Support decode SM2 parameters

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18819)

diff --git a/apps/ecparam.c b/apps/ecparam.c
index 5d66b65569d5cd66de1476ed978c52bbd0381275..71f93c4ca5e142375ad4e65e3148b2c22301e4a2 100644 (file)
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -242,9 +242,17 @@ int ecparam_main(int argc, char **argv)
             goto end;
         }
     } else {
-        params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters");
-        if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC"))
+        params_key = load_keyparams_suppress(infile, informat, 1, "EC",
+                                             "EC parameters", 1);
+        if (params_key == NULL)
+            params_key = load_keyparams_suppress(infile, informat, 1, "SM2",
+                                                 "SM2 parameters", 1);
+
+        if (params_key == NULL) {
+            BIO_printf(bio_err, "Unable to load parameters from %s\n", infile);
             goto end;
+        }
+
         if (point_format
             && !EVP_PKEY_set_utf8_string_param(
                     params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,

diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index ed50f081fa21ee919e60c873603ac1b48b2c80d0..0446c77019ab8b9f09398b49ca931fec723c58f4 100644 (file)
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10
 # define PEM_TYPE_MIC_ONLY       20

diff --git a/providers/decoders.inc b/providers/decoders.inc
index 2772aad05da786336dd0083cd8e8772a9d231071..edca39ea3652f5f5f5a474eaa55b0f7eef393ca2 100644 (file)
--- a/providers/decoders.inc
+++ b/providers/decoders.inc
@@ -69,6 +69,7 @@ DECODER_w_structure("X448", der, SubjectPublicKeyInfo, x448, yes),
 # ifndef OPENSSL_NO_SM2
 DECODER_w_structure("SM2", der, PrivateKeyInfo, sm2, no),
 DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, no),
+DECODER_w_structure("SM2", der, type_specific_no_pub, sm2, no),
 # endif
 #endif
 DECODER_w_structure("RSA", der, PrivateKeyInfo, rsa, yes),

diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index ebc2d24833397ff5c25c09337c637410c3403f19..d4d37314600d1265cddadb9493e7ae82a3368936 100644 (file)
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -783,6 +783,7 @@ MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
 # ifndef OPENSSL_NO_SM2
 MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo);
 MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
+MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub);
 # endif
 #endif
 MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);

diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c
index bc937ffb9d2750f64a5abae8e105d818b1062889..648ecd4584a62053588d672d3f07ac5a032c3fb6 100644 (file)
--- a/providers/implementations/encode_decode/decode_pem2der.c
+++ b/providers/implementations/encode_decode/decode_pem2der.c
@@ -119,6 +119,7 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
         { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" },
         { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" },
         { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" },
+        { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" },
         { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" },
         { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" },
 

diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index 7d983f5e51c6dfa9f2d896335a89719fd481b22b..a92e04a89d8a74815a3af8821313ac9658d7c0ad 100644 (file)
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -512,7 +512,8 @@ static int ec_to_text(BIO *out, const void *key, int selection)
     else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
         type_label = "Public-Key";
     else if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
-        type_label = "EC-Parameters";
+        if (EC_GROUP_get_curve_name(group) != NID_sm2)
+            type_label = "EC-Parameters";
 
     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
         const BIGNUM *priv_key = EC_KEY_get0_private_key(ec);
@@ -538,8 +539,9 @@ static int ec_to_text(BIO *out, const void *key, int selection)
             goto err;
     }
 
-    if (BIO_printf(out, "%s: (%d bit)\n", type_label,
-                   EC_GROUP_order_bits(group)) <= 0)
+    if (type_label != NULL
+        && BIO_printf(out, "%s: (%d bit)\n", type_label,
+                      EC_GROUP_order_bits(group)) <= 0)
         goto err;
     if (priv != NULL
         && !print_labeled_buf(out, "priv:", priv, priv_len))

diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 03ce43719e4debbd65c6370d938ea4b6297c907d..288808bb6f87fdedaed30b2569b2efcdd02bafd5 100644 (file)
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -508,6 +508,7 @@ extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed448_decoder_functi
 #ifndef OPENSSL_NO_SM2
 extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_sm2_decoder_functions[];
 extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_sm2_decoder_functions[];
+extern const OSSL_DISPATCH ossl_type_specific_no_pub_der_to_sm2_decoder_functions[];
 #endif
 
 extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_rsa_decoder_functions[];

diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
index 37bf620f35ee0283a1747f9210bb5965631b8222..5dba866378a6dc076d38112b0f7856d71f55cae6 100644 (file)
--- a/test/recipes/15-test_ecparam.t
+++ b/test/recipes/15-test_ecparam.t
@@ -25,6 +25,10 @@ my @valid = glob(data_file("valid", "*.pem"));
 my @noncanon = glob(data_file("noncanon", "*.pem"));
 my @invalid = glob(data_file("invalid", "*.pem"));
 
+if (disabled("sm2")) {
+    @valid = grep { !/sm2-.*\.pem/} @valid;
+}
+
 plan tests => 12;
 
 sub checkload {

diff --git a/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem
new file mode 100644 (file)
index 0000000..bd07654
--- /dev/null
+++ b/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem
@@ -0,0 +1,7 @@
+-----BEGIN SM2 PARAMETERS-----
+MIHgAgEBMCwGByqGSM49AQECIQD////+/////////////////////wAAAAD/////
+/////zBEBCD////+/////////////////////wAAAAD//////////AQgKOn6np2f
+XjRNWp5Lz2UJp/OXifUVq4+S3by9QU2UDpMEQQQyxK4sHxmBGV+ZBEZqOcmUj+ML
+v/JmC+FxWkWJM0x0x7w3NqL09necWb3O42tpIVPQqYd8xipHQALfMuUhOfCgAiEA
+/////v///////////////3ID32shxgUrU7v0CTnVQSMCAQE=
+-----END SM2 PARAMETERS-----

diff --git a/test/recipes/15-test_ecparam_data/valid/sm2-named.pem b/test/recipes/15-test_ecparam_data/valid/sm2-named.pem
new file mode 100644 (file)
index 0000000..d6e280f
--- /dev/null
+++ b/test/recipes/15-test_ecparam_data/valid/sm2-named.pem
@@ -0,0 +1,3 @@
+-----BEGIN SM2 PARAMETERS-----
+BggqgRzPVQGCLQ==
+-----END SM2 PARAMETERS-----