support (non-standard) sm4-gcm, sm4-ccm in v1-aead-extra

- https://datatracker.ietf.org/doc/html/rfc8998
- shadowsocks/shadowsocks-libev#2424

If anyone interested in trying these non-standard ciphers, please take
some time to get some background knowledge about the SM Cipher Suites.

Author: zonyitoo

Diff for: Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks-crypto"
-version = "0.5.2"
+version = "0.5.3"
 authors = ["luozijun <[email protected]>", "ty <[email protected]>"]
 edition = "2021"
 license = "MIT"
@@ -12,14 +12,20 @@ rust-version = "1.61"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]
-default = [
-    "v1",
-    "v1-aead",
-]
+default = ["v1", "v1-aead"]
 v1 = []
 v1-stream = ["v1", "chacha20", "aes", "ctr", "camellia"]
 v1-aead = ["v1", "aes-gcm", "chacha20poly1305", "hkdf", "sha1"]
-v1-aead-extra = ["v1-aead", "aes-gcm-siv", "ccm", "aes"]
+v1-aead-extra = [
+    "v1-aead",
+    "aes-gcm-siv",
+    "ccm",
+    "aes",
+    "sm4",
+    "ghash",
+    "aead",
+    "subtle",
+]
 v2 = ["aes", "aes-gcm", "blake3", "chacha20poly1305", "bytes"]
 v2-extra = ["v2", "chacha20poly1305/reduced-round"]
 
@@ -42,6 +48,10 @@ aes = { version = "0.8", optional = true }
 ctr = { version = "0.9", optional = true }
 bytes = { version = "1.3", optional = true }
 camellia = { version = "0.1", optional = true }
+sm4 = { version = "0.5", optional = true }
+ghash = { version = "0.5", optional = true }
+aead = { version = "0.5", optional = true }
+subtle = { version = "2.5", optional = true }
 
 #[target.'cfg(all(unix, any(target_arch = "x86", target_arch = "x86_64")))'.dependencies]
 #md-5 = { version = "0.10", features = ["asm"] }

Diff for: src/kind.rs

@@ -1,7 +1,7 @@
 //! Cipher Kind
 
 #[cfg(feature = "v1-aead-extra")]
-use crate::v1::aeadcipher::{Aes128Ccm, Aes128GcmSiv, Aes256Ccm, Aes256GcmSiv, XChaCha20Poly1305};
+use crate::v1::aeadcipher::{Aes128Ccm, Aes128GcmSiv, Aes256Ccm, Aes256GcmSiv, Sm4Ccm, Sm4Gcm, XChaCha20Poly1305};
 #[cfg(feature = "v1-aead")]
 use crate::v1::aeadcipher::{Aes128Gcm, Aes256Gcm, ChaCha20Poly1305};
 
@@ -230,6 +230,15 @@ pub enum CipherKind {
     /// AEAD_XCHACHA20_POLY1305
     XCHACHA20_POLY1305,
 
+    #[cfg(feature = "v1-aead-extra")]
+    #[cfg_attr(docrs, doc(cfg(feature = "v1-aead-extra")))]
+    /// SM4_GCM
+    SM4_GCM,
+    #[cfg(feature = "v1-aead-extra")]
+    #[cfg_attr(docrs, doc(cfg(feature = "v1-aead-extra")))]
+    /// SM4_GCM
+    SM4_CCM,
+
     #[cfg(feature = "v2")]
     #[cfg_attr(docrs, doc(cfg(feature = "v2")))]
     /// 2022-blake3-aes-128-gcm
@@ -302,7 +311,9 @@ impl CipherKind {
             AES_128_GCM | AES_256_GCM | CHACHA20_POLY1305 => true,
 
             #[cfg(feature = "v1-aead-extra")]
-            AES_128_CCM | AES_256_CCM | AES_128_GCM_SIV | AES_256_GCM_SIV | XCHACHA20_POLY1305 => true,
+            AES_128_CCM | AES_256_CCM | AES_128_GCM_SIV | AES_256_GCM_SIV | XCHACHA20_POLY1305 | SM4_GCM | SM4_CCM => {
+                true
+            }
 
             _ => false,
         }
@@ -426,6 +437,11 @@ impl CipherKind {
             #[cfg(feature = "v1-aead-extra")]
             XCHACHA20_POLY1305 => XChaCha20Poly1305::key_size(),
 
+            #[cfg(feature = "v1-aead-extra")]
+            SM4_GCM => Sm4Gcm::key_size(),
+            #[cfg(feature = "v1-aead-extra")]
+            SM4_CCM => Sm4Ccm::key_size(),
+
             #[cfg(feature = "v2")]
             AEAD2022_BLAKE3_AES_128_GCM => Aead2022Aes128Gcm::key_size(),
             #[cfg(feature = "v2")]
@@ -515,6 +531,11 @@ impl CipherKind {
             #[cfg(feature = "v1-aead-extra")]
             XCHACHA20_POLY1305 => XChaCha20Poly1305::tag_size(),
 
+            #[cfg(feature = "v1-aead-extra")]
+            SM4_GCM => Sm4Gcm::tag_size(),
+            #[cfg(feature = "v1-aead-extra")]
+            SM4_CCM => Sm4Ccm::tag_size(),
+
             #[cfg(feature = "v2")]
             AEAD2022_BLAKE3_AES_128_GCM => Aead2022Aes128Gcm::tag_size(),
             #[cfg(feature = "v2")]
@@ -669,6 +690,11 @@ impl core::fmt::Display for CipherKind {
             #[cfg(feature = "v1-aead-extra")]
             CipherKind::XCHACHA20_POLY1305 => "xchacha20-ietf-poly1305",
 
+            #[cfg(feature = "v1-aead-extra")]
+            CipherKind::SM4_GCM => "sm4-gcm",
+            #[cfg(feature = "v1-aead-extra")]
+            CipherKind::SM4_CCM => "sm4-ccm",
+
             #[cfg(feature = "v2")]
             CipherKind::AEAD2022_BLAKE3_AES_128_GCM => "2022-blake3-aes-128-gcm",
             #[cfg(feature = "v2")]
@@ -814,6 +840,11 @@ impl core::str::FromStr for CipherKind {
             #[cfg(feature = "v1-aead-extra")]
             "xchacha20-ietf-poly1305" => Ok(XCHACHA20_POLY1305),
 
+            #[cfg(feature = "v1-aead-extra")]
+            "sm4-gcm" => Ok(SM4_GCM),
+            #[cfg(feature = "v1-aead-extra")]
+            "sm4-ccm" => Ok(SM4_CCM),
+
             #[cfg(feature = "v2")]
             "2022-blake3-aes-128-gcm" => Ok(AEAD2022_BLAKE3_AES_128_GCM),
             #[cfg(feature = "v2")]

Diff for: src/v1/aeadcipher/mod.rs

@@ -7,12 +7,20 @@ mod aes_gcm;
 mod aes_gcm_siv;
 mod chacha20_poly1305;
 #[cfg(feature = "v1-aead-extra")]
+mod sm4_ccm;
+#[cfg(feature = "v1-aead-extra")]
+mod sm4_gcm;
+#[cfg(feature = "v1-aead-extra")]
+mod sm4_gcm_cipher;
+#[cfg(feature = "v1-aead-extra")]
 mod xchacha20_poly1305;
 
 #[cfg(feature = "v1-aead-extra")]
 pub use self::{
     aes_ccm::{Aes128Ccm, Aes256Ccm},
     aes_gcm_siv::{Aes128GcmSiv, Aes256GcmSiv},
+    sm4_ccm::Sm4Ccm,
+    sm4_gcm::Sm4Gcm,
     xchacha20_poly1305::XChaCha20Poly1305,
 };
 pub use self::{
@@ -34,6 +42,10 @@ enum AeadCipherVariant {
     Aes128Ccm(Aes128Ccm),
     #[cfg(feature = "v1-aead-extra")]
     Aes256Ccm(Aes256Ccm),
+    #[cfg(feature = "v1-aead-extra")]
+    Sm4Gcm(Sm4Gcm),
+    #[cfg(feature = "v1-aead-extra")]
+    Sm4Ccm(Sm4Ccm),
 }
 
 impl AeadCipherVariant {
@@ -52,6 +64,10 @@ impl AeadCipherVariant {
             CipherKind::AES_128_CCM => AeadCipherVariant::Aes128Ccm(Aes128Ccm::new(key)),
             #[cfg(feature = "v1-aead-extra")]
             CipherKind::AES_256_CCM => AeadCipherVariant::Aes256Ccm(Aes256Ccm::new(key)),
+            #[cfg(feature = "v1-aead-extra")]
+            CipherKind::SM4_GCM => AeadCipherVariant::Sm4Gcm(Sm4Gcm::new(key)),
+            #[cfg(feature = "v1-aead-extra")]
+            CipherKind::SM4_CCM => AeadCipherVariant::Sm4Ccm(Sm4Ccm::new(key)),
             _ => unreachable!("{:?} is not an AEAD cipher", kind),
         }
     }
@@ -71,6 +87,10 @@ impl AeadCipherVariant {
             AeadCipherVariant::Aes128Ccm(..) => Aes128Ccm::nonce_size(),
             #[cfg(feature = "v1-aead-extra")]
             AeadCipherVariant::Aes256Ccm(..) => Aes256Ccm::nonce_size(),
+            #[cfg(feature = "v1-aead-extra")]
+            AeadCipherVariant::Sm4Gcm(..) => Sm4Gcm::nonce_size(),
+            #[cfg(feature = "v1-aead-extra")]
+            AeadCipherVariant::Sm4Ccm(..) => Sm4Ccm::nonce_size(),
         }
     }
 
