Browse Source

add sm3 sm4 sm9 crypto algorithm

pull/3/head
root 1 year ago
parent
commit
e012005b45
  1. 2
      framework/Makefile
  2. 20
      framework/security/Kconfig
  3. 5
      framework/security/Makefile
  4. 15
      framework/security/crypto/Makefile
  5. 79
      framework/security/crypto/include/bignum.h
  6. 42
      framework/security/crypto/include/ecc.h
  7. 43
      framework/security/crypto/include/join.h
  8. 71
      framework/security/crypto/include/qn.h
  9. 94
      framework/security/crypto/include/sm3.h
  10. 122
      framework/security/crypto/include/sm4.h
  11. 72
      framework/security/crypto/include/sm9.h
  12. 66
      framework/security/crypto/include/sm9_para.h
  13. 31
      framework/security/crypto/include/sm9_test.h
  14. 40
      framework/security/crypto/include/sm9_util.h
  15. 474
      framework/security/crypto/sm3/sm3.c
  16. 125
      framework/security/crypto/sm3/sm3_hmac.c
  17. 16539
      framework/security/crypto/sm4/sm4_common.c
  18. 265
      framework/security/crypto/sm4/sm4_enc_mode.c
  19. 131
      framework/security/crypto/sm4/sms4_enc.c
  20. 103
      framework/security/crypto/sm4/sms4_lcl.h
  21. 119
      framework/security/crypto/sm4/sms4_setkey.c
  22. 719
      framework/security/crypto/sm9/bignum.c
  23. 158
      framework/security/crypto/sm9/ecc.c
  24. 254
      framework/security/crypto/sm9/join.c
  25. 970
      framework/security/crypto/sm9/qn.c
  26. 646
      framework/security/crypto/sm9/sm9.c
  27. 194
      framework/security/crypto/sm9/sm9_para.c
  28. 382
      framework/security/crypto/sm9/sm9_util.c
  29. 53
      framework/security/crypto/test/sm3_test.c
  30. 93
      framework/security/crypto/test/sm4_test.c
  31. 875
      framework/security/crypto/test/sm9_test.c
  32. 4
      path_kernel.mk

2
framework/Makefile

@ -1,3 +1,3 @@
SRC_DIR := connection perception intelligent
SRC_DIR := connection perception intelligent security
include $(KERNEL_ROOT)/compiler.mk

20
framework/security/Kconfig

@ -1,3 +1,23 @@
menu "Security"
menuconfig CRYPTO
bool "using crypto"
default n
if CRYPTO
menuconfig CRYPTO_SM3
bool "using sm3"
default n
menuconfig CRYPTO_SM4
bool "using sm4"
default n
menuconfig CRYPTO_SM9
select CRYPTO_SM3
select CRYPTO_SM4
bool "using sm9"
default n
endif
endmenu

5
framework/security/Makefile

@ -0,0 +1,5 @@
ifeq ($(CONFIG_CRYPTO), y)
SRC_DIR := crypto
endif
include $(KERNEL_ROOT)/compiler.mk

15
framework/security/crypto/Makefile

@ -0,0 +1,15 @@
SRC_FILES :=
ifeq ($(CONFIG_CRYPTO_SM3), y)
SRC_FILES += sm3/sm3.c sm3/sm3_hmac.c test/sm3_test.c
endif
ifeq ($(CONFIG_CRYPTO_SM4), y)
SRC_FILES += sm4/sm4_common.c sm4/sms4_setkey.c sm4/sms4_enc.c sm4/sm4_enc_mode.c test/sm4_test.c
endif
ifeq ($(CONFIG_CRYPTO_SM9), y)
SRC_FILES += sm9/bignum.c sm9/ecc.c sm9/qn.c sm9/join.c sm9/sm9_util.c sm9/sm9_para.c sm9/sm9.c test/sm9_test.c
endif
include $(KERNEL_ROOT)/compiler.mk

79
framework/security/crypto/include/bignum.h

@ -0,0 +1,79 @@
/*
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain bn1 copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file bignum.h
* @brief arithmetic of big number, included by ecc.h
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#ifndef BIGNUM_H
#define BIGNUM_H
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <xiuos.h>
#define BIGNUMBER_SIZE_8WORD 8
#define BIGNUMBER_SIZE_16WORD 16
#define BIG8W_BYTESIZE 32
#define bool uint8_t
#define true 1
#define false 0
typedef struct bignum_8uint32 {
uint32_t word[BIGNUMBER_SIZE_8WORD];
} big8w;
typedef struct bignum_16uint32 {
uint32_t word[BIGNUMBER_SIZE_16WORD];
uint8_t length;
} big16w;
typedef struct SM9Curve {
big8w b;
big8w q;
big8w N;
} sm9curve;
extern sm9curve curve;
// used in Montgomery Mult
/** power(2, 32) - (curve.q.word[0] 's reverse under power(2, 32)) */
extern uint32_t qlow_reverse;
/** power(2, 32) - (curve.N.word[0] 's reverse under power(2, 32)) */
extern uint32_t Nlow_reverse;
/** (2^(256*2)) mod curve.q; used in big numbers' mult(Montgomery Mult) */
extern big8w q_2k;
/** (2^(256*2)) mod curve.N; used in big numbers' mult(Montgomery Mult) */
extern big8w N_2k;
void Big8wPrint(big8w* bignum);
unsigned char Big8wHighestbit(big8w* bignum);
bool Big8wIsZero(big8w* bignum);
bool Big8wBigThan(big8w* bn1, big8w* bn2);
bool Big8wEqual(big8w* bn1, big8w* bn2);
big8w Big8wMinusMod(big8w bn1, big8w bn2, big8w p);
big8w Big8wAddMod(big8w bn1, big8w bn2, big8w p);
big8w Big16wmod8w(big16w bignum16w, big8w p);
big8w Big8wReverse(big8w bignum, big8w N);
big8w Big8wMultMod(big8w bn1, big8w bn2, big8w p);
#endif

42
framework/security/crypto/include/ecc.h

@ -0,0 +1,42 @@
/*
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file ecc.h
* @brief arithmetic in ecc, included by qn.h
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#ifndef ECC_H
#define ECC_H
#include <bignum.h>
typedef struct G1_base_group_point {
big8w x;
big8w y;
} G1point;
typedef struct SM9ecn{
big8w x;
big8w y;
big8w z;
} ecn;
void G1pointPrint(G1point *point);
bool PointInG1(G1point point);
G1point G1pointAdd(G1point point1, G1point point2);
G1point G1pointMult(big8w bignum, G1point point);
#endif

43
framework/security/crypto/include/join.h

@ -0,0 +1,43 @@
/*
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file join.h
* @brief convert data type and join string
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#ifndef JOIN_H
#define JOIN_H
#include <qn.h>
#include <sm3.h>
void Big8wIntou8string(big8w* bignum, uint8_t* string, uint32_t startindex);
void Q12Intou8string(q12* num, uint8_t* string, uint32_t startindex);
void U8stringToG1point(uint8_t *string, G1point* ret);
void JoinIDhid(uint8_t *ID, uint8_t IDlen, uint8_t hid, uint8_t *ret);
void JoinMsgW(uint8_t *message, uint32_t msglen, q12 *w, uint8_t* ret);
void JoinIDAIDBRARBg123(
uint8_t *ID_Challenger, uint8_t ID_Challenger_len,
uint8_t *ID_Responser, uint8_t ID_Responser_len,
G1point* R_Challenger, G1point* R_Responser,
q12 *g1, q12 *g2, q12 *g3,
uint8_t* ret);
void JoinCwID(G1point *C, q12 *w, uint8_t *ID, uint8_t IDlen, uint8_t *ret);
void XOR(unsigned char *msg, uint32_t msglen, unsigned char *K, unsigned char *ret);
#endif

71
framework/security/crypto/include/qn.h

@ -0,0 +1,71 @@
/*
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file qn.h
* @brief arithmetic in extention field, and arithmetic in group G2, frobenius and LastPower in BiLinearPairing
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#ifndef QN_H
#define QN_H
#include <ecc.h>
typedef struct q2_num {
big8w high;
big8w low;
} q2;
typedef struct G2_q2group_point {
q2 x;
q2 y;
} G2point;
typedef struct q4_num {
q2 high;
q2 low;
} q4;
typedef struct q12_num {
q4 high;
q4 mid;
q4 low;
} q12;
typedef struct big_12bignum {
big8w word[12];
} big_12big;
extern big8w t; // sm9 ecc parameter
extern big8w qnr; // (-1/2) mod curve.q
extern big8w frobenius_constant_1[12];
extern big8w frobenius_constant_2[12];
void G2pointPrint(G2point *point);
void Q12Print(q12* number);
void Q12To12big(q12 *num, big_12big *ret);
G2point G2PointAdd(G2point point1, G2point point2);
G2point G2PointMult(big8w num, G2point point);
void Q12Zero(q12 *num);
q12 Q12MultMod(q12 a, q12 b);
q12 Q12PowerMod(q12 g, big8w r);
void Q12Frobenius(q12 *f, uint8_t flag);
void G2pointFrobenius(G2point Q, G2point* Q1, uint8_t flag);
void Line(G1point P, G2point *T, G2point Q, bool doubleflag, q12 *f);
void LastPower(q12 *f);
#endif

94
framework/security/crypto/include/sm3.h

@ -0,0 +1,94 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef SM3_H
#define SM3_H
#include <string.h>
#include <stdio.h>
#include <time.h>
#define SM3_DIGEST_LENGTH 32
#define SM3_BLOCK_SIZE 64
#define SM3_CBLOCK (SM3_BLOCK_SIZE)
#define SM3_HMAC_SIZE (SM3_DIGEST_LENGTH)
# define ROL32(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
# define GETU32(p) ((uint32_t)(p)[0]<<24|(uint32_t)(p)[1]<<16|(uint32_t)(p)[2]<<8|(uint32_t)(p)[3])
# define PUTU32(p,v) ((p)[0]=(uint8_t)((v)>>24),(p)[1]=(uint8_t)((v)>>16),(p)[2]=(uint8_t)((v)>>8),(p)[3]=(uint8_t)(v))
#define FAR
typedef struct {
uint32_t digest[8];
uint64_t nblocks;
unsigned char block[64];
int num;
} sm3_ctx_t;
typedef struct {
sm3_ctx_t sm3_ctx;
unsigned char key[SM3_BLOCK_SIZE];
} sm3_hmac_ctx_t;
void sm3_init(sm3_ctx_t *ctx);
void sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len);
void sm3_final(sm3_ctx_t *ctx, unsigned char digest[SM3_DIGEST_LENGTH]);
void sm3_compress(uint32_t digest[8], const unsigned char block[SM3_BLOCK_SIZE]);
void sm3(const unsigned char *data, size_t datalen, unsigned char digest[SM3_DIGEST_LENGTH]);
int sm3_file(char *path, unsigned char output[32]);
void sm3_compute_id_digest(unsigned char z[32], const char *id, const unsigned char x[32], const unsigned char y[32]);
void sm3_hmac_init(sm3_hmac_ctx_t *ctx, const unsigned char *key, size_t key_len);
void sm3_hmac_update(sm3_hmac_ctx_t *ctx, const unsigned char *data, size_t data_len);
void sm3_hmac_final(sm3_hmac_ctx_t *ctx, unsigned char mac[SM3_HMAC_SIZE]);
void sm3_hmac(const unsigned char *data, size_t data_len, const unsigned char *key, size_t key_len, unsigned char mac[SM3_HMAC_SIZE]);
void sm3_test_case();
#endif

122
framework/security/crypto/include/sm4.h

@ -0,0 +1,122 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*************************************************
File name: sm4.h
Description: sm4 header file
Others: take GMSSL master/include/openssl/sms4.h
https://github.com/guanzhi/GmSSL/blob/master/include/openssl/sms4.h
History:
1. Date: 2021-04-25
Author: AIIT XUOS Lab
*************************************************/
#ifndef SM4_H
#define SM4_H
#include <stdio.h>
#include <string.h>
# define SMS4_KEY_LENGTH 16
# define SMS4_BLOCK_SIZE 16
# define SMS4_IV_LENGTH (SMS4_BLOCK_SIZE)
# define SMS4_NUM_ROUNDS 32
# define SM4_ERROR_UNKNOW -1
# define SM4_MALLOC_FAIL -2
# define SM4_BAD_KEY_LENGTH -3
# define SM4_BAD_PADDING_FORMAT -4
# define SM4_BAD_LENGTH -5
#define FAR
typedef signed char int8_t;
typedef unsigned char uint8_t;
typedef short int16_t;
typedef unsigned short uint16_t;
typedef int int32_t;
typedef unsigned int uint32_t;
typedef struct {
uint32_t rk[SMS4_NUM_ROUNDS];
} sms4_key_t;
typedef struct {
sms4_key_t k1;
sms4_key_t k2;
sms4_key_t k3;
} sms4_ede_key_t;
# define sms4_decrypt(in, out, key) sms4_encrypt(in,out,key)
void sms4_set_encrypt_key(sms4_key_t *key, const unsigned char user_key[16]);
void sms4_set_decrypt_key(sms4_key_t *key, const unsigned char user_key[16]);
void sms4_encrypt(const unsigned char in[16], unsigned char out[16], const sms4_key_t *key);
void sms4_ecb_encrypt(const unsigned char *in, unsigned char *out, const sms4_key_t *key, int enc);
void Sms4EcbEncryptBlocks(const uint8_t *in,int ilen, uint8_t *out, const sms4_key_t *key);
void Sms4EcbDecryptBlocks(const uint8_t *in,int ilen, uint8_t *out, const sms4_key_t *key);
int Sms4EcbDecryptNoPadding(const uint8_t *in,int ilen, uint8_t *out,int *olen , const sms4_key_t *key);
int Sms4EcbEncryptNoPadding(const uint8_t *in,int ilen, uint8_t *out,int *olen, const sms4_key_t *key);
int Sms4EcbEncryptZeroPadding(const uint8_t *in,int ilen, uint8_t *out,int *olen, const sms4_key_t *key);
int Sms4EcbDecryptZeroPadding(const uint8_t *in,int ilen, uint8_t *out,int *olen, const sms4_key_t *key);
int Sms4EcbEncryptPkcs7Padding(const uint8_t *in,int ilen, uint8_t *out,int *olen, const sms4_key_t *key);
int Sms4EcbDecryptPkcs7Padding(const uint8_t *in,int ilen, uint8_t *out,int *olen, const sms4_key_t *key);
void Sms4CbcEncryptBlocks(const unsigned char *in, int ilen, unsigned char *out,unsigned char *iv, const sms4_key_t *key);
void Sms4CbcDecryptBlocks(const unsigned char *in, int ilen, unsigned char *out,unsigned char *iv, const sms4_key_t *key);
int Sms4CbcDecryptNoPadding(const uint8_t *in,int ilen, uint8_t *out,int *olen, uint8_t *iv,const sms4_key_t *key);
int Sms4CbcEncryptNoPadding(const uint8_t *in, int ilen, uint8_t *out, int *olen, uint8_t *iv, const sms4_key_t *key);
int Sms4CbcEncryptZeroPadding(const uint8_t *in, int ilen, uint8_t *out, int *olen, uint8_t *iv, const sms4_key_t *key);
int Sms4CbcDecryptZeroPadding(const uint8_t *in,int ilen, uint8_t *out,int *olen, uint8_t *iv, const sms4_key_t *key);
int Sms4CbcEncryptPkcs7Padding(const uint8_t *in,int ilen, uint8_t *out,int *olen, uint8_t *iv, const sms4_key_t *key);
int Sms4CbcDecryptPkcs7Padding(const uint8_t *in,int ilen, uint8_t *out,int *olen, uint8_t *iv, const sms4_key_t *key);
// void sm4_test();
void sm4_test_case();
#endif

72
framework/security/crypto/include/sm9.h

@ -0,0 +1,72 @@
/*
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file sm9.h
* @brief API of SM9
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#ifndef SM9_H
#define SM9_H
#include <sm9_util.h>
#include <sm9_para.h>
typedef struct SM9Signature {
big8w h;
G1point S;
} Signature;
typedef struct SM9_Key_Package {
unsigned char* K;
G1point C;
} Key_Package;
void SM9Init();
Signature SM9Sign(unsigned char *message, uint32_t msglen, G1point ds, G2point Ppub_s);
bool SM9VerifySignature(
unsigned char *ID, unsigned char ID_len, unsigned char hid,
unsigned char *message, uint32_t msglen,
Signature signature, G2point Ppub_s);
void SM9KeyExchangeProduceR(unsigned char* ID, unsigned char IDlen, big8w* r, G1point* R, G1point encrypt_publickey);
bool SM9KeyExchangeProduceKey(G1point* RA, G1point* RB, big8w* r, uint32_t klen_bitsize,
unsigned char* challengerID, unsigned char challengerIDlen,
unsigned char* responserID, unsigned char responserIDlen,
q12 *g1, q12* g2, q12* g3, char* resultkey, bool sponsor,
G1point encrypt_publickey, G2point encrypt_secretkey);
bool SM9KeyExchangeVerifyKey(q12 *g1, q12 *g2, q12 *g3, G1point *RA, G1point *RB,
unsigned char *challengerID, unsigned char challengerIDlen,
unsigned char *responserID, unsigned char responserIDlen,
unsigned char *S1, unsigned char *SA);
void SM9KeyPackage(unsigned char* ID, unsigned char IDlen, unsigned char hid, G1point Ppub_e, uint32_t klen_bitsize, unsigned char* K, G1point* C);
bool SM9KeyDepackage(G1point C, G2point de, unsigned char* ID, unsigned char IDlen, unsigned int klen_bitsize, unsigned char* K);
bool SM9EncryptWithKDF(unsigned char *message, unsigned int msglen_bitsize, unsigned int K2_len_bitsize,
unsigned char *ID, unsigned char IDlen, unsigned char hid, G1point Ppub_e, unsigned char *C);
bool SM9DecryptWithKDF(unsigned char *ID, unsigned char IDlen,
unsigned char *message, unsigned int msglen_bitsize, unsigned int K2_len_bitsize,
unsigned char *C, G2point encrypt_secretkey);
bool SM9EncryptWithSM4(unsigned char *message, unsigned int msglen_bytesize,
unsigned int K1_len_bitsize, unsigned int K2_len_bitsize,
unsigned char *ID, unsigned char IDlen, unsigned char hid, G1point Ppub_e,
unsigned char *C);
bool SM9DecryptWithSM4(unsigned char *ID, unsigned char IDlen,
unsigned char *message, unsigned int msglen, unsigned int K1_len_bitsize, unsigned int K2_len_bitsize,
unsigned char *C, unsigned int Cbyteslen, G2point encrypt_secretkey);
#endif

66
framework/security/crypto/include/sm9_para.h

@ -0,0 +1,66 @@
/*
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file sm9_para.h
* @brief initialize paramters of SM9
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#ifndef SM9_PARA_H
#define SM9_PARA_H
#include <join.h>
//extern char *device_id;
//extern char *platform_id;
extern G1point P1;
extern G2point P2;
//extern G2point sign_publickey, encrypt_secretkey;
//extern G1point sign_secretkey, encrypt_publickey;
extern const uint32_t sm9_q[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_N[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_P1_x[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_P1_y[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_P2_x_high[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_P2_x_low[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_P2_y_high[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_P2_y_low[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_1[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_2[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_3[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_4[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_5[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_6[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_7[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_8[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_9[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_10[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc1_11[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_2[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_3[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_4[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_5[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_6[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_7[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_8[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_9[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_10[BIGNUMBER_SIZE_8WORD];
extern const uint32_t fc2_11[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_qnr[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_q_2k[BIGNUMBER_SIZE_8WORD];
extern const uint32_t sm9_N_2k[BIGNUMBER_SIZE_8WORD];
#endif

31
framework/security/crypto/include/sm9_test.h

@ -0,0 +1,31 @@
/*
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file sm9_test.h
* @brief tests of SM9
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#ifndef SM9_TEST_H
#define SM9_TEST_H
#include <sm9.h>
void SignAndVerifyTest();
void SM9KeyExchangeTest();
void SM9PackDepackTest();
void SM9EncryptDecryptTest();
#endif

40
framework/security/crypto/include/sm9_util.h

@ -0,0 +1,40 @@
/*
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain a copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file sm9_util.h
* @brief the function called by SM9 function, including hash, KDF, produce random number, encrypt and decrypt algorithm, BiLinearPairing
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#ifndef SM9_UTIL_H
#define SM9_UTIL_H
#include <join.h>
#include <sm4.h>
#define SM3OUT_32BYTES 32 // (256 / 8)
void HashTwice(uint8_t *ID_A, uint8_t ID_A_len, uint8_t *ID_B, uint8_t ID_B_len,
G1point *RA, G1point *RB,
q12 *g1, q12 *g2, q12 *g3, uint8_t funcflag, uint8_t *ret);
big8w RandomNumGenerate();
bool StringEqualZero(uint8_t* string, uint32_t stringlen);
big8w H(uint8_t *Z, uint32_t Zlen, uint8_t funcflag);
void KDF(uint8_t *Z, uint32_t Zlen, uint32_t klen, uint8_t *ret);
void SM4EncryptWithEcbMode(uint8_t* message, uint32_t msglen, uint8_t* key, uint8_t* ciphertext);
void SM4DecryptWithEcbMode(uint8_t* ciphertext, uint32_t ciphertextlen, uint8_t* message, int msglen, uint8_t* key);
q12 BiLinearPairing(G1point P, G2point Q);
#endif

474
framework/security/crypto/sm3/sm3.c

@ -0,0 +1,474 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <sm3.h>
static void sm3_compress_blocks(uint32_t digest[8],
const unsigned char *data, size_t blocks);
void sm3_init(sm3_ctx_t *ctx)
{
memset(ctx, 0, sizeof(*ctx));
ctx->digest[0] = 0x7380166F;
ctx->digest[1] = 0x4914B2B9;
ctx->digest[2] = 0x172442D7;
ctx->digest[3] = 0xDA8A0600;
ctx->digest[4] = 0xA96F30BC;
ctx->digest[5] = 0x163138AA;
ctx->digest[6] = 0xE38DEE4D;
ctx->digest[7] = 0xB0FB0E4E;
}
void sm3_compute_id_digest(unsigned char z[32], const char *id,
const unsigned char x[32], const unsigned char y[32])
{
unsigned char zin[] = {
0x00, 0x80,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34,
0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7,
0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92,
0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93,
0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19,
0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94,
0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1,
0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7,
0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C,
0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53,
0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40,
0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x06, 0x90,
};
if (!id || strcmp(id, "1234567812345678")) {
unsigned int digest[8] = {
0xadadedb5U, 0x0446043fU, 0x08a87aceU, 0xe86d2243U,
0x8e232383U, 0xbfc81fe2U, 0xcf9117c8U, 0x4707011dU,
};
memcpy(&zin[128], x, 32);
memcpy(&zin[160], y, 32);
sm3_compress_blocks(digest, zin, 2);
PUTU32(z , digest[0]);
PUTU32(z + 4, digest[1]);
PUTU32(z + 8, digest[2]);
PUTU32(z + 12, digest[3]);
PUTU32(z + 16, digest[4]);
PUTU32(z + 20, digest[5]);
PUTU32(z + 24, digest[6]);
PUTU32(z + 28, digest[7]);
} else {
sm3_ctx_t ctx;
unsigned char idbits[2];
size_t len;
len = strlen(id);
idbits[0] = (unsigned char)(len >> 5);
idbits[1] = (unsigned char)(len << 3);
sm3_init(&ctx);
sm3_update(&ctx, idbits, 2);
sm3_update(&ctx, (unsigned char *)id, len);
sm3_update(&ctx, zin + 18, 128);
sm3_update(&ctx, x, 32);
sm3_update(&ctx, y, 32);
sm3_final(&ctx, z);
}
}
int sm3_sm2_init(sm3_ctx_t *ctx, const char *id,
const unsigned char *x, const unsigned char *y)
{
unsigned char z[32];
if ((id && strlen(id) > 65535/8) || !x || !y) {
return 0;
}
sm3_compute_id_digest(z, id, x, y);
sm3_init(ctx);
sm3_update(ctx, z, 32);
return 1;
}
void sm3_update(sm3_ctx_t *ctx, const unsigned char *data, size_t data_len)
{
size_t blocks;
if (ctx->num) {
unsigned int left = SM3_BLOCK_SIZE - ctx->num;
if (data_len < left) {
memcpy(ctx->block + ctx->num, data, data_len);
ctx->num += data_len;
return;
} else {
memcpy(ctx->block + ctx->num, data, left);
sm3_compress_blocks(ctx->digest, ctx->block, 1);
ctx->nblocks++;
data += left;
data_len -= left;
}
}
blocks = data_len / SM3_BLOCK_SIZE;
sm3_compress_blocks(ctx->digest, data, blocks);
ctx->nblocks += blocks;
data += SM3_BLOCK_SIZE * blocks;
data_len -= SM3_BLOCK_SIZE * blocks;
ctx->num = data_len;
if (data_len) {
memcpy(ctx->block, data, data_len);
}
}
void sm3_final(sm3_ctx_t *ctx, unsigned char *digest)
{
int i;
ctx->block[ctx->num] = 0x80;
if (ctx->num + 9 <= SM3_BLOCK_SIZE) {
memset(ctx->block + ctx->num + 1, 0, SM3_BLOCK_SIZE - ctx->num - 9);
} else {
memset(ctx->block + ctx->num + 1, 0, SM3_BLOCK_SIZE - ctx->num - 1);
sm3_compress(ctx->digest, ctx->block);
memset(ctx->block, 0, SM3_BLOCK_SIZE - 8);
}
PUTU32(ctx->block + 56, ctx->nblocks >> 23);
PUTU32(ctx->block + 60, (ctx->nblocks << 9) + (ctx->num << 3));
sm3_compress(ctx->digest, ctx->block);
for (i = 0; i < 8; i++) {
PUTU32(digest + i*4, ctx->digest[i]);
}
}
#define ROTL(x,n) (((x)<<(n)) | ((x)>>(32-(n))))
#define P0(x) ((x) ^ ROL32((x), 9) ^ ROL32((x),17))
#define P1(x) ((x) ^ ROL32((x),15) ^ ROL32((x),23))
#define FF00(x,y,z) ((x) ^ (y) ^ (z))
#define FF16(x,y,z) (((x)&(y)) | ((x)&(z)) | ((y)&(z)))
#define GG00(x,y,z) ((x) ^ (y) ^ (z))
#define GG16(x,y,z) ((((y)^(z)) & (x)) ^ (z))
#define R(A, B, C, D, E, F, G, H, xx) \
SS1 = ROL32((ROL32(A, 12) + E + K[j]), 7); \
SS2 = SS1 ^ ROL32(A, 12); \
TT1 = FF##xx(A, B, C) + D + SS2 + (W[j] ^ W[j + 4]); \
TT2 = GG##xx(E, F, G) + H + SS1 + W[j]; \
B = ROL32(B, 9); \
H = TT1; \
F = ROL32(F, 19); \
D = P0(TT2); \
j++
#define R8(A, B, C, D, E, F, G, H, xx) \
R(A, B, C, D, E, F, G, H, xx); \
R(H, A, B, C, D, E, F, G, xx); \
R(G, H, A, B, C, D, E, F, xx); \
R(F, G, H, A, B, C, D, E, xx); \
R(E, F, G, H, A, B, C, D, xx); \
R(D, E, F, G, H, A, B, C, xx); \
R(C, D, E, F, G, H, A, B, xx); \
R(B, C, D, E, F, G, H, A, xx)
#define T00 0x79cc4519U
#define T16 0x7a879d8aU
#define K0 0x79cc4519U
#define K1 0xf3988a32U
#define K2 0xe7311465U
#define K3 0xce6228cbU
#define K4 0x9cc45197U
#define K5 0x3988a32fU
#define K6 0x7311465eU
#define K7 0xe6228cbcU
#define K8 0xcc451979U
#define K9 0x988a32f3U
#define K10 0x311465e7U
#define K11 0x6228cbceU
#define K12 0xc451979cU
#define K13 0x88a32f39U
#define K14 0x11465e73U
#define K15 0x228cbce6U
#define K16 0x9d8a7a87U
#define K17 0x3b14f50fU
#define K18 0x7629ea1eU
#define K19 0xec53d43cU
#define K20 0xd8a7a879U
#define K21 0xb14f50f3U
#define K22 0x629ea1e7U
#define K23 0xc53d43ceU
#define K24 0x8a7a879dU
#define K25 0x14f50f3bU
#define K26 0x29ea1e76U
#define K27 0x53d43cecU
#define K28 0xa7a879d8U
#define K29 0x4f50f3b1U
#define K30 0x9ea1e762U
#define K31 0x3d43cec5U
#define K32 0x7a879d8aU
#define K33 0xf50f3b14U
#define K34 0xea1e7629U
#define K35 0xd43cec53U
#define K36 0xa879d8a7U
#define K37 0x50f3b14fU
#define K38 0xa1e7629eU
#define K39 0x43cec53dU
#define K40 0x879d8a7aU
#define K41 0x0f3b14f5U
#define K42 0x1e7629eaU
#define K43 0x3cec53d4U
#define K44 0x79d8a7a8U
#define K45 0xf3b14f50U
#define K46 0xe7629ea1U
#define K47 0xcec53d43U
#define K48 0x9d8a7a87U
#define K49 0x3b14f50fU
#define K50 0x7629ea1eU
#define K51 0xec53d43cU
#define K52 0xd8a7a879U
#define K53 0xb14f50f3U
#define K54 0x629ea1e7U
#define K55 0xc53d43ceU
#define K56 0x8a7a879dU
#define K57 0x14f50f3bU
#define K58 0x29ea1e76U
#define K59 0x53d43cecU
#define K60 0xa7a879d8U
#define K61 0x4f50f3b1U
#define K62 0x9ea1e762U
#define K63 0x3d43cec5U
uint32_t K[64] = {
K0, K1, K2, K3, K4, K5, K6, K7,
K8, K9, K10, K11, K12, K13, K14, K15,
K16, K17, K18, K19, K20, K21, K22, K23,
K24, K25, K26, K27, K28, K29, K30, K31,
K32, K33, K34, K35, K36, K37, K38, K39,
K40, K41, K42, K43, K44, K45, K46, K47,
K48, K49, K50, K51, K52, K53, K54, K55,
K56, K57, K58, K59, K60, K61, K62, K63,
/*
0x79cc4519U, 0xf3988a32U, 0xe7311465U, 0xce6228cbU,
0x9cc45197U, 0x3988a32fU, 0x7311465eU, 0xe6228cbcU,
0xcc451979U, 0x988a32f3U, 0x311465e7U, 0x6228cbceU,
0xc451979cU, 0x88a32f39U, 0x11465e73U, 0x228cbce6U,
0x9d8a7a87U, 0x3b14f50fU, 0x7629ea1eU, 0xec53d43cU,
0xd8a7a879U, 0xb14f50f3U, 0x629ea1e7U, 0xc53d43ceU,
0x8a7a879dU, 0x14f50f3bU, 0x29ea1e76U, 0x53d43cecU,
0xa7a879d8U, 0x4f50f3b1U, 0x9ea1e762U, 0x3d43cec5U,
0x7a879d8aU, 0xf50f3b14U, 0xea1e7629U, 0xd43cec53U,
0xa879d8a7U, 0x50f3b14fU, 0xa1e7629eU, 0x43cec53dU,
0x879d8a7aU, 0x0f3b14f5U, 0x1e7629eaU, 0x3cec53d4U,
0x79d8a7a8U, 0xf3b14f50U, 0xe7629ea1U, 0xcec53d43U,
0x9d8a7a87U, 0x3b14f50fU, 0x7629ea1eU, 0xec53d43cU,
0xd8a7a879U, 0xb14f50f3U, 0x629ea1e7U, 0xc53d43ceU,
0x8a7a879dU, 0x14f50f3bU, 0x29ea1e76U, 0x53d43cecU,
0xa7a879d8U, 0x4f50f3b1U, 0x9ea1e762U, 0x3d43cec5U,
*/
};
static void sm3_compress_blocks(uint32_t digest[8],
const unsigned char *data, size_t blocks)
{
uint32_t A;
uint32_t B;
uint32_t C;
uint32_t D;
uint32_t E;
uint32_t F;
uint32_t G;
uint32_t H;
uint32_t W[68];
uint32_t SS1, SS2, TT1, TT2;
int j;
while (blocks--) {
A = digest[0];
B = digest[1];
C = digest[2];
D = digest[3];
E = digest[4];
F = digest[5];
G = digest[6];
H = digest[7];
for (j = 0; j < 16; j++)
W[j] = GETU32(data + j*4);
for (; j < 68; j++)
W[j] = P1(W[j - 16] ^ W[j - 9] ^ ROL32(W[j - 3], 15))
^ ROL32(W[j - 13], 7) ^ W[j - 6];
j = 0;
#define FULL_UNROLL
#ifdef FULL_UNROLL
R8(A, B, C, D, E, F, G, H, 00);
R8(A, B, C, D, E, F, G, H, 00);
R8(A, B, C, D, E, F, G, H, 16);
R8(A, B, C, D, E, F, G, H, 16);
R8(A, B, C, D, E, F, G, H, 16);
R8(A, B, C, D, E, F, G, H, 16);
R8(A, B, C, D, E, F, G, H, 16);
R8(A, B, C, D, E, F, G, H, 16);
#else
for (; j < 16; j++) {
SS1 = ROL32((ROL32(A, 12) + E + K(j)), 7);
SS2 = SS1 ^ ROL32(A, 12);
TT1 = FF00(A, B, C) + D + SS2 + (W[j] ^ W[j + 4]);
TT2 = GG00(E, F, G) + H + SS1 + W[j];
D = C;
C = ROL32(B, 9);
B = A;
A = TT1;
H = G;
G = ROL32(F, 19);
F = E;
E = P0(TT2);
}
for (; j < 64; j++) {
SS1 = ROL32((ROL32(A, 12) + E + K(j)), 7);
SS2 = SS1 ^ ROL32(A, 12);
TT1 = FF16(A, B, C) + D + SS2 + (W[j] ^ W[j + 4]);
TT2 = GG16(E, F, G) + H + SS1 + W[j];
D = C;
C = ROL32(B, 9);
B = A;
A = TT1;
H = G;
G = ROL32(F, 19);
F = E;
E = P0(TT2);
}
#endif
digest[0] ^= A;
digest[1] ^= B;
digest[2] ^= C;
digest[3] ^= D;
digest[4] ^= E;
digest[5] ^= F;
digest[6] ^= G;
digest[7] ^= H;
data += 64;
}
}
void sm3_compress(uint32_t digest[8], const unsigned char block[64])
{
return sm3_compress_blocks(digest, block, 1);
}
void sm3(const unsigned char *msg, size_t msglen,
unsigned char dgst[SM3_DIGEST_LENGTH])
{
sm3_ctx_t ctx;
sm3_init(&ctx);
sm3_update(&ctx, msg, msglen);
sm3_final(&ctx, dgst);
memset(&ctx, 0, sizeof(sm3_ctx_t));
}
int sm3_file(char *path, unsigned char output[32])
{
FILE *f;
size_t n;
sm3_ctx_t ctx;
unsigned char buf[1024];
if ((f = fopen(path, "rb")) == NULL)
return(1);
sm3_init(&ctx);
while ((n = fread(buf, 1, sizeof(buf), f)) > 0)
sm3_update(&ctx, buf, (int)n);
sm3_final(&ctx, output);
memset(&ctx, 0, sizeof(sm3_ctx_t));
if (ferror(f) != 0)
{
fclose(f);
return(2);
}
fclose(f);
return(0);
}

125
framework/security/crypto/sm3/sm3_hmac.c

@ -0,0 +1,125 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <sm3.h>
/**
* HMAC_k(m) = H((k ^ opad), H((k ^ ipad), m))
* pseudo-code:
* function hmac(key, message)
* opad = [0x5c * blocksize]
* ipad = [0x36 * blocksize]
* if (length(key) > blocksize) then
* key = hash(key)
* end if
* for i from 0 to length(key) - 1 step 1
* ipad[i] = ipad[i] XOR key[i]
* opad[i] = opad[i] XOR key[i]
* end for
* return hash(opad || hash(ipad || message))
* end function
*/
#define IPAD 0x36
#define OPAD 0x5C
void sm3_hmac_init(sm3_hmac_ctx_t *ctx, const unsigned char *key, size_t key_len)
{
int i;
if (key_len <= SM3_BLOCK_SIZE) {
memcpy(ctx->key, key, key_len);
memset(ctx->key + key_len, 0, SM3_BLOCK_SIZE - key_len);
} else {
sm3_init(&ctx->sm3_ctx);
sm3_update(&ctx->sm3_ctx, key, key_len);
sm3_final(&ctx->sm3_ctx, ctx->key);
memset(ctx->key + SM3_DIGEST_LENGTH, 0,
SM3_BLOCK_SIZE - SM3_DIGEST_LENGTH);
}
for (i = 0; i < SM3_BLOCK_SIZE; i++) {
ctx->key[i] ^= IPAD;
}
sm3_init(&ctx->sm3_ctx);
sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE);
}
void sm3_hmac_update(sm3_hmac_ctx_t *ctx,
const unsigned char *data, size_t data_len)
{
sm3_update(&ctx->sm3_ctx, data, data_len);
}
void sm3_hmac_final(sm3_hmac_ctx_t *ctx, unsigned char mac[SM3_HMAC_SIZE])
{
int i;
for (i = 0; i < SM3_BLOCK_SIZE; i++) {
ctx->key[i] ^= (IPAD ^ OPAD);
}
sm3_final(&ctx->sm3_ctx, mac);
sm3_init(&ctx->sm3_ctx);
sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE);
sm3_update(&ctx->sm3_ctx, mac, SM3_DIGEST_LENGTH);
sm3_final(&ctx->sm3_ctx, mac);
}
void sm3_hmac(const unsigned char *data, size_t data_len,
const unsigned char *key, size_t key_len,
unsigned char mac[SM3_HMAC_SIZE])
{
sm3_hmac_ctx_t ctx;
sm3_hmac_init(&ctx, key, key_len);
sm3_hmac_update(&ctx, data, data_len);
sm3_hmac_final(&ctx, mac);
memset(&ctx, 0, sizeof(ctx));
}

16539
framework/security/crypto/sm4/sm4_common.c

File diff suppressed because it is too large

265
framework/security/crypto/sm4/sm4_enc_mode.c

@ -0,0 +1,265 @@
/**
* Copyright (c) 2020 AIIT Ubiquitous Team
* XiUOS is licensed under Mulan PSL v2.
* You can use this software according to the terms and conditions of the Mulan PSL v2.
* You may obtain bn1 copy of Mulan PSL v2 at:
* http://license.coscl.org.cn/MulanPSL2
* THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
* EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
* MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
* See the Mulan PSL v2 for more details.
*/
/**
* @file sm4_enc_mode.c
* @brief sm4 encry and decrypt functions
* @version 1.0
* @author AIIT Ubiquitous Team
* @date 2021-04-24
*/
#include <sm4.h>
int ZeroPadding(const uint8_t *input, int ilen, uint8_t *output, int *olen) {
int padding_len = 0;
if (ilen % 16 == 0) {
padding_len = ilen + 16;
}
else {
padding_len = ilen + (16 - ilen % 16);
}
memset(output, 0x00, sizeof(char) * padding_len);
memcpy(output, input, ilen);
*olen = padding_len;
return *olen;
}
int ZeroUnPadding(uint8_t *input, int *ilen) {
if ( *ilen % 16 != 0) {
return SM4_BAD_PADDING_FORMAT;
}
while (*(input + *ilen - 1) == 0x00) {
(*ilen)--;
}
return *ilen;
}
int Pkcs7Padding(const uint8_t *input, int ilen, uint8_t *output , int *olen) {
int len_after_Padding;
uint8_t padding_value;
if (ilen == 0)
{
return SM4_BAD_LENGTH;
}
padding_value = 16 - ilen % 16;
len_after_Padding = ilen + padding_value;
memset(output, 0x00, sizeof(char) * len_after_Padding);
memcpy(output, input, ilen);
for (int i = ilen; i < len_after_Padding; i++) {
*(output + i) = padding_value;
}
*olen = len_after_Padding;
return *olen;
}
int Pkcs7UnPadding(uint8_t *input, int *ilen) {
if (*ilen % 16 != 0) {
return SM4_BAD_PADDING_FORMAT;
}
uint8_t value = *(input + *ilen - 1);
*ilen = *ilen - value;
*(input + *ilen) = 0x00;
return *ilen;
}
void Sms4EcbEncryptBlocks(const uint8_t *in, int ilen, uint8_t *out,
const sms4_key_t *key)
{
int blocks;
blocks = ilen / 16;
while (blocks--) {
sms4_encrypt(in, out, key);
in += 16;
out += 16;
}
}
void Sms4EcbDecryptBlocks(const uint8_t *in, int ilen, uint8_t *out, const sms4_key_t *key)
{
int blocks;
blocks = ilen / 16;
while (blocks--) {
sms4_decrypt(in, out, key);
in += 16;
out += 16;
}
}
int Sms4EcbDecryptNoPadding(const uint8_t *in, int ilen, uint8_t *out, int *olen , const sms4_key_t *key)
{
if ( ilen % 16 != 0){
return SM4_BAD_LENGTH;
}
Sms4EcbDecryptBlocks(in ,ilen, out , key );
*olen = ilen;
return *olen;
}
int Sms4EcbEncryptNoPadding(const uint8_t *in, int ilen, uint8_t *out, int *olen,
const sms4_key_t *key)
{
if ( ilen % 16 != 0){
return SM4_BAD_LENGTH;
}
memset(out, 0x00, sizeof(char) * ilen);
Sms4EcbEncryptBlocks(in ,ilen, out , key );
*olen = ilen;
return *olen;
}
int Sms4EcbEncryptZeroPadding(const uint8_t *in, int ilen, uint8_t *out, int *olen,
const sms4_key_t *key)
{
uint8_t *padding_value;
int plen;
int res ;
res = ZeroPadding(in, ilen, out, olen);
if (res < 0){
return res;
}
Sms4EcbEncryptBlocks(out, *olen, out, key);
return *olen;
}
int Sms4EcbDecryptZeroPadding(const uint8_t *in, int ilen, uint8_t *out, int *olen</