From 725817add9773bc9a9aa63d4675bcef2564682a8 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Fri, 19 Apr 2024 13:21:52 +0800 Subject: [PATCH] Use sm3_pbkdf2 without digest API --- CMakeLists.txt | 2 +- include/gmssl/sm2.h | 2 +- include/gmssl/sm2_z256.h | 2 +- include/gmssl/sm3.h | 5 ++ src/pbkdf2.c | 2 + src/sm2_key.c | 7 +- src/sm2_sign.c | 8 +- src/sm2_z256.c | 159 ++++++++++----------------------------- src/sm9_key.c | 5 +- tests/sm2_signtest.c | 36 +++++---- tests/sm2_z256test.c | 2 - tools/pbkdf2.c | 8 +- 12 files changed, 86 insertions(+), 152 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b5eac551..d1a3a6a1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -56,7 +56,7 @@ set(src src/digest.c src/hmac.c src/hkdf.c - src/pbkdf2.c +# src/pbkdf2.c src/gf128.c src/ghash.c src/sm4_cbc_sm3_hmac.c diff --git a/include/gmssl/sm2.h b/include/gmssl/sm2.h index 6d98daad..887bd127 100644 --- a/include/gmssl/sm2.h +++ b/include/gmssl/sm2.h @@ -134,7 +134,7 @@ int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATUR int sm2_fast_sign_compute_key(const SM2_KEY *key, sm2_z256_t fast_private); int sm2_fast_sign_pre_compute(sm2_z256_t k, sm2_z256_t x1_modn); -int sm2_fast_sign(const sm2_z256_t fast_private, const sm2_z256_t k, const sm2_z256_t x1, +int sm2_fast_sign(const sm2_z256_t fast_private, const sm2_z256_t k, const sm2_z256_t x1_modn, const uint8_t dgst[32], SM2_SIGNATURE *sig); diff --git a/include/gmssl/sm2_z256.h b/include/gmssl/sm2_z256.h index 9baf80b6..c5d575aa 100644 --- a/include/gmssl/sm2_z256.h +++ b/include/gmssl/sm2_z256.h @@ -40,7 +40,7 @@ void sm2_z256_rshift(uint64_t r[4], const uint64_t a[4], unsigned int nbits); uint64_t sm2_z256_add(uint64_t r[4], const uint64_t a[4], const uint64_t b[4]); uint64_t sm2_z256_sub(uint64_t r[4], const uint64_t a[4], const uint64_t b[4]); void sm2_z256_mul(uint64_t r[8], const uint64_t a[4], const uint64_t b[4]); -int sm2_z256_get_booth(const uint64_t a[4], unsigned int window_size, int i); +uint64_t sm2_z256_get_booth(const uint64_t a[4], unsigned int window_size, int i); void sm2_z256_from_hex(uint64_t r[4], const char *hex); int sm2_z256_equ_hex(const uint64_t a[4], const char *hex); int sm2_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm2_z256_t a); diff --git a/include/gmssl/sm3.h b/include/gmssl/sm3.h index 07fd6669..7a0fd06b 100644 --- a/include/gmssl/sm3.h +++ b/include/gmssl/sm3.h @@ -65,6 +65,11 @@ void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out); void sm3_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out); +#define SM3_PBKDF2_MIN_ITER 10000 +#define SM3_PBKDF2_MAX_ITER (16777216-1) +#define SM3_PBKDF2_MAX_SALT_SIZE 64 +#define SM3_PBKDF2_DEFAULT_SALT_SIZE 8 + int sm3_pbkdf2(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t count, size_t outlen, uint8_t *out); diff --git a/src/pbkdf2.c b/src/pbkdf2.c index 7f31e99b..8c1ffe77 100644 --- a/src/pbkdf2.c +++ b/src/pbkdf2.c @@ -136,6 +136,7 @@ int pbkdf2_genkey(const DIGEST *digest, return 1; } +/* int pbkdf2_hmac_sm3_genkey( const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t count, @@ -186,3 +187,4 @@ int pbkdf2_hmac_sm3_genkey( memset(tmp_block, 0, sizeof(key_block)); return 1; } +*/ diff --git a/src/sm2_key.c b/src/sm2_key.c index 64aad083..179c0750 100644 --- a/src/sm2_key.c +++ b/src/sm2_key.c @@ -13,9 +13,9 @@ #include #include #include +#include #include #include -#include #include #include #include @@ -552,8 +552,7 @@ int sm2_private_key_info_encrypt_to_der(const SM2_KEY *sm2_key, const char *pass if (sm2_private_key_info_to_der(sm2_key, &p, &pkey_info_len) != 1 || rand_bytes(salt, sizeof(salt)) != 1 || rand_bytes(iv, sizeof(iv)) != 1 - || pbkdf2_genkey(DIGEST_sm3(), pass, strlen(pass), - salt, sizeof(salt), iter, sizeof(key), key) != 1) { + || sm3_pbkdf2(pass, strlen(pass), salt, sizeof(salt), iter, sizeof(key), key) != 1) { error_print(); goto end; } @@ -618,7 +617,7 @@ int sm2_private_key_info_decrypt_from_der(SM2_KEY *sm2, error_print(); return -1; } - if (pbkdf2_genkey(DIGEST_sm3(), pass, strlen(pass), salt, saltlen, iter, sizeof(key), key) != 1) { + if (sm3_pbkdf2(pass, strlen(pass), salt, saltlen, iter, sizeof(key), key) != 1) { error_print(); goto end; } diff --git a/src/sm2_sign.c b/src/sm2_sign.c index f12fce5a..3ae48eb9 100644 --- a/src/sm2_sign.c +++ b/src/sm2_sign.c @@ -93,6 +93,10 @@ retry: // d' = (d + 1)^-1 (mod n) int sm2_fast_sign_compute_key(const SM2_KEY *key, sm2_z256_t fast_private) { + if (sm2_z256_cmp(key->private_key, sm2_z256_order_minus_one()) >= 0) { + error_print(); + return -1; + } sm2_z256_modn_add(fast_private, key->private_key, sm2_z256_one()); sm2_z256_modn_inv(fast_private, fast_private); return 1; @@ -126,7 +130,7 @@ int sm2_fast_sign_pre_compute(sm2_z256_t k, sm2_z256_t x1_modn) // = -r + (k + r)*(1 + d)^-1 // = -r + (k + r) * d' int sm2_fast_sign(const sm2_z256_t fast_private, - const sm2_z256_t k, const sm2_z256_t x1, + const sm2_z256_t k, const sm2_z256_t x1_modn, const uint8_t dgst[32], SM2_SIGNATURE *sig) { SM2_Z256_POINT R; @@ -141,7 +145,7 @@ int sm2_fast_sign(const sm2_z256_t fast_private, } // r = e + x1 (mod n) - sm2_z256_modn_add(r, e, x1); + sm2_z256_modn_add(r, e, x1_modn); // s = (k + r) * d' - r sm2_z256_modn_add(s, k, r); diff --git a/src/sm2_z256.c b/src/sm2_z256.c index 38c80436..8113af38 100644 --- a/src/sm2_z256.c +++ b/src/sm2_z256.c @@ -67,7 +67,7 @@ n = 0xfffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123 h = 0x1 */ -const uint64_t SM2_Z256_ONE[4] = { 1,0,0,0 }; +const sm2_z256_t SM2_Z256_ONE = { 1,0,0,0 }; const uint64_t *sm2_z256_one(void) { return &SM2_Z256_ONE[0]; @@ -83,15 +83,18 @@ void sm2_z256_set_one(sm2_z256_t r) void sm2_z256_set_zero(uint64_t a[4]) { - a[0] = a[1] = a[2] = a[3] = 0; + a[0] = 0; + a[1] = 0; + a[2] = 0; + a[3] = 0; } int sm2_z256_rand_range(uint64_t r[4], const uint64_t range[4]) { - unsigned int max_tries = 100; + unsigned int tries = 100; do { - if (!max_tries) { + if (!tries) { // caller call this function again if return zero return 0; } @@ -99,7 +102,7 @@ int sm2_z256_rand_range(uint64_t r[4], const uint64_t range[4]) error_print(); return -1; } - max_tries--; + tries--; } while (sm2_z256_cmp(r, range) >= 0); @@ -328,7 +331,7 @@ static uint64_t sm2_z512_add(uint64_t r[8], const uint64_t a[8], const uint64_t return c; } -int sm2_z256_get_booth(const uint64_t a[4], unsigned int window_size, int i) +uint64_t sm2_z256_get_booth(const uint64_t a[4], unsigned int window_size, int i) { uint64_t mask = (1 << window_size) - 1; uint64_t wbits; @@ -369,21 +372,12 @@ int sm2_z256_equ_hex(const uint64_t a[4], const char *hex) } } - int sm2_z256_print(FILE *fp, int ind, int fmt, const char *label, const uint64_t a[4]) { format_print(fp, ind, fmt, "%s: %016llx%016llx%016llx%016llx\n", label, a[3], a[2], a[1], a[0]); return 1; } -/* -static int sm2_z512_print(FILE *fp, int ind, int fmt, const char *label, const uint64_t a[8]) -{ - format_print(fp, ind, fmt, "%s: %016llx%016llx%016llx%016llx%016llx%016llx%016llx%016llx\n", - label, a[7], a[6], a[5], a[4], a[3], a[2], a[1], a[0]); - return 1; -} -*/ // GF(p) @@ -683,16 +677,6 @@ int sm2_z256_modp_mont_sqrt(uint64_t r[4], const uint64_t a[4]) return 1; } -/* -int sm2_z256_modp_mont_print(FILE *fp, int ind, int fmt, const char *label, const uint64_t a[4]) -{ - uint64_t r[4]; - sm2_z256_modp_from_mont(r, a); - sm2_z256_print(fp, ind, fmt, label, r); - return 1; -} -*/ - // GF(n) // n = 0xfffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123 @@ -710,17 +694,6 @@ const uint64_t SM2_Z256_NEG_N[4] = { 0xac440bf6c62abedd, 0x8dfc2094de39fad4, 0x0000000000000000, 0x0000000100000000, }; -/* -int sm2_z256_modn_rand(uint64_t r[4]) -{ - if (sm2_z256_rand_range(r, SM2_Z256_N) != 1) { - error_print(); - return -1; - } - return 1; -} -*/ - #ifndef ENABLE_SM2_Z256_ARMV8 void sm2_z256_modn_add(uint64_t r[4], const uint64_t a[4], const uint64_t b[4]) { @@ -784,9 +757,6 @@ void sm2_z256_modn_mont_mul(uint64_t r[4], const uint64_t a[4], const uint64_t b uint64_t t[8]; uint64_t c; - //sm2_z256_print(stderr, 0, 0, "a", a); - //sm2_z256_print(stderr, 0, 0, "b", b); - // z = a * b sm2_z256_mul(z, a, b); //sm2_z512_print(stderr, 0, 0, "z", z); @@ -1095,47 +1065,47 @@ void sm2_z256_point_dbl(SM2_Z256_POINT *R, const SM2_Z256_POINT *A) // S = 2*Y1 sm2_z256_modp_dbl(S, Y1); - sm2_z256_print(stderr, 0, 0, "1. S = 2*Y1", S); + //sm2_z256_print(stderr, 0, 0, "1. S = 2*Y1", S); // Zsqr = Z1^2 sm2_z256_modp_mont_sqr(Zsqr, Z1); - sm2_z256_print(stderr, 0, 0, "2. Zsqr = Z1^2", Zsqr); + //sm2_z256_print(stderr, 0, 0, "2. Zsqr = Z1^2", Zsqr); // S = S^2 = 4*Y1^2 sm2_z256_modp_mont_sqr(S, S); - sm2_z256_print(stderr, 0, 0, "3. S = S^2 = 4*Y1^2", S); + //sm2_z256_print(stderr, 0, 0, "3. S = S^2 = 4*Y1^2", S); // Z3 = Z1 * Y1 sm2_z256_modp_mont_mul(Z3, Z1, Y1); - sm2_z256_print(stderr, 0, 0, "4. Z3 = Z1 * Y1", Z3); + //sm2_z256_print(stderr, 0, 0, "4. Z3 = Z1 * Y1", Z3); // Z3 = 2 * Z3 = 2*Y1*Z1 sm2_z256_modp_dbl(Z3, Z3); - sm2_z256_print(stderr, 0, 0, "5. Z3 = 2 * Z3 = 2*Y1*Z1", Z3); + //sm2_z256_print(stderr, 0, 0, "5. Z3 = 2 * Z3 = 2*Y1*Z1", Z3); // M = X1 + Zsqr = X1 + Z1^2 sm2_z256_modp_add(M, X1, Zsqr); - sm2_z256_print(stderr, 0, 0, "6. M = X1 + Zsqr = X1 + Z1^2", M); + //sm2_z256_print(stderr, 0, 0, "6. M = X1 + Zsqr = X1 + Z1^2", M); // Zsqr = X1 - Zsqr = X1 - Z1^2 sm2_z256_modp_sub(Zsqr, X1, Zsqr); - sm2_z256_print(stderr, 0, 0, "7. Zsqr = X1 - Zsqr = X1 - Z1^2", Zsqr); + //sm2_z256_print(stderr, 0, 0, "7. Zsqr = X1 - Zsqr = X1 - Z1^2", Zsqr); // Y3 = S^2 = 16 * Y1^4 sm2_z256_modp_mont_sqr(Y3, S); - sm2_z256_print(stderr, 0, 0, "8. Y3 = S^2 = 16 * Y1^4", Y3); + //sm2_z256_print(stderr, 0, 0, "8. Y3 = S^2 = 16 * Y1^4", Y3); // Y3 = Y3/2 = 8 * Y1^4 sm2_z256_modp_haf(Y3, Y3); - sm2_z256_print(stderr, 0, 0, "9. Y3 = Y3/2 = 8 * Y1^4", Y3); + //sm2_z256_print(stderr, 0, 0, "9. Y3 = Y3/2 = 8 * Y1^4", Y3); // M = M * Zsqr = (X1 + Z1^2)(X1 - Z1^2) sm2_z256_modp_mont_mul(M, M, Zsqr); - sm2_z256_print(stderr, 0, 0, "10. M = M * Zsqr = (X1 + Z1^2)(X1 - Z1^2)", M); + //sm2_z256_print(stderr, 0, 0, "10. M = M * Zsqr = (X1 + Z1^2)(X1 - Z1^2)", M); // M = 3*M = 3(X1 + Z1^2)(X1 - Z1^2) sm2_z256_modp_tri(M, M); - sm2_z256_print(stderr, 0, 0, "11. M = 3*M = 3(X1 + Z1^2)(X1 - Z1^2)", M); + //sm2_z256_print(stderr, 0, 0, "11. M = 3*M = 3(X1 + Z1^2)(X1 - Z1^2)", M); // S = S * X1 = 4 * X1 * Y1^2 sm2_z256_modp_mont_mul(S, S, X1); @@ -1143,27 +1113,27 @@ void sm2_z256_point_dbl(SM2_Z256_POINT *R, const SM2_Z256_POINT *A) // tmp0 = 2 * S = 8 * X1 * Y1^2 sm2_z256_modp_dbl(tmp0, S); - sm2_z256_print(stderr, 0, 0, "13. tmp0 = 2 * S = 8 * X1 * Y1^2", tmp0); + //sm2_z256_print(stderr, 0, 0, "13. tmp0 = 2 * S = 8 * X1 * Y1^2", tmp0); // X3 = M^2 = (3(X1 + Z1^2)(X1 - Z1^2))^2 sm2_z256_modp_mont_sqr(X3, M); - sm2_z256_print(stderr, 0, 0, "14. X3 = M^2 = (3(X1 + Z1^2)(X1 - Z1^2))^2", X3); + //sm2_z256_print(stderr, 0, 0, "14. X3 = M^2 = (3(X1 + Z1^2)(X1 - Z1^2))^2", X3); // X3 = X3 - tmp0 = (3(X1 + Z1^2)(X1 - Z1^2))^2 - 8 * X1 * Y1^2 sm2_z256_modp_sub(X3, X3, tmp0); - sm2_z256_print(stderr, 0, 0, "15. X3 = X3 - tmp0 = (3(X1 + Z1^2)(X1 - Z1^2))^2 - 8 * X1 * Y1^2", X3); + //sm2_z256_print(stderr, 0, 0, "15. X3 = X3 - tmp0 = (3(X1 + Z1^2)(X1 - Z1^2))^2 - 8 * X1 * Y1^2", X3); // S = S - X3 = 4 * X1 * Y1^2 - X3 sm2_z256_modp_sub(S, S, X3); - sm2_z256_print(stderr, 0, 0, "16. S = S - X3 = 4 * X1 * Y1^2 - X3", S); + //sm2_z256_print(stderr, 0, 0, "16. S = S - X3 = 4 * X1 * Y1^2 - X3", S); // S = S * M = 3(X1 + Z1^2)(X1 - Z1^2)(4 * X1 * Y1^2 - X3) sm2_z256_modp_mont_mul(S, S, M); - sm2_z256_print(stderr, 0, 0, "17. S = S * M", S); + //sm2_z256_print(stderr, 0, 0, "17. S = S * M", S); // Y3 = S - Y3 = 3(X1 + Z1^2)(X1 - Z1^2)(4 * X1 * Y1^2 - X3) - 8 * Y1^4 sm2_z256_modp_sub(Y3, S, Y3); - sm2_z256_print(stderr, 0, 0, "18. Y3", Y3); + //sm2_z256_print(stderr, 0, 0, "18. Y3", Y3); } /* @@ -1178,8 +1148,6 @@ void sm2_z256_point_dbl(SM2_Z256_POINT *R, const SM2_Z256_POINT *A) Z3 = B * Z1 * Z2 P + (-P) = (X:Y:Z) + (k^2*X : k^3*Y : k*Z) => (0:0:0) - -感觉点加也有很好的并行性 */ void sm2_z256_point_add(SM2_Z256_POINT *r, const SM2_Z256_POINT *a, const SM2_Z256_POINT *b) { @@ -1265,13 +1233,13 @@ void sm2_z256_point_add(SM2_Z256_POINT *r, const SM2_Z256_POINT *a, const SM2_Z2 sm2_z256_modp_sub(res_y, res_y, S2); - sm2_z256_copy_conditional(res_x, in2_x, in1infty); - sm2_z256_copy_conditional(res_y, in2_y, in1infty); - sm2_z256_copy_conditional(res_z, in2_z, in1infty); + sm2_z256_copy_conditional(res_x, in2_x, in1infty); + sm2_z256_copy_conditional(res_y, in2_y, in1infty); + sm2_z256_copy_conditional(res_z, in2_z, in1infty); - sm2_z256_copy_conditional(res_x, in1_x, in2infty); - sm2_z256_copy_conditional(res_y, in1_y, in2infty); - sm2_z256_copy_conditional(res_z, in1_z, in2infty); + sm2_z256_copy_conditional(res_x, in1_x, in2infty); + sm2_z256_copy_conditional(res_y, in1_y, in2infty); + sm2_z256_copy_conditional(res_z, in1_z, in2infty); memcpy(r->X, res_x, sizeof(res_x)); memcpy(r->Y, res_y, sizeof(res_y)); @@ -1301,27 +1269,9 @@ void sm2_z256_point_mul(SM2_Z256_POINT *R, const uint64_t k[4], const SM2_Z256_P int n = (256 + window_size - 1)/window_size; int i; - // 这相当于做了一个预计算表 - /* - P 2P 4P 8P // 这实际上是一个连续的dbl - - 3P 6P, 12P - - 5P, 10P, - - 7P, 14P - - 15P - ... - - // 如果一次能并行计算4组点加法,那么这部分与计算表的计算量可以降低 - // 这个连续计算中,dbl的数量越多,计算量越低 - */ - // T[i] = (i + 1) * P memcpy(&T[0], P, sizeof(SM2_Z256_POINT)); - // 这个计算大概是有并行能力的! /* sm2_z256_point_dbl(&T[ 1], &T[ 0]); sm2_z256_point_add(&T[ 2], &T[ 1], P); @@ -1366,8 +1316,6 @@ void sm2_z256_point_mul(SM2_Z256_POINT *R, const uint64_t k[4], const SM2_Z256_P R_infinity = 0; } } else { - // 这个重复dbl的计算可以适当降低吗? - // 这说明对dbl的优化还是很有意义的,因为这里面dbl的数量最多 sm2_z256_point_dbl_x5(R, R); if (booth > 0) { @@ -1383,7 +1331,6 @@ void sm2_z256_point_mul(SM2_Z256_POINT *R, const uint64_t k[4], const SM2_Z256_P } } -// 这个函数对吗?这个似乎是不对的 int sm2_z256_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_Z256_POINT *P) { uint64_t x[4]; @@ -1405,8 +1352,6 @@ void sm2_z256_point_copy_affine(SM2_Z256_POINT *R, const SM2_Z256_AFFINE_POINT * sm2_z256_copy(R->Z, SM2_Z256_MODP_MONT_ONE); } -// 这是一个比较容易并行的算法 -// r, a, b 都转换为实际输入的值 #ifndef ENABLE_SM2_Z256_ARMV8 void sm2_z256_point_add_affine(SM2_Z256_POINT *r, const SM2_Z256_POINT *a, const SM2_Z256_AFFINE_POINT *b) { @@ -1475,14 +1420,14 @@ void sm2_z256_point_add_affine(SM2_Z256_POINT *r, const SM2_Z256_POINT *a, const sm2_z256_modp_mont_mul(H, H, R); sm2_z256_modp_sub(res_y, H, S2); - sm2_z256_copy_conditional(res_x, in2_x, in1infty); - sm2_z256_copy_conditional(res_x, in1_x, in2infty); + sm2_z256_copy_conditional(res_x, in2_x, in1infty); + sm2_z256_copy_conditional(res_x, in1_x, in2infty); - sm2_z256_copy_conditional(res_y, in2_y, in1infty); - sm2_z256_copy_conditional(res_y, in1_y, in2infty); + sm2_z256_copy_conditional(res_y, in2_y, in1infty); + sm2_z256_copy_conditional(res_y, in1_y, in2infty); - sm2_z256_copy_conditional(res_z, SM2_Z256_MODP_MONT_ONE, in1infty); - sm2_z256_copy_conditional(res_z, in1_z, in2infty); + sm2_z256_copy_conditional(res_z, SM2_Z256_MODP_MONT_ONE, in1infty); + sm2_z256_copy_conditional(res_z, in1_z, in2infty); memcpy(r->X, res_x, sizeof(res_x)); memcpy(r->Y, res_y, sizeof(res_y)); @@ -1519,52 +1464,28 @@ int sm2_z256_point_affine_print(FILE *fp, int fmt, int ind, const char *label, c extern const uint64_t sm2_z256_pre_comp[37][64 * 4 * 2]; static SM2_Z256_AFFINE_POINT (*g_pre_comp)[64] = (SM2_Z256_AFFINE_POINT (*)[64])sm2_z256_pre_comp; - -/* -这个函数的粗粒度并行算法 - - 输出的R应该有多个,输入的k也有多个 - - 轮数是一样的 - - 需要用一个数组表示这个值是否还是无穷远点 - -在签名、加密的时候,参与计算的k都是秘密值,因此需要考虑cache攻击的问题 - -但是在验签的时候,其中s*G计算,其中s是公开值,因此不需要考虑cache攻击 - -应该提供一个专用的常量时间的gather函数 - -*/ +// FIXME: remove if/else void sm2_z256_point_mul_generator(SM2_Z256_POINT *R, const uint64_t k[4]) { size_t window_size = 7; - int R_infinity = 1; // 开始的时候点 + int R_infinity = 1; int n = (256 + window_size - 1)/window_size; int i; for (i = n - 1; i >= 0; i--) { int booth = sm2_z256_get_booth(k, window_size, i); - // 下面的计算应该改为并行化 if (R_infinity) { if (booth != 0) { sm2_z256_point_copy_affine(R, &g_pre_comp[i][booth - 1]); R_infinity = 0; } } else { - - // 可以先把那个点从内存复制到当前空间中 - // 如果booth < 0,则把这个点改为 -P - // 然后再加上这个点,得到一个新的结果 if (booth > 0) { sm2_z256_point_add_affine(R, R, &g_pre_comp[i][booth - 1]); } else if (booth < 0) { sm2_z256_point_sub_affine(R, R, &g_pre_comp[i][-booth - 1]); } - - // booth == 0的时候意味应该加入的affine是一个无穷远点 - // 如果是无穷远点,读入的值,以及计算结果就没有用了。 } } diff --git a/src/sm9_key.c b/src/sm9_key.c index 573c4ab7..fdde3351 100644 --- a/src/sm9_key.c +++ b/src/sm9_key.c @@ -19,7 +19,6 @@ #include #include #include -#include #include @@ -627,7 +626,7 @@ static int sm9_private_key_info_encrypt_to_der(int alg, int params, const uint8_ if (sm9_private_key_info_to_der(alg, params, prikey, prikey_len, &p, &pkey_info_len) != 1 || rand_bytes(salt, sizeof(salt)) != 1 || rand_bytes(iv, sizeof(iv)) != 1 - || pbkdf2_hmac_sm3_genkey(pass, strlen(pass), salt, sizeof(salt), iter, sizeof(key), key) != 1) { + || sm3_pbkdf2(pass, strlen(pass), salt, sizeof(salt), iter, sizeof(key), key) != 1) { error_print(); goto end; } @@ -680,7 +679,7 @@ static int sm9_private_key_info_decrypt_from_der(int *alg, int *params, uint8_t error_print(); return -1; } - if (pbkdf2_genkey(DIGEST_sm3(), pass, strlen(pass), salt, saltlen, iter, sizeof(key), key) != 1) { + if (sm3_pbkdf2(pass, strlen(pass), salt, saltlen, iter, sizeof(key), key) != 1) { error_print(); goto end; } diff --git a/tests/sm2_signtest.c b/tests/sm2_signtest.c index 6510bee2..f14523d4 100644 --- a/tests/sm2_signtest.c +++ b/tests/sm2_signtest.c @@ -102,36 +102,42 @@ static int test_sm2_do_sign(void) return 1; } -static int test_sm2_do_sign_fast(void) +static int test_sm2_fast_sign(void) { -// sm2_do_sign_fast函数没有了,要重新实现 -/* SM2_KEY sm2_key; - sm2_z256_t d; + sm2_z256_t fast_private; uint8_t dgst[32]; SM2_SIGNATURE sig; size_t i; - // d' = (d + 1)^-1 (mod n) - const uint64_t *one = sm2_z256_one(); - do { - sm2_key_generate(&sm2_key); - sm2_z256_copy(d, sm2_key.private_key); - sm2_z256_modn_add(d, d, one); - sm2_z256_modn_inv(d, d); - } while (sm2_z256_is_zero(d)); + if (sm2_key_generate(&sm2_key) != 1) { + error_print(); + return -1; + } + if (sm2_fast_sign_compute_key(&sm2_key, fast_private) != 1) { + error_print(); + return -1; + } + rand_bytes(dgst, sizeof(dgst)); for (i = 0; i < TEST_COUNT; i++) { - if (sm2_do_sign_fast(d, dgst, &sig) != 1) { + sm2_z256_t k; + sm2_z256_t x1_modn; + + if (sm2_fast_sign_pre_compute(k, x1_modn) != 1) { error_print(); return -1; } + if (sm2_fast_sign(fast_private, k, x1_modn, dgst, &sig) != 1) { + error_print(); + return -1; + } + if (sm2_do_verify(&sm2_key, dgst, &sig) != 1) { error_print(); return -1; } } -*/ printf("%s() ok\n", __FUNCTION__); return 1; @@ -326,10 +332,10 @@ static int test_sm2_sign_ctx_reset(void) int main(void) { - if (test_sm2_do_sign_fast() != 1) goto err; if (test_sm2_signature() != 1) goto err; if (test_sm2_do_sign() != 1) goto err; if (test_sm2_do_sign_pre_compute() != 1) goto err; + if (test_sm2_fast_sign() != 1) goto err; if (test_sm2_sign() != 1) goto err; if (test_sm2_sign_ctx() != 1) goto err; if (test_sm2_sign_ctx_reset() != 1) goto err; diff --git a/tests/sm2_z256test.c b/tests/sm2_z256test.c index 1a0dba5e..e8972d6f 100644 --- a/tests/sm2_z256test.c +++ b/tests/sm2_z256test.c @@ -869,8 +869,6 @@ static int test_sm2_z256_point_from_hash(void) printf("%s() ok\n", __FUNCTION__); return 1; - - } diff --git a/tools/pbkdf2.c b/tools/pbkdf2.c index 9f59ab39..7e0673a7 100644 --- a/tools/pbkdf2.c +++ b/tools/pbkdf2.c @@ -14,7 +14,7 @@ #include #include #include -#include +#include static const char *options = "-pass str -salt hex -iter num -outlen num [-bin|-hex] [-out file]"; @@ -25,7 +25,7 @@ int pbkdf2_main(int argc, char **argv) char *prog = argv[0]; char *pass = NULL; char *salthex = NULL; - uint8_t salt[PBKDF2_MAX_SALT_SIZE]; + uint8_t salt[SM3_PBKDF2_MAX_SALT_SIZE]; size_t saltlen; int iter = 0; int outlen = 0; @@ -65,7 +65,7 @@ int pbkdf2_main(int argc, char **argv) } else if (!strcmp(*argv, "-iter")) { if (--argc < 1) goto bad; iter = atoi(*(++argv)); - if (iter < PBKDF2_MIN_ITER || iter > INT_MAX) { + if (iter < SM3_PBKDF2_MIN_ITER || iter > SM3_PBKDF2_MAX_ITER) { fprintf(stderr, "%s: invalid '-iter' value\n", prog); goto end; } @@ -116,7 +116,7 @@ bad: goto end; } - if (pbkdf2_hmac_sm3_genkey(pass, strlen(pass), salt, saltlen, iter, outlen, outbuf) != 1) { + if (sm3_pbkdf2(pass, strlen(pass), salt, saltlen, iter, outlen, outbuf) != 1) { fprintf(stderr, "%s: inner error\n", prog); goto end; }