diff --git a/include/gmssl/sm9_z256.h b/include/gmssl/sm9.h similarity index 98% rename from include/gmssl/sm9_z256.h rename to include/gmssl/sm9.h index d9fdec50..db9f11ab 100644 --- a/include/gmssl/sm9_z256.h +++ b/include/gmssl/sm9.h @@ -7,8 +7,8 @@ * http://www.apache.org/licenses/LICENSE-2.0 */ -#ifndef GMSSL_SM9_Z256_H -#define GMSSL_SM9_Z256_H +#ifndef GMSSL_SM9_H +#define GMSSL_SM9_H #include #include @@ -44,6 +44,8 @@ int sm9_z256_rand_range(sm9_z256_t r, const sm9_z256_t range); void sm9_z256_print_bn(const char *prefix, const sm9_z256_t a); int sm9_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm9_z256_t a); +const uint64_t *sm9_z256_prime(void); + void sm9_z256_modp_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b); void sm9_z256_modp_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b); void sm9_z256_modp_dbl(sm9_z256_t r, const sm9_z256_t a); @@ -58,6 +60,8 @@ void sm9_z256_modp_mont_sqr(sm9_z256_t r, const sm9_z256_t a); void sm9_z256_modp_mont_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e); void sm9_z256_modp_mont_inv(sm9_z256_t r, const sm9_z256_t a); +const uint64_t *sm9_z256_order(void); + void sm9_z256_modn_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b); void sm9_z256_modn_sub(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b); void sm9_z256_modn_mul(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b); @@ -66,12 +70,8 @@ void sm9_z256_modn_inv(sm9_z256_t r, const sm9_z256_t a); void sm9_z256_modn_from_hash(sm9_z256_t h, const uint8_t Ha[40]); -// 但是在GF(p^2) - - typedef sm9_z256_t sm9_z256_fp2_t[2]; - void sm9_z256_fp2_set_one(sm9_z256_fp2_t r); void sm9_z256_fp2_set_zero(sm9_z256_fp2_t r); int sm9_z256_fp2_is_one(const sm9_z256_fp2_t a); @@ -81,10 +81,8 @@ void sm9_z256_fp2_copy(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); int sm9_z256_fp2_rand(sm9_z256_fp2_t r); void sm9_z256_fp2_to_bytes(const sm9_z256_fp2_t a, uint8_t buf[64]); int sm9_z256_fp2_from_bytes(sm9_z256_fp2_t r, const uint8_t buf[64]); - -int sm9_z256_fp2_from_hex(sm9_z256_fp2_t r, const char hex[129]); void sm9_z256_fp2_to_hex(const sm9_z256_fp2_t a, char hex[129]); - +int sm9_z256_fp2_from_hex(sm9_z256_fp2_t r, const char hex[129]); void sm9_z256_fp2_add(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b); void sm9_z256_fp2_dbl(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); void sm9_z256_fp2_tri(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); @@ -99,6 +97,8 @@ void sm9_z256_fp2_sqr_u(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); void sm9_z256_fp2_inv(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); void sm9_z256_fp2_div(sm9_z256_fp2_t r, const sm9_z256_fp2_t a, const sm9_z256_fp2_t b); void sm9_z256_fp2_haf(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); +void sm9_z256_fp2_conjugate(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); +void sm9_z256_fp2_frobenius(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); typedef