Tencent · johnshajiang · Dec 25, 2024 · Dec 25, 2024
diff --git a/kona-crypto/src/main/jni/include/kona/kona_sm2.h b/kona-crypto/src/main/jni/include/kona/kona_sm2.h
@@ -54,12 +54,12 @@ const EC_GROUP* sm2_group();
 
 BIGNUM* sm2_pri_key(const uint8_t* pri_key_bytes);
 EC_POINT* sm2_pub_key(const uint8_t* pub_key_bytes, size_t pub_key_len);
-int sm2_validate_point(EC_POINT *point);
 
 EVP_PKEY* sm2_load_pub_key(const uint8_t* pub_key, size_t pub_key_len);
 EVP_PKEY* sm2_load_key_pair(const uint8_t* pri_key, const uint8_t* pub_key);
 int sm2_gen_pub_key(const uint8_t* pri_key, uint8_t* pub_key);
 EVP_PKEY_CTX* sm2_create_pkey_ctx(EVP_PKEY* pkey);
+int sm2_validate_point(EC_POINT *point);
 
 int sm2_gen_key_pair(EVP_PKEY_CTX* ctx, uint8_t* key_pair, size_t* key_pair_len);
 

diff --git a/kona-crypto/src/main/jni/include/kona/kona_sm3.h b/kona-crypto/src/main/jni/include/kona/kona_sm3.h
@@ -17,8 +17,12 @@
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
+#include <openssl/evp.h>
+
+#include "kona/kona_common.h"
+
 EVP_MD_CTX* sm3_create_ctx();
-int sm3_reset(EVP_MD_CTX*);
+int sm3_reset(EVP_MD_CTX* ctx);
 
-EVP_MAC_CTX* sm3hmac_create_ctx(EVP_MAC*, const uint8_t*, size_t);
-int sm3hmac_reset(EVP_MAC_CTX*);
+EVP_MAC_CTX* sm3hmac_create_ctx(EVP_MAC* mac, const uint8_t* key, size_t key_len);
+int sm3hmac_reset(EVP_MAC_CTX* ctx);
diff --git a/kona-crypto/src/main/jni/kona_sm2_common.c b/kona-crypto/src/main/jni/kona_sm2_common.c
@@ -17,9 +17,6 @@
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <stdlib.h>
-#include <string.h>
-
 #include <jni.h>
 
 #include <openssl/core_names.h>
@@ -204,25 +201,28 @@ EVP_PKEY* sm2_load_pub_key(const uint8_t* pub_key, size_t pub_key_len) {
     EVP_PKEY_CTX* key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL);
     if (key_ctx == NULL) {
         OPENSSL_print_err();
+
         return NULL;
     }
 
     if (!EVP_PKEY_fromdata_init(key_ctx)) {
         OPENSSL_print_err();
         EVP_PKEY_CTX_free(key_ctx);
+
         return NULL;
     }
 
     OSSL_PARAM params[] = {
-        OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0),
-        OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, (void*)pub_key, pub_key_len),
-        OSSL_PARAM_construct_end()
+            OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0),
+            OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, (void*)pub_key, pub_key_len),
+            OSSL_PARAM_construct_end()
     };
 
     EVP_PKEY* pkey = NULL;
     if (!EVP_PKEY_fromdata(key_ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params)) {
         OPENSSL_print_err();
         EVP_PKEY_CTX_free(key_ctx);
+
         return NULL;
     }
 
@@ -305,7 +305,7 @@ EVP_PKEY* sm2_load_key_pair(const uint8_t* pri_key, const uint8_t* pub_key) {
 
     BN_free(pri_key_bn);
     EC_POINT_free(pub_point);
-    ec_key = NULL; // ec_key cannot be freed due pkey is using it.
+    ec_key = NULL; // ec_key cannot be freed due to pkey is using it.
 
     return pkey;
 }
@@ -319,40 +319,46 @@ int sm2_gen_pub_key(const uint8_t* pri_key, uint8_t* pub_key) {
     BIGNUM* bn_pri_key = BN_bin2bn(pri_key, SM2_PRI_KEY_LEN, NULL);
     if (bn_pri_key == NULL) {
         EC_KEY_free(ec_key);
+
         return OPENSSL_FAILURE;
     }
 
     if (!EC_KEY_set_private_key(ec_key, bn_pri_key)) {
         EC_KEY_free(ec_key);
         BN_free(bn_pri_key);
+
         return OPENSSL_FAILURE;
     }
 
     const EC_GROUP* group = EC_KEY_get0_group(ec_key);
     if (group == NULL) {
         EC_KEY_free(ec_key);
         BN_free(bn_pri_key);
+
         return OPENSSL_FAILURE;
     }
 
     EC_POINT* pub_point = EC_POINT_new(group);
     if (pub_point == NULL) {
         EC_KEY_free(ec_key);
         BN_free(bn_pri_key);
+
         return OPENSSL_FAILURE;
     }
 
     if (!EC_POINT_mul(group, pub_point, bn_pri_key, NULL, NULL, NULL)) {
         EC_KEY_free(ec_key);
         BN_free(bn_pri_key);
         EC_POINT_free(pub_point);
+
         return OPENSSL_FAILURE;
     }
 
     if (!EC_KEY_set_public_key(ec_key, pub_point)) {
         EC_KEY_free(ec_key);
         BN_free(bn_pri_key);
         EC_POINT_free(pub_point);
+
         return OPENSSL_FAILURE;
     }
 
@@ -361,6 +367,7 @@ int sm2_gen_pub_key(const uint8_t* pri_key, uint8_t* pub_key) {
         EC_KEY_free(ec_key);
         BN_free(bn_pri_key);
         EC_POINT_free(pub_point);
+
         return OPENSSL_FAILURE;
     }
 
@@ -370,6 +377,7 @@ int sm2_gen_pub_key(const uint8_t* pri_key, uint8_t* pub_key) {
         BN_free(bn_pri_key);
         EC_POINT_free(pub_point);
         BN_CTX_free(bn_ctx);
+
         return OPENSSL_FAILURE;
     }
 
@@ -378,6 +386,7 @@ int sm2_gen_pub_key(const uint8_t* pri_key, uint8_t* pub_key) {
         BN_free(bn_pri_key);
         EC_POINT_free(pub_point);
         BN_CTX_free(bn_ctx);
+
         return OPENSSL_FAILURE;
     }
 
@@ -400,6 +409,7 @@ EVP_PKEY_CTX* sm2_create_pkey_ctx(EVP_PKEY* pkey) {
 
     if (ctx == NULL) {
         OPENSSL_print_err();
+
         return NULL;
     }
 

diff --git a/kona-crypto/src/main/jni/kona_sm2_keyagreement.c b/kona-crypto/src/main/jni/kona_sm2_keyagreement.c
@@ -17,7 +17,6 @@
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <stdlib.h>
 #include <string.h>
 #include <stdbool.h>
 #include <math.h>
@@ -37,12 +36,14 @@ SM2_KEYEX_CTX* sm2_create_keyex_ctx() {
     EVP_MD_CTX* sm3_ctx = sm3_create_ctx();
     if (sm3_ctx == NULL) {
         OPENSSL_print_err();
+
         return NULL;
     }
 
     BN_CTX* bn_ctx = BN_CTX_new();
     if (bn_ctx == NULL) {
         OPENSSL_print_err();
+
         return NULL;
     }
 
@@ -66,8 +67,8 @@ void sm2_free_keyex_ctx(SM2_KEYEX_CTX* ctx) {
 }
 
 int z(uint8_t* out, SM2_KEYEX_CTX* ctx,
-       const uint8_t* id, const size_t id_len,
-       const EC_GROUP* group, const EC_POINT* point) {
+      const uint8_t* id, const size_t id_len,
+      const EC_GROUP* group, const EC_POINT* point) {
     const SM2_ID* default_id = sm2_id();
     const SM2_CURVE* curve = sm2_curve();
 
@@ -102,6 +103,7 @@ int z(uint8_t* out, SM2_KEYEX_CTX* ctx,
 
         BN_free(x_bn);
         BN_free(y_bn);
+
         return OPENSSL_FAILURE;
     }
 
@@ -380,10 +382,10 @@ JNIEXPORT void JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeCr
 }
 
 JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_NativeCrypto_sm2DeriveKey
-  (JNIEnv* env, jobject thisObj, jlong pointer,
-   jbyteArray priKey, jbyteArray pubKey, jbyteArray ePriKey, jbyteArray id,
-   jbyteArray peerPubKey, jbyteArray peerEPubKey, jbyteArray peerId,
-   jboolean isInitiator, jint sharedKeyLength) {
+ (JNIEnv* env, jobject thisObj, jlong pointer,
+         jbyteArray priKey, jbyteArray pubKey, jbyteArray ePriKey, jbyteArray id,
+         jbyteArray peerPubKey, jbyteArray peerEPubKey, jbyteArray peerId,
+         jboolean isInitiator, jint sharedKeyLength) {
     SM2_KEYEX_CTX* ctx = (SM2_KEYEX_CTX*)pointer;
     if (ctx == NULL) {
         return NULL;

diff --git a/kona-crypto/src/main/jni/kona_sm2_keypair.c b/kona-crypto/src/main/jni/kona_sm2_keypair.c
@@ -17,8 +17,6 @@
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <stdbool.h>
-#include <stdlib.h>
 #include <string.h>
 
 #include <jni.h>
@@ -46,6 +44,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_Na
     if (group == NULL) {
         OPENSSL_print_err();
         (*env)->ReleaseByteArrayElements(env, compPubKey, comp_pub_key_bytes, JNI_ABORT);
+
         return NULL;
     }
 
@@ -54,6 +53,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_Na
         OPENSSL_print_err();
         (*env)->ReleaseByteArrayElements(env, compPubKey, comp_pub_key_bytes, JNI_ABORT);
         EC_GROUP_free(group);
+
         return NULL;
     }
 
@@ -63,6 +63,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_Na
         (*env)->ReleaseByteArrayElements(env, compPubKey, comp_pub_key_bytes, JNI_ABORT);
         EC_GROUP_free(group);
         EC_POINT_free(point);
+
         return NULL;
     }
 
@@ -74,6 +75,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_Na
         (*env)->ReleaseByteArrayElements(env, compPubKey, comp_pub_key_bytes, JNI_ABORT);
         EC_GROUP_free(group);
         EC_POINT_free(point);
+
         return NULL;
     }
 
@@ -104,6 +106,7 @@ JNIEXPORT jbyteArray JNICALL Java_com_tencent_kona_crypto_provider_nativeImpl_Na
     uint8_t pub_key_buf[SM2_PUB_KEY_LEN];
     if (!sm2_gen_pub_key((const uint8_t*)pri_key_bytes, pub_key_buf)) {
         (*env)->ReleaseByteArrayElements(env, priKey, pri_key_bytes, JNI_ABORT);
+
         return NULL;
     }
     (*env)->ReleaseByteArrayElements(env, priKey, pri_key_bytes, JNI_ABORT);
@@ -157,58 +160,64 @@ int sm2_gen_key_pair(EVP_PKEY_CTX* ctx, uint8_t* key_pair, size_t* key_pair_len)
 
     if (!EVP_PKEY_keygen_init(ctx)) {
         OPENSSL_print_err();
+
         return OPENSSL_FAILURE;
     }
 
     EVP_PKEY* pkey = NULL;
     if (!EVP_PKEY_keygen(ctx, &pkey)) {
         OPENSSL_print_err();
+
         return OPENSSL_FAILURE;
     }
 
-    BIGNUM* priv_key_bn = NULL;
-    if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key_bn)) {
+    BIGNUM* pri_key_bn = NULL;
+    if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &pri_key_bn)) {
         OPENSSL_print_err();
         EVP_PKEY_free(pkey);
+
         return OPENSSL_FAILURE;
     }
-    if (BN_num_bytes(priv_key_bn) > SM2_PRI_KEY_LEN) {
+    if (BN_num_bytes(pri_key_bn) > SM2_PRI_KEY_LEN) {
         EVP_PKEY_free(pkey);
-        BN_free(priv_key_bn);
+        BN_free(pri_key_bn);
+
         return OPENSSL_FAILURE;
     }
-    uint8_t priv_key_buf[SM2_PRI_KEY_LEN] = {0};
-    BN_bn2binpad(priv_key_bn, priv_key_buf, SM2_PRI_KEY_LEN);
-    BN_free(priv_key_bn);
+    uint8_t pri_key_buf[SM2_PRI_KEY_LEN] = {0};
+    BN_bn2binpad(pri_key_bn, pri_key_buf, SM2_PRI_KEY_LEN);
+    BN_free(pri_key_bn);
 
     size_t pub_key_len = 0;
     if (!EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, NULL, 0, &pub_key_len)) {
         OPENSSL_print_err();
         EVP_PKEY_free(pkey);
-        OPENSSL_cleanse(priv_key_buf, SM2_PRI_KEY_LEN);
+        OPENSSL_cleanse(pri_key_buf, SM2_PRI_KEY_LEN);
+
         return OPENSSL_FAILURE;
     }
     uint8_t* pub_key_buf = OPENSSL_malloc(pub_key_len);
     if (pub_key_buf == NULL) {
         EVP_PKEY_free(pkey);
-        OPENSSL_cleanse(priv_key_buf, SM2_PRI_KEY_LEN);
+        OPENSSL_cleanse(pri_key_buf, SM2_PRI_KEY_LEN);
         return OPENSSL_FAILURE;
     }
 
     if (!EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, pub_key_buf, pub_key_len, &pub_key_len)) {
         OPENSSL_print_err();
         EVP_PKEY_free(pkey);
-        OPENSSL_cleanse(priv_key_buf, SM2_PRI_KEY_LEN);
+        OPENSSL_cleanse(pri_key_buf, SM2_PRI_KEY_LEN);
         OPENSSL_free(pub_key_buf);
+
         return OPENSSL_FAILURE;
     }
 
     *key_pair_len = SM2_PRI_KEY_LEN + pub_key_len;
-    memcpy(key_pair, priv_key_buf, SM2_PRI_KEY_LEN);
+    memcpy(key_pair, pri_key_buf, SM2_PRI_KEY_LEN);
     memcpy(key_pair + SM2_PRI_KEY_LEN, pub_key_buf, pub_key_len);
 
     EVP_PKEY_free(pkey);
-    OPENSSL_cleanse(priv_key_buf, SM2_PRI_KEY_LEN);
+    OPENSSL_cleanse(pri_key_buf, SM2_PRI_KEY_LEN);
     OPENSSL_free(pub_key_buf);
 
     return OPENSSL_SUCCESS;