登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
11 Star 0 Fork 46

src-openEuler/nss

代码 Issues 4 Pull Requests 4 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
Feature-nss-support-SM2-signature-algorithm.patch 11.35 KB
一键复制 编辑 原始数据 按行查看 历史
Jingwiw 提交于 2023-11-20 17:00 . update version to 3.94
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318
From 95151bc198fb304ebaea229be32ad6c207f41887 Mon Sep 17 00:00:00 2001

From: Huaxin Lu <luhuaxin1@huawei.com>

Date: Tue, 27 Sep 2022 20:14:27 +0800

Subject: [PATCH 4/4] nss support SM2 signature algorithm



Co-authored-by: godcansee <liu332084460@foxmail.com>

Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>



diff --git a/lib/cryptohi/cryptohi.h b/lib/cryptohi/cryptohi.h

index 7b66f0b..4f99ef9 100644

--- a/lib/cryptohi/cryptohi.h

+++ b/lib/cryptohi/cryptohi.h

@@ -420,6 +420,8 @@ extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf,

                                                const SECAlgorithmID *algid, SECOidTag *hash,

                                                void *wincx);

 

+SECStatus SEC_CreateSM2Digest(unsigned char *z, SECItem *pub);

+

 SEC_END_PROTOS

 

 #endif /* _CRYPTOHI_H_ */

diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c

index 656609e..6a230e1 100644

--- a/lib/cryptohi/seckey.c

+++ b/lib/cryptohi/seckey.c

@@ -519,6 +519,7 @@ seckey_GetKeyType(SECOidTag tag)

             keyType = dhKey;

             break;

         case SEC_OID_ANSIX962_EC_PUBLIC_KEY:

+        case SEC_OID_SM2:

             keyType = ecKey;

             break;

         /* accommodate applications that hand us a signature type when they

@@ -775,6 +776,7 @@ SECKEY_ECParamsToKeySize(const SECItem *encodedParams)

 

         case SEC_OID_SECG_EC_SECP256K1:

         case SEC_OID_ANSIX962_EC_PRIME256V1:

+        case SEC_OID_SM2:

             return 256;

 

         case SEC_OID_ANSIX962_EC_C2PNB272W1:

@@ -923,6 +925,7 @@ SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams)

 

         case SEC_OID_SECG_EC_SECP256K1:

         case SEC_OID_ANSIX962_EC_PRIME256V1:

+        case SEC_OID_SM2:

             return 256;

 

         case SEC_OID_ANSIX962_EC_C2PNB272W1:

diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c

index 8779904..8a12b25 100644

--- a/lib/cryptohi/secsign.c

+++ b/lib/cryptohi/secsign.c

@@ -882,3 +882,46 @@ SEC_CreateSignatureAlgorithmParameters(PLArenaPool *arena,

             return result;

     }

 }

+

+// TODO

+const unsigned char zin_default[] = {

+    0x00, 0x80, // id length

+    0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34,

+    0x35, 0x36, 0x37, 0x38, // default id: 1234567812345678

+    0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,

+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, // sm2 a

+    0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,

+    0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,

+    0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93, // sm2 b

+    0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,

+    0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,

+    0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7, // sm2 x

+    0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,

+    0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,

+    0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 // sm2 y

+};

+

+SECStatus SEC_CreateSM2Digest(unsigned char *z, SECItem *pub)

+{

+    unsigned int len;

+    PK11Context *ctx;

+

+    if (!z || !pub || pub->len != 65)

+        return SECFailure;

+

+    ctx = PK11_CreateDigestContext(SEC_OID_SM3);

+    if (!ctx)

+        return SECFailure;

+

+    if (PK11_DigestBegin(ctx) != SECSuccess ||

+        PK11_DigestOp(ctx, zin_default, sizeof(zin_default)) != SECSuccess ||

+        PK11_DigestOp(ctx, pub->data + 1, 64) != SECSuccess ||

+        PK11_DigestFinal(ctx, z, &len, SM3_LENGTH)) {

+        PK11_DestroyContext(ctx, PR_TRUE);

+        return SECFailure;

+    }

+

+    PK11_DestroyContext(ctx, PR_TRUE);

+    return SECSuccess;

+}

diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c

index 8c9dc2d..981cb0d 100644

--- a/lib/cryptohi/secvfy.c

+++ b/lib/cryptohi/secvfy.c

@@ -288,6 +288,8 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg)

         case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:

         case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:

             return SEC_OID_ANSIX962_EC_PUBLIC_KEY;

+        case SEC_OID_SM2_WITH_SM3:

+            return SEC_OID_SM2;

         /* we don't implement MD4 hashes */

         case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:

         default:

@@ -430,6 +432,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,

                 return SECFailure;

             }

             break;

+        case SEC_OID_SM2_WITH_SM3:

+            *hashalg = SEC_OID_SM3;

+            break;

         /* we don't implement MD4 hashes */

         case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:

         default:

diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c

index 5bf7d81..2b8e321 100644

--- a/lib/freebl/ec.c

+++ b/lib/freebl/ec.c

@@ -15,6 +15,7 @@

 #include "mplogic.h"

 #include "ec.h"

 #include "ecl.h"

+#include "sm2.h"

 

 #define EC_DOUBLECHECK PR_FALSE

 

@@ -988,7 +989,9 @@ ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)

         goto cleanup;

 

     /* Generate ECDSA signature with the specified k value */

-    rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len);

+    rv = key->ecParams.name == ECCurve_sm2p256v1 ?

+        SM2_SignDigestWithSeed(key, signature, digest, kBytes, len) :

+        ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len);

 

 cleanup:

     if (kBytes) {

diff --git a/lib/freebl/ecdecode.c b/lib/freebl/ecdecode.c

index bd31eb0..29f41c9 100644

--- a/lib/freebl/ecdecode.c

+++ b/lib/freebl/ecdecode.c

@@ -181,6 +181,10 @@ EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,

                                                   params));

             break;

 

+        case SEC_OID_SM2:

+            /* Populate params for Curve SM2 */

+           CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_sm2p256v1, ec_field_plain,

+                                                 params));

         default:

             break;

     };

diff --git a/lib/freebl/ecl/ecl-curve.h b/lib/freebl/ecl/ecl-curve.h

index dec3ce3..b525ba5 100644

--- a/lib/freebl/ecl/ecl-curve.h

+++ b/lib/freebl/ecl/ecl-curve.h

@@ -178,6 +178,38 @@ static const ECCurveBytes ecCurve_25519 = {

     KU_KEY_AGREEMENT

 };

 

+static const PRUint8 sm2_irr[32] =

+    { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,

+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };

+static const PRUint8 sm2_a[32] =

+    { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,

+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc };

+static const PRUint8 sm2_b[32] =

+    { 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,

+      0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,

+      0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93 };

+static const PRUint8 sm2_x[32] =

+    { 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,

+      0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,

+      0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7 };

+static const PRUint8 sm2_y[32] =

+    { 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,

+      0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,

+      0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 };

+static const PRUint8 sm2_order[32] =

+    { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

+      0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,

+      0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 };

+

+static const ECCurveBytes ecCurve_sm2p256v1 = {

+    "sm2p256v1", ECField_GFp, 256,

+    sm2_irr, sm2_a, sm2_b, sm2_x, sm2_y, sm2_order, NULL,

+    8, 128, 66, 32, // TODO

+    KU_KEY_AGREEMENT

+};

+

 /* mapping between ECCurveName enum and pointers to ECCurveParams */

 static const ECCurveBytes *ecCurve_map[] = {

     NULL,               /* ECCurve_noName */

@@ -239,6 +271,7 @@ static const ECCurveBytes *ecCurve_map[] = {

     NULL,               /* ECCurve_WTLS_8 */

     NULL,               /* ECCurve_WTLS_9 */

     &ecCurve_25519,     /* ECCurve25519 */

+    &ecCurve_sm2p256v1, /* ECCurve_sm2p256v1 */

     NULL                /* ECCurve_pastLastCurve */

 };

 

diff --git a/lib/freebl/ecl/ecl-exp.h b/lib/freebl/ecl/ecl-exp.h

index 44adb8a..d071fc9 100644

--- a/lib/freebl/ecl/ecl-exp.h

+++ b/lib/freebl/ecl/ecl-exp.h

@@ -132,6 +132,7 @@ typedef enum {

     /* ECCurve_WTLS_12 == ECCurve_NIST_P224 */

 

     ECCurve25519,

+    ECCurve_sm2p256v1,

 

     ECCurve_pastLastCurve

 } ECCurveName;

diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi

index 920d613..e6094a9 100644

--- a/lib/freebl/freebl_base.gypi

+++ b/lib/freebl/freebl_base.gypi

@@ -61,6 +61,7 @@

     'sha_fast.c',

     'shvfy.c',

     'sm3.c',

+    'sm2.c',

     'sysrand.c',

     'tlsprfalg.c',

     'secmpi.c',

diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn

index 3214369..f321f67 100644

--- a/lib/freebl/manifest.mn

+++ b/lib/freebl/manifest.mn

@@ -161,6 +161,7 @@ CSRCS = \

 	$(LOWHASH_SRCS) \

 	$(EXTRA_SRCS) \

 	sm3.c \

+	sm2.c \

 	$(NULL)

 

 ifndef NSS_DISABLE_DEPRECATED_SEED

@@ -191,6 +192,7 @@ ALL_HDRS =  \

 	vis_proto.h \

 	seed.h \

 	sm3.h \

+	sm2.h \

 	$(NULL)

 

 

diff --git a/lib/nss/nss.def b/lib/nss/nss.def

index 35850ca..4d778e5 100644

--- a/lib/nss/nss.def

+++ b/lib/nss/nss.def

@@ -1253,3 +1253,9 @@ SECMOD_LockedModuleHasRemovableSlots;

 ;+    local:

 ;+       *;

 ;+};

+;+NSS_openEuler {

+;+    global:

+SEC_CreateSM2Digest;

+;+    local:

+;+       *;

+;+};

diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h

index 5027847..31a0807 100644

--- a/lib/util/pkcs11n.h

+++ b/lib/util/pkcs11n.h

@@ -260,6 +260,8 @@

 

 /* SM algorithm (to be proposed to PKCS #11) */

 #define CKM_NSS_SM3 (CKM_NSS + 45)

+#define CKM_NSS_SM2 (CKM_NSS + 46)

+#define CKM_NSS_SM2_WITH_SM3 (CKM_NSS + 47)

 

 

 /*

diff --git a/lib/util/secoid.c b/lib/util/secoid.c

index 2060429..e97eead 100644

--- a/lib/util/secoid.c

+++ b/lib/util/secoid.c

@@ -616,6 +616,8 @@ CONST_OID curve25519[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01

  * 1.2.156.197.1.401

  */

 CONST_OID sm3[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x11 };

+CONST_OID sm2[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D };

+CONST_OID sm2_with_sm3[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75 };

 

 #define OI(x)                                  \

     {                                          \

@@ -1812,6 +1814,8 @@ const static SECOidData oids[SEC_OID_TOTAL] = {

        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),

 

     OD(sm3, SEC_OID_SM3, "SM3", CKM_NSS_SM3, INVALID_CERT_EXTENSION),

+    OD(sm2, SEC_OID_SM2, "SM2", CKM_NSS_SM2, INVALID_CERT_EXTENSION),

+    OD(sm2_with_sm3, SEC_OID_SM2_WITH_SM3, "SM2_WITH_SM3", CKM_NSS_SM2_WITH_SM3, INVALID_CERT_EXTENSION),

 

     OD(sha3_224, SEC_OID_SHA3_224, "SHA3-224", CKM_SHA3_224, INVALID_CERT_EXTENSION),

     OD(sha3_256, SEC_OID_SHA3_256, "SHA3-256", CKM_SHA3_256, INVALID_CERT_EXTENSION),

diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h

index b6a98a2..b60f74e 100644

--- a/lib/util/secoidt.h

+++ b/lib/util/secoidt.h

@@ -513,6 +513,8 @@ typedef enum {

     SEC_OID_HMAC_SHA3_512 = 371,

 

     SEC_OID_SM3 = 372,

+    SEC_OID_SM2 = 373,

+    SEC_OID_SM2_WITH_SM3 = 374,

 

     SEC_OID_TOTAL

 } SECOidTag;
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/src-openeuler/nss.git
git@gitee.com:src-openeuler/nss.git
src-openeuler
nss
nss
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部