2018-04-08椭圆曲线测试程序

• https://github.com/liuqun/GmSSL/blob/master/test/sm2test.c
• http://gmssl.org/docs/sm2.html

曲线sm2p256v1基于ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)

椭圆曲线 NID

• NID_X9_62_prime256v1
• NID_sm2p256v1
  (256 bit prime)
  _EC_SM2_PRIME_256V1
• NID_sm2b257v1 曲线方程f(x) = x^257 + x^12 + 1
  257比特二进制域椭圆曲线域参数
• NID_wapi192v1
  (WAPI curve over a 192 bit prime field)

代码 https://github.com/guanzhi/GmSSL/blob/master/crypto/ec/ec_curve.c

typedef struct {
    int field_type;             /* either NID_X9_62_prime_field or
                                 * NID_X9_62_characteristic_two_field */
    int seed_len;
    int param_len;
    unsigned int cofactor;      /* promoted to BN_ULONG */
} EC_CURVE_DATA;
#ifndef OPENSSL_NO_SM2
static const struct {
    EC_CURVE_DATA h;
    unsigned char data[0 + 32 * 6];
} _EC_SM2_PRIME_256V1 = {
    {
        NID_X9_62_prime_field, 0, 32, 1
    },
    {
        /* no seed */
        /* p */
        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
        /* a */
        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
        /* b */
        0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34, 0x4D, 0x5A, 0x9E, 0x4B,
        0xCF, 0x65, 0x09, 0xA7, 0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92,
        0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93,
        /* x */
        0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19, 0x5F, 0x99, 0x04, 0x46,
        0x6A, 0x39, 0xC9, 0x94, 0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1,
        0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7,
        /* y */
        0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x59, 0xBD, 0xCE, 0xE3,
        0x6B, 0x69, 0x21, 0x53, 0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40,
        0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0,
        /* order */
        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
        0xFF, 0xFF, 0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B,
        0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23
    }
};

static const struct {
    EC_CURVE_DATA h;
    unsigned char data[0 + 24 * 6];
} _EC_WAPI_PRIME_192V1 = {
    {
        NID_X9_62_prime_field, 0, 24, 1
    },
    {
        /* no seed */
        /* p */
        0xBD, 0xB6, 0xF4, 0xFE, 0x3E, 0x8B, 0x1D, 0x9E, 0x0D, 0xA8, 0xC0, 0xD4,
        0x6F, 0x4C, 0x31, 0x8C, 0xEF, 0xE4, 0xAF, 0xE3, 0xB6, 0xB8, 0x55, 0x1F,
        /* a */
        0xBB, 0x8E, 0x5E, 0x8F, 0xBC, 0x11, 0x5E, 0x13, 0x9F, 0xE6, 0xA8, 0x14,
        0xFE, 0x48, 0xAA, 0xA6, 0xF0, 0xAD, 0xA1, 0xAA, 0x5D, 0xF9, 0x19, 0x85,
        /* b */
        0x18, 0x54, 0xBE, 0xBD, 0xC3, 0x1B, 0x21, 0xB7, 0xAE, 0xFC, 0x80, 0xAB,
        0x0E, 0xCD, 0x10, 0xD5, 0xB1, 0xB3, 0x30, 0x8E, 0x6D, 0xBF, 0x11, 0xC1,
        /* x */
        0x4A, 0xD5, 0xF7, 0x04, 0x8D, 0xE7, 0x09, 0xAD, 0x51, 0x23, 0x6D, 0xE6,
        0x5E, 0x4D, 0x4B, 0x48, 0x2C, 0x83, 0x6D, 0xC6, 0xE4, 0x10, 0x66, 0x40,
        /* y */
        0x02, 0xBB, 0x3A, 0x02, 0xD4, 0xAA, 0xAD, 0xAC, 0xAE, 0x24, 0x81, 0x7A,
        0x4C, 0xA3, 0xA1, 0xB0, 0x14, 0xB5, 0x27, 0x04, 0x32, 0xDB, 0x27, 0xD2,
        /* order */
        0xBD, 0xB6, 0xF4, 0xFE, 0x3E, 0x8B, 0x1D, 0x9E, 0x0D, 0xA8, 0xC0, 0xD4,
        0x0F, 0xC9, 0x62, 0x19, 0x5D, 0xFA, 0xE7, 0x6F, 0x56, 0x56, 0x46, 0x77,
    }
};
#endif
static EC_NIST_NAME nist_curves[] = {
    {"B-163", NID_sect163r2},
    {"B-233", NID_sect233r1},
    {"B-283", NID_sect283r1},
    {"B-409", NID_sect409r1},
    {"B-571", NID_sect571r1},
    {"K-163", NID_sect163k1},
    {"K-233", NID_sect233k1},
    {"K-283", NID_sect283k1},
    {"K-409", NID_sect409k1},
    {"K-571", NID_sect571k1},
    {"P-192", NID_X9_62_prime192v1},
    {"P-224", NID_secp224r1},
    {"P-256", NID_X9_62_prime256v1}, // X9.62 elliptic curve prime256v1 也称 secp256r1 或 NIST P-256
    {"P-384", NID_secp384r1},
    {"P-521", NID_secp521r1},
    {"SM2",   NID_sm2p256v1}
};

