[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Thu Sep 19 05:40:14 UTC 2019
The branch master has been updated
via 105dde2528d64b4af25c241288a985fdfc27afbc (commit)
from 639b53ecd82648fbb66a2ab7dabece7f15a1f730 (commit)
- Log -----------------------------------------------------------------
commit 105dde2528d64b4af25c241288a985fdfc27afbc
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu Sep 19 15:38:51 2019 +1000
Add sm4 ciphers to default provider
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9935)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_enc.c | 5 +++
providers/common/include/internal/provider_algs.h | 7 +++
providers/default/ciphers/build.info | 5 +++
providers/default/ciphers/cipher_sm4.c | 51 ++++++++++++++++++++++
.../ciphers/{cipher_cast.h => cipher_sm4.h} | 15 ++++---
providers/default/ciphers/cipher_sm4_hw.c | 43 ++++++++++++++++++
providers/default/defltprov.c | 7 +++
test/recipes/30-test_evp.t | 3 ++
test/recipes/30-test_evp_data/evpciph.txt | 31 -------------
test/recipes/30-test_evp_data/evpciph_sm4.txt | 39 +++++++++++++++++
10 files changed, 168 insertions(+), 38 deletions(-)
create mode 100644 providers/default/ciphers/cipher_sm4.c
copy providers/default/ciphers/{cipher_cast.h => cipher_sm4.h} (57%)
create mode 100644 providers/default/ciphers/cipher_sm4_hw.c
create mode 100644 test/recipes/30-test_evp_data/evpciph_sm4.txt
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 4d6001688f..41edd0decd 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -247,6 +247,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
case NID_seed_ecb:
case NID_seed_cfb128:
case NID_seed_ofb128:
+ case NID_sm4_cbc:
+ case NID_sm4_ecb:
+ case NID_sm4_ctr:
+ case NID_sm4_cfb128:
+ case NID_sm4_ofb128:
break;
default:
goto legacy;
diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h
index d69b9cd4b8..aeb7c430a0 100644
--- a/providers/common/include/internal/provider_algs.h
+++ b/providers/common/include/internal/provider_algs.h
@@ -140,6 +140,13 @@ extern const OSSL_DISPATCH seed128cbc_functions[];
extern const OSSL_DISPATCH seed128ofb128_functions[];
extern const OSSL_DISPATCH seed128cfb128_functions[];
#endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_SM4
+extern const OSSL_DISPATCH sm4128ecb_functions[];
+extern const OSSL_DISPATCH sm4128cbc_functions[];
+extern const OSSL_DISPATCH sm4128ctr_functions[];
+extern const OSSL_DISPATCH sm4128ofb128_functions[];
+extern const OSSL_DISPATCH sm4128cfb128_functions[];
+#endif /* OPENSSL_NO_SM4 */
extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];
diff --git a/providers/default/ciphers/build.info b/providers/default/ciphers/build.info
index 66ef9df68a..8f2bbae28d 100644
--- a/providers/default/ciphers/build.info
+++ b/providers/default/ciphers/build.info
@@ -39,4 +39,9 @@ IF[{- !$disabled{seed} -}]
cipher_seed.c cipher_seed_hw.c
ENDIF
+IF[{- !$disabled{sm4} -}]
+ SOURCE[../../../libcrypto]=\
+ cipher_sm4.c cipher_sm4_hw.c
+ENDIF
+
INCLUDE[../../../libcrypto]=. ../../../crypto
diff --git a/providers/default/ciphers/cipher_sm4.c b/providers/default/ciphers/cipher_sm4.c
new file mode 100644
index 0000000000..8b7c3761ca
--- /dev/null
+++ b/providers/default/ciphers/cipher_sm4.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb */
+
+#include "cipher_sm4.h"
+#include "internal/provider_algs.h"
+
+/* TODO (3.0) Figure out what flags to pass */
+#define SM4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1
+
+static OSSL_OP_cipher_freectx_fn sm4_freectx;
+static OSSL_OP_cipher_dupctx_fn sm4_dupctx;
+
+static void sm4_freectx(void *vctx)
+{
+ PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx;
+
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *sm4_dupctx(void *ctx)
+{
+ PROV_SM4_CTX *in = (PROV_SM4_CTX *)ctx;
+ PROV_SM4_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+ if (ret == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ *ret = *in;
+
+ return ret;
+}
+
+/* sm4128ecb_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, SM4_FLAGS, 128, 128, 0, block)
+/* sm4128cbc_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, SM4_FLAGS, 128, 128, 128, block)
+/* sm4128ctr_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ctr, CTR, SM4_FLAGS, 128, 8, 128, stream)
+/* sm4128ofb128_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, SM4_FLAGS, 128, 8, 128, stream)
+/* sm4128cfb128_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, cfb128, CFB, SM4_FLAGS, 128, 8, 128, stream)
diff --git a/providers/default/ciphers/cipher_cast.h b/providers/default/ciphers/cipher_sm4.h
similarity index 57%
copy from providers/default/ciphers/cipher_cast.h
copy to providers/default/ciphers/cipher_sm4.h
index 279f92216f..842c218f30 100644
--- a/providers/default/ciphers/cipher_cast.h
+++ b/providers/default/ciphers/cipher_sm4.h
@@ -7,18 +7,19 @@
* https://www.openssl.org/source/license.html
*/
-#include <openssl/cast.h>
#include "internal/ciphers/ciphercommon.h"
+#include "internal/sm4.h"
typedef struct prov_cast_ctx_st {
PROV_CIPHER_CTX base; /* Must be first */
union {
OSSL_UNION_ALIGN;
- CAST_KEY ks;
+ SM4_KEY ks;
} ks;
-} PROV_CAST_CTX;
+} PROV_SM4_CTX;
-const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_cbc(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_ecb(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_ofb64(size_t keybits);
-const PROV_CIPHER_HW *PROV_CIPHER_HW_cast5_cfb64(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ctr(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ofb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_cfb128(size_t keybits);
diff --git a/providers/default/ciphers/cipher_sm4_hw.c b/providers/default/ciphers/cipher_sm4_hw.c
new file mode 100644
index 0000000000..9ecaf0b997
--- /dev/null
+++ b/providers/default/ciphers/cipher_sm4_hw.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_sm4.h"
+
+static int cipher_hw_sm4_initkey(PROV_CIPHER_CTX *ctx,
+ const unsigned char *key, size_t keylen)
+{
+ PROV_SM4_CTX *sctx = (PROV_SM4_CTX *)ctx;
+ SM4_KEY *ks = &sctx->ks.ks;
+
+ SM4_set_key(key, ks);
+ ctx->ks = ks;
+ if (ctx->enc
+ || (ctx->mode != EVP_CIPH_ECB_MODE
+ && ctx->mode != EVP_CIPH_CBC_MODE))
+ ctx->block = (block128_f)SM4_encrypt;
+ else
+ ctx->block = (block128_f)SM4_decrypt;
+ return 1;
+}
+
+# define PROV_CIPHER_HW_sm4_mode(mode) \
+static const PROV_CIPHER_HW sm4_##mode = { \
+ cipher_hw_sm4_initkey, \
+ cipher_hw_chunked_##mode \
+}; \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_##mode(size_t keybits) \
+{ \
+ return &sm4_##mode; \
+}
+
+PROV_CIPHER_HW_sm4_mode(cbc)
+PROV_CIPHER_HW_sm4_mode(ecb)
+PROV_CIPHER_HW_sm4_mode(ofb128)
+PROV_CIPHER_HW_sm4_mode(cfb128)
+PROV_CIPHER_HW_sm4_mode(ctr)
diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c
index 71169161e8..845f0c11c0 100644
--- a/providers/default/defltprov.c
+++ b/providers/default/defltprov.c
@@ -213,6 +213,13 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
{ "SEED-OFB", "default=yes", seed128ofb128_functions },
{ "SEED-CFB", "default=yes", seed128cfb128_functions },
#endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_SM4
+ { "SM4-ECB", "default=yes", sm4128ecb_functions },
+ { "SM4-CBC", "default=yes", sm4128cbc_functions },
+ { "SM4-CTR", "default=yes", sm4128ctr_functions },
+ { "SM4-OFB", "default=yes", sm4128ofb128_functions },
+ { "SM4-CFB", "default=yes", sm4128cfb128_functions },
+#endif /* OPENSSL_NO_SM4 */
{ NULL, NULL, NULL }
};
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index bee446c1c8..486281772c 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -41,6 +41,9 @@ push @defltfiles, @castfiles unless disabled("cast");
my @seedfiles = qw( evpciph_seed.txt );
push @defltfiles, @seedfiles unless disabled("seed");
+my @sm4files = qw( evpciph_sm4.txt );
+push @defltfiles, @sm4files unless disabled("sm4");
+
plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 1;
my $infile = bldtop_file('providers', platform->dso('fips'));
diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt
index b32d57d481..b180723188 100644
--- a/test/recipes/30-test_evp_data/evpciph.txt
+++ b/test/recipes/30-test_evp_data/evpciph.txt
@@ -2256,37 +2256,6 @@ Operation = ENCRYPT
Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D
-Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4
-
-Cipher = SM4-ECB
-Key = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA9876543210
-Ciphertext = 681EDF34D206965E86B3E94F536E4246
-
-Cipher = SM4-CBC
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B
-
-Cipher = SM4-OFB
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE
-
-Cipher = SM4-CFB
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995
-
-Cipher = SM4-CTR
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA
-Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D
-
Title = ARIA test vectors from RFC5794 (and others)
Cipher = ARIA-128-ECB
diff --git a/test/recipes/30-test_evp_data/evpciph_sm4.txt b/test/recipes/30-test_evp_data/evpciph_sm4.txt
new file mode 100644
index 0000000000..8434ccb6e2
--- /dev/null
+++ b/test/recipes/30-test_evp_data/evpciph_sm4.txt
@@ -0,0 +1,39 @@
+#
+# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4
+
+Cipher = SM4-ECB
+Key = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA9876543210
+Ciphertext = 681EDF34D206965E86B3E94F536E4246
+
+Cipher = SM4-CBC
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B
+
+Cipher = SM4-OFB
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE
+
+Cipher = SM4-CFB
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995
+
+Cipher = SM4-CTR
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA
+Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D
More information about the openssl-commits
mailing list