美文网首页
Openssl源码方式添加国密SM2算法

Openssl源码方式添加国密SM2算法

作者: right_33cb | 来源:发表于2018-09-25 09:11 被阅读0次

转:https://blog.csdn.net/mrpre/article/details/51700884

1:源码方式,只需要添加2部分,第一部分是 国密sm2的oid,第二部分是group。

如果不添加,则 EVP_PKEY 无法解析,ec_asn1_pkparameters2group 函数 因为找不到 oid对应的group导致解析私钥失败,或者解析x509的公钥为空。

注:如下修改 不会 让你支持生成SM2国密证书或者支持诸如ECC_SM4_SM3等国密加密套件。

该修改只是让你能够让openssl正常解密 sm2 证书。

1:添加sm2的oid

cd crypto/objects/

编辑  objects.txt ,添加: 1 2 156 10197 1 301: SM2: SM2

随便加在哪里即可,我添加在文件最后。

然后在当前目录下执行:

perl objects.pl objects.txt obj_mac.num obj_mac.h

perl obj_dat.pl obj_mac.h  obj_dat.h

2:添加 group

ec_curve.c 中添加 2 个定义:

static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }

    _EC_X9_62_sm2 = {

{ NID_X9_62_prime_field,0,32,1 },

{  /* seed */

  0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,/* p */

  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

  0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

  0xFF,0xFF,

      0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,    /* a */

      0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

      0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,

      0xFF,0xFc,

  0x28,0xE9,0xFA,0x9E,0x9D,0x9F,0x5E,0x34,0x4D,0x5A,/* b */

  0x9E,0x4B,0xCF,0x65,0x09,0xA7,0xF3,0x97,0x89,0xF5,

      0x15,0xAB,0x8F,0x92,0xDD,0xBC,0xBD,0x41,0x4D,0x94,

      0x0E,0x93,

      0x32,0xC4,0xAE,0x2C,0x1F,0x19,0x81,0x19,0x5F,0x99,    /* x */

      0x04,0x46,0x6A,0x39,0xC9,0x94,0x8F,0xE3,0x0B,0xBF, 

      0xF2,0x66,0x0B,0xE1,0x71,0x5A,0x45,0x89,0x33,0x4C, 

      0x74,0xC7, 

      0xBC,0x37,0x36,0xA2,0xF4,0xF6,0x77,0x9C,0x59,0xBD,    /* y */

      0xCE,0xE3,0x6B,0x69,0x21,0x53,0xD0,0xA9,0x87,0x7C, 

      0xC6,0x2A,0x47,0x40,0x02,0xDF,0x32,0xE5,0x21,0x39, 

      0xF0,0xA0, 

      0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* order */

      0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x72,0x03,0xDF,0x6B, 

      0x21,0xC6,0x05,0x2B,0x53,0xBB,0xF4,0x09,0x39,0xD5, 

      0x41,0x23}

};

curve_list 中添加:

{ NID_SM2, &_EC_X9_62_sm2.h, 0, "sm2 curve over a 256 bit prime field" },

然后重新make一下。

上述添加完成之后,OpenSSL即支持 SM2国密算法,能够正常解析 SM2国密证书。

---------------------

本文来自 Mrpre 的CSDN 博客 ,全文地址请点击:https://blog.csdn.net/mrpre/article/details/51700884?utm_source=copy

相关文章

网友评论

      本文标题:Openssl源码方式添加国密SM2算法

      本文链接:https://www.haomeiwen.com/subject/sdskoftx.html