On 23/04/2020 03:36, Billy Brumley wrote: >> I'm tasked to implement certain cryptographic functions (chiefly >> signature creation/validation) using the SM2 algorithm for a >> communication testing application. My problem is that the standard which >> I need to follow (which is, unfortunately, not a public standard) states >> that the signature needs to be generated over H(data input) || H(some >> ID) , so I cannot use the EVP-Method as I understand it from >> https://www.openssl.org/docs/manmaster/man7/SM2.html (here, H is the SM3 >> hash function). This would be possible to achieve by generating the >> digest and then using the (albeit deprecated) function ECDSA_do_sign for >> ECDSA but I don't know how to do it for SM2. > > It seems like you're trying to roll your own SM2 -- don't do that ;) Agreed - I echo Billy's concern! > >> Is there any way to do this with openssl? Any help or pointer is very >> much appreciated! > > I ... think it is possible directly with EVP and control strings. Step through > > openssl pkeyutl -inkey private.key -in /some/file -rawin -sign > -pkeyopt sm2_id:foobar > > in a debugger and that should get you on the right path. Unfortunately, the SM2 id does something different to this I think. I'm not an SM2 expert but I believe that does: H( H(stuff || id || other_stuff) || M ) You should be able to use the EVP_PKEY_sign_init()/EVP_PKEY_sign() functions to sign pre-digested input. https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_sign.html Matt
