diff options
| author |   Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> | 2023-10-10 14:33:42 +0000 |
|---|---|---|
| committer | Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> | 2023-10-10 14:33:42 +0000 |
| commit | af1a266670d040d2f4083ff309d732d648afba2a (patch) | |
| tree | 2fc46203448ddcc6f81546d379abfaeb323575e9 /roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/sm2/sm2_pmeth.c | |
| parent | e02cda008591317b1625707ff8e115a4841aa889 (diff) | |
Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/sm2/sm2_pmeth.c')
| -rw-r--r-- | roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/sm2/sm2_pmeth.c | 329 |
1 files changed, 329 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/sm2/sm2_pmeth.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/sm2/sm2_pmeth.c new file mode 100644 index 000000000..b42a14c32 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/sm2/sm2_pmeth.c @@ -0,0 +1,329 @@ +/* + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" +#include <openssl/asn1t.h> +#include <openssl/ec.h> +#include <openssl/evp.h> +#include "crypto/evp.h" +#include "crypto/sm2.h" +#include "crypto/sm2err.h" + +/* EC pkey context structure */ + +typedef struct { + /* Key and paramgen group */ + EC_GROUP *gen_group; + /* message digest */ + const EVP_MD *md; + /* Distinguishing Identifier, ISO/IEC 15946-3 */ + uint8_t *id; + size_t id_len; + /* id_set indicates if the 'id' field is set (1) or not (0) */ + int id_set; +} SM2_PKEY_CTX; + +static int pkey_sm2_init(EVP_PKEY_CTX *ctx) +{ + SM2_PKEY_CTX *smctx; + + if ((smctx = OPENSSL_zalloc(sizeof(*smctx))) == NULL) { + SM2err(SM2_F_PKEY_SM2_INIT, ERR_R_MALLOC_FAILURE); + return 0; + } + + ctx->data = smctx; + return 1; +} + +static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx) +{ + SM2_PKEY_CTX *smctx = ctx->data; + + if (smctx != NULL) { + EC_GROUP_free(smctx->gen_group); + OPENSSL_free(smctx->id); + OPENSSL_free(smctx); + ctx->data = NULL; + } +} + +static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + SM2_PKEY_CTX *dctx, *sctx; + + if (!pkey_sm2_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + if (sctx->gen_group != NULL) { + dctx->gen_group = EC_GROUP_dup(sctx->gen_group); + if (dctx->gen_group == NULL) { + pkey_sm2_cleanup(dst); + return 0; + } + } + if (sctx->id != NULL) { + dctx->id = OPENSSL_malloc(sctx->id_len); + if (dctx->id == NULL) { + SM2err(SM2_F_PKEY_SM2_COPY, ERR_R_MALLOC_FAILURE); + pkey_sm2_cleanup(dst); + return 0; + } + memcpy(dctx->id, sctx->id, sctx->id_len); + } + dctx->id_len = sctx->id_len; + dctx->id_set = sctx->id_set; + dctx->md = sctx->md; + + return 1; +} + +static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret; + unsigned int sltmp; + EC_KEY *ec = ctx->pkey->pkey.ec; + const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec); + + if (sig_sz <= 0) { + return 0; + } + + if (sig == NULL) { + *siglen = (size_t)sig_sz; + return 1; + } + + if (*siglen < (size_t)sig_sz) { + SM2err(SM2_F_PKEY_SM2_SIGN, SM2_R_BUFFER_TOO_SMALL); + return 0; + } + + ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec); + + if (ret <= 0) + return ret; + *siglen = (size_t)sltmp; + return 1; +} + +static int pkey_sm2_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + + return sm2_verify(tbs, tbslen, sig, siglen, ec); +} + +static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + SM2_PKEY_CTX *dctx = ctx->data; + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { + if (!sm2_ciphertext_size(ec, md, inlen, outlen)) + return -1; + else + return 1; + } + + return sm2_encrypt(ec, md, in, inlen, out, outlen); +} + +static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + SM2_PKEY_CTX *dctx = ctx->data; + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { + if (!sm2_plaintext_size(ec, md, inlen, outlen)) + return -1; + else + return 1; + } + + return sm2_decrypt(ec, md, in, inlen, out, outlen); +} + +static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + SM2_PKEY_CTX *smctx = ctx->data; + EC_GROUP *group; + uint8_t *tmp_id; + + switch (type) { + case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: + group = EC_GROUP_new_by_curve_name(p1); + if (group == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_INVALID_CURVE); + return 0; + } + EC_GROUP_free(smctx->gen_group); + smctx->gen_group = group; + return 1; + + case EVP_PKEY_CTRL_EC_PARAM_ENC: + if (smctx->gen_group == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_NO_PARAMETERS_SET); + return 0; + } + EC_GROUP_set_asn1_flag(smctx->gen_group, p1); + return 1; + + case EVP_PKEY_CTRL_MD: + smctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_GET_MD: + *(const EVP_MD **)p2 = smctx->md; + return 1; + + case EVP_PKEY_CTRL_SET1_ID: + if (p1 > 0) { + tmp_id = OPENSSL_malloc(p1); + if (tmp_id == NULL) { + SM2err(SM2_F_PKEY_SM2_CTRL, ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(tmp_id, p2, p1); + OPENSSL_free(smctx->id); + smctx->id = tmp_id; + } else { + /* set null-ID */ + OPENSSL_free(smctx->id); + smctx->id = NULL; + } + smctx->id_len = (size_t)p1; + smctx->id_set = 1; + return 1; + + case EVP_PKEY_CTRL_GET1_ID: + memcpy(p2, smctx->id, smctx->id_len); + return 1; + + case EVP_PKEY_CTRL_GET1_ID_LEN: + *(size_t *)p2 = smctx->id_len; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + /* nothing to be inited, this is to suppress the error... */ + return 1; + + default: + return -2; + } +} + +static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) +{ + if (strcmp(type, "ec_paramgen_curve") == 0) { + int nid = NID_undef; + + if (((nid = EC_curve_nist2nid(value)) == NID_undef) + && ((nid = OBJ_sn2nid(value)) == NID_undef) + && ((nid = OBJ_ln2nid(value)) == NID_undef)) { + SM2err(SM2_F_PKEY_SM2_CTRL_STR, SM2_R_INVALID_CURVE); + return 0; + } + return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); + } else if (strcmp(type, "ec_param_enc") == 0) { + int param_enc; + + if (strcmp(value, "explicit") == 0) + param_enc = 0; + else if (strcmp(value, "named_curve") == 0) + param_enc = OPENSSL_EC_NAMED_CURVE; + else + return -2; + return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); + } + + return -2; +} + +static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +{ + uint8_t z[EVP_MAX_MD_SIZE]; + SM2_PKEY_CTX *smctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + const EVP_MD *md = EVP_MD_CTX_md(mctx); + int mdlen = EVP_MD_size(md); + + if (!smctx->id_set) { + /* + * An ID value must be set. The specifications are not clear whether a + * NULL is allowed. We only allow it if set explicitly for maximum + * flexibility. + */ + SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_ID_NOT_SET); + return 0; + } + + if (mdlen < 0) { + SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_INVALID_DIGEST); + return 0; + } + + /* get hashed prefix 'z' of tbs message */ + if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec)) + return 0; + + return EVP_DigestUpdate(mctx, z, (size_t)mdlen); +} + +const EVP_PKEY_METHOD sm2_pkey_meth = { + EVP_PKEY_SM2, + 0, + pkey_sm2_init, + pkey_sm2_copy, + pkey_sm2_cleanup, + + 0, + 0, + + 0, + 0, + + 0, + pkey_sm2_sign, + + 0, + pkey_sm2_verify, + + 0, 0, + + 0, 0, 0, 0, + + 0, + pkey_sm2_encrypt, + + 0, + pkey_sm2_decrypt, + + 0, + 0, + pkey_sm2_ctrl, + pkey_sm2_ctrl_str, + + 0, 0, + + 0, 0, 0, + + pkey_sm2_digest_custom +}; |