Update some demos

2026-05-07 08:56:17 +08:00 · 2018-10-31 11:03:21 +08:00
parent 9eadfd4cb6
commit 676076278d
37 changed files with 2277 additions and 141 deletions
--- a/crypto/cpk/cpk_lcl.h
+++ b/crypto/cpk/cpk_lcl.h
@@ -52,6 +52,7 @@
 #include <openssl/x509.h>
 #include <openssl/ossl_typ.h>

+#define CPK_VERSION 2

 struct cpk_master_secret_st {
 	long version;
--- a/crypto/cpk/cpk_lib.c
+++ b/crypto/cpk/cpk_lib.c
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2007 - 2016 The GmSSL Project.  All rights reserved.
+ * Copyright (c) 2007 - 2018 The GmSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -68,148 +68,136 @@ static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id);
 static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id);


-CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, int pkey_nid, int map_nid)
+CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, int curve, int map)
 {
-	int e = 1;
+	CPK_MASTER_SECRET *ret = NULL;
 	CPK_MASTER_SECRET *master = NULL;
-	BIGNUM *bn = NULL;
-	BIGNUM *order = NULL;
-	X509_PUBKEY *pubkey = NULL;
-	X509_ALGOR *pkey_algor;
-	int pkey_type;
-	int i, bn_size, num_factors;
-	unsigned char *bn_ptr;
+	EC_KEY *ec_key = NULL;
 	EVP_PKEY *pkey = NULL;
-	X509_ALGOR *map_algor = NULL;
-
-	if (!domain_id) {
-		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-	}
-	if (strlen(domain_id) <= 0 || strlen(domain_id) > CPK_MAX_ID_LENGTH) {
-		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_ID_LENGTH);
-		return NULL;
-	}
-
-	/* pkey type and domain parameters is required
-	 * EC:curve
-	 * SM9:curve ...
-	 *
-	 * so we do not check pkey_nid
-	 */
-
-	//FIXME: merge into ec routine
-	EC_KEY *ec = EC_KEY_new_by_curve_name(NID_sm2p256v1);
-	EC_KEY_generate_key(ec);
-	pkey = EVP_PKEY_new();
-	EVP_PKEY_set1_EC_KEY(pkey, ec);
-	//FIXME: free ec
-	map_algor = CPK_MAP_new(map_nid);
-
-	pkey_type = EVP_PKEY_id(pkey);
-	if (pkey_type == EVP_PKEY_EC) {
-		const EC_GROUP *ec_group;
-		if (!(order = BN_new())) {
-			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		ec_group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0(pkey));
-		if (!EC_GROUP_get_order(ec_group, order, NULL)) {
-			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
-			goto err;
-		}
-		OPENSSL_assert(EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0(pkey)) != NULL);
-	} else {
-		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_PKEY_TYPE);
-		goto err;
-	}
+	X509_PUBKEY *pubkey = NULL;
+	const BIGNUM *order;
+	int order_bytes;
+	int num_factors;
+	unsigned char *secret_buf = NULL;
+	size_t secret_len;
+	unsigned char *p;
+	BIGNUM *bn = NULL;
+	int i;

+	/* check domain_id */
 	if (!(master = CPK_MASTER_SECRET_new())) {
 		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
-		goto err;
+		goto end;
+	}
+
+	/* set version */
+	master->version = CPK_VERSION;
+
+	/* set domain_id */
+	if (!domain_id) {
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_PASSED_NULL_PARAMETER);
+		goto end;
+	}
+
+	if (strlen(domain_id) <= 0 || strlen(domain_id) > CPK_MAX_ID_LENGTH) {
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_ID_LENGTH);
+		goto end;
 	}

-	master->version = 1;
 	if (!X509_NAME_add_entry_by_NID(master->id, NID_organizationName,
 		MBSTRING_UTF8, (unsigned char *)domain_id, -1, -1, 0)) {
 		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
-		goto err;
+		goto end;
 	}

-	/*
-	 * convert EVP_PKEY to X509_ALGOR through X509_PUBKEY_set
-	 * X509_ALGOR_set0() is another choice but require more code
-	 */
-	// FIXME: X509_PUBKEY require pkey has a public key
-	if (!X509_PUBKEY_set(&pubkey, pkey)) {
+	/* set pkey algor */
+	if (!(ec_key = EC_KEY_new_by_curve_name(curve))) {
+		//CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_CURVE);
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
+		goto end;
+	}
+
+	if (!(pkey = EVP_PKEY_new())
+		|| !EVP_PKEY_set1_EC_KEY(pkey, ec_key)) {
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_EVP_LIB);
+		goto end;
+	}
+	if (!(pubkey = X509_PUBKEY_new())
+		|| !X509_PUBKEY_set(&pubkey, pkey)
+		|| !X509_PUBKEY_get0_param(NULL, NULL, NULL, &master->pkey_algor, pubkey)) {
 		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
-		goto err;
+		goto end;
 	}

-	X509_PUBKEY_get0_param(NULL, NULL, NULL, &pkey_algor, pubkey);
-	X509_ALGOR_free(master->pkey_algor);
-	if (!(master->pkey_algor = X509_ALGOR_dup(pkey_algor))) {
-		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
-		goto err;
+	/* get order and order_bytes */
+	if (!(order = EC_GROUP_get0_order(EC_KEY_get0_group(ec_key)))
+		|| !(order_bytes = BN_num_bytes(order))) {
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
+		goto end;
 	}

-	//FIXME: check the validity of CPK_MAP
+	/* set map algor */
 	X509_ALGOR_free(master->map_algor);
-	if (!(master->map_algor = X509_ALGOR_dup(map_algor))) {
-		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if ((num_factors = CPK_MAP_num_factors(map_algor)) <= 0) {
-		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_MAP_ALGOR);
-		goto err;
+	if (!(master->map_algor = CPK_MAP_new(map))) {
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
+		goto end;
 	}

-	/*
-	 * create secret factors, for both DSA and EC,
-	 * the private keys are both big integers,
-	 */
-	bn_size = BN_num_bytes(order);
-	if (!ASN1_STRING_set(master->secret_factors, NULL, bn_size * num_factors)) {
-		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_ASN1_LIB);
-		goto err;
+	/* get num_factors */
+	if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_MAP_ALGOR);
+		goto end;
 	}
-	bn_ptr = master->secret_factors->data;
-	memset(bn_ptr, 0, ASN1_STRING_length(master->secret_factors));
+
+	/* set random secret_factors */
+	secret_len = order_bytes * num_factors;
+	if (!(secret_buf = OPENSSL_zalloc(secret_len))) {
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
+		goto end;
+	}
+	p = secret_buf;

 	if (!(bn = BN_new())) {
 		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
-		goto err;
+		goto end;
 	}
 	for (i = 0; i < num_factors; i++) {
 		do {
 			if (!BN_rand_range(bn, order)) {
 				CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE,
 					ERR_R_BN_LIB);
-				goto err;
+				goto end;
 			}
 		} while (BN_is_zero(bn));

-		if (!BN_bn2bin(bn, bn_ptr + bn_size - BN_num_bytes(bn))) {
+		if (!BN_bn2bin(bn, p + order_bytes - BN_num_bytes(bn))) {
 			CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_BN_LIB);
-			goto err;
+			goto end;
 		}
-		bn_ptr += bn_size;
+		p += order_bytes;
 	}

-	e = 0;
-err:
-	if (e && master) {
-		CPK_MASTER_SECRET_free(master);
-		master = NULL;
+	if (!ASN1_STRING_set(master->secret_factors, secret_buf, secret_len)) {
+		CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_ASN1_LIB);
+		goto end;
 	}
+
+	ret = master;
+	master = NULL;
+
+end:
+	CPK_MASTER_SECRET_free(master);
+	EC_KEY_free(ec_key);
+	EVP_PKEY_free(pkey);
 	X509_PUBKEY_free(pubkey);
-	if (order && pkey_type == EVP_PKEY_EC) BN_free(order);
-	if (bn) BN_free(bn);
-	return master;
+	OPENSSL_clear_free(secret_buf, secret_len);
+	BN_free(bn);
+	return ret;
 }

 CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master)
 {
+	CPK_PUBLIC_PARAMS *ret = NULL;
 	CPK_PUBLIC_PARAMS *param = NULL;
 	int pkey_type;

@@ -261,16 +249,19 @@ CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *ma
 		CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, CPK_R_INVALID_PKEY_TYPE);
 		goto err;
 	}
-	return param;
+
+	ret = param;
+	param = NULL;

 err:
-	if (param) CPK_PUBLIC_PARAMS_free(param);
-	return NULL;
+	CPK_PUBLIC_PARAMS_free(param);
+	return ret;
 }

 EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(
 	CPK_MASTER_SECRET *master, const char *id)
 {
+	EVP_PKEY *ret = NULL;
 	EVP_PKEY *pkey = NULL;
 	int pkey_type;

@@ -302,16 +293,18 @@ EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(
 		goto err;
 	}

-	return pkey;
+	ret = pkey;
+	pkey = NULL;

 err:
-	if (pkey) EVP_PKEY_free(pkey);
-	return NULL;
+	EVP_PKEY_free(pkey);
+	return ret;
 }

 EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *param,
 	const char *id)
 {
+	EVP_PKEY *ret = NULL;
 	EVP_PKEY *pkey = NULL;
 	int pkey_type;

@@ -344,11 +337,12 @@ EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *param,
 		goto err;
 	}

-	return pkey;
+	ret = pkey;
+	pkey = NULL;

 err:
-	if (pkey) EVP_PKEY_free(pkey);
-	return NULL;
+	EVP_PKEY_free(pkey);
+	return ret;
 }

 char *CPK_MASTER_SECRET_get_name(CPK_MASTER_SECRET *master, char *buf, int size)
@@ -420,7 +414,7 @@ int CPK_PUBLIC_PARAMS_validate_private_key(CPK_PUBLIC_PARAMS *params,
 	}
 	ret = EVP_PKEY_cmp(pub_key, priv_key);
 err:
-	if (pub_key) EVP_PKEY_free(pub_key);
+	EVP_PKEY_free(pub_key);
 	return ret;
 }

@@ -546,17 +540,17 @@ static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param

 	ret = 1;
 err:
-	if (ec_key) EC_KEY_free(ec_key);
-	if (bn) BN_free(bn);
-	if (order) BN_free(order);
-	if (ctx) BN_CTX_free(ctx);
-	if (pt) EC_POINT_free(pt);
+	EC_KEY_free(ec_key);
+	BN_free(bn);
+	BN_free(order);
+	BN_CTX_free(ctx);
+	EC_POINT_free(pt);
 	return ret;
 }

 static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id)
 {
-	int e = 1;
+	EC_KEY *ret = NULL;
 	EC_KEY *ec_key = NULL;
 	const EC_GROUP *ec_group;
 	EC_POINT *pub_key = NULL;
@@ -634,25 +628,24 @@ static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id)
 		CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
 		goto err;
 	}
-	e = 0;
+
+	ret = ec_key;
+	ec_key = NULL;

 err:
-	if (e && ec_key) {
-		EC_KEY_free(ec_key);
-		ec_key = NULL;
-	}
-	if (priv_key) BN_free(priv_key);
-	if (pub_key) EC_POINT_free(pub_key);
-	if (order) BN_free(order);
-	if (bn) BN_free(bn);
-	if (ctx) BN_CTX_free(ctx);
-	if (index) OPENSSL_free(index);
-	return ec_key;
+	EC_KEY_free(ec_key);
+	BN_free(priv_key);
+	EC_POINT_free(pub_key);
+	BN_free(order);
+	BN_free(bn);
+	BN_CTX_free(ctx);
+	OPENSSL_free(index);
+	return ret;
 }

 static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
 {
-	int e = 1;
+	EC_KEY *ret = NULL;
 	EC_KEY *ec_key = NULL;
 	const EC_GROUP *ec_group;
 	EC_POINT *pub_key = NULL;
@@ -730,16 +723,16 @@ static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
 		CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
 		goto err;
 	}
-	e = 0;
+
+	ret = ec_key;
+	ec_key = NULL;
+
 err:
-	if (e && ec_key) {
-		EC_KEY_free(ec_key);
-		ec_key = NULL;
-	}
-	if (pub_key) EC_POINT_free(pub_key);
-	if (order) BN_free(order);
-	if (bn) BN_free(bn);
-	if (ctx) BN_CTX_free(ctx);
-	if (index) OPENSSL_free(index);
-	return ec_key;
+	EC_KEY_free(ec_key);
+	EC_POINT_free(pub_key);
+	BN_free(order);
+	BN_free(bn);
+	BN_CTX_free(ctx);
+	OPENSSL_free(index);
+	return ret;
 }
--- a/demos/cpk/cpk-setup.c
+++ b/demos/cpk/cpk-setup.c
@@ -71,7 +71,7 @@ int main(int argc, char **argv)
 		return 0;
 	}

-	if (!(msk = CPK_MASTER_SECRET_create("codesign", 0, NID_cpk_map_sha1))
+	if (!(msk = CPK_MASTER_SECRET_create("codesign", NID_sm2p256v1, NID_cpk_map_sha1))
 		|| !(mpk = CPK_MASTER_SECRET_extract_public_params(msk))) {
 		ERR_print_errors_fp(stderr);
 		goto end;
--- a/demos/fpe/Makefile
+++ b/demos/fpe/Makefile
@@ -0,0 +1,12 @@
+all:
+	gcc fpe-encrypt.c -L /usr/local/lib -lcrypto -o fpe-encrypt
+	gcc fpe-decrypt.c -L /usr/local/lib -lcrypto -o fpe-decrypt
+
+test:
+	./fpe-encrypt 0123456789012345 secretkey tweak001
+	./fpe-decrypt 6492610187935136 secretkey tweak001
+
+clean:
+	rm -fr a.out
+	rm -fr fpe-encrypt
+	rm -fr fpe-decrypt
--- a/demos/fpe/fpe-decrypt.c
+++ b/demos/fpe/fpe-decrypt.c
@@ -0,0 +1,110 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Alert:
+ * This is a only a demo of the FFX format-preserving encryption algorithm,
+ * the encryption key should not be read from command line argumnents, and
+ * the key and tweak should be binary (full 8-bit per char).
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/ffx.h>
+#include <openssl/is_gmssl.h>
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	char *prog = basename(argv[0]);
+	FFX_CTX *ctx = NULL;
+	unsigned char key[32] = {0};
+	char out[FFX_MAX_DIGITS + 1] = {0};
+
+	if (argc != 4) {
+		printf("usage: %s <digits> <key> <tweak>\n", prog);
+		return -1;
+	}
+	if (strlen(argv[1]) < FFX_MIN_DIGITS || strlen(argv[1]) > FFX_MAX_DIGITS) {
+		fprintf(stderr, "%s: invalid digits length, should be %d to %d\n",
+			prog, FFX_MIN_DIGITS, FFX_MAX_DIGITS);
+		return -1;
+	}
+	if (strlen(argv[2]) < FFX_MIN_TWEAKLEN || strlen(argv[2]) > FFX_MAX_TWEAKLEN) {
+		fprintf(stderr, "%s: invalid tweak length, should be %d to %d\n",
+			prog, FFX_MIN_TWEAKLEN, FFX_MAX_TWEAKLEN);
+		return -1;
+	}
+	strncpy((char *)key, argv[2], sizeof(key));
+
+	if (!(ctx = FFX_CTX_new())) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (!FFX_init(ctx, EVP_sms4_ecb(), key, 0)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+	if (!FFX_decrypt(ctx, argv[1], out, strlen(argv[1]),
+		(unsigned char *)argv[3], strlen(argv[3]))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+	printf("%s\n", out);
+
+	ret = 0;
+
+end:
+	FFX_CTX_free(ctx);
+	return ret;
+}
--- a/demos/fpe/fpe-encrypt.c
+++ b/demos/fpe/fpe-encrypt.c
@@ -0,0 +1,110 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Alert:
+ * This is a only a demo of the FFX format-preserving encryption algorithm,
+ * the encryption key should not be read from command line argumnents, and
+ * the key and tweak should be binary (full 8-bit per char).
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/ffx.h>
+#include <openssl/is_gmssl.h>
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	char *prog = basename(argv[0]);
+	FFX_CTX *ctx = NULL;
+	unsigned char key[32] = {0};
+	char out[FFX_MAX_DIGITS + 1] = {0};
+
+	if (argc != 4) {
+		printf("usage: %s <digits> <key> <tweak>\n", prog);
+		return -1;
+	}
+	if (strlen(argv[1]) < FFX_MIN_DIGITS || strlen(argv[1]) > FFX_MAX_DIGITS) {
+		fprintf(stderr, "%s: invalid digits length, should be %d to %d\n",
+			prog, FFX_MIN_DIGITS, FFX_MAX_DIGITS);
+		return -1;
+	}
+	if (strlen(argv[2]) < FFX_MIN_TWEAKLEN || strlen(argv[2]) > FFX_MAX_TWEAKLEN) {
+		fprintf(stderr, "%s: invalid tweak length, should be %d to %d\n",
+			prog, FFX_MIN_TWEAKLEN, FFX_MAX_TWEAKLEN);
+		return -1;
+	}
+	strncpy((char *)key, argv[2], sizeof(key));
+
+	if (!(ctx = FFX_CTX_new())) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (!FFX_init(ctx, EVP_sms4_ecb(), key, 0)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+	if (!FFX_encrypt(ctx, argv[1], out, strlen(argv[1]),
+		(unsigned char *)argv[3], strlen(argv[3]))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+	printf("%s\n", out);
+
+	ret = 0;
+
+end:
+	FFX_CTX_free(ctx);
+	return ret;
+}
--- a/demos/otp/otp-setup.c
+++ b/demos/otp/otp-setup.c
@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <libgen.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/is_gmssl.h>
+
+int main(int argc, char **argv)
+{
+	BIO *bio = NULL;
+	unsigned char key[32];
+
+	if (!RAND_bytes(key, sizeof(key))) {
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+
+	if (!(bio = BIO_new_file(".otp_secret", "w"))) {
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+
+	if (BIO_write(bio, key, sizeof(key)) != sizeof(key)) {
+		ERR_print_errors_fp(stderr);
+		BIO_free(bio);
+		return -1;
+	}
+
+	printf("generate OTP seed in '.otp_secret'\n");
+
+	BIO_free(bio);
+	OPENSSL_cleanse(key, sizeof(key));
+
+	return 0;
+}
--- a/demos/otp/otp.c
+++ b/demos/otp/otp.c
@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <libgen.h>
+#include <openssl/err.h>
+#include <openssl/otp.h>
+#include <openssl/objects.h>
+#include <openssl/is_gmssl.h>
+
+int main(int argc, char **argv)
+{
+	char *prog = basename(argv[0]);
+	BIO *bio = NULL;
+	OTP_PARAMS params;
+	unsigned char key[32] = {0};
+	unsigned char event[] = "this is a fixed value";
+	unsigned int otp;
+
+	params.type = NID_sm3;
+	params.te = 1;
+	params.option = NULL;
+	params.option_size = 0;
+	params.otp_digits = 6;
+
+	if (!(bio = BIO_new_file(".otp_secret", "r"))) {
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+	if (BIO_read(bio, key, sizeof(key)) != sizeof(key)) {
+		ERR_print_errors_fp(stderr);
+		BIO_free(bio);
+		return -1;
+	}
+	BIO_free(bio);
+
+	if (!OTP_generate(&params, event, sizeof(event), &otp, key, sizeof(key))) {
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+
+	printf("%06u\n", otp);
+	return 0;
+}
--- a/demos/sdf/Makefile
+++ b/demos/sdf/Makefile
@@ -0,0 +1,10 @@
+all:
+	gcc sdf.c libsdf.so -o sdf
+	gcc sdf.c -DUSE_GMAPI -L /usr/local/lib -lcrypto -o sdf-gmapi
+
+test:
+	./sdf-gmapi
+
+clean:
+	rm -fr sdf
+	rm -fr sdf-gmaip
--- a/demos/sdf/sdf.c
+++ b/demos/sdf/sdf.c
@@ -0,0 +1,87 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <libgen.h>
+#ifdef USE_GMAPI
+# include <openssl/err.h>
+# include <openssl/gmsdf.h>
+# include <openssl/is_gmssl.h>
+#else
+/*
+ * We need vendor's SDF dynamic library and headers, for example when using
+ * Sansec PCI-E SDF card, make the following link:
+ * `ln -s /path/to/sansec/lib/linux/x86_64/libswsds.so.4.6.2.0_x64 libsdf.so`
+ * `ln -s /path/to/sansec/include/swsds.h sdf.h`
+ */
+# include "sdf.h"
+#endif
+
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	char *prog = basename(argv[0]);
+	int rv;
+	void *hDev = NULL;
+	void *hSession = NULL;
+	DEVICEINFO devInfo;
+
+#ifdef USE_GMAPI
+	if (argc != 2) {
+		printf("usage: %s <libsdf.so>\n", prog);
+		return -1;
+	}
+
+	if ((rv = SDF_LoadLibrary(argv[1], NULL)) != SDR_OK) {
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+#endif
+
+	if ((rv = SDF_OpenDevice(&hDev)) != SDR_OK) {
+		fprintf(stderr, "%s: SDF_OpenDevice() return %08X", prog, rv);
+		goto end;
+	}
+
+	if ((rv = SDF_OpenSession(hDev, &hSession)) != SDR_OK) {
+		fprintf(stderr, "%s: SDF_OpenSession() return %08X", prog, rv);
+		goto end;
+	}
+
+	if ((rv = SDF_GetDeviceInfo(hSession, &devInfo)) != SDR_OK) {
+		fprintf(stderr, "%s: SDF_GetDeviceInfo() return %08X", prog, rv);
+		goto end;
+	}
+
+#ifdef USE_GMAPI
+	if ((rv = SDF_PrintDeviceInfo(&devInfo)) != SDR_OK) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+#endif
+
+	if ((rv = SDF_CloseSession(hSession)) != SDR_OK) {
+		fprintf(stderr, "%s: SDF_CloseSession() return %08X", prog, rv);
+		goto end;
+	}
+
+	if ((rv = SDF_CloseDevice(hDev)) != SDR_OK) {
+		fprintf(stderr, "%s: SDF_CloseDevice() return %08X", prog, rv);
+		goto end;
+	}
+
+	ret = 0;
+
+end:
+#ifdef USE_GMAPI
+	if (rv != SDR_OK) {
+		char *errstr;
+		SDF_GetErrorString(rv, &errstr);
+		fprintf(stderr, "%s: %s\n", prog, errstr);
+		ERR_print_errors_fp(stderr);
+	}
+
+	SDF_UnloadLibrary();
+#endif
+	return ret;
+}
--- a/demos/skf/Makefile
+++ b/demos/skf/Makefile
@@ -0,0 +1,11 @@
+all:
+	#gcc skf.c libskf.so -o skf
+	gcc skf.c -DUSE_GMAPI -lcrypto -o skf-gmapi
+
+test:
+	#./skf
+	./skf-gmapi
+
+clean:
+	rm -fr skf
+	rm -fr skf-gmapi
--- a/demos/skf/skf.c
+++ b/demos/skf/skf.c
@@ -0,0 +1,88 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <libgen.h>
+/*
+ * When USE_GMAPI, the code need to load vendor's SKF dynamic library through
+ * the GmSSL SKF framework, and the error string can be printed through the ERR
+ * module.
+ */
+#ifdef USE_GMAPI
+# include <openssl/err.h>
+# include <openssl/gmskf.h>
+# include <openssl/is_gmssl.h>
+#else
+/*
+ * Else the code can be directly linked with vendor's static or dynamic SKF
+ * library, and the code also need the vendor's SKF header files.
+ */
+# include "skf.h"
+#endif
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	char *prog = basename(argv[0]);
+	ULONG rv;
+	LPSTR nameList = NULL;
+	ULONG ulSize;
+	DEVHANDLE hDev;
+	DEVINFO devInfo;
+
+#ifdef USE_GMAPI
+	if (argc != 2) {
+		printf("usage: %s <libskf.so>\n", prog);
+		return -1;
+	}
+
+	if ((rv = SKF_LoadLibrary((LPSTR)argv[1], NULL)) != SAR_OK) {
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+#endif
+
+	if ((rv = SKF_EnumDev(TRUE, NULL, &ulSize)) != SAR_OK) {
+		fprintf(stderr, "%s: SKF_EnumDev() return %u\n", prog, rv);
+		goto end;
+	}
+
+	if (!(nameList = malloc(ulSize))) {
+		goto end;
+	}
+
+	if ((rv = SKF_EnumDev(TRUE, nameList, &ulSize)) != SAR_OK) {
+		fprintf(stderr, "%s: SKF_EnumDev() return %u\n", prog, rv);
+		goto end;
+	}
+
+	if ((rv = SKF_ConnectDev(nameList, &hDev)) != SAR_OK) {
+		fprintf(stderr, "%s: SKF_EnumDev() return %u\n", prog, rv);
+		goto end;
+	}
+
+	if ((rv = SKF_GetDevInfo(hDev, &devInfo)) != SAR_OK) {
+		fprintf(stderr, "%s: SKF_EnumDev() return %u\n", prog, rv);
+		goto end;
+	}
+
+#ifdef USE_GMAPI
+	if ((rv = SKF_PrintDevInfo(&devInfo)) != SAR_OK) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+#endif
+
+	if ((rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
+		fprintf(stderr, "%s: SKF_EnumDev() return %u\n", prog, rv);
+		goto end;
+	}
+
+	ret = 0;
+
+end:
+#ifdef USE_GMAPI
+	SKF_UnloadLibrary();
+#endif
+	free(nameList);
+	return ret;
+}
--- a/demos/sm1/build.info
+++ b/demos/sm1/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=sm1.c sm1_ecb.c sm1_cbc.c sm1_cfb.c sm1_ofb.c
--- a/demos/sm1/e_sm1.c
+++ b/demos/sm1/e_sm1.c
@@ -0,0 +1,89 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+ /*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#include <openssl/evp.h>
+#include <openssl/sm1.h>
+#include <openssl/crypto.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+# include "internal/evp_int.h"
+#include "../modes/modes_lcl.h"
+
+
+typedef struct {
+	SM1_KEY ks;
+} EVP_SM1_KEY;
+
+static int sm1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc)
+{
+	if (enc) {
+		ret = SM1_set_encrypt_key(
+			&EVP_C_DATA(EVP_SM1_KEY, ctx)->ks, key);
+	} else {
+		ret = SM1_set_decrypt_key(
+			&EVP_C_DATA(EVP_SM1_KEY, ctx)->ks, key);
+	}
+	return ret;
+}
+
+IMPLEMENT_BLOCK_CIPHER(sm1, ks, SM1, EVP_SM1_KEY, NID_sm1,
+	16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+	sm1_init_key, 0, 0, 0, 0)
+
--- a/demos/sm1/sm1.c
+++ b/demos/sm1/sm1.c
@@ -0,0 +1,78 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/*
+ * As currently we dont have implementations, all these functions will
+ * return error. Maybe in the future there will be some hardware based
+ * implementations. For example, some of the code is compiled and running
+ * inside a crypto device, then there might be implementation.
+ */
+/*
+ * we need to generate some runtime alerts when these functions are called.
+ */
+
+int SM1_set_encrypt_key(SM1_KEY *key, const unsigned char *user_key)
+{
+	return 0;
+}
+
+int SM1_set_decrypt_key(SM1_KEY *key, const unsigned char *user_key)
+{
+	return 0;
+}
+
+int SM1_encrypt(const unsigned char *in, unsigned char *out, SM1_KEY *key)
+{
+	return 0;
+}
+
+int SM1_decrypt(const unsigned char *in, unsigned char *out, SM1_KEY *key)
+{
+	return 0;
+}
--- a/demos/sm1/sm1.h
+++ b/demos/sm1/sm1.h
@@ -0,0 +1,66 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_SM1_H
+#define HEADER_SM1_H
+
+#define SM1_KEY_LENGTH		16
+#define SM1_BLOCK_SIZE		16
+#define SM1_IV_LENGTH		(SM1_BLOCK_SIZE)
+
+typedef struct sm1_key_st {
+	unsigned int rk[64];
+} SM1_KEY;
+
+int SM1_set_encrypt_key(SM1_KEY *key, const unsigned char *user_key);
+int SM1_set_decrypt_key(SM1_KEY *key, const unsigned char *user_key);
+int SM1_encrypt(const unsigned char *in, unsigned char *out, SM1_KEY *key);
+int SM1_decrypt(const unsigned char *in, unsigned char *out, SM1_KEY *key);
+
+#endif
--- a/demos/sm1/sm1_cbc.c
+++ b/demos/sm1/sm1_cbc.c
@@ -0,0 +1,72 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm1.h>
+#include <openssl/modes.h>
+
+void SM1_cbc_encrypt(const unsigned char *in, unsigned char *out,
+	size_t inlen, const SM1_KEY *key,
+	unsigned char ivec[SM1_BLOCK_SIZE], int enc)
+{
+	if (enc) {
+		CRYPTO_cbc128_encrypt(in, out, inlen, key, ivec,
+			(block128_f)SM1_encrypt);
+	} else {
+		CRYPTO_cbc128_decrypt(in, out, inlen, key, ivec,
+			(block128_f)SM1_decrypt);
+	}
+}
--- a/demos/sm1/sm1_cfb.c
+++ b/demos/sm1/sm1_cfb.c
@@ -0,0 +1,68 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm1.h>
+#include <openssl/modes.h>
+
+void SM1_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	size_t inlen, const SM1_KEY *key,
+	unsigned char ivec[SM1_BLOCK_SIZE], int *num, int enc)
+{
+	CRYPTO_cfb128_encrypt(in, out, inlen, key, ivec, num, enc,
+		(block128_f)SM1_encrypt);
+}
+
--- a/demos/sm1/sm1_ecb.c
+++ b/demos/sm1/sm1_ecb.c
@@ -0,0 +1,68 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm1.h>
+
+void SM1_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	const SM1_KEY *key, int enc)
+{
+	if (enc) {
+		SM1_encrypt(in, out, key);
+	} else {
+		SM1_decrypt(in, out, key);
+	}
+}
--- a/demos/sm1/sm1_ofb.c
+++ b/demos/sm1/sm1_ofb.c
@@ -0,0 +1,68 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/sm1.h>
+#include <openssl/modes.h>
+
+void SM1_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	size_t inlen, const SM1_KEY *key,
+	unsigned char ivec[SM1_BLOCK_SIZE], int *num)
+{
+	CRYPTO_ofb128_encrypt(in, out, inlen, key, ivec, num,
+		(block128_f)SM1_encrypt);
+}
+
--- a/demos/sm2/Makefile
+++ b/demos/sm2/Makefile
@@ -0,0 +1,15 @@
+all:
+	gcc keygen.c -L /usr/local/lib -lcrypto -o keygen
+	gcc keygen.c -DENCRYPT_KEY -DNO_PROMPT -L /usr/local/lib -lcrypto -o keygen-enc
+	gcc keygen.c -DENCRYPT_KEY -L /usr/local/lib -lcrypto -o keygen-enc-prompt
+
+test:
+	./keygen
+	./keygen-enc
+	./keygen-enc-prompt
+
+clean:
+	rm -fr a.out
+	rm -fr keygen
+	rm -fr keygen-enc
+	rm -fr keygen-enc-prompt
--- a/demos/sm2/keygen.c
+++ b/demos/sm2/keygen.c
@@ -0,0 +1,106 @@
+
+/*
+ * This demo shows how to:
+ *  - generate SM2 private
+ *  - encrypt SM2 private key with SM4
+ *  - output public/private key in PEM format
+ *  - generate the SM2 Z value from public key
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <openssl/ec.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/sm2.h>
+#include <openssl/objects.h>
+#include <openssl/is_gmssl.h>
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	char *prog = basename(argv[0]);
+	EC_KEY *ec_key = NULL;
+	EVP_PKEY *pkey = NULL;
+	const EVP_CIPHER *cipher = NULL;
+	char *pass = NULL;
+	char *id = "12345678";
+	unsigned char z[64];
+	size_t zlen = sizeof(z);
+	int i;
+
+	if (argc > 2) {
+		printf("usage: %s <id>\n", prog);
+		return -1;
+	}
+	if (argc == 2) {
+		id = argv[1];
+	}
+
+	/* generate sm2 private key using EC_KEY API */
+	if (!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (!EC_KEY_generate_key(ec_key)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* assign EC_KEY to EVP_PKEY */
+	if (!(pkey = EVP_PKEY_new())) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+	ec_key = NULL; /* free-ed by EVP_PKEY */
+
+#ifdef ENCRYPT_KEY
+	/* generate PKCS #8 EncryptedPrivateKeyInfo with SM4
+	 * else unencrypted PKCS #8 PrivateKeyInfo is generated.
+	 */
+	cipher = EVP_sms4_cbc();
+# ifdef NO_PROMPT
+	/* else user need to input password from prompt */
+	pass = "P@ssw0rd";
+# endif
+#endif
+	/* generate PKCS #8 in PEM format */
+	if (!PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, 0, pass)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* generate public key in pem format */
+	if (!PEM_write_EC_PUBKEY(stdout, EVP_PKEY_get0_EC_KEY(pkey))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* generate Z value in HEX */
+	if (!SM2_compute_id_digest(EVP_sm3(), id, strlen(id), z, &zlen,
+		EVP_PKEY_get0_EC_KEY(pkey))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+	printf("Z = ");
+	for (i = 0; i < zlen; i++) {
+		printf("%02X", z[i]);
+	}
+	printf("\n");
+
+	ret = 0;
+
+end:
+	EC_KEY_free(ec_key);
+	EVP_PKEY_free(pkey);
+	return ret;
+}
--- a/demos/sm3/Makefile
+++ b/demos/sm3/Makefile
@@ -0,0 +1,14 @@
+all:
+	gcc sm3.c -L /usr/local/lib -lcrypto -o sm3
+	gcc sm3evp.c -L /usr/local/lib -lcrypto -o sm3evp
+	gcc sm3hmac.c -L /usr/local/lib -lcrypto -o sm3hmac
+
+test:
+	echo "hello" | ./sm3
+	echo "hello" | ./sm3evp
+	echo "hello" | ./sm3hmac
+
+clean:
+	rm -fr sm3
+	rm -fr sm3evp
+	rm -fr sm3hmac
--- a/demos/sm3/sm3.c
+++ b/demos/sm3/sm3.c
@@ -0,0 +1,92 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * This SM3 demo use the native sm3_init/update/final APIs
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <libgen.h>
+#include <openssl/sm3.h>
+#include <openssl/is_gmssl.h>
+
+int main(int argc, char **argv)
+{
+	sm3_ctx_t ctx;
+	unsigned char dgst[SM3_DIGEST_LENGTH];
+	unsigned char buf[4096];
+	ssize_t len;
+	int i;
+
+	if (argc > 1) {
+		printf("usage: %s < file\n", basename(argv[0]));
+		return -1;
+	}
+
+	/* init sm3 context */
+	sm3_init(&ctx);
+
+	/* increamental update data to be hashed */
+	while ((len = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
+		sm3_update(&ctx, buf, len);
+	}
+
+	/* get hash value */
+	sm3_final(&ctx, dgst);
+
+	/* print hash in hex */
+	for (i = 0; i < sizeof(dgst); i++) {
+		printf("%02X", dgst[i]);
+	}
+	printf("\n");
+
+	return 0;
+}
--- a/demos/sm3/sm3evp.c
+++ b/demos/sm3/sm3evp.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * This SM3 demo use the abstract EVP API
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/is_gmssl.h>
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	FILE *fp = stdin;
+	unsigned char buf[1024];
+	size_t len;
+	const EVP_MD *md = EVP_sm3();
+	EVP_MD_CTX *mdctx = NULL;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen, i;
+
+	/* hash a file when argv[1] exist, or from stdin */
+	if (argc == 2) {
+		if (!(fp = fopen(argv[1], "r"))) {
+			fprintf(stderr, "open file %s failed\n", argv[1]);
+			return -1;
+		}
+	}
+
+	/* get the SM3 EVP_MD object by name */
+	if (!(md = EVP_get_digestbyname("sm3"))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* create message digest (MD) context */
+	if (!(mdctx = EVP_MD_CTX_new())) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* set digest method, i.e. sm3 */
+	if (!EVP_DigestInit(mdctx, md)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* update data to be digested */
+	while ((len = fread(buf, 1, sizeof(buf), fp))) {
+		if (!EVP_DigestUpdate(mdctx, buf, len)) {
+			ERR_print_errors_fp(stderr);
+			goto end;
+		}
+	}
+
+	/* get the digest/hash value */
+	if (!EVP_DigestFinal(mdctx, dgst, &dgstlen)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	for (i = 0; i < dgstlen; i++) {
+		printf("%02X", dgst[i]);
+	}
+	printf("\n");
+	ret = 0;
+
+end:
+	fclose(fp);
+	EVP_MD_CTX_free(mdctx);
+	return ret;
+}
--- a/demos/sm3/sm3hmac.c
+++ b/demos/sm3/sm3hmac.c
@@ -0,0 +1,126 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/is_gmssl.h>
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	FILE *fp = stdin;
+	unsigned char key[32];
+	unsigned char buf[1024];
+	int len;
+	const EVP_MD *md;
+	HMAC_CTX *hmctx;
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen, i;
+
+	if (argc == 2) {
+		if (!(fp = fopen(argv[1], "r"))) {
+			fprintf(stderr, "open file %s failed\n", argv[1]);
+			return -1;
+		}
+	}
+
+	/* random generate HMAC key */
+	if (!RAND_bytes(key, sizeof(key))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* create HMAC context */
+	if (!(hmctx = HMAC_CTX_new())) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* get the sm3 EVP object */
+	if (!(md = EVP_get_digestbyname("sm3"))) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* init HMAC hash algorithm (sm3) and key */
+	if (!HMAC_Init_ex(hmctx, key, sizeof(key), md, NULL)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	/* update data to be MACed */
+	while ((len = fread(buf, 1, sizeof(buf), fp))) {
+		if (!HMAC_Update(hmctx, buf, len)) {
+			ERR_print_errors_fp(stderr);
+			goto end;
+		}
+	}
+
+	/* get the final HMAC tag */
+	if (!HMAC_Final(hmctx, mac, &maclen)) {
+		ERR_print_errors_fp(stderr);
+		goto end;
+	}
+
+	for (i = 0; i < maclen; i++) {
+		printf("%02x", mac[i]);
+	}
+	printf("\n");
+	ret = 0;
+
+end:
+	fclose(fp);
+	HMAC_CTX_free(hmctx);
+	return ret;
+}
+
--- a/demos/sm4/Makefile
+++ b/demos/sm4/Makefile
@@ -0,0 +1,11 @@
+all:
+	gcc sms4.c -L /usr/local/lib -lcrypto -o sms4
+	gcc sms4.c -DUSE_RANDOM -L /usr/local/lib -lcrypto -o sms4rnd
+
+test:
+	./sms4
+	./sms4rnd
+
+clean:
+	rm -fr sms4
+	rm -fr sms4rnd
--- a/demos/sm4/sms4.c
+++ b/demos/sm4/sms4.c
@@ -0,0 +1,116 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * This sm4 demo use the native sm3_init/update/final APIs
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <libgen.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/sms4.h>
+#include <openssl/is_gmssl.h>
+
+
+int main(int argc, char **argv)
+{
+	sms4_key_t sms4;
+	unsigned char key[SMS4_KEY_LENGTH] = {0};
+	unsigned char block[SMS4_BLOCK_SIZE] = {0};
+	int i;
+
+#if USE_RANDOM
+	if (!RAND_bytes(key, sizeof(key))
+		|| !RAND_bytes(block, sizeof(block))) {
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+#endif
+
+	printf("key              = ");
+	for (i = 0; i < sizeof(key); i++) {
+		printf("%02X", key[i]);
+	}
+	printf("\n");
+
+	printf("plaintext block  = ");
+	for (i = 0; i < sizeof(block); i++) {
+		printf("%02X", block[i]);
+	}
+	printf("\n");
+
+	/* expand key for encryption */
+	sms4_set_encrypt_key(&sms4, key);
+
+	/* encrypt a block */
+	sms4_encrypt(block, block, &sms4);
+
+	printf("ciphertext block = ");
+	for (i = 0; i < sizeof(block); i++) {
+		printf("%02X", block[i]);
+	}
+	printf("\n");
+
+	/* expand key for decryption */
+	sms4_set_decrypt_key(&sms4, key);
+
+	/* decrypt a block */
+	sms4_decrypt(block, block, &sms4);
+
+	printf("decrypted block  = ");
+	for (i = 0; i < sizeof(block); i++) {
+		printf("%02X", block[i]);
+	}
+	printf("\n");
+
+	return 0;
+}
--- a/demos/ssf33/build.info
+++ b/demos/ssf33/build.info
@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=ssf33.c ssf33_ecb.c ssf33_cbc.c ssf33_cfb.c ssf33_ofb.c
--- a/demos/ssf33/e_ssf33.c
+++ b/demos/ssf33/e_ssf33.c
@@ -0,0 +1,89 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+ /*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#include <openssl/evp.h>
+#include <openssl/ssf33.h>
+#include <openssl/crypto.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+# include "internal/evp_int.h"
+#include "../modes/modes_lcl.h"
+
+
+typedef struct {
+	SSF33_KEY ks;
+} EVP_SSF33_KEY;
+
+static int ssf33_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc)
+{
+	if (enc) {
+		ret = SSF33_set_encrypt_key(
+			&EVP_C_DATA(EVP_SSF33_KEY, ctx)->ks, key);
+	} else {
+		ret = SSF33_set_decrypt_key(
+			&EVP_C_DATA(EVP_SSF33_KEY, ctx)->ks, key);
+	}
+	return ret;
+}
+
+IMPLEMENT_BLOCK_CIPHER(ssf33, ks, SSF33, EVP_SSF33_KEY, NID_ssf33,
+	16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+	ssf33_init_key, 0, 0, 0, 0)
+
--- a/demos/ssf33/ssf33.c
+++ b/demos/ssf33/ssf33.c
@@ -0,0 +1,80 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/ssf33.h>
+
+/*
+ * As currently we dont have implementations, all these functions will
+ * return error. Maybe in the future there will be some hardware based
+ * implementations. For example, some of the code is compiled and running
+ * inside a crypto device, then there might be implementation.
+ */
+/*
+ * we need to generate some runtime alerts when these functions are called.
+ */
+
+int SSF33_set_encrypt_key(SSF33_KEY *key, const unsigned char *user_key)
+{
+	return 0;
+}
+
+int SSF33_set_decrypt_key(SSF33_KEY *key, const unsigned char *user_key)
+{
+	return 0;
+}
+
+int SSF33_encrypt(const unsigned char *in, unsigned char *out, SSF33_KEY *key)
+{
+	return 0;
+}
+
+int SSF33_decrypt(const unsigned char *in, unsigned char *out, SSF33_KEY *key)
+{
+	return 0;
+}
--- a/demos/ssf33/ssf33.h
+++ b/demos/ssf33/ssf33.h
@@ -0,0 +1,67 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_SSF33_H
+#define HEADER_SSF33_H
+
+#define SSF33_KEY_LENGTH		16
+#define SSF33_BLOCK_SIZE		16
+#define SSF33_IV_LENGTH			(SSF33_BLOCK_SIZE)
+
+
+typedef struct ssf33_key_st {
+	unsigned int rk[64];
+} SSF33_KEY;
+
+int SSF33_set_encrypt_key(SSF33_KEY *key, const unsigned char *user_key);
+int SSF33_set_decrypt_key(SSF33_KEY *key, const unsigned char *user_key);
+int SSF33_encrypt(const unsigned char *in, unsigned char *out, SSF33_KEY *key);
+int SSF33_decrypt(const unsigned char *in, unsigned char *out, SSF33_KEY *key);
+
+#endif
--- a/demos/ssf33/ssf33_cbc.c
+++ b/demos/ssf33/ssf33_cbc.c
@@ -0,0 +1,73 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ssf33.h>
+#include <openssl/modes.h>
+
+void SSF33_cbc_encrypt(const unsigned char *in, unsigned char *out,
+	size_t inlen, const SSF33_KEY *key,
+	unsigned char ivec[SSF33_BLOCK_SIZE], int enc)
+{
+	if (enc) {
+		CRYPTO_cbc128_encrypt(in, out, inlen, key, ivec,
+			(block128_f)SSF33_encrypt);
+	} else {
+		CRYPTO_cbc128_decrypt(in, out, inlen, key, ivec,
+			(block128_f)SSF33_decrypt);
+	}
+}
+
--- a/demos/ssf33/ssf33_cfb.c
+++ b/demos/ssf33/ssf33_cfb.c
@@ -0,0 +1,68 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ssf33.h>
+#include <openssl/modes.h>
+
+void SSF33_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	size_t inlen, const SSF33_KEY *key,
+	unsigned char ivec[SSF33_BLOCK_SIZE], int *num, int enc)
+{
+	CRYPTO_cfb128_encrypt(in, out, inlen, key, ivec, num, enc,
+		(block128_f)SSF33_encrypt);
+}
+
--- a/demos/ssf33/ssf33_ecb.c
+++ b/demos/ssf33/ssf33_ecb.c
@@ -0,0 +1,68 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ssf33.h>
+
+void SSF33_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	const SSF33_KEY *key, int enc)
+{
+	if (enc) {
+		SSF33_encrypt(in, out, key);
+	} else {
+		SSF33_decrypt(in, out, key);
+	}
+}
--- a/demos/ssf33/ssf33_ofb.c
+++ b/demos/ssf33/ssf33_ofb.c
@@ -0,0 +1,68 @@
+/* ====================================================================
+ * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ssf33.h>
+#include <openssl/modes.h>
+
+void SSF33_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	size_t inlen, const SSF33_KEY *key,
+	unsigned char ivec[SSF33_BLOCK_SIZE], int *num)
+{
+	CRYPTO_ofb128_encrypt(in, out, inlen, key, ivec, num,
+		(block128_f)SSF33_encrypt);
+}
+
--- a/include/openssl/cpk.h
+++ b/include/openssl/cpk.h
@@ -74,7 +74,15 @@ DECLARE_ASN1_FUNCTIONS(CPK_MASTER_SECRET)
 typedef struct cpk_public_params_st CPK_PUBLIC_PARAMS;
 DECLARE_ASN1_FUNCTIONS(CPK_PUBLIC_PARAMS)

-CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, int pkey_type, int map_algor);
+/*
+ *                     rows    cols   factors
+ * NID_cpk_map_sha1      32      32      1024
+ * NID_cpk_map_sm3       32     256      8192
+ * NID_cpk_map_sha256    32     256      8192
+ * NID_cpk_map_sha384    32    4096    131072
+ * NID_cpk_map_sha512    32   65536   2097152
+ */
+CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, int curve, int map);
 CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master);
 EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(CPK_MASTER_SECRET *master, const char *id);
 EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *params, const char *id);