mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-12 03:16:25 +08:00
Add AEAD and GHASH functions
This commit is contained in:
Zhi Guan
145
src/aead.c
145
src/aead.c
@@ -11,6 +11,7 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <gmssl/mem.h>
|
||||
#include <gmssl/aead.h>
|
||||
#include <gmssl/error.h>
|
||||
|
||||
@@ -19,6 +20,7 @@ int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
if (sm4_cbc_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
@@ -56,6 +58,7 @@ int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
if (sm4_cbc_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
@@ -84,6 +87,7 @@ int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in
|
||||
return 1;
|
||||
} else {
|
||||
memcpy(ctx->mac + ctx->maclen, in, len);
|
||||
ctx->maclen += len;
|
||||
in += len;
|
||||
inlen -= len;
|
||||
}
|
||||
@@ -135,6 +139,8 @@ int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, siz
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
memset(ctx->mac, 0, SM3_HMAC_SIZE);
|
||||
ctx->maclen = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -142,6 +148,7 @@ int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
@@ -179,6 +186,7 @@ int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
{
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
if (sm4_ctr_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
@@ -207,6 +215,7 @@ int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in
|
||||
return 1;
|
||||
} else {
|
||||
memcpy(ctx->mac + ctx->maclen, in, len);
|
||||
ctx->maclen += len;
|
||||
in += len;
|
||||
inlen -= len;
|
||||
}
|
||||
@@ -258,41 +267,161 @@ int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, siz
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
memset(ctx->mac, 0, SM3_HMAC_SIZE);
|
||||
ctx->maclen = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
const uint8_t *aad, size_t aadlen, size_t taglen)
|
||||
{
|
||||
return -1;
|
||||
uint8_t H[16] = {0};
|
||||
uint8_t Y[16];
|
||||
|
||||
if (taglen > SM4_GCM_MAX_TAG_SIZE) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->taglen = taglen;
|
||||
|
||||
if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, H) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
sm4_encrypt(&ctx->enc_ctx.sm4_key, H, H);
|
||||
|
||||
ghash_init(&ctx->mac_ctx, H, aad, aadlen);
|
||||
|
||||
if (ivlen == 12) {
|
||||
memcpy(Y, iv, 12);
|
||||
Y[12] = Y[13] = Y[14] = 0;
|
||||
Y[15] = 1;
|
||||
} else {
|
||||
ghash(H, NULL, 0, iv, ivlen, Y);
|
||||
}
|
||||
|
||||
memcpy(ctx->enc_ctx.ctr, Y, 16);
|
||||
|
||||
sm4_encrypt(&ctx->enc_ctx.sm4_key, Y, ctx->Y);
|
||||
|
||||
gmssl_secure_clear(H, sizeof(H));
|
||||
gmssl_secure_clear(Y, sizeof(Y));
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_encrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return -1;
|
||||
if (sm4_ctr_encrypt_update(&ctx->enc_ctx, in, inlen, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
ghash_update(&ctx->mac_ctx, out, *outlen);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return -1;
|
||||
uint8_t mac[16];
|
||||
|
||||
if (sm4_ctr_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
ghash_update(&ctx->mac_ctx, out, *outlen);
|
||||
ghash_finish(&ctx->mac_ctx, mac);
|
||||
|
||||
gmssl_memxor(mac, mac, ctx->Y, ctx->taglen);
|
||||
memcpy(out + *outlen, mac, ctx->taglen);
|
||||
*outlen += ctx->taglen;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_decrypt_init(SM4_GCM_CTX *ctx,
|
||||
const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
|
||||
const uint8_t *aad, size_t aadlen)
|
||||
const uint8_t *aad, size_t aadlen, size_t taglen)
|
||||
{
|
||||
return -1;
|
||||
return sm4_gcm_encrypt_init(ctx, key, iv, ivlen, aad, aadlen, taglen);
|
||||
}
|
||||
|
||||
int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return -1;
|
||||
size_t len;
|
||||
|
||||
if (ctx->maclen > ctx->taglen) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (ctx->maclen < ctx->taglen) {
|
||||
len = ctx->taglen - ctx->maclen;
|
||||
if (inlen <= len) {
|
||||
memcpy(ctx->mac + ctx->maclen, in, inlen);
|
||||
ctx->maclen += inlen;
|
||||
return 1;
|
||||
} else {
|
||||
memcpy(ctx->mac + ctx->maclen, in, len);
|
||||
ctx->maclen += len;
|
||||
in += len;
|
||||
inlen -= len;
|
||||
}
|
||||
}
|
||||
|
||||
if (inlen <= ctx->taglen) {
|
||||
ghash_update(&ctx->mac_ctx, ctx->mac, inlen);
|
||||
if (sm4_ctr_decrypt_update(&ctx->enc_ctx, ctx->mac, inlen, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
len = ctx->taglen - inlen;
|
||||
memcpy(ctx->mac, ctx->mac + inlen, len);
|
||||
memcpy(ctx->mac + len, in, inlen);
|
||||
} else {
|
||||
ghash_update(&ctx->mac_ctx, ctx->mac, ctx->taglen);
|
||||
if (sm4_ctr_decrypt_update(&ctx->enc_ctx, ctx->mac, ctx->taglen, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
out += *outlen;
|
||||
|
||||
inlen -= ctx->taglen;
|
||||
ghash_update(&ctx->mac_ctx, in, inlen);
|
||||
if (sm4_ctr_decrypt_update(&ctx->enc_ctx, in, inlen, out, &len) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
*outlen += len;
|
||||
memcpy(ctx->mac, in + inlen, GHASH_SIZE);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
|
||||
{
|
||||
return -1;
|
||||
uint8_t mac[GHASH_SIZE];
|
||||
|
||||
if (ctx->maclen != ctx->taglen) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
ghash_finish(&ctx->mac_ctx, mac);
|
||||
if (sm4_ctr_decrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
|
||||
gmssl_memxor(mac, mac, ctx->Y, ctx->taglen);
|
||||
if (memcmp(mac, ctx->mac, ctx->taglen) != 0) {
|
||||
error_print();
|
||||
return -1;
|
||||
}
|
||||
memset(ctx->mac, 0, GHASH_SIZE);
|
||||
ctx->maclen = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int zuc_with_mac_encrypt_init(ZUC_WITH_MAC_CTX *ctx,
|
||||
|
||||
Reference in New Issue
Block a user