[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Thu Sep 19 05:40:14 UTC 2019


The branch master has been updated
       via  105dde2528d64b4af25c241288a985fdfc27afbc (commit)
      from  639b53ecd82648fbb66a2ab7dabece7f15a1f730 (commit)


- Log -----------------------------------------------------------------
commit 105dde2528d64b4af25c241288a985fdfc27afbc
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu Sep 19 15:38:51 2019 +1000

    Add sm4 ciphers to default provider
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/9935)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_enc.c                               |  5 +++
 providers/common/include/internal/provider_algs.h  |  7 +++
 providers/default/ciphers/build.info               |  5 +++
 providers/default/ciphers/cipher_sm4.c             | 51 ++++++++++++++++++++++
 .../ciphers/{cipher_cast.h => cipher_sm4.h}        | 15 ++++---
 providers/default/ciphers/cipher_sm4_hw.c          | 43 ++++++++++++++++++
 providers/default/defltprov.c                      |  7 +++
 test/recipes/30-test_evp.t                         |  3 ++
 test/recipes/30-test_evp_data/evpciph.txt          | 31 -------------
 test/recipes/30-test_evp_data/evpciph_sm4.txt      | 39 +++++++++++++++++
 10 files changed, 168 insertions(+), 38 deletions(-)
 create mode 100644 providers/default/ciphers/cipher_sm4.c
 copy providers/default/ciphers/{cipher_cast.h => cipher_sm4.h} (57%)
 create mode 100644 providers/default/ciphers/cipher_sm4_hw.c
 create mode 100644 test/recipes/30-test_evp_data/evpciph_sm4.txt

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 4d6001688f..41edd0decd 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -247,6 +247,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
         case NID_seed_ecb:
         case NID_seed_cfb128:
         case NID_seed_ofb128:
+        case NID_sm4_cbc:
+        case NID_sm4_ecb:
+        case NID_sm4_ctr:
+        case NID_sm4_cfb128:
+        case NID_sm4_ofb128:
             break;
         default:
             goto legacy;
diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h
index d69b9cd4b8..aeb7c430a0 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -140,6 +140,13 @@ extern const OSSL_DISPATCH seed128cbc_functions[];
 extern const OSSL_DISPATCH seed128ofb128_functions[];
 extern const OSSL_DISPATCH seed128cfb128_functions[];
 #endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_SM4
+extern const OSSL_DISPATCH sm4128ecb_functions[];
+extern const OSSL_DISPATCH sm4128cbc_functions[];
+extern const OSSL_DISPATCH sm4128ctr_functions[];
+extern const OSSL_DISPATCH sm4128ofb128_functions[];
+extern const OSSL_DISPATCH sm4128cfb128_functions[];
+#endif /* OPENSSL_NO_SM4 */
 
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info
index 66ef9df68a..8f2bbae28d 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -39,4 +39,9 @@ IF[{- !$disabled{seed} -}]
       cipher_seed.c cipher_seed_hw.c
 ENDIF
 
+IF[{- !$disabled{sm4} -}]
+  SOURCE[../../../libcrypto]=\
+      cipher_sm4.c cipher_sm4_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_sm4.c b/providers/default/ciphers/cipher_sm4.c
new file mode 100644
index 0000000000..8b7c3761ca
--- /dev/null
+++ b/providers/default/ciphers/cipher_sm4.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb */
+
+#include "cipher_sm4.h"
+#include "internal/provider_algs.h"
+
+/* TODO (3.0) Figure out what flags to pass */
+#define SM4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1
+
+static OSSL_OP_cipher_freectx_fn sm4_freectx;
+static OSSL_OP_cipher_dupctx_fn sm4_dupctx;
+
+static void sm4_freectx(void *vctx)
+{
+    PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *sm4_dupctx(void *ctx)
+{
+    PROV_SM4_CTX *in = (PROV_SM4_CTX *)ctx;
+    PROV_SM4_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    *ret = *in;
+
+    return ret;
+}
+
+/* sm4128ecb_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, SM4_FLAGS, 128, 128, 0, block)
+/* sm4128cbc_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, SM4_FLAGS, 128, 128, 128, block)
+/* sm4128ctr_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ctr, CTR, SM4_FLAGS, 128, 8, 128, stream)
+/* sm4128ofb128_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, SM4_FLAGS, 128, 8, 128, stream)
+/* sm4128cfb128_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, cfb128,  CFB, SM4_FLAGS, 128, 8, 128, stream)
diff --git a/providers/default/ciphers/cipher_cast.h b/providers/default/ciphers/cipher_sm4.h
similarity index 57%
copy from providers/default/ciphers/cipher_cast.h
copy to providers/default/ciphers/cipher_sm4.h
index 279f92216f..842c218f30 100644
--- a/providers/default/ciphers/cipher_cast.h
+++ b/providers/default/ciphers/cipher_sm4.h
@@ -7,18 +7,19 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/cast.h>
 #include "internal/ciphers/ciphercommon.h"
+#include "internal/sm4.h"
 
 typedef struct prov_cast_ctx_st {
     PROV_CIPHER_CTX base;      /* Must be first */
     union {
         OSSL_UNION_ALIGN;
-        CAST_KEY ks;
+        SM4_KEY ks;
     } ks;
-} PROV_CAST_CTX;
+} PROV_SM4_CTX;
 
-const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_cbc(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_ecb(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_ofb64(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_cfb64(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ctr(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ofb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_cfb128(size_t keybits);
diff --git a/providers/default/ciphers/cipher_sm4_hw.c b/providers/default/ciphers/cipher_sm4_hw.c
new file mode 100644
index 0000000000..9ecaf0b997
--- /dev/null
+++ b/providers/default/ciphers/cipher_sm4_hw.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_sm4.h"
+
+static int cipher_hw_sm4_initkey(PROV_CIPHER_CTX *ctx,
+                                 const unsigned char *key, size_t keylen)
+{
+    PROV_SM4_CTX *sctx =  (PROV_SM4_CTX *)ctx;
+    SM4_KEY *ks = &sctx->ks.ks;
+
+    SM4_set_key(key, ks);
+    ctx->ks = ks;
+    if (ctx->enc
+            || (ctx->mode != EVP_CIPH_ECB_MODE
+                && ctx->mode != EVP_CIPH_CBC_MODE))
+        ctx->block = (block128_f)SM4_encrypt;
+    else
+        ctx->block = (block128_f)SM4_decrypt;
+    return 1;
+}
+
+# define PROV_CIPHER_HW_sm4_mode(mode)                                         \
+static const PROV_CIPHER_HW sm4_##mode = {                                     \
+    cipher_hw_sm4_initkey,                                                     \
+    cipher_hw_chunked_##mode                                                   \
+};                                                                             \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_##mode(size_t keybits)                \
+{                                                                              \
+    return &sm4_##mode;                                                        \
+}
+
+PROV_CIPHER_HW_sm4_mode(cbc)
+PROV_CIPHER_HW_sm4_mode(ecb)
+PROV_CIPHER_HW_sm4_mode(ofb128)
+PROV_CIPHER_HW_sm4_mode(cfb128)
+PROV_CIPHER_HW_sm4_mode(ctr)
diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c
index 71169161e8..845f0c11c0 100644
--- a/providers/default/defltprov.c
+++ b/providers/default/defltprov.c
@@ -213,6 +213,13 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
     { "SEED-OFB", "default=yes", seed128ofb128_functions },
     { "SEED-CFB", "default=yes", seed128cfb128_functions },
 #endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_SM4
+    { "SM4-ECB", "default=yes", sm4128ecb_functions },
+    { "SM4-CBC", "default=yes", sm4128cbc_functions },
+    { "SM4-CTR", "default=yes", sm4128ctr_functions },
+    { "SM4-OFB", "default=yes", sm4128ofb128_functions },
+    { "SM4-CFB", "default=yes", sm4128cfb128_functions },
+#endif /* OPENSSL_NO_SM4 */
     { NULL, NULL, NULL }
 };
 
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index bee446c1c8..486281772c 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -41,6 +41,9 @@ push @defltfiles, @castfiles unless disabled("cast");
 my @seedfiles = qw( evpciph_seed.txt );
 push @defltfiles, @seedfiles unless disabled("seed");
 
+my @sm4files = qw( evpciph_sm4.txt );
+push @defltfiles, @sm4files unless disabled("sm4");
+
 plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 1;
 
 my $infile = bldtop_file('providers', platform->dso('fips'));
diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt
index b32d57d481..b180723188 100644
--- a/test/recipes/30-test_evp_data/evpciph.txt
+++ b/test/recipes/30-test_evp_data/evpciph.txt
@@ -2256,37 +2256,6 @@ Operation = ENCRYPT
 Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
 Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D
 
-Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4
-
-Cipher = SM4-ECB
-Key = 0123456789ABCDEFFEDCBA9876543210
-Plaintext  = 0123456789ABCDEFFEDCBA9876543210
-Ciphertext = 681EDF34D206965E86B3E94F536E4246
-
-Cipher = SM4-CBC
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV  = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B
-
-Cipher = SM4-OFB
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV  = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE
-
-Cipher = SM4-CFB
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV  = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995
-
-Cipher = SM4-CTR
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV  = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA
-Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D
-
 Title = ARIA test vectors from RFC5794 (and others)
 
 Cipher = ARIA-128-ECB
diff --git a/test/recipes/30-test_evp_data/evpciph_sm4.txt b/test/recipes/30-test_evp_data/evpciph_sm4.txt
new file mode 100644
index 0000000000..8434ccb6e2
--- /dev/null
+++ b/test/recipes/30-test_evp_data/evpciph_sm4.txt
@@ -0,0 +1,39 @@
+#
+# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4
+
+Cipher = SM4-ECB
+Key = 0123456789ABCDEFFEDCBA9876543210
+Plaintext  = 0123456789ABCDEFFEDCBA9876543210
+Ciphertext = 681EDF34D206965E86B3E94F536E4246
+
+Cipher = SM4-CBC
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B
+
+Cipher = SM4-OFB
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE
+
+Cipher = SM4-CFB
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995
+
+Cipher = SM4-CTR
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA
+Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D


More information about the openssl-commits mailing list