SM4算法 C语言 (从OpenSSL库中分离算法:七)

OpenSSL简介：

OpenSSL 是用于传输层安全性 (TLS) 和安全套接字层 (SSL) 协议的一个强大、商业级和功能齐全的工具包，它也是一个通用的密码学库。包含有RSA、SM4、DES、AES等诸多加密算法。

OpenSSL GitHub地址如下：

GitHub - openssl/openssl: TLS/SSL and crypto library

在日常的开发工作中，有时只想用OpenSSL库中的一种算法，此时调用整个OpenSSL库，往往是没必要的；再或者在嵌入式平台使用某一算法，那我们只移植这个算法，没有必要移植整个OpenSSL库。

SM4简介

SM4分组密码算法是我国自主设计的分组对称密码算法，用于实现数据的加密/解密运算，以保证数据和信息的机密性。要保证一个对称密码算法的安全性的基本条件是其具备足够的密钥长度，SM4算法与AES算法具有相同的密钥长度分组长度128比特，因此在安全性上高于3DES算法。

移植过程

一、下载代码

从OpenSSL的Github仓库下载代码，可以下载master分支，也可以下载最新的release版本。将下载的文件解压，得到代码。

重点关注红框目录：

crypto目录内是各种加密算法
include目录内是各加密算法对外接口的头文件

二、准备环境

新建Visual Studio C++ 控制台项目"sm4test"，编译选项是：x86\Debug

三、准备文件

复制OpenSSL源码中：/crypto/sm4文件夹到VS工程代码目录下
复制OpenSSL源码中：/include/crypto/sm4.h文件到VS工程代码目录中sm4文件夹内
复制完成后，VS工程代码目录sm4文件夹内文件如下：

删除目录内的如下本项目中无用文件：

build.info

四、修改代码

修改调用文件

在VS工程中含有main函数的主文件:sm4test.cpp中，增加包含sm4.h头文件

#include "sm4/sm4.h"

在main函数中添加如下代码

const char* Sm4Key = "12345678";
SM4_KEY key;
ossl_sm4_set_key((const unsigned char* )Sm4Key, & key);const char* indata = "0123456789ABCDEF";
unsigned char Encrydata[256] = { 0 };//该函数每次加密128bit分组，即16字节，需自行补齐、分组
ossl_sm4_encrypt((unsigned char*)indata, Encrydata, &key);unsigned char Decrydata[256] = { 0 };
SM4_KEY key2;
ossl_sm4_set_key((const unsigned char*)Sm4Key, &key2);
ossl_sm4_decrypt((unsigned char*)Encrydata, Decrydata, &key2);

修改后的sm4test.cpp代码如下：

#include <iostream>
#include "sm4/sm4.h"
int main()
{const char* Sm4Key = "12345678";SM4_KEY key;ossl_sm4_set_key((const unsigned char* )Sm4Key, & key);const char* indata = "0123456789ABCDEF";unsigned char Encrydata[256] = { 0 };//该函数每次加密128bit分组，即16字节，需自行补齐、分组ossl_sm4_encrypt((unsigned char*)indata, Encrydata, &key);unsigned char Decrydata[256] = { 0 };SM4_KEY key2;ossl_sm4_set_key((const unsigned char*)Sm4Key, &key2);ossl_sm4_decrypt((unsigned char*)Encrydata, Decrydata, &key2);
}

修改sm4.h

删除条件编译 OSSL_CRYPTO_SM4_H

删除头文件# include <openssl/opensslconf.h>

删除头文件# include <openssl/e_os2.h>

删除条件编译 OPENSSL_NO_SM4

添加头文件#include <stdint.h>

添加C++调用时的宏

修改或删除后的文件如下：

# pragma once
#  ifdef  __cplusplus
extern "C" {#  endif#include <stdint.h># define SM4_DIGEST_LENGTH 32
# define SM4_WORD unsigned int# define SM4_CBLOCK      64
# define SM4_LBLOCK      (SM4_CBLOCK/4)typedef struct SM4state_st {SM4_WORD A, B, C, D, E, F, G, H;SM4_WORD Nl, Nh;SM4_WORD data[SM4_LBLOCK];unsigned int num;
} SM4_CTX;int ossl_SM4_init(SM4_CTX* c);
int ossl_SM4_update(SM4_CTX* c, const void* data, size_t len);
int ossl_SM4_final(unsigned char* md, SM4_CTX* c);#  ifdef  __cplusplus
}
#  endif

修改sm4.c

删除头文件#include <openssl/e_os2.h>

修改头文件# include "crypto/sm4.h"改为#include "sm4.h"

