abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-20 12:17:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update SM9 schemes

Browse Source 
Update SM9 schemes based on the default sm9bn256v1 r-ate pairing. To be continued.
This commit is contained in:
Zhi Guan
2018-09-28 22:21:44 +08:00
parent c7aa2cc1ff
commit b54a3d35e6
21 changed files with 6629 additions and 7367 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
crypto/objects/obj_dat.h
View File

@@ -10,7 +10,7 @@
*/
/* Serialized OID's */
static const unsigned char so[7797] = {
static const unsigned char so[7876] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -1092,9 +1092,17 @@ static const unsigned char so[7797] = {
0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01, /* [ 7771] OBJ_wapi_ec */
0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,0x01, /* [ 7778] OBJ_wapi_ecdsa192_sha256 */
0x2B,0x06,0x01,0x04,0x01,0x83,0x83,0x0D,0x09,0x01, /* [ 7786] OBJ_sm9bn256v1 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x04, /* [ 7796] OBJ_sm9hash1 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x04,0x01, /* [ 7805] OBJ_sm9hash1_with_sm3 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x04,0x02, /* [ 7815] OBJ_sm9hash1_with_sha256 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x01,0x01, /* [ 7825] OBJ_sm9sign_with_sm3 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x01,0x02, /* [ 7835] OBJ_sm9sign_with_sha256 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x03,0x01, /* [ 7845] OBJ_sm9encrypt_with_sm3_xor */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x03,0x02, /* [ 7855] OBJ_sm9encrypt_with_sm3_sms4_cbc */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2E,0x03,0x03, /* [ 7865] OBJ_sm9encrypt_with_sm3_sms4_ctr */
};
#define NUM_NID 1201
#define NUM_NID 1209
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2297,9 +2305,17 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"wapi-ec", "wapi-ec", NID_wapi_ec, 7, &so[7771]},
{"wapi-ecdsa192-sha256", "wapi-ecdsa192-sha256", NID_wapi_ecdsa192_sha256, 8, &so[7778]},
{"sm9bn256v1", "sm9bn256v1", NID_sm9bn256v1, 10, &so[7786]},
{"sm9hash1", "sm9hash1", NID_sm9hash1, 9, &so[7796]},
{"sm9hash1-with-sm3", "sm9hash1-with-sm3", NID_sm9hash1_with_sm3, 10, &so[7805]},
{"sm9hash1-with-sha256", "sm9hash1-with-sha256", NID_sm9hash1_with_sha256, 10, &so[7815]},
{"sm9sign-with-sm3", "sm9sign-with-sm3", NID_sm9sign_with_sm3, 10, &so[7825]},
{"sm9sign-with-sha256", "sm9sign-with-sha256", NID_sm9sign_with_sha256, 10, &so[7835]},
{"sm9encrypt-with-sm3-xor", "sm9encrypt-with-sm3-xor", NID_sm9encrypt_with_sm3_xor, 10, &so[7845]},
{"sm9encrypt-with-sm3-sms4-cbc", "sm9encrypt-with-sm3-sms4-cbc", NID_sm9encrypt_with_sm3_sms4_cbc, 10, &so[7855]},
{"sm9encrypt-with-sm3-sms4-ctr", "sm9encrypt-with-sm3-sms4-ctr", NID_sm9encrypt_with_sm3_sms4_ctr, 10, &so[7865]},
};
#define NUM_SN 1190
#define NUM_SN 1198
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@@ -3424,8 +3440,16 @@ static const unsigned int sn_objs[NUM_SN] = {
1117, /* "sm2sign" */
1200, /* "sm9bn256v1" */
1125, /* "sm9encrypt" */
1207, /* "sm9encrypt-with-sm3-sms4-cbc" */
1208, /* "sm9encrypt-with-sm3-sms4-ctr" */
1206, /* "sm9encrypt-with-sm3-xor" */
1201, /* "sm9hash1" */
1203, /* "sm9hash1-with-sha256" */
1202, /* "sm9hash1-with-sm3" */
1124, /* "sm9keyagreement" */
1123, /* "sm9sign" */
1205, /* "sm9sign-with-sha256" */
1204, /* "sm9sign-with-sm3" */
387, /* "snmpv2" */
660, /* "street" */
85, /* "subjectAltName" */
@@ -3493,7 +3517,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1194, /* "zuc-128eia3" */
};
#define NUM_LN 1190
#define NUM_LN 1198
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@@ -4602,8 +4626,16 @@ static const unsigned int ln_objs[NUM_LN] = {
1088, /* "sm6-ofb" */
1200, /* "sm9bn256v1" */
1125, /* "sm9encrypt" */
1207, /* "sm9encrypt-with-sm3-sms4-cbc" */
1208, /* "sm9encrypt-with-sm3-sms4-ctr" */
1206, /* "sm9encrypt-with-sm3-xor" */
1201, /* "sm9hash1" */
1203, /* "sm9hash1-with-sha256" */
1202, /* "sm9hash1-with-sm3" */
1124, /* "sm9keyagreement" */
1123, /* "sm9sign" */
1205, /* "sm9sign-with-sha256" */
1204, /* "sm9sign-with-sm3" */
1103, /* "sms4-cbc" */
1110, /* "sms4-ccm" */
1105, /* "sms4-cfb" */
@@ -4687,7 +4719,7 @@ static const unsigned int ln_objs[NUM_LN] = {
1194, /* "zuc-128eia3" */
};
#define NUM_OBJ 1087
#define NUM_OBJ 1095
static const unsigned int obj_objs[NUM_OBJ] = {
0, /* OBJ_undef 0 */
181, /* OBJ_iso 1 */
@@ -5428,6 +5460,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
1123, /* OBJ_sm9sign 1 2 156 10197 1 302 1 */
1124, /* OBJ_sm9keyagreement 1 2 156 10197 1 302 2 */
1125, /* OBJ_sm9encrypt 1 2 156 10197 1 302 3 */
1201, /* OBJ_sm9hash1 1 2 156 10197 1 302 4 */
1127, /* OBJ_hmac_sm3 1 2 156 10197 1 401 2 */
1193, /* OBJ_zuc_128eea3 1 2 156 10197 1 800 1 */
1194, /* OBJ_zuc_128eia3 1 2 156 10197 1 800 2 */
@@ -5635,6 +5668,13 @@ static const unsigned int obj_objs[NUM_OBJ] = {
457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */
1120, /* OBJ_sm2encrypt_recommendedParameters 1 2 156 10197 1 301 3 1 */
1121, /* OBJ_sm2encrypt_specifiedParameters 1 2 156 10197 1 301 3 2 */
1204, /* OBJ_sm9sign_with_sm3 1 2 156 10197 1 302 1 1 */
1205, /* OBJ_sm9sign_with_sha256 1 2 156 10197 1 302 1 2 */
1206, /* OBJ_sm9encrypt_with_sm3_xor 1 2 156 10197 1 302 3 1 */
1207, /* OBJ_sm9encrypt_with_sm3_sms4_cbc 1 2 156 10197 1 302 3 2 */
1208, /* OBJ_sm9encrypt_with_sm3_sms4_ctr 1 2 156 10197 1 302 3 3 */
1202, /* OBJ_sm9hash1_with_sm3 1 2 156 10197 1 302 4 1 */
1203, /* OBJ_sm9hash1_with_sha256 1 2 156 10197 1 302 4 2 */
1139, /* OBJ_type1curve 1 2 840 1 114334 1 1 1 */
1140, /* OBJ_type2curve 1 2 840 1 114334 1 1 2 */
1141, /* OBJ_type3curve 1 2 840 1 114334 1 1 3 */

8
crypto/objects/obj_mac.num
View File

@@ -1198,3 +1198,11 @@ wapi_crypto 1197
wapi_ec 1198
wapi_ecdsa192_sha256 1199
sm9bn256v1 1200
sm9hash1 1201
sm9hash1_with_sm3 1202
sm9hash1_with_sha256 1203
sm9sign_with_sm3 1204
sm9sign_with_sha256 1205
sm9encrypt_with_sm3_xor 1206
sm9encrypt_with_sm3_sms4_cbc 1207
sm9encrypt_with_sm3_sms4_ctr 1208

11
crypto/objects/objects.txt
View File

@@ -1613,8 +1613,16 @@ sm2encrypt 2 11 : sm2encrypt-with-md5
sm-scheme 302 : id-sm9PublicKey
sm-scheme 302 1 : sm9sign
sm9sign 1 : sm9sign-with-sm3
sm9sign 2 : sm9sign-with-sha256
sm-scheme 302 2 : sm9keyagreement
sm-scheme 302 3 : sm9encrypt
sm9encrypt 1 : sm9encrypt-with-sm3-xor
sm9encrypt 2 : sm9encrypt-with-sm3-sms4-cbc
sm9encrypt 3 : sm9encrypt-with-sm3-sms4-ctr
sm-scheme 302 4 : sm9hash1
sm9hash1 1 : sm9hash1-with-sm3
sm9hash1 2 : sm9hash1-with-sha256
sm-scheme 401 : SM3 : sm3
sm-scheme 401 2 : HMAC-SM3 : hmac-sm3
@@ -1630,7 +1638,6 @@ sm-scheme 520 : SM2Sign-with-Whirlpool : sm2sign-with-whirlpool
sm-scheme 521 : SM2Sign-with-Blake2b512 : sm2sign-with-blake2b512
sm-scheme 522 : SM2Sign-with-Blake2s256 : sm2sign-with-blake2s256
# GmSSL ZUC OID
sm-scheme 800 : ZUC : zuc
zuc 1 : zuc-128eea3
@@ -1672,5 +1679,3 @@ wapi-ec 2 1 : wapip192v1
# SM9 curve
GmSSL 9 1 : sm9bn256v1

3
crypto/sm9/build.info
View File

@@ -1,4 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=sm9_lib.c sm9_err.c sm9_asn1.c sm9_params.c \
sm9_setup.c sm9_keygen.c sm9_sign.c sm9_enc.c sm9_exch.c \
sm9_rate.c
sm9_setup.c sm9_keygen.c sm9_sign.c sm9_enc.c sm9_rate.c

44
crypto/sm9/sm9_asn1.c
View File

@@ -55,39 +55,43 @@
#include <openssl/sm9.h>
#include "sm9_lcl.h"
ASN1_SEQUENCE(SM9PublicParameters) = {
ASN1_SIMPLE(SM9PublicParameters, curve, ASN1_OBJECT),
ASN1_SIMPLE(SM9PublicParameters, p, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, a, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, b, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, beta, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, order, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, cofactor, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, k, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, pointP1, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9PublicParameters, pointP2, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9PublicParameters, pairing, ASN1_OBJECT),
ASN1_SIMPLE(SM9PublicParameters, pointPpub, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9PublicParameters, g1, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, g2, BIGNUM),
ASN1_SIMPLE(SM9PublicParameters, hashfcn, ASN1_OBJECT)
} ASN1_SEQUENCE_END(SM9PublicParameters)
IMPLEMENT_ASN1_FUNCTIONS(SM9PublicParameters)
IMPLEMENT_ASN1_DUP_FUNCTION(SM9PublicParameters)
ASN1_SEQUENCE(SM9MasterSecret) = {
ASN1_SIMPLE(SM9MasterSecret, pairing, ASN1_OBJECT),
ASN1_SIMPLE(SM9MasterSecret, scheme, ASN1_OBJECT),
ASN1_SIMPLE(SM9MasterSecret, hash1, ASN1_OBJECT),
ASN1_SIMPLE(SM9MasterSecret, pointPpub, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9MasterSecret, masterSecret, BIGNUM)
} ASN1_SEQUENCE_END(SM9MasterSecret)
IMPLEMENT_ASN1_FUNCTIONS(SM9MasterSecret)
IMPLEMENT_ASN1_DUP_FUNCTION(SM9MasterSecret)
ASN1_SEQUENCE(SM9PublicParameters) = {
ASN1_SIMPLE(SM9PublicParameters, pairing, ASN1_OBJECT),
ASN1_SIMPLE(SM9PublicParameters, scheme, ASN1_OBJECT),
ASN1_SIMPLE(SM9PublicParameters, hash1, ASN1_OBJECT),
ASN1_SIMPLE(SM9PublicParameters, pointPpub, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(SM9PublicParameters)
IMPLEMENT_ASN1_FUNCTIONS(SM9PublicParameters)
IMPLEMENT_ASN1_DUP_FUNCTION(SM9PublicParameters)
ASN1_SEQUENCE(SM9PrivateKey) = {
ASN1_SIMPLE(SM9PrivateKey, pairing, ASN1_OBJECT),
ASN1_SIMPLE(SM9PrivateKey, scheme, ASN1_OBJECT),
ASN1_SIMPLE(SM9PrivateKey, hash1, ASN1_OBJECT),
ASN1_SIMPLE(SM9PrivateKey, pointPpub, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9PrivateKey, identity, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9PrivateKey, publicPoint, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9PrivateKey, privatePoint, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(SM9PrivateKey)
IMPLEMENT_ASN1_FUNCTIONS(SM9PrivateKey)
IMPLEMENT_ASN1_DUP_FUNCTION(SM9PrivateKey)
ASN1_SEQUENCE(SM9PublicKey) = {
ASN1_SIMPLE(SM9PublicKey, pairing, ASN1_OBJECT),
ASN1_SIMPLE(SM9PublicKey, scheme, ASN1_OBJECT),
ASN1_SIMPLE(SM9PublicKey, hash1, ASN1_OBJECT),
ASN1_SIMPLE(SM9PublicKey, pointPpub, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9PublicKey, identity, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM9PublicKey, publicPoint, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(SM9PublicKey)
IMPLEMENT_ASN1_FUNCTIONS(SM9PublicKey)

1113
crypto/sm9/sm9_enc.c
View File

File diff suppressed because it is too large Load Diff

34
crypto/sm9/sm9_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -31,41 +31,51 @@ static ERR_STRING_DATA SM9_str_functs[] = {
{ERR_FUNC(SM9_F_SM9_DECRYPT), "SM9_decrypt"},
{ERR_FUNC(SM9_F_SM9_DO_DECRYPT), "SM9_do_decrypt"},
{ERR_FUNC(SM9_F_SM9_DO_ENCRYPT), "SM9_do_encrypt"},
{ERR_FUNC(SM9_F_SM9_DO_SIGN), "SM9_do_sign"},
{ERR_FUNC(SM9_F_SM9_DO_SIGN_TYPE1CURVE), "SM9_do_sign_type1curve"},
{ERR_FUNC(SM9_F_SM9_DO_VERIFY), "SM9_do_verify"},
{ERR_FUNC(SM9_F_SM9_DO_VERIFY_TYPE1CURVE), "SM9_do_verify_type1curve"},
{ERR_FUNC(SM9_F_SM9_ENCRYPT), "SM9_encrypt"},
{ERR_FUNC(SM9_F_SM9_EXTRACT_PRIVATE_KEY), "SM9_extract_private_key"},
{ERR_FUNC(SM9_F_SM9_SETUP_TYPE1CURVE), "SM9_setup_type1curve"},
{ERR_FUNC(SM9_F_SM9_EXTRACT_PUBLIC_PARAMETERS),
"SM9_extract_public_parameters"},
{ERR_FUNC(SM9_F_SM9_GENERATE_MASTER_SECRET),
"SM9_generate_master_secret"},
{ERR_FUNC(SM9_F_SM9_SIGN), "SM9_sign"},
{ERR_FUNC(SM9_F_SM9_SIGNFINAL), "SM9_SignFinal"},
{ERR_FUNC(SM9_F_SM9_SIGNINIT), "SM9_SignInit"},
{ERR_FUNC(SM9_F_SM9_UNWRAP_KEY), "SM9_unwrap_key"},
{ERR_FUNC(SM9_F_SM9_VERIFY), "SM9_verify"},
{ERR_FUNC(SM9_F_SM9_VERIFYFINAL), "SM9_VerifyFInal"},
{ERR_FUNC(SM9_F_SM9_VERIFYINIT), "SM9_VerifyInit"},
{ERR_FUNC(SM9_F_SM9_WRAP_KEY), "SM9_wrap_key"},
{0, NULL}
};
static ERR_STRING_DATA SM9_str_reasons[] = {
{ERR_REASON(SM9_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SM9_R_COMPUTE_PAIRING_FAILURE), "compute pairing failure"},
{ERR_REASON(SM9_R_DIGEST_FAILURE), "digest failure"},
{ERR_REASON(SM9_R_EC_LIB), "ec lib"},
{ERR_REASON(SM9_R_EXTENSION_FIELD_ERROR), "extension field error"},
{ERR_REASON(SM9_R_GENERATE_MAC_FAILURE), "generate mac failure"},
{ERR_REASON(SM9_R_HASH_FAILURE), "hash failure"},
{ERR_REASON(SM9_R_INVALID_CIPHERTEXT), "invalid ciphertext"},
{ERR_REASON(SM9_R_INVALID_CURVE), "invalid curve"},
{ERR_REASON(SM9_R_INVALID_DIGEST), "invalid digest"},
{ERR_REASON(SM9_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
{ERR_REASON(SM9_R_INVALID_ENCPARAMETERS), "invalid encparameters"},
{ERR_REASON(SM9_R_INVALID_HASH1), "invalid hash1"},
{ERR_REASON(SM9_R_INVALID_HASH2_DIGEST), "invalid hash2 digest"},
{ERR_REASON(SM9_R_INVALID_ID), "invalid id"},
{ERR_REASON(SM9_R_INVALID_ID_LENGTH), "invalid id length"},
{ERR_REASON(SM9_R_INVALID_INPUT), "invalid input"},
{ERR_REASON(SM9_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_REASON(SM9_R_INVALID_MD), "invalid md"},
{ERR_REASON(SM9_R_INVALID_PAIRING_TYPE), "invalid pairing type"},
{ERR_REASON(SM9_R_INVALID_PARAMETER), "invalid parameter"},
{ERR_REASON(SM9_R_INVALID_POINTPPUB), "invalid pointppub"},
{ERR_REASON(SM9_R_INVALID_PRIVATE_POINT), "invalid private point"},
{ERR_REASON(SM9_R_INVALID_SCHEME), "invalid scheme"},
{ERR_REASON(SM9_R_INVALID_SIGNATURE), "invalid signature"},
{ERR_REASON(SM9_R_INVALID_SIGNATURE_FORMAT), "invalid signature format"},
{ERR_REASON(SM9_R_INVALID_TYPE1CURVE), "invalid type1curve"},
{ERR_REASON(SM9_R_KDF_FAILURE), "kdf failure"},
{ERR_REASON(SM9_R_NOT_NAMED_CURVE), "not named curve"},
{ERR_REASON(SM9_R_PARSE_PAIRING), "parse pairing"},
{ERR_REASON(SM9_R_PAIRING_ERROR), "pairing error"},
{ERR_REASON(SM9_R_TWIST_CURVE_ERROR), "twist curve error"},
{ERR_REASON(SM9_R_VERIFY_FAILURE), "verify failure"},
{ERR_REASON(SM9_R_ZERO_ID), "zero id"},
{0, NULL}
};

376
crypto/sm9/sm9_keygen.c
View File

@@ -51,30 +51,51 @@
#include <openssl/err.h>
#include <openssl/sm9.h>
#include <openssl/ec_type1.h>
#include <openssl/bn_hash.h>
#include "sm9_lcl.h"
static int SM9PublicParameters_get_usage(SM9PublicParameters *mpk)
int SM9_hash1(const EVP_MD *md, BIGNUM **r,
const char *id, size_t idlen,
unsigned char hid,
const BIGNUM *range,
BN_CTX *ctx)
{
//FIXME
return SM9_HID_SIGN;
unsigned char *buf;
if (!(buf = OPENSSL_malloc(idlen + 1))) {
return 0;
}
memcpy(buf, id, idlen);
buf[idlen] = hid;
if (!BN_hash_to_range(md, r, buf, idlen + 1, range, ctx)) {
OPENSSL_free(buf);
return 0;
}
OPENSSL_free(buf);
return 1;
}
SM9PrivateKey *SM9_extract_private_key(SM9PublicParameters *mpk,
SM9MasterSecret *msk, const char *id, size_t idlen)
SM9PrivateKey *SM9_extract_private_key(SM9MasterSecret *msk,
const char *id, size_t idlen)
{
int e = 1;
SM9PrivateKey *ret = NULL;
BN_CTX *bn_ctx = NULL;
EC_GROUP *group = NULL;
EC_POINT *point = NULL;
BIGNUM *h;
SM9PrivateKey *sk = NULL;
const BIGNUM *p = SM9_get0_prime();
const BIGNUM *n = SM9_get0_order();
int scheme;
unsigned char hid;
const EVP_MD *md;
BN_CTX *ctx = NULL;
BIGNUM *t = NULL;
int point_form = POINT_CONVERSION_UNCOMPRESSED;
size_t size;
unsigned char buf[129];
size_t len = sizeof(buf);
int hid = SM9PublicParameters_get_usage(mpk);
if (!mpk || !msk || !id) {
/* check args */
if (!msk || !id) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
@@ -85,110 +106,299 @@ SM9PrivateKey *SM9_extract_private_key(SM9PublicParameters *mpk,
return NULL;
}
/* BN_CTX */
if (!(bn_ctx = BN_CTX_new())) {
/* check pairing */
if (OBJ_obj2nid(msk->pairing) != NID_sm9bn256v1) {
return NULL;
}
/* check scheme */
scheme = OBJ_obj2nid(msk->scheme);
switch (scheme) {
case NID_sm9sign:
hid = SM9_HID_SIGN;
break;
case NID_sm9keyagreement:
hid = SM9_HID_EXCH;
break;
case NID_sm9encrypt:
hid = SM9_HID_ENC;
break;
default:
return NULL;
}
/* check hash1 and set hash1 md */
switch (OBJ_obj2nid(msk->hash1)) {
case NID_sm9hash1_with_sm3:
md = EVP_sm3();
break;
case NID_sm9hash1_with_sha256:
md = EVP_sha256();
break;
default:
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, SM9_R_INVALID_HASH1);
return NULL;
}
/* malloc */
if (!(sk = SM9PrivateKey_new())
|| !(ctx = BN_CTX_new())) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY,
ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(bn_ctx);
BN_CTX_start(ctx);
/* EC_GROUP */
if (!(group = EC_GROUP_new_type1curve_ex(mpk->p,
mpk->a, mpk->b, mpk->pointP1->data, mpk->pointP1->length,
mpk->order, mpk->cofactor, bn_ctx))) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, SM9_R_INVALID_TYPE1CURVE);
goto end;
}
/* malloc */
ret = SM9PrivateKey_new();
point = EC_POINT_new(group);
h = BN_CTX_get(bn_ctx);
if (!ret || !point || !h) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
goto end;
}
/* md = mpk->hashfcn */
if (!(md = EVP_get_digestbyobj(mpk->hashfcn))) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, SM9_R_INVALID_MD);
goto end;
}
/* h = H1(ID||HID) in [0, mpk->order] */
if (!SM9_hash1(md, &h, id, idlen, hid, mpk->order, bn_ctx)) {
/* t1 = H1(ID||hid) + msk (mod n) */
if (!SM9_hash1(md, &t, id, idlen, hid, n, ctx)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_SM9_LIB);
goto end;
}
/* h = h + msk->masterSecret (mod mpk->order) */
if (!BN_mod_add(h, h, msk->masterSecret, mpk->order, bn_ctx)) {
if (!BN_mod_add(t, t, msk->masterSecret, n, ctx)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_BN_LIB);
goto end;
}
/* if h is zero, return failed */
if (BN_is_zero(h)) {
/* if t1 is zero, return failed */
if (BN_is_zero(t)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, SM9_R_ZERO_ID);
goto end;
}
/* h = msk->masterSecret * h^-1 (mod mpk->order) */
if (!BN_mod_inverse(h, h, mpk->order, bn_ctx)) {
/* t2 = msk * t1^-1 (mod n) */
if (!BN_mod_inverse(t, t, n, ctx)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(h, msk->masterSecret, h, mpk->order, bn_ctx)) {
if (!BN_mod_mul(t, msk->masterSecret, t, n, ctx)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_BN_LIB);
goto end;
}
/* sk->privatePoint = mpk->pointP1 * h */
if (!EC_POINT_mul(group, point, h, NULL, NULL, bn_ctx)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_EC_LIB);
goto end;
/* generate ds or de */
if (scheme == NID_sm9sign) {
EC_GROUP *group = NULL;
EC_POINT *ds = NULL;
/* ds = t2 * P1 */
if (!(group = EC_GROUP_new_by_curve_name(NID_sm9bn256v1))
|| !(ds = EC_POINT_new(group))
|| !EC_POINT_mul(group, ds, t, NULL, NULL, ctx)
|| !(len = EC_POINT_point2oct(group, ds, point_form, buf, len, ctx))) {
EC_GROUP_free(group);
EC_POINT_free(ds);
goto end;
}
EC_GROUP_free(group);
EC_POINT_free(ds);
} else if (scheme == NID_sm9encrypt) {
point_t de;
/* de = t2 * P2 */
if (!point_init(&de, ctx)
|| !point_mul_generator(&de, t, p, ctx)
|| !point_to_octets(&de, buf, ctx)) {
point_cleanup(&de);
goto end;
}
point_cleanup(&de);
}
if (!(size = EC_POINT_point2oct(group, point, point_form,
NULL, 0, bn_ctx))) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_EC_LIB);
goto end;
}
if (!ASN1_OCTET_STRING_set(ret->privatePoint, NULL, size)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_POINT_point2oct(group, point, point_form,
ret->privatePoint->data, ret->privatePoint->length, bn_ctx)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_EC_LIB);
ASN1_OBJECT_free(sk->pairing);
ASN1_OBJECT_free(sk->scheme);
ASN1_OBJECT_free(sk->hash1);
sk->pairing = NULL;
sk->scheme = NULL;
sk->hash1 = NULL;
if (!(sk->pairing = msk->pairing)
|| !(sk->scheme = msk->scheme)
|| !(sk->hash1 = msk->hash1)
|| !ASN1_STRING_copy(sk->pointPpub, msk->pointPpub)
|| !ASN1_STRING_set(sk->identity, id, idlen)
/* FIXME: create publicPoint */
|| !ASN1_STRING_set(sk->privatePoint, buf, len)) {
SM9err(SM9_F_SM9_EXTRACT_PRIVATE_KEY, ERR_R_ASN1_LIB);
goto end;
}
e = 0;
ret = sk;
sk = NULL;
end:
if (e && ret) {
SM9PrivateKey_free(ret);
ret = NULL;
if (ctx) {
BN_CTX_end(ctx);
}
if (bn_ctx) {
BN_CTX_end(bn_ctx);
}
BN_CTX_free(bn_ctx);
EC_GROUP_free(group);
EC_POINT_free(point);
return NULL;
BN_CTX_free(ctx);
BN_clear_free(t);
OPENSSL_cleanse(buf, sizeof(buf));
return ret;
}
SM9PublicKey *SM9_extract_public_key(SM9PublicParameters *mpk,
const char *id, size_t idlen)
{
return NULL;
SM9PublicKey *ret = NULL;
SM9PublicKey *pk = NULL;
BN_CTX *ctx = NULL;
BIGNUM *h1 = NULL;
int scheme;
unsigned char hid;
const EVP_MD *md;
const BIGNUM *p = SM9_get0_prime();
const BIGNUM *n = SM9_get0_order();
int point_form = POINT_CONVERSION_UNCOMPRESSED;
unsigned char buf[129];
size_t len = sizeof(buf);
if (!(pk = SM9PublicKey_new())
|| !(ctx = BN_CTX_new())) {
goto end;
}
/* check pairing */
if (OBJ_obj2nid(mpk->pairing) != NID_sm9bn256v1) {
goto end;
}
/* check scheme and set hash1 hid */
scheme = OBJ_obj2nid(mpk->scheme);
switch (scheme) {
case NID_sm9sign:
hid = SM9_HID_SIGN;
break;
case NID_sm9encrypt:
hid = SM9_HID_ENC;
break;
case NID_sm9keyagreement:
hid = SM9_HID_EXCH;
break;
default:
goto end;
}
/* check hash1 and set hash1 md */
switch (OBJ_obj2nid(mpk->hash1)) {
case NID_sm9hash1_with_sm3:
md = EVP_sm3();
break;
case NID_sm9hash1_with_sha256:
md = EVP_sha256();
break;
default:
goto end;
}
/* h1 = H1(ID || hid) in [1, n-1] */
if (!SM9_hash1(md, &h1, id, idlen, hid, n, ctx)) {
goto end;
}
if (scheme == NID_sm9sign) {
/* publicPoint = h1 * P2 + Ppubs */
point_t point;
point_t Ppubs;
if (!point_init(&point, ctx)
|| !point_init(&Ppubs, ctx)
|| ASN1_STRING_length(mpk->pointPpub) != sizeof(buf)
|| !point_from_octets(&Ppubs, ASN1_STRING_get0_data(mpk->pointPpub), p, ctx)
|| !point_mul_generator(&point, h1, p, ctx)
|| !point_add(&point, &point, &Ppubs, p, ctx)
|| !point_to_octets(&point, buf, ctx)) {
point_cleanup(&point);
point_cleanup(&Ppubs);
goto end;
}
point_cleanup(&point);
point_cleanup(&Ppubs);
} else if (OBJ_obj2nid(mpk->scheme) == NID_sm9encrypt) {
/* publicPoint = h1 * P1 + Ppube */
EC_GROUP *group = NULL;
EC_POINT *point = NULL;
EC_POINT *Ppube = NULL;
if (!(group = EC_GROUP_new_by_curve_name(NID_sm9bn256v1))
|| !(point = EC_POINT_new(group))
|| !(Ppube = EC_POINT_new(group))
|| !EC_POINT_oct2point(group, Ppube,
ASN1_STRING_get0_data(mpk->pointPpub),
ASN1_STRING_length(mpk->pointPpub), ctx)
|| !EC_POINT_mul(group, point, h1, NULL, NULL, ctx)
|| !EC_POINT_add(group, point, point, Ppube, ctx)
|| !(len = EC_POINT_point2oct(group, point, point_form, buf, len, ctx))) {
EC_GROUP_free(group);
EC_POINT_free(point);
EC_POINT_free(Ppube);
goto end;
}
EC_GROUP_free(group);
EC_POINT_free(point);
EC_POINT_free(Ppube);
}
/* init object */
ASN1_OBJECT_free(pk->pairing);
ASN1_OBJECT_free(pk->scheme);
ASN1_OBJECT_free(pk->hash1);
pk->pairing = NULL;
pk->scheme = NULL;
pk->hash1 = NULL;
if (!(pk->pairing = OBJ_dup(mpk->pairing))
|| !(pk->scheme = OBJ_dup(mpk->scheme))
|| !(pk->hash1 = OBJ_dup(mpk->hash1))
|| !ASN1_STRING_copy(pk->pointPpub, mpk->pointPpub)
|| !ASN1_STRING_set(pk->publicPoint, buf, len)
|| !ASN1_STRING_set(pk->identity, id, idlen)) {
goto end;
}
ret = pk;
pk = NULL;
end:
SM9PublicKey_free(pk);
return ret;
}
SM9PublicKey *SM9PrivateKey_get_public_key(SM9PublicParameters *mpk,
SM9PrivateKey *sk)
SM9PublicKey *SM9PrivateKey_get_public_key(SM9PrivateKey *sk)
{
return NULL;
SM9PublicKey *ret = NULL;
SM9PublicKey *pk = NULL;
if (!(pk = SM9PublicKey_new())) {
return NULL;
}
ASN1_OBJECT_free(pk->pairing);
ASN1_OBJECT_free(pk->scheme);
ASN1_OBJECT_free(pk->hash1);
pk->pairing = NULL;
pk->scheme = NULL;
pk->hash1 = NULL;
if (!(pk->pairing = OBJ_dup(sk->pairing))
|| !(pk->scheme = OBJ_dup(sk->scheme))
|| !(pk->hash1 = OBJ_dup(sk->hash1))
|| !ASN1_STRING_copy(pk->pointPpub, sk->pointPpub)
|| !ASN1_STRING_copy(pk->publicPoint, sk->publicPoint)
|| !ASN1_STRING_copy(pk->identity, sk->identity)) {
goto end;
}
ret = pk;
pk = NULL;
end:
SM9PublicKey_free(pk);
return ret;
}

85
crypto/sm9/sm9_lcl.h
View File

@@ -76,48 +76,50 @@
extern "C" {
#endif
int SM9_rate_pairing(BIGNUM *r[12], const BIGNUM *xQ[2], const BIGNUM *yQ[2],
const BIGNUM *xP, const BIGNUM *yP, BN_CTX *ctx);
struct SM9PublicParameters_st {
ASN1_OBJECT *curve;
BIGNUM *p;
BIGNUM *a;
BIGNUM *b;
BIGNUM *beta;
BIGNUM *order;
BIGNUM *cofactor;
BIGNUM *k;
ASN1_OCTET_STRING *pointP1;
ASN1_OCTET_STRING *pointP2;
ASN1_OBJECT *pairing;
ASN1_OCTET_STRING *pointPpub;
BIGNUM *g1; /* g1 = e(P1, Ppub) */
BIGNUM *g2; /* g2 = e(Ppub, P2) */
ASN1_OBJECT *hashfcn;
};
struct SM9MasterSecret_st {
ASN1_OBJECT *pairing;
ASN1_OBJECT *scheme;
ASN1_OBJECT *hash1;
ASN1_OCTET_STRING *pointPpub;
BIGNUM *masterSecret;
};
struct SM9PublicKey_st {
ASN1_OCTET_STRING *publicPoint;
struct SM9PublicParameters_st {
ASN1_OBJECT *pairing;
ASN1_OBJECT *scheme;
ASN1_OBJECT *hash1;
ASN1_OCTET_STRING *pointPpub;
};
struct SM9PrivateKey_st {
ASN1_OBJECT *pairing;
ASN1_OBJECT *scheme;
ASN1_OBJECT *hash1;
ASN1_OCTET_STRING *pointPpub;
ASN1_OCTET_STRING *identity;
ASN1_OCTET_STRING *publicPoint;
ASN1_OCTET_STRING *privatePoint;
};
struct SM9PublicKey_st {
ASN1_OBJECT *pairing;
ASN1_OBJECT *scheme;
ASN1_OBJECT *hash1;
ASN1_OCTET_STRING *pointPpub;
ASN1_OCTET_STRING *identity;
ASN1_OCTET_STRING *publicPoint;
};
struct SM9Ciphertext_st {
ASN1_OCTET_STRING *pointC1;
ASN1_OCTET_STRING *c2;
ASN1_OCTET_STRING *c3;
ASN1_OCTET_STRING *pointC1; /* point over E(F_p) */
ASN1_OCTET_STRING *c2; /* ciphertext */
ASN1_OCTET_STRING *c3; /* mac-tag */
};
struct SM9Signature_st {
BIGNUM *h;
ASN1_OCTET_STRING *pointS;
BIGNUM *h; /* hash */
ASN1_OCTET_STRING *pointS; /* point over E'(F_p^2) */
};
int SM9_hash1(const EVP_MD *md, BIGNUM **r,
@@ -131,6 +133,7 @@ int SM9_hash2(const EVP_MD *md, BIGNUM **r,
const BIGNUM *SM9_get0_prime(void);
const BIGNUM *SM9_get0_order(void);
const BIGNUM *SM9_get0_order_minus_one(void);
const BIGNUM *SM9_get0_loop_count(void);
const BIGNUM *SM9_get0_final_exponent(void);
const BIGNUM *SM9_get0_generator2_x0(void);
@@ -138,6 +141,34 @@ const BIGNUM *SM9_get0_generator2_x1(void);
const BIGNUM *SM9_get0_generator2_y0(void);
const BIGNUM *SM9_get0_generator2_y1(void);
typedef BIGNUM *fp2_t[2];
typedef fp2_t fp4_t[2];
typedef fp4_t fp12_t[3];
typedef struct point_t {
fp2_t X;
fp2_t Y;
fp2_t Z;
} point_t;
int fp12_init(fp12_t a, BN_CTX *ctx);
int fp12_mul(fp12_t r, const fp12_t a, const fp12_t b, const BIGNUM *p, BN_CTX *ctx);
int fp12_pow(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p, BN_CTX *ctx);
int fp12_to_bin(const fp12_t a, unsigned char to[384]);
void fp12_cleanup(fp12_t a);
int point_init(point_t *P, BN_CTX *ctx);
int point_copy(point_t *R, const point_t *P);
int point_equ(const point_t *P, const point_t *Q);
int point_is_on_curve(point_t *P, const BIGNUM *p, BN_CTX *ctx);
int point_to_octets(const point_t *P, unsigned char to[129], BN_CTX *ctx);
int point_from_octets(point_t *P, const unsigned char from[129], const BIGNUM *p, BN_CTX *ctx);
int point_add(point_t *R, const point_t *A, const point_t *B, const BIGNUM *p, BN_CTX *ctx);
int point_mul(point_t *R, const BIGNUM *k, const point_t *P, const BIGNUM *p, BN_CTX *ctx);
int point_mul_generator(point_t *R, const BIGNUM *k, const BIGNUM *p, BN_CTX *ctx);
void point_cleanup(point_t *P);
int rate_pairing(fp12_t r, const point_t *Q, const EC_POINT *P, BN_CTX *ctx);
#ifdef __cplusplus
}

62
crypto/sm9/sm9_lib.c
View File

@@ -65,28 +65,6 @@ int SM9PublicKey_get_gmtls_encoded(SM9PublicParameters *mpk,
return 0;
}
int SM9_hash1(const EVP_MD *md, BIGNUM **r,
const char *id, size_t idlen,
unsigned char hid,
const BIGNUM *range,
BN_CTX *ctx)
{
unsigned char *buf;
if (!(buf = OPENSSL_malloc(idlen + 1))) {
return 0;
}
memcpy(buf, id, idlen);
buf[idlen] = hid;
if (!BN_hash_to_range(md, r, buf, idlen + 1, range, ctx)) {
OPENSSL_free(buf);
return 0;
}
OPENSSL_free(buf);
return 1;
}
int SM9_hash2(const EVP_MD *md, BIGNUM **r,
const unsigned char *data, size_t datalen,
@@ -110,3 +88,43 @@ int SM9_hash2(const EVP_MD *md, BIGNUM **r,
return 1;
}
int SM9_DigestInit(EVP_MD_CTX *ctx, unsigned char prefix,
const EVP_MD *md, ENGINE *impl)
{
if (!EVP_DigestInit_ex(ctx, md, impl)
|| !EVP_DigestUpdate(ctx, &prefix, 1)) {
ERR_print_errors_fp(stderr);
return 0;
}
return 1;
}
#if 0
int SM9_DigestFinal(EVP_MD_CTX *ctx1, BIGNUM *h, const BIGNUM *n_1)
{
int ret = 0;
EVP_MD_CTX *ctx2 = NULL;
const unsigned char ct1[4] = {0x00, 0x00, 0x00, 0x01};
const unsigned char ct2[4] = {0x00, 0x00, 0x00, 0x02};
unsigned char Ha[EVP_MAX_MD_SIZE * 2];
unsigned int len = 0;
if (!(ctx2 = EVP_MD_CTX_new())
|| !EVP_MD_CTX_copy(ctx2, ctx1)
|| !EVP_DigestUpdate(ctx1, ct1, sizeof(ct))
|| !EVP_DigestUpdate(ctx2, ct2, sizeof(ct2))
|| !EVP_DigestFinal_ex(ctx1, Ha, &len)
|| !EVP_DigestFinal_ex(ctx2, Ha + len, &len)
|| !BN_bin2bn(Ha, 40, h)
|| !BN_mod(h, h, n_1, bn_ctx)
|| !BN_add_word(h, 1)) {
ERR_print_errors_fp(stderr);
goto end;
}
ret = 1;
end:
EVP_MD_CTX_free(ctx2);
return ret;
}
#endif

23
crypto/sm9/sm9_params.c
View File

@@ -74,6 +74,11 @@ static const BN_ULONG _sm9bn256v1_order[BN_SM9_BN256_TOP] = {
0xD603AB4FF58EC744ULL, 0xB640000002A3A6F1ULL,
};
static const BN_ULONG _sm9bn256v1_order_minus_one[BN_SM9_BN256_TOP] = {
0xE56EE19CD69ECF24ULL, 0x49F2934B18EA8BEEULL,
0xD603AB4FF58EC744ULL, 0xB640000002A3A6F1ULL,
};
static const BN_ULONG _sm9bn256v1_loop[BN_SM9_LOOP_TOP] = {
0x400000000215D93EULL, 0x02ULL,
};
@@ -128,6 +133,11 @@ static const BN_ULONG _sm9bn256v1_order[BN_SM9_BN256_TOP] = {
0xF58EC744, 0xD603AB4F, 0x02A3A6F1, 0xB6400000,
};
static const BN_ULONG _sm9bn256v1_order_minus_one[BN_SM9_BN256_TOP] = {
0xD69ECF24, 0xE56EE19C, 0x18EA8BEE, 0x49F2934B,
0xF58EC744, 0xD603AB4F, 0x02A3A6F1, 0xB6400000,
};
static const BN_ULONG _sm9bn256v1_loop[BN_SM9_LOOP_TOP] = {
0x0215D93E, 0x40000000, 0x02,
};
@@ -191,6 +201,14 @@ static const BIGNUM _bignum_sm9bn256v1_order = {
BN_FLG_STATIC_DATA
};
static const BIGNUM _bignum_sm9bn256v1_order_minus_one = {
(BN_ULONG *)_sm9bn256v1_order_minus_one,
BN_SM9_BN256_TOP,
BN_SM9_BN256_TOP,
0,
BN_FLG_STATIC_DATA
};
static const BIGNUM _bignum_sm9bn256v1_loop = {
(BN_ULONG *)_sm9bn256v1_loop,
BN_SM9_LOOP_TOP,
@@ -269,6 +287,11 @@ const BIGNUM *SM9_get0_order(void)
return &_bignum_sm9bn256v1_order;
}
const BIGNUM *SM9_get0_order_minus_one(void)
{
return &_bignum_sm9bn256v1_order_minus_one;
}
const BIGNUM *SM9_get0_loop_count(void)
{
return &_bignum_sm9bn256v1_loop;

136
crypto/sm9/sm9_rate.c
View File

@@ -55,16 +55,6 @@
#include <openssl/err.h>
#include "sm9_lcl.h"
typedef BIGNUM *fp2_t[2];
typedef fp2_t fp4_t[2];
typedef fp4_t fp12_t[3];
typedef struct point_t {
fp2_t X;
fp2_t Y;
fp2_t Z;
} point_t;
static int fp2_init(fp2_t a, BN_CTX *ctx)
{
@@ -421,6 +411,20 @@ static int fp2_div(fp2_t r, const fp2_t a, const fp2_t b, const BIGNUM *p, BN_CT
&& fp2_mul(r, a, r, p, ctx);
}
static int fp2_to_bin(const fp2_t a, unsigned char to[64])
{
memset(to, 0, 64);
BN_bn2bin(a[0], to + 32 - BN_num_bytes(a[0]));
BN_bn2bin(a[1], to + 64 - BN_num_bytes(a[1]));
return 1;
}
static int fp2_from_bin(fp2_t a, const unsigned char from[64])
{
return BN_bin2bn(from, 32, a[0])
&& BN_bin2bn(from + 32, 32, a[1]);
}
static int fp2_test(const BIGNUM *p, BN_CTX *ctx)
{
const char *_a[] = {
@@ -655,6 +659,18 @@ static int fp4_equ_hex(const fp4_t a, const char *str[4], BN_CTX *ctx)
return fp4_equ(a, t);
}
static int fp4_to_bin(const fp4_t a, unsigned char to[128])
{
return fp2_to_bin(a[1], to)
&& fp2_to_bin(a[0], to + 64);
}
static int fp4_from_bin(fp4_t a, const unsigned char from[128])
{
return fp2_from_bin(a[1], from)
&& fp2_from_bin(a[0], from + 64);
}
static int fp4_add(fp4_t r, const fp4_t a, const fp4_t b, const BIGNUM *p, BN_CTX *ctx)
{
return fp2_add(r[0], a[0], b[0], p, ctx)
@@ -963,8 +979,7 @@ static int fp4_test(const BIGNUM *p, BN_CTX *ctx)
return 0;
}
static int fp12_init(fp12_t a, BN_CTX *ctx)
int fp12_init(fp12_t a, BN_CTX *ctx)
{
int r;
r = fp4_init(a[0], ctx);
@@ -978,7 +993,7 @@ static int fp12_init(fp12_t a, BN_CTX *ctx)
return r;
}
static void fp12_cleanup(fp12_t a)
void fp12_cleanup(fp12_t a)
{
fp4_cleanup(a[0]);
fp4_cleanup(a[1]);
@@ -1120,6 +1135,20 @@ static int fp12_equ_hex(const fp12_t a, const char *str[12], BN_CTX *ctx)
return fp12_equ(a, t);
}
int fp12_to_bin(const fp12_t a, unsigned char to[384])
{
return fp4_to_bin(a[2], to)
&& fp4_to_bin(a[1], to + 128)
&& fp4_to_bin(a[0], to + 256);
}
static int fp12_from_bin(fp4_t a, const unsigned char from[384])
{
return fp4_from_bin(a[2], from)
&& fp4_from_bin(a[1], from + 128)
&& fp4_from_bin(a[0], from + 256);
}
static int fp12_add(fp12_t r, const fp12_t a, const fp12_t b, const BIGNUM *p, BN_CTX *ctx)
{
@@ -1163,7 +1192,7 @@ static int fp12_neg(fp12_t r, const fp12_t a, const BIGNUM *p, BN_CTX *ctx)
&& fp4_neg(r[2], a[2], p, ctx);
}
static int fp12_mul(fp12_t r, const fp12_t a, const fp12_t b, const BIGNUM *p, BN_CTX *ctx)
int fp12_mul(fp12_t r, const fp12_t a, const fp12_t b, const BIGNUM *p, BN_CTX *ctx)
{
fp4_t r0, r1, r2, t;
fp4_init(r0, ctx);
@@ -1362,7 +1391,7 @@ static int fp12_div(fp12_t r, const fp12_t a, const fp12_t b, const BIGNUM *p, B
&& fp12_mul(r, a, r, p, ctx);
}
static int fp12_pow(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p, BN_CTX *ctx)
int fp12_pow(fp12_t r, const fp12_t a, const BIGNUM *k, const BIGNUM *p, BN_CTX *ctx)
{
int n, i;
fp12_t t;
@@ -1680,7 +1709,7 @@ static int fp12_test(const BIGNUM *p, BN_CTX *ctx)
return 0;
}
static int point_init(point_t *P, BN_CTX *ctx)
int point_init(point_t *P, BN_CTX *ctx)
{
int r;
r = fp2_init(P->X, ctx);
@@ -1698,7 +1727,7 @@ static int point_init(point_t *P, BN_CTX *ctx)
return 1;
}
static void point_cleanup(point_t *P)
void point_cleanup(point_t *P)
{
fp2_cleanup(P->X);
fp2_cleanup(P->Y);
@@ -1716,42 +1745,42 @@ static void point_print(const point_t *P)
printf("\n");
}
static int point_copy(point_t *R, const point_t *P)
int point_copy(point_t *R, const point_t *P)
{
return fp2_copy(R->X, P->X)
&& fp2_copy(R->Y, P->Y)
&& fp2_copy(R->Z, P->Z);
}
static int point_set_to_infinity(point_t *P)
int point_set_to_infinity(point_t *P)
{
fp2_set_zero(P->X);
fp2_set_zero(P->Z);
return fp2_set_one(P->Y);
}
static int point_is_at_infinity(const point_t *P)
int point_is_at_infinity(const point_t *P)
{
return fp2_is_zero(P->X)
&& fp2_is_one(P->Y)
&& fp2_is_zero(P->Z);
}
static int point_equ(const point_t *P, const point_t *Q)
int point_equ(const point_t *P, const point_t *Q)
{
return fp2_equ(P->X, Q->X)
&& fp2_equ(P->Y, Q->Y)
&& fp2_equ(P->Z, Q->Z);
}
static int point_set_affine_coordinates(point_t *P, const fp2_t x, const fp2_t y)
int point_set_affine_coordinates(point_t *P, const fp2_t x, const fp2_t y)
{
return fp2_copy(P->X, x)
&& fp2_copy(P->Y, y)
&& fp2_set_one(P->Z);
}
static int point_set_affine_coordinates_hex(point_t *P, const char *str[4])
int point_set_affine_coordinates_hex(point_t *P, const char *str[4])
{
fp2_set_hex(P->X, str);
fp2_set_hex(P->Y, str + 2);
@@ -1767,7 +1796,7 @@ static int point_equ_hex(const point_t *P, const char *str[4], BN_CTX *ctx)
return point_equ(P, &T);
}
static int point_set_affine_coordinates_bignums(point_t *P,
int point_set_affine_coordinates_bignums(point_t *P,
const BIGNUM *x0, const BIGNUM *x1, const BIGNUM *y0, const BIGNUM *y1)
{
return fp2_set(P->X, x0, x1)
@@ -1775,14 +1804,14 @@ static int point_set_affine_coordinates_bignums(point_t *P,
&& fp2_set_one(P->Z);
}
static int point_get_affine_coordinates(const point_t *P, fp2_t x, fp2_t y)
int point_get_affine_coordinates(const point_t *P, fp2_t x, fp2_t y)
{
return fp2_copy(x, P->X)
&& fp2_copy(y, P->Y)
&& fp2_is_one(P->Z);
}
static int point_get_ext_affine_coordinates(const point_t *P, fp12_t x, fp12_t y, const BIGNUM *p, BN_CTX *ctx)
int point_get_ext_affine_coordinates(const point_t *P, fp12_t x, fp12_t y, const BIGNUM *p, BN_CTX *ctx)
{
int r;
fp2_t xP;
@@ -1825,7 +1854,7 @@ end:
return r;
}
static int point_set_ext_affine_coordinates(point_t *P, const fp12_t x, const fp12_t y, const BIGNUM *p, BN_CTX *ctx)
int point_set_ext_affine_coordinates(point_t *P, const fp12_t x, const fp12_t y, const BIGNUM *p, BN_CTX *ctx)
{
fp12_t tx;
fp12_t ty;
@@ -1845,7 +1874,7 @@ static int point_set_ext_affine_coordinates(point_t *P, const fp12_t x, const fp
return 1;
}
static int point_is_on_curve(point_t *P, const BIGNUM *p, BN_CTX *ctx)
int point_is_on_curve(point_t *P, const BIGNUM *p, BN_CTX *ctx)
{
int r;
fp2_t x, y, b, t;
@@ -1879,7 +1908,39 @@ end:
return r;
}
static int point_dbl(point_t *R, const point_t *P, const BIGNUM *p, BN_CTX *ctx)
int point_to_octets(const point_t *P, unsigned char to[129], BN_CTX *ctx)
{
to[0] = 0x04;
if (fp2_is_one(P->Z)) {
fp2_to_bin(P->X, to + 1);
fp2_to_bin(P->Y, to + 65);
} else {
fp2_t x, y;
fp2_init(x, ctx);
fp2_init(y, ctx);
point_get_affine_coordinates(P, x, y);
fp2_to_bin(x, to + 1);
fp2_to_bin(y, to + 65);
fp2_cleanup(x);
fp2_cleanup(y);
}
return 1;
}
int point_from_octets(point_t *P, const unsigned char from[129], const BIGNUM *p, BN_CTX *ctx)
{
if (from[0] != 0x04) {
return 0;
}
fp2_from_bin(P->X, from + 1);
fp2_from_bin(P->Y, from + 65);
fp2_set_one(P->Z);
return point_is_on_curve(P, p, ctx);
}
int point_dbl(point_t *R, const point_t *P, const BIGNUM *p, BN_CTX *ctx)
{
int r;
fp2_t x3, y3, x1, y1, lambda, t;
@@ -1933,7 +1994,7 @@ end:
return r;
}
static int point_add(point_t *R, const point_t *P, const point_t *Q, const BIGNUM *p, BN_CTX *ctx)
int point_add(point_t *R, const point_t *P, const point_t *Q, const BIGNUM *p, BN_CTX *ctx)
{
int r;
fp2_t x1;
@@ -2016,14 +2077,14 @@ end:
return r;
}
static int point_neg(point_t *R, const point_t *P, const BIGNUM *p, BN_CTX *ctx)
int point_neg(point_t *R, const point_t *P, const BIGNUM *p, BN_CTX *ctx)
{
return fp2_copy(R->X, P->X)
&& fp2_neg(R->Y, P->Y, p, ctx)
&& fp2_copy(R->Z, P->Z);
}
static int point_sub(point_t *R, const point_t *P, const point_t *Q, const BIGNUM *p, BN_CTX *ctx)
int point_sub(point_t *R, const point_t *P, const point_t *Q, const BIGNUM *p, BN_CTX *ctx)
{
point_t T;
@@ -2038,7 +2099,7 @@ static int point_sub(point_t *R, const point_t *P, const point_t *Q, const BIGNU
return 1;
}
static int point_mul(point_t *R, const BIGNUM *k, const point_t *P, const BIGNUM *p, BN_CTX *ctx)
int point_mul(point_t *R, const BIGNUM *k, const point_t *P, const BIGNUM *p, BN_CTX *ctx)
{
int i, n;
@@ -2065,7 +2126,7 @@ static int point_mul(point_t *R, const BIGNUM *k, const point_t *P, const BIGNUM
return 1;
}
static int point_mul_generator(point_t *R, const BIGNUM *k, const BIGNUM *p, BN_CTX *ctx)
int point_mul_generator(point_t *R, const BIGNUM *k, const BIGNUM *p, BN_CTX *ctx)
{
point_t G;
@@ -2435,7 +2496,7 @@ static int params_test(void)
return 1;
}
static int sm9_rate(fp12_t r, const point_t *Q, const EC_POINT *P, BN_CTX *ctx)
int rate_pairing(fp12_t r, const point_t *Q, const EC_POINT *P, BN_CTX *ctx)
{
int ret = 1;
const EC_GROUP *group;
@@ -2499,7 +2560,7 @@ static int rate_test(void)
point_set_affine_coordinates_hex(&Ppubs, Ppubs_str);
fp12_init(g, ctx);
sm9_rate(g, &Ppubs, P1, ctx);
rate_pairing(g, &Ppubs, P1, ctx);
ok = fp12_equ_hex(g, g_str, ctx);
printf("rate %d: %s\n", __LINE__, ok ? "ok" : "error");
@@ -2512,9 +2573,10 @@ static int rate_test(void)
return 1;
}
/* for SM9 sign, the (xP, yP) is the fixed generator of E(Fp)
*/
int SM9_rate_pairing(BIGNUM *r[12], const BIGNUM *xQ[2], const BIGNUM *yQ[2],
const BIGNUM *xP, const BIGNUM *yP, BN_CTX *ctx)
{
return 0;
}

316
crypto/sm9/sm9_setup.c
View File

@@ -48,175 +48,193 @@
*/
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/sm9.h>
#include "sm9_lcl.h"
//TODO: `hid` should be add to arguments
int SM9_setup_type1curve(const EC_GROUP *group, const EVP_MD *md,
SM9PublicParameters **pmpk, SM9MasterSecret **pmsk)
SM9MasterSecret *SM9_generate_master_secret(int pairing, int scheme, int hash1)
{
int ret = 0;
SM9PublicParameters *mpk = NULL;
SM9MasterSecret *ret = NULL;
SM9MasterSecret *msk = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *point = NULL;
BN_CTX *ctx = NULL;
const BIGNUM *n = SM9_get0_order();
const BIGNUM *p = SM9_get0_prime();
int point_form = POINT_CONVERSION_UNCOMPRESSED;
size_t size;
unsigned char buf[129];
size_t len = sizeof(buf);
if (!group || !pmpk || !pmsk) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
/* BN_CTX */
if (!(bn_ctx = BN_CTX_new())) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
if (!(msk = SM9MasterSecret_new())
|| !(ctx = BN_CTX_new())) {
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(ctx);
mpk = SM9PublicParameters_new();
msk = SM9MasterSecret_new();
point = EC_POINT_new(group);
if (!mpk || !msk || !point) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
goto end;
}
/* set mpk->curve */
OPENSSL_assert(mpk->curve);
ASN1_OBJECT_free(mpk->curve);
if (!(mpk->curve = OBJ_nid2obj(NID_type1curve))) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, SM9_R_NOT_NAMED_CURVE);
goto end;
}
/* mpk->p = group->p
* mpk->a = group->a
* mpk->b = group->b
*/
if (!EC_GROUP_get_curve_GFp(group, mpk->p, mpk->a, mpk->b, bn_ctx)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!BN_is_zero(mpk->a) || !BN_is_one(mpk->b)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, SM9_R_INVALID_TYPE1CURVE);
goto end;
}
/* mpk->beta = 0 */
BN_zero(mpk->beta);
/* mpk->order = group->order */
if (!EC_GROUP_get_order(group, mpk->order, bn_ctx)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, SM9_R_INVALID_TYPE1CURVE);
goto end;
}
/* mpk->cofactor = group->cofactor */
if (!EC_GROUP_get_cofactor(group, mpk->cofactor, bn_ctx)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, SM9_R_INVALID_TYPE1CURVE);
goto end;
}
/* mpk->k = 2 */
if (!BN_set_word(mpk->k, 2)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
/* mpk->pointP1 = group->generator
* mpk->pointP2 = group->generator
*/
if (!(size = EC_POINT_point2oct(group, EC_GROUP_get0_generator(group),
point_form, NULL, 0, bn_ctx))) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!ASN1_OCTET_STRING_set(mpk->pointP1, NULL, size)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_POINT_point2oct(group, EC_GROUP_get0_generator(group),
point_form, mpk->pointP1->data, mpk->pointP1->length, bn_ctx)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!ASN1_OCTET_STRING_set(mpk->pointP2,
mpk->pointP1->data, mpk->pointP1->length)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
goto end;
}
/* mpk->pairing = "tate" */
ASN1_OBJECT_free(mpk->pairing);
if (!(mpk->pairing = OBJ_nid2obj(NID_tate_pairing))) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, SM9_R_PARSE_PAIRING);
goto end;
}
/* set mpk->hashfcn */
OPENSSL_assert(mpk->hashfcn);
ASN1_OBJECT_free(mpk->hashfcn);
if (!(mpk->hashfcn = OBJ_nid2obj(EVP_MD_type(md)))) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, SM9_R_PARSE_PAIRING);
goto end;
}
/* set mpk->g1 = e(P1, Ppub) */
//TODO
/* set mpk->g2 = e(Ppub, P2) */
//TODO
/* random msk->masterSecret in [2, mpk->order - 1] */
do {
if (!BN_rand_range(msk->masterSecret, mpk->order)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_BN_LIB);
/* set pairing type */
switch (pairing) {
case NID_sm9bn256v1:
ASN1_OBJECT_free(msk->pairing);
if (!(msk->pairing = OBJ_nid2obj(pairing))) {
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, ERR_R_OBJ_LIB);
goto end;
}
} while (BN_is_zero(msk->masterSecret) || BN_is_one(msk->masterSecret));
/* mpk->pointPpub = msk->masterSecret * mpk->pointP */
if (!EC_POINT_mul(group, point, msk->masterSecret,
NULL, NULL, bn_ctx)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!(size = EC_POINT_point2oct(group, point, point_form,
NULL, 0, bn_ctx))) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!ASN1_OCTET_STRING_set(mpk->pointPpub, NULL, size)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_POINT_point2oct(group, point, point_form,
mpk->pointPpub->data, mpk->pointPpub->length, bn_ctx)) {
SM9err(SM9_F_SM9_SETUP_TYPE1CURVE, ERR_R_EC_LIB);
break;
default:
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, SM9_R_INVALID_PAIRING_TYPE);
goto end;
}
/* set return value */
*pmpk = mpk;
*pmsk = msk;
ret = 1;
/* set helper functions */
switch (scheme) {
case NID_sm9sign:
case NID_sm9encrypt:
case NID_sm9keyagreement:
ASN1_OBJECT_free(msk->scheme);
if (!(msk->scheme = OBJ_nid2obj(scheme))) {
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, ERR_R_OBJ_LIB);
goto end;
}
break;
default:
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, SM9_R_INVALID_SCHEME);
goto end;
}
/* set hash1 */
switch (hash1) {
case NID_sm9hash1_with_sm3:
case NID_sm9hash1_with_sha256:
ASN1_OBJECT_free(msk->hash1);
if (!(msk->hash1 = OBJ_nid2obj(hash1))) {
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, ERR_R_OBJ_LIB);
goto end;
}
break;
default:
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, SM9_R_INVALID_HASH1);
goto end;
}
/* generate master secret k = rand(1, n - 1) */
do {
if (!BN_rand_range(msk->masterSecret, n)) {
return 0;
}
} while (BN_is_zero(msk->masterSecret));
/* generate master public point */
if (scheme == NID_sm9sign) {
/* Ppubs = k * P2 in E'(F_p^2) */
point_t Ppubs;
if (!point_init(&Ppubs, ctx)
|| !point_mul_generator(&Ppubs, msk->masterSecret, p, ctx)
|| !point_to_octets(&Ppubs, buf, ctx)) {
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, SM9_R_TWIST_CURVE_ERROR);
point_cleanup(&Ppubs);
goto end;
}
len = 129;
point_cleanup(&Ppubs);
} else if (scheme == NID_sm9keyagreement
|| scheme == NID_sm9encrypt) {
/* Ppube = k * P1 in E(F_p) */
EC_GROUP *group = NULL;
EC_POINT *Ppube = NULL;
if (!(group = EC_GROUP_new_by_curve_name(NID_sm9bn256v1))
|| !(Ppube = EC_POINT_new(group))
|| !EC_POINT_mul(group, Ppube, msk->masterSecret, NULL, NULL, ctx)
|| !(len = EC_POINT_point2oct(group, Ppube, point_form, buf, len, ctx))) {
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, SM9_R_EC_LIB);
EC_GROUP_free(group);
EC_POINT_free(Ppube);
goto end;
}
EC_GROUP_free(group);
EC_POINT_free(Ppube);
} else {
SM9err(SM9_F_SM9_GENERATE_MASTER_SECRET, SM9_R_INVALID_SCHEME);
goto end;
}
if (!ASN1_OCTET_STRING_set(msk->pointPpub, buf, (int)len)) {
ERR_print_errors_fp(stderr);
goto end;
}
ret = msk;
msk = NULL;
end:
if (!ret) {
SM9PublicParameters_free(mpk);
SM9MasterSecret_free(msk);
*pmpk = NULL;
*pmsk = NULL;
SM9MasterSecret_free(msk);
if (ctx) {
BN_CTX_end(ctx);
}
BN_CTX_free(bn_ctx);
EC_POINT_free(point);
BN_CTX_free(ctx);
OPENSSL_cleanse(buf, sizeof(buf));
return ret;
}
int SM9_setup_by_pairing_name(int nid, int hid,
SM9PublicParameters **mpk, SM9MasterSecret **msk)
SM9PublicParameters *SM9_extract_public_parameters(SM9MasterSecret *msk)
{
return 0;
SM9PublicParameters *ret = NULL;
SM9PublicParameters *mpk = NULL;
if (!(mpk = SM9PublicParameters_new())) {
SM9err(SM9_F_SM9_EXTRACT_PUBLIC_PARAMETERS, ERR_R_MALLOC_FAILURE);
return NULL;
}
ASN1_OBJECT_free(mpk->pairing);
ASN1_OBJECT_free(mpk->scheme);
ASN1_OBJECT_free(mpk->hash1);
mpk->pairing = NULL;
mpk->scheme = NULL;
mpk->hash1 = NULL;
if (!(mpk->pairing = OBJ_dup(msk->pairing))
|| !(mpk->scheme = OBJ_dup(msk->scheme))
|| !(mpk->hash1 = OBJ_dup(msk->hash1))
|| !ASN1_STRING_copy(mpk->pointPpub, msk->pointPpub)) {
SM9err(SM9_F_SM9_EXTRACT_PUBLIC_PARAMETERS, ERR_R_MALLOC_FAILURE);
goto end;
}
ret = mpk;
mpk = NULL;
end:
SM9PublicParameters_free(mpk);
return ret;
}
int SM9_setup(int pairing, int scheme, int hash1,
SM9PublicParameters **pmpk, SM9MasterSecret **pmsk)
{
int ret = 0;
SM9MasterSecret *msk = NULL;
SM9PublicParameters *mpk = NULL;
if (!(msk = SM9_generate_master_secret(pairing, scheme, hash1))
|| !(mpk = SM9_extract_public_parameters(msk))) {
goto end;
}
*pmsk = msk;
*pmpk = mpk;
msk = NULL;
mpk = NULL;
ret = 1;
end:
SM9MasterSecret_free(msk);
SM9PublicParameters_free(mpk);
return ret;
}

