Generating and checking SM2 signatures

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Generating and checking SM2 signatures

Jörg Heßdörfer
Hello,

I'm tasked to implement certain cryptographic functions (chiefly
signature creation/validation) using the SM2 algorithm for a
communication testing application. My problem is that the standard which
I need to follow (which is, unfortunately, not a public standard) states
that the signature needs to be generated over H(data input) || H(some
ID) , so I cannot use the EVP-Method as I understand it from
https://www.openssl.org/docs/manmaster/man7/SM2.html (here, H is the SM3
hash function). This would be possible to achieve by generating the
digest and then using the (albeit deprecated) function ECDSA_do_sign for
ECDSA but I don't know how to do it for SM2.

Is there any way to do this with openssl? Any help or pointer is very
much appreciated!

Thank you,

     Jörg

--
Jörg Heßdörfer
S.E.A. Datentechnik GmbH
Mülheimer Straße 7
53840 Troisdorf
Tel.: +49 2241 12737-19
Fax.: +49 2241 12737-14
E-Mail: [hidden email]
Web : http://www.sea-gmbh.com

Informationen nach 37aHGB, 35a GmbH-Gesetz:
S.E.A.
Science& Engineering Applications
Datentechnik GmbH
Sitz der Gesellschaft Köln
Handelsregister Köln HRB 27016
Geschäftsführer: Dr. Gerd Schmitz, Wolfram Koerver

Reply | Threaded
Open this post in threaded view
|

Re: Generating and checking SM2 signatures

Billy Brumley
> I'm tasked to implement certain cryptographic functions (chiefly
> signature creation/validation) using the SM2 algorithm for a
> communication testing application. My problem is that the standard which
> I need to follow (which is, unfortunately, not a public standard) states
> that the signature needs to be generated over H(data input) || H(some
> ID) , so I cannot use the EVP-Method as I understand it from
> https://www.openssl.org/docs/manmaster/man7/SM2.html (here, H is the SM3
> hash function). This would be possible to achieve by generating the
> digest and then using the (albeit deprecated) function ECDSA_do_sign for
> ECDSA but I don't know how to do it for SM2.

It seems like you're trying to roll your own SM2 -- don't do that ;)

> Is there any way to do this with openssl? Any help or pointer is very
> much appreciated!

I ... think it is possible directly with EVP and control strings. Step through

openssl pkeyutl -inkey private.key -in /some/file -rawin -sign
-pkeyopt sm2_id:foobar

in a debugger and that should get you on the right path.

BBB
Reply | Threaded
Open this post in threaded view
|

Re: Generating and checking SM2 signatures

Matt Caswell-2


On 23/04/2020 03:36, Billy Brumley wrote:

>> I'm tasked to implement certain cryptographic functions (chiefly
>> signature creation/validation) using the SM2 algorithm for a
>> communication testing application. My problem is that the standard which
>> I need to follow (which is, unfortunately, not a public standard) states
>> that the signature needs to be generated over H(data input) || H(some
>> ID) , so I cannot use the EVP-Method as I understand it from
>> https://www.openssl.org/docs/manmaster/man7/SM2.html (here, H is the SM3
>> hash function). This would be possible to achieve by generating the
>> digest and then using the (albeit deprecated) function ECDSA_do_sign for
>> ECDSA but I don't know how to do it for SM2.
>
> It seems like you're trying to roll your own SM2 -- don't do that ;)

Agreed - I echo Billy's concern!

>
>> Is there any way to do this with openssl? Any help or pointer is very
>> much appreciated!
>
> I ... think it is possible directly with EVP and control strings. Step through
>
> openssl pkeyutl -inkey private.key -in /some/file -rawin -sign
> -pkeyopt sm2_id:foobar
>
> in a debugger and that should get you on the right path.

Unfortunately, the SM2 id does something different to this I think. I'm
not an SM2 expert but I believe that does:

H( H(stuff || id || other_stuff) || M )

You should be able to use the EVP_PKEY_sign_init()/EVP_PKEY_sign()
functions to sign pre-digested input.

https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_sign.html


Matt

Reply | Threaded
Open this post in threaded view
|

Re: Generating and checking SM2 signatures

Jörg Heßdörfer
In reply to this post by Billy Brumley
Hello Billy,

On 23.04.2020 04:36, Billy Brumley wrote:

>> I'm tasked to implement certain cryptographic functions (chiefly
>> signature creation/validation) using the SM2 algorithm for a
>> communication testing application. My problem is that the standard which
>> I need to follow (which is, unfortunately, not a public standard) states
>> that the signature needs to be generated over H(data input) || H(some
>> ID) , so I cannot use the EVP-Method as I understand it from
>> https://www.openssl.org/docs/manmaster/man7/SM2.html (here, H is the SM3
>> hash function). This would be possible to achieve by generating the
>> digest and then using the (albeit deprecated) function ECDSA_do_sign for
>> ECDSA but I don't know how to do it for SM2.
> It seems like you're trying to roll your own SM2 -- don't do that ;)

No, actually I don't. But tell that the standards groups ;-)

>> Is there any way to do this with openssl? Any help or pointer is very
>> much appreciated!
> I ... think it is possible directly with EVP and control strings. Step through
>
> openssl pkeyutl -inkey private.key -in /some/file -rawin -sign
> -pkeyopt sm2_id:foobar
>
> in a debugger and that should get you on the right path.
>
> BBB
thanks for the pointer! This got me started in the right direction. I
did not use the debugger, but the source code of pkeyutil instead ;-)

I can now (I hope) generate signatures without using the built-in digest
hash first, by simply calling

EVP_DigestSignInit(mctx, NULL, NULL, NULL, pkey)

instead of

EVP_DigestSignInit(mctx, NULL, EVP_sm3(), NULL, pkey)

Thank you again and stay well,
     Jörg

--
Jörg Heßdörfer
S.E.A. Datentechnik GmbH
Mülheimer Straße 7
53840 Troisdorf
Tel.: +49 2241 12737-19
Fax.: +49 2241 12737-14
E-Mail: [hidden email]
Web : http://www.sea-gmbh.com

Informationen nach 37aHGB, 35a GmbH-Gesetz:
S.E.A.
Science& Engineering Applications
Datentechnik GmbH
Sitz der Gesellschaft Köln
Handelsregister Köln HRB 27016
Geschäftsführer: Dr. Gerd Schmitz, Wolfram Koerver