1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <string.h>
12 #include <gmssl/sm2.h>
13 #include <gmssl/oid.h>
14 #include <gmssl/asn1.h>
15 #include <gmssl/pem.h>
16 #include <gmssl/sm4.h>
17 #include <gmssl/rand.h>
18 #include <gmssl/pbkdf2.h>
19 #include <gmssl/pkcs8.h>
20 #include <gmssl/error.h>
21 #include <gmssl/ec.h>
22 #include <gmssl/x509_alg.h>
23
24
sm2_key_generate(SM2_KEY * key)25 int sm2_key_generate(SM2_KEY *key)
26 {
27 SM2_BN x;
28 SM2_BN y;
29 SM2_JACOBIAN_POINT _P, *P = &_P;
30
31 if (!key) {
32 error_print();
33 return -1;
34 }
35 memset(key, 0, sizeof(SM2_KEY));
36
37 do {
38 sm2_bn_rand_range(x, SM2_N);
39 } while (sm2_bn_is_zero(x));
40 sm2_bn_to_bytes(x, key->private_key);
41
42 sm2_jacobian_point_mul_generator(P, x);
43 sm2_jacobian_point_get_xy(P, x, y);
44 sm2_bn_to_bytes(x, key->public_key.x);
45 sm2_bn_to_bytes(y, key->public_key.y);
46 return 1;
47 }
48
sm2_key_set_private_key(SM2_KEY * key,const uint8_t private_key[32])49 int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32])
50 {
51 memcpy(&key->private_key, private_key, 32);
52 // FIXEM:检查私钥是否在有效的范围内
53
54 if (sm2_point_mul_generator(&key->public_key, private_key) != 1) {
55 error_print();
56 return -1;
57 }
58
59
60 return 1;
61 }
62
sm2_key_set_public_key(SM2_KEY * key,const SM2_POINT * public_key)63 int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key)
64 {
65 if (!key || !public_key) {
66 error_print();
67 return -1;
68 }
69 memset(key, 0, sizeof(SM2_KEY));
70 key->public_key = *public_key;
71 return 1;
72 }
73
sm2_key_print(FILE * fp,int fmt,int ind,const char * label,const SM2_KEY * key)74 int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key)
75 {
76 format_print(fp, fmt, ind, "%s\n", label);
77 ind += 4;
78 sm2_public_key_print(fp, fmt, ind, "publicKey", key);
79 format_bytes(fp, fmt, ind, "privateKey", key->private_key, 32);
80 return 1;
81 }
82
sm2_public_key_to_der(const SM2_KEY * key,uint8_t ** out,size_t * outlen)83 int sm2_public_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen)
84 {
85 uint8_t buf[65];
86 size_t len = 0;
87
88 if (!key) {
89 return 0;
90 }
91 sm2_point_to_uncompressed_octets(&key->public_key, buf);
92 if (asn1_bit_octets_to_der(buf, sizeof(buf), out, outlen) != 1) {
93 error_print();
94 return -1;
95 }
96 return 1;
97 }
98
sm2_public_key_from_der(SM2_KEY * key,const uint8_t ** in,size_t * inlen)99 int sm2_public_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen)
100 {
101 int ret;
102 const uint8_t *d;
103 size_t dlen;
104 SM2_POINT P;
105
106 if ((ret = asn1_bit_octets_from_der(&d, &dlen, in, inlen)) != 1) {
107 if (ret < 0) error_print();
108 return ret;
109 }
110 if (dlen != 65) {
111 error_print();
112 return -1;
113 }
114 if (sm2_point_from_octets(&P, d, dlen) != 1
115 || sm2_key_set_public_key(key, &P) != 1) {
116 error_print();
117 return -1;
118 }
119 return 1;
120 }
121
sm2_public_key_print(FILE * fp,int fmt,int ind,const char * label,const SM2_KEY * pub_key)122 int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key)
123 {
124 return sm2_point_print(fp, fmt, ind, label, &pub_key->public_key);
125 }
126
sm2_public_key_algor_to_der(uint8_t ** out,size_t * outlen)127 int sm2_public_key_algor_to_der(uint8_t **out, size_t *outlen)
128 {
129 if (x509_public_key_algor_to_der(OID_ec_public_key, OID_sm2, out, outlen) != 1) {
130 error_print();
131 return -1;
132 }
133 return 1;
134 }
135
sm2_public_key_algor_from_der(const uint8_t ** in,size_t * inlen)136 int sm2_public_key_algor_from_der(const uint8_t **in, size_t *inlen)
137 {
138 int ret;
139 int oid;
140 int curve;
141
142 if ((ret = x509_public_key_algor_from_der(&oid, &curve, in, inlen)) != 1) {
143 if (ret < 0) error_print();
144 return ret;
145 }
146 if (oid != OID_ec_public_key) {
147 printf("%s %d: oid = %d\n", __FILE__, __LINE__, oid);
148 error_print();
149 return -1;
150 }
151 if (curve != OID_sm2) {
152 error_print();
153 return -1;
154 }
155 return 1;
156 }
157
sm2_private_key_to_der(const SM2_KEY * key,uint8_t ** out,size_t * outlen)158 int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen)
159 {
160 size_t len = 0;
161 uint8_t params[64];
162 uint8_t pubkey[128];
163 uint8_t *params_ptr = params;
164 uint8_t *pubkey_ptr = pubkey;
165 size_t params_len = 0;
166 size_t pubkey_len = 0;
167
168 if (ec_named_curve_to_der(OID_sm2, ¶ms_ptr, ¶ms_len) != 1
169 || sm2_public_key_to_der(key, &pubkey_ptr, &pubkey_len) != 1) {
170 error_print();
171 return -1;
172 }
173 if (asn1_int_to_der(EC_private_key_version, NULL, &len) != 1
174 || asn1_octet_string_to_der(key->private_key, 32, NULL, &len) != 1
175 || asn1_explicit_to_der(0, params, params_len, NULL, &len) != 1
176 || asn1_explicit_to_der(1, pubkey, pubkey_len, NULL, &len) != 1
177 || asn1_sequence_header_to_der(len, out, outlen) != 1
178 || asn1_int_to_der(EC_private_key_version, out, outlen) != 1
179 || asn1_octet_string_to_der(key->private_key, 32, out, outlen) != 1
180 || asn1_explicit_to_der(0, params, params_len, out, outlen) != 1
181 || asn1_explicit_to_der(1, pubkey, pubkey_len, out, outlen) != 1) {
182 error_print();
183 return -1;
184 }
185 return 1;
186 }
187
sm2_private_key_from_der(SM2_KEY * key,const uint8_t ** in,size_t * inlen)188 int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen)
189 {
190 int ret;
191 const uint8_t *d;
192 size_t dlen;
193 int ver;
194 const uint8_t *prikey;
195 const uint8_t *params;
196 const uint8_t *pubkey;
197 size_t prikey_len, params_len, pubkey_len;
198
199 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
200 if (ret < 0) error_print();
201 return ret;
202 }
203 if (asn1_int_from_der(&ver, &d, &dlen) != 1
204 || asn1_octet_string_from_der(&prikey, &prikey_len, &d, &dlen) != 1
205 || asn1_explicit_from_der(0, ¶ms, ¶ms_len, &d, &dlen) != 1
206 || asn1_explicit_from_der(1, &pubkey, &pubkey_len, &d, &dlen) != 1
207 || asn1_check(ver == EC_private_key_version) != 1
208 || asn1_length_is_zero(dlen) != 1) {
209 error_print();
210 return -1;
211 }
212 if (params) {
213 int curve;
214 if (ec_named_curve_from_der(&curve, ¶ms, ¶ms_len) != 1
215 || asn1_check(curve == OID_sm2) != 1
216 || asn1_length_is_zero(params_len) != 1) {
217 error_print();
218 return -1;
219 }
220 }
221 if (asn1_check(prikey_len == 32) != 1
222 || sm2_key_set_private_key(key, prikey) != 1) {
223 error_print();
224 return -1;
225 }
