Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unknown OID was met when running cmsparse #1701

Open
sunriseup opened this issue Jun 19, 2024 · 6 comments
Open

unknown OID was met when running cmsparse #1701

sunriseup opened this issue Jun 19, 2024 · 6 comments

Comments

@sunriseup
Copy link

sunriseup commented Jun 19, 2024
edited
Loading

when I run "gmssl cmsparse " on a pkcs 7 formated signature, I got output of
Unknown OID: (unknown) (1.2.156.10197.1.501)
E:\Download\GmSSL-master\src\asn1.c:1239:asn1_oid_info_from_der():
E:\Download\GmSSL-master\src\x509_alg.c:119:x509_digest_algor_from_der():
E:\Download\GmSSL-master\src\cms.c:926:cms_digest_algors_print():
The problem is that the give signature is malformed not sticking to GB/T 35275(thank emmansun ) ,
and concurrently gmssl is strict to the format. The signature took a signature oid (1.2.156.10197.1.501) as an hash oid (1.2.156.10197.1.401), and gmssl just parsed it as wrong.
I suggest gmssl be more adaptive to such inconsistence.
@emmansun
Copy link

严格按《GB/T 35275-2017 信息安全技术 SM2密码算法加密签名消息语法规范》来讲,国密SignedData里的DigestAlgorithmIdentifiers的值只能是SM3的OID,也就是1.2.156.10197.1.401。有些实现兼容性好一点,就算这里放了SM2Sign-with-SM3,也就是1.2.156.10197.1.501的话,也能解析。

@sunriseup
Copy link
Author

It is actually A correct Signature algorithm sm2-with-sm3, but gmssl cmsparse just failed to treat it.
I further run it on some other data, got similar error:

