[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Mon Mar 19 13:34:14 UTC 2018
The branch master has been updated
via 4e6647506331fc3b3ef5b23e5dbe188279ddd575 (commit)
via dceb99a5fb1b065debc0b3fe19481eff80843732 (commit)
via 3d328a445c2ad0eff2e9e843c384711be58a7c2f (commit)
from df3a15512bd0f5ddd9f0dd74f0a058ee55b33904 (commit)
- Log -----------------------------------------------------------------
commit 4e6647506331fc3b3ef5b23e5dbe188279ddd575
Author: Jack Lloyd <jack.lloyd at ribose.com>
Date: Fri Feb 9 12:21:56 2018 -0500
Handle evp_tests assumption of EVP_PKEY_FLAG_AUTOARGLEN
Without actually using EVP_PKEY_FLAG_AUTOARGLEN
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
commit dceb99a5fb1b065debc0b3fe19481eff80843732
Author: Jack Lloyd <jack.lloyd at ribose.com>
Date: Wed Jan 24 16:45:48 2018 -0500
Support SM2 ECIES scheme via EVP
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
commit 3d328a445c2ad0eff2e9e843c384711be58a7c2f
Author: Jack Lloyd <jack.lloyd at ribose.com>
Date: Wed Jan 24 11:56:02 2018 -0500
Add SM2 signature and ECIES schemes
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4793)
-----------------------------------------------------------------------
Summary of changes:
Configure | 2 +-
apps/openssl.c | 3 +
config | 2 +-
crypto/ec/ec_curve.c | 39 ++++
crypto/ec/ec_pmeth.c | 115 +++++++++-
crypto/err/err.c | 1 +
crypto/err/openssl.ec | 1 +
crypto/err/openssl.txt | 65 ++++++
crypto/objects/obj_dat.h | 15 +-
crypto/objects/obj_mac.num | 1 +
crypto/objects/objects.txt | 14 +-
crypto/sm2/build.info | 6 +
crypto/sm2/sm2_crypt.c | 335 ++++++++++++++++++++++++++++++
crypto/sm2/sm2_err.c | 129 ++++++++++++
crypto/sm2/sm2_sign.c | 324 +++++++++++++++++++++++++++++
crypto/sm2/sm2_za.c | 132 ++++++++++++
fuzz/oids.txt | 1 +
include/openssl/err.h | 2 +
include/openssl/evp.h | 1 +
include/openssl/obj_mac.h | 35 ++--
include/openssl/sm2.h | 74 +++++++
include/openssl/sm2err.h | 95 +++++++++
openssl_sm2.pem | 5 +
test/build.info | 9 +
test/recipes/30-test_evp_data/evppkey.txt | 19 ++
test/sm2crypttest.c | 254 ++++++++++++++++++++++
test/sm2sigtest.c | 238 +++++++++++++++++++++
util/libcrypto.num | 10 +
28 files changed, 1890 insertions(+), 37 deletions(-)
create mode 100644 crypto/sm2/build.info
create mode 100644 crypto/sm2/sm2_crypt.c
create mode 100644 crypto/sm2/sm2_err.c
create mode 100644 crypto/sm2/sm2_sign.c
create mode 100644 crypto/sm2/sm2_za.c
create mode 100644 include/openssl/sm2.h
create mode 100644 include/openssl/sm2err.h
create mode 100644 openssl_sm2.pem
create mode 100644 test/sm2crypttest.c
create mode 100644 test/sm2sigtest.c
diff --git a/Configure b/Configure
index 9b89f60..e2c0604 100755
--- a/Configure
+++ b/Configure
@@ -297,7 +297,7 @@ $config{sdirs} = [
"objects",
"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
"des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
- "bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
+ "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
diff --git a/apps/openssl.c b/apps/openssl.c
index 39b4f2c..8224ae3 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -762,6 +762,9 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_SEED
BIO_puts(bio_out, "SEED\n");
#endif
+#ifdef OPENSSL_NO_SM2
+ BIO_puts(bio_out, "SM2\n");
+#endif
#ifdef OPENSSL_NO_SM3
BIO_puts(bio_out, "SM3\n");
#endif
diff --git a/config b/config
index 92dfa4a..1f2f745 100755
--- a/config
+++ b/config
@@ -886,7 +886,7 @@ case "$GUESSOS" in
i386-*) options="$options 386" ;;
esac
-for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm3 sm4
+for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm2 sm3 sm4
do
if [ ! -d $THERE/crypto/$i ]
then
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 75fc541..01d5654 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -2751,6 +2751,43 @@ static const struct {
}
};
+static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[0 + 32 * 6];
+} _EC_sm2p256v1 = {
+ {
+ NID_X9_62_prime_field, 0, 32, 1
+ },
+ {
+ /* no seed */
+
+ /* p */
+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ /* a */
+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+ /* b */
+ 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+ 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+ 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
+ /* x */
+ 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+ 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+ 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
+ /* y */
+ 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+ 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+ 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
+ /* order */
+ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+ 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
+ }
+};
+
typedef struct _ec_list_element_st {
int nid;
const EC_CURVE_DATA *data;
@@ -2960,6 +2997,8 @@ static const ec_list_element curve_list[] = {
"RFC 5639 curve over a 512 bit prime field"},
{NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
"RFC 5639 curve over a 512 bit prime field"},
+ {NID_sm2, &_EC_sm2p256v1.h, 0,
+ "SM2 curve over a 256 bit prime field"},
};
#define curve_list_length OSSL_NELEM(curve_list)
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index 68ff2bb..08dda12 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -16,6 +16,10 @@
#include <openssl/evp.h>
#include "internal/evp_int.h"
+#if !defined(OPENSSL_NO_SM2)
+# include <openssl/sm2.h>
+#endif
+
/* EC pkey context structure */
typedef struct {
@@ -102,6 +106,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
unsigned int sltmp;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec = ctx->pkey->pkey.ec;
+ const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
if (!sig) {
*siglen = ECDSA_size(ec);
@@ -116,7 +121,15 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
else
type = NID_sha1;
- ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+ if (ec_nid == NID_sm2) {
+#if defined(OPENSSL_NO_SM2)
+ ret = -1;
+#else
+ ret = SM2_sign(type, tbs, tbslen, sig, &sltmp, ec);
+#endif
+ } else {
+ ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+ }
if (ret <= 0)
return ret;
@@ -131,20 +144,28 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
int ret, type;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec = ctx->pkey->pkey.ec;
+ const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
if (dctx->md)
type = EVP_MD_type(dctx->md);
else
type = NID_sha1;
- ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+ if (ec_nid == NID_sm2) {
+#if defined(OPENSSL_NO_SM2)
+ ret = -1;
+#else
+ ret = SM2_verify(type, tbs, tbslen, sig, siglen, ec);
+#endif
+ } else {
+ ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+ }
return ret;
}
#ifndef OPENSSL_NO_EC
-static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
- size_t *keylen)
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
int ret;
size_t outlen;
@@ -180,6 +201,80 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return 1;
}
+static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx,
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen)
+{
+ int ret, md_type;
+ EC_PKEY_CTX *dctx = ctx->data;
+ EC_KEY *ec = ctx->pkey->pkey.ec;
+ const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+
+ if (dctx->md)
+ md_type = EVP_MD_type(dctx->md);
+ else if (ec_nid == NID_sm2)
+ md_type = NID_sm3;
+ else
+ md_type = NID_sha256;
+
+ if (ec_nid == NID_sm2) {
+# if defined(OPENSSL_NO_SM2)
+ ret = -1;
+# else
+ if (out == NULL) {
+ *outlen = SM2_ciphertext_size(ec, EVP_get_digestbynid(md_type), inlen);
+ ret = 1;
+ }
+ else {
+ ret = SM2_encrypt(ec, EVP_get_digestbynid(md_type),
+ in, inlen, out, outlen);
+ }
+# endif
+ } else {
+ /* standard ECIES not implemented */
+ ret = -1;
+ }
+
+ return ret;
+}
+
+static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx,
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen)
+{
+ int ret, md_type;
+ EC_PKEY_CTX *dctx = ctx->data;
+ EC_KEY *ec = ctx->pkey->pkey.ec;
+ const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+
+ if (dctx->md)
+ md_type = EVP_MD_type(dctx->md);
+ else if (ec_nid == NID_sm2)
+ md_type = NID_sm3;
+ else
+ md_type = NID_sha256;
+
+ if (ec_nid == NID_sm2) {
+# if defined(OPENSSL_NO_SM2)
+ ret = -1;
+# else
+ if (out == NULL) {
+ *outlen = SM2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen);
+ ret = 1;
+ }
+ else {
+ ret = SM2_decrypt(ec, EVP_get_digestbynid(md_type),
+ in, inlen, out, outlen);
+ }
+# endif
+ } else {
+ /* standard ECIES not implemented */
+ ret = -1;
+ }
+
+ return ret;
+}
+
static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
unsigned char *key, size_t *keylen)
{
@@ -244,8 +339,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return dctx->cofactor_mode;
else {
EC_KEY *ec_key = ctx->pkey->pkey.ec;
- return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 :
- 0;
+ return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
}
} else if (p1 < -1 || p1 > 1)
return -2;
@@ -318,7 +412,8 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
- EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
+ EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
+ EVP_MD_type((const EVP_MD *)p2) != NID_sm3) {
ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
return 0;
}
@@ -448,9 +543,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = {
0, 0, 0, 0,
- 0, 0,
+ 0,
+ pkey_ecies_encrypt,
- 0, 0,
+ 0,
+ pkey_ecies_decrypt,
0,
#ifndef OPENSSL_NO_EC
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 68afa93..c0a6b2b 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -60,6 +60,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
{ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
+ {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
{0, NULL},
};
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index be84c7c..f45e230 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -32,6 +32,7 @@ L CMS include/openssl/cms.h crypto/cms/cms_err.c
L CT include/openssl/ct.h crypto/ct/ct_err.c
L ASYNC include/openssl/async.h crypto/async/async_err.c
L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
+L SM2 include/openssl/sm2.h crypto/sm2/sm2_err.c
L OSSL_STORE include/openssl/store.h crypto/store/store_err.c
# additional header files to be scanned for function names
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 0052ddf..bb8c157 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -986,6 +986,11 @@ RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
RSA_F_RSA_VERIFY:119:RSA_verify
RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
+SM2_F_PKEY_SM2_CTRL:274:pkey_sm2_ctrl
+SM2_F_PKEY_SM2_CTRL_STR:275:pkey_sm2_ctrl_str
+SM2_F_PKEY_SM2_KEYGEN:276:pkey_sm2_keygen
+SM2_F_PKEY_SM2_PARAMGEN:277:pkey_sm2_paramgen
+SM2_F_PKEY_SM2_SIGN:278:pkey_sm2_sign
SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
SSL_F_ADD_KEY_SHARE:512:add_key_share
SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
@@ -2394,6 +2399,66 @@ RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
RSA_R_VALUE_MISSING:147:value missing
RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
+SM2_R_ASN1_ERROR:115:asn1 error
+SM2_R_ASN5_ERROR:1150:asn5 error
+SM2_R_BAD_SIGNATURE:156:bad signature
+SM2_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range
+SM2_R_BUFFER_TOO_SMALL:100:buffer too small
+SM2_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
+SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
+SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
+SM2_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
+SM2_R_DECODE_ERROR:142:decode error
+SM2_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
+SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
+SM2_R_FIELD_TOO_LARGE:143:field too large
+SM2_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
+SM2_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure
+SM2_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure
+SM2_R_INCOMPATIBLE_OBJECTS:101:incompatible objects
+SM2_R_INVALID_ARGUMENT:112:invalid argument
+SM2_R_INVALID_COMPRESSED_POINT:110:invalid compressed point
+SM2_R_INVALID_COMPRESSION_BIT:109:invalid compression bit
+SM2_R_INVALID_CURVE:141:invalid curve
+SM2_R_INVALID_DIGEST:151:invalid digest
+SM2_R_INVALID_DIGEST_TYPE:138:invalid digest type
+SM2_R_INVALID_ENCODING:102:invalid encoding
+SM2_R_INVALID_FIELD:103:invalid field
+SM2_R_INVALID_FORM:104:invalid form
+SM2_R_INVALID_GROUP_ORDER:122:invalid group order
+SM2_R_INVALID_KEY:116:invalid key
+SM2_R_INVALID_OUTPUT_LENGTH:161:invalid output length
+SM2_R_INVALID_PEER_KEY:133:invalid peer key
+SM2_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis
+SM2_R_INVALID_PRIVATE_KEY:123:invalid private key
+SM2_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis
+SM2_R_KDF_PARAMETER_ERROR:148:kdf parameter error
+SM2_R_KEYS_NOT_SET:140:keys not set
+SM2_R_MISSING_PARAMETERS:124:missing parameters
+SM2_R_MISSING_PRIVATE_KEY:125:missing private key
+SM2_R_NEED_NEW_SETUP_VALUES:157:need new setup values
+SM2_R_NOT_A_NIST_PRIME:135:not a NIST prime
+SM2_R_NOT_IMPLEMENTED:126:not implemented
+SM2_R_NOT_INITIALIZED:111:not initialized
+SM2_R_NO_PARAMETERS_SET:139:no parameters set
+SM2_R_NO_PRIVATE_VALUE:154:no private value
+SM2_R_OPERATION_NOT_SUPPORTED:152:operation not supported
+SM2_R_PASSED_NULL_PARAMETER:134:passed null parameter
+SM2_R_PEER_KEY_ERROR:149:peer key error
+SM2_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure
+SM2_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure
+SM2_R_POINT_AT_INFINITY:106:point at infinity
+SM2_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
+SM2_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
+SM2_R_SHARED_INFO_ERROR:150:shared info error
+SM2_R_SLOT_FULL:108:slot full
+SM2_R_UNDEFINED_GENERATOR:113:undefined generator
+SM2_R_UNDEFINED_ORDER:128:undefined order
+SM2_R_UNKNOWN_GROUP:129:unknown group
+SM2_R_UNKNOWN_ORDER:114:unknown order
+SM2_R_UNSUPPORTED_FIELD:131:unsupported field
+SM2_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters
+SM2_R_WRONG_ORDER:130:wrong order
SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
attempt to reuse session in different context
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index d392586..60c3826 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
*/
/* Serialized OID's */
-static const unsigned char so[7618] = {
+static const unsigned char so[7626] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -1059,9 +1059,10 @@ static const unsigned char so[7618] = {
0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09, /* [ 7597] OBJ_uacurve9 */
0x2B,0x6F, /* [ 7610] OBJ_ieee */
0x2B,0x6F,0x02,0x8C,0x53, /* [ 7612] OBJ_ieee_siswg */
+ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D, /* [ 7617] OBJ_sm2 */
};
-#define NUM_NID 1172
+#define NUM_NID 1173
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2235,9 +2236,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
{"ieee", "ieee", NID_ieee, 2, &so[7610]},
{"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
+ {"SM2", "sm2", NID_sm2, 8, &so[7617]},
};
-#define NUM_SN 1163
+#define NUM_SN 1164
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@@ -2502,6 +2504,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1095, /* "SHA512-256" */
1100, /* "SHAKE128" */
1101, /* "SHAKE256" */
+ 1172, /* "SM2" */
1143, /* "SM3" */
1134, /* "SM4-CBC" */
1137, /* "SM4-CFB" */
@@ -3404,7 +3407,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
-#define NUM_LN 1163
+#define NUM_LN 1164
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@@ -4514,6 +4517,7 @@ static const unsigned int ln_objs[NUM_LN] = {
496, /* "singleLevelQuality" */
1062, /* "siphash" */
1142, /* "sm-scheme" */
+ 1172, /* "sm2" */
1143, /* "sm3" */
1144, /* "sm3WithRSAEncryption" */
1134, /* "sm4-cbc" */
@@ -4571,7 +4575,7 @@ static const unsigned int ln_objs[NUM_LN] = {
125, /* "zlib compression" */
};
-#define NUM_OBJ 1054
+#define NUM_OBJ 1055
static const unsigned int obj_objs[NUM_OBJ] = {
0, /* OBJ_undef 0 */
181, /* OBJ_iso 1 */
@@ -5037,6 +5041,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
1136, /* OBJ_sm4_cfb1 1 2 156 10197 1 104 5 */
1138, /* OBJ_sm4_cfb8 1 2 156 10197 1 104 6 */
1139, /* OBJ_sm4_ctr 1 2 156 10197 1 104 7 */
+ 1172, /* OBJ_sm2 1 2 156 10197 1 301 */
1143, /* OBJ_sm3 1 2 156 10197 1 401 */
1144, /* OBJ_sm3WithRSAEncryption 1 2 156 10197 1 504 */
776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 228ee84..ca8fdfb 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1169,3 +1169,4 @@ uacurve8 1168
uacurve9 1169
ieee 1170
ieee_siswg 1171
+sm2 1172
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 2a91129..e565864 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -36,6 +36,10 @@ member-body 840 : ISO-US : ISO US Member Body
ISO-US 10040 : X9-57 : X9.57
X9-57 4 : X9cm : X9.57 CM ?
