-
Notifications
You must be signed in to change notification settings - Fork 22
/
sm4.go
143 lines (113 loc) · 3.29 KB
/
sm4.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package sm4
import (
"strconv"
"crypto/cipher"
"github.com/deatil/go-cryptobin/tool/alias"
)
// BlockSize the sm4 block size in bytes.
const BlockSize = 16
const KeySchedule = 32
// error for key size
type KeySizeError int
func (k KeySizeError) Error() string {
return "cryptobin/sm4: invalid key size " + strconv.Itoa(int(k))
}
type sm4Cipher struct {
rk [KeySchedule]uint32
}
// NewCipher creates and returns a new cipher.Block.
// key is 16 bytes, so 32 bytes is used half bytes.
// so the cipher use 16 bytes key.
// key bytes and src bytes is BigEndian type.
func NewCipher(key []byte) (cipher.Block, error) {
k := len(key)
switch k {
case 16:
break
default:
return nil, KeySizeError(len(key))
}
c := new(sm4Cipher)
c.expandKey(key)
return c, nil
}
func (this *sm4Cipher) BlockSize() int {
return BlockSize
}
func (this *sm4Cipher) Encrypt(dst, src []byte) {
if len(src) < BlockSize {
panic("cryptobin/sm4: input not full block")
}
if len(dst) < BlockSize {
panic("cryptobin/sm4: output not full block")
}
if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
panic("cryptobin/sm4: invalid buffer overlap")
}
this.encrypt(dst, src)
}
func (this *sm4Cipher) Decrypt(dst, src []byte) {
if len(src) < BlockSize {
panic("cryptobin/sm4: input not full block")
}
if len(dst) < BlockSize {
panic("cryptobin/sm4: output not full block")
}
if alias.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
panic("cryptobin/sm4: invalid buffer overlap")
}
this.decrypt(dst, src)
}
func (this *sm4Cipher) encrypt(dst, src []byte) {
pt := bytesToUint32s(src)
/*
* Uses byte-wise sbox in the first and last rounds to provide some
* protection from cache based side channels.
*/
for i := 0; i < 32; i += 4 {
if i == 0 || i == 28 {
this.rnds(pt, i, i+1, i+2, i+3, tSlow)
} else {
this.rnds(pt, i, i+1, i+2, i+3, t)
}
}
putu32(dst, pt[3])
putu32(dst[4:], pt[2])
putu32(dst[8:], pt[1])
putu32(dst[12:], pt[0])
}
func (this *sm4Cipher) decrypt(dst, src []byte) {
ct := bytesToUint32s(src)
for i := 32; i > 0; i -= 4 {
if i == 32 || i == 4 {
this.rnds(ct, i-1, i-2, i-3, i-4, tSlow)
} else {
this.rnds(ct, i-1, i-2, i-3, i-4, t)
}
}
putu32(dst, ct[3])
putu32(dst[4:], ct[2])
putu32(dst[8:], ct[1])
putu32(dst[12:], ct[0])
}
func (this *sm4Cipher) rnds(b []uint32, k0, k1, k2, k3 int, fn func(uint32) uint32) {
b[0] ^= fn(b[1] ^ b[2] ^ b[3] ^ this.rk[k0])
b[1] ^= fn(b[2] ^ b[3] ^ b[0] ^ this.rk[k1])
b[2] ^= fn(b[3] ^ b[0] ^ b[1] ^ this.rk[k2])
b[3] ^= fn(b[0] ^ b[1] ^ b[2] ^ this.rk[k3])
}
func (this *sm4Cipher) expandKey(key []byte) {
var k [4]uint32
var i int32
keys := bytesToUint32s(key)
for i = 0; i < 4; i++ {
k[i] = keys[i] ^ fk[i]
}
for i = 0; i < KeySchedule; i = i + 4 {
k[0] ^= keySub(k[1] ^ k[2] ^ k[3] ^ ck[i ])
k[1] ^= keySub(k[2] ^ k[3] ^ k[0] ^ ck[i + 1])
k[2] ^= keySub(k[3] ^ k[0] ^ k[1] ^ ck[i + 2])
k[3] ^= keySub(k[0] ^ k[1] ^ k[2] ^ ck[i + 3])
copy(this.rk[i:], k[:])
}
}