Open waderwu opened 5 years ago
/* ====================================================================
* Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include "../e_os.h"
#ifdef OPENSSL_NO_SM2
int main(int argc, char **argv)
{
printf("NO SM2 support\n");
return 0;
}
#else
# include <openssl/bn.h>
# include <openssl/ec.h>
# include <openssl/evp.h>
# include <openssl/rand.h>
# include <openssl/engine.h>
# include <openssl/sm2.h>
# include "../crypto/sm2/sm2_lcl.h"
# define VERBOSE 1
RAND_METHOD fake_rand;
const RAND_METHOD *old_rand;
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
static const char *rnd_number = NULL;
static int fbytes(unsigned char *buf, int num)
{
int ret = 0;
BIGNUM *bn = NULL;
if (!BN_hex2bn(&bn, rnd_number)) {
goto end;
}
if (BN_num_bytes(bn) > num) {
goto end;
}
memset(buf, 0, num);
if (!BN_bn2bin(bn, buf + num - BN_num_bytes(bn))) {
goto end;
}
ret = 1;
end:
BN_free(bn);
return ret;
}
static int change_rand(const char *hex)
{
if (!(old_rand = RAND_get_rand_method())) {
return 0;
}
fake_rand.seed = old_rand->seed;
fake_rand.cleanup = old_rand->cleanup;
fake_rand.add = old_rand->add;
fake_rand.status = old_rand->status;
fake_rand.bytes = fbytes;
fake_rand.pseudorand = old_rand->bytes;
if (!RAND_set_rand_method(&fake_rand)) {
return 0;
}
rnd_number = hex;
return 1;
}
static int restore_rand(void)
{
rnd_number = NULL;
if (!RAND_set_rand_method(old_rand))
return 0;
else return 1;
}
static int hexequbin(const char *hex, const unsigned char *bin, size_t binlen)
{
int ret = 0;
char *buf = NULL;
int i = 0;
size_t buflen = binlen * 2 + 1;
if (binlen * 2 != strlen(hex)) {
return 0;
}
if (!(buf = malloc(binlen * 2 + 1))) {
return 0;
}
for (i = 0; i < binlen; i++) {
sprintf(buf + i*2, "%02X", bin[i]);
}
buf[buflen - 1] = 0;
if (memcmp(hex, buf, binlen * 2) == 0) {
ret = 1;
}
free(buf);
return ret;
}
static EC_GROUP *new_ec_group(int is_prime_field,
const char *p_hex, const char *a_hex, const char *b_hex,
const char *x_hex, const char *y_hex, const char *n_hex, const char *h_hex)
{
int ok = 0;
EC_GROUP *group = NULL;
BN_CTX *ctx = NULL;
BIGNUM *p = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
BIGNUM *n = NULL;
BIGNUM *h = NULL;
EC_POINT *G = NULL;
point_conversion_form_t form = SM2_DEFAULT_POINT_CONVERSION_FORM;
int flag = 0;
if (!(ctx = BN_CTX_new())) {
goto err;
}
if (!BN_hex2bn(&p, p_hex) ||
!BN_hex2bn(&a, a_hex) ||
!BN_hex2bn(&b, b_hex) ||
!BN_hex2bn(&x, x_hex) ||
!BN_hex2bn(&y, y_hex) ||
!BN_hex2bn(&n, n_hex) ||
!BN_hex2bn(&h, h_hex)) {
goto err;
}
if (is_prime_field) {
if (!(group = EC_GROUP_new_curve_GFp(p, a, b, ctx))) {
goto err;
}
if (!(G = EC_POINT_new(group))) {
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, G, x, y, ctx)) {
goto err;
}
} else {
if (!(group = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) {
goto err;
}
if (!(G = EC_POINT_new(group))) {
goto err;
}
if (!EC_POINT_set_affine_coordinates_GF2m(group, G, x, y, ctx)) {
goto err;
}
}
if (!EC_GROUP_set_generator(group, G, n, h)) {
goto err;
}
EC_GROUP_set_asn1_flag(group, flag);
EC_GROUP_set_point_conversion_form(group, form);
ok = 1;
err:
BN_CTX_free(ctx);
BN_free(p);
BN_free(a);
BN_free(b);
BN_free(x);
BN_free(y);
BN_free(n);
BN_free(h);
EC_POINT_free(G);
if (!ok && group) {
ERR_print_errors_fp(stderr);
EC_GROUP_free(group);
group = NULL;
}
return group;
}
static EC_KEY *new_ec_key(const EC_GROUP *group,
const char *sk, const char *xP, const char *yP,
const char *id, const EVP_MD *id_md)
{
int ok = 0;
EC_KEY *ec_key = NULL;
BIGNUM *d = NULL;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
OPENSSL_assert(group);
OPENSSL_assert(xP);
OPENSSL_assert(yP);
if (!(ec_key = EC_KEY_new())) {
goto end;
}
if (!EC_KEY_set_group(ec_key, group)) {
goto end;
}
if (sk) {
if (!BN_hex2bn(&d, sk)) {
goto end;
}
if (!EC_KEY_set_private_key(ec_key, d)) {
goto end;
}
}
if (xP && yP) {
if (!BN_hex2bn(&x, xP)) {
goto end;
}
if (!BN_hex2bn(&y, yP)) {
goto end;
}
if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x, y)) {
goto end;
}
}
/*
if (id) {
if (!SM2_set_id(ec_key, id, id_md)) {
goto end;
}
}
*/
ok = 1;
end:
if (d) BN_free(d);
if (x) BN_free(x);
if (y) BN_free(y);
if (!ok && ec_key) {
ERR_print_errors_fp(stderr);
EC_KEY_free(ec_key);
ec_key = NULL;
}
return ec_key;
}
static int test_sm2_sign(const EC_GROUP *group,
const char *sk, const char *xP, const char *yP,
const char *id, const char *Z,
const char *M, const char *e,
const char *k, const char *r, const char *s)
{
int ret = 0;
int verbose = VERBOSE;
const EVP_MD *id_md = EVP_sm3();
const EVP_MD *msg_md = EVP_sm3();
int type = NID_undef;
unsigned char dgst[EVP_MAX_MD_SIZE];
size_t dgstlen;
unsigned char sig[256];
unsigned int siglen;
const unsigned char *p;
EC_KEY *ec_key = NULL;
EC_KEY *pubkey = NULL;
ECDSA_SIG *sm2sig = NULL;
BIGNUM *rr = NULL;
BIGNUM *ss = NULL;
const BIGNUM *sig_r;
const BIGNUM *sig_s;
change_rand(k);
if (!(ec_key = new_ec_key(group, sk, xP, yP, id, id_md))) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
if (verbose > 1) {
EC_KEY_print_fp(stdout, ec_key, 4);
}
dgstlen = sizeof(dgst);
if (!SM2_compute_id_digest(id_md, id, strlen(id), dgst, &dgstlen, ec_key)) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
if (verbose > 1) {
int j;
printf("id=%s\n", id);
printf("zid(xx):");
for (j = 0; j < dgstlen; j++) { printf("%02x", dgst[j]); } printf("\n");
}
if (!hexequbin(Z, dgst, dgstlen)) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
dgstlen = sizeof(dgst);
if (!SM2_compute_message_digest(id_md, msg_md,
(const unsigned char *)M, strlen(M), id, strlen(id),
dgst, &dgstlen, ec_key)) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
if (!hexequbin(e, dgst, dgstlen)) {
int i;
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
printf("%s\n", e);
printf(" my: "); for (i = 0; i < dgstlen; i++) { printf("%02x", dgst[i]); } printf("\n");
goto err;
}
/* sign */
siglen = sizeof(sig);
if (!SM2_sign(type, dgst, dgstlen, sig, &siglen, ec_key)) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
p = sig;
if (!(sm2sig = d2i_ECDSA_SIG(NULL, &p, siglen))) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
if (!BN_hex2bn(&rr, r) || !BN_hex2bn(&ss, s)) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
ECDSA_SIG_get0(sm2sig, &sig_r, &sig_s);
if (BN_cmp(sig_r, rr) || BN_cmp(sig_s, ss)) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
/* verify */
if (!(pubkey = new_ec_key(group, NULL, xP, yP, id, id_md))) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
if (1 != SM2_verify(type, dgst, dgstlen, sig, siglen, pubkey)) {
fprintf(stderr, "error: %s %d\n", __FUNCTION__, __LINE__);
goto err;
}
ret = 1;
err:
restore_rand();
if (ec_key) EC_KEY_free(ec_key);
if (pubkey) EC_KEY_free(pubkey);
if (sm2sig) ECDSA_SIG_free(sm2sig);
if (rr) BN_free(rr);
if (ss) BN_free(ss);
return ret;
}
static int test_sm2_enc(const EC_GROUP *group, const EVP_MD *md,
const char *d, const char *xP, const char *yP,
