From eb21e9d57236bcaebffb809ab76fb9d6e771ed51 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Fri, 14 Apr 2017 15:31:35 +0800 Subject: [PATCH] update --- Configure | 13 +- apps/progs.h | 20 +- crypto/asn1/a_octet.c | 13 + crypto/bn/bn_err.c | 1 + crypto/cpk/cpk_asn1.c | 2 +- crypto/cpk/cpk_kap.c | 1 + crypto/{ecies/ecies_gmssl.c => cpk/cpk_lcl.h} | 94 +- crypto/cpk/cpk_lib.c | 339 +------ crypto/cpk/cpk_map.c | 2 +- crypto/cpk/cpk_prn.c | 1 + crypto/ec/ec_err.c | 12 +- crypto/ec/ec_kmeth.c | 8 +- crypto/ec/ec_pmeth.c | 106 +-- crypto/ec2/bn_gfp2.c | 118 ++- crypto/ec2/bn_hash.c | 30 - crypto/ec2/bn_solinas.c | 46 +- crypto/ec2/build.info | 2 +- crypto/ec2/ec_type1.c | 30 + crypto/ecies/build.info | 2 +- crypto/ecies/ecies_asn1.c | 1 + crypto/ecies/ecies_lcl.h | 6 + crypto/ecies/ecies_lib.c | 126 +-- crypto/err/err.c | 2 + crypto/err/err_all.c | 4 + crypto/err/openssl.ec | 1 + crypto/evp/digest.c | 11 +- crypto/evp/evp_locl.h | 1 + crypto/evp/m_sha1.c | 18 +- crypto/evp/m_sm3.c | 8 +- crypto/evp/p_dec.c | 83 +- crypto/evp/p_enc.c | 1 + crypto/gmapi/gmapi_err.c | 14 +- crypto/gmapi/gmapi_sdf_ec.c | 89 +- crypto/gmapi/gmapi_sdf_ec.d.tmp | 15 + crypto/gmapi/gmapi_skf_ec.c | 58 +- crypto/include/internal/evp_int.h | 4 + crypto/objects/obj_dat.h | 171 +++- crypto/objects/obj_mac.num | 33 + crypto/objects/objects.txt | 40 +- crypto/sm2/build.info | 4 +- crypto/sm2/sm2_asn1.c | 139 +-- crypto/sm2/sm2_enc.c | 866 ++++++------------ crypto/sm2/sm2_err.c | 65 ++ crypto/sm2/sm2_exch.c | 584 ++++++++++++ crypto/sm2/sm2_id.c | 3 +- crypto/sm2/sm2_kap.c | 2 + crypto/sm2/sm2_kmeth.c | 131 +-- crypto/sm2/sm2_lcl.h | 104 ++- crypto/sm2/sm2_oct.c | 311 +++++++ crypto/sm2/sm2_sign.c | 92 +- include/openssl/asn1.h | 3 + include/openssl/bn.h | 1 + include/openssl/bn_gfp2.h | 10 +- include/openssl/cpk.h | 21 +- include/openssl/ec.h | 46 +- include/openssl/ecies.h | 35 +- include/openssl/err.h | 3 + include/openssl/gmapi.h | 18 +- include/openssl/gmtls.h | 104 +++ include/openssl/obj_mac.h | 141 ++- include/openssl/sm2.h | 236 +++-- include/openssl/ssl.h | 14 +- ssl/methods_gmtls.c | 266 ++++++ ssl/ssl_ciph.c | 77 +- ssl/ssl_locl.h | 26 +- ssl/statem/statem_gmtls.c | 1 + ssl/statem/statem_lib.c | 14 + crypto/ec2/ec_expoint.c => test/bnhashtest.c | 59 +- test/build.info | 6 +- test/p | 69 -- test/recipes/15-test_sm2.t | 2 +- test/sm2evptest.c | 844 ++--------------- test/sm2test.c | 245 ++--- test/sm2test.d.tmp | 16 + test/sm3test.c | 1 + util/libcrypto.num | 125 ++- 76 files changed, 3249 insertions(+), 2961 deletions(-) rename crypto/{ecies/ecies_gmssl.c => cpk/cpk_lcl.h} (53%) mode change 100644 => 100755 create mode 100644 crypto/gmapi/gmapi_sdf_ec.d.tmp create mode 100644 crypto/sm2/sm2_err.c create mode 100644 crypto/sm2/sm2_exch.c create mode 100644 crypto/sm2/sm2_oct.c create mode 100644 include/openssl/gmtls.h create mode 100644 ssl/methods_gmtls.c create mode 100644 ssl/statem/statem_gmtls.c rename crypto/ec2/ec_expoint.c => test/bnhashtest.c (78%) delete mode 100644 test/p create mode 100644 test/sm2test.d.tmp diff --git a/Configure b/Configure index 44cccee4..bdb4ff1e 100755 --- a/Configure +++ b/Configure @@ -472,11 +472,14 @@ our %disabled = ( # "what" => "comment" "zlib" => "default", "zlib-dynamic" => "default", "zuc" => "default", - "sm9" => "default", - "bfibe" => "default", - "bb1ibe" => "default", - "saf" => "default", - "sof" => "default", + #"sm9" => "default", + #"bfibe" => "default", + #"bb1ibe" => "default", + #"gmapi" => "default", + #"saf" => "default", + #"sdf" => "default", + #"skf" => "default", + #"sof" => "default", "serpent" => "default", # "speck" => "default", ); diff --git a/apps/progs.h b/apps/progs.h index 51cb7595..e529aa74 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -182,10 +182,12 @@ static FUNCTION functions[] = { { FT_general, "otp", otp_main, otp_options }, #endif { FT_general, "passwd", passwd_main, passwd_options }, -#ifndef OPENSSL_NO_DES +#ifndef OPENSSL_NO_PKCS12 { FT_general, "pkcs12", pkcs12_main, pkcs12_options }, #endif +#ifndef OPENSSL_NO_PKCS7 { FT_general, "pkcs7", pkcs7_main, pkcs7_options }, +#endif { FT_general, "pkcs8", pkcs8_main, pkcs8_options }, { FT_general, "pkey", pkey_main, pkey_options }, { FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options }, @@ -194,7 +196,9 @@ static FUNCTION functions[] = { { FT_general, "rand", rand_main, rand_options }, { FT_general, "rehash", rehash_main, rehash_options }, { FT_general, "req", req_main, req_options }, +#ifndef OPENSSL_NO_RSA { FT_general, "rsa", rsa_main, rsa_options }, +#endif #ifndef OPENSSL_NO_RSA { FT_general, "rsautl", rsautl_main, rsautl_options }, #endif @@ -229,7 +233,9 @@ static FUNCTION functions[] = { #ifndef OPENSSL_NO_MD4 { FT_md, "md4", dgst_main}, #endif +#ifndef OPENSSL_NO_MD5 { FT_md, "md5", dgst_main}, +#endif #ifndef OPENSSL_NO_GOST { FT_md, "gost", dgst_main}, #endif @@ -265,12 +271,24 @@ static FUNCTION functions[] = { #ifndef OPENSSL_NO_SMS4 { FT_cipher, "sms4-cfb", enc_main, enc_options }, #endif +#ifndef OPENSSL_NO_AES { FT_cipher, "aes-128-cbc", enc_main, enc_options }, +#endif +#ifndef OPENSSL_NO_AES { FT_cipher, "aes-128-ecb", enc_main, enc_options }, +#endif +#ifndef OPENSSL_NO_AES { FT_cipher, "aes-192-cbc", enc_main, enc_options }, +#endif +#ifndef OPENSSL_NO_AES { FT_cipher, "aes-192-ecb", enc_main, enc_options }, +#endif +#ifndef OPENSSL_NO_AES { FT_cipher, "aes-256-cbc", enc_main, enc_options }, +#endif +#ifndef OPENSSL_NO_AES { FT_cipher, "aes-256-ecb", enc_main, enc_options }, +#endif #ifndef OPENSSL_NO_CAMELLIA { FT_cipher, "camellia-128-cbc", enc_main, enc_options }, #endif diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c index 2e1205ca..7ce05412 100644 --- a/crypto/asn1/a_octet.c +++ b/crypto/asn1/a_octet.c @@ -27,3 +27,16 @@ int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, { return ASN1_STRING_set(x, d, len); } + +#ifndef OPENSSL_NO_SM2 +int ASN1_OCTET_STRING_is_zero(const ASN1_OCTET_STRING *a) +{ + int i; + for (i = 0; i < a->length; i++) { + if (a->data[i] != 0) { + return 0; + } + } + return 1; +} +#endif diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 2796f446..d8959f62 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -51,6 +51,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GFP2_CMP), "BN_GFP2_cmp"}, {ERR_FUNC(BN_F_BN_GFP2_COPY), "BN_GFP2_copy"}, {ERR_FUNC(BN_F_BN_GFP2_DIV_BN), "BN_GFP2_div_bn"}, + {ERR_FUNC(BN_F_BN_GFP2_EQU), "BN_GFP2_equ"}, {ERR_FUNC(BN_F_BN_GFP2_INV), "BN_GFP2_inv"}, {ERR_FUNC(BN_F_BN_GFP2_IS_ZERO), "BN_GFP2_is_zero"}, {ERR_FUNC(BN_F_BN_GFP2_MUL), "BN_GFP2_mul"}, diff --git a/crypto/cpk/cpk_asn1.c b/crypto/cpk/cpk_asn1.c index 20b0d291..18887729 100755 --- a/crypto/cpk/cpk_asn1.c +++ b/crypto/cpk/cpk_asn1.c @@ -50,6 +50,7 @@ #include #include #include +#include "cpk_lcl.h" ASN1_SEQUENCE(CPK_MASTER_SECRET) = { ASN1_SIMPLE(CPK_MASTER_SECRET, version, LONG), @@ -91,4 +92,3 @@ int i2d_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS *params) { return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params); } - diff --git a/crypto/cpk/cpk_kap.c b/crypto/cpk/cpk_kap.c index 9a2df365..2aac25c3 100755 --- a/crypto/cpk/cpk_kap.c +++ b/crypto/cpk/cpk_kap.c @@ -51,6 +51,7 @@ #include #include #include +#include "cpk_lcl.h" int CPK_PUBLIC_PARAMS_compute_share_key(CPK_PUBLIC_PARAMS *params, void *out, size_t outlen, const char *id, EVP_PKEY *priv_key, diff --git a/crypto/ecies/ecies_gmssl.c b/crypto/cpk/cpk_lcl.h old mode 100644 new mode 100755 similarity index 53% rename from crypto/ecies/ecies_gmssl.c rename to crypto/cpk/cpk_lcl.h index 528dcc90..f3cab76f --- a/crypto/ecies/ecies_gmssl.c +++ b/crypto/cpk/cpk_lcl.h @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2007 - 2017 The GmSSL Project. All rights reserved. + * Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -47,82 +47,24 @@ * ==================================================================== */ -#include -#include -#include -#include -#include -static int ECIES_PARAMS_init_with_type(ECIES_PARAMS *params, int type) -{ - - return 0; -} +#include +#include +#include -int gmssl_ecies_encrypt(int type, const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - ECIES_CIPHERTEXT_VALUE *cv = NULL; - ECIES_PARAMS params; - if (!ECIES_PARAMS_init_with_type(¶ms, type)) { - return 0; - } +struct cpk_master_secret_st { + long version; + X509_NAME *id; + X509_ALGOR *pkey_algor; + X509_ALGOR *map_algor; + ASN1_OCTET_STRING *secret_factors; +}; - RAND_seed(in, inlen); - if (!(cv = ECIES_do_encrypt(¶ms, in, inlen, ec_key))) { - *outlen = 0; - return 0; - } - - *outlen = i2d_ECIES_CIPHERTEXT_VALUE(cv, &out); - ECIES_CIPHERTEXT_VALUE_free(cv); - return 1; -} - -int gmssl_ecies_decrypt(int type, const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - ECIES_CIPHERTEXT_VALUE *cv = NULL; - ECIES_PARAMS params; - const unsigned char *cp = in; - unsigned char *der = NULL; - int derlen = -1; - int ret = -1; - - if (!ECIES_PARAMS_init_with_type(¶ms, type)) { - return -1; - } - - if (!(cv = d2i_ECIES_CIPHERTEXT_VALUE(NULL, &cp, inlen))) { - return -1; - } - - derlen = i2d_ECIES_CIPHERTEXT_VALUE(cv, &der); - if (derlen != inlen || memcmp(in, der, derlen) != 0) { - goto end; - } - - ret = ECIES_do_decrypt(¶ms, cv, out, outlen, ec_key); - -end: - OPENSSL_clear_free(der, derlen); - ECIES_CIPHERTEXT_VALUE_free(cv); - return ret; -} - -ECIES_CIPHERTEXT_VALUE *gmssl_ecies_do_encrypt(int type, const unsigned char *in, - size_t inlen, EC_KEY *ec_key) -{ - ECIES_PARAMS param; - ECIES_PARAMS_init_with_recommended(¶m); - return ECIES_do_encrypt(¶m, in, inlen, ec_key); -} - -int gmssl_ecies_do_decrypt(int type, const ECIES_CIPHERTEXT_VALUE *in, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - ECIES_PARAMS param; - ECIES_PARAMS_init_with_recommended(¶m); - return ECIES_do_decrypt(¶m, in, out, outlen, ec_key); -} +struct cpk_public_params_st { + long version; + X509_NAME *id; + X509_ALGOR *pkey_algor; + X509_ALGOR *map_algor; + ASN1_OCTET_STRING *public_factors; +}; diff --git a/crypto/cpk/cpk_lib.c b/crypto/cpk/cpk_lib.c index a100eb77..9b6d4fbb 100755 --- a/crypto/cpk/cpk_lib.c +++ b/crypto/cpk/cpk_lib.c @@ -61,13 +61,10 @@ #include #include "../dsa/dsa_locl.h" #include "../x509/x509_lcl.h" +#include "cpk_lcl.h" #define ASN1_STRING_data(a) ((a)->data) -static DSA *X509_ALGOR_get1_DSA(X509_ALGOR *algor); -static int extract_dsa_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param); -static DSA *extract_dsa_priv_key(CPK_MASTER_SECRET *master, const char *id); -static DSA *extract_dsa_pub_key(CPK_PUBLIC_PARAMS *param, const char *id); static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor); static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param); @@ -244,14 +241,6 @@ CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *ma } switch (pkey_type) { - case EVP_PKEY_DSA: - if (!extract_dsa_params(master, param)) { - CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, - ERR_R_CPK_LIB); - goto err; - } - break; - case EVP_PKEY_EC: if (!extract_ec_params(master, param)) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, @@ -285,21 +274,7 @@ EVP_PKEY *CPK_MASTER_SECRET_extract_private_key( pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm); - if (pkey_type == EVP_PKEY_DSA) { - DSA *dsa; - if (!(dsa = extract_dsa_priv_key(master, id))) { - CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, - ERR_R_CPK_LIB); - goto err; - } - if (!EVP_PKEY_assign_DSA(pkey, dsa)) { - DSA_free(dsa); - CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, - ERR_R_EVP_LIB); - goto err; - } - - } else if (pkey_type == EVP_PKEY_EC) { + if (pkey_type == EVP_PKEY_EC) { EC_KEY *ec_key; if (!(ec_key = extract_ec_priv_key(master, id))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, @@ -341,21 +316,8 @@ EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *param, pkey_type = OBJ_obj2nid(param->pkey_algor->algorithm); - if (pkey_type == EVP_PKEY_DSA) { - DSA *dsa = NULL; - if (!(dsa = extract_dsa_pub_key(param, id))) { - CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, - ERR_R_CPK_LIB); - goto err; - } - if (!EVP_PKEY_assign_DSA(pkey, dsa)) { - DSA_free(dsa); - CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, - ERR_R_EVP_LIB); - goto err; - } - } else if (pkey_type == EVP_PKEY_EC) { + if (pkey_type == EVP_PKEY_EC) { EC_KEY *ec_key = NULL; if (!(ec_key = extract_ec_pub_key(param, id))) { CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, @@ -477,237 +439,6 @@ err: return ret; } -/* - * static functions - */ -#if 0 -// FIXME: check DSA and EC_KEY -static int X509_ALGOR_cmp(X509_ALGOR *a, X509_ALGOR *b) -{ - int pkey_type = OBJ_obj2nid(a->algorithm); - if (pkey_type != EVP_PKEY_DSA || pkey_type != EVP_PKEY_EC) - return 1; - if (a->algorithm != b->algorithm) - return -1; - return 0; -} -#endif - -static DSA *X509_ALGOR_get1_DSA(X509_ALGOR *algor) -{ - DSA *dsa = NULL; - int ptype; - const void *pval; - ASN1_OCTET_STRING *pstr; - const unsigned char *p; - - X509_ALGOR_get0(NULL, &ptype, &pval, algor); - if (ptype != V_ASN1_SEQUENCE) { - CPKerr(CPK_F_X509_ALGOR_GET1_DSA, CPK_R_BAD_DATA); - return NULL; - } - pstr = (ASN1_OCTET_STRING *)pval; - p = pstr->data; - if (!(dsa = d2i_DSAparams(NULL, &p, pstr->length))) { - CPKerr(CPK_F_X509_ALGOR_GET1_DSA, ERR_R_DSA_LIB); - return NULL; - } - return dsa; -} - -static int extract_dsa_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param) -{ - int ret = 0; - DSA *dsa = NULL; - BIGNUM *pri = BN_new(); - BIGNUM *pub = BN_new(); - BN_CTX *ctx = BN_CTX_new(); - int i, pri_size, pub_size, num_factors; - const unsigned char *pri_ptr; - unsigned char *pub_ptr; - - if (!pri || !pub || !ctx) { - goto err; - } - - if (!(dsa = (DSA *)X509_ALGOR_get1_DSA(master->pkey_algor))) { - goto err; - } - pri_size = BN_num_bytes(dsa->q); - pub_size = BN_num_bytes(dsa->p); - - if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) { - goto err; - } - if (ASN1_STRING_length(master->secret_factors) != pri_size * num_factors) { - goto err; - } - - ASN1_STRING_free(param->public_factors); - if (!ASN1_STRING_set(param->public_factors, NULL, pub_size * num_factors)) { - goto err; - } - - pri_ptr = ASN1_STRING_data(master->secret_factors); - pub_ptr = ASN1_STRING_data(param->public_factors); - memset(pub_ptr, 0, ASN1_STRING_length(param->public_factors)); - - for (i = 0; i < num_factors; i++) { - - if (!BN_bin2bn(pri_ptr, pri_size, pri)) { - goto err; - } - if (BN_is_zero(pri) || BN_cmp(pri, dsa->q) >= 0) { - goto err; - } - - if (!BN_mod_exp(pub, dsa->g, pri, dsa->p, ctx)) { - goto err; - } - if (!BN_bn2bin(pub, pub_ptr + pub_size - BN_num_bytes(pub))) { - goto err; - } - - pri_ptr += pri_size; - pub_ptr += pub_size; - } - - ret = 1; -err: - if (dsa) DSA_free(dsa); - if (pri) BN_free(pri); - if (pub) BN_free(pub); - if (ctx) BN_CTX_free(ctx); - return ret; -} - -static DSA *extract_dsa_priv_key(CPK_MASTER_SECRET *master, const char *id) -{ - int e = 1; - DSA *dsa = NULL; - BIGNUM *bn = BN_new(); - BN_CTX *ctx = BN_CTX_new(); - const unsigned char *p; - int *index = NULL; - int i, num_indexes, bn_size; - - - if (!bn || !ctx) { - goto err; - } - if (!(dsa = X509_ALGOR_get1_DSA(master->pkey_algor))) { - goto err; - } - - if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) { - goto err; - } - if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) { - goto err; - } - if (!CPK_MAP_str2index(master->map_algor, id, index)) { - goto err; - } - if (!dsa->priv_key) { - if (!(dsa->priv_key = BN_new())) { - goto err; - } - } - BN_zero(dsa->priv_key); - bn_size = BN_num_bytes(dsa->q); - - for (i = 0; i < num_indexes; i++) { - p = ASN1_STRING_data(master->secret_factors) + bn_size * index[i]; - if (!BN_bin2bn(p, bn_size, bn)) { - goto err; - } - if (BN_is_zero(bn) || BN_cmp(bn, dsa->q) >= 0) { - goto err; - } - if (!BN_mod_add(dsa->priv_key, dsa->priv_key, bn, dsa->q, ctx)) { - goto err; - } - } - - if (!(dsa->pub_key)) - if (!(dsa->pub_key = BN_new())) { - goto err; - } - if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { - goto err; - } - e = 0; - -err: - if (e && dsa) { - DSA_free(dsa); - dsa = NULL; - } - if (bn) BN_free(bn); - if (ctx) BN_CTX_free(ctx); - if (index) OPENSSL_free(index); - return dsa; -} - -static DSA *extract_dsa_pub_key(CPK_PUBLIC_PARAMS *param, const char *id) -{ - int e = 1; - DSA *dsa = NULL; - BIGNUM *bn = BN_new(); - BN_CTX *ctx = BN_CTX_new(); - const unsigned char *p; - int *index = NULL; - int i, num_indexes, bn_size; - - - if (!bn || !ctx) { - goto err; - } - if (!(dsa = X509_ALGOR_get1_DSA(param->pkey_algor))) { - goto err; - } - - if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) { - goto err; - } - if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) { - goto err; - } - if (!CPK_MAP_str2index(param->map_algor, id, index)) { - goto err; - } - if (!dsa->pub_key) { - if (!(dsa->pub_key = BN_new())) { - goto err; - } - } - BN_zero(dsa->pub_key); - bn_size = BN_num_bytes(dsa->p); - - for (i = 0; i < num_indexes; i++) { - p = ASN1_STRING_data(param->public_factors) + bn_size * index[i]; - if (!BN_bin2bn(p, bn_size, bn)) { - goto err; - } - if (BN_is_zero(bn) || BN_cmp(bn, dsa->p) >= 0) { - goto err; - } - if (!BN_mod_add(dsa->pub_key, dsa->pub_key, bn, dsa->p, ctx)) { - goto err; - } - } - e = 0; - -err: - if (e && dsa) { - DSA_free(dsa); - dsa = NULL; - } - if (bn) BN_free(bn); - if (ctx) BN_CTX_free(ctx); - if (index) OPENSSL_free(index); - return dsa; -} static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor) { @@ -715,9 +446,9 @@ static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor) int ptype; const void *pval; const unsigned char *p; - + X509_ALGOR_get0(NULL, &ptype, &pval, algor); - + if (ptype == V_ASN1_SEQUENCE) { ASN1_OCTET_STRING *pstr = (ASN1_OCTET_STRING *)pval; p = pstr->data; @@ -725,14 +456,14 @@ static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor) CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB); return NULL; } - + } else if (ptype == V_ASN1_OBJECT) { ASN1_OBJECT *poid = (ASN1_OBJECT *)pval; EC_GROUP *group; - if (!(ec_key = EC_KEY_new())) { + if (!(ec_key = EC_KEY_new())) { CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_MALLOC_FAILURE); return NULL; - } + } if (!(group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)))) { EC_KEY_free(ec_key); CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB); @@ -746,12 +477,12 @@ static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor) return NULL; } EC_GROUP_free(group); - + } else { CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, CPK_R_BAD_DATA); return NULL; } - return ec_key; + return ec_key; } static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param) @@ -766,11 +497,11 @@ static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param int i, bn_size, pt_size, num_factors; const unsigned char *bn_ptr; unsigned char *pt_ptr; - + if (!bn || !order || !ctx) { goto err; } - + if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) { goto err; } @@ -780,7 +511,7 @@ static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param } bn_size = BN_num_bytes(order); pt_size = bn_size + 1; - + if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) { goto err; } @@ -790,13 +521,13 @@ static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param if (!ASN1_STRING_set(param->public_factors, NULL, pt_size * num_factors)) { goto err; } - + bn_ptr = ASN1_STRING_data(master->secret_factors); pt_ptr = ASN1_STRING_data(param->public_factors); memset(pt_ptr, 0, ASN1_STRING_length(param->public_factors)); - + if (!(pt = EC_POINT_new(ec_group))) { - goto err; + goto err; } for (i = 0; i < num_factors; i++) { if (!BN_bin2bn(bn_ptr, bn_size, bn)) { @@ -808,17 +539,17 @@ static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param if (!EC_POINT_mul(ec_group, pt, bn, NULL, NULL, ctx)) { goto err; } - - if (!EC_POINT_point2oct(ec_group, pt, + + if (!EC_POINT_point2oct(ec_group, pt, POINT_CONVERSION_COMPRESSED, pt_ptr, pt_size, ctx)) { goto err; } bn_ptr += bn_size; pt_ptr += pt_size; } - + ret = 1; -err: +err: if (ec_key) EC_KEY_free(ec_key); if (bn) BN_free(bn); if (order) BN_free(order); @@ -827,8 +558,6 @@ err: return ret; } - - static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id) { int e = 1; @@ -842,11 +571,11 @@ static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id) int *index = NULL; int i, num_indexes, bn_size; - + if (!priv_key || !bn || !order || !ctx) { goto err; } - + if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) { goto err; } @@ -860,17 +589,17 @@ static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id) } if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) { goto err; - } + } if (!CPK_MAP_str2index(master->map_algor, id, index)) { goto err; } - + BN_zero(priv_key); if (!(EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, ctx))) { goto err; } bn_size = BN_num_bytes(order); - + for (i = 0; i < num_indexes; i++) { const unsigned char *p = ASN1_STRING_data(master->secret_factors) + @@ -897,7 +626,7 @@ static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id) goto err; } e = 0; - + err: if (e && ec_key) { EC_KEY_free(ec_key); @@ -924,12 +653,12 @@ static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id) BN_CTX *ctx = BN_CTX_new(); int *index = NULL; int i, bn_size, pt_size, num_indexes, num_factors; - + if (!(ec_key = X509_ALGOR_get1_EC_KEY(param->pkey_algor))) { - goto err; + goto err; } ec_group = EC_KEY_get0_group(ec_key); - + if (!(pub_key = EC_POINT_new(ec_group))) { goto err; } @@ -953,7 +682,7 @@ static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id) } if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) { goto err; - } + } if (!CPK_MAP_str2index(param->map_algor, id, index)) { goto err; } @@ -962,9 +691,9 @@ static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id) goto err; } for (i = 0; i < num_indexes; i++) { - const unsigned char *p = - ASN1_STRING_data(param->public_factors) + - pt_size * index[i]; + const unsigned char *p = + ASN1_STRING_data(param->public_factors) + + pt_size * index[i]; if (!EC_POINT_oct2point(ec_group, pt, p, pt_size, ctx)) { goto err; @@ -990,5 +719,3 @@ err: if (index) OPENSSL_free(index); return ec_key; } - - diff --git a/crypto/cpk/cpk_map.c b/crypto/cpk/cpk_map.c index ebbc505e..5312281c 100755 --- a/crypto/cpk/cpk_map.c +++ b/crypto/cpk/cpk_map.c @@ -52,6 +52,7 @@ #include #include #include +#include "cpk_lcl.h" X509_ALGOR *CPK_MAP_new_default() { @@ -175,4 +176,3 @@ err: if (bn) BN_free(bn); return ret; } - diff --git a/crypto/cpk/cpk_prn.c b/crypto/cpk/cpk_prn.c index 5843cdf3..507647a4 100644 --- a/crypto/cpk/cpk_prn.c +++ b/crypto/cpk/cpk_prn.c @@ -50,6 +50,7 @@ #include #include #include +#include "cpk_lcl.h" int CPK_MASTER_SECRET_print(BIO *out, CPK_MASTER_SECRET *master, int indent, unsigned long flags) diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 4a064c77..dfe86e5c 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -45,6 +45,8 @@ static ERR_STRING_DATA EC_str_functs[] = { {ERR_FUNC(EC_F_ECIES_PARAMS_GET_MAC), "ECIES_PARAMS_get_mac"}, {ERR_FUNC(EC_F_ECIES_PARAMS_INIT_WITH_RECOMMENDED), "ECIES_PARAMS_init_with_recommended"}, + {ERR_FUNC(EC_F_ECIES_PARAMS_INIT_WITH_TYPE), + "ECIES_PARAMS_init_with_type"}, {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"}, {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"}, {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "eckey_priv_decode"}, @@ -244,8 +246,8 @@ static ERR_STRING_DATA EC_str_functs[] = { {ERR_FUNC(EC_F_SM2_DECRYPT), "SM2_decrypt"}, {ERR_FUNC(EC_F_SM2_DO_DECRYPT), "SM2_do_decrypt"}, {ERR_FUNC(EC_F_SM2_DO_ENCRYPT), "SM2_do_encrypt"}, - {ERR_FUNC(EC_F_SM2_DO_SIGN), "sm2_do_sign"}, - {ERR_FUNC(EC_F_SM2_DO_VERIFY), "sm2_do_verify"}, + {ERR_FUNC(EC_F_SM2_DO_SIGN), "SM2_do_sign"}, + {ERR_FUNC(EC_F_SM2_DO_VERIFY), "SM2_do_verify"}, {ERR_FUNC(EC_F_SM2_ENCRYPT), "SM2_encrypt"}, {ERR_FUNC(EC_F_SM2_ENC_PARAMS_DUP), "SM2_ENC_PARAMS_dup"}, {ERR_FUNC(EC_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED), @@ -257,7 +259,7 @@ static ERR_STRING_DATA EC_str_functs[] = { {ERR_FUNC(EC_F_SM2_KAP_CTX_INIT), "SM2_KAP_CTX_init"}, {ERR_FUNC(EC_F_SM2_KAP_FINAL_CHECK), "SM2_KAP_final_check"}, {ERR_FUNC(EC_F_SM2_KAP_PREPARE), "SM2_KAP_prepare"}, - {ERR_FUNC(EC_F_SM2_SIGN_SETUP), "sm2_sign_setup"}, + {ERR_FUNC(EC_F_SM2_SIGN_SETUP), "SM2_sign_setup"}, {ERR_FUNC(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK), "type1curve_eval_line_textbook"}, {ERR_FUNC(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK), @@ -299,6 +301,7 @@ static ERR_STRING_DATA EC_str_reasons[] = { {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), "ec group new by name failure"}, {ERR_REASON(EC_R_ENCRYPT_FAILED), "encrypt failed"}, + {ERR_REASON(EC_R_ENCRYPT_FAILURE), "encrypt failure"}, {ERR_REASON(EC_R_ERROR), "error"}, {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"}, {ERR_REASON(EC_R_GEN_MAC_FAILED), "gen mac failed"}, @@ -326,13 +329,16 @@ static ERR_STRING_DATA EC_str_reasons[] = { {ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"}, {ERR_REASON(EC_R_INVALID_ECIES_CIPHERTEXT), "invalid ecies ciphertext"}, {ERR_REASON(EC_R_INVALID_ECIES_PARAMETERS), "invalid ecies parameters"}, + {ERR_REASON(EC_R_INVALID_ECIES_PARAMS), "invalid ecies params"}, {ERR_REASON(EC_R_INVALID_EC_KEY), "invalid ec key"}, {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"}, + {ERR_REASON(EC_R_INVALID_ENC_PARAM), "invalid enc param"}, {ERR_REASON(EC_R_INVALID_ENC_TYPE), "invalid enc type"}, {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"}, {ERR_REASON(EC_R_INVALID_FORM), "invalid form"}, {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"}, {ERR_REASON(EC_R_INVALID_ID_LENGTH), "invalid id length"}, + {ERR_REASON(EC_R_INVALID_INPUT_LENGTH), "invalid input length"}, {ERR_REASON(EC_R_INVALID_KDF_MD), "invalid kdf md"}, {ERR_REASON(EC_R_INVALID_KEY), "invalid key"}, {ERR_REASON(EC_R_INVALID_MD), "invalid md"}, diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index cf6797a5..aa85e621 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -28,10 +28,10 @@ static const EC_KEY_METHOD openssl_ec_key_method = { ossl_ecdsa_verify, ossl_ecdsa_verify_sig, #ifndef OPENSSL_NO_SM2 - gmssl_ecies_encrypt, - gmssl_ecies_do_encrypt, - gmssl_ecies_decrypt, - gmssl_ecies_do_decrypt, + ECIES_encrypt, + NULL, + ECIES_decrypt, + NULL, #endif }; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index cde64b93..7e46469e 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -41,13 +41,9 @@ typedef struct { size_t kdf_outlen; #ifndef OPENSSL_NO_SM2 int sign_type; + int exch_type; int enc_type; - int dh_type; - union { - void *ptr; - ECIES_PARAMS *ecies; - SM2_ENC_PARAMS *sm2; - } enc_param; + int enc_param; #endif } EC_PKEY_CTX; @@ -63,9 +59,9 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx) dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE; #ifndef OPENSSL_NO_SM2 dctx->sign_type = NID_secg_scheme; + dctx->exch_type = NID_secg_scheme; dctx->enc_type = NID_secg_scheme; - dctx->dh_type = NID_secg_scheme; - dctx->enc_param.ptr = NULL; + dctx->enc_param = NID_undef; #endif ctx->data = dctx; return 1; @@ -102,23 +98,9 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->kdf_ukmlen = sctx->kdf_ukmlen; #ifndef OPENSSL_NO_SM2 dctx->sign_type = sctx->sign_type; + dctx->exch_type = sctx->exch_type; dctx->enc_type = sctx->enc_type; - dctx->dh_type = sctx->dh_type; - if (sctx->enc_param.ptr) { - if (sctx->enc_type == NID_secg_scheme) { - dctx->enc_param.ecies = ECIES_PARAMS_dup(sctx->enc_param.ecies); - if (!dctx->enc_param.ecies) { - return 0; - } - } else if (sctx->enc_type == NID_sm_scheme) { - dctx->enc_param.sm2 = SM2_ENC_PARAMS_dup(sctx->enc_param.sm2); - if (!dctx->enc_param.sm2) { - return 0; - } - } else { - return 0; - } - } + dctx->enc_param = sctx->enc_param; #endif return 1; } @@ -130,18 +112,6 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) EC_GROUP_free(dctx->gen_group); EC_KEY_free(dctx->co_key); OPENSSL_free(dctx->kdf_ukm); -#ifndef OPENSSL_NO_SM2 - if (dctx->enc_param.ptr) { - if (dctx->enc_type == NID_secg_scheme) { - ECIES_PARAMS_free(dctx->enc_param.ecies); - } else if (dctx->enc_type == NID_sm_scheme) { - SM2_ENC_PARAMS_free(dctx->enc_param.sm2); - } else { - /* this should not happen */ - OPENSSL_free(dctx->enc_param.ptr); - } - } -#endif OPENSSL_free(dctx); } } @@ -214,33 +184,17 @@ static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen switch (dctx->enc_type) { case NID_sm_scheme: - if (dctx->enc_param.sm2) { - if (!SM2_encrypt(dctx->enc_param.sm2, in, inlen, out, outlen, ec_key)) { - ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_SM2_ENCRYPT_FAILED); - return 0; - } - } else { - if (!SM2_encrypt_with_recommended(in, inlen, out, outlen, ec_key)) { - ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_SM2_ENCRYPT_WITH_RECOMMENDED_FAILED); - return 0; - } + if (!SM2_encrypt(dctx->enc_param, in, inlen, out, outlen, ec_key)) { + ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_SM2_ENCRYPT_FAILED); + return 0; } break; - case NID_secg_scheme: - if (dctx->enc_param.ecies) { - if (!ECIES_encrypt(dctx->enc_param.ecies, in, inlen, out, outlen, ec_key)) { - ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_ECIES_ENCRYPT_FAILED); - return 0; - } - } else { - if (!ECIES_encrypt_with_recommended(in, inlen, out, outlen, ec_key)) { - ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_ECIES_ENCRYPT_WITH_RECOMMENDED_FAILED); - return 0; - } + if (!ECIES_encrypt(dctx->enc_param, in, inlen, out, outlen, ec_key)) { + ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_ECIES_ENCRYPT_FAILED); + return 0; } break; - default: ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_INVALID_ENC_TYPE); return 0; @@ -257,30 +211,15 @@ static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen switch (dctx->enc_type) { case NID_sm_scheme: - if (dctx->enc_param.sm2) { - if (!SM2_decrypt(dctx->enc_param.sm2, in, inlen, out, outlen, ec_key)) { - ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_SM2_DECRYPT_FAILED); - return 0; - } - } else { - if (!SM2_decrypt_with_recommended(in, inlen, out, outlen, ec_key)) { - ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_SM2_DECRYPT_WITH_RECOMMENDED_FAILED); - return 0; - } + if (!SM2_decrypt(dctx->enc_param, in, inlen, out, outlen, ec_key)) { + ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_SM2_DECRYPT_FAILED); + return 0; } break; - case NID_secg_scheme: - if (dctx->enc_param.ecies) { - if (!ECIES_decrypt(dctx->enc_param.ecies, in, inlen, out, outlen, ec_key)) { - ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_ECIES_DECRYPT_FAILED); - return 0; - } - } else { - if (!ECIES_decrypt_with_recommended(in, inlen, out, outlen, ec_key)) { - ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_ECIES_DECRYPT_WITH_RECOMMENDED_FAILED); - return 0; - } + if (!ECIES_decrypt(dctx->enc_param, in, inlen, out, outlen, ec_key)) { + ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_ECIES_DECRYPT_FAILED); + return 0; } break; @@ -325,7 +264,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, outlen = *keylen; #ifndef OPENSSL_NO_SM2 - if (dctx->dh_type == NID_sm_scheme) + if (dctx->exch_type == NID_sm_scheme) ret = SM2_compute_key(key, outlen, pubkey, eckey, 0); else #endif @@ -465,14 +404,14 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_EC_DH_TYPE: if (p1 == -2) - return dctx->dh_type; + return dctx->exch_type; if (p1 != NID_secg_scheme && p1 != NID_sm_scheme) return -2; - dctx->dh_type = p1; + dctx->exch_type = p1; return 1; case EVP_PKEY_CTRL_GET_EC_DH_TYPE: - *(int *)p2 = dctx->dh_type; + *(int *)p2 = dctx->exch_type; return 1; #endif @@ -556,6 +495,7 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, } return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); #ifndef OPENSSL_NO_SM2 + } else if (!strcmp(type, "signer")) { } else if (!strcmp(type, "ec_sign_algor")) { int sign_type; if (!strcmp(value, "ecdsa")) diff --git a/crypto/ec2/bn_gfp2.c b/crypto/ec2/bn_gfp2.c index 3d196d15..2bc63f49 100644 --- a/crypto/ec2/bn_gfp2.c +++ b/crypto/ec2/bn_gfp2.c @@ -121,18 +121,6 @@ int BN_GFP2_copy(BN_GFP2 *r, const BN_GFP2 *a) return 1; } -int BN_GFP2_zero(BN_GFP2 *a) -{ - if (!a || !a->a0 || !a->a1) { - BNerr(BN_F_BN_GFP2_ZERO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - BN_zero(a->a0); - BN_zero(a->a1); - return 1; -} - int BN_GFP2_one(BN_GFP2 *a) { if (!a || !a->a0 || !a->a1) { @@ -145,6 +133,18 @@ int BN_GFP2_one(BN_GFP2 *a) return 1; } +int BN_GFP2_zero(BN_GFP2 *a) +{ + if (!a || !a->a0 || !a->a1) { + BNerr(BN_F_BN_GFP2_ZERO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + BN_zero(a->a0); + BN_zero(a->a1); + return 1; +} + /* return 1 on success, so dont use !BN_GFP2_is_zero() to check return value */ int BN_GFP2_is_zero(const BN_GFP2 *a) { @@ -156,26 +156,16 @@ int BN_GFP2_is_zero(const BN_GFP2 *a) return (BN_is_zero(a->a0) && BN_is_zero(a->a1)); } -/* - * can we compare values on F_p^2 ? - */ -int BN_GFP2_cmp(const BN_GFP2 *a, const BN_GFP2 *b) +int BN_GFP2_equ(const BN_GFP2 *a, const BN_GFP2 *b) { if (!a || !b || !a->a0 || !a->a1 || !b->a0 || !b->a1) { - BNerr(BN_F_BN_GFP2_CMP, ERR_R_PASSED_NULL_PARAMETER); - return -1; + BNerr(BN_F_BN_GFP2_EQU, ERR_R_PASSED_NULL_PARAMETER); + return 0; } return ((BN_cmp(a->a0, b->a0) == 0) && (BN_cmp(a->a1, b->a1) == 0)); } -int BN_GFP2_equ(const BN_GFP2 *a, const BN_GFP2 *b) -{ - //FIXME - - return 0; -} - int BN_GFP2_add(BN_GFP2 *r, const BN_GFP2 *a, const BN_GFP2 *b, const BIGNUM *p, BN_CTX *ctx) { @@ -416,6 +406,45 @@ end: return ret; } +int BN_bn2gfp2(const BIGNUM *bn, BN_GFP2 *gfp2, const BIGNUM *p, BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *a; + + if (!(a = BN_CTX_get(ctx))) { + goto end; + } + + BN_one(a); + if (!BN_lshift(a, a, BN_num_bytes(p)*8)) { + goto end; + } + + if (!BN_rshift(gfp2->a1, bn, BN_num_bytes(p)*8)) { + goto end; + } + if (!BN_mod(gfp2->a0, bn, a, ctx)) { + goto end; + } + + ret = 1; +end: + BN_CTX_end(ctx); + return ret; +} + +/* return (a0 + a1 << 2^n), n = log_2(p), n % 8 == 0 */ +int BN_gfp22bn(const BN_GFP2 *gfp2, BIGNUM *bn, const BIGNUM *p, BN_CTX *ctx) +{ + if (!BN_lshift(bn, gfp2->a1, BN_num_bytes(p) * 8)) { + return 0; + } + if (!BN_add(bn, bn, gfp2->a0)) { + return 0; + } + return 1; +} + int BN_GFP2_canonical(const BN_GFP2 *a, unsigned char *out, size_t *outlen, int order, const BIGNUM *p, BN_CTX *ctx) { @@ -462,42 +491,3 @@ int BN_GFP2_canonical(const BN_GFP2 *a, unsigned char *out, size_t *outlen, *outlen = len; return 1; } - -int BN_bn2gfp2(const BIGNUM *bn, BN_GFP2 *gfp2, const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *a; - - if (!(a = BN_CTX_get(ctx))) { - goto end; - } - - BN_one(a); - if (!BN_lshift(a, a, BN_num_bytes(p)*8)) { - goto end; - } - - if (!BN_rshift(gfp2->a1, bn, BN_num_bytes(p)*8)) { - goto end; - } - if (!BN_mod(gfp2->a0, bn, a, ctx)) { - goto end; - } - - ret = 1; -end: - BN_CTX_end(ctx); - return ret; -} - -/* return (a0 + a1 << 2^n), n = log_2(p), n % 8 == 0 */ -int BN_gfp22bn(const BN_GFP2 *gfp2, BIGNUM *bn, const BIGNUM *p, BN_CTX *ctx) -{ - if (!BN_lshift(bn, gfp2->a1, BN_num_bytes(p) * 8)) { - return 0; - } - if (!BN_add(bn, bn, gfp2->a0)) { - return 0; - } - return 1; -} diff --git a/crypto/ec2/bn_hash.c b/crypto/ec2/bn_hash.c index 88cf53e2..badb36d2 100644 --- a/crypto/ec2/bn_hash.c +++ b/crypto/ec2/bn_hash.c @@ -135,33 +135,3 @@ end: OPENSSL_free(buf); return ret; } - -#if 0 -int main(void) -{ - char *s = "This ASCII string without null-terminator"; - BIGNUM *bn = NULL; - BIGNUM *ret = NULL; - BIGNUM *range = NULL; - - BN_hex2bn(&range, "ffffffffffffffffffffefffffffffffffffffff"); - BN_hex2bn(&bn, "79317c1610c1fc018e9c53d89d59c108cd518608"); - - if (!BN_hash2bn(&ret, s, strlen(s), EVP_sha1(), range)) { - printf("BN_hash2bn() function failed\n"); - return 0; - } - if (!ret) { - printf("shit\n"); - } - printf("%s\n", BN_bn2hex(ret)); - if (BN_cmp(ret, bn) != 0) { - printf("BN_hash2bn() test failed\n"); - return 0; - } - - printf("BN_hash2bn() test passed\n"); - return 1; -} -#endif - diff --git a/crypto/ec2/bn_solinas.c b/crypto/ec2/bn_solinas.c index 0dc83c72..7736a07b 100644 --- a/crypto/ec2/bn_solinas.c +++ b/crypto/ec2/bn_solinas.c @@ -60,6 +60,16 @@ * use it for fast check of solinas */ +#define BN_SOLINAS_192V1 0 +#define BN_SOLINAS_192V2 1 +#define BN_SOLINAS_224V1 2 +#define BN_SOLINAS_256V1 3 +#define BN_SOLINAS_384V1 4 +#define BN_SOLINAS_512V1 5 +#define BN_SOLINAS_512V2 6 +#define BN_SOLINAS_1024V1 7 +#define BN_SOLINAS_1024V2 8 + static BN_SOLINAS BN_solinas_table[] = { { 192, 16, -1, -1 }, { 192, 64, -1, -1 }, @@ -92,7 +102,6 @@ static BN_SOLINAS BN_solinas_table[] = { * 0xfffffffffbfffffffffffffffffffffffff */ - int BN_bn2solinas(const BIGNUM *bn, BN_SOLINAS *solinas) { int ret = 0; @@ -115,6 +124,7 @@ int BN_bn2solinas(const BIGNUM *bn, BN_SOLINAS *solinas) } solinas->c = BN_is_bit_set(bn, 1) ? 1 : -1; + if (BN_is_bit_set(bn, nbits - 1)) { solinas->s = -1; solinas->a = nbits; @@ -133,10 +143,16 @@ end: int BN_solinas2bn(const BN_SOLINAS *solinas, BIGNUM *bn) { int ret = 0; -#if 0 BIGNUM *tmp = NULL; - if (b <= 0 || a <= b || (s != 1 && s != -1) || - (c != 1 && c != -1)) { + + if (!solinas || !bn) { + BNerr(BN_F_BN_SOLINAS2BN, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (solinas->b <= 0 || solinas->a <= solinas->b + || (solinas->s != 1 && solinas->s != -1) + || (solinas->c != 1 && solinas->c != -1)) { BNerr(BN_F_BN_SOLINAS2BN, BN_R_INVALID_SOLINAS_PARAMETERS); return 0; } @@ -148,36 +164,38 @@ int BN_solinas2bn(const BN_SOLINAS *solinas, BIGNUM *bn) BN_one(tmp); - if (!BN_lshift(solinas, tmp, a)) { + if (!BN_lshift(bn, tmp, solinas->a)) { BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB); goto end; } - if (!BN_lshift(tmp, tmp, b)) { + + if (!BN_lshift(tmp, tmp, solinas->b)) { BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB); goto end; } - if (!BN_add_word(tmp, c)) { + + if (!BN_add_word(tmp, solinas->c)) { BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB); goto end; } - if (s > 0) { - if (!BN_add(solinas, solinas, tmp)) { + + if (solinas->s > 0) { + if (!BN_add(bn, bn, tmp)) { BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB); goto end; } } else { - if (!BN_sub(solinas, solinas, tmp)) { + if (!BN_sub(bn, bn, tmp)) { BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB); goto end; } } - /* check if solinas is a prime */ + /* check if it is a prime */ ret = 1; end: BN_free(tmp); -#endif return ret; } @@ -191,3 +209,7 @@ int BN_is_solinas(const BIGNUM *a) return 0; } +BN_SOLINAS *BN_get_solinas(int index) +{ + return NULL; +} diff --git a/crypto/ec2/build.info b/crypto/ec2/build.info index e6b4dcd2..59ac0589 100644 --- a/crypto/ec2/build.info +++ b/crypto/ec2/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=bn_gfp2.c bn_solinas.c bn_hash.c \ - fppoint.c ec_expoint.c ec_hash.c ec_type1.c + fppoint.c ec_hash.c ec_type1.c diff --git a/crypto/ec2/ec_type1.c b/crypto/ec2/ec_type1.c index 4c694dfc..557bd092 100644 --- a/crypto/ec2/ec_type1.c +++ b/crypto/ec2/ec_type1.c @@ -51,8 +51,10 @@ #include #include #include +#include #include + EC_GROUP *EC_GROUP_generate_type1curve(const BIGNUM *order, BN_CTX *bn_ctx) { ECerr(EC_F_EC_GROUP_GENERATE_TYPE1CURVE, 0); @@ -781,3 +783,31 @@ int EC_type1curve_tate_ratio(const EC_GROUP *group, BN_GFP2 *r, return 0; } +typedef struct { + int security_bits; + int n_bits; + int p_bits; + int q_bits; +} TYPE1CURVE_SEC; + +static TYPE1CURVE_SEC sec_tbl[] = { + /* k |n| |p| |q| */ + { 80, 1024, 512, 160}, + {112, 2048, 1024, 224}, + {128, 3072, 1536, 256}, + {192, 7680, 3840, 384}, + {256, 15360, 7680, 512} +}; + +const EVP_MD *TYPE1CURVE_nbits_to_md(int nbits) +{ + switch (nbits) { + case 1024: return EVP_sha1(); + case 2048: return EVP_sha224(); + case 3072: return EVP_sha256(); + case 7680: return EVP_sha384(); + case 15360: return EVP_sha512(); + } + return NULL; +} + diff --git a/crypto/ecies/build.info b/crypto/ecies/build.info index 32dc56ba..6983895d 100644 --- a/crypto/ecies/build.info +++ b/crypto/ecies/build.info @@ -1,2 +1,2 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=ecies_asn1.c ecies_lib.c ecies_gmssl.c +SOURCE[../../libcrypto]=ecies_asn1.c ecies_lib.c diff --git a/crypto/ecies/ecies_asn1.c b/crypto/ecies/ecies_asn1.c index 340d68e2..9aa5b061 100644 --- a/crypto/ecies/ecies_asn1.c +++ b/crypto/ecies/ecies_asn1.c @@ -57,6 +57,7 @@ #include #include #include +#include "ecies_lcl.h" /* * From SEC 1, Version 1.9 Draft, 2008 diff --git a/crypto/ecies/ecies_lcl.h b/crypto/ecies/ecies_lcl.h index 670eaf9b..67d1d511 100644 --- a/crypto/ecies/ecies_lcl.h +++ b/crypto/ecies/ecies_lcl.h @@ -50,6 +50,12 @@ #include #include +struct ecies_ciphertext_value_st { + ASN1_OCTET_STRING *ephem_point; + ASN1_OCTET_STRING *ciphertext; + ASN1_OCTET_STRING *mactag; +}; + int gmssl_ecies_encrypt(int type, const unsigned char *in, size_t inlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key); int gmssl_ecies_decrypt(int type, const unsigned char *in, size_t inlen, diff --git a/crypto/ecies/ecies_lib.c b/crypto/ecies/ecies_lib.c index 2f32a18e..14d81e0d 100644 --- a/crypto/ecies/ecies_lib.c +++ b/crypto/ecies/ecies_lib.c @@ -60,9 +60,40 @@ #include #include #include "internal/o_str.h" +#include "ecies_lcl.h" #define ECIES_ENC_RANDOM_IV 1 +int ECIES_PARAMS_init_with_type(ECIES_PARAMS *params, int type) +{ + if (!params) { + ECerr(EC_F_ECIES_PARAMS_INIT_WITH_TYPE, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + switch (type) { + case NID_ecies_with_x9_63_sha1_xor_hmac: + params->kdf_nid = NID_x9_63_kdf; + params->kdf_md = EVP_sha1(); + params->enc_nid = NID_xor_in_ecies; + params->mac_nid = NID_hmac_full_ecies; + params->hmac_md = EVP_sha1(); + break; + case NID_ecies_with_x9_63_sha256_xor_hmac: + params->kdf_nid = NID_x9_63_kdf; + params->kdf_md = EVP_sha256(); + params->enc_nid = NID_xor_in_ecies; + params->mac_nid = NID_hmac_full_ecies; + params->hmac_md = EVP_sha256(); + break; + default: + ECerr(EC_F_ECIES_PARAMS_INIT_WITH_TYPE, EC_R_INVALID_ECIES_PARAMS); + return 0; + } + + return 1; +} + int ECIES_PARAMS_init_with_recommended(ECIES_PARAMS *param) { if (!param) { @@ -80,37 +111,6 @@ int ECIES_PARAMS_init_with_recommended(ECIES_PARAMS *param) return 1; } -ECIES_PARAMS *ECIES_PARAMS_new(void) -{ - ECIES_PARAMS *ret = NULL; - - if (!(ret = OPENSSL_malloc(sizeof(*ret)))) { - return NULL; - } - - ECIES_PARAMS_init_with_recommended(ret); - return ret; -} - -ECIES_PARAMS *ECIES_PARAMS_dup(const ECIES_PARAMS *param) -{ - ECIES_PARAMS *ret = NULL; - - if (!(ret = OPENSSL_zalloc(sizeof(*ret)))) { - return NULL; - } - - /* check param */ - - memcpy(ret, param, sizeof(*param)); - return ret; -} - -void ECIES_PARAMS_free(ECIES_PARAMS *param) -{ - OPENSSL_free(param); -} - KDF_FUNC ECIES_PARAMS_get_kdf(const ECIES_PARAMS *param) { if (!param || !param->kdf_md) { @@ -650,16 +650,22 @@ end: return ret; } -int ECIES_encrypt(const ECIES_PARAMS *param, - const unsigned char *in, size_t inlen, +int ECIES_encrypt(int type, const unsigned char *in, size_t inlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key) { int ret = 0; + ECIES_PARAMS param; ECIES_CIPHERTEXT_VALUE *cv = NULL; unsigned char *p = out; int len; - if (!(cv = ECIES_do_encrypt(param, in, inlen, ec_key))) { + if (!ECIES_PARAMS_init_with_type(¶m, type)) { + ECerr(EC_F_ECIES_ENCRYPT, EC_R_INVALID_ENC_PARAM); + return 0; + } + + RAND_seed(in, inlen); + if (!(cv = ECIES_do_encrypt(¶m, in, inlen, ec_key))) { ECerr(EC_F_ECIES_ENCRYPT, EC_R_ENCRYPT_FAILED); return 0; } @@ -694,22 +700,40 @@ end: return ret; } - -int ECIES_decrypt(const ECIES_PARAMS *param, - const unsigned char *in, size_t inlen, +int ECIES_decrypt(int type, const unsigned char *in, size_t inlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key) { int ret = 0; + ECIES_PARAMS param; ECIES_CIPHERTEXT_VALUE *cv = NULL; - const unsigned char *p = in; - if (!(cv = d2i_ECIES_CIPHERTEXT_VALUE(NULL, &p, (long)inlen))) { - ECerr(EC_F_ECIES_DECRYPT, EC_R_ENCRYPT_FAILED); + if (!in) { + ECerr(EC_F_ECIES_DECRYPT, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (!ECIES_do_decrypt(param, cv, out, outlen, ec_key)) { - ECerr(EC_F_ECIES_DECRYPT, EC_R_ENCRYPT_FAILED); + if (inlen <= 0 || inlen > INT_MAX) { + ECerr(EC_F_ECIES_DECRYPT, EC_R_INVALID_INPUT_LENGTH); + return 0; + } + + if (!ECIES_PARAMS_init_with_type(¶m, type)) { + ECerr(EC_F_ECIES_DECRYPT, EC_R_INVALID_ENC_PARAM); + return 0; + } + + if (!(cv = d2i_ECIES_CIPHERTEXT_VALUE(NULL, &in, (long)inlen))) { + ECerr(EC_F_ECIES_DECRYPT, EC_R_INVALID_ECIES_CIPHERTEXT); + return 0; + } + + if (inlen != i2d_ECIES_CIPHERTEXT_VALUE(cv, NULL)) { + ECerr(EC_F_ECIES_DECRYPT, EC_R_INVALID_ECIES_CIPHERTEXT); + goto end; + } + + if (!ECIES_do_decrypt(¶m, cv, out, outlen, ec_key)) { + ECerr(EC_F_ECIES_DECRYPT, EC_R_ENCRYPT_FAILURE); goto end; } @@ -718,21 +742,3 @@ end: ECIES_CIPHERTEXT_VALUE_free(cv); return ret; } - - -int ECIES_encrypt_with_recommended(const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - ECIES_PARAMS param; - ECIES_PARAMS_init_with_recommended(¶m); - return ECIES_encrypt(¶m, in, inlen, out, outlen, ec_key); -} - -int ECIES_decrypt_with_recommended(const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - ECIES_PARAMS param; - ECIES_PARAMS_init_with_recommended(¶m); - return ECIES_decrypt(¶m, in, inlen, out, outlen, ec_key); -} - diff --git a/crypto/err/err.c b/crypto/err/err.c index 5f6ec7e9..a1a1e1a5 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -67,6 +67,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_GMAPI, 0, 0), "GMAPI routines"}, {ERR_PACK(ERR_LIB_BFIBE, 0, 0), "BFIBE routines"}, {ERR_PACK(ERR_LIB_BB1IBE, 0, 0), "BB1IBE routines"}, + {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"}, {ERR_PACK(ERR_LIB_SM9, 0, 0), "SM9 routines"}, {ERR_PACK(ERR_LIB_SAF, 0, 0), "SAF routines"}, {ERR_PACK(ERR_LIB_SDF, 0, 0), "SDF routines"}, @@ -124,6 +125,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_GMAPI_LIB, "GMAPI lib"}, {ERR_R_BFIBE_LIB, "BFIBE lib"}, {ERR_R_BB1IBE_LIB, "BB1IBE lib"}, + {ERR_R_SM2_LIB, "SM2 lib"}, {ERR_R_SM9_LIB, "SM9 lib"}, {ERR_R_SAF_LIB, "SAF lib"}, {ERR_R_SDF_LIB, "SDF lib"}, diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 4e7ab151..634e2882 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -47,6 +47,7 @@ #include #include #include +#include #include #include #include @@ -138,6 +139,9 @@ int err_load_crypto_strings_int(void) # ifndef OPENSSL_NO_BB1IBE ERR_load_BB1IBE_strings() == 0 || # endif +# ifndef OPENSSL_NO_SM2 + ERR_load_SM2_strings() == 0 || +# endif # ifndef OPENSSL_NO_SM9 ERR_load_SM9_strings() == 0 || # endif diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index de4e5298..e6508150 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -43,6 +43,7 @@ L OTP include/openssl/otp.h crypto/otp/otp_err.c L GMAPI include/openssl/gmapi.h crypto/gmapi/gmapi_err.c L BFIBE include/openssl/bfibe.h crypto/bfibe/bfibe_err.c L BB1IBE include/openssl/bb1ibe.h crypto/bb1ibe/bb1ibe_err.c +L SM2 include/openssl/sm2.h crypto/sm2/sm2_err.c L SM9 include/openssl/sm9.h crypto/sm9/sm9_err.c L SAF include/openssl/gmsaf.h crypto/saf/saf_err.c L SDF include/openssl/gmsdf.h crypto/sdf/sdf_err.c diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 65eff7c8..63cd2edd 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -145,7 +145,16 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { - return ctx->update(ctx, data, count); +#ifndef OPENSSL_NO_SM2 + if (!ctx->is_updated && ctx->pctx && ctx->pctx->pre_update) { + if (!ctx->update(ctx, ctx->pctx->pre_update, + ctx->pctx->pre_update_len)) { + return 0; + } + } + ctx->is_updated = 1; +#endif + return ctx->update(ctx, data, count); } /* The caller can assume that this removes any secret data from the context */ diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 209577b7..1f9a22e5 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -19,6 +19,7 @@ struct evp_md_ctx_st { EVP_PKEY_CTX *pctx; /* Update function: usually copied from EVP_MD */ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); + int is_updated; } /* EVP_MD_CTX */ ; struct evp_cipher_ctx_st { diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index df8e5aad..e5afac23 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -10,13 +10,15 @@ #include #include "internal/cryptlib.h" -#ifndef OPENSSL_NO_SHA1 +#ifndef OPENSSL_NO_SHA -#include -#include -#include -#include -#include "internal/evp_int.h" +# include +# include +# include +# ifndef OPENSSL_NO_RSA +# include +# endif +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { @@ -112,6 +114,7 @@ const EVP_MD *EVP_sha1(void) return (&sha1_md); } +# ifndef OPENSSL_NO_SHA256 static int init224(EVP_MD_CTX *ctx) { return SHA224_Init(EVP_MD_CTX_md_data(ctx)); @@ -174,7 +177,9 @@ const EVP_MD *EVP_sha256(void) { return (&sha256_md); } +# endif +# ifndef OPENSSL_NO_SHA512 static int init384(EVP_MD_CTX *ctx) { return SHA384_Init(EVP_MD_CTX_md_data(ctx)); @@ -233,4 +238,5 @@ const EVP_MD *EVP_sha512(void) { return (&sha512_md); } +# endif #endif diff --git a/crypto/evp/m_sm3.c b/crypto/evp/m_sm3.c index e88cef64..35f0f211 100644 --- a/crypto/evp/m_sm3.c +++ b/crypto/evp/m_sm3.c @@ -48,14 +48,14 @@ */ #include -#include -#include -#include #include "internal/cryptlib.h" -#include "internal/evp_int.h" #ifndef OPENSSL_NO_SM3 +# include +# include +# include # include +# include "internal/evp_int.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index 6bec4062..80a3d56d 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -1,3 +1,51 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ /* * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * @@ -13,24 +61,37 @@ #include #include #include +#include int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) { - int ret = -1; + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + size_t siz; #ifndef OPENSSL_NO_RSA - if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { + if (EVP_PKEY_id(priv) == EVP_PKEY_RSA) { + if ((ret = RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv), RSA_PKCS1_PADDING)) < 0) { + EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, ERR_R_RSA_LIB); + return 0; + } + } #endif - EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); -#ifndef OPENSSL_NO_RSA - goto err; - } - ret = - RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv), - RSA_PKCS1_PADDING); - err: +#ifndef OPENSSL_NO_SM2 + if (!(ctx = EVP_PKEY_CTX_new(priv, NULL)) + || !EVP_PKEY_decrypt_init(ctx) + || !EVP_PKEY_CTX_set_ec_enc_type(ctx, NID_sm_scheme) + || !EVP_PKEY_decrypt(ctx, key, &siz, ek, ekl)) { + EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, ERR_R_EVP_LIB); + goto end; + } + + ret = (int)siz; #endif - return (ret); + +end: + EVP_PKEY_CTX_free(ctx); + return (ret); } diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index 4559af72..7199ba10 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -61,6 +61,7 @@ #include #include #include +#include int EVP_PKEY_encrypt_old(unsigned char *out, const unsigned char *in, int inlen, EVP_PKEY *pkey) diff --git a/crypto/gmapi/gmapi_err.c b/crypto/gmapi/gmapi_err.c index 9405425b..a261d159 100644 --- a/crypto/gmapi/gmapi_err.c +++ b/crypto/gmapi/gmapi_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -139,6 +139,18 @@ static ERR_STRING_DATA GMAPI_str_functs[] = { {ERR_FUNC(GMAPI_F_SKF_MACINIT), "SKF_MacInit"}, {ERR_FUNC(GMAPI_F_SKF_MACUPDATE), "SKF_MacUpdate"}, {ERR_FUNC(GMAPI_F_SKF_SETSYMMKEY), "SKF_SetSymmKey"}, + {ERR_FUNC(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER), + "SM2CiphertextValue_get_ECCCipher"}, + {ERR_FUNC(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB), + "SM2CiphertextValue_get_ECCCIPHERBLOB"}, + {ERR_FUNC(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHER), + "SM2CiphertextValue_new_from_ECCCipher"}, + {ERR_FUNC(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHERBLOB), + "SM2CiphertextValue_new_from_ECCCIPHERBLOB"}, + {ERR_FUNC(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER), + "SM2CiphertextValue_set_ECCCipher"}, + {ERR_FUNC(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB), + "SM2CiphertextValue_set_ECCCIPHERBLOB"}, {ERR_FUNC(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER), "SM2_CIPHERTEXT_VALUE_get_ECCCipher"}, {ERR_FUNC(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB), diff --git a/crypto/gmapi/gmapi_sdf_ec.c b/crypto/gmapi/gmapi_sdf_ec.c index b78f1ba6..a8966674 100644 --- a/crypto/gmapi/gmapi_sdf_ec.c +++ b/crypto/gmapi/gmapi_sdf_ec.c @@ -288,40 +288,39 @@ int EC_KEY_get_ECCrefPrivateKey(EC_KEY *ec_key, ECCrefPrivateKey *ref) return 1; } -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCipher( - const ECCCipher *ref) +SM2CiphertextValue *SM2CiphertextValue_new_from_ECCCipher(const ECCCipher *ref) { - SM2_CIPHERTEXT_VALUE *ret = NULL; - SM2_CIPHERTEXT_VALUE *cv = NULL; + SM2CiphertextValue *ret = NULL; + SM2CiphertextValue *cv = NULL; EC_GROUP *group = NULL; /* check arguments */ if (!ref) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHER, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (ref->L > INT_MAX) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHER, GMAPI_R_INVALID_CIPHETEXT_LENGTH); return NULL; } - /* ECCCipher => SM2_CIPHERTEXT_VALUE */ + /* ECCCipher => SM2CiphertextValue */ if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHER, ERR_R_EC_LIB); goto end; } - if (!(cv = SM2_CIPHERTEXT_VALUE_new(group))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + if (!(cv = SM2CiphertextValue_new(group))) { + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHER, GMAPI_R_MALLOC_FAILED); goto end; } - if (!SM2_CIPHERTEXT_VALUE_set_ECCCipher(cv, ref)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + if (!SM2CiphertextValue_set_ECCCipher(cv, ref)) { + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHER, GMAPI_R_INVALID_SM2_CIPHERTEXT); goto end; } @@ -331,7 +330,7 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCipher( end: EC_GROUP_free(group); - SM2_CIPHERTEXT_VALUE_free(cv); + SM2CiphertextValue_free(cv); return ret; } @@ -344,7 +343,7 @@ end: * implementations, developers have to check the encoding of the vendor's * library to make sure the encoding/decoding is correct */ -int SM2_CIPHERTEXT_VALUE_set_ECCCipher(SM2_CIPHERTEXT_VALUE *cv, +int SM2CiphertextValue_set_ECCCipher(SM2CiphertextValue *cv, const ECCCipher *ref) { int ret = 0; @@ -356,20 +355,20 @@ int SM2_CIPHERTEXT_VALUE_set_ECCCipher(SM2_CIPHERTEXT_VALUE *cv, /* check arguments */ if (!cv || !ref) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_PASSED_NULL_PARAMETER); return 0; } /* variables */ if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_EC_LIB); goto end; } /* this will never happen with GmSSL's sdf.h */ if (EC_GROUP_get_degree(group) > ECCref_MAX_BITS) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, GMAPI_R_INVALID_KEY_LENGTH); goto end; } @@ -377,7 +376,7 @@ int SM2_CIPHERTEXT_VALUE_set_ECCCipher(SM2_CIPHERTEXT_VALUE *cv, /* malloc */ if (!(bn_ctx = BN_CTX_new())) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_MALLOC_FAILURE); goto end; } @@ -385,36 +384,37 @@ int SM2_CIPHERTEXT_VALUE_set_ECCCipher(SM2_CIPHERTEXT_VALUE *cv, x = BN_CTX_get(bn_ctx); y = BN_CTX_get(bn_ctx); if (!x || !y) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_MALLOC_FAILURE); goto end; } - /* ECCCipher ==> SM2_CIPHERTEXT_VALUE */ - if (!BN_bin2bn(ref->x, ECCref_MAX_LEN, x)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + /* ECCCipher ==> SM2CiphertextValue */ + if (!BN_bin2bn(ref->x, ECCref_MAX_LEN, cv->xCoordinate)) { + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_BN_LIB); goto end; } - if (!BN_bin2bn(ref->y, ECCref_MAX_LEN, y)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + if (!BN_bin2bn(ref->y, ECCref_MAX_LEN, cv->yCoordinate)) { + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_BN_LIB); goto end; } + if (!cv->ephem_point) { if (!(cv->ephem_point = EC_POINT_new(group))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_EC_LIB); goto end; } } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_set_affine_coordinates_GFp(group, cv->ephem_point, x, y, bn_ctx)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_EC_LIB); goto end; } } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, cv->ephem_point, x, y, bn_ctx)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, ERR_R_EC_LIB); goto end; } } @@ -423,14 +423,14 @@ int SM2_CIPHERTEXT_VALUE_set_ECCCipher(SM2_CIPHERTEXT_VALUE *cv, memcpy(cv->mactag, ref->M, 32); if (ref->L <= 0 || ref->L > INT_MAX) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, GMAPI_R_INVALID_CIPHERTEXT_LENGTH); goto end; } cv->ciphertext_size = (size_t)ref->L; if (!(cv->ciphertext = OPENSSL_realloc(cv->ciphertext, (size_t)ref->L))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER, GMAPI_R_MALLOC_FAILED); goto end; } @@ -459,7 +459,7 @@ end: * use the vendor's header file. Then the errors can be found by the * compiler. */ -int SM2_CIPHERTEXT_VALUE_get_ECCCipher(const SM2_CIPHERTEXT_VALUE *cv, +int SM2CiphertextValue_get_ECCCipher(const SM2CiphertextValue *cv, ECCCipher *ref) { int ret = 0; @@ -470,7 +470,7 @@ int SM2_CIPHERTEXT_VALUE_get_ECCCipher(const SM2_CIPHERTEXT_VALUE *cv, /* check arguments */ if (!cv || !ref) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -480,19 +480,19 @@ int SM2_CIPHERTEXT_VALUE_get_ECCCipher(const SM2_CIPHERTEXT_VALUE *cv, * ciphertext */ if (ref->L < cv->ciphertext_size) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, GMAPI_R_BUFFER_TOO_SMALL); return 0; } /* malloc */ if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, ERR_R_EC_LIB); return 0; } if (!(bn_ctx = BN_CTX_new())) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, ERR_R_BN_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, ERR_R_BN_LIB); goto end; } @@ -500,53 +500,53 @@ int SM2_CIPHERTEXT_VALUE_get_ECCCipher(const SM2_CIPHERTEXT_VALUE *cv, x = BN_CTX_get(bn_ctx); y = BN_CTX_get(bn_ctx); if (!x || !y) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, ERR_R_MALLOC_FAILURE); goto end; } - /* SM2_CIPHERTEXT_VALUE ==> ECCCipher */ + /* SM2CiphertextValue ==> ECCCipher */ memset(ref, 0, sizeof(*ref)); /* encode ephem point `ECCCipher->x`, `ECCCipher->y` */ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, cv->ephem_point, x, y, bn_ctx)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, ERR_R_EC_LIB); goto end; } } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, cv->ephem_point, x, y, bn_ctx)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, ERR_R_EC_LIB); goto end; } } /* - * check compatible of SM2_CIPHERTEXT_VALUE with EC_GROUP + * check compatible of SM2CiphertextValue with EC_GROUP * In gmapi we only do simple checks, i.e. length of coordinates. * We assume that more checks, such as x, y in the range of [1, p] * and other semantic checks should be done by the `sm2` module. */ if (BN_num_bits(x) > EC_GROUP_get_degree(group) || BN_num_bits(y) > EC_GROUP_get_degree(group)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, GMAPI_R_INVALID_CIPHERTEXT_POINT); goto end; } if (!BN_bn2bin(x, ref->x + ECCref_MAX_LEN - BN_num_bytes(x))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, ERR_R_BN_LIB); goto end; } if (!BN_bn2bin(y, ref->y + ECCref_MAX_LEN - BN_num_bytes(y))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, ERR_R_BN_LIB); goto end; } /* encode mac `ECCCipher->M[32]` */ if (cv->mactag_size != 32) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, GMAPI_R_INVALID_CIPHERTEXT_MAC); goto end; } @@ -554,7 +554,7 @@ int SM2_CIPHERTEXT_VALUE_get_ECCCipher(const SM2_CIPHERTEXT_VALUE *cv, /* encode ciphertext `ECCCipher->L`, `ECCCipher->C[]` */ if (cv->ciphertext_size <= 0 || cv->ciphertext_size > INT_MAX) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER, GMAPI_R_INVALID_CIPHERTEXT_LENGTH); goto end; } @@ -693,4 +693,3 @@ int ECDSA_SIG_get_ECCSignature(const ECDSA_SIG *sig, ECCSignature *ref) return 1; } - diff --git a/crypto/gmapi/gmapi_sdf_ec.d.tmp b/crypto/gmapi/gmapi_sdf_ec.d.tmp new file mode 100644 index 00000000..a376e832 --- /dev/null +++ b/crypto/gmapi/gmapi_sdf_ec.d.tmp @@ -0,0 +1,15 @@ +crypto/gmapi/gmapi_sdf_ec.o: crypto/gmapi/gmapi_sdf_ec.c \ + include/openssl/ec.h include/openssl/opensslconf.h \ + include/openssl/asn1.h include/openssl/e_os2.h include/openssl/bio.h \ + include/openssl/crypto.h include/openssl/stack.h \ + include/openssl/safestack.h include/openssl/opensslv.h \ + include/openssl/ossl_typ.h include/openssl/symhacks.h \ + include/openssl/bn.h include/openssl/err.h include/openssl/lhash.h \ + include/openssl/sdf.h include/openssl/sgd.h include/openssl/gmapi.h \ + include/openssl/sm2.h include/openssl/evp.h include/openssl/objects.h \ + include/openssl/obj_mac.h include/openssl/kdf2.h include/openssl/kdf.h \ + include/openssl/x509.h include/openssl/buffer.h \ + include/openssl/paillier.h include/openssl/rsa.h include/openssl/dsa.h \ + include/openssl/dh.h include/openssl/sha.h include/openssl/x509_vfy.h \ + include/openssl/pkcs7.h include/openssl/ecies.h include/openssl/sm3.h \ + include/openssl/saf.h include/openssl/skf.h include/openssl/sof.h diff --git a/crypto/gmapi/gmapi_skf_ec.c b/crypto/gmapi/gmapi_skf_ec.c index bc345399..7ca7bacc 100644 --- a/crypto/gmapi/gmapi_skf_ec.c +++ b/crypto/gmapi/gmapi_skf_ec.c @@ -250,27 +250,27 @@ end: return ret; } -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB( +SM2CiphertextValue *SM2CiphertextValue_new_from_ECCCIPHERBLOB( const ECCCIPHERBLOB *blob) { int ok = 0; - SM2_CIPHERTEXT_VALUE *ret = NULL; + SM2CiphertextValue *ret = NULL; EC_GROUP *group = NULL; if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHERBLOB, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHERBLOB, ERR_R_EC_LIB); goto end; } - if (!(ret = SM2_CIPHERTEXT_VALUE_new(group))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHERBLOB, + if (!(ret = SM2CiphertextValue_new(group))) { + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHERBLOB, GMAPI_R_MALLOC_FAILED); goto end; } - if (!SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(ret, blob)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHERBLOB, + if (!SM2CiphertextValue_set_ECCCIPHERBLOB(ret, blob)) { + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHERBLOB, GMAPI_R_INVALID_EC_PUBLIC_KEY); goto end; } @@ -279,14 +279,14 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB( end: if (!ok) { - SM2_CIPHERTEXT_VALUE_free(ret); + SM2CiphertextValue_free(ret); ret = NULL; } EC_GROUP_free(group); return ret; } -int SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(SM2_CIPHERTEXT_VALUE *cv, +int SM2CiphertextValue_set_ECCCIPHERBLOB(SM2CiphertextValue *cv, const ECCCIPHERBLOB *blob) { int ret = 0; @@ -297,45 +297,45 @@ int SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(SM2_CIPHERTEXT_VALUE *cv, int nbytes; if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); return 0; } nbytes = (EC_GROUP_get_degree(group) + 7)/8; if (nbytes > ECC_MAX_XCOORDINATE_BITS_LEN/8) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, GMAPI_R_INVALID_KEY_LENGTH); goto end; } if (!(x = BN_bin2bn(blob->XCoordinate, nbytes, NULL))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); goto end; } if (!(y = BN_bin2bn(blob->YCoordinate, nbytes, NULL))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); goto end; } if (!(bn_ctx = BN_CTX_new())) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); goto end; } if (!cv->ephem_point) { if (!(cv->ephem_point = EC_POINT_new(group))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); goto end; } } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_set_affine_coordinates_GFp(group, cv->ephem_point, x, y, bn_ctx)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); goto end; } } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, cv->ephem_point, x, y, bn_ctx)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); goto end; } } @@ -344,12 +344,12 @@ int SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(SM2_CIPHERTEXT_VALUE *cv, cv->mactag_size = 32; if ((cv->ciphertext_size = blob->CipherLen) <= 0) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, GMAPI_R_INVALID_CIPHERTEXT_LENGTH); goto end; } if (!(cv->ciphertext = OPENSSL_realloc(cv->ciphertext, blob->CipherLen))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB, GMAPI_R_MALLOC_FAILED); goto end; } @@ -365,7 +365,7 @@ end: return ret; } -int SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(const SM2_CIPHERTEXT_VALUE *cv, +int SM2CiphertextValue_get_ECCCIPHERBLOB(const SM2CiphertextValue *cv, ECCCIPHERBLOB *blob) { int ret = 0; @@ -375,7 +375,7 @@ int SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(const SM2_CIPHERTEXT_VALUE *cv, BN_CTX *bn_ctx = NULL; if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); return 0; } @@ -383,45 +383,45 @@ int SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(const SM2_CIPHERTEXT_VALUE *cv, y = BN_new(); bn_ctx = BN_CTX_new(); if (!x || !y || !bn_ctx) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); goto end; } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, cv->ephem_point, x, y, bn_ctx)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); goto end; } } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, cv->ephem_point, x, y, bn_ctx)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); goto end; } } if ((BN_num_bytes(x) > 256/8) || (BN_num_bytes(y) > 256/8)) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, GMAPI_R_INVALID_CIPHERTEXT_POINT); goto end; } if (!BN_bn2bin(x, blob->XCoordinate + 256/8 - BN_num_bytes(x))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); goto end; } if (!BN_bn2bin(y, blob->YCoordinate + 256/8 - BN_num_bytes(y))) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); goto end; } if (cv->mactag_size != 32) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, GMAPI_R_INVALID_CIPHERTEXT_MAC); goto end; } memcpy(blob->HASH, cv->mactag, cv->mactag_size); if (cv->ciphertext_size <= 0) { - GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, + GMAPIerr(GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB, GMAPI_R_INVALID_CIPHERTEXT_LENGTH); goto end; } diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index fd4c2695..3d7d8b06 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -27,6 +27,10 @@ struct evp_pkey_ctx_st { /* implementation specific keygen data */ int *keygen_info; int keygen_info_count; +#ifndef OPENSSL_NO_SM2 + unsigned char *pre_update; + size_t pre_update_len; +#endif } /* EVP_PKEY_CTX */ ; #define EVP_PKEY_FLAG_DYNAMIC 1 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index ffc252b1..2d4b38d0 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7486] = { +static const unsigned char so[7733] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1053,9 +1053,40 @@ static const unsigned char so[7486] = { 0x2B,0x06,0x01,0x04,0x01,0x83,0x83,0x0D,0x01,0x01,0x01, /* [ 7452] OBJ_cpk_sha1_map */ 0x2B,0x06,0x01,0x04,0x01,0x83,0x83,0x0D,0x01,0x01,0x02, /* [ 7463] OBJ_cpk_sha256_map */ 0x2B,0x06,0x01,0x04,0x01,0x83,0x83,0x0D,0x01,0x01,0x03, /* [ 7474] OBJ_cpk_sm3_map */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x01, /* [ 7485] OBJ_sm2encrypt_with_sm3 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x02, /* [ 7496] OBJ_sm2encrypt_with_sha1 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x03, /* [ 7507] OBJ_sm2encrypt_with_sha224 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x04, /* [ 7518] OBJ_sm2encrypt_with_sha256 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x05, /* [ 7529] OBJ_sm2encrypt_with_sha384 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x06, /* [ 7540] OBJ_sm2encrypt_with_sha512 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x07, /* [ 7551] OBJ_sm2encrypt_with_rmd160 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x08, /* [ 7562] OBJ_sm2encrypt_with_whirlpool */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x09, /* [ 7573] OBJ_sm2encrypt_with_blake2b512 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x0A, /* [ 7584] OBJ_sm2encrypt_with_blake2s256 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x03,0x02,0x0B, /* [ 7595] OBJ_sm2encrypt_with_md5 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x84,0x08, /* [ 7606] OBJ_sm2sign_with_whirlpool */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x84,0x09, /* [ 7614] OBJ_sm2sign_with_blake2b512 */ + 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x84,0x0A, /* [ 7622] OBJ_sm2sign_with_blake2s256 */ + 0x2B,0x81,0x04,0x01,0x08,0x01, /* [ 7630] OBJ_ecies_with_x9_63_sha1_xor_hmac */ + 0x2B,0x81,0x04,0x01,0x08,0x02, /* [ 7636] OBJ_ecies_with_x9_63_sha256_xor_hmac */ + 0x2B,0x81,0x04,0x01,0x08,0x03, /* [ 7642] OBJ_ecies_with_x9_63_sha512_xor_hmac */ + 0x2B,0x81,0x04,0x01,0x08,0x04, /* [ 7648] OBJ_ecies_with_x9_63_sha1_aes128_cbc_hmac */ + 0x2B,0x81,0x04,0x01,0x08,0x05, /* [ 7654] OBJ_ecies_with_x9_63_sha256_aes128_cbc_hmac */ + 0x2B,0x81,0x04,0x01,0x08,0x06, /* [ 7660] OBJ_ecies_with_x9_63_sha512_aes256_cbc_hmac */ + 0x2B,0x81,0x04,0x01,0x08,0x07, /* [ 7666] OBJ_ecies_with_x9_63_sha256_aes128_ctr_hmac */ + 0x2B,0x81,0x04,0x01,0x08,0x08, /* [ 7672] OBJ_ecies_with_x9_63_sha512_aes256_ctr_hmac */ + 0x2B,0x81,0x04,0x01,0x08,0x09, /* [ 7678] OBJ_ecies_with_x9_63_sha256_aes128_cbc_hmac_half */ + 0x2B,0x81,0x04,0x01,0x08,0x0A, /* [ 7684] OBJ_ecies_with_x9_63_sha512_aes256_cbc_hmac_half */ + 0x2B,0x81,0x04,0x01,0x08,0x0B, /* [ 7690] OBJ_ecies_with_x9_63_sha256_aes128_ctr_hmac_half */ + 0x2B,0x81,0x04,0x01,0x08,0x0C, /* [ 7696] OBJ_ecies_with_x9_63_sha512_aes256_ctr_hmac_half */ + 0x2B,0x81,0x04,0x01,0x08,0x0D, /* [ 7702] OBJ_ecies_with_x9_63_sha1_aes128_cbc_cmac */ + 0x2B,0x81,0x04,0x01,0x08,0x0E, /* [ 7708] OBJ_ecies_with_x9_63_sha256_aes128_cbc_cmac */ + 0x2B,0x81,0x04,0x01,0x08,0x0F, /* [ 7714] OBJ_ecies_with_x9_63_sha512_aes256_cbc_cmac */ + 0x2B,0x81,0x04,0x01,0x08,0x10, /* [ 7720] OBJ_ecies_with_x9_63_sha256_aes128_ctr_cmac */ + 0x2B,0x81,0x04,0x01,0x08,0x11, /* [ 7726] OBJ_ecies_with_x9_63_sha512_aes256_ctr_cmac */ }; -#define NUM_NID 1155 +#define NUM_NID 1188 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2212,9 +2243,42 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"cpk-sha1-map", "cpk-sha1-map", NID_cpk_sha1_map, 11, &so[7452]}, {"cpk-sha256-map", "cpk-sha256-map", NID_cpk_sha256_map, 11, &so[7463]}, {"cpk-sm3-map", "cpk-sm3-map", NID_cpk_sm3_map, 11, &so[7474]}, + {"sm2encrypt-with-sm3", "sm2encrypt-with-sm3", NID_sm2encrypt_with_sm3, 11, &so[7485]}, + {"sm2encrypt-with-sha1", "sm2encrypt-with-sha1", NID_sm2encrypt_with_sha1, 11, &so[7496]}, + {"sm2encrypt-with-sha224", "sm2encrypt-with-sha224", NID_sm2encrypt_with_sha224, 11, &so[7507]}, + {"sm2encrypt-with-sha256", "sm2encrypt-with-sha256", NID_sm2encrypt_with_sha256, 11, &so[7518]}, + {"sm2encrypt-with-sha384", "sm2encrypt-with-sha384", NID_sm2encrypt_with_sha384, 11, &so[7529]}, + {"sm2encrypt-with-sha512", "sm2encrypt-with-sha512", NID_sm2encrypt_with_sha512, 11, &so[7540]}, + {"sm2encrypt-with-rmd160", "sm2encrypt-with-rmd160", NID_sm2encrypt_with_rmd160, 11, &so[7551]}, + {"sm2encrypt-with-whirlpool", "sm2encrypt-with-whirlpool", NID_sm2encrypt_with_whirlpool, 11, &so[7562]}, + {"sm2encrypt-with-blake2b512", "sm2encrypt-with-blake2b512", NID_sm2encrypt_with_blake2b512, 11, &so[7573]}, + {"sm2encrypt-with-blake2s256", "sm2encrypt-with-blake2s256", NID_sm2encrypt_with_blake2s256, 11, &so[7584]}, + {"sm2encrypt-with-md5", "sm2encrypt-with-md5", NID_sm2encrypt_with_md5, 11, &so[7595]}, + {"SM2Sign-with-Whirlpool", "sm2sign-with-whirlpool", NID_sm2sign_with_whirlpool, 8, &so[7606]}, + {"SM2Sign-with-Blake2b512", "sm2sign-with-blake2b512", NID_sm2sign_with_blake2b512, 8, &so[7614]}, + {"SM2Sign-with-Blake2s256", "sm2sign-with-blake2s256", NID_sm2sign_with_blake2s256, 8, &so[7622]}, + {"ecies-with-x9-63-sha1-xor-hmac", "ecies-with-x9-63-sha1-xor-hmac", NID_ecies_with_x9_63_sha1_xor_hmac, 6, &so[7630]}, + {"ecies-with-x9-63-sha256-xor-hmac", "ecies-with-x9-63-sha256-xor-hmac", NID_ecies_with_x9_63_sha256_xor_hmac, 6, &so[7636]}, + {"ecies-with-x9-63-sha512-xor-hmac", "ecies-with-x9-63-sha512-xor-hmac", NID_ecies_with_x9_63_sha512_xor_hmac, 6, &so[7642]}, + {"ecies-with-x9-63-sha1-aes128-cbc-hmac", "ecies-with-x9-63-sha1-aes128-cbc-hmac", NID_ecies_with_x9_63_sha1_aes128_cbc_hmac, 6, &so[7648]}, + {"ecies-with-x9-63-sha256-aes128-cbc-hmac", "ecies-with-x9-63-sha256-aes128-cbc-hmac", NID_ecies_with_x9_63_sha256_aes128_cbc_hmac, 6, &so[7654]}, + {"ecies-with-x9-63-sha512-aes256-cbc-hmac", "ecies-with-x9-63-sha512-aes256-cbc-hmac", NID_ecies_with_x9_63_sha512_aes256_cbc_hmac, 6, &so[7660]}, + {"ecies-with-x9-63-sha256-aes128-ctr-hmac", "ecies-with-x9-63-sha256-aes128-ctr-hmac", NID_ecies_with_x9_63_sha256_aes128_ctr_hmac, 6, &so[7666]}, + {"ecies-with-x9-63-sha512-aes256-ctr-hmac", "ecies-with-x9-63-sha512-aes256-ctr-hmac", NID_ecies_with_x9_63_sha512_aes256_ctr_hmac, 6, &so[7672]}, + {"ecies-with-x9-63-sha256-aes128-cbc-hmac-half", "ecies-with-x9-63-sha256-aes128-cbc-hmac-half", NID_ecies_with_x9_63_sha256_aes128_cbc_hmac_half, 6, &so[7678]}, + {"ecies-with-x9-63-sha512-aes256-cbc-hmac-half", "ecies-with-x9-63-sha512-aes256-cbc-hmac-half", NID_ecies_with_x9_63_sha512_aes256_cbc_hmac_half, 6, &so[7684]}, + {"ecies-with-x9-63-sha256-aes128-ctr-hmac-half", "ecies-with-x9-63-sha256-aes128-ctr-hmac-half", NID_ecies_with_x9_63_sha256_aes128_ctr_hmac_half, 6, &so[7690]}, + {"ecies-with-x9-63-sha512-aes256-ctr-hmac-half", "ecies-with-x9-63-sha512-aes256-ctr-hmac-half", NID_ecies_with_x9_63_sha512_aes256_ctr_hmac_half, 6, &so[7696]}, + {"ecies-with-x9-63-sha1-aes128-cbc-cmac", "ecies-with-x9-63-sha1-aes128-cbc-cmac", NID_ecies_with_x9_63_sha1_aes128_cbc_cmac, 6, &so[7702]}, + {"ecies-with-x9-63-sha256-aes128-cbc-cmac", "ecies-with-x9-63-sha256-aes128-cbc-cmac", NID_ecies_with_x9_63_sha256_aes128_cbc_cmac, 6, &so[7708]}, + {"ecies-with-x9-63-sha512-aes256-cbc-cmac", "ecies-with-x9-63-sha512-aes256-cbc-cmac", NID_ecies_with_x9_63_sha512_aes256_cbc_cmac, 6, &so[7714]}, + {"ecies-with-x9-63-sha256-aes128-ctr-cmac", "ecies-with-x9-63-sha256-aes128-ctr-cmac", NID_ecies_with_x9_63_sha256_aes128_ctr_cmac, 6, &so[7720]}, + {"ecies-with-x9-63-sha512-aes256-ctr-cmac", "ecies-with-x9-63-sha512-aes256-ctr-cmac", NID_ecies_with_x9_63_sha512_aes256_ctr_cmac, 6, &so[7726]}, + {"KxSM2", "kx-sm2", NID_kx_sm2}, + {"AuthSM2", "auth-sm2", NID_auth_sm2}, }; -#define NUM_SN 1144 +#define NUM_SN 1177 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2256,6 +2320,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1053, /* "AuthNULL" */ 1048, /* "AuthPSK" */ 1046, /* "AuthRSA" */ + 1187, /* "AuthSM2" */ 1052, /* "AuthSRP" */ 91, /* "BF-CBC" */ 93, /* "BF-CFB" */ @@ -2358,6 +2423,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1043, /* "KxPSK" */ 1037, /* "KxRSA" */ 1042, /* "KxRSA_PSK" */ + 1186, /* "KxSM2" */ 1044, /* "KxSRP" */ 15, /* "L" */ 856, /* "LocalKeySet" */ @@ -2443,6 +2509,8 @@ static const unsigned int sn_objs[NUM_SN] = { 1095, /* "SM1-CFB8" */ 1090, /* "SM1-ECB" */ 1092, /* "SM1-OFB" */ + 1167, /* "SM2Sign-with-Blake2b512" */ + 1168, /* "SM2Sign-with-Blake2s256" */ 1134, /* "SM2Sign-with-RMD160" */ 1129, /* "SM2Sign-with-SHA1" */ 1132, /* "SM2Sign-with-SHA224" */ @@ -2450,6 +2518,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1133, /* "SM2Sign-with-SHA384" */ 1131, /* "SM2Sign-with-SHA511" */ 1128, /* "SM2Sign-with-SM3" */ + 1166, /* "SM2Sign-with-Whirlpool" */ 1126, /* "SM3" */ 1115, /* "SM5" */ 1087, /* "SM6-CBC" */ @@ -2644,6 +2713,23 @@ static const unsigned int sn_objs[NUM_SN] = { 792, /* "ecdsa-with-Specified" */ 1063, /* "ecies-recommendedParameters" */ 1064, /* "ecies-specifiedParameters" */ + 1181, /* "ecies-with-x9-63-sha1-aes128-cbc-cmac" */ + 1172, /* "ecies-with-x9-63-sha1-aes128-cbc-hmac" */ + 1169, /* "ecies-with-x9-63-sha1-xor-hmac" */ + 1182, /* "ecies-with-x9-63-sha256-aes128-cbc-cmac" */ + 1173, /* "ecies-with-x9-63-sha256-aes128-cbc-hmac" */ + 1177, /* "ecies-with-x9-63-sha256-aes128-cbc-hmac-half" */ + 1184, /* "ecies-with-x9-63-sha256-aes128-ctr-cmac" */ + 1175, /* "ecies-with-x9-63-sha256-aes128-ctr-hmac" */ + 1179, /* "ecies-with-x9-63-sha256-aes128-ctr-hmac-half" */ + 1170, /* "ecies-with-x9-63-sha256-xor-hmac" */ + 1183, /* "ecies-with-x9-63-sha512-aes256-cbc-cmac" */ + 1174, /* "ecies-with-x9-63-sha512-aes256-cbc-hmac" */ + 1178, /* "ecies-with-x9-63-sha512-aes256-cbc-hmac-half" */ + 1185, /* "ecies-with-x9-63-sha512-aes256-ctr-cmac" */ + 1176, /* "ecies-with-x9-63-sha512-aes256-ctr-hmac" */ + 1180, /* "ecies-with-x9-63-sha512-aes256-ctr-hmac-half" */ + 1171, /* "ecies-with-x9-63-sha512-xor-hmac" */ 48, /* "emailAddress" */ 132, /* "emailProtection" */ 885, /* "enhancedSearchGuide" */ @@ -3294,6 +3380,17 @@ static const unsigned int sn_objs[NUM_SN] = { 1119, /* "sm2encrypt" */ 1120, /* "sm2encrypt-recommendedParameters" */ 1121, /* "sm2encrypt-specifiedParameters" */ + 1163, /* "sm2encrypt-with-blake2b512" */ + 1164, /* "sm2encrypt-with-blake2s256" */ + 1165, /* "sm2encrypt-with-md5" */ + 1161, /* "sm2encrypt-with-rmd160" */ + 1156, /* "sm2encrypt-with-sha1" */ + 1157, /* "sm2encrypt-with-sha224" */ + 1158, /* "sm2encrypt-with-sha256" */ + 1159, /* "sm2encrypt-with-sha384" */ + 1160, /* "sm2encrypt-with-sha512" */ + 1155, /* "sm2encrypt-with-sm3" */ + 1162, /* "sm2encrypt-with-whirlpool" */ 1149, /* "sm2exchange" */ 1116, /* "sm2p256v1" */ 1117, /* "sm2sign" */ @@ -3362,7 +3459,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1069, /* "xor-in-ecies" */ }; -#define NUM_LN 1144 +#define NUM_LN 1177 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3600,6 +3697,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1053, /* "auth-null" */ 1048, /* "auth-psk" */ 1046, /* "auth-rsa" */ + 1187, /* "auth-sm2" */ 1052, /* "auth-srp" */ 882, /* "authorityRevocationList" */ 1138, /* "bb1" */ @@ -3783,6 +3881,23 @@ static const unsigned int ln_objs[NUM_LN] = { 792, /* "ecdsa-with-Specified" */ 1063, /* "ecies-recommendedParameters" */ 1064, /* "ecies-specifiedParameters" */ + 1181, /* "ecies-with-x9-63-sha1-aes128-cbc-cmac" */ + 1172, /* "ecies-with-x9-63-sha1-aes128-cbc-hmac" */ + 1169, /* "ecies-with-x9-63-sha1-xor-hmac" */ + 1182, /* "ecies-with-x9-63-sha256-aes128-cbc-cmac" */ + 1173, /* "ecies-with-x9-63-sha256-aes128-cbc-hmac" */ + 1177, /* "ecies-with-x9-63-sha256-aes128-cbc-hmac-half" */ + 1184, /* "ecies-with-x9-63-sha256-aes128-ctr-cmac" */ + 1175, /* "ecies-with-x9-63-sha256-aes128-ctr-hmac" */ + 1179, /* "ecies-with-x9-63-sha256-aes128-ctr-hmac-half" */ + 1170, /* "ecies-with-x9-63-sha256-xor-hmac" */ + 1183, /* "ecies-with-x9-63-sha512-aes256-cbc-cmac" */ + 1174, /* "ecies-with-x9-63-sha512-aes256-cbc-hmac" */ + 1178, /* "ecies-with-x9-63-sha512-aes256-cbc-hmac-half" */ + 1185, /* "ecies-with-x9-63-sha512-aes256-ctr-cmac" */ + 1176, /* "ecies-with-x9-63-sha512-aes256-ctr-hmac" */ + 1180, /* "ecies-with-x9-63-sha512-aes256-ctr-hmac-half" */ + 1171, /* "ecies-with-x9-63-sha512-xor-hmac" */ 48, /* "emailAddress" */ 632, /* "encrypted track 2" */ 885, /* "enhancedSearchGuide" */ @@ -4092,6 +4207,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1043, /* "kx-psk" */ 1037, /* "kx-rsa" */ 1042, /* "kx-rsa-psk" */ + 1186, /* "kx-sm2" */ 1044, /* "kx-srp" */ 477, /* "lastModifiedBy" */ 476, /* "lastModifiedTime" */ @@ -4413,9 +4529,22 @@ static const unsigned int ln_objs[NUM_LN] = { 1119, /* "sm2encrypt" */ 1120, /* "sm2encrypt-recommendedParameters" */ 1121, /* "sm2encrypt-specifiedParameters" */ + 1163, /* "sm2encrypt-with-blake2b512" */ + 1164, /* "sm2encrypt-with-blake2s256" */ + 1165, /* "sm2encrypt-with-md5" */ + 1161, /* "sm2encrypt-with-rmd160" */ + 1156, /* "sm2encrypt-with-sha1" */ + 1157, /* "sm2encrypt-with-sha224" */ + 1158, /* "sm2encrypt-with-sha256" */ + 1159, /* "sm2encrypt-with-sha384" */ + 1160, /* "sm2encrypt-with-sha512" */ + 1155, /* "sm2encrypt-with-sm3" */ + 1162, /* "sm2encrypt-with-whirlpool" */ 1149, /* "sm2exchange" */ 1116, /* "sm2p256v1" */ 1117, /* "sm2sign" */ + 1167, /* "sm2sign-with-blake2b512" */ + 1168, /* "sm2sign-with-blake2s256" */ 1134, /* "sm2sign-with-rmd160" */ 1129, /* "sm2sign-with-sha1" */ 1132, /* "sm2sign-with-sha224" */ @@ -4423,6 +4552,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1133, /* "sm2sign-with-sha384" */ 1131, /* "sm2sign-with-sha512" */ 1128, /* "sm2sign-with-sm3" */ + 1166, /* "sm2sign-with-whirlpool" */ 1126, /* "sm3" */ 1115, /* "sm5" */ 1087, /* "sm6-cbc" */ @@ -4510,7 +4640,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1136, /* "zuc" */ }; -#define NUM_OBJ 1048 +#define NUM_OBJ 1079 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -4858,6 +4988,23 @@ static const unsigned int obj_objs[NUM_OBJ] = { 505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ 506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ 119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ + 1169, /* OBJ_ecies_with_x9_63_sha1_xor_hmac 1 3 132 1 8 1 */ + 1170, /* OBJ_ecies_with_x9_63_sha256_xor_hmac 1 3 132 1 8 2 */ + 1171, /* OBJ_ecies_with_x9_63_sha512_xor_hmac 1 3 132 1 8 3 */ + 1172, /* OBJ_ecies_with_x9_63_sha1_aes128_cbc_hmac 1 3 132 1 8 4 */ + 1173, /* OBJ_ecies_with_x9_63_sha256_aes128_cbc_hmac 1 3 132 1 8 5 */ + 1174, /* OBJ_ecies_with_x9_63_sha512_aes256_cbc_hmac 1 3 132 1 8 6 */ + 1175, /* OBJ_ecies_with_x9_63_sha256_aes128_ctr_hmac 1 3 132 1 8 7 */ + 1176, /* OBJ_ecies_with_x9_63_sha512_aes256_ctr_hmac 1 3 132 1 8 8 */ + 1177, /* OBJ_ecies_with_x9_63_sha256_aes128_cbc_hmac_half 1 3 132 1 8 9 */ + 1178, /* OBJ_ecies_with_x9_63_sha512_aes256_cbc_hmac_half 1 3 132 1 8 10 */ + 1179, /* OBJ_ecies_with_x9_63_sha256_aes128_ctr_hmac_half 1 3 132 1 8 11 */ + 1180, /* OBJ_ecies_with_x9_63_sha512_aes256_ctr_hmac_half 1 3 132 1 8 12 */ + 1181, /* OBJ_ecies_with_x9_63_sha1_aes128_cbc_cmac 1 3 132 1 8 13 */ + 1182, /* OBJ_ecies_with_x9_63_sha256_aes128_cbc_cmac 1 3 132 1 8 14 */ + 1183, /* OBJ_ecies_with_x9_63_sha512_aes256_cbc_cmac 1 3 132 1 8 15 */ + 1184, /* OBJ_ecies_with_x9_63_sha256_aes128_ctr_cmac 1 3 132 1 8 16 */ + 1185, /* OBJ_ecies_with_x9_63_sha512_aes256_ctr_cmac 1 3 132 1 8 17 */ 937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ 938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ 939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ @@ -5019,6 +5166,9 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1132, /* OBJ_sm2sign_with_sha224 1 2 156 10197 1 505 */ 1133, /* OBJ_sm2sign_with_sha384 1 2 156 10197 1 506 */ 1134, /* OBJ_sm2sign_with_rmd160 1 2 156 10197 1 507 */ + 1166, /* OBJ_sm2sign_with_whirlpool 1 2 156 10197 1 520 */ + 1167, /* OBJ_sm2sign_with_blake2b512 1 2 156 10197 1 521 */ + 1168, /* OBJ_sm2sign_with_blake2s256 1 2 156 10197 1 522 */ 1136, /* OBJ_zuc 1 2 156 10197 1 800 */ 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ @@ -5471,6 +5621,17 @@ static const unsigned int obj_objs[NUM_OBJ] = { 952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ 953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ 954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ + 1155, /* OBJ_sm2encrypt_with_sm3 1 2 156 10197 1 301 3 2 1 */ + 1156, /* OBJ_sm2encrypt_with_sha1 1 2 156 10197 1 301 3 2 2 */ + 1157, /* OBJ_sm2encrypt_with_sha224 1 2 156 10197 1 301 3 2 3 */ + 1158, /* OBJ_sm2encrypt_with_sha256 1 2 156 10197 1 301 3 2 4 */ + 1159, /* OBJ_sm2encrypt_with_sha384 1 2 156 10197 1 301 3 2 5 */ + 1160, /* OBJ_sm2encrypt_with_sha512 1 2 156 10197 1 301 3 2 6 */ + 1161, /* OBJ_sm2encrypt_with_rmd160 1 2 156 10197 1 301 3 2 7 */ + 1162, /* OBJ_sm2encrypt_with_whirlpool 1 2 156 10197 1 301 3 2 8 */ + 1163, /* OBJ_sm2encrypt_with_blake2b512 1 2 156 10197 1 301 3 2 9 */ + 1164, /* OBJ_sm2encrypt_with_blake2s256 1 2 156 10197 1 301 3 2 10 */ + 1165, /* OBJ_sm2encrypt_with_md5 1 2 156 10197 1 301 3 2 11 */ 751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ 752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ 753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 5f7d7f0f..21c49ad9 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1152,3 +1152,36 @@ cpk_map 1151 cpk_sha1_map 1152 cpk_sha256_map 1153 cpk_sm3_map 1154 +sm2encrypt_with_sm3 1155 +sm2encrypt_with_sha1 1156 +sm2encrypt_with_sha224 1157 +sm2encrypt_with_sha256 1158 +sm2encrypt_with_sha384 1159 +sm2encrypt_with_sha512 1160 +sm2encrypt_with_rmd160 1161 +sm2encrypt_with_whirlpool 1162 +sm2encrypt_with_blake2b512 1163 +sm2encrypt_with_blake2s256 1164 +sm2encrypt_with_md5 1165 +sm2sign_with_whirlpool 1166 +sm2sign_with_blake2b512 1167 +sm2sign_with_blake2s256 1168 +ecies_with_x9_63_sha1_xor_hmac 1169 +ecies_with_x9_63_sha256_xor_hmac 1170 +ecies_with_x9_63_sha512_xor_hmac 1171 +ecies_with_x9_63_sha1_aes128_cbc_hmac 1172 +ecies_with_x9_63_sha256_aes128_cbc_hmac 1173 +ecies_with_x9_63_sha512_aes256_cbc_hmac 1174 +ecies_with_x9_63_sha256_aes128_ctr_hmac 1175 +ecies_with_x9_63_sha512_aes256_ctr_hmac 1176 +ecies_with_x9_63_sha256_aes128_cbc_hmac_half 1177 +ecies_with_x9_63_sha512_aes256_cbc_hmac_half 1178 +ecies_with_x9_63_sha256_aes128_ctr_hmac_half 1179 +ecies_with_x9_63_sha512_aes256_ctr_hmac_half 1180 +ecies_with_x9_63_sha1_aes128_cbc_cmac 1181 +ecies_with_x9_63_sha256_aes128_cbc_cmac 1182 +ecies_with_x9_63_sha512_aes256_cbc_cmac 1183 +ecies_with_x9_63_sha256_aes128_ctr_cmac 1184 +ecies_with_x9_63_sha512_aes256_ctr_cmac 1185 +kx_sm2 1186 +auth_sm2 1187 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index d96bd2c7..d79555e0 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1476,6 +1476,7 @@ id-pkinit 5 : pkInitKDC : Signing KDC Response : KxPSK : kx-psk : KxSRP : kx-srp : KxGOST : kx-gost + : KxSM2 : kx-sm2 # NIDs for cipher authentication : AuthRSA : auth-rsa @@ -1486,6 +1487,7 @@ id-pkinit 5 : pkInitKDC : Signing KDC Response : AuthGOST12 : auth-gost12 : AuthSRP : auth-srp : AuthNULL : auth-null + : AuthSM2 : auth-sm2 # GmSSL SECG ECIES OID secg-scheme 7 : ecies-recommendedParameters @@ -1508,6 +1510,26 @@ secg-scheme 24 0 : cmac-aes128-ecies secg-scheme 24 1 : cmac-aes192-ecies secg-scheme 24 2 : cmac-aes256-ecies + +ecies-specifiedParameters 1 : ecies-with-x9-63-sha1-xor-hmac +ecies-specifiedParameters 2 : ecies-with-x9-63-sha256-xor-hmac +ecies-specifiedParameters 3 : ecies-with-x9-63-sha512-xor-hmac +ecies-specifiedParameters 4 : ecies-with-x9-63-sha1-aes128-cbc-hmac +ecies-specifiedParameters 5 : ecies-with-x9-63-sha256-aes128-cbc-hmac +ecies-specifiedParameters 6 : ecies-with-x9-63-sha512-aes256-cbc-hmac +ecies-specifiedParameters 7 : ecies-with-x9-63-sha256-aes128-ctr-hmac +ecies-specifiedParameters 8 : ecies-with-x9-63-sha512-aes256-ctr-hmac +ecies-specifiedParameters 9 : ecies-with-x9-63-sha256-aes128-cbc-hmac-half +ecies-specifiedParameters 10 : ecies-with-x9-63-sha512-aes256-cbc-hmac-half +ecies-specifiedParameters 11 : ecies-with-x9-63-sha256-aes128-ctr-hmac-half +ecies-specifiedParameters 12 : ecies-with-x9-63-sha512-aes256-ctr-hmac-half +ecies-specifiedParameters 13 : ecies-with-x9-63-sha1-aes128-cbc-cmac +ecies-specifiedParameters 14 : ecies-with-x9-63-sha256-aes128-cbc-cmac +ecies-specifiedParameters 15 : ecies-with-x9-63-sha512-aes256-cbc-cmac +ecies-specifiedParameters 16 : ecies-with-x9-63-sha256-aes128-ctr-cmac +ecies-specifiedParameters 17 : ecies-with-x9-63-sha512-aes256-ctr-cmac + + # GmSSL SM OID member-body 156 : ISO-CN : ISO CN Member Body ISO-CN 10197 : oscca @@ -1564,8 +1586,21 @@ sm-scheme 301 : sm2p256v1 sm-scheme 301 1 : sm2sign sm-scheme 301 2 : sm2exchange sm-scheme 301 3 : sm2encrypt +sm-scheme 301 101 : wapip192v1 + sm2encrypt 1 : sm2encrypt-recommendedParameters sm2encrypt 2 : sm2encrypt-specifiedParameters +sm2encrypt 2 1 : sm2encrypt-with-sm3 +sm2encrypt 2 2 : sm2encrypt-with-sha1 +sm2encrypt 2 3 : sm2encrypt-with-sha224 +sm2encrypt 2 4 : sm2encrypt-with-sha256 +sm2encrypt 2 5 : sm2encrypt-with-sha384 +sm2encrypt 2 6 : sm2encrypt-with-sha512 +sm2encrypt 2 7 : sm2encrypt-with-rmd160 +sm2encrypt 2 8 : sm2encrypt-with-whirlpool +sm2encrypt 2 9 : sm2encrypt-with-blake2b512 +sm2encrypt 2 10 : sm2encrypt-with-blake2s256 +sm2encrypt 2 11 : sm2encrypt-with-md5 sm-scheme 302 : id-sm9PublicKey sm-scheme 302 1 : sm9sign @@ -1574,6 +1609,7 @@ sm-scheme 302 3 : sm9encrypt sm-scheme 401 : SM3 : sm3 sm-scheme 401 2 : HMAC-SM3 : hmac-sm3 + sm-scheme 501 : SM2Sign-with-SM3 : sm2sign-with-sm3 sm-scheme 502 : SM2Sign-with-SHA1 : sm2sign-with-sha1 sm-scheme 503 : SM2Sign-with-SHA256 : sm2sign-with-sha256 @@ -1581,8 +1617,10 @@ sm-scheme 504 : SM2Sign-with-SHA511 : sm2sign-with-sha512 sm-scheme 505 : SM2Sign-with-SHA224 : sm2sign-with-sha224 sm-scheme 506 : SM2Sign-with-SHA384 : sm2sign-with-sha384 sm-scheme 507 : SM2Sign-with-RMD160 : sm2sign-with-rmd160 +sm-scheme 520 : SM2Sign-with-Whirlpool : sm2sign-with-whirlpool +sm-scheme 521 : SM2Sign-with-Blake2b512 : sm2sign-with-blake2b512 +sm-scheme 522 : SM2Sign-with-Blake2s256 : sm2sign-with-blake2s256 -sm-scheme 301 101 : wapip192v1 # GmSSL ZUC OID sm-scheme 800 : ZUC : zuc diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info index 0aaa629d..88d697ca 100644 --- a/crypto/sm2/build.info +++ b/crypto/sm2/build.info @@ -1,3 +1,3 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=sm2_asn1.c sm2_id.c sm2_sign.c sm2_enc.c sm2_kap.c \ - sm2_kmeth.c +SOURCE[../../libcrypto]=sm2_err.c sm2_asn1.c sm2_id.c sm2_sign.c sm2_enc.c \ + sm2_exch.c sm2_kmeth.c diff --git a/crypto/sm2/sm2_asn1.c b/crypto/sm2/sm2_asn1.c index 3192c7ac..68392903 100644 --- a/crypto/sm2/sm2_asn1.c +++ b/crypto/sm2/sm2_asn1.c @@ -55,147 +55,14 @@ #include #include #include +#include "sm2_lcl.h" -typedef struct SM2CiphertextValue_st { - ASN1_INTEGER *xCoordinate; - ASN1_INTEGER *yCoordinate; - ASN1_OCTET_STRING *hash; - ASN1_OCTET_STRING *ciphertext; -} SM2CiphertextValue; - ASN1_SEQUENCE(SM2CiphertextValue) = { - ASN1_SIMPLE(SM2CiphertextValue, xCoordinate, ASN1_INTEGER), - ASN1_SIMPLE(SM2CiphertextValue, yCoordinate, ASN1_INTEGER), + ASN1_SIMPLE(SM2CiphertextValue, xCoordinate, BIGNUM), + ASN1_SIMPLE(SM2CiphertextValue, yCoordinate, BIGNUM), ASN1_SIMPLE(SM2CiphertextValue, hash, ASN1_OCTET_STRING), ASN1_SIMPLE(SM2CiphertextValue, ciphertext, ASN1_OCTET_STRING), } ASN1_SEQUENCE_END(SM2CiphertextValue) IMPLEMENT_ASN1_FUNCTIONS(SM2CiphertextValue) IMPLEMENT_ASN1_DUP_FUNCTION(SM2CiphertextValue) - - -int i2d_SM2_CIPHERTEXT_VALUE(const EC_GROUP *group, const SM2_CIPHERTEXT_VALUE *c, - unsigned char **out) -{ - int ret = 0; - SM2CiphertextValue *asn1 = NULL; - BIGNUM *x = NULL; - BIGNUM *y = NULL; - BN_CTX *bn_ctx = NULL; - - asn1 = SM2CiphertextValue_new(); - x = BN_new(); - y = BN_new(); - bn_ctx = BN_CTX_new(); - if (!asn1 || !x || !y || !bn_ctx) { - ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_MALLOC_FAILURE); - goto end; - } - - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, c->ephem_point, x, y, bn_ctx)) { - ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_EC_LIB); - goto end; - } - } else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, c->ephem_point, x, y, bn_ctx)) { - ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_EC_LIB); - goto end; - } - } - - if (!BN_to_ASN1_INTEGER(x, asn1->xCoordinate)) { - ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_BN_LIB); - goto end; - } - if (!BN_to_ASN1_INTEGER(y, asn1->yCoordinate)) { - ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_BN_LIB); - goto end; - } - if (!ASN1_OCTET_STRING_set(asn1->hash, c->mactag, c->mactag_size)) { - ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_ASN1_LIB); - goto end; - } - if (!ASN1_OCTET_STRING_set(asn1->ciphertext, c->ciphertext, c->ciphertext_size)) { - ECerr(EC_F_I2D_SM2_CIPHERTEXT_VALUE, ERR_R_ASN1_LIB); - goto end; - } - - ret = 1; -end: - SM2CiphertextValue_free(asn1); - BN_free(x); - BN_free(y); - BN_CTX_free(bn_ctx); - return ret; -} - -SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(const EC_GROUP *group, - SM2_CIPHERTEXT_VALUE **c, const unsigned char **in, long len) -{ - int e = 1; - SM2_CIPHERTEXT_VALUE *ret = NULL; - SM2CiphertextValue *asn1 = NULL; - BIGNUM *x = NULL; - BIGNUM *y = NULL; - BN_CTX *bn_ctx = NULL; - - if (!(asn1 = d2i_SM2CiphertextValue(NULL, in, len))) { - ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_MALLOC_FAILURE); - goto end; - } - if (!(x = ASN1_INTEGER_to_BN(asn1->xCoordinate, NULL))) { - ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_BN_LIB); - goto end; - } - if (!(y = ASN1_INTEGER_to_BN(asn1->yCoordinate, NULL))) { - ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_BN_LIB); - goto end; - } - - ret = SM2_CIPHERTEXT_VALUE_new(group); - bn_ctx = BN_CTX_new(); - if (!ret || !bn_ctx) { - ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_MALLOC_FAILURE); - goto end; - } - - /* (x, y) */ - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_set_affine_coordinates_GFp(group, ret->ephem_point, x, y, bn_ctx)) { - ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_EC_LIB); - goto end; - } - } else { - if (!EC_POINT_set_affine_coordinates_GF2m(group, ret->ephem_point, x, y, bn_ctx)) { - ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_EC_LIB); - goto end; - } - } - - /* hash */ - ret->mactag_size = asn1->hash->length; - memcpy(ret->mactag, asn1->hash->data, asn1->hash->length); - - /* ciphertext */ - ret->ciphertext_size = asn1->ciphertext->length; - if (!(ret->ciphertext = OPENSSL_malloc(ret->ciphertext_size))) { - ECerr(EC_F_D2I_SM2_CIPHERTEXT_VALUE, ERR_R_MALLOC_FAILURE); - goto end; - } - memcpy(ret->ciphertext, asn1->ciphertext->data, asn1->ciphertext->length); - - e = 0; - -end: - SM2CiphertextValue_free(asn1); - BN_free(x); - BN_free(y); - BN_CTX_free(bn_ctx); - if (e && ret) { - SM2_CIPHERTEXT_VALUE_free(ret); - ret = NULL; - } - return ret; -} - diff --git a/crypto/sm2/sm2_enc.c b/crypto/sm2/sm2_enc.c index 0c74c830..30a73694 100644 --- a/crypto/sm2/sm2_enc.c +++ b/crypto/sm2/sm2_enc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -46,551 +46,280 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ - #include #include #include -#include #include #include #include #include #include "internal/o_str.h" +#include "sm2_lcl.h" -SM2_ENC_PARAMS *SM2_ENC_PARAMS_new(void) +SM2CiphertextValue *SM2_do_encrypt(const EVP_MD *md, + const unsigned char *in, size_t inlen, EC_KEY *ec_key) { - SM2_ENC_PARAMS *ret = NULL; - - if (!(ret = OPENSSL_zalloc(sizeof(*ret)))) { - ECerr(EC_F_SM2_ENC_PARAMS_NEW, ERR_R_MALLOC_FAILURE); - return NULL; - } - - SM2_ENC_PARAMS_init_with_recommended(ret); - return ret; -} - -SM2_ENC_PARAMS *SM2_ENC_PARAMS_dup(const SM2_ENC_PARAMS *param) -{ - SM2_ENC_PARAMS *ret = NULL; - - if (!param) { - ECerr(EC_F_SM2_ENC_PARAMS_DUP, EC_R_NULL_ARGUMENT); - return NULL; - } - if (!(ret = OPENSSL_memdup(param, sizeof(*param)))) { - ECerr(EC_F_SM2_ENC_PARAMS_DUP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - return ret; -} - -int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *params) -{ - if (!params) { - ECerr(EC_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED, - EC_R_NULL_ARGUMENT); - return 0; - } - params->kdf_md = EVP_sm3(); - params->mac_md = EVP_sm3(); - params->point_form = POINT_CONVERSION_UNCOMPRESSED; - return 1; -} - -void SM2_ENC_PARAMS_free(SM2_ENC_PARAMS *param) -{ - OPENSSL_free(param); -} - -int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *group, - const SM2_ENC_PARAMS *params, size_t mlen) -{ - int ret = 0; - EC_KEY *ec_key = NULL; - size_t len = 0; - - if (!(ec_key = EC_KEY_new())) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB); - goto end; - } - if (!EC_KEY_set_group(ec_key, group)) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB); - goto end; - } - if (!EC_KEY_generate_key(ec_key)) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB); - goto end; - } - - len += EC_POINT_point2oct(group, EC_KEY_get0_public_key(ec_key), - params->point_form, NULL, 0, NULL); - len += mlen; - len += EVP_MD_size(params->mac_md); - - ret = (int)len; - -end: - EC_KEY_free(ec_key); - return ret; -} - -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new(const EC_GROUP *group) -{ - SM2_CIPHERTEXT_VALUE *cv; - - if (!(cv = OPENSSL_malloc(sizeof(*cv)))) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_NEW, EC_R_MALLOC_FAILED); - return NULL; - } - - memset(cv, 0, sizeof(*cv)); - - if (!(cv->ephem_point = EC_POINT_new(group))) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_NEW, EC_R_POINT_NEW_FAILED); - OPENSSL_free(cv); - return NULL; - } - - return cv; -} - -void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv) -{ - if (cv->ephem_point) EC_POINT_free(cv->ephem_point); - if (cv->ciphertext) OPENSSL_free(cv->ciphertext); - memset(cv, 0, sizeof(*cv)); - OPENSSL_free(cv); -} - -int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, - const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params, - unsigned char *buf, size_t *buflen) -{ - int ret = 0; - BN_CTX *bn_ctx = BN_CTX_new(); - size_t ptlen, cvlen; - - OPENSSL_assert(cv); - OPENSSL_assert(ec_group); - OPENSSL_assert(buf); - OPENSSL_assert(cv->ephem_point); - - if (!bn_ctx) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE, ERR_R_BN_LIB); - return 0; - } - - if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point, - params->point_form, NULL, 0, bn_ctx))) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE, EC_R_POINT2OCT_FAILED); - goto end; - } - cvlen = ptlen + cv->ciphertext_size + cv->mactag_size; - - if (!buf) { - *buflen = cvlen; - ret = 1; - goto end; - - } else if (*buflen < cvlen) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE, EC_R_BUFFER_TOO_SMALL); - goto end; - } - - if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point, - params->point_form, buf, *buflen, bn_ctx))) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_ENCODE, EC_R_POINT2OCT_FAILED); - goto end; - } - buf += ptlen; - memcpy(buf, cv->ciphertext, cv->ciphertext_size); - buf += cv->ciphertext_size; - if (cv->mactag_size > 0) { - memcpy(buf, cv->mactag, cv->mactag_size); - } - - *buflen = cvlen; - ret = 1; -end: - if (bn_ctx) BN_CTX_free(bn_ctx); - return ret; -} - -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode( - const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params, - const unsigned char *buf, size_t buflen) -{ - int ok = 0; - SM2_CIPHERTEXT_VALUE *ret = NULL; - BN_CTX *bn_ctx = BN_CTX_new(); - int ptlen; - int fixlen; - - if (!bn_ctx) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, ERR_R_BN_LIB); - return NULL; - } - - if (!(fixlen = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_GET_CIPHERTEXT_SIZE_FAILED); - goto end; - } - - if (buflen <= (size_t)fixlen) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_BUFFER_TOO_SMALL); - goto end; - } - - if (!(ret = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_MALLOC_FAILED); - goto end; - } - - ret->ephem_point = EC_POINT_new(ec_group); - ret->ciphertext_size = buflen - fixlen; - ret->ciphertext = OPENSSL_malloc(ret->ciphertext_size); - if (!ret->ephem_point || !ret->ciphertext) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_INNOR_ERROR); - goto end; - } - -#if 0 - //FIXME - ptlen = fixlen - SM2_ENC_PARAMS_mactag_size(params); -#endif - ptlen = (int)fixlen; //FIXME - if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, ptlen, bn_ctx)) { - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_DECODE, EC_R_OCT2POINT_FAILED); - goto end; - } - - memcpy(ret->ciphertext, buf + ptlen, ret->ciphertext_size); - //FIXME - //ret->mactag_size = SM2_ENC_PARAMS_mactag_size(params); - if (ret->mactag_size > 0) { - memcpy(ret->mactag, buf + buflen - ret->mactag_size, ret->mactag_size); - } - ok = 1; - -end: - if (!ok && ret) { - SM2_CIPHERTEXT_VALUE_free(ret); - ret = NULL; - } - if (bn_ctx) BN_CTX_free(bn_ctx); - - return ret; -} - -int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group, - const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags) -{ - int ret = 0; - char *hex = NULL; - BN_CTX *ctx = BN_CTX_new(); - size_t i; - - if (!ctx) { - goto end; - } - - if (!(hex = EC_POINT_point2hex(ec_group, cv->ephem_point, - POINT_CONVERSION_UNCOMPRESSED, ctx))) { - goto end; - } - - BIO_printf(out, "SM2_CIPHERTEXT_VALUE.ephem_point: %s\n", hex); - BIO_printf(out, "SM2_CIPHERTEXT_VALUE.ciphertext : "); - for (i = 0; i < cv->ciphertext_size; i++) { - BIO_printf(out, "%02X", cv->ciphertext[i]); - } - BIO_printf(out, "\n"); - BIO_printf(out, "SM2_CIPHERTEXT_VALUE.mactag :"); - for (i = 0; i < cv->mactag_size; i++) { - BIO_printf(out, "%02X", cv->mactag[i]); - } - BIO_printf(out, "\n"); - - ret = 1; - -end: - OPENSSL_free(hex); - BN_CTX_free(ctx); - return 0; -} - -int SM2_encrypt(const SM2_ENC_PARAMS *params, - const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, - EC_KEY *ec_key) -{ - int ret = 0; - const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); - SM2_CIPHERTEXT_VALUE *cv = NULL; - int len; - - if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params, inlen))) { - ECerr(EC_F_SM2_ENCRYPT, EC_R_ERROR); - goto end; - } - - if (!out) { - *outlen = (size_t)len; - return 1; - - } else if (*outlen < (size_t)len) { - ECerr(EC_F_SM2_ENCRYPT, EC_R_BUFFER_TOO_SMALL); - return 0; - } - - if (!