Add SM9 BN curve sm9bn256v1 over GF(p)

The recommended BN curve over 256 -bit prime field. The OID of the curve might be modified in the future.
2026-06-13 08:23:50 +08:00 · 2018-09-13 15:58:53 +08:00
parent f303eba06b
commit e789127a9a
6 changed files with 79 additions and 29 deletions
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -2880,6 +2880,44 @@ static const struct {
 };
 #endif

+#ifndef OPENSSL_NO_SM9
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_SM9_BN_256V1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xB6, 0x40, 0x00, 0x00, 0x02, 0xA3, 0xA6, 0xF1, 0xD6, 0x03, 0xAB, 0x4F,
+        0xF5, 0x8E, 0xC7, 0x45, 0x21, 0xF2, 0x93, 0x4B, 0x1A, 0x7A, 0xEE, 0xDB,
+        0xE5, 0x6F, 0x9B, 0x27, 0xE3, 0x51, 0x45, 0x7D,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	/* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+	/* x */
+	0x93, 0xDE, 0x05, 0x1D, 0x62, 0xBF, 0x71, 0x8F, 0xF5, 0xED, 0x07, 0x04,
+        0x48, 0x7D, 0x01, 0xD6, 0xE1, 0xE4, 0x08, 0x69, 0x09, 0xDC, 0x32, 0x80,
+        0xE8, 0xC4, 0xE4, 0x81, 0x7C, 0x66, 0xDD, 0xDD,
+	/* y */
+	0x21, 0xFE, 0x8D, 0xDA, 0x4F, 0x21, 0xE6, 0x07, 0x63, 0x10, 0x65, 0x12,
+	0x5C, 0x39, 0x5B, 0xBC, 0x1C, 0x1C, 0x00, 0xCB, 0xFA, 0x60, 0x24, 0x35,
+	0x0C, 0x46, 0x4C, 0xD7, 0x0A, 0x3E, 0xA6, 0x16,
+	/* order */
+        0xB6, 0x40, 0x00, 0x00, 0x02, 0xA3, 0xA6, 0xF1, 0xD6, 0x03, 0xAB, 0x4F,
+        0xF5, 0x8E, 0xC7, 0x44, 0x49, 0xF2, 0x93, 0x4B, 0x18, 0xEA, 0x8B, 0xEE,
+        0xE5, 0x6E, 0xE1, 0x9C, 0xD6, 0x9E, 0xCF, 0x25,
+   }
+};
+#endif
+
 typedef struct _ec_list_element_st {
    int nid;
    const EC_CURVE_DATA *data;
@@ -3102,6 +3140,10 @@ static const ec_list_element curve_list[] = {
    {NID_wapip192v1, &_EC_WAPI_PRIME_192V1.h, 0,
     "WAPI curve over a 192 bit prime field"},
 #endif
+#ifndef OPENSSL_NO_SM9
+    {NID_sm9bn256v1, &_EC_SM9_BN_256V1.h, 0,
+     "SM9 BN curve over a 256 bit prime field"},
+#endif
 };

 #define curve_list_length OSSL_NELEM(curve_list)
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
 */

 /* Serialized OID's */
-static const unsigned char so[7787] = {
+static const unsigned char so[7797] = {
    0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
@@ -1091,9 +1091,10 @@ static const unsigned char so[7787] = {
    0x2A,0x81,0x1C,0xD7,0x63,0x01,                 /* [ 7765] OBJ_wapi_crypto */
    0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,            /* [ 7771] OBJ_wapi_ec */
    0x2A,0x81,0x1C,0xD7,0x63,0x01,0x01,0x01,       /* [ 7778] OBJ_wapi_ecdsa192_sha256 */
+    0x2B,0x06,0x01,0x04,0x01,0x83,0x83,0x0D,0x09,0x01,  /* [ 7786] OBJ_sm9bn256v1 */
 };

-#define NUM_NID 1200
+#define NUM_NID 1201
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
    {"UNDEF", "undefined", NID_undef},
    {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2295,9 +2296,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
    {"wapi-crypto", "wapi-crypto", NID_wapi_crypto, 6, &so[7765]},
    {"wapi-ec", "wapi-ec", NID_wapi_ec, 7, &so[7771]},
    {"wapi-ecdsa192-sha256", "wapi-ecdsa192-sha256", NID_wapi_ecdsa192_sha256, 8, &so[7778]},
+    {"sm9bn256v1", "sm9bn256v1", NID_sm9bn256v1, 10, &so[7786]},
 };

-#define NUM_SN 1189
+#define NUM_SN 1190
 static const unsigned int sn_objs[NUM_SN] = {
     364,    /* "AD_DVCS" */
     419,    /* "AES-128-CBC" */
@@ -3420,6 +3422,7 @@ static const unsigned int sn_objs[NUM_SN] = {
    1149,    /* "sm2exchange" */
    1116,    /* "sm2p256v1" */
    1117,    /* "sm2sign" */
+    1200,    /* "sm9bn256v1" */
    1125,    /* "sm9encrypt" */
    1124,    /* "sm9keyagreement" */
    1123,    /* "sm9sign" */
@@ -3490,7 +3493,7 @@ static const unsigned int sn_objs[NUM_SN] = {
    1194,    /* "zuc-128eia3" */
 };

-#define NUM_LN 1189
+#define NUM_LN 1190
 static const unsigned int ln_objs[NUM_LN] = {
     363,    /* "AD Time Stamping" */
     405,    /* "ANSI X9.62" */
@@ -4597,6 +4600,7 @@ static const unsigned int ln_objs[NUM_LN] = {
    1089,    /* "sm6-cfb" */
    1086,    /* "sm6-ecb" */
    1088,    /* "sm6-ofb" */
+    1200,    /* "sm9bn256v1" */
    1125,    /* "sm9encrypt" */
    1124,    /* "sm9keyagreement" */
    1123,    /* "sm9sign" */
@@ -4683,7 +4687,7 @@ static const unsigned int ln_objs[NUM_LN] = {
    1194,    /* "zuc-128eia3" */
 };

-#define NUM_OBJ 1086
+#define NUM_OBJ 1087
 static const unsigned int obj_objs[NUM_OBJ] = {
       0,    /* OBJ_undef                        0 */
     181,    /* OBJ_iso                          1 */
@@ -5667,6 +5671,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
     648,    /* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
     649,    /* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
    1151,    /* OBJ_cpk_map                      1 3 6 1 4 1 49549 1 1 */
+    1200,    /* OBJ_sm9bn256v1                   1 3 6 1 4 1 49549 9 1 */
     951,    /* OBJ_ct_precert_scts              1 3 6 1 4 1 11129 2 4 2 */
     952,    /* OBJ_ct_precert_poison            1 3 6 1 4 1 11129 2 4 3 */
     953,    /* OBJ_ct_precert_signer            1 3 6 1 4 1 11129 2 4 4 */
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1197,3 +1197,4 @@ bwips		1196
 wapi_crypto		1197
 wapi_ec		1198
 wapi_ecdsa192_sha256		1199
+sm9bn256v1		1200
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1670,3 +1670,7 @@ wapi-crypto 1		: wapi-ec
 wapi-ec 1		: wapi-ecdsa192-sha256
 wapi-ec 2 1		: wapip192v1

+# SM9 curve
+GmSSL 9 1		: sm9bn256v1
+
+
--- a/crypto/sm9/sm9_rate.c
+++ b/crypto/sm9/sm9_rate.c
@@ -50,7 +50,9 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdint.h>
-
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/err.h>

 typedef uint64_t fp_t[4];
 typedef fp_t fp2_t[2];
@@ -87,9 +89,12 @@ static const int abits = {
 	0, };

 static const int ebits = {
-	0, 0, 1, 0,
+
 };

+
+
+
 static int fp_is_zero(const fp_t a)
 {
 	return a[0] == 0 && a[1] == 0 && a[2] == 0 && a[3] == 0;
@@ -825,22 +830,14 @@ static void rate(fp12_t r, const point_t Q,  const fp_t xP, const fp_t yP)

 	for (i = 0; i < sizeof(abits); i++) {
 		eval(g, T, T, xP, yP);
-
-		fp12_sqr(t0, f);
-		fp12_mul(t1, t0, g);
-		fp12_copy(f, t1);
-
-		point_dbl(R, T);
-		point_copy(T, R);
+		fp12_sqr_to(f);
+		fp12_mul_to(f, g);
+		point_dbl_to(T);

 		if (abits[i]) {
 			eval(g, T, Q, xP, yP);
-
-			fp12_mul(t0, f, g);
-			fp12_copy(f, t0);
-
-			point_add(R, T, Q);
-			point_copy(T, R);
+			fp12_mul_to(f, g);
+			point_add_to(T, Q);
 		}
 	}

@@ -848,16 +845,13 @@ static void rate(fp12_t r, const point_t Q,  const fp_t xP, const fp_t yP)
 	frob_twice(Q, Q2);

 	eval(g, T, Q1, xP, yP);
-	fp12_mul(t, f, g);
-	fp12_copy(f, t);
+	fp12_mul_to(f, g);
+	point_add_to(T, Q1);

-	point_add(R, T, Q1);
-	point_copy(T, R);
-
-	point_neg(R, Q2);
-	eval(g, T, R, xP, yP);
-	fp12_mul(t, f, g);
-	fp12_copy(f, t);
+	point_neg_to(Q2);
+	eval(g, T, Q, xP, yP);
+	fp12_mul_to(f, g);
+	//point_add_to(T, Q2); 

 	final_expo(r, f);
 }