abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update SM2 Ring Signature

Browse Source
This commit is contained in:
Zhi Guan
2022-11-07 21:18:25 +08:00
parent ae1f044d32
commit 48de342b22
2 changed files with 398 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
include/gmssl/sm2.h
View File

@@ -396,6 +396,44 @@ int sm2_signature_to_public_key_points(const SM2_SIGNATURE *sig, const uint8_t d
SM2_POINT points[4], size_t *points_cnt);
// SM2 Ring Signature
typedef uint8_t sm2_bn_t[32];
int sm2_ring_do_sign(const SM2_KEY *sign_key, const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], uint8_t r[32], sm2_bn_t *s);
int sm2_ring_do_verify(const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], const uint8_t r[32], const sm2_bn_t *s);
int sm2_ring_signature_to_der(const sm2_bn_t r, const sm2_bn_t *s, size_t s_cnt, uint8_t **out, size_t *outlen);
int sm2_ring_signature_from_der(sm2_bn_t r, sm2_bn_t *s, size_t *s_cnt, const uint8_t **in, size_t *inlen);
int sm2_ring_sign(const SM2_KEY *sign_key, const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sm2_ring_verify(const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], const uint8_t *sig, size_t siglen);
#define SM2_RING_SIGN_MAX_SIGNERS 32
typedef struct {
int state;
SM3_CTX sm3_ctx;
SM2_KEY sign_key;
SM2_POINT public_keys[SM2_RING_SIGN_MAX_SIGNERS];
size_t public_keys_count;
char *id;
size_t idlen;
} SM2_RING_SIGN_CTX;
int sm2_ring_sign_init(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *sign_key, const char *id, size_t idlen);
int sm2_ring_sign_add_signer(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *public_key);
int sm2_ring_sign_update(SM2_RING_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_ring_sign_finish(SM2_RING_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
int sm2_ring_verify_init(SM2_RING_SIGN_CTX *ctx, const char *id, size_t idlen);
int sm2_ring_verify_add_signer(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *public_key);
int sm2_ring_verify_update(SM2_RING_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_ring_verify_finish(SM2_RING_SIGN_CTX *ctx, uint8_t *sig, size_t siglen);
#ifdef __cplusplus
}
#endif

398
src/sm2_ring.c
View File

@@ -16,10 +16,6 @@
#include <gmssl/error.h>
typedef uint8_t sm2_bn_t[32];
static int compare_point(const void *P, const void *Q)
{
const uint8_t *p = (uint8_t *)P;
@@ -34,28 +30,42 @@ static int compare_point(const void *P, const void *Q)
return 0;
}
int sm2_ring_public_keys_sort(SM2_POINT *points, size_t points_cnt)
static int sm2_ring_sort_public_keys(SM2_POINT *points, size_t points_cnt)
{
qsort(points, points_cnt, sizeof(SM2_POINT), compare_point);
return 1;
}
int sm2_ring_signature_to_der(const sm2_bn_t r0, const sm2_bn_t *s_vec, size_t s_cnt, uint8_t **out, size_t *outlen)
int sm2_ring_signature_to_der(const sm2_bn_t r, const sm2_bn_t *s, size_t s_cnt, uint8_t **out, size_t *outlen)
{
size_t i, len = 0;
uint8_t *p = *out;
asn1_integer_to_der(r0, 32, NULL, &len);
for (i = 0; i < s_cnt; i++) {
asn1_integer_to_der(s_vec[i], 32, NULL, &len);
if (asn1_integer_to_der(r, 32, NULL, &len) != 1) {
error_print();
return -1;
}
asn1_sequence_header_to_der(len, out, outlen);
asn1_integer_to_der(r0, 32, out, outlen);
for (i = 0; i < s_cnt; i++) {
asn1_integer_to_der(s_vec[i], 32, out, outlen);
if (asn1_integer_to_der(s[i], 32, NULL, &len) != 1) {
error_print();
return -1;
}
}
if (asn1_sequence_header_to_der(len, out, outlen) != 1
|| asn1_integer_to_der(r, 32, out, outlen) != 1) {
error_print();
return -1;
}
for (i = 0; i < s_cnt; i++) {
if (asn1_integer_to_der(s[i], 32, out, outlen) != 1) {
error_print();
return -1;
}
}
return 1;
}
// FIXME: support when s_vec == NULL
int sm2_ring_signature_from_der(sm2_bn_t r0, sm2_bn_t *s_vec, size_t *s_cnt, const uint8_t **in, size_t *inlen)
{
int ret;
@@ -65,26 +75,22 @@ int sm2_ring_signature_from_der(sm2_bn_t r0, sm2_bn_t *s_vec, size_t *s_cnt, con
size_t len;
uint8_t *s = (uint8_t *)&s_vec[0];
if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
asn1_integer_from_der(&p, &len, in, inlen);
if (len > 32) {
if (asn1_integer_from_der(&p, &len, &d, &dlen) != 1
|| asn1_length_le(len, 32) != 1) {
error_print();
return -1;
}
memset(r0, 0, 32);
memcpy(r0 + 32 - len, p, len);
// 应该判定如果s_vec == NULL的情况
(*s_cnt) = 0;
while (inlen) {
asn1_integer_from_der(&p, &len, in, inlen);
if (len > 32) {
*s_cnt = 0;
while (dlen) {
if (asn1_integer_from_der(&p, &len, &d, &dlen) != 1
|| asn1_length_le(len, 32) != 1) {
error_print();
return -1;
}
@@ -94,7 +100,6 @@ int sm2_ring_signature_from_der(sm2_bn_t r0, sm2_bn_t *s_vec, size_t *s_cnt, con
(*s_cnt)++;
}
return 1;
}
@@ -103,7 +108,7 @@ int sm2_ring_do_sign(const SM2_KEY *sign_key,
const uint8_t dgst[32], uint8_t r0[32], sm2_bn_t *s_vec)
{
size_t i;
size_t sign_index = public_keys_cnt;
size_t sign_index = public_keys_cnt; // assign an invalid value
SM2_JACOBIAN_POINT R;
SM2_JACOBIAN_POINT P;
@@ -164,6 +169,9 @@ int sm2_ring_do_sign(const SM2_KEY *sign_key,
// r[i] = x[i] + e (mod n)
sm2_fn_add(r, x, e);
if (i == 0) {
sm2_bn_to_bytes(r, r0);
}
// s[i] = (k[i] - r[i] * d)/(1 + d)
sm2_bn_from_bytes(d, sign_key->private_key);
@@ -216,25 +224,246 @@ int sm2_ring_do_verify(const SM2_POINT *public_keys, size_t public_keys_cnt,
sm2_bn_from_bytes(r_, r0);
if (sm2_bn_cmp(r_, r) != 0) {
//error_print();
return 0;
}
return 1;
}
int sm2_ring_sign(const SM2_KEY *sign_key,
const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], uint8_t *sig, size_t *siglen)
{
sm2_bn_t r;
sm2_bn_t s[SM2_RING_SIGN_MAX_SIGNERS];
if (!public_keys_cnt || public_keys_cnt > sizeof(s)/sizeof(s[0])) {
error_print();
return -1;
}
if (sm2_ring_do_sign(sign_key, public_keys, public_keys_cnt, dgst, r, s) != 1) {
error_print();
return -1;
}
*siglen = 0;
if (sm2_ring_signature_to_der(r, s, public_keys_cnt, &sig, siglen) != 1) {
error_print();
return -1;
}
return 1;
}
int sm2_ring_verify(const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], const uint8_t *sig, size_t siglen)
{
int ret;
sm2_bn_t r;
sm2_bn_t s[SM2_RING_SIGN_MAX_SIGNERS];
size_t s_cnt;
if (!public_keys_cnt || public_keys_cnt > sizeof(s)/sizeof(s[0])) {
error_print();
return -1;
}
if (sm2_ring_signature_from_der(r, s, &s_cnt, &sig, &siglen) != 1
|| asn1_length_is_zero(siglen) != 1) {
error_print();
return -1;
}
if (s_cnt != public_keys_cnt) {
error_print();
return -1;
}
if ((ret = sm2_ring_do_verify(public_keys, public_keys_cnt, dgst, r, s)) < 0) {
error_print();
return -1;
}
return ret;
}
int sm2_ring_sign_init(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *sign_key, const char *id, size_t idlen)
{
sm3_init(&ctx->sm3_ctx);
ctx->sign_key = *sign_key;
ctx->public_keys[0] = sign_key->public_key;
ctx->public_keys_count = 1;
if (!(ctx->id = malloc(idlen + 1))) {
error_print();
return -1;
}
memcpy(ctx->id, id, idlen);
ctx->id[idlen] = 0;
ctx->idlen = idlen;
ctx->state = 0;
return 1;
}
int sm2_ring_sign_add_signer(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *public_key)
{
if (ctx->state) {
error_print();
return -1;
}
if (ctx->public_keys_count >= SM2_RING_SIGN_MAX_SIGNERS) {
error_print();
return -1;
}
ctx->public_keys[ctx->public_keys_count++] = public_key->public_key;
return 1;
}
int sm2_ring_sign_update(SM2_RING_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
{
if (!ctx->state) {
SM2_POINT point = ctx->public_keys[0];
uint8_t z[32];
size_t i;
for (i = 1; i < ctx->public_keys_count; i++) {
sm2_point_add(&point, &point, &ctx->public_keys[i]);
}
sm2_compute_z(z, &point, ctx->id, ctx->idlen);
sm3_update(&ctx->sm3_ctx, z, sizeof(z));
ctx->state = 1;
}
if (data && datalen) {
sm3_update(&ctx->sm3_ctx, data, datalen);
}
return 1;
}
int sm2_ring_sign_finish(SM2_RING_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
{
uint8_t dgst[32];
sm3_finish(&ctx->sm3_ctx, dgst);
if (sm2_ring_sort_public_keys(ctx->public_keys, ctx->public_keys_count) != 1) {
error_print();
return -1;
}
if (sm2_ring_sign(&ctx->sign_key, ctx->public_keys, ctx->public_keys_count, dgst, sig, siglen) != 1) {
error_print();
return -1;
}
return 1;
}
int sm2_ring_verify_init(SM2_RING_SIGN_CTX *ctx, const char *id, size_t idlen)
{
sm3_init(&ctx->sm3_ctx);
ctx->public_keys_count = 0;
if (!(ctx->id = malloc(idlen + 1))) {
error_print();
return -1;
}
memcpy(ctx->id, id, idlen);
ctx->id[idlen] = 0;
ctx->idlen = idlen;
ctx->state = 0;
return 1;
}
int sm2_ring_verify_add_signer(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *public_key)
{
if (ctx->state) {
error_print();
return -1;
}
if (ctx->public_keys_count >= SM2_RING_SIGN_MAX_SIGNERS) {
error_print();
return -1;
}
ctx->public_keys[ctx->public_keys_count++] = public_key->public_key;
return 1;
}
int sm2_ring_verify_update(SM2_RING_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
{
if (!ctx->state) {
SM2_POINT point = ctx->public_keys[0];
uint8_t z[32];
size_t i;
for (i = 1; i < ctx->public_keys_count; i++) {
sm2_point_add(&point, &point, &ctx->public_keys[i]);
}
sm2_compute_z(z, &point, ctx->id, ctx->idlen);
sm3_update(&ctx->sm3_ctx, z, sizeof(z));
ctx->state = 1;
}
if (data && datalen) {
sm3_update(&ctx->sm3_ctx, data, datalen);
}
return 1;
}
int sm2_ring_verify_finish(SM2_RING_SIGN_CTX *ctx, uint8_t *sig, size_t siglen)
{
uint8_t dgst[32];
int ret;
sm3_finish(&ctx->sm3_ctx, dgst);
if (sm2_ring_sort_public_keys(ctx->public_keys, ctx->public_keys_count) != 1) {
error_print();
return -1;
}
if ((ret = sm2_ring_verify(ctx->public_keys, ctx->public_keys_count, dgst, sig, siglen)) != 1) {
error_print();
return -1;
}
return ret;
}
static int test_sm2_ring_do_sign(void)
{
SM2_KEY sign_key;
SM2_KEY key;
SM2_POINT public_keys[5];
int sign_index = 2;
int i;
size_t public_keys_count = sizeof(public_keys)/sizeof(public_keys[0]);
size_t sign_index, i;
uint8_t dgst[32];
uint8_t r0[32];
uint8_t s_vec[5][32];
uint8_t r[32];
uint8_t s[sizeof(public_keys)/sizeof(public_keys[0])][32];
for (i = 0; i < sizeof(public_keys)/sizeof(public_keys[0]); i++) {
for (sign_index = 0; sign_index < 5; sign_index++) {
for (i = 0; i < public_keys_count; i++) {
SM2_KEY key;
sm2_key_generate(&key);
memcpy(&public_keys[i], &(key.public_key), sizeof(SM2_POINT));
if (i == sign_index) {
memcpy(&sign_key, &key, sizeof(SM2_KEY));
}
}
if (sm2_ring_do_sign(&sign_key, public_keys, public_keys_count, dgst, r, s) != 1) {
error_print();
return -1;
}
if (sm2_ring_do_verify(public_keys, public_keys_count, dgst, r, s) != 1) {
error_print();
return -1;
}
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
int test_sm2_ring_sign(void)
{
SM2_KEY sign_key;
SM2_POINT public_keys[5];
size_t public_keys_count = sizeof(public_keys)/sizeof(public_keys[0]);
size_t sign_index = 2, i;
uint8_t dgst[32];
uint8_t sig[9 + (2 + 33) * (1 + sizeof(public_keys)/sizeof(public_keys[0]))];
size_t siglen = 0;
for (i = 0; i < public_keys_count; i++) {
SM2_KEY key;
sm2_key_generate(&key);
memcpy(&public_keys[i], &(key.public_key), sizeof(SM2_POINT));
@@ -242,13 +471,106 @@ static int test_sm2_ring_do_sign(void)
memcpy(&sign_key, &key, sizeof(SM2_KEY));
}
}
if (sm2_ring_sign(&sign_key, public_keys, public_keys_count, dgst, sig, &siglen) != 1) {
error_print();
return -1;
}
if (sm2_ring_verify(public_keys, 5, dgst, sig, siglen) != 1) {
error_print();
return -1;
}
sm2_ring_do_sign(&sign_key, public_keys, 5, dgst, r0, &s_vec[0]);
i = sm2_ring_do_verify(public_keys, 5, dgst, r0, s_vec);
printf("ret = %d\n", i);
printf("%s() ok\n", __FUNCTION__);
return 1;
}
int test_sm2_ring_sign_crosscheck(void)
{
SM2_KEY sign_key;
SM2_POINT public_key;
uint8_t dgst[32];
uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen = 0;
sm2_key_generate(&sign_key);
public_key = sign_key.public_key;
if (sm2_ring_sign(&sign_key, &public_key, 1, dgst, sig, &siglen) != 1) {
error_print();
return -1;
}
if (sm2_ring_verify(&public_key, 1, dgst, sig, siglen) != 1) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
int test_sm2_ring_sign_update(void)
{
SM2_KEY keys[5];
SM2_RING_SIGN_CTX sign_ctx;
SM2_RING_SIGN_CTX verify_ctx;
size_t public_keys_count = sizeof(keys)/sizeof(keys[0]);
char *id = "Alice";
uint8_t msg[128] = {0};
uint8_t sig[9 + (2 + 33) * (1 + sizeof(keys)/sizeof(keys[0]))];
size_t siglen = 0;
size_t i;
for (i = 0; i < public_keys_count; i++) {
sm2_key_generate(&keys[i]);
}
if (sm2_ring_sign_init(&sign_ctx, &keys[0], id, strlen(id)) != 1) {
error_print();
return -1;
}
for (i = 1; i < public_keys_count; i++) {
if (sm2_ring_sign_add_signer(&sign_ctx, &keys[i]) != 1) {
error_print();
return -1;
}
}
if (sm2_ring_sign_update(&sign_ctx, msg, 32) != 1
|| sm2_ring_sign_update(&sign_ctx, msg + 32, 32) != 1
|| sm2_ring_sign_update(&sign_ctx, msg + 64, 64) != 1
|| sm2_ring_sign_finish(&sign_ctx, sig, &siglen) != 1) {
error_print();
return -1;
}
if (sm2_ring_verify_init(&verify_ctx, id, strlen(id)) != 1) {
error_print();
return -1;
}
for (i = 0; i < public_keys_count; i++) {
if (sm2_ring_verify_add_signer(&verify_ctx, &keys[i]) != 1) {
error_print();
return -1;
}
}
if (sm2_ring_verify_update(&verify_ctx, msg, sizeof(msg)) != 1) {
error_print();
return -1;
}
if (sm2_ring_verify_finish(&verify_ctx, sig, siglen) != 1) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
int test_sm2_ring()
{
if (test_sm2_ring_do_sign() != 1) { error_print(); return -1; }
if (test_sm2_ring_sign() != 1) { error_print(); return -1; }
if (test_sm2_ring_sign_crosscheck() != 1) { error_print(); return -1; }
if (test_sm2_ring_sign_update() != 1) { error_print(); return -1; }
return 1;
}