From 54a4d1b9aacfcfe071feecfb455adbcbcf584d3e Mon Sep 17 00:00:00 2001
From: Gorachya <heyifei1998@sina.com>
Date: Sat, 2 Feb 2019 20:24:54 -0800
Subject: [PATCH 1/2] modify-sm9

---
 crypto/sm9/build.info   |  0
 crypto/sm9/sm9_ameth.c  |  0
 crypto/sm9/sm9_asn1.c   |  0
 crypto/sm9/sm9_enc.c    |  0
 crypto/sm9/sm9_err.c    |  0
 crypto/sm9/sm9_exch.c   |  0
 crypto/sm9/sm9_keygen.c |  0
 crypto/sm9/sm9_lcl.h    |  1 +
 crypto/sm9/sm9_lib.c    |  0
 crypto/sm9/sm9_params.c | 32 ++++++++++++++++++++++++++++++++
 crypto/sm9/sm9_pmeth.c  |  0
 crypto/sm9/sm9_prn.c    |  0
 crypto/sm9/sm9_rate.c   | 35 +++++++++++++++--------------------
 crypto/sm9/sm9_setup.c  |  0
 crypto/sm9/sm9_sign.c   |  0
 15 files changed, 48 insertions(+), 20 deletions(-)
 mode change 100644 => 100755 crypto/sm9/build.info
 mode change 100644 => 100755 crypto/sm9/sm9_ameth.c
 mode change 100644 => 100755 crypto/sm9/sm9_asn1.c
 mode change 100644 => 100755 crypto/sm9/sm9_enc.c
 mode change 100644 => 100755 crypto/sm9/sm9_err.c
 mode change 100644 => 100755 crypto/sm9/sm9_exch.c
 mode change 100644 => 100755 crypto/sm9/sm9_keygen.c
 mode change 100644 => 100755 crypto/sm9/sm9_lcl.h
 mode change 100644 => 100755 crypto/sm9/sm9_lib.c
 mode change 100644 => 100755 crypto/sm9/sm9_params.c
 mode change 100644 => 100755 crypto/sm9/sm9_pmeth.c
 mode change 100644 => 100755 crypto/sm9/sm9_prn.c
 mode change 100644 => 100755 crypto/sm9/sm9_setup.c
 mode change 100644 => 100755 crypto/sm9/sm9_sign.c

diff --git a/crypto/sm9/build.info b/crypto/sm9/build.info
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_ameth.c b/crypto/sm9/sm9_ameth.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_asn1.c b/crypto/sm9/sm9_asn1.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_enc.c b/crypto/sm9/sm9_enc.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_err.c b/crypto/sm9/sm9_err.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_exch.c b/crypto/sm9/sm9_exch.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_keygen.c b/crypto/sm9/sm9_keygen.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_lcl.h b/crypto/sm9/sm9_lcl.h
old mode 100644
new mode 100755
index 7e18906b..847f65ec
--- a/crypto/sm9/sm9_lcl.h
+++ b/crypto/sm9/sm9_lcl.h
@@ -151,6 +151,7 @@ const BIGNUM *SM9_get0_order(void);
 const BIGNUM *SM9_get0_order_minus_one(void);
 const BIGNUM *SM9_get0_loop_count(void);
 const BIGNUM *SM9_get0_final_exponent(void);
+const BIGNUM *SM9_get0_fast_final_exponent(void);
 const BIGNUM *SM9_get0_generator2_x0(void);
 const BIGNUM *SM9_get0_generator2_x1(void);
 const BIGNUM *SM9_get0_generator2_y0(void);
diff --git a/crypto/sm9/sm9_lib.c b/crypto/sm9/sm9_lib.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_params.c b/crypto/sm9/sm9_params.c
old mode 100644
new mode 100755
index 8e67e524..52d3e1f9
--- a/crypto/sm9/sm9_params.c
+++ b/crypto/sm9/sm9_params.c
@@ -62,6 +62,7 @@
 #define BN_SM9_BN256_TOP (256+BN_BITS2-1)/BN_BITS2
 #define BN_SM9_LOOP_TOP (66+BN_BITS2-1)/BN_BITS2
 #define BN_SM9_FINAL_EXPO_TOP (2816+BN_BITS2-1)/BN_BITS2
+#define BN_SM9_FAST_FINAL_EXPO_P3_TOP (768+BN_BITS2-1)/BN_BITS2
 
 #if BN_BITS2 == 64
 static const BN_ULONG _sm9bn256v1_prime[BN_SM9_BN256_TOP] = {
@@ -122,6 +123,15 @@ static const BN_ULONG _sm9bn256v1_final_expo[BN_SM9_FINAL_EXPO_TOP] = {
 	0x1A09A6AE43ADE454ULL, 0x061835E8B1259499ULL,
 };
 
+static const BN_ULONG _sm9bn256v1_fast_final_expo_p3[BN_SM9_FAST_FINAL_EXPO_P3_TOP] = {
+	0xA9B2ADA593152855ULL, 0x44BF9D0FA74DDFB7ULL,
+	0x83687EE0C6D9188CULL, 0xE0D49DE3AA8A4748ULL,
+	0x0DA3D71BCDB13FE5ULL, 0xA5782C82FDB6B0A1ULL,
+	0x7C0CA02D9B0D8649ULL, 0xBA4CADE09029E471ULL,
+	0xDC53E586930846F1ULL, 0xD62CD8FB7B497A0AULL,
+	0xF12FCAD3B31FE2B0ULL, 0x5C5E452404034E2AULL,
+};
+
 #elif BN_BITS2 == 32
 static const BN_ULONG _sm9bn256v1_prime[BN_SM9_BN256_TOP] = {
 	0xE351457D, 0xE56F9B27, 0x1A7AEEDB, 0x21F2934B,
@@ -181,6 +191,15 @@ static const BN_ULONG _sm9bn256v1_final_expo[BN_SM9_FINAL_EXPO_TOP] = {
 	0x43ADE454, 0x1A09A6AE, 0xB1259499, 0x061835E8,
 };
 
+static const BN_ULONG _sm9bn256v1_fast_final_expo_p3[BN_SM9_FAST_FINAL_EXPO_P3_TOP] = {
+	0xA9B2ADA5, 0x93152855, 0x44BF9D0F, 0xA74DDFB7,
+	0x83687EE0, 0xC6D9188C, 0xE0D49DE3, 0xAA8A4748,
+	0x0DA3D71B, 0xCDB13FE5, 0xA5782C82, 0xFDB6B0A1,
+	0x7C0CA02D, 0x9B0D8649, 0xBA4CADE0, 0x9029E471,
+	0xDC53E586, 0x930846F1, 0xD62CD8FB, 0x7B497A0A,
+	0xF12FCAD3, 0xB31FE2B0, 0x5C5E4524, 0x04034E2A,
+};
+
 #else
 # error "unsupported BN_BITS2"
 #endif
@@ -225,6 +244,14 @@ static const BIGNUM _bignum_sm9bn256v1_final_expo = {
 	BN_FLG_STATIC_DATA
 };
 
+static const BIGNUM _bignum_sm9bn256v1_fast_final_expo_p3 = {
+	(BN_ULONG *)_sm9bn256v1_fast_final_expo_p3,
+	BN_SM9_FAST_FINAL_EXPO_P3_TOP,
+	BN_SM9_FAST_FINAL_EXPO_P3_TOP,
+	0,
+	BN_FLG_STATIC_DATA
+};
+
 static const BIGNUM _bignum_sm9bn256v1_x20 = {
 	(BN_ULONG *)_sm9bn256v1_x2[0],
 	BN_SM9_BN256_TOP,
@@ -301,3 +328,8 @@ const BIGNUM *SM9_get0_final_exponent(void)
 {
 	return &_bignum_sm9bn256v1_final_expo;
 }
+
+const BIGNUM *SM9_get0_fast_final_exponent(void)
+{
+	return &_bignum_sm9bn256v1_fast_final_expo_p3;
+}
diff --git a/crypto/sm9/sm9_pmeth.c b/crypto/sm9/sm9_pmeth.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_prn.c b/crypto/sm9/sm9_prn.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_rate.c b/crypto/sm9/sm9_rate.c
index d4903af1..06c6c495 100755
--- a/crypto/sm9/sm9_rate.c
+++ b/crypto/sm9/sm9_rate.c
@@ -2397,7 +2397,7 @@ static int final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p
 
 static int fast_final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p, BN_CTX *ctx)
 {
-	// (p^4-p^2+1)/n will be directly used to finish the 3rd step with k unused here.
+	// (p^4-p^2+1)/n is k
 	int i, n;
 	fp12_t t;
 	fp12_t t0;
@@ -2427,7 +2427,7 @@ static int fast_final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGN
 	if (!fp12_mul(t, t0, t, p, ctx)) { // t = t0 * t = a ^ (p^6-1) = a1
 		return 0;
 	}
-	
+
 	// second step: a = a ^ (p^2+1)
 	if (!fp12_copy(t0, t)) { // t0 = t = a1
 		return 0;
@@ -2461,32 +2461,24 @@ static int fast_final_expo(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGN
 	if (!fp12_mul(t, t0, t, p, ctx)) { // t = t0 * t = a ^ (p^2+1) = a2
 		return 0;
 	}
-	
+
 	// third step: a = a ^ [(p^4-p^2+1)/n]
-	BIGNUM *x = BN_new();
-	BN_init(x);
-	
-	// this is (p^4-p^2+1)/n
-	const char *power_p3 = 	"56016940484435473570363458812714626596371"
-							"56263396225483794771796879929232299116963"
-							"85989797265808925975765890463898744492959"
-							"90589989684454491684765426953541105430217"
-							"12895268418170653274635803649243300415902"
-							"97941432449745271567755349";
-	if (!BN_dec2bn(&x, power_p3)){
+
+	if (!fp12_copy(t0, t)) {
 		return 0;
 	}
-	n = BN_num_bits(x);
+
+	n = BN_num_bits(k);
 	for (i = n - 2; i >= 0; i--) {
 		if (!fp12_sqr(t, t, p, ctx)) {
 			return 0;
 		}
-		if (BN_is_bit_set(x, i)) {
-			if (!fp12_mul(t, t, a, p, ctx)) {
+		if (BN_is_bit_set(k, i)) {
+			if (!fp12_mul(t, t, t0, p, ctx)) {
 				return 0;
 			}
 		}
-	}	
+	}
 	fp12_copy(r, t);
 	return 1;
 }
@@ -2571,7 +2563,7 @@ static int rate(fp12_t f, const point_t *Q, const BIGNUM *xP, const BIGNUM *yP,
 	point_add(&T, &T, &Q2, p, ctx);
 
 	/* f = f^((p^12 - 1)/n) */
-#ifndef SM9_FAST
+#ifdef NOSM9_FAST
 	final_expo(f, f, k, p, ctx);
 #else
 	fast_final_expo(f, f, k, p, ctx); // (p^6-1) * (p^2+1) * [(p^4-p^2+1)/n]
@@ -2610,8 +2602,11 @@ int rate_pairing(fp12_t r, const point_t *Q, const EC_POINT *P, BN_CTX *ctx)
 	group = EC_GROUP_new_by_curve_name(NID_sm9bn256v1);
 	p = SM9_get0_prime();
 	a = SM9_get0_loop_count();
+#ifdef NOSM9_FAST
 	k = SM9_get0_final_exponent();
-
+#else
+	k = SM9_get0_fast_final_exponent();
+#endif
 	xP = BN_CTX_get(ctx);
 	yP = BN_CTX_get(ctx);
 
diff --git a/crypto/sm9/sm9_setup.c b/crypto/sm9/sm9_setup.c
old mode 100644
new mode 100755
diff --git a/crypto/sm9/sm9_sign.c b/crypto/sm9/sm9_sign.c
old mode 100644
new mode 100755

From 43315ff95d48668f70387c91187cc6e730544372 Mon Sep 17 00:00:00 2001
From: Gorachya <heyifei1998@sina.com>
Date: Sat, 2 Feb 2019 20:55:42 -0800
Subject: [PATCH 2/2] params-modified

---
 crypto/sm9/sm9_params.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/crypto/sm9/sm9_params.c b/crypto/sm9/sm9_params.c
index 52d3e1f9..9a058845 100755
--- a/crypto/sm9/sm9_params.c
+++ b/crypto/sm9/sm9_params.c
@@ -192,12 +192,12 @@ static const BN_ULONG _sm9bn256v1_final_expo[BN_SM9_FINAL_EXPO_TOP] = {
 };
 
 static const BN_ULONG _sm9bn256v1_fast_final_expo_p3[BN_SM9_FAST_FINAL_EXPO_P3_TOP] = {
-	0xA9B2ADA5, 0x93152855, 0x44BF9D0F, 0xA74DDFB7,
-	0x83687EE0, 0xC6D9188C, 0xE0D49DE3, 0xAA8A4748,
-	0x0DA3D71B, 0xCDB13FE5, 0xA5782C82, 0xFDB6B0A1,
-	0x7C0CA02D, 0x9B0D8649, 0xBA4CADE0, 0x9029E471,
-	0xDC53E586, 0x930846F1, 0xD62CD8FB, 0x7B497A0A,
-	0xF12FCAD3, 0xB31FE2B0, 0x5C5E4524, 0x04034E2A,
+	0x93152855, 0xA9B2ADA5, 0xA74DDFB7, 0x44BF9D0F,
+	0xC6D9188C, 0x83687EE0, 0xAA8A4748, 0xE0D49DE3,
+	0xCDB13FE5, 0x0DA3D71B, 0xFDB6B0A1, 0xA5782C82,
+	0x9B0D8649, 0x7C0CA02D, 0x9029E471, 0xBA4CADE0,
+	0x930846F1, 0xDC53E586, 0x7B497A0A, 0xD62CD8FB,
+	0xB31FE2B0, 0xF12FCAD3, 0x04034E2A, 0x5C5E4524,
 };
 
 #else