From 18e83f3624eaa23e065bb1874b09d884dee41d7c Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Fri, 24 Feb 2017 21:46:17 +0800 Subject: [PATCH] update saf --- crypto/saf/build.info | 2 +- crypto/saf/saf_app.c | 19 +++- crypto/saf/saf_cert.c | 1 - crypto/saf/saf_ec.c | 170 ++++++++++++++++++++++++++++++++---- crypto/saf/saf_enc.c | 170 ++++++++++++++++++++---------------- crypto/saf/saf_err.c | 24 ++--- crypto/saf/saf_hash.c | 1 - crypto/saf/saf_keyhandle.c | 22 ++++- crypto/saf/saf_lcl.h | 19 ++-- crypto/saf/saf_lib.c | 69 --------------- crypto/saf/saf_mac.c | 39 ++++++--- crypto/saf/saf_pkcs7.c | 1 + crypto/saf/saf_rand.c | 2 +- crypto/saf/saf_rsa.c | 139 +++++++++++++++++++++++++++-- crypto/saf/saf_sm2.c | 46 ++++++++-- crypto/saf/saf_symmkeyobj.c | 19 ++-- include/openssl/gmsaf.h | 90 ++++++++++--------- include/openssl/saf.h | 2 +- 18 files changed, 579 insertions(+), 256 deletions(-) diff --git a/crypto/saf/build.info b/crypto/saf/build.info index f9491f45..d9d2066c 100644 --- a/crypto/saf/build.info +++ b/crypto/saf/build.info @@ -1,4 +1,4 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=saf_lib.c saf_errstr.c saf_app.c saf_keyhandle.c \ saf_ec.c saf_sm2.c saf_rand.c saf_hash.c saf_enc.c saf_mac.c saf_symmkeyobj.c \ - saf_base64.c saf_cert.c saf_err.c + saf_base64.c saf_cert.c saf_err.c saf_pkcs7.c diff --git a/crypto/saf/saf_app.c b/crypto/saf/saf_app.c index 4a999537..9bbe105f 100644 --- a/crypto/saf/saf_app.c +++ b/crypto/saf/saf_app.c @@ -63,6 +63,7 @@ int SAF_Initialize( { int ret = SAR_UnknownErr; SAF_APP *app = NULL; + char *engine_id = pubCfgFilePath; if (!phAppHandle || !pubCfgFilePath) { SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_PASSED_NULL_PARAMETER); @@ -74,8 +75,19 @@ int SAF_Initialize( return SAR_MemoryErr; } + if (!(app->engine = ENGINE_by_id(engine_id)) + || !ENGINE_init(app->engine)) { + SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_ENGINE_LIB); + goto end; + } + *phAppHandle = app; - return SAR_Ok; + app = NULL; + ret = SAR_Ok; + +end: + SAF_Finalize(app); + return ret; } /* 7.1.3 */ @@ -83,6 +95,11 @@ int SAF_Finalize( void *hAppHandle) { SAF_APP *app = (SAF_APP *)hAppHandle; + + if (app->engine) { + ENGINE_finish(app->engine); + } + OPENSSL_free(app); return SAR_Ok; } diff --git a/crypto/saf/saf_cert.c b/crypto/saf/saf_cert.c index 8f8dda91..032d90ce 100644 --- a/crypto/saf/saf_cert.c +++ b/crypto/saf/saf_cert.c @@ -252,4 +252,3 @@ int SAF_EnumKeyContainerInfoFree( { return SAR_NotSupportYetErr; } - diff --git a/crypto/saf/saf_ec.c b/crypto/saf/saf_ec.c index 7850da48..437c2539 100644 --- a/crypto/saf/saf_ec.c +++ b/crypto/saf/saf_ec.c @@ -63,6 +63,7 @@ int SAF_GenEccKeyPair( unsigned int uiExportFlag) { int ret = -1; + SAF_APP *app = (SAF_APP *)hAppHandle; /* check arguments */ if (!hAppHandle || !pucContainerName) { @@ -88,13 +89,37 @@ int SAF_GenEccKeyPair( return SAR_KeyUsageErr; } - /* set return value */ - ret = SAR_Ok; + /* process */ + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; + if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, app->engine)) + || EVP_PKEY_keygen_init(pctx) <= 0 + || EVP_PKEY_keygen(pctx, &pkey) <= 0) { + SAFerr(SAF_F_SAF_GENECCKEYPAIR, ERR_R_EVP_LIB); + goto end; + } + + ret = SAR_Ok; end: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pkey); return ret; } +const char *SGD_GetKeyUsageName(unsigned int uiKeyUsage) +{ + switch (uiKeyUsage) { + case SGD_PK_SIGN: + return "sign"; + case SGD_PK_ENC: + return "enc"; + case SGD_PK_DH: + return "dh"; + } + return NULL; +} + /* 7.3.24 */ int SAF_GetEccPublicKey( void *hAppHandle, @@ -106,7 +131,6 @@ int SAF_GetEccPublicKey( { int ret = SAR_UnknownErr; SAF_APP *app = (SAF_APP *)hAppHandle; - int rv; /* check arguments */ if (!hAppHandle || !pucContainerName || !pucPublicKey || @@ -134,13 +158,30 @@ int SAF_GetEccPublicKey( return SAR_IndataErr; } - /* load public key */ + /* process */ + EVP_PKEY *pkey = NULL; + char key_id[1024]; + int len; + snprintf(key_id, sizeof(key_id), "%s.%s", (char *)pucContainerName, + SGD_GetKeyUsageName(uiKeyUsage)); + + if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) { + SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_ENGINE_LIB); + goto end; + } + if ((len = i2d_PUBKEY(pkey, &pucPublicKey)) <= 0) { + SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_X509_LIB); + goto end; + } + + *puiPublicKeyLen = (unsigned int)len; /* set return value */ ret = SAR_Ok; end: + EVP_PKEY_free(pkey); return ret; } @@ -156,8 +197,7 @@ int SAF_EccSign( unsigned int *puiSignDataLen) { int ret = SAR_UnknownErr; - void *hSessionHandle = NULL; - unsigned int uiISKIndex; + SAF_APP *app = (SAF_APP *)hAppHandle; /* check arguments */ if (!hAppHandle || !pucContainerName || !pucInData || @@ -185,8 +225,28 @@ int SAF_EccSign( return SAR_IndataErr; } + /* process */ + char key_id[1024]; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + size_t siglen; + + snprintf(key_id, sizeof(key_id), "%s.sign", (char *)pucContainerName); + + if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL)) + || !(pctx = EVP_PKEY_CTX_new(pkey, app->engine)) + || EVP_PKEY_sign_init(pctx) <= 0 + || EVP_PKEY_sign(pctx, pucSignData, &siglen, pucInData, (size_t)uiInDataLen) <= 0) { + SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_EVP_LIB); + goto end; + } + + *puiSignDataLen = (unsigned int)siglen; + ret = SAR_Ok; end: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); return ret; } @@ -224,9 +284,22 @@ int SAF_EccVerifySign( return SAR_IndataLenErr; } - ret = SAR_Ok; + /* process */ + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen)) + || !(pctx = EVP_PKEY_CTX_new(pkey, NULL)) + || EVP_PKEY_verify_init(pctx) <= 0 + || EVP_PKEY_verify(pctx, pucSignData, uiSignDataLen, pucInData, uiInDataLen) <= 0) { + SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_EVP_LIB); + goto end; + } + + ret = SAR_Ok; end: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); return ret; } @@ -269,8 +342,25 @@ int SAF_EccPublicKeyEnc( return SAR_IndataLenErr; } + /* precess */ + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + size_t outlen = *puiOutDataLen; + + if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen)) + || !(pctx = EVP_PKEY_CTX_new(pkey, NULL)) + || EVP_PKEY_decrypt_init(pctx) <= 0 + || EVP_PKEY_decrypt(pctx, pucOutData, &outlen, pucInData, uiInDataLen) <= 0) { + SAFerr(SAF_F_SAF_ECCPUBLICKEYENC, ERR_R_EVP_LIB); + goto end; + } + + *puiOutDataLen = (unsigned int)outlen; + ret = SAR_Ok; end: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); return ret; } @@ -285,8 +375,6 @@ int SAF_EccPublicKeyEncByCert( unsigned int *puiOutDataLen) { int ret = SAR_UnknownErr; - ECCrefPublicKey publicKey; - int rv; /* check arguments */ if (!pucCertificate || !pucInData || !pucOutData || !puiOutDataLen) { @@ -315,9 +403,36 @@ int SAF_EccPublicKeyEncByCert( return SAR_IndataLenErr; } + /* process */ + X509 *x509 = NULL; + unsigned char pubkey[1024]; + unsigned char *p = pubkey; + int len; + + if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) { + SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_X509_LIB); + goto end; + } + + if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) { + SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_X509_LIB); + goto end; + } + + ret = SAF_EccPublicKeyEnc( + pubkey, + (unsigned int)len, + uiAlgorithmID, + pucInData, + uiInDataLen, + pucOutData, + puiOutDataLen); + + /* set return value */ ret = SAR_Ok; end: + X509_free(x509); return ret; } @@ -332,8 +447,6 @@ int SAF_EccVerifySignByCert( unsigned int uiSignDataLen) { int ret = SAR_UnknownErr; - ECCrefPublicKey publicKey; - int rv; /* check arguments */ if (!pucCertificate || !pucInData || !pucSignData) { @@ -362,11 +475,39 @@ int SAF_EccVerifySignByCert( return SAR_IndataLenErr; } - /* load public key form cert */ + /* process */ + X509 *x509 = NULL; + unsigned char pucPublicKey[1024]; + unsigned int uiPublicKeyLen; + unsigned char *p = pucPublicKey; + int len; + + if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) { + SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_X509_LIB); + goto end; + } + + if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) { + SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_X509_LIB); + goto end; + } + + uiPublicKeyLen = (unsigned int)len; + + ret = SAF_EccVerifySign( + pucPublicKey, + uiPublicKeyLen, + uiAlgorithmID, + pucInData, + uiInDataLen, + pucSignData, + uiSignDataLen); + /* set return value */ ret = SAR_Ok; end: + X509_free(x509); return ret; } @@ -385,10 +526,9 @@ int SAF_GenerateAgreementDataWithECC( void **phAgreementHandle) { int ret = -1; - unsigned int uiISKIndex; ret = SAR_Ok; -end: + return ret; } @@ -405,7 +545,7 @@ int SAF_GenerateKeyWithECC( { int ret = -1; - return 0; + return ret; } /* 7.3.35 */ diff --git a/crypto/saf/saf_enc.c b/crypto/saf/saf_enc.c index 3e4e0887..250f2d12 100644 --- a/crypto/saf/saf_enc.c +++ b/crypto/saf/saf_enc.c @@ -63,21 +63,26 @@ int SAF_SymmEncryptUpdate( { int ret = SAR_UnknownErr; SAF_KEY *hkey = (SAF_KEY *)hKeyHandle; - unsigned char *out = pucOutData; - int inlen, outlen; + int outlen; if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) { SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER); return SAR_IndataErr; } - if (uiInDataLen > INT_MAX) { + + if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) { SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_LENGTH); return SAR_IndataLenErr; } if (!hkey->cipher_ctx) { - unsigned char iv[32]; - int ivlen; + const EVP_CIPHER *cipher; + + if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID))) { + SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE); + ret = SAR_IndataErr; + goto end; + } if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) { SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_MALLOC_FAILURE); @@ -85,31 +90,16 @@ int SAF_SymmEncryptUpdate( goto end; } - /* generate random iv and output */ - ivlen = EVP_CIPHER_block_size(hkey->cipher); - if (ivlen <= 0 || ivlen > sizeof(iv)) { - SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_CONTEXT); - ret = SAR_ObjErr; - goto end; - } - if (!RAND_bytes(iv, ivlen)) { - SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_GEN_RANDOM); - ret = SAR_GenRandErr; - goto end; - } - - /* output iv, update out pointer */ - memcpy(out, iv, ivlen); - out += ivlen; - - if (!EVP_EncryptInit(hkey->cipher_ctx, hkey->cipher, hkey->key, iv)) { + if (!EVP_EncryptInit_ex(hkey->cipher_ctx, cipher, + hkey->hSymmKeyObj->app->engine, + hkey->key, hkey->hSymmKeyObj->pucIV)) { SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_EVP_LIB); goto end; } } - inlen = (int)uiInDataLen; - if (!EVP_EncryptUpdate(hkey->cipher_ctx, out, &outlen, pucInData, inlen)) { + if (!EVP_EncryptUpdate(hkey->cipher_ctx, pucOutData, &outlen, + pucInData, (int)uiInDataLen)) { SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_EVP_LIB); goto end; } @@ -131,7 +121,31 @@ int SAF_SymmEncryptFinal( unsigned char *pucOutData, unsigned int *puiOutDataLen) { - return 0; + int ret = SAR_UnknownErr; + SAF_KEY *hkey = (SAF_KEY *)hKeyHandle; + int outlen; + + if (!hKeyHandle || !pucOutData || !puiOutDataLen) { + SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!hkey->cipher_ctx) { + SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, SAF_R_ENCRYPT_NOT_INITIALIED); + return SAR_NotInitializeErr; + } + + if (!EVP_EncryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) { + SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, ERR_R_EVP_LIB); + goto end; + } + *puiOutDataLen = (unsigned int)outlen; + + ret = SAR_OK; +end: + EVP_CIPHER_CTX_free(hkey->cipher_ctx); + hkey->cipher_ctx = NULL; + return ret; } /* 7.3.42 */ @@ -144,8 +158,7 @@ int SAF_SymmDecryptUpdate( { int ret = SAR_UnknownErr; SAF_KEY *hkey = (SAF_KEY *)hKeyHandle; - unsigned char *in = pucInData; - int inlen, outlen; + int outlen; if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) { SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER); @@ -156,11 +169,14 @@ int SAF_SymmDecryptUpdate( return SAR_IndataLenErr; } - inlen = (int)uiInDataLen; - if (!hkey->cipher_ctx) { - unsigned char iv[32]; - int ivlen; + const EVP_CIPHER *cipher; + + if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID))) { + SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE); + ret = SAR_IndataErr; + goto end; + } if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) { SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_MALLOC_FAILURE); @@ -168,25 +184,16 @@ int SAF_SymmDecryptUpdate( goto end; } - /* get iv from input */ - ivlen = EVP_CIPHER_block_size(hkey->cipher); - if (ivlen <= 0 || ivlen > sizeof(iv)) { - SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_CONTEXT); - ret = SAR_ObjErr; - goto end; - } - - memcpy(iv, in, ivlen); - in += ivlen; - inlen -= ivlen; - - if (!EVP_DecryptInit(hkey->cipher_ctx, hkey->cipher, hkey->key, iv)) { + if (!EVP_DecryptInit_ex(hkey->cipher_ctx, cipher, + hkey->hSymmKeyObj->app->engine, + hkey->key, hkey->hSymmKeyObj->pucIV)) { SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB); goto end; } } - if (!EVP_DecryptUpdate(hkey->cipher_ctx, pucOutData, &outlen, in, inlen)) { + if (!EVP_DecryptUpdate(hkey->cipher_ctx, pucOutData, &outlen, + pucInData, (int)uiInDataLen)) { SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB); goto end; } @@ -208,7 +215,32 @@ int SAF_SymmDecryptFinal( unsigned char *pucOutData, unsigned int *puiOutDataLen) { - return 0; + int ret = SAR_UnknownErr; + SAF_KEY *hkey = (SAF_KEY *)hKeyHandle; + int outlen; + + if (!hKeyHandle || !pucOutData || !puiOutDataLen) { + SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!hkey->cipher_ctx) { + SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, SAF_R_DECRYPT_NOT_INITIALIZED); + return SAR_NotInitializeErr; + } + + if (!EVP_DecryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) { + SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_EVP_LIB); + goto end; + } + *puiOutDataLen = (unsigned int)outlen; + + ret = SAR_OK; + +end: + EVP_CIPHER_CTX_free(hkey->cipher_ctx); + hkey->cipher_ctx = NULL; + return ret; } /* 7.3.38 */ @@ -219,24 +251,20 @@ int SAF_SymmEncrypt( unsigned char *pucOutData, unsigned int *puiOutDataLen) { - int ret; - unsigned char *out; - unsigned int outlen; - - out = pucOutData; - outlen = *puiOutDataLen; + int ret = SAR_UnknownErr; + unsigned int len; if ((ret = SAF_SymmEncryptUpdate(hKeyHandle, pucInData, uiInDataLen, - out, &outlen)) != SAR_OK) { + pucOutData, puiOutDataLen)) != SAR_OK) { return ret; } - out += outlen; - if ((ret = SAF_SymmEncryptFinal(hKeyHandle, out, &outlen)) != SAR_OK) { - return ret; - } - out += outlen; - *puiOutDataLen = out - pucOutData; + if ((ret = SAF_SymmEncryptFinal(hKeyHandle, + pucOutData + *puiOutDataLen, &len)) != SAR_OK) { + return ret; + } + *puiOutDataLen += len; + return SAR_OK; } @@ -248,23 +276,19 @@ int SAF_SymmDecrypt( unsigned char *pucOutData, unsigned int *puiOutDataLen) { - int ret; - unsigned char *out; - unsigned int outlen; - - out = pucOutData; - outlen = *puiOutDataLen; + int ret = SAR_UnknownErr; + unsigned int len; if ((ret = SAF_SymmDecryptUpdate(hKeyHandle, pucInData, uiInDataLen, - out, &outlen)) != SAR_OK) { + pucOutData, puiOutDataLen)) != SAR_OK) { return ret; } - out += outlen; - if ((ret = SAF_SymmDecryptFinal(hKeyHandle, out, &outlen)) != SAR_OK) { - return ret; - } - out += outlen; - *puiOutDataLen = out - pucOutData; + if ((ret = SAF_SymmDecryptFinal(hKeyHandle, + pucOutData + *puiOutDataLen, &len)) != SAR_OK) { + return ret; + } + *puiOutDataLen += len; + return SAR_OK; } diff --git a/crypto/saf/saf_err.c b/crypto/saf/saf_err.c index fd9f59cd..8fe3a94c 100644 --- a/crypto/saf/saf_err.c +++ b/crypto/saf/saf_err.c @@ -35,12 +35,11 @@ static ERR_STRING_DATA SAF_str_functs[] = { {ERR_FUNC(SAF_F_SAF_ECCVERIFYSIGN), "SAF_EccVerifySign"}, {ERR_FUNC(SAF_F_SAF_ECCVERIFYSIGNBYCERT), "SAF_EccVerifySignByCert"}, {ERR_FUNC(SAF_F_SAF_GENECCKEYPAIR), "SAF_GenEccKeyPair"}, - {ERR_FUNC(SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC), - "SAF_GenerateAgreementDataWithECC"}, - {ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHECC), "SAF_GenerateKeyWithECC"}, {ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"}, {ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"}, + {ERR_FUNC(SAF_F_SAF_GENRSAKEYPAIR), "SAF_GenRsaKeyPair"}, {ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"}, + {ERR_FUNC(SAF_F_SAF_GETRSAPUBLICKEY), "SAF_GetRsaPublicKey"}, {ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"}, {ERR_FUNC(SAF_F_SAF_IMPORTENCEDKEY), "SAF_ImportEncedKey"}, {ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"}, @@ -48,28 +47,33 @@ static ERR_STRING_DATA SAF_str_functs[] = { {ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"}, {ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"}, {ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"}, - {ERR_FUNC(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA), - "SAF_Pkcs7_DecodeDigestedData"}, - {ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA), - "SAF_Pkcs7_EncodeDigestedData"}, + {ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA), + "SAF_Pkcs7_EncodeEnvelopedData"}, + {ERR_FUNC(SAF_F_SAF_RSASIGN), "SAF_RsaSign"}, + {ERR_FUNC(SAF_F_SAF_RSAVERIFYSIGN), "SAF_RsaVerifySign"}, + {ERR_FUNC(SAF_F_SAF_SYMMDECRYPTFINAL), "SAF_SymmDecryptFinal"}, {ERR_FUNC(SAF_F_SAF_SYMMDECRYPTUPDATE), "SAF_SymmDecryptUpdate"}, + {ERR_FUNC(SAF_F_SAF_SYMMENCRYPTFINAL), "SAF_SymmEncryptFinal"}, {ERR_FUNC(SAF_F_SAF_SYMMENCRYPTUPDATE), "SAF_SymmEncryptUpdate"}, + {ERR_FUNC(SAF_F_SAF_VERIFYSIGNBYCERT), "SAF_VerifySignByCert"}, {0, NULL} }; static ERR_STRING_DATA SAF_str_reasons[] = { {ERR_REASON(SAF_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(SAF_R_CBCMAC_FAILURE), "cbcmac failure"}, {ERR_REASON(SAF_R_CMAC_FAILURE), "cmac failure"}, + {ERR_REASON(SAF_R_DECRYPT_NOT_INITIALIZED), "decrypt not initialized"}, {ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"}, + {ERR_REASON(SAF_R_ENCRYPT_NOT_INITIALIED), "encrypt not initialied"}, {ERR_REASON(SAF_R_GEN_RANDOM), "gen random"}, {ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"}, {ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"}, {ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"}, + {ERR_REASON(SAF_R_INVALID_CERTIFICATE), "invalid certificate"}, {ERR_REASON(SAF_R_INVALID_CONTEXT), "invalid context"}, - {ERR_REASON(SAF_R_INVALID_DIGEST_ALGOR), "invalid digest algor"}, {ERR_REASON(SAF_R_INVALID_HANDLE), "invalid handle"}, {ERR_REASON(SAF_R_INVALID_INPUT_LENGTH), "invalid input length"}, + {ERR_REASON(SAF_R_INVALID_KEY_HANDLE), "invalid key handle"}, {ERR_REASON(SAF_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"}, {ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"}, @@ -77,7 +81,7 @@ static ERR_STRING_DATA SAF_str_reasons[] = { {ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"}, {ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED), "operation not initialized"}, - {ERR_REASON(SAF_R_SAF_ERROR), "saf error"}, + {ERR_REASON(SAF_R_UNSUPPORTED_ALGOR), "unsupported algor"}, {0, NULL} }; diff --git a/crypto/saf/saf_hash.c b/crypto/saf/saf_hash.c index 3c0bf188..46b9c6b3 100644 --- a/crypto/saf/saf_hash.c +++ b/crypto/saf/saf_hash.c @@ -145,4 +145,3 @@ int SAF_Hash( return SAR_Ok; } - diff --git a/crypto/saf/saf_keyhandle.c b/crypto/saf/saf_keyhandle.c index 50de4f45..634d8880 100644 --- a/crypto/saf/saf_keyhandle.c +++ b/crypto/saf/saf_keyhandle.c @@ -82,8 +82,28 @@ int SAF_GenerateKeyWithEPK( return SAR_IndataLenErr; } +/* + 65 typedef struct { + 66 SAF_APP *app; + 67 unsigned char *pucContainerName; + 68 unsigned int uiContainerLen; + 69 unsigned char *pucIV; + 70 unsigned int uiIVLen; + 71 unsigned int uiEncOrDec; + 72 unsigned int uiCryptoAlgID; + 73 } SAF_SYMMKEYOBJ; + 74 + 75 typedef struct { + 76 SAF_SYMMKEYOBJ *hSymmKeyObj; + 77 unsigned char key[64]; + 78 int keylen; + 79 EVP_CIPHER_CTX *cipher_ctx; + 80 CMAC_CTX *cmac_ctx; + 81 } SAF_KEY; +*/ + outlen = (size_t)*puiSymmKeyLen; - if (!(cipher = EVP_get_cipherbysgd(obj->algor)) + if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID)) || !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher)) || !(pkey = d2i_PUBKEY(NULL, &pucPublicKey, (long)uiPublicKeyLen)) || !(pkctx = EVP_PKEY_CTX_new(pkey, NULL)) diff --git a/crypto/saf/saf_lcl.h b/crypto/saf/saf_lcl.h index 06fedd78..55f6040b 100644 --- a/crypto/saf/saf_lcl.h +++ b/crypto/saf/saf_lcl.h @@ -54,7 +54,6 @@ #include typedef struct saf_app_st { - const char *config_path; ENGINE *engine; } SAF_APP; @@ -64,20 +63,22 @@ typedef struct { } SAF_BASE64OBJ; typedef struct { - unsigned int algor; - unsigned char container[256]; - unsigned int containerlen; - unsigned char iv[16]; - unsigned int ivlen; - unsigned int enc; + SAF_APP *app; + unsigned char *pucContainerName; + unsigned int uiContainerLen; + unsigned char *pucIV; + unsigned int uiIVLen; + unsigned int uiEncOrDec; + unsigned int uiCryptoAlgID; } SAF_SYMMKEYOBJ; typedef struct { - SAF_SYMMKEYOBJ obj; + SAF_SYMMKEYOBJ *hSymmKeyObj; unsigned char key[64]; int keylen; - const EVP_CIPHER *cipher; EVP_CIPHER_CTX *cipher_ctx; CMAC_CTX *cmac_ctx; } SAF_KEY; +SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a); +void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *a); diff --git a/crypto/saf/saf_lib.c b/crypto/saf/saf_lib.c index a87e65a7..0621defe 100644 --- a/crypto/saf/saf_lib.c +++ b/crypto/saf/saf_lib.c @@ -50,77 +50,8 @@ #include #include "saf_lcl.h" -//FIXME: use PEM_write_bio_ECPrivateKey in next version -int saf_save_ec_keypair( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiKeyBits, - unsigned int uiKeyUsage, - unsigned int uiExportFlag, - ECCrefPublicKey *pucPublicKey, - ECCrefPrivateKey *pucPrivateKey) -{ - return -1; -} - -int saf_save_rsa_keypair(void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiKeyBits, - unsigned int uiKeyUsage, - unsigned int uiExportFlag, - RSArefPublicKey *pucPublicKey, - RSArefPrivateKey *pucPrivateKey) -{ - return -1; -} - -int saf_get_sdf_session_and_keyindex( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiKeyUsage, - void *phSessionHandle, - unsigned int puiKeyIndex) -{ - return -1; -} - -void saf_release_sdf_session(void *hSessionHandle) -{ -} - -int saf_get_sdf_session_and_ecsignkey( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiAlgorithmID, /* SGD_SM2_1 */ - void **phSessionhandle, - unsigned int *puiISKIndex) -{ - return -1; -} - -int saf_get_ec_public_key_from_cert( - unsigned char *pucCertificate, - unsigned int uiCertificateLen, - ECCrefPublicKey *pucPublicKey) -{ - return -1; -} - static int readfile(const char *file, unsigned char **pout, size_t *len) { return SAR_Ok; } -static int cert_get_pubkey( - unsigned char *pucCertificate, - unsigned int uiCertificateLen, - unsigned char **pout, - unsigned int *outlen) -{ - return 0; -} - diff --git a/crypto/saf/saf_mac.c b/crypto/saf/saf_mac.c index 0b6bf8e1..0e2a060d 100644 --- a/crypto/saf/saf_mac.c +++ b/crypto/saf/saf_mac.c @@ -67,18 +67,33 @@ int SAF_MacUpdate( return SAR_IndataErr; } + if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) { + SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + if (!hkey->cmac_ctx) { + const EVP_CIPHER *cipher; + + if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID))) { + SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_KEY_HANDLE); + ret = SAR_IndataErr; + goto end; + } + if (!(hkey->cmac_ctx = CMAC_CTX_new())) { SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_MALLOC_FAILURE); goto end; } - if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, hkey->cipher, NULL)) { + + if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, cipher, + hkey->hSymmKeyObj->app->engine)) { SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE); goto end; } } - if (!CMAC_Update(hkey->cmac_ctx, pucInData, (size_t)uiInDataLen)) { + if (!CMAC_Update(hkey->cmac_ctx, pucInData, uiInDataLen)) { SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE); return SAR_UnknownErr; } @@ -99,15 +114,16 @@ int SAF_MacFinal( unsigned char *pucOutData, unsigned int *puiOutDataLen) { + int ret = SAR_UnknownErr; SAF_KEY *hkey = (SAF_KEY *)hKeyHandle; - size_t siz; + size_t outlen = *puiOutDataLen; if (!hKeyHandle || !pucOutData || !puiOutDataLen) { SAFerr(SAF_F_SAF_MACFINAL, ERR_R_PASSED_NULL_PARAMETER); return SAR_IndataErr; } - if (*puiOutDataLen < EVP_CIPHER_block_size(hkey->cipher)) { + if (*puiOutDataLen < EVP_MAX_MD_SIZE) { SAFerr(SAF_F_SAF_MACFINAL, SAF_R_BUFFER_TOO_SMALL); return SAR_IndataLenErr; } @@ -117,14 +133,18 @@ int SAF_MacFinal( return SAR_UnknownErr; } - siz = EVP_CIPHER_block_size(hkey->cipher); - if (!CMAC_Final(hkey->cmac_ctx, pucOutData, &siz)) { + if (!CMAC_Final(hkey->cmac_ctx, pucOutData, &outlen)) { SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE); - return SAR_UnknownErr; + goto end; } - *puiOutDataLen = (unsigned int)siz; - return SAR_OK; + *puiOutDataLen = (unsigned int)outlen; + ret = SAR_Ok; + +end: + CMAC_CTX_free(hkey->cmac_ctx); + hkey->cmac_ctx = NULL; + return ret; } /* 7.4.44 */ @@ -144,4 +164,3 @@ int SAF_Mac( } return SAR_OK; } - diff --git a/crypto/saf/saf_pkcs7.c b/crypto/saf/saf_pkcs7.c index ea44b73d..6248261f 100644 --- a/crypto/saf/saf_pkcs7.c +++ b/crypto/saf/saf_pkcs7.c @@ -134,6 +134,7 @@ int SAF_Pkcs7_EncodeEnvelopedData( STACK_OF(X509) *certs = NULL; BIO *bio = NULL; const EVP_CIPHER *cipher; + int len; /* check arguments */ if (!hAppHandle || !pucData || !pucEncCertificate || !puiDerP7EnvelopedDataLen) { diff --git a/crypto/saf/saf_rand.c b/crypto/saf/saf_rand.c index 010b8de5..7fc5d03f 100644 --- a/crypto/saf/saf_rand.c +++ b/crypto/saf/saf_rand.c @@ -70,7 +70,7 @@ int SAF_GenRandom( return SAR_IndataErr; } - if (!RAND_bytes(pucRand, uiRandLen)) { + if (!RAND_bytes(pucRand, (int)uiRandLen)) { SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE); return SAR_GenRandErr; } diff --git a/crypto/saf/saf_rsa.c b/crypto/saf/saf_rsa.c index f05e4e8c..ea16b419 100644 --- a/crypto/saf/saf_rsa.c +++ b/crypto/saf/saf_rsa.c @@ -61,11 +61,30 @@ int SAF_GenRsaKeyPair(void *hAppHandle, unsigned int uiKeyUsage, unsigned int uiExportFlag) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + + /* process */ + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; + + if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, app->engine)) + || EVP_PKEY_keygen_init(pctx) <= 0 + || EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, uiKeyBits) <= 0 + || EVP_PKEY_keygen(pctx, &pkey) <= 0) { + SAFerr(SAF_F_SAF_GENRSAKEYPAIR, ERR_R_EVP_LIB); + goto end; + } + + ret = SAR_Ok; +end: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pkey); + return ret; } /* 7.3.17 */ -int SAF_GetPublicKey( +int SAF_GetRsaPublicKey( void *hAppHandle, unsigned char *pucContainerName, unsigned int uiContainerNameLen, @@ -73,7 +92,38 @@ int SAF_GetPublicKey( unsigned char *pucPublicKey, unsigned int *puiPublicKeyLen) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + + /* process */ + EVP_PKEY *pkey = NULL; + char key_id[1024]; + int len; + + snprintf(key_id, sizeof(key_id), "%s.%s", (char *)pucContainerName, + SGD_GetKeyUsageName(uiKeyUsage)); + + if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) { + SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_ENGINE_LIB); + goto end; + } + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_ENGINE_LIB); + goto end; + } + if ((len = i2d_PUBKEY(pkey, &pucPublicKey)) <= 0) { + SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_X509_LIB); + goto end; + } + + *puiPublicKeyLen = (unsigned int)len; + + /* set return value */ + ret = SAR_Ok; + +end: + EVP_PKEY_free(pkey); + return ret; } /* 7.3.18 */ @@ -87,7 +137,32 @@ int SAF_RsaSign( unsigned char *pucSignature, unsigned int *puiSignatureLen) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + + /* process */ + char key_id[1024]; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + size_t siglen; + + snprintf(key_id, sizeof(key_id), "%s.sign", (char *)pucContainerName); + + if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL)) + || !(pctx = EVP_PKEY_CTX_new(pkey, app->engine)) + || EVP_PKEY_sign_init(pctx) <= 0 + || EVP_PKEY_sign(pctx, pucSignData, &siglen, pucInData, (size_t)uiInDataLen) <= 0) { + SAFerr(SAF_F_SAF_RSASIGN, ERR_R_EVP_LIB); + goto end; + } + + *puiSignDataLen = (unsigned int)siglen; + + ret = SAR_Ok; +end: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); + return ret; } /* 7.3.19 */ @@ -113,7 +188,24 @@ int SAF_RsaVerifySign( unsigned char *pucSignature, unsigned int uiSignatureLen) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + /* process */ + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + + if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen)) + || !(pctx = EVP_PKEY_CTX_new(pkey, NULL)) + || EVP_PKEY_verify_init(pctx) <= 0 + || EVP_PKEY_verify(pctx, pucSignData, uiSignDataLen, pucInData, uiInDataLen) <= 0) { + SAFerr(SAF_F_SAF_RSAVERIFYSIGN, ERR_R_EVP_LIB); + goto end; + } + + ret = SAR_Ok; +end: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); + return ret; } /* 7.3.21 */ @@ -138,6 +230,39 @@ int SAF_VerifySignByCert( unsigned char *pucSignature, unsigned int uiSignatureLen) { - return SAR_OK; -} + int ret = SAR_UnknownErr; + /* process */ + X509 *x509 = NULL; + unsigned char pucPublicKey[1024]; + unsigned int uiPublicKeyLen; + unsigned char *p = pucPublicKey; + int len; + if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) { + SAFerr(SAF_F_SAF_VERIFYSIGNBYCERT, ERR_R_X509_LIB); + goto end; + } + + if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) { + SAFerr(SAF_F_SAF_VERIFYSIGNBYCERT, ERR_R_X509_LIB); + goto end; + } + + uiPublicKeyLen = (unsigned int)len; + + ret = SAF_RsaVerifySign( + pucPublicKey, + uiPublicKeyLen, + uiAlgorithmID, + pucInData, + uiInDataLen, + pucSignData, + uiSignDataLen); + + + /* set return value */ + ret = SAR_Ok; +end: + X509_free(x509); + return ret; +} diff --git a/crypto/saf/saf_sm2.c b/crypto/saf/saf_sm2.c index 1fc18df2..16efd49b 100644 --- a/crypto/saf/saf_sm2.c +++ b/crypto/saf/saf_sm2.c @@ -104,7 +104,18 @@ int SAF_SM2_EncodeSignedData( unsigned char *pucDerSignedData, unsigned int *puiDerSignedDataLen) { - return 0; + return SAF_Pkcs7_EncodeSignedData( + hAppHandle, + pucSignContainerName, + pucSignContainerName, + uiSignKeyUsage, + pucSignerCertificate, + uiSignerCertificateLen, + uiDigestAlgorithm, + pucData, + uiDataLen, + pucDerSignedData, + puiDerSignedDataLen); } /* 7.4.13 */ @@ -120,7 +131,17 @@ int SAF_SM2_DecodeSignedData( unsigned char *pucSign, unsigned int *puiSignLen) { - return 0; + return SAF_Pkcs7_DecodeSignedData( + hAppHandle, + pucDerSignedData, + uiDerSignedDataLen, + pucSignerCertificate, + uiSignerCertificateLen, + uiDigestAlgorithm, + pucData, + uiDataLen, + pucSign, + puiSignLen); } /* 7.4.14 */ @@ -134,8 +155,15 @@ int SAF_SM2_EncodeEnvelopedData( unsigned char *pucDerEnvelopedData, unsigned int *puiDerEnvelopedDataLen) { - int ret = SAR_UnknownErr; - return ret; + return SAF_Pkcs7_EncodeEnvelopedData( + hAppHandle, + pucData, + uiDataLen, + pucEncCertificate, + uiEncCertificateLen, + uiSymmAlgorithm, + pucDerEnvelopedData, + puiDerEnvelopedDataLen); } /* 7.4.15 */ @@ -149,5 +177,13 @@ int SAF_SM2_DecodeEnvelopedData( unsigned char *pucData, unsigned int *puiDataLen) { - return 0; + return SAF_Pkcs7_DecodeEnvelopedData( + hAppHandle, + pucDecContainerName, + uiDecContainerNameLen, + uiDecKeyUsage, + pucDerEnvelopedData, + uiDerEnvelopedDataLen, + pucData, + puiDataLen); } diff --git a/crypto/saf/saf_symmkeyobj.c b/crypto/saf/saf_symmkeyobj.c index 7a25bc20..892f1ecc 100644 --- a/crypto/saf/saf_symmkeyobj.c +++ b/crypto/saf/saf_symmkeyobj.c @@ -79,18 +79,18 @@ int SAF_CreateSymmKeyObj( return SAR_IndataLenErr; } - /* init object */ - if (!(obj = OPENSSL_zalloc(sizeof(*obj)))) { + if (!(obj = OPENSSL_zalloc(sizeof(*obj))) + || !(obj->pucContainerName = OPENSSL_memdup(pucContainerName, uiContainerLen)) + || !(obj->pucIV = OPENSSL_memdup(pucIV, uiIVLen))) { SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_MALLOC_FAILURE); goto end; } - memcpy(obj->container, pucContainerName, uiContainerLen); - obj->containerlen = uiContainerLen; - memcpy(obj->iv, pucIV, uiIVLen); - obj->ivlen = uiIVLen; - obj->enc = uiEncOrDec; - obj->algor = uiCryptoAlgID; + obj->app = (SAF_APP *)hAppHandle; + obj->uiContainerLen = uiContainerLen; + obj->uiIVLen = uiIVLen; + obj->uiEncOrDec = uiEncOrDec; + obj->uiCryptoAlgID = uiCryptoAlgID; /* set output */ *phSymmKeyObj = obj; @@ -109,7 +109,8 @@ int SAF_DestroySymmAlgoObj( { SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj; if (obj) { - OPENSSL_cleanse(obj, sizeof(*obj)); + OPENSSL_free(obj->pucContainerName); + OPENSSL_free(obj->pucIV); OPENSSL_free(obj); } return SAR_OK; diff --git a/include/openssl/gmsaf.h b/include/openssl/gmsaf.h index 0a77b383..cc236737 100644 --- a/include/openssl/gmsaf.h +++ b/include/openssl/gmsaf.h @@ -80,51 +80,57 @@ int ERR_load_SAF_strings(void); # define SAF_F_SAF_BASE64_ENCODE 104 # define SAF_F_SAF_BASE64_ENCODEFINAL 105 # define SAF_F_SAF_BASE64_ENCODEUPDATE 106 -# define SAF_F_SAF_CHANGEPIN 123 -# define SAF_F_SAF_CREATESYMMKEYOBJ 107 -# define SAF_F_SAF_ECCPUBLICKEYENC 108 -# define SAF_F_SAF_ECCPUBLICKEYENCBYCERT 109 -# define SAF_F_SAF_ECCSIGN 110 -# define SAF_F_SAF_ECCVERIFYSIGN 111 -# define SAF_F_SAF_ECCVERIFYSIGNBYCERT 112 -# define SAF_F_SAF_GENECCKEYPAIR 113 -# define SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC 114 -# define SAF_F_SAF_GENERATEKEYWITHECC 115 -# define SAF_F_SAF_GENERATEKEYWITHEPK 124 -# define SAF_F_SAF_GENRANDOM 125 -# define SAF_F_SAF_GETECCPUBLICKEY 116 -# define SAF_F_SAF_GETVERSION 126 -# define SAF_F_SAF_IMPORTENCEDKEY 127 -# define SAF_F_SAF_INITIALIZE 128 -# define SAF_F_SAF_LOGIN 129 -# define SAF_F_SAF_LOGOUT 130 -# define SAF_F_SAF_MACFINAL 117 -# define SAF_F_SAF_MACUPDATE 118 -# define SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA 119 -# define SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA 120 -# define SAF_F_SAF_SYMMDECRYPTUPDATE 121 -# define SAF_F_SAF_SYMMENCRYPTUPDATE 122 +# define SAF_F_SAF_CHANGEPIN 107 +# define SAF_F_SAF_CREATESYMMKEYOBJ 108 +# define SAF_F_SAF_ECCPUBLICKEYENC 109 +# define SAF_F_SAF_ECCPUBLICKEYENCBYCERT 110 +# define SAF_F_SAF_ECCSIGN 111 +# define SAF_F_SAF_ECCVERIFYSIGN 112 +# define SAF_F_SAF_ECCVERIFYSIGNBYCERT 113 +# define SAF_F_SAF_GENECCKEYPAIR 114 +# define SAF_F_SAF_GENERATEKEYWITHEPK 115 +# define SAF_F_SAF_GENRANDOM 116 +# define SAF_F_SAF_GENRSAKEYPAIR 117 +# define SAF_F_SAF_GETECCPUBLICKEY 118 +# define SAF_F_SAF_GETRSAPUBLICKEY 119 +# define SAF_F_SAF_GETVERSION 120 +# define SAF_F_SAF_IMPORTENCEDKEY 121 +# define SAF_F_SAF_INITIALIZE 122 +# define SAF_F_SAF_LOGIN 123 +# define SAF_F_SAF_LOGOUT 124 +# define SAF_F_SAF_MACFINAL 125 +# define SAF_F_SAF_MACUPDATE 126 +# define SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA 127 +# define SAF_F_SAF_RSASIGN 128 +# define SAF_F_SAF_RSAVERIFYSIGN 129 +# define SAF_F_SAF_SYMMDECRYPTFINAL 133 +# define SAF_F_SAF_SYMMDECRYPTUPDATE 130 +# define SAF_F_SAF_SYMMENCRYPTFINAL 134 +# define SAF_F_SAF_SYMMENCRYPTUPDATE 131 +# define SAF_F_SAF_VERIFYSIGNBYCERT 132 /* Reason codes. */ # define SAF_R_BUFFER_TOO_SMALL 100 -# define SAF_R_CBCMAC_FAILURE 101 -# define SAF_R_CMAC_FAILURE 115 -# define SAF_R_ENCRYPT_KEY_FAILURE 116 -# define SAF_R_GEN_RANDOM 102 -# define SAF_R_GEN_RANDOM_FAILURE 117 -# define SAF_R_INT_OVERFLOW 103 -# define SAF_R_INVALID_ALGOR 104 -# define SAF_R_INVALID_CONTEXT 105 -# define SAF_R_INVALID_DIGEST_ALGOR 106 -# define SAF_R_INVALID_HANDLE 107 -# define SAF_R_INVALID_INPUT_LENGTH 108 -# define SAF_R_INVALID_KEY_LENGTH 109 -# define SAF_R_INVALID_KEY_USAGE 110 -# define SAF_R_INVALID_LENGTH 111 -# define SAF_R_MAC_FAILURE 112 -# define SAF_R_NOT_SUPPORTED 118 -# define SAF_R_OPERATION_NOT_INITIALIZED 113 -# define SAF_R_SAF_ERROR 114 +# define SAF_R_CMAC_FAILURE 101 +# define SAF_R_DECRYPT_NOT_INITIALIZED 118 +# define SAF_R_ENCRYPT_KEY_FAILURE 102 +# define SAF_R_ENCRYPT_NOT_INITIALIED 119 +# define SAF_R_GEN_RANDOM 103 +# define SAF_R_GEN_RANDOM_FAILURE 104 +# define SAF_R_INT_OVERFLOW 105 +# define SAF_R_INVALID_ALGOR 106 +# define SAF_R_INVALID_CERTIFICATE 107 +# define SAF_R_INVALID_CONTEXT 108 +# define SAF_R_INVALID_HANDLE 109 +# define SAF_R_INVALID_INPUT_LENGTH 110 +# define SAF_R_INVALID_KEY_HANDLE 120 +# define SAF_R_INVALID_KEY_LENGTH 111 +# define SAF_R_INVALID_KEY_USAGE 112 +# define SAF_R_INVALID_LENGTH 113 +# define SAF_R_MAC_FAILURE 114 +# define SAF_R_NOT_SUPPORTED 115 +# define SAF_R_OPERATION_NOT_INITIALIZED 116 +# define SAF_R_UNSUPPORTED_ALGOR 117 # ifdef __cplusplus } diff --git a/include/openssl/saf.h b/include/openssl/saf.h index cb61d134..ce170591 100644 --- a/include/openssl/saf.h +++ b/include/openssl/saf.h @@ -334,7 +334,7 @@ int SAF_GenRsaKeyPair( unsigned int uiKeyUsage, unsigned int uiExportFlag); -int SAF_GetPublicKey( +int SAF_GetRsaPublicKey( void *hAppHandle, unsigned char *pucContainerName, unsigned int uiContainerNameLen,