Use sm3_pbkdf2 without digest API

guanzhi · Apr 19, 2024 · 725817a · 725817a
1 parent 356e618
commit 725817a
Show file tree

Hide file tree

Showing 12 changed files with 86 additions and 152 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -56,7 +56,7 @@ set(src
 	src/digest.c
 	src/hmac.c
 	src/hkdf.c
-	src/pbkdf2.c
+#	src/pbkdf2.c
 	src/gf128.c
 	src/ghash.c
 	src/sm4_cbc_sm3_hmac.c

diff --git a/include/gmssl/sm2.h b/include/gmssl/sm2.h
@@ -134,7 +134,7 @@ int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATUR
 
 int sm2_fast_sign_compute_key(const SM2_KEY *key, sm2_z256_t fast_private);
 int sm2_fast_sign_pre_compute(sm2_z256_t k, sm2_z256_t x1_modn);
-int sm2_fast_sign(const sm2_z256_t fast_private, const sm2_z256_t k, const sm2_z256_t x1,
+int sm2_fast_sign(const sm2_z256_t fast_private, const sm2_z256_t k, const sm2_z256_t x1_modn,
 	const uint8_t dgst[32], SM2_SIGNATURE *sig);
 
 

diff --git a/include/gmssl/sm2_z256.h b/include/gmssl/sm2_z256.h
@@ -40,7 +40,7 @@ void sm2_z256_rshift(uint64_t r[4], const uint64_t a[4], unsigned int nbits);
 uint64_t sm2_z256_add(uint64_t r[4], const uint64_t a[4], const uint64_t b[4]);
 uint64_t sm2_z256_sub(uint64_t r[4], const uint64_t a[4], const uint64_t b[4]);
 void sm2_z256_mul(uint64_t r[8], const uint64_t a[4], const uint64_t b[4]);
-int  sm2_z256_get_booth(const uint64_t a[4], unsigned int window_size, int i);
+uint64_t sm2_z256_get_booth(const uint64_t a[4], unsigned int window_size, int i);
 void sm2_z256_from_hex(uint64_t r[4], const char *hex);
 int  sm2_z256_equ_hex(const uint64_t a[4], const char *hex);
 int  sm2_z256_print(FILE *fp, int ind, int fmt, const char *label, const sm2_z256_t a);

diff --git a/include/gmssl/sm3.h b/include/gmssl/sm3.h
@@ -65,6 +65,11 @@ void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out);
 void sm3_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out);
 
 
+#define SM3_PBKDF2_MIN_ITER		10000
+#define SM3_PBKDF2_MAX_ITER		(16777216-1)
+#define SM3_PBKDF2_MAX_SALT_SIZE	64
+#define SM3_PBKDF2_DEFAULT_SALT_SIZE	8
+
 int sm3_pbkdf2(const char *pass, size_t passlen,
 	const uint8_t *salt, size_t saltlen, size_t count,
 	size_t outlen, uint8_t *out);

diff --git a/src/pbkdf2.c b/src/pbkdf2.c
@@ -136,6 +136,7 @@ int pbkdf2_genkey(const DIGEST *digest,
 	return 1;
 }
 
+/*
 int pbkdf2_hmac_sm3_genkey(
 	const char *pass, size_t passlen,
 	const uint8_t *salt, size_t saltlen, size_t count,
@@ -186,3 +187,4 @@ int pbkdf2_hmac_sm3_genkey(
 	memset(tmp_block, 0, sizeof(key_block));
 	return 1;
 }
+*/
diff --git a/src/sm2_key.c b/src/sm2_key.c
@@ -13,9 +13,9 @@
 #include <gmssl/oid.h>
 #include <gmssl/asn1.h>
 #include <gmssl/pem.h>
+#include <gmssl/sm3.h>
 #include <gmssl/sm4.h>
 #include <gmssl/rand.h>
-#include <gmssl/pbkdf2.h>
 #include <gmssl/pkcs8.h>
 #include <gmssl/error.h>
 #include <gmssl/ec.h>
@@ -552,8 +552,7 @@ int sm2_private_key_info_encrypt_to_der(const SM2_KEY *sm2_key, const char *pass
 	if (sm2_private_key_info_to_der(sm2_key, &p, &pkey_info_len) != 1
 		|| rand_bytes(salt, sizeof(salt)) != 1
 		|| rand_bytes(iv, sizeof(iv)) != 1
-		|| pbkdf2_genkey(DIGEST_sm3(), pass, strlen(pass),
-			salt, sizeof(salt), iter, sizeof(key), key) != 1) {
+		|| sm3_pbkdf2(pass, strlen(pass), salt, sizeof(salt), iter, sizeof(key), key) != 1) {
 		error_print();
 		goto end;
 	}
@@ -618,7 +617,7 @@ int sm2_private_key_info_decrypt_from_der(SM2_KEY *sm2,
 		error_print();
 		return -1;
 	}
-	if (pbkdf2_genkey(DIGEST_sm3(), pass, strlen(pass), salt, saltlen, iter, sizeof(key), key) != 1) {
+	if (sm3_pbkdf2(pass, strlen(pass), salt, saltlen, iter, sizeof(key), key) != 1) {
 		error_print();
 		goto end;
 	}

diff --git a/src/sm2_sign.c b/src/sm2_sign.c
@@ -93,6 +93,10 @@ int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig)
 // d' = (d + 1)^-1 (mod n)
 int sm2_fast_sign_compute_key(const SM2_KEY *key, sm2_z256_t fast_private)
 {
+	if (sm2_z256_cmp(key->private_key, sm2_z256_order_minus_one()) >= 0) {
+		error_print();
+		return -1;
+	}
 	sm2_z256_modn_add(fast_private, key->private_key, sm2_z256_one());
 	sm2_z256_modn_inv(fast_private, fast_private);
 	return 1;
@@ -126,7 +130,7 @@ int sm2_fast_sign_pre_compute(sm2_z256_t k, sm2_z256_t x1_modn)
 //	= -r + (k + r)*(1 + d)^-1
 //	= -r + (k + r) * d'
 int sm2_fast_sign(const sm2_z256_t fast_private,
-	const sm2_z256_t k, const sm2_z256_t x1,
+	const sm2_z256_t k, const sm2_z256_t x1_modn,
 	const uint8_t dgst[32], SM2_SIGNATURE *sig)
 {
 	SM2_Z256_POINT R;
@@ -141,7 +145,7 @@ int sm2_fast_sign(const sm2_z256_t fast_private,
 	}
 
 	// r = e + x1 (mod n)
-	sm2_z256_modn_add(r, e, x1);
+	sm2_z256_modn_add(r, e, x1_modn);
 
 	// s = (k + r) * d' - r
 	sm2_z256_modn_add(s, k, r);