diff --git a/README.md b/README.md index fb070889..ebf4c2b3 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,12 @@ GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 and other national secret (national commercial password) algorithm, SM2 digital certificate and SM2 certificate based on SSL / TLS secure communication protocol to support the national security hardware password device , To provide in line with the national standard programming interface and command line tools, can be used to build PKI / CA, secure communication, data encryption and other standards in line with national security applications. The GmSSL project is a branch of the [OpenSSL](https://www.openssl.org)project and is compatible with OpenSSL. So GmSSL can replace the application of OpenSSL components, and make the application automatically with national security capabilities. The GmSSL project utilizes a business-friendly BSD open source license, open source and can be used for closed source commercial applications. GmSSL project by the Peking University [Guan Zhi](http://infosec.pku.edu.cn/~guanzhi/)deputy researcher of the cryptography research group development and maintenance, the project source code hosted in [GitHub](https://github.com /guanzhi/GmSSL). Since its release in 2014, GmSSL has been deployed and applied in multiple projects and products, and has won the second prize of the "One Cup" China Linux Software Contest in 2015 (the highest award) and [Open Source China](https://www.oschina.net/p/GmSSL) password class recommended items. The core goal of the GmSSL project is to promote the construction of cyberspace security through open source cryptography. +In 2014, the GmSSL (http://gmssl.org) project is released to provide open source implementations of Chinese GM cryptography standards. +Now, GmSSL is the most popular open source GM cryptography toolkit in China. +GmSSL team are helping big companies to transfer from International standards to national standards + + + ## Latest News - February 15, 2017 rename master to gmssl-v1,current master branch migrate to OpenSSL-1.1.0。 @@ -11,154 +17,100 @@ GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM - January 18, 2017 Updated the project home page - [More ...](http://gmssl.org/docs/changelog.html) -## SM Crypto Algorithm +## Algorithm + + - ZUC stream cipher, defined in GM/T 0001-2012 + - SM4 block cipher with 128-bit key length and 128-bit block size, defined in GM/T 0002-2012 + - SM3 Digest Algorithm with 256-bit digest length and 512-bit block size, defined in GM/T 0004-2012 + - SM2 ellptic curve cryptography and 256-bit prime field recommended domain parameters, defined in GM/T 0003-2012 + - SM9 pairing-based cryptography and recommended BN-curve, defined in GM/T 0046-2016 + - SM1 block cipher with 128-bit key length and 128-bit block size, only provided with chip + - SSF33 block cipher with 128-bit key length and 128-bit block size, only provided by chip + +## Programming Interfaces + + - SKF C API (GM/T 0016-2012) Smart token cryptography application interface specification. + - SDF C API (GM/T 0018-2012) Interface specifications of cryptography device application. + - SAF C API (GM/T 0019-2012) Universal cryptography service interface specification. + - SOF C/Java API (GM/T 0020-2012) Certificate application integrated service interface specification. + +## Protocols + + - One-time password scheme based on SM3 and SM4 + - SSL VPN protocol with RSA/SM2/SM9-SM4-SM3 cipher suites + - IPSec VPN protocol + +## Features + + - Support Chinese + - Full support of Chinese GM Cryptography Standards + - Support Chinese cryptographic hardwares (HSMs). + - Commercial friendly BSD-style open source license. + - Support SSL protocols + - Compatible with OpenSSL, all OpenSSL functionalities preserved. The secret algorithm is the abbreviation of the national commercial cryptographic algorithm. Since 2012, the National Password Authority to the "People's Republic of China password industry standard" approach, have announced the SM2 / SM3 / SM4 and other cryptographic algorithm standards and application specifications. Which "SM" on behalf of "business secret", that is used for commercial, not involving state secrets of the password technology. SM2 is a public key cryptography algorithm based on elliptic curve cryptography, including digital signature, key exchange and public key encryption. It is used to replace international algorithms such as RSA / Diffie-Hellman / ECDSA / ECDH. SM3 is password hash algorithm, SM4 is a block cipher used to replace DES / AES and other international algorithms. SM9 is an identity-based cryptographic algorithm that can replace PKI / CA based on digital certificate. By deploying the secret algorithm, you can reduce the security risks caused by weak passwords and bug implementations and the overhead of deploying PKI / CA. -## 2.0 New Features - - * Based on OpenSSL 1.1.x - * SM2 signature generation with Z values - * Frameworks and engines to support SKF/SDF HSMs - * TLS with SM2/SM3/SMS4 cipher suites - ## Quick Start -Quick Start Guide describes the basic instructions for compiling, installing, and `gmssl` command line tools for GmSSL. +This short guide describes the build, install and typical usage of the `gmssl` command line tool. Visit http://gmssl.org for more documents. -1. Download the source code ([zip](https://github.com/guanzhi/GmSSL/archive/master.zip)),unzip it to current directory. +1. Download the source code ([GmSSL-master.zip](https://github.com/guanzhi/GmSSL/archive/master.zip)) and uncompress the ZIP file. +2. Compile and install on Linux and Mac OS X +```sh +$ ./config +$ make +$ sudo make install +``` + Compile and install on Windows - ```sh - $ tar xzvf gmssl-.tar.gz - ``` +```bash +> perl Configure VC-WIN32 +> nmake +> nmake install +``` -2. Compile and install +​ After installation, you can run `gmssl version -a` to print the detailed information of gmssl. -   Linux (Other platform see [Compile and instal](http://gmssl.org)) +3. Encrypt and decrypt with SM4 and password - ```sh - $ ./config - $ make - $ sudo make install - ``` - - After installation, you can execute the `gmssl` command line tool to check for success - - ```sh - $ gmssl version - GmSSL 1.3.0 - OpenSSL 1.0.2d - ``` - -3. SM4 encrypt file - - ```sh - $ gmssl sms4 -e -in -out .sms4 - enter sms4-cbc encryption password: - Verifying - enter sms4-cbc encryption password: - ``` - - decrypt - - ```sh - $ gmssl sms4 -d -in .sms4 - enter sms4-cbc decryption password: - ``` +```sh +$ echo -n abc | gmssl sms4 -out ciphertext.bin +$ gmssl sms4 -d -in ciphertext.sms4 +``` 4. Generate SM3 digest - ``` - $ gmssl sm3 - SM3(yourfile)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0 - ``` +``` +$ echo -n abc | gmssl sm3 +(stdin)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0 +``` -5. Generate SM2 key and sign +5. Generate SM2 keypair - ```sh - $ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \ - -pkeyopt ec_param_enc:named_curve -out signkey.pem - $ gmssl pkeyutl -sign -pkeyopt ec_sign_algor:sm2 -inkey signkey.pem \ - -in -out .sig - ``` +```sh +$ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out skey.pem +$ gmssl pkey -pubout -in skey.pem -out pkey.pem +``` - You can export the public key from `signkey.pem` to the party that issued the signature +6. Generate SM2 signature (in DER format) and verify - ```sh - $ gmssl pkey -pubout -in signkey.pem -out vrfykey.pem - $ gmssl pkeyutl -verify -pkeyopt ec_sign_algor:sm2 -pubin -inkey vrfykey.pem \ - -in -sigfile .sig - ``` +```sh +$ gmssl pkeyutl -sign -pkeyopt ec_scheme:sm_scheme -inkey skey.pem -in msg.txt -out msg.sig +$ gmssl pkeyutl -verify -pkeyopt ec_scheme:sm_scheme -pubin -inkey vrfykey.pem -in -sigfile .sig +``` -6. Generate self-signed certificate +7. Do public key encryption and decryption - ```sh - $ gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 \ - -pkeyopt ec_param_enc:named_curve -out ca.key - $ gmssl req -sm3 -new -x509 -days 365 -key ca.key -out ca.crt - ``` +```sh +$ gmssl pkeyutl -sign -pkeyopt ec_scheme:sm_scheme -inkey skey.pem -in msg.txt -out msg.sig +$ gmssl pkeyutl -verify -pkeyopt ec_scheme:sm_scheme -pubin -inkey vrfykey.pem -in -sigfile .sig +``` -## Project documentation +8. Generate a self-signed certificate from private key - - User manual +```sh +$ gmssl req -new -x509 -key skey.pem -out cert.pem +``` -    * [Compile and install](http://gmssl.org/docs/install.html) - -    * [Command line tool manual](http://gmssl.org/docs/commands.html) - -    * [GmSSL EVP API](http://gmssl.org/docs/evp-api.html) - -    * [GmSSL Java API](http://gmssl.org/docs/java-api.html) - - - Password algorithm - -    * [SM1 group password](http://gmssl.org/docs/sm1.html) - -    * [SSF33 group password](http://gmssl.org/docs/ssf33.html) - -    * [SM2 elliptic curve public key password](http://gmssl.org/docs/sm2.html) - -    * [SM3 password hash algorithm](http://gmssl.org/docs/sm3.html) - -    * [SM4 / SMS4 group password](http://gmssl.org/docs/sm4.html) - -    * [SM9 identity-based password](http://gmssl.org/docs/sm9.html) - -    * [ZUC sequence password](http://gmssl.org/docs/zuc.html) - -    * [CPK combination public key password](http://gmssl.org/docs/cpk.html) - -    * [BF-IBE (Boneh-Franklin Identity-Based Encryption)](http://gmssl.org/docs/bfibe.html) - -    * [BB-IBE (Boneh-Boyen Identity-Based Encryption)](http://gmssl.org/docs/bb1ibe.html) - - - password hardware - -    * [Password hardware support](http://gmssl.org/docs/crypto-devices.html) - -    * [Country density SKF password hardware](http://gmssl.org/docs/skf.html) - -    * [National secret SDF password hardware](http://gmssl.org/docs/sdf.html) - -    * [Key management service](http://gmssl.org/docs/keyservice.html) - - - Security protocol - -    * [SSL / TLS protocol](http://gmssl.org/docs/ssl.html) - -    * [National secret SSL VPN protocol](http://gmssl.org/docs/sslvpn.html) - -    * [National secret IPSec VPN protocol](http://gmssl.org/docs/ipsecvpn.html) - - - Developer - -    * [GmSSL Coding Style](http://gmssl.org/docs/gmssl-coding-style.html) - -    * [Roadmap](http://gmssl.org/docs/roadmap.html) - -    * [Open source license (GmSSL Licenses)](http://gmssl.org/docs/licenses.html) - - - Standards and norms - -    * [People's Republic of China password industry standard](http://gmssl.org/docs/standards.html) - -    * [National secret algorithm identification OID](http://gmssl.org/docs/oid.html) diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 71cd5b39..fcb3ef7c 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -347,42 +347,3 @@ tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) - - -[openssl_init] -engines = engine_section - -[engine_section] -skf = skf_section - -[pkcs11_section] -engine_id = pkcs11 -dynamic_path = /usr/lib/engines/engine_pkcs11.so -MODULE_PATH = /usr/local/lib/opensc-pkcs11.so -PIN = 123456 -init = 0 - -[sdf_section] -engine_id = sdf -SO_PATH = /Users/guanzhi/code/github/GmSSL-Private/engines/sdf_dummy.dylib -VENDOR = sansec -OPEN_DEV = -init = 1 - -[skf_section] -engine_id = skf -VERBOSE = 2 -SO_PATH = /home/guanzhi/code/github/GmSSL-Private/engines/libSKF_final.so -SET_AUTHKEY = 31323334353637383132333435363738 -OPEN_DEV = /media/guanzhi/Factory -OPEN_APP = myApp1 -init = 1 - - - - -#[req] -#distinguished_name = req_distinguished_name -# -#[req_distinguished_name] - diff --git a/apps/speed.c b/apps/speed.c index 74ec9a8d..44b8ff37 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -399,7 +399,7 @@ static int found(const char *name, const OPT_PAIR *pairs, int *result) typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, - OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS + OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_NOPRE } OPTION_CHOICE; OPTIONS speed_options[] = { @@ -409,6 +409,7 @@ OPTIONS speed_options[] = { {"evp", OPT_EVP, 's', "Use specified EVP cipher"}, {"decrypt", OPT_DECRYPT, '-', "Time decryption instead of encryption (only EVP)"}, + {"nopre", OPT_NOPRE, '-', "Disable pre-compute"}, {"mr", OPT_MR, '-', "Produce machine readable output"}, {"mb", OPT_MB, '-', "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"}, @@ -1408,6 +1409,7 @@ int speed_main(int argc, char **argv) double d = 0.0; OPTION_CHOICE o; int multiblock = 0, pr_header = 0; + int nopre = 0; int doit[ALGOR_NUM] = { 0 }; int ret = 1, i, k, misalign = 0; long count = 0; @@ -1634,6 +1636,9 @@ int speed_main(int argc, char **argv) goto end; #endif break; + case OPT_NOPRE: + nopre = 1; + break; } } argc = opt_num_rest(); @@ -2771,7 +2776,8 @@ int speed_main(int argc, char **argv) rsa_count = 1; } else { for (i = 0; i < loopargs_len; i++) { - EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL); + if (!nopre) + EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL); /* Perform ECDSA signature test */ EC_KEY_generate_key(loopargs[i].ecdsa[testnum]); st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2, @@ -2953,7 +2959,8 @@ int speed_main(int argc, char **argv) rsa_count = 1; } else { for (i = 0; i < loopargs_len; i++) { - EC_KEY_precompute_mult(loopargs[i].sm2[testnum], NULL); + if (!nopre) + EC_KEY_precompute_mult(loopargs[i].sm2[testnum], NULL); /* Perform SM2 signature test */ EC_KEY_generate_key(loopargs[i].sm2[testnum]); st = SM2_sign(0, loopargs[i].buf, 32, loopargs[i].buf2, @@ -3039,7 +3046,8 @@ int speed_main(int argc, char **argv) rsa_count = 1; } else { for (i = 0; i < loopargs_len; i++) { - EC_KEY_precompute_mult(loopargs[i].sm2[testnum], NULL); + if (!nopre) + EC_KEY_precompute_mult(loopargs[i].sm2[testnum], NULL); /* Perform SM2 encryption test */ EC_KEY_generate_key(loopargs[i].sm2[testnum]); st = SM2_encrypt(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2, diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index ce0b35d8..f11495c6 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7761] = { +static const unsigned char so[7787] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1033,7 +1033,7 @@ static const unsigned char so[7761] = { 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x79, /* [ 7266] OBJ_sm2sign_with_sha224 */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x7A, /* [ 7274] OBJ_sm2sign_with_sha384 */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x7B, /* [ 7282] OBJ_sm2sign_with_rmd160 */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x65, /* [ 7290] OBJ_wapip192v1 */ + 0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,0x02,0x01, /* [ 7290] OBJ_wapip192v1 */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20, /* [ 7299] OBJ_zuc */ 0x2A,0x86,0x48,0x01,0x86,0xFD,0x1E,0x01,0x02,0x01, /* [ 7307] OBJ_bfibe */ 0x2A,0x86,0x48,0x01,0x86,0xFD,0x1E,0x01,0x02,0x02, /* [ 7317] OBJ_bb1 */ @@ -1087,9 +1087,13 @@ static const unsigned char so[7761] = { 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,0x01, /* [ 7732] OBJ_zuc_128eea3 */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x20,0x02, /* [ 7741] OBJ_zuc_128eia3 */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x64, /* [ 7750] OBJ_pbe_WithSM3AndSMS4_CBC */ + 0x2A,0x81,0x1C,0xD7,0x63, /* [ 7760] OBJ_bwips */ + 0x2A,0x81,0x1C,0xD7,0x63,0x01, /* [ 7765] OBJ_wapi_crypto */ + 0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01, /* [ 7771] OBJ_wapi_ec */ + 0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,0x01, /* [ 7778] OBJ_wapi_ecdsa192_sha256 */ }; -#define NUM_NID 1196 +#define NUM_NID 1200 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2287,9 +2291,13 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"zuc-128eea3", "zuc-128eea3", NID_zuc_128eea3, 9, &so[7732]}, {"zuc-128eia3", "zuc-128eia3", NID_zuc_128eia3, 9, &so[7741]}, {"PBE-SM3-SMS4", "pbeWithSM3AndSMS4-CBC", NID_pbe_WithSM3AndSMS4_CBC, 10, &so[7750]}, + {"bwips", "bwips", NID_bwips, 5, &so[7760]}, + {"wapi-crypto", "wapi-crypto", NID_wapi_crypto, 6, &so[7765]}, + {"wapi-ec", "wapi-ec", NID_wapi_ec, 7, &so[7771]}, + {"wapi-ecdsa192-sha256", "wapi-ecdsa192-sha256", NID_wapi_ecdsa192_sha256, 8, &so[7778]}, }; -#define NUM_SN 1185 +#define NUM_SN 1189 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2626,6 +2634,7 @@ static const unsigned int sn_objs[NUM_SN] = { 934, /* "brainpoolP512t1" */ 494, /* "buildingName" */ 860, /* "businessCategory" */ + 1196, /* "bwips" */ 691, /* "c2onb191v4" */ 692, /* "c2onb191v5" */ 697, /* "c2onb239v4" */ @@ -3465,6 +3474,9 @@ static const unsigned int sn_objs[NUM_SN] = { 740, /* "wap-wsg-idm-ecid-wtls7" */ 741, /* "wap-wsg-idm-ecid-wtls8" */ 742, /* "wap-wsg-idm-ecid-wtls9" */ + 1197, /* "wapi-crypto" */ + 1198, /* "wapi-ec" */ + 1199, /* "wapi-ecdsa192-sha256" */ 1135, /* "wapip192v1" */ 1144, /* "weil-pairing" */ 804, /* "whirlpool" */ @@ -3478,7 +3490,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1194, /* "zuc-128eia3" */ }; -#define NUM_LN 1185 +#define NUM_LN 1189 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3744,6 +3756,7 @@ static const unsigned int ln_objs[NUM_LN] = { 934, /* "brainpoolP512t1" */ 494, /* "buildingName" */ 860, /* "businessCategory" */ + 1196, /* "bwips" */ 691, /* "c2onb191v4" */ 692, /* "c2onb191v5" */ 697, /* "c2onb239v4" */ @@ -4652,6 +4665,9 @@ static const unsigned int ln_objs[NUM_LN] = { 740, /* "wap-wsg-idm-ecid-wtls7" */ 741, /* "wap-wsg-idm-ecid-wtls8" */ 742, /* "wap-wsg-idm-ecid-wtls9" */ + 1197, /* "wapi-crypto" */ + 1198, /* "wapi-ec" */ + 1199, /* "wapi-ecdsa192-sha256" */ 1135, /* "wapip192v1" */ 1144, /* "weil-pairing" */ 804, /* "whirlpool" */ @@ -4667,7 +4683,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1194, /* "zuc-128eia3" */ }; -#define NUM_OBJ 1082 +#define NUM_OBJ 1086 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -4908,6 +4924,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ 639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ 1084, /* OBJ_oscca 1 2 156 10197 */ + 1196, /* OBJ_bwips 1 2 156 11235 */ 805, /* OBJ_cryptopro 1 2 643 2 2 */ 806, /* OBJ_cryptocom 1 2 643 2 9 */ 974, /* OBJ_id_tc26 1 2 643 7 1 */ @@ -4993,6 +5010,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ 804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ 1085, /* OBJ_sm_scheme 1 2 156 10197 1 */ + 1197, /* OBJ_wapi_crypto 1 2 156 11235 1 */ 773, /* OBJ_kisa 1 2 410 200004 */ 807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ 808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ @@ -5059,6 +5077,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ 635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ 436, /* OBJ_ucl 0 9 2342 19200300 */ + 1198, /* OBJ_wapi_ec 1 2 156 11235 1 1 */ 820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ 819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ 845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ @@ -5197,6 +5216,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1167, /* OBJ_sm2sign_with_blake2b512 1 2 156 10197 1 521 */ 1168, /* OBJ_sm2sign_with_blake2s256 1 2 156 10197 1 522 */ 1136, /* OBJ_zuc 1 2 156 10197 1 800 */ + 1199, /* OBJ_wapi_ecdsa192_sha256 1 2 156 11235 1 1 1 */ 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ 779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ @@ -5401,13 +5421,13 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1117, /* OBJ_sm2sign 1 2 156 10197 1 301 1 */ 1149, /* OBJ_sm2exchange 1 2 156 10197 1 301 2 */ 1119, /* OBJ_sm2encrypt 1 2 156 10197 1 301 3 */ - 1135, /* OBJ_wapip192v1 1 2 156 10197 1 301 101 */ 1123, /* OBJ_sm9sign 1 2 156 10197 1 302 1 */ 1124, /* OBJ_sm9keyagreement 1 2 156 10197 1 302 2 */ 1125, /* OBJ_sm9encrypt 1 2 156 10197 1 302 3 */ 1127, /* OBJ_hmac_sm3 1 2 156 10197 1 401 2 */ 1193, /* OBJ_zuc_128eea3 1 2 156 10197 1 800 1 */ 1194, /* OBJ_zuc_128eia3 1 2 156 10197 1 800 2 */ + 1135, /* OBJ_wapip192v1 1 2 156 11235 1 1 2 1 */ 997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */ 998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */ 999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 75af2a81..092d0b50 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1193,3 +1193,7 @@ kx_sm9dhe 1192 zuc_128eea3 1193 zuc_128eia3 1194 pbe_WithSM3AndSMS4_CBC 1195 +bwips 1196 +wapi_crypto 1197 +wapi_ec 1198 +wapi_ecdsa192_sha256 1199 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index f238149b..d775b50d 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1595,7 +1595,7 @@ sm-scheme 301 : sm2p256v1 sm-scheme 301 1 : sm2sign sm-scheme 301 2 : sm2exchange sm-scheme 301 3 : sm2encrypt -sm-scheme 301 101 : wapip192v1 +#sm-scheme 301 101 : wapip192v1 sm2encrypt 1 : sm2encrypt-recommendedParameters sm2encrypt 2 : sm2encrypt-specifiedParameters @@ -1663,3 +1663,10 @@ cpk-map 3 : cpk-sm3-map GmSSL 21 : paillier +# WAPI (GB 15629.11-2003-XG1-2006) +ISO-CN 11235 : bwips +bwips 1 : wapi-crypto +wapi-crypto 1 : wapi-ec +wapi-ec 1 : wapi-ecdsa192-sha256 +wapi-ec 2 1 : wapip192v1 + diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 054a6c34..1c9125e1 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4940,10 +4940,6 @@ #define NID_sm2encrypt 1119 #define OBJ_sm2encrypt OBJ_sm_scheme,301L,3L -#define SN_wapip192v1 "wapip192v1" -#define NID_wapip192v1 1135 -#define OBJ_wapip192v1 OBJ_sm_scheme,301L,101L - #define SN_sm2encrypt_recommendedParameters "sm2encrypt-recommendedParameters" #define NID_sm2encrypt_recommendedParameters 1120 #define OBJ_sm2encrypt_recommendedParameters OBJ_sm2encrypt,1L @@ -5156,3 +5152,23 @@ #define SN_paillier "paillier" #define NID_paillier 1148 #define OBJ_paillier OBJ_GmSSL,21L + +#define SN_bwips "bwips" +#define NID_bwips 1196 +#define OBJ_bwips OBJ_ISO_CN,11235L + +#define SN_wapi_crypto "wapi-crypto" +#define NID_wapi_crypto 1197 +#define OBJ_wapi_crypto OBJ_bwips,1L + +#define SN_wapi_ec "wapi-ec" +#define NID_wapi_ec 1198 +#define OBJ_wapi_ec OBJ_wapi_crypto,1L + +#define SN_wapi_ecdsa192_sha256 "wapi-ecdsa192-sha256" +#define NID_wapi_ecdsa192_sha256 1199 +#define OBJ_wapi_ecdsa192_sha256 OBJ_wapi_ec,1L + +#define SN_wapip192v1 "wapip192v1" +#define NID_wapip192v1 1135 +#define OBJ_wapip192v1 OBJ_wapi_ec,2L,1L