sm2.c
Go to the documentation of this file.
1 /**
2  * @file sm2.c
3  * @brief SM2 signature algorithm
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "hash/hash_algorithms.h"
37 #include "ecc/sm2.h"
38 #include "ecc/ec_misc.h"
39 #include "debug.h"
40 
41 //Check crypto library configuration
42 #if (SM2_SUPPORT == ENABLED)
43 
44 //SM2 with SM3 OID (1.2.156.10197.1.501)
45 const uint8_t SM2_WITH_SM3_OID[8] = {0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75};
46 
47 
48 /**
49  * @brief SM2 signature generation
50  * @param[in] prngAlgo PRNG algorithm
51  * @param[in] prngContext Pointer to the PRNG context
52  * @param[in] privateKey Signer's EC private key
53  * @param[in] hashAlgo Underlying hash function
54  * @param[in] id User's identity
55  * @param[in] idLen Length of the user's identity
56  * @param[in] message Message to be signed
57  * @param[in] messageLen Length of the message, in bytes
58  * @param[out] signature (r, s) integer pair
59  * @return Error code
60  **/
61 
62 error_t sm2GenerateSignature(const PrngAlgo *prngAlgo, void *prngContext,
63  const EcPrivateKey *privateKey, const HashAlgo *hashAlgo, const char_t *id,
64  size_t idLen, const void *message, size_t messageLen,
65  EcdsaSignature *signature)
66 {
67  error_t error;
68 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
69  Sm2GenerateSignatureState *state;
70 #else
71  Sm2GenerateSignatureState state[1];
72 #endif
73 
74  //Check parameters
75  if(privateKey == NULL || hashAlgo == NULL || id == NULL ||
76  message == NULL || signature == NULL)
77  {
78  return ERROR_INVALID_PARAMETER;
79  }
80 
81  //Invalid elliptic curve?
82  if(privateKey->curve == NULL ||
83  privateKey->curve->fieldSize != 256 ||
84  privateKey->curve->orderSize != 256)
85  {
86  return ERROR_INVALID_ELLIPTIC_CURVE;
87  }
88 
89  //Invalid hash algorithm?
90  if(hashAlgo->digestSize != 32)
91  return ERROR_INVALID_PARAMETER;
92 
93  //Debug message
94  TRACE_DEBUG("SM2 signature generation...\r\n");
95  TRACE_DEBUG(" private key:\r\n");
96  TRACE_DEBUG_EC_SCALAR(" ", privateKey->d, 8);
97  TRACE_DEBUG(" identifier:\r\n");
98  TRACE_DEBUG_ARRAY(" ", id, idLen);
99  TRACE_DEBUG(" message:\r\n");
100  TRACE_DEBUG_ARRAY(" ", message, messageLen);
101 
102 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
103  //Allocate working state
104  state = cryptoAllocMem(sizeof(Sm2GenerateSignatureState));
105  //Failed to allocate memory?
106  if(state == NULL)
107  return ERROR_OUT_OF_MEMORY;
108 #endif
109 
110  //Initialize working state
111  osMemset(state, 0, sizeof(Sm2GenerateSignatureState));
112 
113  //Initialize (R, S) integer pair
114  ecScalarSetInt(signature->r, 0, EC_MAX_ORDER_SIZE);
115  ecScalarSetInt(signature->s, 0, EC_MAX_ORDER_SIZE);
116 
117  //Initialize status code
118  error = NO_ERROR;
119 
120  //Valid public key?
121  if(privateKey->q.curve != NULL)
122  {
123  //Let PA be the public key
124  ecProjectify(privateKey->curve, &state->pa, &privateKey->q.q);
125  }
126  else
127  {
128  //Derive the public key from the signer's EC private key
129  error = ecMulRegular(privateKey->curve, &state->pa, privateKey->d,
130  &privateKey->curve->g);
131 
132  //Check status code
133  if(!error)
134  {
135  //Convert PA to affine representation
136  error = ecAffinify(privateKey->curve, &state->pa, &state->pa);
137  }
138  }
139 
140  //Check status code
141  if(!error)
142  {
143  //Calculate ZA = H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
144  error = sm2ComputeZa(hashAlgo, &state->hashContext, privateKey->curve,
145  &state->pa, id, idLen, state->buffer);
146  }
147 
148  //Check status code
149  if(!error)
150  {
151  //Let M~ = ZA || M and calculate Hv(M~)
152  hashAlgo->init(&state->hashContext);
153  hashAlgo->update(&state->hashContext, state->buffer, hashAlgo->digestSize);
154  hashAlgo->update(&state->hashContext, message, messageLen);
155  hashAlgo->final(&state->hashContext, state->buffer);
156 
157  //Let e = Hv(M~)
158  error = ecScalarImport(state->e, 8, state->buffer, hashAlgo->digestSize,
159  EC_SCALAR_FORMAT_BIG_ENDIAN);
160  }
161 
162  //Check status code
163  if(!error)
164  {
165  //Initialize status code
166  error = ERROR_INVALID_VALUE;
167 
168  //SM2 signature generation process
169  while(error == ERROR_INVALID_VALUE)
170  {
171  //Inner loop
172  while(error == ERROR_INVALID_VALUE)
173  {
174  //Pick a random number k in range 0 < k < q - 1
175  error = ecScalarRand(privateKey->curve, state->k, prngAlgo,
176  prngContext);
177 
178  //Check status code
179  if(!error)
180  {
181  //Debug message
182  TRACE_DEBUG(" k:\r\n");
183  TRACE_DEBUG_EC_SCALAR(" ", state->k, 8);
184 
185  //Calculate the elliptic curve point (x1, y1) = [k]G
186  error = ecMulRegular(privateKey->curve, &state->p1, state->k,
187  &privateKey->curve->g);
188  }
189 
190  //Check status code
191  if(!error)
192  {
193  //Convert P1 to affine representation
194  error = ecAffinify(privateKey->curve, &state->p1, &state->p1);
195  }
196 
197  //Check status code
198  if(!error)
199  {
200  //Calculate r = (e + x1) mod q
201  ecScalarMod(signature->r, state->p1.x, 8, privateKey->curve->q, 8);
202  ecScalarAddMod(privateKey->curve, signature->r, signature->r, state->e);
203 
204  //Calculate r + k
205  ecScalarAdd(state->t, signature->r, state->k, 8);
206 
207  //If r = 0 or r + k = n, then generate a new random number
208  if(ecScalarCompInt(signature->r, 0, 8) == 0 ||
209  ecScalarComp(state->t, privateKey->curve->q, 8) == 0)
210  {
211  error = ERROR_INVALID_VALUE;
212  }
213  }
214  }
215 
216  //Check status code
217  if(!error)
218  {
219  //Calculate s = ((1 + dA)^-1 * (k - r * dA)) mod q
220  ecScalarSetInt(state->t, 1, 8);
221  ecScalarAddMod(privateKey->curve, state->t, state->t, privateKey->d);
222  ecScalarInvMod(privateKey->curve, signature->s, state->t);
223  ecScalarMulMod(privateKey->curve, state->t, signature->r, privateKey->d);
224  ecScalarSubMod(privateKey->curve, state->t, state->k, state->t);
225  ecScalarMulMod(privateKey->curve, signature->s, signature->s, state->t);
226 
227  //If s = 0, then generate a new random number
228  if(ecScalarCompInt(signature->s, 0, 8) == 0)
229  {
230  error = ERROR_INVALID_VALUE;
231  }
232  }
233  }
234  }
235 
236  //Check status code
237  if(!error)
238  {
239  //Save elliptic curve parameters
240  signature->curve = privateKey->curve;
241 
242  //Debug message
243  TRACE_DEBUG(" r:\r\n");
244  TRACE_DEBUG_EC_SCALAR(" ", signature->r, 8);
245  TRACE_DEBUG(" s:\r\n");
246  TRACE_DEBUG_EC_SCALAR(" ", signature->s, 8);
247  }
248 
249  //Erase working state
250  osMemset(state, 0, sizeof(Sm2GenerateSignatureState));
251 
252 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
253  //Release working state
254  cryptoFreeMem(state);
255 #endif
256 
257  //Return status code
258  return error;
259 }
260 
261 
262 /**
263  * @brief SM2 signature verification
264  * @param[in] publicKey Signer's SM2 public key
265  * @param[in] hashAlgo Underlying hash function
266  * @param[in] id User's identity
267  * @param[in] idLen Length of the user's identity
268  * @param[in] message Message whose signature is to be verified
269  * @param[in] messageLen Length of the message, in bytes
270  * @param[in] signature (r, s) integer pair
271  * @return Error code
272  **/
273 
274 error_t sm2VerifySignature(const EcPublicKey *publicKey,
275  const HashAlgo *hashAlgo, const char_t *id, size_t idLen,
276  const void *message, size_t messageLen, const EcdsaSignature *signature)
277 {
278  error_t error;
279 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
280  Sm2VerifySignatureState *state;
281 #else
282  Sm2VerifySignatureState state[1];
283 #endif
284 
285  //Check parameters
286  if(publicKey == NULL || hashAlgo == NULL || id == NULL || message == NULL ||
287  signature == NULL)
288  {
289  return ERROR_INVALID_PARAMETER;
290  }
291 
292  //Invalid elliptic curve?
