一、SM4算法介绍

2012年3月,国家密码管理局正式公布了包含SM4分组密码算法在内的《祖冲之序列密码算法》等6项密码行业标准。与DES和AES算法类似,SM4算法是一种分组密码算法。其分组长度为128bit,密钥长度也为128bit。加密算法与密钥扩展算法均采用32轮非线性迭代结构,以字(32位)为单位进行加密运算,每一次迭代运算均为一轮变换函数F。SM4算法加/解密算法的结构相同,只是使用轮密钥相反,其中解密轮密钥是加密轮密钥的逆序。
SM4有很高的灵活性,所采用的S盒可以灵活地被替换,以应对突发性的安全威胁。算法的32轮迭代采用串行处理,这与AES中每轮使用代换和混淆并行地处理整个分组有很大不同。

  1. public class Sm4Util {
  3.     /**
  4.      * 加密标识
  5.      */
  6.     private static final int ENCRYPT = 1;
  7.     /**
  8.      * 解密标识
  9.      */
  10.     private static final int DECRYPT = 0;
  11.     /**
  12.      * F轮函数循环次数
  13.      */
  14.     private static final int ROUND = 32;
  15.     private static final int BLOCK = 16;
  16.     private static final int FOUR = 4;
  17.     private static final int ZERO = 0;
  19.     /**
  20.      * s盒
  21.      */
  22.     private byte[] sbox = {(byte) 0xd6, (byte) 0x90, (byte) 0xe9, (byte) 0xfe,
  23.             (byte) 0xcc, (byte) 0xe1, 0x3d, (byte) 0xb7, 0x16, (byte) 0xb6,
  24.             0x14, (byte) 0xc2, 0x28, (byte) 0xfb, 0x2c, 0x05, 0x2b, 0x67,
  25.             (byte) 0x9a, 0x76, 0x2a, (byte) 0xbe, 0x04, (byte) 0xc3,
  26.             (byte) 0xaa, 0x44, 0x13, 0x26, 0x49, (byte) 0x86, 0x06,
  27.             (byte) 0x99, (byte) 0x9c, 0x42, 0x50, (byte) 0xf4, (byte) 0x91,
  28.             (byte) 0xef, (byte) 0x98, 0x7a, 0x33, 0x54, 0x0b, 0x43,
  29.             (byte) 0xed, (byte) 0xcf, (byte) 0xac, 0x62, (byte) 0xe4,
  30.             (byte) 0xb3, 0x1c, (byte) 0xa9, (byte) 0xc9, 0x08, (byte) 0xe8,
  31.             (byte) 0x95, (byte) 0x80, (byte) 0xdf, (byte) 0x94, (byte) 0xfa,
  32.             0x75, (byte) 0x8f, 0x3f, (byte) 0xa6, 0x47, 0x07, (byte) 0xa7,
  33.             (byte) 0xfc, (byte) 0xf3, 0x73, 0x17, (byte) 0xba, (byte) 0x83,
  34.             0x59, 0x3c, 0x19, (byte) 0xe6, (byte) 0x85, 0x4f, (byte) 0xa8,
  35.             0x68, 0x6b, (byte) 0x81, (byte) 0xb2, 0x71, 0x64, (byte) 0xda,
  36.             (byte) 0x8b, (byte) 0xf8, (byte) 0xeb, 0x0f, 0x4b, 0x70, 0x56,
  37.             (byte) 0x9d, 0x35, 0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, (byte) 0xd1,
  38.             (byte) 0xa2, 0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, (byte) 0x87,
  39.             (byte) 0xd4, 0x00, 0x46, 0x57, (byte) 0x9f, (byte) 0xd3, 0x27,
  40.             0x52, 0x4c, 0x36, 0x02, (byte) 0xe7, (byte) 0xa0, (byte) 0xc4,
  41.             (byte) 0xc8, (byte) 0x9e, (byte) 0xea, (byte) 0xbf, (byte) 0x8a,
  42.             (byte) 0xd2, 0x40, (byte) 0xc7, 0x38, (byte) 0xb5, (byte) 0xa3,
  43.             (byte) 0xf7, (byte) 0xf2, (byte) 0xce, (byte) 0xf9, 0x61, 0x15,
  44.             (byte) 0xa1, (byte) 0xe0, (byte) 0xae, 0x5d, (byte) 0xa4,
  45.             (byte) 0x9b, 0x34, 0x1a, 0x55, (byte) 0xad, (byte) 0x93, 0x32,
  46.             0x30, (byte) 0xf5, (byte) 0x8c, (byte) 0xb1, (byte) 0xe3, 0x1d,
  47.             (byte) 0xf6, (byte) 0xe2, 0x2e, (byte) 0x82, 0x66, (byte) 0xca,
  48.             0x60, (byte) 0xc0, 0x29, 0x23, (byte) 0xab, 0x0d, 0x53, 0x4e, 0x6f,
  49.             (byte) 0xd5, (byte) 0xdb, 0x37, 0x45, (byte) 0xde, (byte) 0xfd,
  50.             (byte) 0x8e, 0x2f, 0x03, (byte) 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b,
  51.             0x51, (byte) 0x8d, 0x1b, (byte) 0xaf, (byte) 0x92, (byte) 0xbb,
  52.             (byte) 0xdd, (byte) 0xbc, 0x7f, 0x11, (byte) 0xd9, 0x5c, 0x41,
  53.             0x1f, 0x10, 0x5a, (byte) 0xd8, 0x0a, (byte) 0xc1, 0x31,
  54.             (byte) 0x88, (byte) 0xa5, (byte) 0xcd, 0x7b, (byte) 0xbd, 0x2d,
  55.             0x74, (byte) 0xd0, 0x12, (byte) 0xb8, (byte) 0xe5, (byte) 0xb4,
  56.             (byte) 0xb0, (byte) 0x89, 0x69, (byte) 0x97, 0x4a, 0x0c,
  57.             (byte) 0x96, 0x77, 0x7e, 0x65, (byte) 0xb9, (byte) 0xf1, 0x09,
  58.             (byte) 0xc5, 0x6e, (byte) 0xc6, (byte) 0x84, 0x18, (byte) 0xf0,
  59.             0x7d, (byte) 0xec, 0x3a, (byte) 0xdc, 0x4d, 0x20, 0x79,
  60.             (byte) 0xee, 0x5f, 0x3e, (byte) 0xd7, (byte) 0xcb, 0x39, 0x48};
  63.     /**
  64.      * 固定的ck参数
  65.      */
  66.     private int[] ck = {0x00070e15, 0x1c232a31, 0x383f464d, 0x545b6269,
  67.             0x70777e85, 0x8c939aa1, 0xa8afb6bd, 0xc4cbd2d9, 0xe0e7eef5,
  68.             0xfc030a11, 0x181f262d, 0x343b4249, 0x50575e65, 0x6c737a81,
  69.             0x888f969d, 0xa4abb2b9, 0xc0c7ced5, 0xdce3eaf1, 0xf8ff060d,
  70.             0x141b2229, 0x30373e45, 0x4c535a61, 0x686f767d, 0x848b9299,
  71.             0xa0a7aeb5, 0xbcc3cad1, 0xd8dfe6ed, 0xf4fb0209, 0x10171e25,
  72.             0x2c333a41, 0x484f565d, 0x646b7279};
  74.     /**
  75.      * 固定的fk参数
  76.      */
  77.     private int[] fk = {0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc};
  80.     /**
  81.      * @Description 将传入的x参数循环左移num位
  82.      * @Author tanp
  83.      */
  84.     private int leftMove(int x, int num) {
  85.         //假如数据为无符号的数,长度为N,需要循环移动n位。可以用下面的公式:
  86.         //循环左移n位: (x>>(N - n) ) | (x<<n);
  87.         return x << num | x >>> (32 - num);
  88.     }
  90.     /**
  91.      * @Description s盒的非线性变化函数
  92.      * @Author tanp
  93.      */
  94.     private int byteSub(int x) {
  95.         return (sbox[x >>> 24 & 0xFF] & 0xFF) << 24
  96.                 | (sbox[x >>> 16 & 0xFF] & 0xFF) << 16
  97.                 | (sbox[x >>> 8 & 0xFF] & 0xFF) << 8
  98.                 | (sbox[x & 0xFF] & 0xFF);
  99.     }
  101.     /**
  102.      * @Description 轮函数中T函数的线性变化L函数
  103.      * @Author tanp
  104.      */
  105.     private int transLf(int x) {
  106.         //B^(B<<2|B>>>30)^(B<<10|B>>>22)^(B<<18|B>>>14)^(B<<24|B>>>8);
  107.         return x ^ leftMove(x, 2) ^ leftMove(x, 10) ^ leftMove(x, 18) ^ leftMove(x, 24);
  108.     }
  110.     /**
  111.      * @Description 秘钥扩展算法中的T'函数的线性变化L函数
  112.      * @Author tanp
  113.      */
  114.     private int transTf(int x) {
  115.         // B^(B<<13|B>>>19)^(B<<23|B>>>9);
  116.         return x ^ leftMove(x, 13) ^ leftMove(x, 23);
  117.     }
  119.     /**
  120.      * @Description 秘钥扩展算法T置换
  121.      * @Author tanp
  122.      */
  123.     private int transTh(int in) {
  124.         return transTf(byteSub(in));
  125.     }
  127.     /**
  128.      * @Description 轮函数T置换
  129.      * @Author tanp
  130.      */
  131.     private int transLth(int in) {
  132.         return transLf(byteSub(in));
  133.     }
  135.     /**
  136.      * @param key       秘钥
  137.      * @param cryptFlag 加解密标识
  138.      * @Description 获取轮秘钥
  139.      * @Author tanp
  140.      */
  141.     private int[] sm4KeyExt(byte[] key, int cryptFlag) {
  142.         int r, mid;
  143.         int[] x = new int[4];
  144.         int[] tmp = new int[4];
  145.         int[] rk = new int[ROUND];
  146.         getValue(key, x, tmp);
  147.         //获取轮秘钥之前,先将秘钥与系统函数FK异或
  148.         for (r = ZERO; r < FOUR; r++) {
  149.             x[r] = x[r] ^ (fk[r]);
  150.         }
  151.         //轮训执行T置换
  152.         for (r = ZERO; r < ROUND; r += FOUR) {
  153.             rk[r] = x[0] ^= transTh(x[1] ^ x[2] ^ x[3] ^ ck[r]);
  154.             rk[r + 1] = x[1] ^= transTh(x[2] ^ x[3] ^ x[0] ^ ck[r + 1]);
  155.             rk[r + 2] = x[2] ^= transTh(x[3] ^ x[0] ^ x[1] ^ ck[r + 2]);
  156.             rk[r + 3] = x[3] ^= transTh(x[0] ^ x[1] ^ x[2] ^ ck[r + 3]);
  157.         }
  159.         // 解密时轮密钥使用顺序:rk31,rk30,...,rk0
  160.         if (cryptFlag == DECRYPT) {
  161.             for (r = 0; r < BLOCK; r++) {
  162.                 mid = rk[r];
  163.                 rk[r] = rk[31 - r];
  164.                 rk[31 - r] = mid;
  165.             }
  166.         }
  167.         return rk;
  168.     }
  171.     /**
  172.      * @Description 轮函数F
  173.      * @param input 加密解密的字节数组
  174.      * @param rk 轮秘钥
  175.      * @Author tanp
  176.      */
  177.     private void sms4Crypt(byte[] input, byte[] output, int[] rk) {
  178.         int r;
  179.         int[] x = new int[4];
  180.         int[] tmp = new int[4];
  181.         getValue(input, x, tmp);
  182.         for (r = ZERO; r < ROUND; r += FOUR) {
  183.             x[0] = x[0] ^ transLth(x[1] ^ x[2] ^ x[3] ^ rk[r]);
  184.             x[1] = x[1] ^ transLth(x[2] ^ x[3] ^ x[0] ^ rk[r + 1]);
  185.             x[2] = x[2] ^ transLth(x[3] ^ x[0] ^ x[1] ^ rk[r + 2]);
  186.             x[3] = x[3] ^ transLth(x[0] ^ x[1] ^ x[2] ^ rk[r + 3]);
  187.         }
  188.         // Reverse
  189.         for (int j = ZERO; j < BLOCK; j += FOUR) {
  190.             output[j] = (byte) (x[3 - j / 4] >>> 24 & 0xFF);
  191.             output[j + 1] = (byte) (x[3 - j / 4] >>> 16 & 0xFF);
  192.             output[j + 2] = (byte) (x[3 - j / 4] >>> 8 & 0xFF);
  193.             output[j + 3] = (byte) (x[3 - j / 4] & 0xFF);
  194.         }
  195.     }
  197.     private void getValue(byte[] input, int[] x, int[] tmp) {
  198.         for (int i = ZERO; i < FOUR; i++) {
  199.             tmp[0] = input[4 * i] & 0xff;
  200.             tmp[1] = input[1 + 4 * i] & 0xff;
  201.             tmp[2] = input[2 + 4 * i] & 0xff;
  202.             tmp[3] = input[3 + 4 * i] & 0xff;
