pkcs8: predefine some common errors

docs/sm2.md

@@ -121,6 +121,16 @@ func ExampleNewPrivateKeyFromInt() {
 ```
 当然，你也可以使用ecdh包的方法```ecdh.P256().NewPrivateKey```来构造私钥，您要确保输入的字节数组是256位（32字节）的，如果不是，请先自行处理。
 
+### 关于《GM/T 0091-2020 基于口令的密钥派生规范》
+这个规范就是[RFC8018 PKCS#5](https://datatracker.ietf.org/doc/html/rfc8018) 国密定制版，其中PBES/PBKDF/PBMAC使用了不同的OID，但是这些OID似乎没有注册过。而且表A.1 中**id-hmacWithSM3**的OID为没有注册过的**1.2.156.10197.1.401.3.1**，和我们常用的**1.2.156.10197.1.401.2**不一致，也与该文档本身附录C不一致。不知道哪个产品遵从了这个行业规范。
+
+| 对象标识符OID | 对象标识符定义 |
+| :--- | :--- |
+| 1.2.156.10197.6.1.4.1.5 | 基于口令的密钥派生规范 |
+| 1.2.156.10197.6.1.4.1.5.1 | 基于口令的密钥派生函数 PBKDF (其实就是PBKDF2) |
+| 1.2.156.10197.6.1.4.1.5.2 | 基于口令的加密方案PBES (其实就是PBES2) |
+| 1.2.156.10197.6.1.4.1.5.3 | 基于口令的消息鉴别码PBMAC |
+
 ## 数字签名算法
 您可以直接使用sm2私钥的签名方法```Sign```：
 ```go

pkcs/pkcs5_pbes1.go

@@ -84,7 +84,7 @@ func (pbes1 *PBES1) Decrypt(password, ciphertext []byte) ([]byte, KDFParameters,
 	}
 	plaintext, err := cbcDecrypt(block, key[8:16], ciphertext)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, ErrPBEDecryption
 	}
 	return plaintext, nil, nil
 }

pkcs/pkcs5_pbes2.go

@@ -59,6 +59,10 @@ func (h Hash) New() hash.Hash {
 	panic("pkcs5: requested hash function #" + strconv.Itoa(int(h)) + " is unavailable")
 }
 
+var (
+	ErrPBEDecryption = errors.New("pkcs: decryption error, please verify the password and try again")
+)
+
 // PBKDF2Opts contains algorithm identifiers and related parameters for PBKDF2 key derivation function.
 type PBES2Params struct {
 	KeyDerivationFunc pkix.AlgorithmIdentifier
@@ -149,7 +153,7 @@ func (pbes2Params *PBES2Params) Decrypt(password, ciphertext []byte) ([]byte, KD
 
 	plaintext, err := cipher.Decrypt(symkey, &pbes2Params.EncryptionScheme.Parameters, ciphertext)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, ErrPBEDecryption
 	}
 	return plaintext, kdfParams, nil
 }

pkcs8/pkcs8.go

@@ -36,6 +36,11 @@ type encryptedPrivateKeyInfo struct {
 	EncryptedData       []byte
 }
 
+var (
+	ErrUnsupportedPBES = errors.New("pkcs8: only part of PBES1/PBES2 supported")
+	ErrUnexpectedKeyType = errors.New("pkcs8: unexpected key type")
+)
+
 // ParsePrivateKey parses a DER-encoded PKCS#8 private key.
 // Password can be nil.
 // This is equivalent to ParsePKCS8PrivateKey.
@@ -69,14 +74,14 @@ func ParsePrivateKey(der []byte, password []byte) (any, pkcs.KDFParameters, erro
 		pbes1 := &pkcs.PBES1{Algorithm: privKey.EncryptionAlgorithm}
 		decryptedKey, kdfParams, err = pbes1.Decrypt(password, privKey.EncryptedData)
 	default:
-		return nil, nil, errors.New("pkcs8: only part of PBES1/PBES2 supported")
+		return nil, nil, ErrUnsupportedPBES
 	}
 	if err != nil {
 		return nil, nil, err
 	}
 	key, err := smx509.ParsePKCS8PrivateKey(decryptedKey)
 	if err != nil {
-		return nil, nil, errors.New("pkcs8: incorrect password? failed to parse private key while ParsePKCS8PrivateKey: " + err.Error())
+		return nil, nil, err
 	}
 	return key, kdfParams, nil
 }
@@ -131,7 +136,7 @@ func ParsePKCS8PrivateKeyRSA(der []byte, v ...[]byte) (*rsa.PrivateKey, error) {
 	}
 	typedKey, ok := key.(*rsa.PrivateKey)
 	if !ok {
-		return nil, errors.New("pkcs8: key block is not of type RSA")
+		return nil, ErrUnexpectedKeyType
 	}
 	return typedKey, nil
 }
@@ -145,7 +150,7 @@ func ParsePKCS8PrivateKeyECDSA(der []byte, v ...[]byte) (*ecdsa.PrivateKey, erro
 	}
 	typedKey, ok := key.(*ecdsa.PrivateKey)
 	if !ok {
-		return nil, errors.New("pkcs8: key block is not of type ECDSA")
+		return nil, ErrUnexpectedKeyType
 	}
 	return typedKey, nil
 }
@@ -159,7 +164,7 @@ func ParsePKCS8PrivateKeySM2(der []byte, v ...[]byte) (*sm2.PrivateKey, error) {
 	}
 	typedKey, ok := key.(*sm2.PrivateKey)
 	if !ok {
-		return nil, errors.New("pkcs8: key block is not of type SM2")
+		return nil, ErrUnexpectedKeyType
 	}
 	return typedKey, nil
 }
@@ -173,7 +178,7 @@ func ParseSM9SignMasterPrivateKey(der []byte, v ...[]byte) (*sm9.SignMasterPriva
 	}
 	typedKey, ok := key.(*sm9.SignMasterPrivateKey)
 	if !ok {
-		return nil, errors.New("pkcs8: key block is not of type SM9 sign master private key")
+		return nil, ErrUnexpectedKeyType
 	}
 	return typedKey, nil
 }
@@ -187,7 +192,7 @@ func ParseSM9SignPrivateKey(der []byte, v ...[]byte) (*sm9.SignPrivateKey, error
 	}
 	typedKey, ok := key.(*sm9.SignPrivateKey)
 	if !ok {
-		return nil, errors.New("pkcs8: key block is not of type SM9 sign user private key")
+		return nil, ErrUnexpectedKeyType
 	}
 	return typedKey, nil
 }
@@ -201,7 +206,7 @@ func ParseSM9EncryptMasterPrivateKey(der []byte, v ...[]byte) (*sm9.EncryptMaste
 	}
 	typedKey, ok := key.(*sm9.EncryptMasterPrivateKey)
 	if !ok {
-		return nil, errors.New("pkcs8: key block is not of type SM9 encrypt master private key")
+		return nil, ErrUnexpectedKeyType
 	}
 	return typedKey, nil
 }
@@ -215,7 +220,7 @@ func ParseSM9EncryptPrivateKey(der []byte, v ...[]byte) (*sm9.EncryptPrivateKey,
 	}
 	typedKey, ok := key.(*sm9.EncryptPrivateKey)
 	if !ok {
-		return nil, errors.New("pkcs8: key block is not of type SM9 encrypt user private key")
+		return nil, ErrUnexpectedKeyType
 	}
 	return typedKey, nil
 }

pkcs8/pkcs8_test.go

@@ -784,7 +784,7 @@ func TestParseLegacyPBES1PrivateKey(t *testing.T) {
 	}
 
 	_, err = pkcs8.ParsePKCS8PrivateKey(block.Bytes, []byte("wrong pwd"))
-	if err == nil {
+	if err != pkcs.ErrPBEDecryption {
 		t.Errorf("should have failed")
 	}
 }