-
-
Notifications
You must be signed in to change notification settings - Fork 11.1k
Add SM2 signature algorithm to default provider #11248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| LIBS=../../libcrypto | ||
| SOURCE[../../libcrypto]=\ | ||
| sm2_sign.c sm2_crypt.c sm2_err.c sm2_pmeth.c | ||
| sm2_sign.c sm2_crypt.c sm2_err.c sm2_pmeth.c sm2_aid.c | ||
|
|
||
|
|
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| /* | ||
| * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | ||
| * | ||
| * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| * this file except in compliance with the License. You can obtain a copy | ||
| * in the file LICENSE in the source distribution or at | ||
| * https://www.openssl.org/source/license.html | ||
| */ | ||
|
|
||
| #include <stdlib.h> | ||
|
|
||
| #include <openssl/objects.h> | ||
| #include "crypto/sm2.h" | ||
|
|
||
| #define ASN1_SEQUENCE 0x30 | ||
| #define ASN1_OID 0x06 | ||
| #define OID_FIRST(a, b) a * 40 + b | ||
| #define DER_156() 0x81, 0x1C /* DER encoding of number 156 is 2 bytes */ | ||
| #define DER_10197() 0xCF, 0x55 /* DER encoding of number 10197 is 2 bytes */ | ||
| #define DER_501() 0x83, 0x75 /* DER encoding of number 501 is 2 bytes */ | ||
| #define SM3_SZ 8 | ||
|
|
||
| /* SM2-with-SM3 OID is of the form : (1 2 156 10197 1 501) */ | ||
| #define ENCODE_ALGORITHMIDENTIFIER_SM3(name) \ | ||
| static const unsigned char algorithmidentifier_##name##_der[] = { \ | ||
| ASN1_SEQUENCE, 2 + SM3_SZ, \ | ||
| ASN1_OID, SM3_SZ, OID_FIRST(1, 2), DER_156(), DER_10197(), 1, DER_501() \ | ||
| } | ||
|
|
||
| /* not decided yet if SM2 should support other MDs */ | ||
| ENCODE_ALGORITHMIDENTIFIER_SM3(sm3); | ||
|
|
||
| #define MD_CASE(name) \ | ||
| case NID_##name: \ | ||
| *len = sizeof(algorithmidentifier_##name##_der); \ | ||
| return algorithmidentifier_##name##_der | ||
|
|
||
| const unsigned char *sm2_algorithmidentifier_encoding(int md_nid, size_t *len) | ||
| { | ||
| switch (md_nid) { | ||
| MD_CASE(sm3); | ||
|
||
| default: | ||
| return NULL; | ||
| } | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| oscca OBJECT IDENTIFIER ::= { iso(1) member-body(2) cn(156) 10197 } | ||
|
|
||
| sm-scheme OBJECT IDENTIFIER ::= { oscca 1 } | ||
|
|
||
| -- OID for SM2 signatures with SM3 | ||
|
|
||
| sm2-with-SM3 OBJECT IDENTIFIER ::= { sm-scheme 501 } | ||
|
|
||
| -- Named Elliptic Curves of SM2 | ||
|
|
||
| curveSM2 OBJECT IDENTIFIER ::= { sm-scheme 301 } |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| /* | ||
| * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | ||
| * | ||
| * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| * this file except in compliance with the License. You can obtain a copy | ||
| * in the file LICENSE in the source distribution or at | ||
| * https://www.openssl.org/source/license.html | ||
| */ | ||
|
|
||
| #include "internal/der.h" | ||
|
|
||
| /* Well known OIDs precompiled */ | ||
| {- | ||
| $OUT = oids_to_c::process_leaves('providers/common/der/SM2.asn1', | ||
| { dir => $config{sourcedir}, | ||
| filter => \&oids_to_c::filter_to_H }); | ||
| -} | ||
|
|
||
| /* Subject Public Key Info */ | ||
| int DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec); | ||
| /* Signature */ | ||
| int DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont, | ||
| EC_KEY *ec, int mdnid); |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| /* | ||
| * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | ||
| * | ||
| * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| * this file except in compliance with the License. You can obtain a copy | ||
| * in the file LICENSE in the source distribution or at | ||
| * https://www.openssl.org/source/license.html | ||
| */ | ||
|
|
||
| #include "prov/der_sm2.h" | ||
|
|
||
| /* Well known OIDs precompiled */ | ||
| {- | ||
| $OUT = oids_to_c::process_leaves('providers/common/der/SM2.asn1', | ||
| { dir => $config{sourcedir}, | ||
| filter => \&oids_to_c::filter_to_C }); | ||
| -} |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| /* | ||
| * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | ||
| * | ||
| * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| * this file except in compliance with the License. You can obtain a copy | ||
| * in the file LICENSE in the source distribution or at | ||
| * https://www.openssl.org/source/license.html | ||
| */ | ||
|
|
||
| #include <openssl/obj_mac.h> | ||
| #include "internal/packet.h" | ||
| #include "prov/der_ec.h" | ||
| #include "prov/der_sm2.h" | ||
|
|
||
| int DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec) | ||
| { | ||
| return DER_w_begin_sequence(pkt, cont) | ||
| /* No parameters (yet?) */ | ||
| /* It seems SM2 identifier is the same to id_ecPublidKey */ | ||
| && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, | ||
| sizeof(der_oid_id_ecPublicKey)) | ||
| && DER_w_end_sequence(pkt, cont); | ||
| } |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| /* | ||
| * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | ||
| * | ||
| * Licensed under the Apache License 2.0 (the "License"). You may not use | ||
| * this file except in compliance with the License. You can obtain a copy | ||
| * in the file LICENSE in the source distribution or at | ||
| * https://www.openssl.org/source/license.html | ||
| */ | ||
|
|
||
| #include <openssl/obj_mac.h> | ||
| #include "internal/packet.h" | ||
| #include "prov/der_sm2.h" | ||
|
|
||
| /* Aliases so we can have a uniform MD_CASE */ | ||
| #define der_oid_id_sm2_with_sm3 der_oid_sm2_with_SM3 | ||
|
|
||
| #define MD_CASE(name) \ | ||
| case NID_##name: \ | ||
| precompiled = der_oid_id_sm2_with_##name; \ | ||
| precompiled_sz = sizeof(der_oid_id_sm2_with_##name); \ | ||
| break; | ||
|
|
||
| int DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont, | ||
| EC_KEY *ec, int mdnid) | ||
| { | ||
| const unsigned char *precompiled = NULL; | ||
| size_t precompiled_sz = 0; | ||
|
|
||
| switch (mdnid) { | ||
| MD_CASE(sm3); | ||
| default: | ||
| return 0; | ||
| } | ||
|
|
||
| return DER_w_begin_sequence(pkt, cont) | ||
| /* No parameters (yet?) */ | ||
| && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) | ||
| && DER_w_end_sequence(pkt, cont); | ||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems this whole file is not needed anymore, since the new DER part has already handled this.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The infrastructure is there, but you will need to add SM2 specific things.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. SM2 specific stuffs are added in the latest commit - hope I have done right...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can help with those details this evening
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! One struggling thing is SM2 has no PublicKey OID. An SM2 key is encoded with
id_ecPublickeyIIRC at current stage, which is compatible with OpenSSL 1.1.1.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I know. That is a bit of a problem, and means that certain assumptions need to be made...
I will have to look again how I solved that for the legacy implementation. I forget...