20221320冯泰瑞-实验二密码算法实现-1-3学时实践过程记录
20221320冯泰瑞-实验二密码算法实现-1-3学时实践过程记录
一、在Ubuntu或openEuler中(推荐openEuler)中调试运行商用密码检测中心https://www.scctc.org.cn/xzzx/sfydm/ydmxz/提供的源代码,至少运行SM2,SM3,SM4代码。使用GmSSL命令验证你代码的正确性。使用Markdown记录详细记录实践过程,每完成一项功能或者一个函数gitcommit一次。
SM2
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ touch sm2.h
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ vim sm2.h
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ cat sm2.h
#ifndef NIST_SM2_H
#define NIST_SM2_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "miracl.h"
#include "mirdef.h"
#include "sm3.h"
#define ERR_INFINITY_POINT 0x00000001
#define ERR_NOT_VALID_ELEMENT 0x00000002
#define ERR_NOT_VALID_POINT 0x00000003
#define ERR_ORDER 0x00000004
#define ERR_ECURVE_INIT 0x00000005
#define ERR_KEYEX_RA 0x00000006
#define ERR_KEYEX_RB 0x00000007
#define ERR_EQUAL_S1SB 0x00000008
#define ERR_EQUAL_S2SA 0x00000009
#define ERR_SELFTEST_Z 0x0000000A
#define ERR_SELFTEST_INI_I 0x0000000B
#define ERR_SELFTEST_RES_I 0x0000000C
#define ERR_SELFTEST_INI_II 0x0000000D
#define ERR_GENERATE_R 0x0000000E
#define ERR_GENERATE_S 0x0000000F
#define ERR_OUTRANGE_R 0x00000010
#define ERR_OUTRANGE_S 0x00000011
#define ERR_GENERATE_T 0x00000012
#define ERR_PUBKEY_INIT 0x00000013
#define ERR_DATA_MEMCMP 0x00000014
#define ERR_ARRAY_NULL 0x00000015
#define ERR_C3_MATCH 0x00000016
#define ERR_SELFTEST_KG 0x00000017
#define ERR_SELFTEST_ENC 0x00000018
#define ERR_SELFTEST_DEC 0x00000019
#define SM2_WORDSIZE 8
#define SM2_NUMBITS 256
#define SM2_NUMWORD (SM2_NUMBITS / SM2_WORDSIZE) //32
#ifdef __cplusplus
extern "C" {
#endif
int SM2_standard_init(void);
int Test_Point(epoint* point);
int Test_PubKey(epoint *pubKey);
int Test_PrivKey(unsigned char privkey[]);
int Test_Range(big x);
int Test_Null(unsigned char array[], int len);
int Test_Zero(big x);
int Test_n(big x);
void SM3_kdf(unsigned char Z[], unsigned short zlen, unsigned short klen, unsigned char K[]);
int SM2_keygeneration_1(big priKey, epoint *pubKey);
int SM2_standard_encrypt(unsigned char* randK, epoint *pubKey, unsigned char M[], int klen, unsigned char C[]);
int SM2_standard_encrypt_2(unsigned char* randK, unsigned char px[], unsigned char py[], unsigned char M[], int klen, unsigned char C[]);
int SM2_standard_decrypt(big dB, unsigned char C[], int Clen, unsigned char M[]);
int SM2_standard_decrypt_2(unsigned char privkey[], unsigned char C[], int Clen, unsigned char M[]);
int SM2_enc_selftest();
int SM2_keygeneration_2(unsigned char PriKey[], unsigned char Px[], unsigned char Py[]);
void SM2_pre_ZA(unsigned char Px[], unsigned char Py[], unsigned char ZA[]);
int SM2_standard_sign(unsigned char *message, int len, unsigned char ZA[], unsigned char rand[], unsigned char d[], unsigned char R[], unsigned char S[]);
int SM2_standard_verify(unsigned char *message, int len, unsigned char ZA[], unsigned char Px[], unsigned char Py[], unsigned char R[], unsigned char S[]);
int SM2_sign_selftest();
int SM2_w(big n);
void SM3_z(unsigned char ID[], unsigned short int ELAN, epoint* pubKey, unsigned char hash[]);
int SM2_standard_keyex_init_i(big ra, epoint* RA);
int SM2_standard_keyex_re_i(big rb, big dB, epoint* RA, epoint* PA, unsigned char ZA[], unsigned char ZB[], unsigned char K[], int klen, epoint* RB, epoint* V, unsigned char hash[]);
int SM2_standard_keyex_init_ii(big ra, big dA, epoint* RA, epoint* RB, epoint* PB, unsigned char ZA[], unsigned char ZB[], unsigned char SB[], unsigned char K[], int klen, unsigned char SA[]);
int SM2_standard_keyex_re_ii(epoint *V, epoint *RA, epoint *RB, unsigned char ZA[], unsigned char ZB[], unsigned char SA[]);
int SM2_standard_keyex_selftest();
#ifdef __cplusplus
}
#endif
#endif
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ touch sm2.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ vim sm2.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ cat sm2.c
#include "sm2alg.h"
#include "sm2.h"
// ECC椭圆曲线参数(SM2标准推荐参数)
static unsigned char SM2_p[32] = {
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
static unsigned char SM2_a[32] = {
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC};
static unsigned char SM2_b[32] = {
0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7,
0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93};
static unsigned char SM2_n[32] = {
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23};
static unsigned char SM2_Gx[32] = {
0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1, 0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7};
static unsigned char SM2_Gy[32] = {
0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40, 0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0};
static unsigned char SM2_h[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
big para_p, para_a, para_b, para_n, para_Gx, para_Gy, para_h;
epoint *G;
miracl *mip;
/*
功能:SM2算法椭圆曲线参数初始化
输入:无
输出:无
返回:0成功 !0失败
*/
int SM2_standard_init(void)
{
epoint *nG;
mip = mirsys(10000, 16);
mip->IOBASE = 16;
para_p = mirvar(0);
para_a = mirvar(0);
para_b = mirvar(0);
para_n = mirvar(0);
para_Gx = mirvar(0);
para_Gy = mirvar(0);
para_h = mirvar(0);
G = epoint_init();
nG = epoint_init();
bytes_to_big(SM2_NUMWORD, SM2_p, para_p);
bytes_to_big(SM2_NUMWORD, SM2_a, para_a);
bytes_to_big(SM2_NUMWORD, SM2_b, para_b);
bytes_to_big(SM2_NUMWORD, SM2_n, para_n);
bytes_to_big(SM2_NUMWORD, SM2_Gx, para_Gx);
bytes_to_big(SM2_NUMWORD, SM2_Gy, para_Gy);
bytes_to_big(SM2_NUMWORD, SM2_h, para_h);
/*Initialises GF(p) elliptic curve.(MR_PROJECTIVE specifying projective coordinates)*/
ecurve_init(para_a, para_b, para_p, MR_PROJECTIVE);
/*initialise point G*/
if (!epoint_set(para_Gx, para_Gy, 0, G)) return ERR_ECURVE_INIT;
ecurve_mult(para_n, G, nG);
/*test if the order of the point is n*/
if (!point_at_infinity(nG)) return ERR_ORDER;
return 0;
}
/*测试该点是否在SM2椭圆曲线上*/
int Test_Point(epoint* point)
{
big x, y, x_3, tmp;
x = mirvar(0);
y = mirvar(0);
x_3 = mirvar(0);
tmp = mirvar(0);
//test if y^2 = x^3 + ax + b
epoint_get(point, x, y);
power(x, 3, para_p, x_3); //x_3 = x^3 mod p
multiply(x, para_a, x); //x = a * x
divide(x, para_p, tmp); //x = a * x mod p, tmp = a * x / p
add(x_3, x, x); //x = x^3 + ax
add(x, para_b, x); //x = x^3 + ax + b
divide(x, para_p, tmp); //x = x^3 + ax + b mod p
power(y, 2, para_p, y); //y = y^2 mod p
if (mr_compare(x, y) != 0) return ERR_NOT_VALID_POINT;
return 0;
}
/*测试公钥点有效性*/
int Test_PubKey(epoint *pubKey)
{
big x, y, x_3, tmp;
epoint *nP;
x = mirvar(0);
y = mirvar(0);
x_3 = mirvar(0);
tmp = mirvar(0);
nP = epoint_init();
if (point_at_infinity(pubKey)) return ERR_INFINITY_POINT;
//test if x < p and y<p both hold
epoint_get(pubKey, x, y);
if ((mr_compare(x, para_p) != -1) || (mr_compare(y, para_p) != -1)) return ERR_NOT_VALID_ELEMENT;
if (Test_Point(pubKey) != 0) return ERR_NOT_VALID_POINT;
//test if the order of pubKey is equal to n
//nP=[n]P if np is point NOT at infinity, return error
ecurve_mult(para_n, pubKey, nP);
if (!point_at_infinity(nP)) return ERR_ORDER;
return 0;
}
/*测试私钥有效性 d range [1, n-2]*/
int Test_PrivKey(unsigned char privkey[])
{
big one, decr_n;
big d;
one = mirvar(0);
decr_n = mirvar(0);
d = mirvar(0);
SM2_standard_init();
bytes_to_big(SM2_NUMWORD, privkey, d);
convert(1, one);
decr(para_n, 2, decr_n);
if ((mr_compare(d, one) < 0) | (mr_compare(d, decr_n) > 0)) return 1;
return 0;
}
/*测试大数是否在范围[1, n-1]内*/
int Test_Range(big x)
{
big one, decr_n;
one = mirvar(0);
decr_n = mirvar(0);
convert(1, one);
decr(para_n, 1, decr_n);
if ((mr_compare(x, one) < 0) | (mr_compare(x, decr_n) > 0)) return 1;
return 0;
}
/* test if the given array is all zero */
int Test_Null(unsigned char array[], int len)
{
int i;
for (i = 0; i < len; i++) if (array[i] != 0x00) return 0;
return 1;
}
/* test if the big x is zero */
int Test_Zero(big x)
{
big zero;
zero = mirvar(0);
if (mr_compare(x, zero) == 0) return 1;
return 0;
}
/* test if the big x is order n */
int Test_n(big x)
{
if (mr_compare(x, para_n) == 0) return 1;
return 0;
}
/* key derivation function */
void SM3_kdf(unsigned char Z[], unsigned short zlen, unsigned short klen, unsigned char K[])
{
unsigned short i, j, t;
unsigned int bitklen;
SM3_STATE md;
unsigned char Ha[SM2_NUMWORD];
unsigned char ct[4] = {0, 0, 0, 1};
bitklen = klen * 8;
if (bitklen % SM2_NUMBITS)
t = bitklen / SM2_NUMBITS + 1;
else
t = bitklen / SM2_NUMBITS;
//s4: K = Ha1 || Ha2 || ...
for (i = 1; i < t; i++)
{
//s2: Hai = Hv(Z || ct)
SM3_init(&md);
SM3_process(&md, Z, zlen);
SM3_process(&md, ct, 4);
SM3_done(&md, Ha);
memcpy((K + SM2_NUMWORD * (i - 1)), Ha, SM2_NUMWORD);
if (ct[3] == 0xff)
{
ct[3] = 0;
if (ct[2] == 0xff)
{
ct[2] = 0;
if (ct[1] == 0xff)
{
ct[1] = 0;
ct[0]++;
}
else
ct[1]++;
}
else
ct[2]++;
}
else
ct[3]++;
}
//s3
SM3_init(&md);
SM3_process(&md, Z, zlen);
SM3_process(&md, ct, 4);
SM3_done(&md, Ha);
if(bitklen % SM2_NUMBITS)
{
i = (SM2_NUMBITS - bitklen + SM2_NUMBITS * (bitklen / SM2_NUMBITS)) / 8;
j = (bitklen - SM2_NUMBITS * (bitklen / SM2_NUMBITS)) / 8;
memcpy((K + SM2_NUMWORD * (t - 1)), Ha, j);
}
else
{
memcpy((K + SM2_NUMWORD * (t - 1)), Ha, SM2_NUMWORD);
}
}
/*
功能:由私钥d生成公钥点G(x,y)
输入:priKey私钥d
输出:pubKey公钥点G(x,y)
返回:0成功 !0失败
*/
int SM2_keygeneration_1(big priKey, epoint *pubKey)
{
int i = 0;
big x, y;
x = mirvar(0);
y = mirvar(0);
//mip = mirsys(1000, 16);
//mip->IOBASE = 16;
ecurve_mult(priKey, G, pubKey);
epoint_get(pubKey, x, y);
if(0 != (i=Test_PubKey(pubKey))) return i;
return 0;
}
/*
功能:用公钥点G(x,y)对消息进行加密
输入:randK随机数、pubKey公钥点、M明文、klen消息长度
输出:C密文
返回:0成功 !0失败
*/
int SM2_standard_encrypt(unsigned char* randK, epoint *pubKey, unsigned char M[], int klen, unsigned char C[])
{
big C1x, C1y, x2, y2, rand;
epoint *C1, *kP, *S;
int i = 0;
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
SM3_STATE md;
C1x = mirvar(0);
C1y = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
rand = mirvar(0);
C1 = epoint_init();
kP = epoint_init();
S = epoint_init();
//step2. calculate C1 = [k]G = (rGx, rGy)
bytes_to_big(SM2_NUMWORD, randK, rand);
ecurve_mult(rand, G, C1); //C1 = [k]G
epoint_get(C1, C1x, C1y);
big_to_bytes(SM2_NUMWORD, C1x, C, 1);
big_to_bytes(SM2_NUMWORD, C1y, C + SM2_NUMWORD, 1);
//step3. test if S = [h]pubKey if the point at infinity
ecurve_mult(para_h, pubKey, S);
if (point_at_infinity(S)) return ERR_INFINITY_POINT;
//step4. calculate [k]PB = (x2, y2)
ecurve_mult(rand, pubKey, kP); //kP = [k]P
epoint_get(kP, x2, y2);
//step5. KDF(x2 || y2, klen)
big_to_bytes(SM2_NUMWORD, x2, x2y2, 1);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1);
SM3_kdf(x2y2, SM2_NUMWORD * 2, klen, C + SM2_NUMWORD * 3);
if (Test_Null(C + SM2_NUMWORD * 3, klen) != 0) return ERR_ARRAY_NULL;
//step6. C2 = M^t
for (i = 0; i < klen; i++) C[SM2_NUMWORD * 3 + i] = M[i] ^ C[SM2_NUMWORD * 3 + i];
//step7. C3 = hash(x2, M, y2)
SM3_init(&md);
SM3_process(&md, x2y2, SM2_NUMWORD);
SM3_process(&md, M, klen);
SM3_process(&md, x2y2 + SM2_NUMWORD, SM2_NUMWORD);
SM3_done(&md, C + SM2_NUMWORD * 2);
return 0;
}
int SM2_standard_encrypt_2(unsigned char* randK, unsigned char px[], unsigned char py[], unsigned char M[], int klen, unsigned char C[])
{
big x,y;
epoint* pubkey;
x = mirvar(0);
y = mirvar(0);
pubkey = epoint_init();
bytes_to_big(SM2_NUMWORD, px, x);
bytes_to_big(SM2_NUMWORD, py, y);
epoint_set(x, y, 0, pubkey);
return SM2_standard_encrypt(randK, pubkey, M, klen, C);
}
/*
功能:用私钥d对消息进行解密
输入:dB私钥、C密文、Clen密文长度
输出:M明文
返回:0成功 !0失败
*/
int SM2_standard_decrypt(big dB, unsigned char C[], int Clen, unsigned char M[])
{
SM3_STATE md;
int i = 0;
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
unsigned char hash[SM2_NUMWORD] = {0};
big C1x, C1y, x2, y2;
epoint *C1, *S, *dBC1;
C1x = mirvar(0);
C1y = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
C1 = epoint_init();
S = epoint_init();
dBC1 = epoint_init();
//step1. test if C1 fits the curve
bytes_to_big(SM2_NUMWORD, C, C1x);
bytes_to_big(SM2_NUMWORD, C + SM2_NUMWORD, C1y);
epoint_set(C1x, C1y, 0, C1);
if(0 != (i = Test_Point(C1))) return i;
//step2. S = [h]C1 and test if S is the point at infinity
ecurve_mult(para_h, C1, S);
if (point_at_infinity(S)) return ERR_INFINITY_POINT;
//step3. [dB]C1 = (x2, y2)
ecurve_mult(dB, C1, dBC1);
epoint_get(dBC1, x2, y2);
big_to_bytes(SM2_NUMWORD, x2, x2y2, 1);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1);
//step4. t = KDF(x2 || y2, klen)
SM3_kdf(x2y2, SM2_NUMWORD * 2, Clen - SM2_NUMWORD * 3, M);
if (Test_Null(M, Clen - SM2_NUMWORD * 3) != 0) return ERR_ARRAY_NULL;
//step5. M = C2^t
for (i = 0; i < Clen - SM2_NUMWORD * 3; i++) M[i] = M[i] ^ C[SM2_NUMWORD * 3 + i];
//step6. hash(x2, m, y2)
SM3_init(&md);
SM3_process(&md, x2y2, SM2_NUMWORD);
SM3_process(&md, M, Clen - SM2_NUMWORD * 3);
SM3_process(&md, x2y2 + SM2_NUMWORD, SM2_NUMWORD);
SM3_done(&md, hash);
if (memcmp(hash, C + SM2_NUMWORD * 2, SM2_NUMWORD) != 0) return ERR_C3_MATCH;
return 0;
}
int SM2_standard_decrypt_2(unsigned char privkey[], unsigned char C[], int Clen, unsigned char M[])
{
big d;
d = mirvar(0);
bytes_to_big(SM2_NUMWORD, privkey, d);
return SM2_standard_decrypt(d, C, Clen, M);
}
/* test whether the SM2 calculation is correct by comparing the result with the standard data */
int SM2_enc_selftest()
{
int tmp = 0, i = 0;
unsigned char Cipher[115] = {0};
unsigned char M[19] = {0};
unsigned char kGxy[SM2_NUMWORD * 2] = {0};
big ks, x, y;
epoint *kG;
//standard data
unsigned char std_priKey[32] = {
0x39, 0x45, 0x20, 0x8F, 0x7B, 0x21, 0x44, 0xB1, 0x3F, 0x36, 0xE3, 0x8A, 0xC6, 0xD3, 0x9F, 0x95,
0x88, 0x93, 0x93, 0x69, 0x28, 0x60, 0xB5, 0x1A, 0x42, 0xFB, 0x81, 0xEF, 0x4D, 0xF7, 0xC5, 0xB8};
unsigned char std_pubKey[64] = {
0x09, 0xF9, 0xDF, 0x31, 0x1E, 0x54, 0x21, 0xA1, 0x50, 0xDD, 0x7D, 0x16, 0x1E, 0x4B, 0xC5, 0xC6,
0x72, 0x17, 0x9F, 0xAD, 0x18, 0x33, 0xFC, 0x07, 0x6B, 0xB0, 0x8F, 0xF3, 0x56, 0xF3, 0x50, 0x20,
0xCC, 0xEA, 0x49, 0x0C, 0xE2, 0x67, 0x75, 0xA5, 0x2D, 0xC6, 0xEA, 0x71, 0x8C, 0xC1, 0xAA, 0x60,
0x0A, 0xED, 0x05, 0xFB, 0xF3, 0x5E, 0x08, 0x4A, 0x66, 0x32, 0xF6, 0x07, 0x2D, 0xA9, 0xAD, 0x13};
unsigned char std_rand[32] = {
0x59, 0x27, 0x6E, 0x27, 0xD5, 0x06, 0x86, 0x1A, 0x16, 0x68, 0x0F, 0x3A, 0xD9, 0xC0, 0x2D, 0xCC,
0xEF, 0x3C, 0xC1, 0xFA, 0x3C, 0xDB, 0xE4, 0xCE, 0x6D, 0x54, 0xB8, 0x0D, 0xEA, 0xC1, 0xBC, 0x21};
unsigned char std_Message[19] = {
0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x73, 0x74, 0x61, 0x6E, 0x64,
0x61, 0x72, 0x64};
unsigned char std_Cipher[115] = {
0x04, 0xEB, 0xFC, 0x71, 0x8E, 0x8D, 0x17, 0x98, 0x62, 0x04, 0x32, 0x26, 0x8E, 0x77, 0xFE, 0xB6,
0x41, 0x5E, 0x2E, 0xDE, 0x0E, 0x07, 0x3C, 0x0F, 0x4F, 0x64, 0x0E, 0xCD, 0x2E, 0x14, 0x9A, 0x73,
0xE8, 0x58, 0xF9, 0xD8, 0x1E, 0x54, 0x30, 0xA5, 0x7B, 0x36, 0xDA, 0xAB, 0x8F, 0x95, 0x0A, 0x3C,
0x64, 0xE6, 0xEE, 0x6A, 0x63, 0x09, 0x4D, 0x99, 0x28, 0x3A, 0xFF, 0x76, 0x7E, 0x12, 0x4D, 0xF0,
0x59, 0x98, 0x3C, 0x18, 0xF8, 0x09, 0xE2, 0x62, 0x92, 0x3C, 0x53, 0xAE, 0xC2, 0x95, 0xD3, 0x03,
0x83, 0xB5, 0x4E, 0x39, 0xD6, 0x09, 0xD1, 0x60, 0xAF, 0xCB, 0x19, 0x08, 0xD0, 0xBD, 0x87, 0x66,
0x21, 0x88, 0x6C, 0xA9, 0x89, 0xCA, 0x9C, 0x7D, 0x58, 0x08, 0x73, 0x07, 0xCA, 0x93, 0x09, 0x2D,
0x65, 0x1E, 0xFA};
mip= mirsys(1000, 16);
mip->IOBASE = 16;
x = mirvar(0);
y = mirvar(0);
ks = mirvar(0);
kG = epoint_init();
bytes_to_big(32, std_priKey, ks); //ks is the standard private key
//initiate SM2 curve
SM2_standard_init();
//generate key pair
if(0 != (tmp = SM2_keygeneration_1(ks, kG)))
{
printf("[ERROR]%s %s: SM2_keygeneration_1() test error\n", __FILE__, __LINE__);
return tmp;
}
epoint_get(kG, x, y);
big_to_bytes(SM2_NUMWORD, x, kGxy, 1);
big_to_bytes(SM2_NUMWORD, y, kGxy + SM2_NUMWORD, 1);
if (memcmp(kGxy, std_pubKey, SM2_NUMWORD * 2) != 0)
{
printf("[ERROR]%s %s: SM2_keygeneration_1() test error\n", __FILE__, __LINE__);
return ERR_SELFTEST_KG;
}
//encrypt data and compare the result with the standard data
if(0 != (tmp = SM2_standard_encrypt(std_rand, kG, std_Message, 19, Cipher)))
{
printf("[ERROR]%s %s: SM2_standard_encrypt() test error\n", __FILE__, __LINE__);
return tmp;
}
if (memcmp(Cipher, std_Cipher, 19 + SM2_NUMWORD * 3) != 0)
{
printf("[ERROR]%s %s: SM2_standard_encrypt() test error\n", __FILE__, __LINE__);
return ERR_SELFTEST_ENC;
}
//decrypt cipher and compare the result with the standard data
if(0 != (tmp = SM2_standard_decrypt(ks, Cipher, 115, M)))
{
printf("[ERROR]%s %s: SM2_standard_decrypt() test error\n", __FILE__, __LINE__);
return tmp;
}
if (memcmp(M, std_Message, 19) != 0)
{
printf("[ERROR]%s %s: SM2_standard_decrypt() test error\n", __FILE__, __LINE__);
return ERR_SELFTEST_DEC;
}
printf("SM2_enc_selftest pass\n");
return 0;
}
/*
功能:由私钥d生成公钥点G(x,y)
输入:PriKey私钥d
输出:Px公钥Gx、Py公钥Gy
返回:0成功 !0失败
*/
int SM2_keygeneration_2(unsigned char PriKey[], unsigned char Px[], unsigned char Py[])
{
int i = 0;
big d, PAx, PAy;
epoint *PA;
SM2_standard_init();
PA = epoint_init();
d = mirvar(0);
PAx = mirvar(0);
PAy = mirvar(0);
bytes_to_big(SM2_NUMWORD, PriKey, d);
ecurve_mult(d, G, PA);
epoint_get(PA, PAx, PAy);
big_to_bytes(SM2_NUMWORD, PAx, Px, TRUE);
big_to_bytes(SM2_NUMWORD, PAy, Py, TRUE);
if(0 != (i = Test_PubKey(PA))) return i;
return 0;
}
/*
功能:预处理,计算ZA
输入:Px公钥Gx、Py公钥Gy
输出:ZA
返回:无
*/
void SM2_pre_ZA(unsigned char Px[], unsigned char Py[], unsigned char ZA[])
{
unsigned char ENTLA[2] = {0x00, 0x80};
unsigned char IDA[16] = {0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38};
unsigned char Msg[210]; //210 = IDA_len + 2 + SM2_NUMWORD * 6
//ZA = Hash(ENTLA || IDA || a || b || Gx || Gy || xA|| yA)
memcpy(Msg, ENTLA, 2);
memcpy(Msg + 2, IDA, sizeof(IDA));
memcpy(Msg + 2 + sizeof(IDA), SM2_a, SM2_NUMWORD);
memcpy(Msg + 2 + sizeof(IDA) + SM2_NUMWORD, SM2_b, SM2_NUMWORD);
memcpy(Msg + 2 + sizeof(IDA) + SM2_NUMWORD * 2, SM2_Gx, SM2_NUMWORD);
memcpy(Msg + 2 + sizeof(IDA) + SM2_NUMWORD * 3, SM2_Gy, SM2_NUMWORD);
memcpy(Msg + 2 + sizeof(IDA) + SM2_NUMWORD * 4, Px, SM2_NUMWORD);
memcpy(Msg + 2 + sizeof(IDA) + SM2_NUMWORD * 5, Py, SM2_NUMWORD);
SM3_256(Msg, 210, ZA);
}
/*
功能:私钥签名
输入:message消息、len消息长度、ZA预处理值、rand随机数、d私钥
输出:R签名R部分、S签名S部分
返回:0成功 !0失败
*/
int SM2_standard_sign(unsigned char *message, int len, unsigned char ZA[], unsigned char rand[], unsigned char d[], unsigned char R[], unsigned char S[])
{
unsigned char hash[SM3_len / 8];
int M_len = len + SM3_len / 8;
unsigned char *M = NULL;
int i;
big dA, r, s, e, k, KGx, KGy;
big rem, rk, z1, z2;
epoint *KG;
if(0 != (i = SM2_standard_init())) return i;
//initiate
dA = mirvar(0);
e = mirvar(0);
k = mirvar(0);
KGx = mirvar(0);
KGy = mirvar(0);
r = mirvar(0);
s = mirvar(0);
rem = mirvar(0);
rk = mirvar(0);
z1 = mirvar(0);
z2 = mirvar(0);
bytes_to_big(SM2_NUMWORD, d, dA); //cinstr(dA, d);
KG = epoint_init();
//step1, set M = ZA || M
M = (char *)malloc(sizeof(char)*(M_len + 1));
memcpy(M, ZA, SM3_len / 8);
memcpy(M + SM3_len / 8, message, len);
//step2, generate e = H(M)
SM3_256(M, M_len, hash);
bytes_to_big(SM3_len / 8, hash, e);
//step3:generate k
bytes_to_big(SM3_len / 8, rand, k);
//step4:calculate kG
ecurve_mult(k, G, KG);
//step5:calculate r
epoint_get(KG, KGx, KGy);
add(e, KGx, r);
divide(r, para_n, rem);
//judge r = 0 or n + k = n?
add(r, k, rk);
if (Test_Zero(r) | Test_n(rk)) return ERR_GENERATE_R;
//step6:generate s
incr(dA, 1, z1);
xgcd(z1, para_n, z1, z1, z1);
multiply(r, dA, z2);
divide(z2, para_n, rem);
subtract(k, z2, z2);
add(z2, para_n, z2);
multiply(z1, z2, s);
divide(s, para_n, rem);
//judge s = 0?
if (Test_Zero(s)) return ERR_GENERATE_S ;
big_to_bytes(SM2_NUMWORD, r, R, TRUE);
big_to_bytes(SM2_NUMWORD, s, S, TRUE);
free(M);
return 0;
}
/*
功能:公钥验证签名
输入:message消息、len消息长度、ZA预处理值、Px公钥Gx、Py公钥Gy、R签名R部分、S签名S部分
输出:无
返回:0成功 !0失败
*/
int SM2_standard_verify(unsigned char *message, int len, unsigned char ZA[], unsigned char Px[], unsigned char Py[], unsigned char R[], unsigned char S[])
{
unsigned char hash[SM3_len / 8];
int M_len = len + SM3_len / 8;
unsigned char *M = NULL;
int i;
big PAx, PAy, r, s, e, t, rem, x1, y1;
big RR;
epoint *PA, *sG, *tPA;
if(0 != (i = SM2_standard_init())) return i;
PAx = mirvar(0);
PAy = mirvar(0);
r = mirvar(0);
s = mirvar(0);
e = mirvar(0);
t = mirvar(0);
x1 = mirvar(0);
y1 = mirvar(0);
rem = mirvar(0);
RR = mirvar(0);
PA = epoint_init();
sG = epoint_init();
tPA = epoint_init();
bytes_to_big(SM2_NUMWORD, Px, PAx);
bytes_to_big(SM2_NUMWORD, Py, PAy);
bytes_to_big(SM2_NUMWORD, R, r);
bytes_to_big(SM2_NUMWORD, S, s);
//initialise public key
if (!epoint_set(PAx, PAy, 0, PA)) return ERR_PUBKEY_INIT;
//step1: test if r belong to [1, n-1]
if (Test_Range(r)) return ERR_OUTRANGE_R;
//step2: test if s belong to [1, n-1]
if (Test_Range(s)) return ERR_OUTRANGE_S;
//step3, generate M
M = (char *)malloc(sizeof(char)*(M_len + 1));
memcpy(M, ZA, SM3_len / 8);
memcpy(M + SM3_len / 8, message, len);
//step4, generate e = H(M)
SM3_256(M, M_len, hash);
bytes_to_big(SM3_len / 8, hash, e);
//step5:generate t
add(r, s, t);
divide(t, para_n, rem);
if (Test_Zero(t)) return ERR_GENERATE_T;
//step 6: generate(x1, y1)
ecurve_mult(s, G, sG);
ecurve_mult(t, PA, tPA);
ecurve_add(sG, tPA);
epoint_get(tPA, x1, y1);
//step7:generate RR
add(e, x1, RR);
divide(RR, para_n, rem);
free(M);
if (0 != mr_compare(RR, r)) return ERR_DATA_MEMCMP;
return 0;
}
/* SM2 self check */
int SM2_sign_selftest()
{
//the private key
unsigned char dA[32] = {
0x39, 0x45, 0x20, 0x8f, 0x7b, 0x21, 0x44, 0xb1, 0x3f, 0x36, 0xe3, 0x8a, 0xc6, 0xd3, 0x9f, 0x95,
0x88, 0x93, 0x93, 0x69, 0x28, 0x60, 0xb5, 0x1a, 0x42, 0xfb, 0x81, 0xef, 0x4d, 0xf7, 0xc5, 0xb8};
unsigned char rand[32] = {
0x59, 0x27, 0x6E, 0x27, 0xD5, 0x06, 0x86, 0x1A, 0x16, 0x68, 0x0F, 0x3A, 0xD9, 0xC0, 0x2D, 0xCC,
0xEF, 0x3C, 0xC1, 0xFA, 0x3C, 0xDB, 0xE4, 0xCE, 0x6D, 0x54, 0xB8, 0x0D, 0xEA, 0xC1, 0xBC, 0x21};
//the public key
/*
unsigned char xA[32] = {
0x09, 0xf9, 0xdf, 0x31, 0x1e, 0x54, 0x21, 0xa1, 0x50, 0xdd, 0x7d, 0x16, 0x1e, 0x4b, 0xc5, 0xc6,
0x72, 0x17, 0x9f, 0xad, 0x18, 0x33, 0xfc, 0x07, 0x6b, 0xb0, 0x8f, 0xf3, 0x56, 0xf3, 0x50, 0x20};
unsigned char yA[32] = {
0xcc, 0xea, 0x49, 0x0c, 0xe2, 0x67, 0x75, 0xa5, 0x2d, 0xc6, 0xea, 0x71, 0x8c, 0xc1, 0xaa, 0x60,
0x0a, 0xed, 0x05, 0xfb, 0xf3, 0x5e, 0x08, 0x4a, 0x66, 0x32, 0xf6, 0x07, 0x2d, 0xa9, 0xad, 0x13};
*/
unsigned char xA[32], yA[32];
unsigned char r[32], s[32]; // Signature
unsigned char IDA[16] = {
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38}; //ASCII code of userA's identification
int IDA_len = 16;
unsigned char ENTLA[2] = {0x00, 0x80}; //the length of userA's identification, presentation in ASCII code
unsigned char *message = "message digest"; //the message to be signed
int len = strlen(message); //the length of message
unsigned char ZA[SM3_len / 8]; //ZA = Hash(ENTLA || IDA || a || b || Gx || Gy || xA|| yA)
unsigned char Msg[210]; //210 = IDA_len + 2 + SM2_NUMWORD * 6
int temp;
mip = mirsys(10000, 16);
mip->IOBASE = 16;
if(0 != (temp = SM2_keygeneration_2(dA, xA, yA))) return temp;
//ENTLA || IDA || a || b || Gx || Gy || xA || yA
memcpy(Msg, ENTLA, 2);
memcpy(Msg + 2, IDA, IDA_len);
memcpy(Msg + 2 + IDA_len, SM2_a, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD, SM2_b, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 2, SM2_Gx, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 2, SM2_Gx, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 3, SM2_Gy, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 4, xA, SM2_NUMWORD);
memcpy(Msg + 2 + IDA_len + SM2_NUMWORD * 5, yA, SM2_NUMWORD);
SM3_256(Msg, 210, ZA);
if(0 != (temp = SM2_standard_sign(message, len, ZA, rand, dA, r, s))) return temp;
if(0 != (temp = SM2_standard_verify(message, len, ZA, xA, yA, r, s))) return temp;
return 0;
}
///////////////////////////////////////////////////
// SM2 密钥协商 ///////////
///////////////////////////////////////////////////
/* calculation of w */
int SM2_w(big n)
{
big n1;
int w = 0;
n1 = mirvar(0);
w = logb2(para_n); //approximate integer log to the base 2 of para_n
expb2(w, n1); //n1 = 2^w
if (mr_compare(para_n, n1) == 1) w++;
if ((w % 2) == 0) w = w / 2 - 1;
else w = (w + 1) / 2 - 1;
return w;
}
/* calculation of ZA or ZB */
void SM3_z(unsigned char ID[], unsigned short int ELAN, epoint* pubKey, unsigned char hash[])
{
unsigned char Px[SM2_NUMWORD] = {0}, Py[SM2_NUMWORD] = {0};
unsigned char IDlen[2] = {0};
big x, y;
SM3_STATE md;
x = mirvar(0);
y = mirvar(0);
epoint_get(pubKey, x, y);
big_to_bytes(SM2_NUMWORD, x, Px, 1);
big_to_bytes(SM2_NUMWORD, y, Py, 1);
memcpy(IDlen, &ELAN + 1, 1);
memcpy(IDlen + 1, &ELAN, 1);
SM3_init(&md);
SM3_process(&md, IDlen, 2);
SM3_process(&md, ID, ELAN / 8);
SM3_process(&md, SM2_a, SM2_NUMWORD);
SM3_process(&md, SM2_b, SM2_NUMWORD);
SM3_process(&md, SM2_Gx, SM2_NUMWORD);
SM3_process(&md, SM2_Gy, SM2_NUMWORD);
SM3_process(&md, Px, SM2_NUMWORD);
SM3_process(&md, Py, SM2_NUMWORD);
SM3_done(&md, hash);
return;
}
/* calculate RA */
int SM2_standard_keyex_init_i(big ra, epoint* RA)
{
return SM2_keygeneration_1(ra, RA);
}
/* calculate RB and a secret key */
int SM2_standard_keyex_re_i(big rb, big dB, epoint* RA, epoint* PA, unsigned char ZA[], unsigned char ZB[], unsigned char K[], int klen, epoint* RB, epoint* V, unsigned char hash[])
{
SM3_STATE md;
int i = 0, w = 0;
unsigned char Z[SM2_NUMWORD * 2 + SM3_len / 4] = {0};
unsigned char x1y1[SM2_NUMWORD * 2] = {0};
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
unsigned char temp = 0x02;
big x1, y1, x1_, x2, y2, x2_, tmp, Vx, Vy, temp_x, temp_y;
//mip = mirsys(1000, 16);
//mip->IOBASE = 16;
x1 = mirvar(0);
y1 = mirvar(0);
x1_ = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
x2_ = mirvar(0);
tmp = mirvar(0);
Vx = mirvar(0);
Vy = mirvar(0);
temp_x = mirvar(0);
temp_y = mirvar(0);
w = SM2_w(para_n);
//--------B2: RB = [rb]G = (x2, y2)--------
SM2_keygeneration_1(rb, RB);
epoint_get(RB, x2, y2);
big_to_bytes(SM2_NUMWORD, x2, x2y2, 1);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, 1);
//--------B3: x2_ = 2^w + x2 & (2^w - 1)--------
expb2(w, x2_); //x2_ = 2^w
divide(x2, x2_, tmp); //x2 = x2 mod x2_ = x2 & (2^w - 1)
add(x2_, x2, x2_);
divide(x2_, para_n, tmp); //x2_ = n mod q
//--------B4: tB = (dB + x2_ * rB) mod n--------
multiply(x2_, rb, x2_);
add(dB, x2_, x2_);
divide(x2_, para_n, tmp);
//--------B5: x1_ = 2^w + x1 & (2^w - 1)--------
if (Test_Point(RA) != 0)
{
return ERR_KEYEX_RA;
}
epoint_get(RA, x1, y1);
big_to_bytes(SM2_NUMWORD, x1, x1y1, 1);
big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, 1);
expb2(w, x1_); //x1_ = 2^w
divide(x1, x1_, tmp); //x1 = x1 mod x1_ = x1 & (2^w - 1)
add(x1_,x1, x1_);
divide(x1_, para_n, tmp); //x1_ = n mod q
//--------B6: V = [h * tB](PA + [x1_]RA)--------
ecurve_mult(x1_, RA, V); //v = [x1_]RA
epoint_get(V, temp_x, temp_y);
ecurve_add(PA, V); //V = PA + V
epoint_get(V, temp_x, temp_y);
multiply(para_h, x2_, x2_); //tB = tB * h
ecurve_mult(x2_, V, V);
if (point_at_infinity(V) == 1)
{
return ERR_INFINITY_POINT;
}
epoint_get(V, Vx, Vy);
big_to_bytes(SM2_NUMWORD, Vx, Z, 1);
big_to_bytes(SM2_NUMWORD, Vy, Z + SM2_NUMWORD, 1);
//------------B7:KB = KDF(VX, VY, ZA, ZB, KLEN)----------
memcpy(Z + SM2_NUMWORD * 2, ZA, SM3_len / 8);
memcpy(Z + SM2_NUMWORD * 2 + SM3_len / 8, ZB, SM3_len / 8);
SM3_kdf(Z, SM2_NUMWORD * 2 + SM3_len / 4, klen / 8, K);
//---------------B8:(optional)SB = hash(0x02 || Vy || HASH(Vx || ZA || ZB || x1 || y1 || x2 || y2)-------------
SM3_init(&md);
SM3_process(&md, Z, SM2_NUMWORD);
SM3_process(&md, ZA, SM3_len / 8);
SM3_process(&md, ZB, SM3_len / 8);
SM3_process(&md, x1y1, SM2_NUMWORD * 2);
SM3_process(&md, x2y2, SM2_NUMWORD * 2);
SM3_done(&md, hash);
SM3_init(&md);
SM3_process(&md, &temp, 1);
SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD);
SM3_process(&md, hash, SM3_len / 8);
SM3_done(&md, hash);
return 0;
}
/* initiator A calculates the secret key out of RA and RB, and calculates a hash */
int SM2_standard_keyex_init_ii(big ra, big dA, epoint* RA, epoint* RB, epoint* PB, unsigned char ZA[], unsigned char ZB[], unsigned char SB[], unsigned char K[], int klen, unsigned char SA[])
{
SM3_STATE md;
int i = 0, w = 0;
unsigned char Z[SM2_NUMWORD * 2 + SM3_len / 4] = {0};
unsigned char x1y1[SM2_NUMWORD * 2] = {0};
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
unsigned char hash[SM2_NUMWORD], S1[SM2_NUMWORD];
unsigned char temp[2] = {0x02, 0x03};
big x1, y1, x1_, x2, y2, x2_, tmp, Ux, Uy, temp_x, temp_y, tA;
epoint* U;
//mip = mirsys(1000, 16);
//mip->IOBASE = 16;
U = epoint_init();
x1 = mirvar(0);
y1 = mirvar(0);
x1_ = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
x2_ = mirvar(0);
tmp = mirvar(0);
Ux = mirvar(0);
Uy = mirvar(0);
temp_x = mirvar(0);
temp_y = mirvar(0);
tA=mirvar(0);
w = SM2_w(para_n);
epoint_get(RA, x1, y1);
big_to_bytes(SM2_NUMWORD, x1, x1y1, TRUE);
big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, TRUE);
//--------A4: x1_ = 2^w + x2 & (2^w - 1)--------
expb2(w, x1_); //x1_ = 2^w
divide(x1, x1_, tmp); //x1 = x1 mod x1_ = x1 & (2^w - 1)
add(x1_, x1, x1_);
divide(x1_, para_n, tmp);
//-------- A5:tA = (dA + x1_ * rA) mod n--------
multiply(x1_, ra, tA);
divide(tA, para_n, tmp);
add(tA, dA, tA);
divide(tA, para_n, tmp);
//-------- A6:x2_ = 2^w + x2 & (2^w - 1)-----------------
if (Test_Point(RB) != 0)
{
return ERR_KEYEX_RB;
}
epoint_get(RB, x2, y2);
big_to_bytes(SM2_NUMWORD, x2, x2y2, TRUE);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, TRUE);
expb2(w, x2_); //x2_ = 2^w
divide(x2, x2_, tmp); //x2 = x2 mod x2_ = x2 & (2^w - 1)
add(x2_, x2, x2_);
divide(x2_, para_n, tmp);
//--------A7:U = [h * tA](PB + [x2_]RB)-----------------
ecurve_mult(x2_, RB, U); //U = [x2_]RB
epoint_get(U, temp_x, temp_y);
ecurve_add(PB, U); //U = PB + U
epoint_get(U, temp_x, temp_y);
multiply(para_h, tA, tA); //tA = tA * h
divide(tA, para_n, tmp);
ecurve_mult(tA, U, U);
if (point_at_infinity(U) == 1)
{
return ERR_INFINITY_POINT;
}
epoint_get(U, Ux, Uy);
big_to_bytes(SM2_NUMWORD, Ux, Z, 1);
big_to_bytes(SM2_NUMWORD, Uy, Z + SM2_NUMWORD, 1);
//------------A8:KA = KDF(UX, UY, ZA, ZB, KLEN)----------
memcpy(Z + SM2_NUMWORD * 2, ZA, SM3_len / 8);
memcpy(Z + SM2_NUMWORD * 2 + SM3_len / 8, ZB, SM3_len / 8);
SM3_kdf(Z, SM2_NUMWORD * 2 + SM3_len / 4, klen / 8, K);
//---------------A9:(optional) S1 = Hash(0x02 || Uy || Hash(Ux || ZA || ZB || x1 || y1 || x2 || y2))-----------
SM3_init (&md);
SM3_process(&md, Z, SM2_NUMWORD);
SM3_process(&md, ZA, SM3_len / 8);
SM3_process(&md, ZB, SM3_len / 8);
SM3_process(&md, x1y1, SM2_NUMWORD * 2);
SM3_process(&md, x2y2, SM2_NUMWORD * 2);
SM3_done(&md, hash);
SM3_init(&md);
SM3_process(&md, temp, 1);
SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD);
SM3_process(&md, hash, SM3_len / 8);
SM3_done(&md, S1);
//test S1 = SB?
if (memcmp(S1, SB, SM2_NUMWORD) != 0)
{
return ERR_EQUAL_S1SB;
}
//---------------A10 SA = Hash(0x03 || yU || Hash(xU || ZA || ZB || x1 || y1 || x2 || y2))-------------
SM3_init(&md);
SM3_process(&md, &temp[1], 1);
SM3_process(&md, Z + SM2_NUMWORD, SM2_NUMWORD);
SM3_process(&md, hash, SM3_len / 8);
SM3_done(&md, SA);
return 0;
}
/* (optional)Step B10: verifies the hash value received from initiator A */
int SM2_standard_keyex_re_ii(epoint *V, epoint *RA, epoint *RB, unsigned char ZA[], unsigned char ZB[], unsigned char SA[])
{
big x1, y1, x2, y2, Vx, Vy;
unsigned char hash[SM2_NUMWORD], S2[SM2_NUMWORD];
unsigned char temp = 0x03;
unsigned char xV[SM2_NUMWORD], yV[SM2_NUMWORD];
unsigned char x1y1[SM2_NUMWORD * 2] = {0};
unsigned char x2y2[SM2_NUMWORD * 2] = {0};
SM3_STATE md;
x1 = mirvar(0);
y1 = mirvar(0);
x2 = mirvar(0);
y2 = mirvar(0);
Vx = mirvar(0);
Vy = mirvar(0);
epoint_get(RA, x1, y1);
epoint_get(RB, x2, y2);
epoint_get(V, Vx, Vy);
big_to_bytes(SM2_NUMWORD, Vx, xV, TRUE);
big_to_bytes(SM2_NUMWORD, Vy, yV, TRUE);
big_to_bytes(SM2_NUMWORD, x1, x1y1, TRUE);
big_to_bytes(SM2_NUMWORD, y1, x1y1 + SM2_NUMWORD, TRUE);
big_to_bytes(SM2_NUMWORD, x2, x2y2, TRUE);
big_to_bytes(SM2_NUMWORD, y2, x2y2 + SM2_NUMWORD, TRUE);
//---------------B10:(optional) S2 = Hash(0x03 || Vy || Hash(Vx || ZA || ZB || x1 || y1 || x2 || y2))
SM3_init(&md);
SM3_process(&md, xV, SM2_NUMWORD);
SM3_process(&md, ZA, SM3_len / 8);
SM3_process(&md, ZB, SM3_len / 8);
SM3_process(&md, x1y1, SM2_NUMWORD * 2);
SM3_process(&md, x2y2, SM2_NUMWORD * 2);
SM3_done(&md, hash);
SM3_init(&md);
SM3_process(&md, &temp, 1);
SM3_process(&md, yV, SM2_NUMWORD);
SM3_process(&md, hash, SM3_len / 8);
SM3_done(&md, S2);
if (memcmp(S2, SA, SM3_len / 8) != 0)
{
return ERR_EQUAL_S2SA;
}
return 0;
}
/* self check of SM2 key exchange */
int SM2_standard_keyex_selftest()
{
//standard data
unsigned char std_priKeyA[SM2_NUMWORD] = {
0x81, 0xEB, 0x26, 0xE9, 0x41, 0xBB, 0x5A, 0xF1, 0x6D, 0xF1, 0x16, 0x49, 0x5F, 0x90, 0x69, 0x52,
0x72, 0xAE, 0x2C, 0xD6, 0x3D, 0x6C, 0x4A, 0xE1, 0x67, 0x84, 0x18, 0xBE, 0x48, 0x23, 0x00, 0x29};
unsigned char std_pubKeyA[SM2_NUMWORD * 2] = {
0x16, 0x0E, 0x12, 0x89, 0x7D, 0xF4, 0xED, 0xB6, 0x1D, 0xD8, 0x12, 0xFE, 0xB9, 0x67, 0x48, 0xFB,
0xD3, 0xCC, 0xF4, 0xFF, 0xE2, 0x6A, 0xA6, 0xF6, 0xDB, 0x95, 0x40, 0xAF, 0x49, 0xC9, 0x42, 0x32,
0x4A, 0x7D, 0xAD, 0x08, 0xBB, 0x9A, 0x45, 0x95, 0x31, 0x69, 0x4B, 0xEB, 0x20, 0xAA, 0x48, 0x9D,
0x66, 0x49, 0x97, 0x5E, 0x1B, 0xFC, 0xF8, 0xC4, 0x74, 0x1B, 0x78, 0xB4, 0xB2, 0x23, 0x00, 0x7F};
unsigned char std_randA[SM2_NUMWORD] = {
0xD4, 0xDE, 0x15, 0x47, 0x4D, 0xB7, 0x4D, 0x06, 0x49, 0x1C, 0x44, 0x0D, 0x30, 0x5E, 0x01, 0x24,
0x00, 0x99, 0x0F, 0x3E, 0x39, 0x0C, 0x7E, 0x87, 0x15, 0x3C, 0x12, 0xDB, 0x2E, 0xA6, 0x0B, 0xB3};
unsigned char std_priKeyB[SM2_NUMWORD] = {
0x78, 0x51, 0x29, 0x91, 0x7D, 0x45, 0xA9, 0xEA, 0x54, 0x37, 0xA5, 0x93, 0x56, 0xB8, 0x23, 0x38,
0xEA, 0xAD, 0xDA, 0x6C, 0xEB, 0x19, 0x90, 0x88, 0xF1, 0x4A, 0xE1, 0x0D, 0xEF, 0xA2, 0x29, 0xB5};
unsigned char std_pubKeyB[SM2_NUMWORD * 2] = {
0x6A, 0xE8, 0x48, 0xC5, 0x7C, 0x53, 0xC7, 0xB1, 0xB5, 0xFA, 0x99, 0xEB, 0x22, 0x86, 0xAF, 0x07,
0x8B, 0xA6, 0x4C, 0x64, 0x59, 0x1B, 0x8B, 0x56, 0x6F, 0x73, 0x57, 0xD5, 0x76, 0xF1, 0x6D, 0xFB,
0xEE, 0x48, 0x9D, 0x77, 0x16, 0x21, 0xA2, 0x7B, 0x36, 0xC5, 0xC7, 0x99, 0x20, 0x62, 0xE9, 0xCD,
0x09, 0xA9, 0x26, 0x43, 0x86, 0xF3, 0xFB, 0xEA, 0x54, 0xDF, 0xF6, 0x93, 0x05, 0x62, 0x1C, 0x4D};
unsigned char std_randB[SM2_NUMWORD] = {
0x7E, 0x07, 0x12, 0x48, 0x14, 0xB3, 0x09, 0x48, 0x91, 0x25, 0xEA, 0xED, 0x10, 0x11, 0x13, 0x16,
0x4E, 0xBF, 0x0F, 0x34, 0x58, 0xC5, 0xBD, 0x88, 0x33, 0x5C, 0x1F, 0x9D, 0x59, 0x62, 0x43, 0xD6};
unsigned char std_IDA[16] = {
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38};
unsigned char std_IDB[16] = {
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38};
unsigned short int std_ENTLA = 0x0080;
unsigned short int std_ENTLB = 0x0080;
unsigned char std_ZA[SM3_len] = {
0x3B, 0x85, 0xA5, 0x71, 0x79, 0xE1, 0x1E, 0x7E, 0x51, 0x3A, 0xA6, 0x22, 0x99, 0x1F, 0x2C, 0xA7,
0x4D, 0x18, 0x07, 0xA0, 0xBD, 0x4D, 0x4B, 0x38, 0xF9, 0x09, 0x87, 0xA1, 0x7A, 0xC2, 0x45, 0xB1};
unsigned char std_ZB[SM3_len] = {
0x79, 0xC9, 0x88, 0xD6, 0x32, 0x29, 0xD9, 0x7E, 0xF1, 0x9F, 0xE0, 0x2C, 0xA1, 0x05, 0x6E, 0x01,
0xE6, 0xA7, 0x41, 0x1E, 0xD2, 0x46, 0x94, 0xAA, 0x8F, 0x83, 0x4F, 0x4A, 0x4A, 0xB0, 0x22, 0xF7};
unsigned char std_RA[SM2_NUMWORD * 2] = {
0x64, 0xCE, 0xD1, 0xBD, 0xBC, 0x99, 0xD5, 0x90, 0x04, 0x9B, 0x43, 0x4D, 0x0F, 0xD7, 0x34, 0x28,
0xCF, 0x60, 0x8A, 0x5D, 0xB8, 0xFE, 0x5C, 0xE0, 0x7F, 0x15, 0x02, 0x69, 0x40, 0xBA, 0xE4, 0x0E,
0x37, 0x66, 0x29, 0xC7, 0xAB, 0x21, 0xE7, 0xDB, 0x26, 0x09, 0x22, 0x49, 0x9D, 0xDB, 0x11, 0x8F,
0x07, 0xCE, 0x8E, 0xAA, 0xE3, 0xE7, 0x72, 0x0A, 0xFE, 0xF6, 0xA5, 0xCC, 0x06, 0x20, 0x70, 0xC0};
unsigned char std_K[16] = {
0x6C, 0x89, 0x34, 0x73, 0x54, 0xDE, 0x24, 0x84, 0xC6, 0x0B, 0x4A, 0xB1, 0xFD, 0xE4, 0xC6, 0xE5};
unsigned char std_RB[SM2_NUMWORD * 2] = {
0xAC, 0xC2, 0x76, 0x88, 0xA6, 0xF7, 0xB7, 0x06, 0x09, 0x8B, 0xC9, 0x1F, 0xF3, 0xAD, 0x1B, 0xFF,
0x7D, 0xC2, 0x80, 0x2C, 0xDB, 0x14, 0xCC, 0xCC, 0xDB, 0x0A, 0x90, 0x47, 0x1F, 0x9B, 0xD7, 0x07,
0x2F, 0xED, 0xAC, 0x04, 0x94, 0xB2, 0xFF, 0xC4, 0xD6, 0x85, 0x38, 0x76, 0xC7, 0x9B, 0x8F, 0x30,
0x1C, 0x65, 0x73, 0xAD, 0x0A, 0xA5, 0x0F, 0x39, 0xFC, 0x87, 0x18, 0x1E, 0x1A, 0x1B, 0x46, 0xFE};
unsigned char std_SB[SM3_len] = {
0xD3, 0xA0, 0xFE, 0x15, 0xDE, 0xE1, 0x85, 0xCE, 0xAE, 0x90, 0x7A, 0x6B, 0x59, 0x5C, 0xC3, 0x2A,
0x26, 0x6E, 0xD7, 0xB3, 0x36, 0x7E, 0x99, 0x83, 0xA8, 0x96, 0xDC, 0x32, 0xFA, 0x20, 0xF8, 0xEB};
int std_Klen = 128; //bit len
int temp;
big x, y, dA, dB, rA, rB;
epoint* pubKeyA, *pubKeyB, *RA, *RB, *V;
unsigned char hash[SM3_len / 8] = {0};
unsigned char ZA[SM3_len / 8] = {0};
unsigned char ZB[SM3_len / 8] = {0};
unsigned char xy[SM2_NUMWORD * 2] = {0};
unsigned char *KA, *KB;
unsigned char SA[SM3_len / 8];
KA = malloc(std_Klen / 8);
KB = malloc(std_Klen / 8);
mip = mirsys(1000, 16);
mip->IOBASE = 16;
x = mirvar(0);
y = mirvar(0);
dA = mirvar(0);
dB = mirvar(0);
rA = mirvar(0);
rB = mirvar(0);
pubKeyA = epoint_init();
pubKeyB = epoint_init();
RA = epoint_init();
RB = epoint_init();
V = epoint_init();
SM2_standard_init();
bytes_to_big(SM2_NUMWORD, std_priKeyA, dA);
bytes_to_big(SM2_NUMWORD, std_priKeyB, dB);
bytes_to_big(SM2_NUMWORD, std_randA, rA);
bytes_to_big(SM2_NUMWORD, std_randB, rB);
bytes_to_big(SM2_NUMWORD, std_pubKeyA, x);
bytes_to_big(SM2_NUMWORD, std_pubKeyA + SM2_NUMWORD, y);
epoint_set(x, y, 0, pubKeyA);
bytes_to_big(SM2_NUMWORD, std_pubKeyB, x);
bytes_to_big(SM2_NUMWORD, std_pubKeyB + SM2_NUMWORD, y);
epoint_set(x, y, 0, pubKeyB);
SM3_z(std_IDA, std_ENTLA, pubKeyA, ZA);
if (memcmp(ZA, std_ZA, SM3_len / 8) != 0)
return ERR_SELFTEST_Z;
SM3_z(std_IDB, std_ENTLB, pubKeyB, ZB);
if (memcmp(ZB, std_ZB, SM3_len / 8) != 0)
return ERR_SELFTEST_Z;
temp = SM2_standard_keyex_init_i(rA, RA);
if (temp)
return temp;
epoint_get(RA, x, y);
big_to_bytes(SM2_NUMWORD, x, xy, 1);
big_to_bytes(SM2_NUMWORD, y, xy + SM2_NUMWORD, 1);
if (memcmp(xy, std_RA, SM2_NUMWORD * 2) != 0)
return ERR_SELFTEST_INI_I;
temp = SM2_standard_keyex_re_i(rB, dB, RA, pubKeyA, ZA, ZB, KA, std_Klen, RB, V, hash);
if (temp)
return temp;
if (memcmp(KA, std_K, std_Klen / 8) != 0)
return ERR_SELFTEST_RES_I;
temp = SM2_standard_keyex_init_ii(rA, dA, RA, RB, pubKeyB, ZA, ZB, hash, KB, std_Klen, SA);
if (temp)
return temp;
if (memcmp(KB, std_K, std_Klen / 8) != 0)
return ERR_SELFTEST_INI_II;
if (SM2_standard_keyex_re_ii(V, RA, RB, ZA, ZB, SA) != 0)
return ERR_EQUAL_S2SA;
free(KA);
free(KB);
return 0;
}
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ touch sm_test.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ vim sm_test.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ cat sm_test.c
int main(int argc, char* argv[])
{
char* c_error[2] = {"error", "pass"};
char* error = NULL;
const char* c_base_message = "6D65737361676520646967657374";//"message digest"
const char* c_base_data = "656E6372797074696F6E207374616E64617264";//"encryption standard"
const char* c_base_privkey = "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8";//测试用私钥d
const char* c_base_pubx = "09F9DF311E5421A150DD7D161E4BC5C672179FAD1833FC076BB08FF356F35020";//测试用公钥GX
const char* c_base_puby = "CCEA490CE26775A52DC6EA718CC1AA600AED05FBF35E084A6632F6072DA9AD13";//测试用公钥GY
const char* c_base_rand = "59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21";//测试用随机数k
const char* c_base_za = "B2E14C5C79C6DF5B85F4FE7ED8DB7A262B9DA7E07CCB0EA9F4747B8CCDA8A4F3";//测试用ZA
const char* c_base_sign_r = "F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3";//测试用SIGN_R
const char* c_base_sign_s = "B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA";//测试用SIGN_S
const char* c_base_kGx = "04EBFC718E8D1798620432268E77FEB6415E2EDE0E073C0F4F640ECD2E149A73";//C1:[k]G
const char* c_base_kGy = "E858F9D81E5430A57B36DAAB8F950A3C64E6EE6A63094D99283AFF767E124DF0";//C1:[k]G
const char* c_base_C3 = "59983C18F809E262923C53AEC295D30383B54E39D609D160AFCB1908D0BD8766";//C3:Hash(kGx || M || KGy)
const char* c_base_C2 = "21886CA989CA9C7D58087307CA93092D651EFA";//C2:M^KDF(kGx || kGy, bits(M))
unsigned char base_message[14];
unsigned char base_data[19];
unsigned char base_privkey[32];
unsigned char base_pubx[32];
unsigned char base_puby[32];
unsigned char base_rand[32];
unsigned char base_za[32];
unsigned char base_sign_r[32];
unsigned char base_sign_s[32];
unsigned char base_cipher[32+32+32+19];
unsigned char temp[65] = {0};
unsigned char privkey[32];
unsigned char px[32];
unsigned char py[32];
unsigned char za[32];
unsigned char sign_r[32];
unsigned char sign_s[32];
unsigned char cipher[32+32+32+19];
unsigned char plain[19];
hex2bytes(c_base_message, 28, base_message);
hex2bytes(c_base_data, 38, base_data);
hex2bytes(c_base_privkey, 64, base_privkey);
hex2bytes(c_base_pubx, 64, base_pubx);
hex2bytes(c_base_puby, 64, base_puby);
hex2bytes(c_base_rand, 64, base_rand);
hex2bytes(c_base_za, 64, base_za);
hex2bytes(c_base_sign_r, 64, base_sign_r);
hex2bytes(c_base_sign_s, 64, base_sign_s);
hex2bytes(c_base_kGx, 64, base_cipher);
hex2bytes(c_base_kGy, 64, base_cipher+32);
hex2bytes(c_base_C3, 64, base_cipher+64);
hex2bytes(c_base_C2, 38, base_cipher+96);
printf("==============================================================================\n");
printf("%-8s = %s [for test sign]\n", "message", c_base_message);
printf("%-8s = %s [for test enc]\n", "data", c_base_data);
printf("%-8s = %s\n", "privkey", c_base_privkey);
printf("%-8s = %s\n", "pubx", c_base_pubx);
printf("%-8s = %s\n", "puby", c_base_puby);
printf("%-8s = %s\n", "rand", c_base_rand);
printf("%-8s = %s\n", "ZA", c_base_za);
printf("%-8s = %s\n", "sign_R", c_base_sign_r);
printf("%-8s = %s\n", "sign_S", c_base_sign_s);
printf("%-8s = %s\n", "cipher", c_base_kGx);
printf("%-8s %s\n", "", c_base_kGy);
printf("%-8s %s\n", "", c_base_C3);
printf("%-8s %s\n", "", c_base_C2);
printf("==============================================================================\n\n");
if(0 != SM2_keypair_generation(base_privkey, privkey, px, py))
{
printf("SM2_keypair_generation()==>error\n");
return -1;
}
if(0 != memcmp(privkey, base_privkey, 32)) error = c_error[0];
else error = c_error[1];
bytes2hex(privkey, 32, temp);
printf("generate privkey = %s [%s]\n", temp, error);
if(0 != memcmp(px, base_pubx, 32)) error = c_error[0];
else error = c_error[1];
bytes2hex(px, 32, temp);
printf("generate pubx = %s [%s]\n", temp, error);
if(0 != memcmp(py, base_puby, 32)) error = c_error[0];
else error = c_error[1];
bytes2hex(py, 32, temp);
printf("generate puby = %s [%s]\n", temp, error);
SM2_sign_pre(px, py, za);
if(0 != memcmp(za, base_za, 32)) error = c_error[0];
else error = c_error[1];
bytes2hex(za, 32, temp);
printf("generate ZA = %s [%s]\n", temp, error);
if(0 != SM2_sign(privkey, za, base_message, sizeof(base_message), base_rand, sign_r, sign_s))
{
printf("SM2_sign()==>error\n");
return -1;
}
if(0 != memcmp(sign_r, base_sign_r, 32)) error = c_error[0];
else error = c_error[1];
bytes2hex(sign_r, 32, temp);
printf("generate sign_r = %s [%s]\n", temp, error);
if(0 != memcmp(sign_s, base_sign_s, 32)) error = c_error[0];
else error = c_error[1];
bytes2hex(sign_s, 32, temp);
printf("generate sign_s = %s [%s]\n", temp, error);
if(0 != SM2_verify(px, py, za, base_message, sizeof(base_message), sign_r, sign_s))
{
printf("SM2_verify()==>error\n");
return -1;
}
if(0 != SM2_encrypt(px, py, base_data, 19, base_rand, cipher))
{
printf("SM2_encrypt()==>error\n");
return -1;
}
if(0 != memcmp(cipher, base_cipher, sizeof(cipher))) error = c_error[0];
else error = c_error[1];
bytes2hex(cipher, 32, temp);
printf("generate cipher = %s [%s]\n", temp, error);
bytes2hex(cipher+32, 32, temp);
printf(" %s\n", temp);
bytes2hex(cipher+64, 32, temp);
printf(" %s\n", temp);
bytes2hex(cipher+96, 19, temp); temp[38]='\0';
printf(" %s\n", temp);
if(0 != SM2_decrypt(privkey, cipher, sizeof(cipher), plain))
{
printf("SM2_decrypt()==>error\n");
return -1;
}
printf("test pass\n");
return 0;
}
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ touch Makefile
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ vim Makefile
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ cat Makefile
CC = gcc
CFLAGS = -Wall -O2
AR = ar
ARFLAGS = -cr
SRC = sm2.c sm3.c sms4.c sm2alg.c
OBJ = sm2.o sm3.o sms4.o sm2alg.o
LIB = libsm2alg.a
TEST = sm2_test
.PHONY: all
all: $(LIB) $(TEST)
.c.o:
$(CC) $(CFLAGS) -c $*.c -I. -I./miracl/ -o $*.o
$(LIB): $(OBJ)
$(AR) $(ARFLAGS) $@ $^
$(TEST): sm_test.o $(LIB)
$(CC) -o $@ $< -L. -lsm2alg -L./miracl/ -lmiracl
.PHONY: clean distclean
clean:
rm -rf *.o
distclean:
rm -rf *.o $(LIB) $(TEST)
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ make
==============================================================================
message = 6D65737361676520646967657374 [for test sign]
data = 656E6372797074696F6E207374616E64617264 [for test enc]
privkey = 3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8
pubx = 09F9DF311E5421A150DD7D161E4BC5C672179FAD1833FC076BB08FF356F35020
puby = CCEA490CE26775A52DC6EA718CC1AA600AED05FBF35E084A6632F6072DA9AD13
rand = 59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21
ZA = B2E14C5C79C6DF5B85F4FE7ED8DB7A262B9DA7E07CCB0EA9F4747B8CCDA8A4F3
sign_R = F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3
sign_S = B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA
cipher = 04EBFC718E8D1798620432268E77FEB6415E2EDE0E073C0F4F640ECD2E149A73
E858F9D81E5430A57B36DAAB8F950A3C64E6EE6A63094D99283AFF767E124DF0
59983C18F809E262923C53AEC295D30383B54E39D609D160AFCB1908D0BD8766
21886CA989CA9C7D58087307CA93092D651EFA
==============================================================================
generate privkey = 3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8 [pass]
generate pubx = 09F9DF311E5421A150DD7D161E4BC5C672179FAD1833FC076BB08FF356F35020 [pass]
generate puby = CCEA490CE26775A52DC6EA718CC1AA600AED05FBF35E084A6632F6072DA9AD13 [pass]
generate ZA = B2E14C5C79C6DF5B85F4FE7ED8DB7A262B9DA7E07CCB0EA9F4747B8CCDA8A4F3 [pass]
generate sign_r = F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3 [pass]
generate sign_s = B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA [pass]
generate cipher = 04EBFC718E8D1798620432268E77FEB6415E2EDE0E073C0F4F640ECD2E149A73 [pass]
E858F9D81E5430A57B36DAAB8F950A3C64E6EE6A63094D99283AFF767E124DF0
59983C18F809E262923C53AEC295D30383B54E39D609D160AFCB1908D0BD8766
21886CA989CA9C7D58087307CA93092D651EFA
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ touch sm2_verify.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ vim sm2_verify.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ cat sm2_verify.c
#include <stdio.h>
#include "sm2alg.h"
int main(int argc, char* argv[])
{
if(SM2_enc_selftest() == 0)puts("ENC PASSED");
if(SM2_sign_selftest() == 0)puts("SIGN PASSED");
if(SM2_standard_keyex_selftest() == 0)puts("EX PASSED");
return 0;
}
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ gcc -o sm2_verify sm2_verify.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ ./sm2_verify
ENC PASSED
SIGN PASSED
EX PASSED
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ git add sm2.h sm2.c sm_test.c Makefile sm2_verify.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM2_Source_code_verification$ git commit -m "SM2 Source_code_verification"
[master 5d54636] SM2 Source_code_verification
5 files changed, 364 insertions(+)
create mode 100755 20221320fengtairui/SM2_Source_code_verification/sm2.h
create mode 100644 20221320fengtairui/SM2_Source_code_verification/sm2.c
create mode 100644 20221320fengtairui/SM2_Source_code_verification/sm_test.c
create mode 100644 20221320fengtairui/SM2_Source_code_verification/Makefile
create mode 100644 20221320fengtairui/SM2_Source_code_verification/sm2_verify.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ git log
commit 5d546369cef96943e03f169426a0a77aeb6b1eff (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 31 21:53:46 2024 +0800
SM2 Source_code_verification
SM3
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ touch SM3.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ vim SM3.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ cat SM3.c
#include "SM3.h"
#include <stdio.h>
#include <string.h> // 为了使用memcpy函数
int main() {
unsigned char message[] = "20221320fengtairui";
unsigned char hash[32]; // SM3 的输出是 256 位,即 32 字节
SM3_256(message, strlen((char *)message), hash);
printf("SM3 Hash: ");
for (int i = 0; i < 32; i++) {
printf("%02x", hash[i]);
}
printf("\n");
return 0;
}
void BiToW(unsigned int Bi[], unsigned int W[])
{
int i;
unsigned int tmp;
for(i=0;i<=15;i++)
{
W[i]=Bi[i];
}
for(i=16;i<=67;i++)
{
tmp=W[i-16]
^ W[i-9]
^ SM3_rotl32(W[i-3],15);
W[i]=SM3_p1(tmp)
^ (SM3_rotl32(W[i-13],7))
^ W[i-6];
}
}
void WToW1(unsigned int W[], unsigned int W1[])
{
int i;
for(i=0;i<=63;i++)
{
W1[i]=W[i]^W[i+4];
}
}
void CF(unsigned int W[], unsigned int W1[], unsigned int V[])
{
unsigned int SS1;
unsigned int SS2;
unsigned int TT1;
unsigned int TT2;
unsigned int A,B,C,D,E,F,G,H;
unsigned int T=SM3_T1;
unsigned int FF;
unsigned int GG;
int j;
//reg init,set ABCDEFGH=V0
A=V[0];
B=V[1];
C=V[2];
D=V[3];
E=V[4];
F=V[5];
G=V[6];
H=V[7];
for(j=0;j<=63;j++)
{
//SS1
if(j==0)
{
T=SM3_T1;
}
else if(j==16)
{
T=SM3_rotl32(SM3_T2,16);
}
else
{
T=SM3_rotl32(T,1);
}
SS1=SM3_rotl32((SM3_rotl32(A,12)+E+T),7);
//SS2
SS2=SS1^SM3_rotl32(A,12);
//TT1
if(j<=15)
{
FF=SM3_ff0(A,B,C);
}
else
{
FF=SM3_ff1(A,B,C);
}
TT1=FF+D+SS2+*W1;
W1++;
//TT2
if(j<=15)
{
GG=SM3_gg0(E,F,G);
}
else
{
GG=SM3_gg1(E,F,G);
}
TT2=GG+H+SS1+*W;
W++;
//D
D=C;
//C
C=SM3_rotl32(B,9);
//B
B=A;
//A
A=TT1;
//H
H=G; //G
G=SM3_rotl32(F,19);
//F
F=E;
//E
E=SM3_p0(TT2);
}
//update V
V[0]=A^V[0];
V[1]=B^V[1];
V[2]=C^V[2];
V[3]=D^V[3];
V[4]=E^V[4];
V[5]=F^V[5];
V[6]=G^V[6];
V[7]=H^V[7];
}
void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[])
{
unsigned char tmp = 0;
unsigned int i = 0;
for(i=0; i<bytelen/4; i++)
{
tmp = des[4*i]; des[4*i] = src[4*i+3];
src[4*i+3] = tmp;
tmp = des[4*i+1];
des[4*i+1] = src[4*i+2];
src[4*i+2] = tmp;
}
}
void SM3_init(SM3_STATE *md)
{
md->curlen = md->length = 0;
md->state[0] = SM3_IVA;
md->state[1] = SM3_IVB;
md->state[2] = SM3_IVC;
md->state[3] = SM3_IVD;
md->state[4] = SM3_IVE;
md->state[5] = SM3_IVF;
md->state[6] = SM3_IVG;
md->state[7] = SM3_IVH;
}
void SM3_compress(SM3_STATE * md)
{
unsigned int W[68];
unsigned int W1[64];
//if CPU uses little-endian, BigEndian function is a necessary call
BigEndian(md->buf, 64, md->buf);
BiToW((unsigned int *)md->buf,W);
WToW1(W,W1);
CF(W, W1, md->state);
}
void SM3_process(SM3_STATE * md, unsigned char *buf, int len)
{
while (len--)
{
/* copy byte */
md->buf[md->curlen] = *buf++;
md->curlen++;
/* is 64 bytes full? */
if (md->curlen == 64)
{
SM3_compress(md);
md->length += 512;
md->curlen = 0;
}
}
}
void SM3_done(SM3_STATE *md, unsigned char hash[])
{
int i;
unsigned char tmp = 0;
/* increase the bit length of the message */
md->length += md->curlen << 3;
/* append the '1' bit */
md->buf[md->curlen] = 0x80;
md->curlen++;
/* if the length is currently above 56 bytes, appends zeros till
it reaches 64 bytes, compress the current block, create a new
block by appending zeros and length, and then compress it
*/
if (md->curlen > 56)
{
for (; md->curlen < 64;)
{
md->buf[md->curlen] = 0;
md->curlen++;
}
SM3_compress(md);
md->curlen = 0;
}
/* if the length is less than 56 bytes, pad up to 56 bytes of zeroes */
for (; md->curlen < 56;)
{
md->buf[md->curlen] = 0;
md->curlen++;
}
/* since all messages are under 2^32 bits we mark the top bits zero */
for (i = 56; i < 60; i++)
{
md->buf[i] = 0;
}
/* append length */
md->buf[63] = md->length & 0xff;
md->buf[62] = (md->length >> 8) & 0xff;
md->buf[61] = (md->length >> 16) & 0xff;
md->buf[60] = (md->length >> 24) & 0xff;
SM3_compress(md);
/* copy output */
memcpy(hash,md->state,SM3_len/8);
BigEndian(hash,SM3_len/8,hash); //if CPU uses little-endian, BigEndian function is a necessary call
}
void SM3_256(unsigned char buf[], int len, unsigned char hash[])
{
SM3_STATE md;
SM3_init(&md);
SM3_process(&md, buf, len);
SM3_done(&md, hash);
}
int SM3_SelfTest()
{
unsigned int i=0,a=1,b=1;
unsigned char Msg1[3]={0x61,0x62,0x63};
int MsgLen1=3;
unsigned char MsgHash1[32]={0};
unsigned char StdHash1[32]={0x66,0xC7,0xF0,0xF4,0x62,0xEE,0xED,0xD9,0xD1,0xF2,0xD4,0x6B,0xDC,0x10,0xE4,0xE2,0x41,0x67,0xC4,0x87,0x5C,0xF2,0xF7,0xA2,0x29,0x7D,0xA0,0x2B,0x8F,0x4B,0xA8,0xE0};
unsigned char Msg2[64]={0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,
0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64,0x61,0x62,0x63,0x64};
int MsgLen2=64;
unsigned char MsgHash2[32]={0};
unsigned char StdHash2[32]={0xde,0xbe,0x9f,0xf9,0x22,0x75,0xb8,0xa1,0x38,0x60,0x48,0x89,0xc1,0x8e,0x5a,0x4d,
0x6f,0xdb,0x70,0xe5,0x38,0x7e,0x57,0x65,0x29,0x3d,0xcb,0xa3,0x9c,0x0c,0x57,0x32};
SM3_256(Msg1,MsgLen1,MsgHash1);
SM3_256(Msg2,MsgLen2,MsgHash2);
a=memcmp(MsgHash1,StdHash1,SM3_len/8);
b=memcmp(MsgHash2,StdHash2,SM3_len/8);
if ((a==0) && (b==0))
{
return 0;
}
else
{
return 1;
}
}
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ touch SM3.h
