wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add SM2 signature and ECIES schemes

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
This commit is contained in:
Jack Lloyd 2018-01-24 11:56:02 -05:00 committed by Richard Levitte
parent df3a15512b
commit 3d328a445c
28 changed files with 1784 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Configure
View file

@ -297,7 +297,7 @@ $config{sdirs} = [
"objects",
"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
"des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
"bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"

3
apps/openssl.c
View file

@ -762,6 +762,9 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_SEED
BIO_puts(bio_out, "SEED\n");
#endif
#ifdef OPENSSL_NO_SM2
BIO_puts(bio_out, "SM2\n");
#endif
#ifdef OPENSSL_NO_SM3
BIO_puts(bio_out, "SM3\n");
#endif

2
config
View file

@ -886,7 +886,7 @@ case "$GUESSOS" in
i386-*) options="$options 386" ;;
esac
for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm3 sm4
for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm2 sm3 sm4
do
if [ ! -d $THERE/crypto/$i ]
then

39
crypto/ec/ec_curve.c
View file

@ -2751,6 +2751,43 @@ static const struct {
}
};
static const struct {
EC_CURVE_DATA h;
unsigned char data[0 + 32 * 6];
} _EC_sm2p256v1 = {
{
NID_X9_62_prime_field, 0, 32, 1
},
{
/* no seed */
/* p */
0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
/* a */
0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
/* b */
0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
/* x */
0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
/* y */
0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
/* order */
0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
}
};
typedef struct _ec_list_element_st {
int nid;
const EC_CURVE_DATA *data;
@ -2960,6 +2997,8 @@ static const ec_list_element curve_list[] = {
"RFC 5639 curve over a 512 bit prime field"},
{NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
"RFC 5639 curve over a 512 bit prime field"},
{NID_sm2, &_EC_sm2p256v1.h, 0,
"SM2 curve over a 256 bit prime field"},
};
#define curve_list_length OSSL_NELEM(curve_list)

28
crypto/ec/ec_pmeth.c
View file

@ -16,6 +16,10 @@
#include <openssl/evp.h>
#include "internal/evp_int.h"
#if !defined(OPENSSL_NO_SM2)
#include <openssl/sm2.h>
#endif
/* EC pkey context structure */
typedef struct {
@ -102,6 +106,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
unsigned int sltmp;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec = ctx->pkey->pkey.ec;
const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
if (!sig) {
*siglen = ECDSA_size(ec);
@ -116,7 +121,16 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
else
type = NID_sha1;
if (ec_nid == NID_sm2) {
#if defined(OPENSSL_NO_SM2)
ret = -1;
#else
ret = SM2_sign(type, tbs, tbslen, sig, &sltmp, ec);
#endif
}
else {
ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
}
if (ret <= 0)
return ret;
@ -131,13 +145,24 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
int ret, type;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec = ctx->pkey->pkey.ec;
const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
if (dctx->md)
type = EVP_MD_type(dctx->md);
else
type = NID_sha1;
if (ec_nid == NID_sm2) {
#if defined(OPENSSL_NO_SM2)
ret = -1;
#else
ret = SM2_verify(type, tbs, tbslen, sig, siglen, ec);
#endif
}
else {
ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
}
return ret;
}
@ -318,7 +343,8 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sm3) {
ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
return 0;
}

1
crypto/err/err.c
View file

@ -60,6 +60,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
{ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
{ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
{0, NULL},
};

1
crypto/err/openssl.ec
View file

@ -32,6 +32,7 @@ L CMS include/openssl/cms.h crypto/cms/cms_err.c
L CT include/openssl/ct.h crypto/ct/ct_err.c
L ASYNC include/openssl/async.h crypto/async/async_err.c
L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
L SM2 include/openssl/sm2.h crypto/sm2/sm2_err.c
L OSSL_STORE include/openssl/store.h crypto/store/store_err.c
# additional header files to be scanned for function names

65
crypto/err/openssl.txt
View file

@ -986,6 +986,11 @@ RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
RSA_F_RSA_VERIFY:119:RSA_verify
RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
SM2_F_PKEY_SM2_CTRL:274:pkey_sm2_ctrl
SM2_F_PKEY_SM2_CTRL_STR:275:pkey_sm2_ctrl_str
SM2_F_PKEY_SM2_KEYGEN:276:pkey_sm2_keygen
SM2_F_PKEY_SM2_PARAMGEN:277:pkey_sm2_paramgen
SM2_F_PKEY_SM2_SIGN:278:pkey_sm2_sign
SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
SSL_F_ADD_KEY_SHARE:512:add_key_share
SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
@ -2394,6 +2399,66 @@ RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
RSA_R_VALUE_MISSING:147:value missing
RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
SM2_R_ASN1_ERROR:115:asn1 error
SM2_R_ASN5_ERROR:1150:asn5 error
SM2_R_BAD_SIGNATURE:156:bad signature
SM2_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range
SM2_R_BUFFER_TOO_SMALL:100:buffer too small
SM2_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
SM2_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
SM2_R_DECODE_ERROR:142:decode error
SM2_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
SM2_R_FIELD_TOO_LARGE:143:field too large
SM2_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
SM2_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure
SM2_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure
SM2_R_INCOMPATIBLE_OBJECTS:101:incompatible objects
SM2_R_INVALID_ARGUMENT:112:invalid argument
SM2_R_INVALID_COMPRESSED_POINT:110:invalid compressed point
SM2_R_INVALID_COMPRESSION_BIT:109:invalid compression bit
SM2_R_INVALID_CURVE:141:invalid curve
SM2_R_INVALID_DIGEST:151:invalid digest
SM2_R_INVALID_DIGEST_TYPE:138:invalid digest type
SM2_R_INVALID_ENCODING:102:invalid encoding
SM2_R_INVALID_FIELD:103:invalid field
SM2_R_INVALID_FORM:104:invalid form
SM2_R_INVALID_GROUP_ORDER:122:invalid group order
SM2_R_INVALID_KEY:116:invalid key
SM2_R_INVALID_OUTPUT_LENGTH:161:invalid output length
SM2_R_INVALID_PEER_KEY:133:invalid peer key
SM2_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis
SM2_R_INVALID_PRIVATE_KEY:123:invalid private key
SM2_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis
SM2_R_KDF_PARAMETER_ERROR:148:kdf parameter error
SM2_R_KEYS_NOT_SET:140:keys not set
SM2_R_MISSING_PARAMETERS:124:missing parameters
SM2_R_MISSING_PRIVATE_KEY:125:missing private key
SM2_R_NEED_NEW_SETUP_VALUES:157:need new setup values
SM2_R_NOT_A_NIST_PRIME:135:not a NIST prime
SM2_R_NOT_IMPLEMENTED:126:not implemented
SM2_R_NOT_INITIALIZED:111:not initialized
SM2_R_NO_PARAMETERS_SET:139:no parameters set
SM2_R_NO_PRIVATE_VALUE:154:no private value
SM2_R_OPERATION_NOT_SUPPORTED:152:operation not supported
SM2_R_PASSED_NULL_PARAMETER:134:passed null parameter
SM2_R_PEER_KEY_ERROR:149:peer key error
SM2_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure
SM2_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure
SM2_R_POINT_AT_INFINITY:106:point at infinity
SM2_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
SM2_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
SM2_R_SHARED_INFO_ERROR:150:shared info error
SM2_R_SLOT_FULL:108:slot full
SM2_R_UNDEFINED_GENERATOR:113:undefined generator
SM2_R_UNDEFINED_ORDER:128:undefined order
SM2_R_UNKNOWN_GROUP:129:unknown group
SM2_R_UNKNOWN_ORDER:114:unknown order
SM2_R_UNSUPPORTED_FIELD:131:unsupported field
SM2_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters
SM2_R_WRONG_ORDER:130:wrong order
SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
attempt to reuse session in different context

15
crypto/objects/obj_dat.h
View file

@ -10,7 +10,7 @@
*/
/* Serialized OID's */
static const unsigned char so[7618] = {
static const unsigned char so[7626] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@ -1059,9 +1059,10 @@ static const unsigned char so[7618] = {
0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09, /* [ 7597] OBJ_uacurve9 */
0x2B,0x6F, /* [ 7610] OBJ_ieee */
0x2B,0x6F,0x02,0x8C,0x53, /* [ 7612] OBJ_ieee_siswg */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D, /* [ 7617] OBJ_sm2 */
};
#define NUM_NID 1172
#define NUM_NID 1173
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@ -2235,9 +2236,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
{"ieee", "ieee", NID_ieee, 2, &so[7610]},
{"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
{"SM2", "sm2", NID_sm2, 8, &so[7617]},
};
#define NUM_SN 1163
#define NUM_SN 1164
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@ -2502,6 +2504,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1095, /* "SHA512-256" */
1100, /* "SHAKE128" */
1101, /* "SHAKE256" */
1172, /* "SM2" */
1143, /* "SM3" */
1134, /* "SM4-CBC" */
1137, /* "SM4-CFB" */
@ -3404,7 +3407,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
#define NUM_LN 1163
#define NUM_LN 1164
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@ -4514,6 +4517,7 @@ static const unsigned int ln_objs[NUM_LN] = {
496, /* "singleLevelQuality" */
1062, /* "siphash" */
1142, /* "sm-scheme" */
1172, /* "sm2" */
1143, /* "sm3" */
1144, /* "sm3WithRSAEncryption" */
1134, /* "sm4-cbc" */
@ -4571,7 +4575,7 @@ static const unsigned int ln_objs[NUM_LN] = {
125, /* "zlib compression" */
};
#define NUM_OBJ 1054
#define NUM_OBJ 1055
static const unsigned int obj_objs[NUM_OBJ] = {
0, /* OBJ_undef 0 */
181, /* OBJ_iso 1 */
@ -5037,6 +5041,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
1136, /* OBJ_sm4_cfb1 1 2 156 10197 1 104 5 */
1138, /* OBJ_sm4_cfb8 1 2 156 10197 1 104 6 */
1139, /* OBJ_sm4_ctr 1 2 156 10197 1 104 7 */
1172, /* OBJ_sm2 1 2 156 10197 1 301 */
1143, /* OBJ_sm3 1 2 156 10197 1 401 */
1144, /* OBJ_sm3WithRSAEncryption 1 2 156 10197 1 504 */
776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */

1
crypto/objects/obj_mac.num
View file

@ -1169,3 +1169,4 @@ uacurve8 1168
uacurve9 1169
ieee 1170
ieee_siswg 1171
sm2 1172

14
crypto/objects/objects.txt
View file

@ -36,6 +36,10 @@ member-body 840 : ISO-US : ISO US Member Body
ISO-US 10040 : X9-57 : X9.57
X9-57 4 : X9cm : X9.57 CM ?
member-body 156 : ISO-CN : ISO CN Member Body
ISO-CN 10197 : oscca
oscca 1 : sm-scheme
!Cname dsa
X9cm 1 : DSA : dsaEncryption
X9cm 3 : DSA-SHA1 : dsaWithSHA1
@ -376,8 +380,10 @@ rsadsi 2 5 : MD5 : md5
rsadsi 2 6 : : hmacWithMD5
rsadsi 2 7 : : hmacWithSHA1
member-body 156 10197 1 401 : SM3 : sm3
member-body 156 10197 1 504 : RSA-SM3 : sm3WithRSAEncryption
sm-scheme 301 : SM2 : sm2
sm-scheme 401 : SM3 : sm3
sm-scheme 504 : RSA-SM3 : sm3WithRSAEncryption
# From RFC4231
rsadsi 2 8 : : hmacWithSHA224
@ -1476,10 +1482,6 @@ kisa 1 6 : SEED-OFB : seed-ofb
# Definitions for SM4 cipher
member-body 156 : ISO-CN : ISO CN Member Body
ISO-CN 10197 : oscca
oscca 1 : sm-scheme
sm-scheme 104 1 : SM4-ECB : sm4-ecb
sm-scheme 104 2 : SM4-CBC : sm4-cbc
!Cname sm4-ofb128

6
crypto/sm2/build.info Normal file
View file

@ -0,0 +1,6 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
sm2_za.c sm2_sign.c sm2_crypt.c sm2_err.c

321
crypto/sm2/sm2_crypt.c Normal file
View file

@ -0,0 +1,321 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/sm2.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <string.h>
typedef struct SM2_Ciphertext_st SM2_Ciphertext;
DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
struct SM2_Ciphertext_st {
BIGNUM *C1x;
BIGNUM *C1y;
ASN1_OCTET_STRING *C3;
ASN1_OCTET_STRING *C2;
};
ASN1_SEQUENCE(SM2_Ciphertext) = {
ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM),
ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM),
ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING),
} ASN1_SEQUENCE_END(SM2_Ciphertext)
IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
static size_t EC_field_size(const EC_GROUP *group)
{
/* Is there some simpler way to do this? */
BIGNUM *p = BN_new();
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
size_t field_size = 0;
if (p == NULL || a == NULL || b == NULL)
goto done;
EC_GROUP_get_curve_GFp(group, p, a, b, NULL);
field_size = (BN_num_bits(p) + 7) / 8;
done:
BN_free(p);
BN_free(a);
BN_free(b);
return field_size;
}
size_t SM2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len)
{
return 10 + 2 * EC_field_size(EC_KEY_get0_group(key)) +
EVP_MD_size(digest) + msg_len;
}
int SM2_encrypt(const EC_KEY *key,
const EVP_MD *digest,
const uint8_t *msg,
size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len)
{
int rc = 0;
size_t i;
BN_CTX *ctx = NULL;
BIGNUM *k = NULL;
BIGNUM *x1 = NULL;
BIGNUM *y1 = NULL;
BIGNUM *x2 = NULL;
BIGNUM *y2 = NULL;
EVP_MD_CTX *hash = EVP_MD_CTX_new();
struct SM2_Ciphertext_st ctext_struct;
const EC_GROUP *group = EC_KEY_get0_group(key);
const BIGNUM *order = EC_GROUP_get0_order(group);
const EC_POINT *P = EC_KEY_get0_public_key(key);
EC_POINT *kG = NULL;
EC_POINT *kP = NULL;
uint8_t *msg_mask = NULL;
uint8_t *x2y2 = NULL;
uint8_t *C3 = NULL;
const size_t field_size = EC_field_size(group);
const size_t C3_size = EVP_MD_size(digest);
if (field_size == 0 || C3_size == 0)
goto done;
kG = EC_POINT_new(group);
kP = EC_POINT_new(group);
if (kG == NULL || kP == NULL)
goto done;
ctx = BN_CTX_new();
if (ctx == NULL)
goto done;
BN_CTX_start(ctx);
k = BN_CTX_get(ctx);
x1 = BN_CTX_get(ctx);
x2 = BN_CTX_get(ctx);
y1 = BN_CTX_get(ctx);
y2 = BN_CTX_get(ctx);
if (y2 == NULL)
goto done;
x2y2 = OPENSSL_zalloc(2 * field_size);
C3 = OPENSSL_zalloc(C3_size);
if (x2y2 == NULL || C3 == NULL)
goto done;
memset(ciphertext_buf, 0, *ciphertext_len);
BN_priv_rand_range(k, order);
if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0)
goto done;
if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, y1, ctx) == 0)
goto done;
if (EC_POINT_mul(group, kP, NULL, P, k, ctx) == 0)
goto done;
if (EC_POINT_get_affine_coordinates_GFp(group, kP, x2, y2, ctx) == 0)
goto done;
BN_bn2binpad(x2, x2y2, field_size);
BN_bn2binpad(y2, x2y2 + field_size, field_size);
msg_mask = OPENSSL_zalloc(msg_len);
if (msg_mask == NULL)
goto done;
/* X9.63 with no salt happens to match the KDF used in SM2 */
if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)
== 0)
goto done;
for (i = 0; i != msg_len; ++i)
msg_mask[i] ^= msg[i];
if (EVP_DigestInit(hash, digest) == 0)
goto done;
if (EVP_DigestUpdate(hash, x2y2, field_size) == 0)
goto done;
if (EVP_DigestUpdate(hash, msg, msg_len) == 0)
goto done;
if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0)
goto done;
if (EVP_DigestFinal(hash, C3, NULL) == 0)
goto done;
ctext_struct.C1x = x1;
ctext_struct.C1y = y1;
ctext_struct.C3 = ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size);
ctext_struct.C2 = ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len);
*ciphertext_len = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
ASN1_OCTET_STRING_free(ctext_struct.C2);
ASN1_OCTET_STRING_free(ctext_struct.C3);
rc = 1;
done:
OPENSSL_free(msg_mask);
OPENSSL_free(x2y2);
OPENSSL_free(C3);
EVP_MD_CTX_free(hash);
BN_CTX_free(ctx);
EC_POINT_free(kG);
EC_POINT_free(kP);
return rc;
}
int SM2_decrypt(const EC_KEY *key,
const EVP_MD *digest,
const uint8_t *ciphertext,
size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len)
{
int rc = 0;
int i;
BN_CTX *ctx = NULL;
const EC_GROUP *group = EC_KEY_get0_group(key);
EC_POINT *C1 = NULL;
struct SM2_Ciphertext_st *sm2_ctext = NULL;
BIGNUM *x2 = NULL;
BIGNUM *y2 = NULL;
uint8_t *x2y2 = NULL;
uint8_t *computed_C3 = NULL;
const size_t field_size = EC_field_size(group);
const int hash_size = EVP_MD_size(digest);
uint8_t *msg_mask = NULL;
const uint8_t *C2 = NULL;
const uint8_t *C3 = NULL;
int msg_len = 0;
EVP_MD_CTX *hash = NULL;
if (field_size == 0 || hash_size == 0)
goto done;
memset(ptext_buf, 0xFF, *ptext_len);
sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
if (sm2_ctext == NULL)
goto done;
if (sm2_ctext->C3->length != hash_size)
goto done;
C2 = sm2_ctext->C2->data;
C3 = sm2_ctext->C3->data;
msg_len = sm2_ctext->C2->length;
ctx = BN_CTX_new();
if (ctx == NULL)
goto done;
BN_CTX_start(ctx);
x2 = BN_CTX_get(ctx);
y2 = BN_CTX_get(ctx);
if(y2 == NULL)
goto done;
msg_mask = OPENSSL_zalloc(msg_len);
x2y2 = OPENSSL_zalloc(2 * field_size);
computed_C3 = OPENSSL_zalloc(hash_size);
if(msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL)
goto done;
C1 = EC_POINT_new(group);
if (C1 == NULL)
goto done;
if (EC_POINT_set_affine_coordinates_GFp
(group, C1, sm2_ctext->C1x, sm2_ctext->C1y, ctx) == 0)
goto done;
if (EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), ctx) ==
0)
goto done;
if (EC_POINT_get_affine_coordinates_GFp(group, C1, x2, y2, ctx) == 0)
goto done;
BN_bn2binpad(x2, x2y2, field_size);
BN_bn2binpad(y2, x2y2 + field_size, field_size);
if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)
== 0)
goto done;
for (i = 0; i != msg_len; ++i)
ptext_buf[i] = C2[i] ^ msg_mask[i];
hash = EVP_MD_CTX_new();
if (hash == NULL)
goto done;
if (EVP_DigestInit(hash, digest) == 0)
goto done;
if (EVP_DigestUpdate(hash, x2y2, field_size) == 0)
goto done;
if (EVP_DigestUpdate(hash, ptext_buf, msg_len) == 0)
goto done;
if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0)
goto done;
if (EVP_DigestFinal(hash, computed_C3, NULL) == 0)
goto done;
if (memcmp(computed_C3, C3, hash_size) != 0)
goto done;
rc = 1;
done:
if (rc == 0)
memset(ptext_buf, 0, *ptext_len);
OPENSSL_free(msg_mask);
OPENSSL_free(x2y2);
OPENSSL_free(computed_C3);
EC_POINT_free(C1);
BN_CTX_free(ctx);
SM2_Ciphertext_free(sm2_ctext);
EVP_MD_CTX_free(hash);
return rc;
}

129
crypto/sm2/sm2_err.c Normal file
View file

@ -0,0 +1,129 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/err.h>
#include <openssl/sm2err.h>
#ifndef OPENSSL_NO_ERR
static const ERR_STRING_DATA SM2_str_functs[] = {
{ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},
{ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},
{ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"},
{ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"},
{ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},
{0, NULL}
};
static const ERR_STRING_DATA SM2_str_reasons[] = {
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN5_ERROR), "asn5 error"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BIGNUM_OUT_OF_RANGE),
"bignum out of range"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_COORDINATES_OUT_OF_RANGE),
"coordinates out of range"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH),
"curve does not support ecdh"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
"curve does not support signing"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_D2I_ECPKPARAMETERS_FAILURE),
"d2i ecpkparameters failure"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DECODE_ERROR), "decode error"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DISCRIMINANT_IS_ZERO),
"discriminant is zero"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE),
"ec group new by name failure"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_FIELD_TOO_LARGE), "field too large"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_GROUP2PKPARAMETERS_FAILURE),
"group2pkparameters failure"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_I2D_ECPKPARAMETERS_FAILURE),
"i2d ecpkparameters failure"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INCOMPATIBLE_OBJECTS),
"incompatible objects"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ARGUMENT), "invalid argument"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_COMPRESSED_POINT),
"invalid compressed point"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_COMPRESSION_BIT),
"invalid compression bit"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE),
"invalid digest type"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FORM), "invalid form"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_GROUP_ORDER),
"invalid group order"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_KEY), "invalid key"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_OUTPUT_LENGTH),
"invalid output length"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PEER_KEY), "invalid peer key"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PENTANOMIAL_BASIS),
"invalid pentanomial basis"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PRIVATE_KEY),
"invalid private key"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_TRINOMIAL_BASIS),
"invalid trinomial basis"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_KDF_PARAMETER_ERROR),
"kdf parameter error"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_KEYS_NOT_SET), "keys not set"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_MISSING_PARAMETERS), "missing parameters"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_MISSING_PRIVATE_KEY),
"missing private key"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NEED_NEW_SETUP_VALUES),
"need new setup values"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_A_NIST_PRIME), "not a NIST prime"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_IMPLEMENTED), "not implemented"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_INITIALIZED), "not initialized"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PRIVATE_VALUE), "no private value"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_OPERATION_NOT_SUPPORTED),
"operation not supported"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PASSED_NULL_PARAMETER),
"passed null parameter"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PEER_KEY_ERROR), "peer key error"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PKPARAMETERS2GROUP_FAILURE),
"pkparameters2group failure"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_ARITHMETIC_FAILURE),
"point arithmetic failure"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_AT_INFINITY), "point at infinity"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_IS_NOT_ON_CURVE),
"point is not on curve"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_RANDOM_NUMBER_GENERATION_FAILED),
"random number generation failed"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_SLOT_FULL), "slot full"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNDEFINED_GENERATOR),
"undefined generator"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNDEFINED_ORDER), "undefined order"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNKNOWN_GROUP), "unknown group"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNKNOWN_ORDER), "unknown order"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNSUPPORTED_FIELD), "unsupported field"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_WRONG_CURVE_PARAMETERS),
"wrong curve parameters"},
{ERR_PACK(ERR_LIB_SM2, 0, SM2_R_WRONG_ORDER), "wrong order"},
{0, NULL}
};
#endif
int ERR_load_SM2_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) {
ERR_load_strings_const(SM2_str_functs);
ERR_load_strings_const(SM2_str_reasons);
}
#endif
return 1;
}

324
crypto/sm2/sm2_sign.c Normal file
View file

@ -0,0 +1,324 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/sm2.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <string.h>
static BIGNUM *compute_msg_hash(const EVP_MD *digest,
const EC_KEY *key,
const char *user_id,
const uint8_t *msg, size_t msg_len)
{
EVP_MD_CTX *hash = EVP_MD_CTX_new();
const int md_size = EVP_MD_size(digest);
uint8_t *za = OPENSSL_zalloc(md_size);
BIGNUM *e = NULL;
if (za == NULL)
goto done;
if (hash == NULL)
goto done;
if (SM2_compute_userid_digest(za, digest, user_id, key) == 0)
goto done;
if (EVP_DigestInit(hash, digest) == 0)
goto done;
if (EVP_DigestUpdate(hash, za, md_size) == 0)
goto done;
if (EVP_DigestUpdate(hash, msg, msg_len) == 0)
goto done;
/* reuse za buffer to hold H(ZA || M) */
if (EVP_DigestFinal(hash, za, NULL) == 0)
goto done;
e = BN_bin2bn(za, md_size, NULL);
done:
OPENSSL_free(za);
EVP_MD_CTX_free(hash);
return e;
}
static
ECDSA_SIG *SM2_sig_gen(const EC_KEY *key, const BIGNUM *e)
{
const BIGNUM *dA = EC_KEY_get0_private_key(key);
const EC_GROUP *group = EC_KEY_get0_group(key);
const BIGNUM *order = EC_GROUP_get0_order(group);
ECDSA_SIG *sig = NULL;
EC_POINT *kG = NULL;
BN_CTX *ctx = NULL;
BIGNUM *k = NULL;
BIGNUM *rk = NULL;
BIGNUM *r = NULL;
BIGNUM *s = NULL;
BIGNUM *x1 = NULL;
BIGNUM *tmp = NULL;
kG = EC_POINT_new(group);
if (kG == NULL)
goto done;
ctx = BN_CTX_new();
if (ctx == NULL)
goto done;
BN_CTX_start(ctx);
k = BN_CTX_get(ctx);
rk = BN_CTX_get(ctx);
x1 = BN_CTX_get(ctx);
tmp = BN_CTX_get(ctx);
if (tmp == NULL)
goto done;
/* These values are returned and so should not be allocated out of the context */
r = BN_new();
s = BN_new();
if (r == NULL || s == NULL)
goto done;
for (;;) {
BN_priv_rand_range(k, order);
if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0)
goto done;
if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, NULL, ctx) == 0)
goto done;
if (BN_mod_add(r, e, x1, order, ctx) == 0)
goto done;
/* try again if r == 0 or r+k == n */
if (BN_is_zero(r))
continue;
BN_add(rk, r, k);
if (BN_cmp(rk, order) == 0)
continue;
BN_add(s, dA, BN_value_one());
BN_mod_inverse(s, s, order, ctx);
BN_mod_mul(tmp, dA, r, order, ctx);
BN_sub(tmp, k, tmp);
BN_mod_mul(s, s, tmp, order, ctx);
sig = ECDSA_SIG_new();
if (sig == NULL)
goto done;
/* takes ownership of r and s */
ECDSA_SIG_set0(sig, r, s);
break;
}
done:
if (sig == NULL) {
BN_free(r);
BN_free(s);
}
BN_CTX_free(ctx);
EC_POINT_free(kG);
return sig;
}
static
int SM2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, const BIGNUM *e)
{
int ret = 0;
const EC_GROUP *group = EC_KEY_get0_group(key);
const BIGNUM *order = EC_GROUP_get0_order(group);
BN_CTX *ctx = NULL;
EC_POINT *pt = NULL;
BIGNUM *t = NULL;
BIGNUM *x1 = NULL;
const BIGNUM *r = NULL;
const BIGNUM *s = NULL;
ctx = BN_CTX_new();
if (ctx == NULL)
goto done;
pt = EC_POINT_new(group);
if (pt == NULL)
goto done;
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
x1 = BN_CTX_get(ctx);
if (x1 == NULL)
goto done;
/*
B1: verify whether r' in [1,n-1], verification failed if not
B2: vefify whether s' in [1,n-1], verification failed if not
B3: set M'~=ZA || M'
B4: calculate e'=Hv(M'~)
B5: calculate t = (r' + s') modn, verification failed if t=0
B6: calculate the point (x1', y1')=[s']G + [t]PA
B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed
*/
ECDSA_SIG_get0(sig, &r, &s);
if (BN_cmp(r, BN_value_one()) < 0)
goto done;
if (BN_cmp(s, BN_value_one()) < 0)
goto done;
if (BN_cmp(order, r) <= 0)
goto done;
if (BN_cmp(order, s) <= 0)
goto done;
if (BN_mod_add(t, r, s, order, ctx) == 0)
goto done;
if (BN_is_zero(t) == 1)
goto done;
if (EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) == 0)
goto done;
if (EC_POINT_get_affine_coordinates_GFp(group, pt, x1, NULL, ctx) == 0)
goto done;
if (BN_mod_add(t, e, x1, order, ctx) == 0)
goto done;
if (BN_cmp(r, t) == 0)
ret = 1;
done:
EC_POINT_free(pt);
BN_CTX_free(ctx);
return ret;
}
ECDSA_SIG *SM2_do_sign(const EC_KEY *key,
const EVP_MD *digest,
const char *user_id, const uint8_t *msg, size_t msg_len)
{
BIGNUM *e = NULL;
ECDSA_SIG *sig = NULL;
e = compute_msg_hash(digest, key, user_id, msg, msg_len);
if (e == NULL)
goto done;
sig = SM2_sig_gen(key, e);
done:
BN_free(e);
return sig;
}
int SM2_do_verify(const EC_KEY *key,
const EVP_MD *digest,
const ECDSA_SIG *sig,
const char *user_id, const uint8_t *msg, size_t msg_len)
{
BIGNUM *e = NULL;
int ret = -1;
e = compute_msg_hash(digest, key, user_id, msg, msg_len);
if (e == NULL)
goto done;
ret = SM2_sig_verify(key, sig, e);
done:
BN_free(e);
return ret;
}
int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
{
BIGNUM *e = NULL;
ECDSA_SIG *s = NULL;
int ret = -1;
if (type != NID_sm3)
goto done;
if (dgstlen != 32) /* expected length of SM3 hash */
goto done;
e = BN_bin2bn(dgst, dgstlen, NULL);
s = SM2_sig_gen(eckey, e);
*siglen = i2d_ECDSA_SIG(s, &sig);
ECDSA_SIG_free(s);
ret = 0;
done:
ECDSA_SIG_free(s);
BN_free(e);
return ret;
}
int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
const unsigned char *sig, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s = NULL;
BIGNUM *e = NULL;
const unsigned char *p = sig;
unsigned char *der = NULL;
int derlen = -1;
int ret = -1;
if (type != NID_sm3)
goto done;
s = ECDSA_SIG_new();
if (s == NULL)
goto done;
if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
goto done;
/* Ensure signature uses DER and doesn't have trailing garbage */
derlen = i2d_ECDSA_SIG(s, &der);
if (derlen != sig_len || memcmp(sig, der, derlen) != 0)
goto done;
e = BN_bin2bn(dgst, dgstlen, NULL);
ret = SM2_sig_verify(eckey, s, e);
done:
OPENSSL_free(der);
BN_free(e);
ECDSA_SIG_free(s);
return ret;
}

132
crypto/sm2/sm2_za.c Normal file
View file

@ -0,0 +1,132 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/sm2.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <string.h>
int SM2_compute_userid_digest(uint8_t *out,
const EVP_MD *digest,
const char *user_id,
const EC_KEY *key)
{
int rc = 0;
const EC_GROUP *group = EC_KEY_get0_group(key);
BN_CTX *ctx = NULL;
EVP_MD_CTX *hash = NULL;
BIGNUM *p = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
BIGNUM *xG = NULL;
BIGNUM *yG = NULL;
BIGNUM *xA = NULL;
BIGNUM *yA = NULL;
int p_bytes = 0;
uint8_t *buf = NULL;
size_t uid_len = 0;
uint16_t entla = 0;
uint8_t e_byte = 0;
hash = EVP_MD_CTX_new();
if (hash == NULL)
goto done;
ctx = BN_CTX_new();
if (ctx == NULL)
goto done;
p = BN_CTX_get(ctx);
a = BN_CTX_get(ctx);
b = BN_CTX_get(ctx);
xG = BN_CTX_get(ctx);
yG = BN_CTX_get(ctx);
xA = BN_CTX_get(ctx);
yA = BN_CTX_get(ctx);
if (p == NULL || a == NULL || b == NULL ||
xG == NULL || yG == NULL || xA == NULL || yA == NULL)
goto done;
memset(out, 0, EVP_MD_size(digest));
if (EVP_DigestInit(hash, digest) == 0)
goto done;
/*
ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
*/
uid_len = strlen(user_id);
if (uid_len >= 8192) /* too large */
goto done;
entla = (unsigned short)(8 * uid_len);
e_byte = entla >> 8;
if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
goto done;
e_byte = entla & 0xFF;
if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
goto done;
if (EVP_DigestUpdate(hash, user_id, uid_len) == 0)
goto done;
if (EC_GROUP_get_curve_GFp(group, p, a, b, ctx) == 0)
goto done;
p_bytes = BN_num_bytes(p);
buf = OPENSSL_zalloc(p_bytes);
BN_bn2binpad(a, buf, p_bytes);
if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
goto done;
BN_bn2binpad(b, buf, p_bytes);
if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
goto done;
EC_POINT_get_affine_coordinates_GFp(group,
EC_GROUP_get0_generator(group),
xG, yG, ctx);
BN_bn2binpad(xG, buf, p_bytes);
if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
goto done;
BN_bn2binpad(yG, buf, p_bytes);
if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
goto done;
EC_POINT_get_affine_coordinates_GFp(group,
EC_KEY_get0_public_key(key),
xA, yA, ctx);
BN_bn2binpad(xA, buf, p_bytes);
if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
goto done;
BN_bn2binpad(yA, buf, p_bytes);
if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
goto done;
if (EVP_DigestFinal(hash, out, NULL) == 0)
goto done;
rc = 1;
done:
OPENSSL_free(buf);
BN_CTX_free(ctx);
EVP_MD_CTX_free(hash);
return rc;
}

1
fuzz/oids.txt
View file

@ -1046,3 +1046,4 @@ OBJ_uacurve8="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x08"
OBJ_uacurve9="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x09"
OBJ_ieee="\x2B\x6F"
OBJ_ieee_siswg="\x2B\x6F\x02\x8C\x53"
OBJ_sm2="\x2A\x81\x1C\xCF\x55\x01\x82\x2D"

2
include/openssl/err.h
View file

@ -93,6 +93,7 @@ typedef struct err_state_st {
# define ERR_LIB_CT 50
# define ERR_LIB_ASYNC 51
# define ERR_LIB_KDF 52
# define ERR_LIB_SM2 53
# define ERR_LIB_USER 128
@ -131,6 +132,7 @@ typedef struct err_state_st {
# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ERR_PACK(l,f,r) ( \

1
include/openssl/evp.h
View file

@ -50,6 +50,7 @@
# define EVP_PKEY_DH NID_dhKeyAgreement
# define EVP_PKEY_DHX NID_dhpublicnumber
# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
# define EVP_PKEY_SM2 NID_sm2
# define EVP_PKEY_HMAC NID_hmac
# define EVP_PKEY_CMAC NID_cmac
# define EVP_PKEY_SCRYPT NID_id_scrypt

35
include/openssl/obj_mac.h
View file

@ -109,6 +109,19 @@
#define NID_X9cm 185
#define OBJ_X9cm OBJ_X9_57,4L
#define SN_ISO_CN "ISO-CN"
#define LN_ISO_CN "ISO CN Member Body"
#define NID_ISO_CN 1140
#define OBJ_ISO_CN OBJ_member_body,156L
#define SN_oscca "oscca"
#define NID_oscca 1141
#define OBJ_oscca OBJ_ISO_CN,10197L
#define SN_sm_scheme "sm-scheme"
#define NID_sm_scheme 1142
#define OBJ_sm_scheme OBJ_oscca,1L
#define SN_dsa "DSA"
#define LN_dsa "dsaEncryption"
#define NID_dsa 116
@ -1151,15 +1164,20 @@
#define NID_hmacWithSHA1 163
#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L
#define SN_sm2 "SM2"
#define LN_sm2 "sm2"
#define NID_sm2 1172
#define OBJ_sm2 OBJ_sm_scheme,301L
#define SN_sm3 "SM3"
#define LN_sm3 "sm3"
#define NID_sm3 1143
#define OBJ_sm3 OBJ_member_body,156L,10197L,1L,401L
#define OBJ_sm3 OBJ_sm_scheme,401L
#define SN_sm3WithRSAEncryption "RSA-SM3"
#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption"
#define NID_sm3WithRSAEncryption 1144
#define OBJ_sm3WithRSAEncryption OBJ_member_body,156L,10197L,1L,504L
#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L
#define LN_hmacWithSHA224 "hmacWithSHA224"
#define NID_hmacWithSHA224 798
@ -4629,19 +4647,6 @@
#define NID_seed_ofb128 778
#define OBJ_seed_ofb128 OBJ_kisa,1L,6L
#define SN_ISO_CN "ISO-CN"
#define LN_ISO_CN "ISO CN Member Body"
#define NID_ISO_CN 1140
#define OBJ_ISO_CN OBJ_member_body,156L
#define SN_oscca "oscca"
#define NID_oscca 1141
#define OBJ_oscca OBJ_ISO_CN,10197L
#define SN_sm_scheme "sm-scheme"
#define NID_sm_scheme 1142
#define OBJ_sm_scheme OBJ_oscca,1L
#define SN_sm4_ecb "SM4-ECB"
#define LN_sm4_ecb "sm4-ecb"
#define NID_sm4_ecb 1133

70
include/openssl/sm2.h Normal file
View file

@ -0,0 +1,70 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_SM2_H
# define HEADER_SM2_H
# include <openssl/ec.h>
/* The default user id as specified in GM/T 0009-2012 */
# define SM2_DEFAULT_USERID "1234567812345678"
int SM2_compute_userid_digest(uint8_t *out,
const EVP_MD *digest,
const char *user_id, const EC_KEY *key);
/*
* SM2 signature operation. Computes ZA (user id digest) and then signs
* H(ZA || msg) using SM2
*/
ECDSA_SIG *SM2_do_sign(const EC_KEY *key,
const EVP_MD *digest,
const char *user_id, const uint8_t *msg, size_t msg_len);
int SM2_do_verify(const EC_KEY *key,
const EVP_MD *digest,
const ECDSA_SIG *signature,
const char *user_id, const uint8_t *msg, size_t msg_len);
/*
* SM2 signature generation. Assumes input is an SM3 digest
*/
int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
/*
* SM2 signature verification. Assumes input is an SM3 digest
*/
int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
const unsigned char *sig, int siglen, EC_KEY *eckey);
/*
* SM2 encryption
*/
size_t SM2_ciphertext_size(const EC_KEY *key,
const EVP_MD *digest,
size_t msg_len);
int SM2_encrypt(const EC_KEY *key,
const EVP_MD *digest,
const uint8_t *msg,
size_t msg_len,
uint8_t *ciphertext_buf, size_t *ciphertext_len);
int SM2_decrypt(const EC_KEY *key,
const EVP_MD *digest,
const uint8_t *ciphertext,
size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
int ERR_load_SM2_strings(void);
#endif

95
include/openssl/sm2err.h Normal file
View file

@ -0,0 +1,95 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_SM2ERR_H
# define HEADER_SM2ERR_H
# ifdef __cplusplus
extern "C" {
# endif
int ERR_load_SM2_strings(void);
# ifdef __cplusplus
}
# endif
/*
* SM2 function codes.
*/
# define SM2_F_PKEY_SM2_CTRL 274
# define SM2_F_PKEY_SM2_CTRL_STR 275
# define SM2_F_PKEY_SM2_KEYGEN 276
# define SM2_F_PKEY_SM2_PARAMGEN 277
# define SM2_F_PKEY_SM2_SIGN 278
/*
* SM2 reason codes.
*/
# define SM2_R_ASN1_ERROR 115
# define SM2_R_ASN5_ERROR 1150
# define SM2_R_BAD_SIGNATURE 156
# define SM2_R_BIGNUM_OUT_OF_RANGE 144
# define SM2_R_BUFFER_TOO_SMALL 100
# define SM2_R_COORDINATES_OUT_OF_RANGE 146
# define SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
# define SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
# define SM2_R_D2I_ECPKPARAMETERS_FAILURE 117
# define SM2_R_DECODE_ERROR 142
# define SM2_R_DISCRIMINANT_IS_ZERO 118
# define SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
# define SM2_R_FIELD_TOO_LARGE 143
# define SM2_R_GF2M_NOT_SUPPORTED 147
# define SM2_R_GROUP2PKPARAMETERS_FAILURE 120
# define SM2_R_I2D_ECPKPARAMETERS_FAILURE 121
# define SM2_R_INCOMPATIBLE_OBJECTS 101
# define SM2_R_INVALID_ARGUMENT 112
# define SM2_R_INVALID_COMPRESSED_POINT 110
# define SM2_R_INVALID_COMPRESSION_BIT 109
# define SM2_R_INVALID_CURVE 141
# define SM2_R_INVALID_DIGEST 151
# define SM2_R_INVALID_DIGEST_TYPE 138
# define SM2_R_INVALID_ENCODING 102
# define SM2_R_INVALID_FIELD 103
# define SM2_R_INVALID_FORM 104
# define SM2_R_INVALID_GROUP_ORDER 122
# define SM2_R_INVALID_KEY 116
# define SM2_R_INVALID_OUTPUT_LENGTH 161
# define SM2_R_INVALID_PEER_KEY 133
# define SM2_R_INVALID_PENTANOMIAL_BASIS 132
# define SM2_R_INVALID_PRIVATE_KEY 123
# define SM2_R_INVALID_TRINOMIAL_BASIS 137
# define SM2_R_KDF_PARAMETER_ERROR 148
# define SM2_R_KEYS_NOT_SET 140
# define SM2_R_MISSING_PARAMETERS 124
# define SM2_R_MISSING_PRIVATE_KEY 125
# define SM2_R_NEED_NEW_SETUP_VALUES 157
# define SM2_R_NOT_A_NIST_PRIME 135
# define SM2_R_NOT_IMPLEMENTED 126
# define SM2_R_NOT_INITIALIZED 111
# define SM2_R_NO_PARAMETERS_SET 139
# define SM2_R_NO_PRIVATE_VALUE 154
# define SM2_R_OPERATION_NOT_SUPPORTED 152
# define SM2_R_PASSED_NULL_PARAMETER 134
# define SM2_R_PEER_KEY_ERROR 149
# define SM2_R_PKPARAMETERS2GROUP_FAILURE 127
# define SM2_R_POINT_ARITHMETIC_FAILURE 155
# define SM2_R_POINT_AT_INFINITY 106
# define SM2_R_POINT_IS_NOT_ON_CURVE 107
# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 158
# define SM2_R_SHARED_INFO_ERROR 150
# define SM2_R_SLOT_FULL 108
# define SM2_R_UNDEFINED_GENERATOR 113
# define SM2_R_UNDEFINED_ORDER 128
# define SM2_R_UNKNOWN_GROUP 129
# define SM2_R_UNKNOWN_ORDER 114
# define SM2_R_UNSUPPORTED_FIELD 131
# define SM2_R_WRONG_CURVE_PARAMETERS 145
# define SM2_R_WRONG_ORDER 130
#endif

5
openssl_sm2.pem Normal file
View file

@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg0JFWczAXva2An9m7
2MaT9gIwWTFptvlKrxyO4TjMmbWhRANCAAQ5OirZ4n5DrKqrhaGdO4VZHhRAYVcX
Wt3Te/d/8Mr57Tf886i09VwDhSMmH8pmNq/mp6+ioUgqYG9cs6GLLioe
-----END PRIVATE KEY-----

9
test/build.info
View file

@ -27,6 +27,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
aborttest test_test \
sanitytest exdatatest bntest \
ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
sm2sigtest sm2crypttest \
md2test \
hmactest \
rc2test rc4test rc5test \
@ -81,6 +82,14 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
INCLUDE[ecdsatest]=../include
DEPEND[ecdsatest]=../libcrypto libtestutil.a
SOURCE[sm2sigtest]=sm2sigtest.c
INCLUDE[sm2sigtest]=../include
DEPEND[sm2sigtest]=../libcrypto libtestutil.a
SOURCE[sm2crypttest]=sm2crypttest.c
INCLUDE[sm2crypttest]=../include
DEPEND[sm2crypttest]=../libcrypto libtestutil.a
SOURCE[gmdifftest]=gmdifftest.c
INCLUDE[gmdifftest]=../include
DEPEND[gmdifftest]=../libcrypto libtestutil.a

14
test/recipes/30-test_evp_data/evppkey.txt
View file

@ -18369,3 +18369,17 @@ SharedSecret=4E48335CB2A508C3481729F42C49CFC0A9DA673F9FA4FBD968B3C5B78DBFA869529
Derive=ffdhe8192-2
PeerKey=ffdhe8192-1-pub
SharedSecret=4E48335CB2A508C3481729F42C49CFC0A9DA673F9FA4FBD968B3C5B78DBFA8695295642D1337C54229370B33068481F6A6E1B021F8B09B7C6B3E4DB581AD4C7ACF5C230A1FD4107EAE55530A8376856A65E079DE1BDA41B050E9B53A088ACADB879CCBC683A13BB925D48497BF7021FEB9DA214DD77FCBB6D0D46EC2BB9C7A9AFB93FC236E4EB61CB0F0C8E025D8CF4AF8B3B0F28B3E2CFAE6E760DC7877C71046179154FBE1A50A315C4DBA6D9E06406D389B614B1FC422C72FBB958C0A2EE21694CD32136F9CF0A1205E0D3A4B10CC9C98B3B4524A0CDC9455D3021AC44057CEF4A97E85166068769E9E644CC447095243BB90368A1CE6F0E3C69CA180F5B9D51F590A812B1375460CF10A7E718A83A2F6B00D8E28BAB45CEAB8AF0EB02988ED9221416EC061C1C4081552D3D0849D243DB473EC7B90180C3891E768DD2D7002CF505D369700CAF02A4B9DD1F2828C4ACC1F2EB47100DC2DB5620ADA971D1B0B0FAC9F9E3492B591FC85AC3DCB3826A8DA5842F4AE145FE33BFCDD0B6CD15C9836A5862EDB3D87A0CDBD724AE19A79A55D4F0BFF7870019926181933C840EACFB70FBC0EF182057DC09E06798EB4C9AAC2285F22F5D907A432C6D00CC44D07D77E77D1ACC183A174146ECFBDA26FF922CEBD2FA288EF2D23F65C0AAAD0F05DBFB6CA12446082D1F5774877483C3858442E305CF2A9637CE0EBB702DB70FF336E5B0413F3E8791960F1F0A9877C9076213D40657283D546AE52B73FF4449E60F8B6FE30D4CC0BA1ACA7A7DC155EC73C48B21477983D004261267D710D8A5E8CBD0656F1A963F248E887E8C2BF87BCAE7A0D4891BF21FCF35893584B29E18E842A23EA329ADD3D6AD994B5CBFBBFAB5A26932E8F799B2B0FA7789DE7A4A5C4B7FA81971819EA7F33B5BF6577F917BDE9C3680BCC5B15F1EAB4524A1B6DEE96B9F108A77344269A1757685D0404C832E4E0C5A29F808CFA6290316C0EBB2EF0A7431F62A5FBCDC66527AD8A04C0F10AF88C7CE1F1F22C41B71CE278BB704E88145608C28AD78402487031F6B13604CC6687161EBB78E7AF7AA0BC3CCB9AD8B00D7C01980599904B71F5DBC06A691E5638566BE36522B7FED69E24C28F8EA798BA3E9CCEB8AB8CF5651379A21A38315B05C66205616BBC6A3DD5573C9C6FBA2E3488E055E5F36857016D9300BFCE9F38D7C7CCD07FCF1EF41F8347CADCB12C400536374CF269613B05069B6D94CADA3B1F4ACBB68FA1ED175B01D840D871B3B0CDB918CDF15C79169A398C189AEA78860081DB423C89D350587E26D6D77B4C762B4F2A030345679F724CFBB08DB03E8CEB4FF0B91422BD2EB5C1C356D209049CFA2D6447F69B1E1DF0850FFBB6BB9F8D5B147765C023F76524A808456DEBF6A9134E3364DF462D4807FE6D4D036A4E59A4D56F8A30D8A27F4DFA174940B713A7E4
Title = SM2 tests
PrivateKey=SM2_key1
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg0JFWczAXva2An9m7
2MaT9gIwWTFptvlKrxyO4TjMmbWhRANCAAQ5OirZ4n5DrKqrhaGdO4VZHhRAYVcX
Wt3Te/d/8Mr57Tf886i09VwDhSMmH8pmNq/mp6+ioUgqYG9cs6GLLioe
-----END PRIVATE KEY-----
Verify = SM2_key1
Ctrl = digest:SM3
Input = D7AD397F6FFA5D4F7F11E7217F241607DC30618C236D2C09C1B9EA8FDADEE2E8
Output = 3046022100AB1DB64DE7C40EDBDE6651C9B8EBDB804673DB836E5D5C7FE15DCF9ED2725037022100EBA714451FF69B0BB930B379E192E7CD5FA6E3C41C7FBD8303B799AB54A54621

249
test/sm2crypttest.c Normal file
View file

@ -0,0 +1,249 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "testutil.h"
#ifndef OPENSSL_NO_SM2
# include <openssl/sm2.h>
static RAND_METHOD fake_rand;
static const RAND_METHOD *saved_rand;
static uint8_t *fake_rand_bytes = NULL;
static size_t fake_rand_bytes_offset = 0;
static int get_faked_bytes(unsigned char *buf, int num)
{
int i;
if (fake_rand_bytes == NULL)
return saved_rand->bytes(buf, num);
for (i = 0; i != num; ++i)
buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
fake_rand_bytes_offset += num;
return 1;
}
static int start_fake_rand(const char *hex_bytes)
{
/* save old rand method */
if (!TEST_ptr(saved_rand = RAND_get_rand_method()))
return 0;
fake_rand = *saved_rand;
/* use own random function */
fake_rand.bytes = get_faked_bytes;
fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL);
fake_rand_bytes_offset = 0;
/* set new RAND_METHOD */
if (!TEST_true(RAND_set_rand_method(&fake_rand)))
return 0;
return 1;
}
static int restore_rand(void)
{
OPENSSL_free(fake_rand_bytes);
fake_rand_bytes = NULL;
fake_rand_bytes_offset = 0;
if (!TEST_true(RAND_set_rand_method(saved_rand)))
return 0;
return 1;
}
static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex,
const char *b_hex, const char *x_hex,
const char *y_hex, const char *order_hex,
const char *cof_hex)
{
BIGNUM *p = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
BIGNUM *g_x = NULL;
BIGNUM *g_y = NULL;
BIGNUM *order = NULL;
BIGNUM *cof = NULL;
EC_POINT *generator = NULL;
EC_GROUP *group = NULL;
BN_hex2bn(&p, p_hex);
BN_hex2bn(&a, a_hex);
BN_hex2bn(&b, b_hex);
group = EC_GROUP_new_curve_GFp(p, a, b, NULL);
BN_free(p);
BN_free(a);
BN_free(b);
if (group == NULL)
return NULL;
generator = EC_POINT_new(group);
if (generator == NULL)
return NULL;
BN_hex2bn(&g_x, x_hex);
BN_hex2bn(&g_y, y_hex);
if (EC_POINT_set_affine_coordinates_GFp(group, generator, g_x, g_y, NULL) ==
0)
return NULL;
BN_free(g_x);
BN_free(g_y);
BN_hex2bn(&order, order_hex);
BN_hex2bn(&cof, cof_hex);
if (EC_GROUP_set_generator(group, generator, order, cof) == 0)
return NULL;
EC_POINT_free(generator);
BN_free(order);
BN_free(cof);
return group;
}
static int test_sm2(const EC_GROUP *group,
const EVP_MD *digest,
const char *privkey_hex,
const char *message,
const char *k_hex, const char *ctext_hex)
{
const size_t msg_len = strlen(message);
BIGNUM *priv = NULL;
EC_KEY *key = NULL;
EC_POINT *pt = NULL;
unsigned char *expected = OPENSSL_hexstr2buf(ctext_hex, NULL);
size_t ctext_len = 0;
uint8_t *ctext = NULL;
uint8_t *recovered = NULL;
size_t recovered_len = msg_len;
int rc = 0;
BN_hex2bn(&priv, privkey_hex);
key = EC_KEY_new();
EC_KEY_set_group(key, group);
EC_KEY_set_private_key(key, priv);
pt = EC_POINT_new(group);
EC_POINT_mul(group, pt, priv, NULL, NULL, NULL);
EC_KEY_set_public_key(key, pt);
BN_free(priv);
EC_POINT_free(pt);
ctext_len = SM2_ciphertext_size(key, digest, msg_len);
ctext = OPENSSL_zalloc(ctext_len);
if (ctext == NULL)
goto done;
start_fake_rand(k_hex);
rc = SM2_encrypt(key, digest,
(const uint8_t *)message, msg_len, ctext, &ctext_len);
restore_rand();
TEST_mem_eq(ctext, ctext_len, expected, ctext_len);
if (rc == 0)
goto done;
recovered = OPENSSL_zalloc(msg_len);
if (recovered == NULL)
goto done;
rc = SM2_decrypt(key, digest, ctext, ctext_len, recovered, &recovered_len);
TEST_int_eq(recovered_len, msg_len);
TEST_mem_eq(recovered, recovered_len, message, msg_len);
if (rc == 0)
return 0;
rc = 1;
done:
OPENSSL_free(ctext);
OPENSSL_free(recovered);
OPENSSL_free(expected);
EC_KEY_free(key);
return rc;
}
static int sm2_crypt_test(void)
{
int rc;
EC_GROUP *test_group =
create_EC_group
("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3",
"787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498",
"63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A",
"421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D",
"0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2",
"8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7",
"1");
if (test_group == NULL)
return 0;
rc = test_sm2(test_group,
EVP_sm3(),
"1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0",
"encryption standard",
"004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F",
"307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF1"
"7F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A2"
"4B84400F01B804209C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A"
"285E07480653426D0413650053A89B41C418B0C3AAD00D886C00286467");
if (rc == 0)
return 0;
/* Same test as above except using SHA-256 instead of SM3 */
rc = test_sm2(test_group,
EVP_sha256(),
"1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0",
"encryption standard",
"004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F",
"307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84400F01B80420BE89139D07853100EFA763F60CBE30099EA3DF7F8F364F9D10A5E988E3C5AAFC0413229E6C9AEE2BB92CAD649FE2C035689785DA33");
if (rc == 0)
return 0;
EC_GROUP_free(test_group);
return 1;
}
#endif
int setup_tests(void)
{
#ifdef OPENSSL_NO_SM2
TEST_note("SM2 is disabled.");
#else
ADD_TEST(sm2_crypt_test);
#endif
return 1;
}

238
test/sm2sigtest.c Normal file
View file

@ -0,0 +1,238 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "testutil.h"
#ifndef OPENSSL_NO_SM2
# include <openssl/sm2.h>
static RAND_METHOD fake_rand;
static const RAND_METHOD *saved_rand;
static uint8_t *fake_rand_bytes = NULL;
static size_t fake_rand_bytes_offset = 0;
static int get_faked_bytes(unsigned char *buf, int num)
{
int i;
if (fake_rand_bytes == NULL)
return saved_rand->bytes(buf, num);
for (i = 0; i != num; ++i)
buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
fake_rand_bytes_offset += num;
return 1;
}
static int start_fake_rand(const char *hex_bytes)
{
/* save old rand method */
if (!TEST_ptr(saved_rand = RAND_get_rand_method()))
return 0;
fake_rand = *saved_rand;
/* use own random function */
fake_rand.bytes = get_faked_bytes;
fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL);
fake_rand_bytes_offset = 0;
/* set new RAND_METHOD */
if (!TEST_true(RAND_set_rand_method(&fake_rand)))
return 0;
return 1;
}
static int restore_rand(void)
{
OPENSSL_free(fake_rand_bytes);
fake_rand_bytes = NULL;
fake_rand_bytes_offset = 0;
if (!TEST_true(RAND_set_rand_method(saved_rand)))
return 0;
return 1;
}
static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex,
const char *b_hex, const char *x_hex,
const char *y_hex, const char *order_hex,
const char *cof_hex)
{
BIGNUM *p = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
BIGNUM *g_x = NULL;
BIGNUM *g_y = NULL;
BIGNUM *order = NULL;
BIGNUM *cof = NULL;
EC_POINT *generator = NULL;
EC_GROUP *group = NULL;
BN_hex2bn(&p, p_hex);
BN_hex2bn(&a, a_hex);
BN_hex2bn(&b, b_hex);
group = EC_GROUP_new_curve_GFp(p, a, b, NULL);
BN_free(p);
BN_free(a);
BN_free(b);
if (group == NULL)
return NULL;
generator = EC_POINT_new(group);
if (generator == NULL)
return NULL;
BN_hex2bn(&g_x, x_hex);
BN_hex2bn(&g_y, y_hex);
if (EC_POINT_set_affine_coordinates_GFp(group, generator, g_x, g_y, NULL) ==
0)
return NULL;
BN_free(g_x);
BN_free(g_y);
BN_hex2bn(&order, order_hex);
BN_hex2bn(&cof, cof_hex);
if (EC_GROUP_set_generator(group, generator, order, cof) == 0)
return NULL;
EC_POINT_free(generator);
BN_free(order);
BN_free(cof);
return group;
}
static int test_sm2(const EC_GROUP *group,
const char *userid,
const char *privkey_hex,
const char *message,
const char *k_hex, const char *r_hex, const char *s_hex)
{
const size_t msg_len = strlen(message);
int ok = -1;
BIGNUM *priv = NULL;
EC_POINT *pt = NULL;
EC_KEY *key = NULL;
ECDSA_SIG *sig = NULL;
const BIGNUM *sig_r = NULL;
const BIGNUM *sig_s = NULL;
BIGNUM *r = NULL;
BIGNUM *s = NULL;
BN_hex2bn(&priv, privkey_hex);
key = EC_KEY_new();
EC_KEY_set_group(key, group);
EC_KEY_set_private_key(key, priv);
pt = EC_POINT_new(group);
EC_POINT_mul(group, pt, priv, NULL, NULL, NULL);
EC_KEY_set_public_key(key, pt);
start_fake_rand(k_hex);
sig = SM2_do_sign(key, EVP_sm3(), userid, (const uint8_t *)message, msg_len);
restore_rand();
if (sig == NULL)
return 0;
ECDSA_SIG_get0(sig, &sig_r, &sig_s);
BN_hex2bn(&r, r_hex);
BN_hex2bn(&s, s_hex);
if (BN_cmp(r, sig_r) != 0) {
printf("Signature R mismatch: ");
BN_print_fp(stdout, r);
printf(" != ");
BN_print_fp(stdout, sig_r);
printf("\n");
ok = 0;
}
if (BN_cmp(s, sig_s) != 0) {
printf("Signature S mismatch: ");
BN_print_fp(stdout, s);
printf(" != ");
BN_print_fp(stdout, sig_s);
printf("\n");
ok = 0;
}
ok = SM2_do_verify(key, EVP_sm3(), sig, userid, (const uint8_t *)message, msg_len);
ECDSA_SIG_free(sig);
EC_POINT_free(pt);
EC_KEY_free(key);
BN_free(priv);
BN_free(r);
BN_free(s);
return ok;
}
static int sm2_sig_test(void)
{
int rc = 0;
/* From draft-shen-sm2-ecdsa-02 */
EC_GROUP *test_group =
create_EC_group
("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3",
"787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498",
"63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A",
"421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D",
"0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2",
"8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7",
"1");
if (test_group == NULL)
return 0;
rc = test_sm2(test_group,
"ALICE123@YAHOO.COM",
"128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263",
"message digest",
"006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F",
"40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1",
"6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7");
EC_GROUP_free(test_group);
return rc;
}
#endif
int setup_tests(void)
{
#ifdef OPENSSL_NO_SM2
TEST_note("SM2 is disabled.");
#else
ADD_TEST(sm2_sig_test);
#endif
return 1;
}

9
util/libcrypto.num
View file

@ -4514,3 +4514,12 @@ EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION:
RAND_DRBG_set_defaults 4458 1_1_1 EXIST::FUNCTION:
SM2_decrypt 4459 1_1_1 EXIST::FUNCTION:
SM2_do_sign 4460 1_1_1 EXIST::FUNCTION:
SM2_compute_userid_digest 4461 1_1_1 EXIST::FUNCTION:
SM2_encrypt 4462 1_1_1 EXIST::FUNCTION:
SM2_ciphertext_size 4463 1_1_1 EXIST::FUNCTION:
SM2_verify 4464 1_1_1 EXIST::FUNCTION:
SM2_do_verify 4465 1_1_1 EXIST::FUNCTION:
SM2_sign 4466 1_1_1 EXIST::FUNCTION:
ERR_load_SM2_strings 4467 1_1_1 EXIST::FUNCTION: