diff options
| author | tb <> | 2019-03-17 17:42:37 +0000 |
|---|---|---|
| committer | tb <> | 2019-03-17 17:42:37 +0000 |
| commit | c8acd603ab3f519a4bfe159fe808dc94fb3d7b1d (patch) | |
| tree | e7748056894786129bb207a2b1e279e8dd2d2eb9 | |
| parent | 06bdba97e3fb8c99bcbb5665009130127e348e06 (diff) | |
| download | openbsd-c8acd603ab3f519a4bfe159fe808dc94fb3d7b1d.tar.gz openbsd-c8acd603ab3f519a4bfe159fe808dc94fb3d7b1d.tar.bz2 openbsd-c8acd603ab3f519a4bfe159fe808dc94fb3d7b1d.zip | |
Add the SM4 block cipher from the Chinese standard GB/T 32907-2016.
This is an ISC licensed version based on the sources by Ribose Inc
that were ported to OpenSSL in 2017.
Patch from Daniel Wyatt with minor tweaks.
ok inoguchi, jsing
| -rw-r--r-- | src/lib/libcrypto/Makefile | 8 | ||||
| -rw-r--r-- | src/lib/libcrypto/Symbols.list | 8 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/c_all.c | 12 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/e_sm4.c | 113 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp.h | 11 | ||||
| -rw-r--r-- | src/lib/libcrypto/objects/objects.txt | 16 | ||||
| -rw-r--r-- | src/lib/libcrypto/sm4/sm4.c | 263 | ||||
| -rw-r--r-- | src/lib/libcrypto/sm4/sm4.h | 51 |
8 files changed, 479 insertions, 3 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index ef07324416..5d81193d80 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.32 2019/01/23 00:50:39 tb Exp $ | 1 | # $OpenBSD: Makefile,v 1.33 2019/03/17 17:42:37 tb Exp $ |
| 2 | 2 | ||
| 3 | LIB= crypto | 3 | LIB= crypto |
| 4 | LIBREBUILD=y | 4 | LIBREBUILD=y |
| @@ -166,6 +166,7 @@ SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c | |||
| 166 | SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c | 166 | SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c |
| 167 | SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c | 167 | SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c |
| 168 | SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c | 168 | SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c |
| 169 | SRCS+= e_sm4.c | ||
| 169 | SRCS+= m_md5_sha1.c | 170 | SRCS+= m_md5_sha1.c |
| 170 | 171 | ||
| 171 | # gost/ | 172 | # gost/ |
| @@ -239,6 +240,9 @@ SRCS+= sha1dgst.c sha1_one.c sha256.c sha512.c | |||
| 239 | # sm3/ | 240 | # sm3/ |
| 240 | SRCS+= sm3.c | 241 | SRCS+= sm3.c |
| 241 | 242 | ||
| 243 | # sm4/ | ||
| 244 | SRCS+= sm4.c | ||
| 245 | |||
| 242 | # stack/ | 246 | # stack/ |
| 243 | SRCS+= stack.c | 247 | SRCS+= stack.c |
| 244 | 248 | ||
| @@ -319,6 +323,7 @@ SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c | |||
| 319 | ${LCRYPTO_SRC}/rsa \ | 323 | ${LCRYPTO_SRC}/rsa \ |
| 320 | ${LCRYPTO_SRC}/sha \ | 324 | ${LCRYPTO_SRC}/sha \ |
| 321 | ${LCRYPTO_SRC}/sm3 \ | 325 | ${LCRYPTO_SRC}/sm3 \ |
| 326 | ${LCRYPTO_SRC}/sm4 \ | ||
| 322 | ${LCRYPTO_SRC}/stack \ | 327 | ${LCRYPTO_SRC}/stack \ |
| 323 | ${LCRYPTO_SRC}/threads \ | 328 | ${LCRYPTO_SRC}/threads \ |
| 324 | ${LCRYPTO_SRC}/ts \ | 329 | ${LCRYPTO_SRC}/ts \ |
| @@ -380,6 +385,7 @@ HDRS=\ | |||
| 380 | ${LCRYPTO_SRC}/rsa/rsa.h \ | 385 | ${LCRYPTO_SRC}/rsa/rsa.h \ |
| 381 | ${LCRYPTO_SRC}/sha/sha.h \ | 386 | ${LCRYPTO_SRC}/sha/sha.h \ |
| 382 | ${LCRYPTO_SRC}/sm3/sm3.h \ | 387 | ${LCRYPTO_SRC}/sm3/sm3.h \ |
| 388 | ${LCRYPTO_SRC}/sm4/sm4.h \ | ||
| 383 | ${LCRYPTO_SRC}/stack/safestack.h \ | 389 | ${LCRYPTO_SRC}/stack/safestack.h \ |
| 384 | ${LCRYPTO_SRC}/stack/stack.h \ | 390 | ${LCRYPTO_SRC}/stack/stack.h \ |
| 385 | ${LCRYPTO_SRC}/ts/ts.h \ | 391 | ${LCRYPTO_SRC}/ts/ts.h \ |
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list index 7ea2c5d135..63e3ee45ac 100644 --- a/src/lib/libcrypto/Symbols.list +++ b/src/lib/libcrypto/Symbols.list | |||
| @@ -1631,6 +1631,11 @@ EVP_sha256 | |||
| 1631 | EVP_sha384 | 1631 | EVP_sha384 |
| 1632 | EVP_sha512 | 1632 | EVP_sha512 |
| 1633 | EVP_sm3 | 1633 | EVP_sm3 |
| 1634 | EVP_sm4_cbc | ||
| 1635 | EVP_sm4_cfb128 | ||
| 1636 | EVP_sm4_ctr | ||
| 1637 | EVP_sm4_ecb | ||
| 1638 | EVP_sm4_ofb | ||
| 1634 | EVP_streebog256 | 1639 | EVP_streebog256 |
| 1635 | EVP_streebog512 | 1640 | EVP_streebog512 |
| 1636 | EVP_whirlpool | 1641 | EVP_whirlpool |
| @@ -2373,6 +2378,9 @@ SHA512_Update | |||
| 2373 | SM3_Final | 2378 | SM3_Final |
| 2374 | SM3_Init | 2379 | SM3_Init |
| 2375 | SM3_Update | 2380 | SM3_Update |
| 2381 | SM4_decrypt | ||
| 2382 | SM4_encrypt | ||
| 2383 | SM4_set_key | ||
| 2376 | SMIME_crlf_copy | 2384 | SMIME_crlf_copy |
| 2377 | SMIME_read_ASN1 | 2385 | SMIME_read_ASN1 |
| 2378 | SMIME_read_PKCS7 | 2386 | SMIME_read_PKCS7 |
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c index 5ed55f67f6..cce3640866 100644 --- a/src/lib/libcrypto/evp/c_all.c +++ b/src/lib/libcrypto/evp/c_all.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: c_all.c,v 1.24 2018/12/26 15:11:04 tb Exp $ */ | 1 | /* $OpenBSD: c_all.c,v 1.25 2019/03/17 17:42:37 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -227,6 +227,16 @@ OpenSSL_add_all_ciphers_internal(void) | |||
| 227 | EVP_add_cipher(EVP_gost2814789_cfb64()); | 227 | EVP_add_cipher(EVP_gost2814789_cfb64()); |
| 228 | EVP_add_cipher(EVP_gost2814789_cnt()); | 228 | EVP_add_cipher(EVP_gost2814789_cnt()); |
| 229 | #endif | 229 | #endif |
| 230 | |||
| 231 | #ifndef OPENSSL_NO_SM4 | ||
| 232 | EVP_add_cipher(EVP_sm4_ecb()); | ||
| 233 | EVP_add_cipher(EVP_sm4_cbc()); | ||
| 234 | EVP_add_cipher(EVP_sm4_cfb()); | ||
| 235 | EVP_add_cipher(EVP_sm4_ofb()); | ||
| 236 | EVP_add_cipher(EVP_sm4_ctr()); | ||
| 237 | EVP_add_cipher_alias(SN_sm4_cbc, "SM4"); | ||
| 238 | EVP_add_cipher_alias(SN_sm4_cbc, "sm4"); | ||
| 239 | #endif | ||
| 230 | } | 240 | } |
| 231 | 241 | ||
| 232 | void | 242 | void |
diff --git a/src/lib/libcrypto/evp/e_sm4.c b/src/lib/libcrypto/evp/e_sm4.c new file mode 100644 index 0000000000..554915b29c --- /dev/null +++ b/src/lib/libcrypto/evp/e_sm4.c | |||
| @@ -0,0 +1,113 @@ | |||
| 1 | /* $OpenBSD: e_sm4.c,v 1.1 2019/03/17 17:42:37 tb Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2017, 2019 Ribose Inc | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #include <openssl/opensslconf.h> | ||
| 19 | |||
| 20 | #ifndef OPENSSL_NO_SM4 | ||
| 21 | #include <openssl/evp.h> | ||
| 22 | #include <openssl/modes.h> | ||
| 23 | #include <openssl/sm4.h> | ||
| 24 | |||
| 25 | #include "evp_locl.h" | ||
| 26 | |||
| 27 | typedef struct { | ||
| 28 | SM4_KEY ks; | ||
| 29 | } EVP_SM4_KEY; | ||
| 30 | |||
| 31 | static int | ||
| 32 | sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 33 | const unsigned char *iv, int enc) | ||
| 34 | { | ||
| 35 | SM4_set_key(key, ctx->cipher_data); | ||
| 36 | return 1; | ||
| 37 | } | ||
| 38 | |||
| 39 | static void | ||
| 40 | sm4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, | ||
| 41 | const SM4_KEY *key, unsigned char *ivec, const int enc) | ||
| 42 | { | ||
| 43 | if (enc) | ||
| 44 | CRYPTO_cbc128_encrypt(in, out, len, key, ivec, | ||
| 45 | (block128_f)SM4_encrypt); | ||
| 46 | else | ||
| 47 | CRYPTO_cbc128_decrypt(in, out, len, key, ivec, | ||
| 48 | (block128_f)SM4_decrypt); | ||
| 49 | } | ||
| 50 | |||
| 51 | static void | ||
| 52 | sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, | ||
| 53 | const SM4_KEY *key, unsigned char *ivec, int *num, const int enc) | ||
| 54 | { | ||
| 55 | CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, | ||
| 56 | (block128_f)SM4_encrypt); | ||
| 57 | } | ||
| 58 | |||
| 59 | static void | ||
| 60 | sm4_ecb_encrypt(const unsigned char *in, unsigned char *out, const SM4_KEY *key, | ||
| 61 | const int enc) | ||
| 62 | { | ||
| 63 | if (enc) | ||
| 64 | SM4_encrypt(in, out, key); | ||
| 65 | else | ||
| 66 | SM4_decrypt(in, out, key); | ||
| 67 | } | ||
| 68 | |||
| 69 | static void | ||
| 70 | sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, | ||
| 71 | const SM4_KEY *key, unsigned char *ivec, int *num) | ||
| 72 | { | ||
| 73 | CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, | ||
| 74 | (block128_f)SM4_encrypt); | ||
| 75 | } | ||
| 76 | |||
| 77 | IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, 16, 16, 16, 128, | ||
| 78 | EVP_CIPH_FLAG_DEFAULT_ASN1, sm4_init_key, NULL, 0, 0, 0) | ||
| 79 | |||
| 80 | static int | ||
| 81 | sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, | ||
| 82 | size_t len) | ||
| 83 | { | ||
| 84 | EVP_SM4_KEY *key = EVP_C_DATA(EVP_SM4_KEY, ctx); | ||
| 85 | |||
| 86 | CRYPTO_ctr128_encrypt(in, out, len, &key->ks, ctx->iv, ctx->buf, | ||
| 87 | &ctx->num, (block128_f)SM4_encrypt); | ||
| 88 | return 1; | ||
| 89 | } | ||
| 90 | |||
| 91 | static const EVP_CIPHER sm4_ctr_mode = { | ||
| 92 | .nid = NID_sm4_ctr, | ||
| 93 | .block_size = 1, | ||
| 94 | .key_len = 16, | ||
| 95 | .iv_len = 16, | ||
| 96 | .flags = EVP_CIPH_CTR_MODE, | ||
| 97 | .init = sm4_init_key, | ||
| 98 | .do_cipher = sm4_ctr_cipher, | ||
| 99 | .cleanup = NULL, | ||
| 100 | .ctx_size = sizeof(EVP_SM4_KEY), | ||
| 101 | .set_asn1_parameters = NULL, | ||
| 102 | .get_asn1_parameters = NULL, | ||
| 103 | .ctrl = NULL, | ||
| 104 | .app_data = NULL, | ||
| 105 | }; | ||
| 106 | |||
| 107 | const EVP_CIPHER * | ||
| 108 | EVP_sm4_ctr(void) | ||
| 109 | { | ||
| 110 | return &sm4_ctr_mode; | ||
| 111 | } | ||
| 112 | |||
| 113 | #endif | ||
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 0645303686..cd9b33c9b8 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp.h,v 1.72 2019/01/22 00:59:21 dlg Exp $ */ | 1 | /* $OpenBSD: evp.h,v 1.73 2019/03/17 17:42:37 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -837,6 +837,15 @@ const EVP_CIPHER *EVP_gost2814789_cfb64(void); | |||
| 837 | const EVP_CIPHER *EVP_gost2814789_cnt(void); | 837 | const EVP_CIPHER *EVP_gost2814789_cnt(void); |
| 838 | #endif | 838 | #endif |
| 839 | 839 | ||
| 840 | #ifndef OPENSSL_NO_SM4 | ||
| 841 | const EVP_CIPHER *EVP_sm4_ecb(void); | ||
| 842 | const EVP_CIPHER *EVP_sm4_cbc(void); | ||
| 843 | const EVP_CIPHER *EVP_sm4_cfb128(void); | ||
| 844 | #define EVP_sm4_cfb EVP_sm4_cfb128 | ||
| 845 | const EVP_CIPHER *EVP_sm4_ofb(void); | ||
| 846 | const EVP_CIPHER *EVP_sm4_ctr(void); | ||
| 847 | #endif | ||
| 848 | |||
| 840 | void OPENSSL_add_all_algorithms_noconf(void); | 849 | void OPENSSL_add_all_algorithms_noconf(void); |
| 841 | void OPENSSL_add_all_algorithms_conf(void); | 850 | void OPENSSL_add_all_algorithms_conf(void); |
| 842 | 851 | ||
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt index cf5fe69370..7aefca0b4a 100644 --- a/src/lib/libcrypto/objects/objects.txt +++ b/src/lib/libcrypto/objects/objects.txt | |||
| @@ -1290,6 +1290,22 @@ kisa 1 5 : SEED-CFB : seed-cfb | |||
| 1290 | !Cname seed-ofb128 | 1290 | !Cname seed-ofb128 |
| 1291 | kisa 1 6 : SEED-OFB : seed-ofb | 1291 | kisa 1 6 : SEED-OFB : seed-ofb |
| 1292 | 1292 | ||
| 1293 | # Definitions for SM4 cipher | ||
| 1294 | |||
| 1295 | member-body 156 : ISO-CN : ISO CN Member Body | ||
| 1296 | ISO-CN 10197 : oscca | ||
| 1297 | oscca 1 : sm-scheme | ||
| 1298 | |||
| 1299 | sm-scheme 104 1 : SM4-ECB : sm4-ecb | ||
| 1300 | sm-scheme 104 2 : SM4-CBC : sm4-cbc | ||
| 1301 | !Cname sm4-ofb128 | ||
| 1302 | sm-scheme 104 3 : SM4-OFB : sm4-ofb | ||
| 1303 | !Cname sm4-cfb128 | ||
| 1304 | sm-scheme 104 4 : SM4-CFB : sm4-cfb | ||
| 1305 | sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1 | ||
| 1306 | sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8 | ||
| 1307 | sm-scheme 104 7 : SM4-CTR : sm4-ctr | ||
| 1308 | |||
| 1293 | # There is no OID that just denotes "HMAC" oddly enough... | 1309 | # There is no OID that just denotes "HMAC" oddly enough... |
| 1294 | 1310 | ||
| 1295 | : HMAC : hmac | 1311 | : HMAC : hmac |
diff --git a/src/lib/libcrypto/sm4/sm4.c b/src/lib/libcrypto/sm4/sm4.c new file mode 100644 index 0000000000..009c780fb5 --- /dev/null +++ b/src/lib/libcrypto/sm4/sm4.c | |||
| @@ -0,0 +1,263 @@ | |||
| 1 | /* $OpenBSD: sm4.c,v 1.1 2019/03/17 17:42:37 tb Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2017, 2019 Ribose Inc | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #include <openssl/opensslconf.h> | ||
| 19 | |||
| 20 | #ifndef OPENSSL_NO_SM4 | ||
| 21 | #include <openssl/sm4.h> | ||
| 22 | |||
| 23 | struct sm4_key { | ||
| 24 | uint32_t rk[SM4_KEY_SCHEDULE]; | ||
| 25 | }; | ||
| 26 | |||
| 27 | static const uint8_t SM4_S[256] = { | ||
| 28 | 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, | ||
| 29 | 0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3, | ||
| 30 | 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4, | ||
| 31 | 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62, | ||
| 32 | 0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA, | ||
| 33 | 0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA, | ||
| 34 | 0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2, | ||
| 35 | 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35, | ||
| 36 | 0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B, | ||
| 37 | 0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52, | ||
| 38 | 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2, | ||
| 39 | 0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1, | ||
| 40 | 0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30, | ||
| 41 | 0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60, | ||
| 42 | 0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45, | ||
| 43 | 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51, | ||
| 44 | 0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41, | ||
| 45 | 0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD, | ||
| 46 | 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A, | ||
| 47 | 0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84, | ||
| 48 | 0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E, | ||
| 49 | 0xD7, 0xCB, 0x39, 0x48, | ||
| 50 | }; | ||
| 51 | |||
| 52 | /* | ||
| 53 | * SM4_SBOX_T[j] == L(SM4_SBOX[j]). | ||
| 54 | */ | ||
| 55 | static const uint32_t SM4_SBOX_T[256] = { | ||
| 56 | 0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787, | ||
| 57 | 0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B, | ||
| 58 | 0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D, | ||
| 59 | 0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F, | ||
| 60 | 0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A, | ||
| 61 | 0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3, | ||
| 62 | 0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151, | ||
| 63 | 0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989, | ||
| 64 | 0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020, | ||
| 65 | 0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB, | ||
| 66 | 0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C, | ||
| 67 | 0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA, | ||
| 68 | 0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616, | ||
| 69 | 0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA, | ||
| 70 | 0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF, | ||
| 71 | 0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4, | ||
| 72 | 0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161, | ||
| 73 | 0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC, | ||
| 74 | 0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000, | ||
| 75 | 0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949, | ||
| 76 | 0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313, | ||
| 77 | 0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B, | ||
| 78 | 0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF, | ||
| 79 | 0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686, | ||
| 80 | 0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0, | ||
| 81 | 0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0, | ||
| 82 | 0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB, | ||
| 83 | 0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181, | ||
| 84 | 0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D, | ||
| 85 | 0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515, | ||
| 86 | 0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF, | ||
| 87 | 0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545, | ||
| 88 | 0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777, | ||
| 89 | 0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505, | ||
| 90 | 0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707, | ||
| 91 | 0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6, | ||
| 92 | 0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797, | ||
| 93 | 0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929, | ||
| 94 | 0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6, | ||
| 95 | 0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212, | ||
| 96 | 0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373, | ||
| 97 | 0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8, | ||
| 98 | 0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121, | ||
| 99 | }; | ||
| 100 | |||
| 101 | static inline uint32_t | ||
| 102 | rotl(uint32_t a, uint8_t n) | ||
| 103 | { | ||
| 104 | return (a << n) | (a >> (32 - n)); | ||
| 105 | } | ||
| 106 | |||
| 107 | static inline uint32_t | ||
| 108 | load_u32_be(const uint8_t *b, uint32_t n) | ||
| 109 | { | ||
| 110 | return ((uint32_t)b[4 * n] << 24) | | ||
| 111 | ((uint32_t)b[4 * n + 1] << 16) | | ||
| 112 | ((uint32_t)b[4 * n + 2] << 8) | | ||
| 113 | ((uint32_t)b[4 * n + 3]); | ||
| 114 | } | ||
| 115 | |||
| 116 | static inline void | ||
| 117 | store_u32_be(uint32_t v, uint8_t *b) | ||
| 118 | { | ||
| 119 | b[0] = (uint8_t)(v >> 24); | ||
| 120 | b[1] = (uint8_t)(v >> 16); | ||
| 121 | b[2] = (uint8_t)(v >> 8); | ||
| 122 | b[3] = (uint8_t)(v); | ||
| 123 | } | ||
| 124 | |||
| 125 | static inline uint32_t | ||
| 126 | SM4_T_slow(uint32_t X) | ||
| 127 | { | ||
| 128 | uint32_t t = 0; | ||
| 129 | |||
| 130 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24; | ||
| 131 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16; | ||
| 132 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; | ||
| 133 | t |= SM4_S[(uint8_t)X]; | ||
| 134 | |||
| 135 | /* | ||
| 136 | * L linear transform | ||
| 137 | */ | ||
| 138 | return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24); | ||
| 139 | } | ||
| 140 | |||
| 141 | static inline uint32_t | ||
| 142 | SM4_T(uint32_t X) | ||
| 143 | { | ||
| 144 | return SM4_SBOX_T[(uint8_t)(X >> 24)] ^ | ||
| 145 | rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^ | ||
| 146 | rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^ | ||
| 147 | rotl(SM4_SBOX_T[(uint8_t)X], 8); | ||
| 148 | } | ||
| 149 | |||
| 150 | int | ||
| 151 | SM4_set_key(const uint8_t *key, SM4_KEY *k) | ||
| 152 | { | ||
| 153 | struct sm4_key *ks = (struct sm4_key *)k; | ||
| 154 | |||
| 155 | /* | ||
| 156 | * Family Key | ||
| 157 | */ | ||
| 158 | static const uint32_t FK[4] = { | ||
| 159 | 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc, | ||
| 160 | }; | ||
| 161 | |||
| 162 | /* | ||
| 163 | * Constant Key | ||
| 164 | */ | ||
| 165 | static const uint32_t CK[32] = { | ||
| 166 | 0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269, | ||
| 167 | 0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9, | ||
| 168 | 0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249, | ||
| 169 | 0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9, | ||
| 170 | 0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229, | ||
| 171 | 0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299, | ||
| 172 | 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209, | ||
| 173 | 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279, | ||
| 174 | }; | ||
| 175 | |||
| 176 | uint32_t K[4]; | ||
| 177 | int i; | ||
| 178 | |||
| 179 | K[0] = load_u32_be(key, 0) ^ FK[0]; | ||
| 180 | K[1] = load_u32_be(key, 1) ^ FK[1]; | ||
| 181 | K[2] = load_u32_be(key, 2) ^ FK[2]; | ||
| 182 | K[3] = load_u32_be(key, 3) ^ FK[3]; | ||
| 183 | |||
| 184 | for (i = 0; i < SM4_KEY_SCHEDULE; i++) { | ||
| 185 | uint32_t X; | ||
| 186 | uint32_t t = 0; | ||
| 187 | |||
| 188 | X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i]; | ||
| 189 | |||
| 190 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24; | ||
| 191 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16; | ||
| 192 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; | ||
| 193 | t |= SM4_S[(uint8_t)X]; | ||
| 194 | |||
| 195 | t = t ^ rotl(t, 13) ^ rotl(t, 23); | ||
| 196 | K[i % 4] ^= t; | ||
| 197 | ks->rk[i] = K[i % 4]; | ||
| 198 | } | ||
| 199 | |||
| 200 | return 1; | ||
| 201 | } | ||
| 202 | |||
| 203 | #define SM4_ROUNDS(k0, k1, k2, k3, F) \ | ||
| 204 | do { \ | ||
| 205 | B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \ | ||
| 206 | B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \ | ||
| 207 | B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \ | ||
| 208 | B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \ | ||
| 209 | } while(0) | ||
| 210 | |||
| 211 | void | ||
| 212 | SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *k) | ||
| 213 | { | ||
| 214 | struct sm4_key *ks = (struct sm4_key *)k; | ||
| 215 | uint32_t B0 = load_u32_be(in, 0); | ||
| 216 | uint32_t B1 = load_u32_be(in, 1); | ||
| 217 | uint32_t B2 = load_u32_be(in, 2); | ||
| 218 | uint32_t B3 = load_u32_be(in, 3); | ||
| 219 | |||
| 220 | /* | ||
| 221 | * Uses byte-wise sbox in the first and last rounds to provide some | ||
| 222 | * protection from cache based side channels. | ||
| 223 | */ | ||
| 224 | SM4_ROUNDS( 0, 1, 2, 3, SM4_T_slow); | ||
| 225 | SM4_ROUNDS( 4, 5, 6, 7, SM4_T); | ||
| 226 | SM4_ROUNDS( 8, 9, 10, 11, SM4_T); | ||
| 227 | SM4_ROUNDS(12, 13, 14, 15, SM4_T); | ||
| 228 | SM4_ROUNDS(16, 17, 18, 19, SM4_T); | ||
| 229 | SM4_ROUNDS(20, 21, 22, 23, SM4_T); | ||
| 230 | SM4_ROUNDS(24, 25, 26, 27, SM4_T); | ||
| 231 | SM4_ROUNDS(28, 29, 30, 31, SM4_T_slow); | ||
| 232 | |||
| 233 | store_u32_be(B3, out); | ||
| 234 | store_u32_be(B2, out + 4); | ||
| 235 | store_u32_be(B1, out + 8); | ||
| 236 | store_u32_be(B0, out + 12); | ||
| 237 | } | ||
| 238 | |||
| 239 | void | ||
| 240 | SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *k) | ||
| 241 | { | ||
| 242 | struct sm4_key *ks = (struct sm4_key *)k; | ||
| 243 | uint32_t B0 = load_u32_be(in, 0); | ||
| 244 | uint32_t B1 = load_u32_be(in, 1); | ||
| 245 | uint32_t B2 = load_u32_be(in, 2); | ||
| 246 | uint32_t B3 = load_u32_be(in, 3); | ||
| 247 | |||
| 248 | SM4_ROUNDS(31, 30, 29, 28, SM4_T_slow); | ||
| 249 | SM4_ROUNDS(27, 26, 25, 24, SM4_T); | ||
| 250 | SM4_ROUNDS(23, 22, 21, 20, SM4_T); | ||
| 251 | SM4_ROUNDS(19, 18, 17, 16, SM4_T); | ||
| 252 | SM4_ROUNDS(15, 14, 13, 12, SM4_T); | ||
| 253 | SM4_ROUNDS(11, 10, 9, 8, SM4_T); | ||
| 254 | SM4_ROUNDS( 7, 6, 5, 4, SM4_T); | ||
| 255 | SM4_ROUNDS( 3, 2, 1, 0, SM4_T_slow); | ||
| 256 | |||
| 257 | store_u32_be(B3, out); | ||
| 258 | store_u32_be(B2, out + 4); | ||
| 259 | store_u32_be(B1, out + 8); | ||
| 260 | store_u32_be(B0, out + 12); | ||
| 261 | } | ||
| 262 | |||
| 263 | #endif /* OPENSSL_NO_SM4 */ | ||
diff --git a/src/lib/libcrypto/sm4/sm4.h b/src/lib/libcrypto/sm4/sm4.h new file mode 100644 index 0000000000..5931ac714b --- /dev/null +++ b/src/lib/libcrypto/sm4/sm4.h | |||
| @@ -0,0 +1,51 @@ | |||
| 1 | /* $OpenBSD: sm4.h,v 1.1 2019/03/17 17:42:37 tb Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2017, 2019 Ribose Inc | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and/or distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #ifndef HEADER_SM4_H | ||
| 19 | #define HEADER_SM4_H | ||
| 20 | |||
| 21 | #include <stdint.h> | ||
| 22 | |||
| 23 | #include <openssl/opensslconf.h> | ||
| 24 | |||
| 25 | #ifdef __cplusplus | ||
| 26 | extern "C" { | ||
| 27 | #endif | ||
| 28 | |||
| 29 | #ifdef OPENSSL_NO_SM4 | ||
| 30 | #error SM4 is disabled. | ||
| 31 | #endif | ||
| 32 | |||
| 33 | #define SM4_DECRYPT 0 | ||
| 34 | #define SM4_ENCRYPT 1 | ||
| 35 | |||
| 36 | #define SM4_BLOCK_SIZE 16 | ||
| 37 | #define SM4_KEY_SCHEDULE 32 | ||
| 38 | |||
| 39 | typedef struct sm4_key_st { | ||
| 40 | unsigned char opaque[128]; | ||
| 41 | } SM4_KEY; | ||
| 42 | |||
| 43 | int SM4_set_key(const uint8_t *key, SM4_KEY *ks); | ||
| 44 | void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); | ||
| 45 | void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); | ||
| 46 | |||
| 47 | #ifdef __cplusplus | ||
| 48 | } | ||
| 49 | #endif | ||
| 50 | |||
| 51 | #endif /* HEADER_SM4_H */ | ||