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ vim SM3.h
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ cat SM3.h
#include <string.h>
#define SM3_len 256
#define SM3_T1 0x79CC4519
#define SM3_T2 0x7A879D8A
#define SM3_IVA 0x7380166f
#define SM3_IVB 0x4914b2b9
#define SM3_IVC 0x172442d7
#define SM3_IVD 0xda8a0600
#define SM3_IVE 0xa96f30bc
#define SM3_IVF 0x163138aa
#define SM3_IVG 0xe38dee4d
#define SM3_IVH 0xb0fb0e4e
/* Various logical functions */
#define SM3_p1(x) (x^SM3_rotl32(x,15)^SM3_rotl32(x,23))
#define SM3_p0(x) (x^SM3_rotl32(x,9)^SM3_rotl32(x,17))
#define SM3_ff0(a,b,c) (a^b^c)
#define SM3_ff1(a,b,c) ((a&b)|(a&c)|(b&c))
#define SM3_gg0(e,f,g) (e^f^g)
#define SM3_gg1(e,f,g) ((e&f)|((~e)&g))
#define SM3_rotl32(x,n) ((((unsigned int) x) << n) | (((unsigned int) x) >> (32 - n)))
#define SM3_rotr32(x,n) ((((unsigned int) x) >> n) | (((unsigned int) x) << (32 - n)))
typedef struct {
unsigned int state[8];
unsigned int length;
unsigned int curlen;
unsigned char buf[64];
} SM3_STATE;
void BiToWj(unsigned int Bi[], unsigned int Wj[]);
void WjToWj1(unsigned int Wj[], unsigned int Wj1[]);
void CF(unsigned int Wj[], unsigned int Wj1[], unsigned int V[]);
void BigEndian(unsigned char src[], unsigned int bytelen, unsigned char des[]);
void SM3_init(SM3_STATE *md);
void SM3_compress(SM3_STATE * md);
void SM3_process(SM3_STATE * md, unsigned char buf[], int len);
void SM3_done(SM3_STATE *md, unsigned char *hash);
void SM3_256(unsigned char buf[], int len, unsigned char hash[]);
int SM3_SelfTest();
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ gcc -o SM3 SM3.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ ./SM3
SM3 Hash: d6725faa6d55509ede6d2ad9689a906c52daf759dd4bbe5df407565786bc4f66
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ echo -n "20221320fengtairui" | gmssl sm3
d6725faa6d55509ede6d2ad9689a906c52daf759dd4bbe5df407565786bc4f66
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ git add SM3.c SM3.h SM3
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ git commit -m "SM3 Source_code_verification"
[master 5d54636] SM3 Source_code_verification
3 files changed, 305 insertions(+)
create mode 100755 20221320fengtairui/SM3_Source_code_verification/SM3
create mode 100644 20221320fengtairui/SM3_Source_code_verification/SM3.c
create mode 100644 20221320fengtairui/SM3_Source_code_verification/SM3.h
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM3_Source_code_verification$ git log
commit 5d546369cef96943e03f169426a0a77aeb6b1eff (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 27 11:51:26 2024 +0800
SM3 Source_code_verification
SM4
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$
touch SM4.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$
vim SM4.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$
cat SM4.c
#include "SM4.h"
#include <stdio.h>
// 密钥扩展函数
void SM4_KeySchedule(unsigned char MK[], unsigned int rk[]) {
unsigned int tmp, buf, K[36];
int i;
for (i = 0; i < 4; i++) {
K[i] = SM4_FK[i] ^ ((MK[4 * i] << 24) | (MK[4 * i + 1] << 16) | (MK[4 * i + 2] << 8) | (MK[4 * i + 3]));
}
for (i = 0; i < 32; i++) {
tmp = K[i + 1] ^ K[i + 2] ^ K[i + 3] ^ SM4_CK[i];
// 非线性变换
buf = (SM4_Sbox[(tmp >> 24) & 0xFF]) << 24 | (SM4_Sbox[(tmp >> 16) & 0xFF]) << 16 |
(SM4_Sbox[(tmp >> 8) & 0xFF]) << 8 | (SM4_Sbox[tmp & 0xFF]);
// 线性变换
K[i + 4] = K[i] ^ ((buf) ^ (SM4_Rotl32((buf), 13)) ^ (SM4_Rotl32((buf), 23)));
rk[i] = K[i + 4];
}
}
// 加密函数
void SM4_Encrypt(unsigned char MK[], unsigned char PlainText[], unsigned char CipherText[]) {
unsigned int rk[32], X[36], tmp, buf;
int i, j;
SM4_KeySchedule(MK, rk);
for (j = 0; j < 4; j++) {
X[j] = (PlainText[j * 4] << 24) | (PlainText[j * 4 + 1] << 16) | (PlainText[j * 4 + 2] << 8) | (PlainText[j * 4 + 3]);
}
for (i = 0; i < 32; i++) {
tmp = X[i + 1] ^ X[i + 2] ^ X[i + 3] ^ rk[i];
// 非线性变换
buf = (SM4_Sbox[(tmp >> 24) & 0xFF]) << 24 | (SM4_Sbox[(tmp >> 16) & 0xFF]) << 16 |
(SM4_Sbox[(tmp >> 8) & 0xFF]) << 8 | (SM4_Sbox[tmp & 0xFF]);
// 线性变换
X[i + 4] = X[i] ^ (buf ^ SM4_Rotl32((buf), 2) ^ SM4_Rotl32((buf), 10) ^
SM4_Rotl32((buf), 18) ^ SM4_Rotl32((buf), 24));
}
for (j = 0; j < 4; j++) {
CipherText[4 * j] = (X[35 - j] >> 24) & 0xFF;
CipherText[4 * j + 1] = (X[35 - j] >> 16) & 0xFF;
CipherText[4 * j + 2] = (X[35 - j] >> 8) & 0xFF;
CipherText[4 * j + 3] = (X[35 - j]) & 0xFF;
}
}
// 解密函数
void SM4_Decrypt(unsigned char MK[], unsigned char CipherText[], unsigned char PlainText[]) {
unsigned int rk[32], X[36], tmp, buf;
int i, j;
SM4_KeySchedule(MK, rk);
for (j = 0; j < 4; j++) {
X[j] = (CipherText[j * 4] << 24) | (CipherText[j * 4 + 1] << 16) | (CipherText[j * 4 + 2] << 8) | (CipherText[j * 4 + 3]);
}
for (i = 0; i < 32; i++) {
tmp = X[i + 1] ^ X[i + 2] ^ X[i + 3] ^ rk[31 - i];
// 非线性变换
buf = (SM4_Sbox[(tmp >> 24) & 0xFF]) << 24 | (SM4_Sbox[(tmp >> 16) & 0xFF]) << 16 |
(SM4_Sbox[(tmp >> 8) & 0xFF]) << 8 | (SM4_Sbox[tmp & 0xFF]);
// 线性变换
X[i + 4] = X[i] ^ (buf ^ SM4_Rotl32((buf), 2) ^ SM4_Rotl32((buf), 10) ^
SM4_Rotl32((buf), 18) ^ SM4_Rotl32((buf), 24));
}
for (j = 0; j < 4; j++) {
PlainText[4 * j] = (X[35 - j] >> 24) & 0xFF;
PlainText[4 * j + 1] = (X[35 - j] >> 16) & 0xFF;
PlainText[4 * j + 2] = (X[35 - j] >> 8) & 0xFF;
PlainText[4 * j + 3] = (X[35 - j]) & 0xFF;
}
}
// 自检查函数
int SM4_SelfCheck() {
int i;
// 标准数据
unsigned char key[16] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
unsigned char plain[16] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
unsigned char cipher[16] = {0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e, 0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46};
unsigned char En_output[16];
unsigned char De_output[16];
SM4_Encrypt(key, plain, En_output);
SM4_Decrypt(key, cipher, De_output);
for (i = 0; i < 16; i++) {
if ((En_output[i]!= cipher[i]) | (De_output[i]!= plain[i])) {
return 1;
}
}
return 0;
}
int main() {
// 测试密钥
unsigned char key[16] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
// 测试明文
unsigned char plaintext[16] = {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
unsigned char ciphertext[16];
unsigned char decryptedtext[16];
// 加密
SM4_Encrypt(key, plaintext, ciphertext);
printf("加密后的密文: ");
for (int i = 0; i < 16; i++) {
printf("%02x ", ciphertext[i]);
}
printf("\n");
// 解密
SM4_Decrypt(key, ciphertext, decryptedtext);
printf("解密后的明文: ");
for (int i = 0; i < 16; i++) {
printf("%02x ", decryptedtext[i]);
}
printf("\n");
// 自检查
if (SM4_SelfCheck() == 0) {
printf("自检查通过\n");
} else {
printf("自检查失败\n");
}
return 0;
}
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$
touch SM4.h
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$
vim SM4.h
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$
cat SM4.h
#ifndef SM4_H
#define SM4_H
#include <stdio.h>
// 循环左移n位
#define SM4_Rotl32(buf, n) (((buf) << n) | ((buf) >> (32 - n)))
// 固定参数CK
unsigned int SM4_CK[32] = {
0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269,
0x70777e85, 0x8c939aa1, 0xa8afb6bd, 0xc4cbd2d9,
0xe0e7eef5, 0xfc030a11, 0x181f262d, 0x343b4249,
0x50575e65, 0x6c737a81, 0x888f969d, 0xa4abb2b9,
0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d, 0x141b2229,
0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299,
0xa0a7aeb5, 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209,
0x10171e25, 0x2c333a41, 0x484f565d, 0x646b7279
};
// S盒
unsigned char SM4_Sbox[256] = {
0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7, 0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05,
0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3, 0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99,
0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a, 0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62,
0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95, 0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6,
0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba, 0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8,
0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b, 0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35,
0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2, 0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87,
0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52, 0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e,
0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5, 0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1,
0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55, 0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3,
0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60, 0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f,
0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f, 0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51,
0x8d, 0x1b, 0xaf, 0x92, 0xbb, 0xdd, 0xbc, 0x7f, 0x11, 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, 0xd8,
0x0a, 0xc1, 0x31, 0x88, 0xa5, 0xcd, 0x7b, 0xbd, 0x2d, 0x74, 0xd0, 0x12, 0xb8, 0xe5, 0xb4, 0xb0,
0x89, 0x69, 0x97, 0x4a, 0x0c, 0x96, 0x77, 0x7e, 0x65, 0xb9, 0xf1, 0x09, 0xc5, 0x6e, 0xc6, 0x84,
0x18, 0xf0, 0x7d, 0xec, 0x3a, 0xdc, 0x4d, 0x20, 0x79, 0xee, 0x5f, 0x3e, 0xd7, 0xcb, 0x39, 0x48
};
// 固定参数FK
unsigned int SM4_FK[4] = {0xA3B1BAC6, 0x56AA3350, 0x677D9197, 0xB27022DC};
// 密钥扩展函数声明
void SM4_KeySchedule(unsigned char MK[], unsigned int rk[]);
// 加密函数声明
void SM4_Encrypt(unsigned char MK[], unsigned char PlainText[], unsigned char CipherText[]);
// 解密函数声明
void SM4_Decrypt(unsigned char MK[], unsigned char CipherText[], unsigned char PlainText[]);
// 自检查函数声明
int SM4_SelfCheck();
#endif
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ gcc -o SM4 SM4.c
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ ./SM4
加密后的密文: 68 1e df 34 d2 06 96 5e 86 b3 e9 4f 53 6e 42 46
解密后的明文: 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10
自检查通过
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ echo -n -e "\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10" > plain.bin
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ cat plain.bin
#Eg�1�7�1�7�1�7�1�7�1�7�1�4�1�7vT2
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$gmssl rand -outlen 16 -out key.bin
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ od -tx1 key.bin
0000000 0a 16 d6 8b c4 9c 8b 0e e8 b5 97 40 15 34 20 95
0000020
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ echo -n -e "\x01\x23\x45\x67\x89\xab\xcd\xef\xfe\xdc\xba\x98\x76\x54\x32\x10" | gmssl sm4_ecb -encrypt -key $(xxd -p key.bin) -out encrypted_data.ecb
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ cat encrypted_data.ecb
�1�7�1�7,9�1�7�1�7�1�7�1�7\�0�6G
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ gmssl sm4_ecb -decrypt -in encrypted_data.ecb -out decrypted_data.bin -key $(xxd -p key.bin)
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ cat decrypted_data.bin
#Eg�1�7�1�7�1�7�1�7�1�7�1�4�1�7vT2
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ cat plain.bin
#Eg�1�7�1�7�1�7�1�7�1�7�1�4�1�7vT2
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ git add decrypted_data.bin encrypted_data.ecb key.bin plain.bin SM4 SM4.c SM4.h
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ git commit -m "SM4 Source code verification"
[master fe5bc61] SM4 Source code verification
7 files changed, 185 insertions(+)
create mode 100755 20221320fengtairui/SM4_Source_code_verification/SM4
create mode 100644 20221320fengtairui/SM4_Source_code_verification/SM4.c
create mode 100644 20221320fengtairui/SM4_Source_code_verification/SM4.h
create mode 100644 20221320fengtairui/SM4_Source_code_verification/decrypted_data.bin
create mode 100644 20221320fengtairui/SM4_Source_code_verification/encrypted_data.ecb
create mode 100644 20221320fengtairui/SM4_Source_code_verification/key.bin
create mode 100644 20221320fengtairui/SM4_Source_code_verification/plain.bin
fengtairui@fengtairui-virtual-machine:~/20221320fengtairui/SM4_Source_code_verification$ git log
commit fe5bc615f43795dca5beb4f44155da480364b2a4 (HEAD -> master)
Author: fengtairui <1978274655@qq.com>
Date: Sun Oct 27 21:31:24 2024 +0800
SM4 Source code verification
二、在密标委网站http://www.gmbz.org.cn/main/bzlb.html查找SM2,SM3,SM4相关标准,分析代码实现与标准的对应关系。
SM2
数字签名
SM2算法标准概述:
SM2是中国国家密码管理局发布的公钥密码标准,基于椭圆曲线密码体系(ECC)。SM2算法主要用于密钥交换、加密、解密和数字签名等。数字签名部分包括签名生成和签名验证两个主要步骤。
代码分析:
代码实现了SM2数字签名算法的签名生成(SM2_Sign)和签名验证(SM2_Verify)功能。以下是代码的关键部分与SM2算法标准的对应关系:
- 初始化(SM2_Init):
- 初始化SM2曲线所需的参数,包括基点G、曲线参数a、b、素数p和阶n。
- 对应SM2算法标准中的参数初始化步骤。
- 签名生成(SM2_Sign):
- 包括生成随机数k、计算kG、计算r和s值等步骤。
- 对应SM2算法标准中签名生成的步骤,其中r是kG的x坐标模n,s是((e + r * dA) * (k^-1)) mod n。
- 签名验证(SM2_Verify):
- 包括验证r和s值是否在[1, n-1]范围内、计算t、验证(x1, y1)点是否在曲线上等步骤。
- 对应SM2算法标准中签名验证的步骤,其中t = (r + s) mod n,验证(x1, y1) = sG + tPA是否等于e。
- 自检查(SM2_SelfCheck):
- 使用标准测试向量来验证实现的正确性。
- 对应SM2算法标准的自测试步骤,确保算法实现符合预期的标准。
- 辅助函数:
- 包括点的验证(Test_Point)、公钥的验证(Test_PubKey)、范围验证(Test_Range)等。
- 这些函数用于确保签名过程中使用的点和值符合SM2算法的要求。
代码与标准差异
- 实现细节:代码中可能包含了一些实现细节,如错误码定义、内存分配和释放等,这些在标准文档中通常不会详细描述。
- 性能优化:代码可能进行了一些性能优化,如循环展开、使用特定的数学库等,这些优化不会改变算法的本质,但可能会影响算法的效率。
结论:
代码实现了SM2数字签名算法的主要功能,包括初始化、签名生成、签名验证和自检查。这些功能与SM2算法的标准描述相匹配。
密钥协商
由于我无法直接访问外部网页,包括您提供的网址,我将基于SM2密钥协商协议的公开知识来分析代码实现与SM2密钥协商标准之间的对应关系。
SM2密钥协商标准概述:
SM2密钥协商协议是基于椭圆曲线密码学(ECC)的一种密钥交换协议。它允许两方在不安全的通道上协商出一个共享的密钥。该协议的主要步骤包括:
- 双方分别生成自己的临时公私钥对。
- 双方交换临时公钥。
- 各自使用对方的临时公钥和自己的私钥计算共享密钥。
- (可选)双方可以计算一个验证值,以确保密钥协商的一致性。
代码分析:
代码实现了SM2密钥协商协议的以下功能:
-
SM2_Init:
- 初始化SM2曲线所需的参数,包括基点G、曲线参数a、b、素数p和阶n。
- 对应SM2密钥协商标准中的参数初始化步骤。
-
SM2_KeyEx_Init_I 和 SM2_KeyEx_Init_II:
- 分别对应协议中的步骤A1到A3和步骤A4到A10,其中一方(初始化者A)生成一个随机数ra,并计算点RA,然后使用RA和RB计算共享密钥。
- 对应SM2密钥协商标准中的临时公钥的生成和共享密钥的计算步骤。
-
SM2_KeyEx_Re_I 和 SM2_KeyEx_Re_II:
- 分别对应协议中的步骤B1到B9和步骤B10(可选),另一方(响应者B)生成RB,并使用RA和RB计算共享密钥,然后可选地验证由初始化者A计算的哈希值。
- 对应SM2密钥协商标准中的临时公钥的生成和共享密钥的计算步骤,以及可选的验证步骤。
-
SM2_W:
- 计算w值,这是SM2密钥协商协议中的一个步骤,用于计算共享密钥的长度。
- 对应SM2密钥协商标准中的密钥长度计算步骤。
-
SM3_Z:
- 计算ZA或ZB,这是SM2密钥协商协议中的一个步骤,用于生成用于密钥派生的哈希值。
- 对应SM2密钥协商标准中的密钥派生哈希值的计算步骤。
-
Test_Point 和 Test_PubKey:
- 用于验证给定的点是否在SM2曲线上,以及给定的公钥是否有效。
- 对应SM2密钥协商标准中的公钥验证步骤。
-
SM2_KeyGeneration:
- 根据给定的私钥计算公钥。
- 对应SM2密钥协商标准中的公钥生成步骤。
代码与标准差异
- 实现细节:代码中可能包含了一些实现细节,如错误码定义、内存分配和释放等,这些在标准文档中通常不会详细描述。
- 性能优化:代码可能进行了一些性能优化,如循环展开、使用特定的数学库等,这些优化不会改变算法的本质,但可能会影响算法的效率。
结论:
代码实现了SM2密钥协商协议的主要功能,包括初始化、临时公钥的生成、共享密钥的计算、公钥验证和密钥派生。这些功能与SM2密钥协商标准描述相匹配。
加密解密
SM2加密解密算法标准概述:
SM2是一种基于椭圆曲线密码学的公钥加密算法,由中国国家密码管理局发布。它包括密钥生成、加密和解密等过程。SM2加密过程通常包括以下步骤:
- 密钥生成:生成一对公私钥。
- 加密:使用接收方的公钥加密消息。
- 解密:使用私钥解密消息。
代码分析:
代码实现了SM2加密解密算法的以下功能:
-
SM2_Init:
- 初始化SM2曲线所需的参数,包括基点G、曲线参数a、b、素数p和阶n。
- 对应SM2标准中的参数初始化步骤。
-
SM2_KeyGeneration:
- 根据给定的私钥计算公钥。
- 对应SM2标准中的密钥生成步骤。
-
SM2_Encrypt:
- 实现SM2加密过程,包括计算C1=[k]G,C3=hash(x2, M, y2),以及使用KDF生成密钥流来加密消息M得到C2。
- 对应SM2标准中的加密步骤,其中使用了SM3哈希函数和KDF密钥派生函数。
-
SM2_Decrypt:
- 实现SM2解密过程,包括验证C1点是否在曲线上,计算S=[h]C1,使用私钥dB计算[x2, y2],使用KDF生成密钥流来解密C2得到M,以及验证C3是否匹配。
- 对应SM2标准中的解密步骤,其中同样使用了SM3哈希函数和KDF密钥派生函数。
-
SM2_ENC_SelfTest:
- 自测试功能,用于验证加密和解密过程是否正确。
- 对应SM2标准中的自测试步骤,确保实现的正确性。
-
辅助函数:
- 包括点的验证(Test_Point)、公钥的验证(Test_PubKey)、判断数组是否全零(Test_Null)等。
- 这些函数用于确保加密和解密过程中使用的点和值符合SM2算法的要求。
代码与标准差异
- 实现细节:代码中可能包含了一些实现细节,如错误码定义、内存分配和释放等,这些在标准文档中通常不会详细描述。
- 性能优化:代码可能进行了一些性能优化,如循环展开、使用特定的数学库等,这些优化不会改变算法的本质,但可能会影响算法的效率。
结论:
代码实现了SM2加密解密算法的主要功能,包括密钥生成、加密、解密和自测试。这些功能与SM2算法的标准描述相匹配。
SM3
SM3算法标准概述:
SM3是中国国家密码管理局发布的密码散列函数标准,主要用于生成消息的摘要。SM3算法的输出是256位(32字节),设计上具有抗碰撞性,即很难找到两个不同的消息,它们具有相同的SM3散列值。
SM3算法的主要步骤包括:
- 初始化状态变量。
- 消息填充和处理。
- 消息扩展。
- 压缩函数。
- 输出散列值。
代码分析:
代码实现了SM3算法的散列计算过程。以下是代码的关键部分与SM3算法标准的对应关系:
-
初始化(SM3_init):
- 初始化状态变量
md->state
,这些变量将存储算法的中间状态。 - 对应SM3算法的初始化步骤,其中状态变量被设置为初始值。
- 初始化状态变量
-
消息扩展(BiToW):
- 将512位的消息块扩展到512+512位,这是通过一系列操作完成的,包括与之前消息块的某些字的异或、旋转和加法。
- 对应SM3算法的消息扩展步骤,其中消息被扩展以供算法使用。
-
压缩函数(CF):
- 压缩函数是SM3算法的核心,它包括消息调度、函数F和G的定义、以及状态更新。
- 对应SM3算法的压缩步骤,其中使用一系列复杂的操作更新状态变量。
-
消息填充和处理(SM3_process):
- 处理输入消息,当累积到512位时,调用压缩函数处理这些消息。
- 对应SM3算法的消息填充和处理步骤,确保消息以正确的块大小进行处理。
-
最终散列计算(SM3_done):
- 完成消息处理后,进行最后的散列计算,包括添加消息长度和状态更新。
- 对应SM3算法的最终散列计算步骤,生成最终的256位散列值。
-
自测试(SM3_SelfTest):
- 使用标准测试向量来验证实现的正确性。
- 对应SM3算法的自测试步骤,确保算法实现符合预期的标准。
代码与标准差异
- 字节序: 代码中使用了
BigEndian
函数来确保使用大端字节序,而标准中未明确指定字节序。 - 循环展开: 代码中 CF 函数的循环进行了展开,而标准中未进行展开。
结论:
代码实现了SM3算法的主要功能,包括初始化、消息扩展、压缩函数、消息填充和处理,以及最终散列计算。这些功能与SM3算法的标准描述相匹配。
SM4
SM4算法标准概述:
SM4算法是中国国家密码管理局发布的商用分组密码算法标准,其设计基于Feistel结构,使用128位的分组大小和128位的密钥长度。SM4算法的主要步骤包括密钥扩展、轮函数应用、线性变换和非线性变换等。
代码分析:
代码实现了SM4算法的密钥扩展、加密和解密功能。以下是代码的关键部分与SM4算法标准的对应关系:
-
密钥扩展(SM4_KeySchedule):
- 代码中的密钥扩展函数
SM4_KeySchedule
负责从原始密钥生成32轮的轮密钥。 - 这与SM4算法标准中描述的密钥扩展过程相对应,其中包括与固定参数的异或操作、非线性变换和线性变换。
- 代码中的密钥扩展函数
-
加密函数(SM4_Encrypt):
- 加密函数
SM4_Encrypt
实现了SM4算法的加密过程,包括轮密钥的加、非线性变换(S盒替换)和线性变换(旋转和异或操作)。 - 这与SM4算法标准中的加密过程相匹配,其中每一轮都应用相同的操作序列。
- 加密函数
-
解密函数(SM4_Decrypt):
- 解密函数
SM4_Decrypt
实现了SM4算法的解密过程,与加密过程类似,但轮密钥的应用顺序相反。 - 这与SM4算法标准中的解密过程相匹配,解密过程是加密过程的逆过程。
- 解密函数
-
自检查函数(SM4_SelfCheck):
- 自检查函数用于验证实现的正确性,通过加密和解密标准数据来检查结果是否符合预期。
- 这与算法标准中的测试向量验证过程相对应,确保实现符合预期的安全性能。
结论:
代码实现了SM4算法的核心功能,包括密钥扩展、加密、解密和自检查,与SM4算法的标准描述相匹配。
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步