diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/sm4/sm4.c | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/src/lib/libcrypto/sm4/sm4.c b/src/lib/libcrypto/sm4/sm4.c index bd1689987e..cf9d55634c 100644 --- a/src/lib/libcrypto/sm4/sm4.c +++ b/src/lib/libcrypto/sm4/sm4.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sm4.c,v 1.2 2023/07/07 12:01:32 beck Exp $ */ | 1 | /* $OpenBSD: sm4.c,v 1.3 2025/01/22 09:37:07 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017, 2019 Ribose Inc | 3 | * Copyright (c) 2017, 2019 Ribose Inc |
| 4 | * | 4 | * |
| @@ -20,6 +20,8 @@ | |||
| 20 | #ifndef OPENSSL_NO_SM4 | 20 | #ifndef OPENSSL_NO_SM4 |
| 21 | #include <openssl/sm4.h> | 21 | #include <openssl/sm4.h> |
| 22 | 22 | ||
| 23 | #include "crypto_internal.h" | ||
| 24 | |||
| 23 | struct sm4_key { | 25 | struct sm4_key { |
| 24 | uint32_t rk[SM4_KEY_SCHEDULE]; | 26 | uint32_t rk[SM4_KEY_SCHEDULE]; |
| 25 | }; | 27 | }; |
| @@ -99,12 +101,6 @@ static const uint32_t SM4_SBOX_T[256] = { | |||
| 99 | }; | 101 | }; |
| 100 | 102 | ||
| 101 | static inline uint32_t | 103 | static inline uint32_t |
| 102 | rotl(uint32_t a, uint8_t n) | ||
| 103 | { | ||
| 104 | return (a << n) | (a >> (32 - n)); | ||
| 105 | } | ||
| 106 | |||
| 107 | static inline uint32_t | ||
| 108 | load_u32_be(const uint8_t *b, uint32_t n) | 104 | load_u32_be(const uint8_t *b, uint32_t n) |
| 109 | { | 105 | { |
| 110 | return ((uint32_t)b[4 * n] << 24) | | 106 | return ((uint32_t)b[4 * n] << 24) | |
| @@ -132,19 +128,18 @@ SM4_T_slow(uint32_t X) | |||
| 132 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; | 128 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; |
| 133 | t |= SM4_S[(uint8_t)X]; | 129 | t |= SM4_S[(uint8_t)X]; |
| 134 | 130 | ||
| 135 | /* | 131 | /* L linear transform. */ |
| 136 | * L linear transform | 132 | return t ^ crypto_rol_u32(t, 2) ^ crypto_rol_u32(t, 10) ^ |
| 137 | */ | 133 | crypto_rol_u32(t, 18) ^ crypto_rol_u32(t, 24); |
| 138 | return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24); | ||
| 139 | } | 134 | } |
| 140 | 135 | ||
| 141 | static inline uint32_t | 136 | static inline uint32_t |
| 142 | SM4_T(uint32_t X) | 137 | SM4_T(uint32_t X) |
| 143 | { | 138 | { |
| 144 | return SM4_SBOX_T[(uint8_t)(X >> 24)] ^ | 139 | return SM4_SBOX_T[(uint8_t)(X >> 24)] ^ |
| 145 | rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^ | 140 | crypto_rol_u32(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^ |
| 146 | rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^ | 141 | crypto_rol_u32(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^ |
| 147 | rotl(SM4_SBOX_T[(uint8_t)X], 8); | 142 | crypto_rol_u32(SM4_SBOX_T[(uint8_t)X], 8); |
| 148 | } | 143 | } |
| 149 | 144 | ||
| 150 | int | 145 | int |
| @@ -192,7 +187,7 @@ SM4_set_key(const uint8_t *key, SM4_KEY *k) | |||
| 192 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; | 187 | t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; |
| 193 | t |= SM4_S[(uint8_t)X]; | 188 | t |= SM4_S[(uint8_t)X]; |
| 194 | 189 | ||
| 195 | t = t ^ rotl(t, 13) ^ rotl(t, 23); | 190 | t = t ^ crypto_rol_u32(t, 13) ^ crypto_rol_u32(t, 23); |
| 196 | K[i % 4] ^= t; | 191 | K[i % 4] ^= t; |
| 197 | ks->rk[i] = K[i % 4]; | 192 | ks->rk[i] = K[i % 4]; |
| 198 | } | 193 | } |