Add SM2 signature and ECIES schemes (3d328a44) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Configure

+1 −1

Original line number	Diff line number	Diff line
		@@ -297,7 +297,7 @@ $config{sdirs} = [
		"objects",
		"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
		"des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
		"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
		"bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
		"buffer", "bio", "stack", "lhash", "rand", "err",
		"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
		"cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"

apps/openssl.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -762,6 +762,9 @@ static void list_disabled(void)
		#ifdef OPENSSL_NO_SEED
		BIO_puts(bio_out, "SEED\n");
		#endif
		#ifdef OPENSSL_NO_SM2
		BIO_puts(bio_out, "SM2\n");
		#endif
		#ifdef OPENSSL_NO_SM3
		BIO_puts(bio_out, "SM3\n");
		#endif

config

+1 −1

Original line number	Diff line number	Diff line
		@@ -886,7 +886,7 @@ case "$GUESSOS" in
		i386-*) options="$options 386" ;;
		esac

		for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm3 sm4
		for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm2 sm3 sm4
		do
		if [ ! -d $THERE/crypto/$i ]
		then

crypto/ec/ec_curve.c

+39 −0

Original line number	Diff line number	Diff line
		@@ -2751,6 +2751,43 @@ static const struct {
		}
		};

		static const struct {
		EC_CURVE_DATA h;
		unsigned char data[0 + 32 * 6];
		} _EC_sm2p256v1 = {
		{
		NID_X9_62_prime_field, 0, 32, 1
		},
		{
		/* no seed */

		/* p */
		0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
		/* a */
		0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
		0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
		/* b */
		0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
		0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
		0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
		/* x */
		0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
		0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
		0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
		/* y */
		0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
		0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
		0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
		/* order */
		0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
		0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
		0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
		}
		};

		typedef struct _ec_list_element_st {
		int nid;
		const EC_CURVE_DATA *data;
		@@ -2960,6 +2997,8 @@ static const ec_list_element curve_list[] = {
		"RFC 5639 curve over a 512 bit prime field"},
		{NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
		"RFC 5639 curve over a 512 bit prime field"},
		{NID_sm2, &_EC_sm2p256v1.h, 0,
		"SM2 curve over a 256 bit prime field"},
		};

		#define curve_list_length OSSL_NELEM(curve_list)

crypto/ec/ec_pmeth.c

+29 −3

Original line number	Diff line number	Diff line
		@@ -16,6 +16,10 @@
		#include <openssl/evp.h>
		#include "internal/evp_int.h"

		#if !defined(OPENSSL_NO_SM2)
		#include <openssl/sm2.h>
		#endif

		/* EC pkey context structure */

		typedef struct {
		@@ -102,6 +106,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX ctx, unsigned char sig, size_t *siglen,
		unsigned int sltmp;
		EC_PKEY_CTX *dctx = ctx->data;
		EC_KEY *ec = ctx->pkey->pkey.ec;
		const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));

		if (!sig) {
		*siglen = ECDSA_size(ec);
		@@ -116,7 +121,16 @@ static int pkey_ec_sign(EVP_PKEY_CTX ctx, unsigned char sig, size_t *siglen,
		else
		type = NID_sha1;

		if (ec_nid == NID_sm2) {
		#if defined(OPENSSL_NO_SM2)
		ret = -1;
		#else
		ret = SM2_sign(type, tbs, tbslen, sig, &sltmp, ec);
		#endif
		}
		else {
		ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
		}

		if (ret <= 0)
		return ret;
		@@ -131,13 +145,24 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
		int ret, type;
		EC_PKEY_CTX *dctx = ctx->data;
		EC_KEY *ec = ctx->pkey->pkey.ec;
		const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));

		if (dctx->md)
		type = EVP_MD_type(dctx->md);
		else
		type = NID_sha1;

		if (ec_nid == NID_sm2) {
		#if defined(OPENSSL_NO_SM2)
		ret = -1;
		#else
		ret = SM2_verify(type, tbs, tbslen, sig, siglen, ec);
		#endif
		}
		else {
		ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
		}


		return ret;
		}
		@@ -318,7 +343,8 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
		EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
		EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
		EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
		EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
		EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
		EVP_MD_type((const EVP_MD *)p2) != NID_sm3) {
		ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
		return 0;
		}