// Input: MyPrivKey = Your private key
// HisPubKey = Someones public key
// Output: MyPrivKey has been destroyed for security reasons
// HisPubKey = the secret key
int DH1080_comp(char *MyPrivKey, char *HisPubKey)
{
int i=0, len, iRet;
unsigned char SHA256digest[35], base64_tmp[160];
big b_myPrivkey, b_HisPubkey, b_theKey;
// Verify base64 strings
if((strspn(MyPrivKey, B64ABC) != strlen(MyPrivKey)) || (strspn(HisPubKey, B64ABC) != strlen(HisPubKey)))
{
memset(MyPrivKey, 0x20, strlen(MyPrivKey));
memset(HisPubKey, 0x20, strlen(HisPubKey));
return 0;
}
b_HisPubkey=mirvar(0);
b_theKey=mirvar(0);
len=b64toh(HisPubKey, base64_tmp);
bytes_to_big(len, base64_tmp, b_HisPubkey);
if(DH_verifyPubKey(b_HisPubkey))
{
b_myPrivkey=mirvar(0);
len=b64toh(MyPrivKey, base64_tmp);
bytes_to_big(len, base64_tmp, b_myPrivkey);
memset(MyPrivKey, 0x20, strlen(MyPrivKey));
powmod(b_HisPubkey, b_myPrivkey, b_prime1080, b_theKey);
mirkill(b_myPrivkey);
len=big_to_bytes(sizeof(base64_tmp), b_theKey, base64_tmp, FALSE);
SHA256_memory(base64_tmp, len, SHA256digest);
htob64(SHA256digest, HisPubKey, 32);
iRet=1;
}
else iRet=0;
ZeroMemory(base64_tmp, sizeof(base64_tmp));
ZeroMemory(SHA256digest, sizeof(SHA256digest));
mirkill(b_theKey);
mirkill(b_HisPubkey);
return iRet;
}
/* calculate a pubKey out of a given priKey */
int SM2_standard_sign_keygeneration(unsigned char PriKey[], unsigned char Px[], unsigned char Py[])
{
int i = 0;
big d, PAx, PAy;
epoint *PA;
SM2_standard_init();
PA = epoint_init();
d = mirvar(0);
PAx = mirvar(0);
PAy = mirvar(0);
bytes_to_big(SM2_NUMWORD, PriKey, d);
ecurve_mult(d, G, PA);
epoint_get(PA, PAx, PAy);
big_to_bytes(SM2_NUMWORD, PAx, Px, TRUE);
big_to_bytes(SM2_NUMWORD, PAy, Py, TRUE);
i = Test_PubKey(PA);
if (i)
return i;
else
return 0;
}
/*! \brief Generate a random six digit one time password
*
* Generates a random six digit one time password
*
* @param seedValue random seed value
* @param seedValueLength length of seedValue in bytes
* @return OTP One Time Password
*/
AESGCM_EXPORT int generateOTP(char* seedValue, int seedValueLength)
{
int OTP=0;
miracl *mip=mirsys(100,0);
big bigOTP, modValue;
bigOTP=mirvar(0);
modValue=mirvar(1000000);
/* Crypto string RNG */
csprng RNG;
RNG = generateRNG(seedValue, seedValueLength);
/* Generate randam 128 bit value */
int i;
char val[16];
for (i=0; i<16; i++)
val[i]=strong_rng(&RNG);
/* Get the modulus */
bytes_to_big(16,val, bigOTP);
divide(_MIPP_ bigOTP,modValue,modValue);
OTP = size(bigOTP);
return OTP;
}
void BaseOT::ByteArrayToPoint(EC2 *point, int field_size, BYTE* pBufIdx) {
int itmp;
Big bigtmp;
itmp = (int) (pBufIdx[0]);
bytes_to_big(field_size, (const char*) pBufIdx + 1, bigtmp.getbig());
*point = EC2(bigtmp, itmp);
}
static void hashing(FILE *fp,big hash)
{ /* compute hash function */
char h[20];
sha sh;
int i,ch;
shs_init(&sh);
while ((ch=fgetc(fp))!=EOF) shs_process(&sh,ch);
shs_hash(&sh,h);
bytes_to_big(20,h,hash);
}
static void hashing(miracl *mip,FILE *fp,big hash)
{ /* compute hash function */
char h[20];
int len,ch;
sha sh;
shs_init(&sh);
while ((ch=fgetc(fp))!=EOF) shs_process(&sh,ch);
shs_hash(&sh,h);
len=(MIRACL*MR_STATIC)/8;
if (len>20) len=20;
bytes_to_big(mip,len,h,hash);
}
void mcl_ecpbs_Hhash(big result, char *info, big m) {
char hash[20];
int i;
sha sh;
shs_init(&sh);
for (i = 0; info[i] != 0; i++) {
shs_process(&sh, info[i]);
}
shs_hash(&sh, hash);
bytes_to_big(20, hash, result);
mcl_ecpbs_mod(result, m);
}
BOOL DH1080_Init()
{
initb64();
mip=mirsys(256, 0);
if(mip==NULL) return FALSE;
b_prime1080=mirvar(0);
b_1=mirvar(0);
bytes_to_big(DH1080_PRIME_BYTES, prime1080, b_prime1080);
lgconv(1, b_1);
return TRUE;
}
void SamplePointFromBytes(EC2 *point, BYTE* input, int inbytelen) {
Big bigtmp;
bytes_to_big (inbytelen, (const char*) input, bigtmp.getbig());//(bigtmp, inbytelen, input);
premult(bigtmp.getbig(), MAXMSGSAMPLE, bigtmp.getbig());
for(int i = 0; i < MAXMSGSAMPLE; i++)
{
*point = EC2(bigtmp, 0);
if(!point_at_infinity(point->get_point()))
return;
*point = EC2(bigtmp, 1);
if(!point_at_infinity(point->get_point()))
return;
incr(bigtmp.getbig(), 1, bigtmp.getbig());
}
cerr << "Error while sampling point, exiting!" << endl;
exit(0);
}
int SM9_standard_key_decap(unsigned char *IDB, unsigned char deB[], unsigned char C[], int Klen, unsigned char K[])
{
big h, x, y;
epoint *Cipher;
unsigned char *Z = NULL;
int Zlen, i, num = 0;
zzn12 w;
ecn2 dEB;
//initiate
h = mirvar(0);
x = mirvar(0);
y = mirvar(0);
Cipher = epoint_init();
zzn12_init(&w);
dEB.x.a = mirvar(0);
dEB.x.b = mirvar(0);
dEB.y.a = mirvar(0);
dEB.y.b = mirvar(0);
dEB.z.a = mirvar(0);
dEB.z.b = mirvar(0);
dEB.marker = MR_EPOINT_INFINITY;
bytes_to_big(BNLEN, C, x);
bytes_to_big(BNLEN, C + BNLEN, y);
epoint_set(x, y, 0, Cipher);
bytes128_to_ecn2(deB, &dEB);
//----------Step1:test if C is on G1-----------------
if(Test_Point(Cipher))
return SM9_NOT_VALID_G1;
//----------Step2:calculate w=e(C,deB)-----------------
if(!ecap(dEB, Cipher, para_t, X, &w))
return SM9_MY_ECAP_12A_ERR;
//test if a ZZn12 element is of order q
if(!member(w, para_t, X))
return SM9_MEMBER_ERR;
printf("\n***********************w=e(C,deB):****************************\n");
zzn12_ElementPrint(w);
//----------Step3:K=KDF(C||w'||IDB,klen)------------------------
Zlen = strlen(IDB) + BNLEN * 14;
Z = (char *)malloc(sizeof(char)*(Zlen + 1));
if(Z == NULL)
return SM9_ASK_MEMORY_ERR;
LinkCharZzn12(C, BNLEN * 2, w, Z, BNLEN * 14);
memcpy(Z + BNLEN * 14, IDB, strlen(IDB));
SM3_kdf(Z, Zlen, Klen, K);
//----------------test if K equals 0------------------------
printf("\n******************* K=KDF(C||w||IDB,klen):***********************\n");
for(i = 0; i < Klen; i++)
{
if(K[i] == 0)
num += 1;
printf("%02x", K[i]);
}
if(num == Klen)
return SM9_ERR_K1_ZERO;
free(Z);
return 0;
}
/* SM2 signature algorithm */
int SM2_standard_sign(unsigned char *message, int len, unsigned char ZA[], unsigned char rand[], unsigned char d[], unsigned char R[], unsigned char S[])
{
unsigned char hash[SM3_len / 8];
int M_len = len + SM3_len / 8;
unsigned char *M = NULL;
int i;
big dA, r, s, e, k, KGx, KGy;
big rem, rk, z1, z2;
epoint *KG;
i = SM2_standard_init();
if (i)
return i;
//initiate
dA = mirvar(0);
e = mirvar(0);
k = mirvar(0);
KGx = mirvar(0);
KGy = mirvar(0);
r = mirvar(0);
s = mirvar(0);
rem = mirvar(0);
rk = mirvar(0);
z1 = mirvar(0);
z2 = mirvar(0);
bytes_to_big(SM2_NUMWORD, d, dA); //cinstr(dA, d);
KG = epoint_init();
//step1, set M = ZA || M
M = (char *)malloc(sizeof(char)*(M_len + 1));
memcpy(M, ZA, SM3_len / 8);
memcpy(M + SM3_len / 8, message, len);
//step2, generate e = H(M)
SM3_256(M, M_len, hash);
bytes_to_big(SM3_len / 8, hash, e);
//step3:generate k
bytes_to_big(SM3_len / 8, rand, k);
//step4:calculate kG
ecurve_mult(k, G, KG);
//step5:calculate r
epoint_get(KG, KGx, KGy);
add(e, KGx, r);
divide(r, para_n, rem);
//judge r = 0 or n + k = n?
add(r, k, rk);
if (Test_Zero(r) | Test_n(rk))
return ERR_GENERATE_R;
//step6:generate s
incr(dA, 1, z1);
xgcd(z1, para_n, z1, z1, z1);
multiply(r, dA, z2);
divide(z2, para_n, rem);
subtract(k, z2, z2);
add(z2, para_n, z2);
multiply(z1, z2, s);
divide(s, para_n, rem);
//judge s = 0?
if (Test_Zero(s))
return ERR_GENERATE_S ;
big_to_bytes(SM2_NUMWORD, r, R, TRUE);
big_to_bytes(SM2_NUMWORD, s, S, TRUE);
free(M);
return 0;
}
/* SM2 verification algorithm */
int SM2_standard_verify(unsigned char *message, int len, unsigned char ZA[], unsigned char Px[], unsigned char Py[], unsigned char R[], unsigned char S[])
{
unsigned char hash[SM3_len / 8];
int M_len = len + SM3_len / 8;
unsigned char *M = NULL;
int i;
big PAx, PAy, r, s, e, t, rem, x1, y1;
big RR;
epoint *PA, *sG, *tPA;
i = SM2_standard_init();
if (i)
return i;
PAx = mirvar(0);
PAy = mirvar(0);
r = mirvar(0);
s = mirvar(0);
e = mirvar(0);
t = mirvar(0);
x1 = mirvar(0);
y1 = mirvar(0);
rem = mirvar(0);
RR = mirvar(0);
PA = epoint_init();
sG = epoint_init();
tPA = epoint_init();
bytes_to_big(SM2_NUMWORD, Px, PAx);
bytes_to_big(SM2_NUMWORD, Py, PAy);
bytes_to_big(SM2_NUMWORD, R, r);
bytes_to_big(SM2_NUMWORD, S, s);
if (!epoint_set(PAx, PAy, 0, PA)) //initialise public key
{
return ERR_PUBKEY_INIT;
}
//step1: test if r belong to [1, n-1]
if (Test_Range(r))
return ERR_OUTRANGE_R;
//step2: test if s belong to [1, n-1]
if (Test_Range(s))
return ERR_OUTRANGE_S;
//step3, generate M
M = (char *)malloc(sizeof(char)*(M_len + 1));
memcpy(M, ZA, SM3_len / 8);
memcpy(M + SM3_len / 8, message, len);
//step4, generate e = H(M)
SM3_256(M, M_len, hash);
bytes_to_big(SM3_len / 8, hash, e);
//step5:generate t
add(r, s, t);
divide(t, para_n, rem);
if (Test_Zero(t))
return ERR_GENERATE_T;
//step 6: generate(x1, y1)
ecurve_mult(s, G, sG);
ecurve_mult(t, PA, tPA);
ecurve_add(sG, tPA);
epoint_get(tPA, x1, y1);
//step7:generate RR
add(e, x1, RR);
divide(RR, para_n, rem);
free(M);
if (mr_compare(RR, r) == 0)
return 0;
else
return ERR_DATA_MEMCMP;
}
int crypto_dh(unsigned char *s,const unsigned char* pk,const unsigned char *sk)
{
int i,promptr;
ecn2 P;
big A,B,p,a[2];
zzn2 x,y,psi[2];
miracl instance; /* create miracl workspace on the stack */
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*16,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(17)]; /* we need 17 bigs... */
memset(mem_big, 0, MR_BIG_RESERVE(17)); /* clear the memory */
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
x.a=mirvar_mem(mip, mem_big, 2);
x.b=mirvar_mem(mip, mem_big, 3);
#ifndef COMPRESSED
y.a=mirvar_mem(mip, mem_big, 4);
y.b=mirvar_mem(mip, mem_big, 5);
#endif
a[0]=mirvar_mem(mip, mem_big, 6);
a[1]=mirvar_mem(mip, mem_big, 7);
p=mirvar_mem(mip, mem_big, 8);
P.x.a=mirvar_mem(mip, mem_big, 9);
P.x.b=mirvar_mem(mip, mem_big, 10);
P.y.a=mirvar_mem(mip, mem_big, 11);
P.y.b=mirvar_mem(mip, mem_big, 12);
P.z.a=mirvar_mem(mip, mem_big, 13);
P.z.b=mirvar_mem(mip, mem_big, 14);
P.marker=MR_EPOINT_INFINITY;
psi[0].a=mirvar_mem(mip, mem_big, 15);
psi[0].b=mirvar_mem(mip, mem_big, 16);
promptr=0;
init_big_from_rom(p,WORDS,rom,16,&promptr); /* Read in prime modulus p from ROM */
init_big_from_rom(B,WORDS,rom,16,&promptr); /* Read in curve parameter B from ROM */
init_big_from_rom(psi[0].a,WORDS,rom,16,&promptr);
init_big_from_rom(psi[0].b,WORDS,rom,16,&promptr);
init_big_from_rom(x.a,WORDS,rom,16,&promptr);
init_big_from_rom(x.b,WORDS,rom,16,&promptr);
#ifndef COMPRESSED
init_big_from_rom(y.a,WORDS,rom,16,&promptr);
init_big_from_rom(y.b,WORDS,rom,16,&promptr);
#endif
convert(mip,1,A); /* Fix A=1 */
/* offline calculations */
ecurve_init(mip,A,B,p,MR_PROJECTIVE);
mip->TWIST=TRUE;
/* Alice calculates secret key */
bytes_to_big(mip,16,pk,x.a);
bytes_to_big(mip,16,&pk[16],x.b);
bytes_to_big(mip,16,sk,a[0]);
bytes_to_big(mip,16,&sk[16],a[1]);
#ifndef COMPRESSED
bytes_to_big(mip,16,&pk[32],y.a);
bytes_to_big(mip,16,&pk[48],y.b);
if (!ecn2_set(mip,&x,&y,&P))
{
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return -1;
}
#else
if (!ecn2_setx(mip,&x,&P))
{
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return -1;
}
#endif
ecn2_mul2_gls(mip,a,&P,psi,&P);
ecn2_getx(&P,&x);
#ifdef COMPRESSED
zzn2_sqr(mip,&x,&x); /* I tossed y, so I might have wrong sign.. */
#endif
big_to_bytes(mip,16,x.a,s,TRUE);
big_to_bytes(mip,16,x.b,&s[16],TRUE);
memset(mem_big, 0, MR_BIG_RESERVE(17));
mirexit(mip);
return 0;
}
int crypto_dh_keypair(unsigned char* pk,unsigned char *sk)
{
int i,promptr;
big A,B,p,a[2];
zzn2 x,y,psi[2];
miracl instance; /* create miracl workspace on the stack */
ebrick binst;
/* Specify base 16 here so that HEX can be read in directly without a base-change */
miracl *mip=mirsys(&instance,WORDS*16,16); /* size of bigs is fixed */
char mem_big[MR_BIG_RESERVE(11)]; /* we need 10 bigs... */
memset(mem_big, 0, MR_BIG_RESERVE(11)); /* clear the memory */
A=mirvar_mem(mip, mem_big, 0); /* Initialise big numbers */
B=mirvar_mem(mip, mem_big, 1);
x.a=mirvar_mem(mip, mem_big, 2);
x.b=mirvar_mem(mip, mem_big, 3);
y.a=mirvar_mem(mip, mem_big, 4);
y.b=mirvar_mem(mip, mem_big, 5);
a[0]=mirvar_mem(mip, mem_big, 6);
a[1]=mirvar_mem(mip, mem_big, 7);
p=mirvar_mem(mip, mem_big, 8);
psi[0].a=mirvar_mem(mip, mem_big, 9);
psi[0].b=mirvar_mem(mip, mem_big, 10);
promptr=0;
init_big_from_rom(p,WORDS,rom,16,&promptr); /* Read in prime modulus p from ROM */
init_big_from_rom(B,WORDS,rom,16,&promptr); /* Read in curve parameter B from ROM */
init_big_from_rom(psi[0].a,WORDS,rom,16,&promptr);
init_big_from_rom(psi[0].b,WORDS,rom,16,&promptr);
convert(mip,1,A); /* Fix A=1 */
ecn2_brick_init(&binst,prom,A,B,p,6,128);
/* Alices key gen calculation */
#ifdef HAVE_MAIN
for (i=0;i<32;i++) sk[i]=rand();
#else
randombytes(sk,32);
#endif
sk[15]&=0x3f; sk[31]&=0x3f;
bytes_to_big(mip,16,sk,a[0]);
bytes_to_big(mip,16,&sk[16],a[1]);
ecn2_mul_brick_gls(mip,&binst,a,psi,&x,&y);
big_to_bytes(mip,16,x.a,pk,TRUE);
big_to_bytes(mip,16,x.b,&pk[16],TRUE);
#ifndef COMPRESSED
big_to_bytes(mip,16,y.a,&pk[32],TRUE);
big_to_bytes(mip,16,y.b,&pk[48],TRUE);
#endif
memset(mem_big, 0, MR_BIG_RESERVE(11));
mirexit(mip);
return 0;
}
/*
* function encodeByteArrayToPoint : Encodes the given byte array into a point.
* If the given byte array can not be encoded to a point, returns 0.
* param dlog : Pointer to the native Dlog object.
* param binaryString : The byte array to encode.
* param k : k is the maximum length of a string to be converted to a Group Element of this group.
* If a string exceeds the k length it cannot be converted.
* return : The created point or 0 if the point cannot be created.
*/
JNIEXPORT jlong JNICALL Java_edu_biu_scapi_primitives_dlog_miracl_MiraclDlogECFp_encodeByteArrayToPoint
(JNIEnv * env, jobject, jlong m, jbyteArray binaryString, jint k){
//Pseudo-code:
/*If the length of binaryString exceeds k then throw IndexOutOfBoundsException.
Let L be the length in bytes of p
Choose a random byte array r of length L – k – 2 bytes
Prepare a string newString of the following form: r || binaryString || binaryString.length (where || denotes concatenation) (i.e., the least significant byte of newString is the length of binaryString in bytes)
Convert the result to a BigInteger (bIString)
Compute the elliptic curve equation for this x and see if there exists a y such that (x,y) satisfies the equation.
If yes, return (x,y)
Else, go back to step 3 (choose a random r etc.) up to 80 times (This is an arbitrary hard-coded number).
If did not find y such that (x,y) satisfies the equation after 80 trials then return null.
*/
/* convert the accepted parameters to MIRACL parameters*/
miracl* mip = (miracl*)m;
jbyte* string = (jbyte*) env->GetByteArrayElements(binaryString, 0);
int len = env->GetArrayLength(binaryString);
if (len > k){
env ->ReleaseByteArrayElements(binaryString, string, 0);
return 0;
}
big x, p;
x = mirvar(mip, 0);
p = mip->modulus;
int l = logb2(mip, p)/8;
char* randomArray = new char[l-k-2];
char* newString = new char[l - k - 1 + len];
memcpy(newString+l-k-2, string, len);
newString[l - k - 2 + len] = (char) len;
int counter = 0;
bool success = 0;
csprng rng;
srand(time(0));
long seed;
char raw = rand();
time((time_t*)&seed);
strong_init(&rng,1,&raw,seed);
do{
for (int i=0; i<l-k-2; i++){
randomArray[i] = strong_rng(&rng);
}
memcpy(newString, randomArray, l-k-2);
bytes_to_big(mip, l - k - 1 + len, newString, x);
//If the number is negative, make it positive.
if(exsign(x)== -1){
absol(x, x);
}
//epoint_x returns true if the given x value leads to a valid point on the curve.
//if failed, go back to choose a random r etc.
success = epoint_x(mip, x);
counter++;
} while((!success) && (counter <= 80)); //we limit the amount of times we try to 80 which is an arbitrary number.
epoint* point = 0;
if (success){
point = epoint_init(mip);
epoint_set(mip, x, x, 0, point);
}
char* temp = new char[l - k - 1 + len];
big_to_bytes(mip,l - k - 1 + len , x, temp, 1);
//Delete the allocated memory.
env ->ReleaseByteArrayElements(binaryString, string, 0);
mirkill(x);
delete(randomArray);
delete(newString);
//Return the created point.
return (long) point;
}
int SM9_standard_key_encap(unsigned char hid[], unsigned char *IDB, unsigned char rand[],
unsigned char Ppub[], unsigned char C[], unsigned char K[], int Klen)
{
big h, x, y, r;
epoint *Ppube, *QB, *Cipher;
unsigned char *Z = NULL;
int Zlen, buf, i, num = 0;
zzn12 g, w;
//initiate
h = mirvar(0);
r = mirvar(0);
x = mirvar(0);
y = mirvar(0);
QB = epoint_init();
Ppube = epoint_init();
Cipher = epoint_init();
zzn12_init(&g);
zzn12_init(&w);
bytes_to_big(BNLEN, Ppub, x);
bytes_to_big(BNLEN, Ppub + BNLEN, y);
epoint_set(x, y, 0, Ppube);
//----------Step1:calculate QB=[H1(IDB||hid,N)]P1+Ppube----------
Zlen = strlen(IDB) + 1;
Z = (char *)malloc(sizeof(char)*(Zlen + 1));
if(Z == NULL)
return SM9_ASK_MEMORY_ERR;
memcpy(Z, IDB, strlen(IDB));
memcpy(Z + strlen(IDB), hid, 1);
buf = SM9_standard_h1(Z, Zlen, N, h);
free(Z);
if(buf)
return buf;
printf("\n************************ H1(IDB||hid,N) ************************\n");
cotnum(h, stdout);
ecurve_mult(h, P1, QB);
ecurve_add(Ppube, QB);
printf("\n*******************QB:=[H1(IDB||hid,N)]P1+Ppube*****************\n");
epoint_get(QB, x, y);
cotnum(x, stdout);
cotnum(y, stdout);
//-------------------- Step2:randnom -------------------
bytes_to_big(BNLEN, rand, r);
printf("\n***********************randnum r: ******************************\n");
cotnum(r, stdout);
//----------------Step3:C=[r]QB------------------------
ecurve_mult(r, QB, Cipher);
epoint_get(Cipher, x, y);
printf("\n*********************** C=[r]QB: ******************************\n");
cotnum(x, stdout);
cotnum(y, stdout);
big_to_bytes(BNLEN, x, C, 1);
big_to_bytes(BNLEN, y, C + BNLEN, 1);
//----------------Step4:g=e(Ppube,P2)------------------------
if(!ecap(P2, Ppube, para_t, X, &g))
return SM9_MY_ECAP_12A_ERR;
//test if a ZZn12 element is of order q
if(!member(g, para_t, X))
return SM9_MEMBER_ERR;
printf("\n***********************g=e(Ppube,P2):****************************\n");
zzn12_ElementPrint(g);
//----------------Step5:w=g^r------------------------
w = zzn12_pow(g, r);
printf("\n************************* w=g^r:*********************************\n");
zzn12_ElementPrint(w);
//----------------Step6:K=KDF(C||w||IDB,klen)------------------------
Zlen = strlen(IDB) + BNLEN * 14;
Z = (char *)malloc(sizeof(char)*(Zlen + 1));
if(Z == NULL)
return SM9_ASK_MEMORY_ERR;
LinkCharZzn12(C, BNLEN * 2, w, Z, BNLEN * 14);
memcpy(Z + BNLEN * 14, IDB, strlen(IDB));
SM3_kdf(Z, Zlen, Klen, K);
free(Z);
//----------------test if K equals 0------------------------
printf("\n******************* K=KDF(C||w||IDB,klen):***********************\n");
for(i = 0; i < Klen; i++)
{
if(K[i] == 0)
num += 1;
printf("%02x", K[i]);
}
if(num == Klen)
return SM9_ERR_K1_ZERO;
return 0;
}
int SM9_standard_encap_selfcheck()
{
//the master private key
unsigned char KE[32] = {0x00, 0x01, 0xED, 0xEE, 0x37, 0x78, 0xF4, 0x41, 0xF8, 0xDE, 0xA3, 0xD9, 0xFA, 0x0A, 0xCC, 0x4E,
0x07, 0xEE, 0x36, 0xC9, 0x3F, 0x9A, 0x08, 0x61, 0x8A, 0xF4, 0xAD, 0x85, 0xCE, 0xDE, 0x1C, 0x22};
unsigned char rand[32] = {0x00, 0x00, 0x74, 0x01, 0x5F, 0x84, 0x89, 0xC0, 0x1E, 0xF4, 0x27, 0x04, 0x56, 0xF9, 0xE6, 0x47,
0x5B, 0xFB, 0x60, 0x2B, 0xDE, 0x7F, 0x33, 0xFD, 0x48, 0x2A, 0xB4, 0xE3, 0x68, 0x4A, 0x67, 0x22};
//standard datas
unsigned char std_Ppub[64] = {0x78, 0x7E, 0xD7, 0xB8, 0xA5, 0x1F, 0x3A, 0xB8, 0x4E, 0x0A, 0x66, 0x00, 0x3F, 0x32, 0xDA, 0x5C,
0x72, 0x0B, 0x17, 0xEC, 0xA7, 0x13, 0x7D, 0x39, 0xAB, 0xC6, 0x6E, 0x3C, 0x80, 0xA8, 0x92, 0xFF,
0x76, 0x9D, 0xE6, 0x17, 0x91, 0xE5, 0xAD, 0xC4, 0xB9, 0xFF, 0x85, 0xA3, 0x13, 0x54, 0x90, 0x0B,
0x20, 0x28, 0x71, 0x27, 0x9A, 0x8C, 0x49, 0xDC, 0x3F, 0x22, 0x0F, 0x64, 0x4C, 0x57, 0xA7, 0xB1};
unsigned char std_deB[128] = {0x94, 0x73, 0x6A, 0xCD, 0x2C, 0x8C, 0x87, 0x96, 0xCC, 0x47, 0x85, 0xE9, 0x38, 0x30, 0x1A, 0x13,
0x9A, 0x05, 0x9D, 0x35, 0x37, 0xB6, 0x41, 0x41, 0x40, 0xB2, 0xD3, 0x1E, 0xEC, 0xF4, 0x16, 0x83,
0x11, 0x5B, 0xAE, 0x85, 0xF5, 0xD8, 0xBC, 0x6C, 0x3D, 0xBD, 0x9E, 0x53, 0x42, 0x97, 0x9A, 0xCC,
0xCF, 0x3C, 0x2F, 0x4F, 0x28, 0x42, 0x0B, 0x1C, 0xB4, 0xF8, 0xC0, 0xB5, 0x9A, 0x19, 0xB1, 0x58,
0x7A, 0xA5, 0xE4, 0x75, 0x70, 0xDA, 0x76, 0x00, 0xCD, 0x76, 0x0A, 0x0C, 0xF7, 0xBE, 0xAF, 0x71,
0xC4, 0x47, 0xF3, 0x84, 0x47, 0x53, 0xFE, 0x74, 0xFA, 0x7B, 0xA9, 0x2C, 0xA7, 0xD3, 0xB5, 0x5F,
0x27, 0x53, 0x8A, 0x62, 0xE7, 0xF7, 0xBF, 0xB5, 0x1D, 0xCE, 0x08, 0x70, 0x47, 0x96, 0xD9, 0x4C,
0x9D, 0x56, 0x73, 0x4F, 0x11, 0x9E, 0xA4, 0x47, 0x32, 0xB5, 0x0E, 0x31, 0xCD, 0xEB, 0x75, 0xC1};
unsigned char std_K[64] = {0x4F, 0xF5, 0xCF, 0x86, 0xD2, 0xAD, 0x40, 0xC8, 0xF4, 0xBA, 0xC9, 0x8D, 0x76, 0xAB, 0xDB, 0xDE,
0x0C, 0x0E, 0x2F, 0x0A, 0x82, 0x9D, 0x3F, 0x91, 0x1E, 0xF5, 0xB2, 0xBC, 0xE0, 0x69, 0x54, 0x80};
unsigned char std_C[64] = {0x1E, 0xDE, 0xE2, 0xC3, 0xF4, 0x65, 0x91, 0x44, 0x91, 0xDE, 0x44, 0xCE, 0xFB, 0x2C, 0xB4, 0x34,
0xAB, 0x02, 0xC3, 0x08, 0xD9, 0xDC, 0x5E, 0x20, 0x67, 0xB4, 0xFE, 0xD5, 0xAA, 0xAC, 0x8A, 0x0F,
0x1C, 0x9B, 0x4C, 0x43, 0x5E, 0xCA, 0x35, 0xAB, 0x83, 0xBB, 0x73, 0x41, 0x74, 0xC0, 0xF7, 0x8F,
0xDE, 0x81, 0xA5, 0x33, 0x74, 0xAF, 0xF3, 0xB3, 0x60, 0x2B, 0xBC, 0x5E, 0x37, 0xBE, 0x9A, 0x4C};
unsigned char hid[] = {0x03}, *IDB = "Bob";
unsigned char Ppub[64], deB[128], C[64], K[32], K_decap[32];
big ke;
int tmp, i;
int Klen = 32;
mip = mirsys(1000, 16);
mip->IOBASE = 16;
ke = mirvar(0);
bytes_to_big(32, KE, ke);
tmp = SM9_standard_init();
if(tmp != 0)
return tmp;
printf("\n*********************** SM9 key Generation ***************************\n");
tmp = SM9_standard_generateencryptkey(hid, IDB, strlen(IDB), ke, Ppub, deB);
if(tmp != 0)
return tmp;
if(memcmp(Ppub, std_Ppub, 64) != 0)
return SM9_GEPUB_ERR;
if(memcmp(deB, std_deB, 128) != 0)
return SM9_GEPRI_ERR;
printf("\n**********************PublicKey Ppubs=[ke]P1:*************************\n");
for(i = 0; i < 64; i++)
{
if(i == 32)
printf("\n");
printf("%02x", Ppub[i]);
}
printf("\n**************The private key deB = (xdeB, ydeB):*********************\n");
for(i = 0; i < 128; i++)
{
if(i == 64)
printf("\n");
printf("%02x", deB[i]);
}
printf("\n///////////////////SM9 Key encapsulation mechanism//////////////////////\n");
tmp = SM9_standard_key_encap(hid, IDB, rand, Ppub, C, K, Klen);
if(tmp != 0)
return tmp;
if(memcmp(C, std_C, 64) != 0)
return SM9_ERR_Encap_C;
if(memcmp(K, std_K, Klen) != 0)
return SM9_ERR_Encap_K;
printf("\n///////////////////SM9 Key decapsulation mechanism//////////////////////\n");
tmp = SM9_standard_key_decap(IDB, deB, C, Klen, K_decap);
if(tmp != 0)
return tmp;
if(memcmp(K_decap, std_K, 32) != 0)
return SM9_ERR_Decap_K;
return 0;
}
