Add SM4 encryption and decryption API

Add SM4 API, including ECB, CBC, CFB, OFC, CTR, GCM, and CCM mode. Delete useless C code. Fix readme.
Tongsuo-Project · Dec 5, 2023 · 81660f9 · 81660f9
1 parent 381c145
commit 81660f9
Show file tree

Hide file tree

Showing 11 changed files with 589 additions and 233 deletions.
diff --git a/README.md b/README.md
@@ -3,14 +3,28 @@ tongsuo bindings for Go
 
 # quick start
 
-```
-git clone https://github.com/Tongsuo-Project/Tongsuo.git  tongsuo
-```
+## Install Tongsuo
 
-```
-cd tongsuo &&  ./config --prefix=/opt/tongsuo -Wl,-rpath,/opt/tongsuo/lib  enable-ssl-trace enable-ec_elgamal enable-ntls && make -j && make install
-```
+tongsuo-go-sdk is based on Tongsuo, so we must install Tongsuo firstly.
+Build and install Tongsuo based on source code is as follows:
+
+```bash
+git clone https://github.com/Tongsuo-Project/Tongsuo.git
+cd Tongsuo
 
+git checkout 8.3-stable
+
+./config --prefix=/opt/tongsuo --libdir=/opt/tongsuo/lib -Wl,-rpath,/opt/tongsuo/lib enable-ssl-trace enable-ntls
+make -j
+make install
 ```
+
+## Test tongsuo-go-sdk
+
+```bash
+export CGO_CFLAGS='-O2 -g -I/opt/tongsuo/include'
+export CGO_LDFLAGS='-O2 -g -L/opt/tongsuo/lib -lssl -lcrypto'
+
+cd tongsuo-go-sdk
 go test -exec "env LD_LIBRARY_PATH=/opt/tongsuo/lib" ./...
 ```
diff --git a/ciphers.go b/ciphers.go
@@ -28,6 +28,16 @@ const (
 	GCM_TAG_MAXLEN = 16
 )
 
+const (
+	CIPHER_MODE_ECB = 1
+	CIPHER_MODE_CBC = 2
+	CIPHER_MODE_CFB = 3
+	CIPHER_MODE_OFB = 4
+	CIPHER_MODE_CTR = 5
+	CIPHER_MODE_GCM = 6
+	CIPHER_MODE_CCM = 7
+)
+
 type CipherCtx interface {
 	Cipher() *Cipher
 	BlockSize() int

diff --git a/crypto/sm3/sm3.go b/crypto/sm3/sm3.go
@@ -16,11 +16,11 @@ package sm3
 
 // #include "../../shim.h"
 // #cgo linux CFLAGS: -Wno-deprecated-declarations -I/opt/tongsuo/include
-// #cgo linux LDFLAGS: -L/opt/tongsuo/lib -lssl -lcrypto
+// #cgo linux LDFLAGS: -L/opt/tongsuo/lib -lcrypto
 // #cgo darwin CFLAGS: -I/opt/tongsuo/include -Wno-deprecated-declarations
-// #cgo darwin LDFLAGS: -L/opt/tongsuo/lib -lssl -lcrypto
+// #cgo darwin LDFLAGS: -L/opt/tongsuo/lib -lcrypto
 // #cgo windows CFLAGS: -DWIN32_LEAN_AND_MEAN
-// #cgo windows pkg-config: libssl libcrypto
+// #cgo windows pkg-config: libcrypto
 import "C"
 
 import (

diff --git a/examples/sm3/sm3 b/examples/sm3/sm3
diff --git a/examples/sm3.go → examples/sm3/sm3.go b/examples/sm3.go → examples/sm3/sm3.go
@@ -9,8 +9,9 @@ package main
 
 import (
 	"fmt"
+	"log"
+
 	"github.com/tongsuo-project/tongsuo-go-sdk/crypto/sm3"
-	"os"
 )
 
 func main() {
@@ -19,14 +20,14 @@ func main() {
 
 	h, err := sm3.New()
 	if err != nil {
-		os.Exit(1)
+		log.Fatal(err)
 	}
 
 	if _, err := h.Write([]byte("hello")); err != nil {
-		os.Exit(1)
+		log.Fatal(err)
 	}
 	if _, err := h.Write([]byte(" world")); err != nil {
-		os.Exit(1)
+		log.Fatal(err)
 	}
 
 	var res [sm3.SM3_DIGEST_LENGTH]byte

diff --git a/examples/sm4/sm4 b/examples/sm4/sm4
diff --git a/examples/sm4/sm4.go b/examples/sm4/sm4.go
@@ -0,0 +1,129 @@
+// Copyright 2023 The Tongsuo Project Authors. All Rights Reserved.
+//
+// Licensed under the Apache License 2.0 (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://github.com/Tongsuo-Project/tongsuo-go-sdk/blob/main/LICENSE
+
+package main
+
+import (
+	"bytes"
+	"encoding/hex"
+	"log"
+
+	ts "github.com/tongsuo-project/tongsuo-go-sdk"
+)
+
+func sm4CBCEncrypt() {
+	key, _ := hex.DecodeString("0123456789ABCDEFFEDCBA9876543210")
+	iv, _ := hex.DecodeString("0123456789ABCDEFFEDCBA9876543210")
+	plainText, _ := hex.DecodeString("0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210")
+	cipherText, _ := hex.DecodeString("2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B")
+
+	enc, err := ts.NewSM4Encrypter(ts.CIPHER_MODE_CBC, key, iv)
+	if err != nil {
+		log.Fatal("failed to create encrypter: ", err)
+	}
+
+	enc.SetPadding(false)
+
+	actualCipherText, err := enc.EncryptAll(plainText)
+	if err != nil {
+		log.Fatal("failed to encrypt: ", err)
+	}
+
+	if !bytes.Equal(cipherText, actualCipherText) {
+		log.Fatalf("exp:%x got:%x", cipherText, actualCipherText)
+	}
+}
+
+func sm4CBCDecrypt() {
+	key, _ := hex.DecodeString("0123456789ABCDEFFEDCBA9876543210")
+	iv, _ := hex.DecodeString("0123456789ABCDEFFEDCBA9876543210")
+	plainText, _ := hex.DecodeString("0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210")
+	cipherText, _ := hex.DecodeString("2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B")
+
+	enc, err := ts.NewSM4Decrypter(ts.CIPHER_MODE_CBC, key, iv)
+	if err != nil {
+		log.Fatal("failed to create decrypter: ", err)
+	}
+
+	enc.SetPadding(false)
+
+	actualPlainText, err := enc.DecryptAll(cipherText)
+	if err != nil {
+		log.Fatal("failed to decrypt: ", err)
+	}
+
+	if !bytes.Equal(plainText, actualPlainText) {
+		log.Fatalf("exp:%x got:%x", plainText, actualPlainText)
+	}
+}
+
+func sm4GCMEncrypt() {
+	key, _ := hex.DecodeString("0123456789ABCDEFFEDCBA9876543210")
+	iv, _ := hex.DecodeString("00001234567800000000ABCD")
+	aad, _ := hex.DecodeString("FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2")
+	tag, _ := hex.DecodeString("83DE3541E4C2B58177E065A9BF7B62EC")
+	plainText, _ := hex.DecodeString("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA")
+	cipherText, _ := hex.DecodeString("17F399F08C67D5EE19D0DC9969C4BB7D5FD46FD3756489069157B282BB200735D82710CA5C22F0CCFA7CBF93D496AC15A56834CBCF98C397B4024A2691233B8D")
+
+	enc, err := ts.NewSM4Encrypter(ts.CIPHER_MODE_GCM, key, iv)
+	if err != nil {
+		log.Fatal("failed to create encrypter: ", err)
+	}
+
+	enc.SetAAD(aad)
+
+	actualCipherText, err := enc.EncryptAll(plainText)
+	if err != nil {
+		log.Fatal("failed to encrypt: ", err)
+	}
+
+	if !bytes.Equal(cipherText, actualCipherText) {
+		log.Fatalf("exp:%x got:%x", cipherText, actualCipherText)
+	}
+
+	actualTag, err := enc.GetTag()
+	if err != nil {
+		log.Fatal("failed to get tag: ", err)
+	}
+
+	if !bytes.Equal(tag, actualTag) {
+		log.Fatalf("exp:%x got:%x", tag, actualTag)
+	}
+}
+
+func sm4GCMDecrypt() {
+	key, _ := hex.DecodeString("0123456789ABCDEFFEDCBA9876543210")
+	iv, _ := hex.DecodeString("00001234567800000000ABCD")
+	aad, _ := hex.DecodeString("FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2")
+	tag, _ := hex.DecodeString("83DE3541E4C2B58177E065A9BF7B62EC")
+	plainText, _ := hex.DecodeString("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA")
+	cipherText, _ := hex.DecodeString("17F399F08C67D5EE19D0DC9969C4BB7D5FD46FD3756489069157B282BB200735D82710CA5C22F0CCFA7CBF93D496AC15A56834CBCF98C397B4024A2691233B8D")
+
+	dec, err := ts.NewSM4Decrypter(ts.CIPHER_MODE_GCM, key, iv)
+	if err != nil {
+		log.Fatal("failed to create decrypter: ", err)
+	}
+
+	dec.SetTag(tag)
+	dec.SetAAD(aad)
+
+	actualPlainText, err := dec.DecryptAll(cipherText)
+	if err != nil {
+		log.Fatal("failed to decrypt: ", err)
+	}
+
+	if !bytes.Equal(plainText, actualPlainText) {
+		log.Fatalf("exp:%x got:%x", plainText, actualPlainText)
+	}
+}
+
+func main() {
+	sm4CBCEncrypt()
+	sm4CBCDecrypt()
+	sm4GCMEncrypt()
+	sm4GCMDecrypt()
+}
diff --git a/hostname.c b/hostname.c
@@ -347,27 +347,4 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 		}
 	return 0;
 	}
-
-#if OPENSSL_VERSION_NUMBER < 0x1000200fL
-
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags, char **peername)
-	{
-	return do_x509_check(x, chk, chklen, flags, GEN_DNS);
-	}
-
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags)
-	{
-	return do_x509_check(x, chk, chklen, flags, GEN_EMAIL);
-	}
-
-int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags)
-	{
-	return do_x509_check(x, chk, chklen, flags, GEN_IPADD);
-	}
-
-#endif /* OPENSSL_VERSION_NUMBER < 0x1000200fL */
-
 #endif