Add SM2 signature algorithm to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #12536)
openssl · Sep 22, 2020 · d0b79f8 · d0b79f8
1 parent 7ee511d
commit d0b79f8
Show file tree

Hide file tree

Showing 21 changed files with 799 additions and 175 deletions.
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -1231,6 +1231,8 @@ SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest
 SM2_F_SM2_COMPUTE_Z_DIGEST:113:sm2_compute_z_digest
 SM2_F_SM2_DECRYPT:102:sm2_decrypt
 SM2_F_SM2_ENCRYPT:103:sm2_encrypt
+SM2_F_SM2_INTERNAL_SIGN:116:
+SM2_F_SM2_INTERNAL_VERIFY:117:
 SM2_F_SM2_PLAINTEXT_SIZE:104:sm2_plaintext_size
 SM2_F_SM2_SIGN:105:sm2_sign
 SM2_F_SM2_SIG_GEN:106:sm2_sig_gen

diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
@@ -20,12 +20,6 @@
 #include "crypto/evp.h"
 #include "evp_local.h"
 
-/* TODO(3.0) remove when provider SM2 key generation is implemented */
-#ifdef TMP_SM2_HACK
-# include <openssl/ec.h>
-# include "internal/sizes.h"
-#endif
-
 static int gen_init(EVP_PKEY_CTX *ctx, int operation)
 {
     int ret = 0;
@@ -39,12 +33,6 @@ static int gen_init(EVP_PKEY_CTX *ctx, int operation)
     if (ctx->keymgmt == NULL || ctx->keymgmt->gen_init == NULL)
         goto legacy;
 
-/* TODO remove when provider SM2 key generation is implemented */
-#ifdef TMP_SM2_HACK
-    if (ctx->pmeth != NULL && ctx->pmeth->pkey_id == EVP_PKEY_SM2)
-        goto legacy;
-#endif
-
     switch (operation) {
     case EVP_PKEY_OP_PARAMGEN:
         ctx->op.keymgmt.genctx =
@@ -214,32 +202,6 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
      */
     (*ppkey)->type = ctx->legacy_keytype;
 
-/* TODO remove when SM2 key have been cleanly separated from EC keys */
-#ifdef TMP_SM2_HACK
-    /*
-     * Legacy SM2 keys are implemented as EC_KEY with a twist.  The legacy
-     * key generation detects the SM2 curve and "magically" changes the pkey
-     * id accordingly.
-     * Since we don't have SM2 in the provider implementation, we need to
-     * downgrade the generated provider side key to a legacy one under the
-     * same conditions.
-     *
-     * THIS IS AN UGLY BUT TEMPORARY HACK
-     */
-    {
-        char curve_name[OSSL_MAX_NAME_SIZE] = "";
-
-        if (!EVP_PKEY_get_utf8_string_param(*ppkey, OSSL_PKEY_PARAM_GROUP_NAME,
-                                            curve_name, sizeof(curve_name),
-                                            NULL)
-            || strcmp(curve_name, "SM2") != 0)
-            goto end;
-    }
-
-    if (!evp_pkey_downgrade(*ppkey)
-        || !EVP_PKEY_set_alias_type(*ppkey, EVP_PKEY_SM2))
-        ret = 0;
-#endif
     goto end;
 
  legacy:

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
@@ -175,28 +175,6 @@ static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt)
 }
 #endif /* FIPS_MODULE */
 
-static int is_legacy_alg(int id, const char *keytype)
-{
-#ifndef FIPS_MODULE
-    /* Certain EVP_PKEY keytypes are only available in legacy form */
-    if (id == -1)
-        id = evp_pkey_name2type(keytype);
-
-    switch (id) {
-    /*
-     * TODO(3.0): Remove SM2 when they are converted to have provider
-     * support
-     */
-    case EVP_PKEY_SM2:
-        return 1;
-    default:
-        return 0;
-    }
-#else
-    return 0;
-#endif
-}
-
 static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx,
                                  EVP_PKEY *pkey, ENGINE *e,
                                  const char *keytype, const char *propquery,
@@ -284,16 +262,8 @@ static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx,
      * implementation.
      */
     if (e == NULL && keytype != NULL) {
-        int legacy = is_legacy_alg(id, keytype);
-
-        /* This could fail so ignore errors */
-        if (legacy)
-            ERR_set_mark();
-
         keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery);
-        if (legacy)
-            ERR_pop_to_mark();
-        else if (keymgmt == NULL)
+        if (keymgmt == NULL)
             return NULL;   /* EVP_KEYMGMT_fetch() recorded an error */
 
 #ifndef FIPS_MODULE

diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy

diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
@@ -104,7 +104,7 @@ static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
         return 0;
     }
 
-    ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec);
+    ret = sm2_internal_sign(tbs, tbslen, sig, &sltmp, ec);
 
     if (ret <= 0)
         return ret;
@@ -118,7 +118,7 @@ static int pkey_sm2_verify(EVP_PKEY_CTX *ctx,
 {
     EC_KEY *ec = ctx->pkey->pkey.ec;
 
-    return sm2_verify(tbs, tbslen, sig, siglen, ec);
+    return sm2_internal_verify(tbs, tbslen, sig, siglen, ec);
 }
 
 static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,

diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
@@ -418,8 +418,8 @@ int sm2_do_verify(const EC_KEY *key,
     return ret;
 }
 
-int sm2_sign(const unsigned char *dgst, int dgstlen,
-             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
+int sm2_internal_sign(const unsigned char *dgst, int dgstlen,
+                      unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
 {
     BIGNUM *e = NULL;
     ECDSA_SIG *s = NULL;
@@ -428,19 +428,19 @@ int sm2_sign(const unsigned char *dgst, int dgstlen,
 
     e = BN_bin2bn(dgst, dgstlen, NULL);
     if (e == NULL) {
-       SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB);
+       SM2err(SM2_F_SM2_INTERNAL_SIGN, ERR_R_BN_LIB);
        goto done;
     }
 
     s = sm2_sig_gen(eckey, e);
     if (s == NULL) {
-        SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);
+        SM2err(SM2_F_SM2_INTERNAL_SIGN, ERR_R_INTERNAL_ERROR);
         goto done;
     }
 
     sigleni = i2d_ECDSA_SIG(s, &sig);
     if (sigleni < 0) {
-       SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);
+       SM2err(SM2_F_SM2_INTERNAL_SIGN, ERR_R_INTERNAL_ERROR);
        goto done;
     }
     *siglen = (unsigned int)sigleni;
@@ -453,8 +453,8 @@ int sm2_sign(const unsigned char *dgst, int dgstlen,
     return ret;
 }
 
-int sm2_verify(const unsigned char *dgst, int dgstlen,
-               const unsigned char *sig, int sig_len, EC_KEY *eckey)
+int sm2_internal_verify(const unsigned char *dgst, int dgstlen,
+                        const unsigned char *sig, int sig_len, EC_KEY *eckey)
 {
     ECDSA_SIG *s = NULL;
     BIGNUM *e = NULL;
@@ -465,23 +465,23 @@ int sm2_verify(const unsigned char *dgst, int dgstlen,
 
     s = ECDSA_SIG_new();
     if (s == NULL) {
-        SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE);
+        SM2err(SM2_F_SM2_INTERNAL_VERIFY, ERR_R_MALLOC_FAILURE);
         goto done;
     }
     if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) {
-        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        SM2err(SM2_F_SM2_INTERNAL_VERIFY, SM2_R_INVALID_ENCODING);
         goto done;
     }
     /* Ensure signature uses DER and doesn't have trailing garbage */
     derlen = i2d_ECDSA_SIG(s, &der);
     if (derlen != sig_len || memcmp(sig, der, derlen) != 0) {
-        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        SM2err(SM2_F_SM2_INTERNAL_VERIFY, SM2_R_INVALID_ENCODING);
         goto done;
     }
 
     e = BN_bin2bn(dgst, dgstlen, NULL);
     if (e == NULL) {
-        SM2err(SM2_F_SM2_VERIFY, ERR_R_BN_LIB);
+        SM2err(SM2_F_SM2_INTERNAL_VERIFY, ERR_R_BN_LIB);
         goto done;
     }
 

diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h
@@ -45,14 +45,14 @@ int sm2_do_verify(const EC_KEY *key,
 /*
  * SM2 signature generation.
  */
-int sm2_sign(const unsigned char *dgst, int dgstlen,
-             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+int sm2_internal_sign(const unsigned char *dgst, int dgstlen,
+                      unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
 
 /*
  * SM2 signature verification.
  */
-int sm2_verify(const unsigned char *dgst, int dgstlen,
-               const unsigned char *sig, int siglen, EC_KEY *eckey);
+int sm2_internal_verify(const unsigned char *dgst, int dgstlen,
+                        const unsigned char *sig, int siglen, EC_KEY *eckey);
 
 /*
  * SM2 encryption
@@ -74,5 +74,6 @@ int sm2_decrypt(const EC_KEY *key,
                 const uint8_t *ciphertext,
                 size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
 
+const unsigned char *sm2_algorithmidentifier_encoding(int md_nid, size_t *len);
 # endif /* OPENSSL_NO_SM2 */
 #endif
diff --git a/include/crypto/sm2err.h b/include/crypto/sm2err.h
@@ -1,15 +1,15 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef OSSL_CRYPTO_SM2ERR_H
-# define OSSL_CRYPTO_SM2ERR_H
+#ifndef OPENSSL_SM2ERR_H
+# define OPENSSL_SM2ERR_H
 
 # include <openssl/opensslconf.h>
 # include <openssl/symhacks.h>
@@ -39,6 +39,8 @@ int ERR_load_SM2_strings(void);
 #   define SM2_F_SM2_COMPUTE_Z_DIGEST                       0
 #   define SM2_F_SM2_DECRYPT                                0
 #   define SM2_F_SM2_ENCRYPT                                0
+#   define SM2_F_SM2_INTERNAL_SIGN                          0
+#   define SM2_F_SM2_INTERNAL_VERIFY                        0
 #   define SM2_F_SM2_PLAINTEXT_SIZE                         0
 #   define SM2_F_SM2_SIGN                                   0
 #   define SM2_F_SM2_SIG_GEN                                0

diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
@@ -142,6 +142,7 @@ extern "C" {
 #define OSSL_DIGEST_NAME_SHA3_512       "SHA3-512"
 #define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
 #define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+#define OSSL_DIGEST_NAME_SM3            "SM3"
 
 /* MAC parameters */
 #define OSSL_MAC_PARAM_KEY          "key"        /* octet string */

diff --git a/providers/common/der/SM2.asn1 b/providers/common/der/SM2.asn1
@@ -0,0 +1,11 @@
+oscca  OBJECT IDENTIFIER ::= { iso(1) member-body(2) cn(156) 10197 }
+
+sm-scheme OBJECT IDENTIFIER ::= { oscca 1 }
+
+-- OID for SM2 signatures with SM3
+
+sm2-with-SM3 OBJECT IDENTIFIER ::= { sm-scheme 501 }
+
+-- Named Elliptic Curves of SM2
+
+curveSM2 OBJECT IDENTIFIER ::= { sm-scheme 301 }
diff --git a/providers/common/der/build.info b/providers/common/der/build.info
@@ -74,6 +74,19 @@ DEPEND[${DER_WRAP_GEN/.c/.o}]=$DER_WRAP_H
 GENERATE[$DER_WRAP_H]=der_wrap.h.in
 DEPEND[$DER_WRAP_H]=oids_to_c.pm
 
+#----- SM2
+$DER_SM2_H=../include/prov/der_sm2.h
+$DER_SM2_GEN=der_sm2_gen.c
+$DER_SM2_AUX=der_sm2_key.c der_sm2_sig.c
+
+GENERATE[$DER_SM2_GEN]=der_sm2_gen.c.in
+DEPEND[$DER_SM2_GEN]=oids_to_c.pm
+
+DEPEND[${DER_SM2_AUX/.c/.o}]=$DER_SM2_H $DER_EC_H
+DEPEND[${DER_SM2_GEN/.c/.o}]=$DER_SM2_H
+GENERATE[$DER_SM2_H]=der_sm2.h.in
+DEPEND[$DER_SM2_H]=oids_to_c.pm
+
 #----- Conclusion
 
 # TODO(3.0) $COMMON should go to libcommon.a, but this currently leads
@@ -84,7 +97,8 @@ $COMMON=\
         $DER_DSA_GEN $DER_DSA_AUX \
         $DER_EC_GEN $DER_EC_AUX \
         $DER_DIGESTS_GEN \
-        $DER_WRAP_GEN
+        $DER_WRAP_GEN \
+        $DER_SM2_GEN $DER_SM2_AUX
 
 IF[{- !$disabled{ec} -}]
   $COMMON = $COMMON $DER_ECX_GEN $DER_ECX_AUX

diff --git a/providers/common/der/der_sm2.h.in b/providers/common/der/der_sm2.h.in
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/der.h"
+
+/* Well known OIDs precompiled */
+{-
+    $OUT = oids_to_c::process_leaves('providers/common/der/SM2.asn1',
+                                     { dir => $config{sourcedir},
+                                       filter => \&oids_to_c::filter_to_H });
+-}
+
+/* Subject Public Key Info */
+int DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec);
+/* Signature */
+int DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont,
+                                          EC_KEY *ec, int mdnid);
diff --git a/providers/common/der/der_sm2_gen.c.in b/providers/common/der/der_sm2_gen.c.in
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "prov/der_sm2.h"
+
+/* Well known OIDs precompiled */
+{-
+    $OUT = oids_to_c::process_leaves('providers/common/der/SM2.asn1',
+                                     { dir => $config{sourcedir},
+                                       filter => \&oids_to_c::filter_to_C });
+-}
diff --git a/providers/common/der/der_sm2_key.c b/providers/common/der/der_sm2_key.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_ec.h"
+#include "prov/der_sm2.h"
+
+int DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec)
+{
+    return DER_w_begin_sequence(pkt, cont)
+        /* No parameters (yet?) */
+        /* It seems SM2 identifier is the same to id_ecPublidKey */
+        && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey,
+                             sizeof(der_oid_id_ecPublicKey))
+        && DER_w_end_sequence(pkt, cont);
+}