2
0

sm2_za.c 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. /*
  2. * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2017 Ribose Inc. All Rights Reserved.
  4. * Ported from Ribose contributions from Botan.
  5. *
  6. * Licensed under the OpenSSL license (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <openssl/sm2.h>
  12. #include <openssl/evp.h>
  13. #include <openssl/bn.h>
  14. #include <string.h>
  15. int SM2_compute_userid_digest(uint8_t *out,
  16. const EVP_MD *digest,
  17. const char *user_id,
  18. const EC_KEY *key)
  19. {
  20. int rc = 0;
  21. const EC_GROUP *group = EC_KEY_get0_group(key);
  22. BN_CTX *ctx = NULL;
  23. EVP_MD_CTX *hash = NULL;
  24. BIGNUM *p = NULL;
  25. BIGNUM *a = NULL;
  26. BIGNUM *b = NULL;
  27. BIGNUM *xG = NULL;
  28. BIGNUM *yG = NULL;
  29. BIGNUM *xA = NULL;
  30. BIGNUM *yA = NULL;
  31. int p_bytes = 0;
  32. uint8_t *buf = NULL;
  33. size_t uid_len = 0;
  34. uint16_t entla = 0;
  35. uint8_t e_byte = 0;
  36. hash = EVP_MD_CTX_new();
  37. if (hash == NULL)
  38. goto done;
  39. ctx = BN_CTX_new();
  40. if (ctx == NULL)
  41. goto done;
  42. p = BN_CTX_get(ctx);
  43. a = BN_CTX_get(ctx);
  44. b = BN_CTX_get(ctx);
  45. xG = BN_CTX_get(ctx);
  46. yG = BN_CTX_get(ctx);
  47. xA = BN_CTX_get(ctx);
  48. yA = BN_CTX_get(ctx);
  49. if (p == NULL || a == NULL || b == NULL ||
  50. xG == NULL || yG == NULL || xA == NULL || yA == NULL)
  51. goto done;
  52. memset(out, 0, EVP_MD_size(digest));
  53. if (EVP_DigestInit(hash, digest) == 0)
  54. goto done;
  55. /*
  56. ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
  57. */
  58. uid_len = strlen(user_id);
  59. if (uid_len >= 8192) /* too large */
  60. goto done;
  61. entla = (unsigned short)(8 * uid_len);
  62. e_byte = entla >> 8;
  63. if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
  64. goto done;
  65. e_byte = entla & 0xFF;
  66. if (EVP_DigestUpdate(hash, &e_byte, 1) == 0)
  67. goto done;
  68. if (EVP_DigestUpdate(hash, user_id, uid_len) == 0)
  69. goto done;
  70. if (EC_GROUP_get_curve_GFp(group, p, a, b, ctx) == 0)
  71. goto done;
  72. p_bytes = BN_num_bytes(p);
  73. buf = OPENSSL_zalloc(p_bytes);
  74. BN_bn2binpad(a, buf, p_bytes);
  75. if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
  76. goto done;
  77. BN_bn2binpad(b, buf, p_bytes);
  78. if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
  79. goto done;
  80. EC_POINT_get_affine_coordinates_GFp(group,
  81. EC_GROUP_get0_generator(group),
  82. xG, yG, ctx);
  83. BN_bn2binpad(xG, buf, p_bytes);
  84. if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
  85. goto done;
  86. BN_bn2binpad(yG, buf, p_bytes);
  87. if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
  88. goto done;
  89. EC_POINT_get_affine_coordinates_GFp(group,
  90. EC_KEY_get0_public_key(key),
  91. xA, yA, ctx);
  92. BN_bn2binpad(xA, buf, p_bytes);
  93. if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
  94. goto done;
  95. BN_bn2binpad(yA, buf, p_bytes);
  96. if (EVP_DigestUpdate(hash, buf, p_bytes) == 0)
  97. goto done;
  98. if (EVP_DigestFinal(hash, out, NULL) == 0)
  99. goto done;
  100. rc = 1;
  101. done:
  102. OPENSSL_free(buf);
  103. BN_CTX_free(ctx);
  104. EVP_MD_CTX_free(hash);
  105. return rc;
  106. }