abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-12 03:16:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add SM2 AlgorithmIdentifier option

Browse Source 
Add option in CMake to support NULL parameters encoding
This commit is contained in:
Zhi Guan
2023-02-09 11:44:27 +08:00
parent 930a359120
commit 8a0a23f91d
6 changed files with 64 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/sm2_alg.c
View File

@@ -1081,8 +1081,6 @@ int sm2_jacobian_point_equ_hex(const SM2_JACOBIAN_POINT *P, const char hex[128])
return (sm2_bn_cmp(x, T->X) == 0) && (sm2_bn_cmp(y, T->Y) == 0);
}
int sm2_point_is_on_curve(const SM2_POINT *P)
{
SM2_JACOBIAN_POINT T;

7
src/sm2_recover.c
View File

@@ -40,6 +40,7 @@ int sm2_signature_to_public_key_points(const SM2_SIGNATURE *sig, const uint8_t d
SM2_Fp x1;
SM2_Fp y1;
// FIXME: check r, s
sm2_bn_from_bytes(r, sig->r);
sm2_bn_from_bytes(s, sig->s);
@@ -120,6 +121,7 @@ int sm2_signature_conjugate(const SM2_SIGNATURE *sig, SM2_SIGNATURE *new_sig)
SM2_Fn r;
SM2_Fn s;
// FIXME: check r,s
sm2_bn_from_bytes(r, sig->r);
sm2_bn_from_bytes(s, sig->s);
sm2_fn_neg(r, r);
@@ -129,3 +131,8 @@ int sm2_signature_conjugate(const SM2_SIGNATURE *sig, SM2_SIGNATURE *new_sig)
return 1;
}
// TODO: Add API to support sig,siglen

38
src/x509_alg.c
View File

@@ -279,6 +279,17 @@ from RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
from RFC 3279 Algorithms and Identifiers for the
Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL) Profile
2.2.3 ECDSA Signature Algorithm
When the ecdsa-with-SHA1 algorithm identifier appears as the
algorithm field in an AlgorithmIdentifier, the encoding MUST omit the
parameters field. That is, the AlgorithmIdentifier SHALL be a
SEQUENCE of one component: the OBJECT IDENTIFIER ecdsa-with-SHA1.
from RFC 5754 Using SHA2 Algorithms with Cryptographic Message Syntax
@@ -313,16 +324,23 @@ from RFC 5758 Internet X.509 Public Key Infrastructure:
SHA384, or ecdsa-with-SHA512.
*/
#ifdef SM2_ALGOR_ID_ENCODE_NULL // from CMakeLists.txt
#define SM2_SIGN_ALGOR_FLAGS 1
#else
#define SM2_SIGN_ALGOR_FLAGS 0
#endif
static const ASN1_OID_INFO x509_sign_algors[] = {
{ OID_sm2sign_with_sm3, "sm2sign-with-sm3", oid_sm2sign_with_sm3, sizeof(oid_sm2sign_with_sm3)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_sm2sign_with_sm3, "sm2sign-with-sm3", oid_sm2sign_with_sm3, sizeof(oid_sm2sign_with_sm3)/sizeof(int), SM2_SIGN_ALGOR_FLAGS },
{ OID_rsasign_with_sm3, "rsasign-with-sm3", oid_rsasign_with_sm3, sizeof(oid_rsasign_with_sm3)/sizeof(int), 1 },
{ OID_ecdsa_with_sha1, "ecdsa-with-sha1", oid_ecdsa_with_sha1, sizeof(oid_ecdsa_with_sha1)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_ecdsa_with_sha224, "ecdsa-with-sha224", oid_ecdsa_with_sha224, sizeof(oid_ecdsa_with_sha224)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM } ,
{ OID_ecdsa_with_sha256, "ecdsa-with-sha256", oid_ecdsa_with_sha256, sizeof(oid_ecdsa_with_sha256)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_ecdsa_with_sha384, "ecdsa-with-sha384", oid_ecdsa_with_sha384, sizeof(oid_ecdsa_with_sha384)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_ecdsa_with_sha512, "ecdsa-with-sha512", oid_ecdsa_with_sha512, sizeof(oid_ecdsa_with_sha512)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_rsasign_with_md5, "md5WithRSAEncryption", oid_rsasign_with_md5, sizeof(oid_rsasign_with_md5)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_rsasign_with_sha1, "sha1WithRSAEncryption", oid_rsasign_with_sha1, sizeof(oid_rsasign_with_sha1)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
{ OID_ecdsa_with_sha1, "ecdsa-with-sha1", oid_ecdsa_with_sha1, sizeof(oid_ecdsa_with_sha1)/sizeof(int), 0 },
{ OID_ecdsa_with_sha224, "ecdsa-with-sha224", oid_ecdsa_with_sha224, sizeof(oid_ecdsa_with_sha224)/sizeof(int), 0 } ,
{ OID_ecdsa_with_sha256, "ecdsa-with-sha256", oid_ecdsa_with_sha256, sizeof(oid_ecdsa_with_sha256)/sizeof(int), 0 },
{ OID_ecdsa_with_sha384, "ecdsa-with-sha384", oid_ecdsa_with_sha384, sizeof(oid_ecdsa_with_sha384)/sizeof(int), 0 },
{ OID_ecdsa_with_sha512, "ecdsa-with-sha512", oid_ecdsa_with_sha512, sizeof(oid_ecdsa_with_sha512)/sizeof(int), 0 },
{ OID_rsasign_with_md5, "md5WithRSAEncryption", oid_rsasign_with_md5, sizeof(oid_rsasign_with_md5)/sizeof(int), 0 },
{ OID_rsasign_with_sha1, "sha1WithRSAEncryption", oid_rsasign_with_sha1, sizeof(oid_rsasign_with_sha1)/sizeof(int), 0 },
{ OID_rsasign_with_sha224, "sha224WithRSAEncryption", oid_rsasign_with_sha224, sizeof(oid_rsasign_with_sha224)/sizeof(int), 1 },
{ OID_rsasign_with_sha256, "sha256WithRSAEncryption", oid_rsasign_with_sha256, sizeof(oid_rsasign_with_sha256)/sizeof(int), 1 },
{ OID_rsasign_with_sha384, "sha384WithRSAEncryption", oid_rsasign_with_sha384, sizeof(oid_rsasign_with_sha384)/sizeof(int), 1 },
@@ -388,11 +406,13 @@ int x509_signature_algor_from_der(int *oid, const uint8_t **in, size_t *inlen)
return -1;
}
if (len) {
if (info->flags == 0) {
warning_print();
}
if (asn1_null_from_der(&p, &len) < 0) {
error_print();
return -1;
}
// FIXME: check info->flags
if (len) {
error_print();
return -1;