diff --git a/tools/cmsencrypt.c b/tools/cmsencrypt.c index efdd0de8..3a867932 100644 --- a/tools/cmsencrypt.c +++ b/tools/cmsencrypt.c @@ -1,4 +1,4 @@ -/* +/* * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may @@ -18,38 +18,6 @@ #include -/* - -签名的时候要提供签名者的证书,并且提供签名私钥 -但是验证的时候假定CMS中已经包含签名者的证书了,但是我们要提供CA证书库 - -加密的时候要指定接收者的证书,并且可以有多个接收者 -解密的时候只提供一个解密私钥,但是最好配合解密者的证书,从这个证书中找到解密者的名字 - -如果即加密又签名,那么输出的是SignedAndEnveloped - -CMS有PEM吗? - -cms -encrypt -rcpt a.pem -rcpt b.pem -rcpt c.pem -in file -sign -signcert a.pem -signcert b.pem - -rcptcert -rcpt_cert -sign_cert b.pem -signkey - -首先接收者可以有多个证书 - -这里面有个问题,因为我们要输出一个加密的对象,因此我们必须把输入的内容读取进来。 - - -EnvelopedData 是一个封装的SEQUENCE中,因此必须读取所有的内容。 -如果是一个文件,就需要读取所有的文件内容,如果是一个stream ,也需要读取完整的内容到一个足够大的buffer中,如何设置这个buffer的大小呢 - - - -对于输入文件,如果输入有文件名的话,可以直接通过stat获取文件长度 -但是如果对于stream的话,实际上我们是没有办法获得输入长度的,那么就直接准备一个buffer好了。 -不要给自己找麻烦了,直接只支持文件输入吧 -encrypt - -*/ - static const char *options = "-encrypt (-rcptcert pem)* -in file -out file"; @@ -116,7 +84,7 @@ int cmsencrypt_main(int argc, char **argv) return 1; } - // 预先统计证书缓冲大小和输入大小 + // prepare cert buffer length? if (get_files_size(argc, argv, "-rcptcert", &rcpt_certs_len) != 1) { goto end; } diff --git a/tools/cmssign.c b/tools/cmssign.c index f6d1c14f..752ba218 100644 --- a/tools/cmssign.c +++ b/tools/cmssign.c @@ -26,9 +26,6 @@ 306 } CMS_CERTS_AND_KEY; - -输出长度主要由输入长度和 - */ static const char *options = "-key file -pass str -cert file -in file [-out file]"; @@ -165,7 +162,7 @@ bad: goto end; } - cms_maxlen = (inlen * 4)/3 + 4096; // 主要由SignerInfos,其中的DN长度决定 + cms_maxlen = (inlen * 4)/3 + 4096; // SignerInfos decide DN length if (!(cms = malloc(cms_maxlen))) { fprintf(stderr, "%s: malloc failure\n", prog); goto end; diff --git a/tools/sdftest.c b/tools/sdftest.c index 1ce64e76..67c9ef33 100644 --- a/tools/sdftest.c +++ b/tools/sdftest.c @@ -20,7 +20,6 @@ #include "../src/sdf/sdf_ext.h" - static const char *usage = "-lib so_path -kek num -key num -pass str"; static const char *options = @@ -864,7 +863,7 @@ static int test_SDF_Hash_Z(void) return 1; } -// 这个函数是否做的太多了? +// FIXME: make test_SDF_GenerateKeyWithIPK_ECC test less APIs static int test_SDF_GenerateKeyWithIPK_ECC(int key, char *pass) { void *hDeviceHandle = NULL; @@ -1144,7 +1143,7 @@ static int test_SDF_CalculateMAC(int kek) unsigned char ucEncedKey[256]; unsigned int uiEncedKeyLength = (unsigned int)sizeof(ucEncedKey); unsigned int uiMACAlgID = SGD_SM3; - unsigned char ucData[50] = {0}; // FIXME: 这里给出实际测试数据 + unsigned char ucData[50] = {0}; // FIXME: put real test data unsigned int uiDataLength = (unsigned int)sizeof(ucData); unsigned char ucMAC[32]; unsigned int uiMACLength = (unsigned int)sizeof(ucMAC); @@ -1163,7 +1162,7 @@ static int test_SDF_CalculateMAC(int kek) return -1; } - // 这个实际上无法测试正确性!因为你都不知道生成的密钥是什么 + // FIXME: can not test correctness here ret = SDF_GenerateKeyWithKEK(hSessionHandle, uiHMACKeyBits, uiKeyEncAlgID, uiKEKIndex, ucEncedKey, &uiEncedKeyLength, &hKeyHandle); if (ret != SDR_OK) { fprintf(stderr, "Error: SDF_GenerateKeyWithKEK returned 0x%X\n", ret); diff --git a/tools/tlcp_server.c b/tools/tlcp_server.c index e0abfff7..1a1ffdc7 100644 --- a/tools/tlcp_server.c +++ b/tools/tlcp_server.c @@ -164,7 +164,7 @@ restart: } if (tls_do_handshake(&conn) != 1) { - error_print(); // 为什么这个会触发呢? + error_print(); return -1; } diff --git a/tools/tls12_client.c b/tools/tls12_client.c index af51ed8f..5041dea2 100644 --- a/tools/tls12_client.c +++ b/tools/tls12_client.c @@ -1,4 +1,4 @@ -/* +/* * Copyright 2014-2024 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may @@ -16,8 +16,6 @@ #include -// TLSv1.2客户单和TLCP客户端可能没有什么区别 - static int client_ciphers[] = { TLS_cipher_ecdhe_sm4_cbc_sm3 }; static const char *http_get = @@ -180,7 +178,7 @@ bad: fwrite(buf, 1, len, stdout); fflush(stdout); - // 应该调整tls_recv 逻辑、API或者其他方式 + // FIXME: change `tls_recv` API or functions if (conn.datalen == 0) { break; } diff --git a/tools/tls12_server.c b/tools/tls12_server.c index b910a784..944e7cbd 100644 --- a/tools/tls12_server.c +++ b/tools/tls12_server.c @@ -148,7 +148,7 @@ restart: } if (tls_do_handshake(&conn) != 1) { - error_print(); // 为什么这个会触发呢? + error_print(); return -1; } diff --git a/tools/tls13_client.c b/tools/tls13_client.c index 03d63e77..ee94ed79 100644 --- a/tools/tls13_client.c +++ b/tools/tls13_client.c @@ -1,4 +1,4 @@ -/* +/* * Copyright 2014-2024 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may @@ -16,8 +16,6 @@ #include -// TLSv1.2客户单和TLCP客户端可能没有什么区别 - static int client_ciphers[] = { TLS_cipher_sm4_gcm_sm3 }; static const char *http_get = @@ -179,7 +177,7 @@ bad: fwrite(buf, 1, len, stdout); fflush(stdout); - // 应该调整tls_recv 逻辑、API或者其他方式 + // FIXME: change tls13_recv API if (conn.datalen == 0) { break; } diff --git a/tools/tls13_server.c b/tools/tls13_server.c index 2f4b6d85..f9e352a1 100644 --- a/tools/tls13_server.c +++ b/tools/tls13_server.c @@ -142,7 +142,7 @@ restart: } if (tls_do_handshake(&conn) != 1) { - error_print(); // 为什么这个会触发呢? + error_print(); return -1; }