(cv = SM2_do_encrypt(params, in, inlen, ec_key))) { - ECerr(EC_F_SM2_ENCRYPT, EC_R_ENCRYPT_FAILED); - goto end; - } - - if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, params, out, outlen)) { - ECerr(EC_F_SM2_ENCRYPT, EC_R_CIPHERTEXT_ENCODE_FAILED); - goto end; - } - - ret = 1; -end: - if (cv) SM2_CIPHERTEXT_VALUE_free(cv); - return ret; -} - -SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params, - const unsigned char *in, size_t inlen, - EC_KEY *ec_key) -{ - int ok = 0; - SM2_CIPHERTEXT_VALUE *cv = NULL; - const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); - const EC_POINT *pub_key = EC_KEY_get0_public_key(ec_key); - KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md); - EC_POINT *point = NULL; + SM2CiphertextValue *ret = NULL; + SM2CiphertextValue *cv = NULL; + const EC_GROUP *group; + const EC_POINT *pub_key; + KDF_FUNC kdf; + EC_POINT *ephem_point = NULL; + EC_POINT *share_point = NULL; BIGNUM *n = NULL; BIGNUM *h = NULL; BIGNUM *k = NULL; BN_CTX *bn_ctx = NULL; EVP_MD_CTX *md_ctx = NULL; + unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1]; int nbytes; - unsigned char dgst[EVP_MAX_MD_SIZE]; - unsigned int dgstlen; - int mactag_size; size_t len; size_t i; + unsigned int hashlen; - if (!ec_group || !pub_key) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_INVALID_EC_KEY); - goto end; + /* check arguments */ + if (!md || !in || !ec_key) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_PASSED_NULL_PARAMETER); + return 0; } - if (!kdf) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_GET_KDF_FAILED); + + if (inlen < SM2_MIN_PLAINTEXT_LENGTH || inlen > SM2_MAX_PLAINTEXT_LENGTH) { + SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_INVALID_PLAINTEXT_LENGTH); + return 0; + } + + if (!(kdf = KDF_get_x9_63(md))) { + SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_INVALID_DIGEST_ALGOR); + return 0; + } + + if (!(group = EC_KEY_get0_group(ec_key)) + || !(pub_key = EC_KEY_get0_public_key(ec_key))) { + SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_INVALID_EC_KEY); + return 0; + } + + /* malloc */ + if (!(cv = SM2CiphertextValue_new()) + || !(ephem_point = EC_POINT_new(group)) + || !(share_point = EC_POINT_new(group)) + || !(n = BN_new()) + || !(h = BN_new()) + || !(k = BN_new()) + || !(bn_ctx = BN_CTX_new()) + || !(md_ctx = EVP_MD_CTX_new())) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); goto end; } - /* init ciphertext_value */ - if (!(cv = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_MALLOC_FAILED); - goto end; - } - memset(cv, 0, sizeof(*cv)); - cv->ephem_point = EC_POINT_new(ec_group); - cv->ciphertext = OPENSSL_malloc(inlen); - cv->ciphertext_size = inlen; - if (!cv->ephem_point || !cv->ciphertext) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - - point = EC_POINT_new(ec_group); - n = BN_new(); - h = BN_new(); - k = BN_new(); - bn_ctx = BN_CTX_new(); - md_ctx = EVP_MD_CTX_create(); - if (!point || !n || !h || !k || !bn_ctx || !md_ctx) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); + if (!ASN1_OCTET_STRING_set(cv->ciphertext, NULL, (int)inlen) + || !ASN1_OCTET_STRING_set(cv->hash, NULL, EVP_MD_size(md))) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_ASN1_LIB); goto end; } /* init ec domain parameters */ - if (!EC_GROUP_get_order(ec_group, n, bn_ctx)) { + if (!EC_GROUP_get_order(group, n, bn_ctx)) { ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); goto end; } - if (!EC_GROUP_get_cofactor(ec_group, h, bn_ctx)) { + + if (!EC_GROUP_get_cofactor(group, h, bn_ctx)) { ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); goto end; } - nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; + + nbytes = (EC_GROUP_get_degree(group) + 7) / 8; + + /* check [h]P_B != O */ + if (!EC_POINT_mul(group, share_point, NULL, pub_key, h, bn_ctx)) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_EC_LIB); + goto end; + } + + if (EC_POINT_is_at_infinity(group, share_point)) { + SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_INVALID_PUBLIC_KEY); + goto end; + } do { - /* A1: rand k in [1, n-1] */ + size_t size; + + /* rand k in [1, n-1] */ do { BN_rand_range(k, n); } while (BN_is_zero(k)); - - /* A2: C1 = [k]G = (x1, y1) */ - if (!EC_POINT_mul(ec_group, cv->ephem_point, k, NULL, NULL, bn_ctx)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); + /* compute ephem_point [k]G = (x1, y1) */ + if (!EC_POINT_mul(group, ephem_point, k, NULL, NULL, bn_ctx)) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_EC_LIB); goto end; } - /* A3: check [h]P_B != O */ - if (!EC_POINT_mul(ec_group, point, NULL, pub_key, h, bn_ctx)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - if (EC_POINT_is_at_infinity(ec_group, point)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); + /* compute ECDH share_point [k]P_B = (x2, y2) */ + if (!EC_POINT_mul(group, share_point, NULL, pub_key, k, bn_ctx)) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_EC_LIB); goto end; } - /* A4: compute ECDH [k]P_B = (x2, y2) */ - if (!EC_POINT_mul(ec_group, point, NULL, pub_key, k, bn_ctx)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - if (!(len = EC_POINT_point2oct(ec_group, point, + /* compute t = KDF(x2 || y2, klen) */ + if (!(len = EC_POINT_point2oct(group, share_point, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_EC_LIB); goto end; } - OPENSSL_assert(len == nbytes * 2 + 1); - /* A5: t = KDF(x2 || y2, klen) */ - kdf(buf + 1, len - 1, cv->ciphertext, &cv->ciphertext_size); - - for (i = 0; i < cv->ciphertext_size; i++) { - if (cv->ciphertext[i]) { - break; - } - } - if (i == cv->ciphertext_size) { - continue; + size = cv->ciphertext->length; + kdf(buf + 1, len - 1, cv->ciphertext->data, &size); + if (size != inlen) { + SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_KDF_FAILURE); + goto end; } - break; + /* ASN1_OCTET_STRING_is_zero in asn1.h and a_octet.c */ + } while (ASN1_OCTET_STRING_is_zero(cv->ciphertext)); - } while (1); + /* set x/yCoordinates as (x1, y1) */ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, ephem_point, + cv->xCoordinate, cv->yCoordinate, bn_ctx)) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, ephem_point, + cv->xCoordinate, cv->yCoordinate, bn_ctx)) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_EC_LIB); + goto end; + } + } - - /* A6: C2 = M xor t */ + /* ciphertext = t xor in */ for (i = 0; i < inlen; i++) { - cv->ciphertext[i] ^= in[i]; + cv->ciphertext->data[i] ^= in[i]; } - mactag_size = EVP_MD_size(params->mac_md); - if (mactag_size) { - - /* A7: C3 = Hash(x2 || M || y2) */ - if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - if (!EVP_DigestUpdate(md_ctx, in, inlen)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - - /* GmSSL specific: reduce mactag size */ - if (mactag_size > dgstlen) { - ECerr(EC_F_SM2_DO_ENCRYPT, EC_R_ERROR); - goto end; - } - - cv->mactag_size = mactag_size; - memcpy(cv->mactag, dgst, cv->mactag_size); - } - - ok = 1; - -end: - if (!ok && cv) { - SM2_CIPHERTEXT_VALUE_free(cv); - cv = NULL; - } - - if (point) EC_POINT_free(point); - if (n) BN_free(n); - if (h) BN_free(h); - if (k) BN_free(k); - if (bn_ctx) BN_CTX_free(bn_ctx); - if (md_ctx) EVP_MD_CTX_destroy(md_ctx); - - return cv; -} - -int SM2_decrypt(const SM2_ENC_PARAMS *params, - const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, - EC_KEY *ec_key) -{ - int ret = 0; - const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); - SM2_CIPHERTEXT_VALUE *cv = NULL; - int len; - - if (!(len = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) { - ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR); + /* generate hash = Hash(x2 || M || y2) */ + hashlen = cv->hash->length; + if (!EVP_DigestInit_ex(md_ctx, md, NULL) + || !EVP_DigestUpdate(md_ctx, buf + 1, nbytes) + || !EVP_DigestUpdate(md_ctx, in, inlen) + || !EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes) + || !EVP_DigestFinal_ex(md_ctx, cv->hash->data, &hashlen)) { + SM2err(SM2_F_SM2_DO_ENCRYPT, ERR_R_EVP_LIB); goto end; } - if (inlen <= len) { - ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR); + + ret = cv; + cv = NULL; + +end: + SM2CiphertextValue_free(cv); + EC_POINT_free(share_point); + EC_POINT_free(ephem_point); + BN_free(n); + BN_free(h); + BN_clear_free(k); + BN_CTX_free(bn_ctx); + EVP_MD_CTX_free(md_ctx); + return ret; +} + +int SM2_encrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key) +{ + int ret = 0; + SM2CiphertextValue *cv = NULL; + const EVP_MD *md; + int len; + + if (!(md = EVP_get_digestbynid(type))) { + SM2err(SM2_F_SM2_ENCRYPT, SM2_R_INVALID_DIGEST_ALGOR); + return 0; + } + + if (!(cv = SM2_do_encrypt(md, in, inlen, ec_key))) { + SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ENCRYPT_FAILURE); goto end; } if (!out) { - *outlen = inlen - len; - return 1; - } else if (*outlen < inlen - len) { - ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR); + *outlen = i2d_SM2CiphertextValue(cv, NULL); + ret = 1; + } else if (*outlen < i2d_SM2CiphertextValue(cv, NULL)) { + SM2err(SM2_F_SM2_ENCRYPT, SM2_R_BUFFER_TOO_SMALL); + ret = 0; + } else { + len = i2d_SM2CiphertextValue(cv, &out); + *outlen = len; + ret = 1; + } + +end: + SM2CiphertextValue_free(cv); + return ret; +} + +int SM2_decrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key) +{ + int ret = 0; + SM2CiphertextValue *cv = NULL; + const EVP_MD *md; + + if (!in) { + SM2err(SM2_F_SM2_DECRYPT, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (!(cv = SM2_CIPHERTEXT_VALUE_decode(ec_group, params, in, inlen))) { - ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR); + if (inlen <= 0 || inlen > INT_MAX) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_INPUT_LENGTH); + return 0; + } + + if (!out) { + *outlen = inlen; + return 1; + } else if (*outlen < inlen) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL); + return 0; + } + + if (!(md = EVP_get_digestbynid(type))) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_DIGEST_ALGOR); + return 0; + } + + if (!(cv = d2i_SM2CiphertextValue(NULL, &in, (long)inlen))) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_CIPHERTEXT); + return 0; + } + + if (inlen != i2d_SM2CiphertextValue(cv, NULL)) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_CIPHERTEXT); goto end; } - if (!SM2_do_decrypt(params, cv, out, outlen, ec_key)) { - ECerr(EC_F_SM2_DECRYPT, EC_R_ERROR); + + if (!SM2_do_decrypt(md, cv, out, outlen, ec_key)) { + SM2err(SM2_F_SM2_DECRYPT, SM2_R_DECRYPT_FAILURE); goto end; } ret = 1; end: - if (cv) SM2_CIPHERTEXT_VALUE_free(cv); + SM2CiphertextValue_free(cv); return ret; } -int SM2_do_decrypt(const SM2_ENC_PARAMS *params, - const SM2_CIPHERTEXT_VALUE *cv, - unsigned char *out, size_t *outlen, - EC_KEY *ec_key) +int SM2_do_decrypt(const EVP_MD *md, const SM2CiphertextValue *cv, + unsigned char *out, size_t *outlen, EC_KEY *ec_key) { int ret = 0; - const EC_GROUP *ec_group = EC_KEY_get0_group(ec_key); - const BIGNUM *pri_key = EC_KEY_get0_private_key(ec_key); - KDF_FUNC kdf = KDF_get_x9_63(params->kdf_md); + const EC_GROUP *group; + const BIGNUM *pri_key; + KDF_FUNC kdf; EC_POINT *point = NULL; BIGNUM *n = NULL; BIGNUM *h = NULL; @@ -598,121 +327,136 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params, EVP_MD_CTX *md_ctx = NULL; unsigned char buf[(OPENSSL_ECC_MAX_FIELD_BITS + 7)/4 + 1]; unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; - int mactag_size; - int nbytes; - size_t size; - int i; + unsigned int maclen = sizeof(mac); + int nbytes, len, i; - if (!ec_group || !pri_key) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; + /* check arguments */ + if (!md || !cv || !outlen || !ec_key) { + SM2err(SM2_F_SM2_DO_DECRYPT, ERR_R_PASSED_NULL_PARAMETER); + return 0; } - if (!kdf) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; + + if (!(kdf = KDF_get_x9_63(md))) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_DIGEST_ALGOR); + return 0; + } + + if (!cv->xCoordinate || !cv->yCoordinate || !cv->hash || !cv->ciphertext) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_CIPHERTEXT); + return 0; + } + + if (cv->hash->length != EVP_MD_size(md)) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_CIPHERTEXT); + return 0; + } + + if (cv->ciphertext->length < SM2_MIN_PLAINTEXT_LENGTH + || cv->ciphertext->length > SM2_MAX_PLAINTEXT_LENGTH) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_CIPHERTEXT); + return 0; + } + + if (!(group = EC_KEY_get0_group(ec_key)) + || !(pri_key = EC_KEY_get0_private_key(ec_key))) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_EC_KEY); + return 0; } if (!out) { - *outlen = cv->ciphertext_size; + *outlen = cv->ciphertext->length; return 1; } - if (*outlen < cv->ciphertext_size) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; + if (*outlen < cv->ciphertext->length) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_BUFFER_TOO_SMALL); + return 0; } - /* init vars */ - point = EC_POINT_new(ec_group); + /* malloc */ + point = EC_POINT_new(group); n = BN_new(); h = BN_new(); bn_ctx = BN_CTX_new(); - md_ctx = EVP_MD_CTX_create(); + md_ctx = EVP_MD_CTX_new(); if (!point || !n || !h || !bn_ctx || !md_ctx) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); + SM2err(SM2_F_SM2_DO_DECRYPT, ERR_R_MALLOC_FAILURE); goto end; } /* init ec domain parameters */ - if (!EC_GROUP_get_order(ec_group, n, bn_ctx)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - if (!EC_GROUP_get_cofactor(ec_group, h, bn_ctx)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; - - /* B2: check [h]C1 != O */ - if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, h, bn_ctx)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - if (EC_POINT_is_at_infinity(ec_group, point)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); + if (!EC_GROUP_get_order(group, n, bn_ctx)) { + SM2err(SM2_F_SM2_DO_DECRYPT, ERR_R_EC_LIB); goto end; } - /* B3: compute ECDH [d]C1 = (x2, y2) */ - if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, pri_key, bn_ctx)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); + if (!EC_GROUP_get_cofactor(group, h, bn_ctx)) { + SM2err(SM2_F_SM2_DO_DECRYPT, ERR_R_EC_LIB); goto end; } - if (!(size = EC_POINT_point2oct(ec_group, point, + + nbytes = (EC_GROUP_get_degree(group) + 7) / 8; + + /* get x/yCoordinates as C1 = (x1, y1) */ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_set_affine_coordinates_GFp(group, point, + cv->xCoordinate, cv->yCoordinate, bn_ctx)) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_CIPHERTEXT); + goto end; + } + } else { + if (!EC_POINT_set_affine_coordinates_GF2m(group, point, + cv->xCoordinate, cv->yCoordinate, bn_ctx)) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_CIPHERTEXT); + goto end; + } + } + + /* check [h]C1 != O */ + if (!EC_POINT_mul(group, point, NULL, point, h, bn_ctx)) { + SM2err(SM2_F_SM2_DO_DECRYPT, ERR_R_EC_LIB); + goto end; + } + + if (EC_POINT_is_at_infinity(group, point)) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_CIPHERTEXT); + goto end; + } + + /* compute ECDH [d]C1 = (x2, y2) */ + if (!EC_POINT_mul(group, point, NULL, point, pri_key, bn_ctx)) { + SM2err(SM2_F_SM2_DO_DECRYPT, ERR_R_EC_LIB); + goto end; + } + + if (!(len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); + SM2err(SM2_F_SM2_DO_DECRYPT, ERR_R_EC_LIB); goto end; } - OPENSSL_assert(size == 1 + nbytes * 2); - /* B4: compute t = KDF(x2 || y2, clen) */ - - *outlen = cv->ciphertext_size; //FIXME: duplicated code - kdf(buf + 1, size - 1, out, outlen); + /* compute t = KDF(x2 || y2, clen) */ + *outlen = cv->ciphertext->length; + kdf(buf + 1, len - 1, out, outlen); - /* B5: compute M = C2 xor t */ - for (i = 0; i < cv->ciphertext_size; i++) { - out[i] ^= cv->ciphertext[i]; + /* compute M = C2 xor t */ + for (i = 0; i < cv->ciphertext->length; i++) { + out[i] ^= cv->ciphertext->data[i]; } - *outlen = cv->ciphertext_size; - mactag_size = EVP_MD_size(params->mac_md); - if (mactag_size) { + /* check hash == Hash(x2 || M || y2) */ + if (!EVP_DigestInit_ex(md_ctx, md, NULL) + || !EVP_DigestUpdate(md_ctx, buf + 1, nbytes) + || !EVP_DigestUpdate(md_ctx, out, *outlen) + || !EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes) + || !EVP_DigestFinal_ex(md_ctx, mac, &maclen)) { + SM2err(SM2_F_SM2_DO_DECRYPT, ERR_R_EVP_LIB); + goto end; + } - /* B6: check Hash(x2 || M || y2) == C3 */ - if (!EVP_DigestInit_ex(md_ctx, params->mac_md, NULL)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - if (!EVP_DigestUpdate(md_ctx, buf + 1, nbytes)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - if (!EVP_DigestUpdate(md_ctx, out, *outlen)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - if (!EVP_DigestUpdate(md_ctx, buf + 1 + nbytes, nbytes)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - if (!EVP_DigestFinal_ex(md_ctx, mac, &maclen)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - - /* GmSSL specific */ - if (mactag_size > (int)maclen) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } - if (cv->mactag_size != mactag_size || - OPENSSL_memcmp(mac, cv->mactag, cv->mactag_size)) { - ECerr(EC_F_SM2_DO_DECRYPT, EC_R_ERROR); - goto end; - } + if (OPENSSL_memcmp(cv->hash->data, mac, maclen) != 0) { + SM2err(SM2_F_SM2_DO_DECRYPT, SM2_R_INVALID_CIPHERTEXT); + goto end; } ret = 1; @@ -721,24 +465,6 @@ end: BN_free(n); BN_free(h); BN_CTX_free(bn_ctx); - EVP_MD_CTX_destroy(md_ctx); - + EVP_MD_CTX_free(md_ctx); return ret; } - -int SM2_encrypt_with_recommended(const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - SM2_ENC_PARAMS params; - SM2_ENC_PARAMS_init_with_recommended(¶ms); - return SM2_encrypt(¶ms, in, inlen, out, outlen, ec_key); -} - -int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, - EC_KEY *ec_key) -{ - SM2_ENC_PARAMS params; - SM2_ENC_PARAMS_init_with_recommended(¶ms); - return SM2_decrypt(¶ms, in, inlen, out, outlen, ec_key); -} diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c new file mode 100644 index 00000000..0dc206e9 --- /dev/null +++ b/crypto/sm2/sm2_err.c @@ -0,0 +1,65 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SM2,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SM2,0,reason) + +static ERR_STRING_DATA SM2_str_functs[] = { + {ERR_FUNC(SM2_F_I2O_SM2CIPHERTEXTVALUE), "i2o_SM2CiphertextValue"}, + {ERR_FUNC(SM2_F_O2I_SM2CIPHERTEXTVALUE), "o2i_SM2CiphertextValue"}, + {ERR_FUNC(SM2_F_SM2_DECRYPT), "SM2_decrypt"}, + {ERR_FUNC(SM2_F_SM2_DO_DECRYPT), "SM2_do_decrypt"}, + {ERR_FUNC(SM2_F_SM2_DO_ENCRYPT), "SM2_do_encrypt"}, + {ERR_FUNC(SM2_F_SM2_DO_SIGN), "SM2_do_sign"}, + {ERR_FUNC(SM2_F_SM2_DO_VERIFY), "SM2_do_verify"}, + {ERR_FUNC(SM2_F_SM2_ENCRYPT), "SM2_encrypt"}, + {ERR_FUNC(SM2_F_SM2_SIGN_SETUP), "SM2_sign_setup"}, + {0, NULL} +}; + +static ERR_STRING_DATA SM2_str_reasons[] = { + {ERR_REASON(SM2_R_BAD_SIGNATURE), "bad signature"}, + {ERR_REASON(SM2_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_REASON(SM2_R_DECRYPT_FAILURE), "decrypt failure"}, + {ERR_REASON(SM2_R_ENCRYPT_FAILURE), "encrypt failure"}, + {ERR_REASON(SM2_R_INVALID_CIPHERTEXT), "invalid ciphertext"}, + {ERR_REASON(SM2_R_INVALID_DIGEST_ALGOR), "invalid digest algor"}, + {ERR_REASON(SM2_R_INVALID_EC_KEY), "invalid ec key"}, + {ERR_REASON(SM2_R_INVALID_INPUT_LENGTH), "invalid input length"}, + {ERR_REASON(SM2_R_INVALID_PLAINTEXT_LENGTH), "invalid plaintext length"}, + {ERR_REASON(SM2_R_INVALID_PUBLIC_KEY), "invalid public key"}, + {ERR_REASON(SM2_R_KDF_FAILURE), "kdf failure"}, + {ERR_REASON(SM2_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_REASON(SM2_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, + {ERR_REASON(SM2_R_RANDOM_NUMBER_GENERATION_FAILED), + "random number generation failed"}, + {0, NULL} +}; + +#endif + +int ERR_load_SM2_strings(void) +{ +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) { + ERR_load_strings(0, SM2_str_functs); + ERR_load_strings(0, SM2_str_reasons); + } +#endif + return 1; +} diff --git a/crypto/sm2/sm2_exch.c b/crypto/sm2/sm2_exch.c new file mode 100644 index 00000000..c712546b --- /dev/null +++ b/crypto/sm2/sm2_exch.c @@ -0,0 +1,584 @@ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include +#include "sm2_lcl.h" + +int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx, + EC_KEY *ec_key, const char *id, size_t idlen, + EC_KEY *remote_pubkey, const char *rid, size_t ridlen, + int is_initiator, int do_checksum) +{ + int ret = 0; + int w; + size_t len; + + if (!ctx || !ec_key || !remote_pubkey) { + ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + memset(ctx, 0, sizeof(*ctx)); + + ctx->id_dgst_md = EVP_sm3(); + ctx->kdf_md = EVP_sm3(); + ctx->checksum_md = EVP_sm3(); + ctx->point_form = SM2_DEFAULT_POINT_CONVERSION_FORM; + + if (!(ctx->kdf = KDF_get_x9_63(ctx->kdf_md))) { + ECerr(EC_F_SM2_KAP_CTX_INIT, EC_R_INVALID_KDF_MD); + goto end; + } + + ctx->is_initiator = is_initiator; + ctx->do_checksum = do_checksum; + + if (EC_GROUP_cmp(EC_KEY_get0_group(ec_key), + EC_KEY_get0_group(remote_pubkey), NULL) != 0) { + ECerr(EC_F_SM2_KAP_CTX_INIT, 0); + goto end; + } + + len = ctx->id_dgstlen; + if (!SM2_compute_id_digest(ctx->id_dgst_md, id, idlen, + ctx->id_dgst, &len, ec_key)) { + ECerr(EC_F_SM2_KAP_CTX_INIT, 0); + goto end; + } + ctx->id_dgstlen = len; + + if (!(ctx->ec_key = EC_KEY_dup(ec_key))) { + ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB); + goto end; + } + + len = ctx->remote_id_dgstlen; + if (!SM2_compute_id_digest(ctx->id_dgst_md, rid, ridlen, + ctx->remote_id_dgst, &len, remote_pubkey)) { + ECerr(EC_F_SM2_KAP_CTX_INIT, 0); + goto end; + } + ctx->remote_id_dgstlen = len; + + if (!(ctx->remote_pubkey = EC_KEY_dup(remote_pubkey))) { + ECerr(EC_F_SM2_KAP_CTX_INIT, 0); + goto end; + } + + ctx->group = EC_KEY_get0_group(ec_key); + ctx->bn_ctx = BN_CTX_new(); + ctx->order = BN_new(); + ctx->two_pow_w = BN_new(); + ctx->t = BN_new(); + + if (!ctx->bn_ctx || !ctx->order || !ctx->two_pow_w || !ctx->t) { + ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB); + goto end; + } + + if (!EC_GROUP_get_order(EC_KEY_get0_group(ec_key), ctx->order, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB); + goto end; + } + + w = (BN_num_bits(ctx->order) + 1)/2 - 1; + + if (!BN_one(ctx->two_pow_w)) { + ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB); + goto end; + } + + if (!BN_lshift(ctx->two_pow_w, ctx->two_pow_w, w)) { + ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_BN_LIB); + goto end; + } + + if (!(ctx->point = EC_POINT_new(ctx->group))) { + ECerr(EC_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB); + goto end; + } + + ret = 1; + +end: + if (!ret) SM2_KAP_CTX_cleanup(ctx); + return ret; +} + +void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx) +{ + if (ctx) { + EC_KEY_free(ctx->ec_key); + EC_KEY_free(ctx->remote_pubkey); + BN_CTX_free(ctx->bn_ctx); + BN_free(ctx->two_pow_w); + BN_free(ctx->order); + EC_POINT_free(ctx->point); + BN_free(ctx->t); + memset(ctx, 0, sizeof(*ctx)); + } +} + +/* FIXME: ephem_point_len should be both input and output */ +int SM2_KAP_prepare(SM2_KAP_CTX *ctx, unsigned char *ephem_point, + size_t *ephem_point_len) +{ + int ret = 0; + const BIGNUM *prikey; + BIGNUM *h = NULL; + BIGNUM *r = NULL; + BIGNUM *x = NULL; + + if (!(prikey = EC_KEY_get0_private_key(ctx->ec_key))) { + ECerr(EC_F_SM2_KAP_PREPARE, EC_R_SM2_KAP_NOT_INITED); + return 0; + } + + h = BN_new(); + r = BN_new(); + x = BN_new(); + + if (!h || !r || !x) { + ECerr(EC_F_SM2_KAP_PREPARE, 0); + goto end; + } + + /* + * r = rand(1, n) + * R = rG = (x, y) + */ + + do { + if (!BN_rand_range(r, ctx->order)) { + ECerr(EC_F_SM2_KAP_PREPARE, EC_R_RANDOM_NUMBER_GENERATION_FAILED); + goto end; + } + + } while (BN_is_zero(r)); + + + if (!EC_POINT_mul(ctx->group, ctx->point, r, NULL, NULL, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_EC_LIB); + goto end; + } + + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(ctx->group)) == NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_EC_LIB); + goto end; + } + } + + /* + * w = ceil(keybits / 2) - 1 + * x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w) + * t = (d + x * r) mod n + * t = (h * t) mod n + */ + + if (!ctx->t) { + ECerr(EC_F_SM2_KAP_PREPARE, EC_R_SM2_KAP_NOT_INITED); + goto end; + } + + if (!BN_nnmod(x, x, ctx->two_pow_w, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB); + goto end; + } + + if (!BN_add(x, x, ctx->two_pow_w)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB); + goto end; + } + + if (!BN_mod_mul(ctx->t, x, r, ctx->order, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB); + goto end; + } + + if (!BN_mod_add(ctx->t, ctx->t, prikey, ctx->order, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB); + goto end; + } + + if (!EC_GROUP_get_cofactor(ctx->group, h, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_EC_LIB); + goto end; + } + + if (!BN_mul(ctx->t, ctx->t, h, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_PREPARE, ERR_R_BN_LIB); + goto end; + } + + /* encode R = (x, y) for output and local buffer */ + + // FIXME: ret is size_t and ret is the output length + ret = EC_POINT_point2oct(ctx->group, ctx->point, ctx->point_form, + ephem_point, *ephem_point_len, ctx->bn_ctx); + + memcpy(ctx->pt_buf, ephem_point, ret); + *ephem_point_len = ret; + ret = 1; + +end: + if (h) BN_free(h); + if (r) BN_free(r); + if (x) BN_free(x); + + return ret; +} + +int SM2_KAP_compute_key(SM2_KAP_CTX *ctx, const unsigned char *remote_point, + size_t remote_point_len, unsigned char *key, size_t keylen, + unsigned char *checksum, size_t *checksumlen) +{ + int ret = 0; + + EVP_MD_CTX *md_ctx = NULL; + BIGNUM *x = NULL; + unsigned char share_pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4 + EVP_MAX_MD_SIZE * 2 + 100]; + unsigned char remote_pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4 + 111]; + unsigned char dgst[EVP_MAX_MD_SIZE]; + unsigned int dgstlen; + unsigned int len, bnlen; + size_t klen = keylen; + + md_ctx = EVP_MD_CTX_new(); + x = BN_new(); + if (!md_ctx || !x) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0); + goto end; + } + + /* + * decode point R = (x, y), encode (x, y) + * x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w), w = ceil(keybits / 2) - 1 + * U = ht * (P + x * R) + * check U != O + */ + + if (!EC_POINT_oct2point(ctx->group, ctx->point, + remote_point, remote_point_len, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0); + goto end; + } + + if (!(len = EC_POINT_point2oct(ctx->group, ctx->point, POINT_CONVERSION_UNCOMPRESSED, + remote_pt_buf, sizeof(remote_pt_buf), ctx->bn_ctx))) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0); + goto end; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(ctx->group)) == NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(ctx->group, ctx->point, x, NULL, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB); + goto end; + } + } + + /* x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w) */ + + if (!BN_nnmod(x, x, ctx->two_pow_w, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB); + goto end; + } + + if (!BN_add(x, x, ctx->two_pow_w)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB); + goto end; + } + + /* + if (!BN_mod_mul(x, x, ctx->t, ctx->order, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_BN_LIB); + goto end; + } + */ + + /* U = ht * (P + x * R), check U != O */ + + if (!EC_POINT_mul(ctx->group, ctx->point, NULL, ctx->point, x, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB); + goto end; + } + + if (!EC_POINT_add(ctx->group, ctx->point, ctx->point, + EC_KEY_get0_public_key(ctx->remote_pubkey), ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB); + goto end; + } + + if (!EC_POINT_mul(ctx->group, ctx->point, NULL, ctx->point, ctx->t, ctx->bn_ctx)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EC_LIB); + goto end; + } + + if (EC_POINT_is_at_infinity(ctx->group, ctx->point)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0); + goto end; + } + + /* encode U, append with ZA, ZB */ + + if (!(len = EC_POINT_point2oct(ctx->group, ctx->point, POINT_CONVERSION_UNCOMPRESSED, + share_pt_buf, sizeof(share_pt_buf), ctx->bn_ctx))) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0); + goto end; + } + + if (ctx->is_initiator) { + memcpy(share_pt_buf + len, ctx->id_dgst, ctx->id_dgstlen); + len += ctx->id_dgstlen; + memcpy(share_pt_buf + len, ctx->remote_id_dgst, ctx->remote_id_dgstlen); + len += ctx->remote_id_dgstlen; + } else { + memcpy(share_pt_buf + len, ctx->remote_id_dgst, ctx->remote_id_dgstlen); + len += ctx->remote_id_dgstlen; + memcpy(share_pt_buf + len, ctx->id_dgst, ctx->id_dgstlen); + len += ctx->id_dgstlen; + } + + /* key = KDF(xu, yu, ZA, ZB) */ + + + if (!ctx->kdf(share_pt_buf + 1, len - 1, key, &klen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, 0); + goto end; + } + + if (ctx->do_checksum) { + + /* generate checksum S1 or SB start with 0x02 + * S1 = SB = Hash(0x02, yu, Hash(xu, ZA, ZB, x1, y1, x2, y2)) + */ + if (!EVP_DigestInit_ex(md_ctx, ctx->checksum_md, NULL)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + bnlen = BN_num_bytes(ctx->order); + + if (!EVP_DigestUpdate(md_ctx, share_pt_buf + 1, bnlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + if (ctx->is_initiator) { + + /* update ZA,ZB,x1,y1,x2,y2 */ + if (!EVP_DigestUpdate(md_ctx, ctx->id_dgst, ctx->id_dgstlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + if (!EVP_DigestUpdate(md_ctx, ctx->remote_id_dgst, ctx->remote_id_dgstlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + if (!EVP_DigestUpdate(md_ctx, ctx->pt_buf + 1, bnlen * 2)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + if (!EVP_DigestUpdate(md_ctx, remote_pt_buf + 1, bnlen * 2)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + } else { + + if (!EVP_DigestUpdate(md_ctx, ctx->remote_id_dgst, ctx->remote_id_dgstlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + if (!EVP_DigestUpdate(md_ctx, ctx->id_dgst, ctx->id_dgstlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + if (!EVP_DigestUpdate(md_ctx, remote_pt_buf + 1, bnlen * 2)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + if (!EVP_DigestUpdate(md_ctx, ctx->pt_buf + 1, bnlen * 2)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + } + + if (!EVP_DigestFinal_ex(md_ctx, dgst, &dgstlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + /* now dgst == H(xu,ZA,ZB,x1,y1,x2,y2) + */ + + /* S1 = SB = Hash(0x02, yu, dgst) */ + + if (!EVP_DigestInit_ex(md_ctx, ctx->checksum_md, NULL)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + if (!EVP_DigestUpdate(md_ctx, "\x02", 1)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + if (!EVP_DigestUpdate(md_ctx, share_pt_buf + 1 + bnlen, bnlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + if (!EVP_DigestUpdate(md_ctx, dgst, dgstlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + /* output S1 to local buffer or SB to output */ + if (ctx->is_initiator) { + if (!EVP_DigestFinal_ex(md_ctx, ctx->checksum, &len)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + } else { + if (!EVP_DigestFinal_ex(md_ctx, checksum, &len)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + *checksumlen = len; + } + + /* generate checksum SA or S2 start with 0x03 + * SA = S2 = Hash(0x03, yu, dgst) + */ + + if (!EVP_DigestInit_ex(md_ctx, ctx->checksum_md, NULL)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + if (!EVP_DigestUpdate(md_ctx, "\x03", 1)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + if (!EVP_DigestUpdate(md_ctx, share_pt_buf + 1 + bnlen, bnlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + if (!EVP_DigestUpdate(md_ctx, dgst, dgstlen)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + + if (ctx->is_initiator) { + if (!EVP_DigestFinal_ex(md_ctx, checksum, &len)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + *checksumlen = len; + + } else { + if (!EVP_DigestFinal_ex(md_ctx, ctx->checksum, &len)) { + ECerr(EC_F_SM2_KAP_COMPUTE_KEY, ERR_R_EVP_LIB); + goto end; + } + } + + + } + + ret = 1; + +end: + EVP_MD_CTX_free(md_ctx); + BN_free(x); + return ret; +} + +int SM2_KAP_final_check(SM2_KAP_CTX *ctx, const unsigned char *checksum, + size_t checksumlen) +{ + if (ctx->do_checksum) { + if (checksumlen != EVP_MD_size(ctx->checksum_md)) { + ECerr(EC_F_SM2_KAP_FINAL_CHECK, EC_R_INVALID_SM2_KAP_CHECKSUM_LENGTH); + return 0; + } + if (memcmp(ctx->checksum, checksum, checksumlen)) { + ECerr(EC_F_SM2_KAP_FINAL_CHECK, EC_R_INVALID_SM2_KAP_CHECKSUM_VALUE); + return 0; + } + } + + return 1; +} + +int SM2_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + const EC_KEY *ec_key, KDF_FUNC kdf_f) +{ + + + return 0; +} diff --git a/crypto/sm2/sm2_id.c b/crypto/sm2/sm2_id.c index 9fbd4dfb..ada3865c 100644 --- a/crypto/sm2/sm2_id.c +++ b/crypto/sm2/sm2_id.c @@ -59,6 +59,7 @@ #include #include #include +#include "sm2_lcl.h" #define EC_MAX_NBYTES ((OPENSSL_ECC_MAX_FIELD_BITS + 7)/8) @@ -211,7 +212,7 @@ int SM2_compute_id_digest(const EVP_MD *md, const char *id, size_t idlen, } #ifndef OPENSSL_NO_STRICT_GM - if (EVP_MD_size(md) != SM2_ID_DIGEST_LENGTH) { + if (EVP_MD_size(md) != SM2_DEFAULT_ID_DIGEST_LENGTH) { ECerr(EC_F_SM2_COMPUTE_ID_DIGEST, EC_R_INVALID_DIGEST_ALGOR); return 0; } diff --git a/crypto/sm2/sm2_kap.c b/crypto/sm2/sm2_kap.c index 03a00a5e..177f4cb2 100644 --- a/crypto/sm2/sm2_kap.c +++ b/crypto/sm2/sm2_kap.c @@ -52,6 +52,8 @@ #include #include #include +#include "sm2_lcl.h" + int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx, EC_KEY *ec_key, const char *id, size_t idlen, diff --git a/crypto/sm2/sm2_kmeth.c b/crypto/sm2/sm2_kmeth.c index 43081619..e40a48fb 100644 --- a/crypto/sm2/sm2_kmeth.c +++ b/crypto/sm2/sm2_kmeth.c @@ -58,138 +58,22 @@ #define SM2_KMETH_FLAGS 0 -int SM2_ENC_PARAMS_set_type(SM2_ENC_PARAMS *params, int type) -{ - const EVP_MD *md; - if (!(md = EVP_get_digestbynid(type))) { - ECerr(EC_F_SM2_ENC_PARAMS_SET_TYPE, EC_R_INVALID_DIGEST_TYPE); - return 0; - } - params->kdf_md = md; - params->mac_md = md; - params->point_form = SM2_DEFAULT_POINT_CONVERSION_FORM; - return 1; -} - -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECIES_CIPHERTEXT_VALUE( - const ECIES_CIPHERTEXT_VALUE *in) -{ - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECIES_CIPHERTEXT_VALUE, - ERR_R_EC_LIB); - return NULL; -} - -int SM2_CIPHERTEXT_VALUE_set_ECIES_CIPHERTEXT_VALUE(SM2_CIPHERTEXT_VALUE *sm2, - const ECIES_CIPHERTEXT_VALUE *in) -{ - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_SET_ECIES_CIPHERTEXT_VALUE, - ERR_R_EC_LIB); - return 0; -} - -int SM2_CIPHERTEXT_VALUE_get_ECIES_CIPHERTEXT_VALUE( - const SM2_CIPHERTEXT_VALUE *sm2, ECIES_CIPHERTEXT_VALUE *out) -{ - ECerr(EC_F_SM2_CIPHERTEXT_VALUE_GET_ECIES_CIPHERTEXT_VALUE, - ERR_R_EC_LIB); - return 0; -} - -static int sm2_compute_key(unsigned char **Pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ec_key) -{ - return 0; -} - -static int sm2_encrypt(int type, const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - SM2_ENC_PARAMS param; - if (!SM2_ENC_PARAMS_set_type(¶m, type)) { - return 0; - } - return SM2_encrypt(¶m, in, inlen, out, outlen, ec_key); -} - -ECIES_CIPHERTEXT_VALUE *sm2_do_encrypt(int type, const unsigned char *in, - size_t inlen, EC_KEY *ec_key) -{ - ECIES_CIPHERTEXT_VALUE *ret = NULL; - ECIES_CIPHERTEXT_VALUE *ecies = NULL; - SM2_CIPHERTEXT_VALUE *sm2 = NULL; - SM2_ENC_PARAMS param; - - if (!(ecies = ECIES_CIPHERTEXT_VALUE_new())) { - goto end; - } - if (!SM2_ENC_PARAMS_set_type(¶m, type)) { - goto end; - } - if (!(sm2 = SM2_do_encrypt(¶m, in, inlen, ec_key))) { - goto end; - } - if (!SM2_CIPHERTEXT_VALUE_get_ECIES_CIPHERTEXT_VALUE(sm2, ecies)) { - goto end; - } - - ret = ecies; - ecies = NULL; - -end: - ECIES_CIPHERTEXT_VALUE_free(ecies); - SM2_CIPHERTEXT_VALUE_free(sm2); - return ret; -} - -int sm2_decrypt(int type, const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - SM2_ENC_PARAMS param; - if (!SM2_ENC_PARAMS_set_type(¶m, type)) { - return 0; - } - return SM2_decrypt(¶m, in, inlen, out, outlen, ec_key); -} - -int sm2_do_decrypt(int type, const ECIES_CIPHERTEXT_VALUE *in, - unsigned char *out, size_t *outlen, EC_KEY *ec_key) -{ - int ret = 0; - SM2_CIPHERTEXT_VALUE *sm2 = NULL; - SM2_ENC_PARAMS param; - - if (!SM2_ENC_PARAMS_set_type(¶m, type)) { - goto end; - } - // we might require type/param - if (!(sm2 = SM2_CIPHERTEXT_VALUE_new_from_ECIES_CIPHERTEXT_VALUE(in))) { - goto end; - } - if (!SM2_do_decrypt(¶m, sm2, out, outlen, ec_key)) { - goto end; - } - - ret = 1; -end: - SM2_CIPHERTEXT_VALUE_free(sm2); - return ret; -} static const EC_KEY_METHOD gmssl_ec_key_method = { "GmSSL EC_KEY method", EC_KEY_METHOD_SM2, 0,0,0,0,0,0, ossl_ec_key_gen, - sm2_compute_key, - SM2_sign, + NULL, + SM2_sign_ex, SM2_sign_setup, - SM2_do_sign, + SM2_do_sign_ex, SM2_verify, SM2_do_verify, - sm2_encrypt, - sm2_do_encrypt, - sm2_decrypt, - sm2_do_decrypt, + SM2_encrypt, + NULL, + SM2_decrypt, + NULL, }; const EC_KEY_METHOD *EC_KEY_GmSSL(void) @@ -206,7 +90,6 @@ int EC_KEY_METHOD_type(const EC_KEY_METHOD *meth) } } - void EC_KEY_METHOD_set_encrypt(EC_KEY_METHOD *meth, int (*encrypt)(int type, const unsigned char *in, diff --git a/crypto/sm2/sm2_lcl.h b/crypto/sm2/sm2_lcl.h index 0f3ffa24..88a03bba 100644 --- a/crypto/sm2/sm2_lcl.h +++ b/crypto/sm2/sm2_lcl.h @@ -1,5 +1,107 @@ - +/* + * Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ #define EC_KEY_METHOD_SM2 0x02 +#define SM2_DEFAULT_POINT_CONVERSION_FORM POINT_CONVERSION_UNCOMPRESSED + +#define SM2_MAX_PKEY_DATA_LENGTH ((EC_MAX_NBYTES + 1) * 6) + +int SM2_get_public_key_data(EC_KEY *ec_key, unsigned char *out, size_t *outlen); + +int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md, + const unsigned char *msg, size_t msglen, const char *id, size_t idlen, + unsigned char *out, size_t *outlen, + EC_KEY *ec_key); + +struct SM2CiphertextValue_st { + BIGNUM *xCoordinate; + BIGNUM *yCoordinate; + ASN1_OCTET_STRING *hash; + ASN1_OCTET_STRING *ciphertext; +}; + +struct sm2_kap_ctx_st { + + const EVP_MD *id_dgst_md; + const EVP_MD *kdf_md; + const EVP_MD *checksum_md; + point_conversion_form_t point_form; + KDF_FUNC kdf; + + int is_initiator; + int do_checksum; + + EC_KEY *ec_key; + unsigned char id_dgst[EVP_MAX_MD_SIZE]; + unsigned int id_dgstlen; + + EC_KEY *remote_pubkey; + unsigned char remote_id_dgst[EVP_MAX_MD_SIZE]; + unsigned int remote_id_dgstlen; + + const EC_GROUP *group; + BN_CTX *bn_ctx; + BIGNUM *order; + BIGNUM *two_pow_w; + + BIGNUM *t; + EC_POINT *point; + unsigned char pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4]; + unsigned char checksum[EVP_MAX_MD_SIZE]; + +}; + +int i2o_SM2CiphertextValue(const EC_GROUP *group, const SM2CiphertextValue *cv, + unsigned char **pout); +SM2CiphertextValue *o2i_SM2CiphertextValue(const EC_GROUP *group, + SM2CiphertextValue **cv, const unsigned char **pin, long len); + + + diff --git a/crypto/sm2/sm2_oct.c b/crypto/sm2/sm2_oct.c new file mode 100644 index 00000000..410b4e3d --- /dev/null +++ b/crypto/sm2/sm2_oct.c @@ -0,0 +1,311 @@ +/* ==================================================================== + * Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "sm2_lcl.h" + + +int i2o_SM2CiphertextValue(const EC_GROUP *group, const SM2CiphertextValue *cv, + unsigned char **pout) +{ + int ret = 0, outlen = 0, nbytes; + EC_POINT *point = NULL; + BN_CTX *bn_ctx = NULL; + unsigned char *buf; + unsigned char *p; + + if (!group || !cv || !pout) { + SM2err(SM2_F_I2O_SM2CIPHERTEXTVALUE, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + nbytes = (EC_GROUP_get_degree(group) + 7)/8; + + if (!cv->xCoordinate || BN_num_bytes(cv->xCoordinate) > nbytes + || !cv->yCoordinate || BN_num_bytes(cv->BN_num_bytes) > nbytes + || ASN1_STRING_length(cv->hash) <= 0 + || ASN1_STRING_length(cv->hash) > EVP_MAX_MD_SIZE + || ASN1_STRING_length(cv->ciphertext) <= 0) { + SM2err(SM2_F_I2O_SM2CIPHERTEXTVALUE, SM2_R_INVALID_CIPHERTEXT); + return 0; + } + + /* prepare buffer */ + if (*pout) { + p = *pout; + + } else { + size_t buflen = 1 + nbytes * 2 + + ASN1_STRING_length(cv->ciphertext) + + ASN1_STRING_length(cv->hash); + + if (!(buf = OPENSSL_malloc(buflen))) { + SM2err(SM2_F_I2O_SM2CIPHERTEXTVALUE, + ERR_R_MALLOC_FAILURE); + return 0; + } + + p = buf; + } + + /* encode x, y */ + if (!(point = EC_POINT_new(group)) || !(bn_ctx = BN_CTX_new())) { + SM2err(SM2_F_I2O_SM2CIPHERTEXTVALUE, ERR_R_MALLOC_FAILURE); + goto end; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_set_affine_coordinates_GFp(group, point, + cv->xCoordinate, cv->yCoordinate, bn_ctx)) { + goto end; + } + } else { + if (!EC_POINT_set_affine_coordinates_GF2m(group, point, + cv->xCoordinate, cv->yCoordinate, bn_ctx)) { + goto end; + } + } + + if (!(siz = EC_POINT_point2oct(group, point, + POINT_CONVERSION_UNCOMPRESSED, p, 1 + 2 * nbytes, bn_ctx))) { + SM2err(SM2_F_I2O_SM2CIPHERTEXTVALUE, ERR_R_EC_LIB); + goto end; + } + OPENSSL_assert(siz == 1 + 2 * nbytes); + p += siz; + outlen += siz; + + /* encode ciphertext */ + memcpy(p, ASN1_STRING_get0_data(cv->ciphertext), + ASN1_STRING_length(cv->ciphertext)); + p += ASN1_STRING_length(cv->ciphertext); + outlen += siz; + + /* encode hash */ + memcpy(out, ASN1_STRING_get0_data(cv->hash), + ASN1_STRING_length(cv->hash)); + p += ASN1_STRING_length(cv->hash); + outlen += siz; + + /* output */ + if (*pout) { + *pout = p; + } else { + *pout = buf; + buf = NULL; + } + ret = outlen; + +end: + EC_POINT_free(point); + BN_CTX_free(bn_ctx); + return ret; +} + +SM2CiphertextValue *o2i_SM2CiphertextValue(const EC_GROUP *group, + const EVP_MD *md, SM2CiphertextValue **pout, + const unsigned char **pin, long len) +{ + SM2CiphertextValue *ret = NULL; + SM2CiphertextValue *cv = NULL; + BN_CTX *bn_ctx = NULL; + unsigned char *p; + + if (!group || !pin) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + nbytes = (EC_GROUP_get_degree(group) + 7)/8; + + if (len <= 1 + nbytes * 2 + EVP_MD_size(md)) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + SM2_R_INVALID_CIPHERTEXT); + return NULL; + } + + if (pout && *pout) { + cv = *pout; + } else { + if (!(cv = SM2CiphertextValue_new())) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + ERR_R_MALLOC_FAILURE); + goto end; + } + } + + if (!(point = EC_POINT_new(group)) + || !(bn_ctx = BN_CTX_new(bn_ctx))) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + ERR_R_MALLOC_FAILURE); + goto end; + } + + p = *pin; + + /* set (x, y) */ + if (!EC_POINT_oct2point(group, point, p, 1 + nbytes * 2, bn_ctx)) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + SM2_R_INVALID_CIPHERTEXT); + goto end; + } + p += 1 + nbytes * 2; + len -= 1 + nbytes * 2; + + if (!cv->xCoordinate) { + if (!(cv->xCoordinate = BN_new())) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + ERR_R_MALLOC_FAILURE); + goto end; + } + } + if (!cv->yCoordinate) { + if (!(cv->yCoordinate = BN_new())) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + ERR_R_MALLOC_FAILURE); + goto end; + } + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, point, + cv->xCoordinate, cv->yCoordinate, bn_ctx)) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, + cv->xCoordinate, cv->yCoordinate, bn_ctx)) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, ERR_R_EC_LIB); + goto end; + } + } + + /* set ciphertext */ + if (!cv->ciphertext) { + if (!(cv->ciphertext = ASN1_OCTET_STRING_new())) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + ERR_R_MALLOC_FAILURE); + goto end; + } + } + + if (!ASN1_OCTET_STRING_set(cv->ciphertext, p, len - EVP_MD_size(md))) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, ERR_R_ASN1_LIB); + goto end; + } + p += len - EVP_MD_size(md); + + /* set hash */ + if (!cv->hash) { + if (!(cv->hash = ASN1_OCTET_STRING_new())) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, + ERR_R_MALLOC_FAILURE); + goto end; + } + } + + if (!ASN1_OCTET_STRING_set(cv->hash, p, EVP_MD_size(md))) { + SM2err(SM2_F_O2I_SM2CIPHERTEXTVALUE, ERR_R_ASN1_LIB); + goto end; + } + p += EVP_MD_size(md); + + /* set result */ + *pin = p; + ret = cv; + +end: + SM2CiphertextValue_free(cv); + EC_POINT_free(point); + BN_CTX_free(bn_ctx); + return ret; +} + + +int SM2_encrypt(const EVP_MD *md, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key) +{ + int ret = 0; + SM2CiphertextValue *cv = NULL; + + if (!(cv = SM2_do_encrypt(md, in, inlen, ec_key))) { + goto end; + } + + if (!out) { + len = i2o_SM2CiphertextValue(cv, NULL); + *outlen = len; + return 1; + } + + if (!(i2o_SM2CiphertextValue(cv, &out))) { + goto end; + } + + return 0; +} + +int SM2_decrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key) +{ + + SM2CiphertextValue *cv = NULL; + + +} diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index aa037990..10b50fa0 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -69,13 +69,13 @@ static int sm2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx_in, BIGNUM **kp, BIGNUM ** EC_POINT *point = NULL; if (ec_key == NULL || (ec_group = EC_KEY_get0_group(ec_key)) == NULL) { - ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); return 0; } if (ctx_in == NULL) { if ((ctx = BN_CTX_new()) == NULL) { - ECerr(EC_F_SM2_SIGN_SETUP,ERR_R_MALLOC_FAILURE); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_MALLOC_FAILURE); return 0; } } @@ -87,17 +87,17 @@ static int sm2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx_in, BIGNUM **kp, BIGNUM ** x = BN_new(); order = BN_new(); if (!k || !x || !order) { - ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_MALLOC_FAILURE); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_MALLOC_FAILURE); goto end; } if (!EC_GROUP_get_order(ec_group, order, ctx)) { - ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_EC_LIB); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_EC_LIB); goto end; } if ((point = EC_POINT_new(ec_group)) == NULL) { - ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_EC_LIB); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_EC_LIB); goto end; } @@ -105,8 +105,8 @@ static int sm2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx_in, BIGNUM **kp, BIGNUM ** /* get random k */ do { if (!BN_rand_range(k, order)) { - ECerr(EC_F_SM2_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + SM2err(SM2_F_SM2_SIGN_SETUP, + SM2_R_RANDOM_NUMBER_GENERATION_FAILED); goto end; } @@ -114,24 +114,24 @@ static int sm2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx_in, BIGNUM **kp, BIGNUM ** /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(ec_group, point, k, NULL, NULL, ctx)) { - ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_EC_LIB); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_EC_LIB); goto end; } if (EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(ec_group, point, x, NULL, ctx)) { - ECerr(EC_F_SM2_SIGN_SETUP,ERR_R_EC_LIB); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_EC_LIB); goto end; } } else /* NID_X9_62_characteristic_two_field */ { if (!EC_POINT_get_affine_coordinates_GF2m(ec_group, point, x, NULL, ctx)) { - ECerr(EC_F_SM2_SIGN_SETUP,ERR_R_EC_LIB); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_EC_LIB); goto end; } } if (!BN_nnmod(x, x, order, ctx)) { - ECerr(EC_F_SM2_SIGN_SETUP, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_SIGN_SETUP, ERR_R_BN_LIB); goto end; } @@ -178,12 +178,12 @@ static ECDSA_SIG *sm2_do_sign(const unsigned char *dgst, int dgstlen, ec_group = EC_KEY_get0_group(ec_key); priv_key = EC_KEY_get0_private_key(ec_key); if (!ec_group || !priv_key) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (!(ret = ECDSA_SIG_new())) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE); return NULL; } ret->r = BN_new(); @@ -193,11 +193,11 @@ static ECDSA_SIG *sm2_do_sign(const unsigned char *dgst, int dgstlen, e = BN_new(); bn = BN_new(); if (!ret->r || !ret->s || !ctx || !order || !e || !bn) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE); goto end; } if (!EC_GROUP_get_order(ec_group, order, ctx)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_EC_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_EC_LIB); goto end; } @@ -209,13 +209,13 @@ static ECDSA_SIG *sm2_do_sign(const unsigned char *dgst, int dgstlen, } #endif if (!BN_bin2bn(dgst, dgstlen, e)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } #if 0 if ((8 * dgstlen > i) && !BN_rshift(e, e, 8 - (i & 0x7))) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } #endif @@ -224,33 +224,33 @@ static ECDSA_SIG *sm2_do_sign(const unsigned char *dgst, int dgstlen, /* use or compute k and (kG).x */ if (!in_k || !in_x) { if (!sm2_sign_setup(ec_key, ctx, &k, &ret->r)) { - ECerr(EC_F_SM2_DO_SIGN,ERR_R_ECDSA_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_ECDSA_LIB); goto end; } ck = k; } else { ck = in_k; if (!BN_copy(ret->r, in_x)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_MALLOC_FAILURE); goto end; } } /* r = e + x (mod n) */ if (!BN_mod_add(ret->r, ret->r, e, order, ctx)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } if (!BN_mod_add(bn, ret->r, ck, order, ctx)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } /* check r != 0 && r + k != n */ if (BN_is_zero(ret->r) || BN_is_zero(bn)) { if (in_k && in_x) { - ECerr(EC_F_SM2_DO_SIGN, EC_R_NEED_NEW_SETUP_VALUES); + SM2err(SM2_F_SM2_DO_SIGN, SM2_R_NEED_NEW_SETUP_VALUES); goto end; } else continue; @@ -258,36 +258,36 @@ static ECDSA_SIG *sm2_do_sign(const unsigned char *dgst, int dgstlen, /* s = ((1 + d)^-1 * (k - rd)) mod n */ if (!BN_one(bn)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } if (!BN_mod_add(ret->s, priv_key, bn, order, ctx)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } if (!BN_mod_inverse(ret->s, ret->s, order, ctx)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } if (!BN_mod_mul(bn, ret->r, priv_key, order, ctx)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } if (!BN_mod_sub(bn, ck, bn, order, ctx)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } if (!BN_mod_mul(ret->s, ret->s, bn, order, ctx)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } /* check s != 0 */ if (BN_is_zero(ret->s)) { if (in_k && in_x) { - ECerr(EC_F_SM2_DO_SIGN, EC_R_NEED_NEW_SETUP_VALUES); + SM2err(SM2_F_SM2_DO_SIGN, SM2_R_NEED_NEW_SETUP_VALUES); goto end; } } else { @@ -298,13 +298,13 @@ static ECDSA_SIG *sm2_do_sign(const unsigned char *dgst, int dgstlen, #if 0 if (!BN_rshift1(bn, order)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } if (BN_cmp(ret->r, bn) <= 0) { if (!BN_sub(ret->r, order, ret->r) || !BN_sub(ret->s, order, ret->s)) { - ECerr(EC_F_SM2_DO_SIGN, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_SIGN, ERR_R_BN_LIB); goto end; } } @@ -344,7 +344,7 @@ int sm2_do_verify(const unsigned char *dgst, int dgstlen, !(ec_group = EC_KEY_get0_group(ec_key)) || !(pub_key = EC_KEY_get0_public_key(ec_key))) { - ECerr(EC_F_SM2_DO_VERIFY, EC_R_MISSING_PARAMETERS); + SM2err(SM2_F_SM2_DO_VERIFY, SM2_R_MISSING_PARAMETERS); return -1; } @@ -353,21 +353,21 @@ int sm2_do_verify(const unsigned char *dgst, int dgstlen, e = BN_new(); t = BN_new(); if (!ctx || !order || !e || !t) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_MALLOC_FAILURE); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_MALLOC_FAILURE); goto end; } if (!EC_GROUP_get_order(ec_group, order, ctx)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_EC_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_EC_LIB); goto end; } #if 0 if (!BN_rshift1(t, order)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB); goto end; } if (BN_cmp(sig->r, t) <= 0) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB); //FIXME: error code + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB); //FIXME: error code goto end; } #endif @@ -380,14 +380,14 @@ int sm2_do_verify(const unsigned char *dgst, int dgstlen, BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { - ECerr(EC_F_SM2_DO_VERIFY, EC_R_BAD_SIGNATURE); + SM2err(SM2_F_SM2_DO_VERIFY, SM2_R_BAD_SIGNATURE); ret = 0; goto end; } /* check t = r + s != 0 */ if (!BN_mod_add(t, sig->r, sig->s, order, ctx)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB); goto end; } if (BN_is_zero(t)) { @@ -403,44 +403,44 @@ int sm2_do_verify(const unsigned char *dgst, int dgstlen, } #endif if (!BN_bin2bn(dgst, dgstlen, e)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB); goto end; } #if 0 if ((8 * dgstlen > i) && !BN_rshift(e, e, 8 - (i & 0x7))) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB); goto end; } #endif /* compute (x, y) = sG + tP, P is pub_key */ if (!(point = EC_POINT_new(ec_group))) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_MALLOC_FAILURE); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_MALLOC_FAILURE); goto end; } if (!EC_POINT_mul(ec_group, point, sig->s, pub_key, t, ctx)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_EC_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_EC_LIB); goto end; } if (EC_METHOD_get_field_type(EC_GROUP_method_of(ec_group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(ec_group, point, t, NULL, ctx)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_EC_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_EC_LIB); goto end; } } else /* NID_X9_62_characteristic_two_field */ { if (!EC_POINT_get_affine_coordinates_GF2m(ec_group, point, t, NULL, ctx)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_EC_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_EC_LIB); goto end; } } if (!BN_nnmod(t, t, order, ctx)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB); goto end; } /* check (sG + tP).x + e == sig.r */ if (!BN_mod_add(t, t, e, order, ctx)) { - ECerr(EC_F_SM2_DO_VERIFY, ERR_R_BN_LIB); + SM2err(SM2_F_SM2_DO_VERIFY, ERR_R_BN_LIB); goto end; } if (BN_ucmp(t, sig->r) == 0) { diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 9e850a37..56b11b13 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -597,6 +597,9 @@ int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); +#ifndef OPENSSL_NO_SM2 +int ASN1_OCTET_STRING_is_zero(const ASN1_OCTET_STRING *a); +#endif DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 949f78cc..6b8bfeb0 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -534,6 +534,7 @@ int ERR_load_BN_strings(void); # define BN_F_BN_GFP2_CMP 149 # define BN_F_BN_GFP2_COPY 150 # define BN_F_BN_GFP2_DIV_BN 151 +# define BN_F_BN_GFP2_EQU 162 # define BN_F_BN_GFP2_INV 152 # define BN_F_BN_GFP2_IS_ZERO 153 # define BN_F_BN_GFP2_MUL 154 diff --git a/include/openssl/bn_gfp2.h b/include/openssl/bn_gfp2.h index 3aed6902..0ddee7a6 100644 --- a/include/openssl/bn_gfp2.h +++ b/include/openssl/bn_gfp2.h @@ -63,7 +63,9 @@ typedef struct { } BN_GFP2; BN_GFP2 *BN_GFP2_new(void); +void BN_GFP2_free(BN_GFP2 *a); int BN_GFP2_copy(BN_GFP2 *r, const BN_GFP2 *a); +int BN_GFP2_one(BN_GFP2 *a); int BN_GFP2_zero(BN_GFP2 *a); int BN_GFP2_is_zero(const BN_GFP2 *a); int BN_GFP2_equ(const BN_GFP2 *a, const BN_GFP2 *b); @@ -79,15 +81,8 @@ int BN_GF2P_add_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b, const BIGNUM * int BN_GFP2_sub_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); int BN_GFP2_mul_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); int BN_GFP2_div_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); -void BN_GFP2_free(BN_GFP2 *a); - - -int BN_GFP2_add_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx); - int BN_bn2gfp2(const BIGNUM *bn, BN_GFP2 *gfp2, const BIGNUM *p, BN_CTX *ctx); int BN_gfp22bn(const BN_GFP2 *gfp2, BIGNUM *bn, const BIGNUM *p, BN_CTX *ctx); - /* * Canonical a = a0 + a1 * i * If order is 0 then output a0, a1, else output a1, a0, |a0| = |a1| = |p|. @@ -95,7 +90,6 @@ int BN_gfp22bn(const BN_GFP2 *gfp2, BIGNUM *bn, const BIGNUM *p, BN_CTX *ctx); int BN_GFP2_canonical(const BN_GFP2 *a, unsigned char *out, size_t *outlen, int order, const BIGNUM *p, BN_CTX *ctx); - #ifdef __cplusplus } #endif diff --git a/include/openssl/cpk.h b/include/openssl/cpk.h index 0a55c051..5567c58a 100755 --- a/include/openssl/cpk.h +++ b/include/openssl/cpk.h @@ -74,28 +74,21 @@ int CPK_MAP_str2index(const X509_ALGOR *algor, const char *str, int *index); int CPK_MAP_print(BIO *out, X509_ALGOR *map, int indent, unsigned long flags); -typedef struct cpk_master_secret_st { - long version; - X509_NAME *id; - X509_ALGOR *pkey_algor; - X509_ALGOR *map_algor; - ASN1_OCTET_STRING *secret_factors; -} CPK_MASTER_SECRET; +typedef struct cpk_master_secret_st CPK_MASTER_SECRET; DECLARE_ASN1_FUNCTIONS(CPK_MASTER_SECRET) -typedef struct cpk_public_params_st { - long version; - X509_NAME *id; - X509_ALGOR *pkey_algor; - X509_ALGOR *map_algor; - ASN1_OCTET_STRING *public_factors; -} CPK_PUBLIC_PARAMS; +typedef struct cpk_public_params_st CPK_PUBLIC_PARAMS; DECLARE_ASN1_FUNCTIONS(CPK_PUBLIC_PARAMS) +//CPK_MASTER_SECERT *CPK_MASTER_SECRET_new(const char *domain, const EC_GROUP *group, int map_algor); + + CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, EVP_PKEY *pkey, X509_ALGOR *map_algor); CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master); EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(CPK_MASTER_SECRET *master, const char *id); EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *params, const char *id); + + int CPK_PUBLIC_PARAMS_compute_share_key(CPK_PUBLIC_PARAMS *params, void *out, size_t outlen, const char *id, EVP_PKEY *priv_key, void *(*kdf)(const void *in, size_t inlen, void *out, size_t *outlen)); diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 782106dc..2efe818f 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1342,39 +1342,6 @@ void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, EVP_PKEY_OP_DERIVE, \ EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)p) -# ifndef OPENSSL_NO_SM2 -# define EVP_PKEY_CTX_set_ec_sign_type(ctx, type) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \ - EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX, \ - EVP_PKEY_CTRL_EC_SIGN_TYPE, type, NULL) - -# define EVP_PKEY_CTX_get_ec_sign_type(ctx) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \ - EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX, \ - EVP_PKEY_CTRL_EC_SIGN_TYPE, -2, NULL) - -# define EVP_PKEY_CTX_set_ec_enc_type(ctx, type) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_ENCRYPT|EVP_PKEY_OP_DECRYPT, \ - EVP_PKEY_CTRL_EC_ENC_TYPE, type, NULL) - -# define EVP_PKEY_CTX_get_ec_enc_type(ctx) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_ENCRYPT|EVP_PKEY_OP_DECRYPT, \ - EVP_PKEY_CTRL_EC_ENC_TYPE, -2, NULL) - -# define EVP_PKEY_CTX_set_ec_dh_type(ctx, type) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_DH_TYPE, type, NULL) - -# define EVP_PKEY_CTX_get_ec_dh_type(ctx) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_DH_TYPE, -2, NULL); -# endif # define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) @@ -1390,14 +1357,6 @@ void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, # define EVP_PKEY_ECDH_KDF_NONE 1 # define EVP_PKEY_ECDH_KDF_X9_62 2 -# ifndef OPENSSL_NO_SM2 -# define EVP_PKEY_CTRL_EC_SIGN_TYPE (EVP_PKEY_ALG_CTRL + 11) -# define EVP_PKEY_CTRL_GET_EC_SIGN_TYPE (EVP_PKEY_ALG_CTRL + 12) -# define EVP_PKEY_CTRL_EC_ENC_TYPE (EVP_PKEY_ALG_CTRL + 13) -# define EVP_PKEY_CTRL_GET_EC_ENC_TYPE (EVP_PKEY_ALG_CTRL + 14) -# define EVP_PKEY_CTRL_EC_DH_TYPE (EVP_PKEY_ALG_CTRL + 15) -# define EVP_PKEY_CTRL_GET_EC_DH_TYPE (EVP_PKEY_ALG_CTRL + 16) -# endif /* BEGIN ERROR CODES */ /* @@ -1435,6 +1394,7 @@ int ERR_load_EC_strings(void); # define EC_F_ECIES_PARAMS_GET_KDF 276 # define EC_F_ECIES_PARAMS_GET_MAC 277 # define EC_F_ECIES_PARAMS_INIT_WITH_RECOMMENDED 278 +# define EC_F_ECIES_PARAMS_INIT_WITH_TYPE 320 # define EC_F_ECKEY_PARAM2TYPE 223 # define EC_F_ECKEY_PARAM_DECODE 212 # define EC_F_ECKEY_PRIV_DECODE 213 @@ -1632,6 +1592,7 @@ int ERR_load_EC_strings(void); # define EC_R_ECIES_VERIFY_MAC_FAILURE 167 # define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 # define EC_R_ENCRYPT_FAILED 168 +# define EC_R_ENCRYPT_FAILURE 206 # define EC_R_ERROR 174 # define EC_R_FIELD_TOO_LARGE 143 # define EC_R_GEN_MAC_FAILED 169 @@ -1654,13 +1615,16 @@ int ERR_load_EC_strings(void); # define EC_R_INVALID_DIGEST_TYPE 138 # define EC_R_INVALID_ECIES_CIPHERTEXT 171 # define EC_R_INVALID_ECIES_PARAMETERS 172 +# define EC_R_INVALID_ECIES_PARAMS 207 # define EC_R_INVALID_EC_KEY 180 # define EC_R_INVALID_ENCODING 102 +# define EC_R_INVALID_ENC_PARAM 208 # define EC_R_INVALID_ENC_TYPE 200 # define EC_R_INVALID_FIELD 103 # define EC_R_INVALID_FORM 104 # define EC_R_INVALID_GROUP_ORDER 122 # define EC_R_INVALID_ID_LENGTH 181 +# define EC_R_INVALID_INPUT_LENGTH 209 # define EC_R_INVALID_KDF_MD 182 # define EC_R_INVALID_KEY 116 # define EC_R_INVALID_MD 205 diff --git a/include/openssl/ecies.h b/include/openssl/ecies.h index 4e51e68f..86fc43e0 100644 --- a/include/openssl/ecies.h +++ b/include/openssl/ecies.h @@ -46,11 +46,6 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ -/* - * Ellitpic Curve Integrated Encryption Scheme (ECIES) - * see http://www.secg.org/sec1-v2.pdf (section 5) - * SEC1: Elliptic Curve Cryptography version 2.0 - */ #ifndef HEADER_ECIES_H #define HEADER_ECIES_H @@ -61,6 +56,7 @@ #include #include #include +#include #ifdef __cplusplus extern "C" { @@ -71,6 +67,11 @@ ECIESAlgorithmSet ALGORITHM ::= { {OID ecies-recommendedParameters} | {OID ecies-specifiedParameters PARMS ECIESParameters}, ... -- Future combinations may be added + {OID ecies-with-x9-63-sha1-aes128-cbc-hmac} + {OID ecies-with-x9-63-sha256-aes128-cbc-hmac} + {OID ecies-with-x9-63-sha256-aes192-cbc-hmac} + {OID ecies-with-x9-63-sha512-aes256-cbc-hmac} + {OID ecies-with-x9-63-sha256-xor-hmac} } */ @@ -119,6 +120,7 @@ typedef struct ecies_params_st { ECIES_PARAMS *ECIES_PARAMS_new(void); int ECIES_PARAMS_init_with_recommended(ECIES_PARAMS *param); +int ECIES_PARAMS_init_with_type(ECIES_PARAMS *param, int type); ECIES_PARAMS *ECIES_PARAMS_dup(const ECIES_PARAMS *param); KDF_FUNC ECIES_PARAMS_get_kdf(const ECIES_PARAMS *param); int ECIES_PARAMS_get_enc(const ECIES_PARAMS *param, size_t inlen, @@ -132,13 +134,7 @@ int i2d_ECIESParameters(const ECIES_PARAMS *param, unsigned char **out); ECIES_PARAMS *d2i_ECIESParameters(ECIES_PARAMS **param, const unsigned char **in, long len); - -typedef struct ecies_ciphertext_value_st { - ASN1_OCTET_STRING *ephem_point; - ASN1_OCTET_STRING *ciphertext; - ASN1_OCTET_STRING *mactag; -} ECIES_CIPHERTEXT_VALUE; - +typedef struct ecies_ciphertext_value_st ECIES_CIPHERTEXT_VALUE; DECLARE_ASN1_FUNCTIONS(ECIES_CIPHERTEXT_VALUE) @@ -146,17 +142,14 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, const unsigned char *in, size_t inlen, EC_KEY *ec_key); int ECIES_do_decrypt(const ECIES_PARAMS *param, const ECIES_CIPHERTEXT_VALUE *in, unsigned char *out, size_t *outlen, EC_KEY *ec_key); -int ECIES_encrypt(const ECIES_PARAMS *param, - const unsigned char *in, size_t inlen, +int ECIES_encrypt(int type, const unsigned char *in, size_t inlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key); -int ECIES_decrypt(const ECIES_PARAMS *param, - const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key); - -int ECIES_encrypt_with_recommended(const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key); -int ECIES_decrypt_with_recommended(const unsigned char *in, size_t inlen, +int ECIES_decrypt(int type, const unsigned char *in, size_t inlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key); +#define ECIES_encrypt_with_recommended(in,inlen,out,outlen,ec_key) \ + ECIES_encrypt(NID_ecies_with_x9_63_sha256_xor_hmac,in,inlen,out,outlen,ec_key) +#define ECIES_decrypt_with_recommended(in,inlen,out,outlen,ec_key) \ + ECIES_decrypt(NID_ecies_with_x9_63_sha256_xor_hmac,in,inlen,out,outlen,ec_key) #ifdef __cplusplus diff --git a/include/openssl/err.h b/include/openssl/err.h index 3af35a04..e057e591 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -101,6 +101,7 @@ typedef struct err_state_st { # define ERR_LIB_GMAPI 58 # define ERR_LIB_BFIBE 59 # define ERR_LIB_BB1IBE 60 +# define ERR_LIB_SM2 66 # define ERR_LIB_SM9 61 # define ERR_LIB_SAF 62 # define ERR_LIB_SDF 63 @@ -152,6 +153,7 @@ typedef struct err_state_st { # define GMAPIerr(f,r) ERR_PUT_error(ERR_LIB_GMAPI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define BFIBEerr(f,r) ERR_PUT_error(ERR_LIB_BFIBE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define BB1IBEerr(f,r) ERR_PUT_error(ERR_LIB_BB1IBE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define SAFerr(f,r) ERR_PUT_error(ERR_LIB_SAF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define SDFerr(f,r) ERR_PUT_error(ERR_LIB_SDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) @@ -212,6 +214,7 @@ typedef struct err_state_st { # define ERR_R_GMAPI_LIB ERR_LIB_GMAPI/* 58 */ # define ERR_R_BFIBE_LIB ERR_LIB_BFIBE/* 59 */ # define ERR_R_BB1IBE_LIB ERR_LIB_BB1IBE/* 60 */ +# define ERR_R_SM2_LIB ERR_LIB_SM2/* 66 */ # define ERR_R_SM9_LIB ERR_LIB_SM9/* 61 */ # define ERR_R_SAF_LIB ERR_LIB_SAF/* 62 */ # define ERR_R_SDF_LIB ERR_LIB_SDF/* 63 */ diff --git a/include/openssl/gmapi.h b/include/openssl/gmapi.h index 8f7b077a..d4547f5b 100644 --- a/include/openssl/gmapi.h +++ b/include/openssl/gmapi.h @@ -91,9 +91,9 @@ int EC_KEY_set_ECCrefPublicKey(EC_KEY *ec_key, const ECCrefPublicKey *ref); int EC_KEY_set_ECCrefPrivateKey(EC_KEY *ec_key, const ECCrefPrivateKey *ref); int EC_KEY_get_ECCrefPublicKey(EC_KEY *ec_key, ECCrefPublicKey *ref); int EC_KEY_get_ECCrefPrivateKey(EC_KEY *ec_key, ECCrefPrivateKey *ref); -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCipher(const ECCCipher *ref); -int SM2_CIPHERTEXT_VALUE_set_ECCCipher(SM2_CIPHERTEXT_VALUE *cv, const ECCCipher *ref); -int SM2_CIPHERTEXT_VALUE_get_ECCCipher(const SM2_CIPHERTEXT_VALUE *cv, ECCCipher *ref); +SM2CiphertextValue *SM2CiphertextValue_new_from_ECCCipher(const ECCCipher *ref); +int SM2CiphertextValue_set_ECCCipher(SM2CiphertextValue *cv, const ECCCipher *ref); +int SM2CiphertextValue_get_ECCCipher(const SM2CiphertextValue *cv, ECCCipher *ref); ECDSA_SIG *ECDSA_SIG_new_from_ECCSignature(const ECCSignature *ref); int ECDSA_SIG_set_ECCSignature(ECDSA_SIG *sig, const ECCSignature *ref); int ECDSA_SIG_get_ECCSignature(const ECDSA_SIG *sig, ECCSignature *ref); @@ -111,9 +111,9 @@ int EC_KEY_set_ECCPUBLICKEYBLOB(EC_KEY *ec_key, const ECCPUBLICKEYBLOB *blob); int EC_KEY_get_ECCPUBLICKEYBLOB(EC_KEY *ec_key, ECCPUBLICKEYBLOB *blob); int EC_KEY_set_ECCPRIVATEKEYBLOB(EC_KEY *ec_key, const ECCPRIVATEKEYBLOB *blob); int EC_KEY_get_ECCPRIVATEKEYBLOB(EC_KEY *ec_key, ECCPRIVATEKEYBLOB *blob); -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB(const ECCCIPHERBLOB *blob); -int SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(SM2_CIPHERTEXT_VALUE *cv, const ECCCIPHERBLOB *blob); -int SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(const SM2_CIPHERTEXT_VALUE *cv, ECCCIPHERBLOB *blob); +SM2CiphertextValue *SM2CiphertextValue_new_from_ECCCIPHERBLOB(const ECCCIPHERBLOB *blob); +int SM2CiphertextValue_set_ECCCIPHERBLOB(SM2CiphertextValue *cv, const ECCCIPHERBLOB *blob); +int SM2CiphertextValue_get_ECCCIPHERBLOB(const SM2CiphertextValue *cv, ECCCIPHERBLOB *blob); ECDSA_SIG *ECDSA_SIG_new_from_ECCSIGNATUREBLOB(const ECCSIGNATUREBLOB *blob); int ECDSA_SIG_get_ECCSIGNATUREBLOB(const ECDSA_SIG *sig, ECCSIGNATUREBLOB *blob); int ECDSA_SIG_set_ECCSIGNATUREBLOB(ECDSA_SIG *sig, const ECCSIGNATUREBLOB *blob); @@ -217,6 +217,12 @@ int ERR_load_GMAPI_strings(void); # define GMAPI_F_SKF_MACINIT 184 # define GMAPI_F_SKF_MACUPDATE 185 # define GMAPI_F_SKF_SETSYMMKEY 186 +# define GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHER 193 +# define GMAPI_F_SM2CIPHERTEXTVALUE_GET_ECCCIPHERBLOB 194 +# define GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHER 195 +# define GMAPI_F_SM2CIPHERTEXTVALUE_NEW_FROM_ECCCIPHERBLOB 196 +# define GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHER 197 +# define GMAPI_F_SM2CIPHERTEXTVALUE_SET_ECCCIPHERBLOB 198 # define GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER 187 # define GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB 188 # define GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER 189 diff --git a/include/openssl/gmtls.h b/include/openssl/gmtls.h new file mode 100644 index 00000000..9b6ebd91 --- /dev/null +++ b/include/openssl/gmtls.h @@ -0,0 +1,104 @@ + + + +#ifndef HEADER_GMTLS_H +#define HEADER_GMTLS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* version */ +# define GMTLS_VERSION 0x0101 +# define GMTLS_VERSION_MAJOR 0x01 +# define GMTLS_VERSOIN_MINOR 0x01 + + + +/* SSLVPN ciphersuites from GM/T 0024-2014 Table 2 */ +# define GMTLS_CK_ECDHE_SM1_SM3 0x0300E001 +# define GMTLS_CK_ECC_SM1_SM3 0x0300E003 +# define GMTLS_CK_IBSDH_SM1_SM3 0x0300E005 +# define GMTLS_CK_IBC_SM1_SM3 0x0300E007 +# define GMTLS_CK_RSA_SM1_SM3 0x0300E009 +# define GMTLS_CK_RSA_SM1_SHA1 0x0300E00A +# define GMTLS_CK_ECDHE_SM4_SM3 0x0300E011 +# define GMTLS_CK_ECC_SM4_SM3 0x0300E013 +# define GMTLS_CK_IBSDH_SM4_SM3 0x0300E015 +# define GMTLS_CK_IBC_SM4_SM3 0x0300E017 +# define GMTLS_CK_RSA_SM4_SM3 0x0300E019 +# define GMTLS_CK_RSA_SM4_SHA1 0x0300E01A + + +/* PSK ciphersuites with NULL cipher */ +# define GMTLS_CK_PSK_WITH_NULL_SM3 +# define GMTLS_CK_DHE_PSK_WITH_NULL_SM3 0x0300F104 +# define GMTLS_CK_RSA_PSK_WITH_NULL_SM3 0x0300F108 +# define GMTLS_CK_SM2_PSK_WITH_NULL_SM3 0x0300F108 +# define GMTLS_CK_ECDHE_PSK_WITH_NULL_SM3 0x0300F108 + +/* PSK ciphersuits with SMS4 */ +# define GMTLS_CK_PSK_WITH_SMS4_CBC_SM3 0x0300F101 +# define GMTLS_CK_PSK_WITH_SMS4_GCM_SM3 0x0300F102 +# define GMTLS_CK_PSK_WITH_SMS4_CCM_SM3 0x0300F103 +# define GMTLS_CK_DHE_PSK_WITH_SMS4_CBC_SM3 0x0300F105 +# define GMTLS_CK_DHE_PSK_WITH_SMS4_GCM_SM3 0x0300F106 +# define GMTLS_CK_DHE_PSK_WITH_SMS4_CCM_SM3 0x0300F107 +# define GMTLS_CK_RSA_PSK_WITH_SMS4_CBC_SM3 0x0300F109 +# define GMTLS_CK_RSA_PSK_WITH_SMS4_GCM_SM3 0x0300F10A +# define GMTLS_CK_RSA_PSK_WITH_SMS4_CCM_SM3 0x0300F10B +# define GMTLS_CK_ECC_PSK_WITH_SMS4_CBC_SM3 0x0300F109 +# define GMTLS_CK_ECC_PSK_WITH_SMS4_GCM_SM3 0x0300F10A +# define GMTLS_CK_ECC_PSK_WITH_SMS4_CCM_SM3 0x0300F10B + + +# define GMTLS_CK_PSK_WITH_SM1_CBC_SM3 0x0300F101 +# define GMTLS_CK_PSK_WITH_SM1_GCM_SM3 0x0300F102 +# define GMTLS_CK_PSK_WITH_SM1_CCM_SM3 0x0300F103 +# define GMTLS_CK_DHE_PSK_WITH_SM1_CBC_SM3 0x0300F105 +# define GMTLS_CK_DHE_PSK_WITH_SM1_GCM_SM3 0x0300F106 +# define GMTLS_CK_DHE_PSK_WITH_SM1_CCM_SM3 0x0300F107 +# define GMTLS_CK_RSA_PSK_WITH_SM1_CBC_SM3 0x0300F109 +# define GMTLS_CK_RSA_PSK_WITH_SM1_GCM_SM3 0x0300F10A +# define GMTLS_CK_RSA_PSK_WITH_SM1_CCM_SM3 0x0300F10B + + +# define GMTLS_CK_PSK_WITH_SSF33_CBC_SM3 0x0300F101 +# define GMTLS_CK_PSK_WITH_SSF33_GCM_SM3 0x0300F102 +# define GMTLS_CK_PSK_WITH_SSF33_CCM_SM3 0x0300F103 +# define GMTLS_CK_DHE_PSK_WITH_SSF33_CBC_SM3 0x0300F105 +# define GMTLS_CK_DHE_PSK_WITH_SSF33_GCM_SM3 0x0300F106 +# define GMTLS_CK_DHE_PSK_WITH_SSF33_CCM_SM3 0x0300F107 +# define GMTLS_CK_RSA_PSK_WITH_SSF33_CBC_SM3 0x0300F109 +# define GMTLS_CK_RSA_PSK_WITH_SSF33_GCM_SM3 0x0300F10A +# define GMTLS_CK_RSA_PSK_WITH_SSF33_CCM_SM3 0x0300F10B + +/* SRP ciphersuites */ +# define GMTLS_CK_SRP_SM3_WITH_SMS4_CBC_SM3 +# define GMTLS_CK_SRP_SM3_WITH_SMS4_GCM_SM3 +# define GMTLS_CK_SRP_SM3_WITH_SMS4_CBC_SM3 +# define GMTLS_CK_SRP_SM3_WITH_SMS4_GCM_SM3 +# define GMTLS_CK_SRP_SM3_WITH_SMS4_CCM_SM3 + + +# define TLS_CT_SM2_SIGN 240 +# define TLS_CT_SM2_FIXED_ECDH 241 + + +/* from GM/T 0024-2014 Table 1 */ +#define GMTLS_AD_UNSUPPORTED_SITE2SITE 200 /* fatal */ +#define GMTLS_AD_NO_AREA 201 +#define GMTLS_AD_UNSUPPORTED_AREATYPE 202 +#define GMTLS_AD_BAD_IBCPARAM 203 /* fatal */ +#define GMTLS_AD_UNSUPPORTED_IBCPARAM 204 /* fatal */ +#define GMTLS_AD_IDENTITY_NEED 205 /* fatal */ + + +/* SSL_MAX_DIGEST in ssl_locl.h should be update */ + +#define GM1_PRF_SM3 (SSL_HANDSHAKE_MAC_SM3 << TLS1_PRF_DGST_SHIFT) + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index d252c47b..4ebb5045 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4548,6 +4548,10 @@ #define LN_kx_gost "kx-gost" #define NID_kx_gost 1045 +#define SN_kx_sm2 "KxSM2" +#define LN_kx_sm2 "kx-sm2" +#define NID_kx_sm2 1186 + #define SN_auth_rsa "AuthRSA" #define LN_auth_rsa "auth-rsa" #define NID_auth_rsa 1046 @@ -4580,6 +4584,10 @@ #define LN_auth_null "auth-null" #define NID_auth_null 1053 +#define SN_auth_sm2 "AuthSM2" +#define LN_auth_sm2 "auth-sm2" +#define NID_auth_sm2 1187 + #define SN_ecies_recommendedParameters "ecies-recommendedParameters" #define NID_ecies_recommendedParameters 1063 #define OBJ_ecies_recommendedParameters OBJ_secg_scheme,7L @@ -4656,6 +4664,74 @@ #define NID_cmac_aes256_ecies 1081 #define OBJ_cmac_aes256_ecies OBJ_secg_scheme,24L,2L +#define SN_ecies_with_x9_63_sha1_xor_hmac "ecies-with-x9-63-sha1-xor-hmac" +#define NID_ecies_with_x9_63_sha1_xor_hmac 1169 +#define OBJ_ecies_with_x9_63_sha1_xor_hmac OBJ_ecies_specifiedParameters,1L + +#define SN_ecies_with_x9_63_sha256_xor_hmac "ecies-with-x9-63-sha256-xor-hmac" +#define NID_ecies_with_x9_63_sha256_xor_hmac 1170 +#define OBJ_ecies_with_x9_63_sha256_xor_hmac OBJ_ecies_specifiedParameters,2L + +#define SN_ecies_with_x9_63_sha512_xor_hmac "ecies-with-x9-63-sha512-xor-hmac" +#define NID_ecies_with_x9_63_sha512_xor_hmac 1171 +#define OBJ_ecies_with_x9_63_sha512_xor_hmac OBJ_ecies_specifiedParameters,3L + +#define SN_ecies_with_x9_63_sha1_aes128_cbc_hmac "ecies-with-x9-63-sha1-aes128-cbc-hmac" +#define NID_ecies_with_x9_63_sha1_aes128_cbc_hmac 1172 +#define OBJ_ecies_with_x9_63_sha1_aes128_cbc_hmac OBJ_ecies_specifiedParameters,4L + +#define SN_ecies_with_x9_63_sha256_aes128_cbc_hmac "ecies-with-x9-63-sha256-aes128-cbc-hmac" +#define NID_ecies_with_x9_63_sha256_aes128_cbc_hmac 1173 +#define OBJ_ecies_with_x9_63_sha256_aes128_cbc_hmac OBJ_ecies_specifiedParameters,5L + +#define SN_ecies_with_x9_63_sha512_aes256_cbc_hmac "ecies-with-x9-63-sha512-aes256-cbc-hmac" +#define NID_ecies_with_x9_63_sha512_aes256_cbc_hmac 1174 +#define OBJ_ecies_with_x9_63_sha512_aes256_cbc_hmac OBJ_ecies_specifiedParameters,6L + +#define SN_ecies_with_x9_63_sha256_aes128_ctr_hmac "ecies-with-x9-63-sha256-aes128-ctr-hmac" +#define NID_ecies_with_x9_63_sha256_aes128_ctr_hmac 1175 +#define OBJ_ecies_with_x9_63_sha256_aes128_ctr_hmac OBJ_ecies_specifiedParameters,7L + +#define SN_ecies_with_x9_63_sha512_aes256_ctr_hmac "ecies-with-x9-63-sha512-aes256-ctr-hmac" +#define NID_ecies_with_x9_63_sha512_aes256_ctr_hmac 1176 +#define OBJ_ecies_with_x9_63_sha512_aes256_ctr_hmac OBJ_ecies_specifiedParameters,8L + +#define SN_ecies_with_x9_63_sha256_aes128_cbc_hmac_half "ecies-with-x9-63-sha256-aes128-cbc-hmac-half" +#define NID_ecies_with_x9_63_sha256_aes128_cbc_hmac_half 1177 +#define OBJ_ecies_with_x9_63_sha256_aes128_cbc_hmac_half OBJ_ecies_specifiedParameters,9L + +#define SN_ecies_with_x9_63_sha512_aes256_cbc_hmac_half "ecies-with-x9-63-sha512-aes256-cbc-hmac-half" +#define NID_ecies_with_x9_63_sha512_aes256_cbc_hmac_half 1178 +#define OBJ_ecies_with_x9_63_sha512_aes256_cbc_hmac_half OBJ_ecies_specifiedParameters,10L + +#define SN_ecies_with_x9_63_sha256_aes128_ctr_hmac_half "ecies-with-x9-63-sha256-aes128-ctr-hmac-half" +#define NID_ecies_with_x9_63_sha256_aes128_ctr_hmac_half 1179 +#define OBJ_ecies_with_x9_63_sha256_aes128_ctr_hmac_half OBJ_ecies_specifiedParameters,11L + +#define SN_ecies_with_x9_63_sha512_aes256_ctr_hmac_half "ecies-with-x9-63-sha512-aes256-ctr-hmac-half" +#define NID_ecies_with_x9_63_sha512_aes256_ctr_hmac_half 1180 +#define OBJ_ecies_with_x9_63_sha512_aes256_ctr_hmac_half OBJ_ecies_specifiedParameters,12L + +#define SN_ecies_with_x9_63_sha1_aes128_cbc_cmac "ecies-with-x9-63-sha1-aes128-cbc-cmac" +#define NID_ecies_with_x9_63_sha1_aes128_cbc_cmac 1181 +#define OBJ_ecies_with_x9_63_sha1_aes128_cbc_cmac OBJ_ecies_specifiedParameters,13L + +#define SN_ecies_with_x9_63_sha256_aes128_cbc_cmac "ecies-with-x9-63-sha256-aes128-cbc-cmac" +#define NID_ecies_with_x9_63_sha256_aes128_cbc_cmac 1182 +#define OBJ_ecies_with_x9_63_sha256_aes128_cbc_cmac OBJ_ecies_specifiedParameters,14L + +#define SN_ecies_with_x9_63_sha512_aes256_cbc_cmac "ecies-with-x9-63-sha512-aes256-cbc-cmac" +#define NID_ecies_with_x9_63_sha512_aes256_cbc_cmac 1183 +#define OBJ_ecies_with_x9_63_sha512_aes256_cbc_cmac OBJ_ecies_specifiedParameters,15L + +#define SN_ecies_with_x9_63_sha256_aes128_ctr_cmac "ecies-with-x9-63-sha256-aes128-ctr-cmac" +#define NID_ecies_with_x9_63_sha256_aes128_ctr_cmac 1184 +#define OBJ_ecies_with_x9_63_sha256_aes128_ctr_cmac OBJ_ecies_specifiedParameters,16L + +#define SN_ecies_with_x9_63_sha512_aes256_ctr_cmac "ecies-with-x9-63-sha512-aes256-ctr-cmac" +#define NID_ecies_with_x9_63_sha512_aes256_ctr_cmac 1185 +#define OBJ_ecies_with_x9_63_sha512_aes256_ctr_cmac OBJ_ecies_specifiedParameters,17L + #define SN_ISO_CN "ISO-CN" #define LN_ISO_CN "ISO CN Member Body" #define NID_ISO_CN 1083 @@ -4839,6 +4915,10 @@ #define NID_sm2encrypt 1119 #define OBJ_sm2encrypt OBJ_sm_scheme,301L,3L +#define SN_wapip192v1 "wapip192v1" +#define NID_wapip192v1 1135 +#define OBJ_wapip192v1 OBJ_sm_scheme,301L,101L + #define SN_sm2encrypt_recommendedParameters "sm2encrypt-recommendedParameters" #define NID_sm2encrypt_recommendedParameters 1120 #define OBJ_sm2encrypt_recommendedParameters OBJ_sm2encrypt,1L @@ -4847,6 +4927,50 @@ #define NID_sm2encrypt_specifiedParameters 1121 #define OBJ_sm2encrypt_specifiedParameters OBJ_sm2encrypt,2L +#define SN_sm2encrypt_with_sm3 "sm2encrypt-with-sm3" +#define NID_sm2encrypt_with_sm3 1155 +#define OBJ_sm2encrypt_with_sm3 OBJ_sm2encrypt,2L,1L + +#define SN_sm2encrypt_with_sha1 "sm2encrypt-with-sha1" +#define NID_sm2encrypt_with_sha1 1156 +#define OBJ_sm2encrypt_with_sha1 OBJ_sm2encrypt,2L,2L + +#define SN_sm2encrypt_with_sha224 "sm2encrypt-with-sha224" +#define NID_sm2encrypt_with_sha224 1157 +#define OBJ_sm2encrypt_with_sha224 OBJ_sm2encrypt,2L,3L + +#define SN_sm2encrypt_with_sha256 "sm2encrypt-with-sha256" +#define NID_sm2encrypt_with_sha256 1158 +#define OBJ_sm2encrypt_with_sha256 OBJ_sm2encrypt,2L,4L + +#define SN_sm2encrypt_with_sha384 "sm2encrypt-with-sha384" +#define NID_sm2encrypt_with_sha384 1159 +#define OBJ_sm2encrypt_with_sha384 OBJ_sm2encrypt,2L,5L + +#define SN_sm2encrypt_with_sha512 "sm2encrypt-with-sha512" +#define NID_sm2encrypt_with_sha512 1160 +#define OBJ_sm2encrypt_with_sha512 OBJ_sm2encrypt,2L,6L + +#define SN_sm2encrypt_with_rmd160 "sm2encrypt-with-rmd160" +#define NID_sm2encrypt_with_rmd160 1161 +#define OBJ_sm2encrypt_with_rmd160 OBJ_sm2encrypt,2L,7L + +#define SN_sm2encrypt_with_whirlpool "sm2encrypt-with-whirlpool" +#define NID_sm2encrypt_with_whirlpool 1162 +#define OBJ_sm2encrypt_with_whirlpool OBJ_sm2encrypt,2L,8L + +#define SN_sm2encrypt_with_blake2b512 "sm2encrypt-with-blake2b512" +#define NID_sm2encrypt_with_blake2b512 1163 +#define OBJ_sm2encrypt_with_blake2b512 OBJ_sm2encrypt,2L,9L + +#define SN_sm2encrypt_with_blake2s256 "sm2encrypt-with-blake2s256" +#define NID_sm2encrypt_with_blake2s256 1164 +#define OBJ_sm2encrypt_with_blake2s256 OBJ_sm2encrypt,2L,10L + +#define SN_sm2encrypt_with_md5 "sm2encrypt-with-md5" +#define NID_sm2encrypt_with_md5 1165 +#define OBJ_sm2encrypt_with_md5 OBJ_sm2encrypt,2L,11L + #define SN_id_sm9PublicKey "id-sm9PublicKey" #define NID_id_sm9PublicKey 1122 #define OBJ_id_sm9PublicKey OBJ_sm_scheme,302L @@ -4908,9 +5032,20 @@ #define NID_sm2sign_with_rmd160 1134 #define OBJ_sm2sign_with_rmd160 OBJ_sm_scheme,507L -#define SN_wapip192v1 "wapip192v1" -#define NID_wapip192v1 1135 -#define OBJ_wapip192v1 OBJ_sm_scheme,301L,101L +#define SN_sm2sign_with_whirlpool "SM2Sign-with-Whirlpool" +#define LN_sm2sign_with_whirlpool "sm2sign-with-whirlpool" +#define NID_sm2sign_with_whirlpool 1166 +#define OBJ_sm2sign_with_whirlpool OBJ_sm_scheme,520L + +#define SN_sm2sign_with_blake2b512 "SM2Sign-with-Blake2b512" +#define LN_sm2sign_with_blake2b512 "sm2sign-with-blake2b512" +#define NID_sm2sign_with_blake2b512 1167 +#define OBJ_sm2sign_with_blake2b512 OBJ_sm_scheme,521L + +#define SN_sm2sign_with_blake2s256 "SM2Sign-with-Blake2s256" +#define LN_sm2sign_with_blake2s256 "sm2sign-with-blake2s256" +#define NID_sm2sign_with_blake2s256 1168 +#define OBJ_sm2sign_with_blake2s256 OBJ_sm_scheme,522L #define SN_zuc "ZUC" #define LN_zuc "zuc" diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h index 1444a5c8..97323950 100755 --- a/include/openssl/sm2.h +++ b/include/openssl/sm2.h @@ -66,100 +66,18 @@ extern "C" { #define SM2_MAX_ID_BITS 65535 #define SM2_MAX_ID_LENGTH (SM2_MAX_ID_BITS/8) - #define SM2_DEFAULT_ID_GMT09 "1234567812345678" #define SM2_DEFAULT_ID_GMSSL "anonym@gmssl.org" #define SM2_DEFAULT_ID SM2_DEFAULT_ID_GMSSL #define SM2_DEFAULT_ID_LENGTH (sizeof(SM2_DEFAULT_ID) - 1) #define SM2_DEFAULT_ID_BITS (SM2_DEFAULT_ID_LENGTH * 8) -#define SM2_ID_DIGEST_LENGTH SM3_DIGEST_LENGTH - -#define SM2_DEFAULT_POINT_CONVERSION_FORM POINT_CONVERSION_UNCOMPRESSED - -#define SM2_MAX_PKEY_DATA_LENGTH ((EC_MAX_NBYTES + 1) * 6) - - - -int SM2_get_public_key_data(EC_KEY *ec_key, unsigned char *out, size_t *outlen); +#define SM2_DEFAULT_ID_DIGEST_LENGTH SM3_DIGEST_LENGTH +/* compute identity digest Z */ int SM2_compute_id_digest(const EVP_MD *md, const char *id, size_t idlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key); -/* - * Generate GM/T 0003.2-2012 message digest for SM2 signature scheme. - * Return dgst = msg_md( id_md(id, ec_key) || msg ) - */ -int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md, - const unsigned char *msg, size_t msglen, const char *id, size_t idlen, - unsigned char *out, size_t *outlen, - EC_KEY *ec_key); - - -typedef struct sm2_enc_params_st { - const EVP_MD *kdf_md; - const EVP_MD *mac_md; - point_conversion_form_t point_form; -} SM2_ENC_PARAMS; - - -/* SM2_ENC_PARAMS_dup() is used by ec_pmeth.c, - * so the SM2_ENC_PARAMS_new() and SM2_ENC_PARAMS_free() is also provided - */ -SM2_ENC_PARAMS *SM2_ENC_PARAMS_new(void); -SM2_ENC_PARAMS *SM2_ENC_PARAMS_dup(const SM2_ENC_PARAMS *param); -void SM2_ENC_PARAMS_free(SM2_ENC_PARAMS *param); - -int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *param); - - -typedef struct sm2_ciphertext_value_st { - EC_POINT *ephem_point; - unsigned char *ciphertext; - size_t ciphertext_size; - unsigned char mactag[EVP_MAX_MD_SIZE]; - unsigned int mactag_size; -} SM2_CIPHERTEXT_VALUE; - -int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *ec_group, - const SM2_ENC_PARAMS *params, size_t mlen); - -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new(const EC_GROUP *group); -void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv); -int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, - const EC_GROUP *ec_group, const SM2_ENC_PARAMS *params, - unsigned char *buf, size_t *buflen); -SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, - const SM2_ENC_PARAMS *params, const unsigned char *buf, size_t buflen); - -int i2d_SM2_CIPHERTEXT_VALUE(const EC_GROUP *group, - const SM2_CIPHERTEXT_VALUE *c, unsigned char **out); -SM2_CIPHERTEXT_VALUE *d2i_SM2_CIPHERTEXT_VALUE(const EC_GROUP *group, - SM2_CIPHERTEXT_VALUE **c, const unsigned char **in, long len); - -int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group, - const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags); - -SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params, - const unsigned char *in, size_t inlen, EC_KEY *ec_key); -int SM2_do_decrypt(const SM2_ENC_PARAMS *params, - const SM2_CIPHERTEXT_VALUE *in, unsigned char *out, size_t *outlen, - EC_KEY *ec_key); -int SM2_encrypt(const SM2_ENC_PARAMS *params, - const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, - EC_KEY *ec_key); -int SM2_decrypt(const SM2_ENC_PARAMS *params, - const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, - EC_KEY *ec_key); - - -int SM2_encrypt_with_recommended(const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key); -int SM2_decrypt_with_recommended(const unsigned char *in, size_t inlen, - unsigned char *out, size_t *outlen, EC_KEY *ec_key); - - +/* SM2 digital signature */ int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx, BIGNUM **a, BIGNUM **b); ECDSA_SIG *SM2_do_sign_ex(const unsigned char *dgst, int dgstlen, const BIGNUM *a, const BIGNUM *b, EC_KEY *ec_key); @@ -175,39 +93,34 @@ int SM2_sign(int type, const unsigned char *dgst, int dgstlen, int SM2_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *ec_key); +/* SM2 Public Key Encryption */ + +#define SM2_MIN_PLAINTEXT_LENGTH 0 +#define SM2_MAX_PLAINTEXT_LENGTH 1024 + +typedef struct SM2CiphertextValue_st SM2CiphertextValue; +DECLARE_ASN1_FUNCTIONS(SM2CiphertextValue) + +SM2CiphertextValue *SM2_do_encrypt(const EVP_MD *md, + const unsigned char *in, size_t inlen, EC_KEY *ec_key); +int SM2_do_decrypt(const EVP_MD *md, const SM2CiphertextValue *in, + unsigned char *out, size_t *outlen, EC_KEY *ec_key); +int SM2_encrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key); +int SM2_decrypt(int type, const unsigned char *in, size_t inlen, + unsigned char *out, size_t *outlen, EC_KEY *ec_key); +#define SM2_encrypt_with_recommended(in,inlen,out,outlen,ec_key) \ + SM2_encrypt(NID_sm3,in,inlen,out,outlen,ec_key) +#define SM2_decrypt_with_recommended(in,inlen,out,outlen,ec_key) \ + SM2_decrypt(NID_sm3,in,inlen,out,outlen,ec_key) + + +/* SM2 Key Exchange */ +typedef struct sm2_kap_ctx_st SM2_KAP_CTX; + int SM2_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, const EC_KEY *ec_key, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); -typedef struct sm2_kap_ctx_st { - - const EVP_MD *id_dgst_md; - const EVP_MD *kdf_md; - const EVP_MD *checksum_md; - point_conversion_form_t point_form; - KDF_FUNC kdf; - - int is_initiator; - int do_checksum; - - EC_KEY *ec_key; - unsigned char id_dgst[EVP_MAX_MD_SIZE]; - unsigned int id_dgstlen; - - EC_KEY *remote_pubkey; - unsigned char remote_id_dgst[EVP_MAX_MD_SIZE]; - unsigned int remote_id_dgstlen; - - const EC_GROUP *group; - BN_CTX *bn_ctx; - BIGNUM *order; - BIGNUM *two_pow_w; - - BIGNUM *t; - EC_POINT *point; - unsigned char pt_buf[1 + (OPENSSL_ECC_MAX_FIELD_BITS+7)/4]; - unsigned char checksum[EVP_MAX_MD_SIZE]; -} SM2_KAP_CTX; - int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx, EC_KEY *ec_key, const char *id, size_t idlen, EC_KEY *remote_pubkey, const char *rid, size_t ridlen, @@ -221,12 +134,11 @@ int SM2_KAP_final_check(SM2_KAP_CTX *ctx, const unsigned char *checksum, size_t checksumlen); void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx); - +/* EC_KEY_METHOD */ const EC_KEY_METHOD *EC_KEY_GmSSL(void); void EC_KEY_set_default_secg_method(void); void EC_KEY_set_default_sm_method(void); - int EC_KEY_METHOD_type(const EC_KEY_METHOD *meth); void EC_KEY_METHOD_set_encrypt(EC_KEY_METHOD *meth, @@ -253,7 +165,93 @@ void EC_KEY_METHOD_get_decrypt(EC_KEY_METHOD *meth, int (**pdo_decrypt)(int type, const ECIES_CIPHERTEXT_VALUE *in, unsigned char *out, size_t *outlen, EC_KEY *ec_key)); -#ifdef __cplusplus + +#define EVP_PKEY_CTX_set_ec_sign_type(ctx, type) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \ + EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX, \ + EVP_PKEY_CTRL_EC_SIGN_TYPE, type, NULL) + +#define EVP_PKEY_CTX_get_ec_sign_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \ + EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX, \ + EVP_PKEY_CTRL_EC_SIGN_TYPE, -2, NULL) + +#define EVP_PKEY_CTX_set_ec_enc_type(ctx, type) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_ENCRYPT|EVP_PKEY_OP_DECRYPT, \ + EVP_PKEY_CTRL_EC_ENC_TYPE, type, NULL) + +#define EVP_PKEY_CTX_get_ec_enc_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_ENCRYPT|EVP_PKEY_OP_DECRYPT, \ + EVP_PKEY_CTRL_EC_ENC_TYPE, -2, NULL) + +#define EVP_PKEY_CTX_set_ec_dh_type(ctx, type) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_DH_TYPE, type, NULL) + +#define EVP_PKEY_CTX_get_ec_dh_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_DH_TYPE, -2, NULL); + +#define EVP_PKEY_CTX_set_sm2_id(ctx, type) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \ + EVP_PKEY_OP_VERIFY|EVP_PKEY_OP_VERIFYCTX| \ + EVP_PKEY_OP_DERIVE, type, NULL) + + +#define EVP_PKEY_CTRL_EC_SIGN_TYPE (EVP_PKEY_ALG_CTRL + 11) +#define EVP_PKEY_CTRL_GET_EC_SIGN_TYPE (EVP_PKEY_ALG_CTRL + 12) +#define EVP_PKEY_CTRL_EC_ENC_TYPE (EVP_PKEY_ALG_CTRL + 13) +#define EVP_PKEY_CTRL_GET_EC_ENC_TYPE (EVP_PKEY_ALG_CTRL + 14) +#define EVP_PKEY_CTRL_EC_DH_TYPE (EVP_PKEY_ALG_CTRL + 15) +#define EVP_PKEY_CTRL_GET_EC_DH_TYPE (EVP_PKEY_ALG_CTRL + 16) + + + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +int ERR_load_SM2_strings(void); + +/* Error codes for the SM2 functions. */ + +/* Function codes. */ +# define SM2_F_I2O_SM2CIPHERTEXTVALUE 107 +# define SM2_F_O2I_SM2CIPHERTEXTVALUE 108 +# define SM2_F_SM2_DECRYPT 100 +# define SM2_F_SM2_DO_DECRYPT 101 +# define SM2_F_SM2_DO_ENCRYPT 102 +# define SM2_F_SM2_DO_SIGN 104 +# define SM2_F_SM2_DO_VERIFY 105 +# define SM2_F_SM2_ENCRYPT 103 +# define SM2_F_SM2_SIGN_SETUP 106 + +/* Reason codes. */ +# define SM2_R_BAD_SIGNATURE 110 +# define SM2_R_BUFFER_TOO_SMALL 100 +# define SM2_R_DECRYPT_FAILURE 101 +# define SM2_R_ENCRYPT_FAILURE 102 +# define SM2_R_INVALID_CIPHERTEXT 103 +# define SM2_R_INVALID_DIGEST_ALGOR 104 +# define SM2_R_INVALID_EC_KEY 105 +# define SM2_R_INVALID_INPUT_LENGTH 106 +# define SM2_R_INVALID_PLAINTEXT_LENGTH 107 +# define SM2_R_INVALID_PUBLIC_KEY 108 +# define SM2_R_KDF_FAILURE 109 +# define SM2_R_MISSING_PARAMETERS 111 +# define SM2_R_NEED_NEW_SETUP_VALUES 112 +# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 113 + +# ifdef __cplusplus } -#endif +# endif #endif diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9ad4af3a..87237ef9 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -111,6 +111,8 @@ extern "C" { # define SSL_TXT_kDHEPSK "kDHEPSK" # define SSL_TXT_kGOST "kGOST" # define SSL_TXT_kSRP "kSRP" +# define SSL_TXT_kSM2 "kSM2" +# define SSL_TXT_kSM2PSK "kSM2PSK" # define SSL_TXT_aRSA "aRSA" # define SSL_TXT_aDSS "aDSS" @@ -123,6 +125,7 @@ extern "C" { # define SSL_TXT_aGOST12 "aGOST12" # define SSL_TXT_aGOST "aGOST" # define SSL_TXT_aSRP "aSRP" +# define SSL_TXT_aSM2 "aSM2" # define SSL_TXT_DSS "DSS" # define SSL_TXT_DH "DH" @@ -156,8 +159,12 @@ extern "C" { # define SSL_TXT_CHACHA20 "CHACHA20" # define SSL_TXT_GOST "GOST89" # define SSL_TXT_SMS4 "SMS4" -# define SSL_TXT_SMS4_GCM "SMS4GCM" -# define SSL_TXT_SMS4_CCM "SMS4CCM" +# define SSL_TXT_SMS4GCM "SMS4GCM" +# define SSL_TXT_SMS4CCM "SMS4CCM" +# define SSL_TXT_SMS4CCM8 "SMS4CCM8" +# define SSL_TXT_ZUC "ZUC" +# define SSL_TXT_SM1 "SM1" +# define SSL_TXT_SSF33 "SSF33" # define SSL_TXT_MD5 "MD5" # define SSL_TXT_SHA1 "SHA1" @@ -174,7 +181,7 @@ extern "C" { # define SSL_TXT_TLSV1 "TLSv1" # define SSL_TXT_TLSV1_1 "TLSv1.1" # define SSL_TXT_TLSV1_2 "TLSv1.2" -# define SSL_TXT_GMSV1_1 "GMSv1.1" +# define SSL_TXT_GMTLSV1_1 "GMTLSv1.1" # define SSL_TXT_ALL "ALL" @@ -817,6 +824,7 @@ __owur int SSL_extension_supported(unsigned int ext_type); # include /* This is mostly sslv3 with a few tweaks */ # include /* Datagram TLS */ # include /* Support for the use_srtp extension */ +# include #ifdef __cplusplus extern "C" { diff --git a/ssl/methods_gmtls.c b/ssl/methods_gmtls.c new file mode 100644 index 00000000..c8461432 --- /dev/null +++ b/ssl/methods_gmtls.c @@ -0,0 +1,266 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "ssl_locl.h" + +/*- + * TLS/SSLv3 methods + */ + +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, + TLS_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_2_METHOD +IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, + tlsv1_2_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_2_enc_data) +#endif +#ifndef OPENSSL_NO_TLS1_1_METHOD +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, + tlsv1_1_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_1_enc_data) +#endif +#ifndef OPENSSL_NO_TLS1_METHOD +IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, + tlsv1_method, + ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data) +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect) +#endif +/*- + * TLS/SSLv3 server methods + */ +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, + TLS_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_2_METHOD +IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, + tlsv1_2_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_2_enc_data) +#endif +#ifndef OPENSSL_NO_TLS1_1_METHOD +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, + tlsv1_1_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_1_enc_data) +#endif +#ifndef OPENSSL_NO_TLS1_METHOD +IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, + tlsv1_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_enc_data) +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(sslv3_server_method, + ossl_statem_accept, ssl_undefined_function) +#endif +/*- + * TLS/SSLv3 client methods + */ +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, + TLS_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_2_METHOD +IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, + tlsv1_2_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_2_enc_data) +#endif +#ifndef OPENSSL_NO_TLS1_1_METHOD +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, + tlsv1_1_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_1_enc_data) +#endif +#ifndef OPENSSL_NO_TLS1_METHOD +IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, + tlsv1_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_enc_data) +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(sslv3_client_method, + ssl_undefined_function, ossl_statem_connect) +#endif +/*- + * DTLS methods + */ +#ifndef OPENSSL_NO_DTLS1_METHOD +IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, + dtlsv1_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_enc_data) +#endif +#ifndef OPENSSL_NO_DTLS1_2_METHOD +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, + dtlsv1_2_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_2_enc_data) +#endif +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, + DTLS_method, + ossl_statem_accept, + ossl_statem_connect, DTLSv1_2_enc_data) + +/*- + * DTLS server methods + */ +#ifndef OPENSSL_NO_DTLS1_METHOD +IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, + dtlsv1_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_enc_data) +#endif +#ifndef OPENSSL_NO_DTLS1_2_METHOD +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, + dtlsv1_2_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_2_enc_data) +#endif +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, + DTLS_server_method, + ossl_statem_accept, + ssl_undefined_function, DTLSv1_2_enc_data) + +/*- + * DTLS client methods + */ +#ifndef OPENSSL_NO_DTLS1_METHOD +IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, + dtlsv1_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_enc_data) +IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, + dtls_bad_ver_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_enc_data) +#endif +#ifndef OPENSSL_NO_DTLS1_2_METHOD +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2, + dtlsv1_2_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_2_enc_data) +#endif +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, + DTLS_client_method, + ssl_undefined_function, + ossl_statem_connect, DTLSv1_2_enc_data) +#if OPENSSL_API_COMPAT < 0x10100000L +# ifndef OPENSSL_NO_TLS1_2_METHOD +const SSL_METHOD *TLSv1_2_method(void) +{ + return tlsv1_2_method(); +} + +const SSL_METHOD *TLSv1_2_server_method(void) +{ + return tlsv1_2_server_method(); +} + +const SSL_METHOD *TLSv1_2_client_method(void) +{ + return tlsv1_2_client_method(); +} +# endif + +# ifndef OPENSSL_NO_TLS1_1_METHOD +const SSL_METHOD *TLSv1_1_method(void) +{ + return tlsv1_1_method(); +} + +const SSL_METHOD *TLSv1_1_server_method(void) +{ + return tlsv1_1_server_method(); +} + +const SSL_METHOD *TLSv1_1_client_method(void) +{ + return tlsv1_1_client_method(); +} +# endif + +# ifndef OPENSSL_NO_TLS1_METHOD +const SSL_METHOD *TLSv1_method(void) +{ + return tlsv1_method(); +} + +const SSL_METHOD *TLSv1_server_method(void) +{ + return tlsv1_server_method(); +} + +const SSL_METHOD *TLSv1_client_method(void) +{ + return tlsv1_client_method(); +} +# endif + +# ifndef OPENSSL_NO_SSL3_METHOD +const SSL_METHOD *SSLv3_method(void) +{ + return sslv3_method(); +} + +const SSL_METHOD *SSLv3_server_method(void) +{ + return sslv3_server_method(); +} + +const SSL_METHOD *SSLv3_client_method(void) +{ + return sslv3_client_method(); +} +# endif + +# ifndef OPENSSL_NO_DTLS1_2_METHOD +const SSL_METHOD *DTLSv1_2_method(void) +{ + return dtlsv1_2_method(); +} + +const SSL_METHOD *DTLSv1_2_server_method(void) +{ + return dtlsv1_2_server_method(); +} + +const SSL_METHOD *DTLSv1_2_client_method(void) +{ + return dtlsv1_2_client_method(); +} +# endif + +# ifndef OPENSSL_NO_DTLS1_METHOD +const SSL_METHOD *DTLSv1_method(void) +{ + return dtlsv1_method(); +} + +const SSL_METHOD *DTLSv1_server_method(void) +{ + return dtlsv1_server_method(); +} + +const SSL_METHOD *DTLSv1_client_method(void) +{ + return dtlsv1_client_method(); +} +# endif + +#endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 99b64bb9..e58c9b5d 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -68,7 +68,15 @@ #define SSL_ENC_AES256CCM8_IDX 17 #define SSL_ENC_GOST8912_IDX 18 #define SSL_ENC_CHACHA_IDX 19 -#define SSL_ENC_NUM_IDX 20 +#define SSL_ENC_SMS4_IDX 20 +#define SSL_ENC_SMS4GCM_IDX 21 +#define SSL_ENC_SMS4CCM_IDX 22 +#define SSL_ENC_SMS4CCM8_IDX 23 +#define SSL_ENC_ZUC_IDX 24 +#define SSL_ENC_SM1_IDX 25 +#define SSL_ENC_SSF33_IDX 26 +#define SSL_ENC_NUM_IDX 27 + /* NB: make sure indices in these tables match values above */ @@ -97,13 +105,20 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */ {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */ {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */ - {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX */ - {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, + {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */ + {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ + {SSL_SMS4, NID_sms4_cbc}, /* SSL_ENC_SMS4_IDX 20 */ + {SSL_SMS4GCM, NID_sms4_gcm}, /* SSL_ENC_SMS4GCM_IDX 21 */ + {SSL_SMS4CCM, NID_sms4_ccm}, /* SSL_ENC_SMS4CCM_IDX 22 */ + {SSL_SMS4CCM8, NID_sms4_ccm}, /* SSL_ENC_SMS4CCM8_IDX 23 */ + {SSL_ZUC, NID_zuc}, /* SSL_ENC_ZUC_IDX 24 */ + {SSL_SM1, NID_sm1_cbc}, /* SSL_ENC_SM1_IDX 25 */ + {SSL_SSF33, NID_ssf33_cbc}, /* SSL_ENC_SSF33_IDX 26 */ }; static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, }; #define SSL_COMP_NULL_IDX 0 @@ -136,11 +151,13 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = { {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */ {0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */ {0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */ - {0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */ + {0, NID_sha512}, /* SSL_MD_SHA512_IDX 11 */ + {SSL_SM3, NID_sm3}, /* SSL_MD_SM3_IDX 12 */ }; static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL }; /* *INDENT-OFF* */ @@ -153,7 +170,8 @@ static const ssl_cipher_table ssl_cipher_table_kx[] = { {SSL_kRSAPSK, NID_kx_rsa_psk}, {SSL_kPSK, NID_kx_psk}, {SSL_kSRP, NID_kx_srp}, - {SSL_kGOST, NID_kx_gost} + {SSL_kGOST, NID_kx_gost}, + {SSL_kSM2, NID_kx_sm2}, }; static const ssl_cipher_table ssl_cipher_table_auth[] = { @@ -164,7 +182,8 @@ static const ssl_cipher_table ssl_cipher_table_auth[] = { {SSL_aGOST01, NID_auth_gost01}, {SSL_aGOST12, NID_auth_gost12}, {SSL_aSRP, NID_auth_srp}, - {SSL_aNULL, NID_auth_null} + {SSL_aNULL, NID_auth_null}, + {SSL_aSM2, NID_auth_sm2}, }; /* *INDENT-ON* */ @@ -195,6 +214,8 @@ static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, /* GOST2012_512 */ EVP_PKEY_HMAC, + /* SM3 */ + EVP_PKEY_HMAC, }; static int ssl_mac_secret_size[SSL_MD_NUM_IDX]; @@ -404,9 +425,10 @@ void ssl_load_ciphers(void) } } /* Make sure we can access MD5 and SHA1 */ + OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL); OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL); - + disabled_mkey_mask = 0; disabled_auth_mask = 0; @@ -423,6 +445,9 @@ void ssl_load_ciphers(void) #ifdef OPENSSL_NO_EC disabled_mkey_mask |= SSL_kECDHEPSK; disabled_auth_mask |= SSL_aECDSA; +# ifdef OPENSSL_NO_GMTLS + /* do something */ +# endif #endif #ifdef OPENSSL_NO_PSK disabled_mkey_mask |= SSL_PSK; @@ -1573,6 +1598,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST: kx = "GOST"; break; + case SSL_kSM2: + kx = "SM2"; + break; default: kx = "unknown"; } @@ -1603,6 +1631,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case (SSL_aGOST12 | SSL_aGOST01): au = "GOST12"; break; + case SSL_aSM2: + au = "SM2"; + break; default: au = "unknown"; break; @@ -1667,6 +1698,27 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CHACHA20POLY1305: enc = "CHACHA20/POLY1305(256)"; break; + case SSL_SMS4: + enc = "SMS4(128)"; + break; + case SSL_SMS4GCM: + enc = "SMS4GCM(128)"; + break; + case SSL_SMS4CCM: + enc = "SMS4CCM(128)"; + break; + case SSL_SMS4CCM8: + enc = "SMS4CCM8(128)"; + break; + case SSL_ZUC: + enc = "ZUC(128)"; + break; + case SSL_SM1: + enc = "SM1(128)"; + break; + case SSL_SSF33: + enc = "SSF33(128)"; + break; default: enc = "unknown"; break; @@ -1699,6 +1751,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_GOST12_512: mac = "GOST2012"; break; + case SSL_SM3: + mac = "SM3"; + break; default: mac = "unknown"; break; @@ -1714,7 +1769,7 @@ const char *SSL_CIPHER_get_version(const SSL_CIPHER *c) if (c == NULL) return "(NONE)"; - /* + /* * Backwards-compatibility crutch. In almost all contexts we report TLS * 1.0 as "TLSv1", but for ciphers we report "TLSv1.0". */ @@ -1903,6 +1958,8 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) return SSL_PKEY_GOST_EC; else if (alg_a & SSL_aGOST01) return SSL_PKEY_GOST01; + else if (alg_a & SSL_aSM2) + return SSL_PKEY_ECC; return -1; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 4079b316..5876fc2f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -223,10 +223,12 @@ # define SSL_kRSAPSK 0x00000040U # define SSL_kECDHEPSK 0x00000080U # define SSL_kDHEPSK 0x00000100U +# define SSL_kSM2 0x00000200U +# define SSL_kSM2PSK 0x00000400U /* all PSK */ -# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK) +# define SSL_PSK (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK | SSL_kSM2PSK) /* Bits for algorithm_auth (server authentication) */ /* RSA auth */ @@ -245,6 +247,8 @@ # define SSL_aSRP 0x00000040U /* GOST R 34.10-2012 signature auth */ # define SSL_aGOST12 0x00000080U +/* SM2 */ +# define SSL_aSM2 0x00000100U /* Bits for algorithm_enc (symmetric encryption) */ # define SSL_DES 0x00000001U @@ -267,19 +271,27 @@ # define SSL_AES256CCM8 0x00020000U # define SSL_eGOST2814789CNT12 0x00040000U # define SSL_CHACHA20POLY1305 0x00080000U +# define SSL_SMS4 0x00100000U +# define SSL_SMS4GCM 0x00200000U +# define SSL_SMS4CCM 0x00400000U +# define SSL_SMS4CCM8 0x00800000U +# define SSL_ZUC 0x01000000U +# define SSL_SM1 0x02000000U +# define SSL_SSF33 0x04000000U # define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM) # define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8) # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) # define SSL_CHACHA20 (SSL_CHACHA20POLY1305) +# define SSL_SMS4ALL (SSL_SMS4 | SSL_SMS4GCM | SSL_SMS4CCM | SSL_SMS4CCM8) /* Bits for algorithm_mac (symmetric authentication) */ # define SSL_MD5 0x00000001U # define SSL_SHA1 0x00000002U -# define SSL_GOST94 0x00000004U -# define SSL_GOST89MAC 0x00000008U +# define SSL_GOST94 0x00000004U +# define SSL_GOST89MAC 0x00000008U # define SSL_SHA256 0x00000010U # define SSL_SHA384 0x00000020U /* Not a real MAC, just an indication it is part of cipher */ @@ -287,6 +299,7 @@ # define SSL_GOST12_256 0x00000080U # define SSL_GOST89MAC12 0x00000100U # define SSL_GOST12_512 0x00000200U +# define SSL_SM3 0x00000400U /* * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make @@ -305,7 +318,8 @@ # define SSL_MD_MD5_SHA1_IDX 9 # define SSL_MD_SHA224_IDX 10 # define SSL_MD_SHA512_IDX 11 -# define SSL_MAX_DIGEST 12 +# define SSL_MD_SM3_IDX 12 +# define SSL_MAX_DIGEST 13 /* Bits for algorithm2 (handshake digests and other extra flags) */ @@ -317,7 +331,8 @@ # define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX # define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX # define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX -# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1 +# define SSL_HANDSHAKE_MAC_SM3 SSL_MD_SM3_IDX +# define SSL_HANDSHAKE_MAC_DEFAULT SSL_HANDSHAKE_MAC_MD5_SHA1 /* Bits 8-15 bits are PRF */ # define TLS1_PRF_DGST_SHIFT 8 @@ -327,6 +342,7 @@ # define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT) # define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT) # define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT) +# define TLS1_PRF_SM3 (SSL_MD_SM3_IDX << TLS1_PRF_DGST_SHIFT) # define TLS1_PRF (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT) /* diff --git a/ssl/statem/statem_gmtls.c b/ssl/statem/statem_gmtls.c new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/ssl/statem/statem_gmtls.c @@ -0,0 +1 @@ + diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 637c610a..a53680ec 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -639,6 +639,13 @@ typedef struct { #endif static const version_info tls_version_table[] = { +/* +#ifndef OPENSSL_NO_GMTLS + {GMTLS_VERSION, gmtls_client_method, gmtls_server_method}, +#else + {GMTLS_VERSION, NULL, NULL}, +#endif +*/ #ifndef OPENSSL_NO_TLS1_2 {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, #else @@ -667,6 +674,13 @@ static const version_info tls_version_table[] = { #endif static const version_info dtls_version_table[] = { +/* +#ifndef OPENSSL_NO_GMTLS + {GMTLS_VERSION, gmdtls_client_method, gmdtls_server_method}, +#else + {GMTLS_VERSION, NULL, NULL}, +#endif +*/ #ifndef OPENSSL_NO_DTLS1_2 {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method}, #else diff --git a/crypto/ec2/ec_expoint.c b/test/bnhashtest.c similarity index 78% rename from crypto/ec2/ec_expoint.c rename to test/bnhashtest.c index 9cf6e17a..3531f0d6 100644 --- a/crypto/ec2/ec_expoint.c +++ b/test/bnhashtest.c @@ -46,45 +46,36 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ -/* - * this file is to implement elliptic curve operations over extension - * fields - */ #include #include -#include -#include #include #include -#include +#include - -typedef struct { - int security_bits; - int n_bits; - int p_bits; - int q_bits; -} PAIRING_SEC; - -static PAIRING_SEC sec_tbl[] = { - /* k |n| |p| |q| */ - { 80, 1024, 512, 160}, - {112, 2048, 1024, 224}, - {128, 3072, 1536, 256}, - {192, 7680, 3840, 384}, - {256, 15360, 7680, 512} -}; - -const EVP_MD *PAIRING_nbits_to_md(int nbits) +int main(void) { - switch (nbits) { - case 1024: return EVP_sha1(); - case 2048: return EVP_sha224(); - case 3072: return EVP_sha256(); - case 7680: return EVP_sha384(); - case 15360: return EVP_sha512(); - } - return NULL; -} + char *s = "This ASCII string without null-terminator"; + BIGNUM *bn = NULL; + BIGNUM *ret = NULL; + BIGNUM *range = NULL; + BN_hex2bn(&range, "ffffffffffffffffffffefffffffffffffffffff"); + BN_hex2bn(&bn, "79317c1610c1fc018e9c53d89d59c108cd518608"); + + if (!BN_hash2bn(&ret, s, strlen(s), EVP_sha1(), range)) { + printf("BN_hash2bn() function failed\n"); + return 0; + } + if (!ret) { + printf("shit\n"); + } + printf("%s\n", BN_bn2hex(ret)); + if (BN_cmp(ret, bn) != 0) { + printf("BN_hash2bn() test failed\n"); + return 0; + } + + printf("BN_hash2bn() test passed\n"); + return 1; +} diff --git a/test/build.info b/test/build.info index 341792b9..86d9fd03 100644 --- a/test/build.info +++ b/test/build.info @@ -17,7 +17,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ - sm3test sms4test kdf2test eciestest ffxtest sm2test \ + sm3test sms4test kdf2test eciestest ffxtest sm2test sm2evptest \ pailliertest cpktest otptest gmapitest ec2test \ bfibetest bb1ibetest sm9test \ saftest sdftest skftest softest zuctest \ @@ -312,6 +312,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[sm2test]=../include DEPEND[sm2test]=../libcrypto + SOURCE[sm2evptest]=sm2evptest.c + INCLUDE[sm2evptest]=../include + DEPEND[sm2evptest]=../libcrypto + SOURCE[pailliertest]=pailliertest.c INCLUDE[pailliertest]=../include DEPEND[pailliertest]=../libcrypto diff --git a/test/p b/test/p deleted file mode 100644 index 9c73fff5..00000000 --- a/test/p +++ /dev/null @@ -1,69 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use strict; -use warnings; - -use File::Spec::Functions qw/catfile/; -use File::Copy; -use File::Compare qw/compare_text/; -use File::Basename; -use OpenSSL::Test qw/:DEFAULT srctop_file/; - -setup("test_enc"); - -# We do it this way, because setup() may have moved us around, -# so the directory portion of $0 might not be correct any more. -# However, the name hasn't changed. -my $testsrc = srctop_file("test","recipes",basename($0)); - -my $test = catfile(".", "p"); - -my $cmd = "gmssl"; - -my @ciphers = - map { s/^\s+//; s/\s+$//; split /\s+/ } - run(app([$cmd, "list", "-cipher-commands"]), capture => 1); - -plan tests => 1 + (scalar @ciphers)*2; - -my $init = ok(copy($testsrc,$test)); - -if (!$init) { - diag("Trying to copy $testsrc to $test : $!"); -} - - SKIP: { - skip "Not initialized, skipping...", 11 unless $init; - - foreach my $c (@ciphers) { - my %variant = ("$c" => [], - "$c base64" => [ "-a" ]); - - foreach my $t (sort keys %variant) { - my $cipherfile = "$test.$c.cipher"; - my $clearfile = "$test.$c.clear"; - my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" ); - my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" ); - if ($c eq "cat") { - $cipherfile = "$test.cipher"; - $clearfile = "$test.clear"; - @e = ( "enc", @{$variant{$t}}, "-e" ); - @d = ( "enc", @{$variant{$t}}, "-d" ); - } - - ok(run(app([$cmd, @e, "-in", $test, "-out", $cipherfile])) - && run(app([$cmd, @d, "-in", $cipherfile, "-out", $clearfile])) - && compare_text($test,$clearfile) == 0, $t); - unlink $cipherfile, $clearfile; - } - } -} - -unlink $test; diff --git a/test/recipes/15-test_sm2.t b/test/recipes/15-test_sm2.t index 31be5b88..cd69aab0 100644 --- a/test/recipes/15-test_sm2.t +++ b/test/recipes/15-test_sm2.t @@ -10,4 +10,4 @@ use OpenSSL::Test::Simple; simple_test("test_sm2", "sm2test", "sm2"); -#simple_test("test_sm2evp", "sm2evptest", "sm2"); +simple_test("test_sm2evp", "sm2evptest", "sm2"); diff --git a/test/sm2evptest.c b/test/sm2evptest.c index 9803ba4b..a5d5cbe4 100644 --- a/test/sm2evptest.c +++ b/test/sm2evptest.c @@ -49,678 +49,26 @@ #include #include -#include -#include -#include -#include -#include -#include +#include -RAND_METHOD fake_rand; -const RAND_METHOD *old_rand; +#include "../e_os.h" -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; -static const char *rnd_number = NULL; - -int fbytes(unsigned char *buf, int num) +#ifdef OPENSSL_NO_SM2 +int main(int argc, char **argv) { - int ret = 0; - BIGNUM *bn = NULL; - - if (!BN_hex2bn(&bn, rnd_number)) { - goto end; - } - if (BN_num_bytes(bn) > num) { - goto end; - } - memset(buf, 0, num); - if (!BN_bn2bin(bn, buf + num - BN_num_bytes(bn))) { - goto end; - } - ret = 1; -end: - BN_free(bn); - return ret; + printf("No SM2 support\n"); + return 0; } +#else -int change_rand(const char *hex) -{ - if (!(old_rand = RAND_get_rand_method())) { - return 0; - } +# include +# include +# include +# include +# include +# include - fake_rand.seed = old_rand->seed; - fake_rand.cleanup = old_rand->cleanup; - fake_rand.add = old_rand->add; - fake_rand.status = old_rand->status; - fake_rand.bytes = fbytes; - fake_rand.pseudorand = old_rand->bytes; - - if (!RAND_set_rand_method(&fake_rand)) { - return 0; - } - - rnd_number = hex; - return 1; -} - -int restore_rand(void) -{ - rnd_number = NULL; - if (!RAND_set_rand_method(old_rand)) - return 0; - else return 1; -} - -int hexequbin(const char *hex, const unsigned char *bin, size_t binlen) -{ - int ret = 0; - char *buf = NULL; - int i = 0; - size_t buflen = binlen * 2 + 1; - - - if (binlen * 2 != strlen(hex)) { - return 0; - } - if (!(buf = malloc(binlen * 2 + 1))) { - return 0; - } - for (i = 0; i < binlen; i++) { - sprintf(buf + i*2, "%02X", bin[i]); - } - buf[buflen - 1] = 0; - - if (memcmp(hex, buf, binlen * 2) == 0) { - ret = 1; - } - - free(buf); - return ret; -} - -EC_GROUP *new_ec_group(int is_prime_field, - const char *p_hex, const char *a_hex, const char *b_hex, - const char *x_hex, const char *y_hex, const char *n_hex, const char *h_hex) -{ - int ok = 0; - EC_GROUP *group = NULL; - BN_CTX *ctx = NULL; - BIGNUM *p = NULL; - BIGNUM *a = NULL; - BIGNUM *b = NULL; - BIGNUM *x = NULL; - BIGNUM *y = NULL; - BIGNUM *n = NULL; - BIGNUM *h = NULL; - EC_POINT *G = NULL; - point_conversion_form_t form = SM2_DEFAULT_POINT_CONVERSION_FORM; - int flag = 0; - - if (!(ctx = BN_CTX_new())) { - goto err; - } - - if (!BN_hex2bn(&p, p_hex) || - !BN_hex2bn(&a, a_hex) || - !BN_hex2bn(&b, b_hex) || - !BN_hex2bn(&x, x_hex) || - !BN_hex2bn(&y, y_hex) || - !BN_hex2bn(&n, n_hex) || - !BN_hex2bn(&h, h_hex)) { - goto err; - } - - if (is_prime_field) { - if (!(group = EC_GROUP_new_curve_GFp(p, a, b, ctx))) { - goto err; - } - if (!(G = EC_POINT_new(group))) { - goto err; - } - if (!EC_POINT_set_affine_coordinates_GFp(group, G, x, y, ctx)) { - goto err; - } - } else { - if (!(group = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) { - goto err; - } - if (!(G = EC_POINT_new(group))) { - goto err; - } - if (!EC_POINT_set_affine_coordinates_GF2m(group, G, x, y, ctx)) { - goto err; - } - } - - if (!EC_GROUP_set_generator(group, G, n, h)) { - goto err; - } - - EC_GROUP_set_asn1_flag(group, flag); - EC_GROUP_set_point_conversion_form(group, form); - - ok = 1; -err: - BN_CTX_free(ctx); - BN_free(p); - BN_free(a); - BN_free(b); - BN_free(x); - BN_free(y); - BN_free(n); - BN_free(h); - EC_POINT_free(G); - if (!ok && group) { - ERR_print_errors_fp(stderr); - EC_GROUP_free(group); - group = NULL; - } - - return group; -} - -EC_KEY *new_ec_key(const EC_GROUP *group, - const char *sk, const char *xP, const char *yP, - const char *id, const EVP_MD *id_md) -{ - int ok = 0; - EC_KEY *ec_key = NULL; - BIGNUM *d = NULL; - BIGNUM *x = NULL; - BIGNUM *y = NULL; - - OPENSSL_assert(group); - OPENSSL_assert(xP); - OPENSSL_assert(yP); - - if (!(ec_key = EC_KEY_new())) { - goto end; - } - if (!EC_KEY_set_group(ec_key, group)) { - goto end; - } - - if (sk) { - if (!BN_hex2bn(&d, sk)) { - goto end; - } - if (!EC_KEY_set_private_key(ec_key, d)) { - goto end; - } - } - - if (xP && yP) { - if (!BN_hex2bn(&x, xP)) { - goto end; - } - if (!BN_hex2bn(&y, yP)) { - goto end; - } - if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x, y)) { - goto end; - } - } - - if (id) { - if (!SM2_set_id(ec_key, id, id_md)) { - goto end; - } - } - - ok = 1; -end: - if (d) BN_free(d); - if (x) BN_free(x); - if (y) BN_free(y); - if (!ok && ec_key) { - ERR_print_errors_fp(stderr); - EC_KEY_free(ec_key); - ec_key = NULL; - } - return ec_key; -} - -int test_sm2_sign(const EC_GROUP *group, - const char *sk, const char *xP, const char *yP, - const char *id, const char *Z, - const char *M, const char *e, - const char *k, const char *r, const char *s) -{ - int ret = 0; - const EVP_MD *id_md = EVP_sm3(); - const EVP_MD *msg_md = EVP_sm3(); - int type = NID_undef; - unsigned char dgst[EVP_MAX_MD_SIZE]; - size_t dgstlen; - unsigned char sig[256]; - unsigned int siglen; - const unsigned char *p; - EC_KEY *ec_key = NULL; - EC_KEY *pubkey = NULL; - ECDSA_SIG *sm2sig = NULL; - BIGNUM *rr = NULL; - BIGNUM *ss = NULL; - - change_rand(k); - - if (!(ec_key = new_ec_key(group, sk, xP, yP, id, id_md))) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - - dgstlen = sizeof(dgst); - if (!SM2_get_id_digest(ec_key, dgst, &dgstlen)) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - if (!hexequbin(Z, dgst, dgstlen)) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - dgstlen = sizeof(dgst); - if (!SM2_compute_message_digest(dgst, &dgstlen, - id_md, id, ec_key, msg_md, M, strlen(M))) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - if (!hexequbin(e, dgst, dgstlen)) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - - /* sign */ - if (!SM2_sign(type, dgst, dgstlen, sig, &siglen, ec_key)) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - - p = sig; - if (!(sm2sig = d2i_ECDSA_SIG(NULL, &p, siglen))) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - if (!BN_hex2bn(&rr, r) || !BN_hex2bn(&ss, s)) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - - if (BN_cmp(sm2sig->r, rr) || BN_cmp(sm2sig->s, ss)) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - - /* verify */ - if (!(pubkey = new_ec_key(group, NULL, xP, yP, id, id_md))) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - if (SM2_verify(type, dgst, dgstlen, sig, siglen, pubkey) != SM2_VERIFY_SUCCESS) { - fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); - goto err; - } - - ret = 1; -err: - restore_rand(); - if (ec_key) EC_KEY_free(ec_key); - if (pubkey) EC_KEY_free(pubkey); - if (sm2sig) ECDSA_SIG_free(sm2sig); - if (rr) BN_free(rr); - if (ss) BN_free(ss); - return ret; -} - -int test_sm2_enc(const EC_GROUP *group, - const char *d, const char *xP, const char *yP, - const char *M, - const char *k, const char *C) -{ - int ret = 0; - EC_KEY *ec_key = NULL; - const EVP_MD *kdf_md = EVP_sm3(); - const EVP_MD *mac_md = EVP_sm3(); - point_conversion_form_t point_form = POINT_CONVERSION_UNCOMPRESSED; - unsigned char msg[128]; - unsigned char buf[sizeof(msg) + 128]; - size_t msglen, buflen; - - change_rand(k); - - if (!(ec_key = new_ec_key(group, NULL, xP, yP, NULL, NULL))) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - buflen = sizeof(buf); - if (!SM2_encrypt_with_recommended(buf, &buflen, - (const unsigned char *)M, strlen(M), ec_key)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - - if (!hexequbin(C, buf, buflen)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - printf("shit\n"); - goto end; - } - EC_KEY_free(ec_key); - - if (!(ec_key = new_ec_key(group, d, xP, yP, NULL, NULL))) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - if (!SM2_decrypt_with_recommended(msg, &msglen, buf, buflen, ec_key)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - if (msglen != strlen(M) || memcmp(msg, M, strlen(M))) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - ret = 1; - -end: - ERR_print_errors_fp(stderr); - restore_rand(); - EC_KEY_free(ec_key); - return ret; -} - -int test_sm2_kap(const EC_GROUP *group, - const char *A, const char *dA, const char *xA, const char *yA, const char *ZA, - const char *B, const char *dB, const char *xB, const char *yB, const char *ZB, - const char *rA, const char *rB, const char *KAB, const char *S1, const char *S2) -{ - int ret = 0; - const EVP_MD *id_md = EVP_sm3(); - EC_KEY *eckeyA = NULL; - EC_KEY *eckeyB = NULL; - EC_KEY *pubkeyA = NULL; - EC_KEY *pubkeyB = NULL; - SM2_KAP_CTX ctxA; - SM2_KAP_CTX ctxB; - unsigned char za[EVP_MAX_MD_SIZE]; - unsigned char zb[EVP_MAX_MD_SIZE]; - size_t zalen, zblen; - unsigned char RA[256]; - unsigned char RB[256]; - size_t RAlen = sizeof(RA); - size_t RBlen = sizeof(RB); - unsigned char kab[64]; - unsigned char kba[64]; - size_t kablen = strlen(KAB)/2; - size_t kbalen = strlen(KAB)/2; - unsigned char s1[64]; - unsigned char s2[64]; - size_t s1len, s2len; - - memset(&ctxA, 0, sizeof(ctxA)); - memset(&ctxB, 0, sizeof(ctxB)); - - - eckeyA = new_ec_key(group, dA, xA, yA, A, id_md); - eckeyB = new_ec_key(group, dB, xB, yB, B, id_md); - pubkeyA = new_ec_key(group, NULL, xA, yA, A, id_md); - pubkeyB = new_ec_key(group, NULL, xB, yB, B, id_md); - if (!eckeyA || !eckeyB || !pubkeyA || !pubkeyB) { - goto end; - } - - zalen = sizeof(za); - if (!SM2_get_id_digest(eckeyA, za, &zalen)) { - goto end; - } - zblen = sizeof(zb); - if (!SM2_get_id_digest(eckeyB, zb, &zblen)) { - goto end; - } - - if (!hexequbin(ZA, za, zalen)) { - fprintf(stderr, "error (%s %d): ZA != value in test vector !!!\n", __FILE__, __LINE__); - goto end; - } - - if (!hexequbin(ZB, zb, zblen)) { - goto end; - } - - if (!SM2_KAP_CTX_init(&ctxA, eckeyA, pubkeyB, 1, 1)) { - goto end; - } - if (!SM2_KAP_CTX_init(&ctxB, eckeyB, pubkeyA, 0, 1)) { - goto end; - } - - change_rand(rA); - if (!SM2_KAP_prepare(&ctxA, RA, &RAlen)) { - goto end; - } - restore_rand(); - - change_rand(rB); - if (!SM2_KAP_prepare(&ctxB, RB, &RBlen)) { - goto end; - } - restore_rand(); - - - if (!SM2_KAP_compute_key(&ctxA, RB, RBlen, kab, kablen, s1, &s1len)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - - if (!SM2_KAP_compute_key(&ctxB, RA, RAlen, kba, kbalen, s2, &s2len)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - if (!SM2_KAP_final_check(&ctxA, s2, s2len)) { - goto end; - } - if (!SM2_KAP_final_check(&ctxB, s1, s1len)) { - goto end; - } - - ret = 1; - -end: - EC_KEY_free(eckeyA); - EC_KEY_free(eckeyB); - EC_KEY_free(pubkeyA); - EC_KEY_free(pubkeyB); - SM2_KAP_CTX_cleanup(&ctxA); - SM2_KAP_CTX_cleanup(&ctxB); - return ret; -} - -int test_sm2_test_vector() -{ - int ret = 0; - EC_GROUP *sm2p192test = NULL; - EC_GROUP *sm2p256test = NULL; - EC_GROUP *sm2b193test = NULL; - EC_GROUP *sm2b257test = NULL; - - sm2p192test = new_ec_group(1, - "BDB6F4FE3E8B1D9E0DA8C0D46F4C318CEFE4AFE3B6B8551F", - "BB8E5E8FBC115E139FE6A814FE48AAA6F0ADA1AA5DF91985", - "1854BEBDC31B21B7AEFC80AB0ECD10D5B1B3308E6DBF11C1", - "4AD5F7048DE709AD51236DE65E4D4B482C836DC6E4106640", - "02BB3A02D4AAADACAE24817A4CA3A1B014B5270432DB27D2", - "BDB6F4FE3E8B1D9E0DA8C0D40FC962195DFAE76F56564677", - "1"); - - sm2p256test = new_ec_group(1, - "8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", - "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", - "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", - "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", - "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", - "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", - "1"); - - sm2b193test = new_ec_group(0, - "2000000000000000000000000000000000000000000008001", - "0", - "002FE22037B624DBEBC4C618E13FD998B1A18E1EE0D05C46FB", - "00D78D47E85C93644071BC1C212CF994E4D21293AAD8060A84", - "00615B9E98A31B7B2FDDEEECB76B5D875586293725F9D2FC0C", - "80000000000000000000000043E9885C46BF45D8C5EBF3A1", - "1"); - - sm2b257test = new_ec_group(0, - "20000000000000000000000000000000000000000000000000000000000001001", - "0", - "00E78BCD09746C202378A7E72B12BCE00266B9627ECB0B5A25367AD1AD4CC6242B", - "00CDB9CA7F1E6B0441F658343F4B10297C0EF9B6491082400A62E7A7485735FADD", - "013DE74DA65951C4D76DC89220D5F7777A611B1C38BAE260B175951DC8060C2B3E", - "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBC972CF7E6B6F900945B3C6A0CF6161D", - "4"); - - if (!sm2p192test || !sm2p256test || !sm2b193test || !sm2b257test) { - goto end; - } - - if (!test_sm2_sign( - sm2p256test, - "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263", - "0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A", - "7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857", - "ALICE123@YAHOO.COM", - "F4A38489E32B45B6F876E3AC2168CA392362DC8F23459C1D1146FC3DBFB7BC9A", - "message digest", - "B524F552CD82B8B028476E005C377FB19A87E6FC682D48BB5D42E3D9B9EFFE76", - "6CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F", - "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", - "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7")) { - printf("sm2 sign p256 failed\n"); - goto end; - } else { - printf("sm2 sign p256 passed\n"); - } - - - if (!test_sm2_sign( - sm2b257test, - "771EF3DBFF5F1CDC32B9C572930476191998B2BF7CB981D7F5B39202645F0931", - "0165961645281A8626607B917F657D7E9382F1EA5CD931F40F6627F357542653B2", - "01686522130D590FB8DE635D8FCA715CC6BF3D05BEF3F75DA5D543454448166612", - "ALICE123@YAHOO.COM", - "26352AF82EC19F207BBC6F9474E11E90CE0F7DDACE03B27F801817E897A81FD5", - "message digest", - "AD673CBDA311417129A9EAA5F9AB1AA1633AD47718A84DFD46C17C6FA0AA3B12", - "36CD79FC8E24B7357A8A7B4A46D454C397703D6498158C605399B341ADA186D6", - "6D3FBA26EAB2A1054F5D198332E335817C8AC453ED26D3391CD4439D825BF25B", - "3124C5688D95F0A10252A9BED033BEC84439DA384621B6D6FAD77F94B74A9556")) { - printf("sm2 sign b257 failed\n"); - goto end; - } else { - printf("sm2 sign b257 passed\n"); - } - - if (!test_sm2_enc( - sm2p256test, - "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", - "435B39CCA8F3B508C1488AFC67BE491A0F7BA07E581A0E4849A5CF70628A7E0A", - "75DDBA78F15FEECB4C7895E2C1CDF5FE01DEBB2CDBADF45399CCF77BBA076A42", - "encryption standard", - "4C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", - "04" - "245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F6252E7" - "76CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84400F01B8" - "650053A89B41C418B0C3AAD00D886C00286467" - "9C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A285E07480653426D")) { - printf("sm2 enc p256 failed\n"); - goto end; - } else { - printf("sm2 enc p256 passed\n"); - } - - if (!test_sm2_enc( - sm2b257test, - "56A270D17377AA9A367CFA82E46FA5267713A9B91101D0777B07FCE018C757EB", - "00A67941E6DE8A61805F7BCFF0985BB3BED986F1C297E4D8880D82B821C624EE57", - "0193ED5A6707B5908781B860841085F52EEFA7FE329A5C811843533A874D027271", - "encryption standard", - "6D3B497153E3E92524E5C122682DBDC8705062E20B917A5F8FCDB8EE4C66663D", - "04" - "019D236DDB305009AD52C51BB932709BD534D476FBB7B0DF9542A8A4D890A3F2E1" - "00B23B938DC0A94D1DF8F42CF45D2D6601BF638C3D7DE75A29F02AFB7E45E91771" - "FD55AC6213C2A8A040E4CAB5B26A9CFCDA7373" - "73A48625D3758FA37B3EAB80E9CFCABA665E3199EA15A1FA8189D96F579125E4")) { - printf("sm2 enc b257 failed\n"); - goto end; - } else { - printf("sm2 enc b257 passed\n"); - } - - if (!test_sm2_kap( - sm2p256test, - "ALICE123@YAHOO.COM", - "6FCBA2EF9AE0AB902BC3BDE3FF915D44BA4CC78F88E2F8E7F8996D3B8CCEEDEE", - "3099093BF3C137D8FCBBCDF4A2AE50F3B0F216C3122D79425FE03A45DBFE1655", - "3DF79E8DAC1CF0ECBAA2F2B49D51A4B387F2EFAF482339086A27A8E05BAED98B", - "E4D1D0C3CA4C7F11BC8FF8CB3F4C02A78F108FA098E51A668487240F75E20F31", - "BILL456@YAHOO.COM", - "5E35D7D3F3C54DBAC72E61819E730B019A84208CA3A35E4C2E353DFCCB2A3B53", - "245493D446C38D8CC0F118374690E7DF633A8A4BFB3329B5ECE604B2B4F37F43", - "53C0869F4B9E17773DE68FEC45E14904E0DEA45BF6CECF9918C85EA047C60A4C", - "6B4B6D0E276691BD4A11BF72F4FB501AE309FDACB72FA6CC336E6656119ABD67", - "83A2C9C8B96E5AF70BD480B472409A9A327257F1EBB73F5B073354B248668563", - "33FE21940342161C55619C4A0C060293D543C80AF19748CE176D83477DE71C80", - "55B0AC62A6B927BA23703832C853DED4", - "284C8F198F141B502E81250F1581C7E9EEB4CA6990F9E02DF388B45471F5BC5C", - "23444DAF8ED7534366CB901C84B3BDBB63504F4065C1116C91A4C00697E6CF7A")) { - printf("sm2 kap p256 failed\n"); - goto end; - } else { - printf("sm2 kap p256 passed\n"); - } - -#if 0 - /* ZA will not pass! */ - if (!test_sm2_kap( - sm2b257test, - "ALICE123@YAHOO.COM", - "4813903D254F2C20A94BC5704238496954BB5279F861952EF2C5298E84D2CEAA", - "008E3BDB2E11F9193388F1F901CCC857BF49CFC065FB38B9069CAAE6D5AFC3592F", - "004555122AAC0075F42E0A8BBD2C0665C789120DF19D77B4E3EE4712F598040415", - "ECF0080215977B2E5D6D61B98A99442F03E8803DC39E349F8DCA5621A9ACDF2B", - "BILL456@YAHOO.COM", - "08F41BAE0922F47C212803FE681AD52B9BF28A35E1CD0EC273A2CF813E8FD1DC", - "0034297DD83AB14D5B393B6712F32B2F2E938D4690B095424B89DA880C52D4A7D9", - "0199BBF11AC95A0EA34BBD00CA50B93EC24ACB68335D20BA5DCFE3B33BDBD2B62D", - "557BAD30 E183559A EEC3B2256E1C7C11F870D22B165D015ACF9465B09B87B527", - "54A3D6673FF3A6BD6B02EBB164C2A3AF6D4A4906229D9BFCE68CC366A2E64BA4", - "1F21933387BEF781D0A8F7FD708C5AE0A56EE3F423DBC2FE5BDF6F068C53F7AD", - "4E587E5C66634F22D973A7D98BF8BE23", - "4EB47D28AD3906D6244D01E0F6AEC73B0B51DE1574C13798184E4833DBAE295A", - "588AA67064F24DC27CCAA1FAB7E27DFF811D500AD7EF2FB8F69DDF48CC0FECB7")) { - printf("sm2 kap b257 failed\n"); - goto end; - } else { - printf("sm2 kap b257 passed\n"); - } -#endif - - ret = 1; - -end: - EC_GROUP_free(sm2p192test); - EC_GROUP_free(sm2p256test); - EC_GROUP_free(sm2b193test); - EC_GROUP_free(sm2b257test); - - return ret; -} - - -EVP_PKEY *genpkey(int curve_nid, BIO *out, int verbose) +static EVP_PKEY *genpkey(int curve_nid, BIO *out, int verbose) { int ok = 0; EVP_PKEY *ret = NULL; @@ -761,7 +109,7 @@ end: return ret; } -int test_evp_pkey_sign(EVP_PKEY *pkey, int do_sm2, int verbose) +static int test_evp_pkey_sign(EVP_PKEY *pkey, int do_sm2, int verbose) { int ret = 0; EVP_PKEY_CTX *pkctx = NULL; @@ -784,7 +132,7 @@ int test_evp_pkey_sign(EVP_PKEY *pkey, int do_sm2, int verbose) goto end; } - if (!EVP_PKEY_CTX_set_ec_scheme(pkctx, type)) { + if (!EVP_PKEY_CTX_set_ec_sign_type(pkctx, type)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } @@ -811,12 +159,12 @@ int test_evp_pkey_sign(EVP_PKEY *pkey, int do_sm2, int verbose) goto end; } - if (!EVP_PKEY_CTX_set_ec_scheme(pkctx, type)) { + if (!EVP_PKEY_CTX_set_ec_sign_type(pkctx, type)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } - if (EVP_PKEY_verify(pkctx, sig, siglen, dgst, dgstlen) != SM2_VERIFY_SUCCESS) { + if (1 != EVP_PKEY_verify(pkctx, sig, siglen, dgst, dgstlen)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } @@ -831,7 +179,7 @@ end: return ret; } -int test_evp_pkey_encrypt(EVP_PKEY *pkey, int do_sm2, int verbose) +static int test_evp_pkey_encrypt(EVP_PKEY *pkey, int do_sm2, int verbose) { int ret = 0; EVP_PKEY_CTX *pkctx = NULL; @@ -842,8 +190,6 @@ int test_evp_pkey_encrypt(EVP_PKEY *pkey, int do_sm2, int verbose) size_t cbuflen = sizeof(cbuf); unsigned char mbuf[512]; size_t mbuflen = sizeof(mbuf); - int len; - unsigned int ulen; if (!(pkctx = EVP_PKEY_CTX_new(pkey, NULL))) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); @@ -857,7 +203,7 @@ int test_evp_pkey_encrypt(EVP_PKEY *pkey, int do_sm2, int verbose) goto end; } - if (!EVP_PKEY_CTX_set_ec_scheme(pkctx, type)) { + if (!EVP_PKEY_CTX_set_ec_enc_type(pkctx, type)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } @@ -882,7 +228,7 @@ int test_evp_pkey_encrypt(EVP_PKEY *pkey, int do_sm2, int verbose) goto end; } - if (!EVP_PKEY_CTX_set_ec_scheme(pkctx, type)) { + if (!EVP_PKEY_CTX_set_ec_enc_type(pkctx, type)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } @@ -909,15 +255,13 @@ end: return ret; } -int test_evp_pkey_encrypt_old(EVP_PKEY *pkey, int verbose) +static int test_evp_pkey_encrypt_old(EVP_PKEY *pkey, int verbose) { int ret = 0; unsigned char msg[] = "hello world this is the message"; size_t msglen = sizeof(msg); unsigned char cbuf[512]; - size_t cbuflen = sizeof(cbuf); unsigned char mbuf[512]; - size_t mbuflen = sizeof(mbuf); int len; @@ -955,7 +299,7 @@ end: return ret; } -int test_evp_sign(EVP_PKEY *pkey, const EVP_MD *md, int verbose) +static int test_evp_sign(EVP_PKEY *pkey, const EVP_MD *md, int verbose) { int ret = 0; EVP_MD_CTX *mdctx = NULL; @@ -963,7 +307,6 @@ int test_evp_sign(EVP_PKEY *pkey, const EVP_MD *md, int verbose) size_t msglen = sizeof(msg); unsigned char sig[256]; unsigned int siglen = (unsigned int)sizeof(sig); - unsigned int i; if (!(mdctx = EVP_MD_CTX_create())) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); @@ -1004,7 +347,7 @@ int test_evp_sign(EVP_PKEY *pkey, const EVP_MD *md, int verbose) goto end; } - if (EVP_VerifyFinal(mdctx, sig, siglen, pkey) != SM2_VERIFY_SUCCESS) { + if (1 != EVP_VerifyFinal(mdctx, sig, siglen, pkey)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } @@ -1020,7 +363,7 @@ end: return ret; } -int test_evp_digestsign(EVP_PKEY *pkey, int do_sm2, const EVP_MD *md, int verbose) +static int test_evp_digestsign(EVP_PKEY *pkey, int do_sm2, const EVP_MD *md, int verbose) { int ret = 0; EVP_MD_CTX *mdctx = NULL; @@ -1031,8 +374,10 @@ int test_evp_digestsign(EVP_PKEY *pkey, int do_sm2, const EVP_MD *md, int verbos unsigned char sig[256]; size_t siglen = (unsigned int)sizeof(sig); + + unsigned char z[EVP_MAX_MD_SIZE]; + if (!(mdctx = EVP_MD_CTX_create())) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } @@ -1042,11 +387,17 @@ int test_evp_digestsign(EVP_PKEY *pkey, int do_sm2, const EVP_MD *md, int verbos goto end; } - if (!EVP_PKEY_CTX_set_ec_scheme(pkctx, type)) { + if (!EVP_PKEY_CTX_set_ec_sign_type(pkctx, type)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } + /* + if (!EVP_PKEY_CTX_set_pre_update(pkctx, z, 32)) { + goto end; + } + */ + if (!EVP_DigestSignUpdate(mdctx, msg, msglen)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; @@ -1065,11 +416,17 @@ int test_evp_digestsign(EVP_PKEY *pkey, int do_sm2, const EVP_MD *md, int verbos goto end; } - if (!EVP_PKEY_CTX_set_ec_scheme(pkctx, type)) { + if (!EVP_PKEY_CTX_set_ec_sign_type(pkctx, type)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } + /* + if (!EVP_PKEY_CTX_set_pre_update(pkctx, z, 32)) { + goto end; + } + */ + if (!EVP_DigestVerifyUpdate(mdctx, msg, msglen)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; @@ -1093,7 +450,7 @@ end: #define NUM_PKEYS 3 #define MAX_PKEY_SIZE 1024 -int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose) +static int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose) { int ret = 0; EVP_PKEY *pkey[NUM_PKEYS] = {0}; @@ -1216,16 +573,15 @@ end: return ret; } -int test_sm2_evp(int verbose) +int main(int argc, char **argv) { - int ret = 0; + int err = 0; + int verbose = 2; EVP_PKEY *pkey = NULL; - BIO *out = NULL; int curve_id = NID_sm2p256v1; const EVP_MD *md = EVP_sm3(); const EVP_CIPHER *cipher = EVP_sms4_cbc(); - - ERR_load_crypto_strings(); + BIO *out = NULL; out = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -1234,103 +590,17 @@ int test_sm2_evp(int verbose) goto end; } - /* test sm2sign */ - if (!test_evp_pkey_sign(pkey, 1, verbose)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - /* test ecdsa */ - if (!test_evp_pkey_sign(pkey, 0, verbose)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - /* test sm2encrypt */ - if (!test_evp_pkey_encrypt(pkey, 1, verbose)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - /* test ecies */ - if (!test_evp_pkey_encrypt(pkey, 0, verbose)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - /* test ec default encrypt */ - if (!test_evp_pkey_encrypt_old(pkey, verbose)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - /* test ec default sign */ - if (!test_evp_sign(pkey, md, verbose)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - /* test seal/open */ - if (!test_evp_seal(curve_id, cipher, out, verbose)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - ret = 1; + if (!test_evp_pkey_sign(pkey, 1, verbose)) err++; + if (!test_evp_pkey_sign(pkey, 0, verbose)) err++; + if (!test_evp_pkey_encrypt(pkey, 1, verbose)) err++; + if (!test_evp_pkey_encrypt(pkey, 0, verbose)) err++; + if (!test_evp_pkey_encrypt_old(pkey, verbose)) err++; + if (!test_evp_sign(pkey, md, verbose)) err++; + if (!test_evp_seal(curve_id, cipher, out, verbose)) err++; + if (!test_evp_digestsign(pkey, 1, md, verbose)) err++; end: - if (ret != 1) { - ERR_print_errors_fp(stderr); - } EVP_PKEY_free(pkey); - return ret; + EXIT(err); } - -int main(int argc, char **argv) -{ - int ret = -1; - BIO *out = NULL; - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - - /* - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && - (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } else { - CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - */ - - ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - - if (!test_sm2_test_vector()) { - goto err; - } - - if (!test_sm2_evp(1)) { - goto err; - } - - ret =0; -err: - if (ret) - BIO_printf(out, "\nSM2 test failed\n"); - else BIO_printf(out, "\nSM2 test passed\n"); - - if (ret) - ERR_print_errors(out); - - //CRYPTO_cleanup_all_ex_data(); - //ERR_remove_thread_state(NULL); - //ERR_free_strings(); - //CRYPTO_mem_leaks(out); - //BIO_free(out); - - return ret; -} - +#endif diff --git a/test/sm2test.c b/test/sm2test.c index 14c2aba7..c594cb31 100644 --- a/test/sm2test.c +++ b/test/sm2test.c @@ -65,6 +65,9 @@ int main(int argc, char **argv) # include # include # include +# include "../crypto/sm2/sm2_lcl.h" + +# define VERBOSE 1 RAND_METHOD fake_rand; const RAND_METHOD *old_rand; @@ -73,7 +76,7 @@ static const char rnd_seed[] = "string to make the random number generator think it has entropy"; static const char *rnd_number = NULL; -int fbytes(unsigned char *buf, int num) +static int fbytes(unsigned char *buf, int num) { int ret = 0; BIGNUM *bn = NULL; @@ -94,7 +97,7 @@ end: return ret; } -int change_rand(const char *hex) +static int change_rand(const char *hex) { if (!(old_rand = RAND_get_rand_method())) { return 0; @@ -115,7 +118,7 @@ int change_rand(const char *hex) return 1; } -int restore_rand(void) +static int restore_rand(void) { rnd_number = NULL; if (!RAND_set_rand_method(old_rand)) @@ -123,7 +126,7 @@ int restore_rand(void) else return 1; } -int hexequbin(const char *hex, const unsigned char *bin, size_t binlen) +static int hexequbin(const char *hex, const unsigned char *bin, size_t binlen) { int ret = 0; char *buf = NULL; @@ -150,7 +153,7 @@ int hexequbin(const char *hex, const unsigned char *bin, size_t binlen) return ret; } -EC_GROUP *new_ec_group(int is_prime_field, +static EC_GROUP *new_ec_group(int is_prime_field, const char *p_hex, const char *a_hex, const char *b_hex, const char *x_hex, const char *y_hex, const char *n_hex, const char *h_hex) { @@ -231,7 +234,7 @@ err: return group; } -EC_KEY *new_ec_key(const EC_GROUP *group, +static EC_KEY *new_ec_key(const EC_GROUP *group, const char *sk, const char *xP, const char *yP, const char *id, const EVP_MD *id_md) { @@ -294,13 +297,14 @@ end: return ec_key; } -int test_sm2_sign(const EC_GROUP *group, +static int test_sm2_sign(const EC_GROUP *group, const char *sk, const char *xP, const char *yP, const char *id, const char *Z, const char *M, const char *e, const char *k, const char *r, const char *s) { int ret = 0; + int verbose = VERBOSE; const EVP_MD *id_md = EVP_sm3(); const EVP_MD *msg_md = EVP_sm3(); int type = NID_undef; @@ -323,16 +327,23 @@ int test_sm2_sign(const EC_GROUP *group, fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); goto err; } - EC_KEY_print_fp(stdout, ec_key, 4); + if (verbose > 1) { + EC_KEY_print_fp(stdout, ec_key, 4); + } dgstlen = sizeof(dgst); if (!SM2_compute_id_digest(id_md, id, strlen(id), dgst, &dgstlen, ec_key)) { fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); goto err; } - printf("id=%s\n", id); - printf("zid(xx):"); for (int j = 0; j < dgstlen; j++) { printf("%02x", dgst[j]); } printf("\n"); + + if (verbose > 1) { + printf("id=%s\n", id); + printf("zid(xx):"); + for (int j = 0; j < dgstlen; j++) { printf("%02x", dgst[j]); } printf("\n"); + } + if (!hexequbin(Z, dgst, dgstlen)) { fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); goto err; @@ -386,7 +397,7 @@ int test_sm2_sign(const EC_GROUP *group, fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); goto err; } - fprintf(stderr, " -> %d\n", __LINE__); + if (1 != SM2_verify(type, dgst, dgstlen, sig, siglen, pubkey)) { fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__); goto err; @@ -403,57 +414,57 @@ err: return ret; } -int test_sm2_enc(const EC_GROUP *group, +static int test_sm2_enc(const EC_GROUP *group, const EVP_MD *md, const char *d, const char *xP, const char *yP, - const char *M, - const char *k, const char *C) + const char *M, const char *k, const char *C) { int ret = 0; - EC_KEY *ec_key = NULL; - const EVP_MD *kdf_md = EVP_sm3(); - const EVP_MD *mac_md = EVP_sm3(); - point_conversion_form_t point_form = POINT_CONVERSION_UNCOMPRESSED; - unsigned char msg[128]; - unsigned char buf[sizeof(msg) + 128]; + EC_KEY *pub_key = NULL; + EC_KEY *pri_key = NULL; + SM2CiphertextValue *cv = NULL; + unsigned char mbuf[128]; + unsigned char cbuf[sizeof(mbuf) + 256]; + unsigned char *tbuf = NULL; size_t msglen, buflen; + unsigned char *p = buf; + unsigned char *testcbuf; + long testbuflen; + if (!(pub_key = new_ec_key(group, NULL, xP, yP, NULL, NULL))) { + goto end; + } + + /* test encrypt */ change_rand(k); - - if (!(ec_key = new_ec_key(group, NULL, xP, yP, NULL, NULL))) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); + if (!(cv = SM2_do_encrypt(md, (unsigned char *)M, strlen(M), pub_key))) { goto end; } - buflen = sizeof(buf); - if (!SM2_encrypt_with_recommended( - (const unsigned char *)M, strlen(M), - buf, &buflen, - ec_key)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); + p = cbuf; + if ((clen = i2o_SM2CiphertextValue(group, cv, &p)) <= 0) { goto end; } + if (!(tbuf = OPENSSL_hexstr2buf(C, &tlen))) { + EXIT(1); + } - if (!hexequbin(C, buf, buflen)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - printf("shit\n"); + if (tlen != clen || memcmp(tbuf, cbuf, clen) != 0) { goto end; } - EC_KEY_free(ec_key); - if (!(ec_key = new_ec_key(group, d, xP, yP, NULL, NULL))) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); + /* test decrypt */ + + if (!(pri_key = new_ec_key(group, d, xP, yP, NULL, NULL))) { goto end; } - if (!SM2_decrypt_with_recommended( - buf, buflen, - msg, &msglen, - ec_key)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); + + mlen = sizeof(mbuf); + if (!SM2_do_decrypt(md, cv, mbuf, &mlen, pri_key)) { goto end; } - if (msglen != strlen(M) || memcmp(msg, M, strlen(M))) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); + + if (mlen != strlen(M) || memcmp(mbuf, M, strlen(M))) { goto end; } @@ -463,10 +474,11 @@ end: ERR_print_errors_fp(stderr); restore_rand(); EC_KEY_free(ec_key); + EC_KEY_free(pub_key); return ret; } -int test_sm2_kap(const EC_GROUP *group, +static int test_sm2_kap(const EC_GROUP *group, const char *A, const char *dA, const char *xA, const char *yA, const char *ZA, const char *B, const char *dB, const char *xB, const char *yB, const char *ZB, const char *rA, const char *rB, const char *KAB, const char *S1, const char *S2) @@ -479,9 +491,6 @@ int test_sm2_kap(const EC_GROUP *group, EC_KEY *pubkeyB = NULL; SM2_KAP_CTX ctxA; SM2_KAP_CTX ctxB; - unsigned char za[EVP_MAX_MD_SIZE]; - unsigned char zb[EVP_MAX_MD_SIZE]; - size_t zalen, zblen; unsigned char RA[256]; unsigned char RB[256]; size_t RAlen = sizeof(RA); @@ -497,7 +506,6 @@ int test_sm2_kap(const EC_GROUP *group, memset(&ctxA, 0, sizeof(ctxA)); memset(&ctxB, 0, sizeof(ctxB)); - eckeyA = new_ec_key(group, dA, xA, yA, A, id_md); eckeyB = new_ec_key(group, dB, xB, yB, B, id_md); pubkeyA = new_ec_key(group, NULL, xA, yA, A, id_md); @@ -506,30 +514,10 @@ int test_sm2_kap(const EC_GROUP *group, goto end; } - /* - zalen = sizeof(za); - if (!SM2_get_id_digest(eckeyA, za, &zalen)) { + if (!SM2_KAP_CTX_init(&ctxA, eckeyA, A, strlen(A), pubkeyB, B, strlen(B), 1, 1)) { goto end; } - zblen = sizeof(zb); - if (!SM2_get_id_digest(eckeyB, zb, &zblen)) { - goto end; - } - */ - - if (!hexequbin(ZA, za, zalen)) { - fprintf(stderr, "error (%s %d): ZA != value in test vector !!!\n", __FILE__, __LINE__); - goto end; - } - - if (!hexequbin(ZB, zb, zblen)) { - goto end; - } - - if (!SM2_KAP_CTX_init(&ctxA, eckeyA, ZA, strlen(ZA), pubkeyB, ZB, strlen(ZB), 1, 1)) { - goto end; - } - if (!SM2_KAP_CTX_init(&ctxB, eckeyB, ZB, strlen(ZB), pubkeyA, ZA, strlen(ZA), 0, 1)) { + if (!SM2_KAP_CTX_init(&ctxB, eckeyB, B, strlen(B), pubkeyA, A, strlen(A), 0, 1)) { goto end; } @@ -545,13 +533,11 @@ int test_sm2_kap(const EC_GROUP *group, } restore_rand(); - if (!SM2_KAP_compute_key(&ctxA, RB, RBlen, kab, kablen, s1, &s1len)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } - if (!SM2_KAP_compute_key(&ctxB, RA, RAlen, kba, kbalen, s2, &s2len)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; @@ -576,14 +562,16 @@ end: return ret; } -int test_sm2_test_vector() +int main(int argc, char **argv) { - int ret = 0; + int err = 0; EC_GROUP *sm2p192test = NULL; EC_GROUP *sm2p256test = NULL; EC_GROUP *sm2b193test = NULL; EC_GROUP *sm2b257test = NULL; + RAND_seed(rnd_seed, sizeof(rnd_seed)); + sm2p192test = new_ec_group(1, "BDB6F4FE3E8B1D9E0DA8C0D46F4C318CEFE4AFE3B6B8551F", "BB8E5E8FBC115E139FE6A814FE48AAA6F0ADA1AA5DF91985", @@ -621,6 +609,7 @@ int test_sm2_test_vector() "4"); if (!sm2p192test || !sm2p256test || !sm2b193test || !sm2b257test) { + err++; goto end; } @@ -637,7 +626,7 @@ int test_sm2_test_vector() "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7")) { printf("sm2 sign p256 failed\n"); - goto end; + err++; } else { printf("sm2 sign p256 passed\n"); } @@ -656,13 +645,13 @@ int test_sm2_test_vector() "6D3FBA26EAB2A1054F5D198332E335817C8AC453ED26D3391CD4439D825BF25B", "3124C5688D95F0A10252A9BED033BEC84439DA384621B6D6FAD77F94B74A9556")) { printf("sm2 sign b257 failed\n"); - goto end; + err++; } else { printf("sm2 sign b257 passed\n"); } if (!test_sm2_enc( - sm2p256test, + sm2p256test, EVP_sm3(), "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", "435B39CCA8F3B508C1488AFC67BE491A0F7BA07E581A0E4849A5CF70628A7E0A", "75DDBA78F15FEECB4C7895E2C1CDF5FE01DEBB2CDBADF45399CCF77BBA076A42", @@ -674,13 +663,13 @@ int test_sm2_test_vector() "650053A89B41C418B0C3AAD00D886C00286467" "9C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A285E07480653426D")) { printf("sm2 enc p256 failed\n"); - goto end; + err++; } else { printf("sm2 enc p256 passed\n"); } if (!test_sm2_enc( - sm2b257test, + sm2b257test, EVP_sm3(), "56A270D17377AA9A367CFA82E46FA5267713A9B91101D0777B07FCE018C757EB", "00A67941E6DE8A61805F7BCFF0985BB3BED986F1C297E4D8880D82B821C624EE57", "0193ED5A6707B5908781B860841085F52EEFA7FE329A5C811843533A874D027271", @@ -692,7 +681,7 @@ int test_sm2_test_vector() "FD55AC6213C2A8A040E4CAB5B26A9CFCDA7373" "73A48625D3758FA37B3EAB80E9CFCABA665E3199EA15A1FA8189D96F579125E4")) { printf("sm2 enc b257 failed\n"); - goto end; + err++; } else { printf("sm2 enc b257 passed\n"); } @@ -715,12 +704,11 @@ int test_sm2_test_vector() "284C8F198F141B502E81250F1581C7E9EEB4CA6990F9E02DF388B45471F5BC5C", "23444DAF8ED7534366CB901C84B3BDBB63504F4065C1116C91A4C00697E6CF7A")) { printf("sm2 kap p256 failed\n"); - goto end; + err++; } else { printf("sm2 kap p256 passed\n"); } -#if 0 /* ZA will not pass! */ if (!test_sm2_kap( sm2b257test, @@ -740,107 +728,16 @@ int test_sm2_test_vector() "4EB47D28AD3906D6244D01E0F6AEC73B0B51DE1574C13798184E4833DBAE295A", "588AA67064F24DC27CCAA1FAB7E27DFF811D500AD7EF2FB8F69DDF48CC0FECB7")) { printf("sm2 kap b257 failed\n"); - goto end; + err++; } else { printf("sm2 kap b257 passed\n"); } -#endif - - ret = 1; end: EC_GROUP_free(sm2p192test); EC_GROUP_free(sm2p256test); EC_GROUP_free(sm2b193test); EC_GROUP_free(sm2b257test); - - return ret; -} - - -EVP_PKEY *genpkey(int curve_nid, BIO *out, int verbose) -{ - int ok = 0; - EVP_PKEY *ret = NULL; - EVP_PKEY_CTX *pkctx = NULL; - - if (!(pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - if (!EVP_PKEY_keygen_init(pkctx)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - if (!EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkctx, curve_nid)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - if (!EVP_PKEY_keygen(pkctx, &ret)) { - fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); - goto end; - } - - if (verbose > 1) { - EVP_PKEY_print_private(out, ret, 4, NULL); - BIO_printf(out, "\n"); - } - - ok = 1; -end: - if (!ok && ret) { - EVP_PKEY_free(ret); - ret = NULL; - } - EVP_PKEY_CTX_free(pkctx); - return ret; -} - -int main(int argc, char **argv) -{ - int ret = -1; - BIO *out = NULL; - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - - /* - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && - (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } else { - CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - */ - - ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof(rnd_seed)); - - - if (!test_sm2_test_vector()) { - goto err; - } - - - ret =0; -err: - if (ret) - BIO_printf(out, "\nSM2 test failed\n"); - else BIO_printf(out, "\nSM2 test passed\n"); - - if (ret) - ERR_print_errors(out); - - //CRYPTO_cleanup_all_ex_data(); - //ERR_remove_thread_state(NULL); - //ERR_free_strings(); - //CRYPTO_mem_leaks(out); - //BIO_free(out); - - return ret; + EXIT(err); } #endif diff --git a/test/sm2test.d.tmp b/test/sm2test.d.tmp new file mode 100644 index 00000000..86247166 --- /dev/null +++ b/test/sm2test.d.tmp @@ -0,0 +1,16 @@ +test/sm2test.o: test/sm2test.c test/../e_os.h \ + include/openssl/opensslconf.h include/openssl/e_os2.h \ + include/openssl/bn.h include/openssl/ossl_typ.h \ + include/openssl/crypto.h include/openssl/stack.h \ + include/openssl/safestack.h include/openssl/opensslv.h \ + include/openssl/symhacks.h include/openssl/ec.h include/openssl/asn1.h \ + include/openssl/bio.h include/openssl/evp.h include/openssl/objects.h \ + include/openssl/obj_mac.h include/openssl/rand.h \ + include/openssl/engine.h include/openssl/rsa.h include/openssl/dsa.h \ + include/openssl/dh.h include/openssl/ui.h include/openssl/err.h \ + include/openssl/lhash.h include/openssl/x509.h \ + include/openssl/buffer.h include/openssl/paillier.h \ + include/openssl/sha.h include/openssl/x509_vfy.h \ + include/openssl/pkcs7.h include/openssl/sm2.h include/openssl/kdf2.h \ + include/openssl/kdf.h include/openssl/ecies.h include/openssl/sm3.h \ + test/../crypto/sm2/sm2_lcl.h diff --git a/test/sm3test.c b/test/sm3test.c index 0cd146df..b73d8d80 100644 --- a/test/sm3test.c +++ b/test/sm3test.c @@ -222,6 +222,7 @@ int main(int argc, char **argv) if (memcmp(dgstbuf, dgst, dgstlen) != 0) { printf("error calculating SM3 on %s\n", testhex[i]); printf("got %s instead of %s\n", p, dgsthex[i]); + err++; } else { printf("test %d ok\n", i+1); } diff --git a/util/libcrypto.num b/util/libcrypto.num index 9154397f..c9ce8e99 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -3549,7 +3549,7 @@ OPENSSL_strlcat 3501 1_1_0 EXIST::FUNCTION: X509_VERIFY_PARAM_new 3502 1_1_0 EXIST::FUNCTION: BIO_ADDR_rawport 3503 1_1_0 EXIST::FUNCTION:SOCK BUF_MEM_grow_clean 3504 1_1_0 EXIST::FUNCTION: -X509_NAME_print_ex_fp 3505 1_1_0 EXIST::FUNCTION:STDIO +X509_NAME_print_ex_fp 3505 1_1_0 NOEXIST::FUNCTION: X509_check_host 3506 1_1_0 EXIST::FUNCTION: PEM_read_ECPKParameters 3507 1_1_0 EXIST::FUNCTION:EC,STDIO X509_ATTRIBUTE_get0_data 3508 1_1_0 EXIST::FUNCTION: @@ -4228,9 +4228,9 @@ EVP_sms4_gcm 4194 1_1_0d EXIST::FUNCTION:SMS4 EVP_sms4_ocb 4195 1_1_0d EXIST::FUNCTION:SMS4 EVP_sms4_ccm 4196 1_1_0d EXIST::FUNCTION:SMS4 EVP_sms4_wrap_pad 4197 1_1_0d EXIST::FUNCTION:SMS4 -SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB 4198 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB 4198 1_1_0d NOEXIST::FUNCTION: BFPrivateKeyBlock_new 4199 1_1_0d EXIST::FUNCTION: -SM2_ENC_PARAMS_init_with_recommended 4200 1_1_0d EXIST::FUNCTION: +SM2_ENC_PARAMS_init_with_recommended 4200 1_1_0d NOEXIST::FUNCTION: BFMasterSecret_it 4201 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BFMasterSecret_it 4201 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: SAF_Pkcs7_EncodeData 4202 1_1_0d EXIST::FUNCTION: @@ -4247,7 +4247,7 @@ sms4_ctr128_encrypt 4212 1_1_0d EXIST::FUNCTION: ECDSA_SIG_new_from_ECCSIGNATUREBLOB 4213 1_1_0d EXIST::FUNCTION: SAF_GetCaCertificate 4214 1_1_0d EXIST::FUNCTION: EC_KEY_new_from_ECCPUBLICKEYBLOB 4215 1_1_0d EXIST::FUNCTION: -SM2_decrypt_with_recommended 4216 1_1_0d EXIST::FUNCTION: +SM2_decrypt_with_recommended 4216 1_1_0d NOEXIST::FUNCTION: CPK_MASTER_SECRET_print 4217 1_1_0d EXIST::FUNCTION: ECIES_do_decrypt 4218 1_1_0d EXIST::FUNCTION: FFX_decrypt 4219 1_1_0d EXIST::FUNCTION: @@ -4265,8 +4265,8 @@ i2d_BFPublicParameters 4229 1_1_0d EXIST::FUNCTION: sms4_unwrap_key 4230 1_1_0d EXIST::FUNCTION: sms4_set_encrypt_key 4231 1_1_0d EXIST::FUNCTION: SKF_RSAVerify 4232 1_1_0d EXIST::FUNCTION: -PAILLIER_PUBLIC_KEY_it 4233 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PAILLIER_PUBLIC_KEY_it 4233 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PAILLIER_PUBLIC_KEY_it 4233 1_1_0d NOEXIST::FUNCTION: +PAILLIER_PUBLIC_KEY_it 4233 1_1_0d NOEXIST::FUNCTION: sms4_avx2_encrypt_8blocks 4234 1_1_0d EXIST::FUNCTION: SKF_Transmit 4235 1_1_0d EXIST::FUNCTION: SM9Signature_it 4236 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -4321,10 +4321,10 @@ d2i_SM9Signature 4282 1_1_0d EXIST::FUNCTION: SAF_ImportEncedKey 4283 1_1_0d EXIST::FUNCTION: SKF_GenerateAgreementDataAndKeyWithECC 4284 1_1_0d EXIST::FUNCTION: SDF_InternalPublicKeyOperation_RSA 4285 1_1_0d EXIST::FUNCTION: -SM2_ENC_PARAMS_new 4286 1_1_0d EXIST::FUNCTION: +SM2_ENC_PARAMS_new 4286 1_1_0d NOEXIST::FUNCTION: SKF_PrintDeviceInfo 4287 1_1_0d EXIST::FUNCTION: EC_GROUP_get_type1curve_eta 4288 1_1_0d EXIST::FUNCTION: -d2i_PAILLIER_PUBLIC_KEY 4289 1_1_0d EXIST::FUNCTION: +d2i_PAILLIER_PUBLIC_KEY 4289 1_1_0d NOEXIST::FUNCTION: SM9PrivateKey_new 4290 1_1_0d EXIST::FUNCTION: sm3_hmac 4291 1_1_0d EXIST::FUNCTION: SOF_GetPinRetryCount 4292 1_1_0d EXIST::FUNCTION: @@ -4346,7 +4346,7 @@ BN_bn2solinas 4306 1_1_0d EXIST::FUNCTION: SKF_DecryptInit 4307 1_1_0d EXIST::FUNCTION: SKF_Encrypt 4308 1_1_0d EXIST::FUNCTION: SAF_GenerateAgreementDataAdnKeyWithECC 4309 1_1_0d EXIST::FUNCTION: -ECIES_decrypt_with_recommended 4310 1_1_0d EXIST::FUNCTION: +ECIES_decrypt_with_recommended 4310 1_1_0d NOEXIST::FUNCTION: BB1IBE_extract_private_key 4311 1_1_0d EXIST::FUNCTION: SAF_Base64_DestroyBase64Obj 4312 1_1_0d EXIST::FUNCTION: SDF_HashFinal 4313 1_1_0d EXIST::FUNCTION: @@ -4378,7 +4378,7 @@ SOF_VerifySignedMessage 4338 1_1_0d EXIST::FUNCTION: EC_KEY_METHOD_set_encrypt 4339 1_1_0d EXIST::FUNCTION: SAF_SM2_DecodeEnvelopedData 4340 1_1_0d EXIST::FUNCTION: SDF_HashUpdate 4341 1_1_0d EXIST::FUNCTION: -i2d_PAILLIER_PUBLIC_KEY 4342 1_1_0d EXIST::FUNCTION: +i2d_PAILLIER_PUBLIC_KEY 4342 1_1_0d NOEXIST::FUNCTION: EC_GROUP_new_type1curve 4343 1_1_0d EXIST::FUNCTION: BN_GFP2_copy 4344 1_1_0d EXIST::FUNCTION: sms4_encrypt_8blocks 4345 1_1_0d EXIST::FUNCTION: @@ -4419,13 +4419,13 @@ SM2_sign_ex 4379 1_1_0d EXIST::FUNCTION: SOF_GetCertTrustListAltNames 4380 1_1_0d EXIST::FUNCTION: RSA_set_RSAPUBLICKEYBLOB 4381 1_1_0d EXIST::FUNCTION: PAILLIER_decrypt 4382 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_set_ECCCipher 4383 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_set_ECCCipher 4383 1_1_0d NOEXIST::FUNCTION: SKF_CreateApplication 4384 1_1_0d EXIST::FUNCTION: sms4_cbc_encrypt 4385 1_1_0d EXIST::FUNCTION: SDF_ExportSignPublicKey_ECC 4386 1_1_0d EXIST::FUNCTION: ECIES_CIPHERTEXT_VALUE_it 4387 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ECIES_CIPHERTEXT_VALUE_it 4387 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -SM2_ENC_PARAMS_free 4388 1_1_0d EXIST::FUNCTION: +SM2_ENC_PARAMS_free 4388 1_1_0d NOEXIST::FUNCTION: SKF_GenerateAgreementDataWithECC 4389 1_1_0d EXIST::FUNCTION: BFIBE_encrypt 4390 1_1_0d EXIST::FUNCTION: SDF_PrintECCSignature 4391 1_1_0d EXIST::FUNCTION: @@ -4454,7 +4454,7 @@ SDF_GenerateKeyWithIPK_RSA 4412 1_1_0d EXIST::FUNCTION: SAF_GetCaCertificateCount 4413 1_1_0d EXIST::FUNCTION: SM2_do_decrypt 4414 1_1_0d EXIST::FUNCTION: CPK_MASTER_SECRET_digest 4415 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_new 4416 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_new 4416 1_1_0d NOEXIST::FUNCTION: d2i_BFCiphertextBlock 4417 1_1_0d EXIST::FUNCTION: SKF_ImportCertificate 4418 1_1_0d EXIST::FUNCTION: PAILLIER_ciphertext_add 4419 1_1_0d EXIST::FUNCTION: @@ -4463,7 +4463,7 @@ eia3_init 4421 1_1_0d EXIST::FUNCTION: SM9Ciphertext_it 4422 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: SM9Ciphertext_it 4422 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: eea3_init 4423 1_1_0d EXIST::FUNCTION: -i2d_SM2_CIPHERTEXT_VALUE 4424 1_1_0d EXIST::FUNCTION: +i2d_SM2_CIPHERTEXT_VALUE 4424 1_1_0d NOEXIST::FUNCTION: i2d_BFCiphertextBlock 4425 1_1_0d EXIST::FUNCTION: SAF_Pkcs7_EncodeSignedData 4426 1_1_0d EXIST::FUNCTION: BB1MasterSecret_new 4427 1_1_0d EXIST::FUNCTION: @@ -4489,7 +4489,7 @@ SOF_DecryptFile 4445 1_1_0d EXIST::FUNCTION: PAILLIER_new 4446 1_1_0d EXIST::FUNCTION: RSA_get_RSArefPrivateKey 4447 1_1_0d EXIST::FUNCTION: SKF_GetFileInfo 4448 1_1_0d EXIST::FUNCTION: -d2i_SM2_CIPHERTEXT_VALUE 4449 1_1_0d EXIST::FUNCTION: +d2i_SM2_CIPHERTEXT_VALUE 4449 1_1_0d NOEXIST::FUNCTION: GMAPI_sgd2mdnid 4450 1_1_0d EXIST::FUNCTION: SKF_LockDev 4451 1_1_0d EXIST::FUNCTION: d2i_ECIESParameters 4452 1_1_0d EXIST::FUNCTION: @@ -4531,7 +4531,7 @@ FpPoint_new 4487 1_1_0d EXIST::FUNCTION: SM2_KAP_CTX_cleanup 4488 1_1_0d EXIST::FUNCTION: sm3_compress 4489 1_1_0d EXIST::FUNCTION: OTP_generate 4490 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_print 4491 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_print 4491 1_1_0d NOEXIST::FUNCTION: PAILLIER_ciphertext_scalar_mul 4492 1_1_0d EXIST::FUNCTION: SAF_Logout 4493 1_1_0d EXIST::FUNCTION: SAF_GetRootCaCertificate 4494 1_1_0d EXIST::FUNCTION: @@ -4571,7 +4571,7 @@ SKF_DecryptFinal 4527 1_1_0d EXIST::FUNCTION: SM9_sign 4528 1_1_0d EXIST::FUNCTION: sms4_ofb128_encrypt 4529 1_1_0d EXIST::FUNCTION: SKF_PrintECCPublicKey 4530 1_1_0d EXIST::FUNCTION: -SM2_encrypt_with_recommended 4531 1_1_0d EXIST::FUNCTION: +SM2_encrypt_with_recommended 4531 1_1_0d NOEXIST::FUNCTION: SDF_DestroyKey 4532 1_1_0d EXIST::FUNCTION: BN_GF2P_add_bn 4533 1_1_0d EXIST::FUNCTION: i2d_ECIES_CIPHERTEXT_VALUE 4534 1_1_0d EXIST::FUNCTION: @@ -4580,7 +4580,7 @@ EC_KEY_get_ECCPRIVATEKEYBLOB 4536 1_1_0d EXIST::FUNCTION: SAF_CreateSymmKeyObj 4537 1_1_0d EXIST::FUNCTION: SM2_KAP_compute_key 4538 1_1_0d EXIST::FUNCTION: i2d_BB1CiphertextBlock 4539 1_1_0d EXIST::FUNCTION: -ECIES_encrypt_with_recommended 4540 1_1_0d EXIST::FUNCTION: +ECIES_encrypt_with_recommended 4540 1_1_0d NOEXIST::FUNCTION: FFX_compute_luhn 4541 1_1_0d EXIST::FUNCTION: EC_GROUP_generate_typ1curve 4542 1_1_0d EXIST::FUNCTION: SOF_SignData 4543 1_1_0d EXIST::FUNCTION: @@ -4594,7 +4594,7 @@ SAF_EnumCertificates 4550 1_1_0d EXIST::FUNCTION: SKF_OpenApplication 4551 1_1_0d EXIST::FUNCTION: CPK_PUBLIC_PARAMS_it 4552 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CPK_PUBLIC_PARAMS_it 4552 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -SM2_CIPHERTEXT_VALUE_encode 4553 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_encode 4553 1_1_0d NOEXIST::FUNCTION: SKF_SetSymmKey 4554 1_1_0d EXIST::FUNCTION: BN_GFP2_mul_bn 4555 1_1_0d EXIST::FUNCTION: SDF_ExternalVerify_ECC 4556 1_1_0d EXIST::FUNCTION: @@ -4614,7 +4614,7 @@ i2d_SM9MasterSecret 4569 1_1_0d EXIST::FUNCTION: FFX_encrypt 4570 1_1_0d EXIST::FUNCTION: CPK_MAP_is_valid 4571 1_1_0d EXIST::FUNCTION: SAF_EnumCertificatesFree 4572 1_1_0d EXIST::FUNCTION: -d2i_PAILLIER_PRIVATE_KEY 4573 1_1_0d EXIST::FUNCTION: +d2i_PAILLIER_PRIVATE_KEY 4573 1_1_0d NOEXIST::FUNCTION: SDF_PrintDeviceInfo 4574 1_1_0d EXIST::FUNCTION: RSA_new_from_RSArefPrivateKey 4575 1_1_0d EXIST::FUNCTION: KDF_get_nist_concatenation 4576 1_1_0d EXIST::FUNCTION: @@ -4675,7 +4675,7 @@ SAF_Base64_Encode 4629 1_1_0d EXIST::FUNCTION: BN_GFP2_canonical 4630 1_1_0d EXIST::FUNCTION: SKF_ImportECCKeyPair 4631 1_1_0d EXIST::FUNCTION: SKF_GetErrorString 4632 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_decode 4633 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_decode 4633 1_1_0d NOEXIST::FUNCTION: SM9_do_decrypt 4634 1_1_0d EXIST::FUNCTION: eea3 4635 1_1_0d EXIST::FUNCTION: ERR_load_SOF_strings 4636 1_1_0d EXIST::FUNCTION: @@ -4688,13 +4688,13 @@ d2i_CPK_PUBLIC_PARAMS_bio 4642 1_1_0d EXIST::FUNCTION: BB1CiphertextBlock_it 4643 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BB1CiphertextBlock_it 4643 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: sms4_ecb_encrypt 4644 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_get_ECCCipher 4645 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_get_ECCCipher 4645 1_1_0d NOEXIST::FUNCTION: ERR_load_PAILLIER_strings 4646 1_1_0d EXIST::FUNCTION: SDF_GenerateKeyPair_RSA 4647 1_1_0d EXIST::FUNCTION: i2d_CPK_PUBLIC_PARAMS_bio 4648 1_1_0d EXIST::FUNCTION: SOF_EncryptFile 4649 1_1_0d EXIST::FUNCTION: -PAILLIER_PRIVATE_KEY_it 4650 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PAILLIER_PRIVATE_KEY_it 4650 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PAILLIER_PRIVATE_KEY_it 4650 1_1_0d NOEXIST::FUNCTION: +PAILLIER_PRIVATE_KEY_it 4650 1_1_0d NOEXIST::FUNCTION: ERR_load_BFIBE_strings 4651 1_1_0d EXIST::FUNCTION: SKF_EncryptInit 4652 1_1_0d EXIST::FUNCTION: EC_KEY_set_ECCrefPublicKey 4653 1_1_0d EXIST::FUNCTION: @@ -4711,7 +4711,7 @@ SKF_UnlockDev 4662 1_1_0d EXIST::FUNCTION: BN_is_solinas 4663 1_1_0d EXIST::FUNCTION: ECIES_PARAMS_free 4664 1_1_0d EXIST::FUNCTION: SAF_HashUpdate 4665 1_1_0d EXIST::FUNCTION: -SM2_compute_message_digest 4666 1_1_0d EXIST::FUNCTION: +SM2_compute_message_digest 4666 1_1_0d NOEXIST::FUNCTION: SOF_GetServerCertificate 4667 1_1_0d EXIST::FUNCTION: CPK_MASTER_SECRET_it 4668 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CPK_MASTER_SECRET_it 4668 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -4756,7 +4756,7 @@ SDF_HashInit 4705 1_1_0d EXIST::FUNCTION: SM2_KAP_prepare 4706 1_1_0d EXIST::FUNCTION: SAF_VerifyCertificateByCrl 4707 1_1_0d EXIST::FUNCTION: ECDSA_SIG_get_ECCSIGNATUREBLOB 4708 1_1_0d EXIST::FUNCTION: -i2d_PAILLIER_PRIVATE_KEY 4709 1_1_0d EXIST::FUNCTION: +i2d_PAILLIER_PRIVATE_KEY 4709 1_1_0d NOEXIST::FUNCTION: SDF_OpenDevice 4710 1_1_0d EXIST::FUNCTION: SKF_GetContainerType 4711 1_1_0d EXIST::FUNCTION: PAILLIER_generate_key 4712 1_1_0d EXIST::FUNCTION: @@ -4764,7 +4764,7 @@ eia3_final 4713 1_1_0d EXIST::FUNCTION: RSA_get_RSAPUBLICKEYBLOB 4714 1_1_0d EXIST::FUNCTION: SM2_KAP_final_check 4715 1_1_0d EXIST::FUNCTION: EC_type1curve_tate 4716 1_1_0d EXIST::FUNCTION: -SM2_ENC_PARAMS_dup 4717 1_1_0d EXIST::FUNCTION: +SM2_ENC_PARAMS_dup 4717 1_1_0d NOEXIST::FUNCTION: SOF_SetSignMethod 4718 1_1_0d EXIST::FUNCTION: sms4_ede_decrypt 4719 1_1_0d EXIST::FUNCTION: SKF_VerifyPIN 4720 1_1_0d EXIST::FUNCTION: @@ -4775,17 +4775,17 @@ SOF_GetTimeStampInfo 4724 1_1_0d EXIST::FUNCTION: zuc_ctx_init 4725 1_1_0d EXIST::FUNCTION: SOF_ChangePassWd 4726 1_1_0d EXIST::FUNCTION: SDF_ImportKeyWithISK_RSA 4727 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_free 4728 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_free 4728 1_1_0d NOEXIST::FUNCTION: SKF_PrintECCSignature 4729 1_1_0d EXIST::FUNCTION: SM2_sign 4730 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB 4731 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB 4731 1_1_0d NOEXIST::FUNCTION: BFMasterSecret_free 4732 1_1_0d EXIST::FUNCTION: SOF_GetSignMethod 4733 1_1_0d EXIST::FUNCTION: SAF_SM2_EncodeSignedAndEnvelopedData 4734 1_1_0d EXIST::FUNCTION: SOF_VerifySignedMessageDetach 4735 1_1_0d EXIST::FUNCTION: BN_GFP2_inv 4736 1_1_0d EXIST::FUNCTION: SDF_GenerateKeyPair_ECC 4737 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_new_from_ECCCipher 4738 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_new_from_ECCCipher 4738 1_1_0d NOEXIST::FUNCTION: SM9_encrypt 4739 1_1_0d EXIST::FUNCTION: SAF_EccVerifySignByCert 4740 1_1_0d EXIST::FUNCTION: EC_KEY_set_default_sm_method 4741 1_1_0d EXIST::FUNCTION: @@ -4821,18 +4821,18 @@ SKF_UnblockPIN 4770 1_1_0d EXIST::FUNCTION: KDF_get_tls_kdf 4771 1_1_0d EXIST::FUNCTION: BFPublicParameters_it 4772 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BFPublicParameters_it 4772 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -SM2_CIPHERTEXT_VALUE_size 4773 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_size 4773 1_1_0d NOEXIST::FUNCTION: SM9PublicParameters_new 4774 1_1_0d EXIST::FUNCTION: RSA_new_from_RSAPRIVATEKEYBLOB 4775 1_1_0d EXIST::FUNCTION: d2i_FpPoint 4776 1_1_0d EXIST::FUNCTION: d2i_BB1CiphertextBlock 4777 1_1_0d EXIST::FUNCTION: sms4_wrap_key 4778 1_1_0d EXIST::FUNCTION: i2d_BFPrivateKeyBlock 4779 1_1_0d EXIST::FUNCTION: -SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB 4780 1_1_0d EXIST::FUNCTION: +SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB 4780 1_1_0d NOEXIST::FUNCTION: EC_GROUP_get_type1curve_zeta 4781 1_1_0d EXIST::FUNCTION: SKF_PrintRSAPublicKey 4782 1_1_0d EXIST::FUNCTION: EC_KEY_new_from_ECCPRIVATEKEYBLOB 4783 1_1_0d EXIST::FUNCTION: -SM2_get_public_key_data 4784 1_1_0d EXIST::FUNCTION: +SM2_get_public_key_data 4784 1_1_0d NOEXIST::FUNCTION: SAF_SM2_DecodeSignedData 4785 1_1_0d EXIST::FUNCTION: BB1PublicParameters_it 4786 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BB1PublicParameters_it 4786 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -4871,4 +4871,61 @@ SM2_do_sign_ex 4818 1_1_0d EXIST::FUNCTION: SOF_CreateTimeStampRequest 4819 1_1_0d EXIST::FUNCTION: BN_GF2P_add 4820 1_1_0d EXIST::FUNCTION: SM2_compute_key 4821 1_1_0d EXIST::FUNCTION: -BN_GFP2_add_bn 4822 1_1_0d EXIST::FUNCTION: +BN_GFP2_add_bn 4822 1_1_0d NOEXIST::FUNCTION: +SAF_EccVerifySignFile 4823 1_1_0d EXIST::FUNCTION: +SAF_EccSignFile 4824 1_1_0d EXIST::FUNCTION: +d2i_PaillierPublicKey 4825 1_1_0d EXIST::FUNCTION: +EVP_PKEY_get0_PAILLIER 4826 1_1_0d EXIST::FUNCTION:PAILLIER +PEM_write_bio_PAILLIER_PUBKEY 4827 1_1_0d EXIST::FUNCTION:PAILLIER +PEM_write_PAILLIERPublicKey 4828 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +EVP_PKEY_set1_PAILLIER 4829 1_1_0d EXIST::FUNCTION:PAILLIER +i2d_PaillierPrivateKey 4830 1_1_0d EXIST::FUNCTION: +PEM_write_bio_PAILLIERPrivateKey 4831 1_1_0d EXIST::FUNCTION:PAILLIER +EVP_PKEY_get1_PAILLIER 4832 1_1_0d EXIST::FUNCTION:PAILLIER +PEM_read_bio_PAILLIER_PUBKEY 4833 1_1_0d EXIST::FUNCTION:PAILLIER +d2i_PaillierPrivateKey 4834 1_1_0d EXIST::FUNCTION: +PEM_write_PAILLIERPrivateKey 4835 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +PEM_read_PAILLIERPrivateKey 4836 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +PEM_write_PAILLIER_PUBKEY 4837 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +PaillierPrivateKey_it 4838 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +PaillierPrivateKey_it 4838 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +i2d_PaillierPublicKey 4839 1_1_0d EXIST::FUNCTION: +PEM_read_bio_PAILLIERPublicKey 4840 1_1_0d EXIST::FUNCTION:PAILLIER +PaillierPublicKey_it 4841 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +PaillierPublicKey_it 4841 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +PEM_read_PAILLIER_PUBKEY 4842 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +PEM_read_bio_PAILLIERPrivateKey 4843 1_1_0d EXIST::FUNCTION:PAILLIER +PEM_write_bio_PAILLIERPublicKey 4844 1_1_0d EXIST::FUNCTION:PAILLIER +PEM_read_PAILLIERPublicKey 4845 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +PAILLIER_up_ref 4846 1_1_0d EXIST::FUNCTION: +i2d_PAILLIER_PUBKEY 4847 1_1_0d EXIST::FUNCTION:PAILLIER +d2i_PaillierPublicKey_fp 4848 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +d2i_PaillierPrivateKey_bio 4849 1_1_0d EXIST::FUNCTION:PAILLIER +d2i_PAILLIER_PUBKEY 4850 1_1_0d EXIST::FUNCTION:PAILLIER +d2i_PaillierPrivateKey_fp 4851 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +d2i_PaillierPublicKey_bio 4852 1_1_0d EXIST::FUNCTION:PAILLIER +i2d_PaillierPublicKey_bio 4853 1_1_0d EXIST::FUNCTION:PAILLIER +i2d_PaillierPublicKey_fp 4854 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +d2i_PAILLIER_PUBKEY_fp 4855 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +i2d_PaillierPrivateKey_bio 4856 1_1_0d EXIST::FUNCTION:PAILLIER +i2d_PAILLIER_PUBKEY_fp 4857 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +d2i_PAILLIER_PUBKEY_bio 4858 1_1_0d EXIST::FUNCTION:PAILLIER +i2d_PAILLIER_PUBKEY_bio 4859 1_1_0d EXIST::FUNCTION:PAILLIER +i2d_PaillierPrivateKey_fp 4860 1_1_0d EXIST::FUNCTION:PAILLIER,STDIO +X509_NAMpaillierE_print_ex_fp 4861 1_1_0d EXIST::FUNCTION:STDIO +ERR_load_SM2_strings 4862 1_1_0d EXIST::FUNCTION: +SM2CiphertextValue_it 4863 1_1_0d EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +SM2CiphertextValue_it 4863 1_1_0d EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +i2d_SM2CiphertextValue 4864 1_1_0d EXIST::FUNCTION: +d2i_SM2CiphertextValue 4865 1_1_0d EXIST::FUNCTION: +SM2CiphertextValue_new 4866 1_1_0d EXIST::FUNCTION: +SM2CiphertextValue_free 4867 1_1_0d EXIST::FUNCTION: +ASN1_OCTET_STRING_is_zero 4868 1_1_0d EXIST::FUNCTION:SM2 +SM2CiphertextValue_get_ECCCipher 4869 1_1_0d EXIST::FUNCTION: +SM2CiphertextValue_set_ECCCIPHERBLOB 4870 1_1_0d EXIST::FUNCTION: +SM2CiphertextValue_new_from_ECCCIPHERBLOB 4871 1_1_0d EXIST::FUNCTION: +SM2CiphertextValue_new_from_ECCCipher 4872 1_1_0d EXIST::FUNCTION: +SM2CiphertextValue_set_ECCCipher 4873 1_1_0d EXIST::FUNCTION: +SM2CiphertextValue_get_ECCCIPHERBLOB 4874 1_1_0d EXIST::FUNCTION: +ECIES_PARAMS_init_with_type 4875 1_1_0d EXIST::FUNCTION: +BN_GFP2_one 4876 1_1_0d EXIST::FUNCTION: