[openssl] master update

Dr. Paul Dale pauli at openssl.org
Tue Sep 28 09:28:30 UTC 2021


The branch master has been updated
       via  c2ee608a234340aa735f894f8d84ead0ce58286e (commit)
      from  d8f6c533cfcbcad350c9cfb2c112eb9f938ba83c (commit)


- Log -----------------------------------------------------------------
commit c2ee608a234340aa735f894f8d84ead0ce58286e
Author: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
Date:   Wed Sep 1 16:54:15 2021 +0800

    providers: Add SM4 GCM implementation
    
    The GCM mode of the SM4 algorithm is specifieded by RFC8998.
    
    Signed-off-by: Tianjia Zhang <tianjia.zhang at linux.alibaba.com>
    
    Reviewed-by: Paul Yang <kaishen.yy at antfin.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16491)

-----------------------------------------------------------------------

Summary of changes:
 providers/defltprov.c                              |  2 +
 providers/implementations/ciphers/build.info       |  4 +-
 providers/implementations/ciphers/cipher_sm4_ccm.c | 39 ++++++++++++++++++++
 .../{cipher_aria_ccm.h => cipher_sm4_ccm.h}        | 14 +++----
 .../{cipher_aria_ccm_hw.c => cipher_sm4_ccm_hw.c}  | 25 +++++++------
 providers/implementations/ciphers/cipher_sm4_gcm.c | 40 ++++++++++++++++++++
 .../{cipher_aria_gcm.h => cipher_sm4_gcm.h}        | 12 +++---
 .../implementations/ciphers/cipher_sm4_gcm_hw.c    | 43 ++++++++++++++++++++++
 .../implementations/include/prov/implementations.h |  2 +
 providers/implementations/include/prov/names.h     |  2 +
 test/recipes/30-test_evp_data/evpciph_sm4.txt      | 20 ++++++++++
 11 files changed, 177 insertions(+), 26 deletions(-)
 create mode 100644 providers/implementations/ciphers/cipher_sm4_ccm.c
 copy providers/implementations/ciphers/{cipher_aria_ccm.h => cipher_sm4_ccm.h} (58%)
 copy providers/implementations/ciphers/{cipher_aria_ccm_hw.c => cipher_sm4_ccm_hw.c} (50%)
 create mode 100644 providers/implementations/ciphers/cipher_sm4_gcm.c
 copy providers/implementations/ciphers/{cipher_aria_gcm.h => cipher_sm4_gcm.h} (65%)
 create mode 100644 providers/implementations/ciphers/cipher_sm4_gcm_hw.c

diff --git a/providers/defltprov.c b/providers/defltprov.c
index e6c0b24658..ed4573cb8d 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -289,6 +289,8 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
     ALG(PROV_NAMES_DES_EDE_CFB, ossl_tdes_ede2_cfb_functions),
 #endif /* OPENSSL_NO_DES */
 #ifndef OPENSSL_NO_SM4
+    ALG(PROV_NAMES_SM4_GCM, ossl_sm4128gcm_functions),
+    ALG(PROV_NAMES_SM4_CCM, ossl_sm4128ccm_functions),
     ALG(PROV_NAMES_SM4_ECB, ossl_sm4128ecb_functions),
     ALG(PROV_NAMES_SM4_CBC, ossl_sm4128cbc_functions),
     ALG(PROV_NAMES_SM4_CTR, ossl_sm4128ctr_functions),
diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info
index e4c5f4f051..b5d9d4f6c1 100644
--- a/providers/implementations/ciphers/build.info
+++ b/providers/implementations/ciphers/build.info
@@ -105,7 +105,9 @@ ENDIF
 
 IF[{- !$disabled{sm4} -}]
   SOURCE[$SM4_GOAL]=\
-      cipher_sm4.c cipher_sm4_hw.c
+      cipher_sm4.c cipher_sm4_hw.c \
+      cipher_sm4_gcm.c cipher_sm4_gcm_hw.c \
+      cipher_sm4_ccm.c cipher_sm4_ccm_hw.c
 ENDIF
 
 IF[{- !$disabled{ocb} -}]
diff --git a/providers/implementations/ciphers/cipher_sm4_ccm.c b/providers/implementations/ciphers/cipher_sm4_ccm.c
new file mode 100644
index 0000000000..f0295a5ca2
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_sm4_ccm.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for SM4 CCM mode */
+
+#include "cipher_sm4_ccm.h"
+#include "prov/implementations.h"
+#include "prov/providercommon.h"
+
+static OSSL_FUNC_cipher_freectx_fn sm4_ccm_freectx;
+
+static void *sm4_ccm_newctx(void *provctx, size_t keybits)
+{
+    PROV_SM4_CCM_CTX *ctx;
+
+    if (!ossl_prov_is_running())
+        return NULL;
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx != NULL)
+        ossl_ccm_initctx(&ctx->base, keybits, ossl_prov_sm4_hw_ccm(keybits));
+    return ctx;
+}
+
+static void sm4_ccm_freectx(void *vctx)
+{
+    PROV_SM4_CCM_CTX *ctx = (PROV_SM4_CCM_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+/* sm4128ccm functions */
+IMPLEMENT_aead_cipher(sm4, ccm, CCM, AEAD_FLAGS, 128, 8, 96);
diff --git a/providers/implementations/ciphers/cipher_aria_ccm.h b/providers/implementations/ciphers/cipher_sm4_ccm.h
similarity index 58%
copy from providers/implementations/ciphers/cipher_aria_ccm.h
copy to providers/implementations/ciphers/cipher_sm4_ccm.h
index 558da4973f..189e71e9e4 100644
--- a/providers/implementations/ciphers/cipher_aria_ccm.h
+++ b/providers/implementations/ciphers/cipher_sm4_ccm.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,16 +7,16 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "crypto/aria.h"
+#include "crypto/sm4.h"
 #include "prov/ciphercommon.h"
 #include "prov/ciphercommon_ccm.h"
 
-typedef struct prov_aria_ccm_ctx_st {
+typedef struct prov_sm4_ccm_ctx_st {
     PROV_CCM_CTX base; /* Must be first */
     union {
         OSSL_UNION_ALIGN;
-        ARIA_KEY ks;
-    } ks;                       /* ARIA key schedule to use */
-} PROV_ARIA_CCM_CTX;
+        SM4_KEY ks;
+    } ks;                       /* SM4 key schedule to use */
+} PROV_SM4_CCM_CTX;
 
-const PROV_CCM_HW *ossl_prov_aria_hw_ccm(size_t keylen);
+const PROV_CCM_HW *ossl_prov_sm4_hw_ccm(size_t keylen);
diff --git a/providers/implementations/ciphers/cipher_aria_ccm_hw.c b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c
similarity index 50%
copy from providers/implementations/ciphers/cipher_aria_ccm_hw.c
copy to providers/implementations/ciphers/cipher_sm4_ccm_hw.c
index e56ec8fb08..791daf3e46 100644
--- a/providers/implementations/ciphers/cipher_aria_ccm_hw.c
+++ b/providers/implementations/ciphers/cipher_sm4_ccm_hw.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,33 +8,34 @@
  */
 
 /*-
- * Generic support for ARIA CCM.
+ * Generic support for SM4 CCM.
  */
 
-#include "cipher_aria_ccm.h"
+#include "cipher_sm4_ccm.h"
 
-static int ccm_aria_initkey(PROV_CCM_CTX *ctx,
-                            const unsigned char *key, size_t keylen)
+static int ccm_sm4_initkey(PROV_CCM_CTX *ctx,
+                           const unsigned char *key, size_t keylen)
 {
-    PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx;
+    PROV_SM4_CCM_CTX *actx = (PROV_SM4_CCM_CTX *)ctx;
 
-    ossl_aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks);
+    ossl_sm4_set_key(key, &actx->ks.ks);
     CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks,
-                       (block128_f)ossl_aria_encrypt);
+                       (block128_f)ossl_sm4_encrypt);
     ctx->str = NULL;
     ctx->key_set = 1;
     return 1;
 }
 
-static const PROV_CCM_HW ccm_aria = {
-    ccm_aria_initkey,
+static const PROV_CCM_HW ccm_sm4 = {
+    ccm_sm4_initkey,
     ossl_ccm_generic_setiv,
     ossl_ccm_generic_setaad,
     ossl_ccm_generic_auth_encrypt,
     ossl_ccm_generic_auth_decrypt,
     ossl_ccm_generic_gettag
 };
-const PROV_CCM_HW *ossl_prov_aria_hw_ccm(size_t keybits)
+
+const PROV_CCM_HW *ossl_prov_sm4_hw_ccm(size_t keybits)
 {
-    return &ccm_aria;
+    return &ccm_sm4;
 }
diff --git a/providers/implementations/ciphers/cipher_sm4_gcm.c b/providers/implementations/ciphers/cipher_sm4_gcm.c
new file mode 100644
index 0000000000..7a936f00ee
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_sm4_gcm.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for SM4 GCM mode */
+
+#include "cipher_sm4_gcm.h"
+#include "prov/implementations.h"
+#include "prov/providercommon.h"
+
+static OSSL_FUNC_cipher_freectx_fn sm4_gcm_freectx;
+
+static void *sm4_gcm_newctx(void *provctx, size_t keybits)
+{
+    PROV_SM4_GCM_CTX *ctx;
+
+    if (!ossl_prov_is_running())
+        return NULL;
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx != NULL)
+        ossl_gcm_initctx(provctx, &ctx->base, keybits,
+                         ossl_prov_sm4_hw_gcm(keybits));
+    return ctx;
+}
+
+static void sm4_gcm_freectx(void *vctx)
+{
+    PROV_SM4_GCM_CTX *ctx = (PROV_SM4_GCM_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+/* ossl_sm4128gcm_functions */
+IMPLEMENT_aead_cipher(sm4, gcm, GCM, AEAD_FLAGS, 128, 8, 96);
diff --git a/providers/implementations/ciphers/cipher_aria_gcm.h b/providers/implementations/ciphers/cipher_sm4_gcm.h
similarity index 65%
copy from providers/implementations/ciphers/cipher_aria_gcm.h
copy to providers/implementations/ciphers/cipher_sm4_gcm.h
index 6251e8322f..2b6b5f3ece 100644
--- a/providers/implementations/ciphers/cipher_aria_gcm.h
+++ b/providers/implementations/ciphers/cipher_sm4_gcm.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,16 +7,16 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "crypto/aria.h"
+#include "crypto/sm4.h"
 #include "prov/ciphercommon.h"
 #include "prov/ciphercommon_gcm.h"
 
-typedef struct prov_aria_gcm_ctx_st {
+typedef struct prov_sm4_gcm_ctx_st {
     PROV_GCM_CTX base;              /* must be first entry in struct */
     union {
         OSSL_UNION_ALIGN;
-        ARIA_KEY ks;
+        SM4_KEY ks;
     } ks;
-} PROV_ARIA_GCM_CTX;
+} PROV_SM4_GCM_CTX;
 
-const PROV_GCM_HW *ossl_prov_aria_hw_gcm(size_t keybits);
+const PROV_GCM_HW *ossl_prov_sm4_hw_gcm(size_t keybits);
diff --git a/providers/implementations/ciphers/cipher_sm4_gcm_hw.c b/providers/implementations/ciphers/cipher_sm4_gcm_hw.c
new file mode 100644
index 0000000000..6bcd1ec406
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_sm4_gcm_hw.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * Generic support for SM4 GCM.
+ */
+
+#include "cipher_sm4_gcm.h"
+
+static int sm4_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
+                           size_t keylen)
+{
+    PROV_SM4_GCM_CTX *actx = (PROV_SM4_GCM_CTX *)ctx;
+    SM4_KEY *ks = &actx->ks.ks;
+
+    ctx->ks = ks;
+    ossl_sm4_set_key(key, ks);
+    CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)ossl_sm4_encrypt);
+    ctx->ctr = (ctr128_f)NULL;
+    ctx->key_set = 1;
+
+    return 1;
+}
+
+static const PROV_GCM_HW sm4_gcm = {
+    sm4_gcm_initkey,
+    ossl_gcm_setiv,
+    ossl_gcm_aad_update,
+    ossl_gcm_cipher_update,
+    ossl_gcm_cipher_final,
+    ossl_gcm_one_shot
+};
+
+const PROV_GCM_HW *ossl_prov_sm4_hw_gcm(size_t keybits)
+{
+    return &sm4_gcm;
+}
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 66817fa104..cb1b7925c5 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -177,6 +177,8 @@ extern const OSSL_DISPATCH ossl_seed128ofb128_functions[];
 extern const OSSL_DISPATCH ossl_seed128cfb128_functions[];
 #endif /* OPENSSL_NO_SEED */
 #ifndef OPENSSL_NO_SM4
+extern const OSSL_DISPATCH ossl_sm4128gcm_functions[];
+extern const OSSL_DISPATCH ossl_sm4128ccm_functions[];
 extern const OSSL_DISPATCH ossl_sm4128ecb_functions[];
 extern const OSSL_DISPATCH ossl_sm4128cbc_functions[];
 extern const OSSL_DISPATCH ossl_sm4128ctr_functions[];
diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h
index 62aa7bd725..97cbae70f1 100644
--- a/providers/implementations/include/prov/names.h
+++ b/providers/implementations/include/prov/names.h
@@ -162,6 +162,8 @@
 #define PROV_NAMES_SM4_CTR "SM4-CTR:1.2.156.10197.1.104.7"
 #define PROV_NAMES_SM4_OFB "SM4-OFB:SM4-OFB128:1.2.156.10197.1.104.3"
 #define PROV_NAMES_SM4_CFB "SM4-CFB:SM4-CFB128:1.2.156.10197.1.104.4"
+#define PROV_NAMES_SM4_GCM "SM4-GCM:1.2.156.10197.1.104.8"
+#define PROV_NAMES_SM4_CCM "SM4-CCM:1.2.156.10197.1.104.9"
 #define PROV_NAMES_ChaCha20 "ChaCha20"
 #define PROV_NAMES_ChaCha20_Poly1305 "ChaCha20-Poly1305"
 #define PROV_NAMES_CAST5_ECB "CAST5-ECB"
diff --git a/test/recipes/30-test_evp_data/evpciph_sm4.txt b/test/recipes/30-test_evp_data/evpciph_sm4.txt
index ec8a45bd3f..9fb16ca15c 100644
--- a/test/recipes/30-test_evp_data/evpciph_sm4.txt
+++ b/test/recipes/30-test_evp_data/evpciph_sm4.txt
@@ -36,3 +36,23 @@ Key = 0123456789ABCDEFFEDCBA9876543210
 IV  = 0123456789ABCDEFFEDCBA9876543210
 Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA
 Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D
+
+Title = SM4 GCM test vectors from RFC8998
+
+Cipher = SM4-GCM
+Key = 0123456789abcdeffedcba9876543210
+IV = 00001234567800000000abcd
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 83de3541e4c2b58177e065a9bf7b62ec
+Plaintext = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffeeeeeeeeeeeeeeeeaaaaaaaaaaaaaaaa
+Ciphertext = 17f399f08c67d5ee19d0dc9969c4bb7d5fd46fd3756489069157b282bb200735d82710ca5c22f0ccfa7cbf93d496ac15a56834cbcf98c397b4024a2691233b8d
+
+Title = SM4 CCM test vectors from RFC8998
+
+Cipher = SM4-CCM
+Key = 0123456789abcdeffedcba9876543210
+IV = 00001234567800000000abcd
+AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2
+Tag = 16842d4fa186f56ab33256971fa110f4
+Plaintext = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffeeeeeeeeeeeeeeeeaaaaaaaaaaaaaaaa
+Ciphertext = 48af93501fa62adbcd414cce6034d895dda1bf8f132f042098661572e7483094fd12e518ce062c98acee28d95df4416bed31a2f04476c18bb40c84a74b97dc5b


More information about the openssl-commits mailing list