1 /* 2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the License); you may 5 * not use this file except in compliance with the License. 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 */ 9 10 11 #include <stdio.h> 12 #include <string.h> 13 #include <stdlib.h> 14 #include <stdint.h> 15 #include <gmssl/sm3.h> 16 #include <gmssl/sm2.h> 17 18 19 #ifndef GMSSL_SM9_H 20 #define GMSSL_SM9_H 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 /* 27 SM9 Public API 28 29 SM9_SIGNATURE_SIZE 30 SM9_MAX_PLAINTEXT_SIZE 31 SM9_MAX_CIPHERTEXT_SIZE 32 33 SM9_SIGN_MASTER_KEY 34 sm9_sign_master_key_generate 35 sm9_sign_master_key_extract_key 36 sm9_sign_master_key_info_encrypt_to_der 37 sm9_sign_master_key_info_decrypt_from_der 38 sm9_sign_master_key_info_encrypt_to_pem 39 sm9_sign_master_key_info_decrypt_from_pem 40 sm9_sign_master_public_key_to_der 41 sm9_sign_master_public_key_from_der 42 sm9_sign_master_public_key_to_pem 43 sm9_sign_master_public_key_from_pem 44 45 SM9_SIGN_KEY 46 sm9_sign_key_info_encrypt_to_der 47 sm9_sign_key_info_decrypt_from_der 48 sm9_sign_key_info_encrypt_to_pem 49 sm9_sign_key_info_decrypt_from_pem 50 51 SM9_SIGN_CTX 52 sm9_sign_init 53 sm9_sign_update 54 sm9_sign_finish 55 sm9_verify_init 56 sm9_verify_update 57 sm9_verify_finish 58 59 SM9_ENC_MASTER_KEY 60 sm9_enc_master_key_generate 61 sm9_enc_master_key_extract_key 62 sm9_enc_master_key_info_encrypt_to_der 63 sm9_enc_master_key_info_decrypt_from_der 64 sm9_enc_master_key_info_encrypt_to_pem 65 sm9_enc_master_key_info_decrypt_from_pem 66 sm9_enc_master_public_key_to_der 67 sm9_enc_master_public_key_from_der 68 sm9_enc_master_public_key_to_pem 69 sm9_enc_master_public_key_from_pem 70 71 SM9_ENC_KEY 72 sm9_enc_key_info_encrypt_to_der 73 sm9_enc_key_info_decrypt_from_der 74 sm9_enc_key_info_encrypt_to_pem 75 sm9_enc_key_info_decrypt_from_pem 76 77 sm9_encrypt 78 sm9_decrypt 79 */ 80 81 #define SM9_HEX_SEP '\n' 82 83 typedef uint64_t sm9_bn_t[8]; 84 extern const sm9_bn_t SM9_ZERO; 85 extern const sm9_bn_t SM9_ONE; 86 extern const sm9_bn_t SM9_P; 87 extern const sm9_bn_t SM9_N; 88 89 #define sm9_bn_init(r) sm9_bn_set_zero(r) 90 #define sm9_bn_clean(r) sm9_bn_set_zero(r) 91 #define sm9_bn_set_zero(r) sm9_bn_copy((r), SM9_ZERO) 92 #define sm9_bn_set_one(r) sm9_bn_copy((r), SM9_ONE) 93 #define sm9_bn_is_zero(a) (sm9_bn_cmp((a), SM9_ZERO) == 0) 94 #define sm9_bn_is_one(a) (sm9_bn_cmp((a), SM9_ONE) == 0) 95 96 void sm9_bn_set_word(sm9_bn_t r, uint32_t a); 97 void sm9_bn_copy(sm9_bn_t r, const sm9_bn_t a); 98 int sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range); 99 int sm9_bn_equ(const sm9_bn_t a, const sm9_bn_t b); 100 int sm9_bn_cmp(const sm9_bn_t a, const sm9_bn_t b); 101 void sm9_bn_add(sm9_bn_t r, const sm9_bn_t a, const sm9_bn_t b); 102 void sm9_bn_sub(sm9_bn_t ret, const sm9_bn_t a, const sm9_bn_t b); 103 void sm9_bn_to_bits(const sm9_bn_t a, char bits[256]); 104 void sm9_bn_to_bytes(const sm9_bn_t a, uint8_t out[32]); 105 void sm9_bn_from_bytes(sm9_bn_t r, const uint8_t in[32]); 106 void sm9_bn_to_hex(const sm9_bn_t a, char hex[64]); 107 int sm9_bn_from_hex(sm9_bn_t r, const char hex[64]); 108 int sm9_bn_print(FILE *fp, int fmt, int ind, const char *label, const sm9_bn_t a); 109 void sm9_print_bn(const char *prefix, const sm9_bn_t a); // 标准打印格式 110 111 112 typedef sm9_bn_t sm9_fp_t; 113 114 #define sm9_fp_init(r) sm9_fp_set_zero(r) 115 #define sm9_fp_clean(f) sm9_fp_set_zero(r) 116 #define sm9_fp_set_zero(r) sm9_bn_set_zero(r) 117 #define sm9_fp_set_one(r) sm9_bn_set_one(r) 118 #define sm9_fp_copy(r,a) sm9_bn_copy((r),(a)) 119 #define sm9_fp_rand(r) sm9_bn_rand_range((r), SM9_P) 120 #define sm9_fp_is_zero(a) sm9_bn_is_zero(a) 121 #define sm9_fp_is_one(a) sm9_bn_is_one(a) 122 #define sm9_fp_equ(a,b) sm9_bn_equ((a),(b)) 123 #define sm9_fp_to_bytes(a,buf) sm9_bn_to_bytes((a),(buf)) 124 #define sm9_fp_to_hex(a,s) sm9_bn_to_hex((a),(s)) 125 #define sm9_fp_print(fp,fmt,ind,label,a) sm9_bn_print(fp,fmt,ind,label,a) 126 127 void sm9_fp_add(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); 128 void sm9_fp_sub(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); 129 void sm9_fp_dbl(sm9_fp_t r, const sm9_fp_t a); 130 void sm9_fp_tri(sm9_fp_t r, const sm9_fp_t a); 131 void sm9_fp_neg(sm9_fp_t r, const sm9_fp_t a); 132 void sm9_fp_mul(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); 133 void sm9_fp_sqr(sm9_fp_t r, const sm9_fp_t a); 134 void sm9_fp_pow(sm9_fp_t r, const sm9_fp_t a, const sm9_bn_t e); 135 void sm9_fp_inv(sm9_fp_t r, const sm9_fp_t a); 136 void sm9_fp_div2(sm9_fp_t r, const sm9_fp_t a); 137 int sm9_fp_from_bytes(sm9_fp_t r, const uint8_t buf[32]); 138 int sm9_fp_from_hex(sm9_fp_t r, const char hex[64]); 139 140 141 typedef sm9_bn_t sm9_fn_t; 142 143 #define sm9_fn_init(r) sm9_fn_set_zero(r) 144 #define sm9_fn_clean(f) sm9_fn_set_zero(r) 145 #define sm9_fn_set_zero(r) sm9_bn_set_zero(r) 146 #define sm9_fn_set_one(r) sm9_bn_set_one(r) 147 #define sm9_fn_copy(r,a) sm9_bn_copy((r),(a)) 148 #define sm9_fn_rand(r) sm9_bn_rand_range((r), SM9_N) 149 #define sm9_fn_is_zero(a) sm9_bn_is_zero(a) 150 #define sm9_fn_is_one(a) sm9_bn_is_one(a) 151 #define sm9_fn_equ(a,b) sm9_bn_equ((a),(b)) 152 #define sm9_fn_to_bytes(a,out) sm9_bn_to_bytes((a),(out)) 153 #define sm9_fn_to_hex(a,s) sm9_bn_to_hex((a),(s)) 154 #define sm9_fn_print(fp,fmt,ind,label,a) sm9_bn_print(fp,fmt,ind,label,a) 155 156 void sm9_fn_add(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); 157 void sm9_fn_sub(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); 158 void sm9_fn_mul(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); 159 void sm9_fn_pow(sm9_fn_t r, const sm9_fn_t a, const sm9_bn_t e); 160 void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a); 161 void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]); 162 int sm9_fn_from_bytes(sm9_fn_t a, const uint8_t in[32]); 163 int sm9_fn_from_hex(sm9_fn_t r, const char hex[64]); 164 165 166 typedef uint64_t sm9_barrett_bn_t[9]; 167 168 int sm9_barrett_bn_cmp(const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); 169 void sm9_barrett_bn_add(sm9_barrett_bn_t r, const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); 170 void sm9_barrett_bn_sub(sm9_barrett_bn_t ret, const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); 171 172 173 typedef sm9_fp_t sm9_fp2_t[2]; 174 