SM9-密钥封装

Posted Pam

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SM9-密钥封装相关的知识,希望对你有一定的参考价值。

算法过程

代码实现

///************************************************************************ 
//  File name:    SM9_Key_encap.c 
//  Version:      SM9_Key_encap_V1.0 
//  Date:         Jan 11,2017 
//  Description:  implementation of SM9 Key encapsulation mechanism 
//                all operations based on BN curve line function 
//  Function List: 
//        1.bytes128_to_ecn2        //convert 128 bytes into ecn2 
//        2.zzn12_ElementPrint      //print all element of struct zzn12 
//        3.LinkCharZzn12           //link two different types(unsigned char and zzn12)to one(unsigned char) 
//        4.Test_Point              //test if the given point is on SM9 curve 
//        5.SM9_H1                  //function H1 in SM9 standard 5.4.2.2 
//        6.SM9_Init                //initiate SM9 curve 
//        7.SM9_GenerateEncryptKey  //generate encrypted private and public key 
//        8.SM9_Key_Encap           //Key encapsulation 
//        9.SM9_Key_Decap           //Key decapsulation 
//        10.SM9_SelfCheck()        //SM9 slef-check 
// 
// Notes: 
//  This SM9 implementation source code can be used for academic, non-profit making or non-commercial use only. 
//  This SM9 implementation is created on MIRACL. SM9 implementation source code provider does not provide MIRACL library, MIRACL license or any permission to use MIRACL library. Any commercial use of MIRACL requires a license which may be obtained from Shamus Software Ltd. 
 
//**************************************************************************/ 
 
#include "SM9_Key_encap.h" 
#include "kdf.h" 
 
 
/**************************************************************** 
  Function:       bytes128_to_ecn2 
  Description:    convert 128 bytes into ecn2 
  Calls:          MIRACL functions 
  Called By:      SM9_Init,SM9_Key_decap 
  Input:          Ppubs[] 
  Output:         ecn2 *res 
  Return:         FALSE: execution error 
                  TRUE: execute correctly 
  Others: 
****************************************************************/ 
BOOL bytes128_to_ecn2(unsigned char Ppubs[],ecn2 *res) 
{ 
    zzn2 x, y; 
    big a,b; 
    ecn2 r; 
    r.x.a=mirvar(0);r.x.b=mirvar(0); 
    r.y.a=mirvar(0);r.y.b=mirvar(0); 
    r.z.a=mirvar(0);r.z.b=mirvar(0); 
    r.marker=MR_EPOINT_INFINITY; 
 
    x.a=mirvar(0);x.b=mirvar(0); 
    y.a=mirvar(0);y.b=mirvar(0); 
    a=mirvar(0);b=mirvar(0); 
 
    bytes_to_big(BNLEN,Ppubs,b); 
    bytes_to_big(BNLEN,Ppubs+BNLEN,a); 
    zzn2_from_bigs(a,b,&x); 
    bytes_to_big(BNLEN,Ppubs+BNLEN*2,b); 
    bytes_to_big(BNLEN,Ppubs+BNLEN*3,a); 
    zzn2_from_bigs(a,b,&y); 
 
  return ecn2_set( &x,&y,res); 
} 
/**************************************************************** 
  Function:       zzn12_ElementPrint 
  Description:    print all elements of struct zzn12 
  Calls:          MIRACL functions 
  Called By:      SM9_Key_encap,SM9_Key_decap 
  Input:          zzn12 x 
  Output:         NULL 
  Return:         NULL 
  Others: 
****************************************************************/ 
void zzn12_ElementPrint(zzn12 x) 
{ 
    big tmp; 
    tmp=mirvar(0); 
 
    redc(x.c.b.b,tmp);cotnum(tmp,stdout); 
    redc(x.c.b.a,tmp);cotnum(tmp,stdout); 
    redc(x.c.a.b,tmp);cotnum(tmp,stdout); 
    redc(x.c.a.a,tmp);cotnum(tmp,stdout); 
    redc(x.b.b.b,tmp);cotnum(tmp,stdout); 
    redc(x.b.b.a,tmp);cotnum(tmp,stdout); 
    redc(x.b.a.b,tmp);cotnum(tmp,stdout); 
    redc(x.b.a.a,tmp);cotnum(tmp,stdout); 
    redc(x.a.b.b,tmp);cotnum(tmp,stdout); 
    redc(x.a.b.a,tmp);cotnum(tmp,stdout); 
    redc(x.a.a.b,tmp);cotnum(tmp,stdout); 
    redc(x.a.a.a,tmp);cotnum(tmp,stdout); 
} 
 
 
/**************************************************************** 
  Function:       LinkCharZzn12 
  Description:    link two different types(unsigned char and zzn12)to one(unsigned char) 
  Calls:          MIRACL functions 
  Called By:      SM9_Key_encap,SM9_Key_decap 
  Input:          message: 
                  len:    length of message 
                  w:      zzn12 element 
  Output:         Z:      the characters array stored message and w 
                  Zlen:   length of Z 
  Return:         NULL 
  Others: 
****************************************************************/ 
void LinkCharZzn12(unsigned char *message,int len,zzn12 w,unsigned char *Z,int Zlen) 
     { 
       big tmp; 
 
       tmp=mirvar(0); 
 
       memcpy(Z,message,len); 
       redc(w.c.b.b,tmp);big_to_bytes(BNLEN,tmp,Z+len,1); 
       redc(w.c.b.a,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN,1); 
       redc(w.c.a.b,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*2,1); 
       redc(w.c.a.a,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*3,1); 
       redc(w.b.b.b,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*4,1); 
       redc(w.b.b.a,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*5,1); 
       redc(w.b.a.b,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*6,1); 
       redc(w.b.a.a,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*7,1); 
       redc(w.a.b.b,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*8,1); 
       redc(w.a.b.a,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*9,1); 
       redc(w.a.a.b,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*10,1); 
       redc(w.a.a.a,tmp);big_to_bytes(BNLEN,tmp,Z+len+BNLEN*11,1); 
     } 
 
/**************************************************************** 
  Function:       Test_Point 
  Description:    test if the given point is on SM9 curve 
  Calls:          MIRACL functions 
  Called By:      SM9_Key_decap 
  Input:          point 
  Output:         null 
  Return:         0: success 
                  1: not a valid point on curve 
  Others: 
****************************************************************/ 
int Test_Point(epoint* point) 
{ 
    big x,y,x_3,tmp; 
    epoint *buf; 
 
    x=mirvar(0); y=mirvar(0); 
    x_3=mirvar(0); 
    tmp=mirvar(0); 
    buf=epoint_init(); 
 
    //test if y^2=x^3+b 
    epoint_get(point,x,y); 
    power (x, 3, para_q, x_3);     //x_3=x^3 mod p 
    multiply (x, para_a,x); 
    divide (x, para_q, tmp); 
    add(x_3,x,x);                  //x=x^3+ax+b 
    add(x,para_b,x); 
    divide(x,para_q,tmp);          //x=x^3+ax+b mod p 
    power (y, 2,para_q, y);        //y=y^2 mod p 
    if(mr_compare(x,y)!=0) 
        return 1; 
 
