Beispiel #1
0
// Input:  MyPrivKey = Your private key
//         HisPubKey = Someones public key
// Output: MyPrivKey has been destroyed for security reasons
//         HisPubKey = the secret key
int DH1080_comp(char *MyPrivKey, char *HisPubKey)
{
	int i=0, len, iRet;
	unsigned char SHA256digest[35], base64_tmp[160];
	big b_myPrivkey, b_HisPubkey, b_theKey;

	// Verify base64 strings
	if((strspn(MyPrivKey, B64ABC) != strlen(MyPrivKey)) || (strspn(HisPubKey, B64ABC) != strlen(HisPubKey)))
	{
		memset(MyPrivKey, 0x20, strlen(MyPrivKey));
		memset(HisPubKey, 0x20, strlen(HisPubKey));
		return 0;
	}

	b_HisPubkey=mirvar(0);
	b_theKey=mirvar(0);


	len=b64toh(HisPubKey, base64_tmp);
	bytes_to_big(len, base64_tmp, b_HisPubkey);

	if(DH_verifyPubKey(b_HisPubkey))
	{
		b_myPrivkey=mirvar(0);

		len=b64toh(MyPrivKey, base64_tmp);
		bytes_to_big(len, base64_tmp, b_myPrivkey);
		memset(MyPrivKey, 0x20, strlen(MyPrivKey));

		powmod(b_HisPubkey, b_myPrivkey, b_prime1080, b_theKey);
		mirkill(b_myPrivkey);

		len=big_to_bytes(sizeof(base64_tmp), b_theKey, base64_tmp, FALSE);
		SHA256_memory(base64_tmp, len, SHA256digest);
		htob64(SHA256digest, HisPubKey, 32);

		iRet=1;
	}
	else iRet=0;


	ZeroMemory(base64_tmp, sizeof(base64_tmp));
	ZeroMemory(SHA256digest, sizeof(SHA256digest));

	mirkill(b_theKey);
	mirkill(b_HisPubkey);

	return iRet;
}
Beispiel #2
0
/* calculate a pubKey out of a given priKey */
int SM2_standard_sign_keygeneration(unsigned char PriKey[], unsigned char Px[], unsigned char Py[])
{
	int i = 0;
	big d, PAx, PAy;
	epoint *PA;

	SM2_standard_init();
	PA = epoint_init();

	d = mirvar(0);
	PAx = mirvar(0);
	PAy = mirvar(0);

	bytes_to_big(SM2_NUMWORD, PriKey, d);

	ecurve_mult(d, G, PA);
	epoint_get(PA, PAx, PAy);

	big_to_bytes(SM2_NUMWORD, PAx, Px, TRUE);
	big_to_bytes(SM2_NUMWORD, PAy, Py, TRUE);
	i = Test_PubKey(PA);
	if (i)
		return i;
	else
		return 0;
}
/*! \brief Generate a random six digit one time password
 *
 *  Generates a random six digit one time password
 *
 *  @param  seedValue       random seed value
 *  @param  seedValueLength length of seedValue in bytes
 *  @return OTP             One Time Password
 */
AESGCM_EXPORT int generateOTP(char* seedValue, int seedValueLength)
{
    int OTP=0;
    miracl *mip=mirsys(100,0);
    big bigOTP, modValue;
    bigOTP=mirvar(0);
    modValue=mirvar(1000000);

    /* Crypto string RNG */
    csprng RNG;
    RNG = generateRNG(seedValue, seedValueLength);

    /* Generate randam 128 bit value */
    int i;
    char val[16];
    for (i=0; i<16; i++)
        val[i]=strong_rng(&RNG);

    /* Get the modulus */
    bytes_to_big(16,val, bigOTP);
    divide(_MIPP_ bigOTP,modValue,modValue);
    OTP = size(bigOTP);

    return OTP;
}
Beispiel #4
0
void BaseOT::ByteArrayToPoint(EC2 *point, int field_size, BYTE* pBufIdx) {
	int itmp;
	Big bigtmp;
	itmp = (int) (pBufIdx[0]);

	bytes_to_big(field_size, (const char*) pBufIdx + 1, bigtmp.getbig());
	*point = EC2(bigtmp, itmp);
}
Beispiel #5
0
static void hashing(FILE *fp,big hash)
{   /* compute hash function */
    char h[20];
    sha sh;
    int i,ch;
    shs_init(&sh);
    while ((ch=fgetc(fp))!=EOF) shs_process(&sh,ch);
    shs_hash(&sh,h);
    bytes_to_big(20,h,hash);
}
Beispiel #6
0
static void hashing(miracl *mip,FILE *fp,big hash)
{ /* compute hash function */
    char h[20];
    int len,ch;
    sha sh;
    shs_init(&sh);
    while ((ch=fgetc(fp))!=EOF) shs_process(&sh,ch);
    shs_hash(&sh,h);
    len=(MIRACL*MR_STATIC)/8;
    if (len>20) len=20;
    bytes_to_big(mip,len,h,hash);
}
Beispiel #7
0
void mcl_ecpbs_Hhash(big result, char *info, big m) {
	char hash[20];
	int i;
	sha sh;
	shs_init(&sh);
	for (i = 0; info[i] != 0; i++) {
		shs_process(&sh, info[i]);
	}
	shs_hash(&sh, hash);
	bytes_to_big(20, hash, result);
	mcl_ecpbs_mod(result, m);
}
Beispiel #8
0
BOOL DH1080_Init()
{
	initb64();
    mip=mirsys(256, 0);
	if(mip==NULL) return FALSE;

	b_prime1080=mirvar(0);
	b_1=mirvar(0);

	bytes_to_big(DH1080_PRIME_BYTES, prime1080, b_prime1080);

	lgconv(1, b_1);

	return TRUE;
}
Beispiel #9
0
void SamplePointFromBytes(EC2 *point, BYTE* input, int inbytelen) {
	Big bigtmp;
	bytes_to_big (inbytelen, (const char*) input, bigtmp.getbig());//(bigtmp, inbytelen, input);
	premult(bigtmp.getbig(), MAXMSGSAMPLE, bigtmp.getbig());
	for(int i = 0; i < MAXMSGSAMPLE; i++)
	{
		*point = EC2(bigtmp, 0);
		if(!point_at_infinity(point->get_point()))
			return;
		*point = EC2(bigtmp, 1);
		if(!point_at_infinity(point->get_point()))
			return;
		incr(bigtmp.getbig(), 1, bigtmp.getbig());
	}
	cerr << "Error while sampling point, exiting!" << endl;
	exit(0);
}
Beispiel #10
0
int SM9_standard_key_decap(unsigned char *IDB, unsigned char deB[], unsigned char C[], int Klen, unsigned char K[])
{
    big h, x, y;
    epoint *Cipher;
    unsigned char *Z = NULL;
    int Zlen, i, num = 0;
    zzn12 w;
    ecn2 dEB;

    //initiate
    h = mirvar(0);
    x = mirvar(0);
    y = mirvar(0);
    Cipher = epoint_init();
    zzn12_init(&w);
    dEB.x.a = mirvar(0); 
    dEB.x.b = mirvar(0);
    dEB.y.a = mirvar(0);
    dEB.y.b = mirvar(0);
    dEB.z.a = mirvar(0); 
    dEB.z.b = mirvar(0);
    dEB.marker = MR_EPOINT_INFINITY;

    bytes_to_big(BNLEN, C, x);
    bytes_to_big(BNLEN, C + BNLEN, y);
    epoint_set(x, y, 0, Cipher);
    bytes128_to_ecn2(deB, &dEB);

    //----------Step1:test if C is on G1-----------------
    if(Test_Point(Cipher)) 
        return SM9_NOT_VALID_G1;

    //----------Step2:calculate w=e(C,deB)-----------------
    if(!ecap(dEB, Cipher, para_t, X, &w)) 
        return SM9_MY_ECAP_12A_ERR;
    //test if a ZZn12 element is of order q
    if(!member(w, para_t, X)) 
        return SM9_MEMBER_ERR;

    printf("\n***********************w=e(C,deB):****************************\n");
    zzn12_ElementPrint(w);

    //----------Step3:K=KDF(C||w'||IDB,klen)------------------------
    Zlen = strlen(IDB) + BNLEN * 14;
    Z = (char *)malloc(sizeof(char)*(Zlen + 1));
    if(Z == NULL) 
        return SM9_ASK_MEMORY_ERR;
    LinkCharZzn12(C, BNLEN * 2, w, Z, BNLEN * 14);
    memcpy(Z + BNLEN * 14, IDB, strlen(IDB));
    SM3_kdf(Z, Zlen, Klen, K);

