Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src/OpenSSL/crypto.py: support SM2 sign with OpenSSL 1.1.1x #1172

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions src/OpenSSL/crypto.py
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,9 @@
TYPE_DH: int = _lib.EVP_PKEY_DH
TYPE_EC: int = _lib.EVP_PKEY_EC

NID_sm2 = 1172
EVP_PKEY_SM2 = NID_sm2


class Error(Exception):
"""
Expand Down Expand Up @@ -3104,6 +3107,22 @@ def sign(pkey: PKey, data: Union[str, bytes], digest: str) -> bytes:
if digest_obj == _ffi.NULL:
raise ValueError("No such digest method")

if (
_lib.OPENSSL_VERSION_NUMBER < 0x30000000
and _lib.EVP_PKEY_id(pkey._pkey) == _lib.EVP_PKEY_EC
):
if (
_lib.EC_GROUP_get_curve_name(
_lib.EC_KEY_get0_group(_lib.EVP_PKEY_get1_EC_KEY(pkey._pkey))
)
== NID_sm2
):
if hasattr(_lib, "EVP_PKEY_set_alias_type"):
_lib.EVP_PKEY_set_alias_type(pkey._pkey, EVP_PKEY_SM2)
else:
print("The SM2 Signing isn't enable in current OpenSSL 1.1.x")
return b""

md_ctx = _lib.EVP_MD_CTX_new()
md_ctx = _ffi.gc(md_ctx, _lib.EVP_MD_CTX_free)

Expand Down
23 changes: 23 additions & 0 deletions tests/test_crypto.py
Original file line number Diff line number Diff line change
Expand Up @@ -787,6 +787,15 @@ def normalize_privatekey_pem(pem):
Td8GMrwKz0557OxxtKN6uVVy4ACFMqEw0zN/KJI1vxc9
-----END CERTIFICATE-----"""

sm2_root_key_pem = b"""-----BEGIN EC PARAMETERS-----
BggqgRzPVQGCLQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEII/sRQnfpXCVx5kjmRbPp7KGgwJlOCx0kBX2Tr2lXrM2oAoGCCqBHM9V
AYItoUQDQgAEkZX7gPPNGa0uwJMjTCBgVxlTD2krqPL1rZg2z9HLg3wnH06IxQ8r
3su/VOmyoYBLBYcEjI7GSzvBy6ynX1ZDwA==
-----END EC PRIVATE KEY-----"""

rsa_p_not_prime_pem = """
-----BEGIN RSA PRIVATE KEY-----
MBsCAQACAS0CAQcCAQACAQ8CAQMCAQACAQACAQA=
Expand Down Expand Up @@ -4397,6 +4406,20 @@ def test_sign_verify_ecdsa(self):
sig = sign(priv_key, content, "sha256")
verify(cert, sig, content, "sha256")

def test_sign_sm2(self):
"""
`sign` generates a SM2 cryptographic signature
"""
content = (
b"It was a bright cold day in April, and the clocks were striking "
b"thirteen. Winston Smith, his chin nuzzled into his breast in an "
b"effort to escape the vile wind, slipped quickly through the "
b"glass doors of Victory Mansions, though not quickly enough to "
b"prevent a swirl of gritty dust from entering along with him."
)
priv_key = load_privatekey(FILETYPE_PEM, sm2_root_key_pem)
_ = sign(priv_key, content, "sm3")

def test_sign_nulls(self):
"""
`sign` produces a signature for a string with embedded nulls.
Expand Down