From f07ca5eeffdd1fbdc42840d5c69308d5b2c9b77a Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Sat, 6 Oct 2018 17:04:25 +0800
Subject: [PATCH] Update SM9 encrypt

---
 crypto/sm9/sm9_enc.c       | 101 +++++++++++++++++++++++++++++++------
 include/openssl/opensslv.h |   4 +-
 include/openssl/sm9.h      |  22 +-------
 3 files changed, 88 insertions(+), 39 deletions(-)

diff --git a/crypto/sm9/sm9_enc.c b/crypto/sm9/sm9_enc.c
index 30ffddec..3dd9b1dc 100644
--- a/crypto/sm9/sm9_enc.c
+++ b/crypto/sm9/sm9_enc.c
@@ -52,8 +52,19 @@
 #include <openssl/err.h>
 #include <openssl/sm2.h>
 #include <openssl/sm9.h>
+#include <openssl/hmac.h>
 #include "sm9_lcl.h"
 
+/*
+int SM9_do_wrap_key(const EVP_MD *kdf_md
+	unsigned char *key, size_t keylen, EC_POINT *C,
+	SM9PublicKey *pk);
+
+int SM9_do_unwrap_key(const EVP_MD *kdf_md,
+	unsigned char *key, size_t keylen, const EC_POINT *C,
+	SM9PublicKey *pk);
+*/
+
 int SM9_unwrap_key(int type,
 	unsigned char *key, size_t keylen,
 	const unsigned char *enced_key, size_t enced_len,
@@ -330,7 +341,80 @@ int SM9_encrypt(int type,
 	unsigned char *out, size_t *outlen,
 	SM9PublicParameters *mpk, const char *id, size_t idlen)
 {
-	return 0;
+	int ret = 0;
+	SM9Ciphertext *sm9cipher = NULL;
+	int kdf;
+	const EVP_MD *md;
+	unsigned char *key = NULL;
+	size_t keylen;
+	unsigned char C1[1 + 64];
+	size_t C1_len;
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen = sizeof(mac);
+	int len, i;
+
+	/* parse type */
+	switch (type) {
+	case NID_sm9encrypt_with_sm3_xor:
+		kdf = NID_sm9kdf_with_sm3;
+		md = EVP_sm3();
+		break;
+	/*
+	case NID_sm9encrypt_with_sha256_xor:
+		kdf = NID_sm9kdf_with_sha256;
+		md = EVP_sha256();
+		break;
+	*/
+	case NID_sm9encrypt_with_sm3_sms4_cbc:
+	case NID_sm9encrypt_with_sm3_sms4_ctr:
+	default:
+		return 0;
+	}
+
+	keylen = inlen + EVP_MD_size(md);
+
+	/* malloc */
+	if (!(sm9cipher = SM9Ciphertext_new())
+		|| !(key = OPENSSL_malloc(keylen))) {
+		SM9err(SM9_F_SM9_ENCRYPT, ERR_R_MALLOC_FAILURE);
+		goto end;
+	}
+
+	/* C1 */
+	if (!SM9_wrap_key(kdf, key, keylen, C1, &C1_len, mpk, id, idlen)) {
+		SM9err(SM9_F_SM9_ENCRYPT, ERR_R_SM9_LIB);
+		goto end;
+	}
+
+	/* C2 = M xor K1 */
+	for (i = 0; i < inlen; i++) {
+		key[i] ^= in[i];
+	}
+
+	/* C3 = MAC(K2, C2) */
+	HMAC(md, key + inlen, EVP_MD_size(md), key, inlen, mac, &maclen);
+
+	/* compose SM9Ciphertext */
+	if (!ASN1_STRING_set(sm9cipher->pointC1, C1, C1_len)
+		|| !ASN1_STRING_set(sm9cipher->c2, key, inlen)
+		|| !ASN1_STRING_set(sm9cipher->c3, mac, maclen)) {
+		SM9err(SM9_F_SM9_ENCRYPT, ERR_R_SM9_LIB);
+		goto end;
+	}
+
+	/* encode sm9 ciphertext */
+	if ((len = i2d_SM9Ciphertext(sm9cipher, &out)) <= 0) {
+		SM9err(SM9_F_SM9_ENCRYPT, ERR_R_SM9_LIB);
+		goto end;
+	}
+	*outlen = len;
+
+	ret = 1;
+
+end:
+	OPENSSL_free(sm9cipher);
+	OPENSSL_clear_free(key, keylen);
+	return ret;
 }
 
 int SM9_decrypt(int type,
@@ -340,18 +424,3 @@ int SM9_decrypt(int type,
 {
 	return 0;
 }
-
-SM9Ciphertext *SM9_do_encrypt(const SM9EncParameters *encparams,
-	const unsigned char *in, size_t inlen,
-	SM9PublicKey *pk)
-{
-	return 0;
-}
-
-int SM9_do_decrypt(const SM9EncParameters *encparams,
-	const SM9Ciphertext *in,
-	unsigned char *out, size_t *outlen,
-	SM9PrivateKey *sk)
-{
-	return 0;
-}
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index 7f4326a1..443ee11d 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -41,9 +41,9 @@ extern "C" {
  */
 # define OPENSSL_VERSION_NUMBER  0x1010004fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "GmSSL 2.3.4 - OpenSSL 1.1.0d-fips  5 Oct 2018"
+#  define OPENSSL_VERSION_TEXT    "GmSSL 2.3.4 - OpenSSL 1.1.0d-fips  6 Oct 2018"
 # else
-#  define OPENSSL_VERSION_TEXT    "GmSSL 2.3.4 - OpenSSL 1.1.0d  5 Oct 2018"
+#  define OPENSSL_VERSION_TEXT    "GmSSL 2.3.4 - OpenSSL 1.1.0d  6 Oct 2018"
 # endif
 
 /*-
diff --git a/include/openssl/sm9.h b/include/openssl/sm9.h
index 91b8dbf6..7819b935 100644
--- a/include/openssl/sm9.h
+++ b/include/openssl/sm9.h
@@ -126,7 +126,6 @@ int SM9_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine);
 #define SM9_VerifyUpdate(ctx,d,l) EVP_DigestUpdate(ctx,d,l)
 int SM9_VerifyFinal(EVP_MD_CTX *ctx, const SM9Signature *sig, SM9PublicKey *pk);
 
-
 int SM9_wrap_key(int type, /* NID_sm9kdf_with_sm3 */
 	unsigned char *key, size_t keylen,
 	unsigned char *enced_key, size_t *enced_len,
@@ -137,17 +136,7 @@ int SM9_unwrap_key(int type,
 	const unsigned char *enced_key, size_t enced_len,
 	SM9PrivateKey *sk);
 
-
-
-typedef struct {
-	const EVP_MD *kdf_md;
-	const EVP_CIPHER *enc_cipher;
-	const EVP_CIPHER *cmac_cipher;
-	const EVP_CIPHER *cbcmac_cipher;
-	const EVP_MD *hmac_md;
-} SM9EncParameters;
-
-int SM9_encrypt(int type,
+int SM9_encrypt(int type, /* NID_sm9encrypt_with_sm3_xor */
 	const unsigned char *in, size_t inlen,
 	unsigned char *out, size_t *outlen,
 	SM9PublicParameters *mpk, const char *id, size_t idlen);
@@ -157,15 +146,6 @@ int SM9_decrypt(int type,
 	unsigned char *out, size_t *outlen,
 	SM9PrivateKey *sk);
 
-SM9Ciphertext *SM9_do_encrypt(const SM9EncParameters *encparams,
-	const unsigned char *in, size_t inlen,
-	SM9PublicKey *pk);
-
-int SM9_do_decrypt(const SM9EncParameters *encparams,
-	const SM9Ciphertext *in,
-	unsigned char *out, size_t *outlen,
-	SM9PrivateKey *sk);
-
 DECLARE_ASN1_FUNCTIONS(SM9MasterSecret)
 DECLARE_ASN1_FUNCTIONS(SM9PublicParameters)
 DECLARE_ASN1_FUNCTIONS(SM9PrivateKey)