github bcgit#478 added support for C1C3C2 mode in SM2Engine

dghgit · dghgit · commit bda04fc807b2 · 2019-04-05T11:55:26.000+11:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/SM2Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/SM2Engine.java
@@ -12,7 +12,6 @@
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.math.ec.ECConstants;
 import org.bouncycastle.math.ec.ECFieldElement;
 import org.bouncycastle.math.ec.ECMultiplier;
 import org.bouncycastle.math.ec.ECPoint;
@@ -27,7 +26,13 @@
  */
 public class SM2Engine
 {
+    public enum Mode
+    {
+        C1C2C3, C1C3C2;
+    }
+
     private final Digest digest;
+    private final Mode mode;
     
     private boolean forEncryption;
     private ECKeyParameters ecKey;
@@ -40,9 +45,24 @@ public SM2Engine()
         this(new SM3Digest());
     }
 
+    public SM2Engine(Mode mode)
+    {
+        this(new SM3Digest(), mode);
+    }
+
     public SM2Engine(Digest digest)
     {
+        this(digest, Mode.C1C2C3);
+    }
+
+    public SM2Engine(Digest digest, Mode mode)
+    {
+        if (mode == null)
+        {
+            throw new IllegalArgumentException("mode cannot be NULL");
+        }
         this.digest = digest;
+        this.mode = mode;
     }
 
     public void init(boolean forEncryption, CipherParameters param)
@@ -131,8 +151,14 @@ private byte[] encrypt(byte[] in, int inOff, int inLen)
         addFieldElement(digest, kPB.getAffineYCoord());
 
         digest.doFinal(c3, 0);
-        
-        return Arrays.concatenate(c1, c2, c3);
+
+        switch (mode)
+        {
+        case C1C3C2:
+            return Arrays.concatenate(c1, c3, c2);
+        default:
+            return Arrays.concatenate(c1, c2, c3);
+        }
     }
 
     private byte[] decrypt(byte[] in, int inOff, int inLen)
@@ -152,9 +178,17 @@ private byte[] decrypt(byte[] in, int inOff, int inLen)
 
         c1P = c1P.multiply(((ECPrivateKeyParameters)ecKey).getD()).normalize();
 
-        byte[] c2 = new byte[inLen - c1.length - digest.getDigestSize()];
+        int digestSize = this.digest.getDigestSize();
+        byte[] c2 = new byte[inLen - c1.length - digestSize];
 
-        System.arraycopy(in, inOff + c1.length, c2, 0, c2.length);
+        if (mode == Mode.C1C3C2)
+        {
+            System.arraycopy(in, inOff + c1.length + digestSize, c2, 0, c2.length);
+        }
+        else
+        {
+            System.arraycopy(in, inOff + c1.length, c2, 0, c2.length);
+        }
 
         kdf(digest, c1P, c2);
 
@@ -167,9 +201,19 @@ private byte[] decrypt(byte[] in, int inOff, int inLen)
         digest.doFinal(c3, 0);
 
         int check = 0;
-        for (int i = 0; i != c3.length; i++)
+        if (mode == Mode.C1C3C2)
         {
-            check |= c3[i] ^ in[inOff + c1.length + c2.length + i];
+            for (int i = 0; i != c3.length; i++)
+            {
+                check |= c3[i] ^ in[inOff + c1.length + i];
+            }
+        }
+        else
+        {
+            for (int i = 0; i != c3.length; i++)
+            {
+                check |= c3[i] ^ in[inOff + c1.length + c2.length + i];
+            }
         }
 
         Arrays.fill(c1, (byte)0);
@@ -255,7 +299,7 @@ private BigInteger nextK()
         {
             k = BigIntegers.createRandomBigInteger(qBitLength, random);
         }
-        while (k.equals(ECConstants.ZERO) || k.compareTo(ecParams.getN()) >= 0);
+        while (k.equals(BigIntegers.ZERO) || k.compareTo(ecParams.getN()) >= 0);
 
         return k;
     }
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/SM2EngineTest.java b/core/src/test/java/org/bouncycastle/crypto/test/SM2EngineTest.java
@@ -107,6 +107,85 @@ private void doEngineTestFp()
         isTrue("dec wrong", Arrays.areEqual(m, dec));
     }
 
+    private void doEngineTestFpC1C3C2()
+        throws Exception
+    {
+        BigInteger SM2_ECC_P = new BigInteger("8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", 16);
+        BigInteger SM2_ECC_A = new BigInteger("787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", 16);
+        BigInteger SM2_ECC_B = new BigInteger("63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", 16);
+        BigInteger SM2_ECC_N = new BigInteger("8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", 16);
+        BigInteger SM2_ECC_H = ECConstants.ONE;
+        BigInteger SM2_ECC_GX = new BigInteger("421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", 16);
+        BigInteger SM2_ECC_GY = new BigInteger("0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", 16);
+
+        ECCurve curve = new ECCurve.Fp(SM2_ECC_P, SM2_ECC_A, SM2_ECC_B, SM2_ECC_N, SM2_ECC_H);
+
+        ECPoint g = curve.createPoint(SM2_ECC_GX, SM2_ECC_GY);
+        ECDomainParameters domainParams = new ECDomainParameters(curve, g, SM2_ECC_N);
+
+        ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
+
+        ECKeyGenerationParameters aKeyGenParams = new ECKeyGenerationParameters(domainParams, new TestRandomBigInteger("1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0", 16));
+
+        keyPairGenerator.init(aKeyGenParams);
+
+        AsymmetricCipherKeyPair aKp = keyPairGenerator.generateKeyPair();
+
+        ECPublicKeyParameters aPub = (ECPublicKeyParameters)aKp.getPublic();
+        ECPrivateKeyParameters aPriv = (ECPrivateKeyParameters)aKp.getPrivate();
+
+        SM2Engine sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
+
+        byte[] m = Strings.toByteArray("encryption standard");
+
+        sm2Engine.init(true, new ParametersWithRandom(aPub, new TestRandomBigInteger("4C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", 16)));
+
+        byte[] enc = sm2Engine.processBlock(m, 0, m.length);
+
+        isTrue("enc wrong", Arrays.areEqual(Hex.decode(
+            "04245C26 FB68B1DD DDB12C4B 6BF9F2B6 D5FE60A3 83B0D18D 1C4144AB F17F6252" +
+            "E776CB92 64C2A7E8 8E52B199 03FDC473 78F605E3 6811F5C0 7423A24B 84400F01" +
+            "B8 9C3D7360 C30156FA B7C80A02" +
+            "76712DA9 D8094A63 4B766D3A 285E0748 0653426D 650053 A89B41C4 18B0C3AA D00D886C 00286467"), enc));
+
+        sm2Engine.init(false, aPriv);
+
+        byte[] dec = sm2Engine.processBlock(enc, 0, enc.length);
+
+        isTrue("dec wrong", Arrays.areEqual(m, dec));
+
+        enc[80] = (byte)(enc[80] + 1);
+
+        try
+        {
+            sm2Engine.processBlock(enc, 0, enc.length);
+            fail("no exception");
+        }
+        catch (InvalidCipherTextException e)
+        {
+            isTrue("wrong exception", "invalid cipher text".equals(e.getMessage()));
+        }
+
+        // long message
+        sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
+
+        m = new byte[4097];
+        for (int i = 0; i != m.length; i++)
+        {
+            m[i] = (byte)i;
+        }
+
+        sm2Engine.init(true, new ParametersWithRandom(aPub, new TestRandomBigInteger("4C62EEFD6ECFC2B95B92FD6C3D9575148AFA17425546D49018E5388D49DD7B4F", 16)));
+
+        enc = sm2Engine.processBlock(m, 0, m.length);
+
+        sm2Engine.init(false, aPriv);
+
+        dec = sm2Engine.processBlock(enc, 0, enc.length);
+
+        isTrue("dec wrong", Arrays.areEqual(m, dec));
+    }
+
     private void doEngineTestF2m()
         throws Exception
     {
@@ -159,6 +238,7 @@ public void performTest()
     {
         doEngineTestFp();
         doEngineTestF2m();
+        doEngineTestFpC1C3C2();
     }
 
     public static void main(String[] args)
