mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-26 23:23:40 +08:00
Bug fix
Thanks to github.com/Jkinglyf
This commit is contained in:
Zhi Guan
@@ -38,6 +38,7 @@ LIBSRC= e_4758cca.c \
|
||||
e_sureware.c \
|
||||
e_ubsec.c \
|
||||
e_padlock.c \
|
||||
e_skf.c \
|
||||
e_capi.c
|
||||
LIBOBJ= e_4758cca.o \
|
||||
e_aep.o \
|
||||
@@ -49,6 +50,7 @@ LIBOBJ= e_4758cca.o \
|
||||
e_sureware.o \
|
||||
e_ubsec.o \
|
||||
e_padlock.o \
|
||||
e_skf.o \
|
||||
e_capi.o
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
@@ -63,6 +65,7 @@ HEADER= e_4758cca_err.c e_4758cca_err.h \
|
||||
e_nuron_err.c e_nuron_err.h \
|
||||
e_sureware_err.c e_sureware_err.h \
|
||||
e_ubsec_err.c e_ubsec_err.h \
|
||||
e_skf_err.c e_skf_err.h \
|
||||
e_capi_err.c e_capi_err.h
|
||||
|
||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||
|
||||
409
engines/e_skf.c
409
engines/e_skf.c
@@ -52,6 +52,8 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/obj_mac.h>
|
||||
@@ -69,17 +71,8 @@
|
||||
static DEVHANDLE hDev = NULL;
|
||||
static HAPPLICATION hApp = NULL;
|
||||
static HCONTAINER hContainer = NULL;
|
||||
|
||||
static int authkey_set = 0;
|
||||
static unsigned char authkey[16];
|
||||
static int userpin_set = 0;
|
||||
static char userpin[64];
|
||||
|
||||
static int skf_init(ENGINE *e);
|
||||
static int skf_finish(ENGINE *e);
|
||||
static int skf_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
|
||||
static int skf_destroy(ENGINE *e);
|
||||
|
||||
static int isDevAuthenticated = 0;
|
||||
static int isPinVerified = 0;
|
||||
|
||||
#define SKF_CMD_SO_PATH ENGINE_CMD_BASE
|
||||
#define SKF_CMD_OPEN_DEV (ENGINE_CMD_BASE + 1)
|
||||
@@ -95,102 +88,199 @@ static const ENGINE_CMD_DEFN skf_cmd_defns[] = {
|
||||
ENGINE_CMD_FLAG_STRING},
|
||||
{SKF_CMD_OPEN_DEV,
|
||||
"OPEN_DEVICE",
|
||||
"Open SKF device with device name",
|
||||
"Connect SKF device with device name",
|
||||
ENGINE_CMD_FLAG_STRING},
|
||||
{SKF_CMD_DEV_AUTH,
|
||||
"DEV_AUTH",
|
||||
"Device authentication with authentication key",
|
||||
"Authenticate to device with authentication key",
|
||||
ENGINE_CMD_FLAG_STRING},
|
||||
{SKF_CMD_OPEN_APP,
|
||||
"OPEN_APP",
|
||||
"Open application with specified name",
|
||||
"Open application with specified application name",
|
||||
ENGINE_CMD_FLAG_STRING},
|
||||
{SKF_CMD_VERIFY_PIN,
|
||||
"VERIFY_PIN",
|
||||
"Specifies user's PIN of the application to open",
|
||||
"Authenticate to application with USER PIN",
|
||||
ENGINE_CMD_FLAG_STRING},
|
||||
{SKF_CMD_OPEN_CONTAINER,
|
||||
"OPEN_CONTAINER",
|
||||
"Open container wtith specified name",
|
||||
"Open container with specified container name",
|
||||
ENGINE_CMD_FLAG_STRING},
|
||||
{0, NULL, NULL, 0},
|
||||
};
|
||||
|
||||
|
||||
int set_authkey(const char *authkey_hex)
|
||||
{
|
||||
ESKFerr(ESKF_F_SET_AUTHKEY, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int set_userpin(const char *pin)
|
||||
{
|
||||
if (strlen(pin) > sizeof(userpin)) {
|
||||
return 0;
|
||||
}
|
||||
strcpy(userpin, pin);
|
||||
|
||||
ESKFerr(ESKF_F_SET_USERPIN, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int open_dev(const char *devname)
|
||||
static int open_dev(const char *devname)
|
||||
{
|
||||
ULONG rv;
|
||||
DEVINFO devInfo;
|
||||
|
||||
if ((rv = SKF_ConnectDev(devname, &hDev)) != SAR_OK) {
|
||||
goto end;
|
||||
if (hDev) {
|
||||
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_DEV_ALREADY_CONNECTED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((rv = SKF_ConnectDev((LPSTR)devname, &hDev)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_SKF_CONNECT_DEV_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) {
|
||||
goto end;
|
||||
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_SKF_GET_DEV_INFO_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((rv = SKF_GenRandom(hDev, authRand, sizeof(authRand))) != SAR_OK) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* Encrypt(authRand, authData, authKey) */
|
||||
|
||||
if ((rv = SKF_DevAuth(hDev, authData, len)) != SAR_OK) {
|
||||
fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__);
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int open_app(const char *appname)
|
||||
static int dev_auth(const char *hexauthkey)
|
||||
{
|
||||
if ((rv = SKF_OpenApplication(hDev, appName, &hApp)) != SAR_OK) {
|
||||
goto end;
|
||||
int ret = 0;
|
||||
ULONG rv;
|
||||
const EVP_CIPHER *cipher = EVP_sms4_ecb();
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
unsigned char authkey[EVP_MAX_KEY_LENGTH];
|
||||
unsigned char authrand[SMS4_BLOCK_SIZE];
|
||||
unsigned char authdata[SMS4_BLOCK_SIZE];
|
||||
unsigned int len;
|
||||
|
||||
if (!hDev) {
|
||||
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_DEV_IS_NOT_CONNECTED);
|
||||
return 0;
|
||||
}
|
||||
if ((rv = SKF_VerifyPIN(hApp, USER_TYPE, pin, &retryCount)) != SAR_OK) {
|
||||
|
||||
if (!isDevAuthenticated) {
|
||||
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_DEV_ALREADY_AUTHENTICATED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
len = 16; //FIXME: or 8?
|
||||
bzero(authrand, sizeof(authrand));
|
||||
if ((rv = SKF_GenRandom(hDev, authrand, len)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_SKF_GEN_RANDOM_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 0;
|
||||
if (!(ctx = EVP_CIPHER_CTX_new())) {
|
||||
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_EncryptInit(ctx, cipher, authkey, NULL)) {
|
||||
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_Cipher(ctx, authdata, authrand, sizeof(authrand))) {
|
||||
ESKFerr(ESKF_F_DEV_AUTH, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((rv = SKF_DevAuth(hDev, authdata, sizeof(authdata))) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_DEV_AUTH, ESKF_R_SKF_DEV_AUTH_FAILED);
|
||||
goto end;
|
||||
}
|
||||
|
||||
isDevAuthenticated = 1;
|
||||
ret = 1;
|
||||
end:
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int open_container(const char *containername)
|
||||
static int open_app(const char *appname)
|
||||
{
|
||||
if ((rv = SKF_OpenContainer(hApp, containerName, &hContainer)) != SAR_OK) {
|
||||
goto end;
|
||||
}
|
||||
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
|
||||
goto end;
|
||||
}
|
||||
if (containerType != CONTAINER_TYPE_ECC) {
|
||||
goto end;
|
||||
ULONG rv;
|
||||
|
||||
if (!hDev) {
|
||||
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_DEV_NOT_CONNECTED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 0;
|
||||
if (!isDevAuthenticated) {
|
||||
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_DEV_NOT_AUTHENTICATED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (hApp) {
|
||||
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_APP_ALREADY_OPENED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((rv = SKF_OpenApplication(hDev, (LPSTR)appname, &hApp)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_OPEN_APP, ESKF_R_SKF_OPEN_APPLICATION_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int verify_pin(const char *userpin)
|
||||
{
|
||||
ULONG rv;
|
||||
ULONG retryCount;
|
||||
|
||||
if (!hDev) {
|
||||
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_DEV_NOT_CONNECTED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!isDevAuthenticated) {
|
||||
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_DEV_NOT_AUTHENCATED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!hApp) {
|
||||
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_APP_NOT_OPENED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((rv = SKF_VerifyPIN(hApp, USER_TYPE, (LPSTR)userpin, &retryCount)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_VERIFY_PIN, ESKF_R_SKF_VERIFY_PIN_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
isPinVerified = 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int open_container(const char *containername)
|
||||
{
|
||||
ULONG rv;
|
||||
|
||||
if (!hDev) {
|
||||
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_DEV_NOT_CONNECTED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!isDevAuthenticated) {
|
||||
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_DEV_NOT_AUTHENTICATED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!hApp) {
|
||||
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_APP_NOT_OPENED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!isPinVerified) {
|
||||
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_PIN_NOT_VERIFIED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (hContainer) {
|
||||
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_CONTAINER_ALREADY_OPENED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((rv = SKF_OpenContainer(hApp, (LPSTR)containername, &hContainer)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_OPEN_CONTAINER, ESKF_R_SKF_OPEN_CONTAINER_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
*/
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int skf_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
|
||||
@@ -206,11 +296,9 @@ static int skf_engine_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
|
||||
return verify_pin(p);
|
||||
case SKF_CMD_OPEN_CONTAINER:
|
||||
return open_container(p);
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
ESKFerr(ESKF_F_SKF_ENGINE_CTRL, ESKF_R_NOT_IMPLEMENTED);
|
||||
ESKFerr(ESKF_F_SKF_ENGINE_CTRL, ESKF_R_INVALID_CTRL_CMD);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -220,65 +308,76 @@ static EVP_PKEY *skf_load_pubkey(ENGINE *e, const char *key_id,
|
||||
ULONG rv, len;
|
||||
EVP_PKEY *ret = NULL;
|
||||
EC_KEY *ec_key = NULL;
|
||||
ECCPUBLICKEYBLOB blob;
|
||||
BIGNUM *x = NULL;
|
||||
BIGNUM *y = NULL;
|
||||
int nbytes;
|
||||
RSA *rsa = NULL;
|
||||
ECCPUBLICKEYBLOB eccblob;
|
||||
RSAPUBLICKEYBLOB rsablob;
|
||||
ULONG containerType;
|
||||
|
||||
len = sizeof(blob);
|
||||
if ((rv = SKF_ExportPublicKey(hContainer, TRUE, &blob, &len)) != SAR_OK) {
|
||||
goto end;
|
||||
if (!hContainer) {
|
||||
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_CONTAINER_NOT_OPENED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) {
|
||||
goto end;
|
||||
}
|
||||
if (EC_KEY_get_degree(ec_key) != blob.BitLen) {
|
||||
goto end;
|
||||
}
|
||||
nbytes = (blob.BitLen + 7)/8;
|
||||
if (!(x = BN_bin2bn(&(blob.XCoordinate), nbytes, NULL))) {
|
||||
goto end;
|
||||
}
|
||||
if (!(y = BN_bin2bn(&(blob.YCoordinate), nbytes, NULL))) {
|
||||
goto end;
|
||||
}
|
||||
if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x, y)) {
|
||||
goto end;
|
||||
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(ret = EVP_PKEY_new())) {
|
||||
goto end;
|
||||
if (containerType == CONTAINER_TYPE_ECC) {
|
||||
len = sizeof(eccblob);
|
||||
if ((rv = SKF_ExportPublicKey(hContainer, TRUE, (BYTE *)&eccblob, &len)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED);
|
||||
return 0;
|
||||
}
|
||||
if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(&eccblob))) {
|
||||
return 0;
|
||||
}
|
||||
EVP_PKEY_set1_EC_KEY(ret, ec_key);
|
||||
ec_key = NULL;
|
||||
|
||||
} else if (containerType == CONTAINER_TYPE_RSA) {
|
||||
len = sizeof(rsablob);
|
||||
if ((rv = SKF_ExportPublicKey(hContainer, TRUE, (BYTE *)&rsablob, &len)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED);
|
||||
return 0;
|
||||
}
|
||||
if (!(rsa = RSA_new_from_RSAPUBLICKEYBLOB(&rsablob))) {
|
||||
return 0;
|
||||
}
|
||||
EVP_PKEY_set1_RSA(ret, rsa);
|
||||
rsa = NULL;
|
||||
|
||||
} else {
|
||||
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_INVALID_CONTAINER_TYPE);
|
||||
return 0;
|
||||
}
|
||||
//EVP_PKEY_assign_SM2(ret, ec_key);
|
||||
|
||||
end:
|
||||
EC_KEY_free(ec_key);
|
||||
BN_free(x);
|
||||
BN_free(y)
|
||||
|
||||
ESKFerr(ESKF_F_SKF_LOAD_PUBKEY, ESKF_R_NOT_IMPLEMENTED);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int skf_init(ENGINE *e)
|
||||
{
|
||||
|
||||
ESKFerr(ESKF_F_SKF_INIT, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int skf_finish(ENGINE *e)
|
||||
{
|
||||
ULONG rv;
|
||||
|
||||
ESKFerr(ESKF_F_SKF_FINISH, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 0;
|
||||
if (hDev) {
|
||||
if ((rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_FINISH, ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int skf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
{
|
||||
EVP_SKF_KEY *dat = (EVP_SKF_KEY *)ctx->cipher_data;
|
||||
ULONG rv;
|
||||
ULONG ulAlgID;
|
||||
|
||||
switch (EVP_CIPHER_CTX_nid(ctx)) {
|
||||
@@ -326,19 +425,19 @@ static int skf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((rv = SKF_SetSymmKey(skf_dev_handle, (BYTE *)key, ulAlgID,
|
||||
&(dat->hKey))) != SAR_OK) {
|
||||
if ((rv = SKF_SetSymmKey(hDev, (BYTE *)key, ulAlgID,
|
||||
(HANDLE *)&(ctx->cipher_data))) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_INIT_KEY, ESKF_R_SKF_SET_SYMMKEY_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_INIT_KEY, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
const unsigned char *in, size_t len)
|
||||
{
|
||||
/*
|
||||
ULONG rv;
|
||||
EVP_SKF_KEY *dat = (EVP_SKF_KEY *)ctx->cipher_data;
|
||||
BLOCKCIPHERPARAM param;
|
||||
@@ -386,15 +485,12 @@ static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_CIPHER, ESKF_R_NOT_IMPLEMENTED);
|
||||
*/
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
#define BLOCK_CIPHER_generic(cipher,mode,MODE) \
|
||||
static const EVP_CIPHER skf_##cipher##_##mode = { \
|
||||
NID_##cipher##_##mode, \
|
||||
@@ -403,22 +499,28 @@ static const EVP_CIPHER skf_##cipher##_##mode = { \
|
||||
skf_init_key, \
|
||||
skf_cipher, \
|
||||
NULL, \
|
||||
sizeof(EVP_SKF_KEY), \
|
||||
sizeof(HANDLE), \
|
||||
NULL,NULL,NULL,NULL };
|
||||
|
||||
|
||||
BLOCK_CIPHER_generic(ssf33,ecb,ECB)
|
||||
BLOCK_CIPHER_generic(ssf33,cbc,CBC)
|
||||
BLOCK_CIPHER_generic(ssf33,cfb,CFB)
|
||||
BLOCK_CIPHER_generic(ssf33,ofb,OFB)
|
||||
BLOCK_CIPHER_generic(ssf33,cfb1,CFB)
|
||||
BLOCK_CIPHER_generic(ssf33,cfb8,CFB)
|
||||
BLOCK_CIPHER_generic(ssf33,cfb128,CFB)
|
||||
BLOCK_CIPHER_generic(ssf33,ofb128,OFB)
|
||||
BLOCK_CIPHER_generic(sm1,ecb,ECB)
|
||||
BLOCK_CIPHER_generic(sm1,cbc,CBC)
|
||||
BLOCK_CIPHER_generic(sm1,cfb,CFB)
|
||||
BLOCK_CIPHER_generic(sm1,ofb,OFB)
|
||||
BLOCK_CIPHER_generic(sm4,ecb,ECB)
|
||||
BLOCK_CIPHER_generic(sm4,cbc,CBC)
|
||||
BLOCK_CIPHER_generic(sm4,cfb,CFB)
|
||||
BLOCK_CIPHER_generic(sm4,ofb,OFB)
|
||||
BLOCK_CIPHER_generic(sm1,cfb1,CFB)
|
||||
BLOCK_CIPHER_generic(sm1,cfb8,CFB)
|
||||
BLOCK_CIPHER_generic(sm1,cfb128,CFB)
|
||||
BLOCK_CIPHER_generic(sm1,ofb128,OFB)
|
||||
BLOCK_CIPHER_generic(sms4,ecb,ECB)
|
||||
BLOCK_CIPHER_generic(sms4,cbc,CBC)
|
||||
BLOCK_CIPHER_generic(sms4,cfb1,CFB)
|
||||
BLOCK_CIPHER_generic(sms4,cfb8,CFB)
|
||||
BLOCK_CIPHER_generic(sms4,cfb128,CFB)
|
||||
BLOCK_CIPHER_generic(sms4,ofb128,OFB)
|
||||
|
||||
|
||||
static int skf_cipher_nids[] = {
|
||||
@@ -496,8 +598,6 @@ static int skf_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, i
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_CIPHERS, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -507,11 +607,10 @@ int skf_rand_bytes(unsigned char *buf, int num)
|
||||
ULONG rv;
|
||||
|
||||
if ((rv = SKF_GenRandom(hDev, buf, (ULONG)num)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_RAND_BYTES, ESKF_R_GEN_RANDOM_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_RAND_BYTES, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -528,15 +627,13 @@ static RAND_METHOD skf_rand = {
|
||||
static int skf_sm3_init(EVP_MD_CTX *ctx)
|
||||
{
|
||||
ULONG rv;
|
||||
DEVHANDLE hDev;
|
||||
HANDLE hHash;
|
||||
|
||||
if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0, &hHash)) != SAR_OK) {
|
||||
if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0,
|
||||
(HANDLE *)&(ctx->md_data))) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_SM3_INIT, ESKF_R_SKF_DIGEST_INIT_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_SM3_INIT, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -547,11 +644,10 @@ static int skf_sm3_update(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||
ULONG ulDataLen = (ULONG)count;
|
||||
|
||||
if ((rv = SKF_DigestUpdate((HANDLE)ctx->md_data, pbData, ulDataLen)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_SM3_UPDATE, ESKF_R_SKF_DIGEST_UPDATE_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_SM3_UPDATE, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -561,16 +657,16 @@ static int skf_sm3_final(EVP_MD_CTX *ctx, unsigned char *md)
|
||||
BYTE *pHashData = (BYTE *)md;
|
||||
ULONG ulHashLen = SM3_DIGEST_LENGTH;
|
||||
|
||||
if ((rv = SKF_DigestFinal(hHash, pHashData, &ulHashLen)) != SAR_OK) {
|
||||
if ((rv = SKF_DigestFinal((HANDLE)ctx->md_data, pHashData, &ulHashLen)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_SKF_DIGEST_FINAL_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((rv = SKF_CloseHandle(hHash)) != SAR_OK) {
|
||||
if ((rv = SKF_CloseHandle((HANDLE)ctx->md_data)) != SAR_OK) {
|
||||
ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_SKF_CLOSE_HANDLE_FAILED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -609,8 +705,6 @@ static int skf_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int n
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_DIGESTS, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -627,12 +721,10 @@ static int skf_rsa_sign(int type, const unsigned char *m, unsigned int mlen,
|
||||
|
||||
if ((rv = SKF_RSASignData(hContainer, pbData, ulDataLen,
|
||||
signature, &ulSigLen)) != SAR_OK) {
|
||||
goto end;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
ESKFerr(ESKF_F_SKF_RSA_SIGN, ESKF_R_NOT_IMPLEMENTED);
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static RSA_METHOD skf_rsa = {
|
||||
@@ -657,9 +749,10 @@ static ECDSA_SIG *skf_sm2_do_sign(const unsigned char *dgst, int dgstlen,
|
||||
const BIGNUM *a, const BIGNUM *b, EC_KEY *ec_key)
|
||||
{
|
||||
ECDSA_SIG *ret = NULL;
|
||||
/*
|
||||
ULONG rv;
|
||||
BYTE *pbDigest = (BYTE *)dgst;
|
||||
ULONG ulDigestLen = (ULONG)dgstlen,
|
||||
ULONG ulDigestLen = (ULONG)dgstlen;
|
||||
ECCSIGNATUREBLOB sigBlob;
|
||||
int ok = 0;
|
||||
|
||||
@@ -683,19 +776,21 @@ end:
|
||||
ret = NULL;
|
||||
}
|
||||
|
||||
*/
|
||||
ESKFerr(ESKF_F_SKF_SM2_DO_SIGN, ESKF_R_NOT_IMPLEMENTED);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int ECDSA_METHOD skf_sm2sign = {
|
||||
/*
|
||||
static ECDSA_METHOD skf_sm2sign = {
|
||||
"SKF ECDSA method (SM2 signature)",
|
||||
skf_sm2_do_sign,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
0,
|
||||
NULL,
|
||||
};
|
||||
|
||||
*/
|
||||
|
||||
#ifdef OPENSSL_NO_DYNAMIC_ENGINE
|
||||
static ENGINE *engine_skf(void)
|
||||
@@ -740,14 +835,14 @@ static int bind(ENGINE *e, const char *id)
|
||||
!ENGINE_set_name(e, engine_skf_name) ||
|
||||
!ENGINE_set_init_function(e, skf_init) ||
|
||||
!ENGINE_set_finish_function(e, skf_finish) ||
|
||||
!ENGINE_set_ctrl_function(e, skf_ctrl) ||
|
||||
!ENGINE_set_destroy_function(e, skf_destroy) ||
|
||||
!ENGINE_set_ctrl_function(e, skf_engine_ctrl) ||
|
||||
!ENGINE_set_destroy_function(e, NULL) || //FIXME
|
||||
!ENGINE_set_digests(e, skf_digests) ||
|
||||
!ENGINE_set_ciphers(e, skf_ciphers) ||
|
||||
!ENGINE_set_load_pubkey_function(e, skf_load_pubkey) ||
|
||||
!ENGINE_set_ECDSA(e, &skf_sm2sign) ||
|
||||
!ENGINE_set_ECDSA(e, NULL) || //FIXME
|
||||
!ENGINE_set_RSA(e, &skf_rsa) ||
|
||||
!ENGINE_set_RAND(e, &skf_random)) {
|
||||
!ENGINE_set_RAND(e, &skf_rand)) {
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -70,6 +70,7 @@
|
||||
# define ERR_REASON(reason) ERR_PACK(0,0,reason)
|
||||
|
||||
static ERR_STRING_DATA ESKF_str_functs[] = {
|
||||
{ERR_FUNC(ESKF_F_DEV_AUTH), "DEV_AUTH"},
|
||||
{ERR_FUNC(ESKF_F_OPEN_APP), "OPEN_APP"},
|
||||
{ERR_FUNC(ESKF_F_OPEN_CONTAINER), "OPEN_CONTAINER"},
|
||||
{ERR_FUNC(ESKF_F_OPEN_DEV), "OPEN_DEV"},
|
||||
@@ -89,11 +90,47 @@ static ERR_STRING_DATA ESKF_str_functs[] = {
|
||||
{ERR_FUNC(ESKF_F_SKF_SM3_FINAL), "SKF_SM3_FINAL"},
|
||||
{ERR_FUNC(ESKF_F_SKF_SM3_INIT), "SKF_SM3_INIT"},
|
||||
{ERR_FUNC(ESKF_F_SKF_SM3_UPDATE), "SKF_SM3_UPDATE"},
|
||||
{ERR_FUNC(ESKF_F_VERIFY_PIN), "VERIFY_PIN"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
static ERR_STRING_DATA ESKF_str_reasons[] = {
|
||||
{ERR_REASON(ESKF_R_APP_ALREADY_OPENED), "app already opened"},
|
||||
{ERR_REASON(ESKF_R_APP_NOT_OPENED), "app not opened"},
|
||||
{ERR_REASON(ESKF_R_CONTAINER_ALREADY_OPENED), "container already opened"},
|
||||
{ERR_REASON(ESKF_R_CONTAINER_NOT_OPENED), "container not opened"},
|
||||
{ERR_REASON(ESKF_R_DEV_ALREADY_AUTHENTICATED),
|
||||
"dev already authenticated"},
|
||||
{ERR_REASON(ESKF_R_DEV_ALREADY_CONNECTED), "dev already connected"},
|
||||
{ERR_REASON(ESKF_R_DEV_IS_NOT_CONNECTED), "dev is not connected"},
|
||||
{ERR_REASON(ESKF_R_DEV_NOT_AUTHENCATED), "dev not authencated"},
|
||||
{ERR_REASON(ESKF_R_DEV_NOT_AUTHENTICATED), "dev not authenticated"},
|
||||
{ERR_REASON(ESKF_R_DEV_NOT_CONNECTED), "dev not connected"},
|
||||
{ERR_REASON(ESKF_R_GEN_RANDOM_FAILED), "gen random failed"},
|
||||
{ERR_REASON(ESKF_R_INVALID_CONTAINER_TYPE), "invalid container type"},
|
||||
{ERR_REASON(ESKF_R_INVALID_CTRL_CMD), "invalid ctrl cmd"},
|
||||
{ERR_REASON(ESKF_R_NOT_IMPLEMENTED), "not implemented"},
|
||||
{ERR_REASON(ESKF_R_PIN_NOT_VERIFIED), "pin not verified"},
|
||||
{ERR_REASON(ESKF_R_SKF_CLOSE_HANDLE_FAILED), "skf close handle failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_CONNECT_DEV_FAILED), "skf connect dev failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_DEV_AUTH_FAILED), "skf dev auth failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_DIGEST_FINAL_FAILED), "skf digest final failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_DIGEST_INIT_FAILED), "skf digest init failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_DIGEST_UPDATE_FAILED), "skf digest update failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED),
|
||||
"skf dis connnect dev failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED),
|
||||
"skf export public key failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_GEN_RANDOM_FAILED), "skf gen random failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED),
|
||||
"skf get container type failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_GET_DEV_INFO_FAILED), "skf get dev info failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_OPEN_APPLICATION_FAILED),
|
||||
"skf open application failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_OPEN_CONTAINER_FAILED),
|
||||
"skf open container failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_SET_SYMMKEY_FAILED), "skf set symmkey failed"},
|
||||
{ERR_REASON(ESKF_R_SKF_VERIFY_PIN_FAILED), "skf verify pin failed"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
|
||||
@@ -69,6 +69,7 @@ static void ERR_ESKF_error(int function, int reason, char *file, int line);
|
||||
/* Error codes for the ESKF functions. */
|
||||
|
||||
/* Function codes. */
|
||||
# define ESKF_F_DEV_AUTH 119
|
||||
# define ESKF_F_OPEN_APP 100
|
||||
# define ESKF_F_OPEN_CONTAINER 101
|
||||
# define ESKF_F_OPEN_DEV 102
|
||||
@@ -88,9 +89,39 @@ static void ERR_ESKF_error(int function, int reason, char *file, int line);
|
||||
# define ESKF_F_SKF_SM3_FINAL 116
|
||||
# define ESKF_F_SKF_SM3_INIT 117
|
||||
# define ESKF_F_SKF_SM3_UPDATE 118
|
||||
# define ESKF_F_VERIFY_PIN 120
|
||||
|
||||
/* Reason codes. */
|
||||
# define ESKF_R_APP_ALREADY_OPENED 101
|
||||
# define ESKF_R_APP_NOT_OPENED 102
|
||||
# define ESKF_R_CONTAINER_ALREADY_OPENED 103
|
||||
# define ESKF_R_CONTAINER_NOT_OPENED 104
|
||||
# define ESKF_R_DEV_ALREADY_AUTHENTICATED 105
|
||||
# define ESKF_R_DEV_ALREADY_CONNECTED 106
|
||||
# define ESKF_R_DEV_IS_NOT_CONNECTED 107
|
||||
# define ESKF_R_DEV_NOT_AUTHENCATED 108
|
||||
# define ESKF_R_DEV_NOT_AUTHENTICATED 109
|
||||
# define ESKF_R_DEV_NOT_CONNECTED 110
|
||||
# define ESKF_R_GEN_RANDOM_FAILED 111
|
||||
# define ESKF_R_INVALID_CONTAINER_TYPE 112
|
||||
# define ESKF_R_INVALID_CTRL_CMD 113
|
||||
# define ESKF_R_NOT_IMPLEMENTED 100
|
||||
# define ESKF_R_PIN_NOT_VERIFIED 114
|
||||
# define ESKF_R_SKF_CLOSE_HANDLE_FAILED 124
|
||||
# define ESKF_R_SKF_CONNECT_DEV_FAILED 115
|
||||
# define ESKF_R_SKF_DEV_AUTH_FAILED 116
|
||||
# define ESKF_R_SKF_DIGEST_FINAL_FAILED 125
|
||||
# define ESKF_R_SKF_DIGEST_INIT_FAILED 126
|
||||
# define ESKF_R_SKF_DIGEST_UPDATE_FAILED 127
|
||||
# define ESKF_R_SKF_DIS_CONNNECT_DEV_FAILED 128
|
||||
# define ESKF_R_SKF_EXPORT_PUBLIC_KEY_FAILED 117
|
||||
# define ESKF_R_SKF_GEN_RANDOM_FAILED 118
|
||||
# define ESKF_R_SKF_GET_CONTAINER_TYPE_FAILED 119
|
||||
# define ESKF_R_SKF_GET_DEV_INFO_FAILED 120
|
||||
# define ESKF_R_SKF_OPEN_APPLICATION_FAILED 121
|
||||
# define ESKF_R_SKF_OPEN_CONTAINER_FAILED 122
|
||||
# define ESKF_R_SKF_SET_SYMMKEY_FAILED 129
|
||||
# define ESKF_R_SKF_VERIFY_PIN_FAILED 123
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user