SM4-GCM加解密过程

2025-06-26 10:39:34 by wst

sm4-gcm介绍

SM4-GCM既保证了数据秘密传输，又保证了数据的完整性。

这里基于gmssl实现了数据加解密过程，方法如下：

加密过程do_encrypt.py

#!/usr/bin/env python
# -*- encoding: utf-8 -*-
'''
@文件        :do_encrypt.py
@说明        :加密示例
@时间        :2025/06/25 15:18:30
@作者        :wanshitao
@版本        :1.0
'''

import binascii
from gmssl import rand_bytes, Sm4Gcm, SM4_KEY_SIZE, SM4_GCM_DEFAULT_IV_SIZE, SM4_GCM_DEFAULT_TAG_SIZE, DO_ENCRYPT

# 定义初始变量
key = rand_bytes(SM4_KEY_SIZE)
iv = rand_bytes(SM4_GCM_DEFAULT_IV_SIZE)
aad = b'Additional auth-data'
plaintext = b'abc'
taglen = SM4_GCM_DEFAULT_TAG_SIZE

# 创建加密对象
sm4_enc = Sm4Gcm(key, iv, aad, taglen, DO_ENCRYPT)
ciphertext = sm4_enc.update(plaintext)  # 获取纯密文（不包含标签）
tag = sm4_enc.finish()                  # 单独获取认证标签
# 修正密文和标签
if len(tag) > taglen:
    ciphertext += tag[0:-taglen]  # 如果标签长度超过预期，截断多余部分
    tag = tag[-taglen:]  # 确保标签长度符合预期

print("1key:", key, binascii.hexlify(key).upper())
print("2tag:", tag, len(tag), binascii.hexlify(tag).upper())
print("3ciphertext:", ciphertext, binascii.hexlify(ciphertext).upper())
print("4iv:", iv, binascii.hexlify(iv).upper())
print("5aad:", aad, binascii.hexlify(aad).upper())

解密过程do_decrypt.py

#!/usr/bin/env python
# -*- encoding: utf-8 -*-
'''
@文件        :do_decrypt.py
@说明        :解密示例
@时间        :2025/06/26 09:51:28
@作者        :wanshitao
@版本        :1.0
'''

from gmssl import Sm4Gcm, SM4_GCM_DEFAULT_TAG_SIZE, DO_DECRYPT
import binascii


key_hex = "0123456789ABCDEFFEDCBA9876543210"
iv_hex = "00001234567800000000ABCD"
aad_hex = "FEEDFACEDEADBEEFFEEDFACEDEADBEEFABADDAD2"
plaintext_hex = "AA"
tag_hex = "4E4F617BDEAA1FDFCC872B9B94721255"
encrypted_hex = "17"

# 转换为字节数据
key = binascii.unhexlify(key_hex)
iv = binascii.unhexlify(iv_hex)
aad = binascii.unhexlify(aad_hex)
plaintext = binascii.unhexlify(plaintext_hex)
tag = binascii.unhexlify(tag_hex)
ciphertext = binascii.unhexlify(encrypted_hex)

print(u'打印每个变量的十六进制表示和长度, 及其原始数据:')
print("Key (hex):", key_hex, "Length:", len(key_hex), key)
print("IV (hex):", iv_hex, "Length:", len(iv_hex), iv)
print("AAD (hex):", aad_hex, "Length:", len(aad_hex), aad)
print("Plaintext (hex):", plaintext_hex, "Length:", len(plaintext_hex), plaintext)
print("Tag (hex):", tag_hex, "Length:", len(tag_hex), tag)
print("Encrypted (hex):", encrypted_hex, "Length:", len(encrypted_hex), ciphertext)

# 解密
sm4_dec = Sm4Gcm(key, iv, aad, SM4_GCM_DEFAULT_TAG_SIZE, DO_DECRYPT)
decrypted = sm4_dec.update(ciphertext+tag)
decrypted += sm4_dec.finish()
# 验证解密后的结果是否与原文一致
if decrypted == plaintext:
    print(u"解密成功，结果与原文一致")
else:
    print(u"解密失败，结果与原文不一致")

# 输出结果
print("origin (hex):", binascii.hexlify(plaintext).upper())
print("Decrypted (hex):", binascii.hexlify(decrypted).upper())