diff options
| author | Jack Lloyd <[email protected]> | 2017-08-07 11:47:08 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-08-07 11:47:08 -0400 |
| commit | aaba0768bbfe98b97024bcee03b5ba8146ef6a41 (patch) | |
| tree | 7417e9f918750d0a3f01d2f0874c5ff257ae3e8f /src | |
| parent | 01317855dc2e076050277073ac40c308ad7a4da5 (diff) | |
| parent | 0f97d8b5cdabd0f57b5e936deff7be3d548abd9c (diff) | |
Merge GH #1142 Add SM2 encryption scheme
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ffi/ffi.h | 9 | ||||
| -rw-r--r-- | src/lib/ffi/ffi_pkey_algs.cpp | 41 | ||||
| -rw-r--r-- | src/lib/pubkey/pk_algs.cpp | 26 | ||||
| -rw-r--r-- | src/lib/pubkey/sm2/info.txt | 3 | ||||
| -rw-r--r-- | src/lib/pubkey/sm2/sm2.cpp | 16 | ||||
| -rw-r--r-- | src/lib/pubkey/sm2/sm2.h | 11 | ||||
| -rw-r--r-- | src/lib/pubkey/sm2/sm2_enc.cpp | 231 | ||||
| -rw-r--r-- | src/lib/pubkey/sm2/sm2_enc.h | 90 | ||||
| -rw-r--r-- | src/tests/data/pubkey/sm2_enc.vec | 14 | ||||
| -rw-r--r-- | src/tests/test_ffi.cpp | 73 | ||||
| -rw-r--r-- | src/tests/test_pubkey.cpp | 5 | ||||
| -rw-r--r-- | src/tests/test_pubkey.h | 6 | ||||
| -rw-r--r-- | src/tests/test_sm2.cpp | 49 | ||||
| -rw-r--r-- | src/tests/unit_ecc.cpp | 4 |
14 files changed, 561 insertions, 17 deletions
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index 7b14bdbd4..37f38ae1b 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -899,6 +899,15 @@ BOTAN_DLL int botan_privkey_load_sm2(botan_privkey_t* key, const botan_mp_t scalar, const char* curve_name); +BOTAN_DLL int botan_pubkey_load_sm2_enc(botan_pubkey_t* key, + const botan_mp_t public_x, + const botan_mp_t public_y, + const char* curve_name); + +BOTAN_DLL int botan_privkey_load_sm2_enc(botan_privkey_t* key, + const botan_mp_t scalar, + const char* curve_name); + /* * Public Key Encryption */ diff --git a/src/lib/ffi/ffi_pkey_algs.cpp b/src/lib/ffi/ffi_pkey_algs.cpp index c2ebad80c..844a38846 100644 --- a/src/lib/ffi/ffi_pkey_algs.cpp +++ b/src/lib/ffi/ffi_pkey_algs.cpp @@ -37,6 +37,7 @@ #if defined(BOTAN_HAS_SM2) #include <botan/sm2.h> + #include <botan/sm2_enc.h> #endif #if defined(BOTAN_HAS_ECDH) @@ -607,6 +608,46 @@ int botan_privkey_load_sm2(botan_privkey_t* key, #endif } +int botan_pubkey_load_sm2_enc(botan_pubkey_t* key, + const botan_mp_t public_x, + const botan_mp_t public_y, + const char* curve_name) + { +#if defined(BOTAN_HAS_SM2) + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + std::unique_ptr<Botan::SM2_Encryption_PublicKey> p_key; + if(!pubkey_load_ec(p_key, safe_get(public_x), safe_get(public_y), curve_name)) + { + *key = new botan_pubkey_struct(p_key.release()); + return BOTAN_FFI_SUCCESS; + } + return BOTAN_FFI_ERROR_UNKNOWN_ERROR; + }); +#else + BOTAN_UNUSED(key, public_x, public_y, curve_name); + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; +#endif + } + +int botan_privkey_load_sm2_enc(botan_privkey_t* key, + const botan_mp_t scalar, + const char* curve_name) + { +#if defined(BOTAN_HAS_SM2) + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() { + std::unique_ptr<Botan::SM2_Encryption_PrivateKey> p_key; + int rc = privkey_load_ec(p_key, safe_get(scalar), curve_name); + + if(rc == BOTAN_FFI_SUCCESS) + *key = new botan_privkey_struct(p_key.release()); + return rc; + }); +#else + BOTAN_UNUSED(key, scalar, curve_name); + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; +#endif + } + /* Ed25519 specific operations */ int botan_privkey_load_ed25519(botan_privkey_t* key, diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index 34d659c8f..e696b5e74 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -62,6 +62,7 @@ #if defined(BOTAN_HAS_SM2) #include <botan/sm2.h> + #include <botan/sm2_enc.h> #endif #if defined(BOTAN_HAS_OPENSSL) @@ -141,6 +142,8 @@ load_public_key(const AlgorithmIdentifier& alg_id, #if defined(BOTAN_HAS_SM2) if(alg_name == "SM2_Sig") return std::unique_ptr<Public_Key>(new SM2_Signature_PublicKey(alg_id, key_bits)); + if(alg_name == "SM2_Enc") + return std::unique_ptr<Public_Key>(new SM2_Encryption_PublicKey(alg_id, key_bits)); #endif #if defined(BOTAN_HAS_XMSS) @@ -217,6 +220,8 @@ load_private_key(const AlgorithmIdentifier& alg_id, #if defined(BOTAN_HAS_SM2) if(alg_name == "SM2_Sig") return std::unique_ptr<Private_Key>(new SM2_Signature_PrivateKey(alg_id, key_bits)); + if(alg_name == "SM2_Enc") + return std::unique_ptr<Private_Key>(new SM2_Encryption_PrivateKey(alg_id, key_bits)); #endif #if defined(BOTAN_HAS_ELGAMAL) @@ -232,6 +237,22 @@ load_private_key(const AlgorithmIdentifier& alg_id, throw Decoding_Error("Unhandled PK algorithm " + alg_name); } +namespace { + +std::string default_ec_group_for(const std::string& alg_name) + { + if(alg_name == "SM2_Enc" || alg_name == "SM2_Sig") + return "sm2p256v1"; + if(alg_name == "GOST-34.10") + return "gost_256A"; + if(alg_name == "ECGDSA") + return "brainpool256r1"; + return "secp256r1"; + + } + +} + std::unique_ptr<Private_Key> create_private_key(const std::string& alg_name, RandomNumberGenerator& rng, @@ -305,9 +326,10 @@ create_private_key(const std::string& alg_name, alg_name == "ECKCDSA" || alg_name == "ECGDSA" || alg_name == "SM2_Sig" || + alg_name == "SM2_Enc" || alg_name == "GOST-34.10") { - const EC_Group ec_group(params.empty() ? "secp256r1" : params); + const EC_Group ec_group(params.empty() ? default_ec_group_for(alg_name) : params); #if defined(BOTAN_HAS_ECDSA) if(alg_name == "ECDSA") @@ -332,6 +354,8 @@ create_private_key(const std::string& alg_name, #if defined(BOTAN_HAS_SM2) if(alg_name == "SM2_Sig") return std::unique_ptr<Private_Key>(new SM2_Signature_PrivateKey(rng, ec_group)); + if(alg_name == "SM2_Enc") + return std::unique_ptr<Private_Key>(new SM2_Encryption_PrivateKey(rng, ec_group)); #endif #if defined(BOTAN_HAS_ECGDSA) diff --git a/src/lib/pubkey/sm2/info.txt b/src/lib/pubkey/sm2/info.txt index e94500277..ee74a74a0 100644 --- a/src/lib/pubkey/sm2/info.txt +++ b/src/lib/pubkey/sm2/info.txt @@ -1,5 +1,5 @@ <defines> -SM2 -> 20170621 +SM2 -> 20170804 </defines> <requires> @@ -10,4 +10,5 @@ keypair numbertheory rng sm3 +kdf2 </requires> diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 5c5b50792..2882cb0ad 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -40,12 +40,10 @@ SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(RandomNumberGenerator& rng, m_da_inv = inverse_mod(m_private_key + 1, domain.get_order()); } -namespace { - -std::vector<uint8_t> compute_za(HashFunction& hash, - const std::string& user_id, - const EC_Group& domain, - const PointGFp& pubkey) +std::vector<uint8_t> sm2_compute_za(HashFunction& hash, + const std::string& user_id, + const EC_Group& domain, + const PointGFp& pubkey) { if(user_id.size() >= 8192) throw Invalid_Argument("SM2 user id too long to represent"); @@ -71,6 +69,8 @@ std::vector<uint8_t> compute_za(HashFunction& hash, return za; } +namespace { + /** * SM2 signature operation */ @@ -88,7 +88,7 @@ class SM2_Signature_Operation : public PK_Ops::Signature m_hash(HashFunction::create_or_throw("SM3")) { // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) - m_za = compute_za(*m_hash, ident, sm2.domain(), sm2.public_point()); + m_za = sm2_compute_za(*m_hash, ident, sm2.domain(), sm2.public_point()); m_hash->update(m_za); } @@ -142,7 +142,7 @@ class SM2_Verification_Operation : public PK_Ops::Verification m_hash(HashFunction::create_or_throw("SM3")) { // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) - m_za = compute_za(*m_hash, ident, sm2.domain(), sm2.public_point()); + m_za = sm2_compute_za(*m_hash, ident, sm2.domain(), sm2.public_point()); m_hash->update(m_za); } diff --git a/src/lib/pubkey/sm2/sm2.h b/src/lib/pubkey/sm2/sm2.h index a66654dbd..879e0b95d 100644 --- a/src/lib/pubkey/sm2/sm2.h +++ b/src/lib/pubkey/sm2/sm2.h @@ -13,7 +13,7 @@ namespace Botan { /** -* This class represents SM2 Signature Keys +* This class represents SM2 Signature public keys */ class BOTAN_DLL SM2_Signature_PublicKey : public virtual EC_PublicKey { @@ -56,7 +56,7 @@ class BOTAN_DLL SM2_Signature_PublicKey : public virtual EC_PublicKey }; /** -* This class represents SM2 Private Keys +* This class represents SM2 Signature private keys */ class BOTAN_DLL SM2_Signature_PrivateKey : public SM2_Signature_PublicKey, public EC_PrivateKey @@ -93,6 +93,13 @@ class BOTAN_DLL SM2_Signature_PrivateKey : public SM2_Signature_PublicKey, BigInt m_da_inv; }; +class HashFunction; + +std::vector<uint8_t> sm2_compute_za(HashFunction& hash, + const std::string& user_id, + const EC_Group& domain, + const PointGFp& pubkey); + } #endif diff --git a/src/lib/pubkey/sm2/sm2_enc.cpp b/src/lib/pubkey/sm2/sm2_enc.cpp new file mode 100644 index 000000000..a832dd1ac --- /dev/null +++ b/src/lib/pubkey/sm2/sm2_enc.cpp @@ -0,0 +1,231 @@ +/* +* SM2 Encryption +* (C) 2017 Ribose Inc +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/sm2_enc.h> +#include <botan/pk_ops.h> +#include <botan/keypair.h> +#include <botan/kdf.h> +#include <botan/hash.h> + +namespace Botan { + +bool SM2_Encryption_PrivateKey::check_key(RandomNumberGenerator& rng, + bool strong) const + { + if(!public_point().on_the_curve()) + return false; + + if(!strong) + return true; + + return KeyPair::encryption_consistency_check(rng, *this, "SM3"); + } + +SM2_Encryption_PrivateKey::SM2_Encryption_PrivateKey(const AlgorithmIdentifier& alg_id, + const secure_vector<uint8_t>& key_bits) : + EC_PrivateKey(alg_id, key_bits) + { + } + +SM2_Encryption_PrivateKey::SM2_Encryption_PrivateKey(RandomNumberGenerator& rng, + const EC_Group& domain, + const BigInt& x) : + EC_PrivateKey(rng, domain, x) + { + } + +namespace { + +class SM2_Encryption_Operation : public PK_Ops::Encryption + { + public: + SM2_Encryption_Operation(const SM2_Encryption_PublicKey& key) : + m_p_bytes(key.domain().get_curve().get_p().bytes()), + m_order(key.domain().get_order()), + m_base_point(key.domain().get_base_point(), m_order), + m_public_point(key.public_point(), m_order) + {} + + size_t max_input_bits() const override + { + // This is arbitrary, but assumes SM2 is used for key encapsulation + return 512; + } + + secure_vector<uint8_t> encrypt(const uint8_t msg[], + size_t msg_len, + RandomNumberGenerator& rng) override + { + std::unique_ptr<HashFunction> hash = HashFunction::create("SM3"); + std::unique_ptr<KDF> kdf = KDF::create("KDF2(SM3)"); + + secure_vector<uint8_t> ciphertext; + ciphertext.reserve(1 + m_p_bytes*2 + msg_len + hash->output_length()); + + const BigInt k = BigInt::random_integer(rng, 1, m_order); + + const PointGFp C1 = m_base_point.blinded_multiply(k, rng); + const BigInt x1 = C1.get_affine_x(); + const BigInt y1 = C1.get_affine_y(); + std::vector<uint8_t> x1_bytes(m_p_bytes); + std::vector<uint8_t> y1_bytes(m_p_bytes); + BigInt::encode_1363(x1_bytes.data(), x1_bytes.size(), x1); + BigInt::encode_1363(y1_bytes.data(), y1_bytes.size(), y1); + + const PointGFp kPB = m_public_point.blinded_multiply(k, rng); + + const BigInt x2 = kPB.get_affine_x(); + const BigInt y2 = kPB.get_affine_y(); + std::vector<uint8_t> x2_bytes(m_p_bytes); + std::vector<uint8_t> y2_bytes(m_p_bytes); + BigInt::encode_1363(x2_bytes.data(), x2_bytes.size(), x2); + BigInt::encode_1363(y2_bytes.data(), y2_bytes.size(), y2); + + secure_vector<uint8_t> kdf_input; + kdf_input += x2_bytes; + kdf_input += y2_bytes; + + const secure_vector<uint8_t> kdf_output = + kdf->derive_key(msg_len, kdf_input.data(), kdf_input.size()); + + secure_vector<uint8_t> masked_msg(msg_len); + xor_buf(masked_msg.data(), msg, kdf_output.data(), msg_len); + + hash->update(x2_bytes); + hash->update(msg, msg_len); + hash->update(y2_bytes); + std::vector<uint8_t> C3(hash->output_length()); + hash->final(C3.data()); + + ciphertext.push_back(0x04); + ciphertext += x1_bytes; + ciphertext += y1_bytes; + ciphertext += masked_msg; + ciphertext += C3; + + return ciphertext; + } + + private: + size_t m_p_bytes; + const BigInt& m_order; + Blinded_Point_Multiply m_base_point; + Blinded_Point_Multiply m_public_point; + }; + +class SM2_Decryption_Operation : public PK_Ops::Decryption + { + public: + SM2_Decryption_Operation(const SM2_Encryption_PrivateKey& key, + RandomNumberGenerator& rng) : + m_key(key), + m_rng(rng) + {} + + secure_vector<uint8_t> decrypt(uint8_t& valid_mask, + const uint8_t ciphertext[], + size_t ciphertext_len) override + { + const BigInt& cofactor = m_key.domain().get_cofactor(); + const size_t p_bytes = m_key.domain().get_curve().get_p().bytes(); + + valid_mask = 0; + + std::unique_ptr<HashFunction> hash = HashFunction::create("SM3"); + + // Too short to be valid - no timing problem from early return + if(ciphertext_len < 1 + p_bytes*2 + hash->output_length()) + { + return secure_vector<uint8_t>(); + } + + if(ciphertext[0] != 0x04) + { + return secure_vector<uint8_t>(); + } + + const PointGFp C1 = OS2ECP(ciphertext, 1 + p_bytes*2, m_key.domain().get_curve()); + // OS2ECP verifies C1 is on the curve + + Blinded_Point_Multiply C1_mul(C1, m_key.domain().get_order()); + + if(cofactor > 1 && C1_mul.blinded_multiply(cofactor, m_rng).is_zero()) + { + return secure_vector<uint8_t>(); + } + + const PointGFp dbC1 = C1_mul.blinded_multiply(m_key.private_value(), m_rng); + + const BigInt x2 = dbC1.get_affine_x(); + const BigInt y2 = dbC1.get_affine_y(); + + std::vector<uint8_t> x2_bytes(p_bytes); + std::vector<uint8_t> y2_bytes(p_bytes); + BigInt::encode_1363(x2_bytes.data(), x2_bytes.size(), x2); + BigInt::encode_1363(y2_bytes.data(), y2_bytes.size(), y2); + + secure_vector<uint8_t> kdf_input; + kdf_input += x2_bytes; + kdf_input += y2_bytes; + + const size_t msg_len = ciphertext_len - (1 + p_bytes*2 + hash->output_length()); + + std::unique_ptr<KDF> kdf = KDF::create("KDF2(SM3)"); + const secure_vector<uint8_t> kdf_output = + kdf->derive_key(msg_len, kdf_input.data(), kdf_input.size()); + + secure_vector<uint8_t> msg(msg_len); + xor_buf(msg.data(), ciphertext + (1+p_bytes*2), kdf_output.data(), msg_len); + + hash->update(x2_bytes); + hash->update(msg); + hash->update(y2_bytes); + secure_vector<uint8_t> u = hash->final(); + + if(same_mem(u.data(), ciphertext + (1+p_bytes*2+msg_len), hash->output_length()) == false) + return secure_vector<uint8_t>(); + + valid_mask = 0xFF; + return msg; + } + private: + const SM2_Encryption_PrivateKey& m_key; + RandomNumberGenerator& m_rng; + const std::string m_ident; + }; + +} + +std::unique_ptr<PK_Ops::Encryption> +SM2_Encryption_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, + const std::string& params, + const std::string& provider) const + { + if(provider == "base" || provider.empty()) + { + if(params == "") + return std::unique_ptr<PK_Ops::Encryption>(new SM2_Encryption_Operation(*this)); + } + + throw Provider_Not_Found(algo_name(), provider); + } + +std::unique_ptr<PK_Ops::Decryption> +SM2_Encryption_PrivateKey::create_decryption_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const + { + if(provider == "base" || provider.empty()) + { + if(params == "") + return std::unique_ptr<PK_Ops::Decryption>(new SM2_Decryption_Operation(*this, rng)); + } + + throw Provider_Not_Found(algo_name(), provider); + } + +} diff --git a/src/lib/pubkey/sm2/sm2_enc.h b/src/lib/pubkey/sm2/sm2_enc.h new file mode 100644 index 000000000..f8da6a27f --- /dev/null +++ b/src/lib/pubkey/sm2/sm2_enc.h @@ -0,0 +1,90 @@ +/* +* SM2 Encryption +* (C) 2017 Ribose Inc +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#ifndef BOTAN_SM2_ENC_KEY_H__ +#define BOTAN_SM2_ENC_KEY_H__ + +#include <botan/ecc_key.h> + +namespace Botan { + +/** +* This class represents a public key used for SM2 encryption +*/ +class BOTAN_DLL SM2_Encryption_PublicKey : public virtual EC_PublicKey + { + public: + + /** + * Create a public key from a given public point. + * @param dom_par the domain parameters associated with this key + * @param public_point the public point defining this key + */ + SM2_Encryption_PublicKey(const EC_Group& dom_par, + const PointGFp& public_point) : + EC_PublicKey(dom_par, public_point) {} + + /** + * Load a public key. + * @param alg_id the X.509 algorithm identifier + * @param key_bits DER encoded public key bits + */ + SM2_Encryption_PublicKey(const AlgorithmIdentifier& alg_id, + const std::vector<uint8_t>& key_bits) : + EC_PublicKey(alg_id, key_bits) {} + + /** + * Get this keys algorithm name. + * @result this keys algorithm name + */ + std::string algo_name() const override { return "SM2_Enc"; } + + std::unique_ptr<PK_Ops::Encryption> + create_encryption_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; + protected: + SM2_Encryption_PublicKey() = default; + }; + +/** +* This class represents a private key used for SM2 encryption +*/ +class BOTAN_DLL SM2_Encryption_PrivateKey : public SM2_Encryption_PublicKey, + public EC_PrivateKey + { + public: + + /** + * Load a private key + * @param alg_id the X.509 algorithm identifier + * @param key_bits ECPrivateKey bits + */ + SM2_Encryption_PrivateKey(const AlgorithmIdentifier& alg_id, + const secure_vector<uint8_t>& key_bits); + + /** + * Create a private key. + * @param rng a random number generator + * @param domain parameters to used for this key + * @param x the private key (if zero, generate a new random key) + */ + SM2_Encryption_PrivateKey(RandomNumberGenerator& rng, + const EC_Group& domain, + const BigInt& x = 0); + + bool check_key(RandomNumberGenerator& rng, bool) const override; + + std::unique_ptr<PK_Ops::Decryption> + create_decryption_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const override; + }; + +} + +#endif diff --git a/src/tests/data/pubkey/sm2_enc.vec b/src/tests/data/pubkey/sm2_enc.vec new file mode 100644 index 000000000..f878a11a2 --- /dev/null +++ b/src/tests/data/pubkey/sm2_enc.vec @@ -0,0 +1,14 @@ +# Example from draft-shen-sm2-ecdsa-02 + +P = 0x8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3 +A = 0x787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498 +B = 0x63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A +xG = 0x421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D +yG = 0x0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2 +Order = 0x8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7 +Cofactor = 1 + +Msg = 656E6372797074696F6E207374616E64617264 +x = 0x1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0 +Nonce = 4C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F +Ciphertext = 04245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F6252E776CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84400F01B8650053A89B41C418B0C3AAD00D886C002864679C3D7360C30156FAB7C80A0276712DA9D8094A634B766D3A285E07480653426D diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index 482b190f8..44882cd66 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -389,6 +389,7 @@ class FFI_Unit_Tests : public Test #if defined(BOTAN_HAS_SM2) results.push_back(ffi_test_sm2(rng)); + results.push_back(ffi_test_sm2_enc(rng)); #endif #if defined(BOTAN_HAS_MCELIECE) @@ -1323,7 +1324,7 @@ class FFI_Unit_Tests : public Test Test::Result ffi_test_sm2(botan_rng_t rng) { - Test::Result result("FFI SM2"); + Test::Result result("FFI SM2 Sig"); static const char* kCurve = "sm2p256v1"; const std::string sm2_ident = "SM2 Ident Field"; botan_privkey_t priv; @@ -1409,6 +1410,76 @@ class FFI_Unit_Tests : public Test return result; } + Test::Result ffi_test_sm2_enc(botan_rng_t rng) + { + Test::Result result("FFI SM2 Enc"); + static const char* kCurve = "sm2p256v1"; + botan_privkey_t priv; + botan_pubkey_t pub; + botan_privkey_t loaded_privkey; + botan_pubkey_t loaded_pubkey; + + REQUIRE_FFI_OK(botan_privkey_create, (&priv, "SM2_Enc", kCurve, rng)); + TEST_FFI_OK(botan_privkey_export_pubkey, (&pub, priv)); + ffi_test_pubkey_export(result, pub, priv, rng); + + // Check key load functions + botan_mp_t private_scalar, public_x, public_y; + botan_mp_init(&private_scalar); + botan_mp_init(&public_x); + botan_mp_init(&public_y); + + TEST_FFI_OK(botan_privkey_get_field, (private_scalar, priv, "x")); + TEST_FFI_OK(botan_pubkey_get_field, (public_x, pub, "public_x")); + TEST_FFI_OK(botan_pubkey_get_field, (public_y, pub, "public_y")); + TEST_FFI_OK(botan_privkey_load_sm2_enc, (&loaded_privkey, private_scalar, kCurve)); + TEST_FFI_OK(botan_pubkey_load_sm2_enc, (&loaded_pubkey, public_x, public_y, kCurve)); + TEST_FFI_OK(botan_privkey_check_key, (loaded_privkey, rng, 0)); + TEST_FFI_OK(botan_pubkey_check_key, (loaded_pubkey, rng, 0)); + + char namebuf[32] = { 0 }; + size_t name_len = sizeof(namebuf); + + TEST_FFI_OK(botan_pubkey_algo_name, (pub, &namebuf[0], &name_len)); + result.test_eq(namebuf, namebuf, "SM2_Enc"); + + std::vector<uint8_t> message(32); + // Assumes 256-bit params: + std::vector<uint8_t> ciphertext(1 + 32*2 + message.size() + 32); + TEST_FFI_OK(botan_rng_get, (rng, message.data(), message.size())); + + botan_pk_op_encrypt_t enc; + if(TEST_FFI_OK(botan_pk_op_encrypt_create, (&enc, loaded_pubkey, "", 0))) + { + size_t ctext_len = ciphertext.size(); + TEST_FFI_OK(botan_pk_op_encrypt, (enc, rng, ciphertext.data(), &ctext_len, + message.data(), message.size())); + + botan_pk_op_decrypt_t dec; + TEST_FFI_OK(botan_pk_op_decrypt_create, (&dec, loaded_privkey, "", 0)); + + std::vector<uint8_t> recovered(ciphertext.size()); + size_t recovered_len = recovered.size(); + + TEST_FFI_OK(botan_pk_op_decrypt, + (dec, recovered.data(), &recovered_len, + ciphertext.data(), ciphertext.size())); + + botan_pk_op_decrypt_destroy(dec); + } + botan_pk_op_encrypt_destroy(enc); + + TEST_FFI_OK(botan_mp_destroy, (private_scalar)); + TEST_FFI_OK(botan_mp_destroy, (public_x)); + TEST_FFI_OK(botan_mp_destroy, (public_y)); + TEST_FFI_OK(botan_pubkey_destroy, (pub)); + TEST_FFI_OK(botan_privkey_destroy, (priv)); + TEST_FFI_OK(botan_privkey_destroy, (loaded_privkey)); + TEST_FFI_OK(botan_pubkey_destroy, (loaded_pubkey)); + + return result; + } + Test::Result ffi_test_ecdh(botan_rng_t rng) { Test::Result result("FFI ECDH"); diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp index fb423bc35..4bb4ea9b1 100644 --- a/src/tests/test_pubkey.cpp +++ b/src/tests/test_pubkey.cpp @@ -1,5 +1,6 @@ /* * (C) 2009,2015 Jack Lloyd +* (C) 2017 Ribose Inc * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -241,7 +242,7 @@ PK_Encryption_Decryption_Test::run_one_test(const std::string&, const VarMap& va const std::string padding = get_opt_str(vars, "Padding", default_padding(vars)); - Test::Result result(algo_name() + "/" + padding + " decryption"); + Test::Result result(algo_name() + (padding.empty() ? padding : "/" + padding) + " decryption"); std::unique_ptr<Botan::Private_Key> privkey = load_private_key(vars); @@ -285,7 +286,7 @@ PK_Encryption_Decryption_Test::run_one_test(const std::string&, const VarMap& va std::unique_ptr<Botan::RandomNumberGenerator> kat_rng; if(vars.count("Nonce")) { - kat_rng.reset(new Fixed_Output_RNG(get_req_bin(vars, "Nonce"))); + kat_rng.reset(test_rng(get_req_bin(vars, "Nonce"))); } const std::vector<uint8_t> generated_ciphertext = diff --git a/src/tests/test_pubkey.h b/src/tests/test_pubkey.h index 5d1b2cd99..5d8536496 100644 --- a/src/tests/test_pubkey.h +++ b/src/tests/test_pubkey.h @@ -121,6 +121,12 @@ class PK_Encryption_Decryption_Test : public PK_Test { return "Raw"; } + + virtual Botan::RandomNumberGenerator* test_rng(const std::vector<uint8_t>& nonce) const + { + return new Fixed_Output_RNG(nonce); + } + private: Test::Result run_one_test(const std::string& header, const VarMap& vars) override final; }; diff --git a/src/tests/test_sm2.cpp b/src/tests/test_sm2.cpp index c0d272cbd..2b647e2db 100644 --- a/src/tests/test_sm2.cpp +++ b/src/tests/test_sm2.cpp @@ -9,6 +9,7 @@ #if defined(BOTAN_HAS_SM2) #include <botan/sm2.h> + #include <botan/sm2_enc.h> #include "test_pubkey.h" #endif @@ -60,9 +61,55 @@ class SM2_Signature_KAT_Tests : public PK_Signature_Generation_Test } }; +BOTAN_REGISTER_TEST("sm2_sig", SM2_Signature_KAT_Tests); + +class SM2_Encryption_KAT_Tests : public PK_Encryption_Decryption_Test + { + public: + SM2_Encryption_KAT_Tests() + : PK_Encryption_Decryption_Test( + "SM2", + "pubkey/sm2_enc.vec", + "P,A,B,xG,yG,Order,Cofactor,Msg,x,Nonce,Ciphertext", + "") {} + + virtual std::string default_padding(const VarMap& vars) const override + { + return ""; + } + + Botan::RandomNumberGenerator* test_rng(const std::vector<uint8_t>& nonce) const override + { + return new Fixed_Output_Position_RNG(nonce, 1); + } + + std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) override + { + // group params + const BigInt p = get_req_bn(vars, "P"); + const BigInt a = get_req_bn(vars, "A"); + const BigInt b = get_req_bn(vars, "B"); + const BigInt xG = get_req_bn(vars, "xG"); + const BigInt yG = get_req_bn(vars, "yG"); + const BigInt order = get_req_bn(vars, "Order"); + const BigInt cofactor = get_req_bn(vars, "Cofactor"); + const BigInt x = get_req_bn(vars, "x"); + + Botan::CurveGFp curve(p, a, b); + Botan::PointGFp base_point(curve, xG, yG); + Botan::EC_Group domain(curve, base_point, order, cofactor); + + Botan::Null_RNG null_rng; + std::unique_ptr<Botan::Private_Key> key(new Botan::SM2_Encryption_PrivateKey(null_rng, domain, x)); + return key; + } + }; + } -BOTAN_REGISTER_TEST("sm2_sig", SM2_Signature_KAT_Tests); +BOTAN_REGISTER_TEST("sm2_enc", SM2_Encryption_KAT_Tests); + + #endif } diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index e1e1a15ab..408b5040c 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -53,7 +53,9 @@ const std::vector<std::string> ec_groups = "x962_p192v3", "x962_p239v1", "x962_p239v2", - "x962_p239v3" + "x962_p239v3", + "sm2p256v1", + "frp256v1" }; Botan::BigInt test_integer(Botan::RandomNumberGenerator& rng, size_t bits, BigInt max) |