Add a SM2(7) man page
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113)
This commit is contained in:
parent
675f4ceef8
commit
571286b0a4
1 changed files with 77 additions and 0 deletions
77
doc/man7/SM2.pod
Normal file
77
doc/man7/SM2.pod
Normal file
|
@ -0,0 +1,77 @@
|
|||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SM2 - Chinese SM2 signature and encryption algorithm support
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
B<SM2> algorithm is first defined by the Chinese national standard GM/T 0003-2012
|
||||
and is standardized by ISO as ISO/IEC 14888. B<SM2> is actually an elliptic curve
|
||||
based algorithm. Currnet implementation in OpenSSL supports both signature and
|
||||
encryption schemes via EVP interface.
|
||||
|
||||
When doing the B<SM2> signature algorithm, it requires a distinguishing identifier
|
||||
to form the message prefix which is hashed before the real message is hashed.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
B<SM2> signature can be generated by using the 'DigestSign' series APIs, for instance,
|
||||
EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). Ditto
|
||||
for the verification process by calling the 'DigestVerify' series APIs.
|
||||
|
||||
There are several special steps need to be done before computing an B<SM2> signature.
|
||||
|
||||
The B<EVP_PKEY> structure should be set to B<EVP_PKEY_SM2> by calling:
|
||||
|
||||
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
|
||||
|
||||
Then an ID should be set by calling:
|
||||
|
||||
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
|
||||
|
||||
When calling the EVP_DeigestSignInit() or EVP_DigestVerifyInit() function, a
|
||||
pre-allocated B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>. This is
|
||||
done by calling:
|
||||
|
||||
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
|
||||
|
||||
And normally there is no need to pass a B<pctx> parameter to EVP_DeigestSignInit()
|
||||
or EVP_DigestVerifyInit() in such scenario.
|
||||
|
||||
=head1 EXAMPLE
|
||||
|
||||
This example demonstrates the calling sequence on how to use an B<EVP_PKEY> to
|
||||
sign a message with SM2 signature algorithm and SM3 hash algorithm:
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
/* obtain an EVP_PKEY from whatever methods... */
|
||||
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
|
||||
mctx = EVP_MD_CTX_new();
|
||||
pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
|
||||
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);;
|
||||
EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
|
||||
EVP_DigestVerifyUpdate(mctx, msg, msg_len);
|
||||
EVP_DigestVerifyFinal(mctx, sig, sig_len)
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<EVP_PKEY_CTX_new(3)>,
|
||||
L<EVP_PKEY_set_alias_type(3)>,
|
||||
L<EVP_DigestSignInit(3)>,
|
||||
L<EVP_DigestVerifyInit(3)>,
|
||||
L<EVP_PKEY_CTX_set1_id(3)>,
|
||||
L<EVP_MD_CTX_set_pkey_ctx(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
Loading…
Reference in a new issue