diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 7c6d0d93..4eb731cd 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -12,7 +12,9 @@ #include #include #include "ec_lcl.h" - +#ifndef OPENSSL_NO_SM2 +# include "../ecies/ecies_lcl.h" +#endif static const EC_KEY_METHOD openssl_ec_key_method = { "OpenSSL EC_KEY method", @@ -26,10 +28,10 @@ static const EC_KEY_METHOD openssl_ec_key_method = { ossl_ecdsa_verify, ossl_ecdsa_verify_sig, #ifndef OPENSSL_NO_SM2 - ossl_ecies_encrypt, - ossl_ecies_do_encrypt, - ossl_ecies_decrypt, - ossl_ecies_do_decrypt, + gmssl_ecies_encrypt, + gmssl_ecies_do_encrypt, + gmssl_ecies_decrypt, + gmssl_ecies_do_decrypt, #endif }; @@ -53,6 +55,18 @@ void EC_KEY_set_default_method(const EC_KEY_METHOD *meth) default_ec_key_meth = meth; } +#ifndef OPENSSL_NO_SM2 +void EC_KEY_set_default_secg_method(void) +{ + default_ec_key_meth = EC_KEY_OpenSSL(); +} + +void EC_KEY_set_default_sm_method(void) +{ + default_ec_key_meth = EC_KEY_GmSSL(); +} +#endif + const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key) { return key->meth; diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index b2912e42..56f4447e 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -624,14 +624,3 @@ int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32]); void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]); - -#ifndef OPENSSL_NO_SM2 -int ossl_ecies_encrypt(int type, const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key); -ECIES_CIPHERTEXT_VALUE *ossl_ecies_do_encrypt(int type, const unsigned char *in, - size_t inlen, EC_KEY *ec_key); -int ossl_ecies_decrypt(int type, const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key); -int ossl_ecies_do_decrypt(int type, const ECIES_CIPHERTEXT_VALUE *in, - unsigned char *out, size_t *outlen, EC_KEY *ec_key); -#endif diff --git a/crypto/ecies/build.info b/crypto/ecies/build.info index 6983895d..32dc56ba 100644 --- a/crypto/ecies/build.info +++ b/crypto/ecies/build.info @@ -1,2 +1,2 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=ecies_asn1.c ecies_lib.c +SOURCE[../../libcrypto]=ecies_asn1.c ecies_lib.c ecies_gmssl.c diff --git a/crypto/ecies/ecies_gmssl.c b/crypto/ecies/ecies_gmssl.c new file mode 100644 index 00000000..941550d3 --- /dev/null +++ b/crypto/ecies/ecies_gmssl.c @@ -0,0 +1,111 @@ +/* ==================================================================== + * Copyright (c) 2007 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include + +int gmssl_ecies_encrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key) +{ + ECIES_CIPHERTEXT_VALUE *cv = NULL; + + RAND_seed(in, inlen); + if (!(cv = ECIES_do_encrypt(type, in, inlen, ec_key))) { + *outlen = 0; + return 0; + } + + *outlen = i2d_ECIES_CIPHERTEXT_VALUE(cv, &out); + ECIES_CIPHERTEXT_VALUE_free(cv); + return 1; +} + +int gmssl_ecies_decrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key) +{ + ECIES_CIPHERTEXT_VALUE *cv = NULL; + const unsigned char *cp = in; + unsigned char *der = NULL; + int derlen = -1; + int ret = -1; + + if (!(cv = d2i_ECIES_CIPHERTEXT_VALUE(NULL, &cp, inlen))) { + return -1; + } + + derlen = i2d_ECIES_CIPHERTEXT_VALUE(cv, &der); + if (derlen != inlen || memcmp(in, der, derlen) != 0) { + goto end; + } + + ret = ECIES_do_decrypt(type, cv, out, outlen, ec_key); + +end: + OPENSSL_clear_free(der, derlen); + ECIES_CIPHERTEXT_VALUE_free(cv); + return ret; +} + +ECIES_CIPHERTEXT_VALUE *gmssl_ecies_do_encrypt(int type, const unsigned char *in, + size_t inlen, EC_KEY *ec_key) +{ + ECIES_PARAMS param; + ECIES_PARAMS_init_with_recommended(¶m); + return ECIES_do_encrypt(¶m, in, inlen, ec_key); +} + +int gmssl_ecies_do_decrypt(int type, const ECIES_CIPHERTEXT_VALUE *in, + unsigned char *out, size_t *outlen, EC_KEY *ec_key) +{ + ECIES_PARAMS param; + ECIES_PARAMS_init_with_recommended(¶m); + return ECIES_do_decrypt(¶m, in, out, outlen, ec_key); +} diff --git a/crypto/ecies/ecies_lcl.h b/crypto/ecies/ecies_lcl.h new file mode 100644 index 00000000..670eaf9b --- /dev/null +++ b/crypto/ecies/ecies_lcl.h @@ -0,0 +1,60 @@ +/* ==================================================================== + * Copyright (c) 2007 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include + +int gmssl_ecies_encrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key); +int gmssl_ecies_decrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key); +ECIES_CIPHERTEXT_VALUE *gmssl_ecies_do_encrypt(int type, + const unsigned char *in, size_t inlen, EC_KEY *ec_key); +int gmssl_ecies_do_decrypt(int type, const ECIES_CIPHERTEXT_VALUE *in, + unsigned char *out, size_t *outlen, EC_KEY *ec_key); diff --git a/crypto/ecies/ecies_ossl.c b/crypto/ecies/ecies_ossl.c deleted file mode 100644 index ccff2d73..00000000 --- a/crypto/ecies/ecies_ossl.c +++ /dev/null @@ -1,28 +0,0 @@ - - - - -int ossl_ecies_encrypt(int type, const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - return 0; -} - -ECIES_CIPHERTEXT_VALUE *ossl_ecies_do_encrypt(int type, const unsigned char *in, - size_t inlen, EC_KEY *ec_key) -{ - return NULL; -} - -int ossl_ecies_decrypt(int type, const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - return 0; -} - -int ossl_ecies_do_decrypt(int type, const ECIES_CIPHERTEXT_VALUE *in, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - return NULL; -} - diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h index b2750a5e..47a76044 100755 --- a/include/openssl/sm2.h +++ b/include/openssl/sm2.h @@ -221,61 +221,35 @@ void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx); const EC_KEY_METHOD *EC_KEY_GmSSL(void); -const EC_KEY_METHOD *EC_KEY_get_default_secg_method(void); -const EC_KEY_METHOD *EC_KEY_get_default_sm_method(void); -void EC_KEY_set_default_secg_method(const EC_KEY_METHOD *meth); -void EC_KEY_set_default_sm_method(const EC_KEY_METHOD *meth); +void EC_KEY_set_default_secg_method(void); +void EC_KEY_set_default_sm_method(void); +int EC_KEY_METHOD_type(const EC_KEY_METHOD *meth); + void EC_KEY_METHOD_set_encrypt(EC_KEY_METHOD *meth, - int (*encrypt)(int type, - const unsigned char *in, - size_t inlen, - unsigned char *out, - size_t *outlen, - EC_KEY *ec_key), - ECIES_CIPHERTEXT_VALUE *(*do_encrypt)(int type, - const unsigned char *in, - size_t inlen, - EC_KEY *ec_key)); + int (*encrypt)(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key), + ECIES_CIPHERTEXT_VALUE *(*do_encrypt)(int type, + const unsigned char *in, size_t inlen, EC_KEY *ec_key)); void EC_KEY_METHOD_set_decrypt(EC_KEY_METHOD *meth, - int (*decrypt)(int type, - const unsigned char *in, - size_t inlen, - unsigned char *out, - size_t *outlen, - EC_KEY *ec_key), - int (do_decrypt)(int type, - const ECIES_CIPHERTEXT_VALUE *in, - unsigned char *out, - size_t *outlen, - EC_KEY *ec_key)); + int (*decrypt)(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key), + int (do_decrypt)(int type, const ECIES_CIPHERTEXT_VALUE *in, + unsigned char *out, size_t *outlen, EC_KEY *ec_key)); void EC_KEY_METHOD_get_encrypt(EC_KEY_METHOD *meth, - int (**pencrypt)(int type, - const unsigned char *in, - size_t inlen, - unsigned char *out, - size_t *outlen, - EC_KEY *ec_key), - ECIES_CIPHERTEXT_VALUE *(**pdo_encrypt)(int type, - const unsigned char *in, - size_t inlen, - EC_KEY *ec_key)); + int (**pencrypt)(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key), + ECIES_CIPHERTEXT_VALUE *(**pdo_encrypt)(int type, + const unsigned char *in, size_t inlen, EC_KEY *ec_key)); void EC_KEY_METHOD_get_decrypt(EC_KEY_METHOD *meth, - int (**pdecrypt)(int type, - const unsigned char *in, - size_t inlen, - unsigned char *out, - size_t *outlen, - EC_KEY *ec_key), - int (**pdo_decrypt)(int type, - const ECIES_CIPHERTEXT_VALUE *in, - unsigned char *out, - size_t *outlen, - EC_KEY *ec_key)); + int (**pdecrypt)(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key), + int (**pdo_decrypt)(int type, const ECIES_CIPHERTEXT_VALUE *in, + unsigned char *out, size_t *outlen, EC_KEY *ec_key)); #ifdef __cplusplus }