abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-25 14:43:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use z256 and jacobian coordinates as inner presentation of SM2 point

Browse Source
This commit is contained in:
Zhi Guan
2024-04-18 21:27:00 +08:00
parent 549c68d2df
commit e9bbcf5490
18 changed files with 312 additions and 646 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@@ -9,6 +9,8 @@
/demos/scripts/*.bin
/demos/scripts/*.sig
/examples/*
# Object files
*.o
*.obj
@@ -41,3 +43,6 @@
\#*#
*~
/docs/*

88
include/gmssl/sm2.h
View File

@@ -17,63 +17,25 @@
#include <stdlib.h>
#include <gmssl/api.h>
#include <gmssl/sm3.h>
#include <gmssl/sm2_z256.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef uint8_t sm2_bn_t[32];
typedef struct {
uint8_t x[32];
uint8_t y[32];
} SM2_POINT;
#define sm2_point_init(P) memset((P),0,sizeof(SM2_POINT))
#define sm2_point_set_infinity(P) sm2_point_init(P)
int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen);
void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33]);
void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65]);
int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y);
int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32]);
int sm2_point_is_on_curve(const SM2_POINT *P);
int sm2_point_is_at_infinity(const SM2_POINT *P);
int sm2_point_add(SM2_POINT *R, const SM2_POINT *P, const SM2_POINT *Q);
int sm2_point_sub(SM2_POINT *R, const SM2_POINT *P, const SM2_POINT *Q);
int sm2_point_neg(SM2_POINT *R, const SM2_POINT *P);
int sm2_point_dbl(SM2_POINT *R, const SM2_POINT *P);
int sm2_point_mul(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P);
int sm2_point_mul_generator(SM2_POINT *R, const uint8_t k[32]);
int sm2_point_mul_sum(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P, const uint8_t s[32]); // R = k * P + s * G
/*
RFC 5480 Elliptic Curve Cryptography Subject Public Key Information
ECPoint ::= OCTET STRING
*/
#define SM2_POINT_MAX_SIZE (2 + 65)
int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen);
int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen);
int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POINT *P);
int sm2_point_from_hash(SM2_POINT *R, const uint8_t *data, size_t datalen);
typedef struct {
SM2_POINT public_key;
uint8_t private_key[32];
SM2_Z256_POINT public_key;
sm2_z256_t private_key;
} SM2_KEY;
_gmssl_export int sm2_key_generate(SM2_KEY *key);
int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // key->public_key will be replaced
int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // key->private_key will be cleared // FIXME: support octets as input?
int sm2_key_set_private_key(SM2_KEY *key, const sm2_z256_t private_key);
int sm2_key_set_public_key(SM2_KEY *key, const SM2_Z256_POINT *public_key);
int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key);
int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key);
//int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key); // do we need this?
int sm2_public_key_digest(const SM2_KEY *key, uint8_t dgst[32]);
int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key);
@@ -156,6 +118,12 @@ _gmssl_export int sm2_private_key_info_encrypt_to_pem(const SM2_KEY *key, const
_gmssl_export int sm2_private_key_info_decrypt_from_pem(SM2_KEY *key, const char *pass, FILE *fp);
typedef struct {
uint8_t r[32];
uint8_t s[32];
@@ -164,6 +132,10 @@ typedef struct {
int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig);
int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig);
int sm2_fast_sign_compute_key(const SM2_KEY *key, sm2_z256_t fast_private);
int sm2_fast_sign_pre_compute(sm2_z256_t k, sm2_z256_t x1_modn);
int sm2_fast_sign(const sm2_z256_t fast_private, const sm2_z256_t k, const sm2_z256_t x1,
const uint8_t dgst[32], SM2_SIGNATURE *sig);
@@ -190,31 +162,25 @@ int sm2_sign_fixlen(const SM2_KEY *key, const uint8_t dgst[32], size_t siglen, u
#define SM2_MAX_ID_BITS 65535
#define SM2_MAX_ID_LENGTH (SM2_MAX_ID_BITS/8)
int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen);
int sm2_compute_z(uint8_t z[32], const SM2_Z256_POINT *pub, const char *id, size_t idlen);
typedef struct {
uint64_t k[4];
uint64_t x1[4];
sm2_z256_t k;
sm2_z256_t x1; // x1 (mod n)
} SM2_SIGN_PRE_COMP;
#define SM2_SIGN_PRE_COMP_COUNT 32
typedef struct {
SM3_CTX sm3_ctx;
SM3_CTX saved_sm3_ctx;
SM2_KEY key;
// FIXME: change `key` to SM2_Z256_POINT and uint64_t[4], inner type, faster sign/verify
uint64_t public_key[3][8]; // enough to hold point in Jacobian format
uint64_t sign_key[8]; // u64[8] to support SM2_BN
SM3_CTX inited_sm3_ctx;
SM2_SIGN_PRE_COMP pre_comp[32];
sm2_z256_t fast_sign_private;
SM2_SIGN_PRE_COMP pre_comp[SM2_SIGN_PRE_COMP_COUNT];
unsigned int num_pre_comp;
} SM2_SIGN_CTX;
_gmssl_export int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
_gmssl_export int sm2_sign_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
_gmssl_export int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
@@ -236,6 +202,11 @@ SM2Cipher ::= SEQUENCE {
#define SM2_MIN_PLAINTEXT_SIZE 1 // re-compute SM2_MIN_CIPHERTEXT_SIZE when modify
#define SM2_MAX_PLAINTEXT_SIZE 255 // re-compute SM2_MAX_CIPHERTEXT_SIZE when modify
typedef struct {
uint8_t x[32];
uint8_t y[32];
} SM2_POINT;
typedef struct {
SM2_POINT point;
uint8_t hash[32];
@@ -243,6 +214,7 @@ typedef struct {
uint8_t ciphertext[SM2_MAX_PLAINTEXT_SIZE];
} SM2_CIPHERTEXT;
int sm2_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out);
int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
@@ -265,8 +237,8 @@ int sm2_do_encrypt_fixlen(const SM2_KEY *key, const uint8_t *in, size_t inlen, i
int sm2_encrypt_fixlen(const SM2_KEY *key, const uint8_t *in, size_t inlen, int point_size, uint8_t *out, size_t *outlen);
int sm2_do_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out);
_gmssl_export int sm2_ecdh(const SM2_KEY *key, const uint8_t *peer_public, size_t peer_public_len, SM2_POINT *out);
int sm2_do_ecdh(const SM2_KEY *key, const SM2_Z256_POINT *peer_public, SM2_Z256_POINT *out);
_gmssl_export int sm2_ecdh(const SM2_KEY *key, const uint8_t *peer_public, size_t peer_public_len, uint8_t out[64]);
typedef struct {

29
include/gmssl/sm2_z256.h
View File

@@ -15,14 +15,19 @@
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#ifdef __cplusplus
extern "C" {
#endif
// z256 means compact presentation of uint256
typedef uint64_t sm2_z256_t[4];
void sm2_z256_set_one(sm2_z256_t r);
void sm2_z256_set_zero(sm2_z256_t r);
int sm2_z256_rand_range(uint64_t r[4], const uint64_t range[4]);
void sm2_z256_copy(uint64_t r[4], const uint64_t a[4]);
void sm2_z256_copy_conditional(uint64_t dst[4], const uint64_t src[4], uint64_t move);
@@ -38,7 +43,7 @@ void sm2_z256_mul(uint64_t r[8], const uint64_t a[4], const uint64_t b[4]);
int sm2_z256_get_booth(const uint64_t a[4], unsigned int window_size, int i);
void sm2_z256_from_hex(uint64_t r[4], const char *hex);
int sm2_z256_equ_hex(const uint64_t a[4], const char *hex);
int sm2_z256_print(FILE *fp, int ind, int fmt, const char *label, const uint64_t a[4]);
int sm2_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm2_z256_t a);
void sm2_z256_modp_add(uint64_t r[4], const uint64_t a[4], const uint64_t b[4]);
void sm2_z256_modp_dbl(uint64_t r[4], const uint64_t a[4]);
@@ -79,7 +84,7 @@ typedef struct {
} SM2_Z256_POINT;
void sm2_z256_point_set_infinity(SM2_Z256_POINT *P);
void sm2_z256_point_from_bytes(SM2_Z256_POINT *P, const uint8_t in[64]); // 检查is_on_curve
int sm2_z256_point_from_bytes(SM2_Z256_POINT *P, const uint8_t in[64]);
void sm2_z256_point_to_bytes(const SM2_Z256_POINT *P, uint8_t out[64]);
int sm2_z256_point_is_at_infinity(const SM2_Z256_POINT *P);
@@ -131,12 +136,20 @@ int sm2_z256_point_from_x_bytes(SM2_Z256_POINT *P, const uint8_t x_bytes[32], in
int sm2_z256_point_from_hash(SM2_Z256_POINT *R, const uint8_t *data, size_t datalen, int y_is_odd);
int sm2_z256_point_from_octets(SM2_Z256_POINT *P, const uint8_t *in, size_t inlen);
int sm2_z256_point_to_uncompressed_octets(const SM2_Z256_POINT *P, uint8_t out[65]);
int sm2_z256_point_to_compressed_octets(const SM2_Z256_POINT *P, uint8_t out[33]);
int sm2_z256_point_from_octets(SM2_Z256_POINT *P, const uint8_t *in, size_t inlen);
/*
RFC 5480 Elliptic Curve Cryptography Subject Public Key Information
ECPoint ::= OCTET STRING
*/
#define SM2_POINT_MAX_SIZE (2 + 65)
int sm2_z256_point_to_der(const SM2_Z256_POINT *P, uint8_t **out, size_t *outlen);
int sm2_z256_point_from_der(SM2_Z256_POINT *P, const uint8_t **in, size_t *inlen);
int sm2_z256_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_Z256_POINT *P);
// 这些函数还是放到sm2_sign里面好了反正这个依赖关系是处理不了的
int sm2_do_sign_fast(const uint64_t d[4], const uint8_t dgst[32], SM2_SIGNATURE *sig);
int sm2_do_sign_pre_compute(uint64_t k[4], uint64_t x1[4]);
int sm2_do_sign_fast_ex(const uint64_t d[4], const uint64_t k[4], const uint64_t x1[4], const uint8_t dgst[32], SM2_SIGNATURE *sig);
int sm2_do_verify_fast(const SM2_Z256_POINT *P, const uint8_t dgst[32], const SM2_SIGNATURE *sig);
#ifdef __cplusplus
}

