abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 08:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:liushaotong/GmSSL

Browse Source
This commit is contained in:
Liu Shaotong
2017-07-10 15:49:50 +08:00
parent 924d073694 f51e4f1a21
commit 707a8f5d53
24 changed files with 21 additions and 14760 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
crypto/sm2/miracl/mralloc.c
View File

@@ -1,85 +0,0 @@
/***************************************************************************
*
Copyright 2013 CertiVox IOM Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL memory allocation routines
* mralloc.c
*
* MIRACL C Memory allocation/deallocation
* Can be replaced with special user-defined routines
* Default is to standard system routines
*
* NOTE: uses calloc() which initialises memory to Zero, so make sure
* any substituted routine does the same!
*/
#include <openssl/miracl.h>
#include <stdlib.h>
#ifndef MR_STATIC
miracl *mr_first_alloc()
{
return (miracl *)calloc(1,sizeof(miracl));
}
void *mr_alloc(_MIPD_ int num,int size)
{
char *p;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip==NULL)
{
p=(char *)calloc(num,size);
return (void *)p;
}
if (mr_mip->ERNUM) return NULL;
p=(char *)calloc(num,size);
if (p==NULL) mr_berror(_MIPP_ MR_ERR_OUT_OF_MEMORY);
return (void *)p;
}
void mr_free(void *addr)
{
if (addr==NULL) return;
free(addr);
return;
}
#endif

320
crypto/sm2/miracl/mrarth0.c
View File

@@ -1,320 +0,0 @@
/***************************************************************************
*
Copyright 2013 CertiVox IOM Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL arithmetic routines 0 - Add and subtract routines
* mrarth0.c
*
*/
#include <openssl/miracl.h>
void mr_padd(_MIPD_ big x,big y,big z)
{ /* add two big numbers, z=x+y where *
* x and y are positive */
int i,lx,ly,lz,la;
mr_small carry,psum;
mr_small *gx,*gy,*gz;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
lx = (int)x->len;
ly = (int)y->len;
if (ly>lx)
{
lz=ly;
la=lx;
if (x!=z) copy(y,z);
else la=ly;
}
else
{
lz=lx;
la=ly;
if (y!=z) copy(x,z);
else la=lx;
}
carry=0;
z->len=lz;
gx=x->w; gy=y->w; gz=z->w;
if (lz<mr_mip->nib || !mr_mip->check) z->len++;
#ifndef MR_SIMPLE_BASE
if (mr_mip->base==0)
{
#endif
for (i=0;i<la;i++)
{ /* add by columns to length of the smaller number */
psum=gx[i]+gy[i]+carry;
if (psum>gx[i]) carry=0;
else if (psum<gx[i]) carry=1;
gz[i]=psum;
}
for (;i<lz && carry>0;i++ )
{ /* add by columns to the length of larger number (if there is a carry) */
psum=gx[i]+gy[i]+carry;
if (psum>gx[i]) carry=0;
else if (psum<gx[i]) carry=1;
gz[i]=psum;
}
if (carry)
{ /* carry left over - possible overflow */
if (mr_mip->check && i>=mr_mip->nib)
{
mr_berror(_MIPP_ MR_ERR_OVERFLOW);
return;
}
gz[i]=carry;
}
#ifndef MR_SIMPLE_BASE
}
else
{
for (i=0;i<la;i++)
{ /* add by columns */
psum=gx[i]+gy[i]+carry;
carry=0;
if (psum>=mr_mip->base)
{ /* set carry */
carry=1;
psum-=mr_mip->base;
}
gz[i]=psum;
}
for (;i<lz && carry>0;i++)
{
psum=gx[i]+gy[i]+carry;
carry=0;
if (psum>=mr_mip->base)
{ /* set carry */
carry=1;
psum-=mr_mip->base;
}
gz[i]=psum;
}
if (carry)
{ /* carry left over - possible overflow */
if (mr_mip->check && i>=mr_mip->nib)
{
mr_berror(_MIPP_ MR_ERR_OVERFLOW);
return;
}
gz[i]=carry;
}
}
#endif
if (gz[z->len-1]==0) z->len--;
}
void mr_psub(_MIPD_ big x,big y,big z)
{ /* subtract two big numbers z=x-y *
* where x and y are positive and x>y */
int i,lx,ly;
mr_small borrow,pdiff;
mr_small *gx,*gy,*gz;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
lx = (int)x->len;
ly = (int)y->len;
if (ly>lx)
{
mr_berror(_MIPP_ MR_ERR_NEG_RESULT);
return;
}
if (y!=z) copy(x,z);
else ly=lx;
z->len=lx;
gx=x->w; gy=y->w; gz=z->w;
borrow=0;
#ifndef MR_SIMPLE_BASE
if (mr_mip->base==0)
{
#endif
for (i=0;i<ly || borrow>0;i++)
{ /* subtract by columns */
if (i>lx)
{
mr_berror(_MIPP_ MR_ERR_NEG_RESULT);
return;
}
pdiff=gx[i]-gy[i]-borrow;
if (pdiff<gx[i]) borrow=0;
else if (pdiff>gx[i]) borrow=1;
gz[i]=pdiff;
}
#ifndef MR_SIMPLE_BASE
}
else for (i=0;i<ly || borrow>0;i++)
{ /* subtract by columns */
if (i>lx)
{
mr_berror(_MIPP_ MR_ERR_NEG_RESULT);
return;
}
pdiff=gy[i]+borrow;
borrow=0;
if (gx[i]>=pdiff) pdiff=gx[i]-pdiff;
else
{ /* set borrow */
pdiff=mr_mip->base+gx[i]-pdiff;
borrow=1;
}
gz[i]=pdiff;
}
#endif
mr_lzero(z);
}
static void mr_select(_MIPD_ big x,int d,big y,big z)
{ /* perform required add or subtract operation */
int sx,sy,sz,jf,xgty;
#ifdef MR_FLASH
if (mr_notint(x) || mr_notint(y))
{
mr_berror(_MIPP_ MR_ERR_INT_OP);
return;
}
#endif
sx=exsign(x);
sy=exsign(y);
sz=0;
x->len&=MR_OBITS; /* force operands to be positive */
y->len&=MR_OBITS;
xgty=mr_compare(x,y);
jf=(1+sx)+(1+d*sy)/2;
switch (jf)
{ /* branch according to signs of operands */
case 0:
if (xgty>=0)
mr_padd(_MIPP_ x,y,z);
else
mr_padd(_MIPP_ y,x,z);
sz=MINUS;
break;
case 1:
if (xgty<=0)
{
mr_psub(_MIPP_ y,x,z);
sz=PLUS;
}
else
{
mr_psub(_MIPP_ x,y,z);
sz=MINUS;
}
break;
case 2:
if (xgty>=0)
{
mr_psub(_MIPP_ x,y,z);
sz=PLUS;
}
else
{
mr_psub(_MIPP_ y,x,z);
sz=MINUS;
}
break;
case 3:
if (xgty>=0)
mr_padd(_MIPP_ x,y,z);
else
mr_padd(_MIPP_ y,x,z);
sz=PLUS;
break;
}
if (sz<0) z->len^=MR_MSBIT; /* set sign of result */
if (x!=z && sx<0) x->len^=MR_MSBIT; /* restore signs to operands */
if (y!=z && y!=x && sy<0) y->len^=MR_MSBIT;
}
void add(_MIPD_ big x,big y,big z)
{ /* add two signed big numbers together z=x+y */
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(27)
mr_select(_MIPP_ x,PLUS,y,z);
MR_OUT
}
void subtract(_MIPD_ big x,big y,big z)
{ /* subtract two big signed numbers z=x-y */
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(28)
mr_select(_MIPP_ x,MINUS,y,z);
MR_OUT
}
void incr(_MIPD_ big x,int n,big z)
{ /* add int to big number: z=x+n */
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(7)
convert(_MIPP_ n,mr_mip->w0);
mr_select(_MIPP_ x,PLUS,mr_mip->w0,z);
MR_OUT
}
void decr(_MIPD_ big x,int n,big z)
{ /* subtract int from big number: z=x-n */
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(8)
convert(_MIPP_ n,mr_mip->w0);
mr_select(_MIPP_ x,MINUS,mr_mip->w0,z);
MR_OUT
}

1068
crypto/sm2/miracl/mrarth1.c
View File

File diff suppressed because it is too large Load Diff

1584
crypto/sm2/miracl/mrarth2.c
View File

File diff suppressed because it is too large Load Diff

231
crypto/sm2/miracl/mrarth3.c
View File

@@ -1,231 +0,0 @@
/***************************************************************************
*
Copyright 2013 CertiVox IOM Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL arithmetic routines 3 - simple powers and roots
* mrarth3.c
*/
#include <stdlib.h>
#include <openssl/miracl.h>
void expint(_MIPD_ int b,int n,big x)
{ /* sets x=b^n */
unsigned int bit,un;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
convert(_MIPP_ 1,x);
if (n==0) return;
MR_IN(50)
if (n<0)
{
mr_berror(_MIPP_ MR_ERR_NEG_POWER);
MR_OUT
return;
}
if (b==2) expb2(_MIPP_ n,x);
else
{
bit=1;
un=(unsigned int)n;
while (un>=bit) bit<<=1;
bit>>=1;
while (bit>0)
{ /* ltr method */
multiply(_MIPP_ x,x,x);
if ((bit&un)!=0) premult(_MIPP_ x,b,x);
bit>>=1;
}
}
MR_OUT
}
void power(_MIPD_ big x,long n,big z,big w)
{ /* raise big number to int power w=x^n *
* (mod z if z and w distinct) */
mr_small norm;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
copy(x,mr_mip->w5);
zero(w);
if(mr_mip->ERNUM || size(mr_mip->w5)==0) return;
convert(_MIPP_ 1,w);
if (n==0L) return;
MR_IN(17)
if (n<0L)
{
mr_berror(_MIPP_ MR_ERR_NEG_POWER);
MR_OUT
return;
}
if (w==z) forever
{ /* "Russian peasant" exponentiation */
if (n%2!=0L)
multiply(_MIPP_ w,mr_mip->w5,w);
n/=2L;
if (mr_mip->ERNUM || n==0L) break;
multiply(_MIPP_ mr_mip->w5,mr_mip->w5,mr_mip->w5);
}
else
{
norm=normalise(_MIPP_ z,z);
divide(_MIPP_ mr_mip->w5,z,z);
forever
{
if (mr_mip->user!=NULL) (*mr_mip->user)();
if (n%2!=0L) mad(_MIPP_ w,mr_mip->w5,mr_mip->w5,z,z,w);
n/=2L;
if (mr_mip->ERNUM || n==0L) break;
mad(_MIPP_ mr_mip->w5,mr_mip->w5,mr_mip->w5,z,z,mr_mip->w5);
}
if (norm!=1)
{
#ifdef MR_FP_ROUNDING
mr_sdiv(_MIPP_ z,norm,mr_invert(norm),z);
#else
mr_sdiv(_MIPP_ z,norm,z);
#endif
divide(_MIPP_ w,z,z);
}
}
MR_OUT
}
BOOL nroot(_MIPD_ big x,int n,big w)
{ /* extract lower approximation to nth root *
* w=x^(1/n) returns TRUE for exact root *
* uses Newtons method */
int sx,dif,s,p,d,lg2,lgx,rem;
BOOL full;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return FALSE;
if (size(x)==0 || n==1)
{
copy(x,w);
return TRUE;
}
MR_IN(16)
if (n<1) mr_berror(_MIPP_ MR_ERR_BAD_ROOT);
sx=exsign(x);
if (n%2==0 && sx==MINUS) mr_berror(_MIPP_ MR_ERR_NEG_ROOT);
if (mr_mip->ERNUM)
{
MR_OUT
return FALSE;
}
insign(PLUS,x);
lgx=logb2(_MIPP_ x);
if (n>=lgx)
{ /* root must be 1 */
insign(sx,x);
convert(_MIPP_ sx,w);
MR_OUT
if (lgx==1) return TRUE;
else return FALSE;
}
expb2(_MIPP_ 1+(lgx-1)/n,mr_mip->w2); /* guess root as 2^(log2(x)/n) */
s=(-(((int)x->len-1)/n)*n);
mr_shift(_MIPP_ mr_mip->w2,s/n,mr_mip->w2);
lg2=logb2(_MIPP_ mr_mip->w2)-1;
full=FALSE;
if (s==0) full=TRUE;
d=0;
p=1;
while (!mr_mip->ERNUM)
{ /* Newtons method */
copy(mr_mip->w2,mr_mip->w3);
mr_shift(_MIPP_ x,s,mr_mip->w4);
mr_mip->check=OFF;
power(_MIPP_ mr_mip->w2,n-1,mr_mip->w6,mr_mip->w6);
mr_mip->check=ON;
divide(_MIPP_ mr_mip->w4,mr_mip->w6,mr_mip->w2);
rem=size(mr_mip->w4);
subtract(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w2);
dif=size(mr_mip->w2);
subdiv(_MIPP_ mr_mip->w2,n,mr_mip->w2);
add(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w2);
p*=2;
if(p<lg2+d*mr_mip->lg2b) continue;
if (full && mr_abs(dif)<n)
{ /* test for finished */
while (dif<0)
{
rem=0;
decr(_MIPP_ mr_mip->w2,1,mr_mip->w2);
mr_mip->check=OFF;
power(_MIPP_ mr_mip->w2,n,mr_mip->w6,mr_mip->w6);
mr_mip->check=ON;
dif=mr_compare(x,mr_mip->w6);
}
copy(mr_mip->w2,w);
insign(sx,w);
insign(sx,x);
MR_OUT
if (rem==0 && dif==0) return TRUE;
else return FALSE;
}
else
{ /* adjust precision */
d*=2;
if (d==0) d=1;
s+=d*n;
if (s>=0)
{
d-=s/n;
s=0;
full=TRUE;
}
mr_shift(_MIPP_ mr_mip->w2,d,mr_mip->w2);
}
p/=2;
}
MR_OUT
return FALSE;
}

245
crypto/sm2/miracl/mrbits.c
View File

@@ -1,245 +0,0 @@
/***************************************************************************
*
Copyright 2013 CertiVox IOM Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL bit manipulation routines
* mrbits.c
*/
#include <stdlib.h>
#include <openssl/miracl.h>
#ifdef MR_FP
#include <math.h>
#endif
int logb2(_MIPD_ big x)
{ /* returns number of bits in x */
int xl,lg2;
mr_small top;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM || size(x)==0) return 0;
MR_IN(49)
#ifndef MR_ALWAYS_BINARY
if (mr_mip->base==mr_mip->base2)
{
#endif
xl=(int)(x->len&MR_OBITS);
lg2=mr_mip->lg2b*(xl-1);
top=x->w[xl-1];
while (top>=1)
{
lg2++;
top/=2;
}
#ifndef MR_ALWAYS_BINARY
}
else
{
copy(x,mr_mip->w0);
insign(PLUS,mr_mip->w0);
lg2=0;
while (mr_mip->w0->len>1)
{
#ifdef MR_FP_ROUNDING
mr_sdiv(_MIPP_ mr_mip->w0,mr_mip->base2,mr_invert(mr_mip->base2),mr_mip->w0);
#else
mr_sdiv(_MIPP_ mr_mip->w0,mr_mip->base2,mr_mip->w0);
#endif
lg2+=mr_mip->lg2b;
}
while (mr_mip->w0->w[0]>=1)
{
lg2++;
mr_mip->w0->w[0]/=2;
}
}
#endif
MR_OUT
return lg2;
}
void sftbit(_MIPD_ big x,int n,big z)
{ /* shift x by n bits */
int m;
mr_small sm;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
copy(x,z);
if (n==0) return;
MR_IN(47)
m=mr_abs(n);
sm=mr_shiftbits((mr_small)1,m%mr_mip->lg2b);
if (n>0)
{ /* shift left */
#ifndef MR_ALWAYS_BINARY
if (mr_mip->base==mr_mip->base2)
{
#endif
mr_shift(_MIPP_ z,n/mr_mip->lg2b,z);
mr_pmul(_MIPP_ z,sm,z);
#ifndef MR_ALWAYS_BINARY
}
else
{
expb2(_MIPP_ m,mr_mip->w1);
multiply(_MIPP_ z,mr_mip->w1,z);
}
#endif
}
else
{ /* shift right */
#ifndef MR_ALWAYS_BINARY
if (mr_mip->base==mr_mip->base2)
{
#endif
mr_shift(_MIPP_ z,n/mr_mip->lg2b,z);
#ifdef MR_FP_ROUNDING
mr_sdiv(_MIPP_ z,sm,mr_invert(sm),z);
#else
mr_sdiv(_MIPP_ z,sm,z);
#endif
#ifndef MR_ALWAYS_BINARY
}
else
{
expb2(_MIPP_ m,mr_mip->w1);
divide(_MIPP_ z,mr_mip->w1,z);
}
#endif
}
MR_OUT
}
void expb2(_MIPD_ int n,big x)
{ /* sets x=2^n */
int r,p;
#ifndef MR_ALWAYS_BINARY
int i;
#endif
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
convert(_MIPP_ 1,x);
if (n==0) return;
MR_IN(149)
if (n<0)
{
mr_berror(_MIPP_ MR_ERR_NEG_POWER);
MR_OUT
return;
}
r=n/mr_mip->lg2b;
p=n%mr_mip->lg2b;
#ifndef MR_ALWAYS_BINARY
if (mr_mip->base==mr_mip->base2)
{
#endif
mr_shift(_MIPP_ x,r,x);
x->w[x->len-1]=mr_shiftbits(x->w[x->len-1],p);
#ifndef MR_ALWAYS_BINARY
}
else
{
for (i=1;i<=r;i++)
mr_pmul(_MIPP_ x,mr_mip->base2,x);
mr_pmul(_MIPP_ x,mr_shiftbits((mr_small)1,p),x);
}
#endif
MR_OUT
}
#ifndef MR_NO_RAND
void bigbits(_MIPD_ int n,big x)
{ /* sets x as random < 2^n */
mr_small r;
mr_lentype wlen;
#ifdef MR_FP
mr_small dres;
#endif
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
zero(x);
if (mr_mip->ERNUM || n<=0) return;
MR_IN(150)
expb2(_MIPP_ n,mr_mip->w1);
wlen=mr_mip->w1->len;
do
{
r=brand(_MIPPO_ );
if (mr_mip->base==0) x->w[x->len++]=r;
else x->w[x->len++]=MR_REMAIN(r,mr_mip->base);
} while (x->len<wlen);
#ifndef MR_ALWAYS_BINARY
if (mr_mip->base==mr_mip->base2)
{
#endif
x->w[wlen-1]=MR_REMAIN(x->w[wlen-1],mr_mip->w1->w[wlen-1]);
mr_lzero(x);
#ifndef MR_ALWAYS_BINARY
}
else
{
divide(_MIPP_ x,mr_mip->w1,mr_mip->w1);
}
#endif
MR_OUT
}
#endif

2290
crypto/sm2/miracl/mrcore.c
View File

File diff suppressed because it is too large Load Diff

2507
crypto/sm2/miracl/mrcurve.c
View File

File diff suppressed because it is too large Load Diff

342
crypto/sm2/miracl/mrjack.c
View File

@@ -1,342 +0,0 @@
/***************************************************************************
*
Copyright 2013 CertiVox IOM Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL Jacobi symbol routine
* mrjack.c
*
* See "A binary algorithm for the Jacobi symbol"
* Shallit and Sorenson
*/
#include <stdlib.h>
#include <openssl/miracl.h>
int jack(_MIPD_ big a,big n)
{ /* find jacobi symbol (a/n), for positive odd n */
big w;
int nm8,onm8,t;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM || size(a)==0 || size(n) <1) return 0;
MR_IN(3)
t=1;
copy(n,mr_mip->w2);
nm8=remain(_MIPP_ mr_mip->w2,8);
if (nm8%2==0)
{
MR_OUT
return 0;
}
if (size(a)<0)
{
if (nm8%4==3) t=-1;
negify(a,mr_mip->w1);
}
else copy(a,mr_mip->w1);
while (size(mr_mip->w1)!=0)
{
while (remain(_MIPP_ mr_mip->w1,2)==0)
{
subdiv(_MIPP_ mr_mip->w1,2,mr_mip->w1);
if (nm8==3 || nm8==5) t=-t;
}
if (mr_compare(mr_mip->w1,mr_mip->w2)<0)
{
onm8=nm8;
w=mr_mip->w1; mr_mip->w1=mr_mip->w2; mr_mip->w2=w;
nm8=remain(_MIPP_ mr_mip->w2,8);
if (onm8%4==3 && nm8%4==3) t=-t;
}
mr_psub(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1);
subdiv(_MIPP_ mr_mip->w1,2,mr_mip->w1);
if (nm8==3 || nm8==5) t=-t;
}
MR_OUT
if (size(mr_mip->w2)==1) return t;
return 0;
}
/*
* See "Efficient Algorithms for Computing the Jacobi Symbol"
* Eikenberry & Sorenson
*
* Its turns out this is slower than the binary method above for reasonable sizes
* of parameters (and takes up a lot more space!)
#ifdef MR_FP
#include <math.h>
#endif
static void rfind(mr_small u,mr_small v,mr_small k,mr_small sk,mr_utype *a,mr_utype *b)
{
mr_utype x2,y2,r;
mr_small w,q,x1,y1,sr;
#ifdef MR_FP
mr_small dres;
#endif
w=invers(v,k);
w=smul(u,w,k);
x1=k; x2=0;
y1=w; y2=1;
// NOTE: x1 and y1 are always +ve. x2 and y2 are always small
while (y1>=sk)
{
#ifndef MR_NOFULLWIDTH
if (x1==0) q=muldvm((mr_small)1,(mr_small)0,y1,&sr);
else
#endif
q=MR_DIV(x1,y1);
r= x1-q*y1; x1=y1; y1=r;
sr=x2-q*y2; x2=y2; y2=sr;
}
if (y2>=0) { *a=y2; *b=0-y1; }
else { *a=-y2; *b=y1; }
}
int jack(_MIPD_ big U,big V)
{ // find jacobi symbol for U wrt V. Only defined for
// positive V, V odd. Otherwise returns 0
int i,e,r,m,t,v8,u4;
mr_utype a,b;
mr_small u,v,d,g,k,sk,s;
#ifdef MR_FP
mr_small dres;
#endif
big w;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
#ifdef MR_FP_ROUNDING
mr_large ik,id;
#endif
if (mr_mip->ERNUM || size(U)==0 || size(V) <1) return 0;
copy(U,mr_mip->w1);
copy(V,mr_mip->w2);
a=0;
MR_IN(3)
if (remain(_MIPP_ mr_mip->w2,2)==0)
{ // V is even
MR_OUT
return 0;
}
if (mr_mip->base!=0)
{
k=1;
for (m=1;;m++)
{
k*=2;
if (k==MAXBASE) break;
}
if (m%2==1) {m--; k=MR_DIV(k,2);}
#ifdef MR_FP_ROUNDING
ik=mr_invert(k);
#endif
}
else
{
m=MIRACL;
k=0;
}
r=m/2;
sk=1;
for (i=0;i<r;i++) sk*=2;
t=1;
v8=remain(_MIPP_ mr_mip->w2,8);
while (!mr_mip->ERNUM && size(mr_mip->w1)!=0)
{
if (size(mr_mip->w1)<0)
{
negify(mr_mip->w1,mr_mip->w1);
if (v8%4==3) t=-t;
}
do { // oddify
#ifndef MR_ALWAYS_BINARY
if (mr_mip->base==mr_mip->base2)
{
#endif
if (mr_mip->base==k) u=mr_mip->w1->w[0];
else u=MR_REMAIN(mr_mip->w1->w[0],k);
#ifndef MR_ALWAYS_BINARY
}
#ifdef MR_FP_ROUNDING
else u=mr_sdiv(_MIPP_ mr_mip->w1,k,ik,mr_mip->w3);
#else
else u=mr_sdiv(_MIPP_ mr_mip->w1,k,mr_mip->w3);
#endif
#endif
if (u==0) {s=k; e=0;}
else
{
s=1; e=0;
while (MR_REMAIN(u,2)==0) {s*=2; e++; u=MR_DIV(u,2);}
}
if (s==mr_mip->base) mr_shift(_MIPP_ mr_mip->w1,-1,mr_mip->w1);
#ifdef MR_FP_ROUNDING
else if (s>1)
{
mr_sdiv(_MIPP_ mr_mip->w1,s,mr_invert(s),mr_mip->w1);
}
#else
else if (s>1) mr_sdiv(_MIPP_ mr_mip->w1,s,mr_mip->w1);
#endif
} while (u==0);
if (e%2!=0 && (v8==3 || v8==5)) t=-t;
if (mr_compare(mr_mip->w1,mr_mip->w2)<0)
{
if (mr_mip->base==mr_mip->base2) u4=(int)MR_REMAIN(mr_mip->w1->w[0],4);
else u4=remain(_MIPP_ mr_mip->w1,4);
if (v8%4==3 && u4==3) t=-t;
w=mr_mip->w1; mr_mip->w1=mr_mip->w2; mr_mip->w2=w;
}
#ifndef MR_ALWAYS_BINARY
if (mr_mip->base==mr_mip->base2)
{
#endif
if (k==mr_mip->base)
{
u=mr_mip->w1->w[0];
v=mr_mip->w2->w[0];
}
else
{
u=MR_REMAIN(mr_mip->w1->w[0],k);
v=MR_REMAIN(mr_mip->w2->w[0],k);
}
#ifndef MR_ALWAYS_BINARY
}
else
{
#ifdef MR_FP_ROUNDING
u=mr_sdiv(_MIPP_ mr_mip->w1,k,ik,mr_mip->w3);
v=mr_sdiv(_MIPP_ mr_mip->w2,k,ik,mr_mip->w3);
#else
u=mr_sdiv(_MIPP_ mr_mip->w1,k,mr_mip->w3);
v=mr_sdiv(_MIPP_ mr_mip->w2,k,mr_mip->w3);
#endif
}
#endif
rfind(u,v,k,sk,&a,&b);
if (a>1)
{
#ifdef MR_FP_ROUNDING
d=mr_sdiv(_MIPP_ mr_mip->w2,a,mr_invert(a),mr_mip->w3);
#else
d=mr_sdiv(_MIPP_ mr_mip->w2,a,mr_mip->w3);
#endif
d=sgcd(d,a);
a=MR_DIV(a,d);
}
else d=1;
if (d>1)
{
#ifdef MR_FP_ROUNDING
id=mr_invert(d);
mr_sdiv(_MIPP_ mr_mip->w2,d,id,mr_mip->w2);
u=mr_sdiv(_MIPP_ mr_mip->w1,d,id,mr_mip->w3);
#else
mr_sdiv(_MIPP_ mr_mip->w2,d,mr_mip->w2);
u=mr_sdiv(_MIPP_ mr_mip->w1,d,mr_mip->w3);
#endif
}
else u=0;
g=a;
if (mr_mip->base==mr_mip->base2) v8=(int)MR_REMAIN(mr_mip->w2->w[0],8);
else v8=remain(_MIPP_ mr_mip->w2,8);
while (MR_REMAIN(g,2)==0)
{
g=MR_DIV(g,2);
if (v8==3 || v8==5) t=-t;
}
if (MR_REMAIN(g,4)==3 && v8%4==3) t=-t;
#ifdef MR_FP_ROUNDING
v=mr_sdiv(_MIPP_ mr_mip->w2,g,mr_invert(g),mr_mip->w3);
#else
v=mr_sdiv(_MIPP_ mr_mip->w2,g,mr_mip->w3);
#endif
t*=jac(v,g)*jac(u,d);
if (t==0)
{
MR_OUT
return 0;
}
// printf("a= %I64d b=%I64d %d\n",a,b,(int)b);
if (a>1) mr_pmul(_MIPP_ mr_mip->w1,a,mr_mip->w1);
if (b>=0)
mr_pmul(_MIPP_ mr_mip->w2,b,mr_mip->w3);
else
{
b=-b;
mr_pmul(_MIPP_ mr_mip->w2,b,mr_mip->w3);
negify(mr_mip->w3,mr_mip->w3);
}
// premult(_MIPP_ mr_mip->w2,(int)b,mr_mip->w3); <- nasty bug - potential loss of precision in b
add(_MIPP_ mr_mip->w1,mr_mip->w3,mr_mip->w1);
if (k==mr_mip->base) mr_shift(_MIPP_ mr_mip->w1,-1,mr_mip->w1);
#ifdef MR_FP_ROUNDING
else mr_sdiv(_MIPP_ mr_mip->w1,k,ik,mr_mip->w1);
#else
else mr_sdiv(_MIPP_ mr_mip->w1,k,mr_mip->w1);
#endif
}
MR_OUT
if (size(mr_mip->w2)==1) return t;
return 0;
}
*/

157
crypto/sm2/miracl/mrlucas.c
View File

@@ -1,157 +0,0 @@
/***************************************************************************
*
Copyright 2013 CertiVox IOM Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL methods for evaluating lucas V function
* mrlucas.c (Postl's algorithm)
*/
#include <stdlib.h>
#include <openssl/miracl.h>
void nres_lucas(_MIPD_ big p,big r,big vp,big v)
{
int i,nb;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(107)
if (size(r)==0)
{
zero(vp);
convert(_MIPP_ 2,v);
nres(_MIPP_ v,v);
MR_OUT
return;
}
if (size(r)==1 || size(r)==(-1))
{ /* note - sign of r doesn't matter */
convert(_MIPP_ 2,vp);
nres(_MIPP_ vp,vp);
copy(p,v);
MR_OUT
return;
}
copy(p,mr_mip->w3);
convert(_MIPP_ 2,mr_mip->w4);
nres(_MIPP_ mr_mip->w4,mr_mip->w4); /* w4=2 */
copy(mr_mip->w4,mr_mip->w8);
copy(mr_mip->w3,mr_mip->w9);
copy(r,mr_mip->w1);
insign(PLUS,mr_mip->w1);
decr(_MIPP_ mr_mip->w1,1,mr_mip->w1);
#ifndef MR_ALWAYS_BINARY
if (mr_mip->base==mr_mip->base2)
{
#endif
nb=logb2(_MIPP_ mr_mip->w1);
for (i=nb-1;i>=0;i--)
{
if (mr_mip->user!=NULL) (*mr_mip->user)();
if (mr_testbit(_MIPP_ mr_mip->w1,i))
{
nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w9,mr_mip->w8);
nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w3,mr_mip->w8);
nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w9,mr_mip->w9);
nres_modsub(_MIPP_ mr_mip->w9,mr_mip->w4,mr_mip->w9);
}
else
{
nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w8,mr_mip->w9);
nres_modsub(_MIPP_ mr_mip->w9,mr_mip->w3,mr_mip->w9);
nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w8);
nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w4,mr_mip->w8);
}
}
#ifndef MR_ALWAYS_BINARY
}
else
{
expb2(_MIPP_ logb2(_MIPP_ mr_mip->w1)-1,mr_mip->w2);
while (!mr_mip->ERNUM && size(mr_mip->w2)!=0)
{ /* use binary method */
if (mr_compare(mr_mip->w1,mr_mip->w2)>=0)
{ /* vp=v*vp-p, v=v*v-2 */
nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w9,mr_mip->w8);
nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w3,mr_mip->w8);
nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w9,mr_mip->w9);
nres_modsub(_MIPP_ mr_mip->w9,mr_mip->w4,mr_mip->w9);
subtract(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1);
}
else
{ /* v=v*vp-p, vp=vp*vp-2 */
nres_modmult(_MIPP_ mr_mip->w9,mr_mip->w8,mr_mip->w9);
nres_modsub(_MIPP_ mr_mip->w9,mr_mip->w3,mr_mip->w9);
nres_modmult(_MIPP_ mr_mip->w8,mr_mip->w8,mr_mip->w8);
nres_modsub(_MIPP_ mr_mip->w8,mr_mip->w4,mr_mip->w8);
}
subdiv(_MIPP_ mr_mip->w2,2,mr_mip->w2);
}
}
#endif
copy(mr_mip->w9,v);
if (v!=vp) copy(mr_mip->w8,vp);
MR_OUT
}
void lucas(_MIPD_ big p,big r,big n,big vp,big v)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(108)
prepare_monty(_MIPP_ n);
nres(_MIPP_ p,mr_mip->w3);
nres_lucas(_MIPP_ mr_mip->w3,r,mr_mip->w8,mr_mip->w9);
redc(_MIPP_ mr_mip->w9,v);
if (v!=vp) redc(_MIPP_ mr_mip->w8,vp);
MR_OUT
}

1414
crypto/sm2/miracl/mrmonty.c
View File

File diff suppressed because it is too large Load Diff

59
crypto/sm2/miracl/mrmuldv.c
View File

@@ -1,59 +0,0 @@
/* Standard C version of mrmuldv.c */
#include <stdio.h>
#include <openssl/miracl.h>
mr_small muldiv(mr_small a,mr_small b,mr_small c,mr_small m,mr_small *rp)
{
mr_small q;
mr_large dble=(mr_large)a*b+c;
q=(mr_small)MR_LROUND(dble/m);
*rp=(mr_small)(dble-(mr_large)q*m);
return q;
}
#ifdef MR_FP_ROUNDING
mr_small imuldiv(mr_small a,mr_small b,mr_small c,mr_small m,mr_large im,mr_small *rp)
{
mr_small q;
mr_large dble=(mr_large)a*b+c;
q=(mr_small)MR_LROUND(dble*im);
*rp=(mr_small)(dble-(mr_large)q*m);
return q;
}
#endif
#ifndef MR_NOFULLWIDTH
mr_small muldvm(mr_small a,mr_small c,mr_small m,mr_small *rp)
{
mr_small q;
union doubleword dble;
dble.h[MR_BOT]=c;
dble.h[MR_TOP]=a;
q=(mr_small)(dble.d/m);
*rp=(mr_small)(dble.d-(mr_large)q*m);
return q;
}
mr_small muldvd(mr_small a,mr_small b,mr_small c,mr_small *rp)
{
union doubleword dble;
dble.d=(mr_large)a*b+c;
*rp=dble.h[MR_BOT];
return dble.h[MR_TOP];
}
void muldvd2(mr_small a,mr_small b,mr_small *c,mr_small *rp)
{
union doubleword dble;
dble.d=(mr_large)a*b+*c+*rp;
*rp=dble.h[MR_BOT];
*c=dble.h[MR_TOP];
}
#endif

188
crypto/sm2/miracl/mrsroot.c
View File

@@ -1,188 +0,0 @@
/***************************************************************************
*
Copyright 2013 CertiVox IOM Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL method for modular square root
* mrsroot.c
*
* Siguna Mueller's O(lg(p)^3) algorithm, Designs Codes and Cryptography, 2004
*
* This is a little slower for p=1 mod 4 primes, but its not time critical, and
* more importantly it doesn't pull in the large powmod code into elliptic curve programs
* It does require code from mrjack.c and mrlucas.c
*
* If p=3 mod 4, then sqrt(a)=a^[(p+1)/4] mod p. Note that for many elliptic curves
* (p+1)/4 has very low hamming weight.
*
* (was sqrt(a) = V_{(p+1)/4}(a+1/a,1)/(1+1/a))
*
* Mueller's method is also very simple, uses very little memory, and it works just fine for p=1 mod 8 primes
* (for example the "annoying" NIST modulus 2^224-2^96+1)
* Also doesn't waste time on non-squares, as a jacobi test is done first
*
* If you know that the prime is 3 mod 4, and you know that x is almost certainly a QR
* then the jacobi-dependent code can be deleted with some space savings.
*
* NOTE - IF p IS NOT PRIME, THIS CODE WILL FAIL SILENTLY!
*
*/
#include <stdlib.h>
#include <openssl/miracl.h>
BOOL nres_sqroot(_MIPD_ big x,big w)
{ /* w=sqrt(x) mod p. This depends on p being prime! */
int t,js;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return FALSE;
copy(x,w);
if (size(w)==0) return TRUE;
MR_IN(100)
redc(_MIPP_ w,w); /* get it back into normal form */
if (size(w)==1) /* square root of 1 is 1 */
{
nres(_MIPP_ w,w);
MR_OUT
return TRUE;
}
if (size(w)==4) /* square root of 4 is 2 */
{
convert(_MIPP_ 2,w);
nres(_MIPP_ w,w);
MR_OUT
return TRUE;
}
if (jack(_MIPP_ w,mr_mip->modulus)!=1)
{ /* Jacobi test */
zero(w);
MR_OUT
return FALSE;
}
js=mr_mip->pmod8%4-2; /* 1 mod 4 or 3 mod 4 prime? */
incr(_MIPP_ mr_mip->modulus,js,mr_mip->w10);
subdiv(_MIPP_ mr_mip->w10,4,mr_mip->w10); /* (p+/-1)/4 */
if (js==1)
{ /* 3 mod 4 primes - do a quick and dirty sqrt(x)=x^(p+1)/4 mod p */
nres(_MIPP_ w,mr_mip->w2);
copy(mr_mip->one,w);
forever
{ /* Simple Right-to-Left exponentiation */
if (mr_mip->user!=NULL) (*mr_mip->user)();
if (subdiv(_MIPP_ mr_mip->w10,2,mr_mip->w10)!=0)
nres_modmult(_MIPP_ w,mr_mip->w2,w);
if (mr_mip->ERNUM || size(mr_mip->w10)==0) break;
nres_modmult(_MIPP_ mr_mip->w2,mr_mip->w2,mr_mip->w2);
}
/* nres_moddiv(_MIPP_ mr_mip->one,w,mr_mip->w11);
nres_modadd(_MIPP_ mr_mip->w11,w,mr_mip->w3);
nres_lucas(_MIPP_ mr_mip->w3,mr_mip->w10,w,w);
nres_modadd(_MIPP_ mr_mip->w11,mr_mip->one,mr_mip->w11);
nres_moddiv(_MIPP_ w,mr_mip->w11,w); */
}
else
{ /* 1 mod 4 primes */
for (t=1; ;t++)
{ /* t=1.5 on average */
if (t==1) copy(w,mr_mip->w4);
else
{
premult(_MIPP_ w,t,mr_mip->w4);
divide(_MIPP_ mr_mip->w4,mr_mip->modulus,mr_mip->modulus);
premult(_MIPP_ mr_mip->w4,t,mr_mip->w4);
divide(_MIPP_ mr_mip->w4,mr_mip->modulus,mr_mip->modulus);
}
decr(_MIPP_ mr_mip->w4,4,mr_mip->w1);
if (jack(_MIPP_ mr_mip->w1,mr_mip->modulus)==js) break;
if (mr_mip->ERNUM) break;
}
decr(_MIPP_ mr_mip->w4,2,mr_mip->w3);
nres(_MIPP_ mr_mip->w3,mr_mip->w3);
nres_lucas(_MIPP_ mr_mip->w3,mr_mip->w10,w,w); /* heavy lifting done here */
if (t!=1)
{
convert(_MIPP_ t,mr_mip->w11);
nres(_MIPP_ mr_mip->w11,mr_mip->w11);
nres_moddiv(_MIPP_ w,mr_mip->w11,w);
}
}
MR_OUT
return TRUE;
}
BOOL sqroot(_MIPD_ big x,big p,big w)
{ /* w = sqrt(x) mod p */
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return FALSE;
MR_IN(101)
if (subdivisible(_MIPP_ p,2))
{ /* p must be odd */
zero(w);
MR_OUT
return FALSE;
}
prepare_monty(_MIPP_ p);
nres(_MIPP_ x,w);
if (nres_sqroot(_MIPP_ w,w))
{
redc(_MIPP_ w,w);
MR_OUT
return TRUE;
}
zero(w);
MR_OUT
return FALSE;
}

495
crypto/sm2/miracl/mrxgcd.c
View File

@@ -1,495 +0,0 @@
/***************************************************************************
*
Copyright 2013 CertiVox IOM Ltd. *
*
This file is part of CertiVox MIRACL Crypto SDK. *
*
The CertiVox MIRACL Crypto SDK provides developers with an *
extensive and efficient set of cryptographic functions. *
For further information about its features and functionalities please *
refer to http://www.certivox.com *
*
* The CertiVox MIRACL Crypto SDK is free software: you can *
redistribute it and/or modify it under the terms of the *
GNU Affero General Public License as published by the *
Free Software Foundation, either version 3 of the License, *
or (at your option) any later version. *
*
* The CertiVox MIRACL Crypto SDK is distributed in the hope *
that it will be useful, but WITHOUT ANY WARRANTY; without even the *
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
See the GNU Affero General Public License for more details. *
*
* You should have received a copy of the GNU Affero General Public *
License along with CertiVox MIRACL Crypto SDK. *
If not, see <http://www.gnu.org/licenses/>. *
*
You can be released from the requirements of the license by purchasing *
a commercial license. Buying such a license is mandatory as soon as you *
develop commercial activities involving the CertiVox MIRACL Crypto SDK *
without disclosing the source code of your own applications, or shipping *
the CertiVox MIRACL Crypto SDK with a closed source product. *
*
***************************************************************************/
/*
* MIRACL Extended Greatest Common Divisor module.
* mrxgcd.c
*/
#include <openssl/miracl.h>
#ifdef MR_FP
#include <math.h>
#endif
#ifdef MR_COUNT_OPS
extern int fpx;
#endif
#ifndef MR_USE_BINARY_XGCD
#ifdef mr_dltype
static mr_small qdiv(mr_large u,mr_large v)
{ /* fast division - small quotient expected. */
mr_large lq,x=u;
#ifdef MR_FP
mr_small dres;
#endif
x-=v;
if (x<v) return 1;
x-=v;
if (x<v) return 2;
x-=v;
if (x<v) return 3;
x-=v;
if (x<v) return 4;
x-=v;
if (x<v) return 5;
x-=v;
if (x<v) return 6;
x-=v;
if (x<v) return 7;
x-=v;
if (x<v) return 8;
/* do it the hard way! */
lq=8+MR_DIV(x,v);
if (lq>=MAXBASE) return 0;
return (mr_small)lq;
}
#else
static mr_small qdiv(mr_small u,mr_small v)
{ /* fast division - small quotient expected */
mr_small x=u;
x-=v;
if (x<v) return 1;
x-=v;
if (x<v) return 2;
return MR_DIV(u,v);
}
#endif
int xgcd(_MIPD_ big x,big y,big xd,big yd,big z)
{ /* greatest common divisor by Euclids method *
* extended to also calculate xd and yd where *
* z = x.xd + y.yd = gcd(x,y) *
* if xd, yd not distinct, only xd calculated *
* z only returned if distinct from xd and yd *
* xd will always be positive, yd negative */
int s,n,iter;
mr_small r,a,b,c,d;
mr_small q,m,sr;
#ifdef MR_FP
mr_small dres;
#endif
#ifdef mr_dltype
union doubleword uu,vv;
mr_large u,v,lr;
#else
mr_small u,v,lr;
#endif
BOOL last,dplus=TRUE;
big t;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return 0;
MR_IN(30)
#ifdef MR_COUNT_OPS
fpx++;
#endif
copy(x,mr_mip->w1);
copy(y,mr_mip->w2);
s=exsign(mr_mip->w1);
insign(PLUS,mr_mip->w1);
insign(PLUS,mr_mip->w2);
convert(_MIPP_ 1,mr_mip->w3);
zero(mr_mip->w4);
last=FALSE;
a=b=c=d=0;
iter=0;
while (size(mr_mip->w2)!=0)
{
if (b==0)
{ /* update mr_mip->w1 and mr_mip->w2 */
divide(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w5);
t=mr_mip->w1,mr_mip->w1=mr_mip->w2,mr_mip->w2=t; /* swap(mr_mip->w1,mr_mip->w2) */
multiply(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w0);
add(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3);
t=mr_mip->w3,mr_mip->w3=mr_mip->w4,mr_mip->w4=t; /* swap(xd,yd) */
iter++;
}
else
{
/* printf("a= %I64u b= %I64u c= %I64u d= %I64u \n",a,b,c,d); */
mr_pmul(_MIPP_ mr_mip->w1,c,mr_mip->w5); /* c*w1 */
mr_pmul(_MIPP_ mr_mip->w1,a,mr_mip->w1); /* a*w1 */
mr_pmul(_MIPP_ mr_mip->w2,b,mr_mip->w0); /* b*w2 */
mr_pmul(_MIPP_ mr_mip->w2,d,mr_mip->w2); /* d*w2 */
if (!dplus)
{
mr_psub(_MIPP_ mr_mip->w0,mr_mip->w1,mr_mip->w1); /* b*w2-a*w1 */
mr_psub(_MIPP_ mr_mip->w5,mr_mip->w2,mr_mip->w2); /* c*w1-d*w2 */
}
else
{
mr_psub(_MIPP_ mr_mip->w1,mr_mip->w0,mr_mip->w1); /* a*w1-b*w2 */
mr_psub(_MIPP_ mr_mip->w2,mr_mip->w5,mr_mip->w2); /* d*w2-c*w1 */
}
mr_pmul(_MIPP_ mr_mip->w3,c,mr_mip->w5);
mr_pmul(_MIPP_ mr_mip->w3,a,mr_mip->w3);
mr_pmul(_MIPP_ mr_mip->w4,b,mr_mip->w0);
mr_pmul(_MIPP_ mr_mip->w4,d,mr_mip->w4);
if (a==0) copy(mr_mip->w0,mr_mip->w3);
else mr_padd(_MIPP_ mr_mip->w3,mr_mip->w0,mr_mip->w3);
mr_padd(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w4);
}
if (mr_mip->ERNUM || size(mr_mip->w2)==0) break;
n=(int)mr_mip->w1->len;
if (n==1)
{
last=TRUE;
u=mr_mip->w1->w[0];
v=mr_mip->w2->w[0];
}
else
{
m=mr_mip->w1->w[n-1]+1;
#ifndef MR_SIMPLE_BASE
if (mr_mip->base==0)
{
#endif
#ifndef MR_NOFULLWIDTH
#ifdef mr_dltype
/* use double length type if available */
if (n>2 && m!=0)
{ /* squeeze out as much significance as possible */
uu.h[MR_TOP]=muldvm(mr_mip->w1->w[n-1],mr_mip->w1->w[n-2],m,&sr);
uu.h[MR_BOT]=muldvm(sr,mr_mip->w1->w[n-3],m,&sr);
vv.h[MR_TOP]=muldvm(mr_mip->w2->w[n-1],mr_mip->w2->w[n-2],m,&sr);
vv.h[MR_BOT]=muldvm(sr,mr_mip->w2->w[n-3],m,&sr);
}
else
{
uu.h[MR_TOP]=mr_mip->w1->w[n-1];
uu.h[MR_BOT]=mr_mip->w1->w[n-2];
vv.h[MR_TOP]=mr_mip->w2->w[n-1];
vv.h[MR_BOT]=mr_mip->w2->w[n-2];
if (n==2) last=TRUE;
}
u=uu.d;
v=vv.d;
#else
if (m==0)
{
u=mr_mip->w1->w[n-1];
v=mr_mip->w2->w[n-1];
}
else
{
u=muldvm(mr_mip->w1->w[n-1],mr_mip->w1->w[n-2],m,&sr);
v=muldvm(mr_mip->w2->w[n-1],mr_mip->w2->w[n-2],m,&sr);
}
#endif
#endif
#ifndef MR_SIMPLE_BASE
}
else
{
#ifdef mr_dltype
if (n>2)
{ /* squeeze out as much significance as possible */
u=muldiv(mr_mip->w1->w[n-1],mr_mip->base,mr_mip->w1->w[n-2],m,&sr);
u=u*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w1->w[n-3],m,&sr);
v=muldiv(mr_mip->w2->w[n-1],mr_mip->base,mr_mip->w2->w[n-2],m,&sr);
v=v*mr_mip->base+muldiv(sr,mr_mip->base,mr_mip->w2->w[n-3],m,&sr);
}
else
{
u=(mr_large)mr_mip->base*mr_mip->w1->w[n-1]+mr_mip->w1->w[n-2];
v=(mr_large)mr_mip->base*mr_mip->w2->w[n-1]+mr_mip->w2->w[n-2];
last=TRUE;
}
#else
u=muldiv(mr_mip->w1->w[n-1],mr_mip->base,mr_mip->w1->w[n-2],m,&sr);
v=muldiv(mr_mip->w2->w[n-1],mr_mip->base,mr_mip->w2->w[n-2],m,&sr);
#endif
}
#endif
}
dplus=TRUE;
a=1; b=0; c=0; d=1;
forever
{ /* work only with most significant piece */
if (last)
{
if (v==0) break;
q=qdiv(u,v);
if (q==0) break;
}
else
{
if (dplus)
{
if ((mr_small)(v-c)==0 || (mr_small)(v+d)==0) break;
q=qdiv(u+a,v-c);
if (q==0) break;
if (q!=qdiv(u-b,v+d)) break;
}
else
{
if ((mr_small)(v+c)==0 || (mr_small)(v-d)==0) break;
q=qdiv(u-a,v+c);
if (q==0) break;
if (q!=qdiv(u+b,v-d)) break;
}
}
if (q==1)
{
if ((mr_small)(b+d) >= MAXBASE) break;
r=a+c; a=c; c=r;
r=b+d; b=d; d=r;
lr=u-v; u=v; v=lr;
}
else
{
if (q>=MR_DIV(MAXBASE-b,d)) break;
r=a+q*c; a=c; c=r;
r=b+q*d; b=d; d=r;
lr=u-q*v; u=v; v=lr;
}
iter++;
dplus=!dplus;
}
iter%=2;
}
if (s==MINUS) iter++;
if (iter%2==1) subtract(_MIPP_ y,mr_mip->w3,mr_mip->w3);
if (xd!=yd)
{
negify(x,mr_mip->w2);
mad(_MIPP_ mr_mip->w2,mr_mip->w3,mr_mip->w1,y,mr_mip->w4,mr_mip->w4);
copy(mr_mip->w4,yd);
}
copy(mr_mip->w3,xd);
if (z!=xd && z!=yd) copy(mr_mip->w1,z);
MR_OUT
return (size(mr_mip->w1));
}
int invmodp(_MIPD_ big x,big y,big z)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
int gcd;
MR_IN(213);
gcd=xgcd(_MIPP_ x,y,z,z,z);
MR_OUT
return gcd;
}
#else
/* much smaller, much slower binary inversion algorithm */
/* fails silently if a is not co-prime to p */
/* experimental! At least 3 times slower than standard method.. */
int invmodp(_MIPD_ big a,big p,big z)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
big u,v,x1,x2;
MR_IN(213);
u=mr_mip->w1; v=mr_mip->w2; x1=mr_mip->w3; x2=mr_mip->w4;
copy(a,u);
copy(p,v);
convert(_MIPP_ 1,x1);
zero(x2);
while (size(u)!=1 && size(v)!=1)
{
while (remain(_MIPP_ u,2)==0)
{
subdiv(_MIPP_ u,2,u);
if (remain(_MIPP_ x1,2)!=0) add(_MIPP_ x1,p,x1);
subdiv(_MIPP_ x1,2,x1);
}
while (remain(_MIPP_ v,2)==0)
{
subdiv(_MIPP_ v,2,v);
if (remain(_MIPP_ x2,2)!=0) add(_MIPP_ x2,p,x2);
subdiv(_MIPP_ x2,2,x2);
}
if (compare(u,v)>=0)
{
mr_psub(_MIPP_ u,v,u);
subtract(_MIPP_ x1,x2,x1);
}
else
{
mr_psub(_MIPP_ v,u,v);
subtract(_MIPP_ x2,x1,x2);
}
}
if (size(u)==1) copy(x1,z);
else copy(x2,z);
if (size(z)<0) add(_MIPP_ z,p,z);
MR_OUT
return 1; /* note - no checking that gcd=1 */
}
#endif
#ifndef MR_STATIC
/* Montgomery's method for multiple
simultaneous modular inversions */
BOOL double_inverse(_MIPD_ big n,big x,big y,big w,big z)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
MR_IN(146)
mad(_MIPP_ x,w,w,n,n,mr_mip->w6);
if (size(mr_mip->w6)==0)
{
mr_berror(_MIPP_ MR_ERR_DIV_BY_ZERO);
MR_OUT
return FALSE;
}
invmodp(_MIPP_ mr_mip->w6,n,mr_mip->w6);
mad(_MIPP_ w,mr_mip->w6,w,n,n,y);
mad(_MIPP_ x,mr_mip->w6,x,n,n,z);
MR_OUT
return TRUE;
}
BOOL multi_inverse(_MIPD_ int m,big *x,big n,big *w)
{ /* find w[i]=1/x[i] mod n, for i=0 to m-1 *
* x and w MUST be distinct */
int i;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (m==0) return TRUE;
if (m<0) return FALSE;
MR_IN(25)
if (x==w)
{
mr_berror(_MIPP_ MR_ERR_BAD_PARAMETERS);
MR_OUT
return FALSE;
}
if (m==1)
{
invmodp(_MIPP_ x[0],n,w[0]);
MR_OUT
return TRUE;
}
convert(_MIPP_ 1,w[0]);
copy(x[0],w[1]);
for (i=2;i<m;i++)
mad(_MIPP_ w[i-1],x[i-1],x[i-1],n,n,w[i]);
mad(_MIPP_ w[m-1],x[m-1],x[m-1],n,n,mr_mip->w6); /* y=x[0]*x[1]*x[2]....x[m-1] */
if (size(mr_mip->w6)==0)
{
mr_berror(_MIPP_ MR_ERR_DIV_BY_ZERO);
MR_OUT
return FALSE;
}
invmodp(_MIPP_ mr_mip->w6,n,mr_mip->w6);
/* Now y=1/y */
copy(x[m-1],mr_mip->w5);
mad(_MIPP_ w[m-1],mr_mip->w6,mr_mip->w6,n,n,w[m-1]);
for (i=m-2;;i--)
{
if (i==0)
{
mad(_MIPP_ mr_mip->w5,mr_mip->w6,mr_mip->w6,n,n,w[0]);
break;
}
mad(_MIPP_ w[i],mr_mip->w5,w[i],n,n,w[i]);
mad(_MIPP_ w[i],mr_mip->w6,w[i],n,n,w[i]);
mad(_MIPP_ mr_mip->w5,x[i],x[i],n,n,mr_mip->w5);
}
MR_OUT
return TRUE;
}
#endif

253
crypto/sm2/sm2_standard_enc.c
View File

@@ -1,253 +0,0 @@
/*
* Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <openssl/miracl.h>
#include <openssl/mirdef.h>
#include <openssl/sm2_standard.h>
/* test if the given array is all zero */
int Test_Null(unsigned char array[], int len)
{
int i;
i = 0;
for (i = 0; i < len; i++)
{
if (array[i] != 0x00)
return 0;
}
return 1;
}
/* sm2 encryption */
int SM2_standard_encrypt(unsigned char* randK, epoint *pubKey, unsigned char M[], int klen, unsigned char C[])
{
big C1x, C1y, x2, y2, rand;
epoint *C1, *kP, *S;
int i;
i = 0;
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
SM3_STATE md;
C1x = mirvar(0);
C1y = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
rand = mirvar(0);
C1 = epoint_init();
kP = epoint_init();
S = epoint_init();
//step2. calculate C1 = [k]G = (rGx, rGy)
bytes_to_big(SM2_NUMWORD, randK, rand);
ecurve_mult(rand, G, C1); //C1 = [k]G
epoint_get(C1, C1x, C1y);
big_to_bytes(SM2_NUMWORD, C1x, C, 1);
big_to_bytes(SM2_NUMWORD, C1y, C + SM2_NUMWORD, 1);
//step3. test if S = [h]pubKey if the point at infinity
ecurve_mult(para_h, pubKey, S);
if (point_at_infinity(S)) //if S is point at infinity, return error;
return ERR_INFINITY_POINT;
//step4. calculate [k]PB = (x2, y2)
ecurve_mult(rand, pubKey, kP); //kP = [k]P
epoint_get(kP, x2, y2);
//step5. KDF(x2 || y2, klen)
big_to_bytes(SM2_NUMWORD, x2, x2y2, 1);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1);
SM3_kdf(x2y2, SM2_NUMWORD * 2, klen, C + SM2_NUMWORD * 3);
if (Test_Null(C + SM2_NUMWORD * 3, klen) != 0)
return ERR_ARRAY_NULL;
//step6. C2 = M^t
for (i = 0; i < klen; i++)
{
C[SM2_NUMWORD * 3 + i] = M[i] ^ C[SM2_NUMWORD * 3 + i];
}
//step7. C3 = hash(x2, M, y2)
SM3_init(&md);
SM3_process(&md, x2y2, SM2_NUMWORD);
SM3_process(&md, M, klen);
SM3_process(&md, x2y2 + SM2_NUMWORD, SM2_NUMWORD);
SM3_done(&md, C + SM2_NUMWORD * 2);
return 0;
}
/* sm2 decryption */
int SM2_standard_decrypt(big dB, unsigned char C[], int Clen, unsigned char M[])
{
SM3_STATE md;
int i;
i = 0;
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
unsigned char hash[SM2_NUMWORD] = {0};
big C1x, C1y, x2, y2;
epoint *C1, *S, *dBC1;
C1x = mirvar(0);
C1y = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
C1 = epoint_init();
S = epoint_init();
dBC1 = epoint_init();
//step1. test if C1 fits the curve
bytes_to_big(SM2_NUMWORD, C, C1x);
bytes_to_big(SM2_NUMWORD, C + SM2_NUMWORD, C1y);
epoint_set(C1x, C1y, 0, C1);
i = Test_Point(C1);
if (i != 0)
return i;
//step2. S = [h]C1 and test if S is the point at infinity
ecurve_mult(para_h, C1, S);
if (point_at_infinity(S)) // if S is point at infinity, return error;
return ERR_INFINITY_POINT;
//step3. [dB]C1 = (x2, y2)
ecurve_mult(dB, C1, dBC1);
epoint_get(dBC1, x2, y2);
big_to_bytes(SM2_NUMWORD, x2, x2y2, 1);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1);
//step4. t = KDF(x2 || y2, klen)
SM3_kdf(x2y2, SM2_NUMWORD * 2, Clen - SM2_NUMWORD * 3, M);
if (Test_Null(M, Clen - SM2_NUMWORD * 3) != 0)
return ERR_ARRAY_NULL;
//step5. M = C2^t
for (i = 0; i < Clen - SM2_NUMWORD * 3; i++)
M[i] = M[i] ^ C[SM2_NUMWORD * 3 + i];
//step6. hash(x2, m, y2)
SM3_init(&md);
SM3_process(&md, x2y2, SM2_NUMWORD);
SM3_process(&md, M, Clen - SM2_NUMWORD * 3);
SM3_process(&md, x2y2 + SM2_NUMWORD, SM2_NUMWORD);
SM3_done(&md, hash);
if (memcmp(hash, C + SM2_NUMWORD * 2, SM2_NUMWORD) != 0)
return ERR_C3_MATCH;
else
return 0;
}
/* test whether the SM2 calculation is correct by comparing the result with the standard data */
int SM2_standard_enc_selftest()
{
int tmp, i;
tmp = 0;
i = 0;
unsigned char Cipher[115] = {0};
unsigned char M[19] = {0};
unsigned char kGxy[SM2_NUMWORD * 2] = {0};
big ks, x, y;
epoint *kG;
//standard data
unsigned char std_priKey[32] = {0x39, 0x45, 0x20, 0x8F, 0x7B, 0x21, 0x44, 0xB1, 0x3F, 0x36, 0xE3, 0x8A, 0xC6, 0xD3, 0x9F, 0x95,
0x88, 0x93, 0x93, 0x69, 0x28, 0x60, 0xB5, 0x1A, 0x42, 0xFB, 0x81, 0xEF, 0x4D, 0xF7, 0xC5, 0xB8};
unsigned char std_pubKey[64] = {0x09, 0xF9, 0xDF, 0x31, 0x1E, 0x54, 0x21, 0xA1, 0x50, 0xDD, 0x7D, 0x16, 0x1E, 0x4B, 0xC5, 0xC6,
0x72, 0x17, 0x9F, 0xAD, 0x18, 0x33, 0xFC, 0x07, 0x6B, 0xB0, 0x8F, 0xF3, 0x56, 0xF3, 0x50, 0x20,
0xCC, 0xEA, 0x49, 0x0C, 0xE2, 0x67, 0x75, 0xA5, 0x2D, 0xC6, 0xEA, 0x71, 0x8C, 0xC1, 0xAA, 0x60,
0x0A, 0xED, 0x05, 0xFB, 0xF3, 0x5E, 0x08, 0x4A, 0x66, 0x32, 0xF6, 0x07, 0x2D, 0xA9, 0xAD, 0x13};
unsigned char std_rand[32] = {0x59, 0x27, 0x6E, 0x27, 0xD5, 0x06, 0x86, 0x1A, 0x16, 0x68, 0x0F, 0x3A, 0xD9, 0xC0, 0x2D, 0xCC,
0xEF, 0x3C, 0xC1, 0xFA, 0x3C, 0xDB, 0xE4, 0xCE, 0x6D, 0x54, 0xB8, 0x0D, 0xEA, 0xC1, 0xBC, 0x21};
unsigned char std_Message[19] = {0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x73, 0x74, 0x61, 0x6E, 0x64,
0x61, 0x72, 0x64};
unsigned char std_Cipher[115] = {0x04, 0xEB, 0xFC, 0x71, 0x8E, 0x8D, 0x17, 0x98, 0x62, 0x04, 0x32, 0x26, 0x8E, 0x77, 0xFE, 0xB6,
0x41, 0x5E, 0x2E, 0xDE, 0x0E, 0x07, 0x3C, 0x0F, 0x4F, 0x64, 0x0E, 0xCD, 0x2E, 0x14, 0x9A, 0x73,
0xE8, 0x58, 0xF9, 0xD8, 0x1E, 0x54, 0x30, 0xA5, 0x7B, 0x36, 0xDA, 0xAB, 0x8F, 0x95, 0x0A, 0x3C,
0x64, 0xE6, 0xEE, 0x6A, 0x63, 0x09, 0x4D, 0x99, 0x28, 0x3A, 0xFF, 0x76, 0x7E, 0x12, 0x4D, 0xF0,
0x59, 0x98, 0x3C, 0x18, 0xF8, 0x09, 0xE2, 0x62, 0x92, 0x3C, 0x53, 0xAE, 0xC2, 0x95, 0xD3, 0x03,
0x83, 0xB5, 0x4E, 0x39, 0xD6, 0x09, 0xD1, 0x60, 0xAF, 0xCB, 0x19, 0x08, 0xD0, 0xBD, 0x87, 0x66,
0x21, 0x88, 0x6C, 0xA9, 0x89, 0xCA, 0x9C, 0x7D, 0x58, 0x08, 0x73, 0x07, 0xCA, 0x93, 0x09, 0x2D,
0x65, 0x1E, 0xFA};
mip= mirsys(1000, 16);
mip->IOBASE = 16;
x = mirvar(0);
y = mirvar(0);
ks = mirvar(0);
kG = epoint_init();
bytes_to_big(32, std_priKey, ks); //ks is the standard private key
//initiate SM2 curve
SM2_standard_init();
//generate key pair
tmp = SM2_standard_keygeneration(ks, kG);
if (tmp != 0)
return tmp;
epoint_get(kG, x, y);
big_to_bytes(SM2_NUMWORD, x, kGxy, 1);
big_to_bytes(SM2_NUMWORD, y, kGxy + SM2_NUMWORD, 1);
if (memcmp(kGxy, std_pubKey, SM2_NUMWORD * 2) != 0)
return ERR_SELFTEST_KG;
//encrypt data and compare the result with the standard data
tmp = SM2_standard_encrypt(std_rand, kG, std_Message, 19, Cipher);
if (tmp != 0)
return tmp;
if (memcmp(Cipher, std_Cipher, 19 + SM2_NUMWORD * 3) != 0)
return ERR_SELFTEST_ENC;
//decrypt cipher and compare the result with the standard data
tmp = SM2_standard_decrypt(ks, Cipher, 115, M);
if (tmp != 0)
return tmp;
if (memcmp(M, std_Message, 19) != 0)
return ERR_SELFTEST_DEC;
return 0;
}

491
crypto/sm2/sm2_standard_exch.c
View File

@@ -1,491 +0,0 @@
/* ====================================================================
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/mirdef.h>
#include <openssl/miracl.h>
#include <openssl/sm2_standard.h>
/* calculation of w */
int SM2_w(big n)
{
big n1;
int w = 0;
n1 = mirvar(0);
w = logb2(para_n); //approximate integer log to the base 2 of para_n
expb2(w, n1); //n1 = 2^w
if (mr_compare(para_n, n1) == 1)
w++;
if ((w % 2) == 0)
w = w / 2 - 1;
else
w = (w + 1) / 2 - 1;
return w;
}
/* calculation of ZA or ZB */
void SM3_z(unsigned char ID[], unsigned short int ELAN, epoint* pubKey, unsigned char hash[])
{
unsigned char Px[SM2_NUMWORD] = {0}, Py[SM2_NUMWORD] = {0};
unsigned char IDlen[2] = {0};
big x, y;
SM3_STATE md;
x = mirvar(0);
y = mirvar(0);
epoint_get(pubKey, x, y);
big_to_bytes(SM2_NUMWORD, x, Px, 1);
big_to_bytes(SM2_NUMWORD, y, Py, 1);
memcpy(IDlen, &ELAN + 1, 1);
memcpy(IDlen + 1, &ELAN, 1);
SM3_init(&md);
SM3_process(&md, IDlen, 2);
SM3_process(&md, ID, ELAN / 8);
SM3_process(&md, SM2_a, SM2_NUMWORD);
SM3_process(&md, SM2_b, SM2_NUMWORD);
SM3_process(&md, SM2_Gx, SM2_NUMWORD);
SM3_process(&md, SM2_Gy, SM2_NUMWORD);
SM3_process(&md, Px, SM2_NUMWORD);
SM3_process(&md, Py, SM2_NUMWORD);
SM3_done(&md, hash);
return;
}
/* calculate RA */
int SM2_standard_keyex_init_i(big ra, epoint* RA)
{
return SM2_standard_keygeneration(ra, RA);
}
/* calculate RB and a secret key */
int SM2_standard_keyex_re_i(big rb, big dB, epoint* RA, epoint* PA, unsigned char ZA[], unsigned char ZB[], unsigned char K[], int klen, epoint* RB, epoint* V, unsigned char hash[])
{
SM3_STATE md;
int i = 0, w = 0;
unsigned char Z[SM2_NUMWORD * 2 + SM3_len / 4] = {0};
unsigned char x1y1[SM2_NUMWORD * 2] = {0};
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
unsigned char temp = 0x02;
big x1, y1, x1_, x2, y2, x2_, tmp, Vx, Vy, temp_x, temp_y;
//mip = mirsys(1000, 16);
//mip->IOBASE = 16;
x1 = mirvar(0);
y1 = mirvar(0);
x1_ = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
x2_ = mirvar(0);
tmp = mirvar(0);
Vx = mirvar(0);
Vy = mirvar(0);
temp_x = mirvar(0);
temp_y = mirvar(0);
w = SM2_w(para_n);
//--------B2: RB = [rb]G = (x2, y2)--------
SM2_standard_keygeneration(rb, RB);
epoint_get(RB, x2, y2);
big_to_bytes(SM2_NUMWORD, x2, x2y2, 1);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1);
//--------B3: x2_ = 2^w + x2 & (2^w - 1)--------
expb2(w, x2_); //x2_ = 2^w
divide(x2, x2_, tmp); //x2 = x2 mod x2_ = x2 & (2^w - 1)
add(x2_, x2, x2_);
divide(x2_, para_n, tmp); //x2_ = n mod q
//--------B4: tB = (dB + x2_ * rB) mod n--------
multiply(x2_, rb, x2_);
add(dB, x2_, x2_);
divide(x2_, para_n, tmp);
//--------B5: x1_ = 2^w + x1 & (2^w - 1)--------
if (Test_Point(RA) != 0)
return ERR_KEYEX_RA;
epoint_get(RA, x1, y1);
big_to_bytes(SM2_NUMWORD, x1, x1y1, 1);
big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, 1);
expb2(w, x1_); //x1_ = 2^w
divide(x1, x1_, tmp); //x1 = x1 mod x1_ = x1 & (2^w - 1)
add(x1_,x1, x1_);
divide(x1_, para_n, tmp); //x1_ = n mod q
//--------B6: V = [h * tB](PA + [x1_]RA)--------
ecurve_mult(x1_, RA, V); //v = [x1_]RA
epoint_get(V, temp_x, temp_y);
ecurve_add(PA, V); //V = PA + V
epoint_get(V, temp_x, temp_y);
multiply(para_h, x2_, x2_); //tB = tB * h
ecurve_mult(x2_, V, V);
if (point_at_infinity(V) == 1)
return ERR_INFINITY_POINT;
epoint_get(V, Vx, Vy);
big_to_bytes(SM2_NUMWORD, Vx, Z, 1);
big_to_bytes(SM2_NUMWORD, Vy, Z + SM2_NUMWORD, 1);
//------------B7:KB = KDF(VX, VY, ZA, ZB, KLEN)----------
memcpy(Z + SM2_NUMWORD * 2, ZA, SM3_len / 8);
memcpy(Z + SM2_NUMWORD * 2 + SM3_len / 8, ZB, SM3_len / 8);
SM3_kdf(Z, SM2_NUMWORD * 2 + SM3_len / 4, klen / 8, K);
//---------------B8:(optional)SB = hash(0x02 || Vy || HASH(Vx || ZA || ZB || x1 || y1 || x2 || y2)-------------
SM3_init(&md);
SM3_process(&md, Z, SM2_NUMWORD);
SM3_process(&md, ZA, SM3_len / 8);
SM3_process(&md, ZB, SM3_len / 8);
SM3_process(&md, x1y1, SM2_NUMWORD * 2);
SM3_process(&md, x2y2, SM2_NUMWORD * 2);
SM3_done(&md, hash);
SM3_init(&md);
SM3_process(&md, &temp, 1);
SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD);
SM3_process(&md, hash, SM3_len / 8);
SM3_done(&md, hash);
return 0;
}
/* initiator A calculates the secret key out of RA and RB, and calculates a hash */
int SM2_standard_keyex_init_ii(big ra, big dA, epoint* RA, epoint* RB, epoint* PB, unsigned char ZA[], unsigned char ZB[], unsigned char SB[], unsigned char K[], int klen, unsigned char SA[])
{
SM3_STATE md;
int i = 0, w = 0;
unsigned char Z[SM2_NUMWORD * 2 + SM3_len / 4] = {0};
unsigned char x1y1[SM2_NUMWORD * 2] = {0};
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
unsigned char hash[SM2_NUMWORD], S1[SM2_NUMWORD];
unsigned char temp[2] = {0x02, 0x03};
big x1, y1, x1_, x2, y2, x2_, tmp, Ux, Uy, temp_x, temp_y, tA;
epoint* U;
//mip = mirsys(1000, 16);
//mip->IOBASE = 16;
U = epoint_init();
x1 = mirvar(0);
y1 = mirvar(0);
x1_ = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
x2_ = mirvar(0);
tmp = mirvar(0);
Ux = mirvar(0);
Uy = mirvar(0);
temp_x = mirvar(0);
temp_y = mirvar(0);
tA=mirvar(0);
w = SM2_w(para_n);
epoint_get(RA, x1, y1);
big_to_bytes(SM2_NUMWORD, x1, x1y1, TRUE);
big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, TRUE);
//--------A4: x1_ = 2^w + x2 & (2^w - 1)--------
expb2(w, x1_); //x1_ = 2^w
divide(x1, x1_, tmp); //x1 = x1 mod x1_ = x1 & (2^w - 1)
add(x1_, x1, x1_);
divide(x1_, para_n, tmp);
//-------- A5:tA = (dA + x1_ * rA) mod n--------
multiply(x1_, ra, tA);
divide(tA, para_n, tmp);
add(tA, dA, tA);
divide(tA, para_n, tmp);
//-------- A6:x2_ = 2^w + x2 & (2^w - 1)-----------------
if (Test_Point(RB) != 0)
return ERR_KEYEX_RB;//////////////////////////////////
epoint_get(RB, x2, y2);
big_to_bytes(SM2_NUMWORD, x2, x2y2, TRUE);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, TRUE);
expb2(w, x2_); //x2_ = 2^w
divide(x2, x2_, tmp); //x2 = x2 mod x2_ = x2 & (2^w - 1)
add(x2_, x2, x2_);
divide(x2_, para_n, tmp);
//--------A7:U = [h * tA](PB + [x2_]RB)-----------------
ecurve_mult(x2_, RB, U); //U = [x2_]RB
epoint_get(U, temp_x, temp_y);
ecurve_add(PB, U); //U = PB + U
epoint_get(U, temp_x, temp_y);
multiply(para_h, tA, tA); //tA = tA * h
divide(tA, para_n, tmp);
ecurve_mult(tA, U, U);
if (point_at_infinity(U) == 1)
return ERR_INFINITY_POINT;
epoint_get(U, Ux, Uy);
big_to_bytes(SM2_NUMWORD, Ux, Z, 1);
big_to_bytes(SM2_NUMWORD, Uy, Z + SM2_NUMWORD, 1);
//------------A8:KA = KDF(UX, UY, ZA, ZB, KLEN)----------
memcpy(Z + SM2_NUMWORD * 2, ZA, SM3_len / 8);
memcpy(Z + SM2_NUMWORD * 2 + SM3_len / 8, ZB, SM3_len / 8);
SM3_kdf(Z, SM2_NUMWORD * 2 + SM3_len / 4, klen / 8, K);
//---------------A9:(optional) S1 = Hash(0x02 || Uy || Hash(Ux || ZA || ZB || x1 || y1 || x2 || y2))-----------
SM3_init (&md);
SM3_process(&md, Z, SM2_NUMWORD);
SM3_process(&md, ZA, SM3_len / 8);
SM3_process(&md, ZB, SM3_len / 8);
SM3_process(&md, x1y1, SM2_NUMWORD * 2);
SM3_process(&md, x2y2, SM2_NUMWORD * 2);
SM3_done(&md, hash);
SM3_init(&md);
SM3_process(&md, temp, 1);
SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD);
SM3_process(&md, hash, SM3_len / 8);
SM3_done(&md, S1);
//test S1 = SB?
if (memcmp(S1, SB, SM2_NUMWORD) != 0)
return ERR_EQUAL_S1SB;
//---------------A10 SA = Hash(0x03 || yU || Hash(xU || ZA || ZB || x1 || y1 || x2 || y2))-------------
SM3_init(&md);
SM3_process(&md, &temp[1], 1);
SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD);
SM3_process(&md, hash, SM3_len / 8);
SM3_done(&md, SA);
return 0;
}
/* (optional)Step B10: verifies the hash value received from initiator A */
int SM2_standard_keyex_re_ii(epoint *V, epoint *RA, epoint *RB, unsigned char ZA[], unsigned char ZB[], unsigned char SA[])
{
big x1, y1, x2, y2, Vx, Vy;
unsigned char hash[SM2_NUMWORD], S2[SM2_NUMWORD];
unsigned char temp = 0x03;
unsigned char xV[SM2_NUMWORD], yV[SM2_NUMWORD];
unsigned char x1y1[SM2_NUMWORD * 2] = {0};
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
SM3_STATE md;
x1 = mirvar(0);
y1 = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
Vx = mirvar(0);
Vy = mirvar(0);
epoint_get(RA, x1, y1);
epoint_get(RB, x2, y2);
epoint_get(V, Vx, Vy);
big_to_bytes(SM2_NUMWORD, Vx, xV, TRUE);
big_to_bytes(SM2_NUMWORD, Vy, yV, TRUE);
big_to_bytes(SM2_NUMWORD, x1, x1y1, TRUE);
big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, TRUE);
big_to_bytes(SM2_NUMWORD, x2, x2y2, TRUE);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, TRUE);
//---------------B10:(optional) S2 = Hash(0x03 || Vy || Hash(Vx || ZA || ZB || x1 || y1 || x2 || y2))
SM3_init(&md);
SM3_process(&md, xV, SM2_NUMWORD);
SM3_process(&md, ZA, SM3_len / 8);
SM3_process(&md, ZB, SM3_len / 8);
SM3_process(&md, x1y1, SM2_NUMWORD * 2);
SM3_process(&md, x2y2, SM2_NUMWORD * 2);
SM3_done(&md, hash);
SM3_init(&md);
SM3_process(&md, &temp, 1);
SM3_process(&md, yV, SM2_NUMWORD);
SM3_process(&md, hash, SM3_len / 8);
SM3_done(&md, S2);
if (memcmp(S2, SA, SM3_len / 8) != 0)
return ERR_EQUAL_S2SA;
return 0;
}
/* self check of SM2 key exchange */
int SM2_standard_keyex_selftest()
{
//standard data
unsigned char std_priKeyA[SM2_NUMWORD] = {0x81, 0xEB, 0x26, 0xE9, 0x41, 0xBB, 0x5A, 0xF1, 0x6D, 0xF1, 0x16, 0x49, 0x5F, 0x90, 0x69, 0x52,
0x72, 0xAE, 0x2C, 0xD6, 0x3D, 0x6C, 0x4A, 0xE1, 0x67, 0x84, 0x18, 0xBE, 0x48, 0x23, 0x00, 0x29};
unsigned char std_pubKeyA[SM2_NUMWORD * 2] = {0x16, 0x0E, 0x12, 0x89, 0x7D, 0xF4, 0xED, 0xB6, 0x1D, 0xD8, 0x12, 0xFE, 0xB9, 0x67, 0x48,
0xFB, 0xD3, 0xCC, 0xF4, 0xFF, 0xE2, 0x6A, 0xA6, 0xF6, 0xDB, 0x95, 0x40, 0xAF, 0x49, 0xC9,
0x42, 0x32, 0x4A, 0x7D, 0xAD, 0x08, 0xBB, 0x9A, 0x45, 0x95, 0x31, 0x69, 0x4B, 0xEB, 0x20,
0xAA, 0x48, 0x9D, 0x66, 0x49, 0x97, 0x5E, 0x1B, 0xFC, 0xF8, 0xC4, 0x74, 0x1B, 0x78, 0xB4,
0xB2, 0x23, 0x00, 0x7F};
unsigned char std_randA[SM2_NUMWORD] = {0xD4, 0xDE, 0x15, 0x47, 0x4D, 0xB7, 0x4D, 0x06, 0x49, 0x1C, 0x44, 0x0D, 0x30, 0x5E, 0x01, 0x24,
0x00, 0x99, 0x0F, 0x3E, 0x39, 0x0C, 0x7E, 0x87, 0x15, 0x3C, 0x12, 0xDB, 0x2E, 0xA6, 0x0B, 0xB3};
unsigned char std_priKeyB[SM2_NUMWORD] = {0x78, 0x51, 0x29, 0x91, 0x7D, 0x45, 0xA9, 0xEA, 0x54, 0x37, 0xA5, 0x93, 0x56, 0xB8, 0x23, 0x38,
0xEA, 0xAD, 0xDA, 0x6C, 0xEB, 0x19, 0x90, 0x88, 0xF1, 0x4A, 0xE1, 0x0D, 0xEF, 0xA2, 0x29, 0xB5};
unsigned char std_pubKeyB[SM2_NUMWORD * 2] = {0x6A, 0xE8, 0x48, 0xC5, 0x7C, 0x53, 0xC7, 0xB1, 0xB5, 0xFA, 0x99, 0xEB, 0x22, 0x86, 0xAF,
0x07, 0x8B, 0xA6, 0x4C, 0x64, 0x59, 0x1B, 0x8B, 0x56, 0x6F, 0x73, 0x57, 0xD5, 0x76, 0xF1,
0x6D, 0xFB, 0xEE, 0x48, 0x9D, 0x77, 0x16, 0x21, 0xA2, 0x7B, 0x36, 0xC5, 0xC7, 0x99, 0x20,
0x62, 0xE9, 0xCD, 0x09, 0xA9, 0x26, 0x43, 0x86, 0xF3, 0xFB, 0xEA, 0x54, 0xDF, 0xF6, 0x93,
0x05, 0x62, 0x1C, 0x4D};
unsigned char std_randB[SM2_NUMWORD] = {0x7E, 0x07, 0x12, 0x48, 0x14, 0xB3, 0x09, 0x48, 0x91, 0x25, 0xEA, 0xED, 0x10, 0x11, 0x13, 0x16,
0x4E, 0xBF, 0x0F, 0x34, 0x58, 0xC5, 0xBD, 0x88, 0x33, 0x5C, 0x1F, 0x9D, 0x59, 0x62, 0x43, 0xD6};
unsigned char std_IDA[16] = {0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38};
unsigned char std_IDB[16] = {0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38};
unsigned short int std_ENTLA = 0x0080;
unsigned short int std_ENTLB = 0x0080;
unsigned char std_ZA[SM3_len] = {0x3B, 0x85, 0xA5, 0x71, 0x79, 0xE1, 0x1E, 0x7E, 0x51, 0x3A, 0xA6, 0x22, 0x99, 0x1F, 0x2C,
0xA7, 0x4D, 0x18, 0x07, 0xA0, 0xBD, 0x4D, 0x4B, 0x38, 0xF9, 0x09, 0x87, 0xA1, 0x7A, 0xC2,
0x45, 0xB1};
unsigned char std_ZB[SM3_len] = {0x79, 0xC9, 0x88, 0xD6, 0x32, 0x29, 0xD9, 0x7E, 0xF1, 0x9F, 0xE0, 0x2C, 0xA1, 0x05, 0x6E,
0x01, 0xE6, 0xA7, 0x41, 0x1E, 0xD2, 0x46, 0x94, 0xAA, 0x8F, 0x83, 0x4F, 0x4A, 0x4A, 0xB0,
0x22, 0xF7};
unsigned char std_RA[SM2_NUMWORD * 2] = {0x64, 0xCE, 0xD1, 0xBD, 0xBC, 0x99, 0xD5, 0x90, 0x04, 0x9B, 0x43, 0x4D, 0x0F, 0xD7, 0x34, 0x28,
0xCF, 0x60, 0x8A, 0x5D, 0xB8, 0xFE, 0x5C, 0xE0, 0x7F, 0x15, 0x02, 0x69, 0x40, 0xBA, 0xE4, 0x0E,
0x37, 0x66, 0x29, 0xC7, 0xAB, 0x21, 0xE7, 0xDB, 0x26, 0x09, 0x22, 0x49, 0x9D, 0xDB, 0x11, 0x8F,
0x07, 0xCE, 0x8E, 0xAA, 0xE3, 0xE7, 0x72, 0x0A, 0xFE, 0xF6, 0xA5, 0xCC, 0x06, 0x20, 0x70, 0xC0};
unsigned char std_K[16] = {0x6C, 0x89, 0x34, 0x73, 0x54, 0xDE, 0x24, 0x84, 0xC6, 0x0B, 0x4A, 0xB1, 0xFD, 0xE4, 0xC6, 0xE5};
unsigned char std_RB[SM2_NUMWORD * 2] = {0xAC, 0xC2, 0x76, 0x88, 0xA6, 0xF7, 0xB7, 0x06, 0x09, 0x8B, 0xC9, 0x1F, 0xF3, 0xAD, 0x1B, 0xFF,
0x7D, 0xC2, 0x80, 0x2C, 0xDB, 0x14, 0xCC, 0xCC, 0xDB, 0x0A, 0x90, 0x47, 0x1F, 0x9B, 0xD7, 0x07,
0x2F, 0xED, 0xAC, 0x04, 0x94, 0xB2, 0xFF, 0xC4, 0xD6, 0x85, 0x38, 0x76, 0xC7, 0x9B, 0x8F, 0x30,
0x1C, 0x65, 0x73, 0xAD, 0x0A, 0xA5, 0x0F, 0x39, 0xFC, 0x87, 0x18, 0x1E, 0x1A, 0x1B, 0x46, 0xFE};
unsigned char std_SB[SM3_len] = {0xD3, 0xA0, 0xFE, 0x15, 0xDE, 0xE1, 0x85, 0xCE, 0xAE, 0x90, 0x7A, 0x6B, 0x59, 0x5C, 0xC3,
0x2A, 0x26, 0x6E, 0xD7, 0xB3, 0x36, 0x7E, 0x99, 0x83, 0xA8, 0x96, 0xDC, 0x32, 0xFA, 0x20,
0xF8, 0xEB};
int std_Klen = 128; //bit len
int temp;
big x, y, dA, dB, rA, rB;
epoint* pubKeyA, *pubKeyB, *RA, *RB, *V;
unsigned char hash[SM3_len / 8] = {0};
unsigned char ZA[SM3_len / 8] = {0};
unsigned char ZB[SM3_len / 8] = {0};
unsigned char xy[SM2_NUMWORD * 2] = {0};
unsigned char *KA, *KB;
unsigned char SA[SM3_len / 8];
KA = malloc(std_Klen / 8);
KB = malloc(std_Klen / 8);
mip = mirsys(1000, 16);
mip->IOBASE = 16;
x = mirvar(0);
y = mirvar(0);
dA = mirvar(0);
dB = mirvar(0);
rA = mirvar(0);
rB = mirvar(0);
pubKeyA = epoint_init();
pubKeyB = epoint_init();
RA = epoint_init();
RB = epoint_init();
V = epoint_init();
SM2_standard_init();
bytes_to_big(SM2_NUMWORD, std_priKeyA, dA);
bytes_to_big(SM2_NUMWORD, std_priKeyB, dB);
bytes_to_big(SM2_NUMWORD, std_randA, rA);
bytes_to_big(SM2_NUMWORD, std_randB, rB);
bytes_to_big(SM2_NUMWORD, std_pubKeyA, x);
bytes_to_big(SM2_NUMWORD, std_pubKeyA + SM2_NUMWORD, y);
epoint_set(x, y, 0, pubKeyA);
bytes_to_big(SM2_NUMWORD, std_pubKeyB, x);
bytes_to_big(SM2_NUMWORD, std_pubKeyB + SM2_NUMWORD, y);
epoint_set(x, y, 0, pubKeyB);
SM3_z(std_IDA, std_ENTLA, pubKeyA, ZA);
if (memcmp(ZA, std_ZA, SM3_len / 8) != 0)
return ERR_SELFTEST_Z;
SM3_z(std_IDB, std_ENTLB, pubKeyB, ZB);
if (memcmp(ZB, std_ZB, SM3_len / 8) != 0)
return ERR_SELFTEST_Z;
temp = SM2_standard_keyex_init_i(rA, RA);
if (temp)
return temp;
epoint_get(RA, x, y);
big_to_bytes(SM2_NUMWORD, x, xy, 1);
big_to_bytes(SM2_NUMWORD, y, xy + SM2_NUMWORD, 1);
if (memcmp(xy, std_RA, SM2_NUMWORD * 2) != 0)
return ERR_SELFTEST_INI_I;
temp = SM2_standard_keyex_re_i(rB, dB, RA, pubKeyA, ZA, ZB, KA, std_Klen, RB, V, hash);
if (temp)
return temp;
if (memcmp(KA, std_K, std_Klen / 8) != 0)
return ERR_SELFTEST_RES_I;
temp = SM2_standard_keyex_init_ii(rA, dA, RA, RB, pubKeyB, ZA, ZB, hash, KB, std_Klen, SA);
if (temp)
return temp;
if (memcmp(KB, std_K, std_Klen / 8) != 0)
return ERR_SELFTEST_INI_II;
if (SM2_standard_keyex_re_ii(V, RA, RB, ZA, ZB, SA) != 0)
return ERR_EQUAL_S2SA;
free(KA);
free(KB);
return 0;
}

349
crypto/sm2/sm2_standard_sign.c
View File

@@ -1,349 +0,0 @@
/* ====================================================================
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/mirdef.h>
#include <openssl/miracl.h>
#include <openssl/sm2_standard.h>
/* test if the big x is zero */
int Test_Zero(big x)
{
big zero;
zero = mirvar(0);
if (mr_compare(x, zero) == 0)
return 1;
else
return 0;
}
/* test if the big x is order n */
int Test_n(big x)
{
//bytes_to_big(32, SM2_n, n);
if (mr_compare(x, para_n) == 0)
return 1;
else
return 0;
}
/* test if the big x belong to the range[1, n-1] */
int Test_Range(big x)
{
big one, decr_n;
one = mirvar(0);
decr_n = mirvar(0);
convert(1, one);
decr(para_n, 1, decr_n);
if ((mr_compare(x, one) < 0) | (mr_compare(x, decr_n) > 0))
return 1;
return 0;
}
/* calculate a pubKey out of a given priKey */
int SM2_standard_sign_keygeneration(unsigned char PriKey[], unsigned char Px[], unsigned char Py[])
{
int i = 0;
big d, PAx, PAy;
epoint *PA;
SM2_standard_init();
PA = epoint_init();
d = mirvar(0);
PAx = mirvar(0);
PAy = mirvar(0);
bytes_to_big(SM2_NUMWORD, PriKey, d);
ecurve_mult(d, G, PA);
epoint_get(PA, PAx, PAy);
big_to_bytes(SM2_NUMWORD, PAx, Px, TRUE);
big_to_bytes(SM2_NUMWORD, PAy, Py, TRUE);
i = Test_PubKey(PA);
if (i)
return i;
else
return 0;
}
/* SM2 signature algorithm */
int SM2_standard_sign(unsigned char *message, int len, unsigned char ZA[], unsigned char rand[], unsigned char d[], unsigned char R[], unsigned char S[])
{
unsigned char hash[SM3_len / 8];
int M_len = len + SM3_len / 8;
unsigned char *M = NULL;
int i;
big dA, r, s, e, k, KGx, KGy;
big rem, rk, z1, z2;
epoint *KG;
i = SM2_standard_init();
if (i)
return i;
//initiate
dA = mirvar(0);
e = mirvar(0);
k = mirvar(0);
KGx = mirvar(0);
KGy = mirvar(0);
r = mirvar(0);
s = mirvar(0);
rem = mirvar(0);
rk = mirvar(0);
z1 = mirvar(0);
z2 = mirvar(0);
bytes_to_big(SM2_NUMWORD, d, dA); //cinstr(dA, d);
KG = epoint_init();
//step1, set M = ZA || M
M = (char *)malloc(sizeof(char)*(M_len + 1));
memcpy(M, ZA, SM3_len / 8);
memcpy(M + SM3_len / 8, message, len);
//step2, generate e = H(M)
SM3_256(M, M_len, hash);
bytes_to_big(SM3_len / 8, hash, e);
//step3:generate k
bytes_to_big(SM3_len / 8, rand, k);
//step4:calculate kG
ecurve_mult(k, G, KG);
//step5:calculate r
epoint_get(KG, KGx, KGy);
add(e, KGx, r);
divide(r, para_n, rem);
//judge r = 0 or n + k = n?
add(r, k, rk);
if (Test_Zero(r) | Test_n(rk))
return ERR_GENERATE_R;
//step6:generate s
incr(dA, 1, z1);
xgcd(z1, para_n, z1, z1, z1);
multiply(r, dA, z2);
divide(z2, para_n, rem);
subtract(k, z2, z2);
add(z2, para_n, z2);
multiply(z1, z2, s);
divide(s, para_n, rem);
//judge s = 0?
if (Test_Zero(s))
return ERR_GENERATE_S ;
big_to_bytes(SM2_NUMWORD, r, R, TRUE);
big_to_bytes(SM2_NUMWORD, s, S, TRUE);
free(M);
return 0;
}
/* SM2 verification algorithm */
int SM2_standard_verify(unsigned char *message, int len, unsigned char ZA[], unsigned char Px[], unsigned char Py[], unsigned char R[], unsigned char S[])
{
unsigned char hash[SM3_len / 8];
int M_len = len + SM3_len / 8;
unsigned char *M = NULL;
int i;
big PAx, PAy, r, s, e, t, rem, x1, y1;
big RR;
epoint *PA, *sG, *tPA;
i = SM2_standard_init();
if (i)
return i;
PAx = mirvar(0);
PAy = mirvar(0);
r = mirvar(0);
s = mirvar(0);
e = mirvar(0);
t = mirvar(0);
x1 = mirvar(0);
y1 = mirvar(0);
rem = mirvar(0);
RR = mirvar(0);
PA = epoint_init();
sG = epoint_init();
tPA = epoint_init();
bytes_to_big(SM2_NUMWORD, Px, PAx);
bytes_to_big(SM2_NUMWORD, Py, PAy);
bytes_to_big(SM2_NUMWORD, R, r);
bytes_to_big(SM2_NUMWORD, S, s);
if (!epoint_set(PAx, PAy, 0, PA)) //initialise public key
{
return ERR_PUBKEY_INIT;
}
//step1: test if r belong to [1, n-1]
if (Test_Range(r))
return ERR_OUTRANGE_R;
//step2: test if s belong to [1, n-1]
if (Test_Range(s))
return ERR_OUTRANGE_S;
//step3, generate M
M = (char *)malloc(sizeof(char)*(M_len + 1));
memcpy(M, ZA, SM3_len / 8);
memcpy(M + SM3_len / 8, message, len);
//step4, generate e = H(M)
SM3_256(M, M_len, hash);
bytes_to_big(SM3_len / 8, hash, e);
//step5:generate t
add(r, s, t);
divide(t, para_n, rem);
if (Test_Zero(t))
return ERR_GENERATE_T;
//step 6: generate(x1, y1)
ecurve_mult(s, G, sG);
ecurve_mult(t, PA, tPA);
ecurve_add(sG, tPA);
epoint_get(tPA, x1, y1);
//step7:generate RR
add(e, x1, RR);
divide(RR, para_n, rem);
free(M);
if (mr_compare(RR, r) == 0)
return 0;
else
return ERR_DATA_MEMCMP;
}
/* SM2 self check */
int SM2_standard_selfcheck()
{
//the private key
unsigned char dA[32] = {0x39, 0x45, 0x20, 0x8f, 0x7b, 0x21, 0x44, 0xb1, 0x3f, 0x36, 0xe3, 0x8a, 0xc6, 0xd3, 0x9f,
0x95, 0x88, 0x93, 0x93, 0x69, 0x28, 0x60, 0xb5, 0x1a, 0x42, 0xfb, 0x81, 0xef, 0x4d, 0xf7,
0xc5, 0xb8};
unsigned char rand[32] = {0x59, 0x27, 0x6E, 0x27, 0xD5, 0x06, 0x86, 0x1A, 0x16, 0x68, 0x0F, 0x3A, 0xD9, 0xC0, 0x2D,
0xCC, 0xEF, 0x3C, 0xC1, 0xFA, 0x3C, 0xDB, 0xE4, 0xCE, 0x6D, 0x54, 0xB8, 0x0D, 0xEA, 0xC1,
0xBC, 0x21};
//the public key
/* unsigned char xA[32] = {0x09, 0xf9, 0xdf, 0x31, 0x1e, 0x54, 0x21, 0xa1, 0x50, 0xdd, 0x7d, 0x16, 0x1e, 0x4b, 0xc5,
0xc6, 0x72, 0x17, 0x9f, 0xad, 0x18, 0x33, 0xfc, 0x07, 0x6b, 0xb0, 0x8f, 0xf3, 0x56, 0xf3,
0x50, 0x20};
unsigned char yA[32] = {0xcc, 0xea, 0x49, 0x0c, 0xe2, 0x67, 0x75, 0xa5, 0x2d, 0xc6, 0xea, 0x71, 0x8c, 0xc1, 0xaa,
0x60, 0x0a, 0xed, 0x05, 0xfb, 0xf3, 0x5e, 0x08, 0x4a, 0x66, 0x32, 0xf6, 0x07, 0x2d, 0xa9,
0xad, 0x13};*/
unsigned char xA[32], yA[32];
unsigned char r[32], s[32]; // Signature
unsigned char IDA[16] = {0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33,
0x34, 0x35, 0x36, 0x37, 0x38}; //ASCII code of userA's identification
int IDA_len = 16;
unsigned char ENTLA[2] = {0x00, 0x80}; //the length of userA's identification, presentation in ASCII code
unsigned char *message = "message digest"; //the message to be signed
int len = strlen(message); //the length of message
unsigned char ZA[SM3_len / 8]; //ZA = Hash(ENTLA || IDA || a || b || Gx || Gy || xA|| yA)
unsigned char Msg[210]; //210 = IDA_len + 2 + SM2_NUMWORD * 6
int temp;
mip = mirsys(10000, 16);
mip->IOBASE = 16;
temp = SM2_standard_sign_keygeneration(dA, xA, yA);
if (temp)
return temp;
//ENTLA || IDA || a || b || Gx || Gy || xA || yA
memcpy(Msg, ENTLA, 2);
memcpy(Msg + 2, IDA, IDA_len);
memcpy(Msg + 2 + IDA_len, SM2_a, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD, SM2_b, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 2, SM2_Gx, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 3, SM2_Gy, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 4, xA, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 5, yA, SM2_NUMWORD);
SM3_256(Msg, 210, ZA);
temp = SM2_standard_sign(message, len, ZA, rand, dA, r, s);
if (temp)
return temp;
temp = SM2_standard_verify(message, len, ZA, xA, yA, r, s);
if (temp)
return temp;
return 0;
}

368
crypto/sm3/sm3_standard.c
View File

@@ -1,368 +0,0 @@
#include "openssl/sm3_standard.h"
/****************************************************************
Function: BiToW
Description: calculate W from Bi
Calls:
Called By: SM3_compress
Input: Bi[16] //a block of a message
Output: W[64]
Return: null
Others:
****************************************************************/
void BiToW(unsigned int Bi[], unsigned int W[])
{
int i;
unsigned int tmp;
for (i = 0; i <= 15; i++)
{
W[i] = Bi[i];
}
for (i = 16; i <= 67; i++)
{
tmp = W[i - 16]
^ W[i - 9]
^ SM3_rotl32(W[i - 3], 15);
W[i] = SM3_p1(tmp)
^ (SM3_rotl32(W[i - 13], 7))
^ W[i - 6];
}
}
/*****************************************************************
Function: WToW1
Description: calculate W1 from W
Calls:
Called By: SM3_compress
Input: W[64]
Output: W1[64]
Return: null
Others:
*****************************************************************/
void WToW1(unsigned int W[], unsigned int W1[])
{
int i;
for (i = 0; i <= 63; i++)
{
W1[i] = W[i] ^ W[i + 4];
}
}
/******************************************************************
Function: CF
Description: calculate the CF compress function and update V
Calls:
Called By: SM3_compress
Input: W[64]
W1[64]
V[8]
Output: V[8]
Return: null
Others:
********************************************************************/
void CF(unsigned int W[], unsigned int W1[], unsigned int V[])
{
unsigned int SS1;
unsigned int SS2;
unsigned int TT1;
unsigned int TT2;
unsigned int A, B, C, D, E, F, G, H;
unsigned int T = SM3_T1;
unsigned int FF;
unsigned int GG;
int j;
//reg init,set ABCDEFGH=V0
A = V[0];
B = V[1];
C = V[2];
D = V[3];
E = V[4];
F = V[5];
G = V[6];
H = V[7];
for (j = 0; j <= 63; j++)
{
//SS1
if (j == 0)
{
T = SM3_T1;
}
else if (j == 16)
{
T = SM3_rotl32(SM3_T2, 16);
}
else
{
T = SM3_rotl32(T, 1);
}
SS1 = SM3_rotl32((SM3_rotl32(A, 12) + E + T), 7);
//SS2
SS2 = SS1^SM3_rotl32(A, 12);
//TT1
if (j <= 15)
{
FF = SM3_ff0(A, B, C);
}
else
{
FF = SM3_ff1(A, B, C);
}
TT1 = FF + D + SS2 + *W1;
W1++;
//TT2
if (j <= 15)
{
GG = SM3_gg0(E, F, G);
}
else
{
GG = SM3_gg1(E, F, G);
}
TT2 = GG + H + SS1 + *W;
W++;
//D
D = C;
//C
C = SM3_rotl32(B, 9);
//B
B = A;
//A
A = TT1;
//H
H = G;
//G
G = SM3_rotl32(F, 19);
//F
F = E;
//E
E = SM3_p0(TT2);
}
//update V
V[0] = A^V[0];
V[1] = B^V[1];
V[2] = C^V[2];
V[3] = D^V[3];
V[4] = E^V[4];
V[5] = F^V[5];
V[6] = G^V[6];
V[7] = H^V[7];
}
/******************************************************************************
Function: BigEndian
Description: U32 endian converse.GM/T 0004-2012 requires to use big-endian.
if CPU uses little-endian, BigEndian function is a necessary
call to change the little-endian format into big-endian format.
Calls:
Called By: SM3_compress, SM3_done
Input: src[bytelen]
bytelen
Output: des[bytelen]
Return: null
Others: src and des could implies the same address
*******************************************************************************/
void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[])
{
unsigned char tmp = 0;
unsigned int i = 0;
for (i = 0; i<bytelen / 4; i++)
{
tmp = des[4 * i];
des[4 * i] = src[4 * i + 3];
src[4 * i + 3] = tmp;
tmp = des[4 * i + 1];
des[4 * i + 1] = src[4 * i + 2];
des[4 * i + 2] = tmp;
}
}
/******************************************************************************
Function: SM3_init
Description: initiate SM3 state
Calls:
Called By: SM3_256
Input: SM3_STATE *md
Output: SM3_STATE *md
Return: null
Others:
*******************************************************************************/
void SM3_init(SM3_STATE *md)
{
md->curlen = md->length = 0;
md->state[0] = SM3_IVA;
md->state[1] = SM3_IVB;
md->state[2] = SM3_IVC;
md->state[3] = SM3_IVD;
md->state[4] = SM3_IVE;
md->state[5] = SM3_IVF;
md->state[6] = SM3_IVG;
md->state[7] = SM3_IVH;
}
/******************************************************************************
Function: SM3_compress
Description: compress a single block of message
Calls: BigEndian
BiToW
WToW1
CF
Called By: SM3_256
Input: SM3_STATE *md
Output: SM3_STATE *md
Return: null
Others:
*******************************************************************************/
void SM3_compress(SM3_STATE * md)
{
unsigned int W[68];
unsigned int W1[64];
//if CPU uses little-endian, BigEndian function is a necessary call
BigEndian(md->buf, 64, md->buf);
BiToW((unsigned int *)md->buf, W);
WToW1(W, W1);
CF(W, W1, md->state);
}
/******************************************************************************
Function: SM3_process
Description: compress the first (len/64) blocks of message
Calls: SM3_compress
Called By: SM3_256
Input: SM3_STATE *md
unsigned char buf[len] //the input message
int len //bytelen of message
Output: SM3_STATE *md
Return: null
Others:
*******************************************************************************/
void SM3_process(SM3_STATE * md, unsigned char *buf, int len)
{
while (len--)
{
/* copy byte */
md->buf[md->curlen] = *buf++;
md->curlen++;
/* is 64 bytes full? */
if (md->curlen == 64)
{
SM3_compress(md);
md->length += 512;
md->curlen = 0;
}
}
}
/******************************************************************************
Function: SM3_done
Description: compress the rest message that the SM3_process has left behind
Calls: SM3_compress
Called By: SM3_256
Input: SM3_STATE *md
Output: unsigned char *hash
Return: null
Others:
*******************************************************************************/
void SM3_done(SM3_STATE *md, unsigned char hash[])
{
int i;
unsigned char tmp = 0;
/* increase the bit length of the message */
md->length += md->curlen << 3;
/* append the '1' bit */
md->buf[md->curlen] = 0x80;
md->curlen++;
/* if the length is currently above 56 bytes, appends zeros till
it reaches 64 bytes, compress the current block, creat a new
block by appending zeros and length,and then compress it
*/
if (md->curlen >56)
{
for (; md->curlen < 64;)
{
md->buf[md->curlen] = 0;
md->curlen++;
}
SM3_compress(md);
md->curlen = 0;
}
/* if the length is less than 56 bytes, pad upto 56 bytes of zeroes */
for (; md->curlen < 56;)
{
md->buf[md->curlen] = 0;
md->curlen++;
}
/* since all messages are under 2^32 bits we mark the top bits zero */
for (i = 56; i < 60; i++)
{
md->buf[i] = 0;
}
/* append length */
md->buf[63] = md->length & 0xff;
md->buf[62] = (md->length >> 8) & 0xff;
md->buf[61] = (md->length >> 16) & 0xff;
md->buf[60] = (md->length >> 24) & 0xff;
SM3_compress(md);
/* copy output */
memcpy(hash, md->state, SM3_len / 8);
BigEndian(hash, SM3_len / 8, hash);//if CPU uses little-endian, BigEndian function is a necessary call
}
/******************************************************************************
Function: SM3_256
Description: calculate a hash value from a given message
Calls: SM3_init
SM3_process
SM3_done
Called By:
Input: unsigned char buf[len] //the input message
int len //bytelen of the message
Output: unsigned char hash[32]
Return: null
Others:
*******************************************************************************/
void SM3_256(unsigned char buf[], int len, unsigned char hash[])
{
SM3_STATE md;
SM3_init(&md);
SM3_process(&md, buf, len);
SM3_done(&md, hash);
}

406
include/openssl/kdf_standard.h
View File

@@ -1,406 +0,0 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_KDF_STANDARD_H
#define HEADER_KDF_STANDARD_H
#include <string.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SM3_len 256
#define SM3_T1 0x79CC4519
#define SM3_T2 0x7A879D8A
#define SM3_IVA 0x7380166f
#define SM3_IVB 0x4914b2b9
#define SM3_IVC 0x172442d7
#define SM3_IVD 0xda8a0600
#define SM3_IVE 0xa96f30bc
#define SM3_IVF 0x163138aa
#define SM3_IVG 0xe38dee4d
#define SM3_IVH 0xb0fb0e4e
#define SM2_WORDSIZE 8
#define SM2_NUMBITS 256
#define SM2_NUMWORD (SM2_NUMBITS / SM2_WORDSIZE) //32
/* Various logical functions */
#define SM3_p1(x) (x ^ SM3_rotl32(x, 15) ^ SM3_rotl32(x, 23))
#define SM3_p0(x) (x ^ SM3_rotl32(x, 9) ^ SM3_rotl32(x, 17))
#define SM3_ff0(a, b, c) (a ^ b ^ c)
#define SM3_ff1(a, b, c) ((a & b) | (a & c) | (b & c))
#define SM3_gg0(e, f, g) (e ^ f ^ g)
#define SM3_gg1(e, f, g) ((e & f) | ((~e) & g))
#define SM3_rotl32(x, n) (((x) << n) | ((x) >> (32 - n)))
#define SM3_rotr32(x, n) (((x) >> n) | ((x) << (32 - n)))
typedef struct {
unsigned long state[8];
unsigned long length;
unsigned long curlen;
unsigned char buf[64];
} SM3_STATE;
static void BiToW(unsigned long Bi[], unsigned long W[]);
static void WToW1(unsigned long W[], unsigned long W1[]);
static void CF(unsigned long W[], unsigned long W1[], unsigned long V[]);
static void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[]);
static void SM3_init(SM3_STATE *md);
static void SM3_compress(SM3_STATE *md);
static void SM3_process(SM3_STATE *md, unsigned char *buf, int len);
static void SM3_done(SM3_STATE *md, unsigned char hash[]);
static void SM3_256(unsigned char buf[], int len, unsigned char hash[]);
static void SM3_kdf(unsigned char Z[], unsigned short zlen, unsigned short klen, unsigned char K[]);
/* calculate W from Bi */
static void BiToW(unsigned long Bi[], unsigned long W[])
{
int i;
unsigned long tmp;
for(i = 0; i <= 15; i++)
{
W[i] = Bi[i];
}
for(i = 16;i <= 67; i++)
{
tmp = W[i - 16] ^ W[i - 9] ^ SM3_rotl32(W[i - 3], 15);
W[i] = SM3_p1(tmp) ^ (SM3_rotl32(W[i - 13], 7)) ^ W[i - 6];
}
}
/* calculate W1 from W */
static void WToW1(unsigned long W[], unsigned long W1[])
{
int i;
for(i = 0; i <= 63; i++)
{
W1[i] = W[i] ^ W[i + 4];
}
}
/* calculate the CF compress function and update V */
static void CF(unsigned long W[], unsigned long W1[], unsigned long V[])
{
unsigned long SS1;
unsigned long SS2;
unsigned long TT1;
unsigned long TT2;
unsigned long A, B, C, D, E, F, G, H;
unsigned long T = SM3_T1;
unsigned long FF;
unsigned long GG;
int j;
//reg init, set ABCDEFGH = V0
A = V[0];
B = V[1];
C = V[2];
D = V[3];
E = V[4];
F = V[5];
G = V[6];
H = V[7];
for (j = 0; j <= 63; j++)
{
//SS1
if (j == 0)
{
T = SM3_T1;
}
else if (j == 16)
{
T = SM3_rotl32(SM3_T2, 16);
}
else
{
T = SM3_rotl32(T, 1);
}
SS1 = SM3_rotl32((SM3_rotl32(A, 12) + E + T), 7);
//SS2
SS2 = SS1 ^ SM3_rotl32(A, 12);
//TT1
if (j <= 15)
{
FF = SM3_ff0(A, B, C);
}
else
{
FF = SM3_ff1(A, B, C);
}
TT1 = FF + D + SS2 + *W1;
W1++;
//TT2
if (j <= 15)
{
GG = SM3_gg0(E, F, G);
}
else
{
GG = SM3_gg1(E, F, G);
}
TT2 = GG + H + SS1 + *W;
W++;
//D
D = C;
//C
C = SM3_rotl32(B, 9);
//B
B = A;
//A
A = TT1;
//H
H = G;
//G
G = SM3_rotl32(F, 19);
//F
F = E;
//E
E = SM3_p0(TT2);
}
//update V
V[0] = A ^ V[0];
V[1] = B ^ V[1];
V[2] = C ^ V[2];
V[3] = D ^ V[3];
V[4] = E ^ V[4];
V[5] = F ^ V[5];
V[6] = G ^ V[6];
V[7] = H ^ V[7];
}
/* unsigned int endian converse. GM/T 0004-2012 requires to use big-endian.
* if CPu uses little-endian, BigEndian function is a necessary
* call to change the little-endian format into big-endian format.
*/
static void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[])
{
unsigned char tmp = 0;
unsigned long i = 0;
for (i = 0; i < bytelen / 4; i++)
{
tmp = des[4 * i];
des[4 * i] = src[4 * i + 3];
src[4 * i + 3] = tmp;
tmp = des[4 * i + 1];
des[4 * i + 1] = src[4 * i + 2];
des[4 * i + 2] = tmp;
}
}
/* initiate SM3 state */
static void SM3_init(SM3_STATE *md)
{
md->curlen = md->length = 0;
md->state[0] = SM3_IVA;
md->state[1] = SM3_IVB;
md->state[2] = SM3_IVC;
md->state[3] = SM3_IVD;
md->state[4] = SM3_IVE;
md->state[5] = SM3_IVF;
md->state[6] = SM3_IVG;
md->state[7] = SM3_IVH;
}
/* compress a single a block of message */
static void SM3_compress(SM3_STATE *md)
{
unsigned long W[68];
unsigned long W1[64];
//if CPU uses little-endian, BigEndian function is a necessary call
BigEndian(md->buf, 64, md->buf);
BiToW((unsigned long *)md->buf, W);
WToW1(W, W1);
CF(W, W1, md->state);
}
/* compress the first(len/64) blocks of message */
static void SM3_process(SM3_STATE *md, unsigned char *buf, int len)
{
while (len--)
{
/* copy byte */
md->buf[md->curlen] = *buf++;
md->curlen++;
/* is 64 bytes full? */
if (md->curlen == 64)
{
SM3_compress(md);
md->length += 512;
md->curlen = 0;
}
}
}
/* compress the rest message that the SM3_process has left behind */
static void SM3_done(SM3_STATE *md, unsigned char hash[])
{
int i;
unsigned char tmp = 0;
/* increase the bit length of the message */
md->length += md->curlen << 3;
/* append the '1' bit */
md->buf[md->curlen] = 0x80;
md->curlen++;
/* if the length is currently above 56 bytes, appends zeros till
it reaches 64 bytes, compress the current block, creat a new
block by appending zeros and length,and then compress it
*/
if (md->curlen > 56)
{
for (; md->curlen < 64;)
{
md->buf[md->curlen] = 0;
md->curlen++;
}
SM3_compress(md);
md->curlen = 0;
}
/* if the length is less than 56 bytes, pad upto 56 bytes of zeroes */
for (; md->curlen < 56;)
{
md->buf[md->curlen] = 0;
md->curlen++;
}
/* since all messages are under 2^32 bits we mark the top bits zero */
for (i = 56; i < 60; i++)
{
md->buf[i] = 0;
}
/* append length */
md->buf[63] = md->length & 0xff;
md->buf[62] = (md->length >> 8) & 0xff;
md->buf[61] = (md->length >> 16) & 0xff;
md->buf[60] = (md->length >> 24) & 0xff;
SM3_compress(md);
/* copy output */
memcpy(hash, md->state, SM3_len / 8);
BigEndian(hash, SM3_len / 8, hash); //if CPU uses little-endian, BigEndian function is a necessary call
}
/* calculate a hash value from a given message */
static void SM3_256(unsigned char buf[], int len, unsigned char hash[])
{
SM3_STATE md;
SM3_init(&md);
SM3_process(&md, buf, len);
SM3_done(&md, hash);
}
/* key derivation function */
static void SM3_kdf(unsigned char Z[], unsigned short zlen, unsigned short klen, unsigned char K[])
{
unsigned short i, j, t;
unsigned int bitklen;
SM3_STATE md;
unsigned char Ha[SM2_NUMWORD];
unsigned char ct[4] = {0, 0, 0, 1};
bitklen = klen * 8;
if (bitklen % SM2_NUMBITS)
t = bitklen / SM2_NUMBITS + 1;
else
t = bitklen / SM2_NUMBITS;
//s4: K = Ha1 || Ha2 || ...
for (i = 1; i < t; i++)
{
//s2: Hai = Hv(Z || ct)
SM3_init(&md);
SM3_process(&md, Z, zlen);
SM3_process(&md, ct, 4);
SM3_done(&md, Ha);
memcpy((K + SM2_NUMWORD * (i - 1)), Ha, SM2_NUMWORD);
if (ct[3] == 0xff)
{
ct[3] = 0;
if (ct[2] == 0xff)
{
ct[2] = 0;
if (ct[1] == 0xff)
{
ct[1] = 0;
ct[0]++;
}
else
ct[1]++;
}
else
ct[2]++;
}
else
ct[3]++;
}
//s3
SM3_init(&md);
SM3_process(&md, Z, zlen);
SM3_process(&md, ct, 4);
SM3_done(&md, Ha);
if(bitklen % SM2_NUMBITS)
{
i = (SM2_NUMBITS - bitklen + SM2_NUMBITS * (bitklen / SM2_NUMBITS)) / 8;
j = (bitklen - SM2_NUMBITS * (bitklen / SM2_NUMBITS)) / 8;
memcpy((K + SM2_NUMWORD * (t - 1)), Ha, j);
}
else
{
memcpy((K + SM2_NUMWORD * (t - 1)), Ha, SM2_NUMWORD);
}
}
#ifdef __cplusplus
}
# endif
#endif

1569
include/openssl/miracl.h
View File

File diff suppressed because it is too large Load Diff

30
include/openssl/mirdef.h
View File

@@ -1,30 +0,0 @@
/*
* MIRACL compiler/hardware definitions - mirdef.h
* For C++ build of library
*/
#ifndef HEADER_MIRDEF_H
#define HEADER_MIRDEF_H
#ifdef __cplusplus
extern "C"{
#endif
#define MR_LITTLE_ENDIAN
#define MIRACL 64
#define mr_utype long
#define mr_dltype long long
#define mr_unsign64 unsigned long
#define MR_IBITS 32
#define MR_LBITS 64
#define mr_unsign32 unsigned int
#define MR_FLASH 52
#define MAXBASE ((mr_small)1<<(MIRACL-1))
#define MR_BITSINCHAR 8
#define MR_CPP
#ifdef __cplusplus
}
#endif
#endif

261
include/openssl/sm2_standard.h
View File

@@ -1,261 +0,0 @@
/* ====================================================================
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_SM2_STANDARD_H
#define HEADER_SM2_STANDARD_H
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#ifdef __cplusplus
extern "C" {
#endif
#include <openssl/miracl.h>
#include <openssl/mirdef.h>
#include <openssl/kdf_standard.h>
#define ERR_INFINITY_POINT 0x00000001
#define ERR_NOT_VALID_ELEMENT 0x00000002
#define ERR_NOT_VALID_POINT 0x00000003
#define ERR_ORDER 0x00000004
#define ERR_ECURVE_INIT 0x00000005
#define ERR_KEYEX_RA 0x00000006
#define ERR_KEYEX_RB 0x00000007
#define ERR_EQUAL_S1SB 0x00000008
#define ERR_EQUAL_S2SA 0x00000009
#define ERR_SELFTEST_Z 0x0000000A
#define ERR_SELFTEST_INI_I 0x0000000B
#define ERR_SELFTEST_RES_I 0x0000000C
#define ERR_SELFTEST_INI_II 0x0000000D
#define ERR_GENERATE_R 0x0000000E
#define ERR_GENERATE_S 0x0000000F
#define ERR_OUTRANGE_R 0x00000010
#define ERR_OUTRANGE_S 0x00000011
#define ERR_GENERATE_T 0x00000012
#define ERR_PUBKEY_INIT 0x00000013
#define ERR_DATA_MEMCMP 0x00000014
#define ERR_ARRAY_NULL 0x00000015
#define ERR_C3_MATCH 0x00000016
#define ERR_SELFTEST_KG 0x00000017
#define ERR_SELFTEST_ENC 0x00000018
#define ERR_SELFTEST_DEC 0x00000019
static unsigned char SM2_p[32] = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
static unsigned char SM2_a[32] = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC};
static unsigned char SM2_b[32] = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7,
0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93};
static unsigned char SM2_n[32] = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23};
static unsigned char SM2_Gx[32] = {0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1, 0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7};
static unsigned char SM2_Gy[32] = {0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40, 0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0};
static unsigned char SM2_h[32] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
big para_p, para_a, para_b, para_n, para_Gx, para_Gy, para_h;
epoint *G;
miracl *mip;
int SM2_w(big n);
void SM3_z(unsigned char ID[], unsigned short int ELAN, epoint* pubKey, unsigned char hash[]);
static int Test_Point(epoint* point);
static int Test_PubKey(epoint *pubKey);
int Test_Null(unsigned char array[], int len);
int Test_Zero(big x);
int Test_n(big x);
int Test_Range(big x);
static int SM2_standard_init();
static int SM2_standard_keygeneration(big priKey, epoint *pubKey);
int SM2_standard_sign_keygeneration(unsigned char PriKey[], unsigned char Px[], unsigned char Py[]);
int SM2_standard_keyex_init_i(big ra, epoint* RA);
int SM2_standard_keyex_re_i(big rb, big dB, epoint* RA, epoint* PA, unsigned char ZA[], unsigned char ZB[], unsigned char K[], int klen, epoint* RB, epoint* V, unsigned char hash[]);
int SM2_standard_keyex_init_ii(big ra, big dA, epoint* RA, epoint* RB, epoint* PB, unsigned char ZA[], unsigned char ZB[], unsigned char SB[], unsigned char K[], int klen, unsigned char SA[]);
int SM2_standard_keyex_re_ii(epoint *V, epoint *RA, epoint *RB, unsigned char ZA[], unsigned char ZB[], unsigned char SA[]);
int SM2_standard_keyex_selftest();
int SM2_standard_encrypt(unsigned char* randK, epoint *pubKey, unsigned char M[], int klen, unsigned char C[]);
int SM2_standard_decrypt(big dB, unsigned char C[], int Clen, unsigned char M[]);
int SM2_standard_enc_selftest();
int SM2_standard_sign(unsigned char *message, int len, unsigned char ZA[], unsigned char rand[], unsigned char d[], unsigned char R[], unsigned char S[]);
int SM2_standard_verify(unsigned char *message, int len, unsigned char ZA[], unsigned char Px[], unsigned char Py[], unsigned char R[], unsigned char S[]);
int SM2_standard_selfcheck();
/* Initiate SM2 curve */
static int SM2_standard_init()
{
epoint *nG;
para_p = mirvar(0);
para_a = mirvar(0);
para_b = mirvar(0);
para_n = mirvar(0);
para_Gx = mirvar(0);
para_Gy = mirvar(0);
para_h = mirvar(0);
G = epoint_init();
nG = epoint_init();
bytes_to_big(SM2_NUMWORD, SM2_p, para_p);
bytes_to_big(SM2_NUMWORD, SM2_a, para_a);
bytes_to_big(SM2_NUMWORD, SM2_b, para_b);
bytes_to_big(SM2_NUMWORD, SM2_n, para_n);
bytes_to_big(SM2_NUMWORD, SM2_Gx, para_Gx);
bytes_to_big(SM2_NUMWORD, SM2_Gy, para_Gy);
bytes_to_big(SM2_NUMWORD, SM2_h, para_h);
ecurve_init(para_a, para_b, para_p, MR_PROJECTIVE); //Initialises GF(p) elliptic curve.
//MR_PROJECTIVE specifying projective coordinates
if (!epoint_set(para_Gx, para_Gy, 0, G)) //initialise point G
{
return ERR_ECURVE_INIT;
}
ecurve_mult(para_n, G, nG);
if (!point_at_infinity(nG)) //test if the order of the point is n
{
return ERR_ORDER;
}
return 0;
}
/* test if the given point is on SM2 curve */
static int Test_Point(epoint* point)
{
big x, y, x_3, tmp;
x = mirvar(0);
y = mirvar(0);
x_3 = mirvar(0);
tmp = mirvar(0);
//test if y^2 = x^3 + ax + b
epoint_get(point, x, y);
power(x, 3, para_p, x_3); //x_3 = x^3 mod p
multiply(x, para_a, x); //x = a * x
divide(x, para_p, tmp); //x = a * x mod p, tmp = a * x / p
add(x_3, x, x); //x = x^3 + ax
add(x, para_b, x); //x = x^3 + ax + b
divide(x, para_p, tmp); //x = x^3 + ax + b mod p
power(y, 2, para_p, y); //y = y^2 mod p
if (mr_compare(x, y) != 0)
return ERR_NOT_VALID_POINT;
else
return 0;
}
/* test if the given public key is valid */
static int Test_PubKey(epoint *pubKey)
{
big x, y, x_3, tmp;
epoint *nP;
x = mirvar(0);
y = mirvar(0);
x_3 = mirvar(0);
tmp = mirvar(0);
nP = epoint_init();
//test if the pubKey is the point at infinity
if (point_at_infinity(pubKey)) //if pubKey is point at infinity, return error;
return ERR_INFINITY_POINT;
//test if x < p and y<p both hold
epoint_get(pubKey, x, y);
if ((mr_compare(x, para_p) != -1) || (mr_compare(y, para_p) != -1))
return ERR_NOT_VALID_ELEMENT;
if (Test_Point(pubKey) != 0)
return ERR_NOT_VALID_POINT;
//test if the order of pubKey is equal to n
ecurve_mult(para_n, pubKey, nP); //nP=[n]P
if (!point_at_infinity(nP)) //if np is point NOT at infinity, return error;
return ERR_ORDER;
return 0;
}
/* calculate a pubKey out of a given priKey */
static int SM2_standard_keygeneration(big priKey, epoint *pubKey)
{
int i = 0;
big x, y;
x = mirvar(0);
y = mirvar(0);
//mip = mirsys(1000, 16);
//mip->IOBASE = 16;
ecurve_mult(priKey, G, pubKey);
epoint_get(pubKey, x, y);
i = Test_PubKey(pubKey);
if (i)
return i;
else
return 0;
}
#ifdef __cplusplus
}
# endif
#endif

42
include/openssl/sm3_standard.h
View File

@@ -1,42 +0,0 @@
#include <string.h>
#define SM3_len 256
#define SM3_T1 0x79CC4519
#define SM3_T2 0x7A879D8A
#define SM3_IVA 0x7380166f
#define SM3_IVB 0x4914b2b9
#define SM3_IVC 0x172442d7
#define SM3_IVD 0xda8a0600
#define SM3_IVE 0xa96f30bc
#define SM3_IVF 0x163138aa
#define SM3_IVG 0xe38dee4d
#define SM3_IVH 0xb0fb0e4e
/* Various logical functions */
#define SM3_p1(x) (x^SM3_rotl32(x,15)^SM3_rotl32(x,23))
#define SM3_p0(x) (x^SM3_rotl32(x,9)^SM3_rotl32(x,17))
#define SM3_ff0(a,b,c) (a^b^c)
#define SM3_ff1(a,b,c) ((a&b)|(a&c)|(b&c))
#define SM3_gg0(e,f,g) (e^f^g)
#define SM3_gg1(e,f,g) ((e&f)|((~e)&g))
#define SM3_rotl32(x,n) ((((unsigned int) x) << n) | (((unsigned int) x) >> (32 - n)))
#define SM3_rotr32(x,n) ((((unsigned int) x) >> n) | (((unsigned int) x) << (32 - n)))
typedef struct {
unsigned int state[8];
unsigned int length;
unsigned int curlen;
unsigned char buf[64];
} SM3_STATE;
void BiToWj(unsigned int Bi[], unsigned int Wj[]);
void WjToWj1(unsigned int Wj[], unsigned int Wj1[]);
void CF(unsigned int Wj[], unsigned int Wj1[], unsigned int V[]);
void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[]);
void SM3_init(SM3_STATE *md);
void SM3_compress(SM3_STATE * md);
void SM3_process(SM3_STATE * md, unsigned char buf[], int len);
void SM3_done(SM3_STATE *md, unsigned char *hash);
void SM3_256(unsigned char buf[], int len, unsigned char hash[]);

27
util/libcrypto.num
View File

@@ -732,7 +732,7 @@ SHA384_Final 707 1_1_0d EXIST:!VMSVAX:FUNCTION:
RIPEMD160_Final 708 1_1_0d EXIST::FUNCTION:RMD160
RSA_PSS_PARAMS_free 709 1_1_0d EXIST::FUNCTION:RSA
ERR_load_SDF_strings 710 1_1_0d EXIST::FUNCTION:
speck_encrypt 711 1_1_0d EXIST::FUNCTION:
speck_encrypt 711 1_1_0d NOEXIST::FUNCTION:
RSA_padding_check_PKCS1_OAEP_mgf1 712 1_1_0d EXIST::FUNCTION:RSA
EVP_DigestSignInit 713 1_1_0d EXIST::FUNCTION:
X509V3_EXT_add_nconf_sk 714 1_1_0d EXIST::FUNCTION:
@@ -1034,7 +1034,7 @@ X509_REQ_dup 997 1_1_0d EXIST::FUNCTION:
OPENSSL_gmtime_diff 998 1_1_0d EXIST::FUNCTION:
AES_cfb128_encrypt 999 1_1_0d EXIST::FUNCTION:
PEM_write_bio_PKCS8 1000 1_1_0d EXIST::FUNCTION:
speck_expand 1001 1_1_0d EXIST::FUNCTION:
speck_expand 1001 1_1_0d NOEXIST::FUNCTION:
PKCS7_cert_from_signer_info 1002 1_1_0d EXIST::FUNCTION:
a2i_GENERAL_NAME 1003 1_1_0d EXIST::FUNCTION:
OCSP_ONEREQ_get_ext_by_critical 1004 1_1_0d EXIST::FUNCTION:OCSP
@@ -1491,7 +1491,7 @@ BN_mod_exp_recp 1444 1_1_0d EXIST::FUNCTION:
BN_GFP2_sub_bn 1445 1_1_0d EXIST::FUNCTION:
EVP_CIPHER_meth_free 1446 1_1_0d EXIST::FUNCTION:
PKCS8_set0_pbe 1447 1_1_0d EXIST::FUNCTION:
speck_decrypt 1448 1_1_0d EXIST::FUNCTION:
speck_decrypt 1448 1_1_0d NOEXIST::FUNCTION:
X509_STORE_CTX_set_time 1449 1_1_0d EXIST::FUNCTION:
OCSP_BASICRESP_add1_ext_i2d 1450 1_1_0d EXIST::FUNCTION:OCSP
i2d_PKCS8_PRIV_KEY_INFO_bio 1451 1_1_0d EXIST::FUNCTION:
@@ -4480,7 +4480,7 @@ EVP_PKEY_security_bits 4338 1_1_0d EXIST::FUNCTION:
CMS_RecipientInfo_ktri_get0_signer_id 4339 1_1_0d EXIST::FUNCTION:CMS
OCSP_REQ_CTX_free 4340 1_1_0d EXIST::FUNCTION:OCSP
X509_PURPOSE_add 4341 1_1_0d EXIST::FUNCTION:
speck_set_encrypt_key 4342 1_1_0d EXIST::FUNCTION:
speck_set_encrypt_key 4342 1_1_0d NOEXIST::FUNCTION:
s2i_ASN1_OCTET_STRING 4343 1_1_0d EXIST::FUNCTION:
RSA_padding_add_PKCS1_PSS_mgf1 4344 1_1_0d EXIST::FUNCTION:RSA
i2t_ASN1_OBJECT 4345 1_1_0d EXIST::FUNCTION:
@@ -4843,5 +4843,20 @@ o2i_SM2CiphertextValue 4684 1_1_0d EXIST::FUNCTION:
i2o_SM2CiphertextValue 4685 1_1_0d EXIST::FUNCTION:
SM2_compute_message_digest 4686 1_1_0d EXIST::FUNCTION:
serpent_set_decrypt_key 4687 1_1_0d EXIST::FUNCTION:
sms4_standard_encrypt 4688 1_1_0d EXIST::FUNCTION:
sms4_standard_decrypt 4689 1_1_0d EXIST::FUNCTION:
sms4_standard_encrypt 4688 1_1_0d NOEXIST::FUNCTION:
sms4_standard_decrypt 4689 1_1_0d NOEXIST::FUNCTION:
speck_decrypt16 4690 1_1_0d EXIST::FUNCTION:
speck_decrypt32 4691 1_1_0d EXIST::FUNCTION:
speck_expand32 4692 1_1_0d EXIST::FUNCTION:
speck_set_encrypt_key64 4693 1_1_0d EXIST::FUNCTION:
speck_decrypt64 4694 1_1_0d EXIST::FUNCTION:
speck_encrypt32 4695 1_1_0d EXIST::FUNCTION:
speck_expand64 4696 1_1_0d EXIST::FUNCTION:
speck_set_decrypt_key32 4697 1_1_0d EXIST::FUNCTION:
speck_encrypt16 4698 1_1_0d EXIST::FUNCTION:
speck_set_encrypt_key32 4699 1_1_0d EXIST::FUNCTION:
speck_encrypt64 4700 1_1_0d EXIST::FUNCTION:
speck_set_encrypt_key16 4701 1_1_0d EXIST::FUNCTION:
speck_expand16 4702 1_1_0d EXIST::FUNCTION:
speck_set_decrypt_key64 4703 1_1_0d EXIST::FUNCTION:
speck_set_decrypt_key16 4704 1_1_0d EXIST::FUNCTION: