Add more SM4 test vectors

SM4 pass openssl and other known test vectors. SM4-GCM and SM4-XTS only support the GB/T GF(2^128) encoding standard.

CMakeLists.txt

@@ -131,6 +131,8 @@ set(tools
 
 set(tests
 	sm4
+	sm4_cbc
+	sm4_ctr
 	sm3
 	sm4_sm3_hmac
 	sm2_z256

include/gmssl/ec.h

@@ -16,6 +16,7 @@
 #include <string.h>
 #include <stdint.h>
 #include <stdlib.h>
+#include <gmssl/api.h>
 #include <gmssl/sm2.h>
 #include <gmssl/oid.h>
 #include <gmssl/asn1.h>
@@ -56,7 +57,7 @@ enum {
 	EC_private_key_version = 1,
 };
 
-int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+_gmssl_export int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 #ifdef __cplusplus
 }

include/gmssl/sm4.h

@@ -175,8 +175,13 @@ _gmssl_export int sm4_ofb_encrypt_finish(SM4_OFB_CTX *ctx, uint8_t *out, size_t
 
 
 #ifdef ENABLE_SM4_CFB
-#define SM4_CFB_MIN_SBYTES 1
-#define SM4_CFB_MAX_SBYTES 16
+#define SM4_CFB_MIN_SBYTES 	1
+#define SM4_CFB_MAX_SBYTES	16
+
+// pre-defined values for `sbytes`
+#define SM4_CFB_8		1
+#define SM4_CFB_64		8
+#define SM4_CFB_128		16
 
 // always call `sm4_set_encrypt_key` before encrypt/decrypt
 // `sm4_cfb_encrypt/decrypt` will change the param `iv`

include/gmssl/sm9.h

@@ -75,35 +75,35 @@ typedef struct {
 	SM9_Z256_POINT ds;
 } SM9_SIGN_KEY;
 
-int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master);
-int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key);
+_gmssl_export int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master);
+_gmssl_export int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key);
 
 // algorthm,parameters = sm9,sm9sign
 #define SM9_SIGN_MASTER_KEY_MAX_SIZE 171
 int sm9_sign_master_key_to_der(const SM9_SIGN_MASTER_KEY *msk, uint8_t **out, size_t *outlen);
 int sm9_sign_master_key_from_der(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, size_t *inlen);
-int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen);
-int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen);
-int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
-int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
-int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk);
+_gmssl_export int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen);
+_gmssl_export int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen);
+_gmssl_export int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
+_gmssl_export int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
+_gmssl_export int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk);
 
 #define SM9_SIGN_MASTER_PUBLIC_KEY_SIZE 136
-int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
-int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
-int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
-int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
-int sm9_sign_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *mpk);
+_gmssl_export int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
+_gmssl_export int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
+_gmssl_export int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
+_gmssl_export int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
+_gmssl_export int sm9_sign_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *mpk);
 
 // algorithm,parameters = sm9sign,<null>
 #define SM9_SIGN_KEY_SIZE 204
 int sm9_sign_key_to_der(const SM9_SIGN_KEY *key, uint8_t **out, size_t *outlen);
 int sm9_sign_key_from_der(SM9_SIGN_KEY *key, const uint8_t **in, size_t *inlen);
-int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen);
-int sm9_sign_key_info_decrypt_from_der(SM9_SIGN_KEY *key, const char *pass, const uint8_t **in, size_t *inlen);
-int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp);
-int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp);
-int sm9_sign_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_KEY *key);
+_gmssl_export int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen);
+_gmssl_export int sm9_sign_key_info_decrypt_from_der(SM9_SIGN_KEY *key, const char *pass, const uint8_t **in, size_t *inlen);
+_gmssl_export int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp);
+_gmssl_export int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp);
+_gmssl_export int sm9_sign_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_KEY *key);
 
 /*
 from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification
@@ -122,18 +122,18 @@ int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen,
 #define SM9_SIGNATURE_SIZE 104
 int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen);
 int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
-int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
+_gmssl_export int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
 
 typedef struct {
 	SM3_CTX sm3_ctx;
 } SM9_SIGN_CTX;
 
-int sm9_sign_init(SM9_SIGN_CTX *ctx);
-int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
-int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, size_t *siglen);
-int sm9_verify_init(SM9_SIGN_CTX *ctx);
-int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
-int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen,
+_gmssl_export int sm9_sign_init(SM9_SIGN_CTX *ctx);
+_gmssl_export int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
+_gmssl_export int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, size_t *siglen);
+_gmssl_export int sm9_verify_init(SM9_SIGN_CTX *ctx);
+_gmssl_export int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
+_gmssl_export int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen,
 	const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen);
 
 
@@ -161,35 +161,35 @@ typedef struct {
 	SM9_Z256_TWIST_POINT de;
 } SM9_ENC_KEY;
 
-int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master);
-int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key);
+_gmssl_export int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master);
+_gmssl_export int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key);
 
 // algorithm,parameters = sm9,sm9encrypt
 #define SM9_ENC_MASTER_KEY_MAX_SIZE 105
 int sm9_enc_master_key_to_der(const SM9_ENC_MASTER_KEY *msk, uint8_t **out, size_t *outlen);
 int sm9_enc_master_key_from_der(SM9_ENC_MASTER_KEY *msk, const uint8_t **in, size_t *inlen);
-int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen);
-int sm9_enc_master_key_info_decrypt_from_der(SM9_ENC_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen);
-int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
-int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
-int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk);
+_gmssl_export int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen);
+_gmssl_export int sm9_enc_master_key_info_decrypt_from_der(SM9_ENC_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen);
+_gmssl_export int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
+_gmssl_export int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
+_gmssl_export int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk);
 
 #define SM9_ENC_MASTER_PUBLIC_KEY_SIZE 70
-int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
-int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
-int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp);
-int sm9_enc_master_public_key_from_pem(SM9_ENC_MASTER_KEY *mpk, FILE *fp);
-int sm9_enc_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *mpk);
+_gmssl_export int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
+_gmssl_export int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
+_gmssl_export int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp);
+_gmssl_export int sm9_enc_master_public_key_from_pem(SM9_ENC_MASTER_KEY *mpk, FILE *fp);
+_gmssl_export int sm9_enc_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *mpk);
 
 // algorithm,parameters = sm9encrypt,<null>
 #define SM9_ENC_KEY_SIZE 204
 int sm9_enc_key_to_der(const SM9_ENC_KEY *key, uint8_t **out, size_t *outlen);
 int sm9_enc_key_from_der(SM9_ENC_KEY *key, const uint8_t **in, size_t *inlen);
-int sm9_enc_key_info_encrypt_to_der(const SM9_ENC_KEY *key, const char *pass, uint8_t **out, size_t *outlen);
-int sm9_enc_key_info_decrypt_from_der(SM9_ENC_KEY *key, const char *pass, const uint8_t **in, size_t *inlen);
-int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp);
-int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp);
-int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_KEY *key);
+_gmssl_export int sm9_enc_key_info_encrypt_to_der(const SM9_ENC_KEY *key, const char *pass, uint8_t **out, size_t *outlen);
+_gmssl_export int sm9_enc_key_info_decrypt_from_der(SM9_ENC_KEY *key, const char *pass, const uint8_t **in, size_t *inlen);
+_gmssl_export int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp);
+_gmssl_export int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp);
+_gmssl_export int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_KEY *key);
 
 #define SM9_MAX_PRIVATE_KEY_SIZE (SM9_SIGN_KEY_SIZE) // MAX(SIGN_MASTER_KEY, SIGN_KEY, ENC_MASTER_KEY, ENC_KEY)
 #define SM9_MAX_PRIVATE_KEY_INFO_SIZE 512
@@ -217,10 +217,10 @@ int sm9_ciphertext_to_der(const SM9_Z256_POINT *C1, const uint8_t *c2, size_t c2
 	const uint8_t c3[SM3_HMAC_SIZE], uint8_t **out, size_t *outlen);
 int sm9_ciphertext_from_der(SM9_Z256_POINT *C1, const uint8_t **c2, size_t *c2len,
 	const uint8_t **c3, const uint8_t **in, size_t *inlen);
-int sm9_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
-int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
+_gmssl_export int sm9_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
+_gmssl_export int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen,
+_gmssl_export int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen,
 	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 
 

src/sm2_key.c

@@ -356,7 +356,6 @@ int sm2_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, co
 	return -1;
 }
 
-#ifdef ENABLE_SM2_PRIVATE_KEY_EXPORT
 int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp)
 {
 	int ret = -1;
@@ -405,7 +404,6 @@ int sm2_private_key_info_from_pem(SM2_KEY *sm2_key, FILE *fp)
 	}
 	return 1;
 }
-#endif
 
 int sm2_public_key_info_to_der(const SM2_KEY *pub_key, uint8_t **out, size_t *outlen)
 {
@@ -440,8 +438,6 @@ int sm2_public_key_info_from_der(SM2_KEY *pub_key, const uint8_t **in, size_t *i
 	return 1;
 }
 
-#ifdef ENABLE_SM2_PRIVATE_KEY_EXPORT
-
 // FIXME: side-channel of Base64
 int sm2_private_key_to_pem(const SM2_KEY *a, FILE *fp)
 {
@@ -477,7 +473,6 @@ int sm2_private_key_from_pem(SM2_KEY *a, FILE *fp)
 	}
 	return 1;
 }
-#endif
 
 int sm2_public_key_info_to_pem(const SM2_KEY *a, FILE *fp)
 {

src/sm4_xts.c

@@ -92,7 +92,7 @@ int sm4_xts_decrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t twea
 
 	for (i = 0; i < nblocks - 2; i++) {
 		gmssl_memxor(block, in, T, 16);
-		sm4_decrypt(key1, block, block);
+		sm4_encrypt(key1, block, block);
 		gmssl_memxor(out, block, T, 16);
 
 		gf128_from_bytes(a, T);
@@ -106,7 +106,7 @@ int sm4_xts_decrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t twea
 
 	if (inlen % 16 == 0) {
 		gmssl_memxor(block, in, T, 16);
-		sm4_decrypt(key1, block, block);
+		sm4_encrypt(key1, block, block);
 		gmssl_memxor(out, block, T, 16);
 
 	} else  {
@@ -117,7 +117,7 @@ int sm4_xts_decrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t twea
 		gf128_to_bytes(a, T1);
 
 		gmssl_memxor(block, in, T1, 16);
-		sm4_decrypt(key1, block, block);
+		sm4_encrypt(key1, block, block);
 		gmssl_memxor(block, block, T1, 16);
 
 		in += 16;
@@ -127,7 +127,7 @@ int sm4_xts_decrypt(const SM4_KEY *key1, const SM4_KEY *key2, const uint8_t twea
 		memcpy(block, in, inlen);
 
 		gmssl_memxor(block, block, T, 16);
-		sm4_decrypt(key1, block, block);
+		sm4_encrypt(key1, block, block);
 		gmssl_memxor(out, block, T, 16);
 	}
 

tests/rdrandtest.c

@@ -0,0 +1,63 @@
+/*
+ *  Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/rdrand.h>
+#include <gmssl/error.h>
+
+
+int test_rdrand(void)
+{
+	const uint8_t zeros[32] = {0};
+	uint8_t buf[32] = {0};
+
+	if (rdrand_bytes(buf, sizeof(buf)) != 1) {
+		error_print();
+		return -1;
+	}
+	if (memcmp(buf, zeros, sizeof(zeros)) == 0) {
+		error_print();
+		return -1;
+	}
+
+	printf("%s() ok\n", __FUNCTION__);
+	return 1;
+}
+
+int test_rdseed(void)
+{
+	const uint8_t zeros[32] = {0};
+	uint8_t buf[32] = {0};
+
+	if (rdseed_bytes(buf, sizeof(buf)) != 1) {
+		error_print();
+		return -1;
+	}
+	if (memcmp(buf, zeros, sizeof(zeros)) == 0) {
+		error_print();
+		return -1;
+	}
+
+	printf("%s() ok\n", __FUNCTION__);
+	return 1;
+}
+
+int main(void)
+{
+	if (test_rdrand() != 1) goto err;
+	if (test_rdseed() != 1) goto err;
+	printf("%s all tests passed\n", __FILE__);
+	return 0;
+err:
+	error_print();
+	return 1;
+}