Add accurate asn.1 siganture/ciphertext size

2026-05-13 20:06:24 +08:00 · 2018-12-04 15:56:21 +08:00
parent c0ee87b077
commit bc2bb8a335
13 changed files with 5628 additions and 131 deletions
--- a/crypto/sm2/sm2_asn1.c
+++ b/crypto/sm2/sm2_asn1.c
@@ -67,8 +67,50 @@ ASN1_SEQUENCE(SM2CiphertextValue) = {
 IMPLEMENT_ASN1_FUNCTIONS(SM2CiphertextValue)
 IMPLEMENT_ASN1_DUP_FUNCTION(SM2CiphertextValue)

-int SM2CiphertextValue_size(const EC_GROUP *group, int inlen)
+int SM2CiphertextValue_size(const EC_GROUP *group, size_t inlen)
 {
-	return 1024;
-}
+	int ret;
+	ASN1_OCTET_STRING s;
+	int len = 0, i;

+	if (inlen > SM2_MAX_PLAINTEXT_LENGTH) {
+		SM2err(SM2_F_SM2CIPHERTEXTVALUE_SIZE, SM2_R_PLAINTEXT_TOO_LONG);
+		return 0;
+	}
+
+	if (group) {
+		ASN1_INTEGER a;
+		unsigned char buf[4] = {0xff};
+
+		/* ASN1_INTEGER xCoordinate, yCoordinate */
+		if (!(i = EC_GROUP_order_bits(group))) {
+			SM2err(SM2_F_SM2CIPHERTEXTVALUE_SIZE, ERR_R_EC_LIB);
+			return 0;
+		}
+		a.length = (i + 7)/8;
+		a.data = buf;
+		a.type = V_ASN1_INTEGER;
+		i = i2d_ASN1_INTEGER(&a, NULL);
+		len = i + i;
+
+		/* ASN1_OCTET_STRING hash 32 */
+		s.length = SM3_DIGEST_LENGTH;
+		s.data = NULL;
+		s.type = V_ASN1_OCTET_STRING;
+		i = i2d_ASN1_OCTET_STRING(&s, NULL);
+		len += i;
+
+	} else {
+		len += 104;
+	}
+
+	/* ASN1_OCTET_STRING ciphertext inlen */
+	s.length = inlen;
+	s.data = NULL;
+	s.type = V_ASN1_OCTET_STRING;
+	i = i2d_ASN1_OCTET_STRING(&s, NULL);
+	len += i;
+
+	ret = ASN1_object_size(1, len, V_ASN1_SEQUENCE);
+	return ret;
+}
--- a/crypto/sm2/sm2_err.c
+++ b/crypto/sm2/sm2_err.c
@@ -1,6 +1,6 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
 static ERR_STRING_DATA SM2_str_functs[] = {
    {ERR_FUNC(SM2_F_I2O_SM2CIPHERTEXTVALUE), "i2o_SM2CiphertextValue"},
    {ERR_FUNC(SM2_F_O2I_SM2CIPHERTEXTVALUE), "o2i_SM2CiphertextValue"},
+    {ERR_FUNC(SM2_F_SM2CIPHERTEXTVALUE_SIZE), "SM2CiphertextValue_size"},
    {ERR_FUNC(SM2_F_SM2_DECRYPT), "SM2_decrypt"},
    {ERR_FUNC(SM2_F_SM2_DO_DECRYPT), "SM2_do_decrypt"},
    {ERR_FUNC(SM2_F_SM2_DO_ENCRYPT), "SM2_do_encrypt"},
@@ -45,6 +46,7 @@ static ERR_STRING_DATA SM2_str_reasons[] = {
    {ERR_REASON(SM2_R_KDF_FAILURE), "kdf failure"},
    {ERR_REASON(SM2_R_MISSING_PARAMETERS), "missing parameters"},
    {ERR_REASON(SM2_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
+    {ERR_REASON(SM2_R_PLAINTEXT_TOO_LONG), "plaintext too long"},
    {ERR_REASON(SM2_R_RANDOM_NUMBER_GENERATION_FAILED),
     "random number generation failed"},
    {0, NULL}
--- a/crypto/sm9/sm9_ameth.c
+++ b/crypto/sm9/sm9_ameth.c
@@ -421,7 +421,7 @@ static int do_sm9_key_print(BIO *bp, const SM9PrivateKey *x, int off, int priv)

 	/* privatePoint */
 	if (priv) {
-		if (BIO_printf(bp, "%*sprivatePoint:\n", off + 4, "") <= 0)
+		if (BIO_printf(bp, "%*sprivatePoint:\n", off, "") <= 0)
 			return 0;
 		if (ASN1_buf_print(bp, ASN1_STRING_get0_data(x->privatePoint),
 			ASN1_STRING_length(x->privatePoint), off + 4) == 0)
--- a/crypto/sm9/sm9_asn1.c
+++ b/crypto/sm9/sm9_asn1.c
@@ -49,6 +49,7 @@

 #include <openssl/bn.h>
 #include <openssl/err.h>
+#include <openssl/sm3.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
@@ -197,3 +198,66 @@ int i2d_SM9Ciphertext_fp(FILE *fp, SM9Ciphertext *c)
 	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(SM9Ciphertext), fp, c);
 }
 #endif
+
+int SM9_signature_size(const SM9_MASTER_KEY *params)
+{
+	if (params) {
+		int ret;
+		ASN1_INTEGER h;
+		ASN1_OCTET_STRING s;
+		unsigned char buf[4] = {0xff};
+		int len = 0;
+
+		/* ASN1_INTEGER h convert from hash */
+		h.length = SM3_DIGEST_LENGTH;
+		h.data = buf;
+		h.type = V_ASN1_INTEGER;
+		len += i2d_ASN1_INTEGER(&h, NULL);
+
+		/* ASN1_OCTET_STRING pointS over E'(F_p^2) */
+		s.length = 129;
+		s.data = buf;
+		s.type = V_ASN1_OCTET_STRING;
+		len += i2d_ASN1_OCTET_STRING(&s, NULL);
+
+		ret = ASN1_object_size(1, len, V_ASN1_SEQUENCE);
+		return ret;
+	} else {
+		return 170;
+	}
+}
+
+int SM9_ciphertext_size(const SM9_MASTER_KEY *params, size_t inlen)
+{
+	int ret;
+	ASN1_OCTET_STRING s;
+	s.type = V_ASN1_OCTET_STRING;
+	s.data = NULL;
+	int len = 0;
+
+	if (inlen > SM9_MAX_PLAINTEXT_LENGTH) {
+		SM9err(SM9_F_SM9_CIPHERTEXT_SIZE, SM9_R_PLAINTEXT_TOO_LONG);
+		return 0;
+	}
+
+	if (params) {
+		/* ASN1_OCTET_STRING pointC1 over E(F_p) */
+		s.length = 65;
+		len += i2d_ASN1_OCTET_STRING(&s, NULL);
+
+		/* ASN1_OCTET_STRING c3 SM3-MAC */
+		s.length = SM3_DIGEST_LENGTH;
+		len += i2d_ASN1_OCTET_STRING(&s, NULL);
+	} else {
+		/* when no params given, if use point compression is unknown,
+		 * so the maximum uncompressed point length is used */
+		len += 101;
+	}
+
+	/* ASN1_OCTET_STRING c2 ciphertext */
+	s.length = inlen;
+	len += i2d_ASN1_OCTET_STRING(&s, NULL);
+
+	ret = ASN1_object_size(1, len, V_ASN1_SEQUENCE);
+	return ret;
+}
--- a/crypto/sm9/sm9_enc.c
+++ b/crypto/sm9/sm9_enc.c
@@ -337,6 +337,11 @@ end:
 	return ret;
 }

+int SM9_MASTER_KEY_ciphertext_size(const SM9_MASTER_KEY *master, size_t len)
+{
+
+}
+
 int SM9_encrypt(int type,
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen,
@@ -456,6 +461,11 @@ int SM9_decrypt(int type,
 		return 0;
 	}

+	if (!in || !outlen || !sk) {
+		SM9err(SM9_F_SM9_DECRYPT, ERR_R_PASSED_NULL_PARAMETER);
+		goto end;
+	}
+
 	/* decode sm9 ciphertext */
 	if (!(sm9cipher = d2i_SM9Ciphertext(NULL, &in, inlen))) {
 		SM9err(SM9_F_SM9_DECRYPT, ERR_R_SM9_LIB);
@@ -464,6 +474,15 @@ int SM9_decrypt(int type,
 	C2 = ASN1_STRING_get0_data(sm9cipher->c2);
 	C2_len = ASN1_STRING_length(sm9cipher->c2);

+	/* check/return output length */
+	if (!out) {
+		*outlen = C2_len;
+		ret = 1;
+		goto end;
+	} else if (*outlen < C2_len) {
+		SM9err(SM9_F_SM9_DECRYPT, SM9_R_BUFFER_TOO_SMALL);
+		goto end;
+	}

 	/* unwrap key */
 	keylen = C2_len + EVP_MD_size(md);
--- a/crypto/sm9/sm9_err.c
+++ b/crypto/sm9/sm9_err.c
@@ -21,16 +21,11 @@
 static ERR_STRING_DATA SM9_str_functs[] = {
    {ERR_FUNC(SM9_F_DO_SM9_KEY_PRINT), "do_sm9_key_print"},
    {ERR_FUNC(SM9_F_DO_SM9_MASTER_KEY_PRINT), "do_sm9_master_key_print"},
-    {ERR_FUNC(SM9_F_DO_SM9_MASTER_PRINT), "do_sm9_master_print"},
-    {ERR_FUNC(SM9_F_OLD_SM9_MASTER_DECODE), "old_sm9_master_decode"},
-    {ERR_FUNC(SM9_F_OLD_SM9_PRIV_DECODE), "old_sm9_priv_decode"},
    {ERR_FUNC(SM9_F_PKEY_SM9_COPY), "pkey_sm9_copy"},
    {ERR_FUNC(SM9_F_PKEY_SM9_CTRL), "pkey_sm9_ctrl"},
    {ERR_FUNC(SM9_F_PKEY_SM9_CTRL_STR), "pkey_sm9_ctrl_str"},
    {ERR_FUNC(SM9_F_PKEY_SM9_DECRYPT), "pkey_sm9_decrypt"},
-    {ERR_FUNC(SM9_F_PKEY_SM9_ENCRYPT), "pkey_sm9_encrypt"},
    {ERR_FUNC(SM9_F_PKEY_SM9_INIT), "pkey_sm9_init"},
-    {ERR_FUNC(SM9_F_PKEY_SM9_KEYGEN), "pkey_sm9_keygen"},
    {ERR_FUNC(SM9_F_PKEY_SM9_MASTER_COPY), "pkey_sm9_master_copy"},
    {ERR_FUNC(SM9_F_PKEY_SM9_MASTER_CTRL), "pkey_sm9_master_ctrl"},
    {ERR_FUNC(SM9_F_PKEY_SM9_MASTER_CTRL_STR), "pkey_sm9_master_ctrl_str"},
@@ -39,7 +34,7 @@ static ERR_STRING_DATA SM9_str_functs[] = {
    {ERR_FUNC(SM9_F_PKEY_SM9_MASTER_KEYGEN), "pkey_sm9_master_keygen"},
    {ERR_FUNC(SM9_F_PKEY_SM9_MASTER_VERIFY), "pkey_sm9_master_verify"},
    {ERR_FUNC(SM9_F_PKEY_SM9_SIGN), "pkey_sm9_sign"},
-    {ERR_FUNC(SM9_F_PKEY_SM9_VERIFY), "pkey_sm9_verify"},
+    {ERR_FUNC(SM9_F_SM9_CIPHERTEXT_SIZE), "SM9_ciphertext_size"},
    {ERR_FUNC(SM9_F_SM9_COMPUTE_SHARE_KEY_A), "SM9_compute_share_key_A"},
    {ERR_FUNC(SM9_F_SM9_COMPUTE_SHARE_KEY_B), "SM9_compute_share_key_B"},
    {ERR_FUNC(SM9_F_SM9_DECRYPT), "SM9_decrypt"},
@@ -50,8 +45,6 @@ static ERR_STRING_DATA SM9_str_functs[] = {
    {ERR_FUNC(SM9_F_SM9_GENERATE_MASTER_SECRET),
     "SM9_generate_master_secret"},
    {ERR_FUNC(SM9_F_SM9_KEY_NEW), "SM9_KEY_new"},
-    {ERR_FUNC(SM9_F_SM9_MASTER_DECODE), "sm9_master_decode"},
-    {ERR_FUNC(SM9_F_SM9_MASTER_ENCODE), "sm9_master_encode"},
    {ERR_FUNC(SM9_F_SM9_MASTER_KEY_EXTRACT_KEY),
     "SM9_MASTER_KEY_extract_key"},
    {ERR_FUNC(SM9_F_SM9_MASTER_KEY_NEW), "SM9_MASTER_KEY_new"},
@@ -61,7 +54,6 @@ static ERR_STRING_DATA SM9_str_functs[] = {
    {ERR_FUNC(SM9_F_SM9_MASTER_PRIV_ENCODE), "sm9_master_priv_encode"},
    {ERR_FUNC(SM9_F_SM9_MASTER_PUB_DECODE), "sm9_master_pub_decode"},
    {ERR_FUNC(SM9_F_SM9_OLD_PRIV_DECODE), "sm9_old_priv_decode"},
-    {ERR_FUNC(SM9_F_SM9_PARAMS_DECODE), "sm9_params_decode"},
    {ERR_FUNC(SM9_F_SM9_PRIV_DECODE), "sm9_priv_decode"},
    {ERR_FUNC(SM9_F_SM9_PRIV_ENCODE), "sm9_priv_encode"},
    {ERR_FUNC(SM9_F_SM9_PUB_DECODE), "sm9_pub_decode"},
@@ -77,13 +69,12 @@ static ERR_STRING_DATA SM9_str_functs[] = {
 };

 static ERR_STRING_DATA SM9_str_reasons[] = {
+    {ERR_REASON(SM9_R_BUFFER_TOO_SMALL), "buffer too small"},
    {ERR_REASON(SM9_R_DECODE_ERROR), "decode error"},
    {ERR_REASON(SM9_R_DIGEST_FAILURE), "digest failure"},
    {ERR_REASON(SM9_R_EC_LIB), "ec lib"},
    {ERR_REASON(SM9_R_EXTENSION_FIELD_ERROR), "extension field error"},
    {ERR_REASON(SM9_R_IDENTITY_REQUIRED), "identity required"},
-    {ERR_REASON(SM9_R_ID_OR_MASTER_SECRET_REQUIRED),
-     "id or master secret required"},
    {ERR_REASON(SM9_R_INVALID_DIGEST_TYPE), "invalid digest type"},
    {ERR_REASON(SM9_R_INVALID_ENCRYPT_SCHEME), "invalid encrypt scheme"},
    {ERR_REASON(SM9_R_INVALID_HASH1), "invalid hash1"},
@@ -105,6 +96,7 @@ static ERR_STRING_DATA SM9_str_reasons[] = {
    {ERR_REASON(SM9_R_INVALID_SM9_SCHEME), "invalid sm9 scheme"},
    {ERR_REASON(SM9_R_NO_MASTER_SECRET), "no master secret"},
    {ERR_REASON(SM9_R_PAIRING_ERROR), "pairing error"},
+    {ERR_REASON(SM9_R_PLAINTEXT_TOO_LONG), "plaintext too long"},
    {ERR_REASON(SM9_R_RATE_PAIRING_ERROR), "rate pairing error"},
    {ERR_REASON(SM9_R_SIGNER_ID_REQUIRED), "signer id required"},
    {ERR_REASON(SM9_R_TWIST_CURVE_ERROR), "twist curve error"},
--- a/crypto/sm9/sm9_lcl.h
+++ b/crypto/sm9/sm9_lcl.h
@@ -82,6 +82,10 @@
 #define SM9_PHI_D4		0x04
 #define SM9_PHI_D6		0x06

+
+#define SM9_MAX_PLAINTEXT_LENGTH 65535
+
+
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/crypto/sm9/sm9_pmeth.c
+++ b/crypto/sm9/sm9_pmeth.c
@@ -281,33 +281,33 @@ static int pkey_sm9_master_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const c
 }

 const EVP_PKEY_METHOD sm9_master_pkey_meth = {
-	EVP_PKEY_SM9_MASTER,	/* pkey_id */
-	0,			/* flags */
-	pkey_sm9_master_init,	/* init */
-	pkey_sm9_master_copy,	/* copy */
-	pkey_sm9_master_cleanup,/* cleanup */
-	NULL,			/* paramgen_init */
-	NULL,			/* paramgen */
-	NULL,			/* keygen_init */
-	pkey_sm9_master_keygen,	/* keygen */
-	NULL,			/* sign_init */
-	NULL,			/* sign */
-	NULL,			/* verify_init */
-	pkey_sm9_master_verify,	/* verify */
-	NULL,			/* verify_recover_init */
-	NULL,			/* verify_recover */
-	NULL,			/* signctx_init */
-	NULL,			/* signctx */
-	NULL,			/* verifyctx_init */
-	NULL,			/* verifyctx */
-	NULL,			/* encrypt_init */
-	pkey_sm9_master_encrypt,/* encrypt */
-	NULL,			/* decrypt_init */
-	NULL,			/* decrypt */
-	NULL,			/* derive_init */
-	pkey_sm9_master_derive,	/* derive */
-	pkey_sm9_master_ctrl,	/* ctrl */
-	pkey_sm9_master_ctrl_str,/* ctrl_str */
+	EVP_PKEY_SM9_MASTER,		/* pkey_id */
+	0,				/* flags */
+	pkey_sm9_master_init,		/* init */
+	pkey_sm9_master_copy,		/* copy */
+	pkey_sm9_master_cleanup,	/* cleanup */
+	NULL,				/* paramgen_init */
+	NULL,				/* paramgen */
+	NULL,				/* keygen_init */
+	pkey_sm9_master_keygen,		/* keygen */
+	NULL,				/* sign_init */
+	NULL,				/* sign */
+	NULL,				/* verify_init */
+	pkey_sm9_master_verify,		/* verify */
+	NULL,				/* verify_recover_init */
+	NULL,				/* verify_recover */
+	NULL,				/* signctx_init */
+	NULL,				/* signctx */
+	NULL,				/* verifyctx_init */
+	NULL,				/* verifyctx */
+	NULL,				/* encrypt_init */
+	pkey_sm9_master_encrypt,	/* encrypt */
+	NULL,				/* decrypt_init */
+	NULL,				/* decrypt */
+	NULL,				/* derive_init */
+	pkey_sm9_master_derive,		/* derive */
+	pkey_sm9_master_ctrl,		/* ctrl */
+	pkey_sm9_master_ctrl_str,	/* ctrl_str */
 };

 typedef struct {
@@ -356,29 +356,6 @@ static void pkey_sm9_cleanup(EVP_PKEY_CTX *ctx)
 	}
 }

-static int pkey_sm9_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-	/*
-	SM9_PKEY_CTX *dctx = EVP_PKEY_CTX_get_data(ctx);
-	SM9_KEY *sm9;
-	if (!dctx->master_secret || !dctx->id) {
-		SM9err(SM9_F_PKEY_SM9_KEYGEN, SM9_R_ID_OR_MASTER_SECRET_REQUIRED);
-		return 0;
-	}
-	if (!(sm9 = SM9_extract_private_key(dctx->master,
-		dctx->id, strlen(dctx->id)))) {
-		SM9err(SM9_F_PKEY_SM9_KEYGEN, ERR_R_SM9_LIB);
-		return 0;
-	}
-	if (EVP_PKEY_assign_SM9(pkey, sm9) <= 0) {
-		SM9err(SM9_F_PKEY_SM9_KEYGEN, ERR_R_EVP_LIB);
-		SM9_KEY_free(sm9);
-		return 0;
-	}
-	*/
-	return 1;
-}
-
 static int pkey_sm9_sign(EVP_PKEY_CTX *ctx,
 	unsigned char *sig, size_t *siglen,
 	const unsigned char *tbs, size_t tbslen)
@@ -488,7 +465,7 @@ const EVP_PKEY_METHOD sm9_pkey_meth = {
 	NULL,			/* paramgen_init */
 	NULL,			/* paramgen */
 	NULL,			/* keygen_init */
-	pkey_sm9_keygen,	/* keygen */
+	NULL,			/* keygen */
 	NULL,			/* sign_init */
 	pkey_sm9_sign,		/* sign */
 	NULL, 			/* verify_init */
--- a/crypto/sm9/sm9_sign.c
+++ b/crypto/sm9/sm9_sign.c
@@ -56,11 +56,6 @@
 #include "sm9_lcl.h"


-int SM9_signature_size(SM9PublicParameters *mpk)
-{
-	return 105;
-}
-
 SM9Signature *SM9_do_sign(const unsigned char *dgst, int dgstlen, SM9_KEY *sm9)
 {
 	return NULL;