diff --git a/crypto/saf/saf_cert.c b/crypto/saf/saf_cert.c index 4cb1feec..ca6a822d 100644 --- a/crypto/saf/saf_cert.c +++ b/crypto/saf/saf_cert.c @@ -51,6 +51,7 @@ #include #include #include +#include #include #include #include "saf_lcl.h" @@ -82,7 +83,7 @@ int SAF_AddTrustedRootCaCertificate( goto end; } - if (!(x509 = d2i_X509(NULL, &pucCertificate, uiCertificateLen))) { + if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) { SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE); goto end; } @@ -162,7 +163,7 @@ int SAF_GetRootCaCertificate( goto end; } - if ((len = i2d_X509(x509, pucCertificate)) <= 0) { + if ((len = i2d_X509(x509, &pucCertificate)) <= 0) { SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_X509_LIB); goto end; } @@ -248,7 +249,7 @@ int SAF_AddCaCertificate( goto end; } - if (!(x509 = d2i_X509(NULL, &pucCertificate, uiCertificateLen))) { + if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) { SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE); goto end; } @@ -327,7 +328,7 @@ int SAF_GetCaCertificate( goto end; } - if ((len = i2d_X509(x509, pucCertificate)) <= 0) { + if ((len = i2d_X509(x509, &pucCertificate)) <= 0) { SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_X509_LIB); goto end; } @@ -393,8 +394,6 @@ int SAF_AddCrl( unsigned char *pucDerCrl, unsigned int uiDerCrlLen) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -404,8 +403,6 @@ int SAF_VerifyCertificate( unsigned char *pucUsrCertificate, unsigned int uiUsrCertificateLen) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -417,8 +414,6 @@ int SAF_VerifyCertificateByCrl( unsigned char *pucDerCrl, unsigned int uiDerCrlLen) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -445,8 +440,6 @@ int SAF_GetCertFromLdap( unsigned char *pucOutCert, unsigned int *puiOutCertLen) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -472,8 +465,6 @@ int SAF_GetCertificateInfo( unsigned char *pucInfo, unsigned int *puiInfoLen) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -488,8 +479,6 @@ int SAF_GetExtTypeInfo( unsigned char *pucInfo, unsigned int *puiInfoLen) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -498,8 +487,6 @@ int SAF_EnumCertificates( void *hAppHandle, SGD_USR_CERT_ENUMLIST *usrCerts) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -508,8 +495,6 @@ int SAF_EnumKeyContainerInfo( void *hAppHandle, SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -518,8 +503,6 @@ int SAF_EnumCertificatesFree( void *hAppHandle, SGD_USR_CERT_ENUMLIST *usrCerts) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -528,7 +511,5 @@ int SAF_EnumKeyContainerInfoFree( void *hAppHandle, SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo) { - int ret = SAR_UnknownErr; - SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } diff --git a/crypto/saf/saf_err.c b/crypto/saf/saf_err.c index 21f4d07c..799ccd9b 100644 --- a/crypto/saf/saf_err.c +++ b/crypto/saf/saf_err.c @@ -60,8 +60,12 @@ static ERR_STRING_DATA SAF_str_functs[] = { {ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"}, {ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"}, {ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"}, + {ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA), + "SAF_Pkcs7_EncodeDigestedData"}, {ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA), "SAF_Pkcs7_EncodeEnvelopedData"}, + {ERR_FUNC(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA), + "SAF_Pkcs7_EncodeSignedData"}, {ERR_FUNC(SAF_F_SAF_REMOVECACERTIFICATE), "SAF_RemoveCaCertificate"}, {ERR_FUNC(SAF_F_SAF_REMOVEROOTCACERTIFICATE), "SAF_RemoveRootCaCertificate"}, @@ -86,6 +90,7 @@ static ERR_STRING_DATA SAF_str_reasons[] = { {ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"}, {ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"}, {ERR_REASON(SAF_R_INVALID_CERTIFICATE), "invalid certificate"}, + {ERR_REASON(SAF_R_INVALID_DIGEST_ALGOR), "invalid digest algor"}, {ERR_REASON(SAF_R_INVALID_HANDLE), "invalid handle"}, {ERR_REASON(SAF_R_INVALID_INDEX), "invalid index"}, {ERR_REASON(SAF_R_INVALID_INPUT_LENGTH), "invalid input length"}, @@ -95,6 +100,7 @@ static ERR_STRING_DATA SAF_str_reasons[] = { {ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(SAF_R_INVALID_PUBLIC_KEY), "invalid public key"}, {ERR_REASON(SAF_R_LOAD_CERTS_FAILURE), "load certs failure"}, + {ERR_REASON(SAF_R_LOAD_KEY_FAILURE), "load key failure"}, {ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"}, {ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"}, {ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED), diff --git a/crypto/saf/saf_keyhandle.c b/crypto/saf/saf_keyhandle.c index fbb172ac..fd0df0f1 100644 --- a/crypto/saf/saf_keyhandle.c +++ b/crypto/saf/saf_keyhandle.c @@ -86,7 +86,7 @@ int SAF_GenerateKeyWithEPK( outlen = (size_t)*puiSymmKeyLen; if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID)) || !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher)) - || !(pkey = d2i_PUBKEY(NULL, &pucPublicKey, (long)uiPublicKeyLen)) + || !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen)) || !(pkctx = EVP_PKEY_CTX_new(pkey, NULL)) || !EVP_PKEY_encrypt_init(pkctx) || !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) { diff --git a/crypto/saf/saf_lib.c b/crypto/saf/saf_lib.c index 0621defe..c6307c1c 100644 --- a/crypto/saf/saf_lib.c +++ b/crypto/saf/saf_lib.c @@ -55,3 +55,4 @@ static int readfile(const char *file, unsigned char **pout, size_t *len) return SAR_Ok; } + diff --git a/crypto/saf/saf_pkcs7.c b/crypto/saf/saf_pkcs7.c index 6248261f..1ef4ea57 100644 --- a/crypto/saf/saf_pkcs7.c +++ b/crypto/saf/saf_pkcs7.c @@ -58,18 +58,29 @@ int SAF_Pkcs7_EncodeData( void *hAppHandle, unsigned char *pucSignContainerName, unsigned int uiSignContainerNameLen, - unsigned int uiSignKeyUsage, unsigned char *pucSignerCertificate, unsigned int uiSignerCertificateLen, unsigned int uiDigestAlgorithm, unsigned char *pucEncCertificate, unsigned int uiEncCertificateLen, + unsigned int uiSymmAlgorithm, unsigned char *pucData, unsigned int uiDataLen, unsigned char *pucDerP7Data, unsigned int *puiDerP7DataLen) { int ret = SAR_UnknownErr; + + STACK_OF(X509) *encerts = NULL; + + p7 = PKCS7_encrypt(encerts, in, cipher, flags); + + p7 = PKCS7_sign(NULL, NULL, other, in, flags); + + + + + return ret; } @@ -82,6 +93,14 @@ int SAF_Pkcs7_DecodeData( return ret; } +EVP_PKEY *SAF_LoadPrivateKey( + void *hAppHandle, + unsigned char *pucSignContainerName, + unsigned int uiSignContainerNameLen) +{ + return NULL; +} + /* 7.4.4 */ int SAF_Pkcs7_EncodeSignedData( void *hAppHandle, @@ -97,6 +116,64 @@ int SAF_Pkcs7_EncodeSignedData( unsigned int *puiDerP7DataLen) { int ret = SAR_UnknownErr; + EVP_PKEY *pkey = NULL; + X509 *x509 = NULL; + BIO *data = NULL; + + if (!hAppHandle || !pucSignContainerName || !pucSignerCertificate + || !pucData || !pucDerP7Data || !puiDerP7DataLen) { + SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (uiSignContainerNameLen <= 0 || uiSignContainerNameLen > INT_MAX + || uiSignerCertificateLen <= 0 || uiSignerCertificateLen > INT_MAX + || uiDataLen <= 0 || uiDataLen > INT_MAX) { + SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + + if (!(pkey = SAF_LoadPrivateKey( + hAppHandle, + pucSignContainerName, + uiSignContainerNameLen))) { + SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_LOAD_KEY_FAILURE); + goto end; + } + + if (!(x509 = d2i_X509(NULL, &pucSignerCertificate, uiSignerCertificateLen))) { + SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_X509_LIB); + goto end; + } + + if (!(data = BIO_new_mem_buf(pucData, uiDataLen))) { + SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_BIO_LIB); + goto end; + } + + if (!(p7 = PKCS7_sign(x509, pkey, NULL, data, PKCS7_BINARY))) { + SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB); + goto end; + } + + if (*puiDerP7DataLen < i2d_PKCS7(p7, NULL)) { + SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL); + ret = SAR_IndataLenErr; + goto end; + } + + if ((len = i2d_PKCS7(p7, &pucDerP7Data)) <= 0) { + SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB); + goto end; + } + + *puiDerP7DataLen = len; + ret = SAR_Ok; + +end: + PKCS7_free(p7); + X509_free(x509); + BIO_free(data); return ret; } @@ -105,15 +182,46 @@ int SAF_Pkcs7_DecodeSignedData( void *hAppHandle, unsigned char *pucDerP7SignedData, unsigned int uiDerP7SignedDataLen, + unsigned int *puiDigestAlgorithm, unsigned char *pucSignerCertificate, - unsigned int uiSignerCertificateLen, - unsigned int uiDigestAlgorithm, + unsigned int *puiSignerCertificateLen, unsigned char *pucData, - unsigned int uiDataLen, - unsigned char *pucSign, - unsigned int *puiSignLen) + unsigned int *puiDataLen, + unsigned char *pucSig, + unsigned int *puiSigLen) { int ret = SAR_UnknownErr; + PKCS7 *p7 = NULL; + X509 *x509 = NULL; + + p7 = d2i_PKCS7(NULL, &pucDerP7SignedData, uiDerP7SignedDataLen); + + if (!PKCS7_type_is_signed(p7)) { + goto end; + } + + PKCS7_SIGNED *p7signed = p7->d.sign; + + X509_ALGOR *algor = sk_X509_ALGOR_value(p7signed->md_algs, 0); + const EVP_MD *md = EVP_get_digestbyobj(algor->algorithm); + *puiDigestAlgorithm = EVP_MD_sdg(md); + + X509 *x509 = sk_X509_ALGOR_value(p7signed->cert); + PKCS7_SIGNER_INFO *signer_info = sk_PKCS7_SIGNER_INFO_value(p7signed->signer_info, 0); + + PKCS7 *p7data = p7signed->contents; + if (!PKCS7_type_is_data(p7data)) { + goto end; + } + ASN1_OCTET_STRING *data = p7data->d.data; + + *puiDataLen = ASN1_OCTET_STRING_length(data); + memcpy(pucData, ASN1_OCTET_STRING_get0_data(data), *puiDataLen); + + + PKCS7_verify(p7, NULL, chain_store, NULL, outbio, flags); + + return ret; } @@ -212,13 +320,64 @@ int SAF_Pkcs7_DecodeEnvelopedData( void *hAppHandle, unsigned char *pucDecContainerName, unsigned int uiDecContainerNameLen, - unsigned int uiDecKeyUsage, unsigned char *pucDerP7EnvelopedData, unsigned int uiDerP7EnvelopedDataLen, unsigned char *pucData, unsigned int *puiDataLen) { int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + PKCS7 *p7 = NULL; + EVP_PKEY *pkey = NULL; + X509 *x509 = NULL; + BIO *bio = NULL; + BUF_MEM *buf = NULL; + + if (!hAppHandle || !pucDecContainerName || !pucDerP7EnvelopedData || !pucData) + SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (uiDecContainerNameLen <= 0 || uiDecContainerNameLen > INT_MAX + || uiDerP7EnvelopedDataLen <= 0 || uiDerP7EnvelopedDataLen > INT_MAX) { + SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAR_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + + if (!pucData) { + *puiDataLen = uiDerP7EnvelopedDataLen; + return SAR_Ok; + } else if (*puiDataLen <= 0 || *puiDataLen > INT_MAX) { + SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAR_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + + if (!(pkey = SAF_load_private_key(app, pucDecContainerName, + uiDecContainerNameLen, SGD_PK_ENC))) { + } + + if (!(x509 = SAF_LoadCertificate(app, pucDecContainerName, + uiDecContainerNameLen, SGD_PK_ENC))) { + } + + if (!(bio = BIO_new(BIO_s_membuf()))) { + } + + if (!PKCS7_decrypt(p7, pkey, x509, bio, 0)) { + } + + if (!BIO_get_mem_buf(bio, &buf)) { + } + + memcpy(pucData, buf->data, buf->length); + *puiDataLen = buf->length; + + ret = SAR_Ok; +end: + PKCS7_free(p7); + EVP_PKEY_free(pkey); + X509_free(x509); + BIO_free(bio); return ret; } @@ -232,20 +391,154 @@ int SAF_Pkcs7_EncodeDigestedData( unsigned int *puiDerP7DigestedDataLen) { int ret = SAR_UnknownErr; + const EVP_MD *md; + PKCS7 *p7 = NULL; + BIO *p7bio = NULL; + int len; + + if (!hAppHandle || !pucData || !pucDerP7DigestedData + || !puiDerP7DigestedDataLen) { + SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + if (uiDataLen <= 0 || uiDataLen > INT_MAX) { + SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + + if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) { + SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR); + return SAR_AlgoTypeErr; + } + + if (!(p7 = PKCS7_new()) + || !PKCS7_set_type(p7, NID_pkcs7_digest) + || !PKCS7_set_digest(p7, md) + || !PKCS7_content_new(p7, NID_pkcs7_data) + || !(p7bio = PKCS7_dataInit(p7, NULL)) + || BIO_write(p7bio, pucData, (int)uiDataLen) != uiDataLen + || !PKCS7_dataFinal(p7, p7bio)) { + SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); + goto end; + } + + if (*puiDerP7DigestedDataLen < i2d_PKCS7(p7, NULL)) { + SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL); + ret = SAR_IndataLenErr; + goto end; + } + + if ((len = i2d_PKCS7(p7, &pucDerP7DigestedData)) <= 0) { + SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); + goto end; + } + + ret = SAR_Ok; + +end: + PKCS7_free(p7); + BIO_free(p7bio); return ret; } /* 7.4.9 */ int SAF_Pkcs7_DecodeDigestedData( void *hAppHandle, - unsigned int uiDigestAlgorithm, - unsigned char *pucDerP7DigestedData, + unsigned char pucDerP7DigestedData, unsigned int uiDerP7DigestedDataLen, + unsigned int *puiDigestAlgorithm, unsigned char *pucData, - unsigned int uiDataLen, + unsigned int *puiDataLen, unsigned char *pucDigest, unsigned int *puiDigestLen) { int ret = SAR_UnknownErr; + PKCS7 *p7 = NULL; + PKCS7_DIGEST *p7dgst; + ASN1_OCTET_STRING *data; + + if (!hAppHandle || !puiDigestAlgorithm || !puiDataLen || !puiDigestLen) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!pucData) { + *puiDataLen = uiDerP7DigestedDataLen; + return SAR_Ok; + } + + if (!pucDigest) { + *puiDigestLen = EVP_MAX_MD_SIZE; + return SAR_Ok; + } + + if (uiDerP7DigestedDataLen <= 0 || uiDerP7DigestedDataLen > INT_MAX + || *puiDataLen <= 0 || *puiDataLen > INT_MAX + || *puiDigestLen <= 0 || *puiDigestLen > INT_MAX) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + + /* process */ + if (!