about SM2(ECC) cert verify

[Danbuth]

how to verify SM2(ECC) certificate
this is my code:

X509 *issuer
X509 *subject
EVP_PKEY *signing_key = X509_get_pubkey(issuer);
int result = X509_verify(x509, signing_key);

but it return -1;
The certificate chain is OK.
I try the code with RSA.It's OK.
But it is error with SM2.
I have no idea

the version is 1.1.1

[richsalz]

Which pre-release of 1.1.1? We will need to see the failing certificate chain. There is not enough information here to reproduce/diagnose your error.

[Danbuth]

thinks at first.
the version is openssl-1.1.1-pre8
And certs:(cert[] is the subject,and the roots[] is the issuer)

const char cert[] = "-----BEGIN CERTIFICATE-----\n"
                        "MIICpjCCAkqgAwIBAgIQHzXZGQVs5o0CLlHzinoINzAMBggqgRzPVQGDdQUAMC4x\n"
                        "CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X\n"
                        "DTEzMTIyMTAyNDY0MVoXDTMzMTIxNjAyNDY0MVowUjELMAkGA1UEBhMCQ04xLzAt\n"
                        "BgNVBAoMJlpoZWppYW5nIERpZ2l0YWwgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRIw\n"
                        "EAYDVQQDDAlaSkNBIE9DQTEwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATp48tm\n"
                        "okIXIRCe6x9O5iaVViNlv1Yjwt1YbF9DpX63uSuuq2BioZhy+SWwNdXIYroR4zAV\n"
                        "DQoPMSzrFJ1SmEyfo4IBIjCCAR4wHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti\n"
                        "W/CXdlgwDwYDVR0TAQH/BAUwAwEB/zCBugYDVR0fBIGyMIGvMEGgP6A9pDswOTEL\n"
                        "MAkGA1UEBhMCQ04xDjAMBgNVBAoMBU5SQ0FDMQwwCgYDVQQLDANBUkwxDDAKBgNV\n"
                        "BAMMA2FybDAqoCigJoYkaHR0cDovL3d3dy5yb290Y2EuZ292LmNuL2FybC9hcmwu\n"
                        "Y3JsMD6gPKA6hjhsZGFwOi8vbGRhcC5yb290Y2EuZ292LmNuOjM4OS9DTj1hcmws\n"
                        "T1U9QVJMLE89TlJDQUMsQz1DTjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFKfT\n"
                        "sSSQIB09tFTuSzcoUpGuLGoiMAwGCCqBHM9VAYN1BQADSAAwRQIhAJLutfL7dLEb\n"
                        "M7EP0QCwN5g0WMLBI/MG5He9N6oREaYZAiAbWypQB34bhGNSqUQs+RQIYpct4yN5\n"
                        "UIufisb9BHWQIQ==\n"
                        "-----END CERTIFICATE-----";

const char root[] = "-----BEGIN CERTIFICATE-----\n"
                        "MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG\n"
                        "EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw\n"
                        "MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO\n"
                        "UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n"
                        "MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT\n"
                        "V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti\n"
                        "W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ\n"
                        "MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b\n"
                        "53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI\n"
                        "pDoiVhsLwg==\n"
                        "-----END CERTIFICATE-----";

---

this is the verify function:

int sig_verify(const char *cert_pem, const char *intermediate_pem) {

    BIO *b = BIO_new(BIO_s_mem());
    BIO_puts(b, intermediate_pem);


    X509 *issuer = PEM_read_bio_X509(b, NULL, NULL, NULL);

    EVP_PKEY *signing_key = X509_get_pubkey(issuer);

    BIO *c = BIO_new(BIO_s_mem());
    BIO_puts(c, cert_pem);
    X509 *x509 = PEM_read_bio_X509(c, NULL, NULL, NULL);

    int result = X509_verify(x509, signing_key);

    EVP_PKEY_free(signing_key);
    BIO_free(b);
    BIO_free(c);
    X509_free(x509);
    X509_free(issuer);

    return result;
}

res = sig_verify(cert, root);
printf("%d\n", res);

[jamuir]

try using openssl x509 to confirm that openssl can parse everything in your certs:

$ openssl x509 -in cert.pem -text
$ openssl x509 -in root.pem -text

[Danbuth]

yes, I can parse certs with the functuin X509_print(bio_out,x509);,
and it prints

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:35:d9:19:05:6c:e6:8d:02:2e:51:f3:8a:7a:08:37
        Signature Algorithm: 1.2.156.10197.1.501
        Issuer: C=CN, O=NRCAC, CN=ROOTCA
        Validity
            Not Before: Dec 21 02:46:41 2013 GMT
            Not After : Dec 16 02:46:41 2033 GMT
        Subject: C=CN, O=Zhejiang Digital Certificate Authority, CN=ZJCA OCA1
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:e9:e3:cb:66:a2:42:17:21:10:9e:eb:1f:4e:e6:
                    26:95:56:23:65:bf:56:23:c2:dd:58:6c:5f:43:a5:
                    7e:b7:b9:2b:ae:ab:60:62:a1:98:72:f9:25:b0:35:
                    d5:c8:62:ba:11:e3:30:15:0d:0a:0f:31:2c:eb:14:
                    9d:52:98:4c:9f
                ASN1 OID: SM2
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:4C:32:B1:97:D9:33:1B:C4:A6:05:C1:C6:E5:8B:62:5B:F0:97:76:58

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 CRL Distribution Points:

                Full Name:
                  DirName:C = CN, O = NRCAC, OU = ARL, CN = arl

                Full Name:
                  URI:http://www.rootca.gov.cn/arl/arl.crl

                Full Name:
                  URI:ldap://ldap.rootca.gov.cn:389/CN=arl,OU=ARL,O=NRCAC,C=CN

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier:
                A7:D3:B1:24:90:20:1D:3D:B4:54:EE:4B:37:28:52:91:AE:2C:6A:22
    Signature Algorithm: 1.2.156.10197.1.501
         30:45:02:21:00:92:ee:b5:f2:fb:74:b1:1b:33:b1:0f:d1:00:
         b0:37:98:34:58:c2:c1:23:f3:06:e4:77:bd:37:aa:11:11:a6:
         19:02:20:1b:5b:2a:50:07:7e:1b:84:63:52:a9:44:2c:f9:14:
         08:62:97:2d:e3:23:79:50:8b:9f:8a:c6:fd:04:75:90:21

But I want verify cert chain with c code,

[dot-asm]

In the essence this is question to SM2 contributors. I tried to pose related question about algorithm identification, but reply was vague reference to SM2 being permitted only with SM2 curve. To be more specific, in above output you can note "Public Key Algorithm: id-ecPublicKey", with "ASN1 OID: SM2". So we have the SM2 curve appointed for an operation. Then signature algorithm has to be chosen. Identifier can be observed as "Signature Algorithm: 1.2.156.10197.1.501". But OpenSSL does not know anything about 501. It ought to be "SM2 signature [presumably] with SM3 digest", but computer programs don't make assumptions, they need to be explicitly told... In other words [unsurprisingly] SM2 support needs more work...

[Danbuth]

thinks a lot

[mattcaswell]

Ping @randombit @ronaldtse. Thoughts?

[randombit]

So, obviously the OIDs identifying SM2 signatures with various hashes need to be added. But I think additionally for cert verification, some check will need to be added to certificate verification, to detect use of an SM2 OID and then call EVP_PKEY_set_alias_type to force the use of SM2 algorithms prior to the signature being verified. Likely something corresponding will also be required on certificate generation side.

[ronaldtse]

Sorry for the late reply. Indeed, we will need to extend the OIDs and allow certificate verification. SM2 support was never a single PR thing and requires a comprehensive effort, which we will help with.

In particular, we need to deal with GM/T 0015 (SM2 Certificate generation and validation) which we haven't had time to translate/spec yet...

[t8m]

This is supposedly closed on master. Closing. If not, please reopen or open a new issue.