    //----------------test if K equals 0------------------------
    printf("\n******************* K=KDF(C||w||IDB,klen):***********************\n");
    for(i = 0; i < Klen; i++)
    {
        if(K[i] == 0) 
            num += 1;
        printf("%02x", K[i]);
    }
    if(num == Klen) 
        return SM9_ERR_K1_ZERO;

    free(Z);
    return 0;
}
Beispiel #11
0
/* SM2 signature algorithm */
int SM2_standard_sign(unsigned char *message, int len, unsigned char ZA[], unsigned char rand[], unsigned char d[], unsigned char R[], unsigned char S[])
{
	unsigned char hash[SM3_len / 8];
	int M_len = len + SM3_len / 8;
	unsigned char *M = NULL;
	int i;

	big dA, r, s, e, k, KGx, KGy;
	big rem, rk, z1, z2;
	epoint *KG;

	i = SM2_standard_init();
	if (i) 
		return i;
	//initiate
	dA = mirvar(0);
	e = mirvar(0);
	k = mirvar(0);
	KGx = mirvar(0);
	KGy = mirvar(0);
	r = mirvar(0);
	s = mirvar(0);
	rem = mirvar(0);
	rk = mirvar(0);
	z1 = mirvar(0);
	z2 = mirvar(0);

	bytes_to_big(SM2_NUMWORD, d, dA);	//cinstr(dA, d);

	KG = epoint_init();

	//step1, set M = ZA || M
	M = (char *)malloc(sizeof(char)*(M_len + 1));
	memcpy(M, ZA, SM3_len / 8);
	memcpy(M + SM3_len / 8, message, len);

	//step2, generate e = H(M)
	SM3_256(M, M_len, hash);
	bytes_to_big(SM3_len / 8, hash, e);

	//step3:generate k
	bytes_to_big(SM3_len / 8, rand, k);

	//step4:calculate kG
	ecurve_mult(k, G, KG);

	//step5:calculate r
	epoint_get(KG, KGx, KGy);
	add(e, KGx, r);
	divide(r, para_n, rem);

	//judge r = 0 or n + k = n?
	add(r, k, rk);
	if (Test_Zero(r) | Test_n(rk))
		return ERR_GENERATE_R;

	//step6:generate s
	incr(dA, 1, z1);
	xgcd(z1, para_n, z1, z1, z1);
	multiply(r, dA, z2);
	divide(z2, para_n, rem);
	subtract(k, z2, z2);
	add(z2, para_n, z2);
	multiply(z1, z2, s);
	divide(s, para_n, rem);

	//judge s = 0?
	if (Test_Zero(s))
		return ERR_GENERATE_S ;

	big_to_bytes(SM2_NUMWORD, r, R, TRUE);
	big_to_bytes(SM2_NUMWORD, s, S, TRUE);

	free(M);
	return 0;
}
Beispiel #12
0
/* SM2 verification algorithm */
int SM2_standard_verify(unsigned char *message, int len, unsigned char ZA[], unsigned char Px[], unsigned char Py[], unsigned char R[], unsigned char S[])
{
	unsigned char hash[SM3_len / 8];
	int M_len = len + SM3_len / 8;
	unsigned char *M = NULL;
	int i;

	big PAx, PAy, r, s, e, t, rem, x1, y1;
	big RR;
	epoint *PA, *sG, *tPA;

	i = SM2_standard_init();
	if (i) 
		return i;

	PAx = mirvar(0);
	PAy = mirvar(0);
	r = mirvar(0);
	s = mirvar(0);
	e = mirvar(0);
	t = mirvar(0);
	x1 = mirvar(0);
	y1 = mirvar(0);
	rem = mirvar(0);
	RR = mirvar(0);

	PA = epoint_init();
	sG = epoint_init();
	tPA = epoint_init();

	bytes_to_big(SM2_NUMWORD, Px, PAx);
	bytes_to_big(SM2_NUMWORD, Py, PAy);

	bytes_to_big(SM2_NUMWORD, R, r);
	bytes_to_big(SM2_NUMWORD, S, s);
	
	if (!epoint_set(PAx, PAy, 0, PA))	//initialise public key
	{
		return ERR_PUBKEY_INIT;
	}

	//step1: test if r belong to [1, n-1]
	if (Test_Range(r))
		return ERR_OUTRANGE_R;

	//step2: test if s belong to [1, n-1]
	if (Test_Range(s))
		return ERR_OUTRANGE_S;

	//step3, generate M
	M = (char *)malloc(sizeof(char)*(M_len + 1));
	memcpy(M, ZA, SM3_len / 8);
	memcpy(M + SM3_len / 8, message, len);

	//step4, generate e = H(M)
	SM3_256(M, M_len, hash);
	bytes_to_big(SM3_len / 8, hash, e);

	//step5:generate t
	add(r, s, t);
	divide(t, para_n, rem);

	if (Test_Zero(t))
		return ERR_GENERATE_T;

