代码拉取完成,页面将自动刷新
同步操作将从 huangtianhua/python-cryptography 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 1a0c76566944ed09e48f51ce17ff9968cf40c886 Mon Sep 17 00:00:00 2001
From: tobyp <tobyp@tobyp.net>
Date: Sun, 28 Feb 2021 20:57:50 +0100
Subject: [PATCH] Add SM4 symmetric block cipher (#5834)
Reference:https://github.com/pyca/cryptography/commit/f69f27b1dd20ad2d24f48053a72545527e808104
Conflict:The content of hazmat/primitives/ciphers/algorithms.py and tests/utils.py are adapted.
hazmat/primitives/ciphers/algorithms.py:
Community patch:
+class SM4(CipherAlgorithm, BlockCipherAlgorithm):
Adaptation patch:
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class SM4(object):
tests/utils.py:
Adaptation patch:
+filepath = os.path.join(os.path.dirname(__file__), "../vectors/cryptography_vectors", filename)
+if os.path.exists(filepath):
+ with open(filepath, mode) as vector_file:
+ return loader(vector_file)
Co-authored-by: Tobias Peter <tobias.peter@infineon.com>
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
.../primitives/symmetric-encryption.rst | 15 +++
.../hazmat/backends/openssl/backend.py | 5 +
.../hazmat/primitives/ciphers/algorithms.py | 14 +++
tests/hazmat/primitives/test_sm4.py | 99 +++++++++++++++++++
tests/utils.py | 4 +
.../SM4/draft-ribose-cfrg-sm4-10-cbc.txt | 17 ++++
.../SM4/draft-ribose-cfrg-sm4-10-cfb.txt | 17 ++++
.../SM4/draft-ribose-cfrg-sm4-10-ctr.txt | 17 ++++
.../SM4/draft-ribose-cfrg-sm4-10-ecb.txt | 28 ++++++
.../SM4/draft-ribose-cfrg-sm4-10-ofb.txt | 17 ++++
10 files changed, 233 insertions(+)
create mode 100644 tests/hazmat/primitives/test_sm4.py
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
create mode 100644 vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst
index 8551acb..6e10d67 100644
--- a/docs/hazmat/primitives/symmetric-encryption.rst
+++ b/docs/hazmat/primitives/symmetric-encryption.rst
@@ -196,6 +196,19 @@ Algorithms
:term:`bits` in length.
:type key: :term:`bytes-like`
+.. class:: SM4(key)
+
+ .. versionadded:: 35.0.0
+
+ SM4 is a block cipher developed by the Chinese Government and standardized
+ in the `GB/T 32907-2016`_. It is used in the Chinese WAPI
+ (Wired Authentication and Privacy Infrastructure) standard. (An English
+ description is available at `draft-ribose-cfrg-sm4-10`_.)
+
+ :param key: The secret key. This must be kept secret. ``128``
+ :term:`bits` in length.
+ :type key: :term:`bytes-like`
+
Weak ciphers
------------
@@ -815,3 +828,5 @@ Exceptions
.. _`International Data Encryption Algorithm`: https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
.. _`OpenPGP`: https://www.openpgp.org/
.. _`disk encryption`: https://en.wikipedia.org/wiki/Disk_encryption_theory#XTS
+.. _`GB/T 32907-2016`: http://www.cnnic.cn/gcjsyj/qyjsyj/mmsfbz/sm4/201312/t20131204_43341.htm
+.. _`draft-ribose-cfrg-sm4-10`: https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 45d4a1a..ff9c23c 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -139,6 +139,7 @@ from cryptography.hazmat.primitives.ciphers.algorithms import (
ChaCha20,
IDEA,
SEED,
+ SM4,
TripleDES,
)
from cryptography.hazmat.primitives.ciphers.modes import (
@@ -415,6 +416,10 @@ class Backend(object):
ChaCha20, type(None), GetCipherByName("chacha20")
)
self.register_cipher_adapter(AES, XTS, _get_xts_cipher)
+ for mode_cls in [ECB, CBC, OFB, CFB, CTR]:
+ self.register_cipher_adapter(
+ SM4, mode_cls, GetCipherByName("sm4-{mode.name}")
+ )
def _register_x509_ext_parsers(self):
ext_handlers = _EXTENSION_HANDLERS_BASE.copy()
diff --git a/src/cryptography/hazmat/primitives/ciphers/algorithms.py b/src/cryptography/hazmat/primitives/ciphers/algorithms.py
index 8072ced..a1db984 100644
--- a/src/cryptography/hazmat/primitives/ciphers/algorithms.py
+++ b/src/cryptography/hazmat/primitives/ciphers/algorithms.py
@@ -168,3 +168,17 @@ class ChaCha20(object):
@property
def key_size(self):
return len(self.key) * 8
+
+@utils.register_interface(BlockCipherAlgorithm)
+@utils.register_interface(CipherAlgorithm)
+class SM4(object):
+ name = "SM4"
+ block_size = 128
+ key_sizes = frozenset([128])
+
+ def __init__(self, key: bytes):
+ self.key = _verify_key_size(self, key)
+
+ @property
+ def key_size(self) -> int:
+ return len(self.key) * 8
diff --git a/tests/hazmat/primitives/test_sm4.py b/tests/hazmat/primitives/test_sm4.py
new file mode 100644
index 0000000..b757344
--- /dev/null
+++ b/tests/hazmat/primitives/test_sm4.py
@@ -0,0 +1,99 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+import binascii
+import os
+
+import pytest
+
+from cryptography.hazmat.backends.interfaces import CipherBackend
+from cryptography.hazmat.primitives.ciphers import algorithms, modes
+
+from .utils import generate_encrypt_test
+from ...utils import load_nist_vectors
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.ECB()
+ ),
+ skip_message="Does not support SM4 ECB",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeECB(object):
+ test_ecb = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-ecb.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda **kwargs: modes.ECB(),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.CBC(b"\x00" * 16)
+ ),
+ skip_message="Does not support SM4 CBC",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeCBC(object):
+ test_cbc = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-cbc.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.CBC(binascii.unhexlify(iv)),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.OFB(b"\x00" * 16)
+ ),
+ skip_message="Does not support SM4 OFB",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeOFB(object):
+ test_ofb = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-ofb.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.OFB(binascii.unhexlify(iv)),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.CFB(b"\x00" * 16)
+ ),
+ skip_message="Does not support SM4 CFB",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeCFB(object):
+ test_cfb = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-cfb.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.CFB(binascii.unhexlify(iv)),
+ )
+
+
+@pytest.mark.supported(
+ only_if=lambda backend: backend.cipher_supported(
+ algorithms.SM4(b"\x00" * 16), modes.CTR(b"\x00" * 16)
+ ),
+ skip_message="Does not support SM4 CTR",
+)
+@pytest.mark.requires_backend_interface(interface=CipherBackend)
+class TestSM4ModeCTR(object):
+ test_cfb = generate_encrypt_test(
+ load_nist_vectors,
+ os.path.join("ciphers", "SM4"),
+ ["draft-ribose-cfrg-sm4-10-ctr.txt"],
+ lambda key, **kwargs: algorithms.SM4(binascii.unhexlify((key))),
+ lambda iv, **kwargs: modes.CTR(binascii.unhexlify(iv)),
+ )
diff --git a/tests/utils.py b/tests/utils.py
index 497fde8..053ca50 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -41,6 +41,10 @@ def raises_unsupported_algorithm(reason):
def load_vectors_from_file(filename, loader, mode="r"):
+ filepath = os.path.join(os.path.dirname(__file__), "../vectors/cryptography_vectors", filename)
+ if os.path.exists(filepath):
+ with open(filepath, mode) as vector_file:
+ return loader(vector_file)
with cryptography_vectors.open_vector_file(filename, mode) as vector_file:
return loader(vector_file)
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
new file mode 100644
index 0000000..49c5f85
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cbc.txt
@@ -0,0 +1,17 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# SM4 CBC
+[ENCRYPT]
+
+# A.2.2.1
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 78ebb11cc40b0a48312aaeb2040244cb4cb7016951909226979b0d15dc6a8f6d
+
+# A.2.2.2
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 0d3a6ddc2d21c698857215587b7bb59a91f2c147911a4144665e1fa1d40bae38
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
new file mode 100644
index 0000000..4c2e4ab
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-cfb.txt
@@ -0,0 +1,17 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# SM4 CFB
+[ENCRYPT]
+
+# A.2.4.1
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = ac3236cb861dd316e6413b4e3c7524b769d4c54ed433b9a0346009beb37b2b3f
+
+# A.2.4.2
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 5dcccd25a84ba16560d7f265887068490d9b86ff20c3bfe115ffa02ca6192cc5
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
new file mode 100644
index 0000000..0aea157
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ctr.txt
@@ -0,0 +1,17 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# SM4 CTR
+[ENCRYPT]
+
+# A.2.5.1
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = ac3236cb970cc20791364c395a1342d1a3cbc1878c6f30cd074cce385cdd70c7f234bc0e24c11980fd1286310ce37b926e02fcd0faa0baf38b2933851d824514
+
+# A.2.5.2
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbccccccccccccccccddddddddddddddddeeeeeeeeeeeeeeeeffffffffffffffffaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 5dcccd25b95ab07417a08512ee160e2f8f661521cbbab44cc87138445bc29e5c0ae0297205d62704173b21239b887f6c8cb5b800917a2488284bde9e16ea2906
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
new file mode 100644
index 0000000..c9a6874
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ecb.txt
@@ -0,0 +1,28 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# Originally from GB/T 32907-2016 Example 1
+# SM4 ECB
+[ENCRYPT]
+
+# A.1.1/A.1.2
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = 0123456789abcdeffedcba9876543210
+CIPHERTEXT = 681edf34d206965e86b3e94f536e4246
+
+# A.1.4/A.1.5
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = f766678f13f01adeac1b3ea955adb594
+
+# A.2.1.1
+COUNT = 2
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+CIPHERTEXT = 5ec8143de509cff7b5179f8f474b86192f1d305a7fb17df985f81c8482192304
+
+# A.2.1.2
+COUNT = 3
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+CIPHERTEXT = c5876897e4a59bbba72a10c83872245b12dd90bc2d200692b529a4155ac9e600
diff --git a/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
new file mode 100644
index 0000000..27c611d
--- /dev/null
+++ b/vectors/cryptography_vectors/ciphers/SM4/draft-ribose-cfrg-sm4-10-ofb.txt
@@ -0,0 +1,17 @@
+# Vectors from draft-ribose-cfrg-sm4-10.txt. Reformatted to work with the NIST loader
+# SM4 OFB
+[ENCRYPT]
+
+# A.2.3.1
+COUNT = 0
+KEY = 0123456789abcdeffedcba9876543210
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = ac3236cb861dd316e6413b4e3c7524b71d01aca2487ca582cbf5463e6698539b
+
+# A.2.3.2
+COUNT = 1
+KEY = fedcba98765432100123456789abcdef
+PLAINTEXT = aaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffaaaaaaaabbbbbbbb
+IV = 000102030405060708090a0b0c0d0e0f
+CIPHERTEXT = 5dcccd25a84ba16560d7f2658870684933fa16bd5cd9c856cacaa1e101897a97
--
2.27.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手