1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11
12 #include <stdio.h>
13 #include <string.h>
14 #include <assert.h>
15 #include <gmssl/sm2.h>
16 #include <gmssl/asn1.h>
17 #include <gmssl/rand.h>
18 #include <gmssl/error.h>
19 #include <gmssl/endian.h>
20
21
22 #define sm2_print_bn(label,a) sm2_bn_print(stderr,0,0,label,a) // 这个不应该放在这里,应该放在测试文件中
23
24
25
26 const SM2_BN SM2_P = {
27 0xffffffff, 0xffffffff, 0x00000000, 0xffffffff,
28 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe,
29 };
30
31 const SM2_BN SM2_B = {
32 0x4d940e93, 0xddbcbd41, 0x15ab8f92, 0xf39789f5,
33 0xcf6509a7, 0x4d5a9e4b, 0x9d9f5e34, 0x28e9fa9e,
34 };
35
36 const SM2_JACOBIAN_POINT _SM2_G = {
37 {
38 0x334c74c7, 0x715a4589, 0xf2660be1, 0x8fe30bbf,
39 0x6a39c994, 0x5f990446, 0x1f198119, 0x32c4ae2c,
40 },
41 {
42 0x2139f0a0, 0x02df32e5, 0xc62a4740, 0xd0a9877c,
43 0x6b692153, 0x59bdcee3, 0xf4f6779c, 0xbc3736a2,
44 },
45 {
46 1, 0, 0, 0, 0, 0, 0, 0,
47 },
48 };
49 const SM2_JACOBIAN_POINT *SM2_G = &_SM2_G;
50
51 const SM2_BN SM2_N = {
52 0x39d54123, 0x53bbf409, 0x21c6052b, 0x7203df6b,
53 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe,
54 };
55
56 // u = (p - 1)/4, u + 1 = (p + 1)/4
57 const SM2_BN SM2_U_PLUS_ONE = {
58 0x00000000, 0x40000000, 0xc0000000, 0xffffffff,
59 0xffffffff, 0xffffffff, 0xbfffffff, 0x3fffffff,
60 };
61
62 const SM2_BN SM2_ONE = {1,0,0,0,0,0,0,0};
63 const SM2_BN SM2_TWO = {2,0,0,0,0,0,0,0};
64 const SM2_BN SM2_THREE = {3,0,0,0,0,0,0,0};
65
66
67
sm2_bn_check(const SM2_BN a)68 int sm2_bn_check(const SM2_BN a)
69 {
70 int err = 0;
71 int i;
72 for (i = 0; i < 8; i++) {
73 if (a[i] > 0xffffffff) {
74 fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
75 err++;
76 }
77 }
78 if (err)
79 return -1;
80 else return 1;
81 }
82
sm2_bn_is_zero(const SM2_BN a)83 int sm2_bn_is_zero(const SM2_BN a)
84 {
85 int i;
86 for (i = 0; i < 8; i++) {
87 if (a[i] != 0)
88 return 0;
89 }
90 return 1;
91 }
92
sm2_bn_is_one(const SM2_BN a)93 int sm2_bn_is_one(const SM2_BN a)
94 {
95 int i;
96 if (a[0] != 1)
97 return 0;
98 for (i = 1; i < 8; i++) {
99 if (a[i] != 0)
100 return 0;
101 }
102 return 1;
103 }
104
sm2_bn_to_bytes(const SM2_BN a,uint8_t out[32])105 void sm2_bn_to_bytes(const SM2_BN a, uint8_t out[32])
106 {
107 int i;
108 uint8_t *p = out;
109
110 /*
111 fprintf(stderr, "sm2_bn_to_bytes:\n");
112 for (i = 0; i < 8; i++) {
113 fprintf(stderr, "%016lx ", a[i]);
114 }
115 fprintf(stderr, "\n");
116 */
117
118 for (i = 7; i >= 0; i--) {
119 uint32_t ai = (uint32_t)a[i];
120 PUTU32(out, ai);
121 out += sizeof(uint32_t);
122 }
123
124 /*
125 for (i = 0; i < 32; i++) {
126 fprintf(stderr, "%02X ", p[i]);
127 }
128 */
129
130 }
131
sm2_bn_from_bytes(SM2_BN r,const uint8_t in[32])132 void sm2_bn_from_bytes(SM2_BN r, const uint8_t in[32])
133 {
134 int i;
135 for (i = 7; i >= 0; i--) {
136 r[i] = GETU32(in);
137 in += sizeof(uint32_t);
138 }
139 }
140
hexchar2int(char c)141 static int hexchar2int(char c)
142 {
143 if ('0' <= c && c <= '9') return c - '0';
144 else if ('a' <= c && c <= 'f') return c - 'a' + 10;
145 else if ('A' <= c && c <= 'F') return c - 'A' + 10;
146 else return -1;
147 }
148
hex2bin(const char * in,size_t inlen,uint8_t * out)149 static int hex2bin(const char *in, size_t inlen, uint8_t *out)
150 {
151 int c;
152 if (inlen % 2)
153 return -1;
154
155 while (inlen) {
156 if ((c = hexchar2int(*in++)) < 0)
157 return -1;
158 *out = (uint8_t)c << 4;
159 if ((c = hexchar2int(*in++)) < 0)
160 return -1;
161 *out |= (uint8_t)c;
162 inlen -= 2;
163 out++;
164 }
165 return 1;
166 }
167
sm2_bn_to_hex(const SM2_BN a,char hex[64])168 void sm2_bn_to_hex(const SM2_BN a, char hex[64])
169 {
170 int i;
171 for (i = 7; i >= 0; i--) {
172 int len;
173 len = sprintf(hex, "%08x", (uint32_t)a[i]);
174 assert(len == 8);
175 hex += 8;
176 }
177 }
178
sm2_bn_from_hex(SM2_BN r,const char hex[64])179 int sm2_bn_from_hex(SM2_BN r, const char hex[64])
180 {
181 uint8_t buf[32];
182 if (hex2bin(hex, 64, buf) < 0)
