From 47c94adf145febe6063a30ba977e464ef8dd7108 Mon Sep 17 00:00:00 2001
From: Dai Zhiwei <daizhiwei3@huawei.com>
Date: Sat, 8 Oct 2022 16:06:10 +0800
Subject: [PATCH] rgw sm4 refactor impl and add rgw_crypt_chunk_size option

---
 src/common/legacy_config_opts.h |   2 +
 src/common/options.cc           |  10 +
 src/rgw/rgw_crypt.cc            | 429 +++++++++++++++++++--------
 src/rgw/rgw_crypt.h             |   3 +
 src/rgw/rgw_kms.cc              |  36 ++-
 src/test/rgw/test_rgw_crypto.cc | 503 +++++++++++++++++++++++++++++++-
 6 files changed, 848 insertions(+), 135 deletions(-)

diff --git a/src/common/legacy_config_opts.h b/src/common/legacy_config_opts.h
index 10c4d7d206..c2e9d9a83b 100644
--- a/src/common/legacy_config_opts.h
+++ b/src/common/legacy_config_opts.h
@@ -1241,6 +1241,7 @@ OPTION(rgw_max_attr_size, OPT_SIZE)
 OPTION(rgw_max_attrs_num_in_req, OPT_U64)
 
 OPTION(rgw_max_chunk_size, OPT_INT)
+OPTION(rgw_crypt_chunk_size, OPT_INT)
 OPTION(rgw_put_obj_min_window_size, OPT_INT)
 OPTION(rgw_put_obj_max_window_size, OPT_INT)
 OPTION(rgw_max_put_size, OPT_U64)
@@ -1527,6 +1528,7 @@ OPTION(rgw_crypt_kmip_s3_key_template, OPT_STR) // sse-s3; kmip key names
 
 OPTION(rgw_crypt_s3_kms_encryption_keys, OPT_STR) // extra keys that may be used for aws:kms
                                                       // defined as map "key1=YmluCmJvb3N0CmJvb3N0LQ== key2=b3V0CnNyYwpUZXN0aW5nCg=="
+OPTION(rgw_crypt_s3_kms_algorithm, OPT_STR)  // SSE-KMS encryption algorithm, support aes and sm4
 OPTION(rgw_crypt_suppress_logs, OPT_BOOL)   // suppress logs that might print customer key
 OPTION(rgw_list_bucket_min_readahead, OPT_INT) // minimum number of entries to read from rados for bucket listing
 
diff --git a/src/common/options.cc b/src/common/options.cc
index cef26003c2..dcc22b0ff4 100644
--- a/src/common/options.cc
+++ b/src/common/options.cc
@@ -5772,6 +5772,11 @@ std::vector<Option> get_rgw_options() {
         "need to be atomic, and anything larger than this would require more than a single "
         "operation."),
 
+    Option("rgw_crypt_chunk_size", Option::TYPE_SIZE, Option::LEVEL_ADVANCED)
+    .set_default(4096)
+    .set_min(4096)
+    .set_description("Set RGW crypt chunk size"),
+
     Option("rgw_put_obj_min_window_size", Option::TYPE_SIZE, Option::LEVEL_ADVANCED)
     .set_default(16_M)
     .set_description("The minimum RADOS write window size (in bytes).")
@@ -7139,6 +7144,11 @@ std::vector<Option> get_rgw_options() {
     .set_default("")
     .set_description(""),
 
+    Option("rgw_crypt_s3_kms_algorithm", Option::TYPE_STR, Option::LEVEL_ADVANCED)
+    .set_default("aes")
+    .set_enum_allowed({"aes", "sm4"})
+    .set_description("rgw s3 SSE-KMS algorithm, aes or sm4, Default is aes alg."),
+
     Option("rgw_crypt_vault_auth", Option::TYPE_STR, Option::LEVEL_ADVANCED)
     .set_default("token")
     .set_enum_allowed({"token", "agent"})
diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index 9f7e692564..db6098f7a4 100644
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -309,7 +309,6 @@ CryptoAccelRef get_crypto_accel(CephContext *cct)
 }
 
 
-template <std::size_t KeySizeV, std::size_t IvSizeV>
 static inline
 bool evp_sym_transform(CephContext* const cct,
                        const EVP_CIPHER* const type,
@@ -318,6 +317,8 @@ bool evp_sym_transform(CephContext* const cct,
                        const size_t size,
                        const unsigned char* const iv,
                        const unsigned char* const key,
+                       size_t IvSizeV,
+                       size_t KeySizeV,
                        const bool encrypt)
 {
   using pctx_t = \
@@ -335,11 +336,11 @@ bool evp_sym_transform(CephContext* const cct,
   }
 
   // we want to support ciphers that don't use IV at all like AES-256-ECB
-  if constexpr (static_cast<bool>(IvSizeV)) {
-    ceph_assert(EVP_CIPHER_CTX_iv_length(pctx.get()) == IvSizeV);
-    ceph_assert(EVP_CIPHER_CTX_block_size(pctx.get()) == IvSizeV);
+  if (static_cast<bool>(IvSizeV)) {
+    ceph_assert(EVP_CIPHER_CTX_iv_length(pctx.get()) == (int)IvSizeV);
+    ceph_assert(EVP_CIPHER_CTX_block_size(pctx.get()) == (int)IvSizeV);
   }
-  ceph_assert(EVP_CIPHER_CTX_key_length(pctx.get()) == KeySizeV);
+  ceph_assert(EVP_CIPHER_CTX_key_length(pctx.get()) == (int)KeySizeV);
 
   if (1 != EVP_CipherInit_ex(pctx.get(), nullptr, nullptr, key, iv, encrypt)) {
     ldout(cct, 5) << "EVP: failed to 2nd initialization stage" << dendl;
@@ -398,81 +399,99 @@ bool evp_sym_transform(CephContext* const cct,
  * 6. (Special case) If m == 0 then last n bytes are xor-ed with pattern
  *    obtained by CBC ENCRYPTION of {0} with IV derived from offset
  */
-class AES_256_CBC : public BlockCrypt {
-public:
-  static const size_t AES_256_KEYSIZE = 256 / 8;
-  static const size_t AES_256_IVSIZE = 128 / 8;
-  static const size_t CHUNK_SIZE = 4096;
+const size_t IVSIZE = 128 / 8;
+const size_t KEYSIZE = 256 / 8;
+const uint8_t IV[IVSIZE] = 
+    { 'a', 'e', 's', '2', '5', '6', 'i', 'v', '_', 'c', 't', 'r', '1', '3', '3', '7' }; // no change, version compatibility
+class CBC_MODE : public BlockCrypt {
 private:
-  static const uint8_t IV[AES_256_IVSIZE];
   CephContext* cct;
-  uint8_t key[AES_256_KEYSIZE];
+  uint8_t* iv;
+  uint8_t* key;
 public:
-  explicit AES_256_CBC(CephContext* cct): cct(cct) {
+  const EVP_CIPHER* type;
+  const size_t keysize;
+  const size_t ivsize;
+  const size_t chunksize;
+
+  explicit CBC_MODE(CephContext* cct, const EVP_CIPHER* _type, const size_t _keysize,
+                    const size_t _ivsize, const size_t _chunksize):
+          cct(cct),
+          type(_type),
+          keysize(_keysize),
+          ivsize(_ivsize),
+          chunksize(_chunksize)
+  {
+    iv = new uint8_t[ivsize]();
+    key = new uint8_t[keysize];
+    if (ivsize == IVSIZE) {
+      memcpy(iv , IV, IVSIZE);
+    }
   }
-  ~AES_256_CBC() {
-    ::ceph::crypto::zeroize_for_security(key, AES_256_KEYSIZE);
+  ~CBC_MODE() {
+    delete []iv;
+    delete []key;
   }
-  bool set_key(const uint8_t* _key, size_t key_size) {
-    if (key_size != AES_256_KEYSIZE) {
+  bool set_key(const uint8_t* _key, size_t _keysize) {
+    if (_keysize != keysize) {
       return false;
     }
-    memcpy(key, _key, AES_256_KEYSIZE);
+    memcpy(key, _key, keysize);
     return true;
   }
   size_t get_block_size() {
-    return CHUNK_SIZE;
+    return chunksize;
   }
 
   bool cbc_transform(unsigned char* out,
                      const unsigned char* in,
                      const size_t size,
-                     const unsigned char (&iv)[AES_256_IVSIZE],
-                     const unsigned char (&key)[AES_256_KEYSIZE],
+                     const unsigned char* const _iv,
+                     const unsigned char* const _key,
                      bool encrypt)
   {
-    return evp_sym_transform<AES_256_KEYSIZE, AES_256_IVSIZE>(
-      cct, EVP_aes_256_cbc(), out, in, size, iv, key, encrypt);
+    return evp_sym_transform(cct, type, out, in,
+        size, _iv, _key, ivsize, keysize, encrypt);
   }
 
   bool cbc_transform(unsigned char* out,
                      const unsigned char* in,
                      size_t size,
                      off_t stream_offset,
-                     const unsigned char (&key)[AES_256_KEYSIZE],
+                     const unsigned char* _key,
                      bool encrypt)
   {
     static std::atomic<bool> failed_to_get_crypto(false);
     CryptoAccelRef crypto_accel;
-    if (! failed_to_get_crypto.load())
-    {
+    if (! failed_to_get_crypto.load()) {
       crypto_accel = get_crypto_accel(cct);
       if (!crypto_accel)
         failed_to_get_crypto = true;
     }
     bool result = true;
-    unsigned char iv[AES_256_IVSIZE];
-    for (size_t offset = 0; result && (offset < size); offset += CHUNK_SIZE) {
-      size_t process_size = offset + CHUNK_SIZE <= size ? CHUNK_SIZE : size - offset;
+    unsigned char iv[IVSIZE];
+    unsigned char keybuff[KEYSIZE];
+    memcpy(keybuff, _key, keysize);
+    
+    for (size_t offset = 0; result && (offset < size); offset += chunksize) {
+      size_t process_size = offset + chunksize <= size ? chunksize : size - offset;
       prepare_iv(iv, stream_offset + offset);
-      if (crypto_accel != nullptr) {
+      if (EVP_CIPHER_nid(type) != NID_sm4_cbc && crypto_accel != nullptr) {
         if (encrypt) {
           result = crypto_accel->cbc_encrypt(out + offset, in + offset,
-                                             process_size, iv, key);
+                                             process_size, iv, keybuff);
         } else {
           result = crypto_accel->cbc_decrypt(out + offset, in + offset,
-                                             process_size, iv, key);
+                                             process_size, iv, keybuff);
         }
       } else {
-        result = cbc_transform(
-            out + offset, in + offset, process_size,
-            iv, key, encrypt);
+        result = cbc_transform(out + offset, in + offset,
+                               process_size, iv, keybuff, encrypt);
       }
     }
     return result;
   }
 
-
   bool encrypt(bufferlist& input,
                off_t in_ofs,
                size_t size,
@@ -480,10 +499,10 @@ public:
                off_t stream_offset)
   {
     bool result = false;
-    size_t aligned_size = size / AES_256_IVSIZE * AES_256_IVSIZE;
+    size_t aligned_size = size / ivsize * ivsize;
     size_t unaligned_rest_size = size - aligned_size;
     output.clear();
-    buffer::ptr buf(aligned_size + AES_256_IVSIZE);
+    buffer::ptr buf(aligned_size + ivsize);
     unsigned char* buf_raw = reinterpret_cast<unsigned char*>(buf.c_str());
     const unsigned char* input_raw = reinterpret_cast<const unsigned char*>(input.c_str());
 
@@ -494,31 +513,30 @@ public:
                            stream_offset, key, true);
     if (result && (unaligned_rest_size > 0)) {
       /* remainder to encrypt */
-      if (aligned_size % CHUNK_SIZE > 0) {
+      if (aligned_size % chunksize > 0) {
         /* use last chunk for unaligned part */
-        unsigned char iv[AES_256_IVSIZE] = {0};
+        unsigned char iv[IVSIZE] = {0};
         result = cbc_transform(buf_raw + aligned_size,
-                               buf_raw + aligned_size - AES_256_IVSIZE,
-                               AES_256_IVSIZE,
+                               buf_raw + aligned_size - ivsize,
+                               ivsize,
                                iv, key, true);
       } else {
-        /* 0 full blocks in current chunk, use IV as base for unaligned part */
-        unsigned char iv[AES_256_IVSIZE] = {0};
-        unsigned char data[AES_256_IVSIZE];
-        prepare_iv(data, stream_offset + aligned_size);
+        unsigned char iv[IVSIZE] = {0};
+        std::unique_ptr<unsigned char[]> data(new unsigned char[ivsize]);
+        prepare_iv(&data[0], stream_offset + aligned_size);
         result = cbc_transform(buf_raw + aligned_size,
-                               data,
-                               AES_256_IVSIZE,
+                               &data[0],
+                               ivsize,
                                iv, key, true);
       }
       if (result) {
-        for(size_t i = aligned_size; i < size; i++) {
+        for (size_t i = aligned_size; i < size; i++) {
           *(buf_raw + i) ^= *(input_raw + in_ofs + i);
         }
       }
     }
     if (result) {
-      ldout(cct, 25) << "Encrypted " << size << " bytes"<< dendl;
+      ldout(cct, 25) << "Encrypted " << size << " bytes" << dendl;
       buf.set_length(size);
       output.append(buf);
     } else {
@@ -527,7 +545,6 @@ public:
     return result;
   }
 
-
   bool decrypt(bufferlist& input,
                off_t in_ofs,
                size_t size,
@@ -535,45 +552,44 @@ public:
                off_t stream_offset)
   {
     bool result = false;
-    size_t aligned_size = size / AES_256_IVSIZE * AES_256_IVSIZE;
+    size_t aligned_size = size / ivsize * ivsize;
     size_t unaligned_rest_size = size - aligned_size;
     output.clear();
-    buffer::ptr buf(aligned_size + AES_256_IVSIZE);
+    buffer::ptr buf(aligned_size + ivsize);
     unsigned char* buf_raw = reinterpret_cast<unsigned char*>(buf.c_str());
-    unsigned char* input_raw = reinterpret_cast<unsigned char*>(input.c_str());
+    const unsigned char* input_raw = reinterpret_cast<const unsigned char*>(input.c_str());
 
-    /* decrypt main bulk of data */
+    /* decrypt mian bulk of data */
     result = cbc_transform(buf_raw,
                            input_raw + in_ofs,
                            aligned_size,
                            stream_offset, key, false);
     if (result && unaligned_rest_size > 0) {
       /* remainder to decrypt */
-      if (aligned_size % CHUNK_SIZE > 0) {
-        /*use last chunk for unaligned part*/
-        unsigned char iv[AES_256_IVSIZE] = {0};
+      if (aligned_size % chunksize > 0) {
+        unsigned char iv[IVSIZE] = {0};
         result = cbc_transform(buf_raw + aligned_size,
-                               input_raw + in_ofs + aligned_size - AES_256_IVSIZE,
-                               AES_256_IVSIZE,
+                               input_raw + in_ofs + aligned_size - ivsize,
+                               ivsize,
                                iv, key, true);
       } else {
         /* 0 full blocks in current chunk, use IV as base for unaligned part */
-        unsigned char iv[AES_256_IVSIZE] = {0};
-        unsigned char data[AES_256_IVSIZE];
-        prepare_iv(data, stream_offset + aligned_size);
+        unsigned char iv[IVSIZE] = {0};
+        std::unique_ptr<unsigned char[]> data(new unsigned char[ivsize]);
+        prepare_iv(&data[0], stream_offset + aligned_size);
         result = cbc_transform(buf_raw + aligned_size,
-                               data,
-                               AES_256_IVSIZE,
+                               &data[0],
+                               ivsize,
                                iv, key, true);
       }
       if (result) {
-        for(size_t i = aligned_size; i < size; i++) {
+        for (size_t i = aligned_size; i < size; i++) {
           *(buf_raw + i) ^= *(input_raw + in_ofs + i);
         }
       }
     }
     if (result) {
-      ldout(cct, 25) << "Decrypted " << size << " bytes"<< dendl;
+      ldout(cct, 25) << "Decrypted " << size << " bytes" << dendl;
       buf.set_length(size);
       output.append(buf);
     } else {
@@ -582,15 +598,14 @@ public:
     return result;
   }
 
-
-  void prepare_iv(unsigned char (&iv)[AES_256_IVSIZE], off_t offset) {
-    off_t index = offset / AES_256_IVSIZE;
-    off_t i = AES_256_IVSIZE - 1;
+  void prepare_iv(unsigned char* _iv, off_t offset) {
+    off_t index = offset / ivsize;
+    off_t i = ivsize - 1;
     unsigned int val;
     unsigned int carry = 0;
-    while (i>=0) {
-      val = (index & 0xff) + IV[i] + carry;
-      iv[i] = val;
+    while (i >= 0) {
+      val = (index & 0xff) + iv[i] + carry;
+      _iv[i] = val;
       carry = val >> 8;
       index = index >> 8;
       i--;
@@ -598,18 +613,21 @@ public:
   }
 };
 
-
 std::unique_ptr<BlockCrypt> AES_256_CBC_create(CephContext* cct, const uint8_t* key, size_t len)
 {
-  auto cbc = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(cct));
+  auto cbc = std::unique_ptr<CBC_MODE>(new CBC_MODE(cct, EVP_aes_256_cbc(),
+               AES_256_KEYSIZE, AES_256_IVSIZE, cct->_conf->rgw_crypt_chunk_size));
   cbc->set_key(key, AES_256_KEYSIZE);
   return cbc;
 }
 
-
-const uint8_t AES_256_CBC::IV[AES_256_CBC::AES_256_IVSIZE] =
-    { 'a', 'e', 's', '2', '5', '6', 'i', 'v', '_', 'c', 't', 'r', '1', '3', '3', '7' };
-
+std::unique_ptr<BlockCrypt> SM4_CBC_create(CephContext* cct, const uint8_t* key, size_t len)
+{
+  auto cbc = std::unique_ptr<CBC_MODE>(new CBC_MODE(cct, EVP_sm4_cbc(),
+               SM4_KEYSIZE, SM4_IVSIZE, cct->_conf->rgw_crypt_chunk_size));
+  cbc->set_key(key, SM4_KEYSIZE);
+  return cbc;
+}
 
 bool AES_256_ECB_encrypt(CephContext* cct,
                          const uint8_t* key,
@@ -619,9 +637,8 @@ bool AES_256_ECB_encrypt(CephContext* cct,
                          size_t data_size)
 {
   if (key_size == AES_256_KEYSIZE) {
-    return evp_sym_transform<AES_256_KEYSIZE, 0 /* no IV in ECB */>(
-      cct, EVP_aes_256_ecb(),  data_out, data_in, data_size,
-      nullptr /* no IV in ECB */, key, true /* encrypt */);
+    return evp_sym_transform(cct, EVP_aes_256_ecb(), data_out, data_in, data_size,
+      nullptr /* no IV in ECB */, key, 0, AES_256_KEYSIZE, true /* encrypt */);
   } else {
     ldout(cct, 5) << "Key size must be 256 bits long" << dendl;
     return false;
@@ -835,10 +852,10 @@ int RGWPutObj_BlockEncrypt::process(bufferlist&& data, uint64_t logical_offset)
 }
 
 
-std::string create_random_key_selector(CephContext * const cct) {
-  char random[AES_256_KEYSIZE];
-  cct->random()->get_bytes(&random[0], sizeof(random));
-  return std::string(random, sizeof(random));
+std::string create_random_key_selector(CephContext * const cct, const size_t keysize) {
+  std::unique_ptr<char[]> random(new char[keysize]);
+  cct->random()->get_bytes(&random[0], keysize);
+  return std::string(&random[0], keysize);
 }
 
 typedef enum {
@@ -908,11 +925,11 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
     std::string_view req_sse_ca =
         get_crypt_attribute(s->info.env, parts, X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM);
     if (! req_sse_ca.empty()) {
-      if (req_sse_ca != "AES256") {
+      if (req_sse_ca != "AES256" && req_sse_ca != "SM4") {
         ldpp_dout(s, 5) << "ERROR: Invalid value for header "
                          << "x-amz-server-side-encryption-customer-algorithm"
                          << dendl;
-        s->err.message = "The requested encryption algorithm is not valid, must be AES256.";
+        s->err.message = "The requested encryption algorithm is not valid, must be AES256 or SM4.";
         return -ERR_INVALID_ENCRYPTION_ALGORITHM;
       }
       if (s->cct->_conf->rgw_crypt_require_ssl &&
@@ -934,11 +951,22 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
         return -EINVAL;
       }
 
-      if (key_bin.size() != AES_256_CBC::AES_256_KEYSIZE) {
-        ldpp_dout(s, 5) << "ERROR: invalid encryption key size" << dendl;
-        s->err.message = "Requests specifying Server Side Encryption with Customer "
-                         "provided keys must provide an appropriate secret key.";
-        return -EINVAL;
+      if (req_sse_ca == "AES256") {
+        if (key_bin.size() != AES_256_KEYSIZE) {
+          ldpp_dout(s, 5) << "ERROR: invalid encryption key size" << dendl;
+          s->err.message = "Requests specifying Server Side Encryption with Customer "
+                           "provided keys must provide an appropriate secret key.";
+          return -EINVAL;
+        }
+      }
+
+      if (req_sse_ca == "SM4") {
+        if (key_bin.size() != SM4_KEYSIZE) {
+          ldpp_dout(s, 5) << "ERROR: invalid encryption key size" << dendl;
+          s->err.message = "Requests specifying Server Side Encryption with Customer "
+                           "provided keys must provide an appropriate secret key.";
+          return -EINVAL;
+        }
       }
 
       std::string_view keymd5 =
@@ -974,16 +1002,28 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
         return -EINVAL;
       }
 
-      set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-C-AES256");
+      if (req_sse_ca == "AES256") {
+        set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-C-AES256");
+      } else if (req_sse_ca == "SM4") {
+        set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-C-SM4");
+      }
       set_attr(attrs, RGW_ATTR_CRYPT_KEYMD5, keymd5_bin);
 
       if (block_crypt) {
-        auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
-        aes->set_key(reinterpret_cast<const uint8_t*>(key_bin.c_str()), AES_256_KEYSIZE);
-        *block_crypt = std::move(aes);
+        if (req_sse_ca == "AES256") {
+          auto aes = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_aes_256_cbc(),
+                       AES_256_KEYSIZE, AES_256_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
+          aes->set_key(reinterpret_cast<const uint8_t*>(key_bin.c_str()), AES_256_KEYSIZE);
+          *block_crypt = std::move(aes);
+        } else if (req_sse_ca == "SM4") {
+          auto sm4 = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_sm4_cbc(),
+                       SM4_KEYSIZE, SM4_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
+          sm4->set_key(reinterpret_cast<const uint8_t*>(key_bin.c_str()), SM4_KEYSIZE);
+          *block_crypt = std::move(sm4);
+        }
       }
 
-      crypt_http_responses["x-amz-server-side-encryption-customer-algorithm"] = "AES256";
+      crypt_http_responses["x-amz-server-side-encryption-customer-algorithm"] = req_sse_ca;
       crypt_http_responses["x-amz-server-side-encryption-customer-key-MD5"] = std::string(keymd5);
       return 0;
     } else {
@@ -1036,8 +1076,15 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
 	  return -ERR_INVALID_ACCESS_KEY;
 	}
 	/* try to retrieve actual key */
-	std::string key_selector = create_random_key_selector(s->cct);
-	set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-KMS");
+        std::string s3_kms_algorithm = s->cct->_conf->rgw_crypt_s3_kms_algorithm;
+        std::string key_selector;
+        if (s3_kms_algorithm == "aes") {
+          key_selector = create_random_key_selector(s->cct, AES_256_KEYSIZE);
+          set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-KMS-AES");
+        } else if (s3_kms_algorithm == "sm4") {
+          key_selector = create_random_key_selector(s->cct, SM4_KEYSIZE);
+          set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-KMS-SM4");
+	}
 	set_attr(attrs, RGW_ATTR_CRYPT_KEYID, key_id);
 	set_attr(attrs, RGW_ATTR_CRYPT_KEYSEL, key_selector);
 	set_attr(attrs, RGW_ATTR_CRYPT_CONTEXT, cooked_context);
@@ -1048,18 +1095,38 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
 	  s->err.message = "Failed to retrieve the actual key, kms-keyid: " + std::string(key_id);
 	  return res;
 	}
-	if (actual_key.size() != AES_256_KEYSIZE) {
-	  ldpp_dout(s, 5) << "ERROR: key obtained from key_id:" <<
-            key_id << " is not 256 bit size" << dendl;
-	  s->err.message = "KMS provided an invalid key for the given kms-keyid.";
-	  return -ERR_INVALID_ACCESS_KEY;
-	}
+        if (s3_kms_algorithm == "aes") {
+          if (actual_key.size() != AES_256_KEYSIZE) {
+            ldpp_dout(s, 5) << "ERROR: key obtained from key_id:" <<
+              key_id << " is not 256 bit size" << dendl;
+            s->err.message = "KMS provided an invalid key for the given kms-keyid.";
+            return -ERR_INVALID_ACCESS_KEY;
+          }
+        }
 
-	if (block_crypt) {
-	  auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
-	  aes->set_key(reinterpret_cast<const uint8_t*>(actual_key.c_str()), AES_256_KEYSIZE);
-	  *block_crypt = std::move(aes);
-	}
+        if (s3_kms_algorithm == "sm4") {
+          if (actual_key.size() != SM4_KEYSIZE) {
+            ldpp_dout(s, 5) << "ERROR: key obtained from key_id:" <<
+              key_id << " is not 128 bit size" << dendl;
+            s->err.message = "KMS provided an invalid key for the given kms-keyid.";
+            return -ERR_INVALID_ACCESS_KEY;
+          }
+        }
+
+        if (block_crypt) {
+          if (s3_kms_algorithm == "aes") {
+            auto aes = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_aes_256_cbc(),
+                         AES_256_KEYSIZE, AES_256_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
+            aes->set_key(reinterpret_cast<const uint8_t*>(actual_key.c_str()), AES_256_KEYSIZE);
+            *block_crypt = std::move(aes);
+          }
+          if (s3_kms_algorithm == "sm4") {
+            auto sm4 = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_sm4_cbc(),
+                         SM4_KEYSIZE, SM4_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
+            sm4->set_key(reinterpret_cast<const uint8_t*>(actual_key.c_str()), SM4_KEYSIZE);
+            *block_crypt = std::move(sm4);
+          }
+        }
         ::ceph::crypto::zeroize_for_security(actual_key.data(), actual_key.length());
 
 	crypt_http_responses["x-amz-server-side-encryption"] = "aws:kms";
@@ -1111,7 +1178,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
       }
 
       set_attr(attrs, RGW_ATTR_CRYPT_MODE, "RGW-AUTO");
-      std::string key_selector = create_random_key_selector(s->cct);
+      std::string key_selector = create_random_key_selector(s->cct, AES_256_KEYSIZE);
       set_attr(attrs, RGW_ATTR_CRYPT_KEYSEL, key_selector);
 
       uint8_t actual_key[AES_256_KEYSIZE];
@@ -1123,7 +1190,8 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
         return -EIO;
       }
       if (block_crypt) {
-        auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
+        auto aes = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_aes_256_cbc(),
+	        AES_256_KEYSIZE, AES_256_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
         aes->set_key(reinterpret_cast<const uint8_t*>(actual_key), AES_256_KEYSIZE);
         *block_crypt = std::move(aes);
       }
@@ -1184,7 +1252,7 @@ int rgw_s3_prepare_decrypt(struct req_state* s,
       return -EINVAL;
     }
 
-    if (key_bin.size() != AES_256_CBC::AES_256_KEYSIZE) {
+    if (key_bin.size() != AES_256_KEYSIZE) {
       ldpp_dout(s, 5) << "ERROR: Invalid encryption key size" << dendl;
       s->err.message = "Requests specifying Server Side Encryption with Customer "
                        "provided keys must provide an appropriate secret key.";
@@ -1223,8 +1291,9 @@ int rgw_s3_prepare_decrypt(struct req_state* s,
       s->err.message = "The calculated MD5 hash of the key did not match the hash that was provided.";
       return -EINVAL;
     }
-    auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
-    aes->set_key(reinterpret_cast<const uint8_t*>(key_bin.c_str()), AES_256_CBC::AES_256_KEYSIZE);
+    auto aes = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_aes_256_cbc(),
+	       AES_256_KEYSIZE, AES_256_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
+    aes->set_key(reinterpret_cast<const uint8_t*>(key_bin.c_str()), AES_256_KEYSIZE);
     if (block_crypt) *block_crypt = std::move(aes);
 
     crypt_http_responses["x-amz-server-side-encryption-customer-algorithm"] = "AES256";
@@ -1232,7 +1301,90 @@ int rgw_s3_prepare_decrypt(struct req_state* s,
     return 0;
   }
 
-  if (stored_mode == "SSE-KMS") {
+  if (stored_mode == "SSE-C-SM4") {
+    if (s->cct->_conf->rgw_crypt_require_ssl &&
+        !rgw_transport_is_secure(s->cct, *s->info.env)) {
+      ldpp_dout(s, 5) << "ERROR: Insecure request, rgw_crypt_require_ssl is set" << dendl;
+      return -ERR_INVALID_REQUEST;
+    }
+    const char *req_cust_alg =
+        s->info.env->get("HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM", NULL);
+
+    if (nullptr == req_cust_alg)  {
+      ldpp_dout(s, 5) << "ERROR: Request for SSE-C encrypted object missing "
+                       << "x-amz-server-side-encryption-customer-algorithm"
+                       << dendl;
+      s->err.message = "Requests specifying Server Side Encryption with Customer "
+                       "provided keys must provide a valid encryption algorithm.";
+      return -EINVAL;
+    } else if (strcmp(req_cust_alg, "SM4") != 0) {
+      ldpp_dout(s, 5) << "ERROR: The requested encryption algorithm is not valid, must be SM4." << dendl;
+      s->err.message = "The requested encryption algorithm is not valid, must be SM4.";
+      return -ERR_INVALID_ENCRYPTION_ALGORITHM;
+    }
+
+    std::string key_bin;
+    try {
+      key_bin = from_base64(s->info.env->get("HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY", ""));
+    } catch (...) {
+      ldpp_dout(s, 5) << "ERROR: rgw_s3_prepare_decrypt invalid encryption key "
+                       << "which contains character that is not base64 encoded."
+                       << dendl;
+      s->err.message = "Requests specifying Server Side Encryption with Customer "
+                       "provided keys must provide an appropriate secret key.";
+      return -EINVAL;
+    }
+
+    if (key_bin.size() != SM4_KEYSIZE) {
+      ldpp_dout(s, 5) << "ERROR: Invalid encryption key size" << dendl;
+      s->err.message = "Requests specifying Server Side Encryption with Customer "
+                       "provided keys must provide an appropriate secret key.";
+      return -EINVAL;
+    }
+
+    std::string keymd5 =
+        s->info.env->get("HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY_MD5", "");
+    std::string keymd5_bin;
+    try {
+      keymd5_bin = from_base64(keymd5);
+    } catch (...) {
+      ldpp_dout(s, 5) << "ERROR: rgw_s3_prepare_decrypt invalid encryption key md5 "
+                       << "which contains character that is not base64 encoded."
+                       << dendl;
+      s->err.message = "Requests specifying Server Side Encryption with Customer "
+                       "provided keys must provide an appropriate secret key md5.";
+      return -EINVAL;
+    }
+
+
+    if (keymd5_bin.size() != CEPH_CRYPTO_MD5_DIGESTSIZE) {
+      ldpp_dout(s, 5) << "ERROR: Invalid key md5 size " << dendl;
+      s->err.message = "Requests specifying Server Side Encryption with Customer "
+                       "provided keys must provide an appropriate secret key md5.";
+      return -EINVAL;
+    }
+
+    MD5 key_hash;
+    uint8_t key_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
+    key_hash.Update(reinterpret_cast<const unsigned char*>(key_bin.c_str()), key_bin.size());
+    key_hash.Final(key_hash_res);
+
+    if ((memcmp(key_hash_res, keymd5_bin.c_str(), CEPH_CRYPTO_MD5_DIGESTSIZE) != 0) ||
+        (get_str_attribute(attrs, RGW_ATTR_CRYPT_KEYMD5) != keymd5_bin)) {
+      s->err.message = "The calculated MD5 hash of the key did not match the hash that was provided.";
+      return -EINVAL;
+    }
+    auto sm4 = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_sm4_cbc(),
+               SM4_KEYSIZE, SM4_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
+    sm4->set_key(reinterpret_cast<const uint8_t*>(key_bin.c_str()), SM4_KEYSIZE);
+    if (block_crypt) *block_crypt = std::move(sm4);
+
+    crypt_http_responses["x-amz-server-side-encryption-customer-algorithm"] = "SM4";
+    crypt_http_responses["x-amz-server-side-encryption-customer-key-MD5"] = keymd5;
+    return 0;
+  }
+
+  if (stored_mode == "SSE-KMS-AES") {
     if (s->cct->_conf->rgw_crypt_require_ssl &&
         !rgw_transport_is_secure(s->cct, *s->info.env)) {
       ldpp_dout(s, 5) << "ERROR: Insecure request, rgw_crypt_require_ssl is set" << dendl;
@@ -1254,7 +1406,8 @@ int rgw_s3_prepare_decrypt(struct req_state* s,
       return -ERR_INVALID_ACCESS_KEY;
     }
 
