博客
关于我
SM9-加解密
阅读量:708 次
发布时间:2019-03-17

本文共 15550 字,大约阅读时间需要 51 分钟。

算法过程

           

             

程序实现

///************************************************************************ //  File name:    SM9_enc_dec.c //  Version:      SM9_enc_dec_V1.0 //  Date:         Dec 29,2016 //  Description:  implementation of SM9 encryption algorithm and decryption algorithm //                all operations based on BN curve line function //  Function List: //        1.bytes128_to_ecn2        //convert 128 bytes into ecn2 //        2.zzn12_ElementPrint      //print all element of struct zzn12 //        3.ecn2_Bytes128_Print     //print 128 bytes of ecn2 //        4.LinkCharZzn12           //link two different types(unsigned char and zzn12)to one(unsigned char) //        5.Test_Point              //test if the given point is on SM9 curve //        6.SM4_Block_Encrypt       //encrypt the message with padding,according to PKS#5 //        7.SM4_Block_Decrypt       //decrypt the cipher with padding,according to PKS#5 //        8.SM9_H1                  //function H1 in SM9 standard 5.4.2.2 //        9.SM9_Enc_MAC             //MAC in SM9 standard 5.4.5 //        10.SM9_Init               //initiate SM9 curve //        11.SM9_GenerateEncryptKey //generate encrypted private and public key //        12.SM9_Encrypt            //SM9 encryption algorithm //        13.SM9_Decrypt            //SM9 decryption algorithm //        14.SM9_SelfCheck()        //SM9 slef-check // // Notes: // This SM9 implementation source code can be used for academic, non-profit making or non-commercial use only. // This SM9 implementation is created on MIRACL. SM9 implementation source code provider does not provide MIRACL library, MIRACL license or any permission to use MIRACL library. Any commercial use of MIRACL requires a license which may be obtained from Shamus Software Ltd. //**************************************************************************/ #include "SM9_enc_dec.h" #include "kdf.h" #include "SM4.h" /****************************************************************Function:       bytes128_to_ecn2Description:    convert 128 bytes into ecn2Calls:          MIRACL functionsCalled By:      SM9_Init,SM9_DecryptInput:          Ppubs[]Output:         ecn2 *resReturn:         FALSE: execution errorTRUE: execute correctlyOthers:****************************************************************/BOOL bytes128_to_ecn2(unsigned char Ppubs[], ecn2 *res){	zzn2 x, y;	big a, b;	ecn2 r;	r.x.a = mirvar(0); r.x.b = mirvar(0);	r.y.a = mirvar(0); r.y.b = mirvar(0);	r.z.a = mirvar(0); r.z.b = mirvar(0);	r.marker = MR_EPOINT_INFINITY;	x.a = mirvar(0); x.b = mirvar(0);	y.a = mirvar(0); y.b = mirvar(0);	a = mirvar(0); b = mirvar(0);	bytes_to_big(BNLEN, Ppubs, b);	bytes_to_big(BNLEN, Ppubs + BNLEN, a);	zzn2_from_bigs(a, b, &x);	bytes_to_big(BNLEN, Ppubs + BNLEN * 2, b);	bytes_to_big(BNLEN, Ppubs + BNLEN * 3, a);	zzn2_from_bigs(a, b, &y);	return ecn2_set(&x, &y, res);}/****************************************************************Function:       zzn12_ElementPrintDescription:    print all element of struct zzn12Calls:          MIRACL functionsCalled By:      SM9_Encrypt,SM9_DecryptInput:          zzn12 xOutput:         NULLReturn:         NULLOthers:****************************************************************/void zzn12_ElementPrint(zzn12 x){	big tmp;	tmp = mirvar(0);	redc(x.c.b.b, tmp); cotnum(tmp, stdout);	redc(x.c.b.a, tmp); cotnum(tmp, stdout);	redc(x.c.a.b, tmp); cotnum(tmp, stdout);	redc(x.c.a.a, tmp); cotnum(tmp, stdout);	redc(x.b.b.b, tmp); cotnum(tmp, stdout);	redc(x.b.b.a, tmp); cotnum(tmp, stdout);	redc(x.b.a.b, tmp); cotnum(tmp, stdout);	redc(x.b.a.a, tmp); cotnum(tmp, stdout);	redc(x.a.b.b, tmp); cotnum(tmp, stdout);	redc(x.a.b.a, tmp); cotnum(tmp, stdout);	redc(x.a.a.b, tmp); cotnum(tmp, stdout);	redc(x.a.a.a, tmp); cotnum(tmp, stdout);}/****************************************************************Function:       ecn2_Bytes128_PrintDescription:    print 128 bytes of ecn2Calls:          MIRACL functionsCalled By:      SM9_Encrypt,SM9_DecryptInput:          ecn2 xOutput:         NULLReturn:         NULLOthers:****************************************************************/void ecn2_Bytes128_Print(ecn2 x){	big tmp;	tmp = mirvar(0);	redc(x.x.b, tmp); cotnum(tmp, stdout);	redc(x.x.a, tmp); cotnum(tmp, stdout);	redc(x.y.b, tmp); cotnum(tmp, stdout);	redc(x.y.a, tmp); cotnum(tmp, stdout);}/****************************************************************Function:       LinkCharZzn12Description:    link two different types(unsigned char and zzn12)to one(unsigned char)Calls:          MIRACL functionsCalled By:      SM9_Encrypt,SM9_DecryptInput:          message:len:    length of messagew:      zzn12 elementOutput:         Z:      the characters array stored message and wZlen:   length of ZReturn:         NULLOthers:****************************************************************/void LinkCharZzn12(unsigned char *message, int len, zzn12 w, unsigned char *Z, int Zlen){	big tmp;	tmp = mirvar(0);	memcpy(Z, message, len);	redc(w.c.b.b, tmp); big_to_bytes(BNLEN, tmp, Z + len, 1);	redc(w.c.b.a, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN, 1);	redc(w.c.a.b, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 2, 1);	redc(w.c.a.a, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 3, 1);	redc(w.b.b.b, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 4, 1);	redc(w.b.b.a, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 5, 1);	redc(w.b.a.b, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 6, 1);	redc(w.b.a.a, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 7, 1);	redc(w.a.b.b, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 8, 1);	redc(w.a.b.a, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 9, 1);	redc(w.a.a.b, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 10, 1);	redc(w.a.a.a, tmp); big_to_bytes(BNLEN, tmp, Z + len + BNLEN * 11, 1);}/****************************************************************Function:       Test_PointDescription:    test if the given point is on SM9 curveCalls:Called By:      SM9_DecryptInput:          pointOutput:         nullReturn:         0: success1: not a valid point on curveOthers:****************************************************************/int Test_Point(epoint* point){	big x, y, x_3, tmp;	epoint *buf;	x = mirvar(0); y = mirvar(0);	x_3 = mirvar(0);	tmp = mirvar(0);	buf = epoint_init();	//test if y^2=x^3+b 	epoint_get(point, x, y);	power(x, 3, para_q, x_3);     //x_3=x^3 mod p 	multiply(x, para_a, x);	divide(x, para_q, tmp);	add(x_3, x, x);                  //x=x^3+ax+b 	add(x, para_b, x);	divide(x, para_q, tmp);          //x=x^3+ax+b mod p 	power(y, 2, para_q, y);        //y=y^2 mod p 	if (mr_compare(x, y) != 0)		return 1;	//test infinity 	ecurve_mult(N, point, buf);	if (point_at_infinity(buf) == FALSE)		return 1;	return 0;}/***************************************************************Function:       SM4_Block_EncryptDescription:    encrypt the message with padding,according to PKS#5Calls:          SM4_EncryptCalled By:      SM9_EncryptInput:key:the key of SM4message:data to be encryptedmlen:   the length of messageOutput:cipher: ciphertextcipher_len:the length of ciphertextReturn:         NULLOthers:****************************************************************/void SM4_Block_Encrypt(unsigned char key[], unsigned char * message, int mlen, unsigned char *cipher, int * cipher_len){	unsigned char mess[16];	int i, rem = mlen % 16;	for (i = 0; i
