加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
Backport-providers-Add-SM4-XTS-implementation.patch 27.73 KB
一键复制 编辑 原始数据 按行查看 历史
xuyizhou 提交于 2023-03-16 09:45 . backport SM3/SM4 optimization
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763
From 57c854480481bd6b0900984d17db17426c44aa40 Mon Sep 17 00:00:00 2001
From: Xu Yizhou <xuyizhou1@huawei.com>
Date: Fri, 25 Nov 2022 13:52:49 +0800
Subject: [PATCH 08/13] providers: Add SM4 XTS implementation
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19619)
---
crypto/modes/build.info | 2 +-
crypto/modes/xts128gb.c | 199 +++++++++++++
include/crypto/modes.h | 6 +
include/openssl/core_names.h | 1 +
providers/defltprov.c | 1 +
providers/implementations/ciphers/build.info | 4 +-
.../implementations/ciphers/cipher_sm4_xts.c | 281 ++++++++++++++++++
.../implementations/ciphers/cipher_sm4_xts.h | 46 +++
.../ciphers/cipher_sm4_xts_hw.c | 89 ++++++
.../include/prov/implementations.h | 1 +
.../implementations/include/prov/names.h | 1 +
11 files changed, 629 insertions(+), 2 deletions(-)
create mode 100644 crypto/modes/xts128gb.c
create mode 100644 providers/implementations/ciphers/cipher_sm4_xts.c
create mode 100644 providers/implementations/ciphers/cipher_sm4_xts.h
create mode 100644 providers/implementations/ciphers/cipher_sm4_xts_hw.c
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
index f3558fa1a4..0ee297ced8 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -49,7 +49,7 @@ IF[{- !$disabled{asm} -}]
ENDIF
$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c \
- wrap128.c $MODESASM
+ wrap128.c xts128gb.c $MODESASM
SOURCE[../../libcrypto]=$COMMON \
cts128.c ocb128.c siv128.c
SOURCE[../../providers/libfips.a]=$COMMON
diff --git a/crypto/modes/xts128gb.c b/crypto/modes/xts128gb.c
new file mode 100644
index 0000000000..021c0597e4
--- /dev/null
+++ b/crypto/modes/xts128gb.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include "internal/endian.h"
+#include "crypto/modes.h"
+
+#ifndef STRICT_ALIGNMENT
+# ifdef __GNUC__
+typedef u64 u64_a1 __attribute((__aligned__(1)));
+# else
+typedef u64 u64_a1;
+# endif
+#endif
+
+int ossl_crypto_xts128gb_encrypt(const XTS128_CONTEXT *ctx,
+ const unsigned char iv[16],
+ const unsigned char *inp, unsigned char *out,
+ size_t len, int enc)
+{
+ DECLARE_IS_ENDIAN;
+ union {
+ u64 u[2];
+ u32 d[4];
+ u8 c[16];
+ } tweak, scratch;
+ unsigned int i;
+
+ if (len < 16)
+ return -1;
+
+ memcpy(tweak.c, iv, 16);
+
+ (*ctx->block2) (tweak.c, tweak.c, ctx->key2);
+
+ if (!enc && (len % 16))
+ len -= 16;
+
+ while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+ memcpy(scratch.c, inp, 16);
+ scratch.u[0] ^= tweak.u[0];
+ scratch.u[1] ^= tweak.u[1];
+#else
+ scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0];
+ scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1];
+#endif
+ (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+#if defined(STRICT_ALIGNMENT)
+ scratch.u[0] ^= tweak.u[0];
+ scratch.u[1] ^= tweak.u[1];
+ memcpy(out, scratch.c, 16);
+#else
+ ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0];
+ ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1];
+#endif
+ inp += 16;
+ out += 16;
+ len -= 16;
+
+ if (len == 0)
+ return 0;
+
+ if (IS_LITTLE_ENDIAN) {
+ u8 res;
+ u64 hi, lo;
+#ifdef BSWAP8
+ hi = BSWAP8(tweak.u[0]);
+ lo = BSWAP8(tweak.u[1]);
+#else
+ u8 *p = tweak.c;
+
+ hi = (u64)GETU32(p) << 32 | GETU32(p + 4);
+ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+#endif
+ res = (u8)lo & 1;
+ tweak.u[0] = (lo >> 1) | (hi << 63);
+ tweak.u[1] = hi >> 1;
+ if (res)
+ tweak.c[15] ^= 0xe1;
+#ifdef BSWAP8
+ hi = BSWAP8(tweak.u[0]);
+ lo = BSWAP8(tweak.u[1]);
+#else
+ p = tweak.c;
+
+ hi = (u64)GETU32(p) << 32 | GETU32(p + 4);
+ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+#endif
+ tweak.u[0] = lo;
+ tweak.u[1] = hi;
+ } else {
+ u8 carry, res;
+ carry = 0;
+ for (i = 0; i < 16; ++i) {
+ res = (tweak.c[i] << 7) & 0x80;
+ tweak.c[i] = ((tweak.c[i] >> 1) + carry) & 0xff;
+ carry = res;
+ }
+ if (res)
+ tweak.c[0] ^= 0xe1;
+ }
+ }
+ if (enc) {
+ for (i = 0; i < len; ++i) {
+ u8 c = inp[i];
+ out[i] = scratch.c[i];
+ scratch.c[i] = c;
+ }
+ scratch.u[0] ^= tweak.u[0];
+ scratch.u[1] ^= tweak.u[1];
+ (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+ scratch.u[0] ^= tweak.u[0];
+ scratch.u[1] ^= tweak.u[1];
+ memcpy(out - 16, scratch.c, 16);
+ } else {
+ union {
+ u64 u[2];
+ u8 c[16];
+ } tweak1;
+
+ if (IS_LITTLE_ENDIAN) {
+ u8 res;
+ u64 hi, lo;
+#ifdef BSWAP8
+ hi = BSWAP8(tweak.u[0]);
+ lo = BSWAP8(tweak.u[1]);
+#else
+ u8 *p = tweak.c;
+
+ hi = (u64)GETU32(p) << 32 | GETU32(p + 4);
+ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+#endif
+ res = (u8)lo & 1;
+ tweak1.u[0] = (lo >> 1) | (hi << 63);
+ tweak1.u[1] = hi >> 1;
+ if (res)
+ tweak1.c[15] ^= 0xe1;
+#ifdef BSWAP8
+ hi = BSWAP8(tweak1.u[0]);
+ lo = BSWAP8(tweak1.u[1]);
+#else
+ p = tweak1.c;
+
+ hi = (u64)GETU32(p) << 32 | GETU32(p + 4);
+ lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+#endif
+ tweak1.u[0] = lo;
+ tweak1.u[1] = hi;
+ } else {
+ u8 carry, res;
+ carry = 0;
+ for (i = 0; i < 16; ++i) {
+ res = (tweak.c[i] << 7) & 0x80;
+ tweak1.c[i] = ((tweak.c[i] >> 1) + carry) & 0xff;
+ carry = res;
+ }
+ if (res)
+ tweak1.c[0] ^= 0xe1;
+ }
+#if defined(STRICT_ALIGNMENT)
+ memcpy(scratch.c, inp, 16);
+ scratch.u[0] ^= tweak1.u[0];
+ scratch.u[1] ^= tweak1.u[1];
+#else
+ scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0];
+ scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1];
+#endif
+ (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+ scratch.u[0] ^= tweak1.u[0];
+ scratch.u[1] ^= tweak1.u[1];
+
+ for (i = 0; i < len; ++i) {
+ u8 c = inp[16 + i];
+ out[16 + i] = scratch.c[i];
+ scratch.c[i] = c;
+ }
+ scratch.u[0] ^= tweak.u[0];
+ scratch.u[1] ^= tweak.u[1];
+ (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+#if defined(STRICT_ALIGNMENT)
+ scratch.u[0] ^= tweak.u[0];
+ scratch.u[1] ^= tweak.u[1];
+ memcpy(out, scratch.c, 16);
+#else
+ ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0];
+ ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1];
+#endif
+ }
+
+ return 0;
+}
diff --git a/include/crypto/modes.h b/include/crypto/modes.h
index 19f9d85959..475b77f925 100644
--- a/include/crypto/modes.h
+++ b/include/crypto/modes.h
@@ -148,6 +148,12 @@ struct xts128_context {
block128_f block1, block2;
};
+/* XTS mode for SM4 algorithm specified by GB/T 17964-2021 */
+int ossl_crypto_xts128gb_encrypt(const XTS128_CONTEXT *ctx,
+ const unsigned char iv[16],
+ const unsigned char *inp, unsigned char *out,
+ size_t len, int enc);
+
struct ccm128_context {
union {
u64 u[2];
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 6bed5a8a67..a90971099d 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -97,6 +97,7 @@ extern "C" {
#define OSSL_CIPHER_PARAM_CTS_MODE "cts_mode" /* utf8_string */
/* For passing the AlgorithmIdentifier parameter in DER form */
#define OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS "alg_id_param" /* octet_string */
+#define OSSL_CIPHER_PARAM_XTS_STANDARD "xts_standard" /* utf8_string */
#define OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT \
"tls1multi_maxsndfrag" /* uint */
diff --git a/providers/defltprov.c b/providers/defltprov.c
index cc0b0c3b62..ab898d3f44 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -296,6 +296,7 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
ALG(PROV_NAMES_SM4_CTR, ossl_sm4128ctr_functions),
ALG(PROV_NAMES_SM4_OFB, ossl_sm4128ofb128_functions),
ALG(PROV_NAMES_SM4_CFB, ossl_sm4128cfb128_functions),
+ ALG(PROV_NAMES_SM4_XTS, ossl_sm4128xts_functions),
#endif /* OPENSSL_NO_SM4 */
#ifndef OPENSSL_NO_CHACHA
ALG(PROV_NAMES_ChaCha20, ossl_chacha20_functions),
diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info
index b5d9d4f6c1..9f6eacf5e3 100644
--- a/providers/implementations/ciphers/build.info
+++ b/providers/implementations/ciphers/build.info
@@ -107,7 +107,9 @@ IF[{- !$disabled{sm4} -}]
SOURCE[$SM4_GOAL]=\
cipher_sm4.c cipher_sm4_hw.c \
cipher_sm4_gcm.c cipher_sm4_gcm_hw.c \
- cipher_sm4_ccm.c cipher_sm4_ccm_hw.c
+ cipher_sm4_ccm.c cipher_sm4_ccm_hw.c \
+ cipher_sm4_xts.c cipher_sm4_xts_hw.c
+
ENDIF
IF[{- !$disabled{ocb} -}]
diff --git a/providers/implementations/ciphers/cipher_sm4_xts.c b/providers/implementations/ciphers/cipher_sm4_xts.c
new file mode 100644
index 0000000000..3c568d4d18
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_sm4_xts.c
@@ -0,0 +1,281 @@
+
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for SM4 XTS mode */
+
+#include <openssl/proverr.h>
+#include "cipher_sm4_xts.h"
+#include "prov/implementations.h"
+#include "prov/providercommon.h"
+
+#define SM4_XTS_FLAGS PROV_CIPHER_FLAG_CUSTOM_IV
+#define SM4_XTS_IV_BITS 128
+#define SM4_XTS_BLOCK_BITS 8
+
+/* forward declarations */
+static OSSL_FUNC_cipher_encrypt_init_fn sm4_xts_einit;
+static OSSL_FUNC_cipher_decrypt_init_fn sm4_xts_dinit;
+static OSSL_FUNC_cipher_update_fn sm4_xts_stream_update;
+static OSSL_FUNC_cipher_final_fn sm4_xts_stream_final;
+static OSSL_FUNC_cipher_cipher_fn sm4_xts_cipher;
+static OSSL_FUNC_cipher_freectx_fn sm4_xts_freectx;
+static OSSL_FUNC_cipher_dupctx_fn sm4_xts_dupctx;
+static OSSL_FUNC_cipher_set_ctx_params_fn sm4_xts_set_ctx_params;
+static OSSL_FUNC_cipher_settable_ctx_params_fn sm4_xts_settable_ctx_params;
+
+/*-
+ * Provider dispatch functions
+ */
+static int sm4_xts_init(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen,
+ const OSSL_PARAM params[], int enc)
+{
+ PROV_SM4_XTS_CTX *xctx = (PROV_SM4_XTS_CTX *)vctx;
+ PROV_CIPHER_CTX *ctx = &xctx->base;
+
+ if (!ossl_prov_is_running())
+ return 0;
+
+ ctx->enc = enc;
+
+ if (iv != NULL) {
+ if (!ossl_cipher_generic_initiv(vctx, iv, ivlen))
+ return 0;
+ }
+ if (key != NULL) {
+ if (keylen != ctx->keylen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+ if (!ctx->hw->init(ctx, key, keylen))
+ return 0;
+ }
+ return sm4_xts_set_ctx_params(xctx, params);
+}
+
+static int sm4_xts_einit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen,
+ const OSSL_PARAM params[])
+{
+ return sm4_xts_init(vctx, key, keylen, iv, ivlen, params, 1);
+}
+
+static int sm4_xts_dinit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen,
+ const OSSL_PARAM params[])
+{
+ return sm4_xts_init(vctx, key, keylen, iv, ivlen, params, 0);
+}
+
+static void *sm4_xts_newctx(void *provctx, unsigned int mode, uint64_t flags,
+ size_t kbits, size_t blkbits, size_t ivbits)
+{
+ PROV_SM4_XTS_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+ if (ctx != NULL) {
+ ossl_cipher_generic_initkey(&ctx->base, kbits, blkbits, ivbits, mode,
+ flags, ossl_prov_cipher_hw_sm4_xts(kbits),
+ NULL);
+ }
+ return ctx;
+}
+
+static void sm4_xts_freectx(void *vctx)
+{
+ PROV_SM4_XTS_CTX *ctx = (PROV_SM4_XTS_CTX *)vctx;
+
+ ossl_cipher_generic_reset_ctx((PROV_CIPHER_CTX *)vctx);
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static void *sm4_xts_dupctx(void *vctx)
+{
+ PROV_SM4_XTS_CTX *in = (PROV_SM4_XTS_CTX *)vctx;
+ PROV_SM4_XTS_CTX *ret = NULL;
+
+ if (!ossl_prov_is_running())
+ return NULL;
+
+ if (in->xts.key1 != NULL) {
+ if (in->xts.key1 != &in->ks1)
+ return NULL;
+ }
+ if (in->xts.key2 != NULL) {
+ if (in->xts.key2 != &in->ks2)
+ return NULL;
+ }
+ ret = OPENSSL_malloc(sizeof(*ret));
+ if (ret == NULL)
+ return NULL;
+ in->base.hw->copyctx(&ret->base, &in->base);
+ return ret;
+}
+
+static int sm4_xts_cipher(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in, size_t inl)
+{
+ PROV_SM4_XTS_CTX *ctx = (PROV_SM4_XTS_CTX *)vctx;
+
+ if (!ossl_prov_is_running()
+ || ctx->xts.key1 == NULL
+ || ctx->xts.key2 == NULL
+ || !ctx->base.iv_set
+ || out == NULL
+ || in == NULL
+ || inl < SM4_BLOCK_SIZE)
+ return 0;
+
+ /*
+ * Impose a limit of 2^20 blocks per data unit as specified by
+ * IEEE Std 1619-2018. The earlier and obsolete IEEE Std 1619-2007
+ * indicated that this was a SHOULD NOT rather than a MUST NOT.
+ * NIST SP 800-38E mandates the same limit.
+ */
+ if (inl > XTS_MAX_BLOCKS_PER_DATA_UNIT * SM4_BLOCK_SIZE) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE);
+ return 0;
+ }
+ if (ctx->xts_standard) {
+ if (ctx->stream != NULL)
+ (*ctx->stream)(in, out, inl, ctx->xts.key1, ctx->xts.key2,
+ ctx->base.iv);
+ else if (CRYPTO_xts128_encrypt(&ctx->xts, ctx->base.iv, in, out, inl,
+ ctx->base.enc))
+ return 0;
+ } else {
+ if (ctx->stream_gb != NULL)
+ (*ctx->stream_gb)(in, out, inl, ctx->xts.key1, ctx->xts.key2,
+ ctx->base.iv);
+ else if (ossl_crypto_xts128gb_encrypt(&ctx->xts, ctx->base.iv, in, out,
+ inl, ctx->base.enc))
+ return 0;
+ }
+ *outl = inl;
+ return 1;
+}
+
+static int sm4_xts_stream_update(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize, const unsigned char *in,
+ size_t inl)
+{
+ PROV_SM4_XTS_CTX *ctx = (PROV_SM4_XTS_CTX *)vctx;
+
+ if (outsize < inl) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ if (!sm4_xts_cipher(ctx, out, outl, outsize, in, inl)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int sm4_xts_stream_final(void *vctx, unsigned char *out, size_t *outl,
+ size_t outsize)
+{
+ if (!ossl_prov_is_running())
+ return 0;
+ *outl = 0;
+ return 1;
+}
+
+static const OSSL_PARAM sm4_xts_known_settable_ctx_params[] = {
+ OSSL_PARAM_utf8_string(OSSL_CIPHER_PARAM_XTS_STANDARD, NULL, 0),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *sm4_xts_settable_ctx_params(ossl_unused void *cctx,
+ ossl_unused void *provctx)
+{
+ return sm4_xts_known_settable_ctx_params;
+}
+
+static int sm4_xts_set_ctx_params(void *vxctx, const OSSL_PARAM params[])
+{
+ PROV_SM4_XTS_CTX *xctx = (PROV_SM4_XTS_CTX *)vxctx;
+ const OSSL_PARAM *p;
+
+ if (params == NULL)
+ return 1;
+
+ /*-
+ * Sets the XTS standard to use with SM4-XTS algorithm.
+ *
+ * Must be utf8 string "GB" or "IEEE",
+ * "GB" means the GB/T 17964-2021 standard
+ * "IEEE" means the IEEE Std 1619-2007 standard
+ */
+ p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_XTS_STANDARD);
+
+ if (p != NULL) {
+ const char *xts_standard = NULL;
+
+ if (p->data_type != OSSL_PARAM_UTF8_STRING)
+ return 0;
+
+ if (!OSSL_PARAM_get_utf8_string_ptr(p, &xts_standard)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ if (OPENSSL_strcasecmp(xts_standard, "GB") == 0) {
+ xctx->xts_standard = 0;
+ } else if (OPENSSL_strcasecmp(xts_standard, "IEEE") == 0) {
+ xctx->xts_standard = 1;
+ } else {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+#define IMPLEMENT_cipher(lcmode, UCMODE, kbits, flags) \
+static OSSL_FUNC_cipher_get_params_fn sm4_##kbits##_##lcmode##_get_params; \
+static int sm4_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \
+{ \
+ return ossl_cipher_generic_get_params(params, EVP_CIPH_##UCMODE##_MODE, \
+ flags, 2 * kbits, SM4_XTS_BLOCK_BITS,\
+ SM4_XTS_IV_BITS); \
+} \
+static OSSL_FUNC_cipher_newctx_fn sm4_##kbits##_xts_newctx; \
+static void *sm4_##kbits##_xts_newctx(void *provctx) \
+{ \
+ return sm4_xts_newctx(provctx, EVP_CIPH_##UCMODE##_MODE, flags, 2 * kbits, \
+ SM4_XTS_BLOCK_BITS, SM4_XTS_IV_BITS); \
+} \
+const OSSL_DISPATCH ossl_sm4##kbits##xts_functions[] = { \
+ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))sm4_##kbits##_xts_newctx }, \
+ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))sm4_xts_einit }, \
+ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))sm4_xts_dinit }, \
+ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))sm4_xts_stream_update }, \
+ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))sm4_xts_stream_final }, \
+ { OSSL_FUNC_CIPHER_CIPHER, (void (*)(void))sm4_xts_cipher }, \
+ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))sm4_xts_freectx }, \
+ { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))sm4_xts_dupctx }, \
+ { OSSL_FUNC_CIPHER_GET_PARAMS, \
+ (void (*)(void))sm4_##kbits##_##lcmode##_get_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \
+ (void (*)(void))ossl_cipher_generic_gettable_params }, \
+ { OSSL_FUNC_CIPHER_GET_CTX_PARAMS, \
+ (void (*)(void))ossl_cipher_generic_get_ctx_params }, \
+ { OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS, \
+ (void (*)(void))ossl_cipher_generic_gettable_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SET_CTX_PARAMS, \
+ (void (*)(void))sm4_xts_set_ctx_params }, \
+ { OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))sm4_xts_settable_ctx_params }, \
+ { 0, NULL } \
+}
+/* ossl_sm4128xts_functions */
+IMPLEMENT_cipher(xts, XTS, 128, SM4_XTS_FLAGS);
diff --git a/providers/implementations/ciphers/cipher_sm4_xts.h b/providers/implementations/ciphers/cipher_sm4_xts.h
new file mode 100644
index 0000000000..4c369183e2
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_sm4_xts.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <crypto/sm4.h>
+#include "prov/ciphercommon.h"
+#include "crypto/sm4_platform.h"
+
+PROV_CIPHER_FUNC(void, xts_stream,
+ (const unsigned char *in, unsigned char *out, size_t len,
+ const SM4_KEY *key1, const SM4_KEY *key2,
+ const unsigned char iv[16]));
+
+typedef struct prov_sm4_xts_ctx_st {
+ /* Must be first */
+ PROV_CIPHER_CTX base;
+
+ /* SM4 key schedules to use */
+ union {
+ OSSL_UNION_ALIGN;
+ SM4_KEY ks;
+ } ks1, ks2;
+
+ /*-
+ * XTS standard to use with SM4-XTS algorithm
+ *
+ * Must be 0 or 1,
+ * 0 for XTS mode specified by GB/T 17964-2021
+ * 1 for XTS mode specified by IEEE Std 1619-2007
+ */
+ int xts_standard;
+
+ XTS128_CONTEXT xts;
+
+ /* Stream function for XTS mode specified by GB/T 17964-2021 */
+ OSSL_xts_stream_fn stream_gb;
+ /* Stream function for XTS mode specified by IEEE Std 1619-2007 */
+ OSSL_xts_stream_fn stream;
+} PROV_SM4_XTS_CTX;
+
+const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_xts(size_t keybits);
diff --git a/providers/implementations/ciphers/cipher_sm4_xts_hw.c b/providers/implementations/ciphers/cipher_sm4_xts_hw.c
new file mode 100644
index 0000000000..403eb879b1
--- /dev/null
+++ b/providers/implementations/ciphers/cipher_sm4_xts_hw.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_sm4_xts.h"
+
+#define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \
+ fn_block_enc, fn_block_dec, \
+ fn_stream_enc, fn_stream_dec, \
+ fn_stream_gb_enc, fn_stream_gb_dec) { \
+ size_t bytes = keylen / 2; \
+ \
+ if (ctx->enc) { \
+ fn_set_enc_key(key, &xctx->ks1.ks); \
+ xctx->xts.block1 = (block128_f)fn_block_enc; \
+ } else { \
+ fn_set_dec_key(key, &xctx->ks1.ks); \
+ xctx->xts.block1 = (block128_f)fn_block_dec; \
+ } \
+ fn_set_enc_key(key + bytes, &xctx->ks2.ks); \
+ xctx->xts.block2 = (block128_f)fn_block_enc; \
+ xctx->xts.key1 = &xctx->ks1; \
+ xctx->xts.key2 = &xctx->ks2; \
+ xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \
+ xctx->stream_gb = ctx->enc ? fn_stream_gb_enc : fn_stream_gb_dec; \
+}
+
+static int cipher_hw_sm4_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ size_t keylen)
+{
+ PROV_SM4_XTS_CTX *xctx = (PROV_SM4_XTS_CTX *)ctx;
+ OSSL_xts_stream_fn stream_enc = NULL;
+ OSSL_xts_stream_fn stream_dec = NULL;
+ OSSL_xts_stream_fn stream_gb_enc = NULL;
+ OSSL_xts_stream_fn stream_gb_dec = NULL;
+#ifdef HWSM4_CAPABLE
+ if (HWSM4_CAPABLE) {
+ XTS_SET_KEY_FN(HWSM4_set_encrypt_key, HWSM4_set_decrypt_key,
+ HWSM4_encrypt, HWSM4_decrypt, stream_enc, stream_dec,
+ stream_gb_enc, stream_gb_dec);
+ return 1;
+ } else
+#endif /* HWSM4_CAPABLE */
+#ifdef VPSM4_CAPABLE
+ if (VPSM4_CAPABLE) {
+ XTS_SET_KEY_FN(vpsm4_set_encrypt_key, vpsm4_set_decrypt_key,
+ vpsm4_encrypt, vpsm4_decrypt, stream_enc, stream_dec,
+ stream_gb_enc, stream_gb_dec);
+ return 1;
+ } else
+#endif /* VPSM4_CAPABLE */
+ {
+ (void)0;
+ }
+ {
+ XTS_SET_KEY_FN(ossl_sm4_set_key, ossl_sm4_set_key, ossl_sm4_encrypt,
+ ossl_sm4_decrypt, stream_enc, stream_dec, stream_gb_enc,
+ stream_gb_dec);
+ }
+ return 1;
+}
+
+static void cipher_hw_sm4_xts_copyctx(PROV_CIPHER_CTX *dst,
+ const PROV_CIPHER_CTX *src)
+{
+ PROV_SM4_XTS_CTX *sctx = (PROV_SM4_XTS_CTX *)src;
+ PROV_SM4_XTS_CTX *dctx = (PROV_SM4_XTS_CTX *)dst;
+
+ *dctx = *sctx;
+ dctx->xts.key1 = &dctx->ks1.ks;
+ dctx->xts.key2 = &dctx->ks2.ks;
+}
+
+
+static const PROV_CIPHER_HW sm4_generic_xts = {
+ cipher_hw_sm4_xts_generic_initkey,
+ NULL,
+ cipher_hw_sm4_xts_copyctx
+};
+const PROV_CIPHER_HW *ossl_prov_cipher_hw_sm4_xts(size_t keybits)
+{
+ return &sm4_generic_xts;
+}
diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h
index 498eab4ad4..cfa32ea3ca 100644
--- a/providers/implementations/include/prov/implementations.h
+++ b/providers/implementations/include/prov/implementations.h
@@ -181,6 +181,7 @@ extern const OSSL_DISPATCH ossl_sm4128cbc_functions[];
extern const OSSL_DISPATCH ossl_sm4128ctr_functions[];
extern const OSSL_DISPATCH ossl_sm4128ofb128_functions[];
extern const OSSL_DISPATCH ossl_sm4128cfb128_functions[];
+extern const OSSL_DISPATCH ossl_sm4128xts_functions[];
#endif /* OPENSSL_NO_SM4 */
#ifndef OPENSSL_NO_RC5
extern const OSSL_DISPATCH ossl_rc5128ecb_functions[];
diff --git a/providers/implementations/include/prov/names.h b/providers/implementations/include/prov/names.h
index 0fac23a850..5192f4f471 100644
--- a/providers/implementations/include/prov/names.h
+++ b/providers/implementations/include/prov/names.h
@@ -164,6 +164,7 @@
#define PROV_NAMES_SM4_CFB "SM4-CFB:SM4-CFB128:1.2.156.10197.1.104.4"
#define PROV_NAMES_SM4_GCM "SM4-GCM:1.2.156.10197.1.104.8"
#define PROV_NAMES_SM4_CCM "SM4-CCM:1.2.156.10197.1.104.9"
+#define PROV_NAMES_SM4_XTS "SM4-XTS:1.2.156.10197.1.104.10"
#define PROV_NAMES_ChaCha20 "ChaCha20"
#define PROV_NAMES_ChaCha20_Poly1305 "ChaCha20-Poly1305"
#define PROV_NAMES_CAST5_ECB "CAST5-ECB"
--
2.37.3.windows.1
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化