Add sm4 ciphers to default provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9935)

crypto/evp/evp_enc.c

@@ -247,6 +247,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
         case NID_seed_ecb:
         case NID_seed_cfb128:
         case NID_seed_ofb128:
+        case NID_sm4_cbc:
+        case NID_sm4_ecb:
+        case NID_sm4_ctr:
+        case NID_sm4_cfb128:
+        case NID_sm4_ofb128:
             break;
         default:
             goto legacy;

providers/common/include/internal/provider_algs.h

@@ -140,6 +140,13 @@ extern const OSSL_DISPATCH seed128cbc_functions[];
 extern const OSSL_DISPATCH seed128ofb128_functions[];
 extern const OSSL_DISPATCH seed128cfb128_functions[];
 #endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_SM4
+extern const OSSL_DISPATCH sm4128ecb_functions[];
+extern const OSSL_DISPATCH sm4128cbc_functions[];
+extern const OSSL_DISPATCH sm4128ctr_functions[];
+extern const OSSL_DISPATCH sm4128ofb128_functions[];
+extern const OSSL_DISPATCH sm4128cfb128_functions[];
+#endif /* OPENSSL_NO_SM4 */
 
 extern const OSSL_DISPATCH tdes_ede3_ecb_functions[];
 extern const OSSL_DISPATCH tdes_ede3_cbc_functions[];

providers/default/ciphers/build.info

@@ -39,4 +39,9 @@ IF[{- !$disabled{seed} -}]
       cipher_seed.c cipher_seed_hw.c
 ENDIF
 
+IF[{- !$disabled{sm4} -}]
+  SOURCE[../../../libcrypto]=\
+      cipher_sm4.c cipher_sm4_hw.c
+ENDIF
+
 INCLUDE[../../../libcrypto]=. ../../../crypto

providers/default/ciphers/cipher_sm4.c

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Dispatch functions for cast cipher modes ecb, cbc, ofb, cfb */
+
+#include "cipher_sm4.h"
+#include "internal/provider_algs.h"
+
+/* TODO (3.0) Figure out what flags to pass */
+#define SM4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1
+
+static OSSL_OP_cipher_freectx_fn sm4_freectx;
+static OSSL_OP_cipher_dupctx_fn sm4_dupctx;
+
+static void sm4_freectx(void *vctx)
+{
+    PROV_SM4_CTX *ctx = (PROV_SM4_CTX *)vctx;
+
+    OPENSSL_clear_free(ctx,  sizeof(*ctx));
+}
+
+static void *sm4_dupctx(void *ctx)
+{
+    PROV_SM4_CTX *in = (PROV_SM4_CTX *)ctx;
+    PROV_SM4_CTX *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    *ret = *in;
+
+    return ret;
+}
+
+/* sm4128ecb_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ecb, ECB, SM4_FLAGS, 128, 128, 0, block)
+/* sm4128cbc_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, cbc, CBC, SM4_FLAGS, 128, 128, 128, block)
+/* sm4128ctr_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ctr, CTR, SM4_FLAGS, 128, 8, 128, stream)
+/* sm4128ofb128_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, ofb128, OFB, SM4_FLAGS, 128, 8, 128, stream)
+/* sm4128cfb128_functions */
+IMPLEMENT_generic_cipher(sm4, SM4, cfb128,  CFB, SM4_FLAGS, 128, 8, 128, stream)

providers/default/ciphers/cipher_sm4.h

@@ -0,0 +1,25 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/ciphers/ciphercommon.h"
+#include "internal/sm4.h"
+
+typedef struct prov_cast_ctx_st {
+    PROV_CIPHER_CTX base;      /* Must be first */
+    union {
+        OSSL_UNION_ALIGN;
+        SM4_KEY ks;
+    } ks;
+} PROV_SM4_CTX;
+
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_cbc(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ecb(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ctr(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_ofb128(size_t keybits);
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_cfb128(size_t keybits);

providers/default/ciphers/cipher_sm4_hw.c

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "cipher_sm4.h"
+
+static int cipher_hw_sm4_initkey(PROV_CIPHER_CTX *ctx,
+                                 const unsigned char *key, size_t keylen)
+{
+    PROV_SM4_CTX *sctx =  (PROV_SM4_CTX *)ctx;
+    SM4_KEY *ks = &sctx->ks.ks;
+
+    SM4_set_key(key, ks);
+    ctx->ks = ks;
+    if (ctx->enc
+            || (ctx->mode != EVP_CIPH_ECB_MODE
+                && ctx->mode != EVP_CIPH_CBC_MODE))
+        ctx->block = (block128_f)SM4_encrypt;
+    else
+        ctx->block = (block128_f)SM4_decrypt;
+    return 1;
+}
+
+# define PROV_CIPHER_HW_sm4_mode(mode)                                         \
+static const PROV_CIPHER_HW sm4_##mode = {                                     \
+    cipher_hw_sm4_initkey,                                                     \
+    cipher_hw_chunked_##mode                                                   \
+};                                                                             \
+const PROV_CIPHER_HW *PROV_CIPHER_HW_sm4_##mode(size_t keybits)                \
+{                                                                              \
+    return &sm4_##mode;                                                        \
+}
+
+PROV_CIPHER_HW_sm4_mode(cbc)
+PROV_CIPHER_HW_sm4_mode(ecb)
+PROV_CIPHER_HW_sm4_mode(ofb128)
+PROV_CIPHER_HW_sm4_mode(cfb128)
+PROV_CIPHER_HW_sm4_mode(ctr)

providers/default/defltprov.c

@@ -213,6 +213,13 @@ static const OSSL_ALGORITHM deflt_ciphers[] = {
     { "SEED-OFB", "default=yes", seed128ofb128_functions },
     { "SEED-CFB", "default=yes", seed128cfb128_functions },
 #endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_SM4
+    { "SM4-ECB", "default=yes", sm4128ecb_functions },
+    { "SM4-CBC", "default=yes", sm4128cbc_functions },
+    { "SM4-CTR", "default=yes", sm4128ctr_functions },
+    { "SM4-OFB", "default=yes", sm4128ofb128_functions },
+    { "SM4-CFB", "default=yes", sm4128cfb128_functions },
+#endif /* OPENSSL_NO_SM4 */
     { NULL, NULL, NULL }
 };
 

test/recipes/30-test_evp.t

@@ -41,6 +41,9 @@ push @defltfiles, @castfiles unless disabled("cast");
 my @seedfiles = qw( evpciph_seed.txt );
 push @defltfiles, @seedfiles unless disabled("seed");
 
+my @sm4files = qw( evpciph_sm4.txt );
+push @defltfiles, @sm4files unless disabled("sm4");
+
 plan tests => (scalar(@configs) * scalar(@files)) + scalar(@defltfiles) + 1;
 
 my $infile = bldtop_file('providers', platform->dso('fips'));

test/recipes/30-test_evp_data/evpciph.txt

@@ -2256,37 +2256,6 @@ Operation = ENCRYPT
 Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
 Ciphertext = A4DA23FCE6A5FFAA6D64AE9A0652A42CD161A34B65F9679F75C01F101F71276F15EF0D8D
 
-Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4
-
-Cipher = SM4-ECB
-Key = 0123456789ABCDEFFEDCBA9876543210
-Plaintext  = 0123456789ABCDEFFEDCBA9876543210
-Ciphertext = 681EDF34D206965E86B3E94F536E4246
-
-Cipher = SM4-CBC
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV  = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B
-
-Cipher = SM4-OFB
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV  = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE
-
-Cipher = SM4-CFB
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV  = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
-Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995
-
-Cipher = SM4-CTR
-Key = 0123456789ABCDEFFEDCBA9876543210
-IV  = 0123456789ABCDEFFEDCBA9876543210
-Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA
-Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D
-
 Title = ARIA test vectors from RFC5794 (and others)
 
 Cipher = ARIA-128-ECB

test/recipes/30-test_evp_data/evpciph_sm4.txt

@@ -0,0 +1,39 @@
+#
+# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+Title = SM4 test vectors from IETF draft-ribose-cfrg-sm4
+
+Cipher = SM4-ECB
+Key = 0123456789ABCDEFFEDCBA9876543210
+Plaintext  = 0123456789ABCDEFFEDCBA9876543210
+Ciphertext = 681EDF34D206965E86B3E94F536E4246
+
+Cipher = SM4-CBC
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 2677F46B09C122CC975533105BD4A22AF6125F7275CE552C3A2BBCF533DE8A3B
+
+Cipher = SM4-OFB
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 693D9A535BAD5BB1786F53D7253A7056F2075D28B5235F58D50027E4177D2BCE
+
+Cipher = SM4-CFB
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = 0123456789ABCDEFFEDCBA98765432100123456789ABCDEFFEDCBA9876543210
+Ciphertext = 693D9A535BAD5BB1786F53D7253A70569ED258A85A0467CC92AAB393DD978995
+
+Cipher = SM4-CTR
+Key = 0123456789ABCDEFFEDCBA9876543210
+IV  = 0123456789ABCDEFFEDCBA9876543210
+Plaintext = AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA
+Ciphertext = C2B4759E78AC3CF43D0852F4E8D5F9FD7256E8A5FCB65A350EE00630912E44492A0B17E1B85B060D0FBA612D8A95831638B361FD5FFACD942F081485A83CA35D