abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 08:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
644386fab6fff325d72fb09e71e7b5ab04308082
GmSSL/test/sm9test.c

454 lines
12 KiB
C
Raw Blame History

/* ====================================================================
* Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "../e_os.h"
#ifdef OPENSSL_NO_SM9
int main(int argc, char **argv)
{
printf("NO SM9 support\n");
return 0;
}
#else
# include <openssl/evp.h>
# include <openssl/err.h>
# include <openssl/sm9.h>
# include <openssl/rand.h>
# include "../crypto/sm9/sm9_lcl.h"
RAND_METHOD fake_rand;
const RAND_METHOD *old_rand = NULL;
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
static const char *rnd_number = NULL;
static int fbytes(unsigned char *buf, int num)
{
int ret = 0;
BIGNUM *bn = NULL;
if (!BN_hex2bn(&bn, rnd_number)) {
goto end;
}
if (BN_num_bytes(bn) > num) {
goto end;
}
memset(buf, 0, num);
if (!BN_bn2bin(bn, buf + num - BN_num_bytes(bn))) {
goto end;
}
ret = 1;
end:
BN_free(bn);
return ret;
}
static int change_rand(const char *hex)
{
if (!(old_rand = RAND_get_rand_method())) {
return 0;
}
fake_rand.seed = old_rand->seed;
fake_rand.cleanup = old_rand->cleanup;
fake_rand.add = old_rand->add;
fake_rand.status = old_rand->status;
fake_rand.bytes = fbytes;
fake_rand.pseudorand = old_rand->bytes;
if (!RAND_set_rand_method(&fake_rand)) {
return 0;
}
rnd_number = hex;
return 1;
}
static int restore_rand(void)
{
rnd_number = NULL;
if (!RAND_set_rand_method(old_rand))
return 0;
else return 1;
}
static int hexequbin(const char *hex, const unsigned char *bin, size_t binlen)
{
int ret = 0;
char *buf = NULL;
size_t i = 0;
size_t buflen = binlen * 2 + 1;
if (binlen * 2 != strlen(hex)) {
return 0;
}
if (!(buf = malloc(binlen * 2 + 1))) {
return 0;
}
for (i = 0; i < binlen; i++) {
sprintf(buf + i*2, "%02X", bin[i]);
}
buf[buflen - 1] = 0;
if (memcmp(hex, buf, binlen * 2) == 0) {
ret = 1;
}
free(buf);
return ret;
}
static int sm9test_sign(const char *id, const unsigned char *msg, size_t msglen,
int use_test_vector)
{
int ret = 0;
SM9PublicParameters *mpk = NULL;
SM9MasterSecret *msk = NULL;
SM9PrivateKey *sk = NULL;
unsigned char sig[256];
size_t siglen = sizeof(sig);
/* test vector */
char *ks = "0130E78459D78545CB54C587E02CF480CE0B66340F319F348A1D5B1F2DC5F4";
char *Ppubs = "04"
"9F64080B3084F733E48AFF4B41B565011CE0711C5E392CFB0AB1B6791B94C408"
"29DBA116152D1F786CE843ED24A3B573414D2177386A92DD8F14D65696EA5E32"
"69850938ABEA0112B57329F447E3A0CBAD3E2FDB1A77F335E89E1408D0EF1C25"
"41E00A53DDA532DA1A7CE027B7A46F741006E85F5CDFF0730E75C05FB4E3216D";
char *ID_A = "Alice";
char *dsA = "04"
"A5702F05CF1315305E2D6EB64B0DEB923DB1A0BCF0CAFF90523AC8754AA69820"
"78559A844411F9825C109F5EE3F52D720DD01785392A727BB1556952B2B013D3";
char *M = "Chinese IBS standard";
char *r = "033C8616B06704813203DFD00965022ED15975C662337AED648835DC4B1CBE";
char *h = "823C4B21E4BD2DFE1ED92C606653E996668563152FC33F55D7BFBB9BD9705ADB";
/*
char *S = "04"
"73BF96923CE58B6AD0E13E9643A406D8EB98417C50EF1B29CEF9ADB48B6D598C"
"856712F1C2E0968AB7769F42A99586AED139D5B8B3E15891827CC2ACED9BAA05";
*/
char *S_comp = "03"
"73BF96923CE58B6AD0E13E9643A406D8EB98417C50EF1B29CEF9ADB48B6D598C";
if (use_test_vector) {
id = ID_A;
msg = (unsigned char *)M;
msglen = strlen(M);
/* generate master secret with test vector */
change_rand(ks);
}
if (!SM9_setup(NID_sm9bn256v1, NID_sm9sign, NID_sm9hash1_with_sm3, &mpk, &msk)) {
ERR_print_errors_fp(stderr);
goto end;
}
/* check msk->masterSecret == ks, msk->publicPpub == Ppubs */
if (use_test_vector) {
BIGNUM *masterSecret = NULL;
if (!BN_hex2bn(&masterSecret, ks)) {
ERR_print_errors_fp(stderr);
goto end;
}
if (BN_cmp(masterSecret, msk->masterSecret) != 0) {
fprintf(stderr, "%s %d: masterSecret failed\n", __FILE__, __LINE__);
goto end;
}
if (!hexequbin(Ppubs, ASN1_STRING_get0_data(msk->pointPpub),
ASN1_STRING_length(msk->pointPpub))) {
fprintf(stderr, "%s %d: publicPoint failed\n", __FILE__, __LINE__);
goto end;
}
}
/* generate private key */
if (!(sk = SM9_extract_private_key(msk, id, strlen(id)))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (use_test_vector) {
/* check sk->privatePoint == dsA */
if (!hexequbin(dsA, ASN1_STRING_get0_data(sk->privatePoint),
ASN1_STRING_length(sk->privatePoint))) {
fprintf(stderr, "%s %d: dsA for '%s' failed\n", __FILE__, __LINE__, id);
goto end;
}
/* sign with test vector */
change_rand(r);
}
if (!SM9_sign(NID_sm3, msg, msglen, sig, &siglen, sk)) {
ERR_print_errors_fp(stderr);
goto end;
}
if (use_test_vector) {
const unsigned char *p = sig;
SM9Signature *sig = NULL;
BIGNUM *bn = NULL;
int err = 0;
if (!(sig = d2i_SM9Signature(NULL, &p, siglen))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!BN_hex2bn(&bn, h)) {
SM9Signature_free(sig);
ERR_print_errors_fp(stderr);
goto end;
}
if (BN_cmp(bn, sig->h) != 0) {
fprintf(stderr, "%s %d: sig->h failed\n", __FILE__, __LINE__);
err++;
}
if (!hexequbin(S_comp, ASN1_STRING_get0_data(sig->pointS),
ASN1_STRING_length(sig->pointS))) {
fprintf(stderr, "%s %d: sig->S failed\n", __FILE__, __LINE__);
err++;
}
SM9Signature_free(sig);
BN_free(bn);
}
ret = SM9_verify(NID_sm3, msg, msglen, sig, siglen, mpk, id, strlen(id));
if (ret < 0) {
ERR_print_errors_fp(stderr);
goto end;
}
end:
SM9PublicParameters_free(mpk);
SM9MasterSecret_free(msk);
SM9PrivateKey_free(sk);
return ret;
}
static int sm9test_wrap(const char *id)
{
int ret = 0;
SM9PublicParameters *mpk = NULL;
SM9MasterSecret *msk = NULL;
SM9PrivateKey *sk = NULL;
unsigned char key[56] = {0};
unsigned char key2[56] = {0};
unsigned char C[65];
size_t Clen;
if (!SM9_setup(NID_sm9bn256v1, NID_sm9encrypt, NID_sm9hash1_with_sm3, &mpk, &msk)) {
goto end;
}
if (!(sk = SM9_extract_private_key(msk, id, strlen(id)))) {
goto end;
}
if (!SM9_wrap_key(NID_sm9kdf_with_sm3, key, sizeof(key), C, &Clen, mpk, id, strlen(id))) {
goto end;
}
if (!SM9_unwrap_key(NID_sm9kdf_with_sm3, key2, sizeof(key2), C, sizeof(C), sk)) {
goto end;
}
if (memcmp(key, key2, sizeof(key2)) != 0) {
goto end;
}
ret = 1;
end:
SM9PublicParameters_free(mpk);
SM9MasterSecret_free(msk);
SM9PrivateKey_free(sk);
return ret;
}
static int sm9test_exch(const char *idA, const char *idB)
{
int ret = 0;
SM9PublicParameters *mpk = NULL;
SM9MasterSecret *msk = NULL;
SM9PrivateKey *skA = NULL;
SM9PrivateKey *skB = NULL;
BIGNUM *rA = BN_new();
BIGNUM *rB = BN_new();
unsigned char RA[65];
unsigned char RB[65];
unsigned char gA[384];
unsigned char gB[384];
size_t RAlen = sizeof(RA);
size_t RBlen = sizeof(RB);
size_t gAlen = sizeof(gA);
size_t gBlen = sizeof(gB);
int type = NID_sm9kdf_with_sm3;
unsigned char SKA[16];
unsigned char SKB[16];
unsigned char SA[32];
unsigned char SB[32];
unsigned char S2[32];
if (!SM9_setup(NID_sm9bn256v1, NID_sm9keyagreement, NID_sm9hash1_with_sm3, &mpk, &msk)
|| !(skA = SM9_extract_private_key(msk, idA, strlen(idA)))
|| !(skB = SM9_extract_private_key(msk, idB, strlen(idB)))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!SM9_generate_key_exchange(RA, &RAlen, rA, gA, &gAlen, idB, strlen(idB), skA, 1)
|| !SM9_generate_key_exchange(RB, &RBlen, rB, gB, &gBlen, idA, strlen(idA), skB, 0)
|| !SM9_compute_share_key_B(type, SKB, sizeof(SKB), SB, S2, rB, RB, RA, gB, idA, strlen(idA), skB)
|| !SM9_compute_share_key_A(type, SKA, sizeof(SKA), SA, SB, rA, RA, RB, gA, idB, strlen(idB), skA)) {
ERR_print_errors_fp(stderr);
goto end;
}
if (memcmp(SKA, SKB, sizeof(SKA)) != 0 || memcmp(SA, S2, sizeof(SA)) != 0) {
goto end;
}
ret = 1;
end:
BN_free(rA);
BN_free(rB);
return ret;
}
static int sm9test_enc(const char *id, const unsigned char *data, size_t datalen)
{
int ret = 0;
SM9PublicParameters *mpk = NULL;
SM9MasterSecret *msk = NULL;
SM9PrivateKey *sk = NULL;
unsigned char mbuf[1024] = {0};
unsigned char cbuf[1024] = {0};
size_t clen, mlen;
if (!SM9_setup(NID_sm9bn256v1, NID_sm9encrypt, NID_sm9hash1_with_sm3, &mpk, &msk)) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(sk = SM9_extract_private_key(msk, id, strlen(id)))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!SM9_encrypt(NID_sm9encrypt_with_sm3_xor, data, datalen,
cbuf, &clen, mpk, id, strlen(id))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!SM9_decrypt(NID_sm9encrypt_with_sm3_xor, cbuf, clen,
mbuf, &mlen, sk)) {
ERR_print_errors_fp(stderr);
goto end;
}
if (mlen != datalen || memcmp(mbuf, data, datalen) != 0) {
goto end;
}
ret = 1;
end:
SM9PublicParameters_free(mpk);
SM9MasterSecret_free(msk);
SM9PrivateKey_free(sk);
return ret;
}
int main(int argc, char **argv)
{
int err = 0;
char *id = "guanzhi1980@gmail.com";
unsigned char in[] = "message to be signed or encrypted";
int use_test_vector = 1;
RAND_seed(rnd_seed, sizeof(rnd_seed));
if (!rate_test()) {
printf("sm9 rate pairing test failed\n");
err++;
} else
printf("sm9 rate pairing test passed\n");
if (!sm9test_sign(id, in, sizeof(in)-1, use_test_vector)) {
printf("sm9 sign tests failed\n");
err++;
} else
printf("sm9 sign tests passed\n");
if (!sm9test_exch(id, "guan@pku.edu.cn")) {
printf("sm9 exch tests failed\n");
err++;
} else
printf("sm9 exch tests passed\n");
if (!sm9test_wrap(id)) {
printf("sm9 key wrap tests failed\n");
err++;
} else
printf("sm9 key wrap tests passed\n");
if (!sm9test_enc(id, in, sizeof(in)-1)) {
printf("sm9 encrypt tests failed\n");
err++;
} else
printf("sm9 encrypt tests passed\n");
if (old_rand)
restore_rand();
return err;
}
#endif
Reference in New Issue View Git Blame Copy Permalink