| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | SM2 - Chinese SM2 signature and encryption algorithm support
|
|---|
| 6 |
|
|---|
| 7 | =head1 DESCRIPTION
|
|---|
| 8 |
|
|---|
| 9 | The B<SM2> algorithm was first defined by the Chinese national standard GM/T
|
|---|
| 10 | 0003-2012 and was later standardized by ISO as ISO/IEC 14888. B<SM2> is actually
|
|---|
| 11 | an elliptic curve based algorithm. The current implementation in OpenSSL supports
|
|---|
| 12 | both signature and encryption schemes via the EVP interface.
|
|---|
| 13 |
|
|---|
| 14 | When doing the B<SM2> signature algorithm, it requires a distinguishing identifier
|
|---|
| 15 | to form the message prefix which is hashed before the real message is hashed.
|
|---|
| 16 |
|
|---|
| 17 | =head1 NOTES
|
|---|
| 18 |
|
|---|
| 19 | B<SM2> signatures can be generated by using the 'DigestSign' series of APIs, for
|
|---|
| 20 | instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal().
|
|---|
| 21 | Ditto for the verification process by calling the 'DigestVerify' series of APIs.
|
|---|
| 22 |
|
|---|
| 23 | There are several special steps that need to be done before computing an B<SM2>
|
|---|
| 24 | signature.
|
|---|
| 25 |
|
|---|
| 26 | The B<EVP_PKEY> structure will default to using ECDSA for signatures when it is
|
|---|
| 27 | created. It should be set to B<EVP_PKEY_SM2> by calling:
|
|---|
| 28 |
|
|---|
| 29 | EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
|
|---|
| 30 |
|
|---|
| 31 | Then an ID should be set by calling:
|
|---|
| 32 |
|
|---|
| 33 | EVP_PKEY_CTX_set1_id(pctx, id, id_len);
|
|---|
| 34 |
|
|---|
| 35 | When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a
|
|---|
| 36 | pre-allocated B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>. This is
|
|---|
| 37 | done by calling:
|
|---|
| 38 |
|
|---|
| 39 | EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
|
|---|
| 40 |
|
|---|
| 41 | And normally there is no need to pass a B<pctx> parameter to EVP_DigestSignInit()
|
|---|
| 42 | or EVP_DigestVerifyInit() in such a scenario.
|
|---|
| 43 |
|
|---|
| 44 | =head1 EXAMPLES
|
|---|
| 45 |
|
|---|
| 46 | This example demonstrates the calling sequence for using an B<EVP_PKEY> to verify
|
|---|
| 47 | a message with the SM2 signature algorithm and the SM3 hash algorithm:
|
|---|
| 48 |
|
|---|
| 49 | #include <openssl/evp.h>
|
|---|
| 50 |
|
|---|
| 51 | /* obtain an EVP_PKEY using whatever methods... */
|
|---|
| 52 | EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
|
|---|
| 53 | mctx = EVP_MD_CTX_new();
|
|---|
| 54 | pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
|---|
| 55 | EVP_PKEY_CTX_set1_id(pctx, id, id_len);
|
|---|
| 56 | EVP_MD_CTX_set_pkey_ctx(mctx, pctx);;
|
|---|
| 57 | EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
|
|---|
| 58 | EVP_DigestVerifyUpdate(mctx, msg, msg_len);
|
|---|
| 59 | EVP_DigestVerifyFinal(mctx, sig, sig_len)
|
|---|
| 60 |
|
|---|
| 61 | =head1 SEE ALSO
|
|---|
| 62 |
|
|---|
| 63 | L<EVP_PKEY_CTX_new(3)>,
|
|---|
| 64 | L<EVP_PKEY_set_alias_type(3)>,
|
|---|
| 65 | L<EVP_DigestSignInit(3)>,
|
|---|
| 66 | L<EVP_DigestVerifyInit(3)>,
|
|---|
| 67 | L<EVP_PKEY_CTX_set1_id(3)>,
|
|---|
| 68 | L<EVP_MD_CTX_set_pkey_ctx(3)>
|
|---|
| 69 |
|
|---|
| 70 | =head1 COPYRIGHT
|
|---|
| 71 |
|
|---|
| 72 | Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 73 |
|
|---|
| 74 | Licensed under the OpenSSL license (the "License"). You may not use
|
|---|
| 75 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 76 | in the file LICENSE in the source distribution or at
|
|---|
| 77 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 78 |
|
|---|
| 79 | =cut
|
|---|
