abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-17 02:14:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

update saf

Browse Source
This commit is contained in:
Zhi Guan
2017-03-03 22:24:12 +08:00
parent df18c19abc
commit 67eda02ef2
13 changed files with 860 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

313
crypto/saf/saf_pkcs7.c
View File

@@ -58,18 +58,29 @@ int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
STACK_OF(X509) *encerts = NULL;
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
p7 = PKCS7_sign(NULL, NULL, other, in, flags);
return ret;
}
@@ -82,6 +93,14 @@ int SAF_Pkcs7_DecodeData(
return ret;
}
EVP_PKEY *SAF_LoadPrivateKey(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen)
{
return NULL;
}
/* 7.4.4 */
int SAF_Pkcs7_EncodeSignedData(
void *hAppHandle,
@@ -97,6 +116,64 @@ int SAF_Pkcs7_EncodeSignedData(
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *data = NULL;
if (!hAppHandle || !pucSignContainerName || !pucSignerCertificate
|| !pucData || !pucDerP7Data || !puiDerP7DataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiSignContainerNameLen <= 0 || uiSignContainerNameLen > INT_MAX
|| uiSignerCertificateLen <= 0 || uiSignerCertificateLen > INT_MAX
|| uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_LoadPrivateKey(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_LOAD_KEY_FAILURE);
goto end;
}
if (!(x509 = d2i_X509(NULL, &pucSignerCertificate, uiSignerCertificateLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
if (!(data = BIO_new_mem_buf(pucData, uiDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_BIO_LIB);
goto end;
}
if (!(p7 = PKCS7_sign(x509, pkey, NULL, data, PKCS7_BINARY))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7Data)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
*puiDerP7DataLen = len;
ret = SAR_Ok;
end:
PKCS7_free(p7);
X509_free(x509);
BIO_free(data);
return ret;
}
@@ -105,15 +182,46 @@ int SAF_Pkcs7_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerP7SignedData,
unsigned int uiDerP7SignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucSign,
unsigned int *puiSignLen)
unsigned int *puiDataLen,
unsigned char *pucSig,
unsigned int *puiSigLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
X509 *x509 = NULL;
p7 = d2i_PKCS7(NULL, &pucDerP7SignedData, uiDerP7SignedDataLen);
if (!PKCS7_type_is_signed(p7)) {
goto end;
}
PKCS7_SIGNED *p7signed = p7->d.sign;
X509_ALGOR *algor = sk_X509_ALGOR_value(p7signed->md_algs, 0);
const EVP_MD *md = EVP_get_digestbyobj(algor->algorithm);
*puiDigestAlgorithm = EVP_MD_sdg(md);
X509 *x509 = sk_X509_ALGOR_value(p7signed->cert);
PKCS7_SIGNER_INFO *signer_info = sk_PKCS7_SIGNER_INFO_value(p7signed->signer_info, 0);
PKCS7 *p7data = p7signed->contents;
if (!PKCS7_type_is_data(p7data)) {
goto end;
}
ASN1_OCTET_STRING *data = p7data->d.data;
*puiDataLen = ASN1_OCTET_STRING_length(data);
memcpy(pucData, ASN1_OCTET_STRING_get0_data(data), *puiDataLen);
PKCS7_verify(p7, NULL, chain_store, NULL, outbio, flags);
return ret;
}
@@ -212,13 +320,64 @@ int SAF_Pkcs7_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned int uiDecKeyUsage,
unsigned char *pucDerP7EnvelopedData,
unsigned int uiDerP7EnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
BUF_MEM *buf = NULL;
if (!hAppHandle || !pucDecContainerName || !pucDerP7EnvelopedData || !pucData)
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDecContainerNameLen <= 0 || uiDecContainerNameLen > INT_MAX
|| uiDerP7EnvelopedDataLen <= 0 || uiDerP7EnvelopedDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAR_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!pucData) {
*puiDataLen = uiDerP7EnvelopedDataLen;
return SAR_Ok;
} else if (*puiDataLen <= 0 || *puiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAR_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_load_private_key(app, pucDecContainerName,
uiDecContainerNameLen, SGD_PK_ENC))) {
}
if (!(x509 = SAF_LoadCertificate(app, pucDecContainerName,
uiDecContainerNameLen, SGD_PK_ENC))) {
}
if (!(bio = BIO_new(BIO_s_membuf()))) {
}
if (!PKCS7_decrypt(p7, pkey, x509, bio, 0)) {
}
if (!BIO_get_mem_buf(bio, &buf)) {
}
memcpy(pucData, buf->data, buf->length);
*puiDataLen = buf->length;
ret = SAR_Ok;
end:
PKCS7_free(p7);
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free(bio);
return ret;
}
@@ -232,20 +391,154 @@ int SAF_Pkcs7_EncodeDigestedData(
unsigned int *puiDerP7DigestedDataLen)
{
int ret = SAR_UnknownErr;
const EVP_MD *md;
PKCS7 *p7 = NULL;
BIO *p7bio = NULL;
int len;
if (!hAppHandle || !pucData || !pucDerP7DigestedData
|| !puiDerP7DigestedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
if (!(p7 = PKCS7_new())
|| !PKCS7_set_type(p7, NID_pkcs7_digest)
|| !PKCS7_set_digest(p7, md)
|| !PKCS7_content_new(p7, NID_pkcs7_data)
|| !(p7bio = PKCS7_dataInit(p7, NULL))
|| BIO_write(p7bio, pucData, (int)uiDataLen) != uiDataLen
|| !PKCS7_dataFinal(p7, p7bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DigestedDataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7DigestedData)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
ret = SAR_Ok;
end:
PKCS7_free(p7);
BIO_free(p7bio);
return ret;
}
/* 7.4.9 */
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
unsigned char *pucDerP7DigestedData,
unsigned char pucDerP7DigestedData,
unsigned int uiDerP7DigestedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned int *puiDataLen,
unsigned char *pucDigest,
unsigned int *puiDigestLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
PKCS7_DIGEST *p7dgst;
ASN1_OCTET_STRING *data;
if (!hAppHandle || !puiDigestAlgorithm || !puiDataLen || !puiDigestLen) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!pucData) {
*puiDataLen = uiDerP7DigestedDataLen;
return SAR_Ok;
}
if (!pucDigest) {
*puiDigestLen = EVP_MAX_MD_SIZE;
return SAR_Ok;
}
if (uiDerP7DigestedDataLen <= 0 || uiDerP7DigestedDataLen > INT_MAX
|| *puiDataLen <= 0 || *puiDataLen > INT_MAX
|| *puiDigestLen <= 0 || *puiDigestLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(p7 = d2i_PKCS7(NULL, &pucDerP7DigestedData, uiDerP7DigestedDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7);
ret = SAR_IndataErr;
goto end;
}
if (!PKCS7_type_is_digest(p7)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_TYPE;
ret = SAR_IndataErr;
goto end;
}
p7dgst = p7->d.digest;
/* output digset algor */
if ((*puiDigestAlgorithm = EVP_MD_sgd(
EVP_get_digestbyobj(p7dgst->md->algorithm))) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_UNSUPPORTED_DIGEST_ALGOR;
ret = SAR_IndataErr;
goto end;
}
/* output digested data */
if (!PKCS7_type_is_data(p7dgst->contents)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (!(data = p7dgst->contents->d.data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDataLen < ASN1_OCTET_STRING_length(data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucData, ASN1_OCTET_STRING_get0_data(data), ASN1_OCTET_STRING_length(data));
*puiDataLen = ASN1_OCTET_STRING_length(data);
/* output digest */
if (!p7dgst->digest) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDigestLen < ASN1_OCTET_STRING_length(p7dgst->digest)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAR_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucDigest, ASN1_OCTET_STRING_get0_data(p7dgst->digest), ASN1_OCTET_STRING_length(p7dgst->digest));
*puiDigestLen = ASN1_OCTET_STRING_length(p7dgst->digest);
ret = SAR_Ok;
end:
PKCS7_free(p7);
return ret;
}