GFpECKeyExchangeSM2

Developer Guide and Reference for Intel® Cryptography Primitives Library

Download PDF

ID 834196

Date 10/31/2024

Version 2025.0

Public

Visible to Intel only — GUID: GUID-C60BF410-7A66-426F-8B91-C7626976A5AE

View Details

GFpECKeyExchangeSM2_SharedKey

Computes a shared key between two participants of the cryptosystem.

Syntax

IppStatus ippsGFpECKeyExchangeSM2_SharedKey(Ipp8u* pSharedKey, int sharedKeySize, Ipp8u* pSSelf, const IppsBigNumState* pPrvKey, IppsBigNumState* pEphPrvKey, IppsGFpECKeyExchangeSM2State pKE, Ipp8u pScratchBuffer)

Include Files

ippcp.h

Parameters

pSharedKey	Pointer to the secret-number Shared Key.
sharedKeySize	length to the secret-number Shared Key.
pSSelf	Pointer (NULL - optional) to the Self Conformation hash data.
pPrvKey	Pointer to the private keys of the elliptic curve.
pEphPrvKey	Ephemeral Pointer to the private keys of the elliptic curve. Is cleared inside of the function if returned status is `ippStsNoErr`.
pScratchBuffer	Pointer to the scratch buffer of size produced by ippsGFpECScratchBufferSize for the elliptic curve.
pKE	Pointer to the buffer begging initialization.

Description

The function computes a secret-number pSharedKey, which is a secret key shared between two participants of the cryptosystem.

NOTE:

The ephemeral public(R_a/b) and private(r_a/b) keys (steps A1-A3 and B1-B3) have to be generated by the user’s application.

[GBT.32918.3-2016] Public Key cryptographic algorithm SM2 based on elliptic curves.

Part 3: Key exchange protocol

6.2 Process of key exchange protocol

stack compute[standard link]:

	[user A\| user B]
x(a/b)` = 2^w + (x(a/b) & (2^w – 1))	[step 4\| step 3]
t(a/b) = (d(a/b) + x(a/b)`*r(a/b) ) mod n	[step 5\| step 4]
x(b/a)` = 2^w + ( x(b/a) & (2^w – 1) )	[step 6\| step 5]
5) U/V = [h*t(a/b)]( P(b/a) + [x(b/a)`]R(b/a) ) = ( x(u/v), y(u/v) ) tmp_p = SM3( x(u/v) \|\| Za \|\| Zb \|\| xa \|\| ya \|\| xb \|\| yb )	[step 7\| step 6]
S(a/b) = SM3( 0x0(3/2) \|\| y(u/v) \|\| tmp_p )	[step 10\| step 8]
K(a/b) = KDF(x(u/v) \|\| y(u/v) \|\| Za \|\| Zb, klen)	[step 8\| step 7]

Shared secret shared is an SM3 hash digest of the secret point on the elliptic curve.

The ippsGFpECScratchBufferSize function should be called with nScalars equal to at least 2 to get the valid pScratchBuffer.

Return Values

ippStsNoErr	Indicates no error. Any other value indicates an error or warning.
ippStsNullPtrErr	Indicates an error condition if any of the specified pointers are NULL.
ippStsContextMatchErr	Indicates an error condition if the `IppsGFpECState` context parameter does not match the operation or public keys are set up incorrectly.
ippStsNotSupportedModeErr	Indicates an error condition if the `IppsGFpECState` context parameter defines an elliptic curve over an extension of the prime finite field.
ippStsRangeErr	Indicates an error condition if the length in bits of the elliptic curve is less than the length in bits of the SM3 hash digest.
ippStsBadArgErr	Indicates an error condition if the role is not equal to `ippKESM2Requester` or `ippKESM2Responder`.
ippStsInvalidPrivateKey	Indicates an error condition if the secret key is not within (0, order).
ippStsOutOfRangeErr	Indicates an error condition if `sharedKeySize` <= 0.

	[user A\| user B]
x(a/b)` = 2^w + (x(a/b) & (2^w – 1))	[step 4\| step 3]
t(a/b) = (d(a/b) + x(a/b)`*r(a/b) ) mod n	[step 5\| step 4]
x(b/a)` = 2^w + ( x(b/a) & (2^w – 1) )	[step 6\| step 5]
5) U/V = [h*t(a/b)]( P(b/a) + [x(b/a)`]R(b/a) ) = ( x(u/v), y(u/v) ) tmp_p = SM3( x(u/v) \|\| Za \|\| Zb \|\| xa \|\| ya \|\| xb \|\| yb )	[step 7\| step 6]
S(a/b) = SM3( 0x0(3/2) \|\| y(u/v) \|\| tmp_p )	[step 10\| step 8]
K(a/b) = KDF(x(u/v) \|\| y(u/v) \|\| Za \|\| Zb, klen)	[step 8\| step 7]

Select Your Language

Using Intel.com Search

Quick Links

Recent Searches

Advanced Search

Only search in