abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update AEAD

Browse Source
This commit is contained in:
Zhi Guan
2023-02-14 18:56:03 +08:00
parent acd50a83d0
commit a9f76d8f62
6 changed files with 449 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
demos/scripts/sm4demo.sh
View File

@@ -1,12 +1,115 @@
#!/bin/bash
#!/bin/bash -x
set -e
gmssl sm4 -help
# CBC
echo hello | gmssl sm4 -cbc -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -out ciphertext.bin
gmssl sm4 -cbc -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
# CTR
echo hello | gmssl sm4 -ctr -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -out ciphertext.bin
gmssl sm4 -ctr -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
# GCM IV length = 12
echo hello | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -out ciphertext.bin
gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -in ciphertext.bin
# GCM IV length = 1
echo hello | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 11 -out ciphertext.bin
gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 11 -in ciphertext.bin
# GCM IV length = 16
echo hello | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -out ciphertext.bin
gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
# GCM IV length = 32
echo hello | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 1122334455667788112233445566778811223344556677881122334455667788 -out ciphertext.bin
gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 1122334455667788112233445566778811223344556677881122334455667788 -in ciphertext.bin
# CBC-SM3-HMAC
echo hello | gmssl sm4 -cbc_sm3_hmac -encrypt \
-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
-iv 11223344556677881122334455667788 -out ciphertext.bin
gmssl sm4 -cbc_sm3_hmac -decrypt \
-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
-iv 11223344556677881122334455667788 -in ciphertext.bin
# CTR-SM3-HMAC
echo hello | gmssl sm4 -ctr_sm3_hmac -encrypt \
-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
-iv 11223344556677881122334455667788 -out ciphertext.bin
gmssl sm4 -ctr_sm3_hmac -decrypt \
-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
-iv 11223344556677881122334455667788 -in ciphertext.bin
# encrypt/decrypt long text file
cat << EOF > plaintext.txt
-----BEGIN CERTIFICATE-----
MIICzzCCAnKgAwIBAgIFEzY5M3AwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD
TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2
MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD
VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF
rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN
ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPsNUnoZQM9C
SnvC57TbvdfyOTCuPOSlZmPAyxBKFj+Y1QH/xlubHdVf5XqHrO1jCDRi7aN5IKGX
QF1492c803OjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB
ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF
BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f
BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j
cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCBsAwHQYD
VR0OBBYEFJ6oFo/OrKgDhHFORpaq04kX7T1KMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0kAMEYCIQCvhSvbv5h6ERl1YcCLg+fz
9UleQbaPfBYwUjUD2dAHVQIhAMRC4k9S/mSC0UpUvCqh/DQC2Ui8Tccd5G2IgYSs
cnUN
-----END CERTIFICATE-----
EOF
KEY=11223344556677881122334455667788
IV=11223344556677881122334455667788
# CBC
gmssl sm4 -cbc -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
gmssl sm4 -cbc -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
echo hello | gmssl sm4 -cbc -encrypt -key $KEY -iv $IV -out sm4.cbc
gmssl sm4 -cbc -decrypt -key $KEY -iv $IV -in sm4.cbc
# CTR
gmssl sm4 -ctr -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
gmssl sm4 -ctr -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
# GCM IV length = 12
gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -in plaintext.txt -out ciphertext.bin
gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -in ciphertext.bin
# GCM IV length = 1
gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 11 -in plaintext.txt -out ciphertext.bin
gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 11 -in ciphertext.bin
# GCM IV length = 16
gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
# GCM IV length = 32
gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 1122334455667788112233445566778811223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 1122334455667788112233445566778811223344556677881122334455667788 -in ciphertext.bin
# CBC-SM3-HMAC
gmssl sm4 -cbc_sm3_hmac -encrypt \
-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
-iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
gmssl sm4 -cbc_sm3_hmac -decrypt \
-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
-iv 11223344556677881122334455667788 -in ciphertext.bin
# CTR-SM3-HMAC
gmssl sm4 -ctr_sm3_hmac -encrypt \
-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
-iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
gmssl sm4 -ctr_sm3_hmac -decrypt \
-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
-iv 11223344556677881122334455667788 -in ciphertext.bin
rm -fr plaintext.txt
rm -fr ciphertext.bin
echo hello | gmssl sm4 -ctr -encrypt -key $KEY -iv $IV -out sm4.ctr
gmssl sm4 -ctr -decrypt -key $KEY -iv $IV -in sm4.ctr

72
include/gmssl/aead.h
View File

@@ -14,8 +14,8 @@
#include <stdint.h>
#include <gmssl/sm3.h>
#include <gmssl/sm4.h>
#include <gmssl/zuc.h>
#include <gmssl/gcm.h>
#include <gmssl/api.h>
#ifdef __cplusplus
extern "C" {
@@ -29,16 +29,23 @@ typedef struct {
size_t maclen;
} SM4_CBC_SM3_HMAC_CTX;
int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
#define SM4_CBC_SM3_HMAC_KEY_SIZE 48
#define SM4_CBC_SM3_HMAC_IV_SIZE 16
_gmssl_export int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen);
int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen);
int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
_gmssl_export int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx,
uint8_t *out, size_t *outlen);
_gmssl_export int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen);
int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx,
uint8_t *out, size_t *outlen);
typedef struct {
@@ -48,16 +55,23 @@ typedef struct {
size_t maclen;
} SM4_CTR_SM3_HMAC_CTX;
int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
#define SM4_CTR_SM3_HMAC_KEY_SIZE 48
#define SM4_CTR_SM3_HMAC_IV_SIZE 16
_gmssl_export int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen);
int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen);
int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
_gmssl_export int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx,
uint8_t *out, size_t *outlen);
_gmssl_export int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen);
int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx,
uint8_t *out, size_t *outlen);
typedef struct {
@@ -69,16 +83,24 @@ typedef struct {
size_t maclen;
} SM4_GCM_CTX;
int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
#define SM4_GCM_KEY_SIZE 16
#define SM4_GCM_MIN_IV_SIZE 1
#define SM4_GCM_MAX_IV_SIZE 64
_gmssl_export int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, size_t taglen);
int sm4_gcm_encrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen);
int sm4_gcm_decrypt_init(SM4_GCM_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
_gmssl_export int sm4_gcm_encrypt_update(SM4_GCM_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx,
uint8_t *out, size_t *outlen);
_gmssl_export int sm4_gcm_decrypt_init(SM4_GCM_CTX *ctx,
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, size_t taglen);
int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
_gmssl_export int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx,
uint8_t *out, size_t *outlen);
#ifdef __cplusplus

22
include/gmssl/api.h Normal file
View File

@@ -0,0 +1,22 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_API_H
#define GMSSL_API_H
#ifdef WIN32
#define _gmssl_export __declspec(dllexport)
#else
// use -fvisibility=hidden to change the "default" behavior
#define _gmssl_export __attribute__((visibility("default")))
#endif
#endif

109
src/aead.c
View File

@@ -11,15 +11,24 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/mem.h>
#include <gmssl/aead.h>
#include <gmssl/error.h>
int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen)
{
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
if (keylen != 48 || ivlen != 16) {
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
if (sm4_cbc_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
error_print();
@@ -34,6 +43,10 @@ int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
if (!ctx || !in || !out || !outlen) {
error_print();
return -1;
}
if (sm4_cbc_encrypt_update(&ctx->enc_ctx, in, inlen, out, outlen) != 1) {
error_print();
return -1;
@@ -44,6 +57,10 @@ int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in
int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen)
{
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (sm4_cbc_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
error_print();
return -1;
@@ -55,9 +72,17 @@ int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, siz
}
int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen)
{
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
if (keylen != 48 || ivlen != 16) {
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
if (sm4_cbc_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
error_print();
@@ -74,6 +99,10 @@ int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, const uint8_t *in
{
size_t len;
if (!ctx || !in || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen > SM3_HMAC_SIZE) {
error_print();
return -1;
@@ -126,6 +155,10 @@ int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, siz
{
uint8_t mac[SM3_HMAC_SIZE];
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen != SM3_HMAC_SIZE) {
error_print();
return -1;
@@ -145,9 +178,17 @@ int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, siz
}
int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen)
{
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
if (keylen != 48 || ivlen != 16) {
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
error_print();
@@ -162,6 +203,10 @@ int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
if (!ctx || !in || !out || !outlen) {
error_print();
return -1;
}
if (sm4_ctr_encrypt_update(&ctx->enc_ctx, in, inlen, out, outlen) != 1) {
error_print();
return -1;
@@ -172,6 +217,10 @@ int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in
int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, size_t *outlen)
{
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (sm4_ctr_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
error_print();
return -1;
@@ -183,9 +232,17 @@ int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, siz
}
int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE + SM3_HMAC_SIZE], const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen)
{
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
if (keylen != 48 || ivlen != 16) {
error_print();
return -1;
}
memset(ctx, 0, sizeof(*ctx));
if (sm4_ctr_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
error_print();
@@ -202,6 +259,10 @@ int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, const uint8_t *in
{
size_t len;
if (!ctx || !in || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen > SM3_HMAC_SIZE) {
error_print();
return -1;
@@ -254,6 +315,10 @@ int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, siz
{
uint8_t mac[SM3_HMAC_SIZE];
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen != SM3_HMAC_SIZE) {
error_print();
return -1;
@@ -282,13 +347,25 @@ static void ctr_incr(uint8_t a[16])
}
int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, size_t taglen)
{
uint8_t H[16] = {0};
uint8_t Y[16];
if (taglen > SM4_GCM_MAX_TAG_SIZE) {
if (!ctx || !key || !iv || (!aad && aadlen)) {
error_print();
return -1;
}
if (keylen != 16) {
error_print();
return -1;
}
if (ivlen < SM4_GCM_MIN_IV_SIZE || ivlen > SM4_GCM_MAX_IV_SIZE) {
error_print();
return -1;
}
if (taglen < 8 || taglen > 16) {
error_print();
return -1;
}
@@ -325,6 +402,10 @@ int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
int sm4_gcm_encrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
if (!ctx || !in || !out || !outlen) {
error_print();
return -1;
}
if (sm4_ctr_encrypt_update(&ctx->enc_ctx, in, inlen, out, outlen) != 1) {
error_print();
return -1;
@@ -337,6 +418,10 @@ int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
{
uint8_t mac[16];
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (sm4_ctr_encrypt_finish(&ctx->enc_ctx, out, outlen) != 1) {
error_print();
return -1;
@@ -352,16 +437,20 @@ int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
}
int sm4_gcm_decrypt_init(SM4_GCM_CTX *ctx,
const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen,
const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, size_t taglen)
{
return sm4_gcm_encrypt_init(ctx, key, iv, ivlen, aad, aadlen, taglen);
return sm4_gcm_encrypt_init(ctx, key, keylen, iv, ivlen, aad, aadlen, taglen);
}
int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
size_t len;
if (!ctx || !in || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen > ctx->taglen) {
error_print();
return -1;
@@ -414,6 +503,10 @@ int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen)
{
uint8_t mac[GHASH_SIZE];
if (!ctx || !out || !outlen) {
error_print();
return -1;
}
if (ctx->maclen != ctx->taglen) {
error_print();
return -1;

15
tests/aeadtest.c
View File

@@ -39,9 +39,10 @@ static int test_aead_sm4_cbc_sm3_hmac(void)
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
rand_bytes(aad, sizeof(aad));
rand_bytes(plain, plainlen);
if (sm4_cbc_sm3_hmac_encrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
if (sm4_cbc_sm3_hmac_encrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
error_print();
return -1;
}
@@ -98,7 +99,7 @@ static int test_aead_sm4_cbc_sm3_hmac(void)
in = cipher;
out = buf;
if (sm4_cbc_sm3_hmac_decrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
if (sm4_cbc_sm3_hmac_decrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
error_print();
return -1;
}
@@ -157,9 +158,10 @@ static int test_aead_sm4_ctr_sm3_hmac(void)
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
rand_bytes(aad, sizeof(aad));
rand_bytes(plain, plainlen);
if (sm4_ctr_sm3_hmac_encrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
if (sm4_ctr_sm3_hmac_encrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
error_print();
return -1;
}
@@ -218,7 +220,7 @@ static int test_aead_sm4_ctr_sm3_hmac(void)
in = cipher;
out = buf;
if (sm4_ctr_sm3_hmac_decrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
if (sm4_ctr_sm3_hmac_decrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
error_print();
return -1;
}
@@ -278,9 +280,10 @@ static int test_aead_sm4_gcm(void)
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
rand_bytes(aad, sizeof(aad));
rand_bytes(plain, plainlen);
if (sm4_gcm_encrypt_init(&aead_ctx, key, iv, sizeof(iv), aad, sizeof(aad), GHASH_SIZE) != 1) {
if (sm4_gcm_encrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad), GHASH_SIZE) != 1) {
error_print();
return -1;
}
@@ -333,7 +336,7 @@ static int test_aead_sm4_gcm(void)
in = cipher;
out = buf;
if (sm4_gcm_decrypt_init(&aead_ctx, key, iv, sizeof(iv), aad, sizeof(aad), GHASH_SIZE) != 1) {
if (sm4_gcm_decrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad), GHASH_SIZE) != 1) {
error_print();
return -1;
}

198
tools/sm4.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -15,12 +15,49 @@
#include <gmssl/mem.h>
#include <gmssl/sm4.h>
#include <gmssl/hex.h>
#include <gmssl/aead.h>
#include <gmssl/error.h>
#define SM4_MODE_CBC 1
#define SM4_MODE_CTR 2
#define SM4_MODE_GCM 3
#define SM4_MODE_CBC_SM3_HMAC 4
#define SM4_MODE_CTR_SM3_HMAC 5
static const char *options = "{-cbc|-ctr} {-encrypt|-decrypt} -key hex -iv hex [-in file] [-out file]";
static const char *usage = "(-cbc|-ctr|-gcm|-cbc_sm3_hmac|-ctr_sm3_hmac) {-encrypt|-decrypt} -key hex -iv hex [-in file] [-out file]";
static const char *options =
"Options\n"
"\n"
" Modes\n"
"\n"
" -cbc CBC mode with padding, need 16-byte key and 16-byte iv\n"
" -ctr CTR mode, need 16-byte key and 16-byte iv\n"
" -gcm GCM mode, need 16-byte key and any iv length\n"
" -cbc_sm3_hmac CBC mode with padding and HMAC-SM3 (encrypt-then-mac), need 48-byte key and 16-byte iv\n"
" -ctr_sm3_hmac CTR mode with HMAC-SM3 (entrypt-then-mac), need 48-byte key and 16-byte iv\n"
"\n"
" -encrypt Encrypt\n"
" -decrypt Decrypt\n"
" -key hex Symmetric key in HEX format\n"
" -iv hex IV in HEX format\n"
" -in file | stdin Input data\n"
" -out file | stdout Output data\n"
"\n"
"Examples"
"\n"
" echo \"hello\" | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -out ciphertext.bin\n"
" gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -in ciphertext.bin\n"
"\n"
" echo \"hello\" | gmssl sm4 -cbc_sm3_hmac -encrypt \\\n"
" -key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \\\n"
" -iv 11223344556677881122334455667788 -out ciphertext.bin\n"
" gmssl sm4 -cbc_sm3_hmac -decrypt \\\n"
" -key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \\\n"
" -iv 11223344556677881122334455667788 -in ciphertext.bin\n"
"\n";
int sm4_main(int argc, char **argv)
{
@@ -30,16 +67,22 @@ int sm4_main(int argc, char **argv)
char *ivhex = NULL;
char *infile = NULL;
char *outfile = NULL;
uint8_t key[16];
uint8_t iv[16];
uint8_t key[48];
uint8_t iv[SM4_GCM_MAX_IV_SIZE];
size_t keylen = sizeof(key);
size_t ivlen = sizeof(iv);
FILE *infp = stdin;
FILE *outfp = stdout;
int mode = 0;
int enc = -1;
SM4_CBC_CTX cbc_ctx;
SM4_CTR_CTX ctr_ctx;
int rv;
union {
SM4_CBC_CTX cbc;
SM4_CTR_CTX ctr;
SM4_CBC_SM3_HMAC_CTX cbc_sm3_hmac;
SM4_CTR_SM3_HMAC_CTX ctr_sm3_hmac;
SM4_GCM_CTX gcm;
} sm4_ctx;
uint8_t inbuf[4096];
size_t inlen;
uint8_t outbuf[4196];
@@ -49,35 +92,36 @@ int sm4_main(int argc, char **argv)
argv++;
if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options);
fprintf(stderr, "usage: %s %s\n", prog, usage);
return 1;
}
while (argc > 0) {
if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options);
printf("usage: %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0;
goto end;
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
keyhex = *(++argv);
if (strlen(keyhex) != sizeof(key) * 2) {
if (strlen(keyhex) > sizeof(key) * 2) {
fprintf(stderr, "%s: invalid key length\n", prog);
goto end;
}
if (hex_to_bytes(keyhex, strlen(keyhex), key, &keylen) != 1) {
fprintf(stderr, "%s: invalid HEX digits\n", prog);
fprintf(stderr, "%s: invalid key hex digits\n", prog);
goto end;
}
} else if (!strcmp(*argv, "-iv")) {
if (--argc < 1) goto bad;
ivhex = *(++argv);
if (strlen(ivhex) != sizeof(iv) * 2) {
fprintf(stderr, "%s: invalid IV length\n", prog);
if (strlen(ivhex) > sizeof(iv) * 2) {
fprintf(stderr, "%s: IV length too long\n", prog);
goto end;
}
if (hex_to_bytes(ivhex, strlen(ivhex), iv, &ivlen) != 1) {
fprintf(stderr, "%s: invalid HEX digits\n", prog);
fprintf(stderr, "%s: invalid IV hex digits\n", prog);
goto end;
}
} else if (!strcmp(*argv, "-encrypt")) {
@@ -90,6 +134,15 @@ int sm4_main(int argc, char **argv)
} else if (!strcmp(*argv, "-ctr")) {
if (mode) goto bad;
mode = SM4_MODE_CTR;
} else if (!strcmp(*argv, "-cbc_sm3_hmac")) {
if (mode) goto bad;
mode = SM4_MODE_CBC_SM3_HMAC;
} else if (!strcmp(*argv, "-ctr_sm3_hmac")) {
if (mode) goto bad;
mode = SM4_MODE_CTR_SM3_HMAC;
} else if (!strcmp(*argv, "-gcm")) {
if (mode) goto bad;
mode = SM4_MODE_GCM;
} else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad;
infile = *(++argv);
@@ -105,10 +158,10 @@ int sm4_main(int argc, char **argv)
goto end;
}
} else {
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
fprintf(stderr, "%s: illegal option `%s`\n", prog, *argv);
goto end;
bad:
fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv);
fprintf(stderr, "%s: `%s` option value missing\n", prog, *argv);
goto end;
}
@@ -117,27 +170,56 @@ bad:
}
if (!mode) {
fprintf(stderr, "%s: mode not assigned, -cbc or -ctr option required\n", prog);
fprintf(stderr, "%s: mode not assigned, `-cbc`, `-ctr`, `-gcm`, `-cbc_sm3_hmac` or `-ctr_sm3_hmac` required\n", prog);
goto end;
}
if (!keyhex) {
fprintf(stderr, "%s: option '-key' missing\n", prog);
fprintf(stderr, "%s: option `-key` missing\n", prog);
goto end;
}
if (!ivhex) {
fprintf(stderr, "%s: option '-iv' missing\n", prog);
fprintf(stderr, "%s: option `-iv` missing\n", prog);
goto end;
}
switch (mode) {
case SM4_MODE_CTR:
case SM4_MODE_CBC:
case SM4_MODE_GCM:
if (keylen != 16) {
fprintf(stderr, "%s: invalid key length, should be 32 hex digits\n", prog);
goto end;
}
break;
case SM4_MODE_CBC_SM3_HMAC:
case SM4_MODE_CTR_SM3_HMAC:
if (keylen != 48) {
fprintf(stderr, "%s: invalid key length, should be 96 hex digits\n", prog);
goto end;
}
break;
}
switch (mode) {
case SM4_MODE_CTR:
case SM4_MODE_CBC:
case SM4_MODE_CBC_SM3_HMAC:
case SM4_MODE_CTR_SM3_HMAC:
if (ivlen != 16) {
fprintf(stderr, "%s: invalid IV length, should be 32 hex digits\n", prog);
goto end;
}
break;
}
if (mode == SM4_MODE_CTR) {
if (sm4_ctr_encrypt_init(&ctr_ctx, key, iv) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
if (sm4_ctr_encrypt_init(&sm4_ctx.ctr, key, iv) != 1) {
error_print();
goto end;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) > 0) {
if (sm4_ctr_encrypt_update(&ctr_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
if (sm4_ctr_encrypt_update(&sm4_ctx.ctr, inbuf, inlen, outbuf, &outlen) != 1) {
error_print();
goto end;
}
if (fwrite(outbuf, 1, outlen, outfp) != outlen) {
@@ -145,8 +227,8 @@ bad:
goto end;
}
}
if (sm4_ctr_encrypt_finish(&ctr_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
if (sm4_ctr_encrypt_finish(&sm4_ctx.ctr, outbuf, &outlen) != 1) {
error_print();
goto end;
}
if (fwrite(outbuf, 1, outlen, outfp) != outlen) {
@@ -164,13 +246,26 @@ bad:
}
if (enc) {
if (sm4_cbc_encrypt_init(&cbc_ctx, key, iv) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
switch (mode) {
case SM4_MODE_CBC: rv = sm4_cbc_encrypt_init(&sm4_ctx.cbc, key, iv); break;
case SM4_MODE_GCM: rv = sm4_gcm_encrypt_init(&sm4_ctx.gcm, key, keylen, iv, ivlen, NULL, 0, GHASH_SIZE); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_encrypt_init(&sm4_ctx.cbc_sm3_hmac, key, keylen, iv, ivlen, NULL, 0); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_encrypt_init(&sm4_ctx.ctr_sm3_hmac, key, keylen, iv, ivlen, NULL, 0); break;
}
if (rv != 1) {
error_print();
goto end;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) > 0) {
if (sm4_cbc_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
switch (mode) {
case SM4_MODE_CBC: rv = sm4_cbc_encrypt_update(&sm4_ctx.cbc, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_GCM: rv = sm4_gcm_encrypt_update(&sm4_ctx.gcm, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_encrypt_update(&sm4_ctx.cbc_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_encrypt_update(&sm4_ctx.ctr_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
}
if (rv != 1) {
error_print();
goto end;
}
if (fwrite(outbuf, 1, outlen, outfp) != outlen) {
@@ -178,8 +273,15 @@ bad:
goto end;
}
}
if (sm4_cbc_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
switch (mode) {
case SM4_MODE_CBC: rv = sm4_cbc_encrypt_finish(&sm4_ctx.cbc, outbuf, &outlen); break;
case SM4_MODE_GCM: rv = sm4_gcm_encrypt_finish(&sm4_ctx.gcm, outbuf, &outlen); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_encrypt_finish(&sm4_ctx.cbc_sm3_hmac, outbuf, &outlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_encrypt_finish(&sm4_ctx.ctr_sm3_hmac, outbuf, &outlen); break;
}
if (rv != 1) {
error_print();
goto end;
}
if (fwrite(outbuf, 1, outlen, outfp) != outlen) {
@@ -188,22 +290,43 @@ bad:
}
} else {
if (sm4_cbc_decrypt_init(&cbc_ctx, key, iv) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
switch (mode) {
case SM4_MODE_CBC: rv = sm4_cbc_decrypt_init(&sm4_ctx.cbc, key, iv); break;
case SM4_MODE_GCM: rv = sm4_gcm_decrypt_init(&sm4_ctx.gcm, key, keylen, iv, ivlen, NULL, 0, GHASH_SIZE); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_init(&sm4_ctx.cbc_sm3_hmac, key, keylen, iv, ivlen, NULL, 0); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_decrypt_init(&sm4_ctx.ctr_sm3_hmac, key, keylen, iv, ivlen, NULL, 0); break;
}
if (rv != 1) {
error_print();
goto end;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) > 0) {
if (sm4_cbc_decrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
switch (mode) {
case SM4_MODE_CBC: rv = sm4_cbc_decrypt_update(&sm4_ctx.cbc, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_GCM: rv = sm4_gcm_decrypt_update(&sm4_ctx.gcm, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_update(&sm4_ctx.cbc_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_decrypt_update(&sm4_ctx.ctr_sm3_hmac, inbuf, inlen, outbuf, &outlen); break;
}
if (rv != 1) {
error_print();
goto end;
}
if (fwrite(outbuf, 1, outlen, outfp) != outlen) {
fprintf(stderr, "%s: output failure : %s\n", prog, strerror(errno));
goto end;
}
}
if (sm4_cbc_decrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
switch (mode) {
case SM4_MODE_CBC: rv = sm4_cbc_decrypt_finish(&sm4_ctx.cbc, outbuf, &outlen); break;
case SM4_MODE_GCM: rv = sm4_gcm_decrypt_finish(&sm4_ctx.gcm, outbuf, &outlen); break;
case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_finish(&sm4_ctx.cbc_sm3_hmac, outbuf, &outlen); break;
case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_decrypt_finish(&sm4_ctx.ctr_sm3_hmac, outbuf, &outlen); break;
}
if (rv != 1) {
error_print();
goto end;
}
if (fwrite(outbuf, 1, outlen, outfp) != outlen) {
@@ -214,8 +337,7 @@ bad:
ret = 0;
end:
gmssl_secure_clear(&cbc_ctx, sizeof(cbc_ctx));
gmssl_secure_clear(&ctr_ctx, sizeof(ctr_ctx));
gmssl_secure_clear(&sm4_ctx, sizeof(sm4_ctx));
gmssl_secure_clear(key, sizeof(key));
gmssl_secure_clear(iv, sizeof(iv));
gmssl_secure_clear(inbuf, sizeof(inbuf));