| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | SM2 - Chinese SM2 signature and encryption algorithm support |
| 6 | |
| 7 | =head1 DESCRIPTION |
| 8 | |
| 9 | The B<SM2> algorithm was first defined by the Chinese national standard GM/T |
| 10 | 0003-2012 and was later standardized by ISO as ISO/IEC 14888. B<SM2> is actually |
| 11 | an elliptic curve based algorithm. The current implementation in OpenSSL supports |
| 12 | both signature and encryption schemes via the EVP interface. |
| 13 | |
| 14 | When doing the B<SM2> signature algorithm, it requires a distinguishing identifier |
| 15 | to form the message prefix which is hashed before the real message is hashed. |
| 16 | |
| 17 | =head1 NOTES |
| 18 | |
| 19 | B<SM2> signatures can be generated by using the 'DigestSign' series of APIs, for |
| 20 | instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal(). |
| 21 | Ditto for the verification process by calling the 'DigestVerify' series of APIs. |
| 22 | |
| 23 | There are several special steps that need to be done before computing an B<SM2> |
| 24 | signature. |
| 25 | |
| 26 | The B<EVP_PKEY> structure will default to using ECDSA for signatures when it is |
| 27 | created. It should be set to B<EVP_PKEY_SM2> by calling: |
| 28 | |
| 29 | EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); |
| 30 | |
| 31 | Then an ID should be set by calling: |
| 32 | |
| 33 | EVP_PKEY_CTX_set1_id(pctx, id, id_len); |
| 34 | |
| 35 | When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a |
| 36 | preallocated B<EVP_PKEY_CTX> should be assigned to the B<EVP_MD_CTX>. This is |
| 37 | done by calling: |
| 38 | |
| 39 | EVP_MD_CTX_set_pkey_ctx(mctx, pctx); |
| 40 | |
| 41 | And normally there is no need to pass a B<pctx> parameter to EVP_DigestSignInit() |
| 42 | or EVP_DigestVerifyInit() in such a scenario. |
| 43 | |
| 44 | =head1 EXAMPLES |
| 45 | |
| 46 | This example demonstrates the calling sequence for using an B<EVP_PKEY> to verify |
| 47 | a message with the SM2 signature algorithm and the SM3 hash algorithm: |
| 48 | |
| 49 | #include <openssl/evp.h> |
| 50 | |
| 51 | /* obtain an EVP_PKEY using whatever methods... */ |
| 52 | EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); |
| 53 | mctx = EVP_MD_CTX_new(); |
| 54 | pctx = EVP_PKEY_CTX_new(pkey, NULL); |
| 55 | EVP_PKEY_CTX_set1_id(pctx, id, id_len); |
| 56 | EVP_MD_CTX_set_pkey_ctx(mctx, pctx);; |
| 57 | EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); |
| 58 | EVP_DigestVerifyUpdate(mctx, msg, msg_len); |
| 59 | EVP_DigestVerifyFinal(mctx, sig, sig_len) |
| 60 | |
| 61 | =head1 SEE ALSO |
| 62 | |
| 63 | L<EVP_PKEY_CTX_new(3)>, |
| 64 | L<EVP_PKEY_set_alias_type(3)>, |
| 65 | L<EVP_DigestSignInit(3)>, |
| 66 | L<EVP_DigestVerifyInit(3)>, |
| 67 | L<EVP_PKEY_CTX_set1_id(3)>, |
| 68 | L<EVP_MD_CTX_set_pkey_ctx(3)> |
| 69 | |
| 70 | =head1 COPYRIGHT |
| 71 | |
| 72 | Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. |
| 73 | |
| 74 | Licensed under the OpenSSL license (the "License"). You may not use |
| 75 | this file except in compliance with the License. You can obtain a copy |
| 76 | in the file LICENSE in the source distribution or at |
| 77 | L<https://www.openssl.org/source/license.html>. |
| 78 | |
| 79 | =cut |