diff --git a/include/gmssl/aead.h b/include/gmssl/aead.h index 22d879f6..b4f7c3fe 100644 --- a/include/gmssl/aead.h +++ b/include/gmssl/aead.h @@ -81,26 +81,6 @@ int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, const uint8_t *in, size_t inlen, ui int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen); -#define ZUC_KEY_SIZE 16 -#define ZUC_IV_SIZE 16 -#define ZUC_MAC_KEY_SIZE 16 - -typedef struct { -} ZUC_WITH_MAC_CTX; - -int zuc_with_mac_encrypt_init(ZUC_WITH_MAC_CTX *ctx, - const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE], - const uint8_t *aad, size_t aadlen); -int zuc_with_mac_encrypt_update(ZUC_WITH_MAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int zuc_with_mac_encrypt_finish(ZUC_WITH_MAC_CTX *ctx, uint8_t *out, size_t *outlen); - -int zuc_with_mac_decrypt_init(ZUC_WITH_MAC_CTX *ctx, - const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE], - const uint8_t *aad, size_t aadlen); -int zuc_with_mac_decrypt_update(ZUC_WITH_MAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int zuc_with_mac_decrypt_finish(ZUC_WITH_MAC_CTX *ctx, uint8_t *out, size_t *outlen); - - #ifdef __cplusplus } #endif diff --git a/src/aead.c b/src/aead.c index b687bdea..4cbe825f 100644 --- a/src/aead.c +++ b/src/aead.c @@ -272,6 +272,15 @@ int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, siz return 1; } +static void ctr_incr(uint8_t a[16]) +{ + int i; + for (i = 15; i >= 0; i--) { + a[i]++; + if (a[i]) break; + } +} + int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t *iv, size_t ivlen, const uint8_t *aad, size_t aadlen, size_t taglen) @@ -304,10 +313,11 @@ int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx, ghash(H, NULL, 0, iv, ivlen, Y); } - memcpy(ctx->enc_ctx.ctr, Y, 16); - sm4_encrypt(&ctx->enc_ctx.sm4_key, Y, ctx->Y); + ctr_incr(Y); + memcpy(ctx->enc_ctx.ctr, Y, 16); + gmssl_secure_clear(H, sizeof(H)); gmssl_secure_clear(Y, sizeof(Y)); return 1; @@ -423,37 +433,3 @@ int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, uint8_t *out, size_t *outlen) ctx->maclen = 0; return 1; } - -int zuc_with_mac_encrypt_init(ZUC_WITH_MAC_CTX *ctx, - const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE], - const uint8_t *aad, size_t aadlen) -{ - return -1; -} - -int zuc_with_mac_encrypt_update(ZUC_WITH_MAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen) -{ - return -1; -} - -int zuc_with_mac_encrypt_finish(ZUC_WITH_MAC_CTX *ctx, uint8_t *out, size_t *outlen) -{ - return -1; -} - -int zuc_with_mac_decrypt_init(ZUC_WITH_MAC_CTX *ctx, - const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE], - const uint8_t *aad, size_t aadlen) -{ - return -1; -} - -int zuc_with_mac_decrypt_update(ZUC_WITH_MAC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen) -{ - return -1; -} - -int zuc_with_mac_decrypt_finish(ZUC_WITH_MAC_CTX *ctx, uint8_t *out, size_t *outlen) -{ - return -1; -} diff --git a/tests/aeadtest.c b/tests/aeadtest.c index d8dea8e2..c7e6b743 100644 --- a/tests/aeadtest.c +++ b/tests/aeadtest.c @@ -18,9 +18,6 @@ #include - - - static int test_aead_sm4_cbc_sm3_hmac(void) { SM4_CBC_SM3_HMAC_CTX aead_ctx; @@ -71,6 +68,33 @@ static int test_aead_sm4_cbc_sm3_hmac(void) format_bytes(stdout, 0, 4, "plaintext ", plain, sizeof(plain)); format_bytes(stdout, 0, 4, "ciphertext", cipher, cipherlen); + { + SM4_KEY sm4_key; + SM3_HMAC_CTX sm3_hmac_ctx; + uint8_t tmp[256]; + size_t tmplen; + + sm4_set_encrypt_key(&sm4_key, key); + if (sm4_cbc_padding_encrypt(&sm4_key, iv, plain, sizeof(plain), tmp, &tmplen) != 1) { + error_print(); + return -1; + } + + sm3_hmac_init(&sm3_hmac_ctx, key + 16, 32); + sm3_hmac_update(&sm3_hmac_ctx, aad, sizeof(aad)); + sm3_hmac_update(&sm3_hmac_ctx, tmp, tmplen); + sm3_hmac_finish(&sm3_hmac_ctx, tmp + tmplen); + tmplen += 32; + + format_bytes(stdout, 0, 4, "ciphertext", tmp, tmplen); + + if (cipherlen != tmplen + || memcmp(cipher, tmp, tmplen) != 0) { + error_print(); + return -1; + } + } + in = cipher; out = buf; @@ -162,6 +186,35 @@ static int test_aead_sm4_ctr_sm3_hmac(void) format_bytes(stdout, 0, 4, "plaintext ", plain, sizeof(plain)); format_bytes(stdout, 0, 4, "ciphertext", cipher, cipherlen); + { + SM4_KEY sm4_key; + uint8_t ctr[16]; + SM3_HMAC_CTX sm3_hmac_ctx; + uint8_t tmp[256]; + size_t tmplen; + + sm4_set_encrypt_key(&sm4_key, key); + memcpy(ctr, iv, 16); + + sm4_ctr_encrypt(&sm4_key, ctr, plain, sizeof(plain), tmp); + tmplen = sizeof(plain); + + sm3_hmac_init(&sm3_hmac_ctx, key + 16, 32); + sm3_hmac_update(&sm3_hmac_ctx, aad, sizeof(aad)); + sm3_hmac_update(&sm3_hmac_ctx, tmp, tmplen); + sm3_hmac_finish(&sm3_hmac_ctx, tmp + tmplen); + tmplen += 32; + + format_bytes(stdout, 0, 4, "ciphertext", tmp, tmplen); + + if (cipherlen != tmplen + || memcmp(cipher, tmp, tmplen) != 0) { + error_print(); + return -1; + } + } + + in = cipher; out = buf; @@ -254,6 +307,29 @@ static int test_aead_sm4_gcm(void) format_bytes(stdout, 0, 4, "plaintext ", plain, sizeof(plain)); format_bytes(stdout, 0, 4, "ciphertext", cipher, cipherlen); + { + SM4_KEY sm4_key; + uint8_t tmp[256]; + size_t tmplen; + + sm4_set_encrypt_key(&sm4_key, key); + + if (sm4_gcm_encrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), plain, sizeof(plain), + tmp, GHASH_SIZE, tmp + sizeof(plain)) != 1) { + error_print(); + return -1; + } + tmplen = sizeof(plain) + GHASH_SIZE; + + format_bytes(stdout, 0, 4, "ciphertext", tmp, tmplen); + + if (cipherlen != tmplen + || memcmp(cipher, tmp, tmplen) != 0) { + error_print(); + return -1; + } + } + in = cipher; out = buf;