projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df3a155)
Add SM2 signature and ECIES schemes
authorJack Lloyd <jack.lloyd@ribose.com>
Wed, 24 Jan 2018 16:56:02 +0000 (11:56 -0500)
committerRichard Levitte <levitte@openssl.org>
Mon, 19 Mar 2018 13:33:25 +0000 (14:33 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)

28 files changed:
Configure patch | blob | history
apps/openssl.c patch | blob | history
config patch | blob | history
crypto/ec/ec_curve.c patch | blob | history
crypto/ec/ec_pmeth.c patch | blob | history
crypto/err/err.c patch | blob | history
crypto/err/openssl.ec patch | blob | history
crypto/err/openssl.txt patch | blob | history
crypto/objects/obj_dat.h patch | blob | history
crypto/objects/obj_mac.num patch | blob | history
crypto/objects/objects.txt patch | blob | history
crypto/sm2/build.info [new file with mode: 0644] patch | blob
crypto/sm2/sm2_crypt.c [new file with mode: 0644] patch | blob
crypto/sm2/sm2_err.c [new file with mode: 0644] patch | blob
crypto/sm2/sm2_sign.c [new file with mode: 0644] patch | blob
crypto/sm2/sm2_za.c [new file with mode: 0644] patch | blob
fuzz/oids.txt patch | blob | history
include/openssl/err.h patch | blob | history
include/openssl/evp.h patch | blob | history
include/openssl/obj_mac.h patch | blob | history
include/openssl/sm2.h [new file with mode: 0644] patch | blob
include/openssl/sm2err.h [new file with mode: 0644] patch | blob
openssl_sm2.pem [new file with mode: 0644] patch | blob
test/build.info patch | blob | history
test/recipes/30-test_evp_data/evppkey.txt patch | blob | history
test/sm2crypttest.c [new file with mode: 0644] patch | blob
test/sm2sigtest.c [new file with mode: 0644] patch | blob
util/libcrypto.num patch | blob | history

diff --git a/Configure b/Configure
index 9b89f60790d9289241aee106dd476d2d36199e50..e2c0604cb1ebdd139a8d099a0d49c41a1ba3e487 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -297,7 +297,7 @@ $config{sdirs} = [
     "objects",
     "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
     "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
     "objects",
     "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
     "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
-    "bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
+    "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
     "buffer", "bio", "stack", "lhash", "rand", "err",
     "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
     "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
     "buffer", "bio", "stack", "lhash", "rand", "err",
     "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
     "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
diff --git a/apps/openssl.c b/apps/openssl.c
index 39b4f2ce5434bd7ceb09ab64b0d5ec5bf9a60460..8224ae3d0f5af1466e4359d57852603b8721554b 100644 (file)
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -762,6 +762,9 @@ static void list_disabled(void)
 #ifdef OPENSSL_NO_SEED
     BIO_puts(bio_out, "SEED\n");
 #endif
 #ifdef OPENSSL_NO_SEED
     BIO_puts(bio_out, "SEED\n");
 #endif
+#ifdef OPENSSL_NO_SM2
+    BIO_puts(bio_out, "SM2\n");
+#endif
 #ifdef OPENSSL_NO_SM3
     BIO_puts(bio_out, "SM3\n");
 #endif
 #ifdef OPENSSL_NO_SM3
     BIO_puts(bio_out, "SM3\n");
 #endif
diff --git a/config b/config
index 92dfa4af7f1d0280792c9cedf62683f1686bcfac..1f2f7450d1263466f4d917e2d6f20547b8a4703b 100755 (executable)
--- a/config
+++ b/config
@@ -886,7 +886,7 @@ case "$GUESSOS" in
   i386-*) options="$options 386" ;;
 esac
 
   i386-*) options="$options 386" ;;
 esac
 
-for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm3 sm4
+for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm2 sm3 sm4
 do
   if [ ! -d $THERE/crypto/$i ]
   then
 do
   if [ ! -d $THERE/crypto/$i ]
   then
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 75fc541101ed158e100926fe4be8ac5172ca83c3..01d56543dbd58a81cc92f4269bd8ac58a88ec719 100644 (file)
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -2751,6 +2751,43 @@ static const struct {
     }
 };
 
     }
 };
 
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_sm2p256v1 = {
+    {
+       NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+
+        /* p */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        /* a */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+        /* b */
+        0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+        0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+        0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
+        /* x */
+        0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+        0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+        0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
+        /* y */
+        0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+        0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+        0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
+        /* order */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+        0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
+    }
+};
+
 typedef struct _ec_list_element_st {
     int nid;
     const EC_CURVE_DATA *data;
 typedef struct _ec_list_element_st {
     int nid;
     const EC_CURVE_DATA *data;
@@ -2960,6 +2997,8 @@ static const ec_list_element curve_list[] = {
      "RFC 5639 curve over a 512 bit prime field"},
     {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
      "RFC 5639 curve over a 512 bit prime field"},
      "RFC 5639 curve over a 512 bit prime field"},
     {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
      "RFC 5639 curve over a 512 bit prime field"},
+    {NID_sm2, &_EC_sm2p256v1.h, 0,
+     "SM2 curve over a 256 bit prime field"},
 };
 
 #define curve_list_length OSSL_NELEM(curve_list)
 };
 
 #define curve_list_length OSSL_NELEM(curve_list)
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 68ff2bbccf45f4aa670ff153417356b8f1c83cc0..82a4ffabf9d6217574ddbabb08faa6ec18918709 100644 (file)
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -16,6 +16,10 @@
 #include <openssl/evp.h>
 #include "internal/evp_int.h"
 
 #include <openssl/evp.h>
 #include "internal/evp_int.h"
 
+#if !defined(OPENSSL_NO_SM2)
+  #include <openssl/sm2.h>
+#endif
+
 /* EC pkey context structure */
 
 typedef struct {
 /* EC pkey context structure */
 
 typedef struct {
@@ -102,6 +106,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     unsigned int sltmp;
     EC_PKEY_CTX *dctx = ctx->data;
     EC_KEY *ec = ctx->pkey->pkey.ec;
     unsigned int sltmp;
     EC_PKEY_CTX *dctx = ctx->data;
     EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
 
     if (!sig) {
         *siglen = ECDSA_size(ec);
 
     if (!sig) {
         *siglen = ECDSA_size(ec);
@@ -116,7 +121,16 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     else
         type = NID_sha1;
 
     else
         type = NID_sha1;
 
-    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+    if (ec_nid == NID_sm2) {
+#if defined(OPENSSL_NO_SM2)
+       ret = -1;
+#else
+       ret = SM2_sign(type, tbs, tbslen, sig, &sltmp, ec);
+#endif
+    }
+    else {
+       ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+    }
 
     if (ret <= 0)
         return ret;
 
     if (ret <= 0)
         return ret;
@@ -131,13 +145,24 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
     int ret, type;
     EC_PKEY_CTX *dctx = ctx->data;
     EC_KEY *ec = ctx->pkey->pkey.ec;
     int ret, type;
     EC_PKEY_CTX *dctx = ctx->data;
     EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
 
     if (dctx->md)
         type = EVP_MD_type(dctx->md);
     else
         type = NID_sha1;
 
 
     if (dctx->md)
         type = EVP_MD_type(dctx->md);
     else
         type = NID_sha1;
 
-    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+    if (ec_nid == NID_sm2) {
+#if defined(OPENSSL_NO_SM2)
+       ret = -1;
+#else
+       ret = SM2_verify(type, tbs, tbslen, sig, siglen, ec);
+#endif
+    }
+    else {
+       ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+    }
+
 
     return ret;
 }
 
     return ret;
 }
@@ -318,7 +343,8 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sm3) {
             ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
             return 0;
         }
             ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
             return 0;
         }
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 68afa93ae827851e6ec98ac8623235905b7e7ecf..c0a6b2b16fa7c6f96bec6e01ab4fa782f9c9a21a 100644 (file)
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -60,6 +60,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
     {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
     {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
     {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
     {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
+    {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
     {0, NULL},
 };
 
     {0, NULL},
 };
 
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index be84c7cb233532fe4be91288ccd4c91bcc820dcd..f45e230749989da271f80e3e4a360bb8b66a17fe 100644 (file)
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -32,6 +32,7 @@ L CMS           include/openssl/cms.h           crypto/cms/cms_err.c
 L CT            include/openssl/ct.h            crypto/ct/ct_err.c
 L ASYNC         include/openssl/async.h         crypto/async/async_err.c
 L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
 L CT            include/openssl/ct.h            crypto/ct/ct_err.c
 L ASYNC         include/openssl/async.h         crypto/async/async_err.c
 L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
+L SM2           include/openssl/sm2.h           crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 
 # additional header files to be scanned for function names
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 
 # additional header files to be scanned for function names
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 0052ddf2feefd68a580dbb958c9bf993bf4b7e77..bb8c157405040fb777a33d9eadb0acb0fcf21593 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -986,6 +986,11 @@ RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
 RSA_F_RSA_VERIFY:119:RSA_verify
 RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
 RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
 RSA_F_RSA_VERIFY:119:RSA_verify
 RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
 RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
+SM2_F_PKEY_SM2_CTRL:274:pkey_sm2_ctrl
+SM2_F_PKEY_SM2_CTRL_STR:275:pkey_sm2_ctrl_str
+SM2_F_PKEY_SM2_KEYGEN:276:pkey_sm2_keygen
+SM2_F_PKEY_SM2_PARAMGEN:277:pkey_sm2_paramgen
+SM2_F_PKEY_SM2_SIGN:278:pkey_sm2_sign
 SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
 SSL_F_ADD_KEY_SHARE:512:add_key_share
 SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
 SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
 SSL_F_ADD_KEY_SHARE:512:add_key_share
 SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
@@ -2394,6 +2399,66 @@ RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
 RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
 RSA_R_VALUE_MISSING:147:value missing
 RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
 RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
 RSA_R_VALUE_MISSING:147:value missing
 RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
+SM2_R_ASN1_ERROR:115:asn1 error
+SM2_R_ASN5_ERROR:1150:asn5 error
+SM2_R_BAD_SIGNATURE:156:bad signature
+SM2_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range
+SM2_R_BUFFER_TOO_SMALL:100:buffer too small
+SM2_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
+SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
+SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
+SM2_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
+SM2_R_DECODE_ERROR:142:decode error
+SM2_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
+SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
+SM2_R_FIELD_TOO_LARGE:143:field too large
+SM2_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
+SM2_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure
+SM2_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure
+SM2_R_INCOMPATIBLE_OBJECTS:101:incompatible objects
+SM2_R_INVALID_ARGUMENT:112:invalid argument
+SM2_R_INVALID_COMPRESSED_POINT:110:invalid compressed point
+SM2_R_INVALID_COMPRESSION_BIT:109:invalid compression bit
+SM2_R_INVALID_CURVE:141:invalid curve
+SM2_R_INVALID_DIGEST:151:invalid digest
+SM2_R_INVALID_DIGEST_TYPE:138:invalid digest type
+SM2_R_INVALID_ENCODING:102:invalid encoding
+SM2_R_INVALID_FIELD:103:invalid field
+SM2_R_INVALID_FORM:104:invalid form
+SM2_R_INVALID_GROUP_ORDER:122:invalid group order
+SM2_R_INVALID_KEY:116:invalid key
+SM2_R_INVALID_OUTPUT_LENGTH:161:invalid output length
+SM2_R_INVALID_PEER_KEY:133:invalid peer key
+SM2_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis
+SM2_R_INVALID_PRIVATE_KEY:123:invalid private key
+SM2_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis
+SM2_R_KDF_PARAMETER_ERROR:148:kdf parameter error
+SM2_R_KEYS_NOT_SET:140:keys not set
+SM2_R_MISSING_PARAMETERS:124:missing parameters
+SM2_R_MISSING_PRIVATE_KEY:125:missing private key
+SM2_R_NEED_NEW_SETUP_VALUES:157:need new setup values
+SM2_R_NOT_A_NIST_PRIME:135:not a NIST prime
+SM2_R_NOT_IMPLEMENTED:126:not implemented
+SM2_R_NOT_INITIALIZED:111:not initialized
+SM2_R_NO_PARAMETERS_SET:139:no parameters set
+SM2_R_NO_PRIVATE_VALUE:154:no private value
+SM2_R_OPERATION_NOT_SUPPORTED:152:operation not supported
+SM2_R_PASSED_NULL_PARAMETER:134:passed null parameter
+SM2_R_PEER_KEY_ERROR:149:peer key error
+SM2_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure
+SM2_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure
+SM2_R_POINT_AT_INFINITY:106:point at infinity
+SM2_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
+SM2_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
+SM2_R_SHARED_INFO_ERROR:150:shared info error
+SM2_R_SLOT_FULL:108:slot full
+SM2_R_UNDEFINED_GENERATOR:113:undefined generator
+SM2_R_UNDEFINED_ORDER:128:undefined order
+SM2_R_UNKNOWN_GROUP:129:unknown group
+SM2_R_UNKNOWN_ORDER:114:unknown order
+SM2_R_UNSUPPORTED_FIELD:131:unsupported field
+SM2_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters
+SM2_R_WRONG_ORDER:130:wrong order
 SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
        attempt to reuse session in different context
 SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
        attempt to reuse session in different context
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index d392586380912a159e979722ce1675c4a0b2576c..60c3826799d781927705f04cfc7bf2b1e574b757 100644 (file)
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
  */
 
 /* Serialized OID's */
-static const unsigned char so[7618] = {
+static const unsigned char so[7626] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -1059,9 +1059,10 @@ static const unsigned char so[7618] = {
     0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09,  /* [ 7597] OBJ_uacurve9 */
     0x2B,0x6F,                                     /* [ 7610] OBJ_ieee */
     0x2B,0x6F,0x02,0x8C,0x53,                      /* [ 7612] OBJ_ieee_siswg */
     0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09,  /* [ 7597] OBJ_uacurve9 */
     0x2B,0x6F,                                     /* [ 7610] OBJ_ieee */
     0x2B,0x6F,0x02,0x8C,0x53,                      /* [ 7612] OBJ_ieee_siswg */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,       /* [ 7617] OBJ_sm2 */
 };
 
 };
 
-#define NUM_NID 1172
+#define NUM_NID 1173
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2235,9 +2236,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
     {"ieee", "ieee", NID_ieee, 2, &so[7610]},
     {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
     {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
     {"ieee", "ieee", NID_ieee, 2, &so[7610]},
     {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
+    {"SM2", "sm2", NID_sm2, 8, &so[7617]},
 };
 
 };
 
-#define NUM_SN 1163
+#define NUM_SN 1164
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2502,6 +2504,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1095,    /* "SHA512-256" */
     1100,    /* "SHAKE128" */
     1101,    /* "SHAKE256" */
     1095,    /* "SHA512-256" */
     1100,    /* "SHAKE128" */
     1101,    /* "SHAKE256" */
+    1172,    /* "SM2" */
     1143,    /* "SM3" */
     1134,    /* "SM4-CBC" */
     1137,    /* "SM4-CFB" */
     1143,    /* "SM3" */
     1134,    /* "SM4-CBC" */
     1137,    /* "SM4-CFB" */
@@ -3404,7 +3407,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1163
+#define NUM_LN 1164
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -4514,6 +4517,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      496,    /* "singleLevelQuality" */
     1062,    /* "siphash" */
     1142,    /* "sm-scheme" */
      496,    /* "singleLevelQuality" */
     1062,    /* "siphash" */
     1142,    /* "sm-scheme" */
+    1172,    /* "sm2" */
     1143,    /* "sm3" */
     1144,    /* "sm3WithRSAEncryption" */
     1134,    /* "sm4-cbc" */
     1143,    /* "sm3" */
     1144,    /* "sm3WithRSAEncryption" */
     1134,    /* "sm4-cbc" */
@@ -4571,7 +4575,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      125,    /* "zlib compression" */
 };
 
      125,    /* "zlib compression" */
 };
 
-#define NUM_OBJ 1054
+#define NUM_OBJ 1055
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -5037,6 +5041,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     1136,    /* OBJ_sm4_cfb1                     1 2 156 10197 1 104 5 */
     1138,    /* OBJ_sm4_cfb8                     1 2 156 10197 1 104 6 */
     1139,    /* OBJ_sm4_ctr                      1 2 156 10197 1 104 7 */
     1136,    /* OBJ_sm4_cfb1                     1 2 156 10197 1 104 5 */
     1138,    /* OBJ_sm4_cfb8                     1 2 156 10197 1 104 6 */
     1139,    /* OBJ_sm4_ctr                      1 2 156 10197 1 104 7 */
+    1172,    /* OBJ_sm2                          1 2 156 10197 1 301 */
     1143,    /* OBJ_sm3                          1 2 156 10197 1 401 */
     1144,    /* OBJ_sm3WithRSAEncryption         1 2 156 10197 1 504 */
      776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
     1143,    /* OBJ_sm3                          1 2 156 10197 1 401 */
     1144,    /* OBJ_sm3WithRSAEncryption         1 2 156 10197 1 504 */
      776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 228ee84fab9ce3aa02e8b5cc3a81a692a2a2e536..ca8fdfba48c1fe1f333b30e8b3e447503bf0bb4a 100644 (file)
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1169,3 +1169,4 @@ uacurve8          1168
 uacurve9               1169
 ieee           1170
 ieee_siswg             1171
 uacurve9               1169
 ieee           1170
 ieee_siswg             1171
+sm2            1172
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 2a9112967f78f0cb03a43de2ecd78e52625749c7..e565864a4875d1c9c0f1524564a21720d3089994 100644 (file)
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -36,6 +36,10 @@ member-body 840              : ISO-US                : ISO US Member Body
 ISO-US 10040           : X9-57                 : X9.57
 X9-57 4                        : X9cm                  : X9.57 CM ?
 
 ISO-US 10040           : X9-57                 : X9.57
 X9-57 4                        : X9cm                  : X9.57 CM ?
 
