abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-27 15:43:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove some useless code

Browse Source
This commit is contained in:
Zhi Guan
2026-06-22 23:02:50 +08:00
parent 6c2b35b96d
commit 29c6572173
17 changed files with 2 additions and 1668 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CMakeLists.txt
View File

@@ -177,8 +177,6 @@ set(src
src/pbkdf2.c
src/gf128.c
src/ghash.c
src/sm4_cbc_sm3_hmac.c
src/sm4_ctr_sm3_hmac.c
src/pkcs8.c
src/ec.c
src/asn1.c
@@ -206,8 +204,6 @@ set(tools
tools/sm4_cbc.c
tools/sm4_ctr.c
tools/sm4_gcm.c
tools/sm4_cbc_sm3_hmac.c
tools/sm4_ctr_sm3_hmac.c
tools/sm3.c
tools/sm3hmac.c
tools/sm3_pbkdf2.c
@@ -242,7 +238,6 @@ set(tests
sm3
sm3_hmac
sm3_hkdf
sm4_sm3_hmac
sm2_z256
sm2_key
sm2_sign
@@ -942,7 +937,7 @@ endif()
#
set(CPACK_PACKAGE_NAME "GmSSL")
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
set(CPACK_PACKAGE_VERSION "3.3.0-dev.1155")
set(CPACK_PACKAGE_VERSION "3.3.0-dev.1156")
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
set(CPACK_NSIS_MODIFY_PATH ON)
include(CPack)

49
include/gmssl/sm2_blind.h
View File

@@ -1,49 +0,0 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM2_BLIND_H
#define GMSSL_SM2_BLIND_H
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <gmssl/sm2.h>
#include <gmssl/mem.h>
#include <gmssl/asn1.h>
#include <gmssl/error.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
SM3_CTX sm3_ctx;
SM2_KEY public_key;
uint8_t blind_factor_a[32];
uint8_t blind_factor_b[32];
uint8_t sig_r[32];
} SM2_BLIND_SIGN_CTX;
#define SM2_BLIND_SIGN_MAX_COMMITLEN 65
int sm2_blind_sign_commit(SM2_Fn k, uint8_t *commit, size_t *commitlen);
int sm2_blind_sign_init(SM2_BLIND_SIGN_CTX *ctx, const SM2_KEY *public_key, const char *id, size_t idlen);
int sm2_blind_sign_update(SM2_BLIND_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_blind_sign_finish(SM2_BLIND_SIGN_CTX *ctx, const uint8_t *commit, size_t commitlen, uint8_t blinded_sig_r[32]);
int sm2_blind_sign(const SM2_KEY *key, const SM2_Fn k, const uint8_t blinded_sig_r[32], uint8_t blinded_sig_s[32]);
int sm2_blind_sign_unblind(SM2_BLIND_SIGN_CTX *ctx, const uint8_t blinded_sig_s[32], uint8_t *sig, size_t *siglen);
#ifdef __cplusplus
}
#endif
#endif

40
include/gmssl/sm2_commit.h
View File

@@ -1,40 +0,0 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM2_COMMIT_H
#define GMSSL_SM2_COMMIT_H
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <limits.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#include <gmssl/sm3.h>
#include <gmssl/mem.h>
#include <gmssl/asn1.h>
#include <gmssl/rand.h>
#include <gmssl/error.h>
#ifdef __cplusplus
extern "C" {
#endif
int sm2_commit_generate(const uint8_t x[32], uint8_t r[32], uint8_t commit[65], size_t *commitlen);
int sm2_commit_open(const uint8_t x[32], const uint8_t r[32], const uint8_t *commit, size_t commitlen);
int sm2_commit_vector_generate(const sm2_bn_t *x, size_t count, uint8_t r[32], uint8_t commit[65], size_t *commitlen);
int sm2_commit_vector_open(const sm2_bn_t *x, size_t count, const uint8_t r[32], const uint8_t *commit, size_t commitlen);
#ifdef __cplusplus
}
#endif
#endif

67
include/gmssl/sm2_elgamal.h
View File

@@ -1,67 +0,0 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM2_ELGAMAL_H
#define GMSSL_SM2_ELGAMAL_H
#include <string.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SM2_PRE_COMPUTE_MAX_OFFSETS 6
typedef struct {
uint16_t offset[SM2_PRE_COMPUTE_MAX_OFFSETS];
uint8_t offset_count;
uint8_t x_coordinate[32];
} SM2_PRE_COMPUTE;
int sm2_elgamal_decrypt_pre_compute(SM2_PRE_COMPUTE table[1<<16]);
int sm2_elgamal_solve_ecdlp(const SM2_PRE_COMPUTE table[1<<16], const SM2_POINT *point, uint32_t *private);
typedef struct {
SM2_POINT C1;
SM2_POINT C2;
} SM2_ELGAMAL_CIPHERTEXT;
int sm2_elgamal_do_encrypt(const SM2_KEY *pub_key, uint32_t in, SM2_ELGAMAL_CIPHERTEXT *out);
int sm2_elgamal_do_decrypt(const SM2_KEY *key, const SM2_ELGAMAL_CIPHERTEXT *in, uint32_t *out);
int sm2_elgamal_ciphertext_add(SM2_ELGAMAL_CIPHERTEXT *r,
const SM2_ELGAMAL_CIPHERTEXT *a,
const SM2_ELGAMAL_CIPHERTEXT *b,
const SM2_KEY *pub_key);
int sm2_elgamal_cipehrtext_sub(SM2_ELGAMAL_CIPHERTEXT *r,
const SM2_ELGAMAL_CIPHERTEXT *a, const SM2_ELGAMAL_CIPHERTEXT *b,
const SM2_KEY *pub_key);
int sm2_elgamal_cipehrtext_neg(SM2_ELGAMAL_CIPHERTEXT *r,
const SM2_ELGAMAL_CIPHERTEXT *a, const SM2_KEY *pub_key);
int sm2_elgamal_ciphertext_scalar_mul(SM2_ELGAMAL_CIPHERTEXT *R,
const uint8_t scalar[32], const SM2_ELGAMAL_CIPHERTEXT *A,
const SM2_KEY *pub_key);
int sm2_elgamal_ciphertext_to_der(const SM2_ELGAMAL_CIPHERTEXT *c, uint8_t **out, size_t *outlen);
int sm2_elgamal_ciphertext_from_der(SM2_ELGAMAL_CIPHERTEXT *c, const uint8_t **in, size_t *inlen);
int sm2_elgamal_encrypt(const SM2_KEY *pub_key, uint32_t in, uint8_t *out, size_t *outlen);
int sm2_elgamal_decrypt(SM2_KEY *key, const uint8_t *in, size_t inlen, uint32_t *out);
#ifdef __cplusplus
}
#endif
#endif

45
include/gmssl/sm2_key_share.h
View File

@@ -1,45 +0,0 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
// SM2 Key Shamir Secret Sharing
#ifndef GMSSL_SM2_KEY_SHARE_H
#define GMSSL_SM2_KEY_SHARE_H
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SM2_KEY_MAX_SHARES 12 // 12! = 479001600 < 2^31 = 2147483648
typedef struct {
SM2_KEY key;
size_t index;
size_t total_cnt;
} SM2_KEY_SHARE;
int sm2_key_split(const SM2_KEY *key, size_t recover_cnt, size_t total_cnt, SM2_KEY_SHARE *shares);
int sm2_key_recover(SM2_KEY *key, const SM2_KEY_SHARE *shares, size_t shares_cnt);
int sm2_key_share_encrypt_to_file(const SM2_KEY_SHARE *share, const char *pass, const char *path_prefix);
int sm2_key_share_decrypt_from_file(SM2_KEY_SHARE *share, const char *pass, const char *file);
int sm2_key_share_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY_SHARE *share);
#ifdef __cplusplus
}
#endif
#endif

