问题描述
使用gmssl(python版本)进行SM4加/解密时结果与国标(GMT0002)不符,或解密失败,原因是gmssl默认使用PKCS7填充,国标文档里的样例是没有填充的。
解决方法
方法一:创建CryptSM4对象时将填充模式设为-1。这是笔者推荐的方法。
方法二:使用CryptSM4.one_round。这是个底层函数,每次只能加/解密一个分组。
例程
python">from gmssl import sm4, funcg_sData = '0123456789abcdeffedcba9876543210'
g_sKey = '0123456789abcdeffedcba9876543210'def main():bufData = bytes.fromhex(g_sData)bufKey = bytes.fromhex(g_sKey)oSM4 = sm4.CryptSM4()oSM4.set_key(bufKey, sm4.SM4_ENCRYPT)r = oSM4.crypt_ecb(bufData)print(f'enc:{r.hex()}')oSM4 = sm4.CryptSM4(sm4.SM4_ENCRYPT, sm4.PKCS7)oSM4.set_key(bufKey, sm4.SM4_ENCRYPT)r = oSM4.crypt_ecb(bufData)print(f'enc:{r.hex()}')oSM4 = sm4.CryptSM4(sm4.SM4_ENCRYPT, sm4.ZERO)oSM4.set_key(bufKey, sm4.SM4_ENCRYPT)r = oSM4.crypt_ecb(bufData)print(f'enc:{r.hex()}')oSM4 = sm4.CryptSM4(sm4.SM4_ENCRYPT, -1) # 方法1oSM4.set_key(bufKey, sm4.SM4_ENCRYPT)r = oSM4.crypt_ecb(bufData)print(f'enc:{r.hex()}')oSM4.set_key(bufKey, sm4.SM4_DECRYPT)r = oSM4.crypt_ecb(r)print(f'dec:{r.hex()}')oSM4 = sm4.CryptSM4() # 方法2oSM4.set_key(bufKey, sm4.SM4_ENCRYPT)r = oSM4.one_round(oSM4.sk, bufData)r = func.list_to_bytes(r)print(f'enc:{r.hex()}')oSM4.set_key(bufKey, sm4.SM4_DECRYPT)#r = func.bytes_to_list(r)r = oSM4.one_round(oSM4.sk, r)r = func.list_to_bytes(r)print(f'dec:{r.hex()}')returnif __name__ == '__main__':main()
例程输出:
enc:681edf34d206965e86b3e94f536e4246002a8a4efa863ccad024ac0300bb40d2
enc:681edf34d206965e86b3e94f536e4246002a8a4efa863ccad024ac0300bb40d2
enc:681edf34d206965e86b3e94f536e42462677f46b09c122cc975533105bd4a22a
enc:681edf34d206965e86b3e94f536e4246
dec:0123456789abcdeffedcba9876543210
enc:681edf34d206965e86b3e94f536e4246
dec:0123456789abcdeffedcba9876543210
注意事项
sm4.ZERO是一个名字叫“ZERO”的填充模式,不是不填充。
------完------
