From 5e9724cd933193d3c0ada817ee7bf98491efb3cd Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Wed, 10 Jun 2026 22:30:51 +0800
Subject: [PATCH] Update BLOCK_CIPHER

---
 include/gmssl/block_cipher.h |  11 ++-
 include/gmssl/oid.h          |   3 +
 src/block_cipher.c           | 149 ++++++++++++++++++++++++++++++-----
 3 files changed, 139 insertions(+), 24 deletions(-)

diff --git a/include/gmssl/block_cipher.h b/include/gmssl/block_cipher.h
index afd2a8c3..f21a0479 100644
--- a/include/gmssl/block_cipher.h
+++ b/include/gmssl/block_cipher.h
@@ -43,15 +43,16 @@ struct BLOCK_CIPHER_KEY {
 	const BLOCK_CIPHER *cipher;
 };
 
-typedef void (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
-typedef void (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
-typedef void (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
-typedef void (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+typedef int (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
+typedef int (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
+typedef int (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+typedef int (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
 
 struct BLOCK_CIPHER {
 	int oid;
 	size_t key_size;
 	size_t block_size;
+	size_t ctx_size;
 	block_cipher_set_encrypt_key_func set_encrypt_key;
 	block_cipher_set_decrypt_key_func set_decrypt_key;
 	block_cipher_encrypt_func encrypt;
@@ -61,6 +62,8 @@ struct BLOCK_CIPHER {
 const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void);
 #ifdef ENABLE_AES
 const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void);
+const BLOCK_CIPHER *BLOCK_CIPHER_aes192(void);
+const BLOCK_CIPHER *BLOCK_CIPHER_aes256(void);
 #endif
 
 const BLOCK_CIPHER *block_cipher_from_name(const char *name);
diff --git a/include/gmssl/oid.h b/include/gmssl/oid.h
index da971433..70fde5e8 100644
--- a/include/gmssl/oid.h
+++ b/include/gmssl/oid.h
@@ -184,6 +184,9 @@ enum {
 	OID_xmssmt_hashsig,
 	OID_sphincs_hashsig, // OID not defined in RFC, so no oid[]
 	OID_kyber_kem,
+
+	OID_aes192, // No OID
+	OID_aes256, // No OID
 };
 
 // {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
diff --git a/src/block_cipher.c b/src/block_cipher.c
index e77a44d3..be2436dc 100644
--- a/src/block_cipher.c
+++ b/src/block_cipher.c
@@ -28,6 +28,10 @@ const BLOCK_CIPHER *block_cipher_from_name(const char *name)
 #ifdef ENABLE_AES
 	} else if (!strcmp(name, "aes128")) {
 		return BLOCK_CIPHER_aes128();
+	} else if (!strcmp(name, "aes192")) {
+		return BLOCK_CIPHER_aes192();
+	} else if (!strcmp(name, "aes256")) {
+		return BLOCK_CIPHER_aes256();
 #endif
 	}
 	error_print();
@@ -44,6 +48,8 @@ const char *block_cipher_name(const BLOCK_CIPHER *cipher)
 	case OID_sm4: return "sm4";
 #ifdef ENABLE_AES
 	case OID_aes128: return "aes128";
+	case OID_aes192: return "aes192";
+	case OID_aes256: return "aes256";
 #endif
 	}
 	error_print();
@@ -52,45 +58,89 @@ const char *block_cipher_name(const BLOCK_CIPHER *cipher)
 
 int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key)
 {
-	if (!key || !cipher || !cipher->set_encrypt_key || !raw_key) {
+	if (!key || !cipher || !cipher->set_encrypt_key || !cipher->encrypt || !cipher->decrypt || !raw_key) {
+		error_print();
+		return -1;
+	}
+	if (cipher->key_size < BLOCK_CIPHER_MIN_KEY_SIZE
+		|| cipher->key_size > BLOCK_CIPHER_MAX_KEY_SIZE
+		|| cipher->block_size != BLOCK_CIPHER_BLOCK_SIZE
+		|| cipher->ctx_size > sizeof(key->u)) {
 		error_print();
 		return -1;
 	}
 	memset(key, 0, sizeof(BLOCK_CIPHER_KEY));
-	cipher->set_encrypt_key(key, raw_key);
+	if (cipher->set_encrypt_key(key, raw_key) != 1) {
+		error_print();
+		memset(key, 0, sizeof(BLOCK_CIPHER_KEY));
+		return -1;
+	}
 	key->cipher = cipher;
 	return 1;
 }
 
 int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key)
 {
-	if (!key || !cipher || !cipher->set_decrypt_key || !raw_key) {
+	if (!key || !cipher || !cipher->set_decrypt_key || !cipher->encrypt || !cipher->decrypt || !raw_key) {
+		error_print();
+		return -1;
+	}
+	if (cipher->key_size < BLOCK_CIPHER_MIN_KEY_SIZE
+		|| cipher->key_size > BLOCK_CIPHER_MAX_KEY_SIZE
+		|| cipher->block_size != BLOCK_CIPHER_BLOCK_SIZE
+		|| cipher->ctx_size > sizeof(key->u)) {
 		error_print();
 		return -1;
 	}
 	memset(key, 0, sizeof(BLOCK_CIPHER_KEY));
-	cipher->set_decrypt_key(key, raw_key);
+	if (cipher->set_decrypt_key(key, raw_key) != 1) {
+		error_print();
+		memset(key, 0, sizeof(BLOCK_CIPHER_KEY));
+		return -1;
+	}
 	key->cipher = cipher;
 	return 1;
 }
 
 int block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out)
 {
-	if (!key || !key->cipher || !key->cipher->encrypt|| !in || !out) {
+	if (!key || !key->cipher || !key->cipher->encrypt || !in || !out) {
+		error_print();
+		return -1;
+	}
+	if (key->cipher->encrypt(key, in, out) != 1) {
 		error_print();
 		return -1;
 	}
-	key->cipher->encrypt(key, in, out);
 	return 1;
 }
 
 int block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out)
 {
-	if (!key || !key->cipher || !key->cipher->decrypt|| !in || !out) {
+	if (!key || !key->cipher || !key->cipher->decrypt || !in || !out) {
 		error_print();
 		return -1;
 	}
-	key->cipher->decrypt(key, in, out);
+	if (key->cipher->decrypt(key, in, out) != 1) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+
+static int sm4_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key) {
+	sm4_set_encrypt_key(&key->u.sm4_key, raw_key);
+	return 1;
+}
+
+static int sm4_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key) {
+	sm4_set_decrypt_key(&key->u.sm4_key, raw_key);
+	return 1;
+}
+
+static int sm4_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out) {
+	sm4_encrypt(&key->u.sm4_key, in, out);
 	return 1;
 }
 
@@ -98,36 +148,95 @@ static const BLOCK_CIPHER sm4_block_cipher_object = {
 	OID_sm4,
 	SM4_KEY_SIZE,
 	SM4_BLOCK_SIZE,
-	(block_cipher_set_encrypt_key_func)sm4_set_encrypt_key,
-	(block_cipher_set_decrypt_key_func)sm4_set_decrypt_key,
-	(block_cipher_encrypt_func)sm4_encrypt,
-	(block_cipher_decrypt_func)sm4_encrypt,
+	sizeof(SM4_KEY),
+	sm4_cipher_set_encrypt_key,
+	sm4_cipher_set_decrypt_key,
+	sm4_cipher_encrypt,
+	sm4_cipher_encrypt,
 };
 
 const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void) {
 	return &sm4_block_cipher_object;
 }
 
+
 #ifdef ENABLE_AES
-static int aes128_set_encrypt_key(AES_KEY *aes_key, const uint8_t key[16]) {
-	return aes_set_encrypt_key(aes_key, key, 16);
+static int aes128_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key) {
+	return aes_set_encrypt_key(&key->u.aes_key, raw_key, AES128_KEY_SIZE);
 }
 
-static int aes128_set_decrypt_key(AES_KEY *aes_key, const uint8_t key[16]) {
-	return aes_set_decrypt_key(aes_key, key, 16);
+static int aes128_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key) {
+	return aes_set_decrypt_key(&key->u.aes_key, raw_key, AES128_KEY_SIZE);
+}
+
+static int aes192_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key) {
+	return aes_set_encrypt_key(&key->u.aes_key, raw_key, AES192_KEY_SIZE);
+}
+
+static int aes192_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key) {
+	return aes_set_decrypt_key(&key->u.aes_key, raw_key, AES192_KEY_SIZE);
+}
+
+static int aes256_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key) {
+	return aes_set_encrypt_key(&key->u.aes_key, raw_key, AES256_KEY_SIZE);
+}
+
+static int aes256_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key) {
+	return aes_set_decrypt_key(&key->u.aes_key, raw_key, AES256_KEY_SIZE);
+}
+
+static int aes_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out) {
+	aes_encrypt(&key->u.aes_key, in, out);
+	return 1;
+}
+
+static int aes_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out) {
+	aes_decrypt(&key->u.aes_key, in, out);
+	return 1;
 }
 
 static const BLOCK_CIPHER aes128_block_cipher_object = {
 	OID_aes128,
 	AES128_KEY_SIZE,
 	AES_BLOCK_SIZE,
-	(block_cipher_set_encrypt_key_func)aes128_set_encrypt_key,
-	(block_cipher_set_decrypt_key_func)aes128_set_decrypt_key,
-	(block_cipher_encrypt_func)aes_encrypt,
-	(block_cipher_decrypt_func)aes_decrypt,
+	sizeof(AES_KEY),
+	aes128_cipher_set_encrypt_key,
+	aes128_cipher_set_decrypt_key,
+	aes_cipher_encrypt,
+	aes_cipher_decrypt,
 };
 
 const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void) {
 	return &aes128_block_cipher_object;
 }
+
+static const BLOCK_CIPHER aes192_block_cipher_object = {
+	OID_aes192,
+	AES192_KEY_SIZE,
+	AES_BLOCK_SIZE,
+	sizeof(AES_KEY),
+	aes192_cipher_set_encrypt_key,
+	aes192_cipher_set_decrypt_key,
+	aes_cipher_encrypt,
+	aes_cipher_decrypt,
+};
+
+const BLOCK_CIPHER *BLOCK_CIPHER_aes192(void) {
+	return &aes192_block_cipher_object;
+}
+
+static const BLOCK_CIPHER aes256_block_cipher_object = {
+	OID_aes256,
+	AES256_KEY_SIZE,
+	AES_BLOCK_SIZE,
+	sizeof(AES_KEY),
+	aes256_cipher_set_encrypt_key,
+	aes256_cipher_set_decrypt_key,
+	aes_cipher_encrypt,
+	aes_cipher_decrypt,
+};
+
+const BLOCK_CIPHER *BLOCK_CIPHER_aes256(void) {
+	return &aes256_block_cipher_object;
+}
 #endif // ENABLE_AES