226 // 这里的逻辑上应该是用一个新的公钥来接收公钥,并且判断这个和私钥是否一致
227 if (pubkey) {
228 SM2_KEY tmp_key;
229 if (sm2_public_key_from_der(&tmp_key, &pubkey, &pubkey_len) != 1
230 || asn1_length_is_zero(pubkey_len) != 1) {
231 error_print();
232 return -1;
233 }
234 if (sm2_public_key_equ(key, &tmp_key) != 1) {
235 error_print();
236 return -1;
237 }
238 }
239 return 1;
240 }
241
sm2_private_key_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)242 int sm2_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
243 {
244 return ec_private_key_print(fp, fmt, ind, label, d, dlen);
245 }
246
247
248 #define SM2_PRIVATE_KEY_MAX_SIZE 512 // 需要测试这个buffer的最大值
249
sm2_private_key_info_to_der(const SM2_KEY * sm2_key,uint8_t ** out,size_t * outlen)250 int sm2_private_key_info_to_der(const SM2_KEY *sm2_key, uint8_t **out, size_t *outlen)
251 {
252 size_t len = 0;
253 uint8_t prikey[SM2_PRIVATE_KEY_MAX_SIZE];
254 uint8_t *p = prikey;
255 size_t prikey_len = 0;
256
257 if (sm2_private_key_to_der(sm2_key, &p, &prikey_len) != 1) {
258 error_print();
259 return -1;
260 }
261 if (asn1_int_to_der(PKCS8_private_key_info_version, NULL, &len) != 1
262 || sm2_public_key_algor_to_der(NULL, &len) != 1
263 || asn1_octet_string_to_der(prikey, prikey_len, NULL, &len) != 1
264 || asn1_sequence_header_to_der(len, out, outlen) != 1
265 || asn1_int_to_der(PKCS8_private_key_info_version, out, outlen) != 1
266 || sm2_public_key_algor_to_der(out, outlen) != 1
267 || asn1_octet_string_to_der(prikey, prikey_len, out, outlen) != 1) {
268 memset(prikey, 0, sizeof(prikey));
269 error_print();
270 return -1;
271 }
272 memset(prikey, 0, sizeof(prikey));
273 return 1;
274 }
275
sm2_private_key_info_from_der(SM2_KEY * sm2_key,const uint8_t ** attrs,size_t * attrslen,const uint8_t ** in,size_t * inlen)276 int sm2_private_key_info_from_der(SM2_KEY *sm2_key, const uint8_t **attrs, size_t *attrslen,
277 const uint8_t **in, size_t *inlen)
278 {
279 int ret;
280 const uint8_t *d;
281 size_t dlen;
282 int version;
283 const uint8_t *prikey;
284 size_t prikey_len;
285
286 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
287 if (ret < 0) error_print();
288 return ret;
289 }
290 if (asn1_int_from_der(&version, &d, &dlen) != 1
291 || sm2_public_key_algor_from_der(&d, &dlen) != 1
292 || asn1_octet_string_from_der(&prikey, &prikey_len, &d, &dlen) != 1
293 || asn1_implicit_set_from_der(0, attrs, attrslen, &d, &dlen) < 0
294 || asn1_length_is_zero(dlen) != 1) {
295 error_print();
296 return -1;
297 }
298 if (asn1_check(version == PKCS8_private_key_info_version) != 1
299 || sm2_private_key_from_der(sm2_key, &prikey, &prikey_len) != 1
300 || asn1_length_is_zero(prikey_len) != 1) {
301 error_print();
302 return -1;
303 }
304 return 1;
305 }
306
sm2_private_key_info_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)307 int sm2_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
308 {
309 int ret;
310 const uint8_t *p;
311 size_t len;
312 int val;
313 const uint8_t *prikey;
314 size_t prikey_len;
315
316 format_print(fp, fmt, ind, "%s\n", label);
317 ind += 4;
318
319 if (asn1_int_from_der(&val, &d, &dlen) != 1) goto err;
320 format_print(fp, fmt, ind, "version: %d\n", val);
321 if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err;
322 x509_public_key_algor_print(fp, fmt, ind, "privateKeyAlgorithm", p, len);
323 if (asn1_octet_string_from_der(&p, &len, &d, &dlen) != 1) goto err;
324 if (asn1_sequence_from_der(&prikey, &prikey_len, &p, &len) != 1) goto err;
325 ec_private_key_print(fp, fmt, ind + 4, "privateKey", prikey, prikey_len);
326 if (asn1_length_is_zero(len) != 1) goto err;
327 if ((ret = asn1_implicit_set_from_der(0, &p, &len, &d, &dlen)) < 0) goto err;
328 else if (ret) format_bytes(fp, fmt, ind, "attributes", p, len);
329 if (asn1_length_is_zero(dlen) != 1) goto err;
330 return 1;
331 err:
332 error_print();
333 return -1;
334 }
335
336 #if 0 // 私钥的BASE64编解码可能受到侧信道攻击
337 #define SM2_PRIVATE_KEY_INFO_MAX_SIZE 512 // TODO:计算长度
338
339 int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp)
340 {
341 uint8_t buf[SM2_PRIVATE_KEY_INFO_MAX_SIZE];
342 uint8_t *p = buf;
343 size_t len = 0;
344
345 if (sm2_private_key_info_to_der(key, &p, &len) != 1
346 || pem_write(fp, "PRIVATE KEY", buf, len) != 1) {
347 memset(buf, 0, sizeof(buf));
348 error_print();
349 return -1;
350 }
351 memset(buf, 0, sizeof(buf));
352 return 1;
353 }
354
355 int sm2_private_key_info_from_pem(SM2_KEY *sm2_key, const uint8_t **attrs, size_t *attrslen, FILE *fp)
356 {
357 uint8_t buf[512]; // 这个可能是不够用的,因为attributes可能很长
358 const uint8_t *cp = buf;
359 size_t len;
360
361 if (pem_read(fp, "PRIVATE KEY", buf, &len, sizeof(buf)) != 1
362 || sm2_private_key_info_from_der(sm2_key, attrs, attrslen, &cp, &len) != 1
363 || asn1_length_is_zero(len) != 1) {
364 error_print();
365 return -1;
366 }
367 return 1;
368 }
369 #endif
370
sm2_public_key_info_to_der(const SM2_KEY * pub_key,uint8_t ** out,size_t * outlen)371 int sm2_public_key_info_to_der(const SM2_KEY *pub_key, uint8_t **out, size_t *outlen)
372 {
373 size_t len = 0;
374 if (sm2_public_key_algor_to_der(NULL, &len) != 1
375 || sm2_public_key_to_der(pub_key, NULL, &len) != 1
376 || asn1_sequence_header_to_der(len, out, outlen) != 1
377 || sm2_public_key_algor_to_der(out, outlen) != 1
378 || sm2_public_key_to_der(pub_key, out, outlen) != 1) {
379 error_print();
380 return -1;
381 }
382 return 1;
383 }
384
sm2_public_key_info_from_der(SM2_KEY * pub_key,const uint8_t ** in,size_t * inlen)385 int sm2_public_key_info_from_der(SM2_KEY *pub_key, const uint8_t **in, size_t *inlen)
386 {
387 int ret;
388 const uint8_t *d;
389 size_t dlen;
390
391 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
392 if (ret < 0) error_print();
393 return ret;
394 }
395 if (sm2_public_key_algor_from_der(&d, &dlen) != 1
396 || sm2_public_key_from_der(pub_key, &d, &dlen) != 1
397 || asn1_length_is_zero(dlen) != 1) {
398 error_print();
399 return -1;
400 }
401 return 1;
402 }
403
404 #if 0 // 私钥的BASE64编解码可能受到侧信道攻击
405 int sm2_private_key_to_pem(const SM2_KEY *a, FILE *fp)
406 {
407 uint8_t buf[512];
408 uint8_t *p = buf;
409 size_t len = 0;
410
411 if (sm2_private_key_to_der(a, &p, &len) != 1) {
412 error_print();
413 return -1;
414 }
415 if (pem_write(fp, "EC PRIVATE KEY", buf, len) <= 0) {
416 error_print();
417 return -1;
418 }
419 return 1;
420 }
421
422 int sm2_private_key_from_pem(SM2_KEY *a, FILE *fp)
423 {
424 uint8_t buf[512];
425 const uint8_t *cp = buf;
426 size_t len;
427
428 if (pem_read(fp, "EC PRIVATE KEY", buf, &len, sizeof(buf)) != 1) {
429 error_print();
430 return -1;
431 }
432 if (sm2_private_key_from_der(a, &cp, &len) != 1
433 || len > 0) {
434 error_print();
435 return -1;
436 }
437 return 1;
438 }
439 #endif
440
sm2_public_key_info_to_pem(const SM2_KEY * a,FILE * fp)441 int sm2_public_key_info_to_pem(const SM2_KEY *a, FILE *fp)
442 {
443 uint8_t buf[512];
444 uint8_t *p = buf;
445 size_t len = 0;
446
447 if (sm2_public_key_info_to_der(a, &p, &len) != 1) {
448 error_print();
449 return -1;
450 }
451 if (pem_write(fp, "PUBLIC KEY", buf, len) <= 0) {
452 error_print();
453 return -1;
454 }
455 return 1;
456 }
457
sm2_public_key_info_from_pem(SM2_KEY * a,FILE * fp)458 int sm2_public_key_info_from_pem(SM2_KEY *a, FILE *fp)
459 {
460 uint8_t buf[512];
461 const uint8_t *cp = buf;
462 size_t len;
463
464 if (pem_read(fp, "PUBLIC KEY", buf, &len, sizeof(buf)) != 1) {
465 error_print();
466 return -1;
467 }
468 if (sm2_public_key_info_from_der(a, &cp, &len) != 1
469 || len > 0) {
470 return -1;
471 }
472 return 1;
473 }
474
sm2_public_key_equ(const SM2_KEY * sm2_key,const SM2_KEY * pub_key)475 int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key)
476 {
477 if (memcmp(sm2_key, pub_key, sizeof(SM2_POINT)) == 0) {
478 return 1;
479 }
480 return 0;
481 }
482
sm2_public_key_copy(SM2_KEY * sm2_key,const SM2_KEY * pub_key)483 int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key)
484 {
485 return sm2_key_set_public_key(sm2_key, &pub_key->public_key);
486 }
487
sm2_public_key_digest(const SM2_KEY * sm2_key,uint8_t dgst[32])488 int sm2_public_key_digest(const SM2_KEY *sm2_key, uint8_t dgst[32])
489 {
490 uint8_t bits[65];
491 sm2_point_to_uncompressed_octets(&sm2_key->public_key, bits);
492 sm3_digest(bits, sizeof(bits), dgst);
493 return 1;
494 }
495
sm2_private_key_info_encrypt_to_der(const SM2_KEY * sm2_key,const char * pass,uint8_t ** out,size_t * outlen)496 int sm2_private_key_info_encrypt_to_der(const SM2_KEY *sm2_key, const char *pass,
497 uint8_t **out, size_t *outlen)
498 {
499 int ret = -1;
500 uint8_t pkey_info[2560];
501 uint8_t *p = pkey_info;
502 size_t pkey_info_len = 0;
503 uint8_t salt[16];
504 int iter = 65536;
505 uint8_t iv[16];
506 uint8_t key[16];
507 SM4_KEY sm4_key;
508 uint8_t enced_pkey_info[5120];
509 size_t enced_pkey_info_len;
510
511 if (sm2_private_key_info_to_der(sm2_key, &p, &pkey_info_len) != 1
512 || rand_bytes(salt, sizeof(salt)) != 1
513 || rand_bytes(iv, sizeof(iv)) != 1
514 || pbkdf2_genkey(DIGEST_sm3(), pass, strlen(pass),
515 salt, sizeof(salt), iter, sizeof(key), key) != 1) {
516 error_print();
517 goto end;
518 }
519 sm4_set_encrypt_key(&sm4_key, key);
520 if (sm4_cbc_padding_encrypt(
521 &sm4_key, iv, pkey_info, pkey_info_len,
522 enced_pkey_info, &enced_pkey_info_len) != 1
523 || pkcs8_enced_private_key_info_to_der(
524 salt, sizeof(salt), iter, sizeof(key), OID_hmac_sm3,
525 OID_sm4_cbc, iv, sizeof(iv),
526 enced_pkey_info, enced_pkey_info_len, out, outlen) != 1) {
527 error_print();
528 goto end;
529 }
530 ret = 1;
531 end:
532 memset(pkey_info, 0, sizeof(pkey_info));
533 memset(key, 0, sizeof(key));
534 memset(&sm4_key, 0, sizeof(sm4_key));
535 return ret;
536 }
537
sm2_private_key_info_decrypt_from_der(SM2_KEY * sm2,const uint8_t ** attrs,size_t * attrs_len,const char * pass,const uint8_t ** in,size_t * inlen)538 int sm2_private_key_info_decrypt_from_der(SM2_KEY *sm2,
539 const uint8_t **attrs, size_t *attrs_len,
540 const char *pass, const uint8_t **in, size_t *inlen)
541 {
542 int ret = -1;
543 const uint8_t *salt;
544 size_t saltlen;
545 int iter;
546 int keylen;
547 int prf;
548 int cipher;
549 const uint8_t *iv;
550 size_t ivlen;
551 uint8_t key[16];
552 SM4_KEY sm4_key;
553 const uint8_t *enced_pkey_info;
554 size_t enced_pkey_info_len;
555 uint8_t pkey_info[256];
556 const uint8_t *cp = pkey_info;
557 size_t pkey_info_len;
558
559 if (pkcs8_enced_private_key_info_from_der(&salt, &saltlen, &iter, &keylen, &prf,
560 &cipher, &iv, &ivlen, &enced_pkey_info, &enced_pkey_info_len, in, inlen) != 1
561 || asn1_check(keylen == -1 || keylen == 16) != 1
562 || asn1_check(prf == - 1 || prf == OID_hmac_sm3) != 1
563 || asn1_check(cipher == OID_sm4_cbc) != 1
564 || asn1_check(ivlen == 16) != 1
565 || asn1_length_le(enced_pkey_info_len, sizeof(pkey_info)) != 1) {
566 error_print();
567 return -1;
568 }
569 if (pbkdf2_genkey(DIGEST_sm3(), pass, strlen(pass), salt, saltlen, iter, sizeof(key), key) != 1) {
570 error_print();
571 goto end;
572 }
573 sm4_set_decrypt_key(&sm4_key, key);
574 if (sm4_cbc_padding_decrypt(&sm4_key, iv, enced_pkey_info, enced_pkey_info_len,
575 pkey_info, &pkey_info_len) != 1
576 || sm2_private_key_info_from_der(sm2, attrs, attrs_len, &cp, &pkey_info_len) != 1
577 || asn1_length_is_zero(pkey_info_len) != 1) {
578 error_print();
579
580 if (pkey_info_len) {
581 format_bytes(stderr, 0, 0, "700", cp, pkey_info_len);
582 }
583
584
585 goto end;
586 }
587 ret = 1;
588 end:
589 memset(&sm4_key, 0, sizeof(sm4_key));
590 memset(key, 0, sizeof(key));
591 memset(pkey_info, 0, sizeof(pkey_info));
592 return ret;
593 }
594
sm2_private_key_info_encrypt_to_pem(const SM2_KEY * sm2_key,const char * pass,FILE * fp)595 int sm2_private_key_info_encrypt_to_pem(const SM2_KEY *sm2_key, const char *pass, FILE *fp)
596 {
597 uint8_t buf[1024];
598 uint8_t *p = buf;
599 size_t len = 0;
600
601 if (sm2_private_key_info_encrypt_to_der(sm2_key, pass, &p, &len) != 1) {
602 error_print();
603 return -1;
604 }
605 if (pem_write(fp, "ENCRYPTED PRIVATE KEY", buf, len) != 1) {
606 error_print();
607 return -1;
608 }
609 return 1;
610 }
611
sm2_private_key_info_decrypt_from_pem(SM2_KEY * key,const char * pass,FILE * fp)612 int sm2_private_key_info_decrypt_from_pem(SM2_KEY *key, const char *pass, FILE *fp)
613 {
614 uint8_t buf[512];
615 const uint8_t *cp = buf;
616 size_t len;
617 const uint8_t *attrs;
618 size_t attrs_len;
619
620 if (pem_read(fp, "ENCRYPTED PRIVATE KEY", buf, &len, sizeof(buf)) != 1
621 || sm2_private_key_info_decrypt_from_der(key, &attrs, &attrs_len, pass, &cp, &len) != 1) {
622 error_print();
623 return -1;
624 }
625 if (asn1_length_is_zero(len) != 1) {
626 format_bytes(stderr, 0, 0, "", cp, len);
627 error_print();
628 return -1;
629 }
630 return 1;
631 }
632