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b
Did not find expected hash for sm3:
    user.ima=0x011ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035
eb5082aa2b
Actual output below:
    # file: sm3-hash.txt
    user.ima=0x04111ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed0
35eb5082aa2b 

> > diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
> > index 46130cf..a75dc2e 100755
> > --- a/tests/gen-keys.sh
> > +++ b/tests/gen-keys.sh
> > @@ -112,6 +112,28 @@ for m in \
> >       fi
> >   done
> >   
> > +# SM2
> > +for curve in sm2; do
> > +  if [ "$1" = clean ] || [ "$1" = force ]; then
> > +    rm -f test-$curve.cer test-$curve.key test-$curve.pub
> > +  fi
> > +  if [ "$1" = clean ]; then
> > +    continue
> > +  fi
> > +  if [ ! -e test-$curve.key ]; then
> > +    log openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 \
> > +      -sm3 -sigopt "distid:1234567812345678" \
> > +      -config test-ca.conf \
> > +      -copy_extensions copyall \
> > +      -newkey $curve \
> > +      -out test-$curve.cer -outform DER \
> > +      -keyout test-$curve.key
> > +    if [ -s test-$curve.key ]; then
> > +      log openssl pkey -in test-$curve.key -out test-$curve.pub -pubout
> > +    fi
> > +  fi
> > +done

I'm also seeing:
- openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
-sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
req: Unrecognized flag copy_extensions

thanks,

Mimi
tianjia.zhang July 9, 2021, 9:06 a.m. UTC | #3
On 7/7/21 10:28 AM, Mimi Zohar wrote:
> On Fri, 2021-07-02 at 11:18 +0800, Tianjia Zhang wrote:
>> Hi,
>>
>> Any comment?
> 
> Except for a few older distros, Travis complains:
> 
>   openssl dgst  -sm3 sm3-hash.txt
> + evmctl -v  ima_hash --hashalgo sm3 --xattr-user sm3-hash.txt
>    hash(sm3):
> 04111ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b
> Did not find expected hash for sm3:
>      user.ima=0x011ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035
> eb5082aa2b
> Actual output below:
>      # file: sm3-hash.txt
>      user.ima=0x04111ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed0
> 35eb5082aa2b
> 

Thanks for pointing it out, This is caused by incorrect use of 
hdr-prefix and will be fixed in the next version.

>>> diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
>>> index 46130cf..a75dc2e 100755
>>> --- a/tests/gen-keys.sh
>>> +++ b/tests/gen-keys.sh
>>> @@ -112,6 +112,28 @@ for m in \
>>>        fi
>>>    done
>>>    
>>> +# SM2
>>> +for curve in sm2; do
>>> +  if [ "$1" = clean ] || [ "$1" = force ]; then
>>> +    rm -f test-$curve.cer test-$curve.key test-$curve.pub
>>> +  fi
>>> +  if [ "$1" = clean ]; then
>>> +    continue
>>> +  fi
>>> +  if [ ! -e test-$curve.key ]; then
>>> +    log openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 \
>>> +      -sm3 -sigopt "distid:1234567812345678" \
>>> +      -config test-ca.conf \
>>> +      -copy_extensions copyall \
>>> +      -newkey $curve \
>>> +      -out test-$curve.cer -outform DER \
>>> +      -keyout test-$curve.key
>>> +    if [ -s test-$curve.key ]; then
>>> +      log openssl pkey -in test-$curve.key -out test-$curve.pub -pubout
>>> +    fi
>>> +  fi
>>> +done
> 
> I'm also seeing:
> - openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
> -sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
> copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
> req: Unrecognized flag copy_extensions
> 

This command is for openssl 3.0, and '-copy_extensions copyall' is also 
a parameter supported on 3.0. At present, the mainstream version of 
openssl 1.1.1 only partially supports SM2 signatures. For example, the 
USERID in the SM2 specification cannot be used, and the certificate 
cannot be operated in the command using the SM2/3 algorithm combination, 
just like the modification of libimaevm.c in this patch, this cannot be 
done directly through the openssl command, even if the '-copy_extensions 
copyall' parameter is deleted, this command will be failed on openssl 
1.1.1. The final solution may be openssl 3.0.

On openssl 1.1.1, there is no problem to operate the signature of the 
SM2/3 algorithm combination through the API. If it is possible, the 
sign_verify test of sm2/3 is not required. What is your opinion?

> thanks,
> 
> Mimi
> 

Cheers,
Tianjia
Mimi Zohar July 9, 2021, 12:05 p.m. UTC | #4
On Fri, 2021-07-09 at 17:06 +0800, Tianjia Zhang wrote:
> On 7/7/21 10:28 AM, Mimi Zohar wrote:


> > I'm also seeing:
> > - openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
> > -sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
> > copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
> > req: Unrecognized flag copy_extensions
> > 
> 
> This command is for openssl 3.0, and '-copy_extensions copyall' is also 
> a parameter supported on 3.0. At present, the mainstream version of 
> openssl 1.1.1 only partially supports SM2 signatures. For example, the 
> USERID in the SM2 specification cannot be used, and the certificate 
> cannot be operated in the command using the SM2/3 algorithm combination, 
> just like the modification of libimaevm.c in this patch, this cannot be 
> done directly through the openssl command, even if the '-copy_extensions 
> copyall' parameter is deleted, this command will be failed on openssl 
> 1.1.1. The final solution may be openssl 3.0.
> 
> On openssl 1.1.1, there is no problem to operate the signature of the 
> SM2/3 algorithm combination through the API. If it is possible, the 
> sign_verify test of sm2/3 is not required. What is your opinion?

Instead of dropping the test altogether, add an openssl version
dependency.

thanks,

Mimi
tianjia.zhang July 12, 2021, 12:12 p.m. UTC | #5
On 7/9/21 8:05 PM, Mimi Zohar wrote:
> On Fri, 2021-07-09 at 17:06 +0800, Tianjia Zhang wrote:
>> On 7/7/21 10:28 AM, Mimi Zohar wrote:
> 
> 
>>> I'm also seeing:
>>> - openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
>>> -sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
>>> copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
>>> req: Unrecognized flag copy_extensions
>>>
>>
>> This command is for openssl 3.0, and '-copy_extensions copyall' is also
>> a parameter supported on 3.0. At present, the mainstream version of
>> openssl 1.1.1 only partially supports SM2 signatures. For example, the
>> USERID in the SM2 specification cannot be used, and the certificate
>> cannot be operated in the command using the SM2/3 algorithm combination,
>> just like the modification of libimaevm.c in this patch, this cannot be
>> done directly through the openssl command, even if the '-copy_extensions
>> copyall' parameter is deleted, this command will be failed on openssl
>> 1.1.1. The final solution may be openssl 3.0.
>>
>> On openssl 1.1.1, there is no problem to operate the signature of the
>> SM2/3 algorithm combination through the API. If it is possible, the
>> sign_verify test of sm2/3 is not required. What is your opinion?
> 
> Instead of dropping the test altogether, add an openssl version
> dependency.
> 
> thanks,
> 
> Mimi
> 

Great. will do in next version patch.

Best regards,
Tianjia
Mimi Zohar July 12, 2021, 12:35 p.m. UTC | #6
On Mon, 2021-07-12 at 20:12 +0800, Tianjia Zhang wrote:
> 
> On 7/9/21 8:05 PM, Mimi Zohar wrote:
> > On Fri, 2021-07-09 at 17:06 +0800, Tianjia Zhang wrote:
> >> On 7/7/21 10:28 AM, Mimi Zohar wrote:
> > 
> > 
> >>> I'm also seeing:
> >>> - openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
> >>> -sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
> >>> copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
> >>> req: Unrecognized flag copy_extensions
> >>>
> >>
> >> This command is for openssl 3.0, and '-copy_extensions copyall' is also
> >> a parameter supported on 3.0. At present, the mainstream version of
> >> openssl 1.1.1 only partially supports SM2 signatures. For example, the
> >> USERID in the SM2 specification cannot be used, and the certificate
> >> cannot be operated in the command using the SM2/3 algorithm combination,
> >> just like the modification of libimaevm.c in this patch, this cannot be
> >> done directly through the openssl command, even if the '-copy_extensions
> >> copyall' parameter is deleted, this command will be failed on openssl
> >> 1.1.1. The final solution may be openssl 3.0.
> >>
> >> On openssl 1.1.1, there is no problem to operate the signature of the
> >> SM2/3 algorithm combination through the API. If it is possible, the
> >> sign_verify test of sm2/3 is not required. What is your opinion?
> > 
> > Instead of dropping the test altogether, add an openssl version
> > dependency.
> 
> Great. will do in next version patch.

Please consider adding a new CI distro matrix rule that includes the
needed openssl version.  Another option would be to define a new script
in the tests directory to install openssl from the git repo.  Please
limit using that script to a single distro matrix rule.

thanks,

Mimi
tianjia.zhang July 12, 2021, 12:45 p.m. UTC | #7
On 7/12/21 8:35 PM, Mimi Zohar wrote:
> On Mon, 2021-07-12 at 20:12 +0800, Tianjia Zhang wrote:
>>
>> On 7/9/21 8:05 PM, Mimi Zohar wrote:
>>> On Fri, 2021-07-09 at 17:06 +0800, Tianjia Zhang wrote:
>>>> On 7/7/21 10:28 AM, Mimi Zohar wrote:
>>>
>>>
>>>>> I'm also seeing:
>>>>> - openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
>>>>> -sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
>>>>> copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
>>>>> req: Unrecognized flag copy_extensions
>>>>>
>>>>
>>>> This command is for openssl 3.0, and '-copy_extensions copyall' is also
>>>> a parameter supported on 3.0. At present, the mainstream version of
>>>> openssl 1.1.1 only partially supports SM2 signatures. For example, the
>>>> USERID in the SM2 specification cannot be used, and the certificate
>>>> cannot be operated in the command using the SM2/3 algorithm combination,
>>>> just like the modification of libimaevm.c in this patch, this cannot be
>>>> done directly through the openssl command, even if the '-copy_extensions
>>>> copyall' parameter is deleted, this command will be failed on openssl
>>>> 1.1.1. The final solution may be openssl 3.0.
>>>>
>>>> On openssl 1.1.1, there is no problem to operate the signature of the
>>>> SM2/3 algorithm combination through the API. If it is possible, the
>>>> sign_verify test of sm2/3 is not required. What is your opinion?
>>>
>>> Instead of dropping the test altogether, add an openssl version
>>> dependency.
>>
>> Great. will do in next version patch.
> 
> Please consider adding a new CI distro matrix rule that includes the
> needed openssl version.  Another option would be to define a new script
> in the tests directory to install openssl from the git repo.  Please
> limit using that script to a single distro matrix rule.
> 

Got it, thanks for your suggestion. It seems that the second method is 
more suitable.

Thanks,
Tianjia
Petr Vorel July 12, 2021, 8:27 p.m. UTC | #8
Hi Tianjia, Mimi,

> On 7/12/21 8:35 PM, Mimi Zohar wrote:
> > On Mon, 2021-07-12 at 20:12 +0800, Tianjia Zhang wrote:

> > > On 7/9/21 8:05 PM, Mimi Zohar wrote:
> > > > On Fri, 2021-07-09 at 17:06 +0800, Tianjia Zhang wrote:
> > > > > On 7/7/21 10:28 AM, Mimi Zohar wrote:


> > > > > > I'm also seeing:
> > > > > > - openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
> > > > > > -sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
> > > > > > copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
> > > > > > req: Unrecognized flag copy_extensions


> > > > > This command is for openssl 3.0, and '-copy_extensions copyall' is also
> > > > > a parameter supported on 3.0. At present, the mainstream version of
> > > > > openssl 1.1.1 only partially supports SM2 signatures. For example, the
> > > > > USERID in the SM2 specification cannot be used, and the certificate
> > > > > cannot be operated in the command using the SM2/3 algorithm combination,
> > > > > just like the modification of libimaevm.c in this patch, this cannot be
> > > > > done directly through the openssl command, even if the '-copy_extensions
> > > > > copyall' parameter is deleted, this command will be failed on openssl
> > > > > 1.1.1. The final solution may be openssl 3.0.

> > > > > On openssl 1.1.1, there is no problem to operate the signature of the
> > > > > SM2/3 algorithm combination through the API. If it is possible, the
> > > > > sign_verify test of sm2/3 is not required. What is your opinion?

> > > > Instead of dropping the test altogether, add an openssl version
> > > > dependency.

> > > Great. will do in next version patch.

> > Please consider adding a new CI distro matrix rule that includes the
> > needed openssl version.  Another option would be to define a new script
> > in the tests directory to install openssl from the git repo.  Please
> > limit using that script to a single distro matrix rule.


> Got it, thanks for your suggestion. It seems that the second method is more
> suitable.
Although it appears there is no distro which would have openssl 3.0 [1],
Debian actually have 3.0.0~~beta1-1 in experimental [2]. openSUSE has slightly
older version openssl-3.0.0-alpha16 [3]. I suppose we update soon to beta1 as
well.

Using distro packages would be probably faster to run in CI than install from git.

Kind regards,
Petr

[1] https://pkgs.org/download/openssl
[2] https://tracker.debian.org/pkg/openssl
[3] https://build.opensuse.org/package/show/security:tls/openssl-3

> Thanks,
> Tianjia
Mimi Zohar July 12, 2021, 10:44 p.m. UTC | #9
On Mon, 2021-07-12 at 22:27 +0200, Petr Vorel wrote:
> Hi Tianjia, Mimi,
> 
> > On 7/12/21 8:35 PM, Mimi Zohar wrote:
> > > On Mon, 2021-07-12 at 20:12 +0800, Tianjia Zhang wrote:
> 
> > > > On 7/9/21 8:05 PM, Mimi Zohar wrote:
> > > > > On Fri, 2021-07-09 at 17:06 +0800, Tianjia Zhang wrote:
> > > > > > On 7/7/21 10:28 AM, Mimi Zohar wrote:
> 
> 
> > > > > > > I'm also seeing:
> > > > > > > - openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
> > > > > > > -sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
> > > > > > > copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
> > > > > > > req: Unrecognized flag copy_extensions
> 
> 
> > > > > > This command is for openssl 3.0, and '-copy_extensions copyall' is also
> > > > > > a parameter supported on 3.0. At present, the mainstream version of
> > > > > > openssl 1.1.1 only partially supports SM2 signatures. For example, the
> > > > > > USERID in the SM2 specification cannot be used, and the certificate
> > > > > > cannot be operated in the command using the SM2/3 algorithm combination,
> > > > > > just like the modification of libimaevm.c in this patch, this cannot be
> > > > > > done directly through the openssl command, even if the '-copy_extensions
> > > > > > copyall' parameter is deleted, this command will be failed on openssl
> > > > > > 1.1.1. The final solution may be openssl 3.0.
> 
> > > > > > On openssl 1.1.1, there is no problem to operate the signature of the
> > > > > > SM2/3 algorithm combination through the API. If it is possible, the
> > > > > > sign_verify test of sm2/3 is not required. What is your opinion?
> 
> > > > > Instead of dropping the test altogether, add an openssl version
> > > > > dependency.
> 
> > > > Great. will do in next version patch.
> 
> > > Please consider adding a new CI distro matrix rule that includes the
> > > needed openssl version.  Another option would be to define a new script
> > > in the tests directory to install openssl from the git repo.  Please
> > > limit using that script to a single distro matrix rule.
> 
> 
> > Got it, thanks for your suggestion. It seems that the second method is more
> > suitable.
> Although it appears there is no distro which would have openssl 3.0 [1],
> Debian actually have 3.0.0~~beta1-1 in experimental [2]. openSUSE has slightly
> older version openssl-3.0.0-alpha16 [3]. I suppose we update soon to beta1 as
> well.
> 
> Using distro packages would be probably faster to run in CI than install from git.

Definitely!

thanks,

Mimi
tianjia.zhang July 14, 2021, 1:07 p.m. UTC | #10
On 7/13/21 4:27 AM, Petr Vorel wrote:
> Hi Tianjia, Mimi,
> 
>> On 7/12/21 8:35 PM, Mimi Zohar wrote:
>>> On Mon, 2021-07-12 at 20:12 +0800, Tianjia Zhang wrote:
> 
>>>> On 7/9/21 8:05 PM, Mimi Zohar wrote:
>>>>> On Fri, 2021-07-09 at 17:06 +0800, Tianjia Zhang wrote:
>>>>>> On 7/7/21 10:28 AM, Mimi Zohar wrote:
> 
> 
>>>>>>> I'm also seeing:
>>>>>>> - openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 -sm3
>>>>>>> -sigopt distid:1234567812345678 -config test-ca.conf -copy_extensions
>>>>>>> copyall -newkey sm2 -out test-sm2.cer -outform DER -keyout test-sm2.key
>>>>>>> req: Unrecognized flag copy_extensions
> 
> 
>>>>>> This command is for openssl 3.0, and '-copy_extensions copyall' is also
>>>>>> a parameter supported on 3.0. At present, the mainstream version of
>>>>>> openssl 1.1.1 only partially supports SM2 signatures. For example, the
>>>>>> USERID in the SM2 specification cannot be used, and the certificate
>>>>>> cannot be operated in the command using the SM2/3 algorithm combination,
>>>>>> just like the modification of libimaevm.c in this patch, this cannot be
>>>>>> done directly through the openssl command, even if the '-copy_extensions
>>>>>> copyall' parameter is deleted, this command will be failed on openssl
>>>>>> 1.1.1. The final solution may be openssl 3.0.
> 
>>>>>> On openssl 1.1.1, there is no problem to operate the signature of the
>>>>>> SM2/3 algorithm combination through the API. If it is possible, the
>>>>>> sign_verify test of sm2/3 is not required. What is your opinion?
> 
>>>>> Instead of dropping the test altogether, add an openssl version
>>>>> dependency.
> 
>>>> Great. will do in next version patch.
> 
>>> Please consider adding a new CI distro matrix rule that includes the
>>> needed openssl version.  Another option would be to define a new script
>>> in the tests directory to install openssl from the git repo.  Please
>>> limit using that script to a single distro matrix rule.
> 
> 
>> Got it, thanks for your suggestion. It seems that the second method is more
>> suitable.
> Although it appears there is no distro which would have openssl 3.0 [1],
> Debian actually have 3.0.0~~beta1-1 in experimental [2]. openSUSE has slightly
> older version openssl-3.0.0-alpha16 [3]. I suppose we update soon to beta1 as
> well.
> 
> Using distro packages would be probably faster to run in CI than install from git.
> 
> Kind regards,
> Petr
> 
> [1] https://pkgs.org/download/openssl
> [2] https://tracker.debian.org/pkg/openssl
> [3] https://build.opensuse.org/package/show/security:tls/openssl-3
> 

Thanks for your suggestion. I used the release package of beta1 on 
github, which has been implemented in the patch of v4. Please also help 
review it.

Best regards,
Tianjia
diff mbox series

Patch

diff --git a/src/libimaevm.c b/src/libimaevm.c
index fa6c278..589dd09 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -518,6 +518,16 @@  static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
 		return -1;
 	}
 
+#ifdef EVP_PKEY_SM2
+	/* If EC key are used, check whether it is SM2 key */
+	if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
+		EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+		int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+		if (curve == NID_sm2)
+			EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+	}
+#endif
+
 	st = "EVP_PKEY_CTX_new";
 	if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
 		goto err;
@@ -932,6 +942,16 @@  static int sign_hash_v2(const char *algo, const unsigned char *hash,
 		return -1;
 	}
 
+#ifdef EVP_PKEY_SM2
+	/* If EC key are used, check whether it is SM2 key */
+	if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
+		EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+		int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+		if (curve == NID_sm2)
+			EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+	}
+#endif
+
 	calc_keyid_v2(&keyid, name, pkey);
 	hdr->keyid = keyid;
 
diff --git a/tests/gen-keys.sh b/tests/gen-keys.sh
index 46130cf..a75dc2e 100755
--- a/tests/gen-keys.sh
+++ b/tests/gen-keys.sh
@@ -112,6 +112,28 @@  for m in \
     fi
 done
 
+# SM2
+for curve in sm2; do
+  if [ "$1" = clean ] || [ "$1" = force ]; then
+    rm -f test-$curve.cer test-$curve.key test-$curve.pub
+  fi
+  if [ "$1" = clean ]; then
+    continue
+  fi
+  if [ ! -e test-$curve.key ]; then
+    log openssl req -verbose -new -nodes -utf8 -days 10000 -batch -x509 \
+      -sm3 -sigopt "distid:1234567812345678" \
+      -config test-ca.conf \
+      -copy_extensions copyall \
+      -newkey $curve \
+      -out test-$curve.cer -outform DER \
+      -keyout test-$curve.key
+    if [ -s test-$curve.key ]; then
+      log openssl pkey -in test-$curve.key -out test-$curve.pub -pubout
+    fi
+  fi
+done
+
 # This script leaves test-ca.conf, *.cer, *.pub, *.key files for sing/verify tests.
 # They are never deleted except by `make distclean'.
 
diff --git a/tests/ima_hash.test b/tests/ima_hash.test
index 8d66e59..46de4c9 100755
--- a/tests/ima_hash.test
+++ b/tests/ima_hash.test
@@ -70,8 +70,7 @@  expect_pass check  sha256     0x0404 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649
 expect_pass check  sha384     0x0405 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
 expect_pass check  sha512     0x0406 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
 expect_pass check  rmd160     0x0403 9c1185a5c5e9fc54612808977ee8f548b2258d31
-expect_fail check  sm3        0x01
-expect_fail check  sm3-256    0x01
+expect_pass check  sm3        0x01 1ab21d8355cfa17f8e61194831e81a8f22bec8c728fefb747ed035eb5082aa2b
 _enable_gost_engine
 expect_pass check  md_gost12_256 0x0412 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
 expect_pass check  streebog256   0x0412 3f539a213e97c802cc229d474c6aa32a825a360b2a933a949fd925208d9ce1bb
diff --git a/tests/sign_verify.test b/tests/sign_verify.test
index 3d7aa51..7ad2d96 100755
--- a/tests/sign_verify.test
+++ b/tests/sign_verify.test
@@ -387,6 +387,8 @@  sign_verify  prime256v1 sha256 0x030204:K:004[345678]
 sign_verify  prime256v1 sha384 0x030205:K:004[345678]
 sign_verify  prime256v1 sha512 0x030206:K:004[345678]
 
+sign_verify  sm2        sm3    0x030211:K:004[345678]
+
 # Test v2 signatures with EC-RDSA
 _enable_gost_engine
 sign_verify  gost2012_256-A md_gost12_256 0x030212:K:0040