文章
YuHao Wan · 十一月 5 阅读大约需 7 分钟

Caché实现SM4分组密码算法

0. 算法概述

SM4算法是一种分组密码算法。其分组长度为128bit,密钥长度也为128bit。加密算法与密钥扩展算法均采用32轮非线性迭代结构,以字(32位)为单位进行加密运算,每一次迭代运算均为一轮变换函数F。SM4算法加/解密算法的结构相同,只是使用轮密钥相反,其中解密轮密钥是加密轮密钥的逆序。

1. 密钥及轮密钥

密钥长度为128比特,表示为MK=(MK(0),MK(1),MK(2),MK(3)),其中MKi(i=0,1,2,3)为字。
轮密钥表示为(rk(0),rk(1),...,rk(31)),其中rk(i)(i=0,...,31)为32比特字。轮密钥由秘钥生成。

密钥及轮密钥

2. 消息填充分组

首先,将明文转化为字节,由于SM4加密算法按照128个位进行分组,所以很大几率会出现最后一个分组不够128位的情况,需要进行填充,填充方式有很多,比如ZeroPadding、PKCS7Padding、PKCS5Padding,不管使用哪种方式,最后每个分组都是128位。每个分组按照32位一个字分成四个字。

ECB模式与CBC模式

  • ECB模式
    电子密码本模式,最古老,最简单的模式,将加密的数据分成若干组,每组的大小跟加密密钥相同。不足的部分进行填充。
    按照顺序将计算所得的数据连在一起即可,各段数据之间互不影响。

    优点:简单,有利于并行计算,误差不会被传递。

    缺点:不能隐藏明文的模式,可能对明文进行主动攻击。

  • CBC模式

    密文分组链接模式,也需要进行分组,不足的部分按照指定的数据进行填充。

    需要一个初始化向量,每个分组数据与上一个分组数据加密的结果进行异或运算,最后再进行加密。将所有分组加密的结果连接起来就形成了最终的结果。

    优点:不容易进行主动攻击,安全性好于ECB。

    缺点:不利于并行计算,误差传递,需要初始化向量。

三种填充方式的比较

某些加密算法要求明文需要按一定长度对齐,叫做块大小(BlockSize),比如16字节,那么对于一段任意的数据,加密前需要对最后一个块填充到16 字节,解密后需要删除掉填充的数据。

  • ZeroPadding,数据长度不对齐时使用0填充,否则不填充。

  • PKCS7Padding,假设数据长度需要填充n(n>0)个字节才对齐,那么填充n个字节,每个字节都是n;如果数据本身就已经对齐了,则填充一块长度为块大小的数据,每个字节都是块大小。

  • PKCS5Padding,PKCS7Padding的子集,块大小固定为8字节。

由于使用PKCS7Padding/PKCS5Padding填充时,最后一个字节肯定为填充数据的长度,所以在解密后可以准确删除填充的数据,而使用ZeroPadding填充时,没办法区分真实数据与填充数据,所以只适合以\0结尾的字符串加解密。

3. 迭代运算

本加解密算法由32次迭代运算和1次反序变换R组成。

迭代运算

3.1 轮函数F和合成置换T

轮函数和合成置换T

4. Caché实现

/// SM4算法是一种分组密码算法。其分组长度为128bit,密钥长度也为128bit。
/// 加密算法与密钥扩展算法均采用32轮非线性迭代结构,以字(32位)为单位进行加密运算,每一次迭代运算均为一轮变换函数F。
/// SM4算法加/解密算法的结构相同,只是使用轮密钥相反,其中解密轮密钥是加密轮密钥的逆序。
/// 本方法适用于 ECB模式,ZeroPadding填充模式
Class Utility.SM4 Extends %RegisteredObject
{

/// Creator:    wyh
/// CreatDate:  2022-11-03
/// Description:SM4加密
/// Input:       msg:原文 mk:128位密钥
/// Output:     密文
/// Debug: w ##class(Utility.SM4).Encrypt("342622199009262982", "F2D8D966CD3D47788449C19D5EF2081B")
ClassMethod Encrypt(msg, mk)
{
#;  1. 密钥及轮密钥
#;  a) 密钥长度为128比特,表示为MK=(MK(0),MK(1),MK(2),MK(3)),其中MKi(i=0,1,2,3)为字
#;  b) 轮密钥表示为(rk(0),rk(1),...,rk(31)),其中rk(i)(i=0,...,31)为32比特字。轮密钥由密钥生成。
#;     密钥扩展算法:
#;     (K(0),K(1),K(2),K(3))=(MK(0)^FK(0),MK(1)^FK(1),MK(2)^FK(2),MK(3)^FK(3))
#;     rk(i)=K(i+4)=K(i)^T'(K(i+1)^K(i+2)^K(i+3)^CK(i)),i=0,1,...,31
#;     系统参数FK(0)=(A3B1BAC6),FK(1)=(56AA3350),FK(2)=(677D9197),FK(3)=(B27022DC)
#;     固定参数CK(i)(i=0,1,...,31)为:
#;     00070E15, 1C232A31, 383F464D, 545B6269, 
#;     70777E85, 8C939AA1, A8AfB6BD, C4CBD2D9, 
#;     E0E7EEF5, FC030A11, 181F262D, 343B4249, 
#;     50575E65, 6C737A81, 888F969D, A4ABB2B9, 
#;     C0C7CED5, DCE3EAF1, F8FF060D, 141B2229, 
#;     30373E45, 4C535A61, 686F767D, 848B9299, 
#;     A0A7AEb5, BCC3CAD1, D8DFE6ED, F4FB0209, 
#;     10171E25, 2C333A41, 484F565D, 646B7279.
    s mk = $zcvt(mk, "L")
    f i = 0 : 1 : 3 d
    .s MK(i) = $e(mk, 8 * i + 1, 8 * (i + 1))

    s FK = "a3b1bac656aa3350677d9197b27022dc"
    f i = 0 : 1 : 3 d
    .s FK(i) = $e(FK, 8 * i + 1, 8 * (i + 1))

    s CK = "00070e151c232a31383f464d545b626970777e858c939aa1a8afb6bdc4cbd2d9e0e7eef5fc030a11181f262d343b424950575e656c737a81888f969da4abb2b9c0c7ced5dce3eaf1f8ff060d141b222930373e454c535a61686f767d848b9299a0a7aeb5bcc3cad1d8dfe6edf4fb020910171e252c333a41484f565d646b7279"
    f i = 0 : 1 : 31 d
    .s CK(i) = $e(CK, 8 * i + 1, 8 * (i + 1))

    f i = 0 : 1 : 3 d
    .s K(i) = ..HexXOR(MK(i), FK(i))
    f i = 4 : 1 : 35 d
    .s K(i) = ..HexXOR(K(i - 4), ..T2(..HexXOR(..HexXOR(..HexXOR(K(i + 1 - 4), K(i + 2 - 4)),K(i + 3 - 4)), CK(i - 4))))

    f i = 0 : 1 : 31 d
    .s rk(i) = K(i + 4)

#;  2. 消息填充分组
#;  每组128位,每组再分X(0),X(1),X(2),X(3)作为明文输入.
    s hex = ..s2hex(msg)
    s len = $l(hex)/32
    s rtn = ""
    f i = 0 : 1 : len-1 d
    .k X
    .s M(i) = $e(hex, 32 * i + 1, 32 * (i + 1))
    .f j = 0 : 1 : 3 d
    ..s X(j) = $e(M(i), 8 * j + 1, 8 * (j + 1))

