diff --git a/.gitignore b/.gitignore index 4a7e2aa7..679bc697 100644 --- a/.gitignore +++ b/.gitignore @@ -18,6 +18,9 @@ # *all* Makefiles Makefile +# Java +/java/*.class + # Links under apps /apps/CA.pl /apps/tsget @@ -178,4 +181,12 @@ tool/c_rehash # exec file apps/gmssl +# gmtls +/ssl/statem/statem_gmtls* + +# engines +/engines/e_skf* +/engines/e_sdf* +/engines/e_gmi* + include/openssl/srp.h diff --git a/Configure b/Configure index b563fbe8..4907c68f 100755 --- a/Configure +++ b/Configure @@ -441,6 +441,7 @@ my @disablables = ( "base58", "java", "ca", + "gmtls", ); foreach my $proto ((@tls, @dtls)) { @@ -478,6 +479,9 @@ our %disabled = ( # "what" => "comment" "zlib" => "default", "zlib-dynamic" => "default", "zuc" => "default", + "skfeng" => "default", + "sdfeng" => "default", + "gmtls" => "default", #"engine" => "default", #"sm9" => "default", #"bfibe" => "default", diff --git a/README.md b/README.md index 871fb8c7..fb070889 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,13 @@ GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM The secret algorithm is the abbreviation of the national commercial cryptographic algorithm. Since 2012, the National Password Authority to the "People's Republic of China password industry standard" approach, have announced the SM2 / SM3 / SM4 and other cryptographic algorithm standards and application specifications. Which "SM" on behalf of "business secret", that is used for commercial, not involving state secrets of the password technology. SM2 is a public key cryptography algorithm based on elliptic curve cryptography, including digital signature, key exchange and public key encryption. It is used to replace international algorithms such as RSA / Diffie-Hellman / ECDSA / ECDH. SM3 is password hash algorithm, SM4 is a block cipher used to replace DES / AES and other international algorithms. SM9 is an identity-based cryptographic algorithm that can replace PKI / CA based on digital certificate. By deploying the secret algorithm, you can reduce the security risks caused by weak passwords and bug implementations and the overhead of deploying PKI / CA. +## 2.0 New Features + + * Based on OpenSSL 1.1.x + * SM2 signature generation with Z values + * Frameworks and engines to support SKF/SDF HSMs + * TLS with SM2/SM3/SMS4 cipher suites + ## Quick Start Quick Start Guide describes the basic instructions for compiling, installing, and `gmssl` command line tools for GmSSL. diff --git a/apps/progs.h b/apps/progs.h index 40024809..60abca71 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -261,6 +261,9 @@ static FUNCTION functions[] = { #ifndef OPENSSL_NO_BLAKE2 { FT_md, "blake2s256", dgst_main}, #endif +#ifndef OPENSSL_NO_SMS4 + { FT_cipher, "sms4", enc_main, enc_options }, +#endif #ifndef OPENSSL_NO_SMS4 { FT_cipher, "sms4-cbc", enc_main, enc_options }, #endif diff --git a/apps/progs.pl b/apps/progs.pl index 2bcb98f4..14c47b4d 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -118,7 +118,7 @@ my %cipher_disabler = ( cast5 => "cast", ); foreach my $cmd ( - "sms4-cbc", "sms4-ecb", "sms4-ofb", "sms4-cfb", + "sms4", "sms4-cbc", "sms4-ecb", "sms4-ofb", "sms4-cfb", "aes-128-cbc", "aes-128-ecb", "aes-192-cbc", "aes-192-ecb", "aes-256-cbc", "aes-256-ecb", diff --git a/apps/s_client.c b/apps/s_client.c index 98a97c90..eab05e72 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -540,9 +540,7 @@ typedef enum OPTION_choice { #endif OPT_SSL3, OPT_SSL_CONFIG, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, -#ifndef OPENSSL_NO_GMTLS OPT_GMTLS, -#endif OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, diff --git a/apps/s_server.c b/apps/s_server.c index 7c7a172f..f749b103 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -670,9 +670,7 @@ typedef enum OPTION_choice { OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, -#ifndef OPENSSL_NO_GMTLS OPT_GMTLS, -#endif OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, diff --git a/apps/speed.c b/apps/speed.c index dd3e4b09..d822d8b7 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -22,12 +22,12 @@ */ #undef SECONDS -#define SECONDS 3 -#define PRIME_SECONDS 10 +#define SECONDS 3 +#define PRIME_SECONDS 10 #define RSA_SECONDS 10 #define DSA_SECONDS 10 -#define ECDSA_SECONDS 10 -#define ECDH_SECONDS 10 +#define ECDSA_SECONDS 10 +#define ECDH_SECONDS 10 #include #include @@ -70,6 +70,9 @@ #ifndef OPENSSL_NO_MD5 # include #endif +#ifndef OPENSSL_NO_SM3 +# include +#endif #include #include #ifndef OPENSSL_NO_RMD160 @@ -93,6 +96,9 @@ #ifndef OPENSSL_NO_SEED # include #endif +#ifndef OPENSSL_NO_SMS4 +# include +#endif #ifndef OPENSSL_NO_BF # include #endif @@ -111,6 +117,9 @@ #ifndef OPENSSL_NO_EC # include #endif +#ifndef OPENSSL_NO_SM2 +# include +#endif #include #ifndef HAVE_FORK @@ -131,13 +140,14 @@ #define BUFSIZE (1024*16+1) #define MAX_MISALIGNMENT 63 -#define ALGOR_NUM 30 +#define ALGOR_NUM 32 #define SIZE_NUM 6 #define PRIME_NUM 3 #define RSA_NUM 7 #define DSA_NUM 3 -#define EC_NUM 17 +#define EC_NUM 18 +#define SM2_NUM 1 #define MAX_ECDH_SIZE 256 #define MISALIGN 64 @@ -171,6 +181,9 @@ typedef struct loopargs_st { unsigned char *secret_b; size_t outlen; kdf_fn kdf; +#endif +#ifndef OPENSSL_NO_SM2 + EC_KEY *sm2[SM2_NUM]; #endif EVP_CIPHER_CTX *ctx; HMAC_CTX *hctx; @@ -191,6 +204,9 @@ static int EVP_Digest_MD4_loop(void *args); static int MD5_loop(void *args); static int HMAC_loop(void *args); #endif +#ifndef OPENSSL_NO_SM3 +static int SM3_loop(void *args); +#endif static int SHA1_loop(void *args); static int SHA256_loop(void *args); static int SHA512_loop(void *args); @@ -231,6 +247,12 @@ static int ECDSA_sign_loop(void *args); static int ECDSA_verify_loop(void *args); static int ECDH_compute_key_loop(void *args); #endif +#ifndef OPENSSL_NO_SM2 +static int SM2_sign_loop(void *args); +static int SM2_verify_loop(void *args); +static int SM2_encrypt_loop(void *args); +static int SM2_decrypt_loop(void *args); +#endif static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs); static double Time_F(int s); @@ -249,7 +271,7 @@ static const char *names[ALGOR_NUM] = { "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", "evp", "sha256", "sha512", "whirlpool", - "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" + "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", "sm3", "sms4 cbc" }; static double results[ALGOR_NUM][SIZE_NUM]; @@ -268,6 +290,10 @@ static double dsa_results[DSA_NUM][2]; static double ecdsa_results[EC_NUM][2]; static double ecdh_results[EC_NUM][1]; #endif +#ifndef OPENSSL_NO_SM2 +static double sm2sign_results[SM2_NUM][2]; +static double sm2enc_results[SM2_NUM][2]; +#endif #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) static const char rnd_seed[] = @@ -423,6 +449,8 @@ OPTIONS speed_options[] = { #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 +#define D_SM3 30 +#define D_CBC_SMS4 31 static OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 {"md2", D_MD2}, @@ -481,6 +509,10 @@ static OPT_PAIR doit_choices[] = { {"seed-cbc", D_CBC_SEED}, {"seed", D_CBC_SEED}, #endif +#ifndef OPENSSL_NO_SMS4 + {"sms4-cbc", D_CBC_SMS4}, + {"sms4", D_CBC_SMS4}, +#endif #ifndef OPENSSL_NO_BF {"bf-cbc", D_CBC_BF}, {"blowfish", D_CBC_BF}, @@ -492,6 +524,9 @@ static OPT_PAIR doit_choices[] = { {"cast5", D_CBC_CAST}, #endif {"ghash", D_GHASH}, +#ifndef OPENSSL_NO_SM3 + {"sm3", D_SM3}, +#endif {NULL} }; @@ -544,6 +579,7 @@ static OPT_PAIR rsa_choices[] = { #define R_EC_B409 14 #define R_EC_B571 15 #define R_EC_X25519 16 +#define R_EC_PSM2 17 #ifndef OPENSSL_NO_EC static OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, @@ -562,6 +598,7 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, {"ecdsab571", R_EC_B571}, + {"ecdsapsm2", R_EC_PSM2}, {NULL} }; @@ -582,10 +619,22 @@ static OPT_PAIR ecdh_choices[] = { {"ecdhb283", R_EC_B283}, {"ecdhb409", R_EC_B409}, {"ecdhb571", R_EC_B571}, + {"ecdhpsm2", R_EC_PSM2}, {"ecdhx25519", R_EC_X25519}, {NULL} }; #endif +#ifndef OPENSSL_NO_SM2 +static OPT_PAIR