packages/libxcrypt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add sm3 test case

Browse Source
This commit is contained in:
houmingyong 2021-12-28 09:26:42 +08:00
parent fe2f6ee76c
commit 7c6f343783
2 changed files with 365 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

372
add-sm3-crypt-support.patch
View File

@ -1,23 +1,33 @@
From 2841c1affb1409db13e0da2d5177f5bbf35d4d8d Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
From 8355e6e90c12051e0f44857db71d40aef00f9af9 Mon Sep 17 00:00:00 2001
From: houmingyong <houmingyong@huawei.com>
Date: Mon, 27 Dec 2021 16:01:26 +0800
Subject: [PATCH] add sm3 crypt support
---
Makefile.am | 3 +
lib/alg-sm3.c | 408 ++++++++++++++++++++++++++++++++++++++++++++
lib/alg-sm3.h | 62 +++++++
lib/crypt-port.h | 9 +-
lib/crypt-sm3.c | 357 ++++++++++++++++++++++++++++++++++++++
lib/hashes.conf | 1 +
libxcrypt.spec.rpkg | 2 +-
7 files changed, 840 insertions(+), 2 deletions(-)
Makefile.am | 7 +
README.md | 4 +-
doc/crypt.5 | 8 +
lib/alg-sm3.c | 408 +++++++++++++++++++++++++++++++++++++++
lib/alg-sm3.h | 62 ++++++
lib/crypt-port.h | 9 +-
lib/crypt-sm3.c | 357 ++++++++++++++++++++++++++++++++++
lib/hashes.conf | 1 +
libxcrypt.spec.rpkg | 2 +-
test/alg-sm3.c | 124 ++++++++++++
test/badsalt.c | 12 ++
test/badsetting.c | 9 +
test/checksalt.c | 5 +
test/crypt-badargs.c | 4 +
test/gensalt-extradata.c | 3 +
test/gensalt.c | 38 +++-
16 files changed, 1048 insertions(+), 5 deletions(-)
create mode 100644 lib/alg-sm3.c
create mode 100644 lib/alg-sm3.h
create mode 100644 lib/crypt-sm3.c
create mode 100644 test/alg-sm3.c
diff --git a/Makefile.am b/Makefile.am
index 430115a..a886f91 100644
index 430115a..936e0c1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -74,6 +74,7 @@ noinst_HEADERS = \
@ -44,6 +54,65 @@ index 430115a..a886f91 100644
lib/crypt-sha512.c \
lib/crypt-static.c \
lib/crypt-sunmd5.c \
@@ -329,6 +332,7 @@ check_PROGRAMS = \
test/alg-pbkdf-hmac-sha256 \
test/alg-sha1 \
test/alg-sha256 \
+ test/alg-sm3 \
test/alg-sha512 \
test/alg-yescrypt \
test/badsalt \
@@ -520,6 +524,9 @@ test_crypt_gost_yescrypt_LDADD = \
lib/libcrypt_la-alg-yescrypt-opt.lo \
lib/libcrypt_la-crypt-yescrypt.lo \
$(COMMON_TEST_OBJECTS)
+test_alg_sm3_LDADD = \
+ lib/libcrypt_la-alg-sm3.lo \
+ $(COMMON_TEST_OBJECTS)
test_getrandom_interface_LDADD = \
lib/libcrypt_la-randombytes.lo \
diff --git a/README.md b/README.md
index d0197a0..cf11e86 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ README for libxcrypt
libxcrypt is a modern library for one-way hashing of passwords. It
supports a wide variety of both modern and historical hashing methods:
-yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt,
+yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt, sm3crypt
md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.
It provides the traditional Unix `crypt` and `crypt_r` interfaces, as
well as a set of extended interfaces pioneered by Openwall Linux,
@@ -163,7 +163,7 @@ returns `$3$`.
glibcs libcrypt could optionally be configured to use Mozillas NSS
librarys implementations of the cryptographic primitives md5crypt,
-sha256crypt, and sha512crypt. This option is not available in
+sha256crypt, sm3crypt and sha512crypt. This option is not available in
libxcrypt, because we do not currently believe it is a desirable
option. The stated rationale for the option was to source all
cryptographic primitives from a library that has undergone FIPS
diff --git a/doc/crypt.5 b/doc/crypt.5
index 6aaf937..dce9c3f 100644
--- a/doc/crypt.5
+++ b/doc/crypt.5
@@ -218,6 +218,14 @@ Acceptable for new hashes.
The default CPU time cost parameter is 5000,
which is too low for modern hardware.
.hash "$5$" "\e$5\e$(rounds=[1-9][0-9]+\e$)?[^$:\(rsn]{1,16}\e$[./0-9A-Za-z]{43}" unlimited 8 256 256 "6 to 96" "1000 to 999,999,999"
+.Ss sm3crypt
+A hash based on SM3 with 256-bit output,
+originally developed by Ribose for OpenSSL.
+Supported on Linux but not common elsewhere.
+Acceptable for new hashes.
+The default CPU time cost parameter is 5000,
+which is too low for modern hardware.
+.hash "$sm3$" "\e$sm3\e$(rounds=[1-9][0-9]+\e$)?[./0-9A-Za-z]{1,16}\e$[./0-9A-Za-z]{43}" unlimited 8 256 256 "6 to 96" "1000 to 999,999,999"
.Ss sha1crypt
A hash based on HMAC-SHA1.
Originally developed by Simon Gerraty for NetBSD.
diff --git a/lib/alg-sm3.c b/lib/alg-sm3.c
new file mode 100644
index 0000000..68d9f7c
@ -941,6 +1010,287 @@ index 12216a6..dc3bd8e 100644
md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.
It provides the traditional Unix crypt and crypt_r interfaces, as well
as a set of extended interfaces pioneered by Openwall Linux, crypt_rn,
diff --git a/test/alg-sm3.c b/test/alg-sm3.c
new file mode 100644
index 0000000..910a7dd
--- /dev/null
+++ b/test/alg-sm3.c
@@ -0,0 +1,124 @@
+#include "crypt-port.h"
+#include "alg-sm3.h"
+
+#include <stdio.h>
+
+#if INCLUDE_sm3crypt
+
+static const struct
+{
+ const char *input;
+ const char result[32];
+} tests[] =
+{
+ /* Test vectors from FIPS 180-2: appendix B.1. */
+ {
+ "abc",
+ "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2"
+ "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0"
+ },
+ /* Test vectors from FIPS 180-2: appendix B.2. */
+ {
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1\xea"
+ "\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b\x8c\x05"
+ },
+ /* Test vectors from the NESSIE project. */
+ {
+ "",
+ "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f\x8e\x61\x19\x48\x31\xe8\x1a\x8f"
+ "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74\x7e\xd0\x35\xeb\x50\x82\xaa\x2b"
+ },
+ {
+ "a",
+ "\x62\x34\x76\xac\x18\xf6\x5a\x29\x09\xe4\x3c\x7f\xec\x61\xb4\x9c"
+ "\x7e\x76\x4a\x91\xa1\x8c\xcb\x82\xf1\x91\x7a\x29\xc8\x6c\x5e\x88"
+ },
+ {
+ "message digest",
+ "\xc5\x22\xa9\x42\xe8\x9b\xd8\x0d\x97\xdd\x66\x6e\x7a\x55\x31\xb3"
+ "\x61\x88\xc9\x81\x71\x49\xe9\xb2\x58\xdf\xe5\x1e\xce\x98\xed\x77"
+ },
+ {
+ "abcdefghijklmnopqrstuvwxyz",
+ "\xb8\x0f\xe9\x7a\x4d\xa2\x4a\xfc\x27\x75\x64\xf6\x6a\x35\x9e\xf4"
+ "\x40\x46\x2a\xd2\x8d\xcc\x6d\x63\xad\xb2\x4d\x5c\x20\xa6\x15\x95"
+ },
+ {
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ "\x29\x71\xd1\x0c\x88\x42\xb7\x0c\x97\x9e\x55\x06\x34\x80\xc5\x0b"
+ "\xac\xff\xd9\x0e\x98\xe2\xe6\x0d\x25\x12\xab\x8a\xbf\xdf\xce\xc5"
+ },
+ {
+ "123456789012345678901234567890123456789012345678901234567890"
+ "12345678901234567890",
+ "\xad\x81\x80\x53\x21\xf3\xe6\x9d\x25\x12\x35\xbf\x88\x6a\x56\x48"
+ "\x44\x87\x3b\x56\xdd\x7d\xde\x40\x0f\x05\x5b\x7d\xde\x39\x30\x7a"
+ }
+};
+
+
+static void
+report_failure(int n, const char *tag,
+ const char expected[32], uint8_t actual[32])
+{
+ int i;
+ printf ("FAIL: test %d (%s):\n exp:", n, tag);
+ for (i = 0; i < 32; i++)
+ {
+ if (i % 4 == 0)
+ putchar (' ');
+ printf ("%02x", (unsigned int)(unsigned char)expected[i]);
+ }
+ printf ("\n got:");
+ for (i = 0; i < 32; i++)
+ {
+ if (i % 4 == 0)
+ putchar (' ');
+ printf ("%02x", (unsigned int)(unsigned char)actual[i]);
+ }
+ putchar ('\n');
+ putchar ('\n');
+}
+
+int
+main (void)
+{
+ SM3_CTX ctx;
+ uint8_t sum[32];
+ int result = 0;
+ int cnt;
+ int i;
+
+ for (cnt = 0; cnt < (int) ARRAY_SIZE (tests); ++cnt)
+ {
+ SM3_Buf (tests[cnt].input, strlen (tests[cnt].input), sum);
+ if (memcmp (tests[cnt].result, sum, 32) != 0)
+ {
+ report_failure (cnt, "all at once", tests[cnt].result, sum);
+ result = 1;
+ }
+
+ SM3_Init (&ctx);
+ for (i = 0; tests[cnt].input[i] != '\0'; ++i)
+ SM3_Update (&ctx, &tests[cnt].input[i], 1);
+ SM3_Final (sum, &ctx);
+ if (memcmp (tests[cnt].result, sum, 32) != 0)
+ {
+ report_failure (cnt, "byte by byte", tests[cnt].result, sum);
+ result = 1;
+ }
+ }
+
+ return result;
+}
+
+#else
+
+int
+main (void)
+{
+ return 77; /* UNSUPPORTED */
+}
+
+#endif
diff --git a/test/badsalt.c b/test/badsalt.c
index 803b575..39e3529 100644
--- a/test/badsalt.c
+++ b/test/badsalt.c
@@ -155,6 +155,18 @@ static const struct testcase testcases[] =
{ "*SHA-256 (rounds) invalid rounds 6", 32, "$5$rounds=0100$MJHnaAkegEVYHsFK$" },
{ "*SHA-256 (rounds) invalid rounds 7", 38, "$5$rounds=4294967295$MJHnaAkegEVYHsFK$" },
#endif
+#if INCLUDE_sm3crypt
+ { "SM3 (plain)", 22, "$sm3$MJHnaAkegEVYHsFK$" },