-    auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
+    auto aes = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_aes_256_cbc(),
+            AES_256_KEYSIZE, AES_256_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
     aes->set_key(reinterpret_cast<const uint8_t*>(actual_key.c_str()), AES_256_KEYSIZE);
     actual_key.replace(0, actual_key.length(), actual_key.length(), '\000');
     if (block_crypt) *block_crypt = std::move(aes);
@@ -1264,6 +1417,39 @@ int rgw_s3_prepare_decrypt(struct req_state* s,
     return 0;
   }
 
+  if (stored_mode == "SSE-KMS-SM4") {
+    if (s->cct->_conf->rgw_crypt_require_ssl &&
+        !rgw_transport_is_secure(s->cct, *s->info.env)) {
+      ldpp_dout(s, 5) << "ERROR: Insecure request, rgw_crypt_require_ssl is set" << dendl;
+      return -ERR_INVALID_REQUEST;
+    }
+    /* try to retrieve actual key */
+    std::string key_id = get_str_attribute(attrs, RGW_ATTR_CRYPT_KEYID);
+    std::string actual_key;
+    res = reconstitute_actual_key_from_kms(s->cct, attrs, actual_key);
+    if (res != 0) {
+      ldpp_dout(s, 10) << "ERROR: failed to retrieve actual key from key_id: " << key_id << dendl;
+      s->err.message = "Failed to retrieve the actual key, kms-keyid: " + key_id;
+      return res;
+    }
+    if (actual_key.size() != SM4_KEYSIZE) {
+      ldpp_dout(s, 0) << "ERROR: key obtained from key_id:" <<
+          key_id << " is not 128 bit size" << dendl;
+      s->err.message = "KMS provided an invalid key for the given kms-keyid.";
+      return -ERR_INVALID_ACCESS_KEY;
+    }
+
+    auto aes = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_sm4_cbc(),
+            SM4_KEYSIZE, SM4_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
+    aes->set_key(reinterpret_cast<const uint8_t*>(actual_key.c_str()), SM4_KEYSIZE);
+    actual_key.replace(0, actual_key.length(), actual_key.length(), '\000');
+    if (block_crypt) *block_crypt = std::move(aes);
+
+    crypt_http_responses["x-amz-server-side-encryption"] = "aws:kms";
+    crypt_http_responses["x-amz-server-side-encryption-aws-kms-key-id"] = key_id;
+    return 0;
+  }
+
   if (stored_mode == "RGW-AUTO") {
     std::string master_encryption_key;
     try {
@@ -1281,7 +1467,7 @@ int rgw_s3_prepare_decrypt(struct req_state* s,
       return -EIO;
     }
     std::string attr_key_selector = get_str_attribute(attrs, RGW_ATTR_CRYPT_KEYSEL);
-    if (attr_key_selector.size() != AES_256_CBC::AES_256_KEYSIZE) {
+    if (attr_key_selector.size() != AES_256_KEYSIZE) {
       ldpp_dout(s, 0) << "ERROR: missing or invalid " RGW_ATTR_CRYPT_KEYSEL << dendl;
       return -EIO;
     }
@@ -1294,7 +1480,8 @@ int rgw_s3_prepare_decrypt(struct req_state* s,
       ::ceph::crypto::zeroize_for_security(actual_key, sizeof(actual_key));
       return -EIO;
     }
-    auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
+    auto aes = std::unique_ptr<CBC_MODE>(new CBC_MODE(s->cct, EVP_aes_256_cbc(),
+            AES_256_KEYSIZE, AES_256_IVSIZE, s->cct->_conf->rgw_crypt_chunk_size));
     aes->set_key(actual_key, AES_256_KEYSIZE);
     ::ceph::crypto::zeroize_for_security(actual_key, sizeof(actual_key));
     if (block_crypt) *block_crypt = std::move(aes);
diff --git a/src/rgw/rgw_crypt.h b/src/rgw/rgw_crypt.h
index ff221549d6..94e12ff4a1 100644
--- a/src/rgw/rgw_crypt.h
+++ b/src/rgw/rgw_crypt.h
@@ -80,6 +80,9 @@ public:
 };
 
 static const size_t AES_256_KEYSIZE = 256 / 8;
+static const size_t AES_256_IVSIZE  = 128 / 8;
+static const size_t SM4_KEYSIZE     = 128 / 8;
+static const size_t SM4_IVSIZE      = 128 / 8;
 bool AES_256_ECB_encrypt(CephContext* cct,
                          const uint8_t* key,
                          size_t key_size,
diff --git a/src/rgw/rgw_kms.cc b/src/rgw/rgw_kms.cc
index dcdcf87511..42aa3d492d 100644
--- a/src/rgw/rgw_kms.cc
+++ b/src/rgw/rgw_kms.cc
@@ -765,16 +765,30 @@ static int get_actual_key_from_conf(CephContext *cct,
   }
 
   if (master_key.length() == AES_256_KEYSIZE) {
-    uint8_t _actual_key[AES_256_KEYSIZE];
-    if (AES_256_ECB_encrypt(cct,
-        reinterpret_cast<const uint8_t*>(master_key.c_str()), AES_256_KEYSIZE,
-        reinterpret_cast<const uint8_t*>(key_selector.data()),
-        _actual_key, AES_256_KEYSIZE)) {
-      actual_key = std::string((char*)&_actual_key[0], AES_256_KEYSIZE);
-    } else {
-      res = -EIO;
+    std::string s3_kms_algorithm = cct->_conf->rgw_crypt_s3_kms_algorithm;
+    if (s3_kms_algorithm == "aes") {
+      uint8_t _actual_key[AES_256_KEYSIZE];
+      if (AES_256_ECB_encrypt(cct,
+          reinterpret_cast<const uint8_t*>(master_key.c_str()), AES_256_KEYSIZE,
+          reinterpret_cast<const uint8_t*>(key_selector.data()),
+          _actual_key, AES_256_KEYSIZE)) {
+        actual_key = std::string((char*)&_actual_key[0], AES_256_KEYSIZE);
+      } else {
+        res = -EIO;
+      }
+      ::ceph::crypto::zeroize_for_security(_actual_key, sizeof(_actual_key));
+    } else if (s3_kms_algorithm == "sm4") {
+      uint8_t _actual_key[SM4_KEYSIZE];
+      if (AES_256_ECB_encrypt(cct,
+          reinterpret_cast<const uint8_t*>(master_key.c_str()), AES_256_KEYSIZE,
+          reinterpret_cast<const uint8_t*>(key_selector.data()),
+          _actual_key, SM4_KEYSIZE)) {
+        actual_key = std::string((char*)&_actual_key[0], SM4_KEYSIZE);
+      } else {
+        res = -EIO;
+      }
+      ::ceph::crypto::zeroize_for_security(_actual_key, sizeof(_actual_key));
     }
-    ::ceph::crypto::zeroize_for_security(_actual_key, sizeof(_actual_key));
   } else {
     ldout(cct, 20) << "Wrong size for key=" << key_id << dendl;
     res = -EIO;
@@ -811,9 +825,11 @@ static int request_key_from_barbican(CephContext *cct,
     return -EACCES;
   }
 
+  std::string s3_kms_algorithm = cct->_conf->rgw_crypt_s3_kms_algorithm;
   if (secret_req.get_http_status() >=200 &&
       secret_req.get_http_status() < 300 &&
-      secret_bl.length() == AES_256_KEYSIZE) {
+      ((s3_kms_algorithm == "aes" && secret_bl.length() == AES_256_KEYSIZE) ||
+       (s3_kms_algorithm == "sm4" && secret_bl.length() == SM4_KEYSIZE))) {
     actual_key.assign(secret_bl.c_str(), secret_bl.length());
     secret_bl.zero();
     } else {
diff --git a/src/test/rgw/test_rgw_crypto.cc b/src/test/rgw/test_rgw_crypto.cc
index b0dbabfd4e..4d42f568cd 100644
--- a/src/test/rgw/test_rgw_crypto.cc
+++ b/src/test/rgw/test_rgw_crypto.cc
@@ -25,6 +25,7 @@ using namespace std;
 
 
 std::unique_ptr<BlockCrypt> AES_256_CBC_create(CephContext* cct, const uint8_t* key, size_t len);
+std::unique_ptr<BlockCrypt> SM4_CBC_create(CephContext* cct, const uint8_t* key, size_t len);
 
 
 class ut_get_sink : public RGWGetObj_Filter {
@@ -144,6 +145,56 @@ TEST(TestRGWCrypto, verify_AES_256_CBC_identity)
   }
 }
 
+TEST(TestRGWCrypto, verify_SM4_CBC_identity)
+{
+  //create some input for encryption
+  const off_t test_range = 1024*1024;
+  buffer::ptr buf(test_range);
+  char* p = buf.c_str();
+  for(size_t i = 0; i < buf.length(); i++)
+    p[i] = i + i*i + (i >> 2);
+
+  bufferlist input;
+  input.append(buf);
+
+  for (unsigned int step : {1, 2, 3, 5, 7, 11, 13, 17})
+  {
+    //make some random key
+    uint8_t key[16];
+    for(size_t i=0;i<sizeof(key);i++)
+      key[i]=i*step;
+
+    auto sm4(SM4_CBC_create(g_ceph_context, &key[0], 16));
+    ASSERT_NE(sm4.get(), nullptr);
+
+    size_t block_size = sm4->get_block_size();
+    ASSERT_NE(block_size, 0u);
+
+    for (size_t r = 97; r < 123 ; r++)
+    {
+      off_t begin = (r*r*r*r*r % test_range);
+      begin = begin - begin % block_size;
+      off_t end = begin + r*r*r*r*r*r*r % (test_range - begin);
+      if (r % 3)
+        end = end - end % block_size;
+      off_t offset = r*r*r*r*r*r*r*r % (1000*1000*1000);
+      offset = offset - offset % block_size;
+
+      ASSERT_EQ(begin % block_size, 0u);
+      ASSERT_LE(end, test_range);
+      ASSERT_EQ(offset % block_size, 0u);
+
+      bufferlist encrypted;
+      ASSERT_TRUE(sm4->encrypt(input, begin, end - begin, encrypted, offset));
+      bufferlist decrypted;
+      ASSERT_TRUE(sm4->decrypt(encrypted, 0, end - begin, decrypted, offset));
+
+      ASSERT_EQ(decrypted.length(), end - begin);
+      ASSERT_EQ(std::string_view(input.c_str() + begin, end - begin),
+                std::string_view(decrypted.c_str(), end - begin) );
+    }
+  }
+}
 
 TEST(TestRGWCrypto, verify_AES_256_CBC_identity_2)
 {
@@ -192,6 +243,52 @@ TEST(TestRGWCrypto, verify_AES_256_CBC_identity_2)
   }
 }
 
+TEST(TestRGWCrypto, verify_SM4_CBC_identity_2)
+{
+  //create some input for encryption
+  const off_t test_range = 1024*1024;
+  buffer::ptr buf(test_range);
+  char* p = buf.c_str();
+  for(size_t i = 0; i < buf.length(); i++)
+    p[i] = i + i*i + (i >> 2);
+
+  bufferlist input;
+  input.append(buf);
+
+  for (unsigned int step : {1, 2, 3, 5, 7, 11, 13, 17})
+  {
+    //make some random key
+    uint8_t key[16];
+    for(size_t i=0;i<sizeof(key);i++)
+      key[i]=i*step;
+
+    auto sm4(SM4_CBC_create(g_ceph_context, &key[0], 16));
+    ASSERT_NE(sm4.get(), nullptr);
+
+    size_t block_size = sm4->get_block_size();
+    ASSERT_NE(block_size, 0u);
+
+    for (off_t end = 1; end < 6096 ; end+=3)
+    {
+      off_t begin = 0;
+      off_t offset = end*end*end*end*end % (1000*1000*1000);
+      offset = offset - offset % block_size;
+
+      ASSERT_EQ(begin % block_size, 0u);
+      ASSERT_LE(end, test_range);
+      ASSERT_EQ(offset % block_size, 0u);
+
+      bufferlist encrypted;
+      ASSERT_TRUE(sm4->encrypt(input, begin, end, encrypted, offset));
+      bufferlist decrypted;
+      ASSERT_TRUE(sm4->decrypt(encrypted, 0, end, decrypted, offset));
+
+      ASSERT_EQ(decrypted.length(), end);
+      ASSERT_EQ(std::string_view(input.c_str(), end),
+                std::string_view(decrypted.c_str(), end) );
+    }
+  }
+}
 
 TEST(TestRGWCrypto, verify_AES_256_CBC_identity_3)
 {
@@ -269,6 +366,81 @@ TEST(TestRGWCrypto, verify_AES_256_CBC_identity_3)
   }
 }
 
+TEST(TestRGWCrypto, verify_SM4_CBC_identity_3)
+{
+  //create some input for encryption
+  const off_t test_range = 1024*1024;
+  buffer::ptr buf(test_range);
+  char* p = buf.c_str();
+  for(size_t i = 0; i < buf.length(); i++)
+    p[i] = i + i*i + (i >> 2);
+
+  bufferlist input;
+  input.append(buf);
+
+  for (unsigned int step : {1, 2, 3, 5, 7, 11, 13, 17})
+  {
+    //make some random key
+    uint8_t key[16];
+    for(size_t i=0;i<sizeof(key);i++)
+      key[i]=i*step;
+
+    auto sm4(SM4_CBC_create(g_ceph_context, &key[0], 16));
+    ASSERT_NE(sm4.get(), nullptr);
+
+    size_t block_size = sm4->get_block_size();
+    ASSERT_NE(block_size, 0u);
+    size_t rr = 111;
+    for (size_t r = 97; r < 123 ; r++)
+    {
+      off_t begin = 0;
+      off_t end = begin + r*r*r*r*r*r*r % (test_range - begin);
+      //sometimes make aligned
+      if (r % 3)
+        end = end - end % block_size;
+      off_t offset = r*r*r*r*r*r*r*r % (1000*1000*1000);
+      offset = offset - offset % block_size;
+
+      ASSERT_EQ(begin % block_size, 0u);
+      ASSERT_LE(end, test_range);
+      ASSERT_EQ(offset % block_size, 0u);
+
+      bufferlist encrypted1;
+      bufferlist encrypted2;
+
+      off_t pos = begin;
+      off_t chunk;
+      while (pos < end) {
+        chunk = block_size + (rr/3)*(rr+17)*(rr+71)*(rr+123)*(rr+131) % 50000;
+        chunk = chunk - chunk % block_size;
+        if (pos + chunk > end)
+          chunk = end - pos;
+        bufferlist tmp;
+        ASSERT_TRUE(sm4->encrypt(input, pos, chunk, tmp, offset + pos));
+        encrypted1.append(tmp);
+        pos += chunk;
+        rr++;
+      }
+
+      pos = begin;
+      while (pos < end) {
+        chunk = block_size + (rr/3)*(rr+97)*(rr+151)*(rr+213)*(rr+251) % 50000;
+        chunk = chunk - chunk % block_size;
+        if (pos + chunk > end)
+          chunk = end - pos;
+        bufferlist tmp;
+        ASSERT_TRUE(sm4->encrypt(input, pos, chunk, tmp, offset + pos));
+        encrypted2.append(tmp);
+        pos += chunk;
+        rr++;
+      }
+      ASSERT_EQ(encrypted1.length(), end);
+      ASSERT_EQ(encrypted2.length(), end);
+      ASSERT_EQ(std::string_view(encrypted1.c_str(), end),
+                std::string_view(encrypted2.c_str(), end) );
+    }
+  }
+}
 
 TEST(TestRGWCrypto, verify_AES_256_CBC_size_0_15)
 {
@@ -318,6 +490,53 @@ TEST(TestRGWCrypto, verify_AES_256_CBC_size_0_15)
   }
 }
 
+TEST(TestRGWCrypto, verify_SM4_CBC_size_0_15)
+{
+  //create some input for encryption
+  const off_t test_range = 1024*1024;
+  buffer::ptr buf(test_range);
+  char* p = buf.c_str();
+  for(size_t i = 0; i < buf.length(); i++)
+    p[i] = i + i*i + (i >> 2);
+
+  bufferlist input;
+  input.append(buf);
+
+  for (unsigned int step : {1, 2, 3, 5, 7, 11, 13, 17})
+  {
+    //make some random key
+    uint8_t key[16];
+    for(size_t i=0;i<sizeof(key);i++)
+      key[i]=i*step;
+
+    auto sm4(SM4_CBC_create(g_ceph_context, &key[0], 16));
+    ASSERT_NE(sm4.get(), nullptr);
+
+    size_t block_size = sm4->get_block_size();
+    ASSERT_NE(block_size, 0u);
+    for (size_t r = 97; r < 123 ; r++)
+    {
+      off_t begin = 0;
+      off_t end = begin + r*r*r*r*r*r*r % (16);
+
+      off_t offset = r*r*r*r*r*r*r*r % (1000*1000*1000);
+      offset = offset - offset % block_size;
+
+      ASSERT_EQ(begin % block_size, 0u);
+      ASSERT_LE(end, test_range);
+      ASSERT_EQ(offset % block_size, 0u);
+
+      bufferlist encrypted;
+      bufferlist decrypted;
+      ASSERT_TRUE(sm4->encrypt(input, 0, end, encrypted, offset));
+      ASSERT_TRUE(sm4->encrypt(encrypted, 0, end, decrypted, offset));
+      ASSERT_EQ(encrypted.length(), end);
+      ASSERT_EQ(decrypted.length(), end);
+      ASSERT_EQ(std::string_view(input.c_str(), end),
+                std::string_view(decrypted.c_str(), end) );
+    }
+  }
+}
 
 TEST(TestRGWCrypto, verify_AES_256_CBC_identity_last_block)
 {
@@ -394,8 +613,82 @@ TEST(TestRGWCrypto, verify_AES_256_CBC_identity_last_block)
   }
 }
 
+TEST(TestRGWCrypto, verify_SM4_CBC_identity_last_block)
+{
+  //create some input for encryption
+  const off_t test_range = 1024*1024;
+  buffer::ptr buf(test_range);
+  char* p = buf.c_str();
+  for(size_t i = 0; i < buf.length(); i++)
+    p[i] = i + i*i + (i >> 2);
+
+  bufferlist input;
+  input.append(buf);
+
+  for (unsigned int step : {1, 2, 3, 5, 7, 11, 13, 17})
+  {
+    //make some random key
+    uint8_t key[16];
+    for(size_t i=0;i<sizeof(key);i++)
+      key[i]=i*step;
 
-TEST(TestRGWCrypto, verify_RGWGetObj_BlockDecrypt_ranges)
+    auto sm4(SM4_CBC_create(g_ceph_context, &key[0], 16));
+    ASSERT_NE(sm4.get(), nullptr);
+
+    size_t block_size = sm4->get_block_size();
+    ASSERT_NE(block_size, 0u);
+    size_t rr = 111;
+    for (size_t r = 97; r < 123 ; r++)
+    {
+      off_t begin = 0;
+      off_t end = r*r*r*r*r*r*r % (test_range - 16);
+      end = end - end % block_size;
+      end = end + (r+3)*(r+5)*(r+7) % 16;
+
+      off_t offset = r*r*r*r*r*r*r*r % (1000*1000*1000);
+      offset = offset - offset % block_size;
+
+      ASSERT_EQ(begin % block_size, 0u);
+      ASSERT_LE(end, test_range);
+      ASSERT_EQ(offset % block_size, 0u);
+
+      bufferlist encrypted1;
+      bufferlist encrypted2;
+
+      off_t pos = begin;
+      off_t chunk;
+      while (pos < end) {
+        chunk = block_size + (rr/3)*(rr+17)*(rr+71)*(rr+123)*(rr+131) % 50000;
+        chunk = chunk - chunk % block_size;
+        if (pos + chunk > end)
+          chunk = end - pos;
+        bufferlist tmp;
+        ASSERT_TRUE(sm4->encrypt(input, pos, chunk, tmp, offset + pos));
+        encrypted1.append(tmp);
+        pos += chunk;
+        rr++;
+      }
+      pos = begin;
+      while (pos < end) {
+        chunk = block_size + (rr/3)*(rr+97)*(rr+151)*(rr+213)*(rr+251) % 50000;
+        chunk = chunk - chunk % block_size;
+        if (pos + chunk > end)
+          chunk = end - pos;
+        bufferlist tmp;
+        ASSERT_TRUE(sm4->encrypt(input, pos, chunk, tmp, offset + pos));
+        encrypted2.append(tmp);
+        pos += chunk;
+        rr++;
+      }
+      ASSERT_EQ(encrypted1.length(), end);
+      ASSERT_EQ(encrypted2.length(), end);
+      ASSERT_EQ(std::string_view(encrypted1.c_str(), end),
+                std::string_view(encrypted2.c_str(), end) );
+    }
+  }
+}
+
+TEST(TestRGWCrypto, verify_RGWGetObj_BlockDecrypt_ranges_AES)
 {
   //create some input for encryption
   const off_t test_range = 1024*1024;
@@ -440,8 +733,52 @@ TEST(TestRGWCrypto, verify_RGWGetObj_BlockDecrypt_ranges)
   }
 }
 
+TEST(TestRGWCrypto, verify_RGWGetObj_BlockDecrypt_ranges_SM4)
+{
+  //create some input for encryption
+  const off_t test_range = 1024*1024;
+  bufferptr buf(test_range);
+  char* p = buf.c_str();
+  for(size_t i = 0; i < buf.length(); i++)
+    p[i] = i + i*i + (i >> 2);
+
+  bufferlist input;
+  input.append(buf);
+
+  uint8_t key[16];
+  for(size_t i=0;i<sizeof(key);i++)
+    key[i] = i;
+
+  auto cbc = SM4_CBC_create(g_ceph_context, &key[0], 16);
+  ASSERT_NE(cbc.get(), nullptr);
+  bufferlist encrypted;
+  ASSERT_TRUE(cbc->encrypt(input, 0, test_range, encrypted, 0));
+
 
-TEST(TestRGWCrypto, verify_RGWGetObj_BlockDecrypt_chunks)
+  for (off_t r = 93; r < 150; r++ )
+  {
+    ut_get_sink get_sink;
+    auto cbc = SM4_CBC_create(g_ceph_context, &key[0], 16);
+    ASSERT_NE(cbc.get(), nullptr);
+    RGWGetObj_BlockDecrypt decrypt(g_ceph_context, &get_sink, std::move(cbc) );
+
+    //random ranges
+    off_t begin = (r/3)*r*(r+13)*(r+23)*(r+53)*(r+71) % test_range;
+    off_t end = begin + (r/5)*(r+7)*(r+13)*(r+101)*(r*103) % (test_range - begin) - 1;
+
+    off_t f_begin = begin;
+    off_t f_end = end;
+    decrypt.fixup_range(f_begin, f_end);
+    decrypt.handle_data(encrypted, f_begin, f_end - f_begin + 1);
+    decrypt.flush();
+    const std::string& decrypted = get_sink.get_sink();
+    size_t expected_len = end - begin + 1;
+    ASSERT_EQ(decrypted.length(), expected_len);
+    ASSERT_EQ(decrypted, std::string_view(input.c_str()+begin, expected_len));
+  }
+}
+
+TEST(TestRGWCrypto, verify_RGWGetObj_BlockDecrypt_chunks_AES)
 {
   //create some input for encryption
   const off_t test_range = 1024*1024;
@@ -496,6 +833,60 @@ TEST(TestRGWCrypto, verify_RGWGetObj_BlockDecrypt_chunks)
   }
 }
 
