gmssl国密sm2(生成密钥对-私钥签字-证书验签)
生成密钥对:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "e_os.h"
#include "sm2ToOC.h"
#include "string.h"
# include <openssl/bn.h>
# include <openssl/ec.h>
# include <openssl/evp.h>
# include <openssl/rand.h>
# include <openssl/engine.h>
# include <openssl/sm2.h>
# include "sm2_lcl.h"
# include "pkcs12.h"
#include <openssl/pem.h>
#include "ec/ec_lcl.h"
#include "bn/bn_lcl.h"
int genkey()
{
EC_KEY *keypair = NULL;
EC_GROUP *group1 = NULL;
keypair = EC_KEY_new();
if(!keypair) {
printf("Failed to Gen Key");
exit(1);
}
group1 = EC_GROUP_new_by_curve_name(NID_sm2p256v1);
if(group1 == NULL){
printf("Failed to Gen Key");
exit(1);
}
int ret1 = EC_KEY_set_group(keypair, group1);
if(ret1 != 1){
printf("Failed to Gen Key");
exit(1);
}
int ret2 = EC_KEY_generate_key(keypair);
if(ret2 != 1){
printf("Failed to Gen Key");
exit(1);
}
size_t pri_len;
size_t pub_len;
char *pri_key = NULL;
char *pub_key = NULL;
BIO *pri = BIO_new(BIO_s_mem());
BIO *pub = BIO_new(BIO_s_mem());
PEM_write_bio_ECPrivateKey(pri, keypair, NULL, NULL, 0, NULL, NULL);
PEM_write_bio_EC_PUBKEY(pub, keypair);
BIO *bio_out = BIO_new_file("private.key", "w");
PEM_write_bio_ECPrivateKey(bio_out, keypair, NULL, NULL, 0, NULL, NULL);
BIO_free(bio_out);
bio_out = BIO_new_file("public.key", "w");
PEM_write_bio_EC_PUBKEY(bio_out, keypair);
BIO_free(bio_out);
pri_len = BIO_pending(pri);
pub_len = BIO_pending(pub);
pri_key = (char *)malloc(pri_len + 1);
pub_key = (char *)malloc(pub_len + 1);
BIO_read(pri, pri_key, pri_len);
BIO_read(pub, pub_key, pub_len);
pri_key[pri_len] = '\0';
pub_key[pub_len] = '\0';
EC_KEY_free(keypair);
BIO_free_all(pub);
BIO_free_all(pri);
free(pri_key);
free(pub_key);
return 1;
}
void main(void)
{
genkey();
}
签字验签:
#include <stdio.h>
#include <string.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/ecdsa.h>
#include <openssl/sha.h>
#include <openssl/asn1.h>
#include <openssl/x509.h>
#include <openssl/objects.h>
#include <openssl/buffer.h>
#include <openssl/sm2.h>
#include <apps/apps.h>
int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
{
BIO *mem;
int len, ret;
unsigned char tbuf[1024];
mem = BIO_new(BIO_s_mem());
if (mem == NULL)
return -1;
for (;;) {
if ((maxlen != -1) && maxlen < 1024)
len = maxlen;
else
len = 1024;
len = BIO_read(in, tbuf, len);
if (len < 0) {
BIO_free(mem);
return -1;
}
if (len == 0)
break;
if (BIO_write(mem, tbuf, len) != len) {
BIO_free(mem);
return -1;
}
maxlen -= len;
if (maxlen == 0)
break;
}
ret = BIO_get_mem_data(mem, (char **)out);
BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
BIO_free(mem);
return ret;
}
static int sm2utl_sign(const EVP_MD *md, BIO *in, BIO *out, const char *id,
ENGINE *e, EC_KEY *ec_key, int sign)
{
int ret = 0;
EVP_MD_CTX *md_ctx = NULL;
ECDSA_SIG *sig = NULL;
unsigned char buf[1024];
size_t siz = sizeof(buf);
unsigned int ulen = sizeof(buf);
int len;
printf("sm2utl_sign\n");
if (!(md_ctx = EVP_MD_CTX_new())
|| !EVP_DigestInit_ex(md_ctx, md, e)
|| !SM2_compute_id_digest(md, id, strlen(id), buf, &siz, ec_key)
|| !EVP_DigestUpdate(md_ctx, buf, siz)) {
}
while ((len = BIO_read(in, buf, sizeof(buf))) > 0) {
if (!EVP_DigestUpdate(md_ctx, buf, len)) {
}
}
if (!EVP_DigestFinal_ex(md_ctx, buf, &ulen)) {
}
len = (int)ulen;
if (sign) {
unsigned char *p = buf;
