abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 03:13:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix

Browse Source 
Thanks to github.com/Jkinglyf
This commit is contained in:
Zhi Guan
2016-05-30 12:50:06 +02:00
parent ee4384daeb
commit 2bf25bd29f
55 changed files with 2044 additions and 1672 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/ec/ec.h
View File

@@ -1299,6 +1299,10 @@ void ERR_load_EC_strings(void);
# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
# define EC_R_DECODE_ERROR 142
# define EC_R_DISCRIMINANT_IS_ZERO 118
# define EC_R_ECIES_DECRYPT_FAILED 152
# define EC_R_ECIES_DECRYPT_WITH_RECOMMENDED_FAILED 153
# define EC_R_ECIES_ENCRYPT_FAILED 154
# define EC_R_ECIES_ENCRYPT_WITH_RECOMMENDED_FAILED 155
# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
# define EC_R_FIELD_TOO_LARGE 143
# define EC_R_GF2M_NOT_SUPPORTED 147
@@ -1312,6 +1316,7 @@ void ERR_load_EC_strings(void);
# define EC_R_INVALID_DIGEST 151
# define EC_R_INVALID_DIGEST_TYPE 138
# define EC_R_INVALID_ENCODING 102
# define EC_R_INVALID_ENC_TYPE 156
# define EC_R_INVALID_FIELD 103
# define EC_R_INVALID_FORM 104
# define EC_R_INVALID_GROUP_ORDER 122
@@ -1335,6 +1340,10 @@ void ERR_load_EC_strings(void);
# define EC_R_POINT_IS_NOT_ON_CURVE 107
# define EC_R_SHARED_INFO_ERROR 150
# define EC_R_SLOT_FULL 108
# define EC_R_SM2_DECRYPT_FAILED 157
# define EC_R_SM2_DECRYPT_WITH_RECOMMENDED_FAILED 158
# define EC_R_SM2_ENCRYPT_FAILED 159
# define EC_R_SM2_ENCRYPT_WITH_RECOMMENDED_FAILED 160
# define EC_R_UNDEFINED_GENERATOR 113
# define EC_R_UNDEFINED_ORDER 128
# define EC_R_UNKNOWN_GROUP 129

13
crypto/ec/ec_err.c
View File

@@ -288,6 +288,12 @@ static ERR_STRING_DATA EC_str_reasons[] = {
"d2i ecpkparameters failure"},
{ERR_REASON(EC_R_DECODE_ERROR), "decode error"},
{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"},
{ERR_REASON(EC_R_ECIES_DECRYPT_FAILED), "ecies decrypt failed"},
{ERR_REASON(EC_R_ECIES_DECRYPT_WITH_RECOMMENDED_FAILED),
"ecies decrypt with recommended failed"},
{ERR_REASON(EC_R_ECIES_ENCRYPT_FAILED), "ecies encrypt failed"},
{ERR_REASON(EC_R_ECIES_ENCRYPT_WITH_RECOMMENDED_FAILED),
"ecies encrypt with recommended failed"},
{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
"ec group new by name failure"},
{ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"},
@@ -304,6 +310,7 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_INVALID_DIGEST), "invalid digest"},
{ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
{ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"},
{ERR_REASON(EC_R_INVALID_ENC_TYPE), "invalid enc type"},
{ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
{ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
{ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
@@ -329,6 +336,12 @@ static ERR_STRING_DATA EC_str_reasons[] = {
{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
{ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_REASON(EC_R_SLOT_FULL), "slot full"},
{ERR_REASON(EC_R_SM2_DECRYPT_FAILED), "sm2 decrypt failed"},
{ERR_REASON(EC_R_SM2_DECRYPT_WITH_RECOMMENDED_FAILED),
"sm2 decrypt with recommended failed"},
{ERR_REASON(EC_R_SM2_ENCRYPT_FAILED), "sm2 encrypt failed"},
{ERR_REASON(EC_R_SM2_ENCRYPT_WITH_RECOMMENDED_FAILED),
"sm2 encrypt with recommended failed"},
{ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"},
{ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"},
{ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"},

63
crypto/ec/ec_pmeth.c
View File

@@ -195,7 +195,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
dctx->sign_type != NID_sm_scheme) {
return 0;
}
if (dctx->md)
type = EVP_MD_type(dctx->md);
else if (dctx->sign_type == NID_secg_scheme)
@@ -324,7 +324,7 @@ static int pkey_ec_verifyctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
if (dctx->sign_type == NID_sm_scheme) {
zidlen = sizeof(zid);
if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
goto end;
@@ -369,55 +369,87 @@ static int pkey_ec_verifyctx(EVP_PKEY_CTX *ctx,
static int pkey_ec_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
int ret = 0;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec_key = ctx->pkey->pkey.ec;
switch (dctx->enc_type) {
case NID_sm_scheme:
if (dctx->enc_param.sm2) {
ret = SM2_encrypt(dctx->enc_param.sm2, out, outlen, in, inlen, ec_key);
if (!SM2_encrypt(dctx->enc_param.sm2, out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_SM2_ENCRYPT_FAILED);
return 0;
}
} else {
ret = SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
if (!SM2_encrypt_with_recommended(out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_SM2_ENCRYPT_WITH_RECOMMENDED_FAILED);
return 0;
}
}
break;
case NID_secg_scheme:
if (dctx->enc_param.ecies) {
ret = ECIES_encrypt(dctx->enc_param.ecies, out, outlen, in, inlen, ec_key);
if (!ECIES_encrypt(dctx->enc_param.ecies, out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_ECIES_ENCRYPT_FAILED);
return 0;
}
} else {
ret = ECIES_encrypt_with_recommended(out, outlen, in, inlen, ec_key);
if (!ECIES_encrypt_with_recommended(out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_ECIES_ENCRYPT_WITH_RECOMMENDED_FAILED);
return 0;
}
}
break;
default:
ECerr(EC_F_PKEY_EC_ENCRYPT, EC_R_INVALID_ENC_TYPE);
return 0;
}
return ret;
return 1;
}
static int pkey_ec_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
int ret;
EC_PKEY_CTX *dctx = ctx->data;
EC_KEY *ec_key = ctx->pkey->pkey.ec;
switch (dctx->enc_type) {
case NID_sm_scheme:
if (dctx->enc_param.sm2) {
ret = SM2_decrypt(dctx->enc_param.sm2, out, outlen, in, inlen, ec_key);
if (!SM2_decrypt(dctx->enc_param.sm2, out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_SM2_DECRYPT_FAILED);
return 0;
}
} else {
ret = SM2_decrypt_with_recommended(out, outlen, in, inlen, ec_key);
if (!SM2_decrypt_with_recommended(out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_SM2_DECRYPT_WITH_RECOMMENDED_FAILED);
return 0;
}
}
break;
case NID_secg_scheme:
if (dctx->enc_param.ecies) {
ret = ECIES_decrypt(dctx->enc_param.ecies, out, outlen, in, inlen, ec_key);
if (dctx->enc_param.ecies) {
if (!ECIES_decrypt(dctx->enc_param.ecies, out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_ECIES_DECRYPT_FAILED);
return 0;
}
} else {
ret = ECIES_decrypt_with_recommended(out, outlen, in, inlen, ec_key);
if (!ECIES_decrypt_with_recommended(out, outlen, in, inlen, ec_key)) {
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_ECIES_DECRYPT_WITH_RECOMMENDED_FAILED);
return 0;
}
}
break;
default:
ECerr(EC_F_PKEY_EC_DECRYPT, EC_R_INVALID_ENC_TYPE);
return 0;
}
return ret;
return 1;
}
#ifndef OPENSSL_NO_ECDH
@@ -680,7 +712,6 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
return 0;
}
printf("curve = %s\n", value);
return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
} else if (!strcmp(type, "ec_param_enc")) {
int param_enc;

