From d22b2253f30a366ce512d7995dde70136199d3cb Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Fri, 3 Feb 2023 15:13:02 +0800
Subject: [PATCH] sm9: add example test

---
 sm9/example_test.go | 168 ++++++++++++++++++++++++++++++++++++++++++++
 sm9/sm9_test.go     |  13 ++--
 2 files changed, 177 insertions(+), 4 deletions(-)
 create mode 100644 sm9/example_test.go

diff --git a/sm9/example_test.go b/sm9/example_test.go
new file mode 100644
index 0000000..e7e84e9
--- /dev/null
+++ b/sm9/example_test.go
@@ -0,0 +1,168 @@
+package sm9_test
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"fmt"
+	"math/big"
+	"os"
+
+	"github.com/emmansun/gmsm/sm9"
+	"golang.org/x/crypto/cryptobyte"
+)
+
+func ExampleSignPrivateKey_Sign() {
+	// real user sign private key should be from secret storage, e.g. password protected pkcs8 file
+	kb, _ := hex.DecodeString("0130E78459D78545CB54C587E02CF480CE0B66340F319F348A1D5B1F2DC5F4")
+	var b cryptobyte.Builder
+	b.AddASN1BigInt(new(big.Int).SetBytes(kb))
+	kb, _ = b.Bytes()
+	masterkey := new(sm9.SignMasterPrivateKey)
+	err := masterkey.UnmarshalASN1(kb)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
+		return
+	}
+	hid := byte(0x01)
+	uid := []byte("Alice")
+	userKey, err := masterkey.GenerateUserKey(uid, hid)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from GenerateUserKey: %s\n", err)
+		return
+	}
+
+	// sm9 sign
+	hash := []byte("Chinese IBS standard")
+	sig, err := userKey.Sign(rand.Reader, hash, nil)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from Sign: %s\n", err)
+		return
+	}
+
+	// Since sign is a randomized function, signature will be
+	// different each time.
+	fmt.Printf("%x\n", sig)
+	// Output: true
+}
+
+func ExampleVerifyASN1() {
+	// get master public key, can be from pem
+	masterPubKey := new(sm9.SignMasterPublicKey)
+	keyBytes, _ := hex.DecodeString("03818200049f64080b3084f733e48aff4b41b565011ce0711c5e392cfb0ab1b6791b94c40829dba116152d1f786ce843ed24a3b573414d2177386a92dd8f14d65696ea5e3269850938abea0112b57329f447e3a0cbad3e2fdb1a77f335e89e1408d0ef1c2541e00a53dda532da1a7ce027b7a46f741006e85f5cdff0730e75c05fb4e3216d")
+	err := masterPubKey.UnmarshalASN1(keyBytes)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
+		return
+	}
+	hid := byte(0x01)
+	uid := []byte("Alice")
+	hash := []byte("Chinese IBS standard")
+	sig, _ := hex.DecodeString("30660420b0d0c0bb1b57ea0d5b51cb5c96be850b8c2eef6b0fff5fcccb524b972574e6eb03420004901819575c9211c7b4e6e137794d23d0095608bcdad5c82dbff05777c5b49c763e4425acea2aaedf9e48d4784b4e4a5621cc3663fe0aae44dcbeac183fee9b0f")
+	ok := sm9.VerifyASN1(masterPubKey, uid, hid, hash, sig)
+
+	fmt.Printf("%v\n", ok)
+	// Output: true
+}
+
+func ExampleSignMasterPublicKey_Verify() {
+	// get master public key, can be from pem
+	masterPubKey := new(sm9.SignMasterPublicKey)
+	keyBytes, _ := hex.DecodeString("03818200049f64080b3084f733e48aff4b41b565011ce0711c5e392cfb0ab1b6791b94c40829dba116152d1f786ce843ed24a3b573414d2177386a92dd8f14d65696ea5e3269850938abea0112b57329f447e3a0cbad3e2fdb1a77f335e89e1408d0ef1c2541e00a53dda532da1a7ce027b7a46f741006e85f5cdff0730e75c05fb4e3216d")
+	err := masterPubKey.UnmarshalASN1(keyBytes)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
+		return
+	}
+	hid := byte(0x01)
+	uid := []byte("Alice")
+	hash := []byte("Chinese IBS standard")
+	sig, _ := hex.DecodeString("30660420b0d0c0bb1b57ea0d5b51cb5c96be850b8c2eef6b0fff5fcccb524b972574e6eb03420004901819575c9211c7b4e6e137794d23d0095608bcdad5c82dbff05777c5b49c763e4425acea2aaedf9e48d4784b4e4a5621cc3663fe0aae44dcbeac183fee9b0f")
+	ok := masterPubKey.Verify(uid, hid, hash, sig)
+
+	fmt.Printf("%v\n", ok)
+	// Output: true
+}
+
+func ExampleEncryptPrivateKey_UnwrapKey() {
+	// real user encrypt private key should be from secret storage, e.g. password protected pkcs8 file
+	kb, _ := hex.DecodeString("038182000494736acd2c8c8796cc4785e938301a139a059d3537b6414140b2d31eecf41683115bae85f5d8bc6c3dbd9e5342979acccf3c2f4f28420b1cb4f8c0b59a19b1587aa5e47570da7600cd760a0cf7beaf71c447f3844753fe74fa7ba92ca7d3b55f27538a62e7f7bfb51dce08704796d94c9d56734f119ea44732b50e31cdeb75c1")
+	userKey := new(sm9.EncryptPrivateKey)
+	err := userKey.UnmarshalASN1(kb)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
+		return
+	}
+
+	cipherDer, _ := hex.DecodeString("0342000447689629d1fa57e8def447f42b75e28518a1b692891528ca596f7bcbf581c7cf429ed01b114ce157ed4eadd0b2ded9a7e475e347f67b6affa3a6cf654573f978")
+	key, err := userKey.UnwrapKey([]byte("Bob"), cipherDer, 32)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from UnwrapKey: %s\n", err)
+		return
+	}
+	fmt.Printf("%s\n", hex.EncodeToString(key))
+	// Output: 270c42505bca90a8084064ea8af279364405a8195f30664082ead3d6991ed70f
+}
+
+func ExampleEncryptMasterPublicKey_WrapKey() {
+	// get master public key, can be from pem
+	masterPubKey := new(sm9.EncryptMasterPublicKey)
+	keyBytes, _ := hex.DecodeString("03420004787ed7b8a51f3ab84e0a66003f32da5c720b17eca7137d39abc66e3c80a892ff769de61791e5adc4b9ff85a31354900b202871279a8c49dc3f220f644c57a7b1")
+	err := masterPubKey.UnmarshalASN1(keyBytes)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
+		return
+	}
+	hid := byte(0x03)
+	uid := []byte("Bob")
+	key, cipherDer, err := masterPubKey.WrapKey(rand.Reader, uid, hid, 32)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from WrapKeyASN1: %s\n", err)
+		return
+	}
+
+	// Since WrapKey is a randomized function, result will be
+	// different each time.
+	fmt.Printf("%s %s\n", hex.EncodeToString(key), hex.EncodeToString(cipherDer))
+}
+
+func ExampleEncryptPrivateKey_Decrypt() {
+	// real user encrypt private key should be from secret storage, e.g. password protected pkcs8 file
+	kb, _ := hex.DecodeString("038182000494736acd2c8c8796cc4785e938301a139a059d3537b6414140b2d31eecf41683115bae85f5d8bc6c3dbd9e5342979acccf3c2f4f28420b1cb4f8c0b59a19b1587aa5e47570da7600cd760a0cf7beaf71c447f3844753fe74fa7ba92ca7d3b55f27538a62e7f7bfb51dce08704796d94c9d56734f119ea44732b50e31cdeb75c1")
+	userKey := new(sm9.EncryptPrivateKey)
+	err := userKey.UnmarshalASN1(kb)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
+		return
+	}
+	uid := []byte("Bob")
+	cipherDer, _ := hex.DecodeString("307f020100034200042cb3e90b0977211597652f26ee4abbe275ccb18dd7f431876ab5d40cc2fc563d9417791c75bc8909336a4e6562450836cc863f51002e31ecf0c4aae8d98641070420638ca5bfb35d25cff7cbd684f3ed75f2d919da86a921a2e3e2e2f4cbcf583f240414b7e776811774722a8720752fb1355ce45dc3d0df")
+	plaintext, err := userKey.Decrypt(uid, cipherDer)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from Decrypt: %s\n", err)
+		return
+	}
+	fmt.Printf("%s\n", plaintext)
+	// Output: Chinese IBE standard
+}
+
+func ExampleEncryptMasterPublicKey_Encrypt() {
+	// get master public key, can be from pem
+	masterPubKey := new(sm9.EncryptMasterPublicKey)
+	keyBytes, _ := hex.DecodeString("03420004787ed7b8a51f3ab84e0a66003f32da5c720b17eca7137d39abc66e3c80a892ff769de61791e5adc4b9ff85a31354900b202871279a8c49dc3f220f644c57a7b1")
+	err := masterPubKey.UnmarshalASN1(keyBytes)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
+		return
+	}
+	hid := byte(0x03)
+	uid := []byte("Bob")
+
+	ciphertext, err := masterPubKey.Encrypt(rand.Reader, uid, hid, []byte("Chinese IBE standard"))
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "Error from Encrypt: %s\n", err)
+		return
+	}
+	// Since Encrypt is a randomized function, result will be
+	// different each time.
+	fmt.Printf("%s\n", hex.EncodeToString(ciphertext))
+}
diff --git a/sm9/sm9_test.go b/sm9/sm9_test.go
index 9dad51a..23f26ca 100644
--- a/sm9/sm9_test.go
+++ b/sm9/sm9_test.go
@@ -447,18 +447,23 @@ func TestWrapKeyASN1(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	key, cipher, err := masterKey.Public().WrapKey(rand.Reader, uid, hid, 16)
+	keyPackage, err := masterKey.Public().WrapKeyASN1(rand.Reader, uid, hid, 16)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	key2, err := userKey.UnwrapKey(uid, cipher, 16)
+	key1, cipher, err := UnmarshalSM9KeyPackage(keyPackage)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	if hex.EncodeToString(key) != hex.EncodeToString(key2) {
-		t.Errorf("expected %v, got %v\n", hex.EncodeToString(key), hex.EncodeToString(key2))
+	key2, err := UnwrapKey(userKey, uid, cipher, 16)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if hex.EncodeToString(key1) != hex.EncodeToString(key2) {
+		t.Errorf("expected %v, got %v\n", hex.EncodeToString(key1), hex.EncodeToString(key2))
 	}
 }