From dc4c21f4ec74323221945b69078b8e66e8c4dce0 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 17 Dec 2023 16:52:42 +0800 Subject: [PATCH] Make AES optional and remove "Public API" from headers --- CMakeLists.txt | 11 +++++-- include/gmssl/base64.h | 15 +--------- include/gmssl/block_cipher.h | 13 +++++---- include/gmssl/pbkdf2.h | 12 +------- include/gmssl/sdf.h | 19 +----------- include/gmssl/skf.h | 38 +----------------------- include/gmssl/sm2.h | 35 ---------------------- include/gmssl/sm9.h | 56 +----------------------------------- include/gmssl/tls.h | 35 +--------------------- include/gmssl/zuc.h | 29 +------------------ src/block_cipher.c | 4 ++- src/gcm.c | 13 +++++++-- src/tls13.c | 2 ++ tests/gcmtest.c | 4 ++- 14 files changed, 42 insertions(+), 244 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 969096d2..4c0a6d10 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -25,8 +25,6 @@ set(src src/sm9_lib.c src/zuc.c src/zuc_modes.c - src/aes.c - src/aes_modes.c src/hash_drbg.c src/block_cipher.c src/digest.c @@ -123,7 +121,6 @@ set(tests sm2 sm9 zuc - aes hash_drbg block_cipher digest @@ -304,6 +301,14 @@ if (ENABLE_SHA2) endif() +option(ENABLE_AES "Enable AES" ON) +if (ENABLE_AES) + message(STATUS "ENABLE_AES is ON") + list(APPEND src src/aes.c src/aes_modes.c) + list(APPEND tests aes) +endif() + + option(ENABLE_CHACHA20 "Enable Chacha20" OFF) if (ENABLE_CHACHA20) message(STATUS "ENABLE_CHACHA20 is ON") diff --git a/include/gmssl/base64.h b/include/gmssl/base64.h index e981aef6..d11d3f5d 100644 --- a/include/gmssl/base64.h +++ b/include/gmssl/base64.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -19,19 +19,6 @@ extern "C" { #endif -/* -BASE64 Public API - - BASE64_CTX - base64_encode_init - base64_encode_update - base64_encode_finish - base64_decode_init - base64_decode_update - base64_decode_finish - -*/ - typedef struct { /* number saved in a partial encode/decode */ diff --git a/include/gmssl/block_cipher.h b/include/gmssl/block_cipher.h index e9286635..afd2a8c3 100644 --- a/include/gmssl/block_cipher.h +++ b/include/gmssl/block_cipher.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -7,9 +7,6 @@ * http://www.apache.org/licenses/LICENSE-2.0 */ - - - #ifndef GMSSL_BLOCK_CIPHER_H #define GMSSL_BLOCK_CIPHER_H @@ -17,8 +14,10 @@ #include #include #include -#include #include +#ifdef ENABLE_AES +#include +#endif #ifdef __cplusplus @@ -37,7 +36,9 @@ typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY; struct BLOCK_CIPHER_KEY { union { SM4_KEY sm4_key; +#ifdef ENABLE_AES AES_KEY aes_key; +#endif } u; const BLOCK_CIPHER *cipher; }; @@ -58,7 +59,9 @@ struct BLOCK_CIPHER { }; const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void); +#ifdef ENABLE_AES const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void); +#endif const BLOCK_CIPHER *block_cipher_from_name(const char *name); const char *block_cipher_name(const BLOCK_CIPHER *cipher); diff --git a/include/gmssl/pbkdf2.h b/include/gmssl/pbkdf2.h index 20aabb51..06233b27 100644 --- a/include/gmssl/pbkdf2.h +++ b/include/gmssl/pbkdf2.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -22,16 +22,6 @@ extern "C" { #endif -/* -PBKDF2 Public API - - PBKDF2_MIN_ITER - PBKDF2_DEFAULT_SALT_SIZE - PBKDF2_MAX_SALT_SIZE - - pbkdf2_hmac_sm3_genkey -*/ - #define PBKDF2_MIN_ITER 10000 #define PBKDF2_MAX_ITER (INT_MAX) diff --git a/include/gmssl/sdf.h b/include/gmssl/sdf.h index 77cf6a08..12344261 100644 --- a/include/gmssl/sdf.h +++ b/include/gmssl/sdf.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -20,23 +20,6 @@ extern "C" { #endif -/* -SDF Public API - - sdf_load_library - sdf_unload_library - - SDF_DEVICE - sdf_open_device - sdf_close_device - sdf_print_device_info - sdf_rand_bytes - sdf_load_sign_key - - SDF_KEY - sdf_sign - sdf_release_key -*/ typedef struct { void *handle; diff --git a/include/gmssl/skf.h b/include/gmssl/skf.h index 2f23de8f..88efe58f 100644 --- a/include/gmssl/skf.h +++ b/include/gmssl/skf.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -22,42 +22,6 @@ extern "C" { #endif -/* -SKF Public API - - skf_load_library - skf_unload_library - skf_list_devices - skf_print_device_info - - SKF_DEVICE - skf_open_device - skf_close_deivce - skf_set_label - skf_change_authkey - skf_list_apps - skf_create_app - skf_delete_app - skf_change_app_admin_pin - skf_change_app_user_pin - skf_unblock_user_pin - skf_list_objects - skf_import_object - skf_export_object - skf_delete_object - skf_list_containers - skf_create_container - skf_delete_container - skf_import_sign_cert - skf_export_sign_cert - skf_rand_bytes - skf_load_sign_key - - SKF_KEY - skf_sign - skf_release_key -*/ - typedef struct { void *handle; char manufacturer[65]; diff --git a/include/gmssl/sm2.h b/include/gmssl/sm2.h index 1d39fde0..e2057ab0 100644 --- a/include/gmssl/sm2.h +++ b/include/gmssl/sm2.h @@ -23,41 +23,6 @@ extern "C" { #endif -/* -SM2 Public API - - SM2_DEFAULT_ID - SM2_MAX_ID_LENGTH - SM2_MAX_SIGNATURE_SIZE - SM2_MAX_PLAINTEXT_SIZE - SM2_MAX_CIPHERTEXT_SIZE - - SM2_KEY - sm2_key_generate - sm2_private_key_info_encrypt_to_der - sm2_private_key_info_decrypt_from_der - sm2_private_key_info_encrypt_to_pem - sm2_private_key_info_decrypt_from_pem - sm2_public_key_info_to_der - sm2_public_key_info_from_der - sm2_public_key_info_to_pem - sm2_public_key_info_from_pem - - sm2_sign - sm2_verify - sm2_encrypt - sm2_decrypt - sm2_ecdh - - SM2_SIGN_CTX - sm2_sign_init - sm2_sign_update - sm2_sign_finish - sm2_verify_init - sm2_verify_update - sm2_verify_finish -*/ - typedef uint64_t SM2_BN[8]; int sm2_bn_is_zero(const SM2_BN a); diff --git a/include/gmssl/sm9.h b/include/gmssl/sm9.h index bda91897..a16752fc 100644 --- a/include/gmssl/sm9.h +++ b/include/gmssl/sm9.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -23,60 +23,6 @@ extern "C" { #endif -/* -SM9 Public API - - SM9_SIGNATURE_SIZE - SM9_MAX_PLAINTEXT_SIZE - SM9_MAX_CIPHERTEXT_SIZE - - SM9_SIGN_MASTER_KEY - sm9_sign_master_key_generate - sm9_sign_master_key_extract_key - sm9_sign_master_key_info_encrypt_to_der - sm9_sign_master_key_info_decrypt_from_der - sm9_sign_master_key_info_encrypt_to_pem - sm9_sign_master_key_info_decrypt_from_pem - sm9_sign_master_public_key_to_der - sm9_sign_master_public_key_from_der - sm9_sign_master_public_key_to_pem - sm9_sign_master_public_key_from_pem - - SM9_SIGN_KEY - sm9_sign_key_info_encrypt_to_der - sm9_sign_key_info_decrypt_from_der - sm9_sign_key_info_encrypt_to_pem - sm9_sign_key_info_decrypt_from_pem - - SM9_SIGN_CTX - sm9_sign_init - sm9_sign_update - sm9_sign_finish - sm9_verify_init - sm9_verify_update - sm9_verify_finish - - SM9_ENC_MASTER_KEY - sm9_enc_master_key_generate - sm9_enc_master_key_extract_key - sm9_enc_master_key_info_encrypt_to_der - sm9_enc_master_key_info_decrypt_from_der - sm9_enc_master_key_info_encrypt_to_pem - sm9_enc_master_key_info_decrypt_from_pem - sm9_enc_master_public_key_to_der - sm9_enc_master_public_key_from_der - sm9_enc_master_public_key_to_pem - sm9_enc_master_public_key_from_pem - - SM9_ENC_KEY - sm9_enc_key_info_encrypt_to_der - sm9_enc_key_info_decrypt_from_der - sm9_enc_key_info_encrypt_to_pem - sm9_enc_key_info_decrypt_from_pem - - sm9_encrypt - sm9_decrypt -*/ #define SM9_HEX_SEP '\n' diff --git a/include/gmssl/tls.h b/include/gmssl/tls.h index 7c5474ed..d02ad094 100644 --- a/include/gmssl/tls.h +++ b/include/gmssl/tls.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -27,39 +27,6 @@ extern "C" { #endif -/* -TLS Public API - - TLS_PROTOCOL - TLS_protocol_tlcp - TLS_protocol_tls12 - TLS_protocol_tls13 - - TLS_CIPHER_SUITE - TLS_cipher_ecc_sm4_cbc_sm3 - TLS_cipher_ecc_sm4_gcm_sm3 - TLS_cipher_ecdhe_sm4_cbc_sm3 - TLS_cipher_ecdhe_sm4_gcm_sm3 - TLS_cipher_sm4_gcm_sm3 - - TLS_CTX - tls_ctx_init - tls_ctx_set_cipher_suites - tls_ctx_set_ca_certificates - tls_ctx_set_certificate_and_key - tls_ctx_set_tlcp_server_certificate_and_keys - tls_ctx_cleanup - - TLS_CONNECT - tls_init - tls_set_socket - tls_do_handshake - tls_send - tls_recv - tls_shutdown - tls_cleanup -*/ - typedef uint32_t uint24_t; #define tls_uint8_size() 1 diff --git a/include/gmssl/zuc.h b/include/gmssl/zuc.h index 20db893e..a15bf6bc 100644 --- a/include/gmssl/zuc.h +++ b/include/gmssl/zuc.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -21,31 +21,6 @@ extern "C" { #endif -/* -ZUC Public API - - ZUC_KEY_SIZE - ZUC_IV_SIZE - ZUC_MAC_SIZE - - ZUC_CTX - zuc_encrypt_init - zuc_encrypt_update - zuc_encrypt_finish - zuc_decrypt_init - zuc_decrypt_update - zuc_decrypt_finish - - ZUC_MAC_CTX - zuc_mac_init - zuc_mac_update - zuc_mac_finish - - zuc_eea_encrypt - zuc_eia_generate_mac -*/ - - # define ZUC_KEY_SIZE 16 # define ZUC_IV_SIZE 16 # define ZUC_MAC_SIZE 4 @@ -124,8 +99,6 @@ void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len); void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]); -// Public API - typedef struct { ZUC_STATE zuc_state; uint8_t block[4]; diff --git a/src/block_cipher.c b/src/block_cipher.c index 0db0fa83..59735bbf 100644 --- a/src/block_cipher.c +++ b/src/block_cipher.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -59,6 +59,7 @@ const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void) { return &sm4_block_cipher_object; } +#ifdef ENABLE_AES static int aes128_set_encrypt_key(AES_KEY *aes_key, const uint8_t key[16]) { return aes_set_encrypt_key(aes_key, key, 16); } @@ -80,3 +81,4 @@ static const BLOCK_CIPHER aes128_block_cipher_object = { const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void) { return &aes128_block_cipher_object; } +#endif // ENABLE_AES diff --git a/src/gcm.c b/src/gcm.c index b052aea0..2425f9e3 100644 --- a/src/gcm.c +++ b/src/gcm.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -17,7 +17,6 @@ #include #include #include -#include #include @@ -178,11 +177,16 @@ int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen, error_print(); return -1; } +#ifdef ENABLE_AES } else if (key->cipher == BLOCK_CIPHER_aes128()) { if (aes_gcm_encrypt(&(key->u.aes_key), iv, ivlen, aad, aadlen, in, inlen, out, taglen, tag) != 1) { error_print(); return -1; } +#endif + } else { + error_print(); + return -1; } return 1; } @@ -196,11 +200,16 @@ int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen, error_print(); return -1; } +#ifdef ENABLE_AES } else if (key->cipher == BLOCK_CIPHER_aes128()) { if (aes_gcm_decrypt(&(key->u.aes_key), iv, ivlen, aad, aadlen, in, inlen, tag, taglen, out) != 1) { error_print(); return -1; } +#endif + } else { + error_print(); + return -1; } return 1; } diff --git a/src/tls13.c b/src/tls13.c index 4f8d3860..1890cc08 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1299,10 +1299,12 @@ int tls13_cipher_suite_get(int cipher_suite, const DIGEST **digest, const BLOCK_ *digest = DIGEST_sm3(); *cipher = BLOCK_CIPHER_sm4(); break; +#if defined(ENABLE_AES) && defined(ENABLE_SHA2) case TLS_cipher_aes_128_gcm_sha256: *digest = DIGEST_sha256(); *cipher = BLOCK_CIPHER_aes128(); break; +#endif default: error_print(); return -1; diff --git a/tests/gcmtest.c b/tests/gcmtest.c index d15e1b57..6d69a61f 100644 --- a/tests/gcmtest.c +++ b/tests/gcmtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -131,6 +131,7 @@ int test_gcm(void) rand_bytes(aad, sizeof(aad)); rand_bytes(in, sizeof(in)); +#ifdef ENABLE_AES memset(out, 0, sizeof(out)); memset(buf, 0, sizeof(buf)); memset(tag, 0, sizeof(tag)); @@ -151,6 +152,7 @@ int test_gcm(void) error_print(); return -1; } +#endif // ENABLE_AES memset(out, 0, sizeof(out)); memset(buf, 0, sizeof(buf));