abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 08:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

speed-update

Browse Source
This commit is contained in:
Gorachya
2019-09-06 15:48:13 +08:00
parent daa5001175
commit 6ed1124625
4 changed files with 295 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

286
apps/speed.c
View File

@@ -148,7 +148,7 @@
#define BUFSIZE (1024*16+1)
#define MAX_MISALIGNMENT 63
#define ALGOR_NUM 34
#define ALGOR_NUM 33
#define SIZE_NUM 6
#define PRIME_NUM 3
#define RSA_NUM 7
@@ -202,6 +202,7 @@ typedef struct loopargs_st {
#ifndef OPENSSL_NO_SM9
SM9PublicParameters *sm9mpk[SM9_NUM];
SM9PrivateKey *sm9sk[SM9_NUM];
SM9MasterSecret *sm9mst[SM9_NUM];
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
@@ -297,7 +298,7 @@ static const char *names[ALGOR_NUM] = {
"camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
"evp", "sha256", "sha512", "whirlpool",
"aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
"sm3", "sms4 cbc", "zuc", "zuc256"
"sm3", "sms4 cbc", "zuc"
};
static double results[ALGOR_NUM][SIZE_NUM];
@@ -483,7 +484,6 @@ OPTIONS speed_options[] = {
#define D_SM3 30
#define D_CBC_SMS4 31
#define D_ZUC 32
#define D_ZUC256 33
static OPT_PAIR doit_choices[] = {
#ifndef OPENSSL_NO_MD2
{"md2", D_MD2},
@@ -562,7 +562,6 @@ static OPT_PAIR doit_choices[] = {
#endif
#ifndef OPENSSL_NO_ZUC
{"zuc", D_ZUC},
{"zuc256", D_ZUC256},
#endif
{NULL}
};
@@ -1124,23 +1123,91 @@ static long sm9sign_c[SM9_NUM][2];
static int SM9_sign_loop(void *args)
{
return 1;
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
SM9PrivateKey **sm9 = tempargs->sm9sk;
unsigned char *sm9sig = tempargs->buf2;
unsigned int *sm9siglen = &tempargs->siglen;
int ret, count;
for (count = 0; COND(sm9sign_c[testnum][0]); count++) {
ret = SM9_sign(NID_sm3, buf, 32, sm9sig, sm9siglen, sm9[testnum]);
if (ret == 0) {
BIO_printf(bio_err, "SM9 sign failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
}
return count;
}
static char* sm9verify_id = "sm9_verify";
static size_t sm9verify_idlen = 10;
static int SM9_verify_loop(void *args)
{
return 1;
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
SM9PublicParameters **sm9 = tempargs->sm9mpk;
unsigned char *sm9sig = tempargs->buf2;
unsigned int sm9siglen = tempargs->siglen;
int ret, count;
for (count = 0; COND(sm9sign_c[testnum][1]); count++) {
ret = SM9_verify(NID_sm3, buf, 32, sm9sig, sm9siglen, sm9[testnum], sm9verify_id, sm9verify_idlen);
if (ret != 1) {
BIO_printf(bio_err, "SM9 verify failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
}
return count;
}
static long sm9enc_c[SM9_NUM][2];
static char* sm9enc_id = "sm9_enc";
static size_t sm9enc_idlen = 7;
static int SM9_encrypt_loop(void *args)
{
return 1;
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
SM9PublicParameters **sm9 = tempargs->sm9mpk;
unsigned char *sm9cipher = tempargs->buf2;
size_t *sm9cipherlen = &tempargs->cipherlen;
int ret, count;
for (count = 0; COND(sm9enc_c[testnum][0]); count++) {
*sm9cipherlen = BUFSIZE;
ret = SM9_encrypt(NID_sm3, buf, 32, sm9cipher,
sm9cipherlen, sm9[testnum], sm9enc_id, sm9enc_idlen);
if (ret == 0) {
BIO_printf(bio_err, "SM9 encrypt failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
}
return count;
}
static int SM9_decrypt_loop(void *args)
{
return 1;
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
SM9PrivateKey **sm9 = tempargs->sm9sk;
unsigned char *sm9cipher = tempargs->buf2;
size_t sm9cipherlen = tempargs->cipherlen;
int ret, count;
for (count = 0; COND(sm9enc_c[testnum][0]); count++) {
size_t len = sm9cipherlen;
ret = SM9_decrypt(NID_sm3, sm9cipher, sm9cipherlen,
buf, &len, sm9[testnum]);
if (ret == 0) {
BIO_printf(bio_err, "SM9 decrypt failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
}
return count;
}
#endif
@@ -1506,7 +1573,6 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_ZUC
ZUC_KEY zuc_ks;
ZUC256_KEY zuc256_ks;
#endif
#ifndef OPENSSL_NO_BF
BF_KEY bf_ks;
@@ -1642,6 +1708,12 @@ int speed_main(int argc, char **argv)
static const int test_sm9_curves_bits[SM9_NUM] = {
256,
};
static const int test_sm9_scheme[SM9_NUM] = {
NID_sm9sign,
};
static const int test_sm9_hash1[SM9_NUM] = {
NID_sm9hash1_with_sm3,
};
int sm9sign_doit[SM9_NUM] = { 0 };
int sm9enc_doit[SM9_NUM] = { 0 };
#endif
@@ -2001,7 +2073,6 @@ int speed_main(int argc, char **argv)
#endif
#ifndef OPENSSL_NO_ZUC
ZUC_set_key(&zuc_ks, key16, iv);
ZUC256_set_key(&zuc256_ks, key32, iv);
#endif
#ifndef OPENSSL_NO_RC4
RC4_set_key(&rc4_ks, 16, key16);
@@ -2064,7 +2135,6 @@ int speed_main(int argc, char **argv)
c[D_SM3][0] = count;
c[D_CBC_SMS4][0] = count;
c[D_ZUC][0] = count;
c[D_ZUC256][0] = count;
for (i = 1; i < SIZE_NUM; i++) {
long l0, l1;
@@ -2107,7 +2177,6 @@ int speed_main(int argc, char **argv)
c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
c[D_CBC_SMS4][i] = c[D_CBC_SMS4][i - 1] * l0 / l1;
c[D_ZUC][i] = c[D_ZUC][i - 1] * l0 / l1;
c[D_ZUC256][i] = c[D_ZUC256][i - 1] * l0 / l1;
}
# ifndef OPENSSL_NO_RSA
@@ -2627,22 +2696,6 @@ int speed_main(int argc, char **argv)
print_result(D_ZUC, testnum, count, d);
}
}
if (doit[D_ZUC256]) {
if (async_jobs > 0) {
BIO_printf(bio_err, "Async mode is not supported with %s\n",
names[D_ZUC256]);
doit[D_ZUC256] = 0;
}
for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) {
print_message(names[D_ZUC256], c[D_ZUC256][testnum], lengths[testnum]);
Time_F(START);
for (count = 0, run = 1; COND(c[D_ZUC256][testnum]); count++)
ZUC256_generate_keystream(&zuc256_ks, lengths[testnum]/4,
(unsigned int *)loopargs[0].buf);
d = Time_F(STOP);
print_result(D_ZUC256, testnum, count, d);
}
}
#endif
#ifndef OPENSSL_NO_RC2
if (doit[D_CBC_RC2]) {
@@ -3281,7 +3334,181 @@ int speed_main(int argc, char **argv)
#endif /* OPENSSL_NO_SM2 */
#ifndef OPENSSL_NO_SM9
//FIXME: this is the core code,
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
}
for (testnum = 0; testnum < SM9_NUM; testnum++) {
int st = 1;
if (!sm9sign_doit[testnum])
continue; /* Ignore Curve */
for (i = 0; i < loopargs_len; i++) {
loopargs[i].sm9mst[testnum] = SM9_generate_master_secret(test_sm9_curves[testnum],
test_sm9_scheme[testnum], test_sm9_hash1[testnum]);
if (loopargs[i].sm9mst[testnum] == NULL) {
st = 0;
break;
}
}
if (st == 0) {
BIO_printf(bio_err, "SM9 failure.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
for (i = 0; i < loopargs_len; i++) {
/* Perform SM9 signature test */
loopargs[i].sm9sk[testnum] = SM9_extract_private_key(loopargs[i].sm9mst[testnum], sm9verify_id, sm9verify_idlen);
st = SM9_sign(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2,
&loopargs[i].siglen, loopargs[i].sm9sk[testnum]);
if (st == 0)
break;
}
if (st == 0) {
BIO_printf(bio_err,
"SM9 sign failure. No SM9 sign will be done.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
pkey_print_message("sign", "sm9",
sm9sign_c[testnum][0],
test_sm9_curves_bits[testnum], ECDSA_SECONDS);
Time_F(START);
count = run_benchmark(async_jobs, SM9_sign_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R7:%ld:%d:%.2f\n" :
"%ld %d bit SM9 signs in %.2fs \n",
count, test_sm9_curves_bits[testnum], d);
sm9sign_results[testnum][0] = d / (double)count;
rsa_count = count;
}
/* Perform SM9 verification test */
for (i = 0; i < loopargs_len; i++) {
loopargs[i].sm9mpk[testnum] = SM9_extract_public_parameters(loopargs[i].sm9mst[testnum]);
st = SM9_verify(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2,
loopargs[i].siglen, loopargs[i].sm9mpk[testnum], sm9verify_id, sm9verify_idlen);
if (st != 1)
break;
}
if (st != 1) {
BIO_printf(bio_err,
"SM9 verify failure. No SM9 verify will be done.\n");
ERR_print_errors(bio_err);
sm9sign_doit[testnum] = 0;
} else {
pkey_print_message("verify", "sm9",
sm9sign_c[testnum][1],
test_sm9_curves_bits[testnum], ECDSA_SECONDS);
Time_F(START);
count = run_benchmark(async_jobs, SM9_verify_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R8:%ld:%d:%.2f\n"
: "%ld %d bit SM9 verify in %.2fs\n",
count, test_sm9_curves_bits[testnum], d);
sm9sign_results[testnum][1] = d / (double)count;
}
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
for (testnum++; testnum < SM9_NUM; testnum++)
sm9sign_doit[testnum] = 0;
}
}
}
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
}
for (testnum = 0; testnum < SM9_NUM; testnum++) {
int st = 1;
if (!sm9enc_doit[testnum])
continue;
for (i = 0; i < loopargs_len; i++) {
loopargs[i].sm9mst[testnum] = SM9_generate_master_secret(test_sm9_curves[testnum],
test_sm9_scheme[testnum], test_sm9_hash1[testnum]);
if (loopargs[i].sm9mst[testnum] == NULL) {
st = 0;
break;
}
}
if (st == 0) {
BIO_printf(bio_err, "SM9 failure.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
for (i = 0; i < loopargs_len; i++) {
/* these 2 lines should be modified ? */
/*if (!nopre)
EC_KEY_precompute_mult(loopargs[i].sm9[testnum], NULL);*/
/* Perform SM9 encryption test */
loopargs[i].sm9mpk[testnum] = SM9_extract_public_parameters(loopargs[i].sm9mst[testnum]);
loopargs[i].cipherlen = BUFSIZE;
st = SM9_encrypt(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2,
&loopargs[i].cipherlen, loopargs[i].sm9mpk[testnum], sm9enc_id, sm9enc_idlen);
if (st == 0)
break;
}
if (st == 0) {
BIO_printf(bio_err,
"SM9 encryption failure. No SM9 encryption will be done.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
pkey_print_message("encrypt", "sm9",
sm9enc_c[testnum][0],
test_sm9_curves_bits[testnum], ECDSA_SECONDS);
Time_F(START);
count = run_benchmark(async_jobs, SM9_encrypt_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R7:%ld:%d:%.2f\n" :
"%ld %d bit SM9 encrypt in %.2fs \n",
count, test_sm9_curves_bits[testnum], d);
sm9enc_results[testnum][0] = d / (double)count;
rsa_count = count;
}
/* Perform SM9 verification test */
for (i = 0; i < loopargs_len; i++) {
loopargs[i].sm9sk[testnum] = SM9_extract_private_key(loopargs[i].sm9mst[testnum], sm9enc_id, sm9enc_idlen);
size_t len = loopargs[i].cipherlen;
st = SM9_decrypt(NID_sm3, loopargs[i].buf2, loopargs[i].cipherlen,
loopargs[i].buf, &len, loopargs[i].sm9sk[testnum]);
if (st == 0)
break;
}
if (st != 1) {
BIO_printf(bio_err,
"SM9 decrypt failure. No SM9 decrypt will be done.\n");
ERR_print_errors(bio_err);
sm9enc_doit[testnum] = 0;
} else {
pkey_print_message("decrypt", "sm9",
sm9enc_c[testnum][1],
test_sm9_curves_bits[testnum], ECDSA_SECONDS);
Time_F(START);
count = run_benchmark(async_jobs, SM9_decrypt_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R8:%ld:%d:%.2f\n"
: "%ld %d bit SM9 decrypt in %.2fs\n",
count, test_sm9_curves_bits[testnum], d);
sm9enc_results[testnum][1] = d / (double)count;
}
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
for (testnum++; testnum < SM9_NUM; testnum++)
sm9sign_doit[testnum] = 0;
}
}
}
#endif /* OPENSSL_NO_SM9 */
#ifndef NO_FORK
@@ -3552,6 +3779,7 @@ int speed_main(int argc, char **argv)
for (k = 0; k < SM9_NUM; k++) {
SM9PublicParameters_free(loopargs[i].sm9mpk[k]);
SM9PrivateKey_free(loopargs[i].sm9sk[k]);
SM9MasterSecret_free(loopargs[i].sm9mst[k]);
}
#endif
}

5
crypto/sm9/sm9_keygen.c
View File

@@ -50,6 +50,8 @@
#include <string.h>
#include <openssl/err.h>
#include <openssl/sm9.h>
#include <openssl/ec_type1.h>
#include <openssl/bn_hash.h>
#include "sm9_lcl.h"
@@ -302,7 +304,8 @@ SM9_KEY *SM9_MASTER_KEY_extract_key(SM9_MASTER_KEY *master,
sk = NULL;
end:
EC_GROUP_free(group);
SM9PrivateKey_free(sk);
EC_GROUP_clear_free(group);
if (ctx) {
BN_CTX_end(ctx);
}

97
crypto/sm9/sm9_rate.c
View File

@@ -166,7 +166,6 @@ static int fp2_equ(const fp2_t a, const fp2_t b)
return !BN_cmp(a[0], b[0]) && !BN_cmp(a[1], b[1]);
}
#if SM9_TEST
static int fp2_equ_hex(const fp2_t a, const char *str[2], BN_CTX *ctx)
{
fp2_t t;
@@ -174,9 +173,7 @@ static int fp2_equ_hex(const fp2_t a, const char *str[2], BN_CTX *ctx)
fp2_set_hex(t, str);
return fp2_equ(a, t);
}
#endif
#if SM9_TEST
static int fp2_add_word(fp2_t r, const fp2_t a, unsigned long b, const BIGNUM *p, BN_CTX *ctx)
{
BIGNUM *w = NULL;
@@ -190,7 +187,6 @@ static int fp2_add_word(fp2_t r, const fp2_t a, unsigned long b, const BIGNUM *p
BN_free(w);
return 1;
}
#endif
static int fp2_add(fp2_t r, const fp2_t a, const fp2_t b, const BIGNUM *p, BN_CTX *ctx)
{
@@ -303,7 +299,7 @@ static int fp2_mul_num(fp2_t r, const fp2_t a, const BIGNUM *n, const BIGNUM *p,
BIGNUM *r1 = NULL;
if (!(r0 = BN_CTX_get(ctx))
|| !(r1 = BN_CTX_get(ctx))
|| !BN_mod_mul(r0, a[0], n, p, ctx)
|| !BN_mod_mul(r1, a[1], n, p, ctx)
@@ -430,13 +426,11 @@ static int fp2_inv(fp2_t r, const fp2_t a, const BIGNUM *p, BN_CTX *ctx)
return 1;
}
#if SM9_TEST
static int fp2_div(fp2_t r, const fp2_t a, const fp2_t b, const BIGNUM *p, BN_CTX *ctx)
{
return fp2_inv(r, b, p, ctx)
&& fp2_mul(r, a, r, p, ctx);
}
#endif
static int fp2_to_bin(const fp2_t a, unsigned char to[64])
{
@@ -449,10 +443,9 @@ static int fp2_to_bin(const fp2_t a, unsigned char to[64])
static int fp2_from_bin(fp2_t a, const unsigned char from[64])
{
return BN_bin2bn(from, 32, a[1])
&& BN_bin2bn(from + 32, 32, a[0]);
&& BN_bin2bn(from + 32, 32, a[0]);
}
#if SM9_TEST
static int fp2_test(const BIGNUM *p, BN_CTX *ctx)
{
const char *_a[] = {
@@ -547,7 +540,7 @@ static int fp2_test(const BIGNUM *p, BN_CTX *ctx)
fp2_sqr_u(r, a, p, ctx);
ok = fp2_equ_hex(r, sqru_a, ctx);
printf("fp2 test %d: %s\n", __LINE__, ok ? "ok" : "error");
fp2_inv(r, a, p, ctx);
ok = fp2_equ_hex(r, inv_a, ctx);
printf("fp2 test %d: %s\n", __LINE__, ok ? "ok" : "error");
@@ -568,7 +561,6 @@ static int fp2_test(const BIGNUM *p, BN_CTX *ctx)
return 1;
}
#endif
static int fp4_init(fp4_t a, BN_CTX *ctx)
{
@@ -588,13 +580,11 @@ static void fp4_cleanup(fp4_t a)
fp2_cleanup(a[1]);
}
#if SM9_TEST
static void fp4_clear_cleanup(fp4_t a)
{
fp2_clear_cleanup(a[0]);
fp2_clear_cleanup(a[1]);
}
#endif
static int fp4_print(const fp4_t a)
{
@@ -682,7 +672,6 @@ static int fp4_equ(const fp4_t a, const fp4_t b)
&& fp2_equ(a[1], b[1]);
}
#if SM9_TEST
static int fp4_equ_hex(const fp4_t a, const char *str[4], BN_CTX *ctx)
{
fp4_t t;
@@ -690,7 +679,6 @@ static int fp4_equ_hex(const fp4_t a, const char *str[4], BN_CTX *ctx)
fp4_set_hex(t, str);
return fp4_equ(a, t);
}
#endif
static int fp4_to_bin(const fp4_t a, unsigned char to[128])
{
@@ -875,7 +863,6 @@ static int fp4_inv(fp4_t r, const fp4_t a, const BIGNUM *p, BN_CTX *ctx)
return 1;
}
#if SM9_TEST
static int fp4_test(const BIGNUM *p, BN_CTX *ctx)
{
const char *_a[] = {
@@ -1012,7 +999,6 @@ static int fp4_test(const BIGNUM *p, BN_CTX *ctx)
return 0;
}
#endif
int fp12_init(fp12_t a, BN_CTX *ctx)
{
@@ -1035,14 +1021,12 @@ void fp12_cleanup(fp12_t a)
fp4_cleanup(a[2]);
}
#if SM9_TEST
static void fp12_clear_cleanup(fp12_t a)
{
fp4_clear_cleanup(a[0]);
fp4_clear_cleanup(a[1]);
fp4_clear_cleanup(a[2]);
}
#endif
int fp12_print(const fp12_t a)
{
@@ -1052,7 +1036,6 @@ int fp12_print(const fp12_t a)
return 1;
}
#if SM9_TEST
static int fp12_is_zero(const fp12_t a)
{
return fp4_is_zero(a[0])
@@ -1073,7 +1056,6 @@ static void fp12_set_zero(fp12_t r)
fp4_set_zero(r[1]);
fp4_set_zero(r[2]);
}
#endif
static int fp12_set_one(fp12_t r)
{
@@ -1089,14 +1071,12 @@ static int fp12_copy(fp12_t r, const fp12_t a)
&& fp4_copy(r[2], a[2]);
}
#if SM9_TEST
static int fp12_set(fp12_t r, const fp4_t a0, const fp4_t a1, const fp4_t a2)
{
return fp4_copy(r[0], a0)
&& fp4_copy(r[1], a1)
&& fp4_copy(r[2], a2);
}
#endif
static int fp12_set_hex(fp12_t r, const char *str[12])
{
@@ -1105,14 +1085,12 @@ static int fp12_set_hex(fp12_t r, const char *str[12])
&& fp4_set_hex(r[2], str + 8);
}
#if SM9_TEST
static int fp12_set_fp4(fp12_t r, const fp4_t a)
{
fp4_set_zero(r[1]);
fp4_set_zero(r[2]);
return fp4_copy(r[0], a);
}
#endif
static int fp12_set_fp2(fp12_t r, const fp2_t a)
{
@@ -1128,7 +1106,6 @@ static int fp12_set_bn(fp12_t r, const BIGNUM *a)
return fp4_set_bn(r[0], a);
}
#if SM9_TEST
static int fp12_set_word(fp12_t r, unsigned long a)
{
fp4_set_zero(r[1]);
@@ -1142,7 +1119,6 @@ static int fp12_set_u(fp12_t r)
fp4_set_zero(r[2]);
return fp4_set_u(r[0]);
}
#endif
static int fp12_set_v(fp12_t r)
{
@@ -1151,14 +1127,12 @@ static int fp12_set_v(fp12_t r)
return fp4_set_v(r[0]);
}
#if SM9_TEST
static int fp12_set_w(fp12_t r)
{
fp4_set_zero(r[0]);
fp4_set_zero(r[2]);
return fp4_set_one(r[1]);
}
#endif
static int fp12_set_w_sqr(fp12_t r)
{
@@ -1174,7 +1148,6 @@ static int fp12_equ(const fp12_t a, const fp12_t b)
&& fp4_equ(a[2], b[2]);
}
#if SM9_TEST
static int fp12_equ_hex(const fp12_t a, const char *str[12], BN_CTX *ctx)
{
fp12_t t;
@@ -1182,7 +1155,6 @@ static int fp12_equ_hex(const fp12_t a, const char *str[12], BN_CTX *ctx)
fp12_set_hex(t, str);
return fp12_equ(a, t);
}
#endif
int fp12_to_bin(const fp12_t a, unsigned char to[384])
{
@@ -1193,13 +1165,14 @@ int fp12_to_bin(const fp12_t a, unsigned char to[384])
static int fp12_from_bin(fp4_t a, const unsigned char from[384])
{
return fp4_from_bin(&a[2], from)
&& fp4_from_bin(&a[1], from + 128)
&& fp4_from_bin(&a[0], from + 256);
return fp4_from_bin(a[2], from)
&& fp4_from_bin(a[1], from + 128)
&& fp4_from_bin(a[0], from + 256);
}
static int fp12_add(fp12_t r, const fp12_t a, const fp12_t b, const BIGNUM *p, BN_CTX *ctx)
{
return fp4_add(r[0], a[0], b[0], p, ctx)
&& fp4_add(r[1], a[1], b[1], p, ctx)
&& fp4_add(r[2], a[2], b[2], p, ctx);
@@ -1216,7 +1189,7 @@ static int fp12_tri(fp12_t r, const fp12_t a, const BIGNUM *p, BN_CTX *ctx)
{
fp12_t t;
fp12_init(t, ctx);
if (!fp12_dbl(t, a, p, ctx)
|| !fp12_add(r, t, a, p, ctx)) {
fp12_cleanup(t);
@@ -1350,7 +1323,7 @@ static int fp12_inv(fp12_t r, const fp12_t a, const BIGNUM *p, BN_CTX *ctx)
|| !fp4_mul(t, t, a[1], p, ctx)
|| !fp4_add(k, k, t, p, ctx)
|| !fp4_inv(k, k, p, ctx)
/* r2 = a1^2 * k */
|| !fp4_sqr(r[2], a[1], p, ctx)
|| !fp4_mul(r[2], r[2], k, p, ctx)
@@ -1375,12 +1348,12 @@ static int fp12_inv(fp12_t r, const fp12_t a, const BIGNUM *p, BN_CTX *ctx)
return 1;
} else {
fp4_t t0, t1, t2, t3;
if (!(fp4_init(t0, ctx))
|| !(fp4_init(t1, ctx)) //FIXME
|| !(fp4_init(t2, ctx))
|| !(fp4_init(t2, ctx))
|| !(fp4_init(t3, ctx))
/* t0 = a1^2 - a0 * a2 */
@@ -1404,7 +1377,7 @@ static int fp12_inv(fp12_t r, const fp12_t a, const BIGNUM *p, BN_CTX *ctx)
|| !fp4_sub(t3, t3, r[0], p, ctx)
|| !fp4_inv(t3, t3, p, ctx)
|| !fp4_mul(t3, a[2], t3, p, ctx)
/* r0 = t2 * t3 */
|| !fp4_mul(r[0], t2, t3, p, ctx)
@@ -1470,8 +1443,6 @@ int fp12_pow(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p, BN_CTX
}
fp12_copy(r, t);
fp12_cleanup(t);
return 1;
}
@@ -1495,20 +1466,19 @@ static int fp12_fast_expo_p2(fp12_t r, const fp12_t a, const BIGNUM *p, BN_CTX *
pw21 = SM9_get0_fast_final_exponent_p21();
pw22 = SM9_get0_fast_final_exponent_p22();
pw23 = SM9_get0_fast_final_exponent_p23();
if(!fp2_copy(r[0][0], a[0][0])
|| !fp2_neg (r[0][1], a[0][1], p, ctx)
|| !fp2_mul_num(r[1][0], a[1][0], pw20, p, ctx)
|| !fp2_mul_num(r[1][1], a[1][1], pw21, p, ctx)
|| !fp2_mul_num(r[2][0], a[2][0], pw22, p, ctx)
|| !fp2_mul_num(r[2][1], a[2][1], pw23, p, ctx)) {
return 0;
}
return 1;
}
#if SM9_TEST
static int fp12_test(const BIGNUM *p, BN_CTX *ctx)
{
const char *_a[] = {
@@ -1792,7 +1762,6 @@ static int fp12_test(const BIGNUM *p, BN_CTX *ctx)
return 0;
}
#endif
int point_init(point_t *P, BN_CTX *ctx)
{
@@ -1971,7 +1940,7 @@ int point_is_on_curve(point_t *P, const BIGNUM *p, BN_CTX *ctx)
if (!r) {
goto end;
}
fp2_set_5u(b);
if (!point_get_affine_coordinates(P, x, y)
@@ -2010,7 +1979,7 @@ int point_to_octets(const point_t *P, unsigned char to[129], BN_CTX *ctx)
fp2_to_bin(y, to + 65);
fp2_cleanup(x);
fp2_cleanup(y);
}
}
return 1;
}
@@ -2121,7 +2090,7 @@ int point_add(point_t *R, const point_t *P, const point_t *Q, const BIGNUM *p, B
if (!point_get_affine_coordinates(P, x1, y1)
|| !point_get_affine_coordinates(Q, x2, y2)
|| !fp2_add(t, y1, y2, p, ctx)) {
|| !fp2_add(t, y1, y2, p, ctx)) {
goto end;
}
@@ -2226,7 +2195,6 @@ int point_mul_generator(point_t *R, const BIGNUM *k, const BIGNUM *p, BN_CTX *ct
return point_mul(R, k, &G, p, ctx);
}
#if SM9_TEST
static int point_test(const BIGNUM *p, BN_CTX *ctx)
{
const char *_G[] = {
@@ -2295,7 +2263,7 @@ static int point_test(const BIGNUM *p, BN_CTX *ctx)
printf("point test %d: %s\n", __LINE__, ok ? "ok" : "error");
point_sub(&P, &P, &G, p, ctx);
ok = point_equ_hex(&P, sub_3G_G, ctx);
ok = point_equ_hex(&P, sub_3G_G, ctx);
printf("point test %d: %s\n", __LINE__, ok ? "ok" : "error");
point_neg(&P, &G, p, ctx);
@@ -2322,12 +2290,11 @@ static int point_test(const BIGNUM *p, BN_CTX *ctx)
ok = point_equ(&P, &G);
printf("point test %d: %s\n", __LINE__, ok ? "ok" : "error");
//fp12_cleanup(x);
//fp12_cleanup(y);
return 1;
return 1;
}
#endif
static int eval_tangent(fp12_t r, const point_t *T, const BIGNUM *xP, const BIGNUM *yP,
const BIGNUM *p, BN_CTX *ctx)
@@ -2348,7 +2315,7 @@ static int eval_tangent(fp12_t r, const point_t *T, const BIGNUM *xP, const BIGN
}
point_get_ext_affine_coordinates(T, xT, yT, p, ctx);
ret = 0;
if (!fp12_set_bn(x, xP)
|| !fp12_set_bn(y, yP)
@@ -2376,14 +2343,14 @@ end:
return ret;
}
static int eval_line(fp12_t r, const point_t *T, const point_t *Q,
static int eval_line(fp12_t r, const point_t *T, const point_t *Q,
const BIGNUM *xP, const BIGNUM *yP,
const BIGNUM *p, BN_CTX *ctx)
{
int ret;
fp12_t x, y, lambda, t;
fp12_t xT, yT, xQ, yQ;
ret = 1;
ret &= fp12_init(x, ctx);
ret &= fp12_init(y, ctx);
@@ -2478,8 +2445,6 @@ static int final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p
}
}
fp12_copy(r, t);
fp12_cleanup(t);
return 1;
}
@@ -2513,11 +2478,11 @@ static int fast_final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGN
if (!fp12_copy(t0, t)) {
return 0;
}
if(!fp12_fast_expo_p2(t, t, p, ctx)){
return 0;
}
if (!fp12_mul(t, t0, t, p, ctx)) {
return 0;
}
@@ -2538,9 +2503,6 @@ static int fast_final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGN
}
}
fp12_copy(r, t);
fp12_cleanup(t);
fp12_cleanup(t0);
return 1;
}
@@ -2555,7 +2517,7 @@ static int rate(fp12_t f, const point_t *Q, const BIGNUM *xP, const BIGNUM *yP,
memset(&T, 0, sizeof(T));
memset(&Q1, 0, sizeof(Q1));
memset(&Q2, 0, sizeof(Q2));
point_init(&T, ctx);
point_init(&Q1, ctx);
point_init(&Q2, ctx);
@@ -2620,7 +2582,7 @@ static int rate(fp12_t f, const point_t *Q, const BIGNUM *xP, const BIGNUM *yP,
eval_line(g, &T, &Q2, xP, yP, p, ctx);
fp12_mul(f, f, g, p, ctx);
/* T = T - Q2 */
/* T = T - Q2 */
point_add(&T, &T, &Q2, p, ctx);
#ifdef NOSM9_FAST
@@ -2697,10 +2659,10 @@ int rate_pairing(fp12_t r, const point_t *Q, const EC_POINT *P, BN_CTX *ctx)
BN_free(xP);
BN_free(yP);
EC_GROUP_clear_free(group);
return ret;
}
#if SM9_TEST
static int rate_test(void)
{
const char *Ppubs_str[] = {
@@ -2738,7 +2700,7 @@ static int rate_test(void)
point_set_affine_coordinates_hex(&Ppubs, Ppubs_str);
fp12_init(g, ctx);
rate_pairing(g, &Ppubs, P1, ctx);
rate_pairing(g, &Ppubs, P1, ctx);
ok = fp12_equ_hex(g, g_str, ctx);
printf("rate %d: %s\n", __LINE__, ok ? "ok" : "error");
@@ -2750,7 +2712,6 @@ static int rate_test(void)
return 1;
}
#endif
/* for SM9 sign, the (xP, yP) is the fixed generator of E(Fp)
*/

8
crypto/sm9/sm9_sign.c
View File

@@ -51,6 +51,8 @@
#include <openssl/err.h>
#include <openssl/sm9.h>
#include <openssl/ec.h>
#include <openssl/ec_type1.h>
#include <openssl/bn_gfp2.h>
#include "sm9_lcl.h"
@@ -196,6 +198,8 @@ end:
BN_free(r);
point_cleanup(&Ppubs);
fp12_cleanup(w);
BN_CTX_end(bn_ctx);
BN_CTX_free(bn_ctx);
return ret;
}
@@ -353,9 +357,7 @@ end:
point_cleanup(&P);
fp12_cleanup(w);
fp12_cleanup(u);
if (bn_ctx) {
BN_CTX_end(bn_ctx);
}
BN_CTX_end(bn_ctx);
BN_CTX_free(bn_ctx);
return ret;
}