abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Adjust SM9 API

Browse Source 
不再将Fp, Fn上的元素视为一种类型,而是看做在sm9_z256_t类型上的特殊计算类型,同理Montgomery计算也是sm9_z256_t上的计算。通过函数名可以完全体现在sm9_z256_t上的计算类型。

于此不同的是,GF(p^2), GF(p^4), GF(p^12) 几个类型在内部完全采用Montgomery形式表示,因此sm9_z256_fp2_t等表示特殊的类型,不再区分mul和mont_mul,因为所有计算都是Montgomery上的计算。
This commit is contained in:
Zhi Guan
2024-04-14 10:20:11 +08:00
parent 28428de876
commit 771fe867ef
5 changed files with 285 additions and 286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
include/gmssl/sm9_z256.h
View File

@@ -44,33 +44,26 @@ int sm9_z256_rand_range(sm9_z256_t r, const sm9_z256_t range);
void sm9_z256_print_bn(const char *prefix, const sm9_z256_t a); void sm9_z256_print_bn(const char *prefix, const sm9_z256_t a);
int sm9_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm9_z256_t a); int sm9_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm9_z256_t a);
void sm9_z256_modp_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_modp_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_modp_dbl(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_modp_tri(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_modp_haf(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_modp_neg(sm9_z256_t r, const sm9_z256_t a);
// 从逻辑上讲fp元素模式还是一个z256的值需要显示的被转换为mont格式 void sm9_z256_modp_to_mont(sm9_z256_t r, const sm9_z256_t a);
// 因此在计算上是需要区分mont_mul,也提供了to_mont, from_mont的计算 void sm9_z256_modp_from_mont(sm9_z256_t r, const sm9_z256_t a);
// 因此这里最好不要用fp来表示而是用modp来表示这样逻辑更正确 void sm9_z256_modp_mont_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_modp_mont_sqr(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_modp_mont_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e);
void sm9_z256_modp_mont_inv(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_fp_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b); void sm9_z256_modn_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_fp_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b); void sm9_z256_modn_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_fp_dbl(sm9_z256_t r, const sm9_z256_t a); void sm9_z256_modn_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_fp_tri(sm9_z256_t r, const sm9_z256_t a); void sm9_z256_modn_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e);
void sm9_z256_fp_div2(sm9_z256_t r, const sm9_z256_t a); void sm9_z256_modn_inv(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_fp_neg(sm9_z256_t r, const sm9_z256_t a); void sm9_z256_modn_from_hash(sm9_z256_t h, const uint8_t Ha[40]);
void sm9_z256_fp_to_mont(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_fp_from_mont(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_fp_mont_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_fp_mont_sqr(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_fp_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e);
void sm9_z256_fp_inv(sm9_z256_t r, const sm9_z256_t a);
int sm9_z256_fp_rand(sm9_z256_t r);
void sm9_z256_fn_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_fn_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_fn_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b);
void sm9_z256_fn_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e);
void sm9_z256_fn_inv(sm9_z256_t r, const sm9_z256_t a);
void sm9_z256_fn_from_hash(sm9_z256_t h, const uint8_t Ha[40]);
int sm9_z256_fn_from_bytes(sm9_z256_t a, const uint8_t in[32]); // 这个就比较特殊了,应该支持这个函数吗?我觉得不应该支持,这个太奇怪了
int sm9_z256_fn_rand(sm9_z256_t r);
// 但是在GF(p^2) // 但是在GF(p^2)
@@ -105,7 +98,7 @@ void sm9_z256_fp2_sqr(sm9_z256_fp2_t r, const sm9_z256_fp2_t a);
void sm9_z256_fp2_sqr_u(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); void sm9_z256_fp2_sqr_u(sm9_z256_fp2_t r, const sm9_z256_fp2_t a);
void sm9_z256_fp2_inv(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); void sm9_z256_fp2_inv(sm9_z256_fp2_t r, const sm9_z256_fp2_t a);
void sm9_z256_fp2_div(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b); void sm9_z256_fp2_div(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b);
void sm9_z256_fp2_div2(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); void sm9_z256_fp2_haf(sm9_z256_fp2_t r, const sm9_z256_fp2_t a);
typedef sm9_z256_fp2_t sm9_z256_fp4_t[2]; typedef sm9_z256_fp2_t sm9_z256_fp4_t[2];
@@ -122,7 +115,7 @@ void sm9_z256_fp4_add(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_f
void sm9_z256_fp4_dbl(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); void sm9_z256_fp4_dbl(sm9_z256_fp4_t r, const sm9_z256_fp4_t a);
void sm9_z256_fp4_sub(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_fp4_t b); void sm9_z256_fp4_sub(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_fp4_t b);
void sm9_z256_fp4_neg(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); void sm9_z256_fp4_neg(sm9_z256_fp4_t r, const sm9_z256_fp4_t a);
void sm9_z256_fp4_div2(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); void sm9_z256_fp4_haf(sm9_z256_fp4_t r, const sm9_z256_fp4_t a);
void sm9_z256_fp4_a_mul_v(sm9_z256_fp4_t r, sm9_z256_fp4_t a); void sm9_z256_fp4_a_mul_v(sm9_z256_fp4_t r, sm9_z256_fp4_t a);
void sm9_z256_fp4_mul(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_fp4_t b); void sm9_z256_fp4_mul(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_fp4_t b);
void sm9_z256_fp4_mul_fp(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_t k); void sm9_z256_fp4_mul_fp(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256_t k);

387
src/sm9_z256_alg.c
View File

@@ -411,7 +411,7 @@ int sm9_z512_print(FILE *fp, int ind, int fmt, const char *label, const uint64_t
*/ */
#ifndef ENABLE_SM9_Z256_ARMV8 #ifndef ENABLE_SM9_Z256_ARMV8
void sm9_z256_fp_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b) void sm9_z256_modp_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
{ {
uint64_t c; uint64_t c;
c = sm9_z256_add(r, a, b); c = sm9_z256_add(r, a, b);
@@ -426,7 +426,7 @@ void sm9_z256_fp_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
} }
} }
void sm9_z256_fp_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b) void sm9_z256_modp_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
{ {
uint64_t c; uint64_t c;
c = sm9_z256_sub(r, a, b); c = sm9_z256_sub(r, a, b);
@@ -437,19 +437,19 @@ void sm9_z256_fp_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
} }
} }
void sm9_z256_fp_dbl(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modp_dbl(sm9_z256_t r, const sm9_z256_t a)
{ {
sm9_z256_fp_add(r, a, a); sm9_z256_modp_add(r, a, a);
} }
void sm9_z256_fp_tri(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modp_tri(sm9_z256_t r, const sm9_z256_t a)
{ {
sm9_z256_t t; sm9_z256_t t;
sm9_z256_fp_add(t, a, a); sm9_z256_modp_add(t, a, a);
sm9_z256_fp_add(r, t, a); sm9_z256_modp_add(r, t, a);
} }
void sm9_z256_fp_div2(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modp_haf(sm9_z256_t r, const sm9_z256_t a)
{ {
uint64_t c = 0; uint64_t c = 0;
@@ -468,13 +468,14 @@ void sm9_z256_fp_div2(sm9_z256_t r, const sm9_z256_t a)
r[3] = (r[3] >> 1) | ((c & 1) << 63); r[3] = (r[3] >> 1) | ((c & 1) << 63);
} }
void sm9_z256_fp_neg(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modp_neg(sm9_z256_t r, const sm9_z256_t a)
{ {
(void)sm9_z256_sub(r, SM9_Z256_P, a); (void)sm9_z256_sub(r, SM9_Z256_P, a);
} }
#endif #endif
int sm9_z256_fp_rand(sm9_z256_t r) /*
int sm9_z256_modp_rand(sm9_z256_t r)
{ {
if (sm9_z256_rand_range(r, SM9_Z256_P) != 1) { if (sm9_z256_rand_range(r, SM9_Z256_P) != 1) {
error_print(); error_print();
@@ -483,6 +484,7 @@ int sm9_z256_fp_rand(sm9_z256_t r)
return 1; return 1;
} }
*/
// p = b640000002a3a6f1d603ab4ff58ec74521f2934b1a7aeedbe56f9b27e351457d // p = b640000002a3a6f1d603ab4ff58ec74521f2934b1a7aeedbe56f9b27e351457d
// p' = -p^(-1) mod 2^256 = afd2bac5558a13b3966a4b291522b137181ae39613c8dbaf892bc42c2f2ee42b // p' = -p^(-1) mod 2^256 = afd2bac5558a13b3966a4b291522b137181ae39613c8dbaf892bc42c2f2ee42b
@@ -505,7 +507,7 @@ const uint64_t SM9_Z256_P_LEFT_32[8] = {
const uint32_t SM9_Z256_MU_32 = 0xd0d11bd5; const uint32_t SM9_Z256_MU_32 = 0xd0d11bd5;
void sm9_z256_fp_mont_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b) void sm9_z256_modp_mont_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
{ {
int i; int i;
uint32_t a_[8], b_[8]; uint32_t a_[8], b_[8];
@@ -658,7 +660,7 @@ static uint64_t sm9_z512_add(uint64_t r[8], const uint64_t a[8], const uint64_t
// z = a*b // z = a*b
// c = (z + (z * p' mod 2^256) * p)/2^256 // c = (z + (z * p' mod 2^256) * p)/2^256
void sm9_z256_fp_mont_mul(uint64_t r[4], const uint64_t a[4], const uint64_t b[4]) void sm9_z256_modp_mont_mul(uint64_t r[4], const uint64_t a[4], const uint64_t b[4])
{ {
uint64_t z[8]; uint64_t z[8];
uint64_t t[8]; uint64_t t[8];
@@ -690,23 +692,23 @@ void sm9_z256_fp_mont_mul(uint64_t r[4], const uint64_t a[4], const uint64_t b[4
#ifndef ENABLE_SM9_Z256_ARMV8 #ifndef ENABLE_SM9_Z256_ARMV8
void sm9_z256_fp_to_mont(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modp_to_mont(sm9_z256_t r, const sm9_z256_t a)
{ {
sm9_z256_fp_mont_mul(r, a, SM9_Z256_MODP_2e512); sm9_z256_modp_mont_mul(r, a, SM9_Z256_MODP_2e512);
} }
void sm9_z256_fp_from_mont(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modp_from_mont(sm9_z256_t r, const sm9_z256_t a)
{ {
sm9_z256_fp_mont_mul(r, a, SM9_Z256_ONE); sm9_z256_modp_mont_mul(r, a, SM9_Z256_ONE);
} }
void sm9_z256_fp_mont_sqr(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modp_mont_sqr(sm9_z256_t r, const sm9_z256_t a)
{ {
sm9_z256_fp_mont_mul(r, a, a); sm9_z256_modp_mont_mul(r, a, a);
} }
#endif #endif
void sm9_z256_fp_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e) void sm9_z256_modp_mont_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e)
{ {
sm9_z256_t t; sm9_z256_t t;
uint64_t w; uint64_t w;
@@ -718,9 +720,9 @@ void sm9_z256_fp_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e)
for (i = 3; i >= 0; i--) { for (i = 3; i >= 0; i--) {
w = e[i]; w = e[i];
for (j = 0; j < 64; j++) { for (j = 0; j < 64; j++) {
sm9_z256_fp_mont_sqr(t, t); sm9_z256_modp_mont_sqr(t, t);
if (w & 0x8000000000000000) { if (w & 0x8000000000000000) {
sm9_z256_fp_mont_mul(t, t, a); sm9_z256_modp_mont_mul(t, t, a);
} }
w <<= 1; w <<= 1;
} }
@@ -729,18 +731,18 @@ void sm9_z256_fp_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e)
sm9_z256_copy(r, t); sm9_z256_copy(r, t);
} }
void sm9_z256_fp_inv(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modp_mont_inv(sm9_z256_t r, const sm9_z256_t a)
{ {
sm9_z256_fp_pow(r, a, SM9_Z256_P_MINUS_TWO); sm9_z256_modp_mont_pow(r, a, SM9_Z256_P_MINUS_TWO);
} }
// 这个函数不合适,而且这个实现也不正确啊 // 这个函数不合适,而且这个实现也不正确啊
// 但是对于SM9的Fp2Fp4等而言必须一开始就转换到Montgomery上面因为没有 // 但是对于SM9的Fp2Fp4等而言必须一开始就转换到Montgomery上面因为没有
/* /*
int sm9_z256_fp_from_bytes(sm9_z256_t r, const uint8_t buf[32]) int sm9_z256_modp_from_bytes(sm9_z256_t r, const uint8_t buf[32])
{ {
sm9_z256_from_bytes(r, buf); sm9_z256_from_bytes(r, buf);
sm9_z256_fp_to_mont(r, r); sm9_z256_modp_to_mont(r, r);
if (sm9_z256_cmp(r, SM9_Z256_P) >= 0) { if (sm9_z256_cmp(r, SM9_Z256_P) >= 0) {
error_print(); error_print();
return -1; return -1;
@@ -749,14 +751,14 @@ int sm9_z256_fp_from_bytes(sm9_z256_t r, const uint8_t buf[32])
} }
*/ */
void sm9_z256_fp_to_bytes(const sm9_z256_t r, uint8_t out[32]) void sm9_z256_modp_to_bytes(const sm9_z256_t r, uint8_t out[32])
{ {
sm9_z256_t t; sm9_z256_t t;
sm9_z256_fp_from_mont(t, r); sm9_z256_modp_from_mont(t, r);
sm9_z256_to_bytes(t, out); sm9_z256_to_bytes(t, out);
} }
int sm9_z256_fp_from_hex(sm9_z256_t r, const char hex[64]) int sm9_z256_modp_from_hex(sm9_z256_t r, const char hex[64])
{ {
if (sm9_z256_from_hex(r, hex) != 1) { if (sm9_z256_from_hex(r, hex) != 1) {
error_print(); error_print();
@@ -766,14 +768,14 @@ int sm9_z256_fp_from_hex(sm9_z256_t r, const char hex[64])
error_print(); error_print();
return -1; return -1;
} }
sm9_z256_fp_to_mont(r, r); sm9_z256_modp_to_mont(r, r);
return 1; return 1;
} }
void sm9_z256_fp_to_hex(const sm9_z256_t r, char hex[64]) void sm9_z256_modp_to_hex(const sm9_z256_t r, char hex[64])
{ {
sm9_z256_t t; sm9_z256_t t;
sm9_z256_fp_from_mont(t, r); sm9_z256_modp_from_mont(t, r);
int i; int i;
for (i = 3; i >= 0; i--) { for (i = 3; i >= 0; i--) {
(void)sprintf(hex + 16*(3-i), "%016llx", t[i]); (void)sprintf(hex + 16*(3-i), "%016llx", t[i]);
@@ -822,8 +824,11 @@ void sm9_z256_fp2_copy(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
int sm9_z256_fp2_rand(sm9_z256_fp2_t r) int sm9_z256_fp2_rand(sm9_z256_fp2_t r)
{ {
if (sm9_z256_fp_rand(r[0]) != 1 if (sm9_z256_rand_range(r[0], SM9_Z256_P) != 1) {
|| sm9_z256_fp_rand(r[1]) != 1) { error_print();
return -1;
}
if (sm9_z256_rand_range(r[1], SM9_Z256_P) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -832,8 +837,8 @@ int sm9_z256_fp2_rand(sm9_z256_fp2_t r)
void sm9_z256_fp2_to_bytes(const sm9_z256_fp2_t a, uint8_t buf[64]) void sm9_z256_fp2_to_bytes(const sm9_z256_fp2_t a, uint8_t buf[64])
{ {
sm9_z256_fp_to_bytes(a[1], buf); sm9_z256_modp_to_bytes(a[1], buf);
sm9_z256_fp_to_bytes(a[0], buf + 32); sm9_z256_modp_to_bytes(a[0], buf + 32);
} }
int sm9_z256_fp2_from_bytes(sm9_z256_fp2_t r, const uint8_t buf[64]) int sm9_z256_fp2_from_bytes(sm9_z256_fp2_t r, const uint8_t buf[64])
@@ -850,12 +855,12 @@ int sm9_z256_fp2_from_bytes(sm9_z256_fp2_t r, const uint8_t buf[64])
return -1; return -1;
} }
sm9_z256_fp_to_mont(r[1], r[1]); sm9_z256_modp_to_mont(r[1], r[1]);
sm9_z256_fp_to_mont(r[0], r[0]); sm9_z256_modp_to_mont(r[0], r[0]);
/* /*
if (sm9_z256_fp_from_bytes(r[1], buf) != 1 if (sm9_z256_modp_from_bytes(r[1], buf) != 1
|| sm9_z256_fp_from_bytes(r[0], buf + 32) != 1) { || sm9_z256_modp_from_bytes(r[0], buf + 32) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -865,8 +870,8 @@ int sm9_z256_fp2_from_bytes(sm9_z256_fp2_t r, const uint8_t buf[64])
int sm9_z256_fp2_from_hex(sm9_z256_fp2_t r, const char hex[129]) int sm9_z256_fp2_from_hex(sm9_z256_fp2_t r, const char hex[129])
{ {
if (sm9_z256_fp_from_hex(r[1], hex) != 1 if (sm9_z256_modp_from_hex(r[1], hex) != 1
|| sm9_z256_fp_from_hex(r[0], hex + 65) != 1) { || sm9_z256_modp_from_hex(r[0], hex + 65) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -881,47 +886,47 @@ int sm9_z256_fp2_from_hex(sm9_z256_fp2_t r, const char hex[129])
void sm9_z256_fp2_to_hex(const sm9_z256_fp2_t a, char hex[129]) void sm9_z256_fp2_to_hex(const sm9_z256_fp2_t a, char hex[129])
{ {
sm9_z256_fp_to_hex(a[1], hex); sm9_z256_modp_to_hex(a[1], hex);
hex[64] = SM9_Z256_HEX_SEP; hex[64] = SM9_Z256_HEX_SEP;
sm9_z256_fp_to_hex(a[0], hex + 65); sm9_z256_modp_to_hex(a[0], hex + 65);
} }
void sm9_z256_fp2_add(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b) void sm9_z256_fp2_add(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b)
{ {
sm9_z256_fp_add(r[0], a[0], b[0]); sm9_z256_modp_add(r[0], a[0], b[0]);
sm9_z256_fp_add(r[1], a[1], b[1]); sm9_z256_modp_add(r[1], a[1], b[1]);
} }
void sm9_z256_fp2_dbl(sm9_z256_fp2_t r, const sm9_z256_fp2_t a) void sm9_z256_fp2_dbl(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
{ {
sm9_z256_fp_dbl(r[0], a[0]); sm9_z256_modp_dbl(r[0], a[0]);
sm9_z256_fp_dbl(r[1], a[1]); sm9_z256_modp_dbl(r[1], a[1]);
} }
void sm9_z256_fp2_tri(sm9_z256_fp2_t r, const sm9_z256_fp2_t a) void sm9_z256_fp2_tri(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
{ {
sm9_z256_fp_tri(r[0], a[0]); sm9_z256_modp_tri(r[0], a[0]);
sm9_z256_fp_tri(r[1], a[1]); sm9_z256_modp_tri(r[1], a[1]);
} }
void sm9_z256_fp2_sub(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b) void sm9_z256_fp2_sub(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b)
{ {
sm9_z256_fp_sub(r[0], a[0], b[0]); sm9_z256_modp_sub(r[0], a[0], b[0]);
sm9_z256_fp_sub(r[1], a[1], b[1]); sm9_z256_modp_sub(r[1], a[1], b[1]);
} }
void sm9_z256_fp2_neg(sm9_z256_fp2_t r, const sm9_z256_fp2_t a) void sm9_z256_fp2_neg(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
{ {
sm9_z256_fp_neg(r[0], a[0]); sm9_z256_modp_neg(r[0], a[0]);
sm9_z256_fp_neg(r[1], a[1]); sm9_z256_modp_neg(r[1], a[1]);
} }
void sm9_z256_fp2_a_mul_u(sm9_z256_fp2_t r, sm9_z256_fp2_t a) void sm9_z256_fp2_a_mul_u(sm9_z256_fp2_t r, sm9_z256_fp2_t a)
{ {
sm9_z256_t r0; sm9_z256_t r0;
sm9_z256_fp_dbl(r0, a[1]); sm9_z256_modp_dbl(r0, a[1]);
sm9_z256_fp_neg(r0, r0); sm9_z256_modp_neg(r0, r0);
sm9_z256_copy(r[1], a[0]); sm9_z256_copy(r[1], a[0]);
sm9_z256_copy(r[0], r0); sm9_z256_copy(r[0], r0);
@@ -935,23 +940,23 @@ void sm9_z256_fp2_mul(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_f
sm9_z256_t t2; sm9_z256_t t2;
// t2 = (a0 + a1) * (b0 + b1) // t2 = (a0 + a1) * (b0 + b1)
sm9_z256_fp_add(t0, a[0], a[1]); sm9_z256_modp_add(t0, a[0], a[1]);
sm9_z256_fp_add(t1, b[0], b[1]); sm9_z256_modp_add(t1, b[0], b[1]);
sm9_z256_fp_mont_mul(t2, t0, t1); sm9_z256_modp_mont_mul(t2, t0, t1);
// t0 = a0 * b0 // t0 = a0 * b0
sm9_z256_fp_mont_mul(t0, a[0], b[0]); sm9_z256_modp_mont_mul(t0, a[0], b[0]);
// t1 = a1 * b1 // t1 = a1 * b1
sm9_z256_fp_mont_mul(t1, a[1], b[1]); sm9_z256_modp_mont_mul(t1, a[1], b[1]);
// r1 = t2 - t0 - t1 = a0 * b1 + a1 * b0 // r1 = t2 - t0 - t1 = a0 * b1 + a1 * b0
sm9_z256_fp_sub(t2, t2, t0); sm9_z256_modp_sub(t2, t2, t0);
sm9_z256_fp_sub(t2, t2, t1); sm9_z256_modp_sub(t2, t2, t1);
// r0 = t0 - 2*t1 = a0 * b0 - 2(a1 * b1) // r0 = t0 - 2*t1 = a0 * b0 - 2(a1 * b1)
sm9_z256_fp_dbl(t1, t1); sm9_z256_modp_dbl(t1, t1);
sm9_z256_fp_sub(t0, t0, t1); sm9_z256_modp_sub(t0, t0, t1);
sm9_z256_copy(r[0], t0); sm9_z256_copy(r[0], t0);
sm9_z256_copy(r[1], t2); sm9_z256_copy(r[1], t2);
@@ -964,25 +969,25 @@ void sm9_z256_fp2_mul_u(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256
sm9_z256_t t2; sm9_z256_t t2;
// t2 = (a0 + a1) * (b0 + b1) // t2 = (a0 + a1) * (b0 + b1)
sm9_z256_fp_add(t0, a[0], a[1]); sm9_z256_modp_add(t0, a[0], a[1]);
sm9_z256_fp_add(t1, b[0], b[1]); sm9_z256_modp_add(t1, b[0], b[1]);
sm9_z256_fp_mont_mul(t2, t0, t1); sm9_z256_modp_mont_mul(t2, t0, t1);
// t0 = a0 * b0 // t0 = a0 * b0
sm9_z256_fp_mont_mul(t0, a[0], b[0]); sm9_z256_modp_mont_mul(t0, a[0], b[0]);
// t1 = a1 * b1 // t1 = a1 * b1
sm9_z256_fp_mont_mul(t1, a[1], b[1]); sm9_z256_modp_mont_mul(t1, a[1], b[1]);
// r0 = -2 *(t2 - t0 - t1) = -2 * (a0 * b1 + a1 * b0) // r0 = -2 *(t2 - t0 - t1) = -2 * (a0 * b1 + a1 * b0)
sm9_z256_fp_sub(t2, t2, t0); sm9_z256_modp_sub(t2, t2, t0);
sm9_z256_fp_sub(t2, t2, t1); sm9_z256_modp_sub(t2, t2, t1);
sm9_z256_fp_dbl(t2, t2); sm9_z256_modp_dbl(t2, t2);
sm9_z256_fp_neg(t2, t2); sm9_z256_modp_neg(t2, t2);
// r1 = t0 - 2*t1 = a0 * b0 - 2(a1 * b1) // r1 = t0 - 2*t1 = a0 * b0 - 2(a1 * b1)
sm9_z256_fp_dbl(t1, t1); sm9_z256_modp_dbl(t1, t1);
sm9_z256_fp_sub(t0, t0, t1); sm9_z256_modp_sub(t0, t0, t1);
sm9_z256_copy(r[0], t2); sm9_z256_copy(r[0], t2);
sm9_z256_copy(r[1], t0); sm9_z256_copy(r[1], t0);
@@ -990,8 +995,8 @@ void sm9_z256_fp2_mul_u(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256
void sm9_z256_fp2_mul_fp(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_t k) void sm9_z256_fp2_mul_fp(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_t k)
{ {
sm9_z256_fp_mont_mul(r[0], a[0], k); sm9_z256_modp_mont_mul(r[0], a[0], k);
sm9_z256_fp_mont_mul(r[1], a[1], k); sm9_z256_modp_mont_mul(r[1], a[1], k);
} }
void sm9_z256_fp2_sqr(sm9_z256_fp2_t r, const sm9_z256_fp2_t a) void sm9_z256_fp2_sqr(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
@@ -999,15 +1004,15 @@ void sm9_z256_fp2_sqr(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
sm9_z256_t r0, r1, c0, c1; sm9_z256_t r0, r1, c0, c1;
// r0 = (a0 + a1) * (a0 - 2a1) + a0 * a1 // r0 = (a0 + a1) * (a0 - 2a1) + a0 * a1
sm9_z256_fp_mont_mul(r1, a[0], a[1]); sm9_z256_modp_mont_mul(r1, a[0], a[1]);
sm9_z256_fp_add(c0, a[0], a[1]); sm9_z256_modp_add(c0, a[0], a[1]);
sm9_z256_fp_dbl(c1, a[1]); sm9_z256_modp_dbl(c1, a[1]);
sm9_z256_fp_sub(c1, a[0], c1); sm9_z256_modp_sub(c1, a[0], c1);
sm9_z256_fp_mont_mul(r0, c0, c1); sm9_z256_modp_mont_mul(r0, c0, c1);
sm9_z256_fp_add(r0, r0, r1); sm9_z256_modp_add(r0, r0, r1);
// r1 = 2 * a0 * a1 // r1 = 2 * a0 * a1
sm9_z256_fp_dbl(r1, r1); sm9_z256_modp_dbl(r1, r1);
sm9_z256_copy(r[0], r0); sm9_z256_copy(r[0], r0);
sm9_z256_copy(r[1], r1); sm9_z256_copy(r[1], r1);
@@ -1020,23 +1025,23 @@ void sm9_z256_fp2_sqr_u(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
sm9_z256_t t2; sm9_z256_t t2;
// t0 = a0 * a1 // t0 = a0 * a1
sm9_z256_fp_mont_mul(t0, a[0], a[1]); sm9_z256_modp_mont_mul(t0, a[0], a[1]);
// t1 = a0 + a1 // t1 = a0 + a1
sm9_z256_fp_add(t1, a[0], a[1]); sm9_z256_modp_add(t1, a[0], a[1]);
// t2 = a0 - 2*a // t2 = a0 - 2*a
sm9_z256_fp_sub(t2, a[0], a[1]); sm9_z256_modp_sub(t2, a[0], a[1]);
sm9_z256_fp_sub(t2, t2, a[1]); sm9_z256_modp_sub(t2, t2, a[1]);
// r1 = t1 * t2 + t0 // r1 = t1 * t2 + t0
sm9_z256_fp_mont_mul(t2, t2, t1); sm9_z256_modp_mont_mul(t2, t2, t1);
sm9_z256_fp_add(t2, t2, t0); sm9_z256_modp_add(t2, t2, t0);
// r0 = -4 * t0 // r0 = -4 * t0
sm9_z256_fp_dbl(t0, t0); sm9_z256_modp_dbl(t0, t0);
sm9_z256_fp_dbl(t0, t0); sm9_z256_modp_dbl(t0, t0);
sm9_z256_fp_neg(t0, t0); sm9_z256_modp_neg(t0, t0);
sm9_z256_copy(r[0], t0); sm9_z256_copy(r[0], t0);
sm9_z256_copy(r[1], t2); sm9_z256_copy(r[1], t2);
@@ -1048,32 +1053,32 @@ void sm9_z256_fp2_inv(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
// r0 = 0 // r0 = 0
sm9_z256_set_zero(r[0]); sm9_z256_set_zero(r[0]);
// r1 = -(2 * a1)^-1 // r1 = -(2 * a1)^-1
sm9_z256_fp_dbl(r[1], a[1]); sm9_z256_modp_dbl(r[1], a[1]);
sm9_z256_fp_inv(r[1], r[1]); sm9_z256_modp_mont_inv(r[1], r[1]);
sm9_z256_fp_neg(r[1], r[1]); sm9_z256_modp_neg(r[1], r[1]);
} else if (sm9_z256_is_zero(a[1])) { } else if (sm9_z256_is_zero(a[1])) {
/* r1 = 0 */ /* r1 = 0 */
sm9_z256_set_zero(r[1]); sm9_z256_set_zero(r[1]);
/* r0 = a0^-1 */ /* r0 = a0^-1 */
sm9_z256_fp_inv(r[0], a[0]); sm9_z256_modp_mont_inv(r[0], a[0]);
} else { } else {
sm9_z256_t k, t; sm9_z256_t k, t;
// k = (a[0]^2 + 2 * a[1]^2)^-1 // k = (a[0]^2 + 2 * a[1]^2)^-1
sm9_z256_fp_mont_sqr(k, a[0]); sm9_z256_modp_mont_sqr(k, a[0]);
sm9_z256_fp_mont_sqr(t, a[1]); sm9_z256_modp_mont_sqr(t, a[1]);
sm9_z256_fp_dbl(t, t); sm9_z256_modp_dbl(t, t);
sm9_z256_fp_add(k, k, t); sm9_z256_modp_add(k, k, t);
sm9_z256_fp_inv(k, k); sm9_z256_modp_mont_inv(k, k);
// r[0] = a[0] * k // r[0] = a[0] * k
sm9_z256_fp_mont_mul(r[0], a[0], k); sm9_z256_modp_mont_mul(r[0], a[0], k);
// r[1] = -a[1] * k // r[1] = -a[1] * k
sm9_z256_fp_mont_mul(r[1], a[1], k); sm9_z256_modp_mont_mul(r[1], a[1], k);
sm9_z256_fp_neg(r[1], r[1]); sm9_z256_modp_neg(r[1], r[1]);
} }
} }
@@ -1084,10 +1089,10 @@ void sm9_z256_fp2_div(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_f
sm9_z256_fp2_mul(r, a, t); sm9_z256_fp2_mul(r, a, t);
} }
void sm9_z256_fp2_div2(sm9_z256_fp2_t r, const sm9_z256_fp2_t a) void sm9_z256_fp2_haf(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
{ {
sm9_z256_fp_div2(r[0], a[0]); sm9_z256_modp_haf(r[0], a[0]);
sm9_z256_fp_div2(r[1], a[1]); sm9_z256_modp_haf(r[1], a[1]);
} }
@@ -1186,10 +1191,10 @@ void sm9_z256_fp4_neg(sm9_z256_fp4_t r, const sm9_z256_fp4_t a)
sm9_z256_fp2_neg(r[1], a[1]); sm9_z256_fp2_neg(r[1], a[1]);
} }
void sm9_z256_fp4_div2(sm9_z256_fp4_t r, const sm9_z256_fp4_t a) void sm9_z256_fp4_haf(sm9_z256_fp4_t r, const sm9_z256_fp4_t a)
{ {
sm9_z256_fp2_div2(r[0], a[0]); sm9_z256_fp2_haf(r[0], a[0]);
sm9_z256_fp2_div2(r[1], a[1]); sm9_z256_fp2_haf(r[1], a[1]);
} }
void sm9_z256_fp4_a_mul_v(sm9_z256_fp4_t r, sm9_z256_fp4_t a) void sm9_z256_fp4_a_mul_v(sm9_z256_fp4_t r, sm9_z256_fp4_t a)
@@ -1516,7 +1521,7 @@ void sm9_z256_fp12_sqr(sm9_z256_fp12_t r, const sm9_z256_fp12_t a)
sm9_z256_fp4_dbl(s2, s2); sm9_z256_fp4_dbl(s2, s2);
sm9_z256_fp4_add(s3, s0, s1); sm9_z256_fp4_add(s3, s0, s1);
sm9_z256_fp4_div2(s3, s3); sm9_z256_fp4_haf(s3, s3);
sm9_z256_fp4_sub(t, s3, h1); sm9_z256_fp4_sub(t, s3, h1);
sm9_z256_fp4_sub(h2, t, h0); sm9_z256_fp4_sub(h2, t, h0);
@@ -1612,7 +1617,7 @@ void sm9_z256_fp12_pow(sm9_z256_fp12_t r, const sm9_z256_fp12_t a, const sm9_z25
void sm9_z256_fp2_conjugate(sm9_z256_fp2_t r, const sm9_z256_fp2_t a) void sm9_z256_fp2_conjugate(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
{ {
sm9_z256_copy(r[0], a[0]); sm9_z256_copy(r[0], a[0]);
sm9_z256_fp_neg (r[1], a[1]); sm9_z256_modp_neg (r[1], a[1]);
} }
void sm9_z256_fp2_frobenius(sm9_z256_fp2_t r, const sm9_z256_fp2_t a) void sm9_z256_fp2_frobenius(sm9_z256_fp2_t r, const sm9_z256_fp2_t a)
@@ -1759,8 +1764,8 @@ void sm9_z256_fp12_frobenius6(sm9_z256_fp12_t r, const sm9_z256_fp12_t x)
void sm9_z256_point_from_hex(SM9_Z256_POINT *R, const char hex[65 * 2]) void sm9_z256_point_from_hex(SM9_Z256_POINT *R, const char hex[65 * 2])
{ {
sm9_z256_fp_from_hex(R->X, hex); sm9_z256_modp_from_hex(R->X, hex);
sm9_z256_fp_from_hex(R->Y, hex + 65); sm9_z256_modp_from_hex(R->Y, hex + 65);
sm9_z256_copy(R->Z, SM9_Z256_MODP_MONT_ONE); sm9_z256_copy(R->Z, SM9_Z256_MODP_MONT_ONE);
} }
@@ -1788,29 +1793,29 @@ void sm9_z256_point_get_xy(const SM9_Z256_POINT *P, sm9_z256_t x, sm9_z256_t y)
sm9_z256_copy(y, P->Y); sm9_z256_copy(y, P->Y);
} }
sm9_z256_fp_inv(z_inv, P->Z); sm9_z256_modp_mont_inv(z_inv, P->Z);
if (y) if (y)
sm9_z256_fp_mont_mul(y, P->Y, z_inv); sm9_z256_modp_mont_mul(y, P->Y, z_inv);
sm9_z256_fp_mont_sqr(z_inv, z_inv); sm9_z256_modp_mont_sqr(z_inv, z_inv);
sm9_z256_fp_mont_mul(x, P->X, z_inv); sm9_z256_modp_mont_mul(x, P->X, z_inv);
if (y) if (y)
sm9_z256_fp_mont_mul(y, y, z_inv); sm9_z256_modp_mont_mul(y, y, z_inv);
} }
int sm9_z256_point_equ(const SM9_Z256_POINT *P, const SM9_Z256_POINT *Q) int sm9_z256_point_equ(const SM9_Z256_POINT *P, const SM9_Z256_POINT *Q)
{ {
sm9_z256_t t1, t2, t3, t4; sm9_z256_t t1, t2, t3, t4;
sm9_z256_fp_mont_sqr(t1, P->Z); sm9_z256_modp_mont_sqr(t1, P->Z);
sm9_z256_fp_mont_sqr(t2, Q->Z); sm9_z256_modp_mont_sqr(t2, Q->Z);
sm9_z256_fp_mont_mul(t3, P->X, t2); sm9_z256_modp_mont_mul(t3, P->X, t2);
sm9_z256_fp_mont_mul(t4, Q->X, t1); sm9_z256_modp_mont_mul(t4, Q->X, t1);
if (!sm9_z256_equ(t3, t4)) { if (!sm9_z256_equ(t3, t4)) {
return 0; return 0;
} }
sm9_z256_fp_mont_mul(t1, t1, P->Z); sm9_z256_modp_mont_mul(t1, t1, P->Z);
sm9_z256_fp_mont_mul(t2, t2, Q->Z); sm9_z256_modp_mont_mul(t2, t2, Q->Z);
sm9_z256_fp_mont_mul(t3, P->Y, t2); sm9_z256_modp_mont_mul(t3, P->Y, t2);
sm9_z256_fp_mont_mul(t4, Q->Y, t1); sm9_z256_modp_mont_mul(t4, Q->Y, t1);
return sm9_z256_equ(t3, t4); return sm9_z256_equ(t3, t4);
} }
@@ -1818,19 +1823,19 @@ int sm9_z256_point_is_on_curve(const SM9_Z256_POINT *P)
{ {
sm9_z256_t t0, t1, t2; sm9_z256_t t0, t1, t2;
if (sm9_z256_equ(P->Z, SM9_Z256_MODP_MONT_ONE)) { if (sm9_z256_equ(P->Z, SM9_Z256_MODP_MONT_ONE)) {
sm9_z256_fp_mont_sqr(t0, P->Y); sm9_z256_modp_mont_sqr(t0, P->Y);
sm9_z256_fp_mont_sqr(t1, P->X); sm9_z256_modp_mont_sqr(t1, P->X);
sm9_z256_fp_mont_mul(t1, t1, P->X); sm9_z256_modp_mont_mul(t1, t1, P->X);
sm9_z256_fp_add(t1, t1, SM9_Z256_MODP_MONT_FIVE); sm9_z256_modp_add(t1, t1, SM9_Z256_MODP_MONT_FIVE);
} else { } else {
sm9_z256_fp_mont_sqr(t0, P->X); sm9_z256_modp_mont_sqr(t0, P->X);
sm9_z256_fp_mont_mul(t0, t0, P->X); sm9_z256_modp_mont_mul(t0, t0, P->X);
sm9_z256_fp_mont_sqr(t1, P->Z); sm9_z256_modp_mont_sqr(t1, P->Z);
sm9_z256_fp_mont_sqr(t2, t1); sm9_z256_modp_mont_sqr(t2, t1);
sm9_z256_fp_mont_mul(t1, t1, t2); sm9_z256_modp_mont_mul(t1, t1, t2);
sm9_z256_fp_mont_mul(t1, t1, SM9_Z256_MODP_MONT_FIVE); sm9_z256_modp_mont_mul(t1, t1, SM9_Z256_MODP_MONT_FIVE);
sm9_z256_fp_add(t1, t0, t1); sm9_z256_modp_add(t1, t0, t1);
sm9_z256_fp_mont_sqr(t0, P->Y); sm9_z256_modp_mont_sqr(t0, P->Y);
} }
if (sm9_z256_equ(t0, t1) != 1) { if (sm9_z256_equ(t0, t1) != 1) {
error_print(); error_print();
@@ -1851,20 +1856,20 @@ void sm9_z256_point_dbl(SM9_Z256_POINT *R, const SM9_Z256_POINT *P)
return; return;
} }
sm9_z256_fp_mont_sqr(T2, X1); sm9_z256_modp_mont_sqr(T2, X1);
sm9_z256_fp_tri(T2, T2); sm9_z256_modp_tri(T2, T2);
sm9_z256_fp_dbl(Y3, Y1); sm9_z256_modp_dbl(Y3, Y1);
sm9_z256_fp_mont_mul(Z3, Y3, Z1); sm9_z256_modp_mont_mul(Z3, Y3, Z1);
sm9_z256_fp_mont_sqr(Y3, Y3); sm9_z256_modp_mont_sqr(Y3, Y3);
sm9_z256_fp_mont_mul(T3, Y3, X1); sm9_z256_modp_mont_mul(T3, Y3, X1);
sm9_z256_fp_mont_sqr(Y3, Y3); sm9_z256_modp_mont_sqr(Y3, Y3);
sm9_z256_fp_div2(Y3, Y3); sm9_z256_modp_haf(Y3, Y3);
sm9_z256_fp_mont_sqr(X3, T2); sm9_z256_modp_mont_sqr(X3, T2);
sm9_z256_fp_dbl(T1, T3); sm9_z256_modp_dbl(T1, T3);
sm9_z256_fp_sub(X3, X3, T1); sm9_z256_modp_sub(X3, X3, T1);
sm9_z256_fp_sub(T1, T3, X3); sm9_z256_modp_sub(T1, T3, X3);
sm9_z256_fp_mont_mul(T1, T1, T2); sm9_z256_modp_mont_mul(T1, T1, T2);
sm9_z256_fp_sub(Y3, T1, Y3); sm9_z256_modp_sub(Y3, T1, Y3);
sm9_z256_copy(R->X, X3); sm9_z256_copy(R->X, X3);
sm9_z256_copy(R->Y, Y3); sm9_z256_copy(R->Y, Y3);
@@ -1893,12 +1898,12 @@ void sm9_z256_point_add(SM9_Z256_POINT *R, const SM9_Z256_POINT *P, const SM9_Z2
return; return;
} }
sm9_z256_fp_mont_sqr(T1, Z1); sm9_z256_modp_mont_sqr(T1, Z1);
sm9_z256_fp_mont_mul(T2, T1, Z1); sm9_z256_modp_mont_mul(T2, T1, Z1);
sm9_z256_fp_mont_mul(T1, T1, x2); sm9_z256_modp_mont_mul(T1, T1, x2);
sm9_z256_fp_mont_mul(T2, T2, y2); sm9_z256_modp_mont_mul(T2, T2, y2);
sm9_z256_fp_sub(T1, T1, X1); sm9_z256_modp_sub(T1, T1, X1);
sm9_z256_fp_sub(T2, T2, Y1); sm9_z256_modp_sub(T2, T2, Y1);
if (sm9_z256_is_zero(T1)) { if (sm9_z256_is_zero(T1)) {
if (sm9_z256_is_zero(T2)) { if (sm9_z256_is_zero(T2)) {
@@ -1910,18 +1915,18 @@ void sm9_z256_point_add(SM9_Z256_POINT *R, const SM9_Z256_POINT *P, const SM9_Z2
} }
} }
sm9_z256_fp_mont_mul(Z3, Z1, T1); sm9_z256_modp_mont_mul(Z3, Z1, T1);
sm9_z256_fp_mont_sqr(T3, T1); sm9_z256_modp_mont_sqr(T3, T1);
sm9_z256_fp_mont_mul(T4, T3, T1); sm9_z256_modp_mont_mul(T4, T3, T1);
sm9_z256_fp_mont_mul(T3, T3, X1); sm9_z256_modp_mont_mul(T3, T3, X1);
sm9_z256_fp_dbl(T1, T3); sm9_z256_modp_dbl(T1, T3);
sm9_z256_fp_mont_sqr(X3, T2); sm9_z256_modp_mont_sqr(X3, T2);
sm9_z256_fp_sub(X3, X3, T1); sm9_z256_modp_sub(X3, X3, T1);
sm9_z256_fp_sub(X3, X3, T4); sm9_z256_modp_sub(X3, X3, T4);
sm9_z256_fp_sub(T3, T3, X3); sm9_z256_modp_sub(T3, T3, X3);
sm9_z256_fp_mont_mul(T3, T3, T2); sm9_z256_modp_mont_mul(T3, T3, T2);
sm9_z256_fp_mont_mul(T4, T4, Y1); sm9_z256_modp_mont_mul(T4, T4, Y1);
sm9_z256_fp_sub(Y3, T3, T4); sm9_z256_modp_sub(Y3, T3, T4);
sm9_z256_copy(R->X, X3); sm9_z256_copy(R->X, X3);
sm9_z256_copy(R->Y, Y3); sm9_z256_copy(R->Y, Y3);
@@ -1931,7 +1936,7 @@ void sm9_z256_point_add(SM9_Z256_POINT *R, const SM9_Z256_POINT *P, const SM9_Z2
void sm9_z256_point_neg(SM9_Z256_POINT *R, const SM9_Z256_POINT *P) void sm9_z256_point_neg(SM9_Z256_POINT *R, const SM9_Z256_POINT *P)
{ {
sm9_z256_copy(R->X, P->X); sm9_z256_copy(R->X, P->X);
sm9_z256_fp_neg(R->Y, P->Y); sm9_z256_modp_neg(R->Y, P->Y);
sm9_z256_copy(R->Z, P->Z); sm9_z256_copy(R->Z, P->Z);
} }
@@ -2186,7 +2191,7 @@ void sm9_z256_twist_point_dbl(SM9_Z256_TWIST_POINT *R, const SM9_Z256_TWIST_POIN
sm9_z256_fp2_sqr(Y3, Y3); sm9_z256_fp2_sqr(Y3, Y3);
sm9_z256_fp2_mul(T3, Y3, X1); sm9_z256_fp2_mul(T3, Y3, X1);
sm9_z256_fp2_sqr(Y3, Y3); sm9_z256_fp2_sqr(Y3, Y3);
sm9_z256_fp2_div2(Y3, Y3); sm9_z256_fp2_haf(Y3, Y3);
sm9_z256_fp2_sqr(X3, T2); sm9_z256_fp2_sqr(X3, T2);
sm9_z256_fp2_dbl(T1, T3); sm9_z256_fp2_dbl(T1, T3);
sm9_z256_fp2_sub(X3, X3, T1); sm9_z256_fp2_sub(X3, X3, T1);
@@ -2373,11 +2378,11 @@ void sm9_z256_eval_g_tangent(sm9_z256_fp12_t num, sm9_z256_fp12_t den, const SM9
sm9_z256_fp2_mul(t0, t0, t1); sm9_z256_fp2_mul(t0, t0, t1);
sm9_z256_fp2_mul_fp(t0, t0, xQ); sm9_z256_fp2_mul_fp(t0, t0, xQ);
sm9_z256_fp2_tri(t0, t0); sm9_z256_fp2_tri(t0, t0);
sm9_z256_fp2_div2(a4, t0); sm9_z256_fp2_haf(a4, t0);
sm9_z256_fp2_mul(t1, t1, XP); sm9_z256_fp2_mul(t1, t1, XP);
sm9_z256_fp2_tri(t1, t1); sm9_z256_fp2_tri(t1, t1);
sm9_z256_fp2_div2(t1, t1); sm9_z256_fp2_haf(t1, t1);
sm9_z256_fp2_sqr(t0, YP); sm9_z256_fp2_sqr(t0, YP);
sm9_z256_fp2_sub(a0, t0, t1); sm9_z256_fp2_sub(a0, t0, t1);
} }
@@ -2583,7 +2588,7 @@ void sm9_z256_pairing(sm9_z256_fp12_t r, const SM9_Z256_TWIST_POINT *Q, const SM
} }
int sm9_z256_fn_rand(sm9_z256_t r) int sm9_z256_modn_rand(sm9_z256_t r)
{ {
if (sm9_z256_rand_range(r, SM9_Z256_N) != 1) { if (sm9_z256_rand_range(r, SM9_Z256_N) != 1) {
error_print(); error_print();
@@ -2595,7 +2600,7 @@ int sm9_z256_fn_rand(sm9_z256_t r)
// Mont was not used for mod N // Mont was not used for mod N
void sm9_z256_fn_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b) void sm9_z256_modn_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
{ {
uint64_t c; uint64_t c;
c = sm9_z256_add(r, a, b); c = sm9_z256_add(r, a, b);
@@ -2610,7 +2615,7 @@ void sm9_z256_fn_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
} }
} }
void sm9_z256_fn_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b) void sm9_z256_modn_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
{ {
uint64_t c; uint64_t c;
c = sm9_z256_sub(r, a, b); c = sm9_z256_sub(r, a, b);
@@ -2654,7 +2659,7 @@ void sm9_z320_mul(uint64_t r[10], const uint64_t a[5], const uint64_t b[5])
const uint64_t SM9_Z256_N_BARRETT_MU[5] = {0x74df4fd4dfc97c2f, const uint64_t SM9_Z256_N_BARRETT_MU[5] = {0x74df4fd4dfc97c2f,
0x9c95d85ec9c073b0, 0x55f73aebdcd1312c, 0x67980e0beb5759a6, 0x1}; 0x9c95d85ec9c073b0, 0x55f73aebdcd1312c, 0x67980e0beb5759a6, 0x1};
void sm9_z256_fn_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b) void sm9_z256_modn_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
{ {
sm9_z256_t x, y; sm9_z256_t x, y;
uint64_t z[8], h[10], s[8]; uint64_t z[8], h[10], s[8];
@@ -2699,7 +2704,7 @@ void sm9_z256_fn_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b)
} }
} }
void sm9_z256_fn_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e) void sm9_z256_modn_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e)
{ {
sm9_z256_t t; sm9_z256_t t;
uint64_t w; uint64_t w;
@@ -2710,9 +2715,9 @@ void sm9_z256_fn_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e)
for (i = 3; i >= 0; i--) { for (i = 3; i >= 0; i--) {
w = e[i]; w = e[i];
for (j = 0; j < 64; j++) { for (j = 0; j < 64; j++) {
sm9_z256_fn_mul(t, t, t); sm9_z256_modn_mul(t, t, t);
if (w & 0x8000000000000000) { if (w & 0x8000000000000000) {
sm9_z256_fn_mul(t, t, a); sm9_z256_modn_mul(t, t, a);
} }
w <<= 1; w <<= 1;
} }
@@ -2720,18 +2725,18 @@ void sm9_z256_fn_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e)
sm9_z256_copy(r, t); sm9_z256_copy(r, t);
} }
void sm9_z256_fn_inv(sm9_z256_t r, const sm9_z256_t a) void sm9_z256_modn_inv(sm9_z256_t r, const sm9_z256_t a)
{ {
sm9_z256_t e; sm9_z256_t e;
sm9_z256_sub(e, SM9_Z256_N, SM9_Z256_TWO); sm9_z256_sub(e, SM9_Z256_N, SM9_Z256_TWO);
sm9_z256_fn_pow(r, a, e); sm9_z256_modn_pow(r, a, e);
} }
const sm9_z256_t SM9_Z256_N_MINUS_ONE_BARRETT_MU = {0x74df4fd4dfc97c31, const sm9_z256_t SM9_Z256_N_MINUS_ONE_BARRETT_MU = {0x74df4fd4dfc97c31,
0x9c95d85ec9c073b0, 0x55f73aebdcd1312c, 0x67980e0beb5759a6}; // , 0x1}; 0x9c95d85ec9c073b0, 0x55f73aebdcd1312c, 0x67980e0beb5759a6}; // , 0x1};
void sm9_z256_fn_from_hash(sm9_z256_t h, const uint8_t Ha[40]) void sm9_z256_modn_from_hash(sm9_z256_t h, const uint8_t Ha[40])
{ {
int i; int i;
uint64_t z[8] = {0}; uint64_t z[8] = {0};
@@ -2757,7 +2762,7 @@ void sm9_z256_fn_from_hash(sm9_z256_t h, const uint8_t Ha[40])
sm9_z256_mul(r, r + 5, SM9_Z256_N_MINUS_ONE); sm9_z256_mul(r, r + 5, SM9_Z256_N_MINUS_ONE);
sm9_z256_sub(h, z, r); sm9_z256_sub(h, z, r);
sm9_z256_fn_add(h, h, SM9_Z256_ONE); sm9_z256_modn_add(h, h, SM9_Z256_ONE);
} }
int sm9_z256_point_to_uncompressed_octets(const SM9_Z256_POINT *P, uint8_t octets[65]) int sm9_z256_point_to_uncompressed_octets(const SM9_Z256_POINT *P, uint8_t octets[65])
@@ -2766,8 +2771,8 @@ int sm9_z256_point_to_uncompressed_octets(const SM9_Z256_POINT *P, uint8_t octet
sm9_z256_t y; sm9_z256_t y;
sm9_z256_point_get_xy(P, x, y); sm9_z256_point_get_xy(P, x, y);
octets[0] = 0x04; octets[0] = 0x04;
sm9_z256_fp_to_bytes(x, octets + 1); // fp_to_bytes include from_mont sm9_z256_modp_to_bytes(x, octets + 1); // fp_to_bytes include from_mont
sm9_z256_fp_to_bytes(y, octets + 32 + 1); sm9_z256_modp_to_bytes(y, octets + 32 + 1);
return 1; return 1;
} }
@@ -2783,14 +2788,14 @@ int sm9_z256_point_from_uncompressed_octets(SM9_Z256_POINT *P, const uint8_t oct
error_print(); error_print();
return -1; return -1;
} }
sm9_z256_fp_to_mont(P->X, P->X); sm9_z256_modp_to_mont(P->X, P->X);
sm9_z256_from_bytes(P->Y, octets + 32 + 1); sm9_z256_from_bytes(P->Y, octets + 32 + 1);
if (sm9_z256_cmp(P->X, SM9_Z256_P) >= 0) { if (sm9_z256_cmp(P->X, SM9_Z256_P) >= 0) {
error_print(); error_print();
return -1; return -1;
} }
sm9_z256_fp_to_mont(P->Y, P->Y); sm9_z256_modp_to_mont(P->Y, P->Y);
sm9_z256_copy(P->Z, SM9_Z256_MODP_MONT_ONE); sm9_z256_copy(P->Z, SM9_Z256_MODP_MONT_ONE);

24
src/sm9_z256_key.c
View File

@@ -49,7 +49,7 @@ int sm9_z256_hash1(sm9_z256_t h1, const char *id, size_t idlen, uint8_t hid)
sm3_update(&ctx, ct2, sizeof(ct2)); sm3_update(&ctx, ct2, sizeof(ct2));
sm3_finish(&ctx, Ha + 32); sm3_finish(&ctx, Ha + 32);
sm9_z256_fn_from_hash(h1, Ha); sm9_z256_modn_from_hash(h1, Ha);
return 1; return 1;
} }
@@ -364,7 +364,7 @@ int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *msk)
return -1; return -1;
} }
// k = rand(1, n-1) // k = rand(1, n-1)
if (sm9_z256_fn_rand(msk->ks) != 1) { if (sm9_z256_rand_range(msk->ks, SM9_Z256_N) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -376,7 +376,7 @@ int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *msk)
int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *msk) int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *msk)
{ {
// k = rand(1, n-1) // k = rand(1, n-1)
if (sm9_z256_fn_rand(msk->ke) != 1) { if (sm9_z256_rand_range(msk->ke, SM9_Z256_N) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -391,7 +391,7 @@ int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *msk, const char *id, si
// t1 = H1(ID || hid, N) + ks // t1 = H1(ID || hid, N) + ks
sm9_z256_hash1(t, id, idlen, SM9_HID_SIGN); sm9_z256_hash1(t, id, idlen, SM9_HID_SIGN);
sm9_z256_fn_add(t, t, msk->ks); sm9_z256_modn_add(t, t, msk->ks);
if (sm9_z256_is_zero(t)) { if (sm9_z256_is_zero(t)) {
// 这是一个严重问题意味着整个msk都需要作废了 // 这是一个严重问题意味着整个msk都需要作废了
error_print(); error_print();
@@ -399,8 +399,8 @@ int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *msk, const char *id, si
} }
// t2 = ks * t1^-1 // t2 = ks * t1^-1
sm9_z256_fn_inv(t, t); sm9_z256_modn_inv(t, t);
sm9_z256_fn_mul(t, t, msk->ks); sm9_z256_modn_mul(t, t, msk->ks);
// ds = t2 * P1 // ds = t2 * P1
sm9_z256_point_mul_generator(&key->ds, t); sm9_z256_point_mul_generator(&key->ds, t);
@@ -416,15 +416,15 @@ int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *msk, const char *id, size
// t1 = H1(ID || hid, N) + ke // t1 = H1(ID || hid, N) + ke
sm9_z256_hash1(t, id, idlen, SM9_HID_ENC); sm9_z256_hash1(t, id, idlen, SM9_HID_ENC);
sm9_z256_fn_add(t, t, msk->ke); sm9_z256_modn_add(t, t, msk->ke);
if (sm9_z256_is_zero(t)) { if (sm9_z256_is_zero(t)) {
error_print(); error_print();
return -1; return -1;
} }
// t2 = ke * t1^-1 // t2 = ke * t1^-1
sm9_z256_fn_inv(t, t); sm9_z256_modn_inv(t, t);
sm9_z256_fn_mul(t, t, msk->ke); sm9_z256_modn_mul(t, t, msk->ke);
// de = t2 * P2 // de = t2 * P2
sm9_z256_twist_point_mul_generator(&key->de, t); sm9_z256_twist_point_mul_generator(&key->de, t);
@@ -440,15 +440,15 @@ int sm9_exch_master_key_extract_key(SM9_EXCH_MASTER_KEY *msk, const char *id, si
// t1 = H1(ID || hid, N) + ke // t1 = H1(ID || hid, N) + ke
sm9_z256_hash1(t, id, idlen, SM9_HID_EXCH); sm9_z256_hash1(t, id, idlen, SM9_HID_EXCH);
sm9_z256_fn_add(t, t, msk->ke); sm9_z256_modn_add(t, t, msk->ke);
if (sm9_z256_is_zero(t)) { if (sm9_z256_is_zero(t)) {
error_print(); error_print();
return -1; return -1;
} }
// t2 = ke * t1^-1 // t2 = ke * t1^-1
sm9_z256_fn_inv(t, t); sm9_z256_modn_inv(t, t);
sm9_z256_fn_mul(t, t, msk->ke); sm9_z256_modn_mul(t, t, msk->ke);
// de = t2 * P2 // de = t2 * P2
sm9_z256_twist_point_mul_generator(&key->de, t); sm9_z256_twist_point_mul_generator(&key->de, t);

15
src/sm9_z256_lib.c
View File

@@ -127,7 +127,7 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *
do { do {
// A2: rand r in [1, N-1] // A2: rand r in [1, N-1]
if (sm9_z256_fn_rand(r) != 1) { if (sm9_z256_rand_range(r, SM9_Z256_N) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -146,10 +146,10 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *
sm3_finish(&ctx, Ha); sm3_finish(&ctx, Ha);
sm3_update(&tmp_ctx, ct2, sizeof(ct2)); sm3_update(&tmp_ctx, ct2, sizeof(ct2));
sm3_finish(&tmp_ctx, Ha + 32); sm3_finish(&tmp_ctx, Ha + 32);
sm9_z256_fn_from_hash(sig->h, Ha); sm9_z256_modn_from_hash(sig->h, Ha);
// A5: l = (r - h) mod N, if l = 0, goto A2 // A5: l = (r - h) mod N, if l = 0, goto A2
sm9_z256_fn_sub(r, r, sig->h); sm9_z256_modn_sub(r, r, sig->h);
} while (sm9_z256_is_zero(r)); } while (sm9_z256_is_zero(r));
@@ -246,7 +246,7 @@ int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen,
sm3_finish(&ctx, Ha); sm3_finish(&ctx, Ha);
sm3_update(&tmp_ctx, ct2, sizeof(ct2)); sm3_update(&tmp_ctx, ct2, sizeof(ct2));
sm3_finish(&tmp_ctx, Ha + 32); sm3_finish(&tmp_ctx, Ha + 32);
sm9_z256_fn_from_hash(h2, Ha); sm9_z256_modn_from_hash(h2, Ha);
if (sm9_z256_equ(h2, sig->h) != 1) { if (sm9_z256_equ(h2, sig->h) != 1) {
return 0; return 0;
} }
@@ -270,7 +270,7 @@ int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
do { do {
// A2: rand r in [1, N-1] // A2: rand r in [1, N-1]
if (sm9_z256_fn_rand(r) != 1) { if (sm9_z256_rand_range(r, SM9_Z256_N) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -531,7 +531,7 @@ int sm9_exch_step_1A(const SM9_EXCH_MASTER_KEY *mpk, const char *idB, size_t idB
sm9_z256_point_add(RA, RA, &mpk->Ppube); sm9_z256_point_add(RA, RA, &mpk->Ppube);
// A2: rand rA in [1, N-1] // A2: rand rA in [1, N-1]
if (sm9_z256_fn_rand(rA) != 1) { if (sm9_z256_rand_range(rA, SM9_Z256_N) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -561,7 +561,8 @@ int sm9_exch_step_1B(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idA
do { do {
// B2: rand rB in [1, N-1] // B2: rand rB in [1, N-1]
if (sm9_z256_fn_rand(rB) != 1) { // FIXME: check rb != 0
if (sm9_z256_rand_range(rB, SM9_Z256_N) != 1) {
error_print(); error_print();
return -1; return -1;
} }

98
tests/sm9test.c
View File

@@ -22,7 +22,7 @@
#define hex_fp_nsub "7271168367e4cd3397052b4ff8f19699401c4f9167fc4b8a9f64ef75bfb405a9" #define hex_fp_nsub "7271168367e4cd3397052b4ff8f19699401c4f9167fc4b8a9f64ef75bfb405a9"
#define hex_fp_dbl "551de7a0ee24723edcf314ff72f478fac1c7c4e7044238acc3913cfbcdaf7d05" #define hex_fp_dbl "551de7a0ee24723edcf314ff72f478fac1c7c4e7044238acc3913cfbcdaf7d05"
#define hex_fp_tri "248cdb7163e4d7e5606ac9d731a751d591b25db4f925dd9532a20de5c2de98c9" #define hex_fp_tri "248cdb7163e4d7e5606ac9d731a751d591b25db4f925dd9532a20de5c2de98c9"
#define hex_fp_div2 "9df779e83d83d9c517bf85bbd4e833b289e7dfb214ecc1501cf8039cdde8d35f" #define hex_fp_haf "9df779e83d83d9c517bf85bbd4e833b289e7dfb214ecc1501cf8039cdde8d35f"
#define hex_fp_neg "30910c2f8a3f9a597c884b28414d2725301567320b1c5b1790ef2f160ad0e43c" #define hex_fp_neg "30910c2f8a3f9a597c884b28414d2725301567320b1c5b1790ef2f160ad0e43c"
#define hex_fp_mul "9e4d19bb5d94a47352e6f53f4116b2a71b16a1113dc789b26528ee19f46b72e0" #define hex_fp_mul "9e4d19bb5d94a47352e6f53f4116b2a71b16a1113dc789b26528ee19f46b72e0"
#define hex_fp_sqr "46dc2a5b8853234b341d9c57f9c4ca5709e95bbfef25356812e884e4f38cd0d6" #define hex_fp_sqr "46dc2a5b8853234b341d9c57f9c4ca5709e95bbfef25356812e884e4f38cd0d6"
@@ -57,21 +57,21 @@ int test_sm9_z256_fp() {
sm9_z256_t iv = {0x0fedcba987654321, 0x123456789abcdef0, 0x0fedcba987654321, 0x123456789abcdef0}; sm9_z256_t iv = {0x0fedcba987654321, 0x123456789abcdef0, 0x0fedcba987654321, 0x123456789abcdef0};
sm9_z256_from_hex(r, hex_iv); if (sm9_z256_cmp(r, iv) != 0) goto err; ++j; sm9_z256_from_hex(r, hex_iv); if (sm9_z256_cmp(r, iv) != 0) goto err; ++j;
sm9_z256_fp_to_mont(x, x); sm9_z256_modp_to_mont(x, x);
sm9_z256_fp_to_mont(y, y); sm9_z256_modp_to_mont(y, y);
sm9_z256_fp_add(r, x, y); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_add)) goto err; ++j; sm9_z256_modp_add(r, x, y); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_add)) goto err; ++j;
sm9_z256_fp_sub(r, x, y); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_sub)) goto err; ++j; sm9_z256_modp_sub(r, x, y); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_sub)) goto err; ++j;
sm9_z256_fp_sub(r, y, x); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_nsub)) goto err; ++j; sm9_z256_modp_sub(r, y, x); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_nsub)) goto err; ++j;
sm9_z256_fp_dbl(r, x); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_dbl)) goto err; ++j; sm9_z256_modp_dbl(r, x); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_dbl)) goto err; ++j;
sm9_z256_fp_tri(r, x); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_tri)) goto err; ++j; sm9_z256_modp_tri(r, x); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_tri)) goto err; ++j;
sm9_z256_fp_div2(r, x); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_div2)) goto err; ++j; sm9_z256_modp_haf(r, x); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_haf)) goto err; ++j;
sm9_z256_fp_neg(r, x); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_neg)) goto err; ++j; sm9_z256_modp_neg(r, x); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_neg)) goto err; ++j;
sm9_z256_fp_mont_mul(r, x, y); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_mul)) goto err; ++j; sm9_z256_modp_mont_mul(r, x, y); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_mul)) goto err; ++j;
sm9_z256_fp_mont_sqr(r, x); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_sqr)) goto err; ++j; sm9_z256_modp_mont_sqr(r, x); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_sqr)) goto err; ++j;
sm9_z256_fp_from_mont(y, y); sm9_z256_modp_from_mont(y, y);
sm9_z256_fp_pow(r, x, y); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_pow)) goto err; ++j; sm9_z256_modp_mont_pow(r, x, y); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_pow)) goto err; ++j;
sm9_z256_fp_inv(r, x); sm9_z256_fp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_inv)) goto err; ++j; sm9_z256_modp_mont_inv(r, x); sm9_z256_modp_from_mont(r, r); if (!sm9_z256_equ_hex(r, hex_fp_inv)) goto err; ++j;
printf("%s() ok\n", __FUNCTION__); printf("%s() ok\n", __FUNCTION__);
return 1; return 1;
@@ -100,12 +100,12 @@ int test_sm9_z256_fn() {
sm9_z256_from_hex(y, hex_y); sm9_z256_from_hex(y, hex_y);
sm9_z256_t iv = {0, 0, 0, 0}; if (!sm9_z256_is_zero(iv)) goto err; ++j; sm9_z256_t iv = {0, 0, 0, 0}; if (!sm9_z256_is_zero(iv)) goto err; ++j;
sm9_z256_fn_add(r, x, y); if (!sm9_z256_equ_hex(r, hex_fn_add)) goto err; ++j; sm9_z256_modn_add(r, x, y); if (!sm9_z256_equ_hex(r, hex_fn_add)) goto err; ++j;
sm9_z256_fn_sub(r, x, y); if (!sm9_z256_equ_hex(r, hex_fn_sub)) goto err; ++j; sm9_z256_modn_sub(r, x, y); if (!sm9_z256_equ_hex(r, hex_fn_sub)) goto err; ++j;
sm9_z256_fn_sub(r, y, x); if (!sm9_z256_equ_hex(r, hex_fn_nsub)) goto err; ++j; sm9_z256_modn_sub(r, y, x); if (!sm9_z256_equ_hex(r, hex_fn_nsub)) goto err; ++j;
sm9_z256_fn_mul(r, x, y); if (!sm9_z256_equ_hex(r, hex_fn_mul)) goto err; ++j; sm9_z256_modn_mul(r, x, y); if (!sm9_z256_equ_hex(r, hex_fn_mul)) goto err; ++j;
sm9_z256_fn_pow(r, x, y); if (!sm9_z256_equ_hex(r, hex_fn_pow)) goto err; ++j; sm9_z256_modn_pow(r, x, y); if (!sm9_z256_equ_hex(r, hex_fn_pow)) goto err; ++j;
sm9_z256_fn_inv(r, x); if (!sm9_z256_equ_hex(r, hex_fn_inv)) goto err; ++j; sm9_z256_modn_inv(r, x); if (!sm9_z256_equ_hex(r, hex_fn_inv)) goto err; ++j;
printf("%s() ok\n", __FUNCTION__); printf("%s() ok\n", __FUNCTION__);
return 1; return 1;
@@ -128,7 +128,7 @@ err:
#define hex_fp2_sqr_u "16bd622a907d7a92e475ed336e8ebca2cc1e38dd2ae69aaf2a96208eba0ee06e-5b52579f25e413c717eb438cc69bc7d0e40a4518be8032dddb7e4385c8a693d4" #define hex_fp2_sqr_u "16bd622a907d7a92e475ed336e8ebca2cc1e38dd2ae69aaf2a96208eba0ee06e-5b52579f25e413c717eb438cc69bc7d0e40a4518be8032dddb7e4385c8a693d4"
#define hex_fp2_inv "93ceda7dddd537eb9307a06313598e650a568d931d16ab98ca0a7483c3b502e2-6face8b958e2bdc0771fd9d700f2703f881ef0d13509f16937f0a0c344647175" #define hex_fp2_inv "93ceda7dddd537eb9307a06313598e650a568d931d16ab98ca0a7483c3b502e2-6face8b958e2bdc0771fd9d700f2703f881ef0d13509f16937f0a0c344647175"
#define hex_fp2_div "ad68ff7c507f2d4e1cc6cd973c6b821906b9f5937a04fdedc84af1f75f97d00b-8a84a35da11d401c8dca50a572ce7a8c99e7117c45d251f57a2418613dab16bb" #define hex_fp2_div "ad68ff7c507f2d4e1cc6cd973c6b821906b9f5937a04fdedc84af1f75f97d00b-8a84a35da11d401c8dca50a572ce7a8c99e7117c45d251f57a2418613dab16bb"
#define hex_fp2_div2 "0ba84d8497422e09335d0693165f7376839b54b7d1a3e45ec2b6e3b5c275f5cb-af07946a8e30f24c1a9a8db2995b2b9bb4f126f1e0ca7b76a3c2ab66d67576a2" #define hex_fp2_haf "0ba84d8497422e09335d0693165f7376839b54b7d1a3e45ec2b6e3b5c275f5cb-af07946a8e30f24c1a9a8db2995b2b9bb4f126f1e0ca7b76a3c2ab66d67576a2"
int test_sm9_z256_fp2() { int test_sm9_z256_fp2() {
const SM9_Z256_TWIST_POINT _P2 = { const SM9_Z256_TWIST_POINT _P2 = {
@@ -158,11 +158,11 @@ int test_sm9_z256_fp2() {
sm9_z256_fp2_copy(y, Ppubs->X); sm9_z256_fp2_copy(y, Ppubs->X);
sm9_z256_from_hex(k, hex_iv); sm9_z256_from_hex(k, hex_iv);
sm9_z256_fp_to_mont(x[0], x[0]); sm9_z256_modp_to_mont(x[0], x[0]);
sm9_z256_fp_to_mont(x[1], x[1]); sm9_z256_modp_to_mont(x[1], x[1]);
sm9_z256_fp_to_mont(y[0], y[0]); sm9_z256_modp_to_mont(y[0], y[0]);
sm9_z256_fp_to_mont(y[1], y[1]); sm9_z256_modp_to_mont(y[1], y[1]);
sm9_z256_fp_to_mont(k, k); sm9_z256_modp_to_mont(k, k);
sm9_z256_fp2_t iv2 = {{0xf1fdd299c9bb073c, 0xd632457dd14f49a9, 0x6e492768664a2b72, 0xa39654024e243d80}, sm9_z256_fp2_t iv2 = {{0xf1fdd299c9bb073c, 0xd632457dd14f49a9, 0x6e492768664a2b72, 0xa39654024e243d80},
{0x0fedcba987654321, 0x123456789abcdef0, 0x0fedcba987654321, 0x123456789abcdef0}}; {0x0fedcba987654321, 0x123456789abcdef0, 0x0fedcba987654321, 0x123456789abcdef0}};
@@ -180,7 +180,7 @@ int test_sm9_z256_fp2() {
sm9_z256_fp2_sqr_u(r, x); sm9_z256_fp2_from_hex(s, hex_fp2_sqr_u); if (!sm9_z256_fp2_equ(r, s)) goto err; ++j; sm9_z256_fp2_sqr_u(r, x); sm9_z256_fp2_from_hex(s, hex_fp2_sqr_u); if (!sm9_z256_fp2_equ(r, s)) goto err; ++j;
sm9_z256_fp2_inv(r, x); sm9_z256_fp2_from_hex(s, hex_fp2_inv); if (!sm9_z256_fp2_equ(r, s)) goto err; ++j; sm9_z256_fp2_inv(r, x); sm9_z256_fp2_from_hex(s, hex_fp2_inv); if (!sm9_z256_fp2_equ(r, s)) goto err; ++j;
sm9_z256_fp2_div(r, x, y); sm9_z256_fp2_from_hex(s, hex_fp2_div); if (!sm9_z256_fp2_equ(r, s)) goto err; ++j; sm9_z256_fp2_div(r, x, y); sm9_z256_fp2_from_hex(s, hex_fp2_div); if (!sm9_z256_fp2_equ(r, s)) goto err; ++j;
sm9_z256_fp2_div2(r, x); sm9_z256_fp2_from_hex(s, hex_fp2_div2); if (!sm9_z256_fp2_equ(r, s)) goto err; ++j; sm9_z256_fp2_haf(r, x); sm9_z256_fp2_from_hex(s, hex_fp2_haf); if (!sm9_z256_fp2_equ(r, s)) goto err; ++j;
printf("%s() ok\n", __FUNCTION__); printf("%s() ok\n", __FUNCTION__);
return 1; return 1;
@@ -253,10 +253,10 @@ int test_sm9_z256_fp4() {
sm9_z256_fp2_from_hex(y[0], hex_fp2_add); sm9_z256_fp2_from_hex(y[0], hex_fp2_add);
sm9_z256_fp2_from_hex(y[1], hex_fp2_tri); sm9_z256_fp2_from_hex(y[1], hex_fp2_tri);
sm9_z256_from_hex(k, hex_iv); sm9_z256_from_hex(k, hex_iv);
sm9_z256_fp_to_mont(k, k); sm9_z256_modp_to_mont(k, k);
sm9_z256_fp2_copy(q, Ppubs->X); sm9_z256_fp2_copy(q, Ppubs->X);
sm9_z256_fp_to_mont(q[0], q[0]); sm9_z256_modp_to_mont(q[0], q[0]);
sm9_z256_fp_to_mont(q[1], q[1]); sm9_z256_modp_to_mont(q[1], q[1]);
sm9_z256_fp4_t iv4 = {{{0xf1fdd299c9bb073c, 0xd632457dd14f49a9, 0x6e492768664a2b72, 0xa39654024e243d80}, sm9_z256_fp4_t iv4 = {{{0xf1fdd299c9bb073c, 0xd632457dd14f49a9, 0x6e492768664a2b72, 0xa39654024e243d80},
{0x0fedcba987654321, 0x123456789abcdef0, 0x0fedcba987654321, 0x123456789abcdef0}}, {0x0fedcba987654321, 0x123456789abcdef0, 0x0fedcba987654321, 0x123456789abcdef0}},
@@ -562,21 +562,21 @@ int test_sm9_z256_pairing()
sm9_z256_t k; sm9_z256_t k;
int j = 1; int j = 1;
sm9_z256_fp_to_mont(P1->X, P1->X); sm9_z256_modp_to_mont(P1->X, P1->X);
sm9_z256_fp_to_mont(P1->Y, P1->Y); sm9_z256_modp_to_mont(P1->Y, P1->Y);
sm9_z256_fp_to_mont(P1->Z, P1->Z); sm9_z256_modp_to_mont(P1->Z, P1->Z);
sm9_z256_fp_to_mont(P2->X[0], P2->X[0]); sm9_z256_modp_to_mont(P2->X[0], P2->X[0]);
sm9_z256_fp_to_mont(P2->Y[0], P2->Y[0]); sm9_z256_modp_to_mont(P2->Y[0], P2->Y[0]);
sm9_z256_fp_to_mont(P2->Z[0], P2->Z[0]); sm9_z256_modp_to_mont(P2->Z[0], P2->Z[0]);
sm9_z256_fp_to_mont(P2->X[1], P2->X[1]); sm9_z256_modp_to_mont(P2->X[1], P2->X[1]);
sm9_z256_fp_to_mont(P2->Y[1], P2->Y[1]); sm9_z256_modp_to_mont(P2->Y[1], P2->Y[1]);
sm9_z256_fp_to_mont(P2->Z[1], P2->Z[1]); sm9_z256_modp_to_mont(P2->Z[1], P2->Z[1]);
sm9_z256_fp_to_mont(Ppubs->X[0], Ppubs->X[0]); sm9_z256_modp_to_mont(Ppubs->X[0], Ppubs->X[0]);
sm9_z256_fp_to_mont(Ppubs->Y[0], Ppubs->Y[0]); sm9_z256_modp_to_mont(Ppubs->Y[0], Ppubs->Y[0]);
sm9_z256_fp_to_mont(Ppubs->Z[0], Ppubs->Z[0]); sm9_z256_modp_to_mont(Ppubs->Z[0], Ppubs->Z[0]);
sm9_z256_fp_to_mont(Ppubs->X[1], Ppubs->X[1]); sm9_z256_modp_to_mont(Ppubs->X[1], Ppubs->X[1]);
sm9_z256_fp_to_mont(Ppubs->Y[1], Ppubs->Y[1]); sm9_z256_modp_to_mont(Ppubs->Y[1], Ppubs->Y[1]);
sm9_z256_fp_to_mont(Ppubs->Z[1], Ppubs->Z[1]); sm9_z256_modp_to_mont(Ppubs->Z[1], Ppubs->Z[1]);
sm9_z256_pairing(r, Ppubs, P1); sm9_z256_fp12_from_hex(s, hex_pairing1); if (!sm9_z256_fp12_equ(r, s)) goto err; ++j; sm9_z256_pairing(r, Ppubs, P1); sm9_z256_fp12_from_hex(s, hex_pairing1); if (!sm9_z256_fp12_equ(r, s)) goto err; ++j;
@@ -647,9 +647,9 @@ int test_sm9_z256_ciphertext()
}; };
SM9_Z256_POINT *P1 = &_P1; SM9_Z256_POINT *P1 = &_P1;
sm9_z256_fp_to_mont(P1->X, P1->X); sm9_z256_modp_to_mont(P1->X, P1->X);
sm9_z256_fp_to_mont(P1->Y, P1->Y); sm9_z256_modp_to_mont(P1->Y, P1->Y);
sm9_z256_fp_to_mont(P1->Z, P1->Z); sm9_z256_modp_to_mont(P1->Z, P1->Z);
SM9_Z256_POINT C1; SM9_Z256_POINT C1;
uint8_t c2[SM9_MAX_PLAINTEXT_SIZE]; uint8_t c2[SM9_MAX_PLAINTEXT_SIZE];