sm2/9 key exchange: test no sign/verify case

sm2/sm2_keyexchange.go

@@ -221,7 +221,7 @@ func (ke *KeyExchange) RepondKeyExchange(rand io.Reader, rA *ecdsa.PublicKey) (*
 // It will check if there are peer's public key and validate the peer's Ephemeral Public Key.
 //
 // If the peer's signature is not empty, then it will also validate the peer's
-// signature and return generated signature regardless KeyExchange.genSignature value.
+// signature and return generated signature depends on KeyExchange.genSignature value.
 func (ke *KeyExchange) ConfirmResponder(rB *ecdsa.PublicKey, sB []byte) ([]byte, error) {
 	if ke.peerPub == nil {
 		return nil, errors.New("sm2: no peer public key given")
@@ -258,6 +258,9 @@ func (ke *KeyExchange) ConfirmResponder(rB *ecdsa.PublicKey, sB []byte) ([]byte,
 			return nil, errors.New("sm2: invalid responder's signature")
 		}
 	}
+	if !ke.genSignature {
+		return nil, nil
+	}
 	return ke.sign(false, 0x03), nil
 }
 

sm2/sm2_keyexchange_test.go

@@ -43,6 +43,43 @@ func TestKeyExchangeSample(t *testing.T) {
 	}
 }
 
+func TestKeyExchangeSimplest(t *testing.T) {
+	priv1, _ := GenerateKey(rand.Reader)
+	priv2, _ := GenerateKey(rand.Reader)
+	initiator, err := NewKeyExchange(priv1, &priv2.PublicKey, nil, nil, 32, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	responder, err := NewKeyExchange(priv2, &priv1.PublicKey, nil, nil, 32, false)
+	if err != nil {
+		t.Fatal(err)
+	}
+	rA, err := initiator.InitKeyExchange(rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rB, s2, err := responder.RepondKeyExchange(rand.Reader, rA)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(s2) != 0 {
+		t.Errorf("should be no siganature")
+	}
+
+	s1, err := initiator.ConfirmResponder(rB, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(s1) != 0 {
+		t.Errorf("should be no siganature")
+	}
+
+	if hex.EncodeToString(initiator.GetSharedKey()) != hex.EncodeToString(responder.GetSharedKey()) {
+		t.Errorf("got different key")
+	}
+}
+
 func TestSetPeerParameters(t *testing.T) {
 	priv1, _ := GenerateKey(rand.Reader)
 	priv2, _ := GenerateKey(rand.Reader)
@@ -69,12 +106,6 @@ func TestSetPeerParameters(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	// call twice
-	err = initiator.SetPeerParameters(&priv2.PublicKey, uidB)
-	if err == nil {
-		t.Fatalf("expected error")
-	}
-
 	err = responder.SetPeerParameters(&priv1.PublicKey, uidA)
 	if err != nil {
 		t.Fatal(err)

sm9/sm9.go

@@ -602,7 +602,9 @@ func (ke *KeyExchange) ConfirmResponder(rB *bn256.G1, sB []byte) ([]byte, error)
 		}
 	}
 	ke.generateSharedKey(false)
-
+	if !ke.genSignature {
+		return nil, nil
+	}
 	return ke.sign(false, 0x83), nil
 }
 

sm9/sm9_test.go

@@ -244,6 +244,56 @@ func TestKeyExchange(t *testing.T) {
 	}
 }
 
+func TestKeyExchangeWithoutSignature(t *testing.T) {
+	hid := byte(0x02)
+	userA := []byte("Alice")
+	userB := []byte("Bob")
+	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	userKey, err := masterKey.GenerateUserKey(userA, hid)
+	if err != nil {
+		t.Fatal(err)
+	}
+	initiator := NewKeyExchange(userKey, userA, userB, 16, false)
+
+	userKey, err = masterKey.GenerateUserKey(userB, hid)
+	if err != nil {
+		t.Fatal(err)
+	}
+	responder := NewKeyExchange(userKey, userB, userA, 16, false)
+
+	// A1-A4
+	rA, err := initiator.InitKeyExchange(rand.Reader, hid)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// B1 - B7
+	rB, sigB, err := responder.RepondKeyExchange(rand.Reader, hid, rA)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(sigB) != 0 {
+		t.Errorf("should no signature")
+	}
+
+	// A5 -A8
+	sigA, err := initiator.ConfirmResponder(rB, sigB)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(sigA) != 0 {
+		t.Errorf("should no signature")
+	}
+
+	if hex.EncodeToString(initiator.GetSharedKey()) != hex.EncodeToString(responder.GetSharedKey()) {
+		t.Errorf("got different key")
+	}
+}
+
 func TestWrapKey(t *testing.T) {
 	masterKey, err := GenerateEncryptMasterKey(rand.Reader)
 	hid := byte(0x01)