efficient_sm2/key/
private.rs

1// Copyright 2020 Yao Pengfei.
2//
3// Permission to use, copy, modify, and/or distribute this software for any
4// purpose with or without fee is hereby granted, provided that the above
5// copyright notice and this permission notice appear in all copies.
6//
7// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
8// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
10// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
15use crate::elem::Scalar;
16use crate::err::KeyRejectedError;
17use crate::limb::{LIMB_BYTES, LIMB_LENGTH};
18use crate::norop::{norop_limbs_less_than, parse_big_endian};
19use crate::rand::SecureRandom;
20use crate::sm2p256::CURVE_PARAMS;
21use core::marker::PhantomData;
22use rand::Rng;
23
24pub(crate) fn create_private_key(rng: &mut dyn SecureRandom) -> Result<Scalar, KeyRejectedError> {
25    let mut seed = [0; LIMB_LENGTH * LIMB_BYTES];
26    let mut candidate = [0; LIMB_LENGTH];
27
28    // XXX: The value 100 was chosen to match OpenSSL due to uncertainty of
29    // what specific value would be better, but it seems bad to try 100 times.
30    for _ in 0..100 {
31        rng.fill(&mut seed);
32        parse_big_endian(&mut candidate, &seed)?;
33
34        if norop_limbs_less_than(&candidate, &CURVE_PARAMS.n) {
35            return Ok(Scalar {
36                limbs: candidate,
37                m: PhantomData,
38            });
39        }
40    }
41
42    Err(KeyRejectedError::SeedOperationFailed)
43}
44
45pub fn create_key_slice() -> [u8; LIMB_BYTES * LIMB_LENGTH] {
46    let mut out = [0; LIMB_LENGTH * LIMB_BYTES];
47    let mut candidate = [0; LIMB_LENGTH];
48
49    for _ in 0..100 {
50        let mut rng = rand::thread_rng();
51        rng.fill(&mut out);
52        parse_big_endian(&mut candidate, &out).unwrap();
53
54        if norop_limbs_less_than(&candidate, &CURVE_PARAMS.n) {
55            break;
56        }
57    }
58
59    out
60}