Backport 2.1: pkcs5: add support for additional hmacSHA algorithms #1373
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently only SHA1 is supported as PRF algorithm for PBKDF2 (PKCS#5 v2.0). This means that keys encrypted and authenticated using another algorithm of the SHA family cannot be decrypted. This deficiency has become particularly incumbent now that PKIs created with OpenSSL1.1 are encrypting keys using hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default and even if v2 was forced, it would still use hmacSHA1). Enable support for all the digest algorithms of the SHA family for PKCS#5 v2.0. Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Test vectors for SHA224,256,384 and 512 have been
generated using Python's hashlib module by the
following oneliner:
import binascii, hashlib
binascii.hexlify(hashlib.pbkdf2_hmac(ALGO, binascii.unhexlify('PASSWORD'), binascii.unhexlify('SALT'), ITER, KEYLEN)))
where ALGO was 'sha224', 'sha256', 'sha384' and 'sha512'
respectively.
Values for PASSWORD, SALT, ITER and KEYLEN were copied from the
existent test vectors for SHA1.
For SHA256 we also have two test vectors coming from RFC7914 Sec 11.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Some unit tests for pbkdf2_hmac() have results longer than 99bytes when represented in hexadecimal form. For this reason extend the result array to accommodate longer strings. At the same time make memset() parametric to avoid bugs in the future. Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
We now have support for the entire SHA family to be used as PRF in PKCS#5 v2.0, therefore we need to add new keys to test these new functionalities. This patch adds the new keys in `tests/data_files` and commands to generate them in `tests/data_files/Makefile`. Note that the pkcs8 command in OpenSSL 1.0 called with the -v2 argument generates keys using PKCS#5 v2.0 with SHA1 as PRF by default. (This behaviour has changed in OpenSSL 1.1, where the exact same command instead uses PKCS#5 v2.0 with SHA256) The new keys are generated by specifying different PRFs with -v2prf. Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Extend the pkparse test suite with the newly created keys encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being SHA224, 256, 384 and 512. Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
gilles-peskine-arm
added
enhancement
CLA valid
needs-design-approval
needs-review
3 tasks
mpg
approved these changes
Feb 14, 2018
Contributor
mpg
left a comment
mpg
left a comment
There was a problem hiding this comment.
I'm satisfied this is a faithful backport of the original PR and I agree that the code changes are small enough and well-tested enough for inclusion in the 2.1 branch.
Contributor
Author
|
|
|
@gilles-peskine-arm Do we need a backport to 2.7? |
hanno-becker
approved these changes
Mar 8, 2018
Contributor
Author
gilles-peskine-arm
removed
the
needs-review
simonbutcher
added
approved for design
approved
Contributor
|
Agreed and approved that this fix needs back porting to 2.1 branch. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for the SHA-2 family to the PKCS#5 module. This is a very small code change and fixes an interoperability issue, hence the proposal to backport it even though this is technically a new feature.
Straightforward backport of #1219 (I only tweaked the ChangeLog entry)