+ { "*SM3 (plain) invalid char", 22, "$sm3$:JHnaAkegEVYHsFK$" },
+ { "SM3 (rounds)", 34, "$sm3$rounds=1000$MJHnaAkegEVYHsFK$" },
+ { "*SM3 (rounds) invalid rounds 1", 34, "$sm3$rounds=:000$MJHnaAkegEVYHsFK$" },
+ { "*SM3 (rounds) invalid rounds 2", 34, "$sm3$rounds=100:$MJHnaAkegEVYHsFK$" },
+ { "*SM3 (rounds) invalid rounds 3", 34, "$sm3$rounds:1000$MJHnaAkegEVYHsFK$" },
+ { "*SM3 (rounds) invalid rounds 4", 30, "$sm3$rounds=$MJHnaAkegEVYHsFK$" },
+ { "*SM3 (rounds) invalid rounds 5", 31, "$sm3$rounds=0$MJHnaAkegEVYHsFK$" },
+ { "*SM3 (rounds) invalid rounds 6", 33, "$sm3$rounds=0100$MJHnaAkegEVYHsFK$" },
+ { "*SM3 (rounds) invalid rounds 7", 40, "$sm3$rounds=4294967295$MJHnaAkegEVYHsFK$" },
+#endif
#if INCLUDE_sha512crypt
{ "SHA-512 (plain)", 20, "$6$MJHnaAkegEVYHsFK$" },
{ "*SHA-512 (plain) invalid char", 20, "$6$:JHnaAkegEVYHsFK$" },
diff --git a/test/badsetting.c b/test/badsetting.c
index 4af151a..0cfc6c5 100644
--- a/test/badsetting.c
+++ b/test/badsetting.c
@@ -101,6 +101,15 @@ static const struct testcase testcases[] =
{ "$5$", 0, 0, 0 },
#endif
+ /* SM3 */
+#if INCLUDE_sm3crypt
+ { "$sm3", 0, 0, 0 }, // truncated prefix
+ { "$sm3$", 0, 2, 0 }, // inadequate rbytes
+ { "$sm3$", 0, 0, 4 }, // inadequate osize
+#else
+ { "$sm3$", 0, 0, 0 },
+#endif
+
/* SHA512 */
#if INCLUDE_sha512crypt
{ "$6", 0, 0, 0 }, // truncated prefix
diff --git a/test/checksalt.c b/test/checksalt.c
index 7575dfd..dab255c 100644
--- a/test/checksalt.c
+++ b/test/checksalt.c
@@ -68,6 +68,11 @@ static const struct testcase testcases[] =
#else
{ "$5$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID },
#endif
+#if INCLUDE_sm3crypt
+ { "$sm3$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK },
+#else
+ { "$sm3$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID },
+#endif
#if INCLUDE_sha512crypt
{ "$6$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK },
#else
diff --git a/test/crypt-badargs.c b/test/crypt-badargs.c
index 59c6690..658e85b 100644
--- a/test/crypt-badargs.c
+++ b/test/crypt-badargs.c
@@ -51,6 +51,10 @@ static const char *settings[] =
"$5$MJHnaAkegEVYHsFK",
"$5$rounds=10191$MJHnaAkegEVYHsFK",
#endif
+#if INCLUDE_sm3crypt
+ "$sm3$MJHnaAkegEVYHsFK",
+ "$sm3$rounds=10191$MJHnaAkegEVYHsFK",
+#endif
#if INCLUDE_sha512crypt
"$6$MJHnaAkegEVYHsFK",
"$6$rounds=10191$MJHnaAkegEVYHsFK",
diff --git a/test/gensalt-extradata.c b/test/gensalt-extradata.c
index 9df2e9f..3e492e5 100644
--- a/test/gensalt-extradata.c
+++ b/test/gensalt-extradata.c
@@ -61,6 +61,9 @@ static const struct testcase testcases[] =
#if INCLUDE_sha256crypt
{ "$5$", 7019, 1120211 },
#endif
+#if INCLUDE_sm3crypt
+ { "$sm3$", 7019, 1120211 },
