Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 2bdeffefdd
Branches Tags
openssl
/
crypto
/
sm2
/
sm2_za.c

sm2_za.c 3.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 
  1. /*
    2. 

  2.  * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  * Copyright 2017 Ribose Inc. All Rights Reserved.
    4. 

  4.  * Ported from Ribose contributions from Botan.
    5. 

  5.  *
    6. 

  6.  * Licensed under the OpenSSL license (the "License").  You may not use
    7. 

  7.  * this file except in compliance with the License.  You can obtain a copy
    8. 

  8.  * in the file LICENSE in the source distribution or at
    9. 

  9.  * https://www.openssl.org/source/license.html
    10. 

  10.  */
    11. 

  11. 

  12. #include <openssl/sm2.h>
    13. 

  13. #include <openssl/evp.h>
    14. 

  14. #include <openssl/bn.h>
    15. 

  15. #include <string.h>
    16. 

  16. 

  17. int SM2_compute_userid_digest(uint8_t *out,
    18. 

  18.                               const EVP_MD *digest,
    19. 

  19.                               const char *user_id,
    20. 

  20.                               const EC_KEY *key)
    21. 

  21. {
    22. 

  22.     int rc = 0;
    23. 

  23. 

  24.     const EC_GROUP *group = EC_KEY_get0_group(key);
    25. 

  25. 

  26.     BN_CTX *ctx = NULL;
    27. 

  27.     EVP_MD_CTX *hash = NULL;
    28. 

  28. 

  29.     BIGNUM *p = NULL;
    30. 

  30.     BIGNUM *a = NULL;
    31. 

  31.     BIGNUM *b = NULL;
    32. 

  32. 

  33.     BIGNUM *xG = NULL;
    34. 

  34.     BIGNUM *yG = NULL;
    35. 

  35.     BIGNUM *xA = NULL;
    36. 

  36.     BIGNUM *yA = NULL;
    37. 

  37. 

  38.     int p_bytes = 0;
    39. 

  39.     uint8_t *buf = NULL;
    40. 

  40.     size_t uid_len = 0;
    41. 

  41.     uint16_t entla = 0;
    42. 

  42.     uint8_t e_byte = 0;
    43. 

  43. 

  44.     hash = EVP_MD_CTX_new();
    45. 

  45.     if (hash == NULL)
    46. 

  46.        goto done;
    47. 

  47. 

  48.     ctx = BN_CTX_new();
    49. 

  49.     if (ctx == NULL)
    50. 

  50.        goto done;
    51. 

  51. 

  52.     p = BN_CTX_get(ctx);
    53. 

  53.     a = BN_CTX_get(ctx);
    54. 

  54.     b = BN_CTX_get(ctx);
    55. 

  55.     xG = BN_CTX_get(ctx);
    56. 

  56.     yG = BN_CTX_get(ctx);
    57. 

  57.     xA = BN_CTX_get(ctx);
    58. 

  58.     yA = BN_CTX_get(ctx);
    59. 

  59. 

  60.     if (p == NULL || a == NULL || b == NULL ||
    61. 

  61.         xG == NULL || yG == NULL || xA == NULL || yA == NULL)
    62. 

  62.        goto done;
    63. 

  63. 

  64.     memset(out, 0, EVP_MD_size(digest));
    65. 

  65. 

  66.     if (EVP_DigestInit(hash, digest) == 0)
    67. 

  67.         goto done;
    68. 

  68. 

  69.     /*
    70. 

  70.        ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
    71. 

  71.      */
    72. 

  72. 

  73.     uid_len = strlen(user_id);
    74. 

  74. 

  75.     if (uid_len >= 8192)        /* too large */
    76. 

  76.         goto done;
    77. 

  77. 

  78.     entla = (unsigned short)(8 * uid_len);
    79. 

  79. 

  80.     e_byte = entla >> 8;
    81. 

  81.     if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
    82. 

  82.         goto done;
    83. 

  83.     e_byte = entla & 0xFF;
    84. 

  84.     if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
    85. 

  85.         goto done;
    86. 

  86. 

  87.     if (EVP_DigestUpdate(hash, user_id, uid_len) == 0)
    88. 

  88.         goto done;
    89. 

  89. 

  90.     if (EC_GROUP_get_curve_GFp(group, p, a, b, ctx) == 0)
    91. 

  91.         goto done;
    92. 

  92. 

  93.     p_bytes = BN_num_bytes(p);
    94. 

  94.     buf = OPENSSL_zalloc(p_bytes);
    95. 

  95. 

  96.     BN_bn2binpad(a, buf, p_bytes);
    97. 

  97.     if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
    98. 

  98.         goto done;
    99. 

  99.     BN_bn2binpad(b, buf, p_bytes);
    100. 

  100.     if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
    101. 

  101.         goto done;
    102. 

  102.     EC_POINT_get_affine_coordinates_GFp(group,
    103. 

  103.                                         EC_GROUP_get0_generator(group),
    104. 

  104.                                         xG, yG, ctx);
    105. 

  105.     BN_bn2binpad(xG, buf, p_bytes);
    106. 

  106.     if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
    107. 

  107.         goto done;
    108. 

  108.     BN_bn2binpad(yG, buf, p_bytes);
    109. 

  109.     if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
    110. 

  110.         goto done;
    111. 

  111. 

  112.     EC_POINT_get_affine_coordinates_GFp(group,
    113. 

  113.                                         EC_KEY_get0_public_key(key),
    114. 

  114.                                         xA, yA, ctx);
    115. 

  115.     BN_bn2binpad(xA, buf, p_bytes);
    116. 

  116.     if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
    117. 

  117.         goto done;
    118. 

  118.     BN_bn2binpad(yA, buf, p_bytes);
    119. 

  119.     if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
    120. 

  120.         goto done;
    121. 

  121. 

  122.     if (EVP_DigestFinal(hash, out, NULL) == 0)
    123. 

  123.         goto done;
    124. 

  124. 

  125.     rc = 1;
    126. 

  126. 

  127.  done:
    128. 

  128.     OPENSSL_free(buf);
    129. 

  129.     BN_CTX_free(ctx);
    130. 

  130.     EVP_MD_CTX_free(hash);
    131. 

  131.     return rc;
    132. 

  132. }
    133.