if (!(sig = SM2_do_sign(buf, len, ec_key))
|| (len = i2d_ECDSA_SIG(sig, &p)) <= 0) {
}
}
if (BIO_write(out, buf, len) != len) {
}
ret = 1;
end:
EVP_MD_CTX_free(md_ctx);
ECDSA_SIG_free(sig);
return ret;
}
static int sm2utl_verify(const EVP_MD *md, BIO *in, BIO *out, BIO *sig,
const char *id, ENGINE *e, EC_KEY *ec_key)
{
int ret = 0;
EVP_MD_CTX *md_ctx = NULL;
unsigned char *sigbuf = NULL;
unsigned char buf[1024];
size_t siz = sizeof(buf);
unsigned int ulen = sizeof(buf);
int siglen, len;
siglen = bio_to_mem(&sigbuf, 256, sig);
if (siglen < 0) {
}
if (!(md_ctx = EVP_MD_CTX_new())
|| !EVP_DigestInit_ex(md_ctx, md, e)
|| !SM2_compute_id_digest(md, id, strlen(id), buf, &siz, ec_key)
|| !EVP_DigestUpdate(md_ctx, buf, siz)) {
}
while ((len = BIO_read(in, buf, sizeof(buf))) > 0) {
if (!EVP_DigestUpdate(md_ctx, buf, len)) {
}
}
siz = sizeof(buf);
if (!EVP_DigestFinal_ex(md_ctx, buf, &ulen)) {
}
/* SM2_verify() can check no suffix on signature */
ret = SM2_verify(NID_undef, buf, ulen, sigbuf, siglen, ec_key);
if (ret == 1) {
printf("Signature Verification Successful\n");
} else {
printf("Signature Verification Failure\n");
ret = 0;
}
end:
OPENSSL_free(sigbuf);
EVP_MD_CTX_free(md_ctx);
return ret;
}
int signature(char *msg)
{
BIO *in = NULL, *out = NULL, *sig = NULL;
char *keyfile = NULL;
EVP_PKEY *pkey = NULL;
EC_KEY *ec_key = NULL;
int keyform = FORMAT_PEM;
const EVP_MD *md = EVP_sm3();
in = BIO_new_file("text.txt", "rb");
out = BIO_new_file("text.sig", "wb");
BIO * key = NULL;
key = BIO_new_file("private.key", "r");
pkey=PEM_read_bio_PrivateKey(key, NULL, 0, NULL);
if (!(ec_key = EVP_PKEY_get0_EC_KEY(pkey))
|| !EC_KEY_is_sm2p256v1(ec_key)) {
printf("Invalid key type\n");
return -1;
}
sm2utl_sign(md, in, out, "1234567812345678", 0, ec_key, 1);
return 1;
}
int verify_sig(void)
{
const EVP_MD *md = EVP_sm3();
BIO *in = NULL, *out = NULL, *sig = NULL;
in = BIO_new_file("text.txt", "rb");
sig = BIO_new_file("text_1.sig", "rb");
//FILE *fp = fopen("public_cert.pem", "r");
//X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
FILE *fp = fopen("public.cer", "r");
X509 *cert = d2i_X509_fp(fp, NULL);
EVP_PKEY *evk = X509_get_pubkey(cert);
EC_KEY *ec_key=EVP_PKEY_get0_EC_KEY(evk);
if (1==sm2utl_verify(md, in, out, sig, "1234567812345678", 0, ec_key))
{
printf("verify success\n");
}
else
{
printf("verify fail\n");
}
return 1;
}
void main(void)
{
signature("1234567890123456");
//verify_sig();
}
SM2签名及验证过程中,并不是直接计算被签名数据的摘要,而是要经过专门的预处理过程得到摘要。此过程包含两个阶段的摘要计算:
1)Z = SM3(ENTL || ID || a || b || x_G || y_G || x_A || y_A)
ENTL || ID || a || b || x_G || y_G || x_A || y_A表示签名元素数据的拼接(级联)。
其中,ENTL 是签名者 ID 的位长度,占两个字节;ID是签名者ID,国密标准里定义的缺省签名者ID用UFT_8字符串表示是“1234567812345678”,用十六进制表示是0x31323334353637383132333435363738。所以在缺省情况下,ENTL值是0x0080.a, b, x_G, y_G 都是SM2算法标准中给定的值。a和b是椭圆曲线y=x+ax+b的系数,x_G, y_G是SM2算法选定的基点的坐标。上述参数都是固定值:a=0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC
b=0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93
x_G= 0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7
y_G=0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0
x_A || y_A就是公钥两部分值的拼接,注意,没有0x04的部分;将上述各元素拼接值进行SM3运算,得到结果Z。2) H=SM3(Z || M)
Z是第一步运算得到的摘要,M是签名的原文,将两者拼接,再进行SM3摘要运算。得到的摘要就是预处理得到的结果,将用于后续的签名及验证运算。
参考:
基于Gmssl的SM2加解密算法Demo - 程序员大本营
GitHub - guanzhi/GmSSL: 支持国密SM2/SM3/SM4/SM9/SSL的密码工具箱