diff --git a/apps/speed.c b/apps/speed.c index d58a4bd9..f73f9048 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -202,6 +202,7 @@ typedef struct loopargs_st { #ifndef OPENSSL_NO_SM9 SM9PublicParameters *sm9mpk[SM9_NUM]; SM9PrivateKey *sm9sk[SM9_NUM]; + SM9MasterSecret *sm9mst[SM9_NUM]; #endif EVP_CIPHER_CTX *ctx; HMAC_CTX *hctx; @@ -1124,23 +1125,91 @@ static long sm9sign_c[SM9_NUM][2]; static int SM9_sign_loop(void *args) { - return 1; + loopargs_t *tempargs = *(loopargs_t **)args; + unsigned char *buf = tempargs->buf; + SM9PrivateKey **sm9 = tempargs->sm9sk; + unsigned char *sm9sig = tempargs->buf2; + unsigned int *sm9siglen = &tempargs->siglen; + int ret, count; + for (count = 0; COND(sm9sign_c[testnum][0]); count++) { + ret = SM9_sign(NID_sm3, buf, 32, sm9sig, sm9siglen, sm9[testnum]); + if (ret == 0) { + BIO_printf(bio_err, "SM9 sign failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } + } + return count; } +static char* sm9verify_id = "sm9_verify"; +static size_t sm9verify_idlen = 10; static int SM9_verify_loop(void *args) { - return 1; + loopargs_t *tempargs = *(loopargs_t **)args; + unsigned char *buf = tempargs->buf; + SM9PublicParameters **sm9 = tempargs->sm9mpk; + unsigned char *sm9sig = tempargs->buf2; + unsigned int sm9siglen = tempargs->siglen; + int ret, count; + for (count = 0; COND(sm9sign_c[testnum][1]); count++) { + ret = SM9_verify(NID_sm3, buf, 32, sm9sig, sm9siglen, sm9[testnum], sm9verify_id, sm9verify_idlen); + if (ret != 1) { + BIO_printf(bio_err, "SM9 verify failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } + } + return count; } static long sm9enc_c[SM9_NUM][2]; +static char* sm9enc_id = "sm9_enc"; +static size_t sm9enc_idlen = 7; static int SM9_encrypt_loop(void *args) { - return 1; + loopargs_t *tempargs = *(loopargs_t **)args; + unsigned char *buf = tempargs->buf; + SM9PublicParameters **sm9 = tempargs->sm9mpk; + unsigned char *sm9cipher = tempargs->buf2; + size_t *sm9cipherlen = &tempargs->cipherlen; + int ret, count; + for (count = 0; COND(sm9enc_c[testnum][0]); count++) { + *sm9cipherlen = BUFSIZE; + ret = SM9_encrypt(NID_sm3, buf, 32, sm9cipher, + sm9cipherlen, sm9[testnum], sm9enc_id, sm9enc_idlen); + if (ret == 0) { + BIO_printf(bio_err, "SM9 encrypt failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } + } + return count; } static int SM9_decrypt_loop(void *args) { - return 1; + loopargs_t *tempargs = *(loopargs_t **)args; + unsigned char *buf = tempargs->buf; + SM9PrivateKey **sm9 = tempargs->sm9sk; + unsigned char *sm9cipher = tempargs->buf2; + size_t sm9cipherlen = tempargs->cipherlen; + int ret, count; + for (count = 0; COND(sm9enc_c[testnum][0]); count++) { + size_t len = sm9cipherlen; + ret = SM9_decrypt(NID_sm3, sm9cipher, sm9cipherlen, + buf, &len, sm9[testnum]); + if (ret == 0) { + BIO_printf(bio_err, "SM9 decrypt failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } + } + return count; } #endif @@ -1642,6 +1711,12 @@ int speed_main(int argc, char **argv) static const int test_sm9_curves_bits[SM9_NUM] = { 256, }; + static const int test_sm9_scheme[SM9_NUM] = { + NID_sm9sign, + }; + static const int test_sm9_hash1[SM9_NUM] = { + NID_sm9hash1_with_sm3, + }; int sm9sign_doit[SM9_NUM] = { 0 }; int sm9enc_doit[SM9_NUM] = { 0 }; #endif @@ -2626,7 +2701,7 @@ int speed_main(int argc, char **argv) d = Time_F(STOP); print_result(D_ZUC, testnum, count, d); } - } + } if (doit[D_ZUC256]) { if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported with %s\n", @@ -3281,7 +3356,181 @@ int speed_main(int argc, char **argv) #endif /* OPENSSL_NO_SM2 */ #ifndef OPENSSL_NO_SM9 -//FIXME: this is the core code, + if (RAND_status() != 1) { + RAND_seed(rnd_seed, sizeof rnd_seed); + } + for (testnum = 0; testnum < SM9_NUM; testnum++) { + int st = 1; + + if (!sm9sign_doit[testnum]) + continue; /* Ignore Curve */ + for (i = 0; i < loopargs_len; i++) { + loopargs[i].sm9mst[testnum] = SM9_generate_master_secret(test_sm9_curves[testnum], + test_sm9_scheme[testnum], test_sm9_hash1[testnum]); + if (loopargs[i].sm9mst[testnum] == NULL) { + st = 0; + break; + } + } + if (st == 0) { + BIO_printf(bio_err, "SM9 failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + } else { + for (i = 0; i < loopargs_len; i++) { + /* Perform SM9 signature test */ + loopargs[i].sm9sk[testnum] = SM9_extract_private_key(loopargs[i].sm9mst[testnum], sm9verify_id, sm9verify_idlen); + st = SM9_sign(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2, + &loopargs[i].siglen, loopargs[i].sm9sk[testnum]); + if (st == 0) + break; + } + if (st == 0) { + BIO_printf(bio_err, + "SM9 sign failure. No SM9 sign will be done.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + } else { + pkey_print_message("sign", "sm9", + sm9sign_c[testnum][0], + test_sm9_curves_bits[testnum], ECDSA_SECONDS); + Time_F(START); + count = run_benchmark(async_jobs, SM9_sign_loop, loopargs); + d = Time_F(STOP); + + BIO_printf(bio_err, + mr ? "+R7:%ld:%d:%.2f\n" : + "%ld %d bit SM9 signs in %.2fs \n", + count, test_sm9_curves_bits[testnum], d); + sm9sign_results[testnum][0] = d / (double)count; + rsa_count = count; + } + + /* Perform SM9 verification test */ + for (i = 0; i < loopargs_len; i++) { + loopargs[i].sm9mpk[testnum] = SM9_extract_public_parameters(loopargs[i].sm9mst[testnum]); + st = SM9_verify(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2, + loopargs[i].siglen, loopargs[i].sm9mpk[testnum], sm9verify_id, sm9verify_idlen); + if (st != 1) + break; + } + if (st != 1) { + BIO_printf(bio_err, + "SM9 verify failure. No SM9 verify will be done.\n"); + ERR_print_errors(bio_err); + sm9sign_doit[testnum] = 0; + } else { + pkey_print_message("verify", "sm9", + sm9sign_c[testnum][1], + test_sm9_curves_bits[testnum], ECDSA_SECONDS); + Time_F(START); + count = run_benchmark(async_jobs, SM9_verify_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R8:%ld:%d:%.2f\n" + : "%ld %d bit SM9 verify in %.2fs\n", + count, test_sm9_curves_bits[testnum], d); + sm9sign_results[testnum][1] = d / (double)count; + } + + if (rsa_count <= 1) { + /* if longer than 10s, don't do any more */ + for (testnum++; testnum < SM9_NUM; testnum++) + sm9sign_doit[testnum] = 0; + } + } + } + + + if (RAND_status() != 1) { + RAND_seed(rnd_seed, sizeof rnd_seed); + } + for (testnum = 0; testnum < SM9_NUM; testnum++) { + int st = 1; + + if (!sm9enc_doit[testnum]) + continue; + for (i = 0; i < loopargs_len; i++) { + loopargs[i].sm9mst[testnum] = SM9_generate_master_secret(test_sm9_curves[testnum], + test_sm9_scheme[testnum], test_sm9_hash1[testnum]); + if (loopargs[i].sm9mst[testnum] == NULL) { + st = 0; + break; + } + } + if (st == 0) { + BIO_printf(bio_err, "SM9 failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + } else { + for (i = 0; i < loopargs_len; i++) { + /* these 2 lines should be modified ? */ + /*if (!nopre) + EC_KEY_precompute_mult(loopargs[i].sm9[testnum], NULL);*/ + /* Perform SM9 encryption test */ + loopargs[i].sm9mpk[testnum] = SM9_extract_public_parameters(loopargs[i].sm9mst[testnum]); + loopargs[i].cipherlen = BUFSIZE; + st = SM9_encrypt(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2, + &loopargs[i].cipherlen, loopargs[i].sm9mpk[testnum], sm9enc_id, sm9enc_idlen); + if (st == 0) + break; + } + if (st == 0) { + BIO_printf(bio_err, + "SM9 encryption failure. No SM9 encryption will be done.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + } else { + pkey_print_message("encrypt", "sm9", + sm9enc_c[testnum][0], + test_sm9_curves_bits[testnum], ECDSA_SECONDS); + Time_F(START); + count = run_benchmark(async_jobs, SM9_encrypt_loop, loopargs); + d = Time_F(STOP); + + BIO_printf(bio_err, + mr ? "+R7:%ld:%d:%.2f\n" : + "%ld %d bit SM9 encrypt in %.2fs \n", + count, test_sm9_curves_bits[testnum], d); + sm9enc_results[testnum][0] = d / (double)count; + rsa_count = count; + } + + /* Perform SM9 verification test */ + for (i = 0; i < loopargs_len; i++) { + loopargs[i].sm9sk[testnum] = SM9_extract_private_key(loopargs[i].sm9mst[testnum], sm9enc_id, sm9enc_idlen); + size_t len = loopargs[i].cipherlen; + st = SM9_decrypt(NID_sm3, loopargs[i].buf2, loopargs[i].cipherlen, + loopargs[i].buf, &len, loopargs[i].sm9sk[testnum]); + if (st == 0) + break; + } + if (st != 1) { + BIO_printf(bio_err, + "SM9 decrypt failure. No SM9 decrypt will be done.\n"); + ERR_print_errors(bio_err); + sm9enc_doit[testnum] = 0; + } else { + pkey_print_message("decrypt", "sm9", + sm9enc_c[testnum][1], + test_sm9_curves_bits[testnum], ECDSA_SECONDS); + Time_F(START); + count = run_benchmark(async_jobs, SM9_decrypt_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R8:%ld:%d:%.2f\n" + : "%ld %d bit SM9 decrypt in %.2fs\n", + count, test_sm9_curves_bits[testnum], d); + sm9enc_results[testnum][1] = d / (double)count; + } + + if (rsa_count <= 1) { + /* if longer than 10s, don't do any more */ + for (testnum++; testnum < SM9_NUM; testnum++) + sm9sign_doit[testnum] = 0; + } + } + } #endif /* OPENSSL_NO_SM9 */ #ifndef NO_FORK @@ -3552,6 +3801,7 @@ int speed_main(int argc, char **argv) for (k = 0; k < SM9_NUM; k++) { SM9PublicParameters_free(loopargs[i].sm9mpk[k]); SM9PrivateKey_free(loopargs[i].sm9sk[k]); + SM9MasterSecret_free(loopargs[i].sm9mst[k]); } #endif } diff --git a/crypto/sm9/sm9_keygen.c b/crypto/sm9/sm9_keygen.c index e0fdcf0d..d80dbc93 100755 --- a/crypto/sm9/sm9_keygen.c +++ b/crypto/sm9/sm9_keygen.c @@ -302,7 +302,8 @@ SM9_KEY *SM9_MASTER_KEY_extract_key(SM9_MASTER_KEY *master, sk = NULL; end: - EC_GROUP_free(group); + SM9PrivateKey_free(sk); + EC_GROUP_clear_free(group); if (ctx) { BN_CTX_end(ctx); } diff --git a/crypto/sm9/sm9_rate.c b/crypto/sm9/sm9_rate.c index 47168108..02401fac 100644 --- a/crypto/sm9/sm9_rate.c +++ b/crypto/sm9/sm9_rate.c @@ -2697,6 +2697,7 @@ int rate_pairing(fp12_t r, const point_t *Q, const EC_POINT *P, BN_CTX *ctx) BN_free(xP); BN_free(yP); + EC_GROUP_clear_free(group); return ret; } diff --git a/crypto/sm9/sm9_sign.c b/crypto/sm9/sm9_sign.c index f66a5fb0..c4666d7a 100755 --- a/crypto/sm9/sm9_sign.c +++ b/crypto/sm9/sm9_sign.c @@ -196,6 +196,8 @@ end: BN_free(r); point_cleanup(&Ppubs); fp12_cleanup(w); + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); return ret; } @@ -353,9 +355,7 @@ end: point_cleanup(&P); fp12_cleanup(w); fp12_cleanup(u); - if (bn_ctx) { - BN_CTX_end(bn_ctx); - } + BN_CTX_end(bn_ctx); BN_CTX_free(bn_ctx); return ret; }