SSF33分组密码
SM1分组密码和SSF33分组密码均为国密分组密码标标准,SM1和SSF33的密钥长度和分组长度均为128比特。
目前这两个分组密码标准的算法尚未公开,其实现仅可以通过硬件芯片的方式获得,目前很多国产密码设备均包含这两个分组密码的硬件实现,由国家密码管理局制定的《智能IC卡及智能密码钥匙密码应用接口规范》中包含了对SM1分组密码的ECB、CBC、CFB、OFB加密模式和CBC-MAC的算法定义。
GmSSL提供了SM1和SSF33分组密码各种工作模式的定义,但并未包含其软件实现。在调用SM1或SSF33的功能时,需要接入支持相应算法的硬件密码设备。GmSSL通过内置的ENGINE访问支持《智能IC卡及智能密码钥匙密码应用接口规范》的密码硬件,因此原则上可以支持所有提供该接口的国密硬件。
通过ENGINE调用SSF33分组密码
/* load engine with SSF33 support */
ENGINE *engine = ENGINE_by_id("sdf");
if (engine == NULL) goto err;
/* load ssf33-cbc cipher from engine */
const EVP_CIPHER *cipher = ENGINE_get_cipher(engine, NID_ssf33_cbc);
if (cipher == NULL) goto err;
/* encrypt with ssf33-cbc implemented with engine */
EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
if (cctx == NULL) goto err;
if (1 != EVP_EncryptInit_ex(cctx, cipher, engine, key, iv)) goto err;
if (1 != EVP_EncryptUpdate(cctx, ...)) goto err;
if (1 != EVP_EncryptFinal_ex(cctx, ...)) goto err;
SM1测试数据:
测试数据
SSF33-ECB
unsigned char ssf33_test_key[16] = {
0x67,0xbe,0x03,0x7c,0x41,0x96,0x6d,0xdb,0x8c,0x36,0x27,0x48,0x5a,0x05,0x93,0xa5
};
unsigned char ssf33_test_plaintext[16] = {
0xa9,0x37,0x07,0x49,0xfc,0x06,0xaf,0xe6,0x4e,0x30,0x68,0x01,0xd2,0x31,0xb3,0xac
};
unsigned char ssf33_test_ciphertext[16] = {
0x9a,0xb7,0x1c,0xcc,0x22,0x7e,0x9e,0x58,0x7a,0xa0,0xe6,0xcf,0x49,0x08,0x5d,0x1f
};
SSF33-CBC
unsigned char ssf33_cbc_test_key[16] = {
0x40,0xbb,0x12,0xdd,0x6a,0x82,0x73,0x86,0x7f,0x35,0x29,0xd3,0x54,0xb4,0xa0,0x26,
};
unsigned char ssf33_cbc_test_iv[16] = {
0xe8,0x3d,0x17,0x15,0xac,0xf3,0x48,0x63,0xac,0xeb,0x93,0xe0,0xe5,0xab,0x8b,0x90,
};
unsigned char ssf33_cbc_test_plaintext[32] = {
0xff,0xee,0xdd,0xcc,0xbb,0xaa,0x99,0x88,0x77,0x66,0x55,0x44,0x33,0x22,0x11,0x00,
0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff
};
unsigned char ssf33_cbc_test_ciphertext[32] = {
0xfd,0x3e,0x17,0xf4,0xde,0x33,0xe2,0x96,0xf9,0x9e,0x37,0x92,0x45,0x6b,0x76,0x2b,
0x9e,0xe7,0x13,0x44,0x5d,0x91,0x95,0xf6,0x4b,0x34,0x1b,0x3a,0xe7,0x5c,0x68,0x75
};