31
include/gmssl/sm2_recover.h
View File

@@ -1,31 +0,0 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM2_RECOVER_H
#define GMSSL_SM2_RECOVER_H
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
#ifdef __cplusplus
extern "C" {
#endif
int sm2_signature_to_public_key_points(const SM2_SIGNATURE *sig, const uint8_t dgst[32],
SM2_POINT points[4], size_t *points_cnt);
int sm2_signature_conjugate(const SM2_SIGNATURE *sig, SM2_SIGNATURE *new_sig);
#ifdef __cplusplus
}
#endif
#endif

63
include/gmssl/sm2_ring.h
View File

@@ -1,63 +0,0 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM2_RING_H
#define GMSSL_SM2_RING_H
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef uint8_t sm2_bn_t[32];
int sm2_ring_do_sign(const SM2_KEY *sign_key, const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], uint8_t r[32], sm2_bn_t *s);
int sm2_ring_do_verify(const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], const uint8_t r[32], const sm2_bn_t *s);
int sm2_ring_signature_to_der(const sm2_bn_t r, const sm2_bn_t *s, size_t s_cnt, uint8_t **out, size_t *outlen);
int sm2_ring_signature_from_der(sm2_bn_t r, sm2_bn_t *s, size_t *s_cnt, const uint8_t **in, size_t *inlen);
int sm2_ring_sign(const SM2_KEY *sign_key, const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sm2_ring_verify(const SM2_POINT *public_keys, size_t public_keys_cnt,
const uint8_t dgst[32], const uint8_t *sig, size_t siglen);
#define SM2_RING_SIGN_MAX_SIGNERS 32
typedef struct {
int state;
SM3_CTX sm3_ctx;
SM2_KEY sign_key;
SM2_POINT public_keys[SM2_RING_SIGN_MAX_SIGNERS];
size_t public_keys_count;
char *id;
size_t idlen;
} SM2_RING_SIGN_CTX;
int sm2_ring_sign_init(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *sign_key, const char *id, size_t idlen);
int sm2_ring_sign_add_signer(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *public_key);
int sm2_ring_sign_update(SM2_RING_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_ring_sign_finish(SM2_RING_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
int sm2_ring_verify_init(SM2_RING_SIGN_CTX *ctx, const char *id, size_t idlen);
int sm2_ring_verify_add_signer(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *public_key);
int sm2_ring_verify_update(SM2_RING_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_ring_verify_finish(SM2_RING_SIGN_CTX *ctx, uint8_t *sig, size_t siglen);
#ifdef __cplusplus
}
#endif
#endif

52
include/gmssl/sm4_cbc_sm3_hmac.h
View File

@@ -1,52 +0,0 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM4_CBC_SM3_HMAC_H
#define GMSSL_SM4_CBC_SM3_HMAC_H
#include <string.h>
#include <stdint.h>
#include <gmssl/sm4.h>
#include <gmssl/sm3.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
SM4_CBC_CTX enc_ctx;
SM3_HMAC_CTX mac_ctx;
uint8_t mac[SM3_HMAC_SIZE];
size_t maclen;
} SM4_CBC_SM3_HMAC_CTX;
#define SM4_CBC_SM3_HMAC_KEY_SIZE 48
#define SM4_CBC_SM3_HMAC_IV_SIZE 16
int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t key[48], const uint8_t iv[16],
const uint8_t *aad, size_t aadlen);
int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx,
uint8_t *out, size_t *outlen);
int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t key[48], const uint8_t iv[16],
const uint8_t *aad, size_t aadlen);
int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx,
uint8_t *out, size_t *outlen);
#ifdef __cplusplus
}
#endif
#endif

52
include/gmssl/sm4_ctr_sm3_hmac.h
View File

@@ -1,52 +0,0 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM4_CTR_SM3_HMAC_H
#define GMSSL_SM4_CTR_SM3_HMAC_H
#include <string.h>
#include <stdint.h>
#include <gmssl/sm4.h>
#include <gmssl/sm3.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
SM4_CTR_CTX enc_ctx;
SM3_HMAC_CTX mac_ctx;
uint8_t mac[SM3_HMAC_SIZE];
size_t maclen;
} SM4_CTR_SM3_HMAC_CTX;
#define SM4_CTR_SM3_HMAC_KEY_SIZE 48
#define SM4_CTR_SM3_HMAC_IV_SIZE 16
int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t key[48], const uint8_t iv[16],
const uint8_t *aad, size_t aadlen);
int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx,
uint8_t *out, size_t *outlen);
int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t key[48], const uint8_t iv[16],
const uint8_t *aad, size_t aadlen);
int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx,
uint8_t *out, size_t *outlen);
#ifdef __cplusplus
}
#endif
#endif

2
include/gmssl/version.h
View File

@@ -18,7 +18,7 @@ extern "C" {
#define GMSSL_VERSION_NUM 30300
#define GMSSL_VERSION_STR "GmSSL 3.3.0-dev.1155"
#define GMSSL_VERSION_STR "GmSSL 3.3.0-dev.1156"
int gmssl_version_num(void);
const char *gmssl_version_str(void);

