10#include <botan/internal/pk_ops_impl.h>
11#include <botan/internal/point_mul.h>
12#include <botan/loadstor.h>
13#include <botan/numthry.h>
14#include <botan/keypair.h>
15#include <botan/hash.h>
16#include <botan/parsing.h>
53 const std::string& user_id,
57 if(user_id.size() >= 8192)
60 const uint16_t uid_len =
static_cast<uint16_t
>(8 * user_id.size());
75 std::vector<uint8_t> za(
hash.output_length());
76 hash.final(za.data());
86class SM2_Signature_Operation
final :
public PK_Ops::Signature
90 SM2_Signature_Operation(
const SM2_PrivateKey& sm2,
91 const std::string& ident,
92 const std::string&
hash) :
93 m_group(sm2.domain()),
94 m_x(sm2.private_value()),
95 m_da_inv(sm2.get_da_inv())
105 m_za =
sm2_compute_za(*m_hash, ident, m_group, sm2.public_point());
106 m_hash->update(m_za);
110 size_t signature_length()
const override {
return 2*m_group.get_order_bytes(); }
112 void update(
const uint8_t msg[],
size_t msg_len)
override
116 m_hash->update(msg, msg_len);
120 m_digest.insert(m_digest.end(), msg, msg + msg_len);
124 secure_vector<uint8_t> sign(RandomNumberGenerator& rng)
override;
127 const EC_Group m_group;
129 const BigInt& m_da_inv;
131 std::vector<uint8_t> m_za;
132 secure_vector<uint8_t> m_digest;
133 std::unique_ptr<HashFunction> m_hash;
134 std::vector<BigInt> m_ws;
137secure_vector<uint8_t>
138SM2_Signature_Operation::sign(RandomNumberGenerator& rng)
145 m_hash->update(m_za);
153 const BigInt k = m_group.random_scalar(rng);
155 const BigInt r = m_group.mod_order(
156 m_group.blinded_base_point_multiply_x(k, rng, m_ws) + e);
157 const BigInt s = m_group.multiply_mod_order(m_da_inv, m_group.mod_order(k - r*m_x));
165class SM2_Verification_Operation
final :
public PK_Ops::Verification
168 SM2_Verification_Operation(
const SM2_PublicKey& sm2,
169 const std::string& ident,
170 const std::string&
hash) :
171 m_group(sm2.domain()),
172 m_gy_mul(m_group.get_base_point(), sm2.public_point())
182 m_za =
sm2_compute_za(*m_hash, ident, m_group, sm2.public_point());
183 m_hash->update(m_za);
187 void update(
const uint8_t msg[],
size_t msg_len)
override
191 m_hash->update(msg, msg_len);
195 m_digest.insert(m_digest.end(), msg, msg + msg_len);
199 bool is_valid_signature(
const uint8_t sig[],
size_t sig_len)
override;
201 const EC_Group m_group;
202 const PointGFp_Multi_Point_Precompute m_gy_mul;
203 secure_vector<uint8_t> m_digest;
204 std::vector<uint8_t> m_za;
205 std::unique_ptr<HashFunction> m_hash;
208bool SM2_Verification_Operation::is_valid_signature(
const uint8_t sig[],
size_t sig_len)
215 m_hash->update(m_za);
223 if(sig_len != m_group.get_order().bytes()*2)
226 const BigInt r(sig, sig_len / 2);
227 const BigInt s(sig + sig_len / 2, sig_len / 2);
229 if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order())
232 const BigInt t = m_group.mod_order(r + s);
237 const PointGFp R = m_gy_mul.
multi_exp(s, t);
243 return (m_group.mod_order(R.get_affine_x() + e) == r);
246void parse_sm2_param_string(
const std::string& params,
251 const std::string default_userid =
"1234567812345678";
254 userid = default_userid;
263 auto comma = params.find(
',');
264 if(comma == std::string::npos)
270 userid = params.substr(0, comma);
271 hash = params.substr(comma+1, std::string::npos);
277std::unique_ptr<PK_Ops::Verification>
279 const std::string& provider)
const
281 if(provider ==
"base" || provider.empty())
283 std::string userid,
hash;
284 parse_sm2_param_string(params, userid,
hash);
285 return std::unique_ptr<PK_Ops::Verification>(
new SM2_Verification_Operation(*
this, userid,
hash));
291std::unique_ptr<PK_Ops::Signature>
293 const std::string& params,
294 const std::string& provider)
const
296 if(provider ==
"base" || provider.empty())
298 std::string userid,
hash;
299 parse_sm2_param_string(params, userid,
hash);
300 return std::unique_ptr<PK_Ops::Signature>(
new SM2_Signature_Operation(*
this, userid,
hash));
static BigInt decode(const uint8_t buf[], size_t length)
static secure_vector< uint8_t > encode_fixed_length_int_pair(const BigInt &n1, const BigInt &n2, size_t bytes)
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
const BigInt & get_b() const
const BigInt & get_a() const
const BigInt & get_g_y() const
const BigInt & get_g_x() const
BigInt inverse_mod_order(const BigInt &x) const
size_t get_p_bytes() const
const EC_Group & domain() const
const PointGFp & public_point() const
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
PointGFp multi_exp(const BigInt &k1, const BigInt &k2) const
BigInt get_affine_y() const
BigInt get_affine_x() const
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
bool check_key(RandomNumberGenerator &rng, bool) const override
SM2_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string ¶ms, const std::string &provider) const override
std::string algo_name() const override
int(* update)(CTX *, const void *, CC_LONG len)
int(* final)(unsigned char *, CTX *)
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
std::vector< uint8_t > sm2_compute_za(HashFunction &hash, const std::string &user_id, const EC_Group &domain, const PointGFp &pubkey)
constexpr uint8_t get_byte(size_t byte_num, T input)
std::vector< T, secure_allocator< T > > secure_vector