11#include <botan/hash.h>
12#include <botan/numthry.h>
13#include <botan/internal/keypair.h>
14#include <botan/internal/loadstor.h>
15#include <botan/internal/parsing.h>
16#include <botan/internal/pk_ops_impl.h>
17#include <botan/internal/point_mul.h>
59 std::string_view user_id,
62 if(user_id.size() >= 8192) {
66 const uint16_t uid_len =
static_cast<uint16_t
>(8 * user_id.size());
68 hash.
update(get_byte<0>(uid_len));
69 hash.
update(get_byte<1>(uid_len));
82 hash.
final(za.data());
92class SM2_Signature_Operation
final :
public PK_Ops::Signature {
94 SM2_Signature_Operation(
const SM2_PrivateKey& sm2, std::string_view ident, std::string_view hash) :
95 m_group(sm2.domain()), m_x(sm2.private_value()), m_da_inv(sm2.get_da_inv()) {
101 m_za =
sm2_compute_za(*m_hash, ident, m_group, sm2.public_point());
102 m_hash->update(m_za);
106 size_t signature_length()
const override {
return 2 * m_group.get_order_bytes(); }
108 void update(
const uint8_t msg[],
size_t msg_len)
override {
110 m_hash->update(msg, msg_len);
112 m_digest.insert(m_digest.end(), msg, msg + msg_len);
116 secure_vector<uint8_t> sign(RandomNumberGenerator& rng)
override;
118 std::string hash_function()
const override {
return m_hash ? m_hash->name() :
"Raw"; }
121 const EC_Group m_group;
123 const BigInt m_da_inv;
125 std::vector<uint8_t> m_za;
126 secure_vector<uint8_t> m_digest;
127 std::unique_ptr<HashFunction> m_hash;
128 std::vector<BigInt> m_ws;
131secure_vector<uint8_t> SM2_Signature_Operation::sign(RandomNumberGenerator& rng) {
134 e = BigInt::decode(m_hash->final());
136 m_hash->update(m_za);
138 e = BigInt::decode(m_digest);
147 return BigInt::encode_fixed_length_int_pair(r, s, m_group.
get_order().
bytes());
153class SM2_Verification_Operation
final :
public PK_Ops::Verification {
155 SM2_Verification_Operation(
const SM2_PublicKey& sm2, std::string_view ident, std::string_view hash) :
156 m_group(sm2.domain()), m_gy_mul(m_group.get_base_point(), sm2.public_point()) {
160 m_hash = HashFunction::create_or_throw(hash);
162 m_za =
sm2_compute_za(*m_hash, ident, m_group, sm2.public_point());
163 m_hash->update(m_za);
167 void update(
const uint8_t msg[],
size_t msg_len)
override {
169 m_hash->update(msg, msg_len);
171 m_digest.insert(m_digest.end(), msg, msg + msg_len);
175 bool is_valid_signature(
const uint8_t sig[],
size_t sig_len)
override;
177 std::string hash_function()
const override {
return m_hash ? m_hash->name() :
"Raw"; }
180 const EC_Group m_group;
181 const EC_Point_Multi_Point_Precompute m_gy_mul;
182 secure_vector<uint8_t> m_digest;
183 std::vector<uint8_t> m_za;
184 std::unique_ptr<HashFunction> m_hash;
187bool SM2_Verification_Operation::is_valid_signature(
const uint8_t sig[],
size_t sig_len) {
190 e = BigInt::decode(m_hash->final());
192 m_hash->update(m_za);
194 e = BigInt::decode(m_digest);
202 const BigInt r(sig, sig_len / 2);
203 const BigInt s(sig + sig_len / 2, sig_len / 2);
209 const BigInt t = m_group.
mod_order(r + s);
215 const EC_Point R = m_gy_mul.
multi_exp(s, t);
222 return (m_group.
mod_order(R.get_affine_x() + e) == r);
225void parse_sm2_param_string(std::string_view params, std::string& userid, std::string& hash) {
227 const std::string default_userid =
"1234567812345678";
230 userid = default_userid;
239 auto comma = params.find(
',');
240 if(comma == std::string::npos) {
243 userid = params.substr(0, comma);
244 hash = params.substr(comma + 1, std::string::npos);
251 return std::make_unique<SM2_PrivateKey>(rng, domain());
255 std::string_view provider)
const {
256 if(provider ==
"base" || provider.empty()) {
257 std::string userid, hash;
258 parse_sm2_param_string(params, userid, hash);
259 return std::make_unique<SM2_Verification_Operation>(*
this, userid, hash);
266 std::string_view params,
267 std::string_view provider)
const {
268 if(provider ==
"base" || provider.empty()) {
269 std::string userid, hash;
270 parse_sm2_param_string(params, userid, hash);
271 return std::make_unique<SM2_Signature_Operation>(*
this, userid, hash);
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
void update(const uint8_t in[], size_t length)
virtual size_t output_length() const =0
void final(uint8_t out[])
BigInt blinded_base_point_multiply_x(const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
const BigInt & get_b() const
const BigInt & get_a() const
const BigInt & get_g_y() const
BigInt mod_order(const BigInt &x) const
BigInt multiply_mod_order(const BigInt &x, const BigInt &y) const
const BigInt & get_order() const
const BigInt & get_g_x() const
BigInt inverse_mod_order(const BigInt &x) const
size_t get_p_bytes() const
BigInt random_scalar(RandomNumberGenerator &rng) const
EC_Point multi_exp(const BigInt &k1, const BigInt &k2) const
BigInt get_affine_x() const
BigInt get_affine_y() const
bool check_key(RandomNumberGenerator &rng, bool strong) const override
const EC_Group & domain() const
const EC_Point & public_point() const
static std::unique_ptr< HashFunction > create_or_throw(std::string_view algo_spec, std::string_view provider="")
std::unique_ptr< Public_Key > public_key() const override
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
bool check_key(RandomNumberGenerator &rng, bool) const override
SM2_PrivateKey(const AlgorithmIdentifier &alg_id, std::span< const uint8_t > key_bits)
std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
std::string algo_name() const override
int(* update)(CTX *, const void *, CC_LONG len)
int(* final)(unsigned char *, CTX *)
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, std::string_view padding)
std::vector< uint8_t > sm2_compute_za(HashFunction &hash, std::string_view user_id, const EC_Group &domain, const EC_Point &pubkey)