diff --git a/Makefile b/Makefile index af528047..2dc588ce 100644 --- a/Makefile +++ b/Makefile @@ -151,7 +151,7 @@ SDIRS= \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ cms pqueue ts srp cmac \ - sm3 sms4 zuc cpk + sm3 sms4 zuc cpk ecies sm2 # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... diff --git a/Makefile.org b/Makefile.org index 77e84977..dbcbe0a8 100644 --- a/Makefile.org +++ b/Makefile.org @@ -149,7 +149,7 @@ SDIRS= \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ cms pqueue ts jpake srp store cmac \ - sm3 sms4 zuc cpk + sm3 sms4 zuc cpk ecies sm2 # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... diff --git a/README.md b/README.md index 9b381781..e08331d6 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,30 @@ $ echo -n abc | gmssl dgst -sm3 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0 ``` +显示SM2推荐椭圆曲线域参数 + +``` bash +$ gmssl ecparam -text -noout -name sm2p256v1 -param_enc explicit +``` + +在代码目录`./certs/sm2/`目录中给出了SM2证书的例子,可以用`gmssl`工具进行解析 +``` +$ gmssl x509 -text -noout -in certs/sm2/sm2-x509.pem +$ gmssl pkcs7 -print_certs -in certs/sm2/sm2-pkcs7.pem +``` + + + GmSSL新增的EVP对象包括`EVP_sm3()`、`EVP_sm4_ecb()`、`EVP_sm4_cbc()`、`EVP_sm4_ofb()`、`EVP_sm4_cfb()`和`EVP_zuc()`。 + + + + + + + + ## 安装 ``` bash @@ -59,6 +81,3 @@ SM2标准中规定采用256比特的椭圆曲线域参数,并采用256比特 - 增加对Pairing、IBE和SM9的支持 - 增加对SSL的支持 - 通过ENGINE机制增加对密码硬件设备的支持 - - - diff --git a/apps/ca-gencert-engine.sh b/apps/ca-gencert-engine.sh deleted file mode 100755 index 923f29b6..00000000 --- a/apps/ca-gencert-engine.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -PIN=123456 -PUK=654321 -P11LIB=/usr/local/lib/opensc-pkcs11.so -REQFILE=req.pem -USERNAME="John Doe" - -echo " *** Erase card ***" -pkcs15-init --erase-card --verbose - -echo " *** Initialization ***" -pkcs15-init \ - --create-pkcs15 \ - --profile pkcs15+onepin \ - --pin $PIN \ - --puk $PUK \ - --label "Personal Crypto Token" \ - --verbose - -echo " *** Generate Key Pair ***" -pkcs11-tool \ - --keypairgen \ - --module $P11LIB \ - --login --pin $PIN \ - --key-type rsa:2048 \ - --usage-sign \ - --subject $USERNAME \ - --label "Private Key" - -KEYID=`pkcs11-tool --module $P11LIB --list-objects | grep "ID" | awk '{ print $2}'` - - -echo " *** Generate Certificate Request ***" -openssl req \ - -new \ - -engine pkcs11 \ - -config openssl.conf \ - -keyform engine \ - -key 1:$KEYID \ - -subj "/C=CN/ST=Beijing/L=Beijing/O=PKU/OU=Infosec/CN=$1/emailAddress=$1@pku.edu.cn" \ - -out $REQFILE - -openssl req -in $REQFILE -text - -CERTFILE=user.pem -CERTDER=user.der - -echo " *** Sign Certificate ***" -openssl ca -batch -out $CERTFILE -notext -outdir . -infiles $REQFILE -openssl x509 -in $CERTFILE -outform DER -out $CERTDER - -echo " *** Import Certificate to Token ***" -pkcs11-tool --write-object $CERTDER \ - --module $P11LIB \ - --login --pin $PIN \ - --label Certificate \ - --type cert - -echo " *** Show Token Info ***" -pkcs11-tool --list-token-slots \ - --module $P11LIB - -pkcs11-tool --list-objects \ - --module $P11LIB \ - --login --pin $PIN - -openssl x509 -in $CERTFILE -text -noout - - diff --git a/apps/ca-gencert.sh b/apps/ca-gencert.sh deleted file mode 100755 index 5a1c9f4e..00000000 --- a/apps/ca-gencert.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -x - -CURVE=secp192k1 -KEY_FILE=user.key -REQ_FILE=user.req -CERT_FILE=user.pem - -#openssl ecparam -genkey -name $CURVE -text -out $KEY_FILE -openssl genrsa 1024 -text > $KEY_FILE -openssl req -new -key $KEY_FILE -out $REQ_FILE -openssl ca -out $CERT_FILE -outdir . -infiles $REQ_FILE -openssl pkcs12 -export -out user.pfx -in $CERT_FILE -inkey $KEY_FILE -certfile .demoCA/cacert.pem - -#rm -f $KEY_FILE -#rm -f $REQ_FILE -#rm -f $CERT_FILE - diff --git a/apps/ca-setup.sh b/apps/ca-setup.sh deleted file mode 100755 index c6f8c4cc..00000000 --- a/apps/ca-setup.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -CURVE=prime256v1 -DIR=demoCA - -rm -fr $DIR -mkdir $DIR -mkdir $DIR/certs -mkdir $DIR/crl -mkdir $DIR/newcerts -mkdir $DIR/private/ -touch $DIR/index.txt -touch $DIR/crlnumber -touch $DIR/private/.rand -echo 01 > $DIR/serial - -#openssl ecparam -genkey -name $CURVE -text -out $DIR/private/cakey.pem - -openssl genrsa 2048 -text > $DIR/private/cakey.pem -openssl req -new -x509 -days 3650 -key $DIR/private/cakey.pem -out $DIR/cacert.pem -openssl x509 -text -noout -in $DIR/cacert.pem - diff --git a/apps/ca-show-token-info.sh b/apps/ca-show-token-info.sh deleted file mode 100755 index 0af330a1..00000000 --- a/apps/ca-show-token-info.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -PIN=123456 -PUK=654321 -P11LIB=/usr/local/lib/opensc-pkcs11.so - -pkcs11-tool --list-token-slots --module $P11LIB -pkcs11-tool --list-objects \ - --module $P11LIB \ - --login --pin $PIN - diff --git a/apps/cpk.c b/apps/cpk.c new file mode 100644 index 00000000..e69de29b diff --git a/apps/sm2 b/apps/sm2 deleted file mode 100755 index 5f20f714..00000000 Binary files a/apps/sm2 and /dev/null differ diff --git a/apps/sm2-cert.pem b/apps/sm2-cert.pem deleted file mode 100644 index 78f7d4ed..00000000 --- a/apps/sm2-cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDAzCCAqqgAwIBAgIJAJw7UiX5bNh5MAkGByqGSM49BAEwcTELMAkGA1UEBhMC -Q04xDzANBgNVBAgMBlBla2luZzEQMA4GA1UEBwwHSGFpZGlhbjEaMBgGA1UECgwR -UGVraW5nIFVuaXZlcnNpdHkxEDAOBgNVBAsMB0luZm9zZWMxETAPBgNVBAMMCEd1 -YW4gWmhpMB4XDTE0MTEyOTE0MDYzMloXDTE1MTEyOTE0MDYzMlowcTELMAkGA1UE -BhMCQ04xDzANBgNVBAgMBlBla2luZzEQMA4GA1UEBwwHSGFpZGlhbjEaMBgGA1UE -CgwRUGVraW5nIFVuaXZlcnNpdHkxEDAOBgNVBAsMB0luZm9zZWMxETAPBgNVBAMM -CEd1YW4gWmhpMIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA//// -/v////////////////////8AAAAA//////////8wRAQg/////v////////////// -//////8AAAAA//////////wEICjp+p6dn140TVqeS89lCafzl4n1FauPkt28vUFN -lA6TBEEEMsSuLB8ZgRlfmQRGajnJlI/jC7/yZgvhcVpFiTNMdMe8Nzai9PZ3nFm9 -zuNraSFT0KmHfMYqR0AC3zLlITnwoAIhAP////7///////////////9yA99rIcYF -K1O79Ak51UEjAgEBA0IABPxvh+kOx3UlRALhNUv+4k2ieZTUpMyk8aGjEIKmMqWz -rcgxV77gZ7V8HHIYJHd+5gwqUnpZbF7ZiztD6LpG8JajUDBOMB0GA1UdDgQWBBTP -knf5z9+3Jlr6AWqSt0GyC94QVjAfBgNVHSMEGDAWgBTPknf5z9+3Jlr6AWqSt0Gy -C94QVjAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDSAAwRQIgEtQ98ncm48JHSnAn -UgE8FqL/aCH1hNFTu6eUTGy/pFsCIQDbx65Yi5VepUzSBfPAqgaFzN/Wp/i/gl0k -HTUjg11OEQ== ------END CERTIFICATE----- diff --git a/apps/sm2-gencert.sh b/apps/sm2-gencert.sh new file mode 100755 index 00000000..bf846ced --- /dev/null +++ b/apps/sm2-gencert.sh @@ -0,0 +1,11 @@ +#!/bin/bash -x + +KEY_FILE=user.key +REQ_FILE=user.req +CERT_FILE=user.pem + +gmssl ecparam -genkey -name sm2p256v1 -text -out $KEY_FILE +gmssl req -new -key $KEY_FILE -out $REQ_FILE +gmssl ca -out $CERT_FILE -outdir . -infiles $REQ_FILE +gmssl pkcs12 -export -out user.pfx -in $CERT_FILE -inkey $KEY_FILE -certfile .demoCA/cacert.pem + diff --git a/apps/sm2-initca.sh b/apps/sm2-initca.sh new file mode 100755 index 00000000..117f91a2 --- /dev/null +++ b/apps/sm2-initca.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +DIR=demoCA + +rm -fr $DIR +mkdir $DIR +mkdir $DIR/certs +mkdir $DIR/crl +mkdir $DIR/newcerts +mkdir $DIR/private/ +touch $DIR/index.txt +touch $DIR/crlnumber +touch $DIR/private/.rand +echo 01 > $DIR/serial + +gmssl ecparam -genkey -name sm2p256v1 -text -out $DIR/private/cakey.pem +gmssl req -new -x509 -days 3650 -key $DIR/private/cakey.pem -out $DIR/cacert.pem +gmssl x509 -text -noout -in $DIR/cacert.pem + diff --git a/apps/sm2-key.pem b/apps/sm2-key.pem deleted file mode 100644 index 3e6ae499..00000000 --- a/apps/sm2-key.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN EC PARAMETERS----- -MIHgAgEBMCwGByqGSM49AQECIQD////+/////////////////////wAAAAD///// -/////zBEBCD////+/////////////////////wAAAAD//////////AQgKOn6np2f -XjRNWp5Lz2UJp/OXifUVq4+S3by9QU2UDpMEQQQyxK4sHxmBGV+ZBEZqOcmUj+ML -v/JmC+FxWkWJM0x0x7w3NqL09necWb3O42tpIVPQqYd8xipHQALfMuUhOfCgAiEA -/////v///////////////3ID32shxgUrU7v0CTnVQSMCAQE= ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MIIBUQIBAQQgkd0ULnCTm/ckQ0TxZvNh8O3U/C1Od/ACbi8zFeEOmHyggeMwgeAC -AQEwLAYHKoZIzj0BAQIhAP////7/////////////////////AAAAAP////////// -MEQEIP////7/////////////////////AAAAAP/////////8BCAo6fqenZ9eNE1a -nkvPZQmn85eJ9RWrj5LdvL1BTZQOkwRBBDLEriwfGYEZX5kERmo5yZSP4wu/8mYL -4XFaRYkzTHTHvDc2ovT2d5xZvc7ja2khU9Cph3zGKkdAAt8y5SE58KACIQD////+ -////////////////cgPfayHGBStTu/QJOdVBIwIBAaFEA0IABPxvh+kOx3UlRALh -NUv+4k2ieZTUpMyk8aGjEIKmMqWzrcgxV77gZ7V8HHIYJHd+5gwqUnpZbF7ZiztD -6LpG8JY= ------END EC PRIVATE KEY----- diff --git a/demos/sm2/sm2-pkcs7.pem b/certs/sm2/sm2-pkcs7.pem similarity index 100% rename from demos/sm2/sm2-pkcs7.pem rename to certs/sm2/sm2-pkcs7.pem diff --git a/demos/sm2/sm2-x509.pem b/certs/sm2/sm2-x509.pem similarity index 100% rename from demos/sm2/sm2-x509.pem rename to certs/sm2/sm2-x509.pem diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 6d3178f6..d7947529 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -1223,6 +1223,14 @@ void ERR_load_EC_strings(void); # define EC_F_PKEY_EC_PARAMGEN 219 # define EC_F_PKEY_EC_SIGN 218 +#ifndef OPENSSL_NO_GMSSL +#define EC_F_PKEY_EC_ENCRYPT 300 +#define EC_F_PKEY_EC_DECRYPT 301 +#define EC_F_PKEY_SM2_SIGN 302 +#define EC_F_PKEY_SM2_ENCRYPT 303 +#define EC_F_PKEY_SM2_DECRYPT 304 +#endif + /* Reason codes. */ # define EC_R_ASN1_ERROR 115 # define EC_R_ASN1_UNKNOWN_FIELD 116 diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 6fe5baaf..395742cb 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -254,6 +254,11 @@ static ERR_STRING_DATA EC_str_functs[] = { {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"}, {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"}, {ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"}, + {ERR_FUNC(EC_F_PKEY_EC_ENCRYPT), "PKEY_EC_ENCRYPT"}, + {ERR_FUNC(EC_F_PKEY_EC_DECRYPT), "PKEY_EC_DECRYPT"}, + {ERR_FUNC(EC_F_PKEY_SM2_SIGN), "PKEY_SM2_SIGN"}, + {ERR_FUNC(EC_F_PKEY_SM2_ENCRYPT), "PKEY_SM2_ENCRYPT"}, + {ERR_FUNC(EC_F_PKEY_SM2_DECRYPT), "PKEY_SM2_DECRYPT"}, {0, NULL} }; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index b7674901..b0288551 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -65,6 +65,7 @@ #include #include #include "evp_locl.h" +#include /* EC pkey context structure */ @@ -278,6 +279,14 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, } #endif + +#ifndef OPENSSL_NO_ECIES +static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +#endif + static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { EC_PKEY_CTX *dctx = ctx->data; @@ -514,9 +523,19 @@ const EVP_PKEY_METHOD ec_pkey_meth = { 0, 0, 0, 0, - 0, 0, + 0, +#ifndef OPENSSL_NO_ECIES + pkey_ec_encrypt, +#else + 0, +#endif - 0, 0, + 0, +#ifndef OPENSSL_NO_ECIES + pkey_ec_decrypt, +#else + 0, +#endif 0, #ifndef OPENSSL_NO_ECDH @@ -528,3 +547,140 @@ const EVP_PKEY_METHOD ec_pkey_meth = { pkey_ec_ctrl, pkey_ec_ctrl_str }; + +#ifndef OPENSSL_NO_ECIES +static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + return 0; +} + +static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + return 0; +} +#endif + +#ifndef OPENSSL_NO_SM2 +static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret, type; + unsigned int sltmp; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + + if (!sig) { + *siglen = ECDSA_size(ec); + return 1; + } else if (*siglen < (size_t)ECDSA_size(ec)) { + ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); + return 0; + } + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); + + if (ret <= 0) + return ret; + *siglen = (size_t)sltmp; + return 1; +} + +static int pkey_sm2_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret, type; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); + + return ret; +} + +static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + int ret = 0; + EC_PKEY_CTX *ec_ctx = ctx->data; + EC_KEY *ec_key = ctx->pkey->pkey.ec; + const EVP_MD *kdf_md = ec_ctx->kdf_md; + const EVP_MD *mac_md = ec_ctx->md; + point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM; + + if (!(ret = SM2_encrypt(kdf_md, mac_md, point_form, out, outlen, in, inlen, ec_key))) { + return 0; + } + + return ret; +} + +static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + int ret = 0; + EC_PKEY_CTX *ec_ctx = ctx->data; + EC_KEY *ec_key = ctx->pkey->pkey.ec; + const EVP_MD *kdf_md = ec_ctx->kdf_md; + const EVP_MD *mac_md = ec_ctx->md; + point_conversion_form_t point_form = SM2_DEFAULT_POINT_CONVERSION_FORM; + + if (!(ret = SM2_decrypt(kdf_md, mac_md, point_form, in, inlen, out, outlen, ec_key))) { + return 0; + } + + return ret; +} + +const EVP_PKEY_METHOD sm2_pkey_meth = { + EVP_PKEY_EC, + 0, + pkey_ec_init, + pkey_ec_copy, + pkey_ec_cleanup, + + 0, + pkey_ec_paramgen, + + 0, + pkey_ec_keygen, + + 0, + pkey_sm2_sign, + + 0, + pkey_sm2_verify, + + 0, 0, + + 0, 0, 0, 0, + + 0, + pkey_sm2_encrypt, + + 0, + pkey_sm2_decrypt, + + 0, +#ifndef OPENSSL_NO_ECDH + pkey_ec_kdf_derive, +#else + 0, +#endif + + pkey_ec_ctrl, + pkey_ec_ctrl_str +}; +#endif diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 9f81d100..9a503037 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -76,6 +76,7 @@ STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; extern const EVP_PKEY_METHOD dhx_pkey_meth; +extern const EVP_PKEY_METHOD sm2_pkey_meth; static const EVP_PKEY_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_RSA @@ -89,6 +90,7 @@ static const EVP_PKEY_METHOD *standard_methods[] = { #endif #ifndef OPENSSL_NO_EC &ec_pkey_meth, + &sm2_pkey_meth, #endif &hmac_pkey_meth, &cmac_pkey_meth, diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index d000d2af..7269e8c2 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -63,11 +63,11 @@ */ #define NUM_NID 1001 -#define NUM_SN 986 -#define NUM_LN 986 -#define NUM_OBJ 925 +#define NUM_SN 985 +#define NUM_LN 985 +#define NUM_OBJ 924 -static const unsigned char lvalues[6491]={ +static const unsigned char lvalues[6482]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -952,41 +952,40 @@ static const unsigned char lvalues[6491]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x04,/* [6254] OBJ_sm2p256v1 */ -0x2A,0x81,0x1C, /* [6263] OBJ_ISO_CN */ -0x2A,0x81,0x1C,0xCF,0x55, /* [6266] OBJ_oscca */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11, /* [6271] OBJ_sm3 */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,0x02,/* [6279] OBJ_hmac_sm3 */ -0x2A,0x81,0x1C,0xCF,0x55,0x01, /* [6288] OBJ_sm */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D, /* [6294] OBJ_sm2 */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x01,/* [6302] OBJ_sm2sign */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x02,/* [6311] OBJ_sm2keyagreement */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,/* [6320] OBJ_sm2encrypt */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [6329] OBJ_sm2sign_with_sm3 */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x76, /* [6337] OBJ_sm2sign_with_sha1 */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x77, /* [6345] OBJ_sm2sign_with_sha256 */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01, /* [6353] OBJ_sms4_ecb */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02, /* [6361] OBJ_sms4_cbc */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04, /* [6369] OBJ_sms4_ofb128 */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03, /* [6377] OBJ_sms4_cfb128 */ -0x2B,0x81,0x04,0x01,0x07, /* [6385] OBJ_ecies_recommendedParameters */ -0x2B,0x81,0x04,0x01,0x08, /* [6390] OBJ_ecies_specifiedParameters */ -0x2B,0x81,0x04,0x01,0x11,0x00, /* [6395] OBJ_x9_63_kdf */ -0x2B,0x81,0x04,0x01,0x11,0x01, /* [6401] OBJ_nist_concatenation_kdf */ -0x2B,0x81,0x04,0x01,0x11,0x02, /* [6407] OBJ_tls_kdf */ -0x2B,0x81,0x04,0x01,0x11,0x03, /* [6413] OBJ_ikev2_kdf */ -0x2B,0x81,0x04,0x01,0x12, /* [6419] OBJ_xor_in_ecies */ -0x2B,0x81,0x04,0x01,0x14,0x00, /* [6424] OBJ_aes128_cbc_in_ecies */ -0x2B,0x81,0x04,0x01,0x14,0x01, /* [6430] OBJ_aes192_cbc_in_ecies */ -0x2B,0x81,0x04,0x01,0x14,0x02, /* [6436] OBJ_aes256_cbc_in_ecies */ -0x2B,0x81,0x04,0x01,0x15,0x00, /* [6442] OBJ_aes128_ctr_in_ecies */ -0x2B,0x81,0x04,0x01,0x15,0x01, /* [6448] OBJ_aes192_ctr_in_ecies */ -0x2B,0x81,0x04,0x01,0x15,0x02, /* [6454] OBJ_aes256_ctr_in_ecies */ -0x2B,0x81,0x04,0x01,0x16, /* [6460] OBJ_hmac_full_ecies */ -0x2B,0x81,0x04,0x01,0x17, /* [6465] OBJ_hmac_half_ecies */ -0x2B,0x81,0x04,0x01,0x18,0x00, /* [6470] OBJ_cmac_aes128_ecies */ -0x2B,0x81,0x04,0x01,0x18,0x01, /* [6476] OBJ_cmac_aes192_ecies */ -0x2A,0x81,0x1C,0xCF,0x55,0x01,0x81,0x48, /* [6482] OBJ_zuc */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D, /* [6254] OBJ_sm2p256v1 */ +0x2A,0x81,0x1C, /* [6262] OBJ_ISO_CN */ +0x2A,0x81,0x1C,0xCF,0x55, /* [6265] OBJ_oscca */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11, /* [6270] OBJ_sm3 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,0x02,/* [6278] OBJ_hmac_sm3 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01, /* [6287] OBJ_sm */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x01,/* [6293] OBJ_sm2sign */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x02,/* [6302] OBJ_sm2keyagreement */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,/* [6311] OBJ_sm2encrypt */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [6320] OBJ_sm2sign_with_sm3 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x76, /* [6328] OBJ_sm2sign_with_sha1 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x77, /* [6336] OBJ_sm2sign_with_sha256 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01, /* [6344] OBJ_sms4_ecb */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02, /* [6352] OBJ_sms4_cbc */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04, /* [6360] OBJ_sms4_ofb128 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03, /* [6368] OBJ_sms4_cfb128 */ +0x2B,0x81,0x04,0x01,0x07, /* [6376] OBJ_ecies_recommendedParameters */ +0x2B,0x81,0x04,0x01,0x08, /* [6381] OBJ_ecies_specifiedParameters */ +0x2B,0x81,0x04,0x01,0x11,0x00, /* [6386] OBJ_x9_63_kdf */ +0x2B,0x81,0x04,0x01,0x11,0x01, /* [6392] OBJ_nist_concatenation_kdf */ +0x2B,0x81,0x04,0x01,0x11,0x02, /* [6398] OBJ_tls_kdf */ +0x2B,0x81,0x04,0x01,0x11,0x03, /* [6404] OBJ_ikev2_kdf */ +0x2B,0x81,0x04,0x01,0x12, /* [6410] OBJ_xor_in_ecies */ +0x2B,0x81,0x04,0x01,0x14,0x00, /* [6415] OBJ_aes128_cbc_in_ecies */ +0x2B,0x81,0x04,0x01,0x14,0x01, /* [6421] OBJ_aes192_cbc_in_ecies */ +0x2B,0x81,0x04,0x01,0x14,0x02, /* [6427] OBJ_aes256_cbc_in_ecies */ +0x2B,0x81,0x04,0x01,0x15,0x00, /* [6433] OBJ_aes128_ctr_in_ecies */ +0x2B,0x81,0x04,0x01,0x15,0x01, /* [6439] OBJ_aes192_ctr_in_ecies */ +0x2B,0x81,0x04,0x01,0x15,0x02, /* [6445] OBJ_aes256_ctr_in_ecies */ +0x2B,0x81,0x04,0x01,0x16, /* [6451] OBJ_hmac_full_ecies */ +0x2B,0x81,0x04,0x01,0x17, /* [6456] OBJ_hmac_half_ecies */ +0x2B,0x81,0x04,0x01,0x18,0x00, /* [6461] OBJ_cmac_aes128_ecies */ +0x2B,0x81,0x04,0x01,0x18,0x01, /* [6467] OBJ_cmac_aes192_ecies */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x81,0x48, /* [6473] OBJ_zuc */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2549,66 +2548,66 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, {"jurisdictionC","jurisdictionCountryName", NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, -{"sm2p256v1","sm2p256v1",NID_sm2p256v1,9,&(lvalues[6254]),0}, +{"sm2p256v1","sm2p256v1",NID_sm2p256v1,8,&(lvalues[6254]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"ISO-CN","ISO CN Member Body",NID_ISO_CN,3,&(lvalues[6263]),0}, -{"oscca","oscca",NID_oscca,5,&(lvalues[6266]),0}, -{"SM3","sm3",NID_sm3,8,&(lvalues[6271]),0}, -{"HMAC-SM3","hmac-sm3",NID_hmac_sm3,9,&(lvalues[6279]),0}, +{"ISO-CN","ISO CN Member Body",NID_ISO_CN,3,&(lvalues[6262]),0}, +{"oscca","oscca",NID_oscca,5,&(lvalues[6265]),0}, +{"SM3","sm3",NID_sm3,8,&(lvalues[6270]),0}, +{"HMAC-SM3","hmac-sm3",NID_hmac_sm3,9,&(lvalues[6278]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {NULL,NULL,NID_undef,0,NULL,0}, {NULL,NULL,NID_undef,0,NULL,0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"sm","sm",NID_sm,6,&(lvalues[6288]),0}, -{"sm2","sm2",NID_sm2,8,&(lvalues[6294]),0}, -{"sm2sign","sm2sign",NID_sm2sign,9,&(lvalues[6302]),0}, +{"sm","sm",NID_sm,6,&(lvalues[6287]),0}, +{NULL,NULL,NID_undef,0,NULL,0}, +{"sm2sign","sm2sign",NID_sm2sign,9,&(lvalues[6293]),0}, {"sm2keyagreement","sm2keyagreement",NID_sm2keyagreement,9, - &(lvalues[6311]),0}, -{"sm2encrypt","sm2encrypt",NID_sm2encrypt,9,&(lvalues[6320]),0}, + &(lvalues[6302]),0}, +{"sm2encrypt","sm2encrypt",NID_sm2encrypt,9,&(lvalues[6311]),0}, {"SM2Sign-with-SM3","sm2sign-with-sm3",NID_sm2sign_with_sm3,8, - &(lvalues[6329]),0}, + &(lvalues[6320]),0}, {"SM2Sign-with-SHA1","sm2sign-with-sha1",NID_sm2sign_with_sha1,8, - &(lvalues[6337]),0}, + &(lvalues[6328]),0}, {"SM2Sign-with-SHA256","sm2sign-with-sha256",NID_sm2sign_with_sha256, - 8,&(lvalues[6345]),0}, + 8,&(lvalues[6336]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"SMS4-ECB","sms4-ecb",NID_sms4_ecb,8,&(lvalues[6353]),0}, -{"SMS4-CBC","sms4-cbc",NID_sms4_cbc,8,&(lvalues[6361]),0}, +{"SMS4-ECB","sms4-ecb",NID_sms4_ecb,8,&(lvalues[6344]),0}, +{"SMS4-CBC","sms4-cbc",NID_sms4_cbc,8,&(lvalues[6352]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"SMS4-OFB","sms4-ofb",NID_sms4_ofb128,8,&(lvalues[6369]),0}, -{"SMS4-CFB","sms4-cfb",NID_sms4_cfb128,8,&(lvalues[6377]),0}, +{"SMS4-OFB","sms4-ofb",NID_sms4_ofb128,8,&(lvalues[6360]),0}, +{"SMS4-CFB","sms4-cfb",NID_sms4_cfb128,8,&(lvalues[6368]),0}, {"ecies-recommendedParameters","ecies-recommendedParameters", - NID_ecies_recommendedParameters,5,&(lvalues[6385]),0}, + NID_ecies_recommendedParameters,5,&(lvalues[6376]),0}, {"ecies-specifiedParameters","ecies-specifiedParameters", - NID_ecies_specifiedParameters,5,&(lvalues[6390]),0}, -{"x9-63-kdf","x9-63-kdf",NID_x9_63_kdf,6,&(lvalues[6395]),0}, + NID_ecies_specifiedParameters,5,&(lvalues[6381]),0}, +{"x9-63-kdf","x9-63-kdf",NID_x9_63_kdf,6,&(lvalues[6386]),0}, {"nist-concatenation-kdf","nist-concatenation-kdf", - NID_nist_concatenation_kdf,6,&(lvalues[6401]),0}, -{"tls-kdf","tls-kdf",NID_tls_kdf,6,&(lvalues[6407]),0}, -{"ikev2-kdf","ikev2-kdf",NID_ikev2_kdf,6,&(lvalues[6413]),0}, -{"xor-in-ecies","xor-in-ecies",NID_xor_in_ecies,5,&(lvalues[6419]),0}, + NID_nist_concatenation_kdf,6,&(lvalues[6392]),0}, +{"tls-kdf","tls-kdf",NID_tls_kdf,6,&(lvalues[6398]),0}, +{"ikev2-kdf","ikev2-kdf",NID_ikev2_kdf,6,&(lvalues[6404]),0}, +{"xor-in-ecies","xor-in-ecies",NID_xor_in_ecies,5,&(lvalues[6410]),0}, {"aes128-cbc-in-ecies","aes128-cbc-in-ecies",NID_aes128_cbc_in_ecies, - 6,&(lvalues[6424]),0}, + 6,&(lvalues[6415]),0}, {"aes192-cbc-in-ecies","aes192-cbc-in-ecies",NID_aes192_cbc_in_ecies, - 6,&(lvalues[6430]),0}, + 6,&(lvalues[6421]),0}, {"aes256-cbc-in-ecies","aes256-cbc-in-ecies",NID_aes256_cbc_in_ecies, - 6,&(lvalues[6436]),0}, + 6,&(lvalues[6427]),0}, {"aes128-ctr-in-ecies","aes128-ctr-in-ecies",NID_aes128_ctr_in_ecies, - 6,&(lvalues[6442]),0}, + 6,&(lvalues[6433]),0}, {"aes192-ctr-in-ecies","aes192-ctr-in-ecies",NID_aes192_ctr_in_ecies, - 6,&(lvalues[6448]),0}, + 6,&(lvalues[6439]),0}, {"aes256-ctr-in-ecies","aes256-ctr-in-ecies",NID_aes256_ctr_in_ecies, - 6,&(lvalues[6454]),0}, + 6,&(lvalues[6445]),0}, {"hmac-full-ecies","hmac-full-ecies",NID_hmac_full_ecies,5, - &(lvalues[6460]),0}, + &(lvalues[6451]),0}, {"hmac-half-ecies","hmac-half-ecies",NID_hmac_half_ecies,5, - &(lvalues[6465]),0}, + &(lvalues[6456]),0}, {"cmac-aes128-ecies","cmac-aes128-ecies",NID_cmac_aes128_ecies,6, - &(lvalues[6470]),0}, + &(lvalues[6461]),0}, {"cmac-aes192-ecies","cmac-aes192-ecies",NID_cmac_aes192_ecies,6, - &(lvalues[6476]),0}, -{"ZUC","zuc",NID_zuc,8,&(lvalues[6482]),0}, + &(lvalues[6467]),0}, +{"ZUC","zuc",NID_zuc,8,&(lvalues[6473]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -3544,7 +3543,6 @@ static const unsigned int sn_objs[NUM_SN]={ 454, /* "simpleSecurityObject" */ 496, /* "singleLevelQuality" */ 968, /* "sm" */ -969, /* "sm2" */ 972, /* "sm2encrypt" */ 971, /* "sm2keyagreement" */ 958, /* "sm2p256v1" */ @@ -4527,7 +4525,6 @@ static const unsigned int ln_objs[NUM_LN]={ 454, /* "simpleSecurityObject" */ 496, /* "singleLevelQuality" */ 968, /* "sm" */ -969, /* "sm2" */ 972, /* "sm2encrypt" */ 971, /* "sm2keyagreement" */ 958, /* "sm2p256v1" */ @@ -5026,7 +5023,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 982, /* OBJ_sms4_cfb128 1 2 156 10197 1 104 3 */ 981, /* OBJ_sms4_ofb128 1 2 156 10197 1 104 4 */ 1000, /* OBJ_zuc 1 2 156 10197 1 200 */ -969, /* OBJ_sm2 1 2 156 10197 1 301 */ +958, /* OBJ_sm2p256v1 1 2 156 10197 1 301 */ 962, /* OBJ_sm3 1 2 156 10197 1 401 */ 973, /* OBJ_sm2sign_with_sm3 1 2 156 10197 1 501 */ 974, /* OBJ_sm2sign_with_sha1 1 2 156 10197 1 502 */ @@ -5211,7 +5208,6 @@ static const unsigned int obj_objs[NUM_OBJ]={ 970, /* OBJ_sm2sign 1 2 156 10197 1 301 1 */ 971, /* OBJ_sm2keyagreement 1 2 156 10197 1 301 2 */ 972, /* OBJ_sm2encrypt 1 2 156 10197 1 301 3 */ -958, /* OBJ_sm2p256v1 1 2 156 10197 1 301 4 */ 963, /* OBJ_hmac_sm3 1 2 156 10197 1 401 2 */ 108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ 112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 05ee4dbe..d2e2163c 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -4276,25 +4276,21 @@ #define NID_sm 968 #define OBJ_sm OBJ_oscca,1L -#define SN_sm2 "sm2" -#define NID_sm2 969 -#define OBJ_sm2 OBJ_sm,301L +#define SN_sm2p256v1 "sm2p256v1" +#define NID_sm2p256v1 958 +#define OBJ_sm2p256v1 OBJ_sm,301L #define SN_sm2sign "sm2sign" #define NID_sm2sign 970 -#define OBJ_sm2sign OBJ_sm2,1L +#define OBJ_sm2sign OBJ_sm,301L,1L #define SN_sm2keyagreement "sm2keyagreement" #define NID_sm2keyagreement 971 -#define OBJ_sm2keyagreement OBJ_sm2,2L +#define OBJ_sm2keyagreement OBJ_sm,301L,2L #define SN_sm2encrypt "sm2encrypt" #define NID_sm2encrypt 972 -#define OBJ_sm2encrypt OBJ_sm2,3L - -#define SN_sm2p256v1 "sm2p256v1" -#define NID_sm2p256v1 958 -#define OBJ_sm2p256v1 OBJ_sm2,4L +#define OBJ_sm2encrypt OBJ_sm,301L,3L #define SN_sm3 "SM3" #define LN_sm3 "sm3" diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 1cb8144b..7d6bc3ef 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1376,11 +1376,10 @@ secg-scheme 24 1 : cmac-aes192-ecies member-body 156 : ISO-CN : ISO CN Member Body ISO-CN 10197 : oscca oscca 1 : sm -sm 301 : sm2 -sm2 1 : sm2sign -sm2 2 : sm2keyagreement -sm2 3 : sm2encrypt -sm2 4 : sm2p256v1 +sm 301 : sm2p256v1 +sm 301 1 : sm2sign +sm 301 2 : sm2keyagreement +sm 301 3 : sm2encrypt sm 401 : SM3 : sm3 sm 401 2 : HMAC-SM3 : hmac-sm3 sm 501 : SM2Sign-with-SM3 : sm2sign-with-sm3 diff --git a/crypto/sm2/Makefile b/crypto/sm2/Makefile index e23002a7..dce30f6d 100644 --- a/crypto/sm2/Makefile +++ b/crypto/sm2/Makefile @@ -1,5 +1,5 @@ # -# crypto/ecies/Makefile +# crypto/sm2/Makefile # DIR= sm2 @@ -23,7 +23,7 @@ LIBOBJ= sm2_dgst.o sm2_enc.o SRC= $(LIBSRC) -EXHEADER= sm2_enc.h +EXHEADER= sm2.h HEADER= $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/crypto/sm2/sm2.h b/crypto/sm2/sm2.h new file mode 100644 index 00000000..97cbd963 --- /dev/null +++ b/crypto/sm2/sm2.h @@ -0,0 +1,89 @@ +#ifndef HEADER_SM2_H +#define HEADER_SM2_H + +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SM2_DEFAULT_POINT_CONVERSION_FORM 0 + + +typedef struct sm2_ciphertext_value_st { + EC_POINT *ephem_point; + unsigned char *ciphertext; + size_t ciphertext_size; + unsigned char mactag[EVP_MAX_MD_SIZE]; + unsigned int mactag_size; +} SM2_CIPHERTEXT_VALUE; + + +int SM2_compute_za(unsigned char *za, const EVP_MD *md, + const void *id, size_t idlen, EC_KEY *ec_key); + +int SM2_compute_digest(unsigned char *dgst, unsigned int *dgstlen, + const EVP_MD *za_md, const void *id, size_t idlen, EC_KEY *ec_key, + const EVP_MD *msg_md, const void *msg, size_t msglen); + +int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *ec_group, + point_conversion_form_t point_form, size_t mlen, + const EVP_MD *mac_md); + +void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv); + +int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, + const EC_GROUP *ec_group, point_conversion_form_t point_form, + unsigned char *buf, size_t *buflen); + +SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, + point_conversion_form_t point_form, const EVP_MD *mac_md, + const unsigned char *buf, size_t buflen); + +int SM2_CIPHERTEXT_VALUE_print(BIO *out, const SM2_CIPHERTEXT_VALUE *cv, + int indent, unsigned long flags); + +SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, + const unsigned char *in, size_t inlen, EC_KEY *ec_key); + +int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, + const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen, + EC_KEY *ec_key); + +int SM2_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, + point_conversion_form_t point_form, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen, EC_KEY *ec_key); + +int SM2_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, + point_conversion_form_t point_form, const unsigned char *in, + size_t inlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key); + +void ERR_load_SM2_strings(void); + +/* Error codes for the ECIES functions. */ + +/* Function codes. */ +#define SM2_F_SM2_DO_ENCRYPT 100 +#define SM2_F_SM2_DO_DECRYPT 101 +#define SM2_F_SM2_CIPHERTEXT_VALUE_FREE 102 + +/* Reason codes. */ +#define SM2_R_BAD_DATA 100 +#define SM2_R_UNKNOWN_CIPHER_TYPE 101 +#define SM2_R_ENCRYPT_FAILED 102 +#define SM2_R_DECRYPT_FAILED 103 +#define SM2_R_UNKNOWN_MAC_TYPE 104 +#define SM2_R_GEN_MAC_FAILED 105 +#define SM2_R_VERIFY_MAC_FAILED 106 +#define SM2_R_ECDH_FAILED 107 +#define SM2_R_BUFFER_TOO_SMALL 108 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/sm2/sm2_dgst.c b/crypto/sm2/sm2_dgst.c index a114bcc0..04417818 100644 --- a/crypto/sm2/sm2_dgst.c +++ b/crypto/sm2/sm2_dgst.c @@ -5,25 +5,29 @@ #include #include #include +#include #include #define EC_MAX_NBYTES ((OPENSSL_ECC_MAX_FIELD_BITS + 7)/8) +#define SM2_MAX_ID_LENGTH 4096 + /* * pkdata = a || b || G.x || G.y || P.x || P.y */ static int sm2_get_public_key_data(unsigned char *buf, EC_KEY *ec_key) { int ret = -1; - int nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); const EC_POINT *point; + int nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; unsigned char oct[EC_MAX_NBYTES * 2 + 1]; - BN_CTX *ctx = NULL; + BN_CTX *bn_ctx = NULL; BIGNUM *p = NULL; BIGNUM *x = NULL; BIGNUM *y = NULL; + size_t len; OPENSSL_assert(ec_key); OPENSSL_assert(nbytes == 256/8); @@ -33,16 +37,16 @@ static int sm2_get_public_key_data(unsigned char *buf, EC_KEY *ec_key) } bzero(buf, nbytes * 6); - ctx = BN_CTX_new(); + bn_ctx = BN_CTX_new(); p = BN_new(); x = BN_new(); y = BN_new(); - if (!ctx || !p || !x || !y) { + if (!bn_ctx || !p || !x || !y) { goto err; } /* get curve coefficients a, b */ - if (!EC_GROUP_get_curve_GFp(ec_group, p, x, y, ctx)) { + if (!EC_GROUP_get_curve_GFp(ec_group, p, x, y, bn_ctx)) { goto err; } buf += nbytes; @@ -80,7 +84,7 @@ static int sm2_get_public_key_data(unsigned char *buf, EC_KEY *ec_key) ret = (nbytes * 6); err: - if (ctx) BN_CTX_free(ctx); + if (bn_ctx) BN_CTX_free(bn_ctx); if (p) BN_free(p); if (x) BN_free(x); if (y) BN_free(y); @@ -88,42 +92,42 @@ err: return ret; } -int SM2_compute_za(unsigned char *za, const EVP_MD *md, - const void *id, size_t idlen, EC_KEY *ec_key) +int SM2_compute_za(unsigned char *za, unsigned int *zalen, + const EVP_MD *md, const void *id, size_t idlen, EC_KEY *ec_key) { int ret = 0; - EVP_MD_CTX *ctx = NULL; + EVP_MD_CTX *md_ctx = NULL; unsigned char pkdata[EC_MAX_NBYTES * 6]; - uint16_t idbits; - int len; - idbits = cpu_to_be16(idlen * 8); - + uint16_t idbits = idlen * 8; + int pkdatalen; + if ((pkdatalen = sm2_get_public_key_data(pkdata, ec_key)) < 0) { goto err; } - if (!(ctx = EVP_MD_CTX_create())) { + if (!(md_ctx = EVP_MD_CTX_create())) { goto err; } - if (!EVP_DigestInit_ex(ctx, md, NULL)) { - goto end; + if (!EVP_DigestInit_ex(md_ctx, md, NULL)) { + goto err; } - if (!EVP_DigestUpdate(ctx, &idbits, sizeof(idbits))) { - goto end; + if (!EVP_DigestUpdate(md_ctx, &idbits, sizeof(idbits))) { + goto err; } - if (!EVP_DigestUpdate(ctx, id, idlen)) { - goto end; + if (!EVP_DigestUpdate(md_ctx, id, idlen)) { + goto err; } - if (!EVP_DigestUpdate(ctx, pkdata, pkdatalen)) { - goto end; + if (!EVP_DigestUpdate(md_ctx, pkdata, pkdatalen)) { + goto err; } - if (!EVP_DigestFinal(ctx, za, &zalen)) { + if (!EVP_DigestFinal(md_ctx, za, zalen)) { + goto err; } - ret = SM3_DIGEST_LENGTH; + ret = 1; err: - if (ctx) EVP_MD_CTX_destroy(ctx); + if (md_ctx) EVP_MD_CTX_destroy(md_ctx); return ret; } @@ -133,14 +137,14 @@ int SM2_compute_digest(unsigned char *dgst, unsigned int *dgstlen, { int ret = 0; unsigned char za[EVP_MAX_MD_SIZE]; - int zalen; + unsigned int zalen; EVP_MD_CTX *ctx = NULL; /* compute Za */ if (idlen > SM2_MAX_ID_LENGTH) { goto err; } - if ((zalen = SM2_compute_za(za, za_md, id, idlen, ec_key)) < 0) { + if (!SM2_compute_za(za, &zalen, za_md, id, idlen, ec_key)) { goto err; } diff --git a/crypto/sm2/sm2_enc.c b/crypto/sm2/sm2_enc.c index 13952068..212d93e7 100644 --- a/crypto/sm2/sm2_enc.c +++ b/crypto/sm2/sm2_enc.c @@ -6,10 +6,36 @@ #include #include #include -#include -#include "sm2_enc.h" +#include +#include "sm2.h" -void SM2_CIPEHRTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv) +int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *ec_group, + point_conversion_form_t point_form, size_t mlen, + const EVP_MD *mac_md) +{ + int ret = 0; + EC_POINT *point = EC_POINT_new(ec_group); + BN_CTX *bn_ctx = BN_CTX_new(); + size_t len; + + if (!point || !bn_ctx) { + goto end; + } + + if (!(len = EC_POINT_point2oct(ec_group, point, point_form, + NULL, 0, bn_ctx))) { + goto end; + } + len += mlen + EVP_MD_size(mac_md); + + ret = len; +end: + if (point) EC_POINT_free(point); + if (bn_ctx) BN_CTX_free(bn_ctx); + return ret; +} + +void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv) { if (cv->ephem_point) EC_POINT_free(cv->ephem_point); if (cv->ciphertext) OPENSSL_free(cv->ciphertext); @@ -17,9 +43,141 @@ void SM2_CIPEHRTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv) OPENSSL_free(cv); } -SM2_CIPHERTEXT_VALUE *SM2_do_encrypt( - const EVP_MD *kdf_md, const EVP_MD *mac_md, - const void *in, size_t inlen, const EC_KEY *ec_key); +int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, + const EC_GROUP *ec_group, point_conversion_form_t point_form, + unsigned char *buf, size_t *buflen) +{ + int ret = 0; + BN_CTX *bn_ctx = BN_CTX_new(); + size_t ptlen, cvlen; + + if (!bn_ctx) { + return 0; + } + + if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point, + point_form, NULL, 0, bn_ctx))) { + goto end; + } + cvlen = ptlen + cv->ciphertext_size + cv->mactag_size; + + if (!buf) { + *buflen = cvlen; + ret = 1; + goto end; + + } else if (*buflen < cvlen) { + goto end; + } + + if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point, + point_form, buf, *buflen, bn_ctx))) { + goto end; + } + buf += ptlen; + memcpy(buf, cv->ciphertext, cv->ciphertext_size); + buf += cv->ciphertext_size; + memcpy(buf, cv->mactag, cv->mactag_size); + + *buflen = cvlen; + ret = 1; +end: + if (bn_ctx) BN_CTX_free(bn_ctx); + return ret; +} + +SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, + point_conversion_form_t point_form, const EVP_MD *mac_md, + const unsigned char *buf, size_t buflen) +{ + int ok = 0; + SM2_CIPHERTEXT_VALUE *ret = NULL; + BN_CTX *bn_ctx = NULL; + int len = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, 0, mac_md); + int ptlen = len - EVP_MD_size(mac_md); + + if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, 0, mac_md))) { + goto end; + } + if (buflen <= len) { + goto end; + } + + if (!(ret = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) { + goto end; + } + + ret->ephem_point = EC_POINT_new(ec_group); + ret->ciphertext_size = buflen - len; + ret->ciphertext = OPENSSL_malloc(ret->ciphertext_size); + if (!ret->ephem_point || !ret->ciphertext) { + goto end; + } + if (!(bn_ctx = BN_CTX_new())) { + goto end; + } + if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, len, bn_ctx)) { + goto end; + } + memcpy(ret->ciphertext, buf + ptlen, ret->ciphertext_size); + ret->mactag_size = EVP_MD_size(mac_md); + memcpy(ret->mactag, buf + buflen - ret->mactag_size, ret->mactag_size); + + ok = 1; + +end: + if (!ok && ret) { + SM2_CIPHERTEXT_VALUE_free(ret); + ret = NULL; + } + if (bn_ctx) BN_CTX_free(bn_ctx); + + return ret; +} + +int SM2_CIPHERTEXT_VALUE_print(BIO *out, const SM2_CIPHERTEXT_VALUE *cv, + int indent, unsigned long flags) +{ + OPENSSL_assert(0); + return 0; +} + +int SM2_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, + point_conversion_form_t point_form, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen, EC_KEY *ec_key) +{ + int ret = 0; + const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); + SM2_CIPHERTEXT_VALUE *cv = NULL; + int len; + + if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, inlen, mac_md))) { + goto end; + } + + if (!out) { + *outlen = (size_t)len; + return 1; + + } else if (*outlen < (size_t)len) { + return 0; + } + + if (!(cv = SM2_do_encrypt(kdf_md, mac_md, in, inlen, ec_key))) { + goto end; + } + if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, point_form, out, outlen)) { + goto end; + } + + ret = 1; +end: + if (cv) SM2_CIPHERTEXT_VALUE_free(cv); + return ret; +} + +SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, + const unsigned char *in, size_t inlen, EC_KEY *ec_key) { int ok = 0; SM2_CIPHERTEXT_VALUE *cv = NULL; @@ -34,25 +192,26 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt( EVP_MD_CTX *md_ctx = NULL; unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1]; int nbytes; + size_t len; int i; if (!ec_group || !pub_key) { - goto err; + goto end; } if (!kdf) { - goto err; + goto end; } /* init ciphertext_value */ if (!(cv = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) { - goto err; + goto end; } bzero(cv, sizeof(SM2_CIPHERTEXT_VALUE)); cv->ephem_point = EC_POINT_new(ec_group); cv->ciphertext = OPENSSL_malloc(inlen); cv->ciphertext_size = inlen; if (!cv->ephem_point || !cv->ciphertext) { - goto err; + goto end; } point = EC_POINT_new(ec_group); @@ -62,17 +221,17 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt( bn_ctx = BN_CTX_new(); md_ctx = EVP_MD_CTX_create(); if (!point || !n || !h || !k || !bn_ctx || !md_ctx) { - goto err; + goto end; } /* init ec domain parameters */ if (!EC_GROUP_get_order(ec_group, n, bn_ctx)) { - goto err; + goto end; } if (!EC_GROUP_get_cofactor(ec_group, h, bn_ctx)) { - goto err; + goto end; } - nbytes = (EC_GROPU_get_degree(ec_group) + 7) / 8; + nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; OPENSSL_assert(nbytes == BN_num_bytes(n)); /* check sm2 curve and md is 256 bits */ @@ -89,24 +248,24 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt( /* A2: C1 = [k]G = (x1, y1) */ if (!EC_POINT_mul(ec_group, cv->ephem_point, k, NULL, NULL, bn_ctx)) { - goto err; + goto end; } /* A3: check [h]P_B != O */ if (!EC_POINT_mul(ec_group, point, NULL, pub_key, h, bn_ctx)) { - goto err; + goto end; } if (EC_POINT_is_at_infinity(ec_group, point)) { - goto err; + goto end; } /* A4: compute ECDH [k]P_B = (x2, y2) */ if (!EC_POINT_mul(ec_group, point, NULL, pub_key, k, bn_ctx)) { - goto err; + goto end; } if (!(len = EC_POINT_point2oct(ec_group, point, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) { - goto err; + goto end; } OPENSSL_assert(len == nbytes * 2 + 1); @@ -134,24 +293,24 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt( /* A7: C3 = Hash(x2 || M || y2) */ if (!EVP_DigestInit_ex(md_ctx, mac_md, NULL)) { - goto err; + goto end; } if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) { - goto err; + goto end; } if (!EVP_DigestUpdate(md_ctx, in, inlen)) { - goto err; + goto end; } if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) { - goto err; + goto end; } if (!EVP_DigestFinal_ex(md_ctx, cv->mactag, &cv->mactag_size)) { - goto err; + goto end; } ok = 1; -err: +end: if (!ok && cv) { SM2_CIPHERTEXT_VALUE_free(cv); cv = NULL; @@ -166,12 +325,47 @@ err: return cv; } - -int SM2_do_decrypt(const SM2_CIPHERTEXT_VALUE *cv, - const EVP_MD *kdf_md, const EVP_MD *mac_md, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) +int SM2_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, + point_conversion_form_t point_form, const unsigned char *in, + size_t inlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key) { - int ret = 0 + int ret = 0; + const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); + SM2_CIPHERTEXT_VALUE *cv = NULL; + int len; + + if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, point_form, 0, mac_md))) { + goto end; + } + if (inlen <= len) { + goto end; + } + + if (!out) { + *outlen = inlen - len; + return 1; + } else if (outlen < inlen - len) { + return 0; + } + + if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, point_form, mac_md, in, inlen))) { + goto end; + } + if (!SM2_do_decrypt(kdf_md, mac_md, cv, out, outlen, ec_key)) { + goto end; + } + + ret = 1; +end: + if (cv) SM2_CIPHERTEXT_VALUE_free(cv); + return ret; +} + +int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, + const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen, + EC_KEY *ec_key) +{ + int ret = 0; const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); const BIGNUM *pri_key = EC_KEY_get0_private_key(ec_key); KDF_FUNC kdf = KDF_get_x9_63(kdf_md); @@ -182,14 +376,16 @@ int SM2_do_decrypt(const SM2_CIPHERTEXT_VALUE *cv, EVP_MD_CTX *md_ctx = NULL; unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1]; unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int maclen; int nbytes; + size_t size; int i; - if (!ec_group || !pub_key) { - goto err; + if (!ec_group || !pri_key) { + goto end; } if (!kdf) { - goto err; + goto end; } if (!out) { @@ -197,7 +393,7 @@ int SM2_do_decrypt(const SM2_CIPHERTEXT_VALUE *cv, return 1; } if (*outlen < cv->ciphertext_size) { - goto err; + goto end; } /* init vars */ @@ -207,17 +403,17 @@ int SM2_do_decrypt(const SM2_CIPHERTEXT_VALUE *cv, bn_ctx = BN_CTX_new(); md_ctx = EVP_MD_CTX_create(); if (!point || !n || !h || !bn_ctx || !md_ctx) { - goto err; + goto end; } /* init ec domain parameters */ if (!EC_GROUP_get_order(ec_group, n, bn_ctx)) { - goto err; + goto end; } if (!EC_GROUP_get_cofactor(ec_group, h, bn_ctx)) { - goto err; + goto end; } - nbytes = (EC_GROPU_get_degree(ec_group) + 7) / 8; + nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; OPENSSL_assert(nbytes == BN_num_bytes(n)); /* check sm2 curve and md is 256 bits */ @@ -227,23 +423,23 @@ int SM2_do_decrypt(const SM2_CIPHERTEXT_VALUE *cv, /* B2: check [h]C1 != O */ if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, h, bn_ctx)) { - goto err; + goto end; } if (EC_POINT_is_at_infinity(ec_group, point)) { - goto err; + goto end; } /* B3: compute ECDH [d]C1 = (x2, y2) */ if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, pri_key, bn_ctx)) { - goto err; + goto end; } - if (!(len = EC_POINT_point2oct(ec_group, point, + if (!(size = EC_POINT_point2oct(ec_group, point, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) { - goto err; + goto end; } /* B4: compute t = KDF(x2 || y2, clen) */ - kdf(buf - 1, len - 1, out, outlen); + kdf(buf - 1, size - 1, out, outlen); /* B5: compute M = C2 xor t */ @@ -253,26 +449,27 @@ int SM2_do_decrypt(const SM2_CIPHERTEXT_VALUE *cv, /* B6: check Hash(x2 || M || y2) == C3 */ if (!EVP_DigestInit_ex(md_ctx, mac_md, NULL)) { - goto err; + goto end; } if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) { - goto err; + goto end; } if (!EVP_DigestUpdate(md_ctx, out, *outlen)) { - goto err; + goto end; } if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) { - goto err; + goto end; } if (!EVP_DigestFinal_ex(md_ctx, mac, &maclen)) { - goto err; + goto end; } - if (cv->mactag_size != maclen || memcmp(cv->mactag, mac, maclen)) { - goto err; + if (cv->mactag_size != maclen || + memcmp(cv->mactag, mac, maclen)) { + goto end; } ret = 1; -err: +end: if (point) EC_POINT_free(point); if (n) BN_free(n); if (h) BN_free(h); diff --git a/crypto/sm2/sm2_enc.h b/crypto/sm2/sm2_enc.h deleted file mode 100644 index 6cd0a220..00000000 --- a/crypto/sm2/sm2_enc.h +++ /dev/null @@ -1,59 +0,0 @@ -#ifndef HEADER_SM2_ENC_H -#define HEADER_SM2_ENC_H - -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct sm2_ciphertext_value_st { - EC_POINT *ephem_point; - unsigned char *ciphertext; - size_t ciphertext_size; - unsigned char mactag[EVP_MAX_MD_SIZE]; - size_t mactag_size; -} SM2_CIPHERTEXT_VALUE; - - -SM2_CIPHERTEXT_VALUE *SM2_do_encrypt( - const EVP_MD *kdf_md, const EVP_MD *mac_md, - const void *in, size_t inlen, const EC_KEY *pub_key); - -int SM2_do_decrypt(const SM2_CIPHERTEXT_VALUE *cv, - const EVP_MD *kdf_md, const EVP_MD *mac_md, - unsigned char *out, size_t *outlen, EC_KEY *pri_key); - -void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv); - - -void ERR_load_SM2_strings(void); - -/* Error codes for the ECIES functions. */ - -/* Function codes. */ -#define SM2_F_SM2_DO_ENCRYPT 100 -#define SM2_F_SM2_DO_DECRYPT 101 -#define SM2_F_SM2_CIPHERTEXT_VALUE_FREE 102 - -/* Reason codes. */ -#define SM2_R_BAD_DATA 100 -#define SM2_R_UNKNOWN_CIPHER_TYPE 101 -#define SM2_R_ENCRYPT_FAILED 102 -#define SM2_R_DECRYPT_FAILED 103 -#define SM2_R_UNKNOWN_MAC_TYPE 104 -#define SM2_R_GEN_MAC_FAILED 105 -#define SM2_R_VERIFY_MAC_FAILED 106 -#define SM2_R_ECDH_FAILED 107 -#define SM2_R_BUFFER_TOO_SMALL 108 - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c new file mode 100644 index 00000000..97a75b31 --- /dev/null +++ b/crypto/sm2/sm2_err.c @@ -0,0 +1,41 @@ +#include +#include +#include "sm2.h" + +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECIES,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECIES,0,reason) + + +static ERR_STRING_DATA SM2_str_functs[] = { + {ERR_FUNC(ECIES_F_ECIES_DO_ENCRYPT), "ECIES_do_encrypt"}, + {ERR_FUNC(ECIES_F_ECIES_DO_DECRYPT), "ECIES_do_decrypt"}, + {0,NULL} +}; + +static ERR_STRING_DATA SM2_str_reasons[] = { + {ERR_REASON(ECIES_R_BAD_DATA), "bad data"}, + {ERR_REASON(ECIES_R_UNKNOWN_CIPHER_TYPE),"unknown cipher type"}, + {ERR_REASON(ECIES_R_ENCRYPT_FAILED), "encrypt failed"}, + {ERR_REASON(ECIES_R_DECRYPT_FAILED), "decrypt failed"}, + {ERR_REASON(ECIES_R_UNKNOWN_MAC_TYPE), "unknown MAC type"}, + {ERR_REASON(ECIES_R_GEN_MAC_FAILED), "MAC generation failed"}, + {ERR_REASON(ECIES_R_VERIFY_MAC_FAILED), "MAC verification failed"}, + {ERR_REASON(ECIES_R_ECDH_FAILED), "ECDH failed"}, + {ERR_REASON(ECIES_R_BUFFER_TOO_SMALL), "buffer too small"}, + {0,NULL} +}; + +#endif + +void ERR_load_ECIES_strings(void) +{ +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(ECIES_str_functs[0].error) == NULL) { + ERR_load_strings(0,ECIES_str_functs); + ERR_load_strings(0,ECIES_str_reasons); + } +#endif +} diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h new file mode 120000 index 00000000..32aaa428 --- /dev/null +++ b/include/openssl/sm2.h @@ -0,0 +1 @@ +../../crypto/sm2/sm2.h \ No newline at end of file diff --git a/test/sm2test.c b/test/sm2test.c new file mode 120000 index 00000000..6d082263 --- /dev/null +++ b/test/sm2test.c @@ -0,0 +1 @@ +../crypto/sm2/sm2test.c \ No newline at end of file diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 7f7f3b96..9610db18 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -122,6 +122,7 @@ and [options] can be one of no-ecdsa - No ECDSA no-ecdh - No ECDH no-ecies - No ECIES + no-sm2 - No SM2 no-cpk - No CPK no-engine - No engine no-hw - No hw @@ -295,6 +296,7 @@ $cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; $cflags.=" -DOPENSSL_NO_EC2M" if $no_ec2m; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; +$cflags.=" -DOPENSSL_NO_SM2" if $no_sm2; $cflags.=" -DOPENSSL_NO_SM3" if $no_sm3; $cflags.=" -DOPENSSL_NO_SMS4" if $no_sms4; $cflags.=" -DOPENSSL_NO_ZUC" if $no_zuc; @@ -922,6 +924,7 @@ sub var_add @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; + @a=grep(!/(^sm2)|(_sm2$)/,@a) if $no_sm2; @a=grep(!/(^sm3)|(_sm3$)/,@a) if $no_sm3; @a=grep(!/(^sms4)|(_sms4$)/,@a) if $no_sms4; @a=grep(!/(^zuc)|(_zuc$)/,@a) if $no_zuc; @@ -1255,6 +1258,7 @@ sub read_options "no-libunbound" => 0, "no-multiblock" => 0, "fips" => \$fips, + "no-sm2" => \$no_sm2, "no-sm3" => \$no_sm3, "no-sms4" => \$no_sms4, "no-zuc" => \$no_zuc diff --git a/util/mkdef.pl b/util/mkdef.pl index 7a7f9f9d..892e1a9c 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -146,7 +146,7 @@ my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; -my $no_sm3; my $no_sms4; my $no_zuc; my $no_ecies; my $no_cpk; +my $no_sm3; my $no_sms4; my $no_zuc; my $no_ecies; my $no_cpk; my $no_sm2; my $fips; @@ -249,6 +249,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-sctp$/) { $no_sctp=1; } elsif (/^no-srtp$/) { $no_srtp=1; } elsif (/^no-unit-test$/){ $no_unit_test=1; } + elsif (/^no-sm2$/) { $no_sm2=1; } elsif (/^no-sm3$/) { $no_sm3=1; } elsif (/^no-sms4$/) { $no_sms4=1; } elsif (/^no-zuc$/) { $no_zuc=1; } @@ -360,6 +361,7 @@ $crypto.=" crypto/jpake/jpake.h"; $crypto.=" crypto/modes/modes.h"; $crypto.=" crypto/srp/srp.h"; +$crypto.=" crypto/sm2/sm2.h"; # unless $no_sm2; $crypto.=" crypto/sm3/sm3.h"; # unless $no_sm3; $crypto.=" crypto/sms4/sms4.h"; # unless $no_sms4; $crypto.=" crypto/zuc/zuc.h"; # unless $no_zuc; @@ -1240,6 +1242,7 @@ sub is_valid if ($keyword eq "SRTP" && $no_srtp) { return 0; } if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } + if ($keyword eq "SM2" && $no_sm2) { return 0; } if ($keyword eq "SM3" && $no_sm3) { return 0; } if ($keyword eq "SMS4" && $no_sms4) { return 0; } if ($keyword eq "ZUC" && $no_zuc) { return 0; } diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 72a7a6bb..7a81bf92 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -17,13 +17,10 @@ my @dirs = ( "crypto/hmac", "crypto/cmac", "crypto/ripemd", -"crypto/sm3", "crypto/des", "crypto/rc2", "crypto/rc4", "crypto/rc5", -"crypto/sms4", -"crypto/zuc", "crypto/idea", "crypto/bf", "crypto/cast", @@ -39,8 +36,6 @@ my @dirs = ( "crypto/ec", "crypto/ecdh", "crypto/ecdsa", -"crypto/ecies", -"crypto/cpk", "crypto/buffer", "crypto/bio", "crypto/stack", @@ -69,6 +64,12 @@ my @dirs = ( "crypto/whrlpool", "crypto/ts", "crypto/srp", +"crypto/sm3", +"crypto/sms4", +"crypto/zuc", +"crypto/ecies", +"crypto/cpk", +"crypto/sm2", "ssl", "apps", "engines",