Add SM4 cipher (GB/T 32907-2016) support from SM4 enabled mbed TLS library

5 years ago · 6297aa6d92
6 changed files with 46 additions and 18 deletions
--- a/m4/mbedtls.m4
+++ b/m4/mbedtls.m4
@ -91,4 +91,20 @@ AC_DEFUN([ss_MBEDTLS],
    [AC_MSG_RESULT([ok])],
    [AC_MSG_WARN([We will continue without Camellia block cipher support, MBEDTLS_CAMELLIA_C required])]
  )
+
+  AC_MSG_CHECKING([whether mbedtls supports the SM4 block cipher or not])
+  AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[
+#include <mbedtls/config.h>
+      ]],
+      [[
+#ifndef MBEDTLS_SM4_C
+#error the SM4 block cipher not supported by your mbed TLS.
+#endif
+      ]]
+    )],
+    [AC_MSG_RESULT([ok])],
+    [AC_MSG_WARN([We will continue without SM4 block cipher support, MBEDTLS_SM4_C required])]
+  )
 ])
--- a/src/aead.c
+++ b/src/aead.c
@ -44,15 +44,16 @@
 #define AES128GCM               0
 #define AES192GCM               1
 #define AES256GCM               2
+#define SM4128GCM               3
 /*
 * methods above requires gcm context
 * methods below doesn't require it,
 * then we need to fake one
 */
-#define CHACHA20POLY1305IETF    3
+#define CHACHA20POLY1305IETF    4

 #ifdef FS_HAVE_XCHACHA20IETF
-#define XCHACHA20POLY1305IETF   4
+#define XCHACHA20POLY1305IETF   5
 #endif

 #define CHUNK_SIZE_LEN          2
@ -108,6 +109,7 @@ const char *supported_aead_ciphers[AEAD_CIPHER_NUM] = {
    "aes-128-gcm",
    "aes-192-gcm",
    "aes-256-gcm",
+    "sm4-128-gcm",
    "chacha20-ietf-poly1305",
 #ifdef FS_HAVE_XCHACHA20IETF
    "xchacha20-ietf-poly1305"
@ -121,6 +123,7 @@ static const char *supported_aead_ciphers_mbedtls[AEAD_CIPHER_NUM] = {
    "AES-128-GCM",
    "AES-192-GCM",
    "AES-256-GCM",
+    "SM4-128-GCM",
    CIPHER_UNSUPPORTED,
 #ifdef FS_HAVE_XCHACHA20IETF
    CIPHER_UNSUPPORTED
@ -128,14 +131,14 @@ static const char *supported_aead_ciphers_mbedtls[AEAD_CIPHER_NUM] = {
 };

 static const int supported_aead_ciphers_nonce_size[AEAD_CIPHER_NUM] = {
-    12, 12, 12, 12,
+    12, 12, 12, 12, 12,
 #ifdef FS_HAVE_XCHACHA20IETF
    24
 #endif
 };

 static const int supported_aead_ciphers_key_size[AEAD_CIPHER_NUM] = {
-    16, 24, 32, 32,
+    16, 24, 32, 16, 32,
 #ifdef FS_HAVE_XCHACHA20IETF
    32
 #endif
@ -177,7 +180,7 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
        // Otherwise, just use the mbedTLS one with crappy AES-NI.
    case AES192GCM:
    case AES128GCM:
-
+    case SM4128GCM:
        err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                          m, mlen, c, clen, c + mlen, tlen);
        *clen += tlen;
@ -226,6 +229,7 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
        // Otherwise, just use the mbedTLS one with crappy AES-NI.
    case AES192GCM:
    case AES128GCM:
+    case SM4128GCM:
        err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                          m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
        break;
--- a/src/aead.h
+++ b/src/aead.h
@ -28,9 +28,9 @@
 // currently, XCHACHA20POLY1305IETF is not released yet
 // XCHACHA20POLY1305 is removed in upstream
 #ifdef FS_HAVE_XCHACHA20IETF
-#define AEAD_CIPHER_NUM              5
+#define AEAD_CIPHER_NUM              6
 #else
-#define AEAD_CIPHER_NUM              4
+#define AEAD_CIPHER_NUM              5
 #endif

 int aead_encrypt_all(buffer_t *, cipher_t *, size_t);
--- a/src/stream.c
+++ b/src/stream.c
@ -86,14 +86,16 @@
 #define CAMELLIA_128_CFB    10
 #define CAMELLIA_192_CFB    11
 #define CAMELLIA_256_CFB    12
-#define CAST5_CFB           13
-#define DES_CFB             14
-#define IDEA_CFB            15
-#define RC2_CFB             16
-#define SEED_CFB            17
-#define SALSA20             18
-#define CHACHA20            19
-#define CHACHA20IETF        20
+#define SM4_128_CBC         13
+#define SM4_128_CTR         14
+#define CAST5_CFB           15
+#define DES_CFB             16
+#define IDEA_CFB            17
+#define RC2_CFB             18
+#define SEED_CFB            19
+#define SALSA20             20
+#define CHACHA20            21
+#define CHACHA20IETF        22

 const char *supported_stream_ciphers[STREAM_CIPHER_NUM] = {
    "table",
@ -109,6 +111,8 @@ const char *supported_stream_ciphers[STREAM_CIPHER_NUM] = {
    "camellia-128-cfb",
    "camellia-192-cfb",
    "camellia-256-cfb",
+    "sm4-128-cbc",
+    "sm4-128-ctr",
    "cast5-cfb",
    "des-cfb",
    "idea-cfb",
@ -133,6 +137,8 @@ static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
    "CAMELLIA-128-CFB128",
    "CAMELLIA-192-CFB128",
    "CAMELLIA-256-CFB128",
+    "SM4-128-CBC",
+    "SM4-128-CTR",
    CIPHER_UNSUPPORTED,
    CIPHER_UNSUPPORTED,
    CIPHER_UNSUPPORTED,
@ -144,11 +150,11 @@ static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
 };

 static const int supported_stream_ciphers_nonce_size[STREAM_CIPHER_NUM] = {
-    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8, 12
+    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8, 12
 };

 static const int supported_stream_ciphers_key_size[STREAM_CIPHER_NUM] = {
-    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 8, 16, 16, 16, 32, 32, 32
+    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 16, 16, 8, 16, 16, 16, 32, 32, 32
 };

 static int
--- a/src/stream.h
+++ b/src/stream.h
@ -37,7 +37,7 @@
 #endif

 #include <sodium.h>
-#define STREAM_CIPHER_NUM          21
+#define STREAM_CIPHER_NUM          23

 #include "crypto.h"

--- a/src/utils.c
+++ b/src/utils.c
@ -322,6 +322,8 @@ usage()
        "                                  camellia-128-cfb, camellia-192-cfb,\n");
    printf(
        "                                  camellia-256-cfb, bf-cfb,\n");
+    printf(
+        "                                  sm4-128-cbc, sm4-128-ctr, sm4-128-gcm,\n");
    printf(
        "                                  chacha20-ietf-poly1305,\n");
 #ifdef FS_HAVE_XCHACHA20IETF