631
crypto/sm9/sm9_sign.c
View File

@@ -55,480 +55,387 @@
#include <openssl/bn_gfp2.h>
#include "sm9_lcl.h"
int SM9_signature_size(SM9PublicParameters *mpk)
{
return 0;
return 105;
}
static SM9Signature *SM9_do_sign_type1curve(SM9PublicParameters *mpk,
const unsigned char *dgst, size_t dgstlen, SM9PrivateKey *sk)
int SM9_SignInit(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *eng)
{
unsigned char prefix = 0x02;
if (!EVP_DigestInit_ex(ctx, md, eng)) {
SM9err(SM9_F_SM9_SIGNINIT, ERR_R_EVP_LIB);
return 0;
}
if (!EVP_DigestUpdate(ctx, &prefix, 1)) {
SM9err(SM9_F_SM9_SIGNINIT, ERR_R_EVP_LIB);
return 0;
}
return 1;
}
SM9Signature *SM9_SignFinal(EVP_MD_CTX *ctx1, SM9PrivateKey *sk)
{
int e = 1;
SM9Signature *ret = NULL;
BN_CTX *bn_ctx = NULL;
SM9Signature *sig = NULL;
const BIGNUM *p = SM9_get0_prime();
const BIGNUM *n = SM9_get0_order();
int point_form = POINT_CONVERSION_COMPRESSED;
/* buf for w and prefix zeros of ct1/2 */
unsigned char buf[387] = {0};
unsigned int len;
const unsigned char ct1 = 0x01;
const unsigned char ct2 = 0x02;
EVP_MD_CTX *ctx2 = NULL;
EC_GROUP *group = NULL;
EC_POINT *point = NULL;
BN_GFP2 *w = NULL;
unsigned char *buf = NULL;
BIGNUM *r;
BIGNUM *l;
const EVP_MD *md;
int point_form = POINT_CONVERSION_UNCOMPRESSED;
size_t size;
EC_POINT *S = NULL;
BN_CTX *bn_ctx = NULL;
BIGNUM *r = NULL;
point_t Ppubs;
fp12_t w;
if (!mpk || !dgst || dgstlen <= 0 || !sk) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE,
ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (dgstlen > EVP_MAX_MD_SIZE) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE,
SM9_R_INVALID_DIGEST);
return NULL;
}
/* BN_CTX */
if (!(bn_ctx = BN_CTX_new())) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE,
ERR_R_MALLOC_FAILURE);
if (!(sig = SM9Signature_new())
|| !(ctx2 = EVP_MD_CTX_new())
|| !(group = EC_GROUP_new_by_curve_name(NID_sm9bn256v1))
|| !(S = EC_POINT_new(group))
|| !(bn_ctx = BN_CTX_new())) {
SM9err(SM9_F_SM9_SIGNFINAL, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(bn_ctx);
/* EC_GROUP */
if (!(group = EC_GROUP_new_type1curve_ex(mpk->p,
mpk->a, mpk->b, mpk->pointP1->data, mpk->pointP1->length,
mpk->order, mpk->cofactor, bn_ctx))) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, SM9_R_INVALID_TYPE1CURVE);
if (!(r = BN_CTX_get(bn_ctx))
|| !fp12_init(w, bn_ctx)
|| !point_init(&Ppubs, bn_ctx)) {
SM9err(SM9_F_SM9_SIGNFINAL, ERR_R_MALLOC_FAILURE);
goto end;
}
/* malloc */
ret = SM9Signature_new();
point = EC_POINT_new(group);
r = BN_CTX_get(bn_ctx);
l = BN_CTX_get(bn_ctx);
if (!ret || !point || !r || !l) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
/* get Ppubs */
if (ASN1_STRING_length(sk->pointPpub) != 129
|| !point_from_octets(&Ppubs, ASN1_STRING_get0_data(sk->pointPpub), p, bn_ctx)) {
SM9err(SM9_F_SM9_SIGNFINAL, SM9_R_INVALID_POINTPPUB);
goto end;
}
/* md = mpk->hashfcn */
if (!(md = EVP_get_digestbyobj(mpk->hashfcn))) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, SM9_R_INVALID_MD);
/* g = e(P1, Ppubs) */
if (!rate_pairing(w, &Ppubs, EC_GROUP_get0_generator(group), bn_ctx)) {
SM9err(SM9_F_SM9_SIGNFINAL, SM9_R_PAIRING_ERROR);
goto end;
}
do {
/* rand r in [1, mpk->order - 1] */
/* r = rand(1, n - 1) */
do {
if (!BN_rand_range(r, mpk->order)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_BN_LIB);
if (!BN_rand_range(r, n)) {
SM9err(SM9_F_SM9_SIGNFINAL, ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(r));
/* get w = mpk->g = e(mpk->pointP1, mpk->pointPpub) */
if (!BN_bn2gfp2(mpk->g1, w, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_BN_LIB);
/* w = g^r */
if (!fp12_pow(w, w, r, p, bn_ctx)
|| !fp12_to_bin(w, buf)) {
SM9err(SM9_F_SM9_SIGNFINAL, SM9_R_EXTENSION_FIELD_ERROR);
goto end;
}
/* w = w^r = (mpk->g)^r in F_p^2 */
if (!BN_GFP2_exp(w, w, r, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_BN_LIB);
if (!EVP_DigestUpdate(ctx1, buf, sizeof(buf))
|| !EVP_MD_CTX_copy(ctx2, ctx1)
/* Ha1 = Hv(0x02||M||w||0x00000001) */
|| !EVP_DigestUpdate(ctx1, &ct1, 1)
|| !EVP_DigestFinal_ex(ctx1, buf, &len)
/* Ha2 = Hv(0x02||M||w||0x00000002) */
|| !EVP_DigestUpdate(ctx2, &ct2, 1)
|| !EVP_DigestFinal_ex(ctx2, buf + len, &len)) {
SM9err(SM9_F_SM9_SIGNFINAL, SM9_R_DIGEST_FAILURE);
goto end;
}
/* prepare w buf and canonical(w, order=0) */
if (!BN_GFP2_canonical(w, NULL, &size, 0, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
if (!(buf = OPENSSL_malloc(size))) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!BN_GFP2_canonical(w, buf, &size, 0, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_BN_LIB);
/* Ha = Ha1||Ha2[0..7] */
if (!BN_bin2bn(buf, 40, sig->h)
/* h = (Ha mod (n - 1)) + 1 */
|| !BN_mod(sig->h, sig->h, SM9_get0_order_minus_one(), bn_ctx)
|| !BN_add_word(sig->h, 1)
/* l = r - h */
|| !BN_mod_sub(r, r, sig->h, p, bn_ctx)) {
SM9err(SM9_F_SM9_SIGNFINAL, ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(r));
/* ret->h = H2(H(m)||w) in range defined by mpk->order */
if (!SM9_hash2(md, &ret->h, dgst, dgstlen, buf, size, mpk->order, bn_ctx)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_SM9_LIB);
goto end;
}
/* l = (r - ret->h) (mod mpk->order) */
if (!BN_mod_sub(l, r, ret->h, mpk->order, bn_ctx)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
/* if l == 0, re-generate r */
} while (BN_is_zero(l));
/* point = sk->prointPoint */
if (!EC_POINT_oct2point(group, point,
sk->privatePoint->data, sk->privatePoint->length, bn_ctx)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_EC_LIB);
/* get sk */
if (!EC_POINT_oct2point(group, S, ASN1_STRING_get0_data(sk->privatePoint),
ASN1_STRING_length(sk->privatePoint), bn_ctx)) {
SM9err(SM9_F_SM9_SIGNFINAL, SM9_R_INVALID_PRIVATE_POINT);
goto end;
}
/* S = l * sk */
len = sizeof(buf);
if (!EC_POINT_mul(group, S, NULL, S, r, bn_ctx)
|| !(len = EC_POINT_point2oct(group, S, point_form, buf, len, bn_ctx))
|| !ASN1_OCTET_STRING_set(sig->pointS, buf, len)) {
SM9err(SM9_F_SM9_SIGNFINAL, ERR_R_EC_LIB);
goto end;
}
/* sig->pointS = sk->privatePoint * l */
if (!EC_POINT_mul(group, point, NULL, point, l, bn_ctx)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!(size = EC_POINT_point2oct(group, point, point_form,
NULL, 0, bn_ctx))) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!ASN1_OCTET_STRING_set(ret->pointS, NULL, size)) {
SM9err(SM9_F_SM9_DO_SIGN_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_point2oct(group, point, point_form,
ret->pointS->data, ret->pointS->length, bn_ctx)) {
goto end;
}
e = 0;
ret = sig;
sig = NULL;
end:
if (e && ret) {
SM9Signature_free(ret);
ret = NULL;
}
if (bn_ctx) {
BN_CTX_end(bn_ctx);
}
BN_CTX_free(bn_ctx);
SM9Signature_free(sig);
EVP_MD_CTX_free(ctx2);
EC_GROUP_free(group);
EC_POINT_free(point);
BN_GFP2_free(w);
OPENSSL_free(buf);
EC_POINT_free(S);
BN_free(r);
point_cleanup(&Ppubs);
fp12_cleanup(w);
return ret;
}
int SM9_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *eng)
{
unsigned char prefix = 0x02;
if (!EVP_DigestInit_ex(ctx, md, eng)) {
SM9err(SM9_F_SM9_VERIFYINIT, ERR_R_EVP_LIB);
return 0;
}
if (!EVP_DigestUpdate(ctx, &prefix, 1)) {
SM9err(SM9_F_SM9_VERIFYINIT, ERR_R_EVP_LIB);
return 0;
}
return 1;
}
static const EVP_MD *sm9hash1_to_md(const ASN1_OBJECT *hash1obj)
{
switch (OBJ_obj2nid(hash1obj)) {
case NID_sm9hash1_with_sm3:
return EVP_sm3();
case NID_sm9hash1_with_sha256:
return EVP_sha256();
}
return NULL;
}
SM9Signature *SM9_do_sign(SM9PublicParameters *mpk,
const unsigned char *dgst, size_t dgstlen,
SM9PrivateKey *sk)
int SM9_VerifyFinal(EVP_MD_CTX *ctx1, const SM9Signature *sig, SM9PublicKey *pk)
{
if (!mpk || !dgst || dgstlen <= 0 || !sk) {
SM9err(SM9_F_SM9_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (OBJ_obj2nid(mpk->curve) == NID_type1curve) {
return SM9_do_sign_type1curve(mpk, dgst, dgstlen, sk);
}
SM9err(SM9_F_SM9_DO_SIGN, SM9_R_INVALID_CURVE);
return NULL;
}
int SM9_do_verify_type1curve_ex(SM9PublicParameters *mpk,
const unsigned char *dgst, size_t dgstlen,
const SM9Signature *sig, SM9PublicKey *pk)
{
return -1;
}
int SM9_do_verify_type1curve(SM9PublicParameters *mpk,
const unsigned char *dgst, size_t dgstlen,
const SM9Signature *sig, const char *id, size_t idlen)
{
int ret = 0;
BN_CTX *bn_ctx = NULL;
EC_GROUP *group = NULL;
EC_POINT *point = NULL;
EC_POINT *pointS = NULL;
EC_POINT *Ppub = NULL;
BN_GFP2 *t = NULL;
BN_GFP2 *u = NULL;
BN_GFP2 *w = NULL;
unsigned char *buf = NULL;
BIGNUM *h1;
BIGNUM *h2;
size_t size;
int ret = -1;
const BIGNUM *p = SM9_get0_prime();
const BIGNUM *n = SM9_get0_order();
const EVP_MD *md;
unsigned char buf[387] = {0};
unsigned int len;
const unsigned char ct1 = 0x01;
const unsigned char ct2 = 0x02;
EVP_MD_CTX *ctx2 = NULL;
EC_GROUP *group = NULL;
EC_POINT *S = NULL;
BN_CTX *bn_ctx = NULL;
BIGNUM *h = NULL;
point_t Ppubs;
point_t P;
fp12_t w;
fp12_t u;
if (!mpk || !dgst || dgstlen <= 0 || !sig || !id || idlen <= 0) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (dgstlen > EVP_MAX_MD_SIZE) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_INVALID_DIGEST);
return 0;
}
if (idlen > SM9_MAX_ID_LENGTH) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_INVALID_ID);
return 0;
}
/* BN_CTX */
if (!(bn_ctx = BN_CTX_new())) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
if (!(ctx2 = EVP_MD_CTX_new())
|| !(group = EC_GROUP_new_by_curve_name(NID_sm9bn256v1))
|| !(S = EC_POINT_new(group))
|| !(bn_ctx = BN_CTX_new())) {
SM9err(SM9_F_SM9_VERIFYFINAL, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(bn_ctx);
/* EC_GROUP */
if (!(group = EC_GROUP_new_type1curve_ex(mpk->p,
mpk->a, mpk->b, mpk->pointP1->data, mpk->pointP1->length,
mpk->order, mpk->cofactor, bn_ctx))) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_INVALID_TYPE1CURVE);
if (!(h = BN_CTX_get(bn_ctx))
|| !point_init(&Ppubs, bn_ctx)
|| !point_init(&P, bn_ctx)
|| !fp12_init(w, bn_ctx)
|| !fp12_init(u, bn_ctx)) {
SM9err(SM9_F_SM9_VERIFYFINAL, ERR_R_MALLOC_FAILURE);
goto end;
}
/* malloc */
point = EC_POINT_new(group);
pointS = EC_POINT_new(group);
Ppub = EC_POINT_new(group);
t = BN_GFP2_new();
u = BN_GFP2_new();
w = BN_GFP2_new();
h1 = BN_CTX_get(bn_ctx);
h2 = BN_CTX_get(bn_ctx);
if (!point || !pointS || !Ppub || !t || !u || !w || !h1 || !h2) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
/* check signature (h, S) */
if (BN_is_zero(sig->h) || BN_cmp(sig->h, SM9_get0_order()) >= 0) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_INVALID_SIGNATURE);
goto end;
}
if (!EC_POINT_oct2point(group, S, ASN1_STRING_get0_data(sig->pointS),
ASN1_STRING_length(sig->pointS), bn_ctx)) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_INVALID_SIGNATURE);
goto end;
}
/* md = mpk->hashfcn */
if (!(md = EVP_get_digestbyobj(mpk->hashfcn))) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_INVALID_MD);
/* g = e(P1, Ppubs) */
if (ASN1_STRING_length(pk->pointPpub) != 129
|| !point_from_octets(&Ppubs, ASN1_STRING_get0_data(pk->pointPpub), p, bn_ctx)) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_INVALID_POINTPPUB);
goto end;
}
if (!rate_pairing(w, &Ppubs, EC_GROUP_get0_generator(group), bn_ctx)) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_PAIRING_ERROR);
goto end;
}
/* check sig->h in [1, mpk->order - 1] */
//FIXME: do we need to check sig->h > 0 ?
if (BN_is_zero(sig->h) || BN_cmp(sig->h, mpk->order) >= 0) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_INVALID_SIGNATURE);
/* t = g^(sig->h) */
if (!fp12_pow(w, w, sig->h, p, bn_ctx)) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_EXTENSION_FIELD_ERROR);
goto end;
}
/* pointS = sig->pointS */
if (!EC_POINT_oct2point(group, pointS,
sig->pointS->data, sig->pointS->length, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_INVALID_SIGNATURE);
/* h1 = H1(ID||hid, N) */
if (!(md = sm9hash1_to_md(pk->hash1))) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_INVALID_HASH1);
goto end;
}
if (!SM9_hash1(md, &h, (const char *)ASN1_STRING_get0_data(pk->identity),
ASN1_STRING_length(pk->identity), SM9_HID_SIGN, n, bn_ctx)) {
SM9err(SM9_F_SM9_VERIFYFINAL, ERR_R_SM9_LIB);
goto end;
}
/* decode t from mpk->g in F_p^2 */
if (!BN_bn2gfp2(mpk->g1, t, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_BN_LIB);
/* P = h1 * P2 + Ppubs */
if (!point_mul_generator(&P, h, p, bn_ctx)
|| !point_add(&P, &P, &Ppubs, p, bn_ctx)
/* u = e(sig->S, P) */
|| !rate_pairing(u, &P, S, bn_ctx)
/* w = u * t */
|| !fp12_mul(w, u, w, p, bn_ctx)
|| !fp12_to_bin(w, buf)) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_EXTENSION_FIELD_ERROR);
goto end;
}
/* t = t^(sig->h) = (mpk->g)^(sig->h) in F_p^2 */
if (!BN_GFP2_exp(t, t, sig->h, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_BN_LIB);
/* h2 = H2(M||w) mod n */
if (!EVP_DigestUpdate(ctx1, buf, sizeof(buf))
|| !EVP_MD_CTX_copy(ctx2, ctx1)
/* Ha1 = Hv(0x02||M||w||0x00000001) */
|| !EVP_DigestUpdate(ctx1, &ct1, 1)
/* Ha2 = Hv(0x02||M||w||0x00000002) */
|| !EVP_DigestUpdate(ctx2, &ct2, 1)
|| !EVP_DigestFinal_ex(ctx1, buf, &len)
|| !EVP_DigestFinal_ex(ctx2, buf + len, &len)) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_DIGEST_FAILURE);
goto end;
}
/* h1 = H1(ID||hid) to range [0, mpk->order) */
if (!SM9_hash1(md, &h1, id, idlen, SM9_HID_SIGN, mpk->order, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_SM9_LIB);
goto end;
}
/* point = mpk->pointP2 * h1 + mpk->pointPpub */
if (!EC_POINT_mul(group, point, h1, NULL, NULL, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_oct2point(group, Ppub,
mpk->pointPpub->data, mpk->pointPpub->length, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_INVALID_TYPE1CURVE);
goto end;
}
if (!EC_POINT_add(group, point, point, Ppub, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_EC_LIB);
goto end;
}
/* u = e(sig->pointS, point) in F_p^2 */
if (!EC_type1curve_tate(group, u, pointS, point, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_COMPUTE_PAIRING_FAILURE);
goto end;
}
/* w = u * t in F_p^2 */
if (!BN_GFP2_mul(w, u, t, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
/* buf = canonical(w) */
if (!BN_GFP2_canonical(w, NULL, &size, 0, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
if (!(buf = OPENSSL_malloc(size))) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!BN_GFP2_canonical(w, buf, &size, 0, mpk->p, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
/* h2 = H2(M||w) in [0, mpk->order - 1] */
if (!SM9_hash2(md, &h2, dgst, dgstlen, buf, size, mpk->order, bn_ctx)) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_HASH_FAILURE);
/* Ha = Ha1||Ha2[0..7] */
if (!BN_bin2bn(buf, 40, h)
/* h2 = (Ha mod (n - 1)) + 1 */
|| !BN_mod(h, h, SM9_get0_order_minus_one(), bn_ctx)
|| !BN_add_word(h, 1)) {
SM9err(SM9_F_SM9_VERIFYFINAL, ERR_R_BN_LIB);
goto end;
}
/* check if h2 == sig->h */
if (BN_cmp(h2, sig->h) != 0) {
SM9err(SM9_F_SM9_DO_VERIFY_TYPE1CURVE, SM9_R_INVALID_SIGNATURE);
goto end;
if (BN_cmp(h, sig->h) != 0) {
SM9err(SM9_F_SM9_VERIFYFINAL, SM9_R_VERIFY_FAILURE);
ret = 0;
}
//FIXME: return value of sig verify
ret = 1;
end:
EVP_MD_CTX_free(ctx2);
EC_GROUP_free(group);
EC_POINT_free(S);
BN_free(h);
point_cleanup(&Ppubs);
point_cleanup(&P);
fp12_cleanup(w);
fp12_cleanup(u);
if (bn_ctx) {
BN_CTX_end(bn_ctx);
}
BN_CTX_free(bn_ctx);
EC_GROUP_free(group);
EC_POINT_free(point);
EC_POINT_free(pointS);
EC_POINT_free(Ppub);
BN_GFP2_free(t);
BN_GFP2_free(u);
BN_GFP2_free(w);
OPENSSL_free(buf);
return ret;
BN_CTX_free(bn_ctx);
return ret;
}
int SM9_do_verify_ex(SM9PublicParameters *mpk,
const unsigned char *dgst, size_t dgstlen,
const SM9Signature *sig, SM9PublicKey *pk)
{
return -1;
}
int SM9_do_verify(SM9PublicParameters *mpk,
const unsigned char *dgst, size_t dgstlen,
const SM9Signature *sig, const char *id, size_t idlen)
{
if (!mpk || !dgst || dgstlen <= 0 || !sig || !id || idlen <= 0) {
SM9err(SM9_F_SM9_DO_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (OBJ_obj2nid(mpk->curve) == NID_type1curve) {
return SM9_do_verify_type1curve(mpk, dgst, dgstlen, sig, id, idlen);
}
SM9err(SM9_F_SM9_DO_VERIFY, SM9_R_INVALID_CURVE);
return 0;
}
int SM9PublicParmeters_get_signature_size(void *a, void *b)
{
return 0;
}
int SM9_sign(SM9PublicParameters *mpk, const unsigned char *dgst,
size_t dgstlen, unsigned char *sig, size_t *siglen,
int SM9_sign(int type, /* NID_[sm3 | sha256] */
const unsigned char *data, size_t datalen,
unsigned char *sig, size_t *siglen,
SM9PrivateKey *sk)
{
int ret = 0;
SM9Signature *sigobj = NULL;
unsigned char *p;
size_t sigsiz;
EVP_MD_CTX *ctx = NULL;
SM9Signature *sm9sig = NULL;
const EVP_MD *md;
int len;
if (!mpk || !dgst || !siglen || !sk) {
SM9err(SM9_F_SM9_SIGN, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (dgstlen <= 0 || dgstlen > EVP_MAX_MD_SIZE) {
SM9err(SM9_F_SM9_SIGN, SM9_R_INVALID_DIGEST_LENGTH);
if (!(md = EVP_get_digestbynid(type))
|| EVP_MD_size(md) != EVP_MD_size(EVP_sm3())) {
SM9err(SM9_F_SM9_SIGN, SM9_R_INVALID_HASH2_DIGEST);
return 0;
}
/* compute output signature size */
if (!SM9PublicParmeters_get_signature_size(mpk, &sigsiz)) {
SM9err(SM9_F_SM9_SIGN, ERR_R_SM9_LIB);
if (!(ctx = EVP_MD_CTX_new())) {
SM9err(SM9_F_SM9_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!sig) {
*siglen = sigsiz;
return 1;
}
if (*siglen < sigsiz) {
SM9err(SM9_F_SM9_SIGN, SM9_R_BUFFER_TOO_SMALL);
return 0;
}
/* do_sign */
if (!(sigobj = SM9_do_sign(mpk, dgst, dgstlen, sk))) {
SM9err(SM9_F_SM9_SIGN, ERR_R_SM9_LIB);
return 0;
}
p = sig;
if (i2d_SM9Signature(sigobj, &p) < 0) {
if (!SM9_SignInit(ctx, md, NULL)
|| !SM9_SignUpdate(ctx, data, datalen)
|| !(sm9sig = SM9_SignFinal(ctx, sk))) {
SM9err(SM9_F_SM9_SIGN, ERR_R_SM9_LIB);
goto end;
}
*siglen = p - sig;
if ((len = i2d_SM9Signature(sm9sig, &sig)) <= 0) {
SM9err(SM9_F_SM9_SIGN, ERR_R_SM9_LIB);
goto end;
}
*siglen = len;
ret = 1;
end:
SM9Signature_free(sigobj);
end:
EVP_MD_CTX_free(ctx);
SM9Signature_free(sm9sig);
return ret;
}
int SM9_verify_ex(SM9PublicParameters *mpk, const unsigned char *dgst,
size_t dgstlen, const unsigned char *sig, size_t siglen,
SM9PublicKey *pk)
{
return -1;
}
int SM9_verify(SM9PublicParameters *mpk, const unsigned char *dgst,
size_t dgstlen, const unsigned char *sig, size_t siglen,
const char *id, size_t idlen)
int SM9_verify(int type, /* NID_[sm3 | sha256] */
const unsigned char *data, size_t datalen,
const unsigned char *sig, size_t siglen,
SM9PublicParameters *mpk, const char *id, size_t idlen)
{
int ret = -1;
SM9Signature *sigobj = NULL;
const unsigned char *p;
EVP_MD_CTX *ctx = NULL;
SM9Signature *sm9sig = NULL;
SM9PublicKey *pk = NULL;
const EVP_MD *md;
if (!mpk || !dgst || !sig || !id) {
SM9err(SM9_F_SM9_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (dgstlen <= 0 || dgstlen > EVP_MAX_MD_SIZE) {
SM9err(SM9_F_SM9_VERIFY, SM9_R_INVALID_DIGEST_LENGTH);
return 0;
}
if (idlen <= 0 || idlen > SM9_MAX_ID_LENGTH || strlen(id) != idlen) {
SM9err(SM9_F_SM9_VERIFY, SM9_R_INVALID_ID_LENGTH);
return 0;
if (!(md = EVP_get_digestbynid(type))
|| EVP_MD_size(md) != EVP_MD_size(EVP_sm3())) {
SM9err(SM9_F_SM9_VERIFY, SM9_R_INVALID_HASH2_DIGEST);
return -1;
}
p = sig;
if (!(sigobj = d2i_SM9Signature(NULL, &p, siglen))) {
if (!(sm9sig = d2i_SM9Signature(NULL, &sig, siglen))
|| i2d_SM9Signature(sm9sig, NULL) != siglen) {
SM9err(SM9_F_SM9_VERIFY, SM9_R_INVALID_SIGNATURE_FORMAT);
goto end;
}
if (!(pk = SM9_extract_public_key(mpk, id, idlen))) {
SM9err(SM9_F_SM9_VERIFY, ERR_R_SM9_LIB);
goto end;
}
ret = SM9_do_verify(mpk, dgst, dgstlen, sigobj, id, idlen);
if (!SM9_VerifyInit(ctx, md, NULL)
|| !SM9_VerifyUpdate(ctx, data, datalen)
|| (ret = SM9_VerifyFinal(ctx, sm9sig, pk)) < 0) {
SM9err(SM9_F_SM9_VERIFY, ERR_R_SM9_LIB);
goto end;
}
end:
SM9Signature_free(sigobj);
EVP_MD_CTX_free(ctx);
SM9Signature_free(sm9sig);
SM9PublicKey_free(pk);
return ret;
}