mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-07 00:46:17 +08:00
291 lines
10 KiB
C
291 lines
10 KiB
C
/* crypto/sms4/sms4.c */
|
|
/* ====================================================================
|
|
* Copyright (c) 2014 - 2015 The GmSSL Project. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
*
|
|
* 3. All advertising materials mentioning features or use of this
|
|
* software must display the following acknowledgment:
|
|
* "This product includes software developed by the GmSSL Project.
|
|
* (http://gmssl.org/)"
|
|
*
|
|
* 4. The name "GmSSL Project" must not be used to endorse or promote
|
|
* products derived from this software without prior written
|
|
* permission. For written permission, please contact
|
|
* guanzhi1980@gmail.com.
|
|
*
|
|
* 5. Products derived from this software may not be called "GmSSL"
|
|
* nor may "GmSSL" appear in their names without prior written
|
|
* permission of the GmSSL Project.
|
|
*
|
|
* 6. Redistributions of any form whatsoever must retain the following
|
|
* acknowledgment:
|
|
* "This product includes software developed by the GmSSL Project
|
|
* (http://gmssl.org/)"
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
|
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
|
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
* ====================================================================
|
|
*
|
|
*/
|
|
|
|
#include "sms4.h"
|
|
|
|
#define FK0 0xa3b1bac6
|
|
#define FK1 0x56aa3350
|
|
#define FK2 0x677d9197
|
|
#define FK3 0xb27022dc
|
|
|
|
#define CK0 0x00070e15
|
|
#define CK1 0x1c232a31
|
|
#define CK2 0x383f464d
|
|
#define CK3 0x545b6269
|
|
#define CK4 0x70777e85
|
|
#define CK5 0x8c939aa1
|
|
#define CK6 0xa8afb6bd
|
|
#define CK7 0xc4cbd2d9
|
|
#define CK8 0xe0e7eef5
|
|
#define CK9 0xfc030a11
|
|
#define CK10 0x181f262d
|
|
#define CK11 0x343b4249
|
|
#define CK12 0x50575e65
|
|
#define CK13 0x6c737a81
|
|
#define CK14 0x888f969d
|
|
#define CK15 0xa4abb2b9
|
|
#define CK16 0xc0c7ced5
|
|
#define CK17 0xdce3eaf1
|
|
#define CK18 0xf8ff060d
|
|
#define CK19 0x141b2229
|
|
#define CK20 0x30373e45
|
|
#define CK21 0x4c535a61
|
|
#define CK22 0x686f767d
|
|
#define CK23 0x848b9299
|
|
#define CK24 0xa0a7aeb5
|
|
#define CK25 0xbcc3cad1
|
|
#define CK26 0xd8dfe6ed
|
|
#define CK27 0xf4fb0209
|
|
#define CK28 0x10171e25
|
|
#define CK29 0x2c333a41
|
|
#define CK30 0x484f565d
|
|
#define CK31 0x646b7279
|
|
|
|
static const uint8_t SBOX[256] = {
|
|
0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7,
|
|
0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05,
|
|
0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3,
|
|
0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99,
|
|
0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a,
|
|
0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62,
|
|
0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95,
|
|
0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6,
|
|
0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba,
|
|
0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8,
|
|
0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b,
|
|
0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35,
|
|
0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2,
|
|
0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87,
|
|
0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52,
|
|
0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e,
|
|
0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5,
|
|
0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1,
|
|
0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55,
|
|
0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3,
|
|
0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60,
|
|
0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f,
|
|
0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f,
|
|
0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51,
|
|
0x8d, 0x1b, 0xaf, 0x92, 0xbb, 0xdd, 0xbc, 0x7f,
|
|
0x11, 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, 0xd8,
|
|
0x0a, 0xc1, 0x31, 0x88, 0xa5, 0xcd, 0x7b, 0xbd,
|
|
0x2d, 0x74, 0xd0, 0x12, 0xb8, 0xe5, 0xb4, 0xb0,
|
|
0x89, 0x69, 0x97, 0x4a, 0x0c, 0x96, 0x77, 0x7e,
|
|
0x65, 0xb9, 0xf1, 0x09, 0xc5, 0x6e, 0xc6, 0x84,
|
|
0x18, 0xf0, 0x7d, 0xec, 0x3a, 0xdc, 0x4d, 0x20,
|
|
0x79, 0xee, 0x5f, 0x3e, 0xd7, 0xcb, 0x39, 0x48
|
|
};
|
|
|
|
|
|
#define GETU32(pc) ( \
|
|
((uint32_t)(pc)[0] << 24) ^ \
|
|
((uint32_t)(pc)[1] << 16) ^ \
|
|
((uint32_t)(pc)[2] << 8) ^ \
|
|
((uint32_t)(pc)[3]))
|
|
|
|
#define PUTU32(st, ct) { \
|
|
(ct)[0] = (uint8_t)((st) >> 24); \
|
|
(ct)[1] = (uint8_t)((st) >> 16); \
|
|
(ct)[2] = (uint8_t)((st) >> 8); \
|
|
(ct)[3] = (uint8_t)(st); }
|
|
|
|
|
|
#define ROT(A,i) (((A) << i) | ((A) >> (32 - i)))
|
|
|
|
#define S(A) ((SBOX[((A) >> 24) ] << 24) ^ \
|
|
(SBOX[((A) >> 16) & 0xff] << 16) ^ \
|
|
(SBOX[((A) >> 8) & 0xff] << 8) ^ \
|
|
(SBOX[((A)) & 0xff]))
|
|
|
|
#define L(B) ((B) ^ ROT((B), 2) ^ ROT((B),10) ^ ROT((B),18) ^ ROT((B), 24))
|
|
#define L_(B) ((B) ^ ROT((B),13) ^ ROT((B),23))
|
|
|
|
#define ROUND(X0,X1,X2,X3,X4,RK) X4=(X1)^(X2)^(X3)^(RK); X4=S(X4); X4=(X0)^L(X4)
|
|
#define ROUND_(X0,X1,X2,X3,X4,CK,RK) X4=(X1)^(X2)^(X3)^(CK); X4=S(X4); X4=(X0)^L_(X4); RK=X4
|
|
|
|
void sms4_set_encrypt_key(sms4_key_t *key, const unsigned char *user_key)
|
|
{
|
|
uint32_t *rk = key->rk;
|
|
uint32_t X0, X1, X2, X3, X4;
|
|
|
|
X0 = GETU32(user_key ) ^ FK0;
|
|
X1 = GETU32(user_key + 4) ^ FK1;
|
|
X2 = GETU32(user_key + 8) ^ FK2;
|
|
X3 = GETU32(user_key + 12) ^ FK3;
|
|
|
|
ROUND_(X0, X1, X2, X3, X4, CK0, rk[0]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK1, rk[1]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK2, rk[2]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK3, rk[3]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK4, rk[4]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK5, rk[5]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK6, rk[6]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK7, rk[7]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK8, rk[8]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK9, rk[9]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK10, rk[10]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK11, rk[11]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK12, rk[12]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK13, rk[13]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK14, rk[14]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK15, rk[15]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK16, rk[16]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK17, rk[17]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK18, rk[18]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK19, rk[19]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK20, rk[20]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK21, rk[21]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK22, rk[22]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK23, rk[23]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK24, rk[24]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK25, rk[25]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK26, rk[26]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK27, rk[27]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK28, rk[28]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK29, rk[29]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK30, rk[30]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK31, rk[31]);
|
|
}
|
|
|
|
void sms4_set_decrypt_key(sms4_key_t *key, const unsigned char *user_key)
|
|
{
|
|
uint32_t *rk = key->rk;
|
|
uint32_t X0, X1, X2, X3, X4;
|
|
|
|
X0 = GETU32(user_key ) ^ FK0;
|
|
X1 = GETU32(user_key + 4) ^ FK1;
|
|
X2 = GETU32(user_key + 8) ^ FK2;
|
|
X3 = GETU32(user_key + 12) ^ FK3;
|
|
|
|
ROUND_(X0, X1, X2, X3, X4, CK0, rk[31]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK1, rk[30]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK2, rk[29]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK3, rk[28]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK4, rk[27]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK5, rk[26]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK6, rk[25]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK7, rk[24]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK8, rk[23]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK9, rk[22]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK10, rk[21]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK11, rk[20]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK12, rk[19]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK13, rk[18]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK14, rk[17]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK15, rk[16]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK16, rk[15]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK17, rk[14]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK18, rk[13]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK19, rk[12]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK20, rk[11]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK21, rk[10]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK22, rk[9]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK23, rk[8]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK24, rk[7]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK25, rk[6]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK26, rk[5]);
|
|
ROUND_(X2, X3, X4, X0, X1, CK27, rk[4]);
|
|
ROUND_(X3, X4, X0, X1, X2, CK28, rk[3]);
|
|
ROUND_(X4, X0, X1, X2, X3, CK29, rk[2]);
|
|
ROUND_(X0, X1, X2, X3, X4, CK30, rk[1]);
|
|
ROUND_(X1, X2, X3, X4, X0, CK31, rk[0]);
|
|
}
|
|
|
|
void sms4_encrypt(const unsigned char *in, unsigned char *out, const sms4_key_t *key)
|
|
{
|
|
const uint32_t *rk = key->rk;
|
|
uint32_t X0, X1, X2, X3, X4;
|
|
|
|
X0 = GETU32(in );
|
|
X1 = GETU32(in + 4);
|
|
X2 = GETU32(in + 8);
|
|
X3 = GETU32(in + 12);
|
|
|
|
ROUND(X0, X1, X2, X3, X4, rk[0]);
|
|
ROUND(X1, X2, X3, X4, X0, rk[1]);
|
|
ROUND(X2, X3, X4, X0, X1, rk[2]);
|
|
ROUND(X3, X4, X0, X1, X2, rk[3]);
|
|
ROUND(X4, X0, X1, X2, X3, rk[4]);
|
|
ROUND(X0, X1, X2, X3, X4, rk[5]);
|
|
ROUND(X1, X2, X3, X4, X0, rk[6]);
|
|
ROUND(X2, X3, X4, X0, X1, rk[7]);
|
|
ROUND(X3, X4, X0, X1, X2, rk[8]);
|
|
ROUND(X4, X0, X1, X2, X3, rk[9]);
|
|
ROUND(X0, X1, X2, X3, X4, rk[10]);
|
|
ROUND(X1, X2, X3, X4, X0, rk[11]);
|
|
ROUND(X2, X3, X4, X0, X1, rk[12]);
|
|
ROUND(X3, X4, X0, X1, X2, rk[13]);
|
|
ROUND(X4, X0, X1, X2, X3, rk[14]);
|
|
ROUND(X0, X1, X2, X3, X4, rk[15]);
|
|
ROUND(X1, X2, X3, X4, X0, rk[16]);
|
|
ROUND(X2, X3, X4, X0, X1, rk[17]);
|
|
ROUND(X3, X4, X0, X1, X2, rk[18]);
|
|
ROUND(X4, X0, X1, X2, X3, rk[19]);
|
|
ROUND(X0, X1, X2, X3, X4, rk[20]);
|
|
ROUND(X1, X2, X3, X4, X0, rk[21]);
|
|
ROUND(X2, X3, X4, X0, X1, rk[22]);
|
|
ROUND(X3, X4, X0, X1, X2, rk[23]);
|
|
ROUND(X4, X0, X1, X2, X3, rk[24]);
|
|
ROUND(X0, X1, X2, X3, X4, rk[25]);
|
|
ROUND(X1, X2, X3, X4, X0, rk[26]);
|
|
ROUND(X2, X3, X4, X0, X1, rk[27]);
|
|
ROUND(X3, X4, X0, X1, X2, rk[28]);
|
|
ROUND(X4, X0, X1, X2, X3, rk[29]);
|
|
ROUND(X0, X1, X2, X3, X4, rk[30]);
|
|
ROUND(X1, X2, X3, X4, X0, rk[31]);
|
|
|
|
PUTU32(X0, out);
|
|
PUTU32(X4, out + 4);
|
|
PUTU32(X3, out + 8);
|
|
PUTU32(X2, out + 12);
|
|
}
|
|
|