diff --git a/CMakeLists.txt b/CMakeLists.txt index 5c43d5a9..b022eadd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -552,7 +552,7 @@ if (ENABLE_SDF) src/sdf/sdf_meth.c src/sdf/sdf_ext.c src/sdf/sdf_sansec.c) - list(APPEND tools tools/sdfinfo.c tools/sdfexport.c tools/sdfsign.c tools/sdftest.c) + list(APPEND tools tools/sdfinfo.c tools/sdfdigest.c tools/sdfexport.c tools/sdfsign.c tools/sdftest.c) endif() diff --git a/include/gmssl/sdf.h b/include/gmssl/sdf.h index e93f9807..5cc0097a 100644 --- a/include/gmssl/sdf.h +++ b/include/gmssl/sdf.h @@ -28,6 +28,10 @@ typedef struct { char serial[17]; } SDF_DEVICE; +typedef struct { + void *session; +} SDF_DIGEST_CTX; + typedef struct { SM2_Z256_POINT public_key; void *session; @@ -43,6 +47,11 @@ typedef struct { int sdf_load_library(const char *so_path, const char *vendor); int sdf_open_device(SDF_DEVICE *dev); int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev); +int sdf_digest_init(SDF_DIGEST_CTX *ctx, SDF_DEVICE *dev); +int sdf_digest_update(SDF_DIGEST_CTX *ctx, const uint8_t *data, size_t datalen); +int sdf_digest_finish(SDF_DIGEST_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]); +int sdf_digest_reset(SDF_DIGEST_CTX *ctx); +void sdf_digest_cleanup(SDF_DIGEST_CTX *ctx); int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_key); int sdf_load_sign_key(SDF_DEVICE *dev, SDF_SIGN_KEY *key, int key_index, const char *pass); int sdf_sign(SDF_SIGN_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen); diff --git a/src/sdf/sdf.c b/src/sdf/sdf.c index 43f9858d..1c29f1e6 100755 --- a/src/sdf/sdf.c +++ b/src/sdf/sdf.c @@ -127,6 +127,105 @@ int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEV return 1; } +int sdf_digest_init(SDF_DIGEST_CTX *ctx, SDF_DEVICE *dev) +{ + void *hSession; + int ret; + + if (!dev || !ctx) { + error_print(); + return -1; + } + if (!dev->handle) { + error_print(); + return -1; + } + if ((ret = SDF_OpenSession(dev->handle, &hSession)) != SDR_OK) { + error_print(); + return -1; + } + if ((ret = SDF_HashInit(hSession, SGD_SM3, NULL, NULL, 0)) != SDR_OK) { + (void)SDF_CloseSession(hSession); + error_print(); + return -1; + } + ctx->session = hSession; + return 1; +} + +int sdf_digest_update(SDF_DIGEST_CTX *ctx, const uint8_t *data, size_t datalen) +{ + int ret; + + if (!ctx) { + error_print(); + return -1; + } + if (!ctx->session) { + error_print(); + return -1; + } + if ((ret = SDF_HashUpdate(ctx->session, (uint8_t *)data, (unsigned int)datalen)) != SDR_OK) { + error_print(); + return -1; + } + return 1; +} + +int sdf_digest_finish(SDF_DIGEST_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]) +{ + unsigned int dgstlen; + int ret; + + if (!ctx || !dgst) { + error_print(); + return -1; + } + if (!ctx->session) { + error_print(); + return -1; + } + if ((ret = SDF_HashFinal(ctx->session, dgst, &dgstlen)) != SDR_OK) { + error_print(); + return -1; + } + if (dgstlen != 32) { + error_print(); + return -1; + } + return 1; +} + +int sdf_digest_reset(SDF_DIGEST_CTX *ctx) +{ + int ret; + + if (!ctx) { + error_print(); + return -1; + } + if (!ctx->session) { + error_print(); + return -1; + } + if ((ret = SDF_HashInit(ctx->session, SGD_SM3, NULL, NULL, 0)) != SDR_OK) { + error_print(); + return -1; + } + return 1; +} + +void sdf_digest_cleanup(SDF_DIGEST_CTX *ctx) +{ + if (ctx && ctx->session) { + int ret; + if ((ret = SDF_CloseSession(ctx->session)) != SDR_OK) { + error_print(); + } + ctx->session = NULL; + } +} + int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *sm2_key) { void *hSession; diff --git a/tools/gmssl.c b/tools/gmssl.c index 2e4e47e2..603d2dc6 100644 --- a/tools/gmssl.c +++ b/tools/gmssl.c @@ -67,6 +67,7 @@ extern int tls13_client_main(int argc, char **argv); extern int tls13_server_main(int argc, char **argv); #ifdef ENABLE_SDF extern int sdfinfo_main(int argc, char **argv); +extern int sdfdigest_main(int argc, char **argv); extern int sdfexport_main(int argc, char **argv); extern int sdfsign_main(int argc, char **argv); extern int sdftest_main(int argc, char **argv); @@ -129,6 +130,7 @@ static const char *options = " cmsverify Verify CMS SignedData\n" #ifdef ENABLE_SDF " sdfinfo Print SDF device info\n" + " sdfdigest Generate SM3 hash with SDF device\n" " sdfexport Export SM2 signing public key from SDF device\n" " sdfsign Generate SM2 signature with SDF internal private key\n" " sdftest Test vendor's SDF library and device\n" @@ -283,6 +285,8 @@ int main(int argc, char **argv) #ifdef ENABLE_SDF } else if (!strcmp(*argv, "sdfinfo")) { return sdfinfo_main(argc, argv); + } else if (!strcmp(*argv, "sdfdigest")) { + return sdfdigest_main(argc, argv); } else if (!strcmp(*argv, "sdfexport")) { return sdfexport_main(argc, argv); } else if (!strcmp(*argv, "sdfsign")) { diff --git a/tools/sdfdigest.c b/tools/sdfdigest.c new file mode 100644 index 00000000..792c7be0 --- /dev/null +++ b/tools/sdfdigest.c @@ -0,0 +1,264 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + + +static const char *usage = "-lib so_path [-hex|-bin] [-pubkey pem [-id str]] [-in file|-in_str str] [-out file]"; + +static const char *help = +"Options\n" +"\n" +" -lib so_path Vendor's SDF dynamic library\n" +" -hex Output hash value as hex string (by default)\n" +" -bin Output hash value as binary\n" +" -pubkey pem Signer's SM2 public key\n" +" When `-pubkey` is specified, hash with SM2 Z value\n" +" -id str SM2 Signer's ID string\n" +" -id_hex hex SM2 Signer's ID in hex format\n" +" `-id` and `-id_hex` should be used with `-pubkey`\n" +" `-id` and `-id_hex` should not be used together\n" +" If `-pubkey` is specified without `-id` or `id_hex`,\n" +" the default ID string '1234567812345678' is used\n" +" -in_str str To be hashed string\n" +" -in file | stdin To be hashed file path\n" +" `-in_str` and `-in` should not be used together\n" +" If neither `-in` nor `-in_str` specified, read from stdin\n" +" -out file | stdout Output file path. If not specified, output to stdout\n" +"\n" +"Examples\n" +"\n" +" gmssl sdfdigest -in_str abc\n" +"\n" +" gmssl sdfdigest -in_str abc -bin\n" +"\n" +" gmssl sdfdigest -in /path/to/file\n" +"\n" +" gmssl sdfdigest -pubkey sm2pubkey.pem -id alice -in /path/to/file -bin\n" +"\n" +" When reading from stdin, make sure the trailing newline character is removed\n" +"\n" +" Linux/Mac:\n" +" echo -n abc | gmssl sdfdigest\n" +"\n" +" Windows:\n" +" C:\\> echo |set/p=\"abc\" | gmssl sdfdigest\n" +"\n"; + + +int sdfdigest_main(int argc, char **argv) +{ + int ret = 1; + char *prog = argv[0]; + char *lib = NULL; + int outformat = 0; + char *pubkeyfile = NULL; + char *in_str = NULL; + char *infile = NULL; + char *outfile = NULL; + char *id = NULL; + char *id_hex = NULL; + FILE *pubkeyfp = NULL; + FILE *infp = stdin; + FILE *outfp = stdout; + uint8_t id_bin[64]; + size_t id_bin_len; + SDF_DEVICE dev; + SDF_DIGEST_CTX ctx; + uint8_t dgst[32]; + int i; + + memset(&ctx, 0, sizeof(ctx)); + + argc--; + argv++; + + while (argc > 0) { + if (!strcmp(*argv, "-help")) { + printf("usage: gmssl %s %s\n", prog, usage); + printf("%s\n", help); + ret = 0; + goto end; + } else if (!strcmp(*argv, "-lib")) { + if (--argc < 1) goto bad; + lib = *(++argv); + } else if (!strcmp(*argv, "-hex")) { + if (outformat > 0) { + fprintf(stderr, "gmssl %s: `-hex` and `-bin` should not be used together\n", prog); + goto end; + } + outformat = 1; + } else if (!strcmp(*argv, "-bin")) { + if (outformat > 0) { + fprintf(stderr, "gmssl %s: `-hex` and `-bin` should not be used together\n", prog); + goto end; + } + outformat = 2; + } else if (!strcmp(*argv, "-pubkey")) { + if (--argc < 1) goto bad; + pubkeyfile = *(++argv); + if (!(pubkeyfp = fopen(pubkeyfile, "rb"))) { + fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, pubkeyfile, strerror(errno)); + goto end; + } + } else if (!strcmp(*argv, "-id")) { + if (id_hex) { + fprintf(stderr, "gmssl %s: `-id` and `-id_hex` should not be used together\n", prog); + goto end; + } + if (--argc < 1) goto bad; + id = *(++argv); + } else if (!strcmp(*argv, "-id_hex")) { + if (id) { + fprintf(stderr, "gmssl %s: `-id` and `-id_hex` should not be used together\n", prog); + goto end; + } + if (--argc < 1) goto bad; + id_hex = *(++argv); + if (strlen(id_hex) > sizeof(id_bin) * 2) { + fprintf(stderr, "gmssl %s: `-id_hex` should be less then %zu bytes\n", prog, sizeof(id_bin)); + goto end; + } + if (hex_to_bytes(id_hex, strlen(id_hex), id_bin, &id_bin_len) != 1) { + fprintf(stderr, "gmssl %s: invalid `-id_hex` value\n", prog); + goto end; + } + } else if (!strcmp(*argv, "-in_str")) { + if (infile) { + fprintf(stderr, "gmssl %s: `-in` and `-in_str` should not be used together\n", prog); + goto end; + } + if (--argc < 1) goto bad; + in_str = *(++argv); + } else if (!strcmp(*argv, "-in")) { + if (in_str) { + fprintf(stderr, "gmssl %s: `-in` and `-in_str` should not be used together\n", prog); + goto end; + } + if (--argc < 1) goto bad; + infile = *(++argv); + if (!(infp = fopen(infile, "rb"))) { + fprintf(stderr, "gmssl%s: open '%s' failure : %s\n", prog, infile, strerror(errno)); + goto end; + } + } else if (!strcmp(*argv, "-out")) { + if (--argc < 1) goto bad; + outfile = *(++argv); + if (!(outfp = fopen(outfile, "wb"))) { + fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); + goto end; + } + } else { + fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv); + goto end; +bad: + fprintf(stderr, "gmssl %s: '%s' option value missing\n", prog, *argv); + goto end; + } + + argc--; + argv++; + } + + if (!lib) { + fprintf(stderr, "gmssl %s: '-lib' option required\n", prog); + goto end; + } + if ((id || id_hex) && !pubkeyfile) { + fprintf(stderr, "gmssl %s: option `-id` or `-id_hex` must be with '-pubkey'\n", prog); + goto end; + } + + if (sdf_load_library(lib, NULL) != 1) { + fprintf(stderr, "gmssl %s: load library failure\n", prog); + goto end; + } + if (sdf_open_device(&dev) != 1) { + fprintf(stderr, "gmssl %s: open device failure\n", prog); + goto end; + } + + if (sdf_digest_init(&ctx, &dev) != 1) { + fprintf(stderr, "gmssl %s: inner error\n", prog); + goto end; + } + + if (pubkeyfile) { + SM2_KEY sm2_key; + uint8_t z[32]; + + if (sm2_public_key_info_from_pem(&sm2_key, pubkeyfp) != 1) { + fprintf(stderr, "gmssl %s: parse public key failed\n", prog); + goto end; + } + + if (id_hex) { + sm2_compute_z(z, &sm2_key.public_key, (char *)id_bin, id_bin_len); + } else { + if (!id) { + id = SM2_DEFAULT_ID; + } + sm2_compute_z(z, &sm2_key.public_key, id, strlen(id)); + } + + if (sdf_digest_update(&ctx, z, sizeof(z)) != 1) { + fprintf(stderr, "gmssl %s: inner error\n", prog); + goto end; + } + } + + if (in_str) { + if (sdf_digest_update(&ctx, (uint8_t *)in_str, strlen(in_str)) != 1) { + fprintf(stderr, "gmssl %s: inner error\n", prog); + goto end; + } + + } else { + uint8_t buf[4096]; + size_t len; + while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) { + if (sdf_digest_update(&ctx, buf, len) != 1) { + fprintf(stderr, "gmssl %s: inner error\n", prog); + goto end; + } + } + memset(buf, 0, sizeof(buf)); + } + if (sdf_digest_finish(&ctx, dgst) != 1) { + fprintf(stderr, "gmssl %s: inner error\n", prog); + goto end; + } + + if (outformat > 1) { + if (fwrite(dgst, 1, sizeof(dgst), outfp) != sizeof(dgst)) { + fprintf(stderr, "gmssl %s: output failure : %s\n", prog, strerror(errno)); + goto end; + } + } else { + for (i = 0; i < sizeof(dgst); i++) { + fprintf(outfp, "%02x", dgst[i]); + } + fprintf(outfp, "\n"); + } + ret = 0; +end: + sdf_digest_cleanup(&ctx); + if (pubkeyfp) fclose(pubkeyfp); + if (infile && infp) fclose(infp); + if (outfile && outfp) fclose(outfp); + return ret; +} diff --git a/tools/sdftest.c b/tools/sdftest.c index 8d528dc0..d25406d5 100644 --- a/tools/sdftest.c +++ b/tools/sdftest.c @@ -1140,6 +1140,7 @@ static int test_SDF_Encrypt(int kek) return 1; } +// FIXME: correctness is not tested! static int test_SDF_CalculateMAC(int kek) { void *hDeviceHandle = NULL; @@ -1151,7 +1152,7 @@ static int test_SDF_CalculateMAC(int kek) unsigned char ucEncedKey[256]; unsigned int uiEncedKeyLength = (unsigned int)sizeof(ucEncedKey); unsigned int uiMACAlgID = SGD_SM3; - unsigned char ucData[50] = {0}; // FIXME: put real test data + unsigned char ucData[50]; // FIXME: put real test data unsigned int uiDataLength = (unsigned int)sizeof(ucData); unsigned char ucMAC[32]; unsigned int uiMACLength = (unsigned int)sizeof(ucMAC); @@ -1886,7 +1887,7 @@ bad: #if ENABLE_TEST_SPEED if (speed_SDF_Hash() != 1) goto err; if (speed_SDF_Encrypt_SM4_CBC(kek) != 1) goto err; - if (speed_SDF_Decrypt_SM4_CBC(kek) != 1) goto err; // FIXME: should implement CBC without padding in SoftSDF + if (speed_SDF_Decrypt_SM4_CBC(kek) != 1) goto err; if (speed_SDF_GenerateKeyPair_ECC() != 1) goto err; if (speed_SDF_InternalSign_ECC(key, pass) != 1) goto err; if (speed_SDF_InternalVerify_ECC(key, pass) != 1) goto err;