extern const sm9_fp2_t SM9_FP2_ZERO; 175 extern const sm9_fp2_t SM9_FP2_ONE; 176 extern const sm9_fp2_t SM9_FP2_U; 177 178 #define sm9_fp2_init(a) sm9_fp2_set_zero(a) 179 #define sm9_fp2_clean(a) sm9_fp2_set_zero(a) 180 #define sm9_fp2_set_zero(a) sm9_fp2_copy((a), SM9_FP2_ZERO) 181 #define sm9_fp2_set_one(a) sm9_fp2_copy((a), SM9_FP2_ONE) 182 #define sm9_fp2_set_u(a) sm9_fp2_copy((a), SM9_FP2_U) 183 #define sm9_fp2_is_zero(a) sm9_fp2_equ((a), SM9_FP2_ZERO) 184 #define sm9_fp2_is_one(a) sm9_fp2_equ((a), SM9_FP2_ONE) 185 186 void sm9_fp2_set_fp(sm9_fp2_t r, const sm9_fp_t a); 187 void sm9_fp2_set(sm9_fp2_t r, const sm9_fp_t a0, const sm9_fp_t a1); 188 void sm9_fp2_copy(sm9_fp2_t r, const sm9_fp2_t a); 189 int sm9_fp2_rand(sm9_fp2_t r); 190 int sm9_fp2_equ(const sm9_fp2_t a, const sm9_fp2_t b); 191 void sm9_fp2_add(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); 192 void sm9_fp2_dbl(sm9_fp2_t r, const sm9_fp2_t a); 193 void sm9_fp2_tri(sm9_fp2_t r, const sm9_fp2_t a); 194 void sm9_fp2_sub(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); 195 void sm9_fp2_neg(sm9_fp2_t r, const sm9_fp2_t a); 196 void sm9_fp2_mul(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); 197 void sm9_fp2_mul_u(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); 198 void sm9_fp2_mul_fp(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp_t k); 199 void sm9_fp2_sqr(sm9_fp2_t r, const sm9_fp2_t a); 200 void sm9_fp2_sqr_u(sm9_fp2_t r, const sm9_fp2_t a); 201 void sm9_fp2_inv(sm9_fp2_t r, const sm9_fp2_t a); 202 void sm9_fp2_div(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); 203 void sm9_fp2_div2(sm9_fp2_t r, const sm9_fp2_t a); 204 void sm9_fp2_to_hex(const sm9_fp2_t a, char hex[129]); 205 int sm9_fp2_from_hex(sm9_fp2_t r, const char hex[129]); 206 int sm9_fp2_print(FILE *fp, int fmt, int ind, const char *label, const sm9_fp2_t a); 207 208 209 typedef sm9_fp2_t sm9_fp4_t[2]; 210 extern const sm9_fp4_t SM9_FP4_ZERO; 211 extern const sm9_fp4_t SM9_FP4_ONE; 212 extern const sm9_fp4_t SM9_FP4_U; 213 extern const sm9_fp4_t SM9_FP4_V; 214 215 #define sm9_fp4_init(a) sm9_fp4_set_zero(a) 216 #define sm9_fp4_clean(a) sm9_fp4_set_zero(a) 217 #define sm9_fp4_set_zero(a) sm9_fp4_copy((a), SM9_FP4_ZERO) 218 #define sm9_fp4_set_one(a) sm9_fp4_copy((a), SM9_FP4_ONE) 219 #define sm9_fp4_is_zero(a) sm9_fp4_equ((a), SM9_FP4_ZERO) 220 #define sm9_fp4_is_one(a) sm9_fp4_equ((a), SM9_FP4_ONE) 221 222 void sm9_fp4_set_u(sm9_fp4_t r); 223 void sm9_fp4_set_v(sm9_fp4_t r); 224 void sm9_fp4_set_fp(sm9_fp4_t r, const sm9_fp_t a); 225 void sm9_fp4_set_fp2(sm9_fp4_t r, const sm9_fp2_t a); 226 void sm9_fp4_set(sm9_fp4_t r, const sm9_fp2_t a0, const sm9_fp2_t a1); 227 void sm9_fp4_copy(sm9_fp4_t r, const sm9_fp4_t a); 228 int sm9_fp4_rand(sm9_fp4_t r); 229 int sm9_fp4_equ(const sm9_fp4_t a, const sm9_fp4_t b); 230 void sm9_fp4_add(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); 231 void sm9_fp4_dbl(sm9_fp4_t r, const sm9_fp4_t a); 232 void sm9_fp4_sub(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); 233 void sm9_fp4_neg(sm9_fp4_t r, const sm9_fp4_t a); 234 void sm9_fp4_mul(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); 235 void sm9_fp4_mul_fp(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp_t k); 236 void sm9_fp4_mul_fp2(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp2_t b0); 237 void sm9_fp4_mul_v(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); 238 void sm9_fp4_sqr(sm9_fp4_t r, const sm9_fp4_t a); 239 void sm9_fp4_sqr_v(sm9_fp4_t r, const sm9_fp4_t a); 240 void sm9_fp4_inv(sm9_fp4_t r, const sm9_fp4_t a); 241 void sm9_fp4_to_bytes(const sm9_fp4_t a, uint8_t buf[128]); 242 int sm9_fp4_from_bytes(sm9_fp4_t r, const uint8_t buf[128]); 243 void sm9_fp4_to_hex(const sm9_fp4_t a, char hex[259]); 244 int sm9_fp4_from_hex(sm9_fp4_t r, const char hex[259]); 245 246 247 typedef sm9_fp4_t sm9_fp12_t[3]; 248 249 #define sm9_fp12_init(r) sm9_fp12_set_zero(a) 250 #define sm9_fp12_clean(r) sm9_fp12_set_zero(a) 251 252 void sm9_fp12_set_zero(sm9_fp12_t r); 253 void sm9_fp12_set_one(sm9_fp12_t r); 254 void sm9_fp12_set_u(sm9_fp12_t r); 255 void sm9_fp12_set_v(sm9_fp12_t r); 256 void sm9_fp12_set_w(sm9_fp12_t r); 257 void sm9_fp12_set_w_sqr(sm9_fp12_t r); 258 void sm9_fp12_set_fp(sm9_fp12_t r, const sm9_fp_t a); 259 void sm9_fp12_set_fp2(sm9_fp12_t r, const sm9_fp2_t a); 260 void sm9_fp12_set_fp4(sm9_fp12_t r, const sm9_fp4_t a); 261 void sm9_fp12_set(sm9_fp12_t r, const sm9_fp4_t a0, const sm9_fp4_t a1, const sm9_fp4_t a2); 262 void sm9_fp12_copy(sm9_fp12_t r, const sm9_fp12_t a); 263 int sm9_fp12_rand(sm9_fp12_t r); 264 int sm9_fp12_is_one(const sm9_fp12_t a); 265 int sm9_fp12_is_zero(const sm9_fp12_t a); 266 int sm9_fp12_equ(const sm9_fp12_t a, const sm9_fp12_t b); 267 void sm9_fp12_add(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b); 268 void sm9_fp12_dbl(sm9_fp12_t r, const sm9_fp12_t a); 269 void sm9_fp12_tri(sm9_fp12_t r, const sm9_fp12_t a); 270 void sm9_fp12_sub(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b); 271 void sm9_fp12_neg(sm9_fp12_t r, const sm9_fp12_t a); 272 void sm9_fp12_mul(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b); 273 void sm9_fp12_sqr(sm9_fp12_t r, const sm9_fp12_t a); 274 void sm9_fp12_inv(sm9_fp12_t r, const sm9_fp12_t a); 275 void sm9_fp12_pow(sm9_fp12_t r, const sm9_fp12_t a, const sm9_bn_t k); 276 void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]); 277 int sm9_fp12_from_bytes(sm9_fp12_t r, const uint8_t in[32 * 12]); 278 void sm9_fp12_to_hex(const sm9_fp12_t a, char hex[65 * 12]); 279 int sm9_fp12_from_hex(sm9_fp12_t r, const char hex[65 * 12]); // 这个明显是不对的 280 void sm9_fp12_print(const char *prefix, const sm9_fp12_t a); 281 282 283 void sm9_fp2_conjugate(sm9_fp2_t r, const sm9_fp2_t a); 284 void sm9_fp2_frobenius(sm9_fp2_t r, const sm9_fp2_t a); 285 void sm9_fp4_frobenius(sm9_fp4_t r, const sm9_fp4_t a); 286 void sm9_fp4_conjugate(sm9_fp4_t r, const sm9_fp4_t a); 287 void sm9_fp4_frobenius2(sm9_fp4_t r, const sm9_fp4_t a); 288 void sm9_fp4_frobenius3(sm9_fp4_t r, const sm9_fp4_t a); 289 void sm9_fp12_frobenius(sm9_fp12_t r, const sm9_fp12_t x); 290 void sm9_fp12_frobenius2(sm9_fp12_t r, const sm9_fp12_t x); 291 void sm9_fp12_frobenius3(sm9_fp12_t r, const sm9_fp12_t x); 292 void sm9_fp12_frobenius6(sm9_fp12_t r, const sm9_fp12_t x); 293 294 295 typedef struct { 296 sm9_fp_t X; 297 sm9_fp_t Y; 298 sm9_fp_t Z; 299 } SM9_POINT; 300 extern const SM9_POINT *SM9_P1; 301 302 #define sm9_point_init(R) sm9_point_set_infinity(R) 303 #define sm9_point_clean(R) sm9_point_set_infinity(R) 304 305 void sm9_point_set_infinity(SM9_POINT *R); 306 void sm9_point_copy(SM9_POINT *R, const SM9_POINT *P); 307 void sm9_point_get_xy(const SM9_POINT *P, sm9_fp_t x, sm9_fp_t y); 308 int sm9_point_is_at_infinity(const SM9_POINT *P); 309 int sm9_point_equ(const SM9_POINT *P, const SM9_POINT *Q); 310 int sm9_point_is_on_curve(const SM9_POINT *P); 311 void sm9_point_dbl(SM9_POINT *R, const SM9_POINT *P); 312 void sm9_point_add(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q); 313 void sm9_point_neg(SM9_POINT *R, const SM9_POINT *P); 314 void sm9_point_sub(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q); 315 void sm9_point_mul(SM9_POINT *R, const sm9_bn_t k, const SM9_POINT *P); 316 void sm9_point_mul_generator(SM9_POINT *R, const sm9_bn_t k); 317 void sm9_point_from_hex(SM9_POINT *R, const char hex[65 * 2]); 318 int sm9_point_to_uncompressed_octets(const SM9_POINT *P, uint8_t octets[65]); 319 int sm9_point_from_uncompressed_octets(SM9_POINT *P, const uint8_t octets[65]); 320 int sm9_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_POINT *P); 321 322 323 typedef struct { 324 sm9_fp2_t X; 325 sm9_fp2_t Y; 326 sm9_fp2_t Z; 327 } SM9_TWIST_POINT; 328 329 extern const SM9_TWIST_POINT *SM9_P2; 330 extern const SM9_TWIST_POINT *SM9_Ppubs; 331 332 #define sm9_twist_point_copy(R, P) memcpy((R), (P), sizeof(SM9_TWIST_POINT)) 333 334 int sm9_twist_point_to_uncompressed_octets(const SM9_TWIST_POINT *P, uint8_t octets[129]); 335 int sm9_twist_point_from_uncompressed_octets(SM9_TWIST_POINT *P, const uint8_t octets[129]); 336 337 338 void sm9_twist_point_from_hex(SM9_TWIST_POINT *R, const char hex[65 * 4]); 339 int sm9_twist_point_is_at_infinity(const SM9_TWIST_POINT *P); 340 void sm9_twist_point_set_infinity(SM9_TWIST_POINT *R); 341 void sm9_twist_point_get_xy(const SM9_TWIST_POINT *P, sm9_fp2_t x, sm9_fp2_t y); 342 343 int sm9_twist_point_equ(const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); 344 int sm9_twist_point_is_on_curve(const SM9_TWIST_POINT *P); 345 void sm9_twist_point_neg(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); 346 void sm9_twist_point_dbl(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); 347 void sm9_twist_point_add(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); 348 void sm9_twist_point_sub(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); 349 void sm9_twist_point_add_full(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); 350 void sm9_twist_point_mul(SM9_TWIST_POINT *R, const sm9_bn_t k, const SM9_TWIST_POINT *P); 351 void sm9_twist_point_mul_generator(SM9_TWIST_POINT *R, const sm9_bn_t k); 352 int sm9_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_TWIST_POINT *P); 353 354 355 356 void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *P, const SM9_POINT *Q); 357 void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *T, const SM9_TWIST_POINT *P, const SM9_POINT *Q); 358 void sm9_twist_point_pi1(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); 359 void sm9_twist_point_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); 360 void sm9_twist_point_neg_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); 361 void sm9_final_exponent_hard_part(sm9_fp12_t r, const sm9_fp12_t f); 362 void sm9_final_exponent(sm9_fp12_t r, const sm9_fp12_t f); 363 void sm9_pairing(sm9_fp12_t r, const SM9_TWIST_POINT *Q, const SM9_POINT *P); 364 365 366 /* private key extract algorithms */ 367 #define SM9_HID_SIGN 0x01 368 #define SM9_HID_EXCH 0x02 369 #define SM9_HID_ENC 0x03 370 371 #define SM9_HASH1_PREFIX 0x01 372 #define SM9_HASH2_PREFIX 0x02 373 374 int sm9_hash1(sm9_bn_t h1, const char *id, size_t idlen, uint8_t hid); 375 376 377 const char *sm9_oid_name(int oid); 378 int sm9_oid_from_name(const char *name); 379 int sm9_oid_to_der(int oid, uint8_t **out, size_t *outlen); 380 int sm9_oid_from_der(int *oid, const uint8_t **in, size_t *inlen); 381 int sm9_algor_to_der(int alg, int params, uint8_t **out, size_t *outlen); 382 int sm9_algor_from_der(int *alg, int *params, const uint8_t **in, size_t *inlen); 383 384 385 #define PEM_SM9_SIGN_MASTER_KEY "ENCRYPTED SM9 SIGN MASTER KEY" 386 #define PEM_SM9_SIGN_MASTER_PUBLIC_KEY "SM9 SIGN MASTER PUBLIC KEY" 387 #define PEM_SM9_SIGN_PRIVATE_KEY "ENCRYPTED SM9 SIGN PRIVATE KEY" 388 #define PEM_SM9_ENC_MASTER_KEY "ENCRYPTED SM9 ENC MASTER KEY" 389 #define PEM_SM9_ENC_MASTER_PUBLIC_KEY "SM9 ENC MASTER PUBLIC KEY" 390 #define PEM_SM9_ENC_PRIVATE_KEY "ENCRYPTED SM9 ENC PRIVATE KEY" 391 392 393 #define SM9_MAX_ID_SIZE (SM2_MAX_ID_SIZE) 394 395 /* 396 SM9SignMasterKey ::= SEQUENCE { 397 ks INTEGER, 398 Ppubs BIT STRING -- uncompressed octets of twisted point } 399 400 SM9SignMasterPublicKey ::= SEQUENCE { 401 Ppubs BIT STRING -- uncompressed octets of twisted point } 402 403 SM9SignPrivateKey ::= SEQUENCE { 404 ds BIT STRING, -- uncompressed octets of ECPoint 405 Ppubs BIT STRING -- uncompressed octets of twisted point } 406 */ 407 typedef struct { 408 SM9_TWIST_POINT Ppubs; // Ppubs = ks * P2 409 sm9_fn_t ks; 410 } SM9_SIGN_MASTER_KEY; 411 412 typedef struct { 413 SM9_TWIST_POINT Ppubs; 414 SM9_POINT ds; 415 } SM9_SIGN_KEY; 416 417 int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master); 418 int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key); 419 420 // algorthm,parameters = sm9,sm9sign 421 #define SM9_SIGN_MASTER_KEY_MAX_SIZE 171 422 int sm9_sign_master_key_to_der(const SM9_SIGN_MASTER_KEY *msk, uint8_t **out, size_t *outlen); 423 int sm9_sign_master_key_from_der(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, size_t *inlen); 424 int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen); 425 int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen); 426 int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp); 427 int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp); 428 int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk); 429 430 #define SM9_SIGN_MASTER_PUBLIC_KEY_SIZE 136 431 int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen); 432 int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen); 433 int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp); 434 int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp); 435 int sm9_sign_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *mpk); 436 437 // algorithm,parameters = sm9sign,<null> 438 #define SM9_SIGN_KEY_SIZE 204 439 int sm9_sign_key_to_der(const SM9_SIGN_KEY *key, uint8_t **out, size_t *outlen); 440 int sm9_sign_key_from_der(SM9_SIGN_KEY *key, const uint8_t **in, size_t *inlen); 441 int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen); 442 int sm9_sign_key_info_decrypt_from_der(SM9_SIGN_KEY *key, const char *pass, const uint8_t **in, size_t *inlen); 443 int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp); 444 int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp); 445 int sm9_sign_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_KEY *key); 446 447 /* 448 from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification 449 SM9Signature ::= SEQUENCE { 450 h OCTET STRING, 451 S BIT STRING -- uncompressed octets of ECPoint } 452 */ 453 typedef struct { 454 sm9_fn_t h; 455 SM9_POINT S; 456 } SM9_SIGNATURE; 457 458 int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *sig); 459 int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, const SM3_CTX *sm3_ctx, const SM9_SIGNATURE *sig); 460 461 #define SM9_SIGNATURE_SIZE 104 462 int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen); 463 int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen); 464 int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen); 465 466 typedef struct { 467 SM3_CTX sm3_ctx; 468 } SM9_SIGN_CTX; 469 470 int sm9_sign_init(SM9_SIGN_CTX *ctx); 471 int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); 472 int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, size_t *siglen); 473 int sm9_verify_init(SM9_SIGN_CTX *ctx); 474 int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); 475 int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen, 476 const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen); 477 478 479 /* 480 SM9EncMasterKey ::= SEQUENCE { 481 de INTEGER, 482 Ppube BIT STRING -- uncompressed octets of ECPoint } 483 484 SM9EncMasterPublicKey ::= SEQUENCE { 485 Ppube BIT STRING -- uncompressed octets of ECPoint } 486 487 SM9EncPrivateKey ::= SEQUENCE { 488 de BIT STRING, -- uncompressed octets of twisted point 489 Ppube BIT STRING -- uncompressed octets of ECPoint } 490 */ 491 492 typedef struct { 493 SM9_POINT Ppube; // Ppube = ke * P1 494 sm9_fn_t ke; 495 } SM9_ENC_MASTER_KEY; 496 497 typedef struct { 498 SM9_POINT Ppube; 499 SM9_TWIST_POINT de; 500 } SM9_ENC_KEY; 501 502 int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master); 503 int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key); 504 505 // algorithm,parameters = sm9,sm9encrypt 506 #define SM9_ENC_MASTER_KEY_MAX_SIZE 105 507 int sm9_enc_master_key_to_der(const SM9_ENC_MASTER_KEY *msk, uint8_t **out, size_t *outlen); 508 int sm9_enc_master_key_from_der(SM9_ENC_MASTER_KEY *msk, const uint8_t **in, size_t *inlen); 509 int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen); 510 int sm9_enc_master_key_info_decrypt_from_der(SM9_ENC_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen); 511 int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp); 512 int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp); 513 int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk); 514 515 #define SM9_ENC_MASTER_PUBLIC_KEY_SIZE 70 516 int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen); 517 int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen); 518 int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp); 519 int sm9_enc_master_public_key_from_pem(SM9_ENC_MASTER_KEY *mpk, FILE *fp); 520 int sm9_enc_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *mpk); 521 522 // algorithm,parameters = sm9encrypt,<null> 523 #define SM9_ENC_KEY_SIZE 204 524 int sm9_enc_key_to_der(const SM9_ENC_KEY *key, uint8_t **out, size_t *outlen); 525 int sm9_enc_key_from_der(SM9_ENC_KEY *key, const uint8_t **in, size_t *inlen); 526 int sm9_enc_key_info_encrypt_to_der(const SM9_ENC_KEY *key, const char *pass, uint8_t **out, size_t *outlen); 527 int sm9_enc_key_info_decrypt_from_der(SM9_ENC_KEY *key, const char *pass, const uint8_t **in, size_t *inlen); 528 int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp); 529 int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp); 530 int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_KEY *key); 531 532 #define SM9_MAX_PRIVATE_KEY_SIZE (SM9_SIGN_KEY_SIZE) // MAX(SIGN_MASTER_KEY, SIGN_KEY, ENC_MASTER_KEY, ENC_KEY) 533 #define SM9_MAX_PRIVATE_KEY_INFO_SIZE 512 534 #define SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE 1024 535 536 /* 537 from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification 538 SM9Cipher ::= SEQUENCE { 539 EnType INTEGER, -- 0 for XOR 540 C1 BIT STRING, -- uncompressed octets of ECPoint 541 C3 OCTET STRING, -- 32 bytes HMAC-SM3 tag 542 CipherText OCTET STRING } 543 */ 544 545 int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, size_t klen, uint8_t *kbuf, SM9_POINT *C); 546 int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const SM9_POINT *C, size_t klen, uint8_t *kbuf); 547 int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, 548 const uint8_t *in, size_t inlen, SM9_POINT *C1, uint8_t *c2, uint8_t c3[SM3_HMAC_SIZE]); 549 int sm9_do_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, 550 const SM9_POINT *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], uint8_t *out); 551 552 #define SM9_MAX_PLAINTEXT_SIZE 255 553 #define SM9_MAX_CIPHERTEXT_SIZE 367 // calculated in test_sm9_ciphertext() 554 int sm9_ciphertext_to_der(const SM9_POINT *C1, const uint8_t *c2, size_t c2len, 555 const uint8_t c3[SM3_HMAC_SIZE], uint8_t **out, size_t *outlen); 556 int sm9_ciphertext_from_der(SM9_POINT *C1, const uint8_t **c2, size_t *c2len, 557 const uint8_t *c3[SM3_HMAC_SIZE], const uint8_t **in, size_t *inlen); 558 int sm9_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); 559 int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, 560 const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); 561 int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, 562 const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); 563 564 565 566 #ifdef __cplusplus 567 } 568 #endif 569 #endif 570