abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-18 22:36:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add more SM4 modes

Browse Source
This commit is contained in:
Zhi Guan
2024-02-19 14:16:49 +08:00
parent 8ae03e8105
commit c9c26aca44
12 changed files with 1092 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

147
src/sm4_ccm.c
View File

@@ -14,10 +14,6 @@
#include <gmssl/error.h>
#define SM4_CCM_MIN_IV_SIZE 7
#define SM4_CCM_MAX_IV_SIZE 13
#define SM4_CCM_MIN_MAC_SIZE 4
#define SM4_CCM_MAX_MAC_SIZE 16
static void length_to_bytes(size_t len, size_t nbytes, uint8_t *out)
@@ -29,18 +25,16 @@ static void length_to_bytes(size_t len, size_t nbytes, uint8_t *out)
}
}
int sm4_ccm_encrypt(SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
int sm4_ccm_encrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
uint8_t *out, size_t taglen, uint8_t *tag)
{
SM4_CBC_MAC_CTX cbc_mac_ctx;
size_t inlen_size;
SM4_CBC_MAC_CTX mac_ctx;
const uint8_t zeros[16] = {0};
uint8_t block[16] = {0};
uint8_t ctr[16] = {0};
uint8_t S0[16];
uint8_t cbc_mac[16];
const uint8_t zeros[16] = {0};
size_t padding_len;
uint8_t mac[16];
size_t inlen_size;
if (ivlen < 7 || ivlen > 13) {
error_print();
@@ -56,22 +50,21 @@ int sm4_ccm_encrypt(SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
}
inlen_size = 15 - ivlen;
if (inlen >= (1 << (inlen_size * 8))) {
if (inlen_size < 8 && inlen >= (1 << (inlen_size * 8))) {
error_print();
return -1;
}
// sm4_cbc_mac_init
memset(&cbc_mac_ctx, 0, sizeof(cbc_mac_ctx));
cbc_mac_ctx.key = *sm4_key;
// sm4_cbc_mac_init with SM4_KEY
memset(&mac_ctx, 0, sizeof(mac_ctx));
mac_ctx.key = *sm4_key;
// first block
block[0] |= ((aadlen > 0) & 0x1) << 6;
block[0] |= (((taglen - 2)/2) & 0x7) << 3;
block[0] |= (inlen_size - 1) & 0x7;
memcpy(block + 1, iv, ivlen);
length_to_bytes(inlen, inlen_size, block + 1 + ivlen);
sm4_cbc_mac_update(&cbc_mac_ctx, block, 16);
sm4_cbc_mac_update(&mac_ctx, block, 16);
if (aad && aadlen) {
size_t alen;
@@ -88,35 +81,123 @@ int sm4_ccm_encrypt(SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
block[0] = 0xff;
block[1] = 0xff;
length_to_bytes(aadlen, 8, block + 2);
alen = 10;
}
sm4_cbc_mac_update(&cbc_mac_ctx, block, alen);
sm4_cbc_mac_update(&cbc_mac_ctx, aad, aadlen);
sm4_cbc_mac_update(&mac_ctx, block, alen);
sm4_cbc_mac_update(&mac_ctx, aad, aadlen);
if (alen + aadlen % 16) {
sm4_cbc_mac_update(&cbc_mac_ctx, zeros, 16 - (alen + aadlen)%16);
sm4_cbc_mac_update(&mac_ctx, zeros, 16 - (alen + aadlen)%16);
}
}
sm4_cbc_mac_update(&cbc_mac_ctx, in, inlen);
if (inlen % 16) {
sm4_cbc_mac_update(&cbc_mac_ctx, zeros, 16 - inlen%16);
}
sm4_cbc_mac_finish(&cbc_mac_ctx, cbc_mac);
ctr[0] = 0;
ctr[0] |= (inlen_size - 1) & 0x7;
memcpy(ctr + 1, iv, ivlen);
memset(ctr + 1 + ivlen, 0, 15 - ivlen);
sm4_encrypt(sm4_key, ctr, S0);
gmssl_memxor(out, cbc_mac, S0, taglen);
sm4_encrypt(sm4_key, ctr, block);
ctr[15] = 1;
sm4_ctr_encrypt(sm4_key, ctr, in, inlen, out);
gmssl_secure_clear(&cbc_mac_ctx, sizeof(cbc_mac_ctx));
sm4_cbc_mac_update(&mac_ctx, in, inlen);
if (inlen % 16) {
sm4_cbc_mac_update(&mac_ctx, zeros, 16 - inlen % 16);
}
sm4_cbc_mac_finish(&mac_ctx, mac);
gmssl_memxor(tag, mac, block, taglen);
gmssl_secure_clear(&mac_ctx, sizeof(mac_ctx));
return 1;
}
int sm4_ccm_decrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
const uint8_t *tag, size_t taglen, uint8_t *out)
{
SM4_CBC_MAC_CTX mac_ctx;
const uint8_t zeros[16] = {0};
uint8_t block[16] = {0};
uint8_t ctr[16] = {0};
uint8_t mac[16];
size_t inlen_size;
if (ivlen < 7 || ivlen > 13) {
error_print();
return -1;
}
if (!aad && aadlen) {
error_print();
return -1;
}
if (taglen < 4 || taglen > 16 || taglen & 1) {
error_print();
return -1;
}
inlen_size = 15 - ivlen;
if (inlen_size < 8 && inlen >= (1 << (inlen_size * 8))) {
error_print();
return -1;
}
// sm4_cbc_mac_init with SM4_KEY
memset(&mac_ctx, 0, sizeof(mac_ctx));
mac_ctx.key = *sm4_key;
block[0] |= ((aadlen > 0) & 0x1) << 6;
block[0] |= (((taglen - 2)/2) & 0x7) << 3;
block[0] |= (inlen_size - 1) & 0x7;
memcpy(block + 1, iv, ivlen);
length_to_bytes(inlen, inlen_size, block + 1 + ivlen);
sm4_cbc_mac_update(&mac_ctx, block, 16);
if (aad && aadlen) {
size_t alen;
if (aadlen < ((1<<16) - (1<<8))) {
length_to_bytes(aadlen, 2, block);
alen = 2;
} else if (aadlen < ((size_t)1<<32)) {
block[0] = 0xff;
block[1] = 0xfe;
length_to_bytes(aadlen, 4, block + 2);
alen = 6;
} else {
block[0] = 0xff;
block[1] = 0xff;
length_to_bytes(aadlen, 8, block + 2);
alen = 10;
}
sm4_cbc_mac_update(&mac_ctx, block, alen);
sm4_cbc_mac_update(&mac_ctx, aad, aadlen);
if (alen + aadlen % 16) {
sm4_cbc_mac_update(&mac_ctx, zeros, 16 - (alen + aadlen)%16);
}
}
ctr[0] = 0;
ctr[0] |= (inlen_size - 1) & 0x7;
memcpy(ctr + 1, iv, ivlen);
memset(ctr + 1 + ivlen, 0, 15 - ivlen);
sm4_encrypt(sm4_key, ctr, block);
ctr[15] = 1;
sm4_ctr_encrypt(sm4_key, ctr, in, inlen, out);
sm4_cbc_mac_update(&mac_ctx, out, inlen); // diff from encrypt
if (inlen % 16) {
sm4_cbc_mac_update(&mac_ctx, zeros, 16 - inlen % 16);
}
sm4_cbc_mac_finish(&mac_ctx, mac);
// diff from encrypt
gmssl_memxor(mac, mac, block, taglen);
if (memcmp(mac, tag, taglen) != 0) {
error_print();
gmssl_secure_clear(&mac_ctx, sizeof(mac_ctx));
return -1;
}
gmssl_secure_clear(&mac_ctx, sizeof(mac_ctx));
return 1;
}

8
src/sm4_cfb.c
View File

@@ -63,14 +63,6 @@ void sm4_cfb_decrypt(const SM4_KEY *key, size_t sbytes, uint8_t iv[16],
}
}
typedef struct {
SM4_KEY sm4_key;
uint8_t iv[SM4_BLOCK_SIZE];
uint8_t block[SM4_BLOCK_SIZE];
size_t block_nbytes;
size_t sbytes;
} SM4_CFB_CTX;
int sm4_cfb_encrypt_init(SM4_CFB_CTX *ctx, size_t sbytes,
const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE])
{

35
src/sm4_ecb.c
View File

@@ -22,13 +22,6 @@ void sm4_ecb_encrypt(const SM4_KEY *key, const uint8_t *in, size_t nblocks, uint
}
}
typedef struct {
SM4_KEY sm4_key;
uint8_t block[SM4_BLOCK_SIZE];
size_t block_nbytes;
} SM4_ECB_CTX;
int sm4_ecb_encrypt_init(SM4_ECB_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE])
{
sm4_set_encrypt_key(&ctx->sm4_key, key);
@@ -37,7 +30,7 @@ int sm4_ecb_encrypt_init(SM4_ECB_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE])
return 1;
}
int sm4_efb_encrypt_update(SM4_ECB_CTX *ctx,
int sm4_ecb_encrypt_update(SM4_ECB_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
size_t left;
@@ -93,3 +86,29 @@ int sm4_ecb_encrypt_finish(SM4_ECB_CTX *ctx, uint8_t *out, size_t *outlen)
return 1;
}
int sm4_ecb_decrypt_init(SM4_ECB_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE])
{
sm4_set_decrypt_key(&ctx->sm4_key, key);
memset(ctx->block, 0, SM4_BLOCK_SIZE);
ctx->block_nbytes = 0;
return 1;
}
int sm4_ecb_decrypt_update(SM4_ECB_CTX *ctx,
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen)
{
if (sm4_ecb_encrypt_update(ctx, in, inlen, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
int sm4_ecb_decrypt_finish(SM4_ECB_CTX *ctx, uint8_t *out, size_t *outlen)
{
if (sm4_ecb_encrypt_finish(ctx, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}

8
src/sm4_ofb.c
View File

@@ -27,14 +27,6 @@ void sm4_ofb_encrypt(const SM4_KEY *key, uint8_t iv[16], const uint8_t *in, size
}
}
typedef struct {
SM4_KEY sm4_key;
uint8_t iv[SM4_BLOCK_SIZE];
uint8_t block[SM4_BLOCK_SIZE];
size_t block_nbytes;
} SM4_OFB_CTX;
int sm4_ofb_encrypt_init(SM4_OFB_CTX *ctx,
const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE])
{

142
src/sm4_xts.c Normal file
View File

@@ -0,0 +1,142 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <gmssl/sm4.h>
#include <gmssl/mem.h>
#include <gmssl/gf128.h>
#include <gmssl/error.h>
int sm4_xts_encrypt(const SM4_KEY *key1, const SM4_KEY *key2, size_t tweak,
const uint8_t *in, size_t inlen, uint8_t *out)
{
uint8_t T[16] = {0};
uint8_t block[16];
size_t nblocks, i;
gf128_t a;
if (inlen < 16) {
error_print();
return -1;
}
nblocks = inlen / 16 + 1;
for (i = 0; i < 8; i++) {
T[i] = tweak & 0xff;
tweak >>= 8;
}
sm4_encrypt(key2, T, T);
for (i = 0; i < nblocks - 2; i++) {
gmssl_memxor(block, in, T, 16);
sm4_encrypt(key1, block, block);
gmssl_memxor(out, block, T, 16);
a = gf128_from_bytes(T);
a = gf128_mul2(a);
gf128_to_bytes(a, T);
in += 16;
inlen -= 16;
out += 16;
}
if (inlen % 16 == 0) {
gmssl_memxor(block, in, T, 16);
sm4_encrypt(key1, block, block);
gmssl_memxor(out, block, T, 16);
} else {
gmssl_memxor(block, in, T, 16);
sm4_encrypt(key1, block, block);
gmssl_memxor(block, block, T, 16);
a = gf128_from_bytes(T);
a = gf128_mul2(a);
gf128_to_bytes(a, T);
in += 16;
inlen -= 16;
memcpy(out + 16, block, inlen);
memcpy(block, in, inlen);
gmssl_memxor(block, block, T, 16);
sm4_encrypt(key1, block, block);
gmssl_memxor(out, block, T, 16);
}
return 1;
}
int sm4_xts_decrypt(const SM4_KEY *key1, const SM4_KEY *key2, size_t tweak,
const uint8_t *in, size_t inlen, uint8_t *out)
{
uint8_t T[16] = {0};
uint8_t block[16];
size_t nblocks, i;
gf128_t a;
if (inlen < 16) {
error_print();
return -1;
}
nblocks = inlen / 16 + 1;
for (i = 0; i < 8; i++) {
T[i] = tweak & 0xff;
tweak >>= 8;
}
sm4_encrypt(key2, T, T);
for (i = 0; i < nblocks - 2; i++) {
gmssl_memxor(block, in, T, 16);
sm4_decrypt(key1, block, block);
gmssl_memxor(out, block, T, 16);
a = gf128_from_bytes(T);
a = gf128_mul2(a);
gf128_to_bytes(a, T);
in += 16;
inlen -= 16;
out += 16;
}
if (inlen % 16 == 0) {
gmssl_memxor(block, in, T, 16);
sm4_decrypt(key1, block, block);
gmssl_memxor(out, block, T, 16);
} else {
uint8_t T1[16];
a = gf128_from_bytes(T);
a = gf128_mul2(a);
gf128_to_bytes(a, T1);
gmssl_memxor(block, in, T1, 16);
sm4_decrypt(key1, block, block);
gmssl_memxor(block, block, T1, 16);
in += 16;
inlen -= 16;
memcpy(out + 16, block, inlen);
memcpy(block, in, inlen);
gmssl_memxor(block, block, T, 16);
sm4_decrypt(key1, block, block);
gmssl_memxor(out, block, T, 16);
}
return 1;
}