+#endif
#if INCLUDE_sha512crypt
{ "$6$", 7019, 1120211 },
#endif
diff --git a/test/gensalt.c b/test/gensalt.c
index 2d590a9..6dbbaf6 100644
--- a/test/gensalt.c
+++ b/test/gensalt.c
@@ -140,6 +140,36 @@ static const char *const sha256_expected_output_h[] =
"$5$rounds=999999999$UqGBkVu01rurVZqg"
};
#endif
+#if INCLUDE_sm3crypt
+static const char *const sm3_expected_output[] =
+{
+ "$sm3$MJHnaAkegEVYHsFK",
+ "$sm3$PKXc3hCOSyMqdaEQ",
+ "$sm3$ZAFlICwYRETzIzIj",
+ "$sm3$UqGBkVu01rurVZqg"
+};
+static const char *const sm3_expected_output_r[] =
+{
+ "$sm3$rounds=10191$MJHnaAkegEVYHsFK",
+ "$sm3$rounds=10191$PKXc3hCOSyMqdaEQ",
+ "$sm3$rounds=10191$ZAFlICwYRETzIzIj",
+ "$sm3$rounds=10191$UqGBkVu01rurVZqg"
+};
+static const char *const sm3_expected_output_l[] =
+{
+ "$sm3$rounds=1000$MJHnaAkegEVYHsFK",
+ "$sm3$rounds=1000$PKXc3hCOSyMqdaEQ",
+ "$sm3$rounds=1000$ZAFlICwYRETzIzIj",
+ "$sm3$rounds=1000$UqGBkVu01rurVZqg"
+};
+static const char *const sm3_expected_output_h[] =
+{
+ "$sm3$rounds=999999999$MJHnaAkegEVYHsFK",
+ "$sm3$rounds=999999999$PKXc3hCOSyMqdaEQ",
+ "$sm3$rounds=999999999$ZAFlICwYRETzIzIj",
+ "$sm3$rounds=999999999$UqGBkVu01rurVZqg"
+};
+#endif
#if INCLUDE_sha512crypt
static const char *const sha512_expected_output[] =
{
@@ -291,7 +321,7 @@ struct testcase
};
// For all hashing methods with a linear cost parameter (that is,
-// DES/BSD, MD5/Sun, SHA1, SHA256, and SHA512), crypt_gensalt will
+// DES/BSD, MD5/Sun, SHA1, SHA256, SM3 and SHA512), crypt_gensalt will
// accept any value in the range of 'unsigned long' and clip it to the
// actual valid range.
#define MIN_LINEAR_COST 1
@@ -338,6 +368,12 @@ static const struct testcase testcases[] =
{ "$5$", sha256_expected_output_l, 31, 0, MIN_LINEAR_COST },
{ "$5$", sha256_expected_output_h, 36, 0, MAX_LINEAR_COST },
#endif
+#if INCLUDE_sm3crypt
+ { "$sm3$", sm3_expected_output, 21, 0, 0 },
+ { "$sm3$", sm3_expected_output_r, 34, 0, 10191 },
+ { "$sm3$", sm3_expected_output_l, 33, 0, MIN_LINEAR_COST },
+ { "$sm3$", sm3_expected_output_h, 38, 0, MAX_LINEAR_COST },
+#endif
#if INCLUDE_sha512crypt
{ "$6$", sha512_expected_output, 19, 0, 0 },
{ "$6$", sha512_expected_output_r, 32, 0, 10191 },
--
2.27.0

5
libxcrypt.spec
View File

@ -1,7 +1,7 @@
%define libdir /lib64
Name: libxcrypt
Version: 4.4.17
Release: 2
Release: 3
Summary: Extended crypt library for DES, MD5, Blowfish and others
License: LGPLv2+ and BSD and Public Domain
URL: https://github.com/besser82/%{name}
@ -100,6 +100,9 @@ make check
%changelog
* Tue Dec 28 2021 houmingyong<houmingyong@huawei.com> - 4.4.17-3
- add sm3 DT test case
* Mon Dec 27 2021 wangyu <wangyu283@huawei.com> - 4.4.17-2
- add sm3 crypt support