]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/sm2/sm2_pmeth.c
projects / thirdparty / openssl.git / blob
? search:


aed7f33044575bbdca9444daae815c1f3723d4ec
[thirdparty/openssl.git] / crypto / sm2 / sm2_pmeth.c
1 /*
2 * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/cryptlib.h"
11 #include <openssl/asn1t.h>
12 #include <openssl/ec.h>
13 #include <openssl/evp.h>
14 #include "internal/evp_int.h"
15 #include "internal/sm2.h"
16 #include "internal/sm2err.h"
17
18 /* EC pkey context structure */
19
20 typedef struct {
21 /* Key and paramgen group */
22 EC_GROUP *gen_group;
23 /* message digest */
24 const EVP_MD *md;
25 /* Distinguishing Identifier, ISO/IEC 15946-3 */
26 uint8_t *id;
27 size_t id_len;
28 /* id_set indicates if the 'id' field is set (1) or not (0) */
29 int id_set;
30 } SM2_PKEY_CTX;
31
32 static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
33 {
34 SM2_PKEY_CTX *smctx;
35
36 if ((smctx = OPENSSL_zalloc(sizeof(*smctx))) == NULL) {
37 SM2err(SM2_F_PKEY_SM2_INIT, ERR_R_MALLOC_FAILURE);
38 return 0;
39 }
40
41 ctx->data = smctx;
42 return 1;
43 }
44
45 static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx)
46 {
47 SM2_PKEY_CTX *smctx = ctx->data;
48
49 if (smctx != NULL) {
50 EC_GROUP_free(smctx->gen_group);
51 OPENSSL_free(smctx->id);
52 OPENSSL_free(smctx);
53 ctx->data = NULL;
54 }
55 }
56
57 static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
58 {
59 SM2_PKEY_CTX *dctx, *sctx;
60
61 if (!pkey_sm2_init(dst))
62 return 0;
63 sctx = src->data;
64 dctx = dst->data;
65 if (sctx->gen_group != NULL) {
66 dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
67 if (dctx->gen_group == NULL) {
68 pkey_sm2_cleanup(dst);
69 return 0;
70 }
71 }
72 if (sctx->id != NULL) {
73 dctx->id = OPENSSL_malloc(sctx->id_len);
74 if (dctx->id == NULL) {
75 pkey_sm2_cleanup(dst);
76 return 0;
77 }
78 memcpy(dctx->id, sctx->id, sctx->id_len);
79 }
80 dctx->id_len = sctx->id_len;
81 dctx->id_set = sctx->id_set;
82 dctx->md = sctx->md;
83
84 return 1;
85 }
86
87 static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
88 const unsigned char *tbs, size_t tbslen)
89 {
90 int ret;
91 unsigned int sltmp;
92 EC_KEY *ec = ctx->pkey->pkey.ec;
93 const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec);
94
95 if (sig_sz <= 0) {
96 return 0;
97 }
98
99 if (sig == NULL) {
100 *siglen = (size_t)sig_sz;
101 return 1;
102 }
103
104 if (*siglen < (size_t)sig_sz) {
105 SM2err(SM2_F_PKEY_SM2_SIGN, SM2_R_BUFFER_TOO_SMALL);
106 return 0;
107 }
108
109 ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec);
110
111 if (ret <= 0)
112 return ret;
113 *siglen = (size_t)sltmp;
114 return 1;
115 }
116
117 static int pkey_sm2_verify(EVP_PKEY_CTX *ctx,
118 const unsigned char *sig, size_t siglen,
119 const unsigned char *tbs, size_t tbslen)
120 {
121 EC_KEY *ec = ctx->pkey->pkey.ec;
122
123 return sm2_verify(tbs, tbslen, sig, siglen, ec);
124 }
125
126 static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
127 unsigned char *out, size_t *outlen,
128 const unsigned char *in, size_t inlen)
129 {
130 EC_KEY *ec = ctx->pkey->pkey.ec;
131 SM2_PKEY_CTX *dctx = ctx->data;
132 const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
133
134 if (out == NULL) {
135 if (!sm2_ciphertext_size(ec, md, inlen, outlen))
136 return -1;
137 else
138 return 1;
139 }
140
141 return sm2_encrypt(ec, md, in, inlen, out, outlen);
142 }
143
144 static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
145 unsigned char *out, size_t *outlen,
146 const unsigned char *in, size_t inlen)
147 {
148 EC_KEY *ec = ctx->pkey->pkey.ec;
149 SM2_PKEY_CTX *dctx = ctx->data;
150 const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
151
152 if (out == NULL) {
153 if (!sm2_plaintext_size(ec, md, inlen, outlen))
154 return -1;
155 else
156 return 1;
157 }
158
159 return sm2_decrypt(ec, md, in, inlen, out, outlen);
160 }
161
162 static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
163 {
164 SM2_PKEY_CTX *smctx = ctx->data;
165 EC_GROUP *group;
166
167 switch (type) {
168 case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
169 group = EC_GROUP_new_by_curve_name(p1);
170 if (group == NULL) {
171 SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_INVALID_CURVE);
172 return 0;
173 }
174 EC_GROUP_free(smctx->gen_group);
175 smctx->gen_group = group;
176 return 1;
177
178 case EVP_PKEY_CTRL_EC_PARAM_ENC:
179 if (smctx->gen_group == NULL) {
180 SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_NO_PARAMETERS_SET);
181 return 0;
182 }
183 EC_GROUP_set_asn1_flag(smctx->gen_group, p1);
184 return 1;
185
186 case EVP_PKEY_CTRL_MD:
187 smctx->md = p2;
188 return 1;
189
190 case EVP_PKEY_CTRL_GET_MD:
191 *(const EVP_MD **)p2 = smctx->md;
192 return 1;
193
194 case EVP_PKEY_CTRL_SET1_ID:
195 OPENSSL_free(smctx->id);
196 if (p1 > 0) {
197 smctx->id = OPENSSL_malloc(p1);
198 if (smctx->id == NULL)
199 return 0;
200 memcpy(smctx->id, p2, p1);
201 } else {
202 /* set null-ID */
203 smctx->id = NULL;
204 }
205 smctx->id_len = (size_t)p1;
206 smctx->id_set = 1;
207 return 1;
208
209 case EVP_PKEY_CTRL_GET1_ID:
210 memcpy(p2, smctx->id, smctx->id_len);
211 return 1;
212
213 case EVP_PKEY_CTRL_GET1_ID_LEN:
214 *(size_t *)p2 = smctx->id_len;
215 return 1;
216
217 default:
218 return -2;
219 }
220 }
221
222 static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
223 const char *type, const char *value)
224 {
225 if (strcmp(type, "ec_paramgen_curve") == 0) {
226 int nid = NID_undef;
227
228 if (((nid = EC_curve_nist2nid(value)) == NID_undef)
229 && ((nid = OBJ_sn2nid(value)) == NID_undef)
230 && ((nid = OBJ_ln2nid(value)) == NID_undef)) {
231 SM2err(SM2_F_PKEY_SM2_CTRL_STR, SM2_R_INVALID_CURVE);
232 return 0;
233 }
234 return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
235 } else if (strcmp(type, "ec_param_enc") == 0) {
236 int param_enc;
237
238 if (strcmp(value, "explicit") == 0)
239 param_enc = 0;
240 else if (strcmp(value, "named_curve") == 0)
241 param_enc = OPENSSL_EC_NAMED_CURVE;
242 else
243 return -2;
244 return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
245 }
246
247 return -2;
248 }
249
250 static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
251 {
252 uint8_t z[EVP_MAX_MD_SIZE];
253 SM2_PKEY_CTX *smctx = ctx->data;
254 EC_KEY *ec = ctx->pkey->pkey.ec;
255 const EVP_MD *md = EVP_MD_CTX_md(mctx);
256
257 if (!smctx->id_set) {
258 /*
259 * An ID value must be set. The specifications are not clear whether a
260 * NULL is allowed. We only allow it if set explicitly for maximum
261 * flexibility.
262 */
263 return 0;
264 }
265
266 /* get hashed prefix 'z' of tbs message */
267 if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec))
268 return 0;
269
270 return EVP_DigestUpdate(mctx, z, EVP_MD_size(md));
271 }
272
273 const EVP_PKEY_METHOD sm2_pkey_meth = {
274 EVP_PKEY_SM2,
275 0,
276 pkey_sm2_init,
277 pkey_sm2_copy,
278 pkey_sm2_cleanup,
279
280 0,
281 0,
282
283 0,
284 0,
285
286 0,
287 pkey_sm2_sign,
288
289 0,
290 pkey_sm2_verify,
291
292 0, 0,
293
294 0, 0, 0, 0,
295
296 0,
297 pkey_sm2_encrypt,
298
299 0,
300 pkey_sm2_decrypt,
301
302 0,
303 0,
304 pkey_sm2_ctrl,
305 pkey_sm2_ctrl_str,
306
307 0, 0,
308
309 0, 0, 0,
310
311 pkey_sm2_digest_custom
312 };
A mirror of the official openssl repository