添加宏定义 #define ossl_inline inline

修改或删除后的文件如下：

#include "sm4.h"#define ossl_inline inlinestatic const uint8_t SM4_S[256] = {0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2,0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3,0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4,0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62,0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA,0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA,0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2,0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35,0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B,0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52,0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2,0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1,0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30,0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60,0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45,0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51,0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41,0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD,0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A,0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84,0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E,0xD7, 0xCB, 0x39, 0x48
};/** SM4_SBOX_T[j] == L(SM4_SBOX[j]).*/
static const uint32_t SM4_SBOX_T[256] = {0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787,0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B,0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D,0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F,0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A,0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3,0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151,0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989,0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020,0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB,0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C,0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA,0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616,0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA,0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF,0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4,0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161,0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC,0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000,0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949,0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313,0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B,0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF,0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686,0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0,0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0,0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB,0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181,0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D,0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515,0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF,0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545,0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777,0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505,0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707,0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6,0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797,0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929,0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6,0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212,0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373,0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8,0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 };static ossl_inline uint32_t rotl(uint32_t a, uint8_t n)
{return (a << n) | (a >> (32 - n));
}static ossl_inline uint32_t load_u32_be(const uint8_t *b, uint32_t n)
{return ((uint32_t)b[4 * n] << 24) |((uint32_t)b[4 * n + 1] << 16) |((uint32_t)b[4 * n + 2] << 8) |((uint32_t)b[4 * n + 3]);
}static ossl_inline void store_u32_be(uint32_t v, uint8_t *b)
{b[0] = (uint8_t)(v >> 24);b[1] = (uint8_t)(v >> 16);b[2] = (uint8_t)(v >> 8);b[3] = (uint8_t)(v);
}static ossl_inline uint32_t SM4_T_slow(uint32_t X)
{uint32_t t = 0;t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;t |= SM4_S[(uint8_t)X];/** L linear transform*/return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24);
}static ossl_inline uint32_t SM4_T(uint32_t X)
{return SM4_SBOX_T[(uint8_t)(X >> 24)] ^rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^rotl(SM4_SBOX_T[(uint8_t)X], 8);
}int ossl_sm4_set_key(const uint8_t *key, SM4_KEY *ks)
{/** Family Key*/static const uint32_t FK[4] ={ 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc };/** Constant Key*/static const uint32_t CK[32] = {0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279};uint32_t K[4];int i;K[0] = load_u32_be(key, 0) ^ FK[0];K[1] = load_u32_be(key, 1) ^ FK[1];K[2] = load_u32_be(key, 2) ^ FK[2];K[3] = load_u32_be(key, 3) ^ FK[3];for (i = 0; i != SM4_KEY_SCHEDULE; ++i) {uint32_t X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i];uint32_t t = 0;t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;t |= SM4_S[(uint8_t)X];t = t ^ rotl(t, 13) ^ rotl(t, 23);K[i % 4] ^= t;ks->rk[i] = K[i % 4];}return 1;
}#define SM4_RNDS(k0, k1, k2, k3, F)          \do {                                   \B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \} while(0)void ossl_sm4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
{uint32_t B0 = load_u32_be(in, 0);uint32_t B1 = load_u32_be(in, 1);uint32_t B2 = load_u32_be(in, 2);uint32_t B3 = load_u32_be(in, 3);/** Uses byte-wise sbox in the first and last rounds to provide some* protection from cache based side channels.*/SM4_RNDS( 0,  1,  2,  3, SM4_T_slow);SM4_RNDS( 4,  5,  6,  7, SM4_T);SM4_RNDS( 8,  9, 10, 11, SM4_T);SM4_RNDS(12, 13, 14, 15, SM4_T);SM4_RNDS(16, 17, 18, 19, SM4_T);SM4_RNDS(20, 21, 22, 23, SM4_T);SM4_RNDS(24, 25, 26, 27, SM4_T);SM4_RNDS(28, 29, 30, 31, SM4_T_slow);store_u32_be(B3, out);store_u32_be(B2, out + 4);store_u32_be(B1, out + 8);store_u32_be(B0, out + 12);
}void ossl_sm4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
{uint32_t B0 = load_u32_be(in, 0);uint32_t B1 = load_u32_be(in, 1);uint32_t B2 = load_u32_be(in, 2);uint32_t B3 = load_u32_be(in, 3);SM4_RNDS(31, 30, 29, 28, SM4_T_slow);SM4_RNDS(27, 26, 25, 24, SM4_T);SM4_RNDS(23, 22, 21, 20, SM4_T);SM4_RNDS(19, 18, 17, 16, SM4_T);SM4_RNDS(15, 14, 13, 12, SM4_T);SM4_RNDS(11, 10,  9,  8, SM4_T);SM4_RNDS( 7,  6,  5,  4, SM4_T);SM4_RNDS( 3,  2,  1,  0, SM4_T_slow);store_u32_be(B3, out);store_u32_be(B2, out + 4);store_u32_be(B1, out + 8);store_u32_be(B0, out + 12);
}

五、编译运行

将sm4.h,sm4.c文件，配置添加到VS工程中。

编译运行，通过内存观察加解密情况

Encrydata: 内存是密文

Decrydata：内存是明文，值等于indata

上述算法，适用于对算字符串、缓冲区进行加解密，但要求数据分组大小为16字节的整数倍，当数据大小符合16字节整数倍时，能做到加密前后数据长度不变。

对于如何支持动态长度(非16字节整数倍)的情况，可在当前工程基础上进行扩展，使其支持任意长度的加解密，具体方案可参考后续博客。

欢迎大家关注、留言讨论、可分享源码