12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 |
- =pod
- =head1 NAME
- EVP_PKEY-SM2, EVP_KEYMGMT-SM2, SM2
- - EVP_PKEY keytype support for the Chinese SM2 signature and encryption algorithms
- =head1 DESCRIPTION
- The B<SM2> algorithm was first defined by the Chinese national standard GM/T
- 0003-2012 and was later standardized by ISO as ISO/IEC 14888. B<SM2> is actually
- an elliptic curve based algorithm. The current implementation in OpenSSL supports
- both signature and encryption schemes via the EVP interface.
- When doing the B<SM2> signature algorithm, it requires a distinguishing identifier
- to form the message prefix which is hashed before the real message is hashed.
- =head2 Common SM2 parameters
- SM2 uses the parameters defined in L<EVP_PKEY-EC(7)/Common EC parameters>.
- The following parameters are different:
- =over 4
- =item "cofactor" (B<OSSL_PKEY_PARAM_EC_COFACTOR>) <unsigned integer>
- This parameter is ignored for B<SM2>.
- =item (B<OSSL_PKEY_PARAM_DEFAULT_DIGEST>) <UTF8 string>
- Getter that returns the default digest name.
- (Currently returns "SM3" as of OpenSSL 3.0).
- =back
- =head1 NOTES
- B<SM2> signatures can be generated by using the 'DigestSign' series of APIs, for
- instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal().
- Ditto for the verification process by calling the 'DigestVerify' series of APIs.
- Before computing an B<SM2> signature, an B<EVP_PKEY_CTX> needs to be created,
- and an B<SM2> ID must be set for it, like this:
- EVP_PKEY_CTX_set1_id(pctx, id, id_len);
- Before calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions,
- that B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>, like this:
- EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
- There is normally no need to pass a B<pctx> parameter to EVP_DigestSignInit()
- or EVP_DigestVerifyInit() in such a scenario.
- SM2 can be tested with the L<openssl-speed(1)> application since version 3.0.
- Currently, the only valid algorithm name is B<sm2>.
- =head1 EXAMPLES
- This example demonstrates the calling sequence for using an B<EVP_PKEY> to verify
- a message with the SM2 signature algorithm and the SM3 hash algorithm:
- #include <openssl/evp.h>
- /* obtain an EVP_PKEY using whatever methods... */
- mctx = EVP_MD_CTX_new();
- pctx = EVP_PKEY_CTX_new(pkey, NULL);
- EVP_PKEY_CTX_set1_id(pctx, id, id_len);
- EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
- EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
- EVP_DigestVerifyUpdate(mctx, msg, msg_len);
- EVP_DigestVerifyFinal(mctx, sig, sig_len)
- =head1 SEE ALSO
- L<EVP_PKEY_CTX_new(3)>,
- L<EVP_DigestSignInit(3)>,
- L<EVP_DigestVerifyInit(3)>,
- L<EVP_PKEY_CTX_set1_id(3)>,
- L<EVP_MD_CTX_set_pkey_ctx(3)>
- =head1 COPYRIGHT
- Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|