	//step 6: generate(x1, y1)
	ecurve_mult(s, G, sG);
	ecurve_mult(t, PA, tPA);
	ecurve_add(sG, tPA);
	epoint_get(tPA, x1, y1);

	//step7:generate RR
	add(e, x1, RR);
	divide(RR, para_n, rem);

	free(M);
	if (mr_compare(RR, r) == 0)
		return 0;
	else
		return ERR_DATA_MEMCMP;
}
Beispiel #13
0
int crypto_dh(unsigned char *s,const unsigned char* pk,const unsigned char *sk)
{
    int i,promptr;
    ecn2 P;
    big A,B,p,a[2];
    zzn2 x,y,psi[2];
    miracl instance;      /* create miracl workspace on the stack */

/* Specify base 16 here so that HEX can be read in directly without a base-change */

    miracl *mip=mirsys(&instance,WORDS*16,16); /* size of bigs is fixed */
    char mem_big[MR_BIG_RESERVE(17)];          /* we need 17 bigs... */
 	memset(mem_big, 0, MR_BIG_RESERVE(17));    /* clear the memory */

    A=mirvar_mem(mip, mem_big, 0);       /* Initialise big numbers */
    B=mirvar_mem(mip, mem_big, 1);
    x.a=mirvar_mem(mip, mem_big, 2);
    x.b=mirvar_mem(mip, mem_big, 3);
#ifndef COMPRESSED
    y.a=mirvar_mem(mip, mem_big, 4);
    y.b=mirvar_mem(mip, mem_big, 5); 
#endif
    a[0]=mirvar_mem(mip, mem_big, 6);
    a[1]=mirvar_mem(mip, mem_big, 7);
    p=mirvar_mem(mip, mem_big, 8);
    P.x.a=mirvar_mem(mip, mem_big, 9);
    P.x.b=mirvar_mem(mip, mem_big, 10);
    P.y.a=mirvar_mem(mip, mem_big, 11);
    P.y.b=mirvar_mem(mip, mem_big, 12);
    P.z.a=mirvar_mem(mip, mem_big, 13);
    P.z.b=mirvar_mem(mip, mem_big, 14);
	P.marker=MR_EPOINT_INFINITY;

	psi[0].a=mirvar_mem(mip, mem_big, 15);
	psi[0].b=mirvar_mem(mip, mem_big, 16);
 
    promptr=0;
    init_big_from_rom(p,WORDS,rom,16,&promptr);  /* Read in prime modulus p from ROM   */
    init_big_from_rom(B,WORDS,rom,16,&promptr);  /* Read in curve parameter B from ROM */
	init_big_from_rom(psi[0].a,WORDS,rom,16,&promptr);
	init_big_from_rom(psi[0].b,WORDS,rom,16,&promptr);
	init_big_from_rom(x.a,WORDS,rom,16,&promptr);
	init_big_from_rom(x.b,WORDS,rom,16,&promptr);
#ifndef COMPRESSED
	init_big_from_rom(y.a,WORDS,rom,16,&promptr);
	init_big_from_rom(y.b,WORDS,rom,16,&promptr); 
#endif                                                 
    convert(mip,1,A);                           /* Fix A=1 */

/* offline calculations */

    ecurve_init(mip,A,B,p,MR_PROJECTIVE);
    mip->TWIST=TRUE;

/* Alice calculates secret key */

	bytes_to_big(mip,16,pk,x.a);
	bytes_to_big(mip,16,&pk[16],x.b);

	bytes_to_big(mip,16,sk,a[0]);
	bytes_to_big(mip,16,&sk[16],a[1]);

#ifndef COMPRESSED	
	bytes_to_big(mip,16,&pk[32],y.a);
	bytes_to_big(mip,16,&pk[48],y.b);
	if (!ecn2_set(mip,&x,&y,&P)) 
	{
		memset(mem_big, 0, MR_BIG_RESERVE(17));
		mirexit(mip);
		return -1;
	}
#else
	if (!ecn2_setx(mip,&x,&P))
	{
		memset(mem_big, 0, MR_BIG_RESERVE(17));
		mirexit(mip);
		return -1;
	}
#endif
	ecn2_mul2_gls(mip,a,&P,psi,&P);

	ecn2_getx(&P,&x);
#ifdef COMPRESSED
	zzn2_sqr(mip,&x,&x);  /* I tossed y, so I might have wrong sign.. */
#endif

    big_to_bytes(mip,16,x.a,s,TRUE);
    big_to_bytes(mip,16,x.b,&s[16],TRUE);

    memset(mem_big, 0, MR_BIG_RESERVE(17));
	mirexit(mip);

	return 0;
}
Beispiel #14
0
int crypto_dh_keypair(unsigned char* pk,unsigned char *sk)
{
    int i,promptr;
    big A,B,p,a[2];
    zzn2 x,y,psi[2];
    miracl instance;      /* create miracl workspace on the stack */
	ebrick binst;

/* Specify base 16 here so that HEX can be read in directly without a base-change */

    miracl *mip=mirsys(&instance,WORDS*16,16); /* size of bigs is fixed */
    char mem_big[MR_BIG_RESERVE(11)];          /* we need 10 bigs... */
 	memset(mem_big, 0, MR_BIG_RESERVE(11));    /* clear the memory */

    A=mirvar_mem(mip, mem_big, 0);       /* Initialise big numbers */
    B=mirvar_mem(mip, mem_big, 1);
    x.a=mirvar_mem(mip, mem_big, 2);
    x.b=mirvar_mem(mip, mem_big, 3);
    y.a=mirvar_mem(mip, mem_big, 4);
    y.b=mirvar_mem(mip, mem_big, 5);
    a[0]=mirvar_mem(mip, mem_big, 6);
    a[1]=mirvar_mem(mip, mem_big, 7);
    p=mirvar_mem(mip, mem_big, 8);

	psi[0].a=mirvar_mem(mip, mem_big, 9);
	psi[0].b=mirvar_mem(mip, mem_big, 10);


    promptr=0;
    init_big_from_rom(p,WORDS,rom,16,&promptr);  /* Read in prime modulus p from ROM   */
    init_big_from_rom(B,WORDS,rom,16,&promptr);  /* Read in curve parameter B from ROM */
	init_big_from_rom(psi[0].a,WORDS,rom,16,&promptr);
	init_big_from_rom(psi[0].b,WORDS,rom,16,&promptr);
                                                 
    convert(mip,1,A);                           /* Fix A=1 */

	ecn2_brick_init(&binst,prom,A,B,p,6,128);

/* Alices key gen calculation */
#ifdef HAVE_MAIN
	for (i=0;i<32;i++) sk[i]=rand();
#else
    randombytes(sk,32);
#endif
	sk[15]&=0x3f; sk[31]&=0x3f;

	bytes_to_big(mip,16,sk,a[0]);
	bytes_to_big(mip,16,&sk[16],a[1]);

	ecn2_mul_brick_gls(mip,&binst,a,psi,&x,&y);

    big_to_bytes(mip,16,x.a,pk,TRUE);
    big_to_bytes(mip,16,x.b,&pk[16],TRUE);
#ifndef COMPRESSED
    big_to_bytes(mip,16,y.a,&pk[32],TRUE);
    big_to_bytes(mip,16,y.b,&pk[48],TRUE);
#endif

    memset(mem_big, 0, MR_BIG_RESERVE(11));
	mirexit(mip);

	return 0;
}
Beispiel #15
0
/* 
 * function encodeByteArrayToPoint		: Encodes the given byte array into a point. 
 *										  If the given byte array can not be encoded to a point, returns 0.
 * param dlog							: Pointer to the native Dlog object.
 * param binaryString					: The byte array to encode.
 * param k								: k is the maximum length of a string to be converted to a Group Element of this group. 
 *										  If a string exceeds the k length it cannot be converted.
 * return								: The created point or 0 if the point cannot be created.
 */
JNIEXPORT jlong JNICALL Java_edu_biu_scapi_primitives_dlog_miracl_MiraclDlogECFp_encodeByteArrayToPoint
  (JNIEnv * env, jobject, jlong m, jbyteArray binaryString, jint k){
	   //Pseudo-code:
		/*If the length of binaryString exceeds k then throw IndexOutOfBoundsException.

          Let L be the length in bytes of p

          Choose a random byte array r of length L – k – 2 bytes 

          Prepare a string newString of the following form: r || binaryString || binaryString.length (where || denotes concatenation) (i.e., the least significant byte of newString is the length of binaryString in bytes)

          Convert the result to a BigInteger (bIString)

          Compute the elliptic curve equation for this x and see if there exists a y such that (x,y) satisfies the equation.

          If yes, return (x,y)

          Else, go back to step 3 (choose a random r etc.) up to 80 times (This is an arbitrary hard-coded number).

          If did not find y such that (x,y) satisfies the equation after 80 trials then return null.
		 */

	   /* convert the accepted parameters to MIRACL parameters*/
	   miracl* mip = (miracl*)m;
	 
	  jbyte* string  = (jbyte*) env->GetByteArrayElements(binaryString, 0);
	  int len = env->GetArrayLength(binaryString);
 
	  if (len > k){
		  env ->ReleaseByteArrayElements(binaryString, string, 0);
		  return 0;
	  }
	
	  big x, p;
	  x = mirvar(mip, 0);
	  p = mip->modulus;
	  
	  int l = logb2(mip, p)/8;
	  
	  char* randomArray = new char[l-k-2];
	  char* newString = new char[l - k - 1 + len];
	  memcpy(newString+l-k-2, string, len);

	  newString[l - k - 2 + len] = (char) len;

	  
	  int counter = 0;
	  bool success = 0;

	  csprng rng;  
      srand(time(0));
	  long seed;  
	  char raw = rand();
	  time((time_t*)&seed);  
	  strong_init(&rng,1,&raw,seed);                 
	  do{
		  
			for (int i=0; i<l-k-2; i++){
				  randomArray[i] = strong_rng(&rng);
			}
			
			memcpy(newString, randomArray, l-k-2);
			
			bytes_to_big(mip, l - k - 1 + len, newString, x);
			
			//If the number is negative, make it positive.
			if(exsign(x)== -1){
				absol(x, x);
			}
			//epoint_x returns true if the given x value leads to a valid point on the curve.
			//if failed, go back to choose a random r etc.
			success = epoint_x(mip, x);
			counter++;
	  } while((!success) && (counter <= 80)); //we limit the amount of times we try to 80 which is an arbitrary number.
	  
	  epoint* point = 0;
	  if (success){
		point = epoint_init(mip);
		epoint_set(mip, x, x, 0, point);
	  }

	  char* temp = new char[l - k - 1 + len];
	  big_to_bytes(mip,l - k - 1 + len , x, temp, 1);
	  
	  //Delete the allocated memory.
	  env ->ReleaseByteArrayElements(binaryString, string, 0);
	  
	  mirkill(x);
	 
	  delete(randomArray);
	  delete(newString);
	  
	  //Return the created point.
	  return (long) point;
}
Beispiel #16
0
int SM9_standard_key_encap(unsigned char hid[], unsigned char *IDB, unsigned char rand[],
                           unsigned char Ppub[], unsigned char C[], unsigned char K[], int Klen)
{
    big h, x, y, r;
    epoint *Ppube, *QB, *Cipher;
    unsigned char *Z = NULL;
    int Zlen, buf, i, num = 0;
    zzn12 g, w;

    //initiate
    h = mirvar(0);
    r = mirvar(0);
    x = mirvar(0);
    y = mirvar(0);
    QB = epoint_init();
    Ppube = epoint_init();
    Cipher = epoint_init();
    zzn12_init(&g);
    zzn12_init(&w);

    bytes_to_big(BNLEN, Ppub, x);
    bytes_to_big(BNLEN, Ppub + BNLEN, y);
    epoint_set(x, y, 0, Ppube);

    //----------Step1:calculate QB=[H1(IDB||hid,N)]P1+Ppube----------
    Zlen = strlen(IDB) + 1;
    Z = (char *)malloc(sizeof(char)*(Zlen + 1));
    if(Z == NULL) 
        return SM9_ASK_MEMORY_ERR;
    memcpy(Z, IDB, strlen(IDB));
    memcpy(Z + strlen(IDB), hid, 1);
    buf = SM9_standard_h1(Z, Zlen, N, h);
    free(Z);
    if(buf) 
        return buf;
    printf("\n************************ H1(IDB||hid,N) ************************\n");
    cotnum(h, stdout);

    ecurve_mult(h, P1, QB);
    ecurve_add(Ppube, QB);
    printf("\n*******************QB:=[H1(IDB||hid,N)]P1+Ppube*****************\n");
    epoint_get(QB, x, y);
    cotnum(x, stdout);
    cotnum(y, stdout);

    //-------------------- Step2:randnom -------------------
    bytes_to_big(BNLEN, rand, r);
    printf("\n***********************randnum r: ******************************\n");
    cotnum(r, stdout);

    //----------------Step3:C=[r]QB------------------------
    ecurve_mult(r, QB, Cipher);
    epoint_get(Cipher, x, y);
    printf("\n*********************** C=[r]QB: ******************************\n");
    cotnum(x, stdout);
    cotnum(y, stdout);
    big_to_bytes(BNLEN, x, C, 1);
    big_to_bytes(BNLEN, y, C + BNLEN, 1);

    //----------------Step4:g=e(Ppube,P2)------------------------
    if(!ecap(P2, Ppube, para_t, X, &g)) 
        return SM9_MY_ECAP_12A_ERR;
    //test if a ZZn12 element is of order q
    if(!member(g, para_t, X)) 
        return SM9_MEMBER_ERR;

    printf("\n***********************g=e(Ppube,P2):****************************\n");
    zzn12_ElementPrint(g);

    //----------------Step5:w=g^r------------------------
    w = zzn12_pow(g, r);
    printf("\n************************* w=g^r:*********************************\n");
    zzn12_ElementPrint(w);

    //----------------Step6:K=KDF(C||w||IDB,klen)------------------------
    Zlen = strlen(IDB) + BNLEN * 14;
    Z = (char *)malloc(sizeof(char)*(Zlen + 1));
    if(Z == NULL) 
        return SM9_ASK_MEMORY_ERR;
    LinkCharZzn12(C, BNLEN * 2, w, Z, BNLEN * 14);
    memcpy(Z + BNLEN * 14, IDB, strlen(IDB));

    SM3_kdf(Z, Zlen, Klen, K);
    free(Z);
    //----------------test if K equals 0------------------------
    printf("\n******************* K=KDF(C||w||IDB,klen):***********************\n");
    for(i = 0; i < Klen; i++)
    {
        if(K[i] == 0) 
            num += 1;
        printf("%02x", K[i]);
    }
    if(num == Klen) 
        return SM9_ERR_K1_ZERO;
    
    return 0;
}
Beispiel #17
0
int SM9_standard_encap_selfcheck()
{
    //the master private key
    unsigned char KE[32] = {0x00, 0x01, 0xED, 0xEE, 0x37, 0x78, 0xF4, 0x41, 0xF8, 0xDE, 0xA3, 0xD9, 0xFA, 0x0A, 0xCC, 0x4E, 
                            0x07, 0xEE, 0x36, 0xC9, 0x3F, 0x9A, 0x08, 0x61, 0x8A, 0xF4, 0xAD, 0x85, 0xCE, 0xDE, 0x1C, 0x22};
    unsigned char rand[32] = {0x00, 0x00, 0x74, 0x01, 0x5F, 0x84, 0x89, 0xC0, 0x1E, 0xF4, 0x27, 0x04, 0x56, 0xF9, 0xE6, 0x47,
                              0x5B, 0xFB, 0x60, 0x2B, 0xDE, 0x7F, 0x33, 0xFD, 0x48, 0x2A, 0xB4, 0xE3, 0x68, 0x4A, 0x67, 0x22};
    //standard datas
    unsigned char std_Ppub[64] = {0x78, 0x7E, 0xD7, 0xB8, 0xA5, 0x1F, 0x3A, 0xB8, 0x4E, 0x0A, 0x66, 0x00, 0x3F, 0x32, 0xDA, 0x5C,
                                  0x72, 0x0B, 0x17, 0xEC, 0xA7, 0x13, 0x7D, 0x39, 0xAB, 0xC6, 0x6E, 0x3C, 0x80, 0xA8, 0x92, 0xFF,
                                  0x76, 0x9D, 0xE6, 0x17, 0x91, 0xE5, 0xAD, 0xC4, 0xB9, 0xFF, 0x85, 0xA3, 0x13, 0x54, 0x90, 0x0B,
                                  0x20, 0x28, 0x71, 0x27, 0x9A, 0x8C, 0x49, 0xDC, 0x3F, 0x22, 0x0F, 0x64, 0x4C, 0x57, 0xA7, 0xB1};
    unsigned char std_deB[128] = {0x94, 0x73, 0x6A, 0xCD, 0x2C, 0x8C, 0x87, 0x96, 0xCC, 0x47, 0x85, 0xE9, 0x38, 0x30, 0x1A, 0x13,
                                  0x9A, 0x05, 0x9D, 0x35, 0x37, 0xB6, 0x41, 0x41, 0x40, 0xB2, 0xD3, 0x1E, 0xEC, 0xF4, 0x16, 0x83,
                                  0x11, 0x5B, 0xAE, 0x85, 0xF5, 0xD8, 0xBC, 0x6C, 0x3D, 0xBD, 0x9E, 0x53, 0x42, 0x97, 0x9A, 0xCC,
                                  0xCF, 0x3C, 0x2F, 0x4F, 0x28, 0x42, 0x0B, 0x1C, 0xB4, 0xF8, 0xC0, 0xB5, 0x9A, 0x19, 0xB1, 0x58,
                                  0x7A, 0xA5, 0xE4, 0x75, 0x70, 0xDA, 0x76, 0x00, 0xCD, 0x76, 0x0A, 0x0C, 0xF7, 0xBE, 0xAF, 0x71,
                                  0xC4, 0x47, 0xF3, 0x84, 0x47, 0x53, 0xFE, 0x74, 0xFA, 0x7B, 0xA9, 0x2C, 0xA7, 0xD3, 0xB5, 0x5F,
                                  0x27, 0x53, 0x8A, 0x62, 0xE7, 0xF7, 0xBF, 0xB5, 0x1D, 0xCE, 0x08, 0x70, 0x47, 0x96, 0xD9, 0x4C,
                                  0x9D, 0x56, 0x73, 0x4F, 0x11, 0x9E, 0xA4, 0x47, 0x32, 0xB5, 0x0E, 0x31, 0xCD, 0xEB, 0x75, 0xC1};
    unsigned char std_K[64] = {0x4F, 0xF5, 0xCF, 0x86, 0xD2, 0xAD, 0x40, 0xC8, 0xF4, 0xBA, 0xC9, 0x8D, 0x76, 0xAB, 0xDB, 0xDE,
                               0x0C, 0x0E, 0x2F, 0x0A, 0x82, 0x9D, 0x3F, 0x91, 0x1E, 0xF5, 0xB2, 0xBC, 0xE0, 0x69, 0x54, 0x80};
    unsigned char std_C[64] = {0x1E, 0xDE, 0xE2, 0xC3, 0xF4, 0x65, 0x91, 0x44, 0x91, 0xDE, 0x44, 0xCE, 0xFB, 0x2C, 0xB4, 0x34,
                               0xAB, 0x02, 0xC3, 0x08, 0xD9, 0xDC, 0x5E, 0x20, 0x67, 0xB4, 0xFE, 0xD5, 0xAA, 0xAC, 0x8A, 0x0F,
                               0x1C, 0x9B, 0x4C, 0x43, 0x5E, 0xCA, 0x35, 0xAB, 0x83, 0xBB, 0x73, 0x41, 0x74, 0xC0, 0xF7, 0x8F,
                               0xDE, 0x81, 0xA5, 0x33, 0x74, 0xAF, 0xF3, 0xB3, 0x60, 0x2B, 0xBC, 0x5E, 0x37, 0xBE, 0x9A, 0x4C};

    unsigned char hid[] = {0x03}, *IDB = "Bob";
    unsigned char Ppub[64], deB[128], C[64], K[32], K_decap[32];
    big ke;
    int tmp, i;
    int Klen = 32;

    mip = mirsys(1000, 16);
    mip->IOBASE = 16;
    ke = mirvar(0);
    bytes_to_big(32, KE, ke);

    tmp = SM9_standard_init();
    if(tmp != 0) 
        return tmp;

    printf("\n*********************** SM9 key Generation ***************************\n");
    tmp = SM9_standard_generateencryptkey(hid, IDB, strlen(IDB), ke, Ppub, deB);
    if(tmp != 0) 
        return tmp;
    if(memcmp(Ppub, std_Ppub, 64) != 0)
        return SM9_GEPUB_ERR;
    if(memcmp(deB, std_deB, 128) != 0)
        return SM9_GEPRI_ERR;

    printf("\n**********************PublicKey Ppubs=[ke]P1:*************************\n");
    for(i = 0; i < 64; i++)
    {
        if(i == 32) 
            printf("\n");
        printf("%02x", Ppub[i]);
    }
    printf("\n**************The private key deB = (xdeB, ydeB):*********************\n");
    for(i = 0; i < 128; i++)
    { 
        if(i == 64) 
            printf("\n");
        printf("%02x", deB[i]);
    }
    
    printf("\n///////////////////SM9 Key encapsulation mechanism//////////////////////\n");
    tmp = SM9_standard_key_encap(hid, IDB, rand, Ppub, C, K, Klen);
    if(tmp != 0) 
        return tmp;

    if(memcmp(C, std_C, 64) != 0)
        return SM9_ERR_Encap_C;
    if(memcmp(K, std_K, Klen) != 0)
        return SM9_ERR_Encap_K;

    printf("\n///////////////////SM9 Key decapsulation mechanism//////////////////////\n");
    tmp = SM9_standard_key_decap(IDB, deB, C, Klen, K_decap);
    if(tmp != 0) 
        return tmp;

    if(memcmp(K_decap, std_K, 32) != 0)
        return SM9_ERR_Decap_K;
    
    return 0;
}