Add SM2 signature and ECIES schemes

Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #4793)
openssl · Mar 19, 2018 · 3d328a4 · 3d328a4
1 parent df3a155
commit 3d328a4
Show file tree

Hide file tree

Showing 28 changed files with 1,784 additions and 31 deletions.
diff --git a/Configure b/Configure
@@ -297,7 +297,7 @@ $config{sdirs} = [
     "objects",
     "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
     "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
-    "bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
+    "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
     "buffer", "bio", "stack", "lhash", "rand", "err",
     "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
     "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"

diff --git a/apps/openssl.c b/apps/openssl.c
@@ -762,6 +762,9 @@ static void list_disabled(void)
 #ifdef OPENSSL_NO_SEED
     BIO_puts(bio_out, "SEED\n");
 #endif
+#ifdef OPENSSL_NO_SM2
+    BIO_puts(bio_out, "SM2\n");
+#endif
 #ifdef OPENSSL_NO_SM3
     BIO_puts(bio_out, "SM3\n");
 #endif

diff --git a/config b/config
@@ -886,7 +886,7 @@ case "$GUESSOS" in
   i386-*) options="$options 386" ;;
 esac
 
-for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm3 sm4
+for i in aes aria bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa seed sha sm2 sm3 sm4
 do
   if [ ! -d $THERE/crypto/$i ]
   then

diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
@@ -2751,6 +2751,43 @@ static const struct {
     }
 };
 
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_sm2p256v1 = {
+    {
+       NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+
+        /* p */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        /* a */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+        /* b */
+        0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+        0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+        0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
+        /* x */
+        0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+        0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+        0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
+        /* y */
+        0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+        0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+        0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
+        /* order */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+        0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
+    }
+};
+
 typedef struct _ec_list_element_st {
     int nid;
     const EC_CURVE_DATA *data;
@@ -2960,6 +2997,8 @@ static const ec_list_element curve_list[] = {
      "RFC 5639 curve over a 512 bit prime field"},
     {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
      "RFC 5639 curve over a 512 bit prime field"},
+    {NID_sm2, &_EC_sm2p256v1.h, 0,
+     "SM2 curve over a 256 bit prime field"},
 };
 
 #define curve_list_length OSSL_NELEM(curve_list)

diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
@@ -16,6 +16,10 @@
 #include <openssl/evp.h>
 #include "internal/evp_int.h"
 
+#if !defined(OPENSSL_NO_SM2)
+  #include <openssl/sm2.h>
+#endif
+
 /* EC pkey context structure */
 
 typedef struct {
@@ -102,6 +106,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     unsigned int sltmp;
     EC_PKEY_CTX *dctx = ctx->data;
     EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
 
     if (!sig) {
         *siglen = ECDSA_size(ec);
@@ -116,7 +121,16 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
     else
         type = NID_sha1;
 
-    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+    if (ec_nid == NID_sm2) {
+#if defined(OPENSSL_NO_SM2)
+       ret = -1;
+#else
+       ret = SM2_sign(type, tbs, tbslen, sig, &sltmp, ec);
+#endif
+    }
+    else {
+       ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+    }
 
     if (ret <= 0)
         return ret;
@@ -131,13 +145,24 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
     int ret, type;
     EC_PKEY_CTX *dctx = ctx->data;
     EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
 
     if (dctx->md)
         type = EVP_MD_type(dctx->md);
     else
         type = NID_sha1;
 
-    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+    if (ec_nid == NID_sm2) {
+#if defined(OPENSSL_NO_SM2)
+       ret = -1;
+#else
+       ret = SM2_verify(type, tbs, tbslen, sig, siglen, ec);
+#endif
+    }
+    else {
+       ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+    }
+
 
     return ret;
 }
@@ -318,7 +343,8 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
             EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sm3) {
             ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
             return 0;
         }

diff --git a/crypto/err/err.c b/crypto/err/err.c
@@ -60,6 +60,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
     {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
     {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
+    {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
     {0, NULL},
 };
 

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
@@ -32,6 +32,7 @@ L CMS           include/openssl/cms.h           crypto/cms/cms_err.c
 L CT            include/openssl/ct.h            crypto/ct/ct_err.c
 L ASYNC         include/openssl/async.h         crypto/async/async_err.c
 L KDF           include/openssl/kdf.h           crypto/kdf/kdf_err.c
+L SM2           include/openssl/sm2.h           crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 
 # additional header files to be scanned for function names

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -986,6 +986,11 @@ RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
 RSA_F_RSA_VERIFY:119:RSA_verify
 RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
 RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1
+SM2_F_PKEY_SM2_CTRL:274:pkey_sm2_ctrl
+SM2_F_PKEY_SM2_CTRL_STR:275:pkey_sm2_ctrl_str
+SM2_F_PKEY_SM2_KEYGEN:276:pkey_sm2_keygen
+SM2_F_PKEY_SM2_PARAMGEN:277:pkey_sm2_paramgen
+SM2_F_PKEY_SM2_SIGN:278:pkey_sm2_sign
 SSL_F_ADD_CLIENT_KEY_SHARE_EXT:438:*
 SSL_F_ADD_KEY_SHARE:512:add_key_share
 SSL_F_BYTES_TO_CIPHER_LIST:519:bytes_to_cipher_list
@@ -2394,6 +2399,66 @@ RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
 RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
 RSA_R_VALUE_MISSING:147:value missing
 RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
+SM2_R_ASN1_ERROR:115:asn1 error
+SM2_R_ASN5_ERROR:1150:asn5 error
+SM2_R_BAD_SIGNATURE:156:bad signature
+SM2_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range
+SM2_R_BUFFER_TOO_SMALL:100:buffer too small
+SM2_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range
+SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh
+SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing
+SM2_R_D2I_ECPKPARAMETERS_FAILURE:117:d2i ecpkparameters failure
+SM2_R_DECODE_ERROR:142:decode error
+SM2_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
+SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
+SM2_R_FIELD_TOO_LARGE:143:field too large
+SM2_R_GF2M_NOT_SUPPORTED:147:gf2m not supported
+SM2_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure
+SM2_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure
+SM2_R_INCOMPATIBLE_OBJECTS:101:incompatible objects
+SM2_R_INVALID_ARGUMENT:112:invalid argument
+SM2_R_INVALID_COMPRESSED_POINT:110:invalid compressed point
+SM2_R_INVALID_COMPRESSION_BIT:109:invalid compression bit
+SM2_R_INVALID_CURVE:141:invalid curve
+SM2_R_INVALID_DIGEST:151:invalid digest
+SM2_R_INVALID_DIGEST_TYPE:138:invalid digest type
+SM2_R_INVALID_ENCODING:102:invalid encoding
+SM2_R_INVALID_FIELD:103:invalid field
+SM2_R_INVALID_FORM:104:invalid form
+SM2_R_INVALID_GROUP_ORDER:122:invalid group order
+SM2_R_INVALID_KEY:116:invalid key
+SM2_R_INVALID_OUTPUT_LENGTH:161:invalid output length
+SM2_R_INVALID_PEER_KEY:133:invalid peer key
+SM2_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis
+SM2_R_INVALID_PRIVATE_KEY:123:invalid private key
+SM2_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis
+SM2_R_KDF_PARAMETER_ERROR:148:kdf parameter error
+SM2_R_KEYS_NOT_SET:140:keys not set
+SM2_R_MISSING_PARAMETERS:124:missing parameters
+SM2_R_MISSING_PRIVATE_KEY:125:missing private key
+SM2_R_NEED_NEW_SETUP_VALUES:157:need new setup values
+SM2_R_NOT_A_NIST_PRIME:135:not a NIST prime
+SM2_R_NOT_IMPLEMENTED:126:not implemented
+SM2_R_NOT_INITIALIZED:111:not initialized
+SM2_R_NO_PARAMETERS_SET:139:no parameters set
+SM2_R_NO_PRIVATE_VALUE:154:no private value
+SM2_R_OPERATION_NOT_SUPPORTED:152:operation not supported
+SM2_R_PASSED_NULL_PARAMETER:134:passed null parameter
+SM2_R_PEER_KEY_ERROR:149:peer key error
+SM2_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure
+SM2_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure
+SM2_R_POINT_AT_INFINITY:106:point at infinity
+SM2_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
+SM2_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
+SM2_R_SHARED_INFO_ERROR:150:shared info error
+SM2_R_SLOT_FULL:108:slot full
+SM2_R_UNDEFINED_GENERATOR:113:undefined generator
+SM2_R_UNDEFINED_ORDER:128:undefined order
+SM2_R_UNKNOWN_GROUP:129:unknown group
+SM2_R_UNKNOWN_ORDER:114:unknown order
+SM2_R_UNSUPPORTED_FIELD:131:unsupported field
+SM2_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters
+SM2_R_WRONG_ORDER:130:wrong order
 SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
 SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\
 	attempt to reuse session in different context

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
  */
 
 /* Serialized OID's */
-static const unsigned char so[7618] = {
+static const unsigned char so[7626] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -1059,9 +1059,10 @@ static const unsigned char so[7618] = {
     0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09,  /* [ 7597] OBJ_uacurve9 */
     0x2B,0x6F,                                     /* [ 7610] OBJ_ieee */
     0x2B,0x6F,0x02,0x8C,0x53,                      /* [ 7612] OBJ_ieee_siswg */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,       /* [ 7617] OBJ_sm2 */
 };
 
-#define NUM_NID 1172
+#define NUM_NID 1173
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2235,9 +2236,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
     {"ieee", "ieee", NID_ieee, 2, &so[7610]},
     {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
+    {"SM2", "sm2", NID_sm2, 8, &so[7617]},
 };
 
-#define NUM_SN 1163
+#define NUM_SN 1164
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2502,6 +2504,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1095,    /* "SHA512-256" */
     1100,    /* "SHAKE128" */
     1101,    /* "SHAKE256" */
+    1172,    /* "SM2" */
     1143,    /* "SM3" */
     1134,    /* "SM4-CBC" */
     1137,    /* "SM4-CFB" */
@@ -3404,7 +3407,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1163
+#define NUM_LN 1164
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -4514,6 +4517,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      496,    /* "singleLevelQuality" */
     1062,    /* "siphash" */
     1142,    /* "sm-scheme" */
+    1172,    /* "sm2" */
     1143,    /* "sm3" */
     1144,    /* "sm3WithRSAEncryption" */
     1134,    /* "sm4-cbc" */
@@ -4571,7 +4575,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      125,    /* "zlib compression" */
 };
 
-#define NUM_OBJ 1054
+#define NUM_OBJ 1055
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -5037,6 +5041,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     1136,    /* OBJ_sm4_cfb1                     1 2 156 10197 1 104 5 */
     1138,    /* OBJ_sm4_cfb8                     1 2 156 10197 1 104 6 */
     1139,    /* OBJ_sm4_ctr                      1 2 156 10197 1 104 7 */
+    1172,    /* OBJ_sm2                          1 2 156 10197 1 301 */
     1143,    /* OBJ_sm3                          1 2 156 10197 1 401 */
     1144,    /* OBJ_sm3WithRSAEncryption         1 2 156 10197 1 504 */
      776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */

diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
@@ -1169,3 +1169,4 @@ uacurve8		1168
 uacurve9		1169
 ieee		1170
 ieee_siswg		1171
+sm2		1172
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
@@ -36,6 +36,10 @@ member-body 840		: ISO-US		: ISO US Member Body
 ISO-US 10040		: X9-57			: X9.57
 X9-57 4			: X9cm			: X9.57 CM ?
 
+member-body 156         : ISO-CN        : ISO CN Member Body
+ISO-CN 10197            : oscca
+oscca 1                 : sm-scheme
+
 !Cname dsa
 X9cm 1			: DSA			: dsaEncryption
 X9cm 3			: DSA-SHA1		: dsaWithSHA1
@@ -376,8 +380,10 @@ rsadsi 2 5		: MD5			: md5
 rsadsi 2 6		:			: hmacWithMD5
 rsadsi 2 7		:			: hmacWithSHA1
 
-member-body 156 10197 1 401 : SM3               : sm3
-member-body 156 10197 1 504 : RSA-SM3		: sm3WithRSAEncryption
+sm-scheme 301           : SM2                   : sm2
+
+sm-scheme 401           : SM3                   : sm3
+sm-scheme 504           : RSA-SM3		: sm3WithRSAEncryption
 
 # From RFC4231
 rsadsi 2 8		:			: hmacWithSHA224
@@ -1476,10 +1482,6 @@ kisa 1 6                : SEED-OFB      : seed-ofb
 
 # Definitions for SM4 cipher
 
-member-body 156         : ISO-CN        : ISO CN Member Body
-ISO-CN 10197            : oscca
-oscca 1                 : sm-scheme
-
 sm-scheme 104 1         : SM4-ECB             : sm4-ecb
 sm-scheme 104 2         : SM4-CBC             : sm4-cbc
 !Cname sm4-ofb128

diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info
@@ -0,0 +1,6 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        sm2_za.c sm2_sign.c sm2_crypt.c sm2_err.c
+
+
+