mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-07 08:56:17 +08:00
Add AEAD and GHASH functions
This commit is contained in:
Zhi Guan
145
src/aead.c
145
src/aead.c
@@ -11,6 +11,7 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <gmssl/mem.h>
|
||||
#include <gmssl/aead.h>
|
||||
#include <gmssl/error.h>
|
||||
|
||||
@@ -19,6 +20,7 @@ int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
if (sm4_cbc_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
@@ -56,6 +58,7 @@ int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
if (sm4_cbc_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
@@ -84,6 +87,7 @@ int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in
|
||||
return 1;
|
||||
} else {
|
||||
memcpy(ctx->mac + ctx->maclen, in, len);
|
||||
ctx->maclen += len;
|
||||
in += len;
|
||||
inlen -= len;
|
||||
}
|
||||
@@ -135,6 +139,8 @@ int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, siz
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
memset(ctx->mac, 0, SM3_HMAC_SIZE);
|
||||
ctx->maclen = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -142,6 +148,7 @@ int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
@@ -179,6 +186,7 @@ int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
if (sm4_ctr_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
@@ -207,6 +215,7 @@ int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in
|
||||
return 1;
|
||||
} else {
|
||||
memcpy(ctx->mac + ctx->maclen, in, len);
|
||||
ctx->maclen += len;
|
||||
in += len;
|
||||
inlen -= len;
|
||||
}
|
||||
@@ -258,41 +267,161 @@ int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, siz
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
memset(ctx->mac, 0, SM3_HMAC_SIZE);
|
||||
ctx->maclen = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
const uint8_t *aad, size_t aadlen, size_t taglen)
|
||||
{
|
||||
return -1;
|
||||
uint8_t H[16] = {0};
|
||||
uint8_t Y[16];
|
||||
|
||||
if (taglen > SM4_GCM_MAX_TAG_SIZE) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->taglen = taglen;
|
||||
|
||||
if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, H) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
sm4_encrypt(&ctx->enc_ctx.sm4_key, H, H);
|
||||
|
||||
ghash_init(&ctx->mac_ctx, H, aad, aadlen);
|
||||
|
||||
if (ivlen == 12) {
|
||||
memcpy(Y, iv, 12);
|
||||
Y[12] = Y[13] = Y[14] = 0;
|
||||
Y[15] = 1;
|
||||
} else {
|
||||
ghash(H, NULL, 0, iv, ivlen, Y);
|
||||
}
|
||||
|
||||
memcpy(ctx->enc_ctx.ctr, Y, 16);
|
||||
|
||||
sm4_encrypt(&ctx->enc_ctx.sm4_key, Y, ctx->Y);
|
||||
|
||||
gmssl_secure_clear(H, sizeof(H));
|
||||
gmssl_secure_clear(Y, sizeof(Y));
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_encrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return -1;
|
||||
if (sm4_ctr_encrypt_update(&ctx->enc_ctx, in, inlen, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
ghash_update(&ctx->mac_ctx, out, *outlen);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return -1;
|
||||
uint8_t mac[16];
|
||||
|
||||
if (sm4_ctr_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
ghash_update(&ctx->mac_ctx, out, *outlen);
|
||||
ghash_finish(&ctx->mac_ctx, mac);
|
||||
|
||||
gmssl_memxor(mac, mac, ctx->Y, ctx->taglen);
|
||||
memcpy(out + *outlen, mac, ctx->taglen);
|
||||
*outlen += ctx->taglen;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_decrypt_init(SM4_GCM_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
const uint8_t *aad, size_t aadlen, size_t taglen)
|
||||
{
|
||||
return -1;
|
||||
return sm4_gcm_encrypt_init(ctx, key, iv, ivlen, aad, aadlen, taglen);
|
||||
}
|
||||
|
||||
int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return -1;
|
||||
size_t len;
|
||||
|
||||
if (ctx->maclen > ctx->taglen) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (ctx->maclen < ctx->taglen) {
|
||||
len = ctx->taglen - ctx->maclen;
|
||||
if (inlen <= len) {
|
||||
memcpy(ctx->mac + ctx->maclen, in, inlen);
|
||||
ctx->maclen += inlen;
|
||||
return 1;
|
||||
} else {
|
||||
memcpy(ctx->mac + ctx->maclen, in, len);
|
||||
ctx->maclen += len;
|
||||
in += len;
|
||||
inlen -= len;
|
||||
}
|
||||
}
|
||||
|
||||
if (inlen <= ctx->taglen) {
|
||||
ghash_update(&ctx->mac_ctx, ctx->mac, inlen);
|
||||
if (sm4_ctr_decrypt_update(&ctx->enc_ctx, ctx->mac, inlen, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
len = ctx->taglen - inlen;
|
||||
memcpy(ctx->mac, ctx->mac + inlen, len);
|
||||
memcpy(ctx->mac + len, in, inlen);
|
||||
} else {
|
||||
ghash_update(&ctx->mac_ctx, ctx->mac, ctx->taglen);
|
||||
if (sm4_ctr_decrypt_update(&ctx->enc_ctx, ctx->mac, ctx->taglen, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
out += *outlen;
|
||||
|
||||
inlen -= ctx->taglen;
|
||||
ghash_update(&ctx->mac_ctx, in, inlen);
|
||||
if (sm4_ctr_decrypt_update(&ctx->enc_ctx, in, inlen, out, &len) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
*outlen += len;
|
||||
memcpy(ctx->mac, in + inlen, GHASH_SIZE);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return -1;
|
||||
uint8_t mac[GHASH_SIZE];
|
||||
|
||||
if (ctx->maclen != ctx->taglen) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
ghash_finish(&ctx->mac_ctx, mac);
|
||||
if (sm4_ctr_decrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
gmssl_memxor(mac, mac, ctx->Y, ctx->taglen);
|
||||
if (memcmp(mac, ctx->mac, ctx->taglen) != 0) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
memset(ctx->mac, 0, GHASH_SIZE);
|
||||
ctx->maclen = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int zuc_with_mac_encrypt_init(ZUC_WITH_MAC_CTX *ctx,
|
||||
|
||||
90
src/gcm.c
90
src/gcm.c
@@ -11,6 +11,8 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <assert.h>
|
||||
#include <gmssl/mem.h>
|
||||
#include <gmssl/gf128.h>
|
||||
#include <gmssl/gcm.h>
|
||||
#include <gmssl/oid.h>
|
||||
@@ -79,6 +81,94 @@ void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen, const uint8_t
|
||||
gf128_to_bytes(H, out);
|
||||
}
|
||||
|
||||
|
||||
void ghash_init(GHASH_CTX *ctx, const uint8_t h[16], const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
gf128_t A;
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->H = gf128_from_bytes(h);
|
||||
ctx->X = gf128_zero();
|
||||
ctx->aadlen = aadlen;
|
||||
ctx->clen = 0;
|
||||
|
||||
while (aadlen) {
|
||||
if (aadlen >= 16) {
|
||||
A = gf128_from_bytes(aad);
|
||||
aad += 16;
|
||||
aadlen -= 16;
|
||||
} else {
|
||||
memset(ctx->block, 0, 16);
|
||||
memcpy(ctx->block, aad, aadlen);
|
||||
A = gf128_from_bytes(ctx->block);
|
||||
aadlen = 0;
|
||||
}
|
||||
ctx->X = gf128_add(ctx->X, A);
|
||||
ctx->X = gf128_mul(ctx->X, ctx->H);
|
||||
}
|
||||
}
|
||||
|
||||
void ghash_update(GHASH_CTX *ctx, const uint8_t *c, size_t clen)
|
||||
{
|
||||
gf128_t C;
|
||||
|
||||
assert(ctx->num < 16);
|
||||
|
||||
ctx->clen += clen;
|
||||
|
||||
if (ctx->num) {
|
||||
size_t left = 16 - ctx->num;
|
||||
if (clen < left) {
|
||||
memcpy(ctx->block + ctx->num, c, clen);
|
||||
ctx->num += clen;
|
||||
return;
|
||||
} else {
|
||||
memcpy(ctx->block + ctx->num, c, left);
|
||||
C = gf128_from_bytes(ctx->block);
|
||||
ctx->X = gf128_add(ctx->X, C);
|
||||
ctx->X = gf128_mul(ctx->X, ctx->H);
|
||||
c += left;
|
||||
clen -= left;
|
||||
}
|
||||
}
|
||||
|
||||
while (clen >= 16) {
|
||||
C = gf128_from_bytes(c);
|
||||
ctx->X = gf128_add(ctx->X, C);
|
||||
ctx->X = gf128_mul(ctx->X, ctx->H);
|
||||
c += 16;
|
||||
clen -= 16;
|
||||
}
|
||||
|
||||
ctx->num = clen;
|
||||
if (clen) {
|
||||
memcpy(ctx->block, c, clen);
|
||||
}
|
||||
}
|
||||
|
||||
void ghash_finish(GHASH_CTX *ctx, uint8_t out[16])
|
||||
{
|
||||
gf128_t C;
|
||||
gf128_t L;
|
||||
|
||||
if (ctx->num) {
|
||||
memset(ctx->block + ctx->num, 0, 16 - ctx->num);
|
||||
C = gf128_from_bytes(ctx->block);
|
||||
ctx->X = gf128_add(ctx->X, C);
|
||||
ctx->X = gf128_mul(ctx->X, ctx->H);
|
||||
}
|
||||
|
||||
PUTU64(ctx->block, (uint64_t)ctx->aadlen << 3);
|
||||
PUTU64(ctx->block + 8, (uint64_t)ctx->clen << 3);
|
||||
L = gf128_from_bytes(ctx->block);
|
||||
|
||||
ctx->X = gf128_add(ctx->X, L);
|
||||
ctx->H = gf128_mul(ctx->X, ctx->H);
|
||||
gf128_to_bytes(ctx->H, out);
|
||||
|
||||
gmssl_secure_clear(ctx, sizeof(*ctx));
|
||||
}
|
||||
|
||||
int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
|
||||
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
|
||||
uint8_t *out, size_t taglen, uint8_t *tag)
|
||||
|
||||
Reference in New Issue
Block a user