CN111988133A - System SM4 encryption and decryption verification method, device, equipment and storage medium - Google Patents
System SM4 encryption and decryption verification method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111988133A CN111988133A CN202010832985.XA CN202010832985A CN111988133A CN 111988133 A CN111988133 A CN 111988133A CN 202010832985 A CN202010832985 A CN 202010832985A CN 111988133 A CN111988133 A CN 111988133A
- Authority
- CN
- China
- Prior art keywords
- target
- length
- encryption
- decryption
- plaintext file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 title claims abstract description 125
- 238000000034 method Methods 0.000 title claims abstract description 41
- 239000013598 vector Substances 0.000 claims description 77
- 238000012360 testing method Methods 0.000 claims description 43
- 238000004590 computer program Methods 0.000 claims description 10
- 238000010200 validation analysis Methods 0.000 claims 2
- 230000000694 effects Effects 0.000 abstract description 3
- 238000004422 calculation algorithm Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a system SM4 encryption, decryption and verification method, which comprises the following steps: when a system SM4 encryption and decryption verification request is received, acquiring the length of a target plaintext file and the length of a target key; acquiring a first random array of the length of a target plaintext file by using a shell script to obtain the target plaintext file; acquiring a second random array of the length of the target secret key by using the shell script to obtain the target secret key; and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system. By applying the technical scheme provided by the embodiment of the invention, the accuracy of encrypting and decrypting verification of the system SM4 is improved, and the verification efficiency is greatly improved. The invention also discloses a system SM4 encryption and decryption verification device, equipment and a storage medium, and has corresponding technical effects.
Description
Technical Field
The invention relates to the technical field of computer application, in particular to a method, a device, equipment and a computer readable storage medium for verifying encryption and decryption of a system SM 4.
Background
In data transmission and data storage, data are encrypted to ensure data security. GmSSL is a software library package of open source codes, can support cryptographic algorithms SM2/SM3/SM4/SM9 and the like compared with OpenSSL, and belongs to a software method for realizing encryption. At present, some chip companies use GmSSL tools to encapsulate the GmSSL tools into own hardware encryption engines, so that the new GmSSL not only supports the hardware engine encryption of the chip, but also can realize software encryption. The SM4 packet encryption algorithm is a packet encryption algorithm used in China wireless standard, is widely applied, and needs to verify whether the system can successfully perform SM4 encryption and decryption before the system performs data encryption and decryption by using the SM4 packet encryption algorithm.
The existing system SM4 encryption, decryption and verification method is to select a specific plaintext file and a key with a supportable plaintext length by manually setting a single line instruction, and perform SM4 encryption, decryption and verification on the system by using the plaintext file and the key. The method is low in implementation efficiency, each encryption is specified to be executed with a fixed plaintext length, the verification coverage is not random and complete enough, and the encryption and decryption verification of the system SM4 is not accurate.
In summary, how to effectively solve the problems that the efficiency is low, the verification coverage is not random and complete enough, the verification is not accurate and the like when the single-line instruction is manually set to perform the encryption and decryption verification of the system SM4 is a problem that needs to be solved urgently by a person skilled in the art at present.
Disclosure of Invention
The invention aims to provide a system SM4 encryption and decryption verification method, which improves the accuracy of system SM4 encryption and decryption verification and greatly improves the verification efficiency; another object of the present invention is to provide a system SM4 encryption and decryption verification apparatus, device and computer readable storage medium.
In order to solve the technical problems, the invention provides the following technical scheme:
a system SM4 encryption and decryption verification method comprises the following steps:
when a system SM4 encryption and decryption verification request is received, acquiring the length of a target plaintext file and the length of a target key;
acquiring a first random array of the length of the target plaintext file by using a shell script to obtain the target plaintext file;
acquiring a second random array of the length of the target secret key by using the shell script to obtain the target secret key;
and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through a hardware engine and a GmSSL software package so as to carry out SM4 encryption, decryption and verification operations on the system.
In a specific embodiment of the present invention, obtaining a length of a target plaintext file includes:
judging whether a preset plaintext file length exists or not;
if so, determining the length of the preset plaintext file as the length of the target plaintext file;
if not, utilizing the shell script to randomly acquire a first random length number from a plaintext file length array, and determining the first random length number as the target plaintext file length.
In an embodiment of the present invention, obtaining the target key length includes:
judging whether a preset key length exists or not;
if yes, determining the preset secret key length as the target secret key length;
if not, randomly acquiring a second random length number from the key length array by using the shell script, and determining the second random length number as the target key length.
In a specific embodiment of the present invention, the encrypting and decrypting the target plaintext file by the hardware engine and the GmSSL package using the target key respectively includes:
acquiring a target SM4 test mode;
judging whether the target SM4 test mode is a codebook mode;
if so, respectively carrying out encryption and decryption operations on the target plaintext file by using the target secret key through the hardware engine and the GmSSL software package;
if not, acquiring a target initialization vector, and respectively performing encryption and decryption operations on the target plaintext file by using the target key and the target initialization vector through the hardware engine and the GmSSL software package.
In a specific embodiment of the present invention, obtaining a target initialization vector includes:
acquiring the length of a target vector;
and acquiring a third random array of the length of the target vector by using the shell script to obtain the target initialization vector.
In a specific embodiment of the present invention, obtaining the target vector length includes:
judging whether a preset vector length exists or not;
if so, determining the preset vector length as the target vector length;
if not, utilizing the shell script to randomly acquire a third random length number from a vector length array, and determining the third random length number as the target vector length.
In a specific embodiment of the present invention, respectively performing an encryption and decryption operation on the target plaintext file by using the target key through a hardware engine and a GmSSL software package, so as to perform an SM4 encryption, decryption and verification operation on the system, including:
encrypting the target plaintext file by using the target secret key through the hardware engine to obtain a hardware encrypted ciphertext file;
encrypting the target plaintext file by using the target secret key through the GmSSL software package to obtain a software encrypted ciphertext file;
judging whether the hardware encrypted ciphertext file is consistent with the software encrypted ciphertext file;
if yes, the system SM4 encrypted item test passes;
decrypting the hardware encrypted ciphertext file through the hardware engine to obtain a hardware decrypted plaintext file;
judging whether the hardware decryption plaintext file is consistent with the target plaintext file;
if yes, the system SM4 decryption item test passes;
when the system SM4 encrypted item and the system SM4 decrypted item both pass the test, determining that the SM4 encrypted decryption corresponding to the system passes the verification.
A system SM4 encryption decryption verification apparatus, comprising:
the length obtaining module is used for obtaining the length of a target plaintext file and the length of a target secret key when receiving an encryption, decryption and verification request of the system SM 4;
the plaintext file obtaining module is used for obtaining a first random array of the length of the target plaintext file by using the shell script to obtain the target plaintext file;
the key obtaining module is used for obtaining a second random array of the target key length by utilizing the shell script to obtain a target key;
and the encryption and decryption verification module is used for performing encryption and decryption operations on the target plaintext file by using the target key through a hardware engine and a GmSSL software package respectively so as to perform SM4 encryption and decryption verification operations on the system.
A system SM4 encryption decryption verification device comprising:
a memory for storing a computer program;
a processor for implementing the steps of the system SM4 encryption decryption verification method as described above when executing the computer program.
A computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the system SM4 encryption decryption verification method as described above.
By applying the method provided by the embodiment of the invention, when a system SM4 encryption, decryption and verification request is received, the length of a target plaintext file and the length of a target key are obtained; acquiring a first random array of the length of a target plaintext file by using a shell script to obtain the target plaintext file; acquiring a second random array of the length of the target secret key by using the shell script to obtain the target secret key; and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system. The first random array is obtained by the shell script to serve as a target plaintext file, the second random array is obtained by the shell script to serve as a target key, randomness of the target plaintext file and the target key is enhanced, accordingly, randomness and integrity of a verification covering surface are enhanced, and accuracy of encryption, decryption and verification of the system SM4 is improved. And the target plaintext file and the target secret key are automatically acquired through the shell script, so that the verification efficiency is greatly improved.
Correspondingly, the embodiment of the present invention further provides a system SM4 encryption/decryption verification apparatus, device and computer-readable storage medium corresponding to the system SM4 encryption/decryption verification method, which have the above technical effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an implementation of the encryption/decryption verification method of the system SM4 according to the embodiment of the present invention;
fig. 2 is a flowchart of another implementation of the encryption/decryption verification method of the system SM4 according to the embodiment of the present invention;
fig. 3 is a flowchart of another implementation of the encryption/decryption verification method of the system SM4 according to the embodiment of the present invention;
fig. 4 is a block diagram of a system SM4 encryption/decryption verification apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of a system SM4 encryption/decryption verification apparatus according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment is as follows:
referring to fig. 1, fig. 1 is a flowchart of an implementation of a method for verifying encryption and decryption by a system SM4 according to an embodiment of the present invention, where the method may include the following steps:
s101: when receiving the system SM4 encryption/decryption verification request, the target plaintext file length and the target key length are acquired.
When the SM4 encryption, decryption and verification are required to be carried out on the system, a system SM4 encryption, decryption and verification request is sent to a system encryption, decryption and verification center, the system encryption, decryption and verification center receives the system SM4 encryption, decryption and verification request, and the length of a target plaintext file and the length of a target key are obtained.
S102: and obtaining a first random array of the length of the target plaintext file by using the shell script to obtain the target plaintext file.
After the length of the target plaintext file is obtained, a first random array of the length of the target plaintext file is obtained by using the shell script, and the target plaintext file is obtained. For example, the shell script can be used to obtain the first random array of the length of the target plaintext file from the file database, so as to obtain the target plaintext file.
S103: and obtaining a second random array of the length of the target secret key by using the shell script to obtain the target secret key.
After the target key length is obtained, a second random array of the target key length is obtained by using the shell script, and the target key is obtained. For example, the shell script may be used to obtain the second random array of the target key length from the key database, thereby obtaining the target key.
S104: and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system.
After the target plaintext file and the target key are obtained, the target plaintext file is encrypted and decrypted by the aid of the target key through a hardware engine and a GmSSL software package respectively to obtain encryption and decryption result information, and SM4 encryption, decryption and verification operations are performed on the system according to the encryption and decryption result information. Specifically, the SM4 encryption verification is performed on the system by comparing the consistency of the hardware encryption result and the software encryption result, the hardware decryption plaintext file is obtained after the encrypted hardware encryption ciphertext file is decrypted by using the hardware engine, and the SM4 decryption verification is performed on the system by comparing the hardware decryption plaintext file with the target plaintext file. The first random array is obtained through traversal of the shell script and serves as a target plaintext file, the second random array is obtained through traversal of the shell script and serves as a target secret key, randomness of the target plaintext file and the target secret key is enhanced, accordingly, randomness and integrity of a verification covering surface are enhanced, and accuracy of encryption, decryption and verification of the system SM4 is improved. And the target plaintext file and the target secret key are automatically acquired through the shell script, so that the verification efficiency is greatly improved.
By applying the method provided by the embodiment of the invention, when a system SM4 encryption, decryption and verification request is received, the length of a target plaintext file and the length of a target key are obtained; acquiring a first random array of the length of a target plaintext file by using a shell script to obtain the target plaintext file; acquiring a second random array of the length of the target secret key by using the shell script to obtain the target secret key; and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system. The first random array is obtained by the shell script to serve as a target plaintext file, the second random array is obtained by the shell script to serve as a target key, randomness of the target plaintext file and the target key is enhanced, accordingly, randomness and integrity of a verification covering surface are enhanced, and accuracy of encryption, decryption and verification of the system SM4 is improved. And the target plaintext file and the target secret key are automatically acquired through the shell script, so that the verification efficiency is greatly improved.
It should be noted that, based on the first embodiment, the embodiment of the present invention further provides a corresponding improvement scheme. In the following embodiments, steps that are the same as or correspond to those in the first embodiment may be referred to each other, and corresponding advantageous effects may also be referred to each other, which are not described in detail in the following modified embodiments.
Example two:
referring to fig. 2, fig. 2 is a flowchart of another implementation of the encryption, decryption and verification method of the system SM4 according to an embodiment of the present invention, where the method may include the following steps:
s201: the receiving system SM4 encrypts the decryption verification request.
S202: and judging whether the preset plaintext file length exists, if so, executing step S203, and if not, executing step S204.
There are two cases, one in which the length of the target plaintext file for the system SM4 encryption decryption verification is specified in advance, and the other in which the length of the target plaintext file for the system SM4 encryption decryption verification is not specified. After receiving the system SM4 encryption/decryption verification request, determining whether a preset plaintext file length exists, if so, indicating that the length of the target plaintext file for system SM4 encryption/decryption verification is pre-designated, executing step S203, and if not, indicating that the length of the target plaintext file for system SM4 encryption/decryption verification is not pre-designated, executing step S204.
S203: and determining the length of the preset plaintext file as the length of the target plaintext file.
And when the preset plaintext file length is determined to exist, determining the preset plaintext file length as the target plaintext file length.
S204: and randomly acquiring a first random length number from the plaintext file length array by using the shell script, and determining the first random length number as the length of the target plaintext file.
A plaintext file length array is preset, and the plaintext file length array comprises a plurality of different first random length numbers. And when the preset plaintext file length does not exist, randomly acquiring a first random length number from the plaintext file length array by using the shell script, and determining the first random length number as the target plaintext file length.
S205: and obtaining a first random array of the length of the target plaintext file by using the shell script to obtain the target plaintext file.
S206: determining whether a preset key length exists, if yes, performing step S207, and if not, performing step S208.
There are also two cases regarding the length of the target key, one being the length of the target key that is previously designated for encryption decryption verification by the system SM4, and the other being the length of the target key that is not designated for encryption decryption verification by the system SM4, in analogy with the length of the target plaintext file. After receiving the system SM4 encryption/decryption verification request, it is determined whether a preset key length exists, if so, it indicates that the length of the target key used for the system SM4 encryption/decryption verification is specified in advance, step S207 is performed, and if not, it indicates that the length of the target key used for the system SM4 encryption/decryption verification is not specified in advance, and step S208 is performed.
S207: and determining the preset key length as the target key length.
And when the preset key length is determined to exist, determining the preset key length as the target key length.
S208: and randomly acquiring a second random length number from the key length array by using the shell script, and determining the second random length number as the target key length.
A key length array is preset, and the key length array comprises a plurality of different second random length numbers. And when the preset secret key length does not exist, randomly acquiring a second random length number from the secret key length array by using the shell script, and determining the second random length number as the target secret key length.
S209: and obtaining a second random array of the length of the target secret key by using the shell script to obtain the target secret key.
S210: the target SM4 test pattern is obtained.
The SM4 cryptographic algorithm has 5 working modes, which are respectively: 1) electronic Codebook mode (ECB), Electronic Codebook Book; 2) cipher Block Chaining (CBC); 3) calculator mode (CTR, Counter); 4) cipher FeedBack mode (CFB, Cipher FeedBack); 5) output FeedBack mode (OFB). Correspondingly, the system SM4 encryption and decryption verification also exists in the mode 5 above, and after the target plaintext file and the target key are obtained, the target SM4 test mode is obtained.
S211: it is determined whether the target SM4 test mode is the codebook mode, if yes, step S212 is executed, and if no, step S213 is executed.
In 5 test modes of system SM4 encryption and decryption verification, the code book mode encryption only needs a key and does not need an initialization vector, and the other 4 test modes need the key and the initialization vector. After the target SM4 test mode is acquired, it is determined whether the target SM4 test mode is a codebook mode, if so, step S212 is executed, and if not, step S213 is executed.
S212: and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system.
And when the target SM4 test mode is determined to be the code book mode, respectively performing encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package.
S213: it is determined whether the predetermined vector length exists, if yes, step S214 is executed, and if not, step S215 is executed.
There are also two cases regarding the length of the target initialization vector, one being the length of the target initialization vector that is previously designated for encryption decryption verification by the system SM4, and the other being the length of the target initialization vector that is not designated for encryption decryption verification by the system SM4, in analogy with the length of the target plaintext file and the length of the target key. When the target SM4 test mode is determined to be the non-electric code book mode, determining whether a preset vector length exists, if so, indicating that the length of the target initialization vector used for system SM4 encryption/decryption verification is pre-designated, executing step S214, otherwise, indicating that the length of the target initialization vector used for system SM4 encryption/decryption verification is not pre-designated, and executing step S215.
S214: and determining the preset vector length as the target vector length.
And when the preset vector length is determined to exist, determining the preset vector length as the target vector length.
S215: and randomly acquiring a third random length number from the vector length array by using the shell script, and determining the third random length number as the target vector length.
And presetting a vector length array, wherein the vector length array comprises a plurality of different third random length numbers. And when the preset vector length does not exist, randomly acquiring a third random length number from the vector length array by using the shell script, and determining the third random length number as the target vector length.
S216: and acquiring a third random array of the length of the target vector by using the shell script to obtain a target initialization vector.
And after the target vector length is obtained, obtaining a third random array of the target vector length by using the shell script to obtain a target initialization vector. For example, a third random array of the target vector length may be obtained from the vector database using the shell script, thereby obtaining the target initialization vector.
S217: and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key and the target initialization vector through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system.
Under the condition that the target SM4 test mode is the non-electric code book mode, after the target key, the target initialization vector and the target plaintext file are respectively obtained, the target plaintext file is encrypted and decrypted by the hardware engine and the GmSSL software package through the target key and the target initialization vector.
Example three:
referring to fig. 3, fig. 3 is a flowchart of another implementation of the encryption, decryption and verification method of the system SM4 according to the embodiment of the present invention, where the method may include the following steps:
s301: when receiving the system SM4 encryption/decryption verification request, the target plaintext file length and the target key length are acquired.
S302: and obtaining a first random array of the length of the target plaintext file by using the shell script to obtain the target plaintext file.
S303: and obtaining a second random array of the length of the target secret key by using the shell script to obtain the target secret key.
S304: and encrypting the target plaintext file by using the target secret key through the hardware engine to obtain a hardware encrypted ciphertext file.
After the target plaintext file and the target secret key are obtained, the hardware engine is used for encrypting the target plaintext file by using the target secret key to obtain a hardware encrypted ciphertext file.
S305: and encrypting the target plaintext file by using the target secret key through the GmSSL software package to obtain a software encrypted ciphertext file.
After the target plaintext file and the target secret key are obtained, the target plaintext file is encrypted by the GmSSL software package through the target secret key, and a software encrypted ciphertext file is obtained.
S306: and judging whether the hardware encrypted ciphertext file is consistent with the software encrypted ciphertext file, if so, executing step S307, and if not, executing step S308.
After the hardware encrypted ciphertext file and the software encrypted ciphertext file are obtained, whether the hardware encrypted ciphertext file is consistent with the software encrypted ciphertext file or not is judged, if yes, the system supports the encryption item of the SM4 national cryptographic algorithm, step S307 is executed, if not, the system does not support the encryption item of the SM4 national cryptographic algorithm, and step S308 is executed.
S307: the system SM4 encrypted item test passed.
When the hardware encrypted ciphertext file is determined to be consistent with the software encrypted ciphertext file, the system SM4 encrypted item passes the test.
S308: the system SM4 encryption item test failed.
When it is determined that the hardware encrypted ciphertext file is inconsistent with the software encrypted ciphertext file, the system SM4 test fails for the encrypted item.
S309: and carrying out decryption operation on the hardware encrypted ciphertext file through the hardware engine to obtain a hardware decrypted plaintext file.
After the hardware encryption ciphertext file is obtained, the hardware encryption ciphertext file is decrypted through a hardware engine, and a hardware decryption plaintext file is obtained.
S310: and judging whether the hardware decryption plaintext file is consistent with the target plaintext file, if so, executing step S311, and if not, executing step S312.
After the hardware decryption plaintext file is obtained, whether the hardware decryption plaintext file is consistent with the target plaintext file or not is judged, if yes, the system is described to support the decryption item of the SM4 national cryptographic algorithm, step S311 is executed, if not, the system is described to not support the decryption item of the SM4 national cryptographic algorithm, and step S312 is executed.
S311: the system SM4 decrypted item test passed.
Upon determining that the hardware decrypted plaintext file is consistent with the target plaintext file, the system SM4 decrypted item test passes.
S312: the system SM4 decryption item test failed.
Upon determining that the hardware decrypted plaintext file is inconsistent with the target plaintext file, the system SM4 decryption item test fails.
S313: when the system SM4 encrypted item and the system SM4 decrypted item pass the test, the SM4 corresponding to the system is determined to pass the encryption and decryption verification.
When the encrypted item of the system SM4 and the decrypted item of the system SM4 are determined to pass the test, the encrypted and decrypted items of the SM4 corresponding to the system are determined to pass the verification. A series of test verifications such as hardware encryption and decryption, software encryption, file comparison and the like under five modes of the SM4 national cryptographic algorithm are efficiently and quickly realized in a shell language automation mode. The length of the target plaintext file, the length of the target key and the length of the target vector can be specified in the verification process. If the data length is not specified, plaintext files with all lengths can be tested from corresponding arrays in a traversing mode, keys and initialization vectors with different lengths can be randomly selected, the keys and the initialization vectors with random lengths are covered, plaintext encryption processes with various lengths are achieved, test randomness and complete coverage are guaranteed, and support of an SM4 cryptographic algorithm by the verification system is accurate and efficient.
The process of encrypting and decrypting the verification by the shell language implementation system SM4 can comprise the following steps:
defining function and obtaining plaintext
Setting a plaintext length array to be verified when a fixed plaintext length is not specified
LEN_SM4=(16 32 64 256 1024 8192 16384)
Sequentially fetching numbers from the plaintext length array to generate the plaintext with different lengths
Defining a function, obtaining a key or number initialization vector (iv)
Define 5 patterns for SM4 testing
Test verification process for hardware encryption and decryption and software encryption of definition function, SM4
Corresponding to the above method embodiment, the embodiment of the present invention further provides a system SM4 encryption/decryption verification apparatus, and the system SM4 encryption/decryption verification apparatus described below and the system SM4 encryption/decryption verification method described above may be referred to correspondingly.
Referring to fig. 4, fig. 4 is a block diagram of a system SM4 encryption/decryption verification apparatus according to an embodiment of the present invention, where the apparatus may include:
a length obtaining module 41, configured to obtain a target plaintext file length and a target key length when receiving an encryption/decryption verification request from the system SM 4;
a plaintext file obtaining module 42, configured to obtain a first random array of a length of a target plaintext file by using a shell script, to obtain the target plaintext file;
the key obtaining module 43 is configured to obtain a second random array of the target key length by using the shell script, so as to obtain a target key;
and the encryption and decryption verification module 44 is configured to perform encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package, respectively, so as to perform an SM4 encryption and decryption verification operation on the system.
By applying the device provided by the embodiment of the invention, when a system SM4 encryption, decryption and verification request is received, the length of a target plaintext file and the length of a target key are obtained; acquiring a first random array of the length of a target plaintext file by using a shell script to obtain the target plaintext file; acquiring a second random array of the length of the target secret key by using the shell script to obtain the target secret key; and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system. The first random array is obtained by the shell script to serve as a target plaintext file, the second random array is obtained by the shell script to serve as a target key, randomness of the target plaintext file and the target key is enhanced, accordingly, randomness and integrity of a verification covering surface are enhanced, and accuracy of encryption, decryption and verification of the system SM4 is improved. And the target plaintext file and the target secret key are automatically acquired through the shell script, so that the verification efficiency is greatly improved.
In a specific embodiment of the present invention, the length obtaining module 41 includes a plaintext file length obtaining sub-module, and the plaintext file length obtaining sub-module includes:
the first judgment unit is used for judging whether the length of a preset plaintext file exists or not;
the first plaintext file length determining unit is used for determining the length of the preset plaintext file as the length of the target plaintext file when the preset plaintext file length is determined to exist;
and the second plaintext file length determining unit is used for randomly acquiring a first random length number from the plaintext file length array by using the shell script when the preset plaintext file length is determined not to exist, and determining the first random length number as the target plaintext file length.
In a specific embodiment of the present invention, the length obtaining module 41 includes a key length obtaining sub-module, and the key length obtaining sub-module includes:
a second judging unit, configured to judge whether a preset key length exists;
the first secret key length determining unit is used for determining the preset secret key length as a target secret key length when the preset secret key length is determined to exist;
and the second secret key length determining unit is used for randomly acquiring a second random length number from the secret key length array by using the shell script when the preset secret key length is determined not to exist, and determining the second random length number as the target secret key length.
In one embodiment of the present invention, the encryption/decryption verification module 44 includes:
the mode acquisition submodule is used for acquiring a target SM4 test mode;
the first judgment submodule is used for judging whether the target SM4 test mode is a code book mode;
the first encryption and decryption submodule is used for respectively carrying out encryption and decryption operations on a target plaintext file by using a target secret key through a hardware engine and a GmSSL software package when the target SM4 test mode is determined to be a code book mode;
and the second encryption and decryption submodule is used for acquiring a target initialization vector when the target SM4 test mode is determined to be a non-electric codebook mode, and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key and the target initialization vector through a hardware engine and a GmSSL software package.
In one embodiment of the invention, the second encryption/decryption submodule comprises a vector acquisition unit,
a vector acquisition unit for acquiring a target vector length; and acquiring a third random array of the length of the target vector by using the shell script to obtain a target initialization vector.
In one embodiment of the present invention, the vector obtaining unit includes:
the judging subunit is used for judging whether a preset vector length exists or not;
a first vector length determination subunit for determining a preset vector length as a target vector length when it is determined that the preset vector length exists;
and the second vector length determining subunit is used for randomly acquiring a third random length number from the vector length array by using the shell script when the preset vector length is determined not to exist, and determining the third random length number as the target vector length.
In one embodiment of the present invention, the encryption/decryption verification module 44 includes:
the hardware encryption submodule is used for carrying out encryption operation on a target plaintext file by using a target secret key through a hardware engine to obtain a hardware encryption ciphertext file;
the software encryption submodule is used for carrying out encryption operation on a target plaintext file by using a target secret key through a GmSSL software package to obtain a software encryption ciphertext file;
the second judgment submodule is used for judging whether the hardware encrypted ciphertext file is consistent with the software encrypted ciphertext file;
the encryption item test result obtaining submodule is used for passing the test of the encryption item of the system SM4 when the hardware encryption ciphertext file is determined to be consistent with the software encryption ciphertext file;
the hardware decryption submodule is used for carrying out decryption operation on the hardware encrypted ciphertext file through a hardware engine to obtain a hardware decrypted plaintext file;
the third judgment submodule is used for judging whether the hardware decryption plaintext file is consistent with the target plaintext file;
the decryption item test result obtaining submodule is used for passing the decryption item test of the system SM4 when the hardware decryption plaintext file is determined to be consistent with the target plaintext file;
and the system encryption and decryption verification result obtaining sub-module is used for determining that the SM4 corresponding to the system passes the encryption and decryption verification when both the system SM4 encrypted item and the system SM4 decrypted item pass the test.
Corresponding to the above method embodiment, referring to fig. 5, fig. 5 is a schematic diagram of a system SM4 encryption/decryption verification apparatus provided in the present invention, where the apparatus may include:
a memory 51 for storing a computer program;
the processor 52, when executing the computer program stored in the memory 51, may implement the following steps:
when a system SM4 encryption and decryption verification request is received, acquiring the length of a target plaintext file and the length of a target key; acquiring a first random array of the length of a target plaintext file by using a shell script to obtain the target plaintext file; acquiring a second random array of the length of the target secret key by using the shell script to obtain the target secret key; and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system.
For the introduction of the device provided by the present invention, please refer to the above method embodiment, which is not described herein again.
Corresponding to the above method embodiment, the present invention further provides a computer-readable storage medium having a computer program stored thereon, the computer program, when executed by a processor, implementing the steps of:
when a system SM4 encryption and decryption verification request is received, acquiring the length of a target plaintext file and the length of a target key; acquiring a first random array of the length of a target plaintext file by using a shell script to obtain the target plaintext file; acquiring a second random array of the length of the target secret key by using the shell script to obtain the target secret key; and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through the hardware engine and the GmSSL software package so as to carry out SM4 encryption and decryption verification operations on the system.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
For the introduction of the computer-readable storage medium provided by the present invention, please refer to the above method embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device, the apparatus and the computer-readable storage medium disclosed in the embodiments correspond to the method disclosed in the embodiments, so that the description is simple, and the relevant points can be referred to the description of the method.
The principle and the implementation of the present invention are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present invention. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (10)
1. A system SM4 encryption and decryption verification method is characterized by comprising the following steps:
when a system SM4 encryption and decryption verification request is received, acquiring the length of a target plaintext file and the length of a target key;
acquiring a first random array of the length of the target plaintext file by using a shell script to obtain the target plaintext file;
acquiring a second random array of the length of the target secret key by using the shell script to obtain the target secret key;
and respectively carrying out encryption and decryption operations on the target plaintext file by using the target key through a hardware engine and a GmSSL software package so as to carry out SM4 encryption, decryption and verification operations on the system.
2. The system SM4 encryption, decryption and verification method of claim 1, wherein obtaining the target plaintext file length comprises:
judging whether a preset plaintext file length exists or not;
if so, determining the length of the preset plaintext file as the length of the target plaintext file;
if not, utilizing the shell script to randomly acquire a first random length number from a plaintext file length array, and determining the first random length number as the target plaintext file length.
3. The system SM4 encryption decryption verification method of claim 1, wherein obtaining a target key length comprises:
judging whether a preset key length exists or not;
if yes, determining the preset secret key length as the target secret key length;
if not, randomly acquiring a second random length number from the key length array by using the shell script, and determining the second random length number as the target key length.
4. The system SM4 encryption, decryption and verification method according to any one of claims 1 to 3, wherein performing encryption and decryption operations on the target plaintext file by using the target key through a hardware engine and a GmSSL software package respectively includes:
acquiring a target SM4 test mode;
judging whether the target SM4 test mode is a codebook mode;
if so, respectively carrying out encryption and decryption operations on the target plaintext file by using the target secret key through the hardware engine and the GmSSL software package;
if not, acquiring a target initialization vector, and respectively performing encryption and decryption operations on the target plaintext file by using the target key and the target initialization vector through the hardware engine and the GmSSL software package.
5. The system SM4 encryption decryption validation method of claim 4, wherein obtaining a target initialization vector comprises:
acquiring the length of a target vector;
and acquiring a third random array of the length of the target vector by using the shell script to obtain the target initialization vector.
6. The system SM4 encryption decryption verification method of claim 5, wherein obtaining the target vector length comprises:
judging whether a preset vector length exists or not;
if so, determining the preset vector length as the target vector length;
if not, utilizing the shell script to randomly acquire a third random length number from a vector length array, and determining the third random length number as the target vector length.
7. The system SM4 encryption, decryption and verification method according to claim 1, wherein performing an SM4 encryption, decryption and verification operation on the system by performing an encryption and decryption operation on the target plaintext file with the target key through a hardware engine and a GmSSL software package respectively comprises:
encrypting the target plaintext file by using the target secret key through the hardware engine to obtain a hardware encrypted ciphertext file;
encrypting the target plaintext file by using the target secret key through the GmSSL software package to obtain a software encrypted ciphertext file;
judging whether the hardware encrypted ciphertext file is consistent with the software encrypted ciphertext file;
if yes, the system SM4 encrypted item test passes;
decrypting the hardware encrypted ciphertext file through the hardware engine to obtain a hardware decrypted plaintext file;
judging whether the hardware decryption plaintext file is consistent with the target plaintext file;
if yes, the system SM4 decryption item test passes;
when the system SM4 encrypted item and the system SM4 decrypted item both pass the test, determining that the SM4 encrypted decryption corresponding to the system passes the verification.
8. A system SM4 encryption decryption verification apparatus, comprising:
the length obtaining module is used for obtaining the length of a target plaintext file and the length of a target secret key when receiving an encryption, decryption and verification request of the system SM 4;
the plaintext file obtaining module is used for obtaining a first random array of the length of the target plaintext file by using the shell script to obtain the target plaintext file;
the key obtaining module is used for obtaining a second random array of the target key length by utilizing the shell script to obtain a target key;
and the encryption and decryption verification module is used for performing encryption and decryption operations on the target plaintext file by using the target key through a hardware engine and a GmSSL software package respectively so as to perform SM4 encryption and decryption verification operations on the system.
9. A system SM4 encryption decryption verification device, comprising:
a memory for storing a computer program;
processor for implementing the steps of the system SM4 encryption decryption verification method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the system SM4 encryption decryption validation method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010832985.XA CN111988133B (en) | 2020-08-18 | 2020-08-18 | System SM4 encryption and decryption verification method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010832985.XA CN111988133B (en) | 2020-08-18 | 2020-08-18 | System SM4 encryption and decryption verification method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111988133A true CN111988133A (en) | 2020-11-24 |
| CN111988133B CN111988133B (en) | 2023-05-16 |
Family
ID=73435682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010832985.XA Active CN111988133B (en) | 2020-08-18 | 2020-08-18 | System SM4 encryption and decryption verification method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111988133B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277028A (en) * | 2022-09-27 | 2022-11-01 | 三未信安科技股份有限公司 | Verification system and method for cryptographic algorithm chip |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070074027A1 (en) * | 2005-09-26 | 2007-03-29 | Tien-Chun Tung | Methods of verifying, signing, encrypting, and decrypting data and file |
| CN108632248A (en) * | 2018-03-22 | 2018-10-09 | 平安科技(深圳)有限公司 | Data ciphering method, data query method, apparatus, equipment and storage medium |
| CN108959982A (en) * | 2018-07-06 | 2018-12-07 | 江苏北弓智能科技有限公司 | A kind of mobile terminal document encrypting and deciphering system and method based on hardware encryption TF card |
| CN109347627A (en) * | 2018-09-19 | 2019-02-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, device, computer equipment and storage medium |
-
2020
- 2020-08-18 CN CN202010832985.XA patent/CN111988133B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070074027A1 (en) * | 2005-09-26 | 2007-03-29 | Tien-Chun Tung | Methods of verifying, signing, encrypting, and decrypting data and file |
| CN108632248A (en) * | 2018-03-22 | 2018-10-09 | 平安科技(深圳)有限公司 | Data ciphering method, data query method, apparatus, equipment and storage medium |
| CN108959982A (en) * | 2018-07-06 | 2018-12-07 | 江苏北弓智能科技有限公司 | A kind of mobile terminal document encrypting and deciphering system and method based on hardware encryption TF card |
| CN109347627A (en) * | 2018-09-19 | 2019-02-15 | 平安科技(深圳)有限公司 | Data encryption/decryption method, device, computer equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277028A (en) * | 2022-09-27 | 2022-11-01 | 三未信安科技股份有限公司 | Verification system and method for cryptographic algorithm chip |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111988133B (en) | 2023-05-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109429222B (en) | Method for encrypting wireless network equipment upgrading program and communication data | |
| CN112291190B (en) | Identity authentication method, terminal and server | |
| CN102422296B (en) | Method for authenticating access to a secured chip by a test device | |
| CN102163268B (en) | The term of execution verifying software code the method and apparatus of integrality | |
| CN106055936B (en) | Executable program data packet encrypting/decrypting method and device | |
| CN106452770B (en) | Data encryption method, data decryption method, device and system | |
| CN105450620A (en) | Information processing method and device | |
| CN105577379A (en) | Information processing method and apparatus thereof | |
| CN103946856A (en) | Encryption and decryption process method, apparatus and device | |
| CN112528236B (en) | Application software authorization method based on virtual machine | |
| US11128455B2 (en) | Data encryption method and system using device authentication key | |
| US20050207570A1 (en) | Encryption apparatus, program for use therewith, and method for use therewith | |
| CN111988133B (en) | System SM4 encryption and decryption verification method, device, equipment and storage medium | |
| CN102270285A (en) | Key authorization information management method and device | |
| CN110069241A (en) | Acquisition methods, device, client device and the server of pseudo random number | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| CN112528309A (en) | Data storage encryption and decryption method and device | |
| CN104883260B (en) | Certificate information processing and verification method, processing terminal and authentication server | |
| CN109150813A (en) | A kind of verification method and device of equipment | |
| FI120174B (en) | Saving data with the device | |
| CN113726742B (en) | Test authentication method, device, electronic equipment and medium | |
| CN117255341B (en) | MIFI-based data encryption transmission protection method and system | |
| CN116305193B (en) | Encryption configuration file generation method and device | |
| CN112084518B (en) | Safety identification method based on communication control module | |
| CN113572599B (en) | Power data transmission method, data source equipment and data access equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |