From f4e4382cae1fb85fec6e9aa26f65fc729a40a039 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 24 Jan 2020 17:51:39 +0100 Subject: [PATCH] EVP_PKEY_assign_EC_KEY(): detect SM2 curve and set EVP_PKEY type accordingly This means that when loaded or created, EC EVP_PKEYs with the SM2 curve will be regarded as EVP_PKEY_SM2 type keys by default. Applications are no longer forced to check and fix this. It's still possible, for those who want this, to set the key type to EVP_PKEY_EC and thereby run the normal EC computations with the SM2 curve. This has to be done explicitly. Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/10942) --- crypto/evp/p_lib.c | 13 ++++++++++++- doc/man3/EVP_PKEY_set1_RSA.pod | 15 ++++++++++++--- doc/man7/SM2.pod | 22 ++++++---------------- 3 files changed, 30 insertions(+), 20 deletions(-) diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 07316a4522..0a3c86d63a 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -401,8 +401,19 @@ ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey) # endif int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { + int alias = type; + + if (EVP_PKEY_type(type) == EVP_PKEY_EC) { + const EC_GROUP *group = EC_KEY_get0_group(key); + + if (group != NULL && EC_GROUP_get_curve_name(group) == NID_sm2) + alias = EVP_PKEY_SM2; + } + if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) return 0; + if (!EVP_PKEY_set_alias_type(pkey, alias)) + return 0; pkey->pkey.ptr = key; return (key != NULL); } @@ -519,7 +530,7 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) { - if (pkey->type != EVP_PKEY_EC) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); return NULL; } diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index 8f4d7f547a..8423a0a3b8 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -90,8 +90,7 @@ If B does not include an B for B an error occurs. EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a -different set of algorithms than the default. This is currently used -to support SM2 keys, which use an identical encoding to ECDSA. +different set of algorithms than the default. =head1 NOTES @@ -103,6 +102,16 @@ EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() are implemented as macros. +EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if +the passed B is an L key, and will set the B +type to B in that case, instead of B. + +It's possible to switch back and forth between the types B +and B with a call to EVP_PKEY_set_alias_type() on keys +assigned with this macro if it's desirable to do a normal EC +computations with the SM2 curve instead of the special SM2 +computations, and vice versa. + Most applications wishing to know a key type will simply call EVP_PKEY_base_id() and will not care about the actual type: which will be identical in almost all cases. @@ -143,7 +152,7 @@ algorithms with EVP_PKEY_set_alias_type: =head1 SEE ALSO -L +L, L =head1 COPYRIGHT diff --git a/doc/man7/SM2.pod b/doc/man7/SM2.pod index c7876a0cc6..93fd12c909 100644 --- a/doc/man7/SM2.pod +++ b/doc/man7/SM2.pod @@ -20,25 +20,17 @@ B signatures can be generated by using the 'DigestSign' series of APIs, for instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). Ditto for the verification process by calling the 'DigestVerify' series of APIs. -There are several special steps that need to be done before computing an B -signature. - -The B structure will default to using ECDSA for signatures when it is -created. It should be set to B by calling: - - EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); - -Then an ID should be set by calling: +Before computing an B signature, an B needs to be created, +and an B ID must be set for it, like this: EVP_PKEY_CTX_set1_id(pctx, id, id_len); -When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a -pre-allocated B should be assigned to the B. This is -done by calling: +Before calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, +that B should be assigned to the B, like this: EVP_MD_CTX_set_pkey_ctx(mctx, pctx); -And normally there is no need to pass a B parameter to EVP_DigestSignInit() +There is normally no need to pass a B parameter to EVP_DigestSignInit() or EVP_DigestVerifyInit() in such a scenario. SM2 can be tested with the L application since version 3.0.0. @@ -52,11 +44,10 @@ a message with the SM2 signature algorithm and the SM3 hash algorithm: #include /* obtain an EVP_PKEY using whatever methods... */ - EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); mctx = EVP_MD_CTX_new(); pctx = EVP_PKEY_CTX_new(pkey, NULL); EVP_PKEY_CTX_set1_id(pctx, id, id_len); - EVP_MD_CTX_set_pkey_ctx(mctx, pctx);; + EVP_MD_CTX_set_pkey_ctx(mctx, pctx); EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); EVP_DigestVerifyUpdate(mctx, msg, msg_len); EVP_DigestVerifyFinal(mctx, sig, sig_len) @@ -64,7 +55,6 @@ a message with the SM2 signature algorithm and the SM3 hash algorithm: =head1 SEE ALSO L, -L, L, L, L, -- 2.25.1