gmssl cmsparse -in cms-signed.pem
CMS
Unknown OID: (unknown) (1.2.840.113549.1.7.2)
/GmSSL/src/asn1.c:1239:asn1_oid_info_from_der():
/GmSSL/src/cms.c:96:cms_content_type_from_der():
/GmSSL/src/cms.c:254:cms_content_info_print():
The following is the content:
-----BEGIN CMS-----
MIIHewYJKoZIhvcNAQcCoIIHbDCCB2gCAQExDTALBglghkgBZQMEAgEwQQYJKoZI
hvcNAQcBoDQEMlRoaXMgaXMgdGhlIG1lc3NhZ2UgdG8gZW5jYXBzdWxhdGUgaW4g
UEtDUyM3L0NNUw0KoIIEyzCCBMcwggOvoAMCAQICCQC95dmkEDFcgjANBgkqhkiG
9w0BAQsFADCBnTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMx
EDAOBgNVBAcTB05ld2J1cnkxHjAcBgNVBAoTFUNvZGV4IE5vbiBTdWZmaWNpdCBM
QzEQMA4GA1UECxMHVGVzdGluZzESMBAGA1UEAxMJV2lsbCBCb25kMR4wHAYJKoZI
hvcNAQkBFg93aWxsQGNvZGV4bnMuaW8wHhcNMTUwNTA2MTQzNzE2WhcNMjUwNTAz
MTQzNzE2WjCBnTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMx
EDAOBgNVBAcTB05ld2J1cnkxHjAcBgNVBAoTFUNvZGV4IE5vbiBTdWZmaWNpdCBM
QzEQMA4GA1UECxMHVGVzdGluZzESMBAGA1UEAxMJV2lsbCBCb25kMR4wHAYJKoZI
hvcNAQkBFg93aWxsQGNvZGV4bnMuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC9WygHdOLmSiwCKr1Q3ngXquxQNn6UucZFnKh22q87w9f/xBv5AkIq
ya99Np7rIyRcXY4t2lQ0Rj8dPllsBmo8vpNr2JtLe5kj/25lRgjNOqH7w2VDFldS
3eEsiJx67ktUI+MR5Qe/2fpgFmKQrnZgBSCRILZRw83s6rupCxFTQdZWyx/pTzcr
p8FwvRUmFoXpIwMgWn5RQZKEFfdI137kxuz4dJuAwH2Z+Z+a/2Kb5ihA5D5GltZg
LfKnpeG/EZJQIfLfL00n70Lk3ssNxhXCnuyspihyGgw8cMJwC3xljWt7e2KFWT/X
1a4IZEe9wwQpxyMdtrgx1E5MAZiHVC9fAgMBAAGjggEGMIIBAjAdBgNVHQ4EFgQU
vkKFPcz/4/koAo9+WFa0/QNc6kswgdIGA1UdIwSByjCBx4AUvkKFPcz/4/koAo9+
WFa0/QNc6kuhgaOkgaAwgZ0xCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNo
dXNldHRzMRAwDgYDVQQHEwdOZXdidXJ5MR4wHAYDVQQKExVDb2RleCBOb24gU3Vm
ZmljaXQgTEMxEDAOBgNVBAsTB1Rlc3RpbmcxEjAQBgNVBAMTCVdpbGwgQm9uZDEe
MBwGCSqGSIb3DQEJARYPd2lsbEBjb2RleG5zLmlvggkAveXZpBAxXIIwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAP+X5r1kjEVqg+iWpaza90moqOfnP
y88W0O5GWV9RB+QaPr4Q+j37Opa4cxOTlUvOrDiLT07U9ikCBNME8TX1/cEM43pB
+ENrGUaVmiryunB/mM6lCp9w4iAqbvL2ruMBw65X1fwtl4Sn+buaiAfksjoRg6Pl
4WNHI4IfxUtv/9f6hsa38U3jh8aETeWB+MijRjWqS91xfrracFRXXZkkVFgga+xa
H/USZczwnFT/7L0wFw4v8nYR3rzxK9taGKl9CpySWtCbycfdivGChU1Y9seTzwp/
as3uQv0XvyRWwiLsKu5HF91kEXfkvcx27Rv+INw5xom3XM0sPedvX2WcNzGCAkAw
ggI8AgEBMIGrMIGdMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0
czEQMA4GA1UEBxMHTmV3YnVyeTEeMBwGA1UEChMVQ29kZXggTm9uIFN1ZmZpY2l0
IExDMRAwDgYDVQQLEwdUZXN0aW5nMRIwEAYDVQQDEwlXaWxsIEJvbmQxHjAcBgkq
hkiG9w0BCQEWD3dpbGxAY29kZXhucy5pbwIJAL3l2aQQMVyCMAsGCWCGSAFlAwQC
AaBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1
MDUzMDEzMTIyOVowLwYJKoZIhvcNAQkEMSIEIKEw4oeQWlgVekRUerm8rtMA8+w+
l/8DIHk0nWKqIKUdMA0GCSqGSIb3DQEBAQUABIIBAAq+nsctzfEj50rHoCybqWR9
ztPUTDiyluwCBckipKeADQV3UiWe5ZmQrH0u7ZmOGRGgEHmQLULuvU7pjWE82n8M
i575Gq3jiwEZyjK6M1lNcsqwMGxozazxQiXWptC8AT1rAeGh00UulGMAOE1Bepdy
0ermLsgLcxDDLxj/k5OgfIiaj8f6gUHmL1VwoAM0uPvW4b89M7vhBm9DzIOombVH
zst7AFXuQDpwYd+sNxT7+L9Fx0G40S1tnePw9z7mRBDYgXl9lhDJmm/E2YMD6rTa
933g/T2wb2l8NSl73syc7S6JPU4plUKO7orSBdnDsUqZMx+IyiV/bMVs4d1yocw=
-----END CMS-----

@emmansun
Copy link

看起来本项目只支持国密CMS,也就是《GB/T 35275-2017 信息安全技术 SM2密码算法加密签名消息语法规范》中定义的OID,不支持国际标准。

@sunriseup
Copy link
Author

gmssl should just parse and print it if it failed to recognize it.

@emmansun
Copy link

gmssl should just parse and print it if it failed to recognize it.

这应该是项目定位问题,它不是一个通用的ASN.1数据Parse工具,无可厚非。

@sunriseup
Copy link
Author

sunriseup commented Jun 20, 2024
edited
Loading

I deleted some codes :
if (*info == NULL) { asn1_object_identifier_print(stderr, 0, 0, "Unknown OID", NULL, nodes, nodes_cnt); error_print(); return -1; }
built and run on the same pem file, got the following result

GmSSL/src/asn1.c:1932:asn1_length_is_zero():
GmSSL/src/x509_alg.c:119:x509_digest_algor_from_der():
GmSSL/src/x509_alg.c:46:x509_digest_algor_name():
digestAlgorithm: (null)
digestEncryptionAlgorithm
algorithm: sm2sign-with-sm3
encryptedDigest: 304402205570D14D79F0411C5AFB3AD401E0D8A8D7E42C3051B8179E299647245CA0D13002204E06ACCAA61EAE79C78EB25466055A394546D3BA5C8DFF77B775096B3188ACB9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emmansun @sunriseup