sm2sign_choices[] = { + {"sm2sign", R_EC_PSM2}, + {NULL} +}; + +static OPT_PAIR sm2enc_choices[] = { + {"sm2enc", R_EC_PSM2}, + {NULL} +}; +#endif #ifndef SIGALRM # define COND(d) (count < (d)) @@ -680,6 +729,19 @@ static int HMAC_loop(void *args) } #endif +#ifndef OPENSSL_NO_SM3 +static int SM3_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **)args; + unsigned char *buf = tempargs->buf; + unsigned char sm3md[SM3_DIGEST_LENGTH]; + int count; + for (count = 0; COND(c[D_SM3][testnum]); count++) + sm3(buf, lengths[testnum], sm3md); + return count; +} +#endif + #ifndef OPENSSL_NO_SHA static int SHA1_loop(void *args) { @@ -1008,6 +1070,62 @@ static int DSA_verify_loop(void *args) } #endif +#ifndef OPENSSL_NO_SM2 +static long sm2sign_c[SM2_NUM][2]; +static int SM2_sign_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **)args; + unsigned char *buf = tempargs->buf; + EC_KEY **ecdsa = tempargs->ecdsa; + unsigned char *ecdsasig = tempargs->buf2; + unsigned int *ecdsasiglen = &tempargs->siglen; + int ret, count; + for (count = 0; COND(sm2sign_c[testnum][0]); count++) { + ret = SM2_sign(0, buf, 20, + ecdsasig, ecdsasiglen, ecdsa[testnum]); + if (ret == 0) { + BIO_printf(bio_err, "SM2 sign failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } + } + return count; +} + +static int SM2_verify_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **)args; + unsigned char *buf = tempargs->buf; + EC_KEY **ecdsa = tempargs->ecdsa; + unsigned char *ecdsasig = tempargs->buf2; + unsigned int ecdsasiglen = tempargs->siglen; + int ret, count; + for (count = 0; COND(sm2sign_c[testnum][1]); count++) { + ret = SM2_verify(0, buf, 20, ecdsasig, ecdsasiglen, + ecdsa[testnum]); + if (ret != 1) { + BIO_printf(bio_err, "SM2 verify failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } + } + return count; +} + +static int SM2_encrypt_loop(void *args) +{ + return 0; +} + +static int SM2_decrypt_loop(void *args) +{ + return 0; +} + +#endif + #ifndef OPENSSL_NO_EC static long ecdsa_c[EC_NUM][2]; static int ECDSA_sign_loop(void *args) @@ -1080,9 +1198,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, if (*outlen < SHA_DIGEST_LENGTH) return NULL; *outlen = SHA_DIGEST_LENGTH; -#ifndef OPENSSL_NO_SHA +# ifndef OPENSSL_NO_SHA return SHA1(in, inlen, out); -#endif +# endif } #endif /* OPENSSL_NO_EC */ @@ -1271,6 +1389,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_SEED SEED_KEY_SCHEDULE seed_ks; #endif +#ifndef OPENSSL_NO_SMS4 + sms4_key_t sms4_ks; +#endif #ifndef OPENSSL_NO_BF BF_KEY bf_ks; #endif @@ -1338,6 +1459,16 @@ int speed_main(int argc, char **argv) static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 }; int dsa_doit[DSA_NUM] = { 0 }; #endif +#ifndef OPENSSL_NO_SM2 + static const unsigned int test_sm2_curves[SM2_NUM] = { + NID_sm2p256v1, + }; + static const char *test_sm2_curves_names[SM2_NUM] = { + "sm2p256v1", + }; + int sm2sign_doit[EC_NUM] = { 0 }; + int sm2enc_doit[EC_NUM] = { 0 }; +#endif #ifndef OPENSSL_NO_EC /* * We only test over the following curves as they are representative, To @@ -1354,6 +1485,7 @@ int speed_main(int argc, char **argv) NID_sect233r1, NID_sect283r1, NID_sect409r1, NID_sect571r1, /* Other */ + NID_sm2p256v1, NID_X25519 }; static const char *test_curves_names[EC_NUM] = { @@ -1366,6 +1498,7 @@ int speed_main(int argc, char **argv) "nistb233", "nistb283", "nistb409", "nistb571", /* Other */ + "sm2p256v1", "X25519" }; static const int test_curves_bits[EC_NUM] = { @@ -1374,7 +1507,7 @@ int speed_main(int argc, char **argv) 163, 233, 283, 409, 571, 163, 233, 283, 409, - 571, 253 /* X25519 */ + 571, 256, 253 /* X25519 */ }; int ecdsa_doit[EC_NUM] = { 0 }; @@ -1542,6 +1675,28 @@ int speed_main(int argc, char **argv) ecdh_doit[i] = 2; continue; } +#endif +#ifndef OPENSSL_NO_SM2 + if (strcmp(*argv, "sm2sign") == 0) { + for (i = 0; i < EC_NUM; i++) + sm2sign_doit[i] = 1; + continue; + } + if (found(*argv, sm2sign_choices, &i)) { + sm2sign_doit[i] = 2; + continue; + } + /* + if (strcmp(*argv, "ecdh") == 0) { + for (i = 0; i < EC_NUM; i++) + ecdh_doit[i] = 1; + continue; + } + if (found(*argv, ecdh_choices, &i)) { + ecdh_doit[i] = 2; + continue; + } + */ #endif BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv); goto end; @@ -1578,6 +1733,12 @@ int speed_main(int argc, char **argv) loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a"); loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b"); #endif +/* +#ifndef OPENSSL_NO_SM2 + loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a"); + loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b"); +#endif +*/ } #ifndef NO_FORK @@ -1606,6 +1767,12 @@ int speed_main(int argc, char **argv) ecdsa_doit[i] = 1; for (i = 0; i < EC_NUM; i++) ecdh_doit[i] = 1; +#endif +#ifndef OPENSSL_NO_SM2 + for (i = 0; i < SM2_NUM; i++) + sm2sign_doit[i] = 1; + for (i = 0; i < SM2_NUM; i++) + sm2enc_doit[i] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) @@ -1660,6 +1827,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_SEED SEED_set_key(key16, &seed_ks); #endif +#ifndef OPENSSL_NO_SMS4 + sms4_set_encrypt_key(&sms4_ks, key16); +#endif #ifndef OPENSSL_NO_RC4 RC4_set_key(&rc4_ks, 16, key16); #endif @@ -1718,6 +1888,8 @@ int speed_main(int argc, char **argv) c[D_IGE_192_AES][0] = count; c[D_IGE_256_AES][0] = count; c[D_GHASH][0] = count; + c[D_SM3][0] = count; + c[D_CBC_SMS4][0] = count; for (i = 1; i < SIZE_NUM; i++) { long l0, l1; @@ -1736,6 +1908,7 @@ int speed_main(int argc, char **argv) c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1; c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1; c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1; + c[D_SM3][i] = c[D_SM3][0] * 4 * l0 / l1; l0 = (long)lengths[i - 1]; @@ -1757,6 +1930,7 @@ int speed_main(int argc, char **argv) c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1; c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1; c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1; + c[D_CBC_SMS4][i] = c[D_CBC_SMS4][i - 1] * l0 / l1; } # ifndef OPENSSL_NO_RSA @@ -1953,6 +2127,17 @@ int speed_main(int argc, char **argv) } } #endif +#ifndef OPENSSL_NO_SM3 + if (doit[D_SM3]) { + for (testnum = 0; testnum < SIZE_NUM; testnum++) { + print_message(names[D_SM3], c[D_SM3][testnum], lengths[testnum]); + Time_F(START); + count = run_benchmark(async_jobs, SM3_loop, loopargs); + d = Time_F(STOP); + print_result(D_SM3, testnum, count, d); + } + } +#endif #ifndef OPENSSL_NO_SHA if (doit[D_SHA1]) { for (testnum = 0; testnum < SIZE_NUM; testnum++) { @@ -2216,6 +2401,24 @@ int speed_main(int argc, char **argv) } } #endif +#ifndef OPENSSL_NO_SMS4 + if (doit[D_CBC_SMS4]) { + if (async_jobs > 0) { + BIO_printf(bio_err, "Async mode is not supported with %s\n", + names[D_CBC_SMS4]); + doit[D_CBC_SMS4] = 0; + } + for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { + print_message(names[D_CBC_SMS4], c[D_CBC_SMS4][testnum], lengths[testnum]); + Time_F(START); + for (count = 0, run = 1; COND(c[D_CBC_SMS4][testnum]); count++) + sms4_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, + (size_t)lengths[testnum], &sms4_ks, iv, 1); + d = Time_F(STOP); + print_result(D_CBC_SMS4, testnum, count, d); + } + } +#endif #ifndef OPENSSL_NO_RC2 if (doit[D_CBC_RC2]) { if (async_jobs > 0) { @@ -2833,6 +3036,11 @@ int speed_main(int argc, char **argv) } OPENSSL_free(loopargs[i].secret_a); OPENSSL_free(loopargs[i].secret_b); +#endif +#ifndef OPENSSL_NO_SM2 + for (k = 0; k < SM2_NUM; k++) { + EC_KEY_free(loopargs[i].sm2[k]); + } #endif } diff --git a/engines/build.info b/engines/build.info index a6ef213a..cc42eab8 100644 --- a/engines/build.info +++ b/engines/build.info @@ -6,6 +6,12 @@ IF[{- !$disabled{"engine"} -}] IF[{- !$disabled{capieng} -}] SOURCE[../libcrypto]=e_capi.c ENDIF + IF[{- !$disabled{skfeng} -}] + SOURCE[../libcrypto]=e_skf.c + ENDIF + IF[{- !$disabled{sdfeng} -}] + SOURCE[../libcrypto]=e_sdf.c + ENDIF IF[{- !$disabled{gmieng} -}] SOURCE[../libcrypto]=e_gmi.c {- $target{gmi_asm_src} -} ENDIF @@ -20,6 +26,18 @@ IF[{- !$disabled{"engine"} -}] DEPEND[capi]=../libcrypto INCLUDE[capi]=../include ENDIF + IF[{- !$disabled{skfeng} -}] + ENGINES=skf + SOURCE[skf]=e_skf.c + DEPEND[skf]=../libcrypto + INCLUDE[skf]=../include + ENDIF + IF[{- !$disabled{sdfeng} -}] + ENGINES=sdf + SOURCE[sdf]=e_sdf.c + DEPEND[sdf]=../libcrypto + INCLUDE[sdf]=../include + ENDIF IF[{- !$disabled{gmieng} -}] ENGINES=gmi SOURCE[gmi]=e_gmi.c {- $target{gmi_asm_src} -} @@ -34,6 +52,12 @@ IF[{- !$disabled{"engine"} -}] SOURCE[ossltest]=e_ossltest.c DEPEND[ossltest]=../libcrypto INCLUDE[ossltest]=../include + SOURCE[skf_dummy]=skf_dummy.c + DEPEND[skf_dummy]=../libcrypto + INCLUDE[skf_dummy]=../include + SOURCE[sdf_dummy]=sdf_dummy.c + DEPEND[sdf_dummy]=../libcrypto + INCLUDE[sdf_dummy]=../include ENDIF GENERATE[e_padlock-x86.s]=asm/e_padlock-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR) diff --git a/engines/sdf_dummy.c b/engines/sdf_dummy.c new file mode 100644 index 00000000..82eb8e8b --- /dev/null +++ b/engines/sdf_dummy.c @@ -0,0 +1,768 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include + +static char *deviceHandle = "SDF Device Handle"; +static char *sessionHandle = "SDF Session Handle"; +static char *keyHandle = "SDF Key Handle"; +static char *agreementHandle = "SDF Agreement Handle"; + +unsigned char rsaPublicKeyBuf[516] = { + 0x00,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xd5,0x43,0xbf,0x24,0xd2,0x69,0x56,0x21,0x20,0x57,0x8a,0xd8, + 0x67,0x4f,0xbd,0xd5,0xf5,0x3a,0xf5,0x9e,0xa5,0x87,0x52,0x39,0x47,0xc3,0xce,0x32, + 0x56,0xb6,0x06,0x2d,0xdc,0x8d,0xc2,0x18,0x53,0x5c,0xb0,0xcb,0xb6,0xe8,0x7c,0x82, + 0x97,0x38,0xbb,0x85,0x45,0x2e,0xc8,0x24,0x08,0x96,0x9e,0xb0,0x00,0xaf,0xd9,0xa7, + 0x1f,0x50,0x7f,0xc4,0x93,0x14,0x74,0x9a,0x43,0x8e,0x04,0x95,0xa0,0xd6,0xd9,0xdd, + 0xb4,0x97,0xb3,0x52,0x93,0xe4,0xbe,0xd1,0x1f,0x8c,0xf9,0xcd,0xe1,0xae,0x54,0xae, + 0x72,0xdf,0x94,0xe3,0x15,0x6a,0x5c,0x99,0xd6,0x80,0x46,0x94,0xad,0xb3,0x76,0x95, + 0x4e,0x14,0x8f,0x8f,0xe5,0x55,0xf1,0x3f,0xd0,0xd3,0x96,0x01,0xf6,0x94,0x3e,0x61, + 0xc1,0x8e,0xb3,0x89,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01,0x00,0x01,}; +unsigned char rsaPrivateKeyBuf[1412] = { + 0x00,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xd5,0x43,0xbf,0x24,0xd2,0x69,0x56,0x21,0x20,0x57,0x8a,0xd8, + 0x67,0x4f,0xbd,0xd5,0xf5,0x3a,0xf5,0x9e,0xa5,0x87,0x52,0x39,0x47,0xc3,0xce,0x32, + 0x56,0xb6,0x06,0x2d,0xdc,0x8d,0xc2,0x18,0x53,0x5c,0xb0,0xcb,0xb6,0xe8,0x7c,0x82, + 0x97,0x38,0xbb,0x85,0x45,0x2e,0xc8,0x24,0x08,0x96,0x9e,0xb0,0x00,0xaf,0xd9,0xa7, + 0x1f,0x50,0x7f,0xc4,0x93,0x14,0x74,0x9a,0x43,0x8e,0x04,0x95,0xa0,0xd6,0xd9,0xdd, + 0xb4,0x97,0xb3,0x52,0x93,0xe4,0xbe,0xd1,0x1f,0x8c,0xf9,0xcd,0xe1,0xae,0x54,0xae, + 0x72,0xdf,0x94,0xe3,0x15,0x6a,0x5c,0x99,0xd6,0x80,0x46,0x94,0xad,0xb3,0x76,0x95, + 0x4e,0x14,0x8f,0x8f,0xe5,0x55,0xf1,0x3f,0xd0,0xd3,0x96,0x01,0xf6,0x94,0x3e,0x61, + 0xc1,0x8e,0xb3,0x89,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x01,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x1e,0xd9,0x55,0xe4,0xf5,0xaa,0xd7,0x12,0xa3,0xa3,0x06,0x2a, + 0x97,0x87,0x29,0x66,0xb1,0xba,0x7d,0x9d,0x1d,0x44,0x9d,0xd8,0x3b,0x51,0x4f,0x9a, + 0x68,0x80,0x9c,0x14,0x36,0x3b,0x2b,0x40,0x69,0x8e,0x96,0xe4,0x60,0xe8,0xf0,0x59, + 0xd3,0x96,0x19,0x4a,0x05,0xdf,0xe6,0x83,0x8f,0xda,0x79,0xc9,0xeb,0xcf,0x84,0x24, + 0x70,0x9b,0x2c,0x5f,0xf7,0x56,0xe2,0xe0,0xc7,0xfb,0x67,0x92,0xd2,0xf6,0x59,0x19, + 0xe9,0xdd,0xb4,0x54,0x52,0x0d,0xf8,0xda,0x64,0x67,0xe0,0xb9,0xe6,0x52,0x08,0xff, + 0x28,0x06,0x89,0x5c,0x2b,0xd5,0x6e,0x21,0xe1,0x6d,0x1d,0xe3,0xf8,0x1e,0x0f,0x20, + 0x9f,0x0a,0x60,0xd1,0xff,0x4e,0xa2,0x45,0xa1,0xee,0x96,0x90,0xc0,0xc4,0xa8,0x25, + 0x5a,0xe8,0xe8,0xa1,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xf5,0xde,0x0d,0x0c,0xc5,0x03,0x53,0x44,0xfa,0x70,0xc7,0x44, + 0x63,0xf8,0x57,0x7e,0x49,0x76,0xe4,0x7a,0x76,0x01,0x7d,0xda,0x65,0xaa,0x9d,0xbe, + 0xfe,0x24,0x9b,0x48,0xf9,0xa8,0x18,0x42,0x47,0xf3,0x1a,0x1e,0x61,0xe9,0xb8,0xb3, + 0x07,0xee,0xfd,0x83,0x2e,0xf2,0xf8,0xb9,0x1f,0x9a,0xee,0xeb,0x21,0xd0,0xc0,0x13, + 0xa2,0x31,0x33,0xe7,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xde,0x0d,0xba,0xf3,0x62,0x8f,0x75,0x16,0xe6,0x87,0x72,0xba, + 0x12,0x6a,0x43,0x5c,0xde,0x22,0x60,0xea,0xef,0x7a,0x7e,0xb6,0x28,0x16,0x4f,0xda, + 0xe7,0xb8,0xfe,0x48,0x17,0x65,0x1a,0x73,0x38,0x98,0xdb,0xa2,0xda,0x50,0xc8,0x81, + 0x53,0x07,0x1d,0x0e,0xa7,0x3f,0x48,0x57,0xea,0x5b,0x34,0x64,0x9f,0x0a,0x8b,0x36, + 0x7e,0x08,0xef,0x0f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xa8,0xd9,0xe6,0x7c,0x6e,0x90,0xea,0x0e,0xe5,0x2f,0xae,0xa9, + 0xf9,0x3e,0x04,0x58,0x66,0x7b,0x90,0x4d,0xc9,0xdd,0x1c,0x61,0x70,0x90,0xcb,0xe4, + 0xef,0x04,0x94,0xe0,0x79,0x14,0x48,0x14,0xbc,0xf4,0xe7,0x6b,0x16,0x33,0x3c,0xf5, + 0x36,0xed,0x9a,0x8d,0x0d,0x21,0x30,0x4f,0x72,0xb5,0x24,0x7f,0xb6,0xa9,0x76,0x40, + 0x05,0x93,0x64,0xe1,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x85,0x35,0x31,0x68,0x9e,0x40,0xb7,0x1a,0x34,0xd3,0x1e,0x84, + 0xf7,0x55,0x1d,0xf2,0x11,0x24,0x08,0x86,0x07,0x81,0xb1,0x8f,0xee,0xfe,0x6b,0x8b, + 0x43,0xa5,0x5b,0x8d,0xbd,0xd3,0x1e,0x09,0xee,0xf2,0xec,0x17,0x86,0xe6,0x1d,0x52, + 0x4f,0x8f,0x9d,0xe3,0xd3,0x7b,0x08,0x18,0x0d,0x74,0x07,0x3b,0x31,0x99,0x6e,0xa8, + 0x12,0xf5,0xa3,0x0b,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x23,0x60,0x23,0xc4,0x44,0x67,0x91,0xb7,0xde,0x06,0x9a,0x17, + 0x49,0x3a,0x8e,0x66,0xb4,0x54,0x61,0x4b,0xc4,0x9e,0xf8,0xe6,0xbc,0xf8,0x87,0xef, + 0x06,0xb5,0x40,0x4b,0xab,0xaf,0xf0,0xa0,0x46,0x43,0xc5,0xbd,0xec,0xff,0x57,0xfd, + 0x51,0x8a,0x6b,0x7b,0x32,0xee,0xeb,0x2f,0x81,0xd0,0xa0,0xa2,0x09,0x18,0xab,0x5c, + 0x85,0x1b,0x0f,0x57,}; +unsigned char eccPublicKeyBuf[132] = { + 0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x0e,0x42,0x92,0x4a,0x1b,0x01,0xb6,0x64,0x89,0x97,0xfb,0x67, + 0x3f,0xa5,0xa6,0xc4,0xc4,0x82,0xa2,0xfa,0xe6,0x96,0xc9,0x0a,0x37,0xf2,0x44,0x6c, + 0xac,0x37,0x85,0x67,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xf8,0xbb,0x32,0x55,0xe2,0x47,0x34,0x9a,0xc9,0xb5,0xdb,0xc7, + 0x17,0x4a,0xd9,0x84,0xbf,0xc5,0x3e,0x99,0x92,0xc6,0xd8,0x2d,0x6f,0xea,0xff,0x79, + 0x6b,0xde,0x3d,0x37,}; +unsigned char eccPrivateKeyBuf[68] = { + 0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xe6,0x51,0x2e,0xf8,0xca,0x14,0x84,0xa2,0xd9,0x76,0xc9,0x0d, + 0x37,0x1d,0xf1,0x95,0x49,0xbe,0x83,0x8e,0x70,0x09,0x1d,0x81,0xbd,0x6e,0xd9,0x5c, + 0xad,0x02,0x19,0x44,}; + + +#define SDF_TRACE() fprintf(stderr, "SDF_Dummy->%s\n", __FUNCTION__) + +int SDF_OpenDevice( + void **phDeviceHandle) +{ + if (!phDeviceHandle /* || !(*phDeviceHandle) */) + return SDR_INARGERR; + + *phDeviceHandle = deviceHandle; + return SDR_OK; +} + +int SDF_CloseDevice( + void *hDeviceHandle) +{ + return SDR_OK; +} + +int SDF_OpenSession( + void *hDeviceHandle, + void **phSessionHandle) +{ + if (!phSessionHandle /* || !(*phSessionHandle) */) + return SDR_INARGERR; + *phSessionHandle = sessionHandle; + return SDR_OK; +} + +int SDF_CloseSession( + void *hSessionHandle) +{ + return SDR_OK; +} + +#define SDF_DEV_DATE "20140101" +#define SDF_DEV_BATCH_NUM "001" +#define SDF_DEV_SERIAL_NUM "00123" +#define SDF_DEV_SERIAL SDF_DEV_DATE \ + SDF_DEV_BATCH_NUM \ + SDF_DEV_SERIAL_NUM + +int SDF_GetDeviceInfo( + void *hSessionHandle, + DEVICEINFO *pstDeviceInfo) +{ + if (!pstDeviceInfo) + return SDR_INARGERR; + memset(pstDeviceInfo, 0, sizeof(*pstDeviceInfo)); + strncpy((char *)pstDeviceInfo->IssuerName, "GmSSL Project (http://gmssl.org)", + sizeof(pstDeviceInfo->IssuerName)); + strncpy((char *)pstDeviceInfo->DeviceName, "Dummy SDF", + sizeof(pstDeviceInfo->DeviceName)); + strncpy((char *)pstDeviceInfo->DeviceSerial, SDF_DEV_SERIAL, + sizeof(pstDeviceInfo->DeviceSerial)); + pstDeviceInfo->DeviceVersion = 1; + pstDeviceInfo->StandardVersion = 1; + pstDeviceInfo->AsymAlgAbility[0] = SGD_RSA_SIGN|SGD_RSA_ENC| + SGD_SM2_1|SGD_SM2_2|SGD_SM2_3; + pstDeviceInfo->AsymAlgAbility[1] = 256|512|1024|2048|4096; + pstDeviceInfo->SymAlgAbility = SGD_SM1|SGD_SSF33|SGD_SM4|SGD_ZUC| + SGD_ECB|SGD_CBC|SGD_CFB|SGD_OFB|SGD_MAC; + pstDeviceInfo->HashAlgAbility = SGD_SM3|SGD_SHA1|SGD_SHA256; + pstDeviceInfo->BufferSize = 256*1024; + return SDR_OK; +} + +int SDF_GenerateRandom( + void *hSessionHandle, + unsigned int uiLength, + unsigned char *pucRandom) +{ + return SDR_OK; +} + +int SDF_GetPrivateKeyAccessRight( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned char *pucPassword, + unsigned int uiPwdLength) +{ + return SDR_OK; +} + +int SDF_ReleasePrivateKeyAccessRight( + void *hSessionHandle, + unsigned int uiKeyIndex) +{ + return SDR_OK; +} + +int SDF_ExportSignPublicKey_RSA( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey) +{ + if (!pucPublicKey) + return SDR_INARGERR; + memcpy(pucPublicKey, rsaPublicKeyBuf, sizeof(*pucPublicKey)); + return SDR_OK; +} + +int SDF_ExportEncPublicKey_RSA( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey) +{ + if (!pucPublicKey) + return SDR_INARGERR; + memcpy(pucPublicKey, rsaPublicKeyBuf, sizeof(*pucPublicKey)); + return SDR_OK; +} + +int SDF_GenerateKeyPair_RSA( + void *hSessionHandle, + unsigned int uiKeyBits, + RSArefPublicKey *pucPublicKey, + RSArefPrivateKey *pucPrivateKey) +{ + if (!pucPublicKey || !pucPrivateKey) + return SDR_INARGERR; + memcpy(pucPublicKey, rsaPublicKeyBuf, sizeof(*pucPublicKey)); + memcpy(pucPrivateKey, rsaPrivateKeyBuf, sizeof(*pucPrivateKey)); + return SDR_OK; +} + +int SDF_GenerateKeyWithIPK_RSA( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned int uiKeyBits, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle) +{ + if (!puiKeyLength) + return SDR_INARGERR; + *puiKeyLength = 2048/8; + if (phKeyHandle && *phKeyHandle) + *phKeyHandle = keyHandle; + return SDR_OK; +} + +int SDF_GenerateKeyWithEPK_RSA( + void *hSessionHandle, + unsigned int uiKeyBits, + RSArefPublicKey *pucPublicKey, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle) +{ + if (!puiKeyLength) + return SDR_INARGERR; + *puiKeyLength = 2048/8; + if (phKeyHandle && *phKeyHandle) + *phKeyHandle = keyHandle; + return SDR_OK; +} + +int SDF_ImportKeyWithISK_RSA( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned char *pucKey, + unsigned int uiKeyLength, + void **phKeyHandle) +{ + if (!phKeyHandle || !(*phKeyHandle)) + return SDR_INARGERR; + *phKeyHandle = keyHandle; + return SDR_OK; +} + +int SDF_ExchangeDigitEnvelopeBaseOnRSA( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey, + unsigned char *pucDEInput, + unsigned int uiDELength, + unsigned char *pucDEOutput, + unsigned int *puiDELength) +{ + if (!puiDELength) + return SDR_INARGERR; + *puiDELength = 2048/8; + return SDR_OK; +} + +int SDF_ExportSignPublicKey_ECC( + void *hSessionHandle, + unsigned int uiKeyIndex, + ECCrefPublicKey *pucPublicKey) +{ + if (!pucPublicKey) + return SDR_INARGERR; + memcpy(pucPublicKey, eccPublicKeyBuf, sizeof(*pucPublicKey)); + return SDR_OK; +} + +int SDF_ExportEncPublicKey_ECC( + void *hSessionHandle, + unsigned int uiKeyIndex, + ECCrefPublicKey *pucPublicKey) +{ + if (!pucPublicKey) + return SDR_INARGERR; + memcpy(pucPublicKey, eccPublicKeyBuf, sizeof(*pucPublicKey)); + return SDR_OK; +} + +int SDF_GenerateKeyPair_ECC( + void *hSessionHandle, + unsigned int uiAlgID, + unsigned int uiKeyBits, + ECCrefPublicKey *pucPublicKey, + ECCrefPrivateKey *pucPrivateKey) +{ + if (!pucPublicKey || !pucPublicKey) + return SDR_INARGERR; + memcpy(pucPublicKey, eccPublicKeyBuf, sizeof(*pucPublicKey)); + memcpy(pucPrivateKey, eccPrivateKeyBuf, sizeof(*pucPrivateKey)); + return SDR_OK; +} + +int SDF_GenerateKeyWithIPK_ECC( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned int uiKeyBits, + ECCCipher *pucKey, + void **phKeyHandle) +{ + if (!phKeyHandle || !(*phKeyHandle)) + return SDR_INARGERR; + *phKeyHandle = keyHandle; + return SDR_OK; +} + +int SDF_GenerateKeyWithEPK_ECC( + void *hSessionHandle, + unsigned int uiKeyBits, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + ECCCipher *pucKey, + void **phKeyHandle) +{ + if (!phKeyHandle || !(*phKeyHandle)) + return SDR_INARGERR; + *phKeyHandle = keyHandle; + return SDR_OK; +} + +int SDF_ImportKeyWithISK_ECC( + void *hSessionHandle, + unsigned int uiISKIndex, + ECCCipher *pucKey, + void **phKeyHandle) +{ + if (!phKeyHandle || !(*phKeyHandle)) + return SDR_INARGERR; + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.14 */ +int SDF_GenerateAgreementDataWithECC( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned int uiKeyBits, + unsigned char *pucSponsorID, + unsigned int uiSponsorIDLength, + ECCrefPublicKey *pucSponsorPublicKey, + ECCrefPublicKey *pucSponsorTmpPublicKey, + void **phAgreementHandle) +{ + // any output public key ? + if (!phAgreementHandle || !(*phAgreementHandle)) + return SDR_INARGERR; + *phAgreementHandle = agreementHandle; + return SDR_OK; +} + +/* 6.3.15 */ +int SDF_GenerateKeyWithECC( + void *hSessionHandle, + unsigned char *pucResponseID, + unsigned int uiResponseIDLength, + ECCrefPublicKey *pucResponsePublicKey, + ECCrefPublicKey *pucResponseTmpPublicKey, + void *hAgreementHandle, + void **phKeyHandle) +{ + if (!phKeyHandle || !(*phKeyHandle)) + return SDR_INARGERR; + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.16 */ +int SDF_GenerateAgreementDataAndKeyWithECC( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned int uiKeyBits, + unsigned char *pucResponseID, + unsigned int uiResponseIDLength, + unsigned char *pucSponsorID, + unsigned int uiSponsorIDLength, + ECCrefPublicKey *pucSponsorPublicKey, + ECCrefPublicKey *pucSponsorTmpPublicKey, + ECCrefPublicKey *pucResponsePublicKey, + ECCrefPublicKey *pucResponseTmpPublicKey, + void **phKeyHandle) +{ + // any output + if (!phKeyHandle || !(*phKeyHandle)) + return SDR_INARGERR; + *phKeyHandle = keyHandle; + return SDR_OK; +} + +int SDF_ExchangeDigitEnvelopeBaseOnECC( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + ECCCipher *pucEncDataIn, + ECCCipher *pucEncDataOut) +{ + return SDR_OK; +} + +int SDF_GenerateKeyWithKEK( + void *hSessionHandle, + unsigned int uiKeyBits, + unsigned int uiAlgID, + unsigned int uiKEKIndex, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle) +{ + if (!phKeyHandle || !(*phKeyHandle)) + return SDR_INARGERR; + *phKeyHandle = keyHandle; + return SDR_OK; +} + +int SDF_ImportKeyWithKEK( + void *hSessionHandle, + unsigned int uiAlgID, + unsigned int uiKEKIndex, + unsigned char *pucKey, + unsigned int uiKeyLength, + void **phKeyHandle) +{ + if (!phKeyHandle || !(*phKeyHandle)) + return SDR_INARGERR; + *phKeyHandle = keyHandle; + return SDR_OK; +} + +int SDF_DestroyKey( + void *hSessionHandle, + void *hKeyHandle) +{ + return SDR_OK; +} + +int SDF_ExternalPublicKeyOperation_RSA( + void *hSessionHandle, + RSArefPublicKey *pucPublicKey, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength) +{ + if (!puiOutputLength) + return SDR_INARGERR; + *puiOutputLength = 2048/8; + return SDR_OK; +} + +int SDF_ExternalPrivateKeyOperation_RSA( + void *hSessionHandle, + RSArefPrivateKey *pucPrivateKey, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength) +{ + if (!puiOutputLength) + return SDR_INARGERR; + *puiOutputLength = 2048/8; + return SDR_OK; +} + +int SDF_InternalPrivateKeyOperation_RSA( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength) +{ + if (!puiOutputLength) + return SDR_INARGERR; + *puiOutputLength = 2048/8; + return SDR_OK; +} + +int SDF_ExternalVerify_ECC( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucDataInput, + unsigned int uiInputLength, + ECCSignature *pucSignature) +{ + return SDR_OK; +} + +int SDF_InternalSign_ECC( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned char *pucData, + unsigned int uiDataLength, + ECCSignature *pucSignature) +{ + return SDR_OK; +} + +int SDF_InternalVerify_ECC( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned char *pucData, + unsigned int uiDataLength, + ECCSignature *pucSignature) +{ + return SDR_OK; +} + +int SDF_ExternalEncrypt_ECC( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucData, + unsigned int uiDataLength, + ECCCipher *pucEncData) +{ + if (!pucEncData) + return SDR_INARGERR; + pucEncData->L = uiDataLength; + return SDR_OK; +} + +int SDF_Encrypt( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucData, + unsigned int uiDataLength, + unsigned char *pucEncData, + unsigned int *puiEncDataLength) +{ + if (!puiEncDataLength) + return SDR_INARGERR; + *puiEncDataLength = uiDataLength; + return SDR_OK; +} + +int SDF_Decrypt( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucEncData, + unsigned int uiEncDataLength, + unsigned char *pucData, + unsigned int *puiDataLength) +{ + if (!puiDataLength) + return SDR_INARGERR; + *puiDataLength = uiEncDataLength; + return SDR_OK; +} + +int SDF_CalculateMAC( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucData, + unsigned int uiDataLength, + unsigned char *pucMAC, + unsigned int *puiMACLength) +{ + if (!puiMACLength) + return SDR_INARGERR; + *puiMACLength = 16; /* CBC-MAC length */ + return SDR_OK; +} + +int SDF_HashInit( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucID, + unsigned int uiIDLength) +{ + return SDR_OK; +} + +int SDF_HashUpdate( + void *hSessionHandle, + unsigned char *pucData, + unsigned int uiDataLength) +{ + return SDR_OK; +} + +int SDF_HashFinal(void *hSessionHandle, + unsigned char *pucHash, + unsigned int *puiHashLength) +{ + if (!puiHashLength) + return SDR_INARGERR; + *puiHashLength = 32; + return SDR_OK; +} + +int SDF_CreateFile( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiFileSize) +{ + return SDR_OK; +} + +int SDF_ReadFile( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiOffset, + unsigned int *puiReadLength, + unsigned char *pucBuffer) +{ + if (!puiReadLength) + return SDR_INARGERR; + return SDR_OK; +} + +int SDF_WriteFile( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiOffset, + unsigned int uiWriteLength, + unsigned char *pucBuffer) +{ + return SDR_OK; +} + +int SDF_DeleteFile( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen) +{ + return SDR_OK; +} diff --git a/engines/skf_dummy.c b/engines/skf_dummy.c new file mode 100644 index 00000000..5b383369 --- /dev/null +++ b/engines/skf_dummy.c @@ -0,0 +1,964 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include +#include + +static char *hDeviceHandle = "hDeviceHandle"; +static char *hApplication = "hApplication"; +static char *hContainer = "hContainer"; +static char *hAgreementHandle = "AgreementHandle"; +static char *hKeyHandle = "KeyHandle"; +static char *hHashHandle = "HashHandle"; +static char *hMacHandle = "MacHandle"; + +static char *sm2cert_pemstr = "-----BEGIN CERTIFICATE-----\n" +"MIICHDCCAcOgAwIBAgIBIzAKBggqgRzPVQGDdTBRMQswCQYDVQQGEwJDTjELMAkG\n" +"A1UECAwCQkoxCzAJBgNVBAcMAkJKMQwwCgYDVQQKDANQS1UxCzAJBgNVBAsMAkNT\n" +"MQ0wCwYDVQQDDARHTUNBMB4XDTE3MDYxODA4NDMyN1oXDTE4MDYxODA4NDMyN1ow\n" +"UzELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQwwCgYDVQQKDANQS1UxDTALBgNV\n" +"BAsMBFNpZ24xGjAYBgNVBAMMEWNsaWVudEBwa3UuZWR1LmNuMFkwEwYHKoZIzj0C\n" +"AQYIKoEcz1UBgi0DQgAEzsZMPwnZFCD75xb8IT02XJCyOShTaEL8o/iQ6ksmG2Ce\n" +"MKSPGUcRtlSAU/1hQcFv4j59Csdr03lXiDRfdD72AKOBiTCBhjAJBgNVHRMEAjAA\n" +"MAsGA1UdDwQEAwIHgDAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg\n" +"Q2VydGlmaWNhdGUwHQYDVR0OBBYEFHbwURtb+xQrmxma7NnHe300//yuMB8GA1Ud\n" +"IwQYMBaAFMJhPpIHIHmrPQdEsiK3SaZ60qiPMAoGCCqBHM9VAYN1A0cAMEQCIBhO\n" +"uu7R3uMpVcy2r+t/OGYRs7JpQMnNwhGy9dwTm+h8AiA9y4o0fkRLQfuT3RPClX2o\n" +"B5vw09GcQVzsjKxhGgHLZw==\n" +"-----END CERTIFICATE-----\n"; + +static char *sm2key_pemstr = "-----BEGIN EC PRIVATE KEY-----\n" +"MHcCAQEEIAMbqE0bEEoGoicBgR0VISmbbuInWUBMQBtZBFVPD0+aoAoGCCqBHM9V\n" +"AYItoUQDQgAEzsZMPwnZFCD75xb8IT02XJCyOShTaEL8o/iQ6ksmG2CeMKSPGUcR\n" +"tlSAU/1hQcFv4j59Csdr03lXiDRfdD72AA==\n" +"-----END EC PRIVATE KEY-----\n"; + +#define devNameList "DummyDev1\0DummyDev2\0" +#define appNameList "App1\0App2\0" +#define fileNameList "File1\0File2\0" +#define containerNameList "Container1\0Container2\0" + + +ULONG DEVAPI SKF_WaitForDevEvent( + LPSTR szDevName, + ULONG *pulDevNameLen, + ULONG *pulEvent) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_CancelWaitForDevEvent( + void) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_EnumDev(BOOL bPresent, + LPSTR szNameList, + ULONG *pulSize) +{ + if (!pulSize) + return SAR_INVALIDPARAMERR; + *pulSize = sizeof(devNameList); + if (szNameList) + memcpy(szNameList, devNameList, sizeof(devNameList)); + return SAR_OK; +} + +ULONG DEVAPI SKF_ConnectDev( + LPSTR szName, + DEVHANDLE *phDev) +{ + if (!phDev) + return SAR_INVALIDPARAMERR; + *phDev = hDeviceHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_DisConnectDev( + DEVHANDLE hDev) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GetDevState( + LPSTR szDevName, + ULONG *pulDevState) +{ + if (!pulDevState) + return SAR_INVALIDPARAMERR; + *pulDevState = SKF_DEV_STATE_PRESENT; + return SAR_OK; +} + +ULONG DEVAPI SKF_SetLabel( + DEVHANDLE hDev, + LPSTR szLabel) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GetDevInfo(DEVHANDLE hDev, + DEVINFO *pDevInfo) +{ + DEVINFO devInfo; + + if (!pDevInfo) { + return SAR_INVALIDPARAMERR; + } + + memset(&devInfo, 0, sizeof(devInfo)); + devInfo.Version.major = 1; + devInfo.Version.minor = 0; + strcpy((char *)&devInfo.Manufacturer, "GmSSL Project (http://gmssl.org)"); + strcpy((char *)&devInfo.Issuer, "GmSSL Project (http://gmssl.org)"); + strcpy((char *)&devInfo.Label, "SKF Dummy Token"); + strcpy((char *)&devInfo.SerialNumber, "1"); + devInfo.HWVersion.major = 1; + devInfo.HWVersion.minor = 0; + devInfo.FirmwareVersion.major = 1; + devInfo.FirmwareVersion.minor = 0; + devInfo.AlgSymCap = SGD_SM1|SGD_SSF33|SGD_SM4|SGD_ECB|SGD_CBC|SGD_CFB|SGD_OFB; + devInfo.AlgAsymCap = SGD_RSA|SGD_SM2|SGD_PK_SIGN|SGD_PK_ENC; + devInfo.AlgHashCap = SGD_SM3|SGD_SHA1|SGD_SHA256; + devInfo.DevAuthAlgId = SGD_SM4_ECB; + devInfo.TotalSpace = 64*1024; + devInfo.FreeSpace = 32*1024; + devInfo.MaxECCBufferSize = 100; + devInfo.MaxBufferSize = 128; + + memcpy(pDevInfo, &devInfo, sizeof(DEVINFO)); + return SAR_OK; +} + +ULONG DEVAPI SKF_LockDev( + DEVHANDLE hDev, + ULONG ulTimeOut) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_UnlockDev( + DEVHANDLE hDev) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_Transmit( + DEVHANDLE hDev, + BYTE *pbCommand, + ULONG ulCommandLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (!pulDataLen) + return SAR_INVALIDPARAMERR; + *pulDataLen = ulCommandLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_ChangeDevAuthKey( + DEVHANDLE hDev, + BYTE *pbKeyValue, + ULONG ulKeyLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_DevAuth( + DEVHANDLE hDev, + BYTE *pbAuthData, + ULONG ulLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ChangePIN( + HAPPLICATION hApplication, + ULONG ulPINType, + LPSTR szOldPin, + LPSTR szNewPin, + ULONG *pulRetryCount) +{ + if (!pulRetryCount) + return SAR_INVALIDPARAMERR; + *pulRetryCount = 100; + return SAR_OK; +} + +LONG DEVAPI SKF_GetPINInfo( + HAPPLICATION hApplication, + ULONG ulPINType, + ULONG *pulMaxRetryCount, + ULONG *pulRemainRetryCount, + BOOL *pbDefaultPin) +{ + if (!pulMaxRetryCount || !pulRemainRetryCount || !pbDefaultPin) + return SAR_INVALIDPARAMERR; + *pulMaxRetryCount = 100; + *pulRemainRetryCount = 100; + *pbDefaultPin = TRUE; + return SAR_OK; +} + +ULONG DEVAPI SKF_VerifyPIN( + HAPPLICATION hApplication, + ULONG ulPINType, + LPSTR szPIN, + ULONG *pulRetryCount) +{ + if (!pulRetryCount) + return SAR_INVALIDPARAMERR; + *pulRetryCount = 100; + return SAR_OK; +} + +ULONG DEVAPI SKF_UnblockPIN( + HAPPLICATION hApplication, + LPSTR szAdminPIN, + LPSTR szNewUserPIN, + ULONG *pulRetryCount) +{ + if (!pulRetryCount) + return SAR_INVALIDPARAMERR; + *pulRetryCount = 100; + return SAR_OK; +} + +ULONG DEVAPI SKF_ClearSecureState( + HAPPLICATION hApplication) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_CreateApplication( + DEVHANDLE hDev, + LPSTR szAppName, + LPSTR szAdminPin, + DWORD dwAdminPinRetryCount, + LPSTR szUserPin, + DWORD dwUserPinRetryCount, + DWORD dwCreateFileRights, + HAPPLICATION *phApplication) +{ + if (!phApplication) + return SAR_INVALIDPARAMERR; + *phApplication = hApplication; + return SAR_OK; +} + +ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev, + LPSTR szAppName, + ULONG *pulSize) +{ + if (!pulSize) + return SAR_INVALIDPARAMERR; + *pulSize = sizeof(appNameList); + if (szAppName) + memcpy(szAppName, appNameList, sizeof(appNameList)); + return SAR_OK; +} + +ULONG DEVAPI SKF_DeleteApplication( + DEVHANDLE hDev, + LPSTR szAppName) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_OpenApplication( + DEVHANDLE hDev, + LPSTR szAppName, + HAPPLICATION *phApplication) +{ + if (!phApplication) + return SAR_INVALIDPARAMERR; + *phApplication = hApplication; + return SAR_OK; +} + +ULONG DEVAPI SKF_CloseApplication( + HAPPLICATION hApplication) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_CreateFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulFileSize, + ULONG ulReadRights, + ULONG ulWriteRights) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_DeleteFile( + HAPPLICATION hApplication, + LPSTR szFileName) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_EnumFiles( + HAPPLICATION hApplication, + LPSTR szFileList, + ULONG *pulSize) +{ + if (!pulSize) + return SAR_INVALIDPARAMERR; + *pulSize = sizeof(fileNameList); + if (szFileList) + memcpy(szFileList, fileNameList, sizeof(fileNameList)); + return SAR_OK; +} + +ULONG DEVAPI SKF_GetFileInfo( + HAPPLICATION hApplication, + LPSTR szFileName, + FILEATTRIBUTE *pFileInfo) +{ + if (!pFileInfo) + return SAR_INVALIDPARAMERR; + strcpy((char *)pFileInfo->FileName, "FileName"); + pFileInfo->FileSize = 1024; + pFileInfo->ReadRights = SECURE_ANYONE_ACCOUNT; + return SAR_OK; +} + +ULONG DEVAPI SKF_ReadFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulOffset, + ULONG ulSize, + BYTE *pbOutData, + ULONG *pulOutLen) +{ + if (!pbOutData || !pulOutLen) + return SAR_INVALIDPARAMERR; + *pulOutLen = ulSize; + return SAR_OK; +} + +ULONG DEVAPI SKF_WriteFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulOffset, + BYTE *pbData, + ULONG ulSize) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_CreateContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + HCONTAINER *phContainer) +{ + if (!phContainer) + return SAR_INVALIDPARAMERR; + *phContainer = hContainer; + return SAR_OK; +} + +ULONG DEVAPI SKF_DeleteContainer( + HAPPLICATION hApplication, + LPSTR szContainerName) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_EnumContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + ULONG *pulSize) +{ + if (!pulSize) + return SAR_INVALIDPARAMERR; + *pulSize = sizeof(containerNameList); + if (szContainerName) + memcpy(szContainerName, containerNameList, sizeof(containerNameList)); + return SAR_OK; +} + +ULONG DEVAPI SKF_OpenContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + HCONTAINER *phContainer) +{ + if (!phContainer) + return SAR_INVALIDPARAMERR; + *phContainer = hContainer; + return SAR_OK; +} + +ULONG DEVAPI SKF_CloseContainer( + HCONTAINER hContainer) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GetContainerType( + HCONTAINER hContainer, + ULONG *pulContainerType) +{ + if (!pulContainerType) + return SAR_INVALIDPARAMERR; + *pulContainerType = SKF_CONTAINER_TYPE_ECC; + return SAR_OK; +} + +ULONG DEVAPI SKF_ImportCertificate( + HCONTAINER hContainer, + BOOL bExportSignKey, + BYTE *pbCert, + ULONG ulCertLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ExportCertificate( + HCONTAINER hContainer, + BOOL bSignFlag, + BYTE *pbCert, + ULONG *pulCertLen) +{ + BIO *bio = NULL; + char *name = NULL; + char *header = NULL; + unsigned char *data = NULL; + long len; + + if (!pulCertLen) + return SAR_INVALIDPARAMERR; + if (!(bio = BIO_new_mem_buf(sm2cert_pemstr, strlen(sm2cert_pemstr)))) + return SAR_MEMORYERR; + if (!PEM_read_bio(bio, &name, &header, &data, &len)) { + BIO_free(bio); + return SAR_FAIL; + } + *pulCertLen = len; + if (pbCert) + memcpy(pbCert, data, len); + OPENSSL_free(bio); + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); + return SAR_OK; +} + +ULONG DEVAPI SKF_ExportPublicKey( + HCONTAINER hContainer, + BOOL bSignFlag, + BYTE *pbBlob, + ULONG *pulBlobLen) +{ + if (!pulBlobLen) + return SAR_INVALIDPARAMERR; + *pulBlobLen = 2048/8; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenRandom( + DEVHANDLE hDev, + BYTE *pbRandom, + ULONG ulRandomLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GenExtRSAKey( + DEVHANDLE hDev, + ULONG ulBitsLen, + RSAPRIVATEKEYBLOB *pBlob) +{ + if (!pBlob) + return SAR_INVALIDPARAMERR; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenRSAKeyPair( + HCONTAINER hContainer, + ULONG ulBitsLen, + RSAPUBLICKEYBLOB *pBlob) +{ + if (!pBlob) + return SAR_INVALIDPARAMERR; + return SAR_OK; +} + +ULONG DEVAPI SKF_ImportRSAKeyPair( + HCONTAINER hContainer, + ULONG ulSymAlgId, + BYTE *pbWrappedKey, + ULONG ulWrappedKeyLen, + BYTE *pbEncryptedData, + ULONG ulEncryptedDataLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_RSASignData( + HCONTAINER hContainer, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbSignature, + ULONG *pulSignLen) +{ + if (!pulSignLen) + return SAR_INVALIDPARAMERR; + *pulSignLen = 2048/8; + return SAR_OK; +} + +ULONG DEVAPI SKF_RSAVerify( + DEVHANDLE hDev, + RSAPUBLICKEYBLOB *pRSAPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbSignature, + ULONG ulSignLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_RSAExportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + RSAPUBLICKEYBLOB *pPubKey, + BYTE *pbData, + ULONG *pulDataLen, + HANDLE *phSessionKey) +{ + if (!pulDataLen || !phSessionKey) + return SAR_INVALIDPARAMERR; + *pulDataLen = 2048/8; + *phSessionKey = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtRSAPubKeyOperation( + DEVHANDLE hDev, + RSAPUBLICKEYBLOB *pRSAPubKeyBlob, + BYTE *pbInput, + ULONG ulInputLen, + BYTE *pbOutput, + ULONG *pulOutputLen) +{ + if (!pulOutputLen) + return SAR_INVALIDPARAMERR; + *pulOutputLen = 2048/8; + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtRSAPriKeyOperation( + DEVHANDLE hDev, + RSAPRIVATEKEYBLOB *pRSAPriKeyBlob, + BYTE *pbInput, + ULONG ulInputLen, + BYTE *pbOutput, + ULONG *pulOutputLen) +{ + if (!pulOutputLen) + return SAR_INVALIDPARAMERR; + *pulOutputLen = 2048/8; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenECCKeyPair( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pBlob) +{ + if (!pBlob) + return SAR_INVALIDPARAMERR; + return SAR_OK; +} + +ULONG DEVAPI SKF_ImportECCKeyPair( + HCONTAINER hContainer, + ENVELOPEDKEYBLOB *pEnvelopedKeyBlob) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ECCSignData( + HCONTAINER hContainer, + BYTE *pbDigest, + ULONG ulDigestLen, + ECCSIGNATUREBLOB *pSignature) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ECCVerify( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ECCExportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pPubKey, + ECCCIPHERBLOB *pData, + HANDLE *phSessionKey) +{ + if (!phSessionKey) + return SAR_INVALIDPARAMERR; + *phSessionKey = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCEncrypt( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbPlainText, + ULONG ulPlainTextLen, + ECCCIPHERBLOB *pCipherText) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCDecrypt( + DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *pECCPriKeyBlob, + ECCCIPHERBLOB *pCipherText, + BYTE *pbPlainText, + ULONG *pulPlainTextLen) +{ + if (!pulPlainTextLen) + return SAR_INVALIDPARAMERR; + *pulPlainTextLen = 1; + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCSign( + DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *pECCPriKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + if (!pSignature) + return SAR_INVALIDPARAMERR; + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCVerify( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GenerateAgreementDataWithECC( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phAgreementHandle) +{ + if (!phAgreementHandle) + return SAR_INVALIDPARAMERR; + *phAgreementHandle = hAgreementHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC( + HANDLE hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob, + ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + BYTE *pbSponsorID, + ULONG ulSponsorIDLen, + HANDLE *phKeyHandle) +{ + if (!phKeyHandle) + return SAR_INVALIDPARAMERR; + *phKeyHandle = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenerateKeyWithECC( + HANDLE hAgreementHandle, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phKeyHandle) +{ + if (!phKeyHandle) + return SAR_INVALIDPARAMERR; + *phKeyHandle = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_ImportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + BYTE *pbWrapedData, + ULONG ulWrapedLen, + HANDLE *phKey) +{ + if (!phKey) + return SAR_INVALIDPARAMERR; + *phKey = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_SetSymmKey( + DEVHANDLE hDev, + BYTE *pbKey, + ULONG ulAlgID, + HANDLE *phKey) +{ + if (!phKey) + return SAR_INVALIDPARAMERR; + *phKey = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_EncryptInit( + HANDLE hKey, + BLOCKCIPHERPARAM EncryptParam) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_Encrypt( + HANDLE hKey, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbEncryptedData, + ULONG *pulEncryptedLen) +{ + if (!pulEncryptedLen) + return SAR_INVALIDPARAMERR; + *pulEncryptedLen = ulDataLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_EncryptUpdate( + HANDLE hKey, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbEncryptedData, + ULONG *pulEncryptedLen) +{ + if (!pulEncryptedLen) + return SAR_INVALIDPARAMERR; + *pulEncryptedLen = ulDataLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_EncryptFinal( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG *pulEncryptedDataLen) +{ + if (!pulEncryptedDataLen) + return SAR_INVALIDPARAMERR; + *pulEncryptedDataLen = 0; + return SAR_OK; +} + +ULONG DEVAPI SKF_DecryptInit( + HANDLE hKey, + BLOCKCIPHERPARAM DecryptParam) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_Decrypt( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG ulEncryptedLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (!pulDataLen) + return SAR_INVALIDPARAMERR; + *pulDataLen = ulEncryptedLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_DecryptUpdate( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG ulEncryptedLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (!pulDataLen) + return SAR_INVALIDPARAMERR; + *pulDataLen = ulEncryptedLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_DecryptFinal( + HANDLE hKey, + BYTE *pbDecryptedData, + ULONG *pulDecryptedDataLen) +{ + if (!pulDecryptedDataLen) + return SAR_INVALIDPARAMERR; + *pulDecryptedDataLen = 0; + return SAR_OK; +} + +ULONG DEVAPI SKF_DigestInit( + DEVHANDLE hDev, + ULONG ulAlgID, + ECCPUBLICKEYBLOB *pPubKey, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phHash) +{ + if (!phHash) + return SAR_INVALIDPARAMERR; + *phHash = hHashHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_Digest( + HANDLE hHash, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbHashData, + ULONG *pulHashLen) +{ + if (!pulHashLen) + return SAR_INVALIDPARAMERR; + *pulHashLen = 32; + return SAR_OK; +} + +ULONG DEVAPI SKF_DigestUpdate( + HANDLE hHash, + BYTE *pbData, + ULONG ulDataLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_DigestFinal( + HANDLE hHash, + BYTE *pbHashData, + ULONG *pulHashLen) +{ + if (!pulHashLen) + return SAR_INVALIDPARAMERR; + *pulHashLen = 32; + return SAR_OK; +} + +ULONG DEVAPI SKF_MacInit( + HANDLE hKey, + BLOCKCIPHERPARAM *pMacParam, + HANDLE *phMac) +{ + if (!phMac) + return SAR_INVALIDPARAMERR; + *phMac = hMacHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_Mac( + HANDLE hMac, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbMacData, + ULONG *pulMacLen) +{ + if (!pulMacLen) + return SAR_INVALIDPARAMERR; + *pulMacLen = 16; + return SAR_OK; +} + +ULONG DEVAPI SKF_MacUpdate( + HANDLE hMac, + BYTE *pbData, + ULONG ulDataLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_MacFinal( + HANDLE hMac, + BYTE *pbMacData, + ULONG *pulMacDataLen) +{ + if (!pulMacDataLen) + return SAR_INVALIDPARAMERR; + *pulMacDataLen = 16; + return SAR_OK; +} + +ULONG DEVAPI SKF_CloseHandle( + HANDLE hHandle) +{ + return SAR_OK; +} diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 66d387d4..e00f4254 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -187,7 +187,7 @@ extern "C" { # define TLSEXT_signature_rsa 1 # define TLSEXT_signature_dsa 2 # define TLSEXT_signature_ecdsa 3 -# ifndef OPENSSL_NO_GMTLS +# ifndef OPENSSL_NO_SM2 # define TLSEXT_signature_sm2sign 7 # endif # define TLSEXT_signature_gostr34102001 237 @@ -195,7 +195,7 @@ extern "C" { # define TLSEXT_signature_gostr34102012_512 239 /* Total number of different signature algorithms */ -# ifndef OPENSSL_NO_GMTLS +# ifndef OPENSSL_NO_SM2 # define TLSEXT_signature_num 8 # else # define TLSEXT_signature_num 7 @@ -208,7 +208,7 @@ extern "C" { # define TLSEXT_hash_sha256 4 # define TLSEXT_hash_sha384 5 # define TLSEXT_hash_sha512 6 -# ifndef OPENSSL_NO_GMTLS +# ifndef OPENSSL_NO_SM3 # define TLSEXT_hash_sm3 7 # endif # define TLSEXT_hash_gostr3411 237 @@ -217,7 +217,7 @@ extern "C" { /* Total number of different digest algorithms */ -# ifndef OPENSSL_NO_GMTLS +# ifndef OPENSSL_NO_SM3 # define TLSEXT_hash_num 11 # else # define TLSEXT_hash_num 10 diff --git a/java/test.sh b/java/test.sh new file mode 100755 index 00000000..3fa163cc --- /dev/null +++ b/java/test.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +javac GmSSL.java +java -Djava.library.path=../ GmSSL diff --git a/ssl/build.info b/ssl/build.info index 5a949a8e..383ec6ec 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -11,4 +11,7 @@ SOURCE[../libssl]=\ ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \ bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \ - statem/statem.c statem/statem_gmtls.c + statem/statem.c +IF[{- !$disabled{gmtls} -}] + SOURCE[../libssl]=statem/statem_gmtls11.c +ENDIF diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6a66da86..8e3a2b74 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2636,7 +2636,7 @@ void ssl_set_masks(SSL *s) int have_ecc_cert, ecdsa_ok; X509 *x = NULL; #endif -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 int have_sm2_cert, sm2sign_ok; #endif if (c == NULL) @@ -2654,7 +2654,7 @@ void ssl_set_masks(SSL *s) #ifndef OPENSSL_NO_EC have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 have_sm2_cert = pvalid[SSL_PKEY_SM2_SIGN] & CERT_PKEY_VALID; #endif mask_k = 0; @@ -2716,7 +2716,7 @@ void ssl_set_masks(SSL *s) mask_a |= SSL_aECDSA; } #endif -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_SM2 if (have_sm2_cert) { uint32_t ex_kusage; cpk = &c->pkeys[SSL_PKEY_SM2_SIGN]; @@ -2734,7 +2734,7 @@ void ssl_set_masks(SSL *s) #ifndef OPENSSL_NO_EC mask_k |= SSL_kECDHE; #endif -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 mask_k |= SSL_kSM2; mask_k |= SSL_kSM2DHE; #endif @@ -2748,7 +2748,7 @@ void ssl_set_masks(SSL *s) mask_k |= SSL_kDHEPSK; if (mask_k & SSL_kECDHE) mask_k |= SSL_kECDHEPSK; -# ifndef OPENSSL_NO_GMTLS_METHOD +# ifndef OPENSSL_NO_SM2 if (mask_k & SSL_kSM2DHE) mask_k |= SSL_kSM2PSK; # endif @@ -2828,7 +2828,7 @@ CERT_PKEY *ssl_get_server_send_pkey(SSL *s) return &c->pkeys[i]; } -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_GMTLS CERT_PKEY *ssl_get_server_send_pkey_ex(SSL *s) { CERT *c; @@ -2874,7 +2874,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, } else if ((alg_a & SSL_aECDSA) && (c->pkeys[SSL_PKEY_ECC].privatekey != NULL)) idx = SSL_PKEY_ECC; -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_GMTLS_SM2 else if ((alg_a & SSL_aSM2) && (c->pkeys[SSL_PKEY_SM2_SIGN].privatekey != NULL)) idx = SSL_PKEY_SM2_SIGN; diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 85175027..07bc6438 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -64,7 +64,7 @@ #ifndef OPENSSL_NO_ENGINE # include #endif -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 # include #endif @@ -534,15 +534,19 @@ int ossl_statem_client_construct_message(SSL *s) return tls_construct_client_hello(s); case TLS_ST_CW_CERT: +#ifndef OPENSSL_NO_GMTLS if (SSL_IS_GMTLS(s)) return gmtls_construct_client_certificate(s); else +#endif return tls_construct_client_certificate(s); case TLS_ST_CW_KEY_EXCH: +#ifndef OPENSSL_NO_GMTLS if (SSL_IS_GMTLS(s)) return gmtls_construct_client_key_exchange(s); else +#endif return tls_construct_client_key_exchange(s); case TLS_ST_CW_CERT_VRFY: @@ -642,18 +646,22 @@ MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt) return dtls_process_hello_verify(s, pkt); case TLS_ST_CR_CERT: +#ifndef OPENSSL_NO_GMTLS if (SSL_IS_GMTLS(s)) return tls_process_server_certificate(s, pkt); else +#endif return tls_process_server_certificate(s, pkt); case TLS_ST_CR_CERT_STATUS: return tls_process_cert_status(s, pkt); case TLS_ST_CR_KEY_EXCH: +#ifndef OPENSSL_NO_GMTLS if (SSL_IS_GMTLS(s)) return gmtls_process_server_key_exchange(s, pkt); else +#endif return tls_process_server_key_exchange(s, pkt); case TLS_ST_CR_CERT_REQ: diff --git a/ssl/statem/statem_gmtls.c b/ssl/statem/statem_gmtls.c deleted file mode 100644 index a226c527..00000000 --- a/ssl/statem/statem_gmtls.c +++ /dev/null @@ -1,137 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include - -# include "../ssl_locl.h" -# include "statem_locl.h" -# include "internal/constant_time_locl.h" -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include - -int gmtls_construct_server_certificate(SSL *s) -{ - SSLerr(SSL_F_GMTLS_CONSTRUCT_SERVER_CERTIFICATE, - SSL_R_NOT_IMPLEMENTED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return 0; -} - -int gmtls_construct_server_key_exchange(SSL *s) -{ - SSLerr(SSL_F_GMTLS_CONSTRUCT_SERVER_KEY_EXCHANGE, - SSL_R_NOT_IMPLEMENTED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return 0; -} - -int gmtls_construct_client_certificate(SSL *s) -{ - SSLerr(SSL_F_GMTLS_CONSTRUCT_CLIENT_CERTIFICATE, - SSL_R_NOT_IMPLEMENTED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return 0; -} - -int gmtls_construct_client_key_exchange(SSL *s) -{ - SSLerr(SSL_F_GMTLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, - SSL_R_NOT_IMPLEMENTED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return 0; -} - -MSG_PROCESS_RETURN gmtls_process_server_certificate(SSL *s, PACKET *pkt) -{ - SSLerr(SSL_F_GMTLS_PROCESS_SERVER_CERTIFICATE, - SSL_R_NOT_IMPLEMENTED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; -} - -MSG_PROCESS_RETURN gmtls_process_server_key_exchange(SSL *s, PACKET *pkt) -{ - SSLerr(SSL_F_GMTLS_PROCESS_SERVER_KEY_EXCHANGE, - SSL_R_NOT_IMPLEMENTED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; -} - -MSG_PROCESS_RETURN gmtls_process_client_certificate(SSL *s, PACKET *pkt) -{ - SSLerr(SSL_F_GMTLS_PROCESS_CLIENT_CERTIFICATE, - SSL_R_NOT_IMPLEMENTED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; -} - -MSG_PROCESS_RETURN gmtls_process_client_key_exchange(SSL *s, PACKET *pkt) -{ - SSLerr(SSL_F_GMTLS_PROCESS_CLIENT_KEY_EXCHANGE, - SSL_R_NOT_IMPLEMENTED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); - ossl_statem_set_error(s); - return MSG_PROCESS_ERROR; -} diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 71ffce03..dfb18caf 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -640,14 +640,20 @@ int ossl_statem_server_construct_message(SSL *s) return tls_construct_server_hello(s); case TLS_ST_SW_CERT: - return SSL_IS_GMTLS(s) ? - tls_construct_server_certificate(s) - : tls_construct_server_certificate(s); +#ifndef OPENSSL_NO_GMTLS + if (SSL_IS_GMTLS(s)) + return tls_construct_server_certificate(s) + else +#endif + return tls_construct_server_certificate(s); case TLS_ST_SW_KEY_EXCH: - return (s->version == GMTLS_VERSION) ? - gmtls_construct_server_key_exchange(s) - : tls_construct_server_key_exchange(s); +#ifndef OPENSSL_NO_GMTLS + if (SSL_IS_GMTLS(s)) + return gmtls_construct_server_key_exchange(s) + else +#endif + return tls_construct_server_key_exchange(s); case TLS_ST_SW_CERT_REQ: return tls_construct_certificate_request(s); @@ -754,15 +760,19 @@ MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt) return tls_process_client_hello(s, pkt); case TLS_ST_SR_CERT: +#ifndef OPENSSL_NO_GMTLS_METHOD if (SSL_IS_GMTLS(s)) return tls_process_client_certificate(s, pkt); else +#endif return tls_process_client_certificate(s, pkt); case TLS_ST_SR_KEY_EXCH: +#ifndef OPENSSL_NO_GMTLS if (SSL_IS_GMTLS(s)) return gmtls_process_client_key_exchange(s, pkt); else +#endif return tls_process_client_key_exchange(s, pkt); case TLS_ST_SR_CERT_VRFY: diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 66b1f888..5cd94ecc 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -722,7 +722,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) tlsext_sigalg_ecdsa(md) static const unsigned char tls12_sigalgs[] = { -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_SM2 TLSEXT_hash_sm3, TLSEXT_signature_sm2sign, #endif tlsext_sigalg(TLSEXT_hash_sha512) @@ -3264,7 +3264,7 @@ static const tls12_lookup tls12_md[] = { {NID_id_GostR3411_94, TLSEXT_hash_gostr3411}, {NID_id_GostR3411_2012_256, TLSEXT_hash_gostr34112012_256}, {NID_id_GostR3411_2012_512, TLSEXT_hash_gostr34112012_512}, -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_SM3 {NID_sm3, TLSEXT_hash_sm3}, #endif }; @@ -3272,7 +3272,7 @@ static const tls12_lookup tls12_md[] = { static const tls12_lookup tls12_sig[] = { {EVP_PKEY_RSA, TLSEXT_signature_rsa}, {EVP_PKEY_DSA, TLSEXT_signature_dsa}, -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_SM2 {EVP_PKEY_EC, TLSEXT_signature_sm2sign}, #else {EVP_PKEY_EC, TLSEXT_signature_ecdsa}, @@ -3343,7 +3343,7 @@ static const tls12_hash_info tls12_md_info[] = { TLSEXT_hash_gostr34112012_256}, {NID_id_GostR3411_2012_512, 256, SSL_MD_GOST12_512_IDX, TLSEXT_hash_gostr34112012_512}, -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_SM3 {NID_sm3, 128, SSL_MD_SM3_IDX, TLSEXT_hash_sm3}, #endif }; @@ -3388,7 +3388,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg) case TLSEXT_signature_ecdsa: return SSL_PKEY_ECC; #endif -# ifndef OPENSSL_NO_GMTLS_METHOD +# ifndef OPENSSL_NO_SM2 case TLSEXT_signature_sm2sign: return SSL_PKEY_SM2_SIGN; # endif @@ -3455,7 +3455,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) const unsigned char *sigalgs; size_t i, sigalgslen; int have_rsa = 0, have_dsa = 0, have_ecdsa = 0; -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 int have_sm2sign = 0; #endif /* @@ -3484,7 +3484,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) have_ecdsa = 1; break; #endif -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 case TLSEXT_signature_sm2sign: if (!have_sm2sign && tls12_sigalg_allowed(s, op, sigalgs)) have_sm2sign = 1; @@ -3499,7 +3499,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) *pmask_a |= SSL_aDSS; if (!have_ecdsa) *pmask_a |= SSL_aECDSA; -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 if (!have_sm2sign) *pmask_a |= SSL_aSM2; #endif @@ -3666,7 +3666,7 @@ int tls1_process_sigalgs(SSL *s) if (pmd[SSL_PKEY_ECC] == NULL) pmd[SSL_PKEY_ECC] = EVP_get_digestbynid(NID_sha1); #endif -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 if (pmd[SSL_PKEY_SM2_SIGN] == NULL) pmd[SSL_PKEY_SM2_SIGN] = EVP_get_digestbynid(NID_sm3); #endif @@ -3961,13 +3961,13 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, default_nid = NID_ecdsa_with_SHA1; break; -#ifndef OPENSSL_NO_GMTLS_METHOD +#ifndef OPENSSL_NO_SM2 case SSL_PKEY_SM2_ENC: rsign = TLSEXT_signature_sm2sign; default_nid = NID_sm2sign_with_sm3; break; #endif -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 case SSL_PKEY_SM2_SIGN: rsign = TLSEXT_signature_sm2sign; default_nid = NID_sm2sign_with_sm3; @@ -4150,7 +4150,7 @@ void tls1_set_cert_validity(SSL *s) tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512); -#ifndef OPENSSL_NO_GMTLS +#ifndef OPENSSL_NO_SM2 tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_SM2_SIGN); #endif }