/* * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. * * http://www.apache.org/licenses/LICENSE-2.0 */ #include #include #include #include #include #include #include #include #include #include #include #include #define SM2_COMMIT_SEED "GmSSL SM2 Pederson Commitment Generator H" // C = rG + xH int sm2_commit_generate(const uint8_t x[32], uint8_t r[32], uint8_t commit[65], size_t *commitlen) { SM2_POINT H; SM2_POINT C; SM2_BN r_; if (sm2_point_from_hash(&H, (uint8_t *)SM2_COMMIT_SEED, sizeof(SM2_COMMIT_SEED)-1) != 1) { error_print(); return -1; } do { sm2_fn_rand(r_); } while (sm2_bn_is_zero(r_)); sm2_bn_to_bytes(r_, r); gmssl_secure_clear(r_, sizeof(r_)); // C = xH + rG sm2_point_mul_sum(&C, x, &H, r); sm2_point_to_compressed_octets(&C, commit); *commitlen = 33; return 1; } int sm2_commit_open(const uint8_t x[32], const uint8_t r[32], const uint8_t *commit, size_t commitlen) { SM2_POINT H; SM2_POINT C; SM2_POINT C_; if (sm2_point_from_octets(&C, commit, commitlen) != 1) { error_print(); return -1; } if (sm2_point_from_hash(&H, (uint8_t *)SM2_COMMIT_SEED, sizeof(SM2_COMMIT_SEED)-1) != 1) { error_print(); return -1; } // C' = xH + rG if (sm2_point_mul_sum(&C_, x, &H, r) != 1) { error_print(); return -1; } if (memcmp(&C, &C_, sizeof(SM2_POINT)) != 0) { error_print(); return 0; } return 1; } // C = r*G + x1*H1 + x2*H2 + ... int sm2_commit_vector_generate(const sm2_bn_t *x, size_t count, uint8_t r[32], uint8_t commit[65], size_t *commitlen) { SM2_POINT H; SM2_POINT C; SM2_Fn r_; size_t i; if (count < 1) { error_print(); return -1; } if (sm2_point_from_hash(&H, (uint8_t *)SM2_COMMIT_SEED, sizeof(SM2_COMMIT_SEED)-1) != 1) { error_print(); return -1; } do { sm2_fn_rand(r_); } while (sm2_bn_is_zero(r_)); sm2_bn_to_bytes(r_, r); gmssl_secure_clear(r_, sizeof(r_)); if (sm2_point_mul_sum(&C, x[0], &H, r) != 1) { error_print(); return -1; } for (i = 1; i < count; i++) { SM2_POINT xH; if (sm2_point_from_hash(&H, (uint8_t *)&H, sizeof(H)) != 1 || sm2_point_mul(&xH, x[i], &H) != 1 || sm2_point_add(&C, &C, &xH) != 1) { error_print(); return -1; } } sm2_point_to_compressed_octets(&C, commit); *commitlen = 33; return 1; } int sm2_commit_vector_open(const sm2_bn_t *x, size_t count, const uint8_t r[32], const uint8_t *commit, size_t commitlen) { SM2_POINT H; SM2_POINT C; SM2_POINT C_; size_t i; if (count < 1) { error_print(); return -1; } if (sm2_point_from_octets(&C, commit, commitlen) != 1) { error_print(); return -1; } if (sm2_point_from_hash(&H, (uint8_t *)SM2_COMMIT_SEED, sizeof(SM2_COMMIT_SEED)-1) != 1) { error_print(); return -1; } if (sm2_point_mul_sum(&C_, x[0], &H, r) != 1) { error_print(); return -1; } for (i = 1; i< count; i++) { SM2_POINT xH; if (sm2_point_from_hash(&H, (uint8_t *)&H, sizeof(H)) != 1 || sm2_point_mul(&xH, x[i], &H) != 1 || sm2_point_add(&C_, &C_, &xH) != 1) { error_print(); return -1; } } if (memcmp(&C, &C_, sizeof(SM2_POINT)) != 0) { error_print(); return -1; } return 1; } int test_sm2_commit(void) { uint8_t x[32]; uint8_t xvec[8][32]; uint8_t r[32]; uint8_t commit[65]; size_t commitlen; int ret; rand_bytes(x, sizeof(x)); format_bytes(stderr, 0, 0, "secret", x, sizeof(x)); sm2_commit_generate(x, r, commit, &commitlen); format_bytes(stderr, 0, 0, "random", r, sizeof(r)); format_bytes(stderr, 0, 0, "commitment", commit, commitlen); ret = sm2_commit_open(x, r, commit, commitlen); printf("open commitment: %s\n", ret == 1 ? "success" : "failure"); sm2_commit_vector_generate(&x, 1, r, commit, &commitlen); format_bytes(stderr, 0, 0, "random", r, sizeof(r)); format_bytes(stderr, 0, 0, "commitment", commit, commitlen); ret = sm2_commit_vector_open(&x, 1, r, commit, commitlen); printf("open commitment: %s\n", ret == 1 ? "success" : "failure"); rand_bytes(xvec[0], sizeof(xvec)); sm2_commit_vector_generate(xvec, 8, r, commit, &commitlen); ret = sm2_commit_vector_open(xvec, 8, r, commit, commitlen); printf("open commitment: %s\n", ret == 1 ? "success" : "failure"); return 1; }