+member-body 156         : ISO-CN        : ISO CN Member Body
+ISO-CN 10197            : oscca
+oscca 1                 : sm-scheme
+
 !Cname dsa
 X9cm 1                 : DSA                   : dsaEncryption
 X9cm 3                 : DSA-SHA1              : dsaWithSHA1
 !Cname dsa
 X9cm 1                 : DSA                   : dsaEncryption
 X9cm 3                 : DSA-SHA1              : dsaWithSHA1
@@ -376,8 +380,10 @@ rsadsi 2 5         : MD5                   : md5
 rsadsi 2 6             :                       : hmacWithMD5
 rsadsi 2 7             :                       : hmacWithSHA1
 
 rsadsi 2 6             :                       : hmacWithMD5
 rsadsi 2 7             :                       : hmacWithSHA1
 
-member-body 156 10197 1 401 : SM3               : sm3
-member-body 156 10197 1 504 : RSA-SM3          : sm3WithRSAEncryption
+sm-scheme 301           : SM2                   : sm2
+
+sm-scheme 401           : SM3                   : sm3
+sm-scheme 504           : RSA-SM3              : sm3WithRSAEncryption
 
 # From RFC4231
 rsadsi 2 8             :                       : hmacWithSHA224
 
 # From RFC4231
 rsadsi 2 8             :                       : hmacWithSHA224
@@ -1476,10 +1482,6 @@ kisa 1 6                : SEED-OFB      : seed-ofb
 