22
include/gmssl/tls.h
View File

@@ -502,13 +502,13 @@ int tls13_process_client_supported_versions(const uint8_t *ext_data, size_t ext_
int tls13_process_server_supported_versions(const uint8_t *ext_data, size_t ext_datalen);
int tls13_key_share_entry_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen);
int tls13_client_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen);
int tls13_server_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen);
int tls13_key_share_entry_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen);
int tls13_client_key_share_ext_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen);
int tls13_server_key_share_ext_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen);
int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen,
const SM2_KEY *server_ecdhe_key, SM2_POINT *client_ecdhe_public,
const SM2_KEY *server_ecdhe_key, SM2_Z256_POINT *client_ecdhe_public,
uint8_t **out, size_t *outlen);
int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_POINT *point);
int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_Z256_POINT *point);
int tls13_certificate_authorities_ext_to_bytes(const uint8_t *ca_names, size_t ca_names_len,
@@ -533,14 +533,14 @@ int tls_server_key_exchange_print(FILE *fp, const uint8_t *ske, size_t skelen, i
#define TLS_MAX_SIGNATURE_SIZE SM2_MAX_SIGNATURE_SIZE
int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key,
const uint8_t client_random[32], const uint8_t server_random[32],
int curve, const SM2_POINT *point, uint8_t *sig, size_t *siglen);
int curve, const SM2_Z256_POINT *point, uint8_t *sig, size_t *siglen);
int tls_verify_server_ecdh_params(const SM2_KEY *server_sign_key,
const uint8_t client_random[32], const uint8_t server_random[32],
int curve, const SM2_POINT *point, const uint8_t *sig, size_t siglen);
int curve, const SM2_Z256_POINT *point, const uint8_t *sig, size_t siglen);
int tls_record_set_handshake_server_key_exchange_ecdhe(uint8_t *record, size_t *recordlen,
int curve, const SM2_POINT *point, const uint8_t *sig, size_t siglen);
int curve, const SM2_Z256_POINT *point, const uint8_t *sig, size_t siglen);
int tls_record_get_handshake_server_key_exchange_ecdhe(const uint8_t *record,
int *curve, SM2_POINT *point, const uint8_t **sig, size_t *siglen);
int *curve, SM2_Z256_POINT *point, const uint8_t **sig, size_t *siglen);
int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
int format, int indent);
@@ -583,8 +583,8 @@ int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *cke, size_t ckele
int tls_client_key_exchange_print(FILE *fp, const uint8_t *cke, size_t ckelen, int format, int indent);
int tls_record_set_handshake_client_key_exchange_ecdhe(uint8_t *record, size_t *recordlen,
const SM2_POINT *point); // 这里不应该支持SM2_POINT类型
int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_POINT *point);
const SM2_Z256_POINT *point); // 这里不应该支持SM2_POINT类型
int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_Z256_POINT *point);
int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
int format, int indent);

76
src/sm2_enc.c
View File

@@ -31,7 +31,7 @@ static int all_zero(const uint8_t *buf, size_t len)
return 1;
}
int sm2_do_encrypt_pre_compute(uint64_t k[4], uint8_t C1[64])
int sm2_do_encrypt_pre_compute(sm2_z256_t k, uint8_t C1[64])
{
SM2_Z256_POINT P;
@@ -50,14 +50,13 @@ int sm2_do_encrypt_pre_compute(uint64_t k[4], uint8_t C1[64])
return 1;
}
// 和签名不一样,加密的时候要生成 (k, (x1, y1)) 也就是y坐标也是需要的
// 其中k是要参与计算的但是 (x1, y1) 不参与计算,输出为 bytes 就可以了
// key->public_key will not be point_at_infinity when decoded from_bytes/octets/der
int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out)
{
sm2_z256_t k;
SM2_Z256_POINT _P, *P = &_P;
SM2_Z256_POINT _C1, *C1 = &_C1;
SM2_Z256_POINT _kP, *kP = &_kP;
SM2_Z256_POINT C1;
SM2_Z256_POINT kP;
uint8_t x2y2[64];
SM3_CTX sm3_ctx;
@@ -66,29 +65,22 @@ int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPH
return -1;
}
sm2_z256_point_from_bytes(P, (uint8_t *)&key->public_key);
// S = h * P, check S != O
// for sm2 curve, h == 1 and S == P
// SM2_POINT can not present point at infinity, do do nothing here
retry:
// rand k in [1, n - 1]
// TODO: set rand_bytes output for testing
do {
if (sm2_z256_rand_range(k, sm2_z256_order()) != 1) {
error_print();
return -1;
}
} while (sm2_z256_is_zero(k)); //sm2_bn_print(stderr, 0, 4, "k", k);
} while (sm2_z256_is_zero(k));
// output C1 = k * G = (x1, y1)
sm2_z256_point_mul_generator(C1, k);
sm2_z256_point_to_bytes(C1, (uint8_t *)&out->point);
sm2_z256_point_mul_generator(&C1, k);
sm2_z256_point_to_bytes(&C1, (uint8_t *)&out->point);
// k * P = (x2, y2)
sm2_z256_point_mul(kP, k, P);
sm2_z256_point_to_bytes(kP, x2y2);
sm2_z256_point_mul(&kP, k, &key->public_key);
sm2_z256_point_to_bytes(&kP, x2y2);
// t = KDF(x2 || y2, inlen)
sm2_kdf(x2y2, 64, inlen, out->ciphertext);
@@ -110,7 +102,7 @@ retry:
sm3_finish(&sm3_ctx, out->hash);
gmssl_secure_clear(k, sizeof(k));
gmssl_secure_clear(kP, sizeof(SM2_Z256_POINT));
gmssl_secure_clear(&kP, sizeof(SM2_Z256_POINT));
gmssl_secure_clear(x2y2, sizeof(x2y2));
return 1;
}
@@ -119,9 +111,8 @@ int sm2_do_encrypt_fixlen(const SM2_KEY *key, const uint8_t *in, size_t inlen, i
{
unsigned int trys = 200;
sm2_z256_t k;
SM2_Z256_POINT _P, *P = &_P;
SM2_Z256_POINT _C1, *C1 = &_C1;
SM2_Z256_POINT _kP, *kP = &_kP;
SM2_Z256_POINT C1;
SM2_Z256_POINT kP;
uint8_t x2y2[64];
SM3_CTX sm3_ctx;
@@ -140,12 +131,6 @@ int sm2_do_encrypt_fixlen(const SM2_KEY *key, const uint8_t *in, size_t inlen, i
return -1;
}
sm2_z256_point_from_bytes(P, (uint8_t *)&key->public_key);
// S = h * P, check S != O
// for sm2 curve, h == 1 and S == P
// SM2_POINT can not present point at infinity, do do nothing here
retry:
// rand k in [1, n - 1]
do {
@@ -153,11 +138,11 @@ retry:
error_print();
return -1;
}
} while (sm2_z256_is_zero(k)); //sm2_bn_print(stderr, 0, 4, "k", k);
} while (sm2_z256_is_zero(k));
// output C1 = k * G = (x1, y1)
sm2_z256_point_mul_generator(C1, k);
sm2_z256_point_to_bytes(C1, (uint8_t *)&out->point);
sm2_z256_point_mul_generator(&C1, k);
sm2_z256_point_to_bytes(&C1, (uint8_t *)&out->point);
// check fixlen
if (trys) {
@@ -175,8 +160,8 @@ retry:
}
// k * P = (x2, y2)
sm2_z256_point_mul(kP, k, P);
sm2_z256_point_to_bytes(kP, x2y2);
sm2_z256_point_mul(&kP, k, &key->public_key);
sm2_z256_point_to_bytes(&kP, x2y2);
// t = KDF(x2 || y2, inlen)
sm2_kdf(x2y2, 64, inlen, out->ciphertext);
@@ -198,7 +183,7 @@ retry:
sm3_finish(&sm3_ctx, out->hash);
gmssl_secure_clear(k, sizeof(k));
gmssl_secure_clear(kP, sizeof(SM2_Z256_POINT));
gmssl_secure_clear(&kP, sizeof(SM2_Z256_POINT));
gmssl_secure_clear(x2y2, sizeof(x2y2));
return 1;
}
@@ -206,28 +191,22 @@ retry:
int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, size_t *outlen)
{
int ret = -1;
sm2_z256_t d;
SM2_Z256_POINT _C1, *C1 = &_C1;
SM2_Z256_POINT C1;
uint8_t x2y2[64];
SM3_CTX sm3_ctx;
uint8_t hash[32];
// check C1 is on sm2 curve
sm2_z256_point_from_bytes(C1, (uint8_t *)&in->point);
if (!sm2_z256_point_is_on_curve(C1)) {
if (sm2_z256_point_from_bytes(&C1, (uint8_t *)&in->point) != 1) {
error_print();
return -1;
}
// check if S = h * C1 is point at infinity
// this will not happen, as SM2_POINT can not present point at infinity
// d * C1 = (x2, y2)
sm2_z256_from_bytes(d, key->private_key);
sm2_z256_point_mul(C1, d, C1);
sm2_z256_point_mul(&C1, key->private_key, &C1);
// t = KDF(x2 || y2, klen) and check t is not all zeros
sm2_z256_point_to_bytes(C1, x2y2);
sm2_z256_point_to_bytes(&C1, x2y2);
sm2_kdf(x2y2, 64, in->ciphertext_size, out);
if (all_zero(out, in->ciphertext_size)) {
error_print();
@@ -253,8 +232,7 @@ int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, s
ret = 1;
end:
gmssl_secure_clear(d, sizeof(d));
gmssl_secure_clear(C1, sizeof(SM2_Z256_POINT));
gmssl_secure_clear(&C1, sizeof(SM2_Z256_POINT));
gmssl_secure_clear(x2y2, sizeof(x2y2));
return ret;
}
@@ -312,7 +290,7 @@ int sm2_ciphertext_from_der(SM2_CIPHERTEXT *C, const uint8_t **in, size_t *inlen
return -1;
}
if (asn1_octet_string_from_der(&c, &clen, &d, &dlen) != 1
// || asn1_length_is_zero(clen) == 1
// || asn1_length_is_zero(clen) == 1
|| asn1_length_le(clen, SM2_MAX_PLAINTEXT_SIZE) != 1) {
error_print();
return -1;
@@ -324,10 +302,6 @@ int sm2_ciphertext_from_der(SM2_CIPHERTEXT *C, const uint8_t **in, size_t *inlen
memset(C, 0, sizeof(SM2_CIPHERTEXT));
memcpy(C->point.x + 32 - xlen, x, xlen);
memcpy(C->point.y + 32 - ylen, y, ylen);
if (sm2_point_is_on_curve(&C->point) != 1) {
error_print();
return -1;
}
memcpy(C->hash, hash, hashlen);
memcpy(C->ciphertext, c, clen);
C->ciphertext_size = (uint8_t)clen;

