From 3f1679b26101561ae6974e450b0c8876ece152c6 Mon Sep 17 00:00:00 2001 From: Pauli Date: Fri, 28 Jun 2019 00:02:00 +1000 Subject: [PATCH] Add OIDs for kmac128, kmac256 and blake2. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9277) --- crypto/objects/obj_dat.h | 24 +++++++++++++++-------- crypto/objects/objects.txt | 16 +++++++-------- fuzz/oids.txt | 4 ++++ include/openssl/obj_mac.h | 40 +++++++++++++++++++++----------------- 4 files changed, 50 insertions(+), 34 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 876bab2a7f..5c47d6bd81 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7775] = { +static const unsigned char so[7813] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1077,7 +1077,11 @@ static const unsigned char so[7775] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C, /* [ 7745] OBJ_hmacWithSHA512_224 */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ 0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7766] OBJ_SM2_with_SM3 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x13, /* [ 7766] OBJ_kmac128 */ + 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x14, /* [ 7775] OBJ_kmac256 */ + 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01, /* [ 7784] OBJ_blake2bmac */ + 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02, /* [ 7794] OBJ_blake2smac */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7804] OBJ_SM2_with_SM3 */ }; #define NUM_NID 1207 @@ -2278,15 +2282,15 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, {"GMAC", "gmac", NID_gmac, 5, &so[7761]}, - {"KMAC128", "kmac128", NID_kmac128}, - {"KMAC256", "kmac256", NID_kmac256}, + {"KMAC128", "kmac128", NID_kmac128, 9, &so[7766]}, + {"KMAC256", "kmac256", NID_kmac256, 9, &so[7775]}, {"AES-128-SIV", "aes-128-siv", NID_aes_128_siv}, {"AES-192-SIV", "aes-192-siv", NID_aes_192_siv}, {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv}, - {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac}, - {"BLAKE2SMAC", "blake2smac", NID_blake2smac}, + {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac, 10, &so[7784]}, + {"BLAKE2SMAC", "blake2smac", NID_blake2smac, 10, &so[7794]}, {"SSHKDF", "sshkdf", NID_sshkdf}, - {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7766]}, + {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7804]}, {"SSKDF", "sskdf", NID_sskdf}, {"X963KDF", "x963kdf", NID_x963kdf}, }; @@ -4695,7 +4699,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1073 +#define NUM_OBJ 1077 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5547,6 +5551,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1103, /* OBJ_hmac_sha3_256 2 16 840 1 101 3 4 2 14 */ 1104, /* OBJ_hmac_sha3_384 2 16 840 1 101 3 4 2 15 */ 1105, /* OBJ_hmac_sha3_512 2 16 840 1 101 3 4 2 16 */ + 1196, /* OBJ_kmac128 2 16 840 1 101 3 4 2 19 */ + 1197, /* OBJ_kmac256 2 16 840 1 101 3 4 2 20 */ 802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ 803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ 1106, /* OBJ_dsa_with_SHA384 2 16 840 1 101 3 4 3 3 */ @@ -5664,6 +5670,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ + 1201, /* OBJ_blake2bmac 1 3 6 1 4 1 1722 12 2 1 */ + 1202, /* OBJ_blake2smac 1 3 6 1 4 1 1722 12 2 2 */ 951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ 952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ 953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 566438948f..dcdfa903c5 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -14,12 +14,6 @@ iso 3 : identified-organization # GMAC OID iso 0 9797 3 4 : GMAC : gmac -# There are no OIDs for these yet... - : KMAC128 : kmac128 - : KMAC256 : kmac256 - : BLAKE2BMAC : blake2bmac - : BLAKE2SMAC : blake2smac - # HMAC OIDs identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5 identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1 @@ -709,8 +703,10 @@ algorithm 29 : RSA-SHA1-2 : sha1WithRSA 1 3 36 3 2 1 : RIPEMD160 : ripemd160 1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA -1 3 6 1 4 1 1722 12 2 1 16 : BLAKE2b512 : blake2b512 -1 3 6 1 4 1 1722 12 2 2 8 : BLAKE2s256 : blake2s256 +1 3 6 1 4 1 1722 12 2 1 : BLAKE2BMAC : blake2bmac +1 3 6 1 4 1 1722 12 2 2 : BLAKE2SMAC : blake2smac +blake2bmac 16 : BLAKE2b512 : blake2b512 +blake2smac 8 : BLAKE2s256 : blake2s256 !Cname sxnet 1 3 101 1 4 1 : SXNetID : Strong Extranet ID @@ -987,6 +983,10 @@ nist_hashalgs 16 : id-hmacWithSHA3-512 : hmac-sha3-512 # how to handle them... # nist_hashalgs 17 : id-shake128-len : shake128-len # nist_hashalgs 18 : id-shake256-len : shake256-len +nist_hashalgs 19 : KMAC128 : kmac128 +nist_hashalgs 20 : KMAC256 : kmac256 +# nist_hashalgs 21 : KMAC128-XOF : kmac128-xof +# nist_hashalgs 22 : KMAC256-XOF : kmac256-xof # OIDs for dsa-with-sha224 and dsa-with-sha256 !Alias dsa_with_sha2 nistAlgorithms 3 diff --git a/fuzz/oids.txt b/fuzz/oids.txt index bd38a04d58..f0ff67766d 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1064,4 +1064,8 @@ OBJ_id_tc26_gost_3410_2012_256_paramSetD="\x2A\x85\x03\x07\x01\x02\x01\x01\x04" OBJ_hmacWithSHA512_224="\x2A\x86\x48\x86\xF7\x0D\x02\x0C" OBJ_hmacWithSHA512_256="\x2A\x86\x48\x86\xF7\x0D\x02\x0D" OBJ_gmac="\x28\xCC\x45\x03\x04" +OBJ_kmac128="\x60\x86\x48\x01\x65\x03\x04\x02\x13" +OBJ_kmac256="\x60\x86\x48\x01\x65\x03\x04\x02\x14" +OBJ_blake2bmac="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x01" +OBJ_blake2smac="\x2B\x06\x01\x04\x01\x8D\x3A\x0C\x02\x02" OBJ_SM2_with_SM3="\x2A\x81\x1C\xCF\x55\x01\x83\x75" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 147bad12db..3657f43089 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -49,22 +49,6 @@ #define NID_gmac 1195 #define OBJ_gmac OBJ_iso,0L,9797L,3L,4L -#define SN_kmac128 "KMAC128" -#define LN_kmac128 "kmac128" -#define NID_kmac128 1196 - -#define SN_kmac256 "KMAC256" -#define LN_kmac256 "kmac256" -#define NID_kmac256 1197 - -#define SN_blake2bmac "BLAKE2BMAC" -#define LN_blake2bmac "blake2bmac" -#define NID_blake2bmac 1201 - -#define SN_blake2smac "BLAKE2SMAC" -#define LN_blake2smac "blake2smac" -#define NID_blake2smac 1202 - #define SN_hmac_md5 "HMAC-MD5" #define LN_hmac_md5 "hmac-md5" #define NID_hmac_md5 780 @@ -2139,15 +2123,25 @@ #define NID_ripemd160WithRSA 119 #define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L +#define SN_blake2bmac "BLAKE2BMAC" +#define LN_blake2bmac "blake2bmac" +#define NID_blake2bmac 1201 +#define OBJ_blake2bmac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L + +#define SN_blake2smac "BLAKE2SMAC" +#define LN_blake2smac "blake2smac" +#define NID_blake2smac 1202 +#define OBJ_blake2smac 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L + #define SN_blake2b512 "BLAKE2b512" #define LN_blake2b512 "blake2b512" #define NID_blake2b512 1056 -#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L +#define OBJ_blake2b512 OBJ_blake2bmac,16L #define SN_blake2s256 "BLAKE2s256" #define LN_blake2s256 "blake2s256" #define NID_blake2s256 1057 -#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L +#define OBJ_blake2s256 OBJ_blake2smac,8L #define SN_sxnet "SXNetID" #define LN_sxnet "Strong Extranet ID" @@ -2997,6 +2991,16 @@ #define NID_hmac_sha3_512 1105 #define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L +#define SN_kmac128 "KMAC128" +#define LN_kmac128 "kmac128" +#define NID_kmac128 1196 +#define OBJ_kmac128 OBJ_nist_hashalgs,19L + +#define SN_kmac256 "KMAC256" +#define LN_kmac256 "kmac256" +#define NID_kmac256 1197 +#define OBJ_kmac256 OBJ_nist_hashalgs,20L + #define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L #define SN_dsa_with_SHA224 "dsa_with_SHA224"