Skip to content

Instantly share code, notes, and snippets.

@dixyes

dixyes/sms4.patch

Created January 9, 2020 10:34
Show Gist options
  • Save dixyes/113865b811973c72034a1a1a2a50abe6 to your computer and use it in GitHub Desktop.
Save dixyes/113865b811973c72034a1a1a2a50abe6 to your computer and use it in GitHub Desktop.
Download ZIP
SMS4 in mbedtls
Raw
sms4.patch
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 96efd937f..bd0027b7e 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -92,6 +92,7 @@ typedef enum {
MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
+ MBEDTLS_CIPHER_ID_SMS4,
} mbedtls_cipher_id_t;
/**
@@ -182,6 +183,8 @@ typedef enum {
MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
+ MBEDTLS_CIPHER_SMS4_ECB,
+ MBEDTLS_CIPHER_SMS4_CFB128,
} mbedtls_cipher_type_t;
/** Supported cipher modes. */
diff --git a/include/mbedtls/sms4.h b/include/mbedtls/sms4.h
new file mode 100644
index 000000000..8b24b7928
--- /dev/null
+++ b/include/mbedtls/sms4.h
@@ -0,0 +1,68 @@
+// from https://github.com/lijk8090/sms4/
+
+#ifndef MBEDTLS_SMS4_H
+#define MBEDTLS_SMS4_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define MBEDTLS_SMS4_ENCRYPT 1
+#define MBEDTLS_SMS4_DECRYPT 0
+
+#define MBEDTLS_SMS4_BLOCKSIZE 16
+#define MBEDTLS_SMS4_KEYSIZE 16
+#define MBEDTLS_SMS4_ROUNDS 32
+
+#define MBEDTLS_ERR_SMS4_BAD_INPUT_DATA 0x88000001
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct mbedtls_sms4_context{
+ uint32_t rk[MBEDTLS_SMS4_ROUNDS];
+} mbedtls_sms4_context;
+
+void mbedtls_sms4_init( mbedtls_sms4_context *ctx );
+void mbedtls_sms4_free( mbedtls_sms4_context *ctx );
+
+int mbedtls_sms4_setkey_enc( mbedtls_sms4_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits );
+//void sms4_set_encrypt_key(sms4_key_t *key, const unsigned char *user_key);
+
+int mbedtls_sms4_setkey_dec( mbedtls_sms4_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits );
+//void sms4_set_decrypt_key(sms4_key_t *key, const unsigned char *user_key);
+
+int mbedtls_sms4_crypt_ecb( mbedtls_sms4_context *ctx,
+ const unsigned char input[MBEDTLS_SMS4_BLOCKSIZE],
+ unsigned char output[MBEDTLS_SMS4_BLOCKSIZE] );
+//void sms4_ecb_encrypt(const unsigned char *in, unsigned char *out,
+// sms4_key_t *key, int encrypt);
+//void sms4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
+// sms4_key_t *key, unsigned char *ivec, int encrypt);
+//void sms4_encrypt(const unsigned char *in, unsigned char *out, sms4_key_t *key);
+//#define sms4_decrypt(in,out,key) sms4_encrypt(in,out,key)
+
+int mbedtls_sms4_crypt_cfb128( mbedtls_sms4_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[MBEDTLS_SMS4_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output );
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MBEDTLS_SMS4_H */
diff --git a/library/Makefile b/library/Makefile
index 6aeb95f92..ac654fddc 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -62,7 +62,7 @@ DLEXT = dylib
endif
endif
-OBJS_CRYPTO= aes.o aesni.o arc4.o \
+OBJS_CRYPTO=sms4.o aes.o aesni.o arc4.o \
aria.o asn1parse.o asn1write.o \
base64.o bignum.o blowfish.o \
camellia.o ccm.o chacha20.o \
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index a813426be..683eb46e4 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -54,6 +54,10 @@
#include "mbedtls/aria.h"
#endif
+// sms hack here
+// shoule be ifdef here
+#include "mbedtls/sms4.h"
+
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
#endif
@@ -1408,6 +1412,109 @@ static const mbedtls_cipher_info_t aria_256_ccm_info = {
#endif /* MBEDTLS_ARIA_C */
+// sms hack here
+// shoule be ifdef here
+static int sms4_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
+ const unsigned char *input, unsigned char *output )
+{
+ (void) operation;
+ return mbedtls_sms4_crypt_ecb( (mbedtls_sms4_context *) ctx, input,
+ output );
+}
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+static int sms4_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
+ size_t length, size_t *iv_off, unsigned char *iv,
+ const unsigned char *input, unsigned char *output )
+{
+ return mbedtls_sms4_crypt_cfb128( (mbedtls_sms4_context *) ctx, operation, length,
+ iv_off, iv, input, output );
+}
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+static int sms4_setkey_dec_wrap( void *ctx, const unsigned char *key,
+ unsigned int key_bitlen )
+{
+ return mbedtls_sms4_setkey_dec( (mbedtls_sms4_context *) ctx, key, key_bitlen );
+}
+
+static int sms4_setkey_enc_wrap( void *ctx, const unsigned char *key,
+ unsigned int key_bitlen )
+{
+ return mbedtls_sms4_setkey_enc( (mbedtls_sms4_context *) ctx, key, key_bitlen );
+}
+
+static void * sms4_ctx_alloc( void )
+{
+ mbedtls_sms4_context *ctx;
+ ctx = mbedtls_calloc( 1, sizeof( mbedtls_sms4_context ) );
+
+ if( ctx == NULL )
+ return( NULL );
+
+ mbedtls_sms4_init( ctx );
+
+ return( ctx );
+}
+
+static void sms4_ctx_free( void *ctx )
+{
+ mbedtls_sms4_free( (mbedtls_sms4_context *) ctx );
+ mbedtls_free( ctx );
+}
+
+static const mbedtls_cipher_base_t sms4_info = {
+ MBEDTLS_CIPHER_ID_SMS4,
+ sms4_crypt_ecb_wrap,
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ sms4_crypt_cfb128_wrap,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ NULL,
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
+ NULL,
+#endif
+ sms4_setkey_enc_wrap,
+ sms4_setkey_dec_wrap,
+ sms4_ctx_alloc,
+ sms4_ctx_free
+};
+
+static const mbedtls_cipher_info_t sms4_ecb_info = {
+ MBEDTLS_CIPHER_SMS4_ECB,
+ MBEDTLS_MODE_ECB,
+ 128,
+ "SMS4-ECB",
+ 16,
+ 0,
+ 16,
+ &sms4_info
+};
+
+#ifdef MBEDTLS_CIPHER_MODE_CFB
+static const mbedtls_cipher_info_t sms4_cfb128_info = {
+ MBEDTLS_CIPHER_SMS4_CFB128,
+ MBEDTLS_MODE_CFB,
+ 128,
+ "SMS4-CFB128",
+ 16,
+ 0,
+ 16,
+ &sms4_info
+};
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+// sms hack end
+
#if defined(MBEDTLS_DES_C)
static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
@@ -2370,6 +2477,14 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
#endif
#endif /* MBEDTLS_ARIA_C */
+// sms hack here
+// should there be ifdef
+ { MBEDTLS_CIPHER_SMS4_ECB, &sms4_ecb_info },
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ { MBEDTLS_CIPHER_SMS4_CFB128, &sms4_cfb128_info },
+#endif
+// sms hack end
+
#if defined(MBEDTLS_DES_C)
{ MBEDTLS_CIPHER_DES_ECB, &des_ecb_info },
{ MBEDTLS_CIPHER_DES_EDE_ECB, &des_ede_ecb_info },
diff --git a/library/sms4.c b/library/sms4.c
new file mode 100644
index 000000000..c01ee96f9
--- /dev/null
+++ b/library/sms4.c
@@ -0,0 +1,370 @@
+// from https://github.com/lijk8090/sms4/
+
+#include "mbedtls/sms4.h"
+
+#include "mbedtls/platform_util.h"
+
+/* Parameter validation macros */
+#define SMS4_VALIDATE_RET( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SMS4_BAD_INPUT_DATA )
+#define SMS4_VALIDATE( cond ) \
+ MBEDTLS_INTERNAL_VALIDATE( cond )
+
+
+#define FK0 0xa3b1bac6
+#define FK1 0x56aa3350
+#define FK2 0x677d9197
+#define FK3 0xb27022dc
+
+#define CK0 0x00070e15
+#define CK1 0x1c232a31
+#define CK2 0x383f464d
+#define CK3 0x545b6269
+#define CK4 0x70777e85
+#define CK5 0x8c939aa1
+#define CK6 0xa8afb6bd
+#define CK7 0xc4cbd2d9
+#define CK8 0xe0e7eef5
+#define CK9 0xfc030a11
+#define CK10 0x181f262d
+#define CK11 0x343b4249
+#define CK12 0x50575e65
+#define CK13 0x6c737a81
+#define CK14 0x888f969d
+#define CK15 0xa4abb2b9
+#define CK16 0xc0c7ced5
+#define CK17 0xdce3eaf1
+#define CK18 0xf8ff060d
+#define CK19 0x141b2229
+#define CK20 0x30373e45
+#define CK21 0x4c535a61
+#define CK22 0x686f767d
+#define CK23 0x848b9299
+#define CK24 0xa0a7aeb5
+#define CK25 0xbcc3cad1
+#define CK26 0xd8dfe6ed
+#define CK27 0xf4fb0209
+#define CK28 0x10171e25
+#define CK29 0x2c333a41
+#define CK30 0x484f565d
+#define CK31 0x646b7279
+
+static const uint8_t SBOX[256] = {
+ 0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7,
+ 0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05,
+ 0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3,
+ 0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99,
+ 0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a,
+ 0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62,
+ 0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95,
+ 0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6,
+ 0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba,
+ 0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8,
+ 0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b,
+ 0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35,
+ 0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2,
+ 0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87,
+ 0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52,
+ 0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e,
+ 0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5,
+ 0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1,
+ 0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55,
+ 0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3,
+ 0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60,
+ 0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f,
+ 0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f,
+ 0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51,
+ 0x8d, 0x1b, 0xaf, 0x92, 0xbb, 0xdd, 0xbc, 0x7f,
+ 0x11, 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, 0xd8,
+ 0x0a, 0xc1, 0x31, 0x88, 0xa5, 0xcd, 0x7b, 0xbd,
+ 0x2d, 0x74, 0xd0, 0x12, 0xb8, 0xe5, 0xb4, 0xb0,
+ 0x89, 0x69, 0x97, 0x4a, 0x0c, 0x96, 0x77, 0x7e,
+ 0x65, 0xb9, 0xf1, 0x09, 0xc5, 0x6e, 0xc6, 0x84,
+ 0x18, 0xf0, 0x7d, 0xec, 0x3a, 0xdc, 0x4d, 0x20,
+ 0x79, 0xee, 0x5f, 0x3e, 0xd7, 0xcb, 0x39, 0x48
+};
+
+
+#define GETU32(pc) ( \
+ ((uint32_t)(pc)[0] << 24) ^ \
+ ((uint32_t)(pc)[1] << 16) ^ \
+ ((uint32_t)(pc)[2] << 8) ^ \
+ ((uint32_t)(pc)[3]))
+
+#define PUTU32(st, ct) { \
+ (ct)[0] = (uint8_t)((st) >> 24); \
+ (ct)[1] = (uint8_t)((st) >> 16); \
+ (ct)[2] = (uint8_t)((st) >> 8); \
+ (ct)[3] = (uint8_t)(st); }
+
+
+// use xor?
+#define ROT(A,i) (((A) << i) ^ ((A) >> (32 - i)))
+
+#define S(A) ((SBOX[((A) >> 24) ] << 24) ^ \
+ (SBOX[((A) >> 16) & 0xff] << 16) ^ \
+ (SBOX[((A) >> 8) & 0xff] << 8) ^ \
+ (SBOX[((A)) & 0xff]))
+
+#define L(B) ((B) ^ ROT((B), 2) ^ ROT((B),10) ^ ROT((B),18) ^ ROT((B), 24))
+#define L_(B) ((B) ^ ROT((B),13) ^ ROT((B),23))
+
+#define ROUND(X0,X1,X2,X3,X4,RK) X4=(X1)^(X2)^(X3)^(RK); X4=S(X4); X4=(X0)^L(X4)
+#define ROUND_(X0,X1,X2,X3,X4,CK,RK) X4=(X1)^(X2)^(X3)^(CK); X4=S(X4); X4=(X0)^L_(X4); RK=X4
+
+// constructor and destructor
+void mbedtls_sms4_init( mbedtls_sms4_context *ctx ){
+ SMS4_VALIDATE(NULL != ctx);
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sms4_context ) );
+}
+
+void mbedtls_sms4_free( mbedtls_sms4_context *ctx ){
+ if( ctx == NULL )
+ return;
+
+ mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sms4_context ) );
+}
+
+// setkeys
+int mbedtls_sms4_setkey_enc( mbedtls_sms4_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits )
+{
+ uint32_t *rk;
+ uint32_t X0, X1, X2, X3, X4;
+
+ SMS4_VALIDATE_RET(NULL != ctx);
+ SMS4_VALIDATE_RET(NULL != key);
+ if(keybits != 128)
+ return( MBEDTLS_ERR_SMS4_BAD_INPUT_DATA );
+
+ rk = ctx->rk;
+
+ X0 = GETU32(key ) ^ FK0;
+ X1 = GETU32(key + 4) ^ FK1;
+ X2 = GETU32(key + 8) ^ FK2;
+ X3 = GETU32(key + 12) ^ FK3;
+
+ ROUND_(X0, X1, X2, X3, X4, CK0, rk[0]);
+ ROUND_(X1, X2, X3, X4, X0, CK1, rk[1]);
+ ROUND_(X2, X3, X4, X0, X1, CK2, rk[2]);
+ ROUND_(X3, X4, X0, X1, X2, CK3, rk[3]);
+ ROUND_(X4, X0, X1, X2, X3, CK4, rk[4]);
+ ROUND_(X0, X1, X2, X3, X4, CK5, rk[5]);
+ ROUND_(X1, X2, X3, X4, X0, CK6, rk[6]);
+ ROUND_(X2, X3, X4, X0, X1, CK7, rk[7]);
+ ROUND_(X3, X4, X0, X1, X2, CK8, rk[8]);
+ ROUND_(X4, X0, X1, X2, X3, CK9, rk[9]);
+ ROUND_(X0, X1, X2, X3, X4, CK10, rk[10]);
+ ROUND_(X1, X2, X3, X4, X0, CK11, rk[11]);
+ ROUND_(X2, X3, X4, X0, X1, CK12, rk[12]);
+ ROUND_(X3, X4, X0, X1, X2, CK13, rk[13]);
+ ROUND_(X4, X0, X1, X2, X3, CK14, rk[14]);
+ ROUND_(X0, X1, X2, X3, X4, CK15, rk[15]);
+ ROUND_(X1, X2, X3, X4, X0, CK16, rk[16]);
+ ROUND_(X2, X3, X4, X0, X1, CK17, rk[17]);
+ ROUND_(X3, X4, X0, X1, X2, CK18, rk[18]);
+ ROUND_(X4, X0, X1, X2, X3, CK19, rk[19]);
+ ROUND_(X0, X1, X2, X3, X4, CK20, rk[20]);
+ ROUND_(X1, X2, X3, X4, X0, CK21, rk[21]);
+ ROUND_(X2, X3, X4, X0, X1, CK22, rk[22]);
+ ROUND_(X3, X4, X0, X1, X2, CK23, rk[23]);
+ ROUND_(X4, X0, X1, X2, X3, CK24, rk[24]);
+ ROUND_(X0, X1, X2, X3, X4, CK25, rk[25]);
+ ROUND_(X1, X2, X3, X4, X0, CK26, rk[26]);
+ ROUND_(X2, X3, X4, X0, X1, CK27, rk[27]);
+ ROUND_(X3, X4, X0, X1, X2, CK28, rk[28]);
+ ROUND_(X4, X0, X1, X2, X3, CK29, rk[29]);
+ ROUND_(X0, X1, X2, X3, X4, CK30, rk[30]);
+ ROUND_(X1, X2, X3, X4, X0, CK31, rk[31]);
+
+ mbedtls_platform_zeroize( &X0, sizeof( X0 ) );
+ mbedtls_platform_zeroize( &X1, sizeof( X1 ) );
+ mbedtls_platform_zeroize( &X2, sizeof( X2 ) );
+ mbedtls_platform_zeroize( &X3, sizeof( X3 ) );
+ mbedtls_platform_zeroize( &X4, sizeof( X4 ) );
+
+ return 0;
+}
+
+int mbedtls_sms4_setkey_dec( mbedtls_sms4_context *ctx,
+ const unsigned char *key,
+ unsigned int keybits )
+{
+ uint32_t *rk;
+ uint32_t X0, X1, X2, X3, X4;
+
+ SMS4_VALIDATE_RET(NULL != ctx);
+ SMS4_VALIDATE_RET(NULL != key);
+ if(keybits != 128)
+ return( MBEDTLS_ERR_SMS4_BAD_INPUT_DATA );
+
+ rk = ctx->rk;
+
+ X0 = GETU32(key ) ^ FK0;
+ X1 = GETU32(key + 4) ^ FK1;
+ X2 = GETU32(key + 8) ^ FK2;
+ X3 = GETU32(key + 12) ^ FK3;
+
+ ROUND_(X0, X1, X2, X3, X4, CK0, rk[31]);
+ ROUND_(X1, X2, X3, X4, X0, CK1, rk[30]);
+ ROUND_(X2, X3, X4, X0, X1, CK2, rk[29]);
+ ROUND_(X3, X4, X0, X1, X2, CK3, rk[28]);
+ ROUND_(X4, X0, X1, X2, X3, CK4, rk[27]);
+ ROUND_(X0, X1, X2, X3, X4, CK5, rk[26]);
+ ROUND_(X1, X2, X3, X4, X0, CK6, rk[25]);
+ ROUND_(X2, X3, X4, X0, X1, CK7, rk[24]);
+ ROUND_(X3, X4, X0, X1, X2, CK8, rk[23]);
+ ROUND_(X4, X0, X1, X2, X3, CK9, rk[22]);
+ ROUND_(X0, X1, X2, X3, X4, CK10, rk[21]);
+ ROUND_(X1, X2, X3, X4, X0, CK11, rk[20]);
+ ROUND_(X2, X3, X4, X0, X1, CK12, rk[19]);
+ ROUND_(X3, X4, X0, X1, X2, CK13, rk[18]);
+ ROUND_(X4, X0, X1, X2, X3, CK14, rk[17]);
+ ROUND_(X0, X1, X2, X3, X4, CK15, rk[16]);
+ ROUND_(X1, X2, X3, X4, X0, CK16, rk[15]);
+ ROUND_(X2, X3, X4, X0, X1, CK17, rk[14]);
+ ROUND_(X3, X4, X0, X1, X2, CK18, rk[13]);
+ ROUND_(X4, X0, X1, X2, X3, CK19, rk[12]);
+ ROUND_(X0, X1, X2, X3, X4, CK20, rk[11]);
+ ROUND_(X1, X2, X3, X4, X0, CK21, rk[10]);
+ ROUND_(X2, X3, X4, X0, X1, CK22, rk[9]);
+ ROUND_(X3, X4, X0, X1, X2, CK23, rk[8]);
+ ROUND_(X4, X0, X1, X2, X3, CK24, rk[7]);
+ ROUND_(X0, X1, X2, X3, X4, CK25, rk[6]);
+ ROUND_(X1, X2, X3, X4, X0, CK26, rk[5]);
+ ROUND_(X2, X3, X4, X0, X1, CK27, rk[4]);
+ ROUND_(X3, X4, X0, X1, X2, CK28, rk[3]);
+ ROUND_(X4, X0, X1, X2, X3, CK29, rk[2]);
+ ROUND_(X0, X1, X2, X3, X4, CK30, rk[1]);
+ ROUND_(X1, X2, X3, X4, X0, CK31, rk[0]);
+
+ mbedtls_platform_zeroize( &X0, sizeof( X0 ) );
+ mbedtls_platform_zeroize( &X1, sizeof( X1 ) );
+ mbedtls_platform_zeroize( &X2, sizeof( X2 ) );
+ mbedtls_platform_zeroize( &X3, sizeof( X3 ) );
+ mbedtls_platform_zeroize( &X4, sizeof( X4 ) );
+
+ return 0;
+}
+
+int mbedtls_sms4_crypt_ecb( mbedtls_sms4_context *ctx,
+ const unsigned char in[MBEDTLS_SMS4_BLOCKSIZE],
+ unsigned char out[MBEDTLS_SMS4_BLOCKSIZE] )
+{
+ uint32_t *rk;
+ uint32_t X0, X1, X2, X3, X4;
+
+ SMS4_VALIDATE_RET(ctx && in && opt);
+
+ rk = ctx->rk;
+
+ X0 = GETU32(in );
+ X1 = GETU32(in + 4);
+ X2 = GETU32(in + 8);
+ X3 = GETU32(in + 12);
+
+ ROUND(X0, X1, X2, X3, X4, rk[0]);
+ ROUND(X1, X2, X3, X4, X0, rk[1]);
+ ROUND(X2, X3, X4, X0, X1, rk[2]);
+ ROUND(X3, X4, X0, X1, X2, rk[3]);
+ ROUND(X4, X0, X1, X2, X3, rk[4]);
+ ROUND(X0, X1, X2, X3, X4, rk[5]);
+ ROUND(X1, X2, X3, X4, X0, rk[6]);
+ ROUND(X2, X3, X4, X0, X1, rk[7]);
+ ROUND(X3, X4, X0, X1, X2, rk[8]);
+ ROUND(X4, X0, X1, X2, X3, rk[9]);
+ ROUND(X0, X1, X2, X3, X4, rk[10]);
+ ROUND(X1, X2, X3, X4, X0, rk[11]);
+ ROUND(X2, X3, X4, X0, X1, rk[12]);
+ ROUND(X3, X4, X0, X1, X2, rk[13]);
+ ROUND(X4, X0, X1, X2, X3, rk[14]);
+ ROUND(X0, X1, X2, X3, X4, rk[15]);
+ ROUND(X1, X2, X3, X4, X0, rk[16]);
+ ROUND(X2, X3, X4, X0, X1, rk[17]);
+ ROUND(X3, X4, X0, X1, X2, rk[18]);
+ ROUND(X4, X0, X1, X2, X3, rk[19]);
+ ROUND(X0, X1, X2, X3, X4, rk[20]);
+ ROUND(X1, X2, X3, X4, X0, rk[21]);
+ ROUND(X2, X3, X4, X0, X1, rk[22]);
+ ROUND(X3, X4, X0, X1, X2, rk[23]);
+ ROUND(X4, X0, X1, X2, X3, rk[24]);
+ ROUND(X0, X1, X2, X3, X4, rk[25]);
+ ROUND(X1, X2, X3, X4, X0, rk[26]);
+ ROUND(X2, X3, X4, X0, X1, rk[27]);
+ ROUND(X3, X4, X0, X1, X2, rk[28]);
+ ROUND(X4, X0, X1, X2, X3, rk[29]);
+ ROUND(X0, X1, X2, X3, X4, rk[30]);
+ ROUND(X1, X2, X3, X4, X0, rk[31]);
+
+ PUTU32(X0, out);
+ PUTU32(X4, out + 4);
+ PUTU32(X3, out + 8);
+ PUTU32(X2, out + 12);
+ mbedtls_platform_zeroize( &X0, sizeof( X0 ) );
+ mbedtls_platform_zeroize( &X1, sizeof( X1 ) );
+ mbedtls_platform_zeroize( &X2, sizeof( X2 ) );
+ mbedtls_platform_zeroize( &X3, sizeof( X3 ) );
+ mbedtls_platform_zeroize( &X4, sizeof( X4 ) );
+
+ return 0;
+}
+
+int mbedtls_sms4_crypt_cfb128( mbedtls_sms4_context *ctx,
+ int mode,
+ size_t length,
+ size_t *iv_off,
+ unsigned char iv[MBEDTLS_SMS4_BLOCKSIZE],
+ const unsigned char *input,
+ unsigned char *output ){
+
+ unsigned char c;
+ size_t n;
+
+ SMS4_VALIDATE_RET( ctx != NULL );
+ SMS4_VALIDATE_RET( mode == MBEDTLS_SMS4_ENCRYPT ||
+ mode == MBEDTLS_SMS4_DECRYPT );
+ SMS4_VALIDATE_RET( length == 0 || input != NULL );
+ SMS4_VALIDATE_RET( length == 0 || output != NULL );
+ SMS4_VALIDATE_RET( iv != NULL );
+ SMS4_VALIDATE_RET( iv_off != NULL );
+
+ n = *iv_off;
+
+ /* An overly large value of n can lead to an unlimited
+ * buffer overflow. Therefore, guard against this
+ * outside of parameter validation. */
+ if( n >= MBEDTLS_SMS4_BLOCKSIZE )
+ return( MBEDTLS_ERR_SMS4_BAD_INPUT_DATA );
+
+ if( mode == MBEDTLS_SMS4_DECRYPT )
+ {
+ while( length-- )
+ {
+ if( n == 0 )
+ mbedtls_sms4_crypt_ecb( ctx, iv, iv );
+
+ c = *input++;
+ *output++ = c ^ iv[n];
+ iv[n] = c;
+
+ n = ( n + 1 ) & 0x0F;
+ }
+ }
+ else
+ {
+ while( length-- )
+ {
+ if( n == 0 )
+ mbedtls_sms4_crypt_ecb( ctx, iv, iv );
+
+ iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
+
+ n = ( n + 1 ) & 0x0F;
+ }
+ }
+
+ *iv_off = n;
+
+ return( 0 );
+}
@dixyes
Copy link
Author

dixyes commented Jan 9, 2020

If any of this is illegal, tell me to delete it.
侵删

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment