diff --git a/.gitignore b/.gitignore index 93b9bcf7..a5e15c2d 100644 --- a/.gitignore +++ b/.gitignore @@ -183,21 +183,30 @@ Makefile.save cscope.* *.d +# macOS +.DS_Store +*.tar.gz + # add by LiTianjue for GmSSL # auto create by Configure crypto/opensslconf.h tool/c_rehash # exec file apps/gmssl +apps/gmca/.ca # gmtls /ssl/ssl_load.c +# demos +/demos/kdf + # engines /engines/e_skf* /engines/e_sdf* /engines/e_gmi* /engines/sdf +/engines/skf # apps /apps/sm2.c @@ -207,5 +216,3 @@ apps/gmssl include/openssl/srp.h /*.sh - - diff --git a/demos/scripts/ciphers.sh b/demos/scripts/ciphers.sh new file mode 100755 index 00000000..c0b2dfbf --- /dev/null +++ b/demos/scripts/ciphers.sh @@ -0,0 +1,34 @@ +#!/bin/bash -x +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl + +echo "SSL/TLS Cipher Suites:" +$gmssl ciphers +echo +$gmssl ciphers -v +echo +$gmssl ciphers -V +echo + +# show detailed information of a cipher suite +$gmssl ciphers -V SM2-WITH-SMS4-SM3 + +# show if the specified cipher is supported +$gmssl ciphers -s -tls1 SM2-WITH-SMS4-SM3 + +echo "Supported Cipher Suites:" +$gmssl ciphers -s +echo + +echo "TLS 1.2 Cipher Suites:" +$gmssl ciphers -tls1_2 +echo + +echo "PSK (Pre-Shared Key) Cipher Suites:" +$gmssl ciphers -psk +echo + +echo "SRP (Secure Remote Password) Cipher Suites:" +$gmssl ciphers -srp +echo diff --git a/demos/scripts/dgst.sh b/demos/scripts/dgst.sh new file mode 100755 index 00000000..402fbd57 --- /dev/null +++ b/demos/scripts/dgst.sh @@ -0,0 +1,20 @@ +#!/bin/bash -x +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl + +echo -n "abc" | $gmssl sm3 +echo -n "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd" | $gmssl sm3 +echo -n "abc" | $gmssl dgst -sm3 -binary -out sm3dgst.bin +echo -n "abc" | $gmssl dgst -sm3 -hmac "hmackeystring" + +# digest and sign/verify +filename=dgst.sh +$gmssl dgst -sm3 -sign sm2key.pem -out $filename.sig $filename +$gmssl dgst -sm3 -verify sm2pubkey.pem -signature $filename.sig $filename + +# cmac +echo hello | $gmssl dgst -sm3 -mac hmac -macopt key:ehllo + +# engine + diff --git a/demos/scripts/ec.sh b/demos/scripts/ec.sh new file mode 100755 index 00000000..1c5c8259 --- /dev/null +++ b/demos/scripts/ec.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl + +paramfile=ecparam.pem +keyfile=eckey.pem +pubkeyfile=ecpubkey.pem +pkeyopt="-pkeyopt ec_paramgen_curve:sm2p256v1" + +$gmssl ecparam -list_curves | grep sm2 +$gmssl ecparam -text -noout -name sm2p256v1 -param_enc explicit +$gmssl genpkey -genparam -algorithm EC -out sm2p256v1.pem -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve +$gmssl genpkey -algorithm EC -out sm2key.pem -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve +$gmssl pkey -text -noout -in sm2key.pem +$gmssl pkey -in sm2key.pem -pubout -out sm2pubkey.pem +$gmssl pkey -text -noout -pubin -in $pubkeyfile + +echo hello | $gmssl pkeyutl -sign -inkey sm2key.pem -pkeyopt ec_scheme:sm2 > sm2sig.der +echo hello | $gmssl pkeyutl -verify -inkey sm2key.pem -sigfile sm2sig.der -pkeyopt ec_scheme:sm2 +echo hello | $gmssl pkeyutl -encrypt -inkey sm2key.pem -pkeyopt ec_scheme:sm2 > sm2ciphertext.bin + +cat sm2ciphertext.bin | $gmssl pkeyutl -decrypt -inkey sm2key.pem -pkeyopt ec_scheme:sm2 + +#$gmssl req -new -x509 -days 3650 -key sm2key.pem -out cert.pem +#$gmssl x509 -text -noout -in $DIR/cacert.pem diff --git a/demos/scripts/list.sh b/demos/scripts/list.sh new file mode 100755 index 00000000..89376c7b --- /dev/null +++ b/demos/scripts/list.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl + +echo "Commands:" +$gmssl list -commands +echo + +echo "Digest Commands:" +$gmssl list -digest-commands +echo + +echo "Digest Algorithms:" +$gmssl list -digest-algorithms +echo + +echo "Ciphers Commands:" +$gmssl list -cipher-commands +echo + +echo "Cipher Algorithms:" +$gmssl list -cipher-algorithms +echo + +echo "Public Key Algorithms:" +$gmssl list -public-key-algorithms +echo + +# FIXME: gmssl disabled features are not listed! +$gmssl list -disabled +echo diff --git a/demos/scripts/passwd.sh b/demos/scripts/passwd.sh new file mode 100755 index 00000000..86c5ae2d --- /dev/null +++ b/demos/scripts/passwd.sh @@ -0,0 +1,8 @@ +#!/bin/bash -x +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl + +$gmssl passwd -crypt -salt xx password +$gmssl passwd -1 -salt xxxxxxxx password +$gmssl passwd -apr1 -salt xxxxxxxx password diff --git a/demos/scripts/pkey.sh b/demos/scripts/pkey.sh new file mode 100755 index 00000000..87fb061f --- /dev/null +++ b/demos/scripts/pkey.sh @@ -0,0 +1,26 @@ +#!/bin/bash -x + +gmssl=~/code/github/gmssl/apps/gmssl + +$gmssl genpkey -genparam -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out sm2p256v1.pem +$gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out sm2key.pem +$gmssl pkey -text -noout -in sm2key.pem +$gmssl pkey -pubout -in sm2key.pem -out sm2pubkey.pem +$gmssl pkey -text -noout -pubin -in sm2pubkey.pem + +message="This is the message to be signed." +sigfile="sm2sig.der" +echo $message | $gmssl pkeyutl -sign -pkeyopt ec_scheme:sm2 -inkey sm2key.pem -out $sigfile +echo $message | $gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -pubin -inkey sm2pubkey.pem -sigfile $sigfile + +echo "Message : $message" +echo "Signature :" +$gmssl asn1parse -inform DER -in $sigfile + +plaintext="This is the plaintext to be encrypted." +ciphertext=ciphertext.der +echo $plaintext | $gmssl pkeyutl -encrypt -pkeyopt ec_scheme:sm2 -inkey sm2key.pem -out $ciphertext +cat $ciphertext | $gmssl pkeyutl -decrypt -pkeyopt ec_scheme:sm2 -inkey sm2key.pem + +echo $plaintext +$gmssl asn1parse -inform DER -in $ciphertext diff --git a/demos/scripts/quickstart.sh b/demos/scripts/quickstart.sh new file mode 100755 index 00000000..4d59a62b --- /dev/null +++ b/demos/scripts/quickstart.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl + +echo -n "abc" | $gmssl sm3 +echo "SM4 Decrypted Successfully" | $gmssl sms4 -e -K 1234567890ABCDEF1234567890ABCDEF -iv 11223344556677889900AABBCCDDEEFF -out README.sms4 +$gmssl sms4 -d -K 1234567890ABCDEF1234567890ABCDEF -iv 11223344556677889900AABBCCDDEEFF -in README.sms4 -out README-2.md +$gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out skey.pem +$gmssl pkey -pubout -in skey.pem -out vkey.pem +$gmssl pkeyutl -sign -pkeyopt ec_scheme:sm2 -inkey skey.pem -in README.md -out README.md.sig +$gmssl pkeyutl -verify -pkeyopt ec_scheme:sm2 -pubin -inkey vkey.pem -in README.md -sigfile README.md.sig +$gmssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve -out dkey.pem +$gmssl pkey -pubout -in dkey.pem -out ekey.pem +echo "Ciphertext Decrypted Successfully" | $gmssl pkeyutl -encrypt -pkeyopt ec_scheme:sm2 -pubin -inkey ekey.pem -out ciphertext.sm2 +$gmssl pkeyutl -decrypt -pkeyopt ec_scheme:sm2 -inkey dkey.pem -in ciphertext.sm2 +#$gmssl req -new -x509 -key skey.pem -out cert.pem diff --git a/demos/scripts/rand.sh b/demos/scripts/rand.sh new file mode 100755 index 00000000..35f86354 --- /dev/null +++ b/demos/scripts/rand.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl +randfile=rand.bin + +num=32 +$gmssl rand -hex $num +$gmssl rand -base64 $num +$gmssl rand -out $randfile $num diff --git a/demos/scripts/speed.sh b/demos/scripts/speed.sh new file mode 100755 index 00000000..438c1962 --- /dev/null +++ b/demos/scripts/speed.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=$gmssl + +$gmssl speed sm2 +$gmssl speed -evp sm3 +$gmssl speed -evp sms4 +$gmssl speed -evp sms4 -decrypt +$gmssl speed -evp sm3 -engine skf diff --git a/demos/scripts/version.sh b/demos/scripts/version.sh new file mode 100755 index 00000000..83e670d9 --- /dev/null +++ b/demos/scripts/version.sh @@ -0,0 +1,10 @@ +#!/bin/bash -x +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl + +$gmssl version +$gmssl version -v +$gmssl version -e +$gmssl version -d +$gmssl version -a diff --git a/demos/scripts/x509.sh b/demos/scripts/x509.sh new file mode 100755 index 00000000..1c5c8259 --- /dev/null +++ b/demos/scripts/x509.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved. + +gmssl=gmssl + +paramfile=ecparam.pem +keyfile=eckey.pem +pubkeyfile=ecpubkey.pem +pkeyopt="-pkeyopt ec_paramgen_curve:sm2p256v1" + +$gmssl ecparam -list_curves | grep sm2 +$gmssl ecparam -text -noout -name sm2p256v1 -param_enc explicit +$gmssl genpkey -genparam -algorithm EC -out sm2p256v1.pem -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve +$gmssl genpkey -algorithm EC -out sm2key.pem -pkeyopt ec_paramgen_curve:sm2p256v1 -pkeyopt ec_param_enc:named_curve +$gmssl pkey -text -noout -in sm2key.pem +$gmssl pkey -in sm2key.pem -pubout -out sm2pubkey.pem +$gmssl pkey -text -noout -pubin -in $pubkeyfile + +echo hello | $gmssl pkeyutl -sign -inkey sm2key.pem -pkeyopt ec_scheme:sm2 > sm2sig.der +echo hello | $gmssl pkeyutl -verify -inkey sm2key.pem -sigfile sm2sig.der -pkeyopt ec_scheme:sm2 +echo hello | $gmssl pkeyutl -encrypt -inkey sm2key.pem -pkeyopt ec_scheme:sm2 > sm2ciphertext.bin + +cat sm2ciphertext.bin | $gmssl pkeyutl -decrypt -inkey sm2key.pem -pkeyopt ec_scheme:sm2 + +#$gmssl req -new -x509 -days 3650 -key sm2key.pem -out cert.pem +#$gmssl x509 -text -noout -in $DIR/cacert.pem