gmsm/sm9/sm9_test.go

package sm9

import (
	"bytes"
	"crypto/rand"
	"encoding/hex"
	"testing"
)

func TestSignASN1(t *testing.T) {
	masterKey, err := GenerateSignMasterKey(rand.Reader)
	hashed := []byte("Chinese IBS standard")
	uid := []byte("emmansun")
	hid := byte(0x01)
	if err != nil {
		t.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		t.Fatal(err)
	}
	sig, err := userKey.Sign(rand.Reader, hashed, nil)
	if err != nil {
		t.Fatal(err)
	}
	if !masterKey.Public().Verify(uid, hid, hashed, sig) {
		t.Errorf("Verify failed")
	}
	sig[0] = 0xff
	if masterKey.Public().Verify(uid, hid, hashed, sig) {
		t.Errorf("Verify with invalid asn1 format successed")
	}
}

func TestParseInvalidASN1(t *testing.T) {
	tests := []struct {
		name   string
		sigHex string
	}{
		// TODO: Add test cases.
		{"invalid point format", "30660420723a8b38dd2441c2aa1c3ec092eaa34996c53bf9ca7515272395c012ab6e6e070342000C389fc45b711d9dfd9d91958f64d89d3528cf577c6dc2bc792c2969188e76865e16c2d85419f8f923a0e77c7f269c0eeb97b6c4d7e2735189180ec719a380fe1d"},
		{"invalid point encoding length", "30660420723a8b38dd2441c2aa1c3ec092eaa34996c53bf9ca7515272395c012ab6e6e0703420004389fc45b711d9dfd9d91958f64d89d3528cf577c6dc2bc792c2969188e76865e16c2d85419f8f923a0e77c7f269c0eeb97b6c4d7e2735189180ec719a380fe"},
	}
	for _, tt := range tests {
		sig, err := hex.DecodeString(tt.sigHex)
		if err != nil {
			t.Fatal(err)
		}
		_, _, err = parseSignature(sig)
		if err == nil {
			t.Errorf("%s should be failed", tt.name)
		}
	}
}

func TestWrapKey(t *testing.T) {
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		t.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		t.Fatal(err)
	}
	key, cipher, err := masterKey.Public().WrapKey(rand.Reader, uid, hid, 16)
	if err != nil {
		t.Fatal(err)
	}

	key2, err := userKey.UnwrapKey(uid, cipher, 16)
	if err != nil {
		t.Fatal(err)
	}

	if !bytes.Equal(key, key2) {
		t.Errorf("expected %x, got %x", key, key2)
	}
}

func TestWrapKeyASN1(t *testing.T) {
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		t.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		t.Fatal(err)
	}
	keyPackage, err := masterKey.Public().WrapKeyASN1(rand.Reader, uid, hid, 16)
	if err != nil {
		t.Fatal(err)
	}

	key1, cipher, err := UnmarshalSM9KeyPackage(keyPackage)
	if err != nil {
		t.Fatal(err)
	}

	key2, err := UnwrapKey(userKey, uid, cipher, 16)
	if err != nil {
		t.Fatal(err)
	}

	if !bytes.Equal(key1, key2) {
		t.Errorf("expected %x, got %x", key1, key2)
	}
}

func TestEncryptDecrypt(t *testing.T) {
	plaintext := []byte("Chinese IBE standard")
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		t.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		t.Fatal(err)
	}
	encTypes := []EncrypterOpts{
		DefaultEncrypterOpts, SM4ECBEncrypterOpts, SM4CBCEncrypterOpts, SM4CFBEncrypterOpts, SM4OFBEncrypterOpts,
	}
	for _, opts := range encTypes {
		cipher, err := Encrypt(rand.Reader, masterKey.Public(), uid, hid, plaintext, opts)
		if err != nil {
			t.Fatal(err)
		}

		got, err := Decrypt(userKey, uid, cipher, opts)
		if err != nil {
			t.Fatal(err)
		}
		if string(got) != string(plaintext) {
			t.Errorf("expected %v, got %v\n", string(plaintext), string(got))
		}

		got, err = userKey.Decrypt(uid, cipher, opts)
		if err != nil {
			t.Fatalf("encType %v, first byte %x, %v", opts.GetEncryptType(), cipher[0], err)
		}

		if string(got) != string(plaintext) {
			t.Errorf("expected %v, got %v\n", string(plaintext), string(got))
		}
	}
}

func TestEncryptEmptyPlaintext(t *testing.T) {
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		t.Fatal(err)
	}
	encTypes := []EncrypterOpts{
		DefaultEncrypterOpts, SM4ECBEncrypterOpts, SM4CBCEncrypterOpts, SM4CFBEncrypterOpts, SM4OFBEncrypterOpts,
	}
	for _, opts := range encTypes {
		_, err := Encrypt(rand.Reader, masterKey.Public(), uid, hid, nil, opts)
		if err != ErrEmptyPlaintext {
			t.Fatalf("should be ErrEmptyPlaintext")
		}
	}
}

func TestEncryptDecryptASN1(t *testing.T) {
	plaintext := []byte("Chinese IBE standard")
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		t.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		t.Fatal(err)
	}
	encTypes := []EncrypterOpts{
		DefaultEncrypterOpts, SM4ECBEncrypterOpts, SM4CBCEncrypterOpts, SM4CFBEncrypterOpts, SM4OFBEncrypterOpts,
	}
	for _, opts := range encTypes {
		cipher, err := EncryptASN1(rand.Reader, masterKey.Public(), uid, hid, plaintext, opts)
		if err != nil {
			t.Fatal(err)
		}

		got, err := DecryptASN1(userKey, uid, cipher)
		if err != nil {
			t.Fatal(err)
		}

		if string(got) != string(plaintext) {
			t.Errorf("expected %v, got %v\n", string(plaintext), string(got))
		}

		got, err = userKey.DecryptASN1(uid, cipher)
		if err != nil {
			t.Fatal(err)
		}

		if string(got) != string(plaintext) {
			t.Errorf("expected %v, got %v\n", string(plaintext), string(got))
		}
	}
}

func TestUnmarshalSM9KeyPackage(t *testing.T) {
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		t.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		t.Fatal(err)
	}
	p, err := masterKey.Public().WrapKeyASN1(rand.Reader, uid, hid, 16)
	if err != nil {
		t.Fatal(err)
	}

	key, cipher, err := UnmarshalSM9KeyPackage(p)
	if err != nil {
		t.Fatal(err)
	}

	key2, err := UnwrapKey(userKey, uid, cipher, 16)
	if err != nil {
		t.Fatal(err)
	}

	if hex.EncodeToString(key) != hex.EncodeToString(key2) {
		t.Errorf("expected %v, got %v\n", hex.EncodeToString(key), hex.EncodeToString(key2))
	}
}

func TestKeyExchange(t *testing.T) {
	hid := byte(0x02)
	userA := []byte("Alice")
	userB := []byte("Bob")
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	if err != nil {
		t.Fatal(err)
	}

	userKey, err := masterKey.GenerateUserKey(userA, hid)
	if err != nil {
		t.Fatal(err)
	}
	initiator := userKey.NewKeyExchange(userA, userB, 16, true)

	userKey, err = masterKey.GenerateUserKey(userB, hid)
	if err != nil {
		t.Fatal(err)
	}
	responder := userKey.NewKeyExchange(userB, userA, 16, true)
	defer func() {
		initiator.Destroy()
		responder.Destroy()
	}()
	// A1-A4
	rA, err := initiator.InitKeyExchange(rand.Reader, hid)
	if err != nil {
		t.Fatal(err)
	}

	// B1 - B7
	rB, sigB, err := responder.RespondKeyExchange(rand.Reader, hid, rA)
	if err != nil {
		t.Fatal(err)
	}

	// A5 -A8
	key1, sigA, err := initiator.ConfirmResponder(rB, sigB)
	if err != nil {
		t.Fatal(err)
	}

	// B8
	key2, err := responder.ConfirmInitiator(sigA)
	if err != nil {
		t.Fatal(err)
	}

	if hex.EncodeToString(key1) != hex.EncodeToString(key2) {
		t.Errorf("got different key")
	}
}

func TestKeyExchangeWithoutSignature(t *testing.T) {
	hid := byte(0x02)
	userA := []byte("Alice")
	userB := []byte("Bob")
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	if err != nil {
		t.Fatal(err)
	}

	userKey, err := masterKey.GenerateUserKey(userA, hid)
	if err != nil {
		t.Fatal(err)
	}
	initiator := userKey.NewKeyExchange(userA, userB, 16, false)

	userKey, err = masterKey.GenerateUserKey(userB, hid)
	if err != nil {
		t.Fatal(err)
	}
	responder := userKey.NewKeyExchange(userB, userA, 16, false)
	defer func() {
		initiator.Destroy()
		responder.Destroy()
	}()
	// A1-A4
	rA, err := initiator.InitKeyExchange(rand.Reader, hid)
	if err != nil {
		t.Fatal(err)
	}

	// B1 - B7
	rB, sigB, err := responder.RespondKeyExchange(rand.Reader, hid, rA)
	if err != nil {
		t.Fatal(err)
	}
	if len(sigB) != 0 {
		t.Errorf("should no signature")
	}

	// A5 -A8
	key1, sigA, err := initiator.ConfirmResponder(rB, sigB)
	if err != nil {
		t.Fatal(err)
	}
	if len(sigA) != 0 {
		t.Errorf("should no signature")
	}

	key2, err := responder.ConfirmInitiator(nil)
	if err != nil {
		t.Fatal(err)
	}

	if hex.EncodeToString(key1) != hex.EncodeToString(key2) {
		t.Errorf("got different key")
	}
}

func BenchmarkSign(b *testing.B) {
	hashed := []byte("Chinese IBS standard")
	uid := []byte("emmansun")
	hid := byte(0x01)

	masterKey, err := GenerateSignMasterKey(rand.Reader)
	if err != nil {
		b.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		b.Fatal(err)
	}
	SignASN1(rand.Reader, userKey, hashed) // fire precompute

	b.ReportAllocs()
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		sig, err := SignASN1(rand.Reader, userKey, hashed)
		if err != nil {
			b.Fatal(err)
		}
		// Prevent the compiler from optimizing out the operation.
		hashed[0] = sig[0]
	}
}

func BenchmarkVerify(b *testing.B) {
	hashed := []byte("Chinese IBS standard")
	uid := []byte("emmansun")
	hid := byte(0x01)

	masterKey, err := GenerateSignMasterKey(rand.Reader)
	if err != nil {
		b.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		b.Fatal(err)
	}
	sig, err := SignASN1(rand.Reader, userKey, hashed)
	if err != nil {
		b.Fatal(err)
	}
	b.ReportAllocs()
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		if !VerifyASN1(masterKey.Public(), uid, hid, hashed, sig) {
			b.Fatal("verify failed")
		}
	}
}

func BenchmarkEncrypt(b *testing.B) {
	plaintext := []byte("Chinese IBE standard")
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		b.Fatal(err)
	}
	b.ReportAllocs()
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		cipher, err := Encrypt(rand.Reader, masterKey.Public(), uid, hid, plaintext, nil)
		if err != nil {
			b.Fatal(err)
		}
		// Prevent the compiler from optimizing out the operation.
		plaintext[0] = cipher[0]
	}
}

func BenchmarkDecrypt(b *testing.B) {
	plaintext := []byte("Chinese IBE standard")
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		b.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		b.Fatal(err)
	}
	cipher, err := Encrypt(rand.Reader, masterKey.Public(), uid, hid, plaintext, nil)
	if err != nil {
		b.Fatal(err)
	}
	b.ReportAllocs()
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		got, err := Decrypt(userKey, uid, cipher, nil)
		if err != nil {
			b.Fatal(err)
		}
		if string(got) != string(plaintext) {
			b.Errorf("expected %v, got %v\n", string(plaintext), string(got))
		}
	}
}

func BenchmarkDecryptASN1(b *testing.B) {
	plaintext := []byte("Chinese IBE standard")
	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
	hid := byte(0x01)
	uid := []byte("emmansun")
	if err != nil {
		b.Fatal(err)
	}
	userKey, err := masterKey.GenerateUserKey(uid, hid)
	if err != nil {
		b.Fatal(err)
	}
	cipher, err := EncryptASN1(rand.Reader, masterKey.Public(), uid, hid, plaintext, nil)
	if err != nil {
		b.Fatal(err)
	}
	b.ReportAllocs()
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		got, err := DecryptASN1(userKey, uid, cipher)
		if err != nil {
			b.Fatal(err)
		}
		if string(got) != string(plaintext) {
			b.Errorf("expected %v, got %v\n", string(plaintext), string(got))
		}
	}
}
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`package sm9`

			`import (`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`"bytes"`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`"crypto/rand"`
			`"encoding/hex"`
			`"testing"`
			`)`

			`func TestSignASN1(t *testing.T) {`
			`masterKey, err := GenerateSignMasterKey(rand.Reader)`
			`hashed := []byte("Chinese IBS standard")`
			`uid := []byte("emmansun")`
			`hid := byte(0x01)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: improve test coverage 2022-11-28 10:55:23 +08:00			`sig, err := userKey.Sign(rand.Reader, hashed, nil)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: improve test coverage 2022-11-28 10:55:23 +08:00			`if !masterKey.Public().Verify(uid, hid, hashed, sig) {`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`t.Errorf("Verify failed")`
			`}`
sm9: add test cases 2022-12-02 15:49:48 +08:00			`sig[0] = 0xff`
			`if masterKey.Public().Verify(uid, hid, hashed, sig) {`
			`t.Errorf("Verify with invalid asn1 format successed")`
			`}`
			`}`

			`func TestParseInvalidASN1(t *testing.T) {`
			`tests := []struct {`
			`name string`
			`sigHex string`
			`}{`
			`// TODO: Add test cases.`
			`{"invalid point format", "30660420723a8b38dd2441c2aa1c3ec092eaa34996c53bf9ca7515272395c012ab6e6e070342000C389fc45b711d9dfd9d91958f64d89d3528cf577c6dc2bc792c2969188e76865e16c2d85419f8f923a0e77c7f269c0eeb97b6c4d7e2735189180ec719a380fe1d"},`
			`{"invalid point encoding length", "30660420723a8b38dd2441c2aa1c3ec092eaa34996c53bf9ca7515272395c012ab6e6e0703420004389fc45b711d9dfd9d91958f64d89d3528cf577c6dc2bc792c2969188e76865e16c2d85419f8f923a0e77c7f269c0eeb97b6c4d7e2735189180ec719a380fe"},`
			`}`
			`for _, tt := range tests {`
			`sig, err := hex.DecodeString(tt.sigHex)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`_, _, err = parseSignature(sig)`
			`if err == nil {`
			`t.Errorf("%s should be failed", tt.name)`
			`}`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`func TestWrapKey(t *testing.T) {`
			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`hid := byte(0x01)`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`uid := []byte("emmansun")`
sm9: use bigmod instead of math/big 2022-11-25 10:11:46 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`key, cipher, err := masterKey.Public().WrapKey(rand.Reader, uid, hid, 16)`
sm9: use bigmod instead of math/big 2022-11-25 10:11:46 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`key2, err := userKey.UnwrapKey(uid, cipher, 16)`
sm9: use bigmod instead of math/big 2022-11-25 10:11:46 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`if !bytes.Equal(key, key2) {`
			`t.Errorf("expected %x, got %x", key, key2)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`func TestWrapKeyASN1(t *testing.T) {`
add unit test case and fix typo 2022-08-03 16:31:02 +08:00			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`hid := byte(0x01)`
			`uid := []byte("emmansun")`
add unit test case and fix typo 2022-08-03 16:31:02 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
add unit test case and fix typo 2022-08-03 16:31:02 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`keyPackage, err := masterKey.Public().WrapKeyASN1(rand.Reader, uid, hid, 16)`
add unit test case and fix typo 2022-08-03 16:31:02 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`key1, cipher, err := UnmarshalSM9KeyPackage(keyPackage)`
add unit test case and fix typo 2022-08-03 16:31:02 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`key2, err := UnwrapKey(userKey, uid, cipher, 16)`
add unit test case and fix typo 2022-08-03 16:31:02 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`if !bytes.Equal(key1, key2) {`
			`t.Errorf("expected %x, got %x", key1, key2)`
add unit test case and fix typo 2022-08-03 16:31:02 +08:00			`}`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`func TestEncryptDecrypt(t *testing.T) {`
			`plaintext := []byte("Chinese IBE standard")`
sm2/9 key exchange: test no sign/verify case 2022-08-17 11:36:50 +08:00			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`hid := byte(0x01)`
			`uid := []byte("emmansun")`
sm2/9 key exchange: test no sign/verify case 2022-08-17 11:36:50 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
sm2/9 key exchange: test no sign/verify case 2022-08-17 11:36:50 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`encTypes := []EncrypterOpts{`
			`DefaultEncrypterOpts, SM4ECBEncrypterOpts, SM4CBCEncrypterOpts, SM4CFBEncrypterOpts, SM4OFBEncrypterOpts,`
sm2/9 key exchange: test no sign/verify case 2022-08-17 11:36:50 +08:00			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`for _, opts := range encTypes {`
			`cipher, err := Encrypt(rand.Reader, masterKey.Public(), uid, hid, plaintext, opts)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm2/9 key exchange: test no sign/verify case 2022-08-17 11:36:50 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`got, err := Decrypt(userKey, uid, cipher, opts)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if string(got) != string(plaintext) {`
			`t.Errorf("expected %v, got %v\n", string(plaintext), string(got))`
			`}`
sm2/9 key exchange: test no sign/verify case 2022-08-17 11:36:50 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`got, err = userKey.Decrypt(uid, cipher, opts)`
			`if err != nil {`
			`t.Fatalf("encType %v, first byte %x, %v", opts.GetEncryptType(), cipher[0], err)`
			`}`
sm2/sm9: key exchange, support to destroy internal state 2022-08-24 15:15:58 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`if string(got) != string(plaintext) {`
			`t.Errorf("expected %v, got %v\n", string(plaintext), string(got))`
			`}`
sm2/9 key exchange: test no sign/verify case 2022-08-17 11:36:50 +08:00			`}`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`func TestEncryptEmptyPlaintext(t *testing.T) {`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
			`hid := byte(0x01)`
			`uid := []byte("emmansun")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`encTypes := []EncrypterOpts{`
			`DefaultEncrypterOpts, SM4ECBEncrypterOpts, SM4CBCEncrypterOpts, SM4CFBEncrypterOpts, SM4OFBEncrypterOpts,`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`for _, opts := range encTypes {`
			`_, err := Encrypt(rand.Reader, masterKey.Public(), uid, hid, nil, opts)`
			`if err != ErrEmptyPlaintext {`
			`t.Fatalf("should be ErrEmptyPlaintext")`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`func TestEncryptDecryptASN1(t *testing.T) {`
			`plaintext := []byte("Chinese IBE standard")`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
			`hid := byte(0x01)`
			`uid := []byte("emmansun")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`encTypes := []EncrypterOpts{`
			`DefaultEncrypterOpts, SM4ECBEncrypterOpts, SM4CBCEncrypterOpts, SM4CFBEncrypterOpts, SM4OFBEncrypterOpts,`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`for _, opts := range encTypes {`
			`cipher, err := EncryptASN1(rand.Reader, masterKey.Public(), uid, hid, plaintext, opts)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`got, err := DecryptASN1(userKey, uid, cipher)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`if string(got) != string(plaintext) {`
			`t.Errorf("expected %v, got %v\n", string(plaintext), string(got))`
			`}`
sm9: add example test 2023-02-03 15:13:02 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`got, err = userKey.DecryptASN1(uid, cipher)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`if string(got) != string(plaintext) {`
			`t.Errorf("expected %v, got %v\n", string(plaintext), string(got))`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`
			`}`

			`func TestUnmarshalSM9KeyPackage(t *testing.T) {`
			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
			`hid := byte(0x01)`
			`uid := []byte("emmansun")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`p, err := masterKey.Public().WrapKeyASN1(rand.Reader, uid, hid, 16)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`key, cipher, err := UnmarshalSM9KeyPackage(p)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`key2, err := UnwrapKey(userKey, uid, cipher, 16)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`if hex.EncodeToString(key) != hex.EncodeToString(key2) {`
			`t.Errorf("expected %v, got %v\n", hex.EncodeToString(key), hex.EncodeToString(key2))`
			`}`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`func TestKeyExchange(t *testing.T) {`
			`hid := byte(0x02)`
			`userA := []byte("Alice")`
			`userB := []byte("Bob")`
			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
sm9: use bigmod instead of math/big 2022-11-25 10:11:46 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`userKey, err := masterKey.GenerateUserKey(userA, hid)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`initiator := userKey.NewKeyExchange(userA, userB, 16, true)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`userKey, err = masterKey.GenerateUserKey(userB, hid)`
sm9: use bigmod instead of math/big 2022-11-25 10:11:46 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`responder := userKey.NewKeyExchange(userB, userA, 16, true)`
			`defer func() {`
			`initiator.Destroy()`
			`responder.Destroy()`
			`}()`
			`// A1-A4`
			`rA, err := initiator.InitKeyExchange(rand.Reader, hid)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`// B1 - B7`
			`rB, sigB, err := responder.RespondKeyExchange(rand.Reader, hid, rA)`
sm9: use bigmod instead of math/big 2022-11-25 10:11:46 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`// A5 -A8`
			`key1, sigA, err := initiator.ConfirmResponder(rB, sigB)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`// B8`
			`key2, err := responder.ConfirmInitiator(sigA)`
sm9: use bigmod instead of math/big 2022-11-25 10:11:46 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`if hex.EncodeToString(key1) != hex.EncodeToString(key2) {`
			`t.Errorf("got different key")`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`func TestKeyExchangeWithoutSignature(t *testing.T) {`
			`hid := byte(0x02)`
			`userA := []byte("Alice")`
			`userB := []byte("Bob")`
			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
sm9: refactor encrypter mode 2023-02-13 14:36:34 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`userKey, err := masterKey.GenerateUserKey(userA, hid)`
sm9: refactor encrypter mode 2023-02-13 14:36:34 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`initiator := userKey.NewKeyExchange(userA, userB, 16, false)`
sm9: refactor encrypter mode 2023-02-13 14:36:34 +08:00
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`userKey, err = masterKey.GenerateUserKey(userB, hid)`
sm9: refactor encrypter mode 2023-02-13 14:36:34 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`responder := userKey.NewKeyExchange(userB, userA, 16, false)`
			`defer func() {`
			`initiator.Destroy()`
			`responder.Destroy()`
			`}()`
			`// A1-A4`
			`rA, err := initiator.InitKeyExchange(rand.Reader, hid)`
sm9: refactor encrypter mode 2023-02-13 14:36:34 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`// B1 - B7`
			`rB, sigB, err := responder.RespondKeyExchange(rand.Reader, hid, rA)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`if len(sigB) != 0 {`
			`t.Errorf("should no signature")`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`// A5 -A8`
			`key1, sigA, err := initiator.ConfirmResponder(rB, sigB)`
sm9: handle empty plaintext and invalid ciphertext size 2023-02-14 10:45:02 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`if len(sigA) != 0 {`
			`t.Errorf("should no signature")`
sm9: handle empty plaintext and invalid ciphertext size 2023-02-14 10:45:02 +08:00			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`key2, err := responder.ConfirmInitiator(nil)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

sm9: refactoring, do not expose bn256 types to caller #314 2025-03-13 13:46:14 +08:00			`if hex.EncodeToString(key1) != hex.EncodeToString(key2) {`
			`t.Errorf("got different key")`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`}`
			`}`

			`func BenchmarkSign(b *testing.B) {`
			`hashed := []byte("Chinese IBS standard")`
			`uid := []byte("emmansun")`
			`hid := byte(0x01)`

			`masterKey, err := GenerateSignMasterKey(rand.Reader)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`SignASN1(rand.Reader, userKey, hashed) // fire precompute`

			`b.ReportAllocs()`
			`b.ResetTimer()`
			`for i := 0; i < b.N; i++ {`
			`sig, err := SignASN1(rand.Reader, userKey, hashed)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`// Prevent the compiler from optimizing out the operation.`
			`hashed[0] = sig[0]`
			`}`
			`}`

			`func BenchmarkVerify(b *testing.B) {`
			`hashed := []byte("Chinese IBS standard")`
			`uid := []byte("emmansun")`
			`hid := byte(0x01)`

			`masterKey, err := GenerateSignMasterKey(rand.Reader)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`sig, err := SignASN1(rand.Reader, userKey, hashed)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`b.ReportAllocs()`
			`b.ResetTimer()`
			`for i := 0; i < b.N; i++ {`
			`if !VerifyASN1(masterKey.Public(), uid, hid, hashed, sig) {`
			`b.Fatal("verify failed")`
			`}`
			`}`
			`}`

			`func BenchmarkEncrypt(b *testing.B) {`
			`plaintext := []byte("Chinese IBE standard")`
			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
			`hid := byte(0x01)`
			`uid := []byte("emmansun")`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`b.ReportAllocs()`
			`b.ResetTimer()`
			`for i := 0; i < b.N; i++ {`
sm9: support non-xor modes 2023-02-10 17:19:50 +08:00			`cipher, err := Encrypt(rand.Reader, masterKey.Public(), uid, hid, plaintext, nil)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`// Prevent the compiler from optimizing out the operation.`
			`plaintext[0] = cipher[0]`
			`}`
			`}`

			`func BenchmarkDecrypt(b *testing.B) {`
			`plaintext := []byte("Chinese IBE standard")`
			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
			`hid := byte(0x01)`
			`uid := []byte("emmansun")`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
sm9: support non-xor modes 2023-02-10 17:19:50 +08:00			`cipher, err := Encrypt(rand.Reader, masterKey.Public(), uid, hid, plaintext, nil)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`b.ReportAllocs()`
			`b.ResetTimer()`
			`for i := 0; i < b.N; i++ {`
sm9: support non-xor modes 2023-02-10 17:19:50 +08:00			`got, err := Decrypt(userKey, uid, cipher, nil)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`if string(got) != string(plaintext) {`
			`b.Errorf("expected %v, got %v\n", string(plaintext), string(got))`
			`}`
			`}`
			`}`

			`func BenchmarkDecryptASN1(b *testing.B) {`
			`plaintext := []byte("Chinese IBE standard")`
			`masterKey, err := GenerateEncryptMasterKey(rand.Reader)`
			`hid := byte(0x01)`
			`uid := []byte("emmansun")`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`userKey, err := masterKey.GenerateUserKey(uid, hid)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
sm9: support non-xor modes 2023-02-10 17:19:50 +08:00			`cipher, err := EncryptASN1(rand.Reader, masterKey.Public(), uid, hid, plaintext, nil)`
run "gofmt -s -w" 2022-07-15 16:42:39 +08:00			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`b.ReportAllocs()`
			`b.ResetTimer()`
			`for i := 0; i < b.N; i++ {`
			`got, err := DecryptASN1(userKey, uid, cipher)`
			`if err != nil {`
			`b.Fatal(err)`
			`}`
			`if string(got) != string(plaintext) {`
			`b.Errorf("expected %v, got %v\n", string(plaintext), string(got))`
			`}`
			`}`
			`}`