#;  3. 迭代运算,密文输出(Y(0),Y(1),Y(2),Y(3))
#;  a) 32次迭代运算
#;  X(i+4)=F(X(i),X(i+1),X(i+2),X(i+3),rk(i)),i=0,1,...,31
#;  F(X(i),X(i+1),X(i+2),X(i+3),rk(i))=X(i)^T(X(i+1)^X(i+2)^X(i+3)^rk(i)),i=0,1,...,31
#;  b)反序变换
#;  (Y(0),Y(1),Y(2),Y(3))=R(X(32),X(33),X(34),X(35))=(X(35),X(34),X(33),X(32))
    .f k = 0 : 1 : 31 d
    ..s X(k + 4) = ..HexXOR(X(k), ..T(..HexXOR(..HexXOR(..HexXOR(X(k + 1), X(k + 2)), X(k + 3)), rk(k))))
    .s rtn = rtn_X(35)_X(34)_X(33)_X(32)

    q rtn
}

/// Creator:    wyh
/// CreatDate:  2022-11-03
/// Description:SM4解密
/// 解密变换与加密变换结构相同,不同的仅是轮密钥的使用顺序,解密时使用轮密钥序(rk(31),rk(32),...,rk(0)).
/// Input:       hex:密文 mk:128位密钥
/// Output:     明文
/// Debug: w ##class(Utility.SM4).Decrypt("5efcbbfdb7a326b340295acb1c0e20fe2622730932bdb5302b5a4ee308944ecc", "F2D8D966CD3D47788449C19D5EF2081B")
ClassMethod Decrypt(hex, mk)
{
    s mk = $zcvt(mk, "L")
    f i = 0 : 1 : 3 d
    .s MK(i) = $e(mk, 8 * i + 1, 8 * (i + 1))

    s FK = "a3b1bac656aa3350677d9197b27022dc"
    f i = 0 : 1 : 3 d
    .s FK(i) = $e(FK, 8 * i + 1, 8 * (i + 1))

    s CK = "00070e151c232a31383f464d545b626970777e858c939aa1a8afb6bdc4cbd2d9e0e7eef5fc030a11181f262d343b424950575e656c737a81888f969da4abb2b9c0c7ced5dce3eaf1f8ff060d141b222930373e454c535a61686f767d848b9299a0a7aeb5bcc3cad1d8dfe6edf4fb020910171e252c333a41484f565d646b7279"
    f i = 0 : 1 : 31 d
    .s CK(i) = $e(CK, 8 * i + 1, 8 * (i + 1))

    f i = 0 : 1 : 3 d
    .s K(i) = ..HexXOR(MK(i), FK(i))
    f i = 4 : 1 : 35 d
    .s K(i) = ..HexXOR(K(i - 4), ..T2(..HexXOR(..HexXOR(..HexXOR(K(i + 1 - 4), K(i + 2 - 4)),K(i + 3 - 4)), CK(i - 4))))

    f i = 0 : 1 : 31 d
    .s rk(i) = K(35 - i)

    s len = $l(hex)/32
    s rtn = ""
    f i = 0 : 1 : len-1 d
    .k X
    .s M(i) = $e(hex, 32 * i + 1, 32 * (i + 1))
    .f j = 0 : 1 : 3 d
    ..s X(j) = $e(M(i), 8 * j + 1, 8 * (j + 1))

    .f k = 0 : 1 : 31 d
    ..s X(k + 4) = ..HexXOR(X(k), ..T(..HexXOR(..HexXOR(..HexXOR(X(k + 1), X(k + 2)), X(k + 3)), rk(k))))
    .s rtn = rtn_X(35)_X(34)_X(33)_X(32)

    q ..hex2str(rtn)
}

/// 非线性变换τ构成
/// τ由4个并行的S盒,设输入A=(a0,a1,a2,a3),输出为B=(b0,b1,b2,b3)
/// (b0,b1,b2,b3)=τ(A)=(Sbox(a0),Sbox(a1),Sbox(a2),Sbox(a3))
/// w ##class(Utility.SM4).tau("942600f0")
ClassMethod tau(a)
{
    f i = 0 : 1 : 7 d
    .s a(i) = $e(a, i + 1)

    s s(0) = "d690e9fecce13db716b614c228fb2c05"
    s s(1) = "2b679a762abe04c3aa44132649860699"
    s s(2) = "9c4250f491ef987a33540b43edcfac62"
    s s(3) = "e4b31ca9c908e89580df94fa758f3fa6"
    s s(4) = "4707a7fcf37317ba83593c19e6854fa8"
    s s(5) = "686b81b27164da8bf8eb0f4b70569d35"
    s s(6) = "1e240e5e6358d1a225227c3b01217887"
    s s(7) = "d40046579fd327524c3602e7a0c4c89e"
    s s(8) = "eabf8ad240c738b5a3f7f2cef96115a1"
    s s(9) = "e0ae5da49b341a55ad933230f58cb1e3"
    s s(10) = "1df6e22e8266ca60c02923ab0d534e6f"
    s s(11) = "d5db3745defd8e2f03ff6a726d6c5b51"
    s s(12) = "8d1baf92bbddbc7f11d95c411f105ad8"
    s s(13) = "0ac13188a5cd7bbd2d74d012b8e5b4b0"
    s s(14) = "8969974a0c96777e65b9f109c56ec684"
    s s(15) = "18f07dec3adc4d2079ee5f3ed7cb3948"

    f i = 0 : 1 : 15 d
    .f j = 0 : 1 : 15 d
    ..s s(i, j) = $e(s(i), 2 * j + 1, 2 * (j + 1))

    s rtn = ""
    f i = 0 : 1 : 3 d
    .s r = ..hex2int(a(2 * i))
    .s c = ..hex2int(a(2 * i + 1))
    .s rtn = rtn _ s(r, c)

    return rtn
}

/// 线性变换L
/// 非线性变换τ的输出是线性变换L的输入.设输入为B,输出为C.
/// C=L(B)=B^(B<<2)^B(<<10)^B(<<18)^B(<<24)
ClassMethod L(b)
{
    s rtn = ""

    s rtn = ..HexXOR(..HexXOR(..HexXOR(..HexXOR(b ,..Hexleft(b, 2)), ..Hexleft(b, 10)), ..Hexleft(b, 18)), ..Hexleft(b, 24))

    return rtn
}

/// L'
/// L'(B)=B^(B<<13)^B(<<23)
ClassMethod L2(b)
{
    s rtn = ""

    s rtn = ..HexXOR(..HexXOR(b, ..Hexleft(b, 13)), ..Hexleft(b, 23))

    return rtn
}

/// 合成置换T
/// 是一个可逆变换,由非线性τ和线性变换L复合而成,即T(.)=L(τ(.)).
ClassMethod T(x)
{
    return ..L(..tau(x))
}

/// T'
/// 将合成置换T的线性变换L替换为L'
ClassMethod T2(x)
{
    return ..L2(..tau(x))
}

/// 消息填充
/// w ##class(Utility.SM4).s2hex("342622199009262982")
ClassMethod s2hex(msg)
{
    s len = $l(msg)
    s rtn = ""
    f i = 1 : 1 : len d
    .s num = $ascii($e(msg, i))
    .s hex = $ZHEX(num)
    .s rtn = rtn _ hex

    s k = 32 - ($l(rtn) # 32)
    f i = 1 : 1 : k d
    .s rtn = rtn _ "0"

    return rtn
}

/// 8位16进制异或
/// w ##class(Utility.SM4).HexXOR("9b977428", "e334500a")
ClassMethod HexXOR(a, b)
{
    s a = ..hex2b(a)
    s b = ..hex2b(b)

    s rtn = ""
    f i = 1 : 1 : 32 d
    .i $e(a, i) = $e(b, i) d
    ..s rtn = rtn _ "0"
    .e  d
    ..s rtn = rtn _ "1"

    s rtn = ..b2hex(rtn)
    return rtn
}

/// 8位16进制左移
/// w ##class(Utility.SM4).Hexleft("61610000","3")
ClassMethod Hexleft(a, k)
{
    s rtn = ""

    s a = ..hex2b(a)
    s k = k # 32
    s a1 = $e(a, k + 1, 32)
    s a2 = $e(a, 1, k)
    s rtn = a1 _ a2

    s rtn = ..b2hex(rtn)
    return rtn
}

/// 16进制转二进制
/// w ##class(Utility.SM4).hex2b("61610000")
ClassMethod hex2b(hex)
{
    s len = $l(hex)
    s rtn = ""
    f i = 1 : 1 : len d
    .s h = $e(hex, i)
    .i h = "0" d
    ..s rtn = rtn _ "0000"
    .e  i h = "1" d
    ..s rtn = rtn _ "0001"
    .e  i h = "2" d
    ..s rtn = rtn _ "0010"
    .e  i h = "3" d
    ..s rtn = rtn _ "0011"
    .e  i h = "4" d
    ..s rtn = rtn _ "0100"
    .e  i h = "5" d
    ..s rtn = rtn _ "0101"
    .e  i h = "6" d
    ..s rtn = rtn _ "0110"
    .e  i h = "7" d
    ..s rtn = rtn _ "0111"
    .e  i h = "8" d
    ..s rtn = rtn _ "1000"
    .e  i h = "9" d
    ..s rtn = rtn _ "1001"
    .e  i h = "a" d
    ..s rtn = rtn _ "1010"
    .e  i h = "b" d
    ..s rtn = rtn _ "1011"
    .e  i h = "c" d
    ..s rtn = rtn _ "1100"
    .e  i h = "d" d
    ..s rtn = rtn _ "1101"
    .e  i h = "e" d
    ..s rtn = rtn _ "1110"
    .e  i h = "f" d
    ..s rtn = rtn _ "1111"

    return rtn
}

/// 二进制转16进制
/// w ##class(Utility.SM4).b2hex("01100001011000010000000000000000")
ClassMethod b2hex(bit)
{
    s len = $l(bit)/4
    s rtn = ""
    f i = 1 : 1 : len d
    .s bs = $e(bit, 4 * (i - 1) + 1, 4 * i)
    .i bs = "0000" d
    ..s rtn = rtn _ "0"
    .e  i bs = "0001" d
    ..s rtn = rtn _ "1"
    .e  i bs = "0010" d
    ..s rtn = rtn _ "2"
    .e  i bs = "0011" d
    ..s rtn = rtn _ "3"
    .e  i bs = "0100" d
    ..s rtn = rtn _ "4"
    .e  i bs = "0101" d
    ..s rtn = rtn _ "5"
    .e  i bs = "0110" d
    ..s rtn = rtn _ "6"
    .e  i bs = "0111" d
    ..s rtn = rtn _ "7"
    .e  i bs = "1000" d
    ..s rtn = rtn _ "8"
    .e  i bs = "1001" d
    ..s rtn = rtn _ "9"
    .e  i bs = "1010" d
    ..s rtn = rtn _ "a"
    .e  i bs = "1011" d
    ..s rtn = rtn _ "b"
    .e  i bs = "1100" d
    ..s rtn = rtn _ "c"
    .e  i bs = "1101" d
    ..s rtn = rtn _ "d"
    .e  i bs = "1110" d
    ..s rtn = rtn _ "e"
    .e  i bs = "1111" d
    ..s rtn = rtn _ "f"

    return rtn
}

/// 16进制1位转十进制
/// w ##class(Utility.SM4).hex2int("")
ClassMethod hex2int(hex)
{
    s rtn = hex
    i rtn = "a" d
    .s rtn = 10
    e  i rtn = "b" d
    .s rtn = 11
    e  i rtn = "c" d
    .s rtn = 12
    e  i rtn = "d" d
    .s rtn = 13
    e  i rtn = "e" d
    .s rtn = 14
    e  i rtn = "f" d
    .s rtn = 15

    return rtn
}

/// 十六进制转字符
/// w ##class(Utility.SM4).hex2str("3334323632323139393030393236323938320000000000000000000000000000")
ClassMethod hex2str(msg)
{
    s len = $l(msg)/2
    s rtn = ""
    f i = 1 : 1 : len d
    .s hex = $e(msg, (i - 1) * 2 + 1 , i * 2)
    .s int = 16 * ..hex2int($e(hex, 1)) + ..hex2int($e(hex, 2))
    .s str = $char(int)
    .s rtn = rtn _ str

    return $p(rtn, $char(0))
}

}
1
0 28
讨论 (0)1
登录或注册以继续