热门标签
热门文章
- 1OpenAI、微软、智谱AI 等全球 16 家公司共同签署前沿人工智能安全承诺
- 2Vue + Element UI 实现文本超出长度显示省略号,鼠标移上悬浮展示全部内容的方法_elementui超出后省略号
- 3如何使用命令实现在达梦数据库里修改表的某个字段
- 4前端程序员面试笔试宝典,2024年最新前端中高级面试题及答案_前端中级面试题
- 5我的十年青春(10至20):写博10年1700万PV、创业5年30万学员_保利基金 罗戎
- 6视图、索引、存储过程优缺点
- 7Python爬虫+夜神模拟器+Fiddler抓取手机APP数据接口 -- 图文教程(霸霸看了都说好)_有好用的手机模拟器可以用爬虫吗大麦网
- 8GDB远程调试
- 92024中青杯数学建模竞赛A题人工智能视域下养老辅助系统的构建思路代码论文分析
- 10vue3项目中使用富文本框——wangeditor_vue3 富文本框
当前位置: article > 正文
SM4 研究与实现_go sm4加密
作者:Monodyee | 2024-05-30 13:40:31
赞
踩
go sm4加密
SM4
SM4 分组对称加密算法,分组长度128位, 密钥长度128位; 实现参考论文,讲解的非常详细;以下列举几个易错点
- 基于密钥扩展轮密钥,在传入密钥时就可以确定
- 解密和加密都是一样流程,区别在于密钥;解密轮密钥是加密轮密钥的逆序
- < < < 符号的含义 <<< 符号的含义 <<<符号的含义,该符号表示32位循环左移; 代码表示如下
func rol32(x uint32, n int) uint32 {
return (x << n) | ((x & 0xffffffff) >> (32 - n))
}
- 1
- 2
- 3
实现
SM4和AES很类似,保持在golang语言实现的统一性; 可参考golang aes 实现结构和逻辑; https://github.com/golang/go/blob/go1.17.13/src/crypto/aes/cipher.go#L32
目录结构
cryptox/sm4/
|-------const.go 常量定义和常量公式定义
|-------sm4.go SM4实现源文件
|-------sm4_test.go SM4单元测试
|-------block.go SM4数字签名生成逻辑
- 1
- 2
- 3
- 4
- 5
代码实现
const.go
package sm4 // GB/T 32907-2016 // http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=7803DE42D3BC5E80B0C3E5D8E873D56A const BlockSize = 16 // GB/T 32907-2016 SBox var sbox = [256]byte{ 0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7, 0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05, 0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3, 0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a, 0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62, 0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95, 0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6, 0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba, 0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8, 0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b, 0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35, 0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2, 0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87, 0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52, 0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e, 0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5, 0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1, 0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55, 0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3, 0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60, 0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f, 0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f, 0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51, 0x8d, 0x1b, 0xaf, 0x92, 0xbb, 0xdd, 0xbc, 0x7f, 0x11, 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, 0xd8, 0x0a, 0xc1, 0x31, 0x88, 0xa5, 0xcd, 0x7b, 0xbd, 0x2d, 0x74, 0xd0, 0x12, 0xb8, 0xe5, 0xb4, 0xb0, 0x89, 0x69, 0x97, 0x4a, 0x0c, 0x96, 0x77, 0x7e, 0x65, 0xb9, 0xf1, 0x09, 0xc5, 0x6e, 0xc6, 0x84, 0x18, 0xf0, 0x7d, 0xec, 0x3a, 0xdc, 0x4d, 0x20, 0x79, 0xee, 0x5f, 0x3e, 0xd7, 0xcb, 0x39, 0x48, } var ( fk0 = uint32(0xa3b1bac6) fk1 = uint32(0x56aa3350) fk2 = uint32(0x677d9197) fk3 = uint32(0xb27022dc) ) var ck = [32]uint32{ 0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269, 0x70777e85, 0x8c939aa1, 0xa8afb6bd, 0xc4cbd2d9, 0xe0e7eef5, 0xfc030a11, 0x181f262d, 0x343b4249, 0x50575e65, 0x6c737a81, 0x888f969d, 0xa4abb2b9, 0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d, 0x141b2229, 0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299, 0xa0a7aeb5, 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209, 0x10171e25, 0x2c333a41, 0x484f565d, 0x646b7279, } func delta(a uint32) uint32 { a = (uint32(sbox[byte(a>>24)]) << 24) | (a & 0x00ffffff) a = (uint32(sbox[byte(a>>16)]) << 16) | (a & 0xff00ffff) a = (uint32(sbox[byte(a>>8)]) << 8) | (a & 0xffff00ff) a = (uint32(sbox[byte(a)])) | (a & 0xffffff00) return a } func rol32(x uint32, n int) uint32 { return (x << n) | ((x & 0xffffffff) >> (32 - n)) } func L1(a uint32) uint32 { return a ^ rol32(a, 2) ^ rol32(a, 10) ^ rol32(a, 18) ^ rol32(a, 24) } func L2(a uint32) uint32 { return a ^ rol32(a, 13) ^ rol32(a, 23) } func T1(a uint32) uint32 { return L1(delta(a)) } func T2(a uint32) uint32 { return L2(delta(a)) } func F(a, b, c, d, k uint32) uint32 { return a ^ T1(b^c^d^k) }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
block.go
package sm4 import ( "encoding/binary" "unsafe" ) // GB/T 32907-2016 // http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=7803DE42D3BC5E80B0C3E5D8E873D56A func encryptBlockGo(xk []uint32, dst, src []byte) { _ = src[15] // early bounds check s0 := binary.BigEndian.Uint32(src[0:4]) s1 := binary.BigEndian.Uint32(src[4:8]) s2 := binary.BigEndian.Uint32(src[8:12]) s3 := binary.BigEndian.Uint32(src[12:16]) for i := 0; i < 32; i++ { si := F(s0, s1, s2, s3, xk[i]) s0 = s1 s1 = s2 s2 = s3 s3 = si } _ = dst[15] // early bounds check binary.BigEndian.PutUint32(dst[0:4], s3) binary.BigEndian.PutUint32(dst[4:8], s2) binary.BigEndian.PutUint32(dst[8:12], s1) binary.BigEndian.PutUint32(dst[12:16], s0) } func expandEncKeyGo(key []byte) []uint32 { _ = key[15] // early bounds check s0 := binary.BigEndian.Uint32(key[0:4]) s1 := binary.BigEndian.Uint32(key[4:8]) s2 := binary.BigEndian.Uint32(key[8:12]) s3 := binary.BigEndian.Uint32(key[12:16]) k0 := s0 ^ fk0 k1 := s1 ^ fk1 k2 := s2 ^ fk2 k3 := s3 ^ fk3 rk := make([]uint32, 32) for i := 0; i < 32; i++ { x := k0 ^ T2(k1^k2^k3^ck[i]) k0 = k1 k1 = k2 k2 = k3 k3 = x rk[i] = x } return rk } func expandDecKeyGo(key []byte) []uint32 { _ = key[15] // early bounds check s0 := binary.BigEndian.Uint32(key[0:4]) s1 := binary.BigEndian.Uint32(key[4:8]) s2 := binary.BigEndian.Uint32(key[8:12]) s3 := binary.BigEndian.Uint32(key[12:16]) k0 := s0 ^ fk0 k1 := s1 ^ fk1 k2 := s2 ^ fk2 k3 := s3 ^ fk3 rk := make([]uint32, 32) for i := 0; i < 32; i++ { x := k0 ^ T2(k1^k2^k3^ck[i]) k0 = k1 k1 = k2 k2 = k3 k3 = x rk[31-i] = x } return rk } // copy from https://github.com/golang/go/blob/15da892a4950a4caac987ee72c632436329f62d5/src/crypto/internal/subtle/aliasing.go#L30 func inexactOverlap(x, y []byte) bool { if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { return false } return anyOverlap(x, y) } func anyOverlap(x, y []byte) bool { return len(x) > 0 && len(y) > 0 && uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
sm4.go
package sm4 import ( "crypto/cipher" "strconv" ) type sm4 struct { enc []uint32 dec []uint32 } type KeySizeError int func (k KeySizeError) Error() string { return "cryptox/sm4: invalid key size " + strconv.Itoa(int(k)) } //GB/T 32907-2016; SM4-128 func NewCipher(key []byte) (cipher.Block, error) { k := len(key) switch k { default: return nil, KeySizeError(k) case 16: break } return newCipher(key) } func newCipher(key []byte) (cipher.Block, error) { c := sm4{} c.enc = expandEncKeyGo(key) c.dec = expandDecKeyGo(key) return &c, nil } func (c *sm4) BlockSize() int { return BlockSize } func (c *sm4) Encrypt(dst, src []byte) { if len(src) < BlockSize { panic("crypto/sm4: input not full block") } if len(dst) < BlockSize { panic("crypto/sm4: output not full block") } if inexactOverlap(dst[:BlockSize], src[:BlockSize]) { panic("crypto/sm4: invalid buffer overlap") } encryptBlockGo(c.enc, dst, src) } func (c *sm4) Decrypt(dst, src []byte) { if len(src) < BlockSize { panic("crypto/sm4: input not full block") } if len(dst) < BlockSize { panic("crypto/sm4: output not full block") } if inexactOverlap(dst[:BlockSize], src[:BlockSize]) { panic("crypto/sm4: invalid buffer overlap") } encryptBlockGo(c.dec, dst, src) }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
遗留问题
SM4 是128位加密算法,但是对于加密很多数据时,需要填充数据,使其长度是128位的整数倍; 常见的填充方式;
- NoPadding
- PKCS5Padding
- PKCS7Padding
- ISO10126Padding
- ISO7816-4Padding
- ZeroBytePadding
- X923Padding
- TBCPadding(Trailing-Bit-Compliment)
- PKCS1Padding
AES五种加密模式(CBC、ECB、CTR、OCF、CFB),那么SM4 也应该有该五种加密模式;
- 电码本模式(Electronic Codebook Book (ECB))
- 密码分组链接模式(Cipher Block Chaining (CBC))
- 计算器模式(Counter (CTR));
- 密码反馈模式(Cipher FeedBack (CFB))
- 输出反馈模式(Output FeedBack (OFB))
待续。。。。
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/Monodyee/article/detail/647211
推荐阅读
相关标签