const char *M, const char *k, const char *C)
{
int ret = 0;
EC_KEY *pub_key = NULL;
EC_KEY *pri_key = NULL;
SM2CiphertextValue *cv = NULL;
unsigned char *tbuf = NULL;
long tlen;
unsigned char mbuf[128] = {0};
unsigned char cbuf[sizeof(mbuf) + 256] = {0};
size_t mlen, clen;
unsigned char *p;
/* test encrypt */
if (!(pub_key = new_ec_key(group, NULL, xP, yP, NULL, NULL))) {
goto end;
}
change_rand(k);
if (!(cv = SM2_do_encrypt(md, (unsigned char *)M, strlen(M), pub_key))) {
goto end;
}
p = cbuf;
if ((clen = i2o_SM2CiphertextValue(group, cv, &p)) <= 0) {
goto end;
}
if (!(tbuf = OPENSSL_hexstr2buf(C, &tlen))) {
EXIT(1);
}
if (tlen != clen || memcmp(tbuf, cbuf, clen) != 0) {
goto end;
}
/* test decrypt */
if (!(pri_key = new_ec_key(group, d, xP, yP, NULL, NULL))) {
goto end;
}
mlen = sizeof(mbuf);
if (!SM2_do_decrypt(md, cv, mbuf, &mlen, pri_key)) {
goto end;
}
if (mlen != strlen(M) || memcmp(mbuf, M, strlen(M))) {
goto end;
}
ret = 1;
end:
ERR_print_errors_fp(stderr);
restore_rand();
EC_KEY_free(pub_key);
EC_KEY_free(pri_key);
SM2CiphertextValue_free(cv);
OPENSSL_free(tbuf);
return ret;
}
static int test_sm2_kap(const EC_GROUP *group,
const char *A, const char *dA, const char *xA, const char *yA, const char *ZA,
const char *B, const char *dB, const char *xB, const char *yB, const char *ZB,
const char *rA, const char *rB, const char *KAB, const char *S1, const char *S2)
{
int ret = 0;
const EVP_MD *id_md = EVP_sm3();
EC_KEY *eckeyA = NULL;
EC_KEY *eckeyB = NULL;
EC_KEY *pubkeyA = NULL;
EC_KEY *pubkeyB = NULL;
SM2_KAP_CTX ctxA;
SM2_KAP_CTX ctxB;
unsigned char RA[256];
unsigned char RB[256];
size_t RAlen = sizeof(RA);
size_t RBlen = sizeof(RB);
unsigned char kab[64];
unsigned char kba[64];
size_t kablen = strlen(KAB)/2;
size_t kbalen = strlen(KAB)/2;
unsigned char s1[64];
unsigned char s2[64];
size_t s1len, s2len;
memset(&ctxA, 0, sizeof(ctxA));
memset(&ctxB, 0, sizeof(ctxB));
eckeyA = new_ec_key(group, dA, xA, yA, A, id_md);
eckeyB = new_ec_key(group, dB, xB, yB, B, id_md);
pubkeyA = new_ec_key(group, NULL, xA, yA, A, id_md);
pubkeyB = new_ec_key(group, NULL, xB, yB, B, id_md);
if (!eckeyA || !eckeyB || !pubkeyA || !pubkeyB) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
if (!SM2_KAP_CTX_init(&ctxA, eckeyA, A, strlen(A), pubkeyB, B, strlen(B), 1, 1)) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
if (!SM2_KAP_CTX_init(&ctxB, eckeyB, B, strlen(B), pubkeyA, A, strlen(A), 0, 1)) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
change_rand(rA);
if (!SM2_KAP_prepare(&ctxA, RA, &RAlen)) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
restore_rand();
change_rand(rB);
if (!SM2_KAP_prepare(&ctxB, RB, &RBlen)) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
restore_rand();
if (!SM2_KAP_compute_key(&ctxA, RB, RBlen, kab, kablen, s1, &s1len)) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
if (!SM2_KAP_compute_key(&ctxB, RA, RAlen, kba, kbalen, s2, &s2len)) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
if (!SM2_KAP_final_check(&ctxA, s2, s2len)) {
goto end;
}
if (!SM2_KAP_final_check(&ctxB, s1, s1len)) {
goto end;
}
ret = 1;
end:
ERR_print_errors_fp(stderr);
EC_KEY_free(eckeyA);
EC_KEY_free(eckeyB);
EC_KEY_free(pubkeyA);
EC_KEY_free(pubkeyB);
SM2_KAP_CTX_cleanup(&ctxA);
SM2_KAP_CTX_cleanup(&ctxB);
return ret;
}
int main(int argc, char **argv)
{
int err = 0;
EC_GROUP *sm2p192test = NULL;
EC_GROUP *sm2p256test = NULL;
EC_GROUP *sm2b193test = NULL;
EC_GROUP *sm2b257test = NULL;
RAND_seed(rnd_seed, sizeof(rnd_seed));
sm2p256test = new_ec_group(1,
"8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3",
"787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498",
"63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A",
"421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D",
"0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2",
"8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7",
"1");
clock_t t=clock();
for (int i=0; i<1000; i++){
test_sm2_sign(
sm2p256test,
"128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263",
"0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A",
"7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857",
"ALICE123@YAHOO.COM",
"F4A38489E32B45B6F876E3AC2168CA392362DC8F23459C1D1146FC3DBFB7BC9A",
"message digest",
"B524F552CD82B8B028476E005C377FB19A87E6FC682D48BB5D42E3D9B9EFFE76",
"6CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F",
"40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1",
"6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7");
}
double tt = (double)(clock() - t)/(CLOCKS_PER_SEC*1000);
printf("SM2_Sign>>>time: %f s\n",tt);
end:
EC_GROUP_free(sm2p256test);
EXIT(err);
}
#endif
sm2testmy.c
gcc sm2testmy.c -I /usr/local/include -O3 -o sm2testmy -lcrypto -lssl -L /usr/local/lib
SM2_Sign>>>time: 0.001712 s
上面的测试结果不太 对,一下面的为准
#include <openssl/ec.h>
# include <openssl/bn.h>
# include <openssl/evp.h>
# include <openssl/rand.h>
# include <openssl/engine.h>
# include <openssl/sm2.h>
# include <time.h>
# include "../crypto/sm2/sm2_lcl.h"
int main(){
int type = NID_undef;
unsigned char dgst[32] = {0xB5,0x24,0xF5,0x52,0xCD,0x82,0xB8,0xB0,0x28,0x47,0x6E,0x00,0x5C,0x37,0x7F,0xB1,0x9A,0x87,0xE6,0xFC,0x68,0x2D,0x48,0xBB,0x5D,0x42,0xE3,0xD9,0xB9,0xEF,0xFE,0x76};
size_t dgstlen = 32;
unsigned char sig[256];
unsigned int siglen;
EC_GROUP *sm2p256v1 = EC_GROUP_new_by_curve_name(NID_sm2p256v1);
// sk sm2key->priv_key pk sm2key->pub_key
EC_KEY *sm2key = EC_KEY_new_by_curve_name(NID_sm2p256v1);
EC_KEY_generate_key(sm2key);
EC_KEY_print_fp(stdout, sm2key, 4);
const BIGNUM* d = EC_KEY_get0_private_key(sm2key);
BN_print_fp(stdout, d);
int turns = 1000;
clock_t t=clock();
for (int i=0; i<turns; i++)
{
SM2_sign(type, dgst, dgstlen, sig, &siglen, sm2key);
}
double tt = (double)(clock() - t)/(CLOCKS_PER_SEC*turns);
printf("\nSM2_Sign>>>time: %f s\n",tt);
t=clock();
for (int j=0; j<turns ; j++)
{
SM2_verify(type, dgst,dgstlen,sig, siglen, sm2key);
}
tt = (double)(clock() - t)/(CLOCKS_PER_SEC*turns);
printf("SM2_verify>>>time: %f s\n",tt);
return 0;
}
Private-Key: (256 bit)
priv:
a7:f1:b9:38:67:cb:a0:5b:4d:48:f2:3a:9a:a8:4c:
05:79:d2:59:23:54:53:3f:0c:95:f8:f1:e9:0a:32:
14:3c
pub:
04:72:1d:8f:3b:c5:6f:b1:d0:87:4b:64:84:aa:d6:
24:21:06:45:81:6d:9b:37:60:ac:d9:40:be:cb:80:
1b:e0:86:dc:57:1b:eb:c3:a7:ec:09:e9:e5:ae:7c:
be:f1:5e:10:29:df:b6:7c:4f:1d:95:db:bf:2e:40:
9e:a0:9d:cb:50
ASN1 OID: sm2p256v1
NIST CURVE: SM2
A7F1B93867CBA05B4D48F23A9AA84C0579D2592354533F0C95F8F1E90A32143C
SM2_Sign>>>time: 0.000342 s
SM2_verify>>>time: 0.000362 s
gcc sm2testmysign.c -I /usr/local/include -O3 -o sm2testmysign -lcrypto -lssl -L /usr/local/lib
benchmark mysign
mysign time: PT0.000252311S seconds.
benchmark sign
time1: PT0.000273577S seconds.
benchmark verify
verify time: PT0.000987968S seconds.
benchmark myverify
myverify time: PT0.000960877S seconds.
true
通过上面可以发现在延签的时候比较慢。可能sm2 测试的时候有问题,在gmssl里面是sign的4被,在这里好像和sign的速度相当了。
最新的
gmssl
libsm