24
src/sm2_exch.c
View File

@@ -20,36 +20,30 @@
#include <gmssl/endian.h>
int sm2_do_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out)
int sm2_do_ecdh(const SM2_KEY *key, const SM2_Z256_POINT *peer_public, SM2_Z256_POINT *out)
{
/*
if (sm2_point_is_on_curve(peer_public) != 1) {
error_print();
return -1;
}
*/
if (sm2_point_mul(out, key->private_key, peer_public) != 1) {
error_print();
return -1;
}
sm2_z256_point_mul(out, key->private_key, peer_public);
return 1;
}
int sm2_ecdh(const SM2_KEY *key, const uint8_t *peer_public, size_t peer_public_len, SM2_POINT *out)
// FIXME: 输入(octets)和输出(bytes)格式不一致
int sm2_ecdh(const SM2_KEY *key, const uint8_t *peer_public, size_t peer_public_len, uint8_t out[64])
{
SM2_POINT point;
SM2_Z256_POINT point;
if (!key || !peer_public || !peer_public_len || !out) {
error_print();
return -1;
}
if (sm2_point_from_octets(&point, peer_public, peer_public_len) != 1) {
if (sm2_z256_point_from_octets(&point, peer_public, peer_public_len) != 1) {
error_print();
return -1;
}
if (sm2_do_ecdh(key, &point, out) != 1) {
if (sm2_do_ecdh(key, &point, &point) != 1) {
error_print();
return -1;
}
sm2_z256_point_to_bytes(&point, out);
return 1;
}

113
src/sm2_key.c
View File

@@ -25,81 +25,54 @@
int sm2_key_generate(SM2_KEY *key)
{
uint64_t d[4];
SM2_Z256_POINT P;
if (!key) {
error_print();
return -1;
}
// rand sk in [1, n-2]
do {
if (sm2_z256_rand_range(d, sm2_z256_order_minus_one()) != 1) {
if (sm2_z256_rand_range(key->private_key, sm2_z256_order_minus_one()) != 1) {
error_print();
return -1;
}
} while (sm2_z256_is_zero(d));
} while (sm2_z256_is_zero(key->private_key));
sm2_z256_point_mul_generator(&P, d);
sm2_z256_point_mul_generator(&key->public_key, key->private_key);
sm2_z256_to_bytes(d, key->private_key);
sm2_z256_point_to_bytes(&P, (uint8_t *)&key->public_key);
gmssl_secure_clear(d, sizeof(d));
return 1;
}
int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32])
int sm2_key_set_private_key(SM2_KEY *key, const sm2_z256_t private_key)
{
uint64_t d[4];
SM2_Z256_POINT P;
int ret = -1;
if (!key || !private_key) {
error_print();
return -1;
}
sm2_z256_from_bytes(d, private_key);
if (sm2_z256_is_zero(d)) {
if (sm2_z256_is_zero(private_key)) {
error_print();
goto end;
return -1;
}
if (sm2_z256_cmp(d, sm2_z256_order_minus_one()) >= 0) {
if (sm2_z256_cmp(private_key, sm2_z256_order_minus_one()) >= 0) {
error_print();
goto end;
return -1;
}
sm2_z256_copy(key->private_key, private_key);
sm2_z256_point_mul_generator(&key->public_key, private_key);
sm2_z256_point_mul_generator(&P, d);
sm2_z256_to_bytes(d, key->private_key);
sm2_z256_point_to_bytes(&P, (uint8_t *)&key->public_key);
ret = 1;
end:
gmssl_secure_clear(d, sizeof(d));
return ret;
return 1;
}
int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key)
int sm2_key_set_public_key(SM2_KEY *key, const SM2_Z256_POINT *public_key)
{
uint64_t d[4] = {0};
SM2_Z256_POINT P;
if (!key || !public_key) {
error_print();
return -1;
}
sm2_z256_point_from_bytes(&P, (uint8_t *)public_key);
if (sm2_z256_point_is_on_curve(&P) != 1) {
error_print();
return -1;
}
sm2_z256_to_bytes(d, key->private_key);
sm2_z256_point_to_bytes(&P, (uint8_t *)&key->public_key);
key->public_key = *public_key;
sm2_z256_set_zero(key->private_key);
return 1;
}
@@ -109,21 +82,21 @@ int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *
format_print(fp, fmt, ind, "%s\n", label);
ind += 4;
sm2_public_key_print(fp, fmt, ind, "publicKey", key);
format_bytes(fp, fmt, ind, "privateKey", key->private_key, 32);
sm2_z256_print(fp, fmt, ind, "privateKey", key->private_key);
return 1;
}
int sm2_public_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen)
{
uint8_t buf[65];
uint8_t octets[65];
size_t len = 0;
if (!key) {
return 0;
}
sm2_point_to_uncompressed_octets(&key->public_key, buf);
if (asn1_bit_octets_to_der(buf, sizeof(buf), out, outlen) != 1) {
sm2_z256_point_to_uncompressed_octets(&key->public_key, octets);
if (asn1_bit_octets_to_der(octets, sizeof(octets), out, outlen) != 1) {
error_print();
return -1;
}
@@ -135,7 +108,6 @@ int sm2_public_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen)
int ret;
const uint8_t *d;
size_t dlen;
SM2_POINT P;
if ((ret = asn1_bit_octets_from_der(&d, &dlen, in, inlen)) != 1) {
if (ret < 0) error_print();
@@ -146,21 +118,18 @@ int sm2_public_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen)
return -1;
}
// 这里不太对SM2_POINT 被反复检查了
if (sm2_point_from_octets(&P, d, dlen) != 1) {
error_print();
return -1;
}
if (sm2_key_set_public_key(key, &P) != 1) {
if (sm2_z256_point_from_octets(&key->public_key, d, dlen) != 1) {
error_print();
return -1;
}
sm2_z256_set_zero(key->private_key);
return 1;
}
int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key)
{
return sm2_point_print(fp, fmt, ind, label, &pub_key->public_key);
return sm2_z256_point_print(fp, fmt, ind, label, &pub_key->public_key);
}
int sm2_public_key_algor_to_der(uint8_t **out, size_t *outlen)
@@ -196,13 +165,14 @@ int sm2_public_key_algor_from_der(const uint8_t **in, size_t *inlen)
#define SM2_PRIVATE_KEY_DER_SIZE 121
int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen)
{
size_t len = 0;
uint8_t params[64];
uint8_t pubkey[128];
uint8_t *params_ptr = params;
uint8_t *pubkey_ptr = pubkey;
size_t params_len = 0;
size_t pubkey_len = 0;
uint8_t prikey[32];
size_t len = 0;
if (!key) {
error_print();
@@ -213,18 +183,21 @@ int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen)
error_print();
return -1;
}
sm2_z256_to_bytes(key->private_key, prikey);
if (asn1_int_to_der(EC_private_key_version, NULL, &len) != 1
|| asn1_octet_string_to_der(key->private_key, 32, NULL, &len) != 1
|| asn1_octet_string_to_der(prikey, 32, NULL, &len) != 1
|| asn1_explicit_to_der(0, params, params_len, NULL, &len) != 1
|| asn1_explicit_to_der(1, pubkey, pubkey_len, NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|| asn1_int_to_der(EC_private_key_version, out, outlen) != 1
|| asn1_octet_string_to_der(key->private_key, 32, out, outlen) != 1
|| asn1_octet_string_to_der(prikey, 32, out, outlen) != 1
|| asn1_explicit_to_der(0, params, params_len, out, outlen) != 1
|| asn1_explicit_to_der(1, pubkey, pubkey_len, out, outlen) != 1) {
gmssl_secure_clear(prikey, 32);
error_print();
return -1;
}
gmssl_secure_clear(prikey, 32);
return 1;
}
@@ -238,6 +211,7 @@ int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen)
const uint8_t *params;
const uint8_t *pubkey;
size_t prikey_len, params_len, pubkey_len;
sm2_z256_t private_key;
if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
if (ret < 0) error_print();
@@ -261,11 +235,17 @@ int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen)
return -1;
}
}
if (asn1_check(prikey_len == 32) != 1
|| sm2_key_set_private_key(key, prikey) != 1) {
if (asn1_check(prikey_len == 32) != 1) {
error_print();
return -1;
}
sm2_z256_from_bytes(private_key, prikey);
if (sm2_key_set_private_key(key, private_key) != 1) {
gmssl_secure_clear(private_key, 32);
error_print();
return -1;
}
gmssl_secure_clear(private_key, 32);
// check if the public key is correct
if (pubkey) {
@@ -536,21 +516,16 @@ int sm2_public_key_info_from_pem(SM2_KEY *a, FILE *fp)
int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key)
{
if (memcmp(sm2_key, pub_key, sizeof(SM2_POINT)) == 0) {
return 1;
if (sm2_z256_point_equ(&sm2_key->public_key, &pub_key->public_key) != 1) {
return 0;
}
return 0;
}
int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key)
{
return sm2_key_set_public_key(sm2_key, &pub_key->public_key);
return 1;
}
int sm2_public_key_digest(const SM2_KEY *sm2_key, uint8_t dgst[32])
{
uint8_t bits[65];
sm2_point_to_uncompressed_octets(&sm2_key->public_key, bits);
sm2_z256_point_to_uncompressed_octets(&sm2_key->public_key, bits);
sm3_digest(bits, sizeof(bits), dgst);
return 1;
}

264
src/sm2_sign.c
View File

@@ -23,7 +23,6 @@
int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig)
{
SM2_Z256_POINT P;
sm2_z256_t d;
sm2_z256_t d_inv;
sm2_z256_t e;
sm2_z256_t k;
@@ -32,10 +31,8 @@ int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig)
sm2_z256_t r;
sm2_z256_t s;
sm2_z256_from_bytes(d, key->private_key);
// compute (d + 1)^-1 (mod n)
sm2_z256_modn_add(d_inv, d, sm2_z256_one());
sm2_z256_modn_add(d_inv, key->private_key, sm2_z256_one());
if (sm2_z256_is_zero(d_inv)) {
error_print();
return -1;
@@ -75,7 +72,7 @@ retry:
}
// s = ((1 + d)^-1 * (k - r * d)) mod n
sm2_z256_modn_mul(t, r, d);
sm2_z256_modn_mul(t, r, key->private_key);
sm2_z256_modn_sub(k, k, t);
sm2_z256_modn_mul(s, d_inv, k);
@@ -87,14 +84,22 @@ retry:
sm2_z256_to_bytes(r, sig->r);
sm2_z256_to_bytes(s, sig->s);
gmssl_secure_clear(d, sizeof(d));
gmssl_secure_clear(d_inv, sizeof(d_inv));
gmssl_secure_clear(k, sizeof(k));
gmssl_secure_clear(t, sizeof(t));
return 1;
}
int sm2_do_sign_pre_compute(uint64_t k[4], uint64_t x1[4])
// d' = (d + 1)^-1 (mod n)
int sm2_fast_sign_compute_key(const SM2_KEY *key, sm2_z256_t fast_private)
{
sm2_z256_modn_add(fast_private, key->private_key, sm2_z256_one());
sm2_z256_modn_inv(fast_private, fast_private);
return 1;
}
// (x1, y1) = [k]G
int sm2_fast_sign_pre_compute(sm2_z256_t k, sm2_z256_t x1_modn)
{
SM2_Z256_POINT P;
@@ -108,12 +113,21 @@ int sm2_do_sign_pre_compute(uint64_t k[4], uint64_t x1[4])
// (x1, y1) = kG
sm2_z256_point_mul_generator(&P, k);
sm2_z256_point_get_xy(&P, x1, NULL);
sm2_z256_point_get_xy(&P, x1_modn, NULL);
// x1 mod n
if (sm2_z256_cmp(x1_modn, sm2_z256_order()) >= 0) {
sm2_z256_sub(x1_modn, x1_modn, sm2_z256_order());
}
return 1;
}
int sm2_do_sign_fast_ex(const uint64_t d[4], const uint64_t k[4], const uint64_t x1[4], const uint8_t dgst[32], SM2_SIGNATURE *sig)
// s = (k - r * d)/(1 + d)
// = -r + (k + r)*(1 + d)^-1
// = -r + (k + r) * d'
int sm2_fast_sign(const sm2_z256_t fast_private,
const sm2_z256_t k, const sm2_z256_t x1,
const uint8_t dgst[32], SM2_SIGNATURE *sig)
{
SM2_Z256_POINT R;
sm2_z256_t e;
@@ -131,7 +145,7 @@ int sm2_do_sign_fast_ex(const uint64_t d[4], const uint64_t k[4], const uint64_t
// s = (k + r) * d' - r
sm2_z256_modn_add(s, k, r);
sm2_z256_modn_mul(s, s, d);
sm2_z256_modn_mul(s, s, fast_private);
sm2_z256_modn_sub(s, s, r);
sm2_z256_to_bytes(r, sig->r);
@@ -140,67 +154,7 @@ int sm2_do_sign_fast_ex(const uint64_t d[4], const uint64_t k[4], const uint64_t
return 1;
}
// (x1, y1) = k * G
// r = e + x1
// s = (k - r * d)/(1 + d) = (k +r - r * d - r)/(1 + d) = (k + r - r(1 +d))/(1 + d) = (k + r)/(1 + d) - r
// = -r + (k + r)*(1 + d)^-1
// = -r + (k + r) * d'
int sm2_do_sign_fast(const uint64_t d[4], const uint8_t dgst[32], SM2_SIGNATURE *sig)
{
SM2_Z256_POINT R;
sm2_z256_t e;
sm2_z256_t k;
sm2_z256_t x1;
sm2_z256_t r;
sm2_z256_t s;
const uint64_t *order = sm2_z256_order();
// e = H(M)
sm2_z256_from_bytes(e, dgst);
if (sm2_z256_cmp(e, order) >= 0) {
sm2_z256_sub(e, e, order);
}
/// <<<<<<<<<<< 这里的 (k, x1) 应该是从外部输入的!!,这样才是最快的。
// rand k in [1, n - 1]
do {
if (sm2_z256_rand_range(k, sm2_z256_order()) != 1) {
error_print();
return -1;
}
} while (sm2_z256_is_zero(k));
// (x1, y1) = kG
sm2_z256_point_mul_generator(&R, k); // 这个函数要粗力度并行,这要怎么做?
sm2_z256_point_get_xy(&R, x1, NULL);
/// >>>>>>>>>>>>>>>>>>
// r = e + x1 (mod n)
sm2_z256_modn_add(r, e, x1);
// 对于快速实现来说,只需要一次乘法
// 如果 (k, x) 是预计算的,这意味着我们可以并行这个操作
// 也就是随机产生一些k然后执行粗力度并行的点乘
// s = (k + r) * d' - r
sm2_z256_modn_add(s, k, r);
sm2_z256_modn_mul(s, s, d);
sm2_z256_modn_sub(s, s, r);
sm2_z256_to_bytes(r, sig->r);
sm2_z256_to_bytes(s, sig->s);
return 1;
}
// 这个其实并没有更快无非就是降低了解析公钥椭圆曲线点的计算量这个点要转换为内部的Mont格式
// 这里根本没有modn的乘法
int sm2_do_verify_fast(const SM2_Z256_POINT *P, const uint8_t dgst[32], const SM2_SIGNATURE *sig)
int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig)
{
SM2_Z256_POINT R;
sm2_z256_t r;
@@ -209,33 +163,26 @@ int sm2_do_verify_fast(const SM2_Z256_POINT *P, const uint8_t dgst[32], const SM
sm2_z256_t x;
sm2_z256_t t;
const uint64_t *order = sm2_z256_order();
// check r, s in [1, n-1]
sm2_z256_from_bytes(r, sig->r);
// check r in [1, n-1]
if (sm2_z256_is_zero(r) == 1) {
error_print();
return -1;
}
if (sm2_z256_cmp(r, order) >= 0) {
if (sm2_z256_cmp(r, sm2_z256_order()) >= 0) {
error_print();
return -1;
}
sm2_z256_from_bytes(s, sig->s);
// check s in [1, n-1]
if (sm2_z256_is_zero(s) == 1) {
error_print();
return -1;
}
if (sm2_z256_cmp(s, order) >= 0) {
if (sm2_z256_cmp(s, sm2_z256_order()) >= 0) {
error_print();
return -1;
}
// e = H(M)
sm2_z256_from_bytes(e, dgst);
// t = r + s (mod n), check t != 0
sm2_z256_modn_add(t, r, s);
if (sm2_z256_is_zero(t)) {
@@ -243,16 +190,19 @@ int sm2_do_verify_fast(const SM2_Z256_POINT *P, const uint8_t dgst[32], const SM
return -1;
}
// Q = s * G + t * P
sm2_z256_point_mul_sum(&R, t, P, s);
// Q(x,y) = s * G + t * P
sm2_z256_point_mul_sum(&R, t, &key->public_key, s);
sm2_z256_point_get_xy(&R, x, NULL);
// r' = e + x (mod n)
if (sm2_z256_cmp(e, order) >= 0) {
sm2_z256_sub(e, e, order);
// e = H(M)
sm2_z256_from_bytes(e, dgst);
if (sm2_z256_cmp(e, sm2_z256_order()) >= 0) {
sm2_z256_sub(e, e, sm2_z256_order());
}
if (sm2_z256_cmp(x, order) >= 0) {
sm2_z256_sub(x, x, order);
// r' = e + x (mod n)
if (sm2_z256_cmp(x, sm2_z256_order()) >= 0) {
sm2_z256_sub(x, x, sm2_z256_order());
}
sm2_z256_modn_add(e, e, x);
@@ -264,90 +214,6 @@ int sm2_do_verify_fast(const SM2_Z256_POINT *P, const uint8_t dgst[32], const SM
return 1;
}
int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig)
{
SM2_Z256_POINT _P, *P = &_P;
SM2_Z256_POINT _R, *R = &_R;
sm2_z256_t r;
sm2_z256_t s;
sm2_z256_t e;
sm2_z256_t x;
sm2_z256_t t;
const uint64_t *order = sm2_z256_order();
sm2_z256_print(stderr, 0, 4, "n", order);
// parse public key
sm2_z256_point_from_bytes(P, (const uint8_t *)&key->public_key);
//sm2_z256_point_from_bytes(P, (const uint8_t *)&key->public_key);
//sm2_jacobian_point_print(stderr, 0, 4, "P", P);
// parse signature values
sm2_z256_from_bytes(r, sig->r); sm2_z256_print(stderr, 0, 4, "r", r);
sm2_z256_from_bytes(s, sig->s); sm2_z256_print(stderr, 0, 4, "s", s);
// check r, s in [1, n-1]
if (sm2_z256_is_zero(r) == 1) {
error_print();
return -1;
}
if (sm2_z256_cmp(r, order) >= 0) {
sm2_z256_print(stderr, 0, 4, "err: r", r);
sm2_z256_print(stderr, 0, 4, "err: order", order);
error_print();
return -1;
}
if (sm2_z256_is_zero(s) == 1) {
error_print();
return -1;
}
if (sm2_z256_cmp(s, order) >= 0) {
sm2_z256_print(stderr, 0, 4, "err: s", s);
sm2_z256_print(stderr, 0, 4, "err: order", order);
printf(">>>>>\n");
int r = sm2_z256_cmp(s, order);
fprintf(stderr, "cmp ret = %d\n", r);
printf(">>>>>\n");
error_print();
return -1;
}
// e = H(M)
sm2_z256_from_bytes(e, dgst); //sm2_bn_print(stderr, 0, 4, "e = H(M)", e);
// t = r + s (mod n), check t != 0
sm2_z256_modn_add(t, r, s); //sm2_bn_print(stderr, 0, 4, "t = r + s (mod n)", t);
if (sm2_z256_is_zero(t)) {
error_print();
return -1;
}
// Q = s * G + t * P
sm2_z256_point_mul_sum(R, t, P, s);
sm2_z256_point_get_xy(R, x, NULL);
//sm2_bn_print(stderr, 0, 4, "x", x);
// r' = e + x (mod n)
if (sm2_z256_cmp(e, order) >= 0) {
sm2_z256_sub(e, e, order);
}
if (sm2_z256_cmp(x, order) >= 0) {
sm2_z256_sub(x, x, order);
}
sm2_z256_modn_add(e, e, x); //sm2_bn_print(stderr, 0, 4, "e + x (mod n)", e);
// check if r == r'
if (sm2_z256_cmp(e, r) != 0) {
error_print();
return -1;
}
return 1;
}
int sm2_signature_to_der(const SM2_SIGNATURE *sig, uint8_t **out, size_t *outlen)
{
size_t len = 0;
@@ -483,7 +349,7 @@ int sm2_verify(const SM2_KEY *key, const uint8_t dgst[32], const uint8_t *sigbuf
return 1;
}
int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen)
int sm2_compute_z(uint8_t z[32], const SM2_Z256_POINT *pub, const char *id, size_t idlen)
{
SM3_CTX ctx;
uint8_t zin[18 + 32 * 6] = {
@@ -504,8 +370,7 @@ int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t id
return -1;
}
memcpy(&zin[18 + 32 * 4], pub->x, 32);
memcpy(&zin[18 + 32 * 5], pub->y, 32);
sm2_z256_point_to_bytes(pub, &zin[18 + 32 * 4]);
sm3_init(&ctx);
if (strcmp(id, SM2_DEFAULT_ID) == 0) {
@@ -550,6 +415,7 @@ int sm2_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out)
return 1;
}
int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen)
{
size_t i;
@@ -558,17 +424,11 @@ int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t
error_print();
return -1;
}
ctx->key = *key;
// d' = (d + 1)^-1 (mod n)
sm2_z256_from_bytes(ctx->sign_key, key->private_key);
sm2_z256_modn_add(ctx->sign_key, ctx->sign_key, sm2_z256_one());
sm2_z256_modn_inv(ctx->sign_key, ctx->sign_key);
sm3_init(&ctx->sm3_ctx);
if (id) {
uint8_t z[SM3_DIGEST_SIZE];
if (idlen <= 0 || idlen > SM2_MAX_ID_LENGTH) {
error_print();
return -1;
@@ -576,24 +436,26 @@ int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t
sm2_compute_z(z, &key->public_key, id, idlen);
sm3_update(&ctx->sm3_ctx, z, sizeof(z));
}
ctx->saved_sm3_ctx = ctx->sm3_ctx;
ctx->inited_sm3_ctx = ctx->sm3_ctx;
// pre compute (k, x = [k]G.x)
for (i = 0; i < 32; i++) {
if (sm2_do_sign_pre_compute(ctx->pre_comp[i].k, ctx->pre_comp[i].x1) != 1) {
for (i = 0; i < SM2_SIGN_PRE_COMP_COUNT; i++) {
if (sm2_fast_sign_pre_compute(ctx->pre_comp[i].k, ctx->pre_comp[i].x1) != 1) {
error_print();
return -1;
}
}
ctx->num_pre_comp = 32;
ctx->num_pre_comp = SM2_SIGN_PRE_COMP_COUNT;
// copy private key at last
ctx->key = *key;
sm2_fast_sign_compute_key(key, ctx->fast_sign_private);
return 1;
}
int sm2_sign_ctx_reset(SM2_SIGN_CTX *ctx)
{
ctx->sm3_ctx = ctx->inited_sm3_ctx;
ctx->sm3_ctx = ctx->saved_sm3_ctx;
return 1;
}
@@ -618,21 +480,22 @@ int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
error_print();
return -1;
}
sm3_finish(&ctx->sm3_ctx, dgst);
if (ctx->num_pre_comp == 0) {
size_t i;
for (i = 0; i < 32; i++) {
if (sm2_do_sign_pre_compute(ctx->pre_comp[i].k, ctx->pre_comp[i].x1) != 1) {
for (i = 0; i < SM2_SIGN_PRE_COMP_COUNT; i++) {
if (sm2_fast_sign_pre_compute(ctx->pre_comp[i].k, ctx->pre_comp[i].x1) != 1) {
error_print();
return -1;
}
}
ctx->num_pre_comp = 32;
ctx->num_pre_comp = SM2_SIGN_PRE_COMP_COUNT;
}
ctx->num_pre_comp--;
if (sm2_do_sign_fast_ex(ctx->sign_key,
if (sm2_fast_sign(ctx->fast_sign_private,
ctx->pre_comp[ctx->num_pre_comp].k, ctx->pre_comp[ctx->num_pre_comp].x1,
dgst, &signature) != 1) {
error_print();
@@ -670,15 +533,11 @@ int sm2_verify_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
ctx->key.public_key = key->public_key;
sm2_z256_point_from_bytes((SM2_Z256_POINT *)&ctx->public_key, (const uint8_t *)&key->public_key);
sm3_init(&ctx->sm3_ctx);
if (id) {
uint8_t z[SM3_DIGEST_SIZE];
if (idlen <= 0 || idlen > SM2_MAX_ID_LENGTH) {
error_print();
return -1;
@@ -686,8 +545,15 @@ int sm2_verify_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_
sm2_compute_z(z, &key->public_key, id, idlen);
sm3_update(&ctx->sm3_ctx, z, sizeof(z));
}
ctx->saved_sm3_ctx = ctx->sm3_ctx;
ctx->inited_sm3_ctx = ctx->sm3_ctx;
if (sm2_key_set_public_key(&ctx->key, &key->public_key) != 1) {
error_print();
return -1;
}
sm2_z256_set_zero(ctx->fast_sign_private);
memset(ctx->pre_comp, 0, sizeof(SM2_SIGN_PRE_COMP) * SM2_SIGN_PRE_COMP_COUNT);
return 1;
}

253
src/sm2_z256.c
View File

@@ -73,6 +73,14 @@ const uint64_t *sm2_z256_one(void) {
return &SM2_Z256_ONE[0];
}
void sm2_z256_set_one(sm2_z256_t r)
{
r[0] = 1;
r[1] = 0;
r[2] = 0;
r[3] = 0;
}
void sm2_z256_set_zero(uint64_t a[4])
{
a[0] = a[1] = a[2] = a[3] = 0;
@@ -944,16 +952,6 @@ void sm2_z256_modn_to_mont(const uint64_t a[4], uint64_t r[4])
}
#endif
/*
int sm2_z256_modn_mont_print(FILE *fp, int ind, int fmt, const char *label, const uint64_t a[4])
{
uint64_t r[4];
sm2_z256_modn_from_mont(r, a);
sm2_z256_print(fp, ind, fmt, label, r);
return 1;
}
*/
// Jacobian Point with Montgomery coordinates
@@ -1024,8 +1022,7 @@ int sm2_z256_point_is_on_curve(const SM2_Z256_POINT *P)
}
if (sm2_z256_cmp(t0, t1) != 0) {
error_print();
return -1;
return 0;
}
return 1;
}
@@ -1585,13 +1582,28 @@ void sm2_z256_point_mul_sum(SM2_Z256_POINT *R, const uint64_t t[4], const SM2_Z2
sm2_z256_point_add(R, R, &Q);
}
void sm2_z256_point_from_bytes(SM2_Z256_POINT *P, const uint8_t in[64])
// point_at_infinity can not be encoded/decoded to/from bytes
int sm2_z256_point_from_bytes(SM2_Z256_POINT *P, const uint8_t in[64])
{
sm2_z256_from_bytes(P->X, in);
if (sm2_z256_cmp(P->X, sm2_z256_prime()) >= 0) {
error_print();
return -1;
}
sm2_z256_from_bytes(P->Y, in + 32);
if (sm2_z256_cmp(P->Y, sm2_z256_prime()) >= 0) {
error_print();
return -1;
}
sm2_z256_modp_to_mont(P->X, P->X);
sm2_z256_modp_to_mont(P->Y, P->Y);
sm2_z256_copy(P->Z, SM2_Z256_MODP_MONT_ONE);
if (sm2_z256_point_is_on_curve(P) != 1) {
error_print();
return -1;
}
return 1;
}
int sm2_z256_point_set_xy(SM2_Z256_POINT *R, const sm2_z256_t x, const sm2_z256_t y)
@@ -1649,7 +1661,6 @@ int sm2_z256_point_equ(const SM2_Z256_POINT *P, const SM2_Z256_POINT *Q)
sm2_z256_modp_mont_mul(V1, P->X, Z2);
sm2_z256_modp_mont_mul(V2, Q->X, Z1);
if (sm2_z256_cmp(V1, V2) != 0) {
error_print();
return 0;
}
@@ -1659,7 +1670,6 @@ int sm2_z256_point_equ(const SM2_Z256_POINT *P, const SM2_Z256_POINT *Q)
sm2_z256_modp_mont_mul(V1, P->Y, Z2);
sm2_z256_modp_mont_mul(V2, Q->Y, Z1);
if (sm2_z256_cmp(V1, V2) != 0) {
error_print();
return 0;
}
@@ -1687,25 +1697,25 @@ int sm2_z256_is_odd(const uint64_t a[4])
return a[0] & 0x01;
}
// return 0 if no point for given x coordinate
int sm2_z256_point_from_x_bytes(SM2_Z256_POINT *P, const uint8_t x_bytes[32], int y_is_odd)
{
// mont(3), i.e. mont(-b)
const uint64_t SM2_Z256_MODP_MONT_THREE[4] = {
0x0000000000000003, 0x00000002fffffffd, 0x0000000000000000, 0x0000000300000000
};
uint64_t x[4];
uint64_t y_sqr[4];
uint64_t y[4];
int ret;
uint64_t SM2_Z256_MODP_MONT_THREE[4] = { 3,0,0,0 };
sm2_z256_modp_to_mont(SM2_Z256_MODP_MONT_THREE, SM2_Z256_MODP_MONT_THREE);
sm2_z256_from_bytes(x, x_bytes);
if (sm2_z256_cmp(x, SM2_Z256_P) >= 0) {
error_print();
return -1;
}
sm2_z256_modp_to_mont(x, x);
sm2_z256_copy(P->X, x);
// y^2 = x^3 - 3x + b = (x^2 - 3)*x + b
@@ -1773,165 +1783,41 @@ int sm2_z256_point_from_hash(SM2_Z256_POINT *R, const uint8_t *data, size_t data
return 1;
}
int sm2_point_is_on_curve(const SM2_POINT *P)
// return -1 given point_at_infinity
int sm2_z256_point_to_compressed_octets(const SM2_Z256_POINT *P, uint8_t out[33])
{
SM2_Z256_POINT T;
sm2_z256_point_from_bytes(&T, (const uint8_t *)P);
sm2_z256_t x;
sm2_z256_t y;
if (sm2_z256_point_is_on_curve(&T) == 1) {
return 1;
} else {
return 0;
}
}
// 应该测试这个函数
int sm2_point_is_at_infinity(const SM2_POINT *P)
{
SM2_Z256_POINT T;
sm2_z256_point_from_bytes(&T, (const uint8_t *)P);
if (sm2_z256_point_is_at_infinity(&T)) {
return 1;
} else {
return 0;
}
}
int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y_is_odd)
{
SM2_Z256_POINT T;
if (sm2_z256_point_from_x_bytes(&T, x, y_is_odd) != 1) {
if (sm2_z256_point_is_at_infinity(P)) {
error_print();
return -1;
}
sm2_z256_point_to_bytes(&T, (uint8_t *)P);
return 1;
}
sm2_z256_point_get_xy(P, x, y);
int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32])
{
memcpy(P->x, x, 32);
memcpy(P->y, y, 32);
return sm2_point_is_on_curve(P);
}
int sm2_point_add(SM2_POINT *R, const SM2_POINT *P, const SM2_POINT *Q)
{
SM2_Z256_POINT P_;
SM2_Z256_POINT Q_;
sm2_z256_point_from_bytes(&P_, (uint8_t *)P);
sm2_z256_point_from_bytes(&Q_, (uint8_t *)Q);
sm2_z256_point_add(&P_, &P_, &Q_);
sm2_z256_point_to_bytes(&P_, (uint8_t *)R);
if (sm2_z256_is_odd(y)) {
out[0] = SM2_point_compressed_y_odd;
} else {
out[0] = SM2_point_compressed_y_even;
}
sm2_z256_to_bytes(y, out + 1);
return 1;
}
int sm2_point_sub(SM2_POINT *R, const SM2_POINT *P, const SM2_POINT *Q)
// return -1 given point_at_infinity
int sm2_z256_point_to_uncompressed_octets(const SM2_Z256_POINT *P, uint8_t out[65])
{
SM2_Z256_POINT P_;
SM2_Z256_POINT Q_;
sm2_z256_point_from_bytes(&P_, (uint8_t *)P);
sm2_z256_point_from_bytes(&Q_, (uint8_t *)Q);
sm2_z256_point_sub(&P_, &P_, &Q_);
sm2_z256_point_to_bytes(&P_, (uint8_t *)R);
if (sm2_z256_point_is_at_infinity(P)) {
error_print();
return -1;
}
out[0] = SM2_point_uncompressed;
sm2_z256_point_to_bytes(P, out + 1);
return 1;
}
int sm2_point_neg(SM2_POINT *R, const SM2_POINT *P)
{
SM2_Z256_POINT P_;
sm2_z256_point_from_bytes(&P_, (uint8_t *)P);
sm2_z256_point_neg(&P_, &P_);
sm2_z256_point_to_bytes(&P_, (uint8_t *)R);
return 1;
}
int sm2_point_dbl(SM2_POINT *R, const SM2_POINT *P)
{
SM2_Z256_POINT P_;
sm2_z256_point_from_bytes(&P_, (uint8_t *)P);
sm2_z256_point_dbl(&P_, &P_);
sm2_z256_point_to_bytes(&P_, (uint8_t *)R);
return 1;
}
int sm2_point_mul(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P)
{
uint64_t _k[4];
SM2_Z256_POINT _P;
sm2_z256_from_bytes(_k, k);
sm2_z256_point_from_bytes(&_P, (uint8_t *)P);
sm2_z256_point_mul(&_P, _k, &_P);
sm2_z256_point_to_bytes(&_P, (uint8_t *)R);
memset(_k, 0, sizeof(_k));
return 1;
}
int sm2_point_mul_generator(SM2_POINT *R, const uint8_t k[32])
{
uint64_t _k[4];
SM2_Z256_POINT _R;
sm2_z256_from_bytes(_k, k);
sm2_z256_point_mul_generator(&_R, _k);
sm2_z256_point_to_bytes(&_R, (uint8_t *)R);
memset(_k, 0, sizeof(_k));
return 1;
}
int sm2_point_mul_sum(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P, const uint8_t s[32])
{
uint64_t _k[4];
SM2_Z256_POINT _P;
uint64_t _s[4];
sm2_z256_from_bytes(_k, k);
sm2_z256_point_from_bytes(&_P, (uint8_t *)P);
sm2_z256_from_bytes(_s, s);
sm2_z256_point_mul_sum(&_P, _k, &_P, _s);
sm2_z256_point_to_bytes(&_P, (uint8_t *)R);
memset(_k, 0, sizeof(_k));
memset(_s, 0, sizeof(_s));
return 1;
}
int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POINT *P)
{
format_print(fp, fmt, ind, "%s\n", label);
ind += 4;
format_bytes(fp, fmt, ind, "x", P->x, 32);
format_bytes(fp, fmt, ind, "y", P->y, 32);
return 1;
}
void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33])
{
*out++ = (P->y[31] & 0x01) ? 0x03 : 0x02;
memcpy(out, P->x, 32);
}
void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65])
{
*out++ = 0x04;
memcpy(out, P, 64);
}
int sm2_z256_point_from_octets(SM2_Z256_POINT *P, const uint8_t *in, size_t inlen)
{
switch (*in) {
@@ -1981,32 +1867,16 @@ int sm2_z256_point_from_octets(SM2_Z256_POINT *P, const uint8_t *in, size_t inle
return 1;
}
int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen)
{
if ((*in == 0x02 || *in == 0x03) && inlen == 33) {
if (sm2_point_from_x(P, in + 1, *in) != 1) {
error_print();
return -1;
}
} else if (*in == 0x04 && inlen == 65) {
if (sm2_point_from_xy(P, in + 1, in + 33) != 1) {
error_print();
return -1;
}
} else {
error_print();
return -1;
}
return 1;
}
int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen)
int sm2_z256_point_to_der(const SM2_Z256_POINT *P, uint8_t **out, size_t *outlen)
{
uint8_t octets[65];
if (!P) {
return 0;
}
sm2_point_to_uncompressed_octets(P, octets);
if (sm2_z256_point_to_uncompressed_octets(P, octets) != 1) {
error_print();
return -1;
}
if (asn1_octet_string_to_der(octets, sizeof(octets), out, outlen) != 1) {
error_print();
return -1;
@@ -2014,7 +1884,7 @@ int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen)
return 1;
}
int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen)
int sm2_z256_point_from_der(SM2_Z256_POINT *P, const uint8_t **in, size_t *inlen)
{
int ret;
const uint8_t *d;
@@ -2028,16 +1898,9 @@ int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen)
error_print();
return -1;
}
if (sm2_point_from_octets(P, d, dlen) != 1) {
if (sm2_z256_point_from_octets(P, d, dlen) != 1) {
error_print();
return -1;
}
return 1;
}
// 这个需要保留吗?似乎也没有必要保留
int sm2_point_from_hash(SM2_POINT *R, const uint8_t *data, size_t datalen)
{
return 1;
}

8
src/tls.c
View File

@@ -537,7 +537,7 @@ int tls_cert_type_from_oid(int oid)
// 这两个函数没有对应的TLCP版本
int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key,
const uint8_t client_random[32], const uint8_t server_random[32],
int curve, const SM2_POINT *point, uint8_t *sig, size_t *siglen)
int curve, const SM2_Z256_POINT *point, uint8_t *sig, size_t *siglen)
{
uint8_t server_ecdh_params[69];
SM2_SIGN_CTX sign_ctx;
@@ -551,7 +551,7 @@ int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key,
server_ecdh_params[1] = (uint8_t)(curve >> 8);
server_ecdh_params[2] = (uint8_t)curve;
server_ecdh_params[3] = 65;
sm2_point_to_uncompressed_octets(point, server_ecdh_params + 4);
sm2_z256_point_to_uncompressed_octets(point, server_ecdh_params + 4);
sm2_sign_init(&sign_ctx, server_sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
sm2_sign_update(&sign_ctx, client_random, 32);
@@ -564,7 +564,7 @@ int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key,
int tls_verify_server_ecdh_params(const SM2_KEY *server_sign_key,
const uint8_t client_random[32], const uint8_t server_random[32],
int curve, const SM2_POINT *point, const uint8_t *sig, size_t siglen)
int curve, const SM2_Z256_POINT *point, const uint8_t *sig, size_t siglen)
{
int ret;
uint8_t server_ecdh_params[69];
@@ -580,7 +580,7 @@ int tls_verify_server_ecdh_params(const SM2_KEY *server_sign_key,
server_ecdh_params[1] = (uint8_t)(curve >> 8);
server_ecdh_params[2] = (uint8_t)(curve);
server_ecdh_params[3] = 65;
sm2_point_to_uncompressed_octets(point, server_ecdh_params + 4);
sm2_z256_point_to_uncompressed_octets(point, server_ecdh_params + 4);
sm2_verify_init(&verify_ctx, server_sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
sm2_verify_update(&verify_ctx, client_random, 32);

22
src/tls12.c
View File

@@ -42,7 +42,7 @@ int tls12_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int f
int tls_record_set_handshake_server_key_exchange_ecdhe(uint8_t *record, size_t *recordlen,
int curve, const SM2_POINT *point, const uint8_t *sig, size_t siglen)
int curve, const SM2_Z256_POINT *point, const uint8_t *sig, size_t siglen)
{
int type = TLS_handshake_server_key_exchange;
uint8_t *server_ecdh_params = record + 9;
@@ -58,16 +58,16 @@ int tls_record_set_handshake_server_key_exchange_ecdhe(uint8_t *record, size_t *
server_ecdh_params[1] = curve >> 8;
server_ecdh_params[2] = curve;
server_ecdh_params[3] = 65;
sm2_point_to_uncompressed_octets(point, server_ecdh_params + 4);
sm2_z256_point_to_uncompressed_octets(point, server_ecdh_params + 4);
tls_uint16_to_bytes(TLS_sig_sm2sig_sm3, &p, &len);
tls_uint16array_to_bytes(sig, siglen, &p, &len);
tls_record_set_handshake(record, recordlen, type, NULL, len);
return 1;
}
// 这里返回的应该是一个SM2_POINT吗
// 这里返回的应该是一个SM2_Z256_POINT吗
int tls_record_get_handshake_server_key_exchange_ecdhe(const uint8_t *record,
int *curve, SM2_POINT *point, const uint8_t **sig, size_t *siglen)
int *curve, SM2_Z256_POINT *point, const uint8_t **sig, size_t *siglen)
{
int type;
const uint8_t *p;
@@ -106,7 +106,7 @@ int tls_record_get_handshake_server_key_exchange_ecdhe(const uint8_t *record,
}
*curve = named_curve;
if (octetslen != 65
|| sm2_point_from_octets(point, octets, octetslen) != 1) {
|| sm2_z256_point_from_octets(point, octets, octetslen) != 1) {
error_print();
return -1;
}
@@ -118,16 +118,16 @@ int tls_record_get_handshake_server_key_exchange_ecdhe(const uint8_t *record,
}
int tls_record_set_handshake_client_key_exchange_ecdhe(uint8_t *record, size_t *recordlen,
const SM2_POINT *point)
const SM2_Z256_POINT *point)
{
int type = TLS_handshake_client_key_exchange;
record[9] = 65;
sm2_point_to_uncompressed_octets(point, record + 9 + 1);
sm2_z256_point_to_uncompressed_octets(point, record + 9 + 1);
tls_record_set_handshake(record, recordlen, type, NULL, 1 + 65);
return 1;
}
int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_POINT *point)
int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_Z256_POINT *point)
{
int type;
const uint8_t *p;
@@ -146,7 +146,7 @@ int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM
return -1;
}
if (octetslen != 65
|| sm2_point_from_octets(point, octets, octetslen) != 1) {
|| sm2_z256_point_from_octets(point, octets, octetslen) != 1) {
error_print();
return -1;
}
@@ -356,7 +356,7 @@ int tls12_do_connect(TLS_CONNECT *conn)
tls12_record_trace(stderr, record, recordlen, 0, 0);
int curve;
SM2_POINT server_ecdhe_public;
SM2_Z256_POINT server_ecdhe_public;
if (tls_record_get_handshake_server_key_exchange_ecdhe(record, &curve, &server_ecdhe_public, &sig, &siglen) != 1) {
error_print();
tls_send_alert(conn, TLS_alert_unexpected_message);
@@ -687,7 +687,7 @@ int tls12_do_accept(TLS_CONNECT *conn)
int verify_result;
// ClientKeyExchange
SM2_POINT client_ecdhe_point;
SM2_Z256_POINT client_ecdhe_point;
uint8_t pre_master_secret[SM2_MAX_PLAINTEXT_SIZE]; // sm2_decrypt 保证输出不会溢出
// Finished

14
src/tls13.c
View File

@@ -610,7 +610,7 @@ Handshakes
*/
int tls13_client_hello_exts_set(uint8_t *exts, size_t *extslen, size_t maxlen,
const SM2_POINT *client_ecdhe_public)
const SM2_Z256_POINT *client_ecdhe_public)
{
int protocols[] = { TLS_protocol_tls13 };
int supported_groups[] = { TLS_curve_sm2p256v1 };
@@ -646,7 +646,7 @@ int tls13_client_hello_exts_set(uint8_t *exts, size_t *extslen, size_t maxlen,
}
int tls13_process_client_hello_exts(const uint8_t *exts, size_t extslen,
const SM2_KEY *server_ecdhe_key, SM2_POINT *client_ecdhe_public,
const SM2_KEY *server_ecdhe_key, SM2_Z256_POINT *client_ecdhe_public,
uint8_t *server_exts, size_t *server_exts_len, size_t server_exts_maxlen)
{
size_t len = 0;
@@ -707,7 +707,7 @@ int tls13_process_client_hello_exts(const uint8_t *exts, size_t extslen,
return 1;
}
int tls_client_key_shares_from_bytes(SM2_POINT *sm2_point, const uint8_t **in, size_t *inlen)
int tls_client_key_shares_from_bytes(SM2_Z256_POINT *sm2_point, const uint8_t **in, size_t *inlen)
{
const uint8_t *key_shares;
size_t key_shares_len;
@@ -729,7 +729,7 @@ int tls_client_key_shares_from_bytes(SM2_POINT *sm2_point, const uint8_t **in, s
switch (group) {
case TLS_curve_sm2p256v1:
sm2_point_from_octets(sm2_point, key_exch, key_exch_len);
sm2_z256_point_from_octets(sm2_point, key_exch, key_exch_len);
break;
default:
error_print();
@@ -741,7 +741,7 @@ int tls_client_key_shares_from_bytes(SM2_POINT *sm2_point, const uint8_t **in, s
}
// 这个函数不是太正确应该也是一个process
int tls13_server_hello_extensions_get(const uint8_t *exts, size_t extslen, SM2_POINT *sm2_point)
int tls13_server_hello_extensions_get(const uint8_t *exts, size_t extslen, SM2_Z256_POINT *sm2_point)
{
uint16_t version;
while (extslen) {
@@ -1505,7 +1505,7 @@ int tls13_do_connect(TLS_CONNECT *conn)
size_t server_verify_data_len;
SM2_KEY client_ecdhe;
SM2_POINT server_ecdhe_public;
SM2_Z256_POINT server_ecdhe_public;
SM2_KEY server_sign_key;
const DIGEST *digest = DIGEST_sm3();
@@ -1981,7 +1981,7 @@ int tls13_do_accept(TLS_CONNECT *conn)
size_t server_exts_len;
SM2_KEY server_ecdhe;
SM2_POINT client_ecdhe_public;
SM2_Z256_POINT client_ecdhe_public;
SM2_KEY client_sign_key;
const BLOCK_CIPHER *cipher;
const DIGEST *digest;

16
src/tls_ext.c
View File

@@ -623,7 +623,7 @@ err:
return -1;
}
int tls13_key_share_entry_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen)
int tls13_key_share_entry_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen)
{
uint16_t group = TLS_curve_sm2p256v1;
uint8_t key_exchange[65];
@@ -632,13 +632,13 @@ int tls13_key_share_entry_to_bytes(const SM2_POINT *point, uint8_t **out, size_t
error_print();
return -1;
}
sm2_point_to_uncompressed_octets(point, key_exchange);
sm2_z256_point_to_uncompressed_octets(point, key_exchange);
tls_uint16_to_bytes(group, out, outlen);
tls_uint16array_to_bytes(key_exchange, 65, out, outlen);
return 1;
}
int tls13_server_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen)
int tls13_server_key_share_ext_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen)
{
uint16_t ext_type = TLS_extension_key_share;
size_t ext_datalen = 0;
@@ -654,7 +654,7 @@ int tls13_server_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, s
return 1;
}
int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_POINT *point)
int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_Z256_POINT *point)
{
uint16_t group;
const uint8_t *key_exchange;
@@ -678,14 +678,14 @@ int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen,
error_print();
return -1;
}
if (sm2_point_from_octets(point, key_exchange, key_exchange_len) != 1) {
if (sm2_z256_point_from_octets(point, key_exchange, key_exchange_len) != 1) {
error_print();
return -1;
}
return 1;
}
int tls13_client_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen)
int tls13_client_key_share_ext_to_bytes(const SM2_Z256_POINT *point, uint8_t **out, size_t *outlen)
{
uint16_t ext_type = TLS_extension_key_share;
size_t ext_datalen;
@@ -706,7 +706,7 @@ int tls13_client_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, s
}
int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen,
const SM2_KEY *server_ecdhe_key, SM2_POINT *client_ecdhe_public,
const SM2_KEY *server_ecdhe_key, SM2_Z256_POINT *client_ecdhe_public,
uint8_t **out, size_t *outlen)
{
const uint8_t *client_shares;
@@ -743,7 +743,7 @@ int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen,
error_print();
return -1;
}
if (sm2_point_from_octets(client_ecdhe_public, key_exchange, key_exchange_len) != 1) {
if (sm2_z256_point_from_octets(client_ecdhe_public, key_exchange, key_exchange_len) != 1) {
error_print();
return -1;
}

4
src/x509_ext.c
View File

@@ -357,7 +357,7 @@ int x509_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extsle
if (!public_key) {
return 0;
}
sm2_point_to_uncompressed_octets(&public_key->public_key, buf);
sm2_z256_point_to_uncompressed_octets(&public_key->public_key, buf);
sm3_digest(buf, sizeof(buf), id);
if (x509_exts_add_authority_key_identifier(exts, extslen, maxlen, critical,
@@ -406,7 +406,7 @@ int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size
if (!subject_key) {
return 0;
}
sm2_point_to_uncompressed_octets(&subject_key->public_key, buf);
sm2_z256_point_to_uncompressed_octets(&subject_key->public_key, buf);
sm3_digest(buf, sizeof(buf), id);
if (x509_exts_add_subject_key_identifier(exts, extslen, maxlen, critical, id, 32) != 1) {

2
tests/ectest.c
View File

@@ -72,7 +72,7 @@ static int test_ec_point_print(void)
error_print();
return -1;
}
if (sm2_point_to_der(&(sm2_key.public_key), &p, &len) != 1) {
if (sm2_z256_point_to_der(&(sm2_key.public_key), &p, &len) != 1) {
error_print();
return -1;
}

3
tests/sm2_enctest.c
View File

@@ -46,7 +46,8 @@ static int test_sm2_ciphertext(void)
error_print();
return -1;
}
C.point = sm2_key.public_key;
sm2_z256_point_to_bytes(&sm2_key.public_key, (uint8_t *)&(C.point));
C.ciphertext_size = tests[i].ciphertext_size;
if (sm2_ciphertext_to_der(&C, &p, &len) != 1) {

11
tests/sm2_signtest.c
View File

@@ -104,6 +104,8 @@ static int test_sm2_do_sign(void)
static int test_sm2_do_sign_fast(void)
{
// sm2_do_sign_fast函数没有了要重新实现
/*
SM2_KEY sm2_key;
sm2_z256_t d;
uint8_t dgst[32];
@@ -114,7 +116,7 @@ static int test_sm2_do_sign_fast(void)
const uint64_t *one = sm2_z256_one();
do {
sm2_key_generate(&sm2_key);
sm2_z256_from_bytes(d, sm2_key.private_key);
sm2_z256_copy(d, sm2_key.private_key);
sm2_z256_modn_add(d, d, one);
sm2_z256_modn_inv(d, d);
} while (sm2_z256_is_zero(d));
@@ -129,6 +131,7 @@ static int test_sm2_do_sign_fast(void)
return -1;
}
}
*/
printf("%s() ok\n", __FUNCTION__);
return 1;
@@ -148,18 +151,18 @@ static int test_sm2_do_sign_pre_compute(void)
sm2_key_generate(&sm2_key);
const uint64_t *one = sm2_z256_one();
sm2_z256_from_bytes(d, sm2_key.private_key);
sm2_z256_copy(d, sm2_key.private_key);
sm2_z256_modn_add(d, d, one);
sm2_z256_modn_inv(d, d);
if (sm2_do_sign_pre_compute(k, x1) != 1) {
if (sm2_fast_sign_pre_compute(k, x1) != 1) {
error_print();
return -1;
}
rand_bytes(dgst, sizeof(dgst));
if (sm2_do_sign_fast_ex(d, k, x1, dgst, &sig) != 1) {
if (sm2_fast_sign(d, k, x1, dgst, &sig) != 1) {
error_print();
return -1;
}

4
tools/sm3.c
View File

@@ -186,12 +186,12 @@ bad:
}
if (id_hex) {
sm2_compute_z(z, (SM2_POINT *)&sm2_key, (char *)id_bin, id_bin_len);
sm2_compute_z(z, &sm2_key.public_key, (char *)id_bin, id_bin_len);
} else {
if (!id) {
id = SM2_DEFAULT_ID;
}
sm2_compute_z(z, (SM2_POINT *)&sm2_key, id, strlen(id));
sm2_compute_z(z, &sm2_key.public_key, id, strlen(id));
}
if (sm3_digest_update(&sm3_ctx, z, sizeof(z)) != 1) {