New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SM4 XTS implementation to providers #19619
Conversation
Add the following OID: SM4-XTS: 1.2.156.10197.1.104.10
e3ffdb6
to
61a1633
Compare
Ping for second approval @hlandau @paulidale @mattcaswell |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One nit, otherwise looks OK.
0c04fa9
to
38537dc
Compare
|
||
Title = SM4 XTS test vectors, while the XTS mode is standardized in IEEE Std 1619-2007 | ||
|
||
Cipher = SM4-XTS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where does this test vector come from? IEEE?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems IEEE has no XTS test vector defined for SM4...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Ciphertext in this test vector is not from any standard.
We encrypted the test vector using GmSSL and got this Ciphertext.
From my understandings, without considering the compatibility with other SM4-XTS implementations (say, GmSSL for instance), OpenSSL doesn't need to support IEEE version of SM4 XTS at all, since the only standard specifying SM4-XTS is GB 17964. But before this GB 17964 has been published in May, some IEEE version fo SM4 XTS encrypted data are somehow already out there, so OpenSSL needs to have the ability to decrypt that bundle of data as well. This is root cause of why we need the parameter and set it to 'gb' by default, correct me if I understand wrong... |
Hi @t8m, I've changed the xts_standard parameter to an utf8 string value, please review it. |
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
24 hours has passed since 'approval: done' was set, but this PR has failing CI tests. Once the tests pass it will get moved to 'approval: ready to merge' automatically, alternatively please review and set the label manually. |
Merged to master branch. Thank you for your contribution. |
Add the following OID: SM4-XTS: 1.2.156.10197.1.104.10 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19619)
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19619)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19619)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19619)
Add the following OID: SM4-XTS: 1.2.156.10197.1.104.10 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#19619)
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#19619)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#19619)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#19619)
Add SM4 XTS implementation to providers
XTS mode has two implementations, one is standardized in IEEE Std. 1619-2007 and has been widely used (e.g., XTS AES), the other is proposed recently (GB/T 17964-2021 implemented in May 2022) and is currently only used in SM4.
The main difference between them is the multiplication by the primitive element α to calculate the tweak values. The IEEE Std 1619-2007 noted that the multiplication "is a left shift of each byte by one bit with carry propagating from one byte to the next one", which means that in each byte, the leftmost bit is the most significant bit. But in GB/T 17964-2021, the rightmost bit is the most significant bit, thus the multiplication becomes a right shift of each byte by one bit with carry propagating from one byte to the next one.
The default value is 0, XTS mode of the SM4 algorithm is specified by GB/T 17964-2021. Set the parameter to 1 to use the IEEE Std. 1619-2007 variant of XTS-SM4.
Checklist