Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sm4GCM SM4 GCM 加解密模式gmsm/sm4/sm4_gcm与gmsm/gmtls中aead中gcm实现效果不一致 #198

Open
neuyhq opened this issue Dec 18, 2023 · 2 comments

Comments

@neuyhq
Copy link

neuyhq commented Dec 18, 2023

tagStr:="17195650904EFCCA0DA61ED8521E5E20"
keyStr:="7CF85EFC7DA5715BA188751B5D04A408"
iVStr:="3728E7B90000000000000000"
addDataStr:="00000000000000001601010010"
plainStr:="1400000cef3e2bcf0ea419a8d4332219"
cipherStr:="22E804DA8E3579175DF1C184B9C663F0"
上述测试数据为gmtls中数据实现的明密文相关数据情况。
cipherStr:="22E804DA8E3579175DF1C184B9C663F0"
tagStr:="e8bb06472918812f18c15db72d303c42"
keyStr:="7CF85EFC7DA5715BA188751B5D04A408"
iVStr:="3728E7B90000000000000000"
addDataStr:="00000000000000001601010010"
plainStr:="1400000cef3e2bcf0ea419a8d4332219"
上述测试数据为gmsm/sm4/sm4_gcm中数据实现的明密文相关数据情况。
1、上述说明已经说明两个明密文产出的tag不一致。
2、另外明密文数据不为16字节整数倍时,不需要填充。但是在gmsm/sm4/sm4_gcm的测试代码sm4_gcm_test.go中会填充。
3、在gmtls中实现的代码在wireshark下可以正常解密恢复出来明文,但是密文通过gmsm/sm4/sm4_gcm无法正常解密,16字节整数倍可以解密数据,但是tag对应不起来,tag验证失败;非16字节整数倍可以解密数据,但是解密后数据会有填充,长度为16字节整数倍,tag也对应不起来。建议针对上述问题统一处理一下。通过查看https://github.com/tjfoc/gmsm/blob/master/sm4/sm4_gcm.go 第304行和第336行,计算T的方法应该有误。

@neuyhq
Copy link
Author

neuyhq commented Dec 18, 2023

cipherStr="538c6e6076929afc0b4348599648097fd35515b0192eada8371f659399522a2c7507db0381b1907ee3d0ee649ceaf90a13ef5e0fa941"
plainStr="474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73740d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0ad96d8ef497f65bb26ae1"
tagStr="54115d2ab4ef11862af1a712e48051eb"
keyStr="7CF85EFC7DA5715BA188751B5D04A408"
iVStr="3728E7B90000000000000001"
addDataStr="00000000000000011701010036"

上述是gmsm/sm4/sm4_gcm密文解密后产生plainStr结果。
正常plainStr应该为:
474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73740d0a436f6e6e656374696f6e3a20636c6f73650d0a0d0a
不应该有填充d96d8ef497f65bb26ae1
同时tag也不对。

@emmansun
Copy link

其实吧,这里真没必要自己实现Go语言中已经实现的加密模式(cipher包中):CBC/CTR/GCM/OFB/CFB。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants