mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-07-02 10:43:37 +08:00
Merge remote-tracking branch 'origin/master'
# Conflicts: # README.md
This commit is contained in:
@@ -1,165 +0,0 @@
|
||||
#
|
||||
# crypto/sm2/Makefile
|
||||
#
|
||||
|
||||
DIR= sm2
|
||||
TOP= ../..
|
||||
CC= cc
|
||||
INCLUDES= -I.. -I$(TOP) -I../../include
|
||||
CFLAG=-g -Wall
|
||||
MAKEFILE= Makefile
|
||||
AR= ar r
|
||||
|
||||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
|
||||
GENERAL=Makefile
|
||||
TEST=sm2test.c
|
||||
APPS=
|
||||
|
||||
LIB=$(TOP)/libcrypto.a
|
||||
LIBSRC= sm2_lib.c sm2_asn1.c sm2_err.c sm2_sign.c sm2_enc.c sm2_kap.c
|
||||
LIBOBJ= sm2_lib.o sm2_asn1.o sm2_err.o sm2_sign.o sm2_enc.o sm2_kap.o
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
EXHEADER= sm2.h
|
||||
HEADER= $(EXHEADER)
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
top:
|
||||
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
|
||||
|
||||
all: lib
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@touch lib
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
||||
|
||||
links:
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
|
||||
|
||||
install:
|
||||
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
|
||||
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
|
||||
do \
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
|
||||
tags:
|
||||
ctags $(SRC)
|
||||
|
||||
tests:
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
dclean:
|
||||
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
|
||||
mv -f Makefile.new $(MAKEFILE)
|
||||
|
||||
clean:
|
||||
rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
sm2_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
|
||||
sm2_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
|
||||
sm2_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sm2_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
sm2_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
sm2_asn1.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
|
||||
sm2_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
sm2_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
sm2_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sm2_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
|
||||
sm2_asn1.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
|
||||
sm2_asn1.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
|
||||
sm2_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
|
||||
sm2_asn1.o: ../../include/openssl/x509_vfy.h sm2_asn1.c
|
||||
sm2_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
||||
sm2_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sm2_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
sm2_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
sm2_enc.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
|
||||
sm2_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
sm2_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
sm2_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sm2_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
|
||||
sm2_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_enc.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
sm2_enc.o: ../o_str.h sm2_enc.c
|
||||
sm2_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
sm2_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
sm2_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
|
||||
sm2_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
|
||||
sm2_err.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
|
||||
sm2_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
||||
sm2_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
sm2_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
|
||||
sm2_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_err.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
sm2_err.o: sm2_err.c
|
||||
sm2_kap.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_kap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
sm2_kap.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
sm2_kap.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
|
||||
sm2_kap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
|
||||
sm2_kap.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
|
||||
sm2_kap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
||||
sm2_kap.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
sm2_kap.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
|
||||
sm2_kap.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_kap.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_kap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_kap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h sm2.h
|
||||
sm2_kap.o: sm2_kap.c
|
||||
sm2_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
||||
sm2_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sm2_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
sm2_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
sm2_lib.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
|
||||
sm2_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
sm2_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
sm2_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sm2_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
|
||||
sm2_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_lib.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
sm2_lib.o: sm2_lib.c
|
||||
sm2_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
||||
sm2_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sm2_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
sm2_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
sm2_sign.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
|
||||
sm2_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
sm2_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
sm2_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sm2_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
|
||||
sm2_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_sign.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
sm2_sign.o: sm2_sign.c
|
||||
@@ -1,165 +0,0 @@
|
||||
#
|
||||
# crypto/sm2/Makefile
|
||||
#
|
||||
|
||||
DIR= sm2
|
||||
TOP= ../..
|
||||
CC= cc
|
||||
INCLUDES= -I.. -I$(TOP) -I../../include
|
||||
CFLAG=-g -Wall
|
||||
MAKEFILE= Makefile
|
||||
AR= ar r
|
||||
|
||||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
|
||||
GENERAL=Makefile
|
||||
TEST=sm2test.c
|
||||
APPS=
|
||||
|
||||
LIB=$(TOP)/libcrypto.a
|
||||
LIBSRC= sm2_lib.c sm2_asn1.c sm2_err.c sm2_sign.c sm2_enc.c sm2_kap.c
|
||||
LIBOBJ= sm2_lib.o sm2_asn1.o sm2_err.o sm2_sign.o sm2_enc.o sm2_kap.o
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
EXHEADER= sm2.h
|
||||
HEADER= $(EXHEADER)
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
top:
|
||||
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
|
||||
|
||||
all: lib
|
||||
|
||||
lib: $(LIBOBJ)
|
||||
$(AR) $(LIB) $(LIBOBJ)
|
||||
$(RANLIB) $(LIB) || echo Never mind.
|
||||
@touch lib
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
||||
|
||||
links:
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
|
||||
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
|
||||
|
||||
install:
|
||||
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
|
||||
@headerlist="$(EXHEADER)"; for i in $$headerlist; \
|
||||
do \
|
||||
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
|
||||
tags:
|
||||
ctags $(SRC)
|
||||
|
||||
tests:
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
dclean:
|
||||
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
|
||||
mv -f Makefile.new $(MAKEFILE)
|
||||
|
||||
clean:
|
||||
rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
sm2_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
|
||||
sm2_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
|
||||
sm2_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sm2_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
sm2_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
sm2_asn1.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
|
||||
sm2_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
sm2_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
sm2_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sm2_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
|
||||
sm2_asn1.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
|
||||
sm2_asn1.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
|
||||
sm2_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
|
||||
sm2_asn1.o: ../../include/openssl/x509_vfy.h sm2_asn1.c
|
||||
sm2_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
||||
sm2_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sm2_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
sm2_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
sm2_enc.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
|
||||
sm2_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
sm2_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
sm2_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sm2_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
|
||||
sm2_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_enc.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
sm2_enc.o: ../o_str.h sm2_enc.c
|
||||
sm2_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
sm2_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
sm2_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
|
||||
sm2_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
|
||||
sm2_err.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
|
||||
sm2_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
||||
sm2_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
sm2_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
|
||||
sm2_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_err.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
sm2_err.o: sm2_err.c
|
||||
sm2_kap.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_kap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
sm2_kap.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||
sm2_kap.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
|
||||
sm2_kap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
|
||||
sm2_kap.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
|
||||
sm2_kap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
|
||||
sm2_kap.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
||||
sm2_kap.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
|
||||
sm2_kap.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_kap.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_kap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_kap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h sm2.h
|
||||
sm2_kap.o: sm2_kap.c
|
||||
sm2_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
||||
sm2_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sm2_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
sm2_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
sm2_lib.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
|
||||
sm2_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
sm2_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
sm2_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sm2_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
|
||||
sm2_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_lib.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
sm2_lib.o: sm2_lib.c
|
||||
sm2_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||
sm2_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
|
||||
sm2_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||
sm2_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
|
||||
sm2_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
|
||||
sm2_sign.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
|
||||
sm2_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
||||
sm2_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||
sm2_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||
sm2_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
|
||||
sm2_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
|
||||
sm2_sign.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
|
||||
sm2_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||
sm2_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
|
||||
sm2_sign.o: sm2_sign.c
|
||||
283
crypto/sm2/sm2.h
283
crypto/sm2/sm2.h
@@ -1,283 +0,0 @@
|
||||
/* crypto/sm2/sm2.h */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#ifndef HEADER_SM2_H
|
||||
#define HEADER_SM2_H
|
||||
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/kdf.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/sm3.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
#define SM2_MAX_ID_BITS 65535
|
||||
#define SM2_MAX_ID_LENGTH (SM2_MAX_ID_BITS/8)
|
||||
#define SM2_DEFAULT_ID_GMT09 "1234567812345678"
|
||||
#define SM2_DEFAULT_ID_GMSSL "anonym@gmssl.org"
|
||||
#define SM2_DEFAULT_ID SM2_DEFAULT_ID_GMSSL
|
||||
#define SM2_DEFAULT_POINT_CONVERSION_FORM POINT_CONVERSION_UNCOMPRESSED
|
||||
|
||||
|
||||
char *SM2_get0_id(EC_KEY *ec_key);
|
||||
int SM2_set_id(EC_KEY *ec_key, const char *id);
|
||||
int SM2_compute_id_digest(const EVP_MD *md, unsigned char *dgst,
|
||||
unsigned int *dgstlen, EC_KEY *ec_key);
|
||||
|
||||
|
||||
typedef struct sm2_enc_params_st {
|
||||
const EVP_MD *kdf_md;
|
||||
const EVP_MD *mac_md;
|
||||
int mactag_size;
|
||||
point_conversion_form_t point_form;
|
||||
} SM2_ENC_PARAMS;
|
||||
|
||||
#define SM2_ENC_PARAMS_mactag_size(params) \
|
||||
((params)->mactag_size<0 ? EVP_MD_size((params)->mac_md) : (params->mactag_size))
|
||||
|
||||
int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *params);
|
||||
|
||||
typedef struct sm2_ciphertext_value_st {
|
||||
EC_POINT *ephem_point;
|
||||
unsigned char *ciphertext;
|
||||
size_t ciphertext_size;
|
||||
unsigned char mactag[EVP_MAX_MD_SIZE];
|
||||
unsigned int mactag_size;
|
||||
} SM2_CIPHERTEXT_VALUE;
|
||||
|
||||
int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *ec_group,
|
||||
const SM2_ENC_PARAMS *params, size_t mlen);
|
||||
|
||||
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new(const EC_GROUP *group);
|
||||
void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv);
|
||||
int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv,
|
||||
const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params,
|
||||
unsigned char *buf, size_t *buflen);
|
||||
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group,
|
||||
const SM2_ENC_PARAMS *params, const unsigned char *buf, size_t buflen);
|
||||
int i2d_SM2_CIPHERTEXT_VALUE(const SM2_CIPHERTEXT_VALUE *c, unsigned char **out);
|
||||
SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(SM2_CIPHERTEXT_VALUE **c,
|
||||
const unsigned char **in, long len);
|
||||
int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group,
|
||||
const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags);
|
||||
|
||||
|
||||
SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key);
|
||||
//FIXME: output first, and change ECIES
|
||||
int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
|
||||
const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen,
|
||||
EC_KEY *ec_key);
|
||||
int SM2_encrypt(const SM2_ENC_PARAMS *params, unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key);
|
||||
int SM2_decrypt(const SM2_ENC_PARAMS *params, unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key);
|
||||
int SM2_encrypt_with_recommended(unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key);
|
||||
int SM2_decrypt_with_recommended(unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key);
|
||||
#if 0
|
||||
int SM2_encrypt_elgamal(unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key);
|
||||
int SM2_decrypt_elgamal(unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key);
|
||||
#endif
|
||||
|
||||
int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md,
|
||||
const void *msg, size_t msglen, unsigned char *dgst,
|
||||
unsigned int *dgstlen, EC_KEY *ec_key);
|
||||
int SM2_digest(const void *msg, size_t msglen, unsigned char *dgst,
|
||||
unsigned int *dgstlen, EC_KEY *ec_key);
|
||||
|
||||
#define SM2_signature_size(ec_key) ECDSA_size(ec_key)
|
||||
int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx, BIGNUM **a, BIGNUM **b);
|
||||
ECDSA_SIG *SM2_do_sign_ex(const unsigned char *dgst, int dgstlen,
|
||||
const BIGNUM *a, const BIGNUM *b, EC_KEY *ec_key);
|
||||
ECDSA_SIG *SM2_do_sign(const unsigned char *dgst, int dgst_len,
|
||||
EC_KEY *ec_key);
|
||||
int SM2_do_verify(const unsigned char *dgst, int dgstlen,
|
||||
const ECDSA_SIG *sig, EC_KEY *ec_key);
|
||||
int SM2_sign_ex(int type, const unsigned char *dgst, int dgstlen,
|
||||
unsigned char *sig, unsigned int *siglen,
|
||||
const BIGNUM *k, const BIGNUM *x, EC_KEY *ec_key);
|
||||
int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
|
||||
unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
|
||||
#define SM2_VERIFY_SUCCESS 1
|
||||
#define SM2_VERIFY_FAILED 0
|
||||
#define SM2_VERIFY_INNER_ERROR -1
|
||||
int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
|
||||
const unsigned char *sig, int siglen, EC_KEY *ec_key);
|
||||
|
||||
|
||||
|
||||
typedef struct sm2_kap_ctx_st {
|
||||
|
||||
const EVP_MD *id_dgst_md;
|
||||
const EVP_MD *kdf_md;
|
||||
const EVP_MD *checksum_md;
|
||||
point_conversion_form_t point_form;
|
||||
KDF_FUNC kdf;
|
||||
|
||||
int is_initiator;
|
||||
int do_checksum;
|
||||
|
||||
EC_KEY *ec_key;
|
||||
unsigned char id_dgst[EVP_MAX_MD_SIZE];
|
||||
unsigned int id_dgstlen;
|
||||
|
||||
EC_KEY *remote_pubkey;
|
||||
unsigned char remote_id_dgst[EVP_MAX_MD_SIZE];
|
||||
unsigned int remote_id_dgstlen;
|
||||
|
||||
const EC_GROUP *group;
|
||||
BN_CTX *bn_ctx;
|
||||
BIGNUM *order;
|
||||
BIGNUM *two_pow_w;
|
||||
|
||||
BIGNUM *t;
|
||||
EC_POINT *point;
|
||||
unsigned char pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4];
|
||||
unsigned char checksum[EVP_MAX_MD_SIZE];
|
||||
|
||||
} SM2_KAP_CTX;
|
||||
|
||||
|
||||
|
||||
int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx, EC_KEY *ec_key,
|
||||
EC_KEY *remote_pubkey, int is_initiator, int do_checksum);
|
||||
int SM2_KAP_prepare(SM2_KAP_CTX *ctx, unsigned char *ephem_point,
|
||||
size_t *ephem_point_len);
|
||||
int SM2_KAP_compute_key(SM2_KAP_CTX *ctx, const unsigned char *remote_ephem_point,
|
||||
size_t remote_ephem_point_len, unsigned char *key, size_t keylen,
|
||||
unsigned char *checksum, size_t *checksumlen);
|
||||
int SM2_KAP_final_check(SM2_KAP_CTX *ctx, const unsigned char *checksum,
|
||||
size_t checksumlen);
|
||||
void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx);
|
||||
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
/*
|
||||
* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
*/
|
||||
void ERR_load_SM2_strings(void);
|
||||
|
||||
/* Error codes for the SM2 functions. */
|
||||
|
||||
/* Function codes. */
|
||||
# define SM2_F_SM2_CIPHERTEXT_VALUE_DECODE 100
|
||||
# define SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE 101
|
||||
# define SM2_F_SM2_CIPHERTEXT_VALUE_FREE 102
|
||||
# define SM2_F_SM2_CIPHERTEXT_VALUE_NEW 125
|
||||
# define SM2_F_SM2_CIPHERTEXT_VALUE_PRINT 103
|
||||
# define SM2_F_SM2_CIPHERTEXT_VALUE_SIZE 104
|
||||
# define SM2_F_SM2_COMPUTE_ID_DIGEST 105
|
||||
# define SM2_F_SM2_COMPUTE_ID_DIGEST_EX 127
|
||||
# define SM2_F_SM2_DECRYPT 106
|
||||
# define SM2_F_SM2_DO_DECRYPT 107
|
||||
# define SM2_F_SM2_DO_ENCRYPT 108
|
||||
# define SM2_F_SM2_DO_SIGN 109
|
||||
# define SM2_F_SM2_DO_SIGN_EX 110
|
||||
# define SM2_F_SM2_DO_VERIFY 111
|
||||
# define SM2_F_SM2_ENCRYPT 112
|
||||
# define SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED 126
|
||||
# define SM2_F_SM2_GET_ID 113
|
||||
# define SM2_F_SM2_KAP_COMPUTE_KEY 114
|
||||
# define SM2_F_SM2_KAP_CTX_CLEANUP 115
|
||||
# define SM2_F_SM2_KAP_CTX_INIT 116
|
||||
# define SM2_F_SM2_KAP_FINAL_CHECK 117
|
||||
# define SM2_F_SM2_KAP_PREPARE 118
|
||||
# define SM2_F_SM2_SET_ID 119
|
||||
# define SM2_F_SM2_SIGN 120
|
||||
# define SM2_F_SM2_SIGNATURE_SIZE 121
|
||||
# define SM2_F_SM2_SIGN_EX 122
|
||||
# define SM2_F_SM2_SIGN_SETUP 123
|
||||
# define SM2_F_SM2_VERIFY 124
|
||||
|
||||
/* Reason codes. */
|
||||
# define SM2_R_BAD_DATA 100
|
||||
# define SM2_R_BAD_SIGNATURE 101
|
||||
# define SM2_R_BUFFER_TOO_SMALL 102
|
||||
# define SM2_R_CIPHERTEXT_ENCODE_FAILED 115
|
||||
# define SM2_R_DECRYPT_FAILED 103
|
||||
# define SM2_R_ECDH_FAILED 104
|
||||
# define SM2_R_ENCRYPT_FAILED 105
|
||||
# define SM2_R_ERROR 106
|
||||
# define SM2_R_GEN_MAC_FAILED 107
|
||||
# define SM2_R_GET_CIPHERTEXT_SIZE_FAILED 116
|
||||
# define SM2_R_GET_KDF_FAILED 117
|
||||
# define SM2_R_INNOR_ERROR 118
|
||||
# define SM2_R_INVALID_EC_KEY 119
|
||||
# define SM2_R_MALLOC_FAILED 120
|
||||
# define SM2_R_MISSING_PARAMETERS 108
|
||||
# define SM2_R_NEED_NEW_SETUP_VALUES 109
|
||||
# define SM2_R_NULL_ARGUMENT 121
|
||||
# define SM2_R_OCT2POINT_FAILED 122
|
||||
# define SM2_R_POINT2OCT_FAILED 123
|
||||
# define SM2_R_POINT_NEW_FAILED 124
|
||||
# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 110
|
||||
# define SM2_R_SM2_KAP_NOT_INITED 111
|
||||
# define SM2_R_UNKNOWN_CIPHER_TYPE 112
|
||||
# define SM2_R_UNKNOWN_MAC_TYPE 113
|
||||
# define SM2_R_VERIFY_MAC_FAILED 114
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
@@ -1,165 +0,0 @@
|
||||
/* crypto/sm2/sm2_asn1.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/sm2.h>
|
||||
|
||||
/*
|
||||
* from GM/T 0009-2012
|
||||
* "SM2 Cryptography Algorithm Application Specification"
|
||||
*
|
||||
|
||||
SM2PrivateKey ::= INTEGER
|
||||
|
||||
SM2PublicKey ::= BIT STRING
|
||||
|
||||
SM2CiphertextValue ::= SEQUENCE {
|
||||
XCoordinate INTEGER,
|
||||
YCoordinate INTEGER,
|
||||
Hash OCTET STRING SIZE(32),
|
||||
Ciphertext OCTET STRING
|
||||
}
|
||||
|
||||
SM2Signature ::= SEQUENCE {
|
||||
R INTEGER,
|
||||
S INTEGER,
|
||||
}
|
||||
|
||||
SM2EnvelopedKey ::= SEQUENCE {
|
||||
symAlgID AlgorithmIdentifier,
|
||||
symEncryptedKey SM2CiphertextValue,
|
||||
sm2PublicKey SM2PublicKey,
|
||||
sm2EncryptedPrivateKey BIT STRING
|
||||
}
|
||||
|
||||
ZID = SM3(nbits(ID)||ID||a||b||xG||yG||xA||yA)
|
||||
|
||||
Default ID = "1234567812345678"
|
||||
|
||||
*/
|
||||
|
||||
#if 0
|
||||
typedef struct SM2CiphertextValue_st {
|
||||
ASN1_INTEGER *xCoordinate;
|
||||
ASN1_INTEGER *yCoordinate;
|
||||
ASN1_OCTET_STRING *hash;
|
||||
ASN1_OCTET_STRING *ciphertext;
|
||||
} SM2CiphertextValue;
|
||||
|
||||
ASN1_SEQUENCE(SM2CiphertextValue) = {
|
||||
ASN1_SIMPLE(SM2CiphertextValue, xCoordinate, ASN1_INTEGER),
|
||||
ASN1_SIMPLE(SM2CiphertextValue, yCoordinate, ASN1_INTEGER),
|
||||
ASN1_SIMPLE(SM2CiphertextValue, hash, ASN1_OCTET_STRING),
|
||||
ASN1_SIMPLE(SM2CiphertextValue, ciphertext, ASN1_OCTET_STRING),
|
||||
} ASN1_SEQUENCE_END(SM2CiphertextValue)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(SM2CiphertextValue)
|
||||
IMPLEMENT_ASN1_DUP_FUNCTION(SM2CiphertextValue)
|
||||
|
||||
typedef struct SM2EnvelopedKey_st {
|
||||
ASN1_ALGOR *symAlgID;
|
||||
SM2CiphertextValue *symEncryptedKey;
|
||||
ASN1_OCTET_STRING *sm2PublicKey;
|
||||
ASN1_BIT_STRING *sm2EncryptedPrivateKey;
|
||||
} SM2EnvelopedKey;
|
||||
|
||||
/* GmSSL specific */
|
||||
ASN1_SEQUENCE(SM2_CIPHERTEXT_VALUE_ASN1) = {
|
||||
ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, ephem_point, ASN1_OCTET_STRING),
|
||||
ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, ciphertext, ASN1_OCTET_STRING),
|
||||
ASN1_SIMPLE(SM2_CIPHERTEXT_VALUE_ASN1, mactag, ASN1_OCTET_STRING)
|
||||
} ASN1_SEQUENCE_END(SM2_CIPHERTEXT_VALUE)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(SM2_CIPHERTEXT_VALUE_ASN1)
|
||||
IMPLEMENT_ASN1_DUP_FUNCTION(SM2_CIPHERTEXT_VALUE_ASN1)
|
||||
|
||||
|
||||
int i2d_SM2_CIPHERTEXT_VALUE(const SM2_CIPHERTEXT_VALUE *c, unsigned char **out)
|
||||
{
|
||||
int ret = 0;
|
||||
SM2CiphertextValue *asn1 = NULL;
|
||||
BIGNUM *x = NULL;
|
||||
BIGNUM *y = NULL;
|
||||
|
||||
|
||||
if (!(asn1 = SM2CiphertextValue_new())) {
|
||||
goto end;
|
||||
}
|
||||
OPENSSL_assert(asn1->xCoordinate);
|
||||
OPENSSL_assert(asn1->yCoordinate);
|
||||
if (!BN_to_ASN1_INTEGER(x, asn1->xCoordinate)) {
|
||||
}
|
||||
|
||||
if (!BN_to_ASN1_INTEGER(y, asn1->yCoordinate)) {
|
||||
}
|
||||
|
||||
M_ASN1_OCTET_STRING_set(asn1->hash, c->mactag, c->mactag_size);
|
||||
M_ASN1_OCTET_STRING_set(asn1->ciphertext, c->ciphertext, c->ciphertext_size);
|
||||
|
||||
ret = 1;
|
||||
end:
|
||||
return ret;
|
||||
}
|
||||
|
||||
SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(SM2_CIPHERTEXT_VALUE **c,
|
||||
const unsigned char **in, long len)
|
||||
{
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
@@ -1,732 +0,0 @@
|
||||
/* crypto/sm2/sm2_enc.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/kdf.h>
|
||||
#include <openssl/sm2.h>
|
||||
#include "../o_str.h"
|
||||
|
||||
int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *group,
|
||||
const SM2_ENC_PARAMS *params, size_t mlen)
|
||||
{
|
||||
int ret = 0;
|
||||
EC_KEY *ec_key = NULL;
|
||||
size_t len = 0;
|
||||
|
||||
|
||||
if (!(ec_key = EC_KEY_new())) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (!EC_KEY_set_group(ec_key, group)) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (!EC_KEY_generate_key(ec_key)) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
len += EC_POINT_point2oct(group, EC_KEY_get0_public_key(ec_key),
|
||||
params->point_form, NULL, 0, NULL);
|
||||
len += mlen;
|
||||
len += params->mactag_size < 0 ? EVP_MD_size(params->mac_md) :
|
||||
params->mactag_size;
|
||||
|
||||
ret = (int)len;
|
||||
|
||||
end:
|
||||
EC_KEY_free(ec_key);
|
||||
return ret;
|
||||
}
|
||||
|
||||
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new(const EC_GROUP *group)
|
||||
{
|
||||
SM2_CIPHERTEXT_VALUE *cv;
|
||||
|
||||
if (!(cv = OPENSSL_malloc(sizeof(*cv)))) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_NEW, SM2_R_MALLOC_FAILED);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
memset(cv, 0, sizeof(*cv));
|
||||
|
||||
if (!(cv->ephem_point = EC_POINT_new(group))) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_NEW, SM2_R_POINT_NEW_FAILED);
|
||||
OPENSSL_free(cv);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return cv;
|
||||
}
|
||||
|
||||
void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv)
|
||||
{
|
||||
if (cv->ephem_point) EC_POINT_free(cv->ephem_point);
|
||||
if (cv->ciphertext) OPENSSL_free(cv->ciphertext);
|
||||
memset(cv, 0, sizeof(*cv));
|
||||
OPENSSL_free(cv);
|
||||
}
|
||||
|
||||
int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv,
|
||||
const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params,
|
||||
unsigned char *buf, size_t *buflen)
|
||||
{
|
||||
int ret = 0;
|
||||
BN_CTX *bn_ctx = BN_CTX_new();
|
||||
size_t ptlen, cvlen;
|
||||
|
||||
OPENSSL_assert(cv);
|
||||
OPENSSL_assert(ec_group);
|
||||
OPENSSL_assert(buf);
|
||||
OPENSSL_assert(cv->ephem_point);
|
||||
|
||||
if (!bn_ctx) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, ERR_R_BN_LIB);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point,
|
||||
params->point_form, NULL, 0, bn_ctx))) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_POINT2OCT_FAILED);
|
||||
goto end;
|
||||
}
|
||||
cvlen = ptlen + cv->ciphertext_size + cv->mactag_size;
|
||||
|
||||
if (!buf) {
|
||||
*buflen = cvlen;
|
||||
ret = 1;
|
||||
goto end;
|
||||
|
||||
} else if (*buflen < cvlen) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_BUFFER_TOO_SMALL);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point,
|
||||
params->point_form, buf, *buflen, bn_ctx))) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_POINT2OCT_FAILED);
|
||||
goto end;
|
||||
}
|
||||
buf += ptlen;
|
||||
memcpy(buf, cv->ciphertext, cv->ciphertext_size);
|
||||
buf += cv->ciphertext_size;
|
||||
if (cv->mactag_size > 0) {
|
||||
memcpy(buf, cv->mactag, cv->mactag_size);
|
||||
}
|
||||
|
||||
*buflen = cvlen;
|
||||
ret = 1;
|
||||
end:
|
||||
if (bn_ctx) BN_CTX_free(bn_ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
|
||||
const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params,
|
||||
const unsigned char *buf, size_t buflen)
|
||||
{
|
||||
int ok = 0;
|
||||
SM2_CIPHERTEXT_VALUE *ret = NULL;
|
||||
BN_CTX *bn_ctx = BN_CTX_new();
|
||||
int ptlen;
|
||||
int fixlen;
|
||||
|
||||
if (!bn_ctx) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, ERR_R_BN_LIB);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!(fixlen = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_GET_CIPHERTEXT_SIZE_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (buflen <= fixlen) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_BUFFER_TOO_SMALL);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(ret = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_MALLOC_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret->ephem_point = EC_POINT_new(ec_group);
|
||||
ret->ciphertext_size = buflen - fixlen;
|
||||
ret->ciphertext = OPENSSL_malloc(ret->ciphertext_size);
|
||||
if (!ret->ephem_point || !ret->ciphertext) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_INNOR_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ptlen = fixlen - SM2_ENC_PARAMS_mactag_size(params);
|
||||
if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, ptlen, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_OCT2POINT_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
memcpy(ret->ciphertext, buf + ptlen, ret->ciphertext_size);
|
||||
ret->mactag_size = SM2_ENC_PARAMS_mactag_size(params);
|
||||
if (ret->mactag_size > 0) {
|
||||
memcpy(ret->mactag, buf + buflen - ret->mactag_size, ret->mactag_size);
|
||||
}
|
||||
ok = 1;
|
||||
|
||||
end:
