mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-06-28 08:23:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

sm4: separate cipher_ni from cipher_asm

Browse Source
This commit is contained in:
Sun Yimin 2022-07-19 13:29:21 +08:00 committed by GitHub
parent 6a60fe2603
commit af50b136e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 91 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/codecov.yaml vendored
View File

@ -4,3 +4,4 @@ codecov:
ignore: ignore:
- "sm2/gen_p256_table.go" - "sm2/gen_p256_table.go"
- "sm4/sm4ni_gcm_asm.go" - "sm4/sm4ni_gcm_asm.go"
- "sm4/cipher_ni.go"

41
pkcs8/pkcs8_test.go
View File

@ -5,6 +5,8 @@ import (
"crypto/elliptic" "crypto/elliptic"
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
"crypto/x509/pkix"
"encoding/asn1"
"encoding/pem" "encoding/pem"
"testing" "testing"
@ -598,3 +600,42 @@ func TestUnknownTypeFailure(t *testing.T) {
t.Fatal("expected error") t.Fatal("expected error")
} }
} }
// for encrypted private-key information
type encryptedPrivateKeyInfo struct {
EncryptionAlgorithm pkix.AlgorithmIdentifier
EncryptedData []byte
}
func TestParseInvalidPrivateKey(t *testing.T) {
// test parse pem directly
_, err := pkcs8.ParsePKCS8PrivateKeyECDSA([]byte(encryptedEC256aes), []byte("password"))
if err == nil || err.Error() != "pkcs8: this method just supports DER-encoded key" {
t.Errorf("should be error: pkcs8: this method just supports DER-encoded key")
}
_, err = pkcs8.ParsePKCS8PrivateKeyECDSA(nil, []byte("password"))
if err == nil || err.Error() != "pkcs8: only PKCS #5 v2.0 supported" {
t.Errorf("should be error: pkcs8: only PKCS #5 v2.0 supported")
}
var privKey encryptedPrivateKeyInfo
privKey.EncryptionAlgorithm.Algorithm = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 1}
data, err := asn1.Marshal(privKey)
if err != nil {
t.Fatal(err)
}
_, err = pkcs8.ParsePKCS8PrivateKeyECDSA(data, []byte("password"))
if err == nil || err.Error() != "pkcs8: only PBES2 supported" {
t.Errorf("should be error: pkcs8: only PBES2 supported")
}
privKey.EncryptionAlgorithm.Algorithm = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 5, 13}
data, err = asn1.Marshal(privKey)
if err != nil {
t.Fatal(err)
}
_, err = pkcs8.ParsePKCS8PrivateKeyECDSA(data, []byte("password"))
if err == nil || err.Error() != "pkcs8: invalid PBES2 parameters" {
t.Errorf("should be error: pkcs8: invalid PBES2 parameters")
}
}

39
sm4/cipher_asm.go
View File

@ -35,45 +35,6 @@ type sm4CipherAsm struct {
blocksSize int blocksSize int
} }
type sm4CipherNI struct {
sm4Cipher
}
func newCipherNI(key []byte) (cipher.Block, error) {
c := &sm4CipherNI{sm4Cipher{make([]uint32, rounds), make([]uint32, rounds)}}
expandKeyAsm(&key[0], &ck[0], &c.enc[0], &c.dec[0], INST_SM4)
if supportsGFMUL {
return &sm4CipherNIGCM{c}, nil
}
return c, nil
}
func (c *sm4CipherNI) Encrypt(dst, src []byte) {
if len(src) < BlockSize {
panic("sm4: input not full block")
}
if len(dst) < BlockSize {
panic("sm4: output not full block")
}
if subtle.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
panic("sm4: invalid buffer overlap")
}
encryptBlockAsm(&c.enc[0], &dst[0], &src[0], INST_SM4)
}
func (c *sm4CipherNI) Decrypt(dst, src []byte) {
if len(src) < BlockSize {
panic("sm4: input not full block")
}
if len(dst) < BlockSize {
panic("sm4: output not full block")
}
if subtle.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
panic("sm4: invalid buffer overlap")
}
encryptBlockAsm(&c.dec[0], &dst[0], &src[0], INST_SM4)
}
func newCipher(key []byte) (cipher.Block, error) { func newCipher(key []byte) (cipher.Block, error) {
if supportSM4 { if supportSM4 {
return newCipherNI(key) return newCipherNI(key)

49
sm4/cipher_ni.go Normal file
View File

@ -0,0 +1,49 @@
//go:build (amd64 && !generic) || (arm64 && !generic)
// +build amd64,!generic arm64,!generic
package sm4
import (
"crypto/cipher"
"github.com/emmansun/gmsm/internal/subtle"
)
type sm4CipherNI struct {
sm4Cipher
}
func newCipherNI(key []byte) (cipher.Block, error) {
c := &sm4CipherNI{sm4Cipher{make([]uint32, rounds), make([]uint32, rounds)}}
expandKeyAsm(&key[0], &ck[0], &c.enc[0], &c.dec[0], INST_SM4)
if supportsGFMUL {
return &sm4CipherNIGCM{c}, nil
}
return c, nil
}
func (c *sm4CipherNI) Encrypt(dst, src []byte) {
if len(src) < BlockSize {
panic("sm4: input not full block")
}
if len(dst) < BlockSize {
panic("sm4: output not full block")
}
if subtle.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
panic("sm4: invalid buffer overlap")
}
encryptBlockAsm(&c.enc[0], &dst[0], &src[0], INST_SM4)
}
func (c *sm4CipherNI) Decrypt(dst, src []byte) {
if len(src) < BlockSize {
panic("sm4: input not full block")
}
if len(dst) < BlockSize {
panic("sm4: output not full block")
}
if subtle.InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
panic("sm4: invalid buffer overlap")
}
encryptBlockAsm(&c.dec[0], &dst[0], &src[0], INST_SM4)
}