gm-rs 0.5.0

A Rust Implementation of China's Standards of Encryption Algorithms(SM2/SM3/SM4)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

use num_bigint::BigUint;
use num_traits::{FromPrimitive, One, Zero};

use crate::sm2::error::{Sm2Error, Sm2Result};
use crate::sm2::key::Sm2PublicKey;
use crate::sm2::p256_ecc::P256C_PARAMS;
use crate::sm2::{p256_ecc, FeOperation};
use crate::sm2::util::{compute_za, DEFAULT_ID, random_uint};
use crate::sm3::sm3_hash;

pub struct Signature {
    r: BigUint,
    s: BigUint,
}

/// 生成签名
///
pub fn sign(
    id: Option<&'static str>,
    msg: &[u8],
    sk: &BigUint,
    pk: &Sm2PublicKey,
) -> Sm2Result<Signature> {
    let id = match id {
        None => DEFAULT_ID,
        Some(u_id) => u_id,
    };
    let mut digest = compute_za(id, &pk)?;
    digest = sm3_hash(&[digest.to_vec(), msg.to_vec()].concat());
    sign_raw(&digest[..], sk)
}



fn sign_raw(digest: &[u8], sk: &BigUint) -> Sm2Result<Signature> {
    if digest.len() != 32 {
        return Err(Sm2Error::InvalidDigestLen);
    }
    let e = BigUint::from_bytes_be(digest);
    let n = &P256C_PARAMS.n;
    loop {
        let k = random_uint();
        let p_x = p256_ecc::scalar_mul(&k, &P256C_PARAMS.g_point).to_affine();
        let x1 = BigUint::from_bytes_be(&p_x.x.to_bytes_be());
        let r = (&e + x1) % n;
        if r.is_zero() || &r + &k == *n {
            continue;
        }

        let s1 = &(BigUint::one() + sk).modpow(&(n - BigUint::from_u32(2).unwrap()), n);

        let s2_1 = r.mod_mul(&sk, n);
        let s2 = k.mod_sub(&s2_1, n);

        let s = s1.mod_mul(&s2, n);

        if s.is_zero() {
            return Err(Sm2Error::ZeroSig);
        }
        return Ok(Signature { r, s });
    }
}

impl Signature {
    /// 验证签名
    ///
    pub fn verify(
        &self,
        id: Option<&'static str>,
        msg: &[u8],
        pk: &Sm2PublicKey,
    ) -> Sm2Result<bool> {
        let id = match id {
            None => DEFAULT_ID,
            Some(u_id) => u_id,
        };
        let mut digest = compute_za(id, &pk)?;
        digest = sm3_hash(&[digest.to_vec(), msg.to_vec()].concat());
        self.verify_raw(&digest[..], pk)
    }

    fn verify_raw(&self, digest: &[u8], pk: &Sm2PublicKey) -> Sm2Result<bool> {
        if digest.len() != 32 {
            return Err(Sm2Error::InvalidDigestLen);
        }
        let n = &P256C_PARAMS.n;
        let r = &self.r;
        let s = &self.s;
        if r.is_zero() || s.is_zero() {
            return Ok(false);
        }

        if r >= n || s >= n {
            return Ok(false);
        }

        let t = s.mod_add(r, n);
        if t.is_zero() {
            return Ok(false);
        }

        let s_g = p256_ecc::scalar_mul(&s, &P256C_PARAMS.g_point);
        let t_p = p256_ecc::scalar_mul(&t, &pk.value());

        let p = s_g.add(&t_p).to_affine();
        let x1 = BigUint::from_bytes_be(&p.x.to_bytes_be());
        let e = BigUint::from_bytes_be(digest);
        let r1 = x1.mod_add(&e, n);
        Ok(&r1 == r)
    }
}