OpenCoverage

sm2_sign.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/sm2/sm2_sign.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 * Copyright 2017 Ribose Inc. All Rights Reserved.-
4 * Ported from Ribose contributions from Botan.-
5 *-
6 * Licensed under the OpenSSL license (the "License"). You may not use-
7 * this file except in compliance with the License. You can obtain a copy-
8 * in the file LICENSE in the source distribution or at-
9 * https://www.openssl.org/source/license.html-
10 */-
11-
12#include "internal/sm2.h"-
13#include "internal/sm2err.h"-
14#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */-
15#include "internal/numbers.h"-
16#include <openssl/err.h>-
17#include <openssl/evp.h>-
18#include <openssl/err.h>-
19#include <openssl/bn.h>-
20#include <string.h>-
21-
22int sm2_compute_z_digest(uint8_t *out,-
23 const EVP_MD *digest,-
24 const uint8_t *id,-
25 const size_t id_len,-
26 const EC_KEY *key)-
27{-
28 int rc = 0;-
29 const EC_GROUP *group = EC_KEY_get0_group(key);-
30 BN_CTX *ctx = NULL;-
31 EVP_MD_CTX *hash = NULL;-
32 BIGNUM *p = NULL;-
33 BIGNUM *a = NULL;-
34 BIGNUM *b = NULL;-
35 BIGNUM *xG = NULL;-
36 BIGNUM *yG = NULL;-
37 BIGNUM *xA = NULL;-
38 BIGNUM *yA = NULL;-
39 int p_bytes = 0;-
40 uint8_t *buf = NULL;-
41 uint16_t entl = 0;-
42 uint8_t e_byte = 0;-
43-
44 hash = EVP_MD_CTX_new();-
45 ctx = BN_CTX_new();-
46 if (hash == NULL || ctx == NULL) {
hash == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
47 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);-
48 goto done;
never executed: goto done;
0
49 }-
50-
51 p = BN_CTX_get(ctx);-
52 a = BN_CTX_get(ctx);-
53 b = BN_CTX_get(ctx);-
54 xG = BN_CTX_get(ctx);-
55 yG = BN_CTX_get(ctx);-
56 xA = BN_CTX_get(ctx);-
57 yA = BN_CTX_get(ctx);-
58-
59 if (yA == NULL) {
yA == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
60 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);-
61 goto done;
never executed: goto done;
0
62 }-
63-
64 if (!EVP_DigestInit(hash, digest)) {
!EVP_DigestInit(hash, digest)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
65 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);-
66 goto done;
never executed: goto done;
0
67 }-
68-
69 /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */-
70-
71 if (id_len >= (UINT16_MAX / 8)) {
id_len >= ( (65535) / 8)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
72 /* too large */-
73 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, SM2_R_ID_TOO_LARGE);-
74 goto done;
never executed: goto done;
0
75 }-
76-
77 entl = (uint16_t)(8 * id_len);-
78-
79 e_byte = entl >> 8;-
80 if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
!EVP_DigestUpd...h, &e_byte, 1)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
81 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);-
82 goto done;
never executed: goto done;
0
83 }-
84 e_byte = entl & 0xFF;-
85 if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
!EVP_DigestUpd...h, &e_byte, 1)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
86 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);-
87 goto done;
never executed: goto done;
0
88 }-
89-
90 if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
id_len > 0Description
TRUEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
FALSEnever evaluated
!EVP_DigestUpd...h, id, id_len)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
91 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);-
92 goto done;
never executed: goto done;
0
93 }-
94-
95 if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
!EC_GROUP_get_... p, a, b, ctx)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
96 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EC_LIB);-
97 goto done;
never executed: goto done;
0
98 }-
99-
100 p_bytes = BN_num_bytes(p);-
101 buf = OPENSSL_zalloc(p_bytes);-
102 if (buf == NULL) {
buf == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
103 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);-
104 goto done;
never executed: goto done;
0
105 }-
106-
107 if (BN_bn2binpad(a, buf, p_bytes) < 0
BN_bn2binpad(a..., p_bytes) < 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
108 || !EVP_DigestUpdate(hash, buf, p_bytes)
!EVP_DigestUpd... buf, p_bytes)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
109 || BN_bn2binpad(b, buf, p_bytes) < 0
BN_bn2binpad(b..., p_bytes) < 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
110 || !EVP_DigestUpdate(hash, buf, p_bytes)
!EVP_DigestUpd... buf, p_bytes)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
111 || !EC_POINT_get_affine_coordinates(group,
!EC_POINT_get_..., xG, yG, ctx)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
112 EC_GROUP_get0_generator(group),
!EC_POINT_get_..., xG, yG, ctx)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
113 xG, yG, ctx)
!EC_POINT_get_..., xG, yG, ctx)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
114 || BN_bn2binpad(xG, buf, p_bytes) < 0
BN_bn2binpad(x..., p_bytes) < 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
115 || !EVP_DigestUpdate(hash, buf, p_bytes)
!EVP_DigestUpd... buf, p_bytes)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
116 || BN_bn2binpad(yG, buf, p_bytes) < 0
BN_bn2binpad(y..., p_bytes) < 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
117 || !EVP_DigestUpdate(hash, buf, p_bytes)
!EVP_DigestUpd... buf, p_bytes)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
118 || !EC_POINT_get_affine_coordinates(group,
!EC_POINT_get_..., xA, yA, ctx)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
119 EC_KEY_get0_public_key(key),
!EC_POINT_get_..., xA, yA, ctx)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
120 xA, yA, ctx)
!EC_POINT_get_..., xA, yA, ctx)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
121 || BN_bn2binpad(xA, buf, p_bytes) < 0
BN_bn2binpad(x..., p_bytes) < 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
122 || !EVP_DigestUpdate(hash, buf, p_bytes)
!EVP_DigestUpd... buf, p_bytes)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
123 || BN_bn2binpad(yA, buf, p_bytes) < 0
BN_bn2binpad(y..., p_bytes) < 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
124 || !EVP_DigestUpdate(hash, buf, p_bytes)
!EVP_DigestUpd... buf, p_bytes)Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
125 || !EVP_DigestFinal(hash, out, NULL)) {
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 5 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-5
126 SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_INTERNAL_ERROR);-
127 goto done;
never executed: goto done;
0
128 }-
129-
130 rc = 1;-
131-
132 done:
code before this statement executed 5 times by 2 tests: done:
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
5
133 OPENSSL_free(buf);-
134 BN_CTX_free(ctx);-
135 EVP_MD_CTX_free(hash);-
136 return rc;
executed 5 times by 2 tests: return rc;
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
5
137}-
138-
139static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,-
140 const EC_KEY *key,-
141 const uint8_t *id,-
142 const size_t id_len,-
143 const uint8_t *msg, size_t msg_len)-
144{-
145 EVP_MD_CTX *hash = EVP_MD_CTX_new();-
146 const int md_size = EVP_MD_size(digest);-
147 uint8_t *z = NULL;-
148 BIGNUM *e = NULL;-
149-
150 if (md_size < 0) {
md_size < 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
0-2
151 SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST);-
152 goto done;
never executed: goto done;
0
153 }-
154-
155 z = OPENSSL_zalloc(md_size);-
156 if (hash == NULL || z == NULL) {
hash == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
z == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
0-2
157 SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE);-
158 goto done;
never executed: goto done;
0
159 }-
160-
161 if (!sm2_compute_z_digest(z, digest, id, id_len, key)) {
!sm2_compute_z..., id_len, key)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
0-2
162 /* SM2err already called */-
163 goto done;
never executed: goto done;
0
164 }-
165-
166 if (!EVP_DigestInit(hash, digest)
!EVP_DigestInit(hash, digest)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
0-2
167 || !EVP_DigestUpdate(hash, z, md_size)
!EVP_DigestUpd...h, z, md_size)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
0-2
168 || !EVP_DigestUpdate(hash, msg, msg_len)
!EVP_DigestUpd... msg, msg_len)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
0-2
169 /* reuse z buffer to hold H(Z || M) */-
170 || !EVP_DigestFinal(hash, z, NULL)) {
!EVP_DigestFin... ((void *)0) )Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
0-2
171 SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);-
172 goto done;
never executed: goto done;
0
173 }-
174-
175 e = BN_bin2bn(z, md_size, NULL);-
176 if (e == NULL)
e == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • sm2_internal_test
0-2
177 SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
never executed: ERR_put_error(53,(100),((4|64)),__FILE__,177);
0
178-
179 done:
code before this statement executed 2 times by 1 test: done:
Executed by:
  • sm2_internal_test
2
180 OPENSSL_free(z);-
181 EVP_MD_CTX_free(hash);-
182 return e;
executed 2 times by 1 test: return e;
Executed by:
  • sm2_internal_test
2
183}-
184-
185static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)-
186{-
187 const BIGNUM *dA = EC_KEY_get0_private_key(key);-
188 const EC_GROUP *group = EC_KEY_get0_group(key);-
189 const BIGNUM *order = EC_GROUP_get0_order(group);-
190 ECDSA_SIG *sig = NULL;-
191 EC_POINT *kG = NULL;-
192 BN_CTX *ctx = NULL;-
193 BIGNUM *k = NULL;-
194 BIGNUM *rk = NULL;-
195 BIGNUM *r = NULL;-
196 BIGNUM *s = NULL;-
197 BIGNUM *x1 = NULL;-
198 BIGNUM *tmp = NULL;-
199-
200 kG = EC_POINT_new(group);-
201 ctx = BN_CTX_new();-
202 if (kG == NULL || ctx == NULL) {
kG == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
203 SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);-
204 goto done;
never executed: goto done;
0
205 }-
206-
207 BN_CTX_start(ctx);-
208 k = BN_CTX_get(ctx);-
209 rk = BN_CTX_get(ctx);-
210 x1 = BN_CTX_get(ctx);-
211 tmp = BN_CTX_get(ctx);-
212 if (tmp == NULL) {
tmp == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
213 SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);-
214 goto done;
never executed: goto done;
0
215 }-
216-
217 /*-
218 * These values are returned and so should not be allocated out of the-
219 * context-
220 */-
221 r = BN_new();-
222 s = BN_new();-
223-
224 if (r == NULL || s == NULL) {
r == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
225 SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);-
226 goto done;
never executed: goto done;
0
227 }-
228-
229 for (;;) {-
230 if (!BN_priv_rand_range(k, order)) {
!BN_priv_rand_range(k, order)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
231 SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);-
232 goto done;
never executed: goto done;
0
233 }-
234-
235 if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
!EC_POINT_mul(...id *)0) , ctx)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
236 || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL,
!EC_POINT_get_...id *)0) , ctx)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
237 ctx)
!EC_POINT_get_...id *)0) , ctx)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
238 || !BN_mod_add(r, e, x1, order, ctx)) {
!BN_mod_add(r,...1, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
239 SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);-
240 goto done;
never executed: goto done;
0
241 }-
242-
243 /* try again if r == 0 or r+k == n */-
244 if (BN_is_zero(r))
BN_is_zero(r)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
245 continue;
never executed: continue;
0
246-
247 if (!BN_add(rk, r, k)) {
!BN_add(rk, r, k)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
248 SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);-
249 goto done;
never executed: goto done;
0
250 }-
251-
252 if (BN_cmp(rk, order) == 0)
BN_cmp(rk, order) == 0Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
253 continue;
never executed: continue;
0
254-
255 if (!BN_add(s, dA, BN_value_one())
!BN_add(s, dA, BN_value_one())Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
256 || !ec_group_do_inverse_ord(group, s, s, ctx)
!ec_group_do_i...up, s, s, ctx)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
257 || !BN_mod_mul(tmp, dA, r, order, ctx)
!BN_mod_mul(tm...r, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
258 || !BN_sub(tmp, k, tmp)
!BN_sub(tmp, k, tmp)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
259 || !BN_mod_mul(s, s, tmp, order, ctx)) {
!BN_mod_mul(s,...p, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
260 SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);-
261 goto done;
never executed: goto done;
0
262 }-
263-
264 sig = ECDSA_SIG_new();-
265 if (sig == NULL) {
sig == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
266 SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);-
267 goto done;
never executed: goto done;
0
268 }-
269-
270 /* takes ownership of r and s */-
271 ECDSA_SIG_set0(sig, r, s);-
272 break;
executed 3 times by 2 tests: break;
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
3
273 }-
274-
275 done:
code before this statement executed 3 times by 2 tests: done:
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
3
276 if (sig == NULL) {
sig == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 3 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-3
277 BN_free(r);-
278 BN_free(s);-
279 }
never executed: end of block
0
280-
281 BN_CTX_free(ctx);-
282 EC_POINT_free(kG);-
283 return sig;
executed 3 times by 2 tests: return sig;
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
3
284}-
285-
286static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,-
287 const BIGNUM *e)-
288{-
289 int ret = 0;-
290 const EC_GROUP *group = EC_KEY_get0_group(key);-
291 const BIGNUM *order = EC_GROUP_get0_order(group);-
292 BN_CTX *ctx = NULL;-
293 EC_POINT *pt = NULL;-
294 BIGNUM *t = NULL;-
295 BIGNUM *x1 = NULL;-
296 const BIGNUM *r = NULL;-
297 const BIGNUM *s = NULL;-
298-
299 ctx = BN_CTX_new();-
300 pt = EC_POINT_new(group);-
301 if (ctx == NULL || pt == NULL) {
ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
pt == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
302 SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);-
303 goto done;
never executed: goto done;
0
304 }-
305-
306 BN_CTX_start(ctx);-
307 t = BN_CTX_get(ctx);-
308 x1 = BN_CTX_get(ctx);-
309 if (x1 == NULL) {
x1 == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
310 SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);-
311 goto done;
never executed: goto done;
0
312 }-
313-
314 /*-
315 * B1: verify whether r' in [1,n-1], verification failed if not-
316 * B2: vefify whether s' in [1,n-1], verification failed if not-
317 * B3: set M'~=ZA || M'-
318 * B4: calculate e'=Hv(M'~)-
319 * B5: calculate t = (r' + s') modn, verification failed if t=0-
320 * B6: calculate the point (x1', y1')=[s']G + [t]PA-
321 * B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed-
322 */-
323-
324 ECDSA_SIG_get0(sig, &r, &s);-
325-
326 if (BN_cmp(r, BN_value_one()) < 0
BN_cmp(r, BN_value_one()) < 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
327 || BN_cmp(s, BN_value_one()) < 0
BN_cmp(s, BN_value_one()) < 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
328 || BN_cmp(order, r) <= 0
BN_cmp(order, r) <= 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
329 || BN_cmp(order, s) <= 0) {
BN_cmp(order, s) <= 0Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
330 SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);-
331 goto done;
never executed: goto done;
0
332 }-
333-
334 if (!BN_mod_add(t, r, s, order, ctx)) {
!BN_mod_add(t,...s, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
335 SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);-
336 goto done;
never executed: goto done;
0
337 }-
338-
339 if (BN_is_zero(t)) {
BN_is_zero(t)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
340 SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);-
341 goto done;
never executed: goto done;
0
342 }-
343-
344 if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx)
!EC_POINT_mul(...(key), t, ctx)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
345 || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) {
!EC_POINT_get_...id *)0) , ctx)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
346 SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB);-
347 goto done;
never executed: goto done;
0
348 }-
349-
350 if (!BN_mod_add(t, e, x1, order, ctx)) {
!BN_mod_add(t,...1, order, ctx)Description
TRUEnever evaluated
FALSEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
0-6
351 SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);-
352 goto done;
never executed: goto done;
0
353 }-
354-
355 if (BN_cmp(r, t) == 0)
BN_cmp(r, t) == 0Description
TRUEevaluated 6 times by 2 tests
Evaluated by:
  • libcrypto.so.1.1
  • sm2_internal_test
FALSEnever evaluated
0-6
356 ret = 1;
executed 6 times by 2 tests: ret = 1;
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
6
357-
358 done:
code before this statement executed 6 times by 2 tests: done:
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
6
359 EC_POINT_free(pt);-
360 BN_CTX_free(ctx);-
361 return ret;
executed 6 times by 2 tests: return ret;
Executed by:
  • libcrypto.so.1.1
  • sm2_internal_test
6
362}-
363-
364ECDSA_SIG *sm2_do_sign(const EC_KEY *key,-
365 const EVP_MD *digest,-
366 const uint8_t *id,-
367 const size_t id_len,-
368 const uint8_t *msg, size_t msg_len)-
369{-
370 BIGNUM *e = NULL;-
371 ECDSA_SIG *sig = NULL;-
372-
373 e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);-
374 if (e == NULL) {
e == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • sm2_internal_test
0-1
375 /* SM2err already called */-
376 goto done;
never executed: goto done;
0
377 }-
378-
379 sig = sm2_sig_gen(key, e);-
380-
381 done:
code before this statement executed 1 time by 1 test: done:
Executed by:
  • sm2_internal_test
1
382 BN_free(e);-
383 return sig;
executed 1 time by 1 test: return sig;
Executed by:
  • sm2_internal_test
1
384}-
385-
386int sm2_do_verify(const EC_KEY *key,-
387 const EVP_MD *digest,-
388 const ECDSA_SIG *sig,-
389 const uint8_t *id,-
390 const size_t id_len,-
391 const uint8_t *msg, size_t msg_len)-
392{-
393 BIGNUM *e = NULL;-
394 int ret = 0;-
395-
396 e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);-
397 if (e == NULL) {
e == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 1 time by 1 test
Evaluated by:
  • sm2_internal_test
0-1
398 /* SM2err already called */-
399 goto done;
never executed: goto done;
0
400 }-
401-
402 ret = sm2_sig_verify(key, sig, e);-
403-
404 done:
code before this statement executed 1 time by 1 test: done:
Executed by:
  • sm2_internal_test
1
405 BN_free(e);-
406 return ret;
executed 1 time by 1 test: return ret;
Executed by:
  • sm2_internal_test
1
407}-
408-
409int sm2_sign(const unsigned char *dgst, int dgstlen,-
410 unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)-
411{-
412 BIGNUM *e = NULL;-
413 ECDSA_SIG *s = NULL;-
414 int sigleni;-
415 int ret = -1;-
416-
417 e = BN_bin2bn(dgst, dgstlen, NULL);-
418 if (e == NULL) {
e == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
419 SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB);-
420 goto done;
never executed: goto done;
0
421 }-
422-
423 s = sm2_sig_gen(eckey, e);-
424-
425 sigleni = i2d_ECDSA_SIG(s, &sig);-
426 if (sigleni < 0) {
sigleni < 0Description
TRUEnever evaluated
FALSEevaluated 2 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-2
427 SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);-
428 goto done;
never executed: goto done;
0
429 }-
430 *siglen = (unsigned int)sigleni;-
431-
432 ret = 1;-
433-
434 done:
code before this statement executed 2 times by 1 test: done:
Executed by:
  • libcrypto.so.1.1
2
435 ECDSA_SIG_free(s);-
436 BN_free(e);-
437 return ret;
executed 2 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
2
438}-
439-
440int sm2_verify(const unsigned char *dgst, int dgstlen,-
441 const unsigned char *sig, int sig_len, EC_KEY *eckey)-
442{-
443 ECDSA_SIG *s = NULL;-
444 BIGNUM *e = NULL;-
445 const unsigned char *p = sig;-
446 unsigned char *der = NULL;-
447 int derlen = -1;-
448 int ret = -1;-
449-
450 s = ECDSA_SIG_new();-
451 if (s == NULL) {
s == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5
452 SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE);-
453 goto done;
never executed: goto done;
0
454 }-
455 if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) {
d2i_ECDSA_SIG(...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5
456 SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);-
457 goto done;
never executed: goto done;
0
458 }-
459 /* Ensure signature uses DER and doesn't have trailing garbage */-
460 derlen = i2d_ECDSA_SIG(s, &der);-
461 if (derlen != sig_len || memcmp(sig, der, derlen) != 0) {
derlen != sig_lenDescription
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
memcmp(sig, der, derlen) != 0Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5
462 SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);-
463 goto done;
never executed: goto done;
0
464 }-
465-
466 e = BN_bin2bn(dgst, dgstlen, NULL);-
467 if (e == NULL) {
e == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 5 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
0-5
468 SM2err(SM2_F_SM2_VERIFY, ERR_R_BN_LIB);-
469 goto done;
never executed: goto done;
0
470 }-
471-
472 ret = sm2_sig_verify(eckey, s, e);-
473-
474 done:
code before this statement executed 5 times by 1 test: done:
Executed by:
  • libcrypto.so.1.1
5
475 OPENSSL_free(der);-
476 BN_free(e);-
477 ECDSA_SIG_free(s);-
478 return ret;
executed 5 times by 1 test: return ret;
Executed by:
  • libcrypto.so.1.1
5
479}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2