Open sunriseup opened 3 months ago
emmansun
commented
3 months ago 严格按《GB/T 35275-2017 信息安全技术 SM2密码算法加密签名消息语法规范》来讲,国密SignedData里的DigestAlgorithmIdentifiers的值只能是SM3的OID,也就是1.2.156.10197.1.401。有些实现兼容性好一点,就算这里放了SM2Sign-with-SM3,也就是1.2.156.10197.1.501的话,也能解析。
sunriseup
commented
3 months ago It is actually A correct Signature algorithm sm2-with-sm3, but gmssl cmsparse just failed to treat it. I further run it on some other data, got similar error:
gmssl cmsparse -in cms-signed.pem CMS Unknown OID: (unknown) (1.2.840.113549.1.7.2) /GmSSL/src/asn1.c:1239:asn1_oid_info_from_der(): /GmSSL/src/cms.c:96:cms_content_type_from_der(): /GmSSL/src/cms.c:254:cms_content_info_print(): The following is the content: -----BEGIN CMS----- MIIHewYJKoZIhvcNAQcCoIIHbDCCB2gCAQExDTALBglghkgBZQMEAgEwQQYJKoZI hvcNAQcBoDQEMlRoaXMgaXMgdGhlIG1lc3NhZ2UgdG8gZW5jYXBzdWxhdGUgaW4g UEtDUyM3L0NNUw0KoIIEyzCCBMcwggOvoAMCAQICCQC95dmkEDFcgjANBgkqhkiG 9w0BAQsFADCBnTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMx EDAOBgNVBAcTB05ld2J1cnkxHjAcBgNVBAoTFUNvZGV4IE5vbiBTdWZmaWNpdCBM QzEQMA4GA1UECxMHVGVzdGluZzESMBAGA1UEAxMJV2lsbCBCb25kMR4wHAYJKoZI hvcNAQkBFg93aWxsQGNvZGV4bnMuaW8wHhcNMTUwNTA2MTQzNzE2WhcNMjUwNTAz MTQzNzE2WjCBnTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMx EDAOBgNVBAcTB05ld2J1cnkxHjAcBgNVBAoTFUNvZGV4IE5vbiBTdWZmaWNpdCBM QzEQMA4GA1UECxMHVGVzdGluZzESMBAGA1UEAxMJV2lsbCBCb25kMR4wHAYJKoZI hvcNAQkBFg93aWxsQGNvZGV4bnMuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC9WygHdOLmSiwCKr1Q3ngXquxQNn6UucZFnKh22q87w9f/xBv5AkIq ya99Np7rIyRcXY4t2lQ0Rj8dPllsBmo8vpNr2JtLe5kj/25lRgjNOqH7w2VDFldS 3eEsiJx67ktUI+MR5Qe/2fpgFmKQrnZgBSCRILZRw83s6rupCxFTQdZWyx/pTzcr p8FwvRUmFoXpIwMgWn5RQZKEFfdI137kxuz4dJuAwH2Z+Z+a/2Kb5ihA5D5GltZg LfKnpeG/EZJQIfLfL00n70Lk3ssNxhXCnuyspihyGgw8cMJwC3xljWt7e2KFWT/X 1a4IZEe9wwQpxyMdtrgx1E5MAZiHVC9fAgMBAAGjggEGMIIBAjAdBgNVHQ4EFgQU vkKFPcz/4/koAo9+WFa0/QNc6kswgdIGA1UdIwSByjCBx4AUvkKFPcz/4/koAo9+ WFa0/QNc6kuhgaOkgaAwgZ0xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNo dXNldHRzMRAwDgYDVQQHEwdOZXdidXJ5MR4wHAYDVQQKExVDb2RleCBOb24gU3Vm ZmljaXQgTEMxEDAOBgNVBAsTB1Rlc3RpbmcxEjAQBgNVBAMTCVdpbGwgQm9uZDEe MBwGCSqGSIb3DQEJARYPd2lsbEBjb2RleG5zLmlvggkAveXZpBAxXIIwDAYDVR0T BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAP+X5r1kjEVqg+iWpaza90moqOfnP y88W0O5GWV9RB+QaPr4Q+j37Opa4cxOTlUvOrDiLT07U9ikCBNME8TX1/cEM43pB +ENrGUaVmiryunB/mM6lCp9w4iAqbvL2ruMBw65X1fwtl4Sn+buaiAfksjoRg6Pl 4WNHI4IfxUtv/9f6hsa38U3jh8aETeWB+MijRjWqS91xfrracFRXXZkkVFgga+xa H/USZczwnFT/7L0wFw4v8nYR3rzxK9taGKl9CpySWtCbycfdivGChU1Y9seTzwp/ as3uQv0XvyRWwiLsKu5HF91kEXfkvcx27Rv+INw5xom3XM0sPedvX2WcNzGCAkAw ggI8AgEBMIGrMIGdMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0 czEQMA4GA1UEBxMHTmV3YnVyeTEeMBwGA1UEChMVQ29kZXggTm9uIFN1ZmZpY2l0 IExDMRAwDgYDVQQLEwdUZXN0aW5nMRIwEAYDVQQDEwlXaWxsIEJvbmQxHjAcBgkq hkiG9w0BCQEWD3dpbGxAY29kZXhucy5pbwIJAL3l2aQQMVyCMAsGCWCGSAFlAwQC AaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1 MDUzMDEzMTIyOVowLwYJKoZIhvcNAQkEMSIEIKEw4oeQWlgVekRUerm8rtMA8+w+ l/8DIHk0nWKqIKUdMA0GCSqGSIb3DQEBAQUABIIBAAq+nsctzfEj50rHoCybqWR9 ztPUTDiyluwCBckipKeADQV3UiWe5ZmQrH0u7ZmOGRGgEHmQLULuvU7pjWE82n8M i575Gq3jiwEZyjK6M1lNcsqwMGxozazxQiXWptC8AT1rAeGh00UulGMAOE1Bepdy 0ermLsgLcxDDLxj/k5OgfIiaj8f6gUHmL1VwoAM0uPvW4b89M7vhBm9DzIOombVH zst7AFXuQDpwYd+sNxT7+L9Fx0G40S1tnePw9z7mRBDYgXl9lhDJmm/E2YMD6rTa 933g/T2wb2l8NSl73syc7S6JPU4plUKO7orSBdnDsUqZMx+IyiV/bMVs4d1yocw= -----END CMS-----
emmansun
commented
3 months ago 看起来本项目只支持国密CMS,也就是《GB/T 35275-2017 信息安全技术 SM2密码算法加密签名消息语法规范》中定义的OID,不支持国际标准。
sunriseup
commented
3 months ago gmssl should just parse and print it if it failed to recognize it.
emmansun
commented
3 months ago gmssl should just parse and print it if it failed to recognize it.
这应该是项目定位问题,它不是一个通用的ASN.1数据Parse工具,无可厚非。
sunriseup
commented
3 months ago I deleted some codes :
if (*info == NULL) { asn1_object_identifier_print(stderr, 0, 0, "Unknown OID", NULL, nodes, nodes_cnt); error_print(); return -1; }
built and run on the same pem file, got the following result
GmSSL/src/asn1.c:1932:asn1_length_is_zero(): GmSSL/src/x509_alg.c:119:x509_digest_algor_from_der(): GmSSL/src/x509_alg.c:46:x509_digest_algor_name(): digestAlgorithm: (null) digestEncryptionAlgorithm algorithm: sm2sign-with-sm3 encryptedDigest: 304402205570D14D79F0411C5AFB3AD401E0D8A8D7E42C3051B8179E299647245CA0D13002204E06ACCAA61EAE79C78EB25466055A394546D3BA5C8DFF77B775096B3188ACB9
when I run "gmssl cmsparse " on a pkcs 7 formated signature, I got output of Unknown OID: (unknown) (1.2.156.10197.1.501) E:\Download\GmSSL-master\src\asn1.c:1239:asn1_oid_info_from_der(): E:\Download\GmSSL-master\src\x509_alg.c:119:x509_digest_algor_from_der(): E:\Download\GmSSL-master\src\cms.c:926:cms_digest_algors_print(): The problem is that the give signature is malformed not sticking to GB/T 35275(thank emmansun ) , and concurrently gmssl is strict to the format. The signature took a signature oid (1.2.156.10197.1.501) as an hash oid (1.2.156.10197.1.401), and gmssl just parsed it as wrong. I suggest gmssl be more adaptive to such inconsistence.