Commit ddb634fe authored by Jack Lloyd's avatar Jack Lloyd Committed by Matt Caswell
Browse files

Move SM2 algos to SM2 specific PKEY method 



Use EVP_PKEY_set_alias_type to access

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6443)
parent 2f2e6b62

crypto/asn1/standard_methods.h

+3 −0
Original line number Diff line number Diff line
@@ -54,5 +54,8 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { 
    &ed25519_asn1_meth,

    &ed448_asn1_meth,

#endif

#ifndef OPENSSL_NO_SM2

    &sm2_asn1_meth,

#endif

};

crypto/ec/ec_ameth.c

+8 −0
Original line number Diff line number Diff line
@@ -602,6 +602,14 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { 
    ec_pkey_param_check

};



#if !defined(OPENSSL_NO_SM2)

const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {

   EVP_PKEY_SM2,

   EVP_PKEY_EC,

   ASN1_PKEY_ALIAS

};

#endif



int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)

{

    int private = EC_KEY_get0_private_key(x) != NULL;

crypto/ec/ec_err.c

+6 −0
Original line number Diff line number Diff line
@@ -259,6 +259,12 @@ static const ERR_STRING_DATA EC_str_functs[] = { 
    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},

    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},

    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},

    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},

    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},

    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"},

    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"},

    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"},

    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},

    {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},

    {0, NULL}

};

crypto/ec/ec_pmeth.c

+5 −108
Original line number Diff line number Diff line
@@ -16,10 +16,6 @@ 
#include <openssl/evp.h>

#include "internal/evp_int.h"



#if !defined(OPENSSL_NO_SM2)

# include "internal/sm2.h"

#endif



/* EC pkey context structure */



typedef struct {
@@ -107,7 +103,6 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 
    unsigned int sltmp;

    EC_PKEY_CTX *dctx = ctx->data;

    EC_KEY *ec = ctx->pkey->pkey.ec;

    const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));



    if (!sig) {

        *siglen = ECDSA_size(ec);
@@ -122,15 +117,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 
    else

        type = NID_sha1;



    if (ec_nid == NID_sm2) {

#if defined(OPENSSL_NO_SM2)

        return -1;

#else

        ret = sm2_sign(type, tbs, tbslen, sig, &sltmp, ec);

#endif

    } else {

    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);

    }



    if (ret <= 0)

        return ret;
@@ -145,22 +132,13 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, 
    int ret, type;

    EC_PKEY_CTX *dctx = ctx->data;

    EC_KEY *ec = ctx->pkey->pkey.ec;

    const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));



    if (dctx->md)

        type = EVP_MD_type(dctx->md);

    else

        type = NID_sha1;



    if (ec_nid == NID_sm2) {

#if defined(OPENSSL_NO_SM2)

        ret = -1;

#else

        ret = sm2_verify(type, tbs, tbslen, sig, siglen, ec);

#endif

    } else {

    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);

    }



    return ret;

}
@@ -202,86 +180,6 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) 
    return 1;

}



static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx,

                              unsigned char *out, size_t *outlen,

                              const unsigned char *in, size_t inlen)

{

    int ret;

    EC_KEY *ec = ctx->pkey->pkey.ec;

    const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));



    if (ec_nid == NID_sm2) {

# if defined(OPENSSL_NO_SM2)

        ret = -1;

# else

        int md_type;

        EC_PKEY_CTX *dctx = ctx->data;



        if (dctx->md)

            md_type = EVP_MD_type(dctx->md);

        else

            md_type = NID_sm3;



        if (out == NULL) {

            if (!sm2_ciphertext_size(ec, EVP_get_digestbynid(md_type), inlen,

                                     outlen))

                ret = -1;

            else

                ret = 1;

        }

        else {

            ret = sm2_encrypt(ec, EVP_get_digestbynid(md_type),

                              in, inlen, out, outlen);

        }

# endif

    } else {

        /* standard ECIES not implemented */

        ret = -1;

    }



    return ret;

}



static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx,

                              unsigned char *out, size_t *outlen,

                              const unsigned char *in, size_t inlen)

{

    int ret;

    EC_KEY *ec = ctx->pkey->pkey.ec;

    const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));



    if (ec_nid == NID_sm2) {

# if defined(OPENSSL_NO_SM2)

        ret = -1;

# else

        int md_type;

        EC_PKEY_CTX *dctx = ctx->data;



        if (dctx->md)

            md_type = EVP_MD_type(dctx->md);

        else

            md_type = NID_sm3;



        if (out == NULL) {

            if (!sm2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen,

                                    outlen))

                ret = -1;

            else

                ret = 1;

        }

        else {

            ret = sm2_decrypt(ec, EVP_get_digestbynid(md_type),

                              in, inlen, out, outlen);

        }

# endif

    } else {

        /* standard ECIES not implemented */

        ret = -1;

    }



    return ret;

}



static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,

                              unsigned char *key, size_t *keylen)

{
@@ -420,8 +318,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 
            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&

            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&

            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&

            EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&

            EVP_MD_type((const EVP_MD *)p2) != NID_sm3) {

            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {

            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);

            return 0;

        }
@@ -552,10 +449,10 @@ const EVP_PKEY_METHOD ec_pkey_meth = { 
    0, 0, 0, 0,



    0,

    pkey_ecies_encrypt,

    0,



    0,

    pkey_ecies_decrypt,

    0,



    0,

#ifndef OPENSSL_NO_EC

crypto/err/openssl.txt

+7 −0
Original line number Diff line number Diff line
@@ -1068,6 +1068,10 @@ RSA_F_RSA_VERIFY:119:RSA_verify 
RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING

RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1

RSA_F_SETUP_TBUF:167:setup_tbuf

SM2_F_PKEY_SM2_CTRL:109:pkey_sm2_ctrl

SM2_F_PKEY_SM2_CTRL_STR:110:pkey_sm2_ctrl_str

SM2_F_PKEY_SM2_INIT:111:pkey_sm2_init

SM2_F_PKEY_SM2_SIGN:112:pkey_sm2_sign

SM2_F_SM2_COMPUTE_MSG_HASH:100:sm2_compute_msg_hash

SM2_F_SM2_COMPUTE_USERID_DIGEST:101:sm2_compute_userid_digest

SM2_F_SM2_DECRYPT:102:sm2_decrypt
@@ -2528,10 +2532,13 @@ RSA_R_VALUE_MISSING:147:value missing 
RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length

SM2_R_ASN1_ERROR:100:asn1 error

SM2_R_BAD_SIGNATURE:101:bad signature

SM2_R_BUFFER_TOO_SMALL:107:buffer too small

SM2_R_INVALID_CURVE:108:invalid curve

SM2_R_INVALID_DIGEST:102:invalid digest

SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type

SM2_R_INVALID_ENCODING:104:invalid encoding

SM2_R_INVALID_FIELD:105:invalid field

SM2_R_NO_PARAMETERS_SET:109:no parameters set

SM2_R_USER_ID_TOO_LARGE:106:user id too large

SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake

SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\