init: v1.0.0

sm/sm9/hash.go

@@ -0,0 +1,87 @@
+package sm9
+
+import (
+	"math/big"
+
+	"xdx.jelly/xgcl/gmath"
+	"xdx.jelly/xgcl/internal/kdf"
+	"xdx.jelly/xgcl/sm/sm3"
+)
+
+const (
+	macSize    = sm3.Size
+	macKeySize = sm3.Size
+)
+
+func mac(key, msg []byte) []byte {
+	ret := sm3.Sum(msg, key)
+	return ret[:]
+}
+
+// const hlen = 320 / 8
+
+var Kdf = kdf.StdKdf.Kdf
+
+// h are fixed TODO: make it change with params
+func _h(out, n *big.Int, tag byte, z ...[]byte) {
+	ha := make([]byte, 64)
+	s0 := sm3.NewDigest()
+	s1 := sm3.NewDigest()
+
+	_, _ = s0.Write([]byte{tag})
+	for _, w := range z {
+		_, _ = s0.Write(w)
+	}
+	buf := make([]byte, 4)
+	buf[3] = 1
+
+	*s1 = *s0
+	_, _ = s1.Write(buf)
+	d := s1.Sum(nil)
+	copy(ha, d)
+	buf[3] = 2
+
+	_, _ = s0.Write(buf)
+	d = s0.Sum(nil)
+	copy(ha[32:], d)
+
+	out.SetBytes(ha[:40])
+	out.Mod(out, n)
+	out.Add(out, gmath.BigInt1)
+}
+
+// H1 H1函数
+func H1(z ...[]byte) *big.Int {
+	r := new(big.Int)
+	_h(r, nMinusOne, 1, z...)
+	return r
+}
+
+// H2 H2函数
+func H2(z ...[]byte) *big.Int {
+	r := new(big.Int)
+	_h(r, nMinusOne, 2, z...)
+	return r
+}
+
+// ////////////////////////////////////////////// local functions
+// hashToG1 hash id to a point of G1, (px, py) are KGC's master key
+// return (x,y) = H1(id||hid)g1 + BasePoint, BasePoint相当于做一个平移。
+// 可以理解为id在某个KGC下的公钥
+func hashToG1(id []byte, base *G1, hid byte) *G1 {
+	h := H1(id, []byte{hid})
+	g := new(G1).ScalarBaseMult(h)
+	g.Add(g, base)
+	return g
+}
+
+// genKey return a key of length keylen, key = kdf(cx||cy||e(p,q)^k||id)
+// k could be nil, then e(p,q)^k=e(p,q)
+// func genKey(key, id []byte, c, p *G1, q *G2, k *big.Int)[]byte{
+func genKey(key, id []byte, c *G1, w *GT) []byte {
+	_ = Kdf(key,
+		c.Marshal(),
+		w.Marshal(),
+		id)
+	return key
+}