sm2: add comments and refactor

2025-04-26 20:26:19 +08:00 · 2023-12-15 15:11:49 +08:00 · 2023-12-15 15:11:49 +08:00 · 515aa31259
commit 515aa31259
parent cad90f95ec
2 changed files with 27 additions and 19 deletions
--- a/sm2/sm2.go
+++ b/sm2/sm2.go
@ -620,7 +620,7 @@ func (priv *PrivateKey) inverseOfPrivateKeyPlus1(c *sm2Curve) (*bigmod.Nat, erro
 }
 func signSM2EC(c *sm2Curve, priv *PrivateKey, rand io.Reader, hash []byte) (sig []byte, err error) {
-	// get/compute inv(d+1)
+	// dp1Inv = (d+1)⁻¹
 	dp1Inv, err := priv.inverseOfPrivateKeyPlus1(c)
 	if err != nil {
 		return nil, err
@ -649,21 +649,27 @@ func signSM2EC(c *sm2Curve, priv *PrivateKey, rand io.Reader, hash []byte) (sig
 			if err != nil {
 				return nil, err
 			}
-			r.Add(e, c.N) // r = (Rx + e) mod N
+
 			// r = [Rx + e]
 			r.Add(e, c.N)
 			// checks if r is zero or [r+k] is zero
 			if r.IsZero() == 0 {
-				t := bigmod.NewNat().Set(k)
+				t := bigmod.NewNat().Set(k).Add(r, c.N)
-				t.Add(r, c.N)
+				if t.IsZero() == 0 {
 				if t.IsZero() == 0 { // if (r + k) != N then ok
 					break
 				}
 			}
 		}
 		// s = [r * d]
 		s, err = bigmod.NewNat().SetBytes(priv.D.Bytes(), c.N)
 		if err != nil {
 			return nil, err
 		}
 		s.Mul(r, c.N)
 		// k = [k - s]
 		k.Sub(s, c.N)
 		// k = [(d+1)⁻¹ * (k - r * d)]
 		k.Mul(dp1Inv, c.N)
 		if k.IsZero() == 0 {
 			break
@ -738,21 +744,25 @@ func verifySM2EC(c *sm2Curve, pub *ecdsa.PublicKey, hash, sig []byte) bool {
 	e := bigmod.NewNat()
 	hashToNat(c, e, hash)
 	// t = [r + s]
 	t := bigmod.NewNat().Set(r)
 	t.Add(s, c.N)
 	if t.IsZero() == 1 {
 		return false
 	}
 	// p₁ = [s]G
 	p1, err := c.newPoint().ScalarBaseMult(s.Bytes(c.N))
 	if err != nil {
 		return false
 	}
 	// p₂ = [t]Q
 	p2, err := Q.ScalarMult(Q, t.Bytes(c.N))
 	if err != nil {
 		return false
 	}
 	// BytesX returns an error for the point at infinity.
 	Rx, err := p1.Add(p1, p2).BytesX()
 	if err != nil {
 		return false
@ -762,8 +772,8 @@ func verifySM2EC(c *sm2Curve, pub *ecdsa.PublicKey, hash, sig []byte) bool {
 	if err != nil {
 		return false
 	}
 	v.Add(e, c.N)
 	return v.Equal(r) == 1
 }
--- a/sm2/sm2_envelopedkey.go
+++ b/sm2/sm2_envelopedkey.go
@ -9,7 +9,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
 	"math/big"
 	"github.com/emmansun/gmsm/cipher"
 	"github.com/emmansun/gmsm/sm4"
@ -106,9 +105,9 @@ func ParseEnvelopedPrivateKey(priv *PrivateKey, enveloped []byte) (*PrivateKey,
 	}
 	// parse public key
-	x, y := elliptic.Unmarshal(P256(), pub.RightAlign())
+	pubKey, err := NewPublicKey(pub.RightAlign())
-	if x == nil || y == nil {
+	if err != nil {
-		return nil, errors.New("sm2: invald public key in enveloped data")
+		return nil, err
 	}
 	// decrypt symmetric cipher key
@ -127,12 +126,11 @@ func ParseEnvelopedPrivateKey(priv *PrivateKey, enveloped []byte) (*PrivateKey,
 	plaintext := make([]byte, len(bytes))
 	mode.CryptBlocks(plaintext, bytes)
 	// Do we need to check length in order to be compatible with some implementations with padding?
-	sm2Key := new(PrivateKey)
+	sm2Key, err := NewPrivateKey(plaintext)
-	sm2Key.D = new(big.Int).SetBytes(plaintext)
+	if err != nil {
-	sm2Key.Curve = P256()
+		return nil, err
-	sm2Key.X, sm2Key.Y = sm2Key.ScalarBaseMult(plaintext)
+	}
-
+	if !sm2Key.PublicKey.Equal(pubKey) {
 	if sm2Key.X.Cmp(x) != 0 || sm2Key.Y.Cmp(y) != 0 {
 		return nil, errors.New("sm2: mismatch key pair in enveloped data")
 	}