+member-body 156 : ISO-CN : ISO CN Member Body
+ISO-CN 10197 : oscca
+oscca 1 : sm-scheme
+
!Cname dsa
X9cm 1 : DSA : dsaEncryption
X9cm 3 : DSA-SHA1 : dsaWithSHA1
@@ -376,8 +380,10 @@ rsadsi 2 5 : MD5 : md5
rsadsi 2 6 : : hmacWithMD5
rsadsi 2 7 : : hmacWithSHA1
-member-body 156 10197 1 401 : SM3 : sm3
-member-body 156 10197 1 504 : RSA-SM3 : sm3WithRSAEncryption
+sm-scheme 301 : SM2 : sm2
+
+sm-scheme 401 : SM3 : sm3
+sm-scheme 504 : RSA-SM3 : sm3WithRSAEncryption
# From RFC4231
rsadsi 2 8 : : hmacWithSHA224
@@ -1476,10 +1482,6 @@ kisa 1 6 : SEED-OFB : seed-ofb
# Definitions for SM4 cipher
-member-body 156 : ISO-CN : ISO CN Member Body
-ISO-CN 10197 : oscca
-oscca 1 : sm-scheme
-
sm-scheme 104 1 : SM4-ECB : sm4-ecb
sm-scheme 104 2 : SM4-CBC : sm4-cbc
!Cname sm4-ofb128
diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info
new file mode 100644
index 0000000..fbf8dba
--- /dev/null
+++ b/crypto/sm2/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+ sm2_za.c sm2_sign.c sm2_crypt.c sm2_err.c
+
+
+
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
new file mode 100644
index 0000000..b308e5b
--- /dev/null
+++ b/crypto/sm2/sm2_crypt.c
@@ -0,0 +1,335 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm2.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+typedef struct SM2_Ciphertext_st SM2_Ciphertext;
+DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+struct SM2_Ciphertext_st {
+ BIGNUM *C1x;
+ BIGNUM *C1y;
+ ASN1_OCTET_STRING *C3;
+ ASN1_OCTET_STRING *C2;
+};
+
+ASN1_SEQUENCE(SM2_Ciphertext) = {
+ ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM),
+ ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM),
+ ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(SM2_Ciphertext)
+
+IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+static size_t EC_field_size(const EC_GROUP *group)
+{
+ /* Is there some simpler way to do this? */
+ BIGNUM *p = BN_new();
+ BIGNUM *a = BN_new();
+ BIGNUM *b = BN_new();
+ size_t field_size = 0;
+
+ if (p == NULL || a == NULL || b == NULL)
+ goto done;
+
+ EC_GROUP_get_curve_GFp(group, p, a, b, NULL);
+ field_size = (BN_num_bits(p) + 7) / 8;
+
+ done:
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+
+ return field_size;
+}
+
+size_t SM2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len)
+{
+ const size_t field_size = EC_field_size(EC_KEY_get0_group(key));
+ const size_t md_size = EVP_MD_size(digest);
+
+ const size_t overhead = 10 + 2 * field_size + md_size;
+ if(msg_len <= overhead)
+ return 0;
+
+ return msg_len - overhead;
+}
+
+size_t SM2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len)
+{
+ const size_t field_size = EC_field_size(EC_KEY_get0_group(key));
+ const size_t md_size = EVP_MD_size(digest);
+ return 10 + 2 * field_size + md_size + msg_len;
+}
+
+int SM2_encrypt(const EC_KEY *key,
+ const EVP_MD *digest,
+ const uint8_t *msg,
+ size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len)
+{
+ int rc = 0;
+ size_t i;
+ BN_CTX *ctx = NULL;
+ BIGNUM *k = NULL;
+ BIGNUM *x1 = NULL;
+ BIGNUM *y1 = NULL;
+ BIGNUM *x2 = NULL;
+ BIGNUM *y2 = NULL;
+
+ EVP_MD_CTX *hash = EVP_MD_CTX_new();
+
+ struct SM2_Ciphertext_st ctext_struct;
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+ const BIGNUM *order = EC_GROUP_get0_order(group);
+ const EC_POINT *P = EC_KEY_get0_public_key(key);
+ EC_POINT *kG = NULL;
+ EC_POINT *kP = NULL;
+ uint8_t *msg_mask = NULL;
+
+ uint8_t *x2y2 = NULL;
+ uint8_t *C3 = NULL;
+
+ const size_t field_size = EC_field_size(group);
+ const size_t C3_size = EVP_MD_size(digest);
+
+ if (field_size == 0 || C3_size == 0)
+ goto done;
+
+ kG = EC_POINT_new(group);
+ kP = EC_POINT_new(group);
+ if (kG == NULL || kP == NULL)
+ goto done;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto done;
+
+ BN_CTX_start(ctx);
+ k = BN_CTX_get(ctx);
+ x1 = BN_CTX_get(ctx);
+ x2 = BN_CTX_get(ctx);
+ y1 = BN_CTX_get(ctx);
+ y2 = BN_CTX_get(ctx);
+
+ if (y2 == NULL)
+ goto done;
+
+ x2y2 = OPENSSL_zalloc(2 * field_size);
+ C3 = OPENSSL_zalloc(C3_size);
+
+ if (x2y2 == NULL || C3 == NULL)
+ goto done;
+
+ memset(ciphertext_buf, 0, *ciphertext_len);
+
+ BN_priv_rand_range(k, order);
+
+ if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0)
+ goto done;
+
+ if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, y1, ctx) == 0)
+ goto done;
+
+ if (EC_POINT_mul(group, kP, NULL, P, k, ctx) == 0)
+ goto done;
+
+ if (EC_POINT_get_affine_coordinates_GFp(group, kP, x2, y2, ctx) == 0)
+ goto done;
+
+ BN_bn2binpad(x2, x2y2, field_size);
+ BN_bn2binpad(y2, x2y2 + field_size, field_size);
+
+ msg_mask = OPENSSL_zalloc(msg_len);
+ if (msg_mask == NULL)
+ goto done;
+
+ /* X9.63 with no salt happens to match the KDF used in SM2 */
+ if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)
+ == 0)
+ goto done;
+
+ for (i = 0; i != msg_len; ++i)
+ msg_mask[i] ^= msg[i];
+
+ if (EVP_DigestInit(hash, digest) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, x2y2, field_size) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, msg, msg_len) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0)
+ goto done;
+
+ if (EVP_DigestFinal(hash, C3, NULL) == 0)
+ goto done;
+
+ ctext_struct.C1x = x1;
+ ctext_struct.C1y = y1;
+ ctext_struct.C3 = ASN1_OCTET_STRING_new();
+ ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size);
+ ctext_struct.C2 = ASN1_OCTET_STRING_new();
+ ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len);
+
+ *ciphertext_len = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
+
+ ASN1_OCTET_STRING_free(ctext_struct.C2);
+ ASN1_OCTET_STRING_free(ctext_struct.C3);
+
+ rc = 1;
+
+ done:
+ OPENSSL_free(msg_mask);
+ OPENSSL_free(x2y2);
+ OPENSSL_free(C3);
+ EVP_MD_CTX_free(hash);
+ BN_CTX_free(ctx);
+ EC_POINT_free(kG);
+ EC_POINT_free(kP);
+ return rc;
+}
+
+int SM2_decrypt(const EC_KEY *key,
+ const EVP_MD *digest,
+ const uint8_t *ciphertext,
+ size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len)
+{
+ int rc = 0;
+ int i;
+
+ BN_CTX *ctx = NULL;
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+ EC_POINT *C1 = NULL;
+ struct SM2_Ciphertext_st *sm2_ctext = NULL;
+ BIGNUM *x2 = NULL;
+ BIGNUM *y2 = NULL;
+
+ uint8_t *x2y2 = NULL;
+ uint8_t *computed_C3 = NULL;
+
+ const size_t field_size = EC_field_size(group);
+ const int hash_size = EVP_MD_size(digest);
+
+ uint8_t *msg_mask = NULL;
+ const uint8_t *C2 = NULL;
+ const uint8_t *C3 = NULL;
+ int msg_len = 0;
+ EVP_MD_CTX *hash = NULL;
+
+ if (field_size == 0 || hash_size == 0)
+ goto done;
+
+ memset(ptext_buf, 0xFF, *ptext_len);
+
+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
+
+ if (sm2_ctext == NULL)
+ goto done;
+
+ if (sm2_ctext->C3->length != hash_size)
+ goto done;
+
+ C2 = sm2_ctext->C2->data;
+ C3 = sm2_ctext->C3->data;
+ msg_len = sm2_ctext->C2->length;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto done;
+
+ BN_CTX_start(ctx);
+ x2 = BN_CTX_get(ctx);
+ y2 = BN_CTX_get(ctx);
+
+ if(y2 == NULL)
+ goto done;
+
+ msg_mask = OPENSSL_zalloc(msg_len);
+ x2y2 = OPENSSL_zalloc(2 * field_size);
+ computed_C3 = OPENSSL_zalloc(hash_size);
+
+ if(msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL)
+ goto done;
+
+ C1 = EC_POINT_new(group);
+ if (C1 == NULL)
+ goto done;
+
+ if (EC_POINT_set_affine_coordinates_GFp
+ (group, C1, sm2_ctext->C1x, sm2_ctext->C1y, ctx) == 0)
+ goto done;
+
+ if (EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), ctx) ==
+ 0)
+ goto done;
+
+ if (EC_POINT_get_affine_coordinates_GFp(group, C1, x2, y2, ctx) == 0)
+ goto done;
+
+ BN_bn2binpad(x2, x2y2, field_size);
+ BN_bn2binpad(y2, x2y2 + field_size, field_size);
+
+ if (ECDH_KDF_X9_62(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, digest)
+ == 0)
+ goto done;
+
+ for (i = 0; i != msg_len; ++i)
+ ptext_buf[i] = C2[i] ^ msg_mask[i];
+
+ hash = EVP_MD_CTX_new();
+
+ if (hash == NULL)
+ goto done;
+
+ if (EVP_DigestInit(hash, digest) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, x2y2, field_size) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, ptext_buf, msg_len) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0)
+ goto done;
+
+ if (EVP_DigestFinal(hash, computed_C3, NULL) == 0)
+ goto done;
+
+ if (memcmp(computed_C3, C3, hash_size) != 0)
+ goto done;
+
+ rc = 1;
+ *ptext_len = msg_len;
+
+ done:
+
+ if (rc == 0)
+ memset(ptext_buf, 0, *ptext_len);
+
+ OPENSSL_free(msg_mask);
+ OPENSSL_free(x2y2);
+ OPENSSL_free(computed_C3);
+ EC_POINT_free(C1);
+ BN_CTX_free(ctx);
+ SM2_Ciphertext_free(sm2_ctext);
+ EVP_MD_CTX_free(hash);
+
+ return rc;
+}
diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c
new file mode 100644
index 0000000..acb4502
--- /dev/null
+++ b/crypto/sm2/sm2_err.c
@@ -0,0 +1,129 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/sm2err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA SM2_str_functs[] = {
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"},
+ {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},
+ {0, NULL}
+};
+
+static const ERR_STRING_DATA SM2_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN5_ERROR), "asn5 error"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BIGNUM_OUT_OF_RANGE),
+ "bignum out of range"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_COORDINATES_OUT_OF_RANGE),
+ "coordinates out of range"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH),
+ "curve does not support ecdh"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
+ "curve does not support signing"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_D2I_ECPKPARAMETERS_FAILURE),
+ "d2i ecpkparameters failure"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DECODE_ERROR), "decode error"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DISCRIMINANT_IS_ZERO),
+ "discriminant is zero"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+ "ec group new by name failure"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_FIELD_TOO_LARGE), "field too large"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_GROUP2PKPARAMETERS_FAILURE),
+ "group2pkparameters failure"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_I2D_ECPKPARAMETERS_FAILURE),
+ "i2d ecpkparameters failure"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INCOMPATIBLE_OBJECTS),
+ "incompatible objects"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ARGUMENT), "invalid argument"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_COMPRESSED_POINT),
+ "invalid compressed point"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_COMPRESSION_BIT),
+ "invalid compression bit"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE),
+ "invalid digest type"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FORM), "invalid form"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_GROUP_ORDER),
+ "invalid group order"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_KEY), "invalid key"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_OUTPUT_LENGTH),
+ "invalid output length"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PEER_KEY), "invalid peer key"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PENTANOMIAL_BASIS),
+ "invalid pentanomial basis"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PRIVATE_KEY),
+ "invalid private key"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_TRINOMIAL_BASIS),
+ "invalid trinomial basis"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_KDF_PARAMETER_ERROR),
+ "kdf parameter error"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_KEYS_NOT_SET), "keys not set"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_MISSING_PARAMETERS), "missing parameters"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_MISSING_PRIVATE_KEY),
+ "missing private key"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NEED_NEW_SETUP_VALUES),
+ "need new setup values"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_IMPLEMENTED), "not implemented"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NOT_INITIALIZED), "not initialized"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PRIVATE_VALUE), "no private value"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_OPERATION_NOT_SUPPORTED),
+ "operation not supported"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PASSED_NULL_PARAMETER),
+ "passed null parameter"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PEER_KEY_ERROR), "peer key error"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_PKPARAMETERS2GROUP_FAILURE),
+ "pkparameters2group failure"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_ARITHMETIC_FAILURE),
+ "point arithmetic failure"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_AT_INFINITY), "point at infinity"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_POINT_IS_NOT_ON_CURVE),
+ "point is not on curve"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_RANDOM_NUMBER_GENERATION_FAILED),
+ "random number generation failed"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_SHARED_INFO_ERROR), "shared info error"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_SLOT_FULL), "slot full"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNDEFINED_GENERATOR),
+ "undefined generator"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNDEFINED_ORDER), "undefined order"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNKNOWN_GROUP), "unknown group"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNKNOWN_ORDER), "unknown order"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_UNSUPPORTED_FIELD), "unsupported field"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_WRONG_CURVE_PARAMETERS),
+ "wrong curve parameters"},
+ {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_WRONG_ORDER), "wrong order"},
+ {0, NULL}
+};
+
+#endif
+
+int ERR_load_SM2_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+ if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) {
+ ERR_load_strings_const(SM2_str_functs);
+ ERR_load_strings_const(SM2_str_reasons);
+ }
+#endif
+ return 1;
+}
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
new file mode 100644
index 0000000..2d311d9
--- /dev/null
+++ b/crypto/sm2/sm2_sign.c
@@ -0,0 +1,324 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm2.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+static BIGNUM *compute_msg_hash(const EVP_MD *digest,
+ const EC_KEY *key,
+ const char *user_id,
+ const uint8_t *msg, size_t msg_len)
+{
+ EVP_MD_CTX *hash = EVP_MD_CTX_new();
+ const int md_size = EVP_MD_size(digest);
+ uint8_t *za = OPENSSL_zalloc(md_size);
+ BIGNUM *e = NULL;
+
+ if (za == NULL)
+ goto done;
+
+ if (hash == NULL)
+ goto done;
+
+ if (SM2_compute_userid_digest(za, digest, user_id, key) == 0)
+ goto done;
+
+ if (EVP_DigestInit(hash, digest) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, za, md_size) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, msg, msg_len) == 0)
+ goto done;
+
+ /* reuse za buffer to hold H(ZA || M) */
+ if (EVP_DigestFinal(hash, za, NULL) == 0)
+ goto done;
+
+ e = BN_bin2bn(za, md_size, NULL);
+
+ done:
+ OPENSSL_free(za);
+ EVP_MD_CTX_free(hash);
+ return e;
+}
+
+static
+ECDSA_SIG *SM2_sig_gen(const EC_KEY *key, const BIGNUM *e)
+{
+ const BIGNUM *dA = EC_KEY_get0_private_key(key);
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+ const BIGNUM *order = EC_GROUP_get0_order(group);
+
+ ECDSA_SIG *sig = NULL;
+ EC_POINT *kG = NULL;
+ BN_CTX *ctx = NULL;
+ BIGNUM *k = NULL;
+ BIGNUM *rk = NULL;
+ BIGNUM *r = NULL;
+ BIGNUM *s = NULL;
+ BIGNUM *x1 = NULL;
+ BIGNUM *tmp = NULL;
+
+ kG = EC_POINT_new(group);
+ if (kG == NULL)
+ goto done;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto done;
+
+ BN_CTX_start(ctx);
+
+ k = BN_CTX_get(ctx);
+ rk = BN_CTX_get(ctx);
+ x1 = BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+
+ if (tmp == NULL)
+ goto done;
+
+ /* These values are returned and so should not be allocated out of the context */
+ r = BN_new();
+ s = BN_new();
+
+ if (r == NULL || s == NULL)
+ goto done;
+
+ for (;;) {
+ BN_priv_rand_range(k, order);
+
+ if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0)
+ goto done;
+
+ if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, NULL, ctx) == 0)
+ goto done;
+
+ if (BN_mod_add(r, e, x1, order, ctx) == 0)
+ goto done;
+
+ /* try again if r == 0 or r+k == n */
+ if (BN_is_zero(r))
+ continue;
+
+ BN_add(rk, r, k);
+
+ if (BN_cmp(rk, order) == 0)
+ continue;
+
+ BN_add(s, dA, BN_value_one());
+ BN_mod_inverse(s, s, order, ctx);
+
+ BN_mod_mul(tmp, dA, r, order, ctx);
+ BN_sub(tmp, k, tmp);
+
+ BN_mod_mul(s, s, tmp, order, ctx);
+
+ sig = ECDSA_SIG_new();
+
+ if (sig == NULL)
+ goto done;
+
+ /* takes ownership of r and s */
+ ECDSA_SIG_set0(sig, r, s);
+ break;
+ }
+
+ done:
+
+ if (sig == NULL) {
+ BN_free(r);
+ BN_free(s);
+ }
+
+ BN_CTX_free(ctx);
+ EC_POINT_free(kG);
+ return sig;
+
+}
+
+static
+int SM2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, const BIGNUM *e)
+{
+ int ret = 0;
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+ const BIGNUM *order = EC_GROUP_get0_order(group);
+ BN_CTX *ctx = NULL;
+ EC_POINT *pt = NULL;
+
+ BIGNUM *t = NULL;
+ BIGNUM *x1 = NULL;
+ const BIGNUM *r = NULL;
+ const BIGNUM *s = NULL;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto done;
+ pt = EC_POINT_new(group);
+ if (pt == NULL)
+ goto done;
+
+ BN_CTX_start(ctx);
+
+ t = BN_CTX_get(ctx);
+ x1 = BN_CTX_get(ctx);
+
+ if (x1 == NULL)
+ goto done;
+
+ /*
+ B1: verify whether r' in [1,n-1], verification failed if not
+ B2: vefify whether s' in [1,n-1], verification failed if not
+ B3: set M'~=ZA || M'
+ B4: calculate e'=Hv(M'~)
+ B5: calculate t = (r' + s') modn, verification failed if t=0
+ B6: calculate the point (x1', y1')=[s']G + [t]PA
+ B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed
+ */
+
+ ECDSA_SIG_get0(sig, &r, &s);
+
+ if (BN_cmp(r, BN_value_one()) < 0)
+ goto done;
+ if (BN_cmp(s, BN_value_one()) < 0)
+ goto done;
+
+ if (BN_cmp(order, r) <= 0)
+ goto done;
+ if (BN_cmp(order, s) <= 0)
+ goto done;
+
+ if (BN_mod_add(t, r, s, order, ctx) == 0)
+ goto done;
+
+ if (BN_is_zero(t) == 1)
+ goto done;
+
+ if (EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) == 0)
+ goto done;
+
+ if (EC_POINT_get_affine_coordinates_GFp(group, pt, x1, NULL, ctx) == 0)
+ goto done;
+
+ if (BN_mod_add(t, e, x1, order, ctx) == 0)
+ goto done;
+
+ if (BN_cmp(r, t) == 0)
+ ret = 1;
+
+ done:
+ EC_POINT_free(pt);
+ BN_CTX_free(ctx);
+ return ret;
+}
+
+ECDSA_SIG *SM2_do_sign(const EC_KEY *key,
+ const EVP_MD *digest,
+ const char *user_id, const uint8_t *msg, size_t msg_len)
+{
+ BIGNUM *e = NULL;
+ ECDSA_SIG *sig = NULL;
+
+ e = compute_msg_hash(digest, key, user_id, msg, msg_len);
+ if (e == NULL)
+ goto done;
+
+ sig = SM2_sig_gen(key, e);
+
+ done:
+ BN_free(e);
+ return sig;
+}
+
+int SM2_do_verify(const EC_KEY *key,
+ const EVP_MD *digest,
+ const ECDSA_SIG *sig,
+ const char *user_id, const uint8_t *msg, size_t msg_len)
+{
+ BIGNUM *e = NULL;
+ int ret = -1;
+
+ e = compute_msg_hash(digest, key, user_id, msg, msg_len);
+ if (e == NULL)
+ goto done;
+
+ ret = SM2_sig_verify(key, sig, e);
+
+ done:
+ BN_free(e);
+ return ret;
+}
+
+int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
+ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+ BIGNUM *e = NULL;
+ ECDSA_SIG *s = NULL;
+ int ret = -1;
+
+ if (type != NID_sm3)
+ goto done;
+
+ if (dgstlen != 32) /* expected length of SM3 hash */
+ goto done;
+
+ e = BN_bin2bn(dgst, dgstlen, NULL);
+
+ s = SM2_sig_gen(eckey, e);
+
+ *siglen = i2d_ECDSA_SIG(s, &sig);
+
+ ECDSA_SIG_free(s);
+
+ ret = 0;
+
+ done:
+ ECDSA_SIG_free(s);
+ BN_free(e);
+ return ret;
+}
+
+int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
+ const unsigned char *sig, int sig_len, EC_KEY *eckey)
+{
+ ECDSA_SIG *s = NULL;
+ BIGNUM *e = NULL;
+ const unsigned char *p = sig;
+ unsigned char *der = NULL;
+ int derlen = -1;
+ int ret = -1;
+
+ if (type != NID_sm3)
+ goto done;
+
+ s = ECDSA_SIG_new();
+ if (s == NULL)
+ goto done;
+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+ goto done;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_ECDSA_SIG(s, &der);
+ if (derlen != sig_len || memcmp(sig, der, derlen) != 0)
+ goto done;
+
+ e = BN_bin2bn(dgst, dgstlen, NULL);
+
+ ret = SM2_sig_verify(eckey, s, e);
+
+ done:
+ OPENSSL_free(der);
+ BN_free(e);
+ ECDSA_SIG_free(s);
+ return ret;
+}
diff --git a/crypto/sm2/sm2_za.c b/crypto/sm2/sm2_za.c
new file mode 100644
index 0000000..ea9d766
--- /dev/null
+++ b/crypto/sm2/sm2_za.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm2.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+int SM2_compute_userid_digest(uint8_t *out,
+ const EVP_MD *digest,
+ const char *user_id,
+ const EC_KEY *key)
+{
+ int rc = 0;
+
+ const EC_GROUP *group = EC_KEY_get0_group(key);
+
+ BN_CTX *ctx = NULL;
+ EVP_MD_CTX *hash = NULL;
+
+ BIGNUM *p = NULL;
+ BIGNUM *a = NULL;
+ BIGNUM *b = NULL;
+
+ BIGNUM *xG = NULL;
+ BIGNUM *yG = NULL;
+ BIGNUM *xA = NULL;
+ BIGNUM *yA = NULL;
+
+ int p_bytes = 0;
+ uint8_t *buf = NULL;
+ size_t uid_len = 0;
+ uint16_t entla = 0;
+ uint8_t e_byte = 0;
+
+ hash = EVP_MD_CTX_new();
+ if (hash == NULL)
+ goto done;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto done;
+
+ p = BN_CTX_get(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ xG = BN_CTX_get(ctx);
+ yG = BN_CTX_get(ctx);
+ xA = BN_CTX_get(ctx);
+ yA = BN_CTX_get(ctx);
+
+ if (p == NULL || a == NULL || b == NULL ||
+ xG == NULL || yG == NULL || xA == NULL || yA == NULL)
+ goto done;
+
+ memset(out, 0, EVP_MD_size(digest));
+
+ if (EVP_DigestInit(hash, digest) == 0)
+ goto done;
+
+ /*
+ ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
+ */
+
+ uid_len = strlen(user_id);
+
+ if (uid_len >= 8192) /* too large */
+ goto done;
+
+ entla = (unsigned short)(8 * uid_len);
+
+ e_byte = entla >> 8;
+ if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
+ goto done;
+ e_byte = entla & 0xFF;
+ if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
+ goto done;
+
+ if (EVP_DigestUpdate(hash, user_id, uid_len) == 0)
+ goto done;
+
+ if (EC_GROUP_get_curve_GFp(group, p, a, b, ctx) == 0)
+ goto done;
+
+ p_bytes = BN_num_bytes(p);
+ buf = OPENSSL_zalloc(p_bytes);
+
+ BN_bn2binpad(a, buf, p_bytes);
+ if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+ goto done;
+ BN_bn2binpad(b, buf, p_bytes);
+ if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+ goto done;
+ EC_POINT_get_affine_coordinates_GFp(group,
+ EC_GROUP_get0_generator(group),
+ xG, yG, ctx);
+ BN_bn2binpad(xG, buf, p_bytes);
+ if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+ goto done;
+ BN_bn2binpad(yG, buf, p_bytes);
+ if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+ goto done;
+
+ EC_POINT_get_affine_coordinates_GFp(group,
+ EC_KEY_get0_public_key(key),
+ xA, yA, ctx);
+ BN_bn2binpad(xA, buf, p_bytes);
+ if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+ goto done;
+ BN_bn2binpad(yA, buf, p_bytes);
+ if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
+ goto done;
+
+ if (EVP_DigestFinal(hash, out, NULL) == 0)
+ goto done;
+
+ rc = 1;
+
+ done:
+ OPENSSL_free(buf);
+ BN_CTX_free(ctx);
+ EVP_MD_CTX_free(hash);
+ return rc;
+}
diff --git a/fuzz/oids.txt b/fuzz/oids.txt
index a5e7589..9251b55 100644
--- a/fuzz/oids.txt
+++ b/fuzz/oids.txt
@@ -1046,3 +1046,4 @@ OBJ_uacurve8="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x08"
OBJ_uacurve9="\x2A\x86\x24\x02\x01\x01\x01\x01\x03\x01\x01\x02\x09"
OBJ_ieee="\x2B\x6F"
OBJ_ieee_siswg="\x2B\x6F\x02\x8C\x53"
+OBJ_sm2="\x2A\x81\x1C\xCF\x55\x01\x82\x2D"
diff --git a/include/openssl/err.h b/include/openssl/err.h
index 6d460be..e435b5e 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -93,6 +93,7 @@ typedef struct err_state_st {
# define ERR_LIB_CT 50
# define ERR_LIB_ASYNC 51
# define ERR_LIB_KDF 52
+# define ERR_LIB_SM2 53
# define ERR_LIB_USER 128
@@ -131,6 +132,7 @@ typedef struct err_state_st {
# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ERR_PACK(l,f,r) ( \
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 8b81b12..29fd3e2 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -50,6 +50,7 @@
# define EVP_PKEY_DH NID_dhKeyAgreement
# define EVP_PKEY_DHX NID_dhpublicnumber
# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
+# define EVP_PKEY_SM2 NID_sm2
# define EVP_PKEY_HMAC NID_hmac
# define EVP_PKEY_CMAC NID_cmac
# define EVP_PKEY_SCRYPT NID_id_scrypt
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index cc05f3f..2078dc4 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -109,6 +109,19 @@
#define NID_X9cm 185
#define OBJ_X9cm OBJ_X9_57,4L
+#define SN_ISO_CN "ISO-CN"
+#define LN_ISO_CN "ISO CN Member Body"
+#define NID_ISO_CN 1140
+#define OBJ_ISO_CN OBJ_member_body,156L
+
+#define SN_oscca "oscca"
+#define NID_oscca 1141
+#define OBJ_oscca OBJ_ISO_CN,10197L
+
+#define SN_sm_scheme "sm-scheme"
+#define NID_sm_scheme 1142
+#define OBJ_sm_scheme OBJ_oscca,1L
+
#define SN_dsa "DSA"
#define LN_dsa "dsaEncryption"
#define NID_dsa 116
@@ -1151,15 +1164,20 @@
#define NID_hmacWithSHA1 163
#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L
+#define SN_sm2 "SM2"
+#define LN_sm2 "sm2"
+#define NID_sm2 1172
+#define OBJ_sm2 OBJ_sm_scheme,301L
+
#define SN_sm3 "SM3"
#define LN_sm3 "sm3"
#define NID_sm3 1143
-#define OBJ_sm3 OBJ_member_body,156L,10197L,1L,401L
+#define OBJ_sm3 OBJ_sm_scheme,401L
#define SN_sm3WithRSAEncryption "RSA-SM3"
#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption"
#define NID_sm3WithRSAEncryption 1144
-#define OBJ_sm3WithRSAEncryption OBJ_member_body,156L,10197L,1L,504L
+#define OBJ_sm3WithRSAEncryption OBJ_sm_scheme,504L
#define LN_hmacWithSHA224 "hmacWithSHA224"
#define NID_hmacWithSHA224 798
@@ -4629,19 +4647,6 @@
#define NID_seed_ofb128 778
#define OBJ_seed_ofb128 OBJ_kisa,1L,6L
-#define SN_ISO_CN "ISO-CN"
-#define LN_ISO_CN "ISO CN Member Body"
-#define NID_ISO_CN 1140
-#define OBJ_ISO_CN OBJ_member_body,156L
-
-#define SN_oscca "oscca"
-#define NID_oscca 1141
-#define OBJ_oscca OBJ_ISO_CN,10197L
-
-#define SN_sm_scheme "sm-scheme"
-#define NID_sm_scheme 1142
-#define OBJ_sm_scheme OBJ_oscca,1L
-
#define SN_sm4_ecb "SM4-ECB"
#define LN_sm4_ecb "sm4-ecb"
#define NID_sm4_ecb 1133
diff --git a/include/openssl/sm2.h b/include/openssl/sm2.h
new file mode 100644
index 0000000..892ffb1
--- /dev/null
+++ b/include/openssl/sm2.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2_H
+# define HEADER_SM2_H
+
+# include <openssl/ec.h>
+
+/* The default user id as specified in GM/T 0009-2012 */
+# define SM2_DEFAULT_USERID "1234567812345678"
+
+int SM2_compute_userid_digest(uint8_t *out,
+ const EVP_MD *digest,
+ const char *user_id, const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes ZA (user id digest) and then signs
+ * H(ZA || msg) using SM2
+ */
+ECDSA_SIG *SM2_do_sign(const EC_KEY *key,
+ const EVP_MD *digest,
+ const char *user_id, const uint8_t *msg, size_t msg_len);
+
+int SM2_do_verify(const EC_KEY *key,
+ const EVP_MD *digest,
+ const ECDSA_SIG *signature,
+ const char *user_id, const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation. Assumes input is an SM3 digest
+ */
+int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
+ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/*
+ * SM2 signature verification. Assumes input is an SM3 digest
+ */
+int SM2_verify(int type, const unsigned char *dgst, int dgstlen,
+ const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+
+/*
+ * SM2 encryption
+ */
+size_t SM2_ciphertext_size(const EC_KEY *key,
+ const EVP_MD *digest,
+ size_t msg_len);
+
+size_t SM2_plaintext_size(const EC_KEY *key,
+ const EVP_MD *digest,
+ size_t msg_len);
+
+int SM2_encrypt(const EC_KEY *key,
+ const EVP_MD *digest,
+ const uint8_t *msg,
+ size_t msg_len,
+ uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int SM2_decrypt(const EC_KEY *key,
+ const EVP_MD *digest,
+ const uint8_t *ciphertext,
+ size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
+
+int ERR_load_SM2_strings(void);
+
+#endif
diff --git a/include/openssl/sm2err.h b/include/openssl/sm2err.h
new file mode 100644
index 0000000..0c2dd19
--- /dev/null
+++ b/include/openssl/sm2err.h
@@ -0,0 +1,95 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SM2ERR_H
+# define HEADER_SM2ERR_H
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+int ERR_load_SM2_strings(void);
+# ifdef __cplusplus
+}
+# endif
+
+/*
+ * SM2 function codes.
+ */
+# define SM2_F_PKEY_SM2_CTRL 274
+# define SM2_F_PKEY_SM2_CTRL_STR 275
+# define SM2_F_PKEY_SM2_KEYGEN 276
+# define SM2_F_PKEY_SM2_PARAMGEN 277
+# define SM2_F_PKEY_SM2_SIGN 278
+
+/*
+ * SM2 reason codes.
+ */
+# define SM2_R_ASN1_ERROR 115
+# define SM2_R_ASN5_ERROR 1150
+# define SM2_R_BAD_SIGNATURE 156
+# define SM2_R_BIGNUM_OUT_OF_RANGE 144
+# define SM2_R_BUFFER_TOO_SMALL 100
+# define SM2_R_COORDINATES_OUT_OF_RANGE 146
+# define SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH 160
+# define SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159
+# define SM2_R_D2I_ECPKPARAMETERS_FAILURE 117
+# define SM2_R_DECODE_ERROR 142
+# define SM2_R_DISCRIMINANT_IS_ZERO 118
+# define SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
+# define SM2_R_FIELD_TOO_LARGE 143
+# define SM2_R_GF2M_NOT_SUPPORTED 147
+# define SM2_R_GROUP2PKPARAMETERS_FAILURE 120
+# define SM2_R_I2D_ECPKPARAMETERS_FAILURE 121
+# define SM2_R_INCOMPATIBLE_OBJECTS 101
+# define SM2_R_INVALID_ARGUMENT 112
+# define SM2_R_INVALID_COMPRESSED_POINT 110
+# define SM2_R_INVALID_COMPRESSION_BIT 109
+# define SM2_R_INVALID_CURVE 141
+# define SM2_R_INVALID_DIGEST 151
+# define SM2_R_INVALID_DIGEST_TYPE 138
+# define SM2_R_INVALID_ENCODING 102
+# define SM2_R_INVALID_FIELD 103
+# define SM2_R_INVALID_FORM 104
+# define SM2_R_INVALID_GROUP_ORDER 122
+# define SM2_R_INVALID_KEY 116
+# define SM2_R_INVALID_OUTPUT_LENGTH 161
+# define SM2_R_INVALID_PEER_KEY 133
+# define SM2_R_INVALID_PENTANOMIAL_BASIS 132
+# define SM2_R_INVALID_PRIVATE_KEY 123
+# define SM2_R_INVALID_TRINOMIAL_BASIS 137
+# define SM2_R_KDF_PARAMETER_ERROR 148
+# define SM2_R_KEYS_NOT_SET 140
+# define SM2_R_MISSING_PARAMETERS 124
+# define SM2_R_MISSING_PRIVATE_KEY 125
+# define SM2_R_NEED_NEW_SETUP_VALUES 157
+# define SM2_R_NOT_A_NIST_PRIME 135
+# define SM2_R_NOT_IMPLEMENTED 126
+# define SM2_R_NOT_INITIALIZED 111
+# define SM2_R_NO_PARAMETERS_SET 139
+# define SM2_R_NO_PRIVATE_VALUE 154
+# define SM2_R_OPERATION_NOT_SUPPORTED 152
+# define SM2_R_PASSED_NULL_PARAMETER 134
+# define SM2_R_PEER_KEY_ERROR 149
+# define SM2_R_PKPARAMETERS2GROUP_FAILURE 127
+# define SM2_R_POINT_ARITHMETIC_FAILURE 155
+# define SM2_R_POINT_AT_INFINITY 106
+# define SM2_R_POINT_IS_NOT_ON_CURVE 107
+# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 158
+# define SM2_R_SHARED_INFO_ERROR 150
+# define SM2_R_SLOT_FULL 108
+# define SM2_R_UNDEFINED_GENERATOR 113
+# define SM2_R_UNDEFINED_ORDER 128
+# define SM2_R_UNKNOWN_GROUP 129
+# define SM2_R_UNKNOWN_ORDER 114
+# define SM2_R_UNSUPPORTED_FIELD 131
+# define SM2_R_WRONG_CURVE_PARAMETERS 145
+# define SM2_R_WRONG_ORDER 130
+
+#endif
diff --git a/openssl_sm2.pem b/openssl_sm2.pem
new file mode 100644
index 0000000..d831624
--- /dev/null
+++ b/openssl_sm2.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg0JFWczAXva2An9m7
+2MaT9gIwWTFptvlKrxyO4TjMmbWhRANCAAQ5OirZ4n5DrKqrhaGdO4VZHhRAYVcX
+Wt3Te/d/8Mr57Tf886i09VwDhSMmH8pmNq/mp6+ioUgqYG9cs6GLLioe
+-----END PRIVATE KEY-----
diff --git a/test/build.info b/test/build.info
index a4e6e78..45e3fdd 100644
--- a/test/build.info
+++ b/test/build.info
@@ -27,6 +27,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
aborttest test_test \
sanitytest exdatatest bntest \
ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
+ sm2sigtest sm2crypttest \
md2test \
hmactest \
rc2test rc4test rc5test \
@@ -81,6 +82,14 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
INCLUDE[ecdsatest]=../include
DEPEND[ecdsatest]=../libcrypto libtestutil.a
+ SOURCE[sm2sigtest]=sm2sigtest.c
+ INCLUDE[sm2sigtest]=../include
+ DEPEND[sm2sigtest]=../libcrypto libtestutil.a
+
+ SOURCE[sm2crypttest]=sm2crypttest.c
+ INCLUDE[sm2crypttest]=../include
+ DEPEND[sm2crypttest]=../libcrypto libtestutil.a
+
SOURCE[gmdifftest]=gmdifftest.c
INCLUDE[gmdifftest]=../include
DEPEND[gmdifftest]=../libcrypto libtestutil.a
diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt
index cc08398..b2bbcbc 100644
--- a/test/recipes/30-test_evp_data/evppkey.txt
+++ b/test/recipes/30-test_evp_data/evppkey.txt
@@ -18369,3 +18369,22 @@ SharedSecret=4E48335CB2A508C3481729F42C49CFC0A9DA673F9FA4FBD968B3C5B78DBFA869529
Derive=ffdhe8192-2
PeerKey=ffdhe8192-1-pub
SharedSecret=4E48335CB2A508C3481729F42C49CFC0A9DA673F9FA4FBD968B3C5B78DBFA8695295642D1337C54229370B33068481F6A6E1B021F8B09B7C6B3E4DB581AD4C7ACF5C230A1FD4107EAE55530A8376856A65E079DE1BDA41B050E9B53A088ACADB879CCBC683A13BB925D48497BF7021FEB9DA214DD77FCBB6D0D46EC2BB9C7A9AFB93FC236E4EB61CB0F0C8E025D8CF4AF8B3B0F28B3E2CFAE6E760DC7877C71046179154FBE1A50A315C4DBA6D9E06406D389B614B1FC422C72FBB958C0A2EE21694CD32136F9CF0A1205E0D3A4B10CC9C98B3B4524A0CDC9455D3021AC44057CEF4A97E85166068769E9E644CC447095243BB90368A1CE6F0E3C69CA180F5B9D51F590A812B1375460CF10A7E718A83A2F6B00D8E28BAB45CEAB8AF0EB02988ED9221416EC061C1C4081552D3D0849D243DB473EC7B90180C3891E768DD2D7002CF505D369700CAF02A4B9DD1F2828C4ACC1F2EB47100DC2DB5620ADA971D1B0B0FAC9F9E3492B591FC85AC3DCB3826A8DA5842F4AE145FE33BFCDD0B6CD15C9836A5862EDB3D87A0CDBD724AE19A79A55D4F0BFF7870019926181933C840EACFB70FBC0EF182057DC09E06798EB4C9AAC2285F22F5D907A432C6D00CC44D07D77E77D1ACC183A174146ECFBDA26FF922CEBD2FA288EF2D23F65C0AAAD0F05DBFB6CA12446082D1F5774877483C3858442E305CF2A9637CE0EBB702DB70FF336E5B0413F3E8791960F1F0A9877C9076213D40657283D546AE52B73FF4449E60F8B6FE30D4CC0BA1ACA7A7DC155EC73C48B21477983D004261267D710D8A5E8CBD0656F1A963F248E887E8C2BF87BCAE7A0D4891BF21FCF35893584B29E18E842A23EA329ADD3D6AD994B5CBFBBFAB5A26932E8F799B2B0FA7789DE7A4A5C4B7FA81971819EA7F33B5BF6577F917BDE9C3680BCC5B15F1EAB4524A1B6DEE96B9F108A77344269A1757685D0404C832E4E0C5A29F808CFA6290316C0EBB2EF0A7431F62A5FBCDC66527AD8A04C0F10AF88C7CE1F1F22C41B71CE278BB704E88145608C28AD78402487031F6B13604CC6687161EBB78E7AF7AA0BC3CCB9AD8B00D7C01980599904B71F5DBC06A691E5638566BE36522B7FED69E24C28F8EA798BA3E9CCEB8AB8CF5651379A21A38315B05C66205616BBC6A3DD5573C9C6FBA2E3488E055E5F36857016D9300BFCE9F38D7C7CCD07FCF1EF41F8347CADCB12C400536374CF269613B05069B6D94CADA3B1F4ACBB68FA1ED175B01D840D871B3B0CDB918CDF15C79169A398C189AEA78860081DB423C89D350587E26D6D77B4C762B4F2A030345679F724CFBB08DB03E8CEB4FF0B91422BD2EB5C1C356D209049CFA2D6447F69B1E1DF0850FFBB6BB9F8D5B147765C023F76524A808456DEBF6A9134E3364DF462D4807FE6D4D036A4E59A4D56F8A30D8A27F4DFA174940B713A7E4
+
+Title = SM2 tests
+
+PrivateKey=SM2_key1
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQg0JFWczAXva2An9m7
+2MaT9gIwWTFptvlKrxyO4TjMmbWhRANCAAQ5OirZ4n5DrKqrhaGdO4VZHhRAYVcX
+Wt3Te/d/8Mr57Tf886i09VwDhSMmH8pmNq/mp6+ioUgqYG9cs6GLLioe
+-----END PRIVATE KEY-----
+
+Verify = SM2_key1
+Ctrl = digest:SM3
+Input = D7AD397F6FFA5D4F7F11E7217F241607DC30618C236D2C09C1B9EA8FDADEE2E8
+Output = 3046022100AB1DB64DE7C40EDBDE6651C9B8EBDB804673DB836E5D5C7FE15DCF9ED2725037022100EBA714451FF69B0BB930B379E192E7CD5FA6E3C41C7FBD8303B799AB54A54621
+
+Decrypt = SM2_key1
+Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197
+Output = "The floofy bunnies hop at midnight"
+
diff --git a/test/sm2crypttest.c b/test/sm2crypttest.c
new file mode 100644
index 0000000..961256b
--- /dev/null
+++ b/test/sm2crypttest.c
@@ -0,0 +1,254 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "testutil.h"
+
+#ifndef OPENSSL_NO_SM2
+
+# include <openssl/sm2.h>
+
+static RAND_METHOD fake_rand;
+static const RAND_METHOD *saved_rand;
+
+static uint8_t *fake_rand_bytes = NULL;
+static size_t fake_rand_bytes_offset = 0;
+
+static int get_faked_bytes(unsigned char *buf, int num)
+{
+ int i;
+
+ if (fake_rand_bytes == NULL)
+ return saved_rand->bytes(buf, num);
+
+ for (i = 0; i != num; ++i)
+ buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
+ fake_rand_bytes_offset += num;
+ return 1;
+}
+
+static int start_fake_rand(const char *hex_bytes)
+{
+ /* save old rand method */
+ if (!TEST_ptr(saved_rand = RAND_get_rand_method()))
+ return 0;
+
+ fake_rand = *saved_rand;
+ /* use own random function */
+ fake_rand.bytes = get_faked_bytes;
+
+ fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL);
+ fake_rand_bytes_offset = 0;
+
+ /* set new RAND_METHOD */
+ if (!TEST_true(RAND_set_rand_method(&fake_rand)))
+ return 0;
+ return 1;
+}
+
+static int restore_rand(void)
+{
+ OPENSSL_free(fake_rand_bytes);
+ fake_rand_bytes = NULL;
+ fake_rand_bytes_offset = 0;
+ if (!TEST_true(RAND_set_rand_method(saved_rand)))
+ return 0;
+ return 1;
+}
+
+static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex,
+ const char *b_hex, const char *x_hex,
+ const char *y_hex, const char *order_hex,
+ const char *cof_hex)
+{
+ BIGNUM *p = NULL;
+ BIGNUM *a = NULL;
+ BIGNUM *b = NULL;
+ BIGNUM *g_x = NULL;
+ BIGNUM *g_y = NULL;
+ BIGNUM *order = NULL;
+ BIGNUM *cof = NULL;
+ EC_POINT *generator = NULL;
+ EC_GROUP *group = NULL;
+
+ BN_hex2bn(&p, p_hex);
+ BN_hex2bn(&a, a_hex);
+ BN_hex2bn(&b, b_hex);
+
+ group = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+
+ if (group == NULL)
+ return NULL;
+
+ generator = EC_POINT_new(group);
+ if (generator == NULL)
+ return NULL;
+
+ BN_hex2bn(&g_x, x_hex);
+ BN_hex2bn(&g_y, y_hex);
+
+ if (EC_POINT_set_affine_coordinates_GFp(group, generator, g_x, g_y, NULL) ==
+ 0)
+ return NULL;
+
+ BN_free(g_x);
+ BN_free(g_y);
+
+ BN_hex2bn(&order, order_hex);
+ BN_hex2bn(&cof, cof_hex);
+
+ if (EC_GROUP_set_generator(group, generator, order, cof) == 0)
+ return NULL;
+
+ EC_POINT_free(generator);
+ BN_free(order);
+ BN_free(cof);
+
+ return group;
+}
+
+static int test_sm2(const EC_GROUP *group,
+ const EVP_MD *digest,
+ const char *privkey_hex,
+ const char *message,
+ const char *k_hex, const char *ctext_hex)
+{
+ const size_t msg_len = strlen(message);
+
+ BIGNUM *priv = NULL;
+ EC_KEY *key = NULL;
+ EC_POINT *pt = NULL;
+ unsigned char *expected = OPENSSL_hexstr2buf(ctext_hex, NULL);
+
+ size_t ctext_len = 0;
+ size_t ptext_len = 0;
+ uint8_t *ctext = NULL;
+ uint8_t *recovered = NULL;
+ size_t recovered_len = msg_len;
+
+ int rc = 0;
+
+ BN_hex2bn(&priv, privkey_hex);
+
+ key = EC_KEY_new();
+ EC_KEY_set_group(key, group);
+ EC_KEY_set_private_key(key, priv);
+
+ pt = EC_POINT_new(group);
+ EC_POINT_mul(group, pt, priv, NULL, NULL, NULL);
+
+ EC_KEY_set_public_key(key, pt);
+ BN_free(priv);
+ EC_POINT_free(pt);
+
+ ctext_len = SM2_ciphertext_size(key, digest, msg_len);
+ ctext = OPENSSL_zalloc(ctext_len);
+ if (ctext == NULL)
+ goto done;
+
+ start_fake_rand(k_hex);
+ rc = SM2_encrypt(key, digest,
+ (const uint8_t *)message, msg_len, ctext, &ctext_len);
+ restore_rand();
+
+ TEST_mem_eq(ctext, ctext_len, expected, ctext_len);
+ if (rc == 0)
+ goto done;
+
+ ptext_len = SM2_plaintext_size(key, digest, ctext_len);
+
+ TEST_int_eq(ptext_len, msg_len);
+
+ recovered = OPENSSL_zalloc(ptext_len);
+ if (recovered == NULL)
+ goto done;
+ rc = SM2_decrypt(key, digest, ctext, ctext_len, recovered, &recovered_len);
+
+ TEST_int_eq(recovered_len, msg_len);
+ TEST_mem_eq(recovered, recovered_len, message, msg_len);
+ if (rc == 0)
+ return 0;
+
+ rc = 1;
+ done:
+
+ OPENSSL_free(ctext);
+ OPENSSL_free(recovered);
+ OPENSSL_free(expected);
+ EC_KEY_free(key);
+ return rc;
+}
+
+static int sm2_crypt_test(void)
+{
+ int rc;
+ EC_GROUP *test_group =
+ create_EC_group
+ ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3",
+ "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498",
+ "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A",
+ "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D",
+ "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2",
+ "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7",
+ "1");
+
+ if (test_group == NULL)
+ return 0;
+
+ rc = test_sm2(test_group,
+ EVP_sm3(),
+ "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0",
+ "encryption standard",
+ "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F",
+ "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF1"
+ "7F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A2"
+ "4B84400F01B804209C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A"
+ "285E07480653426D0413650053A89B41C418B0C3AAD00D886C00286467");
+
+ if (rc == 0)
+ return 0;
+
+ /* Same test as above except using SHA-256 instead of SM3 */
+ rc = test_sm2(test_group,
+ EVP_sha256(),
+ "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0",
+ "encryption standard",
+ "004C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F",
+ "307B0220245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F6252E7022076CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84400F01B80420BE89139D07853100EFA763F60CBE30099EA3DF7F8F364F9D10A5E988E3C5AAFC0413229E6C9AEE2BB92CAD649FE2C035689785DA33");
+ if (rc == 0)
+ return 0;
+
+ EC_GROUP_free(test_group);
+
+ return 1;
+}
+
+#endif
+
+int setup_tests(void)
+{
+#ifdef OPENSSL_NO_SM2
+ TEST_note("SM2 is disabled.");
+#else
+ ADD_TEST(sm2_crypt_test);
+#endif
+ return 1;
+}
diff --git a/test/sm2sigtest.c b/test/sm2sigtest.c
new file mode 100644
index 0000000..5903b79
--- /dev/null
+++ b/test/sm2sigtest.c
@@ -0,0 +1,238 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "testutil.h"
+
+#ifndef OPENSSL_NO_SM2
+
+# include <openssl/sm2.h>
+
+static RAND_METHOD fake_rand;
+static const RAND_METHOD *saved_rand;
+
+static uint8_t *fake_rand_bytes = NULL;
+static size_t fake_rand_bytes_offset = 0;
+
+static int get_faked_bytes(unsigned char *buf, int num)
+{
+ int i;
+
+ if (fake_rand_bytes == NULL)
+ return saved_rand->bytes(buf, num);
+
+ for (i = 0; i != num; ++i)
+ buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i];
+ fake_rand_bytes_offset += num;
+ return 1;
+}
+
+static int start_fake_rand(const char *hex_bytes)
+{
+ /* save old rand method */
+ if (!TEST_ptr(saved_rand = RAND_get_rand_method()))
+ return 0;
+
+ fake_rand = *saved_rand;
+ /* use own random function */
+ fake_rand.bytes = get_faked_bytes;
+
+ fake_rand_bytes = OPENSSL_hexstr2buf(hex_bytes, NULL);
+ fake_rand_bytes_offset = 0;
+
+ /* set new RAND_METHOD */
+ if (!TEST_true(RAND_set_rand_method(&fake_rand)))
+ return 0;
+ return 1;
+}
+
+static int restore_rand(void)
+{
+ OPENSSL_free(fake_rand_bytes);
+ fake_rand_bytes = NULL;
+ fake_rand_bytes_offset = 0;
+ if (!TEST_true(RAND_set_rand_method(saved_rand)))
+ return 0;
+ return 1;
+}
+
+static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex,
+ const char *b_hex, const char *x_hex,
+ const char *y_hex, const char *order_hex,
+ const char *cof_hex)
+{
+ BIGNUM *p = NULL;
+ BIGNUM *a = NULL;
+ BIGNUM *b = NULL;
+ BIGNUM *g_x = NULL;
+ BIGNUM *g_y = NULL;
+ BIGNUM *order = NULL;
+ BIGNUM *cof = NULL;
+ EC_POINT *generator = NULL;
+ EC_GROUP *group = NULL;
+
+ BN_hex2bn(&p, p_hex);
+ BN_hex2bn(&a, a_hex);
+ BN_hex2bn(&b, b_hex);
+
+ group = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+
+ if (group == NULL)
+ return NULL;
+
+ generator = EC_POINT_new(group);
+ if (generator == NULL)
+ return NULL;
+
+ BN_hex2bn(&g_x, x_hex);
+ BN_hex2bn(&g_y, y_hex);
+
+ if (EC_POINT_set_affine_coordinates_GFp(group, generator, g_x, g_y, NULL) ==
+ 0)
+ return NULL;
+
+ BN_free(g_x);
+ BN_free(g_y);
+
+ BN_hex2bn(&order, order_hex);
+ BN_hex2bn(&cof, cof_hex);
+
+ if (EC_GROUP_set_generator(group, generator, order, cof) == 0)
+ return NULL;
+
+ EC_POINT_free(generator);
+ BN_free(order);
+ BN_free(cof);
+
+ return group;
+}
+
+
+static int test_sm2(const EC_GROUP *group,
+ const char *userid,
+ const char *privkey_hex,
+ const char *message,
+ const char *k_hex, const char *r_hex, const char *s_hex)
+{
+ const size_t msg_len = strlen(message);
+ int ok = -1;
+ BIGNUM *priv = NULL;
+ EC_POINT *pt = NULL;
+ EC_KEY *key = NULL;
+ ECDSA_SIG *sig = NULL;
+ const BIGNUM *sig_r = NULL;
+ const BIGNUM *sig_s = NULL;
+ BIGNUM *r = NULL;
+ BIGNUM *s = NULL;
+
+ BN_hex2bn(&priv, privkey_hex);
+
+ key = EC_KEY_new();
+ EC_KEY_set_group(key, group);
+ EC_KEY_set_private_key(key, priv);
+
+ pt = EC_POINT_new(group);
+ EC_POINT_mul(group, pt, priv, NULL, NULL, NULL);
+ EC_KEY_set_public_key(key, pt);
+
+ start_fake_rand(k_hex);
+ sig = SM2_do_sign(key, EVP_sm3(), userid, (const uint8_t *)message, msg_len);
+ restore_rand();
+
+ if (sig == NULL)
+ return 0;
+
+ ECDSA_SIG_get0(sig, &sig_r, &sig_s);
+
+ BN_hex2bn(&r, r_hex);
+ BN_hex2bn(&s, s_hex);
+
+ if (BN_cmp(r, sig_r) != 0) {
+ printf("Signature R mismatch: ");
+ BN_print_fp(stdout, r);
+ printf(" != ");
+ BN_print_fp(stdout, sig_r);
+ printf("\n");
+ ok = 0;
+ }
+ if (BN_cmp(s, sig_s) != 0) {
+ printf("Signature S mismatch: ");
+ BN_print_fp(stdout, s);
+ printf(" != ");
+ BN_print_fp(stdout, sig_s);
+ printf("\n");
+ ok = 0;
+ }
+
+ ok = SM2_do_verify(key, EVP_sm3(), sig, userid, (const uint8_t *)message, msg_len);
+
+ ECDSA_SIG_free(sig);
+ EC_POINT_free(pt);
+ EC_KEY_free(key);
+ BN_free(priv);
+ BN_free(r);
+ BN_free(s);
+
+ return ok;
+}
+
+static int sm2_sig_test(void)
+{
+ int rc = 0;
+ /* From draft-shen-sm2-ecdsa-02 */
+ EC_GROUP *test_group =
+ create_EC_group
+ ("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3",
+ "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498",
+ "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A",
+ "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D",
+ "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2",
+ "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7",
+ "1");
+
+ if (test_group == NULL)
+ return 0;
+
+ rc = test_sm2(test_group,
+ "ALICE123 at YAHOO.COM",
+ "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263",
+ "message digest",
+ "006CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F",
+ "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1",
+ "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7");
+
+ EC_GROUP_free(test_group);
+
+ return rc;
+}
+
+#endif
+
+int setup_tests(void)
+{
+#ifdef OPENSSL_NO_SM2
+ TEST_note("SM2 is disabled.");
+#else
+ ADD_TEST(sm2_sig_test);
+#endif
+ return 1;
+}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 16d1952..96cbb2c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4514,3 +4514,13 @@ EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION:
RAND_DRBG_set_defaults 4458 1_1_1 EXIST::FUNCTION:
+SM2_decrypt 4459 1_1_1 EXIST::FUNCTION:
+SM2_do_sign 4460 1_1_1 EXIST::FUNCTION:
+SM2_compute_userid_digest 4461 1_1_1 EXIST::FUNCTION:
+SM2_encrypt 4462 1_1_1 EXIST::FUNCTION:
+SM2_ciphertext_size 4463 1_1_1 EXIST::FUNCTION:
+SM2_verify 4464 1_1_1 EXIST::FUNCTION:
+SM2_do_verify 4465 1_1_1 EXIST::FUNCTION:
+SM2_sign 4466 1_1_1 EXIST::FUNCTION:
+ERR_load_SM2_strings 4467 1_1_1 EXIST::FUNCTION:
+SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION:
More information about the openssl-commits
mailing list