@@ -89,6 +109,10 @@ impl AeadCipherVariant {
             AeadCipherVariant::Aes128Ccm(..) => CipherKind::AES_128_CCM,
             #[cfg(feature = "v1-aead-extra")]
             AeadCipherVariant::Aes256Ccm(..) => CipherKind::AES_256_CCM,
+            #[cfg(feature = "v1-aead-extra")]
+            AeadCipherVariant::Sm4Gcm(..) => CipherKind::SM4_GCM,
+            #[cfg(feature = "v1-aead-extra")]
+            AeadCipherVariant::Sm4Ccm(..) => CipherKind::SM4_CCM,
         }
     }
 
@@ -107,6 +131,10 @@ impl AeadCipherVariant {
             AeadCipherVariant::Aes128Ccm(ref mut c) => c.encrypt(nonce, plaintext_in_ciphertext_out),
             #[cfg(feature = "v1-aead-extra")]
             AeadCipherVariant::Aes256Ccm(ref mut c) => c.encrypt(nonce, plaintext_in_ciphertext_out),
+            #[cfg(feature = "v1-aead-extra")]
+            AeadCipherVariant::Sm4Gcm(ref mut c) => c.encrypt(nonce, plaintext_in_ciphertext_out),
+            #[cfg(feature = "v1-aead-extra")]
+            AeadCipherVariant::Sm4Ccm(ref mut c) => c.encrypt(nonce, plaintext_in_ciphertext_out),
         }
     }
 
@@ -125,6 +153,10 @@ impl AeadCipherVariant {
             AeadCipherVariant::Aes128Ccm(ref mut c) => c.decrypt(nonce, ciphertext_in_plaintext_out),
             #[cfg(feature = "v1-aead-extra")]
             AeadCipherVariant::Aes256Ccm(ref mut c) => c.decrypt(nonce, ciphertext_in_plaintext_out),
+            #[cfg(feature = "v1-aead-extra")]
+            AeadCipherVariant::Sm4Gcm(ref mut c) => c.decrypt(nonce, ciphertext_in_plaintext_out),
+            #[cfg(feature = "v1-aead-extra")]
+            AeadCipherVariant::Sm4Ccm(ref mut c) => c.decrypt(nonce, ciphertext_in_plaintext_out),
         }
     }
 }

Diff for: src/v1/aeadcipher/sm4_ccm.rs

@@ -0,0 +1,83 @@
+//! SM4_CCM
+//!
+//! https://datatracker.ietf.org/doc/html/rfc8998
+
+use ccm::{
+    aead::{generic_array::typenum::Unsigned, AeadCore, AeadInPlace, KeyInit, KeySizeUser},
+    consts::{U12, U16},
+    Ccm,
+    Nonce,
+    Tag,
+};
+use sm4::Sm4;
+
+pub struct Sm4Ccm(Ccm<Sm4, U16, U12>);
+
+impl Sm4Ccm {
+    pub fn new(key: &[u8]) -> Sm4Ccm {
+        Sm4Ccm(Ccm::new_from_slice(key).expect("Sm4Ccm"))
+    }
+
+    pub fn key_size() -> usize {
+        <Ccm<Sm4, U16, U12> as KeySizeUser>::KeySize::to_usize()
+    }
+
+    pub fn nonce_size() -> usize {
+        <Ccm<Sm4, U16, U12> as AeadCore>::NonceSize::to_usize()
+    }
+
+    pub fn tag_size() -> usize {
+        <Ccm<Sm4, U16, U12> as AeadCore>::TagSize::to_usize()
+    }
+
+    pub fn encrypt(&self, nonce: &[u8], plaintext_in_ciphertext_out: &mut [u8]) {
+        let nonce = Nonce::from_slice(nonce);
+        let (plaintext, out_tag) =
+            plaintext_in_ciphertext_out.split_at_mut(plaintext_in_ciphertext_out.len() - Self::tag_size());
+        let tag = self
+            .0
+            .encrypt_in_place_detached(nonce, &[], plaintext)
+            .expect("AES_128_CCM encrypt");
+        out_tag.copy_from_slice(tag.as_slice())
+    }
+
+    pub fn decrypt(&self, nonce: &[u8], ciphertext_in_plaintext_out: &mut [u8]) -> bool {
+        let nonce = Nonce::from_slice(nonce);
+        let (ciphertext, in_tag) =
+            ciphertext_in_plaintext_out.split_at_mut(ciphertext_in_plaintext_out.len() - Self::tag_size());
+        let in_tag = Tag::from_slice(in_tag);
+        self.0.decrypt_in_place_detached(nonce, &[], ciphertext, in_tag).is_ok()
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use ccm::{
+        aead::{Aead, KeyInit, Payload},
+        consts::{U12, U16},
+        Ccm,
+    };
+    use sm4::Sm4;
+
+    #[test]
+    fn test_sm4_ccm() {
+        let iv = hex::decode("00001234567800000000ABCD").unwrap();
+        let key = hex::decode("0123456789ABCDEFFEDCBA9876543210").unwrap();
+        let plain_text = hex::decode("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEFFFFFFFFFFFFFFFFEEEEEEEEEEEEEEEEAAAAAAAAAAAAAAAA").unwrap();
+        let aad = hex::decode("FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2").unwrap();
+        let mut cipher_text = hex::decode("48AF93501FA62ADBCD414CCE6034D895DDA1BF8F132F042098661572E7483094FD12E518CE062C98ACEE28D95DF4416BED31A2F04476C18BB40C84A74B97DC5B").unwrap();
+        let mut tag = hex::decode("16842D4FA186F56AB33256971FA110F4").unwrap();
+        cipher_text.append(&mut tag); // postfix tag
+
+        let nonce = super::Nonce::from_slice(&iv);
+
+        let cipher = Ccm::<Sm4, U16, U12>::new_from_slice(&key).unwrap();
+        let plain_text_payload = Payload {
+            msg: &plain_text,
+            aad: &aad,
+        };
+        let result = cipher.encrypt(nonce, plain_text_payload).unwrap();
+
+        assert_eq!(result, cipher_text);
+    }
+}

Diff for: src/v1/aeadcipher/sm4_gcm.rs

@@ -0,0 +1,46 @@
+//! SM4-GCM
+
+use aead::{AeadCore, AeadInPlace, Key, KeyInit, KeySizeUser};
+use sm4::cipher::Unsigned;
+
+use super::sm4_gcm_cipher::{Nonce, Sm4Gcm as CryptoSm4Gcm, Tag};
+
+pub struct Sm4Gcm(CryptoSm4Gcm);
+
+impl Sm4Gcm {
+    pub fn new(key: &[u8]) -> Sm4Gcm {
+        let key = Key::<CryptoSm4Gcm>::from_slice(key);
+        Sm4Gcm(CryptoSm4Gcm::new(key))
+    }
+
+    pub fn key_size() -> usize {
+        <CryptoSm4Gcm as KeySizeUser>::KeySize::to_usize()
+    }
+
+    pub fn nonce_size() -> usize {
+        <CryptoSm4Gcm as AeadCore>::NonceSize::to_usize()
+    }
+
+    pub fn tag_size() -> usize {
+        <CryptoSm4Gcm as AeadCore>::TagSize::to_usize()
+    }
+
+    pub fn encrypt(&self, nonce: &[u8], plaintext_in_ciphertext_out: &mut [u8]) {
+        let nonce = Nonce::from_slice(nonce);
+        let (plaintext, out_tag) =
+            plaintext_in_ciphertext_out.split_at_mut(plaintext_in_ciphertext_out.len() - Self::tag_size());
+        let tag = self
+            .0
+            .encrypt_in_place_detached(nonce, &[], plaintext)
+            .expect("SM4_GCM encrypt");
+        out_tag.copy_from_slice(tag.as_slice())
+    }
+
+    pub fn decrypt(&self, nonce: &[u8], ciphertext_in_plaintext_out: &mut [u8]) -> bool {
+        let nonce = Nonce::from_slice(nonce);
+        let (ciphertext, in_tag) =
+            ciphertext_in_plaintext_out.split_at_mut(ciphertext_in_plaintext_out.len() - Self::tag_size());
+        let in_tag = Tag::from_slice(in_tag);
+        self.0.decrypt_in_place_detached(nonce, &[], ciphertext, in_tag).is_ok()
+    }
+}