|
||||
if (!ok && ret) {
|
||||
SM2_CIPHERTEXT_VALUE_free(ret);
|
||||
ret = NULL;
|
||||
}
|
||||
if (bn_ctx) BN_CTX_free(bn_ctx);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group,
|
||||
const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags)
|
||||
{
|
||||
int ret = 0;
|
||||
char *hex = NULL;
|
||||
BN_CTX *ctx = BN_CTX_new();
|
||||
int i;
|
||||
|
||||
if (!ctx) {
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(hex = EC_POINT_point2hex(ec_group, cv->ephem_point,
|
||||
POINT_CONVERSION_UNCOMPRESSED, ctx))) {
|
||||
goto end;
|
||||
}
|
||||
|
||||
BIO_printf(out, "SM2_CIPHERTEXT_VALUE.ephem_point: %s\n", hex);
|
||||
BIO_printf(out, "SM2_CIPHERTEXT_VALUE.ciphertext : ");
|
||||
for (i = 0; i < cv->ciphertext_size; i++) {
|
||||
BIO_printf(out, "%02X", cv->ciphertext[i]);
|
||||
}
|
||||
BIO_printf(out, "\n");
|
||||
BIO_printf(out, "SM2_CIPHERTEXT_VALUE.mactag :");
|
||||
for (i = 0; i < cv->mactag_size; i++) {
|
||||
BIO_printf(out, "%02X", cv->mactag[i]);
|
||||
}
|
||||
BIO_printf(out, "\n");
|
||||
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
OPENSSL_free(hex);
|
||||
BN_CTX_free(ctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int SM2_encrypt(const SM2_ENC_PARAMS *params,
|
||||
unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen,
|
||||
EC_KEY *ec_key)
|
||||
{
|
||||
int ret = 0;
|
||||
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
|
||||
SM2_CIPHERTEXT_VALUE *cv = NULL;
|
||||
int len;
|
||||
|
||||
if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params, inlen))) {
|
||||
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!out) {
|
||||
*outlen = (size_t)len;
|
||||
return 1;
|
||||
|
||||
} else if (*outlen < (size_t)len) {
|
||||
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_BUFFER_TOO_SMALL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(cv = SM2_do_encrypt(params, in, inlen, ec_key))) {
|
||||
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ENCRYPT_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, params, out, outlen)) {
|
||||
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_CIPHERTEXT_ENCODE_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
end:
|
||||
if (cv) SM2_CIPHERTEXT_VALUE_free(cv);
|
||||
return ret;
|
||||
}
|
||||
|
||||
SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key)
|
||||
{
|
||||
int ok = 0;
|
||||
SM2_CIPHERTEXT_VALUE *cv = NULL;
|
||||
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
|
||||
const EC_POINT *pub_key = EC_KEY_get0_public_key(ec_key);
|
||||
KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md);
|
||||
EC_POINT *point = NULL;
|
||||
BIGNUM *n = NULL;
|
||||
BIGNUM *h = NULL;
|
||||
BIGNUM *k = NULL;
|
||||
BN_CTX *bn_ctx = NULL;
|
||||
EVP_MD_CTX *md_ctx = NULL;
|
||||
unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1];
|
||||
int nbytes;
|
||||
unsigned char dgst[EVP_MAX_MD_SIZE];
|
||||
unsigned int dgstlen;
|
||||
int mactag_size;
|
||||
size_t len;
|
||||
int i;
|
||||
|
||||
if (!ec_group || !pub_key) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_INVALID_EC_KEY);
|
||||
goto end;
|
||||
}
|
||||
if (!kdf) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_GET_KDF_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* init ciphertext_value */
|
||||
if (!(cv = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_MALLOC_FAILED);
|
||||
goto end;
|
||||
}
|
||||
memset(cv, 0, sizeof(*cv));
|
||||
cv->ephem_point = EC_POINT_new(ec_group);
|
||||
cv->ciphertext = OPENSSL_malloc(inlen);
|
||||
cv->ciphertext_size = inlen;
|
||||
if (!cv->ephem_point || !cv->ciphertext) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
point = EC_POINT_new(ec_group);
|
||||
n = BN_new();
|
||||
h = BN_new();
|
||||
k = BN_new();
|
||||
bn_ctx = BN_CTX_new();
|
||||
md_ctx = EVP_MD_CTX_create();
|
||||
if (!point || !n || !h || !k || !bn_ctx || !md_ctx) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* init ec domain parameters */
|
||||
if (!EC_GROUP_get_order(ec_group, n, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EC_GROUP_get_cofactor(ec_group, h, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8;
|
||||
|
||||
do
|
||||
{
|
||||
/* A1: rand k in [1, n-1] */
|
||||
do {
|
||||
BN_rand_range(k, n);
|
||||
} while (BN_is_zero(k));
|
||||
|
||||
|
||||
/* A2: C1 = [k]G = (x1, y1) */
|
||||
if (!EC_POINT_mul(ec_group, cv->ephem_point, k, NULL, NULL, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* A3: check [h]P_B != O */
|
||||
if (!EC_POINT_mul(ec_group, point, NULL, pub_key, h, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (EC_POINT_is_at_infinity(ec_group, point)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* A4: compute ECDH [k]P_B = (x2, y2) */
|
||||
if (!EC_POINT_mul(ec_group, point, NULL, pub_key, k, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!(len = EC_POINT_point2oct(ec_group, point,
|
||||
POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
OPENSSL_assert(len == nbytes * 2 + 1);
|
||||
|
||||
/* A5: t = KDF(x2 || y2, klen) */
|
||||
kdf(buf + 1, len - 1, cv->ciphertext, &cv->ciphertext_size);
|
||||
|
||||
for (i = 0; i < cv->ciphertext_size; i++) {
|
||||
if (cv->ciphertext[i]) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (i == cv->ciphertext_size) {
|
||||
continue;
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
} while (1);
|
||||
|
||||
|
||||
/* A6: C2 = M xor t */
|
||||
for (i = 0; i < inlen; i++) {
|
||||
cv->ciphertext[i] ^= in[i];
|
||||
}
|
||||
|
||||
mactag_size = SM2_ENC_PARAMS_mactag_size(params);
|
||||
if (mactag_size) {
|
||||
|
||||
/* A7: C3 = Hash(x2 || M || y2) */
|
||||
if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, in, inlen)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* GmSSL specific: reduce mactag size */
|
||||
if (mactag_size > dgstlen) {
|
||||
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
cv->mactag_size = mactag_size;
|
||||
memcpy(cv->mactag, dgst, cv->mactag_size);
|
||||
}
|
||||
|
||||
ok = 1;
|
||||
|
||||
end:
|
||||
if (!ok && cv) {
|
||||
SM2_CIPHERTEXT_VALUE_free(cv);
|
||||
cv = NULL;
|
||||
}
|
||||
|
||||
if (point) EC_POINT_free(point);
|
||||
if (n) BN_free(n);
|
||||
if (h) BN_free(h);
|
||||
if (k) BN_free(k);
|
||||
if (bn_ctx) BN_CTX_free(bn_ctx);
|
||||
if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
|
||||
|
||||
return cv;
|
||||
}
|
||||
|
||||
int SM2_decrypt(const SM2_ENC_PARAMS *params,
|
||||
unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen,
|
||||
EC_KEY *ec_key)
|
||||
{
|
||||
int ret = 0;
|
||||
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
|
||||
SM2_CIPHERTEXT_VALUE *cv = NULL;
|
||||
int len;
|
||||
|
||||
if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (inlen <= len) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!out) {
|
||||
*outlen = inlen - len;
|
||||
return 1;
|
||||
} else if (*outlen < inlen - len) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, SM2_R_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, params, in, inlen))) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!SM2_do_decrypt(params, cv, out, outlen, ec_key)) {
|
||||
SM2err(SM2_F_SM2_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
end:
|
||||
if (cv) SM2_CIPHERTEXT_VALUE_free(cv);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
|
||||
const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen,
|
||||
EC_KEY *ec_key)
|
||||
{
|
||||
int ret = 0;
|
||||
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
|
||||
const BIGNUM *pri_key = EC_KEY_get0_private_key(ec_key);
|
||||
KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md);
|
||||
EC_POINT *point = NULL;
|
||||
BIGNUM *n = NULL;
|
||||
BIGNUM *h = NULL;
|
||||
BN_CTX *bn_ctx = NULL;
|
||||
EVP_MD_CTX *md_ctx = NULL;
|
||||
unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1];
|
||||
unsigned char mac[EVP_MAX_MD_SIZE];
|
||||
unsigned int maclen;
|
||||
int mactag_size;
|
||||
int nbytes;
|
||||
size_t size;
|
||||
int i;
|
||||
|
||||
if (!ec_group || !pri_key) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!kdf) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!out) {
|
||||
*outlen = cv->ciphertext_size;
|
||||
return 1;
|
||||
}
|
||||
if (*outlen < cv->ciphertext_size) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* init vars */
|
||||
point = EC_POINT_new(ec_group);
|
||||
n = BN_new();
|
||||
h = BN_new();
|
||||
bn_ctx = BN_CTX_new();
|
||||
md_ctx = EVP_MD_CTX_create();
|
||||
if (!point || !n || !h || !bn_ctx || !md_ctx) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* init ec domain parameters */
|
||||
if (!EC_GROUP_get_order(ec_group, n, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EC_GROUP_get_cofactor(ec_group, h, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8;
|
||||
|
||||
/* B2: check [h]C1 != O */
|
||||
if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, h, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (EC_POINT_is_at_infinity(ec_group, point)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* B3: compute ECDH [d]C1 = (x2, y2) */
|
||||
if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, pri_key, bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!(size = EC_POINT_point2oct(ec_group, point,
|
||||
POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
OPENSSL_assert(size == 1 + nbytes * 2);
|
||||
|
||||
/* B4: compute t = KDF(x2 || y2, clen) */
|
||||
|
||||
*outlen = cv->ciphertext_size; //FIXME: duplicated code
|
||||
kdf(buf + 1, size - 1, out, outlen);
|
||||
|
||||
|
||||
/* B5: compute M = C2 xor t */
|
||||
for (i = 0; i < cv->ciphertext_size; i++) {
|
||||
out[i] ^= cv->ciphertext[i];
|
||||
}
|
||||
*outlen = cv->ciphertext_size;
|
||||
|
||||
mactag_size = SM2_ENC_PARAMS_mactag_size(params);
|
||||
if (mactag_size) {
|
||||
|
||||
/* B6: check Hash(x2 || M || y2) == C3 */
|
||||
if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, out, *outlen)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestFinal_ex(md_ctx, mac, &maclen)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* GmSSL specific */
|
||||
if (mactag_size > maclen) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
if (cv->mactag_size != mactag_size ||
|
||||
OPENSSL_memcmp(mac, cv->mactag, cv->mactag_size)) {
|
||||
SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_ERROR);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
end:
|
||||
EC_POINT_free(point);
|
||||
BN_free(n);
|
||||
BN_free(h);
|
||||
BN_CTX_free(bn_ctx);
|
||||
EVP_MD_CTX_destroy(md_ctx);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *params)
|
||||
{
|
||||
if (!params) {
|
||||
SM2err(SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED,
|
||||
SM2_R_NULL_ARGUMENT);
|
||||
return 0;
|
||||
}
|
||||
params->kdf_md = EVP_sm3();
|
||||
params->mac_md = EVP_sm3();
|
||||
params->mactag_size = -1;
|
||||
params->point_form = POINT_CONVERSION_UNCOMPRESSED;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SM2_encrypt_with_recommended(unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key)
|
||||
{
|
||||
SM2_ENC_PARAMS params;
|
||||
SM2_ENC_PARAMS_init_with_recommended(¶ms);
|
||||
return SM2_encrypt(¶ms, out, outlen, in, inlen, ec_key);
|
||||
}
|
||||
|
||||
int SM2_decrypt_with_recommended(unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key)
|
||||
{
|
||||
SM2_ENC_PARAMS params;
|
||||
SM2_ENC_PARAMS_init_with_recommended(¶ms);
|
||||
return SM2_decrypt(¶ms, out, outlen, in, inlen, ec_key);
|
||||
}
|
||||
|
||||
int SM2_encrypt_elgamal(unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key)
|
||||
{
|
||||
SM2_ENC_PARAMS params;
|
||||
params.kdf_md = EVP_sm3();
|
||||
params.mac_md = EVP_sm3();
|
||||
params.mactag_size = 0;
|
||||
params.point_form = POINT_CONVERSION_COMPRESSED;
|
||||
return SM2_encrypt(¶ms, out, outlen, in, inlen, ec_key);
|
||||
}
|
||||
|
||||
int SM2_decrypt_elgamal(unsigned char *out, size_t *outlen,
|
||||
const unsigned char *in, size_t inlen, EC_KEY *ec_key)
|
||||
{
|
||||
SM2_ENC_PARAMS params;
|
||||
params.kdf_md = EVP_sm3();
|
||||
params.mac_md = EVP_sm3();
|
||||
params.mactag_size = 0;
|
||||
params.point_form = POINT_CONVERSION_COMPRESSED;
|
||||
return SM2_decrypt(¶ms, out, outlen, in, inlen, ec_key);
|
||||
}
|
||||
|
||||
@@ -1,149 +0,0 @@
|
||||
/* crypto/sm2/sm2_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission. For written permission, please contact
|
||||
* openssl-core@OpenSSL.org.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "OpenSSL"
|
||||
* nor may "OpenSSL" appear in their names without prior written
|
||||
* permission of the OpenSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the OpenSSL Project
|
||||
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
* This product includes cryptographic software written by Eric Young
|
||||
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||
* Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* NOTE: this file was auto generated by the mkerr.pl script: any changes
|
||||
* made to it will be overwritten when the script next updates this file,
|
||||
* only reason strings will be preserved.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/sm2.h>
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
|
||||
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SM2,func,0)
|
||||
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SM2,0,reason)
|
||||
|
||||
static ERR_STRING_DATA SM2_str_functs[] = {
|
||||
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE),
|
||||
"SM2_CIPHERTEXT_VALUE_decode"},
|
||||
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE),
|
||||
"SM2_CIPHERTEXT_VALUE_encode"},
|
||||
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_FREE), "SM2_CIPHERTEXT_VALUE_free"},
|
||||
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_NEW), "SM2_CIPHERTEXT_VALUE_new"},
|
||||
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_PRINT), "SM2_CIPHERTEXT_VALUE_print"},
|
||||
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE), "SM2_CIPHERTEXT_VALUE_size"},
|
||||
{ERR_FUNC(SM2_F_SM2_COMPUTE_ID_DIGEST), "SM2_compute_id_digest"},
|
||||
{ERR_FUNC(SM2_F_SM2_COMPUTE_ID_DIGEST_EX), "SM2_COMPUTE_ID_DIGEST_EX"},
|
||||
{ERR_FUNC(SM2_F_SM2_DECRYPT), "SM2_decrypt"},
|
||||
{ERR_FUNC(SM2_F_SM2_DO_DECRYPT), "SM2_do_decrypt"},
|
||||
{ERR_FUNC(SM2_F_SM2_DO_ENCRYPT), "SM2_do_encrypt"},
|
||||
{ERR_FUNC(SM2_F_SM2_DO_SIGN), "SM2_do_sign"},
|
||||
{ERR_FUNC(SM2_F_SM2_DO_SIGN_EX), "SM2_do_sign_ex"},
|
||||
{ERR_FUNC(SM2_F_SM2_DO_VERIFY), "SM2_do_verify"},
|
||||
{ERR_FUNC(SM2_F_SM2_ENCRYPT), "SM2_encrypt"},
|
||||
{ERR_FUNC(SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED),
|
||||
"SM2_ENC_PARAMS_init_with_recommended"},
|
||||
{ERR_FUNC(SM2_F_SM2_GET_ID), "SM2_GET_ID"},
|
||||
{ERR_FUNC(SM2_F_SM2_KAP_COMPUTE_KEY), "SM2_KAP_compute_key"},
|
||||
{ERR_FUNC(SM2_F_SM2_KAP_CTX_CLEANUP), "SM2_KAP_CTX_cleanup"},
|
||||
{ERR_FUNC(SM2_F_SM2_KAP_CTX_INIT), "SM2_KAP_CTX_init"},
|
||||
{ERR_FUNC(SM2_F_SM2_KAP_FINAL_CHECK), "SM2_KAP_final_check"},
|
||||
{ERR_FUNC(SM2_F_SM2_KAP_PREPARE), "SM2_KAP_prepare"},
|
||||
{ERR_FUNC(SM2_F_SM2_SET_ID), "SM2_set_id"},
|
||||
{ERR_FUNC(SM2_F_SM2_SIGN), "SM2_sign"},
|
||||
{ERR_FUNC(SM2_F_SM2_SIGNATURE_SIZE), "SM2_SIGNATURE_SIZE"},
|
||||
{ERR_FUNC(SM2_F_SM2_SIGN_EX), "SM2_sign_ex"},
|
||||
{ERR_FUNC(SM2_F_SM2_SIGN_SETUP), "SM2_sign_setup"},
|
||||
{ERR_FUNC(SM2_F_SM2_VERIFY), "SM2_verify"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
static ERR_STRING_DATA SM2_str_reasons[] = {
|
||||
{ERR_REASON(SM2_R_BAD_DATA), "bad data"},
|
||||
{ERR_REASON(SM2_R_BAD_SIGNATURE), "bad signature"},
|
||||
{ERR_REASON(SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
|
||||
{ERR_REASON(SM2_R_CIPHERTEXT_ENCODE_FAILED), "ciphertext encode failed"},
|
||||
{ERR_REASON(SM2_R_DECRYPT_FAILED), "decrypt failed"},
|
||||
{ERR_REASON(SM2_R_ECDH_FAILED), "ecdh failed"},
|
||||
{ERR_REASON(SM2_R_ENCRYPT_FAILED), "encrypt failed"},
|
||||
{ERR_REASON(SM2_R_ERROR), "error"},
|
||||
{ERR_REASON(SM2_R_GEN_MAC_FAILED), "gen mac failed"},
|
||||
{ERR_REASON(SM2_R_GET_CIPHERTEXT_SIZE_FAILED),
|
||||
"get ciphertext size failed"},
|
||||
{ERR_REASON(SM2_R_GET_KDF_FAILED), "get kdf failed"},
|
||||
{ERR_REASON(SM2_R_INNOR_ERROR), "innor error"},
|
||||
{ERR_REASON(SM2_R_INVALID_EC_KEY), "invalid ec key"},
|
||||
{ERR_REASON(SM2_R_MALLOC_FAILED), "malloc failed"},
|
||||
{ERR_REASON(SM2_R_MISSING_PARAMETERS), "missing parameters"},
|
||||
{ERR_REASON(SM2_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
|
||||
{ERR_REASON(SM2_R_NULL_ARGUMENT), "null argument"},
|
||||
{ERR_REASON(SM2_R_OCT2POINT_FAILED), "oct2point failed"},
|
||||
{ERR_REASON(SM2_R_POINT2OCT_FAILED), "point2oct failed"},
|
||||
{ERR_REASON(SM2_R_POINT_NEW_FAILED), "point new failed"},
|
||||
{ERR_REASON(SM2_R_RANDOM_NUMBER_GENERATION_FAILED),
|
||||
"random number generation failed"},
|
||||
{ERR_REASON(SM2_R_SM2_KAP_NOT_INITED), "sm2 kap not inited"},
|
||||
{ERR_REASON(SM2_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
|
||||
{ERR_REASON(SM2_R_UNKNOWN_MAC_TYPE), "unknown mac type"},
|
||||
{ERR_REASON(SM2_R_VERIFY_MAC_FAILED), "verify mac failed"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
void ERR_load_SM2_strings(void)
|
||||
{
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
|
||||
if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) {
|
||||
ERR_load_strings(0, SM2_str_functs);
|
||||
ERR_load_strings(0, SM2_str_reasons);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@@ -1,573 +0,0 @@
|
||||
/* crypto/sm2/sm2_kap.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/kdf.h>
|
||||
#include "sm2.h"
|
||||
|
||||
int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx, EC_KEY *ec_key,
|
||||
EC_KEY *remote_pubkey, int is_initiator, int do_checksum)
|
||||
{
|
||||
int ret = 0;
|
||||
int w;
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
|
||||
ctx->id_dgst_md = EVP_sm3();
|
||||
ctx->kdf_md = EVP_sm3();
|
||||
ctx->checksum_md = EVP_sm3();
|
||||
ctx->point_form = SM2_DEFAULT_POINT_CONVERSION_FORM;
|
||||
|
||||
if (!(ctx->kdf = KDF_get_x9_63(ctx->kdf_md))) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ctx->is_initiator = is_initiator;
|
||||
ctx->do_checksum = do_checksum;
|
||||
|
||||
if (EC_GROUP_cmp(EC_KEY_get0_group(ec_key),
|
||||
EC_KEY_get0_group(remote_pubkey), NULL) != 0) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!SM2_compute_id_digest(ctx->id_dgst_md, ctx->id_dgst,
|
||||
&ctx->id_dgstlen, ec_key)) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(ctx->ec_key = EC_KEY_dup(ec_key))) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!SM2_compute_id_digest(ctx->id_dgst_md, ctx->remote_id_dgst,
|
||||
&ctx->remote_id_dgstlen, remote_pubkey)) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(ctx->remote_pubkey = EC_KEY_dup(remote_pubkey))) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ctx->group = EC_KEY_get0_group(ec_key);
|
||||
ctx->bn_ctx = BN_CTX_new();
|
||||
ctx->order = BN_new();
|
||||
ctx->two_pow_w = BN_new();
|
||||
ctx->t = BN_new();
|
||||
|
||||
if (!ctx->bn_ctx || !ctx->order || !ctx->two_pow_w || !ctx->t) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EC_GROUP_get_order(EC_KEY_get0_group(ec_key), ctx->order, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
w = (BN_num_bits(ctx->order) + 1)/2 - 1;
|
||||
|
||||
if (!BN_one(ctx->two_pow_w)) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!BN_lshift(ctx->two_pow_w, ctx->two_pow_w, w)) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(ctx->point = EC_POINT_new(ctx->group))) {
|
||||
SM2err(SM2_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
if (!ret) SM2_KAP_CTX_cleanup(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx)
|
||||
{
|
||||
if (ctx->ec_key) EC_KEY_free(ctx->ec_key);
|
||||
if (ctx->remote_pubkey) EC_KEY_free(ctx->remote_pubkey);
|
||||
if (ctx->bn_ctx) BN_CTX_free(ctx->bn_ctx);
|
||||
if (ctx->two_pow_w) BN_free(ctx->two_pow_w);
|
||||
if (ctx->order) BN_free(ctx->order);
|
||||
if (ctx->point) EC_POINT_free(ctx->point);
|
||||
if (ctx->t) BN_free(ctx->t);
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
}
|
||||
|
||||
/* FIXME: ephem_point_len should be both input and output */
|
||||
int SM2_KAP_prepare(SM2_KAP_CTX *ctx, unsigned char *ephem_point,
|
||||
size_t *ephem_point_len)
|
||||
{
|
||||
int ret = 0;
|
||||
const BIGNUM *prikey;
|
||||
BIGNUM *h = NULL;
|
||||
BIGNUM *r = NULL;
|
||||
BIGNUM *x = NULL;
|
||||
|
||||
if (!(prikey = EC_KEY_get0_private_key(ctx->ec_key))) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, SM2_R_SM2_KAP_NOT_INITED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
h = BN_new();
|
||||
r = BN_new();
|
||||
x = BN_new();
|
||||
|
||||
if (!h || !r || !x) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/*
|
||||
* r = rand(1, n)
|
||||
* R = rG = (x, y)
|
||||
*/
|
||||
|
||||
do {
|
||||
if (!BN_rand_range(r, ctx->order)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, SM2_R_RANDOM_NUMBER_GENERATION_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
} while (BN_is_zero(r));
|
||||
|
||||
|
||||
if (!EC_POINT_mul(ctx->group, ctx->point, r, NULL, NULL, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
||||
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ctx->group)) == NID_X9_62_prime_field) {
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
if (!EC_POINT_get_affine_coordinates_GF2m(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* w = ceil(keybits / 2) - 1
|
||||
* x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w)
|
||||
* t = (d + x * r) mod n
|
||||
* t = (h * t) mod n
|
||||
*/
|
||||
|
||||
if (!ctx->t) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, SM2_R_SM2_KAP_NOT_INITED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!BN_nnmod(x, x, ctx->two_pow_w, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!BN_add(x, x, ctx->two_pow_w)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!BN_mod_mul(ctx->t, x, r, ctx->order, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!BN_mod_add(ctx->t, ctx->t, prikey, ctx->order, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EC_GROUP_get_cofactor(ctx->group, h, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!BN_mul(ctx->t, ctx->t, h, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_PREPARE, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* encode R = (x, y) for output and local buffer */
|
||||
|
||||
// FIXME: ret is size_t and ret is the output length
|
||||
ret = EC_POINT_point2oct(ctx->group, ctx->point, ctx->point_form,
|
||||
ephem_point, *ephem_point_len, ctx->bn_ctx);
|
||||
|
||||
memcpy(ctx->pt_buf, ephem_point, ret);
|
||||
*ephem_point_len = ret;
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
if (h) BN_free(h);
|
||||
if (r) BN_free(r);
|
||||
if (x) BN_free(x);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_KAP_compute_key(SM2_KAP_CTX *ctx, const unsigned char *remote_point,
|
||||
size_t remote_point_len, unsigned char *key, size_t keylen,
|
||||
unsigned char *checksum, size_t *checksumlen)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
EVP_MD_CTX md_ctx;
|
||||
BIGNUM *x = NULL;
|
||||
unsigned char share_pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4 + EVP_MAX_MD_SIZE * 2 + 100];
|
||||
unsigned char remote_pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4 + 111];
|
||||
unsigned char dgst[EVP_MAX_MD_SIZE];
|
||||
unsigned int dgstlen;
|
||||
unsigned int len, bnlen;
|
||||
size_t klen = keylen;
|
||||
|
||||
|
||||
EVP_MD_CTX_init(&md_ctx);
|
||||
|
||||
if (!(x = BN_new())) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/*
|
||||
* decode point R = (x, y), encode (x, y)
|
||||
* x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w), w = ceil(keybits / 2) - 1
|
||||
* U = ht * (P + x * R)
|
||||
* check U != O
|
||||
*/
|
||||
|
||||
if (!EC_POINT_oct2point(ctx->group, ctx->point,
|
||||
remote_point, remote_point_len, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(len = EC_POINT_point2oct(ctx->group, ctx->point, POINT_CONVERSION_UNCOMPRESSED,
|
||||
remote_pt_buf, sizeof(remote_pt_buf), ctx->bn_ctx))) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ctx->group)) == NID_X9_62_prime_field) {
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
if (!EC_POINT_get_affine_coordinates_GF2m(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
/* x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w) */
|
||||
|
||||
if (!BN_nnmod(x, x, ctx->two_pow_w, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!BN_add(x, x, ctx->two_pow_w)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/*
|
||||
if (!BN_mod_mul(x, x, ctx->t, ctx->order, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB);
|
||||
goto end;
|
||||
}
|
||||
*/
|
||||
|
||||
/* U = ht * (P + x * R), check U != O */
|
||||
|
||||
if (!EC_POINT_mul(ctx->group, ctx->point, NULL, ctx->point, x, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EC_POINT_add(ctx->group, ctx->point, ctx->point,
|
||||
EC_KEY_get0_public_key(ctx->remote_pubkey), ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EC_POINT_mul(ctx->group, ctx->point, NULL, ctx->point, ctx->t, ctx->bn_ctx)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (EC_POINT_is_at_infinity(ctx->group, ctx->point)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* encode U, append with ZA, ZB */
|
||||
|
||||
if (!(len = EC_POINT_point2oct(ctx->group, ctx->point, POINT_CONVERSION_UNCOMPRESSED,
|
||||
share_pt_buf, sizeof(share_pt_buf), ctx->bn_ctx))) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (ctx->is_initiator) {
|
||||
memcpy(share_pt_buf + len, ctx->id_dgst, ctx->id_dgstlen);
|
||||
len += ctx->id_dgstlen;
|
||||
memcpy(share_pt_buf + len, ctx->remote_id_dgst, ctx->remote_id_dgstlen);
|
||||
len += ctx->remote_id_dgstlen;
|
||||
} else {
|
||||
memcpy(share_pt_buf + len, ctx->remote_id_dgst, ctx->remote_id_dgstlen);
|
||||
len += ctx->remote_id_dgstlen;
|
||||
memcpy(share_pt_buf + len, ctx->id_dgst, ctx->id_dgstlen);
|
||||
len += ctx->id_dgstlen;
|
||||
}
|
||||
|
||||
/* key = KDF(xu, yu, ZA, ZB) */
|
||||
|
||||
|
||||
if (!ctx->kdf(share_pt_buf + 1, len - 1, key, &klen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, 0);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (ctx->do_checksum) {
|
||||
|
||||
/* generate checksum S1 or SB start with 0x02
|
||||
* S1 = SB = Hash(0x02, yu, Hash(xu, ZA, ZB, x1, y1, x2, y2))
|
||||
*/
|
||||
if (!EVP_DigestInit_ex(&md_ctx, ctx->checksum_md, NULL)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
bnlen = BN_num_bytes(ctx->order);
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, share_pt_buf + 1, bnlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (ctx->is_initiator) {
|
||||
|
||||
/* update ZA,ZB,x1,y1,x2,y2 */
|
||||
if (!EVP_DigestUpdate(&md_ctx, ctx->id_dgst, ctx->id_dgstlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(&md_ctx, ctx->remote_id_dgst, ctx->remote_id_dgstlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(&md_ctx, ctx->pt_buf + 1, bnlen * 2)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(&md_ctx, remote_pt_buf + 1, bnlen * 2)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, ctx->remote_id_dgst, ctx->remote_id_dgstlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(&md_ctx, ctx->id_dgst, ctx->id_dgstlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(&md_ctx, remote_pt_buf + 1, bnlen * 2)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
if (!EVP_DigestUpdate(&md_ctx, ctx->pt_buf + 1, bnlen * 2)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (!EVP_DigestFinal_ex(&md_ctx, dgst, &dgstlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
/* now dgst == H(xu,ZA,ZB,x1,y1,x2,y2)
|
||||
*/
|
||||
|
||||
/* S1 = SB = Hash(0x02, yu, dgst) */
|
||||
|
||||
if (!EVP_DigestInit_ex(&md_ctx, ctx->checksum_md, NULL)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, "\x02", 1)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, share_pt_buf + 1 + bnlen, bnlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, dgst, dgstlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* output S1 to local buffer or SB to output */
|
||||
if (ctx->is_initiator) {
|
||||
if (!EVP_DigestFinal_ex(&md_ctx, ctx->checksum, &len)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
} else {
|
||||
if (!EVP_DigestFinal_ex(&md_ctx, checksum, &len)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
*checksumlen = len;
|
||||
}
|
||||
|
||||
/* generate checksum SA or S2 start with 0x03
|
||||
* SA = S2 = Hash(0x03, yu, dgst)
|
||||
*/
|
||||
|
||||
if (!EVP_DigestInit_ex(&md_ctx, ctx->checksum_md, NULL)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, "\x03", 1)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, share_pt_buf + 1 + bnlen, bnlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, dgst, dgstlen)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (ctx->is_initiator) {
|
||||
if (!EVP_DigestFinal_ex(&md_ctx, checksum, &len)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
*checksumlen = len;
|
||||
|
||||
} else {
|
||||
if (!EVP_DigestFinal_ex(&md_ctx, ctx->checksum, &len)) {
|
||||
SM2err(SM2_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
EVP_MD_CTX_cleanup(&md_ctx);
|
||||
if (x) BN_free(x);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_KAP_final_check(SM2_KAP_CTX *ctx, const unsigned char *checksum,
|
||||
size_t checksumlen)
|
||||
{
|
||||
if (ctx->do_checksum) {
|
||||
|
||||
if (checksumlen != EVP_MD_size(ctx->checksum_md)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (memcmp(ctx->checksum, checksum, checksumlen)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SM2_compute_key(void *out, size_t outlen,
|
||||
const EC_POINT *pub_key, EC_KEY *ecdh,
|
||||
const EC_POINT *pub_key2, EC_KEY *ec_key2,
|
||||
const char *id1, const char *id2, int is_ini)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1,314 +0,0 @@
|
||||
/* crypto/sm2/sm2_lib.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#include <stdio.h>
|
||||
#include <assert.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/sm2.h>
|
||||
|
||||
#define EC_MAX_NBYTES ((OPENSSL_ECC_MAX_FIELD_BITS + 7)/8)
|
||||
|
||||
|
||||
|
||||
static void *sm2_data_dup(void *data) {
|
||||
if (data)
|
||||
return OPENSSL_strdup((const char *)data);
|
||||
else return NULL;
|
||||
}
|
||||
|
||||
static void sm2_data_free(void *data) {
|
||||
if (data)
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
|
||||
int SM2_set_id(EC_KEY *ec_key, const char *id)
|
||||
{
|
||||
char *pid;
|
||||
|
||||
if (strlen(id) > SM2_MAX_ID_LENGTH) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((pid = EC_KEY_get_key_method_data(ec_key, sm2_data_dup,
|
||||
sm2_data_free, sm2_data_free)) != NULL) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(pid = OPENSSL_strdup(id))) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (EC_KEY_insert_key_method_data(ec_key, pid, sm2_data_dup,
|
||||
sm2_data_free, sm2_data_free)) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
//ERR_print_errors_fp(stderr);
|
||||
//OPENSSL_free(pid);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
char *SM2_get0_id(EC_KEY *ec_key)
|
||||
{
|
||||
return (char *)EC_KEY_get_key_method_data(ec_key, sm2_data_dup,
|
||||
sm2_data_free, sm2_data_free);
|
||||
}
|
||||
|
||||
/*
|
||||
* pkdata = a || b || G.x || G.y || P.x || P.y
|
||||
*/
|
||||
int sm2_get_public_key_data(unsigned char *buf, EC_KEY *ec_key)
|
||||
{
|
||||
int ret = -1;
|
||||
const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key);
|
||||
const EC_POINT *point;
|
||||
int nbytes;
|
||||
unsigned char oct[EC_MAX_NBYTES * 2 + 1];
|
||||
BN_CTX *bn_ctx = NULL;
|
||||
BIGNUM *p = NULL;
|
||||
BIGNUM *x = NULL;
|
||||
BIGNUM *y = NULL;
|
||||
size_t len;
|
||||
|
||||
if (!ec_key || !buf) {
|
||||
return 0;
|
||||
}
|
||||
nbytes = (EC_GROUP_get_degree(EC_KEY_get0_group(ec_key)) + 7)/8;
|
||||
memset(buf, 0, nbytes * 6);
|
||||
|
||||
bn_ctx = BN_CTX_new();
|
||||
p = BN_new();
|
||||
x = BN_new();
|
||||
y = BN_new();
|
||||
if (!bn_ctx || !p || !x || !y) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group)) == NID_X9_62_prime_field) {
|
||||
if (!EC_GROUP_get_curve_GFp(ec_group, p, x, y, bn_ctx)) {
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
if (!EC_GROUP_get_curve_GF2m(ec_group, p, x, y, bn_ctx)) {
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
buf += nbytes;
|
||||
BN_bn2bin(x, buf - BN_num_bytes(x));
|
||||
buf += nbytes;
|
||||
BN_bn2bin(y, buf - BN_num_bytes(y));
|
||||
|
||||
/* get curve generator coordinates */
|
||||
if (!(point = EC_GROUP_get0_generator(ec_group))) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
if (!(len = EC_POINT_point2oct(ec_group, point,
|
||||
POINT_CONVERSION_UNCOMPRESSED, oct, sizeof(oct), bn_ctx))) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
//OPENSSL_assert(len == 32 * 2 + 1);
|
||||
memcpy(buf, oct + 1, len - 1);
|
||||
buf += len - 1;
|
||||
|
||||
/* get pub_key coorindates */
|
||||
if (!(point = EC_KEY_get0_public_key(ec_key))) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
if (!(len = EC_POINT_point2oct(ec_group, point,
|
||||
POINT_CONVERSION_UNCOMPRESSED, oct, sizeof(oct), bn_ctx))) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
//OPENSSL_assert(len == 32 * 2 + 1);
|
||||
memcpy(buf, oct + 1, len - 1);
|
||||
buf += len - 1;
|
||||
|
||||
ret = (nbytes * 6);
|
||||
|
||||
err:
|
||||
if (bn_ctx) BN_CTX_free(bn_ctx);
|
||||
if (p) BN_free(p);
|
||||
if (x) BN_free(x);
|
||||
if (y) BN_free(y);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_compute_id_digest_ex(const EVP_MD *md,
|
||||
unsigned char *dgst, size_t dgstlen,
|
||||
const char *id, size_t idlen, EC_KEY *ec_key)
|
||||
{
|
||||
SM2err(SM2_F_SM2_COMPUTE_ID_DIGEST_EX, ERR_R_SM2_LIB);
|
||||
return 0;
|
||||
}
|
||||
|
||||
//TODO: review this function again.
|
||||
int SM2_compute_id_digest(const EVP_MD *md, unsigned char *dgst,
|
||||
unsigned int *dgstlen, EC_KEY *ec_key)
|
||||
{
|
||||
int ret = 0;
|
||||
EVP_MD_CTX *md_ctx = NULL;
|
||||
unsigned char pkdata[EC_MAX_NBYTES * 6];
|
||||
unsigned char idbits[2];
|
||||
int pkdatalen;
|
||||
char *id;
|
||||
|
||||
if ((pkdatalen = sm2_get_public_key_data(pkdata, ec_key)) < 0) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!(id = SM2_get0_id(ec_key))) {
|
||||
id = SM2_DEFAULT_ID;
|
||||
}
|
||||
|
||||
|
||||
idbits[0] = ((strlen(id) * 8) >> 8) % 256;
|
||||
idbits[1] = (strlen(id) * 8) % 256;
|
||||
|
||||
|
||||
if (!(md_ctx = EVP_MD_CTX_create())) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestInit_ex(md_ctx, md, NULL)) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
ERR_print_errors_fp(stderr);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, idbits, sizeof(idbits))) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, id, strlen(id))) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestUpdate(md_ctx, pkdata, pkdatalen)) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
if (!EVP_DigestFinal_ex(md_ctx, dgst, dgstlen)) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md,
|
||||
const void *msg, size_t msglen, unsigned char *dgst,
|
||||
unsigned int *dgstlen, EC_KEY *ec_key)
|
||||
{
|
||||
int ret = 0;
|
||||
EVP_MD_CTX md_ctx;
|
||||
unsigned char buf[EVP_MAX_MD_SIZE];
|
||||
unsigned int len;
|
||||
|
||||
EVP_MD_CTX_init(&md_ctx);
|
||||
|
||||
if (!EVP_DigestInit_ex(&md_ctx, msg_md, NULL)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!SM2_compute_id_digest(id_md, buf, &len, ec_key)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, buf, len)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(&md_ctx, msg, msglen)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EVP_DigestFinal_ex(&md_ctx, dgst, &len)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
*dgstlen = len;
|
||||
ret = 1;
|
||||
err:
|
||||
EVP_MD_CTX_cleanup(&md_ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_digest(const void *msg, size_t msglen, unsigned char *dgst,
|
||||
unsigned int *dgstlen, EC_KEY *ec_key)
|
||||
{
|
||||
const EVP_MD *id_md = EVP_sm3();
|
||||
const EVP_MD *msg_md = EVP_sm3();
|
||||
|
||||
return SM2_compute_message_digest(id_md, msg_md,
|
||||
msg, msglen, dgst, dgstlen, ec_key);
|
||||
}
|
||||
|
||||
@@ -1,77 +0,0 @@
|
||||
/* crypto/sm2/sm2_locl.h */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#ifndef HEADER_SM2_LOCL_H
|
||||
#define HEADER_SM2_LOCL_H
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct sm2_data_st {
|
||||
int (*init)(EC_KEY *);
|
||||
ENGINE *engine;
|
||||
int flags;
|
||||
const ECDSA_METHOD *sign_meth;
|
||||
const ECDH_METHOD *kap_meth; /* FIXME: SM2 KAP is different from ECDH */
|
||||
CRYPTO_EX_DATA ex_data;
|
||||
} SM2_DATA;
|
||||
|
||||
SM2_DATA *sm2_check(EC_KEY *eckey);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@@ -1,514 +0,0 @@
|
||||
/* crypto/sm2/sm2_sign.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. All advertising materials mentioning features or use of this
|
||||
* software must display the following acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project.
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
||||
* products derived from this software without prior written
|
||||
* permission. For written permission, please contact
|
||||
* guanzhi1980@gmail.com.
|
||||
*
|
||||
* 5. Products derived from this software may not be called "GmSSL"
|
||||
* nor may "GmSSL" appear in their names without prior written
|
||||
* permission of the GmSSL Project.
|
||||
*
|
||||
* 6. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by the GmSSL Project
|
||||
* (http://gmssl.org/)"
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
||||
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
||||
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
* ====================================================================
|
||||
*
|
||||
*/
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <string.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/sm2.h>
|
||||
|
||||
/* k in [1, n-1], (x, y) = kG */
|
||||
static int sm2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx_in, BIGNUM **kp, BIGNUM **xp)
|
||||
{
|
||||
int ret = 0;
|
||||
const EC_GROUP *ec_group;
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *k = NULL;
|
||||
BIGNUM *x = NULL;
|
||||
BIGNUM *order = NULL;
|
||||
EC_POINT *point = NULL;
|
||||
|
||||
if (ec_key == NULL || (ec_group = EC_KEY_get0_group(ec_key)) == NULL) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ctx_in == NULL) {
|
||||
if ((ctx = BN_CTX_new()) == NULL) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
else {
|
||||
ctx = ctx_in;
|
||||
}
|
||||
|
||||
k = BN_new();
|
||||
x = BN_new();
|
||||
order = BN_new();
|
||||
if (!k || !x || !order) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((point = EC_POINT_new(ec_group)) == NULL) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
do {
|
||||
/* get random k */
|
||||
do {
|
||||
if (!BN_rand_range(k, order)) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP,
|
||||
SM2_R_RANDOM_NUMBER_GENERATION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
|
||||
} while (BN_is_zero(k));
|
||||
|
||||
/* compute r the x-coordinate of generator * k */
|
||||
if (!EC_POINT_mul(ec_group, point, k, NULL, NULL, ctx)) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group)) == NID_X9_62_prime_field) {
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(ec_group, point, x, NULL, ctx)) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP,ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
} else /* NID_X9_62_characteristic_two_field */ {
|
||||
if (!EC_POINT_get_affine_coordinates_GF2m(ec_group, point, x, NULL, ctx)) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP,ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
//FIXME: do we need this?
|
||||
if (!BN_nnmod(x, x, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
} while (BN_is_zero(x));
|
||||
|
||||
/* clear old values if necessary */
|
||||
if (*kp != NULL)
|
||||
BN_clear_free(*kp);
|
||||
if (*xp != NULL)
|
||||
BN_clear_free(*xp);
|
||||
|
||||
/* save the pre-computed values */
|
||||
*kp = k;
|
||||
*xp = x;
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (!ret) {
|
||||
if (k) BN_clear_free(k);
|
||||
if (x) BN_clear_free(x);
|
||||
}
|
||||
if (ctx_in == NULL) BN_CTX_free(ctx);
|
||||
if (order) BN_free(order);
|
||||
if (point) EC_POINT_free(point);
|
||||
|
||||
return(ret);
|
||||
}
|
||||
|
||||
static ECDSA_SIG *sm2_do_sign(const unsigned char *dgst, int dgst_len,
|
||||
const BIGNUM *in_k, const BIGNUM *in_x, EC_KEY *ec_key)
|
||||
{
|
||||
int ok = 0;
|
||||
ECDSA_SIG *ret = NULL;
|
||||
const EC_GROUP *ec_group;
|
||||
const BIGNUM *priv_key;
|
||||
const BIGNUM *ck;
|
||||
BIGNUM *k = NULL;
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *order = NULL;
|
||||
BIGNUM *e = NULL;
|
||||
BIGNUM *bn = NULL;
|
||||
int i;
|
||||
|
||||
ec_group = EC_KEY_get0_group(ec_key);
|
||||
priv_key = EC_KEY_get0_private_key(ec_key);
|
||||
if (!ec_group || !priv_key) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!(ret = ECDSA_SIG_new())) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
order = BN_new();
|
||||
e = BN_new();
|
||||
bn = BN_new();
|
||||
if (!ctx || !order || !e || !bn) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* convert dgst to e */
|
||||
i = BN_num_bits(order);
|
||||
#if 0
|
||||
if (8 * dgst_len > i) {
|
||||
dgst_len = (i + 7)/8;
|
||||
}
|
||||
#endif
|
||||
if (!BN_bin2bn(dgst, dgst_len, e)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
#if 0
|
||||
if ((8 * dgst_len > i) && !BN_rshift(e, e, 8 - (i & 0x7))) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
#endif
|
||||
|
||||
do {
|
||||
/* use or compute k and (kG).x */
|
||||
if (!in_k || !in_x) {
|
||||
if (!sm2_sign_setup(ec_key, ctx, &k, &ret->r)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN,ERR_R_ECDSA_LIB);
|
||||
goto err;
|
||||
}
|
||||
ck = k;
|
||||
} else {
|
||||
ck = in_k;
|
||||
if (!BN_copy(ret->r, in_x)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* r = e + x (mod n) */
|
||||
if (!BN_mod_add(ret->r, ret->r, e, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
||||
if (!BN_mod_add(bn, ret->r, ck, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* check r != 0 && r + k != n */
|
||||
if (BN_is_zero(ret->r) || BN_is_zero(bn)) {
|
||||
if (in_k && in_x) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, SM2_R_NEED_NEW_SETUP_VALUES);
|
||||
goto err;
|
||||
} else
|
||||
continue;
|
||||
}
|
||||
|
||||
/* s = ((1 + d)^-1 * (k - rd)) mod n */
|
||||
if (!BN_one(bn)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!BN_mod_add(ret->s, priv_key, bn, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!BN_mod_inverse(ret->s, ret->s, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!BN_mod_mul(bn, ret->r, priv_key, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!BN_mod_sub(bn, ck, bn, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (!BN_mod_mul(ret->s, ret->s, bn, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* check s != 0 */
|
||||
if (BN_is_zero(ret->s)) {
|
||||
if (in_k && in_x) {
|
||||
SM2err(SM2_F_SM2_DO_SIGN, SM2_R_NEED_NEW_SETUP_VALUES);
|
||||
goto err;
|
||||
}
|
||||
} else
|
||||
break;
|
||||
|
||||
} while (1);
|
||||
|
||||
ok = 1;
|
||||
|
||||
err:
|
||||
if (!ok) {
|
||||
ECDSA_SIG_free(ret);
|
||||
ret = NULL;
|
||||
}
|
||||
if (k) BN_free(k);
|
||||
if (ctx) BN_CTX_free(ctx);
|
||||
if (order) BN_free(order);
|
||||
if (e) BN_free(e);
|
||||
if (bn) BN_free(bn);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int sm2_do_verify(const unsigned char *dgst, int dgstlen,
|
||||
const ECDSA_SIG *sig, EC_KEY *ec_key)
|
||||
{
|
||||
int ret = SM2_VERIFY_INNER_ERROR;
|
||||
const EC_GROUP *ec_group;
|
||||
const EC_POINT *pub_key;
|
||||
EC_POINT *point = NULL;
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *order = NULL;
|
||||
BIGNUM *e = NULL;
|
||||
BIGNUM *t = NULL;
|
||||
int i;
|
||||
|
||||
if (!sig || !ec_key ||
|
||||
!(ec_group = EC_KEY_get0_group(ec_key)) ||
|
||||
!(pub_key = EC_KEY_get0_public_key(ec_key))) {
|
||||
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, SM2_R_MISSING_PARAMETERS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
order = BN_new();
|
||||
e = BN_new();
|
||||
t = BN_new();
|
||||
|
||||
if (!ctx || !order || !e || !t) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* check r, s in [1, n-1] and r + s != 0 (mod n) */
|
||||
if (BN_is_zero(sig->r) ||
|
||||
BN_is_negative(sig->r) ||
|
||||
BN_ucmp(sig->r, order) >= 0 ||
|
||||
BN_is_zero(sig->s) ||
|
||||
BN_is_negative(sig->s) ||
|
||||
BN_ucmp(sig->s, order) >= 0) {
|
||||
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, SM2_R_BAD_SIGNATURE);
|
||||
ret = 0;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* check t = r + s != 0 */
|
||||
if (!BN_mod_add(t, sig->r, sig->s, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (BN_is_zero(t)) {
|
||||
ret = 0;
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* convert digest to e */
|
||||
i = BN_num_bits(order);
|
||||
#if 0
|
||||
if (8 * dgstlen > i) {
|
||||
dgstlen = (i + 7)/8;
|
||||
}
|
||||
#endif
|
||||
if (!BN_bin2bn(dgst, dgstlen, e)) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
#if 0
|
||||
if ((8 * dgstlen > i) && !BN_rshift(e, e, 8 - (i & 0x7))) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* compute (x, y) = sG + tP, P is pub_key */
|
||||
if (!(point = EC_POINT_new(ec_group))) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_mul(ec_group, point, sig->s, pub_key, t, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group)) == NID_X9_62_prime_field) {
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(ec_group, point, t, NULL, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
} else /* NID_X9_62_characteristic_two_field */ {
|
||||
if (!EC_POINT_get_affine_coordinates_GF2m(ec_group, point, t, NULL, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
if (!BN_nnmod(t, t, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* check (sG + tP).x + e == sig.r */
|
||||
if (!BN_mod_add(t, t, e, order, ctx)) {
|
||||
SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
if (BN_ucmp(t, sig->r) == 0) {
|
||||
ret = SM2_VERIFY_SUCCESS;
|
||||
} else {
|
||||
ret = SM2_VERIFY_FAILED;
|
||||
}
|
||||
|
||||
err:
|
||||
if (point) EC_POINT_free(point);
|
||||
if (order) BN_free(order);
|
||||
if (e) BN_free(e);
|
||||
if (t) BN_free(t);
|
||||
if (ctx) BN_CTX_free(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx_in, BIGNUM **kp, BIGNUM **xp)
|
||||
{
|
||||
return sm2_sign_setup(ec_key, ctx_in, kp, xp);
|
||||
}
|
||||
|
||||
ECDSA_SIG *SM2_do_sign_ex(const unsigned char *dgst, int dgstlen,
|
||||
const BIGNUM *kp, const BIGNUM *xp, EC_KEY *ec_key)
|
||||
{
|
||||
return sm2_do_sign(dgst, dgstlen, kp, xp, ec_key);
|
||||
}
|
||||
|
||||
ECDSA_SIG *SM2_do_sign(const unsigned char *dgst, int dgstlen, EC_KEY *ec_key)
|
||||
{
|
||||
return SM2_do_sign_ex(dgst, dgstlen, NULL, NULL, ec_key);
|
||||
}
|
||||
|
||||
int SM2_do_verify(const unsigned char *dgst, int dgstlen,
|
||||
const ECDSA_SIG *sig, EC_KEY *ec_key)
|
||||
{
|
||||
return sm2_do_verify(dgst, dgstlen, sig, ec_key);
|
||||
}
|
||||
|
||||
int SM2_sign_ex(int type, const unsigned char *dgst, int dgstlen,
|
||||
unsigned char *sig, unsigned int *siglen,
|
||||
const BIGNUM *k, const BIGNUM *x, EC_KEY *ec_key)
|
||||
{
|
||||
ECDSA_SIG *s;
|
||||
|
||||
RAND_seed(dgst, dgstlen);
|
||||
|
||||
if (!(s = SM2_do_sign_ex(dgst, dgstlen, k, x, ec_key))) {
|
||||
*siglen = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
*siglen = i2d_ECDSA_SIG(s, &sig);
|
||||
ECDSA_SIG_free(s);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
|
||||
unsigned char *sig, unsigned int *siglen, EC_KEY *ec_key)
|
||||
{
|
||||
return SM2_sign_ex(type, dgst, dgstlen, sig, siglen, NULL, NULL, ec_key);
|
||||
}
|
||||
|
||||
int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
|
||||
const unsigned char *sig, int siglen, EC_KEY *ec_key)
|
||||
{
|
||||
ECDSA_SIG *s;
|
||||
const unsigned char *p = sig;
|
||||
unsigned char *der = NULL;
|
||||
int derlen = -1;
|
||||
int ret = -1;
|
||||
|
||||
if (!(s = ECDSA_SIG_new())) {
|
||||
return ret;
|
||||
}
|
||||
if (!d2i_ECDSA_SIG(&s, &p, siglen)) {
|
||||
goto err;
|
||||
}
|
||||
derlen = i2d_ECDSA_SIG(s, &der);
|
||||
if (derlen != siglen || memcmp(sig, der, derlen)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = SM2_do_verify(dgst, dgstlen, s, ec_key);
|
||||
|
||||
err:
|
||||
if (derlen > 0) {
|
||||
OPENSSL_cleanse(der, derlen);
|
||||
OPENSSL_free(der);
|
||||
}
|
||||
|
||||
ECDSA_SIG_free(s);
|
||||
return ret;
|
||||
}
|
||||
1290
crypto/sm2/sm2test.c
1290
crypto/sm2/sm2test.c
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user