11#include <botan/hash.h>
12#include <botan/internal/keypair.h>
13#include <botan/internal/loadstor.h>
14#include <botan/internal/parsing.h>
15#include <botan/internal/pk_ops_impl.h>
50 m_da_inv((this->_private_key() +
EC_Scalar::one(domain())).invert()),
51 m_da_inv_legacy(m_da_inv.to_bigint()) {}
55 m_da_inv((this->_private_key() +
EC_Scalar::one(domain())).invert()),
56 m_da_inv_legacy(m_da_inv.to_bigint()) {}
60 m_da_inv((this->_private_key() +
EC_Scalar::one(domain())).invert()),
61 m_da_inv_legacy(m_da_inv.to_bigint()) {}
65 m_da_inv((this->_private_key() +
EC_Scalar::one(domain())).invert()),
66 m_da_inv_legacy(m_da_inv.to_bigint()) {}
69 std::string_view user_id,
72 if(user_id.size() >= 8192) {
76 const uint16_t uid_len =
static_cast<uint16_t
>(8 * user_id.size());
90 return hash.
final<std::vector<uint8_t>>();
98class SM2_Signature_Operation
final :
public PK_Ops::Signature {
100 SM2_Signature_Operation(
const SM2_PrivateKey& sm2, std::string_view ident, std::string_view hash) :
101 m_group(sm2.domain()), m_x(sm2._private_key()), m_da_inv(sm2._get_da_inv()) {
107 m_za =
sm2_compute_za(*m_hash, ident, m_group, sm2._public_ec_point());
108 m_hash->update(m_za);
112 size_t signature_length()
const override {
return 2 * m_group.get_order_bytes(); }
114 void update(std::span<const uint8_t> input)
override {
116 m_hash->update(input);
118 m_digest.insert(m_digest.end(), input.begin(), input.end());
122 std::vector<uint8_t> sign(RandomNumberGenerator& rng)
override;
124 std::string hash_function()
const override {
return m_hash ? m_hash->name() :
"Raw"; }
127 const EC_Group m_group;
129 const EC_Scalar m_da_inv;
131 std::vector<uint8_t> m_za;
133 std::unique_ptr<HashFunction> m_hash;
134 std::vector<BigInt> m_ws;
137std::vector<uint8_t> SM2_Signature_Operation::sign(RandomNumberGenerator& rng) {
138 const auto e = [&]() {
140 auto ie = EC_Scalar::from_bytes_mod_order(m_group, m_hash->final());
142 m_hash->update(m_za);
145 auto ie = EC_Scalar::from_bytes_mod_order(m_group, m_digest);
151 const auto k = EC_Scalar::random(m_group, rng);
153 const auto r = EC_Scalar::gk_x_mod_order(k, rng, m_ws) + e;
154 const auto s = (k - r * m_x) * m_da_inv;
156 return EC_Scalar::serialize_pair(r, s);
162class SM2_Verification_Operation
final :
public PK_Ops::Verification {
164 SM2_Verification_Operation(
const SM2_PublicKey& sm2, std::string_view ident, std::string_view hash) :
165 m_group(sm2.domain()), m_gy_mul(sm2._public_ec_point()) {
169 m_hash = HashFunction::create_or_throw(hash);
171 m_za =
sm2_compute_za(*m_hash, ident, m_group, sm2._public_ec_point());
172 m_hash->update(m_za);
176 void update(std::span<const uint8_t> input)
override {
178 m_hash->update(input);
180 m_digest.insert(m_digest.end(), input.begin(), input.end());
184 bool is_valid_signature(std::span<const uint8_t> sig)
override;
186 std::string hash_function()
const override {
return m_hash ? m_hash->name() :
"Raw"; }
189 const EC_Group m_group;
190 const EC_Group::Mul2Table m_gy_mul;
191 secure_vector<uint8_t> m_digest;
192 std::vector<uint8_t> m_za;
193 std::unique_ptr<HashFunction> m_hash;
196bool SM2_Verification_Operation::is_valid_signature(std::span<const uint8_t> sig) {
197 const auto e = [&]() {
199 auto ie = EC_Scalar::from_bytes_mod_order(m_group, m_hash->final());
201 m_hash->update(m_za);
204 auto ie = EC_Scalar::from_bytes_mod_order(m_group, m_digest);
210 if(
auto rs = EC_Scalar::deserialize_pair(m_group, sig)) {
211 const auto& [r, s] = rs.value();
213 if(r.is_nonzero() && s.is_nonzero()) {
214 const auto t = r + s;
224void parse_sm2_param_string(std::string_view params, std::string& userid, std::string& hash) {
226 const std::string default_userid =
"1234567812345678";
229 userid = default_userid;
238 auto comma = params.find(
',');
239 if(comma == std::string::npos) {
242 userid = params.substr(0, comma);
243 hash = params.substr(comma + 1, std::string::npos);
250 return std::make_unique<SM2_PrivateKey>(rng, domain());
254 std::string_view provider)
const {
255 if(provider ==
"base" || provider.empty()) {
256 std::string userid, hash;
257 parse_sm2_param_string(params, userid, hash);
258 return std::make_unique<SM2_Verification_Operation>(*
this, userid, hash);
265 std::string_view params,
266 std::string_view provider)
const {
267 if(provider ==
"base" || provider.empty()) {
268 std::string userid, hash;
269 parse_sm2_param_string(params, userid, hash);
270 return std::make_unique<SM2_Signature_Operation>(*
this, userid, hash);
T serialize(size_t len) const
void update(const uint8_t in[], size_t length)
void final(uint8_t out[])
bool mul2_vartime_x_mod_order_eq(const EC_Scalar &v, const EC_Scalar &x, const EC_Scalar &y) const
const BigInt & get_b() const
const BigInt & get_a() const
const BigInt & get_g_y() const
const BigInt & get_g_x() const
size_t get_p_bytes() const
const BigInt & private_value() const
bool check_key(RandomNumberGenerator &rng, bool strong) const override
const EC_Group & domain() const
const EC_AffinePoint & _public_ec_point() const
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
std::unique_ptr< Public_Key > public_key() const override
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
bool check_key(RandomNumberGenerator &rng, bool) const override
SM2_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
std::string algo_name() const override
int(* update)(CTX *, const void *, CC_LONG len)
int(* final)(unsigned char *, CTX *)
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, std::string_view padding)
constexpr uint8_t get_byte(T input)
std::vector< T, secure_allocator< T > > secure_vector
std::vector< uint8_t > sm2_compute_za(HashFunction &hash, std::string_view user_id, const EC_Group &group, const EC_AffinePoint &pubkey)