// prime, a, b
    BIGNUM *p = NULL;
    BIGNUM *a = NULL;
    BIGNUM *b = NULL;

// affine coordinates G x y 
    EC_POINT *G = NULL;
    BIGNUM *x = NULL;
    BIGNUM *y = NULL;

// generator
    BIGNUM *n = NULL;
    BIGNUM *h = NULL;

EC_GROUP相关函数

• EC_GROUP_set_generator(group, G, n, h);
• EC_GROUP *EC_GROUP_new_by_curve_name(NID_sm2p256v1);
• EC_GROUP *EC_GROUP_new(EC_GFp_mont_method());
• EC_GROUP_set_curve_GFp(EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, ctx);
• EC_GROUP *EC_GROUP_new_curve_GFp(BIGNUM *p, BIGNUM *a, BIGNUM *b, ctx);
• EC_GROUP *EC_GROUP_new_curve_GF2m(p, a, b, ctx);

EC_POINT 相关函数

• EC_POINT *G = EC_POINT_new(group);
• EC_POINT_set_affine_coordinates_GFp(group, G, x, y, ctx);
• EC_POINT_set_affine_coordinates_GF2m(group, G, x, y, ctx);

EC_KEY相关函数, 包括椭圆曲线密钥生成并计算曲线ZA值32字节

• EC_KEY *EC_KEY_new_by_curve_name(NID_sm2p256v1);
• EC_KEY_generate_key(EC_KEY *);
• 国密附加函数EC_KEY_compute_za(za)
unsigned char za[32];
  调试错误码#define EC_F_EC_KEY_COMPUTE_ZA 501 /* Extension */
• 国密附加函数EC_KEY_compose_pkey_data(unsigned char *buf, int buflen, EC_KEY *ec_key);
  调试错误码#define EC_F_EC_KEY_COMPOSE_PKEY_DATA 500 /* Extension */

旧版ECDSA签名相关函数

• ECDSA_SIG *sig = ECDSA_do_sign(...)
• ECDSA_do_verify(...)

新版ECDSA签名相关函数, 注意后缀带_ex的函数需要指定曲线参数k和x

• ECDSA_sign_setup(EC_KEY *, BN_CTX *, BIGNUM **k, BIGNUM **x);
• ECDSA_SIG *sig = ECDSA_do_sign_ex();
• ECDSA_do_verify(...);

BIGNUM 相关函数

• BN_CTX *ctx = BN_CTX_new();

---

附 测试程序

本程序已经过时, 仅供参考
curve_name: NID_sm2t257v1
curve_name: NID_sm2p256v1

#include 
#include 
#include 

int main(int argc, char **argv)
{
    char *prog = basename(argv[0]);
    EC_GROUP *ec_group = NULL;
    EC_KEY *ec_key = NULL;
    BN_CTX *ctx = BN_CTX_new();
    const char *id = "[email protected]";
    unsigned char za[32];
    BIGNUM *k = NULL;
    BIGNUM *x = NULL;
    ECDSA_SIG *sig = NULL;
    unsigned char dgst[20] = "abc"; 
    int ret;

    if (!(ec_group = EC_GROUP_new_by_curve_name(NID_sm2t257v1))) {
        fprintf(stderr, "%s: no such curve\n", prog);
        return -1;
    }
    if (!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) {
        fprintf(stderr, "%s: %s %d\n", prog, __FUNCTION__, __LINE__);
        return -1;
    }
    if (!EC_KEY_generate_key(ec_key)) {
        ERR_print_errors_fp(stderr);
        return -1;
    }

    
    if ((ret = EC_KEY_compute_za(za, EVP_sha256(), id, strlen(id), ec_key)) < 0) {
        ERR_print_errors_fp(stderr);
        return -1;
    }
    printf("Za length = %d\n", ret);

    if (!(sig = ECDSA_do_sign(dgst, sizeof(dgst), ec_key))) {
        ERR_print_errors_fp(stderr);
        return -1;
    }
    if ((ret = ECDSA_do_verify(dgst, sizeof(dgst), sig, ec_key)) < 0) {
        ERR_print_errors_fp(stderr);
        return -1;
    }
    printf("result = %d\n", ret);

    if (!ECDSA_sign_setup(ec_key, ctx, &k, &x)) {
        ERR_print_errors_fp(stderr);
        return -1;
    }
    if (!(sig = ECDSA_do_sign_ex(dgst, sizeof(dgst), k, x, ec_key))) {
        ERR_print_errors_fp(stderr);
        return -1;
    }
    if ((ret = ECDSA_do_verify(dgst, sizeof(dgst), sig, ec_key)) < 0) {
        ERR_print_errors_fp(stderr);
        return -1;
    }
    printf("result = %d\n", ret);

    
    return 0;
}