From 79a4760e1e05372af12b3c55c9f853c67003aa5a Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 2 Jun 2024 22:42:51 +0800 Subject: [PATCH] Remove GMT/0105 RNG --- CMakeLists.txt | 8 -- include/gmssl/sm3_rng.h | 42 ------- include/gmssl/sm4_rng.h | 43 ------- src/sm3_rng.c | 215 --------------------------------- src/sm4_rng.c | 258 ---------------------------------------- tests/sm3_rngtest.c | 23 ---- tests/sm4_rngtest.c | 23 ---- 7 files changed, 612 deletions(-) delete mode 100644 include/gmssl/sm3_rng.h delete mode 100644 include/gmssl/sm4_rng.h delete mode 100644 src/sm3_rng.c delete mode 100644 src/sm4_rng.c delete mode 100644 tests/sm3_rngtest.c delete mode 100644 tests/sm4_rngtest.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 4982e623..e2051ab5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -55,7 +55,6 @@ option(ENABLE_SM4_CBC_MAC "Enable SM4-CBC-MAC" ON) option(ENABLE_SM2_EXTS "Enable SM2 Extensions" OFF) option(ENABLE_SM3_XMSS "Enable SM3-XMSS signature" ON) -option(ENABLE_GMT_0105_RNG "Enable GM/T 0105 Software RNG" OFF) option(ENABLE_SHA1 "Enable SHA1" ON) option(ENABLE_SHA2 "Enable SHA2" ON) @@ -495,13 +494,6 @@ if (ENABLE_SM4_CBC_MAC) endif() -if (ENABLE_GMT_0105_RNG) - message(STATUS "ENABLE_GMT_0105_RNG is ON") - list(APPEND src src/sm3_rng.c src/sm4_rng.c) - list(APPEND tests sm3_rng sm4_rng) -endif() - - check_symbol_exists(getentropy "unistd.h" HAVE_GETENTROPY) if (WIN32) add_definitions(-D_WINSOCK_DEPRECATED_NO_WARNINGS) diff --git a/include/gmssl/sm3_rng.h b/include/gmssl/sm3_rng.h deleted file mode 100644 index 418ddf3f..00000000 --- a/include/gmssl/sm3_rng.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_SM3_RNG_H -#define GMSSL_SM3_RNG_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SM3_RNG_MAX_RESEED_COUNTER (1<<20) -#define SM3_RNG_MAX_RESEED_SECONDS 600 - - -typedef struct { - uint8_t V[55]; - uint8_t C[55]; - uint32_t reseed_counter; - time_t last_reseed_time; -} SM3_RNG; - -int sm3_rng_init(SM3_RNG *rng, const uint8_t *nonce, size_t nonce_len, - const uint8_t *label, size_t label_len); -int sm3_rng_reseed(SM3_RNG *rng, const uint8_t *addin, size_t addin_len); -int sm3_rng_generate(SM3_RNG *rng, const uint8_t *addin, size_t addin_len, - uint8_t *out, size_t outlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm4_rng.h b/include/gmssl/sm4_rng.h deleted file mode 100644 index 67e86dcf..00000000 --- a/include/gmssl/sm4_rng.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_SM4_RNG_H -#define GMSSL_SM4_RNG_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SM4_RNG_MAX_RESEED_COUNTER (1<<20) -#define SM4_RNG_MAX_RESEED_SECONDS 600 - -typedef struct { - uint8_t V[16]; - uint8_t K[16]; - uint32_t reseed_counter; - time_t last_reseed_time; -} SM4_RNG; - - -int sm4_rng_init(SM4_RNG *rng, const uint8_t *nonce, size_t nonce_len, - const uint8_t *label, size_t label_len); -int sm4_rng_update(SM4_RNG *rng, const uint8_t seed[32]); -int sm4_rng_reseed(SM4_RNG *rng, const uint8_t *addin, size_t addin_len); -int sm4_rng_generate(SM4_RNG *rng, const uint8_t *addin, size_t addin_len, - uint8_t *out, size_t outlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/sm3_rng.c b/src/sm3_rng.c deleted file mode 100644 index 599a91c8..00000000 --- a/src/sm3_rng.c +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ -// see GM/T 0105-2021 Design Guide for Software-based Random Number Generators - -#include -#include -#include -#include -#include -#include -#include -#include - - -static const uint8_t num[4] = { 0, 1, 2, 3 }; - -typedef struct { - SM3_CTX sm3_ctx[2]; -} SM3_DF_CTX; - -// sm3_df(in) := ( sm3(be32(1) || be32(440) || in) || -// sm3(b332(2) || be32(440) || in) )[0:55] -static void sm3_df_init(SM3_DF_CTX *df_ctx) -{ - uint8_t counter[4] = {0, 0, 0, 1}; - uint8_t seedlen[4] = {0, 0, 440/256, 440%256}; - - sm3_init(&df_ctx->sm3_ctx[0]); - sm3_update(&df_ctx->sm3_ctx[0], counter, 4); - sm3_update(&df_ctx->sm3_ctx[0], seedlen, 4); - counter[3] = 2; - sm3_init(&df_ctx->sm3_ctx[1]); - sm3_update(&df_ctx->sm3_ctx[1], counter, 4); - sm3_update(&df_ctx->sm3_ctx[1], seedlen, 4); -} - -static void sm3_df_update(SM3_DF_CTX *df_ctx, const uint8_t *data, size_t datalen) -{ - if (data && datalen) { - sm3_update(&df_ctx->sm3_ctx[0], data, datalen); - sm3_update(&df_ctx->sm3_ctx[1], data, datalen); - } -} - -static void sm3_df_finish(SM3_DF_CTX *df_ctx, uint8_t out[55]) -{ - uint8_t buf[32]; - sm3_finish(&df_ctx->sm3_ctx[0], out); - sm3_finish(&df_ctx->sm3_ctx[1], buf); - memcpy(out + 32, buf, 55 - 32); -} - -int sm3_rng_init(SM3_RNG *rng, const uint8_t *nonce, size_t nonce_len, - const uint8_t *label, size_t label_len) -{ - SM3_DF_CTX df_ctx; - uint8_t entropy[512]; - - // get_entropy, 512-byte might be too long for some system RNGs - if (rand_bytes(entropy, 256) != 1 - || rand_bytes(entropy + 256, 256) != 1) { - error_print(); - return -1; - } - - // V = sm3_df(entropy || nonce || label) - sm3_df_init(&df_ctx); - sm3_df_update(&df_ctx, entropy, sizeof(entropy)); - sm3_df_update(&df_ctx, nonce, nonce_len); - sm3_df_update(&df_ctx, label, label_len); - sm3_df_finish(&df_ctx, rng->V); - - // C = sm3_df(0x00 || V) - sm3_df_init(&df_ctx); - sm3_df_update(&df_ctx, &num[0], 1); - sm3_df_update(&df_ctx, rng->V, 55); - sm3_df_finish(&df_ctx, rng->C); - - // reseed_counter = 1, last_ressed_time = now() - rng->reseed_counter = 1; - rng->last_reseed_time = time(NULL); - - gmssl_secure_clear(&df_ctx, sizeof(df_ctx)); - gmssl_secure_clear(entropy, sizeof(entropy)); - return 1; -} - -int sm3_rng_reseed(SM3_RNG *rng, const uint8_t *addin, size_t addin_len) -{ - SM3_DF_CTX df_ctx; - uint8_t entropy[512]; - - // get_entropy, 512-byte might be too long for some system RNGs - if (rand_bytes(entropy, 256) != 1 - || rand_bytes(entropy + 256, 256) != 1) { - error_print(); - return -1; - } - - // V = sm3_df(0x01 || entropy || V || appin) - sm3_df_init(&df_ctx); - sm3_df_update(&df_ctx, &num[1], 1); - sm3_df_update(&df_ctx, entropy, sizeof(entropy)); - sm3_df_update(&df_ctx, rng->V, 55); - sm3_df_update(&df_ctx, addin, addin_len); - sm3_df_finish(&df_ctx, rng->V); - - // C = sm3_df(0x00 || V) - sm3_df_init(&df_ctx); - sm3_df_update(&df_ctx, &num[0], 