2
crypto/err/err.c
View File

@@ -163,6 +163,8 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_CBCMAC, 0, 0), "CBCMAC routines"},
{ERR_PACK(ERR_LIB_OTP, 0, 0), "OTP routines"},
{ERR_PACK(ERR_LIB_SM9, 0, 0), "SM9 routines"},
{ERR_PACK(ERR_LIB_PAILLIER, 0, 0), "Paillier routines"},
{ERR_PACK(ERR_LIB_FFX, 0, 0), "FFX routines"},
# endif
{0, NULL},
};

6
crypto/err/err.h
View File

@@ -206,6 +206,8 @@ typedef struct err_state_st {
# define ERR_LIB_CBCMAC 54
# define ERR_LIB_OTP 55
# define ERR_LIB_SM9 56
# define ERR_LIB_PAILLIER 57
# define ERR_LIB_FFX 58
# endif
# define ERR_LIB_USER 128
@@ -252,6 +254,8 @@ typedef struct err_state_st {
# define CBCMACerr(f,r) ERR_PUT_error(ERR_LIB_CBCMAC,(f),(r),__FILE__,__LINE__);
# define OTPerr(f,r) ERR_PUT_error(ERR_LIB_OTP,(f),(r),__FILE__,__LINE__);
# define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),__FILE__,__LINE__);
# define PAILLIERerr(f,r) ERR_PUT_error(ERR_LIB_PAILLIER,(f),(r),__FILE__,__LINE__);
# define FFXerr(f,r) ERR_PUT_error(ERR_LIB_FFX,(f),(r),__FILE__,__LINE__);
# endif
/*
@@ -318,6 +322,8 @@ typedef struct err_state_st {
# define ERR_R_CBCMAC_LIB ERR_LIB_CBCMAC/* 54 */
# define ERR_R_OTP_LIB ERR_LIB_CBCMAC/* 55 */
# define ERR_R_SM9_LIB ERR_LIB_SM9/* 56 */
# define ERR_R_PAILLIER_LIB ERR_LIB_PAILLIER/* 57 */
# define ERR_R_FFX_LIB ERR_LIB_FFX/* 58 */
# endif
# define ERR_R_NESTED_ASN1_ERROR 58

4
crypto/err/err_all.c
View File

@@ -116,6 +116,8 @@
# include <openssl/cbcmac.h>
# include <openssl/otp.h>
# include <openssl/sm9.h>
# include <openssl/paillier.h>
# include <openssl/ffx.h>
#endif
void ERR_load_crypto_strings(void)
@@ -182,6 +184,8 @@ void ERR_load_crypto_strings(void)
ERR_load_CBCMAC_strings();
ERR_load_OTP_strings();
ERR_load_SM9_strings();
ERR_load_PAILLIER_strings();
ERR_load_FFX_strings();
# endif
#endif
}

2
crypto/err/openssl.ec
View File

@@ -42,6 +42,8 @@ L CPK crypto/cpk/cpk.h crypto/cpk/cpk_err.c
L CBCMAC crypto/cbcmac/cbcmac.h crypto/cbcmac/cbcmac_err.c
L OTP crypto/otp/otp.h crypto/otp/otp_err.c
L SM9 crypto/sm9/sm9.h crypto/sm9/sm9_err.c
L PAILLIER crypto/paillier/paillier.h crypto/paillier/pai_err.c
L FFX crypto/ffx/ffx.h crypto/ffx/ffx_err.c
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE

8
crypto/evp/evp.h
View File

@@ -1422,8 +1422,10 @@ void ERR_load_EVP_strings(void);
# define EVP_F_EVP_CIPHER_CTX_CTRL 124
# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
# define EVP_F_EVP_DECRYPTFINAL_EX 101
# define EVP_F_EVP_DECRYPT_EX 201
# define EVP_F_EVP_DIGESTINIT_EX 128
# define EVP_F_EVP_ENCRYPTFINAL_EX 127
# define EVP_F_EVP_ENCRYPT_EX 200
# define EVP_F_EVP_MD_CTX_COPY_EX 110
# define EVP_F_EVP_MD_SIZE 162
# define EVP_F_EVP_OPENINIT 102
@@ -1481,11 +1483,6 @@ void ERR_load_EVP_strings(void);
# define EVP_F_RC2_MAGIC_TO_METH 109
# define EVP_F_RC5_CTRL 125
# ifndef OPENSSL_NO_GMSSL
# define EVP_F_EVP_ENCRYPT_EX 200
# define EVP_F_EVP_DECRYPT_EX 201
# endif
/* Reason codes. */
# define EVP_R_AES_IV_SETUP_FAILED 162
# define EVP_R_AES_KEY_SETUP_FAILED 143
@@ -1541,6 +1538,7 @@ void ERR_load_EVP_strings(void);
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
# define EVP_R_RSA_PUBLIC_ENCRYPT_FAILED 171
# define EVP_R_TOO_LARGE 164
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161

15
crypto/evp/evp_err.c
View File

@@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */
/* ====================================================================
* Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -92,8 +92,10 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
"EVP_CIPHER_CTX_set_key_length"},
{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
{ERR_FUNC(EVP_F_EVP_DECRYPT_EX), "EVP_Decrypt_ex"},
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
{ERR_FUNC(EVP_F_EVP_ENCRYPT_EX), "EVP_Encrypt_ex"},
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
@@ -152,10 +154,6 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"},
{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
#ifndef OPENSSL_NO_GMSSL
{ERR_FUNC(EVP_F_EVP_ENCRYPT_EX), "EVP_Encrypt_ex"},
{ERR_FUNC(EVP_F_EVP_DECRYPT_EX), "EVP_Decrypt_ex"},
#endif
{0, NULL}
};
@@ -169,8 +167,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"},
{ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"},
{ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
"camellia key setup failed"},
{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"},
{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"},
{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"},
@@ -216,11 +213,11 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
"pkcs8 unknown broken type"},
{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"},
{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
{ERR_REASON(EVP_R_RSA_PUBLIC_ENCRYPT_FAILED), "rsa public encrypt failed"},
{ERR_REASON(EVP_R_TOO_LARGE), "too large"},
{ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},

21
crypto/evp/p_enc.c
View File

@@ -75,16 +75,29 @@ int EVP_PKEY_encrypt_old(unsigned char *out, const unsigned char *in,
size_t size;
if (pkey->type == EVP_PKEY_RSA) {
ret = RSA_public_encrypt(inlen, in, out, pkey->pkey.rsa,
RSA_PKCS1_PADDING);
if ((ret = RSA_public_encrypt(inlen, in, out, pkey->pkey.rsa,
RSA_PKCS1_PADDING)) < 0) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD,
EVP_R_RSA_PUBLIC_ENCRYPT_FAILED);
return 0;
}
} else {
if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, ERR_R_EVP_LIB);
return 0;
}
if (1 != EVP_PKEY_encrypt_init(ctx)) {
if (!EVP_PKEY_encrypt_init(ctx)) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, ERR_R_EVP_LIB);
return 0;
}
if (1 != EVP_PKEY_encrypt(ctx, out, &size, in, inlen)) {
if (!EVP_PKEY_CTX_set_ec_enc_type(ctx, NID_sm_scheme)) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, ERR_R_EVP_LIB);
goto end;
}
/* FIXME: this old API lost input buffer length */
size = inlen + 256;
if (!EVP_PKEY_encrypt(ctx, out, &size, in, inlen)) {
EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, ERR_R_EVP_LIB);
goto end;
}
ret = (int)size;

5
crypto/evp/p_open.c
View File

@@ -82,12 +82,13 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
if (!priv)
return 1;
if (priv->type != EVP_PKEY_RSA) {
if ((EVP_PKEY_base_id(priv) != EVP_PKEY_RSA) &&
(EVP_PKEY_base_id(priv) != EVP_PKEY_EC)) {
EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
goto err;
}
size = RSA_size(priv->pkey.rsa);
size = EVP_PKEY_size(priv);
key = (unsigned char *)OPENSSL_malloc(size + 2);
if (key == NULL) {
/* ERROR */

6
crypto/ffx/Makefile
View File

@@ -13,12 +13,12 @@ AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=
TEST=ffxtest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=ffx.c
LIBOBJ=ffx.o
LIBSRC=ffx.c ffx_err.c
LIBOBJ=ffx.o ffx_err.o
SRC= $(LIBSRC)

100
crypto/ffx/ffx.c
View File

@@ -50,7 +50,7 @@
/*
* Format-Preserve Encryption
* implementation of NIST 800-38G FF1 schemes
*
*
* FPE is used to encrypt strings such as credit card numbers and phone numbers
* the ciphertext is still in valid format, for example:
* FPE_encrypt("13810631266") == "98723498792"
@@ -65,12 +65,12 @@
#include <inttypes.h>
#include <openssl/err.h>
#include <openssl/aes.h>
#include "ffx.h"
#include <openssl/ffx.h>
#define FFX_MIN_DIGITS 6
#define FFX_MAX_DIGITS 18
#define FFX_MIN_TWEAKLEN 4
#define FFX_MAX_TWEAKLEN 11
#define FFX_MAX_TWEAKLEN 11
#define FFX_NUM_ROUNDS 10
@@ -93,11 +93,11 @@ int FFX_init(FFX_CTX *ctx, int flag, const unsigned char *key, int keybits)
ctx->flag = flag;
if (AES_set_encrypt_key(key, keybits, &ctx->key) < 0) {
fprintf(stderr, "error: %s: %s: %d\n", __FUNCTION__, __FILE__, __LINE__);
return -1;
FFXerr(FFX_F_FFX_INIT, FFX_R_INIT_KEY_FAILED);
return 0;
}
return 0;
return 1;
}
void FFX_cleanup(FFX_CTX *ctx)
@@ -122,15 +122,15 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
assert(in);
assert(tweak);
if (inlen > strlen(in) ||
if (inlen > strlen(in) ||
inlen < FFX_MIN_DIGITS || inlen > FFX_MAX_DIGITS) {
fprintf(stderr, "%s: invalid digits length\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_DIGITS_LENGTH);
return 0;
}
for (i = 0; i < inlen; i++) {
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digits format\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_DIGITS_FORMAT);
return 0;
}
}
llen = inlen / 2;
@@ -138,8 +138,8 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
fprintf(stderr, "%s: invalid tweak length\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_TWEAK_LENGTH);
return 0;
}
memcpy(lbuf, in, llen);
@@ -155,9 +155,9 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
memset(qblock, 0, sizeof(qblock));
memcpy(qblock, tweak, tweaklen);
for (i = 0; i < FFX_NUM_ROUNDS; i += 2) {
unsigned char rblock[16];
int j;
@@ -169,7 +169,7 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
AES_encrypt(rblock, rblock, &ctx->key);
yval = *((uint64_t *)rblock) % modulo[llen];
lval = (lval + yval) % modulo[llen];
qblock[11] = (i + 1) & 0xff;
memcpy(qblock + 12, &lval, sizeof(lval));
for (j = 0; j < sizeof(rblock); j++) {
@@ -186,7 +186,7 @@ int FFX_encrypt(FFX_CTX *ctx, const char *in, size_t inlen,
sprintf(lbuf, "%d", lval);
strcpy(out + inlen - strlen(lbuf), lbuf);
return 0;
return 1;
}
int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
@@ -208,21 +208,21 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
if (inlen > strlen(in) ||
inlen < FFX_MIN_DIGITS || inlen > FFX_MAX_DIGITS) {
fprintf(stderr, "%s: invalid digits length\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_DIGITS_LENGTH);
return 0;
}
for (i = 0; i < inlen; i++) {
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digits format\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_DIGITS_FORMAT);
return 0;
}
}
rlen = inlen / 2;
llen = inlen - rlen;
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
fprintf(stderr, "%s: invalid tweak length\n", __FUNCTION__);
return -1;
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_TWEAK_LENGTH);
return 0;
}
memcpy(lbuf, in, llen);
@@ -238,9 +238,9 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
memset(qblock, 0, sizeof(qblock));
memcpy(qblock, tweak, tweaklen);
for (i = FFX_NUM_ROUNDS - 1; i > 0; i -= 2) {
unsigned char rblock[16];
int j;
@@ -252,7 +252,7 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
AES_encrypt(rblock, rblock, &ctx->key);
yval = *((uint64_t *)rblock) % modulo[llen];
lval = (lval >= yval) ? (lval - yval) : lval + modulo[llen] - yval;
qblock[11] = (i - 1) & 0xff;
memcpy(qblock + 12, &lval, sizeof(lval));
for (j = 0; j < sizeof(rblock); j++) {
@@ -272,40 +272,6 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
return 0;
}
static int test()
{
char buf[100];
char buf2[100];
unsigned char key[32] = {0};
unsigned char tweak[8] = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 };
FFX_CTX ctx;
int r;
ERR_load_crypto_strings();
if (FFX_init(&ctx, 0, key, sizeof(key) * 8) < 0) {
ERR_print_errors_fp(stderr);
fprintf(stderr, "%s: %d\n", __FILE__, __LINE__);
return -1;
}
char *in = "99999999999999999";
r = FFX_encrypt(&ctx, in, strlen(in), tweak, sizeof(tweak), buf);
if (r < 0) {
printf("failed\n");
return -1;
}
printf("%s\n", buf);
printf("\n");
r = FFX_decrypt(&ctx, buf, strlen(buf), tweak, sizeof(tweak), buf2);
printf("%s\n", buf2);
return 0;
}
static int luhn_table[10] = {0, 2, 4, 6, 8, 1, 3, 5, 7, 9};
/*
@@ -320,7 +286,7 @@ int FFX_compute_luhn(const char *in, size_t inlen)
for (i = inlen - 1; i >= 0; i--) {
int a;
if (!isdigit(in[i])) {
fprintf(stderr, "%s: invalid digit string\n", __FUNCTION__);
FFXerr(FFX_F_FFX_COMPUTE_LUHN, FFX_R_INVALID_DIGIT_STRING);
return -2;
}
a = in[i] - '0';
@@ -333,15 +299,3 @@ int FFX_compute_luhn(const char *in, size_t inlen)
return r;
}
#if 0
int luhn_test()
{
char *digits = "7992739871";
int r = compute_luhn(digits, strlen(digits));
printf("%c", r);
return 0;
}
#endif

26
crypto/ffx/ffx.h
View File

@@ -72,8 +72,30 @@ int FFX_decrypt(FFX_CTX *ctx, const char *in, size_t inlen,
const unsigned char *tweak, size_t tweaklen, char *out);
int FFX_compute_luhn(const char *in, size_t inlen);
#ifdef __cplusplus
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_FFX_strings(void);
/* Error codes for the FFX functions. */
/* Function codes. */
# define FFX_F_FFX_COMPUTE_LUHN 100
# define FFX_F_FFX_DECRYPT 101
# define FFX_F_FFX_ENCRYPT 102
# define FFX_F_FFX_INIT 103
/* Reason codes. */
# define FFX_R_INIT_KEY_FAILED 100
# define FFX_R_INVALID_DIGITS_FORMAT 101
# define FFX_R_INVALID_DIGITS_LENGTH 102
# define FFX_R_INVALID_DIGIT_STRING 103
# define FFX_R_INVALID_TWEAK_LENGTH 104
#ifdef __cplusplus
}
#endif
#endif

100
crypto/ffx/ffx_err.c Normal file
View File

@@ -0,0 +1,100 @@
/* crypto/ffx/ffx_err.c */
/* ====================================================================
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ffx.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FFX,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FFX,0,reason)
static ERR_STRING_DATA FFX_str_functs[] = {
{ERR_FUNC(FFX_F_FFX_COMPUTE_LUHN), "FFX_compute_luhn"},
{ERR_FUNC(FFX_F_FFX_DECRYPT), "FFX_decrypt"},
{ERR_FUNC(FFX_F_FFX_ENCRYPT), "FFX_encrypt"},
{ERR_FUNC(FFX_F_FFX_INIT), "FFX_init"},
{0, NULL}
};
static ERR_STRING_DATA FFX_str_reasons[] = {
{ERR_REASON(FFX_R_INIT_KEY_FAILED), "init key failed"},
{ERR_REASON(FFX_R_INVALID_DIGITS_FORMAT), "invalid digits format"},
{ERR_REASON(FFX_R_INVALID_DIGITS_LENGTH), "invalid digits length"},
{ERR_REASON(FFX_R_INVALID_DIGIT_STRING), "invalid digit string"},
{ERR_REASON(FFX_R_INVALID_TWEAK_LENGTH), "invalid tweak length"},
{0, NULL}
};
#endif
void ERR_load_FFX_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(FFX_str_functs[0].error) == NULL) {
ERR_load_strings(0, FFX_str_functs);
ERR_load_strings(0, FFX_str_reasons);
}
#endif
}

118
crypto/ffx/ffxtest.c Normal file
View File

@@ -0,0 +1,118 @@
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
/*
* Format-Preserve Encryption
* implementation of NIST 800-38G FF1 schemes
*
* FPE is used to encrypt strings such as credit card numbers and phone numbers
* the ciphertext is still in valid format, for example:
* FPE_encrypt("13810631266") == "98723498792"
* the output is still 11 digits
*/
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <assert.h>
#include <openssl/ffx.h>
static int test()
{
char buf[100];
char buf2[100];
unsigned char key[32] = {0};
unsigned char tweak[8] = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38 };
FFX_CTX ctx;
int r;
ERR_load_crypto_strings();
if (FFX_init(&ctx, 0, key, sizeof(key) * 8) < 0) {
ERR_print_errors_fp(stderr);
fprintf(stderr, "%s: %d\n", __FILE__, __LINE__);
return -1;
}
char *in = "99999999999999999";
r = FFX_encrypt(&ctx, in, strlen(in), tweak, sizeof(tweak), buf);
if (r < 0) {
printf("failed\n");
return -1;
}
printf("%s\n", buf);
printf("\n");
r = FFX_decrypt(&ctx, buf, strlen(buf), tweak, sizeof(tweak), buf2);
printf("%s\n", buf2);
return 0;
}
/*
* 7992739871, checksum = 3
*/
int luhn_test()
{
char *digits = "7992739871";
int r = compute_luhn(digits, strlen(digits));
printf("%c", r);
return 0;
}
int main(int argc, char **argv)
{
return 0;
}

30
crypto/objects/obj_dat.h
View File

@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
#define NUM_NID 1045
#define NUM_SN 1021
#define NUM_LN 1021
#define NUM_OBJ 959
#define NUM_NID 1049
#define NUM_SN 1025
#define NUM_LN 1025
#define NUM_OBJ 963
static const unsigned char lvalues[6762]={
static const unsigned char lvalues[6794]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -1021,6 +1021,10 @@ static const unsigned char lvalues[6762]={
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x7A, /* [6736] OBJ_sm2sign_with_sha384 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x7B, /* [6744] OBJ_sm2sign_with_rmd160 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,0x65,/* [6752] OBJ_wapip192v1 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x05, /* [6761] OBJ_sm1_cfb1 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x66,0x06, /* [6769] OBJ_sm1_cfb8 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x05, /* [6777] OBJ_ssf33_cfb1 */
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x67,0x06, /* [6785] OBJ_ssf33_cfb8 */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2697,6 +2701,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
{"SM2Sign-with-RMD160","sm2sign-with-rmd160",NID_sm2sign_with_rmd160,
8,&(lvalues[6744]),0},
{"wapip192v1","wapip192v1",NID_wapip192v1,9,&(lvalues[6752]),0},
{"SM1-CFB1","sm1-cfb1",NID_sm1_cfb1,8,&(lvalues[6761]),0},
{"SM1-CFB8","sm1-cfb8",NID_sm1_cfb8,8,&(lvalues[6769]),0},
{"SSF33-CFB1","ssf33-cfb1",NID_ssf33_cfb1,8,&(lvalues[6777]),0},
{"SSF33-CFB8","ssf33-cfb8",NID_ssf33_cfb8,8,&(lvalues[6785]),0},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -2887,6 +2895,8 @@ static const unsigned int sn_objs[NUM_SN]={
674, /* "SHA512" */
1017, /* "SM1-CBC" */
1019, /* "SM1-CFB" */
1045, /* "SM1-CFB1" */
1046, /* "SM1-CFB8" */
1016, /* "SM1-ECB" */
1018, /* "SM1-OFB" */
1043, /* "SM2Sign-with-RMD160" */
@@ -2918,6 +2928,8 @@ static const unsigned int sn_objs[NUM_SN]={
100, /* "SN" */
1021, /* "SSF33-CBC" */
1023, /* "SSF33-CFB" */
1047, /* "SSF33-CFB1" */
1048, /* "SSF33-CFB8" */
1020, /* "SSF33-ECB" */
1022, /* "SSF33-OFB" */
16, /* "ST" */
@@ -4658,6 +4670,8 @@ static const unsigned int ln_objs[NUM_LN]={
1038, /* "sm-scheme" */
1017, /* "sm1-cbc" */
1019, /* "sm1-cfb" */
1045, /* "sm1-cfb1" */
1046, /* "sm1-cfb8" */
1016, /* "sm1-ecb" */
1018, /* "sm1-ofb" */
972, /* "sm2encrypt" */
@@ -4695,6 +4709,8 @@ static const unsigned int ln_objs[NUM_LN]={
1029, /* "sms4-xts" */
1021, /* "ssf33-cbc" */
1023, /* "ssf33-cfb" */
1047, /* "ssf33-cfb1" */
1048, /* "ssf33-cfb8" */
1020, /* "ssf33-ecb" */
1022, /* "ssf33-ofb" */
16, /* "stateOrProvinceName" */
@@ -5191,10 +5207,14 @@ static const unsigned int obj_objs[NUM_OBJ]={
1017, /* OBJ_sm1_cbc 1 2 156 10197 1 102 2 */
1018, /* OBJ_sm1_ofb128 1 2 156 10197 1 102 3 */
1019, /* OBJ_sm1_cfb128 1 2 156 10197 1 102 4 */
1045, /* OBJ_sm1_cfb1 1 2 156 10197 1 102 5 */
1046, /* OBJ_sm1_cfb8 1 2 156 10197 1 102 6 */
1020, /* OBJ_ssf33_ecb 1 2 156 10197 1 103 1 */
1021, /* OBJ_ssf33_cbc 1 2 156 10197 1 103 2 */
1022, /* OBJ_ssf33_ofb128 1 2 156 10197 1 103 3 */
1023, /* OBJ_ssf33_cfb128 1 2 156 10197 1 103 4 */
1047, /* OBJ_ssf33_cfb1 1 2 156 10197 1 103 5 */
1048, /* OBJ_ssf33_cfb8 1 2 156 10197 1 103 6 */
977, /* OBJ_sms4_ecb 1 2 156 10197 1 104 1 */
978, /* OBJ_sms4_cbc 1 2 156 10197 1 104 2 */
981, /* OBJ_sms4_ofb128 1 2 156 10197 1 104 3 */

20
crypto/objects/obj_mac.h
View File

@@ -4322,6 +4322,16 @@
#define NID_sm1_cfb128 1019
#define OBJ_sm1_cfb128 OBJ_sm_scheme,102L,4L
#define SN_sm1_cfb1 "SM1-CFB1"
#define LN_sm1_cfb1 "sm1-cfb1"
#define NID_sm1_cfb1 1045
#define OBJ_sm1_cfb1 OBJ_sm_scheme,102L,5L
#define SN_sm1_cfb8 "SM1-CFB8"
#define LN_sm1_cfb8 "sm1-cfb8"
#define NID_sm1_cfb8 1046
#define OBJ_sm1_cfb8 OBJ_sm_scheme,102L,6L
#define SN_ssf33_ecb "SSF33-ECB"
#define LN_ssf33_ecb "ssf33-ecb"
#define NID_ssf33_ecb 1020
@@ -4342,6 +4352,16 @@
#define NID_ssf33_cfb128 1023
#define OBJ_ssf33_cfb128 OBJ_sm_scheme,103L,4L
#define SN_ssf33_cfb1 "SSF33-CFB1"
#define LN_ssf33_cfb1 "ssf33-cfb1"
#define NID_ssf33_cfb1 1047
#define OBJ_ssf33_cfb1 OBJ_sm_scheme,103L,5L
#define SN_ssf33_cfb8 "SSF33-CFB8"
#define LN_ssf33_cfb8 "ssf33-cfb8"
#define NID_ssf33_cfb8 1048
#define OBJ_ssf33_cfb8 OBJ_sm_scheme,103L,6L
#define SN_sms4_ecb "SMS4-ECB"
#define LN_sms4_ecb "sms4-ecb"
#define NID_sms4_ecb 977

4
crypto/objects/obj_mac.num
View File

@@ -1042,3 +1042,7 @@ sm2sign_with_sha224 1041
sm2sign_with_sha384 1042
sm2sign_with_rmd160 1043
wapip192v1 1044
sm1_cfb1 1045
sm1_cfb8 1046
ssf33_cfb1 1047
ssf33_cfb8 1048

14
crypto/objects/objects.txt
View File

@@ -1243,7 +1243,7 @@ cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Se
# Definitions for Camellia cipher - ECB, CFB, OFB MODE
!Alias ntt-ds 0 3 4401 5
!Alias camellia ntt-ds 3 1 9
!Alias camellia ntt-ds 3 1 9
camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb
!Cname camellia-128-ofb128
@@ -1317,7 +1317,7 @@ ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
1 3 36 3 3 2 8 1 1 11 : brainpoolP384r1
1 3 36 3 3 2 8 1 1 12 : brainpoolP384t1
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
# ECDH schemes from RFC5753
!Alias x9-63-scheme 1 3 133 16 840 63 0
@@ -1371,10 +1371,10 @@ secg-scheme 23 : hmac-half-ecies
secg-scheme 24 0 : cmac-aes128-ecies
secg-scheme 24 1 : cmac-aes192-ecies
# No NID for CBC-MAC
# No NID for CBC-MAC
: CBC-MAC : cbc-mac
# GmSSL SM OID
# GmSSL SM OID
member-body 156 : ISO-CN : ISO CN Member Body
ISO-CN 10197 : oscca
oscca 1 : sm-scheme
@@ -1392,6 +1392,8 @@ sm-scheme 102 2 : SM1-CBC : sm1-cbc
sm-scheme 102 3 : SM1-OFB : sm1-ofb
!Cname sm1-cfb128
sm-scheme 102 4 : SM1-CFB : sm1-cfb
sm-scheme 102 5 : SM1-CFB1 : sm1-cfb1
sm-scheme 102 6 : SM1-CFB8 : sm1-cfb8
sm-scheme 103 1 : SSF33-ECB : ssf33-ecb
sm-scheme 103 2 : SSF33-CBC : ssf33-cbc
@@ -1399,6 +1401,8 @@ sm-scheme 103 2 : SSF33-CBC : ssf33-cbc
sm-scheme 103 3 : SSF33-OFB : ssf33-ofb
!Cname ssf33-cfb128
sm-scheme 103 4 : SSF33-CFB : ssf33-cfb
sm-scheme 103 5 : SSF33-CFB1 : ssf33-cfb1
sm-scheme 103 6 : SSF33-CFB8 : ssf33-cfb8
sm-scheme 104 1 : SMS4-ECB : sms4-ecb
sm-scheme 104 2 : SMS4-CBC : sms4-cbc
@@ -1437,7 +1441,7 @@ sm-scheme 302 3 : sm9encrypt
sm-scheme 401 : SM3 : sm3
sm-scheme 401 2 : HMAC-SM3 : hmac-sm3
sm-scheme 501 : SM2Sign-with-SM3 : sm2sign-with-sm3
sm-scheme 502 : SM2Sign-with-SHA1 : sm2sign-with-sha1
sm-scheme 502 : SM2Sign-with-SHA1 : sm2sign-with-sha1
sm-scheme 503 : SM2Sign-with-SHA256 : sm2sign-with-sha256
sm-scheme 504 : SM2Sign-with-SHA511 : sm2sign-with-sha512
sm-scheme 505 : SM2Sign-with-SHA224 : sm2sign-with-sha224

81
crypto/paillier/Makefile Normal file
View File

@@ -0,0 +1,81 @@
#
# OpenSSL/crypto/paillier/Makefile
#
DIR= paillier
TOP= ../..
CC= cc
CPP= $(CC) -E
INCLUDES=-I.. -I$(TOP) -I../../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
SM3_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)
GENERAL=Makefile
TEST=pailliertest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC=pai_lib.c pai_err.c
LIBOBJ=pai_lib.o pai_err.o
SRC= $(LIBSRC)
EXHEADER= paillier.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.

100
crypto/paillier/pai_err.c Normal file
View File

@@ -0,0 +1,100 @@
/* crypto/paillier/pai_err.c */
/* ====================================================================
* Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/paillier.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PAILLIER,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PAILLIER,0,reason)
static ERR_STRING_DATA PAILLIER_str_functs[] = {
{ERR_FUNC(PAILLIER_F_PAILLIER_CHECK_KEY), "PAILLIER_check_key"},
{ERR_FUNC(PAILLIER_F_PAILLIER_CIPHERTEXT_ADD), "PAILLIER_ciphertext_add"},
{ERR_FUNC(PAILLIER_F_PAILLIER_CIPHERTEXT_SCALAR_MUL),
"PAILLIER_ciphertext_scalar_mul"},
{ERR_FUNC(PAILLIER_F_PAILLIER_DECRYPT), "PAILLIER_decrypt"},
{ERR_FUNC(PAILLIER_F_PAILLIER_ENCRYPT), "PAILLIER_encrypt"},
{ERR_FUNC(PAILLIER_F_PAILLIER_GENERATE_KEY), "PAILLIER_generate_key"},
{ERR_FUNC(PAILLIER_F_PAILLIER_NEW), "PAILLIER_new"},
{0, NULL}
};
static ERR_STRING_DATA PAILLIER_str_reasons[] = {
{ERR_REASON(PAILLIER_R_NOT_IMPLEMENTED), "not implemented"},
{0, NULL}
};
#endif
void ERR_load_PAILLIER_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(PAILLIER_str_functs[0].error) == NULL) {
ERR_load_strings(0, PAILLIER_str_functs);
ERR_load_strings(0, PAILLIER_str_reasons);
}
#endif
}

103
crypto/paillier/pai_lib.c
View File

@@ -0,0 +1,103 @@
/* crypto/paillier/paillier.h */
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/paillier.h>
PAILLIER *PAILLIER_new(void)
{
PAILLIERerr(PAILLIER_F_PAILLIER_NEW, PAILLIER_R_NOT_IMPLEMENTED);
return NULL;
}
void PAILLIER_free(PAILLIER *key)
{
}
int PAILLIER_generate_key(PAILLIER *key, int bits)
{
PAILLIERerr(PAILLIER_F_PAILLIER_GENERATE_KEY, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_check_key(PAILLIER *key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_CHECK_KEY, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_encrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *pub_key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_ENCRYPT, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_decrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *pri_key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_DECRYPT, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_ciphertext_add(BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, PAILLIER *pub_key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_CIPHERTEXT_ADD, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}
int PAILLIER_ciphertext_scalar_mul(BIGNUM *r, unsigned int k,
const BIGNUM *a, PAILLIER *pub_key)
{
PAILLIERerr(PAILLIER_F_PAILLIER_CIPHERTEXT_SCALAR_MUL, PAILLIER_R_NOT_IMPLEMENTED);
return 0;
}

77
crypto/paillier/paillier.h
View File

@@ -1,3 +1,54 @@
/* crypto/paillier/paillier.h */
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#ifndef HEADER_PAILLIER_H
#define HEADER_PAILLIER_H
@@ -28,11 +79,31 @@ int PAILLIER_encrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *pub_key);
int PAILLIER_decrypt(BIGNUM *out, const BIGNUM *in, PAILLIER *pri_key);
int PAILLIER_ciphertext_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, PAILLIER *pub_key);
int PAILLIER_ciphertext_scalar_mul(BIGNUM *r, unsigned int k,
const BIGNUM *a, PAILLIER *pub_key)
const BIGNUM *a, PAILLIER *pub_key);
#ifdef __cplusplus
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_PAILLIER_strings(void);
/* Error codes for the PAILLIER functions. */
/* Function codes. */
# define PAILLIER_F_PAILLIER_CHECK_KEY 100
# define PAILLIER_F_PAILLIER_CIPHERTEXT_ADD 101
# define PAILLIER_F_PAILLIER_CIPHERTEXT_SCALAR_MUL 102
# define PAILLIER_F_PAILLIER_DECRYPT 103
# define PAILLIER_F_PAILLIER_ENCRYPT 104
# define PAILLIER_F_PAILLIER_GENERATE_KEY 105
# define PAILLIER_F_PAILLIER_NEW 106
/* Reason codes. */
# define PAILLIER_R_NOT_IMPLEMENTED 100
#ifdef __cplusplus
}
#endif
#endif

58
crypto/paillier/pailliertest.c Normal file
View File

@@ -0,0 +1,58 @@
/* crypto/paillier/paillier.h */
/* ====================================================================
* Copyright (c) 2015 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/paillier.h>
int main(int argc, char **argv)
{
return -1;
}

23
crypto/skf/skf_dev.c
View File

@@ -133,3 +133,26 @@ ULONG DEVAPI SKF_GetDevInfo(DEVHANDLE hDev,
return SAR_OK;
}
int SKF_print_dev_info(DEVINFO *devInfo)
{
printf("Device Info:\n");
printf(" Device Version : %d.%d\n", devInfo->Version.major, devInfo->Version.minor);
printf(" Manufacturer : %s\n", devInfo->Manufacturer);
printf(" Issuer : %s\n", devInfo->Issuer);
printf(" Label : %s\n", devInfo->Label);
printf(" Serial Number : %s\n", devInfo->SerialNumber);
printf(" Hardware Version : %d.%d\n", devInfo->HWVersion.major, devInfo->HWVersion.minor);
printf(" Firmware Version : %d.%d\n", devInfo->FirmwareVersion.major, devInfo->FirmwareVersion.minor);
printf(" AlgSymCap : 0x%08x\n", devInfo->AlgSymCap);
printf(" AlgAsymCap : 0x%08x\n", devInfo->AlgAsymCap);
printf(" AlgHashCap : 0x%08x\n", devInfo->AlgHashCap);
printf(" AlgHashCap : 0x%08x\n", devInfo->DevAuthAlgId);
printf(" Total Space : %u\n", devInfo->TotalSpace);
printf(" Free Space : %u\n", devInfo->FreeSpace);
printf(" MaxECCBuffer : %u\n", devInfo->MaxECCBufferSize);
printf(" MaxBuffer : %u\n", devInfo->MaxBufferSize);
return 1;
}

4
crypto/skf/skf_errstr.c
View File

@@ -110,7 +110,7 @@ skf_errinfo skf_errstr[] = {
{ SAR_FILE_NOT_EXIST, "File not exist" }
};
LPSTR DEVAPI SKF_GetErrorString(ULONG ulError)
char *SKF_get_errstr(ULONG ulError)
{
int i;
for (i = 0; i < sizeof(skf_errstr)/sizeof(skf_errstr[0]); i++) {
@@ -121,3 +121,5 @@ LPSTR DEVAPI SKF_GetErrorString(ULONG ulError)
return (LPSTR)"(undef)";
}

3
crypto/skf/skf_ex.h
View File

@@ -64,6 +64,8 @@
extern "C" {
#endif
int SKF_print_dev_info(DEVINFO *devInfo);
char *SKF_get_errstr(ULONG ulError);
RSA *RSA_new_from_RSAPUBLICKEYBLOB(const RSAPUBLICKEYBLOB *blob);
RSA *RSA_new_from_RSAPRIVATEKEYBLOB(const RSAPRIVATEKEYBLOB *blob);
@@ -87,6 +89,7 @@ ECDSA_SIG *ECDSA_SIG_new_from_ECCSIGNATUREBLOB(const ECCSIGNATUREBLOB *blob);
int ECDSA_SIG_get_ECCSIGNATUREBLOB(const ECDSA_SIG *sig, ECCSIGNATUREBLOB *blob);
int ECDSA_SIG_set_ECCSIGNATUREBLOB(ECDSA_SIG *sig, const ECCSIGNATUREBLOB *blob);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes

12
crypto/sm2/sm2.h
View File

@@ -224,6 +224,7 @@ void ERR_load_SM2_strings(void);
# define SM2_F_SM2_CIPHERTEXT_VALUE_DECODE 100
# define SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE 101
# define SM2_F_SM2_CIPHERTEXT_VALUE_FREE 102
# define SM2_F_SM2_CIPHERTEXT_VALUE_NEW 125
# define SM2_F_SM2_CIPHERTEXT_VALUE_PRINT 103
# define SM2_F_SM2_CIPHERTEXT_VALUE_SIZE 104
# define SM2_F_SM2_COMPUTE_ID_DIGEST 105
@@ -234,6 +235,7 @@ void ERR_load_SM2_strings(void);
# define SM2_F_SM2_DO_SIGN_EX 110
# define SM2_F_SM2_DO_VERIFY 111
# define SM2_F_SM2_ENCRYPT 112
# define SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED 126
# define SM2_F_SM2_GET_ID 113
# define SM2_F_SM2_KAP_COMPUTE_KEY 114
# define SM2_F_SM2_KAP_CTX_CLEANUP 115
@@ -251,13 +253,23 @@ void ERR_load_SM2_strings(void);
# define SM2_R_BAD_DATA 100
# define SM2_R_BAD_SIGNATURE 101
# define SM2_R_BUFFER_TOO_SMALL 102
# define SM2_R_CIPHERTEXT_ENCODE_FAILED 115
# define SM2_R_DECRYPT_FAILED 103
# define SM2_R_ECDH_FAILED 104
# define SM2_R_ENCRYPT_FAILED 105
# define SM2_R_ERROR 106
# define SM2_R_GEN_MAC_FAILED 107
# define SM2_R_GET_CIPHERTEXT_SIZE_FAILED 116
# define SM2_R_GET_KDF_FAILED 117
# define SM2_R_INNOR_ERROR 118
# define SM2_R_INVALID_EC_KEY 119
# define SM2_R_MALLOC_FAILED 120
# define SM2_R_MISSING_PARAMETERS 108
# define SM2_R_NEED_NEW_SETUP_VALUES 109
# define SM2_R_NULL_ARGUMENT 121
# define SM2_R_OCT2POINT_FAILED 122
# define SM2_R_POINT2OCT_FAILED 123
# define SM2_R_POINT_NEW_FAILED 124
# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 110
# define SM2_R_SM2_KAP_NOT_INITED 111
# define SM2_R_UNKNOWN_CIPHER_TYPE 112

84
crypto/sm2/sm2_enc.c
View File

@@ -59,7 +59,8 @@
#include <openssl/ecdsa.h>
#include <openssl/rand.h>
#include <openssl/kdf.h>
#include "sm2.h"
#include <openssl/sm2.h>
#include "../o_str.h"
int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *group,
const SM2_ENC_PARAMS *params, size_t mlen)
@@ -70,15 +71,15 @@ int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *group,
if (!(ec_key = EC_KEY_new())) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
if (!EC_KEY_set_group(ec_key, group)) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
if (!EC_KEY_generate_key(ec_key)) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE, ERR_R_EC_LIB);
goto end;
}
@@ -97,7 +98,22 @@ end:
SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new(const EC_GROUP *group)
{
return NULL;
SM2_CIPHERTEXT_VALUE *cv;
if (!(cv = OPENSSL_malloc(sizeof(*cv)))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_NEW, SM2_R_MALLOC_FAILED);
return NULL;
}
bzero(cv, sizeof(*cv));
if (!(cv->ephem_point = EC_POINT_new(group))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_NEW, SM2_R_POINT_NEW_FAILED);
OPENSSL_free(cv);
return NULL;
}
return cv;
}
void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv)
@@ -116,14 +132,19 @@ int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv,
BN_CTX *bn_ctx = BN_CTX_new();
size_t ptlen, cvlen;
OPENSSL_assert(cv);
OPENSSL_assert(ec_group);
OPENSSL_assert(buf);
OPENSSL_assert(cv->ephem_point);
if (!bn_ctx) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, ERR_R_BN_LIB);
return 0;
}
if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point,
params->point_form, NULL, 0, bn_ctx))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_POINT2OCT_FAILED);
goto end;
}
cvlen = ptlen + cv->ciphertext_size + cv->mactag_size;
@@ -134,13 +155,13 @@ int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv,
goto end;
} else if (*buflen < cvlen) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_BUFFER_TOO_SMALL);
goto end;
}
if (!(ptlen = EC_POINT_point2oct(ec_group, cv->ephem_point,
params->point_form, buf, *buflen, bn_ctx))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE, SM2_R_POINT2OCT_FAILED);
goto end;
}
buf += ptlen;
@@ -168,21 +189,22 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
int fixlen;
if (!bn_ctx) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, ERR_R_BN_LIB);
return NULL;
}
if (!(fixlen = SM2_CIPHERTEXT_VALUE_size(ec_group, params, 0))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_GET_CIPHERTEXT_SIZE_FAILED);
goto end;
}
if (buflen <= fixlen) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_BUFFER_TOO_SMALL);
goto end;
}
if (!(ret = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_MALLOC_FAILED);
goto end;
}
@@ -190,13 +212,13 @@ SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(
ret->ciphertext_size = buflen - fixlen;
ret->ciphertext = OPENSSL_malloc(ret->ciphertext_size);
if (!ret->ephem_point || !ret->ciphertext) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_INNOR_ERROR);
goto end;
}
ptlen = fixlen - SM2_ENC_PARAMS_mactag_size(params);
if (!EC_POINT_oct2point(ec_group, ret->ephem_point, buf, ptlen, bn_ctx)) {
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_ERROR);
SM2err(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE, SM2_R_OCT2POINT_FAILED);
goto end;
}
@@ -274,18 +296,20 @@ int SM2_encrypt(const SM2_ENC_PARAMS *params,
return 1;
} else if (*outlen < (size_t)len) {
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_BUFFER_TOO_SMALL);
return 0;
}
if (!(cv = SM2_do_encrypt(params, in, inlen, ec_key))) {
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ERROR);
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ENCRYPT_FAILED);
goto end;
}
if (!SM2_CIPHERTEXT_VALUE_encode(cv, ec_group, params, out, outlen)) {
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_ERROR);
SM2err(SM2_F_SM2_ENCRYPT, SM2_R_CIPHERTEXT_ENCODE_FAILED);
goto end;
}
ret = 1;
end:
if (cv) SM2_CIPHERTEXT_VALUE_free(cv);
@@ -315,15 +339,17 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
int i;
if (!ec_group || !pub_key) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_INVALID_EC_KEY);
goto end;
}
if (!kdf) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_GET_KDF_FAILED);
goto end;
}
/* init ciphertext_value */
if (!(cv = OPENSSL_malloc(sizeof(SM2_CIPHERTEXT_VALUE)))) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_MALLOC_FAILED);
goto end;
}
bzero(cv, sizeof(SM2_CIPHERTEXT_VALUE));
@@ -364,13 +390,13 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
BN_rand_range(k, n);
} while (BN_is_zero(k));
/* A2: C1 = [k]G = (x1, y1) */
if (!EC_POINT_mul(ec_group, cv->ephem_point, k, NULL, NULL, bn_ctx)) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
goto end;
}
/* A3: check [h]P_B != O */
if (!EC_POINT_mul(ec_group, point, NULL, pub_key, h, bn_ctx)) {
SM2err(SM2_F_SM2_DO_ENCRYPT, SM2_R_ERROR);
@@ -392,7 +418,7 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const SM2_ENC_PARAMS *params,
goto end;
}
OPENSSL_assert(len == nbytes * 2 + 1);
/* A5: t = KDF(x2 || y2, klen) */
kdf(buf + 1, len - 1, cv->ciphertext, &cv->ciphertext_size);
@@ -644,11 +670,11 @@ int SM2_do_decrypt(const SM2_ENC_PARAMS *params,
ret = 1;
end:
if (point) EC_POINT_free(point);
if (n) BN_free(n);
if (h) BN_free(h);
if (bn_ctx) BN_CTX_free(bn_ctx);
if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
EC_POINT_free(point);
BN_free(n);
BN_free(h);
BN_CTX_free(bn_ctx);
EVP_MD_CTX_destroy(md_ctx);
return ret;
}
@@ -656,13 +682,15 @@ end:
int SM2_ENC_PARAMS_init_with_recommended(SM2_ENC_PARAMS *params)
{
if (!params) {
SM2err(SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED,
SM2_R_NULL_ARGUMENT);
return 0;
}
params->kdf_md = EVP_sm3();
params->mac_md = EVP_sm3();
params->mactag_size = -1;
params->point_form = POINT_CONVERSION_UNCOMPRESSED;
return 1;
return 1;
}
int SM2_encrypt_with_recommended(unsigned char *out, size_t *outlen,
@@ -678,7 +706,7 @@ int SM2_decrypt_with_recommended(unsigned char *out, size_t *outlen,
{
SM2_ENC_PARAMS params;
SM2_ENC_PARAMS_init_with_recommended(&params);
return SM2_decrypt(&params, out, outlen, in, inlen, ec_key);
return SM2_decrypt(&params, out, outlen, in, inlen, ec_key);
}
int SM2_encrypt_elgamal(unsigned char *out, size_t *outlen,

14
crypto/sm2/sm2_err.c
View File

@@ -75,6 +75,7 @@ static ERR_STRING_DATA SM2_str_functs[] = {
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE),
"SM2_CIPHERTEXT_VALUE_encode"},
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_FREE), "SM2_CIPHERTEXT_VALUE_free"},
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_NEW), "SM2_CIPHERTEXT_VALUE_new"},
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_PRINT), "SM2_CIPHERTEXT_VALUE_print"},
{ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE), "SM2_CIPHERTEXT_VALUE_size"},
{ERR_FUNC(SM2_F_SM2_COMPUTE_ID_DIGEST), "SM2_compute_id_digest"},
@@ -85,6 +86,8 @@ static ERR_STRING_DATA SM2_str_functs[] = {
{ERR_FUNC(SM2_F_SM2_DO_SIGN_EX), "SM2_do_sign_ex"},
{ERR_FUNC(SM2_F_SM2_DO_VERIFY), "SM2_do_verify"},
{ERR_FUNC(SM2_F_SM2_ENCRYPT), "SM2_encrypt"},
{ERR_FUNC(SM2_F_SM2_ENC_PARAMS_INIT_WITH_RECOMMENDED),
"SM2_ENC_PARAMS_init_with_recommended"},
{ERR_FUNC(SM2_F_SM2_GET_ID), "SM2_GET_ID"},
{ERR_FUNC(SM2_F_SM2_KAP_COMPUTE_KEY), "SM2_KAP_compute_key"},
{ERR_FUNC(SM2_F_SM2_KAP_CTX_CLEANUP), "SM2_KAP_CTX_cleanup"},
@@ -104,13 +107,24 @@ static ERR_STRING_DATA SM2_str_reasons[] = {
{ERR_REASON(SM2_R_BAD_DATA), "bad data"},
{ERR_REASON(SM2_R_BAD_SIGNATURE), "bad signature"},
{ERR_REASON(SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SM2_R_CIPHERTEXT_ENCODE_FAILED), "ciphertext encode failed"},
{ERR_REASON(SM2_R_DECRYPT_FAILED), "decrypt failed"},
{ERR_REASON(SM2_R_ECDH_FAILED), "ecdh failed"},
{ERR_REASON(SM2_R_ENCRYPT_FAILED), "encrypt failed"},
{ERR_REASON(SM2_R_ERROR), "error"},
{ERR_REASON(SM2_R_GEN_MAC_FAILED), "gen mac failed"},
{ERR_REASON(SM2_R_GET_CIPHERTEXT_SIZE_FAILED),
"get ciphertext size failed"},
{ERR_REASON(SM2_R_GET_KDF_FAILED), "get kdf failed"},
{ERR_REASON(SM2_R_INNOR_ERROR), "innor error"},
{ERR_REASON(SM2_R_INVALID_EC_KEY), "invalid ec key"},
{ERR_REASON(SM2_R_MALLOC_FAILED), "malloc failed"},
{ERR_REASON(SM2_R_MISSING_PARAMETERS), "missing parameters"},
{ERR_REASON(SM2_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
{ERR_REASON(SM2_R_NULL_ARGUMENT), "null argument"},
{ERR_REASON(SM2_R_OCT2POINT_FAILED), "oct2point failed"},
{ERR_REASON(SM2_R_POINT2OCT_FAILED), "point2oct failed"},
{ERR_REASON(SM2_R_POINT_NEW_FAILED), "point new failed"},
{ERR_REASON(SM2_R_RANDOM_NUMBER_GENERATION_FAILED),
"random number generation failed"},
{ERR_REASON(SM2_R_SM2_KAP_NOT_INITED), "sm2 kap not inited"},

1
crypto/sm2/sm2_sign.c
View File

@@ -478,7 +478,6 @@ int SM2_sign_ex(int type, const unsigned char *dgst, int dgstlen,
int SM2_sign(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen, EC_KEY *ec_key)
{
fprintf(stderr, "%s %d %s() executed\n", __FILE__, __LINE__, __FUNCTION__);
return SM2_sign_ex(type, dgst, dgstlen, sig, siglen, NULL, NULL, ec_key);
}

28
crypto/sm2/sm2test.c
View File

@@ -764,7 +764,7 @@ int test_evp_pkey_sign(EVP_PKEY *pkey, int do_sm2, int verbose)
}
if (verbose) {
printf("test %s signing passed\n", OBJ_nid2sn(type));
printf("%s(%s) passed\n", __FUNCTION__, OBJ_nid2sn(type));
}
ret = 1;
@@ -842,7 +842,7 @@ int test_evp_pkey_encrypt(EVP_PKEY *pkey, int do_sm2, int verbose)
}
if (verbose) {
printf("test %s encryption passed\n", OBJ_nid2sn(type));
printf("%s(%s) passed\n", __FUNCTION__, OBJ_nid2sn(type));
}
ret = 1;
@@ -889,7 +889,7 @@ int test_evp_pkey_encrypt_old(EVP_PKEY *pkey, int verbose)
}
if (verbose) {
printf("EVP_PKEY_encrypt_old() passed!\n");
printf("%s() passed!\n", __FUNCTION__);
}
ret = 1;
@@ -952,7 +952,7 @@ int test_evp_sign(EVP_PKEY *pkey, const EVP_MD *md, int verbose)
}
if (verbose) {
printf("EVP_SignInit/Update/Final() passed\n");
printf("%s() passed\n", __FUNCTION__);
}
ret = 1;
@@ -1023,7 +1023,7 @@ int test_evp_digestsign(EVP_PKEY *pkey, int do_sm2, const EVP_MD *md, int verbos
}
if (verbose) {
printf("EVP_DigestSignInit/Update/Final() passed\n");
printf("%s() passed\n", __FUNCTION__);
}
ret = 1;
@@ -1033,7 +1033,7 @@ end:
}
#define NUM_PKEYS 3
#define MAX_PKEY_SIZE 256
#define MAX_PKEY_SIZE 1024
int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
{
@@ -1041,7 +1041,7 @@ int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
EVP_PKEY *pkey[NUM_PKEYS] = {0};
EVP_CIPHER_CTX *cctx = NULL;
unsigned char iv[16];
unsigned char ek[NUM_PKEYS][MAX_PKEY_SIZE];
unsigned char *ek[NUM_PKEYS] = {0};
int ekl[NUM_PKEYS];
unsigned char msg1[] = "Hello ";
unsigned char msg2[] = "World!";
@@ -1052,8 +1052,12 @@ int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
for (i = 0; i < NUM_PKEYS; i++) {
pkey[i] = genpkey(curve_id, out, verbose);
if (!(pkey[i] = genpkey(curve_id, out, verbose))) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
ekl[i] = MAX_PKEY_SIZE;
ek[i] = OPENSSL_malloc(ekl[i]);
}
RAND_bytes(iv, sizeof(iv));
@@ -1062,8 +1066,7 @@ int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
goto end;
}
if (NUM_PKEYS != EVP_SealInit(cctx, cipher, ek, ekl, iv, pkey, NUM_PKEYS)) {
ERR_print_errors_fp(stderr);
if ((i = EVP_SealInit(cctx, cipher, ek, ekl, iv, pkey, NUM_PKEYS)) != NUM_PKEYS) {
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
goto end;
}
@@ -1141,7 +1144,7 @@ int test_evp_seal(int curve_id, const EVP_CIPHER *cipher, BIO *out, int verbose)
}
if (verbose) {
BIO_printf(out, "EVP_SealInit/Update/Final() passed!\n");
BIO_printf(out, "%s() passed!\n", __FUNCTION__);
}
ret = 1;
@@ -1150,6 +1153,7 @@ end:
EVP_CIPHER_CTX_free(cctx);
for (i = 0; i < NUM_PKEYS; i++) {
EVP_PKEY_free(pkey[i]);
OPENSSL_free(ek[i]);
}
return ret;
}
@@ -1250,7 +1254,7 @@ int main(int argc, char **argv)
goto err;
}
if (!test_sm2_evp(2)) {
if (!test_sm2_evp(1)) {
goto err;
}

2
crypto/sms4/sms4.h
View File

@@ -98,7 +98,7 @@ int sms4_unwrap_key(sms4_key_t *key, const unsigned char *iv,
typedef struct {
sms4_key_t k1;
sms4_key_t k2;
sms4_key_t k2;
} sms4_ede_key_t;
void sms4_ede_set_encrypt_key(sms4_ede_key_t *key, const unsigned char *user_key);