Add sm2 and otp command

try `gmssl sm2 -help` and `gmssl otp -help`
2026-05-27 10:46:27 +08:00 · 2018-12-19 10:01:38 +08:00
parent 5bc22a1f3e
commit 74a729aa77
17 changed files with 376 additions and 5597 deletions
--- a/test/sm9test.c
+++ b/test/sm9test.c
@@ -62,8 +62,95 @@ int main(int argc, char **argv)
 # include <openssl/evp.h>
 # include <openssl/err.h>
 # include <openssl/sm9.h>
+# include <openssl/rand.h>
+# include "../crypto/sm9/sm9_lcl.h"

-static int sm9test_sign(const char *id, const unsigned char *msg, size_t msglen)
+RAND_METHOD fake_rand;
+const RAND_METHOD *old_rand;
+
+static const char rnd_seed[] =
+	"string to make the random number generator think it has entropy";
+static const char *rnd_number = NULL;
+
+static int fbytes(unsigned char *buf, int num)
+{
+	int ret = 0;
+	BIGNUM *bn = NULL;
+
+	if (!BN_hex2bn(&bn, rnd_number)) {
+		goto end;
+	}
+	if (BN_num_bytes(bn) > num) {
+		goto end;
+	}
+	memset(buf, 0, num);
+	if (!BN_bn2bin(bn, buf + num - BN_num_bytes(bn))) {
+		goto end;
+	}
+	ret = 1;
+end:
+	BN_free(bn);
+	return ret;
+}
+
+static int change_rand(const char *hex)
+{
+	if (!(old_rand = RAND_get_rand_method())) {
+		return 0;
+	}
+
+	fake_rand.seed		= old_rand->seed;
+	fake_rand.cleanup	= old_rand->cleanup;
+	fake_rand.add		= old_rand->add;
+	fake_rand.status	= old_rand->status;
+	fake_rand.bytes		= fbytes;
+	fake_rand.pseudorand	= old_rand->bytes;
+
+	if (!RAND_set_rand_method(&fake_rand)) {
+		return 0;
+	}
+
+	rnd_number = hex;
+	return 1;
+}
+
+static int restore_rand(void)
+{
+	rnd_number = NULL;
+	if (!RAND_set_rand_method(old_rand))
+		return 0;
+	else	return 1;
+}
+
+static int hexequbin(const char *hex, const unsigned char *bin, size_t binlen)
+{
+	int ret = 0;
+	char *buf = NULL;
+	int i = 0;
+	size_t buflen = binlen * 2 + 1;
+
+
+	if (binlen * 2 != strlen(hex)) {
+		return 0;
+	}
+	if (!(buf = malloc(binlen * 2 + 1))) {
+		return 0;
+	}
+	for (i = 0; i < binlen; i++) {
+		sprintf(buf + i*2, "%02X", bin[i]);
+	}
+	buf[buflen - 1] = 0;
+
+	if (memcmp(hex, buf, binlen * 2) == 0) {
+		ret = 1;
+	}
+
+	free(buf);
+	return ret;
+}
+
+static int sm9test_sign(const char *id, const unsigned char *msg, size_t msglen,
+	int use_test_vector)
 {
 	int ret = 0;
 	SM9PublicParameters *mpk = NULL;
@@ -71,19 +158,114 @@ static int sm9test_sign(const char *id, const unsigned char *msg, size_t msglen)
 	SM9PrivateKey *sk = NULL;
 	unsigned char sig[256];
 	size_t siglen = sizeof(sig);
+	/* test vector */
+	char *ks =	"0130E78459D78545CB54C587E02CF480CE0B66340F319F348A1D5B1F2DC5F4";
+	char *Ppubs =	"04"
+			"9F64080B3084F733E48AFF4B41B565011CE0711C5E392CFB0AB1B6791B94C408"
+			"29DBA116152D1F786CE843ED24A3B573414D2177386A92DD8F14D65696EA5E32"
+			"69850938ABEA0112B57329F447E3A0CBAD3E2FDB1A77F335E89E1408D0EF1C25"
+			"41E00A53DDA532DA1A7CE027B7A46F741006E85F5CDFF0730E75C05FB4E3216D";
+	char *ID_A =	"Alice";
+	char *dsA =	"04"
+			"A5702F05CF1315305E2D6EB64B0DEB923DB1A0BCF0CAFF90523AC8754AA69820"
+			"78559A844411F9825C109F5EE3F52D720DD01785392A727BB1556952B2B013D3";
+	char *M =	"Chinese IBS standard";
+	char *r =	"033C8616B06704813203DFD00965022ED15975C662337AED648835DC4B1CBE";
+	char *h =	"823C4B21E4BD2DFE1ED92C606653E996668563152FC33F55D7BFBB9BD9705ADB";
+	char *S =	"04"
+			"73BF96923CE58B6AD0E13E9643A406D8EB98417C50EF1B29CEF9ADB48B6D598C"
+			"856712F1C2E0968AB7769F42A99586AED139D5B8B3E15891827CC2ACED9BAA05";
+	char *S_comp =	"03"
+			"73BF96923CE58B6AD0E13E9643A406D8EB98417C50EF1B29CEF9ADB48B6D598C";
+
+	if (use_test_vector) {
+		id = ID_A;
+		msg = (unsigned char *)M;
+		msglen = strlen(M);
+
+		/* generate master secret with test vector */
+		change_rand(ks);
+	}

 	if (!SM9_setup(NID_sm9bn256v1, NID_sm9sign, NID_sm9hash1_with_sm3, &mpk, &msk)) {
 		ERR_print_errors_fp(stderr);
 		goto end;
 	}
+
+	/* check msk->masterSecret == ks, msk->publicPpub == Ppubs */
+	if (use_test_vector) {
+		BIGNUM *masterSecret = NULL;
+		if (!BN_hex2bn(&masterSecret, ks)) {
+			ERR_print_errors_fp(stderr);
+			goto end;
+		}
+		if (BN_cmp(masterSecret, msk->masterSecret) != 0) {
+			fprintf(stderr, "%s %d: masterSecret failed\n", __FILE__, __LINE__);
+			goto end;
+		}
+
+		if (!hexequbin(Ppubs, ASN1_STRING_get0_data(msk->pointPpub),
+			ASN1_STRING_length(msk->pointPpub))) {
+			fprintf(stderr, "%s %d: publicPoint failed\n", __FILE__, __LINE__);
+			goto end;
+		}
+	}
+
+	/* generate private key */
 	if (!(sk = SM9_extract_private_key(msk, id, strlen(id)))) {
 		ERR_print_errors_fp(stderr);
 		goto end;
 	}
+
+	if (use_test_vector) {
+		/* check sk->privatePoint == dsA */
+		if (!hexequbin(dsA, ASN1_STRING_get0_data(sk->privatePoint),
+			ASN1_STRING_length(sk->privatePoint))) {
+			fprintf(stderr, "%s %d: dsA for '%s' failed\n", __FILE__, __LINE__, id);
+			goto end;
+		}
+
+		/* sign with test vector */
+		change_rand(r);
+	}
+
 	if (!SM9_sign(NID_sm3, msg, msglen, sig, &siglen, sk)) {
 		ERR_print_errors_fp(stderr);
 		goto end;
 	}
+
+	if (use_test_vector) {
+		const unsigned char *p = sig;
+		SM9Signature *sig = NULL;
+		BIGNUM *bn = NULL;
+		int err = 0;
+
+		if (!(sig = d2i_SM9Signature(NULL, &p, siglen))) {
+			ERR_print_errors_fp(stderr);
+			goto end;
+		}
+
+		if (!BN_hex2bn(&bn, h)) {
+			SM9Signature_free(sig);
+			ERR_print_errors_fp(stderr);
+			goto end;
+		}
+
+		if (BN_cmp(bn, sig->h) != 0) {
+			fprintf(stderr, "%s %d: sig->h failed\n", __FILE__, __LINE__);
+			err++;
+		}
+
+		if (!hexequbin(S_comp, ASN1_STRING_get0_data(sig->pointS),
+			ASN1_STRING_length(sig->pointS))) {
+			fprintf(stderr, "%s %d: sig->S failed\n", __FILE__, __LINE__);
+			err++;
+		}
+
+		SM9Signature_free(sig);
+		BN_free(bn);
+	}
+
 	ret = SM9_verify(NID_sm3, msg, msglen, sig, siglen, mpk, id, strlen(id));
 	if (ret < 0) {
 		ERR_print_errors_fp(stderr);
@@ -228,8 +410,9 @@ int main(int argc, char **argv)
 	int err = 0;
 	char *id = "guanzhi1980@gmail.com";
 	unsigned char in[] = "message to be signed or encrypted";
+	int use_test_vector = 1;

-	if (!sm9test_sign(id, in, sizeof(in)-1)) {
+	if (!sm9test_sign(id, in, sizeof(in)-1, use_test_vector)) {
 		printf("sm9 sign tests failed\n");
 		err++;
 	}