diff --git a/certs/sm2/sm2-x509.json b/certs/sm2/sm2-x509.json new file mode 100644 index 00000000..5cae8394 --- /dev/null +++ b/certs/sm2/sm2-x509.json @@ -0,0 +1,61 @@ +{ + "Certificate": + { + "Data": + { + "Version": "3 (0x2)", + "Serial Number":"2d:a1:a6:bd:0c:e7:6c:62:4e:63:4b:7d:6a:29:d0:2a", + "Signature Algorithm": "sm2sign-with-sm3", + "Issuer": "C=CN, O=NRCAC, CN=ROOTCA", + "Validity": + { + "Not Before":"Sep 13 08:10:25 2013 GMT", + "Not After":"Sep 8 08:10:25 2033 GMT" + } + "Subject":"C=CN, O=UniTrust, CN=SHECA SM2", + "Subject Public Key Info": + { + "Public Key Algorithm":"id-ecPublicKey", + "Public-Key": + { + "pub":"04:7d:d1:1f:91:2d:06:4a:54:10:f0:84:84:55:25:1d:bc:a2:fb:b5:c7:77:6e:c3:6c:b1:69:66:98:e8:4d:e5:50:a0:d6:22:c9:80:c0:c3:aa:13:bd:4c:5b:78:10:3b:19:ba:f1:02:5f:3f:2e:89:4f:81:2f:8a:5d:74:17:0c:80", + "ASN1 OID":"sm2p256v1" + } + } + "X509v3 extensions": + { + "X509v3 Authority Key Identifier": + { + "keyid":"4C:32:B1:97:D9:33:1B:C4:A6:05:C1:C6:E5:8B:62:5B:F0:97:76:58" + } + "X509v3 Basic Constraints":"critical", + "CA":"TRUE", + "X509v3 CRL Distribution Points: + [ + "Full Name": + { + "DirName":"C = CN, O = NRCAC, OU = ARL, CN = arl" + }, + "Full Name": + { + "URI":"http://www.rootca.gov.cn/arl/arl.crl" + }, + "Full Name": + { + "URI":"ldap://ldap.rootca.gov.cn:389/CN=arl,OU=ARL,O=NRCAC,C=CN" + } + ], + "X509v3 Key Usage": + [ + "critical", + "Certificate Sign", + "CRL Sign" + ] + "X509v3 Subject Key Identifier":"89:31:04:91:7B:43:AA:AA:9A:BF:84:1D:9B:86:EE:F0:B8:70:99:A0" + } + } + "Signature Algorithm":"sm2sign-with-sm3", + "Signature":"30:45:02:21:00:8a:7b:ff:7b:ef:6b:e6:71:15:e3:ca:76:a9:33:74:6a:15:c8:6b:1f:18:78:62:2c:b4:1e:2a:b0:99:43:64:39:02:20:26:30:e7:5f:d1:fd:1b:f0:28:a5:ad:55:9d:8b:ca:5f:67:23:ba:46:a6:1f:9e:97:09:eb:7f:25:ec:a1:df:34" + } +} + diff --git a/certs/sm2/sm2-x509.txt b/certs/sm2/sm2-x509.txt new file mode 100644 index 00000000..c215dbe2 --- /dev/null +++ b/certs/sm2/sm2-x509.txt @@ -0,0 +1,47 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2d:a1:a6:bd:0c:e7:6c:62:4e:63:4b:7d:6a:29:d0:2a + Signature Algorithm: sm2sign-with-sm3 + Issuer: C=CN, O=NRCAC, CN=ROOTCA + Validity + Not Before: Sep 13 08:10:25 2013 GMT + Not After : Sep 8 08:10:25 2033 GMT + Subject: C=CN, O=UniTrust, CN=SHECA SM2 + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:7d:d1:1f:91:2d:06:4a:54:10:f0:84:84:55:25: + 1d:bc:a2:fb:b5:c7:77:6e:c3:6c:b1:69:66:98:e8: + 4d:e5:50:a0:d6:22:c9:80:c0:c3:aa:13:bd:4c:5b: + 78:10:3b:19:ba:f1:02:5f:3f:2e:89:4f:81:2f:8a: + 5d:74:17:0c:80 + ASN1 OID: sm2p256v1 + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:4C:32:B1:97:D9:33:1B:C4:A6:05:C1:C6:E5:8B:62:5B:F0:97:76:58 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + DirName: C = CN, O = NRCAC, OU = ARL, CN = arl + + Full Name: + URI:http://www.rootca.gov.cn/arl/arl.crl + + Full Name: + URI:ldap://ldap.rootca.gov.cn:389/CN=arl,OU=ARL,O=NRCAC,C=CN + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 89:31:04:91:7B:43:AA:AA:9A:BF:84:1D:9B:86:EE:F0:B8:70:99:A0 + Signature Algorithm: sm2sign-with-sm3 + 30:45:02:21:00:8a:7b:ff:7b:ef:6b:e6:71:15:e3:ca:76:a9: + 33:74:6a:15:c8:6b:1f:18:78:62:2c:b4:1e:2a:b0:99:43:64: + 39:02:20:26:30:e7:5f:d1:fd:1b:f0:28:a5:ad:55:9d:8b:ca: + 5f:67:23:ba:46:a6:1f:9e:97:09:eb:7f:25:ec:a1:df:34 diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 8aab5513..873fd62e 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -102,6 +102,172 @@ int X509_print(BIO *bp, X509 *x) return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); } +#define OPENSSL_NO_JSON 1 +#ifndef OPENSSL_NO_JSON + +int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, + unsigned long cflag) +{ + long l; + int ret = 0, i; + char *m = NULL, mlch = ' '; + int nmindent = 0; + X509_CINF *ci; + ASN1_INTEGER *bs; + EVP_PKEY *pkey = NULL; + const char *neg; + + if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; + nmindent = 12; + } + + if (nmflags == X509_FLAG_COMPAT) + nmindent = 16; + + ci = x->cert_info; + if (!(cflag & X509_FLAG_NO_HEADER)) { + if (BIO_write(bp, "Certificate:\n", 13) <= 0) + goto err; + if (BIO_write(bp, " Data:\n", 10) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_VERSION)) { + l = X509_get_version(x); + if (BIO_printf(bp, "\"Version\":\"%lu (0x%lx)\",", "", l + 1, l) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_SERIAL)) { + + if (BIO_write(bp, "\"Serial Number\":") <= 0) + goto err; + + bs = X509_get_serialNumber(x); + if (bs->length <= (int)sizeof(long)) { + l = ASN1_INTEGER_get(bs); + if (bs->type == V_ASN1_NEG_INTEGER) { + l = -l; + neg = "-"; + } else + neg = ""; + if (BIO_printf(bp, "\"%s%lu (%s0x%lx)\"", neg, l, neg, l) <= 0) + goto err; + } else { + neg = (bs->type == V_ASN1_NEG_INTEGER) ? "\"(Negative)\"" : ""; + if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) + goto err; + + for (i = 0; i < bs->length; i++) { + if (BIO_printf(bp, "%02x%c", bs->data[i], + ((i + 1 == bs->length) ? '\n' : ':')) <= 0) + goto err; + } + } + + } + + if (!(cflag & X509_FLAG_NO_SIGNAME)) { + if (X509_signature_print(bp, ci->signature, NULL) <= 0) + goto err; +#if 0 + if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) + goto err; + if (BIO_puts(bp, "\n") <= 0) + goto err; +#endif + } + + if (!(cflag & X509_FLAG_NO_ISSUER)) { + if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) + goto err; + if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) + < 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_VALIDITY)) { + if (BIO_write(bp, " Validity\n", 17) <= 0) + goto err; + if (BIO_write(bp, " Not Before: ", 24) <= 0) + goto err; + if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) + goto err; + if (BIO_write(bp, "\n Not After : ", 25) <= 0) + goto err; + if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_SUBJECT)) { + if (BIO_printf(bp, " Subject:%c", mlch) <= 0) + goto err; + if (X509_NAME_print_ex + (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_PUBKEY)) { + if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) + goto err; + if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) + goto err; + if (BIO_puts(bp, "\n") <= 0) + goto err; + + pkey = X509_get_pubkey(x); + if (pkey == NULL) { + BIO_printf(bp, "%12sUnable to load Public Key\n", ""); + ERR_print_errors(bp); + } else { + EVP_PKEY_print_public(bp, pkey, 16, NULL); + EVP_PKEY_free(pkey); + } + } + + if (!(cflag & X509_FLAG_NO_IDS)) { + if (ci->issuerUID) { + if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) + goto err; + if (!X509_signature_dump(bp, ci->issuerUID, 12)) + goto err; + } + if (ci->subjectUID) { + if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) + goto err; + if (!X509_signature_dump(bp, ci->subjectUID, 12)) + goto err; + } + } + + if (!