Add sdfdigest command

CMakeLists.txt

@@ -552,7 +552,7 @@ if (ENABLE_SDF)
 		src/sdf/sdf_meth.c
 		src/sdf/sdf_ext.c
 		src/sdf/sdf_sansec.c)
-	list(APPEND tools tools/sdfinfo.c tools/sdfexport.c tools/sdfsign.c tools/sdftest.c)
+	list(APPEND tools tools/sdfinfo.c tools/sdfdigest.c tools/sdfexport.c tools/sdfsign.c tools/sdftest.c)
 endif()
 
 

include/gmssl/sdf.h

@@ -28,6 +28,10 @@ typedef struct {
 	char serial[17];
 } SDF_DEVICE;
 
+typedef struct {
+	void *session;
+} SDF_DIGEST_CTX;
+
 typedef struct {
 	SM2_Z256_POINT public_key;
 	void *session;
@@ -43,6 +47,11 @@ typedef struct {
 int sdf_load_library(const char *so_path, const char *vendor);
 int sdf_open_device(SDF_DEVICE *dev);
 int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev);
+int sdf_digest_init(SDF_DIGEST_CTX *ctx, SDF_DEVICE *dev);
+int sdf_digest_update(SDF_DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
+int sdf_digest_finish(SDF_DIGEST_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]);
+int sdf_digest_reset(SDF_DIGEST_CTX *ctx);
+void sdf_digest_cleanup(SDF_DIGEST_CTX *ctx);
 int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_key);
 int sdf_load_sign_key(SDF_DEVICE *dev, SDF_SIGN_KEY *key, int key_index, const char *pass);
 int sdf_sign(SDF_SIGN_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);

src/sdf/sdf.c

@@ -127,6 +127,105 @@ int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEV
 	return 1;
 }
 
+int sdf_digest_init(SDF_DIGEST_CTX *ctx, SDF_DEVICE *dev)
+{
+	void *hSession;
+	int ret;
+
+	if (!dev || !ctx) {
+		error_print();
+		return -1;
+	}
+	if (!dev->handle) {
+		error_print();
+		return -1;
+	}
+	if ((ret = SDF_OpenSession(dev->handle, &hSession)) != SDR_OK) {
+		error_print();
+		return -1;
+	}
+	if ((ret = SDF_HashInit(hSession, SGD_SM3, NULL, NULL, 0)) != SDR_OK) {
+		(void)SDF_CloseSession(hSession);
+		error_print();
+		return -1;
+	}
+	ctx->session = hSession;
+	return 1;
+}
+
+int sdf_digest_update(SDF_DIGEST_CTX *ctx, const uint8_t *data, size_t datalen)
+{
+	int ret;
+
+	if (!ctx) {
+		error_print();
+		return -1;
+	}
+	if (!ctx->session) {
+		error_print();
+		return -1;
+	}
+	if ((ret = SDF_HashUpdate(ctx->session, (uint8_t *)data, (unsigned int)datalen)) != SDR_OK) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int sdf_digest_finish(SDF_DIGEST_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE])
+{
+	unsigned int dgstlen;
+	int ret;
+
+	if (!ctx || !dgst) {
+		error_print();
+		return -1;
+	}
+	if (!ctx->session) {
+		error_print();
+		return -1;
+	}
+	if ((ret = SDF_HashFinal(ctx->session, dgst, &dgstlen)) != SDR_OK) {
+		error_print();
+		return -1;
+	}
+	if (dgstlen != 32) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+int sdf_digest_reset(SDF_DIGEST_CTX *ctx)
+{
+	int ret;
+
+	if (!ctx) {
+		error_print();
+		return -1;
+	}
+	if (!ctx->session) {
+		error_print();
+		return -1;
+	}
+	if ((ret = SDF_HashInit(ctx->session, SGD_SM3, NULL, NULL, 0)) != SDR_OK) {
+		error_print();
+		return -1;
+	}
+	return 1;
+}
+
+void sdf_digest_cleanup(SDF_DIGEST_CTX *ctx)
+{
+	if (ctx && ctx->session) {
+		int ret;
+		if ((ret = SDF_CloseSession(ctx->session)) != SDR_OK) {
+			error_print();
+		}
+		ctx->session = NULL;
+	}
+}
+
 int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *sm2_key)
 {
 	void *hSession;

tools/gmssl.c

@@ -67,6 +67,7 @@ extern int tls13_client_main(int argc, char **argv);
 extern int tls13_server_main(int argc, char **argv);
 #ifdef ENABLE_SDF
 extern int sdfinfo_main(int argc, char **argv);
+extern int sdfdigest_main(int argc, char **argv);
 extern int sdfexport_main(int argc, char **argv);
 extern int sdfsign_main(int argc, char **argv);
 extern int sdftest_main(int argc, char **argv);
@@ -129,6 +130,7 @@ static const char *options =
 	"  cmsverify         Verify CMS SignedData\n"
 #ifdef ENABLE_SDF
 	"  sdfinfo           Print SDF device info\n"
+	"  sdfdigest         Generate SM3 hash with SDF device\n"
 	"  sdfexport         Export SM2 signing public key from SDF device\n"
 	"  sdfsign           Generate SM2 signature with SDF internal private key\n"
 	"  sdftest           Test vendor's SDF library and device\n"
@@ -283,6 +285,8 @@ int main(int argc, char **argv)
 #ifdef ENABLE_SDF
 		} else if (!strcmp(*argv, "sdfinfo")) {
 			return sdfinfo_main(argc, argv);
+		} else if (!strcmp(*argv, "sdfdigest")) {
+			return sdfdigest_main(argc, argv);
 		} else if (!strcmp(*argv, "sdfexport")) {
 			return sdfexport_main(argc, argv);
 		} else if (!strcmp(*argv, "sdfsign")) {

tools/sdfdigest.c

@@ -0,0 +1,264 @@
+/*
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/sdf.h>
+#include <gmssl/hex.h>
+#include <gmssl/error.h>
+
+
+static const char *usage = "-lib so_path [-hex|-bin] [-pubkey pem [-id str]] [-in file|-in_str str] [-out file]";
+
+static const char *help =
+"Options\n"
+"\n"
+"    -lib so_path           Vendor's SDF dynamic library\n"
+"    -hex                   Output hash value as hex string (by default)\n"
+"    -bin                   Output hash value as binary\n"
+"    -pubkey pem            Signer's SM2 public key\n"
+"                           When `-pubkey` is specified, hash with SM2 Z value\n"
+"    -id str                SM2 Signer's ID string\n"
+"    -id_hex hex            SM2 Signer's ID in hex format\n"
+"                           `-id` and `-id_hex` should be used with `-pubkey`\n"
+"                           `-id` and `-id_hex` should not be used together\n"
+"                           If `-pubkey` is specified without `-id` or `id_hex`,\n"
+"                           the default ID string '1234567812345678' is used\n"
+"    -in_str str            To be hashed string\n"
+"    -in file | stdin       To be hashed file path\n"
+"                           `-in_str` and `-in` should not be used together\n"
+"                           If neither `-in` nor `-in_str` specified, read from stdin\n"
+"    -out file | stdout     Output file path. If not specified, output to stdout\n"
+"\n"
+"Examples\n"
+"\n"
+"    gmssl sdfdigest -in_str abc\n"
+"\n"
+"    gmssl sdfdigest -in_str abc -bin\n"
+"\n"
+"    gmssl sdfdigest -in /path/to/file\n"
+"\n"
+"    gmssl sdfdigest -pubkey sm2pubkey.pem -id alice -in /path/to/file -bin\n"
+"\n"
+"  When reading from stdin, make sure the trailing newline character is removed\n"
+"\n"
+"  Linux/Mac:\n"
+"    echo -n abc | gmssl sdfdigest\n"
+"\n"
+"  Windows:\n"
+"    C:\\> echo |set/p=\"abc\" | gmssl sdfdigest\n"
+"\n";
+
+
+int sdfdigest_main(int argc, char **argv)
+{
+	int ret = 1;
+	char *prog = argv[0];
+	char *lib = NULL;
+	int outformat = 0;
+	char *pubkeyfile = NULL;
+	char *in_str = NULL;
+	char *infile = NULL;
+	char *outfile = NULL;
+	char *id = NULL;
+	char *id_hex = NULL;
+	FILE *pubkeyfp = NULL;
+	FILE *infp = stdin;
+	FILE *outfp = stdout;
+	uint8_t id_bin[64];
+	size_t id_bin_len;
+	SDF_DEVICE dev;
+	SDF_DIGEST_CTX ctx;
+	uint8_t dgst[32];
+	int i;
+
+	memset(&ctx, 0, sizeof(ctx));
+
+	argc--;
+	argv++;
+
+	while (argc > 0) {
+		if (!strcmp(*argv, "-help")) {
+			printf("usage: gmssl %s %s\n", prog, usage);
+			printf("%s\n", help);
+			ret = 0;
+			goto end;
+		} else if (!strcmp(*argv, "-lib")) {
+			if (--argc < 1) goto bad;
+			lib = *(++argv);
+		} else if (!strcmp(*argv, "-hex")) {
+			if (outformat > 0) {
+				fprintf(stderr, "gmssl %s: `-hex` and `-bin` should not be used together\n", prog);
+				goto end;
+			}
+			outformat = 1;
+		} else if (!strcmp(*argv, "-bin")) {
+			if (outformat > 0) {
+				fprintf(stderr, "gmssl %s: `-hex` and `-bin` should not be used together\n", prog);
+				goto end;
+			}
+			outformat = 2;
+		} else if (!strcmp(*argv, "-pubkey")) {
+			if (--argc < 1) goto bad;
+			pubkeyfile = *(++argv);
+			if (!(pubkeyfp = fopen(pubkeyfile, "rb"))) {
+				fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, pubkeyfile, strerror(errno));
+				goto end;
+			}
+		} else if (!strcmp(*argv, "-id")) {
+			if (id_hex) {
+				fprintf(stderr, "gmssl %s: `-id` and `-id_hex` should not be used together\n", prog);
+				goto end;
+			}
+			if (--argc < 1) goto bad;
+			id = *(++argv);
+		} else if (!strcmp(*argv, "-id_hex")) {
+			if (id) {
+				fprintf(stderr, "gmssl %s: `-id` and `-id_hex` should not be used together\n", prog);
+				goto end;
+			}
+			if (--argc < 1) goto bad;
+			id_hex = *(++argv);
+			if (strlen(id_hex) > sizeof(id_bin) * 2) {
+				fprintf(stderr, "gmssl %s: `-id_hex` should be less then %zu bytes\n", prog, sizeof(id_bin));
+				goto end;
+			}
+			if (hex_to_bytes(id_hex, strlen(id_hex), id_bin, &id_bin_len) != 1) {
+				fprintf(stderr, "gmssl %s: invalid `-id_hex` value\n", prog);
+				goto end;
+			}
+		} else if (!strcmp(*argv, "-in_str")) {
+			if (infile) {
+				fprintf(stderr, "gmssl %s: `-in` and `-in_str` should not be used together\n", prog);
+				goto end;
+			}
+			if (--argc < 1) goto bad;
+			in_str = *(++argv);
+		} else if (!strcmp(*argv, "-in")) {
+			if (in_str) {
+				fprintf(stderr, "gmssl %s: `-in` and `-in_str` should not be used together\n", prog);
+				goto end;
+			}
+			if (--argc < 1) goto bad;
+			infile = *(++argv);
+			if (!(infp = fopen(infile, "rb"))) {
+				fprintf(stderr, "gmssl%s: open '%s' failure : %s\n", prog, infile, strerror(errno));
+				goto end;
+			}
+		} else if (!strcmp(*argv, "-out")) {
+			if (--argc < 1) goto bad;
+			outfile = *(++argv);
+			if (!(outfp = fopen(outfile, "wb"))) {
+				fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
+				goto end;
+			}
+		} else {
+			fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
+			goto end;
+bad:
+			fprintf(stderr, "gmssl %s: '%s' option value missing\n", prog, *argv);
+			goto end;
+		}
+
+		argc--;
+		argv++;
+	}
+
+	if (!lib) {
+		fprintf(stderr, "gmssl %s: '-lib' option required\n", prog);
+		goto end;
+	}
+	if ((id || id_hex) && !pubkeyfile) {
+		fprintf(stderr, "gmssl %s: option `-id` or `-id_hex` must be with '-pubkey'\n", prog);
+		goto end;
+	}
+
+	if (sdf_load_library(lib, NULL) != 1) {
+		fprintf(stderr, "gmssl %s: load library failure\n", prog);
+		goto end;
+	}
+	if (sdf_open_device(&dev) != 1) {
+		fprintf(stderr, "gmssl %s: open device failure\n", prog);
+		goto end;
+	}
+
+	if (sdf_digest_init(&ctx, &dev) != 1) {
+		fprintf(stderr, "gmssl %s: inner error\n", prog);
+		goto end;
+	}
+
+	if (pubkeyfile) {
+		SM2_KEY sm2_key;
+		uint8_t z[32];
+
+		if (sm2_public_key_info_from_pem(&sm2_key, pubkeyfp) != 1) {
+			fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
+			goto end;
+		}
+
+		if (id_hex) {
+			sm2_compute_z(z, &sm2_key.public_key, (char *)id_bin, id_bin_len);
+		} else {
+			if (!id) {
+				id = SM2_DEFAULT_ID;
+			}
+			sm2_compute_z(z, &sm2_key.public_key, id, strlen(id));
+		}
+
+		if (sdf_digest_update(&ctx, z, sizeof(z)) != 1) {
+			fprintf(stderr, "gmssl %s: inner error\n", prog);
+			goto end;
+		}
+	}
+
+	if (in_str) {
+		if (sdf_digest_update(&ctx, (uint8_t *)in_str, strlen(in_str)) != 1) {
+			fprintf(stderr, "gmssl %s: inner error\n", prog);
+			goto end;
+		}
+
+	} else {
+		uint8_t buf[4096];
+		size_t len;
+		while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) {
+			if (sdf_digest_update(&ctx, buf, len) != 1) {
+				fprintf(stderr, "gmssl %s: inner error\n", prog);
+				goto end;
+			}
+		}
+		memset(buf, 0, sizeof(buf));
+	}
+	if (sdf_digest_finish(&ctx, dgst) != 1) {
+		fprintf(stderr, "gmssl %s: inner error\n", prog);
+		goto end;
+	}
+
+	if (outformat > 1) {
+		if (fwrite(dgst, 1, sizeof(dgst), outfp) != sizeof(dgst)) {
+			fprintf(stderr, "gmssl %s: output failure : %s\n", prog, strerror(errno));
+			goto end;
+		}
+	} else {
+		for (i = 0; i < sizeof(dgst); i++) {
+			fprintf(outfp, "%02x", dgst[i]);
+		}
+		fprintf(outfp, "\n");
+	}
+	ret = 0;
+end:
+	sdf_digest_cleanup(&ctx);
+	if (pubkeyfp) fclose(pubkeyfp);
+	if (infile && infp) fclose(infp);
+	if (outfile && outfp) fclose(outfp);
+	return ret;
+}

tools/sdftest.c

@@ -1140,6 +1140,7 @@ static int test_SDF_Encrypt(int kek)
 	return 1;
 }
 
+// FIXME: correctness is not tested!			
 static int test_SDF_CalculateMAC(int kek)
 {
 	void *hDeviceHandle = NULL;
@@ -1151,7 +1152,7 @@ static int test_SDF_CalculateMAC(int kek)
 	unsigned char ucEncedKey[256];
 	unsigned int uiEncedKeyLength = (unsigned int)sizeof(ucEncedKey);
 	unsigned int uiMACAlgID = SGD_SM3;
-	unsigned char ucData[50] = {0}; // FIXME: put real test data			
+	unsigned char ucData[50]; // FIXME: put real test data			
 	unsigned int uiDataLength = (unsigned int)sizeof(ucData);
 	unsigned char ucMAC[32];
 	unsigned int uiMACLength = (unsigned int)sizeof(ucMAC);
@@ -1886,7 +1887,7 @@ bad:
 #if ENABLE_TEST_SPEED
 	if (speed_SDF_Hash() != 1) goto err;
 	if (speed_SDF_Encrypt_SM4_CBC(kek) != 1) goto err;
-	if (speed_SDF_Decrypt_SM4_CBC(kek) != 1) goto err; // FIXME: should implement CBC without padding in SoftSDF				
+	if (speed_SDF_Decrypt_SM4_CBC(kek) != 1) goto err;
 	if (speed_SDF_GenerateKeyPair_ECC() != 1) goto err;
 	if (speed_SDF_InternalSign_ECC(key, pass) != 1) goto err;
 	if (speed_SDF_InternalVerify_ECC(key, pass) != 1) goto err;