Codebase list openssl / 00433ba
Make SM2 ID stick to specification Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7113) Paul Yang 5 years ago
4 changed file(s) with 67 addition(s) and 21 deletion(s). Raw diff Collapse all Expand all
+12
-2
crypto/include/internal/sm2.h less more
1919 /* The default user id as specified in GM/T 0009-2012 */
2020 # define SM2_DEFAULT_USERID "1234567812345678"
2121
22 int sm2_compute_userid_digest(uint8_t *out,
23 const EVP_MD *digest,
24 const uint8_t *id,
25 const size_t id_len,
26 const EC_KEY *key);
27
2228 /*
2329 * SM2 signature operation. Computes ZA (user id digest) and then signs
2430 * H(ZA || msg) using SM2
2531 */
2632 ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
2733 const EVP_MD *digest,
28 const char *user_id, const uint8_t *msg, size_t msg_len);
34 const uint8_t *id,
35 const size_t id_len,
36 const uint8_t *msg, size_t msg_len);
2937
3038 int sm2_do_verify(const EC_KEY *key,
3139 const EVP_MD *digest,
3240 const ECDSA_SIG *signature,
33 const char *user_id, const uint8_t *msg, size_t msg_len);
41 const uint8_t *id,
42 const size_t id_len,
43 const uint8_t *msg, size_t msg_len);
3444
3545 /*
3646 * SM2 signature generation.
+32
-1
crypto/sm2/sm2_pmeth.c less more
2121 EC_GROUP *gen_group;
2222 /* message digest */
2323 const EVP_MD *md;
24 uint8_t *id;
25 size_t id_len;
2426 } SM2_PKEY_CTX;
2527
2628 static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
208210 return -2;
209211 }
210212
213 static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
214 {
215 uint8_t z[EVP_MAX_MD_SIZE];
216 SM2_PKEY_CTX *sctx = ctx->data;
217 EC_KEY *ec = ctx->pkey->pkey.ec;
218 const EVP_MD *md = EVP_MD_CTX_md(mctx);
219
220 if (sctx->id == NULL) {
221 /* XXX:
222 * currently we reject all null-ID for SM2, but this needs
223 * more considerations and discussion since the specifications
224 * on SM2 are not clear on null-ID
225 */
226 return 0;
227 }
228
229 /* get hashed prefix of tbs message */
230 if (!sm2_compute_userid_digest(z, md, sctx->id, sctx->id_len, ec))
231 return 0;
232
233 return EVP_DigestUpdate(mctx, z, EVP_MD_size(md));
234 }
235
211236 const EVP_PKEY_METHOD sm2_pkey_meth = {
212237 EVP_PKEY_SM2,
213238 0,
240265 0,
241266 0,
242267 pkey_sm2_ctrl,
243 pkey_sm2_ctrl_str
268 pkey_sm2_ctrl_str,
269
270 0, 0,
271
272 0, 0, 0,
273
274 pkey_sm2_digest_custom
244275 };
+19
-15
crypto/sm2/sm2_sign.c less more
1717 #include <openssl/bn.h>
1818 #include <string.h>
1919
20 static int sm2_compute_userid_digest(uint8_t *out,
21 const EVP_MD *digest,
22 const char *user_id,
23 const EC_KEY *key)
20 int sm2_compute_userid_digest(uint8_t *out,
21 const EVP_MD *digest,
22 const uint8_t *id,
23 const size_t id_len,
24 const EC_KEY *key)
2425 {
2526 int rc = 0;
2627 const EC_GROUP *group = EC_KEY_get0_group(key);
3536 BIGNUM *yA = NULL;
3637 int p_bytes = 0;
3738 uint8_t *buf = NULL;
38 size_t uid_len = 0;
3939 uint16_t entla = 0;
4040 uint8_t e_byte = 0;
4141
6666
6767 /* Z = SM3(ENTLA || IDA || a || b || xG || yG || xA || yA) */
6868
69 uid_len = strlen(user_id);
70 if (uid_len >= (UINT16_MAX / 8)) {
69 if (id_len >= (UINT16_MAX / 8)) {
7170 /* too large */
7271 SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, SM2_R_USER_ID_TOO_LARGE);
7372 goto done;
7473 }
7574
76 entla = (uint16_t)(8 * uid_len);
75 entla = (uint16_t)(8 * id_len);
7776
7877 e_byte = entla >> 8;
7978 if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
8281 }
8382 e_byte = entla & 0xFF;
8483 if (!EVP_DigestUpdate(hash, &e_byte, 1)
85 || !EVP_DigestUpdate(hash, user_id, uid_len)) {
84 || !EVP_DigestUpdate(hash, id, id_len)) {
8685 SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_EVP_LIB);
8786 goto done;
8887 }
133132
134133 static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
135134 const EC_KEY *key,
136 const char *user_id,
135 const uint8_t *id,
136 const size_t id_len,
137137 const uint8_t *msg, size_t msg_len)
138138 {
139139 EVP_MD_CTX *hash = EVP_MD_CTX_new();
152152 goto done;
153153 }
154154
155 if (!sm2_compute_userid_digest(za, digest, user_id, key)) {
155 if (!sm2_compute_userid_digest(za, digest, id, id_len, key)) {
156156 /* SM2err already called */
157157 goto done;
158158 }
357357
358358 ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
359359 const EVP_MD *digest,
360 const char *user_id, const uint8_t *msg, size_t msg_len)
360 const uint8_t *id,
361 const size_t id_len,
362 const uint8_t *msg, size_t msg_len)
361363 {
362364 BIGNUM *e = NULL;
363365 ECDSA_SIG *sig = NULL;
364366
365 e = sm2_compute_msg_hash(digest, key, user_id, msg, msg_len);
367 e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
366368 if (e == NULL) {
367369 /* SM2err already called */
368370 goto done;
378380 int sm2_do_verify(const EC_KEY *key,
379381 const EVP_MD *digest,
380382 const ECDSA_SIG *sig,
381 const char *user_id, const uint8_t *msg, size_t msg_len)
383 const uint8_t *id,
384 const size_t id_len,
385 const uint8_t *msg, size_t msg_len)
382386 {
383387 BIGNUM *e = NULL;
384388 int ret = 0;
385389
386 e = sm2_compute_msg_hash(digest, key, user_id, msg, msg_len);
390 e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
387391 if (e == NULL) {
388392 /* SM2err already called */
389393 goto done;
+4
-3
test/sm2_internal_test.c less more
293293 goto done;
294294
295295 start_fake_rand(k_hex);
296 sig = sm2_do_sign(key, EVP_sm3(), userid, (const uint8_t *)message, msg_len);
296 sig = sm2_do_sign(key, EVP_sm3(), (const uint8_t *)userid, strlen(userid),
297 (const uint8_t *)message, msg_len);
297298 if (!TEST_ptr(sig)
298299 || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) {
299300 restore_rand();
309310 || !TEST_BN_eq(s, sig_s))
310311 goto done;
311312
312 ok = sm2_do_verify(key, EVP_sm3(), sig, userid, (const uint8_t *)message,
313 msg_len);
313 ok = sm2_do_verify(key, EVP_sm3(), sig, (const uint8_t *)userid,
314 strlen(userid), (const uint8_t *)message, msg_len);
314315
315316 /* We goto done whether this passes or fails */
316317 TEST_true(ok);