 # Definitions for SM4 cipher
 
 
 # Definitions for SM4 cipher
 
-member-body 156         : ISO-CN        : ISO CN Member Body
-ISO-CN 10197            : oscca
-oscca 1                 : sm-scheme
-
 sm-scheme 104 1         : SM4-ECB             : sm4-ecb
 sm-scheme 104 2         : SM4-CBC             : sm4-cbc
 !Cname sm4-ofb128
 sm-scheme 104 1         : SM4-ECB             : sm4-ecb
 sm-scheme 104 2         : SM4-CBC             : sm4-cbc
 !Cname sm4-ofb128
diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info
new file mode 100644 (file)
index 0000000..fbf8dba
--- /dev/null
+++ b/crypto/sm2/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        sm2_za.c sm2_sign.c sm2_crypt.c sm2_err.c
+
+
+
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
new file mode 100644 (file)
index 0000000..a450146
--- /dev/null
+++ b/crypto/sm2/sm2_crypt.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm2.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+typedef struct SM2_Ciphertext_st SM2_Ciphertext;
+DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+struct SM2_Ciphertext_st {
+    BIGNUM *C1x;
+    BIGNUM *C1y;
+    ASN1_OCTET_STRING *C3;
+    ASN1_OCTET_STRING *C2;
+};
+
+ASN1_SEQUENCE(SM2_Ciphertext) = {
+    ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(SM2_Ciphertext)
+
+IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+static size_t EC_field_size(const EC_GROUP *group)
+{
+    /* Is there some simpler way to do this? */
+    BIGNUM *p = BN_new();
+    BIGNUM *a = BN_new();
+    BIGNUM *b = BN_new();
+    size_t field_size = 0;
+
+    if (p == NULL || a == NULL || b == NULL)
+       goto done;
+
+    EC_GROUP_get_curve_GFp(group, p, a, b, NULL);
+    field_size = (BN_num_bits(p) + 7) / 8;
+
+ done:
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+
+    return field_size;
+}
+
+size_t SM2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len)
+{
+    return 10 + 2 * EC_field_size(EC_KEY_get0_group(key)) +
+        EVP_MD_size(digest) + msg_len;
+}
+
+int SM2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len)
+{
+    int rc = 0;
+    size_t i;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *y1 = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+
+    struct SM2_Ciphertext_st ctext_struct;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    const EC_POINT *P = EC_KEY_get0_public_key(key);
+    EC_POINT *kG = NULL;
+    EC_POINT *kP = NULL;
+    uint8_t *msg_mask = NULL;
+
+    uint8_t *x2y2 = NULL;
+    uint8_t *C3 = NULL;
+
+    const size_t field_size = EC_field_size(group);
+    const size_t C3_size = EVP_MD_size(digest);
+
+    if (field_size == 0 || C3_size == 0)
+       goto done;
+
+    kG = EC_POINT_new(group);
+    kP = EC_POINT_new(group);
+    if (kG == NULL || kP == NULL)
+       goto done;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+       goto done;
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL)
+       goto done;
+
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    C3 = OPENSSL_zalloc(C3_size);
+
+    if (x2y2 == NULL || C3 == NULL)
+       goto done;
+
+    memset(ciphertext_buf, 0, *ciphertext_len);
+
+    BN_priv_rand_range(k, order);
+
+    if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0)
+        goto done;
+
+    if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, y1, ctx) == 0)
+        goto done;
+
+    if (EC_POINT_mul(group, kP, NULL, P, k, ctx) == 0)
+        goto done;
+
+    if (EC_POINT_get_affine_coordinates_GFp(group, kP, x2, y2, ctx) == 0)
+        goto done;
+
+    BN_bn2binpad(x2, x2y2, field_size);
+    BN_bn2binpad(y2, x2y2 + field_size, field_size);
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    if (msg_mask == NULL)
+       goto done;
+
+    /* X9.63 with no salt happens to match the KDF used in SM2 */
+    if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)
+        == 0)
+        goto done;
+
+    for (i = 0; i != msg_len; ++i)
+        msg_mask[i] ^= msg[i];
+
+    if (EVP_DigestInit(hash, digest) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, x2y2, field_size) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, msg, msg_len) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0)
+        goto done;
+
+    if (EVP_DigestFinal(hash, C3, NULL) == 0)
+        goto done;
+
+    ctext_struct.C1x = x1;
+    ctext_struct.C1y = y1;
+    ctext_struct.C3 = ASN1_OCTET_STRING_new();
+    ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size);
+    ctext_struct.C2 = ASN1_OCTET_STRING_new();
+    ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len);
+
+    *ciphertext_len = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
+
+    ASN1_OCTET_STRING_free(ctext_struct.C2);
+    ASN1_OCTET_STRING_free(ctext_struct.C3);
+
+    rc = 1;
+
+ done:
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(C3);
+    EVP_MD_CTX_free(hash);
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    EC_POINT_free(kP);
+    return rc;
+}
+
+int SM2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len)
+{
+    int rc = 0;
+    int i;
+
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    EC_POINT *C1 = NULL;
+    struct SM2_Ciphertext_st *sm2_ctext = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+
+    uint8_t *x2y2 = NULL;
+    uint8_t *computed_C3 = NULL;
+
+    const size_t field_size = EC_field_size(group);
+    const int hash_size = EVP_MD_size(digest);
+
+    uint8_t *msg_mask = NULL;
+    const uint8_t *C2 = NULL;
+    const uint8_t *C3 = NULL;
+    int msg_len = 0;
+    EVP_MD_CTX *hash = NULL;
+
+    if (field_size == 0 || hash_size == 0)
+       goto done;
+
+    memset(ptext_buf, 0xFF, *ptext_len);
+
+    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
+
+    if (sm2_ctext == NULL)
+        goto done;
+
+    if (sm2_ctext->C3->length != hash_size)
+        goto done;
+
+    C2 = sm2_ctext->C2->data;
+    C3 = sm2_ctext->C3->data;
+    msg_len = sm2_ctext->C2->length;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+       goto done;
+
+    BN_CTX_start(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if(y2 == NULL)
+       goto done;
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    computed_C3 = OPENSSL_zalloc(hash_size);
+
+    if(msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL)
+       goto done;
+
+    C1 = EC_POINT_new(group);
+    if (C1 == NULL)
+        goto done;
+
+    if (EC_POINT_set_affine_coordinates_GFp
+        (group, C1, sm2_ctext->C1x, sm2_ctext->C1y, ctx) == 0)
+        goto done;
+
+    if (EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), ctx) ==
+        0)
+        goto done;
+
+    if (EC_POINT_get_affine_coordinates_GFp(group, C1, x2, y2, ctx) == 0)
+        goto done;
+
+    BN_bn2binpad(x2, x2y2, field_size);
+    BN_bn2binpad(y2, x2y2 + field_size, field_size);
+
+    if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)
+        == 0)
+        goto done;
+
+    for (i = 0; i != msg_len; ++i)
+        ptext_buf[i] = C2[i] ^ msg_mask[i];
+
+    hash = EVP_MD_CTX_new();
+
+    if (hash == NULL)
+       goto done;
+
+    if (EVP_DigestInit(hash, digest) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, x2y2, field_size) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, ptext_buf, msg_len) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0)
+        goto done;
+
+    if (EVP_DigestFinal(hash, computed_C3, NULL) == 0)
+        goto done;
+
+    if (memcmp(computed_C3, C3, hash_size) != 0)
+        goto done;
+
+    rc = 1;
+
+ done:
+
+    if (rc == 0)
+        memset(ptext_buf, 0, *ptext_len);
+
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(computed_C3);
+    EC_POINT_free(C1);
+    BN_CTX_free(ctx);
+    SM2_Ciphertext_free(sm2_ctext);
+    EVP_MD_CTX_free(hash);
+
+    return rc;
+}
diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c
new file mode 100644 (file)
index 0000000..acb4502
--- /dev/null
+++ b/crypto/sm2/sm2_err.c
@@ -0,0 +1,129 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/sm2err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA SM2_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA SM2_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN5_ERROR), "asn5 error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BIGNUM_OUT_OF_RANGE),
+    "bignum out of range"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_COORDINATES_OUT_OF_RANGE),
+    "coordinates out of range"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH),
+    "curve does not support ecdh"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
+    "curve does not support signing"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_D2I_ECPKPARAMETERS_FAILURE),
+    "d2i ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DISCRIMINANT_IS_ZERO),
+    "discriminant is zero"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+    "ec group new by name failure"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_FIELD_TOO_LARGE), "field too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_GROUP2PKPARAMETERS_FAILURE),
+    "group2pkparameters failure"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_I2D_ECPKPARAMETERS_FAILURE),
+    "i2d ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INCOMPATIBLE_OBJECTS),
+    "incompatible objects"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_COMPRESSED_POINT),
+    "invalid compressed point"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_COMPRESSION_BIT),
+    "invalid compression bit"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FORM), "invalid form"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_GROUP_ORDER),
+    "invalid group order"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_OUTPUT_LENGTH),
+    "invalid output length"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PEER_KEY), "invalid peer key"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PENTANOMIAL_BASIS),
+    "invalid pentanomial basis"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PRIVATE_KEY),
+    "invalid private key"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_TRINOMIAL_BASIS),
+    "invalid trinomial basis"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_KDF_PARAMETER_ERROR),
+    "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_MISSING_PRIVATE_KEY),
+    "missing private key"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NEED_NEW_SETUP_VALUES),
+    "need new setup values"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_IMPLEMENTED), "not implemented"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_OPERATION_NOT_SUPPORTED),
+    "operation not supported"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PASSED_NULL_PARAMETER),
+    "passed null parameter"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PKPARAMETERS2GROUP_FAILURE),
+    "pkparameters2group failure"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_ARITHMETIC_FAILURE),
+    "point arithmetic failure"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_AT_INFINITY), "point at infinity"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_IS_NOT_ON_CURVE),
+    "point is not on curve"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_RANDOM_NUMBER_GENERATION_FAILED),
+    "random number generation failed"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_SLOT_FULL), "slot full"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNDEFINED_GENERATOR),
+    "undefined generator"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNDEFINED_ORDER), "undefined order"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNKNOWN_GROUP), "unknown group"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNKNOWN_ORDER), "unknown order"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNSUPPORTED_FIELD), "unsupported field"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_WRONG_CURVE_PARAMETERS),
+    "wrong curve parameters"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_WRONG_ORDER), "wrong order"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SM2_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(SM2_str_functs);
+        ERR_load_strings_const(SM2_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
new file mode 100644 (file)
index 0000000..2d311d9
--- /dev/null
+++ b/crypto/sm2/sm2_sign.c
@@ -0,0 +1,324 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm2.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+static BIGNUM *compute_msg_hash(const EVP_MD *digest,
+                                const EC_KEY *key,
+                                const char *user_id,
+                                const uint8_t *msg, size_t msg_len)
+{
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    const int md_size = EVP_MD_size(digest);
+    uint8_t *za = OPENSSL_zalloc(md_size);
+    BIGNUM *e = NULL;
+
+    if (za == NULL)
+        goto done;
+
+    if (hash == NULL)
+        goto done;
+
+    if (SM2_compute_userid_digest(za, digest, user_id, key) == 0)
+        goto done;
+
+    if (EVP_DigestInit(hash, digest) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, za, md_size) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, msg, msg_len) == 0)
+        goto done;
+
+    /* reuse za buffer to hold H(ZA || M) */
+    if (EVP_DigestFinal(hash, za, NULL) == 0)
+        goto done;
+
+    e = BN_bin2bn(za, md_size, NULL);
+
+ done:
+    OPENSSL_free(za);
+    EVP_MD_CTX_free(hash);
+    return e;
+}
+
+static
+ECDSA_SIG *SM2_sig_gen(const EC_KEY *key, const BIGNUM *e)
+{
+    const BIGNUM *dA = EC_KEY_get0_private_key(key);
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+
+    ECDSA_SIG *sig = NULL;
+    EC_POINT *kG = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *rk = NULL;
+    BIGNUM *r = NULL;
+    BIGNUM *s = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *tmp = NULL;
+
+    kG = EC_POINT_new(group);
+    if (kG == NULL)
+        goto done;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto done;
+
+    BN_CTX_start(ctx);
+
+    k = BN_CTX_get(ctx);
+    rk = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+
+    if (tmp == NULL)
+        goto done;
+
+    /* These values are returned and so should not be allocated out of the context */
+    r = BN_new();
+    s = BN_new();
+
+    if (r == NULL || s == NULL)
+        goto done;
+
+    for (;;) {
+        BN_priv_rand_range(k, order);
+
+        if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0)
+            goto done;
+
+        if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, NULL, ctx) == 0)
+            goto done;
+
+        if (BN_mod_add(r, e, x1, order, ctx) == 0)
+            goto done;
+
+        /* try again if r == 0 or r+k == n */
+        if (BN_is_zero(r))
+            continue;
+
+        BN_add(rk, r, k);
+
+        if (BN_cmp(rk, order) == 0)
+            continue;
+
+        BN_add(s, dA, BN_value_one());
+        BN_mod_inverse(s, s, order, ctx);
+
+        BN_mod_mul(tmp, dA, r, order, ctx);
+        BN_sub(tmp, k, tmp);
+
+        BN_mod_mul(s, s, tmp, order, ctx);
+
+        sig = ECDSA_SIG_new();
+
+        if (sig == NULL)
+            goto done;
+
+         /* takes ownership of r and s */
+        ECDSA_SIG_set0(sig, r, s);
+        break;
+    }
+
+ done:
+
+    if (sig == NULL) {
+        BN_free(r);
+        BN_free(s);
+    }
+
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    return sig;
+
+}
+
+static
+int SM2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, const BIGNUM *e)
+{
+    int ret = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    BN_CTX *ctx = NULL;
+    EC_POINT *pt = NULL;
+
+    BIGNUM *t = NULL;
+    BIGNUM *x1 = NULL;
+    const BIGNUM *r = NULL;
+    const BIGNUM *s = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto done;
+    pt = EC_POINT_new(group);
+    if (pt == NULL)
+        goto done;
+
+    BN_CTX_start(ctx);
+
+    t = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+
+    if (x1 == NULL)
+        goto done;
+
+    /*
+       B1: verify whether r' in [1,n-1], verification failed if not
+       B2: vefify whether s' in [1,n-1], verification failed if not
+       B3: set M'~=ZA || M'
+       B4: calculate e'=Hv(M'~)
+       B5: calculate t = (r' + s') modn, verification failed if t=0
+       B6: calculate the point (x1', y1')=[s']G + [t]PA
+       B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed
+     */
+
+    ECDSA_SIG_get0(sig, &r, &s);
+
+    if (BN_cmp(r, BN_value_one()) < 0)
+        goto done;
+    if (BN_cmp(s, BN_value_one()) < 0)
+        goto done;
+
+    if (BN_cmp(order, r) <= 0)
+        goto done;
+    if (BN_cmp(order, s) <= 0)
+        goto done;
+
+    if (BN_mod_add(t, r, s, order, ctx) == 0)
+        goto done;
+
+    if (BN_is_zero(t) == 1)
+        goto done;
+
+    if (EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) == 0)
+        goto done;
+
+    if (EC_POINT_get_affine_coordinates_GFp(group, pt, x1, NULL, ctx) == 0)
+        goto done;
+
+    if (BN_mod_add(t, e, x1, order, ctx) == 0)
+        goto done;
+
+    if (BN_cmp(r, t) == 0)
+        ret = 1;
+
+ done:
+    EC_POINT_free(pt);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+ECDSA_SIG *SM2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const char *user_id, const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *sig = NULL;
+
+    e = compute_msg_hash(digest, key, user_id, msg, msg_len);
+    if (e == NULL)
+        goto done;
+
+    sig = SM2_sig_gen(key, e);
+
+ done:
+    BN_free(e);
+    return sig;
+}
+
+int SM2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *sig,
+                  const char *user_id, const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    int ret = -1;
+
+    e = compute_msg_hash(digest, key, user_id, msg, msg_len);
+    if (e == NULL)
+        goto done;
+
+    ret = SM2_sig_verify(key, sig, e);
+
+ done:
+    BN_free(e);
+    return ret;
+}
+
+int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *s = NULL;
+    int ret = -1;
+
+    if (type != NID_sm3)
+        goto done;
+
+    if (dgstlen != 32)          /* expected length of SM3 hash */
+        goto done;
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+
+    s = SM2_sig_gen(eckey, e);
+
+    *siglen = i2d_ECDSA_SIG(s, &sig);
+
+    ECDSA_SIG_free(s);
+
+    ret = 0;
+
+ done:
+    ECDSA_SIG_free(s);
+    BN_free(e);
+    return ret;
+}
+
+int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s = NULL;
+    BIGNUM *e = NULL;
+    const unsigned char *p = sig;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    if (type != NID_sm3)
+        goto done;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL)
+        goto done;
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+        goto done;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sig, der, derlen) != 0)
+        goto done;
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+
+    ret = SM2_sig_verify(eckey, s, e);
+
+ done:
+    OPENSSL_free(der);
+    BN_free(e);
+    ECDSA_SIG_free(s);
+    return ret;
+}
diff --git a/crypto/sm2/sm2_za.c b/crypto/sm2/sm2_za.c
new file mode 100644 (file)
index 0000000..ea9d766
--- /dev/null
+++ b/crypto/sm2/sm2_za.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm2.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+int SM2_compute_userid_digest(uint8_t *out,
+                              const EVP_MD *digest,
+                              const char *user_id,
+                              const EC_KEY *key)
+{
+    int rc = 0;
+
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+
+    BN_CTX *ctx = NULL;
+    EVP_MD_CTX *hash = NULL;
+
+    BIGNUM *p = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+
+    BIGNUM *xG = NULL;
+    BIGNUM *yG = NULL;
+    BIGNUM *xA = NULL;
+    BIGNUM *yA = NULL;
+
+    int p_bytes = 0;
+    uint8_t *buf = NULL;
+    size_t uid_len = 0;
+    uint16_t entla = 0;
+    uint8_t e_byte = 0;
+
+    hash = EVP_MD_CTX_new();
+    if (hash == NULL)
+       goto done;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+       goto done;
+
+    p = BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    xG = BN_CTX_get(ctx);
+    yG = BN_CTX_get(ctx);
+    xA = BN_CTX_get(ctx);
+    yA = BN_CTX_get(ctx);
+
+    if (p == NULL || a == NULL || b == NULL ||
+        xG == NULL || yG == NULL || xA == NULL || yA == NULL)
+       goto done;
+
+    memset(out, 0, EVP_MD_size(digest));
+
+    if (EVP_DigestInit(hash, digest) == 0)
+        goto done;
+
+    /*
+       ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
+     */
+
+    uid_len = strlen(user_id);
+
+    if (uid_len >= 8192)        /* too large */
+        goto done;
+
+    entla = (unsigned short)(8 * uid_len);
+
+    e_byte = entla >> 8;
+    if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
+        goto done;
+    e_byte = entla & 0xFF;
+    if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
+        goto done;
+
+    if (EVP_DigestUpdate(hash, user_id, uid_len) == 0)
+        goto done;
+
+    if (EC_GROUP_get_curve_GFp(group, p, a, b, ctx) == 0)
+        goto done;
+
+    p_bytes = BN_num_bytes(p);
+    buf = OPENSSL_zalloc(p_bytes);
+
+    BN_bn2binpad(a, buf, p_bytes);
+    if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+        goto done;
+    BN_bn2binpad(b, buf, p_bytes);
+    if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+        goto done;
+    EC_POINT_get_affine_coordinates_GFp(group,
+                                        EC_GROUP_get0_generator(group),
+                                        xG, yG, ctx);
+    BN_bn2binpad(xG, buf, p_bytes);
+    if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+        goto done;
+    BN_bn2binpad(yG, buf, p_bytes);
+    if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+        goto done;
+
+    EC_POINT_get_affine_coordinates_GFp(group,
+                                        EC_KEY_get0_public_key(key),
+                                        xA, yA, ctx);
+    BN_bn2binpad(xA, buf, p_bytes);
+    if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+        goto done;
+    BN_bn2binpad(yA, buf, p_bytes);
+    if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+        goto done;
+
+    if (EVP_DigestFinal(hash, out, NULL) == 0)
+        goto done;
+
+    rc = 1;
+
+ done:
+    OPENSSL_free(buf);
+    BN_CTX_free(ctx);
+    EVP_MD_CTX_free(hash);
+    return rc;
+}
diff --git a/fuzz/oids.txt b/fuzz/oids.txt
index a5e75892d0f09288f9a30af1fa7328e9e031b4bd..9251b55da8fee8166ca1525668f8da4349e3ab3c 100644 (file)
--- a/fuzz/oids.txt
+++ b/fuzz/oids.txt
@@ -1046,3 +1046,4 @@ OBJ_uacurve8="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x08"
 OBJ_uacurve9="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x09"
 OBJ_ieee="\x2B\x6F"
 OBJ_ieee_siswg="\x2B\x6F\x02\x8C\x53"
 OBJ_uacurve9="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x09"
 OBJ_ieee="\x2B\x6F"
 OBJ_ieee_siswg="\x2B\x6F\x02\x8C\x53"
+OBJ_sm2="\x2A\x81\x1C\xCF\x55\x01\x82\x2D"
diff --git a/include/openssl/err.h b/include/openssl/err.h
index 6d460be30c7944370a98b1b16cb342083baa0595..e435b5e84acc04d7d864603d74372c4e6ffa61c2 100644 (file)
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -93,6 +93,7 @@ typedef struct err_state_st {
 # define ERR_LIB_CT              50
 # define ERR_LIB_ASYNC           51
 # define ERR_LIB_KDF             52
 # define ERR_LIB_CT              50
 # define ERR_LIB_ASYNC           51
 # define ERR_LIB_KDF             52
+# define ERR_LIB_SM2             53
 
 # define ERR_LIB_USER            128
 
 
 # define ERR_LIB_USER            128
 
@@ -131,6 +132,7 @@ typedef struct err_state_st {
 # define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 # define ERR_PACK(l,f,r) ( \
 # define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 # define ERR_PACK(l,f,r) ( \
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 8b81b1236259bc5c7e07485ccbcc1ec2513a0bdd..29fd3e28fa8cbd2a164032e5bb62f5eaecad32dc 100644 (file)
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -50,6 +50,7 @@
 # define EVP_PKEY_DH     NID_dhKeyAgreement
 # define EVP_PKEY_DHX    NID_dhpublicnumber
 # define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
 # define EVP_PKEY_DH     NID_dhKeyAgreement
 # define EVP_PKEY_DHX    NID_dhpublicnumber
 # define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+# define EVP_PKEY_SM2    NID_sm2
 # define EVP_PKEY_HMAC   NID_hmac
 # define EVP_PKEY_CMAC   NID_cmac
 # define EVP_PKEY_SCRYPT NID_id_scrypt
 # define EVP_PKEY_HMAC   NID_hmac
 # define EVP_PKEY_CMAC   NID_cmac
 # define EVP_PKEY_SCRYPT NID_id_scrypt
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index cc05f3f6e9d6b4e237c1955bba365e2f02cc2829..2078dc499551b171f85b703ec706f054882c07af 100644 (file)
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -109,6 +109,19 @@
 #define NID_X9cm                185
 #define OBJ_X9cm                OBJ_X9_57,4L
 
 #define NID_X9cm                185
 #define OBJ_X9cm                OBJ_X9_57,4L
 
+#define SN_ISO_CN               "ISO-CN"
+#define LN_ISO_CN               "ISO CN Member Body"
+#define NID_ISO_CN              1140
+#define OBJ_ISO_CN              OBJ_member_body,156L
+
+#define SN_oscca                "oscca"
+#define NID_oscca               1141
+#define OBJ_oscca               OBJ_ISO_CN,10197L
+
+#define SN_sm_scheme            "sm-scheme"
+#define NID_sm_scheme           1142
+#define OBJ_sm_scheme           OBJ_oscca,1L
+
 #define SN_dsa          "DSA"
 #define LN_dsa          "dsaEncryption"
 #define NID_dsa         116
 #define SN_dsa          "DSA"
 #define LN_dsa          "dsaEncryption"
 #define NID_dsa         116
@@ -1151,15 +1164,20 @@
 #define NID_hmacWithSHA1                163
 #define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
 
 #define NID_hmacWithSHA1                163
 #define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
 
+#define SN_sm2          "SM2"
+#define LN_sm2          "sm2"
+#define NID_sm2         1172
+#define OBJ_sm2         OBJ_sm_scheme,301L
+
 #define SN_sm3          "SM3"
 #define LN_sm3          "sm3"
 #define NID_sm3         1143
 #define SN_sm3          "SM3"
 #define LN_sm3          "sm3"
 #define NID_sm3         1143
-#define OBJ_sm3         OBJ_member_body,156L,10197L,1L,401L
+#define OBJ_sm3         OBJ_sm_scheme,401L
 
 #define SN_sm3WithRSAEncryption         "RSA-SM3"
 #define LN_sm3WithRSAEncryption         "sm3WithRSAEncryption"
 #define NID_sm3WithRSAEncryption                1144
 
 #define SN_sm3WithRSAEncryption         "RSA-SM3"
 #define LN_sm3WithRSAEncryption         "sm3WithRSAEncryption"
 #define NID_sm3WithRSAEncryption                1144
-#define OBJ_sm3WithRSAEncryption                OBJ_member_body,156L,10197L,1L,504L
+#define OBJ_sm3WithRSAEncryption                OBJ_sm_scheme,504L
 
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
 
 #define LN_hmacWithSHA224               "hmacWithSHA224"
 #define NID_hmacWithSHA224              798
@@ -4629,19 +4647,6 @@
 #define NID_seed_ofb128         778
 #define OBJ_seed_ofb128         OBJ_kisa,1L,6L
 
 #define NID_seed_ofb128         778
 #define OBJ_seed_ofb128         OBJ_kisa,1L,6L
 
-#define SN_ISO_CN               "ISO-CN"
-#define LN_ISO_CN               "ISO CN Member Body"
-#define NID_ISO_CN              1140
-#define OBJ_ISO_CN              OBJ_member_body,156L
-
-#define SN_oscca                "oscca"
-#define NID_oscca               1141
-#define OBJ_oscca               OBJ_ISO_CN,10197L
-
-#define SN_sm_scheme            "sm-scheme"
-#define NID_sm_scheme           1142
-#define OBJ_sm_scheme           OBJ_oscca,1L
-
 #define SN_sm4_ecb              "SM4-ECB"
 #define LN_sm4_ecb              "sm4-ecb"
 #define NID_sm4_ecb             1133
 #define SN_sm4_ecb              "SM4-ECB"
 #define LN_sm4_ecb              "sm4-ecb"
 #define NID_sm4_ecb             1133
diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h
new file mode 100644 (file)
index 0000000..d12dcad
--- /dev/null
+++ b/include/openssl/sm2.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2_H
+# define HEADER_SM2_H
+
+# include <openssl/ec.h>
+
+/* The default user id as specified in GM/T 0009-2012 */
+# define SM2_DEFAULT_USERID "1234567812345678"
+
+int SM2_compute_userid_digest(uint8_t *out,
+                              const EVP_MD *digest,
+                              const char *user_id, const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes ZA (user id digest) and then signs
+ * H(ZA || msg) using SM2
+ */
+ECDSA_SIG *SM2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const char *user_id, const uint8_t *msg, size_t msg_len);
+
+int SM2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *signature,
+                  const char *user_id, const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation. Assumes input is an SM3 digest
+ */
+int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/*
+ * SM2 signature verification. Assumes input is an SM3 digest
+ */
+int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+
+/*
+ * SM2 encryption
+ */
+size_t SM2_ciphertext_size(const EC_KEY *key,
+                           const EVP_MD *digest,
+                           size_t msg_len);
+
+int SM2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len,
+                uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int SM2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
+
+int ERR_load_SM2_strings(void);
+
+#endif
diff --git a/include/openssl/sm2err.h b/include/openssl/sm2err.h
new file mode 100644 (file)
index 0000000..0c2dd19
--- /dev/null
+++ b/include/openssl/sm2err.h
@@ -0,0 +1,95 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2ERR_H
+# define HEADER_SM2ERR_H
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+int ERR_load_SM2_strings(void);
+# ifdef  __cplusplus
+}
+# endif
+
+/*
+ * SM2 function codes.
+ */
+# define SM2_F_PKEY_SM2_CTRL                              274
+# define SM2_F_PKEY_SM2_CTRL_STR                          275
+# define SM2_F_PKEY_SM2_KEYGEN                            276
+# define SM2_F_PKEY_SM2_PARAMGEN                          277
+# define SM2_F_PKEY_SM2_SIGN                              278
+
+/*
+ * SM2 reason codes.
+ */
+# define SM2_R_ASN1_ERROR                                 115
+# define SM2_R_ASN5_ERROR                                 1150
+# define SM2_R_BAD_SIGNATURE                              156
+# define SM2_R_BIGNUM_OUT_OF_RANGE                        144
+# define SM2_R_BUFFER_TOO_SMALL                           100
+# define SM2_R_COORDINATES_OUT_OF_RANGE                   146
+# define SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH                160
+# define SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING             159
+# define SM2_R_D2I_ECPKPARAMETERS_FAILURE                 117
+# define SM2_R_DECODE_ERROR                               142
+# define SM2_R_DISCRIMINANT_IS_ZERO                       118
+# define SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE               119
+# define SM2_R_FIELD_TOO_LARGE                            143
+# define SM2_R_GF2M_NOT_SUPPORTED                         147
+# define SM2_R_GROUP2PKPARAMETERS_FAILURE                 120
+# define SM2_R_I2D_ECPKPARAMETERS_FAILURE                 121
+# define SM2_R_INCOMPATIBLE_OBJECTS                       101
+# define SM2_R_INVALID_ARGUMENT                           112
+# define SM2_R_INVALID_COMPRESSED_POINT                   110
+# define SM2_R_INVALID_COMPRESSION_BIT                    109
+# define SM2_R_INVALID_CURVE                              141
+# define SM2_R_INVALID_DIGEST                             151
+# define SM2_R_INVALID_DIGEST_TYPE                        138
+# define SM2_R_INVALID_ENCODING                           102
+# define SM2_R_INVALID_FIELD                              103
+# define SM2_R_INVALID_FORM                               104
+# define SM2_R_INVALID_GROUP_ORDER                        122
+# define SM2_R_INVALID_KEY                                116
+# define SM2_R_INVALID_OUTPUT_LENGTH                      161
+# define SM2_R_INVALID_PEER_KEY                           133
+# define SM2_R_INVALID_PENTANOMIAL_BASIS                  132
+# define SM2_R_INVALID_PRIVATE_KEY                        123
+# define SM2_R_INVALID_TRINOMIAL_BASIS                    137
+# define SM2_R_KDF_PARAMETER_ERROR                        148
+# define SM2_R_KEYS_NOT_SET                               140
+# define SM2_R_MISSING_PARAMETERS                         124
+# define SM2_R_MISSING_PRIVATE_KEY                        125
+# define SM2_R_NEED_NEW_SETUP_VALUES                      157
+# define SM2_R_NOT_A_NIST_PRIME                           135
+# define SM2_R_NOT_IMPLEMENTED                            126
+# define SM2_R_NOT_INITIALIZED                            111
+# define SM2_R_NO_PARAMETERS_SET                          139
+# define SM2_R_NO_PRIVATE_VALUE                           154
+# define SM2_R_OPERATION_NOT_SUPPORTED                    152
+# define SM2_R_PASSED_NULL_PARAMETER                      134
+# define SM2_R_PEER_KEY_ERROR                             149
+# define SM2_R_PKPARAMETERS2GROUP_FAILURE                 127
+# define SM2_R_POINT_ARITHMETIC_FAILURE                   155
+# define SM2_R_POINT_AT_INFINITY                          106
+# define SM2_R_POINT_IS_NOT_ON_CURVE                      107
+# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED            158
+# define SM2_R_SHARED_INFO_ERROR                          150
+# define SM2_R_SLOT_FULL                                  108
+# define SM2_R_UNDEFINED_GENERATOR                        113
+# define SM2_R_UNDEFINED_ORDER                            128
+# define SM2_R_UNKNOWN_GROUP                              129
+# define SM2_R_UNKNOWN_ORDER                              114
+# define SM2_R_UNSUPPORTED_FIELD                          131
+# define SM2_R_WRONG_CURVE_PARAMETERS                     145
+# define SM2_R_WRONG_ORDER                                130
+
+#endif
diff --git a/openssl_sm2.pem b/openssl_sm2.pem
new file mode 100644 (file)
index 0000000..d831624
--- /dev/null
+++ b/openssl_sm2.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg0JFWczAXva2An9m7
+2MaT9gIwWTFptvlKrxyO4TjMmbWhRANCAAQ5OirZ4n5DrKqrhaGdO4VZHhRAYVcX
+Wt3Te/d/8Mr57Tf886i09VwDhSMmH8pmNq/mp6+ioUgqYG9cs6GLLioe
+-----END PRIVATE KEY-----
diff --git a/test/build.info b/test/build.info
index a4e6e78b608da2abe240fe139174b59671751939..45e3fddce1be7c462dc05ec8b8aab5c611d24d5b 100644 (file)
--- a/test/build.info
+++ b/test/build.info
@@ -27,6 +27,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
           aborttest test_test \
           sanitytest exdatatest bntest \
           ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
           aborttest test_test \
           sanitytest exdatatest bntest \
           ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
+          sm2sigtest sm2crypttest \
           md2test \
           hmactest \
           rc2test rc4test rc5test \
           md2test \
           hmactest \
           rc2test rc4test rc5test \
@@ -81,6 +82,14 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
   INCLUDE[ecdsatest]=../include
   DEPEND[ecdsatest]=../libcrypto libtestutil.a
 
   INCLUDE[ecdsatest]=../include
   DEPEND[ecdsatest]=../libcrypto libtestutil.a
 
+  SOURCE[sm2sigtest]=sm2sigtest.c
+  INCLUDE[sm2sigtest]=../include
+  DEPEND[sm2sigtest]=../libcrypto libtestutil.a
+
+  SOURCE[sm2crypttest]=sm2crypttest.c
+  INCLUDE[sm2crypttest]=../include
+  DEPEND[sm2crypttest]=../libcrypto libtestutil.a
+
   SOURCE[gmdifftest]=gmdifftest.c
   INCLUDE[gmdifftest]=../include
   DEPEND[gmdifftest]=../libcrypto libtestutil.a
   SOURCE[gmdifftest]=gmdifftest.c
   INCLUDE[gmdifftest]=../include
   DEPEND[gmdifftest]=../libcrypto libtestutil.a
diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt
index cc08398e5b368051f2ba8bdb8381a7eb01a9bd56..d29fbbe7306498e915158995f745f6c8a73a0a04 100644 (file)
--- a/test/recipes/30-test_evp_data/evppkey.txt
+++ b/test/recipes/30-test_evp_data/evppkey.txt
@@ -18369,3 +18369,17 @@ SharedSecret=4E48335CB2A508C3481729F42C49CFC0A9DA673F9FA4FBD968B3C5B78DBFA869529
 Derive=ffdhe8192-2
 PeerKey=ffdhe8192-1-pub
 SharedSecret=4E48335CB2A508C3481729F42C49CFC0A9DA673F9FA4FBD968B3C5B78DBFA8695295642D1337C54229370B33068481F6A6E1B021F8B09B7C6B3E4DB581AD4C7ACF5C230A1FD4107EAE55530A8376856A65E079DE1BDA41B050E9B53A088ACADB879CCBC683A13BB925D48497BF7021FEB9DA214DD77FCBB6D0D46EC2BB9C7A9AFB93FC236E4EB61CB0F0C8E025D8CF4AF8B3B0F28B3E2CFAE6E760DC7877C71046179154FBE1A50A315C4DBA6D9E06406D389B614B1FC422C72FBB958C0A2EE21694CD32136F9CF0A1205E0D3A4B10CC9C98B3B4524A0CDC9455D3021AC44057CEF4A97E85166068769E9E644CC447095243BB90368A1CE6F0E3C69CA180F5B9D51F590A812B1375460CF10A7E718A83A2F6B00D8E28BAB45CEAB8AF0EB02988ED9221416EC061C1C4081552D3D0849D243DB473EC7B90180C3891E768DD2D7002CF505D369700CAF02A4B9DD1F2828C4ACC1F2EB47100DC2DB5620ADA971D1B0B0FAC9F9E3492B591FC85AC3DCB3826A8DA5842F4AE145FE33BFCDD0B6CD15C9836A5862EDB3D87A0CDBD724AE19A79A55D4F0BFF7870019926181933C840EACFB70FBC0EF182057DC09E06798EB4C9AAC2285F22F5D907A432C6D00CC44D07D77E77D1ACC183A174146ECFBDA26FF922CEBD2FA288EF2D23F65C0AAAD0F05DBFB6CA12446082D1F5774877483C3858442E305CF2A9637CE0EBB702DB70FF336E5B0413F3E8791960F1F0A9877C9076213D40657283D546AE52B73FF4449E60F8B6FE30D4CC0BA1ACA7A7DC155EC73C48B21477983D004261267D710D8A5E8CBD0656F1A963F248E887E8C2BF87BCAE7A0D4891BF21FCF35893584B29E18E842A23EA329ADD3D6AD994B5CBFBBFAB5A26932E8F799B2B0FA7789DE7A4A5C4B7FA81971819EA7F33B5BF6577F917BDE9C3680BCC5B15F1EAB4524A1B6DEE96B9F108A77344269A1757685D0404C832E4E0C5A29F808CFA6290316C0EBB2EF0A7431F62A5FBCDC66527AD8A04C0F10AF88C7CE1F1F22C41B71CE278BB704E88145608C28AD78402487031F6B13604CC6687161EBB78E7AF7AA0BC3CCB9AD8B00D7C01980599904B71F5DBC06A691E5638566BE36522B7FED69E24C28F8EA798BA3E9CCEB8AB8CF5651379A21A38315B05C66205616BBC6A3DD5573C9C6FBA2E3488E055E5F36857016D9300BFCE9F38D7C7CCD07FCF1EF41F8347CADCB12C400536374CF269613B05069B6D94CADA3B1F4ACBB68FA1ED175B01D840D871B3B0CDB918CDF15C79169A398C189AEA78860081DB423C89D350587E26D6D77B4C762B4F2A030345679F724CFBB08DB03E8CEB4FF0B91422BD2EB5C1C356D209049CFA2D6447F69B1E1DF0850FFBB6BB9F8D5B147765C023F76524A808456DEBF6A9134E3364DF462D4807FE6D4D036A4E59A4D56F8A30D8A27F4DFA174940B713A7E4
 Derive=ffdhe8192-2
 PeerKey=ffdhe8192-1-pub
 SharedSecret=4E48335CB2A508C3481729F42C49CFC0A9DA673F9FA4FBD968B3C5B78DBFA8695295642D1337C54229370B33068481F6A6E1B021F8B09B7C6B3E4DB581AD4C7ACF5C230A1FD4107EAE55530A8376856A65E079DE1BDA41B050E9B53A088ACADB879CCBC683A13BB925D48497BF7021FEB9DA214DD77FCBB6D0D46EC2BB9C7A9AFB93FC236E4EB61CB0F0C8E025D8CF4AF8B3B0F28B3E2CFAE6E760DC7877C71046179154FBE1A50A315C4DBA6D9E06406D389B614B1FC422C72FBB958C0A2EE21694CD32136F9CF0A1205E0D3A4B10CC9C98B3B4524A0CDC9455D3021AC44057CEF4A97E85166068769E9E644CC447095243BB90368A1CE6F0E3C69CA180F5B9D51F590A812B1375460CF10A7E718A83A2F6B00D8E28BAB45CEAB8AF0EB02988ED9221416EC061C1C4081552D3D0849D243DB473EC7B90180C3891E768DD2D7002CF505D369700CAF02A4B9DD1F2828C4ACC1F2EB47100DC2DB5620ADA971D1B0B0FAC9F9E3492B591FC85AC3DCB3826A8DA5842F4AE145FE33BFCDD0B6CD15C9836A5862EDB3D87A0CDBD724AE19A79A55D4F0BFF7870019926181933C840EACFB70FBC0EF182057DC09E06798EB4C9AAC2285F22F5D907A432C6D00CC44D07D77E77D1ACC183A174146ECFBDA26FF922CEBD2FA288EF2D23F65C0AAAD0F05DBFB6CA12446082D1F5774877483C3858442E305CF2A9637CE0EBB702DB70FF336E5B0413F3E8791960F1F0A9877C9076213D40657283D546AE52B73FF4449E60F8B6FE30D4CC0BA1ACA7A7DC155EC73C48B21477983D004261267D710D8A5E8CBD0656F1A963F248E887E8C2BF87BCAE7A0D4891BF21FCF35893584B29E18E842A23EA329ADD3D6AD994B5CBFBBFAB5A26932E8F799B2B0FA7789DE7A4A5C4B7FA81971819EA7F33B5BF6577F917BDE9C3680BCC5B15F1EAB4524A1B6DEE96B9F108A77344269A1757685D0404C832E4E0C5A29F808CFA6290316C0EBB2EF0A7431F62A5FBCDC66527AD8A04C0F10AF88C7CE1F1F22C41B71CE278BB704E88145608C28AD78402487031F6B13604CC6687161EBB78E7AF7AA0BC3CCB9AD8B00D7C01980599904B71F5DBC06A691E5638566BE36522B7FED69E24C28F8EA798BA3E9CCEB8AB8CF5651379A21A38315B05C66205616BBC6A3DD5573C9C6FBA2E3488E055E5F36857016D9300BFCE9F38D7C7CCD07FCF1EF41F8347CADCB12C400536374CF269613B05069B6D94CADA3B1F4ACBB68FA1ED175B01D840D871B3B0CDB918CDF15C79169A398C189AEA78860081DB423C89D350587E26D6D77B4C762B4F2A030345679F724CFBB08DB03E8CEB4FF0B91422BD2EB5C1C356D209049CFA2D6447F69B1E1DF0850FFBB6BB9F8D5B147765C023F76524A808456DEBF6A9134E3364DF462D4807FE6D4D036A4E59A4D56F8A30D8A27F4DFA174940B713A7E4
+
+Title = SM2 tests
+
+PrivateKey=SM2_key1
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg0JFWczAXva2An9m7
+2MaT9gIwWTFptvlKrxyO4TjMmbWhRANCAAQ5OirZ4n5DrKqrhaGdO4VZHhRAYVcX
+Wt3Te/d/8Mr57Tf886i09VwDhSMmH8pmNq/mp6+ioUgqYG9cs6GLLioe
+-----END PRIVATE KEY-----
+
+Verify = SM2_key1
+Ctrl = digest:SM3
+Input = D7AD397F6FFA5D4F7F11E7217F241607DC30618C236D2C09C1B9EA8FDADEE2E8
+Output = 3046022100AB1DB64DE7C40EDBDE6651C9B8EBDB804673DB836E5D5C7FE15DCF9ED2725037022100EBA714451FF69B0BB930B379E192E7CD5FA6E3C41C7FBD8303B799AB54A54621
diff --git a/test/sm2crypttest.c b/test/sm2crypttest.c
new file mode 100644 (file)
index 0000000..e1e00d8
--- /dev/null
+++ b/test/sm2crypttest.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "testutil.h"
+
+#ifndef OPENSSL_NO_SM2
+
+# include <openssl/sm2.h>
+
+static RAND_METHOD fake_rand;
+static const RAND_METHOD *saved_rand;
+
+static uint8_t *fake_rand_bytes = NULL;
+static size_t fake_rand_bytes_offset = 0;
+
+static int get_faked_bytes(unsigned char *buf, int num)
+{
+    int i;
+
+    if (fake_rand_bytes == NULL)
+        return saved_rand->bytes(buf, num);
+
+    for (i = 0; i != num; ++i)
+        buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
+    fake_rand_bytes_offset += num;
+    return 1;
+}
+
+static int start_fake_rand(const char *hex_bytes)
+{
+    /* save old rand method */
+    if (!TEST_ptr(saved_rand = RAND_get_rand_method()))
+        return 0;
+
+    fake_rand = *saved_rand;
+    /* use own random function */
+    fake_rand.bytes = get_faked_bytes;
+
+    fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL);
+    fake_rand_bytes_offset = 0;
+
+    /* set new RAND_METHOD */
+    if (!TEST_true(RAND_set_rand_method(&fake_rand)))
+        return 0;
+    return 1;
+}
+
+static int restore_rand(void)
+{
+    OPENSSL_free(fake_rand_bytes);
+    fake_rand_bytes = NULL;
+    fake_rand_bytes_offset = 0;
+    if (!TEST_true(RAND_set_rand_method(saved_rand)))
+        return 0;
+    return 1;
+}
+
+static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex,
+                                 const char *b_hex, const char *x_hex,
+                                 const char *y_hex, const char *order_hex,
+                                 const char *cof_hex)
+{
+    BIGNUM *p = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *g_x = NULL;
+    BIGNUM *g_y = NULL;
+    BIGNUM *order = NULL;
+    BIGNUM *cof = NULL;
+    EC_POINT *generator = NULL;
+    EC_GROUP *group = NULL;
+
+    BN_hex2bn(&p, p_hex);
+    BN_hex2bn(&a, a_hex);
+    BN_hex2bn(&b, b_hex);
+
+    group = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+
+    if (group == NULL)
+        return NULL;
+
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        return NULL;
+
+    BN_hex2bn(&g_x, x_hex);
+    BN_hex2bn(&g_y, y_hex);
+
+    if (EC_POINT_set_affine_coordinates_GFp(group, generator, g_x, g_y, NULL) ==
+        0)
+        return NULL;
+
+    BN_free(g_x);
+    BN_free(g_y);
+
+    BN_hex2bn(&order, order_hex);
+    BN_hex2bn(&cof, cof_hex);
+
+    if (EC_GROUP_set_generator(group, generator, order, cof) == 0)
+        return NULL;
+
+    EC_POINT_free(generator);
+    BN_free(order);
+    BN_free(cof);
+
+    return group;
+}
+
+static int test_sm2(const EC_GROUP *group,
+                    const EVP_MD *digest,
+                    const char *privkey_hex,
+                    const char *message,
+                    const char *k_hex, const char *ctext_hex)
+{
+    const size_t msg_len = strlen(message);
+
+    BIGNUM *priv = NULL;
+    EC_KEY *key = NULL;
+    EC_POINT *pt = NULL;
+    unsigned char *expected = OPENSSL_hexstr2buf(ctext_hex, NULL);
+
+    size_t ctext_len = 0;
+    uint8_t *ctext = NULL;
+    uint8_t *recovered = NULL;
+    size_t recovered_len = msg_len;
+
+    int rc = 0;
+
+    BN_hex2bn(&priv, privkey_hex);
+
+    key = EC_KEY_new();
+    EC_KEY_set_group(key, group);
+    EC_KEY_set_private_key(key, priv);
+
+    pt = EC_POINT_new(group);
+    EC_POINT_mul(group, pt, priv, NULL, NULL, NULL);
+
+    EC_KEY_set_public_key(key, pt);
+    BN_free(priv);
+    EC_POINT_free(pt);
+
+    ctext_len = SM2_ciphertext_size(key, digest, msg_len);
+    ctext = OPENSSL_zalloc(ctext_len);
+    if (ctext == NULL)
+        goto done;
+
+    start_fake_rand(k_hex);
+    rc = SM2_encrypt(key, digest,
+                     (const uint8_t *)message, msg_len, ctext, &ctext_len);
+    restore_rand();
+
+    TEST_mem_eq(ctext, ctext_len, expected, ctext_len);
+    if (rc == 0)
+        goto done;
+
+    recovered = OPENSSL_zalloc(msg_len);
+    if (recovered == NULL)
+        goto done;
+    rc = SM2_decrypt(key, digest, ctext, ctext_len, recovered, &recovered_len);
+
+    TEST_int_eq(recovered_len, msg_len);
+    TEST_mem_eq(recovered, recovered_len, message, msg_len);
+    if (rc == 0)
+        return 0;
+
+    rc = 1;
+ done:
+
+    OPENSSL_free(ctext);
+    OPENSSL_free(recovered);
+    OPENSSL_free(expected);
+    EC_KEY_free(key);
+    return rc;
+}
+
+static int sm2_crypt_test(void)
+{
+    int rc;
+    EC_GROUP *test_group =
+        create_EC_group
+        ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3",
+         "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498",
+         "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A",
+         "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D",
+         "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2",
+         "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7",
+         "1");
+
+    if (test_group == NULL)
+        return 0;
+
+    rc = test_sm2(test_group,
+                  EVP_sm3(),
+                  "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0",
+                  "encryption standard",
+                  "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F",
+                  "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF1"
+                  "7F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A2"
+                  "4B84400F01B804209C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A"
+                  "285E07480653426D0413650053A89B41C418B0C3AAD00D886C00286467");
+
+    if (rc == 0)
+        return 0;
+
+    /* Same test as above except using SHA-256 instead of SM3 */
+    rc = test_sm2(test_group,
+                  EVP_sha256(),
+                  "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0",
+                  "encryption standard",
+                  "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F",
+                  "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84400F01B80420BE89139D07853100EFA763F60CBE30099EA3DF7F8F364F9D10A5E988E3C5AAFC0413229E6C9AEE2BB92CAD649FE2C035689785DA33");
+    if (rc == 0)
+        return 0;
+
+    EC_GROUP_free(test_group);
+
+    return 1;
+}
+
+#endif
+
+int setup_tests(void)
+{
+#ifdef OPENSSL_NO_SM2
+    TEST_note("SM2 is disabled.");
+#else
+    ADD_TEST(sm2_crypt_test);
+#endif
+    return 1;
+}
diff --git a/test/sm2sigtest.c b/test/sm2sigtest.c
new file mode 100644 (file)
index 0000000..5903b79
--- /dev/null
+++ b/test/sm2sigtest.c
@@ -0,0 +1,238 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "testutil.h"
+
+#ifndef OPENSSL_NO_SM2
+
+# include <openssl/sm2.h>
+
+static RAND_METHOD fake_rand;
+static const RAND_METHOD *saved_rand;
+
+static uint8_t *fake_rand_bytes = NULL;
+static size_t fake_rand_bytes_offset = 0;
+
+static int get_faked_bytes(unsigned char *buf, int num)
+{
+    int i;
+
+    if (fake_rand_bytes == NULL)
+        return saved_rand->bytes(buf, num);
+
+    for (i = 0; i != num; ++i)
+        buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
+    fake_rand_bytes_offset += num;
+    return 1;
+}
+
+static int start_fake_rand(const char *hex_bytes)
+{
+    /* save old rand method */
+    if (!TEST_ptr(saved_rand = RAND_get_rand_method()))
+        return 0;
+
+    fake_rand = *saved_rand;
+    /* use own random function */
+    fake_rand.bytes = get_faked_bytes;
+
+    fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL);
+    fake_rand_bytes_offset = 0;
+
+    /* set new RAND_METHOD */
+    if (!TEST_true(RAND_set_rand_method(&fake_rand)))
+        return 0;
+    return 1;
+}
+
+static int restore_rand(void)
+{
+    OPENSSL_free(fake_rand_bytes);
+    fake_rand_bytes = NULL;
+    fake_rand_bytes_offset = 0;
+    if (!TEST_true(RAND_set_rand_method(saved_rand)))
+        return 0;
+    return 1;
+}
+
+static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex,
+                                 const char *b_hex, const char *x_hex,
+                                 const char *y_hex, const char *order_hex,
+                                 const char *cof_hex)
+{
+    BIGNUM *p = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *g_x = NULL;
+    BIGNUM *g_y = NULL;
+    BIGNUM *order = NULL;
+    BIGNUM *cof = NULL;
+    EC_POINT *generator = NULL;
+    EC_GROUP *group = NULL;
+
+    BN_hex2bn(&p, p_hex);
+    BN_hex2bn(&a, a_hex);
+    BN_hex2bn(&b, b_hex);
+
+    group = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+
+    if (group == NULL)
+        return NULL;
+
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        return NULL;
+
+    BN_hex2bn(&g_x, x_hex);
+    BN_hex2bn(&g_y, y_hex);
+
+    if (EC_POINT_set_affine_coordinates_GFp(group, generator, g_x, g_y, NULL) ==
+        0)
+        return NULL;
+
+    BN_free(g_x);
+    BN_free(g_y);
+
+    BN_hex2bn(&order, order_hex);
+    BN_hex2bn(&cof, cof_hex);
+
+    if (EC_GROUP_set_generator(group, generator, order, cof) == 0)
+        return NULL;
+
+    EC_POINT_free(generator);
+    BN_free(order);
+    BN_free(cof);
+
+    return group;
+}
+
+
+static int test_sm2(const EC_GROUP *group,
+                    const char *userid,
+                    const char *privkey_hex,
+                    const char *message,
+                    const char *k_hex, const char *r_hex, const char *s_hex)
+{
+    const size_t msg_len = strlen(message);
+    int ok = -1;
+    BIGNUM *priv = NULL;
+    EC_POINT *pt = NULL;
+    EC_KEY *key = NULL;
+    ECDSA_SIG *sig = NULL;
+    const BIGNUM *sig_r = NULL;
+    const BIGNUM *sig_s = NULL;
+    BIGNUM *r = NULL;
+    BIGNUM *s = NULL;
+
+    BN_hex2bn(&priv, privkey_hex);
+
+    key = EC_KEY_new();
+    EC_KEY_set_group(key, group);
+    EC_KEY_set_private_key(key, priv);
+
+    pt = EC_POINT_new(group);
+    EC_POINT_mul(group, pt, priv, NULL, NULL, NULL);
+    EC_KEY_set_public_key(key, pt);
+
+    start_fake_rand(k_hex);
+    sig = SM2_do_sign(key, EVP_sm3(), userid, (const uint8_t *)message, msg_len);
+    restore_rand();
+
+    if (sig == NULL)
+        return 0;
+
+    ECDSA_SIG_get0(sig, &sig_r, &sig_s);
+
+    BN_hex2bn(&r, r_hex);
+    BN_hex2bn(&s, s_hex);
+
+    if (BN_cmp(r, sig_r) != 0) {
+        printf("Signature R mismatch: ");
+        BN_print_fp(stdout, r);
+        printf(" != ");
+        BN_print_fp(stdout, sig_r);
+        printf("\n");
+        ok = 0;
+    }
+    if (BN_cmp(s, sig_s) != 0) {
+        printf("Signature S mismatch: ");
+        BN_print_fp(stdout, s);
+        printf(" != ");
+        BN_print_fp(stdout, sig_s);
+        printf("\n");
+        ok = 0;
+    }
+
+    ok = SM2_do_verify(key, EVP_sm3(), sig, userid, (const uint8_t *)message, msg_len);
+
+    ECDSA_SIG_free(sig);
+    EC_POINT_free(pt);
+    EC_KEY_free(key);
+    BN_free(priv);
+    BN_free(r);
+    BN_free(s);
+
+    return ok;
+}
+
+static int sm2_sig_test(void)
+{
+    int rc = 0;
+    /* From draft-shen-sm2-ecdsa-02 */
+    EC_GROUP *test_group =
+        create_EC_group
+        ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3",
+         "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498",
+         "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A",
+         "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D",
+         "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2",
+         "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7",
+         "1");
+
+    if (test_group == NULL)
+        return 0;
+
+    rc = test_sm2(test_group,
+                    "ALICE123@YAHOO.COM",
+                    "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263",
+                    "message digest",
+                    "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F",
+                    "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1",
+                    "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7");
+
+    EC_GROUP_free(test_group);
+
+    return rc;
+}
+
+#endif
+
+int setup_tests(void)
+{
+#ifdef OPENSSL_NO_SM2
+    TEST_note("SM2 is disabled.");
+#else
+    ADD_TEST(sm2_sig_test);
+#endif
+    return 1;
+}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 16d19526bb563d07a691d519081fe96b5f65a345..0dfb0cd661c0c25a58fe8154515a4c979133fbbd 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4514,3 +4514,12 @@ EVP_PKEY_new_CMAC_key                   4455     1_1_1   EXIST::FUNCTION:
 EVP_PKEY_asn1_set_set_priv_key          4456   1_1_1   EXIST::FUNCTION:
 EVP_PKEY_asn1_set_set_pub_key           4457   1_1_1   EXIST::FUNCTION:
 RAND_DRBG_set_defaults                  4458   1_1_1   EXIST::FUNCTION:
 EVP_PKEY_asn1_set_set_priv_key          4456   1_1_1   EXIST::FUNCTION:
 EVP_PKEY_asn1_set_set_pub_key           4457   1_1_1   EXIST::FUNCTION:
 RAND_DRBG_set_defaults                  4458   1_1_1   EXIST::FUNCTION:
+SM2_decrypt                             4459   1_1_1   EXIST::FUNCTION:
+SM2_do_sign                             4460   1_1_1   EXIST::FUNCTION:
+SM2_compute_userid_digest               4461   1_1_1   EXIST::FUNCTION:
+SM2_encrypt                             4462   1_1_1   EXIST::FUNCTION:
+SM2_ciphertext_size                     4463   1_1_1   EXIST::FUNCTION:
+SM2_verify                              4464   1_1_1   EXIST::FUNCTION:
+SM2_do_verify                           4465   1_1_1   EXIST::FUNCTION:
+SM2_sign                                4466   1_1_1   EXIST::FUNCTION:
+ERR_load_SM2_strings                    4467   1_1_1   EXIST::FUNCTION:
Unnamed repository; edit this file 'description' to name the repository.