nss/Feature-nss-support-SM2-signature-algorithm.patch

From 95151bc198fb304ebaea229be32ad6c207f41887 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Tue, 27 Sep 2022 20:14:27 +0800
Subject: [PATCH 4/4] nss support SM2 signature algorithm

Co-authored-by: godcansee <liu332084460@foxmail.com>
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>

diff --git a/lib/cryptohi/cryptohi.h b/lib/cryptohi/cryptohi.h
index 7b66f0b..4f99ef9 100644
--- a/lib/cryptohi/cryptohi.h
+++ b/lib/cryptohi/cryptohi.h
@@ -420,6 +420,8 @@ extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf,
                                                const SECAlgorithmID *algid, SECOidTag *hash,
                                                void *wincx);
 
+SECStatus SEC_CreateSM2Digest(unsigned char *z, SECItem *pub);
+
 SEC_END_PROTOS
 
 #endif /* _CRYPTOHI_H_ */
diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
index 656609e..6a230e1 100644
--- a/lib/cryptohi/seckey.c
+++ b/lib/cryptohi/seckey.c
@@ -519,6 +519,7 @@ seckey_GetKeyType(SECOidTag tag)
             keyType = dhKey;
             break;
         case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+        case SEC_OID_SM2:
             keyType = ecKey;
             break;
         /* accommodate applications that hand us a signature type when they
@@ -775,6 +776,7 @@ SECKEY_ECParamsToKeySize(const SECItem *encodedParams)
 
         case SEC_OID_SECG_EC_SECP256K1:
         case SEC_OID_ANSIX962_EC_PRIME256V1:
+        case SEC_OID_SM2:
             return 256;
 
         case SEC_OID_ANSIX962_EC_C2PNB272W1:
@@ -923,6 +925,7 @@ SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams)
 
         case SEC_OID_SECG_EC_SECP256K1:
         case SEC_OID_ANSIX962_EC_PRIME256V1:
+        case SEC_OID_SM2:
             return 256;
 
         case SEC_OID_ANSIX962_EC_C2PNB272W1:
diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c
index 8779904..8a12b25 100644
--- a/lib/cryptohi/secsign.c
+++ b/lib/cryptohi/secsign.c
@@ -882,3 +882,46 @@ SEC_CreateSignatureAlgorithmParameters(PLArenaPool *arena,
             return result;
     }
 }
+
+// TODO
+const unsigned char zin_default[] = {
+    0x00, 0x80, // id length
+    0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34,
+    0x35, 0x36, 0x37, 0x38, // default id: 1234567812345678
+    0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, // sm2 a
+    0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+    0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+    0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93, // sm2 b
+    0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+    0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+    0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7, // sm2 x
+    0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+    0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+    0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 // sm2 y
+};
+
+SECStatus SEC_CreateSM2Digest(unsigned char *z, SECItem *pub)
+{
+    unsigned int len;
+    PK11Context *ctx;
+
+    if (!z || !pub || pub->len != 65)
+        return SECFailure;
+
+    ctx = PK11_CreateDigestContext(SEC_OID_SM3);
+    if (!ctx)
+        return SECFailure;
+
+    if (PK11_DigestBegin(ctx) != SECSuccess ||
+        PK11_DigestOp(ctx, zin_default, sizeof(zin_default)) != SECSuccess ||
+        PK11_DigestOp(ctx, pub->data + 1, 64) != SECSuccess ||
+        PK11_DigestFinal(ctx, z, &len, SM3_LENGTH)) {
+        PK11_DestroyContext(ctx, PR_TRUE);
+        return SECFailure;
+    }
+
+    PK11_DestroyContext(ctx, PR_TRUE);
+    return SECSuccess;
+}
diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c
index 8c9dc2d..981cb0d 100644
--- a/lib/cryptohi/secvfy.c
+++ b/lib/cryptohi/secvfy.c
@@ -288,6 +288,8 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg)
         case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
         case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
             return SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+        case SEC_OID_SM2_WITH_SM3:
+            return SEC_OID_SM2;
         /* we don't implement MD4 hashes */
         case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
         default:
@@ -430,6 +432,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
                 return SECFailure;
             }
             break;
+        case SEC_OID_SM2_WITH_SM3:
+            *hashalg = SEC_OID_SM3;
+            break;
         /* we don't implement MD4 hashes */
         case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
         default:
diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c
index 5bf7d81..2b8e321 100644
--- a/lib/freebl/ec.c
+++ b/lib/freebl/ec.c
@@ -15,6 +15,7 @@
 #include "mplogic.h"
 #include "ec.h"
 #include "ecl.h"
+#include "sm2.h"
 
 #define EC_DOUBLECHECK PR_FALSE
 
@@ -988,7 +989,9 @@ ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
         goto cleanup;
 
     /* Generate ECDSA signature with the specified k value */
-    rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len);
+    rv = key->ecParams.name == ECCurve_sm2p256v1 ?
+        SM2_SignDigestWithSeed(key, signature, digest, kBytes, len) :
+        ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len);
 
 cleanup:
     if (kBytes) {
diff --git a/lib/freebl/ecdecode.c b/lib/freebl/ecdecode.c
index bd31eb0..29f41c9 100644
--- a/lib/freebl/ecdecode.c
+++ b/lib/freebl/ecdecode.c
@@ -181,6 +181,10 @@ EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
                                                   params));
             break;
 
+        case SEC_OID_SM2:
+            /* Populate params for Curve SM2 */
+           CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_sm2p256v1, ec_field_plain,
+                                                 params));
         default:
             break;
     };
diff --git a/lib/freebl/ecl/ecl-curve.h b/lib/freebl/ecl/ecl-curve.h
index dec3ce3..b525ba5 100644
--- a/lib/freebl/ecl/ecl-curve.h
+++ b/lib/freebl/ecl/ecl-curve.h
@@ -178,6 +178,38 @@ static const ECCurveBytes ecCurve_25519 = {
     KU_KEY_AGREEMENT
 };
 
+static const PRUint8 sm2_irr[32] =
+    { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+static const PRUint8 sm2_a[32] =
+    { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+      0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc };
+static const PRUint8 sm2_b[32] =
+    { 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+      0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+      0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93 };
+static const PRUint8 sm2_x[32] =
+    { 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+      0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+      0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7 };
+static const PRUint8 sm2_y[32] =
+    { 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+      0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+      0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 };
+static const PRUint8 sm2_order[32] =
+    { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+      0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+      0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 };
+
+static const ECCurveBytes ecCurve_sm2p256v1 = {
+    "sm2p256v1", ECField_GFp, 256,
+    sm2_irr, sm2_a, sm2_b, sm2_x, sm2_y, sm2_order, NULL,
+    8, 128, 66, 32, // TODO
+    KU_KEY_AGREEMENT
+};
+
 /* mapping between ECCurveName enum and pointers to ECCurveParams */
 static const ECCurveBytes *ecCurve_map[] = {
     NULL,               /* ECCurve_noName */
@@ -239,6 +271,7 @@ static const ECCurveBytes *ecCurve_map[] = {
     NULL,               /* ECCurve_WTLS_8 */
     NULL,               /* ECCurve_WTLS_9 */
     &ecCurve_25519,     /* ECCurve25519 */
+    &ecCurve_sm2p256v1, /* ECCurve_sm2p256v1 */
     NULL                /* ECCurve_pastLastCurve */
 };
 
diff --git a/lib/freebl/ecl/ecl-exp.h b/lib/freebl/ecl/ecl-exp.h
index 44adb8a..d071fc9 100644
--- a/lib/freebl/ecl/ecl-exp.h
+++ b/lib/freebl/ecl/ecl-exp.h
@@ -132,6 +132,7 @@ typedef enum {
     /* ECCurve_WTLS_12 == ECCurve_NIST_P224 */
 
     ECCurve25519,
+    ECCurve_sm2p256v1,
 
     ECCurve_pastLastCurve
 } ECCurveName;
diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi
index 920d613..e6094a9 100644
--- a/lib/freebl/freebl_base.gypi
+++ b/lib/freebl/freebl_base.gypi
@@ -61,6 +61,7 @@
     'sha_fast.c',
     'shvfy.c',
     'sm3.c',
+    'sm2.c',
     'sysrand.c',
     'tlsprfalg.c',
     'secmpi.c',
diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn
index 3214369..f321f67 100644
--- a/lib/freebl/manifest.mn
+++ b/lib/freebl/manifest.mn
@@ -161,6 +161,7 @@ CSRCS = \
 	$(LOWHASH_SRCS) \
 	$(EXTRA_SRCS) \
 	sm3.c \
+	sm2.c \
 	$(NULL)
 
 ifndef NSS_DISABLE_DEPRECATED_SEED
@@ -191,6 +192,7 @@ ALL_HDRS =  \
 	vis_proto.h \
 	seed.h \
 	sm3.h \
+	sm2.h \
 	$(NULL)
 
 
diff --git a/lib/nss/nss.def b/lib/nss/nss.def
index 35850ca..4d778e5 100644
--- a/lib/nss/nss.def
+++ b/lib/nss/nss.def
@@ -1253,3 +1253,9 @@ SECMOD_LockedModuleHasRemovableSlots;
 ;+    local:
 ;+       *;
 ;+};
+;+NSS_openEuler {
+;+    global:
+SEC_CreateSM2Digest;
+;+    local:
+;+       *;
+;+};
diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h
index 5027847..31a0807 100644
--- a/lib/util/pkcs11n.h
+++ b/lib/util/pkcs11n.h
@@ -260,6 +260,8 @@
 
 /* SM algorithm (to be proposed to PKCS #11) */
 #define CKM_NSS_SM3 (CKM_NSS + 45)
+#define CKM_NSS_SM2 (CKM_NSS + 46)
+#define CKM_NSS_SM2_WITH_SM3 (CKM_NSS + 47)
 
 
 /*
diff --git a/lib/util/secoid.c b/lib/util/secoid.c
index 2060429..e97eead 100644
--- a/lib/util/secoid.c
+++ b/lib/util/secoid.c
@@ -616,6 +616,8 @@ CONST_OID curve25519[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01
  * 1.2.156.197.1.401
  */
 CONST_OID sm3[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x11 };
+CONST_OID sm2[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D };
+CONST_OID sm2_with_sm3[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75 };
 
 #define OI(x)                                  \
     {                                          \
@@ -1812,6 +1814,8 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
 
     OD(sm3, SEC_OID_SM3, "SM3", CKM_NSS_SM3, INVALID_CERT_EXTENSION),
+    OD(sm2, SEC_OID_SM2, "SM2", CKM_NSS_SM2, INVALID_CERT_EXTENSION),
+    OD(sm2_with_sm3, SEC_OID_SM2_WITH_SM3, "SM2_WITH_SM3", CKM_NSS_SM2_WITH_SM3, INVALID_CERT_EXTENSION),
 
     OD(sha3_224, SEC_OID_SHA3_224, "SHA3-224", CKM_SHA3_224, INVALID_CERT_EXTENSION),
     OD(sha3_256, SEC_OID_SHA3_256, "SHA3-256", CKM_SHA3_256, INVALID_CERT_EXTENSION),
diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h
index b6a98a2..b60f74e 100644
--- a/lib/util/secoidt.h
+++ b/lib/util/secoidt.h
@@ -513,6 +513,8 @@ typedef enum {
     SEC_OID_HMAC_SHA3_512 = 371,
 
     SEC_OID_SM3 = 372,
+    SEC_OID_SM2 = 373,
+    SEC_OID_SM2_WITH_SM3 = 374,
 
     SEC_OID_TOTAL
 } SECOidTag;