diff options
author | Jack Lloyd <[email protected]> | 2018-09-09 11:05:13 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-09-09 14:26:07 -0400 |
commit | 3fbef810797e018cc0bc0e9b8361bb1a7c785bd7 (patch) | |
tree | 4ac1087ab46e8c05c62d29dbe36284392e81749b /src | |
parent | e79eec4e92e05b42d70acf578256adcfb0a0c22d (diff) |
Support SM2 raw signatures
Where SM2 signs a hash input provided by the application.
This is a contribution by Ribose Inc (@riboseinc)
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/pubkey/sm2/sm2.cpp | 158 | ||||
-rw-r--r-- | src/tests/data/pubkey/sm2_sig.vec | 9 | ||||
-rw-r--r-- | src/tests/test_sm2.cpp | 2 |
3 files changed, 112 insertions, 57 deletions
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 45b14dac6..cf08d0f1c 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -1,6 +1,6 @@ /* * SM2 Signatures -* (C) 2017 Ribose Inc +* (C) 2017,2018 Ribose Inc * (C) 2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) @@ -12,6 +12,7 @@ #include <botan/numthry.h> #include <botan/keypair.h> #include <botan/hash.h> +#include <botan/parsing.h> namespace Botan { @@ -90,19 +91,33 @@ class SM2_Signature_Operation final : public PK_Ops::Signature const std::string& hash) : m_group(sm2.domain()), m_x(sm2.private_value()), - m_da_inv(sm2.get_da_inv()), - m_hash(HashFunction::create_or_throw(hash)) + m_da_inv(sm2.get_da_inv()) { - // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) - m_za = sm2_compute_za(*m_hash, ident, m_group, sm2.public_point()); - m_hash->update(m_za); + if(hash == "Raw") + { + // m_hash is null, m_za is empty + } + else + { + m_hash = HashFunction::create_or_throw(hash); + // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) + m_za = sm2_compute_za(*m_hash, ident, m_group, sm2.public_point()); + m_hash->update(m_za); + } } size_t signature_length() const override { return 2*m_group.get_order_bytes(); } void update(const uint8_t msg[], size_t msg_len) override { - m_hash->update(msg, msg_len); + if(m_hash) + { + m_hash->update(msg, msg_len); + } + else + { + m_digest.insert(m_digest.end(), msg, msg + msg_len); + } } secure_vector<uint8_t> sign(RandomNumberGenerator& rng) override; @@ -113,6 +128,7 @@ class SM2_Signature_Operation final : public PK_Ops::Signature const BigInt& m_da_inv; std::vector<uint8_t> m_za; + secure_vector<uint8_t> m_digest; std::unique_ptr<HashFunction> m_hash; std::vector<BigInt> m_ws; }; @@ -120,7 +136,18 @@ class SM2_Signature_Operation final : public PK_Ops::Signature secure_vector<uint8_t> SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { - const BigInt e = BigInt::decode(m_hash->final()); + BigInt e; + if(m_hash) + { + e = BigInt::decode(m_hash->final()); + // prepend ZA for next signature if any + m_hash->update(m_za); + } + else + { + e = BigInt::decode(m_digest); + m_digest.clear(); + } const BigInt k = m_group.random_scalar(rng); @@ -128,9 +155,6 @@ SM2_Signature_Operation::sign(RandomNumberGenerator& rng) m_group.blinded_base_point_multiply_x(k, rng, m_ws) + e); const BigInt s = m_group.multiply_mod_order(m_da_inv, (k - r*m_x)); - // prepend ZA for next signature if any - m_hash->update(m_za); - return BigInt::encode_fixed_length_int_pair(r, s, m_group.get_order().bytes()); } @@ -144,33 +168,56 @@ class SM2_Verification_Operation final : public PK_Ops::Verification const std::string& ident, const std::string& hash) : m_group(sm2.domain()), - m_gy_mul(m_group.get_base_point(), sm2.public_point()), - m_hash(HashFunction::create_or_throw(hash)) + m_gy_mul(m_group.get_base_point(), sm2.public_point()) { - // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) - m_za = sm2_compute_za(*m_hash, ident, m_group, sm2.public_point()); - m_hash->update(m_za); + if(hash == "Raw") + { + // m_hash is null, m_za is empty + } + else + { + m_hash = HashFunction::create_or_throw(hash); + // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) + m_za = sm2_compute_za(*m_hash, ident, m_group, sm2.public_point()); + m_hash->update(m_za); + } } void update(const uint8_t msg[], size_t msg_len) override { - m_hash->update(msg, msg_len); + if(m_hash) + { + m_hash->update(msg, msg_len); + } + else + { + m_digest.insert(m_digest.end(), msg, msg + msg_len); + } } bool is_valid_signature(const uint8_t sig[], size_t sig_len) override; private: const EC_Group m_group; const PointGFp_Multi_Point_Precompute m_gy_mul; + secure_vector<uint8_t> m_digest; std::vector<uint8_t> m_za; std::unique_ptr<HashFunction> m_hash; }; bool SM2_Verification_Operation::is_valid_signature(const uint8_t sig[], size_t sig_len) { - const BigInt e = BigInt::decode(m_hash->final()); - - // Update for next verification - m_hash->update(m_za); + BigInt e; + if(m_hash) + { + e = BigInt::decode(m_hash->final()); + // prepend ZA for next signature if any + m_hash->update(m_za); + } + else + { + e = BigInt::decode(m_digest); + m_digest.clear(); + } if(sig_len != m_group.get_order().bytes()*2) return false; @@ -195,6 +242,35 @@ bool SM2_Verification_Operation::is_valid_signature(const uint8_t sig[], size_t return (m_group.mod_order(R.get_affine_x() + e) == r); } +void parse_sm2_param_string(const std::string& params, + std::string& userid, + std::string& hash) + { + // GM/T 0009-2012 specifies this as the default userid + const std::string default_userid = "1234567812345678"; + + // defaults: + userid = default_userid; + hash = "SM3"; + + /* + * SM2 parameters have the following possible formats: + * Ident [since 2.2.0] + * Ident,Hash [since 2.3.0] + */ + + auto comma = params.find(','); + if(comma == std::string::npos) + { + userid = params; + } + else + { + userid = params.substr(0, comma); + hash = params.substr(comma+1, std::string::npos); + } + } + } std::unique_ptr<PK_Ops::Verification> @@ -203,24 +279,8 @@ SM2_PublicKey::create_verification_op(const std::string& params, { if(provider == "base" || provider.empty()) { - std::string userid = ""; - std::string hash = "SM3"; - - auto comma = params.find(','); - if(comma == std::string::npos) - userid = params; - else - { - userid = params.substr(0, comma); - hash = params.substr(comma+1, std::string::npos); - } - - if (userid.empty()) - { - // GM/T 0009-2012 specifies this as the default userid - userid = "1234567812345678"; - } - + std::string userid, hash; + parse_sm2_param_string(params, userid, hash); return std::unique_ptr<PK_Ops::Verification>(new SM2_Verification_Operation(*this, userid, hash)); } @@ -234,24 +294,8 @@ SM2_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, { if(provider == "base" || provider.empty()) { - std::string userid = ""; - std::string hash = "SM3"; - - auto comma = params.find(','); - if(comma == std::string::npos) - userid = params; - else - { - userid = params.substr(0, comma); - hash = params.substr(comma+1, std::string::npos); - } - - if (userid.empty()) - { - // GM/T 0009-2012 specifies this as the default userid - userid = "1234567812345678"; - } - + std::string userid, hash; + parse_sm2_param_string(params, userid, hash); return std::unique_ptr<PK_Ops::Signature>(new SM2_Signature_Operation(*this, userid, hash)); } diff --git a/src/tests/data/pubkey/sm2_sig.vec b/src/tests/data/pubkey/sm2_sig.vec index 8a86dfc7d..b2e588128 100644 --- a/src/tests/data/pubkey/sm2_sig.vec +++ b/src/tests/data/pubkey/sm2_sig.vec @@ -1,4 +1,6 @@ +# From draft-shen-sm2-ecdsa-00 + P = 0x8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3 A = 0x787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498 B = 0x63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A @@ -13,3 +15,10 @@ Msg = 6D65737361676520646967657374 x = 0x128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263 Nonce = 6CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F Signature = 40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D16FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7 + +Hash = Raw +Ident = [email protected] +Msg = B524F552CD82B8B028476E005C377FB19A87E6FC682D48BB5D42E3D9B9EFFE76 +x = 0x128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263 +Nonce = 6CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F +Signature = 40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D16FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7 diff --git a/src/tests/test_sm2.cpp b/src/tests/test_sm2.cpp index 24e5c640d..a7eb84774 100644 --- a/src/tests/test_sm2.cpp +++ b/src/tests/test_sm2.cpp @@ -46,6 +46,8 @@ class SM2_Signature_KAT_Tests final : public PK_Signature_Generation_Test "P,A,B,xG,yG,Order,Cofactor,Ident,Msg,x,Nonce,Signature", "Hash") {} + bool clear_between_callbacks() const override { return false; } + std::string default_padding(const VarMap& vars) const override { return vars.get_req_str("Ident") + "," + vars.get_opt_str("Hash", "SM3"); |