diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 9a27fab482..bddb935bb2 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -159,10 +159,13 @@ static const char* GetPkTypeStr(int pk) case WC_PK_TYPE_EC_GET_SIG_SIZE: return "ECC GetSigSize"; case WC_PK_TYPE_EC_MAKE_PUB: return "ECC MakePub"; case WC_PK_TYPE_EC_CHECK_PUB_KEY: return "ECC CheckPubKey"; + case WC_PK_TYPE_SM2_SIGN: return "SM2-Sign"; + case WC_PK_TYPE_SM2_VERIFY: return "SM2-Verify"; + case WC_PK_TYPE_SM2_SHARED_SECRET: return "SM2-SharedSecret"; } return NULL; } -#if !defined(NO_AES) || !defined(NO_DES3) +#if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4) static const char* GetCipherTypeStr(int cipher) { switch (cipher) { @@ -175,10 +178,15 @@ static const char* GetCipherTypeStr(int cipher) case WC_CIPHER_DES3: return "DES3"; case WC_CIPHER_DES: return "DES"; case WC_CIPHER_CHACHA: return "ChaCha20"; + case WC_CIPHER_SM4_ECB: return "SM4 ECB"; + case WC_CIPHER_SM4_CBC: return "SM4 CBC"; + case WC_CIPHER_SM4_CTR: return "SM4 CTR"; + case WC_CIPHER_SM4_GCM: return "SM4 GCM"; + case WC_CIPHER_SM4_CCM: return "SM4 CCM"; } return NULL; } -#endif /* !NO_AES || !NO_DES3 */ +#endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */ static const char* GetHashTypeStr(int hash) { switch (hash) { @@ -197,6 +205,7 @@ static const char* GetHashTypeStr(int hash) case WC_HASH_TYPE_SHA3_512: return "SHA3-512"; case WC_HASH_TYPE_BLAKE2B: return "Blake2B"; case WC_HASH_TYPE_BLAKE2S: return "Blake2S"; + case WC_HASH_TYPE_SM3: return "SM3"; } return NULL; } @@ -274,16 +283,17 @@ void wc_CryptoCb_InfoString(wc_CryptoInfo* info) GetPkTypeStr(info->pk.type), info->pk.type); } } -#if !defined(NO_AES) || !defined(NO_DES3) +#if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4) else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { printf("Crypto CB: %s %s (%d) (%p ctx)\n", GetAlgoTypeStr(info->algo_type), GetCipherTypeStr(info->cipher.type), info->cipher.type, (void*)info->cipher.ctx); } -#endif /* !NO_AES || !NO_DES3 */ +#endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */ #if !defined(NO_SHA) || !defined(NO_SHA256) || \ - defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA3) + defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) || \ + defined(WOLFSSL_SHA3) || defined(WOLFSSL_SM3) else if (info->algo_type == WC_ALGO_TYPE_HASH) { printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), @@ -1007,6 +1017,93 @@ int wc_CryptoCb_EccCheckPubKey(ecc_key* key, int checkOrder, int checkPriv) #endif /* HAVE_ECC_CHECK_KEY */ #endif /* HAVE_ECC */ +#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM_CRYPTOCB) +int wc_CryptoCb_Sm2Sign(const byte* in, word32 inlen, byte* out, + word32* outlen, WC_RNG* rng, ecc_key* key) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_SM2_SIGN; + cryptoInfo.pk.sm2sign.in = in; + cryptoInfo.pk.sm2sign.inlen = inlen; + cryptoInfo.pk.sm2sign.out = out; + cryptoInfo.pk.sm2sign.outlen = outlen; + cryptoInfo.pk.sm2sign.rng = rng; + cryptoInfo.pk.sm2sign.key = key; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Sm2Verify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_SM2_VERIFY; + cryptoInfo.pk.sm2verify.sig = sig; + cryptoInfo.pk.sm2verify.siglen = siglen; + cryptoInfo.pk.sm2verify.hash = hash; + cryptoInfo.pk.sm2verify.hashlen = hashlen; + cryptoInfo.pk.sm2verify.res = res; + cryptoInfo.pk.sm2verify.key = key; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Sm2SharedSecret(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + if (private_key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(private_key->devId, WC_ALGO_TYPE_PK); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_SM2_SHARED_SECRET; + cryptoInfo.pk.sm2dh.private_key = private_key; + cryptoInfo.pk.sm2dh.public_key = public_key; + cryptoInfo.pk.sm2dh.out = out; + cryptoInfo.pk.sm2dh.outlen = outlen; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SM2 && WOLFSSL_SM_CRYPTOCB */ + #ifdef HAVE_CURVE25519 int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize, curve25519_key* key) @@ -2032,6 +2129,342 @@ int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out, } #endif /* !NO_DES3 */ +#if defined(WOLFSSL_SM4) && defined(WOLFSSL_SM_CRYPTOCB) +#ifdef WOLFSSL_SM4_GCM +int wc_CryptoCb_Sm4GcmEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_GCM; + cryptoInfo.cipher.enc = 1; + cryptoInfo.cipher.sm4gcm_enc.sm4 = sm4; + cryptoInfo.cipher.sm4gcm_enc.out = out; + cryptoInfo.cipher.sm4gcm_enc.in = in; + cryptoInfo.cipher.sm4gcm_enc.sz = sz; + cryptoInfo.cipher.sm4gcm_enc.nonce = nonce; + cryptoInfo.cipher.sm4gcm_enc.nonceSz = nonceSz; + cryptoInfo.cipher.sm4gcm_enc.authTag = authTag; + cryptoInfo.cipher.sm4gcm_enc.authTagSz = authTagSz; + cryptoInfo.cipher.sm4gcm_enc.authIn = authIn; + cryptoInfo.cipher.sm4gcm_enc.authInSz = authInSz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Sm4GcmDecrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_GCM; + cryptoInfo.cipher.enc = 0; + cryptoInfo.cipher.sm4gcm_dec.sm4 = sm4; + cryptoInfo.cipher.sm4gcm_dec.out = out; + cryptoInfo.cipher.sm4gcm_dec.in = in; + cryptoInfo.cipher.sm4gcm_dec.sz = sz; + cryptoInfo.cipher.sm4gcm_dec.nonce = nonce; + cryptoInfo.cipher.sm4gcm_dec.nonceSz = nonceSz; + cryptoInfo.cipher.sm4gcm_dec.authTag = authTag; + cryptoInfo.cipher.sm4gcm_dec.authTagSz = authTagSz; + cryptoInfo.cipher.sm4gcm_dec.authIn = authIn; + cryptoInfo.cipher.sm4gcm_dec.authInSz = authInSz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SM4_GCM */ + +#ifdef WOLFSSL_SM4_CCM +int wc_CryptoCb_Sm4CcmEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_CCM; + cryptoInfo.cipher.enc = 1; + cryptoInfo.cipher.sm4ccm_enc.sm4 = sm4; + cryptoInfo.cipher.sm4ccm_enc.out = out; + cryptoInfo.cipher.sm4ccm_enc.in = in; + cryptoInfo.cipher.sm4ccm_enc.sz = sz; + cryptoInfo.cipher.sm4ccm_enc.nonce = nonce; + cryptoInfo.cipher.sm4ccm_enc.nonceSz = nonceSz; + cryptoInfo.cipher.sm4ccm_enc.authTag = authTag; + cryptoInfo.cipher.sm4ccm_enc.authTagSz = authTagSz; + cryptoInfo.cipher.sm4ccm_enc.authIn = authIn; + cryptoInfo.cipher.sm4ccm_enc.authInSz = authInSz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Sm4CcmDecrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_CCM; + cryptoInfo.cipher.enc = 0; + cryptoInfo.cipher.sm4ccm_dec.sm4 = sm4; + cryptoInfo.cipher.sm4ccm_dec.out = out; + cryptoInfo.cipher.sm4ccm_dec.in = in; + cryptoInfo.cipher.sm4ccm_dec.sz = sz; + cryptoInfo.cipher.sm4ccm_dec.nonce = nonce; + cryptoInfo.cipher.sm4ccm_dec.nonceSz = nonceSz; + cryptoInfo.cipher.sm4ccm_dec.authTag = authTag; + cryptoInfo.cipher.sm4ccm_dec.authTagSz = authTagSz; + cryptoInfo.cipher.sm4ccm_dec.authIn = authIn; + cryptoInfo.cipher.sm4ccm_dec.authInSz = authInSz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SM4_CCM */ + +#ifdef WOLFSSL_SM4_CBC +int wc_CryptoCb_Sm4CbcEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_CBC; + cryptoInfo.cipher.enc = 1; + cryptoInfo.cipher.sm4cbc.sm4 = sm4; + cryptoInfo.cipher.sm4cbc.out = out; + cryptoInfo.cipher.sm4cbc.in = in; + cryptoInfo.cipher.sm4cbc.sz = sz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Sm4CbcDecrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_CBC; + cryptoInfo.cipher.enc = 0; + cryptoInfo.cipher.sm4cbc.sm4 = sm4; + cryptoInfo.cipher.sm4cbc.out = out; + cryptoInfo.cipher.sm4cbc.in = in; + cryptoInfo.cipher.sm4cbc.sz = sz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SM4_CBC */ + +#ifdef WOLFSSL_SM4_CTR +int wc_CryptoCb_Sm4CtrEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_CTR; + cryptoInfo.cipher.enc = 1; + cryptoInfo.cipher.sm4ctr.sm4 = sm4; + cryptoInfo.cipher.sm4ctr.out = out; + cryptoInfo.cipher.sm4ctr.in = in; + cryptoInfo.cipher.sm4ctr.sz = sz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SM4_CTR */ + +#ifdef WOLFSSL_SM4_ECB +int wc_CryptoCb_Sm4EcbEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_ECB; + cryptoInfo.cipher.enc = 1; + cryptoInfo.cipher.sm4ecb.sm4 = sm4; + cryptoInfo.cipher.sm4ecb.out = out; + cryptoInfo.cipher.sm4ecb.in = in; + cryptoInfo.cipher.sm4ecb.sz = sz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} + +int wc_CryptoCb_Sm4EcbDecrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm4) { + dev = wc_CryptoCb_FindDevice(sm4->devId, WC_ALGO_TYPE_CIPHER); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_SM4_ECB; + cryptoInfo.cipher.enc = 0; + cryptoInfo.cipher.sm4ecb.sm4 = sm4; + cryptoInfo.cipher.sm4ecb.out = out; + cryptoInfo.cipher.sm4ecb.in = in; + cryptoInfo.cipher.sm4ecb.sz = sz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SM4_ECB */ +#endif /* WOLFSSL_SM4 && WOLFSSL_SM_CRYPTOCB */ + #ifndef NO_SHA int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, byte* digest) @@ -2382,6 +2815,39 @@ int wc_CryptoCb_Shake(wc_Sha3* shake, int type, const byte* in, #endif /* WOLFSSL_SHAKE128 || WOLFSSL_SHAKE256 */ #endif /* WOLFSSL_SHA3 && (!HAVE_FIPS || FIPS_VERSION_GE(6, 0)) */ +#if defined(WOLFSSL_SM3) && defined(WOLFSSL_SM_CRYPTOCB) +int wc_CryptoCb_Sm3Hash(wc_Sm3* sm3, const byte* in, + word32 inSz, byte* digest) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + if (sm3) { + dev = wc_CryptoCb_FindDevice(sm3->devId, WC_ALGO_TYPE_HASH); + } + else { + /* locate first callback and try using it */ + dev = wc_CryptoCb_FindDeviceByIndex(0); + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_HASH; + cryptoInfo.hash.type = WC_HASH_TYPE_SM3; + cryptoInfo.hash.sm3 = sm3; + cryptoInfo.hash.in = in; + cryptoInfo.hash.inSz = inSz; + cryptoInfo.hash.digest = digest; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLFSSL_SM3 && WOLFSSL_SM_CRYPTOCB */ + #ifndef NO_HMAC int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, byte* digest) diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h index 3cf13abfeb..2c0a20c73c 100644 --- a/wolfssl/wolfcrypt/cryptocb.h +++ b/wolfssl/wolfcrypt/cryptocb.h @@ -95,6 +95,21 @@ #if defined(WOLFSSL_HAVE_XMSS) #include #endif +#ifdef WOLFSSL_SM2 + #include +#endif +#ifdef WOLFSSL_SM3 + #include +#endif +#ifdef WOLFSSL_SM4 + #include +#endif + +/* Advertises SM dispatch support to the SM implementation sources. The SM + * code below also requires WOLFSSL_SM_CRYPTOCB, defined by SM implementation + * headers whose contexts carry a devId, so this header stays compatible with + * older SM implementations. */ +#define WOLF_CRYPTO_CB_HAVE_SM #ifdef WOLF_CRYPTO_CB_CMD @@ -141,6 +156,35 @@ typedef struct { } wc_CryptoCb_AesAuthDec; #endif +#if defined(WOLFSSL_SM_CRYPTOCB) && \ + (defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)) +/* GCM and CCM both pass the IV through nonce/nonceSz. */ +typedef struct { + wc_Sm4* sm4; + byte* out; + const byte* in; + word32 sz; + const byte* nonce; + word32 nonceSz; + byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; +} wc_CryptoCb_Sm4AuthEnc; +typedef struct { + wc_Sm4* sm4; + byte* out; + const byte* in; + word32 sz; + const byte* nonce; + word32 nonceSz; + const byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; +} wc_CryptoCb_Sm4AuthDec; +#endif + #ifdef WOLF_CRYPTO_CB_SETKEY enum wc_SetKeyType { WC_SETKEY_NONE = 0, @@ -265,6 +309,30 @@ typedef struct wc_CryptoInfo { } ecc_check_pub; /* distinct from ecc_check (priv-key cmp) */ #endif #endif /* HAVE_ECC */ + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM_CRYPTOCB) + struct { + const byte* in; + word32 inlen; + byte* out; + word32* outlen; + WC_RNG* rng; + ecc_key* key; + } sm2sign; + struct { + const byte* sig; + word32 siglen; + const byte* hash; + word32 hashlen; + int* res; + ecc_key* key; + } sm2verify; + struct { + ecc_key* private_key; + ecc_key* public_key; + byte* out; + word32* outlen; + } sm2dh; + #endif /* WOLFSSL_SM2 && WOLFSSL_SM_CRYPTOCB */ #ifdef HAVE_CURVE25519 struct { WC_RNG* rng; @@ -406,7 +474,7 @@ typedef struct wc_CryptoInfo { }; #endif } pk; -#if !defined(NO_AES) || !defined(NO_DES3) +#if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4) struct { int type; /* enum wc_CipherType */ int enc; @@ -461,14 +529,49 @@ typedef struct wc_CryptoInfo { word32 keySz; } aessetkey; #endif + #ifdef WOLFSSL_SM_CRYPTOCB + #ifdef WOLFSSL_SM4_GCM + wc_CryptoCb_Sm4AuthEnc sm4gcm_enc; + wc_CryptoCb_Sm4AuthDec sm4gcm_dec; + #endif /* WOLFSSL_SM4_GCM */ + #ifdef WOLFSSL_SM4_CCM + wc_CryptoCb_Sm4AuthEnc sm4ccm_enc; + wc_CryptoCb_Sm4AuthDec sm4ccm_dec; + #endif /* WOLFSSL_SM4_CCM */ + #ifdef WOLFSSL_SM4_CBC + struct { + wc_Sm4* sm4; + byte* out; + const byte* in; + word32 sz; + } sm4cbc; + #endif /* WOLFSSL_SM4_CBC */ + #ifdef WOLFSSL_SM4_CTR + struct { + wc_Sm4* sm4; + byte* out; + const byte* in; + word32 sz; + } sm4ctr; + #endif /* WOLFSSL_SM4_CTR */ + #ifdef WOLFSSL_SM4_ECB + struct { + wc_Sm4* sm4; + byte* out; + const byte* in; + word32 sz; + } sm4ecb; + #endif /* WOLFSSL_SM4_ECB */ + #endif /* WOLFSSL_SM_CRYPTOCB */ void* ctx; #ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES }; #endif } cipher; -#endif /* !NO_AES || !NO_DES3 */ +#endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */ #if !defined(NO_SHA) || !defined(NO_SHA256) || \ - defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3) + defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) || \ + defined(WOLFSSL_SHA3) || defined(WOLFSSL_SM3) struct { int type; /* enum wc_HashType */ const byte* in; @@ -495,13 +598,16 @@ typedef struct wc_CryptoInfo { #endif #ifdef WOLFSSL_SHA3 wc_Sha3* sha3; + #endif + #if defined(WOLFSSL_SM3) && defined(WOLFSSL_SM_CRYPTOCB) + wc_Sm3* sm3; #endif void* ctx; #ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES }; #endif } hash; -#endif /* !NO_SHA || !NO_SHA256 */ +#endif /* !NO_SHA || !NO_SHA256 || SHA384 || SHA512 || SHA3 || SM3 */ #ifndef NO_HMAC struct { int macType; /* enum wc_HashType */ @@ -775,6 +881,17 @@ WOLFSSL_LOCAL int wc_CryptoCb_EccCheckPubKey(ecc_key* key, int checkOrder, #endif #endif /* HAVE_ECC */ +#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM_CRYPTOCB) +WOLFSSL_LOCAL int wc_CryptoCb_Sm2Sign(const byte* in, word32 inlen, byte* out, + word32* outlen, WC_RNG* rng, ecc_key* key); + +WOLFSSL_LOCAL int wc_CryptoCb_Sm2Verify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key); + +WOLFSSL_LOCAL int wc_CryptoCb_Sm2SharedSecret(ecc_key* private_key, + ecc_key* public_key, byte* out, word32* outlen); +#endif /* WOLFSSL_SM2 && WOLFSSL_SM_CRYPTOCB */ + #ifdef HAVE_CURVE25519 WOLFSSL_LOCAL int wc_CryptoCb_Curve25519Gen(WC_RNG* rng, int keySize, curve25519_key* key); @@ -895,6 +1012,51 @@ WOLFSSL_LOCAL int wc_CryptoCb_Des3Decrypt(Des3* des3, byte* out, const byte* in, word32 sz); #endif /* !NO_DES3 */ +#if defined(WOLFSSL_SM4) && defined(WOLFSSL_SM_CRYPTOCB) +#ifdef WOLFSSL_SM4_GCM +WOLFSSL_LOCAL int wc_CryptoCb_Sm4GcmEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + +WOLFSSL_LOCAL int wc_CryptoCb_Sm4GcmDecrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* WOLFSSL_SM4_GCM */ +#ifdef WOLFSSL_SM4_CCM +WOLFSSL_LOCAL int wc_CryptoCb_Sm4CcmEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + +WOLFSSL_LOCAL int wc_CryptoCb_Sm4CcmDecrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz, + const byte* nonce, word32 nonceSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* WOLFSSL_SM4_CCM */ +#ifdef WOLFSSL_SM4_CBC +WOLFSSL_LOCAL int wc_CryptoCb_Sm4CbcEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz); +WOLFSSL_LOCAL int wc_CryptoCb_Sm4CbcDecrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz); +#endif /* WOLFSSL_SM4_CBC */ +#ifdef WOLFSSL_SM4_CTR +WOLFSSL_LOCAL int wc_CryptoCb_Sm4CtrEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz); +#endif /* WOLFSSL_SM4_CTR */ +#ifdef WOLFSSL_SM4_ECB +WOLFSSL_LOCAL int wc_CryptoCb_Sm4EcbEncrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz); +WOLFSSL_LOCAL int wc_CryptoCb_Sm4EcbDecrypt(wc_Sm4* sm4, byte* out, + const byte* in, word32 sz); +#endif /* WOLFSSL_SM4_ECB */ +#endif /* WOLFSSL_SM4 && WOLFSSL_SM_CRYPTOCB */ + #ifndef NO_SHA WOLFSSL_LOCAL int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in, word32 inSz, byte* digest); @@ -932,6 +1094,11 @@ WOLFSSL_LOCAL int wc_CryptoCb_Shake(wc_Sha3* shake, int type, const byte* in, #endif #endif +#if defined(WOLFSSL_SM3) && defined(WOLFSSL_SM_CRYPTOCB) +WOLFSSL_LOCAL int wc_CryptoCb_Sm3Hash(wc_Sm3* sm3, const byte* in, + word32 inSz, byte* digest); +#endif /* WOLFSSL_SM3 && WOLFSSL_SM_CRYPTOCB */ + #ifndef NO_HMAC WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in, word32 inSz, byte* digest); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index cdbc989a36..2997e32858 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1539,8 +1539,13 @@ enum wc_CipherType { WC_CIPHER_DES3 = 7, WC_CIPHER_DES = 8, WC_CIPHER_CHACHA = 9, + WC_CIPHER_SM4_ECB = 14, + WC_CIPHER_SM4_CBC = 15, + WC_CIPHER_SM4_CTR = 16, + WC_CIPHER_SM4_GCM = 17, + WC_CIPHER_SM4_CCM = 18, - WC_CIPHER_MAX = WC_CIPHER_AES_CCM + WC_CIPHER_MAX = WC_CIPHER_SM4_CCM }; /* PK=public key (asymmetric) based algorithms */ @@ -1597,8 +1602,11 @@ enum wc_PkType { #endif WC_PK_TYPE_EC_MAKE_PUB = 34, WC_PK_TYPE_EC_CHECK_PUB_KEY = 35, + WC_PK_TYPE_SM2_SIGN = 36, + WC_PK_TYPE_SM2_VERIFY = 37, + WC_PK_TYPE_SM2_SHARED_SECRET = 38, #undef _WC_PK_TYPE_MAX - #define _WC_PK_TYPE_MAX WC_PK_TYPE_EC_CHECK_PUB_KEY + #define _WC_PK_TYPE_MAX WC_PK_TYPE_SM2_SHARED_SECRET WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX };