From d7a96e3ba1bb13bcddb0fb30db4d920a5b37aded Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Mon, 23 May 2022 09:42:08 +0800 Subject: [PATCH] Update Public API --- demos/sm9demo.sh | 12 + include/gmssl/base64.h | 14 + include/gmssl/rand.h | 6 + include/gmssl/sdf.h | 17 + include/gmssl/skf.h | 36 ++ include/gmssl/sm2.h | 36 +- include/gmssl/sm3.h | 19 + include/gmssl/sm4.h | 31 +- include/gmssl/sm9.h | 816 +++++++++++++++++++++------------------ include/gmssl/version.h | 7 + include/gmssl/x509.h | 32 ++ include/gmssl/x509_crl.h | 8 + include/gmssl/x509_req.h | 11 + include/gmssl/zuc.h | 27 +- src/asn1.c | 3 - src/sm4_modes.c | 3 - src/sm9_alg.c | 458 ++++++++++++++-------- src/sm9_key.c | 104 ++--- src/sm9_lib.c | 68 ++-- tests/sm9test.c | 475 +++++++++++++---------- tools/sm2encrypt.c | 2 +- tools/sm9decrypt.c | 2 +- tools/sm9encrypt.c | 7 +- tools/sm9sign.c | 14 +- tools/sm9verify.c | 9 +- 25 files changed, 1361 insertions(+), 856 deletions(-) create mode 100755 demos/sm9demo.sh diff --git a/demos/sm9demo.sh b/demos/sm9demo.sh new file mode 100755 index 00000000..7c03d718 --- /dev/null +++ b/demos/sm9demo.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +gmssl sm9setup -alg sm9sign -pass 1234 -out sign_msk.pem -pubout sign_mpk.pem +gmssl sm9keygen -alg sm9sign -in sign_msk.pem -inpass 1234 -id alice -out alice.pem -outpass 1234 +echo hello | gmssl sm9sign -key alice.pem -pass 1234 -out hello.sig +echo hello | gmssl sm9verify -pubmaster sign_mpk.pem -id alice -sig hello.sig + +gmssl sm9setup -alg sm9encrypt -pass 1234 -out enc_msk.pem -pubout enc_mpk.pem +gmssl sm9keygen -alg sm9encrypt -in enc_msk.pem -inpass 1234 -id bob -out bob.pem -outpass 1234 +echo hello | ./gmssl sm9encrypt -pubmaster enc_mpk.pem -id bob -out hello.der +gmssl sm9decrypt -key bob.pem -pass 1234 -id bob -in hello.der + diff --git a/include/gmssl/base64.h b/include/gmssl/base64.h index ec45d08a..564fdef4 100644 --- a/include/gmssl/base64.h +++ b/include/gmssl/base64.h @@ -57,6 +57,20 @@ extern "C" { #endif +/* +BASE64 Public API + + BASE64_CTX + base64_encode_init + base64_encode_update + base64_encode_finish + base64_decode_init + base64_decode_update + base64_decode_finish + +*/ + + typedef struct { /* number saved in a partial encode/decode */ int num; diff --git a/include/gmssl/rand.h b/include/gmssl/rand.h index be1df5af..6a54d8e1 100644 --- a/include/gmssl/rand.h +++ b/include/gmssl/rand.h @@ -57,6 +57,12 @@ extern "C" { #endif +/* +Rand Public API + + rand_bytes + +*/ int rand_bytes(uint8_t *buf, size_t buflen); diff --git a/include/gmssl/sdf.h b/include/gmssl/sdf.h index d98c5760..96e1c330 100644 --- a/include/gmssl/sdf.h +++ b/include/gmssl/sdf.h @@ -58,6 +58,23 @@ extern "C" { #endif +/* +SDF Public API + + sdf_load_library + sdf_unload_library + + SDF_DEVICE + sdf_open_device + sdf_close_device + sdf_print_device_info + sdf_rand_bytes + sdf_load_sign_key + + SDF_KEY + sdf_sign + sdf_release_key +*/ typedef struct { void *handle; diff --git a/include/gmssl/skf.h b/include/gmssl/skf.h index d571bf9f..5424f69b 100644 --- a/include/gmssl/skf.h +++ b/include/gmssl/skf.h @@ -60,6 +60,42 @@ extern "C" { #endif +/* +SKF Public API + + skf_load_library + skf_unload_library + skf_list_devices + skf_print_device_info + + SKF_DEVICE + skf_open_device + skf_close_deivce + skf_set_label + skf_change_authkey + skf_list_apps + skf_create_app + skf_delete_app + skf_change_app_admin_pin + skf_change_app_user_pin + skf_unblock_user_pin + skf_list_objects + skf_import_object + skf_export_object + skf_delete_object + skf_list_containers + skf_create_container + skf_delete_container + skf_import_sign_cert + skf_export_sign_cert + skf_rand_bytes + skf_load_sign_key + + SKF_KEY + skf_sign + skf_release_key +*/ + typedef struct { void *handle; char manufacturer[65]; diff --git a/include/gmssl/sm2.h b/include/gmssl/sm2.h index 1af9055b..fa78ac2f 100644 --- a/include/gmssl/sm2.h +++ b/include/gmssl/sm2.h @@ -60,7 +60,40 @@ extern "C" { #endif -// 比较重要的是哪些是公开接口,公开接口应该做完整的参数检查 +/* +SM2 Public API + + SM2_DEFAULT_ID + SM2_MAX_ID_LENGTH + SM2_MAX_SIGNATURE_SIZE + SM2_MAX_PLAINTEXT_SIZE + SM2_MAX_CIPHERTEXT_SIZE + + SM2_KEY + sm2_key_generate + sm2_private_key_info_encrypt_to_der + sm2_private_key_info_decrypt_from_der + sm2_private_key_info_encrypt_to_pem + sm2_private_key_info_decrypt_from_pem + sm2_public_key_info_to_der + sm2_public_key_info_from_der + sm2_public_key_info_to_pem + sm2_public_key_info_from_pem + + sm2_sign + sm2_verify + sm2_encrypt + sm2_decrypt + sm2_ecdh + + SM2_SIGN_CTX + sm2_sign_init + sm2_sign_update + sm2_sign_finish + sm2_verify_init + sm2_verify_update + sm2_verify_finish +*/ typedef uint64_t SM2_BN[8]; @@ -212,6 +245,7 @@ typedef struct { uint8_t private_key[32]; } SM2_KEY; + int sm2_key_generate(SM2_KEY *key); int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // 自动生成公钥 int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // 自动清空私钥,不要和set_private_key同时用 diff --git a/include/gmssl/sm3.h b/include/gmssl/sm3.h index cacc75ae..a9ae468c 100644 --- a/include/gmssl/sm3.h +++ b/include/gmssl/sm3.h @@ -56,6 +56,25 @@ extern "C" { #endif +/* +SM3 Public API + + SM3_DIGEST_SIZE + SM3_HMAC_SIZE + + SM3_CTX + sm3_init + sm3_update + sm3_finish + + SM3_HMAC_CTX + sm3_hmac_init + sm3_hmac_update + sm3_hmac_finish + + sm3_digest + sm3_hmac +*/ #define SM3_IS_BIG_ENDIAN 1 diff --git a/include/gmssl/sm4.h b/include/gmssl/sm4.h index 1ffdd35e..31b2f916 100644 --- a/include/gmssl/sm4.h +++ b/include/gmssl/sm4.h @@ -57,6 +57,29 @@ extern "C" { #endif +/* +SM4 Public API + + SM4_KEY_SIZE + SM4_BLOCK_SIZE + + SM4_CBC_CTX + sm4_cbc_encrypt_init + sm4_cbc_encrypt_update + sm4_cbc_encrypt_finish + sm4_cbc_decrypt_init + sm4_cbc_decrypt_update + sm4_cbc_decrypt_finish + + SM4_CTR_CTX + sm4_ctr_encrypt_init + sm4_ctr_encrypt_update + sm4_ctr_encrypt_finish + sm4_ctr_decrypt_init + sm4_ctr_decrypt_update + sm4_ctr_decrypt_finish +*/ + #define SM4_KEY_SIZE (16) #define SM4_BLOCK_SIZE (16) #define SM4_NUM_ROUNDS (32) @@ -106,8 +129,6 @@ int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen, const uint8_t *tag, size_t taglen, uint8_t *out); -// Public API - typedef struct { SM4_KEY sm4_key; uint8_t iv[SM4_BLOCK_SIZE]; @@ -115,11 +136,11 @@ typedef struct { size_t block_nbytes; } SM4_CBC_CTX; -int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]); +int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]); int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen); -int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]); +int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]); int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen); @@ -131,7 +152,7 @@ typedef struct { size_t block_nbytes; } SM4_CTR_CTX; -int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]); +int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]); int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen); diff --git a/include/gmssl/sm9.h b/include/gmssl/sm9.h index 637edc58..d8aa241f 100644 --- a/include/gmssl/sm9.h +++ b/include/gmssl/sm9.h @@ -51,6 +51,7 @@ #include #include #include +#include #ifndef GMSSL_SM9_H @@ -60,99 +61,171 @@ extern "C" { #endif +/* +SM9 Public API + + SM9_SIGNATURE_SIZE + SM9_MAX_PLAINTEXT_SIZE + SM9_MAX_CIPHERTEXT_SIZE + + SM9_SIGN_MASTER_KEY + sm9_sign_master_key_generate + sm9_sign_master_key_extract_key + sm9_sign_master_key_info_encrypt_to_der + sm9_sign_master_key_info_decrypt_from_der + sm9_sign_master_key_info_encrypt_to_pem + sm9_sign_master_key_info_decrypt_from_pem + sm9_sign_master_public_key_to_der + sm9_sign_master_public_key_from_der + sm9_sign_master_public_key_to_pem + sm9_sign_master_public_key_from_pem + + SM9_SIGN_KEY + sm9_sign_key_info_encrypt_to_der + sm9_sign_key_info_decrypt_from_der + sm9_sign_key_info_encrypt_to_pem + sm9_sign_key_info_decrypt_from_pem + + SM9_SIGN_CTX + sm9_sign_init + sm9_sign_update + sm9_sign_finish + sm9_verify_init + sm9_verify_update + sm9_verify_finish + + SM9_ENC_MASTER_KEY + sm9_enc_master_key_generate + sm9_enc_master_key_extract_key + sm9_enc_master_key_info_encrypt_to_der + sm9_enc_master_key_info_decrypt_from_der + sm9_enc_master_key_info_encrypt_to_pem + sm9_enc_master_key_info_decrypt_from_pem + sm9_enc_master_public_key_to_der + sm9_enc_master_public_key_from_der + sm9_enc_master_public_key_to_pem + sm9_enc_master_public_key_from_pem + + SM9_ENC_KEY + sm9_enc_key_info_encrypt_to_der + sm9_enc_key_info_decrypt_from_der + sm9_enc_key_info_encrypt_to_pem + sm9_enc_key_info_decrypt_from_pem + + sm9_encrypt + sm9_decrypt +*/ + +#define SM9_HEX_SEP '\n' + typedef uint64_t sm9_bn_t[8]; -typedef sm9_bn_t sm9_fp_t; -typedef sm9_bn_t sm9_fn_t; -typedef uint64_t sm9_barrett_bn_t[9]; -typedef sm9_fp_t sm9_fp2_t[2]; -typedef sm9_fp2_t sm9_fp4_t[2]; -typedef sm9_fp4_t sm9_fp12_t[3]; - -typedef struct { - sm9_fp_t X; - sm9_fp_t Y; - sm9_fp_t Z; -} sm9_point_t; - -typedef struct { - sm9_fp2_t X; - sm9_fp2_t Y; - sm9_fp2_t Z; -} sm9_twist_point_t; - - -// FIXME: 公开的参数值应该是序列化之后的 +extern const sm9_bn_t SM9_ZERO; +extern const sm9_bn_t SM9_ONE; extern const sm9_bn_t SM9_P; extern const sm9_bn_t SM9_N; -extern const sm9_point_t *SM9_P1; -extern const sm9_twist_point_t *SM9_P2; -extern const sm9_twist_point_t *SM9_Ppubs; +#define sm9_bn_init(r) sm9_bn_set_zero(r) +#define sm9_bn_clean(r) sm9_bn_set_zero(r) +#define sm9_bn_set_zero(r) sm9_bn_copy((r), SM9_ZERO) +#define sm9_bn_set_one(r) sm9_bn_copy((r), SM9_ONE) +#define sm9_bn_is_zero(a) (sm9_bn_cmp((a), SM9_ZERO) == 0) +#define sm9_bn_is_one(a) (sm9_bn_cmp((a), SM9_ONE) == 0) -#define sm9_bn_init(r) memset((r),0,sizeof(sm9_bn_t)) -#define sm9_bn_clean(r) memset((r),0,sizeof(sm9_bn_t)) -#define sm9_bn_set_zero(r) memset((r),0,sizeof(sm9_bn_t)) -#define sm9_bn_set_one(r) memcpy((r),&SM9_ONE,sizeof(sm9_bn_t)) -#define sm9_bn_copy(r,a) memcpy((r),(a),sizeof(sm9_bn_t)) -#define sm9_bn_is_zero(a) (memcmp((a),&SM9_ZERO, sizeof(sm9_bn_t)) == 0) -#define sm9_bn_is_one(a) (memcmp((a),&SM9_ONE, sizeof(sm9_bn_t)) == 0) - -void sm9_bn_to_bytes(const sm9_bn_t a, uint8_t out[32]); -void sm9_bn_from_bytes(sm9_bn_t r, const uint8_t in[32]); -int sm9_bn_from_hex(sm9_bn_t r, const char hex[65]); -void sm9_bn_to_hex(const sm9_bn_t a, char hex[65]); -void sm9_print_bn(const char *prefix, const sm9_bn_t a); -void sm9_bn_to_bits(const sm9_bn_t a, char bits[256]); - -int sm9_bn_cmp(const sm9_bn_t a, const sm9_bn_t b); -int sm9_bn_equ_hex(const sm9_bn_t a, const char *hex); void sm9_bn_set_word(sm9_bn_t r, uint32_t a); +void sm9_bn_copy(sm9_bn_t r, const sm9_bn_t a); +int sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range); +int sm9_bn_equ(const sm9_bn_t a, const sm9_bn_t b); +int sm9_bn_cmp(const sm9_bn_t a, const sm9_bn_t b); void sm9_bn_add(sm9_bn_t r, const sm9_bn_t a, const sm9_bn_t b); void sm9_bn_sub(sm9_bn_t ret, const sm9_bn_t a, const sm9_bn_t b); -void sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range); +void sm9_bn_to_bits(const sm9_bn_t a, char bits[256]); +void sm9_bn_to_bytes(const sm9_bn_t a, uint8_t out[32]); +void sm9_bn_from_bytes(sm9_bn_t r, const uint8_t in[32]); +void sm9_bn_to_hex(const sm9_bn_t a, char hex[64]); +int sm9_bn_from_hex(sm9_bn_t r, const char hex[64]); +int sm9_bn_print(FILE *fp, int fmt, int ind, const char *label, const sm9_bn_t a); +void sm9_print_bn(const char *prefix, const sm9_bn_t a); // 标准打印格式 -#define sm9_fp_init(a) sm9_bn_init(a) -#define sm9_fp_clean(a) sm9_bn_clean(a) + +typedef sm9_bn_t sm9_fp_t; + +#define sm9_fp_init(r) sm9_fp_set_zero(r) +#define sm9_fp_clean(f) sm9_fp_set_zero(r) +#define sm9_fp_set_zero(r) sm9_bn_set_zero(r) +#define sm9_fp_set_one(r) sm9_bn_set_one(r) +#define sm9_fp_copy(r,a) sm9_bn_copy((r),(a)) +#define sm9_fp_rand(r) sm9_bn_rand_range((r), SM9_P) #define sm9_fp_is_zero(a) sm9_bn_is_zero(a) #define sm9_fp_is_one(a) sm9_bn_is_one(a) -#define sm9_fp_set_zero(a) sm9_bn_set_zero(a) -#define sm9_fp_set_one(a) sm9_bn_set_one(a) -#define sm9_fp_from_hex(a,s) sm9_bn_from_hex((a),(s)) +#define sm9_fp_equ(a,b) sm9_bn_equ((a),(b)) +#define sm9_fp_to_bytes(a,buf) sm9_bn_to_bytes((a),(buf)) #define sm9_fp_to_hex(a,s) sm9_bn_to_hex((a),(s)) -#define sm9_fp_copy(r,a) sm9_bn_copy((r),(a)) +#define sm9_fp_print(fp,fmt,ind,label,a) sm9_bn_print(fp,fmt,ind,label,a) -int sm9_fp_equ(const sm9_fp_t a, const sm9_fp_t b); void sm9_fp_add(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); void sm9_fp_sub(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); void sm9_fp_dbl(sm9_fp_t r, const sm9_fp_t a); void sm9_fp_tri(sm9_fp_t r, const sm9_fp_t a); -void sm9_fp_div2(sm9_fp_t r, const sm9_fp_t a); void sm9_fp_neg(sm9_fp_t r, const sm9_fp_t a); void sm9_fp_mul(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); void sm9_fp_sqr(sm9_fp_t r, const sm9_fp_t a); void sm9_fp_pow(sm9_fp_t r, const sm9_fp_t a, const sm9_bn_t e); void sm9_fp_inv(sm9_fp_t r, const sm9_fp_t a); +void sm9_fp_div2(sm9_fp_t r, const sm9_fp_t a); +int sm9_fp_from_bytes(sm9_fp_t r, const uint8_t buf[32]); +int sm9_fp_from_hex(sm9_fp_t r, const char hex[64]); -int sm9_barrett_bn_cmp(const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); + +typedef sm9_bn_t sm9_fn_t; + +#define sm9_fn_init(r) sm9_fn_set_zero(r) +#define sm9_fn_clean(f) sm9_fn_set_zero(r) +#define sm9_fn_set_zero(r) sm9_bn_set_zero(r) +#define sm9_fn_set_one(r) sm9_bn_set_one(r) +#define sm9_fn_copy(r,a) sm9_bn_copy((r),(a)) +#define sm9_fn_rand(r) sm9_bn_rand_range((r), SM9_N) +#define sm9_fn_is_zero(a) sm9_bn_is_zero(a) +#define sm9_fn_is_one(a) sm9_bn_is_one(a) +#define sm9_fn_equ(a,b) sm9_bn_equ((a),(b)) +#define sm9_fn_to_bytes(a,out) sm9_bn_to_bytes((a),(out)) +#define sm9_fn_to_hex(a,s) sm9_bn_to_hex((a),(s)) +#define sm9_fn_print(fp,fmt,ind,label,a) sm9_bn_print(fp,fmt,ind,label,a) + +void sm9_fn_add(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); +void sm9_fn_sub(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); +void sm9_fn_mul(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); +void sm9_fn_pow(sm9_fn_t r, const sm9_fn_t a, const sm9_bn_t e); +void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a); +void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]); +int sm9_fn_from_bytes(sm9_fn_t a, const uint8_t in[32]); +int sm9_fn_from_hex(sm9_fn_t r, const char hex[64]); + + +typedef uint64_t sm9_barrett_bn_t[9]; + +int sm9_barrett_bn_cmp(const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); void sm9_barrett_bn_add(sm9_barrett_bn_t r, const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); void sm9_barrett_bn_sub(sm9_barrett_bn_t ret, const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); -#define sm9_fp2_init(a) memset((a), 0, sizeof(sm9_fp2_t)) -#define sm9_fp2_clean(a) memset((a), 0, sizeof(sm9_fp2_t)) -#define sm9_fp2_is_zero(a) (memcmp((a), &SM9_FP2_ZERO, sizeof(sm9_fp2_t)) == 0) -#define sm9_fp2_is_one(a) (memcmp((a), &SM9_FP2_ONE, sizeof(sm9_fp2_t)) == 0) -#define sm9_fp2_copy(r,a) memcpy((r), (a), sizeof(sm9_fp2_t)) -#define sm9_fp2_equ(a,b) (memcmp((a),(b),sizeof(sm9_fp2_t)) == 0) -void sm9_fp2_from_hex(sm9_fp2_t r, const char hex[65 * 2]); -void sm9_fp2_to_hex(const sm9_fp2_t a, char hex[65 * 2]); -void sm9_fp2_print(const char *prefix, const sm9_fp2_t a); -#define sm9_fp2_set_zero(a) memset((a), 0, sizeof(sm9_fp2_t)) -#define sm9_fp2_set_one(a) memcpy((a), &SM9_FP2_ONE, sizeof(sm9_fp2_t)) +typedef sm9_fp_t sm9_fp2_t[2]; +extern const sm9_fp2_t SM9_FP2_ZERO; +extern const sm9_fp2_t SM9_FP2_ONE; +extern const sm9_fp2_t SM9_FP2_U; + +#define sm9_fp2_init(a) sm9_fp2_set_zero(a) +#define sm9_fp2_clean(a) sm9_fp2_set_zero(a) +#define sm9_fp2_set_zero(a) sm9_fp2_copy((a), SM9_FP2_ZERO) +#define sm9_fp2_set_one(a) sm9_fp2_copy((a), SM9_FP2_ONE) +#define sm9_fp2_set_u(a) sm9_fp2_copy((a), SM9_FP2_U) +#define sm9_fp2_is_zero(a) sm9_fp2_equ((a), SM9_FP2_ZERO) +#define sm9_fp2_is_one(a) sm9_fp2_equ((a), SM9_FP2_ONE) + void sm9_fp2_set_fp(sm9_fp2_t r, const sm9_fp_t a); -#define sm9_fp2_set_u(a) memcpy((a), &SM9_FP2_U, sizeof(sm9_fp2_t)) void sm9_fp2_set(sm9_fp2_t r, const sm9_fp_t a0, const sm9_fp_t a1); - +void sm9_fp2_copy(sm9_fp2_t r, const sm9_fp2_t a); +int sm9_fp2_rand(sm9_fp2_t r); +int sm9_fp2_equ(const sm9_fp2_t a, const sm9_fp2_t b); void sm9_fp2_add(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); void sm9_fp2_dbl(sm9_fp2_t r, const sm9_fp2_t a); void sm9_fp2_tri(sm9_fp2_t r, const sm9_fp2_t a); @@ -166,24 +239,32 @@ void sm9_fp2_sqr_u(sm9_fp2_t