183 return -1;
184 sm2_bn_from_bytes(r, buf);
185 return 1;
186 }
187
sm2_bn_from_asn1_integer(SM2_BN r,const uint8_t * d,size_t dlen)188 int sm2_bn_from_asn1_integer(SM2_BN r, const uint8_t *d, size_t dlen)
189 {
190 uint8_t buf[32] = {0};
191 if (!d || dlen == 0) {
192 error_print();
193 return -1;
194 }
195 if (dlen > sizeof(buf)) {
196 error_print();
197 return -1;
198 }
199 memcmp(buf + sizeof(buf) - dlen, d, dlen);
200 sm2_bn_from_bytes(r, buf);
201 return 1;
202 }
203
sm2_bn_print(FILE * fp,int fmt,int ind,const char * label,const SM2_BN a)204 int sm2_bn_print(FILE *fp, int fmt, int ind, const char *label, const SM2_BN a)
205 {
206 int ret = 0, i;
207 format_print(fp, fmt, ind, "%s: ", label);
208
209 for (i = 7; i >= 0; i--) {
210 if (a[i] >= ((uint64_t)1 << 32)) {
211 printf("bn_print check failed\n");
212 }
213 ret += fprintf(fp, "%08x", (uint32_t)a[i]);
214 }
215 ret += fprintf(fp, "\n");
216 return ret;
217 }
218
sm2_bn_to_bits(const SM2_BN a,char bits[256])219 void sm2_bn_to_bits(const SM2_BN a, char bits[256])
220 {
221 int i, j;
222 for (i = 7; i >= 0; i--) {
223 uint32_t w = a[i];
224 for (j = 0; j < 32; j++) {
225 *bits++ = (w & 0x80000000) ? '1' : '0';
226 w <<= 1;
227 }
228 }
229 }
230
sm2_bn_cmp(const SM2_BN a,const SM2_BN b)231 int sm2_bn_cmp(const SM2_BN a, const SM2_BN b)
232 {
233 int i;
234 for (i = 7; i >= 0; i--) {
235 if (a[i] > b[i])
236 return 1;
237 if (a[i] < b[i])
238 return -1;
239 }
240 return 0;
241 }
242
sm2_bn_equ_hex(const SM2_BN a,const char * hex)243 int sm2_bn_equ_hex(const SM2_BN a, const char *hex)
244 {
245 char buf[65] = {0};
246 char *p = buf;
247 int i;
248
249 for (i = 7; i >= 0; i--) {
250 sprintf(p, "%08x", (uint32_t)a[i]);
251 p += 8;
252 }
253 return (strcmp(buf, hex) == 0);
254 }
255
sm2_bn_is_odd(const SM2_BN a)256 int sm2_bn_is_odd(const SM2_BN a)
257 {
258 return a[0] & 0x01;
259 }
260
sm2_bn_set_word(SM2_BN r,uint32_t a)261 void sm2_bn_set_word(SM2_BN r, uint32_t a)
262 {
263 int i;
264 r[0] = a;
265 for (i = 1; i < 8; i++) {
266 r[i] = 0;
267 }
268 }
269
sm2_bn_add(SM2_BN r,const SM2_BN a,const SM2_BN b)270 void sm2_bn_add(SM2_BN r, const SM2_BN a, const SM2_BN b)
271 {
272 int i;
273 r[0] = a[0] + b[0];
274
275 for (i = 1; i < 8; i++) {
276 r[i] = a[i] + b[i] + (r[i-1] >> 32);
277 }
278 for (i = 0; i < 7; i++) {
279 r[i] &= 0xffffffff;
280 }
281 }
282
sm2_bn_sub(SM2_BN ret,const SM2_BN a,const SM2_BN b)283 void sm2_bn_sub(SM2_BN ret, const SM2_BN a, const SM2_BN b)
284 {
285 int i;
286 SM2_BN r;
287 r[0] = ((uint64_t)1 << 32) + a[0] - b[0];
288 for (i = 1; i < 7; i++) {
289 r[i] = 0xffffffff + a[i] - b[i] + (r[i - 1] >> 32);
290 r[i - 1] &= 0xffffffff;
291 }
292 r[i] = a[i] - b[i] + (r[i - 1] >> 32) - 1;
293 r[i - 1] &= 0xffffffff;
294 sm2_bn_copy(ret, r);
295 }
296
297 // FIXME: get random from outside
sm2_bn_rand_range(SM2_BN r,const SM2_BN range)298 void sm2_bn_rand_range(SM2_BN r, const SM2_BN range)
299 {
300 uint8_t buf[32];
301 do {
302 (void)rand_bytes(buf, sizeof(buf));
303 sm2_bn_from_bytes(r, buf);
304 } while (sm2_bn_cmp(r, range) >= 0);
305 }
306
sm2_fp_add(SM2_Fp r,const SM2_Fp a,const SM2_Fp b)307 void sm2_fp_add(SM2_Fp r, const SM2_Fp a, const SM2_Fp b)
308 {
309 sm2_bn_add(r, a, b);
310 if (sm2_bn_cmp(r, SM2_P) >= 0) {
311 sm2_bn_sub(r, r, SM2_P);
312 }
313 }
314
sm2_fp_sub(SM2_Fp r,const SM2_Fp a,const SM2_Fp b)315 void sm2_fp_sub(SM2_Fp r, const SM2_Fp a, const SM2_Fp b)
316 {
317 if (sm2_bn_cmp(a, b) >= 0) {
318 sm2_bn_sub(r, a, b);
319 } else {
320 SM2_BN t;
321 sm2_bn_sub(t, SM2_P, b);
322 sm2_bn_add(r, t, a);
323 }
324 }
325
sm2_fp_dbl(SM2_Fp r,const SM2_Fp a)326 void sm2_fp_dbl(SM2_Fp r, const SM2_Fp a)
327 {
328 sm2_fp_add(r, a, a);
329 }
330
sm2_fp_tri(SM2_Fp r,const SM2_Fp a)331 void sm2_fp_tri(SM2_Fp r, const SM2_Fp a)
332 {
333 SM2_BN t;
334 sm2_fp_dbl(t, a);
335 sm2_fp_add(r, t, a);
336 }
337
sm2_fp_div2(SM2_Fp r,const SM2_Fp a)338 void sm2_fp_div2(SM2_Fp r, const SM2_Fp a)
339 {
340 int i;
341 sm2_bn_copy(r, a);
342 if (r[0] & 0x01) {
343 sm2_bn_add(r, r, SM2_P);
344 }
345 for (i = 0; i < 7; i++) {
346 r[i] = (r[i] >> 1) | ((r[i + 1] & 0x01) << 31);
347 }
348 r[i] >>= 1;
349 }
350
sm2_fp_neg(SM2_Fp r,const SM2_Fp a)351 void sm2_fp_neg(SM2_Fp r, const SM2_Fp a)
352 {
353 if (sm2_bn_is_zero(a)) {
354 sm2_bn_copy(r, a);
355 } else {
356 sm2_bn_sub(r, SM2_P, a);
357 }
358 }
359
sm2_fp_mul(SM2_Fp r,const SM2_Fp a,const SM2_Fp b)360 void sm2_fp_mul(SM2_Fp r, const SM2_Fp a, const SM2_Fp b)
361 {
362 int i, j;
363 uint64_t s[16] = {0};
364 SM2_BN d = {0};
365 uint64_t u;
366
367 // s = a * b
368 for (i = 0; i < 8; i++) {
369 u = 0;
370 for (j = 0; j < 8; j++) {
371 u = s[i + j] + a[i] * b[j] + u;
372 s[i + j] = u & 0xffffffff;
373 u >>= 32;
374 }
375 s[i + 8] = u;
376 }
377
378 r[0] = s[0] + s[ 8] + s[ 9] + s[10] + s[11] + s[12] + ((s[13] + s[14] + s[15]) << 1);
379 r[1] = s[1] + s[ 9] + s[10] + s[11] + s[12] + s[13] + ((s[14] + s[15]) << 1);
380 r[2] = s[2];
381 r[3] = s[3] + s[ 8] + s[11] + s[12] + s[14] + s[15] + (s[13] << 1);
382 r[4] = s[4] + s[ 9] + s[12] + s[13] + s[15] + (s[14] << 1);
383 r[5] = s[5] + s[10] + s[13] + s[14] + (s[15] << 1);
384 r[6] = s[6] + s[11] + s[14] + s[15];
385 r[7] = s[7] + s[ 8] + s[ 9] + s[10] + s[11] + s[15] + ((s[12] + s[13] + s[14] + s[15]) << 1);
386
387 for (i = 1; i < 8; i++) {
388 r[i] += r[i - 1] >> 32;
389 r[i - 1] &= 0xffffffff;
390 }
391
392 d[2] = s[8] + s[9] + s[13] + s[14];
393 d[3] = d[2] >> 32;
394 d[2] &= 0xffffffff;
395 sm2_bn_sub(r, r, d);
396
397 // max times ?
398 while (sm2_bn_cmp(r, SM2_P) >= 0) {
399 sm2_bn_sub(r, r, SM2_P);
400 }
401 }
402
sm2_fp_sqr(SM2_Fp r,const SM2_Fp a)403 void sm2_fp_sqr(SM2_Fp r, const SM2_Fp a)
404 {
405 sm2_fp_mul(r, a, a);
406 }
407
sm2_fp_exp(SM2_Fp r,const SM2_Fp a,const SM2_Fp e)408 void sm2_fp_exp(SM2_Fp r, const SM2_Fp a, const SM2_Fp e)
409 {
410 SM2_BN t;
411 uint32_t w;
412 int i, j;
413
414 sm2_bn_set_one(t);
415 for (i = 7; i >= 0; i--) {
416 w = (uint32_t)e[i];
417 for (j = 0; j < 32; j++) {
418 sm2_fp_sqr(t, t);
419 if (w & 0x80000000)
420 sm2_fp_mul(t, t, a);
421 w <<= 1;
422 }
423 }
424
425 sm2_bn_copy(r, t);
426 }
427
sm2_fp_inv(SM2_Fp r,const SM2_Fp a)428 void sm2_fp_inv(SM2_Fp r, const SM2_Fp a)
429 {
430 SM2_BN a1;
431 SM2_BN a2;
432 SM2_BN a3;
433 SM2_BN a4;
434 SM2_BN a5;
435 int i;
436
437 sm2_fp_sqr(a1, a);
438 sm2_fp_mul(a2, a1, a);
439 sm2_fp_sqr(a3, a2);
440 sm2_fp_sqr(a3, a3);
441 sm2_fp_mul(a3, a3, a2);
442 sm2_fp_sqr(a4, a3);
443 sm2_fp_sqr(a4, a4);
444 sm2_fp_sqr(a4, a4);
445 sm2_fp_sqr(a4, a4);
446 sm2_fp_mul(a4, a4, a3);
447 sm2_fp_sqr(a5, a4);
448 for (i = 1; i < 8; i++)
449 sm2_fp_sqr(a5, a5);
450 sm2_fp_mul(a5, a5, a4);
451 for (i = 0; i < 8; i++)
452 sm2_fp_sqr(a5, a5);
453 sm2_fp_mul(a5, a5, a4);
454 for (i = 0; i < 4; i++)
455 sm2_fp_sqr(a5, a5);
456 sm2_fp_mul(a5, a5, a3);
457 sm2_fp_sqr(a5, a5);
458 sm2_fp_sqr(a5, a5);
459 sm2_fp_mul(a5, a5, a2);
460 sm2_fp_sqr(a5, a5);
461 sm2_fp_mul(a5, a5, a);
462 sm2_fp_sqr(a4, a5);
463 sm2_fp_mul(a3, a4, a1);
464 sm2_fp_sqr(a5, a4);
465 for (i = 1; i< 31; i++)
466 sm2_fp_sqr(a5, a5);
467 sm2_fp_mul(a4, a5, a4);
468 sm2_fp_sqr(a4, a4);
469 sm2_fp_mul(a4, a4, a);
470 sm2_fp_mul(a3, a4, a2);
471 for (i = 0; i < 33; i++)
472 sm2_fp_sqr(a5, a5);
473 sm2_fp_mul(a2, a5, a3);
474 sm2_fp_mul(a3, a2, a3);
475 for (i = 0; i < 32; i++)
476 sm2_fp_sqr(a5, a5);
477 sm2_fp_mul(a2, a5, a3);
478 sm2_fp_mul(a3, a2, a3);
479 sm2_fp_mul(a4, a2, a4);
480 for (i = 0; i < 32; i++)
481 sm2_fp_sqr(a5, a5);
482 sm2_fp_mul(a2, a5, a3);
483 sm2_fp_mul(a3, a2, a3);
484 sm2_fp_mul(a4, a2, a4);
485 for (i = 0; i < 32; i++)
486 sm2_fp_sqr(a5, a5);
487 sm2_fp_mul(a2, a5, a3);
488 sm2_fp_mul(a3, a2, a3);
489 sm2_fp_mul(a4, a2, a4);
490 for (i = 0; i < 32; i++)
491 sm2_fp_sqr(a5, a5);
492 sm2_fp_mul(a2, a5, a3);
493 sm2_fp_mul(a3, a2, a3);
494 sm2_fp_mul(a4, a2, a4);
495 for (i = 0; i < 32; i++)
496 sm2_fp_sqr(a5, a5);
497 sm2_fp_mul(r, a4, a5);
498
