abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-25 01:36:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

add ec

Browse Source 
code need some updates
This commit is contained in:
Zhi Guan
2017-02-15 14:27:41 +08:00
parent b9d27fc4e0
commit 0d7a103151
16 changed files with 5114 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
crypto/ec/ec_err.c
View File

@@ -24,6 +24,7 @@ static ERR_STRING_DATA EC_str_functs[] = {
{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
{ERR_FUNC(EC_F_D2I_SM2_CIPHERTEXT_VALUE), "d2i_SM2_CIPHERTEXT_VALUE"},
{ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "do_EC_KEY_print"},
{ERR_FUNC(EC_F_ECDH_CMS_DECRYPT), "ecdh_cms_decrypt"},
{ERR_FUNC(EC_F_ECDH_CMS_SET_SHARED_INFO), "ecdh_cms_set_shared_info"},
@@ -196,6 +197,7 @@ static ERR_STRING_DATA EC_str_functs[] = {
{ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
{ERR_FUNC(EC_F_I2D_SM2_CIPHERTEXT_VALUE), "i2d_SM2_CIPHERTEXT_VALUE"},
{ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
{ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "nistp224_pre_comp_new"},
{ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "nistp256_pre_comp_new"},
@@ -212,6 +214,37 @@ static ERR_STRING_DATA EC_str_functs[] = {
{ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "pkey_ec_keygen"},
{ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "pkey_ec_paramgen"},
{ERR_FUNC(EC_F_PKEY_EC_SIGN), "pkey_ec_sign"},
{ERR_FUNC(EC_F_SM2_CIPHERTEXT_VALUE_DECODE),
"SM2_CIPHERTEXT_VALUE_decode"},
{ERR_FUNC(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE),
"SM2_CIPHERTEXT_VALUE_encode"},
{ERR_FUNC(EC_F_SM2_CIPHERTEXT_VALUE_GET_ECIES_CIPHERTEXT_VALUE),
"SM2_CIPHERTEXT_VALUE_get_ECIES_CIPHERTEXT_VALUE"},
{ERR_FUNC(EC_F_SM2_CIPHERTEXT_VALUE_NEW), "SM2_CIPHERTEXT_VALUE_new"},
{ERR_FUNC(EC_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECIES_CIPHERTEXT_VALUE),
"SM2_CIPHERTEXT_VALUE_new_from_ECIES_CIPHERTEXT_VALUE"},
{ERR_FUNC(EC_F_SM2_CIPHERTEXT_VALUE_SET_ECIES_CIPHERTEXT_VALUE),
"SM2_CIPHERTEXT_VALUE_set_ECIES_CIPHERTEXT_VALUE"},
{ERR_FUNC(EC_F_SM2_CIPHERTEXT_VALUE_SIZE), "SM2_CIPHERTEXT_VALUE_size"},
{ERR_FUNC(EC_F_SM2_COMPUTE_ID_DIGEST), "SM2_compute_id_digest"},
{ERR_FUNC(EC_F_SM2_COMPUTE_MESSAGE_DIGEST), "SM2_compute_message_digest"},
{ERR_FUNC(EC_F_SM2_DECRYPT), "SM2_decrypt"},
{ERR_FUNC(EC_F_SM2_DO_DECRYPT), "SM2_do_decrypt"},
{ERR_FUNC(EC_F_SM2_DO_ENCRYPT), "SM2_do_encrypt"},
{ERR_FUNC(EC_F_SM2_DO_SIGN), "sm2_do_sign"},
{ERR_FUNC(EC_F_SM2_DO_VERIFY), "sm2_do_verify"},
{ERR_FUNC(EC_F_SM2_ENCRYPT), "SM2_encrypt"},
{ERR_FUNC(EC_F_SM2_ENC_PARAMS_DUP), "SM2_ENC_PARAMS_dup"},
{ERR_FUNC(EC_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED),
"SM2_ENC_PARAMS_init_with_recommended"},
{ERR_FUNC(EC_F_SM2_ENC_PARAMS_NEW), "SM2_ENC_PARAMS_new"},
{ERR_FUNC(EC_F_SM2_ENC_PARAMS_SET_TYPE), "SM2_ENC_PARAMS_set_type"},
{ERR_FUNC(EC_F_SM2_GET_PUBLIC_KEY_DATA), "SM2_get_public_key_data"},
{ERR_FUNC(EC_F_SM2_KAP_COMPUTE_KEY), "SM2_KAP_compute_key"},
{ERR_FUNC(EC_F_SM2_KAP_CTX_INIT), "SM2_KAP_CTX_init"},
{ERR_FUNC(EC_F_SM2_KAP_FINAL_CHECK), "SM2_KAP_final_check"},
{ERR_FUNC(EC_F_SM2_KAP_PREPARE), "SM2_KAP_prepare"},
{ERR_FUNC(EC_F_SM2_SIGN_SETUP), "sm2_sign_setup"},
{0, NULL}
};
@@ -220,6 +253,7 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},
{ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
{ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(EC_R_CIPHERTEXT_ENCODE_FAILED), "ciphertext encode failed"},
{ERR_REASON(EC_R_CMAC_FINAL_FAILURE), "cmac final failure"},
{ERR_REASON(EC_R_CMAC_INIT_FAILURE), "cmac init failure"},
{ERR_REASON(EC_R_CMAC_UPDATE_FAILURE), "cmac update failure"},
@@ -241,8 +275,14 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
"ec group new by name failure"},
{ERR_REASON(EC_R_ENCRYPT_FAILED), "encrypt failed"},
{ERR_REASON(EC_R_ERROR), "error"},
{ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"},
{ERR_REASON(EC_R_GEN_MAC_FAILED), "gen mac failed"},
{ERR_REASON(EC_R_GET_CIPHERTEXT_SIZE_FAILED),
"get ciphertext size failed"},
{ERR_REASON(EC_R_GET_KDF_FAILED), "get kdf failed"},
{ERR_REASON(EC_R_GET_PUBLIC_KEY_DATA_FAILURE),
"get public key data failure"},
{ERR_REASON(EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),
"group2pkparameters failure"},
@@ -250,26 +290,37 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),
"i2d ecpkparameters failure"},
{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"},
{ERR_REASON(EC_R_INNOR_ERROR), "innor error"},
{ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"},
{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"},
{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"},
{ERR_REASON(EC_R_INVALID_CURVE), "invalid curve"},
{ERR_REASON(EC_R_INVALID_DIGEST), "invalid digest"},
{ERR_REASON(EC_R_INVALID_DIGEST_ALGOR), "invalid digest algor"},
{ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
{ERR_REASON(EC_R_INVALID_ECIES_CIPHERTEXT), "invalid ecies ciphertext"},
{ERR_REASON(EC_R_INVALID_ECIES_PARAMETERS), "invalid ecies parameters"},
{ERR_REASON(EC_R_INVALID_EC_KEY), "invalid ec key"},
{ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"},
{ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
{ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
{ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
{ERR_REASON(EC_R_INVALID_ID_LENGTH), "invalid id length"},
{ERR_REASON(EC_R_INVALID_KDF_MD), "invalid kdf md"},
{ERR_REASON(EC_R_INVALID_KEY), "invalid key"},
{ERR_REASON(EC_R_INVALID_OUTPUT_LENGTH), "invalid output length"},
{ERR_REASON(EC_R_INVALID_PEER_KEY), "invalid peer key"},
{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
{ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
{ERR_REASON(EC_R_INVALID_SM2_ID), "invalid sm2 id"},
{ERR_REASON(EC_R_INVALID_SM2_KAP_CHECKSUM_LENGTH),
"invalid sm2 kap checksum length"},
{ERR_REASON(EC_R_INVALID_SM2_KAP_CHECKSUM_VALUE),
"invalid sm2 kap checksum value"},
{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
{ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
{ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"},
{ERR_REASON(EC_R_MALLOC_FAILED), "malloc failed"},
{ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
{ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
{ERR_REASON(EC_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
@@ -278,18 +329,23 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"},
{ERR_REASON(EC_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_REASON(EC_R_NO_PRIVATE_VALUE), "no private value"},
{ERR_REASON(EC_R_NULL_ARGUMENT), "null argument"},
{ERR_REASON(EC_R_OCT2POINT_FAILED), "oct2point failed"},
{ERR_REASON(EC_R_OPERATION_NOT_SUPPORTED), "operation not supported"},
{ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
{ERR_REASON(EC_R_PEER_KEY_ERROR), "peer key error"},
{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),
"pkparameters2group failure"},
{ERR_REASON(EC_R_POINT2OCT_FAILED), "point2oct failed"},
{ERR_REASON(EC_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
{ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
{ERR_REASON(EC_R_POINT_NEW_FAILED), "point new failed"},
{ERR_REASON(EC_R_RANDOM_NUMBER_GENERATION_FAILED),
"random number generation failed"},
{ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_REASON(EC_R_SLOT_FULL), "slot full"},
{ERR_REASON(EC_R_SM2_KAP_NOT_INITED), "sm2 kap not inited"},
{ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"},
{ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"},
{ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"},

3
crypto/sm2/build.info Normal file
View File

@@ -0,0 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=sm2_asn1.c sm2_id.c sm2_sign.c sm2_enc.c sm2_kap.c \
sm2_kmeth.c

201
crypto/sm2/sm2_asn1.c Normal file
View File

@@ -0,0 +1,201 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/ec.h>
#include <openssl/sm2.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>
#include <openssl/obj_mac.h>
typedef struct SM2CiphertextValue_st {
ASN1_INTEGER *xCoordinate;
ASN1_INTEGER *yCoordinate;
ASN1_OCTET_STRING *hash;
ASN1_OCTET_STRING *ciphertext;
} SM2CiphertextValue;
ASN1_SEQUENCE(SM2CiphertextValue) = {
ASN1_SIMPLE(SM2CiphertextValue, xCoordinate, ASN1_INTEGER),
ASN1_SIMPLE(SM2CiphertextValue, yCoordinate, ASN1_INTEGER),
ASN1_SIMPLE(SM2CiphertextValue, hash, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM2CiphertextValue, ciphertext, ASN1_OCTET_STRING),
} ASN1_SEQUENCE_END(SM2CiphertextValue)
IMPLEMENT_ASN1_FUNCTIONS(SM2CiphertextValue)
IMPLEMENT_ASN1_DUP_FUNCTION(SM2CiphertextValue)
int i2d_SM2_CIPHERTEXT_VALUE(const EC_GROUP *group, const SM2_CIPHERTEXT_VALUE *c,
unsigned char **out)
{
int ret = 0;
SM2CiphertextValue *asn1 = NULL;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
BN_CTX *bn_ctx = NULL;
asn1 = SM2CiphertextValue_new();
x = BN_new();
y = BN_new();
bn_ctx = BN_CTX_new();
if (!asn1 || !x || !y || !bn_ctx) {
ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(group, c->ephem_point, x, y, bn_ctx)) {
ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_EC_LIB);
goto end;
}
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(group, c->ephem_point, x, y, bn_ctx)) {
ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_EC_LIB);
goto end;
}
}
if (!BN_to_ASN1_INTEGER(x, asn1->xCoordinate)) {
ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_BN_LIB);
goto end;
}
if (!BN_to_ASN1_INTEGER(y, asn1->yCoordinate)) {
ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_BN_LIB);
goto end;
}
if (!ASN1_OCTET_STRING_set(asn1->hash, c->mactag, c->mactag_size)) {
ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_ASN1_LIB);
goto end;
}
if (!ASN1_OCTET_STRING_set(asn1->ciphertext, c->ciphertext, c->ciphertext_size)) {
ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_ASN1_LIB);
goto end;
}
ret = 1;
end:
SM2CiphertextValue_free(asn1);
BN_free(x);
BN_free(y);
BN_CTX_free(bn_ctx);
return ret;
}
SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(const EC_GROUP *group,
SM2_CIPHERTEXT_VALUE **c, const unsigned char **in, long len)
{
int e = 1;
SM2_CIPHERTEXT_VALUE *ret = NULL;
SM2CiphertextValue *asn1 = NULL;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
BN_CTX *bn_ctx = NULL;
if (!(asn1 = d2i_SM2CiphertextValue(NULL, in, len))) {
ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!(x = ASN1_INTEGER_to_BN(asn1->xCoordinate, NULL))) {
ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_BN_LIB);
goto end;
}
if (!(y = ASN1_INTEGER_to_BN(asn1->yCoordinate, NULL))) {
ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_BN_LIB);
goto end;
}
ret = SM2_CIPHERTEXT_VALUE_new(group);
bn_ctx = BN_CTX_new();
if (!ret || !bn_ctx) {
ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_MALLOC_FAILURE);
goto end;
}
/* (x, y) */
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
if (!EC_POINT_set_affine_coordinates_GFp(group, ret->ephem_point, x, y, bn_ctx)) {
ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_EC_LIB);
goto end;
}
} else {
if (!EC_POINT_set_affine_coordinates_GF2m(group, ret->ephem_point, x, y, bn_ctx)) {
ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_EC_LIB);
goto end;
}
}
/* hash */
ret->mactag_size = asn1->hash->length;
memcpy(ret->mactag, asn1->hash->data, asn1->hash->length);
/* ciphertext */
ret->ciphertext_size = asn1->ciphertext->length;
if (!(ret->ciphertext = OPENSSL_malloc(ret->ciphertext_size))) {
ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_MALLOC_FAILURE);
goto end;
}
memcpy(ret->ciphertext, asn1->ciphertext->data, asn1->ciphertext->length);
e = 0;
end:
SM2CiphertextValue_free(asn1);
BN_free(x);
BN_free(y);
BN_CTX_free(bn_ctx);
if (e && ret) {
SM2_CIPHERTEXT_VALUE_free(ret);
ret = NULL;
}
return ret;
}

745
crypto/sm2/sm2_enc.c Normal file
View File

@@ -0,0 +1,745 @@
/*
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/sm2.h>
#include <openssl/rand.h>
#include <openssl/kdf.h>
#include "internal/o_str.h"
SM2_ENC_PARAMS *SM2_ENC_PARAMS_new(void)
{
SM2_ENC_PARAMS *ret = NULL;
if (!(ret = OPENSSL_zalloc(sizeof(*ret)))) {
ECerr(EC_F_SM2_ENC_PARAMS_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
SM2_ENC_PARAMS_init_with_recommended(ret);
return ret;
}
SM2_ENC_PARAMS *SM2_ENC_PARAMS_dup(const SM2_ENC_PARAMS *param)
{
SM2_ENC_PARAMS *ret = NULL;
if (!param) {
ECerr(EC_F_SM2_ENC_PARAMS_DUP, EC_R_NULL_ARGUMENT);
return NULL;
}
if (!(ret = OPENSSL_memdup(param, sizeof(*param)))) {
ECerr(EC_F_SM2_ENC_PARAMS_DUP, ERR_R_MALLOC_FAILURE);
return NULL;
}
return ret;
}
int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *params)
{
if (!params) {
ECerr(EC_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED,
EC_R_NULL_ARGUMENT);
return 0;
}
params->kdf_md = EVP_sm3();
params->mac_md = EVP_sm3();
params->point_form = POINT_CONVERSION_UNCOMPRESSED;
return 1;
}
void SM2_ENC_PARAMS_free(SM2_ENC_PARAMS *param)
{
OPENSSL_free(param);
}
int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *group,
const SM2_ENC_PARAMS *params, size_t mlen)
{
int ret = 0;
EC_KEY *ec_key = NULL;
size_t len = 0;
if (!(ec_key = EC_KEY_new())) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
if (!EC_KEY_set_group(ec_key, group)) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
if (!EC_KEY_generate_key(ec_key)) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
len += EC_POINT_point2oct(group, EC_KEY_get0_public_key(ec_key),
params->point_form, NULL, 0, NULL);
len += mlen;
len += EVP_MD_size(params->mac_md);
ret = (int)len;
end:
EC_KEY_free(ec_key);
return ret;
}
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new(const EC_GROUP *group)
{
SM2_CIPHERTEXT_VALUE *cv;
if (!(cv = OPENSSL_malloc(sizeof(*cv)))) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_NEW, EC_R_MALLOC_FAILED);
return NULL;
}
memset(cv, 0, sizeof(*cv));
if (!(cv->ephem_point = EC_POINT_new(group))) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_NEW, EC_R_POINT_NEW_FAILED);
OPENSSL_free(cv);
return NULL;
}
return cv;
}
void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv)
{
if (cv->ephem_point) EC_POINT_free(cv->ephem_point);
if (cv->ciphertext) OPENSSL_free(cv->ciphertext);
memset(cv, 0, sizeof(*cv));
OPENSSL_free(cv);
}
int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv,
const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params,
unsigned char *buf, size_t *buflen)
{
int ret = 0;
BN_CTX *bn_ctx = BN_CTX_new();
size_t ptlen, cvlen;
OPENSSL_assert(cv);
OPENSSL_assert(ec_group);
OPENSSL_assert(buf);
OPENSSL_assert(cv->ephem_point);
if (!bn_ctx) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE, ERR_R_BN_LIB);
return 0;
}
if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point,
params->point_form, NULL, 0, bn_ctx))) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE, EC_R_POINT2OCT_FAILED);
goto end;
}
cvlen = ptlen + cv->ciphertext_size + cv->mactag_size;
if (!buf) {
*buflen = cvlen;
ret = 1;
goto end;
} else if (*buflen < cvlen) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE, EC_R_BUFFER_TOO_SMALL);
goto end;
}
if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point,
params->point_form, buf, *buflen, bn_ctx))) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE, EC_R_POINT2OCT_FAILED);
goto end;
}
buf += ptlen;
memcpy(buf, cv->ciphertext, cv->ciphertext_size);
buf += cv->ciphertext_size;
if (cv->mactag_size > 0) {
memcpy(buf, cv->mactag, cv->mactag_size);
}
*buflen = cvlen;
ret = 1;
end:
if (bn_ctx) BN_CTX_free(bn_ctx);
return ret;
}
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params,
const unsigned char *buf, size_t buflen)
{
int ok = 0;
SM2_CIPHERTEXT_VALUE *ret = NULL;
BN_CTX *bn_ctx = BN_CTX_new();
int ptlen;
int fixlen;
if (!bn_ctx) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, ERR_R_BN_LIB);
return NULL;
}
if (!(fixlen = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_GET_CIPHERTEXT_SIZE_FAILED);
goto end;
}
if (buflen <= fixlen) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_BUFFER_TOO_SMALL);
goto end;
}
if (!(ret = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_MALLOC_FAILED);
goto end;
}
ret->ephem_point = EC_POINT_new(ec_group);
ret->ciphertext_size = buflen - fixlen;
ret->ciphertext = OPENSSL_malloc(ret->ciphertext_size);
if (!ret->ephem_point || !ret->ciphertext) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_INNOR_ERROR);
goto end;
}
#if 0
//FIXME
ptlen = fixlen - SM2_ENC_PARAMS_mactag_size(params);
#endif
ptlen = fixlen; //FIXME
if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, ptlen, bn_ctx)) {
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_OCT2POINT_FAILED);
goto end;
}
memcpy(ret->ciphertext, buf + ptlen, ret->ciphertext_size);
//FIXME
//ret->mactag_size = SM2_ENC_PARAMS_mactag_size(params);
if (ret->mactag_size > 0) {
memcpy(ret->mactag, buf + buflen - ret->mactag_size, ret->mactag_size);
}
ok = 1;
end:
if (!ok && ret) {
SM2_CIPHERTEXT_VALUE_free(ret);
ret = NULL;
}
if (bn_ctx) BN_CTX_free(bn_ctx);
return ret;
}
int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group,
const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags)
{
int ret = 0;
char *hex = NULL;
BN_CTX *ctx = BN_CTX_new();
int i;
if (!ctx) {
goto end;
}
if (!(hex = EC_POINT_point2hex(ec_group, cv->ephem_point,
POINT_CONVERSION_UNCOMPRESSED, ctx))) {
goto end;
}
BIO_printf(out, "SM2_CIPHERTEXT_VALUE.ephem_point: %s\n", hex);
BIO_printf(out, "SM2_CIPHERTEXT_VALUE.ciphertext : ");
for (i = 0; i < cv->ciphertext_size; i++) {
BIO_printf(out, "%02X", cv->ciphertext[i]);
}
BIO_printf(out, "\n");
BIO_printf(out, "SM2_CIPHERTEXT_VALUE.mactag :");
for (i = 0; i < cv->mactag_size; i++) {
BIO_printf(out, "%02X", cv->mactag[i]);
}
BIO_printf(out, "\n");
ret = 1;
end:
OPENSSL_free(hex);
BN_CTX_free(ctx);
return 0;
}
int SM2_encrypt(const SM2_ENC_PARAMS *params,
const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen,
EC_KEY *ec_key)
{
int ret = 0;
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
SM2_CIPHERTEXT_VALUE *cv = NULL;
int len;
if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params, inlen))) {
ECerr(EC_F_SM2_ENCRYPT, EC_R_ERROR);
goto end;
}
if (!out) {
*outlen = (size_t)len;
return 1;
} else if (*outlen < (size_t)len) {
ECerr(EC_F_SM2_ENCRYPT, EC_R_BUFFER_TOO_SMALL);
return 0;
}
if (!(cv = SM2_do_encrypt(params, in, inlen, ec_key))) {
ECerr(EC_F_SM2_ENCRYPT, EC_R_ENCRYPT_FAILED);
goto end;
}
if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, params, out, outlen)) {
ECerr(EC_F_SM2_ENCRYPT, EC_R_CIPHERTEXT_ENCODE_FAILED);
goto end;
}
ret = 1;
end:
if (cv) SM2_CIPHERTEXT_VALUE_free(cv);
return ret;
}
SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
const unsigned char *in, size_t inlen,
EC_KEY *ec_key)
{
int ok = 0;
SM2_CIPHERTEXT_VALUE *cv = NULL;
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
const EC_POINT *pub_key = EC_KEY_get0_public_key(ec_key);
KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md);
EC_POINT *point = NULL;
BIGNUM *n = NULL;
BIGNUM *h = NULL;
BIGNUM *k = NULL;
BN_CTX *bn_ctx = NULL;
EVP_MD_CTX *md_ctx = NULL;
unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1];
int nbytes;
unsigned char dgst[EVP_MAX_MD_SIZE];
unsigned int dgstlen;
int mactag_size;
size_t len;
int i;
if (!ec_group || !pub_key) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_INVALID_EC_KEY);
goto end;
}
if (!kdf) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_GET_KDF_FAILED);
goto end;
}
/* init ciphertext_value */
if (!(cv = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_MALLOC_FAILED);
goto end;
}
memset(cv, 0, sizeof(*cv));
cv->ephem_point = EC_POINT_new(ec_group);
cv->ciphertext = OPENSSL_malloc(inlen);
cv->ciphertext_size = inlen;
if (!cv->ephem_point || !cv->ciphertext) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
point = EC_POINT_new(ec_group);
n = BN_new();
h = BN_new();
k = BN_new();
bn_ctx = BN_CTX_new();
md_ctx = EVP_MD_CTX_create();
if (!point || !n || !h || !k || !bn_ctx || !md_ctx) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
/* init ec domain parameters */
if (!EC_GROUP_get_order(ec_group, n, bn_ctx)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
if (!EC_GROUP_get_cofactor(ec_group, h, bn_ctx)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8;
do
{
/* A1: rand k in [1, n-1] */
do {
BN_rand_range(k, n);
} while (BN_is_zero(k));
/* A2: C1 = [k]G = (x1, y1) */
if (!EC_POINT_mul(ec_group, cv->ephem_point, k, NULL, NULL, bn_ctx)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
/* A3: check [h]P_B != O */
if (!EC_POINT_mul(ec_group, point, NULL, pub_key, h, bn_ctx)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
if (EC_POINT_is_at_infinity(ec_group, point)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
/* A4: compute ECDH [k]P_B = (x2, y2) */
if (!EC_POINT_mul(ec_group, point, NULL, pub_key, k, bn_ctx)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
if (!(len = EC_POINT_point2oct(ec_group, point,
POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
OPENSSL_assert(len == nbytes * 2 + 1);
/* A5: t = KDF(x2 || y2, klen) */
kdf(buf + 1, len - 1, cv->ciphertext, &cv->ciphertext_size);
for (i = 0; i < cv->ciphertext_size; i++) {
if (cv->ciphertext[i]) {
break;
}
}
if (i == cv->ciphertext_size) {
continue;
}
break;
} while (1);
/* A6: C2 = M xor t */
for (i = 0; i < inlen; i++) {
cv->ciphertext[i] ^= in[i];
}
mactag_size = EVP_MD_size(params->mac_md);
if (mactag_size) {
/* A7: C3 = Hash(x2 || M || y2) */
if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, in, inlen)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
/* GmSSL specific: reduce mactag size */
if (mactag_size > dgstlen) {
ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR);
goto end;
}
cv->mactag_size = mactag_size;
memcpy(cv->mactag, dgst, cv->mactag_size);
}
ok = 1;
end:
if (!ok && cv) {
SM2_CIPHERTEXT_VALUE_free(cv);
cv = NULL;
}
if (point) EC_POINT_free(point);
if (n) BN_free(n);
if (h) BN_free(h);
if (k) BN_free(k);
if (bn_ctx) BN_CTX_free(bn_ctx);
if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
return cv;
}
int SM2_decrypt(const SM2_ENC_PARAMS *params,
const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen,
EC_KEY *ec_key)
{
int ret = 0;
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
SM2_CIPHERTEXT_VALUE *cv = NULL;
int len;
if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) {
ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
goto end;
}
if (inlen <= len) {
ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
goto end;
}
if (!out) {
*outlen = inlen - len;
return 1;
} else if (*outlen < inlen - len) {
ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
return 0;
}
if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, params, in, inlen))) {
ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
goto end;
}
if (!SM2_do_decrypt(params, cv, out, outlen, ec_key)) {
ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR);
goto end;
}
ret = 1;
end:
if (cv) SM2_CIPHERTEXT_VALUE_free(cv);
return ret;
}
int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
const SM2_CIPHERTEXT_VALUE *cv,
unsigned char *out, size_t *outlen,
EC_KEY *ec_key)
{
int ret = 0;
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
const BIGNUM *pri_key = EC_KEY_get0_private_key(ec_key);
KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md);
EC_POINT *point = NULL;
BIGNUM *n = NULL;
BIGNUM *h = NULL;
BN_CTX *bn_ctx = NULL;
EVP_MD_CTX *md_ctx = NULL;
unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1];
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
int mactag_size;
int nbytes;
size_t size;
int i;
if (!ec_group || !pri_key) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (!kdf) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (!out) {
*outlen = cv->ciphertext_size;
return 1;
}
if (*outlen < cv->ciphertext_size) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
/* init vars */
point = EC_POINT_new(ec_group);
n = BN_new();
h = BN_new();
bn_ctx = BN_CTX_new();
md_ctx = EVP_MD_CTX_create();
if (!point || !n || !h || !bn_ctx || !md_ctx) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
/* init ec domain parameters */
if (!EC_GROUP_get_order(ec_group, n, bn_ctx)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (!EC_GROUP_get_cofactor(ec_group, h, bn_ctx)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8;
/* B2: check [h]C1 != O */
if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, h, bn_ctx)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (EC_POINT_is_at_infinity(ec_group, point)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
/* B3: compute ECDH [d]C1 = (x2, y2) */
if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, pri_key, bn_ctx)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (!(size = EC_POINT_point2oct(ec_group, point,
POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
OPENSSL_assert(size == 1 + nbytes * 2);
/* B4: compute t = KDF(x2 || y2, clen) */
*outlen = cv->ciphertext_size; //FIXME: duplicated code
kdf(buf + 1, size - 1, out, outlen);
/* B5: compute M = C2 xor t */
for (i = 0; i < cv->ciphertext_size; i++) {
out[i] ^= cv->ciphertext[i];
}
*outlen = cv->ciphertext_size;
mactag_size = EVP_MD_size(params->mac_md);
if (mactag_size) {
/* B6: check Hash(x2 || M || y2) == C3 */
if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, out, *outlen)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (!EVP_DigestFinal_ex(md_ctx, mac, &maclen)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
/* GmSSL specific */
if (mactag_size > maclen) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
if (cv->mactag_size != mactag_size ||
OPENSSL_memcmp(mac, cv->mactag, cv->mactag_size)) {
ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR);
goto end;
}
}
ret = 1;
end:
EC_POINT_free(point);
BN_free(n);
BN_free(h);
BN_CTX_free(bn_ctx);
EVP_MD_CTX_destroy(md_ctx);
return ret;
}
int SM2_encrypt_with_recommended(const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen, EC_KEY *ec_key)
{
SM2_ENC_PARAMS params;
SM2_ENC_PARAMS_init_with_recommended(&params);
return SM2_encrypt(&params, in, inlen, out, outlen, ec_key);
}
int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen,
EC_KEY *ec_key)
{
SM2_ENC_PARAMS params;
SM2_ENC_PARAMS_init_with_recommended(&params);
return SM2_decrypt(&params, in, inlen, out, outlen, ec_key);
}

343
crypto/sm2/sm2_id.c Normal file
View File

@@ -0,0 +1,343 @@
/* ====================================================================
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <assert.h>
#include <stdint.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/sm2.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#define EC_MAX_NBYTES ((OPENSSL_ECC_MAX_FIELD_BITS + 7)/8)
int SM2_get_public_key_data(EC_KEY *ec_key, unsigned char *out, size_t *outlen)
{
int ret = 0;
const EC_GROUP *group;
BN_CTX *bn_ctx = NULL;
BIGNUM *p = NULL;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
int nbytes;
size_t len;
if (!ec_key || !outlen) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(group = EC_KEY_get0_group(ec_key))) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
/* degree is the bit length of field element, not the order of subgroup */
nbytes = (EC_GROUP_get_degree(group) + 7)/8;
len = nbytes * 6;
if (!out) {
*outlen = len;
return 1;
}
if (*outlen < len) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, EC_R_BUFFER_TOO_SMALL);
return 0;
}
memset(out, 0, len);
p = BN_new();
x = BN_new();
y = BN_new();
bn_ctx = BN_CTX_new();
if (!bn_ctx || !p || !x || !y) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_MALLOC_FAILURE);
goto end;
}
/* get curve coefficients */
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
if (!EC_GROUP_get_curve_GFp(group, p, x, y, bn_ctx)) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_EC_LIB);
goto end;
}
} else {
if (!EC_GROUP_get_curve_GF2m(group, p, x, y, bn_ctx)) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_EC_LIB);
goto end;
}
}
BN_bn2bin(x, out + nbytes - BN_num_bytes(x));
out += nbytes;
BN_bn2bin(y, out + nbytes - BN_num_bytes(y));
out += nbytes;
/* get curve generator coordinates */
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(group,
EC_GROUP_get0_generator(group), x, y, bn_ctx)) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_EC_LIB);
goto end;
}
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(group,
EC_GROUP_get0_generator(group), x, y, bn_ctx)) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_EC_LIB);
goto end;
}
}
if (!BN_bn2bin(x, out + nbytes - BN_num_bytes(x))) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_BN_LIB);
goto end;
}
out += nbytes;
if (!BN_bn2bin(y, out + nbytes - BN_num_bytes(y))) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_BN_LIB);
goto end;
}
out += nbytes;
/* get pub_key coorindates */
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(group,
EC_KEY_get0_public_key(ec_key), x, y, bn_ctx)) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_EC_LIB);
goto end;
}
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(group,
EC_KEY_get0_public_key(ec_key), x, y, bn_ctx)) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_EC_LIB);
goto end;
}
}
if (!BN_bn2bin(x, out + nbytes - BN_num_bytes(x))) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_BN_LIB);
goto end;
}
out += nbytes;
if (!BN_bn2bin(y, out + nbytes - BN_num_bytes(y))) {
ECerr(EC_F_SM2_GET_PUBLIC_KEY_DATA, ERR_R_BN_LIB);
goto end;
}
*outlen = len;
ret = 1;
end:
BN_free(p);
BN_free(x);
BN_free(y);
BN_CTX_free(bn_ctx);
return ret;
}
int SM2_compute_id_digest(const EVP_MD *md, const char *id, size_t idlen,
unsigned char *out, size_t *outlen, EC_KEY *ec_key)
{
int ret = 0;
EVP_MD_CTX *md_ctx = NULL;
unsigned char idbits[2];
unsigned char buf[SM2_MAX_PKEY_DATA_LENGTH];
unsigned int len;
size_t size;
if (!md || !id || idlen <= 0 || !outlen || !ec_key) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
/*
* check compatibility with the GM/T 0003.2-2012 standard
* digest length must be 256-bit/32-byte
* id length should be less than SM2_MAX_ID_LENGTH
*/
if (EVP_MD_size(md) != SM2_ID_DIGEST_LENGTH) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, EC_R_INVALID_DIGEST_ALGOR);
return 0;
}
if (strlen(id) != idlen) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, EC_R_INVALID_SM2_ID);
return 0;
}
if (idlen > SM2_MAX_ID_LENGTH || idlen <= 0) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, EC_R_INVALID_ID_LENGTH);
return 0;
}
if (!out) {
*outlen = EVP_MD_size(md);
return 1;
}
if (*outlen < EVP_MD_size(md)) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, EC_R_BUFFER_TOO_SMALL);
return 0;
}
/* prepare */
if (!(md_ctx = EVP_MD_CTX_new())) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, ERR_R_MALLOC_FAILURE);
return 0;
}
/* get public key data from ec_key */
size = sizeof(buf);
if (!SM2_get_public_key_data(ec_key, buf, &size)) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, EC_R_GET_PUBLIC_KEY_DATA_FAILURE);
goto end;
}
/* 2-byte id length in bits */
idbits[0] = ((idlen * 8) >> 8) % 256;
idbits[1] = (idlen * 8) % 256;
/* compute digest of (idbits, id, pkeydata) */
if (!EVP_DigestInit_ex(md_ctx, md, NULL)) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, idbits, sizeof(idbits))) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, id, idlen)) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, buf, size)) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, ERR_R_EVP_LIB);
goto end;
}
len = EVP_MD_size(md);
if (!EVP_DigestFinal_ex(md_ctx, out, &len)) {
ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, ERR_R_EVP_LIB);
goto end;
}
*outlen = len;
ret = 1;
end:
EVP_MD_CTX_free(md_ctx);
return ret;
}
/*
* Generate GM/T 0003.2-2012 message digest for SM2 signature scheme.
* Return dgst = msg_md( id_md(id, ec_key) || msg )
*/
int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md,
const unsigned char *msg, size_t msglen, const char *id, size_t idlen,
unsigned char *out, size_t *outlen,
EC_KEY *ec_key)
{
int ret = 0;
EVP_MD_CTX *md_ctx;
unsigned char buf[EVP_MAX_MD_SIZE];
size_t len;
if (!id_md || !msg_md || !msg || msglen <= 0 || !id || idlen <= 0 || !ec_key) {
ECerr(EC_F_SM2_COMPUTE_MESSAGE_DIGEST, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(md_ctx = EVP_MD_CTX_new())) {
ECerr(EC_F_SM2_COMPUTE_MESSAGE_DIGEST, ERR_R_MALLOC_FAILURE);
return 0;
}
len = sizeof(buf);
if (!SM2_compute_id_digest(id_md, id, idlen, buf, &len, ec_key)) {
ECerr(EC_F_SM2_COMPUTE_MESSAGE_DIGEST, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestInit_ex(md_ctx, msg_md, NULL)) {
ECerr(EC_F_SM2_COMPUTE_MESSAGE_DIGEST, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, buf, len)) {
ECerr(EC_F_SM2_COMPUTE_MESSAGE_DIGEST, ERR_R_EVP_LIB);
goto end;
}
printf("zid(%d)=", len); for (int i=0; i<len; i++) printf("%02x", buf[i]); printf("\n");
if (!EVP_DigestUpdate(md_ctx, msg, msglen)) {
ECerr(EC_F_SM2_COMPUTE_MESSAGE_DIGEST, ERR_R_EVP_LIB);
goto end;
}
printf("msg="); for (int i=0; i<len; i++) printf("%02x", msg[i]); printf("\n");
len = sizeof(buf);
if (!EVP_DigestFinal_ex(md_ctx, out, &len)) {
ECerr(EC_F_SM2_COMPUTE_MESSAGE_DIGEST, ERR_R_EVP_LIB);
goto end;
}
*outlen = len;
ret = 1;
end:
EVP_MD_CTX_free(md_ctx);
return ret;
}

580
crypto/sm2/sm2_kap.c Normal file
View File

@@ -0,0 +1,580 @@
/* ====================================================================
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <string.h>
#include <openssl/ec.h>
#include <openssl/sm2.h>
#include <openssl/kdf.h>
int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx,
EC_KEY *ec_key, const char *id, size_t idlen,
EC_KEY *remote_pubkey, const char *rid, size_t ridlen,
int is_initiator, int do_checksum)
{
int ret = 0;
int w;
if (!ctx || !ec_key || !remote_pubkey) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
memset(ctx, 0, sizeof(*ctx));
ctx->id_dgst_md = EVP_sm3();
ctx->kdf_md = EVP_sm3();
ctx->checksum_md = EVP_sm3();
ctx->point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
if (!(ctx->kdf = KDF_get_x9_63(ctx->kdf_md))) {
ECerr(EC_F_SM2_KAP_CTX_INIT, EC_R_INVALID_KDF_MD);
goto end;
}
ctx->is_initiator = is_initiator;
ctx->do_checksum = do_checksum;
if (EC_GROUP_cmp(EC_KEY_get0_group(ec_key),
EC_KEY_get0_group(remote_pubkey), NULL) != 0) {
ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
goto end;
}
if (!SM2_compute_id_digest(ctx->id_dgst_md, id, idlen,
ctx->id_dgst, &ctx->id_dgstlen, ec_key)) {
ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
goto end;
}
if (!(ctx->ec_key = EC_KEY_dup(ec_key))) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB);
goto end;
}
if (!SM2_compute_id_digest(ctx->id_dgst_md, rid, ridlen,
ctx->remote_id_dgst, &ctx->remote_id_dgstlen, remote_pubkey)) {
ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
goto end;
}
if (!(ctx->remote_pubkey = EC_KEY_dup(remote_pubkey))) {
ECerr(EC_F_SM2_KAP_CTX_INIT, 0);
goto end;
}
ctx->group = EC_KEY_get0_group(ec_key);
ctx->bn_ctx = BN_CTX_new();
ctx->order = BN_new();
ctx->two_pow_w = BN_new();
ctx->t = BN_new();
if (!ctx->bn_ctx || !ctx->order || !ctx->two_pow_w || !ctx->t) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB);
goto end;
}
if (!EC_GROUP_get_order(EC_KEY_get0_group(ec_key), ctx->order, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB);
goto end;
}
w = (BN_num_bits(ctx->order) + 1)/2 - 1;
if (!BN_one(ctx->two_pow_w)) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB);
goto end;
}
if (!BN_lshift(ctx->two_pow_w, ctx->two_pow_w, w)) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB);
goto end;
}
if (!(ctx->point = EC_POINT_new(ctx->group))) {
ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB);
goto end;
}
ret = 1;
end:
if (!ret) SM2_KAP_CTX_cleanup(ctx);
return ret;
}
void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx)
{
if (ctx) {
EC_KEY_free(ctx->ec_key);
EC_KEY_free(ctx->remote_pubkey);
BN_CTX_free(ctx->bn_ctx);
BN_free(ctx->two_pow_w);
BN_free(ctx->order);
EC_POINT_free(ctx->point);
BN_free(ctx->t);
memset(ctx, 0, sizeof(*ctx));
}
}
/* FIXME: ephem_point_len should be both input and output */
int SM2_KAP_prepare(SM2_KAP_CTX *ctx, unsigned char *ephem_point,
size_t *ephem_point_len)
{
int ret = 0;
const BIGNUM *prikey;
BIGNUM *h = NULL;
BIGNUM *r = NULL;
BIGNUM *x = NULL;
if (!(prikey = EC_KEY_get0_private_key(ctx->ec_key))) {
ECerr(EC_F_SM2_KAP_PREPARE, EC_R_SM2_KAP_NOT_INITED);
return 0;
}
h = BN_new();
r = BN_new();
x = BN_new();
if (!h || !r || !x) {
ECerr(EC_F_SM2_KAP_PREPARE, 0);
goto end;
}
/*
* r = rand(1, n)
* R = rG = (x, y)
*/
do {
if (!BN_rand_range(r, ctx->order)) {
ECerr(EC_F_SM2_KAP_PREPARE, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto end;
}
} while (BN_is_zero(r));
if (!EC_POINT_mul(ctx->group, ctx->point, r, NULL, NULL, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_EC_LIB);
goto end;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ctx->group)) == NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_EC_LIB);
goto end;
}
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_EC_LIB);
goto end;
}
}
/*
* w = ceil(keybits / 2) - 1
* x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w)
* t = (d + x * r) mod n
* t = (h * t) mod n
*/
if (!ctx->t) {
ECerr(EC_F_SM2_KAP_PREPARE, EC_R_SM2_KAP_NOT_INITED);
goto end;
}
if (!BN_nnmod(x, x, ctx->two_pow_w, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
goto end;
}
if (!BN_add(x, x, ctx->two_pow_w)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(ctx->t, x, r, ctx->order, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_add(ctx->t, ctx->t, prikey, ctx->order, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
goto end;
}
if (!EC_GROUP_get_cofactor(ctx->group, h, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_EC_LIB);
goto end;
}
if (!BN_mul(ctx->t, ctx->t, h, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
goto end;
}
/* encode R = (x, y) for output and local buffer */
// FIXME: ret is size_t and ret is the output length
ret = EC_POINT_point2oct(ctx->group, ctx->point, ctx->point_form,
ephem_point, *ephem_point_len, ctx->bn_ctx);
memcpy(ctx->pt_buf, ephem_point, ret);
*ephem_point_len = ret;
ret = 1;
end:
if (h) BN_free(h);
if (r) BN_free(r);
if (x) BN_free(x);
return ret;
}
int SM2_KAP_compute_key(SM2_KAP_CTX *ctx, const unsigned char *remote_point,
size_t remote_point_len, unsigned char *key, size_t keylen,
unsigned char *checksum, size_t *checksumlen)
{
int ret = 0;
EVP_MD_CTX *md_ctx = NULL;
BIGNUM *x = NULL;
unsigned char share_pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4 + EVP_MAX_MD_SIZE * 2 + 100];
unsigned char remote_pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4 + 111];
unsigned char dgst[EVP_MAX_MD_SIZE];
unsigned int dgstlen;
unsigned int len, bnlen;
size_t klen = keylen;
md_ctx = EVP_MD_CTX_new();
x = BN_new();
if (!md_ctx || !x) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0);
goto end;
}
/*
* decode point R = (x, y), encode (x, y)
* x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w), w = ceil(keybits / 2) - 1
* U = ht * (P + x * R)
* check U != O
*/
if (!EC_POINT_oct2point(ctx->group, ctx->point,
remote_point, remote_point_len, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0);
goto end;
}
if (!(len = EC_POINT_point2oct(ctx->group, ctx->point, POINT_CONVERSION_UNCOMPRESSED,
remote_pt_buf, sizeof(remote_pt_buf), ctx->bn_ctx))) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0);
goto end;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ctx->group)) == NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
goto end;
}
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
goto end;
}
}
/* x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w) */
if (!BN_nnmod(x, x, ctx->two_pow_w, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB);
goto end;
}
if (!BN_add(x, x, ctx->two_pow_w)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB);
goto end;
}
/*
if (!BN_mod_mul(x, x, ctx->t, ctx->order, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB);
goto end;
}
*/
/* U = ht * (P + x * R), check U != O */
if (!EC_POINT_mul(ctx->group, ctx->point, NULL, ctx->point, x, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_add(ctx->group, ctx->point, ctx->point,
EC_KEY_get0_public_key(ctx->remote_pubkey), ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_mul(ctx->group, ctx->point, NULL, ctx->point, ctx->t, ctx->bn_ctx)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
goto end;
}
if (EC_POINT_is_at_infinity(ctx->group, ctx->point)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0);
goto end;
}
/* encode U, append with ZA, ZB */
if (!(len = EC_POINT_point2oct(ctx->group, ctx->point, POINT_CONVERSION_UNCOMPRESSED,
share_pt_buf, sizeof(share_pt_buf), ctx->bn_ctx))) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0);
goto end;
}
if (ctx->is_initiator) {
memcpy(share_pt_buf + len, ctx->id_dgst, ctx->id_dgstlen);
len += ctx->id_dgstlen;
memcpy(share_pt_buf + len, ctx->remote_id_dgst, ctx->remote_id_dgstlen);
len += ctx->remote_id_dgstlen;
} else {
memcpy(share_pt_buf + len, ctx->remote_id_dgst, ctx->remote_id_dgstlen);
len += ctx->remote_id_dgstlen;
memcpy(share_pt_buf + len, ctx->id_dgst, ctx->id_dgstlen);
len += ctx->id_dgstlen;
}
/* key = KDF(xu, yu, ZA, ZB) */
if (!ctx->kdf(share_pt_buf + 1, len - 1, key, &klen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0);
goto end;
}
if (ctx->do_checksum) {
/* generate checksum S1 or SB start with 0x02
* S1 = SB = Hash(0x02, yu, Hash(xu, ZA, ZB, x1, y1, x2, y2))
*/
if (!EVP_DigestInit_ex(md_ctx, ctx->checksum_md, NULL)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
bnlen = BN_num_bytes(ctx->order);
if (!EVP_DigestUpdate(md_ctx, share_pt_buf + 1, bnlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (ctx->is_initiator) {
/* update ZA,ZB,x1,y1,x2,y2 */
if (!EVP_DigestUpdate(md_ctx, ctx->id_dgst, ctx->id_dgstlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, ctx->remote_id_dgst, ctx->remote_id_dgstlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, ctx->pt_buf + 1, bnlen * 2)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, remote_pt_buf + 1, bnlen * 2)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
} else {
if (!EVP_DigestUpdate(md_ctx, ctx->remote_id_dgst, ctx->remote_id_dgstlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, ctx->id_dgst, ctx->id_dgstlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, remote_pt_buf + 1, bnlen * 2)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, ctx->pt_buf + 1, bnlen * 2)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
}
if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
/* now dgst == H(xu,ZA,ZB,x1,y1,x2,y2)
*/
/* S1 = SB = Hash(0x02, yu, dgst) */
if (!EVP_DigestInit_ex(md_ctx, ctx->checksum_md, NULL)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, "\x02", 1)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, share_pt_buf + 1 + bnlen, bnlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, dgst, dgstlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
/* output S1 to local buffer or SB to output */
if (ctx->is_initiator) {
if (!EVP_DigestFinal_ex(md_ctx, ctx->checksum, &len)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
} else {
if (!EVP_DigestFinal_ex(md_ctx, checksum, &len)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
*checksumlen = len;
}
/* generate checksum SA or S2 start with 0x03
* SA = S2 = Hash(0x03, yu, dgst)
*/
if (!EVP_DigestInit_ex(md_ctx, ctx->checksum_md, NULL)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, "\x03", 1)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, share_pt_buf + 1 + bnlen, bnlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DigestUpdate(md_ctx, dgst, dgstlen)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
if (ctx->is_initiator) {
if (!EVP_DigestFinal_ex(md_ctx, checksum, &len)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
*checksumlen = len;
} else {
if (!EVP_DigestFinal_ex(md_ctx, ctx->checksum, &len)) {
ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
goto end;
}
}
}
ret = 1;
end:
EVP_MD_CTX_free(md_ctx);
BN_free(x);
return ret;
}
int SM2_KAP_final_check(SM2_KAP_CTX *ctx, const unsigned char *checksum,
size_t checksumlen)
{
if (ctx->do_checksum) {
if (checksumlen != EVP_MD_size(ctx->checksum_md)) {
ECerr(EC_F_SM2_KAP_FINAL_CHECK, EC_R_INVALID_SM2_KAP_CHECKSUM_LENGTH);
return 0;
}
if (memcmp(ctx->checksum, checksum, checksumlen)) {
ECerr(EC_F_SM2_KAP_FINAL_CHECK, EC_R_INVALID_SM2_KAP_CHECKSUM_VALUE);
return 0;
}
}
return 1;
}
int SM2_compute_key(void *out, size_t outlen,
const EC_POINT *pub_key, EC_KEY *ecdh,
const EC_POINT *pub_key2, EC_KEY *ec_key2,
const char *id1, const char *id2, int is_ini)
{
return 0;
}

191
crypto/sm2/sm2_kmeth.c Normal file
View File

@@ -0,0 +1,191 @@
/*
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <string.h>
#include <openssl/ec.h>
#include <openssl/engine.h>
#include <openssl/err.h>
#include <openssl/sm2.h>
#include <openssl/ecies.h>
#include "../ec/ec_lcl.h"
#define SM2_KMETH_FLAGS 0
int SM2_ENC_PARAMS_set_type(SM2_ENC_PARAMS *params, int type)
{
// FIXME:
ECerr(EC_F_SM2_ENC_PARAMS_SET_TYPE, ERR_R_EVP_LIB);
return 0;
}
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECIES_CIPHERTEXT_VALUE(
const ECIES_CIPHERTEXT_VALUE *in)
{
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECIES_CIPHERTEXT_VALUE,
ERR_R_EC_LIB);
return NULL;
}
int SM2_CIPHERTEXT_VALUE_set_ECIES_CIPHERTEXT_VALUE(SM2_CIPHERTEXT_VALUE *sm2,
const ECIES_CIPHERTEXT_VALUE *in)
{
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_SET_ECIES_CIPHERTEXT_VALUE,
ERR_R_EC_LIB);
return 0;
}
int SM2_CIPHERTEXT_VALUE_get_ECIES_CIPHERTEXT_VALUE(
const SM2_CIPHERTEXT_VALUE *sm2, ECIES_CIPHERTEXT_VALUE *out)
{
ECerr(EC_F_SM2_CIPHERTEXT_VALUE_GET_ECIES_CIPHERTEXT_VALUE,
ERR_R_EC_LIB);
return 0;
}
static int sm2_compute_key(unsigned char **Pout, size_t *poutlen,
const EC_POINT *pub_key, const EC_KEY *ec_key)
{
return 0;
}
static int sm2_encrypt(int type, const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen, EC_KEY *ec_key)
{
SM2_ENC_PARAMS param;
if (!SM2_ENC_PARAMS_set_type(&param, type)) {
return 0;
}
return SM2_encrypt(&param, in, inlen, out, outlen, ec_key);
}
ECIES_CIPHERTEXT_VALUE *sm2_do_encrypt(int type, const unsigned char *in,
size_t inlen, EC_KEY *ec_key)
{
ECIES_CIPHERTEXT_VALUE *ret = NULL;
ECIES_CIPHERTEXT_VALUE *ecies = NULL;
SM2_CIPHERTEXT_VALUE *sm2 = NULL;
SM2_ENC_PARAMS param;
if (!(ecies = ECIES_CIPHERTEXT_VALUE_new())) {
goto end;
}
if (!SM2_ENC_PARAMS_set_type(&param, type)) {
goto end;
}
if (!(sm2 = SM2_do_encrypt(&param, in, inlen, ec_key))) {
goto end;
}
if (!SM2_CIPHERTEXT_VALUE_get_ECIES_CIPHERTEXT_VALUE(sm2, ecies)) {
goto end;
}
ret = ecies;
ecies = NULL;
end:
ECIES_CIPHERTEXT_VALUE_free(ecies);
SM2_CIPHERTEXT_VALUE_free(sm2);
return ret;
}
int sm2_decrypt(int type, const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen, EC_KEY *ec_key)
{
SM2_ENC_PARAMS param;
if (!SM2_ENC_PARAMS_set_type(&param, type)) {
return 0;
}
return SM2_decrypt(&param, in, inlen, out, outlen, ec_key);
}
int sm2_do_decrypt(int type, const ECIES_CIPHERTEXT_VALUE *in,
unsigned char *out, size_t *outlen, EC_KEY *ec_key)
{
int ret = 0;
SM2_CIPHERTEXT_VALUE *sm2 = NULL;
SM2_ENC_PARAMS param;
if (!SM2_ENC_PARAMS_set_type(&param, type)) {
goto end;
}
// we might require type/param
if (!(sm2 = SM2_CIPHERTEXT_VALUE_new_from_ECIES_CIPHERTEXT_VALUE(in))) {
goto end;
}
if (!SM2_do_decrypt(&param, sm2, out, outlen, ec_key)) {
goto end;
}
ret = 1;
end:
SM2_CIPHERTEXT_VALUE_free(sm2);
return ret;
}
static const EC_KEY_METHOD gmssl_ec_key_method = {
"GmSSL EC_KEY method",
0,
0,0,0,0,0,0,
ossl_ec_key_gen,
sm2_compute_key,
SM2_sign,
SM2_sign_setup,
SM2_do_sign,
SM2_verify,
SM2_do_verify,
sm2_encrypt,
sm2_do_encrypt,
sm2_decrypt,
sm2_do_decrypt,
};
const EC_KEY_METHOD *EC_KEY_GmSSL(void)
{
return &gmssl_ec_key_method;
}

526
crypto/sm2/sm2_sign.c Normal file
View File

@@ -0,0 +1,526 @@
/* ====================================================================
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/sm2.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/obj_mac.h>
#include "../ec/ec_lcl.h"
static int sm2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx_in, BIGNUM **kp, BIGNUM **xp)
{
int ret = 0;
const EC_GROUP *ec_group;
BN_CTX *ctx = NULL;
BIGNUM *k = NULL;
BIGNUM *x = NULL;
BIGNUM *order = NULL;
EC_POINT *point = NULL;
if (ec_key == NULL || (ec_group = EC_KEY_get0_group(ec_key)) == NULL) {
ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (ctx_in == NULL) {
if ((ctx = BN_CTX_new()) == NULL) {
ECerr(EC_F_SM2_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
return 0;
}
}
else {
ctx = ctx_in;
}
k = BN_new();
x = BN_new();
order = BN_new();
if (!k || !x || !order) {
ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_EC_LIB);
goto end;
}
if ((point = EC_POINT_new(ec_group)) == NULL) {
ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_EC_LIB);
goto end;
}
do {
/* get random k */
do {
if (!BN_rand_range(k, order)) {
ECerr(EC_F_SM2_SIGN_SETUP,
EC_R_RANDOM_NUMBER_GENERATION_FAILED);
goto end;
}
} while (BN_is_zero(k));
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(ec_group, point, k, NULL, NULL, ctx)) {
ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_EC_LIB);
goto end;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group)) == NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(ec_group, point, x, NULL, ctx)) {
ECerr(EC_F_SM2_SIGN_SETUP,ERR_R_EC_LIB);
goto end;
}
} else /* NID_X9_62_characteristic_two_field */ {
if (!EC_POINT_get_affine_coordinates_GF2m(ec_group, point, x, NULL, ctx)) {
ECerr(EC_F_SM2_SIGN_SETUP,ERR_R_EC_LIB);
goto end;
}
}
if (!BN_nnmod(x, x, order, ctx)) {
ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(x));
/* clear old values if necessary */
BN_clear_free(*kp);
BN_clear_free(*xp);
/* save the pre-computed values */
*kp = k;
*xp = x;
ret = 1;
end:
if (!ret) {
BN_clear_free(k);
BN_clear_free(x);
}
if (!ctx_in) {
BN_CTX_free(ctx);
}
BN_free(order);
EC_POINT_free(point);
return(ret);
}
static ECDSA_SIG *sm2_do_sign(const unsigned char *dgst, int dgstlen,
const BIGNUM *in_k, const BIGNUM *in_x, EC_KEY *ec_key)
{
int ok = 0;
ECDSA_SIG *ret = NULL;
const EC_GROUP *ec_group;
const BIGNUM *priv_key;
const BIGNUM *ck;
BIGNUM *k = NULL;
BN_CTX *ctx = NULL;
BIGNUM *order = NULL;
BIGNUM *e = NULL;
BIGNUM *bn = NULL;
int i;
ec_group = EC_KEY_get0_group(ec_key);
priv_key = EC_KEY_get0_private_key(ec_key);
if (!ec_group || !priv_key) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (!(ret = ECDSA_SIG_new())) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->r = BN_new();
ret->s = BN_new();
ctx = BN_CTX_new();
order = BN_new();
e = BN_new();
bn = BN_new();
if (!ret->r || !ret->s || !ctx || !order || !e || !bn) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_EC_LIB);
goto end;
}
/* convert dgst to e */
i = BN_num_bits(order);
#if 0
if (8 * dgstlen > i) {
dgstlen = (i + 7)/8;
}
#endif
if (!BN_bin2bn(dgst, dgstlen, e)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
#if 0
if ((8 * dgstlen > i) && !BN_rshift(e, e, 8 - (i & 0x7))) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
#endif
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
do {
/* use or compute k and (kG).x */
if (!in_k || !in_x) {
if (!sm2_sign_setup(ec_key, ctx, &k, &ret->r)) {
ECerr(EC_F_SM2_DO_SIGN,ERR_R_ECDSA_LIB);
goto end;
}
ck = k;
} else {
ck = in_k;
if (!BN_copy(ret->r, in_x)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto end;
}
}
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
/* r = e + x (mod n) */
if (!BN_mod_add(ret->r, ret->r, e, order, ctx)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
if (!BN_mod_add(bn, ret->r, ck, order, ctx)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
/* check r != 0 && r + k != n */
if (BN_is_zero(ret->r) || BN_is_zero(bn)) {
if (in_k && in_x) {
ECerr(EC_F_SM2_DO_SIGN, EC_R_NEED_NEW_SETUP_VALUES);
goto end;
} else
continue;
}
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
/* s = ((1 + d)^-1 * (k - rd)) mod n */
if (!BN_one(bn)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
if (ret->s == NULL) {
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
}
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
if (!BN_mod_add(ret->s, priv_key, bn, order, ctx)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
if (!BN_mod_inverse(ret->s, ret->s, order, ctx)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
fprintf(stderr, " --- %s %d\n", __func__, __LINE__);
if (!BN_mod_mul(bn, ret->r, priv_key, order, ctx)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_sub(bn, ck, bn, order, ctx)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(ret->s, ret->s, bn, order, ctx)) {
ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
/* check s != 0 */
if (BN_is_zero(ret->s)) {
if (in_k && in_x) {
ECerr(EC_F_SM2_DO_SIGN, EC_R_NEED_NEW_SETUP_VALUES);
goto end;
}
} else {
break;
}
} while (1);
ok = 1;
end:
if (!ok) {
ECDSA_SIG_free(ret);
ret = NULL;
}
BN_free(k);
BN_CTX_free(ctx);
BN_free(order);
BN_free(e);
BN_free(bn);
return ret;
}
int sm2_do_verify(const unsigned char *dgst, int dgstlen,
const ECDSA_SIG *sig, EC_KEY *ec_key)
{
int ret = -1;
const EC_GROUP *ec_group;
const EC_POINT *pub_key;
EC_POINT *point = NULL;
BN_CTX *ctx = NULL;
BIGNUM *order = NULL;
BIGNUM *e = NULL;
BIGNUM *t = NULL;
int i;
if (!sig || !ec_key ||
!(ec_group = EC_KEY_get0_group(ec_key)) ||
!(pub_key = EC_KEY_get0_public_key(ec_key))) {
ECerr(EC_F_SM2_DO_VERIFY, EC_R_MISSING_PARAMETERS);
return -1;
}
ctx = BN_CTX_new();
order = BN_new();
e = BN_new();
t = BN_new();
if (!ctx || !order || !e || !t) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
/* check r, s in [1, n-1] and r + s != 0 (mod n) */
if (BN_is_zero(sig->r) ||
BN_is_negative(sig->r) ||
BN_ucmp(sig->r, order) >= 0 ||
BN_is_zero(sig->s) ||
BN_is_negative(sig->s) ||
BN_ucmp(sig->s, order) >= 0) {
ECerr(EC_F_SM2_DO_VERIFY, EC_R_BAD_SIGNATURE);
ret = 0;
goto end;
}
/* check t = r + s != 0 */
if (!BN_mod_add(t, sig->r, sig->s, order, ctx)) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
goto end;
}
if (BN_is_zero(t)) {
ret = 0;
goto end;
}
/* convert digest to e */
i = BN_num_bits(order);
#if 0
if (8 * dgstlen > i) {
dgstlen = (i + 7)/8;
}
#endif
if (!BN_bin2bn(dgst, dgstlen, e)) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
goto end;
}
#if 0
if ((8 * dgstlen > i) && !BN_rshift(e, e, 8 - (i & 0x7))) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
goto end;
}
#endif
/* compute (x, y) = sG + tP, P is pub_key */
if (!(point = EC_POINT_new(ec_group))) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_POINT_mul(ec_group, point, sig->s, pub_key, t, ctx)) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group)) == NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(ec_group, point, t, NULL, ctx)) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
} else /* NID_X9_62_characteristic_two_field */ {
if (!EC_POINT_get_affine_coordinates_GF2m(ec_group, point, t, NULL, ctx)) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
}
if (!BN_nnmod(t, t, order, ctx)) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
goto end;
}
/* check (sG + tP).x + e == sig.r */
if (!BN_mod_add(t, t, e, order, ctx)) {
ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
goto end;
}
if (BN_ucmp(t, sig->r) == 0) {
ret = 1;
} else {
ret = 0;
}
end:
EC_POINT_free(point);
BN_free(order);
BN_free(e);
BN_free(t);
BN_CTX_free(ctx);
return ret;
}
int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx_in, BIGNUM **kp, BIGNUM **xp)
{
return sm2_sign_setup(ec_key, ctx_in, kp, xp);
}
ECDSA_SIG *SM2_do_sign_ex(const unsigned char *dgst, int dgstlen,
const BIGNUM *kp, const BIGNUM *xp, EC_KEY *ec_key)
{
return sm2_do_sign(dgst, dgstlen, kp, xp, ec_key);
}
ECDSA_SIG *SM2_do_sign(const unsigned char *dgst, int dgstlen, EC_KEY *ec_key)
{
return SM2_do_sign_ex(dgst, dgstlen, NULL, NULL, ec_key);
}
int SM2_do_verify(const unsigned char *dgst, int dgstlen,
const ECDSA_SIG *sig, EC_KEY *ec_key)
{
return sm2_do_verify(dgst, dgstlen, sig, ec_key);
}
int SM2_sign_ex(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen,
const BIGNUM *k, const BIGNUM *x, EC_KEY *ec_key)
{
ECDSA_SIG *s;
RAND_seed(dgst, dgstlen);
if (!(s = SM2_do_sign_ex(dgst, dgstlen, k, x, ec_key))) {
*siglen = 0;
return 0;
}
*siglen = i2d_ECDSA_SIG(s, &sig);
ECDSA_SIG_free(s);
return 1;
}
int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen, EC_KEY *ec_key)
{
return SM2_sign_ex(type, dgst, dgstlen, sig, siglen, NULL, NULL, ec_key);
}
int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
const unsigned char *sig, int siglen, EC_KEY *ec_key)
{
ECDSA_SIG *s;
const unsigned char *p = sig;
unsigned char *der = NULL;
int derlen = -1;
int ret = -1;
if (!(s = ECDSA_SIG_new())) {
return ret;
}
if (!d2i_ECDSA_SIG(&s, &p, siglen)) {
goto err;
}
derlen = i2d_ECDSA_SIG(s, &der);
if (derlen != siglen || memcmp(sig, der, derlen)) {
goto err;
}
ret = SM2_do_verify(dgst, dgstlen, s, ec_key);
err:
if (derlen > 0) {
OPENSSL_cleanse(der, derlen);
OPENSSL_free(der);
}
ECDSA_SIG_free(s);
return ret;
}