summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/Makefile8
-rw-r--r--src/lib/libcrypto/Symbols.list8
-rw-r--r--src/lib/libcrypto/evp/c_all.c12
-rw-r--r--src/lib/libcrypto/evp/e_sm4.c113
-rw-r--r--src/lib/libcrypto/evp/evp.h11
-rw-r--r--src/lib/libcrypto/objects/objects.txt16
-rw-r--r--src/lib/libcrypto/sm4/sm4.c263
-rw-r--r--src/lib/libcrypto/sm4/sm4.h51
8 files changed, 479 insertions, 3 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index ef07324416..5d81193d80 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.32 2019/01/23 00:50:39 tb Exp $ 1# $OpenBSD: Makefile,v 1.33 2019/03/17 17:42:37 tb Exp $
2 2
3LIB= crypto 3LIB= crypto
4LIBREBUILD=y 4LIBREBUILD=y
@@ -166,6 +166,7 @@ SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
166SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c 166SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
167SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c 167SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c
168SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c 168SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c
169SRCS+= e_sm4.c
169SRCS+= m_md5_sha1.c 170SRCS+= m_md5_sha1.c
170 171
171# gost/ 172# gost/
@@ -239,6 +240,9 @@ SRCS+= sha1dgst.c sha1_one.c sha256.c sha512.c
239# sm3/ 240# sm3/
240SRCS+= sm3.c 241SRCS+= sm3.c
241 242
243# sm4/
244SRCS+= sm4.c
245
242# stack/ 246# stack/
243SRCS+= stack.c 247SRCS+= stack.c
244 248
@@ -319,6 +323,7 @@ SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
319 ${LCRYPTO_SRC}/rsa \ 323 ${LCRYPTO_SRC}/rsa \
320 ${LCRYPTO_SRC}/sha \ 324 ${LCRYPTO_SRC}/sha \
321 ${LCRYPTO_SRC}/sm3 \ 325 ${LCRYPTO_SRC}/sm3 \
326 ${LCRYPTO_SRC}/sm4 \
322 ${LCRYPTO_SRC}/stack \ 327 ${LCRYPTO_SRC}/stack \
323 ${LCRYPTO_SRC}/threads \ 328 ${LCRYPTO_SRC}/threads \
324 ${LCRYPTO_SRC}/ts \ 329 ${LCRYPTO_SRC}/ts \
@@ -380,6 +385,7 @@ HDRS=\
380 ${LCRYPTO_SRC}/rsa/rsa.h \ 385 ${LCRYPTO_SRC}/rsa/rsa.h \
381 ${LCRYPTO_SRC}/sha/sha.h \ 386 ${LCRYPTO_SRC}/sha/sha.h \
382 ${LCRYPTO_SRC}/sm3/sm3.h \ 387 ${LCRYPTO_SRC}/sm3/sm3.h \
388 ${LCRYPTO_SRC}/sm4/sm4.h \
383 ${LCRYPTO_SRC}/stack/safestack.h \ 389 ${LCRYPTO_SRC}/stack/safestack.h \
384 ${LCRYPTO_SRC}/stack/stack.h \ 390 ${LCRYPTO_SRC}/stack/stack.h \
385 ${LCRYPTO_SRC}/ts/ts.h \ 391 ${LCRYPTO_SRC}/ts/ts.h \
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 7ea2c5d135..63e3ee45ac 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1631,6 +1631,11 @@ EVP_sha256
1631EVP_sha384 1631EVP_sha384
1632EVP_sha512 1632EVP_sha512
1633EVP_sm3 1633EVP_sm3
1634EVP_sm4_cbc
1635EVP_sm4_cfb128
1636EVP_sm4_ctr
1637EVP_sm4_ecb
1638EVP_sm4_ofb
1634EVP_streebog256 1639EVP_streebog256
1635EVP_streebog512 1640EVP_streebog512
1636EVP_whirlpool 1641EVP_whirlpool
@@ -2373,6 +2378,9 @@ SHA512_Update
2373SM3_Final 2378SM3_Final
2374SM3_Init 2379SM3_Init
2375SM3_Update 2380SM3_Update
2381SM4_decrypt
2382SM4_encrypt
2383SM4_set_key
2376SMIME_crlf_copy 2384SMIME_crlf_copy
2377SMIME_read_ASN1 2385SMIME_read_ASN1
2378SMIME_read_PKCS7 2386SMIME_read_PKCS7
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index 5ed55f67f6..cce3640866 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: c_all.c,v 1.24 2018/12/26 15:11:04 tb Exp $ */ 1/* $OpenBSD: c_all.c,v 1.25 2019/03/17 17:42:37 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -227,6 +227,16 @@ OpenSSL_add_all_ciphers_internal(void)
227 EVP_add_cipher(EVP_gost2814789_cfb64()); 227 EVP_add_cipher(EVP_gost2814789_cfb64());
228 EVP_add_cipher(EVP_gost2814789_cnt()); 228 EVP_add_cipher(EVP_gost2814789_cnt());
229#endif 229#endif
230
231#ifndef OPENSSL_NO_SM4
232 EVP_add_cipher(EVP_sm4_ecb());
233 EVP_add_cipher(EVP_sm4_cbc());
234 EVP_add_cipher(EVP_sm4_cfb());
235 EVP_add_cipher(EVP_sm4_ofb());
236 EVP_add_cipher(EVP_sm4_ctr());
237 EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
238 EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
239#endif
230} 240}
231 241
232void 242void
diff --git a/src/lib/libcrypto/evp/e_sm4.c b/src/lib/libcrypto/evp/e_sm4.c
new file mode 100644
index 0000000000..554915b29c
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_sm4.c
@@ -0,0 +1,113 @@
1/* $OpenBSD: e_sm4.c,v 1.1 2019/03/17 17:42:37 tb Exp $ */
2/*
3 * Copyright (c) 2017, 2019 Ribose Inc
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/opensslconf.h>
19
20#ifndef OPENSSL_NO_SM4
21#include <openssl/evp.h>
22#include <openssl/modes.h>
23#include <openssl/sm4.h>
24
25#include "evp_locl.h"
26
27typedef struct {
28 SM4_KEY ks;
29} EVP_SM4_KEY;
30
31static int
32sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
33 const unsigned char *iv, int enc)
34{
35 SM4_set_key(key, ctx->cipher_data);
36 return 1;
37}
38
39static void
40sm4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
41 const SM4_KEY *key, unsigned char *ivec, const int enc)
42{
43 if (enc)
44 CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
45 (block128_f)SM4_encrypt);
46 else
47 CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
48 (block128_f)SM4_decrypt);
49}
50
51static void
52sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
53 const SM4_KEY *key, unsigned char *ivec, int *num, const int enc)
54{
55 CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
56 (block128_f)SM4_encrypt);
57}
58
59static void
60sm4_ecb_encrypt(const unsigned char *in, unsigned char *out, const SM4_KEY *key,
61 const int enc)
62{
63 if (enc)
64 SM4_encrypt(in, out, key);
65 else
66 SM4_decrypt(in, out, key);
67}
68
69static void
70sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length,
71 const SM4_KEY *key, unsigned char *ivec, int *num)
72{
73 CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
74 (block128_f)SM4_encrypt);
75}
76
77IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, 16, 16, 16, 128,
78 EVP_CIPH_FLAG_DEFAULT_ASN1, sm4_init_key, NULL, 0, 0, 0)
79
80static int
81sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
82 size_t len)
83{
84 EVP_SM4_KEY *key = EVP_C_DATA(EVP_SM4_KEY, ctx);
85
86 CRYPTO_ctr128_encrypt(in, out, len, &key->ks, ctx->iv, ctx->buf,
87 &ctx->num, (block128_f)SM4_encrypt);
88 return 1;
89}
90
91static const EVP_CIPHER sm4_ctr_mode = {
92 .nid = NID_sm4_ctr,
93 .block_size = 1,
94 .key_len = 16,
95 .iv_len = 16,
96 .flags = EVP_CIPH_CTR_MODE,
97 .init = sm4_init_key,
98 .do_cipher = sm4_ctr_cipher,
99 .cleanup = NULL,
100 .ctx_size = sizeof(EVP_SM4_KEY),
101 .set_asn1_parameters = NULL,
102 .get_asn1_parameters = NULL,
103 .ctrl = NULL,
104 .app_data = NULL,
105};
106
107const EVP_CIPHER *
108EVP_sm4_ctr(void)
109{
110 return &sm4_ctr_mode;
111}
112
113#endif
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 0645303686..cd9b33c9b8 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp.h,v 1.72 2019/01/22 00:59:21 dlg Exp $ */ 1/* $OpenBSD: evp.h,v 1.73 2019/03/17 17:42:37 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -837,6 +837,15 @@ const EVP_CIPHER *EVP_gost2814789_cfb64(void);
837const EVP_CIPHER *EVP_gost2814789_cnt(void); 837const EVP_CIPHER *EVP_gost2814789_cnt(void);
838#endif 838#endif
839 839
840#ifndef OPENSSL_NO_SM4
841const EVP_CIPHER *EVP_sm4_ecb(void);
842const EVP_CIPHER *EVP_sm4_cbc(void);
843const EVP_CIPHER *EVP_sm4_cfb128(void);
844#define EVP_sm4_cfb EVP_sm4_cfb128
845const EVP_CIPHER *EVP_sm4_ofb(void);
846const EVP_CIPHER *EVP_sm4_ctr(void);
847#endif
848
840void OPENSSL_add_all_algorithms_noconf(void); 849void OPENSSL_add_all_algorithms_noconf(void);
841void OPENSSL_add_all_algorithms_conf(void); 850void OPENSSL_add_all_algorithms_conf(void);
842 851
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
index cf5fe69370..7aefca0b4a 100644
--- a/src/lib/libcrypto/objects/objects.txt
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -1290,6 +1290,22 @@ kisa 1 5 : SEED-CFB : seed-cfb
1290!Cname seed-ofb128 1290!Cname seed-ofb128
1291kisa 1 6 : SEED-OFB : seed-ofb 1291kisa 1 6 : SEED-OFB : seed-ofb
1292 1292
1293# Definitions for SM4 cipher
1294
1295member-body 156 : ISO-CN : ISO CN Member Body
1296ISO-CN 10197 : oscca
1297oscca 1 : sm-scheme
1298
1299sm-scheme 104 1 : SM4-ECB : sm4-ecb
1300sm-scheme 104 2 : SM4-CBC : sm4-cbc
1301!Cname sm4-ofb128
1302sm-scheme 104 3 : SM4-OFB : sm4-ofb
1303!Cname sm4-cfb128
1304sm-scheme 104 4 : SM4-CFB : sm4-cfb
1305sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1
1306sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8
1307sm-scheme 104 7 : SM4-CTR : sm4-ctr
1308
1293# There is no OID that just denotes "HMAC" oddly enough... 1309# There is no OID that just denotes "HMAC" oddly enough...
1294 1310
1295 : HMAC : hmac 1311 : HMAC : hmac
diff --git a/src/lib/libcrypto/sm4/sm4.c b/src/lib/libcrypto/sm4/sm4.c
new file mode 100644
index 0000000000..009c780fb5
--- /dev/null
+++ b/src/lib/libcrypto/sm4/sm4.c
@@ -0,0 +1,263 @@
1/* $OpenBSD: sm4.c,v 1.1 2019/03/17 17:42:37 tb Exp $ */
2/*
3 * Copyright (c) 2017, 2019 Ribose Inc
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/opensslconf.h>
19
20#ifndef OPENSSL_NO_SM4
21#include <openssl/sm4.h>
22
23struct sm4_key {
24 uint32_t rk[SM4_KEY_SCHEDULE];
25};
26
27static const uint8_t SM4_S[256] = {
28 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2,
29 0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3,
30 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4,
31 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62,
32 0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA,
33 0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA,
34 0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2,
35 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35,
36 0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B,
37 0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52,
38 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2,
39 0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1,
40 0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30,
41 0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60,
42 0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45,
43 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51,
44 0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41,
45 0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD,
46 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A,
47 0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84,
48 0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E,
49 0xD7, 0xCB, 0x39, 0x48,
50};
51
52/*
53 * SM4_SBOX_T[j] == L(SM4_SBOX[j]).
54 */
55static const uint32_t SM4_SBOX_T[256] = {
56 0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787,
57 0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B,
58 0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D,
59 0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F,
60 0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A,
61 0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3,
62 0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151,
63 0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989,
64 0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020,
65 0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB,
66 0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C,
67 0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA,
68 0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616,
69 0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA,
70 0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF,
71 0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4,
72 0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161,
73 0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC,
74 0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000,
75 0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949,
76 0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313,
77 0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B,
78 0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF,
79 0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686,
80 0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0,
81 0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0,
82 0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB,
83 0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181,
84 0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D,
85 0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515,
86 0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF,
87 0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545,
88 0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777,
89 0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505,
90 0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707,
91 0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6,
92 0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797,
93 0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929,
94 0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6,
95 0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212,
96 0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373,
97 0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8,
98 0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121,
99};
100
101static inline uint32_t
102rotl(uint32_t a, uint8_t n)
103{
104 return (a << n) | (a >> (32 - n));
105}
106
107static inline uint32_t
108load_u32_be(const uint8_t *b, uint32_t n)
109{
110 return ((uint32_t)b[4 * n] << 24) |
111 ((uint32_t)b[4 * n + 1] << 16) |
112 ((uint32_t)b[4 * n + 2] << 8) |
113 ((uint32_t)b[4 * n + 3]);
114}
115
116static inline void
117store_u32_be(uint32_t v, uint8_t *b)
118{
119 b[0] = (uint8_t)(v >> 24);
120 b[1] = (uint8_t)(v >> 16);
121 b[2] = (uint8_t)(v >> 8);
122 b[3] = (uint8_t)(v);
123}
124
125static inline uint32_t
126SM4_T_slow(uint32_t X)
127{
128 uint32_t t = 0;
129
130 t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
131 t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
132 t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
133 t |= SM4_S[(uint8_t)X];
134
135 /*
136 * L linear transform
137 */
138 return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24);
139}
140
141static inline uint32_t
142SM4_T(uint32_t X)
143{
144 return SM4_SBOX_T[(uint8_t)(X >> 24)] ^
145 rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^
146 rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^
147 rotl(SM4_SBOX_T[(uint8_t)X], 8);
148}
149
150int
151SM4_set_key(const uint8_t *key, SM4_KEY *k)
152{
153 struct sm4_key *ks = (struct sm4_key *)k;
154
155 /*
156 * Family Key
157 */
158 static const uint32_t FK[4] = {
159 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc,
160 };
161
162 /*
163 * Constant Key
164 */
165 static const uint32_t CK[32] = {
166 0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,
167 0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,
168 0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,
169 0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,
170 0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,
171 0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,
172 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,
173 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279,
174 };
175
176 uint32_t K[4];
177 int i;
178
179 K[0] = load_u32_be(key, 0) ^ FK[0];
180 K[1] = load_u32_be(key, 1) ^ FK[1];
181 K[2] = load_u32_be(key, 2) ^ FK[2];
182 K[3] = load_u32_be(key, 3) ^ FK[3];
183
184 for (i = 0; i < SM4_KEY_SCHEDULE; i++) {
185 uint32_t X;
186 uint32_t t = 0;
187
188 X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i];
189
190 t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
191 t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
192 t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
193 t |= SM4_S[(uint8_t)X];
194
195 t = t ^ rotl(t, 13) ^ rotl(t, 23);
196 K[i % 4] ^= t;
197 ks->rk[i] = K[i % 4];
198 }
199
200 return 1;
201}
202
203#define SM4_ROUNDS(k0, k1, k2, k3, F) \
204 do { \
205 B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \
206 B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \
207 B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \
208 B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \
209 } while(0)
210
211void
212SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *k)
213{
214 struct sm4_key *ks = (struct sm4_key *)k;
215 uint32_t B0 = load_u32_be(in, 0);
216 uint32_t B1 = load_u32_be(in, 1);
217 uint32_t B2 = load_u32_be(in, 2);
218 uint32_t B3 = load_u32_be(in, 3);
219
220 /*
221 * Uses byte-wise sbox in the first and last rounds to provide some
222 * protection from cache based side channels.
223 */
224 SM4_ROUNDS( 0, 1, 2, 3, SM4_T_slow);
225 SM4_ROUNDS( 4, 5, 6, 7, SM4_T);
226 SM4_ROUNDS( 8, 9, 10, 11, SM4_T);
227 SM4_ROUNDS(12, 13, 14, 15, SM4_T);
228 SM4_ROUNDS(16, 17, 18, 19, SM4_T);
229 SM4_ROUNDS(20, 21, 22, 23, SM4_T);
230 SM4_ROUNDS(24, 25, 26, 27, SM4_T);
231 SM4_ROUNDS(28, 29, 30, 31, SM4_T_slow);
232
233 store_u32_be(B3, out);
234 store_u32_be(B2, out + 4);
235 store_u32_be(B1, out + 8);
236 store_u32_be(B0, out + 12);
237}
238
239void
240SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *k)
241{
242 struct sm4_key *ks = (struct sm4_key *)k;
243 uint32_t B0 = load_u32_be(in, 0);
244 uint32_t B1 = load_u32_be(in, 1);
245 uint32_t B2 = load_u32_be(in, 2);
246 uint32_t B3 = load_u32_be(in, 3);
247
248 SM4_ROUNDS(31, 30, 29, 28, SM4_T_slow);
249 SM4_ROUNDS(27, 26, 25, 24, SM4_T);
250 SM4_ROUNDS(23, 22, 21, 20, SM4_T);
251 SM4_ROUNDS(19, 18, 17, 16, SM4_T);
252 SM4_ROUNDS(15, 14, 13, 12, SM4_T);
253 SM4_ROUNDS(11, 10, 9, 8, SM4_T);
254 SM4_ROUNDS( 7, 6, 5, 4, SM4_T);
255 SM4_ROUNDS( 3, 2, 1, 0, SM4_T_slow);
256
257 store_u32_be(B3, out);
258 store_u32_be(B2, out + 4);
259 store_u32_be(B1, out + 8);
260 store_u32_be(B0, out + 12);
261}
262
263#endif /* OPENSSL_NO_SM4 */
diff --git a/src/lib/libcrypto/sm4/sm4.h b/src/lib/libcrypto/sm4/sm4.h
new file mode 100644
index 0000000000..5931ac714b
--- /dev/null
+++ b/src/lib/libcrypto/sm4/sm4.h
@@ -0,0 +1,51 @@
1/* $OpenBSD: sm4.h,v 1.1 2019/03/17 17:42:37 tb Exp $ */
2/*
3 * Copyright (c) 2017, 2019 Ribose Inc
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef HEADER_SM4_H
19#define HEADER_SM4_H
20
21#include <stdint.h>
22
23#include <openssl/opensslconf.h>
24
25#ifdef __cplusplus
26extern "C" {
27#endif
28
29#ifdef OPENSSL_NO_SM4
30#error SM4 is disabled.
31#endif
32
33#define SM4_DECRYPT 0
34#define SM4_ENCRYPT 1
35
36#define SM4_BLOCK_SIZE 16
37#define SM4_KEY_SCHEDULE 32
38
39typedef struct sm4_key_st {
40 unsigned char opaque[128];
41} SM4_KEY;
42
43int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
44void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
45void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
46
47#ifdef __cplusplus
48}
49#endif
50
51#endif /* HEADER_SM4_H */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:58:34 +0000