diff --git a/sm2/sm2_keyexchange.go b/sm2/sm2_keyexchange.go index ccfd635..e2a7739 100644 --- a/sm2/sm2_keyexchange.go +++ b/sm2/sm2_keyexchange.go @@ -221,7 +221,7 @@ func (ke *KeyExchange) RepondKeyExchange(rand io.Reader, rA *ecdsa.PublicKey) (* // It will check if there are peer's public key and validate the peer's Ephemeral Public Key. // // If the peer's signature is not empty, then it will also validate the peer's -// signature and return generated signature regardless KeyExchange.genSignature value. +// signature and return generated signature depends on KeyExchange.genSignature value. func (ke *KeyExchange) ConfirmResponder(rB *ecdsa.PublicKey, sB []byte) ([]byte, error) { if ke.peerPub == nil { return nil, errors.New("sm2: no peer public key given") @@ -258,6 +258,9 @@ func (ke *KeyExchange) ConfirmResponder(rB *ecdsa.PublicKey, sB []byte) ([]byte, return nil, errors.New("sm2: invalid responder's signature") } } + if !ke.genSignature { + return nil, nil + } return ke.sign(false, 0x03), nil } diff --git a/sm2/sm2_keyexchange_test.go b/sm2/sm2_keyexchange_test.go index 09ccacf..55bd5cc 100644 --- a/sm2/sm2_keyexchange_test.go +++ b/sm2/sm2_keyexchange_test.go @@ -43,6 +43,43 @@ func TestKeyExchangeSample(t *testing.T) { } } +func TestKeyExchangeSimplest(t *testing.T) { + priv1, _ := GenerateKey(rand.Reader) + priv2, _ := GenerateKey(rand.Reader) + initiator, err := NewKeyExchange(priv1, &priv2.PublicKey, nil, nil, 32, false) + if err != nil { + t.Fatal(err) + } + responder, err := NewKeyExchange(priv2, &priv1.PublicKey, nil, nil, 32, false) + if err != nil { + t.Fatal(err) + } + rA, err := initiator.InitKeyExchange(rand.Reader) + if err != nil { + t.Fatal(err) + } + + rB, s2, err := responder.RepondKeyExchange(rand.Reader, rA) + if err != nil { + t.Fatal(err) + } + if len(s2) != 0 { + t.Errorf("should be no siganature") + } + + s1, err := initiator.ConfirmResponder(rB, nil) + if err != nil { + t.Fatal(err) + } + if len(s1) != 0 { + t.Errorf("should be no siganature") + } + + if hex.EncodeToString(initiator.GetSharedKey()) != hex.EncodeToString(responder.GetSharedKey()) { + t.Errorf("got different key") + } +} + func TestSetPeerParameters(t *testing.T) { priv1, _ := GenerateKey(rand.Reader) priv2, _ := GenerateKey(rand.Reader) @@ -69,12 +106,6 @@ func TestSetPeerParameters(t *testing.T) { t.Fatal(err) } - // call twice - err = initiator.SetPeerParameters(&priv2.PublicKey, uidB) - if err == nil { - t.Fatalf("expected error") - } - err = responder.SetPeerParameters(&priv1.PublicKey, uidA) if err != nil { t.Fatal(err) diff --git a/sm9/sm9.go b/sm9/sm9.go index 216739e..d7e13c7 100644 --- a/sm9/sm9.go +++ b/sm9/sm9.go @@ -602,7 +602,9 @@ func (ke *KeyExchange) ConfirmResponder(rB *bn256.G1, sB []byte) ([]byte, error) } } ke.generateSharedKey(false) - + if !ke.genSignature { + return nil, nil + } return ke.sign(false, 0x83), nil } diff --git a/sm9/sm9_test.go b/sm9/sm9_test.go index 32826b7..f0e2ab1 100644 --- a/sm9/sm9_test.go +++ b/sm9/sm9_test.go @@ -244,6 +244,56 @@ func TestKeyExchange(t *testing.T) { } } +func TestKeyExchangeWithoutSignature(t *testing.T) { + hid := byte(0x02) + userA := []byte("Alice") + userB := []byte("Bob") + masterKey, err := GenerateEncryptMasterKey(rand.Reader) + if err != nil { + t.Fatal(err) + } + + userKey, err := masterKey.GenerateUserKey(userA, hid) + if err != nil { + t.Fatal(err) + } + initiator := NewKeyExchange(userKey, userA, userB, 16, false) + + userKey, err = masterKey.GenerateUserKey(userB, hid) + if err != nil { + t.Fatal(err) + } + responder := NewKeyExchange(userKey, userB, userA, 16, false) + + // A1-A4 + rA, err := initiator.InitKeyExchange(rand.Reader, hid) + if err != nil { + t.Fatal(err) + } + + // B1 - B7 + rB, sigB, err := responder.RepondKeyExchange(rand.Reader, hid, rA) + if err != nil { + t.Fatal(err) + } + if len(sigB) != 0 { + t.Errorf("should no signature") + } + + // A5 -A8 + sigA, err := initiator.ConfirmResponder(rB, sigB) + if err != nil { + t.Fatal(err) + } + if len(sigA) != 0 { + t.Errorf("should no signature") + } + + if hex.EncodeToString(initiator.GetSharedKey()) != hex.EncodeToString(responder.GetSharedKey()) { + t.Errorf("got different key") + } +} + func TestWrapKey(t *testing.T) { masterKey, err := GenerateEncryptMasterKey(rand.Reader) hid := byte(0x01)