SM4分组密码算法介绍

SM4 无线局域网标准的分组数据算法。对称加密,密钥长度和分组长度均为128位,SM4算法主要包含5种基本模式:ECB、CBC、CFB、OFB,CTR(后4种都是ECB算法模块衍生而来);与MAC结合还诞生了GCM,CCM等高级模式。CCM是CTR加密模式和CMAC认证算法的混合使用,常用在需要同时加密和认证的领域,比如WiFi安全中的WPE协议,它就使用了AES-CCM模式,所有SM4衍生的算法模式都基于SM4的基础轮函数。

SM4分组密码算法是一个迭代分组密码算法,由加解密算法和密钥扩展算法组成。SM4分组密码算法采用非平衡Feistel结构,分组长度为128b密钥长度为128b。加密算法与密钥扩展算法均采用非线性迭代结构。加密运算和解密运算的算法结构相同,解密运算的轮密钥的使用顺序与加密运算相反。

密钥及密钥参量:

SM4分组密码算法的加密密钥长度为128b,表示为MK=(MK0,MK1,MK2,MK3),其中MKi(i=1,2,3)为32b。

轮密钥表示为(rk0,rk1,···,rk31),其中rki(i=0,1,···,31)为32b。轮密钥由加密密钥生成。

FK=(FK1,FK2,FK3,FK4)为系统参数,CK=(CK0,CK1,···,CK31)为固定参数,用于密钥扩展算法,其中FKi(i=0,1,···,3),CKi(i=0,1,···,31)均为32b。

加密算法:

SM4加密算法由32次迭代运算和1次反序变换R组成

设明文输入为(X0,X1,X2,X3)∈(Z232)4,密文输出为(Y0,Y1,Y2,Y3)∈(Z232)4,轮密钥为rki∈Z232,i=0,1,···,31。加密算法的运算过程如下。

(1)首先执行32次迭代运算:

Xi+4=F(Xi,Xi+1,Xi+2,Xi+3,rki)=Xi XOR T(Xi XOR Xi+1 XOR Xi+2 XOR Xi+3 XOR rki),i=0,1,···31

(2)对最后一轮数据进行反序变换并得到密文输出:

 (Y0,Y1,Y2,Y3)=R(X32,X33,X34,X35)=(X35,X34,X33,X32)。

其中,T:Z232→Z232一个可逆变换,由非线性变换τ和线性变换L复合而成,即T(·)=L(τ(·))。

非线性变换τ

非线性变换τ的本质是S盒的一种并行应用,它由4个S盒并置构成,是用字来作为单位的一种非线性代替变换。设输入为A=(a0,a1,a2,a3),非线性变换τ的输出为B=(b0,b1,b2,b3),即:

(b0,b1,b2,b3)=τ(A)=(Sbox(a0),Sbox(a1),Sbox(a2),Sbox(a3))。

其中S盒是一种以字节为单位的非线性代替变换,它的密码学作用是可以起到混淆的作用。S盒的本质是8位的非线性置换,输入和输出都是8位的字节。设输入字节为a,输出字节为b, 则S盒的运算可表示为:b=S_Box(a)

设S盒的输入为EF,则经S盒运算的输出结果结果为第E行、第F列的值,即Sbox(EF)=0x84。

SM4分组密码算法介绍_第1张图片

线性变换部件L

线性变换部件L的密码学作用为可以起到扩散。它是以字来作为处理单位的线性变换部件,输入输出的字都是32位。非线性变换τ的输出是线性变换L的输入。设输入为B,则:

C=L(B)=B XOR (B<<<2) XOR (B<<<10) XOR (B<<<18) XOR (B<<<24)。

注:XOR为异或运算

解密算法:

本算法的解密变换与加密变换结构相同,不同的仅是轮密钥的使用顺序,解密时使用轮密钥序(rk31,rk30,···,rk0)。

密钥扩展算法:

本算法轮密钥由加密密钥通过密钥扩展算法生成。设加密密钥为MK,MK=(MK0,MK1,MK2,MK3)∈(Z232)4。

轮密钥生成方法为rki=Ki XOR T’(Ki+1 XOR Ki+2 XOR Ki+3 XOR CKi),(i=0,1,2,···,31),其中:

K0=MK0 XOR FK0;

K1=MK1 XOR FK1;

K2=MK2 XOR FK2;

K3=MK3 XOR FK3。

(1)T’是将3.2.2节中合成置换T的线性变换L替换为L’:

                              L’(B)=B XOR (B<<<13) XOR (B<<<23)。

(2)系统参数FK的取值为

FK0=(A2B1BAC6);

FK1=(56AA3350);

FK2=(677D9197);

FK3=(B27022DC)。

(3)固定参数CK取值方法为:

设cki,j为CKi的第j字节(i=0,1,···,31;j=0,1,2,3),即CKi=(cki,0,cki,1,cki,2,cki,3)∈(Z28)4,则cki,j=(4i+j)×7(mod 256)。

固定参数CKi(i=0,1,2,···,31)的具体值为:

00070E15,1C232A31,383F464D,545B6269,

70777E85,8C939AA1,A8AFB6BD,C4CBD2D9,

E0E7EEF5,FC030A11,181F262D,343B4249,

50575E65,6C737A81,888F969D,A4ABB2B9,

C0C7CED5,DCE3EAF1,F8FF060D,141B2229,

30373E45,,4C535A61,686F767D,848B9299,

A0A7AEB5,BCC3CAD1,D8DFE6ED,F4FB0209,

10171E25,2C333A41,484F565D,646B7279。

C语言实现:

sm4.h文件:

/**
 * \file sm4.h
 */
#ifndef XYSSL_SM4_H
#define XYSSL_SM4_H
 
#ifdef __cplusplus
extern "C" {
#endif

#define SM4_ENCRYPT     1
#define SM4_DECRYPT     0
 
/**
 * \brief          SM4 context structure
 */
typedef struct
{
    int mode;                   /*!<  encrypt/decrypt   */
    unsigned long sk[32];       /*!<  SM4 subkeys       */
}sm4_context;


/**
 * \brief          SM4 key schedule (128-bit, encryption)
 *
 * \param ctx      SM4 context to be initialized
 * \param key      16-byte secret key
 */
void sm4_setkey_enc( sm4_context *ctx, unsigned char key[16] );
/**
 * \brief          SM4 key schedule (128-bit, decryption)
 *
 * \param ctx      SM4 context to be initialized
 * \param key      16-byte secret key
 */
void sm4_setkey_dec( sm4_context *ctx, unsigned char key[16] );
/**
 * \brief          SM4-ECB block encryption/decryption
 * \param ctx      SM4 context
 * \param mode     SM4_ENCRYPT or SM4_DECRYPT
 * \param length   length of the input data
 * \param input    input block
 * \param output   output block
 */
void sm4_crypt_ecb( sm4_context *ctx,
				     int mode,
					 int length,
                     unsigned char *input,
                     unsigned char *output);
#ifdef __cplusplus
}
#endif

#endif /* sm4.h */

sm4.c文件:

/*
 * SM4 Encryption alogrithm (SMS4 algorithm)
 * GM/T 0002-2012 Chinese National Standard ref:http://www.oscca.gov.cn/ 
 * thanks to Xyssl
 * thnaks and refers to http://hi.baidu.com/numax/blog/item/80addfefddfb93e4cf1b3e61.html
 * author:goldboar
 * email:[email protected]
 * 2012-4-20
 */
 
#include "sm4.h"
#include 
#include 
 
 
/*
 * 32-bit integer manipulation macros (big endian)
 */
#ifndef GET_ULONG_BE
#define GET_ULONG_BE(n,b,i)                             \
{                                                       \
    (n) = ( (unsigned long) (b)[(i)    ] << 24 )        \
        | ( (unsigned long) (b)[(i) + 1] << 16 )        \
        | ( (unsigned long) (b)[(i) + 2] <<  8 )        \
        | ( (unsigned long) (b)[(i) + 3]       );       \
}
#endif
#ifndef PUT_ULONG_BE
#define PUT_ULONG_BE(n,b,i)                             \
{                                                       \
    (b)[(i)    ] = (unsigned char) ( (n) >> 24 );       \
    (b)[(i) + 1] = (unsigned char) ( (n) >> 16 );       \
    (b)[(i) + 2] = (unsigned char) ( (n) >>  8 );       \
    (b)[(i) + 3] = (unsigned char) ( (n)       );       \
}
#endif
 
 
/*
 *rotate shift left marco definition
 *
 */
#define  SHL(x,n) (((x) & 0xFFFFFFFF) << n)
#define ROTL(x,n) (SHL((x),n) | ((x) >> (32 - n)))
 
 
#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
 
 
/*
 * Expanded SM4 S-boxes
 /* Sbox table: 8bits input convert to 8 bits output*/
 
static const unsigned char SboxTable[16][16] = 
{
{0xd6,0x90,0xe9,0xfe,0xcc,0xe1,0x3d,0xb7,0x16,0xb6,0x14,0xc2,0x28,0xfb,0x2c,0x05},
{0x2b,0x67,0x9a,0x76,0x2a,0xbe,0x04,0xc3,0xaa,0x44,0x13,0x26,0x49,0x86,0x06,0x99},
{0x9c,0x42,0x50,0xf4,0x91,0xef,0x98,0x7a,0x33,0x54,0x0b,0x43,0xed,0xcf,0xac,0x62},
{0xe4,0xb3,0x1c,0xa9,0xc9,0x08,0xe8,0x95,0x80,0xdf,0x94,0xfa,0x75,0x8f,0x3f,0xa6},
{0x47,0x07,0xa7,0xfc,0xf3,0x73,0x17,0xba,0x83,0x59,0x3c,0x19,0xe6,0x85,0x4f,0xa8},
{0x68,0x6b,0x81,0xb2,0x71,0x64,0xda,0x8b,0xf8,0xeb,0x0f,0x4b,0x70,0x56,0x9d,0x35},
{0x1e,0x24,0x0e,0x5e,0x63,0x58,0xd1,0xa2,0x25,0x22,0x7c,0x3b,0x01,0x21,0x78,0x87},
{0xd4,0x00,0x46,0x57,0x9f,0xd3,0x27,0x52,0x4c,0x36,0x02,0xe7,0xa0,0xc4,0xc8,0x9e},
{0xea,0xbf,0x8a,0xd2,0x40,0xc7,0x38,0xb5,0xa3,0xf7,0xf2,0xce,0xf9,0x61,0x15,0xa1},
{0xe0,0xae,0x5d,0xa4,0x9b,0x34,0x1a,0x55,0xad,0x93,0x32,0x30,0xf5,0x8c,0xb1,0xe3},
{0x1d,0xf6,0xe2,0x2e,0x82,0x66,0xca,0x60,0xc0,0x29,0x23,0xab,0x0d,0x53,0x4e,0x6f},
{0xd5,0xdb,0x37,0x45,0xde,0xfd,0x8e,0x2f,0x03,0xff,0x6a,0x72,0x6d,0x6c,0x5b,0x51},
{0x8d,0x1b,0xaf,0x92,0xbb,0xdd,0xbc,0x7f,0x11,0xd9,0x5c,0x41,0x1f,0x10,0x5a,0xd8},
{0x0a,0xc1,0x31,0x88,0xa5,0xcd,0x7b,0xbd,0x2d,0x74,0xd0,0x12,0xb8,0xe5,0xb4,0xb0},
{0x89,0x69,0x97,0x4a,0x0c,0x96,0x77,0x7e,0x65,0xb9,0xf1,0x09,0xc5,0x6e,0xc6,0x84},
{0x18,0xf0,0x7d,0xec,0x3a,0xdc,0x4d,0x20,0x79,0xee,0x5f,0x3e,0xd7,0xcb,0x39,0x48}
};
 
 
/* System parameter */
static const unsigned long FK[4] = {0xa3b1bac6,0x56aa3350,0x677d9197,0xb27022dc};
 
 
/* fixed parameter */
static const unsigned long CK[32] =
{
0x00070e15,0x1c232a31,0x383f464d,0x545b6269,
0x70777e85,0x8c939aa1,0xa8afb6bd,0xc4cbd2d9,
0xe0e7eef5,0xfc030a11,0x181f262d,0x343b4249,
0x50575e65,0x6c737a81,0x888f969d,0xa4abb2b9,
0xc0c7ced5,0xdce3eaf1,0xf8ff060d,0x141b2229,
0x30373e45,0x4c535a61,0x686f767d,0x848b9299,
0xa0a7aeb5,0xbcc3cad1,0xd8dfe6ed,0xf4fb0209,
0x10171e25,0x2c333a41,0x484f565d,0x646b7279
};
 
 
 
 
/*
 * private function:
 * look up in SboxTable and get the related value.
 * args:    [in] inch: 0x00~0xFF (8 bits unsigned value).
 */
static unsigned char sm4Sbox(unsigned char inch)
{
    unsigned char *pTable = (unsigned char *)SboxTable;
    unsigned char retVal = (unsigned char)(pTable[inch]);
    return retVal;
}
 
 
/*
 * private F(Lt) function:
 * "T algorithm" == "L algorithm" + "t algorithm".
 * args:    [in] a: a is a 32 bits unsigned value;
 * return: c: c is calculated with line algorithm "L" and nonline algorithm "t"
 */
static unsigned long sm4Lt(unsigned long ka)
{
    unsigned long bb = 0;
    unsigned long c = 0;
    unsigned char a[4];
	unsigned char b[4];
    PUT_ULONG_BE(ka,a,0)
    b[0] = sm4Sbox(a[0]);
    b[1] = sm4Sbox(a[1]);
    b[2] = sm4Sbox(a[2]);
    b[3] = sm4Sbox(a[3]);
	GET_ULONG_BE(bb,b,0)
    c =bb^(ROTL(bb, 2))^(ROTL(bb, 10))^(ROTL(bb, 18))^(ROTL(bb, 24));
    return c;
}
 
 
/*
 * private F function:
 * Calculating and getting encryption/decryption contents.
 * args:    [in] x0: original contents;
 * args:    [in] x1: original contents;
 * args:    [in] x2: original contents;
 * args:    [in] x3: original contents;
 * args:    [in] rk: encryption/decryption key;
 * return the contents of encryption/decryption contents.
 */
static unsigned long sm4F(unsigned long x0, unsigned long x1, unsigned long x2, unsigned long x3, unsigned long rk)
{
    return (x0^sm4Lt(x1^x2^x3^rk));
}
 
 
 
 
/* private function:
 * Calculating round encryption key.
 * args:    [in] a: a is a 32 bits unsigned value;
 * return: sk[i]: i{0,1,2,3,...31}.
 */
static unsigned long sm4CalciRK(unsigned long ka)
{
    unsigned long bb = 0;
    unsigned long rk = 0;
    unsigned char a[4];
    unsigned char b[4];
    PUT_ULONG_BE(ka,a,0)
    b[0] = sm4Sbox(a[0]);
    b[1] = sm4Sbox(a[1]);
    b[2] = sm4Sbox(a[2]);
    b[3] = sm4Sbox(a[3]);
	GET_ULONG_BE(bb,b,0)
    rk = bb^(ROTL(bb, 13))^(ROTL(bb, 23));
    return rk;
}
 
 
static void sm4_setkey( unsigned long SK[32], unsigned char key[16] )
{
    unsigned long MK[4];
    unsigned long k[36];
    unsigned long i = 0;
 
 
    GET_ULONG_BE( MK[0], key, 0 );
    GET_ULONG_BE( MK[1], key, 4 );
    GET_ULONG_BE( MK[2], key, 8 );
    GET_ULONG_BE( MK[3], key, 12 );
    k[0] = MK[0]^FK[0];
    k[1] = MK[1]^FK[1];
    k[2] = MK[2]^FK[2];
    k[3] = MK[3]^FK[3];
    for(; i<32; i++)
    {
        k[i+4] = k[i] ^ (sm4CalciRK(k[i+1]^k[i+2]^k[i+3]^CK[i]));
        SK[i] = k[i+4];
	}
}
/*
 * SM4 standard one round processing
 *
 */
static void sm4_one_round( unsigned long sk[32],
                    unsigned char input[16],
                    unsigned char output[16] )
{
    unsigned long i = 0;
    unsigned long ulbuf[36];
    memset(ulbuf, 0, sizeof(ulbuf));
    GET_ULONG_BE( ulbuf[0], input, 0 )
    GET_ULONG_BE( ulbuf[1], input, 4 )
    GET_ULONG_BE( ulbuf[2], input, 8 )
    GET_ULONG_BE( ulbuf[3], input, 12 )
    while(i<32)
    {
        ulbuf[i+4] = sm4F(ulbuf[i], ulbuf[i+1], ulbuf[i+2], ulbuf[i+3], sk[i]);
// #ifdef _DEBUG
//        	printf("rk(%02d) = 0x%08x,  X(%02d) = 0x%08x \n",i,sk[i], i, ulbuf[i+4] );
// #endif
	    i++;
    }
	PUT_ULONG_BE(ulbuf[35],output,0);
	PUT_ULONG_BE(ulbuf[34],output,4);
	PUT_ULONG_BE(ulbuf[33],output,8);
	PUT_ULONG_BE(ulbuf[32],output,12);
}

/*
 * SM4 key schedule (128-bit, encryption)
 */
void sm4_setkey_enc( sm4_context *ctx, unsigned char key[16] )
{
    ctx->mode = SM4_ENCRYPT;
	sm4_setkey( ctx->sk, key );
}
 
 
/*
 * SM4 key schedule (128-bit, decryption)
 */
void sm4_setkey_dec( sm4_context *ctx, unsigned char key[16] )
{
    int i;
	ctx->mode = SM4_ENCRYPT;
    sm4_setkey( ctx->sk, key );
    for( i = 0; i < 16; i ++ )
    {
        SWAP( ctx->sk[ i ], ctx->sk[ 31-i] );
    }
}
 
 
 
 
/*
 * SM4-ECB block encryption/decryption
 */
 
 
void sm4_crypt_ecb( sm4_context *ctx,
				   int mode,
				   int length,
				   unsigned char *input,
                   unsigned char *output)
{
    while( length > 0 )
    {
        sm4_one_round( ctx->sk, input, output );
        input  += 16;
        output += 16;
        length -= 16;
    }
 
 
}

/*
 *  * SM4-CBC buffer encryption/decryption
 *  */
void sm4_crypt_cbc( sm4_context *ctx,
		int mode,
		int length,
		unsigned char iv[16],
		unsigned char *input,
		unsigned char *output )
{
	int i;
	unsigned char temp[16];

	if( mode == SM4_ENCRYPT )
	{
		while( length > 0 )
		{
			for( i = 0; i < 16; i++ )
				output[i] = (unsigned char)( input[i] ^ iv[i] );

			sm4_one_round( ctx->sk, output, output );
			memcpy( iv, output, 16 );

			input  += 16;
			output += 16;
			length -= 16;
		}
	}
	else /* SM4_DECRYPT */
	{
		while( length > 0 )
		{
			memcpy( temp, input, 16 );
			sm4_one_round( ctx->sk, input, output );

			for( i = 0; i < 16; i++ )
				output[i] = (unsigned char)( output[i] ^ iv[i] );

			memcpy( iv, temp, 16 );

			input  += 16;
			output += 16;
			length -= 16;
		}
	}
}

本博客整理自网络,仅供学习参考,如有侵权,联系删除。邮箱:[email protected]

参考文档链接: 

https://blog.csdn.net/Soul_Programmer_Swh/article/details/80263822

 

你可能感兴趣的:(算法)