Does mp-spdz supports SM2 encrypted algorithm?

[BeStrongok]

I use these commands to generate the key and self-signed certification of partners:

openssl ecparam -genkey -name SM2 -out $ssl_dir/P$i.key openssl req -new -subj "/CN=P$i" -nodes -out $ssl_dir/ca$i.csr -key $ssl_dir/P$i.key -config ./Scripts/zz.cnf openssl x509 -req -days 3650 -extfile ./Scripts/v3-ca.ext -signkey $ssl_dir/P$i.key -in $ssl_dir/ca$i.csr -out $ssl_dir/P$i.pem

when i run shamir-party.x, something wrong: Using security parameter 40 Client-side handshake with P1 failed. Make sure both sides have the necessary certificate (Player-Data/P2.pem in the default configuration on their side and Player-Data/P1.pem on ours), and runc_rehash on its location. The certificates should be the same on every host. Also make sure that it's still valid. Certificates generated withScripts/setup-ssl.shexpire after a month. See also https://mp-spdz.readthedocs.io/en/latest/troubleshooting.html#handshake-failures

is there any way to fix it? thanks!

[mkskeller]

Every instance should output a line saying Signature (should match the other side). Does the string that follows match between party 1 and 2?

[BeStrongok]

yes, it does, follows Signature (should match the other side)

[BeStrongok]

the error log of party 1 is: terminate called after throwing an instance of 'boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector >' what(): handshake: no suitable signature algorithm

[mkskeller]

MP-SPDZ uses the OpenSSL defaults for the choice of algorithms, which does not seem to include SM2. You probably need to add the desired algorithm using the following function (or similar): https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_sigalgs_list.html The ctx handle is accessible via native_handle() of ssl_ctx objects: https://github.com/data61/MP-SPDZ/blob/1460c9b5748c7cb7779cb79b2d3de792106be1f2/Networking/ssl_sockets.h#L26

[BeStrongok]

thank you for your reply!!