(p7 = d2i_PKCS7(NULL, &pucDerP7DigestedData, uiDerP7DigestedDataLen))) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7); + ret = SAR_IndataErr; + goto end; + } + + if (!PKCS7_type_is_digest(p7)) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_TYPE; + ret = SAR_IndataErr; + goto end; + } + p7dgst = p7->d.digest; + + /* output digset algor */ + if ((*puiDigestAlgorithm = EVP_MD_sgd( + EVP_get_digestbyobj(p7dgst->md->algorithm))) <= 0) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_UNSUPPORTED_DIGEST_ALGOR; + ret = SAR_IndataErr; + goto end; + } + + /* output digested data */ + if (!PKCS7_type_is_data(p7dgst->contents)) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA); + ret = SAR_IndataErr; + goto end; + } + + if (!(data = p7dgst->contents->d.data)) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA); + ret = SAR_IndataErr; + goto end; + } + + if (*puiDataLen < ASN1_OCTET_STRING_length(data)) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_BUFFER_TOO_SMALL); + ret = SAR_IndataLenErr; + goto end; + } + memcpy(pucData, ASN1_OCTET_STRING_get0_data(data), ASN1_OCTET_STRING_length(data)); + *puiDataLen = ASN1_OCTET_STRING_length(data); + + /* output digest */ + if (!p7dgst->digest) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA); + ret = SAR_IndataErr; + goto end; + } + + if (*puiDigestLen < ASN1_OCTET_STRING_length(p7dgst->digest)) { + SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_BUFFER_TOO_SMALL); + ret = SAR_IndataLenErr; + goto end; + } + memcpy(pucDigest, ASN1_OCTET_STRING_get0_data(p7dgst->digest), ASN1_OCTET_STRING_length(p7dgst->digest)); + *puiDigestLen = ASN1_OCTET_STRING_length(p7dgst->digest); + + ret = SAR_Ok; +end: + PKCS7_free(p7); return ret; } diff --git a/crypto/saf/saf_sm2.c b/crypto/saf/saf_sm2.c index 16efd49b..42b62e34 100644 --- a/crypto/saf/saf_sm2.c +++ b/crypto/saf/saf_sm2.c @@ -57,7 +57,6 @@ int SAF_SM2_EncodeSignedAndEnvelopedData( void *hAppHandle, unsigned char *pucSignContainerName, unsigned int uiSignContainerNameLen, - unsigned int uiSignKeyUsage, unsigned char *pucSignerCertificate, unsigned int uiSignerCertificateLen, unsigned int uiDigestAlgorithm, @@ -69,8 +68,20 @@ int SAF_SM2_EncodeSignedAndEnvelopedData( unsigned char *pucDerSignedAndEnvelopedData, unsigned int *puiDerSignedAndEnvelopedDataLen) { - int ret = SAR_UnknownErr; - return 0; + return SAF_Pkcs7_EncodeData( + hAppHandle, + pucSignContainerName, + uiSignContainerNameLen, + pucSignerCertificate, + uiSignerCertificateLen, + uiDigestAlgorithm, + pucEncCertificate, + uiEncCertificateLen, + uiSymmAlgorithm, + pucData, + uiDataLen, + pucDerSignedAndEnvelopedData, + puiDerSignedAndEnvelopedDataLen); } /* 7.4.11 */ @@ -78,16 +89,25 @@ int SAF_SM2_DecodeSignedAndEnvelopedData( void *hAppHandle, unsigned char *pucDerContainerName, unsigned int uiDerContainerNameLen, - unsigned int uiDecKeyUsage, unsigned char *pucDerSignedAndEnvelopedData, unsigned int uiDerSignedAndEnvelopedDataLen, unsigned char *pucData, unsigned int *puiDataLen, unsigned char *pucSignerCertificate, unsigned int *puiSignerCertificateLen, - unsigned int *puiDigestAlgorithms) + unsigned int *puiDigestAlgorithm) { - return 0; + return SAF_Pkcs7_DecodeData( + hAppHandle, + pucDerContainerName, + uiDerContainerNameLen, + pucDerSignedAndEnvelopedData, + uiDerSignedAndEnvelopedDataLen, + pucData, + puiDataLen, + pucSignerCertificate, + puiSignerCertificateLen, + puiDigestAlgorithm); } /* 7.4.12 */ diff --git a/crypto/sof/sof_lib.c b/crypto/sof/sof_lib.c index 6eaaf77f..ac0cba87 100644 --- a/crypto/sof/sof_lib.c +++ b/crypto/sof/sof_lib.c @@ -54,6 +54,8 @@ static long sof_sign_method = SGD_SM2; static long sof_enc_method = SGD_SM4_CBC; static long sof_last_error = SOR_OK; +static void *sof_app = NULL; +static int sof_user_type = SGD_USER; BSTR SOF_GetVersion(void) @@ -97,11 +99,23 @@ BSTR SOF_ExportUserCert(BSTR ContainerName) return NULL; } -/* LOGIN CMD ? */ BOOL SOF_Login(BSTR ContainerName, BSTR PassWd) { - SOFerr(SOF_F_SOF_LOGIN, SOF_R_NOT_IMPLEMENTED); - return NULL; + unsigned int uiRemainCount; + + if ((rv = SAF_Login( + sof_app, + sof_user_type, + (unsigned char *)ContainerName, + (unsigned int)strlen(ContainerName), + (unsigned char *)PassWd, + (unsigned int)strlen(PassWd), + &uiRemainCount)) != SAR_Ok) { + SOFerr(SOF_F_SOF_LOGIN, ERR_R_SAF_LIB); + return FALSE; + } + + return TRUE; } long SOF_GetPinRetryCount(BSTR ContainerName) @@ -112,12 +126,30 @@ long SOF_GetPinRetryCount(BSTR ContainerName) BOOL SOF_ChangePassWd(BSTR ContainerName, BSTR OldPassWd, BSTR NewPassWd) { - SOFerr(SOF_F_SOF_CHANGEPASSWD, SOF_R_NOT_IMPLEMENTED); - return NULL; + int rv; + unsigned int uiRemainCount; + + if ((rv = SAF_ChangePin( + sof_app, + sof_user_type, + (unsigned char *)ContainerName, + (unsigned int)strlen(ContainerName), + (unsigned char *)OldPassWd, + (unsigned int)strlen(OldPassWd), + (unsigned char *)NewPassWd, + (unsigned int)strlen(NewPassWd), + &uiRemainCount)) != SAR_Ok) { + SOFerr(SOF_F_SOF_CHANGEPASSWD, ERR_R_SAF_LIB); + return FALSE; + } + + return TRUE; } BSTR SOF_ExportExchangeUserCert(BSTR ContainerName) { + + SOFerr(SOF_F_SOF_EXPORTEXCHANGEUSERCERT, SOF_R_NOT_IMPLEMENTED); return NULL; } @@ -125,6 +157,40 @@ BSTR SOF_ExportExchangeUserCert(BSTR ContainerName) /* `type` defined as SGD_CERT_XXX, SGD_EXT_XXX in sgd.h */ BSTR SOF_GetCertInfo(BSTR Base64EncodeCert, short Type) { + // decode x.509 in pem format + + switch (Type) { + case SGD_CERT_VERSION: + case SGD_CERT_SERIAL: + case SGD_CERT_ISSUER: + case SGD_CERT_VALID_TIME: + case SGD_CERT_SUBJECT: + case SGD_CERT_DER_PUBLIC_KEY: + case SGD_CERT_DER_EXTENSIONS: + case SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO: + case SGD_EXT_SUBJECTKEYIDENTIFIER_INFO: + case SGD_EXT_KEYUSAGE_INFO: + case SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO: + case SGD_EXT_CERTIFICATEPOLICIES_INFO: + case SGD_EXT_POLICYMAPPINGS_INFO: + case SGD_EXT_BASICCONSTRAINTS_INFO: + case SGD_EXT_POLICYCONSTRAINTS_INFO: + case SGD_EXT_EXTKEYUSAGE_INFO: + case SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO: + case SGD_EXT_NETSCAPE_CERT_TYPE_INFO: + case SGD_EXT_SELFDEFINED_EXTENSION_INFO: + case SGD_CERT_ISSUER_CN: + case SGD_CERT_ISSUER_O: + case SGD_CERT_ISSUER_OU: + case SGD_CERT_SUBJECT_CN: + case SGD_CERT_SUBJECT_O: + case SGD_CERT_SUBJECT_OU: + case SGD_CERT_SUBJECT_EMAIL: + case SGD_CERT_NOTBEFORE_TIME: + case SGD_CERT_NOTAFTER_TIME: + default: + } + SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED); return NULL; } @@ -147,11 +213,45 @@ long SOF_ValidateCert(BSTR Base64EncodeCert) return 0; } -/* PKCS #7 or CMS ? */ BSTR SOF_SignData(BSTR ContainerName, BSTR InData) { - SOFerr(SOF_F_SOF_SIGNDATA, SOF_R_NOT_IMPLEMENTED); - return NULL; + char *ret = NULL; + char *b64 = NULL; + unsigned int uiHashAlgoType; + unsigned char *pucInData = NULL; + unsigned int uiInDataLen; + unsigned char pucSignature[256]; + unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature); + + if (SOF_Decode(InData, &pucInData, &uiInDataLen) != SOR_OK) { + SOFerr(SOF_F_SOF_SIGNDATA, SOF_R_DECODE_FAILURE); + goto end; + } + + rv = SAF_RsaSign( + hAppHandle, + (unsigned char *)ContainerName, + (unsigned int)strlen(ContainerName), + uiHashAlgoType, + pucInData, + uiInDataLen, + pucSignature, + &uiSignatureLen); + + rv = SAF_EccSign( + hAppHandle, + (unsigned char *)ContainerName, + (unsigned int)strlen(ContainerName), + uiHashAlgoType, + pucInData, + uiInDataLen, + pucSignature, + &uiSignatureLen); + +end: + OPENSSL_free(b64); + OPENSSL_free(pucInData); + return ret; } BOOL SOF_VerifySignedData(BSTR Base64EncodeCert, BSTR InData, BSTR SignValue) @@ -162,20 +262,66 @@ BOOL SOF_VerifySignedData(BSTR Base64EncodeCert, BSTR InData, BSTR SignValue) BSTR SOF_SignFile(BSTR ContainerName, BSTR InFile) { - SOFerr(SOF_F_SOF_SIGNFILE, SOF_R_NOT_IMPLEMENTED); - return NULL; + BSTR ret; + unsigned char *pucInData = NULL; + unsigned int uiInDataLen; + unsigned char pucSignature[256]; + unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature); + + if (SOF_ReadFile(InFile, &pucInData, &uiInDataLen) != SOR_OK) { + SOFerr(SOF_F_SOF_SIGNFILE, SOF_R_READ_FILE_FAILURE); + return NULL; + } + + if ((rv = SAF_EccSign( + hAppHandle, + (unsigned char *)ContainerName, + (unsigned int)strlen(ContainerName), + uiHashAlgoType, + pucInData, + uiInDataLen, + pucSignature, + &uiSignatureLen)) != SAR_Ok) { + SOFerr(SOF_F_SOF_SIGNFILE, ERR_R_SAF_LIB); + goto end; + } + + if (!(b64 = SOF_Encode(pucSignature, uiSignatureLen))) { + } + + ret = b64; + b64 = NULL; + +end: + OPENSSL_free(b64); + OPENSSL_free(pucInData); + return ret; } BOOL SOF_VerifySignedFile(BSTR Base64EncodeCert, BSTR InFile, BSTR SignValue) { - SOFerr(SOF_F_SOF_VERIFYSIGNEDFILE, SOF_R_NOT_IMPLEMENTED); - return 0; } BSTR SOF_EncryptData(BSTR Base64EncodeCert, BSTR InData) { - SOFerr(SOF_F_SOF_ENCRYPTDATA, SOF_R_NOT_IMPLEMENTED); - return NULL; + char *ret = NULL; + unsigned char *pucCertificate = NULL; + unsigned int uiCertificateLen; + unsigned char *pucInData = NULL; + unsigned int uiInDataLen; + + if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK + || SOF_Decode(InData, &pucInData, &uiInDataLen) != SOR_OK + || (rv = SAF_EccPublicKeyEncByCert( + pucCertificate, + uiCertificateLen, + uiAlgorithmID, + pucInData, + uiInDataLen, + pucOutData, + puiOutDataLen)) != SAR_Ok) { + } + } BSTR SOF_DecryptData(BSTR ContainerName, BSTR InData) @@ -186,14 +332,40 @@ BSTR SOF_DecryptData(BSTR ContainerName, BSTR InData) BOOL SOF_EncryptFile(BSTR Base64EncodeCert, BSTR InFile, BSTR OutFile) { - SOFerr(SOF_F_SOF_ENCRYPTFILE, SOF_R_NOT_IMPLEMENTED); - return 0; + int ret = FALSE; + int rv; + unsigned char *pucCertificate = NULL; + unsigned int uiCertificateLen; + + if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK) { + SOFerr(SOF_F_SOF_ENCRYPTFILE, SOF_R_DECODE_FAILURE); + goto end; + } + + if ((rv = SAF_EccPublicKeyEncByCert( + pucCertificate, + uiCertificateLen, + uiAlgorithmID, + pucInData, + uiInDataLen, + pucOutData, + puiOutDataLen)) != SAR_Ok) { + SOFerr(SOF_F_SOF_ENCRYPTFILE, ERR_R_SAF_LIB); + goto end; + } + + ret = TRUE; + +end: + OPENSSL_free(pucCertificate); + return ret; } + BOOL SOF_DecryptFile(BSTR ContainerName, BSTR InFile, BSTR OutFile) { - SOFerr(SOF_F_SOF_DECRYPTFILE, SOF_R_NOT_IMPLEMENTED); - return 0; + int ret = FALSE; + int rv; } BSTR SOF_SignMessage(short flag, BSTR ContainerName, BSTR InData) @@ -216,6 +388,15 @@ BSTR SOF_GetInfoFromSignedMessage(BSTR SignedMessage, short Type) BSTR SOF_SignDataXML(BSTR ContainerName, BSTR InData) { + int rv; + unsigned char outbuf[1024]; + + if ((rv = SAF_EccSignFile( + hAppHandle, + (unsigned char *)ContainerName, + (unsigned int)strlen(ContainerName), + sof_digest_method, + SOFerr(SOF_F_SOF_SIGNDATAXML, SOF_R_NOT_IMPLEMENTED); return NULL; } @@ -232,11 +413,27 @@ BSTR SOF_GetXMLSignatureInfo(BSTR XMLSignedData, short Type) return NULL; } -/* return base64 encoded data */ BSTR SOF_GenRandom(short RandomLen) { - SOFerr(SOF_F_SOF_GENRANDOM, SOF_R_NOT_IMPLEMENTED); - return NULL; + int rv; + unsigned char *ret = NULL; + unsigned char *bin = NULL; + unsigned char *b64 = NULL; + + if (!(bin = OPENSSL_malloc(RandomLen)) + || !(ret = OPENSSL_zalloc((RandomLen * 4)/3 + 128)) + || (rv = SAF_GenRandom(RandomLen, buf)) != SAR_Ok + || (rv = SAF_Base64_Encode(buf, RandomLen, ret, &retlen)) != SAR_Ok) { + goto end; + } + + ret = b64; + b64 = NULL; + +end: + OPENSSL_free(bin); + OPENSSL_free(b64); + return ret; } long SOF_GetLastError(void) diff --git a/include/openssl/gmsaf.h b/include/openssl/gmsaf.h index 5f11e941..12110780 100644 --- a/include/openssl/gmsaf.h +++ b/include/openssl/gmsaf.h @@ -111,7 +111,9 @@ int ERR_load_SAF_strings(void); # define SAF_F_SAF_LOGOUT 135 # define SAF_F_SAF_MACFINAL 136 # define SAF_F_SAF_MACUPDATE 137 +# define SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA 149 # define SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA 138 +# define SAF_F_SAF_PKCS7_ENCODESIGNEDDATA 150 # define SAF_F_SAF_REMOVECACERTIFICATE 139 # define SAF_F_SAF_REMOVEROOTCACERTIFICATE 140 # define SAF_F_SAF_RSASIGN 141 @@ -133,6 +135,7 @@ int ERR_load_SAF_strings(void); # define SAF_R_INT_OVERFLOW 106 # define SAF_R_INVALID_ALGOR 107 # define SAF_R_INVALID_CERTIFICATE 108 +# define SAF_R_INVALID_DIGEST_ALGOR 122 # define SAF_R_INVALID_HANDLE 109 # define SAF_R_INVALID_INDEX 110 # define SAF_R_INVALID_INPUT_LENGTH 111 @@ -142,6 +145,7 @@ int ERR_load_SAF_strings(void); # define SAF_R_INVALID_LENGTH 115 # define SAF_R_INVALID_PUBLIC_KEY 116 # define SAF_R_LOAD_CERTS_FAILURE 117 +# define SAF_R_LOAD_KEY_FAILURE 123 # define SAF_R_MAC_FAILURE 118 # define SAF_R_NOT_SUPPORTED 119 # define SAF_R_OPERATION_NOT_INITIALIZED 120 diff --git a/include/openssl/pem3.h b/include/openssl/pem3.h new file mode 100644 index 00000000..baa137d6 --- /dev/null +++ b/include/openssl/pem3.h @@ -0,0 +1,93 @@ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_PEM3_H +#define HEADER_PEM3_H + +#include +#include +#include +#include +#include + + +#ifdef __cplusplus +extern "C" { +#endif + + +#include + + +#define PEM_STRING_PAILLIER "PAILLIER PRIVATE KEY" +#define PEM_STRING_PAILLIER_PUBLIC "PAILLIER PUBLIC KEY" +#define PEM_STRING_CPK_PARAMS "CPK PUBLIC PARAMETERS" +#define PEM_STRING_CPK_MASTER "CPK MASTER SECRET" +#define PEM_STRING_SM9_PARAMS "SM9 PUBLIC PARAMETERS" +#define PEM_STRING_SM9_MASTER "SM9 MASTER SECRET" +#define PEM_STRING_SM9_PRIVATE "SM9 PRIVATE KEY" +#define PEM_STRING_BFIBE_PARAMS "BFIBE PUBLIC PARAMETERS" +#define PEM_STRING_BFIBE_MASTER "BFIBE MASTER SECRET" +#define PEM_STRING_BFIBE_PRIVATE "BFIBE PRIVATE KEY" +#define PEM_STRING_BB1IBE_PARAMS "BB1IBE PUBLIC PARAMETERS" +#define PEM_STRING_BB1IBE_MASTER "BB1IBE MASTER SECRET" +#define PEM_STRING_BB1IBE_PRIVATE "BB1IBE PRIVATE KEY" + +/* +DECLARE_PEM_rw_cb(PaillierPrivateKey, PAILLIER) +DECLARE_PEM_rw(PaillierPrivateKey, PAILLIER) +DECLARE_PEM_rw_cb(CPK_PUBLIC_PARAM, CPK) +DECLARE_PEM_rw_cb(CPK_PUBLIC_PARAMS, CPK) +*/ + + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/saf.h b/include/openssl/saf.h index b6092a49..6c34a825 100644 --- a/include/openssl/saf.h +++ b/include/openssl/saf.h @@ -580,12 +580,12 @@ int SAF_Pkcs7_EncodeData( void *hAppHandle, unsigned char *pucSignContainerName, unsigned int uiSignContainerNameLen, - unsigned int uiSignKeyUsage, unsigned char *pucSignerCertificate, unsigned int uiSignerCertificateLen, unsigned int uiDigestAlgorithm, unsigned char *pucEncCertificate, unsigned int uiEncCertificateLen, + unsigned int uiSymmAlgorithm, unsigned char *pucData, unsigned int uiDataLen, unsigned char *pucDerP7Data, @@ -649,7 +649,7 @@ int SAF_Pkcs7_EncodeDigestedData( int SAF_Pkcs7_DecodeDigestedData( void *hAppHandle, - unsigned int uiDigestAlgorithm, + unsigned int *puiDigestAlgorithm, unsigned char *pucDerP7DigestedData, unsigned int uiDerP7DigestedDataLen, unsigned char *pucData, diff --git a/java/SOF.java b/java/SOF.java new file mode 100755 index 00000000..e43db421 --- /dev/null +++ b/java/SOF.java @@ -0,0 +1,109 @@ +/* ==================================================================== + * Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +public class SOF { + + + + + + + + + //public native long initCertAppPolicy(String PolicyName); + + + public native boolean getCertTrustList(String ctlAltName, String ctlContent); + public native String getCertTrustListAltNames(); + public native String getCertTrustList(String ctrlAltName); + public native long delCertTrustList(String ctlAltName); + public native String getInstance(String policyName); + public native long setSignMethod(long SignMethod); + public native long getSignMethod(); + public native long setEncryptMethod(long EncryptMethod); + public native long getEncryptMethod(); + public native getServerCertificate(); + public native getServerCertificateByUsage(short certUsage); + public native String genRandom(short randomLen); + public native String getCertInfo(String base64EncodeCert, int type); + public native String getCertInfoByOid(String base64EncodeCert, String oid); + public native long validateCert(String base64EncodeCert); + public native String signData(byte [] inData); + public native boolean verifySignedData(String Base64EncodeCert, String InData, String SignValue); + public native String signFile(String ContainerName, String InFile); + public native boolean verifySignedFile(String Base64EncodeCert, String InFile, String SignValue); + public native String encryptData(String Base64EncodeCert, String InData); + public native String decryptData(String ContainerName, String InData); + public native boolean encryptFile(String Base64EncodeCert, String InFile, String OutFile); + public native boolean decryptFile(String ContainerName, String InFile, String OutFile); + public native String signMessage(short flag, String ContainerName, String InData); + public native boolean verifySignedMessage(String MessageData, String InData); + public native String getInfoFromSignedMessage(String SignedMessage, short Type); + public native boolean signMessageDetach(); + public native boolean verifySignedMessageDetach(); + public native String signDataXML(String ContainerName, String InData); + public native boolean verifySignedDataXML(String InData); + public native String getXMLSignatureInfo(String XMLSignedData, short Type); + public native String createTimeStampRequest(String InData); + public native String createTimeStampResponse(String TimeStampRequest); + public native long verifyTimeStamp(String InData, String tsResponseData); + public native String getTimeStampInfo(String tsResponseData, short type); + public native long getLastError(void); + + public static void main(String[] args) { + final GmSSL gmssl = new GmSSL(); + System.out.println(gmssl.getVersion(0)); + System.out.println("IV length = " + gmssl.getCipherIVLength("aes-128-cbc")); + } + + static { + System.loadLibrary("gmsof"); + } +} + diff --git a/test/saftest.c b/test/saftest.c index 091a5256..80ba1529 100644 --- a/test/saftest.c +++ b/test/saftest.c @@ -61,9 +61,67 @@ int main(int argc, char **argv) #else # include +static int test_saf_base64(int verbose) +{ + return 0; +} + +static int test_saf_cert(int verbose) +{ + return 0; +} + +static int test_saf_ec(int verbose) +{ + return 0; +} + +static int test_saf_hash(int verbose) +{ + return 0; +} + +static int test_saf_mac(int verbose) +{ + return 0; +} + +static int test_saf_pkcs7(int verbose) +{ + return 0; +} + +static int test_saf_rand(int verbose) +{ + return 0; +} + +static int test_saf_rsa(int verbose) +{ + return 0; +} + +static int test_saf_sm2(int verbose) +{ + return 0; +} + int main(int argc, char **argv) { int err = 0; + int verboe = 2; + + if (!test_saf_base64(verbose)) err++; + if (!test_saf_cert(verbose)) err++; + if (!test_saf_ec(verbose)) err++ + if (!test_saf_enc(verbose)) err++; + if (!test_saf_hash(verbose)) err++; + if (!test_saf_mac(verbose)) err++; + if (!test_saf_pkcs7(verbose)) err++; + if (!test_saf_rand(verbose)) err++; + if (!test_saf_rsa(verbose)) err++; + if (!test_saf_sm2(verbose)) err++; + return err; } #endif diff --git a/util/mkdef.pl b/util/mkdef.pl index b8e41b8f..ffe401be 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -132,6 +132,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMAC", # APPLINK (win build feature?) "APPLINK", + # GmSSL "SM3", "SMS4", "KDF2", "ECIES", "FFX", "SM2", "PAILLIER", "CPK", "OTP", "GMAPI", "EC2", "BFIBE", "BB1IBE", "SM9", "SAF", "SDF", "SKF", "SOF", "ZUC" ); @@ -309,6 +310,39 @@ $crypto.=" include/openssl/modes.h"; $crypto.=" include/openssl/async.h"; $crypto.=" include/openssl/ct.h"; $crypto.=" include/openssl/kdf.h"; +# GmSSL +$crypto.=" include/openssl/bb1ibe.h"; +$crypto.=" include/openssl/bfibe.h"; +$crypto.=" include/openssl/bn_gfp2.h"; +$crypto.=" include/openssl/bn_hash.h"; +$crypto.=" include/openssl/bn_solinas.h"; +$crypto.=" include/openssl/cpk.h"; +$crypto.=" include/openssl/ec_hash.h"; +$crypto.=" include/openssl/ec_type1.h"; +$crypto.=" include/openssl/ecies.h"; +$crypto.=" include/openssl/ffx.h"; +$crypto.=" include/openssl/fppoint.h"; +$crypto.=" include/openssl/gmapi.h"; +$crypto.=" include/openssl/gmsaf.h"; +$crypto.=" include/openssl/gmsdf.h"; +$crypto.=" include/openssl/gmskf.h"; +$crypto.=" include/openssl/gmsof.h"; +$crypto.=" include/openssl/kdf2.h"; +$crypto.=" include/openssl/otp.h"; +$crypto.=" include/openssl/paillier.h"; +$crypto.=" include/openssl/pem3.h"; +$crypto.=" include/openssl/saf.h"; +$crypto.=" include/openssl/sdf.h"; +$crypto.=" include/openssl/sgd.h"; +$crypto.=" include/openssl/skf.h"; +$crypto.=" include/openssl/sm1.h"; +$crypto.=" include/openssl/sm2.h"; +$crypto.=" include/openssl/sm3.h"; +$crypto.=" include/openssl/sm9.h"; +$crypto.=" include/openssl/sms4.h"; +$crypto.=" include/openssl/sof.h"; +$crypto.=" include/openssl/ssf33.h"; +$crypto.=" include/openssl/zuc.h"; my $symhacks="include/openssl/symhacks.h";