mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-07 00:46:17 +08:00
211 lines
4.4 KiB
C
211 lines
4.4 KiB
C
/*
|
|
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the License); you may
|
|
* not use this file except in compliance with the License.
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <limits.h>
|
|
#include <stdint.h>
|
|
#include <gmssl/sm2.h>
|
|
#include <gmssl/sm3.h>
|
|
#include <gmssl/mem.h>
|
|
#include <gmssl/asn1.h>
|
|
#include <gmssl/rand.h>
|
|
#include <gmssl/error.h>
|
|
#include <gmssl/sm2_commit.h>
|
|
|
|
|
|
#define SM2_COMMIT_SEED "GmSSL SM2 Pederson Commitment Generator H"
|
|
|
|
|
|
// C = rG + xH
|
|
int sm2_commit_generate(const uint8_t x[32], uint8_t r[32], uint8_t commit[65], size_t *commitlen)
|
|
{
|
|
SM2_POINT H;
|
|
SM2_POINT C;
|
|
SM2_BN r_;
|
|
|
|
if (sm2_point_from_hash(&H, (uint8_t *)SM2_COMMIT_SEED, sizeof(SM2_COMMIT_SEED)-1) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
do {
|
|
sm2_fn_rand(r_);
|
|
} while (sm2_bn_is_zero(r_));
|
|
|
|
sm2_bn_to_bytes(r_, r);
|
|
gmssl_secure_clear(r_, sizeof(r_));
|
|
|
|
// C = xH + rG
|
|
sm2_point_mul_sum(&C, x, &H, r);
|
|
|
|
sm2_point_to_compressed_octets(&C, commit);
|
|
*commitlen = 33;
|
|
return 1;
|
|
}
|
|
|
|
int sm2_commit_open(const uint8_t x[32], const uint8_t r[32], const uint8_t *commit, size_t commitlen)
|
|
{
|
|
SM2_POINT H;
|
|
SM2_POINT C;
|
|
SM2_POINT C_;
|
|
|
|
if (sm2_point_from_octets(&C, commit, commitlen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
if (sm2_point_from_hash(&H, (uint8_t *)SM2_COMMIT_SEED, sizeof(SM2_COMMIT_SEED)-1) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
// C' = xH + rG
|
|
if (sm2_point_mul_sum(&C_, x, &H, r) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
if (memcmp(&C, &C_, sizeof(SM2_POINT)) != 0) {
|
|
error_print();
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
// C = r*G + x1*H1 + x2*H2 + ...
|
|
int sm2_commit_vector_generate(const sm2_bn_t *x, size_t count, uint8_t r[32], uint8_t commit[65], size_t *commitlen)
|
|
{
|
|
SM2_POINT H;
|
|
SM2_POINT C;
|
|
SM2_Fn r_;
|
|
size_t i;
|
|
|
|
if (count < 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
if (sm2_point_from_hash(&H, (uint8_t *)SM2_COMMIT_SEED, sizeof(SM2_COMMIT_SEED)-1) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
do {
|
|
sm2_fn_rand(r_);
|
|
} while (sm2_bn_is_zero(r_));
|
|
|
|
sm2_bn_to_bytes(r_, r);
|
|
gmssl_secure_clear(r_, sizeof(r_));
|
|
|
|
if (sm2_point_mul_sum(&C, x[0], &H, r) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
for (i = 1; i < count; i++) {
|
|
SM2_POINT xH;
|
|
|
|
if (sm2_point_from_hash(&H, (uint8_t *)&H, sizeof(H)) != 1
|
|
|| sm2_point_mul(&xH, x[i], &H) != 1
|
|
|| sm2_point_add(&C, &C, &xH) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
sm2_point_to_compressed_octets(&C, commit);
|
|
*commitlen = 33;
|
|
return 1;
|
|
}
|
|
|
|
int sm2_commit_vector_open(const sm2_bn_t *x, size_t count, const uint8_t r[32], const uint8_t *commit, size_t commitlen)
|
|
{
|
|
SM2_POINT H;
|
|
SM2_POINT C;
|
|
SM2_POINT C_;
|
|
size_t i;
|
|
|
|
if (count < 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
if (sm2_point_from_octets(&C, commit, commitlen) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
if (sm2_point_from_hash(&H, (uint8_t *)SM2_COMMIT_SEED, sizeof(SM2_COMMIT_SEED)-1) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
if (sm2_point_mul_sum(&C_, x[0], &H, r) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
|
|
for (i = 1; i< count; i++) {
|
|
SM2_POINT xH;
|
|
|
|
if (sm2_point_from_hash(&H, (uint8_t *)&H, sizeof(H)) != 1
|
|
|| sm2_point_mul(&xH, x[i], &H) != 1
|
|
|| sm2_point_add(&C_, &C_, &xH) != 1) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
if (memcmp(&C, &C_, sizeof(SM2_POINT)) != 0) {
|
|
error_print();
|
|
return -1;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int test_sm2_commit(void)
|
|
{
|
|
uint8_t x[32];
|
|
uint8_t xvec[8][32];
|
|
uint8_t r[32];
|
|
uint8_t commit[65];
|
|
size_t commitlen;
|
|
int ret;
|
|
|
|
rand_bytes(x, sizeof(x));
|
|
format_bytes(stderr, 0, 0, "secret", x, sizeof(x));
|
|
|
|
sm2_commit_generate(x, r, commit, &commitlen);
|
|
format_bytes(stderr, 0, 0, "random", r, sizeof(r));
|
|
format_bytes(stderr, 0, 0, "commitment", commit, commitlen);
|
|
|
|
ret = sm2_commit_open(x, r, commit, commitlen);
|
|
printf("open commitment: %s\n", ret == 1 ? "success" : "failure");
|
|
|
|
|
|
sm2_commit_vector_generate(&x, 1, r, commit, &commitlen);
|
|
format_bytes(stderr, 0, 0, "random", r, sizeof(r));
|
|
format_bytes(stderr, 0, 0, "commitment", commit, commitlen);
|
|
|
|
ret = sm2_commit_vector_open(&x, 1, r, commit, commitlen);
|
|
printf("open commitment: %s\n", ret == 1 ? "success" : "failure");
|
|
|
|
|
|
rand_bytes(xvec[0], sizeof(xvec));
|
|
sm2_commit_vector_generate(xvec, 8, r, commit, &commitlen);
|
|
ret = sm2_commit_vector_open(xvec, 8, r, commit, commitlen);
|
|
printf("open commitment: %s\n", ret == 1 ? "success" : "failure");
|
|
|
|
|
|
|
|
return 1;
|
|
}
|