499 sm2_bn_clean(a1);
500 sm2_bn_clean(a2);
501 sm2_bn_clean(a3);
502 sm2_bn_clean(a4);
503 sm2_bn_clean(a5);
504 }
505
sm2_fn_add(SM2_Fn r,const SM2_Fn a,const SM2_Fn b)506 void sm2_fn_add(SM2_Fn r, const SM2_Fn a, const SM2_Fn b)
507 {
508 sm2_bn_add(r, a, b);
509 if (sm2_bn_cmp(r, SM2_N) >= 0) {
510 sm2_bn_sub(r, r, SM2_N);
511 }
512 }
513
sm2_fn_sub(SM2_Fn r,const SM2_Fn a,const SM2_Fn b)514 void sm2_fn_sub(SM2_Fn r, const SM2_Fn a, const SM2_Fn b)
515 {
516 if (sm2_bn_cmp(a, b) >= 0) {
517 sm2_bn_sub(r, a, b);
518 } else {
519 SM2_BN t;
520 sm2_bn_add(t, a, SM2_N);
521 sm2_bn_sub(r, t, b);
522 }
523 }
524
sm2_fn_neg(SM2_Fn r,const SM2_Fn a)525 void sm2_fn_neg(SM2_Fn r, const SM2_Fn a)
526 {
527 if (sm2_bn_is_zero(a)) {
528 sm2_bn_copy(r, a);
529 } else {
530 sm2_bn_sub(r, SM2_N, a);
531 }
532 }
533
534 /* bn288 only used in barrett reduction */
sm2_bn288_cmp(const uint64_t a[9],const uint64_t b[9])535 static int sm2_bn288_cmp(const uint64_t a[9], const uint64_t b[9])
536 {
537 int i;
538 for (i = 8; i >= 0; i--) {
539 if (a[i] > b[i])
540 return 1;
541 if (a[i] < b[i])
542 return -1;
543 }
544 return 0;
545 }
546
sm2_bn288_add(uint64_t r[9],const uint64_t a[9],const uint64_t b[9])547 static void sm2_bn288_add(uint64_t r[9], const uint64_t a[9], const uint64_t b[9])
548 {
549 int i;
550 r[0] = a[0] + b[0];
551 for (i = 1; i < 9; i++) {
552 r[i] = a[i] + b[i] + (r[i-1] >> 32);
553 }
554 for (i = 0; i < 8; i++) {
555 r[i] &= 0xffffffff;
556 }
557 }
558
sm2_bn288_sub(uint64_t ret[9],const uint64_t a[9],const uint64_t b[9])559 static void sm2_bn288_sub(uint64_t ret[9], const uint64_t a[9], const uint64_t b[9])
560 {
561 int i;
562 uint64_t r[9];
563
564 r[0] = ((uint64_t)1 << 32) + a[0] - b[0];
565 for (i = 1; i < 8; i++) {
566 r[i] = 0xffffffff + a[i] - b[i] + (r[i - 1] >> 32);
567 r[i - 1] &= 0xffffffff;
568 }
569 r[i] = a[i] - b[i] + (r[i - 1] >> 32) - 1;
570 r[i - 1] &= 0xffffffff;
571
572 for (i = 0; i < 9; i++) {
573 ret[i] = r[i];
574 }
575 }
576
sm2_fn_mul(SM2_BN r,const SM2_BN a,const SM2_BN b)577 void sm2_fn_mul(SM2_BN r, const SM2_BN a, const SM2_BN b)
578 {
579 static const uint64_t mu[8] = {
580 0xf15149a0, 0x12ac6361, 0xfa323c01, 0x8dfc2096,
581 1, 1, 1, 0x100000001,
582 };
583
584 uint64_t s[17];
585 uint64_t zh[9];
586 uint64_t zl[9];
587 uint64_t q[9];
588 uint64_t w;
589 int i, j;
590
591
592 /* z = a * b */
593 for (i = 0; i < 8; i++) {
594 s[i] = 0;
595 }
596 for (i = 0; i < 8; i++) {
597 w = 0;
598 for (j = 0; j < 8; j++) {
599 w += s[i + j] + a[i] * b[j];
600 s[i + j] = w & 0xffffffff;
601 w >>= 32;
602 }
603 s[i + 8] = w;
604 }
605
606 /* zl = z mod (2^32)^9 = z[0..8]
607 * zh = z // (2^32)^7 = z[7..15] */
608 for (i = 0; i < 9; i++) {
609 zl[i] = s[i];
610 zh[i] = s[7 + i];
611 }
612 //printf("zl = "); for (i = 8; i >= 0; i--) printf("%08x", (uint32_t)zl[i]); printf("\n");
613 //printf("zh = "); for (i = 8; i >= 0; i--) printf("%08x", (uint32_t)zh[i]); printf("\n");
614
615 /* q = zh * mu // (2^32)^9 */
616 for (i = 0; i < 9; i++) {
617 s[i] = 0;
618 }
619 for (i = 0; i < 9; i++) {
620 w = 0;
621 for (j = 0; j < 8; j++) {
622 w += s[i + j] + zh[i] * mu[j];
623 s[i + j] = w & 0xffffffff;
624 w >>= 32;
625 }
626 s[i + 8] = w;
627 }
628 for (i = 0; i < 8; i++) {
629 q[i] = s[9 + i];
630 }
631 //printf("q = "); for (i = 7; i >= 0; i--) printf("%08x", (uint32_t)q[i]); printf("\n");
632
633
634 /* q = q * n mod (2^32)^9 */
635 for (i = 0; i < 8; i++) {
636 s[i] = 0;
637 }
638 for (i = 0; i < 8; i++) {
639 w = 0;
640 for (j = 0; j < 8; j++) {
641 w += s[i + j] + q[i] * SM2_N[j];
642 s[i + j] = w & 0xffffffff;
643 w >>= 32;
644 }
645 s[i + 8] = w;
646 }
647 for (i = 0; i < 9; i++) {
648 q[i] = s[i];
649 }
650 //printf("qn = "); for (i = 8; i >= 0; i--) printf("%08x", (uint32_t)q[i]); printf("\n");
651
652 /* r = zl - q (mod (2^32)^9) */
653
654 if (sm2_bn288_cmp(zl, q)) {
655 sm2_bn288_sub(zl, zl, q);
656 } else {
657 uint64_t c[9] = {0,0,0,0,0,0,0,0,0x100000000};
658 sm2_bn288_sub(q, c, q);
659 sm2_bn288_add(zl, q, zl);
660 }
661
662 //printf("r = "); for (i = 8; i >= 0; i--) printf("%08x", (uint32_t)zl[i]); printf("\n");
663
664 for (i = 0; i < 8; i++) {
665 r[i] = zl[i];
666 }
667 r[7] += zl[8] << 32;
668
669 /* while r >= p do: r = r - n */
670 while (sm2_bn_cmp(r, SM2_N) >= 0) {
671 sm2_bn_sub(r, r, SM2_N);
672 //printf("r = r -n = "); for (i = 8; i >= 0; i--) printf("%08x", (uint32_t)zl[i]); printf("\n");
673 }
674 }
675
sm2_fn_sqr(SM2_BN r,const SM2_BN a)676 void sm2_fn_sqr(SM2_BN r, const SM2_BN a)
677 {
678 sm2_fn_mul(r, a, a);
679 }
680
sm2_fn_exp(SM2_BN r,const SM2_BN a,const SM2_BN e)681 void sm2_fn_exp(SM2_BN r, const SM2_BN a, const SM2_BN e)
682 {
683 SM2_BN t;
684 uint32_t w;
685 int i, j;
686
687 sm2_bn_set_one(t);
688 for (i = 7; i >= 0; i--) {
689 w = (uint32_t)e[i];
690 for (j = 0; j < 32; j++) {
691 sm2_fn_sqr(t, t);
692 if (w & 0x80000000) {
693 sm2_fn_mul(t, t, a);
694 }
695 w <<= 1;
696 }
697 }
698
699 sm2_bn_copy(r, t);
700 }
701
sm2_fn_inv(SM2_BN r,const SM2_BN a)702 void sm2_fn_inv(SM2_BN r, const SM2_BN a)
703 {
704 SM2_BN e;
705 sm2_bn_sub(e, SM2_N, SM2_TWO);
706 sm2_fn_exp(r, a, e);
707 }
708
sm2_fn_rand(SM2_BN r)709 void sm2_fn_rand(SM2_BN r)
710 {
711 sm2_bn_rand_range(r, SM2_N);
712 }
713
714
715
sm2_jacobian_point_init(SM2_JACOBIAN_POINT * R)716 void sm2_jacobian_point_init(SM2_JACOBIAN_POINT *R)
717 {
718 memset(R, 0, sizeof(SM2_JACOBIAN_POINT));
719 R->X[0] = 1;
720 R->Y[0] = 1;
721 }
722
sm2_jacobian_point_is_at_infinity(const SM2_JACOBIAN_POINT * P)723 int sm2_jacobian_point_is_at_infinity(const SM2_JACOBIAN_POINT *P)
724 {
725 return sm2_bn_is_zero(P->Z);
726 }
727
sm2_jacobian_point_set_xy(SM2_JACOBIAN_POINT * R,const SM2_BN x,const SM2_BN y)728 void sm2_jacobian_point_set_xy(SM2_JACOBIAN_POINT *R, const SM2_BN x, const SM2_BN y)
729 {
730 sm2_bn_copy(R->X, x);
731 sm2_bn_copy(R->Y, y);
732 sm2_bn_set_one(R->Z);
733 }
734
sm2_jacobian_point_get_xy(const SM2_JACOBIAN_POINT * P,SM2_BN x,SM2_BN y)735 void sm2_jacobian_point_get_xy(const SM2_JACOBIAN_POINT *P, SM2_BN x, SM2_BN y)
736 {
737 SM2_BN z_inv;
738
739 if (sm2_bn_is_one(P->Z)) {
740 sm2_bn_copy(x, P->X);
741 sm2_bn_copy(y, P->Y);
742 } else {
743 sm2_fp_inv(z_inv, P->Z);
744 if (y)
745 sm2_fp_mul(y, P->Y, z_inv);
746 sm2_fp_sqr(z_inv, z_inv);
747 sm2_fp_mul(x, P->X, z_inv);
748 if (y)
749 sm2_fp_mul(y, y, z_inv);
750 }
751 }
752
sm2_jacobian_pointpoint_print(FILE * fp,int fmt,int ind,const char * label,const SM2_JACOBIAN_POINT * P)753 int sm2_jacobian_pointpoint_print(FILE *fp, int fmt, int ind, const char *label, const SM2_JACOBIAN_POINT *P)
754 {
755 int len = 0;
756 SM2_BN x;
757 SM2_BN y;
758
759 format_print(fp, fmt, ind, "%s\n", label);
760 ind += 4;
761
762 sm2_jacobian_point_get_xy(P, x, y);
763
764 sm2_bn_print(fp, fmt, ind, "x", x);
765 sm2_bn_print(fp, fmt, ind, "y", y);
766
767 return 1;
768 }
769
sm2_jacobian_point_is_on_curve(const SM2_JACOBIAN_POINT * P)770 int sm2_jacobian_point_is_on_curve(const SM2_JACOBIAN_POINT *P)
771 {
772 SM2_BN t0;
773 SM2_BN t1;
774 SM2_BN t2;
775
776 if (sm2_bn_is_one(P->Z)) {
777 sm2_fp_sqr(t0, P->Y);
778 sm2_fp_add(t0, t0, P->X);
779 sm2_fp_add(t0, t0, P->X);
780 sm2_fp_add(t0, t0, P->X);
781 sm2_fp_sqr(t1, P->X);
782 sm2_fp_mul(t1, t1, P->X);
783 sm2_fp_add(t1, t1, SM2_B);
784 } else {
785 sm2_fp_sqr(t0, P->Y);
786 sm2_fp_sqr(t1, P->Z);
787 sm2_fp_sqr(t2, t1);
788 sm2_fp_mul(t1, t1, t2);
789 sm2_fp_mul(t1, t1, SM2_B);
790 sm2_fp_mul(t2, t2, P->X);
791 sm2_fp_add(t0, t0, t2);
792 sm2_fp_add(t0, t0, t2);
793 sm2_fp_add(t0, t0, t2);
794 sm2_fp_sqr(t2, P->X);
795 sm2_fp_mul(t2, t2, P->X);
796 sm2_fp_add(t1, t1, t2);
797 }
798
799 if (sm2_bn_cmp(t0, t1) != 0) {
800 error_print();
801 return -1;
802 }
803 return 1;
804 }
805
sm2_jacobian_point_neg(SM2_JACOBIAN_POINT * R,const SM2_JACOBIAN_POINT * P)806 void sm2_jacobian_point_neg(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P)
807 {
808 sm2_bn_copy(R->X, P->X);