(cflag & X509_FLAG_NO_EXTENSIONS)) + X509V3_extensions_print(bp, "X509v3 extensions", + ci->extensions, cflag, 8); + + if (!(cflag & X509_FLAG_NO_SIGDUMP)) { + if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_AUX)) { + if (!X509_CERT_AUX_print(bp, x->aux, 0)) + goto err; + } + ret = 1; + err: + if (m != NULL) + OPENSSL_free(m); + return (ret); +} + +#else +/* original */ + int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) { @@ -261,6 +427,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, OPENSSL_free(m); return (ret); } +#endif int X509_ocspid_print(BIO *bp, X509 *x) { diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 5797da32..94d7e71a 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -669,7 +669,7 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *pk_ctx, int type, int p1, void *p2) } const EVP_PKEY_METHOD sm2_pkey_meth = { - EVP_PKEY_EC, + EVP_PKEY_SM2, 0, /* flags */ pkey_ec_init, pkey_ec_copy, diff --git a/crypto/ecies/ecies_lib.c b/crypto/ecies/ecies_lib.c index 239f02c8..a2d475d9 100644 --- a/crypto/ecies/ecies_lib.c +++ b/crypto/ecies/ecies_lib.c @@ -71,9 +71,7 @@ static void *ecies_data_dup(void *data) { return NULL; } - ret->kdf_md = param->kdf_md; - ret->sym_cipher = param->sym_cipher; - ret->mac_md = param->mac_md; + memcpy(ret, param, sizeof(*param)); return ret; } @@ -89,16 +87,13 @@ int ECIES_set_parameters(EC_KEY *ec_key, const ECIES_PARAMS *param) OPENSSL_assert(ec_key); OPENSSL_assert(param); - data = ecies_data_dup(param); + data = (ECIES_PARAMS *)ecies_data_dup((void *)param); - - if (!EC_KEY_insert_key_method_data(ec_key, data, + if (EC_KEY_insert_key_method_data(ec_key, data, ecies_data_dup, ecies_data_free, ecies_data_free)) { - - printf("EC_KEY_insert_key_method_data() error\n"); - return 0; } + return 1; } @@ -127,6 +122,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, if (!(cv = ECIES_CIPHERTEXT_VALUE_new())) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -135,16 +131,19 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, */ if (!(ephem_key = EC_KEY_new())) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_KEY_set_group(ephem_key, EC_KEY_get0_group(pub_key))) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_EC_LIB); goto err; } if (!EC_KEY_generate_key(ephem_key)) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_EC_LIB); goto err; } @@ -154,6 +153,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, NULL, 0, NULL); if (!M_ASN1_OCTET_STRING_set(cv->ephem_point, NULL, len)) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_ASN1_LIB); goto err; } @@ -161,6 +161,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, EC_KEY_get0_public_key(ephem_key), POINT_CONVERSION_COMPRESSED, cv->ephem_point->data, len, NULL) <= 0) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_EC_LIB); goto err; } @@ -190,6 +191,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, mackeylen = 192/8; break; default: + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_EC_LIB); goto err; } @@ -198,6 +200,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, if (!(share = OPENSSL_malloc(sharelen))) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -206,6 +209,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, EC_KEY_get0_public_key(pub_key), ephem_key, KDF_get_x9_63(param->kdf_md))) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ECIES_R_ECDH_FAILED); goto err; } @@ -222,6 +226,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, if (!M_ASN1_OCTET_STRING_set(cv->ciphertext, NULL, len)) { ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto err; } @@ -232,6 +237,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, if (!EVP_EncryptInit(&cipher_ctx, param->sym_cipher, enckey, iv)) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ECIES_R_ENCRYPT_FAILED); goto err; @@ -239,6 +245,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, p = cv->ciphertext->data; if (!EVP_EncryptUpdate(&cipher_ctx, p, &len, in, (int)inlen)) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ECIES_R_ENCRYPT_FAILED); goto err; @@ -246,6 +253,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, p += len; if (!EVP_EncryptFinal(&cipher_ctx, p, &len)) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ECIES_R_ENCRYPT_FAILED); goto err; @@ -268,6 +276,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, if (!M_ASN1_OCTET_STRING_set(cv->mactag, NULL, cv->mactag->length)) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -275,6 +284,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, cv->ciphertext->data, (size_t)cv->ciphertext->length, cv->mactag->data, (unsigned int *)&len)) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ECIES_R_GEN_MAC_FAILED); goto err; } @@ -449,10 +459,12 @@ int ECIES_encrypt(unsigned char *out, size_t *outlen, if (!(cv = ECIES_do_encrypt(param, in, inlen, ec_key))) { ECIESerr(ECIES_F_ECIES_ENCRYPT, ECIES_R_ENCRYPT_FAILED); + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); return 0; } if ((len = i2d_ECIES_CIPHERTEXT_VALUE(cv, NULL)) <= 0) { + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_ENCRYPT, ECIES_R_ENCRYPT_FAILED); goto end; } @@ -466,11 +478,13 @@ int ECIES_encrypt(unsigned char *out, size_t *outlen, if (*outlen < len) { ECIESerr(ECIES_F_ECIES_ENCRYPT, ECIES_R_ENCRYPT_FAILED); *outlen = (size_t)len; + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } if ((len = i2d_ECIES_CIPHERTEXT_VALUE(cv, &p)) <= 0) { ECIESerr(ECIES_F_ECIES_ENCRYPT, ECIES_R_ENCRYPT_FAILED); + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto end; } diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 9d425575..36fcdd69 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -118,6 +118,10 @@ # define EVP_PKEY_HMAC NID_hmac # define EVP_PKEY_CMAC NID_cmac +# ifndef OPENSSL_NO_SM2 +# define EVP_PKEY_SM2 NID_sm2p256v1 /* FIXME: NID_sm2 */ +# endif + #ifdef __cplusplus extern "C" { #endif @@ -507,6 +511,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, (char *)(eckey)) # endif +# ifndef OPENSSL_NO_SM2 +# define EVP_PKEY_assign_SM2(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_SM2,\ + (char *)(eckey)) +# endif + /* Add some extra combinations */ # define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) # define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) @@ -991,6 +1000,10 @@ struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); struct ec_key_st; int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +# ifndef OPENSSL_NO_SM2 +int EVP_PKEY_set1_SM2(EVP_PKEY *pkey, struct ec_key_st *key); +struct ec_key_st *EVP_PKEY_get1_SM2(EVP_PKEY *pkey); +# endif # endif EVP_PKEY *EVP_PKEY_new(void); diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index 8e3d43ed..6f2cc552 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -82,6 +82,8 @@ static int ossl_EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key return (ret); } +// OPENSSL_NO_GMSSL +// here is to mark changes int EVP_PKEY_encrypt_old(unsigned char *out, const unsigned char *in, int inlen, EVP_PKEY *pkey) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 1171d308..83929193 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -116,6 +116,15 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) return (ret); } #endif +#ifndef OPENSSL_NO_SM2 + if (pkey->type == EVP_PKEY_SM2) { + int ret = pkey->save_parameters; + + if (mode >= 0) + pkey->save_parameters = mode; + return (ret); + } +#endif return (0); } @@ -325,6 +334,26 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) } #endif +#ifndef OPENSSL_NO_SM2 +int EVP_PKEY_set1_SM2(EVP_PKEY *pkey, EC_KEY *key) +{ + int ret = EVP_PKEY_assign_SM2(pkey, key); + if (ret) + EC_KEY_up_ref(key); + return ret; +} + +EC_KEY *EVP_PKEY_get1_SM2(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_SM2) { + EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);//FIXME:errno + return NULL; + } + EC_KEY_up_ref(pkey->pkey.ec); + return pkey->pkey.ec; +} +#endif + #ifndef OPENSSL_NO_DH int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 08ccd045..3839fbf0 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -89,7 +89,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = { #endif #ifndef OPENSSL_NO_EC &ec_pkey_meth, - //&sm2_pkey_meth, +#endif +#ifndef OPENSSL_NO_SM2 + &sm2_pkey_meth, #endif &hmac_pkey_meth, &cmac_pkey_meth, diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 7269e8c2..e1197648 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 1001 -#define NUM_SN 985 -#define NUM_LN 985 -#define NUM_OBJ 924 +#define NUM_NID 1011 +#define NUM_SN 995 +#define NUM_LN 995 +#define NUM_OBJ 934 -static const unsigned char lvalues[6482]={ +static const unsigned char lvalues[6560]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -986,6 +986,16 @@ static const unsigned char lvalues[6482]={ 0x2B,0x81,0x04,0x01,0x18,0x00, /* [6461] OBJ_cmac_aes128_ecies */ 0x2B,0x81,0x04,0x01,0x18,0x01, /* [6467] OBJ_cmac_aes192_ecies */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x81,0x48, /* [6473] OBJ_zuc */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x65, /* [6481] OBJ_sm6 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66, /* [6488] OBJ_sm1 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67, /* [6495] OBJ_ssf33 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x69, /* [6502] OBJ_sm7 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x6A, /* [6509] OBJ_sm8 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x81,0x49, /* [6516] OBJ_sm5 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E, /* [6524] OBJ_sm9 */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x01,/* [6532] OBJ_sm9sign */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x02,/* [6541] OBJ_sm9keyagreement */ +0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x03,/* [6550] OBJ_sm9encrypt */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2608,6 +2618,17 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"cmac-aes192-ecies","cmac-aes192-ecies",NID_cmac_aes192_ecies,6, &(lvalues[6467]),0}, {"ZUC","zuc",NID_zuc,8,&(lvalues[6473]),0}, +{"SM6","sm6",NID_sm6,7,&(lvalues[6481]),0}, +{"SM1","sm1",NID_sm1,7,&(lvalues[6488]),0}, +{"SSF33","ssf33",NID_ssf33,7,&(lvalues[6495]),0}, +{"SM7","sm7",NID_sm7,7,&(lvalues[6502]),0}, +{"SM8","sm8",NID_sm8,7,&(lvalues[6509]),0}, +{"SM5","sm5",NID_sm5,8,&(lvalues[6516]),0}, +{"SM9","sm9",NID_sm9,8,&(lvalues[6524]),0}, +{"sm9sign","sm9sign",NID_sm9sign,9,&(lvalues[6532]),0}, +{"sm9keyagreement","sm9keyagreement",NID_sm9keyagreement,9, + &(lvalues[6541]),0}, +{"sm9encrypt","sm9encrypt",NID_sm9encrypt,9,&(lvalues[6550]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2793,10 +2814,16 @@ static const unsigned int sn_objs[NUM_SN]={ 672, /* "SHA256" */ 673, /* "SHA384" */ 674, /* "SHA512" */ +1002, /* "SM1" */ 974, /* "SM2Sign-with-SHA1" */ 975, /* "SM2Sign-with-SHA256" */ 973, /* "SM2Sign-with-SM3" */ 962, /* "SM3" */ +1006, /* "SM5" */ +1001, /* "SM6" */ +1004, /* "SM7" */ +1005, /* "SM8" */ +1007, /* "SM9" */ 188, /* "SMIME" */ 167, /* "SMIME-CAPS" */ 978, /* "SMS4-CBC" */ @@ -2804,6 +2831,7 @@ static const unsigned int sn_objs[NUM_SN]={ 977, /* "SMS4-ECB" */ 981, /* "SMS4-OFB" */ 100, /* "SN" */ +1003, /* "SSF33" */ 16, /* "ST" */ 143, /* "SXNetID" */ 458, /* "UID" */ @@ -3547,6 +3575,9 @@ static const unsigned int sn_objs[NUM_SN]={ 971, /* "sm2keyagreement" */ 958, /* "sm2p256v1" */ 970, /* "sm2sign" */ +1010, /* "sm9encrypt" */ +1009, /* "sm9keyagreement" */ +1008, /* "sm9sign" */ 387, /* "snmpv2" */ 660, /* "street" */ 85, /* "subjectAltName" */ @@ -4525,6 +4556,7 @@ static const unsigned int ln_objs[NUM_LN]={ 454, /* "simpleSecurityObject" */ 496, /* "singleLevelQuality" */ 968, /* "sm" */ +1002, /* "sm1" */ 972, /* "sm2encrypt" */ 971, /* "sm2keyagreement" */ 958, /* "sm2p256v1" */ @@ -4533,10 +4565,19 @@ static const unsigned int ln_objs[NUM_LN]={ 975, /* "sm2sign-with-sha256" */ 973, /* "sm2sign-with-sm3" */ 962, /* "sm3" */ +1006, /* "sm5" */ +1001, /* "sm6" */ +1004, /* "sm7" */ +1005, /* "sm8" */ +1007, /* "sm9" */ +1010, /* "sm9encrypt" */ +1009, /* "sm9keyagreement" */ +1008, /* "sm9sign" */ 978, /* "sms4-cbc" */ 982, /* "sms4-cfb" */ 977, /* "sms4-ecb" */ 981, /* "sms4-ofb" */ +1003, /* "ssf33" */ 16, /* "stateOrProvinceName" */ 660, /* "streetAddress" */ 498, /* "subtreeMaximumQuality" */ @@ -4947,6 +4988,11 @@ static const unsigned int obj_objs[NUM_OBJ]={ 634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ 635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ 436, /* OBJ_ucl 0 9 2342 19200300 */ +1001, /* OBJ_sm6 1 2 156 10197 1 101 */ +1002, /* OBJ_sm1 1 2 156 10197 1 102 */ +1003, /* OBJ_ssf33 1 2 156 10197 1 103 */ +1004, /* OBJ_sm7 1 2 156 10197 1 105 */ +1005, /* OBJ_sm8 1 2 156 10197 1 106 */ 820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ 819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ 845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ @@ -5023,7 +5069,9 @@ static const unsigned int obj_objs[NUM_OBJ]={ 982, /* OBJ_sms4_cfb128 1 2 156 10197 1 104 3 */ 981, /* OBJ_sms4_ofb128 1 2 156 10197 1 104 4 */ 1000, /* OBJ_zuc 1 2 156 10197 1 200 */ +1006, /* OBJ_sm5 1 2 156 10197 1 201 */ 958, /* OBJ_sm2p256v1 1 2 156 10197 1 301 */ +1007, /* OBJ_sm9 1 2 156 10197 1 302 */ 962, /* OBJ_sm3 1 2 156 10197 1 401 */ 973, /* OBJ_sm2sign_with_sm3 1 2 156 10197 1 501 */ 974, /* OBJ_sm2sign_with_sha1 1 2 156 10197 1 502 */ @@ -5208,6 +5256,9 @@ static const unsigned int obj_objs[NUM_OBJ]={ 970, /* OBJ_sm2sign 1 2 156 10197 1 301 1 */ 971, /* OBJ_sm2keyagreement 1 2 156 10197 1 301 2 */ 972, /* OBJ_sm2encrypt 1 2 156 10197 1 301 3 */ +1008, /* OBJ_sm9sign 1 2 156 10197 1 302 1 */ +1009, /* OBJ_sm9keyagreement 1 2 156 10197 1 302 2 */ +1010, /* OBJ_sm9encrypt 1 2 156 10197 1 302 3 */ 963, /* OBJ_hmac_sm3 1 2 156 10197 1 401 2 */ 108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ 112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index d2e2163c..334b4aa3 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -4276,6 +4276,36 @@ #define NID_sm 968 #define OBJ_sm OBJ_oscca,1L +#define SN_sm6 "SM6" +#define LN_sm6 "sm6" +#define NID_sm6 1001 +#define OBJ_sm6 OBJ_sm,101L + +#define SN_sm1 "SM1" +#define LN_sm1 "sm1" +#define NID_sm1 1002 +#define OBJ_sm1 OBJ_sm,102L + +#define SN_ssf33 "SSF33" +#define LN_ssf33 "ssf33" +#define NID_ssf33 1003 +#define OBJ_ssf33 OBJ_sm,103L + +#define SN_sm7 "SM7" +#define LN_sm7 "sm7" +#define NID_sm7 1004 +#define OBJ_sm7 OBJ_sm,105L + +#define SN_sm8 "SM8" +#define LN_sm8 "sm8" +#define NID_sm8 1005 +#define OBJ_sm8 OBJ_sm,106L + +#define SN_sm5 "SM5" +#define LN_sm5 "sm5" +#define NID_sm5 1006 +#define OBJ_sm5 OBJ_sm,201L + #define SN_sm2p256v1 "sm2p256v1" #define NID_sm2p256v1 958 #define OBJ_sm2p256v1 OBJ_sm,301L @@ -4292,6 +4322,23 @@ #define NID_sm2encrypt 972 #define OBJ_sm2encrypt OBJ_sm,301L,3L +#define SN_sm9 "SM9" +#define LN_sm9 "sm9" +#define NID_sm9 1007 +#define OBJ_sm9 OBJ_sm,302L + +#define SN_sm9sign "sm9sign" +#define NID_sm9sign 1008 +#define OBJ_sm9sign OBJ_sm,302L,1L + +#define SN_sm9keyagreement "sm9keyagreement" +#define NID_sm9keyagreement 1009 +#define OBJ_sm9keyagreement OBJ_sm,302L,2L + +#define SN_sm9encrypt "sm9encrypt" +#define NID_sm9encrypt 1010 +#define OBJ_sm9encrypt OBJ_sm,302L,3L + #define SN_sm3 "SM3" #define LN_sm3 "sm3" #define NID_sm3 962 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index e806edfe..bdb3c325 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -998,3 +998,13 @@ hmac_half_ecies 997 cmac_aes128_ecies 998 cmac_aes192_ecies 999 zuc 1000 +sm6 1001 +sm1 1002 +ssf33 1003 +sm7 1004 +sm8 1005 +sm5 1006 +sm9 1007 +sm9sign 1008 +sm9keyagreement 1009 +sm9encrypt 1010 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 7d6bc3ef..66b9b9f1 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1376,10 +1376,27 @@ secg-scheme 24 1 : cmac-aes192-ecies member-body 156 : ISO-CN : ISO CN Member Body ISO-CN 10197 : oscca oscca 1 : sm + +sm 101 : SM6 : sm6 + +sm 102 : SM1 : sm1 + +sm 103 : SSF33 : ssf33 +sm 105 : SM7 : sm7 +sm 106 : SM8 : sm8 + +sm 201 : SM5 : sm5 + sm 301 : sm2p256v1 sm 301 1 : sm2sign sm 301 2 : sm2keyagreement sm 301 3 : sm2encrypt + +sm 302 : SM9 : sm9 +sm 302 1 : sm9sign +sm 302 2 : sm9keyagreement +sm 302 3 : sm9encrypt + sm 401 : SM3 : sm3 sm 401 2 : HMAC-SM3 : hmac-sm3 sm 501 : SM2Sign-with-SM3 : sm2sign-with-sm3 diff --git a/crypto/sm2/.sm2test.c.swp b/crypto/sm2/.sm2test.c.swp deleted file mode 100644 index a94fbeeb..00000000 Binary files a/crypto/sm2/.sm2test.c.swp and /dev/null differ