diff --git a/MINFO b/MINFO index 59c52c3f..19584f06 100644 --- a/MINFO +++ b/MINFO @@ -1313,7 +1313,7 @@ TOP=../.. RELATIVE_DIRECTORY= RELATIVE_DIRECTORY=crypto/sm3 AFLAGS=-I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -ALL=Makefile sm3.c byteorder.h sm3.h +ALL=Makefile sm3.c sm3_hmac.c byteorder.h sm3.h APPS= AR=ar r ASFLAGS=-I.. -I../.. -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM @@ -1327,11 +1327,11 @@ GENERAL=Makefile HEADER=byteorder.h sm3.h INCLUDES=-I.. -I../.. -I../../include LIB=../../libcrypto.a -LIBOBJ=sm3.o -LIBSRC=sm3.c +LIBOBJ=sm3.o sm3_hmac.o +LIBSRC=sm3.c sm3_hmac.c MAKEFILE=Makefile SM3_ASM_OBJ= -SRC=sm3.c +SRC=sm3.c sm3_hmac.c TEST=sm3test.c TOP=../.. RELATIVE_DIRECTORY= diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..9fef01f8 --- /dev/null +++ b/Makefile @@ -0,0 +1,681 @@ +### Generated automatically from Makefile.org by Configure. + +## +## Makefile for OpenSSL +## + +VERSION=1.0.2d-fips +MAJOR=1 +MINOR=0.2 +SHLIB_VERSION_NUMBER=1.0.0 +SHLIB_VERSION_HISTORY= +SHLIB_MAJOR=1 +SHLIB_MINOR=0.0 +SHLIB_EXT=.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +PLATFORM=darwin64-x86_64-cc +OPTIONS=--prefix=/usr/local/ --openssldir=/usr/local/openssl no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine +CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local/ --openssldir=/usr/local/openssl +SHLIB_TARGET=darwin-shared + +# HERE indicates where this Makefile lives. This can be used to indicate +# where sub-Makefiles are expected to be. Currently has very limited usage, +# and should probably not be bothered with at all. +HERE=. + +# INSTALL_PREFIX is for package builders so that they can configure +# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. +# Normally it is left empty. +INSTALL_PREFIX= +INSTALLTOP=/usr/local + +# Do not edit this manually. Use Configure --openssldir=DIR do change this! +OPENSSLDIR=/usr/local/openssl + +# NO_IDEA - Define to build without the IDEA algorithm +# NO_RC4 - Define to build without the RC4 algorithm +# NO_RC2 - Define to build without the RC2 algorithm +# THREADS - Define when building with threads, you will probably also need any +# system defines as well, i.e. _REENTERANT for Solaris 2.[34] +# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing. +# TERMIOS - Define the termios terminal subsystem, Silicon Graphics. +# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3). +# DEVRANDOM - Give this the value of the 'random device' if your OS supports +# one. 32 bytes will be read from this when the random +# number generator is initalised. +# SSL_FORBID_ENULL - define if you want the server to be not able to use the +# NULL encryption ciphers. +# +# LOCK_DEBUG - turns on lots of lock debug output :-) +# REF_CHECK - turn on some xyz_free() assertions. +# REF_PRINT - prints some stuff on structure free. +# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff +# MFUNC - Make all Malloc/Free/Realloc calls call +# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to +# call application defined callbacks via CRYPTO_set_mem_functions() +# MD5_ASM needs to be defined to use the x86 assembler for MD5 +# SHA1_ASM needs to be defined to use the x86 assembler for SHA1 +# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160 +# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must +# equal 4. +# PKCS1_CHECK - pkcs1 tests. + +CC= cc +CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM +DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST +PEX_LIBS= -Wl,-search_paths_first +EX_LIBS= +EXE_EXT= +ARFLAGS= +AR= ar $(ARFLAGS) r +RANLIB= /usr/bin/ranlib +NM= nm +PERL= /usr/bin/perl +TAR= tar +TARFLAGS= --no-recursion +MAKEDEPPROG=makedepend +LIBDIR=lib + +# We let the C compiler driver to take care of .s files. This is done in +# order to be excused from maintaining a separate set of architecture +# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC +# gcc, then the driver will automatically translate it to -xarch=v8plus +# and pass it down to assembler. +AS=$(CC) -c +ASFLAG=$(CFLAG) + +# For x86 assembler: Set PROCESSOR to 386 if you want to support +# the 80386. +PROCESSOR= + +# CPUID module collects small commonly used assembler snippets +CPUID_OBJ= x86_64cpuid.o +BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o +DES_ENC= des_enc.o fcrypt_b.o +AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +BF_ENC= bf_enc.o +CAST_ENC= c_enc.o +RC4_ENC= rc4_enc.o rc4_skey.o +RC5_ENC= rc5_enc.o +MD5_ASM_OBJ= md5-x86_64.o +SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +RMD160_ASM_OBJ= +WP_ASM_OBJ= wp-x86_64.o +CMLL_ENC= cmll-x86_64.o cmll_misc.o +MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o +ENGINES_ASM_OBJ= +PERLASM_SCHEME= macosx + +# KRB5 stuff +KRB5_INCLUDES= +LIBKRB5= + +# Zlib stuff +ZLIB_INCLUDE= +LIBZLIB= + +# TOP level FIPS install directory. +FIPSDIR=/usr/local/ssl/fips-2.0 + +# This is the location of fipscanister.o and friends. +# The FIPS module build will place it $(INSTALLTOP)/lib +# but since $(INSTALLTOP) can only take the default value +# when the module is built it will be in /usr/local/ssl/lib +# $(INSTALLTOP) for this build may be different so hard +# code the path. + +FIPSLIBDIR= + +# The location of the library which contains fipscanister.o +# normally it will be libcrypto unless fipsdso is set in which +# case it will be libfips. If not compiling in FIPS mode at all +# this is empty making it a useful test for a FIPS compile. + +FIPSCANLIB= + +# Shared library base address. Currently only used on Windows. +# + +BASEADDR=0xFB00000 + +DIRS= crypto ssl engines apps test tools +ENGDIRS= ccgost +SHLIBDIRS= crypto ssl + +# dirs in crypto to build +SDIRS= \ + objects \ + md4 md5 sha mdc2 hmac ripemd whrlpool \ + des aes rc2 rc4 idea bf cast camellia seed modes \ + bn ec rsa dsa ecdsa dh ecdh ecies dso engine \ + buffer bio stack lhash rand err \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + cms pqueue ts srp cmac \ + sm2 sm3 sms4 sm9 ecies ffx cpk zuc cbcmac otp skf paillier kdf + +# keep in mind that the above list is adjusted by ./Configure +# according to no-xxx arguments... + +# tests to perform. "alltests" is a special word indicating that all tests +# should be performed. +TESTS = alltests + +MAKEFILE= Makefile + +MANDIR=$(OPENSSLDIR)/man +MAN1=1 +MAN3=3 +MANSUFFIX= +HTMLSUFFIX=html +HTMLDIR=$(OPENSSLDIR)/html +SHELL=/bin/sh + +TOP= . +ONEDIRS=out tmp +EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS +WDIRS= windows +LIBS= libcrypto.a libssl.a +SHARED_CRYPTO=libcrypto$(SHLIB_EXT) +SHARED_SSL=libssl$(SHLIB_EXT) +SHARED_LIBS= +SHARED_LIBS_LINK_EXTS=.$(SHLIB_MAJOR).dylib .dylib +SHARED_LDFLAGS=-arch x86_64 -dynamiclib + +GENERAL= Makefile +BASENAME= gmssl +NAME= $(BASENAME)-$(VERSION) +TARFILE= $(NAME).tar +WTARFILE= $(NAME)-win.tar +EXHEADER= e_os2.h +HEADER= e_os.h + +all: Makefile build_all + +# as we stick to -e, CLEARENV ensures that local variables in lower +# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn +# shell, which [annoyingly enough] terminates unset with error if VAR +# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh, +# which terminates unset with error if no variable was present:-( +CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ + $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \ + $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \ + $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \ + $${EXHEADER+EXHEADER} $${HEADER+HEADER} \ + $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \ + $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \ + $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \ + $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ + $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} + +BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ + CC='$(CC)' CFLAG='$(CFLAG)' \ + AS='$(CC)' ASFLAG='$(CFLAG) -c' \ + AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ + CROSS_COMPILE='$(CROSS_COMPILE)' \ + PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ + SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ + INSTALL_PREFIX='$(INSTALL_PREFIX)' \ + INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \ + LIBDIR='$(LIBDIR)' \ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ + MAKEDEPPROG='$(MAKEDEPPROG)' \ + SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ + KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ + ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ + EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \ + SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ + PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \ + CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \ + EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \ + AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \ + BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \ + RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \ + SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \ + MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \ + RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ + WP_ASM_OBJ='$(WP_ASM_OBJ)' \ + MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \ + ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \ + PERLASM_SCHEME='$(PERLASM_SCHEME)' \ + FIPSLIBDIR='${FIPSLIBDIR}' \ + FIPSDIR='${FIPSDIR}' \ + FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ + THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= +# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, +# which in turn eliminates ambiguities in variable treatment with -e. + +# BUILD_CMD is a generic macro to build a given target in a given +# subdirectory. The target must be given through the shell variable +# `target' and the subdirectory to build in must be given through `dir'. +# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or +# BUILD_ONE_CMD instead. +# +# BUILD_ONE_CMD is a macro to build a given target in a given +# subdirectory if that subdirectory is part of $(DIRS). It requires +# exactly the same shell variables as BUILD_CMD. +# +# RECURSIVE_BUILD_CMD is a macro to build a given target in all +# subdirectories defined in $(DIRS). It requires that the target +# is given through the shell variable `target'. +BUILD_CMD= if [ -d "$$dir" ]; then \ + ( cd $$dir && echo "making $$target in $$dir..." && \ + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ + ) || exit 1; \ + fi +RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done +BUILD_ONE_CMD=\ + if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \ + $(BUILD_CMD); \ + fi + +reflect: + @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) + +sub_all: build_all + +build_all: build_libs build_apps build_tests build_tools + +build_libs: build_libcrypto build_libssl openssl.pc + +build_libcrypto: build_crypto build_engines libcrypto.pc +build_libssl: build_ssl libssl.pc + +build_crypto: + @dir=crypto; target=all; $(BUILD_ONE_CMD) +build_ssl: build_crypto + @dir=ssl; target=all; $(BUILD_ONE_CMD) +build_engines: build_crypto + @dir=engines; target=all; $(BUILD_ONE_CMD) +build_apps: build_libs + @dir=apps; target=all; $(BUILD_ONE_CMD) +build_tests: build_libs + @dir=test; target=all; $(BUILD_ONE_CMD) +build_tools: build_libs + @dir=tools; target=all; $(BUILD_ONE_CMD) + +all_testapps: build_libs build_testapps +build_testapps: + @dir=crypto; target=testapps; $(BUILD_ONE_CMD) + +fips_premain_dso$(EXE_EXT): libcrypto.a + [ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \ + -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ \ + $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \ + libcrypto.a $(EX_LIBS) + +libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT) + @if [ "$(SHLIB_TARGET)" != "" ]; then \ + if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ + FIPSLD_LIBCRYPTO=libcrypto.a ; \ + FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ + export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ + fi; \ + $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ + (touch -c fips_premain_dso$(EXE_EXT) || :); \ + else \ + echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ + fi + +libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a + @if [ "$(SHLIB_TARGET)" != "" ]; then \ + $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ + else \ + echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ + fi + +clean-shared: + @set -e; for i in $(SHLIBDIRS); do \ + if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ + tmp="$(SHARED_LIBS_LINK_EXTS)"; \ + for j in $${tmp:-x}; do \ + ( set -x; rm -f lib$$i$$j ); \ + done; \ + fi; \ + ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \ + fi; \ + done + +link-shared: + @ set -e; for i in $(SHLIBDIRS); do \ + $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ + LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + symlink.$(SHLIB_TARGET); \ + libs="$$libs -l$$i"; \ + done + +build-shared: do_$(SHLIB_TARGET) link-shared + +do_$(SHLIB_TARGET): + @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ + if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ + LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + LIBDEPS="$$libs $(EX_LIBS)" \ + link_a.$(SHLIB_TARGET); \ + libs="-l$$i $$libs"; \ + done + +libcrypto.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL-libcrypto'; \ + echo 'Description: OpenSSL cryptography library'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: '; \ + echo 'Libs: -L$${libdir} -lcrypto'; \ + echo 'Libs.private: $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc + +libssl.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL-libssl'; \ + echo 'Description: Secure Sockets Layer and cryptography libraries'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires.private: libcrypto'; \ + echo 'Libs: -L$${libdir} -lssl'; \ + echo 'Libs.private: $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc + +openssl.pc: Makefile + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL'; \ + echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: libssl libcrypto' ) > openssl.pc + +Makefile: Makefile.org Configure config + @echo "Makefile is older than Makefile.org, Configure or config." + @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please." + @false + +libclean: + rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib + +clean: libclean + rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c + @set -e; target=clean; $(RECURSIVE_BUILD_CMD) + rm -f $(LIBS) + rm -f openssl.pc libssl.pc libcrypto.pc + rm -f speed.* .pure + rm -f $(TARFILE) + @set -e; for i in $(ONEDIRS) ;\ + do \ + rm -fr $$i/*; \ + done + +makefile.one: files + $(PERL) util/mk1mf.pl >makefile.one; \ + sh util/do_ms.sh + +files: + $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO + @set -e; target=files; $(RECURSIVE_BUILD_CMD) + +links: + @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl + @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) + @set -e; target=links; $(RECURSIVE_BUILD_CMD) + +gentests: + @(cd test && echo "generating dummy tests (if needed)..." && \ + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate ); + +dclean: + rm -rf *.bak include/openssl certs/.0 + @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) + +rehash: rehash.time +rehash.time: certs apps + @if [ -z "$(CROSS_COMPILE)" ]; then \ + (OPENSSL="`pwd`/util/opensslwrap.sh"; \ + [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ + OPENSSL_DEBUG_MEMORY=on; \ + export OPENSSL OPENSSL_DEBUG_MEMORY; \ + $(PERL) tools/c_rehash certs/demo) && \ + touch rehash.time; \ + else :; fi + +test: tests + +tests: rehash + @(cd test && echo "testing..." && \ + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); + OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a + +report: + @$(PERL) util/selftest.pl + +update: errors stacks util/libeay.num util/ssleay.num TABLE + @set -e; target=update; $(RECURSIVE_BUILD_CMD) + +depend: + @set -e; target=depend; $(RECURSIVE_BUILD_CMD) + +lint: + @set -e; target=lint; $(RECURSIVE_BUILD_CMD) + +tags: + rm -f TAGS + find . -name '[^.]*.[ch]' | xargs etags -a + +errors: + $(PERL) util/ck_errf.pl -strict */*.c */*/*.c + $(PERL) util/mkerr.pl -recurse -write + (cd engines; $(MAKE) PERL=$(PERL) errors) + +stacks: + $(PERL) util/mkstack.pl -write + +util/libeay.num:: + $(PERL) util/mkdef.pl crypto update + +util/ssleay.num:: + $(PERL) util/mkdef.pl ssl update + +TABLE: Configure + (echo 'Output of `Configure TABLE'"':"; \ + $(PERL) Configure TABLE) > TABLE + +# Build distribution tar-file. As the list of files returned by "find" is +# pretty long, on several platforms a "too many arguments" error or similar +# would occur. Therefore the list of files is temporarily stored into a file +# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal +# tar does not support the --files-from option. +tar: + find . -type d -print | xargs chmod 755 + find . -type f -print | xargs chmod a+r + find . -type f -perm -0100 -print | xargs chmod a+x + find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ + $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ + tardy --user_number=0 --user_name=openssl \ + --group_number=0 --group_name=openssl \ + --prefix=openssl-$(VERSION) - |\ + gzip --best >../$(TARFILE).gz; \ + rm -f ../$(TARFILE).list; \ + ls -l ../$(TARFILE).gz + +tar-snap: + @$(TAR) $(TARFLAGS) -cvf - \ + `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\ + tardy --user_number=0 --user_name=openssl \ + --group_number=0 --group_name=openssl \ + --prefix=openssl-$(VERSION) - > ../$(TARFILE);\ + ls -l ../$(TARFILE) + +dist: + $(PERL) Configure dist + @$(MAKE) dist_pem_h + @$(MAKE) SDIRS='$(SDIRS)' clean + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar + +dist_pem_h: + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) + +install: all install_docs install_sw + +install_sw: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + @set -e; target=install; $(RECURSIVE_BUILD_CMD) + @set -e; liblist="$(LIBS)"; for i in $$liblist ;\ + do \ + if [ -f "$$i" ]; then \ + ( echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ + fi; \ + done; + @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ + tmp="$(SHARED_LIBS)"; \ + for i in $${tmp:-x}; \ + do \ + if [ -f "$$i" -o -f "$$i.a" ]; then \ + ( echo installing $$i; \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ + cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + else \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + fi ); \ + if expr $(PLATFORM) : 'mingw' > /dev/null; then \ + ( case $$i in \ + *crypto*) i=libeay32.dll;; \ + *ssl*) i=ssleay32.dll;; \ + esac; \ + echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + fi; \ + fi; \ + done; \ + ( here="`pwd`"; \ + cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \ + $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ + if [ "$(INSTALLTOP)" != "/usr" ]; then \ + echo 'OpenSSL shared libraries have been installed in:'; \ + echo ' $(INSTALLTOP)'; \ + echo ''; \ + sed -e '1,/^$$/d' doc/openssl-shared.txt; \ + fi; \ + fi + cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc + cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc + cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc + +install_html_docs: + here="`pwd`"; \ + filecase=; \ + case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ + filecase=-i; \ + esac; \ + for subdir in apps crypto ssl; do \ + mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + for i in doc/$$subdir/*.pod; do \ + fn=`basename $$i .pod`; \ + echo "installing html/$$fn.$(HTMLSUFFIX)"; \ + cat $$i \ + | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \ + | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \ + | sed -r 's/ $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ + grep -v $$filecase "^$$fn\$$" | \ + (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + while read n; do \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \ + done); \ + done; \ + done + +install_docs: + @$(PERL) $(TOP)/util/mkdir-p.pl \ + $(INSTALL_PREFIX)$(MANDIR)/man1 \ + $(INSTALL_PREFIX)$(MANDIR)/man3 \ + $(INSTALL_PREFIX)$(MANDIR)/man5 \ + $(INSTALL_PREFIX)$(MANDIR)/man7 + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ + here="`pwd`"; \ + filecase=; \ + case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ + filecase=-i; \ + esac; \ + set -e; for i in doc/apps/*.pod; do \ + fn=`basename $$i .pod`; \ + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ + --section=$$sec --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ + (grep -v $$filecase "^$$fn\$$"; true) | \ + (grep -v "[ ]"; true) | \ + (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ + while read n; do \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ + done); \ + done; \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ + fn=`basename $$i .pod`; \ + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ + echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$$pod2man \ + --section=$$sec --center=OpenSSL \ + --release=$(VERSION) `basename $$i`") \ + > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ + (grep -v $$filecase "^$$fn\$$"; true) | \ + (grep -v "[ ]"; true) | \ + (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ + while read n; do \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ + done); \ + done + +# DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/PROBLEMS b/PROBLEMS index 3eaab01f..ca02b10d 100644 --- a/PROBLEMS +++ b/PROBLEMS @@ -211,3 +211,5 @@ link failures. Apply 109147-09 or later or modify Makefile generated by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with RANLIB= /usr/ccs/bin/ar rs + +* gmssl warings: skf kdf diff --git a/README.md b/README.md index b6972e1f..a11e0638 100644 --- a/README.md +++ b/README.md @@ -1,35 +1,43 @@ # GmSSL -GmSSL (http://gmssl.org) 是支持国密算法和标准的OpenSSL分支,增加了对国密SM2/SM3/SM4算法和ECIES、CPK、ZUC算法的支持,实现了这些算法与EVP API和命令行工具的集成。GmSSL由北京大学信息安全实验室(http://infosec.pku.edu.cn)开发和维护。 +GmSSL [(http://gmssl.org)](http://gmssl.org) 是支持国密算法和标准的OpenSSL分支,是一个提供了丰富密码学功能和安全功能的开源软件包。在保持OpenSSL原有功能并实现和OpenSSL API兼容的基础上,GmSSL新增多种密码算法、标准和协议,其中包括: -GmSSL的`libcrypto`密码库增加的密码算法包括: +* 椭圆曲线公钥加密国际标准ECIES +* 国密SM2椭圆曲线公钥密码标准,包含数字签名算法、公钥加密算法、密钥交换协议及推荐椭圆曲线参数 +* 国密SM3密码杂凑算法、HMAC-SM3消息认证码算法、PBKDF2口令加密算法 +* 国密SM4/SMS4分组密码、ECB/CBC/CFB/OFB/CTR/GCM/FFX加密模式和CBC-MAC/CMAC消息认证码算法 +* 组合公钥(CPK)身份密码,可同时支持椭圆曲线国际标准算法和国密标准算法 +* 国密动态口令密码规范 +* 祖冲之(ZUC)序列密码 -- SM2是国密椭圆曲线公钥密码标准,其中包含数字签名、公钥加密和密钥交换三个具体方案,以及一个256比特素域上的推荐椭圆曲线参数。GmSSL内置了SM2的推荐曲线参数,实现了SM2的签名算法和公钥加密算法。 -- SM3是国密密码杂凑算法标准,输出的杂凑值长度为256比特。 -- SM4是国密分组密码标准,又名SMS4,其分组长度和密钥长度均为128比特。GmSSL实现了SMS4密码及SMS4的ECB、CBC、CFB、OFB等工作模式。 -- X9.63 KDF是密钥派生函数国际标准之一,ECIES和SM2公钥加密方案依赖该算法,GmSSL实现了X9.63 KDF,并用于支持ECIES和SM2公钥加密。 -- ECIES (Elliptic Curve Integrated Encryption Scheme)是椭圆曲线公钥加密的国际标准,可用于加密数据。 -- CPK是由南相浩和陈钟设计的基于身份的密码。GmSSL实现了CPK的系统建立和密钥生成算法,生成的密钥可以用于DSA、ECDH、ECDSA、ECIES、SM2等公钥密码算法。 -- ZUC(祖冲之算法)是由我国设计的序列密码,以32位字为单位输出密钥流,其密钥长度和IV长度均为128比特。GmSSL的ZUC算法处于开发中。 +GmSSL还可以以安全中间件的方式访问PCI-E密码加速卡、USB Key等硬件密码设备,为上层应用提供密钥安全存储、密码计算硬件加速以及国密SM1分组密码、国密SSF33分组密码等硬件实现的保密算法。GmSSL通过ENGINE机制支持符合不同接口规范的密码设备: -GmSSL提供命令行工具`gmssl`,可用于生成SM2签名、SM3摘要、HMAC-SM3消息认证码,支持SM4和ZUC数据加解密。 +* 提供国密算法和国密SKF接口规范实现的硬件密码设备 +* 提供Windows Crypto API Provider的密码硬件设备 +* 提供PKCS #11 (Cryptoki)接口实现的密码硬件设备 -``` bash -$ echo -n abc | gmssl dgst -sm3 -66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0 +GmSSL主要包含通用密码库`libcrypto`、SSL/TLS协议库`libssl`和命令行工具`gmssl`。除`gmssl`的命令行接口之外,GmSSL还通过`libcrypto`密码库提供原生的EVP API抽象密码接口以及国密智能IC卡及智能密码钥匙密码应用接口SKF API,以及通过JNI (Java Native Interface)本地接口实现的Java语言绑定。 + +为了便于商业软件安全地采用GmSSL,GmSSL保持了和OpenSSL相似的BSD/Apache风格的许可证,因此闭源软件或者商业软件可以安全地在产品中采用GmSSL的代码。自发布以来GmSSL荣获开源中国[(http://oschina.net)](http://oschina.net)密码类推荐开源项目、2015年度“一铭杯”中国Linux软件大赛二等奖(该年度最高奖项)等奖励和荣誉。 + +GmSSL项目目前由北京大学信息安全实验室开发和维护,项目的长期目标是推动国产密码算法在国内互联网和开源领域的广泛应用,提高国内商用非涉密领域的自主密码应用水平。 + +## 编译和安装 + +OpenSSL通过其独有的编译脚本支持非常广泛的硬件和操作系统,GmSSL项目力求保持其跨平台特性。目前GmSSL可以在Linux平台和苹果OS X平台顺利编译安装,在Windows上暂时无法编译通过。我们预计可以在下一个版本发布时修正Windows平台的编译问题。 + +在Linux平台上通过如下指令实现编译和安装: + +``` +./config +make +make install ``` -显示SM2推荐椭圆曲线域参数 - -``` bash -$ gmssl ecparam -text -noout -name sm2p256v1 -param_enc explicit +在苹果OS X操作系统上通过如下指令实现编译和安装: +``` +./Configure darwin64-x86_64-cc --prefix=/usr/local --openssldir=/usr/local/openssl +make +sudo make install ``` -在代码目录`./certs/sm2/`目录中给出了SM2证书的例子,可以用`gmssl`工具进行解析 -``` -$ gmssl x509 -text -noout -in certs/sm2/sm2-x509.pem -$ gmssl pkcs7 -print_certs -in certs/sm2/sm2-pkcs7.pem -``` - -GmSSL新增的EVP对象包括`EVP_sm3()`、`EVP_sm4_ecb()`、`EVP_sm4_cbc()`、`EVP_sm4_ofb()`、`EVP_sm4_cfb()`和`EVP_zuc()`。 - diff --git a/apps/ciphers.c b/apps/ciphers.c index 3b9d978a..e042d5e9 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -76,7 +76,7 @@ static const char *ciphers_usage[] = { " -ssl2 - SSL2 mode\n", " -ssl3 - SSL3 mode\n", " -tls1 - TLS1 mode\n", -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL " -gmssl - GMSSL mode\n", #endif NULL @@ -141,7 +141,7 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-tls1") == 0) meth = TLSv1_client_method(); #endif -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL else if (strcmp(*argv, "-gmssl") == 0) meth = GMSSLv1_client_method(); #endif diff --git a/apps/cpk.c b/apps/cpk.c index 364f56a9..91c17224 100644 --- a/apps/cpk.c +++ b/apps/cpk.c @@ -105,7 +105,7 @@ */ #include -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL # include # include # include @@ -404,7 +404,7 @@ int MAIN(int argc, char **argv) apps_shutdown(); OPENSSL_EXIT(ret); } -#else /* !OPENSSL_NO_GMSSL */ +#else /* !NO_GMSSL */ # if PEDANTIC static void *dummy = &dummy; diff --git a/apps/cpkparam.c b/apps/cpkparam.c index 275394a0..3f8291f5 100644 --- a/apps/cpkparam.c +++ b/apps/cpkparam.c @@ -158,7 +158,7 @@ */ #include /* for OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL # include # include # include @@ -521,7 +521,7 @@ int MAIN(int argc, char **argv) } -#else /* !OPENSSL_NO_GMSSL */ +#else /* !NO_GMSSL */ # if PEDANTIC static void *dummy = &dummy; diff --git a/apps/enc.c b/apps/enc.c index b03e42cf..d1e3e8d1 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -344,7 +344,7 @@ int MAIN(int argc, char **argv) } if (dgst == NULL) { -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL dgst = EVP_sm3(); #else dgst = EVP_md5(); diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 51c6a0c3..32aa3c76 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -135,6 +135,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, unsigned char *p, *buf_in = NULL, *buf_out = NULL; int i, inl = 0, outl = 0, outll = 0; X509_ALGOR *a; + printf("%s %d: %s executed\n", __FILE__, __LINE__, __FUNCTION__); EVP_MD_CTX_init(&ctx); for (i = 0; i < 2; i++) { @@ -222,8 +223,10 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, { EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); + printf("%s %d: %s executed\n", __FILE__, __LINE__, __FUNCTION__); if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { EVP_MD_CTX_cleanup(&ctx); + ERR_print_errors_fp(stderr); return 0; } return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); @@ -239,6 +242,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, size_t inl = 0, outl = 0, outll = 0; int signid, paramtype; int rv; + printf("%s %d: %s executed\n", __FILE__, __LINE__, __FUNCTION__); type = EVP_MD_CTX_md(ctx); pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 669a949b..03fb491d 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -72,9 +72,6 @@ extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; -#ifndef OPENSSL_NO_SM2 -extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth; -#endif /* Keep this sorted in type order !! */ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { diff --git a/crypto/cbcmac/cbcmac.c b/crypto/cbcmac/cbcmac.c index 2e769f4a..1b079f9d 100644 --- a/crypto/cbcmac/cbcmac.c +++ b/crypto/cbcmac/cbcmac.c @@ -55,7 +55,7 @@ int CBCMAC_Init(CBCMAC_CTX *ctx, const void *key, size_t keylen, const EVP_CIPHER *cipher, ENGINE *eng) { int i, block_size; - + if (!EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, eng, key, NULL)) { CBCMACerr(CBCMAC_F_CBCMAC_INIT, CBCMAC_R_CIPHER_CTX_INIT_FAILED); return 0; @@ -67,7 +67,7 @@ int CBCMAC_Init(CBCMAC_CTX *ctx, const void *key, size_t keylen, ctx->worklen = 0; block_size = EVP_CIPHER_CTX_block_size(&ctx->cipher_ctx); bzero(ctx->cbcstate, block_size); - return 0; + return 1; } int CBCMAC_Update(CBCMAC_CTX *ctx, const void *data, size_t datalen) @@ -119,7 +119,7 @@ int CBCMAC_Update(CBCMAC_CTX *ctx, const void *data, size_t datalen) } - return 0; + return 1; } int CBCMAC_Final(CBCMAC_CTX *ctx, unsigned char *out, size_t *outlen) diff --git a/crypto/cpk/cpk.h b/crypto/cpk/cpk.h index cee2d3d9..1669eea1 100644 --- a/crypto/cpk/cpk.h +++ b/crypto/cpk/cpk.h @@ -72,7 +72,7 @@ typedef struct cpk_master_secret_st { ASN1_OCTET_STRING *secret_factors; } CPK_MASTER_SECRET; - +DECLARE_ASN1_FUNCTIONS(CPK_MASTER_SECRET) typedef struct cpk_public_params_st { long version; @@ -82,6 +82,7 @@ typedef struct cpk_public_params_st { ASN1_OCTET_STRING *public_factors; } CPK_PUBLIC_PARAMS; +DECLARE_ASN1_FUNCTIONS(CPK_PUBLIC_PARAMS) X509_ALGOR *CPK_MAP_new_default(void); int CPK_MAP_is_valid(const X509_ALGOR *algor); diff --git a/crypto/cpk/cpk_err2.c b/crypto/cpk/cpk_err2.c deleted file mode 100644 index 5abc0244..00000000 --- a/crypto/cpk/cpk_err2.c +++ /dev/null @@ -1,126 +0,0 @@ -/* crypto/cpk/cpk_err.c */ -/* ==================================================================== - * Copyright (c) 2007 - 2015 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include "cpk.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CPK,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CPK,0,reason) - -static ERR_STRING_DATA CPK_str_functs[] = -{ - {ERR_FUNC(CPK_F_CPK_MASTER_SECRET_CREATE), "CPK_MASTER_SECRET_create"}, - {ERR_FUNC(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS), "CPK_MASTER_SECRET_extract_public_params"}, - {ERR_FUNC(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY), "CPK_MASTER_SECRET_extract_private_key"}, - {ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY), "CPK_PUBLIC_PARAMS_extract_public_key"}, - {ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY), "CPK_PUBLIC_PARAMS_compute_share_key"}, - {ERR_FUNC(CPK_F_CPK_MASTER_SECRET_DIGEST), "CPK_F_CPK_MASTER_SECRET_digest"}, - {ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_DIGEST), "CPK_F_CPK_PUBLIC_PARAMS_digest"}, - {ERR_FUNC(CPK_F_CPK_MASTER_SECRET_PRINT), "CPK_F_CPK_MASTER_SECRET_print"}, - {ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_PRINT), "CPK_F_CPK_PUBLIC_PARAMS_print"}, - {ERR_FUNC(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS), "CPK_F_CPK_MASTER_SECRET_validate_public_params"}, - {ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY), "CPK_F_CPK_PUBLIC_PARAMS_validate_private_key"}, - {ERR_FUNC(CPK_F_CPK_MAP_NEW_DEFAULT), "CPK_F_CPK_MAP_new_default"}, - {ERR_FUNC(CPK_F_CPK_MAP_NUM_FACTORS), "CPK_F_CPK_MAP_num_factors"}, - {ERR_FUNC(CPK_F_CPK_MAP_NUM_INDEXES), "CPK_F_CPK_MAP_num_indexes"}, - {ERR_FUNC(CPK_F_CPK_MAP_STR2INDEX), "CPK_F_CPK_MAP_STR2INDEX"}, - {ERR_FUNC(CPK_F_X509_ALGOR_GET1_EC_KEY), "X509_ALGOR_get1_ec_key"}, - {ERR_FUNC(CPK_F_X509_ALGOR_GET1_DSA), "X509_ALGOR_get1_dsa"}, - {0, NULL} -}; - -static ERR_STRING_DATA CPK_str_reasons[] = -{ - {ERR_REASON(CPK_R_BAD_ARGUMENT), "bad argument"}, - {ERR_REASON(CPK_R_UNKNOWN_DIGEST_TYPE), "unknown digest algorithm"}, - {ERR_REASON(CPK_R_UNKNOWN_CIPHER_TYPE), "unknown cipher algorithm"}, - {ERR_REASON(CPK_R_UNKNOWN_MAP_TYPE), "unknown cpk map algorithm"}, - {ERR_REASON(CPK_R_UNKNOWN_CURVE), "unknown elliptic curve"}, - {ERR_REASON(CPK_R_STACK_ERROR), "stack error"}, - {ERR_REASON(CPK_R_DERIVE_KEY_FAILED), "derive key failed"}, - {ERR_REASON(CPK_R_ECIES_ENCRYPT_FAILED), "ecies encryption failed"}, - {ERR_REASON(CPK_R_ECIES_DECRYPT_FAILED), "ecies decryption failed"}, - {ERR_REASON(CPK_R_DER_DECODE_FAILED), "DER decode failed"}, - {ERR_REASON(CPK_R_UNSUPPORTED_PKCS7_CONTENT_TYPE),"CPK_R_UNSUPPORTED_PKCS7_CONTENT_TYPE"}, - {ERR_REASON(CPK_R_SET_SIGNER), "CPK_R_SET_SIGNER"}, - {ERR_REASON(CPK_R_SET_RECIP_INFO), "CPK_R_SET_RECIP_INFO"}, - {ERR_REASON(CPK_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"CPK_R_UNABLE_TO_FIND_MESSAGE_DIGEST"}, - {ERR_REASON(CPK_R_BAD_DATA), "bad data"}, - {ERR_REASON(CPK_R_MAP_FAILED), "CPK_R_MAP_FAILED"}, - {ERR_REASON(CPK_R_ADD_SIGNING_TIME), "CPK_R_ADD_SIGNING_TIME"}, - {ERR_REASON(CPK_R_VERIFY_FAILED), "CPK_R_VERIFY_FAILED"}, - {ERR_REASON(CPK_R_UNKNOWN_ECDH_TYPE), "CPK_R_UNKNOWN_ECDH_TYPE"}, - {ERR_REASON(CPK_R_DIGEST_FAILED), "CPK_R_DIGEST_FAILED"}, - {ERR_REASON(CPK_R_WITHOUT_DECRYPT_KEY), "CPK_R_WITHOUT_DECRYPT_KEY"}, - {ERR_REASON(CPK_R_UNKNOWN_PKCS7_TYPE), "CPK_R_UNKNOWN_PKCS7_TYPE"}, - {ERR_REASON(CPK_R_INVALID_ID_LENGTH), "invalid identity length"}, - {ERR_REASON(CPK_R_INVALID_PKEY_TYPE), "invalid public key type"}, - {ERR_REASON(CPK_R_INVALID_MAP_ALGOR), "invalid map algorithm"}, - {ERR_REASON(CPK_R_PKEY_TYPE_NOT_MATCH), "public key type not match"}, - {0, NULL} -}; - -#endif - -void ERR_load_CPK_strings(void) -{ -#ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(CPK_str_functs[0].error) == NULL) { - ERR_load_strings(0, CPK_str_functs); - ERR_load_strings(0, CPK_str_reasons); - } - -#endif -} diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 6e5c4b51..59bbe314 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -1004,7 +1004,7 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define EVP_PKEY_CTX_set_ec_sign_type(ctx, type) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ EVP_PKEY_OP_SIGN|EVP_PKEY_OP_SIGNCTX| \ @@ -1036,7 +1036,7 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ EVP_PKEY_OP_DERIVE, \ EVP_PKEY_CTRL_EC_DH_TYPE, -2, NULL); -# endif /* OPENSSL_NO_GMSSL */ +# endif /* NO_GMSSL */ @@ -1101,7 +1101,7 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); # define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) # define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define EVP_PKEY_CTRL_EC_SIGN_TYPE (EVP_PKEY_ALG_CTRL + 11) # define EVP_PKEY_CTRL_GET_EC_SIGN_TYPE (EVP_PKEY_ALG_CTRL + 12) # define EVP_PKEY_CTRL_EC_ENC_TYPE (EVP_PKEY_ALG_CTRL + 13) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 3989e5c6..c1d9219b 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -613,7 +613,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, 0, "EC", -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL "GmSSL EC/SM2 algorithm", #else "OpenSSL EC algorithm", diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 3b5ce06d..a28b5b48 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -61,7 +61,7 @@ #include #include #include -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL #include #endif diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 620318b3..50d00c6d 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -2835,7 +2835,7 @@ static const struct { } }; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL static const struct { EC_CURVE_DATA h; unsigned char data[0 + 32 * 6]; @@ -3112,7 +3112,7 @@ static const ec_list_element curve_list[] = { "RFC 5639 curve over a 512 bit prime field"}, {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, "RFC 5639 curve over a 512 bit prime field"}, -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL {NID_sm2p256v1, &_EC_SM2_PRIME_256V1.h, 0, "SM2 curve over a 256 bit prime field"}, {NID_wapip192v1, &_EC_WAPI_PRIME_192V1.h, 0, diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 317e64c8..725a45ae 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -88,15 +88,21 @@ typedef struct { size_t kdf_ukmlen; /* KDF output length */ size_t kdf_outlen; +#ifndef NO_GMSSL /* SECG, SM2 or other standards */ int sign_type; int enc_type; int dh_type; - union { - void *ptr; - ECIES_PARAMS *ecies; - SM2_ENC_PARAMS *sm2; - } enc_param; + + unsigned char sm2_id_dgst[EVP_MAX_MD_SIZE]; + size_t sm2_id_dgstlen; + + union { + void *ptr; + ECIES_PARAMS *ecies; + SM2_ENC_PARAMS *sm2; + } enc_param; +#endif } EC_PKEY_CTX; static int pkey_ec_init(EVP_PKEY_CTX *ctx) @@ -115,11 +121,13 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx) dctx->kdf_outlen = 0; dctx->kdf_ukm = NULL; dctx->kdf_ukmlen = 0; +#ifndef NO_GMSSL dctx->sign_type = NID_sm_scheme; - dctx->enc_type = NID_sm_scheme; - dctx->dh_type = NID_sm_scheme; - dctx->enc_param.ptr = NULL; - + dctx->enc_type = NID_sm_scheme; + dctx->dh_type = NID_sm_scheme; + dctx->sm2_id_dgstlen = 0; + dctx->enc_param.ptr = NULL; +#endif ctx->data = dctx; return 1; @@ -157,6 +165,7 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->sign_type = sctx->sign_type; dctx->enc_type = sctx->enc_type; dctx->dh_type = sctx->dh_type; + // fixme return 1; } @@ -256,8 +265,7 @@ static int pkey_ec_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) unsigned char zid[EVP_MAX_MD_SIZE]; unsigned int zidlen = sizeof(zid); - - + //FIXME: it is wrong to do it here! if (dctx->sign_type == NID_sm_scheme) { if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) { ECerr(EC_F_PKEY_EC_SIGNCTX_INIT, ERR_R_SM2_LIB); @@ -272,7 +280,6 @@ static int pkey_ec_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) } } - return 1; } @@ -595,13 +602,16 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->kdf_type = p1; return 1; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case EVP_PKEY_CTRL_EC_SIGN_TYPE: if (p1 == -2) return dctx->sign_type; if (p1 != NID_secg_scheme && p1 != NID_sm_scheme) return -2; dctx->sign_type = p1; + + //SM2_compute_id_digest(); + //set this data to pkey_ctx return 1; case EVP_PKEY_CTRL_GET_EC_SIGN_TYPE: @@ -670,7 +680,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL EVP_MD_type((const EVP_MD *)p2) != NID_sm3 && #endif EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && @@ -722,7 +732,7 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, else return -2; return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL } else if (!strcmp(type, "ec_sign_algor")) { int sign_type; if (!strcmp(value, "ecdsa")) diff --git a/crypto/ecies/Makefile b/crypto/ecies/Makefile index e5add24e..c81cd15b 100644 --- a/crypto/ecies/Makefile +++ b/crypto/ecies/Makefile @@ -122,4 +122,4 @@ ecies_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecies_lib.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h ecies_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecies_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ecies_lib.o: ecies_lib.c +ecies_lib.o: ../o_str.h ecies_lib.c diff --git a/crypto/ecies/ecies.h b/crypto/ecies/ecies.h index bac41690..55bf6df4 100644 --- a/crypto/ecies/ecies.h +++ b/crypto/ecies/ecies.h @@ -118,7 +118,7 @@ int i2d_ECIESParameters(const ECIES_PARAMS *param, unsigned char **out); ECIES_PARAMS *d2i_ECIESParameters(ECIES_PARAMS **param, const unsigned char **in, long len); int ECIES_set_parameters(EC_KEY *ec_key, const ECIES_PARAMS *param); -ECIES_PARAMS *ECIES_get_parameters(const EC_KEY *ec_key); +ECIES_PARAMS *ECIES_get_parameters(EC_KEY *ec_key); ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, const unsigned char *in, size_t inlen, EC_KEY *ec_key); int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv, diff --git a/crypto/ecies/ecies_lib.c b/crypto/ecies/ecies_lib.c index d7fdfd0f..029d9199 100644 --- a/crypto/ecies/ecies_lib.c +++ b/crypto/ecies/ecies_lib.c @@ -59,6 +59,7 @@ #include #include #include +#include "../o_str.h" static void *ecies_data_dup(void *data) { @@ -71,7 +72,7 @@ static void *ecies_data_dup(void *data) { return NULL; } - memcpy(ret, param, sizeof(*param)); + memcpy(ret, param, sizeof(*param)); return ret; } @@ -97,7 +98,8 @@ int ECIES_set_parameters(EC_KEY *ec_key, const ECIES_PARAMS *param) return 1; } -ECIES_PARAMS *ECIES_get_parameters(const EC_KEY *ec_key) +//FIXME: is is _get0_ ? +ECIES_PARAMS *ECIES_get_parameters(EC_KEY *ec_key) { ECIES_PARAMS *ret; if (!(ret = EC_KEY_get_key_method_data(ec_key, @@ -120,7 +122,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, EVP_CIPHER_CTX cipher_ctx; EVP_CIPHER_CTX_init(&cipher_ctx); - if (!(cv = ECIES_CIPHERTEXT_VALUE_new())) + if (!(cv = ECIES_CIPHERTEXT_VALUE_new())) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); @@ -164,7 +166,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_EC_LIB); goto err; - } + } /* * use ecdh to compute enckey and mackey @@ -205,7 +207,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, goto err; } - if (!ECDH_compute_key(share, sharelen, + if (!ECDH_compute_key(share, sharelen, EC_KEY_get0_public_key(pub_key), ephem_key, KDF_get_x9_63(param->kdf_md))) { @@ -222,15 +224,15 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, if (param->sym_cipher) len = (int)(inlen + EVP_MAX_BLOCK_LENGTH * 2); else len = inlen; - + if (!M_ASN1_OCTET_STRING_set(cv->ciphertext, NULL, len)) { ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto err; } - - if (param->sym_cipher) + + if (param->sym_cipher) { unsigned char iv[EVP_MAX_IV_LENGTH]; memset(iv, 0, sizeof(iv)); @@ -243,7 +245,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, goto err; } p = cv->ciphertext->data; - if (!EVP_EncryptUpdate(&cipher_ctx, p, &len, in, (int)inlen)) + if (!EVP_EncryptUpdate(&cipher_ctx, p, &len, in, (int)inlen)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, @@ -259,7 +261,7 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, goto err; } p += len; - cv->ciphertext->length = (int)(p - cv->ciphertext->data); + cv->ciphertext->length = (int)(p - cv->ciphertext->data); } else { @@ -273,12 +275,12 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, * calculate mactag of ciphertext and encode */ cv->mactag->length = maclen; - + if (!M_ASN1_OCTET_STRING_set(cv->mactag, NULL, cv->mactag->length)) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); - goto err; + goto err; } if (!HMAC(param->mac_md, mackey, mackeylen, cv->ciphertext->data, (size_t)cv->ciphertext->length, @@ -293,8 +295,8 @@ ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, err: EVP_CIPHER_CTX_cleanup(&cipher_ctx); if (share) OPENSSL_free(share); - if (ephem_key) EC_KEY_free(ephem_key); - if (e && cv) + if (ephem_key) EC_KEY_free(ephem_key); + if (e && cv) { ECIES_CIPHERTEXT_VALUE_free(cv); cv = NULL; @@ -303,7 +305,7 @@ err: } int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv, - const ECIES_PARAMS *param, unsigned char *out, size_t *outlen, + const ECIES_PARAMS *param, unsigned char *out, size_t *outlen, EC_KEY *pri_key) { int r = 0; @@ -351,10 +353,10 @@ int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv, ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_BAD_DATA); goto err; } - + /* * use ecdh to compute enckey and mackey - */ + */ if (param->sym_cipher) enckeylen = EVP_CIPHER_key_length(param->sym_cipher); else enckeylen = cv->ciphertext->length; @@ -366,17 +368,17 @@ int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv, ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } - + if (!ECDH_compute_key(share, enckeylen + mackeylen, ephem_point, pri_key, - KDF_get_x9_63(param->kdf_md))) + KDF_get_x9_63(param->kdf_md))) { ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_ECDH_FAILED); goto err; - } + } enckey = share; mackey = share + enckeylen; - + /* * generate and verify mac */ @@ -387,7 +389,7 @@ int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv, } if (!HMAC(param->mac_md, mackey, mackeylen, cv->ciphertext->data, (size_t)cv->ciphertext->length, - mac, (unsigned int *)&len)) + mac, (unsigned int *)&len)) { ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_GEN_MAC_FAILED); goto err; @@ -431,14 +433,14 @@ int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv, p += len; *outlen = (int)(p - out); } - else + else { int i; for (i = 0; i < cv->ciphertext->length; i++) out[i] = cv->ciphertext->data[i] ^ enckey[i]; *outlen = cv->ciphertext->length; } - + r = 1; err: if (share) OPENSSL_free(share); @@ -463,7 +465,7 @@ int ECIES_encrypt(const ECIES_PARAMS *param, fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); return 0; } - + if ((len = i2d_ECIES_CIPHERTEXT_VALUE(cv, NULL)) <= 0) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); ECIESerr(ECIES_F_ECIES_ENCRYPT, ECIES_R_ENCRYPT_FAILED); diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 308a7140..14ddc824 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -113,7 +113,7 @@ void ENGINE_load_builtin_engines(void) # ifndef OPENSSL_NO_GOST ENGINE_load_gost(); # endif -# ifndef OPENSSL_NO_SKF +# ifndef NO_GMSSL //ENGINE_load_skf(); # endif # ifndef OPENSSL_NO_GMP diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 1eb10ea3..dc9cb739 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -411,7 +411,7 @@ void ENGINE_load_gmp(void); # ifndef OPENSSL_NO_GOST void ENGINE_load_gost(void); # endif -# ifndef OPENSSL_NO_SKF +# ifndef NO_GMSSL void ENGINE_load_skf(void); # endif # endif diff --git a/crypto/err/Makefile b/crypto/err/Makefile index cbb06782..03aad7b5 100644 --- a/crypto/err/Makefile +++ b/crypto/err/Makefile @@ -83,31 +83,32 @@ err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h err.o: ../cryptlib.h err.c -err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -err_all.o: ../../include/openssl/cbcmac.h ../../include/openssl/cms.h -err_all.o: ../../include/openssl/comp.h ../../include/openssl/conf.h -err_all.o: ../../include/openssl/cpk.h ../../include/openssl/crypto.h -err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/ecies.h -err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -err_all.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h +err_all.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +err_all.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +err_all.o: ../../include/openssl/buffer.h ../../include/openssl/cbcmac.h +err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h +err_all.o: ../../include/openssl/conf.h ../../include/openssl/cpk.h +err_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h +err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +err_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +err_all.o: ../../include/openssl/ecies.h ../../include/openssl/engine.h +err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +err_all.o: ../../include/openssl/ffx.h ../../include/openssl/kdf.h err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/otp.h -err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -err_all.o: ../../include/openssl/sha.h ../../include/openssl/skf.h -err_all.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h -err_all.o: ../../include/openssl/sm9.h ../../include/openssl/stack.h -err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h -err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -err_all.o: err_all.c +err_all.o: ../../include/openssl/paillier.h ../../include/openssl/pem2.h +err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +err_all.o: ../../include/openssl/skf.h ../../include/openssl/sm2.h +err_all.o: ../../include/openssl/sm3.h ../../include/openssl/sm9.h +err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +err_all.o: ../../include/openssl/x509v3.h err_all.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/err/err.c b/crypto/err/err.c index 9b966bf4..74dc7241 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -155,7 +155,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"}, -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL {ERR_PACK(ERR_LIB_ECIES, 0, 0), "ECIES routines"}, {ERR_PACK(ERR_LIB_CPK, 0, 0), "CPK routines"}, {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"}, diff --git a/crypto/err/err.h b/crypto/err/err.h index 9884a875..ea8f9931 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -198,7 +198,7 @@ typedef struct err_state_st { # define ERR_LIB_HMAC 48 # define ERR_LIB_JPAKE 49 -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define ERR_LIB_ECIES 50 # define ERR_LIB_CPK 51 # define ERR_LIB_SM2 52 @@ -246,16 +246,16 @@ typedef struct err_state_st { # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define ECIESerr(f,r) ERR_PUT_error(ERR_LIB_ECIES,(f),(r),__FILE__,__LINE__) # define CPKerr(f,r) ERR_PUT_error(ERR_LIB_CPK,(f),(r),__FILE__,__LINE__) # define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),__FILE__,__LINE__) # define SKFerr(f,r) ERR_PUT_error(ERR_LIB_SKF,(f),(r),__FILE__,__LINE__) -# define CBCMACerr(f,r) ERR_PUT_error(ERR_LIB_CBCMAC,(f),(r),__FILE__,__LINE__); -# define OTPerr(f,r) ERR_PUT_error(ERR_LIB_OTP,(f),(r),__FILE__,__LINE__); -# define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),__FILE__,__LINE__); -# define PAILLIERerr(f,r) ERR_PUT_error(ERR_LIB_PAILLIER,(f),(r),__FILE__,__LINE__); -# define FFXerr(f,r) ERR_PUT_error(ERR_LIB_FFX,(f),(r),__FILE__,__LINE__); +# define CBCMACerr(f,r) ERR_PUT_error(ERR_LIB_CBCMAC,(f),(r),__FILE__,__LINE__) +# define OTPerr(f,r) ERR_PUT_error(ERR_LIB_OTP,(f),(r),__FILE__,__LINE__) +# define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),__FILE__,__LINE__) +# define PAILLIERerr(f,r) ERR_PUT_error(ERR_LIB_PAILLIER,(f),(r),__FILE__,__LINE__) +# define FFXerr(f,r) ERR_PUT_error(ERR_LIB_FFX,(f),(r),__FILE__,__LINE__) # endif /* @@ -314,7 +314,7 @@ typedef struct err_state_st { # define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ # define ERR_R_TS_LIB ERR_LIB_TS/* 45 */ -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define ERR_R_ECIES_LIB ERR_LIB_ECIES/* 50 */ # define ERR_R_CPK_LIB ERR_LIB_CPK/* 51 */ # define ERR_R_SM2_LIB ERR_LIB_SM2/* 52 */ @@ -326,6 +326,8 @@ typedef struct err_state_st { # define ERR_R_FFX_LIB ERR_LIB_FFX/* 58 */ # endif +//FIXME: it seems we used up error numbers + # define ERR_R_NESTED_ASN1_ERROR 58 # define ERR_R_BAD_ASN1_OBJECT_HEADER 59 # define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index af76d44b..c72f18a2 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -108,7 +108,7 @@ # include #endif -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL # include # include # include @@ -176,7 +176,7 @@ void ERR_load_crypto_strings(void) # ifndef OPENSSL_NO_JPAKE ERR_load_JPAKE_strings(); # endif -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL ERR_load_ECIES_strings(); ERR_load_CPK_strings(); ERR_load_SM2_strings(); diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 59545528..a8e45c28 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -163,7 +163,7 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_rc5_cbc, "RC5"); #endif -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL EVP_add_cipher(EVP_sms4_ecb()); EVP_add_cipher(EVP_sms4_cbc()); EVP_add_cipher(EVP_sms4_cfb()); diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 0fa216f2..dd86fb2f 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -67,7 +67,7 @@ void OpenSSL_add_all_digests(void) #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL EVP_add_digest(EVP_sm3()); #endif #ifndef OPENSSL_NO_MD5 diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index dbd9c501..f2643f32 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -211,7 +211,6 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) type = ctx->digest; } #endif - //fprintf(stderr, "%s %d\n", __FILE__, __LINE__); if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); @@ -220,7 +219,6 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->update = type->update; ctx->md_data = OPENSSL_malloc(type->ctx_size); if (ctx->md_data == NULL) { - fprintf(stderr, "%s %d\n", __FILE__, __LINE__); EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } @@ -231,7 +229,6 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) #endif if (ctx->pctx) { int r; - //fprintf(stderr, "%s %d\n", __FILE__, __LINE__); r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); if (r <= 0 && (r != -2)) @@ -248,7 +245,6 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) return 0; } #endif - //fprintf(stderr, "%s %d\n", __FILE__, __LINE__); return ctx->digest->init(ctx); } diff --git a/crypto/evp/e_sms4.c b/crypto/evp/e_sms4.c index 7a2a3e7f..640d3fc8 100644 --- a/crypto/evp/e_sms4.c +++ b/crypto/evp/e_sms4.c @@ -53,7 +53,8 @@ #include #include "cryptlib.h" -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL + #include #include #include @@ -61,8 +62,6 @@ #include "modes_lcl.h" #include -#define SMS4_IV_LENGTH SMS4_BLOCK_SIZE - typedef struct { sms4_key_t ks; } EVP_SMS4_KEY; @@ -95,7 +94,7 @@ static int sms4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_SMS4_KEY *sms4_key = (EVP_SMS4_KEY *)ctx->cipher_data; - + if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { CRYPTO_cfb128_1_encrypt(in, out, len, &sms4_key->ks, ctx->iv, &ctx->num, ctx->encrypt, (block128_f)sms4_encrypt); @@ -144,7 +143,7 @@ static int sms4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_cfb128_8_encrypt(in, out, len, &sms4_key->ks, ctx->iv, &ctx->num, ctx->encrypt, (block128_f)sms4_encrypt); - + return 1; } @@ -236,7 +235,7 @@ static int sms4_gcm_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) case EVP_CTRL_COPY: default: return -1; - } + } } @@ -255,7 +254,7 @@ static int sms4_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { EVP_SMS4_WRAP_CTX *sms4_wrap = ctx->cipher_data; - + if (!iv && !key) return 1; @@ -337,7 +336,7 @@ static int sms4_wrap_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, NULL, /* get_asn1_parameters() */ NULL, /* ctrl() */ NULL /* app_data */ -}; +}; const EVP_CIPHER *EVP_sms4_wrap(void) { diff --git a/crypto/evp/e_zuc.c b/crypto/evp/e_zuc.c index fe380931..22050ed1 100644 --- a/crypto/evp/e_zuc.c +++ b/crypto/evp/e_zuc.c @@ -1,47 +1,88 @@ +/* crypto/evp/e_zuc.c */ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + #include #include "cryptlib.h" -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL #include -#include "evp_locl.h" -#include #include +#include +#include "evp_locl.h" static int zuc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - ZUC_set_key((ZUC_KEY *)&ctx->cipher_data, key, iv); + zuc_set_key((zuc_key_t *)&ctx->cipher_data, key, iv); return 1; } static int zuc_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inlen) { - ZUC_encrypt((ZUC_KEY *)&ctx->cipher_data, inlen, in, out); + zuc_encrypt((zuc_key_t *)&ctx->cipher_data, inlen, in, out); return 1; } - -/* - * FIXME: - * evp_enc.c assert block_size in {1, 8, 16}, 4 not ok! - */ static const EVP_CIPHER zuc_cipher = { - NID_zuc, /* nid */ - 4, /* block_size */ - 16, /* key_len */ - 16, /* iv_len */ - 0, /* flags */ - zuc_init, /* init() */ - zuc_do_cipher, /* do_cipher() */ - NULL, /* cleanup() */ - sizeof(ZUC_KEY), /* ctx_size */ - NULL, /* set_asn1_parameters() */ - NULL, /* get_asn1_parameters() */ - NULL, /* ctrl() */ - NULL /* app_data */ + NID_zuc, + 1, 16, 16, + EVP_CIPH_VARIABLE_LENGTH, + zuc_init, + zuc_do_cipher, + NULL, + sizeof(zuc_key_t), + NULL, NULL, NULL, NULL }; const EVP_CIPHER *EVP_zuc(void) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 95a5885a..3bba4274 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -741,7 +741,7 @@ const EVP_MD *EVP_ripemd160(void); # ifndef OPENSSL_NO_WHIRLPOOL const EVP_MD *EVP_whirlpool(void); # endif -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL const EVP_MD *EVP_sm3(void); # endif const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ @@ -830,7 +830,7 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); # define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); # endif -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL const EVP_CIPHER *EVP_sms4_ecb(void); const EVP_CIPHER *EVP_sms4_cbc(void); const EVP_CIPHER *EVP_sms4_cfb1(void); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 9c22622f..e57a67ca 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -210,7 +210,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, #endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL || ctx->cipher->block_size == 4 #endif || ctx->cipher->block_size == 8 @@ -668,18 +668,3 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) return 1; } -#ifndef OPENSSL_NO_GMSSL -int EVP_Encrypt_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outlen, - const unsigned char *in, int inlen) -{ - return 0; -} - -int EVP_Decrypt_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outlen, - const unsigned char *in, int inlen) -{ - - return 1; -} -#endif /* GMSSL */ - diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 1ed77c35..0e8f4801 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -86,7 +86,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return 0; } } - if (ver) { if (ctx->pctx->pmeth->verifyctx_init) { if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0) @@ -97,14 +96,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, } else { if (ctx->pctx->pmeth->signctx_init) { if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) { -fprintf(stderr, "error %s %d\n", __FILE__, __LINE__); return 0; } ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) return 0; } - if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) return 0; if (pctx) diff --git a/crypto/evp/m_sm3.c b/crypto/evp/m_sm3.c index b57612ba..98de163b 100644 --- a/crypto/evp/m_sm3.c +++ b/crypto/evp/m_sm3.c @@ -52,7 +52,7 @@ #include #include "cryptlib.h" -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL #include #include @@ -62,17 +62,29 @@ static int init(EVP_MD_CTX *ctx) { - return sm3_init(ctx->md_data); + if (!ctx || !ctx->md_data) { + return 0; + } + sm3_init(ctx->md_data); + return 1; } static int update(EVP_MD_CTX *ctx, const void *in, size_t inlen) { - return sm3_update(ctx->md_data, in, inlen); + if (!ctx || !ctx->md_data || !in) { + return 0; + } + sm3_update(ctx->md_data, in, inlen); + return 1; } static int final(EVP_MD_CTX *ctx, unsigned char *md) { - return sm3_final(ctx->md_data, md); + if (!ctx || !ctx->md_data || !md) { + return 0; + } + sm3_final(ctx->md_data, md); + return 1; } static const EVP_MD sm3_md = { diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 629046ee..fbf1ffe6 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -200,21 +200,17 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, mac_ctx = EVP_PKEY_CTX_new_id(type, e); if (!mac_ctx) { if (e) fprintf(stderr, "engine is not null\n"); - fprintf(stderr, "error %s %d\n", __FILE__, __LINE__); return NULL; } if (EVP_PKEY_keygen_init(mac_ctx) <= 0) { - fprintf(stderr, "error %s %d\n", __FILE__, __LINE__); goto merr; } if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, (void *)key) <= 0) { - fprintf(stderr, "error %s %d\n", __FILE__, __LINE__); goto merr; } if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) { - fprintf(stderr, "error %s %d\n", __FILE__, __LINE__); goto merr; } merr: diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index bb7dfaef..bc6f9131 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -95,7 +95,7 @@ static const EVP_PKEY_METHOD *standard_methods[] = { #ifndef OPENSSL_NO_DH &dhx_pkey_meth, #endif -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL &cbcmac_pkey_meth, #endif }; diff --git a/crypto/ffx/Makefile b/crypto/ffx/Makefile index 8fe376ba..be3b7676 100644 --- a/crypto/ffx/Makefile +++ b/crypto/ffx/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @@ -74,3 +76,17 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +ffx.o: ../../include/openssl/aes.h ../../include/openssl/bio.h +ffx.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ffx.o: ../../include/openssl/err.h ../../include/openssl/ffx.h +ffx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ffx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ffx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ffx.o: ../../include/openssl/symhacks.h ffx.c +ffx_err.o: ../../include/openssl/aes.h ../../include/openssl/bio.h +ffx_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ffx_err.o: ../../include/openssl/err.h ../../include/openssl/ffx.h +ffx_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ffx_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ffx_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ffx_err.o: ../../include/openssl/symhacks.h ffx_err.c diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index e453e99f..4080a0c6 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -56,6 +56,13 @@ static const nid_triple sigoid_srt[] = { NID_dh_cofactor_kdf}, {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, NID_dh_cofactor_kdf}, + {NID_sm2sign_with_sm3, NID_sm3, NID_X9_62_id_ecPublicKey}, + {NID_sm2sign_with_sha1, NID_sha1, NID_sm2sign}, + {NID_sm2sign_with_sha256, NID_sha256, NID_sm2sign}, + {NID_sm2sign_with_sha512, NID_sha512, NID_sm2sign}, + {NID_sm2sign_with_sha224, NID_sha224, NID_sm2sign}, + {NID_sm2sign_with_sha384, NID_sha384, NID_sm2sign}, + {NID_sm2sign_with_rmd160, NID_ripemd160, NID_sm2sign}, }; static const nid_triple *const sigoid_srt_xref[] = { @@ -71,29 +78,36 @@ static const nid_triple *const sigoid_srt_xref[] = { &sigoid_srt[12], &sigoid_srt[30], &sigoid_srt[35], + &sigoid_srt[41], &sigoid_srt[6], &sigoid_srt[10], + &sigoid_srt[46], &sigoid_srt[11], &sigoid_srt[13], &sigoid_srt[24], &sigoid_srt[20], &sigoid_srt[32], &sigoid_srt[37], + &sigoid_srt[42], &sigoid_srt[14], &sigoid_srt[21], &sigoid_srt[33], &sigoid_srt[38], + &sigoid_srt[45], &sigoid_srt[15], &sigoid_srt[22], &sigoid_srt[34], &sigoid_srt[39], + &sigoid_srt[43], &sigoid_srt[16], &sigoid_srt[23], &sigoid_srt[19], &sigoid_srt[31], &sigoid_srt[36], + &sigoid_srt[44], &sigoid_srt[25], &sigoid_srt[26], &sigoid_srt[27], &sigoid_srt[28], + &sigoid_srt[40], }; diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt index 19c94226..b1498ce3 100644 --- a/crypto/objects/obj_xref.txt +++ b/crypto/objects/obj_xref.txt @@ -29,6 +29,7 @@ dsaWithSHA1 sha1 dsa dsaWithSHA1_2 sha1 dsa_2 +# GMSSL: here is the problem! ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey @@ -36,6 +37,7 @@ ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey ecdsa_with_Recommended undef X9_62_id_ecPublicKey ecdsa_with_Specified undef X9_62_id_ecPublicKey +sm2sign_with_sm3 sm3 X9_62_id_ecPublicKey dsa_with_SHA224 sha224 dsa dsa_with_SHA256 sha256 dsa @@ -56,3 +58,11 @@ dhSinglePass_cofactorDH_sha224kdf_scheme sha224 dh_cofactor_kdf dhSinglePass_cofactorDH_sha256kdf_scheme sha256 dh_cofactor_kdf dhSinglePass_cofactorDH_sha384kdf_scheme sha384 dh_cofactor_kdf dhSinglePass_cofactorDH_sha512kdf_scheme sha512 dh_cofactor_kdf + +# GMSSL SM2 schemes +sm2sign_with_sha1 sha1 sm2sign +sm2sign_with_sha256 sha256 sm2sign +sm2sign_with_sha512 sha512 sm2sign +sm2sign_with_sha224 sha224 sm2sign +sm2sign_with_sha384 sha384 sm2sign +sm2sign_with_rmd160 ripemd160 sm2sign diff --git a/crypto/otp/Makefile b/crypto/otp/Makefile index a9228d19..e5a776d1 100644 --- a/crypto/otp/Makefile +++ b/crypto/otp/Makefile @@ -66,6 +66,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/paillier/Makefile b/crypto/paillier/Makefile index 524f679c..3bed2de6 100644 --- a/crypto/paillier/Makefile +++ b/crypto/paillier/Makefile @@ -66,6 +66,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @@ -79,3 +81,16 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +pai_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +pai_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pai_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +pai_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pai_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/paillier.h +pai_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +pai_err.o: ../../include/openssl/symhacks.h pai_err.c +pai_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +pai_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +pai_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pai_lib.o: ../../include/openssl/paillier.h ../../include/openssl/safestack.h +pai_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pai_lib.o: pai_lib.c diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 6301930b..d3b23fc9 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -137,10 +137,6 @@ extern "C" { # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" -# ifndef OPENSSL_NO_GMSSL -# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" -# define PEM_STRING_SM2PRIVATEKEY "SM2 PRIVATE KEY" -# endif /* * Note that this structure is initialised by PEM_SealInit and cleaned up diff --git a/crypto/skf/Makefile b/crypto/skf/Makefile index c450745e..3fbbc3d6 100644 --- a/crypto/skf/Makefile +++ b/crypto/skf/Makefile @@ -65,6 +65,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @@ -74,7 +76,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff a.out # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/skf/skf.h b/crypto/skf/skf.h index 5e11b404..0925d89a 100644 --- a/crypto/skf/skf.h +++ b/crypto/skf/skf.h @@ -1,6 +1,6 @@ /* crypto/skf/skf.h */ /* ==================================================================== - * Copyright (c) 2014 - 2015 The GmSSL Project. All rights reserved. + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/skf/skf_dev.c b/crypto/skf/skf_dev.c index 7b5b7fb2..2fd067df 100644 --- a/crypto/skf/skf_dev.c +++ b/crypto/skf/skf_dev.c @@ -58,6 +58,7 @@ #define DEV_NAME "pseudo_dev" #define DEV_NAME_LIST DEV_NAME"\0" +SKF_HANDLE skf_dev_handle; ULONG DEVAPI SKF_EnumDev(BOOL bPresent, LPSTR szNameList, @@ -79,11 +80,14 @@ ULONG DEVAPI SKF_EnumDev(BOOL bPresent, ULONG DEVAPI SKF_ConnectDev(LPSTR szName, DEVHANDLE *phDev) { + *phDev = &skf_dev_handle; return SAR_OK; } ULONG DEVAPI SKF_DisConnectDev(DEVHANDLE hDev) { + //FIXME: close all handles + hDev = NULL; return SAR_OK; } @@ -155,4 +159,33 @@ int SKF_print_dev_info(DEVINFO *devInfo) return 1; } +char *SKF_get_alg_name(ULONG ulAlgID) +{ + //FIXME: make these name compatible with OBJ short name + switch (ulAlgID) { + case SGD_SM1_ECB: return "SM1-ECB"; + case SGD_SM1_CBC: return "SM1-CBC"; + case SGD_SM1_CFB: return "SM1-CFB"; + case SGD_SM1_OFB: return "SM1-OFB"; + case SGD_SM1_MAC: return "SM1-MAC"; + case SGD_SM4_ECB: return "SM4-ECB"; + case SGD_SM4_CBC: return "SM4-CBC"; + case SGD_SM4_CFB: return "SM4-CFB"; + case SGD_SM4_OFB: return "SM4-OFB"; + case SGD_SM4_MAC: return "SM4-MAC"; + case SGD_SSF33_ECB: return "SSF33-ECB"; + case SGD_SSF33_CBC: return "SSF33-CBC"; + case SGD_SSF33_CFB: return "SSF33-CFB"; + case SGD_SSF33_OFB: return "SSF33-OFB"; + case SGD_SSF33_MAC: return "SSF33-MAC"; + case SGD_RSA: return "RSA"; + case SGD_SM2_1: return "SM2-1"; + case SGD_SM2_2: return "SM2-2"; + case SGD_SM2_3: return "SM2-3"; + case SGD_SM3: return "SM3"; + case SGD_SHA1: return "SHA-1"; + case SGD_SHA256: return "SHA256"; + } + return "(unknown)"; +} diff --git a/crypto/skf/skf_dgst.c b/crypto/skf/skf_dgst.c index f9dec0d7..c332e32f 100644 --- a/crypto/skf/skf_dgst.c +++ b/crypto/skf/skf_dgst.c @@ -67,7 +67,7 @@ ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev, const EVP_MD *md; EVP_MD_CTX *mdctx = NULL; EC_KEY *ec_key = NULL; - SKF_HANDLE *handle; + SKF_HANDLE *hHash; unsigned char dgst[EVP_MAX_MD_SIZE]; unsigned int dgstlen = 0; @@ -137,17 +137,20 @@ ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev, } } - if (!(handle = SKF_HANDLE_new(SKF_HASH_HANDLE))) { - SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_MALLOC_FAILED); - ret = SAR_MEMORYERR; + + if (!(hHash = OPENSSL_malloc(sizeof(*hHash)))) { + SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_MALLOC_FAILURE); goto end; } - handle->u.md_ctx = mdctx; + bzero(hHash, sizeof(*hHash)); + hHash->magic = SKF_HANDLE_MAGIC; + hHash->type = SKF_HASH_HANDLE; + hHash->u.md_ctx = mdctx; mdctx = NULL; + *phHash = hHash; ret = SAR_OK; - end: EVP_MD_CTX_destroy(mdctx); EC_KEY_free(ec_key); @@ -204,11 +207,8 @@ ULONG DEVAPI SKF_DigestFinal(HANDLE hHash, return SAR_FAIL; } - if (!SKF_HANDLE_free(hHash)) { - SKFerr(SKF_F_SKF_DIGESTFINAL, SKF_R_FREE_HANDLE_FAILED); - return SAR_FAIL; - } - + EVP_MD_CTX_destroy(mdctx); + ((SKF_HANDLE *)hHash)->u.md_ctx = NULL; return SAR_OK; } diff --git a/crypto/skf/skf_ec.c b/crypto/skf/skf_ec.c index 9c3f8c43..b864f628 100644 --- a/crypto/skf/skf_ec.c +++ b/crypto/skf/skf_ec.c @@ -56,6 +56,30 @@ #include #include "skf_lcl.h" +ULONG DEVAPI SKF_GenExtECCKeyPair(DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *priKey, + ECCPUBLICKEYBLOB *pubKey) +{ + ULONG ret = SAR_FAIL; + EC_KEY *ec_key; + + if(!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) { + SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, ERR_R_EC_LIB); + return SAR_FAIL; + } + if (!EC_KEY_get_ECCPRIVATEKEYBLOB(ec_key, priKey)) { + SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, SKF_R_GET_PRIVATE_KEY_FAILED); + goto end; + } + if (!EC_KEY_get_ECCPUBLICKEYBLOB(ec_key, pubKey)) { + SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, SKF_R_GET_PUBLIC_KEY_FAILED); + goto end; + } + ret = SAR_OK; +end: + EC_KEY_free(ec_key); + return ret; +} ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev, ECCPRIVATEKEYBLOB *pECCPriKeyBlob, diff --git a/crypto/skf/skf_enc.c b/crypto/skf/skf_enc.c index 57ef9d0a..17ebcbed 100644 --- a/crypto/skf/skf_enc.c +++ b/crypto/skf/skf_enc.c @@ -59,6 +59,101 @@ #define PADDING_TYPE_NO_PADDING 0 #define PADDING_TYPE_PKCS5 1 +/* +229 typedef struct Struct_BLOCKCIPHERPARAM { +230 BYTE IV[MAX_IV_LEN]; +231 ULONG IVLen; +232 ULONG PaddingType; +233 ULONG FeedBitLen; +234 } BLOCKCIPHERPARAM, *PBLOCKCIPHERPARAM; +*/ + +int SKF_nid_to_encparams(int nid, ULONG *algID, BLOCKCIPHERPARAM *params) +{ + ULONG ulAlgID = 0; + + switch (nid) { + case NID_ssf33_ecb: + ulAlgID = SGD_SSF33_ECB; + break; + case NID_ssf33_cbc: + ulAlgID = SGD_SSF33_CBC; + break; + case NID_ssf33_cfb1: + case NID_ssf33_cfb8: + case NID_ssf33_cfb128: + ulAlgID = SGD_SSF33_CFB; + break; + case NID_ssf33_ofb128: + ulAlgID = SGD_SSF33_OFB; + break; + case NID_sm1_ecb: + ulAlgID = SGD_SM1_ECB; + break; + case NID_sm1_cbc: + ulAlgID = SGD_SM1_CBC; + break; + case NID_sm1_cfb1: + case NID_sm1_cfb8: + case NID_sm1_cfb128: + ulAlgID = SGD_SM1_CFB; + break; + case NID_sm1_ofb128: + ulAlgID = SGD_SM1_OFB; + break; + case NID_sms4_ecb: + ulAlgID = SGD_SM4_ECB; + break; + case NID_sms4_cbc: + ulAlgID = SGD_SM4_CBC; + break; + case NID_sms4_cfb1: + case NID_sms4_cfb8: + case NID_sms4_cfb128: + ulAlgID = SGD_SM4_CFB; + break; + case NID_sms4_ofb128: + ulAlgID = SGD_SM4_OFB; + break; + default: + return 0; + } + + *algID = ulAlgID; + + switch (nid) { + case NID_sm1_cfb1: + case NID_sms4_cfb1: + case NID_ssf33_cfb1: + params->FeedBitLen = 1; + break; + case NID_sm1_cfb8: + case NID_sms4_cfb8: + case NID_ssf33_cfb8: + params->FeedBitLen = 8; + break; + case NID_sm1_cfb128: + case NID_sms4_cfb128: + case NID_ssf33_cfb128: + params->FeedBitLen = 128; + break; + default: + params->FeedBitLen = 0; + } + + switch (nid) { + case NID_sm1_cbc: + case NID_sms4_cbc: + case NID_ssf33_cbc: + params->PaddingType = SKF_PKCS5_PADDING; + break; + default: + params->PaddingType = SKF_NO_PADDING; + } + + return 1; +} + ULONG DEVAPI SKF_EncryptInit(HANDLE hKey, BLOCKCIPHERPARAM encryptParam) @@ -70,25 +165,25 @@ ULONG DEVAPI SKF_EncryptInit(HANDLE hKey, unsigned char *key; unsigned char *iv; - //FIXME: CFB bits! + if (!(cipher = SKF_HANDLE_get_cipher(hKey, encparam))) { + SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_KEY_HANDLE); + return SAR_INVALIDPARAMERR; + } if (!(key = SKF_HANDLE_get_key(hKey))) { SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_KEY_HANDLE); - ret = SAR_INVALIDPARAMERR; - goto end; + return SAR_INVALIDPARAMERR; } if (encparam->IVLen != SMS4_IV_LENGTH) { SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_IV_LENGTH); - ret = SAR_INVALIDPARAMERR; - goto end; + return SAR_INVALIDPARAMERR; } - iv = encparam->IV; if (!(ctx = EVP_CIPHER_CTX_new())) { SKFerr(SKF_F_SKF_ENCRYPTINIT, ERR_R_EVP_LIB); - goto end; + return SAR_INVALIDPARAMERR; } if (!EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) { @@ -96,10 +191,8 @@ ULONG DEVAPI SKF_EncryptInit(HANDLE hKey, goto end; } - if (!SKF_HANDLE_set1_cipher_ctx(hKey, ctx)) { - SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_SET_CIPHER_CTX_FAILED); - goto end; - } + ((SKF_HANDLE *)hKey)->type = SKF_CIPHER_HANDLE; + ((SKF_HANDLE *)hKey)->u.cipher_ctx = ctx; ctx = NULL; ret = SAR_OK; @@ -153,7 +246,9 @@ ULONG DEVAPI SKF_EncryptFinal(HANDLE hKey, } *pulEncryptedDataLen = outlen; - SKF_HANDLE_free_cipher_ctx(hKey); + EVP_CIPHER_CTX_free(ctx); + ((SKF_HANDLE *)hKey)->u.cipher_ctx = NULL; + ((SKF_HANDLE *)hKey)->type = SKF_KEY_HANDLE; return SAR_OK; } @@ -167,18 +262,19 @@ ULONG DEVAPI SKF_DecryptInit(HANDLE hKey, unsigned char *key; unsigned char *iv; + if (!(cipher = SKF_HANDLE_get_cipher(hKey, param))) { + SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_KEY_HANDLE); + return SAR_INVALIDPARAMERR; + } if (!(key = SKF_HANDLE_get_key(hKey))) { SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_KEY_HANDLE); - ret = SAR_INVALIDPARAMERR; - goto end; + return SAR_INVALIDPARAMERR; } - if (param->IVLen != SMS4_IV_LENGTH) { SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_IV_LENGTH); ret = SAR_INVALIDPARAMERR; goto end; } - iv = param->IV; if (!(ctx = EVP_CIPHER_CTX_new())) { @@ -191,10 +287,8 @@ ULONG DEVAPI SKF_DecryptInit(HANDLE hKey, goto end; } - if (!SKF_HANDLE_set1_cipher_ctx(hKey, ctx)) { - SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_SET_CIPHER_CTX_FAILED); - goto end; - } + ((SKF_HANDLE *)hKey)->type = SKF_CIPHER_HANDLE; + ((SKF_HANDLE *)hKey)->u.cipher_ctx = ctx; ctx = NULL; ret = SAR_OK; @@ -248,7 +342,9 @@ ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey, } *pulDecryptedDataLen = len; - SKF_HANDLE_free_cipher_ctx(hKey); + EVP_CIPHER_CTX_free(ctx); + ((SKF_HANDLE *)hKey)->u.cipher_ctx = NULL; + ((SKF_HANDLE *)hKey)->type = SKF_KEY_HANDLE; return SAR_OK; } diff --git a/crypto/skf/skf_err.c b/crypto/skf/skf_err.c index 3306f9e7..1649ae48 100644 --- a/crypto/skf/skf_err.c +++ b/crypto/skf/skf_err.c @@ -89,6 +89,7 @@ static ERR_STRING_DATA SKF_str_functs[] = { {ERR_FUNC(SKF_F_EC_KEY_SET_ECCPUBLICKEYBLOB), "EC_KEY_set_ECCPUBLICKEYBLOB"}, {ERR_FUNC(SKF_F_RSA_GET_RSAPRIVATEKEYBLOB), "RSA_get_RSAPRIVATEKEYBLOB"}, + {ERR_FUNC(SKF_F_RSA_GET_RSAPUBLICKEYBLOB), "RSA_get_RSAPUBLICKEYBLOB"}, {ERR_FUNC(SKF_F_RSA_NEW_FROM_RSAPRIVATEKEYBLOB), "RSA_new_from_RSAPRIVATEKEYBLOB"}, {ERR_FUNC(SKF_F_RSA_NEW_FROM_RSAPUBLICKEYBLOB), @@ -127,6 +128,7 @@ static ERR_STRING_DATA SKF_str_functs[] = { {ERR_FUNC(SKF_F_SKF_EXTECCVERIFY), "SKF_EXTECCVERIFY"}, {ERR_FUNC(SKF_F_SKF_EXTRSAPRIKEYOPERATION), "SKF_EXTRSAPRIKEYOPERATION"}, {ERR_FUNC(SKF_F_SKF_EXTRSAPUBKEYOPERATION), "SKF_EXTRSAPUBKEYOPERATION"}, + {ERR_FUNC(SKF_F_SKF_GENEXTECCKEYPAIR), "SKF_GENEXTECCKEYPAIR"}, {ERR_FUNC(SKF_F_SKF_GENEXTRSAKEY), "SKF_GENEXTRSAKEY"}, {ERR_FUNC(SKF_F_SKF_GENRANDOM), "SKF_GENRANDOM"}, {ERR_FUNC(SKF_F_SKF_GETDEVINFO), "SKF_GETDEVINFO"}, @@ -134,7 +136,9 @@ static ERR_STRING_DATA SKF_str_functs[] = { {ERR_FUNC(SKF_F_SKF_GETFILEINFO), "SKF_GETFILEINFO"}, {ERR_FUNC(SKF_F_SKF_GETPININFO), "SKF_GETPININFO"}, {ERR_FUNC(SKF_F_SKF_HANDLE_GET_CBCMAC_CTX), "SKF_HANDLE_GET_CBCMAC_CTX"}, + {ERR_FUNC(SKF_F_SKF_HANDLE_GET_CIPHER), "SKF_HANDLE_GET_CIPHER"}, {ERR_FUNC(SKF_F_SKF_HANDLE_GET_CIPHER_CTX), "SKF_HANDLE_GET_CIPHER_CTX"}, + {ERR_FUNC(SKF_F_SKF_HANDLE_GET_KEY), "SKF_HANDLE_GET_KEY"}, {ERR_FUNC(SKF_F_SKF_HANDLE_GET_MD_CTX), "SKF_HANDLE_GET_MD_CTX"}, {ERR_FUNC(SKF_F_SKF_LOCKDEV), "SKF_LOCKDEV"}, {ERR_FUNC(SKF_F_SKF_MAC), "SKF_MAC"}, @@ -171,11 +175,15 @@ static ERR_STRING_DATA SKF_str_reasons[] = { {ERR_REASON(SKF_R_DECRYPT_FAILED), "decrypt failed"}, {ERR_REASON(SKF_R_ENCODE_CIPHERTEXT_FAILED), "encode ciphertext failed"}, {ERR_REASON(SKF_R_ENCODE_FAILED), "encode failed"}, + {ERR_REASON(SKF_R_ENCODE_RSA_PUBLIC_KEY_FAILED), + "encode rsa public key failed"}, {ERR_REASON(SKF_R_ENCODE_SIGNATURE_FAILED), "encode signature failed"}, {ERR_REASON(SKF_R_ENCRYPT_FAILED), "encrypt failed"}, {ERR_REASON(SKF_R_FAIL), "fail"}, {ERR_REASON(SKF_R_FREE_HANDLE_FAILED), "free handle failed"}, {ERR_REASON(SKF_R_GEN_RSA_FAILED), "gen rsa failed"}, + {ERR_REASON(SKF_R_GET_PRIVATE_KEY_FAILED), "get private key failed"}, + {ERR_REASON(SKF_R_GET_PUBLIC_KEY_FAILED), "get public key failed"}, {ERR_REASON(SKF_R_INVALID_ALGID), "invalid algid"}, {ERR_REASON(SKF_R_INVALID_ALGOR), "invalid algor"}, {ERR_REASON(SKF_R_INVALID_APP_HANDLE), "invalid app handle"}, @@ -194,7 +202,9 @@ static ERR_STRING_DATA SKF_str_reasons[] = { {ERR_REASON(SKF_R_INVALID_EC_KEY), "invalid ec key"}, {ERR_REASON(SKF_R_INVALID_EC_PRIVATE_KEY), "invalid ec private key"}, {ERR_REASON(SKF_R_INVALID_EC_PUBLIC_KEY), "invalid ec public key"}, + {ERR_REASON(SKF_R_INVALID_FEED_BIT_LENGTH), "invalid feed bit length"}, {ERR_REASON(SKF_R_INVALID_HANDLE), "invalid handle"}, + {ERR_REASON(SKF_R_INVALID_HANDLE_ALGOR), "invalid handle algor"}, {ERR_REASON(SKF_R_INVALID_HANDLE_MAGIC), "invalid handle magic"}, {ERR_REASON(SKF_R_INVALID_HANDLE_TYPE), "invalid handle type"}, {ERR_REASON(SKF_R_INVALID_HASH_HANDLE), "invalid hash handle"}, @@ -208,6 +218,7 @@ static ERR_STRING_DATA SKF_str_reasons[] = { {ERR_REASON(SKF_R_INVALID_PRIVATE_KEY), "invalid private key"}, {ERR_REASON(SKF_R_INVALID_PUBLIC_KEY), "invalid public key"}, {ERR_REASON(SKF_R_INVALID_RANDOM_LENGTH), "invalid random length"}, + {ERR_REASON(SKF_R_INVALID_RSA_KEY_LENGTH), "invalid rsa key length"}, {ERR_REASON(SKF_R_INVALID_RSA_PRIVATE_KEY), "invalid rsa private key"}, {ERR_REASON(SKF_R_INVALID_RSA_PUBLIC_KEY), "invalid rsa public key"}, {ERR_REASON(SKF_R_INVALID_SIGNATURE), "invalid signature"}, diff --git a/crypto/skf/skf_errstr.c b/crypto/skf/skf_errstr.c index ce971be1..fe25bedc 100644 --- a/crypto/skf/skf_errstr.c +++ b/crypto/skf/skf_errstr.c @@ -115,10 +115,10 @@ char *SKF_get_errstr(ULONG ulError) int i; for (i = 0; i < sizeof(skf_errstr)/sizeof(skf_errstr[0]); i++) { if (ulError == skf_errstr[i].err_no) { - return (LPSTR)skf_errstr[i].err_str; + return skf_errstr[i].err_str; } } - return (LPSTR)"(undef)"; + return "(undef)"; } diff --git a/crypto/skf/skf_ex.h b/crypto/skf/skf_ex.h index 3e7a4693..f9ff759b 100644 --- a/crypto/skf/skf_ex.h +++ b/crypto/skf/skf_ex.h @@ -65,7 +65,9 @@ extern "C" { #endif int SKF_print_dev_info(DEVINFO *devInfo); +char *SKF_get_alg_name(ULONG ulAlgID); char *SKF_get_errstr(ULONG ulError); +int SKF_nid_to_encparams(int nid, ULONG *algID, BLOCKCIPHERPARAM *params); RSA *RSA_new_from_RSAPUBLICKEYBLOB(const RSAPUBLICKEYBLOB *blob); RSA *RSA_new_from_RSAPRIVATEKEYBLOB(const RSAPRIVATEKEYBLOB *blob); @@ -74,6 +76,10 @@ int RSA_get_RSAPUBLICKEYBLOB(RSA *rsa, RSAPUBLICKEYBLOB *blob); int RSA_set_RSAPRIVATEKEYBLOB(RSA *rsa, const RSAPRIVATEKEYBLOB *blob); int RSA_get_RSAPRIVATEKEYBLOB(RSA *rsa, RSAPRIVATEKEYBLOB *blob); +ULONG DEVAPI SKF_GenExtECCKeyPair(DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *priKey, + ECCPUBLICKEYBLOB *pubKey); + EC_KEY *EC_KEY_new_from_ECCPUBLICKEYBLOB(const ECCPUBLICKEYBLOB *blob); EC_KEY *EC_KEY_new_from_ECCPRIVATEKEYBLOB(const ECCPRIVATEKEYBLOB *blob); int EC_KEY_set_ECCPUBLICKEYBLOB(EC_KEY *ec_key, const ECCPUBLICKEYBLOB *blob); @@ -110,6 +116,7 @@ void ERR_load_SKF_strings(void); # define SKF_F_EC_KEY_SET_ECCPRIVATEKEYBLOB 157 # define SKF_F_EC_KEY_SET_ECCPUBLICKEYBLOB 158 # define SKF_F_RSA_GET_RSAPRIVATEKEYBLOB 169 +# define SKF_F_RSA_GET_RSAPUBLICKEYBLOB 173 # define SKF_F_RSA_NEW_FROM_RSAPRIVATEKEYBLOB 163 # define SKF_F_RSA_NEW_FROM_RSAPUBLICKEYBLOB 164 # define SKF_F_RSA_SET_RSAPRIVATEKEYBLOB 170 @@ -146,6 +153,7 @@ void ERR_load_SKF_strings(void); # define SKF_F_SKF_EXTECCVERIFY 151 # define SKF_F_SKF_EXTRSAPRIKEYOPERATION 166 # define SKF_F_SKF_EXTRSAPUBKEYOPERATION 167 +# define SKF_F_SKF_GENEXTECCKEYPAIR 174 # define SKF_F_SKF_GENEXTRSAKEY 132 # define SKF_F_SKF_GENRANDOM 133 # define SKF_F_SKF_GETDEVINFO 116 @@ -153,7 +161,9 @@ void ERR_load_SKF_strings(void); # define SKF_F_SKF_GETFILEINFO 118 # define SKF_F_SKF_GETPININFO 119 # define SKF_F_SKF_HANDLE_GET_CBCMAC_CTX 140 +# define SKF_F_SKF_HANDLE_GET_CIPHER 171 # define SKF_F_SKF_HANDLE_GET_CIPHER_CTX 141 +# define SKF_F_SKF_HANDLE_GET_KEY 172 # define SKF_F_SKF_HANDLE_GET_MD_CTX 142 # define SKF_F_SKF_LOCKDEV 120 # define SKF_F_SKF_MAC 168 @@ -183,11 +193,14 @@ void ERR_load_SKF_strings(void); # define SKF_R_DECRYPT_FAILED 133 # define SKF_R_ENCODE_CIPHERTEXT_FAILED 134 # define SKF_R_ENCODE_FAILED 114 +# define SKF_R_ENCODE_RSA_PUBLIC_KEY_FAILED 162 # define SKF_R_ENCODE_SIGNATURE_FAILED 135 # define SKF_R_ENCRYPT_FAILED 136 # define SKF_R_FAIL 104 # define SKF_R_FREE_HANDLE_FAILED 128 # define SKF_R_GEN_RSA_FAILED 115 +# define SKF_R_GET_PRIVATE_KEY_FAILED 164 +# define SKF_R_GET_PUBLIC_KEY_FAILED 165 # define SKF_R_INVALID_ALGID 122 # define SKF_R_INVALID_ALGOR 156 # define SKF_R_INVALID_APP_HANDLE 105 @@ -206,7 +219,9 @@ void ERR_load_SKF_strings(void); # define SKF_R_INVALID_EC_KEY 151 # define SKF_R_INVALID_EC_PRIVATE_KEY 145 # define SKF_R_INVALID_EC_PUBLIC_KEY 146 +# define SKF_R_INVALID_FEED_BIT_LENGTH 160 # define SKF_R_INVALID_HANDLE 107 +# define SKF_R_INVALID_HANDLE_ALGOR 161 # define SKF_R_INVALID_HANDLE_MAGIC 125 # define SKF_R_INVALID_HANDLE_TYPE 126 # define SKF_R_INVALID_HASH_HANDLE 127 @@ -220,6 +235,7 @@ void ERR_load_SKF_strings(void); # define SKF_R_INVALID_PRIVATE_KEY 152 # define SKF_R_INVALID_PUBLIC_KEY 153 # define SKF_R_INVALID_RANDOM_LENGTH 119 +# define SKF_R_INVALID_RSA_KEY_LENGTH 163 # define SKF_R_INVALID_RSA_PRIVATE_KEY 158 # define SKF_R_INVALID_RSA_PUBLIC_KEY 159 # define SKF_R_INVALID_SIGNATURE 148 diff --git a/crypto/skf/skf_handle.c b/crypto/skf/skf_handle.c index 5d280564..c43be96c 100644 --- a/crypto/skf/skf_handle.c +++ b/crypto/skf/skf_handle.c @@ -54,21 +54,84 @@ #include #include "skf_lcl.h" - -EVP_MD_CTX *SKF_HANDLE_get_md_ctx(SKF_HANDLE *handle) +unsigned char *SKF_HANDLE_get_key(HANDLE hKey) { - EVP_MD_CTX *ret; + SKF_HANDLE *handle; - if (!handle) { - SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_NULL_ARGUMENT); + if (!(handle = (SKF_HANDLE *)hKey)) { + SKFerr(SKF_F_SKF_HANDLE_GET_KEY, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (handle->magic != SKF_HANDLE_MAGIC) { + SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_HANDLE_MAGIC); + return NULL; + } + if (handle->type < SKF_KEY_HANDLE) { + SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_HANDLE_TYPE); return NULL; } + switch (handle->algid) { + case SGD_SM4_ECB: + case SGD_SM4_CBC: + case SGD_SM4_CFB: + case SGD_SM4_OFB: + case SGD_SM4_MAC: + break; + default: + SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_ALGOR); + return NULL; + } + + if (!handle->keylen) { + SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_KEY_HANDLE); + return NULL; + } + return handle->key; +} + +const EVP_CIPHER *SKF_HANDLE_get_cipher(HANDLE hKey, BLOCKCIPHERPARAM *param) +{ + SKF_HANDLE *handle = (SKF_HANDLE *)hKey; + if (!SKF_HANDLE_get_key(hKey)) { + SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_KEY_HANDLE); + return NULL; + } + + switch (handle->algid) { + case SGD_SM4_ECB: + return EVP_sms4_ecb(); + case SGD_SM4_CBC: + return EVP_sms4_cbc(); + case SGD_SM4_OFB: + return EVP_sms4_ofb(); + case SGD_SM4_CFB: + switch (param->FeedBitLen) { + case 1: return EVP_sms4_cfb1(); + case 8: return EVP_sms4_cfb8(); + case 128: return EVP_sms4_cfb128(); + } + SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_FEED_BIT_LENGTH); + return NULL; + } + + SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_HANDLE_ALGOR); + return NULL; +} + +EVP_MD_CTX *SKF_HANDLE_get_md_ctx(HANDLE hHash) +{ + EVP_MD_CTX *ret; + SKF_HANDLE *handle; + + if (!(handle = (SKF_HANDLE *)hHash)) { + SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } if (handle->magic != SKF_HANDLE_MAGIC) { SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_INVALID_HANDLE_MAGIC); return NULL; } - if (handle->type != SKF_HASH_HANDLE) { SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_INVALID_HANDLE_TYPE); return NULL; @@ -78,24 +141,22 @@ EVP_MD_CTX *SKF_HANDLE_get_md_ctx(SKF_HANDLE *handle) SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_CTX_NOT_CREATED); return NULL; } - return ret; } -CBCMAC_CTX *SKF_HANDLE_get_cbcmac_ctx(SKF_HANDLE *handle) +CBCMAC_CTX *SKF_HANDLE_get_cbcmac_ctx(HANDLE hMac) { CBCMAC_CTX *ret; + SKF_HANDLE *handle; - if (!handle) { - SKFerr(SKF_F_SKF_HANDLE_GET_CBCMAC_CTX, SKF_R_NULL_ARGUMENT); + if (!(handle = (SKF_HANDLE *)hMac)) { + SKFerr(SKF_F_SKF_HANDLE_GET_CBCMAC_CTX, ERR_R_PASSED_NULL_PARAMETER); return NULL; } - if (handle->magic != SKF_HANDLE_MAGIC) { SKFerr(SKF_F_SKF_HANDLE_GET_CBCMAC_CTX, SKF_R_INVALID_HANDLE_MAGIC); return NULL; } - if (handle->type != SKF_MAC_HANDLE) { SKFerr(SKF_F_SKF_HANDLE_GET_CBCMAC_CTX, SKF_R_INVALID_HANDLE_TYPE); return NULL; @@ -105,24 +166,22 @@ CBCMAC_CTX *SKF_HANDLE_get_cbcmac_ctx(SKF_HANDLE *handle) SKFerr(SKF_F_SKF_HANDLE_GET_CBCMAC_CTX, SKF_R_CTX_NOT_CREATED); return NULL; } - return ret; } -EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(SKF_HANDLE *handle) +EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(HANDLE hKey) { EVP_CIPHER_CTX *ret; + SKF_HANDLE *handle; - if (!handle) { - SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_NULL_ARGUMENT); + if (!(handle = (SKF_HANDLE *)hKey)) { + SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, ERR_R_PASSED_NULL_PARAMETER); return NULL; } - if (handle->magic != SKF_HANDLE_MAGIC) { SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_INVALID_HANDLE_MAGIC); return NULL; } - if (handle->type != SKF_CIPHER_HANDLE) { SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_INVALID_HANDLE_TYPE); return NULL; @@ -132,44 +191,28 @@ EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(SKF_HANDLE *handle) SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_CTX_NOT_CREATED); return NULL; } - return ret; } -int SKF_HANDLE_free_cipher_ctx(SKF_HANDLE *handle) +int SKF_HANDLE_free(HANDLE handle) { return 0; } -int SKF_HANDLE_free(SKF_HANDLE *handle) -{ - return 0; -} -unsigned char *SKF_HANDLE_get_key(SKF_HANDLE *handle) +HANDLE SKF_HANDLE_new(int type) { + return NULL; } -SKF_HANDLE *SKF_HANDLE_new(int type) -{ - return NULL; -} - -int SKF_HANDLE_set1_cipher_ctx(SKF_HANDLE *handle, EVP_CIPHER_CTX *ctx) -{ - return 0; -} - - - ULONG DEVAPI SKF_CloseHandle(HANDLE hHandle) { SKF_HANDLE *handle; + return SAR_OK; //FIXME: if (!(handle = (SKF_HANDLE *)hHandle)) { - SKFerr(SKF_F_SKF_CLOSEHANDLE, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; + return SAR_OK; } if (handle->magic != SKF_HANDLE_MAGIC) { diff --git a/crypto/skf/skf_lcl.h b/crypto/skf/skf_lcl.h index 6343b7cd..34fff5fb 100644 --- a/crypto/skf/skf_lcl.h +++ b/crypto/skf/skf_lcl.h @@ -83,15 +83,13 @@ struct SKF_HANDLE { typedef struct SKF_HANDLE SKF_HANDLE; -SKF_HANDLE *SKF_HANDLE_new(int type); -EVP_MD_CTX *SKF_HANDLE_get_md_ctx(SKF_HANDLE *hHash); -CBCMAC_CTX *SKF_HANDLE_get_cbcmac_ctx(SKF_HANDLE *hMac); -EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(SKF_HANDLE *hKey); -unsigned char *SKF_HANDLE_get_key(SKF_HANDLE *hKey); -int SKF_HANDLE_set1_md_ctx(SKF_HANDLE *hHash, EVP_MD_CTX *ctx); -int SKF_HANDLE_set1_cbcmac_ctx(SKF_HANDLE *hMac, CBCMAC_CTX *ctx); -int SKF_HANDLE_set1_cipher_ctx(SKF_HANDLE *hKey, EVP_CIPHER_CTX *ctx); -int SKF_HANDLE_free(SKF_HANDLE *handle); +EVP_MD_CTX *SKF_HANDLE_get_md_ctx(HANDLE hHash); +CBCMAC_CTX *SKF_HANDLE_get_cbcmac_ctx(HANDLE hMac); +const EVP_CIPHER *SKF_HANDLE_get_cipher(HANDLE hKey, BLOCKCIPHERPARAM *param); +EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(HANDLE hKey); +unsigned char *SKF_HANDLE_get_key(HANDLE hKey); + + #ifdef __cplusplus diff --git a/crypto/skf/skf_mac.c b/crypto/skf/skf_mac.c index 3b2cbf49..53670001 100644 --- a/crypto/skf/skf_mac.c +++ b/crypto/skf/skf_mac.c @@ -61,7 +61,6 @@ ULONG DEVAPI SKF_MacInit(HANDLE hKey, BLOCKCIPHERPARAM *pMacParam, HANDLE *phMac) { - int ok = 0; SKF_HANDLE *key; SKF_HANDLE *hMac = NULL; const EVP_CIPHER *cipher; @@ -71,14 +70,14 @@ ULONG DEVAPI SKF_MacInit(HANDLE hKey, return SAR_INVALIDPARAMERR; } - OPENSSL_assert(!pMacParam); + //TODO: check pMacParam if (key->magic != SKF_HANDLE_MAGIC) { SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_HANDLE_MAGIC); return SAR_INVALIDPARAMERR; } - if (key->type <= SKF_KEY_HANDLE) { + if (key->type < SKF_KEY_HANDLE) { SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_KEY_HANDLE); return SAR_INVALIDPARAMERR; } @@ -142,17 +141,20 @@ ULONG DEVAPI SKF_MacFinal(HANDLE hMac, ULONG *pulMacDataLen) { CBCMAC_CTX *ctx; + size_t size; if (!(ctx = SKF_HANDLE_get_cbcmac_ctx(hMac))) { SKFerr(SKF_F_SKF_MACFINAL, SKF_R_INVALID_MAC_HANDLE); return SAR_INVALIDPARAMERR; } - if (!CBCMAC_Final(ctx, pbMacData, pulMacDataLen)) { + size = *pulMacDataLen; + if (!CBCMAC_Final(ctx, pbMacData, &size)) { SKFerr(SKF_F_SKF_MACFINAL, ERR_R_CBCMAC_LIB); return SAR_FAIL; } + *pulMacDataLen = (ULONG)size; return SAR_OK; } diff --git a/crypto/skf/skf_rsa.c b/crypto/skf/skf_rsa.c index cd17220f..b6c048db 100644 --- a/crypto/skf/skf_rsa.c +++ b/crypto/skf/skf_rsa.c @@ -54,8 +54,7 @@ #include #include #include "skf_lcl.h" - -#if 0 +#if 1 ULONG DEVAPI SKF_GenExtRSAKey(DEVHANDLE hDev, ULONG ulBitsLen, RSAPRIVATEKEYBLOB *pBlob) @@ -226,104 +225,101 @@ ULONG DEVAPI SKF_RSAVerify(DEVHANDLE hDev, RSA *RSA_new_from_RSAPUBLICKEYBLOB(const RSAPUBLICKEYBLOB *blob) { RSA *ret; - if (!(ret = RSA_new())) { SKFerr(SKF_F_RSA_NEW_FROM_RSAPUBLICKEYBLOB, ERR_R_RSA_LIB); return NULL; } - if (!RSA_set_RSAPUBLICKEYBLOB(ret, blob)) { SKFerr(SKF_F_RSA_NEW_FROM_RSAPUBLICKEYBLOB, SKF_R_INVALID_RSA_PUBLIC_KEY); RSA_free(ret); return NULL; } - return ret; } RSA *RSA_new_from_RSAPRIVATEKEYBLOB(const RSAPRIVATEKEYBLOB *blob) { RSA *ret; - if (!(ret = RSA_new())) { SKFerr(SKF_F_RSA_NEW_FROM_RSAPRIVATEKEYBLOB, ERR_R_RSA_LIB); return NULL; } - if (!RSA_set_RSAPRIVATEKEYBLOB(ret, blob)) { SKFerr(SKF_F_RSA_NEW_FROM_RSAPRIVATEKEYBLOB, SKF_R_INVALID_RSA_PRIVATE_KEY); RSA_free(ret); return NULL; } - return ret; } int RSA_set_RSAPUBLICKEYBLOB(RSA *rsa, const RSAPUBLICKEYBLOB *blob) { - int ret = 0; - if (!rsa || !blob) { - SKFerr(SKF_F_RSA_SET_RSAPUBLICKEYBLOB, SKF_R_NULL_ARGUMENT); + SKFerr(SKF_F_RSA_SET_RSAPUBLICKEYBLOB, + ERR_R_PASSED_NULL_PARAMETER); return 0; } - - if (!(rsa->n = BN_bin2bn(blob->Modulus, blob->BitLen/8, rsa->n))) { - goto end; + if ((blob->BitLen < 1024) || (blob->BitLen > MAX_RSA_MODULUS_LEN*8) || + (blob->BitLen / 8 != 0)) { + SKFerr(SKF_F_RSA_SET_RSAPUBLICKEYBLOB, SKF_R_INVALID_RSA_KEY_LENGTH); + return 0; } - - if (!(rsa->e = BN_bin2bn(blob->PublicExponent, blob->BitLen/8, rsa->e))) { - goto end; + if (!(rsa->n = BN_bin2bn(blob->Modulus, blob->BitLen/8, rsa->n))) { + SKFerr(SKF_F_RSA_SET_RSAPUBLICKEYBLOB, SKF_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + if (!(rsa->e = BN_bin2bn(blob->PublicExponent, MAX_RSA_EXPONENT_LEN, rsa->e))) { + SKFerr(SKF_F_RSA_SET_RSAPUBLICKEYBLOB, SKF_R_INVALID_RSA_PUBLIC_KEY); + return 0; } if (!RSA_check_key(rsa)) { - goto end; + SKFerr(SKF_F_RSA_SET_RSAPUBLICKEYBLOB, SKF_R_INVALID_RSA_PUBLIC_KEY); + return 0; } - -end: - return ret; + return 1; } int RSA_get_RSAPUBLICKEYBLOB(RSA *rsa, RSAPUBLICKEYBLOB *blob) { - int ret = 0; int nbytes; - + if (!rsa || !blob) { + SKFerr(SKF_F_RSA_GET_RSAPUBLICKEYBLOB, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } if (!rsa->n || !rsa->e) { - goto end; + SKFerr(SKF_F_RSA_GET_RSAPUBLICKEYBLOB, + SKF_R_INVALID_RSA_PUBLIC_KEY); + return 0; } - nbytes = BN_num_bytes(rsa->n); - - if (!BN_bn2bin(rsa->n, blob->Modulus + bnlen - BN_num_bytes(rsa->n)) || - !BN_bn2bin(rsa->e, blob->PublicExponent + bnlen - BN_num_bytes(rsa->e))) { + if (!BN_bn2bin(rsa->n, blob->Modulus) || !BN_bn2bin(rsa->e, + blob->PublicExponent + MAX_RSA_EXPONENT_LEN - BN_num_bytes(rsa->e))) { + SKFerr(SKF_F_RSA_GET_RSAPUBLICKEYBLOB, + SKF_R_ENCODE_RSA_PUBLIC_KEY_FAILED); + return 0; } - - return ret; + return 1; } - int RSA_set_RSAPRIVATEKEYBLOB(RSA *rsa, const RSAPRIVATEKEYBLOB *blob) { - int ret = 0; int nbytes; - if (!rsa || !blob) { - SKFerr(SKF_F_RSA_SET_RSAPRIVATEKEYBLOB, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; + SKFerr(SKF_F_RSA_SET_RSAPRIVATEKEYBLOB, + ERR_R_PASSED_NULL_PARAMETER); + return 0; } - if (blob->AlgID != SGD_RSA) { - SKFerr(SKF_F_RSA_SET_RSAPRIVATEKEYBLOB, SKR_R_INVALID_ALGOR); - return SAR_INVALIDPARAMERR; + SKFerr(SKF_F_RSA_SET_RSAPRIVATEKEYBLOB, SKF_R_INVALID_ALGOR); + return 0; } - if ((blob->BitLen < 1024) || (blob->BitLen > MAX_RSA_MODULUS_LEN*8) || (blob->BitLen % 8 != 0) || (blob->BitLen % 16 != 0)) { - SKFerr(SKF_F_RSA_SET_RSAPRIVATEKEYBLOB, SKR_R_INVALID_KEY_LENGTH); - return SAR_INVALIDPARAMERR; + SKFerr(SKF_F_RSA_SET_RSAPRIVATEKEYBLOB, SKF_R_INVALID_KEY_LENGTH); + return 0; } nbytes = blob->BitLen/8; - if (!(rsa->n = BN_bin2bn(blob->Modulus, nbytes, rsa->n)) || !(rsa->e = BN_bin2bn(blob->PublicExponent, MAX_RSA_EXPONENT_LEN, rsa->e)) || !(rsa->d = BN_bin2bn(blob->PrivateExponent, nbytes, rsa->d)) || @@ -332,26 +328,24 @@ int RSA_set_RSAPRIVATEKEYBLOB(RSA *rsa, const RSAPRIVATEKEYBLOB *blob) !(rsa->dmp1 = BN_bin2bn(blob->Prime1Exponent, nbytes/2, rsa->dmp1)) || !(rsa->dmq1 = BN_bin2bn(blob->Prime2Exponent, nbytes/2, rsa->dmq1)) || !(rsa->iqmp = BN_bin2bn(blob->Coefficient, nbytes/2, rsa->iqmp))) { - - SKFerr(SKF_F_RSA_SET_RSAPRIVATEKEYBLOB, SKR_R_INVALID_RSA_PRIVATE_KEY); - return SAR_INVALIDPARAMERR; + SKFerr(SKF_F_RSA_SET_RSAPRIVATEKEYBLOB, SKF_R_INVALID_RSA_PRIVATE_KEY); + return 0; } - - return SAR_OK; + return 1; } int RSA_get_RSAPRIVATEKEYBLOB(RSA *rsa, RSAPRIVATEKEYBLOB *blob) { int nbytes; if (!rsa || !blob) { - SKFerr(SKF_F_RSA_GET_RSAPRIVATEKEYBLOB, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; + SKFerr(SKF_F_RSA_GET_RSAPRIVATEKEYBLOB, + ERR_R_PASSED_NULL_PARAMETER); + return 0; } - if (!rsa->n || !rsa->e || !rsa->d || !rsa->p || !rsa->q || - !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) + !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { SKFerr(SKF_F_RSA_GET_RSAPRIVATEKEYBLOB, SKF_R_INVALID_RSA_PRIVATE_KEY); - return SAR_INVALIDPARAMERR; + return 0; } bzero(blob, sizeof(*blob)); @@ -367,11 +361,10 @@ int RSA_get_RSAPRIVATEKEYBLOB(RSA *rsa, RSAPRIVATEKEYBLOB *blob) !BN_bn2bin(rsa->dmp1, blob->Prime1Exponent + nbytes/2 - BN_num_bytes(rsa->dmp1)) || !BN_bn2bin(rsa->dmq1, blob->Prime2Exponent + nbytes/2 - BN_num_bytes(rsa->dmq1)) || !BN_bn2bin(rsa->iqmp, blob->Coefficient + nbytes/2 - BN_num_bytes(rsa->iqmp))) { - SKFerr(SKF_F_RSA_GET_RSAPRIVATEKEYBLOB, SKF_R_INVALID_RSA_PRIVATE_KEY); - return SAR_INVALIDPARAMERR; + return 0; } - return SAR_OK; + return 1; } #endif diff --git a/crypto/skf/skftest.c b/crypto/skf/skftest.c new file mode 100644 index 00000000..dfe14722 --- /dev/null +++ b/crypto/skf/skftest.c @@ -0,0 +1,383 @@ +/* crypto/skf/skftest.c */ +/* ==================================================================== + * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include +#include +#include + +#define PRINT_ERRSTR(rv) \ + fprintf(stderr, "error: %s %d: %s\n", __FILE__, __LINE__, SKF_get_errstr(rv)) + +DEVHANDLE open_dev(LPSTR devName, int verbose) +{ + DEVHANDLE hDev; + ULONG rv; + + if ((rv = SKF_ConnectDev(devName, &hDev)) != SAR_OK) { + PRINT_ERRSTR(rv); + return NULL; + } + + if (verbose > 1) { + DEVINFO devInfo; + if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) { + PRINT_ERRSTR(rv); + SKF_DisConnectDev(hDev); + return NULL; + } + SKF_print_dev_info(&devInfo); + } + + return hDev; +} + +int test_skf_mac(DEVHANDLE hDev, ULONG ulAlgID, int verbose) +{ + int ret = 0; + HANDLE hKey = NULL; + HANDLE hMac = NULL; + BLOCKCIPHERPARAM param; + BYTE key[EVP_MAX_KEY_LENGTH]; + BYTE data[128] = {0}; + BYTE mac[EVP_MAX_MD_SIZE]; + ULONG dataLen, macLen; + ULONG rv; + + if ((rv = SKF_SetSymmKey(hDev, key, ulAlgID, &hKey)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + bzero(¶m, sizeof(param)); + param.IVLen = 0; + param.PaddingType = SKF_NO_PADDING; + if ((rv = SKF_MacInit(hKey, ¶m, &hMac)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + dataLen = (ULONG)sizeof(data); + macLen = (ULONG)sizeof(mac); + if ((rv = SKF_Mac(hMac, data, dataLen, mac, &macLen)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + if (macLen != 16) { + printf("macLen = %d\n", (int)macLen); + fprintf(stderr, "error: %s %d: %s\n", __FILE__, __LINE__, "mac length != 16"); + goto end; + } + + ret = 1; +end: + if ((rv = SKF_CloseHandle(hMac)) != SAR_OK) { + PRINT_ERRSTR(rv); + ret = 0; + } + if ((rv = SKF_CloseHandle(hKey)) != SAR_OK) { + PRINT_ERRSTR(rv); + ret = 0; + } + + if (ret && verbose) { + printf("%s(%s) passed\n", __FUNCTION__, SKF_get_alg_name(ulAlgID)); + } + + return ret; +} + +int test_skf_dgst(DEVHANDLE hDev, ULONG ulAlgID, int verbose) +{ + int ret = 0; + HANDLE hHash = NULL; + BYTE data[200] = {0}; + BYTE dgst[EVP_MAX_MD_SIZE]; + ULONG dataLen, dgstLen; + ULONG rv; + + if ((rv = SKF_DigestInit(hDev, ulAlgID, NULL, NULL, 0, &hHash)) != SAR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + dataLen = (ULONG)sizeof(data); + dgstLen = (ULONG)sizeof(dgst); + if ((rv = SKF_Digest(hHash, data, dataLen, dgst, &dgstLen)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + if (verbose > 1) { + ULONG i; + printf("%s (%u-Byte) = ", SKF_get_alg_name(ulAlgID), dgstLen); + for (i = 0; i < dgstLen; i++) { + printf("%02x", dgst[i]); + } + printf("\n"); + } + + ret = 1; +end: + if ((rv = SKF_CloseHandle(hHash)) != SAR_OK) { + PRINT_ERRSTR(rv); + ret = 0; + } + if (ret && verbose) { + printf("%s(%s) passed\n", __FUNCTION__, SKF_get_alg_name(ulAlgID)); + } + + return ret; +} + +int test_skf_enc(DEVHANDLE hDev, ULONG ulAlgID, BLOCKCIPHERPARAM param, int verbose) +{ + int ret = 0; + HANDLE hKey = NULL; + BYTE key[EVP_MAX_KEY_LENGTH]; + BYTE data[] = "message to be encrypted"; + BYTE cbuf[256]; + BYTE mbuf[256]; + ULONG mlen, clen; + ULONG rv; + + if ((rv = SKF_SetSymmKey(hDev, key, ulAlgID, &hKey)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + if ((rv = SKF_EncryptInit(hKey, param)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + mlen = (ULONG)sizeof(data); + clen = (ULONG)sizeof(cbuf); + if ((rv = SKF_Encrypt(hKey, data, mlen, cbuf, &clen)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + if ((rv = SKF_DecryptInit(hKey, param)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + mlen = (ULONG)sizeof(mbuf); + if ((rv = SKF_Decrypt(hKey, cbuf, clen, mbuf, &mlen)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + //FIXME: compare data with mbuf + + if (verbose > 1) { + //FIXME: print ciphertext + } + + ret = 1; +end: + if ((rv = SKF_CloseHandle(hKey)) != SAR_OK) { + PRINT_ERRSTR(rv); + ret = 0; + } + if (ret && verbose) { + //FIXME: print success info + } + + return ret; +} + +int test_skf_rsa(DEVHANDLE hDev, ULONG ulBitsLen, int verbose) +{ + int ret = 0; + RSAPRIVATEKEYBLOB rsa; + RSAPUBLICKEYBLOB rsaPubKey; + BYTE data[] = "message to be encrypted or signed"; + BYTE cbuf[512]; + BYTE mbuf[256]; + BYTE sig[512]; + ULONG len, clen, mlen, siglen; + ULONG rv; + + if ((rv = SKF_GenExtRSAKey(hDev, 2048, &rsa)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + memcpy(&rsaPubKey, &rsa, sizeof(rsaPubKey)); + + len = (ULONG)sizeof(data); + clen = (ULONG)sizeof(cbuf); + if ((rv = SKF_ExtRSAPubKeyOperation(hDev, &rsaPubKey, data, len, cbuf, &clen)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + mlen = (ULONG)sizeof(mbuf); + if ((rv = SKF_ExtRSAPriKeyOperation(hDev, &rsa, cbuf, clen, mbuf, &mlen)) != SAR_OK) { + PRINT_ERRSTR(rv); + goto end; + } + + ret = 1; +end: + return 0; +} + +int test_skf_ec(DEVHANDLE hDev, int verbose) +{ + ECCPRIVATEKEYBLOB priKey; + ECCPUBLICKEYBLOB pubKey; + ECCSIGNATUREBLOB sig; + BYTE cbuf[sizeof(ECCCIPHERBLOB) + 512]; + BYTE msg[] = "message to be signed and encrypted"; + BYTE mbuf[128]; + ULONG mlen, clen; + ULONG rv; + + bzero(&priKey, sizeof(priKey)); + bzero(&pubKey, sizeof(pubKey)); + if ((rv = SKF_GenExtECCKeyPair(hDev, &priKey, &pubKey)) != SAR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + mlen = (ULONG)sizeof(msg); + bzero(&sig, sizeof(sig)); + if ((rv = SKF_ExtECCSign(hDev, &priKey, msg, mlen, &sig)) != SAR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + if ((rv = SKF_ExtECCVerify(hDev, &pubKey, msg, mlen, &sig)) != SAR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + mlen = (ULONG)sizeof(msg); + bzero(cbuf, sizeof(cbuf)); + if ((rv = SKF_ExtECCEncrypt(hDev, &pubKey, msg, mlen, (ECCCIPHERBLOB *)cbuf)) != SAR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + mlen = (ULONG)sizeof(mbuf); + bzero(mbuf, sizeof(mbuf)); + if ((rv = SKF_ExtECCDecrypt(hDev, &priKey, (ECCCIPHERBLOB *)cbuf, mbuf, &mlen)) != SAR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + return 1; +} + +int main(int argc, char **argv) +{ + int verbose = 2; + DEVHANDLE hDev = NULL; + ULONG digestAlgors[] = { + SGD_SM3, + SGD_SHA1, + SGD_SHA256 + }; + ULONG cipherAlgors[] = { + SGD_SM4_ECB, + SGD_SM4_CBC, + SGD_SM4_CFB, + SGD_SM4_CFB, + SGD_SM4_CFB, + SGD_SM4_OFB + }; + BLOCKCIPHERPARAM cipherParams[] = { + {{0}, 0, SKF_NO_PADDING, 0}, + {{0}, 16, SKF_PKCS5_PADDING, 0}, + {{0}, 16, SKF_NO_PADDING, 1}, + {{0}, 16, SKF_NO_PADDING, 8}, + {{0}, 16, SKF_NO_PADDING, 128}, + {{0}, 16, SKF_NO_PADDING, 0}, + }; + ULONG rsaBits[] = { 1024, 2048 }; + int i; + + hDev = open_dev((LPSTR)"name", verbose); + /* + if (!test_skf_mac(hDev, SGD_SM4_MAC, verbose)) { + goto end; + } + */ + + for (i = 0; i < sizeof(digestAlgors)/sizeof(digestAlgors[0]); i++) { + if (!test_skf_dgst(hDev, digestAlgors[i], verbose)) { + goto end; + } + } + + for (i = 0; i < sizeof(cipherAlgors)/sizeof(cipherAlgors[0]); i++) { + if (!test_skf_enc(hDev, cipherAlgors[i], cipherParams[i], verbose)) { + goto end; + } + } + + for (i = 0; i < sizeof(rsaBits)/sizeof(rsaBits[0]); i++) { + if (!test_skf_rsa(hDev, test_skf_rsa(hDev, rsaBits[i], verbose))) { + goto end; + } + } + + if (!test_skf_ec(hDev, verbose)) { + goto end; + } + +end: + ERR_print_errors_fp(stderr); + SKF_DisConnectDev(hDev); + return -1; +} + diff --git a/crypto/sm2/Makefile b/crypto/sm2/Makefile index 062fac74..d79746c5 100644 --- a/crypto/sm2/Makefile +++ b/crypto/sm2/Makefile @@ -103,8 +103,8 @@ sm2_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h sm2_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sm2_enc.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h sm2_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sm2_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h sm2.h -sm2_enc.o: sm2_enc.c +sm2_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +sm2_enc.o: ../o_str.h sm2_enc.c sm2_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h sm2_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h sm2_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/sm2/sm2.h b/crypto/sm2/sm2.h index 8a6fdc39..cd391944 100644 --- a/crypto/sm2/sm2.h +++ b/crypto/sm2/sm2.h @@ -228,6 +228,7 @@ void ERR_load_SM2_strings(void); # define SM2_F_SM2_CIPHERTEXT_VALUE_PRINT 103 # define SM2_F_SM2_CIPHERTEXT_VALUE_SIZE 104 # define SM2_F_SM2_COMPUTE_ID_DIGEST 105 +# define SM2_F_SM2_COMPUTE_ID_DIGEST_EX 127 # define SM2_F_SM2_DECRYPT 106 # define SM2_F_SM2_DO_DECRYPT 107 # define SM2_F_SM2_DO_ENCRYPT 108 diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c index e8b766a8..cb9681db 100644 --- a/crypto/sm2/sm2_err.c +++ b/crypto/sm2/sm2_err.c @@ -79,6 +79,7 @@ static ERR_STRING_DATA SM2_str_functs[] = { {ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_PRINT), "SM2_CIPHERTEXT_VALUE_print"}, {ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE), "SM2_CIPHERTEXT_VALUE_size"}, {ERR_FUNC(SM2_F_SM2_COMPUTE_ID_DIGEST), "SM2_compute_id_digest"}, + {ERR_FUNC(SM2_F_SM2_COMPUTE_ID_DIGEST_EX), "SM2_COMPUTE_ID_DIGEST_EX"}, {ERR_FUNC(SM2_F_SM2_DECRYPT), "SM2_decrypt"}, {ERR_FUNC(SM2_F_SM2_DO_DECRYPT), "SM2_do_decrypt"}, {ERR_FUNC(SM2_F_SM2_DO_ENCRYPT), "SM2_do_encrypt"}, diff --git a/crypto/sm2/sm2_kap.c b/crypto/sm2/sm2_kap.c index 8204bdfc..e64f2795 100644 --- a/crypto/sm2/sm2_kap.c +++ b/crypto/sm2/sm2_kap.c @@ -58,7 +58,7 @@ int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx, EC_KEY *ec_key, { int ret = 0; int w; - + memset(ctx, 0, sizeof(*ctx)); ctx->id_dgst_md = EVP_sm3(); @@ -90,7 +90,7 @@ int SM2_KAP_CTX_init(SM2_KAP_CTX *ctx, EC_KEY *ec_key, SM2err(SM2_F_SM2_KAP_CTX_INIT, ERR_R_EC_LIB); goto end; } - + if (!SM2_compute_id_digest(ctx->id_dgst_md, ctx->remote_id_dgst, &ctx->remote_id_dgstlen, remote_pubkey)) { SM2err(SM2_F_SM2_KAP_CTX_INIT, 0); @@ -155,97 +155,6 @@ void SM2_KAP_CTX_cleanup(SM2_KAP_CTX *ctx) memset(ctx, 0, sizeof(*ctx)); } -#if 0 -int SM2_update_key(EC_KEY *ec_key, EC_POINT **point) -{ - EC_KEY *tmp = NULL; - BIGNUM *d = EC_KEY_get0_private_key(ec_key); - - - if (!(tmp = EC_KEY_new())) { - goto end; - } - - if (!EC_KEY_set_group(tmp, EC_KEY_get0_group(ec_key))) { - goto end; - } - - if (!EC_KEY_generate_key(tmp)) { - goto end; - } - - if (!EC_KEY_get_affine_coordinates(tmp, x, y)) { - goto end; - } - - /* convert x to x' */ - - if (**point == NULL) { - *point = EC_POINT_dup(EC_KEY_get0_public_key(ec_key), EC_KEY_get0_group(ec_key)); - } else { - EC_POINT_copy(*point, EC_KEY_get0_public_key(ec_key), EC_KEY_get0_group(ec_key)); - } - -end: - EC_KEY_free(tmp); - return 0; -} - -int SM2_update_public_key(EC_KEY *ec_key, const EC_POINT *pub_key) -{ - EC_GROUP *group; - - - group = EC_KEY_get0_group(ec_key); - - - - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, pub_key, x, NULL, bn_ctx)) { - goto end; - } - } else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, pub_key, x, NULL, bn_ctx)) { - goto end; - } - } - - if (!BN_nnmod(x, x, ctx->two_pow_w, bn_ctx)) { - goto end; - } - - if (!BN_add(x, x, ctx->two_pow_w)) { - goto end; - } - - if (!BN_mod_mul(ctx->t, x, r, ctx->order, ctx->bn_ctx)) { - goto end; - } - - if (!EC_POINT_mul(group, point, NULL, point, x, ctx->bn_ctx)) { - goto end; - } - - if (!EC_POINT_add(group, pubkey, pubkey, point, bn_ctx)) { - goto end; - } - - ret = 1; -end: - return ret; -} - -int SM2_derive_key(void *out, size_t outlen, - const EC_POINT *pub_key, EC_KEY *ec_key, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) -{ - - - - return 0; -} -#endif - /* FIXME: ephem_point_len should be both input and output */ int SM2_KAP_prepare(SM2_KAP_CTX *ctx, unsigned char *ephem_point, size_t *ephem_point_len) @@ -306,7 +215,7 @@ int SM2_KAP_prepare(SM2_KAP_CTX *ctx, unsigned char *ephem_point, * w = ceil(keybits / 2) - 1 * x = 2^w + (x and (2^w - 1)) = 2^w + (x mod 2^w) * t = (d + x * r) mod n - * t = (h * t) mod n + * t = (h * t) mod n */ if (!ctx->t) { @@ -377,7 +286,7 @@ int SM2_KAP_compute_key(SM2_KAP_CTX *ctx, const unsigned char *remote_point, unsigned int len, bnlen; size_t klen = keylen; - + EVP_MD_CTX_init(&md_ctx); if (!(x = BN_new())) { diff --git a/crypto/sm2/sm2_lib.c b/crypto/sm2/sm2_lib.c index 6004d5ef..f7cc6b99 100644 --- a/crypto/sm2/sm2_lib.c +++ b/crypto/sm2/sm2_lib.c @@ -199,6 +199,14 @@ err: return ret; } +int SM2_compute_id_digest_ex(const EVP_MD *md, + unsigned char *dgst, size_t dgstlen, + const char *id, size_t idlen, EC_KEY *ec_key) +{ + SM2err(SM2_F_SM2_COMPUTE_ID_DIGEST_EX, ERR_R_SM2_LIB); + return 0; +} + //TODO: review this function again. int SM2_compute_id_digest(const EVP_MD *md, unsigned char *dgst, unsigned int *dgstlen, EC_KEY *ec_key) @@ -209,7 +217,7 @@ int SM2_compute_id_digest(const EVP_MD *md, unsigned char *dgst, unsigned char idbits[2]; int pkdatalen; char *id; - + if ((pkdatalen = sm2_get_public_key_data(pkdata, ec_key)) < 0) { fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__); goto err; @@ -272,7 +280,7 @@ int SM2_compute_message_digest(const EVP_MD *id_md, const EVP_MD *msg_md, goto err; } - if (!SM2_compute_id_digest(id_md, buf, &len, ec_key)) { + if (!SM2_compute_id_digest(id_md, buf, &len, ec_key)) { goto err; } @@ -300,7 +308,7 @@ int SM2_digest(const void *msg, size_t msglen, unsigned char *dgst, { const EVP_MD *id_md = EVP_sm3(); const EVP_MD *msg_md = EVP_sm3(); - + return SM2_compute_message_digest(id_md, msg_md, msg, msglen, dgst, dgstlen, ec_key); } diff --git a/crypto/sm3/Makefile b/crypto/sm3/Makefile index 919db984..97587764 100644 --- a/crypto/sm3/Makefile +++ b/crypto/sm3/Makefile @@ -22,8 +22,8 @@ TEST=sm3test.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=sm3.c -LIBOBJ=sm3.o +LIBSRC=sm3.c sm3_hmac.c +LIBOBJ=sm3.o sm3_hmac.o SRC= $(LIBSRC) @@ -66,6 +66,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @@ -79,4 +81,5 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -sm3.o: ../byteorder.h sm3.c sm3.h +sm3.o: ../../include/openssl/sm3.h ../byteorder.h sm3.c +sm3_hmac.o: ../../include/openssl/sm3.h sm3_hmac.c diff --git a/crypto/sm3/README.md b/crypto/sm3/README.md new file mode 100644 index 00000000..11fd674b --- /dev/null +++ b/crypto/sm3/README.md @@ -0,0 +1,66 @@ +## SM3 Sub-library of GMSSL + +SM3 Cryptographic Hash Algorithm is a chinese national cryptographic hash +algorithm standard published by the State Cryptography Administration Office +of Security Commercial Code Administration (OSCCA) of China in December 2010. +A draft of this algorithm can be found at + +[http://tools.ietf.org/html/draft-shen-sm3-hash-00](http://tools.ietf.org/html/draft-shen-sm3-hash-00 "RFC Draft") + + +The SM3 take input messages as 512 bits blocks and generates +256 bits digest values, same as SHA-256. + +The `SM3` sub-library of GmSSL provides the implementation of SM3 hash +algorithm, with init/update/final style of interfaces. There is also a +demo program in `demo/gmssl/sm3.c` on how to implement a command line +tool with the the inner API of SM3 sub-library. + +### Usage + +The SM3 sub-library provides the following C API: + +``` + void sm3_init(sm3_ctx_t *ctx); + void sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len); + void sm3_final(sm3_ctx_t *ctx, unsigned char digest[SM3_DIGEST_LENGTH]); + void sm3_compress(uint32_t digest[8], const unsigned char block[SM3_BLOCK_SIZE]); + void sm3(const unsigned char *data, size_t datalen, unsigned char digest[SM3_DIGEST_LENGTH]); + + void sm3_hmac_init(sm3_hmac_ctx_t *ctx, const unsigned char *key, size_t key_len); + void sm3_hmac_update(sm3_hmac_ctx_t *ctx, const unsigned char *data, size_t data_len); + void sm3_hmac_final(sm3_hmac_ctx_t *ctx, unsigned char mac[sm3_hmac_MAC_SIZE]); + void sm3_hmac(const unsigned char *data, size_t data_len, + const unsigned char *key, size_t key_len, unsigned char mac[sm3_hmac_MAC_SIZE]); +``` + +Example on using C API to digest a message: + +``` + unsigend char buffer[SM3_DIGEST_LENGTH]; + sm3("hello", strlen("hello"), buffer); +``` + +Example on using C API to digest a stream: + +``` + unsigned char dgst[SM3_DIGEST_LENGTH]; + sm3_ctx_t ctx; + sm3_init(&ctx); + sm3_update(&ctx, "hello", strlen("hello")); + sm3_update(&ctx, "world", strlen("world")); + sm3_final(&ctx, dgst); +``` + +Example on using C API to generate a HMAC tag: + +``` + unsigned char mac[sm3_hmac_MAC_SIZE]; + sm3_hmac_ctx_t ctx; + unsigned char key[16]; + sm3_hmac_init(&ctx, key, sizeof(key)); + sm3_hmac_update(&ctx, "hello", strlen("hello")); + sm3_hmac_update(&ctx, "world", strlen("world")); + sm3_hmac_final(&ctx, mac); +``` + diff --git a/crypto/sm3/hmac_sm3.c b/crypto/sm3/hmac_sm3.c deleted file mode 100644 index a3bfd2d3..00000000 --- a/crypto/sm3/hmac_sm3.c +++ /dev/null @@ -1,78 +0,0 @@ -#include -#include -#include "hmac_sm3.h" - -/** - * HMAC_k(m) = H((k ^ opad), H((k ^ ipad), m)) - * pseudo-code: - * function hmac(key, message) - * opad = [0x5c * blocksize] - * ipad = [0x36 * blocksize] - * if (length(key) > blocksize) then - * key = hash(key) - * end if - * for i from 0 to length(key) - 1 step 1 - * ipad[i] = ipad[i] XOR key[i] - * opad[i] = opad[i] XOR key[i] - * end for - * return hash(opad || hash(ipad || message)) - * end function - */ - - -#define IPAD 0x36 -#define OPAD 0x5C - -void hmac_sm3_init(hmac_sm3_ctx_t *ctx, const unsigned char *key, size_t key_len) -{ - int i; - unsigned char ipad[SM3_DIGEST_LENGTH]; - - if (key_len <= SM3_BLOCK_SIZE) { - memcpy(ctx->key, key, key_len); - memset(ctx->key + key_len, 0, SM3_BLOCK_SIZE - key_len); - } else { - sm3_init(&ctx->sm3_ctx); - sm3_update(&ctx->sm3_ctx, key, key_len); - sm3_final(&ctx->sm3_ctx, ctx->key); - memset(ctx->key + SM3_DIGEST_LENGTH, 0, - SM3_BLOCK_SIZE - SM3_DIGEST_LENGTH); - } - for (i = 0; i < SM3_BLOCK_SIZE; i++) { - ctx->key[i] ^= IPAD; - } - - sm3_init(&ctx->sm3_ctx); - sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE); -} - -void hmac_sm3_update(hmac_sm3_ctx_t *ctx, const unsigned char *data, size_t data_len) -{ - sm3_update(&ctx->sm3_ctx, data, data_len); -} - -void hmac_sm3_final(hmac_sm3_ctx_t *ctx, unsigned char mac[HMAC_SM3_MAC_SIZE]) -{ - int i; - for (i = 0; i < SM3_BLOCK_SIZE; i++) { - ctx->key[i] ^= (IPAD ^ OPAD); - } - sm3_final(&ctx->sm3_ctx, mac); - sm3_init(&ctx->sm3_ctx); - sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE); - sm3_update(&ctx->sm3_ctx, mac, SM3_DIGEST_LENGTH); - sm3_final(&ctx->sm3_ctx, mac); -} - -void hmac_sm3(const unsigned char *data, size_t data_len, - const unsigned char *key, size_t key_len, unsigned char mac[HMAC_SM3_MAC_SIZE]) -{ - hmac_sm3_ctx_t ctx; - - hmac_sm3_init(&ctx, key, key_len); - hmac_sm3_update(&ctx, data, data_len); - hmac_sm3_final(&ctx, mac); - - memset(&ctx, 0, sizeof(hmac_sm3_ctx_t)); -} - diff --git a/crypto/sm3/hmac_sm3.h b/crypto/sm3/hmac_sm3.h deleted file mode 100644 index 00b91c69..00000000 --- a/crypto/sm3/hmac_sm3.h +++ /dev/null @@ -1,29 +0,0 @@ -#ifndef LIBSM3_HMAC_SM3_H -#define LIBSM3_HMAC_SM3_H - -#include "sm3.h" - -#define HMAC_SM3_MAC_SIZE SM3_DIGEST_LENGTH - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct { - sm3_ctx_t sm3_ctx; - unsigned char key[SM3_DIGEST_LENGTH]; -} hmac_sm3_ctx_t; - - -void hmac_sm3_init(hmac_sm3_ctx_t *ctx, const unsigned char *key, size_t key_len); -void hmac_sm3_update(hmac_sm3_ctx_t *ctx, const unsigned char *data, size_t data_len); -void hmac_sm3_final(hmac_sm3_ctx_t *ctx, unsigned char mac[HMAC_SM3_MAC_SIZE]); -void hmac_sm3(const unsigned char *data, size_t data_len, - const unsigned char *key, size_t key_len, unsigned char mac[HMAC_SM3_MAC_SIZE]); - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/crypto/sm3/hmac_sm3_test.c b/crypto/sm3/hmac_sm3_test.c deleted file mode 100644 index 9a819f59..00000000 --- a/crypto/sm3/hmac_sm3_test.c +++ /dev/null @@ -1,68 +0,0 @@ -#include "hmac_sm3.h" -#include -#include - -int hmac_sm3_test() -{ - int ret = 0; - int i, j; - unsigned char mac[HMAC_SM3_MAC_SIZE]; - hmac_sm3_ctx_t ctx; - - char *testarray[4] = { - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "a", - "01234567012345670123456701234567" - }; - int repeatcount[4] = { 1, 1, 1000000, 20 }; - unsigned char key[4] = { - "hello", - "world", - "23492304982304982340923480", - "a" - }; - unsigned char result[4][32] = { - {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0}, - {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0}, - {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0}, - {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, - 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0}, - }; - - for (i = 0; i < sizeof(testarray)/sizeof(testarray[0]); i++) { - hmac_sm3_init(&ctx, key[i], key_length[i]); - for (j = 0; j < repeatcount[i]; j++) { - hmac_sm3_update(&ctx, (const unsigned char *)testarray[i], - strlen(testarray[i])); - } - hmac_sm3_final(&ctx, mac); - if (memcmp(mac, &result[i][0], sizeof(mac)) != 0) { - fprintf(stderr, "hmac-sm3 test-%d failed\n", i); - ret = 1; - } - } - - if (ret == 0) { - printf("hmac-sm3 test success!\n"); - } - - return ret; -} - -int main() -{ - return hmac_sm3_test(); -} - diff --git a/crypto/sm3/sm3.c b/crypto/sm3/sm3.c index 9c337029..1cb695c5 100644 --- a/crypto/sm3/sm3.c +++ b/crypto/sm3/sm3.c @@ -49,13 +49,11 @@ * */ - -#include "sm3.h" -#include "../byteorder.h" #include +#include "../byteorder.h" +#include - -int sm3_init(sm3_ctx_t *ctx) +void sm3_init(sm3_ctx_t *ctx) { ctx->digest[0] = 0x7380166F; ctx->digest[1] = 0x4914B2B9; @@ -65,22 +63,19 @@ int sm3_init(sm3_ctx_t *ctx) ctx->digest[5] = 0x163138AA; ctx->digest[6] = 0xE38DEE4D; ctx->digest[7] = 0xB0FB0E4E; - + ctx->nblocks = 0; ctx->num = 0; - if(ctx == NULL) return 0; - return 1; } -int sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len) +void sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len) { - if(ctx == NULL) return 0; if (ctx->num) { unsigned int left = SM3_BLOCK_SIZE - ctx->num; if (data_len < left) { memcpy(ctx->block + ctx->num, data, data_len); ctx->num += data_len; - return 1; + return; } else { memcpy(ctx->block + ctx->num, data, left); sm3_compress(ctx->digest, ctx->block); @@ -99,18 +94,16 @@ int sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len) if (data_len) { memcpy(ctx->block, data, data_len); } - return 1; } -int sm3_final(sm3_ctx_t *ctx, unsigned char *digest) +void sm3_final(sm3_ctx_t *ctx, unsigned char *digest) { - if(ctx == NULL) return 0; int i; uint32_t *pdigest = (uint32_t *)digest; uint32_t *count = (uint32_t *)(ctx->block + SM3_BLOCK_SIZE - 8); - + ctx->block[ctx->num] = 0x80; - + if (ctx->num + 9 <= SM3_BLOCK_SIZE) { memset(ctx->block + ctx->num + 1, 0, SM3_BLOCK_SIZE - ctx->num - 9); } else { @@ -121,23 +114,22 @@ int sm3_final(sm3_ctx_t *ctx, unsigned char *digest) count[0] = cpu_to_be32((ctx->nblocks) >> 23); count[1] = cpu_to_be32((ctx->nblocks << 9) + (ctx->num << 3)); - + sm3_compress(ctx->digest, ctx->block); for (i = 0; i < sizeof(ctx->digest)/sizeof(ctx->digest[0]); i++) { pdigest[i] = cpu_to_be32(ctx->digest[i]); } - return 1; } #define ROTATELEFT(X,n) (((X)<<(n)) | ((X)>>(32-(n)))) -#define P0(x) ((x) ^ ROTATELEFT((x),9) ^ ROTATELEFT((x),17)) -#define P1(x) ((x) ^ ROTATELEFT((x),15) ^ ROTATELEFT((x),23)) +#define P0(x) ((x) ^ ROTATELEFT((x),9) ^ ROTATELEFT((x),17)) +#define P1(x) ((x) ^ ROTATELEFT((x),15) ^ ROTATELEFT((x),23)) -#define FF0(x,y,z) ( (x) ^ (y) ^ (z)) +#define FF0(x,y,z) ( (x) ^ (y) ^ (z)) #define FF1(x,y,z) (((x) & (y)) | ( (x) & (z)) | ( (y) & (z))) -#define GG0(x,y,z) ( (x) ^ (y) ^ (z)) +#define GG0(x,y,z) ( (x) ^ (y) ^ (z)) #define GG1(x,y,z) (((x) & (y)) | ( (~(x)) & (z)) ) @@ -146,7 +138,7 @@ void sm3_compress(uint32_t digest[8], const unsigned char block[64]) int j; uint32_t W[68], W1[64]; const uint32_t *pblock = (const uint32_t *)block; - + uint32_t A = digest[0]; uint32_t B = digest[1]; uint32_t C = digest[2]; @@ -170,7 +162,7 @@ void sm3_compress(uint32_t digest[8], const unsigned char block[64]) for(j =0; j < 16; j++) { T[j] = 0x79CC4519; - SS1 = ROTATELEFT((ROTATELEFT(A,12) + E + ROTATELEFT(T[j],j)), 7); + SS1 = ROTATELEFT((ROTATELEFT(A,12) + E + ROTATELEFT(T[j],j)), 7); SS2 = SS1 ^ ROTATELEFT(A,12); TT1 = FF0(A,B,C) + D + SS2 + W1[j]; TT2 = GG0(E,F,G) + H + SS1 + W[j]; @@ -187,7 +179,7 @@ void sm3_compress(uint32_t digest[8], const unsigned char block[64]) for(j =16; j < 64; j++) { T[j] = 0x7A879D8A; - SS1 = ROTATELEFT((ROTATELEFT(A,12) + E + ROTATELEFT(T[j],j)), 7); + SS1 = ROTATELEFT((ROTATELEFT(A,12) + E + ROTATELEFT(T[j],j)), 7); SS2 = SS1 ^ ROTATELEFT(A,12); TT1 = FF1(A,B,C) + D + SS2 + W1[j]; TT2 = GG1(E,F,G) + H + SS1 + W[j]; @@ -211,7 +203,8 @@ void sm3_compress(uint32_t digest[8], const unsigned char block[64]) digest[7] ^= H; } -void sm3(const unsigned char *msg, size_t msglen, unsigned char dgst[SM3_DIGEST_LENGTH]) +void sm3(const unsigned char *msg, size_t msglen, + unsigned char dgst[SM3_DIGEST_LENGTH]) { sm3_ctx_t ctx; diff --git a/crypto/sm3/sm3.h b/crypto/sm3/sm3.h index 68ccde55..d0ef4608 100644 --- a/crypto/sm3/sm3.h +++ b/crypto/sm3/sm3.h @@ -54,6 +54,7 @@ #define SM3_DIGEST_LENGTH 32 #define SM3_BLOCK_SIZE 64 +#define SM3_HMAC_SIZE (SM3_DIGEST_LENGTH) #include #include @@ -71,11 +72,24 @@ typedef struct { int num; } sm3_ctx_t; -int sm3_init(sm3_ctx_t *ctx); -int sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len); -int sm3_final(sm3_ctx_t *ctx, unsigned char digest[SM3_DIGEST_LENGTH]); +void sm3_init(sm3_ctx_t *ctx); +void sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len); +void sm3_final(sm3_ctx_t *ctx, unsigned char digest[SM3_DIGEST_LENGTH]); void sm3_compress(uint32_t digest[8], const unsigned char block[SM3_BLOCK_SIZE]); -void sm3(const unsigned char *data, size_t datalen, unsigned char digest[SM3_DIGEST_LENGTH]); +void sm3(const unsigned char *data, size_t datalen, + unsigned char digest[SM3_DIGEST_LENGTH]); + + +typedef struct { + sm3_ctx_t sm3_ctx; + unsigned char key[SM3_DIGEST_LENGTH]; +} sm3_hmac_ctx_t; + +void sm3_hmac_init(sm3_hmac_ctx_t *ctx, const unsigned char *key, size_t key_len); +void sm3_hmac_update(sm3_hmac_ctx_t *ctx, const unsigned char *data, size_t data_len); +void sm3_hmac_final(sm3_hmac_ctx_t *ctx, unsigned char mac[SM3_HMAC_SIZE]); +void sm3_hmac(const unsigned char *data, size_t data_len, + const unsigned char *key, size_t key_len, unsigned char mac[SM3_HMAC_SIZE]); #ifdef __cplusplus } diff --git a/crypto/sm3/sm3_hmac.c b/crypto/sm3/sm3_hmac.c new file mode 100644 index 00000000..eedb13a6 --- /dev/null +++ b/crypto/sm3/sm3_hmac.c @@ -0,0 +1,129 @@ +/* crypto/sm3/sm3_hmac.c */ +/* ==================================================================== + * Copyright (c) 2014 - 2015 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +#include +#include +#include +#include + +/** + * HMAC_k(m) = H((k ^ opad), H((k ^ ipad), m)) + * pseudo-code: + * function hmac(key, message) + * opad = [0x5c * blocksize] + * ipad = [0x36 * blocksize] + * if (length(key) > blocksize) then + * key = hash(key) + * end if + * for i from 0 to length(key) - 1 step 1 + * ipad[i] = ipad[i] XOR key[i] + * opad[i] = opad[i] XOR key[i] + * end for + * return hash(opad || hash(ipad || message)) + * end function + */ + + +#define IPAD 0x36 +#define OPAD 0x5C + +void sm3_hmac_init(sm3_hmac_ctx_t *ctx, const unsigned char *key, size_t key_len) +{ + int i; + //unsigned char ipad[SM3_DIGEST_LENGTH]; + + if (key_len <= SM3_BLOCK_SIZE) { + memcpy(ctx->key, key, key_len); + memset(ctx->key + key_len, 0, SM3_BLOCK_SIZE - key_len); + } else { + sm3_init(&ctx->sm3_ctx); + sm3_update(&ctx->sm3_ctx, key, key_len); + sm3_final(&ctx->sm3_ctx, ctx->key); + memset(ctx->key + SM3_DIGEST_LENGTH, 0, + SM3_BLOCK_SIZE - SM3_DIGEST_LENGTH); + } + for (i = 0; i < SM3_BLOCK_SIZE; i++) { + ctx->key[i] ^= IPAD; + } + + sm3_init(&ctx->sm3_ctx); + sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE); +} + +void sm3_hmac_update(sm3_hmac_ctx_t *ctx, + const unsigned char *data, size_t data_len) +{ + sm3_update(&ctx->sm3_ctx, data, data_len); +} + +void sm3_hmac_final(sm3_hmac_ctx_t *ctx, unsigned char mac[SM3_HMAC_SIZE]) +{ + int i; + for (i = 0; i < SM3_BLOCK_SIZE; i++) { + ctx->key[i] ^= (IPAD ^ OPAD); + } + sm3_final(&ctx->sm3_ctx, mac); + sm3_init(&ctx->sm3_ctx); + sm3_update(&ctx->sm3_ctx, ctx->key, SM3_BLOCK_SIZE); + sm3_update(&ctx->sm3_ctx, mac, SM3_DIGEST_LENGTH); + sm3_final(&ctx->sm3_ctx, mac); +} + +void sm3_hmac(const unsigned char *data, size_t data_len, + const unsigned char *key, size_t key_len, + unsigned char mac[SM3_HMAC_SIZE]) +{ + sm3_hmac_ctx_t ctx; + sm3_hmac_init(&ctx, key, key_len); + sm3_hmac_update(&ctx, data, data_len); + sm3_hmac_final(&ctx, mac); + bzero(&ctx, sizeof(ctx)); +} + diff --git a/crypto/sm3/sm3dgst.c b/crypto/sm3/sm3dgst.c deleted file mode 100644 index a1f3063d..00000000 --- a/crypto/sm3/sm3dgst.c +++ /dev/null @@ -1,46 +0,0 @@ -#include -#include -#include -#include -#include -#include "sm3.h" - -/* - * usage of sm3dgst: - * ./sm3dgst - * 324234234234235234234234234234 - * - * echo "hello world" | sm3dgst - * lksjdlfksdjlfkjsdlfkjsdlfkjsdljkfffffffldjfk= - * - */ - -int main(int argc, char **argv) -{ - sm3_ctx_t ctx; - unsigned char dgst[SM3_DIGEST_LENGTH]; - unsigned char buf[4096]; - ssize_t len; - int i; - - if (argc > 1) { - printf("usage: %s < file\n", basename(argv[0])); - return 0; - } - - sm3_init(&ctx); - - while ((len = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { - sm3_update(&ctx, buf, len); - } - memset(dgst, 0, sizeof(dgst)); - sm3_final(&ctx, dgst); - - for (i = 0; i < sizeof(dgst); i++) { - printf("%02x", dgst[i]); - } - printf("\n"); - - return 0; -} - diff --git a/crypto/sm3/sm3test.c b/crypto/sm3/sm3test.c index 242f4d41..5659f485 100644 --- a/crypto/sm3/sm3test.c +++ b/crypto/sm3/sm3test.c @@ -120,26 +120,4 @@ static char *pt(unsigned char *md) return (buf); } - - - -/* - - - - - - - - - - -*/ - - - - - - - #endif diff --git a/crypto/sm3/sm3test2.c b/crypto/sm3/sm3test2.c index 9350a70c..dafe0642 100644 --- a/crypto/sm3/sm3test2.c +++ b/crypto/sm3/sm3test2.c @@ -82,6 +82,65 @@ int sm3_test2() return 0; } +int hmac_sm3_test() +{ + int ret = 0; + int i, j; + unsigned char mac[HMAC_SM3_MAC_SIZE]; + hmac_sm3_ctx_t ctx; + + char *testarray[4] = { + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + "a", + "01234567012345670123456701234567" + }; + int repeatcount[4] = { 1, 1, 1000000, 20 }; + unsigned char key[4] = { + "hello", + "world", + "23492304982304982340923480", + "a" + }; + unsigned char result[4][32] = { + {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0}, + {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0}, + {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0}, + {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0}, + }; + + for (i = 0; i < sizeof(testarray)/sizeof(testarray[0]); i++) { + hmac_sm3_init(&ctx, key[i], key_length[i]); + for (j = 0; j < repeatcount[i]; j++) { + hmac_sm3_update(&ctx, (const unsigned char *)testarray[i], + strlen(testarray[i])); + } + hmac_sm3_final(&ctx, mac); + if (memcmp(mac, &result[i][0], sizeof(mac)) != 0) { + fprintf(stderr, "hmac-sm3 test-%d failed\n", i); + ret = 1; + } + } + + if (ret == 0) { + printf("hmac-sm3 test success!\n"); + } + + return ret; +} + int main(int argc, char *argv[]) { if (sm3_test1()) diff --git a/crypto/sm9/Makefile b/crypto/sm9/Makefile index f671cb7c..a18f73d9 100644 --- a/crypto/sm9/Makefile +++ b/crypto/sm9/Makefile @@ -66,6 +66,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @@ -88,3 +90,12 @@ sm9_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sm9_err.o: ../../include/openssl/safestack.h ../../include/openssl/sm9.h sm9_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sm9_err.o: sm9_err.c +sm9_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +sm9_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +sm9_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +sm9_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +sm9_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +sm9_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sm9_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sm9.h +sm9_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sm9.h +sm9_lib.o: sm9_lcl.h sm9_lib.c diff --git a/crypto/sm9/sm9_lib.c b/crypto/sm9/sm9_lib.c index affe8502..ff294c73 100644 --- a/crypto/sm9/sm9_lib.c +++ b/crypto/sm9/sm9_lib.c @@ -49,6 +49,7 @@ * */ +#include #include #include "sm9_lcl.h" @@ -104,7 +105,7 @@ int SM9_encrypt(SM9_PUBLIC_PARAMS *params, const char *id, size_t idlen) { SM9err(SM9_F_SM9_ENCRYPT, SM9_R_NOT_IMPLEMENTED); - return NULL; + return 0; } int SM9_decrypt(SM9_PUBLIC_PARAMS *params, diff --git a/crypto/sms4/Makefile b/crypto/sms4/Makefile index ea9209b6..edfed0f5 100644 --- a/crypto/sms4/Makefile +++ b/crypto/sms4/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/sms4/README.md b/crypto/sms4/README.md new file mode 100644 index 00000000..83678814 --- /dev/null +++ b/crypto/sms4/README.md @@ -0,0 +1,22 @@ +## SMS4 Sub-Library of GMSSL + +Encryption modes: + + * ECB: encrypt or decrypt a block, process only one block per call. + * CBC: process variable length input with zero padding, IV works as both input and output. + * CFB: same as CBC + * OFB: same as CBC + +Optimization for specific architecture: + + * AVX2: support ECB, CTR and CBC-decrypt (todo) + * KNC-NI: support ECB, CTR and CBC-decrypt (todo) + +Some future plans: + + * more operation modes, GCM, XTS, FFX, OFB ... + * more optimiazations: ARM/NEON, X86 ASM, GPU, ... + * secure implementation: Bit Slicing, Timing attack ... + * formally verified. + + diff --git a/crypto/sms4/sms4test.c b/crypto/sms4/sms4test.c index 28325b59..1734266b 100644 --- a/crypto/sms4/sms4test.c +++ b/crypto/sms4/sms4test.c @@ -48,10 +48,10 @@ int main(int argc, char **argv) goto end; } printf("sms4 key scheduling passed!\n"); - + /* test encrypt once */ sms4_encrypt(&key, plaintext, buf); - + if (memcmp(buf, ciphertext1, sizeof(ciphertext1)) != 0) { printf("sms4 encrypt not pass!\n"); goto end; @@ -70,7 +70,7 @@ int main(int argc, char **argv) } printf("sms4 encrypt 1000000 times pass!\n"); printf("sms4 all test vectors pass!\n"); - + return 0; end: printf("some test vector failed\n"); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 524325d1..912abd31 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -91,7 +91,7 @@ # include # endif -# ifndef OPENSSL_NO_SM2 +# ifndef NO_GMSSL # include # endif diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 84e1f68f..9219f753 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -116,9 +116,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) case NID_X9_62_id_ecPublicKey: ret |= EVP_PKS_EC; break; -#ifndef OPENSSL_NO_SM2 - /* what to do ? */ -#endif default: break; } diff --git a/crypto/zuc/zuc.c b/crypto/zuc/zuc.c index 4b043e50..f7c6b293 100755 --- a/crypto/zuc/zuc.c +++ b/crypto/zuc/zuc.c @@ -1,250 +1,70 @@ -#include -#include "../modes/modes_lcl.h" -#include "zuc.h" +/* crypto/zuc/zuc.c */ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* + * this file includes code written by YOU for the GmSSL project + */ +#include +#include - -static uint8_t S0[256] = { - 0x3e,0x72,0x5b,0x47,0xca,0xe0,0x00,0x33,0x04,0xd1,0x54,0x98,0x09,0xb9,0x6d,0xcb, - 0x7b,0x1b,0xf9,0x32,0xaf,0x9d,0x6a,0xa5,0xb8,0x2d,0xfc,0x1d,0x08,0x53,0x03,0x90, - 0x4d,0x4e,0x84,0x99,0xe4,0xce,0xd9,0x91,0xdd,0xb6,0x85,0x48,0x8b,0x29,0x6e,0xac, - 0xcd,0xc1,0xf8,0x1e,0x73,0x43,0x69,0xc6,0xb5,0xbd,0xfd,0x39,0x63,0x20,0xd4,0x38, - 0x76,0x7d,0xb2,0xa7,0xcf,0xed,0x57,0xc5,0xf3,0x2c,0xbb,0x14,0x21,0x06,0x55,0x9b, - 0xe3,0xef,0x5e,0x31,0x4f,0x7f,0x5a,0xa4,0x0d,0x82,0x51,0x49,0x5f,0xba,0x58,0x1c, - 0x4a,0x16,0xd5,0x17,0xa8,0x92,0x24,0x1f,0x8c,0xff,0xd8,0xae,0x2e,0x01,0xd3,0xad, - 0x3b,0x4b,0xda,0x46,0xeb,0xc9,0xde,0x9a,0x8f,0x87,0xd7,0x3a,0x80,0x6f,0x2f,0xc8, - 0xb1,0xb4,0x37,0xf7,0x0a,0x22,0x13,0x28,0x7c,0xcc,0x3c,0x89,0xc7,0xc3,0x96,0x56, - 0x07,0xbf,0x7e,0xf0,0x0b,0x2b,0x97,0x52,0x35,0x41,0x79,0x61,0xa6,0x4c,0x10,0xfe, - 0xbc,0x26,0x95,0x88,0x8a,0xb0,0xa3,0xfb,0xc0,0x18,0x94,0xf2,0xe1,0xe5,0xe9,0x5d, - 0xd0,0xdc,0x11,0x66,0x64,0x5c,0xec,0x59,0x42,0x75,0x12,0xf5,0x74,0x9c,0xaa,0x23, - 0x0e,0x86,0xab,0xbe,0x2a,0x02,0xe7,0x67,0xe6,0x44,0xa2,0x6c,0xc2,0x93,0x9f,0xf1, - 0xf6,0xfa,0x36,0xd2,0x50,0x68,0x9e,0x62,0x71,0x15,0x3d,0xd6,0x40,0xc4,0xe2,0x0f, - 0x8e,0x83,0x77,0x6b,0x25,0x05,0x3f,0x0c,0x30,0xea,0x70,0xb7,0xa1,0xe8,0xa9,0x65, - 0x8d,0x27,0x1a,0xdb,0x81,0xb3,0xa0,0xf4,0x45,0x7a,0x19,0xdf,0xee,0x78,0x34,0x60 -}; - -static uint8_t S1[256] = { - 0x55,0xc2,0x63,0x71,0x3b,0xc8,0x47,0x86,0x9f,0x3c,0xda,0x5b,0x29,0xaa,0xfd,0x77, - 0x8c,0xc5,0x94,0x0c,0xa6,0x1a,0x13,0x00,0xe3,0xa8,0x16,0x72,0x40,0xf9,0xf8,0x42, - 0x44,0x26,0x68,0x96,0x81,0xd9,0x45,0x3e,0x10,0x76,0xc6,0xa7,0x8b,0x39,0x43,0xe1, - 0x3a,0xb5,0x56,0x2a,0xc0,0x6d,0xb3,0x05,0x22,0x66,0xbf,0xdc,0x0b,0xfa,0x62,0x48, - 0xdd,0x20,0x11,0x06,0x36,0xc9,0xc1,0xcf,0xf6,0x27,0x52,0xbb,0x69,0xf5,0xd4,0x87, - 0x7f,0x84,0x4c,0xd2,0x9c,0x57,0xa4,0xbc,0x4f,0x9a,0xdf,0xfe,0xd6,0x8d,0x7a,0xeb, - 0x2b,0x53,0xd8,0x5c,0xa1,0x14,0x17,0xfb,0x23,0xd5,0x7d,0x30,0x67,0x73,0x08,0x09, - 0xee,0xb7,0x70,0x3f,0x61,0xb2,0x19,0x8e,0x4e,0xe5,0x4b,0x93,0x8f,0x5d,0xdb,0xa9, - 0xad,0xf1,0xae,0x2e,0xcb,0x0d,0xfc,0xf4,0x2d,0x46,0x6e,0x1d,0x97,0xe8,0xd1,0xe9, - 0x4d,0x37,0xa5,0x75,0x5e,0x83,0x9e,0xab,0x82,0x9d,0xb9,0x1c,0xe0,0xcd,0x49,0x89, - 0x01,0xb6,0xbd,0x58,0x24,0xa2,0x5f,0x38,0x78,0x99,0x15,0x90,0x50,0xb8,0x95,0xe4, - 0xd0,0x91,0xc7,0xce,0xed,0x0f,0xb4,0x6f,0xa0,0xcc,0xf0,0x02,0x4a,0x79,0xc3,0xde, - 0xa3,0xef,0xea,0x51,0xe6,0x6b,0x18,0xec,0x1b,0x2c,0x80,0xf7,0x74,0xe7,0xff,0x21, - 0x5a,0x6a,0x54,0x1e,0x41,0x31,0x92,0x35,0xc4,0x33,0x07,0x0a,0xba,0x7e,0x0e,0x34, - 0x88,0xb1,0x98,0x7c,0xf3,0x3d,0x60,0x6c,0x7b,0xca,0xd3,0x1f,0x32,0x65,0x04,0x28, - 0x64,0xbe,0x85,0x9b,0x2f,0x59,0x8a,0xd7,0xb0,0x25,0xac,0xaf,0x12,0x03,0xe2,0xf2 -}; - -static uint32_t EK_d[16] = { - 0x44D7, 0x26BC, 0x626B, 0x135E, 0x5789, 0x35E2, 0x7135, 0x09AF, - 0x4D78, 0x2F13, 0x6BC4, 0x1AF1, 0x5E26, 0x3C4D, 0x789A, 0x47AC -}; - -static inline uint32_t AddM(uint32_t a, uint32_t b) +void zuc_set_key(zuc_key_t *key, const unsigned char *user_key, const unsigned char *iv) { - uint32_t c = a + b; - return (c & 0x7FFFFFFF) + (c >> 31); } -#define MulByPow2(x, k) ((((x) << k) | ((x) >> (31 - k))) & 0x7FFFFFFF) - -static void LFSRWithInitialisationMode(ZUC_KEY *key, uint32_t u) +void zuc_generate_keystream(zuc_key_t *key, size_t nwords, uint32_t *words) { - uint32_t f, v; - f = key->LFSR_S0; - - v = MulByPow2(key->LFSR_S0, 8); - f = AddM(f, v); - v = MulByPow2(key->LFSR_S4, 20); - f = AddM(f, v); - v = MulByPow2(key->LFSR_S10, 21); - f = AddM(f, v); - v = MulByPow2(key->LFSR_S13, 17); - f = AddM(f, v); - v = MulByPow2(key->LFSR_S15, 15); - f = AddM(f, v); - - f = AddM(f, u); - - /* update the state */ - key->LFSR_S0 = key->LFSR_S1; - key->LFSR_S1 = key->LFSR_S2; - key->LFSR_S2 = key->LFSR_S3; - key->LFSR_S3 = key->LFSR_S4; - key->LFSR_S4 = key->LFSR_S5; - key->LFSR_S5 = key->LFSR_S6; - key->LFSR_S6 = key->LFSR_S7; - key->LFSR_S7 = key->LFSR_S8; - key->LFSR_S8 = key->LFSR_S9; - key->LFSR_S9 = key->LFSR_S10; - key->LFSR_S10 = key->LFSR_S11; - key->LFSR_S11 = key->LFSR_S12; - key->LFSR_S12 = key->LFSR_S13; - key->LFSR_S13 = key->LFSR_S14; - key->LFSR_S14 = key->LFSR_S15; - key->LFSR_S15 = f; } -/* LFSR with work mode */ -static void LFSRWithWorkMode(ZUC_KEY *key) +void zuc_encrypt(zuc_key_t *key, size_t len, const unsigned char *in, unsigned char *out) { - uint32_t f, v; - f = key->LFSR_S0; - - v = MulByPow2(key->LFSR_S0, 8); - f = AddM(f, v); - v = MulByPow2(key->LFSR_S4, 20); - f = AddM(f, v); - v = MulByPow2(key->LFSR_S10, 21); - f = AddM(f, v); - v = MulByPow2(key->LFSR_S13, 17); - f = AddM(f, v); - v = MulByPow2(key->LFSR_S15, 15); - f = AddM(f, v); - - /* update the state */ - key->LFSR_S0 = key->LFSR_S1; - key->LFSR_S1 = key->LFSR_S2; - key->LFSR_S2 = key->LFSR_S3; - key->LFSR_S3 = key->LFSR_S4; - key->LFSR_S4 = key->LFSR_S5; - key->LFSR_S5 = key->LFSR_S6; - key->LFSR_S6 = key->LFSR_S7; - key->LFSR_S7 = key->LFSR_S8; - key->LFSR_S8 = key->LFSR_S9; - key->LFSR_S9 = key->LFSR_S10; - key->LFSR_S10 = key->LFSR_S11; - key->LFSR_S11 = key->LFSR_S12; - key->LFSR_S12 = key->LFSR_S13; - key->LFSR_S13 = key->LFSR_S14; - key->LFSR_S14 = key->LFSR_S15; - key->LFSR_S15 = f; + memcpy(out, in, len); } -/* BitReorganization */ -static inline void BitReorganization(ZUC_KEY *key) -{ - key->BRC_X0 = ((key->LFSR_S15 & 0x7FFF8000) << 1) | (key->LFSR_S14 & 0xFFFF); - key->BRC_X1 = ((key->LFSR_S11 & 0xFFFF) << 16) | (key->LFSR_S9 >> 15); - key->BRC_X2 = ((key->LFSR_S7 & 0xFFFF) << 16) | (key->LFSR_S5 >> 15); - key->BRC_X3 = ((key->LFSR_S2 & 0xFFFF) << 16) | (key->LFSR_S0 >> 15); -} - -#define ROT(a, k) (((a) << k) | ((a) >> (32 - k))) - -static inline uint32_t L1(uint32_t X) -{ - return (X ^ ROT(X, 2) ^ ROT(X, 10) ^ ROT(X, 18) ^ ROT(X, 24)); -} - -static inline uint32_t L2(uint32_t X) -{ - return (X ^ ROT(X, 8) ^ ROT(X, 14) ^ ROT(X, 22) ^ ROT(X, 30)); -} - -#define MAKEuint32_t(a, b, c, d) (((uint32_t)(a) << 24) | ((uint32_t)(b) << 16) | ((uint32_t)(c) << 8) | ((uint32_t)(d))) - -static uint32_t F(ZUC_KEY *key) -{ - uint32_t W, W1, W2, u, v; - - W = (key->BRC_X0 ^ key->F_R1) + key->F_R2; - W1 = key->F_R1 + key->BRC_X1; - W2 = key->F_R2 ^ key->BRC_X2; - - u = L1((W1 << 16) | (W2 >> 16)); - v = L2((W2 << 16) | (W1 >> 16)); - - key->F_R1 = MAKEuint32_t(S0[u >> 24], S1[(u >> 16) & 0xFF], S0[(u >> 8) & 0xFF], S1[u & 0xFF]); - key->F_R2 = MAKEuint32_t(S0[v >> 24], S1[(v >> 16) & 0xFF], S0[(v >> 8) & 0xFF], S1[v & 0xFF]); - - return W; -} - -#define MAKEU31(a, b, c) (((uint32_t)(a) << 23) | ((uint32_t)(b) << 8) | (uint32_t)(c)) - -void ZUC_set_key(ZUC_KEY *key, const unsigned char *k, const unsigned char *iv) -{ - uint32_t w, nCount; - - key->LFSR_S0 = MAKEU31(k[0], EK_d[0], iv[0]); - key->LFSR_S1 = MAKEU31(k[1], EK_d[1], iv[1]); - key->LFSR_S2 = MAKEU31(k[2], EK_d[2], iv[2]); - key->LFSR_S3 = MAKEU31(k[3], EK_d[3], iv[3]); - key->LFSR_S4 = MAKEU31(k[4], EK_d[4], iv[4]); - key->LFSR_S5 = MAKEU31(k[5], EK_d[5], iv[5]); - key->LFSR_S6 = MAKEU31(k[6], EK_d[6], iv[6]); - key->LFSR_S7 = MAKEU31(k[7], EK_d[7], iv[7]); - key->LFSR_S8 = MAKEU31(k[8], EK_d[8], iv[8]); - key->LFSR_S9 = MAKEU31(k[9], EK_d[9], iv[9]); - key->LFSR_S10 = MAKEU31(k[10], EK_d[10], iv[10]); - key->LFSR_S11 = MAKEU31(k[11], EK_d[11], iv[11]); - key->LFSR_S12 = MAKEU31(k[12], EK_d[12], iv[12]); - key->LFSR_S13 = MAKEU31(k[13], EK_d[13], iv[13]); - key->LFSR_S14 = MAKEU31(k[14], EK_d[14], iv[14]); - key->LFSR_S15 = MAKEU31(k[15], EK_d[15], iv[15]); - - key->F_R1 = 0; - key->F_R2 = 0; - nCount = 32; - - while (nCount > 0) { - BitReorganization(key); - w = F(key); - LFSRWithInitialisationMode(key, w >> 1); - nCount--; - } - - BitReorganization(key); - F(key); - LFSRWithWorkMode(key); - -} - -void ZUC_encrypt(ZUC_KEY *key, size_t inlen, const unsigned char *in, unsigned char *out) -{ -#if 0 - uint32_t word; - int n = key->buf_index; - - assert(n < 4); - - while (n && inlen) { - *(out++) = *(in++) ^ key->buf[n]; - n = (n + 1) % 4; - inlen--; - } - - while (inlen >= 4) { - BitReorganization(key); - word = GETU32(in); - word ^= F(key) ^ key->BRC_X3; - PUTU32(out, word); - LFSRWithWorkMode(key); - inlen -= 4; - in += 4; - out += 4; - } - - if (inlen) { - BitReorganization(key); - word = F(key) ^ key->BRC_X3; - LFSRWithWorkMode(key); - PUTU32(key->buf, word); - while (inlen-- > 0) { - out[n] = in[n] ^ key->buf[n]; - n++; - } - } - - key->buf_index = n; - return; -#endif -} diff --git a/crypto/zuc/zuc.h b/crypto/zuc/zuc.h index 7e00a85f..ead0ca89 100755 --- a/crypto/zuc/zuc.h +++ b/crypto/zuc/zuc.h @@ -1,3 +1,54 @@ +/* crypto/zuc/zuc.h */ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + #ifndef HEADER_ZUC_H #define HEADER_ZUC_H @@ -10,43 +61,32 @@ extern "C" { typedef struct { - uint32_t LFSR_S0; - uint32_t LFSR_S1; - uint32_t LFSR_S2; - uint32_t LFSR_S3; - uint32_t LFSR_S4; - uint32_t LFSR_S5; - uint32_t LFSR_S6; - uint32_t LFSR_S7; - uint32_t LFSR_S8; - uint32_t LFSR_S9; - uint32_t LFSR_S10; - uint32_t LFSR_S11; - uint32_t LFSR_S12; - uint32_t LFSR_S13; - uint32_t LFSR_S14; - uint32_t LFSR_S15; - - /* the registers of F */ - uint32_t F_R1; - uint32_t F_R2; - - /* the outputs of BitReorganization */ - uint32_t BRC_X0; - uint32_t BRC_X1; - uint32_t BRC_X2; - uint32_t BRC_X3; - - /* word buffer */ - unsigned char buf[4]; - int buf_index; -} ZUC_KEY; + unsigned char zuc_state[100]; /* change what you like */ + unsigned char word_buf[4]; +} zuc_key_t; -void ZUC_set_key(ZUC_KEY *key, const unsigned char *k, const unsigned char *iv); -void ZUC_encrypt(ZUC_KEY *key, size_t inlen, const unsigned char *in, unsigned char *out); +void zuc_set_key(zuc_key_t *key, const unsigned char *user_key, const unsigned char *iv); +void zuc_generate_keystream(zuc_key_t *key, size_t nwords, uint32_t *words); +void zuc_encrypt(zuc_key_t *key, size_t len, const unsigned char *in, unsigned char *out); +#define EEA3_MIN_BITS 1 +#define EEA3_MAX_BITS 65504 + + +/* 128-EEA3 + * Input: + * count - the counter + * bearer - the bearer ientity 5-bit + * direction - 0 or 1 + * nbits - the length of input message, in [1, 65504] + */ +#if 0 +void eea3_set_key(zuc_key_t *key, const unsigned char *user_key, + uint32_t count, uint32_t bearer, uint32_t direction); +void eea3_encrypt(zuc_key_t *key, size_t len, const unsigned char *in, unsigned char *out); +#endif #ifdef __cplusplus } diff --git a/crypto/zuc/zuctest.c b/crypto/zuc/zuctest.c index b28b04f6..5c7ef752 100755 --- a/crypto/zuc/zuctest.c +++ b/crypto/zuc/zuctest.c @@ -1,3 +1,512 @@ +/* crypto/zuc/zuctest.c */ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include +#include "../../e_os.h" +typedef struct { + uint32_t *words; + size_t nwords; +} test_words_t; +/* The following test suites are from + * + * ETSI/SAGE Specification + * Specification of the 3GPP Confidentiality and Integrity Algorithms + * 128-EEA3 & 128-EIA3 + * Document 3: Implementor's Test Data + * Version 1.1 Date: Jan. 4, 2011 + * + * NOTE: eea3_test_count[1] might be error + */ + + +/* ZUC Test Suits */ + +static unsigned char zuc_test_key[][16] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x3d, 0x4c, 0x4b, 0xe9, 0x6a, 0x82, 0xfd, 0xae, + 0xb5, 0x8f, 0x64, 0x1d, 0xb1, 0x7b, 0x45, 0x5b}, + {0x4d, 0x32, 0x0b, 0xfa, 0xd4, 0xc2, 0x85, 0xbf, + 0xd6, 0xb8, 0xbd, 0x00, 0xf3, 0x9d, 0x8b, 0x41}, +}; + +static unsigned char zuc_test_iv[][16] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0x84, 0x31, 0x9a, 0xa8, 0xde, 0x69, 0x15, 0xca, + 0x1f, 0x6b, 0xda, 0x6b, 0xfb, 0xd8, 0xc7, 0x66}, + {0x52, 0x95, 0x9d, 0xab, 0xa0, 0xbf, 0x17, 0x6e, + 0xce, 0x2d, 0xc3, 0x15, 0x04, 0x9e, 0xb5, 0x74}, +}; + +static uint32_t zuc_test_words[][2] = { + {0x27bede74, 0x018082da}, + {0x0657cfa0, 0x7096398b}, + {0x14f1c272, 0x3279c419}, + {0xed4400e7, 0x0633e5c5}, +}; + +static uint32_t zuc_test4_word1999 = 0x7a574cdb; + + +/* 128-EEA3 Test Suites */ + +static unsigned char eea3_test_key[][16] = { + {0x17, 0x3d, 0x14, 0xba, 0x50, 0x03, 0x73, 0x1d, + 0x7a, 0x60, 0x04, 0x94, 0x70, 0xf0, 0x0a, 0x29}, + {0xe5, 0xbd, 0x3e, 0xa0, 0xeb, 0x55, 0xad, 0xe8, + 0x66, 0xc6, 0xac, 0x58, 0xbd, 0x54, 0x30, 0x2a}, + {0xd4, 0x55, 0x2a, 0x8f, 0xd6, 0xe6, 0x1c, 0xc8, + 0x1a, 0x20, 0x09, 0x14, 0x1a, 0x29, 0xc1, 0x0b}, + {0xdb, 0x84, 0xb4, 0xfb, 0xcc, 0xda, 0x56, 0x3b, + 0x66, 0x22, 0x7b, 0xfe, 0x45, 0x6f, 0x0f, 0x77}, + {0xe1, 0x3f, 0xed, 0x21, 0xb4, 0x6e, 0x4e, 0x7e, + 0xc3, 0x12, 0x53, 0xb2, 0xbb, 0x17, 0xb3, 0xe0}, +}; + +static uint32_t eea3_test_count[] = { + 0x66035492, /* XXX: ? */0x56823, 0x76452ec1, 0xe4850fe1, + 0x2738cdaa, +}; + +static uint8_t eea3_test_bearer[] = { + 0x0f, 0x18, 0x02, 0x10, 0x1a, +}; + +static int eea3_test_direction[] = { + 0, 1, 1, 1 , 0, +}; + +static int eea3_test_nbits[] = { + 193, 800, 1570, 2798, 4019, +}; + +static uint32_t eea3_test1_plaintext[] = { + 0x6cf65340, 0x735552ab, 0x0c9752fa, 0x6f9025fe, + 0x0bd675d9, 0x005875b2, 0x00000000, +}; + +static uint32_t eea3_test1_ciphertext[] = { + 0xa6c85fc6, 0x6afb8533, 0xaafc2518, 0xdfe78494, + 0x0ee1e4b0, 0x30238cc8, 0x00000000, +}; + +static uint32_t eea3_test2_plaintext[] = { + 0x14a8ef69, 0x3d678507, 0xbbe7270a, 0x7f67ff50, + 0x06c3525b, 0x9807e467, 0xc4e56000, 0xba338f5d, + 0x42955903, 0x67518222, 0x46c80d3b, 0x38f07f4b, + 0xe2d8ff58, 0x05f51322, 0x29bde93b, 0xbbdcaf38, + 0x2bf1ee97, 0x2fbf9977, 0xbada8945, 0x847a2a6c, + 0x9ad34a66, 0x7554e04d, 0x1f7fa2c3, 0x3241bd8f, + 0x01ba220d, +}; + +static uint32_t eea3_test2_ciphertext[] = { + 0x131d43e0, 0xdea1be5c, 0x5a1bfd97, 0x1d852cbf, + 0x712d7b4f, 0x57961fea, 0x3208afa8, 0xbca433f4, + 0x56ad09c7, 0x417e58bc, 0x69cf8866, 0xd1353f74, + 0x865e8078, 0x1d202dfb, 0x3ecff7fc, 0xbc3b190f, + 0xe82a204e, 0xd0e350fc, 0x0f6f2613, 0xb2f2bca6, + 0xdf5a473a, 0x57a4a00d, 0x985ebad8, 0x80d6f238, + 0x64a07b01, +}; + +static uint32_t eea3_test3_plaintext[] = { + 0x38f07f4b, 0xe2d8ff58, 0x05f51322, 0x29bde93b, + 0xbbdcaf38, 0x2bf1ee97, 0x2fbf9977, 0xbada8945, + 0x847a2a6c, 0x9ad34a66, 0x7554e04d, 0x1f7fa2c3, + 0x3241bd8f, 0x01ba220d, 0x3ca4ec41, 0xe074595f, + 0x54ae2b45, 0x4fd97143, 0x20436019, 0x65cca85c, + 0x2417ed6c, 0xbec3bada, 0x84fc8a57, 0x9aea7837, + 0xb0271177, 0x242a64dc, 0x0a9de71a, 0x8edee86c, + 0xa3d47d03, 0x3d6bf539, 0x804eca86, 0xc584a905, + 0x2de46ad3, 0xfced6554, 0x3bd90207, 0x372b27af, + 0xb79234f5, 0xff43ea87, 0x0820e2c2, 0xb78a8aae, + 0x61cce52a, 0x0515e348, 0xd196664a, 0x3456b182, + 0xa07c406e, 0x4a207912, 0x71cfeda1, 0x65d535ec, + 0x5ea2d4df, 0x40000000, +}; + +static uint32_t eea3_test3_ciphertext[] = { + 0x8383b022, 0x9fcc0b9d, 0x2295ec41, 0xc977e9c2, + 0xbb72e220, 0x378141f9, 0xc8318f3a, 0x270dfbcd, + 0xee6411c2, 0xb3044f17, 0x6dc6e00f, 0x8960f97a, + 0xfacd131a, 0xd6a3b49b, 0x16b7babc, 0xf2a509eb, + 0xb16a75dc, 0xab14ff27, 0x5dbeeea1, 0xa2b155f9, + 0xd52c2645, 0x2d0187c3, 0x10a4ee55, 0xbeaa78ab, + 0x4024615b, 0xa9f5d5ad, 0xc7728f73, 0x560671f0, + 0x13e5e550, 0x085d3291, 0xdf7d5fec, 0xedded559, + 0x641b6c2f, 0x585233bc, 0x71e9602b, 0xd2305855, + 0xbbd25ffa, 0x7f17ecbc, 0x042daae3, 0x8c1f57ad, + 0x8e8ebd37, 0x346f71be, 0xfdbb7432, 0xe0e0bb2c, + 0xfc09bcd9, 0x6570cb0c, 0x0c39df5e, 0x29294e82, + 0x703a637f, 0x80000000, +}; + +static uint32_t eea3_test4_plaintext[] = { + 0xe539f3b8, 0x973240da, 0x03f2b8aa, 0x05ee0a00, + 0xdbafc0e1, 0x82055dfe, 0x3d7383d9, 0x2cef40e9, + 0x2928605d, 0x52d05f4f, 0x9018a1f1, 0x89ae3997, + 0xce19155f, 0xb1221db8, 0xbb0951a8, 0x53ad852c, + 0xe16cff07, 0x382c93a1, 0x57de00dd, 0xb125c753, + 0x9fd85045, 0xe4ee07e0, 0xc43f9e9d, 0x6f414fc4, + 0xd1c62917, 0x813f74c0, 0x0fc83f3e, 0x2ed7c45b, + 0xa5835264, 0xb43e0b20, 0xafda6b30, 0x53bfb642, + 0x3b7fce25, 0x479ff5f1, 0x39dd9b5b, 0x995558e2, + 0xa56be18d, 0xd581cd01, 0x7c735e6f, 0x0d0d97c4, + 0xddc1d1da, 0x70c6db4a, 0x12cc9277, 0x8e2fbbd6, + 0xf3ba52af, 0x91c9c6b6, 0x4e8da4f7, 0xa2c266d0, + 0x2d001753, 0xdf089603, 0x93c5d568, 0x88bf49eb, + 0x5c16d9a8, 0x0427a416, 0xbcb597df, 0x5bfe6f13, + 0x890a07ee, 0x1340e647, 0x6b0d9aa8, 0xf822ab0f, + 0xd1ab0d20, 0x4f40b7ce, 0x6f2e136e, 0xb67485e5, + 0x07804d50, 0x4588ad37, 0xffd81656, 0x8b2dc403, + 0x11dfb654, 0xcdead47e, 0x2385c343, 0x6203dd83, + 0x6f9c64d9, 0x7462ad5d, 0xfa63b5cf, 0xe08acb95, + 0x32866f5c, 0xa787566f, 0xca93e6b1, 0x693ee15c, + 0xf6f7a2d6, 0x89d97417, 0x98dc1c23, 0x8e1be650, + 0x733b18fb, 0x34ff880e, 0x16bbd21b, 0x47ac0000, +}; + +static uint32_t eea3_test4_ciphertext[] = { + 0x4bbfa91b, 0xa25d47db, 0x9a9f190d, 0x962a19ab, + 0x323926b3, 0x51fbd39e, 0x351e05da, 0x8b8925e3, + 0x0b1cce0d, 0x12211010, 0x95815cc7, 0xcb631950, + 0x9ec0d679, 0x40491987, 0xe13f0aff, 0xac332aa6, + 0xaa64626d, 0x3e9a1917, 0x519e0b97, 0xb655c6a1, + 0x65e44ca9, 0xfeac0790, 0xd2a321ad, 0x3d86b79c, + 0x5138739f, 0xa38d887e, 0xc7def449, 0xce8abdd3, + 0xe7f8dc4c, 0xa9e7b733, 0x14ad310f, 0x9025e619, + 0x46b3a56d, 0xc649ec0d, 0xa0d63943, 0xdff592cf, + 0x962a7efb, 0x2c8524e3, 0x5a2a6e78, 0x79d62604, + 0xef268695, 0xfa400302, 0x7e22e608, 0x30775220, + 0x64bd4a5b, 0x906b5f53, 0x1274f235, 0xed506cff, + 0x0154c754, 0x928a0ce5, 0x476f2cb1, 0x020a1222, + 0xd32c1455, 0xecaef1e3, 0x68fb344d, 0x1735bfbe, + 0xdeb71d0a, 0x33a2a54b, 0x1da5a294, 0xe679144d, + 0xdf11eb1a, 0x3de8cf0c, 0xc0619179, 0x74f35c1d, + 0x9ca0ac81, 0x807f8fcc, 0xe6199a6c, 0x7712da86, + 0x5021b04c, 0xe0439516, 0xf1a526cc, 0xda9fd9ab, + 0xbd53c3a6, 0x84f9ae1e, 0x7ee6b11d, 0xa138ea82, + 0x6c5516b5, 0xaadf1abb, 0xe36fa7ff, 0xf92e3a11, + 0x76064e8d, 0x95f2e488, 0x2b5500b9, 0x3228b219, + 0x4a475c1a, 0x27f63f9f, 0xfd264989, 0xa1bc0000, +}; + +static uint32_t eea3_test5_plaintext[] = { + 0x8d74e20d, 0x54894e06, 0xd3cb13cb, 0x3933065e, + 0x8674be62, 0xadb1c72b, 0x3a646965, 0xab63cb7b, + 0x7854dfdc, 0x27e84929, 0xf49c64b8, 0x72a490b1, + 0x3f957b64, 0x827e71f4, 0x1fbd4269, 0xa42c97f8, + 0x24537027, 0xf86e9f4a, 0xd82d1df4, 0x51690fdd, + 0x98b6d03f, 0x3a0ebe3a, 0x312d6b84, 0x0ba5a182, + 0x0b2a2c97, 0x09c090d2, 0x45ed267c, 0xf845ae41, + 0xfa975d33, 0x33ac3009, 0xfd40eba9, 0xeb5b8857, + 0x14b768b6, 0x97138baf, 0x21380eca, 0x49f644d4, + 0x8689e421, 0x5760b906, 0x739f0d2b, 0x3f091133, + 0xca15d981, 0xcbe401ba, 0xf72d05ac, 0xe05cccb2, + 0xd297f4ef, 0x6a5f58d9, 0x1246cfa7, 0x7215b892, + 0xab441d52, 0x78452795, 0xccb7f5d7, 0x9057a1c4, + 0xf77f80d4, 0x6db2033c, 0xb79bedf8, 0xe60551ce, + 0x10c667f6, 0x2a97abaf, 0xabbcd677, 0x2018df96, + 0xa282ea73, 0x7ce2cb33, 0x1211f60d, 0x5354ce78, + 0xf9918d9c, 0x206ca042, 0xc9b62387, 0xdd709604, + 0xa50af16d, 0x8d35a890, 0x6be484cf, 0x2e74a928, + 0x99403643, 0x53249b27, 0xb4c9ae29, 0xeddfc7da, + 0x6418791a, 0x4e7baa06, 0x60fa6451, 0x1f2d685c, + 0xc3a5ff70, 0xe0d2b742, 0x92e3b8a0, 0xcd6b04b1, + 0xc790b8ea, 0xd2703708, 0x540dea2f, 0xc09c3da7, + 0x70f65449, 0xe84d817a, 0x4f551055, 0xe19ab850, + 0x18a0028b, 0x71a144d9, 0x6791e9a3, 0x57793350, + 0x4eee0060, 0x340c69d2, 0x74e1bf9d, 0x805dcbcc, + 0x1a6faa97, 0x6800b6ff, 0x2b671dc4, 0x63652fa8, + 0xa33ee509, 0x74c1c21b, 0xe01eabb2, 0x16743026, + 0x9d72ee51, 0x1c9dde30, 0x797c9a25, 0xd86ce74f, + 0x5b961be5, 0xfdfb6807, 0x814039e7, 0x137636bd, + 0x1d7fa9e0, 0x9efd2007, 0x505906a5, 0xac45dfde, + 0xed7757bb, 0xee745749, 0xc2963335, 0x0bee0ea6, + 0xf409df45, 0x80160000, +}; + +static uint32_t eea3_test5_ciphertext[] = { + 0x94eaa4aa, 0x30a57137, 0xddf09b97, 0xb25618a2, + 0x0a13e2f1, 0x0fa5bf81, 0x61a879cc, 0x2ae797a6, + 0xb4cf2d9d, 0xf31debb9, 0x905ccfec, 0x97de605d, + 0x21c61ab8, 0x531b7f3c, 0x9da5f039, 0x31f8a064, + 0x2de48211, 0xf5f52ffe, 0xa10f392a, 0x04766998, + 0x5da454a2, 0x8f080961, 0xa6c2b62d, 0xaa17f33c, + 0xd60a4971, 0xf48d2d90, 0x9394a55f, 0x48117ace, + 0x43d708e6, 0xb77d3dc4, 0x6d8bc017, 0xd4d1abb7, + 0x7b7428c0, 0x42b06f2f, 0x99d8d07c, 0x9879d996, + 0x00127a31, 0x985f1099, 0xbbd7d6c1, 0x519ede8f, + 0x5eeb4a61, 0x0b349ac0, 0x1ea23506, 0x91756bd1, + 0x05c974a5, 0x3eddb35d, 0x1d4100b0, 0x12e522ab, + 0x41f4c5f2, 0xfde76b59, 0xcb8b96d8, 0x85cfe408, + 0x0d1328a0, 0xd636cc0e, 0xdc05800b, 0x76acca8f, + 0xef672084, 0xd1f52a8b, 0xbd8e0993, 0x320992c7, + 0xffbae17c, 0x408441e0, 0xee883fc8, 0xa8b05e22, + 0xf5ff7f8d, 0x1b48c74c, 0x468c467a, 0x028f09fd, + 0x7ce91109, 0xa570a2d5, 0xc4d5f4fa, 0x18c5dd3e, + 0x4562afe2, 0x4ef77190, 0x1f59af64, 0x5898acef, + 0x088abae0, 0x7e92d52e, 0xb2de5504, 0x5bb1b7c4, + 0x164ef2d7, 0xa6cac15e, 0xeb926d7e, 0xa2f08b66, + 0xe1f759f3, 0xaee44614, 0x725aa3c7, 0x482b3084, + 0x4c143ff8, 0x5b53f1e5, 0x83c50125, 0x7dddd096, + 0xb81268da, 0xa303f172, 0x34c23335, 0x41f0bb8e, + 0x190648c5, 0x807c866d, 0x71932286, 0x09adb948, + 0x686f7de2, 0x94a802cc, 0x38f7fe52, 0x08f5ea31, + 0x96d0167b, 0x9bdd02f0, 0xd2a5221c, 0xa508f893, + 0xaf5c4b4b, 0xb9f4f520, 0xfd84289b, 0x3dbe7e61, + 0x497a7e2a, 0x584037ea, 0x637b6981, 0x127174af, + 0x57b471df, 0x4b2768fd, 0x79c1540f, 0xb3edf2ea, + 0x22cb69be, 0xc0cf8d93, 0x3d9c6fdd, 0x645e8505, + 0x91cca3d6, 0x2c0cc000, +}; + +static test_words_t eea3_test_plaintext[] = { + {eea3_test1_plaintext, sizeof(eea3_test1_plaintext)/4}, + {eea3_test2_plaintext, sizeof(eea3_test2_plaintext)/4}, + {eea3_test3_plaintext, sizeof(eea3_test3_plaintext)/4}, + {eea3_test4_plaintext, sizeof(eea3_test4_plaintext)/4}, + {eea3_test5_plaintext, sizeof(eea3_test5_plaintext)/4}, +}; + +static test_words_t eea3_test_ciphertext[] = { + {eea3_test1_ciphertext, sizeof(eea3_test1_ciphertext)/4}, + {eea3_test2_ciphertext, sizeof(eea3_test2_ciphertext)/4}, + {eea3_test3_ciphertext, sizeof(eea3_test3_ciphertext)/4}, + {eea3_test4_ciphertext, sizeof(eea3_test4_ciphertext)/4}, + {eea3_test5_ciphertext, sizeof(eea3_test5_ciphertext)/4}, +}; + + +/* 128-EIA3 Test Suites */ + +static unsigned char eia3_test_key[][16] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x47, 0x05, 0x41, 0x25, 0x56, 0x1e, 0xb2, 0xdd, + 0xa9, 0x40, 0x59, 0xda, 0x05, 0x09, 0x78, 0x50}, + {0xc9, 0xe6, 0xce, 0xc4, 0x60, 0x7c, 0x72, 0xdb, + 0x00, 0x0a, 0xef, 0xa8, 0x83, 0x85, 0xab, 0x0a}, + {0xc8, 0xa4, 0x82, 0x62, 0xd0, 0xc2, 0xe2, 0xba, + 0xc4, 0xb9, 0x6e, 0xf7, 0x7e, 0x80, 0xca, 0x59}, + {0x6b, 0x8b, 0x08, 0xee, 0x79, 0xe0, 0xb5, 0x98, + 0x2d, 0x6d, 0x12, 0x8e, 0xa9, 0xf2, 0x20, 0xcb}, +}; + +static uint32_t eia3_test_count[] = { + 0x00000000, 0x561eb2dd, 0xa94059da, 0x05097850, + 0x561eb2dd, +}; + +static uint8_t eia3_test_bearer[] = { + 0x00, 0x14, 0x0a, 0x10, 0x1c, +}; + +static int eia3_test_direction[] = { + 0, 0, 1, 1, 0, +}; + +static int eia3_test_nbits[] = { + 1, 90, 577, 2079, 5670, +}; + +static uint32_t eia3_test1_msg[] = { + 0x00000000, +}; + +static uint32_t eia3_test2_msg[] = { + 0x00000000, 0x00000000, 0x00000000, +}; + +static uint32_t eia3_test3_msg[] = { + 0x983b41d4, 0x7d780c9e, 0x1ad11d7e, 0xb70391b1, + 0xde0b35da, 0x2dc62f83, 0xe7b78d63, 0x06ca0ea0, + 0x7e941b7b, 0xe91348f9, 0xfcb170e2, 0x217fecd9, + 0x7f9f68ad, 0xb16e5d7d, 0x21e569d2, 0x80ed775c, + 0xebde3f40, 0x93c53881, 0x00000000 +}; + +static uint32_t eia3_test4_msg[] = { + 0xb546430b, 0xf87b4f1e, 0xe834704c, 0xd6951c36, + 0xe26f108c, 0xf731788f, 0x48dc34f1, 0x678c0522, + 0x1c8fa7ff, 0x2f39f477, 0xe7e49ef6, 0x0a4ec2c3, + 0xde24312a, 0x96aa26e1, 0xcfba5756, 0x3838b297, + 0xf47e8510, 0xc779fd66, 0x54b14338, 0x6fa639d3, + 0x1edbd6c0, 0x6e47d159, 0xd94362f2, 0x6aeeedee, + 0x0e4f49d9, 0xbf841299, 0x5415bfad, 0x56ee82d1, + 0xca7463ab, 0xf085b082, 0xb09904d6, 0xd990d43c, + 0xf2e062f4, 0x0839d932, 0x48b1eb92, 0xcdfed530, + 0x0bc14828, 0x0430b6d0, 0xcaa094b6, 0xec8911ab, + 0x7dc36824, 0xb824dc0a, 0xf6682b09, 0x35fde7b4, + 0x92a14dc2, 0xf4364803, 0x8da2cf79, 0x170d2d50, + 0x133fd494, 0x16cb6e33, 0xbea90b8b, 0xf4559b03, + 0x732a01ea, 0x290e6d07, 0x4f79bb83, 0xc10e5800, + 0x15cc1a85, 0xb36b5501, 0x046e9c4b, 0xdcae5135, + 0x690b8666, 0xbd54b7a7, 0x03ea7b6f, 0x220a5469, + 0xa568027e, +}; + +static uint32_t eia3_test5_msg[] = { + 0x5bad7247, 0x10ba1c56, 0xd5a315f8, 0xd40f6e09, + 0x3780be8e, 0x8de07b69, 0x92432018, 0xe08ed96a, + 0x5734af8b, 0xad8a575d, 0x3a1f162f, 0x85045cc7, + 0x70925571, 0xd9f5b94e, 0x454a77c1, 0x6e72936b, + 0xf016ae15, 0x7499f054, 0x3b5d52ca, 0xa6dbeab6, + 0x97d2bb73, 0xe41b8075, 0xdce79b4b, 0x86044f66, + 0x1d4485a5, 0x43dd7860, 0x6e0419e8, 0x059859d3, + 0xcb2b67ce, 0x0977603f, 0x81ff839e, 0x33185954, + 0x4cfbc8d0, 0x0fef1a4c, 0x8510fb54, 0x7d6b06c6, + 0x11ef44f1, 0xbce107cf, 0xa45a06aa, 0xb360152b, + 0x28dc1ebe, 0x6f7fe09b, 0x0516f9a5, 0xb02a1bd8, + 0x4bb0181e, 0x2e89e19b, 0xd8125930, 0xd178682f, + 0x3862dc51, 0xb636f04e, 0x720c47c3, 0xce51ad70, + 0xd94b9b22, 0x55fbae90, 0x6549f499, 0xf8c6d399, + 0x47ed5e5d, 0xf8e2def1, 0x13253e7b, 0x08d0a76b, + 0x6bfc68c8, 0x12f375c7, 0x9b8fe5fd, 0x85976aa6, + 0xd46b4a23, 0x39d8ae51, 0x47f680fb, 0xe70f978b, + 0x38effd7b, 0x2f7866a2, 0x2554e193, 0xa94e98a6, + 0x8b74bd25, 0xbb2b3f5f, 0xb0a5fd59, 0x887f9ab6, + 0x8159b717, 0x8d5b7b67, 0x7cb546bf, 0x41eadca2, + 0x16fc1085, 0x0128f8bd, 0xef5c8d89, 0xf96afa4f, + 0xa8b54885, 0x565ed838, 0xa950fee5, 0xf1c3b0a4, + 0xf6fb71e5, 0x4dfd169e, 0x82cecc72, 0x66c850e6, + 0x7c5ef0ba, 0x960f5214, 0x060e71eb, 0x172a75fc, + 0x1486835c, 0xbea65344, 0x65b055c9, 0x6a72e410, + 0x52241823, 0x25d83041, 0x4b40214d, 0xaa8091d2, + 0xe0fb010a, 0xe15c6de9, 0x0850973b, 0xdf1e423b, + 0xe148a237, 0xb87a0c9f, 0x34d4b476, 0x05b803d7, + 0x43a86a90, 0x399a4af3, 0x96d3a120, 0x0a62f3d9, + 0x507962e8, 0xe5bee6d3, 0xda2bb3f7, 0x237664ac, + 0x7a292823, 0x900bc635, 0x03b29e80, 0xd63f6067, + 0xbf8e1716, 0xac25beba, 0x350deb62, 0xa99fe031, + 0x85eb4f69, 0x937ecd38, 0x7941fda5, 0x44ba67db, + 0x09117749, 0x38b01827, 0xbcc69c92, 0xb3f772a9, + 0xd2859ef0, 0x03398b1f, 0x6bbad7b5, 0x74f7989a, + 0x1d10b2df, 0x798e0dbf, 0x30d65874, 0x64d24878, + 0xcd00c0ea, 0xee8a1a0c, 0xc753a279, 0x79e11b41, + 0xdb1de3d5, 0x038afaf4, 0x9f5c682c, 0x3748d8a3, + 0xa9ec54e6, 0xa371275f, 0x1683510f, 0x8e4f9093, + 0x8f9ab6e1, 0x34c2cfdf, 0x4841cba8, 0x8e0cff2b, + 0x0bcc8e6a, 0xdcb71109, 0xb5198fec, 0xf1bb7e5c, + 0x531aca50, 0xa56a8a3b, 0x6de59862, 0xd41fa113, + 0xd9cd9578, 0x08f08571, 0xd9a4bb79, 0x2af271f6, + 0xcc6dbb8d, 0xc7ec36e3, 0x6be1ed30, 0x8164c31c, + 0x7c0afc54, 0x1c000000, +}; + +static test_words_t eia3_test_msg[5] = { + {eia3_test1_msg, sizeof(eia3_test1_msg)/4}, + {eia3_test2_msg, sizeof(eia3_test2_msg)/4}, + {eia3_test3_msg, sizeof(eia3_test3_msg)/4}, + {eia3_test4_msg, sizeof(eia3_test4_msg)/4}, + {eia3_test5_msg, sizeof(eia3_test5_msg)/4}, +}; + +static uint32_t eia3_test_mac[5] = { + 0xc8a9595e, 0x6719a088, 0xfae8ff0b, 0x004ac4d6, + 0x0ca12792, +}; + +static int test_zuc(int verbose) +{ +#if 0 + int i; + for (i = 0; i < sizeof(zuc_test_key)/sizeof(zuc_test_key[0]); i++) { + zuc_key_t key; + uint32_t word; + + zuc_set_key(&key, zuc_test_key[i], zuc_test_iv[i]); + + for (j = 0; j < 2; j++) { + zuc_generate_keystream(&key, 1, &word); + if (word != zuc_test_word[i][j]) { + return 0; + } + } + } + +#endif + return 0; +} + +static int test_eea3(int verbose) +{ +#if 0 + zuc_key_t key; + int i; + for (i = 0; i < sizeof(eea3_test_key)/sizeof(eea3_test_key[0]); i++) { + eea3_set_key(&key, eea3_test_count[i], eea3_test_bearer[i], eea3_test_direction[i]); + } +#endif + return 0; +} + +static int test_eia3(int verbose) +{ + return 0; +} + +int main(int argc, char *argv[]) +{ + return 0; +} diff --git a/demos/ameth.c b/demos/ameth.c deleted file mode 100644 index 2a130d7a..00000000 --- a/demos/ameth.c +++ /dev/null @@ -1,36 +0,0 @@ -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - - int i; - -/* -int EVP_PKEY_asn1_get_count(void); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - const char *str, int len); - -*/ - - int count = EVP_PKEY_asn1_get_count(); - printf("EVP_PKEY_asn1_get_count() = %d\n", count); - - for (i = 0; i < count; i++) { - const EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_asn1_get0(i); - - int j; - const unsigned char *p = (const unsigned char *)ameth; - for (j = 0; j < 64; j++) { - printf("%02x", p[j]); - } - printf("\n"); - } - -} diff --git a/demos/gmssl/Makefile b/demos/gmssl/Makefile new file mode 100644 index 00000000..f08ea93b --- /dev/null +++ b/demos/gmssl/Makefile @@ -0,0 +1,14 @@ + +all: + cc -o ciphers -Wall ciphers.c -L/usr/local/lib -lcrypto + cc -o sm3 -Wall sm3.c -L/usr/local/lib -lcrypto + cc -o evpsm3 -Wall evpsm3.c -L/usr/local/lib -lcrypto + cc -o hmacsm3 -Wall hmacsm3.c -L/usr/local/lib -lcrypto + +clean: + rm -fr a.out *.o + rm -fr ciphers + rm -fr sm3 + rm -fr evpsm3 + rm -fr hmacsm3 + diff --git a/demos/gmssl/a.out b/demos/gmssl/a.out new file mode 100755 index 00000000..764b9c6d Binary files /dev/null and b/demos/gmssl/a.out differ diff --git a/demos/gmssl/cert.pem b/demos/gmssl/cert.pem deleted file mode 100644 index c2d6194c..00000000 --- a/demos/gmssl/cert.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB9jCCAZ2gAwIBAgIJAI6saFfpzqpLMAoGCCqGSM49BAMCMFgxCzAJBgNVBAYT -AkNOMQwwCgYDVQQIDANQS1UxDDAKBgNVBAcMA1BLVTEMMAoGA1UECgwDUEtVMQ0w -CwYDVQQLDARERFNTMRAwDgYDVQQDDAdERFNTLUFTMB4XDTE2MDUxODExNTgyMVoX -DTI2MDUxNjExNTgyMVowWDELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1BLVTEMMAoG -A1UEBwwDUEtVMQwwCgYDVQQKDANQS1UxDTALBgNVBAsMBEREU1MxEDAOBgNVBAMM -B0REU1MtQVMwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATFBdPQp/tqJHjfL+eZ -Jv1tUCMFpWCzoskQgDImhLP8+snkNSmZhRtHeerUr8oP6FtWAPnhUzwMOVb4JcNC -CYSbo1AwTjAdBgNVHQ4EFgQUCz8gNn0NMxyIW/gRF13zl6ExeLUwHwYDVR0jBBgw -FoAUCz8gNn0NMxyIW/gRF13zl6ExeLUwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD -AgNHADBEAiARFx9dY1LE+ELs/SWIkMLxbikA3P4YE0JZZkAmXZVo/gIgEs8G6fJw -8AEbDwMcMiLLyJ7RhcUhEX+oj3Ibm8JgQXo= ------END CERTIFICATE----- diff --git a/demos/gmssl/ciphers.c b/demos/gmssl/ciphers.c new file mode 100644 index 00000000..b4907549 --- /dev/null +++ b/demos/gmssl/ciphers.c @@ -0,0 +1,89 @@ +/* demo/gmssl/ciphers.c */ +/* ==================================================================== + * Copyright (c) 2014 - 2015 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include + +int main(int argc, char **argv) +{ + int i; + char *names[] = { + "sms4-ecb", + "sms4-cbc", + "sms4-cfb", + "sms4-ofb", + "sms4-ctr", + "zuc", + }; + const EVP_CIPHER *cipher; + + OpenSSL_add_all_ciphers(); + + printf("%s New Ciphers:\n\n", OPENSSL_VERSION_TEXT); + + for (i = 0; i < sizeof(names)/sizeof(names[i]); i++) { + if (!(cipher = EVP_get_cipherbyname(names[i]))) { + fprintf(stderr, "cipher \"%s\" is not supported\n", names[i]); + continue; + } + + printf(" cipher nid : %d\n", EVP_CIPHER_nid(cipher)); + printf(" cipher name : %s\n", EVP_CIPHER_name(cipher)); + printf(" block size : %d\n", EVP_CIPHER_block_size(cipher)); + printf(" key length : %d\n", EVP_CIPHER_key_length(cipher)); + printf(" iv length : %d\n", EVP_CIPHER_iv_length(cipher)); + printf(" flags : 0x%016lx\n", EVP_CIPHER_flags(cipher)); + printf("\n"); + } + + return 0; +} diff --git a/demos/ectool.c b/demos/gmssl/ectool.c similarity index 100% rename from demos/ectool.c rename to demos/gmssl/ectool.c diff --git a/demos/gmssl/evpsm3.c b/demos/gmssl/evpsm3.c new file mode 100644 index 00000000..5da698f1 --- /dev/null +++ b/demos/gmssl/evpsm3.c @@ -0,0 +1,109 @@ +/* demo/gmssl/sm3evp.c */ +/* ==================================================================== + * Copyright (c) 2014 - 2015 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + int ret = -1; + FILE *fp = stdin; + unsigned char buf[1024]; + size_t len; + const EVP_MD *md; + EVP_MD_CTX mdctx; + unsigned char dgst[EVP_MAX_MD_SIZE]; + unsigned int dgstlen, i; + + if (argc == 2) { + if (!(fp = fopen(argv[1], "r"))) { + fprintf(stderr, "open file %s failed\n", argv[1]); + return -1; + } + } + + OpenSSL_add_all_digests(); + if (!(md = EVP_get_digestbyname("sm3"))) { + ERR_print_errors_fp(stderr); + goto end; + } + + if (!EVP_DigestInit(&mdctx, md)) { + ERR_print_errors_fp(stderr); + goto end; + } + + while ((len = fread(buf, 1, sizeof(buf), fp))) { + if (!EVP_DigestUpdate(&mdctx, buf, len)) { + ERR_print_errors_fp(stderr); + goto end; + } + } + + if (!EVP_DigestFinal(&mdctx, dgst, &dgstlen)) { + ERR_print_errors_fp(stderr); + goto end; + } + + for (i = 0; i < dgstlen; i++) { + printf("%02x", dgst[i]); + } + printf("\n"); + ret = 0; + +end: + fclose(fp); + EVP_cleanup(); + return ret; +} + diff --git a/demos/gmssl/gmssl.sh b/demos/gmssl/gmssl.sh index e2b3a873..75fe9381 100755 --- a/demos/gmssl/gmssl.sh +++ b/demos/gmssl/gmssl.sh @@ -18,10 +18,15 @@ $gmssl genpkey -algorithm EC -out sm2key.pem -pkeyopt ec_paramgen_curve:sm2p256v #$gmssl pkey -text -noout -in sm2key.pem #$gmssl pkey -in sm2key.pem -pubout -out sm2pubkey.pem #$gmssl pkey -text -noout -pubin -in $pubkeyfile + echo hello | $gmssl pkeyutl -sign -inkey sm2key.pem -pkeyopt ec_sign_algor:sm2 > sm2sig.der + echo hello | $gmssl pkeyutl -verify -inkey sm2key.pem -sigfile sm2sig.der -pkeyopt ec_sign_algor:sm2 + echo hello | $gmssl pkeyutl -encrypt -inkey sm2key.pem -pkeyopt ec_encrypt_algor:sm2 > sm2ciphertext.bin + + cat sm2ciphertext.bin | $gmssl pkeyutl -decrypt -inkey sm2key.pem -pkeyopt ec_encrypt_algor:sm2 -$gmssl req -new -x509 -days 3650 -key sm2key.pem -out cert.pem -pkeyopt ec_sign_algor:sm2 +$gmssl req -new -x509 -days 3650 -key sm2key.pem -out cert.pem #$gmssl x509 -text -noout -in $DIR/cacert.pem diff --git a/demos/gmssl/sm3hmac.c b/demos/gmssl/hmacsm3.c similarity index 99% rename from demos/gmssl/sm3hmac.c rename to demos/gmssl/hmacsm3.c index fa467b29..5d1165f0 100644 --- a/demos/gmssl/sm3hmac.c +++ b/demos/gmssl/hmacsm3.c @@ -84,7 +84,7 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); goto end; } - + HMAC_Init_ex(&hmctx, key, sizeof(key), md, NULL); while ((len = fread(buf, 1, sizeof(buf), fp))) { diff --git a/demos/gmssl/listciphers.c b/demos/gmssl/listciphers.c deleted file mode 100644 index 39bd7e97..00000000 --- a/demos/gmssl/listciphers.c +++ /dev/null @@ -1,38 +0,0 @@ -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - int i; - char *names[] = { - "sms4-ecb", - "sms4-cbc", - "sms4-cfb", - "sms4-ofb", - "sms4-ctr", - }; - const EVP_CIPHER *cipher; - - OpenSSL_add_all_ciphers(); - - printf("%s new ciphers:\n\n", OPENSSL_VERSION_TEXT); - - for (i = 0; i < sizeof(names)/sizeof(names[i]); i++) { - if (!(cipher = EVP_get_cipherbyname(names[i]))) { - fprintf(stderr, "cipher \"%s\" is not supported\n", names[i]); - continue; - } - - printf(" cipher nid : %d\n", EVP_CIPHER_nid(cipher)); - printf(" cipher name : %s\n", EVP_CIPHER_name(cipher)); - printf(" block size : %d\n", EVP_CIPHER_block_size(cipher)); - printf(" key length : %d\n", EVP_CIPHER_key_length(cipher)); - printf(" iv length : %d\n", EVP_CIPHER_iv_length(cipher)); - printf(" flags : 0x%016lx\n", EVP_CIPHER_flags(cipher)); - printf("\n"); - } - - return 0; -} diff --git a/demos/gmssl/memleak.c b/demos/gmssl/memleak.c new file mode 100644 index 00000000..4e857e27 --- /dev/null +++ b/demos/gmssl/memleak.c @@ -0,0 +1,20 @@ +#include +#include +#include +#include + +int main() +{ + BIO *bio_err; + void *ptr; + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + ptr = OPENSSL_malloc(1024); + + CRYPTO_mem_leaks(bio_err); + BIO_free(bio_err); + + return (0); +} diff --git a/demos/gmssl/selfsign.c b/demos/gmssl/selfsign.c index e1d180fb..f658fb97 100644 --- a/demos/gmssl/selfsign.c +++ b/demos/gmssl/selfsign.c @@ -4,104 +4,55 @@ #include #include -int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days) -{ - X509 *x; - EVP_PKEY *pk; - EC_KEY *ec_key; - X509_NAME *name = NULL; - X509_NAME_ENTRY *ne = NULL; - X509_EXTENSION *ex = NULL; - - if ((pkeyp == NULL) || (*pkeyp == NULL)) { - if ((pk = EVP_PKEY_new()) == NULL) { - abort(); - return (0); - } - } else - pk = *pkeyp; - - if ((x509p == NULL) || (*x509p == NULL)) { - if ((x = X509_new()) == NULL) - goto err; - } else { - x = *x509p; - } - - - ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1); - EC_KEY_generate_key(ec_key); - - if (!EVP_PKEY_assign_EC_KEY(pk, ec_key)) { - abort(); - goto err; - } - ec_key = NULL; - - X509_set_version(x, 3); - ASN1_INTEGER_set(X509_get_serialNumber(x), serial); - X509_gmtime_adj(X509_get_notBefore(x), 0); - X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days); - X509_set_pubkey(x, pk); - - name = X509_get_subject_name(x); - - /* - * This function creates and adds the entry, working out the correct - * string type and performing checks on its length. Normally we'd check - * the return value for errors... - */ - X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0); - X509_NAME_add_entry_by_txt(name, "CN", - MBSTRING_ASC, "OpenSSL Group", -1, -1, 0); - - X509_set_issuer_name(x, name); - - /* - * Add extension using V3 code: we can set the config file as NULL - * because we wont reference any other sections. We can also set the - * context to NULL because none of these extensions below will need to - * access it. - */ - - ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server"); - X509_add_ext(x, ex, -1); - X509_EXTENSION_free(ex); - - ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment, - "example comment extension"); - X509_add_ext(x, ex, -1); - X509_EXTENSION_free(ex); - - ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name, - "www.openssl.org"); - - X509_add_ext(x, ex, -1); - X509_EXTENSION_free(ex); - - - if (!X509_sign(x, pk, EVP_sm3())) - goto err; - - *x509p = x; - *pkeyp = pk; - return (1); -err: - return (0); -} - int main() { BIO *bio_err; - X509 *x509 = NULL; + + EC_KEY *ec_key = NULL; EVP_PKEY *pkey = NULL; + X509 *x509 = NULL; + int serial = 123; + int days = 365; + X509_NAME *name = NULL; + X509_NAME_ENTRY *ne = NULL; + X509_EXTENSION *ex = NULL; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1); + EC_KEY_generate_key(ec_key); + pkey = EVP_PKEY_new(); + EVP_PKEY_set1_EC_KEY(pkey, ec_key); + ec_key = NULL; - mkit(&x509, &pkey, 512, 0, 365); + x509 = X509_new(); + X509_set_version(x509, 3); + ASN1_INTEGER_set(X509_get_serialNumber(x509), serial); + X509_gmtime_adj(X509_get_notBefore(x509), 0); + X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60 * 24 * days); + X509_set_pubkey(x509, pkey); + + name = X509_get_subject_name(x509); + X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, "OpenSSL Group", -1, -1, 0); + X509_set_issuer_name(x509, name); + + ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server"); + X509_add_ext(x509, ex, -1); + X509_EXTENSION_free(ex); + + ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment, "example comment extension"); + X509_add_ext(x509, ex, -1); + X509_EXTENSION_free(ex); + + ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name, "www.openssl.org"); + + X509_add_ext(x509, ex, -1); + X509_EXTENSION_free(ex); + + X509_sign(x509, pkey, EVP_sm3()); EC_KEY_print_fp(stdout, pkey->pkey.ec, 0); X509_print_fp(stdout, x509); @@ -114,5 +65,6 @@ int main() CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); + return (0); } diff --git a/demos/gmssl/sm2ciphertext.bin b/demos/gmssl/sm2ciphertext.bin index e69de29b..10892f06 100644 --- a/demos/gmssl/sm2ciphertext.bin +++ b/demos/gmssl/sm2ciphertext.bin @@ -0,0 +1,2 @@ +' R.NZz+ +N&Jʏb l0wya>7]"~߻C9 5O4WJq/Z|ih[ \ No newline at end of file diff --git a/demos/gmssl/sm2key.pem b/demos/gmssl/sm2key.pem index d171a13c..84870a3c 100644 --- a/demos/gmssl/sm2key.pem +++ b/demos/gmssl/sm2key.pem @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgyeMq+RmwB95Ohl+U -K1KmE5/3OzxoG1lOpbyMu8sZxrqhRANCAATGmXcprKn9kYmMBKBLaxckcTFqDzNF -qDwzk8rTcWr5/2CmI9KGeSMbp7G9X/v8qh/RIattztrYXlrVP0h7Zk+A +MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgMfsFkjZrB5XuA5eX +Utr1XlgaqbL4aJHLSvtOteur2oehRANCAASygUdsxLAxiuHlr42o93jHr7lJnAbW +AsGM8lpqpz9803V6jGREo8Ajdh5lhqo0KPsfqwnVqjAE4CVLwCobJ6GZ -----END PRIVATE KEY----- diff --git a/demos/gmssl/sm2sig.der b/demos/gmssl/sm2sig.der index e69de29b..c3d6b8aa 100644 Binary files a/demos/gmssl/sm2sig.der and b/demos/gmssl/sm2sig.der differ diff --git a/demos/gmssl/sm2testpem.c b/demos/gmssl/sm2testpem.c deleted file mode 100644 index 06aab4db..00000000 --- a/demos/gmssl/sm2testpem.c +++ /dev/null @@ -1,32 +0,0 @@ -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = BIO_new_fp(stdin, BIO_NOCLOSE); - EC_GROUP *group = NULL; - EC_KEY *ec_key = NULL; - ERR_load_crypto_strings(); - - - - group = PEM_read_bio_SM2PKParameters(in, NULL, NULL, NULL); - if (!group) { - ERR_print_errors_fp(stderr); - return 0; - } - - if (!EC_GROUP_check(group, NULL)) { - ERR_print_errors_fp(stderr); - return 0; - } - - return 0; - - ec_key = EC_KEY_new(); - EC_KEY_set_group(ec_key, group); - - return 0; -} diff --git a/demos/gmssl/sm3.c b/demos/gmssl/sm3.c index 116ee430..5d8602cd 100644 --- a/demos/gmssl/sm3.c +++ b/demos/gmssl/sm3.c @@ -1,6 +1,6 @@ /* demo/gmssl/sm3.c */ /* ==================================================================== - * Copyright (c) 2014 - 2015 The GmSSL Project. All rights reserved. + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -50,60 +50,48 @@ */ #include +#include #include -#include -#include +#include +#include +#include + +/* + * usage of sm3dgst: + * ./sm3dgst + * 324234234234235234234234234234 + * + * echo "hello world" | sm3dgst + * lksjdlfksdjlfkjsdlfkjsdlfkjsdljkfffffffldjfk= + * + */ int main(int argc, char **argv) { - int ret = -1; - FILE *fp = stdin; - unsigned char buf[1024]; - size_t len; - const EVP_MD *md; - EVP_MD_CTX mdctx; - unsigned char dgst[EVP_MAX_MD_SIZE]; - unsigned int dgstlen, i; + sm3_ctx_t ctx; + unsigned char dgst[SM3_DIGEST_LENGTH]; + unsigned char buf[4096]; + ssize_t len; + int i; - if (argc == 2) { - if (!(fp = fopen(argv[1], "r"))) { - fprintf(stderr, "open file %s failed\n", argv[1]); - return -1; - } + if (argc > 1) { + printf("usage: %s < file\n", basename(argv[0])); + return 0; } - OpenSSL_add_all_digests(); - if (!(md = EVP_get_digestbyname("sm3"))) { - ERR_print_errors_fp(stderr); - goto end; - } + sm3_init(&ctx); - if (!EVP_DigestInit(&mdctx, md)) { - ERR_print_errors_fp(stderr); - goto end; + while ((len = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { + sm3_update(&ctx, buf, len); } + memset(dgst, 0, sizeof(dgst)); + sm3_final(&ctx, dgst); - while ((len = fread(buf, 1, sizeof(buf), fp))) { - if (!EVP_DigestUpdate(&mdctx, buf, len)) { - ERR_print_errors_fp(stderr); - goto end; - } - } - - if (!EVP_DigestFinal(&mdctx, dgst, &dgstlen)) { - ERR_print_errors_fp(stderr); - goto end; - } - - for (i = 0; i < dgstlen; i++) { + for (i = 0; i < sizeof(dgst); i++) { printf("%02x", dgst[i]); } printf("\n"); - ret = 0; -end: - fclose(fp); - EVP_cleanup(); - return ret; + return 0; } diff --git a/demos/mycipher/Makefile b/demos/mycipher/Makefile new file mode 100644 index 00000000..b7ae6b9b --- /dev/null +++ b/demos/mycipher/Makefile @@ -0,0 +1,78 @@ +# +# OpenSSL/crypto/mycipher/Makefile +# + +DIR= mycipher +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=mycipher.c +LIBOBJ=mycipher.o + +SRC= $(LIBSRC) + +EXHEADER= mycipher.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +update: depend + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + diff --git a/demos/mycipher/README.md b/demos/mycipher/README.md new file mode 100644 index 00000000..b9258478 --- /dev/null +++ b/demos/mycipher/README.md @@ -0,0 +1,9 @@ +## MyCipher Block Cipher + +The official specification of MyCipher can be found at +http://example.com/mycipher.pdf + +The OID (Object Identifier) of MyCipher is 1.2.345.6789, +which is defined in standard http://example.com/mycipher.pdf + + diff --git a/crypto/evp/m_btc.c b/demos/mycipher/mycipher.c similarity index 69% rename from crypto/evp/m_btc.c rename to demos/mycipher/mycipher.c index bad34d16..11660558 100644 --- a/crypto/evp/m_btc.c +++ b/demos/mycipher/mycipher.c @@ -1,4 +1,4 @@ -/* crypto/evp/m_btc.c */ +/* crypto/mycipher/mycipher.c */ /* ==================================================================== * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. * @@ -46,72 +46,27 @@ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== + * */ /* - * This module is to support crypto-currency such as Bitcoin + * author's information */ -#include -#include "cryptlib.h" +#include "mycipher.h" -#ifndef OPENSSL_NO_GMSSL - -#include -#include -#include -#include -#include - -static int init(EVP_MD_CTX *ctx) +void mycipher_set_encrypt_key(mycipher_key_t *key, const unsigned char *user_key) { - SHA256_Init(ctx->md_data->sha256); - RIPEMD_Init(ctx->md_data->rmd160); } -static int update(EVP_MD_CTX *ctx, const void *in, size_t inlen) +void mycipher_set_decrypt_key(mycipher_key_t *key, const unsigned char *user_key) { - SHA256_Update(ctx, in, inlen); } -static int final(EVP_MD_CTX *ctx, unsigned char *md) +void mycipher_encrypt(const unsigned char *in, unsigned char *out, const mycipher_key_t *key) { - return sm3_final(ctx->md_data, md); } -static const EVP_MD sm3_md = { - NID_btchash, - NID_sm2sign_with_sm3, - SM3_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - (evp_sign_method *)SM2_sign, - (evp_verify_method *)SM2_verify, - {EVP_PKEY_EC, 0, 0, 0}, - SM3_BLOCK_SIZE, - sizeof(EVP_MD *) + sizeof(sm3_ctx_t), -}; - -const EVP_MD *EVP_btc160(void) +void mycipher_decrypt(const unsigned char *in, unsigned char *out, const mycipher_key_t *key) { - return &btc160_md; } -const EVP_MD *EVP_btc256(void) -{ - return &btc256_md; -} - -const EVP_MD *EVP_sm3_rmd160(void) -{ - return 0; -} - - -#endif - - - diff --git a/demos/mycipher/mycipher.h b/demos/mycipher/mycipher.h new file mode 100644 index 00000000..26cc8151 --- /dev/null +++ b/demos/mycipher/mycipher.h @@ -0,0 +1,85 @@ +/* crypto/mycipher/mycipher.h */ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* + * author's information + */ + +#ifndef HEADER_MYCIPHER_H +#define HEADER_MYCIPHER_H + +#define MYCIPHER_KEY_LENGTH 16 +#define MYCIPHER_BLOCK_SIZE 16 +#define MYCIPHER_IV_LENGTH (MYCIPHER_BLOCK_SIZE) + +#include +#include +#include + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + unsigned char rk[100]; +} mycipher_key_t; + +void mycipher_set_encrypt_key(mycipher_key_t *key, const unsigned char *user_key); +void mycipher_set_decrypt_key(mycipher_key_t *key, const unsigned char *user_key); +void mycipher_encrypt(const unsigned char *in, unsigned char *out, const mycipher_key_t *key); +void mycipher_decrypt(const unsigned char *in, unsigned char *out, const mycipher_key_t *key); + + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/demos/mycipher/mycipher.o b/demos/mycipher/mycipher.o new file mode 100644 index 00000000..c7aeadc1 Binary files /dev/null and b/demos/mycipher/mycipher.o differ diff --git a/demos/mycipher/myciphertest.c b/demos/mycipher/myciphertest.c new file mode 100644 index 00000000..a3f02f0a --- /dev/null +++ b/demos/mycipher/myciphertest.c @@ -0,0 +1,77 @@ +/* crypto/mycipher/mycipher.h */ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* + * author's information + */ + +#include "mycipher.h" + +int main(int argc, char **argv) +{ + mycipher_key_t key; + unsigned char userkey[MYCIPHER_KEY_LENGTH] = {0x01, 0x02, }; + unsigned char msg[MYCIPHER_BLOCK_SIZE] = {0xab, 0xcd, }; + unsigned char cbuf[MYCIPHER_BLOCK_SIZE]; + unsigned char mbuf[MYCIPHER_BLOCK_SIZE]; + + mycipher_set_encrypt_key(&key, userkey); + mycipher_encrypt(msg, cbuf, &key); + + mycipher_set_decrypt_key(&key, userkey); + mycipehr_decrypt(cbuf, mbuf, &key); + + if (memcmp(cbuf, mbuf, MYCIPHER_BLOCK_SIZE)) { + return -1; + } + + return 0; +} + diff --git a/demos/mystream/Makefile b/demos/mystream/Makefile new file mode 100644 index 00000000..5c54b59c --- /dev/null +++ b/demos/mystream/Makefile @@ -0,0 +1,78 @@ +# +# OpenSSL/crypto/mystream/Makefile +# + +DIR= mystream +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=mystream.c +LIBOBJ=mystream.o + +SRC= $(LIBSRC) + +EXHEADER= mystream.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +update: depend + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + diff --git a/demos/mystream/README.md b/demos/mystream/README.md new file mode 100644 index 00000000..dfaba31b --- /dev/null +++ b/demos/mystream/README.md @@ -0,0 +1,9 @@ +## MyStream Stream Cipher + +The official specification of MyStream can be found at +http://example.com/mystream.pdf + +The OID (Object Identifier) of MyStream is 1.2.345.6789, +which is defined in standard http://example.com/mystream.pdf + + diff --git a/demos/mystream/mystream.c b/demos/mystream/mystream.c new file mode 100644 index 00000000..e8e48832 --- /dev/null +++ b/demos/mystream/mystream.c @@ -0,0 +1,64 @@ +/* crypto/mycipher/mycipher.c */ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* + * author's information + */ + +#include "mystream.h" + +void mystream_set_key(mystream_key_t *key, const unsigned char *user_key, const unsigned char *iv) +{ +} + +void mystream_encrypt(mystream_key_t *key, size_t len, const unsigned char *in, unsigned char *out) +{ +} + diff --git a/demos/mystream/mystream.h b/demos/mystream/mystream.h new file mode 100644 index 00000000..af920c98 --- /dev/null +++ b/demos/mystream/mystream.h @@ -0,0 +1,80 @@ +/* crypto/mystream/mystream.h */ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* + * author's information + */ + +#ifndef HEADER_MYSTREAM_H +#define HEADER_MYSTREAM_H + +#define MYSTREAM_KEY_LENGTH 256 + +#include +#include +#include + + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + unsigned char state[100]; +} mystream_key_t; + +void mystream_set_key(mystream_key_t *key, const unsigned char *user_key, const unsigned char *iv); +void mystream_encrypt(mystream_key_t *key, size_t len, const unsigned char *in, unsigned char *out); + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/demos/mystream/mystream.o b/demos/mystream/mystream.o new file mode 100644 index 00000000..8247973a Binary files /dev/null and b/demos/mystream/mystream.o differ diff --git a/demos/mystream/mystreamtest.c b/demos/mystream/mystreamtest.c new file mode 100644 index 00000000..98b70022 --- /dev/null +++ b/demos/mystream/mystreamtest.c @@ -0,0 +1,62 @@ +/* crypto/mycipher/mycipher.h */ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* + * author's information + */ + +#include "mystream.h" + +int main(int argc, char **argv) +{ + + return 0; +} + diff --git a/doc/crypto/sm2.pod b/doc/crypto/sm2.pod new file mode 100644 index 00000000..de255818 --- /dev/null +++ b/doc/crypto/sm2.pod @@ -0,0 +1,200 @@ +=pod + +=head1 NAME + +sm2 - SM2 functions + +=head1 SYNOPSIS + + #include + + const EC_METHOD *EC_GFp_simple_method(void); + const EC_METHOD *EC_GFp_mont_method(void); + const EC_METHOD *EC_GFp_nist_method(void); + const EC_METHOD *EC_GFp_nistp224_method(void); + const EC_METHOD *EC_GFp_nistp256_method(void); + const EC_METHOD *EC_GFp_nistp521_method(void); + + const EC_METHOD *EC_GF2m_simple_method(void); + + EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + void EC_GROUP_free(EC_GROUP *group); + void EC_GROUP_clear_free(EC_GROUP *group); + int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + int EC_METHOD_get_field_type(const EC_METHOD *meth); + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + int EC_GROUP_get_curve_name(const EC_GROUP *group); + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); + int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); + point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); + size_t EC_GROUP_get_seed_len(const EC_GROUP *); + size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_degree(const EC_GROUP *group); + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + + EC_POINT *EC_POINT_new(const EC_GROUP *group); + void EC_POINT_free(EC_POINT *point); + void EC_POINT_clear_free(EC_POINT *point); + int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); + int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); + EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); + char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); + EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); + int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); + int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + + int EC_GROUP_get_basis_type(const EC_GROUP *); + int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); + int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); + EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); + int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) + #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) + #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) + #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); + int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + + EC_KEY *EC_KEY_new(void); + int EC_KEY_get_flags(const EC_KEY *key); + void EC_KEY_set_flags(EC_KEY *key, int flags); + void EC_KEY_clear_flags(EC_KEY *key, int flags); + EC_KEY *EC_KEY_new_by_curve_name(int nid); + void EC_KEY_free(EC_KEY *key); + EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + EC_KEY *EC_KEY_dup(const EC_KEY *src); + int EC_KEY_up_ref(EC_KEY *key); + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + unsigned EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); + void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + int EC_KEY_generate_key(EC_KEY *key); + int EC_KEY_check_key(const EC_KEY *key); + int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); + + EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECParameters(EC_KEY *key, unsigned char **out); + + EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); + int ECParameters_print(BIO *bp, const EC_KEY *key); + int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + + +=head1 DESCRIPTION + +This library provides an extensive set of functions for performing operations on elliptic curves over finite fields. +In general an elliptic curve is one with an equation of the form: + +y^2 = x^3 + ax + b + +An B structure is used to represent the definition of an elliptic curve. Points on a curve are stored using an +B structure. An B is used to hold a private/public key pair, where a private key is simply a BIGNUM and a +public key is a point on a curve (represented by an B). + +The library contains a number of alternative implementations of the different functions. Each implementation is optimised +for different scenarios. No matter which implementation is being used, the interface remains the same. The library +handles calling the correct implementation when an interface function is invoked. An implementation is represented by +an B structure. + +The creation and destruction of B objects is described in L. Functions for +manipulating B objects are described in L. + +Functions for creating, destroying and manipulating B objects are explained in L, +whilst functions for performing mathematical operations and tests on B are coverd in L. + +For working with private and public keys refer to L. Implementations are covered in +L. + +For information on encoding and decoding curve parameters to and from ASN1 see L. + +=head1 SEE ALSO + +L, L, L, +L, L, L, +L, L + + +=cut diff --git a/doc/gmssl/draft-shen-sm3-hash-01.txt b/doc/gmssl/draft-shen-sm3-hash-01.txt new file mode 100644 index 00000000..d16bc03a --- /dev/null +++ b/doc/gmssl/draft-shen-sm3-hash-01.txt @@ -0,0 +1,728 @@ + + + +Internet Engineering Task Force S. Shen, Ed. +Internet-Draft X. Lee, Ed. +Intended status: Standards Track Chinese Academy of Science +Expires: August 18, 2014 February 14, 2014 + + + SM3 Hash function + draft-shen-sm3-hash-01 + +Abstract + + This document discribles a hash function which is invented by Xiaoyun + Wang et al. This algorithm is published by Chinese Commercial + Cryptography Administration Office ([SM3]) for the use of electronic + authentication service system. This document gives IETF standard + description of the algorithm. + +Status of This Memo + + This Internet-Draft is submitted to IETF in full conformance with the + provisions of BCP 78 and BCP 79. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF). Note that other groups may also distribute + working documents as Internet-Drafts. The list of current Internet- + Drafts is at http://datatracker.ietf.org/drafts/current/. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + This Internet-Draft will expire on August 18, 2014. + +Copyright Notice + + Copyright (c) 2014 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + + +Shen & Lee Expires August 18, 2014 [Page 1] + +Internet-Draft SM3 Hash function February 2014 + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 + 2. Conventions Used in this Document . . . . . . . . . . . . . . 3 + 3. Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . 3 + 3.1. Scope of SM3 . . . . . . . . . . . . . . . . . . . . . . . 3 + 3.2. Definitions and Terms . . . . . . . . . . . . . . . . . . 3 + 3.3. Symbols . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 3.3.1. Iteration Precedure . . . . . . . . . . . . . . . . . 4 + 3.3.2. Message Extension . . . . . . . . . . . . . . . . . . 4 + 3.3.3. Compression function . . . . . . . . . . . . . . . . . 4 + 3.3.4. Hash Value . . . . . . . . . . . . . . . . . . . . . . 5 + 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 + 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 + 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 + 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 + 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 + Appendix A. Appendix A. Example 1 . . . . . . . . . . . . . . . . 6 + Appendix B. Appendix A. Example 2 . . . . . . . . . . . . . . . . 8 + Appendix C. Appendix C. Acknowledgments . . . . . . . . . . . . . 13 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Shen & Lee Expires August 18, 2014 [Page 2] + +Internet-Draft SM3 Hash function February 2014 + + +1. Introduction + + The algorithm described in this document is published ([SM3]) by + Chinese Commercial Cryptography Administration Office. This document + gives IETF standard description of these algorithms and parameters. + +2. Conventions Used in this Document + + The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" + in this document are to be interpreted as defined in "Key words for + use in RFCs to Indicate Requirement Levels" [RFC2119]. + +3. Algorithm + + This chatper introduced the algorithm itself. The content and + structure strictly follow what is published by Chinese Commercial + Cryptography Administration Office. + +3.1. Scope of SM3 + + This document defines SM3 Hash algorithms and gives computing + examples. It can be used in commercial cryptography applicaitons + like digital signature and verification, message authentication code + and verification, random number generation. This document can also + be technical reference of security product and standards in order to + improve the trustness and interoperability. + +3.2. Definitions and Terms + + + Bit String String composed of 0 and 1 + + Big-endian A format that describe the order in which data + are stored in computer memory. It defines that + the bytes with most significant value are stored + at the left and bytes with least significant value + are stored at the right. The high digits of a + number are stored at high storage address and + the low digits of a number are stored at low storage + address. + + Message Bit string with arbitary length. In this document a + message is consider the input of the hash algorithm. + + Hash Value The bit string which is the output after the hash algorithm + applied to a message. The length of the hash value in this + document is 256 bits. + + + + +Shen & Lee Expires August 18, 2014 [Page 3] + +Internet-Draft SM3 Hash function February 2014 + + + Word A bit string with length 32. + +3.3. Symbols + +3.3.1. Iteration Precedure + + The procedures are: Divide he message m' after padding into 512 bits + blocks: + + + m~ = B(0)B(1) ... B(n-1) where n=(l+k+65)/512 + + Apply iteration operation to m' as following: + + + FOR i=0 TO n-1 + V (i+1) = CF(V (i);B(i)) + ENDFOR + + where CF is compression function, V(0) is a 256 bits of IVAGBPA[not] + B(i) is a message block after padding, the result after iterative + compression is V(n). + +3.3.2. Message Extension + + Divide the message block B(i) into 132 words, apply the words into + the compression function: + + + a) divide message block B(i) into 16 words W0, W1, ... , W15. + b) FOR j=16 TO 67 + Wj < -- P1(WAGBPA"j-16AGBPA(C) XOR WAGBPA"j-9AGBPA(C) XOR (WAGBPA"j-3AGBPA(C)SHIFT15)) + XOR (WAGBPA"j-13AGBPA(C)SHIFT7) XOR WAGBPA"j-6AGBPA(C) + ENDFOR + c) FOR j=0 TO 63 + Wj~ = Wj XOR W(j+4) + ENDFOR + +3.3.3. Compression function + + Let A,B,C,D,E,F,G,H be registers to store words; SS1, SS2, TT1 and + TT2 be intermediate variable; compression function: + + + V(i+1) = CF(V(i);B(i)) where 0 A!U i A!U n + + The computation precedures are as following: + + + + +Shen & Lee Expires August 18, 2014 [Page 4] + +Internet-Draft SM3 Hash function February 2014 + + + ABCDEFGH < -- V(i) + FOR j=0 TO 63 + SS1 < -- ((A SHIFT12) + E + (Tj SHIFTj))?7 + SS2 < -- SS1 XOR (A SHIFT12) + TT1 < -- FFj(A,B,C) + D + SS2 +Wj~ + TT1 < -- GGj(E,F,G) + H + SS1 +Wj + D < -- C + C < -- B SHIFT9 + B < -- A + A < -- TT1 + H < -- G + G < -- F SHIFT19 + F < -- E + E < -- P0(TT2) + ENDFOR + V(i+1) < -- ABCDEFGH XOR V (i) + + where a word is stored in memory as big-endian format. + +3.3.4. Hash Value + + ABCDEFGH < -- V(n) + + The 256 bits of hash value is y=ABCDEFGH. + +4. IANA Considerations + + There is no iana related issue for this document. + +5. Security Considerations + + This document gives description of a cryptographic algorithm. Its + security properties are under public study. There are no known + feasible attacks against this algorithm by the time of publishing + this document. + +6. References + +6.1. Normative References + +6.2. Informative References + + [SM3] "http://www.oscca.gov.cn/UpFile/20101222141857786.pdf", , + December 2010. + + + + + + + +Shen & Lee Expires August 18, 2014 [Page 5] + +Internet-Draft SM3 Hash function February 2014 + + +Appendix A. Appendix A. Example 1 + + The input is "abc", which has ASCII expression: + + + 616263 + + The message after padding is: + + + 61626380 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000018 + + The message after extension is: + + + W0W1...W67 + 61626380 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000018 + 9092e200 00000000 000c0606 719c70ed 00000000 8001801f 939f7da9 00000000 + 2c6fa1f9 adaaef14 00000000 0001801e 9a965f89 49710048 23ce86a1 b2d12f1b + e1dae338 f8061807 055d68be 86cfd481 1f447d83 d9023dbf 185898e0 e0061807 + 050df55c cde0104c a5b9c955 a7df0184 6e46cd08 e3babdf8 70caa422 0353af50 + a92dbca1 5f33cfd2 e16f6e89 f70fe941 ca5462dc 85a90152 76af6296 c922bdb2 + 68378cf5 97585344 09008723 86faee74 2ab908b0 4a64bc50 864e6e08 f07e6590 + 325c8f78 accb8011 e11db9dd b99c0545 + W0'W1'...W63' + 61626380 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 00000000 00000000 00000000 00000018 9092e200 00000000 000c0606 719c70f5 + 9092e200 8001801f 93937baf 719c70ed 2c6fa1f9 2dab6f0b 939f7da9 0001801e + b6f9fe70 e4dbef5c 23ce86a1 b2d0af05 7b4cbcb1 b177184f 2693ee1f 341efb9a + fe9e9ebb 210425b8 1d05f05e 66c9cc86 1a4988df 14e22df3 bde151b5 47d91983 + 6b4b3854 2e5aadb4 d5736d77 a48caed4 c76b71a9 bc89722a 91a5caab f45c4611 + 6379de7d da9ace80 97c00c1f 3e2d54f3 a263ee29 12f15216 7fafe5b5 4fd853c6 + 428e8445 dd3cef14 8f4ee92b 76848be4 18e587c8 e6af3c41 6753d7d5 49e260d5 + + The intermediate values during iterative compression are: + + +j A B C D E F G H + 7380166f 4914b2b9 172442d7 da8a0600 a96f30bc 163138aa e38dee4d b0fb0e4e +0 b9edc12b 7380166f 29657292 172442d7 b2ad29f4 a96f30bc c550b189 e38dee4d +1 ea52428c b9edc12b 002cdee7 29657292 ac353a23 b2ad29f4 85e54b79 c550b189 +2 609f2850 ea52428c db825773 002cdee7 d33ad5fb ac353a23 4fa59569 85e54b79 +3 35037e59 609f2850 a48519d4 db825773 b8204b5f d33ad5fb d11d61a9 4fa59569 +4 1f995766 35037e59 3e50a0c1 a48519d4 8ad212ea b8204b5f afde99d6 d11d61a9 +5 374a0ca7 1f995766 06fcb26a 3e50a0c1 acf0f639 8ad212ea 5afdc102 afde99d6 +6 33130100 374a0ca7 32aecc3f 06fcb26a 3391ec8a acf0f639 97545690 5afdc102 + + + +Shen & Lee Expires August 18, 2014 [Page 6] + +Internet-Draft SM3 Hash function February 2014 + + +7 1022ac97 33130100 94194e6e 32aecc3f 367250a1 3391ec8a b1cd6787 97545690 +8 d47caf4c 1022ac97 26020066 94194e6e 6ad473a4 367250a1 64519c8f b1cd6787 +9 59c2744b d47caf4c 45592e20 26020066 c6a3ceae 6ad473a4 8509b392 64519c8f +10 481ba2a0 59c2744b f95e99a8 45592e20 02afb727 c6a3ceae 9d2356a3 8509b392 +11 694a3d09 481ba2a0 84e896b3 f95e99a8 9dd1b58c 02afb727 7576351e 9d2356a3 +12 89cbcd58 694a3d09 37454090 84e896b3 6370db62 9dd1b58c b938157d 7576351e +13 24c95abc 89cbcd58 947a12d2 37454090 1a4a2554 6370db62 ac64ee8d b938157d +14 7c529778 24c95abc 979ab113 947a12d2 3ee95933 1a4a2554 db131b86 ac64ee8d +15 34d1691e 7c529778 92b57849 979ab113 61f99646 3ee95933 2aa0d251 db131b86 +16 796afab1 34d1691e a52ef0f8 92b57849 067550f5 61f99646 c999f74a 2aa0d251 +17 7d27cc0e 796afab1 a2d23c69 a52ef0f8 b3c8669b 067550f5 b2330fcc c999f74a +18 d7820ad1 7d27cc0e d5f562f2 a2d23c69 575c37d8 b3c8669b 87a833aa b2330fcc +19 f84fd372 d7820ad1 4f981cfa d5f562f2 a5dceaf1 575c37d8 34dd9e43 87a833aa +20 02c57896 f84fd372 0415a3af 4f981cfa 74576681 a5dceaf1 bec2bae1 34dd9e43 +21 4d0c2fcd 02c57896 9fa6e5f0 0415a3af 576f1d09 74576681 578d2ee7 bec2bae1 +22 eeeec41a 4d0c2fcd 8af12c05 9fa6e5f0 b5523911 576f1d09 340ba2bb 578d2ee7 +23 f368da78 eeeec41a 185f9a9a 8af12c05 6a879032 b5523911 e84abb78 340ba2bb +24 15ce1286 f368da78 dd8835dd 185f9a9a 62063354 6a879032 c88daa91 e84abb78 +25 c3fd31c2 15ce1286 d1b4f1e6 dd8835dd 4db58f43 62063354 8193543c c88daa91 +26 6243be5e c3fd31c2 9c250c2b d1b4f1e6 131152fe 4db58f43 9aa31031 8193543c +27 a549beaa 6243be5e fa638587 9c250c2b cf65e309 131152fe 7a1a6dac 9aa31031 +28 e11eb847 a549beaa 877cbcc4 fa638587 e5b64e96 cf65e309 97f0988a 7a1a6dac +29 ff9bac9d e11eb847 937d554a 877cbcc4 9811b46d e5b64e96 184e7b2f 97f0988a +30 a5a4a2b3 ff9bac9d 3d708fc2 937d554a e92df4ea 9811b46d 74b72db2 184e7b2f +31 89a13e59 a5a4a2b3 37593bff 3d708fc2 0a1ff572 e92df4ea a36cc08d 74b72db2 +32 3720bd4e 89a13e59 4945674b 37593bff cf7d1683 0a1ff572 a757496f a36cc08d +33 9ccd089c 3720bd4e 427cb313 4945674b da8c835f cf7d1683 ab9050ff a757496f +34 c7a0744d 9ccd089c 417a9c6e 427cb313 0958ff1b da8c835f b41e7be8 ab9050ff +35 d955c3ed c7a0744d 9a113939 417a9c6e c533f0ff 0958ff1b 1afed464 b41e7be8 +36 e142d72b d955c3ed 40e89b8f 9a113939 d4509586 c533f0ff f8d84ac7 1afed464 +37 e7250598 e142d72b ab87dbb2 40e89b8f c7f93fd3 d4509586 87fe299f f8d84ac7 +38 2f13c4ad e7250598 85ae57c2 ab87dbb2 1a6cabc9 c7f93fd3 ac36a284 87fe299f +39 19f363f9 2f13c4ad 4a0b31ce 85ae57c2 c302badb 1a6cabc9 fe9e3fc9 ac36a284 +40 55e1dde2 19f363f9 27895a5e 4a0b31ce 459daccf c302badb 5e48d365 fe9e3fc9 +41 d4f4efe3 55e1dde2 e6c7f233 27895a5e 5cfba85a 459daccf d6de1815 5e48d365 +42 48dcbc62 d4f4efe3 c3bbc4ab e6c7f233 6f49c7bb 5cfba85a 667a2ced d6de1815 +43 8237b8a0 48dcbc62 e9dfc7a9 c3bbc4ab d89d2711 6f49c7bb 42d2e7dd 667a2ced +44 d8685939 8237b8a0 b978c491 e9dfc7a9 8ee87df5 d89d2711 3ddb7a4e 42d2e7dd +45 d2090a86 d8685939 6f714104 b978c491 2e533625 8ee87df5 388ec4e9 3ddb7a4e +46 e51076b3 d2090a86 d0b273b0 6f714104 d9f89e61 2e533625 efac7743 388ec4e9 +47 47c5be50 e51076b3 12150da4 d0b273b0 3567734e d9f89e61 b1297299 efac7743 +48 abddbdc8 47c5be50 20ed67ca 12150da4 3dfcdd11 3567734e f30ecfc4 b1297299 +49 bd708003 abddbdc8 8b7ca08f 20ed67ca 93494bc0 3dfcdd11 9a71ab3b f30ecfc4 +50 15e2f5d3 bd708003 bb7b9157 8b7ca08f c3956c3f 93494bc0 e889efe6 9a71ab3b +51 13826486 15e2f5d3 e100077a bb7b9157 cd09a51c c3956c3f 5e049a4a e889efe6 +52 4a00ed2f 13826486 c5eba62b e100077a 0741f675 cd09a51c 61fe1cab 5e049a4a +53 f4412e82 4a00ed2f 04c90c27 c5eba62b 7429807c 0741f675 28e6684d 61fe1cab +54 549db4b7 f4412e82 01da5e94 04c90c27 f6bc15ed 7429807c b3a83a0f 28e6684d + + + +Shen & Lee Expires August 18, 2014 [Page 7] + +Internet-Draft SM3 Hash function February 2014 + + +55 22a79585 549db4b7 825d05e8 01da5e94 9d4db19a f6bc15ed 03e3a14c b3a83a0f +56 30245b78 22a79585 3b696ea9 825d05e8 f6804c82 9d4db19a af6fb5e0 03e3a14c +57 6598314f 30245b78 4f2b0a45 3b696ea9 f522adb2 f6804c82 8cd4ea6d af6fb5e0 +58 c3d629a9 6598314f 48b6f060 4f2b0a45 14fb0764 f522adb2 6417b402 8cd4ea6d +59 ddb0a26a c3d629a9 30629ecb 48b6f060 589f7d5c 14fb0764 6d97a915 6417b402 +60 71034d71 ddb0a26a ac535387 30629ecb 14d5c7f6 589f7d5c 3b20a7d8 6d97a915 +61 5e636b4b 71034d71 6144d5bb ac535387 09ccd95e 14d5c7f6 eae2c4fb 3b20a7d8 +62 2bfa5f60 5e636b4b 069ae2e2 6144d5bb 4ac3cf08 09ccd95e 3fb0a6ae eae2c4fb +63 1547e69b 2bfa5f60 c6d696bc 069ae2e2 e808f43b 4ac3cf08 caf04e66 3fb0a6ae + + The hash value is: + + + 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0 + +Appendix B. Appendix A. Example 2 + + A message of 512 bits: + + + 61626364 61626364 61626364 61626364 61626364 61626364 61626364 61626364 + 61626364 61626364 61626364 61626364 61626364 61626364 61626364 61626364 + + The message after padding is: + + + 61626364 61626364 61626364 61626364 61626364 61626364 61626364 61626364 + 61626364 61626364 61626364 61626364 61626364 61626364 61626364 61626364 + 80000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 80000000 00000000 00000000 00000000 00000000 00000000 00000000 00000200 + + The first message block: + + + + + + + + + + + + + + + + + + + +Shen & Lee Expires August 18, 2014 [Page 8] + +Internet-Draft SM3 Hash function February 2014 + + + The message after padding: + W0W1...W67 + 61626364 61626364 61626364 61626364 61626364 61626364 61626364 61626364 + 61626364 61626364 61626364 61626364 61626364 61626364 61626364 61626364 + a121a024 a121a024 a121a024 6061e0e5 6061e0e5 6061e0e5 a002e345 a002e345 + a002e345 49c969ed 49c969ed 49c969ed 85ae5679 a44ff619 a44ff619 694b6244 + e8c8e0c4 e8c8e0c4 240e103e 346e603e 346e603e 9a517ab5 8a01aa25 8a01aa25 + 0607191c 25f8a37a d528936a 89fbd8ae 00606206 10501256 7cff7ef9 3c78b9f9 + cc2b8a69 9f03f169 df45be20 9ec5bee1 0a212906 49ff72c0 46717241 67e09a19 + 6efaa333 2ebae676 3475c386 201dcff6 2f18fccf 2c5f2b5c a80b9f38 bc139f34 + c47f18a7 a25ce71d 42743705 51baf619 + W0'W1'...W63' + 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 00000000 00000000 00000000 00000000 c043c340 c043c340 c043c340 01038381 + c14040c1 c14040c1 01234361 c06303a0 c06303a0 29a88908 e9cb8aa8 e9cb8aa8 + 25acb53c ed869ff4 ed869ff4 20820ba9 6d66b6bd 4c8716dd 8041e627 5d25027a + dca680fa 72999a71 ae0fba1b be6fca1b 32697922 bfa9d9cf 5f29394f 03fa728b + 06677b1a 35a8b12c a9d7ed93 b5836157 cc4be86f 8f53e33f a3bac0d9 a2bd0718 + c60aa36f d6fc83a9 9934cc61 f92524f8 64db8a35 674594b6 7204b1c7 47fd55ef + 41e25ffc 02e5cd2a 9c7e5cbe 9c0e50c2 eb67e468 8e03cc41 ea7fa83d eda9692d + + The message after extension is: + + + W0W1...W67 + 61626380 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000018 + 9092e200 00000000 000c0606 719c70ed 00000000 8001801f 939f7da9 00000000 + 2c6fa1f9 adaaef14 00000000 0001801e 9a965f89 49710048 23ce86a1 b2d12f1b + e1dae338 f8061807 055d68be 86cfd481 1f447d83 d9023dbf 185898e0 e0061807 + 050df55c cde0104c a5b9c955 a7df0184 6e46cd08 e3babdf8 70caa422 0353af50 + a92dbca1 5f33cfd2 e16f6e89 f70fe941 ca5462dc 85a90152 76af6296 c922bdb2 + 68378cf5 97585344 09008723 86faee74 2ab908b0 4a64bc50 864e6e08 f07e6590 + 325c8f78 accb8011 e11db9dd b99c0545 + W0'W1'...W63' + 61626380 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 00000000 00000000 00000000 00000018 9092e200 00000000 000c0606 719c70f5 + 9092e200 8001801f 93937baf 719c70ed 2c6fa1f9 2dab6f0b 939f7da9 0001801e + b6f9fe70 e4dbef5c 23ce86a1 b2d0af05 7b4cbcb1 b177184f 2693ee1f 341efb9a + fe9e9ebb 210425b8 1d05f05e 66c9cc86 1a4988df 14e22df3 bde151b5 47d91983 + 6b4b3854 2e5aadb4 d5736d77 a48caed4 c76b71a9 bc89722a 91a5caab f45c4611 + 6379de7d da9ace80 97c00c1f 3e2d54f3 a263ee29 12f15216 7fafe5b5 4fd853c6 + 428e8445 dd3cef14 8f4ee92b 76848be4 18e587c8 e6af3c41 6753d7d5 49e260d5 + + The intermediate values during iterative compression are: + + +j A B C D E F G H + + + +Shen & Lee Expires August 18, 2014 [Page 9] + +Internet-Draft SM3 Hash function February 2014 + + + 7380166f 4914b2b9 172442d7 da8a0600 a96f30bc 163138aa e38dee4d b0fb0e4e +0 588b5dab 7380166f 29657292 172442d7 b2e561d0 a96f30bc c550b189 e38dee4d +1 b31cecd3 588b5dab 002cdee7 29657292 887cdf53 b2e561d0 85e54b79 c550b189 +2 087b31df b31cecd3 16bb56b1 002cdee7 5234344f 887cdf53 0e85972b 85e54b79 +3 17448b12 087b31df 39d9a766 16bb56b1 16372ca6 5234344f fa9c43e6 0e85972b +4 dca06de5 17448b12 f663be10 39d9a766 f7bc113c 16372ca6 a27a91a1 fa9c43e6 +5 8eb847a3 dca06de5 8916242e f663be10 9fe64fb1 f7bc113c 6530b1b9 a27a91a1 +6 0e0f1218 8eb847a3 40dbcbb9 8916242e 57e5fc4e 9fe64fb1 89e7bde0 6530b1b9 +7 ada83827 0e0f1218 708f471d 40dbcbb9 55eb8591 57e5fc4e 7d8cff32 89e7bde0 +8 6e12c163 ada83827 1e24301c 708f471d c26a14b8 55eb8591 e272bf2f 7d8cff32 +9 f7578117 6e12c163 50704f5b 1e24301c 3433dd28 c26a14b8 2c8aaf5c e272bf2f +10 bc497c66 f7578117 2582c6dc 50704f5b 4f85c749 3433dd28 a5c61350 2c8aaf5c +11 ecc59168 bc497c66 af022fee 2582c6dc 8ce5ee61 4f85c749 e941a19e a5c61350 +12 63723715 ecc59168 92f8cd78 af022fee 38e2aa27 8ce5ee61 3a4a7c2e e941a19e +13 e57bfbf8 63723715 8b22d1d9 92f8cd78 542318e7 38e2aa27 730c672f 3a4a7c2e +14 8ba504b1 e57bfbf8 e46e2ac6 8b22d1d9 a8c73777 542318e7 5139c715 730c672f +15 b6a4be20 8ba504b1 f7f7f1ca e46e2ac6 8ae4d7a0 a8c73777 c73aa118 5139c715 +16 c0a0e3f7 b6a4be20 4a096317 f7f7f1ca f671e12a 8ae4d7a0 bbbd4639 c73aa118 +17 68ef7357 c0a0e3f7 497c416d 4a096317 673f9d46 f671e12a bd045726 bbbd4639 +18 4c6499d3 68ef7357 41c7ef81 497c416d f01924a3 673f9d46 0957b38f bd045726 +19 9f532735 4c6499d3 dee6aed1 41c7ef81 71c6ef02 f01924a3 ea3339fc 0957b38f +20 231d84bd 9f532735 c933a698 dee6aed1 108149de 71c6ef02 251f80c9 ea3339fc +21 6a203212 231d84bd a64e6b3e c933a698 90c31af9 108149de 78138e37 251f80c9 +22 175c3b57 6a203212 3b097a46 a64e6b3e 508f82d2 90c31af9 4ef0840a 78138e37 +23 cdcbabd5 175c3b57 406424d4 3b097a46 b5a2f2fb 508f82d2 d7cc8618 4ef0840a +24 7dd941f8 cdcbabd5 b876ae2e 406424d4 a541cb9b b5a2f2fb 1692847c d7cc8618 +25 eaf54f3e 7dd941f8 9757ab9b b876ae2e 912d4e17 a541cb9b 97ddad17 1692847c +26 f7310a83 eaf54f3e b283f0fb 9757ab9b b43da5e9 912d4e17 5cdd2a0e 97ddad17 +27 f8441d7e f7310a83 ea9e7dd5 b283f0fb cf194872 b43da5e9 70bc896a 5cdd2a0e +28 270dce67 f8441d7e 621507ee ea9e7dd5 7564b6c0 cf194872 2f4da1ed 70bc896a +29 ac12a6c0 270dce67 883afdf0 621507ee 964015e3 7564b6c0 439678ca 2f4da1ed +30 1bd9e6e3 ac12a6c0 1b9cce4e 883afdf0 0fac4cad 964015e3 b603ab25 439678ca +31 32418d74 1bd9e6e3 254d8158 1b9cce4e 3f717698 0fac4cad af1cb200 b603ab25 +32 9c89b505 32418d74 b3cdc637 254d8158 38766abf 3f717698 65687d62 af1cb200 +33 3c60352a 9c89b505 831ae864 b3cdc637 8aedd93b 38766abf b4c1fb8b 65687d62 +34 2a116c70 3c60352a 136a0b39 831ae864 476048d4 8aedd93b 55f9c3b3 b4c1fb8b +35 a0c7c66f 2a116c70 c06a5478 136a0b39 b47a7dc5 476048d4 c9dc576e 55f9c3b3 +36 b7e58f33 a0c7c66f 22d8e054 c06a5478 3a3537a9 b47a7dc5 46a23b02 c9dc576e +37 79baf4ca b7e58f33 8f8cdf41 22d8e054 9455b731 3a3537a9 ee2da3d3 46a23b02 +38 ad5b0bcf 79baf4ca cb1e676f 8f8cdf41 289d35e0 9455b731 bd49d1a9 ee2da3d3 +39 a167bd76 ad5b0bcf 75e994f3 cb1e676f da27276b 289d35e0 b98ca2ad bd49d1a9 +40 2ccc1878 a167bd76 b6179f5a 75e994f3 7eded43b da27276b af0144e9 b98ca2ad +41 610c6084 2ccc1878 cf7aed42 b6179f5a 9da32cab 7eded43b 3b5ed139 af0144e9 +42 a40209fe 610c6084 9830f059 cf7aed42 7d483846 9da32cab a1dbf6f6 3b5ed139 +43 6fa376a2 a40209fe 18c108c2 9830f059 12a851cf 7d483846 655ced19 a1dbf6f6 +44 53f9ffc5 6fa376a2 0413fd48 18c108c2 c3d3327b 12a851cf c233ea41 655ced19 +45 4f60bbd5 53f9ffc5 46ed44df 0413fd48 f3cae7e6 c3d3327b 8e789542 c233ea41 +46 6e89a7fb 4f60bbd5 f3ff8aa7 46ed44df 17394ca0 f3cae7e6 93de1e99 8e789542 + + + +Shen & Lee Expires August 18, 2014 [Page 10] + +Internet-Draft SM3 Hash function February 2014 + + +47 fef3cb16 6e89a7fb c177aa9e f3ff8aa7 4a9e594f 17394ca0 3f379e57 93de1e99 +48 fa8e6731 fef3cb16 134ff6dd c177aa9e 7d9e1966 4a9e594f 6500b9ca 3f379e57 +49 08a826c3 fa8e6731 e7962dfd 134ff6dd ebfa90cc 7d9e1966 ca7a54f2 6500b9ca +50 614c7627 08a826c3 1cce63f5 e7962dfd 969ecf53 ebfa90cc cb33ecf0 ca7a54f2 +51 d776618d 614c7627 504d8611 1cce63f5 423489f6 969ecf53 86675fd4 cb33ecf0 +52 ef958266 d776618d 98ec4ec2 504d8611 6ef4554d 423489f6 7a9cb4f6 86675fd4 +53 04b44fd2 ef958266 ecc31bae 98ec4ec2 290032b5 6ef4554d 4fb211a4 7a9cb4f6 +54 008d6012 04b44fd2 2b04cddf ecc31bae 50aa1faa 290032b5 aa6b77a2 4fb211a4 +55 57859fec 008d6012 689fa409 2b04cddf c00cd655 50aa1faa 95a94801 aa6b77a2 +56 c864420d 57859fec 1ac02401 689fa409 2fb3c502 c00cd655 fd528550 95a94801 +57 e7423482 c864420d 0b3fd8af 1ac02401 aac3b183 2fb3c502 b2ae0066 fd528550 +58 5c5be9dd e7423482 c8841b90 0b3fd8af 8b1ba117 aac3b183 28117d9e b2ae0066 +59 ebd4948c 5c5be9dd 846905ce c8841b90 74a75fe1 8b1ba117 8c1d561d 28117d9e +60 05627b53 ebd4948c b7d3bab8 846905ce f58d98d8 74a75fe1 08bc58dd 8c1d561d +61 28aaec87 05627b53 a92919d7 b7d3bab8 cc6b5f2a f58d98d8 ff0ba53a 08bc58dd +62 0f92d652 28aaec87 c4f6a60a a92919d7 b8ab6d40 cc6b5f2a c6c7ac6c ff0ba53a +63 2ad0c8ee 0f92d652 55d90e51 c4f6a60a 69caa1b7 b8ab6d40 f956635a c6c7ac6c + + The second message block: + + + The message after padding: + W0W1...W67 + 80000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000200 + 80404000 00000000 01008080 10005000 00000000 002002a0 ac545c04 00000000 + 09582a39 a0003000 00000000 00200280 a4515804 20200040 51609838 30005701 + a0002000 008200aa 6ad525d0 0a0e0216 b0f52042 fa7073b0 20000000 008200a8 + 7a542590 22a20044 d5d6ebd2 82005771 8a202240 b42826aa eaf84e59 4898eaf9 + 8207283d ee6775fa a3e0e0a0 8828488a 23b45a5d 628a22c4 8d6d0615 38300a7e + e96260e5 2b60c020 502ed531 9e878cb9 218c38f8 dcae3cb7 2a3e0e0a e9e0c461 + 8c3e3831 44aaa228 dc60a38b 518300f7 + W0'W1'...W63' + 80000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 + 00000000 00000000 00000000 00000200 80404000 00000000 01008080 10005200 + 80404000 002002a0 ad54dc84 10005000 09582a39 a02032a0 ac545c04 00200280 + ad09723d 80203040 51609838 30205581 04517804 20a200ea 3bb5bde8 3a0e5517 + 10f50042 faf2731a 4ad525d0 0a8c02be caa105d2 d8d273f4 f5d6ebd2 828257d9 + f07407d0 968a26ee 3f2ea58b ca98bd88 08270a7d 5a4f5350 4918aef9 c0b0a273 + a1b37260 8ced573e 2e8de6b5 b01842f4 cad63ab8 49eae2e4 dd43d324 a6b786c7 + c8ee581d f7cefc97 7a10db3b 776748d8 adb200c9 98049e9f f65ead81 b863c496 + + The intermediate values during iterative compression are: + + +j A B C D E F G H + 5950de81 468664eb 42fd4c86 1e7ca00a c0a5910b ae9a55ea 1adb8d17 763ca222 +0 1cc66027 5950de81 0cc9d68d 42fd4c86 24fe81a1 c0a5910b af5574d2 1adb8d17 + + + +Shen & Lee Expires August 18, 2014 [Page 11] + +Internet-Draft SM3 Hash function February 2014 + + +1 b7197324 1cc66027 a1bd02b2 0cc9d68d 61b7397a 24fe81a1 885e052c af5574d2 +2 b1aacb3f b7197324 8cc04e39 a1bd02b2 4c7cbb59 61b7397a 0d0927f4 885e052c +3 920d5d4d b1aacb3f 32e6496e 8cc04e39 c6c863a3 4c7cbb59 cbd30db9 0d0927f4 +4 03162191 920d5d4d 55967f63 32e6496e dbcb73dd c6c863a3 daca63e5 cbd30db9 +5 cbfddbb7 03162191 1aba9b24 55967f63 6a6eaafb dbcb73dd 1d1e3643 daca63e5 +6 67f45147 cbfddbb7 2c432206 1aba9b24 e0cc5b97 6a6eaafb 9eeede5b 1d1e3643 +7 dfc06393 67f45147 fbb76f97 2c432206 9d84a8d5 e0cc5b97 57db5375 9eeede5b +8 777f980d dfc06393 e8a28ecf fbb76f97 89d0a059 9d84a8d5 dcbf0662 57db5375 +9 502a9be2 777f980d 80c727bf e8a28ecf befc3eda 89d0a059 46acec25 dcbf0662 +10 df0f77ed 502a9be2 ff301aee 80c727bf c8b999f7 befc3eda 02cc4e85 46acec25 +11 b8bc2801 df0f77ed 5537c4a0 ff301aee 3a05da38 c8b999f7 f6d5f7e1 02cc4e85 +12 5b3baaa5 b8bc2801 1eefdbbe 5537c4a0 eebf718f 3a05da38 cfbe45cc f6d5f7e1 +13 0f7185e4 5b3baaa5 78500371 1eefdbbe f3fbf969 eebf718f d1c1d02e cfbe45cc +14 141cb1e7 0f7185e4 77554ab6 78500371 5cc495db f3fbf969 8c7f75fb d1c1d02e +15 f185448a 141cb1e7 e30bc81e 77554ab6 32028d02 5cc495db cb4f9fdf 8c7f75fb +16 a7374acd f185448a 3963ce28 e30bc81e 3d03e81b 32028d02 aedae624 cb4f9fdf +17 aaca2dcb a7374acd 0a8915e3 3963ce28 130bc932 3d03e81b 68119014 aedae624 +18 3d2dfd31 aaca2dcb 6e959b4e 0a8915e3 07fff8f8 130bc932 40d9e81f 68119014 +19 15bab3e6 3d2dfd31 945b9755 6e959b4e 85b2dd34 07fff8f8 4990985e 40d9e81f +20 f477625b 15bab3e6 5bfa627a 945b9755 d2b3c82b 85b2dd34 c7c03fff 4990985e +21 ecbfba29 f477625b 7567cc2b 5bfa627a 604bda38 d2b3c82b e9a42d96 c7c03fff +22 b9f6943d ecbfba29 eec4b7e8 7567cc2b e996d68b 604bda38 415e959e e9a42d96 +23 c537ac67 b9f6943d 7f7453d9 eec4b7e8 7f6c2bc6 e996d68b d1c3025e 415e959e +24 c59665b3 c537ac67 ed287b73 7f7453d9 1a89ef0d 7f6c2bc6 b45f4cb6 d1c3025e +25 50115e1f c59665b3 6f58cf8a ed287b73 3ddf2899 1a89ef0d 5e33fb61 b45f4cb6 +26 44196085 50115e1f 2ccb678b 6f58cf8a 0abc22da 3ddf2899 7868d44f 5e33fb61 +27 bde4e355 44196085 22bc3ea0 2ccb678b da96412a 0abc22da 44c9eef9 7868d44f +28 ca176dca bde4e355 32c10a88 22bc3ea0 b418ac1b da96412a 16d055e1 44c9eef9 +29 541e456e ca176dca c9c6ab7b 32c10a88 35cf8215 b418ac1b 0956d4b2 16d055e1 +30 b6feeef7 541e456e 2edb9594 c9c6ab7b d41f5fda 35cf8215 60dda0c5 0956d4b2 +31 026e42f7 b6feeef7 3c8adca8 2edb9594 c9436b11 d41f5fda 10a9ae7c 60dda0c5 +32 8fd27582 026e42f7 fdddef6d 3c8adca8 a48dc4c2 c9436b11 fed6a0fa 10a9ae7c +33 2527f8c6 8fd27582 dc85ee04 fdddef6d b29dc9d4 a48dc4c2 588e4a1b fed6a0fa +34 3218579f 2527f8c6 a4eb051f dc85ee04 0da81ad7 b29dc9d4 2615246e 588e4a1b +35 35421cf3 3218579f 4ff18c4a a4eb051f 644b37e4 0da81ad7 4ea594ee 2615246e +36 12cb048f 35421cf3 30af3e64 4ff18c4a 107cb2fb 644b37e4 d6b86d40 4ea594ee +37 c6716749 12cb048f 8439e66a 30af3e64 7903974d 107cb2fb bf232259 d6b86d40 +38 66bf4600 c6716749 96091e25 8439e66a e5575380 7903974d 97d883e5 bf232259 +39 046516a9 66bf4600 e2ce938c 96091e25 e23d4f18 e5575380 ba6bc81c 97d883e5 +40 e14ab898 046516a9 7e8c00cd e2ce938c 6e25affe e23d4f18 9c072aba ba6bc81c +41 bc44d883 e14ab898 ca2d5208 7e8c00cd 4ef0cb38 6e25affe 78c711ea 9c072aba +42 e017c779 bc44d883 957131c2 ca2d5208 10132c10 4ef0cb38 7ff3712d 78c711ea +43 11154e38 e017c779 89b10778 957131c2 c1d401bd 10132c10 59c27786 7ff3712d +44 3ba43e10 11154e38 2f8ef3c0 89b10778 953c1e65 c1d401bd 60808099 59c27786 +45 445e8d34 3ba43e10 2a9c7022 2f8ef3c0 94bcdd11 953c1e65 0dee0ea0 60808099 +46 34d09ee0 445e8d34 487c2077 2a9c7022 1d0ea72c 94bcdd11 f32ca9e0 0dee0ea0 +47 18c77c40 34d09ee0 bd1a6888 487c2077 a8ca98c6 1d0ea72c e88ca5e6 f32ca9e0 +48 a2507cea 18c77c40 a13dc069 bd1a6888 9845362a a8ca98c6 3960e875 e88ca5e6 + + + +Shen & Lee Expires August 18, 2014 [Page 12] + +Internet-Draft SM3 Hash function February 2014 + + +49 7e014176 a2507cea 8ef88031 a13dc069 2cb0c2f2 9845362a c6354654 3960e875 +50 eb39074b 7e014176 a0f9d544 8ef88031 0df22b74 2cb0c2f2 b154c229 c6354654 +51 f67597e1 eb39074b 0282ecfc a0f9d544 8d4f6b2f 0df22b74 17916586 b154c229 +52 31e9309d f67597e1 720e97d6 0282ecfc eecf99be 8d4f6b2f 5ba06f91 17916586 +53 c6329c3c 31e9309d eb2fc3ec 720e97d6 c672ad96 eecf99be 597c6a7b 5ba06f91 +54 75cc3800 c6329c3c d2613a63 eb2fc3ec 8515c87f c672ad96 cdf7767c 597c6a7b +55 925156ad 75cc3800 6538798c d2613a63 150cbd57 8515c87f 6cb63395 cdf7767c +56 7d0de10b 925156ad 987000eb 6538798c 7ee47610 150cbd57 43fc28ae 6cb63395 +57 2066f136 7d0de10b a2ad5b24 987000eb 7d7aadcc 7ee47610 eab8a865 43fc28ae +58 85b31359 2066f136 1bc216fa a2ad5b24 07b9cfd1 7d7aadcc b083f723 eab8a865 +59 6cddcb93 85b31359 cde26c40 1bc216fa c43eb29c 07b9cfd1 6e63ebd5 b083f723 +60 23eff97d 6cddcb93 6626b30b cde26c40 1ea21d46 c43eb29c 7e883dce 6e63ebd5 +61 07bd4e82 23eff97d bb9726d9 6626b30b c8d6867c 1ea21d46 94e621f5 7e883dce +62 64f3dc4a 07bd4e82 dff2fa47 bb9726d9 96e4028f c8d6867c ea30f510 94e621f5 +63 87ee4178 64f3dc4a 7a9d040f dff2fa47 af7ee1ee 96e4028f 33e646b4 ea30f510 + + The hash value is: + + + debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732 + +Appendix C. Appendix C. Acknowledgments + + TBD + +Authors' Addresses + + Sean Shen (editor) + Chinese Academy of Science + No.4 South 4th Zhongguancun Street + Beijing, 100190 + China + + Phone: +86 10-58813038 + EMail: shenshuo@cnnic.cn + + + Xiaodong Lee (editor) + Chinese Academy of Science + No.4 South 4th Zhongguancun Street + Beijing, 100190 + China + + Phone: +86 10-58813038 + EMail: shenshuo@cnnic.cn + + + + + + +Shen & Lee Expires August 18, 2014 [Page 13] + diff --git a/engines/Makefile b/engines/Makefile index 5c2043db..a2bb0e7a 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -321,7 +321,8 @@ e_padlock.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_padlock.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_padlock.o: e_padlock.c e_skf.o: ../include/openssl/asn1.h ../include/openssl/bio.h -e_skf.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +e_skf.o: ../include/openssl/buffer.h ../include/openssl/cbcmac.h +e_skf.o: ../include/openssl/cmac.h ../include/openssl/crypto.h e_skf.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_skf.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_skf.o: ../include/openssl/engine.h ../include/openssl/err.h @@ -329,13 +330,15 @@ e_skf.o: ../include/openssl/evp.h ../include/openssl/kdf.h e_skf.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h e_skf.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h e_skf.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -e_skf.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -e_skf.o: ../include/openssl/sha.h ../include/openssl/sm1.h -e_skf.o: ../include/openssl/sm2.h ../include/openssl/sm3.h -e_skf.o: ../include/openssl/sm9.h ../include/openssl/sms4.h -e_skf.o: ../include/openssl/ssf33.h ../include/openssl/stack.h -e_skf.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -e_skf.o: ../include/openssl/x509_vfy.h e_skf.c e_skf_err.h +e_skf.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_skf.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_skf.o: ../include/openssl/skf.h ../include/openssl/skf_ex.h +e_skf.o: ../include/openssl/sm1.h ../include/openssl/sm2.h +e_skf.o: ../include/openssl/sm3.h ../include/openssl/sm9.h +e_skf.o: ../include/openssl/sms4.h ../include/openssl/ssf33.h +e_skf.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_skf.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_skf.c +e_skf.o: e_skf_err.h e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h diff --git a/engines/e_skf.c b/engines/e_skf.c index cdc09697..5a81f4d7 100644 --- a/engines/e_skf.c +++ b/engines/e_skf.c @@ -64,9 +64,11 @@ #include #include #include +#include #include #include -#include "e_skf_err.h" +#include "e_skf_err.c" +#include "../crypto/ecdsa/ecs_locl.h" static DEVHANDLE hDev = NULL; static HAPPLICATION hApp = NULL; @@ -118,12 +120,10 @@ static int open_dev(const char *devname) ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_DEV_ALREADY_CONNECTED); return 0; } - if ((rv = SKF_ConnectDev((LPSTR)devname, &hDev)) != SAR_OK) { ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_SKF_CONNECT_DEV_FAILED); return 0; } - if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) { ESKFerr(ESKF_F_OPEN_DEV, ESKF_R_SKF_GET_DEV_INFO_FAILED); return 0; @@ -380,70 +380,23 @@ static int skf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ULONG rv; ULONG ulAlgID; - switch (EVP_CIPHER_CTX_nid(ctx)) { - case NID_ssf33_ecb: - ulAlgID = SGD_SSF33_ECB; - break; - case NID_ssf33_cbc: - ulAlgID = SGD_SSF33_CBC; - break; - case NID_ssf33_cfb128: - ulAlgID = SGD_SSF33_CFB; - break; - case NID_ssf33_ofb128: - ulAlgID = SGD_SSF33_OFB; - break; - - case NID_sm1_ecb: - ulAlgID = SGD_SM1_ECB; - break; - case NID_sm1_cbc: - ulAlgID = SGD_SM1_CBC; - break; - case NID_sm1_cfb128: - ulAlgID = SGD_SM1_CFB; - break; - case NID_sm1_ofb128: - ulAlgID = SGD_SM1_OFB; - break; - - case NID_sms4_ecb: - ulAlgID = SGD_SM4_ECB; - break; - case NID_sms4_cbc: - ulAlgID = SGD_SM4_CBC; - break; - case NID_sms4_cfb128: - ulAlgID = SGD_SM4_CFB; - break; - case NID_sms4_ofb128: - ulAlgID = SGD_SM4_OFB; - break; - - default: - OPENSSL_assert(0); + if (!SKF_nid_to_encparam(EVP_CIPHER_CTX_nid(ctx), &ulAlgID, NULL)) { return 0; } - - if ((rv = SKF_SetSymmKey(hDev, (BYTE *)key, ulAlgID, - (HANDLE *)&(ctx->cipher_data))) != SAR_OK) { + if ((rv = SKF_SetSymmKey(hDev, (BYTE *)key, ulAlgID, &(ctx->cipher_data))) != SAR_OK) { ESKFerr(ESKF_F_SKF_INIT_KEY, ESKF_R_SKF_SET_SYMMKEY_FAILED); return 0; } - return 1; } static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { -/* ULONG rv; - EVP_SKF_KEY *dat = (EVP_SKF_KEY *)ctx->cipher_data; BLOCKCIPHERPARAM param; ULONG ulDataLen, ulEncryptedLen; BYTE block[MAX_IV_LEN] = {0}; - int i; memcpy(&(param.IV), ctx->iv, ctx->cipher->block_size); param.IVLen = ctx->cipher->block_size; @@ -451,11 +404,11 @@ static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, param.FeedBitLen = 0; if (ctx->encrypt) { - if ((rv = SKF_EncryptInit(dat->hKey, ¶m)) != SAR_OK) { + if ((rv = SKF_EncryptInit(ctx->cipher_data, param)) != SAR_OK) { return 0; } } else { - if ((rv = SKF_DecryptInit(dat->hKey, ¶m)) != SAR_OK) { + if ((rv = SKF_DecryptInit(ctx->cipher_data, param)) != SAR_OK) { return 0; } } @@ -463,12 +416,12 @@ static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ulDataLen = len - len % ctx->cipher->block_size; if (ctx->encrypt) { - if ((rv = SKF_EncryptUpdate(hKey, in, ulDataLen, + if ((rv = SKF_EncryptUpdate(ctx->cipher_data, (BYTE *)in, ulDataLen, (BYTE *)out, &ulEncryptedLen)) != SAR_OK) { return 0; } } else { - if ((rv = SKF_DecryptUpdate(hKey, in, ulDataLen, + if ((rv = SKF_DecryptUpdate(ctx->cipher_data, (BYTE *)in, ulDataLen, (BYTE *)out, &ulEncryptedLen)) != SAR_OK) { return 0; } @@ -480,14 +433,13 @@ static int skf_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, memcpy(block, in, len - ulDataLen); if (ctx->encrypt) { - if ((rv = SKF_EncryptUpdate(hKey, block, ctx->cipher->block_size, + if ((rv = SKF_EncryptUpdate(ctx->cipher_data, block, ctx->cipher->block_size, out, &ulEncryptedLen)) != SAR_OK) { return 0; } } else { return 0; } -*/ return 1; } @@ -566,7 +518,6 @@ static int skf_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, i case NID_ssf33_ofb128: *cipher = &skf_ssf33_ofb128; break; - case NID_sm1_ecb: *cipher = &skf_sm1_ecb; break; @@ -579,7 +530,6 @@ static int skf_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, i case NID_sm1_ofb128: *cipher = &skf_sm1_ofb128; break; - case NID_sms4_ecb: *cipher = &skf_sms4_ecb; break; @@ -605,12 +555,10 @@ static int skf_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, i int skf_rand_bytes(unsigned char *buf, int num) { ULONG rv; - if ((rv = SKF_GenRandom(hDev, buf, (ULONG)num)) != SAR_OK) { ESKFerr(ESKF_F_SKF_RAND_BYTES, ESKF_R_GEN_RANDOM_FAILED); return 0; } - return 1; } @@ -623,17 +571,13 @@ static RAND_METHOD skf_rand = { NULL, }; - static int skf_sm3_init(EVP_MD_CTX *ctx) { ULONG rv; - - if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0, - (HANDLE *)&(ctx->md_data))) != SAR_OK) { + if ((rv = SKF_DigestInit(hDev, SGD_SM3, NULL, NULL, 0, &(ctx->md_data))) != SAR_OK) { ESKFerr(ESKF_F_SKF_SM3_INIT, ESKF_R_SKF_DIGEST_INIT_FAILED); return 0; } - return 1; } @@ -643,7 +587,7 @@ static int skf_sm3_update(EVP_MD_CTX *ctx, const void *data, size_t count) BYTE *pbData = (BYTE *)data; ULONG ulDataLen = (ULONG)count; - if ((rv = SKF_DigestUpdate((HANDLE)ctx->md_data, pbData, ulDataLen)) != SAR_OK) { + if ((rv = SKF_DigestUpdate(ctx->md_data, pbData, ulDataLen)) != SAR_OK) { ESKFerr(ESKF_F_SKF_SM3_UPDATE, ESKF_R_SKF_DIGEST_UPDATE_FAILED); return 0; } @@ -657,16 +601,16 @@ static int skf_sm3_final(EVP_MD_CTX *ctx, unsigned char *md) BYTE *pHashData = (BYTE *)md; ULONG ulHashLen = SM3_DIGEST_LENGTH; - if ((rv = SKF_DigestFinal((HANDLE)ctx->md_data, pHashData, &ulHashLen)) != SAR_OK) { + if ((rv = SKF_DigestFinal(ctx->md_data, pHashData, &ulHashLen)) != SAR_OK) { ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_SKF_DIGEST_FINAL_FAILED); return 0; } - - if ((rv = SKF_CloseHandle((HANDLE)ctx->md_data)) != SAR_OK) { + if ((rv = SKF_CloseHandle(ctx->md_data)) != SAR_OK) { ESKFerr(ESKF_F_SKF_SM3_FINAL, ESKF_R_SKF_CLOSE_HANDLE_FAILED); return 0; } + ctx->md_data = NULL; return 1; } @@ -712,18 +656,23 @@ static int skf_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int n static int skf_rsa_sign(int type, const unsigned char *m, unsigned int mlen, unsigned char *sig, unsigned int *siglen, const RSA *rsa) { - int ret = 0; ULONG rv; - BYTE *pbData = (BYTE *)m; - ULONG ulDataLen = (ULONG)mlen; - BYTE signature[256]; - ULONG ulSigLen; + BYTE *data = (BYTE *)m; + ULONG dataLen = (ULONG)mlen; + BYTE signature[1024]; + ULONG sigLen; - if ((rv = SKF_RSASignData(hContainer, pbData, ulDataLen, - signature, &ulSigLen)) != SAR_OK) { + /* we need to check if container type is RSA */ + + sigLen = (ULONG)sizeof(signature); + if ((rv = SKF_RSASignData(hContainer, data, dataLen, signature, &sigLen)) != SAR_OK) { + ESKFerr(ESKF_F_SKF_RSA_SIGN, ESKF_R_SIGN_FAILED); return 0; } + /* do we need to convert signature format? */ + memcpy(sig, signature, sigLen); + *siglen = (unsigned int)sigLen; return 1; } @@ -744,28 +693,36 @@ static RSA_METHOD skf_rsa = { NULL, }; +static ECDSA_METHOD skf_sm2sign = { + "SKF ECDSA method (SM2 signature)", + NULL, + NULL, + NULL, + 0, + NULL, +}; + + static ECDSA_SIG *skf_sm2_do_sign(const unsigned char *dgst, int dgstlen, const BIGNUM *a, const BIGNUM *b, EC_KEY *ec_key) { ECDSA_SIG *ret = NULL; - /* - ULONG rv; BYTE *pbDigest = (BYTE *)dgst; ULONG ulDigestLen = (ULONG)dgstlen; ECCSIGNATUREBLOB sigBlob; + ULONG rv; int ok = 0; - OPENSSL_assert(!a); - OPENSSL_assert(!b); - + if (a || b) { + } if ((rv = SKF_ECCSignData(hContainer, pbDigest, ulDigestLen, &sigBlob)) != SAR_OK) { goto end; } if (!(ret = ECDSA_SIG_new())) { goto end; } - if (!ECDSA_SIG_set_ECCSIGNATUREBLOB(group, ret, &sigBlob)) { + if (!ECDSA_SIG_set_ECCSIGNATUREBLOB(ret, &sigBlob)) { goto end; } @@ -776,22 +733,9 @@ end: ret = NULL; } - */ - ESKFerr(ESKF_F_SKF_SM2_DO_SIGN, ESKF_R_NOT_IMPLEMENTED); return ret; } -/* -static ECDSA_METHOD skf_sm2sign = { - "SKF ECDSA method (SM2 signature)", - NULL, - NULL, - NULL, - 0, - NULL, -}; -*/ - #ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *engine_skf(void) { diff --git a/engines/e_skf_err.c b/engines/e_skf_err.c index 9af4ae64..458c44d4 100644 --- a/engines/e_skf_err.c +++ b/engines/e_skf_err.c @@ -111,6 +111,7 @@ static ERR_STRING_DATA ESKF_str_reasons[] = { {ERR_REASON(ESKF_R_INVALID_CTRL_CMD), "invalid ctrl cmd"}, {ERR_REASON(ESKF_R_NOT_IMPLEMENTED), "not implemented"}, {ERR_REASON(ESKF_R_PIN_NOT_VERIFIED), "pin not verified"}, + {ERR_REASON(ESKF_R_SIGN_FAILED), "sign failed"}, {ERR_REASON(ESKF_R_SKF_CLOSE_HANDLE_FAILED), "skf close handle failed"}, {ERR_REASON(ESKF_R_SKF_CONNECT_DEV_FAILED), "skf connect dev failed"}, {ERR_REASON(ESKF_R_SKF_DEV_AUTH_FAILED), "skf dev auth failed"}, diff --git a/engines/e_skf_err.h b/engines/e_skf_err.h index 9f78adc4..e0627cca 100644 --- a/engines/e_skf_err.h +++ b/engines/e_skf_err.h @@ -107,6 +107,7 @@ static void ERR_ESKF_error(int function, int reason, char *file, int line); # define ESKF_R_INVALID_CTRL_CMD 113 # define ESKF_R_NOT_IMPLEMENTED 100 # define ESKF_R_PIN_NOT_VERIFIED 114 +# define ESKF_R_SIGN_FAILED 130 # define ESKF_R_SKF_CLOSE_HANDLE_FAILED 124 # define ESKF_R_SKF_CONNECT_DEV_FAILED 115 # define ESKF_R_SKF_DEV_AUTH_FAILED 116 diff --git a/engines/skf/Makefile b/engines/skf/Makefile new file mode 100644 index 00000000..929fe54a --- /dev/null +++ b/engines/skf/Makefile @@ -0,0 +1,6 @@ +all: + gcc -c -Wall -Werror -fpic skf_dummy.c + gcc -shared -o libskf_dummy.so skf_dummy.o +clean: + rm -fr *.o *.so *.dylib *.lib + diff --git a/engines/skf/README.md b/engines/skf/README.md new file mode 100644 index 00000000..9b5cae98 --- /dev/null +++ b/engines/skf/README.md @@ -0,0 +1,13 @@ +# Vendor's SKF Implementation + +This folder can be used to hold vendors' SKF libraries (.so) and header files. +For testing the GmSSL SKF ENGINE, a dummy SKF implementation is also provided. +This dummy implementation will always success with `SAR_OK` returned. +If there is a `HANDLE` need to be initialized, it will be pointed to a new +alloced memory. The application need to call `SKF_CloseHandle` to free this +small piece memory. If a `ULONG` length need to be returned such as the +ciphertext size in the `SKF_Encrypt`, this value will be assigned a non-zero +integer value. Some of these values might be correct, but dont check them :) +Normally dummy will do nothing to the output buffer, so the result will be +incorrect, and will not check NULL pointers. + diff --git a/engines/skf/skf_dummy.c b/engines/skf/skf_dummy.c index cf3e23ad..02c4d8aa 100755 --- a/engines/skf/skf_dummy.c +++ b/engines/skf/skf_dummy.c @@ -50,8 +50,10 @@ */ #include +#include #include -#include "skf.h" +#include + #define DEV_NAME "skf-soft-token" #define DEV_NAME_LIST DEV_NAME"\0" @@ -61,14 +63,19 @@ #define CONTAINER_NAME_LIST CONTAINER_NAME"\0" +#define PRINT_LOG() \ + printf("skf_dummy engine: %s() called\n", __FUNCTION__) + ULONG DEVAPI SKF_WaitForDevEvent(LPSTR szDevName, ULONG *pulDevNameLen, ULONG *pulEvent) { + PRINT_LOG(); return SAR_NOTSUPPORTYETERR; } ULONG DEVAPI SKF_CancelWaitForDevEvent() { + PRINT_LOG(); return SAR_NOTSUPPORTYETERR; } @@ -76,23 +83,35 @@ ULONG DEVAPI SKF_EnumDev(BOOL bPresent, LPSTR szNameList, ULONG *pulSize) { + PRINT_LOG(); + *pulSize = sizeof(DEV_NAME_LIST); + if (szNameList) { + memcpy(szNameList, DEV_NAME_LIST, sizeof(DEV_NAME_LIST)); + } return SAR_OK; } ULONG DEVAPI SKF_ConnectDev(LPSTR szName, DEVHANDLE *phDev) { + PRINT_LOG(); + *phDev = malloc(256); return SAR_OK; } ULONG DEVAPI SKF_DisConnectDev(DEVHANDLE hDev) { + PRINT_LOG(); + if (hDev) { + free(hDev); + } return SAR_OK; } ULONG DEVAPI SKF_GetDevState(LPSTR szDevName, ULONG *pulDevState) { + PRINT_LOG(); if (!pulDevState) { return SAR_INVALIDPARAMERR; } @@ -103,6 +122,7 @@ ULONG DEVAPI SKF_GetDevState(LPSTR szDevName, ULONG DEVAPI SKF_SetLabel(DEVHANDLE hDev, LPSTR szLabel) { + PRINT_LOG(); return SAR_OK; } @@ -110,6 +130,7 @@ ULONG DEVAPI SKF_GetDevInfo(DEVHANDLE hDev, DEVINFO *pDevInfo) { DEVINFO devInfo; + PRINT_LOG(); bzero(&devInfo, sizeof(DEVINFO)); devInfo.Version.major = 1; @@ -138,11 +159,13 @@ ULONG DEVAPI SKF_GetDevInfo(DEVHANDLE hDev, ULONG DEVAPI SKF_LockDev(DEVHANDLE hDev, ULONG ulTimeOut) { + PRINT_LOG(); return SAR_OK; } ULONG DEVAPI SKF_UnlockDev(DEVHANDLE hDev) { + PRINT_LOG(); return SAR_OK; } @@ -152,6 +175,8 @@ ULONG DEVAPI SKF_Transmit(DEVHANDLE hDev, BYTE *pbData, ULONG *pulDataLen) { + PRINT_LOG(); + *pulDataLen = ulCommandLen; return SAR_OK; } @@ -159,6 +184,7 @@ ULONG DEVAPI SKF_ChangeDevAuthKey(DEVHANDLE hDev, BYTE *pbKeyValue, ULONG ulKeyLen) { + PRINT_LOG(); return SAR_OK; } @@ -166,6 +192,7 @@ ULONG DEVAPI SKF_DevAuth(DEVHANDLE hDev, BYTE *pbAuthData, ULONG ulLen) { + PRINT_LOG(); return SAR_OK; } @@ -175,6 +202,8 @@ ULONG DEVAPI SKF_ChangePIN(HAPPLICATION hApplication, LPSTR szNewPin, ULONG *pulRetryCount) { + PRINT_LOG(); + *pulRetryCount = 10; return SAR_OK; } @@ -184,7 +213,11 @@ LONG DEVAPI SKF_GetPINInfo(HAPPLICATION hApplication, ULONG *pulRemainRetryCount, BOOL *pbDefaultPin) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulMaxRetryCount = 10; + *pulRemainRetryCount = 10; + *pbDefaultPin = 0; + return SAR_OK; } ULONG DEVAPI SKF_VerifyPIN(HAPPLICATION hApplication, @@ -192,6 +225,8 @@ ULONG DEVAPI SKF_VerifyPIN(HAPPLICATION hApplication, LPSTR szPIN, ULONG *pulRetryCount) { + PRINT_LOG(); + *pulRetryCount = 10; return SAR_OK; } @@ -200,11 +235,14 @@ ULONG DEVAPI SKF_UnblockPIN(HAPPLICATION hApplication, LPSTR szNewUserPIN, ULONG *pulRetryCount) { + PRINT_LOG(); + *pulRetryCount = 10; return SAR_OK; } ULONG DEVAPI SKF_ClearSecureState(HAPPLICATION hApplication) { + PRINT_LOG(); return SAR_OK; } @@ -217,6 +255,8 @@ ULONG DEVAPI SKF_CreateApplication(DEVHANDLE hDev, DWORD dwCreateFileRights, HAPPLICATION *phApplication) { + PRINT_LOG(); + *phApplication = malloc(256); return SAR_OK; } @@ -224,6 +264,7 @@ ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev, LPSTR szAppName, ULONG *pulSize) { + PRINT_LOG(); if (!szAppName) { *pulSize = sizeof(APP_NAME_LIST); return SAR_OK; @@ -238,6 +279,7 @@ ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev, ULONG DEVAPI SKF_DeleteApplication(DEVHANDLE hDev, LPSTR szAppName) { + PRINT_LOG(); return SAR_OK; } @@ -245,75 +287,93 @@ ULONG DEVAPI SKF_OpenApplication(DEVHANDLE hDev, LPSTR szAppName, HAPPLICATION *phApplication) { - if (!phApplication) { - return SAR_INVALIDPARAMERR; - } + PRINT_LOG(); + *phApplication = malloc(256); return SAR_OK; } ULONG DEVAPI SKF_CloseApplication(HAPPLICATION hApplication) { + PRINT_LOG(); + if (hApplication) { + free(hApplication); + } return SAR_OK; } ULONG DEVAPI SKF_CreateFile(HAPPLICATION hApplication, LPSTR szFileName, - ULONG ulFileSize, + ULONG ulFileSize, ULONG ulReadRights, ULONG ulWriteRights) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } ULONG DEVAPI SKF_DeleteFile(HAPPLICATION hApplication, LPSTR szFileName) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } -ULONG DEVAPI SKF_EnumFiles(HAPPLICATION hApplication, +ULONG DEVAPI SKF_EnumFiles(HAPPLICATION hApplication, LPSTR szFileList, ULONG *pulSize) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulSize = sizeof("File1\0"); + if (szFileList) { + memcpy(szFileList, "File1\0", sizeof("File1\0")); + } + return SAR_OK; } ULONG DEVAPI SKF_GetFileInfo(HAPPLICATION hApplication, LPSTR szFileName, FILEATTRIBUTE *pFileInfo) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + bzero(pFileInfo, sizeof(*pFileInfo)); + return SAR_OK; } ULONG DEVAPI SKF_ReadFile(HAPPLICATION hApplication, LPSTR szFileName, - ULONG ulOffset, - ULONG ulSize, - BYTE * pbOutData, + ULONG ulOffset, + ULONG ulSize, + BYTE * pbOutData, ULONG *pulOutLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulOutLen = ulSize; + return SAR_OK; } -ULONG DEVAPI SKF_WriteFile(HAPPLICATION hApplication, +ULONG DEVAPI SKF_WriteFile(HAPPLICATION hApplication, LPSTR szFileName, - ULONG ulOffset, + ULONG ulOffset, BYTE *pbData, ULONG ulSize) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } ULONG DEVAPI SKF_CreateContainer(HAPPLICATION hApplication, LPSTR szContainerName, HCONTAINER *phContainer) { + PRINT_LOG(); + *phContainer = malloc(256); return SAR_OK; } -ULONG DEVAPI SKF_DeleteContainer(HAPPLICATION hApplication, +ULONG DEVAPI SKF_DeleteContainer(HAPPLICATION hApplication, LPSTR szContainerName) { + PRINT_LOG(); return SAR_OK; } @@ -321,6 +381,7 @@ ULONG DEVAPI SKF_EnumContainer(HAPPLICATION hApplication, LPSTR szContainerName, ULONG *pulSize) { + PRINT_LOG(); if (!pulSize) { return SAR_INVALIDPARAMERR; } @@ -339,29 +400,32 @@ ULONG DEVAPI SKF_OpenContainer(HAPPLICATION hApplication, LPSTR szContainerName, HCONTAINER *phContainer) { + PRINT_LOG(); + *phContainer = malloc(256); return SAR_OK; } ULONG DEVAPI SKF_CloseContainer(HCONTAINER hContainer) { + PRINT_LOG(); + free(hContainer); return SAR_OK; } ULONG DEVAPI SKF_GetContainerType(HCONTAINER hContainer, ULONG *pulContainerType) { - if (!pulContainerType) { - return SAR_INVALIDPARAMERR; - } + PRINT_LOG(); *pulContainerType = CONTAINER_TYPE_ECC; return SAR_OK; } -ULONG DEVAPI SKF_ImportCertificate(HCONTAINER hContainer, +ULONG DEVAPI SKF_ImportCertificate(HCONTAINER hContainer, BOOL bSignFlag, BYTE *pbCert, ULONG ulCertLen) { + PRINT_LOG(); return SAR_OK; } @@ -370,77 +434,91 @@ ULONG DEVAPI SKF_ExportCertificate(HCONTAINER hContainer, BYTE* pbCert, ULONG *pulCertLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulCertLen = 2048; + return SAR_OK; } ULONG DEVAPI SKF_GenRandom(DEVHANDLE hDev, BYTE *pbRandom, ULONG ulRandomLen) { + PRINT_LOG(); return SAR_OK; } -ULONG DEVAPI SKF_GenExtRSAKey(DEVHANDLE hDev, +ULONG DEVAPI SKF_GenExtRSAKey(DEVHANDLE hDev, ULONG ulBitsLen, RSAPRIVATEKEYBLOB *pBlob) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } -ULONG DEVAPI SKF_GenRSAKeyPair(HCONTAINER hContainer, +ULONG DEVAPI SKF_GenRSAKeyPair(HCONTAINER hContainer, ULONG ulBitsLen, RSAPUBLICKEYBLOB *pBlob) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } -ULONG DEVAPI SKF_ImportRSAKeyPair(HCONTAINER hContainer, +ULONG DEVAPI SKF_ImportRSAKeyPair(HCONTAINER hContainer, ULONG ulSymAlgId, BYTE *pbWrappedKey, ULONG ulWrappedKeyLen, BYTE *pbEncryptedData, ULONG ulEncryptedDataLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } -ULONG DEVAPI SKF_RSASignData(HCONTAINER hContainer, +ULONG DEVAPI SKF_RSASignData(HCONTAINER hContainer, BYTE *pbData, ULONG ulDataLen, BYTE *pbSignature, ULONG *pulSignLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulSignLen = 256; + return SAR_OK; } -ULONG DEVAPI SKF_RSAVerify(DEVHANDLE hDev, +ULONG DEVAPI SKF_RSAVerify(DEVHANDLE hDev, RSAPUBLICKEYBLOB *pRSAPubKeyBlob, BYTE *pbData, ULONG ulDataLen, BYTE *pbSignature, ULONG ulSignLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } -ULONG DEVAPI SKF_RSAExportSessionKey(HCONTAINER hContainer, +ULONG DEVAPI SKF_RSAExportSessionKey(HCONTAINER hContainer, ULONG ulAlgId, RSAPUBLICKEYBLOB *pPubKey, BYTE *pbData, ULONG *pulDataLen, HANDLE *phSessionKey) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulDataLen = 100; + *phSessionKey = malloc(256); + return SAR_OK; } -ULONG DEVAPI SKF_ExtRSAPubKeyOperation(DEVHANDLE hDev, +ULONG DEVAPI SKF_ExtRSAPubKeyOperation(DEVHANDLE hDev, RSAPUBLICKEYBLOB *pRSAPubKeyBlob, BYTE *pbInput, ULONG ulInputLen, BYTE *pbOutput, ULONG *pulOutputLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulOutputLen = ulInputLen; + return SAR_OK; } ULONG DEVAPI SKF_ExtRSAPriKeyOperation(DEVHANDLE hDev, @@ -450,82 +528,95 @@ ULONG DEVAPI SKF_ExtRSAPriKeyOperation(DEVHANDLE hDev, BYTE *pbOutput, ULONG *pulOutputLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulOutputLen = ulInputLen; + return SAR_OK; } ULONG DEVAPI SKF_GenECCKeyPair(HCONTAINER hContainer, ULONG ulAlgId, ECCPUBLICKEYBLOB *pBlob) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } ULONG DEVAPI SKF_ImportECCKeyPair(HCONTAINER hContainer, - PENVELOPEDKEYBLOB pEnvelopedKeyBlob) + ENVELOPEDKEYBLOB *pEnvelopedKeyBlob) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } ULONG DEVAPI SKF_ECCSignData(HCONTAINER hContainer, BYTE *pbData, ULONG ulDataLen, - PECCSIGNATUREBLOB pSignature) + ECCSIGNATUREBLOB *pSignature) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } ULONG DEVAPI SKF_ECCVerify(DEVHANDLE hDev, ECCPUBLICKEYBLOB *pECCPubKeyBlob, BYTE *pbData, ULONG ulDataLen, - PECCSIGNATUREBLOB pSignature) + ECCSIGNATUREBLOB *pSignature) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } -ULONG DEVAPI SKF_ECCExportSessionKey(HCONTAINER hContainer, +ULONG DEVAPI SKF_ECCExportSessionKey(HCONTAINER hContainer, ULONG ulAlgId, ECCPUBLICKEYBLOB *pPubKey, PECCCIPHERBLOB pData, HANDLE *phSessionKey) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *phSessionKey = malloc(256); + return SAR_OK; } ULONG DEVAPI SKF_ExtECCEncrypt(DEVHANDLE hDev, ECCPUBLICKEYBLOB *pECCPubKeyBlob, BYTE *pbPlainText, ULONG ulPlainTextLen, - PECCCIPHERBLOB pCipherText) + ECCCIPHERBLOB *pCipherText) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } ULONG DEVAPI SKF_ExtECCDecrypt(DEVHANDLE hDev, ECCPRIVATEKEYBLOB *pECCPriKeyBlob, - PECCCIPHERBLOB pCipherText, + ECCCIPHERBLOB *pCipherText, BYTE *pbPlainText, ULONG *pulPlainTextLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulPlainTextLen = sizeof(ECCCIPHERBLOB) + pCipherText->CipherLen - 1; + return SAR_OK; } -ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev, +ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev, ECCPRIVATEKEYBLOB *pECCPriKeyBlob, BYTE *pbData, ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + PRINT_LOG(); + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCVerify(DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, PECCSIGNATUREBLOB pSignature) { - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ExtECCVerify(DEVHANDLE hDev, - ECCPUBLICKEYBLOB *pECCPubKeyBlob, - BYTE *pbData, - ULONG ulDataLen, - PECCSIGNATUREBLOB pSignature) -{ - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } ULONG DEVAPI SKF_GenerateAgreementDataWithECC(HCONTAINER hContainer, @@ -535,10 +626,12 @@ ULONG DEVAPI SKF_GenerateAgreementDataWithECC(HCONTAINER hContainer, ULONG ulIDLen, HANDLE *phAgreementHandle) { + PRINT_LOG(); + *phAgreementHandle = malloc(256); return SAR_NOTSUPPORTYETERR; } -ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(HANDLE hContainer, +ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(HANDLE hContainer, ULONG ulAlgId, ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob, ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob, @@ -549,47 +642,58 @@ ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(HANDLE hContainer, ULONG ulSponsorIDLen, HANDLE *phKeyHandle) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *phKeyHandle = malloc(256); + return SAR_OK; } ULONG DEVAPI SKF_GenerateKeyWithECC(HANDLE hAgreementHandle, ECCPUBLICKEYBLOB *pECCPubKeyBlob, ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, - BYTE *pbID, - ULONG ulIDLen, + BYTE *pbID, + ULONG ulIDLen, HANDLE *phKeyHandle) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *phKeyHandle = malloc(256); + return SAR_OK; } -ULONG DEVAPI SKF_ExportPublicKey(HCONTAINER hContainer, +ULONG DEVAPI SKF_ExportPublicKey(HCONTAINER hContainer, BOOL bSignFlag, - BYTE* pbBlob, - ULONG* pulBlobLen) + BYTE *pbBlob, + ULONG *pulBlobLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulBlobLen = 1024; + return SAR_OK; } -ULONG DEVAPI SKF_ImportSessionKey(HCONTAINER hContainer, +ULONG DEVAPI SKF_ImportSessionKey(HCONTAINER hContainer, ULONG ulAlgId, BYTE *pbWrapedData, ULONG ulWrapedLen, HANDLE *phKey) { - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_SetSymmKey(DEVHANDLE hDev, - BYTE *pbKey, - ULONG ulAlgID, - HANDLE *phKey) -{ + PRINT_LOG(); + *phKey = malloc(256); return SAR_OK; } -ULONG DEVAPI SKF_EncryptInit(HANDLE hKey, +ULONG DEVAPI SKF_SetSymmKey(DEVHANDLE hDev, + BYTE *pbKey, + ULONG ulAlgID, + HANDLE *phKey) +{ + PRINT_LOG(); + *phKey = malloc(256); + return SAR_OK; +} + +ULONG DEVAPI SKF_EncryptInit(HANDLE hKey, BLOCKCIPHERPARAM EncryptParam) { + PRINT_LOG(); return SAR_OK; } @@ -599,15 +703,19 @@ ULONG DEVAPI SKF_Encrypt(HANDLE hKey, BYTE *pbEncryptedData, ULONG *pulEncryptedLen) { + PRINT_LOG(); + *pulEncryptedLen = ulDataLen; return SAR_OK; } ULONG DEVAPI SKF_EncryptUpdate(HANDLE hKey, BYTE *pbData, - ULONG ulDataLen, - BYTE *pbEncryptedData, + ULONG ulDataLen, + BYTE *pbEncryptedData, ULONG *pulEncryptedLen) { + PRINT_LOG(); + *pulEncryptedLen = ulDataLen; return SAR_OK; } @@ -615,37 +723,46 @@ ULONG DEVAPI SKF_EncryptFinal(HANDLE hKey, BYTE *pbEncryptedData, ULONG *pulEncryptedDataLen) { + PRINT_LOG(); + *pulEncryptedDataLen = 0; return SAR_OK; } -ULONG DEVAPI SKF_DecryptInit(HANDLE hKey, +ULONG DEVAPI SKF_DecryptInit(HANDLE hKey, BLOCKCIPHERPARAM DecryptParam) { + PRINT_LOG(); return SAR_OK; } -ULONG DEVAPI SKF_Decrypt(HANDLE hKey, +ULONG DEVAPI SKF_Decrypt(HANDLE hKey, BYTE *pbEncryptedData, - ULONG ulEncryptedLen, - BYTE *pbData, + ULONG ulEncryptedLen, + BYTE *pbData, ULONG *pulDataLen) { + PRINT_LOG(); + *pulDataLen = ulEncryptedLen; return SAR_OK; } -ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey, +ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey, BYTE *pbEncryptedData, - ULONG ulEncryptedLen, - BYTE *pbData, + ULONG ulEncryptedLen, + BYTE *pbData, ULONG *pulDataLen) { + PRINT_LOG(); + *pulDataLen = ulEncryptedLen; return SAR_OK; } -ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey, +ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey, BYTE *pbDecryptedData, ULONG *pulDecryptedDataLen) { + PRINT_LOG(); + *pulDecryptedDataLen = 0; return SAR_OK; } @@ -656,6 +773,8 @@ ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev, ULONG ulIDLen, HANDLE *phHash) { + PRINT_LOG(); + *phHash = malloc(256); return SAR_OK; } @@ -665,6 +784,8 @@ ULONG DEVAPI SKF_Digest(HANDLE hHash, BYTE *pbHashData, ULONG *pulHashLen) { + PRINT_LOG(); + *pulHashLen = 32; return SAR_OK; } @@ -672,6 +793,7 @@ ULONG DEVAPI SKF_DigestUpdate(HANDLE hHash, BYTE *pbData, ULONG ulDataLen) { + PRINT_LOG(); return SAR_OK; } @@ -679,41 +801,54 @@ ULONG DEVAPI SKF_DigestFinal(HANDLE hHash, BYTE *pHashData, ULONG *pulHashLen) { + PRINT_LOG(); + *pulHashLen = 32; return SAR_OK; } -ULONG DEVAPI SKF_MacInit(HANDLE hKey, +ULONG DEVAPI SKF_MacInit(HANDLE hKey, BLOCKCIPHERPARAM *pMacParam, HANDLE *phMac) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *phMac = malloc(256); + return SAR_OK; } ULONG DEVAPI SKF_Mac(HANDLE hMac, BYTE *pbData, - ULONG ulDataLen, - BYTE *pbMacData, + ULONG ulDataLen, + BYTE *pbMac, ULONG *pulMacLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulMacLen = 16; + return SAR_OK; } -ULONG DEVAPI SKF_MacUpdate(HANDLE hMac, +ULONG DEVAPI SKF_MacUpdate(HANDLE hMac, BYTE *pbData, ULONG ulDataLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + return SAR_OK; } -ULONG DEVAPI SKF_MacFinal(HANDLE hMac, - BYTE *pbMacData, - ULONG *pulMacDataLen) +ULONG DEVAPI SKF_MacFinal(HANDLE hMac, + BYTE *pbMac, + ULONG *pulMacLen) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + *pulMacLen = 16; + return SAR_OK; } -ULONG DEVAPI SKF_CloseHandle(HANDLE hHandle) +ULONG DEVAPI SKF_CloseHandle(HANDLE handle) { - return SAR_NOTSUPPORTYETERR; + PRINT_LOG(); + if (handle) { + free(handle); + } + return SAR_OK; } diff --git a/jni/GmSSL.c b/jni/GmSSL.c new file mode 100644 index 00000000..2f9f8221 --- /dev/null +++ b/jni/GmSSL.c @@ -0,0 +1,726 @@ +/* jni/GmSSL.c */ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include +#include +#include +#include "GmSSL.h" + +#define PRINT_ERROR() \ + fprintf(stderr, "error: %s %d\n", __FILE__, __LINE__) + +static int alg2pktype(const char *alg) +{ + return 0; +} + +JNIEXPORT +jint JNICALL JNI_onload(JavaVM *jvm, void *reserved) +{ + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + return JNI_VERSION_1_2; +} + +JNIEXPORT +void JNICALL JNI_onunload(JavaVM *vm, void *reserved) +{ + ERR_free_strings(); + EVP_cleanup(); +} + +JNIEXPORT +jbyteArray JNICALL Java_GmSSL_symmetricEncrypt(JNIEnv *env, jobject this, + jstring algor, jint flag, jbyteArray in, jbyteArray key, jbyteArray iv) +{ + jbyteArray ret = NULL; + const char *alg = NULL; + unsigned char *inbuf = NULL; + unsigned char *keybuf = NULL; + unsigned char *ivbuf = NULL; + unsigned char *outbuf = NULL; + size_t inlen, keylen, ivlen, outlen; + unsigned char *p; + int len; + const EVP_CIPHER *cipher; + EVP_CIPHER_CTX *cctx = NULL; + + if (!(alg = (*env)->GetStringUTFChars(env, algor, 0))) { + PRINT_ERROR(); + goto end; + } + if (!(cipher = EVP_get_cipherbyname(alg))) { + PRINT_ERROR(); + goto end; + } + + if (!(inbuf = (unsigned char *)(*env)->GetByteArrayElements(env, in, 0))) { + PRINT_ERROR(); + goto end; + } + inlen = (size_t)(*env)->GetArrayLength(env, in); + if (inlen <= 0) { + PRINT_ERROR(); + goto end; + } + + if (!(keybuf = (unsigned char *)(*env)->GetByteArrayElements(env, key, 0))) { + PRINT_ERROR(); + goto end; + } + keylen = (size_t)(*env)->GetArrayLength(env, key); + if (keylen < EVP_CIPHER_key_length(cipher)) { + PRINT_ERROR(); + goto end; + } + + if (!(ivbuf = (unsigned char *)(*env)->GetByteArrayElements(env, iv, 0))) { + PRINT_ERROR(); + goto end; + } + ivlen = (size_t)(*env)->GetArrayLength(env, iv); + if (ivlen != EVP_CIPHER_iv_length(cipher)) { + PRINT_ERROR(); + goto end; + } + + outlen = inlen + EVP_CIPHER_block_size(cipher) * 2; + if (!(outbuf = malloc(outlen))) { + PRINT_ERROR(); + goto end; + } + bzero(outbuf, outlen); + + if (!(cctx = EVP_CIPHER_CTX_new())) { + PRINT_ERROR(); + goto end; + } + + if (!EVP_EncryptInit_ex(cctx, cipher, NULL, keybuf, ivbuf)) { + PRINT_ERROR(); + goto end; + } + + p = outbuf; + len = outlen; + + if (!EVP_EncryptUpdate(cctx, p, &len, inbuf, inlen)) { + PRINT_ERROR(); + goto end; + } + p += len; + len = outlen - len; + + if (!EVP_EncryptFinal_ex(cctx, p, &len)) { + PRINT_ERROR(); + goto end; + } + p += len; + + if (!(ret = (*env)->NewByteArray(env, outlen))) { + PRINT_ERROR(); + goto end; + } + + outlen = p - outbuf; + (*env)->SetByteArrayRegion(env, ret, 0, outlen, (jbyte *)outbuf); +end: + if (alg) (*env)->ReleaseStringUTFChars(env, algor, alg); + if (inbuf) (*env)->ReleaseByteArrayElements(env, in, (jbyte *)inbuf, JNI_ABORT); + if (keybuf) (*env)->ReleaseByteArrayElements(env, key, (jbyte *)keybuf, JNI_ABORT); + if (ivbuf) (*env)->ReleaseByteArrayElements(env, iv, (jbyte *)ivbuf, JNI_ABORT); + if (outbuf) free(outbuf); + EVP_CIPHER_CTX_free(cctx); + return ret; +} + +JNIEXPORT +jbyteArray JNICALL Java_GmSSL_symmetricDecrypt(JNIEnv *env, jobject this, + jstring algor, jint flag, jbyteArray in, jbyteArray key, jbyteArray iv) +{ + jbyteArray ret = NULL; + const char *alg = NULL; + unsigned char *inbuf = NULL; + unsigned char *keybuf = NULL; + unsigned char *ivbuf = NULL; + unsigned char *outbuf = NULL; + size_t inlen, keylen, ivlen, outlen; + unsigned char *p; + int len; + const EVP_CIPHER *cipher; + EVP_CIPHER_CTX *cctx = NULL; + + if (!(alg = (*env)->GetStringUTFChars(env, algor, 0))) { + PRINT_ERROR(); + goto end; + } + if (!(cipher = EVP_get_cipherbyname(alg))) { + PRINT_ERROR(); + goto end; + } + + if (!(inbuf = (unsigned char *)(*env)->GetByteArrayElements(env, in, 0))) { + PRINT_ERROR(); + goto end; + } + inlen = (size_t)(*env)->GetArrayLength(env, in); + if (inlen <= 0) { + PRINT_ERROR(); + goto end; + } + + if (!(keybuf = (unsigned char *)(*env)->GetByteArrayElements(env, key, 0))) { + PRINT_ERROR(); + goto end; + } + keylen = (size_t)(*env)->GetArrayLength(env, key); + if (keylen < EVP_CIPHER_key_length(cipher)) { + PRINT_ERROR(); + goto end; + } + + if (!(ivbuf = (unsigned char *)(*env)->GetByteArrayElements(env, iv, 0))) { + PRINT_ERROR(); + goto end; + } + ivlen = (size_t)(*env)->GetArrayLength(env, iv); + if (ivlen != EVP_CIPHER_iv_length(cipher)) { + PRINT_ERROR(); + goto end; + } + + outlen = inlen + EVP_CIPHER_block_size(cipher) * 2; + if (!(outbuf = malloc(outlen))) { + PRINT_ERROR(); + goto end; + } + bzero(outbuf, outlen); + + if (!(cctx = EVP_CIPHER_CTX_new())) { + PRINT_ERROR(); + goto end; + } + + if (!EVP_DecryptInit_ex(cctx, cipher, NULL, keybuf, ivbuf)) { + PRINT_ERROR(); + goto end; + } + + p = outbuf; + len = outlen; + + if (!EVP_DecryptUpdate(cctx, p, &len, inbuf, inlen)) { + PRINT_ERROR(); + goto end; + } + p += len; + len = outlen - len; + + if (!EVP_DecryptFinal_ex(cctx, p, &len)) { + PRINT_ERROR(); + goto end; + } + p += len; + + if (!(ret = (*env)->NewByteArray(env, outlen))) { + PRINT_ERROR(); + goto end; + } + + outlen = p - outbuf; + (*env)->SetByteArrayRegion(env, ret, 0, outlen, (jbyte *)outbuf); + +end: + if (alg) (*env)->ReleaseStringUTFChars(env, algor, alg); + if (inbuf) (*env)->ReleaseByteArrayElements(env, in, (jbyte *)inbuf, JNI_ABORT); + if (keybuf) (*env)->ReleaseByteArrayElements(env, key, (jbyte *)keybuf, JNI_ABORT); + if (ivbuf) (*env)->ReleaseByteArrayElements(env, iv, (jbyte *)ivbuf, JNI_ABORT); + if (outbuf) free(outbuf); + EVP_CIPHER_CTX_free(cctx); + return ret; + +} + +JNIEXPORT +jbyteArray JNICALL Java_GmSSL_digest(JNIEnv *env, jobject this, + jstring algor, jint flag, jbyteArray in) +{ + jbyteArray ret = NULL; + const char *alg = NULL; + unsigned char *inbuf = NULL; + unsigned char *outbuf = NULL; + size_t inlen, outlen; + unsigned int len; + const EVP_MD *md; + + if (!(alg = (*env)->GetStringUTFChars(env, algor, 0))) { + PRINT_ERROR(); + goto end; + } + if (!(md = EVP_get_digestbyname(alg))) { + PRINT_ERROR(); + goto end; + } + + if (!(inbuf = (unsigned char *)(*env)->GetByteArrayElements(env, in, 0))) { + PRINT_ERROR(); + goto end; + } + inlen = (size_t)(*env)->GetArrayLength(env, in); + if (inlen <= 0) { + PRINT_ERROR(); + goto end; + } + + outlen = EVP_MD_size(md); + if (!(outbuf = malloc(outlen))) { + PRINT_ERROR(); + goto end; + } + bzero(outbuf, outlen); + + if (!EVP_Digest(inbuf, inlen, outbuf, &len, md, NULL)) { + PRINT_ERROR(); + goto end; + } + + if (!(ret = (*env)->NewByteArray(env, outlen))) { + PRINT_ERROR(); + goto end; + } + + outlen = len; + (*env)->SetByteArrayRegion(env, ret, 0, outlen, (jbyte *)outbuf); + +end: + if (alg) (*env)->ReleaseStringUTFChars(env, algor, alg); + if (inbuf) (*env)->ReleaseByteArrayElements(env, in, (jbyte *)inbuf, JNI_ABORT); + if (outbuf) free(outbuf); + return ret; +} + +JNIEXPORT +jbyteArray JNICALL Java_GmSSL_mac(JNIEnv *env, jobject this, + jstring algor, jint flag, jbyteArray in, jbyteArray key) +{ + jbyteArray ret = NULL; + return ret; +} + +JNIEXPORT +jbyteArray JNICALL Java_GmSSL_sign(JNIEnv *env, jobject this, + jstring algor, jint flag, jbyteArray in, jbyteArray key) +{ + jbyteArray ret = NULL; + const char *alg = NULL; + unsigned char *inbuf = NULL; + unsigned char *keybuf = NULL; + unsigned char *outbuf = NULL; + size_t inlen, keylen, outlen; + const unsigned char *p; + int type; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pkctx = NULL; + + if (!(alg = (*env)->GetStringUTFChars(env, algor, 0))) { + PRINT_ERROR(); + goto end; + } + if ((type = alg2pktype(alg)) == NID_undef) { + PRINT_ERROR(); + goto end; + } + + if (!(inbuf = (unsigned char *)(*env)->GetByteArrayElements(env, in, 0))) { + PRINT_ERROR(); + goto end; + } + inlen = (size_t)(*env)->GetArrayLength(env, in); + if (inlen < SHA_DIGEST_LENGTH) { + PRINT_ERROR(); + goto end; + } + + if (!(keybuf = (unsigned char *)(*env)->GetByteArrayElements(env, key, 0))) { + PRINT_ERROR(); + goto end; + } + keylen = (size_t)(*env)->GetArrayLength(env, key); + + p = keybuf; + if (!(pkey = d2i_AutoPrivateKey(NULL, &p, keylen))) { + PRINT_ERROR(); + goto end; + } + + outlen = EVP_PKEY_size(pkey); + if (!(outbuf = malloc(outlen))) { + PRINT_ERROR(); + goto end; + } + + if (!(pkctx = EVP_PKEY_CTX_new(pkey, NULL))) { + PRINT_ERROR(); + goto end; + } + + if (!EVP_PKEY_sign_init(pkctx)) { + PRINT_ERROR(); + goto end; + } + + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { + if (!EVP_PKEY_CTX_ctrl_str(pkctx, "ec_sign_algor", alg)) { + PRINT_ERROR(); + goto end; + } + } + + if (!EVP_PKEY_sign(pkctx, outbuf, &outlen, inbuf, inlen)) { + PRINT_ERROR(); + goto end; + } + + if (!(ret = (*env)->NewByteArray(env, outlen))) { + PRINT_ERROR(); + goto end; + } + + (*env)->SetByteArrayRegion(env, ret, 0, outlen, (jbyte *)outbuf); + +end: + if (alg) (*env)->ReleaseStringUTFChars(env, algor, alg); + if (inbuf) (*env)->ReleaseByteArrayElements(env, in, (jbyte *)inbuf, JNI_ABORT); + if (keybuf) (*env)->ReleaseByteArrayElements(env, key, (jbyte *)keybuf, JNI_ABORT); + if (outbuf) free(outbuf); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pkctx); + return ret; +} + +JNIEXPORT +jint JNICALL Java_GmSSL_verify(JNIEnv *env, jobject this, + jstring algor, jint flag, jbyteArray in, jbyteArray signature, + jbyteArray key) +{ + jint ret = 0; + const char *alg = NULL; + unsigned char *inbuf = NULL; + unsigned char *sigbuf = NULL; + unsigned char *keybuf = NULL; + size_t inlen, siglen, keylen; + const unsigned char *p; + int type; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pkctx = NULL; + + if (!(alg = (*env)->GetStringUTFChars(env, algor, 0))) { + PRINT_ERROR(); + goto end; + } + if ((type = alg2pktype(alg)) == NID_undef) { + PRINT_ERROR(); + goto end; + } + + if (!(inbuf = (unsigned char *)(*env)->GetByteArrayElements(env, in, 0))) { + PRINT_ERROR(); + goto end; + } + inlen = (size_t)(*env)->GetArrayLength(env, in); + if (inlen < SHA_DIGEST_LENGTH) { + PRINT_ERROR(); + goto end; + } + + if (!(sigbuf = (unsigned char *)(*env)->GetByteArrayElements(env, signature, 0))) { + PRINT_ERROR(); + goto end; + } + siglen = (size_t)(*env)->GetArrayLength(env, signature); + if (siglen < 40) { + PRINT_ERROR(); + goto end; + } + + if (!(keybuf = (unsigned char *)(*env)->GetByteArrayElements(env, key, 0))) { + PRINT_ERROR(); + goto end; + } + keylen = (size_t)(*env)->GetArrayLength(env, key); + + p = keybuf; + if (!(pkey = d2i_PublicKey(type, NULL, &p, keylen))) { + PRINT_ERROR(); + goto end; + } + + if (!(pkctx = EVP_PKEY_CTX_new(pkey, NULL))) { + PRINT_ERROR(); + goto end; + } + + if (!EVP_PKEY_verify_init(pkctx)) { + PRINT_ERROR(); + goto end; + } + + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { + if (!EVP_PKEY_CTX_ctrl_str(pkctx, "ec_sign_algor", alg)) { + PRINT_ERROR(); + goto end; + } + } + + if ((ret = EVP_PKEY_verify(pkctx, sigbuf, siglen, inbuf, inlen)) != 1) { + PRINT_ERROR(); + goto end; + } + +end: + if (alg) (*env)->ReleaseStringUTFChars(env, algor, alg); + if (inbuf) (*env)->ReleaseByteArrayElements(env, in, (jbyte *)inbuf, JNI_ABORT); + if (sigbuf) (*env)->ReleaseByteArrayElements(env, signature, (jbyte *)sigbuf, JNI_ABORT); + if (keybuf) (*env)->ReleaseByteArrayElements(env, key, (jbyte *)keybuf, JNI_ABORT); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pkctx); + return ret; +} + +JNIEXPORT +jbyteArray JNICALL Java_GmSSL_publicKeyEncrypt(JNIEnv *env, jobject this, + jstring algor, jint flag, jbyteArray in, jbyteArray key) +{ + jbyteArray ret = NULL; + const char *alg = NULL; + unsigned char *inbuf = NULL; + unsigned char *keybuf = NULL; + unsigned char *outbuf = NULL; + size_t inlen, keylen, outlen; + const unsigned char *p; + int type; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pkctx = NULL; + + if (!(alg = (*env)->GetStringUTFChars(env, algor, 0))) { + PRINT_ERROR(); + goto end; + } + if ((type = alg2pktype(alg)) == NID_undef) { + PRINT_ERROR(); + goto end; + } + + if (!(inbuf = (unsigned char *)(*env)->GetByteArrayElements(env, in, 0))) { + PRINT_ERROR(); + goto end; + } + inlen = (size_t)(*env)->GetArrayLength(env, in); + if (inlen <= 0) { + PRINT_ERROR(); + goto end; + } + + if (!(keybuf = (unsigned char *)(*env)->GetByteArrayElements(env, key, 0))) { + PRINT_ERROR(); + goto end; + } + keylen = (size_t)(*env)->GetArrayLength(env, key); + + p = keybuf; + if (!(pkey = d2i_PublicKey(type, NULL, &p, keylen))) { + PRINT_ERROR(); + goto end; + } + + /* we can not get ciphertext length from plaintext + * so malloc the max buffer + */ + outlen = inlen + 2048; + if (!(outbuf = malloc(outlen))) { + PRINT_ERROR(); + goto end; + } + + if (!(pkctx = EVP_PKEY_CTX_new(pkey, NULL))) { + PRINT_ERROR(); + goto end; + } + + if (!EVP_PKEY_encrypt_init(pkctx)) { + PRINT_ERROR(); + goto end; + } + + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { + if (!EVP_PKEY_CTX_ctrl_str(pkctx, "ec_encrypt_algor", alg)) { + PRINT_ERROR(); + goto end; + } + } + + if (!EVP_PKEY_encrypt(pkctx, outbuf, &outlen, inbuf, inlen)) { + PRINT_ERROR(); + goto end; + } + + if (!(ret = (*env)->NewByteArray(env, outlen))) { + PRINT_ERROR(); + goto end; + } + + (*env)->SetByteArrayRegion(env, ret, 0, outlen, (jbyte *)outbuf); + +end: + if (alg) (*env)->ReleaseStringUTFChars(env, algor, alg); + if (inbuf) (*env)->ReleaseByteArrayElements(env, in, (jbyte *)inbuf, JNI_ABORT); + if (keybuf) (*env)->ReleaseByteArrayElements(env, key, (jbyte *)keybuf, JNI_ABORT); + if (outbuf) free(outbuf); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pkctx); + return ret; + +} + +JNIEXPORT +jbyteArray JNICALL Java_GmSSL_publicKeyDecrypt(JNIEnv *env, jobject this, + jstring algor, jint flag, jbyteArray in, jbyteArray key) +{ + jbyteArray ret = NULL; + const char *alg = NULL; + unsigned char *inbuf = NULL; + unsigned char *keybuf = NULL; + unsigned char *outbuf = NULL; + size_t inlen, keylen, outlen; + const unsigned char *p; + int type; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pkctx = NULL; + + if (!(alg = (*env)->GetStringUTFChars(env, algor, 0))) { + PRINT_ERROR(); + goto end; + } + if ((type = alg2pktype(alg)) == NID_undef) { + PRINT_ERROR(); + goto end; + } + + if (!(inbuf = (unsigned char *)(*env)->GetByteArrayElements(env, in, 0))) { + PRINT_ERROR(); + goto end; + } + inlen = (size_t)(*env)->GetArrayLength(env, in); + if (inlen <= 0) { + PRINT_ERROR(); + goto end; + } + + if (!(keybuf = (unsigned char *)(*env)->GetByteArrayElements(env, key, 0))) { + PRINT_ERROR(); + goto end; + } + keylen = (size_t)(*env)->GetArrayLength(env, key); + + p = keybuf; + if (!(pkey = d2i_AutoPrivateKey(NULL, &p, keylen))) { + PRINT_ERROR(); + goto end; + } + + outlen = inlen; + if (!(outbuf = malloc(outlen))) { + PRINT_ERROR(); + goto end; + } + + if (!(pkctx = EVP_PKEY_CTX_new(pkey, NULL))) { + PRINT_ERROR(); + goto end; + } + + if (!EVP_PKEY_encrypt_init(pkctx)) { + PRINT_ERROR(); + goto end; + } + + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { + if (!EVP_PKEY_CTX_ctrl_str(pkctx, "ec_encrypt_algor", alg)) { + PRINT_ERROR(); + goto end; + } + } + + if (!EVP_PKEY_encrypt(pkctx, outbuf, &outlen, inbuf, inlen)) { + PRINT_ERROR(); + goto end; + } + + if (!(ret = (*env)->NewByteArray(env, outlen))) { + PRINT_ERROR(); + goto end; + } + + (*env)->SetByteArrayRegion(env, ret, 0, outlen, (jbyte *)outbuf); + +end: + if (alg) (*env)->ReleaseStringUTFChars(env, algor, alg); + if (inbuf) (*env)->ReleaseByteArrayElements(env, in, (jbyte *)inbuf, JNI_ABORT); + if (keybuf) (*env)->ReleaseByteArrayElements(env, key, (jbyte *)keybuf, JNI_ABORT); + if (outbuf) free(outbuf); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pkctx); + return ret; +} + diff --git a/jni/GmSSL.java b/jni/GmSSL.java new file mode 100644 index 00000000..6ec69dfa --- /dev/null +++ b/jni/GmSSL.java @@ -0,0 +1,88 @@ +/* jni/GmSSL.java */ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +public class GmSSL { + + public native byte [] symmetricEncrypt(String algor, int flag, byte [] in, byte [] key, byte [] iv); + public native byte [] symmetricDecrypt(String algor, int flag, byte [] in, byte [] key, byte [] iv); + public native byte [] digest(String algor, int flag, byte [] data); + public native byte [] mac(String algor, int flag, byte [] data, byte [] key); + public native byte [] sign(String algor, int flag, byte [] digest, byte [] privateKey); + public native int verify(String algor, int flag, byte [] digest, byte [] signature, byte [] publicKey); + public native byte [] publicKeyEncrypt(String algor, int flag, byte [] in, byte [] publicKey); + public native byte [] publicKeyDecrypt(String algor, int falg, byte [] in, byte [] privateKey); + + public static void main(String[] args) { + + final GmSSL gmssl = new GmSSL(); + final byte [] key = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; + final byte [] iv = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; + final byte [] data = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; + + /* here we need tests */ + final byte [] ciphertext = gmssl.symmetricEncrypt("SMS4-CBC", 0, data, key, iv); + } + + static { + System.loadLibrary("gmssl"); + } +} + diff --git a/jni/Makefile b/jni/Makefile new file mode 100644 index 00000000..990e5aa6 --- /dev/null +++ b/jni/Makefile @@ -0,0 +1,24 @@ +# maybe a config is required to cross platform + + +all: libgmssl.jnilib + +libgmssl.jnilib: GmSSL.h + gcc -shared -fPIC -Wall -I./jni/ GmSSL.c ../libcrypto.a -o libgmssl.jnilib + +GmSSL.h: GmSSL.class + javah -jni GmSSL + +GmSSL.class: + javac GmSSL.java + +clean: + rm -f GmSSL.h + rm -f *.class + rm -f *.jnilib + rm -f *.o + rm -f a.out + +test: + java -Djava.library.path=. GmSSL + diff --git a/jni/README.md b/jni/README.md new file mode 100644 index 00000000..4e87395e --- /dev/null +++ b/jni/README.md @@ -0,0 +1,12 @@ +## GmSSL Java Wrapper + +Thi purpose of this module is to provide a simple Java API to access GmSSL +crypto library. To be simple, no key schedule or context is used. So the +functions will not be very efficient for processing large files or stream data. +And this module is not intend to be integrated with Java crypto frameworks such +as JCE. + +The implementation is based on the Java Native Interface (JNI). The JNI header +files are also included, but you can replace them with version from you own +compiling environment. + diff --git a/jni/jni/jni.h b/jni/jni/jni.h new file mode 100644 index 00000000..b56fb7fc --- /dev/null +++ b/jni/jni/jni.h @@ -0,0 +1,1961 @@ +/* + * @(#)jni.h 1.62 06/02/02 + * + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. + */ + +/* + * We used part of Netscape's Java Runtime Interface (JRI) as the starting + * point of our design and implementation. + */ + +/****************************************************************************** + * Java Runtime Interface + * Copyright (c) 1996 Netscape Communications Corporation. All rights reserved. + *****************************************************************************/ + +#ifndef _JAVASOFT_JNI_H_ +#define _JAVASOFT_JNI_H_ + +#include +#include + +/* jni_md.h contains the machine-dependent typedefs for jbyte, jint + and jlong */ + +#include "jni_md.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * JNI Types + */ + +#ifndef JNI_TYPES_ALREADY_DEFINED_IN_JNI_MD_H + +typedef unsigned char jboolean; +typedef unsigned short jchar; +typedef short jshort; +typedef float jfloat; +typedef double jdouble; + +typedef jint jsize; + +#ifdef __cplusplus + +class _jobject {}; +class _jclass : public _jobject {}; +class _jthrowable : public _jobject {}; +class _jstring : public _jobject {}; +class _jarray : public _jobject {}; +class _jbooleanArray : public _jarray {}; +class _jbyteArray : public _jarray {}; +class _jcharArray : public _jarray {}; +class _jshortArray : public _jarray {}; +class _jintArray : public _jarray {}; +class _jlongArray : public _jarray {}; +class _jfloatArray : public _jarray {}; +class _jdoubleArray : public _jarray {}; +class _jobjectArray : public _jarray {}; + +typedef _jobject *jobject; +typedef _jclass *jclass; +typedef _jthrowable *jthrowable; +typedef _jstring *jstring; +typedef _jarray *jarray; +typedef _jbooleanArray *jbooleanArray; +typedef _jbyteArray *jbyteArray; +typedef _jcharArray *jcharArray; +typedef _jshortArray *jshortArray; +typedef _jintArray *jintArray; +typedef _jlongArray *jlongArray; +typedef _jfloatArray *jfloatArray; +typedef _jdoubleArray *jdoubleArray; +typedef _jobjectArray *jobjectArray; + +#else + +struct _jobject; + +typedef struct _jobject *jobject; +typedef jobject jclass; +typedef jobject jthrowable; +typedef jobject jstring; +typedef jobject jarray; +typedef jarray jbooleanArray; +typedef jarray jbyteArray; +typedef jarray jcharArray; +typedef jarray jshortArray; +typedef jarray jintArray; +typedef jarray jlongArray; +typedef jarray jfloatArray; +typedef jarray jdoubleArray; +typedef jarray jobjectArray; + +#endif + +typedef jobject jweak; + +typedef union jvalue { + jboolean z; + jbyte b; + jchar c; + jshort s; + jint i; + jlong j; + jfloat f; + jdouble d; + jobject l; +} jvalue; + +struct _jfieldID; +typedef struct _jfieldID *jfieldID; + +struct _jmethodID; +typedef struct _jmethodID *jmethodID; + +/* Return values from jobjectRefType */ +typedef enum _jobjectType { + JNIInvalidRefType = 0, + JNILocalRefType = 1, + JNIGlobalRefType = 2, + JNIWeakGlobalRefType = 3 +} jobjectRefType; + + +#endif /* JNI_TYPES_ALREADY_DEFINED_IN_JNI_MD_H */ + +/* + * jboolean constants + */ + +#define JNI_FALSE 0 +#define JNI_TRUE 1 + +/* + * possible return values for JNI functions. + */ + +#define JNI_OK 0 /* success */ +#define JNI_ERR (-1) /* unknown error */ +#define JNI_EDETACHED (-2) /* thread detached from the VM */ +#define JNI_EVERSION (-3) /* JNI version error */ +#define JNI_ENOMEM (-4) /* not enough memory */ +#define JNI_EEXIST (-5) /* VM already created */ +#define JNI_EINVAL (-6) /* invalid arguments */ + +/* + * used in ReleaseScalarArrayElements + */ + +#define JNI_COMMIT 1 +#define JNI_ABORT 2 + +/* + * used in RegisterNatives to describe native method name, signature, + * and function pointer. + */ + +typedef struct { + char *name; + char *signature; + void *fnPtr; +} JNINativeMethod; + +/* + * JNI Native Method Interface. + */ + +struct JNINativeInterface_; + +struct JNIEnv_; + +#ifdef __cplusplus +typedef JNIEnv_ JNIEnv; +#else +typedef const struct JNINativeInterface_ *JNIEnv; +#endif + +/* + * JNI Invocation Interface. + */ + +struct JNIInvokeInterface_; + +struct JavaVM_; + +#ifdef __cplusplus +typedef JavaVM_ JavaVM; +#else +typedef const struct JNIInvokeInterface_ *JavaVM; +#endif + +struct JNINativeInterface_ { + void *reserved0; + void *reserved1; + void *reserved2; + + void *reserved3; + +#if !TARGET_RT_MAC_CFM && defined(__ppc__) + void* cfm_vectors[225]; +#endif /* !TARGET_RT_MAC_CFM && defined(__ppc__) */ + + jint (JNICALL *GetVersion)(JNIEnv *env); + + jclass (JNICALL *DefineClass) + (JNIEnv *env, const char *name, jobject loader, const jbyte *buf, + jsize len); + jclass (JNICALL *FindClass) + (JNIEnv *env, const char *name); + + jmethodID (JNICALL *FromReflectedMethod) + (JNIEnv *env, jobject method); + jfieldID (JNICALL *FromReflectedField) + (JNIEnv *env, jobject field); + + jobject (JNICALL *ToReflectedMethod) + (JNIEnv *env, jclass cls, jmethodID methodID, jboolean isStatic); + + jclass (JNICALL *GetSuperclass) + (JNIEnv *env, jclass sub); + jboolean (JNICALL *IsAssignableFrom) + (JNIEnv *env, jclass sub, jclass sup); + + jobject (JNICALL *ToReflectedField) + (JNIEnv *env, jclass cls, jfieldID fieldID, jboolean isStatic); + + jint (JNICALL *Throw) + (JNIEnv *env, jthrowable obj); + jint (JNICALL *ThrowNew) + (JNIEnv *env, jclass clazz, const char *msg); + jthrowable (JNICALL *ExceptionOccurred) + (JNIEnv *env); + void (JNICALL *ExceptionDescribe) + (JNIEnv *env); + void (JNICALL *ExceptionClear) + (JNIEnv *env); + void (JNICALL *FatalError) + (JNIEnv *env, const char *msg); + + jint (JNICALL *PushLocalFrame) + (JNIEnv *env, jint capacity); + jobject (JNICALL *PopLocalFrame) + (JNIEnv *env, jobject result); + + jobject (JNICALL *NewGlobalRef) + (JNIEnv *env, jobject lobj); + void (JNICALL *DeleteGlobalRef) + (JNIEnv *env, jobject gref); + void (JNICALL *DeleteLocalRef) + (JNIEnv *env, jobject obj); + jboolean (JNICALL *IsSameObject) + (JNIEnv *env, jobject obj1, jobject obj2); + jobject (JNICALL *NewLocalRef) + (JNIEnv *env, jobject ref); + jint (JNICALL *EnsureLocalCapacity) + (JNIEnv *env, jint capacity); + + jobject (JNICALL *AllocObject) + (JNIEnv *env, jclass clazz); + jobject (JNICALL *NewObject) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jobject (JNICALL *NewObjectV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jobject (JNICALL *NewObjectA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jclass (JNICALL *GetObjectClass) + (JNIEnv *env, jobject obj); + jboolean (JNICALL *IsInstanceOf) + (JNIEnv *env, jobject obj, jclass clazz); + + jmethodID (JNICALL *GetMethodID) + (JNIEnv *env, jclass clazz, const char *name, const char *sig); + + jobject (JNICALL *CallObjectMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jobject (JNICALL *CallObjectMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jobject (JNICALL *CallObjectMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue * args); + + jboolean (JNICALL *CallBooleanMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jboolean (JNICALL *CallBooleanMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jboolean (JNICALL *CallBooleanMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue * args); + + jbyte (JNICALL *CallByteMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jbyte (JNICALL *CallByteMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jbyte (JNICALL *CallByteMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue *args); + + jchar (JNICALL *CallCharMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jchar (JNICALL *CallCharMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jchar (JNICALL *CallCharMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue *args); + + jshort (JNICALL *CallShortMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jshort (JNICALL *CallShortMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jshort (JNICALL *CallShortMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue *args); + + jint (JNICALL *CallIntMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jint (JNICALL *CallIntMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jint (JNICALL *CallIntMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue *args); + + jlong (JNICALL *CallLongMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jlong (JNICALL *CallLongMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jlong (JNICALL *CallLongMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue *args); + + jfloat (JNICALL *CallFloatMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jfloat (JNICALL *CallFloatMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jfloat (JNICALL *CallFloatMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue *args); + + jdouble (JNICALL *CallDoubleMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + jdouble (JNICALL *CallDoubleMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + jdouble (JNICALL *CallDoubleMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue *args); + + void (JNICALL *CallVoidMethod) + (JNIEnv *env, jobject obj, jmethodID methodID, ...); + void (JNICALL *CallVoidMethodV) + (JNIEnv *env, jobject obj, jmethodID methodID, va_list args); + void (JNICALL *CallVoidMethodA) + (JNIEnv *env, jobject obj, jmethodID methodID, const jvalue * args); + + jobject (JNICALL *CallNonvirtualObjectMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jobject (JNICALL *CallNonvirtualObjectMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jobject (JNICALL *CallNonvirtualObjectMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue * args); + + jboolean (JNICALL *CallNonvirtualBooleanMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jboolean (JNICALL *CallNonvirtualBooleanMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jboolean (JNICALL *CallNonvirtualBooleanMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue * args); + + jbyte (JNICALL *CallNonvirtualByteMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jbyte (JNICALL *CallNonvirtualByteMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jbyte (JNICALL *CallNonvirtualByteMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue *args); + + jchar (JNICALL *CallNonvirtualCharMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jchar (JNICALL *CallNonvirtualCharMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jchar (JNICALL *CallNonvirtualCharMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue *args); + + jshort (JNICALL *CallNonvirtualShortMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jshort (JNICALL *CallNonvirtualShortMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jshort (JNICALL *CallNonvirtualShortMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue *args); + + jint (JNICALL *CallNonvirtualIntMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jint (JNICALL *CallNonvirtualIntMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jint (JNICALL *CallNonvirtualIntMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue *args); + + jlong (JNICALL *CallNonvirtualLongMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jlong (JNICALL *CallNonvirtualLongMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jlong (JNICALL *CallNonvirtualLongMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue *args); + + jfloat (JNICALL *CallNonvirtualFloatMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jfloat (JNICALL *CallNonvirtualFloatMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jfloat (JNICALL *CallNonvirtualFloatMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue *args); + + jdouble (JNICALL *CallNonvirtualDoubleMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + jdouble (JNICALL *CallNonvirtualDoubleMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + jdouble (JNICALL *CallNonvirtualDoubleMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue *args); + + void (JNICALL *CallNonvirtualVoidMethod) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, ...); + void (JNICALL *CallNonvirtualVoidMethodV) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + va_list args); + void (JNICALL *CallNonvirtualVoidMethodA) + (JNIEnv *env, jobject obj, jclass clazz, jmethodID methodID, + const jvalue * args); + + jfieldID (JNICALL *GetFieldID) + (JNIEnv *env, jclass clazz, const char *name, const char *sig); + + jobject (JNICALL *GetObjectField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + jboolean (JNICALL *GetBooleanField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + jbyte (JNICALL *GetByteField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + jchar (JNICALL *GetCharField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + jshort (JNICALL *GetShortField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + jint (JNICALL *GetIntField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + jlong (JNICALL *GetLongField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + jfloat (JNICALL *GetFloatField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + jdouble (JNICALL *GetDoubleField) + (JNIEnv *env, jobject obj, jfieldID fieldID); + + void (JNICALL *SetObjectField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jobject val); + void (JNICALL *SetBooleanField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jboolean val); + void (JNICALL *SetByteField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jbyte val); + void (JNICALL *SetCharField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jchar val); + void (JNICALL *SetShortField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jshort val); + void (JNICALL *SetIntField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jint val); + void (JNICALL *SetLongField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jlong val); + void (JNICALL *SetFloatField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jfloat val); + void (JNICALL *SetDoubleField) + (JNIEnv *env, jobject obj, jfieldID fieldID, jdouble val); + + jmethodID (JNICALL *GetStaticMethodID) + (JNIEnv *env, jclass clazz, const char *name, const char *sig); + + jobject (JNICALL *CallStaticObjectMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jobject (JNICALL *CallStaticObjectMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jobject (JNICALL *CallStaticObjectMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jboolean (JNICALL *CallStaticBooleanMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jboolean (JNICALL *CallStaticBooleanMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jboolean (JNICALL *CallStaticBooleanMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jbyte (JNICALL *CallStaticByteMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jbyte (JNICALL *CallStaticByteMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jbyte (JNICALL *CallStaticByteMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jchar (JNICALL *CallStaticCharMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jchar (JNICALL *CallStaticCharMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jchar (JNICALL *CallStaticCharMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jshort (JNICALL *CallStaticShortMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jshort (JNICALL *CallStaticShortMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jshort (JNICALL *CallStaticShortMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jint (JNICALL *CallStaticIntMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jint (JNICALL *CallStaticIntMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jint (JNICALL *CallStaticIntMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jlong (JNICALL *CallStaticLongMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jlong (JNICALL *CallStaticLongMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jlong (JNICALL *CallStaticLongMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jfloat (JNICALL *CallStaticFloatMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jfloat (JNICALL *CallStaticFloatMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jfloat (JNICALL *CallStaticFloatMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + jdouble (JNICALL *CallStaticDoubleMethod) + (JNIEnv *env, jclass clazz, jmethodID methodID, ...); + jdouble (JNICALL *CallStaticDoubleMethodV) + (JNIEnv *env, jclass clazz, jmethodID methodID, va_list args); + jdouble (JNICALL *CallStaticDoubleMethodA) + (JNIEnv *env, jclass clazz, jmethodID methodID, const jvalue *args); + + void (JNICALL *CallStaticVoidMethod) + (JNIEnv *env, jclass cls, jmethodID methodID, ...); + void (JNICALL *CallStaticVoidMethodV) + (JNIEnv *env, jclass cls, jmethodID methodID, va_list args); + void (JNICALL *CallStaticVoidMethodA) + (JNIEnv *env, jclass cls, jmethodID methodID, const jvalue * args); + + jfieldID (JNICALL *GetStaticFieldID) + (JNIEnv *env, jclass clazz, const char *name, const char *sig); + jobject (JNICALL *GetStaticObjectField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + jboolean (JNICALL *GetStaticBooleanField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + jbyte (JNICALL *GetStaticByteField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + jchar (JNICALL *GetStaticCharField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + jshort (JNICALL *GetStaticShortField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + jint (JNICALL *GetStaticIntField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + jlong (JNICALL *GetStaticLongField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + jfloat (JNICALL *GetStaticFloatField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + jdouble (JNICALL *GetStaticDoubleField) + (JNIEnv *env, jclass clazz, jfieldID fieldID); + + void (JNICALL *SetStaticObjectField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jobject value); + void (JNICALL *SetStaticBooleanField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jboolean value); + void (JNICALL *SetStaticByteField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jbyte value); + void (JNICALL *SetStaticCharField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jchar value); + void (JNICALL *SetStaticShortField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jshort value); + void (JNICALL *SetStaticIntField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jint value); + void (JNICALL *SetStaticLongField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jlong value); + void (JNICALL *SetStaticFloatField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jfloat value); + void (JNICALL *SetStaticDoubleField) + (JNIEnv *env, jclass clazz, jfieldID fieldID, jdouble value); + + jstring (JNICALL *NewString) + (JNIEnv *env, const jchar *unicode, jsize len); + jsize (JNICALL *GetStringLength) + (JNIEnv *env, jstring str); + const jchar *(JNICALL *GetStringChars) + (JNIEnv *env, jstring str, jboolean *isCopy); + void (JNICALL *ReleaseStringChars) + (JNIEnv *env, jstring str, const jchar *chars); + + jstring (JNICALL *NewStringUTF) + (JNIEnv *env, const char *utf); + jsize (JNICALL *GetStringUTFLength) + (JNIEnv *env, jstring str); + const char* (JNICALL *GetStringUTFChars) + (JNIEnv *env, jstring str, jboolean *isCopy); + void (JNICALL *ReleaseStringUTFChars) + (JNIEnv *env, jstring str, const char* chars); + + + jsize (JNICALL *GetArrayLength) + (JNIEnv *env, jarray array); + + jobjectArray (JNICALL *NewObjectArray) + (JNIEnv *env, jsize len, jclass clazz, jobject init); + jobject (JNICALL *GetObjectArrayElement) + (JNIEnv *env, jobjectArray array, jsize index); + void (JNICALL *SetObjectArrayElement) + (JNIEnv *env, jobjectArray array, jsize index, jobject val); + + jbooleanArray (JNICALL *NewBooleanArray) + (JNIEnv *env, jsize len); + jbyteArray (JNICALL *NewByteArray) + (JNIEnv *env, jsize len); + jcharArray (JNICALL *NewCharArray) + (JNIEnv *env, jsize len); + jshortArray (JNICALL *NewShortArray) + (JNIEnv *env, jsize len); + jintArray (JNICALL *NewIntArray) + (JNIEnv *env, jsize len); + jlongArray (JNICALL *NewLongArray) + (JNIEnv *env, jsize len); + jfloatArray (JNICALL *NewFloatArray) + (JNIEnv *env, jsize len); + jdoubleArray (JNICALL *NewDoubleArray) + (JNIEnv *env, jsize len); + + jboolean * (JNICALL *GetBooleanArrayElements) + (JNIEnv *env, jbooleanArray array, jboolean *isCopy); + jbyte * (JNICALL *GetByteArrayElements) + (JNIEnv *env, jbyteArray array, jboolean *isCopy); + jchar * (JNICALL *GetCharArrayElements) + (JNIEnv *env, jcharArray array, jboolean *isCopy); + jshort * (JNICALL *GetShortArrayElements) + (JNIEnv *env, jshortArray array, jboolean *isCopy); + jint * (JNICALL *GetIntArrayElements) + (JNIEnv *env, jintArray array, jboolean *isCopy); + jlong * (JNICALL *GetLongArrayElements) + (JNIEnv *env, jlongArray array, jboolean *isCopy); + jfloat * (JNICALL *GetFloatArrayElements) + (JNIEnv *env, jfloatArray array, jboolean *isCopy); + jdouble * (JNICALL *GetDoubleArrayElements) + (JNIEnv *env, jdoubleArray array, jboolean *isCopy); + + void (JNICALL *ReleaseBooleanArrayElements) + (JNIEnv *env, jbooleanArray array, jboolean *elems, jint mode); + void (JNICALL *ReleaseByteArrayElements) + (JNIEnv *env, jbyteArray array, jbyte *elems, jint mode); + void (JNICALL *ReleaseCharArrayElements) + (JNIEnv *env, jcharArray array, jchar *elems, jint mode); + void (JNICALL *ReleaseShortArrayElements) + (JNIEnv *env, jshortArray array, jshort *elems, jint mode); + void (JNICALL *ReleaseIntArrayElements) + (JNIEnv *env, jintArray array, jint *elems, jint mode); + void (JNICALL *ReleaseLongArrayElements) + (JNIEnv *env, jlongArray array, jlong *elems, jint mode); + void (JNICALL *ReleaseFloatArrayElements) + (JNIEnv *env, jfloatArray array, jfloat *elems, jint mode); + void (JNICALL *ReleaseDoubleArrayElements) + (JNIEnv *env, jdoubleArray array, jdouble *elems, jint mode); + + void (JNICALL *GetBooleanArrayRegion) + (JNIEnv *env, jbooleanArray array, jsize start, jsize l, jboolean *buf); + void (JNICALL *GetByteArrayRegion) + (JNIEnv *env, jbyteArray array, jsize start, jsize len, jbyte *buf); + void (JNICALL *GetCharArrayRegion) + (JNIEnv *env, jcharArray array, jsize start, jsize len, jchar *buf); + void (JNICALL *GetShortArrayRegion) + (JNIEnv *env, jshortArray array, jsize start, jsize len, jshort *buf); + void (JNICALL *GetIntArrayRegion) + (JNIEnv *env, jintArray array, jsize start, jsize len, jint *buf); + void (JNICALL *GetLongArrayRegion) + (JNIEnv *env, jlongArray array, jsize start, jsize len, jlong *buf); + void (JNICALL *GetFloatArrayRegion) + (JNIEnv *env, jfloatArray array, jsize start, jsize len, jfloat *buf); + void (JNICALL *GetDoubleArrayRegion) + (JNIEnv *env, jdoubleArray array, jsize start, jsize len, jdouble *buf); + + void (JNICALL *SetBooleanArrayRegion) + (JNIEnv *env, jbooleanArray array, jsize start, jsize l, const jboolean *buf); + void (JNICALL *SetByteArrayRegion) + (JNIEnv *env, jbyteArray array, jsize start, jsize len, const jbyte *buf); + void (JNICALL *SetCharArrayRegion) + (JNIEnv *env, jcharArray array, jsize start, jsize len, const jchar *buf); + void (JNICALL *SetShortArrayRegion) + (JNIEnv *env, jshortArray array, jsize start, jsize len, const jshort *buf); + void (JNICALL *SetIntArrayRegion) + (JNIEnv *env, jintArray array, jsize start, jsize len, const jint *buf); + void (JNICALL *SetLongArrayRegion) + (JNIEnv *env, jlongArray array, jsize start, jsize len, const jlong *buf); + void (JNICALL *SetFloatArrayRegion) + (JNIEnv *env, jfloatArray array, jsize start, jsize len, const jfloat *buf); + void (JNICALL *SetDoubleArrayRegion) + (JNIEnv *env, jdoubleArray array, jsize start, jsize len, const jdouble *buf); + + jint (JNICALL *RegisterNatives) + (JNIEnv *env, jclass clazz, const JNINativeMethod *methods, + jint nMethods); + jint (JNICALL *UnregisterNatives) + (JNIEnv *env, jclass clazz); + + jint (JNICALL *MonitorEnter) + (JNIEnv *env, jobject obj); + jint (JNICALL *MonitorExit) + (JNIEnv *env, jobject obj); + + jint (JNICALL *GetJavaVM) + (JNIEnv *env, JavaVM **vm); + + void (JNICALL *GetStringRegion) + (JNIEnv *env, jstring str, jsize start, jsize len, jchar *buf); + void (JNICALL *GetStringUTFRegion) + (JNIEnv *env, jstring str, jsize start, jsize len, char *buf); + + void * (JNICALL *GetPrimitiveArrayCritical) + (JNIEnv *env, jarray array, jboolean *isCopy); + void (JNICALL *ReleasePrimitiveArrayCritical) + (JNIEnv *env, jarray array, void *carray, jint mode); + + const jchar * (JNICALL *GetStringCritical) + (JNIEnv *env, jstring string, jboolean *isCopy); + void (JNICALL *ReleaseStringCritical) + (JNIEnv *env, jstring string, const jchar *cstring); + + jweak (JNICALL *NewWeakGlobalRef) + (JNIEnv *env, jobject obj); + void (JNICALL *DeleteWeakGlobalRef) + (JNIEnv *env, jweak ref); + + jboolean (JNICALL *ExceptionCheck) + (JNIEnv *env); + + jobject (JNICALL *NewDirectByteBuffer) + (JNIEnv* env, void* address, jlong capacity); + void* (JNICALL *GetDirectBufferAddress) + (JNIEnv* env, jobject buf); + jlong (JNICALL *GetDirectBufferCapacity) + (JNIEnv* env, jobject buf); + + /* New JNI 1.6 Features */ + + jobjectRefType (JNICALL *GetObjectRefType) + (JNIEnv* env, jobject obj); + + #if TARGET_RT_MAC_CFM && defined(__ppc__) + void* real_functions[228]; + #endif /* TARGET_RT_MAC_CFM && defined(__ppc__) */ +}; + +/* + * We use inlined functions for C++ so that programmers can write: + * + * env->FindClass("java/lang/String") + * + * in C++ rather than: + * + * (*env)->FindClass(env, "java/lang/String") + * + * in C. + */ + +struct JNIEnv_ { + const struct JNINativeInterface_ *functions; +#ifdef __cplusplus + + jint GetVersion() { + return functions->GetVersion(this); + } + jclass DefineClass(const char *name, jobject loader, const jbyte *buf, + jsize len) { + return functions->DefineClass(this, name, loader, buf, len); + } + jclass FindClass(const char *name) { + return functions->FindClass(this, name); + } + jmethodID FromReflectedMethod(jobject method) { + return functions->FromReflectedMethod(this,method); + } + jfieldID FromReflectedField(jobject field) { + return functions->FromReflectedField(this,field); + } + + jobject ToReflectedMethod(jclass cls, jmethodID methodID, jboolean isStatic) { + return functions->ToReflectedMethod(this, cls, methodID, isStatic); + } + + jclass GetSuperclass(jclass sub) { + return functions->GetSuperclass(this, sub); + } + jboolean IsAssignableFrom(jclass sub, jclass sup) { + return functions->IsAssignableFrom(this, sub, sup); + } + + jobject ToReflectedField(jclass cls, jfieldID fieldID, jboolean isStatic) { + return functions->ToReflectedField(this,cls,fieldID,isStatic); + } + + jint Throw(jthrowable obj) { + return functions->Throw(this, obj); + } + jint ThrowNew(jclass clazz, const char *msg) { + return functions->ThrowNew(this, clazz, msg); + } + jthrowable ExceptionOccurred() { + return functions->ExceptionOccurred(this); + } + void ExceptionDescribe() { + functions->ExceptionDescribe(this); + } + void ExceptionClear() { + functions->ExceptionClear(this); + } + void FatalError(const char *msg) { + functions->FatalError(this, msg); + } + + jint PushLocalFrame(jint capacity) { + return functions->PushLocalFrame(this,capacity); + } + jobject PopLocalFrame(jobject result) { + return functions->PopLocalFrame(this,result); + } + + jobject NewGlobalRef(jobject lobj) { + return functions->NewGlobalRef(this,lobj); + } + void DeleteGlobalRef(jobject gref) { + functions->DeleteGlobalRef(this,gref); + } + void DeleteLocalRef(jobject obj) { + functions->DeleteLocalRef(this, obj); + } + + jboolean IsSameObject(jobject obj1, jobject obj2) { + return functions->IsSameObject(this,obj1,obj2); + } + + jobject NewLocalRef(jobject ref) { + return functions->NewLocalRef(this,ref); + } + jint EnsureLocalCapacity(jint capacity) { + return functions->EnsureLocalCapacity(this,capacity); + } + + jobject AllocObject(jclass clazz) { + return functions->AllocObject(this,clazz); + } + jobject NewObject(jclass clazz, jmethodID methodID, ...) { + va_list args; + jobject result; + va_start(args, methodID); + result = functions->NewObjectV(this,clazz,methodID,args); + va_end(args); + return result; + } + jobject NewObjectV(jclass clazz, jmethodID methodID, + va_list args) { + return functions->NewObjectV(this,clazz,methodID,args); + } + jobject NewObjectA(jclass clazz, jmethodID methodID, + const jvalue *args) { + return functions->NewObjectA(this,clazz,methodID,args); + } + + jclass GetObjectClass(jobject obj) { + return functions->GetObjectClass(this,obj); + } + jboolean IsInstanceOf(jobject obj, jclass clazz) { + return functions->IsInstanceOf(this,obj,clazz); + } + + jmethodID GetMethodID(jclass clazz, const char *name, + const char *sig) { + return functions->GetMethodID(this,clazz,name,sig); + } + + jobject CallObjectMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + jobject result; + va_start(args,methodID); + result = functions->CallObjectMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jobject CallObjectMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallObjectMethodV(this,obj,methodID,args); + } + jobject CallObjectMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallObjectMethodA(this,obj,methodID,args); + } + + jboolean CallBooleanMethod(jobject obj, + jmethodID methodID, ...) { + va_list args; + jboolean result; + va_start(args,methodID); + result = functions->CallBooleanMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jboolean CallBooleanMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallBooleanMethodV(this,obj,methodID,args); + } + jboolean CallBooleanMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallBooleanMethodA(this,obj,methodID, args); + } + + jbyte CallByteMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + jbyte result; + va_start(args,methodID); + result = functions->CallByteMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jbyte CallByteMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallByteMethodV(this,obj,methodID,args); + } + jbyte CallByteMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallByteMethodA(this,obj,methodID,args); + } + + jchar CallCharMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + jchar result; + va_start(args,methodID); + result = functions->CallCharMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jchar CallCharMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallCharMethodV(this,obj,methodID,args); + } + jchar CallCharMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallCharMethodA(this,obj,methodID,args); + } + + jshort CallShortMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + jshort result; + va_start(args,methodID); + result = functions->CallShortMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jshort CallShortMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallShortMethodV(this,obj,methodID,args); + } + jshort CallShortMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallShortMethodA(this,obj,methodID,args); + } + + jint CallIntMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + jint result; + va_start(args,methodID); + result = functions->CallIntMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jint CallIntMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallIntMethodV(this,obj,methodID,args); + } + jint CallIntMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallIntMethodA(this,obj,methodID,args); + } + + jlong CallLongMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + jlong result; + va_start(args,methodID); + result = functions->CallLongMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jlong CallLongMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallLongMethodV(this,obj,methodID,args); + } + jlong CallLongMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallLongMethodA(this,obj,methodID,args); + } + + jfloat CallFloatMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + jfloat result; + va_start(args,methodID); + result = functions->CallFloatMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jfloat CallFloatMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallFloatMethodV(this,obj,methodID,args); + } + jfloat CallFloatMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallFloatMethodA(this,obj,methodID,args); + } + + jdouble CallDoubleMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + jdouble result; + va_start(args,methodID); + result = functions->CallDoubleMethodV(this,obj,methodID,args); + va_end(args); + return result; + } + jdouble CallDoubleMethodV(jobject obj, jmethodID methodID, + va_list args) { + return functions->CallDoubleMethodV(this,obj,methodID,args); + } + jdouble CallDoubleMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + return functions->CallDoubleMethodA(this,obj,methodID,args); + } + + void CallVoidMethod(jobject obj, jmethodID methodID, ...) { + va_list args; + va_start(args,methodID); + functions->CallVoidMethodV(this,obj,methodID,args); + va_end(args); + } + void CallVoidMethodV(jobject obj, jmethodID methodID, + va_list args) { + functions->CallVoidMethodV(this,obj,methodID,args); + } + void CallVoidMethodA(jobject obj, jmethodID methodID, + const jvalue * args) { + functions->CallVoidMethodA(this,obj,methodID,args); + } + + jobject CallNonvirtualObjectMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jobject result; + va_start(args,methodID); + result = functions->CallNonvirtualObjectMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jobject CallNonvirtualObjectMethodV(jobject obj, jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallNonvirtualObjectMethodV(this,obj,clazz, + methodID,args); + } + jobject CallNonvirtualObjectMethodA(jobject obj, jclass clazz, + jmethodID methodID, const jvalue * args) { + return functions->CallNonvirtualObjectMethodA(this,obj,clazz, + methodID,args); + } + + jboolean CallNonvirtualBooleanMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jboolean result; + va_start(args,methodID); + result = functions->CallNonvirtualBooleanMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jboolean CallNonvirtualBooleanMethodV(jobject obj, jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallNonvirtualBooleanMethodV(this,obj,clazz, + methodID,args); + } + jboolean CallNonvirtualBooleanMethodA(jobject obj, jclass clazz, + jmethodID methodID, const jvalue * args) { + return functions->CallNonvirtualBooleanMethodA(this,obj,clazz, + methodID, args); + } + + jbyte CallNonvirtualByteMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jbyte result; + va_start(args,methodID); + result = functions->CallNonvirtualByteMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jbyte CallNonvirtualByteMethodV(jobject obj, jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallNonvirtualByteMethodV(this,obj,clazz, + methodID,args); + } + jbyte CallNonvirtualByteMethodA(jobject obj, jclass clazz, + jmethodID methodID, const jvalue * args) { + return functions->CallNonvirtualByteMethodA(this,obj,clazz, + methodID,args); + } + + jchar CallNonvirtualCharMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jchar result; + va_start(args,methodID); + result = functions->CallNonvirtualCharMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jchar CallNonvirtualCharMethodV(jobject obj, jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallNonvirtualCharMethodV(this,obj,clazz, + methodID,args); + } + jchar CallNonvirtualCharMethodA(jobject obj, jclass clazz, + jmethodID methodID, const jvalue * args) { + return functions->CallNonvirtualCharMethodA(this,obj,clazz, + methodID,args); + } + + jshort CallNonvirtualShortMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jshort result; + va_start(args,methodID); + result = functions->CallNonvirtualShortMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jshort CallNonvirtualShortMethodV(jobject obj, jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallNonvirtualShortMethodV(this,obj,clazz, + methodID,args); + } + jshort CallNonvirtualShortMethodA(jobject obj, jclass clazz, + jmethodID methodID, const jvalue * args) { + return functions->CallNonvirtualShortMethodA(this,obj,clazz, + methodID,args); + } + + jint CallNonvirtualIntMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jint result; + va_start(args,methodID); + result = functions->CallNonvirtualIntMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jint CallNonvirtualIntMethodV(jobject obj, jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallNonvirtualIntMethodV(this,obj,clazz, + methodID,args); + } + jint CallNonvirtualIntMethodA(jobject obj, jclass clazz, + jmethodID methodID, const jvalue * args) { + return functions->CallNonvirtualIntMethodA(this,obj,clazz, + methodID,args); + } + + jlong CallNonvirtualLongMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jlong result; + va_start(args,methodID); + result = functions->CallNonvirtualLongMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jlong CallNonvirtualLongMethodV(jobject obj, jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallNonvirtualLongMethodV(this,obj,clazz, + methodID,args); + } + jlong CallNonvirtualLongMethodA(jobject obj, jclass clazz, + jmethodID methodID, const jvalue * args) { + return functions->CallNonvirtualLongMethodA(this,obj,clazz, + methodID,args); + } + + jfloat CallNonvirtualFloatMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jfloat result; + va_start(args,methodID); + result = functions->CallNonvirtualFloatMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jfloat CallNonvirtualFloatMethodV(jobject obj, jclass clazz, + jmethodID methodID, + va_list args) { + return functions->CallNonvirtualFloatMethodV(this,obj,clazz, + methodID,args); + } + jfloat CallNonvirtualFloatMethodA(jobject obj, jclass clazz, + jmethodID methodID, + const jvalue * args) { + return functions->CallNonvirtualFloatMethodA(this,obj,clazz, + methodID,args); + } + + jdouble CallNonvirtualDoubleMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + jdouble result; + va_start(args,methodID); + result = functions->CallNonvirtualDoubleMethodV(this,obj,clazz, + methodID,args); + va_end(args); + return result; + } + jdouble CallNonvirtualDoubleMethodV(jobject obj, jclass clazz, + jmethodID methodID, + va_list args) { + return functions->CallNonvirtualDoubleMethodV(this,obj,clazz, + methodID,args); + } + jdouble CallNonvirtualDoubleMethodA(jobject obj, jclass clazz, + jmethodID methodID, + const jvalue * args) { + return functions->CallNonvirtualDoubleMethodA(this,obj,clazz, + methodID,args); + } + + void CallNonvirtualVoidMethod(jobject obj, jclass clazz, + jmethodID methodID, ...) { + va_list args; + va_start(args,methodID); + functions->CallNonvirtualVoidMethodV(this,obj,clazz,methodID,args); + va_end(args); + } + void CallNonvirtualVoidMethodV(jobject obj, jclass clazz, + jmethodID methodID, + va_list args) { + functions->CallNonvirtualVoidMethodV(this,obj,clazz,methodID,args); + } + void CallNonvirtualVoidMethodA(jobject obj, jclass clazz, + jmethodID methodID, + const jvalue * args) { + functions->CallNonvirtualVoidMethodA(this,obj,clazz,methodID,args); + } + + jfieldID GetFieldID(jclass clazz, const char *name, + const char *sig) { + return functions->GetFieldID(this,clazz,name,sig); + } + + jobject GetObjectField(jobject obj, jfieldID fieldID) { + return functions->GetObjectField(this,obj,fieldID); + } + jboolean GetBooleanField(jobject obj, jfieldID fieldID) { + return functions->GetBooleanField(this,obj,fieldID); + } + jbyte GetByteField(jobject obj, jfieldID fieldID) { + return functions->GetByteField(this,obj,fieldID); + } + jchar GetCharField(jobject obj, jfieldID fieldID) { + return functions->GetCharField(this,obj,fieldID); + } + jshort GetShortField(jobject obj, jfieldID fieldID) { + return functions->GetShortField(this,obj,fieldID); + } + jint GetIntField(jobject obj, jfieldID fieldID) { + return functions->GetIntField(this,obj,fieldID); + } + jlong GetLongField(jobject obj, jfieldID fieldID) { + return functions->GetLongField(this,obj,fieldID); + } + jfloat GetFloatField(jobject obj, jfieldID fieldID) { + return functions->GetFloatField(this,obj,fieldID); + } + jdouble GetDoubleField(jobject obj, jfieldID fieldID) { + return functions->GetDoubleField(this,obj,fieldID); + } + + void SetObjectField(jobject obj, jfieldID fieldID, jobject val) { + functions->SetObjectField(this,obj,fieldID,val); + } + void SetBooleanField(jobject obj, jfieldID fieldID, + jboolean val) { + functions->SetBooleanField(this,obj,fieldID,val); + } + void SetByteField(jobject obj, jfieldID fieldID, + jbyte val) { + functions->SetByteField(this,obj,fieldID,val); + } + void SetCharField(jobject obj, jfieldID fieldID, + jchar val) { + functions->SetCharField(this,obj,fieldID,val); + } + void SetShortField(jobject obj, jfieldID fieldID, + jshort val) { + functions->SetShortField(this,obj,fieldID,val); + } + void SetIntField(jobject obj, jfieldID fieldID, + jint val) { + functions->SetIntField(this,obj,fieldID,val); + } + void SetLongField(jobject obj, jfieldID fieldID, + jlong val) { + functions->SetLongField(this,obj,fieldID,val); + } + void SetFloatField(jobject obj, jfieldID fieldID, + jfloat val) { + functions->SetFloatField(this,obj,fieldID,val); + } + void SetDoubleField(jobject obj, jfieldID fieldID, + jdouble val) { + functions->SetDoubleField(this,obj,fieldID,val); + } + + jmethodID GetStaticMethodID(jclass clazz, const char *name, + const char *sig) { + return functions->GetStaticMethodID(this,clazz,name,sig); + } + + jobject CallStaticObjectMethod(jclass clazz, jmethodID methodID, + ...) { + va_list args; + jobject result; + va_start(args,methodID); + result = functions->CallStaticObjectMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jobject CallStaticObjectMethodV(jclass clazz, jmethodID methodID, + va_list args) { + return functions->CallStaticObjectMethodV(this,clazz,methodID,args); + } + jobject CallStaticObjectMethodA(jclass clazz, jmethodID methodID, + const jvalue *args) { + return functions->CallStaticObjectMethodA(this,clazz,methodID,args); + } + + jboolean CallStaticBooleanMethod(jclass clazz, + jmethodID methodID, ...) { + va_list args; + jboolean result; + va_start(args,methodID); + result = functions->CallStaticBooleanMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jboolean CallStaticBooleanMethodV(jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallStaticBooleanMethodV(this,clazz,methodID,args); + } + jboolean CallStaticBooleanMethodA(jclass clazz, + jmethodID methodID, const jvalue *args) { + return functions->CallStaticBooleanMethodA(this,clazz,methodID,args); + } + + jbyte CallStaticByteMethod(jclass clazz, + jmethodID methodID, ...) { + va_list args; + jbyte result; + va_start(args,methodID); + result = functions->CallStaticByteMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jbyte CallStaticByteMethodV(jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallStaticByteMethodV(this,clazz,methodID,args); + } + jbyte CallStaticByteMethodA(jclass clazz, + jmethodID methodID, const jvalue *args) { + return functions->CallStaticByteMethodA(this,clazz,methodID,args); + } + + jchar CallStaticCharMethod(jclass clazz, + jmethodID methodID, ...) { + va_list args; + jchar result; + va_start(args,methodID); + result = functions->CallStaticCharMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jchar CallStaticCharMethodV(jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallStaticCharMethodV(this,clazz,methodID,args); + } + jchar CallStaticCharMethodA(jclass clazz, + jmethodID methodID, const jvalue *args) { + return functions->CallStaticCharMethodA(this,clazz,methodID,args); + } + + jshort CallStaticShortMethod(jclass clazz, + jmethodID methodID, ...) { + va_list args; + jshort result; + va_start(args,methodID); + result = functions->CallStaticShortMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jshort CallStaticShortMethodV(jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallStaticShortMethodV(this,clazz,methodID,args); + } + jshort CallStaticShortMethodA(jclass clazz, + jmethodID methodID, const jvalue *args) { + return functions->CallStaticShortMethodA(this,clazz,methodID,args); + } + + jint CallStaticIntMethod(jclass clazz, + jmethodID methodID, ...) { + va_list args; + jint result; + va_start(args,methodID); + result = functions->CallStaticIntMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jint CallStaticIntMethodV(jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallStaticIntMethodV(this,clazz,methodID,args); + } + jint CallStaticIntMethodA(jclass clazz, + jmethodID methodID, const jvalue *args) { + return functions->CallStaticIntMethodA(this,clazz,methodID,args); + } + + jlong CallStaticLongMethod(jclass clazz, + jmethodID methodID, ...) { + va_list args; + jlong result; + va_start(args,methodID); + result = functions->CallStaticLongMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jlong CallStaticLongMethodV(jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallStaticLongMethodV(this,clazz,methodID,args); + } + jlong CallStaticLongMethodA(jclass clazz, + jmethodID methodID, const jvalue *args) { + return functions->CallStaticLongMethodA(this,clazz,methodID,args); + } + + jfloat CallStaticFloatMethod(jclass clazz, + jmethodID methodID, ...) { + va_list args; + jfloat result; + va_start(args,methodID); + result = functions->CallStaticFloatMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jfloat CallStaticFloatMethodV(jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallStaticFloatMethodV(this,clazz,methodID,args); + } + jfloat CallStaticFloatMethodA(jclass clazz, + jmethodID methodID, const jvalue *args) { + return functions->CallStaticFloatMethodA(this,clazz,methodID,args); + } + + jdouble CallStaticDoubleMethod(jclass clazz, + jmethodID methodID, ...) { + va_list args; + jdouble result; + va_start(args,methodID); + result = functions->CallStaticDoubleMethodV(this,clazz,methodID,args); + va_end(args); + return result; + } + jdouble CallStaticDoubleMethodV(jclass clazz, + jmethodID methodID, va_list args) { + return functions->CallStaticDoubleMethodV(this,clazz,methodID,args); + } + jdouble CallStaticDoubleMethodA(jclass clazz, + jmethodID methodID, const jvalue *args) { + return functions->CallStaticDoubleMethodA(this,clazz,methodID,args); + } + + void CallStaticVoidMethod(jclass cls, jmethodID methodID, ...) { + va_list args; + va_start(args,methodID); + functions->CallStaticVoidMethodV(this,cls,methodID,args); + va_end(args); + } + void CallStaticVoidMethodV(jclass cls, jmethodID methodID, + va_list args) { + functions->CallStaticVoidMethodV(this,cls,methodID,args); + } + void CallStaticVoidMethodA(jclass cls, jmethodID methodID, + const jvalue * args) { + functions->CallStaticVoidMethodA(this,cls,methodID,args); + } + + jfieldID GetStaticFieldID(jclass clazz, const char *name, + const char *sig) { + return functions->GetStaticFieldID(this,clazz,name,sig); + } + jobject GetStaticObjectField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticObjectField(this,clazz,fieldID); + } + jboolean GetStaticBooleanField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticBooleanField(this,clazz,fieldID); + } + jbyte GetStaticByteField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticByteField(this,clazz,fieldID); + } + jchar GetStaticCharField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticCharField(this,clazz,fieldID); + } + jshort GetStaticShortField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticShortField(this,clazz,fieldID); + } + jint GetStaticIntField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticIntField(this,clazz,fieldID); + } + jlong GetStaticLongField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticLongField(this,clazz,fieldID); + } + jfloat GetStaticFloatField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticFloatField(this,clazz,fieldID); + } + jdouble GetStaticDoubleField(jclass clazz, jfieldID fieldID) { + return functions->GetStaticDoubleField(this,clazz,fieldID); + } + + void SetStaticObjectField(jclass clazz, jfieldID fieldID, + jobject value) { + functions->SetStaticObjectField(this,clazz,fieldID,value); + } + void SetStaticBooleanField(jclass clazz, jfieldID fieldID, + jboolean value) { + functions->SetStaticBooleanField(this,clazz,fieldID,value); + } + void SetStaticByteField(jclass clazz, jfieldID fieldID, + jbyte value) { + functions->SetStaticByteField(this,clazz,fieldID,value); + } + void SetStaticCharField(jclass clazz, jfieldID fieldID, + jchar value) { + functions->SetStaticCharField(this,clazz,fieldID,value); + } + void SetStaticShortField(jclass clazz, jfieldID fieldID, + jshort value) { + functions->SetStaticShortField(this,clazz,fieldID,value); + } + void SetStaticIntField(jclass clazz, jfieldID fieldID, + jint value) { + functions->SetStaticIntField(this,clazz,fieldID,value); + } + void SetStaticLongField(jclass clazz, jfieldID fieldID, + jlong value) { + functions->SetStaticLongField(this,clazz,fieldID,value); + } + void SetStaticFloatField(jclass clazz, jfieldID fieldID, + jfloat value) { + functions->SetStaticFloatField(this,clazz,fieldID,value); + } + void SetStaticDoubleField(jclass clazz, jfieldID fieldID, + jdouble value) { + functions->SetStaticDoubleField(this,clazz,fieldID,value); + } + + jstring NewString(const jchar *unicode, jsize len) { + return functions->NewString(this,unicode,len); + } + jsize GetStringLength(jstring str) { + return functions->GetStringLength(this,str); + } + const jchar *GetStringChars(jstring str, jboolean *isCopy) { + return functions->GetStringChars(this,str,isCopy); + } + void ReleaseStringChars(jstring str, const jchar *chars) { + functions->ReleaseStringChars(this,str,chars); + } + + jstring NewStringUTF(const char *utf) { + return functions->NewStringUTF(this,utf); + } + jsize GetStringUTFLength(jstring str) { + return functions->GetStringUTFLength(this,str); + } + const char* GetStringUTFChars(jstring str, jboolean *isCopy) { + return functions->GetStringUTFChars(this,str,isCopy); + } + void ReleaseStringUTFChars(jstring str, const char* chars) { + functions->ReleaseStringUTFChars(this,str,chars); + } + + jsize GetArrayLength(jarray array) { + return functions->GetArrayLength(this,array); + } + + jobjectArray NewObjectArray(jsize len, jclass clazz, + jobject init) { + return functions->NewObjectArray(this,len,clazz,init); + } + jobject GetObjectArrayElement(jobjectArray array, jsize index) { + return functions->GetObjectArrayElement(this,array,index); + } + void SetObjectArrayElement(jobjectArray array, jsize index, + jobject val) { + functions->SetObjectArrayElement(this,array,index,val); + } + + jbooleanArray NewBooleanArray(jsize len) { + return functions->NewBooleanArray(this,len); + } + jbyteArray NewByteArray(jsize len) { + return functions->NewByteArray(this,len); + } + jcharArray NewCharArray(jsize len) { + return functions->NewCharArray(this,len); + } + jshortArray NewShortArray(jsize len) { + return functions->NewShortArray(this,len); + } + jintArray NewIntArray(jsize len) { + return functions->NewIntArray(this,len); + } + jlongArray NewLongArray(jsize len) { + return functions->NewLongArray(this,len); + } + jfloatArray NewFloatArray(jsize len) { + return functions->NewFloatArray(this,len); + } + jdoubleArray NewDoubleArray(jsize len) { + return functions->NewDoubleArray(this,len); + } + + jboolean * GetBooleanArrayElements(jbooleanArray array, jboolean *isCopy) { + return functions->GetBooleanArrayElements(this,array,isCopy); + } + jbyte * GetByteArrayElements(jbyteArray array, jboolean *isCopy) { + return functions->GetByteArrayElements(this,array,isCopy); + } + jchar * GetCharArrayElements(jcharArray array, jboolean *isCopy) { + return functions->GetCharArrayElements(this,array,isCopy); + } + jshort * GetShortArrayElements(jshortArray array, jboolean *isCopy) { + return functions->GetShortArrayElements(this,array,isCopy); + } + jint * GetIntArrayElements(jintArray array, jboolean *isCopy) { + return functions->GetIntArrayElements(this,array,isCopy); + } + jlong * GetLongArrayElements(jlongArray array, jboolean *isCopy) { + return functions->GetLongArrayElements(this,array,isCopy); + } + jfloat * GetFloatArrayElements(jfloatArray array, jboolean *isCopy) { + return functions->GetFloatArrayElements(this,array,isCopy); + } + jdouble * GetDoubleArrayElements(jdoubleArray array, jboolean *isCopy) { + return functions->GetDoubleArrayElements(this,array,isCopy); + } + + void ReleaseBooleanArrayElements(jbooleanArray array, + jboolean *elems, + jint mode) { + functions->ReleaseBooleanArrayElements(this,array,elems,mode); + } + void ReleaseByteArrayElements(jbyteArray array, + jbyte *elems, + jint mode) { + functions->ReleaseByteArrayElements(this,array,elems,mode); + } + void ReleaseCharArrayElements(jcharArray array, + jchar *elems, + jint mode) { + functions->ReleaseCharArrayElements(this,array,elems,mode); + } + void ReleaseShortArrayElements(jshortArray array, + jshort *elems, + jint mode) { + functions->ReleaseShortArrayElements(this,array,elems,mode); + } + void ReleaseIntArrayElements(jintArray array, + jint *elems, + jint mode) { + functions->ReleaseIntArrayElements(this,array,elems,mode); + } + void ReleaseLongArrayElements(jlongArray array, + jlong *elems, + jint mode) { + functions->ReleaseLongArrayElements(this,array,elems,mode); + } + void ReleaseFloatArrayElements(jfloatArray array, + jfloat *elems, + jint mode) { + functions->ReleaseFloatArrayElements(this,array,elems,mode); + } + void ReleaseDoubleArrayElements(jdoubleArray array, + jdouble *elems, + jint mode) { + functions->ReleaseDoubleArrayElements(this,array,elems,mode); + } + + void GetBooleanArrayRegion(jbooleanArray array, + jsize start, jsize len, jboolean *buf) { + functions->GetBooleanArrayRegion(this,array,start,len,buf); + } + void GetByteArrayRegion(jbyteArray array, + jsize start, jsize len, jbyte *buf) { + functions->GetByteArrayRegion(this,array,start,len,buf); + } + void GetCharArrayRegion(jcharArray array, + jsize start, jsize len, jchar *buf) { + functions->GetCharArrayRegion(this,array,start,len,buf); + } + void GetShortArrayRegion(jshortArray array, + jsize start, jsize len, jshort *buf) { + functions->GetShortArrayRegion(this,array,start,len,buf); + } + void GetIntArrayRegion(jintArray array, + jsize start, jsize len, jint *buf) { + functions->GetIntArrayRegion(this,array,start,len,buf); + } + void GetLongArrayRegion(jlongArray array, + jsize start, jsize len, jlong *buf) { + functions->GetLongArrayRegion(this,array,start,len,buf); + } + void GetFloatArrayRegion(jfloatArray array, + jsize start, jsize len, jfloat *buf) { + functions->GetFloatArrayRegion(this,array,start,len,buf); + } + void GetDoubleArrayRegion(jdoubleArray array, + jsize start, jsize len, jdouble *buf) { + functions->GetDoubleArrayRegion(this,array,start,len,buf); + } + + void SetBooleanArrayRegion(jbooleanArray array, jsize start, jsize len, + const jboolean *buf) { + functions->SetBooleanArrayRegion(this,array,start,len,buf); + } + void SetByteArrayRegion(jbyteArray array, jsize start, jsize len, + const jbyte *buf) { + functions->SetByteArrayRegion(this,array,start,len,buf); + } + void SetCharArrayRegion(jcharArray array, jsize start, jsize len, + const jchar *buf) { + functions->SetCharArrayRegion(this,array,start,len,buf); + } + void SetShortArrayRegion(jshortArray array, jsize start, jsize len, + const jshort *buf) { + functions->SetShortArrayRegion(this,array,start,len,buf); + } + void SetIntArrayRegion(jintArray array, jsize start, jsize len, + const jint *buf) { + functions->SetIntArrayRegion(this,array,start,len,buf); + } + void SetLongArrayRegion(jlongArray array, jsize start, jsize len, + const jlong *buf) { + functions->SetLongArrayRegion(this,array,start,len,buf); + } + void SetFloatArrayRegion(jfloatArray array, jsize start, jsize len, + const jfloat *buf) { + functions->SetFloatArrayRegion(this,array,start,len,buf); + } + void SetDoubleArrayRegion(jdoubleArray array, jsize start, jsize len, + const jdouble *buf) { + functions->SetDoubleArrayRegion(this,array,start,len,buf); + } + + jint RegisterNatives(jclass clazz, const JNINativeMethod *methods, + jint nMethods) { + return functions->RegisterNatives(this,clazz,methods,nMethods); + } + jint UnregisterNatives(jclass clazz) { + return functions->UnregisterNatives(this,clazz); + } + + jint MonitorEnter(jobject obj) { + return functions->MonitorEnter(this,obj); + } + jint MonitorExit(jobject obj) { + return functions->MonitorExit(this,obj); + } + + jint GetJavaVM(JavaVM **vm) { + return functions->GetJavaVM(this,vm); + } + + void GetStringRegion(jstring str, jsize start, jsize len, jchar *buf) { + functions->GetStringRegion(this,str,start,len,buf); + } + void GetStringUTFRegion(jstring str, jsize start, jsize len, char *buf) { + functions->GetStringUTFRegion(this,str,start,len,buf); + } + + void * GetPrimitiveArrayCritical(jarray array, jboolean *isCopy) { + return functions->GetPrimitiveArrayCritical(this,array,isCopy); + } + void ReleasePrimitiveArrayCritical(jarray array, void *carray, jint mode) { + functions->ReleasePrimitiveArrayCritical(this,array,carray,mode); + } + + const jchar * GetStringCritical(jstring string, jboolean *isCopy) { + return functions->GetStringCritical(this,string,isCopy); + } + void ReleaseStringCritical(jstring string, const jchar *cstring) { + functions->ReleaseStringCritical(this,string,cstring); + } + + jweak NewWeakGlobalRef(jobject obj) { + return functions->NewWeakGlobalRef(this,obj); + } + void DeleteWeakGlobalRef(jweak ref) { + functions->DeleteWeakGlobalRef(this,ref); + } + + jboolean ExceptionCheck() { + return functions->ExceptionCheck(this); + } + + jobject NewDirectByteBuffer(void* address, jlong capacity) { + return functions->NewDirectByteBuffer(this, address, capacity); + } + void* GetDirectBufferAddress(jobject buf) { + return functions->GetDirectBufferAddress(this, buf); + } + jlong GetDirectBufferCapacity(jobject buf) { + return functions->GetDirectBufferCapacity(this, buf); + } + jobjectRefType GetObjectRefType(jobject obj) { + return functions->GetObjectRefType(this, obj); + } + +#endif /* __cplusplus */ +}; + +typedef struct JavaVMOption { + char *optionString; + void *extraInfo; +} JavaVMOption; + +typedef struct JavaVMInitArgs { + jint version; + + jint nOptions; + JavaVMOption *options; + jboolean ignoreUnrecognized; +} JavaVMInitArgs; + +typedef struct JavaVMAttachArgs { + jint version; + + char *name; + jobject group; +} JavaVMAttachArgs; + +/* These will be VM-specific. */ + +#define JDK1_2 +#define JDK1_4 + +/* End VM-specific. */ + +struct JNIInvokeInterface_ { + void *reserved0; + void *reserved1; + void *reserved2; + +#if !TARGET_RT_MAC_CFM && defined(__ppc__) + void* cfm_vectors[4]; +#endif /* !TARGET_RT_MAC_CFM && defined(__ppc__) */ + + jint (JNICALL *DestroyJavaVM)(JavaVM *vm); + + jint (JNICALL *AttachCurrentThread)(JavaVM *vm, void **penv, void *args); + + jint (JNICALL *DetachCurrentThread)(JavaVM *vm); + + jint (JNICALL *GetEnv)(JavaVM *vm, void **penv, jint version); + + jint (JNICALL *AttachCurrentThreadAsDaemon)(JavaVM *vm, void **penv, void *args); + +#if TARGET_RT_MAC_CFM && defined(__ppc__) + void* real_functions[5]; +#endif /* TARGET_RT_MAC_CFM && defined(__ppc__) */ +}; + +struct JavaVM_ { + const struct JNIInvokeInterface_ *functions; +#ifdef __cplusplus + + jint DestroyJavaVM() { + return functions->DestroyJavaVM(this); + } + jint AttachCurrentThread(void **penv, void *args) { + return functions->AttachCurrentThread(this, penv, args); + } + jint DetachCurrentThread() { + return functions->DetachCurrentThread(this); + } + + jint GetEnv(void **penv, jint version) { + return functions->GetEnv(this, penv, version); + } + jint AttachCurrentThreadAsDaemon(void **penv, void *args) { + return functions->AttachCurrentThreadAsDaemon(this, penv, args); + } +#endif +}; + +#ifdef _JNI_IMPLEMENTATION_ +#define _JNI_IMPORT_OR_EXPORT_ JNIEXPORT +#else +#define _JNI_IMPORT_OR_EXPORT_ JNIIMPORT +#endif +_JNI_IMPORT_OR_EXPORT_ jint JNICALL +JNI_GetDefaultJavaVMInitArgs(void *args); + +_JNI_IMPORT_OR_EXPORT_ jint JNICALL +JNI_CreateJavaVM(JavaVM **pvm, void **penv, void *args); + +_JNI_IMPORT_OR_EXPORT_ jint JNICALL +JNI_GetCreatedJavaVMs(JavaVM **, jsize, jsize *); + +/* Defined by native libraries. */ +JNIEXPORT jint JNICALL +JNI_OnLoad(JavaVM *vm, void *reserved); + +JNIEXPORT void JNICALL +JNI_OnUnload(JavaVM *vm, void *reserved); + +#define JNI_VERSION_1_1 0x00010001 +#define JNI_VERSION_1_2 0x00010002 +#define JNI_VERSION_1_4 0x00010004 +#define JNI_VERSION_1_6 0x00010006 + +#ifdef __cplusplus +} /* extern "C" */ +#endif /* __cplusplus */ + +#endif /* !_JAVASOFT_JNI_H_ */ + + + diff --git a/jni/jni/jni_md.h b/jni/jni/jni_md.h new file mode 100644 index 00000000..a3289eed --- /dev/null +++ b/jni/jni/jni_md.h @@ -0,0 +1,23 @@ +/* + * @(#)jni_md.h 1.19 05/11/17 + * + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. + */ + +#ifndef _JAVASOFT_JNI_MD_H_ +#define _JAVASOFT_JNI_MD_H_ + +#define JNIEXPORT __attribute__((visibility("default"))) +#define JNIIMPORT +#define JNICALL + +#if __LP64__ +typedef int jint; +#else +typedef long jint; +#endif +typedef long long jlong; +typedef signed char jbyte; + +#endif /* !_JAVASOFT_JNI_MD_H_ */ diff --git a/ms/version32.rc b/ms/version32.rc new file mode 100644 index 00000000..09f31720 --- /dev/null +++ b/ms/version32.rc @@ -0,0 +1,47 @@ +#include + +LANGUAGE 0x09,0x01 + +1 VERSIONINFO + FILEVERSION 1,2,1,0 + PRODUCTVERSION 1,2,1,0 + FILEFLAGSMASK 0x3fL +#ifdef _DEBUG + FILEFLAGS 0x01L +#else + FILEFLAGS 0x00L +#endif + FILEOS VOS__WINDOWS32 + FILETYPE VFT_DLL + FILESUBTYPE 0x0L +BEGIN + BLOCK "StringFileInfo" + BEGIN + BLOCK "040904b0" + BEGIN + // Required: + VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\0" + VALUE "FileDescription", "OpenSSL Shared Library\0" + VALUE "FileVersion", "1.0.2d-fips\0" +#if defined(CRYPTO) + VALUE "InternalName", "libeay32\0" + VALUE "OriginalFilename", "libeay32.dll\0" +#elif defined(SSL) + VALUE "InternalName", "ssleay32\0" + VALUE "OriginalFilename", "ssleay32.dll\0" +#endif + VALUE "ProductName", "The OpenSSL Toolkit\0" + VALUE "ProductVersion", "1.0.2d-fips\0" + // Optional: + //VALUE "Comments", "\0" + VALUE "LegalCopyright", "Copyright 1998-2005 The OpenSSL Project. Copyright 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\0" + //VALUE "LegalTrademarks", "\0" + //VALUE "PrivateBuild", "\0" + //VALUE "SpecialBuild", "\0" + END + END + BLOCK "VarFileInfo" + BEGIN + VALUE "Translation", 0x409, 0x4b0 + END +END diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7ab62faf..ae2d9cb3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2891,7 +2891,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { 256}, #endif -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL /* (GmSSL specific) */ { 1, diff --git a/ssl/ssl.h b/ssl/ssl.h index c783f763..00786d5b 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1699,7 +1699,7 @@ struct ssl_st { # include /* Datagram TLS */ # include # include /* Support for the use_srtp extension */ -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # include # endif @@ -2392,7 +2392,7 @@ const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL const SSL_METHOD *GMSSLv1_method(void); const SSL_METHOD *GMSSLv1_server_method(void); const SSL_METHOD *GMSSLv1_client_method(void); diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 45fc7dec..7e55b075 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -137,7 +137,7 @@ int SSL_library_init(void) #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL EVP_add_cipher(EVP_sms4_cbc()); EVP_add_digest(EVP_sm3()); #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 5805ab5a..6194a226 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -164,7 +164,7 @@ #define SSL_ENC_SEED_IDX 11 #define SSL_ENC_AES128GCM_IDX 12 #define SSL_ENC_AES256GCM_IDX 13 -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL #define SSL_ENC_SM4_IDX 14 #define SSL_ENC_NUM_IDX 15 #else @@ -174,7 +174,7 @@ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL NULL #endif }; @@ -191,7 +191,7 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #define SSL_MD_GOST89MAC_IDX 3 #define SSL_MD_SHA256_IDX 4 #define SSL_MD_SHA384_IDX 5 -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL #define SSL_MD_SM3_IDX 6 #endif @@ -202,7 +202,7 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #define SSL_MD_NUM_IDX SSL_MAX_DIGEST static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { NULL, NULL, NULL, NULL, NULL, NULL, -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL NULL #endif }; @@ -215,14 +215,14 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = { EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef, EVP_PKEY_HMAC, EVP_PKEY_HMAC, -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL EVP_PKEY_HMAC #endif }; static int ssl_mac_secret_size[SSL_MD_NUM_IDX] = { 0, 0, 0, 0, 0, 0, -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL 0 #endif }; @@ -231,7 +231,7 @@ static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX] = { SSL_HANDSHAKE_MAC_MD5, SSL_HANDSHAKE_MAC_SHA, SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256, SSL_HANDSHAKE_MAC_SHA384, -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL SSL_HANDSHAKE_MAC_SM3, #endif }; @@ -482,7 +482,7 @@ void ssl_load_ciphers(void) ssl_mac_secret_size[SSL_MD_SHA384_IDX] = EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]); -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL ssl_cipher_methods[SSL_ENC_SM4_IDX] = EVP_get_cipherbyname(SN_sms4_cbc); ssl_digest_methods[SSL_MD_SM3_IDX] = EVP_get_digestbyname(SN_sm3); ssl_mac_secret_size[SSL_MD_SM3_IDX] = EVP_MD_size(ssl_digest_methods[SSL_MD_SM3_IDX]); @@ -609,7 +609,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, case SSL_AES256GCM: i = SSL_ENC_AES256GCM_IDX; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case SSL_SM4: i = SSL_ENC_SM4_IDX; break; @@ -647,7 +647,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, case SSL_GOST89MAC: i = SSL_MD_GOST89MAC_IDX; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case SSL_SM3: i = SSL_MD_SM3_IDX; break; @@ -706,7 +706,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, c->algorithm_mac == SSL_SHA256 && (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256"))) *enc = evp, *md = NULL; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL else if (c->algorithm_enc == SSL_SM4 && c->algorithm_mac == SSL_SM3 && (evp = EVP_get_cipherbyname("SM4-CBC-HMAC-SM3"))) @@ -859,7 +859,7 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] == NID_undef) ? SSL_GOST89MAC : 0; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL /* what we should do? */ #endif } @@ -1745,7 +1745,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) ver = "SSLv3"; else if (alg_ssl & SSL_TLSV1_2) ver = "TLSv1.2"; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL else if (alg_ssl & SSL_GMV1) ver = "GMSSLv1.1"; #endif @@ -1786,7 +1786,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kGOST: kx = "GOST"; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case SSL_kECDHE2: kx = "ECDHE2"; break; @@ -1841,7 +1841,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aGOST01: au = "GOST01"; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case SSL_aSM2: au = "SM2"; break; @@ -1895,7 +1895,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_eGOST2814789CNT: enc = "GOST89(256)"; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case SSL_SM4: enc = "SM4(128)"; break; @@ -1927,7 +1927,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_GOST94: mac = "GOST94"; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case SSL_SM3: mac = "SM3"; break; @@ -1966,7 +1966,7 @@ char *SSL_CIPHER_get_version(const SSL_CIPHER *c) return ("TLSv1/SSLv3"); else if (i == 2) return ("SSLv2"); -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL else if (i == 1) return ("GMSSLv1"); #endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6db022c1..da05eb0d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2850,7 +2850,7 @@ const char *SSL_get_version(const SSL *s) return ("DTLSv1"); else if (s->version == DTLS1_2_VERSION) return ("DTLSv1.2"); -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL else if (s->version == GM1_VERSION) return ("GMSSLv1.1"); #endif diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 01a6a876..cbb39fa0 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -314,7 +314,7 @@ # define SSL_kGOST 0x00000200L /* SRP */ # define SSL_kSRP 0x00000400L -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL /* GM/T 0024 ECDHE */ # define SSL_kECDHE2 0x00000800L /* GM/T 0024 ECC */ @@ -350,7 +350,7 @@ # define SSL_aGOST01 0x00000200L /* SRP auth */ # define SSL_aSRP 0x00000400L -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL /* GM/T 0024 ECDHE, ECC, IBSDH, IBC */ # define SSL_aSM2 0x00000800L # endif @@ -371,7 +371,7 @@ # define SSL_SEED 0x00000800L # define SSL_AES128GCM 0x00001000L # define SSL_AES256GCM 0x00002000L -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define SSL_SM4 0x00004000L # define SSL_SM1 0x00008000L # endif @@ -389,7 +389,7 @@ # define SSL_SHA384 0x00000020L /* Not a real MAC, just an indication it is part of cipher */ # define SSL_AEAD 0x00000040L -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define SSL_SM3 0x00000080L # endif @@ -398,7 +398,7 @@ # define SSL_SSLV3 0x00000002UL # define SSL_TLSV1 SSL_SSLV3/* for now */ # define SSL_TLSV1_2 0x00000004UL -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define SSL_GMV1 0x00000008UL # endif @@ -409,7 +409,7 @@ # define SSL_HANDSHAKE_MAC_GOST94 0x40 # define SSL_HANDSHAKE_MAC_SHA256 0x80 # define SSL_HANDSHAKE_MAC_SHA384 0x100 -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define SSL_HANDSHAKE_MAC_SM3 0x200 # endif # define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) @@ -418,7 +418,7 @@ * When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX make * sure to update this constant too */ -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL #define SSL_MAX_DIGEST 7 #else #define SSL_MAX_DIGEST 6 @@ -534,7 +534,7 @@ # define SSL_PKEY_ECC 5 # define SSL_PKEY_GOST94 6 # define SSL_PKEY_GOST01 7 -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define SSL_PKEY_SM9 8 # define SSL_PKEY_NUM 9 # else @@ -886,11 +886,11 @@ extern SSL3_ENC_METHOD TLSv1_2_enc_data; extern SSL3_ENC_METHOD SSLv3_enc_data; extern SSL3_ENC_METHOD DTLSv1_enc_data; extern SSL3_ENC_METHOD DTLSv1_2_enc_data; -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL extern SSL3_ENC_METHOD GMSSLv1_enc_data; # endif -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL # define IMPLEMENT_gm1_meth_func(func_name, s_accept, s_connect, \ s_get_meth) \ const SSL_METHOD *func_name(void) \ @@ -1385,7 +1385,7 @@ void tls1_clear(SSL *s); long tls1_ctrl(SSL *s, int cmd, long larg, void *parg); long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void)); -# ifndef OPENSSL_NO_GMSSL +# ifndef NO_GMSSL int gm1_num_ciphers(void); const SSL_CIPHER *gm1_get_cipher(unsigned int u); # endif diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 8d908202..6a25ca6d 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -447,7 +447,7 @@ int ssl_get_new_session(SSL *s, int session) } else if (s->version == DTLS1_2_VERSION) { ss->ssl_version = DTLS1_2_VERSION; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL } else if (s->version == GM1_VERSION) { ss->ssl_version = GM1_VERSION; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index 3507cb5c..58b2a928 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -823,7 +823,7 @@ const char *SSL_state_string(const SSL *s) str = "DWCHVB"; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL /* GMSSL */ #endif @@ -951,7 +951,7 @@ const char *SSL_alert_desc_string(int value) case TLS1_AD_UNKNOWN_PSK_IDENTITY: str = "UP"; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case GM1_AD_UNSUPPORTED_SITE2SITE: str = "U2"; break; @@ -1073,7 +1073,7 @@ const char *SSL_alert_desc_string_long(int value) case TLS1_AD_UNKNOWN_PSK_IDENTITY: str = "unknown PSK identity"; break; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL case GM1_AD_UNSUPPORTED_SITE2SITE: str = "unsupported site2site"; break; diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 7045e5f4..3bf150b5 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -128,7 +128,7 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) s = "DTLSv1.2"; else if (x->ssl_version == DTLS1_BAD_VER) s = "DTLSv1-bad"; -#ifndef OPENSSL_NO_GMSSL +#ifndef NO_GMSSL else if (x->ssl_version == GM1_VERSION) s = "GMSSLv1.1"; #endif diff --git a/test/p.zuc.cipher b/test/p.zuc.cipher index 492361f2..236fa1f7 100644 Binary files a/test/p.zuc.cipher and b/test/p.zuc.cipher differ diff --git a/test/p.zuc.clear b/test/p.zuc.clear index fffb0991..c9b3771b 100644 Binary files a/test/p.zuc.clear and b/test/p.zuc.clear differ diff --git a/util/libeay.num b/util/libeay.num index 7f7487df..a4412b2a 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4414,3 +4414,17 @@ X509_VERIFY_PARAM_add1_host 4771 EXIST::FUNCTION: EC_GROUP_get_mont_data 4772 EXIST::FUNCTION:EC i2d_re_X509_tbs 4773 EXIST::FUNCTION: EVP_PKEY_asn1_set_item 4774 EXIST::FUNCTION: +EVP_sms4_ofb 4775 EXIST::FUNCTION: +EVP_sms4_cfb8 4776 EXIST::FUNCTION: +EVP_sms4_ecb 4777 EXIST::FUNCTION: +EVP_zuc 4778 EXIST::FUNCTION: +EVP_sms4_gcm 4779 EXIST::FUNCTION: +EVP_sms4_wrap 4780 EXIST::FUNCTION: +EVP_sms4_cfb128 4781 EXIST::FUNCTION: +EVP_sms4_ctr 4782 EXIST::FUNCTION: +EVP_sm3 4783 EXIST::FUNCTION: +ENGINE_load_skf 4784 EXIST::FUNCTION:ENGINE,STATIC_ENGINE +EVP_sms4_ccm 4785 EXIST::FUNCTION: +EVP_sms4_xts 4786 EXIST::FUNCTION: +EVP_sms4_cfb1 4787 EXIST::FUNCTION: +EVP_sms4_cbc 4788 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index 5a899135..7cb26543 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -368,3 +368,6 @@ SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO,TLSEXT SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION:COMP SSL_COMP_free_compress_methods 407 EXIST:VMS:FUNCTION:COMP SSL_extension_supported 409 EXIST::FUNCTION:TLSEXT +GMSSLv1_server_method 410 EXIST::FUNCTION: +GMSSLv1_method 411 EXIST::FUNCTION: +GMSSLv1_client_method 412 EXIST::FUNCTION: