From: Shane Lontis Date: Thu, 19 Sep 2019 05:38:51 +0000 (+1000) Subject: Add sm4 ciphers to default provider X-Git-Tag: openssl-3.0.0-alpha1~1322 X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=commitdiff_plain;h=105dde2528d64b4af25c241288a985fdfc27afbc Add sm4 ciphers to default provider Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9935) --- diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 4d6001688f..41edd0decd 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -247,6 +247,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, case NID_seed_ecb: case NID_seed_cfb128: case NID_seed_ofb128: + case NID_sm4_cbc: + case NID_sm4_ecb: + case NID_sm4_ctr: + case NID_sm4_cfb128: + case NID_sm4_ofb128: break; default: goto legacy; diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index d69b9cd4b8..aeb7c430a0 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -140,6 +140,13 @@ extern const OSSL_DISPATCH seed128cbc_functions[]; extern const OSSL_DISPATCH seed128ofb128_functions[]; extern const OSSL_DISPATCH seed128cfb128_functions[]; #endif /* OPENSSL_NO_SEED */ +#ifndef OPENSSL_NO_SM4 +extern const OSSL_DISPATCH sm4128ecb_functions[]; +extern const OSSL_DISPATCH sm4128cbc_functions[]; +extern const OSSL_DISPATCH sm4128ctr_functions[]; +extern const OSSL_DISPATCH sm4128ofb128_functions[]; +extern const OSSL_DISPATCH sm4128cfb128_functions[]; +#endif /* OPENSSL_NO_SM4 */ extern const OSSL_DISPATCH tdes_ede3_ecb_functions[]; extern const OSSL_DISPATCH tdes_ede3_cbc_functions[]; diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info index 66ef9df68a..8f2bbae28d 100644 --- a/providers/default/ciphers/build.info +++ b/providers/default/ciphers/build.info @@ -39,4 +39,9 @@ IF[{- !$disabled{seed} -}] cipher_seed.c cipher_seed_hw.c ENDIF +IF[{- !$disabled{sm4} -}] + SOURCE[../../../libcrypto]=\ + cipher_sm4.c cipher_sm4_hw.c +ENDIF + INCLUDE[../../../libcrypto]=. ../../../crypto diff --git a/providers/default/ciphers/cipher_sm4.c b/providers/default/ciphers/cipher_sm4.c new file mode 100644 index 0000000000..8b7c3761ca --- /dev/null +++ b/providers/default/ciphers/cipher_sm4.c @@ -0,0 +1,51 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb */ + +#include "cipher_sm4.h" +#include "internal/provider_algs.h" + +/* TODO (3.0) Figure out what flags to pass */ +#define SM4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 + +static OSSL_OP_cipher_freectx_fn sm4_freectx; +static OSSL_OP_cipher_dupctx_fn sm4_dupctx; + +static void sm4_freectx(void *vctx) +{ + PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *sm4_dupctx(void *ctx) +{ + PROV_SM4_CTX *in = (PROV_SM4_CTX *)ctx; + PROV_SM4_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + if (ret == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + *ret = *in; + + return ret; +} + +/* sm4128ecb_functions */ +IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, SM4_FLAGS, 128, 128, 0, block) +/* sm4128cbc_functions */ +IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, SM4_FLAGS, 128, 128, 128, block) +/* sm4128ctr_functions */ +IMPLEMENT_generic_cipher(sm4, SM4, ctr, CTR, SM4_FLAGS, 128, 8, 128, stream) +/* sm4128ofb128_functions */ +IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, SM4_FLAGS, 128, 8, 128, stream) +/* sm4128cfb128_functions */ +IMPLEMENT_generic_cipher(sm4, SM4, cfb128, CFB, SM4_FLAGS, 128, 8, 128, stream) diff --git a/providers/default/ciphers/cipher_sm4.h b/providers/default/ciphers/cipher_sm4.h new file mode 100644 index 0000000000..842c218f30 --- /dev/null +++ b/providers/default/ciphers/cipher_sm4.h @@ -0,0 +1,25 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/ciphers/ciphercommon.h" +#include "internal/sm4.h" + +typedef struct prov_cast_ctx_st { + PROV_CIPHER_CTX base; /* Must be first */ + union { + OSSL_UNION_ALIGN; + SM4_KEY ks; + } ks; +} PROV_SM4_CTX; + +const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_cbc(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ecb(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ctr(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ofb128(size_t keybits); +const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_cfb128(size_t keybits); diff --git a/providers/default/ciphers/cipher_sm4_hw.c b/providers/default/ciphers/cipher_sm4_hw.c new file mode 100644 index 0000000000..9ecaf0b997 --- /dev/null +++ b/providers/default/ciphers/cipher_sm4_hw.c @@ -0,0 +1,43 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "cipher_sm4.h" + +static int cipher_hw_sm4_initkey(PROV_CIPHER_CTX *ctx, + const unsigned char *key, size_t keylen) +{ + PROV_SM4_CTX *sctx = (PROV_SM4_CTX *)ctx; + SM4_KEY *ks = &sctx->ks.ks; + + SM4_set_key(key, ks); + ctx->ks = ks; + if (ctx->enc + || (ctx->mode != EVP_CIPH_ECB_MODE + && ctx->mode != EVP_CIPH_CBC_MODE)) + ctx->block = (block128_f)SM4_encrypt; + else + ctx->block = (block128_f)SM4_decrypt; + return 1; +} + +# define PROV_CIPHER_HW_sm4_mode(mode) \ +static const PROV_CIPHER_HW sm4_##mode = { \ + cipher_hw_sm4_initkey, \ + cipher_hw_chunked_##mode \ +}; \ +const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_##mode(size_t keybits) \ +{ \ + return &sm4_##mode; \ +} + +PROV_CIPHER_HW_sm4_mode(cbc) +PROV_CIPHER_HW_sm4_mode(ecb) +PROV_CIPHER_HW_sm4_mode(ofb128) +PROV_CIPHER_HW_sm4_mode(cfb128) +PROV_CIPHER_HW_sm4_mode(ctr) diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 71169161e8..845f0c11c0 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -213,6 +213,13 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { "SEED-OFB", "default=yes", seed128ofb128_functions }, { "SEED-CFB", "default=yes", seed128cfb128_functions }, #endif /* OPENSSL_NO_SEED */ +#ifndef OPENSSL_NO_SM4 + { "SM4-ECB", "default=yes", sm4128ecb_functions }, + { "SM4-CBC", "default=yes", sm4128cbc_functions }, + { "SM4-CTR", "default=yes", sm4128ctr_functions }, + { "SM4-OFB", "default=yes", sm4128ofb128_functions }, + { "SM4-CFB", "default=yes", sm4128cfb128_functions }, +#endif /* OPENSSL_NO_SM4 */ { NULL, NULL, NULL } }; diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index bee446c1c8..486281772c 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -41,6 +41,9 @@ push @defltfiles, @castfiles unless disabled("cast"); my @seedfiles = qw( evpciph_seed.txt ); push @defltfiles, @seedfiles unless disabled("seed"); +my @sm4files = qw( evpciph_sm4.txt ); +push @defltfiles, @sm4files unless disabled("sm4"); + plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 1; my $infile = bldtop_file('providers', platform->dso('fips')); diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt index b32d57d481..b180723188 100644 --- a/test/recipes/30-test_evp_data/evpciph.txt +++ b/test/recipes/30-test_evp_data/evpciph.txt @@ -2256,37 +2256,6 @@ Operation = ENCRYPT Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D -Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4 - -Cipher = SM4-ECB -Key = 0123456789ABCDEFFEDCBA9876543210 -Plaintext = 0123456789ABCDEFFEDCBA9876543210 -Ciphertext = 681EDF34D206965E86B3E94F536E4246 - -Cipher = SM4-CBC -Key = 0123456789ABCDEFFEDCBA9876543210 -IV = 0123456789ABCDEFFEDCBA9876543210 -Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 -Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B - -Cipher = SM4-OFB -Key = 0123456789ABCDEFFEDCBA9876543210 -IV = 0123456789ABCDEFFEDCBA9876543210 -Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 -Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE - -Cipher = SM4-CFB -Key = 0123456789ABCDEFFEDCBA9876543210 -IV = 0123456789ABCDEFFEDCBA9876543210 -Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 -Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995 - -Cipher = SM4-CTR -Key = 0123456789ABCDEFFEDCBA9876543210 -IV = 0123456789ABCDEFFEDCBA9876543210 -Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA -Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D - Title = ARIA test vectors from RFC5794 (and others) Cipher = ARIA-128-ECB diff --git a/test/recipes/30-test_evp_data/evpciph_sm4.txt b/test/recipes/30-test_evp_data/evpciph_sm4.txt new file mode 100644 index 0000000000..8434ccb6e2 --- /dev/null +++ b/test/recipes/30-test_evp_data/evpciph_sm4.txt @@ -0,0 +1,39 @@ +# +# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4 + +Cipher = SM4-ECB +Key = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA9876543210 +Ciphertext = 681EDF34D206965E86B3E94F536E4246 + +Cipher = SM4-CBC +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B + +Cipher = SM4-OFB +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE + +Cipher = SM4-CFB +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210 +Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995 + +Cipher = SM4-CTR +Key = 0123456789ABCDEFFEDCBA9876543210 +IV = 0123456789ABCDEFFEDCBA9876543210 +Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA +Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D