    //test infinity 
    ecurve_mult(N,point,buf); 
    if(point_at_infinity(buf)==FALSE) 
        return 1; 
 
    return 0; 
} 
 
 
/**************************************************************** 
  Function:       SM9_H1 
  Description:    function H1 in SM9 standard 5.4.2.2 
  Calls:          MIRACL functions,SM3_KDF 
  Called By:      SM9_GenerateEncryptKey,SM9_Key_encap 
  Input:          Z: 
                  Zlen:the length of Z 
                  n:Frobniues constant X 
  Output:         h1=H1(Z,Zlen) 
  Return:         0: success; 
                  1: asking for memory error 
  Others: 
****************************************************************/ 
int SM9_H1(unsigned char Z[],int Zlen,big n,big h1) 
{ 
     int hlen,i,ZHlen; 
     big hh,i256,tmp,n1; 
     unsigned char *ZH=NULL,*ha=NULL; 
 
     hh=mirvar(0);i256=mirvar(0); 
     tmp=mirvar(0);n1=mirvar(0); 
     convert(1,i256); 
     ZHlen=Zlen+1; 
 
     hlen=(int)ceil((5.0*logb2(n))/32.0); 
     decr(n,1,n1); 
     ZH=(char *)malloc(sizeof(char)*(ZHlen+1)); 
     if(ZH==NULL) return SM9_ASK_MEMORY_ERR; 
     memcpy(ZH+1,Z,Zlen); 
     ZH[0]=0x01; 
     ha=(char *)malloc(sizeof(char)*(hlen+1)); 
     if(ha==NULL) return SM9_ASK_MEMORY_ERR; 
     SM3_KDF(ZH,ZHlen,hlen,ha); 
 
  for(i=hlen-1;i>=0;i--)//key[从大到小] 
  { 
		premult(i256,ha[i],tmp); 
        add(hh,tmp,hh); 
        premult(i256,256,i256); 
        divide(i256,n1,tmp); 
        divide(hh,n1,tmp); 
  } 
    incr(hh,1,h1); 
    free(ZH);free(ha); 
    return 0; 
} 
 
 
/**************************************************************** 
  Function:       SM9_Init 
  Description:    Initiate SM9 curve 
  Calls:          MIRACL functions 
  Called By:      SM9_SelfCheck 
  Input:          null 
  Output:         null 
  Return:         0: success; 
                  5: base point P1 error 
                  6: base point P2 error 
  Others: 
****************************************************************/ 
int SM9_Init() 
{ 
    big P1_x, P1_y; 
 
    para_q=mirvar(0);N=mirvar(0); 
    P1_x=mirvar(0);  P1_y=mirvar(0); 
    para_a=mirvar(0); 
    para_b=mirvar(0);para_t=mirvar(0); 
    X.a=mirvar(0);  X.b=mirvar(0); 
    P2.x.a=mirvar(0);P2.x.b=mirvar(0); 
    P2.y.a=mirvar(0);P2.y.b=mirvar(0); 
    P2.z.a=mirvar(0);P2.z.b=mirvar(0); 
    P2.marker=MR_EPOINT_INFINITY; 
 
    P1=epoint_init(); 
    bytes_to_big(BNLEN,SM9_q,para_q); 
    bytes_to_big(BNLEN,SM9_P1x,P1_x); 
    bytes_to_big(BNLEN,SM9_P1y,P1_y); 
    bytes_to_big(BNLEN,SM9_a,para_a); 
    bytes_to_big(BNLEN,SM9_b,para_b); 
    bytes_to_big(BNLEN,SM9_N,N); 
    bytes_to_big(BNLEN,SM9_t,para_t); 
 
    mip->TWIST=MR_SEXTIC_M; 
    ecurve_init(para_a,para_b,para_q,MR_PROJECTIVE);  //Initialises GF(q) elliptic curve 
                                       //MR_PROJECTIVE specifying  projective coordinates 
 
    if(!epoint_set(P1_x,P1_y,0,P1)) return SM9_G1BASEPOINT_SET_ERR; 
 
 
    if(!(bytes128_to_ecn2(SM9_P2,&P2)))   return SM9_G2BASEPOINT_SET_ERR; 
    set_frobenius_constant(&X); 
 
    return 0; 
} 
 
/*************************************************************** 
  Function:       SM9_GenerateEncryptKey 
  Description:    Generate encryption keys(public key and private key) 
  Calls:          MIRACL functions,SM9_H1,xgcd 
  Called By:      SM9_SelfCheck 
  Input:          hid:0x02 
                  ID:identification 
                  IDlen:the length of ID 
                  ke:master private key used to generate encryption public key and private key 
  Output:         Ppubs:encryption public key 
                  deB: encryption private key 
  Return:         0: success; 
                  1: asking for memory error 
  Others: 
****************************************************************/ 
int SM9_GenerateEncryptKey(unsigned char hid[],unsigned char *ID,int IDlen,big ke,unsigned char Ppubs[],unsigned char deB[]) 
{ 
   big h1,t1,t2,rem,xPpub,yPpub,tmp; 
   unsigned char *Z=NULL; 
   int Zlen=IDlen+1,buf; 
   ecn2 dEB; 
   epoint *Ppub; 
 
   h1=mirvar(0);t1=mirvar(0); 
   t2=mirvar(0);rem=mirvar(0);tmp=mirvar(0); 
   xPpub=mirvar(0);yPpub=mirvar(0); 
   Ppub=epoint_init(); 
   dEB.x.a=mirvar(0);dEB.x.b=mirvar(0);dEB.y.a=mirvar(0);dEB.y.b=mirvar(0); 
   dEB.z.a=mirvar(0);dEB.z.b=mirvar(0);dEB.marker=MR_EPOINT_INFINITY; 
 
   Z=(char *)malloc(sizeof(char)*(Zlen+1)); 
   memcpy(Z,ID,IDlen); 
   memcpy(Z+IDlen,hid,1); 
 
   buf=SM9_H1(Z,Zlen,N,h1); 
   if(buf!=0)    return buf; 
   add(h1,ke,t1);//t1=H1(IDA||hid,N)+ks 
   xgcd(t1,N,t1,t1,t1);//t1=t1(-1) 
   multiply(ke,t1,t2); divide(t2,N,rem);//t2=ks*t1(-1) 
 
   //Ppub=[ke]P2 
   ecurve_mult(ke,P1,Ppub); 
 
   //deB=[t2]P2 
   ecn2_copy(&P2,&dEB); 
   ecn2_mul(t2,&dEB); 
 
   epoint_get(Ppub,xPpub,yPpub); 
   big_to_bytes(BNLEN,xPpub,Ppubs,1); 
   big_to_bytes(BNLEN,yPpub,Ppubs+BNLEN,1); 
 
   redc(dEB.x.b,tmp);big_to_bytes(BNLEN,tmp,deB,1); 
   redc(dEB.x.a,tmp);big_to_bytes(BNLEN,tmp,deB+BNLEN,1); 
   redc(dEB.y.b,tmp);big_to_bytes(BNLEN,tmp,deB+BNLEN*2,1); 
   redc(dEB.y.a,tmp);big_to_bytes(BNLEN,tmp,deB+BNLEN*3,1); 
 
   free(Z); 
   return 0; 
} 
 
 
/**************************************************************** 
  Function:       SM9_Key_encap 
  Description:    Key encapsulation 
  Calls:          MIRACL functions,zzn12_init,ecap,member,zzn12_pow,SM9_H1, 
                  SM3_KDF,LinkCharZzn12,zzn12_ElementPrint, 
  Called By:      SM9_SelfCheck() 
  Input: 
                  hid:0x03 
                  IDB        //identification of userB 
                  rand       //a random number K lies in [1,N-1] 
                  Ppubs      //encryption public key 
  Output: 
                  C          //cipher 
                  K          //Key 
  Return: 
                  0: success 
                  1: asking for memory error 
                  2: a zzn12 element is of order 
                  3: R-ate pairing generated error 
                  9: K equals 0 
  Others: 
****************************************************************/ 
int SM9_Key_encap(unsigned char hid[],unsigned char *IDB,unsigned char rand[], unsigned char Ppub[],unsigned char C[],unsigned char K[],int Klen) 
{ 
     big h,x,y,r; 
     epoint *Ppube,*QB,*Cipher; 
     unsigned char *Z=NULL; 
     int Zlen,buf,i,num=0; 
     zzn12 g,w; 
 
     //initiate 
     h=mirvar(0);r=mirvar(0);x=mirvar(0);y=mirvar(0); 
     QB=epoint_init();Ppube=epoint_init();Cipher=epoint_init(); 
     zzn12_init(&g);zzn12_init(&w); 
 
     bytes_to_big(BNLEN,Ppub,x); 
     bytes_to_big(BNLEN,Ppub+BNLEN,y); 
     epoint_set(x,y,0,Ppube); 
 
     //----------Step1:calculate QB=[H1(IDB||hid,N)]P1+Ppube---------- 
     Zlen=strlen(IDB)+1; 
     Z=(char *)malloc(sizeof(char)*(Zlen+1)); 
     if(Z==NULL) return SM9_ASK_MEMORY_ERR; 
     memcpy(Z,IDB,strlen(IDB)); 
     memcpy(Z+strlen(IDB),hid,1); 
     buf=SM9_H1(Z,Zlen,N,h); 
     free(Z); 
     if(buf) return buf; 
     printf("\\n\\t**************** H1(IDB||hid,N) ****************\\n"); 
     cotnum(h,stdout); 
 
     ecurve_mult(h,P1,QB); 
     ecurve_add(Ppube,QB); 
     printf("\\t***********QB:=[H1(IDB||hid,N)]P1+Ppube*********\\n"); 
     epoint_get(QB,x,y); 
     cotnum(x,stdout);cotnum(y,stdout); 
 
     //-------------------- Step2:randnom ------------------- 
     bytes_to_big(BNLEN,rand,r); 
     printf("\\t***************randnum r: **********************\\n"); 
     cotnum(r,stdout); 
 
     //----------------Step3:C=[r]QB------------------------ 
     ecurve_mult(r,QB,Cipher); 
     epoint_get(Cipher,x,y); 
     printf("\\t*************** C=[r]QB: **********************\\n"); 
     cotnum(x,stdout);cotnum(y,stdout); 
     big_to_bytes(BNLEN,x,C,1);big_to_bytes(BNLEN,y,C+BNLEN,1); 
 
     //----------------Step4:g=e(Ppube,P2)------------------------ 
     if(!ecap(P2, Ppube, para_t, X, &g)) return SM9_MY_ECAP_12A_ERR; 
     //test if a ZZn12 element is of order q 
     if(!member(g, para_t, X)) return SM9_MEMBER_ERR; 
 
     printf("\\t***************g=e(Ppube,P2):********************\\n"); 
     zzn12_ElementPrint(g); 
 
     //----------------Step5:w=g^r------------------------ 
     w=zzn12_pow(g,r); 
     printf("\\t***************** w=g^r:*************************\\n"); 
     zzn12_ElementPrint(w); 
 
     //----------------Step6:K=KDF(C||w||IDB,klen)------------------------ 
     Zlen=strlen(IDB)+BNLEN*14; 
     Z=(char *)malloc(sizeof(char)*(Zlen+1)); 
     if(Z==NULL) return SM9_ASK_MEMORY_ERR; 
     LinkCharZzn12(C,BNLEN*2, w,Z,BNLEN*14); 
     memcpy(Z+BNLEN*14,IDB,strlen(IDB)); 
 
     SM3_KDF(Z,Zlen,Klen,K); 
     free(Z); 
     //----------------test if K equals 0------------------------ 
     printf("\\t*********** K=KDF(C||w||IDB,klen):***************\\n"); 
     for(i=0;i<Klen;i++) 
     { 
         if(K[i]==0) num+=1; 
         printf("%02x",K[i]); 
     } 
     if(num==Klen) return SM9_ERR_K1_ZERO; 
 
     return 0; 
} 
 
/**************************************************************** 
  Function:       SM9_Key_decap 
  Description:    Key decapsulation 
  Calls:          MIRACL functions,zzn12_init,ecap,member,Test_Point, 
                  zzn12_ElementPrint,SM3_KDF,bytes128_to_ecn2,LinkCharZzn12 
  Called By:      SM9_SelfCheck() 
  Input: 
                  hid:0x03 
                  IDB        //identification of userB 
                  rand       //a random number K lies in [1,N-1] 
                  Ppubs      //encryption public key 
  Output: 
                  C          //cipher 
                  K          //Key 
  Return: 
                  0: success 
                  1: asking for memory error 
                  2: a zzn12 element is of order 
                  3: R-ate pairing generated error 
                  4: C is not valid element of G1 
                  9: K equals 0 
  Others: 
****************************************************************/ 
int SM9_Key_decap(unsigned char *IDB,unsigned char deB[],unsigned char C[],int Klen,unsigned char K[]) 
{ 
     big h,x,y; 
     epoint *Cipher; 
     unsigned char *Z=NULL; 
     int Zlen,i,num=0; 
     zzn12 w; 
     ecn2 dEB; 
 
     //initiate 
     h=mirvar(0);x=mirvar(0);y=mirvar(0); 
     Cipher=epoint_init(); 
     zzn12_init(&w); 
     dEB.x.a=mirvar(0); dEB.x.b=mirvar(0);dEB.y.a=mirvar(0);dEB.y.b=mirvar(0); 
     dEB.z.a=mirvar(0); dEB.z.b=mirvar(0);dEB.marker=MR_EPOINT_INFINITY; 
 
     bytes_to_big(BNLEN,C,x); 
     bytes_to_big(BNLEN,C+BNLEN,y); 
     epoint_set(x,y,0,Cipher); 
     bytes128_to_ecn2(deB,&dEB); 
 
     //----------Step1:test if C is on G1----------------- 
     if(Test_Point(Cipher)) return SM9_NOT_VALID_G1; 
 
     //----------Step2:calculate w=e(C,deB)----------------- 
     if(!ecap(dEB, Cipher, para_t, X, &w)) return SM9_MY_ECAP_12A_ERR; 
     //test if a ZZn12 element is of order q 
     if(!member(w, para_t, X)) return SM9_MEMBER_ERR; 
 
     printf("\\n\\t***************w=e(C,deB):********************\\n"); 
     zzn12_ElementPrint(w); 
 
     //----------Step3:K=KDF(C||w\'||IDB,klen)------------------------ 
     Zlen=strlen(IDB)+BNLEN*14; 
     Z=(char *)malloc(sizeof(char)*(Zlen+1)); 
     if(Z==NULL) return SM9_ASK_MEMORY_ERR; 
     LinkCharZzn12(C,BNLEN*2, w,Z,BNLEN*14); 
     memcpy(Z+BNLEN*14,IDB,strlen(IDB)); 
     SM3_KDF(Z,Zlen,Klen,K); 
 
     //----------------test if K equals 0------------------------ 
     printf("\\t*********** K=KDF(C||w||IDB,klen):***************\\n"); 
     for(i=0;i<Klen;i++) 
     { 
         if(K[i]==0) num+=1; 
         printf("%02x",K[i]); 
     } 
	 printf("\\n");
     if(num==Klen) return SM9_ERR_K1_ZERO; 
 
     free(Z); 
     return 0; 
} 
 
/**************************************************************** 
  Function:       SM9_SelfCheck 
  Description:    SM9 self check 
  Calls:          MIRACL functions,SM9_Init(),SM9_GenerateEncryptKey(),SM9_Key_encap, 
                  SM9_Key_decap 
  Called By: 
  Input: 
  Output: 
  Return:         0: self-check success 
                  1: asking for memory error 
                  2: element is out of order q 
                  3: R-ate calculation error 
                  4: test if C is on G1 
                  5: base point P1 error 
                  6: base point P2 error 
                  7: Encryption public key generated error 
                  8: Encryption private key generated error 
                  9: K equals 0 
                  A: cipher error in key encapsulation 
                  B: key to be encapsulated 
                  C: key generated by decapsulation 
  Others: 
****************************************************************/ 
int SM9_SelfCheck() 
{ 
    //the master private key 
    unsigned char KE[32] = 
{0x00,0x01,0xED,0xEE,0x37,0x78,0xF4,0x41,0xF8,0xDE,0xA3,0xD9,0xFA,0x0A,0xCC,0x4E, 
0x07,0xEE,0x36,0xC9,0x3F,0x9A,0x08,0x61,0x8A,0xF4,0xAD,0x85,0xCE,0xDE,0x1C,0x22}; 
 
    unsigned char rand[32]={0x00,0x00,0x74,0x01,0x5F,0x84,0x89,0xC0,0x1E,0xF4,0x27,0x04,0x56,0xF9,0xE6,0x47, 
 0x5B,0xFB,0x60,0x2B,0xDE,0x7F,0x33,0xFD,0x48,0x2A,0xB4,0xE3,0x68,0x4A,0x67,0x22}; 
    //standard datas 
    unsigned char std_Ppub[64]= 
{0x78,0x7E,0xD7,0xB8,0xA5,0x1F,0x3A,0xB8,0x4E,0x0A,0x66,0x00,0x3F,0x32,0xDA,0x5C, 
     0x72,0x0B,0x17,0xEC,0xA7,0x13,0x7D,0x39,0xAB,0xC6,0x6E,0x3C,0x80,0xA8,0x92,0xFF, 
     0x76,0x9D,0xE6,0x17,0x91,0xE5,0xAD,0xC4,0xB9,0xFF,0x85,0xA3,0x13,0x54,0x90,0x0B, 
     0x20,0x28,0x71,0x27,0x9A,0x8C,0x49,0xDC,0x3F,0x22,0x0F,0x64,0x4C,0x57,0xA7,0xB1}; 
    unsigned char std_deB[128]= 
{0x94,0x73,0x6A,0xCD,0x2C,0x8C,0x87,0x96,0xCC,0x47,0x85,0xE9,0x38,0x30,0x1A,0x13, 
     0x9A,0x05,0x9D,0x35,0x37,0xB6,0x41,0x41,0x40,0xB2,0xD3,0x1E,0xEC,0xF4,0x16,0x83, 
     0x11,0x5B,0xAE,0x85,0xF5,0xD8,0xBC,0x6C,0x3D,0xBD,0x9E,0x53,0x42,0x97,0x9A,0xCC, 
     0xCF,0x3C,0x2F,0x4F,0x28,0x42,0x0B,0x1C,0xB4,0xF8,0xC0,0xB5,0x9A,0x19,0xB1,0x58, 
     0x7A,0xA5,0xE4,0x75,0x70,0xDA,0x76,0x00,0xCD,0x76,0x0A,0x0C,0xF7,0xBE,0xAF,0x71, 
     0xC4,0x47,0xF3,0x84,0x47,0x53,0xFE,0x74,0xFA,0x7B,0xA9,0x2C,0xA7,0xD3,0xB5,0x5F, 
     0x27,0x53,0x8A,0x62,0xE7,0xF7,0xBF,0xB5,0x1D,0xCE,0x08,0x70,0x47,0x96,0xD9,0x4C, 
     0x9D,0x56,0x73,0x4F,0x11,0x9E,0xA4,0x47,0x32,0xB5,0x0E,0x31,0xCD,0xEB,0x75,0xC1}; 
    unsigned char std_K[64] =  
{0x4F,0xF5,0xCF,0x86,0xD2,0xAD,0x40,0xC8,0xF4,0xBA,0xC9,0x8D,0x76,0xAB,0xDB,0xDE, 
    0x0C,0x0E,0x2F,0x0A,0x82,0x9D,0x3F,0x91,0x1E,0xF5,0xB2,0xBC,0xE0,0x69,0x54,0x80}; 
    unsigned char std_C[64] =  
{0x1E,0xDE,0xE2,0xC3,0xF4,0x65,0x91,0x44,0x91,0xDE,0x44,0xCE,0xFB,0x2C,0xB4,0x34, 
    0xAB,0x02,0xC3,0x08,0xD9,0xDC,0x5E,0x20,0x67,0xB4,0xFE,0xD5,0xAA,0xAC,0x8A,0x0F, 
    0x1C,0x9B,0x4C,0x43,0x5E,0xCA,0x35,0xAB,0x83,0xBB,0x73,0x41,0x74,0xC0,0xF7,0x8F, 
    0xDE,0x81,0xA5,0x33,0x74,0xAF,0xF3,0xB3,0x60,0x2B,0xBC,0x5E,0x37,0xBE,0x9A,0x4C}; 
 
    unsigned char hid[]={0x03},*IDB="Bob"; 
    unsigned char Ppub[64],deB[128],C[64],K[32],K_decap[32]; 
    big ke; 
    int tmp,i; 
    int Klen=32; 
 
    mip=mirsys(1000, 16); 
    mip->IOBASE=16; 
    ke=mirvar(0); 
    bytes_to_big(32,KE,ke); 
 
    tmp=SM9_Init(); 
    if(tmp!=0) return tmp; 
 
    printf("\\n***********************  SM9 密钥产生    ***************************"); 
    tmp=SM9_GenerateEncryptKey(hid,IDB,strlen(IDB),ke,Ppub,deB); 
    if(tmp!=0)  return tmp; 
    if(memcmp(Ppub,std_Ppub,64)!=0) 
        return SM9_GEPUB_ERR; 
    if(memcmp(deB,std_deB,128)!=0) 
        return SM9_GEPRI_ERR; 
 
    printf("\\n\\t**************主加密私钥 Ppubs=[ke]P1:*****************\\n"); 
    for(i=0;i<64;i++) 
    {if(i==32) printf("\\n"); 
      printf("%02x",Ppub[i]);} 
    printf("\\n\\t******用户加密私钥 deB = (xdeB, ydeB):*************\\n"); 
    for(i=0;i<128;i++) 
    {   if(i==64) printf("\\n"); 
        printf("%02x",deB[i]);} 
 
    printf("\\n\\n///////////////////SM9密钥封装机制//////////////////////"); 
    tmp=SM9_Key_encap( hid,IDB,rand, Ppub, C, K,Klen); 
    if(tmp!=0) return tmp; 
 
    if(memcmp(C,std_C,64)!=0) 
		return SM9_ERR_Encap_C; 
    if(memcmp(K,std_K,Klen)!=0) 
		return SM9_ERR_Encap_K; 
 
    printf("\\n\\n///////////////////SM9密钥解封装机制//////////////////////"); 
    tmp=SM9_Key_decap(IDB, deB, C,Klen,K_decap); 
    if(tmp!=0) return tmp; 
 
    if(memcmp(K_decap,std_K,32)!=0) 
		 return SM9_ERR_Decap_K; 
 
    return 0; 
} 
 
 

完整代码见github

参考

1、国标—SM9-密钥封装

2、密码学-基础理论与应用(李子臣著)

3、商用密码检测中心-源码下载

以上是关于SM9-密钥封装的主要内容,如果未能解决你的问题,请参考以下文章

区块链与密码学第6-7讲:SM9数字签名算法

SM9-签名

VSCode自定义代码片段14——Vue的axios网络请求封装

VSCode自定义代码片段14——Vue的axios网络请求封装

VSCode自定义代码片段14——Vue的axios网络请求封装

信息安全工程师笔记-综合知识冲刺