= 0; i--)//key[从大到小] { premult(i256, ha[i], tmp); add(hh, tmp, hh); premult(i256, 256, i256); divide(i256, n1, tmp); divide(hh, n1, tmp); } incr(hh, 1, h1); free(ZH); free(ha); return 0;}/****************************************************************Function: SM9_Enc_MACDescription: MAC in SM9 standard 5.4.5Calls: SM3_256Called By: SM9_Encrypt,SM9_DecryptInput:K:keyKlen:the length of KM:messageMlen:the length of messageOutput: C=MAC(K,Z)Return: 0: success;1: asking for memory errorOthers:****************************************************************/int SM9_Enc_MAC(unsigned char *K, int Klen, unsigned char *M, int Mlen, unsigned char C[]){ unsigned char *Z = NULL; int len = Klen + Mlen; Z = (char *)malloc(sizeof(char)*(len + 1)); if (Z == NULL) return SM9_ASK_MEMORY_ERR; memcpy(Z, M, Mlen); memcpy(Z + Mlen, K, Klen); SM3_256(Z, len, C); free(Z); return 0;}/****************************************************************Function: SM9_InitDescription: Initiate SM9 curveCalls: MIRACL functionsCalled By: SM9_SelfCheckInput: nullOutput: nullReturn: 0: success;5: base point P1 error6: base point P2 errorOthers:****************************************************************/int SM9_Init(){ big P1_x, P1_y; mip = mirsys(1000, 16);; mip->IOBASE = 16; para_q = mirvar(0); N = mirvar(0); P1_x = mirvar(0); P1_y = mirvar(0); para_a = mirvar(0); para_b = mirvar(0); para_t = mirvar(0); X.a = mirvar(0); X.b = mirvar(0); P2.x.a = mirvar(0); P2.x.b = mirvar(0); P2.y.a = mirvar(0); P2.y.b = mirvar(0); P2.z.a = mirvar(0); P2.z.b = mirvar(0); P2.marker = MR_EPOINT_INFINITY; P1 = epoint_init(); bytes_to_big(BNLEN, SM9_q, para_q); bytes_to_big(BNLEN, SM9_P1x, P1_x); bytes_to_big(BNLEN, SM9_P1y, P1_y); bytes_to_big(BNLEN, SM9_a, para_a); bytes_to_big(BNLEN, SM9_b, para_b); bytes_to_big(BNLEN, SM9_N, N); bytes_to_big(BNLEN, SM9_t, para_t); mip->TWIST = MR_SEXTIC_M; ecurve_init(para_a, para_b, para_q, MR_PROJECTIVE); //Initialises GF(q) elliptic curve //MR_PROJECTIVE specifying projective coordinates if (!epoint_set(P1_x, P1_y, 0, P1)) return SM9_G1BASEPOINT_SET_ERR; if (!(bytes128_to_ecn2(SM9_P2, &P2))) return SM9_G2BASEPOINT_SET_ERR; set_frobenius_constant(&X); return 0;}/***************************************************************Function: SM9_GenerateEncryptKeyDescription: Generate encryption keys(public key and private key)Calls: MIRACL functions,SM9_H1,xgcd,ecn2_Bytes128_PrintCalled By: SM9_SelfCheckInput: hid:0x03ID:identificationIDlen:the length of IDke:master private key used to generate encryption public key and private keyOutput: Ppubs:encryption public keydeB: encryption private keyReturn: 0: success;1: asking for memory errorOthers:****************************************************************/int SM9_GenerateEncryptKey(unsigned char hid[], unsigned char *ID, int IDlen, big ke, unsigned char Ppubs[], unsigned char deB[]){ big h1, t1, t2, rem, xPpub, yPpub, tmp; unsigned char *Z = NULL; int Zlen = IDlen + 1, buf; ecn2 dEB; epoint *Ppub; h1 = mirvar(0); t1 = mirvar(0); t2 = mirvar(0); rem = mirvar(0); tmp = mirvar(0); xPpub = mirvar(0); yPpub = mirvar(0); Ppub = epoint_init(); dEB.x.a = mirvar(0); dEB.x.b = mirvar(0); dEB.y.a = mirvar(0); dEB.y.b = mirvar(0); dEB.z.a = mirvar(0); dEB.z.b = mirvar(0); dEB.marker = MR_EPOINT_INFINITY; Z = (char *)malloc(sizeof(char)*(Zlen + 1)); memcpy(Z, ID, IDlen); memcpy(Z + IDlen, hid, 1); buf = SM9_H1(Z, Zlen, N, h1); if (buf != 0) return buf; add(h1, ke, t1);//t1=H1(IDA||hid,N)+ks xgcd(t1, N, t1, t1, t1);//t1=t1(-1) multiply(ke, t1, t2); divide(t2, N, rem);//t2=ks*t1(-1) //Ppub=[ke]P2 ecurve_mult(ke, P1, Ppub); //deB=[t2]P2 ecn2_copy(&P2, &dEB); ecn2_mul(t2, &dEB); printf("\n**************用户B私钥 deB = (xdeB, ydeB):*********************\n"); ecn2_Bytes128_Print(dEB); printf("\n*******************加密主公钥 Ppubs=[ke]P1:**********************\n"); epoint_get(Ppub, xPpub, yPpub); cotnum(xPpub, stdout); cotnum(yPpub, stdout); epoint_get(Ppub, xPpub, yPpub); big_to_bytes(BNLEN, xPpub, Ppubs, 1); big_to_bytes(BNLEN, yPpub, Ppubs + BNLEN, 1); redc(dEB.x.b, tmp); big_to_bytes(BNLEN, tmp, deB, 1); redc(dEB.x.a, tmp); big_to_bytes(BNLEN, tmp, deB + BNLEN, 1); redc(dEB.y.b, tmp); big_to_bytes(BNLEN, tmp, deB + BNLEN * 2, 1); redc(dEB.y.a, tmp); big_to_bytes(BNLEN, tmp, deB + BNLEN * 3, 1); free(Z); return 0;}/****************************************************************Function: SM9_EncryptDescription: SM9 encryption algorithmCalls: MIRACL functions,zzn12_init(),ecap(),member(),zzn12_ElementPrint(),zzn12_pow(),LinkCharZzn12(),SM3_KDF(),SM9_Enc_MAC(),SM4_Block_Encrypt()Called By: SM9_SelfCheck()Input:hid:0x03IDB //identification of userBmessage //the message to be encryptedlen //the length of messagerand //a random number K lies in [1,N-1]EncID //encryption identification,0:stream cipher 1:block cipherk1_len //the byte length of K1 in block cipher algorithmk2_len //the byte length of K2 in MAC algorithmPpubs //encrtption public keyOutput: C //cipher C1||C3||C2Clen //the byte length of CReturn:0: success1: asking for memory error2: element is out of order q3: R-ate calculation errorA: K1 equals 0Others:****************************************************************/int SM9_Encrypt(unsigned char hid[], unsigned char *IDB, unsigned char *message, int mlen, unsigned char rand[],int EncID, int k1_len, int k2_len, unsigned char Ppub[], unsigned char C[], int *C_len){ big h, x, y, r; zzn12 g, w; epoint *Ppube, *QB, *C1; unsigned char *Z = NULL, *K = NULL, *C2 = NULL, C3[SM3_len / 8]; int i = 0, j = 0, Zlen, buf, klen, C2_len; //initiate h = mirvar(0); r = mirvar(0); x = mirvar(0); y = mirvar(0); QB = epoint_init(); Ppube = epoint_init(); C1 = epoint_init(); zzn12_init(&g); zzn12_init(&w); bytes_to_big(BNLEN, Ppub, x); bytes_to_big(BNLEN, Ppub + BNLEN, y); epoint_set(x, y, 0, Ppube); //Step1:calculate QB=[H1(IDB||hid,N)]P1+Ppube Zlen = strlen(IDB) + 1; Z = (char *)malloc(sizeof(char)*(Zlen + 1)); if (Z == NULL) return SM9_ASK_MEMORY_ERR; memcpy(Z, IDB, strlen(IDB)); memcpy(Z + strlen(IDB), hid, 1); buf = SM9_H1(Z, Zlen, N, h); if (buf) return buf; ecurve_mult(h, P1, QB); ecurve_add(Ppube, QB); printf("\n*******************QB:=[H1(IDB||hid,N)]P1+Ppube*****************\n"); epoint_get(QB, x, y); cotnum(x, stdout); cotnum(y, stdout); //Step2:randnom bytes_to_big(BNLEN, rand, r); printf("\n***********************随机数 r:********************************\n"); cotnum(r, stdout); //Step3:C1=[r]QB ecurve_mult(r, QB, C1); printf("\n*************************:C1=[r]QB*******************************\n"); epoint_get(C1, x, y); cotnum(x, stdout); cotnum(y, stdout); big_to_bytes(BNLEN, x, C, 1); big_to_bytes(BNLEN, y, C + BNLEN, 1); //Step4:g = e(P2, Ppub-e) if (!ecap(P2, Ppube, para_t, X, &g)) return SM9_MY_ECAP_12A_ERR; //test if a ZZn12 element is of order q if (!member(g, para_t, X)) return SM9_MEMBER_ERR; printf("\n***********************g=e(P2,Ppube):****************************\n"); zzn12_ElementPrint(g); //Step5:calculate w=g^r w = zzn12_pow(g, r); printf("\n***************************w=g^r:**********************************\n"); zzn12_ElementPrint(w); free(Z); //Step6:calculate C2 if (EncID == 0) { //基于密钥派生函数的序列密码算法 //加密时间: 0.739000 seconds //解密时间: 0.156000 seconds C2_len = mlen; *C_len = BNLEN * 2 + SM3_len / 8 + C2_len; //Step:6-1: calculate K=KDF(C1||w||IDB,klen) klen = mlen + k2_len; Zlen = strlen(IDB) + BNLEN * 14; Z = (char *)malloc(sizeof(char)*(Zlen + 1)); K = (char *)malloc(sizeof(char)*(klen + 1)); C2 = (char *)malloc(sizeof(char)*(mlen + 1)); if (Z == NULL || K == NULL || C2 == NULL) return SM9_ASK_MEMORY_ERR; LinkCharZzn12(C, BNLEN * 2, w, Z, (Zlen - strlen(IDB))); memcpy(Z + BNLEN * 14, IDB, strlen(IDB)); SM3_KDF(Z, Zlen, klen, K); printf("\n*****************K=KDF(C1||w||IDB,klen):***********************\n"); for (i = 0; i

完整代码见github

参考文献

1、国标—SM9-加解密

2、密码学-基础理论与应用(李子臣著)

3、商用密码检测中心-源码下载

转载地址:http://yovez.baihongyu.com/

你可能感兴趣的文章
mYSQL 外键约束
查看>>
mysql 多个表关联查询查询时间长的问题
查看>>
mySQL 多个表求多个count
查看>>
mysql 多字段删除重复数据,保留最小id数据
查看>>
MySQL 多表联合查询:UNION 和 JOIN 分析
查看>>
MySQL 大数据量快速插入方法和语句优化
查看>>
mysql 如何给SQL添加索引
查看>>
mysql 字段区分大小写
查看>>
mysql 字段合并问题(group_concat)
查看>>
mysql 字段类型类型
查看>>
MySQL 字符串截取函数,字段截取,字符串截取
查看>>
MySQL 存储引擎
查看>>
mysql 存储过程 注入_mysql 视图 事务 存储过程 SQL注入
查看>>
MySQL 存储过程参数:in、out、inout
查看>>
mysql 存储过程每隔一段时间执行一次
查看>>
mysql 存在update不存在insert
查看>>
Mysql 学习总结(86)—— Mysql 的 JSON 数据类型正确使用姿势
查看>>
Mysql 学习总结(87)—— Mysql 执行计划(Explain)再总结
查看>>
Mysql 学习总结(88)—— Mysql 官方为什么不推荐用雪花 id 和 uuid 做 MySQL 主键
查看>>
Mysql 学习总结(89)—— Mysql 库表容量统计
查看>>