Add SM4 commands in gmssl CLI

CMakeLists.txt

@@ -93,7 +93,14 @@ set(tools
 	tools/gmssl.c
 	tools/version.c
 	tools/sm4.c
+	tools/sm4_ecb.c
+	tools/sm4_cbc.c
 	tools/sm4_ctr.c
+	tools/sm4_cfb.c
+	tools/sm4_ofb.c
+	tools/sm4_gcm.c
+	tools/sm4_cbc_sm3_hmac.c
+	tools/sm4_ctr_sm3_hmac.c
 	tools/sm3.c
 	tools/sm3hmac.c
 	tools/sm3xmss_keygen.c

include/gmssl/sm4.h

@@ -219,8 +219,9 @@ _gmssl_export int sm4_cfb_decrypt_finish(SM4_CFB_CTX *ctx, uint8_t *out, size_t
 #ifdef ENABLE_SM4_CCM
 #define SM4_CCM_MIN_IV_SIZE 7
 #define SM4_CCM_MAX_IV_SIZE 13
-#define SM4_CCM_MIN_MAC_SIZE 4
-#define SM4_CCM_MAX_MAC_SIZE 16
+#define SM4_CCM_MIN_TAG_SIZE 4
+#define SM4_CCM_MAX_TAG_SIZE 16
+#define SM4_CCM_DEFAULT_TAG_SIZE 16
 
 // make sure inlen < 2^((15 - ivlen) * 8)
 _gmssl_export int sm4_ccm_encrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen,

include/gmssl/sm4_cbc_sm3_hmac.h

@@ -32,14 +32,14 @@ typedef struct {
 #define SM4_CBC_SM3_HMAC_IV_SIZE  16
 
 _gmssl_export int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
-	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t key[48], const uint8_t iv[16],
 	const uint8_t *aad, size_t aadlen);
 _gmssl_export int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 _gmssl_export int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx,
 	uint8_t *out, size_t *outlen);
 _gmssl_export int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
-	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t key[48], const uint8_t iv[16],
 	const uint8_t *aad, size_t aadlen);
 _gmssl_export int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);

include/gmssl/sm4_ctr_sm3_hmac.h

@@ -32,14 +32,14 @@ typedef struct {
 #define SM4_CTR_SM3_HMAC_IV_SIZE  16
 
 _gmssl_export int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
-	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t key[48], const uint8_t iv[16],
 	const uint8_t *aad, size_t aadlen);
 _gmssl_export int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 _gmssl_export int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx,
 	uint8_t *out, size_t *outlen);
 _gmssl_export int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
-	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t key[48], const uint8_t iv[16],
 	const uint8_t *aad, size_t aadlen);
 _gmssl_export int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);

src/sm4_cbc_sm3_hmac.c

@@ -17,17 +17,13 @@
 
 
 int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
-	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t key[48], const uint8_t iv[16],
 	const uint8_t *aad, size_t aadlen)
 {
 	if (!ctx || !key || !iv || (!aad && aadlen)) {
 		error_print();
 		return -1;
 	}
-	if (keylen != 48 || ivlen != 16) {
-		error_print();
-		return -1;
-	}
 	memset(ctx, 0, sizeof(*ctx));
 	if (sm4_cbc_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
 		error_print();
@@ -71,17 +67,13 @@ int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, uint8_t *out, siz
 }
 
 int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
-	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t key[48], const uint8_t iv[16],
 	const uint8_t *aad, size_t aadlen)
 {
 	if (!ctx || !key || !iv || (!aad && aadlen)) {
 		error_print();
 		return -1;
 	}
-	if (keylen != 48 || ivlen != 16) {
-		error_print();
-		return -1;
-	}
 	memset(ctx, 0, sizeof(*ctx));
 	if (sm4_cbc_decrypt_init(&ctx->enc_ctx, key, iv) != 1) {
 		error_print();

src/sm4_ctr_sm3_hmac.c

@@ -17,17 +17,13 @@
 
 
 int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
-	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t key[48], const uint8_t iv[16],
 	const uint8_t *aad, size_t aadlen)
 {
 	if (!ctx || !key || !iv || (!aad && aadlen)) {
 		error_print();
 		return -1;
 	}
-	if (keylen != 48 || ivlen != 16) {
-		error_print();
-		return -1;
-	}
 	memset(ctx, 0, sizeof(*ctx));
 	if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
 		error_print();
@@ -71,17 +67,13 @@ int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, uint8_t *out, siz
 }
 
 int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
-	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t key[48], const uint8_t iv[16],
 	const uint8_t *aad, size_t aadlen)
 {
 	if (!ctx || !key || !iv || (!aad && aadlen)) {
 		error_print();
 		return -1;
 	}
-	if (keylen != 48 || ivlen != 16) {
-		error_print();
-		return -1;
-	}
 	memset(ctx, 0, sizeof(*ctx));
 	if (sm4_ctr_encrypt_init(&ctx->enc_ctx, key, iv) != 1) {
 		error_print();

tests/sm4_ccmtest.c

@@ -31,8 +31,8 @@ static int test_sm4_ccm(void)
 	size_t len[] = { 4, 16, 36, 64 };
 	uint8_t encrypted[sizeof(plaintext)];
 	uint8_t decrypted[sizeof(plaintext)];
-	uint8_t mac[SM4_CCM_MAX_MAC_SIZE];
-	size_t maclen[] = { SM4_CCM_MIN_MAC_SIZE, SM4_CCM_MAX_MAC_SIZE };
+	uint8_t mac[SM4_CCM_MAX_TAG_SIZE];
+	size_t maclen[] = { SM4_CCM_MIN_TAG_SIZE, SM4_CCM_MAX_TAG_SIZE };
 	size_t i;
 
 	rand_bytes(key, sizeof(key));

tests/sm4_sm3_hmactest.c

@@ -43,7 +43,7 @@ static int test_sm4_cbc_sm3_hmac(void)
 	rand_bytes(aad, sizeof(aad));
 	rand_bytes(plain, plainlen);
 
-	if (sm4_cbc_sm3_hmac_encrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
+	if (sm4_cbc_sm3_hmac_encrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
 		error_print();
 		return -1;
 	}
@@ -100,7 +100,7 @@ static int test_sm4_cbc_sm3_hmac(void)
 	in = cipher;
 	out = buf;
 
-	if (sm4_cbc_sm3_hmac_decrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
+	if (sm4_cbc_sm3_hmac_decrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
 		error_print();
 		return -1;
 	}
@@ -162,7 +162,7 @@ static int test_sm4_ctr_sm3_hmac(void)
 	rand_bytes(aad, sizeof(aad));
 	rand_bytes(plain, plainlen);
 
-	if (sm4_ctr_sm3_hmac_encrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
+	if (sm4_ctr_sm3_hmac_encrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
 		error_print();
 		return -1;
 	}
@@ -221,7 +221,7 @@ static int test_sm4_ctr_sm3_hmac(void)
 	in = cipher;
 	out = buf;
 
-	if (sm4_ctr_sm3_hmac_decrypt_init(&aead_ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) {
+	if (sm4_ctr_sm3_hmac_decrypt_init(&aead_ctx, key, iv, aad, sizeof(aad)) != 1) {
 		error_print();
 		return -1;
 	}

tools/gmssl.c

@@ -36,7 +36,14 @@ extern int sm3_main(int argc, char **argv);
 extern int sm3hmac_main(int argc, char **argv);
 extern int sm3xmss_keygen_main(int argc, char **argv);
 extern int sm4_main(int argc, char **argv);
+extern int sm4_ecb_main(int argc, char **argv);
+extern int sm4_cbc_main(int argc, char **argv);
 extern int sm4_ctr_main(int argc, char **argv);
+extern int sm4_cfb_main(int argc, char **argv);
+extern int sm4_ofb_main(int argc, char **argv);
+extern int sm4_gcm_main(int argc, char **argv);
+extern int sm4_cbc_sm3_hmac_main(int argc, char **argv);
+extern int sm4_ctr_sm3_hmac_main(int argc, char **argv);
 extern int zuc_main(int argc, char **argv);
 extern int sm9setup_main(int argc, char **argv);
 extern int sm9keygen_main(int argc, char **argv);
@@ -67,55 +74,62 @@ static const char *options =
 	"command -help\n"
 	"\n"
 	"Commands:\n"
-	"  help            Print this help message\n"
-	"  version         Print version\n"
-	"  rand            Generate random bytes\n"
-	"  sm2keygen       Generate SM2 keypair\n"
-	"  sm2sign         Generate SM2 signature\n"
-	"  sm2verify       Verify SM2 signature\n"
-	"  sm2encrypt      Encrypt with SM2 public key\n"
-	"  sm2decrypt      Decrypt with SM2 private key\n"
-	"  sm3             Generate SM3 hash\n"
-	"  sm3hmac         Generate SM3 HMAC tag\n"
-	"  sm3xmss_keygen  Generate SM3-XMSS keypair\n"
-	"  sm4             Encrypt or decrypt with SM4\n"
-	"  sm4_ctr         Encrypt or decrypt with SM4 CTR\n"
-	"  zuc             Encrypt or decrypt with ZUC\n"
-	"  sm9setup        Generate SM9 master secret\n"
-	"  sm9keygen       Generate SM9 private key\n"
-	"  sm9sign         Generate SM9 signature\n"
-	"  sm9verify       Verify SM9 signature\n"
-	"  sm9encrypt      SM9 public key encryption\n"
-	"  sm9decrypt      SM9 decryption\n"
-	"  pbkdf2          Generate key from password\n"
-	"  reqgen          Generate certificate signing request (CSR)\n"
-	"  reqsign         Generate certificate from CSR\n"
-	"  reqparse        Parse and print a CSR\n"
-	"  crlget          Download the CRL of given certificate\n"
-	"  crlgen          Sign a CRL with CA certificate and private key\n"
-	"  crlverify       Verify a CRL with issuer's certificate\n"
-	"  crlparse        Parse and print CRL\n"
-	"  certgen         Generate a self-signed certificate\n"
-	"  certparse       Parse and print certificates\n"
-	"  certverify      Verify certificate chain\n"
-	"  certrevoke      Revoke certificate and output RevokedCertificate record\n"
-	"  cmsparse        Parse CMS (cryptographic message syntax) file\n"
-	"  cmsencrypt      Generate CMS EnvelopedData\n"
-	"  cmsdecrypt      Decrypt CMS EnvelopedData\n"
-	"  cmssign         Generate CMS SignedData\n"
-	"  cmsverify       Verify CMS SignedData\n"
+	"  help              Print this help message\n"
+	"  version           Print version\n"
+	"  rand              Generate random bytes\n"
+	"  sm2keygen         Generate SM2 keypair\n"
+	"  sm2sign           Generate SM2 signature\n"
+	"  sm2verify         Verify SM2 signature\n"
+	"  sm2encrypt        Encrypt with SM2 public key\n"
+	"  sm2decrypt        Decrypt with SM2 private key\n"
+	"  sm3               Generate SM3 hash\n"
+	"  sm3hmac           Generate SM3 HMAC tag\n"
+	"  sm3xmss_keygen    Generate SM3-XMSS keypair\n"
+	"  sm4               Encrypt or decrypt with SM4\n"
+	"  sm4_ecb           Encrypt or decrypt with SM4 ECB\n"
+	"  sm4_cbc           Encrypt or decrypt with SM4 CBC\n"
+	"  sm4_ctr           Encrypt or decrypt with SM4 CTR\n"
+	"  sm4_cfb           Encrypt or decrypt with SM4 CFB\n"
+	"  sm4_ofb           Encrypt or decrypt with SM4 OFB\n"
+	"  sm4_gcm           Encrypt or decrypt with SM4 GCM\n"
+	"  sm4_cbc_sm3_hmac  Encrypt or decrypt with SM4 CBC with SM3-HMAC\n"
+	"  sm4_ctr_sm3_hmac  Encrypt or decrypt with SM4 CTR with SM3-HMAC\n"
+	"  zuc               Encrypt or decrypt with ZUC\n"
+	"  sm9setup          Generate SM9 master secret\n"
+	"  sm9keygen         Generate SM9 private key\n"
+	"  sm9sign           Generate SM9 signature\n"
+	"  sm9verify         Verify SM9 signature\n"
+	"  sm9encrypt        SM9 public key encryption\n"
+	"  sm9decrypt        SM9 decryption\n"
+	"  pbkdf2            Generate key from password\n"
+	"  reqgen            Generate certificate signing request (CSR)\n"
+	"  reqsign           Generate certificate from CSR\n"
+	"  reqparse          Parse and print a CSR\n"
+	"  crlget            Download the CRL of given certificate\n"
+	"  crlgen            Sign a CRL with CA certificate and private key\n"
+	"  crlverify         Verify a CRL with issuer's certificate\n"
+	"  crlparse          Parse and print CRL\n"
+	"  certgen           Generate a self-signed certificate\n"
+	"  certparse         Parse and print certificates\n"
+	"  certverify        Verify certificate chain\n"
+	"  certrevoke        Revoke certificate and output RevokedCertificate record\n"
+	"  cmsparse          Parse CMS (cryptographic message syntax) file\n"
+	"  cmsencrypt        Generate CMS EnvelopedData\n"
+	"  cmsdecrypt        Decrypt CMS EnvelopedData\n"
+	"  cmssign           Generate CMS SignedData\n"
+	"  cmsverify         Verify CMS SignedData\n"
 #ifdef ENABLE_SDF
-	"  sdfutil         SDF crypto device utility\n"
+	"  sdfutil           SDF crypto device utility\n"
 #endif
 #ifdef ENABLE_SKF
-	"  skfutil         SKF crypto device utility\n"
+	"  skfutil           SKF crypto device utility\n"
 #endif
-	"  tlcp_client     TLCP client\n"
-	"  tlcp_server     TLCP server\n"
-	"  tls12_client    TLS 1.2 client\n"
-	"  tls12_server    TLS 1.2 server\n"
-	"  tls13_client    TLS 1.3 client\n"
-	"  tls13_server    TLS 1.3 server\n"
+	"  tlcp_client       TLCP client\n"
+	"  tlcp_server       TLCP server\n"
+	"  tls12_client      TLS 1.2 client\n"
+	"  tls12_server      TLS 1.2 server\n"
+	"  tls13_client      TLS 1.3 client\n"
+	"  tls13_server      TLS 1.3 server\n"
 	"\n"
 	"run `gmssl <command> -help` to print help of the given command\n"
 	"\n";
@@ -184,8 +198,22 @@ int main(int argc, char **argv)
 			return sm3xmss_keygen_main(argc, argv);
 		} else if (!strcmp(*argv, "sm4")) {
 			return sm4_main(argc, argv);
+		} else if (!strcmp(*argv, "sm4_ecb")) {
+			return sm4_ecb_main(argc, argv);
+		} else if (!strcmp(*argv, "sm4_cbc")) {
+			return sm4_cbc_main(argc, argv);
 		} else if (!strcmp(*argv, "sm4_ctr")) {
 			return sm4_ctr_main(argc, argv);
+		} else if (!strcmp(*argv, "sm4_cfb")) {
+			return sm4_cfb_main(argc, argv);
+		} else if (!strcmp(*argv, "sm4_ofb")) {
+			return sm4_ofb_main(argc, argv);
+		} else if (!strcmp(*argv, "sm4_gcm")) {
+			return sm4_gcm_main(argc, argv);
+		} else if (!strcmp(*argv, "sm4_cbc_sm3_hmac")) {
+			return sm4_cbc_sm3_hmac_main(argc, argv);
+		} else if (!strcmp(*argv, "sm4_ctr_sm3_hmac")) {
+			return sm4_ctr_sm3_hmac_main(argc, argv);
 		} else if (!strcmp(*argv, "zuc")) {
 			return zuc_main(argc, argv);
 		} else if (!strcmp(*argv, "sm9setup")) {

tools/sm4.c

@@ -111,9 +111,9 @@ static int sm4_ccm_crypt(const uint8_t *key, size_t keylen, const uint8_t *iv, s
 			prog, SM4_CCM_MIN_IV_SIZE, SM4_CCM_MAX_IV_SIZE);
 		return -1;
 	}
-	if (taglen < SM4_CCM_MIN_MAC_SIZE || taglen > SM4_CCM_MAX_MAC_SIZE) {
+	if (taglen < SM4_CCM_MIN_TAG_SIZE || taglen > SM4_CCM_MAX_TAG_SIZE) {
 		fprintf(stderr, "%s: invalid SM4-CCM MAC tag length, should be in [%d, %d]\n",
-			prog, SM4_CCM_MIN_MAC_SIZE, SM4_CCM_MAX_MAC_SIZE);
+			prog, SM4_CCM_MIN_TAG_SIZE, SM4_CCM_MAX_TAG_SIZE);
 		return -1;
 	}
 	if (enc < 0) {
@@ -585,8 +585,8 @@ int sm4_main(int argc, char **argv)
 		case SM4_MODE_XTS: rv = sm4_xts_encrypt_init(&sm4_ctx.xts, key, iv, xts_data_unit_size); break;
 #endif
 		case SM4_MODE_GCM: rv = sm4_gcm_encrypt_init(&sm4_ctx.gcm, key, keylen, iv, ivlen, aad, aadlen, GHASH_SIZE); break;
-		case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_encrypt_init(&sm4_ctx.cbc_sm3_hmac, key, keylen, iv, ivlen, aad, aadlen); break;
-		case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_encrypt_init(&sm4_ctx.ctr_sm3_hmac, key, keylen, iv, ivlen, aad, aadlen); break;
+		case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_encrypt_init(&sm4_ctx.cbc_sm3_hmac, key, iv, aad, aadlen); break;
+		case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_encrypt_init(&sm4_ctx.ctr_sm3_hmac, key, iv, aad, aadlen); break;
 		}
 		if (rv != 1) {
 			error_print();
@@ -665,8 +665,8 @@ int sm4_main(int argc, char **argv)
 		case SM4_MODE_XTS: rv = sm4_xts_decrypt_init(&sm4_ctx.xts, key, iv, xts_data_unit_size); break;
 #endif
 		case SM4_MODE_GCM: rv = sm4_gcm_decrypt_init(&sm4_ctx.gcm, key, keylen, iv, ivlen, aad, aadlen, GHASH_SIZE); break;
-		case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_init(&sm4_ctx.cbc_sm3_hmac, key, keylen, iv, ivlen, aad, aadlen); break;
-		case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_decrypt_init(&sm4_ctx.ctr_sm3_hmac, key, keylen, iv, ivlen, aad, aadlen); break;
+		case SM4_MODE_CBC_SM3_HMAC: rv = sm4_cbc_sm3_hmac_decrypt_init(&sm4_ctx.cbc_sm3_hmac, key, iv, aad, aadlen); break;
+		case SM4_MODE_CTR_SM3_HMAC: rv = sm4_ctr_sm3_hmac_decrypt_init(&sm4_ctx.ctr_sm3_hmac, key, iv, aad, aadlen); break;
 		}
 		if (rv != 1) {
 			error_print();