  203.             x[i] = tmp[0] << 24 | tmp[1] << 16 | tmp[2] << 8 | tmp[3];
  204.         }
  205.     }
  208.     /**
  209.      * @param in        需加密或者解密的字节数组
  210.      * @param inLen     加密解密的字节长度
  211.      * @param key       秘钥
  212.      * @param out       加密解密后的字节数组,用来返回
  213.      * @param cryptFlag 加解密标识
  214.      * @Description 加密 解密方法
  215.      * @Author tanp
  216.      */
  217.     private byte[] sms4(byte[] in, int inLen, byte[] key, byte[] out, int cryptFlag) {
  218.         int point = 0;
  219.         //获取轮秘钥
  220.         int[] roundKey = sm4KeyExt(key, cryptFlag);
  221.         byte[] input;
  222.         byte[] output = new byte[16];
  224.         while (inLen >= BLOCK) {
  225.             input = Arrays.copyOfRange(in, point, point + 16);
  226.             //每16个字节执行一次轮函数
  227.             sms4Crypt(input, output, roundKey);
  228.             System.arraycopy(output, 0, out, point, BLOCK);
  229.             inLen -= BLOCK;
  230.             point += BLOCK;
  231.         }
  232.         return out;
  233.     }
  235.     /**
  236.      * 字符串加密
  237.      *
  238.      * @param plaintext 明文
  239.      * @param key       秘钥
  240.      * @return 加密后的明文字符串
  241.      * @Author tanp
  242.      */
  243.     private static String encodeSms4ToHex(String plaintext, byte[] key) {
  244.         if (plaintext == null || plaintext.length() <= 0) {
  245.             return null;
  246.         }
  247.         StringBuilder plaintextBuilder = new StringBuilder(plaintext);
  248.         for (int i = plaintextBuilder.toString().getBytes().length % BLOCK; i < BLOCK; i++) {
  249.             plaintextBuilder.append('\0');
  250.         }
  251.         plaintext = plaintextBuilder.toString();
  252.         return bytesToHexString(encodeSms4(plaintext.getBytes(), key));
  253.     }
  255.     /**
  256.      * 字符串形式的密文解密成明文
  257.      *
  258.      * @param enHex 密文
  259.      * @param key   秘钥
  260.      * @return 解密后的明文
  261.      * @Author tanp
  262.      */
  263.     private static String decodeSms4HexToString(String enHex, byte[] key) {
  264.         byte[] plaintext = decodeSms4(hexStringToBytes(enHex),key);
  265.         return new String(plaintext).trim();
  266.     }
  268.     /**
  269.      * SMS4加密,加密字符数组
  270.      *
  271.      * @param plaintext 字节数组形式的明文
  272.      * @param key       秘钥
  273.      * @return 明文加密后的字接数组
  274.      */
  275.     private static byte[] encodeSms4(byte[] plaintext, byte[] key) {
  276.         byte[] ciphering = new byte[plaintext.length];
  277.         int k = 0;
  278.         int plainLen = plaintext.length;
  279.         while (k + BLOCK <= plainLen) {
  280.             byte[] cellPlain = new byte[16];
  281.             System.arraycopy(plaintext, k, cellPlain, 0, 16);
  282.             byte[] cellCipher = encode16(cellPlain, key);
  283.             System.arraycopy(cellCipher, 0, ciphering, k, cellCipher.length);
  284.             k += 16;
  285.         }
  286.         return ciphering;
  287.     }
  289.     /**
  290.      * 不限明文长度的SMS4解密
  291.      *
  292.      * @param ciphering 需要解密的字节数组
  293.      * @param key 秘钥
  294.      * @return 解密后的字节数组
  295.      */
  296.     private static byte[] decodeSms4(byte[] ciphering, byte[] key) {
  297.         byte[] plaintext = new byte[ciphering.length];
  298.         int k = 0;
  299.         int cipherLen = ciphering.length;
  300.         while (k + BLOCK <= cipherLen) {
  301.             byte[] cellCipher = new byte[16];
  302.             System.arraycopy(ciphering, k, cellCipher, 0, 16);
  303.             byte[] cellPlain = decode16(cellCipher, key);
  304.             System.arraycopy(cellPlain, 0, plaintext, k, cellPlain.length);
  305.             k += BLOCK;
  306.         }
  308.         return plaintext;
  309.     }
  311.     /**
  312.      * 只加密16位明文
  313.      *
  314.      * @param plaintext 明文字节数组
  315.      * @param key       秘钥
  316.      * @return 加密后的字节数组
  317.      */
  318.     private static byte[] encode16(byte[] plaintext, byte[] key) {
  319.         byte[] cipher = new byte[16];
  320.         Sm4Util sm4 = new Sm4Util();
  321.         //调用加密方法
  322.         return sm4.sms4(plaintext, 16, key, cipher, ENCRYPT);
  323.     }
  325.     /**
  326.      * 只解密16位密文
  327.      *
  328.      * @param ciphering 需解密的密文
  329.      * @param key 秘钥
  330.      * @return 解密后的明文字节
  331.      */
  332.     private static byte[] decode16(byte[] ciphering, byte[] key) {
  333.         byte[] plain = new byte[16];
  334.         Sm4Util sm4 = new Sm4Util();
  335.         sm4.sms4(ciphering, 16, key, plain, DECRYPT);
  336.         return plain;
  337.     }
  339.     /**
  340.      * 只加密32位明文
  341.      *
  342.      * @param plaintext 明文字节数组
  343.      * @param key       秘钥
  344.      * @return 加密后的字节数组
  345.      */
  346.     private static byte[] encode32(byte[] plaintext, byte[] key) {
  347.         byte[] cipher = new byte[32];
  348.         Sm4Util sm4 = new Sm4Util();
  349.         return sm4.sms4(plaintext, 32, key, cipher, ENCRYPT);
  350.     }
  352.     /**
  353.      * 只解密32位密文
  354.      *
  355.      * @param ciphering 需解密的密文
  356.      * @param key 秘钥
  357.      * @return 解密后的明文字节
  358.      */
  359.     private static byte[] decode32(byte[] ciphering, byte[] key) {
  360.         byte[] plain = new byte[32];
  361.         Sm4Util sm4 = new Sm4Util();
  362.         sm4.sms4(ciphering, 32, key, plain, DECRYPT);
  363.         return plain;
  364.     }
  366.     /**
  367.      * 字节数组转字符串
  368.      *
  369.      * @param src 字节数组
  370.      * @return String
  371.      */
  372.     private static String bytesToHexString(byte[] src) {
  373.         StringBuilder stringBuilder = new StringBuilder();
  374.         if (src == null || src.length <= 0) {
  375.             return null;
  376.         }
  377.         for (byte aSrc : src) {
  378.             int v = aSrc & 0xFF;
  379.             String hv = Integer.toHexString(v);
  380.             if (hv.length() < 2) {
  381.                 stringBuilder.append(0);
  382.             }
  383.             stringBuilder.append(hv);
  384.         }
  385.         return stringBuilder.toString();
  386.     }
  388.     /**
  389.      * 字符串转字节数组
  390.      *
  391.      * @param hexString the hex string
  392.      * @return byte[]
  393.      */
  394.     private static byte[] hexStringToBytes(String hexString) {
  395.         if (hexString == null || hexString.length() <= 0) {
  396.             return null;
  397.         }
  398.         hexString = hexString.toUpperCase();
  399.         int length = hexString.length() / 2;
  400.         char[] hexChars = hexString.toCharArray();
  401.         byte[] d = new byte[length];
  402.         for (int i = 0; i < length; i++) {
  403.             int pos = i * 2;
  404.             d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
  405.         }
  406.         return d;
  407.     }
  409.     /**
  410.      * Convert char to byte
  411.      *
  412.      * @param c char
  413.      * @return byte
  414.      */
  415.     private static byte charToByte(char c) {
  416.         return (byte) "0123456789ABCDEF".indexOf(c);
  417.     }
  419.     /**
  420.      * @Description 随机获取中文
  421.      * @Date 2020/5/9 14:17
  422.      * @Author tanp
  423.      */
  424.     private static char getRandomChar() {
  425.         String str = "";
  426.         int hightPos;
  427.         int lowPos;
  428.         Random random = new Random();
  429.         hightPos = (176 + Math.abs(random.nextInt(39)));
  430.         lowPos = (161 + Math.abs(random.nextInt(93)));
  431.         byte[] b = new byte[2];
  432.         b[0] = (Integer.valueOf(hightPos)).byteValue();
  433.         b[1] = (Integer.valueOf(lowPos)).byteValue();
  434.         try {
  435.             str = new String(b, "GBK");
  436.         } catch (UnsupportedEncodingException e) {
  437.             e.printStackTrace();
  438.             System.out.println("错误");
  439.         }
  440.         return str.charAt(0);
  441.     }
  442.     public static void main(String[] args) {
  443.         final byte[] key = {0x01, 0x23, 0x45, 0x67, (byte) 0x89, (byte) 0xab,
  444.                 (byte) 0xcd, (byte) 0xef, (byte) 0xfe, (byte) 0xdc,
  445.                 (byte) 0xba, (byte) 0x98, 0x76, 0x54, 0x32, 0x10};
  446.         StringBuilder msg = new StringBuilder();
  447.         for(int a=0;a<ROUND;a++){
  448.             for (int i = 1; i < ROUND; i++) {
  449.                 msg.append(getRandomChar());
  450.             }
  451.             System.out.println("加密前:" + msg.toString());
  452.             String enStr = encodeSms4ToHex(msg.toString(), key);
  453.             System.out.println("加密后:" + enStr);
  454.             String deStr = decodeSms4HexToString(enStr, key);
  455.             System.out.println("解密后:" + deStr);
  456.             //查看经过加密再解密后的字符串是否与最开始的原生字符串是否一致
  457.             System.out.println(msg.toString().equals(deStr));
  458.         }
  460.     }
  462. }