Add software SDF implementation

The soft_sdf will replace sdf_dummy library for buiding testing apps.
2026-05-06 16:36:16 +08:00 · 2023-12-28 10:18:09 +08:00
parent 1def752948
commit 39e2f9f657
4 changed files with 2826 additions and 465 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -75,6 +75,7 @@ set(tools
 	tools/sm4.c
 	tools/sm3.c
 	tools/sm3hmac.c
+	tools/sm3xmss_keygen.c
 	tools/sm2keygen.c
 	tools/sm2sign.c
 	tools/sm2verify.c
@@ -285,7 +286,7 @@ if (ENABLE_SM3_XMSS)
 	message(STATUS "ENABLE_SM3_XMSS is ON")
 	list(APPEND src src/sm3_xmss.c)

-	option(ENABLE_SM3_XMSS_CROSSCHECK "Enable XMSS SHA-256 cross-check" ON)
+	option(ENABLE_SM3_XMSS_CROSSCHECK "Enable XMSS SHA-256 cross-check" OFF)
 	if (ENABLE_SM3_XMSS_CROSSCHECK)
 		message(STATUS "ENABLE_SM3_XMSS_CROSSCHECK is ON")
 		add_definitions(-DENABLE_SM3_XMSS_CROSSCHECK)
@@ -331,6 +332,7 @@ if (ENABLE_CHACHA20)
 endif()


+
 option(ENABLE_INTEL_RDRAND "Enable Intel RDRAND instructions" OFF)
 option(ENABLE_INTEL_RDSEED "Enable Intel RDSEED instructions" OFF)

@@ -361,12 +363,20 @@ if (ENABLE_INTEL_RDRAND)
 endif()


+option(ENABLE_SM4_CBC_MAC "Enable SM4-CBC-MAC" OFF)
+if (ENABLE_SM4_CBC_MAC)
+	message(STATUS "ENABLE_SM4_CBC_MAC is ON")
+	list(APPEND src src/sm4_cbc_mac.c)
+	list(APPEND tests sm4_cbc_mac)
+	list(APPEND demos sm4_cbc_mac_demo)
+endif()
+
+
 option(ENABLE_GMT_0105_RNG "Enable GM/T 0105 Software RNG" OFF)
 if (ENABLE_GMT_0105_RNG)
-	message(STATUS "ENABLE_GMT_0105_RNG")
-	list(APPEND src src/sm3_rng.c src/sm4_cbc_mac.c src/sm4_rng.c)
-	list(APPEND tests sm3_rng sm4_cbc_mac sm4_rng)
-	list(APPEND demos sm4_cbc_mac_demo)
+	message(STATUS "ENABLE_GMT_0105_RNG is ON")
+	list(APPEND src src/sm3_rng.c src/sm4_rng.c)
+	list(APPEND tests sm3_rng sm4_rng)
 endif()


@@ -400,6 +410,9 @@ endif()
 add_library(gmssl ${src})


+
+
+
 if (WIN32)
 	target_link_libraries(gmssl -lws2_32)
 elseif (APPLE)
@@ -421,6 +434,16 @@ SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.1 SOVERSION 3)
 install(TARGETS gmssl ARCHIVE DESTINATION lib LIBRARY DESTINATION lib RUNTIME DESTINATION bin)
 install(DIRECTORY ${CMAKE_SOURCE_DIR}/include/gmssl DESTINATION include)

+
+option(ENABLE_SOFT_SDF "Enable Software SDF Implementation" OFF)
+if (ENABLE_SOFT_SDF)
+	message(STATUS "ENABLE_SOFT_SDF is ON")
+	add_library(soft_sdf SHARED src/sdf/soft_sdf.c)
+	target_link_libraries(soft_sdf PRIVATE gmssl)
+	set_target_properties(soft_sdf PROPERTIES VERSION 3.1 SOVERSION 3)
+endif()
+
+
 if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "iOS")

 	add_library(sdf_dummy SHARED src/sdf/sdf_dummy.c)
--- a/src/sdf/sdf.h
+++ b/src/sdf/sdf.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -7,459 +7,462 @@
 *  http://www.apache.org/licenses/LICENSE-2.0
 */

-/*
- * SDF API is a cryptographic API for PCI-E cards defined in standard
- * GM/T 0018-2012: Interface Specifications of Cryptography Device Application
- *
- * Note: this header file follows the specification of GM/T 0018-2012. As we
- * know, some vendors provide header files with some differences, especially
- * the definations of data structures. So be sure to check the file provided by
- * vendors and compare with this one.
- *
- * The implementations of SDF API from different vendors might have different
- * behaviors on the same function. The comments in this file will show
- * information and warnings on these issues. If the application developer use
- * the GmSSL implementation, see `crypto/gmapi/sdf_lcl.h` for more information.
- */
-
-#ifndef HEADER_SDF_H
-#define HEADER_SDF_H
-
-#include <stdio.h>
-#include "../sgd.h"
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-
-#pragma pack(1)
-typedef struct DeviceInfo_st {
-	unsigned char IssuerName[40];
-	unsigned char DeviceName[16];
-	unsigned char DeviceSerial[16];	/* 8-char date +
-					 * 3-char batch num +
-					 * 5-char serial num
-					 */
-	unsigned int DeviceVersion;
-	unsigned int StandardVersion;
-	unsigned int AsymAlgAbility[2];	/* AsymAlgAbility[0] = algors
-					 * AsymAlgAbility[1] = modulus lens
-					 */
-	unsigned int SymAlgAbility;
-	unsigned int HashAlgAbility;
-	unsigned int BufferSize;
-} DEVICEINFO;
-
-typedef struct RSArefPublicKey_st {
-	unsigned int bits;
-	unsigned char m[RSAref_MAX_LEN];
-	unsigned char e[RSAref_MAX_LEN];
-} RSArefPublicKey;
-
-typedef struct RSArefPrivateKey_st {
-	unsigned int bits;
-	unsigned char m[RSAref_MAX_LEN];
-	unsigned char e[RSAref_MAX_LEN];
-	unsigned char d[RSAref_MAX_LEN];
-	unsigned char prime[2][RSAref_MAX_PLEN];
-	unsigned char pexp[2][RSAref_MAX_PLEN];
-	unsigned char coef[RSAref_MAX_PLEN];
-} RSArefPrivateKey;
-
-typedef struct ECCrefPublicKey_st {
-	unsigned int bits;
-	unsigned char x[ECCref_MAX_LEN];
-	unsigned char y[ECCref_MAX_LEN];
-} ECCrefPublicKey;
-
-typedef struct ECCrefPrivateKey_st {
-    unsigned int  bits;
-    unsigned char K[ECCref_MAX_LEN];
-} ECCrefPrivateKey;
-
-typedef struct ECCCipher_st {
-	unsigned char x[ECCref_MAX_LEN];
-	unsigned char y[ECCref_MAX_LEN];
-	unsigned char M[32];
-	unsigned int L;
-	unsigned char C[1];
-} ECCCipher;
-
-typedef struct ECCSignature_st {
-	unsigned char r[ECCref_MAX_LEN];
-	unsigned char s[ECCref_MAX_LEN];
-} ECCSignature;
-
-typedef struct SDF_ENVELOPEDKEYBLOB {
-	unsigned long Version;
-	unsigned long ulSymmAlgID;
-	ECCCipher ECCCipehrBlob;
-	ECCrefPublicKey PubKey;
-	unsigned char cbEncryptedPrivKey[64];
-} EnvelopedKeyBlob, *PEnvelopedKeyBlob;
-#pragma pack()
-
-int SDF_OpenDevice(
-	void **phDeviceHandle);
-
-int SDF_CloseDevice(
-	void *hDeviceHandle);
-
-int SDF_OpenSession(
-	void *hDeviceHandle,
-	void **phSessionHandle);
-
-int SDF_CloseSession(
-	void *hSessionHandle);
-
-int SDF_GetDeviceInfo(
-	void *hSessionHandle,
-	DEVICEINFO *pstDeviceInfo);
-
-int SDF_GenerateRandom(
-	void *hSessionHandle,
-	unsigned int uiLength,
-	unsigned char *pucRandom);
-
-int SDF_GetPrivateKeyAccessRight(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	unsigned char *pucPassword,
-	unsigned int uiPwdLength);
-
-int SDF_ReleasePrivateKeyAccessRight(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex);
-
-int SDF_ExportSignPublicKey_RSA(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	RSArefPublicKey *pucPublicKey);
-
-int SDF_ExportEncPublicKey_RSA(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	RSArefPublicKey *pucPublicKey);
-
-int SDF_GenerateKeyPair_RSA(
-	void *hSessionHandle,
-	unsigned int uiKeyBits,
-	RSArefPublicKey *pucPublicKey,
-	RSArefPrivateKey *pucPrivateKey);
-
-int SDF_GenerateKeyWithIPK_RSA(
-	void *hSessionHandle,
-	unsigned int uiIPKIndex,
-	unsigned int uiKeyBits,
-	unsigned char *pucKey,
-	unsigned int *puiKeyLength,
-	void **phKeyHandle);
-
-int SDF_GenerateKeyWithEPK_RSA(
-	void *hSessionHandle,
-	unsigned int uiKeyBits,
-	RSArefPublicKey *pucPublicKey,
-	unsigned char *pucKey,
-	unsigned int *puiKeyLength,
-	void **phKeyHandle);
-
-int SDF_ImportKeyWithISK_RSA(
-	void *hSessionHandle,
-	unsigned int uiISKIndex,
-	unsigned char *pucKey,
-	unsigned int uiKeyLength,
-	void **phKeyHandle);
-
-int SDF_ExchangeDigitEnvelopeBaseOnRSA(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	RSArefPublicKey *pucPublicKey,
-	unsigned char *pucDEInput,
-	unsigned int uiDELength,
-	unsigned char *pucDEOutput,
-	unsigned int *puiDELength);
-
-int SDF_ExportSignPublicKey_ECC(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	ECCrefPublicKey *pucPublicKey);
-
-int SDF_ExportEncPublicKey_ECC(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	ECCrefPublicKey *pucPublicKey);
-
-int SDF_GenerateKeyPair_ECC(
-	void *hSessionHandle,
-	unsigned int uiAlgID,
-	unsigned int  uiKeyBits,
-	ECCrefPublicKey *pucPublicKey,
-	ECCrefPrivateKey *pucPrivateKey);
-
-int SDF_GenerateKeyWithIPK_ECC(
-	void *hSessionHandle,
-	unsigned int uiIPKIndex,
-	unsigned int uiKeyBits,
-	ECCCipher *pucKey,
-	void **phKeyHandle);
-
-int SDF_GenerateKeyWithEPK_ECC(
-	void *hSessionHandle,
-	unsigned int uiKeyBits,
-	unsigned int uiAlgID,
-	ECCrefPublicKey *pucPublicKey,
-	ECCCipher *pucKey,
-	void **phKeyHandle);
-
-int SDF_ImportKeyWithISK_ECC(
-	void *hSessionHandle,
-	unsigned int uiISKIndex,
-	ECCCipher *pucKey,
-	void **phKeyHandle);
-
-int SDF_GenerateAgreementDataWithECC(
-	void *hSessionHandle,
-	unsigned int uiISKIndex,
-	unsigned int uiKeyBits,
-	unsigned char *pucSponsorID,
-	unsigned int uiSponsorIDLength,
-	ECCrefPublicKey *pucSponsorPublicKey,
-	ECCrefPublicKey *pucSponsorTmpPublicKey,
-	void **phAgreementHandle);
-
-int SDF_GenerateKeyWithECC(
-	void *hSessionHandle,
-	unsigned char *pucResponseID,
-	unsigned int uiResponseIDLength,
-	ECCrefPublicKey *pucResponsePublicKey,
-	ECCrefPublicKey *pucResponseTmpPublicKey,
-	void *hAgreementHandle,
-	void **phKeyHandle);
-
-int SDF_GenerateAgreementDataAndKeyWithECC(
-	void *hSessionHandle,
-	unsigned int uiISKIndex,
-	unsigned int uiKeyBits,
-	unsigned char *pucResponseID,
-	unsigned int uiResponseIDLength,
-	unsigned char *pucSponsorID,
-	unsigned int uiSponsorIDLength,
-	ECCrefPublicKey *pucSponsorPublicKey,
-	ECCrefPublicKey *pucSponsorTmpPublicKey,
-	ECCrefPublicKey *pucResponsePublicKey,
-	ECCrefPublicKey *pucResponseTmpPublicKey,
-	void **phKeyHandle);
-
-int SDF_ExchangeDigitEnvelopeBaseOnECC(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	unsigned int uiAlgID,
-	ECCrefPublicKey *pucPublicKey,
-	ECCCipher *pucEncDataIn,
-	ECCCipher *pucEncDataOut);
-
-int SDF_GenerateKeyWithKEK(
-	void *hSessionHandle,
-	unsigned int uiKeyBits,
-	unsigned int uiAlgID,
-	unsigned int uiKEKIndex,
-	unsigned char *pucKey,
-	unsigned int *puiKeyLength,
-	void **phKeyHandle);
-
-int SDF_ImportKeyWithKEK(
-	void *hSessionHandle,
-	unsigned int uiAlgID,
-	unsigned int uiKEKIndex,
-	unsigned char *pucKey,
-	unsigned int uiKeyLength,
-	void **phKeyHandle);
-
-int SDF_DestroyKey(
-	void *hSessionHandle,
-	void *hKeyHandle);
-
-int SDF_ExternalPublicKeyOperation_RSA(
-	void *hSessionHandle,
-	RSArefPublicKey *pucPublicKey,
-	unsigned char *pucDataInput,
-	unsigned int uiInputLength,
-	unsigned char *pucDataOutput,
-	unsigned int *puiOutputLength);
-
-int SDF_InternalPublicKeyOperation_RSA(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	unsigned char *pucDataInput,
-	unsigned int uiInputLength,
-	unsigned char *pucDataOutput,
-	unsigned int *puiOutputLength);
-
-int SDF_InternalPrivateKeyOperation_RSA(
-	void *hSessionHandle,
-	unsigned int uiKeyIndex,
-	unsigned char *pucDataInput,
-	unsigned int uiInputLength,
-	unsigned char *pucDataOutput,
-	unsigned int *puiOutputLength);
-
-int SDF_ExternalVerify_ECC(
-	void *hSessionHandle,
-	unsigned int uiAlgID,
-	ECCrefPublicKey *pucPublicKey,
-	unsigned char *pucDataInput,
-	unsigned int uiInputLength,
-	ECCSignature *pucSignature);
-
-int SDF_InternalSign_ECC(
-	void *hSessionHandle,
-	unsigned int uiISKIndex,
-	unsigned char *pucData,
-	unsigned int uiDataLength,
-	ECCSignature *pucSignature);
-
-int SDF_InternalVerify_ECC(
-	void *hSessionHandle,
-	unsigned int uiIPKIndex,
-	unsigned char *pucData,
-	unsigned int uiDataLength,
-	ECCSignature *pucSignature);
-
-int SDF_ExternalEncrypt_ECC(
-	void *hSessionHandle,
-	unsigned int uiAlgID,
-	ECCrefPublicKey *pucPublicKey,
-	unsigned char *pucData,
-	unsigned int uiDataLength,
-	ECCCipher *pucEncData);
-
-int SDF_InternalEncrypt_ECC(
-	void *hSessionHandle,
-	unsigned int uiIPKIndex,
-	unsigned int uiAlgID,
-	unsigned char *pucData,
-	unsigned int uiDataLength,
-	ECCCipher *pucEncData);
-
-int SDF_InternalDecrypt_ECC(
-	void *hSessionHandle,
-	unsigned int uiISKIndex,
-	unsigned int uiAlgID,
-	ECCCipher *pucEncData,
-	unsigned char *pucData,
-	unsigned int *uiDataLength);
-
-int SDF_Encrypt(
-	void *hSessionHandle,
-	void *hKeyHandle,
-	unsigned int uiAlgID,
-	unsigned char *pucIV,
-	unsigned char *pucData,
-	unsigned int uiDataLength,
-	unsigned char *pucEncData,
-	unsigned int *puiEncDataLength);
-
-int SDF_Decrypt(
-	void *hSessionHandle,
-	void *hKeyHandle,
-	unsigned int uiAlgID,
-	unsigned char *pucIV,
-	unsigned char *pucEncData,
-	unsigned int uiEncDataLength,
-	unsigned char *pucData,
-	unsigned int *puiDataLength);
-
-int SDF_CalculateMAC(
-	void *hSessionHandle,
-	void *hKeyHandle,
-	unsigned int uiAlgID,
-	unsigned char *pucIV,
-	unsigned char *pucData,
-	unsigned int uiDataLength,
-	unsigned char *pucMAC,
-	unsigned int *puiMACLength);
-
-int SDF_HashInit(
-	void *hSessionHandle,
-	unsigned int uiAlgID,
-	ECCrefPublicKey *pucPublicKey,
-	unsigned char *pucID,
-	unsigned int uiIDLength);
-
-int SDF_HashUpdate(
-	void *hSessionHandle,
-	unsigned char *pucData,
-	unsigned int uiDataLength);
-
-int SDF_HashFinal(void *hSessionHandle,
-	unsigned char *pucHash,
-	unsigned int *puiHashLength);
-
-int SDF_CreateFile(
-	void *hSessionHandle,
-	unsigned char *pucFileName,
-	unsigned int uiNameLen, /* max 128-byte */
-	unsigned int uiFileSize);
-
-int SDF_ReadFile(
-	void *hSessionHandle,
-	unsigned char *pucFileName,
-	unsigned int uiNameLen,
-	unsigned int uiOffset,
-	unsigned int *puiReadLength,
-	unsigned char *pucBuffer);
-
-int SDF_WriteFile(
-	void *hSessionHandle,
-	unsigned char *pucFileName,
-	unsigned int uiNameLen,
-	unsigned int uiOffset,
-	unsigned int uiWriteLength,
-	unsigned char *pucBuffer);
-
-int SDF_DeleteFile(
-	void *hSessionHandle,
-	unsigned char *pucFileName,
-	unsigned int uiNameLen);
-
-#define SDR_OK			0x0
-#define SDR_BASE		0x01000000
-#define SDR_UNKNOWERR		(SDR_BASE + 0x00000001)
-#define SDR_NOTSUPPORT		(SDR_BASE + 0x00000002)
-#define SDR_COMMFAIL		(SDR_BASE + 0x00000003)
-#define SDR_HARDFAIL		(SDR_BASE + 0x00000004)
-#define SDR_OPENDEVICE		(SDR_BASE + 0x00000005)
-#define SDR_OPENSESSION		(SDR_BASE + 0x00000006)
-#define SDR_PARDENY		(SDR_BASE + 0x00000007)
-#define SDR_KEYNOTEXIST		(SDR_BASE + 0x00000008)
-#define SDR_ALGNOTSUPPORT	(SDR_BASE + 0x00000009)
-#define SDR_ALGMODNOTSUPPORT	(SDR_BASE + 0x0000000A)
-#define SDR_PKOPERR		(SDR_BASE + 0x0000000B)
-#define SDR_SKOPERR		(SDR_BASE + 0x0000000C)
-#define SDR_SIGNERR		(SDR_BASE + 0x0000000D)
-#define SDR_VERIFYERR		(SDR_BASE + 0x0000000E)
-#define SDR_SYMOPERR		(SDR_BASE + 0x0000000F)
-#define SDR_STEPERR		(SDR_BASE + 0x00000010)
-#define SDR_FILESIZEERR		(SDR_BASE + 0x00000011)
-#define SDR_FILENOEXIST		(SDR_BASE + 0x00000012)
-#define SDR_FILEOFSERR		(SDR_BASE + 0x00000013)
-#define SDR_KEYTYPEERR		(SDR_BASE + 0x00000014)
-#define SDR_KEYERR		(SDR_BASE + 0x00000015)
-#define SDR_ENCDATAERR		(SDR_BASE + 0x00000016)
-#define SDR_RANDERR		(SDR_BASE + 0x00000017)
-#define SDR_PRKRERR		(SDR_BASE + 0x00000018)
-#define SDR_MACERR		(SDR_BASE + 0x00000019)
-#define SDR_FILEEXSITS		(SDR_BASE + 0x0000001A)
-#define SDR_FILEWERR		(SDR_BASE + 0x0000001B)
-#define SDR_NOBUFFER		(SDR_BASE + 0x0000001C)
-#define SDR_INARGERR		(SDR_BASE + 0x0000001D)
-#define SDR_OUTARGERR		(SDR_BASE + 0x0000001E)
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+/*
+ * SDF API is a cryptographic API for PCI-E cards defined in standard
+ * GM/T 0018-2012: Interface Specifications of Cryptography Device Application
+ *
+ * Note: this header file follows the specification of GM/T 0018-2012. As we
+ * know, some vendors provide header files with some differences, especially
+ * the definations of data structures. So be sure to check the file provided by
+ * vendors and compare with this one.
+ *
+ * The implementations of SDF API from different vendors might have different
+ * behaviors on the same function. The comments in this file will show
+ * information and warnings on these issues. If the application developer use
+ * the GmSSL implementation, see `crypto/gmapi/sdf_lcl.h` for more information.
+ */
+
+#ifndef HEADER_SDF_H
+#define HEADER_SDF_H
+
+#include <stdio.h>
+#include "../sgd.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+
+#pragma pack(1)
+typedef struct DeviceInfo_st {
+	unsigned char IssuerName[40];
+	unsigned char DeviceName[16];
+	unsigned char DeviceSerial[16];	/* 8-char date +
+					 * 3-char batch num +
+					 * 5-char serial num
+					 */
+	unsigned int DeviceVersion;
+	unsigned int StandardVersion;
+	unsigned int AsymAlgAbility[2];	/* AsymAlgAbility[0] = algors
+					 * AsymAlgAbility[1] = modulus lens
+					 */
+	unsigned int SymAlgAbility;
+	unsigned int HashAlgAbility;
+	unsigned int BufferSize;
+} DEVICEINFO;
+
+typedef struct RSArefPublicKey_st {
+	unsigned int bits;
+	unsigned char m[RSAref_MAX_LEN];
+	unsigned char e[RSAref_MAX_LEN];
+} RSArefPublicKey;
+
+typedef struct RSArefPrivateKey_st {
+	unsigned int bits;
+	unsigned char m[RSAref_MAX_LEN];
+	unsigned char e[RSAref_MAX_LEN];
+	unsigned char d[RSAref_MAX_LEN];
+	unsigned char prime[2][RSAref_MAX_PLEN];
+	unsigned char pexp[2][RSAref_MAX_PLEN];
+	unsigned char coef[RSAref_MAX_PLEN];
+} RSArefPrivateKey;
+
+typedef struct ECCrefPublicKey_st {
+	unsigned int bits;
+	unsigned char x[ECCref_MAX_LEN];
+	unsigned char y[ECCref_MAX_LEN];
+} ECCrefPublicKey;
+
+typedef struct ECCrefPrivateKey_st {
+    unsigned int  bits;
+    unsigned char K[ECCref_MAX_LEN];
+} ECCrefPrivateKey;
+
+typedef struct ECCCipher_st {
+	unsigned char x[ECCref_MAX_LEN];
+	unsigned char y[ECCref_MAX_LEN];
+	unsigned char M[32];
+	unsigned int L;
+	unsigned char C[1];
+	// Extend sizeof(C) to SM2_MAX_PLAINTEXT_SIZE
+	// gmssl/sm2.h: SM2_MAX_PLAINTEXT_SIZE = 255
+	unsigned char C_[254];
+} ECCCipher;
+
+typedef struct ECCSignature_st {
+	unsigned char r[ECCref_MAX_LEN];
+	unsigned char s[ECCref_MAX_LEN];
+} ECCSignature;
+
+typedef struct SDF_ENVELOPEDKEYBLOB {
+	unsigned long Version;
+	unsigned long ulSymmAlgID;
+	ECCCipher ECCCipehrBlob;
+	ECCrefPublicKey PubKey;
+	unsigned char cbEncryptedPrivKey[64];
+} EnvelopedKeyBlob, *PEnvelopedKeyBlob;
+#pragma pack()
+
+int SDF_OpenDevice(
+	void **phDeviceHandle);
+
+int SDF_CloseDevice(
+	void *hDeviceHandle);
+
+int SDF_OpenSession(
+	void *hDeviceHandle,
+	void **phSessionHandle);
+
+int SDF_CloseSession(
+	void *hSessionHandle);
+
+int SDF_GetDeviceInfo(
+	void *hSessionHandle,
+	DEVICEINFO *pstDeviceInfo);
+
+int SDF_GenerateRandom(
+	void *hSessionHandle,
+	unsigned int uiLength,
+	unsigned char *pucRandom);
+
+int SDF_GetPrivateKeyAccessRight(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	unsigned char *pucPassword,
+	unsigned int uiPwdLength);
+
+int SDF_ReleasePrivateKeyAccessRight(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex);
+
+int SDF_ExportSignPublicKey_RSA(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	RSArefPublicKey *pucPublicKey);
+
+int SDF_ExportEncPublicKey_RSA(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	RSArefPublicKey *pucPublicKey);
+
+int SDF_GenerateKeyPair_RSA(
+	void *hSessionHandle,
+	unsigned int uiKeyBits,
+	RSArefPublicKey *pucPublicKey,
+	RSArefPrivateKey *pucPrivateKey);
+
+int SDF_GenerateKeyWithIPK_RSA(
+	void *hSessionHandle,
+	unsigned int uiIPKIndex,
+	unsigned int uiKeyBits,
+	unsigned char *pucKey,
+	unsigned int *puiKeyLength,
+	void **phKeyHandle);
+
+int SDF_GenerateKeyWithEPK_RSA(
+	void *hSessionHandle,
+	unsigned int uiKeyBits,
+	RSArefPublicKey *pucPublicKey,
+	unsigned char *pucKey,
+	unsigned int *puiKeyLength,
+	void **phKeyHandle);
+
+int SDF_ImportKeyWithISK_RSA(
+	void *hSessionHandle,
+	unsigned int uiISKIndex,
+	unsigned char *pucKey,
+	unsigned int uiKeyLength,
+	void **phKeyHandle);
+
+int SDF_ExchangeDigitEnvelopeBaseOnRSA(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	RSArefPublicKey *pucPublicKey,
+	unsigned char *pucDEInput,
+	unsigned int uiDELength,
+	unsigned char *pucDEOutput,
+	unsigned int *puiDELength);
+
+int SDF_ExportSignPublicKey_ECC(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	ECCrefPublicKey *pucPublicKey);
+
+int SDF_ExportEncPublicKey_ECC(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	ECCrefPublicKey *pucPublicKey);
+
+int SDF_GenerateKeyPair_ECC(
+	void *hSessionHandle,
+	unsigned int uiAlgID,
+	unsigned int  uiKeyBits,
+	ECCrefPublicKey *pucPublicKey,
+	ECCrefPrivateKey *pucPrivateKey);
+
+int SDF_GenerateKeyWithIPK_ECC(
+	void *hSessionHandle,
+	unsigned int uiIPKIndex,
+	unsigned int uiKeyBits,
+	ECCCipher *pucKey,
+	void **phKeyHandle);
+
+int SDF_GenerateKeyWithEPK_ECC(
+	void *hSessionHandle,
+	unsigned int uiKeyBits,
+	unsigned int uiAlgID,
+	ECCrefPublicKey *pucPublicKey,
+	ECCCipher *pucKey,
+	void **phKeyHandle);
+
+int SDF_ImportKeyWithISK_ECC(
+	void *hSessionHandle,
+	unsigned int uiISKIndex,
+	ECCCipher *pucKey,
+	void **phKeyHandle);
+
+int SDF_GenerateAgreementDataWithECC(
+	void *hSessionHandle,
+	unsigned int uiISKIndex,
+	unsigned int uiKeyBits,
+	unsigned char *pucSponsorID,
+	unsigned int uiSponsorIDLength,
+	ECCrefPublicKey *pucSponsorPublicKey,
+	ECCrefPublicKey *pucSponsorTmpPublicKey,
+	void **phAgreementHandle);
+
+int SDF_GenerateKeyWithECC(
+	void *hSessionHandle,
+	unsigned char *pucResponseID,
+	unsigned int uiResponseIDLength,
+	ECCrefPublicKey *pucResponsePublicKey,
+	ECCrefPublicKey *pucResponseTmpPublicKey,
+	void *hAgreementHandle,
+	void **phKeyHandle);
+
+int SDF_GenerateAgreementDataAndKeyWithECC(
+	void *hSessionHandle,
+	unsigned int uiISKIndex,
+	unsigned int uiKeyBits,
+	unsigned char *pucResponseID,
+	unsigned int uiResponseIDLength,
+	unsigned char *pucSponsorID,
+	unsigned int uiSponsorIDLength,
+	ECCrefPublicKey *pucSponsorPublicKey,
+	ECCrefPublicKey *pucSponsorTmpPublicKey,
+	ECCrefPublicKey *pucResponsePublicKey,
+	ECCrefPublicKey *pucResponseTmpPublicKey,
+	void **phKeyHandle);
+
+int SDF_ExchangeDigitEnvelopeBaseOnECC(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	unsigned int uiAlgID,
+	ECCrefPublicKey *pucPublicKey,
+	ECCCipher *pucEncDataIn,
+	ECCCipher *pucEncDataOut);
+
+int SDF_GenerateKeyWithKEK(
+	void *hSessionHandle,
+	unsigned int uiKeyBits,
+	unsigned int uiAlgID,
+	unsigned int uiKEKIndex,
+	unsigned char *pucKey,
+	unsigned int *puiKeyLength,
+	void **phKeyHandle);
+
+int SDF_ImportKeyWithKEK(
+	void *hSessionHandle,
+	unsigned int uiAlgID,
+	unsigned int uiKEKIndex,
+	unsigned char *pucKey,
+	unsigned int uiKeyLength,
+	void **phKeyHandle);
+
+int SDF_DestroyKey(
+	void *hSessionHandle,
+	void *hKeyHandle);
+
+int SDF_ExternalPublicKeyOperation_RSA(
+	void *hSessionHandle,
+	RSArefPublicKey *pucPublicKey,
+	unsigned char *pucDataInput,
+	unsigned int uiInputLength,
+	unsigned char *pucDataOutput,
+	unsigned int *puiOutputLength);
+
+int SDF_InternalPublicKeyOperation_RSA(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	unsigned char *pucDataInput,
+	unsigned int uiInputLength,
+	unsigned char *pucDataOutput,
+	unsigned int *puiOutputLength);
+
+int SDF_InternalPrivateKeyOperation_RSA(
+	void *hSessionHandle,
+	unsigned int uiKeyIndex,
+	unsigned char *pucDataInput,
+	unsigned int uiInputLength,
+	unsigned char *pucDataOutput,
+	unsigned int *puiOutputLength);
+
+int SDF_ExternalVerify_ECC(
+	void *hSessionHandle,
+	unsigned int uiAlgID,
+	ECCrefPublicKey *pucPublicKey,
+	unsigned char *pucDataInput,
+	unsigned int uiInputLength,
+	ECCSignature *pucSignature);
+
+int SDF_InternalSign_ECC(
+	void *hSessionHandle,
+	unsigned int uiISKIndex,
+	unsigned char *pucData,
+	unsigned int uiDataLength,
+	ECCSignature *pucSignature);
+
+int SDF_InternalVerify_ECC(
+	void *hSessionHandle,
+	unsigned int uiIPKIndex,
+	unsigned char *pucData,
+	unsigned int uiDataLength,
+	ECCSignature *pucSignature);
+
+int SDF_ExternalEncrypt_ECC(
+	void *hSessionHandle,
+	unsigned int uiAlgID,
+	ECCrefPublicKey *pucPublicKey,
+	unsigned char *pucData,
+	unsigned int uiDataLength,
+	ECCCipher *pucEncData);
+
+int SDF_InternalEncrypt_ECC(
+	void *hSessionHandle,
+	unsigned int uiIPKIndex,
+	unsigned int uiAlgID,
+	unsigned char *pucData,
+	unsigned int uiDataLength,
+	ECCCipher *pucEncData);
+
+int SDF_InternalDecrypt_ECC(
+	void *hSessionHandle,
+	unsigned int uiISKIndex,
+	unsigned int uiAlgID,
+	ECCCipher *pucEncData,
+	unsigned char *pucData,
+	unsigned int *uiDataLength);
+
+int SDF_Encrypt(
+	void *hSessionHandle,
+	void *hKeyHandle,
+	unsigned int uiAlgID,
+	unsigned char *pucIV,
+	unsigned char *pucData,
+	unsigned int uiDataLength,
+	unsigned char *pucEncData,
+	unsigned int *puiEncDataLength);
+
+int SDF_Decrypt(
+	void *hSessionHandle,
+	void *hKeyHandle,
+	unsigned int uiAlgID,
+	unsigned char *pucIV,
+	unsigned char *pucEncData,
+	unsigned int uiEncDataLength,
+	unsigned char *pucData,
+	unsigned int *puiDataLength);
+
+int SDF_CalculateMAC(
+	void *hSessionHandle,
+	void *hKeyHandle,
+	unsigned int uiAlgID,
+	unsigned char *pucIV,
+	unsigned char *pucData,
+	unsigned int uiDataLength,
+	unsigned char *pucMAC,
+	unsigned int *puiMACLength);
+
+int SDF_HashInit(
+	void *hSessionHandle,
+	unsigned int uiAlgID,
+	ECCrefPublicKey *pucPublicKey,
+	unsigned char *pucID,
+	unsigned int uiIDLength);
+
+int SDF_HashUpdate(
+	void *hSessionHandle,
+	unsigned char *pucData,
+	unsigned int uiDataLength);
+
+int SDF_HashFinal(void *hSessionHandle,
+	unsigned char *pucHash,
+	unsigned int *puiHashLength);
+
+int SDF_CreateFile(
+	void *hSessionHandle,
+	unsigned char *pucFileName,
+	unsigned int uiNameLen, /* max 128-byte */
+	unsigned int uiFileSize);
+
+int SDF_ReadFile(
+	void *hSessionHandle,
+	unsigned char *pucFileName,
+	unsigned int uiNameLen,
+	unsigned int uiOffset,
+	unsigned int *puiReadLength,
+	unsigned char *pucBuffer);
+
+int SDF_WriteFile(
+	void *hSessionHandle,
+	unsigned char *pucFileName,
+	unsigned int uiNameLen,
+	unsigned int uiOffset,
+	unsigned int uiWriteLength,
+	unsigned char *pucBuffer);
+
+int SDF_DeleteFile(
+	void *hSessionHandle,
+	unsigned char *pucFileName,
+	unsigned int uiNameLen);
+
+#define SDR_OK			0x0
+#define SDR_BASE		0x01000000
+#define SDR_UNKNOWERR		(SDR_BASE + 0x00000001)
+#define SDR_NOTSUPPORT		(SDR_BASE + 0x00000002)
+#define SDR_COMMFAIL		(SDR_BASE + 0x00000003)
+#define SDR_HARDFAIL		(SDR_BASE + 0x00000004)
+#define SDR_OPENDEVICE		(SDR_BASE + 0x00000005)
+#define SDR_OPENSESSION		(SDR_BASE + 0x00000006)
+#define SDR_PARDENY		(SDR_BASE + 0x00000007)
+#define SDR_KEYNOTEXIST		(SDR_BASE + 0x00000008)
+#define SDR_ALGNOTSUPPORT	(SDR_BASE + 0x00000009)
+#define SDR_ALGMODNOTSUPPORT	(SDR_BASE + 0x0000000A)
+#define SDR_PKOPERR		(SDR_BASE + 0x0000000B)
+#define SDR_SKOPERR		(SDR_BASE + 0x0000000C)
+#define SDR_SIGNERR		(SDR_BASE + 0x0000000D)
+#define SDR_VERIFYERR		(SDR_BASE + 0x0000000E)
+#define SDR_SYMOPERR		(SDR_BASE + 0x0000000F)
+#define SDR_STEPERR		(SDR_BASE + 0x00000010)
+#define SDR_FILESIZEERR		(SDR_BASE + 0x00000011)
+#define SDR_FILENOEXIST		(SDR_BASE + 0x00000012)
+#define SDR_FILEOFSERR		(SDR_BASE + 0x00000013)
+#define SDR_KEYTYPEERR		(SDR_BASE + 0x00000014)
+#define SDR_KEYERR		(SDR_BASE + 0x00000015)
+#define SDR_ENCDATAERR		(SDR_BASE + 0x00000016)
+#define SDR_RANDERR		(SDR_BASE + 0x00000017)
+#define SDR_PRKRERR		(SDR_BASE + 0x00000018)
+#define SDR_MACERR		(SDR_BASE + 0x00000019)
+#define SDR_FILEEXSITS		(SDR_BASE + 0x0000001A)
+#define SDR_FILEWERR		(SDR_BASE + 0x0000001B)
+#define SDR_NOBUFFER		(SDR_BASE + 0x0000001C)
+#define SDR_INARGERR		(SDR_BASE + 0x0000001D)
+#define SDR_OUTARGERR		(SDR_BASE + 0x0000001E)
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif
--- a/src/sdf/soft_sdf.c
+++ b/src/sdf/soft_sdf.c
--- a/src/sgd.h
+++ b/src/sgd.h
@@ -65,9 +65,9 @@
 #define SGD_RSA_SIGN		(SGD_RSA|SGD_PK_SIGN) // FIXME: correct?	
 #define SGD_RSA_ENC		(SGD_RSA|SGD_PK_ENC) // FIXME: correct?		
 #define SGD_SM2			0x00020100
-#define SGD_SM2_1		0x00020200
-#define SGD_SM2_2		0x00020400
-#define SGD_SM2_3		0x00020800
+#define SGD_SM2_1		0x00020200 // SM2 Signature Scheme
+#define SGD_SM2_2		0x00020400 // SM2 Key Exchange Protocol
+#define SGD_SM2_3		0x00020800 // SM2 Encryption Scheme

 /* hash */
 #define SGD_SM3			0x00000001