diff --git a/CMakeLists.txt b/CMakeLists.txt index 539d37a2..4fbd751e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -937,7 +937,7 @@ endif() # set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_VENDOR "GmSSL develop team") -set(CPACK_PACKAGE_VERSION "3.3.0-dev.1156") +set(CPACK_PACKAGE_VERSION "3.3.0-dev.1157") set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_NSIS_MODIFY_PATH ON) include(CPack) diff --git a/include/gmssl/sm9_z256.h b/include/gmssl/sm9_z256.h index 01f8c0c1..b5015cea 100644 --- a/include/gmssl/sm9_z256.h +++ b/include/gmssl/sm9_z256.h @@ -36,12 +36,8 @@ uint64_t sm9_z256_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b); void sm9_z256_mul(uint64_t r[8], const sm9_z256_t a, const sm9_z256_t b); void sm9_z256_from_bytes(sm9_z256_t r, const uint8_t in[32]); void sm9_z256_to_bytes(const sm9_z256_t a, uint8_t out[32]); -int sm9_z256_from_hex(sm9_z256_t r, const char *hex); -void sm9_z256_to_hex(const sm9_z256_t r, char hex[64]); -int sm9_z256_equ_hex(const sm9_z256_t a, const char *hex); void sm9_z256_to_bits(const sm9_z256_t a, char bits[256]); int sm9_z256_rand_range(sm9_z256_t r, const sm9_z256_t range); -void sm9_z256_print_bn(const char *prefix, const sm9_z256_t a); int sm9_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm9_z256_t a); const uint64_t *sm9_z256_prime(void); @@ -81,8 +77,6 @@ void sm9_z256_fp2_copy(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); int sm9_z256_fp2_rand(sm9_z256_fp2_t r); void sm9_z256_fp2_to_bytes(const sm9_z256_fp2_t a, uint8_t buf[64]); int sm9_z256_fp2_from_bytes(sm9_z256_fp2_t r, const uint8_t buf[64]); -void sm9_z256_fp2_to_hex(const sm9_z256_fp2_t a, char hex[129]); -int sm9_z256_fp2_from_hex(sm9_z256_fp2_t r, const char hex[129]); void sm9_z256_fp2_add(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b); void sm9_z256_fp2_dbl(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); void sm9_z256_fp2_tri(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); @@ -109,8 +103,6 @@ int sm9_z256_fp4_rand(sm9_z256_fp4_t r); void sm9_z256_fp4_copy(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); void sm9_z256_fp4_to_bytes(const sm9_z256_fp4_t a, uint8_t buf[128]); int sm9_z256_fp4_from_bytes(sm9_z256_fp4_t r, const uint8_t buf[128]); -int sm9_z256_fp4_from_hex(sm9_z256_fp4_t r, const char hex[259]); -void sm9_z256_fp4_to_hex(const sm9_z256_fp4_t a, char hex[259]); void sm9_z256_fp4_add(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_fp4_t b); void sm9_z256_fp4_dbl(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); void sm9_z256_fp4_sub(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_fp4_t b); @@ -136,12 +128,9 @@ void sm9_z256_fp12_set_one(sm9_z256_fp12_t r); void sm9_z256_fp12_set_zero(sm9_z256_fp12_t r); void sm9_z256_fp12_copy(sm9_z256_fp12_t r, const sm9_z256_fp12_t a); int sm9_z256_fp12_rand(sm9_z256_fp12_t r); -int sm9_z256_fp12_from_hex(sm9_z256_fp12_t r, const char hex[779]); // 779 = 64*12 + 11 -void sm9_z256_fp12_to_hex(const sm9_z256_fp12_t a, char hex[779]); void sm9_z256_fp12_to_bytes(const sm9_z256_fp12_t a, uint8_t buf[384]); int sm9_z256_fp12_from_bytes(sm9_z256_fp12_t r, const uint8_t buf[384]); -void sm9_z256_fp12_print(const char *prefix, const sm9_z256_fp12_t a); void sm9_z256_fp12_set(sm9_z256_fp12_t r, const sm9_z256_fp4_t a0, const sm9_z256_fp4_t a1, const sm9_z256_fp4_t a2); int sm9_z256_fp12_equ(const sm9_z256_fp12_t a, const sm9_z256_fp12_t b); void sm9_z256_fp12_add(sm9_z256_fp12_t r, const sm9_z256_fp12_t a, const sm9_z256_fp12_t b); @@ -169,7 +158,6 @@ typedef struct { const SM9_Z256_POINT *sm9_z256_generator(void); -int sm9_z256_point_from_hex(SM9_Z256_POINT *R, const char hex[129]); int sm9_z256_point_is_at_infinity(const SM9_Z256_POINT *P); void sm9_z256_point_set_infinity(SM9_Z256_POINT *R); void sm9_z256_point_get_xy(const SM9_Z256_POINT *P, sm9_z256_t x, sm9_z256_t y); @@ -208,7 +196,6 @@ int sm9_z256_twist_point_to_uncompressed_octets(const SM9_Z256_TWIST_POINT *P, u int sm9_z256_twist_point_from_uncompressed_octets(SM9_Z256_TWIST_POINT *P, const uint8_t octets[129]); int sm9_z256_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_Z256_TWIST_POINT *P); -void sm9_z256_twist_point_from_hex(SM9_Z256_TWIST_POINT *R, const char hex[259]); // 259 = 64 * 4 + 3 int sm9_z256_twist_point_is_at_infinity(const SM9_Z256_TWIST_POINT *P); void sm9_z256_twist_point_set_infinity(SM9_Z256_TWIST_POINT *R); void sm9_z256_twist_point_get_xy(const SM9_Z256_TWIST_POINT *P, sm9_z256_fp2_t x, sm9_z256_fp2_t y); diff --git a/include/gmssl/version.h b/include/gmssl/version.h index 9747e783..c564b456 100644 --- a/include/gmssl/version.h +++ b/include/gmssl/version.h @@ -18,7 +18,7 @@ extern "C" { #define GMSSL_VERSION_NUM 30300 -#define GMSSL_VERSION_STR "GmSSL 3.3.0-dev.1156" +#define GMSSL_VERSION_STR "GmSSL 3.3.0-dev.1157" int gmssl_version_num(void); const char *gmssl_version_str(void); diff --git a/src/sm9_lib.c b/src/sm9_lib.c index 30faa931..3b44c916 100644 --- a/src/sm9_lib.c +++ b/src/sm9_lib.c @@ -126,9 +126,6 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE * return -1; } - // Only for testing - //sm9_z256_from_hex(r, "00033C8616B06704813203DFD00965022ED15975C662337AED648835DC4B1CBE"); - // A3: w = g^r sm9_z256_fp12_pow(g, g, r); sm9_z256_fp12_to_bytes(g, wbuf); @@ -529,9 +526,6 @@ int sm9_exch_step_1A(const SM9_EXCH_MASTER_KEY *mpk, const char *idB, size_t idB error_print(); return -1; } - // Only for testing - sm9_z256_from_hex(rA, "00005879DD1D51E175946F23B1B41E93BA31C584AE59A426EC1046A4D03B06C8"); - // A3: RA = rA * Q sm9_z256_point_mul(RA, rA, RA); @@ -560,9 +554,6 @@ int sm9_exch_step_1B(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idA error_print(); return -1; } - // Only for testing - sm9_z256_from_hex(rB, "00018B98C44BEF9F8537FB7D071B2C928B3BC65BD3D69E1EEE213564905634FE"); - // B3: RB = rB * Q sm9_z256_point_mul(RB, rB, RB); diff --git a/src/sm9_z256.c b/src/sm9_z256.c index b57acde8..50c2b7ae 100644 --- a/src/sm9_z256.c +++ b/src/sm9_z256.c @@ -13,7 +13,6 @@ #include #include #include -#include #include #include #include @@ -21,9 +20,6 @@ #include -#define SM9_Z256_HEX_SEP '\n' - - const sm9_z256_t SM9_Z256_ONE = {1,0,0,0}; @@ -364,49 +360,6 @@ int sm9_z256_get_booth(const uint64_t a[4], uint64_t window_size, int i) return (int)(wbits & mask) - (int)((wbits >> 1) & mask); } -int sm9_z256_from_hex(sm9_z256_t r, const char *hex) -{ - uint8_t buf[32]; - size_t len; - - if (strlen(hex) < 64) { - error_print(); - return -1; - } - if (hex_to_bytes(hex, 64, buf, &len) != 1) { - error_print(); - return -1; - } - sm9_z256_from_bytes(r, buf); - return 1; -} - -void sm9_z256_to_hex(const sm9_z256_t r, char hex[64]) -{ - int i; - for (i = 3; i >= 0; i--) { - (void)sprintf(hex + 16*(3-i), "%016llx", (unsigned long long)r[i]); - } -} - -void sm9_z256_print_bn(const char *prefix, const sm9_z256_t a) -{ - char hex[65] = {0}; - sm9_z256_to_hex(a, hex); - printf("%s\n%s\n", prefix, hex); -} - -int sm9_z256_equ_hex(const sm9_z256_t a, const char *hex) -{ - sm9_z256_t b; - sm9_z256_from_hex(b, hex); - if (sm9_z256_cmp(a, b) == 0) { - return 1; - } else { - return 0; - } -} - int sm9_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm9_z256_t a) { format_print(fp, ind, fmt, "%s: %016lx%016lx%016lx%016lx\n", label, a[3], a[2], a[1], a[0]); @@ -810,47 +763,6 @@ int sm9_z256_fp2_from_bytes(sm9_z256_fp2_t r, const uint8_t buf[64]) return 1; } -int sm9_z256_fp2_from_hex(sm9_z256_fp2_t r, const char hex[64 * 2 + 1]) -{ - if (sm9_z256_from_hex(r[1], hex) != 1) { - error_print(); - return -1; - } - if (sm9_z256_cmp(r[1], SM9_Z256_P) >= 0) { - error_print(); - return -1; - } - sm9_z256_modp_to_mont(r[1], r[1]); - - if (hex[64] != SM9_Z256_HEX_SEP) { - error_print(); - return -1; - } - - if (sm9_z256_from_hex(r[0], hex + 65) != 1) { - error_print(); - return -1; - } - if (sm9_z256_cmp(r[0], SM9_Z256_P) >= 0) { - error_print(); - return -1; - } - sm9_z256_modp_to_mont(r[0], r[0]); - - return 1; -} - -void sm9_z256_fp2_to_hex(const sm9_z256_fp2_t a, char hex[64 * 2 + 1]) -{ - sm9_z256_t z; - - sm9_z256_modp_from_mont(z, a[1]); - sm9_z256_to_hex(z, hex); - hex[64] = SM9_Z256_HEX_SEP; - sm9_z256_modp_from_mont(z, a[0]); - sm9_z256_to_hex(z, hex + 65); -} - void sm9_z256_fp2_add(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b) { sm9_z256_modp_add(r[0], a[0], b[0]); @@ -1116,30 +1028,6 @@ int sm9_z256_fp4_from_bytes(sm9_z256_fp4_t r, const uint8_t buf[128]) return 1; } -int sm9_z256_fp4_from_hex(sm9_z256_fp4_t r, const char hex[64 * 4 + 3]) -{ - if (sm9_z256_fp2_from_hex(r[1], hex) != 1) { - error_print(); - return -1; - } - if (hex[129] != SM9_Z256_HEX_SEP) { - error_print(); - return -1; - } - if (sm9_z256_fp2_from_hex(r[0], hex + 130) != 1) { - error_print(); - return -1; - } - return 1; -} - -void sm9_z256_fp4_to_hex(const sm9_z256_fp4_t a, char hex[64 * 4 + 3]) -{ - sm9_z256_fp2_to_hex(a[1], hex); - hex[129] = SM9_Z256_HEX_SEP; - sm9_z256_fp2_to_hex(a[0], hex + 130); -} - void sm9_z256_fp4_add(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_fp4_t b) { sm9_z256_fp2_add(r[0], a[0], b[0]); @@ -1336,28 +1224,6 @@ void sm9_z256_fp12_set_one(sm9_z256_fp12_t r) sm9_z256_fp4_copy(r[2], SM9_Z256_FP4_ZERO); } -int sm9_z256_fp12_from_hex(sm9_z256_fp12_t r, const char hex[64 * 12 + 11]) -{ - if (sm9_z256_fp4_from_hex(r[2], hex) != 1 - || hex[65 * 4 - 1] != SM9_Z256_HEX_SEP - || sm9_z256_fp4_from_hex(r[1], hex + 65 * 4) != 1 - || hex[65 * 4 - 1] != SM9_Z256_HEX_SEP - || sm9_z256_fp4_from_hex(r[0], hex + 65 * 8) != 1) { - error_print(); - return -1; - } - return 1; -} - -void sm9_z256_fp12_to_hex(const sm9_z256_fp12_t a, char hex[64 * 12 + 11]) -{ - sm9_z256_fp4_to_hex(a[2], hex); - hex[65 * 4 - 1] = SM9_Z256_HEX_SEP; - sm9_z256_fp4_to_hex(a[1], hex + 65 * 4); - hex[65 * 8 - 1] = SM9_Z256_HEX_SEP; - sm9_z256_fp4_to_hex(a[0], hex + 65 * 8); -} - void sm9_z256_fp12_to_bytes(const sm9_z256_fp12_t a, uint8_t buf[32 * 12]) { sm9_z256_fp4_to_bytes(a[2], buf); @@ -1382,13 +1248,6 @@ int sm9_z256_fp12_from_bytes(sm9_z256_fp12_t r, const uint8_t buf[32 * 12]) return 1; } -void sm9_z256_fp12_print(const char *prefix, const sm9_z256_fp12_t a) -{ - char hex[65 * 12]; - sm9_z256_fp12_to_hex(a, hex); - printf("%s\n%s\n", prefix, hex); -} - void sm9_z256_fp12_set(sm9_z256_fp12_t r, const sm9_z256_fp4_t a0, const sm9_z256_fp4_t a1, const sm9_z256_fp4_t a2) { sm9_z256_fp4_copy(r[0], a0); @@ -1760,38 +1619,6 @@ void sm9_z256_fp12_frobenius6(sm9_z256_fp12_t r, const sm9_z256_fp12_t x) sm9_z256_fp4_copy(r[2], c); } -int sm9_z256_point_from_hex(SM9_Z256_POINT *R, const char hex[64 * 2 + 1]) -{ - if (sm9_z256_from_hex(R->X, hex) != 1) { - error_print(); - return -1; - } - if (sm9_z256_cmp(R->X, SM9_Z256_P) >= 0) { - error_print(); - return -1; - } - sm9_z256_modp_to_mont(R->X, R->X); - - if (hex[64] != SM9_Z256_HEX_SEP) { - error_print(); - return -1; - } - - if (sm9_z256_from_hex(R->Y, hex + 65) != 1) { - error_print(); - return -1; - } - if (sm9_z256_cmp(R->Y, SM9_Z256_P) >= 0) { - error_print(); - return -1; - } - sm9_z256_modp_to_mont(R->Y, R->Y); - - sm9_z256_copy(R->Z, SM9_Z256_MODP_MONT_ONE); - - return 1; -} - int sm9_z256_point_is_at_infinity(const SM9_Z256_POINT *P) { if (sm9_z256_is_zero(P->Z)) { @@ -2152,13 +1979,6 @@ int sm9_z256_twist_point_print(FILE *fp, int fmt, int ind, const char *label, co return 1; } -void sm9_z256_twist_point_from_hex(SM9_Z256_TWIST_POINT *R, const char hex[64 * 4 + 3]) -{ - sm9_z256_fp2_from_hex(R->X, hex); - sm9_z256_fp2_from_hex(R->Y, hex + 65 * 2); - sm9_z256_fp2_set_one(R->Z); -} - int sm9_z256_twist_point_is_at_infinity(const SM9_Z256_TWIST_POINT *P) { return sm9_z256_fp2_is_zero(P->Z); diff --git a/tests/sm9test.c b/tests/sm9test.c index 96d8b915..afa51460 100644 --- a/tests/sm9test.c +++ b/tests/sm9test.c @@ -18,6 +18,126 @@ #include +#define SM9_Z256_TEST_HEX_SEP '\n' + +static const sm9_z256_t SM9_Z256_TEST_P = { + 0xe56f9b27e351457d, 0x21f2934b1a7aeedb, 0xd603ab4ff58ec745, 0xb640000002a3a6f1 +}; + +static int sm9_z256_from_hex(sm9_z256_t r, const char *hex) +{ + uint8_t buf[32]; + size_t len; + + if (strlen(hex) < 64) { + error_print(); + return -1; + } + if (hex_to_bytes(hex, 64, buf, &len) != 1) { + error_print(); + return -1; + } + sm9_z256_from_bytes(r, buf); + return 1; +} + +static int sm9_z256_equ_hex(const sm9_z256_t a, const char *hex) +{ + sm9_z256_t b; + + if (sm9_z256_from_hex(b, hex) != 1) { + error_print(); + return 0; + } + return sm9_z256_cmp(a, b) == 0; +} + +static int sm9_z256_fp2_from_hex(sm9_z256_fp2_t r, const char hex[64 * 2 + 1]) +{ + if (sm9_z256_from_hex(r[1], hex) != 1 + || sm9_z256_cmp(r[1], SM9_Z256_TEST_P) >= 0) { + error_print(); + return -1; + } + sm9_z256_modp_to_mont(r[1], r[1]); + + if (hex[64] != SM9_Z256_TEST_HEX_SEP) { + error_print(); + return -1; + } + + if (sm9_z256_from_hex(r[0], hex + 65) != 1 + || sm9_z256_cmp(r[0], SM9_Z256_TEST_P) >= 0) { + error_print(); + return -1; + } + sm9_z256_modp_to_mont(r[0], r[0]); + + return 1; +} + +static int sm9_z256_fp4_from_hex(sm9_z256_fp4_t r, const char hex[64 * 4 + 3]) +{ + if (sm9_z256_fp2_from_hex(r[1], hex) != 1 + || hex[129] != SM9_Z256_TEST_HEX_SEP + || sm9_z256_fp2_from_hex(r[0], hex + 130) != 1) { + error_print(); + return -1; + } + return 1; +} + +static int sm9_z256_fp12_from_hex(sm9_z256_fp12_t r, const char hex[64 * 12 + 11]) +{ + if (sm9_z256_fp4_from_hex(r[2], hex) != 1 + || hex[65 * 4 - 1] != SM9_Z256_TEST_HEX_SEP + || sm9_z256_fp4_from_hex(r[1], hex + 65 * 4) != 1 + || hex[65 * 8 - 1] != SM9_Z256_TEST_HEX_SEP + || sm9_z256_fp4_from_hex(r[0], hex + 65 * 8) != 1) { + error_print(); + return -1; + } + return 1; +} + +static int sm9_z256_point_from_hex(SM9_Z256_POINT *R, const char hex[64 * 2 + 1]) +{ + if (sm9_z256_from_hex(R->X, hex) != 1 + || sm9_z256_cmp(R->X, SM9_Z256_TEST_P) >= 0) { + error_print(); + return -1; + } + sm9_z256_modp_to_mont(R->X, R->X); + + if (hex[64] != SM9_Z256_TEST_HEX_SEP) { + error_print(); + return -1; + } + + if (sm9_z256_from_hex(R->Y, hex + 65) != 1 + || sm9_z256_cmp(R->Y, SM9_Z256_TEST_P) >= 0) { + error_print(); + return -1; + } + sm9_z256_modp_to_mont(R->Y, R->Y); + sm9_z256_set_one(R->Z); + sm9_z256_modp_to_mont(R->Z, R->Z); + + return 1; +} + +static int sm9_z256_twist_point_from_hex(SM9_Z256_TWIST_POINT *R, const char hex[64 * 4 + 3]) +{ + if (sm9_z256_fp2_from_hex(R->X, hex) != 1 + || sm9_z256_fp2_from_hex(R->Y, hex + 65 * 2) != 1) { + error_print(); + return -1; + } + sm9_z256_fp2_set_one(R->Z); + return 1; +} + + #define hex_iv "123456789abcdef00fedcba987654321123456789abcdef00fedcba987654321" #define hex_fp_add "114efe24536598809df494ff7657484edff1812d51c3955b7d869149aa123d31" #define hex_fp_sub "43cee97c9abed9be3efe7ffffc9d30abe1d643b9b27ea351460aabb2239d3fd4" @@ -838,13 +958,72 @@ err: "44B0294AA04290E1524FF3E3DA8CFD432BB64DE3A8040B5B88D1B5FC86A4EBC1\n" \ "8CFC48FB4FF37F1E27727464F3C34E2153861AD08E972D1625FC1A7BD18D5539" +#define hex_rA "00005879DD1D51E175946F23B1B41E93BA31C584AE59A426EC1046A4D03B06C8" +#define hex_rB "00018B98C44BEF9F8537FB7D071B2C928B3BC65BD3D69E1EEE213564905634FE" + +static int sm9_z256_test_exch_step_1A(const SM9_EXCH_MASTER_KEY *mpk, const char *idB, size_t idBlen, + SM9_Z256_POINT *RA, const sm9_z256_t rA) +{ + sm9_z256_t h; + + sm9_z256_hash1(h, idB, idBlen, SM9_HID_EXCH); + sm9_z256_point_mul(RA, h, sm9_z256_generator()); + sm9_z256_point_add(RA, RA, &mpk->Ppube); + sm9_z256_point_mul(RA, rA, RA); + + return 1; +} + +static int sm9_z256_test_exch_step_1B(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idAlen, + const char *idB, size_t idBlen, const SM9_EXCH_KEY *key, const SM9_Z256_POINT *RA, + SM9_Z256_POINT *RB, const sm9_z256_t randB, uint8_t *sk, size_t klen) +{ + sm9_z256_t h; + sm9_z256_fp12_t G1, G2, G3; + uint8_t g1[32 * 12], g2[32 * 12], g3[32 * 12]; + uint8_t ta[65], tb[65]; + SM3_KDF_CTX kdf_ctx; + + sm9_z256_hash1(h, idA, idAlen, SM9_HID_EXCH); + sm9_z256_point_mul(RB, h, sm9_z256_generator()); + sm9_z256_point_add(RB, RB, &mpk->Ppube); + sm9_z256_point_mul(RB, randB, RB); + + if (!sm9_z256_point_is_on_curve(RA)) { + error_print(); + return -1; + } + sm9_z256_pairing(G1, &key->de, RA); + sm9_z256_pairing(G2, sm9_z256_twist_generator(), &mpk->Ppube); + sm9_z256_fp12_pow(G2, G2, randB); + sm9_z256_fp12_pow(G3, G1, randB); + + sm9_z256_point_to_uncompressed_octets(RA, ta); + sm9_z256_point_to_uncompressed_octets(RB, tb); + sm9_z256_fp12_to_bytes(G1, g1); + sm9_z256_fp12_to_bytes(G2, g2); + sm9_z256_fp12_to_bytes(G3, g3); + + sm3_kdf_init(&kdf_ctx, klen); + sm3_kdf_update(&kdf_ctx, (uint8_t *)idA, idAlen); + sm3_kdf_update(&kdf_ctx, (uint8_t *)idB, idBlen); + sm3_kdf_update(&kdf_ctx, ta + 1, 64); + sm3_kdf_update(&kdf_ctx, tb + 1, 64); + sm3_kdf_update(&kdf_ctx, g1, sizeof(g1)); + sm3_kdf_update(&kdf_ctx, g2, sizeof(g2)); + sm3_kdf_update(&kdf_ctx, g3, sizeof(g3)); + sm3_kdf_finish(&kdf_ctx, sk); + + return 1; +} + int test_sm9_z256_exchange() { SM9_EXCH_MASTER_KEY msk; SM9_EXCH_KEY keyA, keyB; SM9_Z256_TWIST_POINT de; SM9_Z256_POINT RA, RB; - sm9_z256_t rA; + sm9_z256_t rA, randB; size_t i, j = 1; uint8_t idA[5] = {0x41, 0x6C, 0x69, 0x63, 0x65}; @@ -859,8 +1038,10 @@ int test_sm9_z256_exchange() sm9_z256_twist_point_from_hex(&de, hex_deA); if (!sm9_z256_twist_point_equ(&(keyA.de), &de)) goto err; ++j; sm9_z256_twist_point_from_hex(&de, hex_deB); if (!sm9_z256_twist_point_equ(&(keyB.de), &de)) goto err; ++j; - if (sm9_exch_step_1A(&msk, (char *)idB, sizeof(idB), &RA, rA) < 0) goto err; ++j; - if (sm9_exch_step_1B(&msk, (char *)idA, sizeof(idA), (char *)idB, sizeof(idB), &keyB, &RA, &RB, skB, klen) < 0) goto err; ++j; + if (sm9_z256_from_hex(rA, hex_rA) != 1) goto err; ++j; + if (sm9_z256_from_hex(randB, hex_rB) != 1) goto err; ++j; + if (sm9_z256_test_exch_step_1A(&msk, (char *)idB, sizeof(idB), &RA, rA) < 0) goto err; ++j; + if (sm9_z256_test_exch_step_1B(&msk, (char *)idA, sizeof(idA), (char *)idB, sizeof(idB), &keyB, &RA, &RB, randB, skB, klen) < 0) goto err; ++j; if (sm9_exch_step_2A(&msk, (char *)idA, sizeof(idA), (char *)idB, sizeof(idB), &keyA, rA, &RA, &RB, skA, klen) < 0) goto err; ++j; for (i = 0; i < klen; i++) {