179
src/sm4_cbc_sm3_hmac.c
View File

@@ -1,179 +0,0 @@
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4_cbc_sm3_hmac.h>
#include <gmssl/mem.h>
#include <gmssl/error.h>
int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t key[48], const uint8_t iv[16],
const uint8_t *aad, size_t aadlen)
{
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
if (sm4_cbc_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
error_print();
return -1;
}
sm3_hmac_init(&ctx->mac_ctx, key + SM4_KEY_SIZE, SM3_HMAC_SIZE);
if (aad && aadlen) {
sm3_hmac_update(&ctx->mac_ctx, aad, aadlen);
}
return 1;
}
int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
if (!ctx || (!in && inlen) || !out || !outlen) {
error_print();
return -1;
}
*outlen = 0;
if (!in || !inlen) {
return 1;
}
if (sm4_cbc_encrypt_update(&ctx->enc_ctx, in, inlen, out, outlen) != 1) {
error_print();
return -1;
}
sm3_hmac_update(&ctx->mac_ctx, out, *outlen);
return 1;
}
int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen)
{
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (sm4_cbc_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
error_print();
return -1;
}
sm3_hmac_update(&ctx->mac_ctx, out, *outlen);
sm3_hmac_finish(&ctx->mac_ctx, out + *outlen);
*outlen += SM3_HMAC_SIZE;
return 1;
}
int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t key[48], const uint8_t iv[16],
const uint8_t *aad, size_t aadlen)
{
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
if (sm4_cbc_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
error_print();
return -1;
}
sm3_hmac_init(&ctx->mac_ctx, key + SM4_KEY_SIZE, SM3_HMAC_SIZE);
if (aad && aadlen) {
sm3_hmac_update(&ctx->mac_ctx, aad, aadlen);
}
return 1;
}
int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
size_t len;
if (!ctx || (!in && inlen) || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen > SM3_HMAC_SIZE) {
error_print();
return -1;
}
*outlen = 0;
if (!in || !inlen) {
return 1;
}
if (ctx->maclen < SM3_HMAC_SIZE) {
len = SM3_HMAC_SIZE - ctx->maclen;
if (inlen <= len) {
memcpy(ctx->mac + ctx->maclen, in, inlen);
ctx->maclen += inlen;
return 1;
} else {
memcpy(ctx->mac + ctx->maclen, in, len);
ctx->maclen += len;
in += len;
inlen -= len;
}
}
if (inlen <= SM3_HMAC_SIZE) {
uint8_t tmp[SM3_HMAC_SIZE];
sm3_hmac_update(&ctx->mac_ctx, ctx->mac, inlen);
if (sm4_cbc_decrypt_update(&ctx->enc_ctx, ctx->mac, inlen, out, outlen) != 1) {
error_print();
return -1;
}
len = SM3_HMAC_SIZE - inlen;
memcpy(tmp, ctx->mac + inlen, len);
memcpy(tmp + len, in, inlen);
memcpy(ctx->mac, tmp, SM3_HMAC_SIZE);
} else {
sm3_hmac_update(&ctx->mac_ctx, ctx->mac, SM3_HMAC_SIZE);
if (sm4_cbc_decrypt_update(&ctx->enc_ctx, ctx->mac, SM3_HMAC_SIZE, out, outlen) != 1) {
error_print();
return -1;
}
out += *outlen;
inlen -= SM3_HMAC_SIZE;
sm3_hmac_update(&ctx->mac_ctx, in, inlen);
if (sm4_cbc_decrypt_update(&ctx->enc_ctx, in, inlen, out, &len) != 1) {
error_print();
return -1;
}
*outlen += len;
memcpy(ctx->mac, in + inlen, SM3_HMAC_SIZE);
}
return 1;
}
int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen)
{
uint8_t mac[SM3_HMAC_SIZE];
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen != SM3_HMAC_SIZE) {
error_print();
return -1;
}
sm3_hmac_finish(&ctx->mac_ctx, mac);
if (sm4_cbc_decrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
error_print();
return -1;
}
if (gmssl_secure_memcmp(mac, ctx->mac, SM3_HMAC_SIZE) != 0) {
error_print();
return -1;
}
memset(ctx->mac, 0, SM3_HMAC_SIZE);
ctx->maclen = 0;
return 1;
}

179
src/sm4_ctr_sm3_hmac.c
View File

@@ -1,179 +0,0 @@
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4_ctr_sm3_hmac.h>
#include <gmssl/mem.h>
#include <gmssl/error.h>
int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t key[48], const uint8_t iv[16],
const uint8_t *aad, size_t aadlen)
{
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
error_print();
return -1;
}
sm3_hmac_init(&ctx->mac_ctx, key + SM4_KEY_SIZE, SM3_HMAC_SIZE);
if (aad && aadlen) {
sm3_hmac_update(&ctx->mac_ctx, aad, aadlen);
}
return 1;
}
int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
if (!ctx || (!in && inlen) || !out || !outlen) {
error_print();
return -1;
}
*outlen = 0;
if (!in || !inlen) {
return 1;
}
if (sm4_ctr_encrypt_update(&ctx->enc_ctx, in, inlen, out, outlen) != 1) {
error_print();
return -1;
}
sm3_hmac_update(&ctx->mac_ctx, out, *outlen);
return 1;
}
int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen)
{
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (sm4_ctr_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
error_print();
return -1;
}
sm3_hmac_update(&ctx->mac_ctx, out, *outlen);
sm3_hmac_finish(&ctx->mac_ctx, out + *outlen);
*outlen += SM3_HMAC_SIZE;
return 1;
}
int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t key[48], const uint8_t iv[16],
const uint8_t *aad, size_t aadlen)
{
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
error_print();
return -1;
}
sm3_hmac_init(&ctx->mac_ctx, key + SM4_KEY_SIZE, SM3_HMAC_SIZE);
if (aad && aadlen) {
sm3_hmac_update(&ctx->mac_ctx, aad, aadlen);
}
return 1;
}
int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
size_t len;
if (!ctx || (!in && inlen) || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen > SM3_HMAC_SIZE) {
error_print();
return -1;
}
*outlen = 0;
if (!in || !inlen) {
return 1;
}
if (ctx->maclen < SM3_HMAC_SIZE) {
len = SM3_HMAC_SIZE - ctx->maclen;
if (inlen <= len) {
memcpy(ctx->mac + ctx->maclen, in, inlen);
ctx->maclen += inlen;
return 1;
} else {
memcpy(ctx->mac + ctx->maclen, in, len);
ctx->maclen += len;
in += len;
inlen -= len;
}
}
if (inlen <= SM3_HMAC_SIZE) {
uint8_t tmp[SM3_HMAC_SIZE];
sm3_hmac_update(&ctx->mac_ctx, ctx->mac, inlen);
if (sm4_ctr_encrypt_update(&ctx->enc_ctx, ctx->mac, inlen, out, outlen) != 1) {
error_print();
return -1;
}
len = SM3_HMAC_SIZE - inlen;
memcpy(tmp, ctx->mac + inlen, len);
memcpy(tmp + len, in, inlen);
memcpy(ctx->mac, tmp, SM3_HMAC_SIZE);
} else {
sm3_hmac_update(&ctx->mac_ctx, ctx->mac, SM3_HMAC_SIZE);
if (sm4_ctr_encrypt_update(&ctx->enc_ctx, ctx->mac, SM3_HMAC_SIZE, out, outlen) != 1) {
error_print();
return -1;
}
out += *outlen;
inlen -= SM3_HMAC_SIZE;
sm3_hmac_update(&ctx->mac_ctx, in, inlen);
if (sm4_ctr_encrypt_update(&ctx->enc_ctx, in, inlen, out, &len) != 1) {
error_print();
return -1;
}
*outlen += len;
memcpy(ctx->mac, in + inlen, SM3_HMAC_SIZE);
}
return 1;
}
int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen)
{
uint8_t mac[SM3_HMAC_SIZE];
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen != SM3_HMAC_SIZE) {
error_print();
return -1;
}
sm3_hmac_finish(&ctx->mac_ctx, mac);
if (sm4_ctr_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
error_print();
return -1;
}
if (gmssl_secure_memcmp(mac, ctx->mac, SM3_HMAC_SIZE) != 0) {
error_print();
return -1;
}
memset(ctx->mac, 0, SM3_HMAC_SIZE);
ctx->maclen = 0;
return 1;
}

402
tests/sm4_sm3_hmactest.c
View File

@@ -1,402 +0,0 @@
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#include <gmssl/sm4_cbc_sm3_hmac.h>
#include <gmssl/sm4_ctr_sm3_hmac.h>
#include <gmssl/hex.h>
#include <gmssl/rand.h>
#include <gmssl/error.h>
static int test_sm4_cbc_sm3_hmac(void)
{
SM4_CBC_SM3_HMAC_CTX aead_ctx;
uint8_t key[16 + 32];
uint8_t iv[16];
uint8_t aad[29];
uint8_t plain[71];
size_t plainlen = sizeof(plain);
uint8_t cipher[256];
size_t cipherlen = 0;
uint8_t buf[256];
size_t buflen = 0;
size_t lens[] = { 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37 };
uint8_t *in = plain;
uint8_t *out = cipher;
size_t inlen, outlen;
size_t i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
rand_bytes(aad, sizeof(aad));
rand_bytes(plain, plainlen);
if (sm4_cbc_sm3_hmac_encrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
error_print();
return -1;
}
for (i = 0; plainlen; i++) {
assert(i < sizeof(lens)/sizeof(lens[0]));
inlen = plainlen < lens[i] ? plainlen : lens[i];
if (sm4_cbc_sm3_hmac_encrypt_update(&aead_ctx, in, inlen, out, &outlen) != 1) {
error_print();
return -1;
}
in += inlen;
plainlen -= inlen;
out += outlen;
cipherlen += outlen;
}
if (sm4_cbc_sm3_hmac_encrypt_finish(&aead_ctx, out, &outlen) != 1) {
error_print();
return -1;
}
out += outlen;
cipherlen += outlen;
format_bytes(stdout, 0, 4, "plaintext ", plain, sizeof(plain));
format_bytes(stdout, 0, 4, "ciphertext", cipher, cipherlen);
{
SM4_KEY sm4_key;
SM3_HMAC_CTX sm3_hmac_ctx;
uint8_t tmp[256];
size_t tmplen;
sm4_set_encrypt_key(&sm4_key, key);
if (sm4_cbc_padding_encrypt(&sm4_key, iv, plain, sizeof(plain), tmp, &tmplen) != 1) {
error_print();
return -1;
}
sm3_hmac_init(&sm3_hmac_ctx, key + 16, 32);
sm3_hmac_update(&sm3_hmac_ctx, aad, sizeof(aad));
sm3_hmac_update(&sm3_hmac_ctx, tmp, tmplen);
sm3_hmac_finish(&sm3_hmac_ctx, tmp + tmplen);
tmplen += 32;
format_bytes(stdout, 0, 4, "ciphertext", tmp, tmplen);
if (cipherlen != tmplen
|| memcmp(cipher, tmp, tmplen) != 0) {
error_print();
return -1;
}
}
in = cipher;
out = buf;
if (sm4_cbc_sm3_hmac_decrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
error_print();
return -1;
}
for (i = sizeof(lens)/sizeof(lens[0]) - 1; cipherlen; i--) {
inlen = cipherlen < lens[i] ? cipherlen : lens[i];
if (sm4_cbc_sm3_hmac_decrypt_update(&aead_ctx, in, inlen, out, &outlen) != 1) {
error_print();
return -1;
}
in += inlen;
cipherlen -= inlen;
out += outlen;
buflen += outlen;
}
if (sm4_cbc_sm3_hmac_decrypt_finish(&aead_ctx, out, &outlen) != 1) {
error_print();
return -1;
}
out += outlen;
buflen += outlen;
format_bytes(stdout, 0, 4, "plaintext ", buf, buflen);
if (buflen != sizeof(plain)) {
error_print();
return -1;
}
if (memcmp(buf, plain, sizeof(plain)) != 0) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_sm4_ctr_sm3_hmac(void)
{
SM4_CTR_SM3_HMAC_CTX aead_ctx;
uint8_t key[16 + 32];
uint8_t iv[16];
uint8_t aad[29];
uint8_t plain[71];
size_t plainlen = sizeof(plain);
uint8_t cipher[256];
size_t cipherlen = 0;
uint8_t buf[256];
size_t buflen = 0;
size_t lens[] = { 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37 };
uint8_t *in = plain;
uint8_t *out = cipher;
size_t inlen, outlen;
size_t i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
rand_bytes(aad, sizeof(aad));
rand_bytes(plain, plainlen);
if (sm4_ctr_sm3_hmac_encrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
error_print();
return -1;
}
for (i = 0; plainlen; i++) {
assert(i < sizeof(lens)/sizeof(lens[0]));
inlen = plainlen < lens[i] ? plainlen : lens[i];
if (sm4_ctr_sm3_hmac_encrypt_update(&aead_ctx, in, inlen, out, &outlen) != 1) {
error_print();
return -1;
}
in += inlen;
plainlen -= inlen;
out += outlen;
cipherlen += outlen;
}
if (sm4_ctr_sm3_hmac_encrypt_finish(&aead_ctx, out, &outlen) != 1) {
error_print();
return -1;
}
out += outlen;
cipherlen += outlen;
format_bytes(stdout, 0, 4, "plaintext ", plain, sizeof(plain));
format_bytes(stdout, 0, 4, "ciphertext", cipher, cipherlen);
{
SM4_KEY sm4_key;
uint8_t ctr[16];
SM3_HMAC_CTX sm3_hmac_ctx;
uint8_t tmp[256];
size_t tmplen;
sm4_set_encrypt_key(&sm4_key, key);
memcpy(ctr, iv, 16);
sm4_ctr_encrypt(&sm4_key, ctr, plain, sizeof(plain), tmp);
tmplen = sizeof(plain);
sm3_hmac_init(&sm3_hmac_ctx, key + 16, 32);
sm3_hmac_update(&sm3_hmac_ctx, aad, sizeof(aad));
sm3_hmac_update(&sm3_hmac_ctx, tmp, tmplen);
sm3_hmac_finish(&sm3_hmac_ctx, tmp + tmplen);
tmplen += 32;
format_bytes(stdout, 0, 4, "ciphertext", tmp, tmplen);
if (cipherlen != tmplen
|| memcmp(cipher, tmp, tmplen) != 0) {
error_print();
return -1;
}
}
in = cipher;
out = buf;
if (sm4_ctr_sm3_hmac_decrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
error_print();
return -1;
}
for (i = sizeof(lens)/sizeof(lens[0]) - 1; cipherlen; i--) {
inlen = cipherlen < lens[i] ? cipherlen : lens[i];
if (sm4_ctr_sm3_hmac_decrypt_update(&aead_ctx, in, inlen, out, &outlen) != 1) {
error_print();
return -1;
}
in += inlen;
cipherlen -= inlen;
out += outlen;
buflen += outlen;
}
if (sm4_ctr_sm3_hmac_decrypt_finish(&aead_ctx, out, &outlen) != 1) {
error_print();
return -1;
}
out += outlen;
buflen += outlen;
format_bytes(stdout, 0, 4, "plaintext ", buf, buflen);
if (buflen != sizeof(plain)) {
error_print();
return -1;
}
if (memcmp(buf, plain, sizeof(plain)) != 0) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_sm4_cbc_sm3_hmac_args(void)
{
SM4_CBC_SM3_HMAC_CTX ctx;
uint8_t key[SM4_CBC_SM3_HMAC_KEY_SIZE] = {0};
uint8_t iv[SM4_CBC_SM3_HMAC_IV_SIZE] = {0};
uint8_t aad[16] = {0};
uint8_t in[64] = {0};
uint8_t out[128];
size_t outlen;
if (sm4_cbc_sm3_hmac_encrypt_init(NULL, key, iv, NULL, 0) != -1
|| sm4_cbc_sm3_hmac_encrypt_init(&ctx, NULL, iv, NULL, 0) != -1
|| sm4_cbc_sm3_hmac_encrypt_init(&ctx, key, NULL, NULL, 0) != -1
|| sm4_cbc_sm3_hmac_encrypt_init(&ctx, key, iv, NULL, sizeof(aad)) != -1
|| sm4_cbc_sm3_hmac_decrypt_init(NULL, key, iv, NULL, 0) != -1
|| sm4_cbc_sm3_hmac_decrypt_init(&ctx, NULL, iv, NULL, 0) != -1
|| sm4_cbc_sm3_hmac_decrypt_init(&ctx, key, NULL, NULL, 0) != -1
|| sm4_cbc_sm3_hmac_decrypt_init(&ctx, key, iv, NULL, sizeof(aad)) != -1) {
error_print();
return -1;
}
if (sm4_cbc_sm3_hmac_encrypt_init(&ctx, key, iv, NULL, 0) != 1
|| sm4_cbc_sm3_hmac_encrypt_update(NULL, in, sizeof(in), out, &outlen) != -1
|| sm4_cbc_sm3_hmac_encrypt_update(&ctx, NULL, 1, out, &outlen) != -1
|| sm4_cbc_sm3_hmac_encrypt_update(&ctx, in, sizeof(in), NULL, &outlen) != -1
|| sm4_cbc_sm3_hmac_encrypt_update(&ctx, in, sizeof(in), out, NULL) != -1
|| sm4_cbc_sm3_hmac_encrypt_update(&ctx, NULL, 0, out, &outlen) != 1
|| outlen != 0
|| sm4_cbc_sm3_hmac_encrypt_update(&ctx, NULL, 0, NULL, &outlen) != -1
|| sm4_cbc_sm3_hmac_encrypt_finish(NULL, out, &outlen) != -1
|| sm4_cbc_sm3_hmac_encrypt_finish(&ctx, NULL, &outlen) != -1
|| sm4_cbc_sm3_hmac_encrypt_finish(&ctx, out, NULL) != -1) {
error_print();
return -1;
}
if (sm4_cbc_sm3_hmac_decrypt_init(&ctx, key, iv, NULL, 0) != 1
|| sm4_cbc_sm3_hmac_decrypt_update(NULL, in, sizeof(in), out, &outlen) != -1
|| sm4_cbc_sm3_hmac_decrypt_update(&ctx, NULL, 1, out, &outlen) != -1
|| sm4_cbc_sm3_hmac_decrypt_update(&ctx, in, sizeof(in), NULL, &outlen) != -1
|| sm4_cbc_sm3_hmac_decrypt_update(&ctx, in, sizeof(in), out, NULL) != -1
|| sm4_cbc_sm3_hmac_decrypt_update(&ctx, NULL, 0, out, &outlen) != 1
|| outlen != 0
|| sm4_cbc_sm3_hmac_decrypt_update(&ctx, NULL, 0, NULL, &outlen) != -1
|| sm4_cbc_sm3_hmac_decrypt_finish(NULL, out, &outlen) != -1
|| sm4_cbc_sm3_hmac_decrypt_finish(&ctx, NULL, &outlen) != -1
|| sm4_cbc_sm3_hmac_decrypt_finish(&ctx, out, NULL) != -1) {
error_print();
return -1;
}
outlen = 123;
if (sm4_cbc_sm3_hmac_decrypt_init(&ctx, key, iv, NULL, 0) != 1
|| sm4_cbc_sm3_hmac_decrypt_update(&ctx, in, 1, out, &outlen) != 1
|| outlen != 0) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_sm4_ctr_sm3_hmac_args(void)
{
SM4_CTR_SM3_HMAC_CTX ctx;
uint8_t key[SM4_CTR_SM3_HMAC_KEY_SIZE] = {0};
uint8_t iv[SM4_CTR_SM3_HMAC_IV_SIZE] = {0};
uint8_t aad[16] = {0};
uint8_t in[64] = {0};
uint8_t out[128];
size_t outlen;
if (sm4_ctr_sm3_hmac_encrypt_init(NULL, key, iv, NULL, 0) != -1
|| sm4_ctr_sm3_hmac_encrypt_init(&ctx, NULL, iv, NULL, 0) != -1
|| sm4_ctr_sm3_hmac_encrypt_init(&ctx, key, NULL, NULL, 0) != -1
|| sm4_ctr_sm3_hmac_encrypt_init(&ctx, key, iv, NULL, sizeof(aad)) != -1
|| sm4_ctr_sm3_hmac_decrypt_init(NULL, key, iv, NULL, 0) != -1
|| sm4_ctr_sm3_hmac_decrypt_init(&ctx, NULL, iv, NULL, 0) != -1
|| sm4_ctr_sm3_hmac_decrypt_init(&ctx, key, NULL, NULL, 0) != -1
|| sm4_ctr_sm3_hmac_decrypt_init(&ctx, key, iv, NULL, sizeof(aad)) != -1) {
error_print();
return -1;
}
if (sm4_ctr_sm3_hmac_encrypt_init(&ctx, key, iv, NULL, 0) != 1
|| sm4_ctr_sm3_hmac_encrypt_update(NULL, in, sizeof(in), out, &outlen) != -1
|| sm4_ctr_sm3_hmac_encrypt_update(&ctx, NULL, 1, out, &outlen) != -1
|| sm4_ctr_sm3_hmac_encrypt_update(&ctx, in, sizeof(in), NULL, &outlen) != -1
|| sm4_ctr_sm3_hmac_encrypt_update(&ctx, in, sizeof(in), out, NULL) != -1
|| sm4_ctr_sm3_hmac_encrypt_update(&ctx, NULL, 0, out, &outlen) != 1
|| outlen != 0
|| sm4_ctr_sm3_hmac_encrypt_update(&ctx, NULL, 0, NULL, &outlen) != -1
|| sm4_ctr_sm3_hmac_encrypt_finish(NULL, out, &outlen) != -1
|| sm4_ctr_sm3_hmac_encrypt_finish(&ctx, NULL, &outlen) != -1
|| sm4_ctr_sm3_hmac_encrypt_finish(&ctx, out, NULL) != -1) {
error_print();
return -1;
}
if (sm4_ctr_sm3_hmac_decrypt_init(&ctx, key, iv, NULL, 0) != 1
|| sm4_ctr_sm3_hmac_decrypt_update(NULL, in, sizeof(in), out, &outlen) != -1
|| sm4_ctr_sm3_hmac_decrypt_update(&ctx, NULL, 1, out, &outlen) != -1
|| sm4_ctr_sm3_hmac_decrypt_update(&ctx, in, sizeof(in), NULL, &outlen) != -1
|| sm4_ctr_sm3_hmac_decrypt_update(&ctx, in, sizeof(in), out, NULL) != -1
|| sm4_ctr_sm3_hmac_decrypt_update(&ctx, NULL, 0, out, &outlen) != 1
|| outlen != 0
|| sm4_ctr_sm3_hmac_decrypt_update(&ctx, NULL, 0, NULL, &outlen) != -1
|| sm4_ctr_sm3_hmac_decrypt_finish(NULL, out, &outlen) != -1
|| sm4_ctr_sm3_hmac_decrypt_finish(&ctx, NULL, &outlen) != -1
|| sm4_ctr_sm3_hmac_decrypt_finish(&ctx, out, NULL) != -1) {
error_print();
return -1;
}
outlen = 123;
if (sm4_ctr_sm3_hmac_decrypt_init(&ctx, key, iv, NULL, 0) != 1
|| sm4_ctr_sm3_hmac_decrypt_update(&ctx, in, 1, out, &outlen) != 1
|| outlen != 0) {
error_print();
return -1;
}
printf("%s() ok\n", __FUNCTION__);
return 1;
}
int main(void)
{
if (test_sm4_cbc_sm3_hmac() != 1) goto err;
if (test_sm4_ctr_sm3_hmac() != 1) goto err;
if (test_sm4_cbc_sm3_hmac_args() != 1) goto err;
if (test_sm4_ctr_sm3_hmac_args() != 1) goto err;
printf("%s all tests passed\n", __FILE__);
return 0;
err:
error_print();
return 1;
}

8
tools/gmssl.c
View File

@@ -59,8 +59,6 @@ extern int sm4_xts_main(int argc, char **argv);
#ifdef ENABLE_SM4_FF1
extern int sm4_ff1_main(int argc, char **argv);
#endif
extern int sm4_cbc_sm3_hmac_main(int argc, char **argv);
extern int sm4_ctr_sm3_hmac_main(int argc, char **argv);
#ifdef ENABLE_SM4_CBC_MAC
extern int sm4_cbc_mac_main(int argc, char **argv);
#endif
@@ -155,8 +153,6 @@ static const char *options =
" sm4_gcm Encrypt or decrypt with SM4 GCM\n"
" sm4_cbc Encrypt or decrypt with SM4 CBC\n"
" sm4_ctr Encrypt or decrypt with SM4 CTR\n"
" sm4_cbc_sm3_hmac Encrypt or decrypt with SM4 CBC with SM3-HMAC\n"
" sm4_ctr_sm3_hmac Encrypt or decrypt with SM4 CTR with SM3-HMAC\n"
#ifdef ENABLE_SM4_CCM
" sm4_ccm Encrypt or decrypt with SM4 CCM\n"
#endif
@@ -366,10 +362,6 @@ int main(int argc, char **argv)
} else if (!strcmp(*argv, "sm4_ff1")) {
return sm4_ff1_main(argc, argv);
#endif
} else if (!strcmp(*argv, "sm4_cbc_sm3_hmac")) {
return sm4_cbc_sm3_hmac_main(argc, argv);
} else if (!strcmp(*argv, "sm4_ctr_sm3_hmac")) {
return sm4_ctr_sm3_hmac_main(argc, argv);
#ifdef ENABLE_GHASH
} else if (!strcmp(*argv, "ghash")) {
return ghash_main(argc, argv);

16
tools/sm4.c
View File

@@ -14,8 +14,6 @@
#include <stdlib.h>
#include <gmssl/mem.h>
#include <gmssl/sm4.h>
#include <gmssl/sm4_cbc_sm3_hmac.h>
#include <gmssl/sm4_ctr_sm3_hmac.h>
#include <gmssl/hex.h>
#include <gmssl/error.h>
@@ -255,8 +253,6 @@ int sm4_main(int argc, char **argv)
SM4_XTS_CTX xts;
#endif
SM4_GCM_CTX gcm;
SM4_CBC_SM3_HMAC_CTX cbc_sm3_hmac;
SM4_CTR_SM3_HMAC_CTX ctr_sm3_hmac;
} sm4_ctx;
@@ -585,8 +581,6 @@ bad:
case SM4_MODE_XTS: rv = sm4_xts_encrypt_init(&sm4_ctx.xts, key, iv, xts_data_unit_size); break;
#endif
case SM4_MODE_GCM: rv = sm4_gcm_encrypt_init(&sm4_ctx.gcm, key, keylen, iv, ivlen, aad, aadlen, GHASH_SIZE); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_encrypt_init(&sm4_ctx.cbc_sm3_hmac, key, iv, aad, aadlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_encrypt_init(&sm4_ctx.ctr_sm3_hmac, key, iv, aad, aadlen); break;
}
if (rv != 1) {
error_print();
@@ -609,8 +603,6 @@ bad:
case SM4_MODE_XTS: rv = sm4_xts_encrypt_update(&sm4_ctx.xts, inbuf, inlen, outbuf, &outlen); break;
#endif
case SM4_MODE_GCM: rv = sm4_gcm_encrypt_update(&sm4_ctx.gcm, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_encrypt_update(&sm4_ctx.cbc_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_encrypt_update(&sm4_ctx.ctr_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
}
if (rv != 1) {
error_print();
@@ -637,8 +629,6 @@ bad:
case SM4_MODE_XTS: rv = sm4_xts_encrypt_finish(&sm4_ctx.xts, outbuf, &outlen); break;
#endif
case SM4_MODE_GCM: rv = sm4_gcm_encrypt_finish(&sm4_ctx.gcm, outbuf, &outlen); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_encrypt_finish(&sm4_ctx.cbc_sm3_hmac, outbuf, &outlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_encrypt_finish(&sm4_ctx.ctr_sm3_hmac, outbuf, &outlen); break;
}
if (rv != 1) {
error_print();
@@ -665,8 +655,6 @@ bad:
case SM4_MODE_XTS: rv = sm4_xts_decrypt_init(&sm4_ctx.xts, key, iv, xts_data_unit_size); break;
#endif
case SM4_MODE_GCM: rv = sm4_gcm_decrypt_init(&sm4_ctx.gcm, key, keylen, iv, ivlen, aad, aadlen, GHASH_SIZE); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_init(&sm4_ctx.cbc_sm3_hmac, key, iv, aad, aadlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_decrypt_init(&sm4_ctx.ctr_sm3_hmac, key, iv, aad, aadlen); break;
}
if (rv != 1) {
error_print();
@@ -689,8 +677,6 @@ bad:
case SM4_MODE_XTS: rv = sm4_xts_decrypt_update(&sm4_ctx.xts, inbuf, inlen, outbuf, &outlen); break;
#endif
case SM4_MODE_GCM: rv = sm4_gcm_decrypt_update(&sm4_ctx.gcm, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_update(&sm4_ctx.cbc_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_decrypt_update(&sm4_ctx.ctr_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
}
if (rv != 1) {
error_print();
@@ -718,8 +704,6 @@ bad:
case SM4_MODE_XTS: rv = sm4_xts_decrypt_finish(&sm4_ctx.xts, outbuf, &outlen); break;
#endif
case SM4_MODE_GCM: rv = sm4_gcm_decrypt_finish(&sm4_ctx.gcm, outbuf, &outlen); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_finish(&sm4_ctx.cbc_sm3_hmac, outbuf, &outlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_decrypt_finish(&sm4_ctx.ctr_sm3_hmac, outbuf, &outlen); break;
}
if (rv != 1) {
error_print();

239
tools/sm4_cbc_sm3_hmac.c
View File

@@ -1,239 +0,0 @@
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4_cbc_sm3_hmac.h>
#include <gmssl/mem.h>
#include <gmssl/hex.h>
#include <gmssl/error.h>
static const char *usage = "{-encrypt|-decrypt} -key hex -iv hex [-aad str| -aad_hex hex] [-in file] [-out file]";
static const char *options =
"Options\n"
"\n"
" -encrypt Encrypt\n"
" -decrypt Decrypt\n"
" -key hex Symmetric key in HEX format, 48 bytes\n"
" -iv hex IV in HEX format, 16 bytes\n"
" -aad str Authenticated-only message\n"
" -aad_hex hex Authenticated-only data in HEX format\n"
" -in file | stdin Input data\n"
" -out file | stdout Output data\n"
"\n"
"Examples\n"
"\n"
" $ TEXT=`gmssl rand -outlen 20 -hex`\n"
" $ KEY=`gmssl rand -outlen 48 -hex`\n"
" $ IV=`gmssl rand -outlen 16 -hex`\n"
" $ echo -n $TEXT | gmssl sm4_cbc_sm3_hmac -encrypt -key $KEY -iv $IV -out sm4_cbc_sm3_hmac_ciphertext.bin\n"
" $ gmssl sm4_cbc_sm3_hmac -decrypt -key $KEY -iv $IV -in sm4_cbc_sm3_hmac_ciphertext.bin\n"
"\n";
int sm4_cbc_sm3_hmac_main(int argc, char **argv)
{
int ret = 1;
char *prog = argv[0];
int enc = -1;
char *keyhex = NULL;
char *ivhex = NULL;
uint8_t *aad = NULL;
uint8_t *aad_buf = NULL;
size_t aadlen = 0;
char *infile = NULL;
char *outfile = NULL;
uint8_t key[48];
size_t keylen;
uint8_t iv[16];
size_t ivlen;
FILE *infp = stdin;
FILE *outfp = stdout;
SM4_CBC_SM3_HMAC_CTX ctx;
uint8_t buf[4096];
size_t inlen;
size_t outlen;
argc--;
argv++;
if (argc < 1) {
fprintf(stderr, "usage: gmssl %s %s\n", prog, usage);
return 1;
}
while (argc > 0) {
if (!strcmp(*argv, "-help")) {
printf("usage: gmssl %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0;
goto end;
} else if (!strcmp(*argv, "-encrypt")) {
if (enc == 0) {
fprintf(stderr, "gmssl %s: `-encrypt` `-decrypt` should not be used together\n", prog);
goto end;
}
enc = 1;
} else if (!strcmp(*argv, "-decrypt")) {
if (enc == 1) {
fprintf(stderr, "gmssl %s: `-encrypt` `-decrypt` should not be used together\n", prog);
goto end;
}
enc = 0;
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyhex = *(++argv);
if (strlen(keyhex) != sizeof(key) * 2) {
fprintf(stderr, "gmssl %s: invalid key length, should be %d bytes\n", prog, SM4_CBC_SM3_HMAC_KEY_SIZE);
goto end;
}
if (hex_to_bytes(keyhex, strlen(keyhex), key, &keylen) != 1) {
fprintf(stderr, "gmssl %s: invalid key hex digits, should be %d bytes\n", prog, SM4_CBC_SM3_HMAC_KEY_SIZE);
goto end;
}
} else if (!strcmp(*argv, "-iv")) {
if (--argc < 1) goto bad;
ivhex = *(++argv);
if (strlen(ivhex) != sizeof(iv) * 2) {
fprintf(stderr, "gmssl %s: invalid IV length\n", prog);
goto end;
}
if (hex_to_bytes(ivhex, strlen(ivhex), iv, &ivlen) != 1) {
fprintf(stderr, "gmssl %s: invalid IV hex digits\n", prog);
goto end;
}
} else if (!strcmp(*argv, "-aad")) {
if (--argc < 1) goto bad;
if (aad) {
fprintf(stderr, "gmssl %s: `-aad` or `aad_hex` has been specified\n", prog);
goto bad;
}
aad = (uint8_t *)(*(++argv));
aadlen = strlen((char *)aad);
} else if (!strcmp(*argv, "-aad_hex")) {
if (--argc < 1) goto bad;
if (aad) {
fprintf(stderr, "gmssl %s: `-aad` or `aad_hex` has been specified\n", prog);
goto bad;
}
aad = (uint8_t *)(*(++argv));
if (!(aad_buf = malloc(strlen((char *)aad)/2 + 1))) {
fprintf(stderr, "gmssl %s: malloc failure\n", prog);
goto end;
}
if (hex_to_bytes((char *)aad, strlen((char *)aad), aad_buf, &aadlen) != 1) {
fprintf(stderr, "gmssl %s: `-aad_hex` invalid HEX format argument\n", prog);
goto end;
}
aad = aad_buf;
} else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad;
infile = *(++argv);
if (!(infp = fopen(infile, "rb"))) {
fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, infile, strerror(errno));
goto end;
}
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad;
outfile = *(++argv);
if (!(outfp = fopen(outfile, "wb"))) {
fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
goto end;
}
} else {
fprintf(stderr, "gmssl %s: illegal option `%s`\n", prog, *argv);
goto end;
bad:
fprintf(stderr, "gmssl %s: `%s` option value missing\n", prog, *argv);
goto end;
}
argc--;
argv++;
}
if (enc < 0) {
fprintf(stderr, "gmssl %s: option -encrypt or -decrypt should be set\n", prog);
goto end;
}
if (!keyhex) {
fprintf(stderr, "gmssl %s: option `-key` missing\n", prog);
goto end;
}
if (!ivhex) {
fprintf(stderr, "gmssl %s: option `-iv` missing\n", prog);
goto end;
}
if (enc) {
if (sm4_cbc_sm3_hmac_encrypt_init(&ctx, key, iv, aad, aadlen) != 1) {
error_print();
goto end;
}
} else {
if (sm4_cbc_sm3_hmac_decrypt_init(&ctx, key, iv, aad, aadlen) != 1) {
error_print();
goto end;
}
}
while ((inlen = fread(buf, 1, sizeof(buf), infp)) > 0) {
if (enc) {
if (sm4_cbc_sm3_hmac_encrypt_update(&ctx, buf, inlen, buf, &outlen) != 1) {
error_print();
goto end;
}
} else {
if (sm4_cbc_sm3_hmac_decrypt_update(&ctx, buf, inlen, buf, &outlen) != 1) {
error_print();
goto end;
}
}
if (fwrite(buf, 1, outlen, outfp) != outlen) {
fprintf(stderr, "gmssl %s: output failure : %s\n", prog, strerror(errno));
goto end;
}
}
if (ferror(infp)) {
fprintf(stderr, "%s: read failure\n", prog);
goto end;
}
if (enc) {
if (sm4_cbc_sm3_hmac_encrypt_finish(&ctx, buf, &outlen) != 1) {
error_print();
goto end;
}
} else {
if (sm4_cbc_sm3_hmac_decrypt_finish(&ctx, buf, &outlen) != 1) {
error_print();
goto end;
}
}
if (fwrite(buf, 1, outlen, outfp) != outlen) {
fprintf(stderr, "gmssl %s: output failure : %s\n", prog, strerror(errno));
goto end;
}
ret = 0;
end:
gmssl_secure_clear(key, sizeof(key));
gmssl_secure_clear(iv, sizeof(iv));
gmssl_secure_clear(&ctx, sizeof(ctx));
gmssl_secure_clear(buf, sizeof(buf));
if (infile && infp) fclose(infp);
if (outfile && outfp) fclose(outfp);
return ret;
}

239
tools/sm4_ctr_sm3_hmac.c
View File

@@ -1,239 +0,0 @@
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4_ctr_sm3_hmac.h>
#include <gmssl/mem.h>
#include <gmssl/hex.h>
#include <gmssl/error.h>
static const char *usage = "{-encrypt|-decrypt} -key hex -iv hex [-aad str| -aad_hex hex] [-in file] [-out file]";
static const char *options =
"Options\n"
"\n"
" -encrypt Encrypt\n"
" -decrypt Decrypt\n"
" -key hex Symmetric key in HEX format, 48 bytes\n"
" -iv hex IV in HEX format, 16 bytes\n"
" -aad str Authenticated-only message\n"
" -aad_hex hex Authenticated-only data in HEX format\n"
" -in file | stdin Input data\n"
" -out file | stdout Output data\n"
"\n"
"Examples\n"
"\n"
" $ TEXT=`gmssl rand -outlen 20 -hex`\n"
" $ KEY=`gmssl rand -outlen 48 -hex`\n"
" $ IV=`gmssl rand -outlen 16 -hex`\n"
" $ echo -n $TEXT | gmssl sm4_ctr_sm3_hmac -encrypt -key $KEY -iv $IV -out sm4_ctr_sm3_hmac_ciphertext.bin\n"
" $ gmssl sm4_ctr_sm3_hmac -decrypt -key $KEY -iv $IV -in sm4_ctr_sm3_hmac_ciphertext.bin\n"
"\n";
int sm4_ctr_sm3_hmac_main(int argc, char **argv)
{
int ret = 1;
char *prog = argv[0];
int enc = -1;
char *keyhex = NULL;
char *ivhex = NULL;
uint8_t *aad = NULL;
uint8_t *aad_buf = NULL;
size_t aadlen = 0;
char *infile = NULL;
char *outfile = NULL;
uint8_t key[48];
size_t keylen;
uint8_t iv[16];
size_t ivlen;
FILE *infp = stdin;
FILE *outfp = stdout;
SM4_CTR_SM3_HMAC_CTX ctx;
uint8_t buf[4096];
size_t inlen;
size_t outlen;
argc--;
argv++;
if (argc < 1) {
fprintf(stderr, "usage: gmssl %s %s\n", prog, usage);
return 1;
}
while (argc > 0) {
if (!strcmp(*argv, "-help")) {
printf("usage: gmssl %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0;
goto end;
} else if (!strcmp(*argv, "-encrypt")) {
if (enc == 0) {
fprintf(stderr, "gmssl %s: `-encrypt` `-decrypt` should not be used together\n", prog);
goto end;
}
enc = 1;
} else if (!strcmp(*argv, "-decrypt")) {
if (enc == 1) {
fprintf(stderr, "gmssl %s: `-encrypt` `-decrypt` should not be used together\n", prog);
goto end;
}
enc = 0;
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyhex = *(++argv);
if (strlen(keyhex) != sizeof(key) * 2) {
fprintf(stderr, "gmssl %s: invalid key length, should be %d bytes\n", prog, SM4_CTR_SM3_HMAC_KEY_SIZE);
goto end;
}
if (hex_to_bytes(keyhex, strlen(keyhex), key, &keylen) != 1) {
fprintf(stderr, "gmssl %s: invalid key hex digits, should be %d bytes\n", prog, SM4_CTR_SM3_HMAC_KEY_SIZE);
goto end;
}
} else if (!strcmp(*argv, "-iv")) {
if (--argc < 1) goto bad;
ivhex = *(++argv);
if (strlen(ivhex) != sizeof(iv) * 2) {
fprintf(stderr, "gmssl %s: invalid IV length\n", prog);
goto end;
}
if (hex_to_bytes(ivhex, strlen(ivhex), iv, &ivlen) != 1) {
fprintf(stderr, "gmssl %s: invalid IV hex digits\n", prog);
goto end;
}
} else if (!strcmp(*argv, "-aad")) {
if (--argc < 1) goto bad;
if (aad) {
fprintf(stderr, "gmssl %s: `-aad` or `aad_hex` has been specified\n", prog);
goto bad;
}
aad = (uint8_t *)(*(++argv));
aadlen = strlen((char *)aad);
} else if (!strcmp(*argv, "-aad_hex")) {
if (--argc < 1) goto bad;
if (aad) {
fprintf(stderr, "gmssl %s: `-aad` or `aad_hex` has been specified\n", prog);
goto bad;
}
aad = (uint8_t *)(*(++argv));
if (!(aad_buf = malloc(strlen((char *)aad)/2 + 1))) {
fprintf(stderr, "gmssl %s: malloc failure\n", prog);
goto end;
}
if (hex_to_bytes((char *)aad, strlen((char *)aad), aad_buf, &aadlen) != 1) {
fprintf(stderr, "gmssl %s: `-aad_hex` invalid HEX format argument\n", prog);
goto end;
}
aad = aad_buf;
} else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad;
infile = *(++argv);
if (!(infp = fopen(infile, "rb"))) {
fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, infile, strerror(errno));
goto end;
}
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad;
outfile = *(++argv);
if (!(outfp = fopen(outfile, "wb"))) {
fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
goto end;
}
} else {
fprintf(stderr, "gmssl %s: illegal option `%s`\n", prog, *argv);
goto end;
bad:
fprintf(stderr, "gmssl %s: `%s` option value missing\n", prog, *argv);
goto end;
}
argc--;
argv++;
}
if (enc < 0) {
fprintf(stderr, "gmssl %s: option -encrypt or -decrypt should be set\n", prog);
goto end;
}
if (!keyhex) {
fprintf(stderr, "gmssl %s: option `-key` missing\n", prog);
goto end;
}
if (!ivhex) {
fprintf(stderr, "gmssl %s: option `-iv` missing\n", prog);
goto end;
}
if (enc) {
if (sm4_ctr_sm3_hmac_encrypt_init(&ctx, key, iv, aad, aadlen) != 1) {
error_print();
goto end;
}
} else {
if (sm4_ctr_sm3_hmac_decrypt_init(&ctx, key, iv, aad, aadlen) != 1) {
error_print();
goto end;
}
}
while ((inlen = fread(buf, 1, sizeof(buf), infp)) > 0) {
if (enc) {
if (sm4_ctr_sm3_hmac_encrypt_update(&ctx, buf, inlen, buf, &outlen) != 1) {
error_print();
goto end;
}
} else {
if (sm4_ctr_sm3_hmac_decrypt_update(&ctx, buf, inlen, buf, &outlen) != 1) {
error_print();
goto end;
}
}
if (fwrite(buf, 1, outlen, outfp) != outlen) {
fprintf(stderr, "gmssl %s: output failure : %s\n", prog, strerror(errno));
goto end;
}
}
if (ferror(infp)) {
fprintf(stderr, "%s: read failure\n", prog);
goto end;
}
if (enc) {
if (sm4_ctr_sm3_hmac_encrypt_finish(&ctx, buf, &outlen) != 1) {
error_print();
goto end;
}
} else {
if (sm4_ctr_sm3_hmac_decrypt_finish(&ctx, buf, &outlen) != 1) {
error_print();
goto end;
}
}
if (fwrite(buf, 1, outlen, outfp) != outlen) {
fprintf(stderr, "gmssl %s: output failure : %s\n", prog, strerror(errno));
goto end;
}
ret = 0;
end:
gmssl_secure_clear(key, sizeof(key));
gmssl_secure_clear(iv, sizeof(iv));
gmssl_secure_clear(&ctx, sizeof(ctx));
gmssl_secure_clear(buf, sizeof(buf));
if (infile && infp) fclose(infp);
if (outfile && outfp) fclose(outfp);
return ret;
}