diff --git a/Feature-nss-add-implement-of-SM2-signature-algorithm.patch b/Feature-nss-add-implement-of-SM2-signature-algorithm.patch new file mode 100644 index 0000000000000000000000000000000000000000..c98e32b93c0a8db36aac914e3103d64de95bfd86 --- /dev/null +++ b/Feature-nss-add-implement-of-SM2-signature-algorithm.patch @@ -0,0 +1,179 @@ +From 76754353988703719623717de9d1252434b69507 Mon Sep 17 00:00:00 2001 +From: Huaxin Lu +Date: Sun, 2 Oct 2022 19:05:00 +0800 +Subject: [PATCH 3/4] nss add implement of SM2 signature algorithm + +Co-authored-by: godcansee +Signed-off-by: Huaxin Lu +--- + lib/freebl/sm2.c | 134 +++++++++++++++++++++++++++++++++++++++++++++++ + lib/freebl/sm2.h | 16 ++++++ + 2 files changed, 150 insertions(+) + create mode 100644 lib/freebl/sm2.c + create mode 100644 lib/freebl/sm2.h + +diff --git a/lib/freebl/sm2.c b/lib/freebl/sm2.c +new file mode 100644 +index 0000000..f80b8ca +--- /dev/null ++++ b/lib/freebl/sm2.c +@@ -0,0 +1,134 @@ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#ifdef FREEBL_NO_DEPEND ++#include "stubs.h" ++#endif ++ ++#include "blapi.h" ++#include "blapii.h" ++#include "prerr.h" ++#include "secerr.h" ++#include "secmpi.h" ++#include "secitem.h" ++#include "ecl.h" ++ ++SECStatus ++SM2_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, ++ const SECItem *digest, const unsigned char *kb, const int kblen) ++{ ++ SECStatus rv = SECFailure; ++ mp_int e, k, x1, y1, r, n, dA, tmp, s; ++ mp_err err = MP_OKAY; ++ ECParams *ecParams; ++ ECGroup *group; ++ SECItem kGpoint = { siBuffer, NULL, 0 }; ++ mp_size olen; ++ ++ if (!key || !signature || !signature->data || !digest || !kb || (kblen < 0)) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return SECFailure; ++ } ++ ++ ecParams = &(key->ecParams); ++ olen = ecParams->order.len; ++ if (signature->len < 2 * olen) { ++ PORT_SetError(SEC_ERROR_OUTPUT_LEN); ++ return SECFailure; ++ } ++ ++ CHECK_MPI_OK(mp_init(&e)); ++ CHECK_MPI_OK(mp_init(&k)); ++ CHECK_MPI_OK(mp_init(&x1)); ++ CHECK_MPI_OK(mp_init(&y1)); ++ CHECK_MPI_OK(mp_init(&r)); ++ CHECK_MPI_OK(mp_init(&n)); ++ CHECK_MPI_OK(mp_init(&dA)); ++ CHECK_MPI_OK(mp_init(&tmp)); ++ CHECK_MPI_OK(mp_init(&s)); ++ CHECK_MPI_OK(mp_init(&tmp)); ++ CHECK_MPI_OK(mp_init(&s)); ++ ++ SECITEM_TO_MPINT(key->privateValue, &dA); ++ SECITEM_TO_MPINT(*digest, &e); ++ SECITEM_TO_MPINT(ecParams->order, &n); ++ ++ CHECK_MPI_OK(mp_read_unsigned_octets(&k, kb, kblen)); ++ ++ /* Make sure k is in the interval [1, n-1] */ ++ if ((mp_cmp_z(&k) <= 0) || (mp_cmp(&k, &n) >= 0)) { ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ goto cleanup; ++ } ++ ++ /* (x1, y1) = [k]G */ ++ group = ECGroup_fromName(ecParams->name); ++ if (!group) ++ goto cleanup; ++ ++ kGpoint.len = EC_GetPointSize(ecParams); ++ kGpoint.data = PORT_Alloc(kGpoint.len); ++ if (kGpoint.data == NULL) ++ goto cleanup; ++ ++ CHECK_MPI_OK(ECPoints_mul(group, &k, NULL, NULL, NULL, &x1, &y1)); ++ ++ /* r = (e + x1) mod n */ ++ CHECK_MPI_OK(mp_addmod(&e, &x1, &n, &r)); ++ ++ /* r != 0 */ ++ if (mp_cmp_z(&r) == 0) { ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ goto cleanup; ++ } ++ ++ /* r + k != n */ ++ CHECK_MPI_OK(mp_add(&r, &k, &tmp)); ++ if (mp_cmp(&tmp, &n) == 0) { ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ goto cleanup; ++ } ++ ++ /* s = ((d + 1)^-1 * (k - r * dA)) mod n */ ++ CHECK_MPI_OK(mp_add_d(&dA, 1, &tmp)); ++ CHECK_MPI_OK(mp_mod (&tmp, &n, &s)); ++ CHECK_MPI_OK(mp_invmod (&s, &n, &s)); ++ CHECK_MPI_OK(mp_mulmod (&r, &dA, &n, &tmp)); ++ CHECK_MPI_OK(mp_submod (&k, &tmp, &n, &tmp)); ++ CHECK_MPI_OK(mp_mulmod (&s, &tmp, &n, &s)); ++ ++ /* s != 0 */ ++ if (mp_cmp_z(&s) == 0) { ++ PORT_SetError(SEC_ERROR_NEED_RANDOM); ++ goto cleanup; ++ } ++ ++ CHECK_MPI_OK(mp_to_fixlen_octets(&r, signature->data, olen)); ++ CHECK_MPI_OK(mp_to_fixlen_octets(&s, signature->data + olen, olen)); ++ ++ signature->len = 2 * olen; ++ rv = SECSuccess; ++ err = MP_OKAY; ++ ++cleanup: ++ mp_clear(&e); ++ mp_clear(&k); ++ mp_clear(&x1); ++ mp_clear(&y1); ++ mp_clear(&r); ++ mp_clear(&n); ++ mp_clear(&dA); ++ mp_clear(&tmp); ++ mp_clear(&s); ++ ++ if (kGpoint.data) ++ PORT_ZFree(kGpoint.data, kGpoint.len); ++ ++ if (err) { ++ MP_TO_SEC_ERROR(err); ++ rv = SECFailure; ++ } ++ ++ return rv; ++} +diff --git a/lib/freebl/sm2.h b/lib/freebl/sm2.h +new file mode 100644 +index 0000000..0e2072c +--- /dev/null ++++ b/lib/freebl/sm2.h +@@ -0,0 +1,16 @@ ++/* This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#ifndef _SM2_H_ ++#define _SM2_H_ ++ ++ ++#include ++ ++SECStatus ++SM2_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, ++ const SECItem *digest, const unsigned char *kb, const int kblen); ++ ++#endif ++ +-- +2.33.0 + diff --git a/nss-add-implement-of-SM3-digest-algorithm.patch b/Feature-nss-add-implement-of-SM3-digest-algorithm.patch similarity index 58% rename from nss-add-implement-of-SM3-digest-algorithm.patch rename to Feature-nss-add-implement-of-SM3-digest-algorithm.patch index 0422c63e03565c02aad16df560b3c0922d07ce65..b3a57170124d72ed5c4694cff14ac8272408d71e 100644 --- a/nss-add-implement-of-SM3-digest-algorithm.patch +++ b/Feature-nss-add-implement-of-SM3-digest-algorithm.patch @@ -1,22 +1,22 @@ -From 633bdaae41f18da4bee5c4464c917b76f7ed9313 Mon Sep 17 00:00:00 2001 +From c4222d2434eb877fc077cdb338ac22ab6779f412 Mon Sep 17 00:00:00 2001 From: godcansee -Date: Sun, 16 Oct 2022 04:58:00 +0800 -Subject: [PATCH 1/4] nss-add-implement-of-SM3-digest-algorithm +Date: Tue, 27 Sep 2022 19:55:55 +0800 +Subject: [PATCH 1/4] nss add implement of SM3 digest algorithm -Co-authored-by:Huaxin Lu +Signed-off-by: Huaxin Lu --- - nss/lib/freebl/sm3.c | 285 +++++++++++++++++++++++++++++++++++++++++++ - nss/lib/freebl/sm3.h | 23 ++++ - 2 files changed, 308 insertions(+) - create mode 100644 nss/lib/freebl/sm3.c - create mode 100644 nss/lib/freebl/sm3.h + lib/freebl/sm3.c | 274 +++++++++++++++++++++++++++++++++++++++++++++++ + lib/freebl/sm3.h | 19 ++++ + 2 files changed, 293 insertions(+) + create mode 100644 lib/freebl/sm3.c + create mode 100644 lib/freebl/sm3.h -diff --git a/nss/lib/freebl/sm3.c b/nss/lib/freebl/sm3.c +diff --git a/lib/freebl/sm3.c b/lib/freebl/sm3.c new file mode 100644 -index 0000000..7c1137f +index 0000000..27751ff --- /dev/null -+++ b/nss/lib/freebl/sm3.c -@@ -0,0 +1,285 @@ ++++ b/lib/freebl/sm3.c +@@ -0,0 +1,274 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ @@ -25,14 +25,15 @@ index 0000000..7c1137f +#include "stubs.h" +#endif + ++#include "prerr.h" +#include "prtypes.h" +#include "prlong.h" +#include "secport.h" -+#include "blapi.h" +#include "secerr.h" ++#include "blapi.h" +#include "sm3.h" + -+#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) ++#define ROTATE(a,n) (((a) << (n)) | (((a) & 0xffffffff) >> (32 - (n)))) + +#define FF0(X,Y,Z) (X ^ Y ^ Z) +#define GG0(X,Y,Z) (X ^ Y ^ Z) @@ -42,28 +43,22 @@ index 0000000..7c1137f + +#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) + -+#define Get_N(l, c, n) (l = (PRUint32)(((*(PRUint8*)(c + n)) << 24)|((*(PRUint8*)(c + n + 1)) << 16)|((*(PRUint8*)(c + n + 2)) << 8)|((*(PRUint8*)(c + n + 3))))) -+#define Put_N(p, N, n) ((*(PRUint8*)(p + n)) = N) -+#define Put_32(p, N, n) \ -+ ((*(PRUint8*)(p + n)) = (PRUint8)((N) >> 24), \ -+ (*(PRUint8*)(p + n + 1)) = (PRUint8)((N) >> 16), \ -+ (*(PRUint8*)(p + n + 2)) = (PRUint8)((N) >> 8), \ -+ (*(PRUint8*)(p + n + 3)) = (PRUint8)(N)) ++#define Get_32(l, c) ((l) = (PRUint32)(((*((PRUint8*)(c))) << 24) | \ ++ ((*((PRUint8*)(c) + 1)) << 16) | \ ++ ((*((PRUint8*)(c) + 2)) << 8) | \ ++ ((*((PRUint8*)(c) + 3))))) + -+struct SM3ContextStr { -+ PRUint32 A, B, C, D, E, F, G, H; -+ PRUint32 Nl, Nh; -+ PRUint8 data[64]; -+ PRUint32 num; -+}; -+ -+typedef struct SM3ContextStr SM3Context; ++#define Put_32(p, N) ((*((PRUint8*)(p))) = (PRUint8)((N) >> 24), \ ++ (*((PRUint8*)(p) + 1)) = (PRUint8)((N) >> 16), \ ++ (*((PRUint8*)(p) + 2)) = (PRUint8)((N) >> 8), \ ++ (*((PRUint8*)(p) + 3)) = (PRUint8)(N)) + +void processOfSM3(SM3Context *ctx, const unsigned char *p) { + int j; + PRUint32 W[68]; + PRUint32 A, B, C, D, E, F, G, H; + PRUint32 SS1, SS2, TT1, TT2; ++ + A = ctx->A; + B = ctx->B; + C = ctx->C; @@ -74,23 +69,23 @@ index 0000000..7c1137f + H = ctx->H; + + for (j = 0; j < 16; j++) -+ Get_N(W[j], p, 4 * j); ++ Get_32(W[j], p + 4 * j); + + for (j = 16; j <= 67; j++) + W[j] = P1(W[j - 16] ^ W[j - 9] ^ ROTATE(W[j - 3], 15)) ^ ROTATE(W[j - 13], 7) ^ W[j - 6]; + + for (j = 0; j < 16; j++) { + SS1 = ROTATE(A, 12); -+ SS1 = (SS1 + E); -+ SS1 = (SS1 + ROTATE(0x79cc4519UL, j)); ++ SS1 = SS1 + E; ++ SS1 = SS1 + ROTATE(0x79cc4519UL, j); + SS1 = ROTATE(SS1, 7); + SS2 = SS1 ^ ROTATE(A, 12); -+ TT1 = (FF0(A, B, C) + D); -+ TT1 = (TT1 + SS2); -+ TT1 = (TT1 + (W[j] ^ W[j + 4])); -+ TT2 = (GG0(E, F, G) + H); -+ TT2 = (TT2 + SS1); -+ TT2 = (TT2 + W[j]); ++ TT1 = FF0(A, B, C) + D; ++ TT1 = TT1 + SS2; ++ TT1 = TT1 + (W[j] ^ W[j + 4]); ++ TT2 = GG0(E, F, G) + H; ++ TT2 = TT2 + SS1; ++ TT2 = TT2 + W[j]; + D = C; + C = ROTATE(B, 9); + B = A; @@ -103,16 +98,16 @@ index 0000000..7c1137f + + for (j = 16; j < 64; j++) { + SS1 = ROTATE(A, 12); -+ SS1 = (SS1 + E); -+ SS1 = (SS1 + ROTATE(0x7a879d8aUL, j & 0x1f)); ++ SS1 = SS1 + E; ++ SS1 = SS1 + ROTATE(0x7a879d8aUL, j & 0x1f); + SS1 = ROTATE(SS1, 7); + SS2 = SS1 ^ ROTATE(A, 12); -+ TT1 = (FF16(A, B, C) + D); -+ TT1 = (TT1 + SS2); -+ TT1 = (TT1 + (W[j] ^ W[j + 4])); -+ TT2 = (GG16(E, F, G) + H); -+ TT2 = (TT2 + SS1); -+ TT2 = (TT2 + W[j]); ++ TT1 = FF16(A, B, C) + D; ++ TT1 = TT1 + SS2; ++ TT1 = TT1 + (W[j] ^ W[j + 4]); ++ TT2 = GG16(E, F, G) + H; ++ TT2 = TT2 + SS1; ++ TT2 = TT2 + W[j]; + D = C; + C = ROTATE(B, 9); + B = A; @@ -167,20 +162,20 @@ index 0000000..7c1137f +SM3_Update(SM3Context *ctx, const unsigned char *input, + unsigned int inputLen) +{ -+ unsigned int l; -+ unsigned char *p; -+ unsigned int n, rest; ++ PRUint32 l, n, rest; ++ PRUint8 *p; + -+ l = (unsigned int)((ctx->Nl + (inputLen << 3)) & 0xffffffff); -+ if (l < (unsigned int)ctx->Nl) ++ l = (ctx->Nl + (inputLen << 3)) & 0xffffffff; ++ if (l < ctx->Nl) + ctx->Nh++; ++ + ctx->Nl = l; -+ ctx->Nh += inputLen>>29; -+ p = (unsigned char *)ctx->data; -+ n = (unsigned int)ctx->num; -+ rest = 64 - n; ++ ctx->Nh += (inputLen >> 29); ++ p = ctx->data; ++ n = ctx->num; + -+ if (n != 0) { ++ rest = 64 - n; ++ if (n) { + if (inputLen >= rest) { + memcpy(p + n, input, rest); + input += rest; @@ -190,7 +185,7 @@ index 0000000..7c1137f + memset(p, 0, 64); + } else { + memcpy(p + n, input, inputLen); -+ ctx->num += (unsigned int)inputLen; ++ ctx->num += inputLen; + return; + } + } @@ -201,8 +196,8 @@ index 0000000..7c1137f + inputLen -= 64; + } + -+ if (inputLen > 0) { -+ ctx->num = (unsigned int)inputLen; ++ if (inputLen) { ++ ctx->num = inputLen; + memcpy(ctx->data, input, inputLen); + } +} @@ -211,39 +206,33 @@ index 0000000..7c1137f +SM3_End(SM3Context *ctx, unsigned char *digest, + unsigned int *digestLen, unsigned int maxDigestLen) +{ -+ unsigned int n = ctx->num; ++ PRUint32 n = ctx->num; + -+ if (maxDigestLen < SM3_LENGTH) { ++ if (maxDigestLen < SM3_LENGTH) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return; + } + ++ ctx->data[n] = 0x80; ++ + if (n >= 56) { -+ ctx->data[n] = 0x80; -+ n++; -+ memset(ctx->data + n, 0, 64 - n); -+ processOfSM3(ctx, ctx->data); -+ memset(ctx->data, 0, 64); -+ Put_32(ctx->data, ctx->Nh, 56); -+ Put_32(ctx->data, ctx->Nl, 60); -+ processOfSM3(ctx, ctx->data); -+ memset(ctx->data, 0, 64); -+ } else { -+ ctx->data[n] = 0x80; -+ Put_32(ctx->data, ctx->Nh, 56); -+ Put_32(ctx->data, ctx->Nl, 60); ++ memset(ctx->data + n + 1, 0, 64 - n - 1); + processOfSM3(ctx, ctx->data); + memset(ctx->data, 0, 64); + } + -+ Put_32(digest, ctx->A, 0); -+ Put_32(digest, ctx->B, 4); -+ Put_32(digest, ctx->C, 8); -+ Put_32(digest, ctx->D, 12); -+ Put_32(digest, ctx->E, 16); -+ Put_32(digest, ctx->F, 20); -+ Put_32(digest, ctx->G, 24); -+ Put_32(digest, ctx->H, 28); ++ Put_32(&ctx->data[56], ctx->Nh); ++ Put_32(&ctx->data[60], ctx->Nl); ++ processOfSM3(ctx, ctx->data); ++ ++ Put_32(digest, ctx->A); ++ Put_32(digest + 4, ctx->B); ++ Put_32(digest + 8, ctx->C); ++ Put_32(digest + 12, ctx->D); ++ Put_32(digest + 16, ctx->E); ++ Put_32(digest + 20, ctx->F); ++ Put_32(digest + 24, ctx->G); ++ Put_32(digest + 28, ctx->H); + + if (digestLen) + *digestLen = SM3_LENGTH; @@ -302,12 +291,12 @@ index 0000000..7c1137f +{ + memcpy(dest, src, sizeof *dest); +} -diff --git a/nss/lib/freebl/sm3.h b/nss/lib/freebl/sm3.h +diff --git a/lib/freebl/sm3.h b/lib/freebl/sm3.h new file mode 100644 -index 0000000..c08ae1e +index 0000000..83d787f --- /dev/null -+++ b/nss/lib/freebl/sm3.h -@@ -0,0 +1,23 @@ ++++ b/lib/freebl/sm3.h +@@ -0,0 +1,19 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ @@ -317,18 +306,14 @@ index 0000000..c08ae1e + +#include "prtypes.h" + -+SM3Context *SM3_NewContext(void); -+void SM3_DestroyContext(SM3Context *ctx, PRBool freeit); -+void SM3_Begin(SM3Context *ctx); -+void SM3_Update(SM3Context *ctx, const unsigned char *input, unsigned int inputLen); -+void SM3_End(SM3Context *ctx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen); -+SECStatus SM3_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length); -+SECStatus SM3_Hash(unsigned char *dest, const char *src); -+void SM3_TraceState(SM3Context *ctx); -+unsigned int SM3_FlattenSize(SM3Context *ctx); -+SECStatus SM3_Flatten(SM3Context *ctx, unsigned char *space); -+SM3Context *SM3_Resurrect(unsigned char *space, void *arg); -+void SM3_Clone(SM3Context *dest, SM3Context *src); ++struct SM3ContextStr { ++ PRUint32 A, B, C, D, E, F, G, H; ++ PRUint32 Nl, Nh; ++ PRUint8 data[64]; ++ PRUint32 num; ++}; ++ ++typedef struct SM3ContextStr SM3Context; + +#endif /* _SM3_H_ */ -- diff --git a/nss-support-SM2-signature-algorithm.patch b/Feature-nss-support-SM2-signature-algorithm.patch similarity index 73% rename from nss-support-SM2-signature-algorithm.patch rename to Feature-nss-support-SM2-signature-algorithm.patch index 04e7ca5e8bdc3c5735857fff7e1451e66bfedfa8..27e49d7a8d6102d144c4197b54dd26bc1052c01c 100644 --- a/nss-support-SM2-signature-algorithm.patch +++ b/Feature-nss-support-SM2-signature-algorithm.patch @@ -1,30 +1,31 @@ -From 730ed23bef70e1726c7d2b5ea67e5cabf59aa448 Mon Sep 17 00:00:00 2001 +From 95151bc198fb304ebaea229be32ad6c207f41887 Mon Sep 17 00:00:00 2001 From: Huaxin Lu -Date: Sun, 16 Oct 2022 05:02:53 +0800 +Date: Tue, 27 Sep 2022 20:14:27 +0800 Subject: [PATCH 4/4] nss support SM2 signature algorithm - Co-authored-by:godcansee +Co-authored-by: godcansee +Signed-off-by: Huaxin Lu --- - nss/lib/cryptohi/cryptohi.h | 2 ++ - nss/lib/cryptohi/seckey.c | 3 +++ - nss/lib/cryptohi/secsign.c | 43 +++++++++++++++++++++++++++++++++ - nss/lib/cryptohi/secvfy.c | 5 ++++ - nss/lib/freebl/ec.c | 5 +++- - nss/lib/freebl/ecdecode.c | 5 +++- - nss/lib/freebl/ecl/ecl-curve.h | 33 +++++++++++++++++++++++++ - nss/lib/freebl/ecl/ecl-exp.h | 1 + - nss/lib/freebl/freebl_base.gypi | 1 + - nss/lib/freebl/manifest.mn | 2 ++ - nss/lib/nss/nss.def | 6 +++++ - nss/lib/util/pkcs11t.h | 2 ++ - nss/lib/util/secoid.c | 4 +++ - nss/lib/util/secoidt.h | 2 ++ + lib/cryptohi/cryptohi.h | 2 ++ + lib/cryptohi/seckey.c | 3 +++ + lib/cryptohi/secsign.c | 43 +++++++++++++++++++++++++++++++++++++ + lib/cryptohi/secvfy.c | 5 +++++ + lib/freebl/ec.c | 5 ++++- + lib/freebl/ecdecode.c | 5 ++++- + lib/freebl/ecl/ecl-curve.h | 33 ++++++++++++++++++++++++++++ + lib/freebl/ecl/ecl-exp.h | 1 + + lib/freebl/freebl_base.gypi | 1 + + lib/freebl/manifest.mn | 2 ++ + lib/nss/nss.def | 6 ++++++ + lib/util/pkcs11n.h | 2 ++ + lib/util/secoid.c | 4 ++++ + lib/util/secoidt.h | 2 ++ 14 files changed, 112 insertions(+), 2 deletions(-) -diff --git a/nss/lib/cryptohi/cryptohi.h b/nss/lib/cryptohi/cryptohi.h +diff --git a/lib/cryptohi/cryptohi.h b/lib/cryptohi/cryptohi.h index 7b66f0b..4f99ef9 100644 ---- a/nss/lib/cryptohi/cryptohi.h -+++ b/nss/lib/cryptohi/cryptohi.h +--- a/lib/cryptohi/cryptohi.h ++++ b/lib/cryptohi/cryptohi.h @@ -420,6 +420,8 @@ extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, const SECAlgorithmID *algid, SECOidTag *hash, void *wincx); @@ -34,10 +35,10 @@ index 7b66f0b..4f99ef9 100644 SEC_END_PROTOS #endif /* _CRYPTOHI_H_ */ -diff --git a/nss/lib/cryptohi/seckey.c b/nss/lib/cryptohi/seckey.c +diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c index fa13bc3..4bcd43e 100644 ---- a/nss/lib/cryptohi/seckey.c -+++ b/nss/lib/cryptohi/seckey.c +--- a/lib/cryptohi/seckey.c ++++ b/lib/cryptohi/seckey.c @@ -520,6 +520,7 @@ seckey_GetKeyType(SECOidTag tag) keyType = dhKey; break; @@ -62,10 +63,10 @@ index fa13bc3..4bcd43e 100644 return 256; case SEC_OID_ANSIX962_EC_C2PNB272W1: -diff --git a/nss/lib/cryptohi/secsign.c b/nss/lib/cryptohi/secsign.c -index c46b2b1..65627ae 100644 ---- a/nss/lib/cryptohi/secsign.c -+++ b/nss/lib/cryptohi/secsign.c +diff --git a/lib/cryptohi/secsign.c b/lib/cryptohi/secsign.c +index c46b2b1..90be1d1 100644 +--- a/lib/cryptohi/secsign.c ++++ b/lib/cryptohi/secsign.c @@ -861,3 +861,46 @@ SEC_CreateSignatureAlgorithmParameters(PLArenaPool *arena, return result; } @@ -113,12 +114,11 @@ index c46b2b1..65627ae 100644 + PK11_DestroyContext(ctx, PR_TRUE); + return SECSuccess; +} -\ No newline at end of file -diff --git a/nss/lib/cryptohi/secvfy.c b/nss/lib/cryptohi/secvfy.c -index 2540a54..01362df 100644 ---- a/nss/lib/cryptohi/secvfy.c -+++ b/nss/lib/cryptohi/secvfy.c -@@ -257,6 +257,8 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg) +diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c +index 1754584..1d75bdf 100644 +--- a/lib/cryptohi/secvfy.c ++++ b/lib/cryptohi/secvfy.c +@@ -288,6 +288,8 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg) case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST: case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST: return SEC_OID_ANSIX962_EC_PUBLIC_KEY; @@ -127,7 +127,7 @@ index 2540a54..01362df 100644 /* we don't implement MD4 hashes */ case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: default: -@@ -399,6 +401,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, +@@ -430,6 +432,9 @@ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, return SECFailure; } break; @@ -137,10 +137,10 @@ index 2540a54..01362df 100644 /* we don't implement MD4 hashes */ case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION: default: -diff --git a/nss/lib/freebl/ec.c b/nss/lib/freebl/ec.c +diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c index 73a625a..bf2aea7 100644 ---- a/nss/lib/freebl/ec.c -+++ b/nss/lib/freebl/ec.c +--- a/lib/freebl/ec.c ++++ b/lib/freebl/ec.c @@ -15,6 +15,7 @@ #include "mplogic.h" #include "ec.h" @@ -160,10 +160,10 @@ index 73a625a..bf2aea7 100644 cleanup: if (kBytes) { -diff --git a/nss/lib/freebl/ecdecode.c b/nss/lib/freebl/ecdecode.c +diff --git a/lib/freebl/ecdecode.c b/lib/freebl/ecdecode.c index 652ad42..4c090d2 100644 ---- a/nss/lib/freebl/ecdecode.c -+++ b/nss/lib/freebl/ecdecode.c +--- a/lib/freebl/ecdecode.c ++++ b/lib/freebl/ecdecode.c @@ -179,7 +179,10 @@ EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams, CHECK_SEC_OK(gf_populate_params_bytes(ECCurve25519, ec_field_plain, params)); @@ -176,10 +176,10 @@ index 652ad42..4c090d2 100644 default: break; }; -diff --git a/nss/lib/freebl/ecl/ecl-curve.h b/nss/lib/freebl/ecl/ecl-curve.h +diff --git a/lib/freebl/ecl/ecl-curve.h b/lib/freebl/ecl/ecl-curve.h index fc8003f..e64fe4d 100644 ---- a/nss/lib/freebl/ecl/ecl-curve.h -+++ b/nss/lib/freebl/ecl/ecl-curve.h +--- a/lib/freebl/ecl/ecl-curve.h ++++ b/lib/freebl/ecl/ecl-curve.h @@ -206,6 +206,38 @@ static const ECCurveBytes ecCurve_25519 = { KU_KEY_AGREEMENT }; @@ -227,10 +227,10 @@ index fc8003f..e64fe4d 100644 NULL /* ECCurve_pastLastCurve */ }; -diff --git a/nss/lib/freebl/ecl/ecl-exp.h b/nss/lib/freebl/ecl/ecl-exp.h +diff --git a/lib/freebl/ecl/ecl-exp.h b/lib/freebl/ecl/ecl-exp.h index 44adb8a..d071fc9 100644 ---- a/nss/lib/freebl/ecl/ecl-exp.h -+++ b/nss/lib/freebl/ecl/ecl-exp.h +--- a/lib/freebl/ecl/ecl-exp.h ++++ b/lib/freebl/ecl/ecl-exp.h @@ -132,6 +132,7 @@ typedef enum { /* ECCurve_WTLS_12 == ECCurve_NIST_P224 */ @@ -239,10 +239,10 @@ index 44adb8a..d071fc9 100644 ECCurve_pastLastCurve } ECCurveName; -diff --git a/nss/lib/freebl/freebl_base.gypi b/nss/lib/freebl/freebl_base.gypi +diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi index 85a569f..253ce8d 100644 ---- a/nss/lib/freebl/freebl_base.gypi -+++ b/nss/lib/freebl/freebl_base.gypi +--- a/lib/freebl/freebl_base.gypi ++++ b/lib/freebl/freebl_base.gypi @@ -59,6 +59,7 @@ 'sha_fast.c', 'shvfy.c', @@ -251,10 +251,10 @@ index 85a569f..253ce8d 100644 'sysrand.c', 'tlsprfalg.c', ], -diff --git a/nss/lib/freebl/manifest.mn b/nss/lib/freebl/manifest.mn +diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn index fd3218d..2dbf7c9 100644 ---- a/nss/lib/freebl/manifest.mn -+++ b/nss/lib/freebl/manifest.mn +--- a/lib/freebl/manifest.mn ++++ b/lib/freebl/manifest.mn @@ -158,6 +158,7 @@ CSRCS = \ $(LOWHASH_SRCS) \ $(EXTRA_SRCS) \ @@ -271,10 +271,10 @@ index fd3218d..2dbf7c9 100644 $(NULL) -diff --git a/nss/lib/nss/nss.def b/nss/lib/nss/nss.def +diff --git a/lib/nss/nss.def b/lib/nss/nss.def index e87395b..2bc4965 100644 ---- a/nss/lib/nss/nss.def -+++ b/nss/lib/nss/nss.def +--- a/lib/nss/nss.def ++++ b/lib/nss/nss.def @@ -1238,3 +1238,9 @@ PK11_SlotGetLastFIPSStatus; ;+ local: ;+ *; @@ -285,23 +285,23 @@ index e87395b..2bc4965 100644 +;+ local: +;+ *; +;+}; -diff --git a/nss/lib/util/pkcs11t.h b/nss/lib/util/pkcs11t.h -index 93cb8d1..a1e3323 100644 ---- a/nss/lib/util/pkcs11t.h -+++ b/nss/lib/util/pkcs11t.h -@@ -1243,6 +1243,8 @@ typedef CK_ULONG CK_MECHANISM_TYPE; +diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h +index 9bb704c..f195077 100644 +--- a/lib/util/pkcs11n.h ++++ b/lib/util/pkcs11n.h +@@ -252,6 +252,8 @@ - /* new for TODO */ - #define CKM_SM3 0x0000402eUL -+#define CKM_SM2 0x0000402fUL -+#define CKM_SM2_WITH_SM3 0x00004030UL + /* SM algorithm (to be proposed to PKCS #11) */ + #define CKM_NSS_SM3 (CKM_NSS + 45) ++#define CKM_NSS_SM2 (CKM_NSS + 46) ++#define CKM_NSS_SM2_WITH_SM3 (CKM_NSS + 47) - #define CKM_VENDOR_DEFINED 0x80000000UL -diff --git a/nss/lib/util/secoid.c b/nss/lib/util/secoid.c -index fd620e9..d68f1b6 100644 ---- a/nss/lib/util/secoid.c -+++ b/nss/lib/util/secoid.c + /* +diff --git a/lib/util/secoid.c b/lib/util/secoid.c +index 3091d99..f5f2b12 100644 +--- a/lib/util/secoid.c ++++ b/lib/util/secoid.c @@ -606,6 +606,8 @@ CONST_OID curve25519[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01 * 1.2.156.197.1.401 */ @@ -314,16 +314,16 @@ index fd620e9..d68f1b6 100644 @@ -1801,6 +1803,8 @@ const static SECOidData oids[SEC_OID_TOTAL] = { "IPsec User", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), - OD(sm3, SEC_OID_SM3, "SM3", CKM_SM3, INVALID_CERT_EXTENSION), -+ OD(sm2, SEC_OID_SM2, "SM2", CKM_SM2, INVALID_CERT_EXTENSION), -+ OD(sm2_with_sm3, SEC_OID_SM2_WITH_SM3, "SM2_WITH_SM3", CKM_SM2_WITH_SM3, INVALID_CERT_EXTENSION), + OD(sm3, SEC_OID_SM3, "SM3", CKM_NSS_SM3, INVALID_CERT_EXTENSION), ++ OD(sm2, SEC_OID_SM2, "SM2", CKM_NSS_SM2, INVALID_CERT_EXTENSION), ++ OD(sm2_with_sm3, SEC_OID_SM2_WITH_SM3, "SM2_WITH_SM3", CKM_NSS_SM2_WITH_SM3, INVALID_CERT_EXTENSION), }; /* PRIVATE EXTENDED SECOID Table -diff --git a/nss/lib/util/secoidt.h b/nss/lib/util/secoidt.h +diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h index 984b7fb..fe49661 100644 ---- a/nss/lib/util/secoidt.h -+++ b/nss/lib/util/secoidt.h +--- a/lib/util/secoidt.h ++++ b/lib/util/secoidt.h @@ -503,6 +503,8 @@ typedef enum { SEC_OID_EXT_KEY_USAGE_IPSEC_USER = 363, diff --git a/nss-support-SM3-digest-algorithm.patch b/Feature-nss-support-SM3-digest-algorithm.patch similarity index 76% rename from nss-support-SM3-digest-algorithm.patch rename to Feature-nss-support-SM3-digest-algorithm.patch index 0702fd8efa4a7ebfd303f73264787f4dcf58ca06..c3fe17bf3a46bbbe5b7c15c5ce97718332b0edb1 100644 --- a/nss-support-SM3-digest-algorithm.patch +++ b/Feature-nss-support-SM3-digest-algorithm.patch @@ -1,37 +1,38 @@ -From 497ba4cd0fdb2ba1bd6f2fcf8a9d0ec02373fc82 Mon Sep 17 00:00:00 2001 +From 5cf8e813cd5c765f09e368f0b5f2dbd4e4c430b1 Mon Sep 17 00:00:00 2001 From: Huaxin Lu -Date: Sun, 16 Oct 2022 05:01:37 +0800 -Subject: [PATCH 3/4] nss support SM3 digest algorithm +Date: Sat, 20 Aug 2022 00:49:51 +0800 +Subject: [PATCH 2/4] nss support SM3 digest algorithm -Co-authored-by:godcansee +Co-authored-by: godcansee +Signed-off-by: Huaxin Lu --- - nss/lib/cryptohi/sechash.c | 19 +++++++ - nss/lib/freebl/blapi.h | 18 +++++++ - nss/lib/freebl/blapit.h | 4 ++ - nss/lib/freebl/freebl_base.gypi | 1 + - nss/lib/freebl/ldvector.c | 13 ++++- - nss/lib/freebl/loader.c | 90 +++++++++++++++++++++++++++++++++ - nss/lib/freebl/loader.h | 14 +++++ - nss/lib/freebl/manifest.mn | 2 + - nss/lib/freebl/rawhash.c | 12 +++++ - nss/lib/pk11wrap/pk11pars.c | 2 + - nss/lib/pk11wrap/pk11slot.c | 11 +++- - nss/lib/pk11wrap/secmod.h | 1 + - nss/lib/softoken/pkcs11.c | 1 + - nss/lib/softoken/pkcs11c.c | 1 + - nss/lib/util/hasht.h | 2 + - nss/lib/util/pkcs11t.h | 3 ++ - nss/lib/util/secoid.c | 6 +++ - nss/lib/util/secoidt.h | 2 + - nss/lib/util/utilmodt.h | 1 + - nss/lib/util/utilpars.c | 1 + - nss/lib/util/utilparst.h | 2 +- - 21 files changed, 202 insertions(+), 4 deletions(-) + lib/cryptohi/sechash.c | 19 ++++++++ + lib/freebl/blapi.h | 18 ++++++++ + lib/freebl/blapit.h | 4 ++ + lib/freebl/freebl_base.gypi | 1 + + lib/freebl/ldvector.c | 13 +++++- + lib/freebl/loader.c | 91 +++++++++++++++++++++++++++++++++++++ + lib/freebl/loader.h | 14 ++++++ + lib/freebl/manifest.mn | 2 + + lib/freebl/rawhash.c | 12 +++++ + lib/pk11wrap/pk11pars.c | 2 + + lib/pk11wrap/pk11slot.c | 11 ++++- + lib/pk11wrap/secmod.h | 1 + + lib/softoken/pkcs11.c | 1 + + lib/softoken/pkcs11c.c | 2 + + lib/util/hasht.h | 2 + + lib/util/pkcs11n.h | 4 ++ + lib/util/secoid.c | 6 +++ + lib/util/secoidt.h | 2 + + lib/util/utilmodt.h | 1 + + lib/util/utilpars.c | 1 + + lib/util/utilparst.h | 2 +- + 21 files changed, 205 insertions(+), 4 deletions(-) -diff --git a/nss/lib/cryptohi/sechash.c b/nss/lib/cryptohi/sechash.c +diff --git a/lib/cryptohi/sechash.c b/lib/cryptohi/sechash.c index 474fdff..7c4cdbf 100644 ---- a/nss/lib/cryptohi/sechash.c -+++ b/nss/lib/cryptohi/sechash.c +--- a/lib/cryptohi/sechash.c ++++ b/lib/cryptohi/sechash.c @@ -85,6 +85,12 @@ sha512_NewContext(void) return (void *)PK11_CreateDigestContext(SEC_OID_SHA512); } @@ -72,10 +73,10 @@ index 474fdff..7c4cdbf 100644 default: PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); break; -diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h +diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h index 94fd802..d53c196 100644 ---- a/nss/lib/freebl/blapi.h -+++ b/nss/lib/freebl/blapi.h +--- a/lib/freebl/blapi.h ++++ b/lib/freebl/blapi.h @@ -1484,6 +1484,24 @@ extern SECStatus SHA384_Flatten(SHA384Context *cx, unsigned char *space); extern SHA384Context *SHA384_Resurrect(unsigned char *space, void *arg); extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src); @@ -101,10 +102,10 @@ index 94fd802..d53c196 100644 /**************************************** * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function */ -diff --git a/nss/lib/freebl/blapit.h b/nss/lib/freebl/blapit.h +diff --git a/lib/freebl/blapit.h b/lib/freebl/blapit.h index 0054e17..2d400ec 100644 ---- a/nss/lib/freebl/blapit.h -+++ b/nss/lib/freebl/blapit.h +--- a/lib/freebl/blapit.h ++++ b/lib/freebl/blapit.h @@ -98,6 +98,7 @@ typedef int __BLAPI_DEPRECATED __attribute__((deprecated)); #define SHA384_LENGTH 48 /* bytes */ #define SHA512_LENGTH 64 /* bytes */ @@ -137,10 +138,10 @@ index 0054e17..2d400ec 100644 typedef struct AESKeyWrapContextStr AESKeyWrapContext; typedef struct SEEDContextStr SEEDContext; typedef struct ChaCha20ContextStr ChaCha20Context; -diff --git a/nss/lib/freebl/freebl_base.gypi b/nss/lib/freebl/freebl_base.gypi +diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi index afbffac..85a569f 100644 ---- a/nss/lib/freebl/freebl_base.gypi -+++ b/nss/lib/freebl/freebl_base.gypi +--- a/lib/freebl/freebl_base.gypi ++++ b/lib/freebl/freebl_base.gypi @@ -58,6 +58,7 @@ 'rsapkcs.c', 'sha_fast.c', @@ -149,10 +150,10 @@ index afbffac..85a569f 100644 'sysrand.c', 'tlsprfalg.c', ], -diff --git a/nss/lib/freebl/ldvector.c b/nss/lib/freebl/ldvector.c +diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c index ac3b862..67bb001 100644 ---- a/nss/lib/freebl/ldvector.c -+++ b/nss/lib/freebl/ldvector.c +--- a/lib/freebl/ldvector.c ++++ b/lib/freebl/ldvector.c @@ -376,9 +376,20 @@ static const struct FREEBLVectorStr vector = /* End of version 3.024 */ ChaCha20_InitContext, @@ -175,11 +176,11 @@ index ac3b862..67bb001 100644 }; const FREEBLVector* -diff --git a/nss/lib/freebl/loader.c b/nss/lib/freebl/loader.c -index 692a883..47e4cca 100644 ---- a/nss/lib/freebl/loader.c -+++ b/nss/lib/freebl/loader.c -@@ -2446,3 +2446,93 @@ CMAC_Destroy(CMACContext *ctx, PRBool free_it) +diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c +index 692a883..dc3a37e 100644 +--- a/lib/freebl/loader.c ++++ b/lib/freebl/loader.c +@@ -2446,3 +2446,94 @@ CMAC_Destroy(CMACContext *ctx, PRBool free_it) return; (vector->p_CMAC_Destroy)(ctx, free_it); } @@ -273,10 +274,11 @@ index 692a883..47e4cca 100644 + return NULL; + return (vector->p_SM3_Resurrect)(space, arg); +} -diff --git a/nss/lib/freebl/loader.h b/nss/lib/freebl/loader.h ++ +diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h index eb3046d..f67595e 100644 ---- a/nss/lib/freebl/loader.h -+++ b/nss/lib/freebl/loader.h +--- a/lib/freebl/loader.h ++++ b/lib/freebl/loader.h @@ -831,6 +831,20 @@ struct FREEBLVectorStr { void (*p_ChaCha20_DestroyContext)(ChaCha20Context *ctx, PRBool freeit); @@ -298,10 +300,10 @@ index eb3046d..f67595e 100644 /* Add new function pointers at the end of this struct and bump * FREEBL_VERSION at the beginning of this file. */ -diff --git a/nss/lib/freebl/manifest.mn b/nss/lib/freebl/manifest.mn +diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn index 9dac210..fd3218d 100644 ---- a/nss/lib/freebl/manifest.mn -+++ b/nss/lib/freebl/manifest.mn +--- a/lib/freebl/manifest.mn ++++ b/lib/freebl/manifest.mn @@ -157,6 +157,7 @@ CSRCS = \ $(STUBS_SRCS) \ $(LOWHASH_SRCS) \ @@ -318,10 +320,10 @@ index 9dac210..fd3218d 100644 $(NULL) -diff --git a/nss/lib/freebl/rawhash.c b/nss/lib/freebl/rawhash.c +diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c index 551727b..c74cbbc 100644 ---- a/nss/lib/freebl/rawhash.c -+++ b/nss/lib/freebl/rawhash.c +--- a/lib/freebl/rawhash.c ++++ b/lib/freebl/rawhash.c @@ -141,6 +141,18 @@ const SECHashObject SECRawHashObjects[] = { HASH_AlgSHA224, (void (*)(void *, unsigned char *, unsigned int *, @@ -341,10 +343,10 @@ index 551727b..c74cbbc 100644 }; const SECHashObject * -diff --git a/nss/lib/pk11wrap/pk11pars.c b/nss/lib/pk11wrap/pk11pars.c +diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c index 23e5af3..c127309 100644 ---- a/nss/lib/pk11wrap/pk11pars.c -+++ b/nss/lib/pk11wrap/pk11pars.c +--- a/lib/pk11wrap/pk11pars.c ++++ b/lib/pk11wrap/pk11pars.c @@ -338,6 +338,8 @@ static const oidValDef hashOptList[] = { { CIPHER_NAME("SHA384"), SEC_OID_SHA384, NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE }, @@ -354,15 +356,15 @@ index 23e5af3..c127309 100644 NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SIGNATURE } }; -diff --git a/nss/lib/pk11wrap/pk11slot.c b/nss/lib/pk11wrap/pk11slot.c -index c320019..26916b2 100644 ---- a/nss/lib/pk11wrap/pk11slot.c -+++ b/nss/lib/pk11wrap/pk11slot.c +diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c +index c320019..41a326b 100644 +--- a/lib/pk11wrap/pk11slot.c ++++ b/lib/pk11wrap/pk11slot.c @@ -51,6 +51,7 @@ const PK11DefaultArrayEntry PK11_DefaultArray[] = { { "SHA512", SECMOD_SHA512_FLAG, CKM_SHA512 }, { "MD5", SECMOD_MD5_FLAG, CKM_MD5 }, { "MD2", SECMOD_MD2_FLAG, CKM_MD2 }, -+ { "SM3", SECMOD_SM3_FLAG, CKM_SM3 }, ++ { "SM3", SECMOD_SM3_FLAG, CKM_NSS_SM3 }, { "SSL", SECMOD_SSL_FLAG, CKM_SSL3_PRE_MASTER_KEY_GEN }, { "TLS", SECMOD_TLS_FLAG, CKM_TLS_MASTER_KEY_DERIVE }, { "SKIPJACK", SECMOD_FORTEZZA_FLAG, CKM_SKIPJACK_CBC64 }, @@ -396,7 +398,7 @@ index c320019..26916b2 100644 return &pk11_md5SlotList; case CKM_MD2: return &pk11_md2SlotList; -+ case CKM_SM3: ++ case CKM_NSS_SM3: + return &pk11_sm3SlotList; case CKM_RC2_ECB: case CKM_RC2_CBC: @@ -407,14 +409,14 @@ index c320019..26916b2 100644 (type[i] != CKM_MD5) && - (type[i] != CKM_MD2)) { + (type[i] != CKM_MD2) && -+ (type[i] != CKM_SM3)) { ++ (type[i] != CKM_NSS_SM3)) { listNeedLogin = PR_TRUE; break; } -diff --git a/nss/lib/pk11wrap/secmod.h b/nss/lib/pk11wrap/secmod.h +diff --git a/lib/pk11wrap/secmod.h b/lib/pk11wrap/secmod.h index fcc7707..dbc58e8 100644 ---- a/nss/lib/pk11wrap/secmod.h -+++ b/nss/lib/pk11wrap/secmod.h +--- a/lib/pk11wrap/secmod.h ++++ b/lib/pk11wrap/secmod.h @@ -29,6 +29,7 @@ #define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul #define PUBLIC_MECH_SEED_FLAG 0x00020000ul @@ -423,34 +425,35 @@ index fcc7707..dbc58e8 100644 #define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul #define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul -diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c -index 3f49333..e0b3e2e 100644 ---- a/nss/lib/softoken/pkcs11.c -+++ b/nss/lib/softoken/pkcs11.c +diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c +index 3f49333..323b2e2 100644 +--- a/lib/softoken/pkcs11.c ++++ b/lib/softoken/pkcs11.c @@ -452,6 +452,7 @@ static const struct mechanismList mechanisms[] = { { CKM_NSS_TLS_PRF_GENERAL_SHA256, { 0, 512, CKF_SN_VR }, PR_FALSE }, -+ { CKM_SM3, { 0, 0, CKF_DIGEST }, PR_FALSE }, ++ { CKM_NSS_SM3, { 0, 0, CKF_DIGEST }, PR_FALSE }, /* ------------------------- HKDF Operations -------------------------- */ { CKM_HKDF_DERIVE, { 1, 255 * 64, CKF_DERIVE }, PR_TRUE }, { CKM_HKDF_DATA, { 1, 255 * 64, CKF_DERIVE }, PR_TRUE }, -diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c -index 201a0c7..c6f1e0a 100644 ---- a/nss/lib/softoken/pkcs11c.c -+++ b/nss/lib/softoken/pkcs11c.c -@@ -1939,6 +1939,7 @@ NSC_DigestInit(CK_SESSION_HANDLE hSession, +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +index 201a0c7..813f4d7 100644 +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -1939,6 +1939,8 @@ NSC_DigestInit(CK_SESSION_HANDLE hSession, INIT_MECH(SHA256) INIT_MECH(SHA384) INIT_MECH(SHA512) ++#define CKM_SM3 CKM_NSS_SM3 + INIT_MECH(SM3) default: crv = CKR_MECHANISM_INVALID; -diff --git a/nss/lib/util/hasht.h b/nss/lib/util/hasht.h +diff --git a/lib/util/hasht.h b/lib/util/hasht.h index 536d34c..556c6ba 100644 ---- a/nss/lib/util/hasht.h -+++ b/nss/lib/util/hasht.h +--- a/lib/util/hasht.h ++++ b/lib/util/hasht.h @@ -24,6 +24,7 @@ typedef enum { HASH_AlgSHA384 = 5, HASH_AlgSHA512 = 6, @@ -467,24 +470,25 @@ index 536d34c..556c6ba 100644 #define HASH_LENGTH_MAX SHA512_LENGTH /* -diff --git a/nss/lib/util/pkcs11t.h b/nss/lib/util/pkcs11t.h -index 2e3218e..93cb8d1 100644 ---- a/nss/lib/util/pkcs11t.h -+++ b/nss/lib/util/pkcs11t.h -@@ -1241,6 +1241,9 @@ typedef CK_ULONG CK_MECHANISM_TYPE; - #define CKM_HKDF_KEY_GEN 0x0000402cUL - #define CKM_SALSA20_KEY_GEN 0x0000402dUL +diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h +index 9a8126a..9bb704c 100644 +--- a/lib/util/pkcs11n.h ++++ b/lib/util/pkcs11n.h +@@ -250,6 +250,10 @@ + #define CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA (CKM_NSS + 43) + #define CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA (CKM_NSS + 44) -+/* new for TODO */ -+#define CKM_SM3 0x0000402eUL ++/* SM algorithm (to be proposed to PKCS #11) */ ++#define CKM_NSS_SM3 (CKM_NSS + 45) + - #define CKM_VENDOR_DEFINED 0x80000000UL - - typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; -diff --git a/nss/lib/util/secoid.c b/nss/lib/util/secoid.c -index b10f859..fd620e9 100644 ---- a/nss/lib/util/secoid.c -+++ b/nss/lib/util/secoid.c ++ + /* + * HISTORICAL: + * Do not attempt to use these. They are only used by NSS's internal +diff --git a/lib/util/secoid.c b/lib/util/secoid.c +index b10f859..3091d99 100644 +--- a/lib/util/secoid.c ++++ b/lib/util/secoid.c @@ -602,6 +602,11 @@ CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 }; */ CONST_OID curve25519[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01 }; @@ -501,14 +505,14 @@ index b10f859..fd620e9 100644 SEC_OID_EXT_KEY_USAGE_IPSEC_USER, "IPsec User", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), -+ OD(sm3, SEC_OID_SM3, "SM3", CKM_SM3, INVALID_CERT_EXTENSION), ++ OD(sm3, SEC_OID_SM3, "SM3", CKM_NSS_SM3, INVALID_CERT_EXTENSION), }; /* PRIVATE EXTENDED SECOID Table -diff --git a/nss/lib/util/secoidt.h b/nss/lib/util/secoidt.h +diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h index 2b7eb21..984b7fb 100644 ---- a/nss/lib/util/secoidt.h -+++ b/nss/lib/util/secoidt.h +--- a/lib/util/secoidt.h ++++ b/lib/util/secoidt.h @@ -502,6 +502,8 @@ typedef enum { SEC_OID_EXT_KEY_USAGE_IPSEC_TUNNEL = 362, SEC_OID_EXT_KEY_USAGE_IPSEC_USER = 363, @@ -518,10 +522,10 @@ index 2b7eb21..984b7fb 100644 SEC_OID_TOTAL } SECOidTag; -diff --git a/nss/lib/util/utilmodt.h b/nss/lib/util/utilmodt.h +diff --git a/lib/util/utilmodt.h b/lib/util/utilmodt.h index e1555f3..cc927dd 100644 ---- a/nss/lib/util/utilmodt.h -+++ b/nss/lib/util/utilmodt.h +--- a/lib/util/utilmodt.h ++++ b/lib/util/utilmodt.h @@ -28,6 +28,7 @@ #define SECMOD_CAMELLIA_FLAG 0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */ #define SECMOD_SEED_FLAG 0x00020000L @@ -530,10 +534,10 @@ index e1555f3..cc927dd 100644 /* reserved bit for future, do not use */ #define SECMOD_RESERVED_FLAG 0X08000000L #define SECMOD_FRIENDLY_FLAG 0x10000000L -diff --git a/nss/lib/util/utilpars.c b/nss/lib/util/utilpars.c +diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c index c248aa6..56ede24 100644 ---- a/nss/lib/util/utilpars.c -+++ b/nss/lib/util/utilpars.c +--- a/lib/util/utilpars.c ++++ b/lib/util/utilpars.c @@ -607,6 +607,7 @@ static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = { NSSUTIL_ARG_ENTRY(AES, SECMOD_AES_FLAG), NSSUTIL_ARG_ENTRY(Camellia, SECMOD_CAMELLIA_FLAG), @@ -542,10 +546,10 @@ index c248aa6..56ede24 100644 NSSUTIL_ARG_ENTRY(PublicCerts, SECMOD_FRIENDLY_FLAG), NSSUTIL_ARG_ENTRY(RANDOM, SECMOD_RANDOM_FLAG), NSSUTIL_ARG_ENTRY(Disable, SECMOD_DISABLE_FLAG), -diff --git a/nss/lib/util/utilparst.h b/nss/lib/util/utilparst.h +diff --git a/lib/util/utilparst.h b/lib/util/utilparst.h index 5dda090..7a4c9f7 100644 ---- a/nss/lib/util/utilparst.h -+++ b/nss/lib/util/utilparst.h +--- a/lib/util/utilparst.h ++++ b/lib/util/utilparst.h @@ -43,7 +43,7 @@ #define NSSUTIL_DEFAULT_INTERNAL_INIT3 \ " askpw=any timeout=30})\"" diff --git a/nss-add-implement-of-SM2-signature-algorithm.patch b/nss-add-implement-of-SM2-signature-algorithm.patch deleted file mode 100644 index 2705cd543d4214e4d730e33af7bbb9be4f20e69d..0000000000000000000000000000000000000000 --- a/nss-add-implement-of-SM2-signature-algorithm.patch +++ /dev/null @@ -1,876 +0,0 @@ -From 347a578fa37bb49aee76d8435fd5f0f34875a34e Mon Sep 17 00:00:00 2001 -From: godcansee -Date: Sun, 16 Oct 2022 05:00:04 +0800 -Subject: [PATCH 2/4] nss add implement of SM2 signature algorithm - -Co-authored-by:Huaxin Lu ---- - nss/lib/freebl/sm2.c | 823 +++++++++++++++++++++++++++++++++++++++++++ - nss/lib/freebl/sm2.h | 23 ++ - 2 files changed, 846 insertions(+) - create mode 100644 nss/lib/freebl/sm2.c - create mode 100644 nss/lib/freebl/sm2.h - -diff --git a/nss/lib/freebl/sm2.c b/nss/lib/freebl/sm2.c -new file mode 100644 -index 0000000..0ea85bc ---- /dev/null -+++ b/nss/lib/freebl/sm2.c -@@ -0,0 +1,823 @@ -+/* -+ * Copyright 2022 The GmSSL Project. All Rights Reserved. -+ * -+ * Licensed under the Apache License, Version 2.0 (the License); you may -+ * not use this file except in compliance with the License. -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ */ -+ -+#include "sm2.h" -+ -+ -+#define GETU32(p) ((PRUint32)(p)[0] << 24 | (PRUint32)(p)[1] << 16 | (PRUint32)(p)[2] << 8 | (PRUint32)(p)[3]) -+#define PUTU32(p,V) ((p)[0] = (PRUint8)((V) >> 24), (p)[1] = (PRUint8)((V) >> 16), (p)[2] = (PRUint8)((V) >> 8), (p)[3] = (PRUint8)(V)) -+ -+#define sm2_bn_init(r) memset((r),0,sizeof(SM2_BN)) -+#define sm2_bn_set_zero(r) memset((r),0,sizeof(SM2_BN)) -+#define sm2_bn_set_one(r) sm2_bn_set_word((r),1) -+#define sm2_bn_copy(r,a) memcpy((r),(a),sizeof(SM2_BN)) -+#define sm2_bn_clean(r) memset((r),0,sizeof(SM2_BN)) -+ -+#define sm2_fp_init(r) sm2_bn_init(r) -+#define sm2_fp_set_zero(r) sm2_bn_set_zero(r) -+#define sm2_fp_set_one(r) sm2_bn_set_one(r) -+#define sm2_fp_copy(r,a) sm2_bn_copy(r,a) -+#define sm2_fp_clean(r) sm2_bn_clean(r) -+ -+#define sm2_fn_init(r) sm2_bn_init(r) -+#define sm2_fn_set_zero(r) sm2_bn_set_zero(r) -+#define sm2_fn_set_one(r) sm2_bn_set_one(r) -+#define sm2_fn_copy(r,a) sm2_bn_copy(r,a) -+#define sm2_fn_clean(r) sm2_bn_clean(r) -+ -+#define sm2_jacobian_point_set_infinity(R) sm2_jacobian_point_init(R) -+#define sm2_jacobian_point_copy(R, P) memcpy((R), (P), sizeof(SM2_JACOBIAN_POINT)) -+ -+#define SM2_POINT_MAX_SIZE (2 + 65) -+ -+typedef PRUint64 SM2_BN[8]; -+ -+typedef SM2_BN SM2_Fp; -+typedef SM2_BN SM2_Fn; -+ -+typedef struct { -+ SM2_BN X; -+ SM2_BN Y; -+ SM2_BN Z; -+} SM2_JACOBIAN_POINT; -+ -+typedef struct { -+ PRUint8 x[32]; -+ PRUint8 y[32]; -+} SM2_POINT; -+ -+const SM2_BN SM2_P = { -+ 0xffffffff, 0xffffffff, 0x00000000, 0xffffffff, -+ 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, -+}; -+ -+const SM2_BN SM2_A = { -+ 0xfffffffc, 0xffffffff, 0x00000000, 0xffffffff, -+ 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, -+}; -+ -+const SM2_BN SM2_B = { -+ 0x4d940e93, 0xddbcbd41, 0x15ab8f92, 0xf39789f5, -+ 0xcf6509a7, 0x4d5a9e4b, 0x9d9f5e34, 0x28e9fa9e, -+}; -+ -+const SM2_JACOBIAN_POINT _SM2_G = { -+ { -+ 0x334c74c7, 0x715a4589, 0xf2660be1, 0x8fe30bbf, -+ 0x6a39c994, 0x5f990446, 0x1f198119, 0x32c4ae2c, -+ }, -+ { -+ 0x2139f0a0, 0x02df32e5, 0xc62a4740, 0xd0a9877c, -+ 0x6b692153, 0x59bdcee3, 0xf4f6779c, 0xbc3736a2, -+ }, -+ { -+ 1, 0, 0, 0, 0, 0, 0, 0, -+ }, -+}; -+const SM2_JACOBIAN_POINT* SM2_G = &_SM2_G; -+ -+const SM2_BN SM2_N = { -+ 0x39d54123, 0x53bbf409, 0x21c6052b, 0x7203df6b, -+ 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, -+}; -+ -+const SM2_BN SM2_ONE = { 1,0,0,0,0,0,0,0 }; -+const SM2_BN SM2_TWO = { 2,0,0,0,0,0,0,0 }; -+const SM2_BN SM2_THREE = { 3,0,0,0,0,0,0,0 }; -+ -+ -+int rand_bytes(PRUint8* buf, int len) -+{ -+ FILE* fp; -+ if (!buf) { -+ return -1; -+ } -+ if (len > 4096) { -+ return -1; -+ } -+ if (!len) { -+ return 0; -+ } -+ -+ if (!(fp = fopen("/dev/urandom", "rb"))) { -+ return -1; -+ } -+ if (fread(buf, 1, len, fp) != len) { -+ fclose(fp); -+ return -1; -+ } -+ fclose(fp); -+ return 1; -+} -+ -+int sm2_bn_is_zero(const SM2_BN a) -+{ -+ int i; -+ for (i = 0; i < 8; i++) { -+ if (a[i] != 0) -+ return 0; -+ } -+ return 1; -+} -+ -+int sm2_bn_is_one(const SM2_BN a) -+{ -+ int i; -+ if (a[0] != 1) -+ return 0; -+ for (i = 1; i < 8; i++) { -+ if (a[i] != 0) -+ return 0; -+ } -+ return 1; -+} -+ -+void sm2_bn_to_bytes(const SM2_BN a, PRUint8 out[32]) -+{ -+ int i; -+ for (i = 7; i >= 0; i--) { -+ PRUint32 ai = (PRUint32)a[i]; -+ PUTU32(out, ai); -+ out += sizeof(PRUint32); -+ } -+} -+ -+void sm2_bn_from_bytes(SM2_BN r, const PRUint8 in[32]) -+{ -+ int i; -+ for (i = 7; i >= 0; i--) { -+ r[i] = GETU32(in); -+ in += sizeof(PRUint32); -+ } -+} -+ -+void sm2_bn_to_bits(const SM2_BN a, char bits[256]) -+{ -+ int i, j; -+ for (i = 7; i >= 0; i--) { -+ PRUint32 w = a[i]; -+ for (j = 0; j < 32; j++) { -+ *bits++ = (w & 0x80000000) ? '1' : '0'; -+ w <<= 1; -+ } -+ } -+} -+ -+int sm2_bn_cmp(const SM2_BN a, const SM2_BN b) -+{ -+ int i; -+ for (i = 7; i >= 0; i--) { -+ if (a[i] > b[i]) -+ return 1; -+ if (a[i] < b[i]) -+ return -1; -+ } -+ return 0; -+} -+ -+void sm2_bn_set_word(SM2_BN r, PRUint32 a) -+{ -+ int i; -+ r[0] = a; -+ for (i = 1; i < 8; i++) { -+ r[i] = 0; -+ } -+} -+ -+void sm2_bn_add(SM2_BN r, const SM2_BN a, const SM2_BN b) -+{ -+ int i; -+ r[0] = a[0] + b[0]; -+ -+ for (i = 1; i < 8; i++) { -+ r[i] = a[i] + b[i] + (r[i - 1] >> 32); -+ } -+ for (i = 0; i < 7; i++) { -+ r[i] &= 0xffffffff; -+ } -+} -+ -+void sm2_bn_sub(SM2_BN ret, const SM2_BN a, const SM2_BN b) -+{ -+ int i; -+ SM2_BN r; -+ r[0] = ((PRUint64)1 << 32) + a[0] - b[0]; -+ for (i = 1; i < 7; i++) { -+ r[i] = 0xffffffff + a[i] - b[i] + (r[i - 1] >> 32); -+ r[i - 1] &= 0xffffffff; -+ } -+ r[i] = a[i] - b[i] + (r[i - 1] >> 32) - 1; -+ r[i - 1] &= 0xffffffff; -+ sm2_bn_copy(ret, r); -+} -+ -+void sm2_bn_rand_range(SM2_BN r, const SM2_BN range) -+{ -+ PRUint8 buf[32]; -+ do { -+ (void)rand_bytes(buf, sizeof(buf)); -+ sm2_bn_from_bytes(r, buf); -+ } while (sm2_bn_cmp(r, range) >= 0); -+} -+ -+void sm2_fp_add(SM2_Fp r, const SM2_Fp a, const SM2_Fp b) -+{ -+ sm2_bn_add(r, a, b); -+ if (sm2_bn_cmp(r, SM2_P) >= 0) { -+ sm2_bn_sub(r, r, SM2_P); -+ } -+} -+ -+void sm2_fp_sub(SM2_Fp r, const SM2_Fp a, const SM2_Fp b) -+{ -+ if (sm2_bn_cmp(a, b) >= 0) { -+ sm2_bn_sub(r, a, b); -+ } -+ else { -+ SM2_BN t; -+ sm2_bn_sub(t, SM2_P, b); -+ sm2_bn_add(r, t, a); -+ } -+} -+ -+void sm2_fp_dbl(SM2_Fp r, const SM2_Fp a) -+{ -+ sm2_fp_add(r, a, a); -+} -+ -+void sm2_fp_tri(SM2_Fp r, const SM2_Fp a) -+{ -+ SM2_BN t; -+ sm2_fp_dbl(t, a); -+ sm2_fp_add(r, t, a); -+} -+ -+void sm2_fp_div2(SM2_Fp r, const SM2_Fp a) -+{ -+ int i; -+ sm2_bn_copy(r, a); -+ if (r[0] & 0x01) { -+ sm2_bn_add(r, r, SM2_P); -+ } -+ for (i = 0; i < 7; i++) { -+ r[i] = (r[i] >> 1) | ((r[i + 1] & 0x01) << 31); -+ } -+ r[i] >>= 1; -+} -+ -+void sm2_fp_mul(SM2_Fp r, const SM2_Fp a, const SM2_Fp b) -+{ -+ int i, j; -+ PRUint64 s[16] = { 0 }; -+ SM2_BN d = { 0 }; -+ PRUint64 u; -+ -+ for (i = 0; i < 8; i++) { -+ u = 0; -+ for (j = 0; j < 8; j++) { -+ u = s[i + j] + a[i] * b[j] + u; -+ s[i + j] = u & 0xffffffff; -+ u >>= 32; -+ } -+ s[i + 8] = u; -+ } -+ -+ r[0] = s[0] + s[8] + s[9] + s[10] + s[11] + s[12] + ((s[13] + s[14] + s[15]) << 1); -+ r[1] = s[1] + s[9] + s[10] + s[11] + s[12] + s[13] + ((s[14] + s[15]) << 1); -+ r[2] = s[2]; -+ r[3] = s[3] + s[8] + s[11] + s[12] + s[14] + s[15] + (s[13] << 1); -+ r[4] = s[4] + s[9] + s[12] + s[13] + s[15] + (s[14] << 1); -+ r[5] = s[5] + s[10] + s[13] + s[14] + (s[15] << 1); -+ r[6] = s[6] + s[11] + s[14] + s[15]; -+ r[7] = s[7] + s[8] + s[9] + s[10] + s[11] + s[15] + ((s[12] + s[13] + s[14] + s[15]) << 1); -+ -+ for (i = 1; i < 8; i++) { -+ r[i] += r[i - 1] >> 32; -+ r[i - 1] &= 0xffffffff; -+ } -+ -+ d[2] = s[8] + s[9] + s[13] + s[14]; -+ d[3] = d[2] >> 32; -+ d[2] &= 0xffffffff; -+ sm2_bn_sub(r, r, d); -+ -+ while (sm2_bn_cmp(r, SM2_P) >= 0) { -+ sm2_bn_sub(r, r, SM2_P); -+ } -+} -+ -+void sm2_fp_sqr(SM2_Fp r, const SM2_Fp a) -+{ -+ sm2_fp_mul(r, a, a); -+} -+ -+void sm2_fp_inv(SM2_Fp r, const SM2_Fp a) -+{ -+ SM2_BN a1; -+ SM2_BN a2; -+ SM2_BN a3; -+ SM2_BN a4; -+ SM2_BN a5; -+ int i; -+ -+ sm2_fp_sqr(a1, a); -+ sm2_fp_mul(a2, a1, a); -+ sm2_fp_sqr(a3, a2); -+ sm2_fp_sqr(a3, a3); -+ sm2_fp_mul(a3, a3, a2); -+ sm2_fp_sqr(a4, a3); -+ sm2_fp_sqr(a4, a4); -+ sm2_fp_sqr(a4, a4); -+ sm2_fp_sqr(a4, a4); -+ sm2_fp_mul(a4, a4, a3); -+ sm2_fp_sqr(a5, a4); -+ for (i = 1; i < 8; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a5, a5, a4); -+ for (i = 0; i < 8; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a5, a5, a4); -+ for (i = 0; i < 4; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a5, a5, a3); -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a5, a5, a2); -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a5, a5, a); -+ sm2_fp_sqr(a4, a5); -+ sm2_fp_mul(a3, a4, a1); -+ sm2_fp_sqr(a5, a4); -+ for (i = 1; i < 31; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a4, a5, a4); -+ sm2_fp_sqr(a4, a4); -+ sm2_fp_mul(a4, a4, a); -+ sm2_fp_mul(a3, a4, a2); -+ for (i = 0; i < 33; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a2, a5, a3); -+ sm2_fp_mul(a3, a2, a3); -+ for (i = 0; i < 32; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a2, a5, a3); -+ sm2_fp_mul(a3, a2, a3); -+ sm2_fp_mul(a4, a2, a4); -+ for (i = 0; i < 32; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a2, a5, a3); -+ sm2_fp_mul(a3, a2, a3); -+ sm2_fp_mul(a4, a2, a4); -+ for (i = 0; i < 32; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a2, a5, a3); -+ sm2_fp_mul(a3, a2, a3); -+ sm2_fp_mul(a4, a2, a4); -+ for (i = 0; i < 32; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(a2, a5, a3); -+ sm2_fp_mul(a3, a2, a3); -+ sm2_fp_mul(a4, a2, a4); -+ for (i = 0; i < 32; i++) -+ sm2_fp_sqr(a5, a5); -+ sm2_fp_mul(r, a4, a5); -+ -+ sm2_bn_clean(a1); -+ sm2_bn_clean(a2); -+ sm2_bn_clean(a3); -+ sm2_bn_clean(a4); -+ sm2_bn_clean(a5); -+} -+ -+void sm2_fn_add(SM2_Fn r, const SM2_Fn a, const SM2_Fn b) -+{ -+ sm2_bn_add(r, a, b); -+ if (sm2_bn_cmp(r, SM2_N) >= 0) { -+ sm2_bn_sub(r, r, SM2_N); -+ } -+} -+ -+void sm2_fn_sub(SM2_Fn r, const SM2_Fn a, const SM2_Fn b) -+{ -+ if (sm2_bn_cmp(a, b) >= 0) { -+ sm2_bn_sub(r, a, b); -+ } -+ else { -+ SM2_BN t; -+ sm2_bn_add(t, a, SM2_N); -+ sm2_bn_sub(r, t, b); -+ } -+} -+ -+/* barrett reduction */ -+static int sm2_bn288_cmp(const PRUint64 a[9], const PRUint64 b[9]) -+{ -+ int i; -+ for (i = 8; i >= 0; i--) { -+ if (a[i] > b[i]) -+ return 1; -+ if (a[i] < b[i]) -+ return -1; -+ } -+ return 0; -+} -+ -+static void sm2_bn288_add(PRUint64 r[9], const PRUint64 a[9], const PRUint64 b[9]) -+{ -+ int i; -+ r[0] = a[0] + b[0]; -+ for (i = 1; i < 9; i++) { -+ r[i] = a[i] + b[i] + (r[i - 1] >> 32); -+ } -+ for (i = 0; i < 8; i++) { -+ r[i] &= 0xffffffff; -+ } -+} -+ -+static void sm2_bn288_sub(PRUint64 ret[9], const PRUint64 a[9], const PRUint64 b[9]) -+{ -+ int i; -+ PRUint64 r[9]; -+ -+ r[0] = ((PRUint64)1 << 32) + a[0] - b[0]; -+ for (i = 1; i < 8; i++) { -+ r[i] = 0xffffffff + a[i] - b[i] + (r[i - 1] >> 32); -+ r[i - 1] &= 0xffffffff; -+ } -+ r[i] = a[i] - b[i] + (r[i - 1] >> 32) - 1; -+ r[i - 1] &= 0xffffffff; -+ -+ for (i = 0; i < 9; i++) { -+ ret[i] = r[i]; -+ } -+} -+ -+void sm2_fn_mul(SM2_BN r, const SM2_BN a, const SM2_BN b) -+{ -+ static const PRUint64 mu[8] = { -+ 0xf15149a0, 0x12ac6361, 0xfa323c01, 0x8dfc2096, -+ 1, 1, 1, 0x100000001, -+ }; // only for N=FFFFFFFE FFFFFFFF FFFFFFFF FFFFFFFF 7203DF6B 21C6052B 53BBF409 39D54123 -+ -+ PRUint64 s[17]; -+ PRUint64 zh[9]; -+ PRUint64 zl[9]; -+ PRUint64 q[9]; -+ PRUint64 w; -+ int i, j; -+ -+ /* z = a * b */ -+ for (i = 0; i < 8; i++) { -+ s[i] = 0; -+ } -+ for (i = 0; i < 8; i++) { -+ w = 0; -+ for (j = 0; j < 8; j++) { -+ w += s[i + j] + a[i] * b[j]; -+ s[i + j] = w & 0xffffffff; -+ w >>= 32; -+ } -+ s[i + 8] = w; -+ } -+ -+ /* zl = z mod (2^32)^9 = z[0..8] zh = z / (2^32)^7 = z[7..15] */ -+ for (i = 0; i < 9; i++) { -+ zl[i] = s[i]; -+ zh[i] = s[7 + i]; -+ } -+ -+ /* q = zh * mu / (2^32)^9 */ -+ for (i = 0; i < 9; i++) { -+ s[i] = 0; -+ } -+ for (i = 0; i < 9; i++) { -+ w = 0; -+ for (j = 0; j < 8; j++) { -+ w += s[i + j] + zh[i] * mu[j]; -+ s[i + j] = w & 0xffffffff; -+ w >>= 32; -+ } -+ s[i + 8] = w; -+ } -+ for (i = 0; i < 8; i++) { -+ q[i] = s[9 + i]; -+ } -+ -+ /* q = q * n mod (2^32)^9 */ -+ for (i = 0; i < 8; i++) { -+ s[i] = 0; -+ } -+ for (i = 0; i < 8; i++) { -+ w = 0; -+ for (j = 0; j < 8; j++) { -+ w += s[i + j] + q[i] * SM2_N[j]; -+ s[i + j] = w & 0xffffffff; -+ w >>= 32; -+ } -+ s[i + 8] = w; -+ } -+ for (i = 0; i < 9; i++) { -+ q[i] = s[i]; -+ } -+ -+ /* r = zl - q (mod (2^32)^9) */ -+ if (sm2_bn288_cmp(zl, q)) { -+ sm2_bn288_sub(zl, zl, q); -+ } -+ else { -+ PRUint64 c[9] = { 0,0,0,0,0,0,0,0,0x100000000 }; -+ sm2_bn288_sub(q, c, q); -+ sm2_bn288_add(zl, q, zl); -+ } -+ -+ for (i = 0; i < 8; i++) { -+ r[i] = zl[i]; -+ } -+ r[7] += zl[8] << 32; -+ -+ /* if r >= p do: r = r - n */ -+ while (sm2_bn_cmp(r, SM2_N) >= 0) { -+ sm2_bn_sub(r, r, SM2_N); -+ } -+} -+ -+void sm2_fn_sqr(SM2_BN r, const SM2_BN a) -+{ -+ sm2_fn_mul(r, a, a); -+} -+ -+void sm2_fn_exp(SM2_BN r, const SM2_BN a, const SM2_BN e) -+{ -+ SM2_BN t; -+ PRUint32 w; -+ int i, j; -+ -+ sm2_bn_set_one(t); -+ for (i = 7; i >= 0; i--) { -+ w = (PRUint32)e[i]; -+ for (j = 0; j < 32; j++) { -+ sm2_fn_sqr(t, t); -+ if (w & 0x80000000) { -+ sm2_fn_mul(t, t, a); -+ } -+ w <<= 1; -+ } -+ } -+ -+ sm2_bn_copy(r, t); -+} -+ -+void sm2_fn_inv(SM2_BN r, const SM2_BN a) -+{ -+ SM2_BN e; -+ sm2_bn_sub(e, SM2_N, SM2_TWO); -+ sm2_fn_exp(r, a, e); -+} -+ -+void sm2_fn_rand(SM2_BN r) -+{ -+ sm2_bn_rand_range(r, SM2_N); -+} -+ -+void sm2_jacobian_point_init(SM2_JACOBIAN_POINT* R) -+{ -+ memset(R, 0, sizeof(SM2_JACOBIAN_POINT)); -+ R->X[0] = 1; -+ R->Y[0] = 1; -+} -+ -+int sm2_jacobian_point_is_at_infinity(const SM2_JACOBIAN_POINT* P) -+{ -+ return sm2_bn_is_zero(P->Z); -+} -+ -+void sm2_jacobian_point_set_xy(SM2_JACOBIAN_POINT* R, const SM2_BN x, const SM2_BN y) -+{ -+ sm2_bn_copy(R->X, x); -+ sm2_bn_copy(R->Y, y); -+ sm2_bn_set_one(R->Z); -+} -+ -+void sm2_jacobian_point_get_xy(const SM2_JACOBIAN_POINT* P, SM2_BN x, SM2_BN y) -+{ -+ SM2_BN z_inv; -+ -+ if (sm2_bn_is_one(P->Z)) { -+ sm2_bn_copy(x, P->X); -+ sm2_bn_copy(y, P->Y); -+ } -+ else { -+ sm2_fp_inv(z_inv, P->Z); -+ if (y) -+ sm2_fp_mul(y, P->Y, z_inv); -+ sm2_fp_sqr(z_inv, z_inv); -+ sm2_fp_mul(x, P->X, z_inv); -+ if (y) -+ sm2_fp_mul(y, y, z_inv); -+ } -+} -+ -+void sm2_jacobian_point_dbl(SM2_JACOBIAN_POINT* R, const SM2_JACOBIAN_POINT* P) -+{ -+ const PRUint64* X1 = P->X; -+ const PRUint64* Y1 = P->Y; -+ const PRUint64* Z1 = P->Z; -+ SM2_BN T1; -+ SM2_BN T2; -+ SM2_BN T3; -+ SM2_BN X3; -+ SM2_BN Y3; -+ SM2_BN Z3; -+ -+ if (sm2_jacobian_point_is_at_infinity(P)) { -+ sm2_jacobian_point_copy(R, P); -+ return; -+ } -+ -+ sm2_fp_sqr(T1, Z1); //T1 = Z1^2 -+ sm2_fp_sub(T2, X1, T1); //T2 = X1 - T1 -+ sm2_fp_add(T1, X1, T1); //T1 = X1 + T1 -+ sm2_fp_mul(T2, T2, T1); //T2 = T2 * T1 -+ sm2_fp_tri(T2, T2); //T2 = 3 * T2 -+ sm2_fp_dbl(Y3, Y1); //Y3 = 2 * Y1 -+ sm2_fp_mul(Z3, Y3, Z1); //Z3 = Y3 * Z1 -+ sm2_fp_sqr(Y3, Y3); //Y3 = Y3^2 -+ sm2_fp_mul(T3, Y3, X1); //T3 = Y3 * X1 -+ sm2_fp_sqr(Y3, Y3); //Y3 = Y3^2 -+ sm2_fp_div2(Y3, Y3); //Y3 = Y3/2 -+ sm2_fp_sqr(X3, T2); //X3 = T2^2 -+ sm2_fp_dbl(T1, T3); //T1 = 2 * T1 -+ sm2_fp_sub(X3, X3, T1); //X3 = X3 - T1 -+ sm2_fp_sub(T1, T3, X3); //T1 = T3 - X3 -+ sm2_fp_mul(T1, T1, T2); //T1 = T1 * T2 -+ sm2_fp_sub(Y3, T1, Y3); //Y3 = T1 - Y3 -+ -+ sm2_bn_copy(R->X, X3); -+ sm2_bn_copy(R->Y, Y3); -+ sm2_bn_copy(R->Z, Z3); -+} -+ -+void sm2_jacobian_point_add(SM2_JACOBIAN_POINT* R, const SM2_JACOBIAN_POINT* P, const SM2_JACOBIAN_POINT* Q) -+{ -+ const PRUint64* X1 = P->X; -+ const PRUint64* Y1 = P->Y; -+ const PRUint64* Z1 = P->Z; -+ const PRUint64* x2 = Q->X; -+ const PRUint64* y2 = Q->Y; -+ SM2_BN T1; -+ SM2_BN T2; -+ SM2_BN T3; -+ SM2_BN T4; -+ SM2_BN X3; -+ SM2_BN Y3; -+ SM2_BN Z3; -+ -+ if (sm2_jacobian_point_is_at_infinity(Q)) { -+ sm2_jacobian_point_copy(R, P); -+ return; -+ } -+ -+ if (sm2_jacobian_point_is_at_infinity(P)) { -+ sm2_jacobian_point_copy(R, Q); -+ return; -+ } -+ -+ assert(sm2_bn_is_one(Q->Z)); -+ -+ sm2_fp_sqr(T1, Z1); -+ sm2_fp_mul(T2, T1, Z1); -+ sm2_fp_mul(T1, T1, x2); -+ sm2_fp_mul(T2, T2, y2); -+ sm2_fp_sub(T1, T1, X1); -+ sm2_fp_sub(T2, T2, Y1); -+ if (sm2_bn_is_zero(T1)) { -+ if (sm2_bn_is_zero(T2)) { -+ SM2_JACOBIAN_POINT _Q, * QQ = &_Q; -+ sm2_jacobian_point_set_xy(QQ, x2, y2); -+ -+ sm2_jacobian_point_dbl(R, QQ); -+ return; -+ } -+ else { -+ sm2_jacobian_point_set_infinity(R); -+ return; -+ } -+ } -+ sm2_fp_mul(Z3, Z1, T1); -+ sm2_fp_sqr(T3, T1); -+ sm2_fp_mul(T4, T3, T1); -+ sm2_fp_mul(T3, T3, X1); -+ sm2_fp_dbl(T1, T3); -+ sm2_fp_sqr(X3, T2); -+ sm2_fp_sub(X3, X3, T1); -+ sm2_fp_sub(X3, X3, T4); -+ sm2_fp_sub(T3, T3, X3); -+ sm2_fp_mul(T3, T3, T2); -+ sm2_fp_mul(T4, T4, Y1); -+ sm2_fp_sub(Y3, T3, T4); -+ -+ sm2_bn_copy(R->X, X3); -+ sm2_bn_copy(R->Y, Y3); -+ sm2_bn_copy(R->Z, Z3); -+} -+ -+void sm2_jacobian_point_mul(SM2_JACOBIAN_POINT* R, const SM2_BN k, const SM2_JACOBIAN_POINT* P) -+{ -+ char bits[257] = { 0 }; -+ SM2_JACOBIAN_POINT _Q, * Q = &_Q; -+ SM2_JACOBIAN_POINT _T, * T = &_T; -+ int i; -+ -+ //point_add need affine, can not use point_add -+ if (!sm2_bn_is_one(P->Z)) { -+ SM2_BN x; -+ SM2_BN y; -+ sm2_jacobian_point_get_xy(P, x, y); -+ sm2_jacobian_point_set_xy(T, x, y); -+ P = T; -+ } -+ -+ sm2_jacobian_point_set_infinity(Q); -+ sm2_bn_to_bits(k, bits); -+ for (i = 0; i < 256; i++) { -+ sm2_jacobian_point_dbl(Q, Q); -+ if (bits[i] == '1') { -+ sm2_jacobian_point_add(Q, Q, P); -+ } -+ } -+ sm2_jacobian_point_copy(R, Q); -+} -+ -+void sm2_jacobian_point_mul_generator(SM2_JACOBIAN_POINT* R, const SM2_BN k) -+{ -+ sm2_jacobian_point_mul(R, k, SM2_G); -+} -+ -+ -+SECStatus -+SM2_SignDigestWithSeed(ECPrivateKey* key, SECItem* signature, -+ const SECItem* digest, const unsigned char* kb, const int kblen) -+{ -+ SECStatus rv = SECFailure; -+ -+ SM2_JACOBIAN_POINT _P, * P = &_P; -+ SM2_BN d; -+ SM2_BN e; -+ SM2_BN k; -+ SM2_BN x; -+ SM2_BN r; -+ SM2_BN s; -+ PRUint8 dgst[32]; -+ PRUint8 private_key[32]; -+ PRUint8 rr[32], ss[32]; -+ -+ memcpy(dgst, digest->data, 32); -+ memcpy(private_key, key->privateValue.data, 32); -+ -+random: -+ sm2_bn_from_bytes(d, private_key); -+ -+ sm2_bn_from_bytes(e, dgst); -+ -+ do { -+ sm2_fn_rand(k); -+ } while (sm2_bn_is_zero(k)); -+ -+ sm2_jacobian_point_mul_generator(P, k); -+ sm2_jacobian_point_get_xy(P, x, NULL); -+ -+ sm2_fn_add(r, e, x); -+ -+ if (sm2_bn_is_zero(r)) { -+ goto random; -+ } -+ sm2_bn_add(x, r, k); -+ if (sm2_bn_cmp(x, SM2_N) == 0) { -+ goto random; -+ } -+ -+ sm2_fn_mul(e, r, d); -+ sm2_fn_sub(k, k, e); -+ sm2_fn_add(e, SM2_ONE, d); -+ sm2_fn_inv(e, e); -+ sm2_fn_mul(s, e, k); -+ -+ sm2_bn_to_bytes(r, rr); -+ sm2_bn_to_bytes(s, ss); -+ memcpy(signature->data, rr, 32); -+ memcpy(signature->data + 32, ss, 32); -+ -+ memset(d, 0, sizeof(d)); -+ memset(e, 0, sizeof(e)); -+ memset(k, 0, sizeof(k)); -+ memset(x, 0, sizeof(x)); -+ -+ rv = SECSuccess; -+ return rv; -+} -\ No newline at end of file -diff --git a/nss/lib/freebl/sm2.h b/nss/lib/freebl/sm2.h -new file mode 100644 -index 0000000..e236dcd ---- /dev/null -+++ b/nss/lib/freebl/sm2.h -@@ -0,0 +1,23 @@ -+/* -+ * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. -+ * -+ * Licensed under the Apache License, Version 2.0 (the License); you may -+ * not use this file except in compliance with the License. -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ */ -+ -+#ifndef _SM2_H_ -+#define _SM2_H_ -+ -+#include -+#include -+#include -+#include -+#include -+#include "seccomon.h" -+#include "blapit.h" -+ -+SECStatus SM2_SignDigestWithSeed(ECPrivateKey* key, SECItem* signature, const SECItem* digest, const unsigned char* kb, const int kblen); -+ -+#endif /* _SM2_H_ */ -\ No newline at end of file --- -2.33.0 - diff --git a/nss.spec b/nss.spec index ea3de34a4bc5311399f8c2412bb64c55d3b9a84d..3b2070dc510f5794094c36eeaf1ab378a67de56b 100644 --- a/nss.spec +++ b/nss.spec @@ -14,7 +14,7 @@ Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 4 +Release: 5 License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Provides: nss-system-init @@ -44,10 +44,10 @@ Patch0: nss-539183.patch Patch6000: backport-CVE-2021-43527.patch # Feature: support sm2 and sm3 -Patch9000: nss-add-implement-of-SM3-digest-algorithm.patch -Patch9001: nss-add-implement-of-SM2-signature-algorithm.patch -Patch9002: nss-support-SM3-digest-algorithm.patch -Patch9003: nss-support-SM2-signature-algorithm.patch +Patch9000: Feature-nss-add-implement-of-SM3-digest-algorithm.patch +Patch9001: Feature-nss-add-implement-of-SM2-signature-algorithm.patch +Patch9002: Feature-nss-support-SM3-digest-algorithm.patch +Patch9003: Feature-nss-support-SM2-signature-algorithm.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -133,12 +133,11 @@ Help document for NSS %patch0 -p0 -b .539183 pushd nss %patch6000 -p1 -popd - %patch9000 -p1 %patch9001 -p1 %patch9002 -p1 %patch9003 -p1 +popd %build @@ -560,16 +559,19 @@ update-crypto-policies &>/dev/null||: %doc %{_mandir}/man* %changelog -* Mon Oct 10 2022 godcansee - 3.72-4 +* Thu Oct 27 2022 luhuaxin - 3.72.0-5 +- optimize support for sm2,sm3 + +* Mon Oct 10 2022 godcansee - 3.72.0-4 - add feature to support for sm2,sm3 -* Sat Jul 30 2022 zhangjun - 3.72-3 +* Sat Jul 30 2022 zhangjun - 3.72.0-3 - remove Requires nss-help -* Tue Dec 28 2021 shangyibin - 3.72-2 +* Tue Dec 28 2021 shangyibin - 3.72.0-2 - fix CVE-2021-43527 -* Mon Nov 29 2021 liudabo - 3.72-1 +* Mon Nov 29 2021 liudabo - 3.72.0-1 - upgrade version to 3.72 * Fri Jul 23 2021 yuanxin - 3.54-10