+TEST(TestRGWCrypto, verify_RGWGetObj_BlockDecrypt_chunks_SM4)
+{
+  //create some input for encryption
+  const off_t test_range = 1024*1024;
+  bufferptr buf(test_range);
+  char* p = buf.c_str();
+  for(size_t i = 0; i < buf.length(); i++)
+    p[i] = i + i*i + (i >> 2);
+
+  bufferlist input;
+  input.append(buf);
+
+  uint8_t key[16];
+  for(size_t i=0;i<sizeof(key);i++)
+    key[i] = i;
+
+  auto cbc = AES_256_CBC_create(g_ceph_context, &key[0], 16);
+  ASSERT_NE(cbc.get(), nullptr);
+  bufferlist encrypted;
+  ASSERT_TRUE(cbc->encrypt(input, 0, test_range, encrypted, 0));
+
+  for (off_t r = 93; r < 150; r++ )
+  {
+    ut_get_sink get_sink;
+    auto cbc = AES_256_CBC_create(g_ceph_context, &key[0], 16);
+    ASSERT_NE(cbc.get(), nullptr);
+    RGWGetObj_BlockDecrypt decrypt(g_ceph_context, &get_sink, std::move(cbc) );
+
+    //random
+    off_t begin = (r/3)*r*(r+13)*(r+23)*(r+53)*(r+71) % test_range;
+    off_t end = begin + (r/5)*(r+7)*(r+13)*(r+101)*(r*103) % (test_range - begin) - 1;
+
+    off_t f_begin = begin;
+    off_t f_end = end;
+    decrypt.fixup_range(f_begin, f_end);
+    off_t pos = f_begin;
+    do
+    {
+      off_t size = 2 << ((pos * 17 + pos / 113 + r) % 16);
+      size = (pos + 1117) * (pos + 2229) % size + 1;
+      if (pos + size > f_end + 1)
+        size = f_end + 1 - pos;
+
+      decrypt.handle_data(encrypted, pos, size);
+      pos = pos + size;
+    } while (pos < f_end + 1);
+    decrypt.flush();
+
+    const std::string& decrypted = get_sink.get_sink();
+    size_t expected_len = end - begin + 1;
+    ASSERT_EQ(decrypted.length(), expected_len);
+    ASSERT_EQ(decrypted, std::string_view(input.c_str()+begin, expected_len));
+  }
+}
 
 using range_t = std::pair<off_t, off_t>;
 
@@ -688,7 +1079,7 @@ TEST(TestRGWCrypto, check_RGWGetObj_BlockDecrypt_fixup_invalid_ranges)
 
 }
 
-TEST(TestRGWCrypto, verify_RGWPutObj_BlockEncrypt_chunks)
+TEST(TestRGWCrypto, verify_RGWPutObj_BlockEncrypt_chunks_AES)
 {
   //create some input for encryption
   const off_t test_range = 1024*1024;
@@ -745,8 +1136,64 @@ TEST(TestRGWCrypto, verify_RGWPutObj_BlockEncrypt_chunks)
   }
 }
 
+TEST(TestRGWCrypto, verify_RGWPutObj_BlockEncrypt_chunks_SM4)
+{
+  //create some input for encryption
+  const off_t test_range = 1024*1024;
+  bufferptr buf(test_range);
+  char* p = buf.c_str();
+  for(size_t i = 0; i < buf.length(); i++)
+    p[i] = i + i*i + (i >> 2);
+
+  bufferlist input;
+  input.append(buf);
+
+  uint8_t key[16];
+  for(size_t i=0;i<sizeof(key);i++)
+    key[i] = i;
+
+  for (off_t r = 93; r < 150; r++ )
+  {
+    ut_put_sink put_sink;
+    auto cbc = AES_256_CBC_create(g_ceph_context, &key[0], 16);
+    ASSERT_NE(cbc.get(), nullptr);
+    RGWPutObj_BlockEncrypt encrypt(g_ceph_context, &put_sink,
+                                   std::move(cbc) );
+
+    off_t test_size = (r/5)*(r+7)*(r+13)*(r+101)*(r*103) % (test_range - 1) + 1;
+    off_t pos = 0;
+    do
+    {
+      off_t size = 2 << ((pos * 17 + pos / 113 + r) % 16);
+      size = (pos + 1117) * (pos + 2229) % size + 1;
+      if (pos + size > test_size)
+        size = test_size - pos;
+
+      bufferlist bl;
+      bl.append(input.c_str()+pos, size);
+      encrypt.process(std::move(bl), pos);
+
+      pos = pos + size;
+    } while (pos < test_size);
+    encrypt.process({}, pos);
+
+    ASSERT_EQ(put_sink.get_sink().length(), static_cast<size_t>(test_size));
+
+    cbc = AES_256_CBC_create(g_ceph_context, &key[0], 16);
+    ASSERT_NE(cbc.get(), nullptr);
+
+    bufferlist encrypted;
+    bufferlist decrypted;
+    encrypted.append(put_sink.get_sink());
+    ASSERT_TRUE(cbc->decrypt(encrypted, 0, test_size, decrypted, 0));
+
+    ASSERT_EQ(decrypted.length(), test_size);
+    ASSERT_EQ(std::string_view(decrypted.c_str(), test_size),
+              std::string_view(input.c_str(), test_size));
+  }
+}
 
-TEST(TestRGWCrypto, verify_Encrypt_Decrypt)
+TEST(TestRGWCrypto, verify_Encrypt_Decrypt_AES)
 {
   uint8_t key[32];
   for(size_t i=0;i<sizeof(key);i++)
@@ -795,6 +1242,54 @@ TEST(TestRGWCrypto, verify_Encrypt_Decrypt)
   while (test_size < 20000);
 }
 
+TEST(TestRGWCrypto, verify_Encrypt_Decrypt_SM4)
+{
+  uint8_t key[16];
+  for(size_t i=0;i<sizeof(key);i++)
+    key[i]=i;
+
+  size_t fi_a = 0;
+  size_t fi_b = 1;
+  size_t test_size;
+  do
+  {
+    //fibonacci
+    size_t tmp = fi_b;
+    fi_b = fi_a + fi_b;
+    fi_a = tmp;
+
+    test_size = fi_b;
+
+    uint8_t* test_in = new uint8_t[test_size];
+    //fill with something
+    memset(test_in, test_size & 0xff, test_size);
+
+    ut_put_sink put_sink;
+    RGWPutObj_BlockEncrypt encrypt(g_ceph_context, &put_sink,
+                                   AES_256_CBC_create(g_ceph_context, &key[0], 16) );
+    bufferlist bl;
+    bl.append((char*)test_in, test_size);
+    encrypt.process(std::move(bl), 0);
+    encrypt.process({}, test_size);
+    ASSERT_EQ(put_sink.get_sink().length(), test_size);
+
+    bl.append(put_sink.get_sink().data(), put_sink.get_sink().length());
+    ASSERT_EQ(bl.length(), test_size);
+
+    ut_get_sink get_sink;
+    RGWGetObj_BlockDecrypt decrypt(g_ceph_context, &get_sink,
+                                   AES_256_CBC_create(g_ceph_context, &key[0], 16) );
+
+    off_t bl_ofs = 0;
+    off_t bl_end = test_size - 1;
+    decrypt.fixup_range(bl_ofs, bl_end);
+    decrypt.handle_data(bl, 0, bl.length());
+    decrypt.flush();
+    ASSERT_EQ(get_sink.get_sink().length(), test_size);
+    ASSERT_EQ(get_sink.get_sink(), std::string_view((char*)test_in,test_size));
+  }
+  while (test_size < 20000);
+}
 
 int main(int argc, char **argv) {
   vector<const char*> args;
-- 
Gitee