abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 08:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

update saf

Browse Source
This commit is contained in:
Zhi Guan
2017-03-03 22:24:12 +08:00
parent df18c19abc
commit 67eda02ef2
13 changed files with 860 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
crypto/saf/saf_cert.c
View File

@@ -51,6 +51,7 @@
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
@@ -82,7 +83,7 @@ int SAF_AddTrustedRootCaCertificate(
goto end;
}
if (!(x509 = d2i_X509(NULL, &pucCertificate, uiCertificateLen))) {
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
@@ -162,7 +163,7 @@ int SAF_GetRootCaCertificate(
goto end;
}
if ((len = i2d_X509(x509, pucCertificate)) <= 0) {
if ((len = i2d_X509(x509, &pucCertificate)) <= 0) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_X509_LIB);
goto end;
}
@@ -248,7 +249,7 @@ int SAF_AddCaCertificate(
goto end;
}
if (!(x509 = d2i_X509(NULL, &pucCertificate, uiCertificateLen))) {
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
@@ -327,7 +328,7 @@ int SAF_GetCaCertificate(
goto end;
}
if ((len = i2d_X509(x509, pucCertificate)) <= 0) {
if ((len = i2d_X509(x509, &pucCertificate)) <= 0) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_X509_LIB);
goto end;
}
@@ -393,8 +394,6 @@ int SAF_AddCrl(
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -404,8 +403,6 @@ int SAF_VerifyCertificate(
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -417,8 +414,6 @@ int SAF_VerifyCertificateByCrl(
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -445,8 +440,6 @@ int SAF_GetCertFromLdap(
unsigned char *pucOutCert,
unsigned int *puiOutCertLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -472,8 +465,6 @@ int SAF_GetCertificateInfo(
unsigned char *pucInfo,
unsigned int *puiInfoLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -488,8 +479,6 @@ int SAF_GetExtTypeInfo(
unsigned char *pucInfo,
unsigned int *puiInfoLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -498,8 +487,6 @@ int SAF_EnumCertificates(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -508,8 +495,6 @@ int SAF_EnumKeyContainerInfo(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -518,8 +503,6 @@ int SAF_EnumCertificatesFree(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}
@@ -528,7 +511,5 @@ int SAF_EnumKeyContainerInfoFree(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
return SAR_NotSupportYetErr;
}

6
crypto/saf/saf_err.c
View File

@@ -60,8 +60,12 @@ static ERR_STRING_DATA SAF_str_functs[] = {
{ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"},
{ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"},
{ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA),
"SAF_Pkcs7_EncodeDigestedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA),
"SAF_Pkcs7_EncodeEnvelopedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA),
"SAF_Pkcs7_EncodeSignedData"},
{ERR_FUNC(SAF_F_SAF_REMOVECACERTIFICATE), "SAF_RemoveCaCertificate"},
{ERR_FUNC(SAF_F_SAF_REMOVEROOTCACERTIFICATE),
"SAF_RemoveRootCaCertificate"},
@@ -86,6 +90,7 @@ static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"},
{ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"},
{ERR_REASON(SAF_R_INVALID_CERTIFICATE), "invalid certificate"},
{ERR_REASON(SAF_R_INVALID_DIGEST_ALGOR), "invalid digest algor"},
{ERR_REASON(SAF_R_INVALID_HANDLE), "invalid handle"},
{ERR_REASON(SAF_R_INVALID_INDEX), "invalid index"},
{ERR_REASON(SAF_R_INVALID_INPUT_LENGTH), "invalid input length"},
@@ -95,6 +100,7 @@ static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(SAF_R_INVALID_PUBLIC_KEY), "invalid public key"},
{ERR_REASON(SAF_R_LOAD_CERTS_FAILURE), "load certs failure"},
{ERR_REASON(SAF_R_LOAD_KEY_FAILURE), "load key failure"},
{ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"},
{ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"},
{ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED),

2
crypto/saf/saf_keyhandle.c
View File

@@ -86,7 +86,7 @@ int SAF_GenerateKeyWithEPK(
outlen = (size_t)*puiSymmKeyLen;
if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID))
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|| !(pkey = d2i_PUBKEY(NULL, &pucPublicKey, (long)uiPublicKeyLen))
|| !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
|| !EVP_PKEY_encrypt_init(pkctx)
|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {

1
crypto/saf/saf_lib.c
View File

@@ -55,3 +55,4 @@ static int readfile(const char *file, unsigned char **pout, size_t *len)
return SAR_Ok;
}

313
crypto/saf/saf_pkcs7.c
View File

@@ -58,18 +58,29 @@ int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
STACK_OF(X509) *encerts = NULL;
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
p7 = PKCS7_sign(NULL, NULL, other, in, flags);
return ret;
}
@@ -82,6 +93,14 @@ int SAF_Pkcs7_DecodeData(
return ret;
}
EVP_PKEY *SAF_LoadPrivateKey(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen)
{
return NULL;
}
/* 7.4.4 */
int SAF_Pkcs7_EncodeSignedData(
void *hAppHandle,
@@ -97,6 +116,64 @@ int SAF_Pkcs7_EncodeSignedData(
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *data = NULL;
if (!hAppHandle || !pucSignContainerName || !pucSignerCertificate
|| !pucData || !pucDerP7Data || !puiDerP7DataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiSignContainerNameLen <= 0 || uiSignContainerNameLen > INT_MAX
|| uiSignerCertificateLen <= 0 || uiSignerCertificateLen > INT_MAX
|| uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_LoadPrivateKey(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_LOAD_KEY_FAILURE);
goto end;
}
if (!(x509 = d2i_X509(NULL, &pucSignerCertificate, uiSignerCertificateLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
if (!(data = BIO_new_mem_buf(pucData, uiDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_BIO_LIB);
goto end;
}
if (!(p7 = PKCS7_sign(x509, pkey, NULL, data, PKCS7_BINARY))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7Data)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
*puiDerP7DataLen = len;
ret = SAR_Ok;
end:
PKCS7_free(p7);
X509_free(x509);
BIO_free(data);
return ret;
}
@@ -105,15 +182,46 @@ int SAF_Pkcs7_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerP7SignedData,
unsigned int uiDerP7SignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucSign,
unsigned int *puiSignLen)
unsigned int *puiDataLen,
unsigned char *pucSig,
unsigned int *puiSigLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
X509 *x509 = NULL;
p7 = d2i_PKCS7(NULL, &pucDerP7SignedData, uiDerP7SignedDataLen);
if (!PKCS7_type_is_signed(p7)) {
goto end;
}
PKCS7_SIGNED *p7signed = p7->d.sign;
X509_ALGOR *algor = sk_X509_ALGOR_value(p7signed->md_algs, 0);
const EVP_MD *md = EVP_get_digestbyobj(algor->algorithm);
*puiDigestAlgorithm = EVP_MD_sdg(md);
X509 *x509 = sk_X509_ALGOR_value(p7signed->cert);
PKCS7_SIGNER_INFO *signer_info = sk_PKCS7_SIGNER_INFO_value(p7signed->signer_info, 0);
PKCS7 *p7data = p7signed->contents;
if (!PKCS7_type_is_data(p7data)) {
goto end;
}
ASN1_OCTET_STRING *data = p7data->d.data;
*puiDataLen = ASN1_OCTET_STRING_length(data);
memcpy(pucData, ASN1_OCTET_STRING_get0_data(data), *puiDataLen);
PKCS7_verify(p7, NULL, chain_store, NULL, outbio, flags);
return ret;
}
@@ -212,13 +320,64 @@ int SAF_Pkcs7_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned int uiDecKeyUsage,
unsigned char *pucDerP7EnvelopedData,
unsigned int uiDerP7EnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
BUF_MEM *buf = NULL;
if (!hAppHandle || !pucDecContainerName || !pucDerP7EnvelopedData || !pucData)
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDecContainerNameLen <= 0 || uiDecContainerNameLen > INT_MAX
|| uiDerP7EnvelopedDataLen <= 0 || uiDerP7EnvelopedDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAR_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!pucData) {
*puiDataLen = uiDerP7EnvelopedDataLen;
return SAR_Ok;
} else if (*puiDataLen <= 0 || *puiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAR_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_load_private_key(app, pucDecContainerName,
uiDecContainerNameLen, SGD_PK_ENC))) {
}
if (!(x509 = SAF_LoadCertificate(app, pucDecContainerName,
uiDecContainerNameLen, SGD_PK_ENC))) {
}
if (!(bio = BIO_new(BIO_s_membuf()))) {
}
if (!PKCS7_decrypt(p7, pkey, x509, bio, 0)) {
}
if (!BIO_get_mem_buf(bio, &buf)) {
}
memcpy(pucData, buf->data, buf->length);
*puiDataLen = buf->length;
ret = SAR_Ok;
end:
PKCS7_free(p7);
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free(bio);
return ret;
}
@@ -232,20 +391,154 @@ int SAF_Pkcs7_EncodeDigestedData(
unsigned int *puiDerP7DigestedDataLen)
{
int ret = SAR_UnknownErr;
const EVP_MD *md;
PKCS7 *p7 = NULL;
BIO *p7bio = NULL;
int len;
if (!hAppHandle || !pucData || !pucDerP7DigestedData
|| !puiDerP7DigestedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
if (!(p7 = PKCS7_new())
|| !PKCS7_set_type(p7, NID_pkcs7_digest)
|| !PKCS7_set_digest(p7, md)
|| !PKCS7_content_new(p7, NID_pkcs7_data)
|| !(p7bio = PKCS7_dataInit(p7, NULL))
|| BIO_write(p7bio, pucData, (int)uiDataLen) != uiDataLen
|| !PKCS7_dataFinal(p7, p7bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DigestedDataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7DigestedData)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
ret = SAR_Ok;
end:
PKCS7_free(p7);
BIO_free(p7bio);
return ret;
}
/* 7.4.9 */
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
unsigned char *pucDerP7DigestedData,
unsigned char pucDerP7DigestedData,
unsigned int uiDerP7DigestedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned int *puiDataLen,
unsigned char *pucDigest,
unsigned int *puiDigestLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
PKCS7_DIGEST *p7dgst;
ASN1_OCTET_STRING *data;
if (!hAppHandle || !puiDigestAlgorithm || !puiDataLen || !puiDigestLen) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!pucData) {
*puiDataLen = uiDerP7DigestedDataLen;
return SAR_Ok;
}
if (!pucDigest) {
*puiDigestLen = EVP_MAX_MD_SIZE;
return SAR_Ok;
}
if (uiDerP7DigestedDataLen <= 0 || uiDerP7DigestedDataLen > INT_MAX
|| *puiDataLen <= 0 || *puiDataLen > INT_MAX
|| *puiDigestLen <= 0 || *puiDigestLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(p7 = d2i_PKCS7(NULL, &pucDerP7DigestedData, uiDerP7DigestedDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7);
ret = SAR_IndataErr;
goto end;
}
if (!PKCS7_type_is_digest(p7)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_TYPE;
ret = SAR_IndataErr;
goto end;
}
p7dgst = p7->d.digest;
/* output digset algor */
if ((*puiDigestAlgorithm = EVP_MD_sgd(
EVP_get_digestbyobj(p7dgst->md->algorithm))) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_UNSUPPORTED_DIGEST_ALGOR;
ret = SAR_IndataErr;
goto end;
}
/* output digested data */
if (!PKCS7_type_is_data(p7dgst->contents)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (!(data = p7dgst->contents->d.data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDataLen < ASN1_OCTET_STRING_length(data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucData, ASN1_OCTET_STRING_get0_data(data), ASN1_OCTET_STRING_length(data));
*puiDataLen = ASN1_OCTET_STRING_length(data);
/* output digest */
if (!p7dgst->digest) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDigestLen < ASN1_OCTET_STRING_length(p7dgst->digest)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucDigest, ASN1_OCTET_STRING_get0_data(p7dgst->digest), ASN1_OCTET_STRING_length(p7dgst->digest));
*puiDigestLen = ASN1_OCTET_STRING_length(p7dgst->digest);
ret = SAR_Ok;
end:
PKCS7_free(p7);
return ret;
}

32
crypto/saf/saf_sm2.c
View File

@@ -57,7 +57,6 @@ int SAF_SM2_EncodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
@@ -69,8 +68,20 @@ int SAF_SM2_EncodeSignedAndEnvelopedData(
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int *puiDerSignedAndEnvelopedDataLen)
{
int ret = SAR_UnknownErr;
return 0;
return SAF_Pkcs7_EncodeData(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen,
pucSignerCertificate,
uiSignerCertificateLen,
uiDigestAlgorithm,
pucEncCertificate,
uiEncCertificateLen,
uiSymmAlgorithm,
pucData,
uiDataLen,
pucDerSignedAndEnvelopedData,
puiDerSignedAndEnvelopedDataLen);
}
/* 7.4.11 */
@@ -78,16 +89,25 @@ int SAF_SM2_DecodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucDerContainerName,
unsigned int uiDerContainerNameLen,
unsigned int uiDecKeyUsage,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int uiDerSignedAndEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithms)
unsigned int *puiDigestAlgorithm)
{
return 0;
return SAF_Pkcs7_DecodeData(
hAppHandle,
pucDerContainerName,
uiDerContainerNameLen,
pucDerSignedAndEnvelopedData,
uiDerSignedAndEnvelopedDataLen,
pucData,
puiDataLen,
pucSignerCertificate,
puiSignerCertificateLen,
puiDigestAlgorithm);
}
/* 7.4.12 */

239
crypto/sof/sof_lib.c
View File

@@ -54,6 +54,8 @@
static long sof_sign_method = SGD_SM2;
static long sof_enc_method = SGD_SM4_CBC;
static long sof_last_error = SOR_OK;
static void *sof_app = NULL;
static int sof_user_type = SGD_USER;
BSTR SOF_GetVersion(void)
@@ -97,11 +99,23 @@ BSTR SOF_ExportUserCert(BSTR ContainerName)
return NULL;
}
/* LOGIN CMD ? */
BOOL SOF_Login(BSTR ContainerName, BSTR PassWd)
{
SOFerr(SOF_F_SOF_LOGIN, SOF_R_NOT_IMPLEMENTED);
return NULL;
unsigned int uiRemainCount;
if ((rv = SAF_Login(
sof_app,
sof_user_type,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
(unsigned char *)PassWd,
(unsigned int)strlen(PassWd),
&uiRemainCount)) != SAR_Ok) {
SOFerr(SOF_F_SOF_LOGIN, ERR_R_SAF_LIB);
return FALSE;
}
return TRUE;
}
long SOF_GetPinRetryCount(BSTR ContainerName)
@@ -112,12 +126,30 @@ long SOF_GetPinRetryCount(BSTR ContainerName)
BOOL SOF_ChangePassWd(BSTR ContainerName, BSTR OldPassWd, BSTR NewPassWd)
{
SOFerr(SOF_F_SOF_CHANGEPASSWD, SOF_R_NOT_IMPLEMENTED);
return NULL;
int rv;
unsigned int uiRemainCount;
if ((rv = SAF_ChangePin(
sof_app,
sof_user_type,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
(unsigned char *)OldPassWd,
(unsigned int)strlen(OldPassWd),
(unsigned char *)NewPassWd,
(unsigned int)strlen(NewPassWd),
&uiRemainCount)) != SAR_Ok) {
SOFerr(SOF_F_SOF_CHANGEPASSWD, ERR_R_SAF_LIB);
return FALSE;
}
return TRUE;
}
BSTR SOF_ExportExchangeUserCert(BSTR ContainerName)
{
SOFerr(SOF_F_SOF_EXPORTEXCHANGEUSERCERT, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
@@ -125,6 +157,40 @@ BSTR SOF_ExportExchangeUserCert(BSTR ContainerName)
/* `type` defined as SGD_CERT_XXX, SGD_EXT_XXX in sgd.h */
BSTR SOF_GetCertInfo(BSTR Base64EncodeCert, short Type)
{
// decode x.509 in pem format
switch (Type) {
case SGD_CERT_VERSION:
case SGD_CERT_SERIAL:
case SGD_CERT_ISSUER:
case SGD_CERT_VALID_TIME:
case SGD_CERT_SUBJECT:
case SGD_CERT_DER_PUBLIC_KEY:
case SGD_CERT_DER_EXTENSIONS:
case SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO:
case SGD_EXT_SUBJECTKEYIDENTIFIER_INFO:
case SGD_EXT_KEYUSAGE_INFO:
case SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO:
case SGD_EXT_CERTIFICATEPOLICIES_INFO:
case SGD_EXT_POLICYMAPPINGS_INFO:
case SGD_EXT_BASICCONSTRAINTS_INFO:
case SGD_EXT_POLICYCONSTRAINTS_INFO:
case SGD_EXT_EXTKEYUSAGE_INFO:
case SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO:
case SGD_EXT_NETSCAPE_CERT_TYPE_INFO:
case SGD_EXT_SELFDEFINED_EXTENSION_INFO:
case SGD_CERT_ISSUER_CN:
case SGD_CERT_ISSUER_O:
case SGD_CERT_ISSUER_OU:
case SGD_CERT_SUBJECT_CN:
case SGD_CERT_SUBJECT_O:
case SGD_CERT_SUBJECT_OU:
case SGD_CERT_SUBJECT_EMAIL:
case SGD_CERT_NOTBEFORE_TIME:
case SGD_CERT_NOTAFTER_TIME:
default:
}
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
@@ -147,11 +213,45 @@ long SOF_ValidateCert(BSTR Base64EncodeCert)
return 0;
}
/* PKCS #7 or CMS ? */
BSTR SOF_SignData(BSTR ContainerName, BSTR InData)
{
SOFerr(SOF_F_SOF_SIGNDATA, SOF_R_NOT_IMPLEMENTED);
return NULL;
char *ret = NULL;
char *b64 = NULL;
unsigned int uiHashAlgoType;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
unsigned char pucSignature[256];
unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature);
if (SOF_Decode(InData, &pucInData, &uiInDataLen) != SOR_OK) {
SOFerr(SOF_F_SOF_SIGNDATA, SOF_R_DECODE_FAILURE);
goto end;
}
rv = SAF_RsaSign(
hAppHandle,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen);
rv = SAF_EccSign(
hAppHandle,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen);
end:
OPENSSL_free(b64);
OPENSSL_free(pucInData);
return ret;
}
BOOL SOF_VerifySignedData(BSTR Base64EncodeCert, BSTR InData, BSTR SignValue)
@@ -162,20 +262,66 @@ BOOL SOF_VerifySignedData(BSTR Base64EncodeCert, BSTR InData, BSTR SignValue)
BSTR SOF_SignFile(BSTR ContainerName, BSTR InFile)
{
SOFerr(SOF_F_SOF_SIGNFILE, SOF_R_NOT_IMPLEMENTED);
return NULL;
BSTR ret;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
unsigned char pucSignature[256];
unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature);
if (SOF_ReadFile(InFile, &pucInData, &uiInDataLen) != SOR_OK) {
SOFerr(SOF_F_SOF_SIGNFILE, SOF_R_READ_FILE_FAILURE);
return NULL;
}
if ((rv = SAF_EccSign(
hAppHandle,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNFILE, ERR_R_SAF_LIB);
goto end;
}
if (!(b64 = SOF_Encode(pucSignature, uiSignatureLen))) {
}
ret = b64;
b64 = NULL;
end:
OPENSSL_free(b64);
OPENSSL_free(pucInData);
return ret;
}
BOOL SOF_VerifySignedFile(BSTR Base64EncodeCert, BSTR InFile, BSTR SignValue)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDFILE, SOF_R_NOT_IMPLEMENTED);
return 0;
}
BSTR SOF_EncryptData(BSTR Base64EncodeCert, BSTR InData)
{
SOFerr(SOF_F_SOF_ENCRYPTDATA, SOF_R_NOT_IMPLEMENTED);
return NULL;
char *ret = NULL;
unsigned char *pucCertificate = NULL;
unsigned int uiCertificateLen;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK
|| SOF_Decode(InData, &pucInData, &uiInDataLen) != SOR_OK
|| (rv = SAF_EccPublicKeyEncByCert(
pucCertificate,
uiCertificateLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
}
}
BSTR SOF_DecryptData(BSTR ContainerName, BSTR InData)
@@ -186,14 +332,40 @@ BSTR SOF_DecryptData(BSTR ContainerName, BSTR InData)
BOOL SOF_EncryptFile(BSTR Base64EncodeCert, BSTR InFile, BSTR OutFile)
{
SOFerr(SOF_F_SOF_ENCRYPTFILE, SOF_R_NOT_IMPLEMENTED);
return 0;
int ret = FALSE;
int rv;
unsigned char *pucCertificate = NULL;
unsigned int uiCertificateLen;
if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK) {
SOFerr(SOF_F_SOF_ENCRYPTFILE, SOF_R_DECODE_FAILURE);
goto end;
}
if ((rv = SAF_EccPublicKeyEncByCert(
pucCertificate,
uiCertificateLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_ENCRYPTFILE, ERR_R_SAF_LIB);
goto end;
}
ret = TRUE;
end:
OPENSSL_free(pucCertificate);
return ret;
}
BOOL SOF_DecryptFile(BSTR ContainerName, BSTR InFile, BSTR OutFile)
{
SOFerr(SOF_F_SOF_DECRYPTFILE, SOF_R_NOT_IMPLEMENTED);
return 0;
int ret = FALSE;
int rv;
}
BSTR SOF_SignMessage(short flag, BSTR ContainerName, BSTR InData)
@@ -216,6 +388,15 @@ BSTR SOF_GetInfoFromSignedMessage(BSTR SignedMessage, short Type)
BSTR SOF_SignDataXML(BSTR ContainerName, BSTR InData)
{
int rv;
unsigned char outbuf[1024];
if ((rv = SAF_EccSignFile(
hAppHandle,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
sof_digest_method,
SOFerr(SOF_F_SOF_SIGNDATAXML, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
@@ -232,11 +413,27 @@ BSTR SOF_GetXMLSignatureInfo(BSTR XMLSignedData, short Type)
return NULL;
}
/* return base64 encoded data */
BSTR SOF_GenRandom(short RandomLen)
{
SOFerr(SOF_F_SOF_GENRANDOM, SOF_R_NOT_IMPLEMENTED);
return NULL;
int rv;
unsigned char *ret = NULL;
unsigned char *bin = NULL;
unsigned char *b64 = NULL;
if (!(bin = OPENSSL_malloc(RandomLen))
|| !(ret = OPENSSL_zalloc((RandomLen * 4)/3 + 128))
|| (rv = SAF_GenRandom(RandomLen, buf)) != SAR_Ok
|| (rv = SAF_Base64_Encode(buf, RandomLen, ret, &retlen)) != SAR_Ok) {
goto end;
}
ret = b64;
b64 = NULL;
end:
OPENSSL_free(bin);
OPENSSL_free(b64);
return ret;
}
long SOF_GetLastError(void)

4
include/openssl/gmsaf.h
View File

@@ -111,7 +111,9 @@ int ERR_load_SAF_strings(void);
# define SAF_F_SAF_LOGOUT 135
# define SAF_F_SAF_MACFINAL 136
# define SAF_F_SAF_MACUPDATE 137
# define SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA 149
# define SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA 138
# define SAF_F_SAF_PKCS7_ENCODESIGNEDDATA 150
# define SAF_F_SAF_REMOVECACERTIFICATE 139
# define SAF_F_SAF_REMOVEROOTCACERTIFICATE 140
# define SAF_F_SAF_RSASIGN 141
@@ -133,6 +135,7 @@ int ERR_load_SAF_strings(void);
# define SAF_R_INT_OVERFLOW 106
# define SAF_R_INVALID_ALGOR 107
# define SAF_R_INVALID_CERTIFICATE 108
# define SAF_R_INVALID_DIGEST_ALGOR 122
# define SAF_R_INVALID_HANDLE 109
# define SAF_R_INVALID_INDEX 110
# define SAF_R_INVALID_INPUT_LENGTH 111
@@ -142,6 +145,7 @@ int ERR_load_SAF_strings(void);
# define SAF_R_INVALID_LENGTH 115
# define SAF_R_INVALID_PUBLIC_KEY 116
# define SAF_R_LOAD_CERTS_FAILURE 117
# define SAF_R_LOAD_KEY_FAILURE 123
# define SAF_R_MAC_FAILURE 118
# define SAF_R_NOT_SUPPORTED 119
# define SAF_R_OPERATION_NOT_INITIALIZED 120

93
include/openssl/pem3.h Normal file
View File

@@ -0,0 +1,93 @@
/* ====================================================================
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_PEM3_H
#define HEADER_PEM3_H
#include <openssl/cpk.h>
#include <openssl/sm9.h>
#include <openssl/bfibe.h>
#include <openssl/bb1ibe.h>
#include <openssl/paillier.h>
#ifdef __cplusplus
extern "C" {
#endif
#include <openssl/pem.h>
#define PEM_STRING_PAILLIER "PAILLIER PRIVATE KEY"
#define PEM_STRING_PAILLIER_PUBLIC "PAILLIER PUBLIC KEY"
#define PEM_STRING_CPK_PARAMS "CPK PUBLIC PARAMETERS"
#define PEM_STRING_CPK_MASTER "CPK MASTER SECRET"
#define PEM_STRING_SM9_PARAMS "SM9 PUBLIC PARAMETERS"
#define PEM_STRING_SM9_MASTER "SM9 MASTER SECRET"
#define PEM_STRING_SM9_PRIVATE "SM9 PRIVATE KEY"
#define PEM_STRING_BFIBE_PARAMS "BFIBE PUBLIC PARAMETERS"
#define PEM_STRING_BFIBE_MASTER "BFIBE MASTER SECRET"
#define PEM_STRING_BFIBE_PRIVATE "BFIBE PRIVATE KEY"
#define PEM_STRING_BB1IBE_PARAMS "BB1IBE PUBLIC PARAMETERS"
#define PEM_STRING_BB1IBE_MASTER "BB1IBE MASTER SECRET"
#define PEM_STRING_BB1IBE_PRIVATE "BB1IBE PRIVATE KEY"
/*
DECLARE_PEM_rw_cb(PaillierPrivateKey, PAILLIER)
DECLARE_PEM_rw(PaillierPrivateKey, PAILLIER)
DECLARE_PEM_rw_cb(CPK_PUBLIC_PARAM, CPK)
DECLARE_PEM_rw_cb(CPK_PUBLIC_PARAMS, CPK)
*/
#ifdef __cplusplus
}
#endif
#endif

4
include/openssl/saf.h
View File

@@ -580,12 +580,12 @@ int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
@@ -649,7 +649,7 @@ int SAF_Pkcs7_EncodeDigestedData(
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
unsigned int *puiDigestAlgorithm,
unsigned char *pucDerP7DigestedData,
unsigned int uiDerP7DigestedDataLen,
unsigned char *pucData,

109
java/SOF.java Executable file
View File

@@ -0,0 +1,109 @@
/* ====================================================================
* Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
public class SOF {
//public native long initCertAppPolicy(String PolicyName);
public native boolean getCertTrustList(String ctlAltName, String ctlContent);
public native String getCertTrustListAltNames();
public native String getCertTrustList(String ctrlAltName);
public native long delCertTrustList(String ctlAltName);
public native String getInstance(String policyName);
public native long setSignMethod(long SignMethod);
public native long getSignMethod();
public native long setEncryptMethod(long EncryptMethod);
public native long getEncryptMethod();
public native getServerCertificate();
public native getServerCertificateByUsage(short certUsage);
public native String genRandom(short randomLen);
public native String getCertInfo(String base64EncodeCert, int type);
public native String getCertInfoByOid(String base64EncodeCert, String oid);
public native long validateCert(String base64EncodeCert);
public native String signData(byte [] inData);
public native boolean verifySignedData(String Base64EncodeCert, String InData, String SignValue);
public native String signFile(String ContainerName, String InFile);
public native boolean verifySignedFile(String Base64EncodeCert, String InFile, String SignValue);
public native String encryptData(String Base64EncodeCert, String InData);
public native String decryptData(String ContainerName, String InData);
public native boolean encryptFile(String Base64EncodeCert, String InFile, String OutFile);
public native boolean decryptFile(String ContainerName, String InFile, String OutFile);
public native String signMessage(short flag, String ContainerName, String InData);
public native boolean verifySignedMessage(String MessageData, String InData);
public native String getInfoFromSignedMessage(String SignedMessage, short Type);
public native boolean signMessageDetach();
public native boolean verifySignedMessageDetach();
public native String signDataXML(String ContainerName, String InData);
public native boolean verifySignedDataXML(String InData);
public native String getXMLSignatureInfo(String XMLSignedData, short Type);
public native String createTimeStampRequest(String InData);
public native String createTimeStampResponse(String TimeStampRequest);
public native long verifyTimeStamp(String InData, String tsResponseData);
public native String getTimeStampInfo(String tsResponseData, short type);
public native long getLastError(void);
public static void main(String[] args) {
final GmSSL gmssl = new GmSSL();
System.out.println(gmssl.getVersion(0));
System.out.println("IV length = " + gmssl.getCipherIVLength("aes-128-cbc"));
}
static {
System.loadLibrary("gmsof");
}
}

58
test/saftest.c
View File

@@ -61,9 +61,67 @@ int main(int argc, char **argv)
#else
# include <openssl/evp.h>
static int test_saf_base64(int verbose)
{
return 0;
}
static int test_saf_cert(int verbose)
{
return 0;
}
static int test_saf_ec(int verbose)
{
return 0;
}
static int test_saf_hash(int verbose)
{
return 0;
}
static int test_saf_mac(int verbose)
{
return 0;
}
static int test_saf_pkcs7(int verbose)
{
return 0;
}
static int test_saf_rand(int verbose)
{
return 0;
}
static int test_saf_rsa(int verbose)
{
return 0;
}
static int test_saf_sm2(int verbose)
{
return 0;
}
int main(int argc, char **argv)
{
int err = 0;
int verboe = 2;
if (!test_saf_base64(verbose)) err++;
if (!test_saf_cert(verbose)) err++;
if (!test_saf_ec(verbose)) err++
if (!test_saf_enc(verbose)) err++;
if (!test_saf_hash(verbose)) err++;
if (!test_saf_mac(verbose)) err++;
if (!test_saf_pkcs7(verbose)) err++;
if (!test_saf_rand(verbose)) err++;
if (!test_saf_rsa(verbose)) err++;
if (!test_saf_sm2(verbose)) err++;
return err;
}
#endif

34
util/mkdef.pl
View File

@@ -132,6 +132,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CMAC",
# APPLINK (win build feature?)
"APPLINK",
# GmSSL
"SM3", "SMS4", "KDF2", "ECIES", "FFX", "SM2", "PAILLIER", "CPK", "OTP", "GMAPI", "EC2",
"BFIBE", "BB1IBE", "SM9", "SAF", "SDF", "SKF", "SOF", "ZUC"
);
@@ -309,6 +310,39 @@ $crypto.=" include/openssl/modes.h";
$crypto.=" include/openssl/async.h";
$crypto.=" include/openssl/ct.h";
$crypto.=" include/openssl/kdf.h";
# GmSSL
$crypto.=" include/openssl/bb1ibe.h";
$crypto.=" include/openssl/bfibe.h";
$crypto.=" include/openssl/bn_gfp2.h";
$crypto.=" include/openssl/bn_hash.h";
$crypto.=" include/openssl/bn_solinas.h";
$crypto.=" include/openssl/cpk.h";
$crypto.=" include/openssl/ec_hash.h";
$crypto.=" include/openssl/ec_type1.h";
$crypto.=" include/openssl/ecies.h";
$crypto.=" include/openssl/ffx.h";
$crypto.=" include/openssl/fppoint.h";
$crypto.=" include/openssl/gmapi.h";
$crypto.=" include/openssl/gmsaf.h";
$crypto.=" include/openssl/gmsdf.h";
$crypto.=" include/openssl/gmskf.h";
$crypto.=" include/openssl/gmsof.h";
$crypto.=" include/openssl/kdf2.h";
$crypto.=" include/openssl/otp.h";
$crypto.=" include/openssl/paillier.h";
$crypto.=" include/openssl/pem3.h";
$crypto.=" include/openssl/saf.h";
$crypto.=" include/openssl/sdf.h";
$crypto.=" include/openssl/sgd.h";
$crypto.=" include/openssl/skf.h";
$crypto.=" include/openssl/sm1.h";
$crypto.=" include/openssl/sm2.h";
$crypto.=" include/openssl/sm3.h";
$crypto.=" include/openssl/sm9.h";
$crypto.=" include/openssl/sms4.h";
$crypto.=" include/openssl/sof.h";
$crypto.=" include/openssl/ssf33.h";
$crypto.=" include/openssl/zuc.h";
my $symhacks="include/openssl/symhacks.h";