1); - sm3_df_update(&df_ctx, rng->V, 55); - sm3_df_finish(&df_ctx, rng->C); - - // reseed_counter = 1, last_ressed_time = now() - rng->reseed_counter = 1; - rng->last_reseed_time = time(NULL); - - gmssl_secure_clear(&df_ctx, sizeof(df_ctx)); - gmssl_secure_clear(entropy, sizeof(entropy)); - return 1; -} - -static void be_add(uint8_t r[55], const uint8_t *a, size_t alen) -{ - int i, j, carry = 0; - - for (i = 54, j = (int)(alen - 1); j >= 0; i--, j--) { - carry += r[i] + a[j]; - r[i] = carry & 0xff; - carry >>= 8; - } - for (; i >= 0; i--) { - carry += r[i]; - r[i] = carry & 0xff; - carry >>= 8; - } -} - -int sm3_rng_generate(SM3_RNG *rng, const uint8_t *addin, size_t addin_len, - uint8_t *out, size_t outlen) -{ - SM3_CTX sm3_ctx; - uint8_t H[32]; - uint8_t counter[4]; - - if (!outlen || outlen > 32) { - error_print(); - return -1; - } - - if (rng->reseed_counter > SM3_RNG_MAX_RESEED_COUNTER - || time(NULL) - rng->last_reseed_time > SM3_RNG_MAX_RESEED_SECONDS) { - if (sm3_rng_reseed(rng, addin, addin_len) != 1) { - error_print(); - return -1; - } - if (addin) { - addin = NULL; - } - } - - if (addin && addin_len) { - uint8_t W[32]; - - // W = sm3(0x02 || V || addin) - sm3_init(&sm3_ctx); - sm3_update(&sm3_ctx, &num[2], 1); - sm3_update(&sm3_ctx, rng->V, 55); - sm3_update(&sm3_ctx, addin, addin_len); - sm3_finish(&sm3_ctx, W); - - // V = (V + W) mod 2^440 - be_add(rng->V, W, 32); - - gmssl_secure_clear(W, sizeof(W)); - } - - // output sm3(V) - sm3_init(&sm3_ctx); - sm3_update(&sm3_ctx, rng->V, 55); - if (outlen < 32) { - uint8_t buf[32]; - sm3_finish(&sm3_ctx, buf); - memcpy(out, buf, outlen); - } else { - sm3_finish(&sm3_ctx, out); - } - - // H = sm3(0x03 || V) - sm3_init(&sm3_ctx); - sm3_update(&sm3_ctx, &num[3], 1); - sm3_update(&sm3_ctx, rng->V, 55); - sm3_finish(&sm3_ctx, H); - - // V = (V + H + C + reseed_counter) mod 2^440 - be_add(rng->V, H, 32); - be_add(rng->V, rng->C, 55); - counter[0] = (rng->reseed_counter >> 24) & 0xff; - counter[1] = (rng->reseed_counter >> 16) & 0xff; - counter[2] = (rng->reseed_counter >> 8) & 0xff; - counter[3] = (rng->reseed_counter ) & 0xff; - be_add(rng->V, counter, 4); - - (rng->reseed_counter)++; - - gmssl_secure_clear(&sm3_ctx, sizeof(sm3_ctx)); - gmssl_secure_clear(H, sizeof(H)); - return 1; -} diff --git a/src/sm4_rng.c b/src/sm4_rng.c deleted file mode 100644 index ed11596b..00000000 --- a/src/sm4_rng.c +++ /dev/null @@ -1,258 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ -// see GM/T 0105-2021 Design Guide for Software-based Random Number Generators - -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -/* -u8[16] R0, R1 - -(R0,R1) = sm4_df(in): - - L = nbytes(in) - N = 32 -- nbytes(R0||R1) - S = be32(L) || be32(N) || in || 0x80 || 0x00^*, nbytes(S) = 0 (mod 16) - K = 0x000102030405060708090a0b0c0d0e0f - - T = CBC_MAC(K, be32(0) || 0x00^12 || S) = CBC_MAC(K, be32(0) || 0x00^12 || be32(L) || be32(N) || in || 0x80) - X = CBC_MAC(K, be32(1) || 0x00^12 || S) = CBC_MAC(K, be32(1) || 0x00^12 || be32(L) || be32(N) || in || 0x80) - K = T - - R0 = sm4(K, X) - R1 = sm4(K, R0) -*/ - -typedef struct { - SM4_CBC_MAC_CTX cbc_mac_ctx[2]; - uint32_t len; - uint32_t len_check; -} SM4_DF_CTX; - -static void sm4_df_init(SM4_DF_CTX *df_ctx, size_t len) -{ - const uint8_t key[16] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; - uint8_t prefix[16] = {0}; - uint8_t Lbuf[4] = {0}; - uint8_t Nbuf[4] = {0}; - - Lbuf[0] = (len >> 24) & 0xff; - Lbuf[1] = (len >> 16) & 0xff; - Lbuf[2] = (len >> 8) & 0xff; - Lbuf[3] = len & 0xff; - - Nbuf[3] = 32; - - sm4_cbc_mac_init(&df_ctx->cbc_mac_ctx[0], key); - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[0], prefix, 16); - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[0], Lbuf, 4); - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[0], Nbuf, 4); - - prefix[3] = 1; - sm4_cbc_mac_init(&df_ctx->cbc_mac_ctx[1], key); - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[1], prefix, 16); - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[1], Lbuf, 4); - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[1], Nbuf, 4); - - df_ctx->len = (uint32_t)len; - df_ctx->len_check = 0; -} - -static void sm4_df_update(SM4_DF_CTX *df_ctx, const uint8_t *data, size_t datalen) -{ - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[0], data, datalen); - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[1], data, datalen); - df_ctx->len_check += datalen; -} - -static void sm4_df_finish(SM4_DF_CTX *df_ctx, uint8_t out[32]) -{ - const uint8_t suffix[1] = {0x80}; - uint8_t K[16]; - uint8_t X[16]; - SM4_KEY sm4_key; - - assert(df_ctx->len == df_ctx->len_check); - - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[0], suffix, 1); - sm4_cbc_mac_finish(&df_ctx->cbc_mac_ctx[0], K); - sm4_cbc_mac_update(&df_ctx->cbc_mac_ctx[1], suffix, 1); - sm4_cbc_mac_finish(&df_ctx->cbc_mac_ctx[1], X); - - sm4_set_encrypt_key(&sm4_key, K); - sm4_encrypt(&sm4_key, X, out); - sm4_encrypt(&sm4_key, out, out + 16); - - gmssl_secure_clear(K, sizeof(K)); - gmssl_secure_clear(X, sizeof(X)); - gmssl_secure_clear(&sm4_key, sizeof(sm4_key)); -} - -static void be_incr(uint8_t a[16]) -{ - int i; - for (i = 15; i >= 0; i--) { - a[i]++; - if (a[i]) break; - } -} - - -int sm4_rng_update(SM4_RNG *rng, const uint8_t seed[32]) -{ - SM4_KEY sm4_key; - - sm4_set_encrypt_key(&sm4_key, rng->K); - be_incr(rng->V); - sm4_encrypt(&sm4_key, rng->V, rng->K); - be_incr(rng->V); - sm4_encrypt(&sm4_key, rng->V, rng->V); - - memxor(rng->K, seed, 16); - memxor(rng->V, seed + 16, 16); - - return 1; -} - -int sm4_rng_init(SM4_RNG *rng, const uint8_t *nonce, size_t nonce_len, - const uint8_t *label, size_t label_len) -{ - SM4_DF_CTX df_ctx; - uint8_t entropy[512]; - uint8_t seed[32]; - - // get_entropy, 512-byte might be too long for some system RNGs - if (rand_bytes(entropy, 256) != 1 - || rand_bytes(entropy + 256, 256) != 1) { - error_print(); - return -1; - } - - // seed = sm4_df(entropy || nonce || label) - sm4_df_init(&df_ctx, sizeof(entropy) + nonce_len + label_len); - sm4_df_update(&df_ctx, entropy, sizeof(entropy)); - sm4_df_update(&df_ctx, nonce, nonce_len); - sm4_df_update(&df_ctx, label, label_len); - sm4_df_finish(&df_ctx, seed); - - memset(rng->K, 0, 16); - memset(rng->V, 0, 16); - - // (K, V) = sm3_rng_update(seed, K, V) - sm4_rng_update(rng, seed); - - // reseed_counter = 1, last_ressed_time = now() - rng->reseed_counter = 1; - rng->last_reseed_time = time(NULL); - - gmssl_secure_clear(&df_ctx, sizeof(df_ctx)); - gmssl_secure_clear(entropy, sizeof(entropy)); - gmssl_secure_clear(seed, sizeof(seed)); - return 1; -} - -int sm4_rng_reseed(SM4_RNG *rng, const uint8_t *addin, size_t addin_len) -{ - SM4_DF_CTX df_ctx; - uint8_t entropy[512]; - uint8_t seed[32]; - - // get_entropy, 512-byte might be too long for some system RNGs - if (rand_bytes(entropy, 256) != 1 - || rand_bytes(entropy + 256, 256) != 1) { - error_print(); - return -1; - } - - // seed = sm4_df(entropy || addin) - sm4_df_init(&df_ctx, sizeof(entropy) + addin_len); - sm4_df_update(&df_ctx, entropy, sizeof(entropy)); - sm4_df_update(&df_ctx, addin, addin_len); - sm4_df_finish(&df_ctx, seed); - - sm4_rng_update(rng, seed); - - rng->reseed_counter = 1; - rng->last_reseed_time = time(NULL); - - gmssl_secure_clear(&df_ctx, sizeof(df_ctx)); - gmssl_secure_clear(entropy, sizeof(entropy)); - return 1; -} - - -#define SM4_RNG_MAX_RESEED_COUNTER (1<<20) -#define SM4_RNG_MAX_RESEED_SECONDS 600 - -int sm4_rng_generate(SM4_RNG *rng, const uint8_t *addin, size_t addin_len, - uint8_t *out, size_t outlen) -{ - uint8_t seed[32] = {0}; - SM4_KEY sm4_key; - - if (!outlen || outlen > 16) { - error_print(); - return -1; - } - - if (rng->reseed_counter > SM4_RNG_MAX_RESEED_COUNTER - || time(NULL) - rng->last_reseed_time > SM4_RNG_MAX_RESEED_SECONDS) { - if (sm4_rng_reseed(rng, addin, addin_len) != 1) { - error_print(); - return -1; - } - if (addin) { - addin = NULL; - } - } - - if (addin && addin_len) { - // seed = sm4_df(addin) - SM4_DF_CTX df_ctx; - sm4_df_init(&df_ctx, addin_len); - sm4_df_update(&df_ctx, addin, addin_len); - sm4_df_finish(&df_ctx, seed); - gmssl_secure_clear(&df_ctx, sizeof(df_ctx)); - - // rng_update(seed) - sm4_rng_update(rng, seed); - } - - // V = (V + 1) mod 2^128 - be_incr(rng->V); - - // output sm4(K, V)[0:outlen] - sm4_set_encrypt_key(&sm4_key, rng->K); - if (outlen < 16) { - uint8_t buf[16]; - sm4_encrypt(&sm4_key, rng->V, buf); - memcpy(out, buf, outlen); - } else { - sm4_encrypt(&sm4_key, rng->V, out); - } - - // (K, V) = update(seed, (K, V)) - sm4_rng_update(rng, seed); - - // reseed_counter++ - (rng->reseed_counter)++; - - - gmssl_secure_clear(seed, sizeof(seed)); - gmssl_secure_clear(&sm4_key, sizeof(sm4_key)); - return 1; -} diff --git a/tests/sm3_rngtest.c b/tests/sm3_rngtest.c deleted file mode 100644 index 4beb0d99..00000000 --- a/tests/sm3_rngtest.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#include -#include -#include -#include -#include -#include - - -int main(void) -{ - error_print(); - return 1; -} diff --git a/tests/sm4_rngtest.c b/tests/sm4_rngtest.c deleted file mode 100644 index 8e912d5a..00000000 --- a/tests/sm4_rngtest.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#include -#include -#include -#include -#include -#include - - -int main(void) -{ - error_print(); - return 1; -}