python使用gmssl实现SM4算法的OFB模式
近期做项目时需要使用SM4的OFB模式,但是开源工具箱gmssl中只有sm4的ecb和cbc模式,openssl中也没有提供SM4的python接口
于是基于gmssl的sm4模块写了一个ofb模式,多线程,没有进行下一步封装。
写在前面:gmssl还是很值得学习密码学的同学们去读一读的
加密:
from gmssl.func import xor, list_to_bytes, bytes_to_list, padding
from gmssl.sm4 import CryptSM4, SM4_ENCRYPT, SM4_DECRYPT
import threading
# OFB加密模式
# M为一个NAL中的RBSP,加密主密钥key必须是128bit
stream_key = [] # 列表的列表,里面存放每次流密码加密时的密钥
output_data = [] # 存放密文
def XOR(M, i):
global output_data
m = i * 16
n = (i + 1) * 16
output_data += xor(M[m:n], stream_key[i + 1])
# M是bytes类型
def ofb_Encrypt(key, iv, M):
global stream_key
global output_data
# 初始化
crypt_sm4 = CryptSM4()
# 设置加密密钥
crypt_sm4.set_key(key, SM4_ENCRYPT)
M = bytes_to_list(M)
M_value = padding(M) # padding函数可以补齐
#print('待加密补位后的明文的十进制列表', M_value)
# 产生密钥流 流多少次把M加密完
stream_num = int(len(M_value) / 16)
# 初始向量补齐 取前16字节
iv = padding(bytes_to_list(iv))
iv = iv[0:16]
stream_key.append(iv)
for i in range(stream_num):
temp = crypt_sm4.one_round(crypt_sm4.sk, stream_key[i])
stream_key.append(temp)
t = threading.Thread(target=XOR, args=[M_value, i, ])
t.start()
t.join()
return list_to_bytes(output_data)
def main():
key = eval(input("加密主密钥16字节:"))
iv = eval(input("流密钥初始向量:"))
M = eval(input("待加密数据:"))
C = ofb_Encrypt(key, iv, M)
print(C)
if __name__ == '__main__':
main()
解密:
from gmssl.func import xor, list_to_bytes, bytes_to_list, unpadding, padding
from gmssl.sm4 import CryptSM4, SM4_ENCRYPT, SM4_DECRYPT
import threading
# 存放流密码解密时的密钥
stream_key = []
output_data = []
def XOR(C, i):
global output_data
m = i * 16
n = (i + 1) * 16
output_data += xor(C[m:n], stream_key[i + 1])
def ofb_Decrypt(key, iv, C):
global stream_key
global output_data
crypt_sm4 = CryptSM4()
crypt_sm4.set_key(key, SM4_ENCRYPT)
C_value = bytes_to_list(C)
stream_num = int(len(C_value) / 16)
iv = padding(bytes_to_list(iv))
iv = iv[0:16]
stream_key.append(iv)
for i in range(stream_num):
temp = crypt_sm4.one_round(crypt_sm4.sk, stream_key[i])
stream_key.append(temp)
t = threading.Thread(target=XOR, args=[C_value, i, ])
t.start()
t.join()
output_data = unpadding(output_data)
return list_to_bytes(output_data)
def main():
key = eval(input("解密主密钥16字节:"))
iv = eval(input("流密钥初始向量:"))
C = eval(input("待解密数据:"))
M = ofb_Decrypt(key, iv, C)
print(M)
if __name__ == '__main__':
main()
效果如图:
gmssl封装好的sm4
#-*-coding:utf-8-*-
import copy
from .func import xor, rotl, get_uint32_be, put_uint32_be, \
bytes_to_list, list_to_bytes, padding, unpadding
#Expanded SM4 box table
SM4_BOXES_TABLE = [
0xd6,0x90,0xe9,0xfe,0xcc,0xe1,0x3d,0xb7,0x16,0xb6,0x14,0xc2,0x28,0xfb,0x2c,
0x05,0x2b,0x67,0x9a,0x76,0x2a,0xbe,0x04,0xc3,0xaa,0x44,0x13,0x26,0x49,0x86,
0x06,0x99,0x9c,0x42,0x50,0xf4,0x91,0xef,0x98,0x7a,0x33,0x54,0x0b,0x43,0xed,
0xcf,0xac,0x62,0xe4,0xb3,0x1c,0xa9,0xc9,0x08,0xe8,0x95,0x80,0xdf,0x94,0xfa,
0x75,0x8f,0x3f,0xa6,0x47,0x07,0xa7,0xfc,0xf3,0x73,0x17,0xba,0x83,0x59,0x3c,
0x19,0xe6,0x85,0x4f,0xa8,0x68,0x6b,0x81,0xb2,0x71,0x64,0xda,0x8b,0xf8,0xeb,
0x0f,0x4b,0x70,0x56,0x9d,0x35,0x1e,0x24,0x0e,0x5e,0x63,0x58,0xd1,0xa2,0x25,
0x22,0x7c,0x3b,0x01,0x21,0x78,0x87,0xd4,0x00,0x46,0x57,0x9f,0xd3,0x27,0x52,
0x4c,0x36,0x02,0xe7,0xa0,0xc4,0xc8,0x9e,0xea,0xbf,0x8a,0xd2,0x40,0xc7,0x38,
0xb5,0xa3,0xf7,0xf2,0xce,0xf9,0x61,0x15,0xa1,0xe0,0xae,0x5d,0xa4,0x9b,0x34,
0x1a,0x55,0xad,0x93,0x32,0x30,0xf5,0x8c,0xb1,0xe3,0x1d,0xf6,0xe2,0x2e,0x82,
0x66,0xca,0x60,0xc0,0x29,0x23,0xab,0x0d,0x53,0x4e,0x6f,0xd5,0xdb,0x37,0x45,
0xde,0xfd,0x8e,0x2f,0x03,0xff,0x6a,0x72,0x6d,0x6c,0x5b,0x51,0x8d,0x1b,0xaf,
0x92,0xbb,0xdd,0xbc,0x7f,0x11,0xd9,0x5c,0x41,0x1f,0x10,0x5a,0xd8,0x0a,0xc1,
0x31,0x88,0xa5,0xcd,0x7b,0xbd,0x2d,0x74,0xd0,0x12,0xb8,0xe5,0xb4,0xb0,0x89,
0x69,0x97,0x4a,0x0c,0x96,0x77,0x7e,0x65,0xb9,0xf1,0x09,0xc5,0x6e,0xc6,0x84,
0x18,0xf0,0x7d,0xec,0x3a,0xdc,0x4d,0x20,0x79,0xee,0x5f,0x3e,0xd7,0xcb,0x39,
0x48,
]
# System parameter
SM4_FK = [0xa3b1bac6,0x56aa3350,0x677d9197,0xb27022dc]
# fixed parameter
SM4_CK = [
0x00070e15,0x1c232a31,0x383f464d,0x545b6269,
0x70777e85,0x8c939aa1,0xa8afb6bd,0xc4cbd2d9,
0xe0e7eef5,0xfc030a11,0x181f262d,0x343b4249,
0x50575e65,0x6c737a81,0x888f969d,0xa4abb2b9,
0xc0c7ced5,0xdce3eaf1,0xf8ff060d,0x141b2229,
0x30373e45,0x4c535a61,0x686f767d,0x848b9299,
0xa0a7aeb5,0xbcc3cad1,0xd8dfe6ed,0xf4fb0209,
0x10171e25,0x2c333a41,0x484f565d,0x646b7279
]
SM4_ENCRYPT = 0
SM4_DECRYPT = 1
class CryptSM4(object):
def __init__(self, mode=SM4_ENCRYPT):
self.sk = [0]*32
self.mode = mode
# Calculating round encryption key.
# args: [in] a: a is a 32 bits unsigned value;
# return: sk[i]: i{0,1,2,3,...31}.
@classmethod
def _round_key(cls, ka):
b = [0, 0, 0, 0]
a = put_uint32_be(ka)
b[0] = SM4_BOXES_TABLE[a[0]]
b[1] = SM4_BOXES_TABLE[a[1]]
b[2] = SM4_BOXES_TABLE[a[2]]
b[3] = SM4_BOXES_TABLE[a[3]]
bb = get_uint32_be(b[0:4])
rk = bb ^ (rotl(bb, 13)) ^ (rotl(bb, 23))
return rk
# Calculating and getting encryption/decryption contents.
# args: [in] x0: original contents;
# args: [in] x1: original contents;
# args: [in] x2: original contents;
# args: [in] x3: original contents;
# args: [in] rk: encryption/decryption key;
# return the contents of encryption/decryption contents.
@classmethod
def _f(cls, x0, x1, x2, x3, rk):
# "T algorithm" == "L algorithm" + "t algorithm".
# args: [in] a: a is a 32 bits unsigned value;
# return: c: c is calculated with line algorithm "L" and nonline algorithm "t"
def _sm4_l_t(ka):
b = [0, 0, 0, 0]
a = put_uint32_be(ka)
b[0] = SM4_BOXES_TABLE[a[0]]
b[1] = SM4_BOXES_TABLE[a[1]]
b[2] = SM4_BOXES_TABLE[a[2]]
b[3] = SM4_BOXES_TABLE[a[3]]
bb = get_uint32_be(b[0:4])
c = bb ^ (rotl(bb, 2)) ^ (rotl(bb, 10)) ^ (rotl(bb, 18)) ^ (rotl(bb, 24))
return c
return (x0 ^ _sm4_l_t(x1 ^ x2 ^ x3 ^ rk))
def set_key(self, key, mode):
key = bytes_to_list(key)
MK = [0, 0, 0, 0]
k = [0]*36
MK[0] = get_uint32_be(key[0:4])
MK[1] = get_uint32_be(key[4:8])
MK[2] = get_uint32_be(key[8:12])
MK[3] = get_uint32_be(key[12:16])
k[0:4] = xor(MK[0:4], SM4_FK[0:4])
for i in range(32):
k[i + 4] = k[i] ^ (
self._round_key(k[i + 1] ^ k[i + 2] ^ k[i + 3] ^ SM4_CK[i]))
self.sk[i] = k[i + 4]
self.mode = mode
if mode == SM4_DECRYPT:
for idx in range(16):
t = self.sk[idx]
self.sk[idx] = self.sk[31 - idx]
self.sk[31 - idx] = t
def one_round(self, sk, in_put):
out_put = []
ulbuf = [0]*36
ulbuf[0] = get_uint32_be(in_put[0:4])
ulbuf[1] = get_uint32_be(in_put[4:8])
ulbuf[2] = get_uint32_be(in_put[8:12])
ulbuf[3] = get_uint32_be(in_put[12:16])
for idx in range(32):
ulbuf[idx + 4] = self._f(ulbuf[idx], ulbuf[idx + 1], ulbuf[idx + 2], ulbuf[idx + 3], sk[idx])
out_put += put_uint32_be(ulbuf[35])
out_put += put_uint32_be(ulbuf[34])
out_put += put_uint32_be(ulbuf[33])
out_put += put_uint32_be(ulbuf[32])
return out_put
def crypt_ecb(self, input_data):
# SM4-ECB block encryption/decryption
input_data = bytes_to_list(input_data)
if self.mode == SM4_ENCRYPT:
input_data = padding(input_data)
length = len(input_data) # 取长度
i = 0
output_data = []
while length > 0:
output_data += self.one_round(self.sk, input_data[i:i+16])
i += 16
length -= 16
if self.mode == SM4_DECRYPT:
return list_to_bytes(unpadding(output_data))
return list_to_bytes(output_data)
def crypt_cbc(self, iv, input_data):
#SM4-CBC buffer encryption/decryption
i = 0
output_data = []
tmp_input = [0]*16
iv = bytes_to_list(iv)
if self.mode == SM4_ENCRYPT:
input_data = xpadding(bytes_to_list(input_data))
length = len(input_data)
while length > 0:
tmp_input[0:16] = xor(input_data[i:i+16], iv[0:16])
output_data += self.one_round(self.sk, tmp_input[0:16])
iv = copy.deepcopy(output_data[i:i+16])
i += 16
length -= 16
return list_to_bytes(output_data)
else:
length = len(input_data)
while length > 0:
output_data += self.one_round(self.sk, input_data[i:i+16])
output_data[i:i+16] = xor(output_data[i:i+16], iv[0:16])
iv = copy.deepcopy(input_data[i:i + 16])
i += 16
length -= 16
return list_to_bytes(unpadding(output_data))
func里非常好用的函数
from random import choice
xor = lambda a, b:list(map(lambda x, y: x ^ y, a, b))
rotl = lambda x, n:((x << n) & 0xffffffff) | ((x >> (32 - n)) & 0xffffffff)
get_uint32_be = lambda key_data:((key_data[0] << 24) | (key_data[1] << 16) | (key_data[2] << 8) | (key_data[3]))
put_uint32_be = lambda n:[((n>>24)&0xff), ((n>>16)&0xff), ((n>>8)&0xff), ((n)&0xff)]
padding = lambda data, block=16: data + [(16 - len(data) % block)for _ in range(16 - len(data) % block)]
unpadding = lambda data: data[:-data[-1]]
list_to_bytes = lambda data: b''.join([bytes((i,)) for i in data])
bytes_to_list = lambda data: [i for i in data]
random_hex = lambda x: ''.join([choice('0123456789abcdef') for _ in range(x)])