sm9_z256_fp2_t sm9_z256_fp4_t[2]; @@ -124,19 +124,23 @@ void sm9_z256_fp4_mul_v(sm9_z256_fp4_t r, const sm9_z256_fp4_t a, const sm9_z256 void sm9_z256_fp4_sqr(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); void sm9_z256_fp4_sqr_v(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); void sm9_z256_fp4_inv(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); - - +void sm9_z256_fp4_frobenius(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); +void sm9_z256_fp4_conjugate(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); +void sm9_z256_fp4_frobenius2(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); +void sm9_z256_fp4_frobenius3(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); typedef sm9_z256_fp4_t sm9_z256_fp12_t[3]; +void sm9_z256_fp12_set_one(sm9_z256_fp12_t r); +void sm9_z256_fp12_set_zero(sm9_z256_fp12_t r); void sm9_z256_fp12_copy(sm9_z256_fp12_t r, const sm9_z256_fp12_t a); int sm9_z256_fp12_rand(sm9_z256_fp12_t r); -void sm9_z256_fp12_set_zero(sm9_z256_fp12_t r); -void sm9_z256_fp12_set_one(sm9_z256_fp12_t r); int sm9_z256_fp12_from_hex(sm9_z256_fp12_t r, const char hex[65 * 12 - 1]); void sm9_z256_fp12_to_hex(const sm9_z256_fp12_t a, char hex[65 * 12 - 1]); void sm9_z256_fp12_to_bytes(const sm9_z256_fp12_t a, uint8_t buf[32 * 12]); +int sm9_z256_fp12_from_bytes(sm9_z256_fp12_t r, const uint8_t buf[32 * 12]); + void sm9_z256_fp12_print(const char *prefix, const sm9_z256_fp12_t a); void sm9_z256_fp12_set(sm9_z256_fp12_t r, const sm9_z256_fp4_t a0, const sm9_z256_fp4_t a1, const sm9_z256_fp4_t a2); int sm9_z256_fp12_equ(const sm9_z256_fp12_t a, const sm9_z256_fp12_t b); @@ -149,14 +153,6 @@ void sm9_z256_fp12_mul(sm9_z256_fp12_t r, const sm9_z256_fp12_t a, const sm9_z25 void sm9_z256_fp12_sqr(sm9_z256_fp12_t r, const sm9_z256_fp12_t a); void sm9_z256_fp12_inv(sm9_z256_fp12_t r, const sm9_z256_fp12_t a); void sm9_z256_fp12_pow(sm9_z256_fp12_t r, const sm9_z256_fp12_t a, const sm9_z256_t k); - - -void sm9_z256_fp2_conjugate(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); -void sm9_z256_fp2_frobenius(sm9_z256_fp2_t r, const sm9_z256_fp2_t a); -void sm9_z256_fp4_frobenius(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); -void sm9_z256_fp4_conjugate(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); -void sm9_z256_fp4_frobenius2(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); -void sm9_z256_fp4_frobenius3(sm9_z256_fp4_t r, const sm9_z256_fp4_t a); void sm9_z256_fp12_frobenius(sm9_z256_fp12_t r, const sm9_z256_fp12_t x); void sm9_z256_fp12_frobenius2(sm9_z256_fp12_t r, const sm9_z256_fp12_t x); void sm9_z256_fp12_frobenius3(sm9_z256_fp12_t r, const sm9_z256_fp12_t x); @@ -166,11 +162,12 @@ void sm9_z256_fp12_frobenius6(sm9_z256_fp12_t r, const sm9_z256_fp12_t x); // E(F_p): y^2 = x^3 + 5 typedef struct { - sm9_z256_t X; - sm9_z256_t Y; - sm9_z256_t Z; + sm9_z256_t X; // is mont(X) + sm9_z256_t Y; // is mont(Y) + sm9_z256_t Z; // is mont(Z) } SM9_Z256_POINT; +const SM9_Z256_POINT *sm9_z256_generator(void); void sm9_z256_point_from_hex(SM9_Z256_POINT *R, const char hex[65 * 2]); int sm9_z256_point_is_at_infinity(const SM9_Z256_POINT *P); @@ -195,6 +192,8 @@ typedef struct { sm9_z256_fp2_t Z; } SM9_Z256_TWIST_POINT; +const SM9_Z256_TWIST_POINT *sm9_z256_twist_generator(void); + int sm9_z256_twist_point_to_uncompressed_octets(const SM9_Z256_TWIST_POINT *P, uint8_t octets[129]); int sm9_z256_twist_point_from_uncompressed_octets(SM9_Z256_TWIST_POINT *P, const uint8_t octets[129]); diff --git a/src/sm9_z256_alg.c b/src/sm9_z256_alg.c index 0c9dd3e1..54e7a361 100644 --- a/src/sm9_z256_alg.c +++ b/src/sm9_z256_alg.c @@ -15,7 +15,7 @@ #include #include #include -#include +#include #include #include #include @@ -24,10 +24,7 @@ #define SM9_Z256_HEX_SEP '\n' -const sm9_z256_t SM9_Z256_ZERO = {0,0,0,0}; const sm9_z256_t SM9_Z256_ONE = {1,0,0,0}; -const sm9_z256_t SM9_Z256_TWO = {2,0,0,0}; -const sm9_z256_t SM9_Z256_FIVE = {5,0,0,0}; // p = b640000002a3a6f1d603ab4ff58ec74521f2934b1a7aeedbe56f9b27e351457d @@ -35,6 +32,10 @@ const sm9_z256_t SM9_Z256_P = { 0xe56f9b27e351457d, 0x21f2934b1a7aeedb, 0xd603ab4ff58ec745, 0xb640000002a3a6f1 }; +const uint64_t *sm9_256_prime(void) { + return &SM9_Z256_P[0]; +} + // p - 2 = b640000002a3a6f1d603ab4ff58ec74521f2934b1a7aeedbe56f9b27e351457b, used in a^(p-2) = a^-1 const sm9_z256_t SM9_Z256_P_MINUS_TWO = { 0xe56f9b27e351457b, 0x21f2934b1a7aeedb, 0xd603ab4ff58ec745, 0xb640000002a3a6f1 @@ -45,6 +46,10 @@ const sm9_z256_t SM9_Z256_N = { 0xe56ee19cd69ecf25, 0x49f2934b18ea8bee, 0xd603ab4ff58ec744, 0xb640000002a3a6f1 }; +const uint64_t *sm9_z256_order(void) { + return &SM9_Z256_N[0]; +} + // n - 1 const sm9_z256_t SM9_Z256_N_MINUS_ONE = { 0xe56ee19cd69ecf24, 0x49f2934b18ea8bee, 0xd603ab4ff58ec744, 0xb640000002a3a6f1 @@ -109,31 +114,27 @@ const sm9_z256_t SM9_Z256_MODP_MONT_ONE = {0x1a9064d81caeba83, 0xde0d6cb4e585112 const sm9_z256_t SM9_Z256_MODP_MONT_FIVE = {0xb9f2c1e8c8c71995, 0x125df8f246a377fc, 0x25e650d049188d1c, 0x43fffffed866f63}; -const SM9_Z256_POINT _SM9_Z256_MONT_P1 = { +const SM9_Z256_POINT SM9_Z256_MONT_P1 = { {0x22e935e29860501b, 0xa946fd5e0073282c, 0xefd0cec817a649be, 0x5129787c869140b5}, {0xee779649eb87f7c7, 0x15563cbdec30a576, 0x326353912824efbf, 0x7215717763c39828}, {0x1a9064d81caeba83, 0xde0d6cb4e5851124, 0x29fc54b00a7138ba, 0x49bffffffd5c590e} }; -const SM9_Z256_POINT *SM9_Z256_MONT_P1 = &_SM9_Z256_MONT_P1; -const SM9_Z256_TWIST_POINT _SM9_Z256_MONT_P2 = { +const SM9_Z256_POINT *sm9_z256_generator(void) { + return &SM9_Z256_MONT_P1; +} + +const SM9_Z256_TWIST_POINT SM9_Z256_MONT_P2 = { {{0x260226a68ce2da8f, 0x7ee5645edbf6c06b, 0xf8f57c82b1495444, 0x61fcf018bc47c4d1}, {0xdb6db4822750a8a6, 0x84c6135a5121f134, 0x1874032f88791d41, 0x905112f2b85f3a37}}, {{0xc03f138f9171c24a, 0x92fbab45a15a3ca7, 0x2445561e2ff77cdb, 0x108495e0c0f62ece}, {0xf7b82dac4c89bfbb, 0x3706f3f6a49dc12f, 0x1e29de93d3eef769, 0x81e448c3c76a5d53}}, {{0x1a9064d81caeba83, 0xde0d6cb4e5851124, 0x29fc54b00a7138ba, 0x49bffffffd5c590e}, {0,0,0,0}}, }; -const SM9_Z256_TWIST_POINT *SM9_Z256_MONT_P2 = &_SM9_Z256_MONT_P2; - -const SM9_Z256_TWIST_POINT _SM9_Z256_MONT_Ppubs = { - {{0xb2e0a02b40b3d927, 0x153e2b9e897e44a0, 0x47cd0690d256c1a9, 0x5d3123b78630320e}, - {0x2c3c3f7ba9fc143e, 0x1f214aa16a4fa43f, 0x424e7e2f0dbc839b, 0x87eecef7fd6531c9}}, - {{0x07a059838aa95e77, 0x6e65e6d455509cae, 0xf921da6493e4f742, 0x9fcf05bded9f2d36}, - {0xdc4fea9a756fc34e, 0xe4e34e772312a7b1, 0xbfa26e7682b1f64a, 0x7f1337b7cda2bf5e}}, - {{0x1a9064d81caeba83, 0xde0d6cb4e5851124, 0x29fc54b00a7138ba, 0x49bffffffd5c590e}, {0,0,0,0}}, -}; -const SM9_Z256_TWIST_POINT *SM9_Z256_MONT_Ppubs = &_SM9_Z256_MONT_Ppubs; +const SM9_Z256_TWIST_POINT *sm9_z256_twist_generator(void) { + return &SM9_Z256_MONT_P2; +} void sm9_z256_to_bits(const sm9_z256_t a, char bits[256]) { @@ -401,14 +402,6 @@ int sm9_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm9_z256 return 1; } -/* -int sm9_z512_print(FILE *fp, int ind, int fmt, const char *label, const uint64_t a[8]) -{ - format_print(fp, ind, fmt, "%s: %016lx%016lx%016lx%016lx%016lx%016lx%016lx%016lx\n", - label, a[7], a[6], a[5], a[4], a[3], a[2], a[1], a[0]); - return 1; -} -*/ #ifndef ENABLE_SM9_Z256_ARMV8 void sm9_z256_modp_add(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t b) @@ -474,17 +467,6 @@ void sm9_z256_modp_neg(sm9_z256_t r, const sm9_z256_t a) } #endif -/* -int sm9_z256_modp_rand(sm9_z256_t r) -{ - if (sm9_z256_rand_range(r, SM9_Z256_P) != 1) { - error_print(); - return -1; - } - return 1; -} - -*/ // p = b640000002a3a6f1d603ab4ff58ec74521f2934b1a7aeedbe56f9b27e351457d // p' = -p^(-1) mod 2^256 = afd2bac5558a13b3966a4b291522b137181ae39613c8dbaf892bc42c2f2ee42b @@ -736,21 +718,6 @@ void sm9_z256_modp_mont_inv(sm9_z256_t r, const sm9_z256_t a) sm9_z256_modp_mont_pow(r, a, SM9_Z256_P_MINUS_TWO); } -// 这个函数不合适,而且这个实现也不正确啊 -// 但是对于SM9的Fp2,Fp4等而言,必须一开始就转换到Montgomery上面,因为没有 -/* -int sm9_z256_modp_from_bytes(sm9_z256_t r, const uint8_t buf[32]) -{ - sm9_z256_from_bytes(r, buf); - sm9_z256_modp_to_mont(r, r); - if (sm9_z256_cmp(r, SM9_Z256_P) >= 0) { - error_print(); - return -1; - } - return 1; -} -*/ - void sm9_z256_modp_to_bytes(const sm9_z256_t r, uint8_t out[32]) { sm9_z256_t t; @@ -857,14 +824,6 @@ int sm9_z256_fp2_from_bytes(sm9_z256_fp2_t r, const uint8_t buf[64]) sm9_z256_modp_to_mont(r[1], r[1]); sm9_z256_modp_to_mont(r[0], r[0]); - - /* - if (sm9_z256_modp_from_bytes(r[1], buf) != 1 - || sm9_z256_modp_from_bytes(r[0], buf + 32) != 1) { - error_print(); - return -1; - } - */ return 1; } @@ -1141,8 +1100,11 @@ void sm9_z256_fp4_to_bytes(const sm9_z256_fp4_t a, uint8_t buf[128]) int sm9_z256_fp4_from_bytes(sm9_z256_fp4_t r, const uint8_t buf[128]) { - if (sm9_z256_fp2_from_bytes(r[1], buf) != 1 - || sm9_z256_fp2_from_bytes(r[0], buf + 64) != 1) { + if (sm9_z256_fp2_from_bytes(r[1], buf) != 1) { + error_print(); + return -1; + } + if (sm9_z256_fp2_from_bytes(r[0], buf + 64) != 1) { error_print(); return -1; } @@ -1382,6 +1344,23 @@ void sm9_z256_fp12_to_bytes(const sm9_z256_fp12_t a, uint8_t buf[32 * 12]) sm9_z256_fp4_to_bytes(a[0], buf + 32 * 8); } +int sm9_z256_fp12_from_bytes(sm9_z256_fp12_t r, const uint8_t buf[128 * 3]) +{ + if (sm9_z256_fp4_from_bytes(r[2], buf) != 1) { + error_print(); + return -1; + } + if (sm9_z256_fp4_from_bytes(r[1], buf + 128) != 1) { + error_print(); + return -1; + } + if (sm9_z256_fp4_from_bytes(r[0], buf + 256) != 1) { + error_print(); + return -1; + } + return 1; +} + void sm9_z256_fp12_print(const char *prefix, const sm9_z256_fp12_t a) { char hex[65 * 12]; @@ -2171,8 +2150,6 @@ void sm9_z256_twist_point_neg(SM9_Z256_TWIST_POINT *R, const SM9_Z256_TWIST_POIN sm9_z256_fp2_copy(R->Z, P->Z); } -// E(Fp^2)的计算也比较重要,但是fp2上的计算并不容易做2路并发 - void sm9_z256_twist_point_dbl(SM9_Z256_TWIST_POINT *R, const SM9_Z256_TWIST_POINT *P) { const sm9_z256_t *X1 = P->X; @@ -2340,7 +2317,7 @@ void sm9_z256_twist_point_mul(SM9_Z256_TWIST_POINT *R, const sm9_z256_t k, const void sm9_z256_twist_point_mul_generator(SM9_Z256_TWIST_POINT *R, const sm9_z256_t k) { - sm9_z256_twist_point_mul(R, k, SM9_Z256_MONT_P2); + sm9_z256_twist_point_mul(R, k, &SM9_Z256_MONT_P2); } void sm9_z256_eval_g_tangent(sm9_z256_fp12_t num, sm9_z256_fp12_t den, const SM9_Z256_TWIST_POINT *P, const SM9_Z256_POINT *Q) @@ -2727,6 +2704,7 @@ void sm9_z256_modn_pow(sm9_z256_t r, const sm9_z256_t a, const sm9_z256_t e) void sm9_z256_modn_inv(sm9_z256_t r, const sm9_z256_t a) { + const sm9_z256_t SM9_Z256_TWO = {2,0,0,0}; sm9_z256_t e; sm9_z256_sub(e, SM9_Z256_N, SM9_Z256_TWO); sm9_z256_modn_pow(r, a, e); diff --git a/src/sm9_z256_key.c b/src/sm9_z256_key.c index 6e0457f6..573c4ab7 100644 --- a/src/sm9_z256_key.c +++ b/src/sm9_z256_key.c @@ -13,7 +13,7 @@ #include #include #include -#include +#include #include #include #include @@ -23,9 +23,6 @@ #include -extern const sm9_z256_t SM9_Z256_ZERO; -extern const sm9_z256_t SM9_Z256_N; - // generate h1 in [1, n-1] int sm9_z256_hash1(sm9_z256_t h1, const char *id, size_t idlen, uint8_t hid) { @@ -99,7 +96,7 @@ int sm9_sign_master_key_from_der(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, s } memset(msk, 0, sizeof(*msk)); sm9_z256_from_bytes(msk->ks, ks); - if (sm9_z256_cmp(msk->ks, SM9_Z256_N) >= 0) { + if (sm9_z256_cmp(msk->ks, sm9_z256_order()) >= 0) { error_print(); return -1; } @@ -251,7 +248,7 @@ int sm9_enc_master_key_from_der(SM9_ENC_MASTER_KEY *msk, const uint8_t **in, siz memset(msk, 0, sizeof(*msk)); sm9_z256_from_bytes(msk->ke, ke); - if (sm9_z256_cmp(msk->ke, SM9_Z256_N) >= 0) { + if (sm9_z256_cmp(msk->ke, sm9_z256_order()) >= 0) { error_print(); return -1; } @@ -364,7 +361,7 @@ int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *msk) return -1; } // k = rand(1, n-1) - if (sm9_z256_rand_range(msk->ks, SM9_Z256_N) != 1) { + if (sm9_z256_rand_range(msk->ks, sm9_z256_order()) != 1) { error_print(); return -1; } @@ -376,7 +373,7 @@ int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *msk) int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *msk) { // k = rand(1, n-1) - if (sm9_z256_rand_range(msk->ke, SM9_Z256_N) != 1) { + if (sm9_z256_rand_range(msk->ke, sm9_z256_order()) != 1) { error_print(); return -1; } diff --git a/src/sm9_z256_lib.c b/src/sm9_z256_lib.c index a56188a1..02f897e2 100644 --- a/src/sm9_z256_lib.c +++ b/src/sm9_z256_lib.c @@ -14,17 +14,11 @@ #include #include #include -#include +#include #include #include -extern const sm9_z256_t SM9_Z256_ZERO; -extern const sm9_z256_t SM9_Z256_N; -extern const SM9_Z256_POINT *SM9_Z256_MONT_P1; -extern const SM9_Z256_TWIST_POINT *SM9_Z256_MONT_P2; - - int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen) { uint8_t hbuf[32]; @@ -69,7 +63,7 @@ int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen } sm9_z256_from_bytes(sig->h, h); - if (sm9_z256_cmp(sig->h, SM9_Z256_N) >= 0) { + if (sm9_z256_cmp(sig->h, sm9_z256_order()) >= 0) { error_print(); return -1; } @@ -123,11 +117,11 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE * uint8_t Ha[64]; // A1: g = e(P1, Ppubs) - sm9_z256_pairing(g, &key->Ppubs, SM9_Z256_MONT_P1); + sm9_z256_pairing(g, &key->Ppubs, sm9_z256_generator()); do { // A2: rand r in [1, N-1] - if (sm9_z256_rand_range(r, SM9_Z256_N) != 1) { + if (sm9_z256_rand_range(r, sm9_z256_order()) != 1) { error_print(); return -1; } @@ -220,7 +214,7 @@ int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, // B2: check S in G1 // B3: g = e(P1, Ppubs) - sm9_z256_pairing(g, &mpk->Ppubs, SM9_Z256_MONT_P1); + sm9_z256_pairing(g, &mpk->Ppubs, sm9_z256_generator()); // B4: t = g^h sm9_z256_fp12_pow(t, g, sig->h); @@ -265,12 +259,12 @@ int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, // A1: Q = H1(ID||hid,N) * P1 + Ppube sm9_z256_hash1(r, id, idlen, SM9_HID_ENC); - sm9_z256_point_mul(C, r, SM9_Z256_MONT_P1); + sm9_z256_point_mul(C, r, sm9_z256_generator()); sm9_z256_point_add(C, C, &mpk->Ppube); do { // A2: rand r in [1, N-1] - if (sm9_z256_rand_range(r, SM9_Z256_N) != 1) { + if (sm9_z256_rand_range(r, sm9_z256_order()) != 1) { error_print(); return -1; } @@ -280,7 +274,7 @@ int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, sm9_z256_point_to_uncompressed_octets(C, cbuf); // A4: g = e(Ppube, P2) - sm9_z256_pairing(w, SM9_Z256_MONT_P2, &mpk->Ppube); + sm9_z256_pairing(w, sm9_z256_twist_generator(), &mpk->Ppube); // A5: w = g^r sm9_z256_fp12_pow(w, w, r); @@ -527,11 +521,11 @@ int sm9_exch_step_1A(const SM9_EXCH_MASTER_KEY *mpk, const char *idB, size_t idB { // A1: Q = H1(ID_B||hid,N) * P1 + Ppube sm9_z256_hash1(rA, idB, idBlen, SM9_HID_EXCH); - sm9_z256_point_mul(RA, rA, SM9_Z256_MONT_P1); + sm9_z256_point_mul(RA, rA, sm9_z256_generator()); sm9_z256_point_add(RA, RA, &mpk->Ppube); // A2: rand rA in [1, N-1] - if (sm9_z256_rand_range(rA, SM9_Z256_N) != 1) { + if (sm9_z256_rand_range(rA, sm9_z256_order()) != 1) { error_print(); return -1; } @@ -556,13 +550,13 @@ int sm9_exch_step_1B(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idA // B1: Q = H1(ID_A||hid,N) * P1 + Ppube sm9_z256_hash1(rB, idA, idAlen, SM9_HID_EXCH); - sm9_z256_point_mul(RB, rB, SM9_Z256_MONT_P1); + sm9_z256_point_mul(RB, rB, sm9_z256_generator()); sm9_z256_point_add(RB, RB, &mpk->Ppube); do { // B2: rand rB in [1, N-1] // FIXME: check rb != 0 - if (sm9_z256_rand_range(rB, SM9_Z256_N) != 1) { + if (sm9_z256_rand_range(rB, sm9_z256_order()) != 1) { error_print(); return -1; } @@ -578,7 +572,7 @@ int sm9_exch_step_1B(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idA return -1; } sm9_z256_pairing(G1, &key->de, RA); - sm9_z256_pairing(G2, SM9_Z256_MONT_P2, &mpk->Ppube); + sm9_z256_pairing(G2, sm9_z256_twist_generator(), &mpk->Ppube); sm9_z256_fp12_pow(G2, G2, rB); sm9_z256_fp12_pow(G3, G1, rB); @@ -633,7 +627,7 @@ int sm9_exch_step_2A(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idA error_print(); return -1; } - sm9_z256_pairing(G1, SM9_Z256_MONT_P2, &mpk->Ppube); + sm9_z256_pairing(G1, sm9_z256_twist_generator(), &mpk->Ppube); sm9_z256_fp12_pow(G1, G1, rA); sm9_z256_pairing(G2, &key->de, RB); sm9_z256_fp12_pow(G3, G2, rA); diff --git a/tests/sm9test.c b/tests/sm9test.c index b61e4793..adc4460e 100644 --- a/tests/sm9test.c +++ b/tests/sm9test.c @@ -11,7 +11,7 @@ #include #include #include -#include +#include #include #include diff --git a/tools/sm9decrypt.c b/tools/sm9decrypt.c index 9be2a456..4851ef7a 100644 --- a/tools/sm9decrypt.c +++ b/tools/sm9decrypt.c @@ -12,7 +12,7 @@ #include #include #include -#include +#include #include diff --git a/tools/sm9encrypt.c b/tools/sm9encrypt.c index d4179a73..d7824a69 100644 --- a/tools/sm9encrypt.c +++ b/tools/sm9encrypt.c @@ -11,7 +11,7 @@ #include #include #include -#include +#include #include diff --git a/tools/sm9keygen.c b/tools/sm9keygen.c index 06b55c2e..b077c803 100644 --- a/tools/sm9keygen.c +++ b/tools/sm9keygen.c @@ -13,7 +13,7 @@ #include #include #include -#include +#include #include static const char *options = "-alg (sm9sign|sm9encrypt) -in master_key.pem -inpass str -id str [-out pem] -outpass str"; diff --git a/tools/sm9setup.c b/tools/sm9setup.c index 3f9216b9..4dc07fed 100644 --- a/tools/sm9setup.c +++ b/tools/sm9setup.c @@ -13,7 +13,7 @@ #include #include #include -#include +#include #include static const char *options = "-alg (sm9sign|sm9encrypt) [-pass password] [-out pem] [-pubout pem]"; diff --git a/tools/sm9sign.c b/tools/sm9sign.c index 0413f59d..4e3bbba8 100644 --- a/tools/sm9sign.c +++ b/tools/sm9sign.c @@ -12,7 +12,7 @@ #include #include #include -#include +#include #include diff --git a/tools/sm9verify.c b/tools/sm9verify.c index 743ed028..dc928139 100644 --- a/tools/sm9verify.c +++ b/tools/sm9verify.c @@ -11,7 +11,7 @@ #include #include #include -#include +#include #include