From aa2ab99dcf5633b64e862805500d22e1ac8963ef Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Wed, 11 May 2022 22:27:55 +0800 Subject: [PATCH] Update sm9 --- CMakeLists.txt | 4 +- include/gmssl/sm9.h | 74 +++++++++++++++++++---- src/sm9_key.c | 108 +++++++++++++++++++++++++++++++--- src/sm9_lib.c | 139 +++++++++++++++++++++++++------------------- 4 files changed, 244 insertions(+), 81 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 10530029..f81dbd99 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -50,8 +50,8 @@ add_library( src/sm4_modes.c src/sm4_setkey.c src/sm9_alg.c -# src/sm9_key.c -# src/sm9_lib.c + src/sm9_key.c + src/sm9_lib.c src/tlcp.c src/tls.c src/tls12.c diff --git a/include/gmssl/sm9.h b/include/gmssl/sm9.h index 9604c574..8a6ff468 100644 --- a/include/gmssl/sm9.h +++ b/include/gmssl/sm9.h @@ -46,7 +46,12 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include +#include +#include #include +#include + #ifndef GMSSL_SM9_H #define GMSSL_SM9_H @@ -277,7 +282,28 @@ void sm9_final_exponent(sm9_fp12_t r, const sm9_fp12_t f); void sm9_pairing(sm9_fp12_t r, const sm9_twist_point_t *Q, const sm9_point_t *P); -/* old API + + + +/* private key extract algorithms */ +#define SM9_HID_SIGN 0x01 +#define SM9_HID_EXCH 0x02 +#define SM9_HID_ENC 0x03 + +#define SM9_HASH1 0x01 +#define SM9_HASH2 0x02 + +void sm9_fn_add(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); +void sm9_fn_sub(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); +void sm9_fn_mul(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); +void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a); +int sm9_fn_is_zero(const sm9_fn_t a); +int sm9_fn_equ(const sm9_fn_t a, const sm9_fn_t b); +void sm9_fn_rand(sm9_fn_t r); +void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]); + + +int sm9_hash1(sm9_bn_t h1, const char *id, size_t idlen, uint8_t hid); // set the same value as sm2 #define SM9_MAX_ID_BITS 65535 @@ -294,26 +320,52 @@ typedef struct { } SM9_TWIST_POINT; typedef struct { - uint8_t ks[32]; - SM9_TWIST_POINT Ppubs; // Ppubs = ks * P2 + sm9_twist_point_t Ppubs; // Ppubs = ks * P2 + sm9_fn_t ks; } SM9_SIGN_MASTER_KEY; typedef struct { - SM9_POINT ds; + sm9_twist_point_t Ppubs; + sm9_point_t ds; } SM9_SIGN_KEY; +int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master); +int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key); + typedef struct { - uint8_t h[32]; - SM9_TWIST_POINT S; + SM3_CTX sm3_ctx; + SM9_SIGN_KEY key; +} SM9_SIGN_CTX; + +typedef struct { + sm9_fn_t h; + sm9_point_t S; } SM9_SIGNATURE; -int sm9_sign_setup(SM9_SIGN_MASTER_KEY *msk); -int sm9_sign_keygen(SM9_SIGN_MASTER_KEY *msk, const char *id, size_t idlen, SM9_POINT *ds); +int sm9_sign_init(SM9_SIGN_CTX *ctx); +int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); +int sm9_sign_finish(SM9_SIGN_CTX *ctx, SM9_SIGN_KEY *key, SM9_SIGNATURE *sig); + +int sm9_verify_init(SM9_SIGN_CTX *ctx); +int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); +int sm9_verify_finish(SM9_SIGN_CTX *ctx, const SM9_SIGNATURE *sig, + const SM9_SIGN_MASTER_KEY *master_public, const char *id, size_t idlen); + + +typedef struct { + sm9_point_t Ppube; // Ppube = ke * P1 + sm9_fn_t ke; +} SM9_ENC_MASTER_KEY; + +typedef struct { + sm9_point_t Ppube; + sm9_twist_point_t de; +} SM9_ENC_KEY; + +int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master); +int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key); -int sm9_do_sign(SM9_SIGN_KEY *key, const uint8_t dgst[32], SM9_SIGNATURE *sig); -int sm9_do_verify(SM9_SIGN_KEY *key, const uint8_t dgst[32], const SM9_SIGNATURE *sig); -*/ # ifdef __cplusplus } diff --git a/src/sm9_key.c b/src/sm9_key.c index 0dbe5a9f..696bb662 100644 --- a/src/sm9_key.c +++ b/src/sm9_key.c @@ -46,11 +46,21 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include +#include +#include +#include +#include +#include -int sm9_hash1(bignum_t r, const char *id, size_t idlen, uint8_t hid) + + + +// generate h1 in [1, n-1] +int sm9_hash1(sm9_bn_t h1, const char *id, size_t idlen, uint8_t hid) { - bignum_t h; + sm9_fn_t h; SM3_CTX ctx1; SM3_CTX ctx2; @@ -61,15 +71,99 @@ int sm9_hash1(bignum_t r, const char *id, size_t idlen, uint8_t hid) sm3_init(&ctx1); sm3_update(&ctx1, prefix, sizeof(prefix)); - sm3_update(&ctx1, id, idlen); + sm3_update(&ctx1, (uint8_t *)id, idlen); sm3_update(&ctx1, &hid, 1); - - memcpy(&ctx2, &ctx1, sizeof(SM3_CTX)); - + ctx2 = ctx1; sm3_update(&ctx1, ct1, sizeof(ct1)); sm3_update(&ctx2, ct2, sizeof(ct2)); sm3_finish(&ctx1, buf); sm3_finish(&ctx2, buf + 32); - + // 这个buflen == 64,我们要将长为40的部分取出来,模 N-1 再加1 + return -1; } + +void sm9_fn_add(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b) +{ +} + +void sm9_fn_sub(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b) +{ +} + +void sm9_fn_mul(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b) +{ +} + +void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a) +{ +} + +int sm9_fn_is_zero(const sm9_fn_t a) +{ + return 0; +} + +int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master) +{ + // k = rand(1, n-1) + //sm9_bn_rand_range(master->ks, SM9_N); + + // Ppubs = k * P2 in E'(F_p^2) + sm9_twist_point_mul_G(&master->Ppubs, master->ks); + + return 1; +} + +int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master) +{ + // k = rand(1, n-1) + //sm9_bn_rand_range(master->ke, SM9_N); + + // Ppube = ke * P1 in E(F_p) + sm9_point_mul_generator(&master->Ppube, master->ke); + + return 1; +} + +int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key) +{ + sm9_fn_t t; + + sm9_hash1(t, id, idlen, SM9_HID_SIGN); + sm9_fn_add(t, t, master->ks); + if (sm9_fn_is_zero(t)) { + error_print(); + return -1; + } + sm9_fn_inv(t, t); + sm9_fn_mul(t, t, master->ks); + sm9_point_mul_generator(&key->ds, t); + return 1; +} + +int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, + SM9_ENC_KEY *key) +{ + sm9_fn_t t; + + sm9_hash1(t, id, idlen, SM9_HID_ENC); + sm9_fn_add(t, t, master->ke); + if (sm9_fn_is_zero(t)) { + error_print(); + return -1; + } + sm9_fn_inv(t, t); + sm9_fn_mul(t, t, master->ke); + sm9_twist_point_mul_G(&key->de, t); + return 1; +} + + + + + + + + + diff --git a/src/sm9_lib.c b/src/sm9_lib.c index 34f10e96..3e69b30f 100644 --- a/src/sm9_lib.c +++ b/src/sm9_lib.c @@ -46,94 +46,111 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. */ -int sm9_sign_setup(SM9_SIGN_MASTER_KEY *msk) +#include +#include +#include +#include +#include +#include +#include + + +void sm9_fn_rand(sm9_fn_t r) { - - // rand ks in [1, N-1] - fn_rand(ks); - - // Ppubs = ks * P2 - twist_point_mul_generator(Ppubs, ks); + // FIXME: add impl } - - -int sm9_sign_keygen(SM9_SIGN_MASTER_KEY *msk, const char *id, size_t idlen, SM9_POINT *ds) +int sm9_fn_equ(const sm9_fn_t a, const sm9_fn_t b) { - -} - - -int sm9_sign_init(SM3_CTX *ctx) -{ - uint8_t prefix[1] = {0x02}; - if (!ctx) { - return -1; - } - - sm3_init(ctx); - sm3_update(ctx, prefix, sizeof(prefix)); - return 0; -} - -int sm9_sign_update(SM3_CTX *ctx, const uint8_t *data, size_t datalen) -{ - sm3_update(ctx, data, datalen); + // FIXME: add impl return 1; } -int sm9_sign_finish(SM3_CTX *ctx, SM9_SIGNATURE *sig) +void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]) { + // FIXME: add impl +} - fp12_t g; +int sm9_sign_init(SM9_SIGN_CTX *ctx) +{ + const uint8_t prefix[1] = {0x02}; + sm3_init(&ctx->sm3_ctx); + sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix)); + return 1; +} - sm9_pairing(g, SM9_P1, Ppubs); +int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) +{ + sm3_update(&ctx->sm3_ctx, data, datalen); + return 1; +} - fn_rand(r); - - fp12_pow(w, g, r); - - - fn_sub(l, r, h); - if (fn_is_zero(l)) { - } - - - point_mul(S, l, ds); +int sm9_sign_finish(SM9_SIGN_CTX *ctx, SM9_SIGN_KEY *key, SM9_SIGNATURE *sig) +{ + sm9_fn_t r; + sm9_fn_t h; + sm9_fp12_t g; + sm9_fp12_t w; + uint8_t wbuf[32 * 12]; + uint8_t dgst[32]; + sm9_pairing(g, &key->Ppubs, SM9_P1); + do { + sm9_fn_rand(r); + sm9_fp12_pow(w, g, r); + sm9_fp12_to_bytes(w, wbuf); + sm3_update(&ctx->sm3_ctx, wbuf, sizeof(wbuf)); + sm3_finish(&ctx->sm3_ctx, dgst); + // do H2() staff, generate output sig->h + sm9_fn_sub(r, r, h); + } while (sm9_fn_is_zero(r)); + sm9_point_mul(&sig->S, r, &key->ds); + return 1; } int sm9_verify_init(SM9_SIGN_CTX *ctx) { + const uint8_t prefix[1] = {0x02}; sm3_init(&ctx->sm3_ctx); - sm3_update(&ctx->sm3_ctx, SM9_HASH1_PREFIX, sizeof(SM9_HASH1_PREFIX)); - return 0; + sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix)); + return 1; } int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) { sm3_update(&ctx->sm3_ctx, data, datalen); + return 1; } -int sm9_verify_finish(SM9_SIGN_CTX *ctx, const char *id, size_t idlen, const SM9_SIGNATURE *sig) +// 签名的时候 +int sm9_verify_finish(SM9_SIGN_CTX *ctx, const SM9_SIGNATURE *sig, + const SM9_SIGN_MASTER_KEY *master_public, const char *id, size_t idlen) { + sm9_fn_t h1; + sm9_fn_t h2; + sm9_fp12_t g; + sm9_fp12_t t; + sm9_fp12_t u; + sm9_fp12_t w; + sm9_twist_point_t P; + uint8_t wbuf[32 * 12]; - if (bn_is_zero(h) || bn_cmp(h, SM9_N) >= 0) { + sm9_pairing(g, &master_public->Ppubs, SM9_P1); + sm9_fp12_pow(t, g, sig->h); + sm9_hash1(h1, id, idlen, SM9_HID_SIGN); + sm9_twist_point_mul_G(&P, h1); + sm9_twist_point_add(&P, &P, &master_public->Ppubs); + sm9_pairing(u, &P, &sig->S); + sm9_fp12_mul(w, u, t); + sm9_fp12_to_bytes(w, wbuf); + + sm3_update(&ctx->sm3_ctx, wbuf, sizeof(wbuf)); + // convert h2 + + if (sm9_fn_equ(h2, sig->h) != 1) { + return 0; } - - if (!point_is_on_curve(S)) { - } - - sm9_pairing(g, SM9_P1, Ppubs); - - fp12_pow(t, g, h); - - - sm9_hash1(h1, id, idlen); - - twist_point_mul_generator(P, h1); - twist_point_add(P, P, Ppubs); - pairing(u, S, P); + return 1; }