Add SM4 cipher (GB/T 32907-2016) support from SM4 enabled mbed TLS library

m4/mbedtls.m4

@@ -91,4 +91,20 @@ AC_DEFUN([ss_MBEDTLS],
     [AC_MSG_RESULT([ok])],
     [AC_MSG_WARN([We will continue without Camellia block cipher support, MBEDTLS_CAMELLIA_C required])]
   )
+
+  AC_MSG_CHECKING([whether mbedtls supports the SM4 block cipher or not])
+  AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM(
+      [[
+#include <mbedtls/config.h>
+      ]],
+      [[
+#ifndef MBEDTLS_SM4_C
+#error the SM4 block cipher not supported by your mbed TLS.
+#endif
+      ]]
+    )],
+    [AC_MSG_RESULT([ok])],
+    [AC_MSG_WARN([We will continue without SM4 block cipher support, MBEDTLS_SM4_C required])]
+  )
 ])

src/aead.c

@@ -44,15 +44,16 @@
 #define AES128GCM               0
 #define AES192GCM               1
 #define AES256GCM               2
+#define SM4128GCM               3
 /*
  * methods above requires gcm context
  * methods below doesn't require it,
  * then we need to fake one
  */
-#define CHACHA20POLY1305IETF    3
+#define CHACHA20POLY1305IETF    4
 
 #ifdef FS_HAVE_XCHACHA20IETF
-#define XCHACHA20POLY1305IETF   4
+#define XCHACHA20POLY1305IETF   5
 #endif
 
 #define CHUNK_SIZE_LEN          2
@@ -108,6 +109,7 @@ const char *supported_aead_ciphers[AEAD_CIPHER_NUM] = {
     "aes-128-gcm",
     "aes-192-gcm",
     "aes-256-gcm",
+    "sm4-128-gcm",
     "chacha20-ietf-poly1305",
 #ifdef FS_HAVE_XCHACHA20IETF
     "xchacha20-ietf-poly1305"
@@ -121,21 +123,22 @@ static const char *supported_aead_ciphers_mbedtls[AEAD_CIPHER_NUM] = {
     "AES-128-GCM",
     "AES-192-GCM",
     "AES-256-GCM",
+    "SM4-128-GCM",
     CIPHER_UNSUPPORTED,
 #ifdef FS_HAVE_XCHACHA20IETF
     CIPHER_UNSUPPORTED
 #endif
 };
 
 static const int supported_aead_ciphers_nonce_size[AEAD_CIPHER_NUM] = {
-    12, 12, 12, 12,
+    12, 12, 12, 12, 12,
 #ifdef FS_HAVE_XCHACHA20IETF
     24
 #endif
 };
 
 static const int supported_aead_ciphers_key_size[AEAD_CIPHER_NUM] = {
-    16, 24, 32, 32,
+    16, 24, 32, 16, 32,
 #ifdef FS_HAVE_XCHACHA20IETF
     32
 #endif
@@ -177,7 +180,7 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
         // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
-
+    case SM4128GCM:
         err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen, c, clen, c + mlen, tlen);
         *clen += tlen;
@@ -226,6 +229,7 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
         // Otherwise, just use the mbedTLS one with crappy AES-NI.
     case AES192GCM:
     case AES128GCM:
+    case SM4128GCM:
         err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
         break;

src/aead.h

@@ -28,9 +28,9 @@
 // currently, XCHACHA20POLY1305IETF is not released yet
 // XCHACHA20POLY1305 is removed in upstream
 #ifdef FS_HAVE_XCHACHA20IETF
-#define AEAD_CIPHER_NUM              5
+#define AEAD_CIPHER_NUM              6
 #else
-#define AEAD_CIPHER_NUM              4
+#define AEAD_CIPHER_NUM              5
 #endif
 
 int aead_encrypt_all(buffer_t *, cipher_t *, size_t);

src/stream.c

@@ -86,14 +86,16 @@
 #define CAMELLIA_128_CFB    10
 #define CAMELLIA_192_CFB    11
 #define CAMELLIA_256_CFB    12
-#define CAST5_CFB           13
-#define DES_CFB             14
-#define IDEA_CFB            15
-#define RC2_CFB             16
-#define SEED_CFB            17
-#define SALSA20             18
-#define CHACHA20            19
-#define CHACHA20IETF        20
+#define SM4_128_CBC         13
+#define SM4_128_CTR         14
+#define CAST5_CFB           15
+#define DES_CFB             16
+#define IDEA_CFB            17
+#define RC2_CFB             18
+#define SEED_CFB            19
+#define SALSA20             20
+#define CHACHA20            21
+#define CHACHA20IETF        22
 
 const char *supported_stream_ciphers[STREAM_CIPHER_NUM] = {
     "table",
@@ -109,6 +111,8 @@ const char *supported_stream_ciphers[STREAM_CIPHER_NUM] = {
     "camellia-128-cfb",
     "camellia-192-cfb",
     "camellia-256-cfb",
+    "sm4-128-cbc",
+    "sm4-128-ctr",
     "cast5-cfb",
     "des-cfb",
     "idea-cfb",
@@ -133,6 +137,8 @@ static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
     "CAMELLIA-128-CFB128",
     "CAMELLIA-192-CFB128",
     "CAMELLIA-256-CFB128",
+    "SM4-128-CBC",
+    "SM4-128-CTR",
     CIPHER_UNSUPPORTED,
     CIPHER_UNSUPPORTED,
     CIPHER_UNSUPPORTED,
@@ -144,11 +150,11 @@ static const char *supported_stream_ciphers_mbedtls[STREAM_CIPHER_NUM] = {
 };
 
 static const int supported_stream_ciphers_nonce_size[STREAM_CIPHER_NUM] = {
-    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8, 12
+    0, 0, 16, 16, 16, 16, 16, 16, 16, 8, 16, 16, 16, 16, 16, 8, 8, 8, 8, 16, 8, 8, 12
 };
 
 static const int supported_stream_ciphers_key_size[STREAM_CIPHER_NUM] = {
-    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 8, 16, 16, 16, 32, 32, 32
+    0, 16, 16, 16, 24, 32, 16, 24, 32, 16, 16, 24, 32, 16, 16, 16, 8, 16, 16, 16, 32, 32, 32
 };
 
 static int

src/stream.h

@@ -37,7 +37,7 @@
 #endif
 
 #include <sodium.h>
-#define STREAM_CIPHER_NUM          21
+#define STREAM_CIPHER_NUM          23
 
 #include "crypto.h"
 

src/utils.c

@@ -322,6 +322,8 @@ usage()
         "                                  camellia-128-cfb, camellia-192-cfb,\n");
     printf(
         "                                  camellia-256-cfb, bf-cfb,\n");
+    printf(
+        "                                  sm4-128-cbc, sm4-128-ctr, sm4-128-gcm,\n");
     printf(
         "                                  chacha20-ietf-poly1305,\n");
 #ifdef FS_HAVE_XCHACHA20IETF