293  if(publicKey->curve == NULL ||
294  publicKey->curve->fieldSize != 256 ||
295  publicKey->curve->orderSize != 256)
296  {
297  return ERROR_INVALID_ELLIPTIC_CURVE;
298  }
299 
300  //Invalid hash algorithm?
301  if(hashAlgo->digestSize != 32)
302  return ERROR_INVALID_PARAMETER;
303 
304  //Debug message
305  TRACE_DEBUG("SM2 signature verification...\r\n");
306  TRACE_DEBUG(" public key X:\r\n");
307  TRACE_DEBUG_EC_SCALAR(" ", publicKey->q.x, 8);
308  TRACE_DEBUG(" public key Y:\r\n");
309  TRACE_DEBUG_EC_SCALAR(" ", publicKey->q.y, 8);
310  TRACE_DEBUG(" identifier:\r\n");
311  TRACE_DEBUG_ARRAY(" ", id, idLen);
312  TRACE_DEBUG(" message:\r\n");
313  TRACE_DEBUG_ARRAY(" ", message, messageLen);
314  TRACE_DEBUG(" r:\r\n");
315  TRACE_DEBUG_EC_SCALAR(" ", signature->r, 8);
316  TRACE_DEBUG(" s:\r\n");
317  TRACE_DEBUG_EC_SCALAR(" ", signature->s, 8);
318 
319  //Verify that the public key is on the curve
320  if(!ecIsPointAffine(publicKey->curve, &publicKey->q))
321  {
322  return ERROR_INVALID_SIGNATURE;
323  }
324 
325  //The verifier shall check that 0 < r < q
326  if(ecScalarCompInt(signature->r, 0, EC_MAX_ORDER_SIZE) <= 0 ||
327  ecScalarComp(signature->r, publicKey->curve->q, EC_MAX_ORDER_SIZE) >= 0)
328  {
329  //If the condition is violated, the signature shall be rejected as invalid
330  return ERROR_INVALID_SIGNATURE;
331  }
332 
333  //The verifier shall check that 0 < s < q
334  if(ecScalarCompInt(signature->s, 0, EC_MAX_ORDER_SIZE) <= 0 ||
335  ecScalarComp(signature->s, publicKey->curve->q, EC_MAX_ORDER_SIZE) >= 0)
336  {
337  //If the condition is violated, the signature shall be rejected as invalid
338  return ERROR_INVALID_SIGNATURE;
339  }
340 
341 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
342  //Allocate working state
343  state = cryptoAllocMem(sizeof(Sm2VerifySignatureState));
344  //Failed to allocate memory?
345  if(state == NULL)
346  return ERROR_OUT_OF_MEMORY;
347 #endif
348 
349  //Initialize working state
350  osMemset(state, 0, sizeof(Sm2VerifySignatureState));
351 
352  //Let PA be the public key
353  ecProjectify(publicKey->curve, &state->pa, &publicKey->q);
354 
355  //Calculate ZA = H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
356  error = sm2ComputeZa(hashAlgo, &state->hashContext, publicKey->curve,
357  &state->pa, id, idLen, state->buffer);
358 
359  //Check status code
360  if(!error)
361  {
362  //Let M~ = ZA || M and calculate Hv(M~)
363  hashAlgo->init(&state->hashContext);
364  hashAlgo->update(&state->hashContext, state->buffer, hashAlgo->digestSize);
365  hashAlgo->update(&state->hashContext, message, messageLen);
366  hashAlgo->final(&state->hashContext, state->buffer);
367 
368  //Let e = Hv(M~)
369  error = ecScalarImport(state->e, 8, state->buffer, hashAlgo->digestSize,
370  EC_SCALAR_FORMAT_BIG_ENDIAN);
371  }
372 
373  //Check status code
374  if(!error)
375  {
376  //Calculate t = (r + s) mod q
377  ecScalarAddMod(publicKey->curve, state->t, signature->r, signature->s);
378 
379  //Test if t = 0
380  if(ecScalarCompInt(state->t, 0, 8) == 0)
381  {
382  //Verification failed
383  error = ERROR_INVALID_SIGNATURE;
384  }
385  else
386  {
387  //Convert the public key to projective representation
388  ecProjectify(publicKey->curve, &state->pa, &publicKey->q);
389 
390  //Calculate the point (x1, y1)=[s]G + [t]PA
391  error = ecTwinMul(publicKey->curve, &state->p1, signature->s,
392  &publicKey->curve->g, state->t, &state->pa);
393  }
394  }
395 
396  //Check status code
397  if(!error)
398  {
399  //Convert P1 to affine representation
400  error = ecAffinify(publicKey->curve, &state->p1, &state->p1);
401  }
402 
403  //Check status code
404  if(!error)
405  {
406  //Calculate R = (e + x1) mod q
407  ecScalarMod(state->r, state->p1.x, 8, publicKey->curve->q, 8);
408  ecScalarAddMod(publicKey->curve, state->r, state->r, state->e);
409 
410  //Debug message
411  TRACE_DEBUG(" R:\r\n");
412  TRACE_DEBUG_EC_SCALAR(" ", state->r, 8);
413 
414  //Verify that R = r
415  if(ecScalarComp(state->r, signature->r, 8) == 0)
416  {
417  //Verification succeeded
418  error = NO_ERROR;
419  }
420  else
421  {
422  //Verification failed
423  error = ERROR_INVALID_SIGNATURE;
424  }
425  }
426 
427  //Erase working state
428  osMemset(state, 0, sizeof(Sm2VerifySignatureState));
429 
430 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
431  //Release working state
432  cryptoFreeMem(state);
433 #endif
434 
435  //Return status code
436  return error;
437 }
438 
439 
440 /**
441  * @brief Calculate ZA
442  * @param[in] hashAlgo Hash function
443  * @param[in] hashContext Hash function context
444  * @param[in] curve EC domain parameters
445  * @param[in] pa Public key of user A
446  * @param[in] ida Distinguishing identifier of user A
447  * @param[in] idaLen Length of the identifier
448  * @param[out] za Hash value of the distinguishing identifier of user A
449  **/
450 
451 error_t sm2ComputeZa(const HashAlgo *hashAlgo, HashContext *hashContext,
452  const EcCurve *curve, const EcPoint3 *pa, const char_t *ida, size_t idaLen,
453  uint8_t *za)
454 {
455  error_t error;
456  size_t n;
457  uint8_t buffer[32];
458 
459  //Get the length in octets of the prime modulus
460  n = (curve->fieldSize + 7) / 8;
461 
462  //Sanity check
463  if(n > sizeof(buffer))
464  return ERROR_INVALID_PARAMETER;
465 
466  //Format ENTLA
467  STORE16BE(idaLen * 8, buffer);
468 
469  //Calculate ZA = H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
470  hashAlgo->init(hashContext);
471 
472  //Digest ENTLA || IDA
473  hashAlgo->update(hashContext, buffer, sizeof(uint16_t));
474  hashAlgo->update(hashContext, ida, idaLen);
475 
476  //Convert the parameter a to bit string
477  error = ecScalarExport(curve->a, (n + 3) / 4, buffer, n,
478  EC_SCALAR_FORMAT_BIG_ENDIAN);
479  //Any error to report?
480  if(error)
481  return error;
482 
483  //Digest the parameter a
484  hashAlgo->update(hashContext, buffer, n);
485 
486  //Convert the parameter b to bit string
487  error = ecScalarExport(curve->b, (n + 3) / 4, buffer, n,
488  EC_SCALAR_FORMAT_BIG_ENDIAN);
489  //Any error to report?
490  if(error)
491  return error;
492 
493  //Digest the parameter b
494  hashAlgo->update(hashContext, buffer, n);
495 
496  //Convert the coordinate xG to bit string
497  error = ecScalarExport(curve->g.x, (n + 3) / 4, buffer, n,
498  EC_SCALAR_FORMAT_BIG_ENDIAN);
499  //Any error to report?
500  if(error)
501  return error;
502 
503  //Digest the coordinate xG
504  hashAlgo->update(hashContext, buffer, n);
505 
506  //Convert the coordinate yG to bit string
507  error = ecScalarExport(curve->g.y, (n + 3) / 4, buffer, n,
508  EC_SCALAR_FORMAT_BIG_ENDIAN);
509  //Any error to report?
510  if(error)
511  return error;
512 
513  //Digest the coordinate yG
514  hashAlgo->update(hashContext, buffer, n);
515 
516  //Convert the public key's coordinate xA to bit string
517  error = ecScalarExport(pa->x, (n + 3) / 4, buffer, n,
518  EC_SCALAR_FORMAT_BIG_ENDIAN);
519  //Any error to report?
520  if(error)
521  return error;
522 
523  //Digest the public key's coordinate xA
524  hashAlgo->update(hashContext, buffer, n);
525 
526  //Convert the public key's coordinate yA to bit string
527  error = ecScalarExport(pa->y, (n + 3) / 4, buffer, n,
528  EC_SCALAR_FORMAT_BIG_ENDIAN);
529  //Any error to report?
530  if(error)
531  return error;
532 
533  //Digest the public key's coordinate yA
534  hashAlgo->update(hashContext, buffer, n);
535 
536  //Finalize ZA calculation
537  hashAlgo->final(hashContext, za);
538 
539  //Debug message
540  TRACE_DEBUG(" ZA:\r\n");
541  TRACE_DEBUG_ARRAY(" ", za, hashAlgo->digestSize);
542 
543  //Return status code
544  return error;
545 }
546 
547 #endif
Sm2GenerateSignatureState::k
uint32_t k[8]
Definition: sm2.h:58
ecScalarImport
error_t ecScalarImport(uint32_t *r, uint_t n, const uint8_t *input, size_t length, EcScalarFormat format)
Octet string to integer conversion.
Definition: ec_misc.c:54
EcdsaSignature
ECDSA signature.
Definition: ecdsa.h:63
HashAlgo::init
HashAlgoInit init
Definition: crypto.h:1092
ecAffinify
__weak_func error_t ecAffinify(const EcCurve *curve, EcPoint3 *r, const EcPoint3 *s)
Recover affine representation.
Definition: ec.c:749
HashContext
Generic hash algorithm context.
Definition: hash_algorithms.h:306
ecScalarExport
error_t ecScalarExport(const uint32_t *a, uint_t n, uint8_t *output, size_t length, EcScalarFormat format)
Integer to octet string conversion.
Definition: ec_misc.c:150
sm2VerifySignature
error_t sm2VerifySignature(const EcPublicKey *publicKey, const HashAlgo *hashAlgo, const char_t *id, size_t idLen, const void *message, size_t messageLen, const EcdsaSignature *signature)
SM2 signature verification.
Definition: sm2.c:274
PrngAlgo
#define PrngAlgo
Definition: crypto.h:973
EcdsaSignature::curve
const EcCurve * curve
Elliptic curve parameters.
Definition: ecdsa.h:64
message
uint8_t message[]
Definition: chap.h:154
EcPrivateKey::curve
const EcCurve * curve
Elliptic curve parameters.
Definition: ec.h:433
HashAlgo::digestSize
size_t digestSize
Definition: crypto.h:1088
EC_MAX_ORDER_SIZE
#define EC_MAX_ORDER_SIZE
Definition: ec.h:315
HashAlgo::update
HashAlgoUpdate update
Definition: crypto.h:1093
sm2GenerateSignature
error_t sm2GenerateSignature(const PrngAlgo *prngAlgo, void *prngContext, const EcPrivateKey *privateKey, const HashAlgo *hashAlgo, const char_t *id, size_t idLen, const void *message, size_t messageLen, EcdsaSignature *signature)
SM2 signature generation.
Definition: sm2.c:62
Sm2VerifySignatureState::hashContext
HashContext hashContext
Definition: sm2.h:72
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
TRACE_DEBUG_EC_SCALAR
#define TRACE_DEBUG_EC_SCALAR(p, a, n)
Definition: debug.h:123
EcPoint::y
uint32_t y[EC_MAX_MODULUS_SIZE]
y-coordinate
Definition: ec.h:400
ecScalarAdd
uint32_t ecScalarAdd(uint32_t *r, const uint32_t *a, const uint32_t *b, uint_t n)
Addition of two integers.
Definition: ec_misc.c:651
ecTwinMul
__weak_func error_t ecTwinMul(const EcCurve *curve, EcPoint3 *r, const uint32_t *d0, const EcPoint3 *s, const uint32_t *d1, const EcPoint3 *t)
Twin multiplication.
Definition: ec.c:1418
ERROR_INVALID_ELLIPTIC_CURVE
@ ERROR_INVALID_ELLIPTIC_CURVE
Definition: error.h:134
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
error_t
error_t
Error codes.
Definition: error.h:43
ecScalarSetInt
void ecScalarSetInt(uint32_t *a, uint32_t b, uint_t n)
Set integer value.
Definition: ec_misc.c:505
Sm2VerifySignatureState::buffer
uint8_t buffer[32]
Definition: sm2.h:73
STORE16BE
#define STORE16BE(a, p)
Definition: cpu_endian.h:262
ec_misc.h
Helper routines for ECC.
EcdsaSignature::r
uint32_t r[EC_MAX_ORDER_SIZE]
Integer R.
Definition: ecdsa.h:65
Sm2VerifySignatureState::t
uint32_t t[8]
Definition: sm2.h:76
crypto.h
General definitions for cryptographic algorithms.
ecScalarInvMod
void ecScalarInvMod(const EcCurve *curve, uint32_t *r, const uint32_t *a)
Modular inversion.
Definition: ec_misc.c:1181
Sm2GenerateSignatureState::e
uint32_t e[8]
Definition: sm2.h:57
EcPrivateKey::q
EcPublicKey q
Public key.
Definition: ec.h:436
Sm2VerifySignatureState
Working state (SM2 signature verification)
Definition: sm2.h:71
EcPrivateKey
EC private key.
Definition: ec.h:432
sm2.h
SM2 signature algorithm.
SM2_WITH_SM3_OID
const uint8_t SM2_WITH_SM3_OID[8]
Definition: sm2.c:45
Sm2GenerateSignatureState::t
uint32_t t[8]
Definition: sm2.h:60
hash_algorithms.h
Collection of hash algorithms.
HashAlgo::final
HashAlgoFinal final
Definition: crypto.h:1094
Sm2GenerateSignatureState::buffer
uint8_t buffer[32]
Definition: sm2.h:56
EcPublicKey
EC public key.
Definition: ec.h:421
TRACE_DEBUG
#define TRACE_DEBUG(...)
Definition: debug.h:119
ecIsPointAffine
__weak_func bool_t ecIsPointAffine(const EcCurve *curve, const EcPoint *s)
Check whether the affine point S is on the curve.
Definition: ec.c:798
char_t
char char_t
Definition: compiler_port.h:55
ecScalarSubMod
void ecScalarSubMod(const EcCurve *curve, uint32_t *r, const uint32_t *a, const uint32_t *b)
Modular subtraction.
Definition: ec_misc.c:1088
TRACE_DEBUG_ARRAY
#define TRACE_DEBUG_ARRAY(p, a, n)
Definition: debug.h:120
ERROR_INVALID_VALUE
@ ERROR_INVALID_VALUE
Definition: error.h:116
EcPrivateKey::d
uint32_t d[EC_MAX_ORDER_SIZE]
Private key.
Definition: ec.h:434
ecScalarAddMod
void ecScalarAddMod(const EcCurve *curve, uint32_t *r, const uint32_t *a, const uint32_t *b)
Modular addition.
Definition: ec_misc.c:1062
ecScalarCompInt
int_t ecScalarCompInt(const uint32_t *a, uint32_t b, uint_t n)
Compare integers.
Definition: ec_misc.c:374
n
uint8_t n
Definition: dhcpv6_common.h:416
EC_SCALAR_FORMAT_BIG_ENDIAN
@ EC_SCALAR_FORMAT_BIG_ENDIAN
Definition: ec_misc.h:51
EcPoint3
EC point (projective coordinates)
Definition: ec.h:409
cryptoFreeMem
#define cryptoFreeMem(p)
Definition: crypto.h:826
ecProjectify
void ecProjectify(const EcCurve *curve, EcPoint3 *r, const EcPoint *s)
Compute projective representation.
Definition: ec.c:720
ecMulRegular
__weak_func error_t ecMulRegular(const EcCurve *curve, EcPoint3 *r, const uint32_t *d, const EcPoint3 *s)
Scalar multiplication (regular calculation)
Definition: ec.c:1312
EcPublicKey::q
EcPoint q
Public key.
Definition: ec.h:423
EcdsaSignature::s
uint32_t s[EC_MAX_ORDER_SIZE]
Integer S.
Definition: ecdsa.h:66
Sm2VerifySignatureState::r
uint32_t r[8]
Definition: sm2.h:75
ecScalarRand
error_t ecScalarRand(const EcCurve *curve, uint32_t *r, const PrngAlgo *prngAlgo, void *prngContext)
Generate a random value.
Definition: ec_misc.c:603
cryptoAllocMem
#define cryptoAllocMem(size)
Definition: crypto.h:821
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1082
sm2ComputeZa
error_t sm2ComputeZa(const HashAlgo *hashAlgo, HashContext *hashContext, const EcCurve *curve, const EcPoint3 *pa, const char_t *ida, size_t idaLen, uint8_t *za)
Calculate ZA.
Definition: sm2.c:451
EcCurve
#define EcCurve
Definition: ec.h:346
Sm2GenerateSignatureState::hashContext
HashContext hashContext
Definition: sm2.h:55
ecScalarMod
void ecScalarMod(uint32_t *r, const uint32_t *a, uint_t m, const uint32_t *p, uint_t n)
Modulo operation.
Definition: ec_misc.c:1009
Sm2GenerateSignatureState
Working state (SM2 signature generation)
Definition: sm2.h:54
ecScalarComp
int_t ecScalarComp(const uint32_t *a, const uint32_t *b, uint_t n)
Compare integers.
Definition: ec_misc.c:337
EcPoint::x
uint32_t x[EC_MAX_MODULUS_SIZE]
x-coordinate
Definition: ec.h:399
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:138
ERROR_INVALID_SIGNATURE
@ ERROR_INVALID_SIGNATURE
Definition: error.h:228
EcPublicKey::curve
const EcCurve * curve
Elliptic curve parameters.
Definition: ec.h:422
ecScalarMulMod
__weak_func void ecScalarMulMod(const EcCurve *curve, uint32_t *r, const uint32_t *a, const uint32_t *b)
Modular multiplication.
Definition: ec_misc.c:1113
EcPoint3::x
uint32_t x[EC_MAX_MODULUS_SIZE]
x-coordinate
Definition: ec.h:410
Sm2VerifySignatureState::e
uint32_t e[8]
Definition: sm2.h:74
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
debug.h
Debugging facilities.
EcPoint3::y
uint32_t y[EC_MAX_MODULUS_SIZE]
y-coordinate
Definition: ec.h:411