r, const sm9_fp2_t a); void sm9_fp2_inv(sm9_fp2_t r, const sm9_fp2_t a); void sm9_fp2_div(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); void sm9_fp2_div2(sm9_fp2_t r, const sm9_fp2_t a); +void sm9_fp2_to_hex(const sm9_fp2_t a, char hex[129]); +int sm9_fp2_from_hex(sm9_fp2_t r, const char hex[129]); +int sm9_fp2_print(FILE *fp, int fmt, int ind, const char *label, const sm9_fp2_t a); -#define sm9_fp4_init(r) memcpy((r), &SM9_FP4_ZERO, sizeof(sm9_fp4_t)) -#define sm9_fp4_clean(r) memcpy((r), &SM9_FP4_ZERO, sizeof(sm9_fp4_t)) -#define sm9_fp4_set_zero(r) memcpy((r), &SM9_FP4_ZERO, sizeof(sm9_fp4_t)) -#define sm9_fp4_set_one(r) memcpy((r), &SM9_FP4_ONE, sizeof(sm9_fp4_t)) -#define sm9_fp4_is_zero(a) (memcmp((a), &SM9_FP4_ZERO, sizeof(sm9_fp4_t)) == 0) -#define sm9_fp4_is_one(a) (memcmp((a), &SM9_FP4_ONE, sizeof(sm9_fp4_t)) == 0) -#define sm9_fp4_equ(a,b) (memcmp((a), (b), sizeof(sm9_fp4_t)) == 0) -#define sm9_fp4_copy(r,a) memcpy((r), (a), sizeof(sm9_fp4_t)) -void sm9_fp4_from_hex(sm9_fp4_t r, const char hex[65 * 4]); -void sm9_fp4_to_hex(const sm9_fp4_t a, char hex[65 * 4]); +typedef sm9_fp2_t sm9_fp4_t[2]; +extern const sm9_fp4_t SM9_FP4_ZERO; +extern const sm9_fp4_t SM9_FP4_ONE; +extern const sm9_fp4_t SM9_FP4_U; +extern const sm9_fp4_t SM9_FP4_V; + +#define sm9_fp4_init(a) sm9_fp4_set_zero(a) +#define sm9_fp4_clean(a) sm9_fp4_set_zero(a) +#define sm9_fp4_set_zero(a) sm9_fp4_copy((a), SM9_FP4_ZERO) +#define sm9_fp4_set_one(a) sm9_fp4_copy((a), SM9_FP4_ONE) +#define sm9_fp4_is_zero(a) sm9_fp4_equ((a), SM9_FP4_ZERO) +#define sm9_fp4_is_one(a) sm9_fp4_equ((a), SM9_FP4_ONE) + +void sm9_fp4_set_u(sm9_fp4_t r); +void sm9_fp4_set_v(sm9_fp4_t r); void sm9_fp4_set_fp(sm9_fp4_t r, const sm9_fp_t a); void sm9_fp4_set_fp2(sm9_fp4_t r, const sm9_fp2_t a); void sm9_fp4_set(sm9_fp4_t r, const sm9_fp2_t a0, const sm9_fp2_t a1); -void sm9_fp4_set_u(sm9_fp4_t r); -void sm9_fp4_set_v(sm9_fp4_t r); - +void sm9_fp4_copy(sm9_fp4_t r, const sm9_fp4_t a); +int sm9_fp4_rand(sm9_fp4_t r); +int sm9_fp4_equ(const sm9_fp4_t a, const sm9_fp4_t b); void sm9_fp4_add(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); void sm9_fp4_dbl(sm9_fp4_t r, const sm9_fp4_t a); void sm9_fp4_sub(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); @@ -195,28 +276,32 @@ void sm9_fp4_mul_v(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); void sm9_fp4_sqr(sm9_fp4_t r, const sm9_fp4_t a); void sm9_fp4_sqr_v(sm9_fp4_t r, const sm9_fp4_t a); void sm9_fp4_inv(sm9_fp4_t r, const sm9_fp4_t a); +void sm9_fp4_to_bytes(const sm9_fp4_t a, uint8_t buf[128]); +int sm9_fp4_from_bytes(sm9_fp4_t r, const uint8_t buf[128]); +void sm9_fp4_to_hex(const sm9_fp4_t a, char hex[259]); +int sm9_fp4_from_hex(sm9_fp4_t r, const char hex[259]); -#define sm9_fp12_init(r) memset((r), 0, sizeof(sm9_fp12_t)) -#define sm9_fp12_clean(r) memset((r), 0, sizeof(sm9_fp12_t)) -#define sm9_fp12_set_zero(r) memset((r), 0, sizeof(sm9_fp12_t)) -#define sm9_fp12_copy(r, a) memcpy((r), (a), sizeof(sm9_fp12_t)) +typedef sm9_fp4_t sm9_fp12_t[3]; + +#define sm9_fp12_init(r) sm9_fp12_set_zero(a) +#define sm9_fp12_clean(r) sm9_fp12_set_zero(a) + +void sm9_fp12_set_zero(sm9_fp12_t r); void sm9_fp12_set_one(sm9_fp12_t r); -int sm9_fp12_is_one(const sm9_fp12_t a); -int sm9_fp12_is_zero(const sm9_fp12_t a); -void sm9_fp12_from_hex(sm9_fp12_t r, const char hex[65 * 12]); -void sm9_fp12_to_hex(const sm9_fp12_t a, char hex[65 * 12]); -void sm9_fp12_print(const char *prefix, const sm9_fp12_t a); -void sm9_fp12_set(sm9_fp12_t r, const sm9_fp4_t a0, const sm9_fp4_t a1, const sm9_fp4_t a2); -void sm9_fp12_set_fp(sm9_fp12_t r, const sm9_fp_t a); -void sm9_fp12_set_fp2(sm9_fp12_t r, const sm9_fp2_t a); -void sm9_fp12_set_fp4(sm9_fp12_t r, const sm9_fp4_t a); void sm9_fp12_set_u(sm9_fp12_t r); void sm9_fp12_set_v(sm9_fp12_t r); void sm9_fp12_set_w(sm9_fp12_t r); void sm9_fp12_set_w_sqr(sm9_fp12_t r); - -int sm9_fp12_equ(const sm9_fp12_t a, const sm9_fp12_t b); +void sm9_fp12_set_fp(sm9_fp12_t r, const sm9_fp_t a); +void sm9_fp12_set_fp2(sm9_fp12_t r, const sm9_fp2_t a); +void sm9_fp12_set_fp4(sm9_fp12_t r, const sm9_fp4_t a); +void sm9_fp12_set(sm9_fp12_t r, const sm9_fp4_t a0, const sm9_fp4_t a1, const sm9_fp4_t a2); +void sm9_fp12_copy(sm9_fp12_t r, const sm9_fp12_t a); +int sm9_fp12_rand(sm9_fp12_t r); +int sm9_fp12_is_one(const sm9_fp12_t a); +int sm9_fp12_is_zero(const sm9_fp12_t a); +int sm9_fp12_equ(const sm9_fp12_t a, const sm9_fp12_t b); void sm9_fp12_add(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b); void sm9_fp12_dbl(sm9_fp12_t r, const sm9_fp12_t a); void sm9_fp12_tri(sm9_fp12_t r, const sm9_fp12_t a); @@ -226,6 +311,12 @@ void sm9_fp12_mul(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b); void sm9_fp12_sqr(sm9_fp12_t r, const sm9_fp12_t a); void sm9_fp12_inv(sm9_fp12_t r, const sm9_fp12_t a); void sm9_fp12_pow(sm9_fp12_t r, const sm9_fp12_t a, const sm9_bn_t k); +void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]); +int sm9_fp12_from_bytes(sm9_fp12_t r, const uint8_t in[32 * 12]); +void sm9_fp12_to_hex(const sm9_fp12_t a, char hex[65 * 12]); +int sm9_fp12_from_hex(sm9_fp12_t r, const char hex[65 * 12]); // 这个明显是不对的 +void sm9_fp12_print(const char *prefix, const sm9_fp12_t a); + void sm9_fp2_conjugate(sm9_fp2_t r, const sm9_fp2_t a); void sm9_fp2_frobenius(sm9_fp2_t r, const sm9_fp2_t a); @@ -238,51 +329,76 @@ void sm9_fp12_frobenius2(sm9_fp12_t r, const sm9_fp12_t x); void sm9_fp12_frobenius3(sm9_fp12_t r, const sm9_fp12_t x); void sm9_fp12_frobenius6(sm9_fp12_t r, const sm9_fp12_t x); -void sm9_point_init(sm9_point_t *R); -void sm9_point_from_hex(sm9_point_t *R, const char hex[65 * 2]); -#define sm9_point_copy(R, P) memcpy((R), (P), sizeof(sm9_point_t)) -int sm9_point_is_at_infinity(const sm9_point_t *P); -void sm9_point_set_infinity(sm9_point_t *R); -void sm9_point_get_xy(const sm9_point_t *P, sm9_fp_t x, sm9_fp_t y); -int sm9_point_equ(const sm9_point_t *P, const sm9_point_t *Q); -int sm9_point_is_on_curve(const sm9_point_t *P); -void sm9_point_dbl(sm9_point_t *R, const sm9_point_t *P); -void sm9_point_add(sm9_point_t *R, const sm9_point_t *P, const sm9_point_t *Q); -void sm9_point_neg(sm9_point_t *R, const sm9_point_t *P); -void sm9_point_sub(sm9_point_t *R, const sm9_point_t *P, const sm9_point_t *Q); -void sm9_point_mul(sm9_point_t *R, const sm9_bn_t k, const sm9_point_t *P); -void sm9_point_mul_generator(sm9_point_t *R, const sm9_bn_t k); +typedef struct { + sm9_fp_t X; + sm9_fp_t Y; + sm9_fp_t Z; +} SM9_POINT; +extern const SM9_POINT *SM9_P1; -void sm9_twist_point_from_hex(sm9_twist_point_t *R, const char hex[65 * 4]); -#define sm9_twist_point_copy(R, P) memcpy((R), (P), sizeof(sm9_twist_point_t)) -int sm9_twist_point_is_at_infinity(const sm9_twist_point_t *P); -void sm9_twist_point_set_infinity(sm9_twist_point_t *R); -void sm9_twist_point_get_xy(const sm9_twist_point_t *P, sm9_fp2_t x, sm9_fp2_t y); +#define sm9_point_init(R) sm9_point_set_infinity(R) +#define sm9_point_clean(R) sm9_point_set_infinity(R) -int sm9_twist_point_equ(const sm9_twist_point_t *P, const sm9_twist_point_t *Q); -int sm9_twist_point_is_on_curve(const sm9_twist_point_t *P); -void sm9_twist_point_neg(sm9_twist_point_t *R, const sm9_twist_point_t *P); -void sm9_twist_point_dbl(sm9_twist_point_t *R, const sm9_twist_point_t *P); -void sm9_twist_point_add(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q); -void sm9_twist_point_sub(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q); -void sm9_twist_point_add_full(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q); -void sm9_twist_point_mul(sm9_twist_point_t *R, const sm9_bn_t k, const sm9_twist_point_t *P); -void sm9_twist_point_mul_generator(sm9_twist_point_t *R, const sm9_bn_t k); +void sm9_point_set_infinity(SM9_POINT *R); +void sm9_point_copy(SM9_POINT *R, const SM9_POINT *P); +void sm9_point_get_xy(const SM9_POINT *P, sm9_fp_t x, sm9_fp_t y); +int sm9_point_is_at_infinity(const SM9_POINT *P); +int sm9_point_equ(const SM9_POINT *P, const SM9_POINT *Q); +int sm9_point_is_on_curve(const SM9_POINT *P); +void sm9_point_dbl(SM9_POINT *R, const SM9_POINT *P); +void sm9_point_add(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q); +void sm9_point_neg(SM9_POINT *R, const SM9_POINT *P); +void sm9_point_sub(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q); +void sm9_point_mul(SM9_POINT *R, const sm9_bn_t k, const SM9_POINT *P); +void sm9_point_mul_generator(SM9_POINT *R, const sm9_bn_t k); +void sm9_point_from_hex(SM9_POINT *R, const char hex[65 * 2]); +int sm9_point_to_uncompressed_octets(const SM9_POINT *P, uint8_t octets[65]); +int sm9_point_from_uncompressed_octets(SM9_POINT *P, const uint8_t octets[65]); +int sm9_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_POINT *P); -void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const sm9_twist_point_t *P, const sm9_point_t *Q); -void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const sm9_twist_point_t *T, const sm9_twist_point_t *P, const sm9_point_t *Q); -void sm9_twist_point_pi1(sm9_twist_point_t *R, const sm9_twist_point_t *P); -void sm9_twist_point_pi2(sm9_twist_point_t *R, const sm9_twist_point_t *P); -void sm9_twist_point_neg_pi2(sm9_twist_point_t *R, const sm9_twist_point_t *P); +typedef struct { + sm9_fp2_t X; + sm9_fp2_t Y; + sm9_fp2_t Z; +} SM9_TWIST_POINT; +extern const SM9_TWIST_POINT *SM9_P2; +extern const SM9_TWIST_POINT *SM9_Ppubs; + +#define sm9_twist_point_copy(R, P) memcpy((R), (P), sizeof(SM9_TWIST_POINT)) + +int sm9_twist_point_to_uncompressed_octets(const SM9_TWIST_POINT *P, uint8_t octets[129]); +int sm9_twist_point_from_uncompressed_octets(SM9_TWIST_POINT *P, const uint8_t octets[129]); + + +void sm9_twist_point_from_hex(SM9_TWIST_POINT *R, const char hex[65 * 4]); +int sm9_twist_point_is_at_infinity(const SM9_TWIST_POINT *P); +void sm9_twist_point_set_infinity(SM9_TWIST_POINT *R); +void sm9_twist_point_get_xy(const SM9_TWIST_POINT *P, sm9_fp2_t x, sm9_fp2_t y); + +int sm9_twist_point_equ(const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); +int sm9_twist_point_is_on_curve(const SM9_TWIST_POINT *P); +void sm9_twist_point_neg(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); +void sm9_twist_point_dbl(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); +void sm9_twist_point_add(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); +void sm9_twist_point_sub(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); +void sm9_twist_point_add_full(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); +void sm9_twist_point_mul(SM9_TWIST_POINT *R, const sm9_bn_t k, const SM9_TWIST_POINT *P); +void sm9_twist_point_mul_generator(SM9_TWIST_POINT *R, const sm9_bn_t k); +int sm9_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_TWIST_POINT *P); + + + +void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *P, const SM9_POINT *Q); +void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *T, const SM9_TWIST_POINT *P, const SM9_POINT *Q); +void sm9_twist_point_pi1(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); +void sm9_twist_point_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); +void sm9_twist_point_neg_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); void sm9_final_exponent_hard_part(sm9_fp12_t r, const sm9_fp12_t f); void sm9_final_exponent(sm9_fp12_t r, const sm9_fp12_t f); -void sm9_pairing(sm9_fp12_t r, const sm9_twist_point_t *Q, const sm9_point_t *P); - - - +void sm9_pairing(sm9_fp12_t r, const SM9_TWIST_POINT *Q, const SM9_POINT *P); /* private key extract algorithms */ @@ -290,263 +406,11 @@ void sm9_pairing(sm9_fp12_t r, const sm9_twist_point_t *Q, const sm9_point_t *P) #define SM9_HID_EXCH 0x02 #define SM9_HID_ENC 0x03 -#define SM9_HASH1 0x01 -#define SM9_HASH2 0x02 - -void sm9_fn_add(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); -void sm9_fn_sub(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); -void sm9_fn_mul(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); -void sm9_fn_pow(sm9_fn_t r, const sm9_fn_t a, const sm9_bn_t e); -void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a); -int sm9_fn_is_zero(const sm9_fn_t a); -int sm9_fn_equ(const sm9_fn_t a, const sm9_fn_t b); -void sm9_fn_rand(sm9_fn_t r); -void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]); - -void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]); +#define SM9_HASH1_PREFIX 0x01 +#define SM9_HASH2_PREFIX 0x02 int sm9_hash1(sm9_bn_t h1, const char *id, size_t idlen, uint8_t hid); -int sm9_point_to_bytes(const sm9_point_t *P, uint8_t out[32 * 2]); -int sm9_point_from_bytes(sm9_point_t *P, const uint8_t in[32 * 2]); -int sm9_twist_point_to_bytes(const sm9_twist_point_t *P, uint8_t out[32 * 2]); -int sm9_twist_point_from_bytes(sm9_twist_point_t *P, const uint8_t in[32 * 2]); - -void sm9_fn_to_bytes(const sm9_fn_t a, uint8_t out[32]); -int sm9_fn_from_bytes(sm9_fn_t a, const uint8_t in[32]); -int sm9_point_to_uncompressed_octets(const sm9_point_t *P, uint8_t octets[65]); -int sm9_point_from_uncompressed_octets(sm9_point_t *P, const uint8_t octets[65]); -int sm9_twist_point_to_uncompressed_octets(const sm9_twist_point_t *P, uint8_t octets[129]); -int sm9_twist_point_from_uncompressed_octets(sm9_twist_point_t *P, const uint8_t octets[129]); - - -// set the same value as sm2 -#define SM9_MAX_ID_BITS 65535 -#define SM9_MAX_ID_SIZE (SM9_MAX_ID_BITS/8) - -typedef struct { - uint8_t x[32]; - uint8_t y[32]; -} SM9_POINT; - -typedef struct { - uint8_t x[64]; - uint8_t y[64]; -} SM9_TWIST_POINT; - - -/* -SM9私钥如何存储: - -可以用PrivateKeyInfo, EncryptedPrivateKeyInfo 来存储SM9的主密钥 -这需要SM9签名、加密等方案的OID,并且需要区分主密钥和用户私钥 -否则无法通过AlgorithmIdentifier来区分 - -SM9的主密钥和EC密钥类型很像,都是一个大整数和一个曲线点。 -但是SM9的主密钥存在KeyUsage这个特性,签名和加密的格式并不一样。 -是否将其整合在一个ASN.1对象中呢? - -主密钥、用户密钥、签名、加密,这用一个OID来区分还是2个OID来区分? - - -PrivateKeyInfo ::= SEQUENCE { - version Version { v1(0) }, - privateKeyAlgorithm AlgorithmIdentifier, - privateKey OCTET STRING, -- DER-encoding of ECPrivateKey - attributes [0] IMPLICIT SET OF Attribute OPTIONAL } - -这里privateKeyAlgorithm只有一个值,因此必须为上述提供4个不同OID - -主公钥其实是无所谓的, - -SM9 OIDs from GM/T 0006-2012 - - 1.2.156.10197.1.302 sm9 - 1.2.156.10197.1.302.1 sm9sign - 1.2.156.10197.1.302.2 sm9keyagreement - 1.2.156.10197.1.302.3 sm9encrypt - -*/ - -#define PEM_SM9_SIGN_MASTER_KEY "ENCRYPTED SM9 SIGN MASTER KEY" -#define PEM_SM9_SIGN_MASTER_PUBLIC_KEY "SM9 SIGN MASTER PUBLIC KEY" -#define PEM_SM9_SIGN_PRIVATE_KEY "ENCRYPTED SM9 SIGN PRIVATE KEY" -#define PEM_SM9_ENC_MASTER_KEY "ENCRYPTED SM9 ENC MASTER KEY" -#define PEM_SM9_ENC_MASTER_PUBLIC_KEY "SM9 ENC MASTER PUBLIC KEY" -#define PEM_SM9_ENC_PRIVATE_KEY "ENCRYPTED SM9 ENC PRIVATE KEY" - - -/* -SM9SignMasterKey ::= SEQUENCE { - ks INTEGER, - Ppubs BIT STRING, -- uncompressed octets of twisted point -} -*/ -typedef struct { - sm9_twist_point_t Ppubs; // Ppubs = ks * P2 - sm9_fn_t ks; -} SM9_SIGN_MASTER_KEY; - -// algorthm,parameters = sm9,sm9sign -int sm9_sign_master_key_to_der(const SM9_SIGN_MASTER_KEY *msk, uint8_t **out, size_t *outlen); -int sm9_sign_master_key_from_der(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, size_t *inlen); -int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen); -int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen); -int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp); -int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp); - -/* -SM9SignMasterPublicKey ::= SEQUENCE { - Ppubs BIT STRING, -- uncompressed octets of twisted point -} -*/ -int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen); -int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen); -int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp); -int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp); - - -/* -SM9SignPrivateKey ::= SEQUENCE { - ds BIT STRING, -- uncompressed octets of ECPoint - Ppubs BIT STRING -- uncompressed octets of twisted point -} - -SM9的用户私钥和椭圆曲线的就没有任何关系了。 -*/ -typedef struct { - sm9_twist_point_t Ppubs; - sm9_point_t ds; -} SM9_SIGN_KEY; - -// algorithm,parameters = sm9sign, -int sm9_sign_key_to_der(const SM9_SIGN_KEY *key, uint8_t **out, size_t *outlen); -int sm9_sign_key_from_der(SM9_SIGN_KEY *key, const uint8_t **in, size_t *inlen); -int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen); -int sm9_sign_key_info_decrypt_from_der(SM9_SIGN_KEY *key, const char *pass, const uint8_t **in, size_t *inlen); -int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp); -int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp); - -int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master); -int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key); - - -/* -from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification -SM9Signature ::= SEQUENCE { - h OCTET STRING, - S BIT STRING, -- uncompressed octets of ECPoint } -*/ -typedef struct { - sm9_fn_t h; - sm9_point_t S; -} SM9_SIGNATURE; - -int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *sig); -int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, - const SM3_CTX *sm3_ctx, const SM9_SIGNATURE *sig); - -#define SM9_MAX_SIGNATURE_SIZE 512 // TODO: calcalate this size -int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen); -int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen); - - -typedef struct { - SM3_CTX sm3_ctx; -} SM9_SIGN_CTX; - -int sm9_sign_init(SM9_SIGN_CTX *ctx); -int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, size_t *siglen); - -int sm9_verify_init(SM9_SIGN_CTX *ctx); -int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen, - const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen); - -typedef struct { - sm9_point_t Ppube; // Ppube = ke * P1 - sm9_fn_t ke; -} SM9_ENC_MASTER_KEY; - -// algorithm,parameters = sm9,sm9encrypt -int sm9_enc_master_key_to_der(const SM9_ENC_MASTER_KEY *msk, uint8_t **out, size_t *outlen); -int sm9_enc_master_key_from_der(SM9_ENC_MASTER_KEY *msk, const uint8_t **in, size_t *inlen); -int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen); -int sm9_enc_master_key_info_decrypt_from_der(SM9_ENC_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen); -int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp); -int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp); - -int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen); -int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen); -int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp); -int sm9_enc_master_public_key_from_pem(SM9_ENC_MASTER_KEY *mpk, FILE *fp); - -/* -SM9EncPrivateKey ::= SEQUENCE { - de BIT STRING, -- uncompressed octets of twisted point - Ppube BIT STRING -- uncompressed octets of ECPoint -} -*/ -typedef struct { - sm9_point_t Ppube; - sm9_twist_point_t de; -} SM9_ENC_KEY; - -// algorithm,parameters = sm9encrypt, -int sm9_enc_key_to_der(const SM9_ENC_KEY *key, uint8_t **out, size_t *outlen); -int sm9_enc_key_from_der(SM9_ENC_KEY *key, const uint8_t **in, size_t *inlen); -int sm9_enc_key_info_encrypt_to_der(const SM9_ENC_KEY *key, const char *pass, uint8_t **out, size_t *outlen); -int sm9_enc_key_info_decrypt_from_der(SM9_ENC_KEY *key, const char *pass, const uint8_t **in, size_t *inlen); -int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp); -int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp); - -int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master); -int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key); - -/* -from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification -SM9Cipher ::= SEQUENCE { - EnType INTEGER, -- 0 for XOR - C1 BIT STRING, -- uncompressed octets of ECPoint - C3 OCTET STRING, -- 32 bytes HMAC-SM3 tag - CipherText OCTET STRING, -} -*/ -int sm9_ciphertext_to_der(const sm9_point_t *C1, const uint8_t *c2, size_t c2len, - const uint8_t c3[SM3_HMAC_SIZE], uint8_t **out, size_t *outlen); -int sm9_ciphertext_from_der(sm9_point_t *C1, const uint8_t **c2, size_t *c2len, - const uint8_t *c3[SM3_HMAC_SIZE], const uint8_t **in, size_t *inlen); - -#define SM9_MAX_PLAINTEXT_SIZE 512 // FIXME -#define SM9_MAX_CIPHERTEXT_SIZE 512 // FIXME - - -int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, size_t klen, uint8_t *kbuf, sm9_point_t *C); -int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const sm9_point_t *C, size_t klen, uint8_t *kbuf); - -int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, - const uint8_t *in, size_t inlen, sm9_point_t *C1, uint8_t *c2, uint8_t c3[SM3_HMAC_SIZE]); -int sm9_do_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, - const sm9_point_t *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], uint8_t *out); -int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); - - -int sm9_fn_print(FILE *fp, int fmt, int ind, const char *label, const sm9_fn_t a); -int sm9_point_print(FILE *fp, int fmt, int ind, const char *label, const sm9_point_t *P); -int sm9_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const sm9_twist_point_t *P); - -int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk); -int sm9_sign_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *mpk); -int sm9_sign_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_KEY *key); -int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk); -int sm9_enc_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *mpk); -int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_KEY *key); -int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen); -int sm9_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); const char *sm9_oid_name(int oid); int sm9_oid_from_name(const char *name); @@ -556,8 +420,188 @@ int sm9_algor_to_der(int alg, int params, uint8_t **out, size_t *outlen); int sm9_algor_from_der(int *alg, int *params, const uint8_t **in, size_t *inlen); +#define PEM_SM9_SIGN_MASTER_KEY "ENCRYPTED SM9 SIGN MASTER KEY" +#define PEM_SM9_SIGN_MASTER_PUBLIC_KEY "SM9 SIGN MASTER PUBLIC KEY" +#define PEM_SM9_SIGN_PRIVATE_KEY "ENCRYPTED SM9 SIGN PRIVATE KEY" +#define PEM_SM9_ENC_MASTER_KEY "ENCRYPTED SM9 ENC MASTER KEY" +#define PEM_SM9_ENC_MASTER_PUBLIC_KEY "SM9 ENC MASTER PUBLIC KEY" +#define PEM_SM9_ENC_PRIVATE_KEY "ENCRYPTED SM9 ENC PRIVATE KEY" -# ifdef __cplusplus + +#define SM9_MAX_ID_SIZE (SM2_MAX_ID_SIZE) + +/* +SM9SignMasterKey ::= SEQUENCE { + ks INTEGER, + Ppubs BIT STRING -- uncompressed octets of twisted point } + +SM9SignMasterPublicKey ::= SEQUENCE { + Ppubs BIT STRING -- uncompressed octets of twisted point } + +SM9SignPrivateKey ::= SEQUENCE { + ds BIT STRING, -- uncompressed octets of ECPoint + Ppubs BIT STRING -- uncompressed octets of twisted point } +*/ +typedef struct { + SM9_TWIST_POINT Ppubs; // Ppubs = ks * P2 + sm9_fn_t ks; +} SM9_SIGN_MASTER_KEY; + +typedef struct { + SM9_TWIST_POINT Ppubs; + SM9_POINT ds; +} SM9_SIGN_KEY; + +int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master); +int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key); + +// algorthm,parameters = sm9,sm9sign +#define SM9_SIGN_MASTER_KEY_MAX_SIZE 171 +int sm9_sign_master_key_to_der(const SM9_SIGN_MASTER_KEY *msk, uint8_t **out, size_t *outlen); +int sm9_sign_master_key_from_der(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, size_t *inlen); +int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen); +int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen); +int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp); +int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp); +int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk); + +#define SM9_SIGN_MASTER_PUBLIC_KEY_SIZE 136 +int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen); +int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen); +int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp); +int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp); +int sm9_sign_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *mpk); + +// algorithm,parameters = sm9sign, +#define SM9_SIGN_KEY_SIZE 204 +int sm9_sign_key_to_der(const SM9_SIGN_KEY *key, uint8_t **out, size_t *outlen); +int sm9_sign_key_from_der(SM9_SIGN_KEY *key, const uint8_t **in, size_t *inlen); +int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen); +int sm9_sign_key_info_decrypt_from_der(SM9_SIGN_KEY *key, const char *pass, const uint8_t **in, size_t *inlen); +int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp); +int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp); +int sm9_sign_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_KEY *key); + +/* +from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification +SM9Signature ::= SEQUENCE { + h OCTET STRING, + S BIT STRING -- uncompressed octets of ECPoint } +*/ +typedef struct { + sm9_fn_t h; + SM9_POINT S; +} SM9_SIGNATURE; + +int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *sig); +int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, const SM3_CTX *sm3_ctx, const SM9_SIGNATURE *sig); + +#define SM9_SIGNATURE_SIZE 104 +int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen); +int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen); +int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen); + +typedef struct { + SM3_CTX sm3_ctx; +} SM9_SIGN_CTX; + +int sm9_sign_init(SM9_SIGN_CTX *ctx); +int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); +int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, size_t *siglen); +int sm9_verify_init(SM9_SIGN_CTX *ctx); +int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); +int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen, + const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen); + + +/* +SM9EncMasterKey ::= SEQUENCE { + de INTEGER, + Ppube BIT STRING -- uncompressed octets of ECPoint } + +SM9EncMasterPublicKey ::= SEQUENCE { + Ppube BIT STRING -- uncompressed octets of ECPoint } + +SM9EncPrivateKey ::= SEQUENCE { + de BIT STRING, -- uncompressed octets of twisted point + Ppube BIT STRING -- uncompressed octets of ECPoint } +*/ + +typedef struct { + SM9_POINT Ppube; // Ppube = ke * P1 + sm9_fn_t ke; +} SM9_ENC_MASTER_KEY; + +typedef struct { + SM9_POINT Ppube; + SM9_TWIST_POINT de; +} SM9_ENC_KEY; + +int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master); +int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key); + +// algorithm,parameters = sm9,sm9encrypt +#define SM9_ENC_MASTER_KEY_MAX_SIZE 105 +int sm9_enc_master_key_to_der(const SM9_ENC_MASTER_KEY *msk, uint8_t **out, size_t *outlen); +int sm9_enc_master_key_from_der(SM9_ENC_MASTER_KEY *msk, const uint8_t **in, size_t *inlen); +int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen); +int sm9_enc_master_key_info_decrypt_from_der(SM9_ENC_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen); +int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp); +int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp); +int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk); + +#define SM9_ENC_MASTER_PUBLIC_KEY_SIZE 70 +int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen); +int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen); +int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp); +int sm9_enc_master_public_key_from_pem(SM9_ENC_MASTER_KEY *mpk, FILE *fp); +int sm9_enc_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *mpk); + +// algorithm,parameters = sm9encrypt, +#define SM9_ENC_KEY_SIZE 204 +int sm9_enc_key_to_der(const SM9_ENC_KEY *key, uint8_t **out, size_t *outlen); +int sm9_enc_key_from_der(SM9_ENC_KEY *key, const uint8_t **in, size_t *inlen); +int sm9_enc_key_info_encrypt_to_der(const SM9_ENC_KEY *key, const char *pass, uint8_t **out, size_t *outlen); +int sm9_enc_key_info_decrypt_from_der(SM9_ENC_KEY *key, const char *pass, const uint8_t **in, size_t *inlen); +int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp); +int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp); +int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_KEY *key); + +#define SM9_MAX_PRIVATE_KEY_SIZE (SM9_SIGN_KEY_SIZE) // MAX(SIGN_MASTER_KEY, SIGN_KEY, ENC_MASTER_KEY, ENC_KEY) +#define SM9_MAX_PRIVATE_KEY_INFO_SIZE 512 +#define SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE 1024 + +/* +from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification +SM9Cipher ::= SEQUENCE { + EnType INTEGER, -- 0 for XOR + C1 BIT STRING, -- uncompressed octets of ECPoint + C3 OCTET STRING, -- 32 bytes HMAC-SM3 tag + CipherText OCTET STRING } +*/ + +int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, size_t klen, uint8_t *kbuf, SM9_POINT *C); +int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const SM9_POINT *C, size_t klen, uint8_t *kbuf); +int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, + const uint8_t *in, size_t inlen, SM9_POINT *C1, uint8_t *c2, uint8_t c3[SM3_HMAC_SIZE]); +int sm9_do_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, + const SM9_POINT *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], uint8_t *out); + +#define SM9_MAX_PLAINTEXT_SIZE 255 +#define SM9_MAX_CIPHERTEXT_SIZE 367 // calculated in test_sm9_ciphertext() +int sm9_ciphertext_to_der(const SM9_POINT *C1, const uint8_t *c2, size_t c2len, + const uint8_t c3[SM3_HMAC_SIZE], uint8_t **out, size_t *outlen); +int sm9_ciphertext_from_der(SM9_POINT *C1, const uint8_t **c2, size_t *c2len, + const uint8_t *c3[SM3_HMAC_SIZE], const uint8_t **in, size_t *inlen); +int sm9_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); +int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, + const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); +int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, + const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); + + + +#ifdef __cplusplus } -# endif -# endif +#endif +#endif diff --git a/include/gmssl/version.h b/include/gmssl/version.h index 9595b977..ccc903af 100644 --- a/include/gmssl/version.h +++ b/include/gmssl/version.h @@ -54,6 +54,13 @@ extern "C" { #endif +/* +Version Public API + + gmssl_version_num + gmssl_version_str +*/ + #define GMSSL_VERSION_NUM 30000 #define GMSSL_VERSION_STR "GmSSL 3.0.0 Alpha" diff --git a/include/gmssl/x509.h b/include/gmssl/x509.h index 4b24ae73..72e83816 100644 --- a/include/gmssl/x509.h +++ b/include/gmssl/x509.h @@ -62,6 +62,37 @@ extern "C" { #endif +/* +X509 Public API + + x509_name_add_rdn + x509_name_add_country_name + x509_name_add_state_or_province_name + x509_name_add_locality_name + x509_name_add_organization_name + x509_name_add_organizational_unit_name + x509_name_add_common_name + x509_name_add_domain_component + x509_name_to_der + x509_name_from_der + x509_name_print + x509_name_get_printable + x509_name_get_value_by_type + x509_name_get_common_name + + x509_cert_sign + x509_cert_verify + x509_cert_verify_by_ca_cert + x509_cert_get_issuer_and_serial_number + x509_cert_get_issuer + x509_cert_get_subject + x509_cert_get_subject_public_key + x509_cert_to_der + x509_cert_from_der + x509_cert_to_pem + x509_cert_from_pem + x509_cert_print +*/ enum X509_Version { X509_version_v1 = 0, @@ -331,6 +362,7 @@ int x509_certs_get_cert_by_issuer_and_serial_number( int x509_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); + #ifdef __cplusplus } #endif diff --git a/include/gmssl/x509_crl.h b/include/gmssl/x509_crl.h index 34b56c53..b0231316 100644 --- a/include/gmssl/x509_crl.h +++ b/include/gmssl/x509_crl.h @@ -55,6 +55,14 @@ extern "C" { #endif +/* +X509 CRL Public API + + +*/ + + + /* CRLReason ::= ENUMERATED */ diff --git a/include/gmssl/x509_req.h b/include/gmssl/x509_req.h index 1a408e6c..e2e5ab08 100644 --- a/include/gmssl/x509_req.h +++ b/include/gmssl/x509_req.h @@ -63,6 +63,17 @@ extern "C" { #endif +/* +X509 REQ Public API + + x509_req_sign + x509_req_verify + x509_req_get_details + x509_req_print + x509_req_to_pem + x509_req_from_pem +*/ + /* from RFC 2986 diff --git a/include/gmssl/zuc.h b/include/gmssl/zuc.h index 4f526a9e..558c5053 100644 --- a/include/gmssl/zuc.h +++ b/include/gmssl/zuc.h @@ -59,6 +59,31 @@ extern "C" { #endif +/* +ZUC Public API + + ZUC_KEY_SIZE + ZUC_IV_SIZE + ZUC_MAC_SIZE + + ZUC_CTX + zuc_encrypt_init + zuc_encrypt_update + zuc_encrypt_finish + zuc_decrypt_init + zuc_decrypt_update + zuc_decrypt_finish + + ZUC_MAC_CTX + zuc_mac_init + zuc_mac_update + zuc_mac_finish + + zuc_eea_encrypt + zuc_eia_generate_mac +*/ + + # define ZUC_KEY_SIZE 16 # define ZUC_IV_SIZE 16 # define ZUC_MAC_SIZE 4 @@ -132,7 +157,7 @@ typedef struct ZUC256_MAC_CTX_st { void zuc256_mac_init(ZUC256_MAC_CTX *ctx, const uint8_t key[ZUC256_KEY_SIZE], const uint8_t iv[ZUC256_IV_SIZE], int macbits); void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len); -void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t *mac); +void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]); // Public API diff --git a/src/asn1.c b/src/asn1.c index f05ca18a..4fe0dc2f 100644 --- a/src/asn1.c +++ b/src/asn1.c @@ -746,9 +746,6 @@ int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_ if ((ret = asn1_object_identifier_from_der(nodes, nodes_cnt, in, inlen)) != 1) { if (ret < 0) error_print(); - if (ret == 0) { - error_print(); - } return ret; } *info = NULL; diff --git a/src/sm4_modes.c b/src/sm4_modes.c index 318626b5..b04991e0 100644 --- a/src/sm4_modes.c +++ b/src/sm4_modes.c @@ -119,9 +119,6 @@ int sm4_cbc_padding_decrypt(const SM4_KEY *key, const uint8_t iv[16], } sm4_cbc_decrypt(key, iv, in + inlen - 16, 1, block); - format_bytes(stderr, 0, 0, "last_decrypted_block", block, 16); - - padding = block[15]; if (padding < 1 || padding > 16) { error_print(); diff --git a/src/sm9_alg.c b/src/sm9_alg.c index b7ab3ab3..6510b41a 100644 --- a/src/sm9_alg.c +++ b/src/sm9_alg.c @@ -52,14 +52,16 @@ #include #include #include +#include #include +#include #include -const sm9_bn_t SM9_ZERO = {0,0,0,0,0,0,0,0}; -const sm9_bn_t SM9_ONE = {1,0,0,0,0,0,0,0}; -const sm9_bn_t SM9_TWO = {2,0,0,0,0,0,0,0}; -const sm9_bn_t SM9_FIVE = {5,0,0,0,0,0,0,0}; +const sm9_bn_t SM9_ZERO = {0,0,0,0,0,0,0,0}; +const sm9_bn_t SM9_ONE = {1,0,0,0,0,0,0,0}; +static const sm9_bn_t SM9_TWO = {2,0,0,0,0,0,0,0}; +static const sm9_bn_t SM9_FIVE = {5,0,0,0,0,0,0,0}; // p = b640000002a3a6f1d603ab4ff58ec74521f2934b1a7aeedbe56f9b27e351457d @@ -67,22 +69,22 @@ const sm9_bn_t SM9_FIVE = {5,0,0,0,0,0,0,0}; // mu_p = 2^512 // p = 167980e0beb5759a655f73aebdcd1312af2665f6d1e36081c71188f90d5c22146 // mu_n = 2^512 // n const sm9_bn_t SM9_P = {0xe351457d, 0xe56f9b27, 0x1a7aeedb, 0x21f2934b, 0xf58ec745, 0xd603ab4f, 0x02a3a6f1, 0xb6400000}; -const sm9_bn_t SM9_P_MINUS_ONE = {0xe351457c, 0xe56f9b27, 0x1a7aeedb, 0x21f2934b, 0xf58ec745, 0xd603ab4f, 0x02a3a6f1, 0xb6400000}; const sm9_bn_t SM9_N = {0xd69ecf25, 0xe56ee19c, 0x18ea8bee, 0x49f2934b, 0xf58ec744, 0xd603ab4f, 0x02a3a6f1, 0xb6400000}; -const sm9_bn_t SM9_N_MINUS_ONE = {0xd69ecf24, 0xe56ee19c, 0x18ea8bee, 0x49f2934b, 0xf58ec744, 0xd603ab4f, 0x02a3a6f1, 0xb6400000}; -const sm9_barrett_bn_t SM9_MU_P = {0xd5c22146, 0x71188f90, 0x1e36081c, 0xf2665f6d, 0xdcd1312a, 0x55f73aeb, 0xeb5759a6, 0x67980e0b, 0x00000001}; -const sm9_barrett_bn_t SM9_MU_N = {0xdfc97c2f, 0x74df4fd4, 0xc9c073b0, 0x9c95d85e, 0xdcd1312c, 0x55f73aeb, 0xeb5759a6, 0x67980e0b, 0x00000001}; -const sm9_barrett_bn_t SM9_MU_N_MINUS_ONE = {0xdfc97c31, 0x74df4fd4, 0xc9c073b0, 0x9c95d85e, 0xdcd1312c, 0x55f73aeb, 0xeb5759a6, 0x67980e0b, 0x00000001}; +static const sm9_bn_t SM9_P_MINUS_ONE = {0xe351457c, 0xe56f9b27, 0x1a7aeedb, 0x21f2934b, 0xf58ec745, 0xd603ab4f, 0x02a3a6f1, 0xb6400000}; +static const sm9_bn_t SM9_N_MINUS_ONE = {0xd69ecf24, 0xe56ee19c, 0x18ea8bee, 0x49f2934b, 0xf58ec744, 0xd603ab4f, 0x02a3a6f1, 0xb6400000}; +static const sm9_barrett_bn_t SM9_MU_P = {0xd5c22146, 0x71188f90, 0x1e36081c, 0xf2665f6d, 0xdcd1312a, 0x55f73aeb, 0xeb5759a6, 0x67980e0b, 0x00000001}; +static const sm9_barrett_bn_t SM9_MU_N = {0xdfc97c2f, 0x74df4fd4, 0xc9c073b0, 0x9c95d85e, 0xdcd1312c, 0x55f73aeb, 0xeb5759a6, 0x67980e0b, 0x00000001}; +static const sm9_barrett_bn_t SM9_MU_N_MINUS_ONE = {0xdfc97c31, 0x74df4fd4, 0xc9c073b0, 0x9c95d85e, 0xdcd1312c, 0x55f73aeb, 0xeb5759a6, 0x67980e0b, 0x00000001}; // P1.X 0x93DE051D62BF718FF5ED0704487D01D6E1E4086909DC3280E8C4E4817C66DDDD // P1.Y 0x21FE8DDA4F21E607631065125C395BBC1C1C00CBFA6024350C464CD70A3EA616 -const sm9_point_t _SM9_P1 = { +const SM9_POINT _SM9_P1 = { {0x7c66dddd, 0xe8c4e481, 0x09dc3280, 0xe1e40869, 0x487d01d6, 0xf5ed0704, 0x62bf718f, 0x93de051d}, {0x0a3ea616, 0x0c464cd7, 0xfa602435, 0x1c1c00cb, 0x5c395bbc, 0x63106512, 0x4f21e607, 0x21fe8dda}, {1,0,0,0,0,0,0,0} }; -const sm9_point_t *SM9_P1 = &_SM9_P1; +const SM9_POINT *SM9_P1 = &_SM9_P1; /* @@ -92,24 +94,24 @@ const sm9_point_t *SM9_P1 = &_SM9_P1; 0x17509b092e845c1266ba0d262cbee6ed0736a96fa347c8bd856dc76b84ebeb96n], Z : [1n, 0n], */ -const sm9_twist_point_t _SM9_P2 = { +const SM9_TWIST_POINT _SM9_P2 = { {{0xAF82D65B, 0xF9B7213B, 0xD19C17AB, 0xEE265948, 0xD34EC120, 0xD2AAB97F, 0x92130B08, 0x37227552}, {0xD8806141, 0x54806C11, 0x0F5E93C4, 0xF1DD2C19, 0xB441A01F, 0x597B6027, 0x78640C98, 0x85AEF3D0}}, {{0xC999A7C7, 0x6215BBA5, 0xA71A0811, 0x47EFBA98, 0x3D278FF2, 0x5F317015, 0x19BE3DA6, 0xA7CF28D5}, {0x84EBEB96, 0x856DC76B, 0xA347C8BD, 0x0736A96F, 0x2CBEE6ED, 0x66BA0D26, 0x2E845C12, 0x17509B09}}, {{1,0,0,0,0,0,0,0}, {0,0,0,0,0,0,0,0}}, }; -const sm9_twist_point_t *SM9_P2 = &_SM9_P2; +const SM9_TWIST_POINT *SM9_P2 = &_SM9_P2; -const sm9_twist_point_t _SM9_Ppubs = { +const SM9_TWIST_POINT _SM9_Ppubs = { {{0x96EA5E32, 0x8F14D656, 0x386A92DD, 0x414D2177, 0x24A3B573, 0x6CE843ED, 0x152D1F78, 0x29DBA116}, {0x1B94C408, 0x0AB1B679, 0x5E392CFB, 0x1CE0711C, 0x41B56501, 0xE48AFF4B, 0x3084F733, 0x9F64080B}}, {{0xB4E3216D, 0x0E75C05F, 0x5CDFF073, 0x1006E85F, 0xB7A46F74, 0x1A7CE027, 0xDDA532DA, 0x41E00A53}, {0xD0EF1C25, 0xE89E1408, 0x1A77F335, 0xAD3E2FDB, 0x47E3A0CB, 0xB57329F4, 0xABEA0112, 0x69850938}}, {{1,0,0,0,0,0,0,0}, {0,0,0,0,0,0,0,0}}, }; -const sm9_twist_point_t *SM9_Ppubs = &_SM9_Ppubs; +const SM9_TWIST_POINT *SM9_Ppubs = &_SM9_Ppubs; void sm9_bn_to_bytes(const sm9_bn_t a, uint8_t out[32]) @@ -130,7 +132,7 @@ void sm9_bn_from_bytes(sm9_bn_t r, const uint8_t in[32]) } } -int sm9_bn_from_hex(sm9_bn_t r, const char hex[65]) +int sm9_bn_from_hex(sm9_bn_t r, const char hex[64]) { uint8_t buf[32]; size_t len; @@ -138,22 +140,21 @@ int sm9_bn_from_hex(sm9_bn_t r, const char hex[65]) return -1; } sm9_bn_from_bytes(r, buf); - return 0; + return 1; } -void sm9_bn_to_hex(const sm9_bn_t a, char hex[65]) +void sm9_bn_to_hex(const sm9_bn_t a, char hex[64]) { int i; for (i = 7; i >= 0; i--) { (void)sprintf(hex + 8*(7-i), "%08x", (uint32_t)a[i]); //hex += 8; } - hex[64] = 0; } void sm9_print_bn(const char *prefix, const sm9_bn_t a) { - char hex[65]; + char hex[65] = {0}; sm9_bn_to_hex(a, hex); printf("%s\n%s\n", prefix, hex); } @@ -182,11 +183,12 @@ int sm9_bn_cmp(const sm9_bn_t a, const sm9_bn_t b) return 0; } -int sm9_bn_equ_hex(const sm9_bn_t a, const char *hex) + + + +void sm9_bn_copy(sm9_bn_t r, const sm9_bn_t a) { - sm9_bn_t b; - sm9_bn_from_hex(b, hex); - return (sm9_bn_cmp(a, b) == 0); + memcpy(r, a, sizeof(sm9_bn_t)); } void sm9_bn_set_word(sm9_bn_t r, uint32_t a) @@ -221,7 +223,7 @@ void sm9_bn_sub(sm9_bn_t ret, const sm9_bn_t a, const sm9_bn_t b) sm9_bn_copy(ret, r); } -void sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range) +int sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range) { FILE *fp; uint8_t buf[256]; @@ -232,9 +234,10 @@ void sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range) sm9_bn_from_bytes(r, buf); } while (sm9_bn_cmp(r, range) >= 0); fclose(fp); + return 1; } -int sm9_fp_equ(const sm9_fp_t a, const sm9_fp_t b) +int sm9_bn_equ(const sm9_bn_t a, const sm9_bn_t b) { int i; for (i = 0; i < 8; i++) { @@ -296,6 +299,14 @@ void sm9_fp_neg(sm9_fp_t r, const sm9_fp_t a) } } +int sm9_bn_print(FILE *fp, int fmt, int ind, const char *label, const sm9_bn_t a) +{ + uint8_t buf[32]; + sm9_bn_to_bytes(a, buf); + format_bytes(fp, fmt, ind, label, buf, sizeof(buf)); + return 1; +} + int sm9_barrett_bn_cmp(const sm9_barrett_bn_t a, const sm9_barrett_bn_t b) { int i; @@ -455,31 +466,94 @@ void sm9_fp_inv(sm9_fp_t r, const sm9_fp_t a) sm9_fp_pow(r, a, e); } -const sm9_fp2_t SM9_FP2_ZERO = {{0,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}; -const sm9_fp2_t SM9_FP2_ONE = {{1,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}; -const sm9_fp2_t SM9_FP2_U = {{0,0,0,0,0,0,0,0},{1,0,0,0,0,0,0,0}}; -const sm9_fp2_t SM9_FP2_5U = {{0,0,0,0,0,0,0,0},{5,0,0,0,0,0,0,0}}; - -void sm9_fp2_from_hex(sm9_fp2_t r, const char hex[65 * 2]) +int sm9_fp_from_bytes(sm9_fp_t r, const uint8_t buf[32]) { - sm9_fp_from_hex(r[1], hex); - sm9_fp_from_hex(r[0], hex + 65); + sm9_bn_from_bytes(r, buf); + if (sm9_bn_cmp(r, SM9_P) >= 0) { + error_print(); + return -1; + } + return 1; } -void sm9_fp2_to_hex(const sm9_fp2_t a, char hex[65 * 2]) +int sm9_fp_from_hex(sm9_fp_t r, const char hex[64]) +{ + if (sm9_bn_from_hex(r, hex) != 1) { + error_print(); + return -1; + } + if (sm9_bn_cmp(r, SM9_P) >= 0) { + error_print(); + return -1; + } + return 1; +} + + +const sm9_fp2_t SM9_FP2_ZERO = {{0,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}; +const sm9_fp2_t SM9_FP2_ONE = {{1,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}; +const sm9_fp2_t SM9_FP2_U = {{0,0,0,0,0,0,0,0},{1,0,0,0,0,0,0,0}}; +static const sm9_fp2_t SM9_FP2_5U = {{0,0,0,0,0,0,0,0},{5,0,0,0,0,0,0,0}}; + +int sm9_fp2_equ(const sm9_fp2_t a, const sm9_fp2_t b) +{ + return (gmssl_secure_memcmp(a, b, sizeof(sm9_fp2_t)) == 0); +} + +void sm9_fp2_copy(sm9_fp2_t r, const sm9_fp2_t a) +{ + memcpy(r, a, sizeof(sm9_fp2_t)); +} + +int sm9_fp2_rand(sm9_fp2_t r) +{ + if (sm9_fp_rand(r[0]) != 1 + || sm9_fp_rand(r[1]) != 1) { + error_print(); + return -1; + } + return 1; +} + +void sm9_fp2_to_bytes(const sm9_fp2_t a, uint8_t buf[64]) +{ + sm9_fp_to_bytes(a[1], buf); + sm9_fp_to_bytes(a[0], buf + 32); +} + +int sm9_fp2_from_bytes(sm9_fp2_t r, const uint8_t buf[64]) +{ + if (sm9_fp_from_bytes(r[1], buf) != 1 + || sm9_fp_from_bytes(r[0], buf + 32) != 1) { + error_print(); + return -1; + } + return 1; +} + +int sm9_fp2_from_hex(sm9_fp2_t r, const char hex[129]) +{ + if (sm9_fp_from_hex(r[1], hex) != 1 + || sm9_fp_from_hex(r[0], hex + 65) != 1) { + error_print(); + return -1; + } + /* + if (hex[64] != SM9_HEX_SEP) { + error_print(); + return -1; + } + */ + return 1; +} + +void sm9_fp2_to_hex(const sm9_fp2_t a, char hex[129]) { sm9_fp_to_hex(a[1], hex); - hex[64] = '\n'; + hex[64] = SM9_HEX_SEP; sm9_fp_to_hex(a[0], hex + 65); } -void sm9_fp2_print(const char *prefix, const sm9_fp2_t a) -{ - char hex[65 * 2]; - sm9_fp2_to_hex(a, hex); - printf("%s\n%s\n", prefix, hex); -} - void sm9_fp2_set_fp(sm9_fp2_t r, const sm9_fp_t a) { sm9_fp_copy(r[0], a); @@ -655,22 +729,69 @@ void sm9_fp2_div2(sm9_fp2_t r, const sm9_fp2_t a) sm9_fp_div2(r[1], a[1]); } +int sm9_fp2_print(FILE *fp, int fmt, int ind, const char *label, const sm9_fp2_t a) +{ + return 1; +} + + const sm9_fp4_t SM9_FP4_ZERO = {{{0,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}, {{0,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}}; const sm9_fp4_t SM9_FP4_ONE = {{{1,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}, {{0,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}}; const sm9_fp4_t SM9_FP4_U = {{{0,0,0,0,0,0,0,0},{1,0,0,0,0,0,0,0}}, {{0,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}}; const sm9_fp4_t SM9_FP4_V = {{{0,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}, {{1,0,0,0,0,0,0,0},{0,0,0,0,0,0,0,0}}}; -void sm9_fp4_from_hex(sm9_fp4_t r, const char hex[65 * 4]) +int sm9_fp4_equ(const sm9_fp4_t a, const sm9_fp4_t b) { - sm9_fp2_from_hex(r[1], hex); - sm9_fp2_from_hex(r[0], hex + 65 * 2); + return (gmssl_secure_memcmp(a, b, sizeof(sm9_fp4_t)) == 0); } -void sm9_fp4_to_hex(const sm9_fp4_t a, char hex[65 * 4]) +int sm9_fp4_rand(sm9_fp4_t r) +{ + if (sm9_fp2_rand(r[1]) != 1 + || sm9_fp2_rand(r[0]) != 1) { + error_print(); + return -1; + } + return 1; +} + +void sm9_fp4_copy(sm9_fp4_t r, const sm9_fp4_t a) +{ + memcpy(r, a, sizeof(sm9_fp4_t)); +} + +void sm9_fp4_to_bytes(const sm9_fp4_t a, uint8_t buf[128]) +{ + sm9_fp2_to_bytes(a[1], buf); + sm9_fp2_to_bytes(a[0], buf + 64); +} + +int sm9_fp4_from_bytes(sm9_fp4_t r, const uint8_t buf[128]) +{ + if (sm9_fp2_from_bytes(r[1], buf) != 1 + || sm9_fp2_from_bytes(r[0], buf + 64) != 1) { + error_print(); + return -1; + } + return 1; +} + +int sm9_fp4_from_hex(sm9_fp4_t r, const char hex[65 * 4]) +{ + if (sm9_fp2_from_hex(r[1], hex) != 1 + || hex[129] != SM9_HEX_SEP + || sm9_fp2_from_hex(r[0], hex + 130) != 1) { + error_print(); + return -1; + } + return 1; +} + +void sm9_fp4_to_hex(const sm9_fp4_t a, char hex[259]) { sm9_fp2_to_hex(a[1], hex); - hex[65 + 64] = '\n'; - sm9_fp2_to_hex(a[0], hex + 65 * 2); + hex[129] = SM9_HEX_SEP; + sm9_fp2_to_hex(a[0], hex + 130); } void sm9_fp4_set_fp(sm9_fp4_t r, const sm9_fp_t a) @@ -691,14 +812,6 @@ void sm9_fp4_set(sm9_fp4_t r, const sm9_fp2_t a0, const sm9_fp2_t a1) sm9_fp2_copy(r[1], a1); } -/* -void sm9_fp4_set_one(sm9_fp4_t r) -{ - sm9_fp2_set_one(r[0]); - sm9_fp2_set_zero(r[1]); -} -*/ - void sm9_fp4_set_u(sm9_fp4_t r) { sm9_fp2_set_u(r[0]); @@ -826,6 +939,31 @@ void sm9_fp4_inv(sm9_fp4_t r, const sm9_fp4_t a) sm9_fp2_copy(r[1], r1); } +void sm9_fp12_copy(sm9_fp12_t r, const sm9_fp12_t a) +{ + sm9_fp4_copy(r[0], a[0]); + sm9_fp4_copy(r[1], a[1]); + sm9_fp4_copy(r[2], a[2]); +} + +int sm9_fp12_rand(sm9_fp12_t r) +{ + if (sm9_fp4_rand(r[0]) != 1 + || sm9_fp4_rand(r[1]) != 1 + || sm9_fp4_rand(r[2]) != 1) { + error_print(); + return -1; + } + return 1; +} + +void sm9_fp12_set_zero(sm9_fp12_t r) +{ + sm9_fp4_set_zero(r[0]); + sm9_fp4_set_zero(r[1]); + sm9_fp4_set_zero(r[2]); +} + void sm9_fp12_set_one(sm9_fp12_t r) { sm9_fp4_set_one(r[0]); @@ -847,19 +985,25 @@ int sm9_fp12_is_zero(const sm9_fp12_t a) && sm9_fp4_is_zero(a[2]); } -void sm9_fp12_from_hex(sm9_fp12_t r, const char hex[65 * 12]) +int sm9_fp12_from_hex(sm9_fp12_t r, const char hex[65 * 12 - 1]) { - sm9_fp4_from_hex(r[2], hex); - sm9_fp4_from_hex(r[1], hex + 65 * 4); - sm9_fp4_from_hex(r[0], hex + 65 * 8); + if (sm9_fp4_from_hex(r[2], hex) != 1 + || hex[65 * 4 - 1] != SM9_HEX_SEP + || sm9_fp4_from_hex(r[1], hex + 65 * 4) != 1 + || hex[65 * 4 - 1] != SM9_HEX_SEP + || sm9_fp4_from_hex(r[0], hex + 65 * 8) != 1) { + error_print(); + return -1; + } + return 1; } -void sm9_fp12_to_hex(const sm9_fp12_t a, char hex[65 * 12]) +void sm9_fp12_to_hex(const sm9_fp12_t a, char hex[65 * 12 - 1]) { sm9_fp4_to_hex(a[2], hex); - hex[65 * 4 - 1] = '\n'; + hex[65 * 4 - 1] = SM9_HEX_SEP; sm9_fp4_to_hex(a[1], hex + 65 * 4); - hex[65 * 8 - 1] = '\n'; + hex[65 * 8 - 1] = SM9_HEX_SEP; sm9_fp4_to_hex(a[0], hex + 65 * 8); } @@ -1109,12 +1253,12 @@ void sm9_fp2_frobenius(sm9_fp2_t r, const sm9_fp2_t a) // alpha3 = 0x6c648de5dc0a3f2cf55acc93ee0baf159f9d411806dc5177f5b21fd3da24d011 // alpha4 = 0xf300000002a3a6f2780272354f8b78f4d5fc11967be65333 // alpha5 = 0x2d40a38cf6983351711e5f99520347cc57d778a9f8ff4c8a4c949c7fa2a96686 -const sm9_fp2_t SM9_BETA = {{0xda24d011, 0xf5b21fd3, 0x06dc5177, 0x9f9d4118, 0xee0baf15, 0xf55acc93, 0xdc0a3f2c, 0x6c648de5}, {0}}; -const sm9_fp_t SM9_ALPHA1 = {0x377b698b, 0xa91d8354, 0x0ddd04ed, 0x47c5c86e, 0x9c086749, 0x843c6cfa, 0xe5720bdb, 0x3f23ea58}; -const sm9_fp_t SM9_ALPHA2 = {0x7be65334, 0xd5fc1196, 0x4f8b78f4, 0x78027235, 0x02a3a6f2, 0xf3000000, 0x0, 0x0 }; -const sm9_fp_t SM9_ALPHA3 = {0xda24d011, 0xf5b21fd3, 0x06dc5177, 0x9f9d4118, 0xee0baf15, 0xf55acc93, 0xdc0a3f2c, 0x6c648de5}; -const sm9_fp_t SM9_ALPHA4 = {0x7be65333, 0xd5fc1196, 0x4f8b78f4, 0x78027235, 0x02a3a6f2, 0xf3000000, 0x0, 0x0 }; -const sm9_fp_t SM9_ALPHA5 = {0xa2a96686, 0x4c949c7f, 0xf8ff4c8a, 0x57d778a9, 0x520347cc, 0x711e5f99, 0xf6983351, 0x2d40a38c}; +static const sm9_fp2_t SM9_BETA = {{0xda24d011, 0xf5b21fd3, 0x06dc5177, 0x9f9d4118, 0xee0baf15, 0xf55acc93, 0xdc0a3f2c, 0x6c648de5}, {0}}; +static const sm9_fp_t SM9_ALPHA1 = {0x377b698b, 0xa91d8354, 0x0ddd04ed, 0x47c5c86e, 0x9c086749, 0x843c6cfa, 0xe5720bdb, 0x3f23ea58}; +static const sm9_fp_t SM9_ALPHA2 = {0x7be65334, 0xd5fc1196, 0x4f8b78f4, 0x78027235, 0x02a3a6f2, 0xf3000000, 0x0, 0x0 }; +static const sm9_fp_t SM9_ALPHA3 = {0xda24d011, 0xf5b21fd3, 0x06dc5177, 0x9f9d4118, 0xee0baf15, 0xf55acc93, 0xdc0a3f2c, 0x6c648de5}; +static const sm9_fp_t SM9_ALPHA4 = {0x7be65333, 0xd5fc1196, 0x4f8b78f4, 0x78027235, 0x02a3a6f2, 0xf3000000, 0x0, 0x0 }; +static const sm9_fp_t SM9_ALPHA5 = {0xa2a96686, 0x4c949c7f, 0xf8ff4c8a, 0x57d778a9, 0x520347cc, 0x711e5f99, 0xf6983351, 0x2d40a38c}; void sm9_fp4_frobenius(sm9_fp4_t r, const sm9_fp4_t a) @@ -1235,31 +1379,30 @@ void sm9_fp12_frobenius6(sm9_fp12_t r, const sm9_fp12_t x) } -void sm9_point_init(sm9_point_t *R) -{ - sm9_fp_set_zero(R->X); - sm9_fp_set_zero(R->Y); - sm9_fp_set_one(R->Z); -} -void sm9_point_from_hex(sm9_point_t *R, const char hex[65 * 2]) +void sm9_point_from_hex(SM9_POINT *R, const char hex[65 * 2]) { sm9_bn_from_hex(R->X, hex); sm9_bn_from_hex(R->Y, hex + 65); sm9_bn_set_one(R->Z); } -int sm9_point_is_at_infinity(const sm9_point_t *P) { +int sm9_point_is_at_infinity(const SM9_POINT *P) { return sm9_fp_is_zero(P->Z); } -void sm9_point_set_infinity(sm9_point_t *R) { +void sm9_point_set_infinity(SM9_POINT *R) { sm9_fp_set_one(R->X); sm9_fp_set_one(R->Y); sm9_fp_set_zero(R->Z); } -void sm9_point_get_xy(const sm9_point_t *P, sm9_fp_t x, sm9_fp_t y) +void sm9_point_copy(SM9_POINT *R, const SM9_POINT *P) +{ + *R = *P; +} + +void sm9_point_get_xy(const SM9_POINT *P, sm9_fp_t x, sm9_fp_t y) { sm9_fp_t z_inv; @@ -1279,7 +1422,7 @@ void sm9_point_get_xy(const sm9_point_t *P, sm9_fp_t x, sm9_fp_t y) sm9_fp_mul(y, y, z_inv); } -int sm9_point_equ(const sm9_point_t *P, const sm9_point_t *Q) +int sm9_point_equ(const SM9_POINT *P, const SM9_POINT *Q) { sm9_fp_t t1, t2, t3, t4; sm9_fp_sqr(t1, P->Z); @@ -1296,7 +1439,7 @@ int sm9_point_equ(const sm9_point_t *P, const sm9_point_t *Q) return sm9_fp_equ(t3, t4); } -int sm9_point_is_on_curve(const sm9_point_t *P) +int sm9_point_is_on_curve(const SM9_POINT *P) { sm9_fp_t t0, t1, t2; if (sm9_fp_is_one(P->Z)) { @@ -1314,10 +1457,14 @@ int sm9_point_is_on_curve(const sm9_point_t *P) sm9_fp_add(t1, t0, t1); sm9_fp_sqr(t0, P->Y); } - return sm9_fp_equ(t0, t1); + if (sm9_fp_equ(t0, t1) != 1) { + error_print(); + return 0; + } + return 1; } -void sm9_point_dbl(sm9_point_t *R, const sm9_point_t *P) +void sm9_point_dbl(SM9_POINT *R, const SM9_POINT *P) { const uint64_t *X1 = P->X; const uint64_t *Y1 = P->Y; @@ -1349,7 +1496,7 @@ void sm9_point_dbl(sm9_point_t *R, const sm9_point_t *P) sm9_fp_copy(R->Z, Z3); } -void sm9_point_add(sm9_point_t *R, const sm9_point_t *P, const sm9_point_t *Q) +void sm9_point_add(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q) { sm9_fp_t x; sm9_fp_t y; @@ -1406,24 +1553,24 @@ void sm9_point_add(sm9_point_t *R, const sm9_point_t *P, const sm9_point_t *Q) sm9_fp_copy(R->Z, Z3); } -void sm9_point_neg(sm9_point_t *R, const sm9_point_t *P) +void sm9_point_neg(SM9_POINT *R, const SM9_POINT *P) { sm9_fp_copy(R->X, P->X); sm9_fp_neg(R->Y, P->Y); sm9_fp_copy(R->Z, P->Z); } -void sm9_point_sub(sm9_point_t *R, const sm9_point_t *P, const sm9_point_t *Q) +void sm9_point_sub(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q) { - sm9_point_t _T, *T = &_T; + SM9_POINT _T, *T = &_T; sm9_point_neg(T, Q); sm9_point_add(R, P, T); } -void sm9_point_mul(sm9_point_t *R, const sm9_bn_t k, const sm9_point_t *P) +void sm9_point_mul(SM9_POINT *R, const sm9_bn_t k, const SM9_POINT *P) { char kbits[257]; - sm9_point_t _Q, *Q = &_Q; + SM9_POINT _Q, *Q = &_Q; int i; sm9_bn_to_bits(k, kbits); @@ -1437,32 +1584,48 @@ void sm9_point_mul(sm9_point_t *R, const sm9_bn_t k, const sm9_point_t *P) sm9_point_copy(R, Q); } -void sm9_point_mul_generator(sm9_point_t *R, const sm9_bn_t k) +void sm9_point_mul_generator(SM9_POINT *R, const sm9_bn_t k) { sm9_point_mul(R, k, SM9_P1); } -void sm9_twist_point_from_hex(sm9_twist_point_t *R, const char hex[65 * 4]) +int sm9_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_POINT *P) +{ + uint8_t buf[65]; + sm9_point_to_uncompressed_octets(P, buf); + format_bytes(fp, fmt, ind, label, buf, sizeof(buf)); + return 1; +} + +int sm9_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_TWIST_POINT *P) +{ + uint8_t buf[129]; + sm9_twist_point_to_uncompressed_octets(P, buf); + format_bytes(fp, fmt, ind, label, buf, sizeof(buf)); + return 1; +} + +void sm9_twist_point_from_hex(SM9_TWIST_POINT *R, const char hex[65 * 4]) { sm9_fp2_from_hex(R->X, hex); sm9_fp2_from_hex(R->Y, hex + 65 * 2); sm9_fp2_set_one(R->Z); } -int sm9_twist_point_is_at_infinity(const sm9_twist_point_t *P) +int sm9_twist_point_is_at_infinity(const SM9_TWIST_POINT *P) { return sm9_fp2_is_zero(P->Z); } -void sm9_twist_point_set_infinity(sm9_twist_point_t *R) +void sm9_twist_point_set_infinity(SM9_TWIST_POINT *R) { sm9_fp2_set_one(R->X); sm9_fp2_set_one(R->Y); sm9_fp2_set_zero(R->Z); } -void sm9_twist_point_get_xy(const sm9_twist_point_t *P, sm9_fp2_t x, sm9_fp2_t y) +void sm9_twist_point_get_xy(const SM9_TWIST_POINT *P, sm9_fp2_t x, sm9_fp2_t y) { sm9_fp2_t z_inv; @@ -1483,7 +1646,7 @@ void sm9_twist_point_get_xy(const sm9_twist_point_t *P, sm9_fp2_t x, sm9_fp2_t y } -int sm9_twist_point_equ(const sm9_twist_point_t *P, const sm9_twist_point_t *Q) +int sm9_twist_point_equ(const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q) { sm9_fp2_t t1, t2, t3, t4; @@ -1501,7 +1664,7 @@ int sm9_twist_point_equ(const sm9_twist_point_t *P, const sm9_twist_point_t *Q) return sm9_fp2_equ(t3, t4); } -int sm9_twist_point_is_on_curve(const sm9_twist_point_t *P) +int sm9_twist_point_is_on_curve(const SM9_TWIST_POINT *P) { sm9_fp2_t t0, t1, t2; @@ -1525,14 +1688,14 @@ int sm9_twist_point_is_on_curve(const sm9_twist_point_t *P) return sm9_fp2_equ(t0, t1); } -void sm9_twist_point_neg(sm9_twist_point_t *R, const sm9_twist_point_t *P) +void sm9_twist_point_neg(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P) { sm9_fp2_copy(R->X, P->X); sm9_fp2_neg(R->Y, P->Y); sm9_fp2_copy(R->Z, P->Z); } -void sm9_twist_point_dbl(sm9_twist_point_t *R, const sm9_twist_point_t *P) +void sm9_twist_point_dbl(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P) { const sm9_fp_t *X1 = P->X; const sm9_fp_t *Y1 = P->Y; @@ -1563,7 +1726,7 @@ void sm9_twist_point_dbl(sm9_twist_point_t *R, const sm9_twist_point_t *P) sm9_fp2_copy(R->Z, Z3); } -void sm9_twist_point_add(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q) +void sm9_twist_point_add(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q) { const sm9_fp_t *X1 = P->X; const sm9_fp_t *Y1 = P->Y; @@ -1614,14 +1777,14 @@ void sm9_twist_point_add(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_fp2_copy(R->Z, Z3); } -void sm9_twist_point_sub(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q) +void sm9_twist_point_sub(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q) { - sm9_twist_point_t _T, *T = &_T; + SM9_TWIST_POINT _T, *T = &_T; sm9_twist_point_neg(T, Q); sm9_twist_point_add_full(R, P, T); } -void sm9_twist_point_add_full(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q) +void sm9_twist_point_add_full(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q) { const sm9_fp_t *X1 = P->X; const sm9_fp_t *Y1 = P->Y; @@ -1678,9 +1841,9 @@ void sm9_twist_point_add_full(sm9_twist_point_t *R, const sm9_twist_point_t *P, sm9_fp2_copy(R->Z, T7); } -void sm9_twist_point_mul(sm9_twist_point_t *R, const sm9_bn_t k, const sm9_twist_point_t *P) +void sm9_twist_point_mul(SM9_TWIST_POINT *R, const sm9_bn_t k, const SM9_TWIST_POINT *P) { - sm9_twist_point_t _Q, *Q = &_Q; + SM9_TWIST_POINT _Q, *Q = &_Q; char kbits[256]; int i; @@ -1695,12 +1858,12 @@ void sm9_twist_point_mul(sm9_twist_point_t *R, const sm9_bn_t k, const sm9_twist sm9_twist_point_copy(R, Q); } -void sm9_twist_point_mul_generator(sm9_twist_point_t *R, const sm9_bn_t k) +void sm9_twist_point_mul_generator(SM9_TWIST_POINT *R, const sm9_bn_t k) { sm9_twist_point_mul(R, k, SM9_P2); } -void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const sm9_twist_point_t *P, const sm9_point_t *Q) +void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *P, const SM9_POINT *Q) { sm9_fp_t x; sm9_fp_t y; @@ -1745,7 +1908,7 @@ void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const sm9_twist_point_t sm9_fp2_sub(a0, t0, t1); } -void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const sm9_twist_point_t *T, const sm9_twist_point_t *P, const sm9_point_t *Q) +void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *T, const SM9_TWIST_POINT *P, const SM9_POINT *Q) { sm9_fp_t x; sm9_fp_t y; @@ -1798,7 +1961,7 @@ void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const sm9_twist_point_t *T, sm9_fp2_copy(a1, T2); } -void sm9_twist_point_pi1(sm9_twist_point_t *R, const sm9_twist_point_t *P) +void sm9_twist_point_pi1(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P) { //const c = 0x3f23ea58e5720bdb843c6cfa9c08674947c5c86e0ddd04eda91d8354377b698bn; const sm9_fp_t c = { @@ -1812,7 +1975,7 @@ void sm9_twist_point_pi1(sm9_twist_point_t *R, const sm9_twist_point_t *P) } -void sm9_twist_point_pi2(sm9_twist_point_t *R, const sm9_twist_point_t *P) +void sm9_twist_point_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P) { //c = 0xf300000002a3a6f2780272354f8b78f4d5fc11967be65334 const sm9_fp_t c = { @@ -1824,7 +1987,7 @@ void sm9_twist_point_pi2(sm9_twist_point_t *R, const sm9_twist_point_t *P) sm9_fp2_mul_fp(R->Z, P->Z, c); } -void sm9_twist_point_neg_pi2(sm9_twist_point_t *R, const sm9_twist_point_t *P) +void sm9_twist_point_neg_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P) { // c = 0xf300000002a3a6f2780272354f8b78f4d5fc11967be65334 const sm9_fp_t c = { @@ -1888,12 +2051,12 @@ void sm9_final_exponent(sm9_fp12_t r, const sm9_fp12_t f) sm9_fp12_copy(r, t0); } -void sm9_pairing(sm9_fp12_t r, const sm9_twist_point_t *Q, const sm9_point_t *P) { +void sm9_pairing(sm9_fp12_t r, const SM9_TWIST_POINT *Q, const SM9_POINT *P) { const char *abits = "00100000000000000000000000000000000000010000101011101100100111110"; - sm9_twist_point_t _T, *T = &_T; - sm9_twist_point_t _Q1, *Q1 = &_Q1; - sm9_twist_point_t _Q2, *Q2 = &_Q2; + SM9_TWIST_POINT _T, *T = &_T; + SM9_TWIST_POINT _Q1, *Q1 = &_Q1; + SM9_TWIST_POINT _Q2, *Q2 = &_Q2; sm9_fp12_t f_num; sm9_fp12_t f_den; @@ -2074,24 +2237,6 @@ void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a) sm9_fn_pow(r, a, e); } -int sm9_fn_is_zero(const sm9_fn_t a) -{ - return sm9_bn_is_zero(a); -} -void sm9_fn_rand(sm9_fn_t r) -{ - sm9_bn_rand_range(r, SM9_N); -} - -int sm9_fn_equ(const sm9_fn_t a, const sm9_fn_t b) -{ - int i; - for (i = 0; i < 8; i++) { - if (a[i] != b[i]) - return 0; - } - return 1; -} // for H1() and H2() // h = (Ha mod (n-1)) + 1; h in [1, n-1], n is the curve order, Ha is 40 bytes from hash @@ -2101,7 +2246,7 @@ void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]) sm9_barrett_bn_t zh, zl, q; uint64_t w; int i, j; - + /* s = Ha -> int */ for (int i = 0; i < 10; i++) { for (int j = 0; j < 4; j++) { @@ -2160,7 +2305,7 @@ void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]) sm9_barrett_bn_sub(q, c, q); sm9_barrett_bn_add(zl, q, zl); } - + for (i = 0; i < 8; i++) { h[i] = zl[i]; } @@ -2175,24 +2320,6 @@ void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]) sm9_fn_add(h, h, SM9_ONE); } -void sm9_fp2_from_bytes(sm9_fp2_t r, const uint8_t in[32 * 2]) -{ - sm9_bn_from_bytes(r[1], in); - sm9_bn_from_bytes(r[0], in + 32); -} - -void sm9_fp2_to_bytes(const sm9_fp2_t a, uint8_t buf[32 * 2]) -{ - sm9_bn_to_bytes(a[1], buf); - sm9_bn_to_bytes(a[0], buf + 32); -} - -void sm9_fp4_to_bytes(const sm9_fp4_t a, uint8_t buf[32 * 4]) -{ - sm9_fp2_to_bytes(a[1], buf); - sm9_fp2_to_bytes(a[0], buf + 32 * 2); -} - void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]) { sm9_fp4_to_bytes(a[2], buf); @@ -2200,19 +2327,13 @@ void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]) sm9_fp4_to_bytes(a[0], buf + 32 * 8); } -void sm9_fn_to_bytes(const sm9_fn_t a, uint8_t out[32]) -{ - sm9_bn_to_bytes(a, out); - return; -} - int sm9_fn_from_bytes(sm9_fn_t a, const uint8_t in[32]) { sm9_bn_from_bytes(a, in); return 1; } -int sm9_point_to_uncompressed_octets(const sm9_point_t *P, uint8_t octets[65]) +int sm9_point_to_uncompressed_octets(const SM9_POINT *P, uint8_t octets[65]) { sm9_fp_t x; sm9_fp_t y; @@ -2223,17 +2344,24 @@ int sm9_point_to_uncompressed_octets(const sm9_point_t *P, uint8_t octets[65]) return 1; } -int sm9_point_from_uncompressed_octets(sm9_point_t *P, const uint8_t octets[65]) +int sm9_point_from_uncompressed_octets(SM9_POINT *P, const uint8_t octets[65]) { - assert(octets[0] == 0x04); + if (octets[0] != 0x04) { + error_print(); + return -1; + } + memset(P, 0, sizeof(*P)); sm9_bn_from_bytes(P->X, octets + 1); sm9_bn_from_bytes(P->Y, octets + 32 + 1); sm9_fp_set_one(P->Z); - if (!sm9_point_is_on_curve(P)) return -1; + if (!sm9_point_is_on_curve(P)) { + error_print(); + return -1; + } return 1; } -int sm9_twist_point_to_uncompressed_octets(const sm9_twist_point_t *P, uint8_t octets[129]) +int sm9_twist_point_to_uncompressed_octets(const SM9_TWIST_POINT *P, uint8_t octets[129]) { octets[0] = 0x04; sm9_fp2_t x; @@ -2244,7 +2372,7 @@ int sm9_twist_point_to_uncompressed_octets(const sm9_twist_point_t *P, uint8_t o return 1; } -int sm9_twist_point_from_uncompressed_octets(sm9_twist_point_t *P, const uint8_t octets[129]) +int sm9_twist_point_from_uncompressed_octets(SM9_TWIST_POINT *P, const uint8_t octets[129]) { assert(octets[0] == 0x04); sm9_fp2_from_bytes(P->X, octets + 1); diff --git a/src/sm9_key.c b/src/sm9_key.c index 2e27b57c..5a8e2be9 100644 --- a/src/sm9_key.c +++ b/src/sm9_key.c @@ -1,4 +1,4 @@ -/* +/* * Copyright (c) 2014 - 2020 The GmSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -65,7 +65,7 @@ int sm9_hash1(sm9_bn_t h1, const char *id, size_t idlen, uint8_t hid) { SM3_CTX ctx; - uint8_t prefix[1] = {0x01}; + uint8_t prefix[1] = { SM9_HASH1_PREFIX }; uint8_t ct1[4] = {0x00, 0x00, 0x00, 0x01}; uint8_t ct2[4] = {0x00, 0x00, 0x00, 0x02}; uint8_t Ha[64]; @@ -184,12 +184,13 @@ int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t int sm9_sign_key_to_der(const SM9_SIGN_KEY *key, uint8_t **out, size_t *outlen) { - uint8_t ds[32]; + uint8_t ds[65]; uint8_t Ppubs[129]; size_t len = 0; sm9_point_to_uncompressed_octets(&key->ds, ds); sm9_twist_point_to_uncompressed_octets(&key->Ppubs, Ppubs); + if (asn1_bit_octets_to_der(ds, sizeof(ds), NULL, &len) != 1 || asn1_bit_octets_to_der(Ppubs, sizeof(Ppubs), NULL, &len) != 1 || asn1_sequence_header_to_der(len, out, outlen) != 1 @@ -293,6 +294,7 @@ int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **ou size_t len = 0; sm9_point_to_uncompressed_octets(&mpk->Ppube, Ppube); + if (asn1_bit_octets_to_der(Ppube, sizeof(Ppube), NULL, &len) != 1 || asn1_sequence_header_to_der(len, out, outlen) != 1 || asn1_bit_octets_to_der(Ppube, sizeof(Ppube), out, outlen) != 1) { @@ -336,6 +338,7 @@ int sm9_enc_key_to_der(const SM9_ENC_KEY *key, uint8_t **out, size_t *outlen) sm9_twist_point_to_uncompressed_octets(&key->de, de); sm9_point_to_uncompressed_octets(&key->Ppube, Ppube); + if (asn1_bit_octets_to_der(de, sizeof(de), NULL, &len) != 1 || asn1_bit_octets_to_der(Ppube, sizeof(Ppube), NULL, &len) != 1 || asn1_sequence_header_to_der(len, out, outlen) != 1 @@ -382,23 +385,29 @@ int sm9_enc_key_from_der(SM9_ENC_KEY *key, const uint8_t **in, size_t *inlen) int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *msk) { + if (!msk) { + error_print(); + return -1; + } // k = rand(1, n-1) - sm9_fn_rand(msk->ks); - + if (sm9_fn_rand(msk->ks) != 1) { + error_print(); + return -1; + } // Ppubs = k * P2 in E'(F_p^2) sm9_twist_point_mul_generator(&msk->Ppubs, msk->ks); - return 1; } int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *msk) { // k = rand(1, n-1) - sm9_fn_rand(msk->ke); - + if (sm9_fn_rand(msk->ke) != 1) { + error_print(); + return -1; + } // Ppube = ke * P1 in E(F_p) sm9_point_mul_generator(&msk->Ppube, msk->ke); - return 1; } @@ -490,6 +499,10 @@ int sm9_oid_from_name(const char *name) int sm9_oid_to_der(int oid, uint8_t **out, size_t *outlen) { const ASN1_OID_INFO *info; + if (oid == -1) { + // TODO: 检查其他的oid_to_der是否支持这个default == -1 的特性 + return 0; + } if (!(info = asn1_oid_info_from_oid(sm9_oids, sm9_oids_count, oid))) { error_print(); return -1; @@ -552,6 +565,10 @@ static int sm9_private_key_info_to_der(int alg, int params, const uint8_t *prike uint8_t **out, size_t *outlen) { size_t len = 0; + if (prikey_len > SM9_MAX_PRIVATE_KEY_SIZE) { + error_print(); + return -1; + } if (asn1_int_to_der(PKCS8_private_key_info_version, NULL, &len) != 1 || sm9_algor_to_der(alg, params, NULL, &len) != 1 || asn1_octet_string_to_der(prikey, prikey_len, NULL, &len) != 1 @@ -562,6 +579,7 @@ static int sm9_private_key_info_to_der(int alg, int params, const uint8_t *prike error_print(); return -1; } + //printf("alg %s params %s prikey_len %zu: SM9_PRIVATE_KEY_INFO_SIZE %zu\n", sm9_oid_name(alg), sm9_oid_name(params), prikey_len, *outlen); return 1; } @@ -575,6 +593,7 @@ static int sm9_private_key_info_from_der(int *alg, int *params, const uint8_t ** if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) { if (ret < 0) error_print(); + else error_print(); return ret; } if (asn1_int_from_der(&ver, &d, &dlen) != 1 @@ -588,6 +607,10 @@ static int sm9_private_key_info_from_der(int *alg, int *params, const uint8_t ** error_print(); return -1; } + if (*prikey_len > SM9_MAX_PRIVATE_KEY_SIZE) { + error_print(); + return -1; + } return 1; } @@ -595,7 +618,7 @@ static int sm9_private_key_info_encrypt_to_der(int alg, int params, const uint8_ const char *pass, uint8_t **out, size_t *outlen) { int ret = -1; - uint8_t pkey_info[1024]; + uint8_t pkey_info[SM9_MAX_PRIVATE_KEY_INFO_SIZE]; uint8_t *p = pkey_info; size_t pkey_info_len = 0; uint8_t salt[16]; @@ -603,7 +626,7 @@ static int sm9_private_key_info_encrypt_to_der(int alg, int params, const uint8_ uint8_t iv[16]; uint8_t key[16]; SM4_KEY sm4_key; - uint8_t enced_pkey_info[2480]; + uint8_t enced_pkey_info[sizeof(pkey_info) + 16]; // cbc-padding of pkey_info size_t enced_pkey_info_len; if (sm9_private_key_info_to_der(alg, params, prikey, prikey_len, &p, &pkey_info_len) != 1 @@ -621,6 +644,7 @@ static int sm9_private_key_info_encrypt_to_der(int alg, int params, const uint8_ error_print(); goto end; } + //printf("SM9_ENCED_PRIVATE_KEY_INFO_SIZE %zu\n", *outlen); ret = 1; end: gmssl_secure_clear(pkey_info, sizeof(pkey_info)); @@ -630,7 +654,6 @@ end: return ret; } -// 这里私钥我们必须要提供一个buffer static int sm9_private_key_info_decrypt_from_der(int *alg, int *params, uint8_t *prikey, size_t *prikey_len, const char *pass, const uint8_t **in, size_t *inlen) { @@ -647,7 +670,7 @@ static int sm9_private_key_info_decrypt_from_der(int *alg, int *params, uint8_t SM4_KEY sm4_key; const uint8_t *enced_pkey_info; size_t enced_pkey_info_len; - uint8_t pkey_info[256]; // 这是一个比较大的缓冲空间 + uint8_t pkey_info[SM9_MAX_PRIVATE_KEY_INFO_SIZE]; const uint8_t *cp = pkey_info; size_t pkey_info_len; const uint8_t *cp_prikey; @@ -684,9 +707,11 @@ end: return ret; } + + int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen) { - uint8_t buf[1024]; + uint8_t buf[SM9_SIGN_MASTER_KEY_MAX_SIZE]; uint8_t *p = buf; size_t len = 0; @@ -698,11 +723,12 @@ int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, cons return 1; } + int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen) { int ret = -1; int alg, params; - uint8_t prikey[512]; + uint8_t prikey[SM9_MAX_PRIVATE_KEY_SIZE]; size_t prikey_len; const uint8_t *cp = prikey; @@ -731,7 +757,7 @@ end: int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp) { - uint8_t buf[1024]; + uint8_t buf[SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE]; uint8_t *p = buf; size_t len = 0; @@ -748,7 +774,7 @@ int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, cons int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp) { - uint8_t buf[512]; + uint8_t buf[SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE]; const uint8_t *cp = buf; size_t len; @@ -763,7 +789,7 @@ int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const ch int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp) { - uint8_t buf[1024]; + uint8_t buf[SM9_SIGN_MASTER_PUBLIC_KEY_SIZE]; uint8_t *p = buf; size_t len = 0; @@ -795,7 +821,7 @@ int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp) int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen) { - uint8_t buf[1024]; + uint8_t buf[SM9_SIGN_KEY_SIZE]; uint8_t *p = buf; size_t len = 0; @@ -840,7 +866,7 @@ end: int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp) { - uint8_t buf[1024]; + uint8_t buf[SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE]; uint8_t *p = buf; size_t len = 0; @@ -857,7 +883,7 @@ int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp) { - uint8_t buf[512]; + uint8_t buf[SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE]; const uint8_t *cp = buf; size_t len; @@ -872,7 +898,7 @@ int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen) { - uint8_t buf[1024]; + uint8_t buf[256]; uint8_t *p = buf; size_t len = 0; @@ -917,7 +943,7 @@ end: int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp) { - uint8_t buf[1024]; + uint8_t buf[SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE]; uint8_t *p = buf; size_t len = 0; @@ -934,7 +960,7 @@ int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp) { - uint8_t buf[512]; + uint8_t buf[SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE]; const uint8_t *cp = buf; size_t len; @@ -1026,7 +1052,7 @@ end: int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp) { - uint8_t buf[1024]; + uint8_t buf[SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE]; uint8_t *p = buf; size_t len = 0; @@ -1043,7 +1069,7 @@ int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FI int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp) { - uint8_t buf[512]; + uint8_t buf[SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE]; const uint8_t *cp = buf; size_t len; @@ -1056,30 +1082,6 @@ int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE * return 1; } -int sm9_fn_print(FILE *fp, int fmt, int ind, const char *label, const sm9_fn_t a) -{ - uint8_t buf[32]; - sm9_fn_to_bytes(a, buf); - format_bytes(fp, fmt, ind, label, buf, sizeof(buf)); - return 1; -} - -int sm9_point_print(FILE *fp, int fmt, int ind, const char *label, const sm9_point_t *P) -{ - uint8_t buf[65]; - sm9_point_to_uncompressed_octets(P, buf); - format_bytes(fp, fmt, ind, label, buf, sizeof(buf)); - return 1; -} - -int sm9_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const sm9_twist_point_t *P) -{ - uint8_t buf[129]; - sm9_twist_point_to_uncompressed_octets(P, buf); - format_bytes(fp, fmt, ind, label, buf, sizeof(buf)); - return 1; -} - int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk) { format_print(fp, fmt, ind, "%s\n", label); @@ -1132,7 +1134,6 @@ int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_E return 1; } - int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen) { const uint8_t *d; @@ -1146,7 +1147,6 @@ int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uin return -1; } - format_print(fp, fmt, ind, "%s\n", label); ind += 4; if (asn1_octet_string_from_der(&p, &len, &d, &dlen) != 1) goto err; diff --git a/src/sm9_lib.c b/src/sm9_lib.c index 5b3db422..cfe23b50 100644 --- a/src/sm9_lib.c +++ b/src/sm9_lib.c @@ -57,8 +57,6 @@ #include - - int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen) { uint8_t hbuf[32]; @@ -68,10 +66,10 @@ int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen sm9_fn_to_bytes(sig->h, hbuf); sm9_point_to_uncompressed_octets(&sig->S, Sbuf); - if (asn1_integer_to_der(hbuf, sizeof(hbuf), NULL, &len) != 1 + if (asn1_octet_string_to_der(hbuf, sizeof(hbuf), NULL, &len) != 1 || asn1_bit_octets_to_der(Sbuf, sizeof(Sbuf), NULL, &len) != 1 || asn1_sequence_header_to_der(len, out, outlen) != 1 - || asn1_integer_to_der(hbuf, sizeof(hbuf), out, outlen) != 1 + || asn1_octet_string_to_der(hbuf, sizeof(hbuf), out, outlen) != 1 || asn1_bit_octets_to_der(Sbuf, sizeof(Sbuf), out, outlen) != 1) { error_print(); return -1; @@ -93,7 +91,7 @@ int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen if (ret < 0) error_print(); return ret; } - if (asn1_integer_from_der(&h, &hlen, &d, &dlen) != 1 + if (asn1_octet_string_from_der(&h, &hlen, &d, &dlen) != 1 || asn1_bit_octets_from_der(&S, &Slen, &d, &dlen) != 1 || asn1_check(hlen == 32) != 1 || asn1_check(Slen == 65) != 1 @@ -111,7 +109,7 @@ int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen int sm9_sign_init(SM9_SIGN_CTX *ctx) { - const uint8_t prefix[1] = {0x02}; + const uint8_t prefix[1] = { SM9_HASH2_PREFIX }; sm3_init(&ctx->sm3_ctx); sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix)); return 1; @@ -139,8 +137,6 @@ int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, si return 1; } -#define hex_r "00033C8616B06704813203DFD00965022ED15975C662337AED648835DC4B1CBE" - int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *sig) { sm9_fn_t r; @@ -157,8 +153,11 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE * do { // A2: rand r in [1, N-1] - sm9_fn_rand(r); - //sm9_bn_from_hex(r, hex_r); + if (sm9_fn_rand(r) != 1) { + error_print(); + return -1; + } + //sm9_fn_from_hex(r, "00033C8616B06704813203DFD00965022ED15975C662337AED648835DC4B1CBE"); // for testing // A3: w = g^r sm9_fp12_pow(g, g, r); @@ -192,7 +191,7 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE * int sm9_verify_init(SM9_SIGN_CTX *ctx) { - const uint8_t prefix[1] = {0x02}; + const uint8_t prefix[1] = { SM9_HASH2_PREFIX }; sm3_init(&ctx->sm3_ctx); sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix)); return 1; @@ -232,7 +231,7 @@ int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, sm9_fp12_t t; sm9_fp12_t u; sm9_fp12_t w; - sm9_twist_point_t P; + SM9_TWIST_POINT P; uint8_t wbuf[32 * 12]; SM3_CTX ctx = *sm3_ctx; SM3_CTX tmp_ctx; @@ -280,7 +279,7 @@ int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, } int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, - size_t klen, uint8_t *kbuf, sm9_point_t *C) + size_t klen, uint8_t *kbuf, SM9_POINT *C) { sm9_fn_t r; sm9_fp12_t w; @@ -295,7 +294,10 @@ int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, do { // A2: rand r in [1, N-1] - sm9_fn_rand(r); + if (sm9_fn_rand(r) != 1) { + error_print(); + return -1; + } // A3: C1 = r * Q sm9_point_mul(C, r, C); @@ -326,7 +328,7 @@ int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, return 1; } -int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const sm9_point_t *C, +int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const SM9_POINT *C, size_t klen, uint8_t *kbuf) { sm9_fp12_t w; @@ -348,7 +350,7 @@ int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const sm3_kdf_update(&kdf_ctx, (uint8_t *)id, idlen); sm3_kdf_finish(&kdf_ctx, kbuf); - if (mem_is_zero(kbuf, klen) != 1) { + if (mem_is_zero(kbuf, klen)) { error_print(); return -1; } @@ -363,26 +365,32 @@ int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, const uint8_t *in, size_t inlen, - sm9_point_t *C1, uint8_t *c2, uint8_t c3[SM3_HMAC_SIZE]) + SM9_POINT *C1, uint8_t *c2, uint8_t c3[SM3_HMAC_SIZE]) { uint8_t K[inlen + 32]; - sm9_kem_encrypt(mpk, id, idlen, sizeof(K), K, C1); + if (sm9_kem_encrypt(mpk, id, idlen, sizeof(K), K, C1) != 1) { + error_print(); + return -1; + } gmssl_memxor(c2, K, in, inlen); sm3_hmac(K + inlen, 32, c2, inlen, c3); - return 1; } int sm9_do_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, - const sm9_point_t *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], + const SM9_POINT *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], uint8_t *out) { uint8_t k[c2len + SM3_HMAC_SIZE]; uint8_t mac[SM3_HMAC_SIZE]; - sm9_kem_decrypt(key, id, idlen, C1, sizeof(k), k); + if (sm9_kem_decrypt(key, id, idlen, C1, sizeof(k), k) != 1) { + error_print(); + return -1; + } sm3_hmac(k + c2len, SM3_HMAC_SIZE, c2, c2len, mac); + if (gmssl_secure_memcmp(c3, mac, sizeof(mac)) != 0) { error_print(); return -1; @@ -405,14 +413,17 @@ SM9Cipher ::= SEQUENCE { CipherText OCTET STRING, } */ -int sm9_ciphertext_to_der(const sm9_point_t *C1, const uint8_t *c2, size_t c2len, +int sm9_ciphertext_to_der(const SM9_POINT *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], uint8_t **out, size_t *outlen) { int en_type = SM9_ENC_TYPE_XOR; uint8_t c1[65]; size_t len = 0; - sm9_point_to_uncompressed_octets(C1, c1); + if (sm9_point_to_uncompressed_octets(C1, c1) != 1) { + error_print(); + return -1; + } if (asn1_int_to_der(en_type, NULL, &len) != 1 || asn1_bit_octets_to_der(c1, sizeof(c1), NULL, &len) != 1 || asn1_octet_string_to_der(c3, SM3_HMAC_SIZE, NULL, &len) != 1 @@ -428,9 +439,8 @@ int sm9_ciphertext_to_der(const sm9_point_t *C1, const uint8_t *c2, size_t c2len return 1; } -int sm9_ciphertext_from_der( - sm9_point_t *C1, const uint8_t **c2, size_t *c2len, const uint8_t **c3, - const uint8_t **in, size_t *inlen) +int sm9_ciphertext_from_der(SM9_POINT *C1, const uint8_t **c2, size_t *c2len, + const uint8_t **c3, const uint8_t **in, size_t *inlen) { int ret; const uint8_t *d; @@ -474,7 +484,7 @@ int sm9_ciphertext_from_der( int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen) { - sm9_point_t C1; + SM9_POINT C1; uint8_t c2[inlen]; uint8_t c3[SM3_HMAC_SIZE]; @@ -493,7 +503,7 @@ int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen) { - sm9_point_t C1; + SM9_POINT C1; const uint8_t *c2; size_t c2len; const uint8_t *c3; @@ -503,8 +513,8 @@ int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, error_print(); return -1; } + *outlen = c2len; if (!out) { - *outlen = c2len; return 1; } if (sm9_do_decrypt(key, id, idlen, &C1, c2, c2len, c3, out) != 1) { diff --git a/tests/sm9test.c b/tests/sm9test.c index c15fdfae..846b67d9 100644 --- a/tests/sm9test.c +++ b/tests/sm9test.c @@ -54,6 +54,14 @@ #include +static int sm9_bn_equ_hex(const sm9_bn_t a, const char *hex) +{ + sm9_bn_t b; + sm9_bn_from_hex(b, hex); + return (sm9_bn_cmp(a, b) == 0); +} + + #define hex_iv "123456789abcdef00fedcba987654321123456789abcdef00fedcba987654321" #define hex_fp_add "114efe24536598809df494ff7657484edff1812d51c3955b7d869149aa123d31" #define hex_fp_sub "43cee97c9abed9be3efe7ffffc9d30abe1d643b9b27ea351460aabb2239d3fd4" @@ -72,13 +80,13 @@ int test_sm9_fp() { sm9_fp_t y; sm9_fp_t r; int j = 1; - + sm9_bn_copy(x, SM9_P2->X[1]); sm9_bn_copy(y, SM9_Ppubs->Y[0]); - + sm9_fp_t iv = {0x87654321, 0x0fedcba9, 0x9abcdef0, 0x12345678, 0x87654321, 0x0fedcba9, 0x9abcdef0, 0x12345678}; sm9_bn_from_hex(r, hex_iv); if (sm9_bn_cmp(r, iv) != 0) goto err; ++j; - + sm9_fp_add(r, x, y); if (!sm9_bn_equ_hex(r, hex_fp_add)) goto err; ++j; sm9_fp_sub(r, x, y); if (!sm9_bn_equ_hex(r, hex_fp_sub)) goto err; ++j; sm9_fp_sub(r, y, x); if (!sm9_bn_equ_hex(r, hex_fp_nsub)) goto err; ++j; @@ -90,11 +98,11 @@ int test_sm9_fp() { sm9_fp_sqr(r, x); if (!sm9_bn_equ_hex(r, hex_fp_sqr)) goto err; ++j; sm9_fp_pow(r, x, y); if (!sm9_bn_equ_hex(r, hex_fp_pow)) goto err; ++j; sm9_fp_inv(r, x); if (!sm9_bn_equ_hex(r, hex_fp_inv)) goto err; ++j; - + printf("%s() ok\n", __FUNCTION__); return 1; err: - printf("%s test %d failed\n", __FUNCTION__, j); + printf("%s() test %d failed\n", __FUNCTION__, j); error_print(); return -1; } @@ -113,10 +121,10 @@ int test_sm9_fn() { sm9_fn_t y; sm9_fn_t r; int j = 1; - + sm9_bn_from_hex(x, hex_x); sm9_bn_from_hex(y, hex_y); - + sm9_fn_t iv = {0, 0, 0, 0, 0, 0, 0, 0}; if (!sm9_fn_is_zero(iv)) goto err; ++j; sm9_fn_add(r, x, y); if (!sm9_bn_equ_hex(r, hex_fn_add)) goto err; ++j; sm9_fn_sub(r, x, y); if (!sm9_bn_equ_hex(r, hex_fn_sub)) goto err; ++j; @@ -124,7 +132,7 @@ int test_sm9_fn() { sm9_fn_mul(r, x, y); if (!sm9_bn_equ_hex(r, hex_fn_mul)) goto err; ++j; sm9_fn_pow(r, x, y); if (!sm9_bn_equ_hex(r, hex_fn_pow)) goto err; ++j; sm9_fn_inv(r, x); if (!sm9_bn_equ_hex(r, hex_fn_inv)) goto err; ++j; - + printf("%s() ok\n", __FUNCTION__); return 1; err: @@ -155,15 +163,15 @@ int test_sm9_fp2() { sm9_fp2_t s; sm9_fp_t k; int j = 1; - + sm9_fp2_copy(x, SM9_P2->Y); sm9_fp2_copy(y, SM9_Ppubs->X); sm9_bn_from_hex(k, hex_iv); - + sm9_fp2_t iv2 = {{0xc9bb073c, 0xf1fdd299, 0xd14f49a9, 0xd632457d, 0x664a2b72, 0x6e492768, 0x4e243d80, 0xa3965402}, {0x87654321, 0x0fedcba9, 0x9abcdef0, 0x12345678, 0x87654321, 0x0fedcba9, 0x9abcdef0, 0x12345678}}; sm9_fp2_from_hex(r, hex_iv2); if (!sm9_fp2_equ(r, iv2)) goto err; ++j; - + sm9_fp2_add(r, x, y); sm9_fp2_from_hex(s, hex_fp2_add); if (!sm9_fp2_equ(r, s)) goto err; ++j; sm9_fp2_dbl(r, x); sm9_fp2_from_hex(s, hex_fp2_dbl); if (!sm9_fp2_equ(r, s)) goto err; ++j; sm9_fp2_tri(r, x); sm9_fp2_from_hex(s, hex_fp2_tri); if (!sm9_fp2_equ(r, s)) goto err; ++j; @@ -177,7 +185,7 @@ int test_sm9_fp2() { sm9_fp2_inv(r, x); sm9_fp2_from_hex(s, hex_fp2_inv); if (!sm9_fp2_equ(r, s)) goto err; ++j; sm9_fp2_div(r, x, y); sm9_fp2_from_hex(s, hex_fp2_div); if (!sm9_fp2_equ(r, s)) goto err; ++j; sm9_fp2_div2(r, x); sm9_fp2_from_hex(s, hex_fp2_div2); if (!sm9_fp2_equ(r, s)) goto err; ++j; - + printf("%s() ok\n", __FUNCTION__); return 1; err: @@ -186,38 +194,46 @@ err: return -1; } -#define hex_iv4 "123456789abcdef00fedcba987654321123456789abcdef00fedcba987654321\ --a39654024e243d806e492768664a2b72d632457dd14f49a9f1fdd299c9bb073c\ --123456789abcdef00fedcba987654321123456789abcdef00fedcba987654321\ --a39654024e243d806e492768664a2b72d632457dd14f49a9f1fdd299c9bb073c" -#define hex_fp4_mul "11d8f3dc2c4a7cd3ff4d557d86871210cff65187190711430b2d898affd61cda\ --960ee85c0aaacd6cc805053293a4955245ba973c9972b6767d0c68450a905ee7\ --ac9891b21d82827f6ccc2cd8524179b833239019c0b66cad89d7d8735ee03782\ --8f456b1cee442d189d01fc42fff7fd8481173dae8dc547d85c01a843005a063e" -#define hex_fp4_mul_fp "413b76fe8748ab9130dc2907a55c15da925b496395c2cd82d6311863a4d9cfa8\ --5cc754d5318f3ed489db7e53f94f3878a527053693983f4d4a61b30f6ea74984\ --6769891769934201aa8d6de63cc012ec2b722d7b0ad9c9039246a3eea6f3d479\ --408d33e58a4d3bfaf1d84a7ddad4e4026ca41f2aaa179611d9894584baed89d0" -#define hex_fp4_mul_fp2 "242956015bdff53db568b970d64a7de56a0506309e1309b283317134dd52d53e\ --5333c472d44677df131eeb1180badb3e1e9f88ba58190d16a92d95f939efb2c3\ --0ccdaa76a6876ff69de6792161b614ca720bfcee2d5521533fbb28179ec0e31e\ --2a2d6b832e919c313920f2e13e822795e2ceda8c0d8f4abe78220e4e00aeb6fd" -#define hex_fp4_mul_v "ac9891b21d82827f6ccc2cd8524179b833239019c0b66cad89d7d8735ee03782\ --8f456b1cee442d189d01fc42fff7fd8481173dae8dc547d85c01a843005a063e\ --960ee85c0aaacd6cc805053293a4955245ba973c9972b6767d0c68450a905ee7\ --928e1847aa0ead49d7690054e880a3238205f03ce86ccc55cf148811e3a50bc9" -#define hex_fp4_sqr "8d3bc7848d4ad61017a7cb4efc280103bfe558e240c46c5765f1a4e2ec2e8c54\ --2f0f2ef9dd3979c7018b67837ba6e73938ba88ae66a101aaa0cf27ee449835ec\ --93838cbf9e5be34562c5bc031e27357d206f783837a6a921cbf4829292b69441\ --3681ecc58b68ffc15af31c5b1f1e10e1f3c60bdabb329c0dc7ffb2cc3925f005" -#define hex_fp4_sqr_v "93838cbf9e5be34562c5bc031e27357d206f783837a6a921cbf4829292b69441\ --3681ecc58b68ffc15af31c5b1f1e10e1f3c60bdabb329c0dc7ffb2cc3925f005\ --2f0f2ef9dd3979c7018b67837ba6e73938ba88ae66a101aaa0cf27ee449835ec\ --520870f6eab1a1c37cb7c001f2cd8c82c41a74d1b36d0508fefbec89ee457252" -#define hex_fp4_inv "1ec69309f84c5ad450750826fc804b72fb89fb48474222ba05be08bb1765f1d6\ --3f16de331f77f510a3ec06e79319e3be5b3777471f79cd53404652b485133e99\ --1cbf7f3bb04e2389184eade12de2752711cbff452363d2dfaf2bfef40618cebc\ --3a70e829b83dc311970bc8d3e3e652f88a1ecd49b4672aa18c1c613c9a97d86f" +#define hex_iv4 \ + "123456789abcdef00fedcba987654321123456789abcdef00fedcba987654321\n" \ + "a39654024e243d806e492768664a2b72d632457dd14f49a9f1fdd299c9bb073c\n" \ + "123456789abcdef00fedcba987654321123456789abcdef00fedcba987654321\n" \ + "a39654024e243d806e492768664a2b72d632457dd14f49a9f1fdd299c9bb073c" +#define hex_fp4_mul \ + "11d8f3dc2c4a7cd3ff4d557d86871210cff65187190711430b2d898affd61cda\n" \ + "960ee85c0aaacd6cc805053293a4955245ba973c9972b6767d0c68450a905ee7\n" \ + "ac9891b21d82827f6ccc2cd8524179b833239019c0b66cad89d7d8735ee03782\n" \ + "8f456b1cee442d189d01fc42fff7fd8481173dae8dc547d85c01a843005a063e" +#define hex_fp4_mul_fp \ + "413b76fe8748ab9130dc2907a55c15da925b496395c2cd82d6311863a4d9cfa8\n" \ + "5cc754d5318f3ed489db7e53f94f3878a527053693983f4d4a61b30f6ea74984\n" \ + "6769891769934201aa8d6de63cc012ec2b722d7b0ad9c9039246a3eea6f3d479\n" \ + "408d33e58a4d3bfaf1d84a7ddad4e4026ca41f2aaa179611d9894584baed89d0" +#define hex_fp4_mul_fp2 \ + "242956015bdff53db568b970d64a7de56a0506309e1309b283317134dd52d53e\n" \ + "5333c472d44677df131eeb1180badb3e1e9f88ba58190d16a92d95f939efb2c3\n" \ + "0ccdaa76a6876ff69de6792161b614ca720bfcee2d5521533fbb28179ec0e31e\n" \ + "2a2d6b832e919c313920f2e13e822795e2ceda8c0d8f4abe78220e4e00aeb6fd" +#define hex_fp4_mul_v \ + "ac9891b21d82827f6ccc2cd8524179b833239019c0b66cad89d7d8735ee03782\n" \ + "8f456b1cee442d189d01fc42fff7fd8481173dae8dc547d85c01a843005a063e\n" \ + "960ee85c0aaacd6cc805053293a4955245ba973c9972b6767d0c68450a905ee7\n" \ + "928e1847aa0ead49d7690054e880a3238205f03ce86ccc55cf148811e3a50bc9" +#define hex_fp4_sqr \ + "8d3bc7848d4ad61017a7cb4efc280103bfe558e240c46c5765f1a4e2ec2e8c54\n" \ + "2f0f2ef9dd3979c7018b67837ba6e73938ba88ae66a101aaa0cf27ee449835ec\n" \ + "93838cbf9e5be34562c5bc031e27357d206f783837a6a921cbf4829292b69441\n" \ + "3681ecc58b68ffc15af31c5b1f1e10e1f3c60bdabb329c0dc7ffb2cc3925f005" +#define hex_fp4_sqr_v \ + "93838cbf9e5be34562c5bc031e27357d206f783837a6a921cbf4829292b69441\n" \ + "3681ecc58b68ffc15af31c5b1f1e10e1f3c60bdabb329c0dc7ffb2cc3925f005\n" \ + "2f0f2ef9dd3979c7018b67837ba6e73938ba88ae66a101aaa0cf27ee449835ec\n" \ + "520870f6eab1a1c37cb7c001f2cd8c82c41a74d1b36d0508fefbec89ee457252" +#define hex_fp4_inv \ + "1ec69309f84c5ad450750826fc804b72fb89fb48474222ba05be08bb1765f1d6\n" \ + "3f16de331f77f510a3ec06e79319e3be5b3777471f79cd53404652b485133e99\n" \ + "1cbf7f3bb04e2389184eade12de2752711cbff452363d2dfaf2bfef40618cebc\n" \ + "3a70e829b83dc311970bc8d3e3e652f88a1ecd49b4672aa18c1c613c9a97d86f" int test_sm9_fp4() { sm9_fp4_t x; @@ -227,20 +243,20 @@ int test_sm9_fp4() { sm9_fp2_t q; sm9_fp_t k; int j = 1; - + sm9_fp2_from_hex(x[0], hex_fp2_mul_fp); sm9_fp2_from_hex(x[1], hex_fp2_sqr); sm9_fp2_from_hex(y[0], hex_fp2_add); sm9_fp2_from_hex(y[1], hex_fp2_tri); sm9_bn_from_hex(k, hex_iv); sm9_fp2_copy(q, SM9_Ppubs->X); - + sm9_fp4_t iv4 = {{{0xc9bb073c, 0xf1fdd299, 0xd14f49a9, 0xd632457d, 0x664a2b72, 0x6e492768, 0x4e243d80, 0xa3965402}, {0x87654321, 0x0fedcba9, 0x9abcdef0, 0x12345678, 0x87654321, 0x0fedcba9, 0x9abcdef0, 0x12345678}}, {{0xc9bb073c, 0xf1fdd299, 0xd14f49a9, 0xd632457d, 0x664a2b72, 0x6e492768, 0x4e243d80, 0xa3965402}, {0x87654321, 0x0fedcba9, 0x9abcdef0, 0x12345678, 0x87654321, 0x0fedcba9, 0x9abcdef0, 0x12345678}}}; sm9_fp4_from_hex(r, hex_iv4); if (!sm9_fp4_equ(r, iv4)) goto err; ++j; - + sm9_fp4_mul(r, x, y); sm9_fp4_from_hex(s, hex_fp4_mul); if (!sm9_fp4_equ(r, s)) goto err; ++j; sm9_fp4_mul_fp(r, x, k); sm9_fp4_from_hex(s, hex_fp4_mul_fp); if (!sm9_fp4_equ(r, s)) goto err; ++j; sm9_fp4_mul_fp2(r, x, q); sm9_fp4_from_hex(s, hex_fp4_mul_fp2); if (!sm9_fp4_equ(r, s)) goto err; ++j; @@ -248,7 +264,7 @@ int test_sm9_fp4() { sm9_fp4_sqr(r, x); sm9_fp4_from_hex(s, hex_fp4_sqr); if (!sm9_fp4_equ(r, s)) goto err; ++j; sm9_fp4_sqr_v(r, x); sm9_fp4_from_hex(s, hex_fp4_sqr_v); if (!sm9_fp4_equ(r, s)) goto err; ++j; sm9_fp4_inv(r, x); sm9_fp4_from_hex(s, hex_fp4_inv); if (!sm9_fp4_equ(r, s)) goto err; ++j; - + printf("%s() ok\n", __FUNCTION__); return 1; err: @@ -257,54 +273,58 @@ err: return -1; } -#define hex_fp12_mul "058d43459faee14ba2b6a69ff2d8c3ad933a1253e1764dedf5419b144a2ab82b\ --20ef84805ba02ef92a48fb2ae8086e566a644ab0639249f175268f18d8091ad4\ --83cc3be54a699ae24d8f920c87baa395befb424a6dcad1dcdfc2a006765ef8d5\ --1d705169165d9c2386c3bc673df3fa84975afa955a7be27f1b362000a96b8c2c\ --22b910d826f02961ff0fed439beb1e91f45193f87c2cdd9562da539290846ace\ --2c618991ae82d35063cfed629ff7d930b8070ba07d0652ba092f046e133e3491\ --137bc78a9aa182330bd71fb8859314422dd36f5e3c1f6fd36d6c9685fc39419f\ --8d83e7380abe10a2f3677864c2dbbcdad7ae5434e92043a2da3b71f3f9cedd8c\ --850c0562ac08996c05d22ea466cf4b1fa7a7064d4653b5fa725d623254bf7125\ --6dc41016b3ab9b44a4841aa8037e3b4d331cc7c8313abee0c5111a9be5915e90\ --6d1a15e5b765c4b139bf5c6c4a87214c269b26fb709ff5de885c053f405cf626\ --8d4d853489a4a5d809fa77e35627a5351651b926f001e1ee46e95808f9001d24" -#define hex_fp12_sqr "3592cba3482fb39756b2ed1d3d756685caa005bd5e8288bc92841d29276aa321\ --8e3a49919e6de83b1ab1a5bb9eb993c3bbd68e8d305aed5c0b88cef0ef41c47f\ --3d3d9cc8e07619efd21745f6938a26f7cb0a83ad4aa3a9d066e18ad99833e3ac\ --25195ec7af551c42d7d37a0b120607d4adba6b9377299688b92a8393f3b8c20f\ --76f676d5d2cb8d1a2cc237fc78c8d544bef1cd560e654236f502aed0d8c9148c\ --6cde174a5e9d117175a4a163f041b65f868dffa05b5f3474f729b87f92493f2c\ --667a86d73e8f88a81306f7f0cd28789a55bf7e9cbe155fc6abb300ad027d8801\ --a49a66d48ec2ef72a9929413a40e316a8aee1d6236a1db8c56496524f1c23f11\ --1684bc9679aaba4afe35ec8c0852e438f41e15ab37620d9661018f90fe7415f1\ --8d37fb8b7edf942885b3009cf7e295bea89444d34091fc57380c778395b7c4e4\ --278b9d9ea61b6b2758e758ed9a64034576b520e65a9d276a0c82f079501a226e\ --01a333fa4177601de7cd8ed49ea4906f30e23988dcb7cde173da48499fce3ee5" -#define hex_fp12_inv "47ae900b90945e31afde7fe09f0b69640c468a1648ee52070584a5d13af22bb9\ --8f273655182c3a9f184dc30421161ecdd50655c36a9266c7df1016e410f34102\ --a26e789013203804b5f8f1c5a51dd3fb50176d41108b235d6e66712721060252\ --090aaed5cb83068a0376c6eaca210007744d00c8b4ce53279a67cc069cc519e7\ --80ab89aa446df59ffe2f29cdb917b760d740ceb634c731b93bf1661aa5868b54\ --1e13ab51b3198619cc0016599562ed4d266d1481d0d273d3f97cffe5f8e0dd21\ --5aeb8ed89aafc971a857b8d02f3e3c37ef15ba0e3220e3a7c13c9da8af0c393b\ --518c338b1430e3129c2555650e5d5634d89513f694ba3a5f2aeb444c540f125a\ --aba8c5682695f3feee64772d0e49b432c96470e7d663098e9c271a91d4fc991a\ --0ed800dabe29af5fb41a41cc49fd4084deb02442e8e66f88186607f46395e533\ --a31b642cd5453c7bb16c82bc67bd3b66fa4db58b8e9aa45f9b579860f18d402c\ --798b84002e95753e3b07027a8d68b0a7ab2ac40328fc7ca3ea40780b3428dbc1" -#define hex_fp12_pow "43291d68970ec9c00ed4616b8fa4b2b332c15a6e4ed833a4b1d68db20a06896c\ --48f861508cb878a1f1f806a486f3aa6889571bd5fb1010d73933550d219afd14\ --34b20766a4cc466efe1ee0d48206d683890494aec331d5b345e9a9adb5c5845a\ --0e3edea737b3db1083b776eb48e7bfaa4256a8d37d7ab13a370d7682daaf794d\ --9808adfd960da7837736fca5acb13a84d56962a21af424e48c0aa52c77dfd157\ --a8aa94ea4f3026eed8fa99ab9a793468db12bb7256c50570e72e375f981861a1\ --3fd308b4cdcec640fa4f17aac455b2f3daed3fb86a850b47c301c3941dbd6c4c\ --11b99f09fa20368e840c3d76e706939e4a3e8367165bb802de43acc83ae622d5\ --a5e97a50168650cae7b02b4c2511eeb194cd5ea5ff02a0284abd5961b46d47e4\ --b52a91d96353ef501bdbe6424ea26414faeeb930b9e618c2882a85d1fdeea3d0\ --6c78632b7dbbbdbf347a3f5fd6935a9f9b425125b7ac106e3586a7fbee3f2f20\ --6b35df1d1153684f1363fce020088a797802e18959df4f006bc5d7f4a632e9f9" +#define hex_fp12_mul \ + "058d43459faee14ba2b6a69ff2d8c3ad933a1253e1764dedf5419b144a2ab82b\n" \ + "20ef84805ba02ef92a48fb2ae8086e566a644ab0639249f175268f18d8091ad4\n" \ + "83cc3be54a699ae24d8f920c87baa395befb424a6dcad1dcdfc2a006765ef8d5\n" \ + "1d705169165d9c2386c3bc673df3fa84975afa955a7be27f1b362000a96b8c2c\n" \ + "22b910d826f02961ff0fed439beb1e91f45193f87c2cdd9562da539290846ace\n" \ + "2c618991ae82d35063cfed629ff7d930b8070ba07d0652ba092f046e133e3491\n" \ + "137bc78a9aa182330bd71fb8859314422dd36f5e3c1f6fd36d6c9685fc39419f\n" \ + "8d83e7380abe10a2f3677864c2dbbcdad7ae5434e92043a2da3b71f3f9cedd8c\n" \ + "850c0562ac08996c05d22ea466cf4b1fa7a7064d4653b5fa725d623254bf7125\n" \ + "6dc41016b3ab9b44a4841aa8037e3b4d331cc7c8313abee0c5111a9be5915e90\n" \ + "6d1a15e5b765c4b139bf5c6c4a87214c269b26fb709ff5de885c053f405cf626\n" \ + "8d4d853489a4a5d809fa77e35627a5351651b926f001e1ee46e95808f9001d24" +#define hex_fp12_sqr \ + "3592cba3482fb39756b2ed1d3d756685caa005bd5e8288bc92841d29276aa321\n" \ + "8e3a49919e6de83b1ab1a5bb9eb993c3bbd68e8d305aed5c0b88cef0ef41c47f\n" \ + "3d3d9cc8e07619efd21745f6938a26f7cb0a83ad4aa3a9d066e18ad99833e3ac\n" \ + "25195ec7af551c42d7d37a0b120607d4adba6b9377299688b92a8393f3b8c20f\n" \ + "76f676d5d2cb8d1a2cc237fc78c8d544bef1cd560e654236f502aed0d8c9148c\n" \ + "6cde174a5e9d117175a4a163f041b65f868dffa05b5f3474f729b87f92493f2c\n" \ + "667a86d73e8f88a81306f7f0cd28789a55bf7e9cbe155fc6abb300ad027d8801\n" \ + "a49a66d48ec2ef72a9929413a40e316a8aee1d6236a1db8c56496524f1c23f11\n" \ + "1684bc9679aaba4afe35ec8c0852e438f41e15ab37620d9661018f90fe7415f1\n" \ + "8d37fb8b7edf942885b3009cf7e295bea89444d34091fc57380c778395b7c4e4\n" \ + "278b9d9ea61b6b2758e758ed9a64034576b520e65a9d276a0c82f079501a226e\n" \ + "01a333fa4177601de7cd8ed49ea4906f30e23988dcb7cde173da48499fce3ee5" +#define hex_fp12_inv \ + "47ae900b90945e31afde7fe09f0b69640c468a1648ee52070584a5d13af22bb9\n" \ + "8f273655182c3a9f184dc30421161ecdd50655c36a9266c7df1016e410f34102\n" \ + "a26e789013203804b5f8f1c5a51dd3fb50176d41108b235d6e66712721060252\n" \ + "090aaed5cb83068a0376c6eaca210007744d00c8b4ce53279a67cc069cc519e7\n" \ + "80ab89aa446df59ffe2f29cdb917b760d740ceb634c731b93bf1661aa5868b54\n" \ + "1e13ab51b3198619cc0016599562ed4d266d1481d0d273d3f97cffe5f8e0dd21\n" \ + "5aeb8ed89aafc971a857b8d02f3e3c37ef15ba0e3220e3a7c13c9da8af0c393b\n" \ + "518c338b1430e3129c2555650e5d5634d89513f694ba3a5f2aeb444c540f125a\n" \ + "aba8c5682695f3feee64772d0e49b432c96470e7d663098e9c271a91d4fc991a\n" \ + "0ed800dabe29af5fb41a41cc49fd4084deb02442e8e66f88186607f46395e533\n" \ + "a31b642cd5453c7bb16c82bc67bd3b66fa4db58b8e9aa45f9b579860f18d402c\n" \ + "798b84002e95753e3b07027a8d68b0a7ab2ac40328fc7ca3ea40780b3428dbc1" +#define hex_fp12_pow \ + "43291d68970ec9c00ed4616b8fa4b2b332c15a6e4ed833a4b1d68db20a06896c\n" \ + "48f861508cb878a1f1f806a486f3aa6889571bd5fb1010d73933550d219afd14\n" \ + "34b20766a4cc466efe1ee0d48206d683890494aec331d5b345e9a9adb5c5845a\n" \ + "0e3edea737b3db1083b776eb48e7bfaa4256a8d37d7ab13a370d7682daaf794d\n" \ + "9808adfd960da7837736fca5acb13a84d56962a21af424e48c0aa52c77dfd157\n" \ + "a8aa94ea4f3026eed8fa99ab9a793468db12bb7256c50570e72e375f981861a1\n" \ + "3fd308b4cdcec640fa4f17aac455b2f3daed3fb86a850b47c301c3941dbd6c4c\n" \ + "11b99f09fa20368e840c3d76e706939e4a3e8367165bb802de43acc83ae622d5\n" \ + "a5e97a50168650cae7b02b4c2511eeb194cd5ea5ff02a0284abd5961b46d47e4\n" \ + "b52a91d96353ef501bdbe6424ea26414faeeb930b9e618c2882a85d1fdeea3d0\n" \ + "6c78632b7dbbbdbf347a3f5fd6935a9f9b425125b7ac106e3586a7fbee3f2f20\n" \ + "6b35df1d1153684f1363fce020088a797802e18959df4f006bc5d7f4a632e9f9" int test_sm9_fp12() { sm9_fp12_t x; @@ -313,7 +333,7 @@ int test_sm9_fp12() { sm9_fp12_t s; sm9_bn_t k; int j = 1; - + sm9_fp4_from_hex(x[0], hex_fp4_mul); sm9_fp4_from_hex(x[1], hex_fp4_mul_fp); sm9_fp4_from_hex(x[2], hex_fp4_mul_fp2); @@ -321,12 +341,12 @@ int test_sm9_fp12() { sm9_fp4_from_hex(y[1], hex_fp4_sqr); sm9_fp4_from_hex(y[2], hex_fp4_inv); sm9_bn_from_hex(k, hex_iv); - + sm9_fp12_mul(r, x, y); sm9_fp12_from_hex(s, hex_fp12_mul); if (!sm9_fp12_equ(r, s)) goto err; ++j; sm9_fp12_sqr(r, x); sm9_fp12_from_hex(s, hex_fp12_sqr); if (!sm9_fp12_equ(r, s)) goto err; ++j; sm9_fp12_inv(r, x); sm9_fp12_from_hex(s, hex_fp12_inv); if (!sm9_fp12_equ(r, s)) goto err; ++j; sm9_fp12_pow(r, x, k); sm9_fp12_from_hex(s, hex_fp12_pow); if (!sm9_fp12_equ(r, s)) goto err; ++j; - + printf("%s() ok\n", __FUNCTION__); return 1; err: @@ -345,15 +365,16 @@ err: #define hex_point_mul_g "7cf689748f3714490d7a19eae0e7bfad0e0182498b7bcd8a6998dfd00f59be51-4e2e98d190e9d775e0caa943196bfb066d9c30818b2d768fb5299e7135830a6f" int test_sm9_point() { - sm9_point_t p; - sm9_point_t q; - sm9_point_t r; - sm9_point_t s; + SM9_POINT p; + SM9_POINT q; + SM9_POINT r; + SM9_POINT s; sm9_bn_t k; int j = 1; - + uint8_t buf[65]; + sm9_bn_from_hex(k, hex_iv); - + sm9_point_from_hex(&p, hex_point1); if (!sm9_point_is_on_curve(&p)) goto err; ++j; sm9_point_from_hex(&q, hex_point2); if (!sm9_point_is_on_curve(&q)) goto err; ++j; sm9_point_dbl(&r, &p); sm9_point_from_hex(&s, hex_point_dbl); if (!sm9_point_equ(&r, &s)) goto err; ++j; @@ -362,7 +383,18 @@ int test_sm9_point() { sm9_point_sub(&r, &p, &q); sm9_point_from_hex(&s, hex_point_sub); if (!sm9_point_equ(&r, &s)) goto err; ++j; sm9_point_mul(&r, k, &p); sm9_point_from_hex(&s, hex_point_mul); if (!sm9_point_equ(&r, &s)) goto err; ++j; sm9_point_mul_generator(&r, k); sm9_point_from_hex(&s, hex_point_mul_g); if (!sm9_point_equ(&r, &s)) goto err; ++j; - + + sm9_point_to_uncompressed_octets(&p, buf); + sm9_point_from_uncompressed_octets(&q, buf); + if (!sm9_point_equ(&p, &q)) { + error_print(); + return -1; + } + + + + + printf("%s() ok\n", __FUNCTION__); return 1; err: @@ -371,49 +403,57 @@ err: return -1; } -#define hex_tpoint1 "83f6a65d85d51ec72eacf19bc38384e0369eb22a134a725a0191faa6e4f192ef\ --9a79bfd491ef1cb32d9b57f7d0590ccff6b1cfe63dd15c0823d692fafbe96dbc\ --9ed11c499291db0454d738555af0ce8a1df960056ee7425a6bf296eae60a5037\ --849d4434eb7113fc9fb3809b51d54064fa2f20503423d256bc044905b1eba3fb" -#define hex_tpoint2 "a36232a9713f69157b7cdceef54aa0237b3ba0642a80dbb597af8935aea2c130\ --624b19114e49f00281e2aee1f1b9d4f0a081a135868f8bbdb7b7a7b7da5fd6bc\ --77966917ec1c5a294dd836c34691ab5e891f8c9f017443902c0a73ec54d449d8\ --1be45454b6fa085a53744b22fd398238e400c3e031c8796e59e1bd6222048af0" -#define hex_tpoint_neg "83f6a65d85d51ec72eacf19bc38384e0369eb22a134a725a0191faa6e4f192ef\ --9a79bfd491ef1cb32d9b57f7d0590ccff6b1cfe63dd15c0823d692fafbe96dbc\ --176ee3b67011cbed812c72fa9a9df8bb03f93345ab93ac81797d043cfd46f546\ --31a2bbcb173292f536502ab4a3b986e027c372fae6571c85296b52223165a182" -#define hex_tpoint_dbl "73cbced58a8e76ef5235b480050a74e906e4d27185bd85d7ebdcd43ad24475fd\ --58400f0eb23000d814f5b5d0706749a72909795b7b04f26d6d58b2cf478ad9c9\ --19b460e09ac9ddbb380d6441e078a47bfcaa7d4c3d60b3a6c0d05f896472dc3c\ --1d69f785f47d6f25cb901b131612c37edc5e89ee9ba2dac8c401ced40e340a39" -#define hex_tpoint_add "5f443752a19e368f404b89abae20a386d2b534c424b93ededdbfd04d4c569e6b\ --a411bbd84ee92a6ee53e5ca9cb81bacc192c6ba406f6fdcb2b04d0ab9c42ae44\ --6a3dadfcaac134e8353dd3abf37d487b206ca28dfab1e0a9376649df748f1605\ --4fa25e5e6100a023d4923df385dd236749c6a7f8e68db55e0bd1e2263fc04d28" -#define hex_tpoint_sub "3cbbf5fcc6c11a3579036e617bbf0b2861c53979f01e37f59fc4a10d991ccde7\ --1e9c3c99524c7867c9dbc4f52fdc938cf5aa4a980d3905cc91a5b91331235290\ --44027c5d814bab73ad93d14b564303aab153ad7355bcfbf8a8bed7cb577e7fd8\ --47a4037d1d6f6d2014aa04292fa91cf07b1f4331a85d4b66a6e048226ddfc43e" -#define hex_tpoint_mul "5d704de3261290dbba39dbd14e6bc416025240fd1ed65ec982efed685ae41e8b\ --705c9ca4b5ef465c4e5db80ca4880627a6d9d6bcefd4756496baba9d5eaa3304\ --4e96eb3543aabf1e9a65cae24177b9d13b0f7fae9472145ba7ae2b14bb447aef\ --5d7ba50d7eac49a00b18fee2069afd3cc9719993fa78271e66b7a3efed46ac8b" -#define hex_tpoint_mulg "920ef6fb3a2acff52aa0c004c18feca149dfd33d98086f8f402ea9e0de303c49\ --1f97dd359f2b065d63e0987f5bea2f3dc865c2cc112d7d161b46b83451716fd8\ --614881d4d05fef3173a4990465876c5200f58c5015e13354b23ae401c20c4aef\ --18a22e02b7d395a49f0646a79438e79cd37c32f163fe8923c13d56bab668e8a7" +#define hex_tpoint1 \ + "83f6a65d85d51ec72eacf19bc38384e0369eb22a134a725a0191faa6e4f192ef\n" \ + "9a79bfd491ef1cb32d9b57f7d0590ccff6b1cfe63dd15c0823d692fafbe96dbc\n" \ + "9ed11c499291db0454d738555af0ce8a1df960056ee7425a6bf296eae60a5037\n" \ + "849d4434eb7113fc9fb3809b51d54064fa2f20503423d256bc044905b1eba3fb" +#define hex_tpoint2 \ + "a36232a9713f69157b7cdceef54aa0237b3ba0642a80dbb597af8935aea2c130\n" \ + "624b19114e49f00281e2aee1f1b9d4f0a081a135868f8bbdb7b7a7b7da5fd6bc\n" \ + "77966917ec1c5a294dd836c34691ab5e891f8c9f017443902c0a73ec54d449d8\n" \ + "1be45454b6fa085a53744b22fd398238e400c3e031c8796e59e1bd6222048af0" +#define hex_tpoint_neg \ + "83f6a65d85d51ec72eacf19bc38384e0369eb22a134a725a0191faa6e4f192ef\n" \ + "9a79bfd491ef1cb32d9b57f7d0590ccff6b1cfe63dd15c0823d692fafbe96dbc\n" \ + "176ee3b67011cbed812c72fa9a9df8bb03f93345ab93ac81797d043cfd46f546\n" \ + "31a2bbcb173292f536502ab4a3b986e027c372fae6571c85296b52223165a182" +#define hex_tpoint_dbl \ + "73cbced58a8e76ef5235b480050a74e906e4d27185bd85d7ebdcd43ad24475fd\n" \ + "58400f0eb23000d814f5b5d0706749a72909795b7b04f26d6d58b2cf478ad9c9\n" \ + "19b460e09ac9ddbb380d6441e078a47bfcaa7d4c3d60b3a6c0d05f896472dc3c\n" \ + "1d69f785f47d6f25cb901b131612c37edc5e89ee9ba2dac8c401ced40e340a39" +#define hex_tpoint_add \ + "5f443752a19e368f404b89abae20a386d2b534c424b93ededdbfd04d4c569e6b\n" \ + "a411bbd84ee92a6ee53e5ca9cb81bacc192c6ba406f6fdcb2b04d0ab9c42ae44\n" \ + "6a3dadfcaac134e8353dd3abf37d487b206ca28dfab1e0a9376649df748f1605\n" \ + "4fa25e5e6100a023d4923df385dd236749c6a7f8e68db55e0bd1e2263fc04d28" +#define hex_tpoint_sub \ + "3cbbf5fcc6c11a3579036e617bbf0b2861c53979f01e37f59fc4a10d991ccde7\n" \ + "1e9c3c99524c7867c9dbc4f52fdc938cf5aa4a980d3905cc91a5b91331235290\n" \ + "44027c5d814bab73ad93d14b564303aab153ad7355bcfbf8a8bed7cb577e7fd8\n" \ + "47a4037d1d6f6d2014aa04292fa91cf07b1f4331a85d4b66a6e048226ddfc43e" +#define hex_tpoint_mul \ + "5d704de3261290dbba39dbd14e6bc416025240fd1ed65ec982efed685ae41e8b\n" \ + "705c9ca4b5ef465c4e5db80ca4880627a6d9d6bcefd4756496baba9d5eaa3304\n" \ + "4e96eb3543aabf1e9a65cae24177b9d13b0f7fae9472145ba7ae2b14bb447aef\n" \ + "5d7ba50d7eac49a00b18fee2069afd3cc9719993fa78271e66b7a3efed46ac8b" +#define hex_tpoint_mulg \ + "920ef6fb3a2acff52aa0c004c18feca149dfd33d98086f8f402ea9e0de303c49\n" \ + "1f97dd359f2b065d63e0987f5bea2f3dc865c2cc112d7d161b46b83451716fd8\n" \ + "614881d4d05fef3173a4990465876c5200f58c5015e13354b23ae401c20c4aef\n" \ + "18a22e02b7d395a49f0646a79438e79cd37c32f163fe8923c13d56bab668e8a7" int test_sm9_twist_point() { - sm9_twist_point_t p; - sm9_twist_point_t q; - sm9_twist_point_t r; - sm9_twist_point_t s; + SM9_TWIST_POINT p; + SM9_TWIST_POINT q; + SM9_TWIST_POINT r; + SM9_TWIST_POINT s; sm9_bn_t k; int j = 1; - + sm9_bn_from_hex(k, hex_iv); - + sm9_twist_point_from_hex(&p, hex_tpoint1); if (!sm9_twist_point_is_on_curve(&p)) goto err; ++j; sm9_twist_point_from_hex(&q, hex_tpoint2); if (!sm9_twist_point_is_on_curve(&q)) goto err; ++j; sm9_twist_point_neg(&r, &p); sm9_twist_point_from_hex(&s, hex_tpoint_neg); if (!sm9_twist_point_equ(&r, &s)) goto err; ++j; @@ -423,7 +463,7 @@ int test_sm9_twist_point() { sm9_twist_point_sub(&r, &p, &q); sm9_twist_point_from_hex(&s, hex_tpoint_sub); if (!sm9_twist_point_equ(&r, &s)) goto err; ++j; sm9_twist_point_mul(&r, k, &p); sm9_twist_point_from_hex(&s, hex_tpoint_mul); if (!sm9_twist_point_equ(&r, &s)) goto err; ++j; sm9_twist_point_mul_generator(&r, k); sm9_twist_point_from_hex(&s, hex_tpoint_mulg); if (!sm9_twist_point_equ(&r, &s)) goto err; ++j; - + printf("%s() ok\n", __FUNCTION__); return 1; err: @@ -432,68 +472,79 @@ err: return -1; } -#define hex_pairing1 "4e378fb5561cd0668f906b731ac58fee25738edf09cadc7a29c0abc0177aea6d\ --28b3404a61908f5d6198815c99af1990c8af38655930058c28c21bb539ce0000\ --38bffe40a22d529a0c66124b2c308dac9229912656f62b4facfced408e02380f\ --a01f2c8bee81769609462c69c96aa923fd863e209d3ce26dd889b55e2e3873db\ --67e0e0c2eed7a6993dce28fe9aa2ef56834307860839677f96685f2b44d0911f\ --5a1ae172102efd95df7338dbc577c66d8d6c15e0a0158c7507228efb078f42a6\ --1604a3fcfa9783e667ce9fcb1062c2a5c6685c316dda62de0548baa6ba30038b\ --93634f44fa13af76169f3cc8fbea880adaff8475d5fd28a75deb83c44362b439\ --b3129a75d31d17194675a1bc56947920898fbf390a5bf5d931ce6cbb3340f66d\ --4c744e69c4a2e1c8ed72f796d151a17ce2325b943260fc460b9f73cb57c9014b\ --84b87422330d7936eaba1109fa5a7a7181ee16f2438b0aeb2f38fd5f7554e57a\ --aab9f06a4eeba4323a7833db202e4e35639d93fa3305af73f0f071d7d284fcfb" +#define hex_pairing1 \ + "4e378fb5561cd0668f906b731ac58fee25738edf09cadc7a29c0abc0177aea6d\n" \ + "28b3404a61908f5d6198815c99af1990c8af38655930058c28c21bb539ce0000\n" \ + "38bffe40a22d529a0c66124b2c308dac9229912656f62b4facfced408e02380f\n" \ + "a01f2c8bee81769609462c69c96aa923fd863e209d3ce26dd889b55e2e3873db\n" \ + "67e0e0c2eed7a6993dce28fe9aa2ef56834307860839677f96685f2b44d0911f\n" \ + "5a1ae172102efd95df7338dbc577c66d8d6c15e0a0158c7507228efb078f42a6\n" \ + "1604a3fcfa9783e667ce9fcb1062c2a5c6685c316dda62de0548baa6ba30038b\n" \ + "93634f44fa13af76169f3cc8fbea880adaff8475d5fd28a75deb83c44362b439\n" \ + "b3129a75d31d17194675a1bc56947920898fbf390a5bf5d931ce6cbb3340f66d\n" \ + "4c744e69c4a2e1c8ed72f796d151a17ce2325b943260fc460b9f73cb57c9014b\n" \ + "84b87422330d7936eaba1109fa5a7a7181ee16f2438b0aeb2f38fd5f7554e57a\n" \ + "aab9f06a4eeba4323a7833db202e4e35639d93fa3305af73f0f071d7d284fcfb" -#define hex_RA "7CBA5B19069EE66AA79D490413D11846B9BA76DD22567F809CF23B6D964BB265-A9760C99CB6F706343FED05637085864958D6C90902ABA7D405FBEDF7B781599" -#define hex_deB "74CCC3AC9C383C60AF083972B96D05C75F12C8907D128A17ADAFBAB8C5A4ACF7\ --01092FF4DE89362670C21711B6DBE52DCD5F8E40C6654B3DECE573C2AB3D29B2\ --44B0294AA04290E1524FF3E3DA8CFD432BB64DE3A8040B5B88D1B5FC86A4EBC1\ --8CFC48FB4FF37F1E27727464F3C34E2153861AD08E972D1625FC1A7BD18D5539" -#define hex_pairing2 "28542FB6954C84BE6A5F2988A31CB6817BA0781966FA83D9673A9577D3C0C134\ --5E27C19FC02ED9AE37F5BB7BE9C03C2B87DE027539CCF03E6B7D36DE4AB45CD1\ --A1ABFCD30C57DB0F1A838E3A8F2BF823479C978BD137230506EA6249C891049E\ --3497477913AB89F5E2960F382B1B5C8EE09DE0FA498BA95C4409D630D343DA40\ --4FEC93472DA33A4DB6599095C0CF895E3A7B993EE5E4EBE3B9AB7D7D5FF2A3D1\ --647BA154C3E8E185DFC33657C1F128D480F3F7E3F16801208029E19434C733BB\ --73F21693C66FC23724DB26380C526223C705DAF6BA18B763A68623C86A632B05\ --0F63A071A6D62EA45B59A1942DFF5335D1A232C9C5664FAD5D6AF54C11418B0D\ --8C8E9D8D905780D50E779067F2C4B1C8F83A8B59D735BB52AF35F56730BDE5AC\ --861CCD9978617267CE4AD9789F77739E62F2E57B48C2FF26D2E90A79A1D86B93\ --9B1CA08F64712E33AEDA3F44BD6CB633E0F722211E344D73EC9BBEBC92142765\ --6BA584CE742A2A3AB41C15D3EF94EDEB8EF74A2BDCDAAECC09ABA567981F6437" +#define hex_RA \ + "7CBA5B19069EE66AA79D490413D11846B9BA76DD22567F809CF23B6D964BB265\n" \ + "A9760C99CB6F706343FED05637085864958D6C90902ABA7D405FBEDF7B781599" +#define hex_deB \ + "74CCC3AC9C383C60AF083972B96D05C75F12C8907D128A17ADAFBAB8C5A4ACF7\n" \ + "01092FF4DE89362670C21711B6DBE52DCD5F8E40C6654B3DECE573C2AB3D29B2\n" \ + "44B0294AA04290E1524FF3E3DA8CFD432BB64DE3A8040B5B88D1B5FC86A4EBC1\n" \ + "8CFC48FB4FF37F1E27727464F3C34E2153861AD08E972D1625FC1A7BD18D5539" -#define hex_Ppube "9174542668E8F14AB273C0945C3690C66E5DD09678B86F734C4350567ED06283-54E598C6BF749A3DACC9FFFEDD9DB6866C50457CFC7AA2A4AD65C3168FF74210" +#define hex_pairing2 \ + "28542FB6954C84BE6A5F2988A31CB6817BA0781966FA83D9673A9577D3C0C134\n" \ + "5E27C19FC02ED9AE37F5BB7BE9C03C2B87DE027539CCF03E6B7D36DE4AB45CD1\n" \ + "A1ABFCD30C57DB0F1A838E3A8F2BF823479C978BD137230506EA6249C891049E\n" \ + "3497477913AB89F5E2960F382B1B5C8EE09DE0FA498BA95C4409D630D343DA40\n" \ + "4FEC93472DA33A4DB6599095C0CF895E3A7B993EE5E4EBE3B9AB7D7D5FF2A3D1\n" \ + "647BA154C3E8E185DFC33657C1F128D480F3F7E3F16801208029E19434C733BB\n" \ + "73F21693C66FC23724DB26380C526223C705DAF6BA18B763A68623C86A632B05\n" \ + "0F63A071A6D62EA45B59A1942DFF5335D1A232C9C5664FAD5D6AF54C11418B0D\n" \ + "8C8E9D8D905780D50E779067F2C4B1C8F83A8B59D735BB52AF35F56730BDE5AC\n" \ + "861CCD9978617267CE4AD9789F77739E62F2E57B48C2FF26D2E90A79A1D86B93\n" \ + "9B1CA08F64712E33AEDA3F44BD6CB633E0F722211E344D73EC9BBEBC92142765\n" \ + "6BA584CE742A2A3AB41C15D3EF94EDEB8EF74A2BDCDAAECC09ABA567981F6437" + + +#define hex_Ppube \ + "9174542668E8F14AB273C0945C3690C66E5DD09678B86F734C4350567ED06283\n" \ + "54E598C6BF749A3DACC9FFFEDD9DB6866C50457CFC7AA2A4AD65C3168FF74210" #define rB "00018B98C44BEF9F8537FB7D071B2C928B3BC65BD3D69E1EEE213564905634FE" -#define hex_pairing3 "1052D6E9D13E381909DFF7B2B41E13C987D0A9068423B769480DACCE6A06F492\ --5FFEB92AD870F97DC0893114DA22A44DBC9E7A8B6CA31A0CF0467265A1FB48C7\ --2C5C3B37E4F2FF83DB33D98C0317BCBBBBF4AC6DF6B89ECA58268B280045E612\ --6CED9E2D7C9CD3D5AD630DEFAB0B831506218037EE0F861CF9B43C78434AEC38\ --0AE7BF3E1AEC0CB67A03440906C7DFB3BCD4B6EEEBB7E371F0094AD4A816088D\ --98DBC791D0671CACA12236CDF8F39E15AEB96FAEB39606D5B04AC581746A663D\ --00DD2B7416BAA91172E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B5\ --7EBAC0349F8544469E60C32F6075FB0468A68147FF013537DF792FFCE024F857\ --10CC2B561A62B62DA36AEFD60850714F49170FD94A0010C6D4B651B64F3A3A5E\ --58C9687BEDDCD9E4FEDAB16B884D1FE6DFA117B2AB821F74E0BF7ACDA2269859\ --2A430968F16086061904CE201847934B11CA0F9E9528F5A9D0CE8F015C9AEA79\ --934FDDA6D3AB48C8571CE2354B79742AA498CB8CDDE6BD1FA5946345A1A652F6" +#define hex_pairing3 \ + "1052D6E9D13E381909DFF7B2B41E13C987D0A9068423B769480DACCE6A06F492\n" \ + "5FFEB92AD870F97DC0893114DA22A44DBC9E7A8B6CA31A0CF0467265A1FB48C7\n" \ + "2C5C3B37E4F2FF83DB33D98C0317BCBBBBF4AC6DF6B89ECA58268B280045E612\n" \ + "6CED9E2D7C9CD3D5AD630DEFAB0B831506218037EE0F861CF9B43C78434AEC38\n" \ + "0AE7BF3E1AEC0CB67A03440906C7DFB3BCD4B6EEEBB7E371F0094AD4A816088D\n" \ + "98DBC791D0671CACA12236CDF8F39E15AEB96FAEB39606D5B04AC581746A663D\n" \ + "00DD2B7416BAA91172E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B5\n" \ + "7EBAC0349F8544469E60C32F6075FB0468A68147FF013537DF792FFCE024F857\n" \ + "10CC2B561A62B62DA36AEFD60850714F49170FD94A0010C6D4B651B64F3A3A5E\n" \ + "58C9687BEDDCD9E4FEDAB16B884D1FE6DFA117B2AB821F74E0BF7ACDA2269859\n" \ + "2A430968F16086061904CE201847934B11CA0F9E9528F5A9D0CE8F015C9AEA79\n" \ + "934FDDA6D3AB48C8571CE2354B79742AA498CB8CDDE6BD1FA5946345A1A652F6" + int test_sm9_pairing() { - sm9_twist_point_t p; - sm9_point_t q; + SM9_TWIST_POINT p; + SM9_POINT q; sm9_fp12_t r; sm9_fp12_t s; sm9_bn_t k; int j = 1; - + sm9_pairing(r, SM9_Ppubs, SM9_P1); sm9_fp12_from_hex(s, hex_pairing1); if (!sm9_fp12_equ(r, s)) goto err; ++j; - + sm9_twist_point_from_hex(&p, hex_deB); sm9_point_from_hex(&q, hex_RA); sm9_pairing(r, &p, &q); sm9_fp12_from_hex(s, hex_pairing2); if (!sm9_fp12_equ(r, s)) goto err; ++j; - + sm9_bn_from_hex(k, rB); sm9_point_from_hex(&q, hex_Ppube); sm9_pairing(r, SM9_P2, &q); sm9_fp12_pow(r, r, k); sm9_fp12_from_hex(s, hex_pairing3); if (!sm9_fp12_equ(r, s)) goto err; ++j; - + printf("%s() ok\n", __FUNCTION__); return 1; err: @@ -509,11 +560,11 @@ int test_sm9_sign() { SM9_SIGN_CTX ctx; SM9_SIGN_KEY key; SM9_SIGN_MASTER_KEY mpk; - sm9_point_t ds; + SM9_POINT ds; uint8_t sig[1000] = {0}; size_t siglen = 0; int j = 1; - + uint8_t data[20] = {0x43, 0x68, 0x69, 0x6E, 0x65, 0x73, 0x65, 0x20, 0x49, 0x42, 0x53, 0x20, 0x73, 0x74, 0x61, 0x6E, 0x64, 0x61, 0x72, 0x64}; uint8_t IDA[5] = {0x41, 0x6C, 0x69, 0x63, 0x65}; @@ -538,19 +589,40 @@ err: } #define hex_ke "0001EDEE3778F441F8DEA3D9FA0ACC4E07EE36C93F9A08618AF4AD85CEDE1C22" -#define hex_de "94736ACD2C8C8796CC4785E938301A139A059D3537B6414140B2D31EECF41683\ --115BAE85F5D8BC6C3DBD9E5342979ACCCF3C2F4F28420B1CB4F8C0B59A19B158\ --7AA5E47570DA7600CD760A0CF7BEAF71C447F3844753FE74FA7BA92CA7D3B55F\ --27538A62E7F7BFB51DCE08704796D94C9D56734F119EA44732B50E31CDEB75C1" + +#define hex_de \ + "94736ACD2C8C8796CC4785E938301A139A059D3537B6414140B2D31EECF41683\n" \ + "115BAE85F5D8BC6C3DBD9E5342979ACCCF3C2F4F28420B1CB4F8C0B59A19B158\n" \ + "7AA5E47570DA7600CD760A0CF7BEAF71C447F3844753FE74FA7BA92CA7D3B55F\n" \ + "27538A62E7F7BFB51DCE08704796D94C9D56734F119EA44732B50E31CDEB75C1" + +int test_sm9_ciphertext() +{ + SM9_POINT C1; + uint8_t c2[SM9_MAX_PLAINTEXT_SIZE]; + uint8_t c3[SM3_HMAC_SIZE]; + uint8_t buf[1024]; + uint8_t *p = buf; + size_t len = 0; + + sm9_point_copy(&C1, SM9_P1); + if (sm9_ciphertext_to_der(&C1, c2, sizeof(c2), c3, &p, &len) != 1) { + error_print(); + return -1; + } + //printf("SM9_MAX_CIPHERTEXT_SIZE %zu\n", len); + return 1; +} + int test_sm9_encrypt() { SM9_ENC_MASTER_KEY msk; SM9_ENC_KEY key; - sm9_twist_point_t de; + SM9_TWIST_POINT de; uint8_t out[1000] = {0}; size_t outlen = 0; int j = 1; - + uint8_t data[20] = {0x43, 0x68, 0x69, 0x6E, 0x65, 0x73, 0x65, 0x20, 0x49, 0x42, 0x53, 0x20, 0x73, 0x74, 0x61, 0x6E, 0x64, 0x61, 0x72, 0x64}; uint8_t dec[20] = {0}; size_t declen = 20; @@ -582,6 +654,7 @@ int main(void) { if (test_sm9_twist_point() != 1) goto err; if (test_sm9_pairing() != 1) goto err; if (test_sm9_sign() != 1) goto err; + if (test_sm9_ciphertext() != 1) goto err; if (test_sm9_encrypt() != 1) goto err; printf("%s all tests passed\n", __FILE__); diff --git a/tools/sm2encrypt.c b/tools/sm2encrypt.c index 45c4f069..69e23363 100644 --- a/tools/sm2encrypt.c +++ b/tools/sm2encrypt.c @@ -1,4 +1,4 @@ -/* +/* * Copyright (c) 2021 - 2021 The GmSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without diff --git a/tools/sm9decrypt.c b/tools/sm9decrypt.c index 51c2c677..4d8162a7 100644 --- a/tools/sm9decrypt.c +++ b/tools/sm9decrypt.c @@ -101,7 +101,7 @@ int sm9decrypt_main(int argc, char **argv) } else if (!strcmp(*argv, "-in")) { if (--argc < 1) goto bad; infile = *(++argv); - if (!(infp = fopen(outfile, "r"))) { + if (!(infp = fopen(infile, "r"))) { error_print(); goto end; } diff --git a/tools/sm9encrypt.c b/tools/sm9encrypt.c index 55ffa745..81b78707 100644 --- a/tools/sm9encrypt.c +++ b/tools/sm9encrypt.c @@ -118,10 +118,14 @@ bad: argv++; } - if (!mpkfile || !id) { + if (!mpkfp || !id) { error_print(); goto end; } + if (sm9_enc_master_public_key_from_pem(&mpk, mpkfp) != 1) { + error_print(); + return -1; + } if ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) <= 0) { error_print(); goto end; @@ -138,5 +142,6 @@ bad: end: if (infile && infp) fclose(infp); if (outfile && outfp) fclose(outfp); + if (mpkfp) fclose(mpkfp); return ret; } diff --git a/tools/sm9sign.c b/tools/sm9sign.c index 5a9995f9..4fea0f21 100644 --- a/tools/sm9sign.c +++ b/tools/sm9sign.c @@ -72,7 +72,7 @@ int sm9sign_main(int argc, char **argv) SM9_SIGN_CTX ctx; uint8_t buf[4096]; ssize_t len; - uint8_t sig[SM9_MAX_SIGNATURE_SIZE]; + uint8_t sig[SM9_SIGNATURE_SIZE]; size_t siglen; argc--; @@ -90,14 +90,14 @@ int sm9sign_main(int argc, char **argv) } else if (!strcmp(*argv, "-in")) { if (--argc < 1) goto bad; infile = *(++argv); - if (!(infp = fopen(infile, "w"))) { + if (!(infp = fopen(infile, "r"))) { error_print(); goto end; } } else if (!strcmp(*argv, "-key")) { if (--argc < 1) goto bad; keyfile = *(++argv); - if (!(keyfp = fopen(keyfile, "w"))) { + if (!(keyfp = fopen(keyfile, "r"))) { error_print(); goto end; } @@ -145,6 +145,14 @@ bad: error_print(); goto end; } + + if (siglen != fwrite(sig, 1, siglen, outfp)) { + error_print(); + goto end; + } + + + ret = 0; end: diff --git a/tools/sm9verify.c b/tools/sm9verify.c index bbdfe42a..80cc37ec 100644 --- a/tools/sm9verify.c +++ b/tools/sm9verify.c @@ -70,7 +70,7 @@ int sm9verify_main(int argc, char **argv) SM9_SIGN_CTX ctx; uint8_t buf[4096]; ssize_t len; - uint8_t sig[SM9_MAX_SIGNATURE_SIZE]; + uint8_t sig[SM9_SIGNATURE_SIZE]; ssize_t siglen; argc--; @@ -88,14 +88,14 @@ int sm9verify_main(int argc, char **argv) } else if (!strcmp(*argv, "-in")) { if (--argc < 1) goto bad; infile = *(++argv); - if (!(infp = fopen(infile, "w"))) { + if (!(infp = fopen(infile, "r"))) { error_print(); goto end; } } else if (!strcmp(*argv, "-pubmaster")) { if (--argc < 1) goto bad; mpkfile = *(++argv); - if (!(mpkfp = fopen(mpkfile, "w"))) { + if (!(mpkfp = fopen(mpkfile, "r"))) { error_print(); goto end; } @@ -105,7 +105,7 @@ int sm9verify_main(int argc, char **argv) } else if (!strcmp(*argv, "-sig")) { if (--argc < 1) goto bad; sigfile = *(++argv); - if (!(sigfp = fopen(sigfile, "w"))) { + if (!(sigfp = fopen(sigfile, "r"))) { error_print(); goto end; } @@ -148,6 +148,7 @@ bad: error_print(); goto end; } + printf("%s %s\n", prog, ret ? "success" : "failure"); end: if (infile && infp) fclose(infp);