809 sm2_fp_neg(R->Y, P->Y);
810 sm2_bn_copy(R->Z, P->Z);
811 }
812
sm2_jacobian_point_dbl(SM2_JACOBIAN_POINT * R,const SM2_JACOBIAN_POINT * P)813 void sm2_jacobian_point_dbl(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P)
814 {
815 const uint64_t *X1 = P->X;
816 const uint64_t *Y1 = P->Y;
817 const uint64_t *Z1 = P->Z;
818 SM2_BN T1;
819 SM2_BN T2;
820 SM2_BN T3;
821 SM2_BN X3;
822 SM2_BN Y3;
823 SM2_BN Z3;
824 //printf("X1 = "); print_bn(X1);
825 //printf("Y1 = "); print_bn(Y1);
826 //printf("Z1 = "); print_bn(Z1);
827
828 if (sm2_jacobian_point_is_at_infinity(P)) {
829 sm2_jacobian_point_copy(R, P);
830 return;
831 }
832
833 sm2_fp_sqr(T1, Z1); //printf("T1 = Z1^2 = "); print_bn(T1);
834 sm2_fp_sub(T2, X1, T1); //printf("T2 = X1 - T1 = "); print_bn(T2);
835 sm2_fp_add(T1, X1, T1); //printf("T1 = X1 + T1 = "); print_bn(T1);
836 sm2_fp_mul(T2, T2, T1); //printf("T2 = T2 * T1 = "); print_bn(T2);
837 sm2_fp_tri(T2, T2); //printf("T2 = 3 * T2 = "); print_bn(T2);
838 sm2_fp_dbl(Y3, Y1); //printf("Y3 = 2 * Y1 = "); print_bn(Y3);
839 sm2_fp_mul(Z3, Y3, Z1); //printf("Z3 = Y3 * Z1 = "); print_bn(Z3);
840 sm2_fp_sqr(Y3, Y3); //printf("Y3 = Y3^2 = "); print_bn(Y3);
841 sm2_fp_mul(T3, Y3, X1); //printf("T3 = Y3 * X1 = "); print_bn(T3);
842 sm2_fp_sqr(Y3, Y3); //printf("Y3 = Y3^2 = "); print_bn(Y3);
843 sm2_fp_div2(Y3, Y3); //printf("Y3 = Y3/2 = "); print_bn(Y3);
844 sm2_fp_sqr(X3, T2); //printf("X3 = T2^2 = "); print_bn(X3);
845 sm2_fp_dbl(T1, T3); //printf("T1 = 2 * T1 = "); print_bn(T1);
846 sm2_fp_sub(X3, X3, T1); //printf("X3 = X3 - T1 = "); print_bn(X3);
847 sm2_fp_sub(T1, T3, X3); //printf("T1 = T3 - X3 = "); print_bn(T1);
848 sm2_fp_mul(T1, T1, T2); //printf("T1 = T1 * T2 = "); print_bn(T1);
849 sm2_fp_sub(Y3, T1, Y3); //printf("Y3 = T1 - Y3 = "); print_bn(Y3);
850
851 sm2_bn_copy(R->X, X3);
852 sm2_bn_copy(R->Y, Y3);
853 sm2_bn_copy(R->Z, Z3);
854
855 //printf("X3 = "); print_bn(R->X);
856 //printf("Y3 = "); print_bn(R->Y);
857 //printf("Z3 = "); print_bn(R->Z);
858
859 }
860
sm2_jacobian_point_add(SM2_JACOBIAN_POINT * R,const SM2_JACOBIAN_POINT * P,const SM2_JACOBIAN_POINT * Q)861 void sm2_jacobian_point_add(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q)
862 {
863 const uint64_t *X1 = P->X;
864 const uint64_t *Y1 = P->Y;
865 const uint64_t *Z1 = P->Z;
866 const uint64_t *x2 = Q->X;
867 const uint64_t *y2 = Q->Y;
868 SM2_BN T1;
869 SM2_BN T2;
870 SM2_BN T3;
871 SM2_BN T4;
872 SM2_BN X3;
873 SM2_BN Y3;
874 SM2_BN Z3;
875
876 if (sm2_jacobian_point_is_at_infinity(Q)) {
877 sm2_jacobian_point_copy(R, P);
878 return;
879 }
880
881 if (sm2_jacobian_point_is_at_infinity(P)) {
882 sm2_jacobian_point_copy(R, Q);
883 return;
884 }
885
886 assert(sm2_bn_is_one(Q->Z));
887
888 sm2_fp_sqr(T1, Z1);
889 sm2_fp_mul(T2, T1, Z1);
890 sm2_fp_mul(T1, T1, x2);
891 sm2_fp_mul(T2, T2, y2);
892 sm2_fp_sub(T1, T1, X1);
893 sm2_fp_sub(T2, T2, Y1);
894 if (sm2_bn_is_zero(T1)) {
895 if (sm2_bn_is_zero(T2)) {
896 SM2_JACOBIAN_POINT _Q, *Q = &_Q;
897 sm2_jacobian_point_set_xy(Q, x2, y2);
898
899 sm2_jacobian_point_dbl(R, Q);
900 return;
901 } else {
902 sm2_jacobian_point_set_infinity(R);
903 return;
904 }
905 }
906 sm2_fp_mul(Z3, Z1, T1);
907 sm2_fp_sqr(T3, T1);
908 sm2_fp_mul(T4, T3, T1);
909 sm2_fp_mul(T3, T3, X1);
910 sm2_fp_dbl(T1, T3);
911 sm2_fp_sqr(X3, T2);
912 sm2_fp_sub(X3, X3, T1);
913 sm2_fp_sub(X3, X3, T4);
914 sm2_fp_sub(T3, T3, X3);
915 sm2_fp_mul(T3, T3, T2);
916 sm2_fp_mul(T4, T4, Y1);
917 sm2_fp_sub(Y3, T3, T4);
918
919 sm2_bn_copy(R->X, X3);
920 sm2_bn_copy(R->Y, Y3);
921 sm2_bn_copy(R->Z, Z3);
922 }
923
sm2_jacobian_point_sub(SM2_JACOBIAN_POINT * R,const SM2_JACOBIAN_POINT * P,const SM2_JACOBIAN_POINT * Q)924 void sm2_jacobian_point_sub(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q)
925 {
926 SM2_JACOBIAN_POINT _T, *T = &_T;
927 sm2_jacobian_point_neg(T, Q);
928 sm2_jacobian_point_add(R, P, T);
929 }
930
sm2_jacobian_point_mul(SM2_JACOBIAN_POINT * R,const SM2_BN k,const SM2_JACOBIAN_POINT * P)931 void sm2_jacobian_point_mul(SM2_JACOBIAN_POINT *R, const SM2_BN k, const SM2_JACOBIAN_POINT *P)
932 {
933 char bits[257] = {0};
934 SM2_JACOBIAN_POINT _Q, *Q = &_Q;
935 SM2_JACOBIAN_POINT _T, *T = &_T;
936 int i;
937
938 // FIXME: point_add need affine, so we can not use point_add
939 if (!sm2_bn_is_one(P->Z)) {
940 SM2_BN x;
941 SM2_BN y;
942 sm2_jacobian_point_get_xy(P, x, y);
943 sm2_jacobian_point_set_xy(T, x, y);
944 P = T;
945 }
946
947 sm2_jacobian_point_set_infinity(Q);
948 sm2_bn_to_bits(k, bits);
949 for (i = 0; i < 256; i++) {
950 sm2_jacobian_point_dbl(Q, Q);
951 if (bits[i] == '1') {
952 sm2_jacobian_point_add(Q, Q, P);
953 }
954 }
955 sm2_jacobian_point_copy(R, Q);
956 }
957
sm2_jacobian_point_to_bytes(const SM2_JACOBIAN_POINT * P,uint8_t out[64])958 void sm2_jacobian_point_to_bytes(const SM2_JACOBIAN_POINT *P, uint8_t out[64])
959 {
960 SM2_BN x;
961 SM2_BN y;
962 sm2_jacobian_point_get_xy(P, x, y);
963 sm2_bn_to_bytes(x, out);
964 sm2_bn_to_bytes(y, out + 32);
965 }
966
sm2_jacobian_point_from_bytes(SM2_JACOBIAN_POINT * P,const uint8_t in[64])967 void sm2_jacobian_point_from_bytes(SM2_JACOBIAN_POINT *P, const uint8_t in[64])
968 {
969 sm2_bn_from_bytes(P->X, in);
970 sm2_bn_from_bytes(P->Y, in + 32);
971 sm2_bn_set_word(P->Z, 1);
972 /* should we check if sm2_jacobian_point_is_on_curve */
973 }
974
sm2_jacobian_point_mul_generator(SM2_JACOBIAN_POINT * R,const SM2_BN k)975 void sm2_jacobian_point_mul_generator(SM2_JACOBIAN_POINT *R, const SM2_BN k)
976 {
977 sm2_jacobian_point_mul(R, k, SM2_G);
978 }
979
980 /* R = t * P + s * G */
sm2_jacobian_point_mul_sum(SM2_JACOBIAN_POINT * R,const SM2_BN t,const SM2_JACOBIAN_POINT * P,const SM2_BN s)981 void sm2_jacobian_point_mul_sum(SM2_JACOBIAN_POINT *R, const SM2_BN t, const SM2_JACOBIAN_POINT *P, const SM2_BN s)
982 {
983 SM2_JACOBIAN_POINT _sG, *sG = &_sG;
984 SM2_BN x;
985 SM2_BN y;
986
987 /* T = s * G */
988 sm2_jacobian_point_mul_generator(sG, s);
989
990 // R = t * P
991 sm2_jacobian_point_mul(R, t, P);
992 sm2_jacobian_point_get_xy(R, x, y);
993 sm2_jacobian_point_set_xy(R, x, y);
994
995 // R = R + T
996 sm2_jacobian_point_add(R, sG, R);
997 }
998
sm2_jacobian_point_from_hex(SM2_JACOBIAN_POINT * P,const char hex[64* 2])999 void sm2_jacobian_point_from_hex(SM2_JACOBIAN_POINT *P, const char hex[64 * 2])
1000 {
1001 sm2_bn_from_hex(P->X, hex);
1002 sm2_bn_from_hex(P->Y, hex + 64);
1003 sm2_bn_set_one(P->Z);
1004 }
1005
sm2_jacobian_point_equ_hex(const SM2_JACOBIAN_POINT * P,const char hex[128])1006 int sm2_jacobian_point_equ_hex(const SM2_JACOBIAN_POINT *P, const char hex[128])
1007 {
1008 SM2_BN x;
1009 SM2_BN y;
1010 SM2_JACOBIAN_POINT _T, *T = &_T;
1011
1012 sm2_jacobian_point_get_xy(P, x, y);
1013 sm2_jacobian_point_from_hex(T, hex);
1014
1015 return (sm2_bn_cmp(x, T->X) == 0) && (sm2_bn_cmp(y, T->Y) == 0);
1016 }
1017
1018
1019
sm2_point_is_on_curve(const SM2_POINT * P)1020 int sm2_point_is_on_curve(const SM2_POINT *P)
1021 {
1022 SM2_JACOBIAN_POINT T;
1023 sm2_jacobian_point_from_bytes(&T, (const uint8_t *)P);
1024 return sm2_jacobian_point_is_on_curve(&T);
1025 }
1026
sm2_point_from_x(SM2_POINT * P,const uint8_t x[32],int y)1027 int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y)
1028 {
1029 SM2_BN _x, _y, _g, _z;
1030 sm2_bn_from_bytes(_x, x);
1031
1032 // g = x^3 - 3x + b = (x^2 - 3)*x + b
1033 sm2_fp_sqr(_g, _x);
1034 sm2_fp_sub(_g, _g, SM2_THREE);
1035 sm2_fp_mul(_g, _g, _x);
1036 sm2_fp_add(_g, _g, SM2_B);
1037
1038 // y = g^(u + 1) mod p, u = (p - 3)/4
1039 sm2_fp_exp(_y, _g, SM2_U_PLUS_ONE);
1040
1041 // z = y^2 mod p
1042 sm2_fp_sqr(_z, _y);
1043 if (sm2_bn_cmp(_z, _g)) {
1044 error_print();
1045 return -1;
1046 }
1047
1048 if ((y == 0x02 && sm2_bn_is_odd(_y)) || (y == 0x03) && !sm2_bn_is_odd(_y)) {
1049 sm2_fp_neg(_y, _y);
1050 }
1051
1052 sm2_bn_to_bytes(_x, P->x);
1053 sm2_bn_to_bytes(_y, P->y);
1054
1055 sm2_bn_clean(_x);
1056 sm2_bn_clean(_y);
1057 sm2_bn_clean(_g);
1058 sm2_bn_clean(_z);
1059
1060 if (!sm2_point_is_on_curve(P)) {
1061 error_print();
1062 return -1;
1063 }
1064 return 1;
1065 }
1066
sm2_point_from_xy(SM2_POINT * P,const uint8_t x[32],const uint8_t y[32])1067 int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32])
1068 {
1069 memcpy(P->x, x, 32);
1070 memcpy(P->y, y, 32);
1071 return sm2_point_is_on_curve(P);
1072 }
1073
sm2_point_mul(SM2_POINT * R,const uint8_t k[32],const SM2_POINT * P)1074 int sm2_point_mul(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P)
1075 {
1076 SM2_BN _k;
1077 SM2_JACOBIAN_POINT _P;
1078
1079 sm2_bn_from_bytes(_k, k);
1080 sm2_jacobian_point_from_bytes(&_P, (uint8_t *)P);
1081 sm2_jacobian_point_mul(&_P, _k, &_P);
1082 sm2_jacobian_point_to_bytes(&_P, (uint8_t *)R);
1083
1084 sm2_bn_clean(_k);
1085 return 1;
1086 }
1087
sm2_point_mul_generator(SM2_POINT * R,const uint8_t k[32])1088 int sm2_point_mul_generator(SM2_POINT *R, const uint8_t k[32])
1089 {
1090 SM2_BN _k;
1091 SM2_JACOBIAN_POINT _R;
1092
1093 sm2_bn_from_bytes(_k, k);
1094 sm2_jacobian_point_mul_generator(&_R, _k);
1095 sm2_jacobian_point_to_bytes(&_R, (uint8_t *)R);
1096
1097 sm2_bn_clean(_k);
1098 return 1;
1099 }
1100
sm2_point_mul_sum(SM2_POINT * R,const uint8_t k[32],const SM2_POINT * P,const uint8_t s[32])1101 int sm2_point_mul_sum(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P, const uint8_t s[32])
1102 {
1103 SM2_BN _k;
1104 SM2_JACOBIAN_POINT _P;
1105 SM2_BN _s;
1106
1107 sm2_bn_from_bytes(_k, k);
1108 sm2_jacobian_point_from_bytes(&_P, (uint8_t *)P);
1109 sm2_bn_from_bytes(_s, s);
1110 sm2_jacobian_point_mul_sum(&_P, _k, &_P, _s);
1111 sm2_jacobian_point_to_bytes(&_P, (uint8_t *)R);
1112
1113 sm2_bn_clean(_k);
1114 sm2_bn_clean(_s);
1115 return 1;
1116 }
1117
sm2_point_print(FILE * fp,int fmt,int ind,const char * label,const SM2_POINT * P)1118 int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POINT *P)
1119 {
1120 format_print(fp, fmt, ind, "%s\n", label);
1121 ind += 4;
1122 format_bytes(fp, fmt, ind, "x", P->x, 32);
1123 format_bytes(fp, fmt, ind, "y", P->y, 32);
1124 return 1;
1125 }
1126
sm2_point_to_compressed_octets(const SM2_POINT * P,uint8_t out[33])1127 void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33])
1128 {
1129 *out++ = (P->y[31] & 0x01) ? 0x03 : 0x02;
1130 memcpy(out, P->x, 32);
1131 }
1132
sm2_point_to_uncompressed_octets(const SM2_POINT * P,uint8_t out[65])1133 void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65])
1134 {
1135 *out++ = 0x04;
1136 memcpy(out, P, 64);
1137 }
1138
sm2_point_from_octets(SM2_POINT * P,const uint8_t * in,size_t inlen)1139 int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen)
1140 {
1141 if ((*in == 0x02 || *in == 0x03) && inlen == 33) {
1142 if (sm2_point_from_x(P, in + 1, *in) != 1) {
1143 error_print();
1144 return -1;
1145 }
1146 } else if (*in == 0x04 && inlen == 65) {
1147 if (sm2_point_from_xy(P, in + 1, in + 33) != 1) {
1148 error_print();
1149 return -1;
1150 }
1151 } else {
1152 error_print();
1153 return -1;
1154 }
1155 return 1;
1156 }
1157
sm2_point_to_der(const SM2_POINT * P,uint8_t ** out,size_t * outlen)1158 int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen)
1159 {
1160 uint8_t octets[65];
1161 if (!P) {
1162 return 0;
1163 }
1164 sm2_point_to_uncompressed_octets(P, octets);
1165 if (asn1_octet_string_to_der(octets, sizeof(octets), out, outlen) != 1) {
1166 error_print();
1167 return -1;
1168 }
1169 return 1;
1170 }
1171
sm2_point_from_der(SM2_POINT * P,const uint8_t ** in,size_t * inlen)1172 int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen)
1173 {
1174 int ret;
1175 const uint8_t *d;
1176 size_t dlen;
1177
1178 if ((ret = asn1_octet_string_from_der(&d, &dlen, in, inlen)) != 1) {
1179 if (ret < 0) error_print();
1180 return ret;
1181 }
1182 if (dlen != 65) {
1183 error_print();
1184 return -1;
1185 }
1186 if (sm2_point_from_octets(P, d, dlen) != 1) {
1187 error_print();
1188 return -1;
1189 }
1190 return 1;
1191 }
1192