diff options
| author | Jack Lloyd <jack.lloyd@ribose.com> | 2018-06-18 15:51:56 -0400 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-06-19 11:29:44 +0100 |
| commit | ddb634fe6f9aeea34fe036cf804903b4240d38ac (patch) | |
| tree | 60501110c68634a55fdc888fcb5598e8ba9c4887 /crypto/ec | |
| parent | 2f2e6b6278bc4cbf670e42ae9f4ff818529df37c (diff) | |
Move SM2 algos to SM2 specific PKEY method
Use EVP_PKEY_set_alias_type to access
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6443)
Diffstat (limited to 'crypto/ec')
| -rw-r--r-- | crypto/ec/ec_ameth.c | 8 | ||||
| -rw-r--r-- | crypto/ec/ec_err.c | 6 | ||||
| -rw-r--r-- | crypto/ec/ec_pmeth.c | 113 |
3 files changed, 19 insertions, 108 deletions
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 0682bc3d1d..4096cb3294 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -602,6 +602,14 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { ec_pkey_param_check }; +#if !defined(OPENSSL_NO_SM2) +const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = { + EVP_PKEY_SM2, + EVP_PKEY_EC, + ASN1_PKEY_ALIAS +}; +#endif + int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) { int private = EC_KEY_get0_private_key(x) != NULL; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 94a72072ce..6a1be2eb3b 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -259,6 +259,12 @@ static const ERR_STRING_DATA EC_str_functs[] = { {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"}, + {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"}, {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"}, {0, NULL} }; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 0187adfa2b..f4ea8b56c1 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -16,10 +16,6 @@ #include <openssl/evp.h> #include "internal/evp_int.h" -#if !defined(OPENSSL_NO_SM2) -# include "internal/sm2.h" -#endif - /* EC pkey context structure */ typedef struct { @@ -107,7 +103,6 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, unsigned int sltmp; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; - const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); if (!sig) { *siglen = ECDSA_size(ec); @@ -122,15 +117,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, else type = NID_sha1; - if (ec_nid == NID_sm2) { -#if defined(OPENSSL_NO_SM2) - return -1; -#else - ret = sm2_sign(type, tbs, tbslen, sig, &sltmp, ec); -#endif - } else { - ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); - } + ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); if (ret <= 0) return ret; @@ -145,22 +132,13 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, int ret, type; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; - const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); if (dctx->md) type = EVP_MD_type(dctx->md); else type = NID_sha1; - if (ec_nid == NID_sm2) { -#if defined(OPENSSL_NO_SM2) - ret = -1; -#else - ret = sm2_verify(type, tbs, tbslen, sig, siglen, ec); -#endif - } else { - ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); - } + ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); return ret; } @@ -202,86 +180,6 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) return 1; } -static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int ret; - EC_KEY *ec = ctx->pkey->pkey.ec; - const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - - if (ec_nid == NID_sm2) { -# if defined(OPENSSL_NO_SM2) - ret = -1; -# else - int md_type; - EC_PKEY_CTX *dctx = ctx->data; - - if (dctx->md) - md_type = EVP_MD_type(dctx->md); - else - md_type = NID_sm3; - - if (out == NULL) { - if (!sm2_ciphertext_size(ec, EVP_get_digestbynid(md_type), inlen, - outlen)) - ret = -1; - else - ret = 1; - } - else { - ret = sm2_encrypt(ec, EVP_get_digestbynid(md_type), - in, inlen, out, outlen); - } -# endif - } else { - /* standard ECIES not implemented */ - ret = -1; - } - - return ret; -} - -static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int ret; - EC_KEY *ec = ctx->pkey->pkey.ec; - const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); - - if (ec_nid == NID_sm2) { -# if defined(OPENSSL_NO_SM2) - ret = -1; -# else - int md_type; - EC_PKEY_CTX *dctx = ctx->data; - - if (dctx->md) - md_type = EVP_MD_type(dctx->md); - else - md_type = NID_sm3; - - if (out == NULL) { - if (!sm2_plaintext_size(ec, EVP_get_digestbynid(md_type), inlen, - outlen)) - ret = -1; - else - ret = 1; - } - else { - ret = sm2_decrypt(ec, EVP_get_digestbynid(md_type), - in, inlen, out, outlen); - } -# endif - } else { - /* standard ECIES not implemented */ - ret = -1; - } - - return ret; -} - static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -420,8 +318,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && - EVP_MD_type((const EVP_MD *)p2) != NID_sm3) { + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); return 0; } @@ -552,10 +449,10 @@ const EVP_PKEY_METHOD ec_pkey_meth = { 0, 0, 0, 0, 0, - pkey_ecies_encrypt, + 0, 0, - pkey_ecies_decrypt, + 0, 0, #ifndef OPENSSL_NO_EC |