mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
7ed6de997f
Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
98 lines
3.2 KiB
Plaintext
98 lines
3.2 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
EVP_PKEY-SM2, EVP_KEYMGMT-SM2, SM2
|
|
- EVP_PKEY keytype support for the Chinese SM2 signature and encryption algorithms
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The B<SM2> algorithm was first defined by the Chinese national standard GM/T
|
|
0003-2012 and was later standardized by ISO as ISO/IEC 14888. B<SM2> is actually
|
|
an elliptic curve based algorithm. The current implementation in OpenSSL supports
|
|
both signature and encryption schemes via the EVP interface.
|
|
|
|
When doing the B<SM2> signature algorithm, it requires a distinguishing identifier
|
|
to form the message prefix which is hashed before the real message is hashed.
|
|
|
|
=head2 Common SM2 parameters
|
|
|
|
SM2 uses the parameters defined in L<EVP_PKEY-EC(7)/Common EC parameters>.
|
|
The following parameters are different:
|
|
|
|
=over 4
|
|
|
|
=item "cofactor" (B<OSSL_PKEY_PARAM_EC_COFACTOR>) <unsigned integer>
|
|
|
|
This parameter is ignored for B<SM2>.
|
|
|
|
=item (B<OSSL_PKEY_PARAM_DEFAULT_DIGEST>) <UTF8 string>
|
|
|
|
Getter that returns the default digest name.
|
|
(Currently returns "SM3" as of OpenSSL 3.0).
|
|
|
|
=back
|
|
|
|
=head1 NOTES
|
|
|
|
B<SM2> signatures can be generated by using the 'DigestSign' series of APIs, for
|
|
instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal().
|
|
Ditto for the verification process by calling the 'DigestVerify' series of APIs.
|
|
Note that the SM2 algorithm requires the presence of the public key for signatures,
|
|
as such the B<OSSL_PKEY_PARAM_PUB_KEY> option must be set on any key used in signature
|
|
generation.
|
|
|
|
Before computing an B<SM2> signature, an B<EVP_PKEY_CTX> needs to be created,
|
|
and an B<SM2> ID must be set for it, like this:
|
|
|
|
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
|
|
|
|
Before calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions,
|
|
that B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>, like this:
|
|
|
|
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
|
|
|
|
There is normally no need to pass a B<pctx> parameter to EVP_DigestSignInit()
|
|
or EVP_DigestVerifyInit() in such a scenario.
|
|
|
|
SM2 can be tested with the L<openssl-speed(1)> application since version 3.0.
|
|
Currently, the only valid algorithm name is B<sm2>.
|
|
|
|
Since version 3.0, SM2 keys can be generated and loaded only when the domain
|
|
parameters specify the SM2 elliptic curve.
|
|
|
|
=head1 EXAMPLES
|
|
|
|
This example demonstrates the calling sequence for using an B<EVP_PKEY> to verify
|
|
a message with the SM2 signature algorithm and the SM3 hash algorithm:
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
/* obtain an EVP_PKEY using whatever methods... */
|
|
mctx = EVP_MD_CTX_new();
|
|
pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
|
EVP_PKEY_CTX_set1_id(pctx, id, id_len);
|
|
EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
|
|
EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey);
|
|
EVP_DigestVerifyUpdate(mctx, msg, msg_len);
|
|
EVP_DigestVerifyFinal(mctx, sig, sig_len)
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<EVP_PKEY_CTX_new(3)>,
|
|
L<EVP_DigestSignInit(3)>,
|
|
L<EVP_DigestVerifyInit(3)>,
|
|
L<EVP_PKEY_CTX_set1_id(3)>,
|
|
L<EVP_MD_CTX_set_pkey_ctx(3)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|