diff --git a/Feature-nss-add-implement-of-SM2-signature-algorithm.patch b/Feature-nss-add-implement-of-SM2-signature-algorithm.patch new file mode 100644 index 0000000000000000000000000000000000000000..c98e32b93c0a8db36aac914e3103d64de95bfd86 --- /dev/null +++ b/Feature-nss-add-implement-of-SM2-signature-algorithm.patch @@ -0,0 +1,179 @@ +From 76754353988703719623717de9d1252434b69507 Mon Sep 17 00:00:00 2001 +From: Huaxin Lu +Date: Sun, 2 Oct 2022 19:05:00 +0800 +Subject: [PATCH 3/4] nss add implement of SM2 signature algorithm + +Co-authored-by: godcansee +Signed-off-by: Huaxin Lu +--- + lib/freebl/sm2.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++ + lib/freebl/sm2.h | 16 ++++++ + 2 files changed, 150 insertions(+) + create mode 100644 lib/freebl/sm2.c + create mode 100644 lib/freebl/sm2.h + +diff --git a/lib/freebl/sm2.c b/lib/freebl/sm2.c +new file mode 100644 +index 0000000..f80b8ca +--- /dev/null ++++ b/lib/freebl/sm2.c +@@ -0,0 +1,134 @@ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#ifdef FREEBL_NO_DEPEND ++#include "stubs.h" ++#endif ++ ++#include "blapi.h" ++#include "blapii.h" ++#include "prerr.h" ++#include "secerr.h" ++#include "secmpi.h" ++#include "secitem.h" ++#include "ecl.h" ++ ++SECStatus ++SM2_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, ++ const SECItem *digest, const unsigned char *kb, const int kblen) ++{ ++ SECStatus rv = SECFailure; ++ mp_int e, k, x1, y1, r, n, dA, tmp, s; ++ mp_err err = MP_OKAY; ++ ECParams *ecParams; ++ ECGroup *group; ++ SECItem kGpoint = { siBuffer, NULL, 0 }; ++ mp_size olen; ++ ++ if (!key || !signature || !signature->data || !digest || !kb || (kblen < 0)) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return SECFailure; ++ } ++ ++ ecParams = &(key->ecParams); ++ olen = ecParams->order.len; ++ if (signature->len < 2 * olen) { ++ PORT_SetError(SEC_ERROR_OUTPUT_LEN); ++ return SECFailure; ++ } ++ ++ CHECK_MPI_OK(mp_init(&e)); ++ CHECK_MPI_OK(mp_init(&k)); ++ CHECK_MPI_OK(mp_init(&x1)); ++ CHECK_MPI_OK(mp_init(&y1)); ++ CHECK_MPI_OK(mp_init(&r)); ++ CHECK_MPI_OK(mp_init(&n)); ++ CHECK_MPI_OK(mp_init(&dA)); ++ CHECK_MPI_OK(mp_init(&tmp)); ++ CHECK_MPI_OK(mp_init(&s)); ++ CHECK_MPI_OK(mp_init(&tmp)); ++ CHECK_MPI_OK(mp_init(&s)); ++ ++ SECITEM_TO_MPINT(key->privateValue, &dA); ++ SECITEM_TO_MPINT(*digest, &e); ++ SECITEM_TO_MPINT(ecParams->order, &n); ++ ++ CHECK_MPI_OK(mp_read_unsigned_octets(&k, kb, kblen)); ++ ++ /* Make sure k is in the interval [1, n-1] */ ++ if ((mp_cmp_z(&k) <= 0) || (mp_cmp(&k, &n) >= 0)) { ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ goto cleanup; ++ } ++ ++ /* (x1, y1) = [k]G */ ++ group = ECGroup_fromName(ecParams->name); ++ if (!group) ++ goto cleanup; ++ ++ kGpoint.len = EC_GetPointSize(ecParams); ++ kGpoint.data = PORT_Alloc(kGpoint.len); ++ if (kGpoint.data == NULL) ++ goto cleanup; ++ ++ CHECK_MPI_OK(ECPoints_mul(group, &k, NULL, NULL, NULL, &x1, &y1)); ++ ++ /* r = (e + x1) mod n */ ++ CHECK_MPI_OK(mp_addmod(&e, &x1, &n, &r)); ++ ++ /* r != 0 */ ++ if (mp_cmp_z(&r) == 0) { ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ goto cleanup; ++ } ++ ++ /* r + k != n */ ++ CHECK_MPI_OK(mp_add(&r, &k, &tmp)); ++ if (mp_cmp(&tmp, &n) == 0) { ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ goto cleanup; ++ } ++ ++ /* s = ((d + 1)^-1 * (k - r * dA)) mod n */ ++ CHECK_MPI_OK(mp_add_d(&dA, 1, &tmp)); ++ CHECK_MPI_OK(mp_mod (&tmp, &n, &s)); ++ CHECK_MPI_OK(mp_invmod (&s, &n, &s)); ++ CHECK_MPI_OK(mp_mulmod (&r, &dA, &n, &tmp)); ++ CHECK_MPI_OK(mp_submod (&k, &tmp, &n, &tmp)); ++ CHECK_MPI_OK(mp_mulmod (&s, &tmp, &n, &s)); ++ ++ /* s != 0 */ ++ if (mp_cmp_z(&s) == 0) { ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ goto cleanup; ++ } ++ ++ CHECK_MPI_OK(mp_to_fixlen_octets(&r, signature->data, olen)); ++ CHECK_MPI_OK(mp_to_fixlen_octets(&s, signature->data + olen, olen)); ++ ++ signature->len = 2 * olen; ++ rv = SECSuccess; ++ err = MP_OKAY; ++ ++cleanup: ++ mp_clear(&e); ++ mp_clear(&k); ++ mp_clear(&x1); ++ mp_clear(&y1); ++ mp_clear(&r); ++ mp_clear(&n); ++ mp_clear(&dA); ++ mp_clear(&tmp); ++ mp_clear(&s); ++ ++ if (kGpoint.data) ++ PORT_ZFree(kGpoint.data, kGpoint.len); ++ ++ if (err) { ++ MP_TO_SEC_ERROR(err); ++ rv = SECFailure; ++ } ++ ++ return rv; ++} +diff --git a/lib/freebl/sm2.h b/lib/freebl/sm2.h +new file mode 100644 +index 0000000..0e2072c +--- /dev/null ++++ b/lib/freebl/sm2.h +@@ -0,0 +1,16 @@ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#ifndef _SM2_H_ ++#define _SM2_H_ ++ ++ ++#include ++ ++SECStatus ++SM2_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, ++ const SECItem *digest, const unsigned char *kb, const int kblen); ++ ++#endif ++ +-- +2.33.0 + diff --git a/Feature-nss-add-implement-of-SM3-digest-algorithm.patch b/Feature-nss-add-implement-of-SM3-digest-algorithm.patch new file mode 100644 index 0000000000000000000000000000000000000000..b3a57170124d72ed5c4694cff14ac8272408d71e --- /dev/null +++ b/Feature-nss-add-implement-of-SM3-digest-algorithm.patch @@ -0,0 +1,321 @@ +From c4222d2434eb877fc077cdb338ac22ab6779f412 Mon Sep 17 00:00:00 2001 +From: godcansee +Date: Tue, 27 Sep 2022 19:55:55 +0800 +Subject: [PATCH 1/4] nss add implement of SM3 digest algorithm + +Signed-off-by: Huaxin Lu +--- + lib/freebl/sm3.c | 274 +++++++++++++++++++++++++++++++++++++++++++++++ + lib/freebl/sm3.h | 19 ++++ + 2 files changed, 293 insertions(+) + create mode 100644 lib/freebl/sm3.c + create mode 100644 lib/freebl/sm3.h + +diff --git a/lib/freebl/sm3.c b/lib/freebl/sm3.c +new file mode 100644 +index 0000000..27751ff +--- /dev/null ++++ b/lib/freebl/sm3.c +@@ -0,0 +1,274 @@ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#ifdef FREEBL_NO_DEPEND ++#include "stubs.h" ++#endif ++ ++#include "prerr.h" ++#include "prtypes.h" ++#include "prlong.h" ++#include "secport.h" ++#include "secerr.h" ++#include "blapi.h" ++#include "sm3.h" ++ ++#define ROTATE(a,n) (((a) << (n)) | (((a) & 0xffffffff) >> (32 - (n)))) ++ ++#define FF0(X,Y,Z) (X ^ Y ^ Z) ++#define GG0(X,Y,Z) (X ^ Y ^ Z) ++ ++#define FF16(X,Y,Z) ((X & Y) | (X & Z) | (Y & Z)) ++#define GG16(X,Y,Z) ((X & Y) | ((~X) & Z)) ++ ++#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) ++ ++#define Get_32(l, c) ((l) = (PRUint32)(((*((PRUint8*)(c))) << 24) | \ ++ ((*((PRUint8*)(c) + 1)) << 16) | \ ++ ((*((PRUint8*)(c) + 2)) << 8) | \ ++ ((*((PRUint8*)(c) + 3))))) ++ ++#define Put_32(p, N) ((*((PRUint8*)(p))) = (PRUint8)((N) >> 24), \ ++ (*((PRUint8*)(p) + 1)) = (PRUint8)((N) >> 16), \ ++ (*((PRUint8*)(p) + 2)) = (PRUint8)((N) >> 8), \ ++ (*((PRUint8*)(p) + 3)) = (PRUint8)(N)) ++ ++void processOfSM3(SM3Context *ctx, const unsigned char *p) { ++ int j; ++ PRUint32 W[68]; ++ PRUint32 A, B, C, D, E, F, G, H; ++ PRUint32 SS1, SS2, TT1, TT2; ++ ++ A = ctx->A; ++ B = ctx->B; ++ C = ctx->C; ++ D = ctx->D; ++ E = ctx->E; ++ F = ctx->F; ++ G = ctx->G; ++ H = ctx->H; ++ ++ for (j = 0; j < 16; j++) ++ Get_32(W[j], p + 4 * j); ++ ++ for (j = 16; j <= 67; j++) ++ W[j] = P1(W[j - 16] ^ W[j - 9] ^ ROTATE(W[j - 3], 15)) ^ ROTATE(W[j - 13], 7) ^ W[j - 6]; ++ ++ for (j = 0; j < 16; j++) { ++ SS1 = ROTATE(A, 12); ++ SS1 = SS1 + E; ++ SS1 = SS1 + ROTATE(0x79cc4519UL, j); ++ SS1 = ROTATE(SS1, 7); ++ SS2 = SS1 ^ ROTATE(A, 12); ++ TT1 = FF0(A, B, C) + D; ++ TT1 = TT1 + SS2; ++ TT1 = TT1 + (W[j] ^ W[j + 4]); ++ TT2 = GG0(E, F, G) + H; ++ TT2 = TT2 + SS1; ++ TT2 = TT2 + W[j]; ++ D = C; ++ C = ROTATE(B, 9); ++ B = A; ++ A = TT1; ++ H = G; ++ G = ROTATE(F, 19); ++ F = E; ++ E = TT2 ^ ROTATE(TT2, 9) ^ ROTATE(TT2, 17); ++ } ++ ++ for (j = 16; j < 64; j++) { ++ SS1 = ROTATE(A, 12); ++ SS1 = SS1 + E; ++ SS1 = SS1 + ROTATE(0x7a879d8aUL, j & 0x1f); ++ SS1 = ROTATE(SS1, 7); ++ SS2 = SS1 ^ ROTATE(A, 12); ++ TT1 = FF16(A, B, C) + D; ++ TT1 = TT1 + SS2; ++ TT1 = TT1 + (W[j] ^ W[j + 4]); ++ TT2 = GG16(E, F, G) + H; ++ TT2 = TT2 + SS1; ++ TT2 = TT2 + W[j]; ++ D = C; ++ C = ROTATE(B, 9); ++ B = A; ++ A = TT1; ++ H = G; ++ G = ROTATE(F, 19); ++ F = E; ++ E = TT2 ^ ROTATE(TT2, 9) ^ ROTATE(TT2, 17); ++ } ++ ++ ctx->A ^= A; ++ ctx->B ^= B; ++ ctx->C ^= C; ++ ctx->D ^= D; ++ ctx->E ^= E; ++ ctx->F ^= F; ++ ctx->G ^= G; ++ ctx->H ^= H; ++} ++ ++SM3Context * ++SM3_NewContext(void) ++{ ++ SM3Context *ctx = PORT_New(SM3Context); ++ return ctx; ++} ++ ++void ++SM3_DestroyContext(SM3Context *ctx, PRBool freeit) ++{ ++ memset(ctx, 0, sizeof *ctx); ++ if (freeit) { ++ PORT_Free(ctx); ++ } ++} ++ ++void ++SM3_Begin(SM3Context *ctx) ++{ ++ memset(ctx, 0, sizeof(SM3Context)); ++ ctx->A = 0x7380166fUL; ++ ctx->B = 0x4914b2b9UL; ++ ctx->C = 0x172442d7UL; ++ ctx->D = 0xda8a0600UL; ++ ctx->E = 0xa96f30bcUL; ++ ctx->F = 0x163138aaUL; ++ ctx->G = 0xe38dee4dUL; ++ ctx->H = 0xb0fb0e4eUL; ++} ++ ++void ++SM3_Update(SM3Context *ctx, const unsigned char *input, ++ unsigned int inputLen) ++{ ++ PRUint32 l, n, rest; ++ PRUint8 *p; ++ ++ l = (ctx->Nl + (inputLen << 3)) & 0xffffffff; ++ if (l < ctx->Nl) ++ ctx->Nh++; ++ ++ ctx->Nl = l; ++ ctx->Nh += (inputLen >> 29); ++ p = ctx->data; ++ n = ctx->num; ++ ++ rest = 64 - n; ++ if (n) { ++ if (inputLen >= rest) { ++ memcpy(p + n, input, rest); ++ input += rest; ++ inputLen -= rest; ++ ctx->num = 0; ++ processOfSM3(ctx, p); ++ memset(p, 0, 64); ++ } else { ++ memcpy(p + n, input, inputLen); ++ ctx->num += inputLen; ++ return; ++ } ++ } ++ ++ while (inputLen >= 64) { ++ processOfSM3(ctx, input); ++ input += 64; ++ inputLen -= 64; ++ } ++ ++ if (inputLen) { ++ ctx->num = inputLen; ++ memcpy(ctx->data, input, inputLen); ++ } ++} ++ ++void ++SM3_End(SM3Context *ctx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen) ++{ ++ PRUint32 n = ctx->num; ++ ++ if (maxDigestLen < SM3_LENGTH) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return; ++ } ++ ++ ctx->data[n] = 0x80; ++ ++ if (n >= 56) { ++ memset(ctx->data + n + 1, 0, 64 - n - 1); ++ processOfSM3(ctx, ctx->data); ++ memset(ctx->data, 0, 64); ++ } ++ ++ Put_32(&ctx->data[56], ctx->Nh); ++ Put_32(&ctx->data[60], ctx->Nl); ++ processOfSM3(ctx, ctx->data); ++ ++ Put_32(digest, ctx->A); ++ Put_32(digest + 4, ctx->B); ++ Put_32(digest + 8, ctx->C); ++ Put_32(digest + 12, ctx->D); ++ Put_32(digest + 16, ctx->E); ++ Put_32(digest + 20, ctx->F); ++ Put_32(digest + 24, ctx->G); ++ Put_32(digest + 28, ctx->H); ++ ++ if (digestLen) ++ *digestLen = SM3_LENGTH; ++} ++ ++SECStatus ++SM3_HashBuf(unsigned char *dest, const unsigned char *src, ++ PRUint32 src_length) ++{ ++ SM3Context ctx; ++ unsigned int outLen; ++ ++ SM3_Begin(&ctx); ++ SM3_Update(&ctx, src, src_length); ++ SM3_End(&ctx, dest, &outLen, SM3_LENGTH); ++ memset(&ctx, 0, sizeof ctx); ++ ++ return SECSuccess; ++} ++ ++SECStatus ++SM3_Hash(unsigned char *dest, const char *src) ++{ ++ return SM3_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); ++} ++ ++void ++SM3_TraceState(SM3Context *ctx) ++{ ++} ++ ++unsigned int ++SM3_FlattenSize(SM3Context *ctx) ++{ ++ return sizeof *ctx; ++} ++ ++SECStatus ++SM3_Flatten(SM3Context *ctx, unsigned char *space) ++{ ++ PORT_Memcpy(space, ctx, sizeof *ctx); ++ return SECSuccess; ++} ++ ++SM3Context * ++SM3_Resurrect(unsigned char *space, void *arg) ++{ ++ SM3Context *ctx = SM3_NewContext(); ++ if (ctx) ++ PORT_Memcpy(ctx, space, sizeof *ctx); ++ return ctx; ++} ++ ++void ++SM3_Clone(SM3Context *dest, SM3Context *src) ++{ ++ memcpy(dest, src, sizeof *dest); ++} +diff --git a/lib/freebl/sm3.h b/lib/freebl/sm3.h +new file mode 100644 +index 0000000..83d787f +--- /dev/null ++++ b/lib/freebl/sm3.h +@@ -0,0 +1,19 @@ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#ifndef _SM3_H_ ++#define _SM3_H_ ++ ++#include "prtypes.h" ++ ++struct SM3ContextStr { ++ PRUint32 A, B, C, D, E, F, G, H; ++ PRUint32 Nl, Nh; ++ PRUint8 data[64]; ++ PRUint32 num; ++}; ++ ++typedef struct SM3ContextStr SM3Context; ++ ++#endif /* _SM3_H_ */ +-- +2.33.0 + diff --git a/Feature-nss-support-SM2-signature-algorithm.patch b/Feature-nss-support-SM2-signature-algorithm.patch new file mode 100644 index 0000000000000000000000000000000000000000..27e49d7a8d6102d144c4197b54dd26bc1052c01c --- /dev/null +++ b/Feature-nss-support-SM2-signature-algorithm.patch @@ -0,0 +1,338 @@ +From 95151bc198fb304ebaea229be32ad6c207f41887 Mon Sep 17 00:00:00 2001 +From: Huaxin Lu +Date: Tue, 27 Sep 2022 20:14:27 +0800 +Subject: [PATCH 4/4] nss support SM2 signature algorithm + +Co-authored-by: godcansee +Signed-off-by: Huaxin Lu +--- + lib/cryptohi/cryptohi.h | 2 ++ + lib/cryptohi/seckey.c | 3 +++ + lib/cryptohi/secsign.c | 43 +++++++++++++++++++++++++++++++++++++ + lib/cryptohi/secvfy.c | 5 +++++ + lib/freebl/ec.c | 5 ++++- + lib/freebl/ecdecode.c | 5 ++++- + lib/freebl/ecl/ecl-curve.h | 33 ++++++++++++++++++++++++++++ + lib/freebl/ecl/ecl-exp.h | 1 + + lib/freebl/freebl_base.gypi | 1 + + lib/freebl/manifest.mn | 2 ++ + lib/nss/nss.def | 6 ++++++ + lib/util/pkcs11n.h | 2 ++ + lib/util/secoid.c | 4 ++++ + lib/util/secoidt.h | 2 ++ + 14 files changed, 112 insertions(+), 2 deletions(-) + +diff --git a/lib/cryptohi/cryptohi.h b/lib/cryptohi/cryptohi.h +index 7b66f0b..4f99ef9 100644 +--- a/lib/cryptohi/cryptohi.h ++++ b/lib/cryptohi/cryptohi.h +@@ -420,6 +420,8 @@ extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, + const SECAlgorithmID *algid, SECOidTag *hash, + void *wincx); + ++SECStatus SEC_CreateSM2Digest(unsigned char *z, SECItem *pub); ++ + SEC_END_PROTOS + + #endif /* _CRYPTOHI_H_ */ +diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c +index fa13bc3..4bcd43e 100644 +--- a/lib/cryptohi/seckey.c ++++ b/lib/cryptohi/seckey.c +@@ -520,6 +520,7 @@ seckey_GetKeyType(SECOidTag tag) + keyType = dhKey; + break; + case SEC_OID_ANSIX962_EC_PUBLIC_KEY: ++ case SEC_OID_SM2: + keyType = ecKey; + break; + /* accommodate applications that hand us a signature type when they +@@ -776,6 +777,7 @@ SECKEY_ECParamsToKeySize(const SECItem *encodedParams) + + case SEC_OID_SECG_EC_SECP256K1: + case SEC_OID_ANSIX962_EC_PRIME256V1: ++ case SEC_OID_SM2: + return 256; + + case SEC_OID_ANSIX962_EC_C2PNB272W1: +@@ -924,6 +926,7 @@ SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams) + + case SEC_OID_SECG_EC_SECP256K1: + case SEC_OID_ANSIX962_EC_PRIME256V1: ++ case SEC_OID_SM2: + return 256; + + case SEC_OID_ANSIX962_EC_C2PNB272W1: +diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c +index c46b2b1..90be1d1 100644 +--- a/lib/cryptohi/secsign.c ++++ b/lib/cryptohi/secsign.c +@@ -861,3 +861,46 @@ SEC_CreateSignatureAlgorithmParameters(PLArenaPool *arena, + return result; + } + } ++ ++// TODO ++const unsigned char zin_default[] = { ++ 0x00, 0x80, // id length ++ 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, ++ 0x35, 0x36, 0x37, 0x38, // default id: 1234567812345678 ++ 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, // sm2 a ++ 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, ++ 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, ++ 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93, // sm2 b ++ 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, ++ 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, ++ 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7, // sm2 x ++ 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, ++ 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, ++ 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 // sm2 y ++}; ++ ++SECStatus SEC_CreateSM2Digest(unsigned char *z, SECItem *pub) ++{ ++ unsigned int len; ++ PK11Context *ctx; ++ ++ if (!z || !pub || pub->len != 65) ++ return SECFailure; ++ ++ ctx = PK11_CreateDigestContext(SEC_OID_SM3); ++ if (!ctx) ++ return SECFailure; ++ ++ if (PK11_DigestBegin(ctx) != SECSuccess || ++ PK11_DigestOp(ctx, zin_default, sizeof(zin_default)) != SECSuccess || ++ PK11_DigestOp(ctx, pub->data + 1, 64) != SECSuccess || ++ PK11_DigestFinal(ctx, z, &len, SM3_LENGTH)) { ++ PK11_DestroyContext(ctx, PR_TRUE); ++ return SECFailure; ++ } ++ ++ PK11_DestroyContext(ctx, PR_TRUE); ++ return SECSuccess; ++} +diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c +index 1754584..1d75bdf 100644 +--- a/lib/cryptohi/secvfy.c ++++ b/lib/cryptohi/secvfy.c +@@ -288,6 +288,8 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg) + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: + return SEC_OID_ANSIX962_EC_PUBLIC_KEY; ++ case SEC_OID_SM2_WITH_SM3: ++ return SEC_OID_SM2; + /* we don't implement MD4 hashes */ + case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: + default: +@@ -430,6 +432,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, + return SECFailure; + } + break; ++ case SEC_OID_SM2_WITH_SM3: ++ *hashalg = SEC_OID_SM3; ++ break; + /* we don't implement MD4 hashes */ + case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: + default: +diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c +index 73a625a..bf2aea7 100644 +--- a/lib/freebl/ec.c ++++ b/lib/freebl/ec.c +@@ -15,6 +15,7 @@ + #include "mplogic.h" + #include "ec.h" + #include "ecl.h" ++#include "sm2.h" + + static const ECMethod kMethods[] = { + { ECCurve25519, +@@ -907,7 +908,9 @@ ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest) + goto cleanup; + + /* Generate ECDSA signature with the specified k value */ +- rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len); ++ rv = key->ecParams.name == ECCurve_sm2p256v1 ? ++ SM2_SignDigestWithSeed(key, signature, digest, kBytes, len) : ++ ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len); + + cleanup: + if (kBytes) { +diff --git a/lib/freebl/ecdecode.c b/lib/freebl/ecdecode.c +index 652ad42..4c090d2 100644 +--- a/lib/freebl/ecdecode.c ++++ b/lib/freebl/ecdecode.c +@@ -179,7 +179,10 @@ EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams, + CHECK_SEC_OK(gf_populate_params_bytes(ECCurve25519, ec_field_plain, + params)); + break; +- ++ case SEC_OID_SM2: ++ /* Populate params for Curve SM2 */ ++ CHECK_SEC_OK(gf_populate_params_bytes(ECCurve_sm2p256v1, ec_field_plain, ++ params)); + default: + break; + }; +diff --git a/lib/freebl/ecl/ecl-curve.h b/lib/freebl/ecl/ecl-curve.h +index fc8003f..e64fe4d 100644 +--- a/lib/freebl/ecl/ecl-curve.h ++++ b/lib/freebl/ecl/ecl-curve.h +@@ -206,6 +206,38 @@ static const ECCurveBytes ecCurve_25519 = { + KU_KEY_AGREEMENT + }; + ++static const PRUint8 sm2_irr[32] = ++ { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; ++static const PRUint8 sm2_a[32] = ++ { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc }; ++static const PRUint8 sm2_b[32] = ++ { 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, ++ 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, ++ 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93 }; ++static const PRUint8 sm2_x[32] = ++ { 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, ++ 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, ++ 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7 }; ++static const PRUint8 sm2_y[32] = ++ { 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, ++ 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, ++ 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0 }; ++static const PRUint8 sm2_order[32] = ++ { 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, ++ 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23 }; ++ ++static const ECCurveBytes ecCurve_sm2p256v1 = { ++ "sm2p256v1", ECField_GFp, 256, ++ sm2_irr, sm2_a, sm2_b, sm2_x, sm2_y, sm2_order, NULL, ++ 8, 128, 66, 32, // TODO ++ KU_KEY_AGREEMENT ++}; ++ + /* mapping between ECCurveName enum and pointers to ECCurveParams */ + static const ECCurveBytes *ecCurve_map[] = { + NULL, /* ECCurve_noName */ +@@ -267,6 +299,7 @@ static const ECCurveBytes *ecCurve_map[] = { + NULL, /* ECCurve_WTLS_8 */ + NULL, /* ECCurve_WTLS_9 */ + &ecCurve_25519, /* ECCurve25519 */ ++ &ecCurve_sm2p256v1, /* ECCurve_sm2p256v1 */ + NULL /* ECCurve_pastLastCurve */ + }; + +diff --git a/lib/freebl/ecl/ecl-exp.h b/lib/freebl/ecl/ecl-exp.h +index 44adb8a..d071fc9 100644 +--- a/lib/freebl/ecl/ecl-exp.h ++++ b/lib/freebl/ecl/ecl-exp.h +@@ -132,6 +132,7 @@ typedef enum { + /* ECCurve_WTLS_12 == ECCurve_NIST_P224 */ + + ECCurve25519, ++ ECCurve_sm2p256v1, + + ECCurve_pastLastCurve + } ECCurveName; +diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi +index 85a569f..253ce8d 100644 +--- a/lib/freebl/freebl_base.gypi ++++ b/lib/freebl/freebl_base.gypi +@@ -59,6 +59,7 @@ + 'sha_fast.c', + 'shvfy.c', + 'sm3.c', ++ 'sm2.c', + 'sysrand.c', + 'tlsprfalg.c', + ], +diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn +index fd3218d..2dbf7c9 100644 +--- a/lib/freebl/manifest.mn ++++ b/lib/freebl/manifest.mn +@@ -158,6 +158,7 @@ CSRCS = \ + $(LOWHASH_SRCS) \ + $(EXTRA_SRCS) \ + sm3.c \ ++ sm2.c \ + $(NULL) + + ifndef NSS_DISABLE_DEPRECATED_SEED +@@ -188,6 +189,7 @@ ALL_HDRS = \ + vis_proto.h \ + seed.h \ + sm3.h \ ++ sm2.h \ + $(NULL) + + +diff --git a/lib/nss/nss.def b/lib/nss/nss.def +index e87395b..2bc4965 100644 +--- a/lib/nss/nss.def ++++ b/lib/nss/nss.def +@@ -1238,3 +1238,9 @@ PK11_SlotGetLastFIPSStatus; + ;+ local: + ;+ *; + ;+}; ++;+NSS_openEuler { ++;+ global: ++SEC_CreateSM2Digest; ++;+ local: ++;+ *; ++;+}; +diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h +index 9bb704c..f195077 100644 +--- a/lib/util/pkcs11n.h ++++ b/lib/util/pkcs11n.h +@@ -252,6 +252,8 @@ + + /* SM algorithm (to be proposed to PKCS #11) */ + #define CKM_NSS_SM3 (CKM_NSS + 45) ++#define CKM_NSS_SM2 (CKM_NSS + 46) ++#define CKM_NSS_SM2_WITH_SM3 (CKM_NSS + 47) + + + /* +diff --git a/lib/util/secoid.c b/lib/util/secoid.c +index 3091d99..f5f2b12 100644 +--- a/lib/util/secoid.c ++++ b/lib/util/secoid.c +@@ -606,6 +606,8 @@ CONST_OID curve25519[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01 + * 1.2.156.197.1.401 + */ + CONST_OID sm3[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x11 }; ++CONST_OID sm2[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D }; ++CONST_OID sm2_with_sm3[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75 }; + + #define OI(x) \ + { \ +@@ -1801,6 +1803,8 @@ const static SECOidData oids[SEC_OID_TOTAL] = { + "IPsec User", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), + OD(sm3, SEC_OID_SM3, "SM3", CKM_NSS_SM3, INVALID_CERT_EXTENSION), ++ OD(sm2, SEC_OID_SM2, "SM2", CKM_NSS_SM2, INVALID_CERT_EXTENSION), ++ OD(sm2_with_sm3, SEC_OID_SM2_WITH_SM3, "SM2_WITH_SM3", CKM_NSS_SM2_WITH_SM3, INVALID_CERT_EXTENSION), + }; + + /* PRIVATE EXTENDED SECOID Table +diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h +index 984b7fb..fe49661 100644 +--- a/lib/util/secoidt.h ++++ b/lib/util/secoidt.h +@@ -503,6 +503,8 @@ typedef enum { + SEC_OID_EXT_KEY_USAGE_IPSEC_USER = 363, + + SEC_OID_SM3 = 364, ++ SEC_OID_SM2 = 365, ++ SEC_OID_SM2_WITH_SM3 = 366, + + SEC_OID_TOTAL + } SECOidTag; +-- +2.33.0 + diff --git a/Feature-nss-support-SM3-digest-algorithm.patch b/Feature-nss-support-SM3-digest-algorithm.patch new file mode 100644 index 0000000000000000000000000000000000000000..c3fe17bf3a46bbbe5b7c15c5ce97718332b0edb1 --- /dev/null +++ b/Feature-nss-support-SM3-digest-algorithm.patch @@ -0,0 +1,564 @@ +From 5cf8e813cd5c765f09e368f0b5f2dbd4e4c430b1 Mon Sep 17 00:00:00 2001 +From: Huaxin Lu +Date: Sat, 20 Aug 2022 00:49:51 +0800 +Subject: [PATCH 2/4] nss support SM3 digest algorithm + +Co-authored-by: godcansee +Signed-off-by: Huaxin Lu +--- + lib/cryptohi/sechash.c | 19 ++++++++ + lib/freebl/blapi.h | 18 ++++++++ + lib/freebl/blapit.h | 4 ++ + lib/freebl/freebl_base.gypi | 1 + + lib/freebl/ldvector.c | 13 +++++- + lib/freebl/loader.c | 91 +++++++++++++++++++++++++++++++++++++ + lib/freebl/loader.h | 14 ++++++ + lib/freebl/manifest.mn | 2 + + lib/freebl/rawhash.c | 12 +++++ + lib/pk11wrap/pk11pars.c | 2 + + lib/pk11wrap/pk11slot.c | 11 ++++- + lib/pk11wrap/secmod.h | 1 + + lib/softoken/pkcs11.c | 1 + + lib/softoken/pkcs11c.c | 2 + + lib/util/hasht.h | 2 + + lib/util/pkcs11n.h | 4 ++ + lib/util/secoid.c | 6 +++ + lib/util/secoidt.h | 2 + + lib/util/utilmodt.h | 1 + + lib/util/utilpars.c | 1 + + lib/util/utilparst.h | 2 +- + 21 files changed, 205 insertions(+), 4 deletions(-) + +diff --git a/lib/cryptohi/sechash.c b/lib/cryptohi/sechash.c +index 474fdff..7c4cdbf 100644 +--- a/lib/cryptohi/sechash.c ++++ b/lib/cryptohi/sechash.c +@@ -85,6 +85,12 @@ sha512_NewContext(void) + return (void *)PK11_CreateDigestContext(SEC_OID_SHA512); + } + ++static void * ++sm3_NewContext(void) ++{ ++ return (void *)PK11_CreateDigestContext(SEC_OID_SM3); ++} ++ + const SECHashObject SECHashObjects[] = { + { 0, + (void *(*)(void))null_hash_new_context, +@@ -166,6 +172,16 @@ const SECHashObject SECHashObjects[] = { + PK11_DigestFinal, + SHA224_BLOCK_LENGTH, + HASH_AlgSHA224 }, ++ { SM3_LENGTH, ++ (void *(*)(void))sm3_NewContext, ++ (void *(*)(void *))PK11_CloneContext, ++ (void (*)(void *, PRBool))PK11_DestroyContext, ++ (void (*)(void *))PK11_DigestBegin, ++ (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp, ++ (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) ++ PK11_DigestFinal, ++ SM3_BLOCK_LENGTH, ++ HASH_AlgSM3 }, + }; + + const SECHashObject * +@@ -201,6 +217,9 @@ HASH_GetHashTypeByOidTag(SECOidTag hashOid) + case SEC_OID_SHA512: + ht = HASH_AlgSHA512; + break; ++ case SEC_OID_SM3: ++ ht = HASH_AlgSM3; ++ break; + default: + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + break; +diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h +index 94fd802..d53c196 100644 +--- a/lib/freebl/blapi.h ++++ b/lib/freebl/blapi.h +@@ -1484,6 +1484,24 @@ extern SECStatus SHA384_Flatten(SHA384Context *cx, unsigned char *space); + extern SHA384Context *SHA384_Resurrect(unsigned char *space, void *arg); + extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src); + ++/******************************************/ ++ ++extern SM3Context *SM3_NewContext(void); ++extern void SM3_DestroyContext(SM3Context *cx, PRBool freeit); ++extern void SM3_Begin(SM3Context *cx); ++extern void SM3_Update(SM3Context *cx, const unsigned char *input, ++ unsigned int inputLen); ++extern void SM3_End(SM3Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen); ++extern SECStatus SM3_HashBuf(unsigned char *dest, const unsigned char *src, ++ PRUint32 src_length); ++extern SECStatus SM3_Hash(unsigned char *dest, const char *src); ++extern void SM3_TraceState(SM3Context *cx); ++extern unsigned int SM3_FlattenSize(SM3Context *cx); ++extern SECStatus SM3_Flatten(SM3Context *cx, unsigned char *space); ++extern SM3Context *SM3_Resurrect(unsigned char *space, void *arg); ++extern void SM3_Clone(SM3Context *dest, SM3Context *src); ++ + /**************************************** + * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function + */ +diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h +index 0054e17..2d400ec 100644 +--- a/lib/freebl/blapit.h ++++ b/lib/freebl/blapit.h +@@ -98,6 +98,7 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); + #define SHA384_LENGTH 48 /* bytes */ + #define SHA512_LENGTH 64 /* bytes */ + #define BLAKE2B512_LENGTH 64 /* Bytes */ ++#define SM3_LENGTH 32 /* bytes */ + #define HASH_LENGTH_MAX SHA512_LENGTH + + /* +@@ -112,6 +113,7 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); + #define SHA384_BLOCK_LENGTH 128 /* bytes */ + #define SHA512_BLOCK_LENGTH 128 /* bytes */ + #define BLAKE2B_BLOCK_LENGTH 128 /* Bytes */ ++#define SM3_BLOCK_LENGTH 64 /* bytes */ + #define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH + + #define AES_BLOCK_SIZE 16 /* bytes */ +@@ -243,6 +245,7 @@ struct MD5ContextStr; + struct SHA1ContextStr; + struct SHA256ContextStr; + struct SHA512ContextStr; ++struct SM3ContextStr; + struct AESKeyWrapContextStr; + struct SEEDContextStr; + struct ChaCha20ContextStr; +@@ -264,6 +267,7 @@ typedef struct SHA256ContextStr SHA224Context; + typedef struct SHA512ContextStr SHA512Context; + /* SHA384Context is really a SHA512ContextStr. This is not a mistake. */ + typedef struct SHA512ContextStr SHA384Context; ++typedef struct SM3ContextStr SM3Context; + typedef struct AESKeyWrapContextStr AESKeyWrapContext; + typedef struct SEEDContextStr SEEDContext; + typedef struct ChaCha20ContextStr ChaCha20Context; +diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi +index afbffac..85a569f 100644 +--- a/lib/freebl/freebl_base.gypi ++++ b/lib/freebl/freebl_base.gypi +@@ -58,6 +58,7 @@ + 'rsapkcs.c', + 'sha_fast.c', + 'shvfy.c', ++ 'sm3.c', + 'sysrand.c', + 'tlsprfalg.c', + ], +diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c +index ac3b862..67bb001 100644 +--- a/lib/freebl/ldvector.c ++++ b/lib/freebl/ldvector.c +@@ -376,9 +376,20 @@ static const struct FREEBLVectorStr vector = + /* End of version 3.024 */ + ChaCha20_InitContext, + ChaCha20_CreateContext, +- ChaCha20_DestroyContext ++ ChaCha20_DestroyContext, + + /* End of version 3.025 */ ++ SM3_NewContext, ++ SM3_DestroyContext, ++ SM3_Begin, ++ SM3_Update, ++ SM3_End, ++ SM3_HashBuf, ++ SM3_Hash, ++ SM3_TraceState, ++ SM3_FlattenSize, ++ SM3_Flatten, ++ SM3_Resurrect + }; + + const FREEBLVector* +diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c +index 692a883..dc3a37e 100644 +--- a/lib/freebl/loader.c ++++ b/lib/freebl/loader.c +@@ -2446,3 +2446,94 @@ CMAC_Destroy(CMACContext *ctx, PRBool free_it) + return; + (vector->p_CMAC_Destroy)(ctx, free_it); + } ++ ++SECStatus ++SM3_Hash(unsigned char *dest, const char *src) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return SECFailure; ++ return (vector->p_SM3_Hash)(dest, src); ++} ++ ++SECStatus ++SM3_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return SECFailure; ++ return (vector->p_SM3_HashBuf)(dest, src, src_length); ++} ++ ++SM3Context * ++SM3_NewContext(void) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return NULL; ++ return (vector->p_SM3_NewContext)(); ++} ++ ++void ++SM3_DestroyContext(SM3Context *cx, PRBool freeit) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return; ++ (vector->p_SM3_DestroyContext)(cx, freeit); ++} ++ ++void ++SM3_Begin(SM3Context *cx) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return; ++ (vector->p_SM3_Begin)(cx); ++} ++ ++void ++SM3_Update(SM3Context *cx, const unsigned char *input, ++ unsigned int inputLen) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return; ++ (vector->p_SM3_Update)(cx, input, inputLen); ++} ++ ++void ++SM3_End(SM3Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return; ++ (vector->p_SM3_End)(cx, digest, digestLen, maxDigestLen); ++} ++ ++void ++SM3_TraceState(SM3Context *cx) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return; ++ (vector->p_SM3_TraceState)(cx); ++} ++ ++unsigned int ++SM3_FlattenSize(SM3Context *cx) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return 0; ++ return (vector->p_SM3_FlattenSize)(cx); ++} ++ ++SECStatus ++SM3_Flatten(SM3Context *cx, unsigned char *space) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return SECFailure; ++ return (vector->p_SM3_Flatten)(cx, space); ++} ++ ++SM3Context * ++SM3_Resurrect(unsigned char *space, void *arg) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return NULL; ++ return (vector->p_SM3_Resurrect)(space, arg); ++} ++ +diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h +index eb3046d..f67595e 100644 +--- a/lib/freebl/loader.h ++++ b/lib/freebl/loader.h +@@ -831,6 +831,20 @@ struct FREEBLVectorStr { + void (*p_ChaCha20_DestroyContext)(ChaCha20Context *ctx, PRBool freeit); + + /* Version 3.025 came to here */ ++ SM3Context *(*p_SM3_NewContext)(void); ++ void (*p_SM3_DestroyContext)(SM3Context *cx, PRBool freeit); ++ void (*p_SM3_Begin)(SM3Context *cx); ++ void (*p_SM3_Update)(SM3Context *cx, const unsigned char *input, ++ unsigned int inputLen); ++ void (*p_SM3_End)(SM3Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen); ++ SECStatus (*p_SM3_HashBuf)(unsigned char *dest, const unsigned char *src, ++ PRUint32 src_length); ++ SECStatus (*p_SM3_Hash)(unsigned char *dest, const char *src); ++ void (*p_SM3_TraceState)(SM3Context *cx); ++ unsigned int (*p_SM3_FlattenSize)(SM3Context *cx); ++ SECStatus (*p_SM3_Flatten)(SM3Context *cx, unsigned char *space); ++ SM3Context *(*p_SM3_Resurrect)(unsigned char *space, void *arg); + + /* Add new function pointers at the end of this struct and bump + * FREEBL_VERSION at the beginning of this file. */ +diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn +index 9dac210..fd3218d 100644 +--- a/lib/freebl/manifest.mn ++++ b/lib/freebl/manifest.mn +@@ -157,6 +157,7 @@ CSRCS = \ + $(STUBS_SRCS) \ + $(LOWHASH_SRCS) \ + $(EXTRA_SRCS) \ ++ sm3.c \ + $(NULL) + + ifndef NSS_DISABLE_DEPRECATED_SEED +@@ -186,6 +187,7 @@ ALL_HDRS = \ + shsign.h \ + vis_proto.h \ + seed.h \ ++ sm3.h \ + $(NULL) + + +diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c +index 551727b..c74cbbc 100644 +--- a/lib/freebl/rawhash.c ++++ b/lib/freebl/rawhash.c +@@ -141,6 +141,18 @@ const SECHashObject SECRawHashObjects[] = { + HASH_AlgSHA224, + (void (*)(void *, unsigned char *, unsigned int *, + unsigned int))SHA224_EndRaw }, ++ { SM3_LENGTH, ++ (void *(*)(void))SM3_NewContext, ++ (void *(*)(void *))null_hash_clone_context, ++ (void (*)(void *, PRBool))SM3_DestroyContext, ++ (void (*)(void *))SM3_Begin, ++ (void (*)(void *, const unsigned char *, unsigned int))SM3_Update, ++ (void (*)(void *, unsigned char *, unsigned int *, ++ unsigned int))SM3_End, ++ SM3_BLOCK_LENGTH, ++ HASH_AlgSM3, ++ NULL /* end_raw */ ++ }, + }; + + const SECHashObject * +diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c +index 23e5af3..c127309 100644 +--- a/lib/pk11wrap/pk11pars.c ++++ b/lib/pk11wrap/pk11pars.c +@@ -338,6 +338,8 @@ static const oidValDef hashOptList[] = { + { CIPHER_NAME("SHA384"), SEC_OID_SHA384, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, + { CIPHER_NAME("SHA512"), SEC_OID_SHA512, ++ NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, ++ { CIPHER_NAME("SM3"), SEC_OID_SM3, + NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE } + }; + +diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c +index c320019..41a326b 100644 +--- a/lib/pk11wrap/pk11slot.c ++++ b/lib/pk11wrap/pk11slot.c +@@ -51,6 +51,7 @@ const PK11DefaultArrayEntry PK11_DefaultArray[] = { + { "SHA512", SECMOD_SHA512_FLAG, CKM_SHA512 }, + { "MD5", SECMOD_MD5_FLAG, CKM_MD5 }, + { "MD2", SECMOD_MD2_FLAG, CKM_MD2 }, ++ { "SM3", SECMOD_SM3_FLAG, CKM_NSS_SM3 }, + { "SSL", SECMOD_SSL_FLAG, CKM_SSL3_PRE_MASTER_KEY_GEN }, + { "TLS", SECMOD_TLS_FLAG, CKM_TLS_MASTER_KEY_DERIVE }, + { "SKIPJACK", SECMOD_FORTEZZA_FLAG, CKM_SKIPJACK_CBC64 }, +@@ -93,7 +94,8 @@ static PK11SlotList + pk11_tlsSlotList, + pk11_randomSlotList, + pk11_sha256SlotList, +- pk11_sha512SlotList; /* slots do SHA512 and SHA384 */ ++ pk11_sha512SlotList, /* slots do SHA512 and SHA384 */ ++ pk11_sm3SlotList; + + /************************************************************ + * Generic Slot List and Slot List element manipulations +@@ -838,6 +840,7 @@ PK11_InitSlotLists(void) + pk11_InitSlotListStatic(&pk11_randomSlotList); + pk11_InitSlotListStatic(&pk11_sha256SlotList); + pk11_InitSlotListStatic(&pk11_sha512SlotList); ++ pk11_InitSlotListStatic(&pk11_sm3SlotList); + return SECSuccess; + } + +@@ -864,6 +867,7 @@ PK11_DestroySlotLists(void) + pk11_FreeSlotListStatic(&pk11_randomSlotList); + pk11_FreeSlotListStatic(&pk11_sha256SlotList); + pk11_FreeSlotListStatic(&pk11_sha512SlotList); ++ pk11_FreeSlotListStatic(&pk11_sm3SlotList); + return; + } + +@@ -911,6 +915,8 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type) + return &pk11_md5SlotList; + case CKM_MD2: + return &pk11_md2SlotList; ++ case CKM_NSS_SM3: ++ return &pk11_sm3SlotList; + case CKM_RC2_ECB: + case CKM_RC2_CBC: + return &pk11_rc2SlotList; +@@ -2362,7 +2368,8 @@ PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type, + (type[i] != CKM_SHA384) && + (type[i] != CKM_SHA512) && + (type[i] != CKM_MD5) && +- (type[i] != CKM_MD2)) { ++ (type[i] != CKM_MD2) && ++ (type[i] != CKM_NSS_SM3)) { + listNeedLogin = PR_TRUE; + break; + } +diff --git a/lib/pk11wrap/secmod.h b/lib/pk11wrap/secmod.h +index fcc7707..dbc58e8 100644 +--- a/lib/pk11wrap/secmod.h ++++ b/lib/pk11wrap/secmod.h +@@ -29,6 +29,7 @@ + #define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul + #define PUBLIC_MECH_SEED_FLAG 0x00020000ul + #define PUBLIC_MECH_ECC_FLAG 0x00040000ul ++#define PUBLIC_MECH_SM3_FLAG 0x00080000ul + + #define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul + #define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul +diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c +index 3f49333..323b2e2 100644 +--- a/lib/softoken/pkcs11.c ++++ b/lib/softoken/pkcs11.c +@@ -452,6 +452,7 @@ static const struct mechanismList mechanisms[] = { + { CKM_NSS_TLS_PRF_GENERAL_SHA256, + { 0, 512, CKF_SN_VR }, + PR_FALSE }, ++ { CKM_NSS_SM3, { 0, 0, CKF_DIGEST }, PR_FALSE }, + /* ------------------------- HKDF Operations -------------------------- */ + { CKM_HKDF_DERIVE, { 1, 255 * 64, CKF_DERIVE }, PR_TRUE }, + { CKM_HKDF_DATA, { 1, 255 * 64, CKF_DERIVE }, PR_TRUE }, +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +index 201a0c7..813f4d7 100644 +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -1939,6 +1939,8 @@ NSC_DigestInit(CK_SESSION_HANDLE hSession, + INIT_MECH(SHA256) + INIT_MECH(SHA384) + INIT_MECH(SHA512) ++#define CKM_SM3 CKM_NSS_SM3 ++ INIT_MECH(SM3) + + default: + crv = CKR_MECHANISM_INVALID; +diff --git a/lib/util/hasht.h b/lib/util/hasht.h +index 536d34c..556c6ba 100644 +--- a/lib/util/hasht.h ++++ b/lib/util/hasht.h +@@ -24,6 +24,7 @@ typedef enum { + HASH_AlgSHA384 = 5, + HASH_AlgSHA512 = 6, + HASH_AlgSHA224 = 7, ++ HASH_AlgSM3 = 8, + HASH_AlgTOTAL + } HASH_HashType; + +@@ -37,6 +38,7 @@ typedef enum { + #define SHA256_LENGTH 32 + #define SHA384_LENGTH 48 + #define SHA512_LENGTH 64 ++#define SM3_LENGTH 32 + #define HASH_LENGTH_MAX SHA512_LENGTH + + /* +diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h +index 9a8126a..9bb704c 100644 +--- a/lib/util/pkcs11n.h ++++ b/lib/util/pkcs11n.h +@@ -250,6 +250,10 @@ + #define CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA (CKM_NSS + 43) + #define CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA (CKM_NSS + 44) + ++/* SM algorithm (to be proposed to PKCS #11) */ ++#define CKM_NSS_SM3 (CKM_NSS + 45) ++ ++ + /* + * HISTORICAL: + * Do not attempt to use these. They are only used by NSS's internal +diff --git a/lib/util/secoid.c b/lib/util/secoid.c +index b10f859..3091d99 100644 +--- a/lib/util/secoid.c ++++ b/lib/util/secoid.c +@@ -602,6 +602,11 @@ CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 }; + */ + CONST_OID curve25519[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01 }; + ++/* https://datatracker.ietf.org/doc/html/draft-oscca-cfrg-sm3-02 ++ * 1.2.156.197.1.401 ++ */ ++CONST_OID sm3[] = { 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x11 }; ++ + #define OI(x) \ + { \ + siDEROID, (unsigned char *)x, sizeof x \ +@@ -1795,6 +1800,7 @@ const static SECOidData oids[SEC_OID_TOTAL] = { + SEC_OID_EXT_KEY_USAGE_IPSEC_USER, + "IPsec User", + CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), ++ OD(sm3, SEC_OID_SM3, "SM3", CKM_NSS_SM3, INVALID_CERT_EXTENSION), + }; + + /* PRIVATE EXTENDED SECOID Table +diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h +index 2b7eb21..984b7fb 100644 +--- a/lib/util/secoidt.h ++++ b/lib/util/secoidt.h +@@ -502,6 +502,8 @@ typedef enum { + SEC_OID_EXT_KEY_USAGE_IPSEC_TUNNEL = 362, + SEC_OID_EXT_KEY_USAGE_IPSEC_USER = 363, + ++ SEC_OID_SM3 = 364, ++ + SEC_OID_TOTAL + } SECOidTag; + +diff --git a/lib/util/utilmodt.h b/lib/util/utilmodt.h +index e1555f3..cc927dd 100644 +--- a/lib/util/utilmodt.h ++++ b/lib/util/utilmodt.h +@@ -28,6 +28,7 @@ + #define SECMOD_CAMELLIA_FLAG 0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */ + #define SECMOD_SEED_FLAG 0x00020000L + #define SECMOD_ECC_FLAG 0x00040000L ++#define SECMOD_SM3_FLAG 0x00080000L + /* reserved bit for future, do not use */ + #define SECMOD_RESERVED_FLAG 0X08000000L + #define SECMOD_FRIENDLY_FLAG 0x10000000L +diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c +index c248aa6..56ede24 100644 +--- a/lib/util/utilpars.c ++++ b/lib/util/utilpars.c +@@ -607,6 +607,7 @@ static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = { + NSSUTIL_ARG_ENTRY(AES, SECMOD_AES_FLAG), + NSSUTIL_ARG_ENTRY(Camellia, SECMOD_CAMELLIA_FLAG), + NSSUTIL_ARG_ENTRY(SEED, SECMOD_SEED_FLAG), ++ NSSUTIL_ARG_ENTRY(SM3, SECMOD_SM3_FLAG), + NSSUTIL_ARG_ENTRY(PublicCerts, SECMOD_FRIENDLY_FLAG), + NSSUTIL_ARG_ENTRY(RANDOM, SECMOD_RANDOM_FLAG), + NSSUTIL_ARG_ENTRY(Disable, SECMOD_DISABLE_FLAG), +diff --git a/lib/util/utilparst.h b/lib/util/utilparst.h +index 5dda090..7a4c9f7 100644 +--- a/lib/util/utilparst.h ++++ b/lib/util/utilparst.h +@@ -43,7 +43,7 @@ + #define NSSUTIL_DEFAULT_INTERNAL_INIT3 \ + " askpw=any timeout=30})\"" + #define NSSUTIL_DEFAULT_SFTKN_FLAGS \ +- "slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]" ++ "slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512,SM3]" + + #define NSSUTIL_DEFAULT_CIPHER_ORDER 0 + #define NSSUTIL_DEFAULT_TRUST_ORDER 50 +-- +2.33.0 + diff --git a/nss.spec b/nss.spec index 9f331b8db871a9bc931b8017f745208d968c7983..def7da92c2b0a0ca143eaa7135f06f7a5d25ecbe 100644 --- a/nss.spec +++ b/nss.spec @@ -14,7 +14,7 @@ Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 3 +Release: 4 License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Provides: nss-system-init @@ -43,6 +43,12 @@ Patch0: nss-539183.patch Patch6000: backport-CVE-2021-43527.patch +# Feature: support sm2 and sm3 +Patch9000: Feature-nss-add-implement-of-SM3-digest-algorithm.patch +Patch9001: Feature-nss-add-implement-of-SM2-signature-algorithm.patch +Patch9002: Feature-nss-support-SM3-digest-algorithm.patch +Patch9003: Feature-nss-support-SM2-signature-algorithm.patch + %description Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and @@ -127,6 +133,10 @@ Help document for NSS %patch0 -p0 -b .539183 pushd nss %patch6000 -p1 +%patch9000 -p1 +%patch9001 -p1 +%patch9002 -p1 +%patch9003 -p1 popd %build @@ -549,6 +559,9 @@ update-crypto-policies &>/dev/null||: %doc %{_mandir}/man* %changelog +* Thu Oct 27 2022 luhuaxin - 3.72.0-4 +- optimize support for sm2,sm3 + * Thu Aug 04 2022 renhongxun - 3.72.0-3 - remove nss-help from Requires of nss and nss-util