From e789127a9a26defe15daae1f8b551b8f92dcbd8d Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Thu, 13 Sep 2018 15:58:53 +0800 Subject: [PATCH] Add SM9 BN curve sm9bn256v1 over GF(p) The recommended BN curve over 256 -bit prime field. The OID of the curve might be modified in the future. --- crypto/ec/ec_curve.c | 42 ++++++++++++++++++++++++++++++++++++++ crypto/objects/obj_dat.h | 15 +++++++++----- crypto/objects/obj_mac.num | 1 + crypto/objects/objects.txt | 4 ++++ crypto/sm9/sm9_rate.c | 42 ++++++++++++++++---------------------- include/openssl/obj_mac.h | 4 ++++ 6 files changed, 79 insertions(+), 29 deletions(-) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index a3ba0da8..46903963 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -2880,6 +2880,44 @@ static const struct { }; #endif +#ifndef OPENSSL_NO_SM9 +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} _EC_SM9_BN_256V1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { + /* no seed */ + /* p */ + 0xB6, 0x40, 0x00, 0x00, 0x02, 0xA3, 0xA6, 0xF1, 0xD6, 0x03, 0xAB, 0x4F, + 0xF5, 0x8E, 0xC7, 0x45, 0x21, 0xF2, 0x93, 0x4B, 0x1A, 0x7A, 0xEE, 0xDB, + 0xE5, 0x6F, 0x9B, 0x27, 0xE3, 0x51, 0x45, 0x7D, + /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, + /* x */ + 0x93, 0xDE, 0x05, 0x1D, 0x62, 0xBF, 0x71, 0x8F, 0xF5, 0xED, 0x07, 0x04, + 0x48, 0x7D, 0x01, 0xD6, 0xE1, 0xE4, 0x08, 0x69, 0x09, 0xDC, 0x32, 0x80, + 0xE8, 0xC4, 0xE4, 0x81, 0x7C, 0x66, 0xDD, 0xDD, + /* y */ + 0x21, 0xFE, 0x8D, 0xDA, 0x4F, 0x21, 0xE6, 0x07, 0x63, 0x10, 0x65, 0x12, + 0x5C, 0x39, 0x5B, 0xBC, 0x1C, 0x1C, 0x00, 0xCB, 0xFA, 0x60, 0x24, 0x35, + 0x0C, 0x46, 0x4C, 0xD7, 0x0A, 0x3E, 0xA6, 0x16, + /* order */ + 0xB6, 0x40, 0x00, 0x00, 0x02, 0xA3, 0xA6, 0xF1, 0xD6, 0x03, 0xAB, 0x4F, + 0xF5, 0x8E, 0xC7, 0x44, 0x49, 0xF2, 0x93, 0x4B, 0x18, 0xEA, 0x8B, 0xEE, + 0xE5, 0x6E, 0xE1, 0x9C, 0xD6, 0x9E, 0xCF, 0x25, + } +}; +#endif + typedef struct _ec_list_element_st { int nid; const EC_CURVE_DATA *data; @@ -3102,6 +3140,10 @@ static const ec_list_element curve_list[] = { {NID_wapip192v1, &_EC_WAPI_PRIME_192V1.h, 0, "WAPI curve over a 192 bit prime field"}, #endif +#ifndef OPENSSL_NO_SM9 + {NID_sm9bn256v1, &_EC_SM9_BN_256V1.h, 0, + "SM9 BN curve over a 256 bit prime field"}, +#endif }; #define curve_list_length OSSL_NELEM(curve_list) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index f11495c6..15b8caad 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7787] = { +static const unsigned char so[7797] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1091,9 +1091,10 @@ static const unsigned char so[7787] = { 0x2A,0x81,0x1C,0xD7,0x63,0x01, /* [ 7765] OBJ_wapi_crypto */ 0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01, /* [ 7771] OBJ_wapi_ec */ 0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,0x01, /* [ 7778] OBJ_wapi_ecdsa192_sha256 */ + 0x2B,0x06,0x01,0x04,0x01,0x83,0x83,0x0D,0x09,0x01, /* [ 7786] OBJ_sm9bn256v1 */ }; -#define NUM_NID 1200 +#define NUM_NID 1201 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2295,9 +2296,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"wapi-crypto", "wapi-crypto", NID_wapi_crypto, 6, &so[7765]}, {"wapi-ec", "wapi-ec", NID_wapi_ec, 7, &so[7771]}, {"wapi-ecdsa192-sha256", "wapi-ecdsa192-sha256", NID_wapi_ecdsa192_sha256, 8, &so[7778]}, + {"sm9bn256v1", "sm9bn256v1", NID_sm9bn256v1, 10, &so[7786]}, }; -#define NUM_SN 1189 +#define NUM_SN 1190 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -3420,6 +3422,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1149, /* "sm2exchange" */ 1116, /* "sm2p256v1" */ 1117, /* "sm2sign" */ + 1200, /* "sm9bn256v1" */ 1125, /* "sm9encrypt" */ 1124, /* "sm9keyagreement" */ 1123, /* "sm9sign" */ @@ -3490,7 +3493,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1194, /* "zuc-128eia3" */ }; -#define NUM_LN 1189 +#define NUM_LN 1190 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -4597,6 +4600,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1089, /* "sm6-cfb" */ 1086, /* "sm6-ecb" */ 1088, /* "sm6-ofb" */ + 1200, /* "sm9bn256v1" */ 1125, /* "sm9encrypt" */ 1124, /* "sm9keyagreement" */ 1123, /* "sm9sign" */ @@ -4683,7 +4687,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1194, /* "zuc-128eia3" */ }; -#define NUM_OBJ 1086 +#define NUM_OBJ 1087 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5667,6 +5671,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ 1151, /* OBJ_cpk_map 1 3 6 1 4 1 49549 1 1 */ + 1200, /* OBJ_sm9bn256v1 1 3 6 1 4 1 49549 9 1 */ 951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ 952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ 953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 092d0b50..3051dc10 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1197,3 +1197,4 @@ bwips 1196 wapi_crypto 1197 wapi_ec 1198 wapi_ecdsa192_sha256 1199 +sm9bn256v1 1200 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index d775b50d..ce664734 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1670,3 +1670,7 @@ wapi-crypto 1 : wapi-ec wapi-ec 1 : wapi-ecdsa192-sha256 wapi-ec 2 1 : wapip192v1 +# SM9 curve +GmSSL 9 1 : sm9bn256v1 + + diff --git a/crypto/sm9/sm9_rate.c b/crypto/sm9/sm9_rate.c index 12c33aa1..0190a005 100644 --- a/crypto/sm9/sm9_rate.c +++ b/crypto/sm9/sm9_rate.c @@ -50,7 +50,9 @@ #include #include #include - +#include +#include +#include typedef uint64_t fp_t[4]; typedef fp_t fp2_t[2]; @@ -87,9 +89,12 @@ static const int abits = { 0, }; static const int ebits = { - 0, 0, 1, 0, + }; + + + static int fp_is_zero(const fp_t a) { return a[0] == 0 && a[1] == 0 && a[2] == 0 && a[3] == 0; @@ -825,22 +830,14 @@ static void rate(fp12_t r, const point_t Q, const fp_t xP, const fp_t yP) for (i = 0; i < sizeof(abits); i++) { eval(g, T, T, xP, yP); - - fp12_sqr(t0, f); - fp12_mul(t1, t0, g); - fp12_copy(f, t1); - - point_dbl(R, T); - point_copy(T, R); + fp12_sqr_to(f); + fp12_mul_to(f, g); + point_dbl_to(T); if (abits[i]) { eval(g, T, Q, xP, yP); - - fp12_mul(t0, f, g); - fp12_copy(f, t0); - - point_add(R, T, Q); - point_copy(T, R); + fp12_mul_to(f, g); + point_add_to(T, Q); } } @@ -848,16 +845,13 @@ static void rate(fp12_t r, const point_t Q, const fp_t xP, const fp_t yP) frob_twice(Q, Q2); eval(g, T, Q1, xP, yP); - fp12_mul(t, f, g); - fp12_copy(f, t); + fp12_mul_to(f, g); + point_add_to(T, Q1); - point_add(R, T, Q1); - point_copy(T, R); - - point_neg(R, Q2); - eval(g, T, R, xP, yP); - fp12_mul(t, f, g); - fp12_copy(f, t); + point_neg_to(Q2); + eval(g, T, Q, xP, yP); + fp12_mul_to(f, g); + //point_add_to(T, Q2); final_expo(r, f); } diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 1c9125e1..6a090eb6 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -5172,3 +5172,7 @@ #define SN_wapip192v1 "wapip192v1" #define NID_wapip192v1 1135 #define OBJ_wapip192v1 OBJ_wapi_ec,2L,1L + +#define SN_sm9bn256v1 "sm9bn256v1" +#define NID_sm9bn256v1 1200 +#define OBJ_sm9bn256v1 OBJ_GmSSL,9L,1L