From ab7c9a76512d881c6a89f966ae8bb1260d0e1522 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Fri, 19 Apr 2024 17:32:54 +0800 Subject: [PATCH] Adjust SM2 API and tests --- CMakeLists.txt | 2 - include/gmssl/sm2_z256.h | 13 ++- src/pbkdf2.c | 190 --------------------------------------- src/sm2_enc.c | 32 ++++++- src/sm2_sign.c | 30 ------- src/sm2_z256.c | 83 +++++++++-------- tests/sm2_z256test.c | 97 ++++++++++++++++++-- 7 files changed, 170 insertions(+), 277 deletions(-) delete mode 100644 src/pbkdf2.c diff --git a/CMakeLists.txt b/CMakeLists.txt index d1a3a6a13..113509a1f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -56,7 +56,6 @@ set(src src/digest.c src/hmac.c src/hkdf.c -# src/pbkdf2.c src/gf128.c src/ghash.c src/sm4_cbc_sm3_hmac.c @@ -145,7 +144,6 @@ set(tests digest hmac hkdf - pbkdf2 gf128 ghash pkcs8 diff --git a/include/gmssl/sm2_z256.h b/include/gmssl/sm2_z256.h index c5d575aa4..47fed5a5a 100644 --- a/include/gmssl/sm2_z256.h +++ b/include/gmssl/sm2_z256.h @@ -8,7 +8,6 @@ */ - #ifndef GMSSL_SM2_Z256_H #define GMSSL_SM2_Z256_H @@ -83,14 +82,14 @@ typedef struct { } SM2_Z256_POINT; void sm2_z256_point_set_infinity(SM2_Z256_POINT *P); -int sm2_z256_point_from_bytes(SM2_Z256_POINT *P, const uint8_t in[64]); -void sm2_z256_point_to_bytes(const SM2_Z256_POINT *P, uint8_t out[64]); - int sm2_z256_point_is_at_infinity(const SM2_Z256_POINT *P); +int sm2_z256_point_to_bytes(const SM2_Z256_POINT *P, uint8_t out[64]); +int sm2_z256_point_from_bytes(SM2_Z256_POINT *P, const uint8_t in[64]); +int sm2_z256_point_from_hex(SM2_Z256_POINT *P, const char *hex); +int sm2_z256_point_equ_hex(const SM2_Z256_POINT *P, const char *hex); int sm2_z256_point_is_on_curve(const SM2_Z256_POINT *P); int sm2_z256_point_equ(const SM2_Z256_POINT *P, const SM2_Z256_POINT *Q); // equivalent jacobian points -void sm2_z256_point_get_xy(const SM2_Z256_POINT *P, uint64_t x[4], uint64_t y[4]); - +int sm2_z256_point_get_xy(const SM2_Z256_POINT *P, uint64_t x[4], uint64_t y[4]); void sm2_z256_point_dbl(SM2_Z256_POINT *R, const SM2_Z256_POINT *A); void sm2_z256_point_add(SM2_Z256_POINT *r, const SM2_Z256_POINT *a, const SM2_Z256_POINT *b); @@ -119,8 +118,6 @@ const uint64_t *sm2_z256_order(void); const uint64_t *sm2_z256_order_minus_one(void); const uint64_t *sm2_z256_one(void); -void sm2_z256_point_from_hex(SM2_Z256_POINT *P, const char *hex); -int sm2_z256_point_equ_hex(const SM2_Z256_POINT *P, const char *hex); enum { SM2_point_at_infinity = 0x00, diff --git a/src/pbkdf2.c b/src/pbkdf2.c deleted file mode 100644 index 8c1ffe77e..000000000 --- a/src/pbkdf2.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -/* - PBKDF2 (P, S, c, dkLen) - - Options: PRF underlying pseudorandom function (hLen - denotes the length in octets of the - pseudorandom function output) - - Input: P password, an octet string - S salt, an octet string - c iteration count, a positive integer - dkLen intended length in octets of the derived - key, a positive integer, at most - (2^32 - 1) * hLen - - Output: DK derived key, a dkLen-octet string - - Steps: - - 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and - stop. - - 2. Let l be the number of hLen-octet blocks in the derived key, - rounding up, and let r be the number of octets in the last - block: - - l = CEIL (dkLen / hLen) , - r = dkLen - (l - 1) * hLen . - - Here, CEIL (x) is the "ceiling" function, i.e. the smallest - integer greater than, or equal to, x. - - 3. For each block of the derived key apply the function F defined - below to the password P, the salt S, the iteration count c, and - the block index to compute the block: - - T_1 = F (P, S, c, 1) , - T_2 = F (P, S, c, 2) , - ... - T_l = F (P, S, c, l) , - - where the function F is defined as the exclusive-or sum of the - first c iterates of the underlying pseudorandom function PRF - applied to the password P and the concatenation of the salt S - and the block index i: - - F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c - - where - - U_1 = PRF (P, S || INT (i)) , - U_2 = PRF (P, U_1) , - ... - U_c = PRF (P, U_{c-1}) . - - Here, INT (i) is a four-octet encoding of the integer i, most - significant octet first. - - 4. Concatenate the blocks and extract the first dkLen octets to - produce a derived key DK: - - DK = T_1 || T_2 || ... || T_l<0..r-1> - - 5. Output the derived key DK. -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -int pbkdf2_genkey(const DIGEST *digest, - const char *pass, size_t passlen, - const uint8_t *salt, size_t saltlen, size_t count, - size_t outlen, uint8_t *out) -{ - HMAC_CTX ctx; - HMAC_CTX ctx_tmpl; - uint32_t iter = 1; - uint8_t iter_be[4]; - uint8_t tmp_block[64]; - uint8_t key_block[64]; - size_t len; - - hmac_init(&ctx_tmpl, digest, (uint8_t *)pass, passlen); - - while (outlen > 0) { - size_t i; - - PUTU32(iter_be, iter); - iter++; - - ctx = ctx_tmpl; - hmac_update(&ctx, salt, saltlen); - hmac_update(&ctx, iter_be, sizeof(iter_be)); - hmac_finish(&ctx, tmp_block, &len); - memcpy(key_block, tmp_block, len); - - for (i = 1; i < count; i++) { - ctx = ctx_tmpl; - hmac_update(&ctx, tmp_block, len); - hmac_finish(&ctx, tmp_block, &len); - memxor(key_block, tmp_block, len); - } - - if (outlen < len) { - memcpy(out, key_block, outlen); - out += outlen; - outlen = 0; - } else { - memcpy(out, key_block, len); - out += len; - outlen -= len; - } - } - - memset(&ctx, 0, sizeof(ctx)); - memset(key_block, 0, sizeof(key_block)); - memset(tmp_block, 0, sizeof(key_block)); - return 1; -} - -/* -int pbkdf2_hmac_sm3_genkey( - const char *pass, size_t passlen, - const uint8_t *salt, size_t saltlen, size_t count, - size_t outlen, uint8_t *out) -{ - SM3_HMAC_CTX ctx; - SM3_HMAC_CTX ctx_tmpl; - uint32_t iter = 1; - uint8_t iter_be[4]; - uint8_t tmp_block[SM3_DIGEST_SIZE]; - uint8_t key_block[SM3_DIGEST_SIZE]; - // TODO: a bug in 3.0.0 is fixied. How to update release version 3.0.0 ? A test is also required! - - sm3_hmac_init(&ctx_tmpl, (uint8_t *)pass, passlen); - - while (outlen > 0) { - size_t i; - - PUTU32(iter_be, iter); - iter++; - - ctx = ctx_tmpl; - sm3_hmac_update(&ctx, salt, saltlen); - sm3_hmac_update(&ctx, iter_be, sizeof(iter_be)); - sm3_hmac_finish(&ctx, tmp_block); - memcpy(key_block, tmp_block, SM3_DIGEST_SIZE); - - for (i = 1; i < count; i++) { - ctx = ctx_tmpl; - sm3_hmac_update(&ctx, tmp_block, SM3_DIGEST_SIZE); - sm3_hmac_finish(&ctx, tmp_block); - memxor(key_block, tmp_block, SM3_DIGEST_SIZE); - } - - if (outlen < SM3_DIGEST_SIZE) { - memcpy(out, key_block, outlen); - out += outlen; - outlen = 0; - } else { - memcpy(out, key_block, SM3_DIGEST_SIZE); - out += SM3_DIGEST_SIZE; - outlen -= SM3_DIGEST_SIZE; - } - } - - memset(&ctx, 0, sizeof(ctx)); - memset(key_block, 0, sizeof(key_block)); - memset(tmp_block, 0, sizeof(key_block)); - return 1; -} -*/ diff --git a/src/sm2_enc.c b/src/sm2_enc.c index 2840e2337..a03e0e7b3 100644 --- a/src/sm2_enc.c +++ b/src/sm2_enc.c @@ -11,10 +11,9 @@ #include #include #include -#include #include -#include #include +#include #include #include #include @@ -31,6 +30,34 @@ static int all_zero(const uint8_t *buf, size_t len) return 1; } +int sm2_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out) +{ + SM3_CTX ctx; + uint8_t counter_be[4]; + uint8_t dgst[SM3_DIGEST_SIZE]; + uint32_t counter = 1; + size_t len; + + while (outlen) { + PUTU32(counter_be, counter); + counter++; + + sm3_init(&ctx); + sm3_update(&ctx, in, inlen); + sm3_update(&ctx, counter_be, sizeof(counter_be)); + sm3_finish(&ctx, dgst); + + len = outlen < SM3_DIGEST_SIZE ? outlen : SM3_DIGEST_SIZE; + memcpy(out, dgst, len); + out += len; + outlen -= len; + } + + memset(&ctx, 0, sizeof(SM3_CTX)); + memset(dgst, 0, sizeof(dgst)); + return 1; +} + int sm2_do_encrypt_pre_compute(sm2_z256_t k, uint8_t C1[64]) { SM2_Z256_POINT P; @@ -50,7 +77,6 @@ int sm2_do_encrypt_pre_compute(sm2_z256_t k, uint8_t C1[64]) return 1; } - // key->public_key will not be point_at_infinity when decoded from_bytes/octets/der int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out) { diff --git a/src/sm2_sign.c b/src/sm2_sign.c index 3ae48eb9c..15e900618 100644 --- a/src/sm2_sign.c +++ b/src/sm2_sign.c @@ -13,7 +13,6 @@ #include #include #include -#include #include #include #include @@ -391,35 +390,6 @@ int sm2_compute_z(uint8_t z[32], const SM2_Z256_POINT *pub, const char *id, size return 1; } -int sm2_kdf(const uint8_t *in, size_t inlen, size_t outlen, uint8_t *out) -{ - SM3_CTX ctx; - uint8_t counter_be[4]; - uint8_t dgst[SM3_DIGEST_SIZE]; - uint32_t counter = 1; - size_t len; - - while (outlen) { - PUTU32(counter_be, counter); - counter++; - - sm3_init(&ctx); - sm3_update(&ctx, in, inlen); - sm3_update(&ctx, counter_be, sizeof(counter_be)); - sm3_finish(&ctx, dgst); - - len = outlen < SM3_DIGEST_SIZE ? outlen : SM3_DIGEST_SIZE; - memcpy(out, dgst, len); - out += len; - outlen -= len; - } - - memset(&ctx, 0, sizeof(SM3_CTX)); - memset(dgst, 0, sizeof(dgst)); - return 1; -} - - int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen) { size_t i; diff --git a/src/sm2_z256.c b/src/sm2_z256.c index 8113af382..bc2587ded 100644 --- a/src/sm2_z256.c +++ b/src/sm2_z256.c @@ -569,6 +569,7 @@ void sm2_z256_modp_mont_exp(uint64_t r[4], const uint64_t a[4], const uint64_t e sm2_z256_copy(r, t); } +// caller should check a != 0 void sm2_z256_modp_mont_inv(uint64_t r[4], const uint64_t a[4]) { uint64_t a1[4]; @@ -997,9 +998,16 @@ int sm2_z256_point_is_on_curve(const SM2_Z256_POINT *P) return 1; } -// 当Z == 0时会怎么样 -void sm2_z256_point_get_xy(const SM2_Z256_POINT *P, uint64_t x[4], uint64_t y[4]) +int sm2_z256_point_get_xy(const SM2_Z256_POINT *P, uint64_t x[4], uint64_t y[4]) { + if (sm2_z256_point_is_at_infinity(P) == 1) { + sm2_z256_set_zero(x); + if (y) { + sm2_z256_set_zero(y); + } + return 0; + } + if (sm2_z256_cmp(P->Z, SM2_Z256_MODP_MONT_ONE) == 0) { sm2_z256_modp_from_mont(x, P->X); if (y) { @@ -1019,6 +1027,8 @@ void sm2_z256_point_get_xy(const SM2_Z256_POINT *P, uint64_t x[4], uint64_t y[4] sm2_z256_modp_from_mont(y, y); } } + + return 1; } // impl with modified jacobian coordinates @@ -1032,23 +1042,6 @@ void sm2_z256_point_dbl_x5(SM2_Z256_POINT *R, const SM2_Z256_POINT *A) sm2_z256_point_dbl(R, R); } -void sm2_z256_point_multi_dbl(SM2_Z256_POINT *R, const SM2_Z256_POINT *P, unsigned int i) -{ - const uint64_t *X1 = P->X; - const uint64_t *Y1 = P->Y; - const uint64_t *Z1 = P->Z; - uint64_t *X3 = R->X; - uint64_t *Y3 = R->Y; - uint64_t *Z3 = R->Z; - uint64_t A[4]; - uint64_t B[4]; - uint64_t C[4]; - uint64_t D[4]; - uint64_t E[4]; - - // A = Z1^2 -} - #ifndef ENABLE_SM2_Z256_ARMV8 void sm2_z256_point_dbl(SM2_Z256_POINT *R, const SM2_Z256_POINT *A) { @@ -1337,15 +1330,17 @@ int sm2_z256_point_print(FILE *fp, int fmt, int ind, const char *label, const SM uint64_t y[4]; uint8_t affine[64]; - sm2_z256_point_get_xy(P, x, y); - sm2_z256_to_bytes(x, affine); - sm2_z256_to_bytes(y, affine + 32); - format_bytes(fp, fmt, ind, label, affine, 64); + if (sm2_z256_point_is_at_infinity(P) == 1) { + format_print(fp, fmt, ind, "%s: point_at_infinity\n", label); + } else { + uint8_t bytes[64]; + sm2_z256_point_to_bytes(P, bytes); + format_bytes(fp, fmt, ind, label, bytes, 64); + } return 1; } - void sm2_z256_point_copy_affine(SM2_Z256_POINT *R, const SM2_Z256_AFFINE_POINT *P) { memcpy(R, P, sizeof(SM2_Z256_AFFINE_POINT)); @@ -1516,6 +1511,13 @@ int sm2_z256_point_from_bytes(SM2_Z256_POINT *P, const uint8_t in[64]) error_print(); return -1; } + + // point_at_infinity + if (sm2_z256_is_zero(P->X) == 1 && sm2_z256_is_zero(P->Y) == 1) { + sm2_z256_point_set_infinity(P); + return 0; + } + sm2_z256_modp_to_mont(P->X, P->X); sm2_z256_modp_to_mont(P->Y, P->Y); sm2_z256_copy(P->Z, SM2_Z256_MODP_MONT_ONE); @@ -1533,7 +1535,6 @@ int sm2_z256_point_set_xy(SM2_Z256_POINT *R, const sm2_z256_t x, const sm2_z256_ error_print(); return -1; } - if (sm2_z256_cmp(y, sm2_z256_prime()) >= 0) { error_print(); return -1; @@ -1550,23 +1551,34 @@ int sm2_z256_point_set_xy(SM2_Z256_POINT *R, const sm2_z256_t x, const sm2_z256_ return 1; } -void sm2_z256_point_from_hex(SM2_Z256_POINT *P, const char *hex) +int sm2_z256_point_from_hex(SM2_Z256_POINT *P, const char *hex) { uint8_t bytes[64]; size_t len; + int ret; hex_to_bytes(hex, 128, bytes, &len); - sm2_z256_point_from_bytes(P, bytes); + if ((ret = sm2_z256_point_from_bytes(P, bytes)) < 0) { + error_print(); + return -1; + } + return ret; } -void sm2_z256_point_to_bytes(const SM2_Z256_POINT *P, uint8_t out[64]) +// point_at_infinity should not to_bytes +int sm2_z256_point_to_bytes(const SM2_Z256_POINT *P, uint8_t out[64]) { uint64_t x[4]; uint64_t y[4]; + int ret; - sm2_z256_point_get_xy(P, x, y); + if ((ret = sm2_z256_point_get_xy(P, x, y)) < 0) { + error_print(); + return -1; + } sm2_z256_to_bytes(x, out); sm2_z256_to_bytes(y, out + 32); + return ret; } int sm2_z256_point_equ(const SM2_Z256_POINT *P, const SM2_Z256_POINT *Q) @@ -1603,11 +1615,14 @@ int sm2_z256_point_equ_hex(const SM2_Z256_POINT *P, const char *hex) uint8_t hex_bytes[64]; size_t len; - sm2_z256_point_to_bytes(P, P_bytes); + if (sm2_z256_point_to_bytes(P, P_bytes) < 0) { + error_print(); + return 0; + } + hex_to_bytes(hex, 128, hex_bytes, &len); if (memcmp(P_bytes, hex_bytes, 64) != 0) { - error_print(); return 0; } return 1; @@ -1710,13 +1725,11 @@ int sm2_z256_point_to_compressed_octets(const SM2_Z256_POINT *P, uint8_t out[33] sm2_z256_t x; sm2_z256_t y; - if (sm2_z256_point_is_at_infinity(P)) { + if (sm2_z256_point_get_xy(P, x, y) != 1) { error_print(); return -1; } - sm2_z256_point_get_xy(P, x, y); - if (sm2_z256_is_odd(y)) { out[0] = SM2_point_compressed_y_odd; } else { @@ -1735,7 +1748,7 @@ int sm2_z256_point_to_uncompressed_octets(const SM2_Z256_POINT *P, uint8_t out[6 return -1; } out[0] = SM2_point_uncompressed; - sm2_z256_point_to_bytes(P, out + 1); + (void)sm2_z256_point_to_bytes(P, out + 1); return 1; } diff --git a/tests/sm2_z256test.c b/tests/sm2_z256test.c index e8972d6fb..43eca63a1 100644 --- a/tests/sm2_z256test.c +++ b/tests/sm2_z256test.c @@ -21,16 +21,20 @@ #include -/* -TODO: 验证点加、倍点等计算是否支持无穷远点、共轭点等特殊形势 +// 计算中如何涉及无穷远点会怎么样 +static int test_sm2_z256_point_at_infinity(void) +{ + return 1; +} -*/ enum { OP_ADD, OP_DBL, + OP_TRI, OP_SUB, OP_NEG, + OP_HAF, OP_MUL, OP_SQR, OP_EXP, @@ -68,6 +72,30 @@ static int test_sm2_z256_rshift(void) return 1; } +static int test_sm2_z256_from_bytes(void) +{ + const uint8_t be[32] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10, + 0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20, + }; + + // 应该选一个to_bytes和一个from_bytes + + sm2_z256_t a; + uint8_t buf[32]; + + sm2_z256_from_bytes(a, be); + sm2_z256_to_bytes(a, buf); + + if (memcmp(buf, be, sizeof(be)) != 0) { + error_print(); + return -1; + } + + printf("%s() ok\n", __FUNCTION__); + return 1; +} + static int test_sm2_z256_modp_mont_sqrt(void) { uint64_t a[4]; @@ -114,6 +142,18 @@ static int test_sm2_z256_modp(void) "bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0", }, { + "2*y (mod p)", OP_DBL, + "786e6d46e9ecef38b37b9dc6d6d242a7a1530efa8c548e7f05be65ca4273e141", + "bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0", + NULL, + }, + { + "3*y (mod p)", OP_TRI, + "34a5a3eadee366d50d396caa423b63fb71fc9678527ed5be089d98af63add1e2", + "bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0", + NULL, + }, + { "x - y (mod p)", OP_SUB, "768d77882a23097d05db3562fed0a840bf3984422c3bc4a26e7b12a412128426", "32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7", @@ -132,6 +172,18 @@ static int test_sm2_z256_modp(void) NULL, }, { + "x/2 (mod p)", OP_HAF, + "996257158f8cc08cafcc8223351ce4ca47f185df793305f138ad22c499a63a63", + "32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7", + NULL, + }, + { + "y/2 (mod p)", OP_HAF, + "5e1b9b517a7b3bce2cdee771b5b490a9e854c3be631523a0016f9972909cf850", + "bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0", + NULL, + }, + { "x * y (mod p)", OP_MUL, "edd7e745bdc4630ccfa1da1057033a525346dbf202f082f3c431349991ace76a", "32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7", @@ -175,12 +227,21 @@ static int test_sm2_z256_modp(void) case OP_ADD: sm2_z256_modp_add(c, a, b); break; + case OP_DBL: + sm2_z256_modp_dbl(c, a); + break; + case OP_TRI: + sm2_z256_modp_tri(c, a); + break; case OP_SUB: sm2_z256_modp_sub(c, a, b); break; case OP_NEG: sm2_z256_modp_neg(c, a); break; + case OP_HAF: + sm2_z256_modp_haf(c, a); + break; case OP_MUL: sm2_z256_modp_to_mont(a, a); sm2_z256_modp_to_mont(b, b); @@ -362,6 +423,14 @@ static int test_sm2_z256_point_is_on_curve(void) "0000000100000000000000000000000000000000ffffffff0000000000000001", // mont(1) "0000000000000000000000000000000000000000000000000000000000000000", // 0 }, + /* + { + "Point at Infinity (X:Y:0) invalid format (might fail)", + "0000000000000000000000000000000000000000000000000000000000000002", // 2 + "0000000000000000000000000000000000000000000000000000000000000003", // 3 + "0000000000000000000000000000000000000000000000000000000000000000", // 0 + }, + */ { "Affine Point [1]G with Montgomery Coordinates", "91167a5ee1c13b05d6a1ed99ac24c3c33e7981eddca6c05061328990f418029e", // mont(x) @@ -442,7 +511,11 @@ static int test_sm2_z256_point_get_xy(void) sm2_z256_from_hex(P.Y, tests[i].mont_Y); sm2_z256_from_hex(P.Z, tests[i].mont_Z); - sm2_z256_point_get_xy(&P, x, NULL); + if (sm2_z256_point_get_xy(&P, x, NULL) < 0) { + error_print(); + return -1; + } + if (sm2_z256_equ_hex(x, tests[i].x) != 1) { error_print(); return -1; @@ -541,6 +614,7 @@ static int test_sm2_z256_point_add_conjugate(void) return 1; } +// 无穷远点相加应该还是无穷远点 static int test_sm2_z256_point_dbl_infinity(void) { SM2_Z256_POINT P_infinity; @@ -557,7 +631,6 @@ static int test_sm2_z256_point_dbl_infinity(void) printf("%s() ok\n", __FUNCTION__); return 1; - } @@ -874,12 +947,15 @@ static int test_sm2_z256_point_from_hash(void) int main(void) { - if (test_sm2_z256_point_dbl_infinity() != 1) goto err; - if (test_sm2_z256_point_ops() != 1) goto err; - if (test_sm2_z256_rshift() != 1) goto err; + + if (test_sm2_z256_from_bytes() != 1) goto err; + + if (test_sm2_z256_modp() != 1) goto err; + if (test_sm2_z256_modp_mont_sqrt() != 1) goto err; if (test_sm2_z256_modn() != 1) goto err; + if (test_sm2_z256_point_is_on_curve() != 1) goto err; if (test_sm2_z256_point_equ() != 1) goto err; if (test_sm2_z256_point_get_xy() != 1) goto err; @@ -887,7 +963,10 @@ int main(void) if (test_sm2_z256_point_mul_generator() != 1) goto err; if (test_sm2_z256_point_from_hash() != 1) goto err; if (test_sm2_z256_point_from_x_bytes() != 1) goto err; - if (test_sm2_z256_modp_mont_sqrt() != 1) goto err; + + + if (test_sm2_z256_point_dbl_infinity() != 1) goto err; + if (test_sm2_z256_point_ops() != 1) goto err; printf("%s all tests passed\n", __FILE__); return 0;