abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-26 23:23:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6 from guanzhi/master

Browse Source 
000
This commit is contained in:
Gorachya
2019-07-09 13:10:39 +08:00
committed by GitHub
parent 4d55e7b963 cfcffd03d0
commit 694d633022
185 changed files with 5829 additions and 27053 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Configure
View File

@@ -312,9 +312,9 @@ $config{sdirs} = [
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf",
"sm3", "base58", "sms4", "zuc", "serpent", "speck", "kdf2", "ffx", "otp",
"ecies", "sm2", "cpk", "paillier", "ec2", "sm9", "bfibe", "bb1ibe",
"gmapi", "skf", "sdf", "saf", "sof", "ecrs"
"sm3", "sms4", "zuc", "kdf2", "otp",
"ecies", "sm2", "paillier", "sm9",
"gmapi", "skf", "sdf"
];
# Known TLS and DTLS protocols
@@ -415,21 +415,13 @@ my @disablables = (
"sms4",
"kdf2",
"ecies",
"ffx",
"sm2",
"ecrs",
"paillier",
"cpk",
"otp",
"gmapi",
"ec2",
"bfibe",
"bb1ibe",
"sm9",
"saf",
"sdf",
"skf",
"sof",
"zuc",
"aes",
"sha",
@@ -437,9 +429,6 @@ my @disablables = (
"rsa",
"pem",
"pkcs7",
"serpent",
"speck",
"base58",
"java",
"ca",
"gmtls",
@@ -484,8 +473,6 @@ our %disabled = ( # "what" => "comment"
"skfeng" => "default",
"sdfeng" => "default",
"gmieng" => "default",
"cpk" => "default",
"speck" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table
@@ -504,15 +491,12 @@ my @disable_cascades = (
"dtls" => [ @dtls ],
"sm3" => [ "sm2" ],
"sdf" => [ "saf" ],
"saf" => [ "sof" ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"md5" => [ "ssl", "tls1", "tls1_1", "dtls1", "engine" ],
# current pkcs12 rfc only define sha1/des bag
"sha" => [ "ssl", "tls1", "tls1_1", "dtls1", "engine", "rsa", "dh", "dsa", "ocsp", "ct", "srp", "ts", "ec2", "cpk" ],
"sha" => [ "ssl", "tls1", "tls1_1", "dtls1", "engine", "rsa", "dh", "dsa", "ocsp", "ct", "srp", "ts"],
"aes" => [ "engine" ],
"ec2" => [ "sm9", "bfibe", "bb1ibe" ],
# Additionally, SSL 3.0 requires either RSA or DSA+DH
sub { $disabled{rsa}

2
apps/build.info
View File

@@ -11,7 +11,7 @@ IF[{- !$disabled{apps} -}]
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
srp.c ts.c verify.c version.c x509.c rehash.c \
apps.c opt.c s_cb.c s_socket.c \
app_rand.c cpk.c otp.c fpe.c paiutl.c \
app_rand.c otp.c paiutl.c \
sm2.c sm2utl.c sdf.c skf.c \
sm9param.c gensm9.c sm9.c sm9utl.c \
{- $target{apps_aux_src} -}

87
apps/cpk.c
View File

@@ -1,87 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* gmssl cpk -help
* gmssl cpk -genmsk <domain> -out <msk>
* gmssl cpk -params -text
* gmssl cpk -genkey -in <msk> -id <id>
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_CPK
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/evp.h>
# include <openssl/pem.h>
# include <openssl/cpk.h>
typedef enum OPTION_choice {
OPT_ERR = -1,
OPT_EOF = 0,
OPT_HELP
} OPTION_CHOICE;
OPTIONS cpk_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{NULL}
};
int cpk_main(int argc, char **argv)
{
printf("cpk not implemented\n");
return 0;
}
#endif

286
apps/fpe.c
View File

@@ -1,286 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2018 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_FPE
NON_EMPTY_TRANSLATION_UNIT
#else
# include <ctype.h>
# include <stdio.h>
# include <string.h>
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/evp.h>
# include <openssl/ffx.h>
# include "apps.h"
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_LIST,
OPT_E, OPT_D,
OPT_CIPHER, OPT_UPPER_K, OPT_TWEAK,
OPT_ENGINE, OPT_CONFIG
} OPTION_CHOICE;
OPTIONS fpe_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"ciphers", OPT_LIST, '-', "List ciphers"},
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"K", OPT_UPPER_K, 's', "Raw key, in hex"},
{"tweak", OPT_TWEAK, 's', "Tweak string"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"config", OPT_CONFIG, 's', "A config file"},
#endif
{NULL}
};
static void show_ciphers(const OBJ_NAME *name, void *bio_);
static int set_hex(char *in, unsigned char *out, int size);
int fpe_main(int argc, char **argv)
{
int ret = 1;
BIO *in = NULL, *out = NULL;
char *prog;
OPTION_CHOICE o;
int enc = 1;
unsigned char key[32] = {0};
char *hkey = NULL, *tweak = NULL;
const EVP_CIPHER *cipher = NULL;
CONF *conf = NULL;
char *configfile = default_config_file;
ENGINE *e = NULL;
char inbuf[32] = {0};
char outbuf[32] = {0};
FFX_CTX *ctx = NULL;
prog = opt_init(argc, argv, fpe_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
help:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(fpe_options);
ret = 0;
goto end;
case OPT_LIST:
BIO_printf(bio_err, "Supported ciphers:\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
show_ciphers, bio_err);
BIO_printf(bio_err, "\n");
goto end;
case OPT_E:
enc = 1;
break;
case OPT_D:
enc = 0;
break;
case OPT_UPPER_K:
hkey = opt_arg();
break;
case OPT_TWEAK:
tweak = opt_arg();
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &cipher))
goto help;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_CONFIG:
configfile = opt_arg();
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto help;
in = BIO_new_fp(stdin, BIO_NOCLOSE);
out = BIO_new_fp(stdout, BIO_NOCLOSE);
/* engine */
if (e)
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
if ((conf = app_load_config(configfile)) == NULL)
goto end;
if (configfile != default_config_file && !app_load_modules(conf))
goto end;
/* get cipher */
if (EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE) {
BIO_printf(bio_err, "%s: Only block cipher with ECB mode is supported\n", prog);
goto end;
}
/* get key */
if (!hkey) {
BIO_printf(bio_err, "%s: no key given\n", prog);
goto end;
}
if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "%s: invalid hex key value\n", prog);
goto end;
}
/* get tweak */
if (!tweak) {
BIO_printf(bio_err, "%s: `-tweak` required\n", prog);
goto end;
}
if (strlen(tweak) < FFX_MIN_TWEAKLEN || strlen(tweak) > FFX_MAX_TWEAKLEN) {
BIO_printf(bio_err, "%s: invalid tweak length, should be %d to %d\n",
prog, FFX_MIN_TWEAKLEN, FFX_MAX_TWEAKLEN);
goto end;
}
/* get input digits */
if (BIO_read(in, inbuf, sizeof(inbuf) - 1) <= 0) {
ERR_print_errors(bio_err);
goto end;
}
if (strlen(inbuf) < FFX_MIN_DIGITS || strlen(inbuf) > FFX_MAX_DIGITS) {
BIO_printf(bio_err, "%s: invalid digits length, should be %d to %d\n",
prog, FFX_MIN_DIGITS, FFX_MAX_DIGITS);
goto end;
}
/* encrypt/decrypt */
if (!(ctx = FFX_CTX_new())
|| !FFX_init(ctx, cipher, key, 0)) {
ERR_print_errors(bio_err);
goto end;
}
if (enc) {
if (!FFX_encrypt(ctx, inbuf, outbuf, strlen(inbuf),
(unsigned char *)tweak, strlen(tweak))) {
ERR_print_errors(bio_err);
goto end;
}
} else {
if (!FFX_decrypt(ctx, inbuf, outbuf, strlen(inbuf),
(unsigned char *)tweak, strlen(tweak))) {
ERR_print_errors(bio_err);
goto end;
}
}
if (BIO_write(out, outbuf, strlen(outbuf)) != strlen(outbuf)) {
ERR_print_errors(bio_err);
goto end;
}
BIO_puts(out, "\n");
ret = 0;
end:
BIO_free(in);
BIO_free(out);
OPENSSL_cleanse(key, sizeof(key));
if (enc)
OPENSSL_cleanse(inbuf, sizeof(inbuf));
FFX_CTX_free(ctx);
return ret;
}
static void show_ciphers(const OBJ_NAME *name, void *bio_)
{
BIO *bio = bio_;
static int n;
if (!islower((unsigned char)*name->name))
return;
BIO_printf(bio, "-%-25s", name->name);
if (++n == 3) {
BIO_printf(bio, "\n");
n = 0;
} else
BIO_printf(bio, " ");
}
static int set_hex(char *in, unsigned char *out, int size)
{
int i, n;
unsigned char j;
n = strlen(in);
if (n > (size * 2)) {
BIO_printf(bio_err, "hex string is too long\n");
return (0);
}
memset(out, 0, size);
for (i = 0; i < n; i++) {
j = (unsigned char)*in;
*(in++) = '\0';
if (j == 0)
break;
if (!isxdigit(j)) {
BIO_printf(bio_err, "non-hex digit\n");
return (0);
}
j = (unsigned char)OPENSSL_hexchar2int(j);
if (i & 1)
out[i / 2] |= j;
else
out[i / 2] = (j << 4);
}
return (1);
}
#endif

3
apps/gmssl.c
View File

@@ -545,9 +545,6 @@ static int SortFnByName(const void *_f1, const void *_f2)
static void list_disabled(void)
{
BIO_puts(bio_out, "Disabled algorithms:\n");
#ifdef OPENSSL_NO_CPK
BIO_puts(bio_out, "CPK\n");
#endif
#ifdef OPENSSL_NO_SM9
BIO_puts(bio_out, "SM9\n");
#endif

8
apps/progs.h
View File

@@ -28,7 +28,6 @@ extern int asn1parse_main(int argc, char *argv[]);
extern int ca_main(int argc, char *argv[]);
extern int ciphers_main(int argc, char *argv[]);
extern int cms_main(int argc, char *argv[]);
extern int cpk_main(int argc, char *argv[]);
extern int crl_main(int argc, char *argv[]);
extern int crl2pkcs7_main(int argc, char *argv[]);
extern int dgst_main(int argc, char *argv[]);
@@ -41,7 +40,6 @@ extern int enc_main(int argc, char *argv[]);
extern int engine_main(int argc, char *argv[]);
extern int errstr_main(int argc, char *argv[]);
extern int exit_main(int argc, char *argv[]);
extern int fpe_main(int argc, char *argv[]);
extern int gendsa_main(int argc, char *argv[]);
extern int genpkey_main(int argc, char *argv[]);
extern int genrsa_main(int argc, char *argv[]);
@@ -89,7 +87,6 @@ extern OPTIONS asn1parse_options[];
extern OPTIONS ca_options[];
extern OPTIONS ciphers_options[];
extern OPTIONS cms_options[];
extern OPTIONS cpk_options[];
extern OPTIONS crl_options[];
extern OPTIONS crl2pkcs7_options[];
extern OPTIONS dgst_options[];
@@ -102,7 +99,6 @@ extern OPTIONS enc_options[];
extern OPTIONS engine_options[];
extern OPTIONS errstr_options[];
extern OPTIONS exit_options[];
extern OPTIONS fpe_options[];
extern OPTIONS gendsa_options[];
extern OPTIONS genpkey_options[];
extern OPTIONS genrsa_options[];
@@ -157,9 +153,6 @@ static FUNCTION functions[] = {
#endif
#ifndef OPENSSL_NO_CMS
{ FT_general, "cms", cms_main, cms_options },
#endif
#ifndef OPENSSL_NO_CPK
{ FT_general, "cpk", cpk_main, cpk_options },
#endif
{ FT_general, "crl", crl_main, crl_options },
{ FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options },
@@ -185,7 +178,6 @@ static FUNCTION functions[] = {
#endif
{ FT_general, "errstr", errstr_main, errstr_options },
{ FT_general, "exit", exit_main, exit_options },
{ FT_general, "fpe", fpe_main, fpe_options },
#ifndef OPENSSL_NO_DSA
{ FT_general, "gendsa", gendsa_main, gendsa_options },
#endif

260
apps/speed.c
View File

@@ -202,7 +202,6 @@ typedef struct loopargs_st {
#ifndef OPENSSL_NO_SM9
SM9PublicParameters *sm9mpk[SM9_NUM];
SM9PrivateKey *sm9sk[SM9_NUM];
SM9MasterSecret *sm9mst[SM9_NUM];
#endif
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
@@ -1123,91 +1122,23 @@ static long sm9sign_c[SM9_NUM][2];
static int SM9_sign_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
SM9PrivateKey **sm9 = tempargs->sm9sk;
unsigned char *sm9sig = tempargs->buf2;
unsigned int *sm9siglen = &tempargs->siglen;
int ret, count;
for (count = 0; COND(sm9sign_c[testnum][0]); count++) {
ret = SM9_sign(NID_sm3, buf, 32, sm9sig, sm9siglen, sm9[testnum]);
if (ret == 0) {
BIO_printf(bio_err, "SM9 sign failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
}
return count;
return 1;
}
static char* sm9verify_id = "sm9_verify";
static size_t sm9verify_idlen = 10;
static int SM9_verify_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
SM9PublicParameters **sm9 = tempargs->sm9mpk;
unsigned char *sm9sig = tempargs->buf2;
unsigned int sm9siglen = tempargs->siglen;
int ret, count;
for (count = 0; COND(sm9sign_c[testnum][1]); count++) {
ret = SM9_verify(NID_sm3, buf, 32, sm9sig, sm9siglen, sm9[testnum], sm9verify_id, sm9verify_idlen);
if (ret != 1) {
BIO_printf(bio_err, "SM9 verify failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
}
return count;
return 1;
}
static long sm9enc_c[SM9_NUM][2];
static char* sm9enc_id = "sm9_enc";
static size_t sm9enc_idlen = 7;
static int SM9_encrypt_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
SM9PublicParameters **sm9 = tempargs->sm9mpk;
unsigned char *sm9cipher = tempargs->buf2;
size_t *sm9cipherlen = &tempargs->cipherlen;
int ret, count;
for (count = 0; COND(sm9enc_c[testnum][0]); count++) {
*sm9cipherlen = BUFSIZE;
ret = SM9_encrypt(NID_sm3, buf, 32, sm9cipher,
sm9cipherlen, sm9[testnum], sm9enc_id, sm9enc_idlen);
if (ret == 0) {
BIO_printf(bio_err, "SM9 encrypt failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
}
return count;
return 1;
}
static int SM9_decrypt_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
SM9PrivateKey **sm9 = tempargs->sm9sk;
unsigned char *sm9cipher = tempargs->buf2;
size_t sm9cipherlen = tempargs->cipherlen;
int ret, count;
for (count = 0; COND(sm9enc_c[testnum][0]); count++) {
size_t len = sm9cipherlen;
ret = SM9_decrypt(NID_sm3, sm9cipher, sm9cipherlen,
buf, &len, sm9[testnum]);
if (ret == 0) {
BIO_printf(bio_err, "SM9 decrypt failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
}
return count;
return 1;
}
#endif
@@ -1708,12 +1639,6 @@ int speed_main(int argc, char **argv)
static const int test_sm9_curves_bits[SM9_NUM] = {
256,
};
static const int test_sm9_scheme[SM9_NUM] = {
NID_sm9sign,
};
static const int test_sm9_hash1[SM9_NUM] = {
NID_sm9hash1_with_sm3,
};
int sm9sign_doit[SM9_NUM] = { 0 };
int sm9enc_doit[SM9_NUM] = { 0 };
#endif
@@ -3334,181 +3259,7 @@ int speed_main(int argc, char **argv)
#endif /* OPENSSL_NO_SM2 */
#ifndef OPENSSL_NO_SM9
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
}
for (testnum = 0; testnum < SM9_NUM; testnum++) {
int st = 1;
if (!sm9sign_doit[testnum])
continue; /* Ignore Curve */
for (i = 0; i < loopargs_len; i++) {
loopargs[i].sm9mst[testnum] = SM9_generate_master_secret(test_sm9_curves[testnum],
test_sm9_scheme[testnum], test_sm9_hash1[testnum]);
if (loopargs[i].sm9mst[testnum] == NULL) {
st = 0;
break;
}
}
if (st == 0) {
BIO_printf(bio_err, "SM9 failure.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
for (i = 0; i < loopargs_len; i++) {
/* Perform SM9 signature test */
loopargs[i].sm9sk[testnum] = SM9_extract_private_key(loopargs[i].sm9mst[testnum], sm9verify_id, sm9verify_idlen);
st = SM9_sign(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2,
&loopargs[i].siglen, loopargs[i].sm9sk[testnum]);
if (st == 0)
break;
}
if (st == 0) {
BIO_printf(bio_err,
"SM9 sign failure. No SM9 sign will be done.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
pkey_print_message("sign", "sm9",
sm9sign_c[testnum][0],
test_sm9_curves_bits[testnum], ECDSA_SECONDS);
Time_F(START);
count = run_benchmark(async_jobs, SM9_sign_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R7:%ld:%d:%.2f\n" :
"%ld %d bit SM9 signs in %.2fs \n",
count, test_sm9_curves_bits[testnum], d);
sm9sign_results[testnum][0] = d / (double)count;
rsa_count = count;
}
/* Perform SM9 verification test */
for (i = 0; i < loopargs_len; i++) {
loopargs[i].sm9mpk[testnum] = SM9_extract_public_parameters(loopargs[i].sm9mst[testnum]);
st = SM9_verify(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2,
loopargs[i].siglen, loopargs[i].sm9mpk[testnum], sm9verify_id, sm9verify_idlen);
if (st != 1)
break;
}
if (st != 1) {
BIO_printf(bio_err,
"SM9 verify failure. No SM9 verify will be done.\n");
ERR_print_errors(bio_err);
sm9sign_doit[testnum] = 0;
} else {
pkey_print_message("verify", "sm9",
sm9sign_c[testnum][1],
test_sm9_curves_bits[testnum], ECDSA_SECONDS);
Time_F(START);
count = run_benchmark(async_jobs, SM9_verify_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R8:%ld:%d:%.2f\n"
: "%ld %d bit SM9 verify in %.2fs\n",
count, test_sm9_curves_bits[testnum], d);
sm9sign_results[testnum][1] = d / (double)count;
}
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
for (testnum++; testnum < SM9_NUM; testnum++)
sm9sign_doit[testnum] = 0;
}
}
}
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
}
for (testnum = 0; testnum < SM9_NUM; testnum++) {
int st = 1;
if (!sm9enc_doit[testnum])
continue;
for (i = 0; i < loopargs_len; i++) {
loopargs[i].sm9mst[testnum] = SM9_generate_master_secret(test_sm9_curves[testnum],
test_sm9_scheme[testnum], test_sm9_hash1[testnum]);
if (loopargs[i].sm9mst[testnum] == NULL) {
st = 0;
break;
}
}
if (st == 0) {
BIO_printf(bio_err, "SM9 failure.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
for (i = 0; i < loopargs_len; i++) {
/* these 2 lines should be modified ? */
/*if (!nopre)
EC_KEY_precompute_mult(loopargs[i].sm9[testnum], NULL);*/
/* Perform SM9 encryption test */
loopargs[i].sm9mpk[testnum] = SM9_extract_public_parameters(loopargs[i].sm9mst[testnum]);
loopargs[i].cipherlen = BUFSIZE;
st = SM9_encrypt(NID_sm3, loopargs[i].buf, 32, loopargs[i].buf2,
&loopargs[i].cipherlen, loopargs[i].sm9mpk[testnum], sm9enc_id, sm9enc_idlen);
if (st == 0)
break;
}
if (st == 0) {
BIO_printf(bio_err,
"SM9 encryption failure. No SM9 encryption will be done.\n");
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
pkey_print_message("encrypt", "sm9",
sm9enc_c[testnum][0],
test_sm9_curves_bits[testnum], ECDSA_SECONDS);
Time_F(START);
count = run_benchmark(async_jobs, SM9_encrypt_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R7:%ld:%d:%.2f\n" :
"%ld %d bit SM9 encrypt in %.2fs \n",
count, test_sm9_curves_bits[testnum], d);
sm9enc_results[testnum][0] = d / (double)count;
rsa_count = count;
}
/* Perform SM9 verification test */
for (i = 0; i < loopargs_len; i++) {
loopargs[i].sm9sk[testnum] = SM9_extract_private_key(loopargs[i].sm9mst[testnum], sm9enc_id, sm9enc_idlen);
size_t len = loopargs[i].cipherlen;
st = SM9_decrypt(NID_sm3, loopargs[i].buf2, loopargs[i].cipherlen,
loopargs[i].buf, &len, loopargs[i].sm9sk[testnum]);
if (st == 0)
break;
}
if (st != 1) {
BIO_printf(bio_err,
"SM9 decrypt failure. No SM9 decrypt will be done.\n");
ERR_print_errors(bio_err);
sm9enc_doit[testnum] = 0;
} else {
pkey_print_message("decrypt", "sm9",
sm9enc_c[testnum][1],
test_sm9_curves_bits[testnum], ECDSA_SECONDS);
Time_F(START);
count = run_benchmark(async_jobs, SM9_decrypt_loop, loopargs);
d = Time_F(STOP);
BIO_printf(bio_err,
mr ? "+R8:%ld:%d:%.2f\n"
: "%ld %d bit SM9 decrypt in %.2fs\n",
count, test_sm9_curves_bits[testnum], d);
sm9enc_results[testnum][1] = d / (double)count;
}
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
for (testnum++; testnum < SM9_NUM; testnum++)
sm9sign_doit[testnum] = 0;
}
}
}
//FIXME: this is the core code,
#endif /* OPENSSL_NO_SM9 */
#ifndef NO_FORK
@@ -3779,7 +3530,6 @@ int speed_main(int argc, char **argv)
for (k = 0; k < SM9_NUM; k++) {
SM9PublicParameters_free(loopargs[i].sm9mpk[k]);
SM9PrivateKey_free(loopargs[i].sm9sk[k]);
SM9MasterSecret_free(loopargs[i].sm9mst[k]);
}
#endif
}

209
crypto/base58/base58.c
View File

@@ -1,209 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* Copyright 2012-2014 Luke Dashjr
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the standard MIT license. See COPYING for more details.
*/
#include <string.h>
#include <sys/types.h>
#include <openssl/err.h>
#include <openssl/e_os2.h>
#include <openssl/base58.h>
static const int8_t b58digits_map[] = {
-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,
-1, 0, 1, 2, 3, 4, 5, 6, 7, 8,-1,-1,-1,-1,-1,-1,
-1, 9,10,11,12,13,14,15, 16,-1,17,18,19,20,21,-1,
22,23,24,25,26,27,28,29, 30,31,32,-1,-1,-1,-1,-1,
-1,33,34,35,36,37,38,39, 40,41,42,43,-1,44,45,46,
47,48,49,50,51,52,53,54, 55,56,57,-1,-1,-1,-1,-1,
};
int base58_decode(const char *b58, size_t b58sz, void *bin, size_t *binszp)
{
size_t binsz = *binszp;
const unsigned char *b58u = (void*)b58;
unsigned char *binu = bin;
size_t outisz = (binsz + 3) / 4;
//uint32_t outi[outisz];
uint32_t *outi = NULL;
uint64_t t;
uint32_t c;
size_t i, j;
uint8_t bytesleft = binsz % 4;
uint32_t zeromask = bytesleft ? (0xffffffff << (bytesleft * 8)) : 0;
unsigned zerocount = 0;
if (!b58sz)
b58sz = strlen(b58);
if (!(outi = OPENSSL_malloc(outisz))) {
return 0;
}
memset(outi, 0, outisz * sizeof(*outi));
// Leading zeros, just count
for (i = 0; i < b58sz && b58u[i] == '1'; ++i)
++zerocount;
for ( ; i < b58sz; ++i)
{
if (b58u[i] & 0x80) {
// High-bit set on invalid digit
BASE58err(BASE58_F_BASE58_DECODE, BASE58_R_HIGHBIT_SET_ON_INVALID_DIGIT);
return 0;
}
if (b58digits_map[b58u[i]] == -1)
// Invalid base58 digit
return 0;
c = (unsigned)b58digits_map[b58u[i]];
for (j = outisz; j--; )
{
t = ((uint64_t)outi[j]) * 58 + c;
c = (t & 0x3f00000000) >> 32;
outi[j] = t & 0xffffffff;
}
if (c)
// Output number too big (carry to the next int32)
return 0;
if (outi[0] & zeromask)
// Output number too big (last int32 filled too far)
return 0;
}
j = 0;
switch (bytesleft) {
case 3:
*(binu++) = (outi[0] & 0xff0000) >> 16;
case 2:
*(binu++) = (outi[0] & 0xff00) >> 8;
case 1:
*(binu++) = (outi[0] & 0xff);
++j;
default:
break;
}
for (; j < outisz; ++j)
{
*(binu++) = (outi[j] >> 0x18) & 0xff;
*(binu++) = (outi[j] >> 0x10) & 0xff;
*(binu++) = (outi[j] >> 8) & 0xff;
*(binu++) = (outi[j] >> 0) & 0xff;
}
// Count canonical base58 byte count
binu = bin;
for (i = 0; i < binsz; ++i)
{
if (binu[i])
break;
--*binszp;
}
*binszp += zerocount;
OPENSSL_free(outi);
return 1;
}
static const char b58digits_ordered[] = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
int base58_encode(const void *data, size_t binsz, char *b58, size_t *b58sz)
{
const uint8_t *bin = data;
int carry;
size_t i, j, high, zcount = 0;
size_t size;
//uint8_t buf[size];
uint8_t *buf = NULL;
while (zcount < binsz && !bin[zcount])
++zcount;
size = (binsz - zcount) * 138 / 100 + 1;
if (!(buf = OPENSSL_zalloc(size))) {
return 0;
}
for (i = zcount, high = size - 1; i < binsz; ++i, high = j)
{
for (carry = bin[i], j = size - 1; (j > high) || carry; --j)
{
carry += 256 * buf[j];
buf[j] = carry % 58;
carry /= 58;
}
}
for (j = 0; j < size && !buf[j]; ++j);
if (*b58sz <= zcount + size - j)
{
*b58sz = zcount + size - j + 1;
return 0;
}
if (zcount)
memset(b58, '1', zcount);
for (i = zcount; j < size; ++i, ++j)
b58[i] = b58digits_ordered[buf[j]];
b58[i] = '\0';
*b58sz = i + 1;
OPENSSL_free(buf);
return 1;
}

44
crypto/base58/base58_err.c
View File

@@ -1,44 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/base58.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BASE58,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BASE58,0,reason)
static ERR_STRING_DATA BASE58_str_functs[] = {
{ERR_FUNC(BASE58_F_BASE58_DECODE), "base58_decode"},
{0, NULL}
};
static ERR_STRING_DATA BASE58_str_reasons[] = {
{ERR_REASON(BASE58_R_HIGHBIT_SET_ON_INVALID_DIGIT),
"highbit set on invalid digit"},
{0, NULL}
};
#endif
int ERR_load_BASE58_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(BASE58_str_functs[0].error) == NULL) {
ERR_load_strings(0, BASE58_str_functs);
ERR_load_strings(0, BASE58_str_reasons);
}
#endif
return 1;
}

3
crypto/base58/build.info
View File

@@ -1,3 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=base58.c base58_err.c

101
crypto/bb1ibe/bb1ibe_asn1.c
View File

@@ -1,101 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/bn_gfp2.h>
#include <openssl/bn_hash.h>
#include <openssl/ec_type1.h>
#include <openssl/bb1ibe.h>
#include "bb1ibe_lcl.h"
ASN1_SEQUENCE(BB1PublicParameters) = {
ASN1_SIMPLE(BB1PublicParameters, version, LONG),
ASN1_SIMPLE(BB1PublicParameters, curve, ASN1_OBJECT),
ASN1_SIMPLE(BB1PublicParameters, p, BIGNUM),
ASN1_SIMPLE(BB1PublicParameters, q, BIGNUM),
ASN1_SIMPLE(BB1PublicParameters, pointP, FpPoint),
ASN1_SIMPLE(BB1PublicParameters, pointP1, FpPoint),
ASN1_SIMPLE(BB1PublicParameters, pointP2, FpPoint),
ASN1_SIMPLE(BB1PublicParameters, pointP3, FpPoint),
ASN1_SIMPLE(BB1PublicParameters, v, FpPoint),
ASN1_SIMPLE(BB1PublicParameters, hashfcn, ASN1_OBJECT)
} ASN1_SEQUENCE_END(BB1PublicParameters)
IMPLEMENT_ASN1_FUNCTIONS(BB1PublicParameters)
IMPLEMENT_ASN1_DUP_FUNCTION(BB1PublicParameters)
ASN1_SEQUENCE(BB1MasterSecret) = {
ASN1_SIMPLE(BB1MasterSecret, version, LONG),
ASN1_SIMPLE(BB1MasterSecret, alpha, BIGNUM),
ASN1_SIMPLE(BB1MasterSecret, beta, BIGNUM),
ASN1_SIMPLE(BB1MasterSecret, gamma, BIGNUM)
} ASN1_SEQUENCE_END(BB1MasterSecret)
IMPLEMENT_ASN1_FUNCTIONS(BB1MasterSecret)
IMPLEMENT_ASN1_DUP_FUNCTION(BB1MasterSecret)
ASN1_SEQUENCE(BB1PrivateKeyBlock) = {
ASN1_SIMPLE(BB1PrivateKeyBlock, version, LONG),
ASN1_SIMPLE(BB1PrivateKeyBlock, pointD0, FpPoint),
ASN1_SIMPLE(BB1PrivateKeyBlock, pointD1, FpPoint)
} ASN1_SEQUENCE_END(BB1PrivateKeyBlock)
IMPLEMENT_ASN1_FUNCTIONS(BB1PrivateKeyBlock)
IMPLEMENT_ASN1_DUP_FUNCTION(BB1PrivateKeyBlock)
ASN1_SEQUENCE(BB1CiphertextBlock) = {
ASN1_SIMPLE(BB1CiphertextBlock, version, LONG),
ASN1_SIMPLE(BB1CiphertextBlock, pointChi0, FpPoint),
ASN1_SIMPLE(BB1CiphertextBlock, pointChi1, FpPoint),
ASN1_SIMPLE(BB1CiphertextBlock, nu, BIGNUM),
ASN1_SIMPLE(BB1CiphertextBlock, y, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(BB1CiphertextBlock)
IMPLEMENT_ASN1_FUNCTIONS(BB1CiphertextBlock)
IMPLEMENT_ASN1_DUP_FUNCTION(BB1CiphertextBlock)

68
crypto/bb1ibe/bb1ibe_err.c
View File

@@ -1,68 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/bb1ibe.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BB1IBE,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BB1IBE,0,reason)
static ERR_STRING_DATA BB1IBE_str_functs[] = {
{ERR_FUNC(BB1IBE_F_BB1CIPHERTEXTBLOCK_HASH_TO_RANGE),
"BB1CiphertextBlock_hash_to_range"},
{ERR_FUNC(BB1IBE_F_BB1IBE_DECRYPT), "BB1IBE_decrypt"},
{ERR_FUNC(BB1IBE_F_BB1IBE_DOUBLE_HASH), "BB1IBE_double_hash"},
{ERR_FUNC(BB1IBE_F_BB1IBE_DO_DECRYPT), "BB1IBE_do_decrypt"},
{ERR_FUNC(BB1IBE_F_BB1IBE_DO_ENCRYPT), "BB1IBE_do_encrypt"},
{ERR_FUNC(BB1IBE_F_BB1IBE_ENCRYPT), "BB1IBE_encrypt"},
{ERR_FUNC(BB1IBE_F_BB1IBE_EXTRACT_PRIVATE_KEY),
"BB1IBE_extract_private_key"},
{ERR_FUNC(BB1IBE_F_BB1IBE_SETUP), "BB1IBE_setup"},
{0, NULL}
};
static ERR_STRING_DATA BB1IBE_str_reasons[] = {
{ERR_REASON(BB1IBE_R_BB1CIPHERTEXT_INVALID_MAC),
"bb1ciphertext invalid mac"},
{ERR_REASON(BB1IBE_R_BB1IBE_HASH_FAILURE), "bb1ibe hash failure"},
{ERR_REASON(BB1IBE_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(BB1IBE_R_COMPUTE_OUTLEN_FAILURE), "compute outlen failure"},
{ERR_REASON(BB1IBE_R_COMPUTE_TATE_FAILURE), "compute tate failure"},
{ERR_REASON(BB1IBE_R_D2I_FAILURE), "d2i failure"},
{ERR_REASON(BB1IBE_R_DECRYPT_FAILURE), "decrypt failure"},
{ERR_REASON(BB1IBE_R_DOUBLE_HASH_FAILURE), "double hash failure"},
{ERR_REASON(BB1IBE_R_ENCRYPT_FAILURE), "encrypt failure"},
{ERR_REASON(BB1IBE_R_I2D_FAILURE), "i2d failure"},
{ERR_REASON(BB1IBE_R_INVALID_INPUT), "invalid input"},
{ERR_REASON(BB1IBE_R_INVALID_MD), "invalid md"},
{ERR_REASON(BB1IBE_R_INVALID_OUTPUT_BUFFER), "invalid output buffer"},
{ERR_REASON(BB1IBE_R_INVALID_TYPE1CURVE), "invalid type1curve"},
{ERR_REASON(BB1IBE_R_NOT_NAMED_CURVE), "not named curve"},
{ERR_REASON(BB1IBE_R_PARSE_PAIRING), "parse pairing"},
{0, NULL}
};
#endif
int ERR_load_BB1IBE_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(BB1IBE_str_functs[0].error) == NULL) {
ERR_load_strings(0, BB1IBE_str_functs);
ERR_load_strings(0, BB1IBE_str_reasons);
}
#endif
return 1;
}

93
crypto/bb1ibe/bb1ibe_lcl.h
View File

@@ -1,93 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/bn_gfp2.h>
#include <openssl/bn_hash.h>
#include <openssl/ec_type1.h>
#include <openssl/bb1ibe.h>
struct BB1PublicParameters_st {
long version;
ASN1_OBJECT *curve;
BIGNUM *p;
BIGNUM *q;
FpPoint *pointP;
FpPoint *pointP1;
FpPoint *pointP2;
FpPoint *pointP3;
FpPoint *v;
ASN1_OBJECT *hashfcn;
};
struct BB1MasterSecret_st {
long version;
BIGNUM *alpha;
BIGNUM *beta;
BIGNUM *gamma;
};
struct BB1PrivateKeyBlock_st {
long version;
FpPoint *pointD0;
FpPoint *pointD1;
};
struct BB1CiphertextBlock_st {
long version;
FpPoint *pointChi0;
FpPoint *pointChi1;
BIGNUM *nu;
ASN1_OCTET_STRING *y;
};

1015
crypto/bb1ibe/bb1ibe_lib.c
View File

File diff suppressed because it is too large Load Diff

2
crypto/bb1ibe/build.info
View File

@@ -1,2 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=bb1ibe_err.c bb1ibe_asn1.c bb1ibe_lib.c

100
crypto/bfibe/bfibe_asn1.c
View File

@@ -1,100 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/ec.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/ec_type1.h>
#include <openssl/ec_hash.h>
#include <openssl/bfibe.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/bn_hash.h>
#include <openssl/bn_gfp2.h>
#include <openssl/kdf.h>
#include "bfibe_lcl.h"
ASN1_SEQUENCE(BFPublicParameters) = {
ASN1_SIMPLE(BFPublicParameters, version, LONG),
ASN1_SIMPLE(BFPublicParameters, curve, ASN1_OBJECT),
ASN1_SIMPLE(BFPublicParameters, p, BIGNUM),
ASN1_SIMPLE(BFPublicParameters, q, BIGNUM),
ASN1_SIMPLE(BFPublicParameters, pointP, FpPoint),
ASN1_SIMPLE(BFPublicParameters, pointPpub, FpPoint),
ASN1_SIMPLE(BFPublicParameters, hashfcn, ASN1_OBJECT)
} ASN1_SEQUENCE_END(BFPublicParameters)
IMPLEMENT_ASN1_FUNCTIONS(BFPublicParameters)
IMPLEMENT_ASN1_DUP_FUNCTION(BFPublicParameters)
ASN1_SEQUENCE(BFMasterSecret) = {
ASN1_SIMPLE(BFMasterSecret, version, LONG),
ASN1_SIMPLE(BFMasterSecret, masterSecret, BIGNUM)
} ASN1_SEQUENCE_END(BFMasterSecret)
IMPLEMENT_ASN1_FUNCTIONS(BFMasterSecret)
IMPLEMENT_ASN1_DUP_FUNCTION(BFMasterSecret)
ASN1_SEQUENCE(BFPrivateKeyBlock) = {
ASN1_SIMPLE(BFPrivateKeyBlock, version, LONG),
ASN1_SIMPLE(BFPrivateKeyBlock, privateKey, FpPoint)
} ASN1_SEQUENCE_END(BFPrivateKeyBlock)
IMPLEMENT_ASN1_FUNCTIONS(BFPrivateKeyBlock)
IMPLEMENT_ASN1_DUP_FUNCTION(BFPrivateKeyBlock)
ASN1_SEQUENCE(BFCiphertextBlock) = {
ASN1_SIMPLE(BFCiphertextBlock, version, LONG),
ASN1_SIMPLE(BFCiphertextBlock, u, FpPoint),
ASN1_SIMPLE(BFCiphertextBlock, v, ASN1_OCTET_STRING),
ASN1_SIMPLE(BFCiphertextBlock, w, ASN1_OCTET_STRING),
} ASN1_SEQUENCE_END(BFCiphertextBlock)
IMPLEMENT_ASN1_FUNCTIONS(BFCiphertextBlock)
IMPLEMENT_ASN1_DUP_FUNCTION(BFCiphertextBlock)

66
crypto/bfibe/bfibe_err.c
View File

@@ -1,66 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/bfibe.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BFIBE,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BFIBE,0,reason)
static ERR_STRING_DATA BFIBE_str_functs[] = {
{ERR_FUNC(BFIBE_F_BFIBE_DECRYPT), "BFIBE_decrypt"},
{ERR_FUNC(BFIBE_F_BFIBE_DO_DECRYPT), "BFIBE_do_decrypt"},
{ERR_FUNC(BFIBE_F_BFIBE_DO_ENCRYPT), "BFIBE_do_encrypt"},
{ERR_FUNC(BFIBE_F_BFIBE_ENCRYPT), "BFIBE_encrypt"},
{ERR_FUNC(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY),
"BFIBE_extract_private_key"},
{ERR_FUNC(BFIBE_F_BFIBE_SETUP), "BFIBE_setup"},
{0, NULL}
};
static ERR_STRING_DATA BFIBE_str_reasons[] = {
{ERR_REASON(BFIBE_R_BFIBE_CIPHERTEXT_FAILURE),
"bfibe ciphertext failure"},
{ERR_REASON(BFIBE_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(BFIBE_R_COMPUTE_OUTLEN_FAILURE), "compute outlen failure"},
{ERR_REASON(BFIBE_R_D2I_FAILURE), "d2i failure"},
{ERR_REASON(BFIBE_R_DECRYPT_FAILURE), "decrypt failure"},
{ERR_REASON(BFIBE_R_ENCRYPT_FAILURE), "encrypt failure"},
{ERR_REASON(BFIBE_R_HASH_BYTES_FAILURE), "hash bytes failure"},
{ERR_REASON(BFIBE_R_I2D_FAILURE), "i2d failure"},
{ERR_REASON(BFIBE_R_INVALID_BFIBE_HASHFUNC), "invalid bfibe hashfunc"},
{ERR_REASON(BFIBE_R_INVALID_CIPHERTEXT), "invalid ciphertext"},
{ERR_REASON(BFIBE_R_INVALID_TYPE1CURVE), "invalid type1curve"},
{ERR_REASON(BFIBE_R_KDF_FAILURE), "kdf failure"},
{ERR_REASON(BFIBE_R_NOT_NAMED_CURVE), "not named curve"},
{ERR_REASON(BFIBE_R_PARSE_CURVE_FAILURE), "parse curve failure"},
{ERR_REASON(BFIBE_R_PARSE_MPK_FAILURE), "parse mpk failure"},
{ERR_REASON(BFIBE_R_PARSE_PAIRING), "parse pairing"},
{ERR_REASON(BFIBE_R_RAND_FAILURE), "rand failure"},
{0, NULL}
};
#endif
int ERR_load_BFIBE_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(BFIBE_str_functs[0].error) == NULL) {
ERR_load_strings(0, BFIBE_str_functs);
ERR_load_strings(0, BFIBE_str_reasons);
}
#endif
return 1;
}

102
crypto/bfibe/bfibe_lcl.h
View File

@@ -1,102 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/ec.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/ec_type1.h>
#include <openssl/ec_hash.h>
#include <openssl/bfibe.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/bn_hash.h>
#include <openssl/bn_gfp2.h>
#include <openssl/kdf.h>
/*
* the `curve` attribute of BFPublicParameters is the OID present the
* `type1curve` which is E: y^2 = x^3 + 1 over prime field. It is not an
* elliptic curve domain parameters composed of (p, a, b, G, n, h).
* For type-1 curve, a = 0, b = 1.
* q (i.e. the n in ec params) is the order of generator G, is a prime.
* When q is a solinas prime, the scalar mulitiplication computation can
* be reduced.
* zeta (i.e. h in ec params) = (p + 1)/q. In normall ecc, h is very small
* such as 1 or 4. But in pairing, the zeta (or h) is very large.
*/
struct BFPublicParameters_st {
long version;
ASN1_OBJECT *curve;
BIGNUM *p;
BIGNUM *q;
FpPoint *pointP;
FpPoint *pointPpub;
ASN1_OBJECT *hashfcn;
};
struct BFMasterSecret_st {
long version;
BIGNUM *masterSecret;
};
struct BFPrivateKeyBlock_st {
long version;
FpPoint *privateKey;
};
struct BFCiphertextBlock_st {
long version;
FpPoint *u;
ASN1_OCTET_STRING *v;
ASN1_OCTET_STRING *w;
};

712
crypto/bfibe/bfibe_lib.c
View File

@@ -1,712 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/ec.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/ec_type1.h>
#include <openssl/ec_hash.h>
#include <openssl/bfibe.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include <openssl/bn_hash.h>
#include <openssl/bn_gfp2.h>
#include <openssl/kdf.h>
#include <openssl/kdf2.h>
#include "bfibe_lcl.h"
int BFIBE_setup(const EC_GROUP *group, const EVP_MD *md,
BFPublicParameters **pmpk, BFMasterSecret **pmsk)
{
int ret = 0;
BFPublicParameters *mpk = NULL;
BFMasterSecret *msk = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *point = NULL;
BIGNUM *a;
BIGNUM *b;
if (!group || !pmpk || !pmsk) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(bn_ctx = BN_CTX_new())) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(bn_ctx);
a = BN_CTX_get(bn_ctx);
b = BN_CTX_get(bn_ctx);
if (!b) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);
goto end;
}
mpk = BFPublicParameters_new();
msk = BFMasterSecret_new();
point = EC_POINT_new(group);
if (!mpk || !msk || !point) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_MALLOC_FAILURE);
goto end;
}
/*
* set mpk->version
* set mpk->curve
*/
mpk->version = BFIBE_VERSION;
OPENSSL_assert(mpk->curve);
ASN1_OBJECT_free(mpk->curve);
if (!(mpk->curve = OBJ_nid2obj(NID_type1curve))) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_NOT_NAMED_CURVE);
goto end;
}
/* mpk->p = group->p */
if (!EC_GROUP_get_curve_GFp(group, mpk->p, a, b, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_EC_LIB);
goto end;
}
if (!BN_is_zero(a) || !BN_is_one(b)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_INVALID_TYPE1CURVE);
goto end;
}
/* mpk->q = group->order */
if (!EC_GROUP_get_order(group, mpk->q, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_INVALID_TYPE1CURVE);
goto end;
}
/* mpk->pointP = group->generator */
if (!EC_POINT_get_affine_coordinates_GFp(group, EC_GROUP_get0_generator(group),
mpk->pointP->x, mpk->pointP->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_EC_LIB);
goto end;
}
/* set mpk->hashfcn from F_p^2 element bits */
OPENSSL_assert(mpk->hashfcn);
ASN1_OBJECT_free(mpk->hashfcn);
if (!(mpk->hashfcn = OBJ_nid2obj(EVP_MD_type(md)))) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, BFIBE_R_PARSE_PAIRING);
goto end;
}
/*
* set msk->version
* random msk->masterSecret in [2, q - 1]
*/
msk->version = BFIBE_VERSION;
do {
if (!BN_rand_range(msk->masterSecret, mpk->q)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(msk->masterSecret) || BN_is_one(msk->masterSecret));
/* mpk->pointPpub = msk->masterSecret * mpk->pointP */
if (!EC_POINT_mul(group, point, msk->masterSecret, NULL, NULL, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, point,
mpk->pointPpub->x, mpk->pointPpub->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_SETUP, ERR_R_EC_LIB);
goto end;
}
/* set return value */
*pmpk = mpk;
*pmsk = msk;
ret = 1;
end:
if (!ret) {
BFPublicParameters_free(mpk);
BFMasterSecret_free(msk);
*pmpk = NULL;
*pmsk = NULL;
}
if (bn_ctx) {
BN_CTX_end(bn_ctx);
}
BN_CTX_free(bn_ctx);
EC_POINT_free(point);
return ret;
}
BFPrivateKeyBlock *BFIBE_extract_private_key(BFPublicParameters *mpk,
BFMasterSecret *msk, const char *id, size_t idlen)
{
int e = 1;
BFPrivateKeyBlock *ret = NULL;
EC_GROUP *group = NULL;
EC_POINT *point = NULL;
BN_CTX *bn_ctx = NULL;
const EVP_MD *md;
if (!mpk || !msk || !id || idlen <= 0) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (!(bn_ctx = BN_CTX_new())) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY,
ERR_R_MALLOC_FAILURE);
goto end;
}
/*
* get EC_GROUP from mpk->{p, q, pointP}
* get EVP_MD from mpk->hashfcn
*/
if (!(group = EC_GROUP_new_type1curve(mpk->p, mpk->pointP->x,
mpk->pointP->y, mpk->q, bn_ctx))) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY, BFIBE_R_PARSE_CURVE_FAILURE);
goto end;
}
if (!(md = EVP_get_digestbyobj(mpk->hashfcn))) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY,
BFIBE_R_INVALID_BFIBE_HASHFUNC);
goto end;
}
/* prepare tmp variables */
point = EC_POINT_new(group);
if (!point) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
goto end;
}
/*
* set ret->version
* set ret->privateKey = msk->masterSecret * HashToPoint(ID)
*/
if (!(ret = BFPrivateKeyBlock_new())) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->version = BFIBE_VERSION;
if (!EC_POINT_hash2point(group, md, id, idlen, point, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_mul(group, point, NULL, point, msk->masterSecret, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, point,
ret->privateKey->x, ret->privateKey->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_EXTRACT_PRIVATE_KEY, ERR_R_EC_LIB);
goto end;
}
e = 0;
end:
if (e && ret) {
BFPrivateKeyBlock_free(ret);
ret = NULL;
}
EC_GROUP_free(group);
EC_POINT_free(point);
BN_CTX_free(bn_ctx);
return ret;
}
/*
* r = rand(), |r| = hashlen
* k = HashToRange(r||Hash(m), q), k in [0, q-1]
* U = [k]P in E/F_p
* Q = HashToPoint(ID) in E/F_p
* v = Hash(e(Ppub, Q)^k) xor r, |v| == hashlen
* w = HashBytes(r) xor m
*/
BFCiphertextBlock *BFIBE_do_encrypt(BFPublicParameters *mpk,
const unsigned char *in, size_t inlen,
const char *id, size_t idlen)
{
int e = 1;
BFCiphertextBlock *ret = NULL;
BN_CTX *bn_ctx = NULL;
EC_GROUP *group = NULL;
EC_POINT *Ppub = NULL;
EC_POINT *point = NULL;
BN_GFP2 *theta = NULL;
BIGNUM *k;
const EVP_MD *md;
KDF_FUNC hash_bytes;
unsigned char rho[EVP_MAX_MD_SIZE * 2];
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int len;
size_t size;
int i;
if (!mpk || !in || inlen <= 0 || !id || idlen <= 0) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
/* BN_CTX */
if (!(bn_ctx = BN_CTX_new())) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(bn_ctx);
/* EC_GROUP */
if (!(group = EC_GROUP_new_type1curve(mpk->p, mpk->pointP->x,
mpk->pointP->y, mpk->q, bn_ctx))) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, BFIBE_R_PARSE_MPK_FAILURE);
goto end;
}
ret = BFCiphertextBlock_new();
Ppub = EC_POINT_new(group);
point = EC_POINT_new(group);
theta = BN_GFP2_new();
k = BN_CTX_get(bn_ctx);
if (!ret || !point || !Ppub || !k || !theta) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
/* get kdf from mpk->hashfcn */
if (!(md = EVP_get_digestbyobj(mpk->hashfcn))) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, BFIBE_R_INVALID_BFIBE_HASHFUNC);
goto end;
}
if (!(hash_bytes = KDF_get_ibcs(md))) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT,
BFIBE_R_INVALID_BFIBE_HASHFUNC);
goto end;
}
/* ret->version */
ret->version = BFIBE_VERSION;
/* rho = Rand(hashlen) */
if (!RAND_bytes(rho, EVP_MD_size(md))) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, BFIBE_R_RAND_FAILURE);
goto end;
}
/* k = HashToRange(rho||Hash(in), q) in [0, q - 1] */
len = EVP_MD_size(md);
if (!EVP_Digest(in, inlen, rho + EVP_MD_size(md), &len, md, NULL)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EVP_LIB);
goto end;
}
if (!BN_hash_to_range(md, &k, rho, EVP_MD_size(md) * 2, mpk->q, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_BN_LIB);
goto end;
}
/* ret->u = mpk->pointP * k in E/F_p, mpk->pointP is the generator */
if (!EC_POINT_mul(group, point, k, NULL, NULL, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, point,
ret->u->x, ret->u->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
/* theta = e(mpk->pointPpub, HashToPoint(ID)) */
if (!EC_POINT_set_affine_coordinates_GFp(group, Ppub,
mpk->pointPpub->x, mpk->pointPpub->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_hash2point(group, md, id, idlen, point, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_type1curve_tate(group, theta, Ppub, point, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
/* theta = theta^k */
if (!BN_GFP2_exp(theta, theta, k, mpk->p, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EC_LIB);
goto end;
}
/* ret->v = Hash(theta) xor rho */
size = sizeof(buf);
if (!BN_GFP2_canonical(theta, buf, &size, 0, mpk->p, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_BN_LIB);
goto end;
}
len = sizeof(buf);
if (!EVP_Digest(buf, size, buf, &len, md, NULL)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_EVP_LIB);
goto end;
}
for (i = 0; i < EVP_MD_size(md); i++) {
buf[i] ^= rho[i];
}
if (!ASN1_OCTET_STRING_set(ret->v, buf, EVP_MD_size(md))) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_ASN1_LIB);
goto end;
}
/* ret->w = HashBytes(rho) xor m */
if (!ASN1_OCTET_STRING_set(ret->w, NULL, inlen)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
size = inlen;
if (!hash_bytes(rho, EVP_MD_size(md), ret->w->data, &size)) {
BFIBEerr(BFIBE_F_BFIBE_DO_ENCRYPT,
BFIBE_R_HASH_BYTES_FAILURE);
goto end;
}
for (i = 0; i < inlen; i++) {
ret->w->data[i] ^= in[i];
}
e = 0;
end:
if (e && ret) {
BFCiphertextBlock_free(ret);
ret = NULL;
}
if (bn_ctx) {
BN_CTX_end(bn_ctx);
}
BN_CTX_free(bn_ctx);
EC_GROUP_free(group);
EC_POINT_free(Ppub);
EC_POINT_free(point);
BN_GFP2_free(theta);
return ret;
}
int BFIBE_do_decrypt(BFPublicParameters *mpk,
const BFCiphertextBlock *in, unsigned char *out, size_t *outlen,
BFPrivateKeyBlock *sk)
{
int ret = 0;
BN_CTX *bn_ctx = NULL;
EC_GROUP *group = NULL;
EC_POINT *point = NULL;
EC_POINT *point1 = NULL;
BN_GFP2 *theta = NULL;
BIGNUM *k;
const EVP_MD *md;
KDF_FUNC hash_bytes;
unsigned char rho[EVP_MAX_MD_SIZE * 2];
size_t size;
unsigned int len;
int i;
if (!mpk || !in || !outlen || !sk) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!out) {
*outlen = in->w->length;
return 1;
}
if (*outlen < in->w->length) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT,
BFIBE_R_BUFFER_TOO_SMALL);
return 0;
}
/* BN_CTX */
if (!(bn_ctx = BN_CTX_new())) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_CTX_start(bn_ctx);
/* EC_GROUP */
if (!(group = EC_GROUP_new_type1curve(mpk->p, mpk->pointP->x,
mpk->pointP->y, mpk->q, bn_ctx))) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT,
BFIBE_R_INVALID_TYPE1CURVE);
goto end;
}
point = EC_POINT_new(group);
point1 = EC_POINT_new(group);
theta = BN_GFP2_new();
k = BN_CTX_get(bn_ctx);
if (!point || !point1 || !theta || !k) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
/* theta = e(ciphertext->u, sk->privateKey) */
if (!EC_POINT_set_affine_coordinates_GFp(group, point,
in->u->x, in->u->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point1,
sk->privateKey->x, sk->privateKey->y, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
if (!EC_type1curve_tate(group, theta, point, point1, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
/* md = mpk->hashfcn */
if (!(md = EVP_get_digestbyobj(mpk->hashfcn))) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, BFIBE_R_INVALID_BFIBE_HASHFUNC);
goto end;
}
/* rho = Hash(Canoncial(theta)) xor ciphertext->v */
size = sizeof(rho);
if (!BN_GFP2_canonical(theta, rho, &size, 0, mpk->p, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
len = size;
if (!EVP_Digest(rho, size, rho, &len, md, NULL)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EVP_LIB);
goto end;
}
for (i = 0; i < EVP_MD_size(md); i++) {
rho[i] ^= in->v->data[i];
}
/* function hash_bytes() = kdf(md) */
if (!(hash_bytes = KDF_get_ibcs(md))) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT,
BFIBE_R_INVALID_BFIBE_HASHFUNC);
goto end;
}
/* out = HashBytes(rho) xor ciphertext->w */
size = in->w->length;
if (!hash_bytes(rho, EVP_MD_size(md), out, &size)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT,
BFIBE_R_KDF_FAILURE);
goto end;
}
for (i = 0; i < in->w->length; i++) {
out[i] ^= in->w->data[i];
}
/* k = HashToRange(rho || Hash(out)) in [0, mpk->q) */
len = EVP_MD_size(md);
if (!EVP_Digest(out, in->w->length, rho + EVP_MD_size(md), &len, md, NULL)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EVP_LIB);
goto end;
}
if (!BN_hash_to_range(md, &k, rho, EVP_MD_size(md) * 2, mpk->q, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_BN_LIB);
goto end;
}
/* Verify that in->u == mpk->pointP * k */
if (!EC_POINT_mul(group, point, k, NULL, NULL, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, ERR_R_EC_LIB);
goto end;
}
if (1 != EC_POINT_cmp_fppoint(group, point, in->u, bn_ctx)) {
BFIBEerr(BFIBE_F_BFIBE_DO_DECRYPT, BFIBE_R_BFIBE_CIPHERTEXT_FAILURE);
goto end;
}
*outlen = in->w->length;
ret = 1;
end:
if (bn_ctx) {
BN_CTX_end(bn_ctx);
}
BN_CTX_free(bn_ctx);
EC_GROUP_free(group);
EC_POINT_free(point);
EC_POINT_free(point1);
BN_GFP2_free(theta);
return ret;
}
/* estimation of the max length of DER encoded ciphertext */
static int BFCiphertextBlock_size(BFPublicParameters *mpk,
size_t inlen, size_t *outlen)
{
size_t len = 0;
len += (OPENSSL_ECC_MAX_FIELD_BITS/8) * 2;
len += inlen;
len += EVP_MAX_MD_SIZE;
len += 128; /* caused by version and DER encoding */
*outlen = len;
return 1;
}
int BFIBE_encrypt(BFPublicParameters *mpk,
const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen,
const char *id, size_t idlen)
{
int ret = 0;
BFCiphertextBlock *c = NULL;
unsigned char *p;
size_t len;
if (!mpk || !in || inlen <= 0 || !outlen || !id || idlen <= 0) {
BFIBEerr(BFIBE_F_BFIBE_ENCRYPT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!BFCiphertextBlock_size(mpk, inlen, &len)) {
BFIBEerr(BFIBE_F_BFIBE_ENCRYPT, BFIBE_R_COMPUTE_OUTLEN_FAILURE);
return 0;
}
if (!out) {
*outlen = len;
return 1;
}
if (*outlen < len) {
BFIBEerr(BFIBE_F_BFIBE_ENCRYPT, BFIBE_R_BUFFER_TOO_SMALL);
return 0;
}
if (!(c = BFIBE_do_encrypt(mpk, in, inlen, id, idlen))) {
BFIBEerr(BFIBE_F_BFIBE_ENCRYPT, BFIBE_R_ENCRYPT_FAILURE);
goto end;
}
p = out;
if (!i2d_BFCiphertextBlock(c, &p)) {
BFIBEerr(BFIBE_F_BFIBE_ENCRYPT, BFIBE_R_I2D_FAILURE);
goto end;
}
len = p - out;
*outlen = len;
ret = 1;
end:
BFCiphertextBlock_free(c);
return ret;
}
int BFIBE_decrypt(BFPublicParameters *mpk,
const unsigned char *in, size_t inlen,
unsigned char *out, size_t *outlen,
BFPrivateKeyBlock *sk)
{
int ret = 0;
BFCiphertextBlock *c = NULL;
const unsigned char *p;
if (!mpk || !in || inlen <= 0 || !outlen || !sk) {
BFIBEerr(BFIBE_F_BFIBE_DECRYPT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!out) {
*outlen = inlen;
return 1;
}
if (*outlen < inlen) {
BFIBEerr(BFIBE_F_BFIBE_DECRYPT, BFIBE_R_BUFFER_TOO_SMALL);
return 0;
}
p = in;
if (!(c = d2i_BFCiphertextBlock(NULL, &p, inlen))) {
BFIBEerr(BFIBE_F_BFIBE_DECRYPT, BFIBE_R_D2I_FAILURE);
goto end;
}
/* check no remaining ciphertext */
if (p - in != inlen) {
BFIBEerr(BFIBE_F_BFIBE_DECRYPT, BFIBE_R_INVALID_CIPHERTEXT);
goto end;
}
if (!BFIBE_do_decrypt(mpk, c, out, outlen, sk)) {
BFIBEerr(BFIBE_F_BFIBE_DECRYPT, BFIBE_R_DECRYPT_FAILURE);
goto end;
}
ret = 1;
end:
BFCiphertextBlock_free(c);
return ret;
}

2
crypto/bfibe/build.info
View File

@@ -1,2 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=bfibe_err.c bfibe_asn1.c bfibe_lib.c

2
crypto/cpk/build.info
View File

@@ -1,2 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=cpk_asn1.c cpk_err.c cpk_lib.c cpk_map.c cpk_prn.c

94
crypto/cpk/cpk_asn1.c
View File

@@ -1,94 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/cpk.h>
#include "cpk_lcl.h"
ASN1_SEQUENCE(CPK_MASTER_SECRET) = {
ASN1_SIMPLE(CPK_MASTER_SECRET, version, LONG),
ASN1_SIMPLE(CPK_MASTER_SECRET, id, X509_NAME),
ASN1_SIMPLE(CPK_MASTER_SECRET, pkey_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_MASTER_SECRET, map_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_MASTER_SECRET, secret_factors, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CPK_MASTER_SECRET)
IMPLEMENT_ASN1_FUNCTIONS(CPK_MASTER_SECRET)
IMPLEMENT_ASN1_DUP_FUNCTION(CPK_MASTER_SECRET)
ASN1_SEQUENCE(CPK_PUBLIC_PARAMS) = {
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, version, LONG),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, id, X509_NAME),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, pkey_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, map_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, public_factors, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CPK_PUBLIC_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(CPK_PUBLIC_PARAMS)
IMPLEMENT_ASN1_DUP_FUNCTION(CPK_PUBLIC_PARAMS)
CPK_MASTER_SECRET *d2i_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET **master)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CPK_MASTER_SECRET), bp, master);
}
int i2d_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET *master)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_MASTER_SECRET), bp, master);
}
CPK_PUBLIC_PARAMS *d2i_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS **params)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params);
}
int i2d_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS *params)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params);
}

77
crypto/cpk/cpk_err.c
View File

@@ -1,77 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/cpk.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CPK,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CPK,0,reason)
static ERR_STRING_DATA CPK_str_functs[] = {
{ERR_FUNC(CPK_F_CPK_MAP_GET_MD), "CPK_MAP_get_md"},
{ERR_FUNC(CPK_F_CPK_MAP_IS_VALID), "CPK_MAP_is_valid"},
{ERR_FUNC(CPK_F_CPK_MAP_NEW), "CPK_MAP_new"},
{ERR_FUNC(CPK_F_CPK_MAP_NEW_DEFAULT), "CPK_MAP_new_default"},
{ERR_FUNC(CPK_F_CPK_MAP_NUM_FACTORS), "CPK_MAP_num_factors"},
{ERR_FUNC(CPK_F_CPK_MAP_NUM_INDEXES), "CPK_MAP_num_indexes"},
{ERR_FUNC(CPK_F_CPK_MAP_NUM_SUBSET), "CPK_MAP_num_subset"},
{ERR_FUNC(CPK_F_CPK_MAP_STR2INDEX), "CPK_MAP_str2index"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_CREATE), "CPK_MASTER_SECRET_create"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY),
"CPK_MASTER_SECRET_extract_private_key"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS),
"CPK_MASTER_SECRET_extract_public_params"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_PRINT), "CPK_MASTER_SECRET_print"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS),
"CPK_MASTER_SECRET_validate_public_params"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY),
"CPK_PUBLIC_PARAMS_compute_share_key"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY),
"CPK_PUBLIC_PARAMS_extract_public_key"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_PRINT), "CPK_PUBLIC_PARAMS_print"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY),
"CPK_PUBLIC_PARAMS_validate_private_key"},
{ERR_FUNC(CPK_F_EXTRACT_EC_PARAMS), "extract_ec_params"},
{ERR_FUNC(CPK_F_EXTRACT_EC_PRIV_KEY), "extract_ec_priv_key"},
{ERR_FUNC(CPK_F_EXTRACT_EC_PUB_KEY), "extract_ec_pub_key"},
{ERR_FUNC(CPK_F_X509_ALGOR_GET1_EC_KEY), "X509_ALGOR_get1_EC_KEY"},
{0, NULL}
};
static ERR_STRING_DATA CPK_str_reasons[] = {
{ERR_REASON(CPK_R_BAD_ARGUMENT), "bad argument"},
{ERR_REASON(CPK_R_BAD_ARGUMENTS), "bad arguments"},
{ERR_REASON(CPK_R_BAD_DATA), "bad data"},
{ERR_REASON(CPK_R_INVALID_ALGORITHM), "invalid algorithm"},
{ERR_REASON(CPK_R_INVALID_ARGUMENT), "invalid argument"},
{ERR_REASON(CPK_R_INVALID_CURVE), "invalid curve"},
{ERR_REASON(CPK_R_INVALID_ID_LENGTH), "invalid id length"},
{ERR_REASON(CPK_R_INVALID_MAP_ALGOR), "invalid map algor"},
{ERR_REASON(CPK_R_INVALID_PKEY_TYPE), "invalid pkey type"},
{0, NULL}
};
#endif
int ERR_load_CPK_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(CPK_str_functs[0].error) == NULL) {
ERR_load_strings(0, CPK_str_functs);
ERR_load_strings(0, CPK_str_reasons);
}
#endif
return 1;
}

79
crypto/cpk/cpk_lcl.h
View File

@@ -1,79 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/ossl_typ.h>
#define CPK_VERSION 2
struct cpk_master_secret_st {
long version;
X509_NAME *id;
X509_ALGOR *pkey_algor;
X509_ALGOR *map_algor;
ASN1_OCTET_STRING *secret_factors;
};
struct cpk_public_params_st {
long version;
X509_NAME *id;
X509_ALGOR *pkey_algor;
X509_ALGOR *map_algor;
ASN1_OCTET_STRING *public_factors;
};
X509_ALGOR *CPK_MAP_new(int type);
X509_ALGOR * CPK_MAP_new_default(void);
int CPK_MAP_is_valid(const X509_ALGOR *algor);
int CPK_MAP_num_factors(const X509_ALGOR *algor);
int CPK_MAP_num_indexes(const X509_ALGOR *algor);
int CPK_MAP_str2index(const X509_ALGOR *algor, const char *str, int *index);

738
crypto/cpk/cpk_lib.c
View File

@@ -1,738 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2018 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <string.h>
#include <assert.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/ecdsa.h>
#include <openssl/objects.h>
#include <openssl/cpk.h>
#include "../x509/x509_lcl.h"
#include "cpk_lcl.h"
static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor);
static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param);
static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id);
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id);
CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, int curve, int map)
{
CPK_MASTER_SECRET *ret = NULL;
CPK_MASTER_SECRET *master = NULL;
EC_KEY *ec_key = NULL;
EVP_PKEY *pkey = NULL;
X509_PUBKEY *pubkey = NULL;
const BIGNUM *order;
int order_bytes;
int num_factors;
unsigned char *secret_buf = NULL;
size_t secret_len;
unsigned char *p;
BIGNUM *bn = NULL;
int i;
/* check domain_id */
if (!(master = CPK_MASTER_SECRET_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto end;
}
/* set version */
master->version = CPK_VERSION;
/* set domain_id */
if (!domain_id) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_PASSED_NULL_PARAMETER);
goto end;
}
if (strlen(domain_id) <= 0 || strlen(domain_id) > CPK_MAX_ID_LENGTH) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_ID_LENGTH);
goto end;
}
if (!X509_NAME_add_entry_by_NID(master->id, NID_organizationName,
MBSTRING_UTF8, (unsigned char *)domain_id, -1, -1, 0)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
goto end;
}
/* set pkey algor */
if (!(ec_key = EC_KEY_new_by_curve_name(curve))) {
//CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_CURVE);
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
goto end;
}
if (!(pkey = EVP_PKEY_new())
|| !EVP_PKEY_set1_EC_KEY(pkey, ec_key)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_EVP_LIB);
goto end;
}
if (!(pubkey = X509_PUBKEY_new())
|| !X509_PUBKEY_set(&pubkey, pkey)
|| !X509_PUBKEY_get0_param(NULL, NULL, NULL, &master->pkey_algor, pubkey)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
goto end;
}
/* get order and order_bytes */
if (!(order = EC_GROUP_get0_order(EC_KEY_get0_group(ec_key)))
|| !(order_bytes = BN_num_bytes(order))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
goto end;
}
/* set map algor */
X509_ALGOR_free(master->map_algor);
if (!(master->map_algor = CPK_MAP_new(map))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
goto end;
}
/* get num_factors */
if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_MAP_ALGOR);
goto end;
}
/* set random secret_factors */
secret_len = order_bytes * num_factors;
if (!(secret_buf = OPENSSL_zalloc(secret_len))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto end;
}
p = secret_buf;
if (!(bn = BN_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto end;
}
for (i = 0; i < num_factors; i++) {
do {
if (!BN_rand_range(bn, order)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE,
ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(bn));
if (!BN_bn2bin(bn, p + order_bytes - BN_num_bytes(bn))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_BN_LIB);
goto end;
}
p += order_bytes;
}
if (!ASN1_STRING_set(master->secret_factors, secret_buf, secret_len)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_ASN1_LIB);
goto end;
}
ret = master;
master = NULL;
end:
CPK_MASTER_SECRET_free(master);
EC_KEY_free(ec_key);
EVP_PKEY_free(pkey);
X509_PUBKEY_free(pubkey);
OPENSSL_clear_free(secret_buf, secret_len);
BN_free(bn);
return ret;
}
CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master)
{
CPK_PUBLIC_PARAMS *ret = NULL;
CPK_PUBLIC_PARAMS *param = NULL;
int pkey_type;
OPENSSL_assert(master->pkey_algor->algorithm);
pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm);
if (!(param = CPK_PUBLIC_PARAMS_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
param->version = master->version;
X509_NAME_free(param->id);
if (!(param->id = X509_NAME_dup(master->id))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
X509_ALGOR_free(param->pkey_algor);
if (!(param->pkey_algor = X509_ALGOR_dup(master->pkey_algor))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
X509_ALGOR_free(param->map_algor);
if (!(param->map_algor = X509_ALGOR_dup(master->map_algor))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
switch (pkey_type) {
case EVP_PKEY_EC:
if (!extract_ec_params(master, param)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_CPK_LIB);
goto err;
}
break;
default:
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, CPK_R_INVALID_PKEY_TYPE);
goto err;
}
ret = param;
param = NULL;
err:
CPK_PUBLIC_PARAMS_free(param);
return ret;
}
EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(
CPK_MASTER_SECRET *master, const char *id)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
int pkey_type;
if (!(pkey = EVP_PKEY_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_MALLOC_FAILURE);
goto err;
}
pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm);
if (pkey_type == EVP_PKEY_EC) {
EC_KEY *ec_key;
if (!(ec_key = extract_ec_priv_key(master, id))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_CPK_LIB);
goto err;
}
if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_EVP_LIB);
goto err;
}
} else {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
CPK_R_INVALID_PKEY_TYPE);
goto err;
}
ret = pkey;
pkey = NULL;
err:
EVP_PKEY_free(pkey);
return ret;
}
EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *param,
const char *id)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
int pkey_type;
if (!(pkey = EVP_PKEY_new())) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_MALLOC_FAILURE);
goto err;
}
pkey_type = OBJ_obj2nid(param->pkey_algor->algorithm);
if (pkey_type == EVP_PKEY_EC) {
EC_KEY *ec_key = NULL;
if (!(ec_key = extract_ec_pub_key(param, id))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_CPK_LIB);
goto err;
}
if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_EVP_LIB);
goto err;
}
} else {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
CPK_R_INVALID_PKEY_TYPE);
goto err;
}
ret = pkey;
pkey = NULL;
err:
EVP_PKEY_free(pkey);
return ret;
}
char *CPK_MASTER_SECRET_get_name(CPK_MASTER_SECRET *master, char *buf, int size)
{
return X509_NAME_oneline(master->id, buf, size);
}
char *CPK_PUBLIC_PARAMS_get_name(CPK_PUBLIC_PARAMS *params, char *buf, int size)
{
return X509_NAME_oneline(params->id, buf, size);
}
int CPK_MASTER_SECRET_validate_public_params(CPK_MASTER_SECRET *master,
CPK_PUBLIC_PARAMS *params)
{
int ret = 0;
CPK_PUBLIC_PARAMS *tmp = NULL;
if (!(tmp = CPK_MASTER_SECRET_extract_public_params(master))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (tmp->version != params->version) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (X509_NAME_cmp(tmp->id, params->id)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
/*
* two ASN_OBJECT * with different address may have same NID
* thus we can not check with:
* tmp->pkey_algor->algorithm != params->pkey_algor->algorithm
*/
if (OBJ_obj2nid(tmp->pkey_algor->algorithm) !=
OBJ_obj2nid(params->pkey_algor->algorithm)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
// FIXME: pkey_algor->parameters
if (OBJ_obj2nid(tmp->map_algor->algorithm) !=
OBJ_obj2nid(params->map_algor->algorithm)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (ASN1_STRING_cmp(tmp->public_factors, params->public_factors)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
ret = 1;
err:
CPK_PUBLIC_PARAMS_free(tmp);
return ret;
}
int CPK_PUBLIC_PARAMS_validate_private_key(CPK_PUBLIC_PARAMS *params,
const char *id, const EVP_PKEY *priv_key)
{
int ret = -3;
EVP_PKEY *pub_key = NULL;
if (!(pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY,
ERR_R_EVP_LIB);
goto err;
}
ret = EVP_PKEY_cmp(pub_key, priv_key);
err:
EVP_PKEY_free(pub_key);
return ret;
}
static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor)
{
EC_KEY *ec_key = NULL;
int ptype;
const void *pval;
const unsigned char *p;
X509_ALGOR_get0(NULL, &ptype, &pval, algor);
if (ptype == V_ASN1_SEQUENCE) {
ASN1_OCTET_STRING *pstr = (ASN1_OCTET_STRING *)pval;
p = pstr->data;
if (!(ec_key = d2i_ECParameters(NULL, &p, pstr->length))) {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
} else if (ptype == V_ASN1_OBJECT) {
ASN1_OBJECT *poid = (ASN1_OBJECT *)pval;
EC_GROUP *group;
if (!(ec_key = EC_KEY_new())) {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!(group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)))) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (!EC_KEY_set_group(ec_key, group)) {
EC_GROUP_free(group);
EC_KEY_free(ec_key);
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
EC_GROUP_free(group);
} else {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, CPK_R_BAD_DATA);
return NULL;
}
return ec_key;
}
static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param)
{
int ret = 0;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
BIGNUM *bn = BN_new();
BIGNUM *order = BN_new();
BN_CTX *ctx = BN_CTX_new();
EC_POINT *pt = NULL;
int i, bn_size, pt_size, num_factors;
const unsigned char *bn_ptr;
unsigned char *pt_ptr;
if (!bn || !order || !ctx) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(EC_GROUP_get_order(ec_group, order, ctx))) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
bn_size = BN_num_bytes(order);
pt_size = bn_size + 1;
if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (ASN1_STRING_length(master->secret_factors) != bn_size * num_factors) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (!ASN1_STRING_set(param->public_factors, NULL, pt_size * num_factors)) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
bn_ptr = ASN1_STRING_get0_data(master->secret_factors);
pt_ptr = ASN1_STRING_get0_data(param->public_factors);
memset(pt_ptr, 0, ASN1_STRING_length(param->public_factors));
if (!(pt = EC_POINT_new(ec_group))) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
for (i = 0; i < num_factors; i++) {
if (!BN_bin2bn(bn_ptr, bn_size, bn)) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_mul(ec_group, pt, bn, NULL, NULL, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_point2oct(ec_group, pt,
POINT_CONVERSION_COMPRESSED, pt_ptr, pt_size, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
bn_ptr += bn_size;
pt_ptr += pt_size;
}
ret = 1;
err:
EC_KEY_free(ec_key);
BN_free(bn);
BN_free(order);
BN_CTX_free(ctx);
EC_POINT_free(pt);
return ret;
}
static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id)
{
EC_KEY *ret = NULL;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
EC_POINT *pub_key = NULL;
BIGNUM *priv_key = BN_new();
BIGNUM *order = BN_new();
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
int *index = NULL;
int i, num_indexes, bn_size;
if (!priv_key || !bn || !order || !ctx) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(pub_key = EC_POINT_new(ec_group))) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!CPK_MAP_str2index(master->map_algor, id, index)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
BN_zero(priv_key);
if (!(EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, ctx))) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
bn_size = BN_num_bytes(order);
for (i = 0; i < num_indexes; i++) {
const unsigned char *p =
ASN1_STRING_get0_data(master->secret_factors) +
bn_size * index[i];
if (!BN_bin2bn(p, bn_size, bn)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!BN_mod_add(priv_key, priv_key, bn, order, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
}
if (!EC_KEY_set_private_key(ec_key, priv_key)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_mul(ec_group, pub_key, priv_key, NULL, NULL, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_KEY_set_public_key(ec_key, pub_key)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
ret = ec_key;
ec_key = NULL;
err:
EC_KEY_free(ec_key);
BN_free(priv_key);
EC_POINT_free(pub_key);
BN_free(order);
BN_free(bn);
BN_CTX_free(ctx);
OPENSSL_free(index);
return ret;
}
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
{
EC_KEY *ret = NULL;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
EC_POINT *pub_key = NULL;
EC_POINT *pt = NULL;
BIGNUM *order = BN_new();
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
int *index = NULL;
int i, bn_size, pt_size, num_indexes, num_factors;
if (!(ec_key = X509_ALGOR_get1_EC_KEY(param->pkey_algor))) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(pub_key = EC_POINT_new(ec_group))) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!(pt = EC_POINT_new(ec_group))) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
bn_size = BN_num_bytes(order);
pt_size = bn_size + 1;
if ((num_factors = CPK_MAP_num_factors(param->map_algor)) <= 0) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (ASN1_STRING_length(param->public_factors) != pt_size * num_factors) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!CPK_MAP_str2index(param->map_algor, id, index)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_set_to_infinity(ec_group, pub_key)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
for (i = 0; i < num_indexes; i++) {
const unsigned char *p =
ASN1_STRING_get0_data(param->public_factors) +
pt_size * index[i];
if (!EC_POINT_oct2point(ec_group, pt, p, pt_size, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_add(ec_group, pub_key, pub_key, pt, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
}
if (!EC_KEY_set_public_key(ec_key, pub_key)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
ret = ec_key;
ec_key = NULL;
err:
EC_KEY_free(ec_key);
EC_POINT_free(pub_key);
BN_free(order);
BN_free(bn);
BN_CTX_free(ctx);
OPENSSL_free(index);
return ret;
}

219
crypto/cpk/cpk_map.c
View File

@@ -1,219 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/cpk.h>
#include "cpk_lcl.h"
#include "../../e_os.h"
/* Currently we only support fixed 32 indexes
* this means EC_POINT_add() called 32 times */
#define CPK_NUM_INDEXES 32
typedef struct {
int map_nid;
int md_nid;
} CPK_MAP_TABLE;
static CPK_MAP_TABLE map_table[] = {
{NID_cpk_map_sm3, NID_sm3},
{NID_cpk_map_sha1, NID_sha1},
{NID_cpk_map_sha256, NID_sha256},
{NID_cpk_map_sha384, NID_sha384},
{NID_cpk_map_sha512, NID_sha512}
};
static const EVP_MD *cpk_map2md(int type)
{
int i;
for (i = 0; i < OSSL_NELEM(map_table); i++) {
if (map_table[i].map_nid == type) {
return EVP_get_digestbynid(map_table[i].md_nid);
}
}
return NULL;
}
static const EVP_MD *CPK_MAP_get_md(const X509_ALGOR *algor)
{
const EVP_MD *md;
if (!algor->algorithm) {
CPKerr(CPK_F_CPK_MAP_GET_MD, CPK_R_INVALID_ARGUMENT);
return NULL;
}
if (!(md = cpk_map2md(OBJ_obj2nid(algor->algorithm)))) {
CPKerr(CPK_F_CPK_MAP_GET_MD, ERR_R_CPK_LIB);
return NULL;
}
return md;
}
X509_ALGOR *CPK_MAP_new(int type)
{
X509_ALGOR *ret = NULL;
X509_ALGOR *algor = NULL;
if (!cpk_map2md(type)) {
CPKerr(CPK_F_CPK_MAP_NEW, CPK_R_INVALID_MAP_ALGOR);
return NULL;
}
if (!(algor = X509_ALGOR_new())) {
CPKerr(CPK_F_CPK_MAP_NEW, ERR_R_X509_LIB);
goto end;
}
if (!X509_ALGOR_set0(algor, OBJ_nid2obj(type), V_ASN1_UNDEF, NULL)) {
CPKerr(CPK_F_CPK_MAP_NEW, ERR_R_X509_LIB);
goto end;
}
ret = algor;
algor = NULL;
end:
X509_ALGOR_free(algor);
return ret;
}
X509_ALGOR *CPK_MAP_new_default(void)
{
return CPK_MAP_new(NID_cpk_map_sha1);
}
int CPK_MAP_is_valid(const X509_ALGOR *algor)
{
return CPK_MAP_get_md(algor) != NULL;
}
int CPK_MAP_num_indexes(const X509_ALGOR *algor)
{
if (!CPK_MAP_is_valid(algor)) {
CPKerr(CPK_F_CPK_MAP_NUM_INDEXES, CPK_R_INVALID_MAP_ALGOR);
return 0;
}
/* current only use fixed num_indexes */
return CPK_NUM_INDEXES;
}
int CPK_MAP_num_subset(const X509_ALGOR *algor)
{
const EVP_MD *md;
if (!(md = CPK_MAP_get_md(algor))) {
CPKerr(CPK_F_CPK_MAP_NUM_SUBSET, ERR_R_CPK_LIB);
return 0;
}
return 1 << ((EVP_MD_size(md) * 8) / CPK_MAP_num_indexes(algor));
}
int CPK_MAP_num_factors(const X509_ALGOR *algor)
{
int num_indexes;
int num_subset;
if (!(num_indexes = CPK_MAP_num_indexes(algor))) {
CPKerr(CPK_F_CPK_MAP_NUM_FACTORS, ERR_R_CPK_LIB);
return 0;
}
if (!(num_subset = CPK_MAP_num_subset(algor))) {
CPKerr(CPK_F_CPK_MAP_NUM_FACTORS, ERR_R_CPK_LIB);
return 0;
}
return num_indexes * num_subset;
}
int CPK_MAP_str2index(const X509_ALGOR *algor, const char *str, int *index)
{
int ret = 0;
const EVP_MD *md;
unsigned char dgst[EVP_MAX_MD_SIZE];
unsigned int dgstlen;
BIGNUM *bn = NULL;
int i;
int num_indexes, num_subset;
OPENSSL_assert(algor);
OPENSSL_assert(algor->algorithm);
OPENSSL_assert(str);
OPENSSL_assert(strlen(str) > 0);
if (!(md = CPK_MAP_get_md(algor))
|| !(num_indexes = CPK_MAP_num_indexes(algor))
|| !(num_subset = CPK_MAP_num_subset(algor))) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, CPK_R_INVALID_MAP_ALGOR);
return 0;
}
if (!index) {
return CPK_MAP_num_indexes(algor);
}
if (!EVP_Digest(str, strlen(str), dgst, &dgstlen, md, NULL)) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_EVP_LIB);
return 0;
}
if (!(bn = BN_new())) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!BN_bin2bn(dgst, dgstlen, bn)) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_BN_LIB);
goto end;
}
for (i = 0; i < num_indexes; i++) {
int r = BN_mod_word(bn, num_subset);
BN_div_word(bn, num_subset);
index[i] = num_subset * i + r;
}
ret = num_indexes;
end:
BN_free(bn);
return ret;
}

144
crypto/cpk/cpk_prn.c
View File

@@ -1,144 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/bio.h>
#include <openssl/cpk.h>
#include <openssl/objects.h>
#include "cpk_lcl.h"
int CPK_MASTER_SECRET_print(BIO *out, CPK_MASTER_SECRET *master,
int indent, unsigned long flags)
{
char name[1024] = {0};
int num_factors;
const unsigned char *p;
int i, len;
if (!X509_NAME_oneline(master->id, name, sizeof(name))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_PRINT, ERR_R_CPK_LIB);
return 0;
}
BIO_printf(out, "CPK_MASTER_SECRET\n");
BIO_printf(out, " Version : %ld\n", master->version);
BIO_printf(out, " Domain-ID : %s\n", name);
BIO_printf(out, " Public-Key-Algor : %s\n", OBJ_nid2sn(OBJ_obj2nid(master->pkey_algor->algorithm)));
BIO_printf(out, " Map-Algor : %s\n", OBJ_nid2sn(OBJ_obj2nid(master->map_algor->algorithm)));
BIO_printf(out, " Secret-Factors :\n");
if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
return 0;
}
p = ASN1_STRING_get0_data(master->secret_factors);
len = ASN1_STRING_length(master->secret_factors)/num_factors;
if (ASN1_STRING_length(master->secret_factors) % num_factors) {
CPKerr(CPK_F_CPK_MASTER_SECRET_PRINT, ERR_R_CPK_LIB);
return 0;
}
for (i = 0; i < num_factors; i++) {
int j;
printf(" %-8d ", i);
for (j = 0; j < len; j++) {
BIO_printf(out, "%02X", p[j]);
}
printf("\n");
p += len;
}
return 1;
}
int CPK_PUBLIC_PARAMS_print(BIO *out, CPK_PUBLIC_PARAMS *params,
int indent, unsigned long flags)
{
char name[1024] = {0};
int num_factors;
const unsigned char *p;
int len, i;
if (!X509_NAME_oneline(params->id, name, sizeof(name))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_PRINT, ERR_R_CPK_LIB);
return 0;
}
BIO_printf(out, "CPK_PUBLIC_PARAMS\n");
BIO_printf(out, " Version : %ld\n", params->version);
BIO_printf(out, " Domain-ID : %s\n", name);
BIO_printf(out, " Public-Key-Algor : %s\n", OBJ_nid2sn(OBJ_obj2nid(params->pkey_algor->algorithm)));
BIO_printf(out, " Map-Algor : %s\n", OBJ_nid2sn(OBJ_obj2nid(params->map_algor->algorithm)));
BIO_printf(out, " Secret-Factors :\n");
if ((num_factors = CPK_MAP_num_factors(params->map_algor)) <= 0) {
fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
return 0;
}
p = ASN1_STRING_get0_data(params->public_factors);
len = ASN1_STRING_length(params->public_factors)/num_factors;
if (ASN1_STRING_length(params->public_factors) % num_factors) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_PRINT, ERR_R_CPK_LIB);
return 0;
}
for (i = 0; i < num_factors; i++) {
int j;
printf(" %-8d ", i);
for (j = 0; j < len; j++) {
BIO_printf(out, "%02X", p[j]);
}
printf("\n");
p += len;
}
return 1;
}

2
crypto/ec/build.info
View File

@@ -6,7 +6,7 @@ SOURCE[../../libcrypto]=\
ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c ecdh_kdf.c \
ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c ecx_meth.c \
{- $target{ec_asm_src} -} ecahe.c
{- $target{ec_asm_src} -}
GENERATE[ecp_nistz256-x86.s]=asm/ecp_nistz256-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(LIB_CFLAGS) $(PROCESSOR)

1
crypto/ec/ec_err.c
View File

@@ -215,7 +215,6 @@ static ERR_STRING_DATA EC_str_functs[] = {
"EC_POINT_set_Jprojective_coordinates_GFp"},
{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "ec_pre_comp_new"},
{ERR_FUNC(EC_F_EC_SCHNORR_SIGN), "ec_schnorr_sign"},
{ERR_FUNC(EC_F_EC_TYPE1CURVE_TATE), "EC_type1curve_tate"},
{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},

456
crypto/ec/ecahe.c
View File

@@ -1,456 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 - 2019 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/ecahe.h>
struct ECAHE_CIPHERTEXT_st {
EC_POINT *A;
EC_POINT *B;
};
ASN1_SEQUENCE(ECAHE_CIPHERTEXT) = {
ASN1_SIMPLE(ECAHE_CIPHERTEXT, A, ASN1_OCTET_STRING),
ASN1_SIMPLE(ECAHE_CIPHERTEXT, B, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(ECAHE_CIPHERTEXT)
IMPLEMENT_ASN1_FUNCTIONS(ECAHE_CIPHERTEXT)
IMPLEMENT_ASN1_DUP_FUNCTION(ECAHE_CIPHERTEXT)
#define EC_MAX_PLAINTEXT (65536)
int ECAHE_ciphertext_size(EC_KEY *pk)
{
ECerr(EC_F_ECAHE_CIPHERTEXT_SIZE, ERR_R_EC_LIB);
return 0;
}
int ECAHE_encrypt(unsigned char *out, size_t *outlen, const BIGNUM *in, EC_KEY *pk)
{
ECerr(EC_F_ECAHE_ENCRYPT, ERR_R_EC_LIB);
return 0;
}
int ECAHE_decrypt(unsigned long *out, const unsigned char *in, size_t inlen, EC_KEY *sk)
{
ECerr(EC_F_ECAHE_DECRYPT, ERR_R_EC_LIB);
return 0;
}
int ECAHE_do_encrypt(ECAHE_CIPHERTEXT *c, const BIGNUM *m, EC_KEY *pk)
{
int ret = -1;
const EC_GROUP *group;
const EC_POINT *point;
BIGNUM *order = NULL;
BN_CTX *ctx = NULL;
BIGNUM *r = NULL;
OPENSSL_assert(c);
OPENSSL_assert(m);
OPENSSL_assert(pk);
if (!(group = EC_KEY_get0_group(pk))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(order = BN_new())) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(ctx = BN_CTX_new())) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(r = BN_new())) {
ERR_print_errors_fp(stderr);
goto end;
}
do {
if (!BN_rand_range(r, order)) {
ERR_print_errors_fp(stderr);
goto end;
}
} while (BN_is_zero(r));
if (c->A == NULL) {
if (!(c->A = EC_POINT_new(group))) {
ERR_print_errors_fp(stderr);
goto end;
}
}
/* c->A = [r]G */
if (!EC_POINT_mul(group, c->A, r, NULL, NULL, ctx)) {
ERR_print_errors_fp(stderr);
goto end;
}
if (c->B == NULL) {
if (!(c->B = EC_POINT_new(group))) {
ERR_print_errors_fp(stderr);
goto end;
}
}
if (!(point = EC_KEY_get0_public_key(pk))) {
ERR_print_errors_fp(stderr);
goto end;
}
{
//EC_POINT *T = EC_POINT_new(group);
//EC_POINT_mul(group, T, m, NULL, NULL, ctx);
//printf("[m]G = %s\n", EC_POINT_point2hex(group, T, EC_PUBKEY_FORMAT, ctx));
}
/* c->b = [m]G + [r]P */
if (!EC_POINT_mul(group, c->B, m, point, r, ctx)) {
ERR_print_errors_fp(stderr);
goto end;
}
ret = 0;
end:
if (r) BN_free(r);
if (order) BN_free(order);
if (ctx) BN_CTX_free(ctx);
return ret;
}
/* A == [r]G
* B == [m]G + [r]P == [m]G + [rd]G
* B - [d]A == B - [rd]G == [m]G
*/
int ECAHE_do_decrypt(BIGNUM *m, const ECAHE_CIPHERTEXT *c, EC_KEY *sk)
{
int ret = -1;
const EC_GROUP *group;
const EC_POINT *G;
const BIGNUM *d;
BN_CTX *ctx = NULL;
BIGNUM *order = NULL;
EC_POINT *point = NULL;
EC_POINT *point2 = NULL;
unsigned int i;
OPENSSL_assert(m);
OPENSSL_assert(c && c->A && c->B);
OPENSSL_assert(sk);
if (!(group = EC_KEY_get0_group(sk))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(G = EC_GROUP_get0_generator(group))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(d = EC_KEY_get0_private_key(sk))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(ctx = BN_CTX_new())) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(order = BN_new())) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!EC_GROUP_get_order(group, order, ctx)) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!(point = EC_POINT_new(group))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!BN_one(order)) {
ERR_print_errors_fp(stderr);
goto end;
}
/* point = [d]A = [rd]G */
if (!EC_POINT_mul(group, point, NULL, c->A, d, ctx)) {
ERR_print_errors_fp(stderr);
goto end;
}
/* point = -[rd]G */
if (!EC_POINT_invert(group, point, ctx)) {
ERR_print_errors_fp(stderr);
goto end;
}
/* point = B - [rd]G = [m]G + [rd]G - [rd]G = [m]G */
if (!EC_POINT_add(group, point, point, c->B, ctx)) {
ERR_print_errors_fp(stderr);
goto end;
}
{
//printf("[m]G = %s\n", EC_POINT_point2hex(group, point, EC_PUBKEY_FORMAT, ctx));
}
if (!(point2 = EC_POINT_new(group))) {
ERR_print_errors_fp(stderr);
goto end;
}
if (!EC_POINT_set_to_infinity(group, point2)) {
ERR_print_errors_fp(stderr);
goto end;
}
for (i = 0; i < EC_MAX_PLAINTEXT; i++) {
//printf("%03d ", i);
//printf(" %s\n", EC_POINT_point2hex(group, point, EC_PUBKEY_FORMAT, ctx));
//printf(" %s\n", EC_POINT_point2hex(group, point2, EC_PUBKEY_FORMAT, ctx));
if (EC_POINT_cmp(group, point, point2, ctx) == 0) {
if (!BN_set_word(m, i)) {
ERR_print_errors_fp(stderr);
goto end;
}
//printf("SUCCESS: %d\n", i+1);
ret = 0;
goto end;
}
EC_POINT_add(group, point2, point2, EC_GROUP_get0_generator(group), ctx);
}
end:
if (ctx) BN_CTX_free(ctx);
if (order) BN_free(order);
if (point) EC_POINT_free(point);
if (point2) EC_POINT_free(point2);
return ret;
}
int ECAHE_ciphertext_add(ECAHE_CIPHERTEXT *r,
const ECAHE_CIPHERTEXT *a, const ECAHE_CIPHERTEXT *b,
EC_KEY *pk)
{
const EC_GROUP *group = EC_KEY_get0_group(pk);
BN_CTX *ctx = NULL;
if (!(group = EC_KEY_get0_group(pk))) {
ERR_print_errors_fp(stderr);
return -1;
}
OPENSSL_assert(a->A);
OPENSSL_assert(b->A);
OPENSSL_assert(a->B);
OPENSSL_assert(b->B);
if (r->A == NULL) {
if (!(r->A = EC_POINT_new(group))) {
ERR_print_errors_fp(stderr);
return -1;
}
}
if (r->B == NULL) {
if (!(r->B = EC_POINT_new(group))) {
ERR_print_errors_fp(stderr);
return -1;
}
}
if (!(ctx = BN_CTX_new())) {
ERR_print_errors_fp(stderr);
return -1;
}
if (!EC_POINT_add(group, r->A, a->A, b->A, ctx)) {
ERR_print_errors_fp(stderr);
BN_CTX_free(ctx);
return -1;
}
if (!EC_POINT_add(group, r->B, a->B, b->B, ctx)) {
ERR_print_errors_fp(stderr);
BN_CTX_free(ctx);
return -1;
}
BN_CTX_free(ctx);
return 0;
}
int ECAHE_ciphertext_sub(ECAHE_CIPHERTEXT *r,
const ECAHE_CIPHERTEXT *a, const ECAHE_CIPHERTEXT *b,
EC_KEY *pk)
{
const EC_GROUP *group = EC_KEY_get0_group(pk);
BN_CTX *ctx = NULL;
if (!(group = EC_KEY_get0_group(pk))) {
ERR_print_errors_fp(stderr);
return -1;
}
OPENSSL_assert(a->A);
OPENSSL_assert(b->A);
OPENSSL_assert(a->B);
OPENSSL_assert(b->B);
if (ECAHE_ciphertext_neg(r, b, pk) < 0) {
fprintf(stderr, "%s (%s %d): ec_ciphertext_neg failed\n",
__FUNCTION__, __FILE__, __LINE__);
return -1;
}
if (!(ctx = BN_CTX_new())) {
ERR_print_errors_fp(stderr);
return -1;
}
if (!EC_POINT_add(group, r->A, r->A, a->A, ctx)) {
ERR_print_errors_fp(stderr);
BN_CTX_free(ctx);
return -1;
}
if (!EC_POINT_add(group, r->B, r->B, a->B, ctx)) {
ERR_print_errors_fp(stderr);
BN_CTX_free(ctx);
return -1;
}
BN_CTX_free(ctx);
return 0;
}
int ECAHE_ciphertext_neg(ECAHE_CIPHERTEXT *r, const ECAHE_CIPHERTEXT *a,
EC_KEY *pk)
{
const EC_GROUP *group;
BN_CTX *ctx = NULL;
OPENSSL_assert(r && a && pk);
OPENSSL_assert(a->A);
OPENSSL_assert(a->B);
if (!(group = EC_KEY_get0_group(pk))) {
ERR_print_errors_fp(stderr);
return -1;
}
if (r->A)
EC_POINT_free(r->A);
if (!(r->A = EC_POINT_dup(a->A, group))) {
ERR_print_errors_fp(stderr);
return -1;
}
if (r->B)
EC_POINT_free(r->B);
if (!(r->B = EC_POINT_dup(a->B, group))) {
ERR_print_errors_fp(stderr);
return -1;
}
if (!(ctx = BN_CTX_new())) {
ERR_print_errors_fp(stderr);
return -1;
}
if (!EC_POINT_invert(group, r->A, ctx)) {
ERR_print_errors_fp(stderr);
BN_CTX_free(ctx);
return -1;
}
if (!EC_POINT_invert(group, r->B, ctx)) {
ERR_print_errors_fp(stderr);
BN_CTX_free(ctx);
return -1;
}
BN_CTX_free(ctx);
return 0;
}

490
crypto/ec2/bn_gfp2.c
View File

@@ -1,490 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* this file implement complex number over prime field
* a = a0 + a1 * i, i^2 == -1
* most of the routines should be replaced by macros
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn_gfp2.h>
/*
* to make it simple, currently both a0 and a1 will be inited
*/
BN_GFP2 *BN_GFP2_new(void)
{
int e = 1;
BN_GFP2 *ret = NULL;
if (!(ret = OPENSSL_malloc(sizeof(BN_GFP2)))) {
BNerr(BN_F_BN_GFP2_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->a0 = BN_new();
ret->a1 = BN_new();
if (!ret->a0 || !ret->a1) {
BNerr(BN_F_BN_GFP2_NEW, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_zero(ret->a0);
BN_zero(ret->a1);
e = 0;
end:
if (e && ret) {
BN_GFP2_free(ret);
ret = NULL;
}
return ret;
}
void BN_GFP2_free(BN_GFP2 *a)
{
if (a) {
BN_free(a->a0);
BN_free(a->a1);
OPENSSL_free(a);
}
}
int BN_GFP2_copy(BN_GFP2 *r, const BN_GFP2 *a)
{
if (!r || !r->a0 || !r->a1 || !a || !a->a0 || !a->a1) {
BNerr(BN_F_BN_GFP2_COPY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!BN_copy(r->a0, a->a0)) {
BNerr(BN_F_BN_GFP2_COPY, ERR_R_BN_LIB);
return 0;
}
if (!BN_copy(r->a1, a->a1)) {
BNerr(BN_F_BN_GFP2_COPY, ERR_R_BN_LIB);
return 0;
}
return 1;
}
int BN_GFP2_one(BN_GFP2 *a)
{
if (!a || !a->a0 || !a->a1) {
BNerr(BN_F_BN_GFP2_ONE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
BN_one(a->a0);
BN_zero(a->a1);
return 1;
}
int BN_GFP2_zero(BN_GFP2 *a)
{
if (!a || !a->a0 || !a->a1) {
BNerr(BN_F_BN_GFP2_ZERO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
BN_zero(a->a0);
BN_zero(a->a1);
return 1;
}
/* return 1 on success, so dont use !BN_GFP2_is_zero() to check return value */
int BN_GFP2_is_zero(const BN_GFP2 *a)
{
if (!a || !a->a0 || !a->a1) {
BNerr(BN_F_BN_GFP2_IS_ZERO, ERR_R_PASSED_NULL_PARAMETER);
return -1;
}
return (BN_is_zero(a->a0) && BN_is_zero(a->a1));
}
int BN_GFP2_equ(const BN_GFP2 *a, const BN_GFP2 *b)
{
if (!a || !b || !a->a0 || !a->a1 || !b->a0 || !b->a1) {
BNerr(BN_F_BN_GFP2_EQU, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return ((BN_cmp(a->a0, b->a0) == 0) && (BN_cmp(a->a1, b->a1) == 0));
}
int BN_GFP2_add(BN_GFP2 *r, const BN_GFP2 *a, const BN_GFP2 *b,
const BIGNUM *p, BN_CTX *ctx)
{
if (!a || !b || !a->a0 || !a->a1 || !b->a0 || !b->a1 || !p || !ctx) {
BNerr(BN_F_BN_GFP2_ADD, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!BN_mod_add(r->a0, a->a0, b->a0, p, ctx)) {
BNerr(BN_F_BN_GFP2_ADD, ERR_R_BN_LIB);
return 0;
}
if (!BN_mod_add(r->a1, a->a1, b->a1, p, ctx)) {
BNerr(BN_F_BN_GFP2_ADD, ERR_R_BN_LIB);
return 0;
}
return 1;
}
int BN_GFP2_sub(BN_GFP2 *r, const BN_GFP2 *a, const BN_GFP2 *b,
const BIGNUM *p, BN_CTX *ctx)
{
if (!a || !b || !a->a0 || !a->a1 || !b->a0 || !b->a1 || !p || !ctx) {
BNerr(BN_F_BN_GFP2_SUB, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!BN_mod_sub(r->a0, a->a0, b->a0, p, ctx)) {
BNerr(BN_F_BN_GFP2_SUB, ERR_R_BN_LIB);
return 0;
}
if (!BN_mod_sub(r->a1, a->a1, b->a1, p, ctx)) {
BNerr(BN_F_BN_GFP2_SUB, ERR_R_BN_LIB);
return 0;
}
return 1;
}
/*
* (a0 + a1 * i) * (b0 + b1 * i)
* = a0 * b0 + a1 * b1 * i^2 + (a0 * b1 + a1 * b0) * i
* = (a0 * b0 - a1 * b1) + (a0 * b1 + a1 * b0) * i
*/
int BN_GFP2_mul(BN_GFP2 *r, const BN_GFP2 *a, const BN_GFP2 *b,
const BIGNUM *p, BN_CTX *ctx)
{
int ret = 0;
BIGNUM *t = NULL;
BN_CTX_start(ctx);
if (!(t = BN_CTX_get(ctx))) {
BNerr(BN_F_BN_GFP2_MUL, ERR_R_BN_LIB);
goto end;
}
/* r->a0 = a->a0 * b->a0 - a->a1 * b->a1 (mod p) */
if (!BN_mod_mul(r->a0, a->a0, b->a0, p, ctx)) {
BNerr(BN_F_BN_GFP2_MUL, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(t, a->a1, b->a1, p, ctx)) {
BNerr(BN_F_BN_GFP2_MUL, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_sub(r->a0, r->a0, t, p, ctx)) {
BNerr(BN_F_BN_GFP2_MUL, ERR_R_BN_LIB);
goto end;
}
/* r->a1 = a->a0 * b->a1 + a->a1 * b->a0 (mod p) */
if (!BN_mod_mul(r->a1, a->a0, b->a1, p, ctx)) {
BNerr(BN_F_BN_GFP2_MUL, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(t, a->a1, b->a0, p, ctx)) {
BNerr(BN_F_BN_GFP2_MUL, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_add(r->a1, r->a1, t, p, ctx)) {
BNerr(BN_F_BN_GFP2_MUL, ERR_R_BN_LIB);
goto end;
}
ret = 1;
end:
BN_CTX_end(ctx);
return ret;
}
int BN_GFP2_sqr(BN_GFP2 *r, const BN_GFP2 *a,
const BIGNUM *p, BN_CTX *ctx)
{
return BN_GFP2_mul(r, a, a, p, ctx);
}
/*
* (a0 + a1 * i) * (a0 - a1 * i)
* = a0^2 - a1^2 * i^2
* = a0^2 + a1^2
* ==> (a0 + a1 * i) * (a0 - a1 * i) * (a0^2 + a1^2)^-1 == 1
* ==> (a0 + a1 * i)^-1 == (a0 - a1 * i) * (a0^2 + a1^2)^-1
*/
int BN_GFP2_inv(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *p, BN_CTX *ctx)
{
int ret = 0;
BIGNUM *t = NULL;
BN_CTX_start(ctx);
if (!(t = BN_CTX_get(ctx))) {
BNerr(BN_F_BN_GFP2_INV, ERR_R_BN_LIB);
goto end;
}
/* t = (a0^2 + a1^2)^-1 */
if (!BN_mod_sqr(r->a0, a->a0, p, ctx)) {
BNerr(BN_F_BN_GFP2_INV, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_sqr(r->a1, a->a1, p, ctx)) {
BNerr(BN_F_BN_GFP2_INV, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(t, r->a0, r->a1, p, ctx)) {
BNerr(BN_F_BN_GFP2_INV, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_inverse(t, t, p, ctx)) {
BNerr(BN_F_BN_GFP2_INV, ERR_R_BN_LIB);
goto end;
}
/* r0 = a0^ t (mod p) */
if (!BN_mod_mul(r->a0, a->a0, t, p, ctx)) {
BNerr(BN_F_BN_GFP2_INV, ERR_R_BN_LIB);
goto end;
}
/* r1 = p - a1^t (mod p) */
if (!BN_mod_mul(r->a1, a->a1, t, p, ctx)) {
BNerr(BN_F_BN_GFP2_INV, ERR_R_BN_LIB);
goto end;
}
if (!BN_sub(r->a1, p, r->a1)) {
BNerr(BN_F_BN_GFP2_INV, ERR_R_BN_LIB);
goto end;
}
ret = 1;
end:
BN_CTX_end(ctx);
return ret;
}
int BN_GFP2_div(BN_GFP2 *r, const BN_GFP2 *a, const BN_GFP2 *b, const BIGNUM *p, BN_CTX *ctx)
{
if (!BN_GFP2_inv(r, b, p, ctx)) {
return 0;
}
if (!BN_GFP2_mul(r, a, r, p, ctx)) {
return 0;
}
return 1;
}
/* need a fast implementation. check if k is solinas */
int BN_GFP2_exp(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *k, const BIGNUM *p,
BN_CTX *ctx)
{
return 0;
}
int BN_GFP2_set_bn(BN_GFP2 *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
if (!r || !a || !p) {
BNerr(BN_F_BN_GFP2_SET_BN, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!BN_copy(r->a0, a)) {
BNerr(BN_F_BN_GFP2_SET_BN, ERR_R_BN_LIB);
return 0;
}
BN_zero(r->a1);
return 1;
}
int BN_GFP2_add_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx)
{
return BN_mod_add(r->a0, a->a0, b, p, ctx);
}
int BN_GFP2_sub_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx)
{
return BN_mod_sub(r->a0, a->a0, b, p, ctx);
}
int BN_GFP2_mul_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx)
{
return BN_mod_mul(r->a0, a->a0, b, p, ctx);
}
int BN_GFP2_div_bn(BN_GFP2 *r, const BN_GFP2 *a, const BIGNUM *b,
const BIGNUM *p, BN_CTX *ctx)
{
int ret = 0;
BIGNUM *binv;
if (!(binv = BN_CTX_get(ctx))) {
BNerr(BN_F_BN_GFP2_DIV_BN, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!BN_mod_inverse(binv, b, p, ctx)) {
BNerr(BN_F_BN_GFP2_DIV_BN, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(r->a0, a->a0, binv, p, ctx)) {
BNerr(BN_F_BN_GFP2_DIV_BN, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(r->a1, a->a1, binv, p, ctx)) {
BNerr(BN_F_BN_GFP2_DIV_BN, ERR_R_BN_LIB);
goto end;
}
ret = 1;
end:
BN_CTX_end(ctx);
return ret;
}
int BN_bn2gfp2(const BIGNUM *bn, BN_GFP2 *gfp2, const BIGNUM *p, BN_CTX *ctx)
{
int ret = 0;
BIGNUM *a;
if (!(a = BN_CTX_get(ctx))) {
goto end;
}
BN_one(a);
if (!BN_lshift(a, a, BN_num_bytes(p)*8)) {
goto end;
}
if (!BN_rshift(gfp2->a1, bn, BN_num_bytes(p)*8)) {
goto end;
}
if (!BN_mod(gfp2->a0, bn, a, ctx)) {
goto end;
}
ret = 1;
end:
BN_CTX_end(ctx);
return ret;
}
/* return (a0 + a1 << 2^n), n = log_2(p), n % 8 == 0 */
int BN_gfp22bn(const BN_GFP2 *gfp2, BIGNUM *bn, const BIGNUM *p, BN_CTX *ctx)
{
if (!BN_lshift(bn, gfp2->a1, BN_num_bytes(p) * 8)) {
return 0;
}
if (!BN_add(bn, bn, gfp2->a0)) {
return 0;
}
return 1;
}
int BN_GFP2_canonical(const BN_GFP2 *a, unsigned char *out, size_t *outlen,
int order, const BIGNUM *p, BN_CTX *ctx)
{
size_t len;
if (!a || !a->a0 || !a->a1 || !outlen || !p) {
BNerr(BN_F_BN_GFP2_CANONICAL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
len = BN_num_bytes(p) * 2;
if (!out) {
*outlen = len;
return 1;
}
if (*outlen < len) {
BNerr(BN_F_BN_GFP2_CANONICAL, BN_R_BUFFER_TOO_SMALL);
return 0;
}
memset(out, 0, len);
if (order == 0) {
/* low order first output (a0, a1) */
if (!BN_bn2bin(a->a0, out + len/2 - BN_num_bytes(a->a0))) {
BNerr(BN_F_BN_GFP2_CANONICAL, ERR_R_BN_LIB);
return 0;
}
if (!BN_bn2bin(a->a1, out + len - BN_num_bytes(a->a1))) {
BNerr(BN_F_BN_GFP2_CANONICAL, ERR_R_BN_LIB);
return 0;
}
} else {
/* high order first output (a1, a0) */
if (!BN_bn2bin(a->a1, out + len/2 - BN_num_bytes(a->a1))) {
BNerr(BN_F_BN_GFP2_CANONICAL, ERR_R_BN_LIB);
return 0;
}
if (!BN_bn2bin(a->a0, out + len - BN_num_bytes(a->a0))) {
BNerr(BN_F_BN_GFP2_CANONICAL, ERR_R_BN_LIB);
return 0;
}
}
*outlen = len;
return 1;
}

137
crypto/ec2/bn_hash.c
View File

@@ -1,137 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include "../bn/bn_lcl.h"
int BN_hash_to_range(const EVP_MD *md, BIGNUM **bn,
const void *s, size_t slen, const BIGNUM *range, BN_CTX *bn_ctx)
{
int ret = 0;
BIGNUM *r = NULL;
BIGNUM *a = NULL;
unsigned char *buf = NULL;
size_t buflen, mdlen;
int nbytes, rounds, i;
if (!s || slen <= 0 || !md || !range) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(*bn)) {
if (!(r = BN_new())) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
r = *bn;
BN_zero(r);
}
mdlen = EVP_MD_size(md);
buflen = mdlen + slen;
if (!(buf = OPENSSL_malloc(buflen))) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_MALLOC_FAILURE);
goto end;
}
memset(buf, 0, mdlen);
memcpy(buf + mdlen, s, slen);
a = BN_new();
if (!a) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_MALLOC_FAILURE);
goto end;
}
nbytes = BN_num_bytes(range);
rounds = (nbytes + mdlen - 1)/mdlen;
if (!bn_expand(r, rounds * mdlen * 8)) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_BN_LIB);
goto end;
}
for (i = 0; i < rounds; i++) {
if (!EVP_Digest(buf, buflen, buf, (unsigned int *)&mdlen, md, NULL)) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_EVP_LIB);
goto end;
}
if (!BN_bin2bn(buf, mdlen, a)) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_BN_LIB);
goto end;
}
if (!BN_lshift(r, r, mdlen * 8)) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_BN_LIB);
goto end;
}
if (!BN_uadd(r, r, a)) {
goto end;
}
}
if (!BN_mod(r, r, range, bn_ctx)) {
BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_BN_LIB);
goto end;
}
*bn = r;
ret = 1;
end:
if (!ret && !(*bn)) {
BN_free(r);
}
BN_free(a);
OPENSSL_free(buf);
return ret;
}

218
crypto/ec2/bn_solinas.c
View File

@@ -1,218 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
#include <openssl/bn_solinas.h>
#include "../bn/bn_lcl.h"
/*
* generate the solinas prime tables,
* use it for fast check of solinas
*/
#define BN_SOLINAS_192V1 0
#define BN_SOLINAS_192V2 1
#define BN_SOLINAS_224V1 2
#define BN_SOLINAS_256V1 3
#define BN_SOLINAS_384V1 4
#define BN_SOLINAS_512V1 5
#define BN_SOLINAS_512V2 6
#define BN_SOLINAS_1024V1 7
#define BN_SOLINAS_1024V2 8
#if 0
//remove warnings
static BN_SOLINAS BN_solinas_table[] = {
{ 192, 16, -1, -1 },
{ 192, 64, -1, -1 },
{ 224, 96, -1, 1 },
{ 256, 168, -1, 1 },
{ 384, 80, -1, 1 },
{ 512, 32, -1, 1 },
{ 512, 32, -1, -1 },
{ 1024, 424, -1, -1 },
{ 1024, 856, -1, 1 },
};
#endif
/*
* solinas = 2^a + s * 2^b + c, where s, c in {1, -1}
* solinas looks like:
* 2^a + 2^b + 1 = 10000100001
* 2^a - 2^b + 1 = 1111100001
* 2^a + 2^b - 1 = 10000011111
* 2^a - 2^b - 1 = 1111011111
* so:
* n = len(bits(solinas))
* c = bits(solinas)[1] == 0 ? 1 : -1
* s = bits(solinas)[n-2] == 0 ? 1 : -1
* a = bits(solinas)[n-2] == 0 ? n-1 : n-2
* b = len(bits(solinas - 2^a - s*2^b - c)) - 1
*
* examples:
* 0xfffffffffffffffffffffffffffbffff
* 0xffffffffffffffffffffffeffffffffffff
* 0xfffffffffbfffffffffffffffffffffffff
*/
int BN_bn2solinas(const BIGNUM *bn, BN_SOLINAS *solinas)
{
int ret = 0;
BIGNUM *tmp = NULL;
int nbits;
int i;
if (!solinas || !bn) {
BNerr(BN_F_BN_BN2SOLINAS, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!BN_copy(tmp, bn)) {
goto end;
}
if ((nbits = BN_num_bits(bn) - 1) < 1) {
BNerr(BN_F_BN_BN2SOLINAS, BN_R_INVALID_SOLINAS);
goto end;
}
solinas->c = BN_is_bit_set(bn, 1) ? 1 : -1;
if (BN_is_bit_set(bn, nbits - 1)) {
solinas->s = -1;
solinas->a = nbits;
} else {
solinas->s = 1;
solinas->a = nbits - 1;
}
for (i = 1; i < nbits; i++) {
}
end:
return ret;
}
int BN_solinas2bn(const BN_SOLINAS *solinas, BIGNUM *bn)
{
int ret = 0;
BIGNUM *tmp = NULL;
if (!solinas || !bn) {
BNerr(BN_F_BN_SOLINAS2BN, ERR_R_MALLOC_FAILURE);
return 0;
}
if (solinas->b <= 0 || solinas->a <= solinas->b
|| (solinas->s != 1 && solinas->s != -1)
|| (solinas->c != 1 && solinas->c != -1)) {
BNerr(BN_F_BN_SOLINAS2BN, BN_R_INVALID_SOLINAS_PARAMETERS);
return 0;
}
if (!(tmp = BN_new())) {
BNerr(BN_F_BN_SOLINAS2BN, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_one(tmp);
if (!BN_lshift(bn, tmp, solinas->a)) {
BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
goto end;
}
if (!BN_lshift(tmp, tmp, solinas->b)) {
BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
goto end;
}
if (!BN_add_word(tmp, solinas->c)) {
BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
goto end;
}
if (solinas->s > 0) {
if (!BN_add(bn, bn, tmp)) {
BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
goto end;
}
} else {
if (!BN_sub(bn, bn, tmp)) {
BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
goto end;
}
}
/* check if it is a prime */
ret = 1;
end:
BN_free(tmp);
return ret;
}
int BN_generate_solinas(BIGNUM *ret, BN_SOLINAS *solinas, BN_GENCB *cb)
{
return 0;
}
int BN_is_solinas(const BIGNUM *a)
{
return 0;
}
BN_SOLINAS *BN_get_solinas(int index)
{
return NULL;
}

3
crypto/ec2/build.info
View File

@@ -1,3 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=bn_gfp2.c bn_solinas.c bn_hash.c \
fppoint.c ec_hash.c ec_type1.c

181
crypto/ec2/ec_hash.c
View File

@@ -1,181 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/bn_hash.h>
/* currently the EC_POINT_hash2point only support type1curve! */
int EC_POINT_hash2point(const EC_GROUP *group, const EVP_MD *md,
const char *s, size_t slen, EC_POINT *point, BN_CTX *bn_ctx)
{
int ret = 0;
BIGNUM *p = NULL;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
BIGNUM *k = NULL;
BIGNUM *q = NULL;
if (!group || !md || !point || !s || slen <= 0 || !bn_ctx) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != NID_X9_62_prime_field) {
ECerr(EC_F_EC_POINT_HASH2POINT, EC_R_INVALID_CURVE);
return 0;
}
p = BN_new();
x = BN_new();
y = BN_new();
k = BN_new();
q = BN_new();
if (!p || !x || !y || !k || !q) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_GROUP_get_curve_GFp(group, p, x, y, bn_ctx)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_EC_LIB);
goto end;
}
/* check group is type-1 curve */
if (!BN_is_zero(x) || !BN_is_one(y) || BN_mod_word(p, 12) != 11) {
ECerr(EC_F_EC_POINT_HASH2POINT, EC_R_INVALID_CURVE);
goto end;
}
/* get order */
if (!EC_GROUP_get_order(group, q, bn_ctx)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_EC_LIB);
goto end;
}
/* y = HashToRange(s) in [0, p - 1] */
if (!BN_hash_to_range(md, &y, s, slen, p, bn_ctx)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
/* x = (y + 1) * (y - 1) mod p */
if (!BN_copy(x, y)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!BN_copy(k, y)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!BN_add_word(x, 1)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!BN_sub_word(k, 1)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(x, x, k, p, bn_ctx)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
/* k = (p^2 - 1)/3 */
if (!BN_lshift1(k, p)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!BN_sub_word(k, 1)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!BN_div_word(k, 3)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
/* compute x and point = (x, y) */
if (!BN_mod_exp(x, x, k, p, bn_ctx)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, bn_ctx)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_EC_LIB);
goto end;
}
/* compute [(p + 1)/q] * point */
if (!BN_add_word(p, 1)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!BN_div(k, NULL, p, q, bn_ctx)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_BN_LIB);
goto end;
}
if (!EC_POINT_mul(group, point, NULL, point, k, bn_ctx)) {
ECerr(EC_F_EC_POINT_HASH2POINT, ERR_R_EC_LIB);
goto end;
}
ret = 1;
end:
BN_free(p);
BN_free(x);
BN_free(y);
BN_free(k);
BN_free(q);
return ret;
}

817
crypto/ec2/ec_type1.c
View File

@@ -1,817 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/bn_gfp2.h>
EC_GROUP *EC_GROUP_generate_type1curve(const BIGNUM *order, BN_CTX *bn_ctx)
{
ECerr(EC_F_EC_GROUP_GENERATE_TYPE1CURVE, 0);
return 0;
}
EC_GROUP *EC_GROUP_new_type1curve_ex(const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, const unsigned char *point, size_t pointlen,
const BIGNUM *order, const BIGNUM *cofactor, BN_CTX *bn_ctx)
{
return NULL;
}
EC_GROUP *EC_GROUP_new_type1curve(const BIGNUM *p,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *order, BN_CTX *bn_ctx)
{
int e = 1;
EC_GROUP *ret = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
EC_POINT *point = NULL;
if (!p || !x || !y || !order) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
/* check p = 11 (mod 12) */
if (BN_mod_word(p, 12) != 11) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, EC_R_INVALID_TYPE1CURVE);
return NULL;
}
BN_CTX_start(bn_ctx);
a = BN_CTX_get(bn_ctx);
b = BN_CTX_get(bn_ctx);
if (!a || !b) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
goto end;
}
BN_zero(a);
BN_one(b);
if (!(ret = EC_GROUP_new_curve_GFp(p, a, b, bn_ctx))) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, EC_R_INVALID_TYPE1CURVE);
goto end;
}
/* prepare generator point from (x, y) */
if (!(point = EC_POINT_new(ret))) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_POINT_set_affine_coordinates_GFp(ret, point, x, y, bn_ctx)) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, EC_R_INVALID_TYPE1CURVE);
goto end;
}
/*
* calculate cofactor h = (p + 1)/n
* check n|(p + 1) where n is the order
*/
if (!BN_copy(a, p)) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
if (!BN_add_word(a, 1)) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
/* check (p + 1)%n == 0 */
if (!BN_div(a, b, a, order, bn_ctx)) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, ERR_R_BN_LIB);
goto end;
}
if (!BN_is_zero(b)) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, EC_R_INVLID_TYPE1CURVE);
goto end;
}
/* set order and cofactor */
if (!EC_GROUP_set_generator(ret, point, order, a)) {
ECerr(EC_F_EC_GROUP_NEW_TYPE1CURVE, EC_R_INVALID_TYPE1CURVE);
goto end;
}
e = 0;
end:
if (e && ret) {
EC_GROUP_free(ret);
ret = NULL;
}
BN_CTX_end(bn_ctx);
EC_POINT_free(point);
return ret;
}
int EC_GROUP_is_type1curve(const EC_GROUP *group, BN_CTX *bn_ctx)
{
ECerr(EC_F_EC_GROUP_IS_TYPE1CURVE, 0);
return 0;
}
/*
* zeta = F_p((p-1)/2) + ((F_p(3)^((p + 1)/4))/2) * i, in F_p^2
* which is used in phi() mapping in tate pairing over type1 curve
*/
BN_GFP2 *EC_GROUP_get_type1curve_zeta(const EC_GROUP *group, BN_CTX *bn_ctx)
{
int e = 1;
BN_GFP2 *ret = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
BIGNUM *p = NULL;
if (!group || !bn_ctx) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
BN_CTX_start(bn_ctx);
ret = BN_GFP2_new();
a = BN_CTX_get(bn_ctx);
b = BN_CTX_get(bn_ctx);
p = BN_CTX_get(bn_ctx);
if (!ret || !a || !b || !p) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_MALLOC_FAILURE);
goto end;
}
/* get curve p, a, b and check it is type1 curve
* p is prime at least 512 bits, a == 0 and b == 1
*/
if (!EC_GROUP_get_curve_GFp(group, a, b, p, bn_ctx)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_EC_LIB);
goto end;
}
if (!BN_is_zero(a) || !BN_is_one(b)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, EC_R_INVALID_TYPE1_CURVE);
goto end;
}
if (BN_num_bits(p) < 512) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, EC_R_INVALID_TYPE1_CURVE);
goto end;
}
/*
* set ret->a0 = (p - 1)/2
*/
if (!BN_copy(ret->a0, p)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!BN_sub_word(ret->a0, 1)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_EC_LIB);
goto end;
}
/* BN_div_word() return remainder, while (p - 1)%2 == 0 */
if (BN_div_word(ret->a0, 2)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, EC_R_INVALID_TYPE1_CURVE);
goto end;
}
/*
* ret->a1 = (p + 1)/4, (ret->a1 + 1)%4 == 0
*/
if (!BN_copy(ret->a1, p)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_BN_LIB);
goto end;
}
if (!BN_add_word(ret->a1, 1)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_BN_LIB);
goto end;
}
if (BN_div_word(ret->a1, 4)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, EC_R_INVALID_TYPE1_CURVE);
goto end;
}
/*
* re-use a as 3
* ret->a1 = 3^(ret->a1) mod p = 3^((p + 1)/4) mod p
*/
if (!BN_set_word(a, 3)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_exp(ret->a1, a, ret->a1, p, bn_ctx)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_BN_LIB);
goto end;
}
/*
* re-use b as 1/2 mod p
* ret->a1 = ret->a1 / 2 mod p = (3^((p + 1)/4)) mod p
*/
if (!BN_set_word(b, 2)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_inverse(b, b, p, bn_ctx)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_mul(ret->a1, ret->a1, b, p, bn_ctx)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ZETA, ERR_R_BN_LIB);
goto end;
}
e = 0;
end:
if (e && ret) {
BN_GFP2_free(ret);
ret = NULL;
}
BN_CTX_end(bn_ctx);
return ret;
}
/*
* eta = (p^2 - 1)/n
* which is used in the final modular exponentiation of tate pairing over
* type1 curve
*/
BIGNUM *EC_GROUP_get_type1curve_eta(const EC_GROUP *group, BN_CTX *bn_ctx)
{
int e = 1;
BIGNUM *ret = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
BIGNUM *p = NULL;
if (!group || !bn_ctx) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
BN_CTX_start(bn_ctx);
ret = BN_new();
a = BN_CTX_get(bn_ctx);
b = BN_CTX_get(bn_ctx);
p = BN_CTX_get(bn_ctx);
if (!ret || !a || !b || !p) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, ERR_R_MALLOC_FAILURE);
goto end;
}
/* get curve p, a, b and check it is type1 curve
* p is prime at least 512 bits, a == 0 and b == 1
*/
if (!EC_GROUP_get_curve_GFp(group, a, b, p, bn_ctx)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, ERR_R_EC_LIB);
goto end;
}
if (!BN_is_zero(a) || !BN_is_one(b)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, EC_R_INVALID_TYPE1_CURVE);
goto end;
}
if (BN_num_bits(p) < 512) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, EC_R_INVALID_TYPE1_CURVE);
goto end;
}
/* get curve order n, re-use a for order n */
if (!EC_GROUP_get_order(group, a, bn_ctx)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, ERR_R_EC_LIB);
goto end;
}
/*
* eta = (p^2 - 1)/n,
*/
if (!BN_sqr(ret, p, bn_ctx)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, ERR_R_BN_LIB);
goto end;
}
if (!BN_sub_word(ret, 1)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, ERR_R_BN_LIB);
goto end;
}
if (!BN_div(ret, NULL, ret, a, bn_ctx)) {
ECerr(EC_F_EC_GROUP_GET_TYPE1CURVE_ETA, ERR_R_BN_LIB);
goto end;
}
e = 1;
end:
if (e && ret) {
BN_free(ret);
ret = NULL;
}
BN_CTX_end(bn_ctx);
return ret;
}
/* phi: (x, y) => (zeta * x, y) */
static int type1curve_phi(const EC_GROUP *group, const EC_POINT *point,
BN_GFP2 *x, BN_GFP2 *y, const BIGNUM *p, BN_CTX *bn_ctx)
{
int ret = 0;
BN_GFP2 *zeta = NULL;
BIGNUM *xP;
BIGNUM *yP;
if (!group || !point || !x || !y || !p || !bn_ctx) {
ECerr(EC_F_TYPE1CURVE_PHI,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
BN_CTX_start(bn_ctx);
xP = BN_CTX_get(bn_ctx);
yP = BN_CTX_get(bn_ctx);
if (!xP || !yP) {
ECerr(EC_F_TYPE1CURVE_PHI, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!(zeta = EC_GROUP_get_type1curve_zeta(group, bn_ctx))) {
ECerr(EC_F_TYPE1CURVE_PHI,
EC_R_GET_TYPE1CURVE_ZETA_FAILURE);
goto end;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, point, xP, yP, bn_ctx))
{
ECerr(EC_F_TYPE1CURVE_PHI, ERR_R_EC_LIB);
goto end;
}
/* return x = zeta * point->x */
if (!BN_GFP2_mul_bn(x, zeta, xP, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_PHI, ERR_R_BN_LIB);
goto end;
}
/* return y = point->y */
if (!BN_GFP2_set_bn(y, yP, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_PHI, ERR_R_BN_LIB);
goto end;
}
ret = 1;
end:
BN_CTX_end(bn_ctx);
BN_GFP2_free(zeta);
return ret;
}
/*
* eval the function defined by the line through point T and P,
* with value Q = (xQ, yQ)
*/
static int type1curve_eval_line_textbook(const EC_GROUP *group, BN_GFP2 *r,
const EC_POINT *T, const EC_POINT *P, const BN_GFP2 *xQ, const BN_GFP2
*yQ,
BN_CTX *bn_ctx)
{
int ret = 0;
BN_GFP2 *num = NULL;
BN_GFP2 *den = NULL;
BIGNUM *p;
BIGNUM *xT;
BIGNUM *yT;
BIGNUM *xP;
BIGNUM *yP;
BIGNUM *bn;
BIGNUM *slope;
if (!group || !r || !T || !P || !xQ || !yQ || !bn_ctx) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
BN_CTX_start(bn_ctx);
p = BN_CTX_get(bn_ctx);
xT = BN_CTX_get(bn_ctx);
yT = BN_CTX_get(bn_ctx);
xP = BN_CTX_get(bn_ctx);
yP = BN_CTX_get(bn_ctx);
bn = BN_CTX_get(bn_ctx);
slope = BN_CTX_get(bn_ctx);
num = BN_GFP2_new();
den = BN_GFP2_new();
if (!p || !xT || !yT || !xP || !yP || !bn || !slope || !num || !den) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_MALLOC_FAILURE);
goto end;
}
/* get prime field p */
if (!EC_GROUP_get_curve_GFp(group, p, xT, yT, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_EC_LIB);
goto end;
}
/* get T and P */
if (!EC_POINT_get_affine_coordinates_GFp(group, T, xT, yT, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_EC_LIB);
goto end;
}
if (!EC_POINT_get_affine_coordinates_GFp(group, P, xP, yP, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_EC_LIB);
goto end;
}
#if 0
/* if T == P, slope = (3 * x_T^2 + a)/(2 * y_T) */
if (T == P || (BN_cmp(xT, xP) == 0 && BN_cmp(yT, yP) == 0)) {
if (!BN_mod_sqr(bn, xT, p, bn_ctx)) {
goto end;
}
if (!BN_mod_add(slope, bn, bn, p, bn_ctx)) {
goto end;
}
if (!BN_mod_add(slope, slope, bn, p, bn_ctx)) {
goto end;
}
if (!BN_mod_add(den, yT, yT, p, bn_ctx)) {
goto end;
}
if (!BN_mod_inverse(den, den, p, bn_ctx)) {
goto end;
}
if (!BN_mod_mul(slope, slope, den, p, bn_ctx)) {
goto end;
}
}
/*
* if xT == xP and yT + yP == 0, return xQ - xT
*/
if (BN_cmp(xT, xP) == 0) {
BIGNUM *t;
if (!(t = BN_CTX_get(bn_ctx))) {
goto end;
}
if (!BN_mod_add(t, yT, yP, p, ctx)) {
goto end;
}
if (BN_is_zero(t)) {
if (!BN_GFP2_sub_bn(r, xQ, xT, p, bn_ctx)) {
goto end;
}
}
}
/*
* if T == P, slope = (3 * x_T^2 + a)/(2 * y_T)
* else slope = (y_T - y_P)/(x_T - x_P)
*/
if (!BN_mod_sub(num, yT, yP, p, bn_ctx)) {
goto end;
}
if (!BN_mod_sub(den, xT, xP, p, bn_ctx)) {
goto end;
}
if (!BN_mod_inverse(den, den, p, bn_ctx)) {
goto end;
}
if (!BN_mod_mul(slope, num, den, p, bn_ctx)) {
goto end;
}
#endif
/*
* num = (yQ - ((xQ - xT) * slope)) - yT
* den = xQ + (xT + (xP - slope^2))
* return num/den
*/
if (!BN_GFP2_sub_bn(num, xQ, xT, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
if (!BN_GFP2_mul_bn(num, num, slope, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
if (!BN_GFP2_sub(num, yQ, num, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
if (!BN_GFP2_sub_bn(num, num, yT, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_sqr(bn, slope, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_sub(bn, xP, bn, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
if (!BN_mod_add(bn, xT, bn, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
if (!BN_GFP2_add_bn(den, xQ, bn, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
#if 0
//warning
if (!BN_GFP2_div(ret, num, den, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_LINE_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
#endif
ret = 1;
end:
BN_CTX_end(bn_ctx);
BN_GFP2_free(num);
BN_GFP2_free(den);
return ret;
}
static int type1curve_eval_miller_textbook(const EC_GROUP *group, BN_GFP2 *r,
const EC_POINT *P, const BN_GFP2 *xQ, const BN_GFP2 *yQ,
const BIGNUM *p, BN_CTX *bn_ctx)
{
int ret = 0;
BN_GFP2 *f = NULL;
BN_GFP2 *g = NULL;
EC_POINT *T = NULL;
BIGNUM *n;
int nbits;
int i;
if (!group || !r || !P || !xQ || !yQ || !p || !bn_ctx) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
BN_CTX_start(bn_ctx);
n = BN_CTX_get(bn_ctx);
f = BN_GFP2_new();
g = BN_GFP2_new();
T = EC_POINT_new(group);
if (!n || !f || !g || !T) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_GROUP_get_order(group, n, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_EC_LIB);
goto end;
}
nbits = BN_num_bits(n);
/* miller loop */
for (i = nbits - 2; i >= 0; i--) {
/* f = f^2 */
if (!BN_GFP2_sqr(f, f, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
/* compute g_{T,T}(Q) */
if (!type1curve_eval_line_textbook(group, g, T, T, xQ, yQ,
bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_EC_LIB);
goto end;
}
/* f = f * g */
if (!BN_GFP2_mul(f, f, g, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
/* T = 2T */
if (!EC_POINT_dbl(group, T, T, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_EC_LIB);
goto end;
}
if (BN_is_bit_set(n, i)) {
/* g = g_{T,P}(Q) */
if (!type1curve_eval_line_textbook(group, g, T, P, xQ,
yQ, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_EC_LIB);
goto end;
}
/* f = f * g */
if (!BN_GFP2_mul(f, f, g, p, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_BN_LIB);
goto end;
}
/* T = T + P */
if (!EC_POINT_add(group, T, T, P, bn_ctx)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK,
ERR_R_EC_LIB);
goto end;
}
}
}
/* set return value */
if (!BN_GFP2_copy(r, f)) {
ECerr(EC_F_TYPE1CURVE_EVAL_MILLER_TEXTBOOK, ERR_R_BN_LIB);
goto end;
}
ret = 1;
end:
BN_CTX_end(bn_ctx);
BN_GFP2_free(f);
BN_GFP2_free(g);
EC_POINT_free(T);
return ret;
}
int EC_type1curve_tate(const EC_GROUP *group, BN_GFP2 *r,
const EC_POINT *P, const EC_POINT *Q, BN_CTX *bn_ctx)
{
int ret = 0;
BN_GFP2 *xQ = NULL;
BN_GFP2 *yQ = NULL;
BIGNUM *eta = NULL;
BIGNUM *p;
BIGNUM *a;
BIGNUM *b;
if (!group || !ret || !P || !Q || !bn_ctx) {
ECerr(EC_F_EC_TYPE1CURVE_TATE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
BN_CTX_start(bn_ctx);
xQ = BN_GFP2_new();
yQ = BN_GFP2_new();
p = BN_CTX_get(bn_ctx);
a = BN_CTX_get(bn_ctx);
b = BN_CTX_get(bn_ctx);
if (!xQ || !yQ || !p || !a || !b) {
ECerr(EC_F_EC_TYPE1CURVE_TATE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EC_GROUP_get_curve_GFp(group, p, a, b, bn_ctx)) {
ECerr(EC_F_EC_TYPE1CURVE_TATE, EC_R_INVALID_TYPE1CURVE);
goto end;
}
/* (xQ, yQ) = phi(Q) */
if (!type1curve_phi(group, Q, xQ, yQ, p, bn_ctx)) {
ECerr(EC_F_EC_TYPE1CURVE_TATE, ERR_R_EC_LIB);
goto end;
}
/* compute e(P, phi(Q)) */
if (!type1curve_eval_miller_textbook(group, r, P, xQ, yQ, p, bn_ctx)) {
ECerr(EC_F_EC_TYPE1CURVE_TATE, ERR_R_EC_LIB);
goto end;
}
/* compute e(P, phi(Q))^eta, eta = (p^2 - 1)/q */
if (!(eta = EC_GROUP_get_type1curve_eta(group, bn_ctx))) {
ECerr(EC_F_EC_TYPE1CURVE_TATE, EC_R_INVALID_TYPE1CURVE);
goto end;
}
ret = 1;
end:
BN_GFP2_free(xQ);
BN_GFP2_free(yQ);
BN_CTX_end(bn_ctx);
BN_free(eta);
return ret;
}
int EC_type1curve_tate_ratio(const EC_GROUP *group, BN_GFP2 *r,
const EC_POINT *P1, const EC_POINT *Q1,
const EC_POINT *P2, const EC_POINT *Q2,
BN_CTX *bn_ctx)
{
return 0;
}
#if 0
typedef struct {
int security_bits;
int n_bits;
int p_bits;
int q_bits;
} TYPE1CURVE_SEC;
static TYPE1CURVE_SEC sec_tbl[] = {
/* k |n| |p| |q| */
{ 80, 1024, 512, 160},
{112, 2048, 1024, 224},
{128, 3072, 1536, 256},
{192, 7680, 3840, 384},
{256, 15360, 7680, 512}
};
#endif
const EVP_MD *TYPE1CURVE_nbits_to_md(int nbits)
{
switch (nbits) {
case 1024: return EVP_sha1();
case 2048: return EVP_sha224();
case 3072: return EVP_sha256();
case 7680: return EVP_sha384();
case 15360: return EVP_sha512();
}
return NULL;
}

114
crypto/ec2/fppoint.c
View File

@@ -1,114 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* this file is to implement elliptic curve operations over extension
* fields
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/fppoint.h>
ASN1_SEQUENCE(FpPoint) = {
ASN1_SIMPLE(FpPoint, x, BIGNUM),
ASN1_SIMPLE(FpPoint, y, BIGNUM)
} ASN1_SEQUENCE_END(FpPoint)
IMPLEMENT_ASN1_FUNCTIONS(FpPoint)
IMPLEMENT_ASN1_DUP_FUNCTION(FpPoint)
int EC_POINT_cmp_fppoint(const EC_GROUP *group, const EC_POINT *a, const FpPoint *b,
BN_CTX *bn_ctx)
{
int ret = -1;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
if (!group || !a || !b || !bn_ctx) {
ECerr(EC_F_EC_POINT_CMP_FPPOINT, ERR_R_PASSED_NULL_PARAMETER);
return -1;
}
BN_CTX_start(bn_ctx);
x = BN_CTX_get(bn_ctx);
y = BN_CTX_get(bn_ctx);
if (!x || !y) {
ECerr(EC_F_EC_POINT_CMP_FPPOINT, ERR_R_BN_LIB);
goto end;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(group, a, x, y, bn_ctx)) {
ECerr(EC_F_EC_POINT_CMP_FPPOINT, ERR_R_EC_LIB);
goto end;
}
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x, y, bn_ctx)) {
ECerr(EC_F_EC_POINT_CMP_FPPOINT, ERR_R_EC_LIB);
goto end;
}
}
if (BN_cmp(x, b->x) == 0 && BN_cmp(y, b->y) == 0) {
ret = 0;
} else {
ret = 1;
}
end:
BN_CTX_end(bn_ctx);
return ret;
}

24
crypto/ec2/pairing_lcl.h
View File

@@ -1,24 +0,0 @@
typedef struct pairing_parameters_st {
long version;
ASN1_OBJECT *cid;
ASN1_INTEGER *p;
ASN1_INTEGER *a;
ASN1_INTEGER *b;
ASN1_OBJECT *beta;
ASN1_INTEGER *cofactor;
ASN1_INTEGER *order;
ASN1_INTEGER *embedded_degree;
ASN1_OCTET_STRING *G1;
ASN1_OCTET_STRING *G2;
ASN1_TYPE *eid;
ASN1_INTEGER *d1;
ASN1_INTEGER *d2;
ANS1_OBJECT *phi;
}

2
crypto/ecrs/build.info
View File

@@ -1,2 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=ecrs_err.c ecrs_asn1.c ecrs_lib.c

65
crypto/ecrs/ecrs_asn1.c
View File

@@ -1,65 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2019 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/ecrs.h>
#include "./ecrs_lcl.h"
ASN1_SEQUENCE(ECRS_SIG) = {
ASN1_SIMPLE(ECRS_SIG, s, BIGNUM),
ASN1_SEQUENCE_OF(ECRS_SIG, c, BIGNUM),
} ASN1_SEQUENCE_END(ECRS_SIG)
IMPLEMENT_ASN1_FUNCTIONS(ECRS_SIG)
IMPLEMENT_ASN1_DUP_FUNCTION(ECRS_SIG)
int ECRS_size(const EC_KEY *ec_key, int n)
{
return 128 * n;
}

52
crypto/ecrs/ecrs_err.c
View File

@@ -1,52 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ecrs.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECRS,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECRS,0,reason)
static ERR_STRING_DATA ECRS_str_functs[] = {
{ERR_FUNC(ECRS_F_ECRS_DO_SIGN), "ECRS_do_sign"},
{ERR_FUNC(ECRS_F_ECRS_DO_VERIFY), "ECRS_do_verify"},
{ERR_FUNC(ECRS_F_ECRS_SIGN), "ECRS_sign"},
{ERR_FUNC(ECRS_F_ECRS_VERIFY), "ECRS_verify"},
{0, NULL}
};
static ERR_STRING_DATA ECRS_str_reasons[] = {
{ERR_REASON(ECRS_R_EC_KEY_NOT_MATCH), "ec key not match"},
{ERR_REASON(ECRS_R_INVALID_DIGEST_ALGOR), "invalid digest algor"},
{ERR_REASON(ECRS_R_NO_SIGNING_KEY), "no signing key"},
{ERR_REASON(ECRS_R_PARSE_SIGNATURE_FAILURE), "parse signature failure"},
{ERR_REASON(ECRS_R_PUBLIC_KEYS_NOT_MATCH), "public keys not match"},
{ERR_REASON(ECRS_R_PUBLIC_KEYS_NOT_MATCH_SIG),
"public keys not match sig"},
{0, NULL}
};
#endif
int ERR_load_ECRS_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(ECRS_str_functs[0].error) == NULL) {
ERR_load_strings(0, ECRS_str_functs);
ERR_load_strings(0, ECRS_str_reasons);
}
#endif
return 1;
}

56
crypto/ecrs/ecrs_lcl.h
View File

@@ -1,56 +0,0 @@
/*
* Copyright (c) 2015 - 2019 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <openssl/bn.h>
#include <openssl/stack.h>
struct ECRS_SIG_st {
BIGNUM *s;
STACK_OF(BIGNUM) *c;
};

411
crypto/ecrs/ecrs_lib.c
View File

@@ -1,411 +0,0 @@
/*
* Copyright (c) 2015 - 2019 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <openssl/err.h>
#include <openssl/ecrs.h>
#include "./ecrs_lcl.h"
ECRS_SIG *ECRS_do_sign(const EVP_MD *md, const unsigned char *dgst,
int dgstlen, STACK_OF(EC_KEY) *pub_keys, EC_KEY *ec_key)
{
ECRS_SIG *ret = NULL;
ECRS_SIG *sig = NULL;
const EC_GROUP *group;
const BIGNUM *order;
BIGNUM *ck = NULL; /* ref of STACK_OF(BIGNUM) elements, dont free */
BIGNUM *a = NULL;
BIGNUM *c = NULL;
BIGNUM *z = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *R = NULL;
EC_POINT *T = NULL;
EVP_MD_CTX *mctx = NULL;
int form = POINT_CONVERSION_UNCOMPRESSED;
unsigned char buf[512];
unsigned char *p = buf;
unsigned int ulen;
size_t siz;
int len, i;
group = EC_KEY_get0_group(ec_key);
order = EC_GROUP_get0_order(group);
if (!(sig = ECRS_SIG_new())
|| !(sig->s = BN_new())
|| !(sig->c = sk_BIGNUM_new(NULL))
|| !(a = BN_new())
|| !(c = BN_new())
|| !(z = BN_new())
|| !(bn_ctx = BN_CTX_new())
|| !(R = EC_POINT_new(group))
|| !(T = EC_POINT_new(group))
|| !(mctx = EVP_MD_CTX_new())) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto end;
}
/* hash update ECParameters */
if (!(len = i2d_ECPKParameters(group, &p))) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestInit_ex(mctx, md, NULL)
|| !EVP_DigestUpdate(mctx, buf, len)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_EVP_LIB);
goto end;
}
/* a = rand(1, order) */
do {
if (!BN_rand_range(a, order)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(a));
/* R = [a]G */
if (!EC_POINT_mul(group, R, a, NULL, NULL, bn_ctx)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_EC_LIB);
goto end;
}
for (i = 0; i < sk_EC_KEY_num(pub_keys); i++) {
const EC_KEY *pub_key = sk_EC_KEY_value(pub_keys, i);
const EC_POINT *Pi = EC_KEY_get0_public_key(pub_key);
BIGNUM *ci;
/* check P_i */
if (EC_GROUP_cmp(EC_KEY_get0_group(pub_key), group, bn_ctx) != 0) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ECRS_R_EC_KEY_NOT_MATCH);
goto end;
}
/* hash update P_i = (x_i, y_i) */
if (!(siz = EC_POINT_point2oct(group, Pi, form, buf,
sizeof(buf), bn_ctx))) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestUpdate(mctx, buf + 1, siz - 1)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_EVP_LIB);
goto end;
}
/* create c_i */
if (!(ci = BN_new())) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto end;
}
sk_BIGNUM_push(sig->c, ci);
/* find signer's public key */
if (EC_POINT_cmp(group, Pi, EC_KEY_get0_public_key(ec_key),
bn_ctx) == 0) {
if (ck) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_ECRS_LIB);
goto end;
}
ck = ci;
continue;
}
/* c_i = rand(1, order) */
do {
if (!BN_rand_range(ci, order)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(ci));
/* R = R + [c_i]P_i */
if (!EC_POINT_mul(group, T, NULL, Pi, ci, bn_ctx)
|| !EC_POINT_add(group, R, R, T, bn_ctx)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_EC_LIB);
goto end;
}
/* z = z + c_i */
if (!BN_mod_add(z, z, ci, order, bn_ctx)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
}
/* no signing private key found */
if (!ck) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ECRS_R_NO_SIGNING_KEY);
goto end;
}
/* hash update dgst and R */
if (!(siz = EC_POINT_point2oct(group, R, form, buf, sizeof(buf),
bn_ctx))) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestUpdate(mctx, dgst, dgstlen)
|| !EVP_DigestUpdate(mctx, buf + 1, siz - 1)
|| !EVP_DigestFinal_ex(mctx, buf, &ulen)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_EVP_LIB);
goto end;
}
/* c = hash({Pi}, Hash(m), R) mod #G */
if (!BN_bin2bn(buf, ulen, c)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
/* c_k = c - (c_0 + ... + c_{k-1} + c_{k+1} + ... + c_{n-1}) mod #G */
if (!BN_mod_sub(ck, c, z, order, bn_ctx)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
/* sig->s = a - c_k * x_k mod #G */
if (!BN_mod_mul(sig->s, ck, EC_KEY_get0_private_key(ec_key), order, bn_ctx)
|| !BN_mod_sub(sig->s, a, sig->s, order, bn_ctx)) {
ECRSerr(ECRS_F_ECRS_DO_SIGN, ERR_R_BN_LIB);
goto end;
}
ret = sig;
sig = NULL;
end:
ECRS_SIG_free(sig);
BN_free(a);
BN_free(c);
BN_CTX_free(bn_ctx);
EC_POINT_free(R);
EC_POINT_free(T);
EVP_MD_CTX_free(mctx);
return ret;
}
/*
* Verify(m, sig=(s, c_0, ..., c_{n-1}, {P_i}):
* R = [s]G + [c_0]P_0 + ... + [c_{n-1}]P_{n-1}
* c = c_0 + ... + c_{n-1}
* h = Hash({P_i}, Hash(m), R)
* return c =?= h
*/
int ECRS_do_verify(const EVP_MD *md, const unsigned char *dgst, int dgstlen,
const ECRS_SIG *sig, STACK_OF(EC_KEY) *pub_keys)
{
int ret = -1;
const EC_GROUP *group = NULL;
const BIGNUM *order = NULL;
BIGNUM *c = NULL;
BIGNUM *h = NULL;
BN_CTX *bn_ctx = NULL;
EC_POINT *R = NULL;
EC_POINT *T = NULL;
EVP_MD_CTX *mctx = NULL;
int form = POINT_CONVERSION_UNCOMPRESSED;
unsigned char buf[512];
unsigned char *p = buf;
unsigned int ulen;
size_t siz;
int len, i;
if (sk_BIGNUM_num(sig->c) != sk_EC_KEY_num(pub_keys)) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ECRS_R_PUBLIC_KEYS_NOT_MATCH_SIG);
return -1;
}
group = EC_KEY_get0_group(sk_EC_KEY_value(pub_keys, 0));
order = EC_GROUP_get0_order(group);
if (!(c = BN_new())
|| !(h = BN_new())
|| !(bn_ctx = BN_CTX_new())
|| !(R = EC_POINT_new(group))
|| !(T = EC_POINT_new(group))
|| !(mctx = EVP_MD_CTX_new())) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_MALLOC_FAILURE);
goto end;
}
/* hash update ECParameters */
/* hash update ECParameters */
if (!(len = i2d_ECPKParameters(group, &p))) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestInit_ex(mctx, md, NULL)
|| !EVP_DigestUpdate(mctx, buf, len)) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_EVP_LIB);
goto end;
}
/* R = [s]G */
if (!EC_POINT_mul(group, R, sig->s, NULL, NULL, bn_ctx)) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
for (i = 0; i < sk_BIGNUM_num(sig->c); i++) {
EC_KEY *ec_key = sk_EC_KEY_value(pub_keys, i);
const EC_POINT *Pi = EC_KEY_get0_public_key(ec_key);
BIGNUM *ci = sk_BIGNUM_value(sig->c, i);
/* check Pi */
if (EC_GROUP_cmp(EC_KEY_get0_group(ec_key), group, bn_ctx) != 0) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ECRS_R_PUBLIC_KEYS_NOT_MATCH);
goto end;
}
/* hash update P_i = (x_i, y_i) */
if (!(siz = EC_POINT_point2oct(group, Pi, form, buf,
sizeof(buf), bn_ctx))) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestUpdate(mctx, buf + 1, siz - 1)) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_EVP_LIB);
goto end;
}
/* R = R + [c_i]P_i */
if (!EC_POINT_mul(group, T, NULL, Pi, ci, bn_ctx)
|| !EC_POINT_add(group, R, R, T, bn_ctx)) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
/* c = c + c_i mod #G */
if (!BN_mod_add(c, c, ci, order, bn_ctx)) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_BN_LIB);
goto end;
}
}
/* hash update dgst and R */
if (!(siz = EC_POINT_point2oct(group, R, form, buf, sizeof(buf),
bn_ctx))) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestUpdate(mctx, dgst, dgstlen)
|| !EVP_DigestUpdate(mctx, buf + 1, siz - 1)
|| !EVP_DigestFinal_ex(mctx, buf, &ulen)) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_EVP_LIB);
goto end;
}
/* h = hash({Pi}, Hash(m), R) mod #G */
if (!BN_bin2bn(buf, ulen, h)) {
ECRSerr(ECRS_F_ECRS_DO_VERIFY, ERR_R_BN_LIB);
goto end;
}
//FIXME: h mod #G */
if (BN_cmp(h, c) == 0)
ret = 1;
else
ret = 0;
end:
BN_free(c);
BN_free(h);
BN_CTX_free(bn_ctx);
EC_POINT_free(R);
EC_POINT_free(T);
EVP_MD_CTX_free(mctx);
return ret;
}
int ECRS_sign(int type, const unsigned char *dgst, int dgstlen,
unsigned char *sig, unsigned int *siglen, STACK_OF(EC_KEY) *pub_keys,
EC_KEY *ec_key)
{
const EVP_MD *md;
ECRS_SIG *s = NULL;
if (!(md = EVP_get_digestbynid(type))) {
ECRSerr(ECRS_F_ECRS_SIGN, ECRS_R_INVALID_DIGEST_ALGOR);
return 0;
}
if (!(s = ECRS_do_sign(md, dgst, dgstlen, pub_keys, ec_key))) {
ECRSerr(ECRS_F_ECRS_SIGN, ERR_R_ECRS_LIB);
return 0;
}
*siglen = i2d_ECRS_SIG(s, &sig);
ECRS_SIG_free(s);
return 1;
}
int ECRS_verify(int type, const unsigned char *dgst, int dgstlen,
const unsigned char *sig, int siglen, STACK_OF(EC_KEY) *pub_keys)
{
const EVP_MD *md;
ECRS_SIG *s = NULL;
const unsigned char *p = sig;
int ret = -1;
if (!(s = d2i_ECRS_SIG(NULL, &p, siglen))) {
ECRSerr(ECRS_F_ECRS_VERIFY, ECRS_R_PARSE_SIGNATURE_FAILURE);
return -1;
}
if (p != sig + siglen) {
ECRSerr(ECRS_F_ECRS_VERIFY, ECRS_R_PARSE_SIGNATURE_FAILURE);
goto end;
}
ret = ECRS_do_verify(md, dgst, dgstlen, s, pub_keys);
end:
ECRS_SIG_free(s);
return ret;
}

16
crypto/err/err.c
View File

@@ -60,21 +60,13 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
{ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
{ERR_PACK(ERR_LIB_KDF2, 0, 0), "KDF2 routines"},
{ERR_PACK(ERR_LIB_FFX, 0, 0), "FFX routines"},
{ERR_PACK(ERR_LIB_PAILLIER, 0, 0), "PAILLIER routines"},
{ERR_PACK(ERR_LIB_CPK, 0, 0), "CPK routines"},
{ERR_PACK(ERR_LIB_OTP, 0, 0), "OTP routines"},
{ERR_PACK(ERR_LIB_GMAPI, 0, 0), "GMAPI routines"},
{ERR_PACK(ERR_LIB_BFIBE, 0, 0), "BFIBE routines"},
{ERR_PACK(ERR_LIB_BB1IBE, 0, 0), "BB1IBE routines"},
{ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
{ERR_PACK(ERR_LIB_SM9, 0, 0), "SM9 routines"},
{ERR_PACK(ERR_LIB_SAF, 0, 0), "SAF routines"},
{ERR_PACK(ERR_LIB_SDF, 0, 0), "SDF routines"},
{ERR_PACK(ERR_LIB_SKF, 0, 0), "SKF routines"},
{ERR_PACK(ERR_LIB_SOF, 0, 0), "SOF routines"},
{ERR_PACK(ERR_LIB_BASE58, 0, 0), "BASE58 routines"},
{ERR_PACK(ERR_LIB_ECRS, 0, 0), "ECRS routines"},
{0, NULL},
};
@@ -120,21 +112,13 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
{ERR_R_ENGINE_LIB, "ENGINE lib"},
{ERR_R_ECDSA_LIB, "ECDSA lib"},
{ERR_R_KDF2_LIB, "KDF2 lib"},
{ERR_R_FFX_LIB, "FFX lib"},
{ERR_R_PAILLIER_LIB, "PAILLIER lib"},
{ERR_R_CPK_LIB, "CPK lib"},
{ERR_R_OTP_LIB, "OTP lib"},
{ERR_R_GMAPI_LIB, "GMAPI lib"},
{ERR_R_BFIBE_LIB, "BFIBE lib"},
{ERR_R_BB1IBE_LIB, "BB1IBE lib"},
{ERR_R_SM2_LIB, "SM2 lib"},
{ERR_R_SM9_LIB, "SM9 lib"},
{ERR_R_SAF_LIB, "SAF lib"},
{ERR_R_SDF_LIB, "SDF lib"},
{ERR_R_SKF_LIB, "SKF lib"},
{ERR_R_SOF_LIB, "SOF lib"},
{ERR_R_BASE58_LIB, "BASE58 lib"},
{ERR_R_ECRS_LIB, "ECRS lib"},
{ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
{ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},

48
crypto/err/err_all.c
View File

@@ -66,51 +66,27 @@
#endif
#include <openssl/kdf.h>
#include <openssl/kdf2.h>
#ifndef OPENSSL_NO_FFX
# include <openssl/ffx.h>
#endif
#ifndef OPENSSL_NO_PAILLIER
# include <openssl/paillier.h>
#endif
#ifndef OPENSSL_NO_CPK
# include <openssl/cpk.h>
#endif
#ifndef OPENSSL_NO_OTP
# include <openssl/otp.h>
#endif
#ifndef OPENSSL_NO_GMAPI
# include <openssl/gmapi.h>
#endif
#ifndef OPENSSL_NO_BFIBE
# include <openssl/bfibe.h>
#endif
#ifndef OPENSSL_NO_BB1IBE
# include <openssl/bb1ibe.h>
#endif
#ifndef OPENSSL_NO_SM2
# include <openssl/sm2.h>
#endif
#ifndef OPENSSL_NO_SM9
# include <openssl/sm9.h>
#endif
#ifndef OPENSSL_NO_SAF
# include <openssl/gmsaf.h>
#endif
#ifndef OPENSSL_NO_SDF
# include <openssl/gmsdf.h>
#endif
#ifndef OPENSSL_NO_SKF
# include <openssl/gmskf.h>
#endif
#ifndef OPENSSL_NO_SOF
# include <openssl/gmsof.h>
#endif
#ifndef OPENSSL_NO_BASE58
# include <openssl/base58.h>
#endif
#ifndef OPENSSL_NO_ECRS
# include <openssl/ecrs.h>
#endif
int err_load_crypto_strings_int(void)
@@ -179,51 +155,27 @@ int err_load_crypto_strings_int(void)
# ifndef OPENSSL_NO_KDF2
ERR_load_KDF2_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_FFX
ERR_load_FFX_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_PAILLIER
ERR_load_PAILLIER_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_CPK
ERR_load_CPK_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_OTP
ERR_load_OTP_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_GMAPI
ERR_load_GMAPI_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_BFIBE
ERR_load_BFIBE_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_BB1IBE
ERR_load_BB1IBE_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SM2
ERR_load_SM2_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SM9
ERR_load_SM9_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SAF
ERR_load_SAF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SDF
ERR_load_SDF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SKF
ERR_load_SKF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SOF
ERR_load_SOF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_BASE58
ERR_load_BASE58_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_ECRS
ERR_load_ECRS_strings() == 0 ||
# endif
#endif
ERR_load_KDF_strings() == 0)
return 0;

8
crypto/err/openssl.ec
View File

@@ -36,21 +36,13 @@ L CT include/openssl/ct.h crypto/ct/ct_err.c
L ASYNC include/openssl/async.h crypto/async/async_err.c
L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
L KDF2 include/openssl/kdf2.h crypto/kdf2/kdf2_err.c
L FFX include/openssl/ffx.h crypto/ffx/ffx_err.c
L PAILLIER include/openssl/paillier.h crypto/paillier/pai_err.c
L CPK include/openssl/cpk.h crypto/cpk/cpk_err.c
L OTP include/openssl/otp.h crypto/otp/otp_err.c
L GMAPI include/openssl/gmapi.h crypto/gmapi/gmapi_err.c
L BFIBE include/openssl/bfibe.h crypto/bfibe/bfibe_err.c
L BB1IBE include/openssl/bb1ibe.h crypto/bb1ibe/bb1ibe_err.c
L SM2 include/openssl/sm2.h crypto/sm2/sm2_err.c
L SM9 include/openssl/sm9.h crypto/sm9/sm9_err.c
L SAF include/openssl/gmsaf.h crypto/saf/saf_err.c
L SDF include/openssl/gmsdf.h crypto/sdf/sdf_err.c
L SKF include/openssl/gmskf.h crypto/skf/skf_err.c
L SOF include/openssl/gmsof.h crypto/sof/sof_err.c
L BASE58 include/openssl/base58.h crypto/base58/base58_err.c
L ECRS include/openssl/ecrs.h crypto/ecrs/ecrs_err.c
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE

2
crypto/ffx/build.info
View File

@@ -1,2 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=ffx.c ffx_err.c

351
crypto/ffx/ffx.c
View File

@@ -1,351 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/ffx.h>
#include <openssl/e_os2.h>
#include "../modes/modes_lcl.h"
static uint32_t modulo[] = {
1,
10,
100,
1000,
10000,
100000,
1000000,
10000000,
100000000,
1000000000,
1000000000,
};
struct FFX_CTX_st {
EVP_CIPHER_CTX *cctx;
int flag;
};
FFX_CTX *FFX_CTX_new(void)
{
FFX_CTX *ret = NULL;
ret = OPENSSL_zalloc(sizeof(*ret));
return ret;
}
void FFX_CTX_free(FFX_CTX *ctx)
{
if (ctx) {
EVP_CIPHER_CTX_free(ctx->cctx);
}
OPENSSL_free(ctx);
}
int FFX_init(FFX_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key,
int flag)
{
int ret = 0;
EVP_CIPHER_CTX *cctx = NULL;
if (!ctx || !cipher || !key) {
FFXerr(FFX_F_FFX_INIT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE) {
FFXerr(FFX_F_FFX_INIT, FFX_R_INVALID_CIPHER_MODE);
return 0;
}
if (EVP_CIPHER_block_size(cipher) != 16) {
FFXerr(FFX_F_FFX_INIT, FFX_R_INVALID_BLOCK_SIZE);
return 0;
}
if (!ctx->cctx) {
if (!(cctx = EVP_CIPHER_CTX_new())) {
FFXerr(FFX_F_FFX_INIT, ERR_R_MALLOC_FAILURE);
goto end;
}
ctx->cctx = cctx;
cctx = NULL;
}
ctx->flag = flag;
if (!EVP_EncryptInit_ex(ctx->cctx, cipher, NULL, key, NULL)) {
FFXerr(FFX_F_FFX_INIT, FFX_R_ENCRYPT_INIT_FAILURE);
goto end;
}
ret = 1;
end:
EVP_CIPHER_CTX_free(cctx);
return ret;
}
int FFX_encrypt(FFX_CTX *ctx, const char *in, char *out, size_t iolen,
unsigned char *tweak, size_t tweaklen)
{
int llen, rlen;
uint32_t lval, rval;
unsigned char pblock[16] = {
0x01, 0x02, 0x01, 0x0a, 0x00, 0x00, 0x0a, 0xff,
0xff, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00};
unsigned char qblock[16];
char lbuf[FFX_MAX_DIGITS/2 + 2];
uint64_t yval;
size_t i;
if (!ctx || !in || !out || !tweak) {
FFXerr(FFX_F_FFX_ENCRYPT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (iolen < FFX_MIN_DIGITS || iolen > FFX_MAX_DIGITS) {
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_INPUT_LENGTH);
return 0;
}
for (i = 0; i < iolen; i++) {
if (!isdigit(in[i])) {
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_INPUT_DIGIT);
return 0;
}
}
llen = iolen / 2;
rlen = iolen - llen;
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
FFXerr(FFX_F_FFX_ENCRYPT, FFX_R_INVALID_TWEAK_LENGTH);
return 0;
}
memcpy(lbuf, in, llen);
lbuf[llen] = 0;
lval = atoi(lbuf);
rval = atoi(in + llen);
pblock[7] = llen & 0xff;
pblock[8] = iolen & 0xff;
pblock[12] = tweaklen & 0xff;
if (!EVP_Cipher(ctx->cctx, pblock, pblock,
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
FFXerr(FFX_F_FFX_ENCRYPT, ERR_R_EVP_LIB);
return 0;
}
memset(qblock, 0, sizeof(qblock));
memcpy(qblock, tweak, tweaklen);
for (i = 0; i < FFX_NUM_ROUNDS; i += 2) {
unsigned char rblock[16];
size_t j;
qblock[11] = i & 0xff;
memcpy(qblock + 12, &rval, sizeof(rval));
for (j = 0; j < sizeof(rblock); j++) {
rblock[j] = pblock[j] ^ qblock[j];
}
if (!EVP_Cipher(ctx->cctx, rblock, rblock,
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
FFXerr(FFX_F_FFX_ENCRYPT, ERR_R_EVP_LIB);
return 0;
}
yval = *((uint64_t *)rblock) % modulo[llen];
lval = (lval + yval) % modulo[llen];
qblock[11] = (i + 1) & 0xff;
memcpy(qblock + 12, &lval, sizeof(lval));
for (j = 0; j < sizeof(rblock); j++) {
rblock[j] = pblock[j] ^ qblock[j];
}
if (!EVP_Cipher(ctx->cctx, rblock, rblock,
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
FFXerr(FFX_F_FFX_ENCRYPT, ERR_R_EVP_LIB);
return 0;
}
yval = *((uint64_t *)rblock) % modulo[rlen];
rval = (rval + yval) % modulo[rlen];
}
memset(out, '0', iolen);
sprintf(lbuf, "%d", rval);
memcpy(out + rlen - strlen(lbuf), lbuf, strlen(lbuf));
sprintf(lbuf, "%d", lval);
strcpy(out + iolen - strlen(lbuf), lbuf);
return 1;
}
int FFX_decrypt(FFX_CTX *ctx, const char *in, char *out, size_t iolen,
unsigned char *tweak, size_t tweaklen)
{
int llen, rlen;
uint32_t lval, rval;
unsigned char pblock[16] = {
0x01, 0x02, 0x01, 0x0a, 0x00, 0x00, 0x0a, 0xff,
0xff, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00};
unsigned char qblock[16];
char lbuf[FFX_MAX_DIGITS/2 + 2];
uint64_t yval;
size_t i;
if (!ctx || !in || !out || !tweak) {
FFXerr(FFX_F_FFX_DECRYPT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (iolen < FFX_MIN_DIGITS || iolen > FFX_MAX_DIGITS) {
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_INPUT_LENGTH);
return 0;
}
for (i = 0; i < iolen; i++) {
if (!isdigit(in[i])) {
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_INPUT_DIGIT);
return 0;
}
}
rlen = iolen / 2;
llen = iolen - rlen;
if (tweaklen < FFX_MIN_TWEAKLEN || tweaklen > FFX_MAX_TWEAKLEN) {
FFXerr(FFX_F_FFX_DECRYPT, FFX_R_INVALID_TWEAK_LENGTH);
return 0;
}
memcpy(lbuf, in, llen);
lbuf[llen] = 0;
lval = atoi(lbuf);
rval = atoi(in + llen);
pblock[7] = rlen & 0xff;
pblock[8] = iolen & 0xff;
pblock[12] = tweaklen & 0xff;
if (!EVP_Cipher(ctx->cctx, pblock, pblock,
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
FFXerr(FFX_F_FFX_DECRYPT, ERR_R_EVP_LIB);
return 0;
}
memset(qblock, 0, sizeof(qblock));
memcpy(qblock, tweak, tweaklen);
for (i = FFX_NUM_ROUNDS - 1; i > 0; i -= 2) {
unsigned char rblock[16];
size_t j;
qblock[11] = i & 0xff;
memcpy(qblock + 12, &rval, sizeof(rval));
for (j = 0; j < sizeof(rblock); j++) {
rblock[j] = pblock[j] ^ qblock[j];
}
if (!EVP_Cipher(ctx->cctx, rblock, rblock,
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
FFXerr(FFX_F_FFX_DECRYPT, ERR_R_EVP_LIB);
return 0;
}
yval = *((uint64_t *)rblock) % modulo[llen];
lval = (lval >= yval) ? (lval - yval) : lval + modulo[llen] - yval;
qblock[11] = (i - 1) & 0xff;
memcpy(qblock + 12, &lval, sizeof(lval));
for (j = 0; j < sizeof(rblock); j++) {
rblock[j] = pblock[j] ^ qblock[j];
}
if (!EVP_Cipher(ctx->cctx, rblock, rblock,
EVP_CIPHER_CTX_block_size(ctx->cctx))) {
FFXerr(FFX_F_FFX_DECRYPT, ERR_R_EVP_LIB);
return 0;
}
yval = *((uint64_t *)rblock) % modulo[rlen];
rval = (rval >= yval) ? (rval - yval) : rval + modulo[rlen] - yval;
}
memset(out, '0', iolen);
sprintf(lbuf, "%d", rval);
memcpy(out + rlen - strlen(lbuf), lbuf, strlen(lbuf));
sprintf(lbuf, "%d", lval);
strcpy(out + iolen - strlen(lbuf), lbuf);
return 1;
}
static int luhn_table[10] = {0, 2, 4, 6, 8, 1, 3, 5, 7, 9};
int FFX_compute_luhn(const char *in, size_t inlen)
{
int r = 0;
int i;
for (i = inlen - 1; i >= 0; i--) {
int a;
if (!isdigit(in[i])) {
return -2;
}
a = in[i] - '0';
if (i % 2 != inlen % 2)
a = luhn_table[a];
r += a;
}
r = ((r * 9) % 10) + '0';
return r;
}

50
crypto/ffx/ffx_err.c
View File

@@ -1,50 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ffx.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FFX,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FFX,0,reason)
static ERR_STRING_DATA FFX_str_functs[] = {
{ERR_FUNC(FFX_F_FFX_DECRYPT), "FFX_decrypt"},
{ERR_FUNC(FFX_F_FFX_ENCRYPT), "FFX_encrypt"},
{ERR_FUNC(FFX_F_FFX_INIT), "FFX_init"},
{0, NULL}
};
static ERR_STRING_DATA FFX_str_reasons[] = {
{ERR_REASON(FFX_R_ENCRYPT_INIT_FAILURE), "encrypt init failure"},
{ERR_REASON(FFX_R_INVALID_BLOCK_SIZE), "invalid block size"},
{ERR_REASON(FFX_R_INVALID_CIPHER_MODE), "invalid cipher mode"},
{ERR_REASON(FFX_R_INVALID_INPUT_DIGIT), "invalid input digit"},
{ERR_REASON(FFX_R_INVALID_INPUT_LENGTH), "invalid input length"},
{ERR_REASON(FFX_R_INVALID_TWEAK_LENGTH), "invalid tweak length"},
{0, NULL}
};
#endif
int ERR_load_FFX_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(FFX_str_functs[0].error) == NULL) {
ERR_load_strings(0, FFX_str_functs);
ERR_load_strings(0, FFX_str_reasons);
}
#endif
return 1;
}

3
crypto/include/internal/evp_int.h
View File

@@ -383,9 +383,6 @@ struct evp_pkey_st {
# ifndef OPENSSL_NO_SM9 /* SM9 */
struct SM9_MASTER_KEY_st *sm9_master;
struct SM9_KEY_st *sm9;
# endif
# ifndef OPENSSL_NO_CPK /* CPK */
struct CPK_MASTER_SECERT *cpk;
# endif
} pkey;
int save_parameters;

18
crypto/saf/build.info
View File

@@ -1,18 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]= \
saf_app.c \
saf_base64.c \
saf_cert.c \
saf_ec.c \
saf_enc.c \
saf_err.c \
saf_errstr.c \
saf_hash.c \
saf_keyhandle.c \
saf_lib.c \
saf_mac.c \
saf_pkcs7.c \
saf_rand.c \
saf_rsa.c \
saf_sm2.c \
saf_symmkeyobj.c

158
crypto/saf/saf_app.c
View File

@@ -1,158 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/crypto.h>
#include "saf_lcl.h"
/* 7.1.2 */
int SAF_Initialize(
void **phAppHandle,
char *pubCfgFilePath)
{
int ret = SAR_UnknownErr;
SAF_APP *app = NULL;
char *engine_id = pubCfgFilePath;
if (!phAppHandle || !pubCfgFilePath) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(app = OPENSSL_zalloc(sizeof(*app)))) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_MALLOC_FAILURE);
return SAR_MemoryErr;
}
if (!(app->engine = ENGINE_by_id(engine_id))
|| !ENGINE_init(app->engine)) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_ENGINE_LIB);
goto end;
}
*phAppHandle = app;
app = NULL;
ret = SAR_Ok;
end:
SAF_Finalize(app);
return ret;
}
/* 7.1.3 */
int SAF_Finalize(
void *hAppHandle)
{
SAF_APP *app = (SAF_APP *)hAppHandle;
if (app->engine) {
ENGINE_finish(app->engine);
ENGINE_free(app->engine);
}
OPENSSL_free(app);
return SAR_Ok;
}
/* 7.1.4 */
int SAF_GetVersion(
unsigned int *puiVersion)
{
if (!puiVersion) {
SAFerr(SAF_F_SAF_GETVERSION, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
*puiVersion = (unsigned int)OpenSSL_version_num();
return SAR_Ok;
}
/* 7.1.5 */
int SAF_Login(
void *hAppHandle,
unsigned int uiUsrType,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned char *pucPin,
unsigned int uiPinLen,
unsigned int *puiRemainCount)
{
SAFerr(SAF_F_SAF_LOGIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.6 */
int SAF_ChangePin(
void *hAppHandle,
unsigned int uiUsrType,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned char *pucOldPin,
unsigned int uiOldPinLen,
unsigned char *pucNewPin,
unsigned int uiNewPinLen,
unsigned int *puiRemainCount)
{
SAFerr(SAF_F_SAF_CHANGEPIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.7 */
int SAF_Logout(
void *hAppHandle,
unsigned int uiUsrType)
{
SAFerr(SAF_F_SAF_LOGOUT, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}

364
crypto/saf/saf_base64.c
View File

@@ -1,364 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.4 */
int SAF_Base64_CreateBase64Obj(
void **phBase64Obj)
{
int ret = SAR_UnknownErr;
SAF_BASE64OBJ *obj = NULL;
if (!(obj = OPENSSL_malloc(sizeof(*obj)))) {
SAFerr(SAF_F_SAF_BASE64_CREATEBASE64OBJ, ERR_R_MALLOC_FAILURE);
return SAR_MemoryErr;
}
if (!(obj->ctx = EVP_ENCODE_CTX_new())) {
SAFerr(SAF_F_SAF_BASE64_CREATEBASE64OBJ, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
obj->inited = 0;
*phBase64Obj = obj;
ret = SAR_OK;
end:
if (ret != SAR_OK) {
EVP_ENCODE_CTX_free(obj->ctx);
OPENSSL_free(obj);
}
return ret;
}
/* 7.3.5 */
/* always return success for software implementation */
int SAF_Base64_DestroyBase64Obj(
void *hBase64Obj)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
if (obj) {
EVP_ENCODE_CTX_free(obj->ctx);
}
OPENSSL_free(obj);
return SAR_OK;
}
/* 7.3.6 */
int SAF_Base64_EncodeUpdate(
void *hBase64Obj,
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int inlen, outlen;
if (!hBase64Obj || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (puiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* check handle */
if (!obj->ctx) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
if (!obj->inited) {
EVP_EncodeInit(obj->ctx);
obj->inited = 1;
}
inlen = (int)puiInDataLen;
outlen = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
if (!EVP_EncodeUpdate(obj->ctx, pucOutData, &outlen, pucInData, inlen)) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)outlen;
return SAR_OK;
}
/* 7.3.7 */
int SAF_Base64_EncodeFinal(
void *hBase64Obj,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int len;
if (!hBase64Obj || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (*puiOutDataLen < 66) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!obj->ctx || !obj->inited) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
/* the max output length of EVP_EncodeFinal() is 66
* this function return void, so we need to check `*outlen`
*/
len = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
EVP_EncodeFinal(obj->ctx, pucOutData, &len);
*puiOutDataLen = (unsigned int)len;
return SAR_OK;
}
/* 7.3.8 */
int SAF_Base64_DecodeUpdate(
void *hBase64Obj,
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int inlen, outlen;
if (!hBase64Obj || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (puiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (!obj->ctx) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
if (!obj->inited) {
EVP_DecodeInit(obj->ctx);
obj->inited = 1;
}
inlen = (int)puiInDataLen;
outlen = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
/*
* EVP_DecodeUpdate() return -1 for error, 0 or 1 for success
* 0 means the last char of the input is `=`
*/
if (EVP_DecodeUpdate(obj->ctx, pucOutData, &outlen, pucInData, inlen) < 0) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)outlen;
return SAR_OK;
}
/* 7.3.9 */
int SAF_Base64_DecodeFinal(
void *hBase64Obj,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int len;
if (!hBase64Obj || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (!obj->ctx || !obj->inited) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
len = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
if (!EVP_DecodeFinal(obj->ctx, pucOutData, &len)) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)len;
return SAR_OK;
}
/* 7.3.2 */
int SAF_Base64_Encode(
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
void *handle = NULL;
unsigned char *p;
unsigned int len;
if (!pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if ((ret = SAF_Base64_CreateBase64Obj(&handle)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p = pucOutData;
len = *puiOutDataLen;
if ((ret = SAF_Base64_EncodeUpdate(handle, pucInData, puiInDataLen,
p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
len = *puiOutDataLen - len;
if ((ret = SAF_Base64_EncodeFinal(handle, p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
*puiOutDataLen = p - pucOutData;
ret = SAR_OK;
end:
SAF_Base64_DestroyBase64Obj(handle);
return ret;
}
/* 7.3.3 */
int SAF_Base64_Decode(
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
void *handle = NULL;
unsigned char *p;
unsigned int len;
if ((ret = SAF_Base64_CreateBase64Obj(&handle)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p = pucOutData;
len = *puiOutDataLen;
if ((ret = SAF_Base64_DecodeUpdate(handle, pucInData, puiInDataLen,
p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
len = *puiOutDataLen - len;
if ((ret = SAF_Base64_DecodeFinal(handle, p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
*puiOutDataLen = p - pucOutData;
ret = SAR_OK;
end:
SAF_Base64_DestroyBase64Obj(handle);
return ret;
}

521
crypto/saf/saf_cert.c
View File

@@ -1,521 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
#include "../../apps/apps.h"
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *cert_descrip)
{
return 0;
}
/* 7.2.2 */
int SAF_AddTrustedRootCaCertificate(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
X509 *x509 = NULL;
BIO *bio = NULL;
if (!hAppHandle || !pucCertificate) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(bio = BIO_new_file(app->rootcacerts, "a"))) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!PEM_write_bio_X509(bio, x509)) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PEM_LIB);
goto end;
}
ret = SAR_Ok;
end:
X509_free(x509);
BIO_free(bio);
return ret;
}
/* 7.2.3 */
int SAF_GetRootCaCertificateCount(
void *hAppHandle,
unsigned int *puiCount)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
if (!hAppHandle || !puiCount) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
*puiCount = sk_X509_num(certs);
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.4 */
int SAF_GetRootCaCertificate(
void *hAppHandle,
unsigned int uiIndex,
unsigned char *pucCertificate,
unsigned int *puiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509;
int len;
if (!hAppHandle || !pucCertificate || !puiCertificateLen) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL,
"root ca certificates")) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(x509 = sk_X509_value(certs, uiIndex))) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
if (*puiCertificateLen < i2d_X509(x509, NULL)) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_X509(x509, &pucCertificate)) <= 0) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_X509_LIB);
goto end;
}
*puiCertificateLen = len;
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.5 */
int SAF_RemoveRootCaCertificate(
void *hAppHandle,
unsigned int uiIndex)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
int i, err = 0;
if (!hAppHandle) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(bio = BIO_new_file(app->rootcacerts, "w"))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = sk_X509_delete(certs, uiIndex))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
for (i = 0; i < sk_X509_num(certs); i++) {
if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PEM_LIB);
err++;
}
}
ret = SAR_Ok;
end:
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
return ret;
}
/* 7.2.6 */
int SAF_AddCaCertificate(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
X509 *x509 = NULL;
BIO *bio = NULL;
if (!hAppHandle || !pucCertificate) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(bio = BIO_new_file(app->cacerts, "a"))) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!PEM_write_bio_X509(bio, x509)) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PEM_LIB);
goto end;
}
ret = SAR_Ok;
end:
X509_free(x509);
BIO_free(bio);
return ret;
}
/* 7.2.7 */
int SAF_GetCaCertificateCount(
void *hAppHandle,
unsigned int *puiCount)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
if (!hAppHandle || !puiCount) {
SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
*puiCount = sk_X509_num(certs);
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.8 */
int SAF_GetCaCertificate(
void *hAppHandle,
unsigned int uiIndex,
unsigned char *pucCertificate,
unsigned int *puiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509;
int len;
if (!hAppHandle || !pucCertificate || !puiCertificateLen) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(x509 = sk_X509_value(certs, uiIndex))) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
if (*puiCertificateLen < i2d_X509(x509, NULL)) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_X509(x509, &pucCertificate)) <= 0) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_X509_LIB);
goto end;
}
*puiCertificateLen = len;
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.9 */
int SAF_RemoveCaCertificate(
void *hAppHandle,
unsigned int uiIndex)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
int i, err = 0;
if (!hAppHandle) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(bio = BIO_new_file(app->rootcacerts, "w"))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = sk_X509_delete(certs, uiIndex))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
for (i = 0; i < sk_X509_num(certs); i++) {
if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PEM_LIB);
err++;
}
}
ret = SAR_Ok;
end:
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
return ret;
}
/* 7.2.10 */
int SAF_AddCrl(
void *hAppHandle,
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.11 */
int SAF_VerifyCertificate(
void *hAppHandle,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.12 */
int SAF_VerifyCertificateByCrl(
void *hAppHandle,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen,
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.13 */
int SAF_GetCertificateStateByOCSP(
void *hAppHandle,
unsigned char *pcOcspHostURL,
unsigned int uiOcspHostURLLen,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen,
unsigned char *pucCACertificate,
unsigned int uiCACertficateLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.14 */
int SAF_GetCertFromLdap(
void *hAppHandle,
char *pcLdapHostURL,
unsigned int uiLdapHostURLLen,
unsigned char *pucQueryDN,
unsigned int uiQueryDNLen,
unsigned char *pucOutCert,
unsigned int *puiOutCertLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.15 */
int SAF_GetCrlFromLdap(
void *hAppHandle,
char *pcLdapHostURL,
unsigned int uiLdapHostURLLen,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucCrlData,
unsigned int *puiCrlDataLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.16 */
int SAF_GetCertificateInfo(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned int uiInfoType,
unsigned char *pucInfo,
unsigned int *puiInfoLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.17 */
int SAF_GetExtTypeInfo(
void *hAppHandle,
unsigned char *pucDerCert,
unsigned int uiDerCertLen,
unsigned int uiInfoType,
unsigned char *pucPriOid,
unsigned int uiPriOidLen,
unsigned char *pucInfo,
unsigned int *puiInfoLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.18 */
int SAF_EnumCertificates(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts)
{
return SAR_NotSupportYetErr;
}
/* 7.2.19 */
int SAF_EnumKeyContainerInfo(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
{
return SAR_NotSupportYetErr;
}
/* 7.2.20 */
int SAF_EnumCertificatesFree(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts)
{
return SAR_NotSupportYetErr;
}
/* 7.2.21 */
int SAF_EnumKeyContainerInfoFree(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
{
return SAR_NotSupportYetErr;
}

630
crypto/saf/saf_ec.c
View File

@@ -1,630 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.3.23 */
int SAF_GenEccKeyPair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag)
{
int ret = -1;
SAF_APP *app = (SAF_APP *)hAppHandle;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
/* check arguments */
if (!hAppHandle || !pucContainerName) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 || uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiKeyBits < 160 || uiKeyBits > ECCref_MAX_BITS) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_KEY_LENGTH);
return SAR_ModulusLenErr;
}
if (uiKeyUsage != SGD_SM2_1 && uiKeyUsage != SGD_SM2_2 &&
uiKeyUsage != SGD_SM2_3) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_KEY_USAGE);
return SAR_KeyUsageErr;
}
/* process */
if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, app->engine))
|| EVP_PKEY_keygen_init(pctx) <= 0
|| EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_free(pkey);
return ret;
}
const char *SGD_GetKeyUsageName(unsigned int uiKeyUsage)
{
switch (uiKeyUsage) {
case SGD_PK_SIGN:
return "sign";
case SGD_PK_ENC:
return "enc";
case SGD_PK_DH:
return "dh";
}
return NULL;
}
/* 7.3.24 */
int SAF_GetEccPublicKey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
EVP_PKEY *pkey = NULL;
char key_id[1024];
int len;
/* check arguments */
if (!hAppHandle || !pucContainerName || !pucPublicKey ||
!puiPublicKeyLen) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 ||
uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiKeyUsage != SGD_SM2_1 && uiKeyUsage != SGD_SM2_2 &&
uiKeyUsage != SGD_SM2_3) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_INVALID_KEY_USAGE);
return SAR_KeyUsageErr;
}
if ((size_t)*puiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataErr;
}
/* process */
/*
snprintf(key_id, sizeof(key_id), "%s.%s", (char *)pucContainerName,
SGD_GetKeyUsageName(uiKeyUsage));
*/
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if ((len = i2d_PUBKEY(pkey, &pucPublicKey)) <= 0) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_X509_LIB);
goto end;
}
*puiPublicKeyLen = (unsigned int)len;
/* set return value */
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
return ret;
}
/* 7.3.25 */
int SAF_EccSign(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiAlgorithmID, /* SGD_SM2_1 */
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int *puiSignDataLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
char key_id[1024];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t siglen;
/* check arguments */
if (!hAppHandle || !pucContainerName || !pucInData ||
!pucSignData || !puiSignDataLen) {
SAFerr(SAF_F_SAF_ECCSIGN,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 ||
uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if ((size_t)*puiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataErr;
}
/* process */
/*
snprintf(key_id, sizeof(key_id), "%s.sign", (char *)pucContainerName);
*/
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, app->engine))
|| EVP_PKEY_sign_init(pctx) <= 0
|| EVP_PKEY_sign(pctx, pucSignData, &siglen, pucInData, (size_t)uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_EVP_LIB);
goto end;
}
*puiSignDataLen = (unsigned int)siglen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.26 */
int SAF_EccVerifySign(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int uiSignDataLen)
{
int ret = SAR_UnknownErr;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
/* check arguments */
if (!pucPublicKey || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_verify_init(pctx) <= 0
|| EVP_PKEY_verify(pctx, pucSignData, uiSignDataLen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.27 */
int SAF_EccPublicKeyEnc(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = -1;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t outlen = *puiOutDataLen;
/* check arguments */
if (!pucPublicKey || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_3) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen <= 0 || uiInDataLen > SAF_MAX_EC_CIPHERTEXT_LENGTH) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (*puiOutDataLen != sizeof(ECCCipher)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* precess */
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_decrypt_init(pctx) <= 0
|| EVP_PKEY_decrypt(pctx, pucOutData, &outlen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.28 */
int SAF_EccPublicKeyEncByCert(
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
X509 *x509 = NULL;
unsigned char pubkey[1024];
unsigned char *p = pubkey;
int len;
/* check arguments */
if (!pucCertificate || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_3) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen <= 0 || uiInDataLen > SAF_MAX_EC_CIPHERTEXT_LENGTH) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (*puiOutDataLen != sizeof(ECCCipher)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_X509_LIB);
goto end;
}
ret = SAF_EccPublicKeyEnc(
pubkey,
(unsigned int)len,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
return ret;
}
/* 7.3.29 */
int SAF_EccVerifySignByCert(
unsigned int uiAlgorithmID,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int uiSignDataLen)
{
int ret = SAR_UnknownErr;
X509 *x509 = NULL;
unsigned char pucPublicKey[1024];
unsigned int uiPublicKeyLen;
unsigned char *p = pucPublicKey;
int len;
/* check arguments */
if (!pucCertificate || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
uiPublicKeyLen = (unsigned int)len;
ret = SAF_EccVerifySign(
pucPublicKey,
uiPublicKeyLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucSignData,
uiSignDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
return ret;
}
/* 7.3.33 */
int SAF_GenerateAgreementDataWithECC(
void *hSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
unsigned char *pucSponsorPublicKey,
unsigned int *puiSponsorPublicKeyLen,
unsigned char *pucSponsorTmpPublicKey,
unsigned int *puiSponsorTmpPublicKeyLen,
void **phAgreementHandle)
{
int ret = -1;
ret = SAR_Ok;
return ret;
}
/* 7.3.34 */
int SAF_GenerateKeyWithECC(
void *phAgreementHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucResponsePublicKey,
unsigned int uiResponsePublicKeyLen,
unsigned char *pucResponseTmpPublicKey,
unsigned int uiResponseTmpPublicKeyLen,
void **phKeyHandle)
{
int ret = -1;
return ret;
}
/* 7.3.35 */
int SAF_GenerateAgreementDataAdnKeyWithECC(
void *hSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
unsigned char *pucSponsorPublicKey,
unsigned int *puiSponsorPublicKeyLen,
unsigned char *pucSponsorTmpPublicKey,
unsigned int *puiSponsorTmpPublicKeyLen,
unsigned char *pucResponsePublicKey,
unsigned int uiResponsePublicKeyLen,
unsigned char *pucResponseTmpPublicKey,
unsigned int uiResponseTmpPublicKeyLen,
void **phKeyHandle)
{
int ret;
void *hAgreementHandle = NULL;
if ((ret = SAF_GenerateAgreementDataWithECC(
hSymmKeyObj,
pucContainerName,
uiContainerNameLen,
uiKeyBits,
pucSponsorID,
uiSponsorIDLength,
pucSponsorPublicKey,
puiSponsorPublicKeyLen,
pucSponsorTmpPublicKey,
puiSponsorTmpPublicKeyLen,
&hAgreementHandle)) != SAR_OK) {
}
if ((ret = SAF_GenerateKeyWithECC(
hAgreementHandle,
pucResponseID,
uiResponseIDLength,
pucResponsePublicKey,
uiResponsePublicKeyLen,
pucResponseTmpPublicKey,
uiResponseTmpPublicKeyLen,
phKeyHandle)) != SAR_OK) {
}
return 0;
}
/* GmSSL Extension */
int SAF_EccSignFile(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
return SAR_OK;
}
int SAF_EccVerifySignFile(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
return SAR_OK;
}

297
crypto/saf/saf_enc.c
View File

@@ -1,297 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.39 */
int SAF_SymmEncryptUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cipher_ctx) {
const EVP_CIPHER *cipher;
// FIXME: get ulFeedBitLen from key handle
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!EVP_EncryptInit_ex(hkey->cipher_ctx, cipher,
hkey->hSymmKeyObj->app->engine,
hkey->key, hkey->hSymmKeyObj->pucIV)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
}
if (!EVP_EncryptUpdate(hkey->cipher_ctx, pucOutData, &outlen,
pucInData, (int)uiInDataLen)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cipher_ctx) {
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
}
return ret;
}
/* 7.3.40 */
int SAF_SymmEncryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cipher_ctx) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, SAF_R_ENCRYPT_NOT_INITIALIED);
return SAR_NotInitializeErr;
}
if (!EVP_EncryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
return ret;
}
/* 7.3.42 */
int SAF_SymmDecryptUpdate(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cipher_ctx) {
const EVP_CIPHER *cipher;
//Get feedbitlen from keyhandle
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!EVP_DecryptInit_ex(hkey->cipher_ctx, cipher,
hkey->hSymmKeyObj->app->engine,
hkey->key, hkey->hSymmKeyObj->pucIV)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
}
if (!EVP_DecryptUpdate(hkey->cipher_ctx, pucOutData, &outlen,
pucInData, (int)uiInDataLen)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cipher_ctx) {
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
}
return ret;
}
/* 7.3.43 */
int SAF_SymmDecryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cipher_ctx) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, SAF_R_DECRYPT_NOT_INITIALIZED);
return SAR_NotInitializeErr;
}
if (!EVP_DecryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
return ret;
}
/* 7.3.38 */
int SAF_SymmEncrypt(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
unsigned int len;
if ((ret = SAF_SymmEncryptUpdate(hKeyHandle, pucInData, uiInDataLen,
pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_SymmEncryptFinal(hKeyHandle,
pucOutData + *puiOutDataLen, &len)) != SAR_OK) {
return ret;
}
*puiOutDataLen += len;
return SAR_OK;
}
/* 7.3.41 */
int SAF_SymmDecrypt(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
unsigned int len;
if ((ret = SAF_SymmDecryptUpdate(hKeyHandle, pucInData, uiInDataLen,
pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_SymmDecryptFinal(hKeyHandle,
pucOutData + *puiOutDataLen, &len)) != SAR_OK) {
return ret;
}
*puiOutDataLen += len;
return SAR_OK;
}

142
crypto/saf/saf_err.c
View File

@@ -1,142 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gmsaf.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SAF,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SAF,0,reason)
static ERR_STRING_DATA SAF_str_functs[] = {
{ERR_FUNC(SAF_F_SAF_ADDCACERTIFICATE), "SAF_AddCaCertificate"},
{ERR_FUNC(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE),
"SAF_AddTrustedRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_BASE64_CREATEBASE64OBJ),
"SAF_Base64_CreateBase64Obj"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODE), "SAF_Base64_Decode"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODEFINAL), "SAF_Base64_DecodeFinal"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODEUPDATE), "SAF_Base64_DecodeUpdate"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODE), "SAF_Base64_Encode"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"},
{ERR_FUNC(SAF_F_SAF_CHANGEPIN), "SAF_ChangePin"},
{ERR_FUNC(SAF_F_SAF_CREATEHASHOBJ), "SAF_CreateHashObj"},
{ERR_FUNC(SAF_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"},
{ERR_FUNC(SAF_F_SAF_DESTROYHASHOBJ), "SAF_DestroyHashObj"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENCBYCERT), "SAF_EccPublicKeyEncByCert"},
{ERR_FUNC(SAF_F_SAF_ECCSIGN), "SAF_EccSign"},
{ERR_FUNC(SAF_F_SAF_ECCVERIFYSIGN), "SAF_EccVerifySign"},
{ERR_FUNC(SAF_F_SAF_ECCVERIFYSIGNBYCERT), "SAF_EccVerifySignByCert"},
{ERR_FUNC(SAF_F_SAF_GENECCKEYPAIR), "SAF_GenEccKeyPair"},
{ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"},
{ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"},
{ERR_FUNC(SAF_F_SAF_GENRSAKEYPAIR), "SAF_GenRsaKeyPair"},
{ERR_FUNC(SAF_F_SAF_GETCACERTIFICATE), "SAF_GetCaCertificate"},
{ERR_FUNC(SAF_F_SAF_GETCACERTIFICATECOUNT), "SAF_GetCaCertificateCount"},
{ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"},
{ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATE), "SAF_GetRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATECOUNT),
"SAF_GetRootCaCertificateCount"},
{ERR_FUNC(SAF_F_SAF_GETRSAPUBLICKEY), "SAF_GetRsaPublicKey"},
{ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"},
{ERR_FUNC(SAF_F_SAF_HASH), "SAF_Hash"},
{ERR_FUNC(SAF_F_SAF_HASHFINAL), "SAF_HashFinal"},
{ERR_FUNC(SAF_F_SAF_HASHUPDATE), "SAF_HashUpdate"},
{ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"},
{ERR_FUNC(SAF_F_SAF_KEY_NEW), "SAF_KEY_new"},
{ERR_FUNC(SAF_F_SAF_LOAD_PRIVATE_KEY), "SAF_load_private_key"},
{ERR_FUNC(SAF_F_SAF_LOAD_PUBLIC_KEY), "SAF_load_public_key"},
{ERR_FUNC(SAF_F_SAF_LOGIN), "SAF_Login"},
{ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"},
{ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"},
{ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA),
"SAF_Pkcs7_DecodeDigestedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA),
"SAF_Pkcs7_DecodeEnvelopedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODESIGNEDDATA),
"SAF_Pkcs7_DecodeSignedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA),
"SAF_Pkcs7_EncodeDigestedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA),
"SAF_Pkcs7_EncodeEnvelopedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA),
"SAF_Pkcs7_EncodeSignedData"},
{ERR_FUNC(SAF_F_SAF_REMOVECACERTIFICATE), "SAF_RemoveCaCertificate"},
{ERR_FUNC(SAF_F_SAF_REMOVEROOTCACERTIFICATE),
"SAF_RemoveRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_RSASIGN), "SAF_RsaSign"},
{ERR_FUNC(SAF_F_SAF_RSAVERIFYSIGN), "SAF_RsaVerifySign"},
{ERR_FUNC(SAF_F_SAF_SYMMDECRYPTFINAL), "SAF_SymmDecryptFinal"},
{ERR_FUNC(SAF_F_SAF_SYMMDECRYPTUPDATE), "SAF_SymmDecryptUpdate"},
{ERR_FUNC(SAF_F_SAF_SYMMENCRYPTFINAL), "SAF_SymmEncryptFinal"},
{ERR_FUNC(SAF_F_SAF_SYMMENCRYPTUPDATE), "SAF_SymmEncryptUpdate"},
{ERR_FUNC(SAF_F_SAF_SYMMKEYOBJ_DUP), "SAF_SYMMKEYOBJ_dup"},
{ERR_FUNC(SAF_F_SAF_VERIFYSIGNBYCERT), "SAF_VerifySignByCert"},
{0, NULL}
};
static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SAF_R_CMAC_FAILURE), "cmac failure"},
{ERR_REASON(SAF_R_DECRYPT_NOT_INITIALIZED), "decrypt not initialized"},
{ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"},
{ERR_REASON(SAF_R_ENCRYPT_NOT_INITIALIED), "encrypt not initialied"},
{ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"},
{ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"},
{ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"},
{ERR_REASON(SAF_R_INVALID_APP), "invalid app"},
{ERR_REASON(SAF_R_INVALID_CERTIFICATE), "invalid certificate"},
{ERR_REASON(SAF_R_INVALID_DIGEST_ALGOR), "invalid digest algor"},
{ERR_REASON(SAF_R_INVALID_HANDLE), "invalid handle"},
{ERR_REASON(SAF_R_INVALID_INDEX), "invalid index"},
{ERR_REASON(SAF_R_INVALID_INPUT_LENGTH), "invalid input length"},
{ERR_REASON(SAF_R_INVALID_KEY_HANDLE), "invalid key handle"},
{ERR_REASON(SAF_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"},
{ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(SAF_R_INVALID_PKCS7), "invalid pkcs7"},
{ERR_REASON(SAF_R_INVALID_PKCS7_DATA), "invalid pkcs7 data"},
{ERR_REASON(SAF_R_INVALID_PKCS7_TYPE), "invalid pkcs7 type"},
{ERR_REASON(SAF_R_INVALID_PKEY_TYPE), "invalid pkey type"},
{ERR_REASON(SAF_R_INVALID_PUBLIC_KEY), "invalid public key"},
{ERR_REASON(SAF_R_LOA), "loa"},
{ERR_REASON(SAF_R_LOAD_CERTS_FAILURE), "load certs failure"},
{ERR_REASON(SAF_R_LOAD_KEY_FAILURE), "load key failure"},
{ERR_REASON(SAF_R_LOAD_PRIVATE_KEY_FAILURE), "load private key failure"},
{ERR_REASON(SAF_R_LOAD_PUBLIC_KEY_FAILURE), "load public key failure"},
{ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"},
{ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"},
{ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED),
"operation not initialized"},
{ERR_REASON(SAF_R_PKCS7_VERIFY_FAILURE), "pkcs7 verify failure"},
{ERR_REASON(SAF_R_UNSUPPORTED_ALGOR), "unsupported algor"},
{ERR_REASON(SAF_R_UNSUPPORTED_DIGEST_ALGOR), "unsupported digest algor"},
{0, NULL}
};
#endif
int ERR_load_SAF_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SAF_str_functs[0].error) == NULL) {
ERR_load_strings(0, SAF_str_functs);
ERR_load_strings(0, SAF_str_reasons);
}
#endif
return 1;
}

105
crypto/saf/saf_errstr.c
View File

@@ -1,105 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include <openssl/gmsaf.h>
#include "../../e_os.h"
static ERR_STRING_DATA saf_errstr[] = {
{ SAR_Ok, "Success" },
{ SAR_UnknownErr, "Unknown error" },
{ SAR_NotSupportYetErr, "Not supported yet error" },
{ SAR_FileErr, "File error" },
{ SAR_ProviderTypeErr, "Provider type error" },
{ SAR_LoadProviderErr, "Load provider error" },
{ SAR_LoadDevMngApiErr, "Load Device management API error" },
{ SAR_AlgoTypeErr, "Algorithm type error" },
{ SAR_NameLenErr, "Name length error" },
{ SAR_KeyUsageErr, "Key usage error" },
{ SAR_ModulusLenErr, "Modulus length error" },
{ SAR_NotInitializeErr, "Not initialized error" },
{ SAR_ObjErr, "Object error" },
{ SAR_MemoryErr, "Memory error" },
{ SAR_TimeoutErr, "Timeout error" },
{ SAR_IndataLenErr, "Input data length error" },
{ SAR_IndataErr, "Input data error" },
{ SAR_GenRandErr, "Generate random error" },
{ SAR_HashObjErr, "Hash object error" },
{ SAR_HashErr, "Hash error" },
{ SAR_GenRsaKeyErr, "Generate RSA key error" },
{ SAR_RsaModulusLenErr, "RSA modulus length error" },
{ SAR_CspImportPubKeyErr,"CSP import public key error" },
{ SAR_RsaEncErr, "RSA encryption error" },
{ SAR_RsaDecErr, "RSA decryption error" },
{ SAR_HashNotEqualErr, "Hash not equal error" },
{ SAR_KeyNotFoundErr, "Key not found error" },
{ SAR_CertNotFoundErr, "Certificate not found error" },
{ SAR_NotExportErr, "Non-exportable error" },
{ SAR_CertRevokedErr, "Certificate revoked error" },
{ SAR_CertNotYetValidErr,"Certificate not yet valid error" },
{ SAR_CerthashExpiredErr,"Certificate hash expirted error" },
{ SAR_CertVerifyErr, "Certificate verification error" },
{ SAR_CertEncodeErr, "Certificate encoding error" },
{ SAR_DecryptPadErr, "Decryption padding error" },
{ SAR_MacLenErr, "MAC length error" },
{ SAR_KeyInfoTypeErr, "Key information type error" },
{ SAR_NotLogin, "Not login" },
};
const char *SAF_GetErrorString(int err)
{
int i;
for (i = 0; i < OSSL_NELEM(saf_errstr); i++) {
if (err == saf_errstr[i].error) {
return saf_errstr[i].string;
}
}
return "(undef)";
}

258
crypto/saf/saf_hash.c
View File

@@ -1,258 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.12 */
int SAF_CreateHashObj(void **phHashObj,
unsigned int uiAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucID,
unsigned int uiIDLen)
{
int ret = SAR_UnknownErr;
const EVP_MD *md;
EVP_MD_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
if (!phHashObj) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(md = EVP_get_digestbysgd(uiAlgoType))) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (!(ctx = EVP_MD_CTX_new())) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_MALLOC_FAILURE);
goto end;
}
/* limitation of the SAF hashing:
* can not specify an engine, only use the default implementation
*/
if (!EVP_DigestInit_ex(ctx, md, NULL)) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB);
goto end;
}
if (pucPublicKey) {
unsigned char dgst[EVP_MAX_MD_SIZE];
size_t dgstlen = sizeof(dgst);
if (!pucID) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
ret = SAR_IndataErr;
goto end;
}
if (uiIDLen <= 0 || uiIDLen > SM2_MAX_ID_LENGTH
|| strlen((char *)pucID) != uiIDLen
|| uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_INPUT_LENGTH);
ret = SAR_IndataLenErr;
goto end;
}
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_PUBLIC_KEY);
ret = SAR_IndataErr;
goto end;
}
if (!SM2_compute_id_digest(md, (char *)pucID, uiIDLen, dgst, &dgstlen,
EVP_PKEY_get0_EC_KEY(pkey))) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestUpdate(ctx, dgst, dgstlen)) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB);
goto end;
}
}
*phHashObj = ctx;
ctx = NULL;
ret = SAR_Ok;
end:
if (ret != SAR_Ok) {
*phHashObj = NULL;
}
EVP_MD_CTX_free(ctx);
EVP_PKEY_free(pkey);
return ret;
}
/* 7.3.13 */
int SAF_DestroyHashObj(
void *phHashObj)
{
if (!phHashObj) {
SAFerr(SAF_F_SAF_DESTROYHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
EVP_MD_CTX_free((EVP_MD_CTX *)phHashObj);
return SAR_Ok;
}
/* 7.3.14 */
int SAF_HashUpdate(
void *phHashObj,
const unsigned char *pucInData,
unsigned int uiInDataLen)
{
if (!phHashObj || pucInData) {
SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_HASHUPDATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, uiInDataLen)) {
SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_EVP_LIB);
return SAR_HashErr;
}
return SAR_Ok;
}
/* 7.3.15 */
int SAF_HashFinal(void *phHashObj,
unsigned char *pucOutData,
unsigned int *uiOutDataLen)
{
if (!phHashObj || !pucOutData || !uiOutDataLen) {
SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*uiOutDataLen < EVP_MAX_MD_SIZE) {
SAFerr(SAF_F_SAF_HASHFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!EVP_DigestFinal_ex((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) {
SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_EVP_LIB);
return SAR_HashErr;
}
return SAR_Ok;
}
/* 7.3.11 */
int SAF_Hash(
unsigned int uiAlgoType,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pubID,
unsigned int uiIDLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret;
void *hHashObj = NULL;
if ((ret = SAF_CreateHashObj(
&hHashObj,
uiAlgoType,
pucPublicKey,
uiPublicKeyLen,
pubID,
uiIDLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
return ret;
}
if ((ret = SAF_HashUpdate(
hHashObj,
pucInData,
uiInDataLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
goto err;
}
if ((ret = SAF_HashFinal(
hHashObj,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
goto err;
}
if ((ret = SAF_DestroyHashObj(
hHashObj)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
return ret;
}
return SAR_Ok;
err:
/* keep the first error */
(void)SAF_DestroyHashObj(hHashObj);
return ret;
}

229
crypto/saf/saf_keyhandle.c
View File

@@ -1,229 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <limits.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include <openssl/crypto.h>
#include "saf_lcl.h"
/* 7.3.31 */
int SAF_GenerateKeyWithEPK(
void *hSymmKeyObj,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int *puiSymmKeyLen,
void **phKeyHandle)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
const EVP_CIPHER *cipher;
unsigned char keybuf[32];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pkctx = NULL;
size_t outlen;
if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey
|| !puiSymmKeyLen || !phKeyHandle) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
outlen = (size_t)*puiSymmKeyLen;
if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID, 0)) //fixme: feedbitlen
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|| !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
|| !EVP_PKEY_encrypt_init(pkctx)
|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE);
goto end;
}
// init EVP_CIPHER_CTX
if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE);
goto end;
}
*puiSymmKeyLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pkctx);
return ret;
}
/*
65 typedef struct {
66 SAF_APP *app;
67 unsigned char *pucContainerName;
68 unsigned int uiContainerLen;
69 unsigned char *pucIV;
70 unsigned int uiIVLen;
71 unsigned int uiEncOrDec;
72 unsigned int uiCryptoAlgID;
73 } SAF_SYMMKEYOBJ;
74
75 typedef struct {
76 SAF_SYMMKEYOBJ *hSymmKeyObj;
77 unsigned char key[64];
78 int keylen;
79 EVP_CIPHER_CTX *cipher_ctx;
80 CMAC_CTX *cmac_ctx;
81 } SAF_KEY;
*/
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *hSymmKeyObj)
{
SAF_KEY *ret = NULL;
SAF_KEY *key = NULL;
if (!(key = OPENSSL_zalloc(sizeof(*key)))
|| !(key->hSymmKeyObj = SAF_SYMMKEYOBJ_dup(hSymmKeyObj))) {
SAFerr(SAF_F_SAF_KEY_NEW, ERR_R_MALLOC_FAILURE);
goto end;
}
ret = key;
key = NULL;
end:
SAF_KEY_free(key);
return ret;
}
void SAF_KEY_free(SAF_KEY *key)
{
if (key) {
SAF_SYMMKEYOBJ_free(key->hSymmKeyObj);
}
OPENSSL_clear_free(key, sizeof(*key));
}
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a)
{
SAF_SYMMKEYOBJ *ret = NULL;
SAF_SYMMKEYOBJ *obj = NULL;
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))
|| !(obj->pucContainerName = OPENSSL_memdup(a->pucContainerName, a->uiContainerLen))
|| !(obj->pucIV = OPENSSL_memdup(a->pucIV, a->uiIVLen))) {
SAFerr(SAF_F_SAF_SYMMKEYOBJ_DUP, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->uiContainerLen = a->uiContainerLen;
obj->uiIVLen = a->uiIVLen;
obj->uiEncOrDec = a->uiEncOrDec;
obj->uiCryptoAlgID = a->uiCryptoAlgID;
ret = obj;
obj = NULL;
end:
SAF_SYMMKEYOBJ_free(obj);
return ret;
}
void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *obj)
{
if (obj) {
OPENSSL_free(obj->pucContainerName);
OPENSSL_free(obj->pucIV);
OPENSSL_free(obj);
}
}
/* 7.3.32 */
int SAF_ImportEncedKey(
void *hSymmKeyObj,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
void **phKeyHandle)
{
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *hobj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
char key_id[1024];
/*
snprintf(key_id, sizeof(key_id), "%s.enc", hobj->pucContainerName);
*/
if (!(pkey = ENGINE_load_private_key(hobj->app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, hobj->app->engine))
|| EVP_PKEY_decrypt_init(pctx) <= 0
|| EVP_PKEY_decrypt(pctx, hkey->key, &hkey->keylen, pucSymmKey, uiSymmKeyLen) <= 0) {
goto end;
}
end:
return 0;
}
/* 7.3.37 */
int SAF_DestroyKeyHandle(
void *hKeyHandle)
{
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
OPENSSL_clear_free(hkey, hkey->keylen);
return SAR_OK;
}

95
crypto/saf/saf_lcl.h
View File

@@ -1,95 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsdf.h>
#include <openssl/gmsaf.h>
#include <openssl/engine.h>
#include <openssl/err.h>
typedef struct saf_app_st {
ENGINE *engine;
char *rootcacerts;
char *cacerts;
} SAF_APP;
typedef struct {
EVP_ENCODE_CTX *ctx;
int inited;
} SAF_BASE64OBJ;
typedef struct {
SAF_APP *app;
unsigned char *pucContainerName;
unsigned int uiContainerLen;
unsigned char *pucIV;
unsigned int uiIVLen;
unsigned int uiEncOrDec;
unsigned int uiCryptoAlgID;
} SAF_SYMMKEYOBJ;
typedef struct {
SAF_SYMMKEYOBJ *hSymmKeyObj;
unsigned char key[64];
size_t keylen;
EVP_CIPHER_CTX *cipher_ctx;
CMAC_CTX *cmac_ctx;
} SAF_KEY;
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *obj);
void SAF_KEY_free(SAF_KEY *key);
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a);
void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *a);
EVP_PKEY *SAF_load_private_key(SAF_APP *app, const char *container, int flags);
EVP_PKEY *SAF_load_public_key(SAF_APP *app, const char *container, int flags);

121
crypto/saf/saf_lib.c
View File

@@ -1,121 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
EVP_PKEY *SAF_load_private_key(SAF_APP *app, const char *container, int flags)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[1024];
if (!app->engine) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_INVALID_APP);
return NULL;
}
/*
snprintf(key_id, sizeof(key_id), "%s.%s", container,
((flags & EVP_PKT_SIGN) ? "sign" : "enc"));
*/
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_LOAD_PRIVATE_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_base_id(pkey) !=
((flags & EVP_PK_EC) ? EVP_PKEY_EC : EVP_PKEY_RSA)) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_INVALID_PKEY_TYPE);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}
EVP_PKEY *SAF_load_public_key(SAF_APP *app, const char *container, int flags)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[1024];
if (!app->engine) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_INVALID_APP);
return NULL;
}
/*
snprintf(key_id, sizeof(key_id), "%s.%s", container,
((flags & EVP_PKT_SIGN) ? "sign" : "enc"));
*/
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_LOAD_PUBLIC_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_base_id(pkey) !=
((flags & EVP_PK_EC) ? EVP_PKEY_EC : EVP_PKEY_RSA)) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_INVALID_PKEY_TYPE);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}

167
crypto/saf/saf_mac.c
View File

@@ -1,167 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.45 */
int SAF_MacUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
if (!hKeyHandle || !pucInData) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cmac_ctx) {
const EVP_CIPHER *cipher;
//Fixme: feedbitlen
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cmac_ctx = CMAC_CTX_new())) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, cipher,
hkey->hSymmKeyObj->app->engine)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
goto end;
}
}
if (!CMAC_Update(hkey->cmac_ctx, pucInData, uiInDataLen)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
return SAR_UnknownErr;
}
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cmac_ctx) {
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
}
return ret;
}
/* 7.3.46 */
int SAF_MacFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
size_t outlen = *puiOutDataLen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_MACFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen < EVP_MAX_MD_SIZE) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!hkey->cmac_ctx) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_OPERATION_NOT_INITIALIZED);
return SAR_UnknownErr;
}
if (!CMAC_Final(hkey->cmac_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
return ret;
}
/* 7.4.44 */
int SAF_Mac(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret;
if ((ret = SAF_MacUpdate(hKeyHandle, pucInData, uiInDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_MacFinal(hKeyHandle, pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
return SAR_OK;
}

634
crypto/saf/saf_pkcs7.c
View File

@@ -1,634 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/pkcs7.h>
#include <openssl/gmapi.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.4.2 */
int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.3 */
int SAF_Pkcs7_DecodeData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerP7Data,
unsigned int uiDerP7DataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithm)
{
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.4 */
int SAF_Pkcs7_EncodeSignedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *data = NULL;
int len;
if (!hAppHandle || !pucSignContainerName || !pucSignerCertificate
|| !pucData || !pucDerP7Data || !puiDerP7DataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiSignContainerNameLen <= 0 || uiSignContainerNameLen > INT_MAX
|| strlen((char *)pucSignContainerName) != uiSignContainerNameLen
|| uiSignerCertificateLen <= 0 || uiSignerCertificateLen > INT_MAX
|| uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_load_private_key(app, (char *)pucSignContainerName,
EVP_PK_EC|EVP_PKT_SIGN))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_LOAD_KEY_FAILURE);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucSignerCertificate,
uiSignerCertificateLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
if (!(data = BIO_new_mem_buf(pucData, uiDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_BIO_LIB);
goto end;
}
if (!(p7 = PKCS7_sign(x509, pkey, NULL, data, PKCS7_BINARY))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7Data)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
*puiDerP7DataLen = len;
ret = SAR_Ok;
end:
PKCS7_free(p7);
X509_free(x509);
BIO_free(data);
return ret;
}
/* 7.4.5 */
int SAF_Pkcs7_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerP7SignedData,
unsigned int uiDerP7SignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSig,
unsigned int *puiSigLen)
{
int ret = SAR_UnknownErr;
#if 0
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7signed;
X509 *x509 = NULL;
PKCS7_SIGNER_INFO *signer_info;
X509_ALGOR *algor;
BIO *bio = NULL;
if (!hAppHandle || !pucDerP7SignedData || !puiDigestAlgorithm
|| !puiSignerCertificateLen || !puiDataLen || !puiSigLen) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDerP7SignedDataLen <= 0 || uiDerP7SignedDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(p7 = d2i_PKCS7(NULL, (const unsigned char **)&pucDerP7SignedData,
uiDerP7SignedDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (!(bio = BIO_new(BIO_s_mem()))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!PKCS7_type_is_signed(p7)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_TYPE);
goto end;
}
if (!PKCS7_verify(p7, NULL, NULL, NULL, bio, 0)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_PKCS7_VERIFY_FAILURE);
goto end;
}
if (!(p7signed = p7->d.sign)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
/* get digest algor */
if (sk_X509_ALGOR_num(p7signed->md_algs) != 1
|| !(algor = sk_X509_ALGOR_value(p7signed->md_algs, 0))
|| (*puiDigestAlgorithm = EVP_MD_sgd(EVP_get_digestbyobj(algor->algorithm))) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
/* get signer's certificate */
if (sk_X509_ALGOR_num(p7signed->cert) != 1
|| !(x509 = sk_X509_ALGOR_value(p7signed->cert, 0))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if ((len = i2d_X509(x509, NULL)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
if (*puiSignerCertificateLen < len) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
if ((len = i2d_X509(x509, &pucSignerCertficate)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
*puiSignerCertificateLen = len;
/* get data */
if (!(p7signed->contents)
|| !PKCS7_type_is_data(p7signed->contents)
|| !(data = p7signed->contents->d.data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (*puiDataLen < ASN1_STRING_length(data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
memcpy(pucData, ASN1_STRING_get0_data(data), ASN1_STRING_length(data));
*puiDataLen = ASN1_STRING_length(data);
/* get signature */
if (sk_SIGNER_INFO_num(p7signed->signer_info) <= 0
|| !(signer_info = sk_SIGNER_INFO_value(p7signed->signer_info, 0))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (*puiSigLen < ASN1_STRING_length(signer_info->enc_digest)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
memcpy(pucSig, ASN1_STRING_get0_data(signer_info->enc_digest),
ASN1_STRING_length(signer_info->enc_digest));
*puiSigLen = ASN1_STRING_length(signer_info->enc_digest);
ret = SAR_Ok;
end:
PKCS7_free(p7);
X509_free(x509);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.6 */
int SAF_Pkcs7_EncodeEnvelopedData(
void *hAppHandle,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucDerP7EnvelopedData,
unsigned int *puiDerP7EnvelopedDataLen)
{
int ret = SAR_UnknownErr;
#if 0
PKCS7 *p7 = NULL;
X509 *x509 = NULL;
STACK_OF(X509) *certs = NULL;
BIO *bio = NULL;
const EVP_CIPHER *cipher;
int len;
/* check arguments */
if (!hAppHandle || !pucData || !pucEncCertificate || !puiDerP7EnvelopedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDataLen <= 0 || uiDataLen > INT_MAX
|| uiEncCertificateLen <= 0 || uiEncCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(cipher = EVP_get_cipherbysgd(uiSymmAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_UNSUPPORTED_ALGOR);
return SAR_AlgoTypeErr;
}
/* process */
if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))
|| !(certs = sk_X509_new_null())
|| !(x509 = X509_new())) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!d2i_X509(&x509, &pucEncCertificate, (long)uiEncCertificateLen)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_CERTIFICATE);
ret = SAR_CertEncodeErr;
goto end;
}
sk_X509_push(certs, x509);
x509 = NULL;
if (!(p7 = PKCS7_encrypt(certs, bio, cipher, PKCS7_BINARY))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if ((len = i2d_PKCS7(p7, NULL)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (!pucDerP7EnvelopedData) {
*puiDerP7EnvelopedDataLen = (unsigned int)len;
ret = SAR_Ok;
goto end;
}
if (*puiDerP7EnvelopedDataLen < (unsigned int)len) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
len = i2d_PKCS7(p7, pucDerP7EnvelopedData);
*puiDerP7EnvelopedDataLen = (unsigned int)len;
ret = SAR_OK;
end:
PKCS7_free(p7);
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.7 */
int SAF_Pkcs7_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerP7EnvelopedData,
unsigned int uiDerP7EnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
BUF_MEM *buf = NULL;
if (!hAppHandle || !pucDecContainerName || !pucDerP7EnvelopedData || !pucData)
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDecContainerNameLen <= 0 || uiDecContainerNameLen > INT_MAX
|| uiDerP7EnvelopedDataLen <= 0 || uiDerP7EnvelopedDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!pucData) {
*puiDataLen = uiDerP7EnvelopedDataLen;
return SAR_Ok;
} else if (*puiDataLen <= 0 || *puiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_load_private_key(app, (char *)pucDecContainerName,
EVP_PK_EC|EVP_PKT_ENC))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_LOAd_PUBLIC_KEY_FAILURE);
goto end;
}
if (!(x509 = SAF_LoadCertificate(app, pucDecContainerName,
uiDecContainerNameLen, SGD_PK_ENC))) {
goto end;
}
if (!(bio = BIO_new(BIO_s_membuf()))) {
goto end;
}
if (!PKCS7_decrypt(p7, pkey, x509, bio, 0)) {
goto end;
}
if (!BIO_get_mem_buf(bio, &buf)) {
goto end;
}
memcpy(pucData, buf->data, buf->length);
*puiDataLen = buf->length;
ret = SAR_Ok;
end:
PKCS7_free(p7);
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.8 */
int SAF_Pkcs7_EncodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7DigestedData,
unsigned int *puiDerP7DigestedDataLen)
{
int ret = SAR_UnknownErr;
const EVP_MD *md;
PKCS7 *p7 = NULL;
BIO *p7bio = NULL;
int len;
if (!hAppHandle || !pucData || !pucDerP7DigestedData
|| !puiDerP7DigestedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
if (!(p7 = PKCS7_new())
|| !PKCS7_set_type(p7, NID_pkcs7_digest)
|| !PKCS7_set_digest(p7, md)
|| !PKCS7_content_new(p7, NID_pkcs7_data)
|| !(p7bio = PKCS7_dataInit(p7, NULL))
|| BIO_write(p7bio, pucData, (int)uiDataLen) != uiDataLen
|| !PKCS7_dataFinal(p7, p7bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DigestedDataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7DigestedData)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
ret = SAR_Ok;
end:
PKCS7_free(p7);
BIO_free(p7bio);
return ret;
}
/* 7.4.9 */
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned char *pucDerP7DigestedData,
unsigned int uiDerP7DigestedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucDigest,
unsigned int *puiDigestLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
PKCS7_DIGEST *p7dgst;
ASN1_OCTET_STRING *data;
if (!hAppHandle || !puiDigestAlgorithm || !puiDataLen || !puiDigestLen) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!pucData) {
*puiDataLen = uiDerP7DigestedDataLen;
return SAR_Ok;
}
if (!pucDigest) {
*puiDigestLen = EVP_MAX_MD_SIZE;
return SAR_Ok;
}
if (uiDerP7DigestedDataLen <= 0 || uiDerP7DigestedDataLen > INT_MAX
|| *puiDataLen <= 0 || *puiDataLen > INT_MAX
|| *puiDigestLen <= 0 || *puiDigestLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(p7 = d2i_PKCS7(NULL, (const unsigned char **)&pucDerP7DigestedData,
uiDerP7DigestedDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7);
ret = SAR_IndataErr;
goto end;
}
if (!PKCS7_type_is_digest(p7)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_TYPE);
ret = SAR_IndataErr;
goto end;
}
p7dgst = p7->d.digest;
/* output digset algor */
//EVP_MD_sgd
#if 0
if ((*puiDigestAlgorithm = EVP_MD_sgd(
EVP_get_digestbyobj(p7dgst->md->algorithm))) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_UNSUPPORTED_DIGEST_ALGOR);
ret = SAR_IndataErr;
goto end;
}
#endif
/* output digested data */
if (!PKCS7_type_is_data(p7dgst->contents)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (!(data = p7dgst->contents->d.data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDataLen < ASN1_STRING_length(data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucData, ASN1_STRING_get0_data(data), ASN1_STRING_length(data));
*puiDataLen = ASN1_STRING_length(data);
/* output digest */
if (!p7dgst->digest) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDigestLen < ASN1_STRING_length(p7dgst->digest)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucDigest, ASN1_STRING_get0_data(p7dgst->digest), ASN1_STRING_length(p7dgst->digest));
*puiDigestLen = ASN1_STRING_length(p7dgst->digest);
ret = SAR_Ok;
end:
PKCS7_free(p7);
return ret;
}

79
crypto/saf/saf_rand.c
View File

@@ -1,79 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.10 */
int SAF_GenRandom(
unsigned int uiRandLen,
unsigned char *pucRand)
{
if (uiRandLen <= 0 || uiRandLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!pucRand) {
SAFerr(SAF_F_SAF_GENRANDOM, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!RAND_bytes(pucRand, (int)uiRandLen)) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE);
return SAR_GenRandErr;
}
return SAR_OK;
}

279
crypto/saf/saf_rsa.c
View File

@@ -1,279 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.16 */
int SAF_GenRsaKeyPair(void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, app->engine))
|| EVP_PKEY_keygen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, uiKeyBits) <= 0
|| EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SAFerr(SAF_F_SAF_GENRSAKEYPAIR, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_free(pkey);
#endif
return ret;
}
/* 7.3.17 */
int SAF_GetRsaPublicKey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
EVP_PKEY *pkey = NULL;
char key_id[1024];
int len;
snprintf(key_id, sizeof(key_id), "%s.%s", (char *)pucContainerName,
SGD_GetKeyUsageName(uiKeyUsage));
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if ((len = i2d_PUBKEY(pkey, &pucPublicKey)) <= 0) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_X509_LIB);
goto end;
}
*puiPublicKeyLen = (unsigned int)len;
/* set return value */
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
#endif
return ret;
}
/* 7.3.18 */
int SAF_RsaSign(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
char key_id[1024];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t siglen;
snprintf(key_id, sizeof(key_id), "%s.sign", (char *)pucContainerName);
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, app->engine))
|| EVP_PKEY_sign_init(pctx) <= 0
|| EVP_PKEY_sign(pctx, pucSignData, &siglen, pucInData, (size_t)uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_RSASIGN, ERR_R_EVP_LIB);
goto end;
}
*puiSignDataLen = (unsigned int)siglen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
#endif
return ret;
}
/* 7.3.19 */
int SAF_RsaSignFile(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
return SAR_OK;
}
/* 7.3.20 */
int SAF_RsaVerifySign(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
/* process */
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_verify_init(pctx) <= 0
|| EVP_PKEY_verify(pctx, pucSignData, uiSignDataLen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_RSAVERIFYSIGN, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
#endif
return ret;
}
/* 7.3.21 */
int SAF_RsaVerifySignFile(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
return SAR_OK;
}
/* 7.3.22 */
int SAF_VerifySignByCert(
unsigned int uiHashAlgoType,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
/* process */
X509 *x509 = NULL;
unsigned char pucPublicKey[1024];
unsigned int uiPublicKeyLen;
unsigned char *p = pucPublicKey;
int len;
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_VERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_VERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
uiPublicKeyLen = (unsigned int)len;
ret = SAF_RsaVerifySign(
pucPublicKey,
uiPublicKeyLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucSignData,
uiSignDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
#endif
return ret;
}

207
crypto/saf/saf_sm2.c
View File

@@ -1,207 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/gmapi.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.4.10 */
int SAF_SM2_EncodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int *puiDerSignedAndEnvelopedDataLen)
{
return SAF_Pkcs7_EncodeData(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen,
pucSignerCertificate,
uiSignerCertificateLen,
uiDigestAlgorithm,
pucEncCertificate,
uiEncCertificateLen,
uiSymmAlgorithm,
pucData,
uiDataLen,
pucDerSignedAndEnvelopedData,
puiDerSignedAndEnvelopedDataLen);
}
/* 7.4.11 */
int SAF_SM2_DecodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucDerContainerName,
unsigned int uiDerContainerNameLen,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int uiDerSignedAndEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithm)
{
return SAF_Pkcs7_DecodeData(
hAppHandle,
pucDerContainerName,
uiDerContainerNameLen,
pucDerSignedAndEnvelopedData,
uiDerSignedAndEnvelopedDataLen,
pucData,
puiDataLen,
pucSignerCertificate,
puiSignerCertificateLen,
puiDigestAlgorithm);
}
/* 7.4.12 */
int SAF_SM2_EncodeSignedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerSignedData,
unsigned int *puiDerSignedDataLen)
{
return SAF_Pkcs7_EncodeSignedData(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen,
uiSignKeyUsage,
pucSignerCertificate,
uiSignerCertificateLen,
uiDigestAlgorithm,
pucData,
uiDataLen,
pucDerSignedData,
puiDerSignedDataLen);
}
/* 7.4.13 */
int SAF_SM2_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerSignedData,
unsigned int uiDerSignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSign,
unsigned int *puiSignLen)
{
return SAF_Pkcs7_DecodeSignedData(
hAppHandle,
pucDerSignedData,
uiDerSignedDataLen,
puiDigestAlgorithm,
pucSignerCertificate,
puiSignerCertificateLen,
pucData,
puiDataLen,
pucSign,
puiSignLen);
}
/* 7.4.14 */
int SAF_SM2_EncodeEnvelopedData(
void *hAppHandle,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucDerEnvelopedData,
unsigned int *puiDerEnvelopedDataLen)
{
return SAF_Pkcs7_EncodeEnvelopedData(
hAppHandle,
pucData,
uiDataLen,
pucEncCertificate,
uiEncCertificateLen,
uiSymmAlgorithm,
pucDerEnvelopedData,
puiDerEnvelopedDataLen);
}
/* 7.4.15 */
int SAF_SM2_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerEnvelopedData,
unsigned int uiDerEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen)
{
return SAF_Pkcs7_DecodeEnvelopedData(
hAppHandle,
pucDecContainerName,
uiDecContainerNameLen,
pucDerEnvelopedData,
uiDerEnvelopedDataLen,
pucData,
puiDataLen);
}

117
crypto/saf/saf_symmkeyobj.c
View File

@@ -1,117 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <limits.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.30 */
int SAF_CreateSymmKeyObj(
void *hAppHandle,
void **phSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerLen,
unsigned char *pucIV,
unsigned int uiIVLen,
unsigned int uiEncOrDec,
unsigned int uiCryptoAlgID)
{
int ret = SAR_UnknownErr;
SAF_SYMMKEYOBJ *obj = NULL;
/* check arguments */
if (!hAppHandle || !phSymmKeyObj || !pucContainerName || !pucIV) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerLen <= 0 || uiContainerLen > 255 ||
uiIVLen > EVP_MAX_IV_LENGTH) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))
|| !(obj->pucContainerName = OPENSSL_memdup(pucContainerName, uiContainerLen))
|| !(obj->pucIV = OPENSSL_memdup(pucIV, uiIVLen))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->app = (SAF_APP *)hAppHandle;
obj->uiContainerLen = uiContainerLen;
obj->uiIVLen = uiIVLen;
obj->uiEncOrDec = uiEncOrDec;
obj->uiCryptoAlgID = uiCryptoAlgID;
/* set output */
*phSymmKeyObj = obj;
obj = NULL;
ret = SAR_OK;
end:
(void)SAF_DestroySymmAlgoObj(obj);
return ret;
}
/* 7.3.36 */
int SAF_DestroySymmAlgoObj(
void *hSymmKeyObj)
{
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
if (obj) {
OPENSSL_free(obj->pucContainerName);
OPENSSL_free(obj->pucIV);
OPENSSL_free(obj);
}
return SAR_OK;
}

2
crypto/serpent/build.info
View File

@@ -1,2 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=serpent.c

308
crypto/serpent/serpent.c
View File

@@ -1,308 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/**
Copyright © 2015 Odzhan
Copyright © 2008 Daniel Otte
All Rights Reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY AUTHORS "AS IS" AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. */
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/serpent.h>
#include "serpent_locl.h"
static void serpent_whiten(serpent_blk *dst, serpent_key_t *src, int idx) {
uint8_t i;
serpent_blk *p = (serpent_blk*)&src->x[idx];
for (i = 0; i<SERPENT_BLOCK_SIZE / 4; i++) {
dst->w[i] ^= p->w[i];
}
}
static void permute(serpent_blk *out, serpent_blk *in, int type)
{
uint8_t cy;
uint8_t n, m;
for (n = 0; n<SERPENT_BLOCK_SIZE / 4; n++) {
out->w[n] = 0;
}
if (type == SERPENT_IP)
{
for (n = 0; n<16; n++) {
for (m = 0; m<8; m++) {
cy = in->w[m % 4] & 1;
in->w[m % 4] >>= 1;
out->b[n] = (cy << 7) | (out->b[n] >> 1);
}
}
}
else {
for (n = 0; n<4; n++) {
for (m = 0; m<32; m++) {
cy = in->w[n] & 1;
in->w[n] >>= 1;
out->w[m % 4] = (cy << 31) | (out->w[m % 4] >> 1);
}
}
}
}
#define HI_NIBBLE(b) (((b) >> 4) & 0x0F)
#define LO_NIBBLE(b) ((b) & 0x0F)
static uint32_t serpent_gen_w(uint32_t *b, uint32_t i) {
uint32_t ret;
ret = b[0] ^ b[3] ^ b[5] ^ b[7] ^ GOLDEN_RATIO ^ i;
return ROTL32(ret, 11);
}
static void serpent_subbytes(serpent_blk *blk, uint32_t box_idx, int type)
{
serpent_blk tmp_blk, sb;
uint8_t *sbp;
uint8_t i, t;
uint8_t sbox[8][8] =
{ { 0x83, 0x1F, 0x6A, 0xB5, 0xDE, 0x24, 0x07, 0xC9 },
{ 0xCF, 0x72, 0x09, 0xA5, 0xB1, 0x8E, 0xD6, 0x43 },
{ 0x68, 0x97, 0xC3, 0xFA, 0x1D, 0x4E, 0xB0, 0x25 },
{ 0xF0, 0x8B, 0x9C, 0x36, 0x1D, 0x42, 0x7A, 0xE5 },
{ 0xF1, 0x38, 0x0C, 0x6B, 0x52, 0xA4, 0xE9, 0xD7 },
{ 0x5F, 0xB2, 0xA4, 0xC9, 0x30, 0x8E, 0x6D, 0x17 },
{ 0x27, 0x5C, 0x48, 0xB6, 0x9E, 0xF1, 0x3D, 0x0A },
{ 0xD1, 0x0F, 0x8E, 0xB2, 0x47, 0xAC, 0x39, 0x65 }
};
uint8_t sbox_inv[8][8] =
{ { 0x3D, 0x0B, 0x6A, 0xC5, 0xE1, 0x74, 0x9F, 0x28 },
{ 0x85, 0xE2, 0x6F, 0x3C, 0x4B, 0x97, 0xD1, 0x0A },
{ 0x9C, 0x4F, 0xEB, 0x21, 0x30, 0xD6, 0x85, 0x7A },
{ 0x90, 0x7A, 0xEB, 0xD6, 0x53, 0x2C, 0x84, 0x1F },
{ 0x05, 0x38, 0x9A, 0xE7, 0xC2, 0x6B, 0xF4, 0x1D },
{ 0xF8, 0x92, 0x14, 0xED, 0x6B, 0x35, 0xC7, 0x0A },
{ 0xAF, 0xD1, 0x35, 0x06, 0x94, 0x7E, 0xC2, 0xB8 },
{ 0x03, 0xD6, 0xE9, 0x8F, 0xC5, 0x7B, 0x1A, 0x24 }
};
box_idx &= 7;
if (type == SERPENT_ENCRYPT) {
sbp = (uint8_t*)&sbox[box_idx][0];
}
else {
sbp = (uint8_t*)&sbox_inv[box_idx][0];
}
for (i = 0; i<16; i += 2) {
t = sbp[i / 2];
sb.b[i + 0] = LO_NIBBLE(t);
sb.b[i + 1] = HI_NIBBLE(t);
}
permute(&tmp_blk, blk, SERPENT_IP);
for (i = 0; i<SERPENT_BLOCK_SIZE; i++) {
t = tmp_blk.b[i];
tmp_blk.b[i] = (sb.b[HI_NIBBLE(t)] << 4) | sb.b[LO_NIBBLE(t)];
}
permute(blk, &tmp_blk, SERPENT_FP);
}
static void serpent_lt(serpent_blk* x, int enc)
{
uint32_t x0, x1, x2, x3;
/* load */
x0 = x->w[0];
x1 = x->w[1];
x2 = x->w[2];
x3 = x->w[3];
if (enc == SERPENT_DECRYPT) {
x2 = ROTL32(x2, 10);
x0 = ROTR32(x0, 5);
x2 ^= x3 ^ (x1 << 7);
x0 ^= x1 ^ x3;
x3 = ROTR32(x3, 7);
x1 = ROTR32(x1, 1);
x3 ^= x2 ^ (x0 << 3);
x1 ^= x0 ^ x2;
x2 = ROTR32(x2, 3);
x0 = ROTR32(x0, 13);
}
else {
x0 = ROTL32(x0, 13);
x2 = ROTL32(x2, 3);
x1 ^= x0 ^ x2;
x3 ^= x2 ^ (x0 << 3);
x1 = ROTL32(x1, 1);
x3 = ROTL32(x3, 7);
x0 ^= x1 ^ x3;
x2 ^= x3 ^ (x1 << 7);
x0 = ROTL32(x0, 5);
x2 = ROTR32(x2, 10);
}
x->w[0] = x0;
x->w[1] = x1;
x->w[2] = x2;
x->w[3] = x3;
}
void serpent_set_encrypt_key(serpent_key_t *key, const unsigned char *user_key)
{
union {
uint8_t b[32];
uint32_t w[8];
} s_ws;
uint32_t i, j;
/* copy key input to local buffer */
memcpy(&s_ws.b[0], user_key, SERPENT_KEY256);
/* expand the key */
for (i = 0; i <= SERPENT_ROUNDS; i++) {
for (j = 0; j<4; j++) {
key->x[i][j] = serpent_gen_w(s_ws.w, i * 4 + j);
memmove(&s_ws.b, &s_ws.b[4], 7 * 4);
s_ws.w[7] = key->x[i][j];
}
serpent_subbytes((serpent_blk*)&key->x[i], 3 - i, SERPENT_ENCRYPT);
}
}
void serpent_set_decrypt_key(serpent_key_t *key, const unsigned char *user_key)
{
union {
uint8_t b[32];
uint32_t w[8];
} s_ws;
uint32_t i, j;
/* copy key input to local buffer */
memcpy(&s_ws.b[0], user_key, SERPENT_KEY256);
/* expand the key */
for (i = 0; i <= SERPENT_ROUNDS; i++) {
for (j = 0; j<4; j++) {
key->x[i][j] = serpent_gen_w(s_ws.w, i * 4 + j);
memmove(&s_ws.b, &s_ws.b[4], 7 * 4);
s_ws.w[7] = key->x[i][j];
}
serpent_subbytes((serpent_blk*)&key->x[i], 3 - i, SERPENT_ENCRYPT);
}
}
void serpent_encrypt(const void *in, void *out, serpent_key_t *key)
{
int8_t i;
serpent_blk *_out = out;
memcpy(out, in, SERPENT_BLOCK_SIZE);
i = 0;
for (;;) {
/* xor with subkey */
serpent_whiten(_out, key, i);
/* apply sbox */
serpent_subbytes(_out, i, SERPENT_ENCRYPT);
if (++i == SERPENT_ROUNDS)
break;
/* linear transformation */
serpent_lt(_out, SERPENT_ENCRYPT);
}
serpent_whiten(_out, key, i);
}
void serpent_decrypt(const void *in, void *out, serpent_key_t *key)
{
int8_t i;
serpent_blk *_out = out;
memcpy(out, in, SERPENT_BLOCK_SIZE);
i = SERPENT_ROUNDS;
serpent_whiten(_out, key, i);
for (;;) {
--i;
/* apply sbox */
serpent_subbytes(_out, i, SERPENT_DECRYPT);
/* xor with subkey */
serpent_whiten(_out, key, i);
if (i == 0)
break;
/* linear transformation */
serpent_lt(_out, SERPENT_DECRYPT);
}
}

112
crypto/serpent/serpent_locl.h
View File

@@ -1,112 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/**
Copyright © 2015 Odzhan
Copyright © 2008 Daniel Otte
All Rights Reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY AUTHORS "AS IS" AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE. */
#include <openssl/opensslconf.h>
#include <openssl/e_os2.h>
#include <openssl/serpent.h>
#ifdef INTRINSICS
#define memcpy(x,y,z) __movsb(x,y,z)
#define memmove(x,y,z) __movsb(x,y,z)
#define memset(x,y,z) __stosb(x,y,z)
#define ROTL32(x,r) _rotl(x,r)
#define ROTR32(x,r) _rotr(x,r)
#else
#define U8V(v) ((uint8_t)(v) & 0xFFU)
#define U16V(v) ((uint16_t)(v) & 0xFFFFU)
#define U32V(v) ((uint32_t)(v) & 0xFFFFFFFFUL)
#define U64V(v) ((uint64_t)(v) & 0xFFFFFFFFFFFFFFFFULL)
#define ROTL8(v, n) \
(U8V((v) << (n)) | ((v) >> (8 - (n))))
#define ROTL16(v, n) \
(U16V((v) << (n)) | ((v) >> (16 - (n))))
#define ROTL32(v, n) \
(U32V((v) << (n)) | ((v) >> (32 - (n))))
#define ROTL64(v, n) \
(U64V((v) << (n)) | ((v) >> (64 - (n))))
#define ROTR8(v, n) ROTL8(v, 8 - (n))
#define ROTR16(v, n) ROTL16(v, 16 - (n))
#define ROTR32(v, n) ROTL32(v, 32 - (n))
#define ROTR64(v, n) ROTL64(v, 64 - (n))
#endif
#define GOLDEN_RATIO 0x9e3779b9l

2
crypto/sm2/build.info
View File

@@ -1,3 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=sm2_err.c sm2_asn1.c sm2_id.c sm2_sign.c sm2_enc.c \
sm2_oct.c sm2_exch.c sm2_kmeth.c sm2_cosign.c
sm2_oct.c sm2_exch.c sm2_kmeth.c

68
crypto/sm2/sm2_asn1.c
View File

@@ -142,71 +142,3 @@ int i2d_SM2CiphertextValue_fp(FILE *fp, SM2CiphertextValue *a)
return ASN1_item_i2d_fp(ASN1_ITEM_rptr(SM2CiphertextValue), fp, a);
}
#endif
ASN1_SEQUENCE(SM2_COSIGNER1_SHARE) = {
ASN1_SIMPLE(SM2_COSIGNER1_SHARE, a, BIGNUM),
ASN1_SIMPLE(SM2_COSIGNER1_SHARE, b, BIGNUM)
} ASN1_SEQUENCE_END(SM2_COSIGNER1_SHARE)
IMPLEMENT_ASN1_FUNCTIONS(SM2_COSIGNER1_SHARE)
IMPLEMENT_ASN1_DUP_FUNCTION(SM2_COSIGNER1_SHARE)
ASN1_SEQUENCE(SM2_COSIGNER2_SHARE) = {
ASN1_SIMPLE(SM2_COSIGNER2_SHARE, a, BIGNUM),
ASN1_SIMPLE(SM2_COSIGNER2_SHARE, b, BIGNUM)
} ASN1_SEQUENCE_END(SM2_COSIGNER2_SHARE)
IMPLEMENT_ASN1_FUNCTIONS(SM2_COSIGNER2_SHARE)
IMPLEMENT_ASN1_DUP_FUNCTION(SM2_COSIGNER2_SHARE)
ASN1_SEQUENCE(SM2_COSIGNER1_PROOF) = {
ASN1_SIMPLE(SM2_COSIGNER1_PROOF, a, BIGNUM),
ASN1_SIMPLE(SM2_COSIGNER1_PROOF, b, BIGNUM)
} ASN1_SEQUENCE_END(SM2_COSIGNER1_PROOF)
IMPLEMENT_ASN1_FUNCTIONS(SM2_COSIGNER1_PROOF)
IMPLEMENT_ASN1_DUP_FUNCTION(SM2_COSIGNER1_PROOF)
ASN1_SEQUENCE(SM2_COSIGNER2_PROOF) = {
ASN1_SIMPLE(SM2_COSIGNER2_PROOF, a, BIGNUM),
ASN1_SIMPLE(SM2_COSIGNER2_PROOF, b, BIGNUM)
} ASN1_SEQUENCE_END(SM2_COSIGNER2_PROOF)
IMPLEMENT_ASN1_FUNCTIONS(SM2_COSIGNER2_PROOF)
IMPLEMENT_ASN1_DUP_FUNCTION(SM2_COSIGNER2_PROOF)
int i2d_SM2_COSIGNER1_SHARE_bio(BIO *bp, SM2_COSIGNER1_SHARE *a)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(SM2_COSIGNER1_SHARE), bp, a);
}
SM2_COSIGNER1_SHARE *d2i_SM2_COSIGNER1_SHARE_bio(BIO *bp, SM2_COSIGNER1_SHARE **a)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(SM2_COSIGNER1_SHARE), bp, a);
}
int i2d_SM2_COSIGNER2_SHARE_bio(BIO *bp, SM2_COSIGNER2_SHARE *a)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(SM2_COSIGNER2_SHARE), bp, a);
}
SM2_COSIGNER2_SHARE *d2i_SM2_COSIGNER2_SHARE_bio(BIO *bp, SM2_COSIGNER2_SHARE **a)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(SM2_COSIGNER2_SHARE), bp, a);
}
int i2d_SM2_COSIGNER1_PROOF_bio(BIO *bp, SM2_COSIGNER1_PROOF *a)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(SM2_COSIGNER1_PROOF), bp, a);
}
SM2_COSIGNER1_PROOF *d2i_SM2_COSIGNER1_PROOF_bio(BIO *bp, SM2_COSIGNER1_PROOF **a)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(SM2_COSIGNER1_PROOF), bp, a);
}
int i2d_SM2_COSIGNER2_PROOF_bio(BIO *bp, SM2_COSIGNER2_PROOF *a)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(SM2_COSIGNER2_PROOF), bp, a);
}
SM2_COSIGNER2_PROOF *d2i_SM2_COSIGNER2_PROOF_bio(BIO *bp, SM2_COSIGNER2_PROOF **a)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(SM2_COSIGNER2_PROOF), bp, a);
}

90
crypto/sm2/sm2_cosign.c
View File

@@ -1,90 +0,0 @@
/* ====================================================================
* Copyright (c) 2015 - 2019 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/sm2.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/obj_mac.h>
#include <openssl/paillier.h>
#include "../ec/ec_lcl.h"
#include "sm2_lcl.h"
SM2_COSIGNER1_SHARE *SM2_cosigner1_setup(BIGNUM **k1, EC_KEY *ec_key, PAILLIER *pk)
{
SM2err(SM2_F_SM2_COSIGNER1_SETUP, SM2_R_NOT_IMPLEMENTED);
return NULL;
}
SM2_COSIGNER2_SHARE *SM2_cosigner2_setup(const SM2_COSIGNER1_SHARE *s1, BIGNUM **k2, EC_KEY *ec_key, PAILLIER *pk)
{
SM2err(SM2_F_SM2_COSIGNER2_SETUP, SM2_R_NOT_IMPLEMENTED);
return NULL;
}
SM2_COSIGNER1_PROOF *SM2_cosigner1_generate_proof(EC_KEY *ec_key, PAILLIER *pk)
{
SM2err(SM2_F_SM2_COSIGNER1_GENERATE_PROOF, SM2_R_NOT_IMPLEMENTED);
return NULL;
}
SM2_COSIGNER2_PROOF *SM2_cosigner2_generate_proof(EC_KEY *ec_key, PAILLIER *pk)
{
SM2err(SM2_F_SM2_COSIGNER2_GENERATE_PROOF, SM2_R_NOT_IMPLEMENTED);
return NULL;
}
ECDSA_SIG *SM2_cosigner1_generate_signature(EC_KEY *ec_key, PAILLIER *pk)
{
SM2err(SM2_F_SM2_COSIGNER1_GENERATE_SIGNATURE, SM2_R_NOT_IMPLEMENTED);
return NULL;
}

1
crypto/sm3/asm/sm3-586.pl
View File

@@ -1 +0,0 @@
#! /usr/bin/env perl

288
crypto/sm3/asm/sm3-x86_64.pl
View File

@@ -1 +1,289 @@
#! /usr/bin/env perl
$flavour = shift;
$output = shift;
if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$avx = ($1>=2.19) + ($1>=2.22);
}
if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
$avx = ($1>=2.09) + ($1>=2.10);
}
if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./) {
$avx = ($1>=10) + ($1>=11);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}
$avx=1 if ($avx);
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
*STDOUT=*OUT;
$func="sm3_block_data_order";
$TABLE="K256";
$SZ=4;
@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
"%r8d","%r9d","%r10d","%r11d");
($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%edi");
@Sigma0=( 2,13,22);
@Sigma1=( 6,11,25);
@sigma0=( 7,18, 3);
@sigma1=(17,19,10);
$rounds=64;
$ctx="%rdi"; # 1st arg, zapped by $a3
$inp="%rsi"; # 2nd arg
$Tbl="%rbp";
$_ctx="16*$SZ+0*8(%rsp)";
$_inp="16*$SZ+1*8(%rsp)";
$_end="16*$SZ+2*8(%rsp)";
$_rsp="16*$SZ+3*8(%rsp)";
$framesz="16*$SZ+4*8";
sub ROUND_00_15()
{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
my $STRIDE=$SZ;
$STRIDE += 16 if ($i%(16/$SZ)==(16/$SZ-1));
$code.=<<___;
ror \$`$Sigma1[2]-$Sigma1[1]`,$a0
mov $f,$a2
xor $e,$a0
ror \$`$Sigma0[2]-$Sigma0[1]`,$a1
xor $g,$a2 # f^g
mov $T1,`$SZ*($i&0xf)`(%rsp)
xor $a,$a1
and $e,$a2 # (f^g)&e
ror \$`$Sigma1[1]-$Sigma1[0]`,$a0
add $h,$T1 # T1+=h
xor $g,$a2 # Ch(e,f,g)=((f^g)&e)^g
ror \$`$Sigma0[1]-$Sigma0[0]`,$a1
xor $e,$a0
add $a2,$T1 # T1+=Ch(e,f,g)
mov $a,$a2
add ($Tbl),$T1 # T1+=K[round]
xor $a,$a1
xor $b,$a2 # a^b, b^c in next round
ror \$$Sigma1[0],$a0 # Sigma1(e)
mov $b,$h
and $a2,$a3
ror \$$Sigma0[0],$a1 # Sigma0(a)
add $a0,$T1 # T1+=Sigma1(e)
xor $a3,$h # h=Maj(a,b,c)=Ch(a^b,c,b)
add $T1,$d # d+=T1
add $T1,$h # h+=T1
lea $STRIDE($Tbl),$Tbl # round++
___
$code.=<<___ if ($i<15);
add $a1,$h # h+=Sigma0(a)
___
($a2,$a3) = ($a3,$a2);
}
sub ROUND_16_XX()
{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
$code.=<<___;
mov `$SZ*(($i+1)&0xf)`(%rsp),$a0
mov `$SZ*(($i+14)&0xf)`(%rsp),$a2
mov $a0,$T1
ror \$`$sigma0[1]-$sigma0[0]`,$a0
add $a1,$a # modulo-scheduled h+=Sigma0(a)
mov $a2,$a1
ror \$`$sigma1[1]-$sigma1[0]`,$a2
xor $T1,$a0
shr \$$sigma0[2],$T1
ror \$$sigma0[0],$a0
xor $a1,$a2
shr \$$sigma1[2],$a1
ror \$$sigma1[0],$a2
xor $a0,$T1 # sigma0(X[(i+1)&0xf])
xor $a1,$a2 # sigma1(X[(i+14)&0xf])
add `$SZ*(($i+9)&0xf)`(%rsp),$T1
add `$SZ*($i&0xf)`(%rsp),$T1
mov $e,$a0
add $a2,$T1
mov $a,$a1
___
&ROUND_00_15(@_);
}
$code=<<___;
.text
.extern OPENSSL_ia32cap_P
.globl $func
.type $func,\@function,3
.align 16
$func:
___
$code.=<<___;
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
mov %rsp,%r11 # copy %rsp
shl \$4,%rdx # num*16
sub \$$framesz,%rsp
lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ
and \$-64,%rsp # align stack frame
mov $ctx,$_ctx # save ctx, 1st arg
mov $inp,$_inp # save inp, 2nd arh
mov %rdx,$_end # save end pointer, "3rd" arg
mov %r11,$_rsp # save copy of %rsp
.Lprologue:
mov $SZ*0($ctx),$A
mov $SZ*1($ctx),$B
mov $SZ*2($ctx),$C
mov $SZ*3($ctx),$D
mov $SZ*4($ctx),$E
mov $SZ*5($ctx),$F
mov $SZ*6($ctx),$G
mov $SZ*7($ctx),$H
jmp .Lloop
.align 16
.Lloop:
mov $B,$a3
lea $TABLE(%rip),$Tbl
xor $C,$a3 # magic
___
for($i=0;$i<16;$i++) {
$code.=" mov $SZ*$i($inp),$T1\n";
$code.=" mov @ROT[4],$a0\n";
$code.=" mov @ROT[0],$a1\n";
$code.=" bswap $T1\n";
&ROUND_00_15($i,@ROT);
unshift(@ROT,pop(@ROT));
}
$code.=<<___;
jmp .Lrounds_16_xx
.align 16
.Lrounds_16_xx:
___
for(;$i<32;$i++) {
&ROUND_16_XX($i,@ROT);
unshift(@ROT,pop(@ROT));
}
$code.=<<___;
cmpb \$0,`$SZ-1`($Tbl)
jnz .Lrounds_16_xx
mov $_ctx,$ctx
add $a1,$A # modulo-scheduled h+=Sigma0(a)
lea 16*$SZ($inp),$inp
add $SZ*0($ctx),$A
add $SZ*1($ctx),$B
add $SZ*2($ctx),$C
add $SZ*3($ctx),$D
add $SZ*4($ctx),$E
add $SZ*5($ctx),$F
add $SZ*6($ctx),$G
add $SZ*7($ctx),$H
cmp $_end,$inp
mov $A,$SZ*0($ctx)
mov $B,$SZ*1($ctx)
mov $C,$SZ*2($ctx)
mov $D,$SZ*3($ctx)
mov $E,$SZ*4($ctx)
mov $F,$SZ*5($ctx)
mov $G,$SZ*6($ctx)
mov $H,$SZ*7($ctx)
jb .Lloop
mov $_rsp,%rsi
mov (%rsi),%r15
mov 8(%rsi),%r14
mov 16(%rsi),%r13
mov 24(%rsi),%r12
mov 32(%rsi),%rbp
mov 40(%rsi),%rbx
lea 48(%rsi),%rsp
.Lepilogue:
ret
.size $func,.-$func
___
$code.=<<___;
.align 64
.type $TABLE,\@object
$TABLE:
.long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
.long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
.long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
.long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
.long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
.long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
.long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
.long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
.long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
.long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
.long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
.long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
.long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
.long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
.long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
.long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
.long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
.long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
.long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
.long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
.long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
.long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
.long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
.long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
.long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
.long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
.long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
.long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
.long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
.long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
.long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
.long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
.long 0x03020100,0x0b0a0908,0xffffffff,0xffffffff
.long 0x03020100,0x0b0a0908,0xffffffff,0xffffffff
.long 0xffffffff,0xffffffff,0x03020100,0x0b0a0908
.long 0xffffffff,0xffffffff,0x03020100,0x0b0a0908
___
close STDOUT;

83
crypto/sm3/sm3.c
View File

@@ -53,6 +53,7 @@
void sm3_init(sm3_ctx_t *ctx)
{
memset(ctx, 0, sizeof(*ctx));
ctx->digest[0] = 0x7380166F;
ctx->digest[1] = 0x4914B2B9;
ctx->digest[2] = 0x172442D7;
@@ -61,12 +62,9 @@ void sm3_init(sm3_ctx_t *ctx)
ctx->digest[5] = 0x163138AA;
ctx->digest[6] = 0xE38DEE4D;
ctx->digest[7] = 0xB0FB0E4E;
ctx->nblocks = 0;
ctx->num = 0;
}
void sm3_update(sm3_ctx_t *ctx, const unsigned char* data, size_t data_len)
void sm3_update(sm3_ctx_t *ctx, const unsigned char *data, size_t data_len)
{
if (ctx->num) {
unsigned int left = SM3_BLOCK_SIZE - ctx->num;
@@ -119,24 +117,20 @@ void sm3_final(sm3_ctx_t *ctx, unsigned char *digest)
}
}
#define ROTATELEFT(X,n) (((X)<<(n)) | ((X)>>(32-(n))))
#define ROTL(x,n) (((x)<<(n)) | ((x)>>(32-(n))))
#define P0(x) ((x) ^ ROTL((x), 9) ^ ROTL((x),17))
#define P1(x) ((x) ^ ROTL((x),15) ^ ROTL((x),23))
#define P0(x) ((x) ^ ROTATELEFT((x),9) ^ ROTATELEFT((x),17))
#define P1(x) ((x) ^ ROTATELEFT((x),15) ^ ROTATELEFT((x),23))
#define FF0(x,y,z) ( (x) ^ (y) ^ (z))
#define FF1(x,y,z) (((x) & (y)) | ( (x) & (z)) | ( (y) & (z)))
#define GG0(x,y,z) ( (x) ^ (y) ^ (z))
#define GG1(x,y,z) (((x) & (y)) | ( (~(x)) & (z)) )
#define FF00(x,y,z) ((x) ^ (y) ^ (z))
#define FF16(x,y,z) (((x)&(y)) | ((x)&(z)) | ((y)&(z)))
#define GG00(x,y,z) ((x) ^ (y) ^ (z))
#define GG16(x,y,z) (((x)&(y)) | ((~(x))&(z)))
#define T00 0x79CC4519
#define T16 0x7A879D8A
void sm3_compress(uint32_t digest[8], const unsigned char block[64])
{
int j;
uint32_t W[68], W1[64];
const uint32_t *pblock = (const uint32_t *)block;
uint32_t A = digest[0];
uint32_t B = digest[1];
uint32_t C = digest[2];
@@ -145,48 +139,47 @@ void sm3_compress(uint32_t digest[8], const unsigned char block[64])
uint32_t F = digest[5];
uint32_t G = digest[6];
uint32_t H = digest[7];
uint32_t SS1,SS2,TT1,TT2,T[64];
const uint32_t *pblock = (const uint32_t *)block;
uint32_t W[68], W1[64];
uint32_t SS1, SS2, TT1, TT2;
int j;
for (j = 0; j < 16; j++)
W[j] = cpu_to_be32(pblock[j]);
for (; j < 68; j++)
W[j] = P1(W[j - 16] ^ W[j - 9] ^ ROTL(W[j - 3], 15))
^ ROTL(W[j - 13], 7) ^ W[j - 6];
for(j = 0; j < 64; j++)
W1[j] = W[j] ^ W[j + 4];
for (j = 0; j < 16; j++) {
W[j] = cpu_to_be32(pblock[j]);
}
for (j = 16; j < 68; j++) {
W[j] = P1( W[j-16] ^ W[j-9] ^ ROTATELEFT(W[j-3],15)) ^ ROTATELEFT(W[j - 13],7 ) ^ W[j-6];;
}
for( j = 0; j < 64; j++) {
W1[j] = W[j] ^ W[j+4];
}
for(j =0; j < 16; j++) {
T[j] = 0x79CC4519;
SS1 = ROTATELEFT((ROTATELEFT(A,12) + E + ROTATELEFT(T[j],j)), 7);
SS2 = SS1 ^ ROTATELEFT(A,12);
TT1 = FF0(A,B,C) + D + SS2 + W1[j];
TT2 = GG0(E,F,G) + H + SS1 + W[j];
SS1 = ROTL((ROTL(A, 12) + E + ROTL(T00, j)), 7);
SS2 = SS1 ^ ROTL(A, 12);
TT1 = FF00(A, B, C) + D + SS2 + W1[j];
TT2 = GG00(E, F, G) + H + SS1 + W[j];
D = C;
C = ROTATELEFT(B,9);
C = ROTL(B, 9);
B = A;
A = TT1;
H = G;
G = ROTATELEFT(F,19);
G = ROTL(F, 19);
F = E;
E = P0(TT2);
}
for(j =16; j < 64; j++) {
T[j] = 0x7A879D8A;
SS1 = ROTATELEFT((ROTATELEFT(A,12) + E + ROTATELEFT(T[j],j%32)), 7);
SS2 = SS1 ^ ROTATELEFT(A,12);
TT1 = FF1(A,B,C) + D + SS2 + W1[j];
TT2 = GG1(E,F,G) + H + SS1 + W[j];
for (; j < 64; j++) {
SS1 = ROTL((ROTL(A, 12) + E + ROTL(T16, j % 32)), 7);
SS2 = SS1 ^ ROTL(A, 12);
TT1 = FF16(A, B, C) + D + SS2 + W1[j];
TT2 = GG16(E, F, G) + H + SS1 + W[j];
D = C;
C = ROTATELEFT(B,9);
C = ROTL(B, 9);
B = A;
A = TT1;
H = G;
G = ROTATELEFT(F,19);
G = ROTL(F, 19);
F = E;
E = P0(TT2);
}

1
crypto/sm3/sm3_hmac.c
View File

@@ -122,4 +122,3 @@ void sm3_hmac(const unsigned char *data, size_t data_len,
sm3_hmac_final(&ctx, mac);
memset(&ctx, 0, sizeof(ctx));
}

0
crypto/sm9/sm9_asn1.c Normal file → Executable file
View File

0
crypto/sm9/sm9_enc.c Normal file → Executable file
View File

0
crypto/sm9/sm9_err.c Normal file → Executable file
View File

0
crypto/sm9/sm9_exch.c Normal file → Executable file
View File

5
crypto/sm9/sm9_keygen.c Normal file → Executable file
View File

@@ -50,8 +50,6 @@
#include <string.h>
#include <openssl/err.h>
#include <openssl/sm9.h>
#include <openssl/ec_type1.h>
#include <openssl/bn_hash.h>
#include "sm9_lcl.h"
@@ -304,8 +302,7 @@ SM9_KEY *SM9_MASTER_KEY_extract_key(SM9_MASTER_KEY *master,
sk = NULL;
end:
SM9PrivateKey_free(sk);
EC_GROUP_clear_free(group);
EC_GROUP_free(group);
if (ctx) {
BN_CTX_end(ctx);
}

86
crypto/sm9/sm9_lib.c Normal file → Executable file
View File

@@ -51,9 +51,11 @@
#include <openssl/err.h>
#include <openssl/sm9.h>
#include <openssl/crypto.h>
#include <openssl/bn_hash.h>
#include "../bn/bn_lcl.h"
#include "sm9_lcl.h"
static int BN_hash_to_range(const EVP_MD *md, BIGNUM **bn,
const void *s, size_t slen, const BIGNUM *range, BN_CTX *bn_ctx);
#if 0
typedef struct {
@@ -231,3 +233,85 @@ int sm9_check_sign_scheme(int nid)
{
return 1;
}
int BN_hash_to_range(const EVP_MD *md, BIGNUM **bn,
const void *s, size_t slen, const BIGNUM *range, BN_CTX *bn_ctx)
{
int ret = 0;
BIGNUM *r = NULL;
BIGNUM *a = NULL;
unsigned char *buf = NULL;
size_t buflen, mdlen;
int nbytes, rounds, i;
if (!s || slen <= 0 || !md || !range) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(*bn)) {
if (!(r = BN_new())) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
r = *bn;
BN_zero(r);
}
mdlen = EVP_MD_size(md);
buflen = mdlen + slen;
if (!(buf = OPENSSL_malloc(buflen))) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_MALLOC_FAILURE);
goto end;
}
memset(buf, 0, mdlen);
memcpy(buf + mdlen, s, slen);
a = BN_new();
if (!a) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_MALLOC_FAILURE);
goto end;
}
nbytes = BN_num_bytes(range);
rounds = (nbytes + mdlen - 1)/mdlen;
if (!bn_expand(r, rounds * mdlen * 8)) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_BN_LIB);
goto end;
}
for (i = 0; i < rounds; i++) {
if (!EVP_Digest(buf, buflen, buf, (unsigned int *)&mdlen, md, NULL)) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_EVP_LIB);
goto end;
}
if (!BN_bin2bn(buf, mdlen, a)) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_BN_LIB);
goto end;
}
if (!BN_lshift(r, r, mdlen * 8)) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_BN_LIB);
goto end;
}
if (!BN_uadd(r, r, a)) {
goto end;
}
}
if (!BN_mod(r, r, range, bn_ctx)) {
//BNerr(BN_F_BN_HASH_TO_RANGE, ERR_R_BN_LIB);
goto end;
}
*bn = r;
ret = 1;
end:
if (!ret && !(*bn)) {
BN_free(r);
}
BN_free(a);
OPENSSL_free(buf);
return ret;
}

0
crypto/sm9/sm9_params.c Normal file → Executable file
View File

0
crypto/sm9/sm9_pmeth.c Normal file → Executable file
View File

1
crypto/sm9/sm9_rate.c
View File

@@ -2659,7 +2659,6 @@ int rate_pairing(fp12_t r, const point_t *Q, const EC_POINT *P, BN_CTX *ctx)
BN_free(xP);
BN_free(yP);
EC_GROUP_clear_free(group);
return ret;
}

0
crypto/sm9/sm9_setup.c Normal file → Executable file
View File

8
crypto/sm9/sm9_sign.c Normal file → Executable file
View File

@@ -51,8 +51,6 @@
#include <openssl/err.h>
#include <openssl/sm9.h>
#include <openssl/ec.h>
#include <openssl/ec_type1.h>
#include <openssl/bn_gfp2.h>
#include "sm9_lcl.h"
@@ -198,8 +196,6 @@ end:
BN_free(r);
point_cleanup(&Ppubs);
fp12_cleanup(w);
BN_CTX_end(bn_ctx);
BN_CTX_free(bn_ctx);
return ret;
}
@@ -357,7 +353,9 @@ end:
point_cleanup(&P);
fp12_cleanup(w);
fp12_cleanup(u);
BN_CTX_end(bn_ctx);
if (bn_ctx) {
BN_CTX_end(bn_ctx);
}
BN_CTX_free(bn_ctx);
return ret;
}

4
crypto/sof/build.info
View File

@@ -1,4 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
sof_err.c \
sof_lib.c

95
crypto/sof/sof_err.c
View File

@@ -1,95 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gmsof.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SOF,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SOF,0,reason)
static ERR_STRING_DATA SOF_str_functs[] = {
{ERR_FUNC(SOF_F_SOF_CHANGEPASSWD), "SOF_ChangePassWd"},
{ERR_FUNC(SOF_F_SOF_CREATETIMESTAMPREQUEST),
"SOF_CreateTimeStampRequest"},
{ERR_FUNC(SOF_F_SOF_CREATETIMESTAMPRESPONSE),
"SOF_CreateTimeStampResponse"},
{ERR_FUNC(SOF_F_SOF_DECRYPTDATA), "SOF_DecryptData"},
{ERR_FUNC(SOF_F_SOF_DECRYPTFILE), "SOF_DecryptFile"},
{ERR_FUNC(SOF_F_SOF_DELCERTTRUSTLIST), "SOF_DelCertTrustList"},
{ERR_FUNC(SOF_F_SOF_ENCRYPTDATA), "SOF_EncryptData"},
{ERR_FUNC(SOF_F_SOF_ENCRYPTFILE), "SOF_EncryptFile"},
{ERR_FUNC(SOF_F_SOF_EXPORTEXCHANGEUSERCERT),
"SOF_ExportExchangeUserCert"},
{ERR_FUNC(SOF_F_SOF_EXPORTUSERCERT), "SOF_ExportUserCert"},
{ERR_FUNC(SOF_F_SOF_G), "SOF_GenRandom"},
{ERR_FUNC(SOF_F_SOF_GENRANDOM), "SOF_GenRandom"},
{ERR_FUNC(SOF_F_SOF_GETCERTINFO), "SOF_GetCertInfo"},
{ERR_FUNC(SOF_F_SOF_GETCERTINFOBYOID), "SOF_GetCertInfoByOid"},
{ERR_FUNC(SOF_F_SOF_GETCERTTRUSTLIST), "SOF_GetCertTrustList"},
{ERR_FUNC(SOF_F_SOF_GETCERTTRUSTLISTALTNAMES),
"SOF_GetCertTrustListAltNames"},
{ERR_FUNC(SOF_F_SOF_GETDEVICEINFO), "SOF_GetDeviceInfo"},
{ERR_FUNC(SOF_F_SOF_GETENCRYPTMETHOD), "SOF_GetEncryptMethod"},
{ERR_FUNC(SOF_F_SOF_GETINFOFROMSIGNEDMESSAGE),
"SOF_GetInfoFromSignedMessage"},
{ERR_FUNC(SOF_F_SOF_GETLASTERROR), "SOF_GetLastError"},
{ERR_FUNC(SOF_F_SOF_GETPINRETRYCOUNT), "SOF_GetPinRetryCount"},
{ERR_FUNC(SOF_F_SOF_GETSERVERCERTIFICATE), "SOF_GetServerCertificate"},
{ERR_FUNC(SOF_F_SOF_GETSIGNMETHOD), "SOF_GetSignMethod"},
{ERR_FUNC(SOF_F_SOF_GETTIMESTAMPINFO), "SOF_GetTimeStampInfo"},
{ERR_FUNC(SOF_F_SOF_GETUSERLIST), "SOF_GetUserList"},
{ERR_FUNC(SOF_F_SOF_GETVERSION), "SOF_GetVersion"},
{ERR_FUNC(SOF_F_SOF_GETXMLSIGNATUREINFO), "SOF_GetXMLSignatureInfo"},
{ERR_FUNC(SOF_F_SOF_INITCERTAPPPOLICY), "SOF_InitCertAppPolicy"},
{ERR_FUNC(SOF_F_SOF_LOGIN), "SOF_Login"},
{ERR_FUNC(SOF_F_SOF_SETCERTTRUSTLIST), "SOF_SetCertTrustList"},
{ERR_FUNC(SOF_F_SOF_SETENCRYPTMETHOD), "SOF_SetEncryptMethod"},
{ERR_FUNC(SOF_F_SOF_SETSIGNMETHOD), "SOF_SetSignMethod"},
{ERR_FUNC(SOF_F_SOF_SIGNDATA), "SOF_SignData"},
{ERR_FUNC(SOF_F_SOF_SIGNDATAXML), "SOF_SignDataXML"},
{ERR_FUNC(SOF_F_SOF_SIGNFILE), "SOF_SignFile"},
{ERR_FUNC(SOF_F_SOF_SIGNMESSAGE), "SOF_SignMessage"},
{ERR_FUNC(SOF_F_SOF_SIGNMESSAGEDETACH), "SOF_SignMessageDetach"},
{ERR_FUNC(SOF_F_SOF_VALIDATECERT), "SOF_ValidateCert"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDDATA), "SOF_VerifySignedData"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDDATAXML), "SOF_VerifySignedDataXML"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDFILE), "SOF_VerifySignedFile"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDMESSAGE), "SOF_VerifySignedMessage"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDMESSAGEDETACH),
"SOF_VerifySignedMessageDetach"},
{ERR_FUNC(SOF_F_SOF_VERIFYTIMESTAMP), "SOF_VerifyTimeStamp"},
{0, NULL}
};
static ERR_STRING_DATA SOF_str_reasons[] = {
{ERR_REASON(SOF_R_DECODE_FAILURE), "decode failure"},
{ERR_REASON(SOF_R_INVALID_CERT_ATTRIBUTE), "invalid cert attribute"},
{ERR_REASON(SOF_R_NOT_IMPLEMENTED), "not implemented"},
{ERR_REASON(SOF_R_READ_FILE_FAILURE), "read file failure"},
{0, NULL}
};
#endif
int ERR_load_SOF_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SOF_str_functs[0].error) == NULL) {
ERR_load_strings(0, SOF_str_functs);
ERR_load_strings(0, SOF_str_reasons);
}
#endif
return 1;
}

573
crypto/sof/sof_lib.c
View File

@@ -1,573 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/gmsaf.h>
#include <openssl/gmsof.h>
#include <openssl/crypto.h>
#include "../../e_os.h"
static SOF_LONG sof_sign_method = SGD_SM2;
static SOF_LONG sof_enc_method = SGD_SM4_CBC;
static SOF_LONG sof_last_error = SOR_OK;
static void *sof_app = NULL;
static int sof_user_type = SGD_ROLE_USER;
static int sof_read_file(const char *path, unsigned char **pdata,
unsigned int *pdatalen)
{
return 0;
}
static char *sof_encode(const unsigned char *bin, unsigned int binlen)
{
return NULL;
}
#if 0
static int sof_decode(const char *b64, unsigned char **pdata, unsigned int *pdatalen)
{
return 0;
}
#endif
SOF_BSTR SOF_GetVersion(void)
{
return OPENSSL_strdup(OpenSSL_version(0));
}
SOF_LONG SOF_SetSignMethod(SOF_LONG SignMethod)
{
sof_sign_method = SignMethod;
return SOR_OK;
}
SOF_LONG SOF_GetSignMethod(void)
{
return sof_sign_method;
}
SOF_LONG SOF_SetEncryptMethod(SOF_LONG EncryptMethod)
{
sof_enc_method = EncryptMethod;
return SOR_OK;
}
SOF_LONG SOF_GetEncryptMethod(void)
{
return sof_enc_method;
}
/* list installed client's certificates */
SOF_BSTR SOF_GetUserList(void)
{
SOFerr(SOF_F_SOF_GETUSERLIST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
/* we need an reference to engine */
SOF_BSTR SOF_ExportUserCert(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_EXPORTUSERCERT, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_Login(SOF_BSTR ContainerName, SOF_BSTR PassWd)
{
unsigned int uiRemainCount;
int rv;
if ((rv = SAF_Login(
sof_app,
sof_user_type,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
(unsigned char *)PassWd,
(unsigned int)strlen(PassWd),
&uiRemainCount)) != SAR_Ok) {
SOFerr(SOF_F_SOF_LOGIN, ERR_R_SAF_LIB);
return SGD_FALSE;
}
return SGD_TRUE;
}
SOF_LONG SOF_GetPinRetryCount(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_GETPINRETRYCOUNT, SOF_R_NOT_IMPLEMENTED);
return SOR_NotSupportYetErr;
}
SOF_BOOL SOF_ChangePassWd(SOF_BSTR ContainerName, SOF_BSTR OldPassWd, SOF_BSTR NewPassWd)
{
int rv;
unsigned int uiRemainCount;
if ((rv = SAF_ChangePin(
sof_app,
sof_user_type,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
(unsigned char *)OldPassWd,
(unsigned int)strlen(OldPassWd),
(unsigned char *)NewPassWd,
(unsigned int)strlen(NewPassWd),
&uiRemainCount)) != SAR_Ok) {
SOFerr(SOF_F_SOF_CHANGEPASSWD, ERR_R_SAF_LIB);
return SGD_FALSE;
}
return SGD_TRUE;
}
SOF_BSTR SOF_ExportExchangeUserCert(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_EXPORTEXCHANGEUSERCERT, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
/* `type` defined as SGD_CERT_XXX, SGD_EXT_XXX in sgd.h */
SOF_BSTR SOF_GetCertInfo(SOF_BSTR Base64EncodeCert, SOF_SHORT Type)
{
char *ret = NULL;
switch (Type) {
case SGD_CERT_VERSION:
case SGD_CERT_SERIAL:
case SGD_CERT_ISSUER:
case SGD_CERT_VALID_TIME:
case SGD_CERT_SUBJECT:
case SGD_CERT_DER_PUBLIC_KEY:
case SGD_CERT_DER_EXTENSIONS:
case SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO:
case SGD_EXT_SUBJECTKEYIDENTIFIER_INFO:
case SGD_EXT_KEYUSAGE_INFO:
case SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO:
case SGD_EXT_CERTIFICATEPOLICIES_INFO:
case SGD_EXT_POLICYMAPPINGS_INFO:
case SGD_EXT_BASICCONSTRAINTS_INFO:
case SGD_EXT_POLICYCONSTRAINTS_INFO:
case SGD_EXT_EXTKEYUSAGE_INFO:
case SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO:
case SGD_EXT_NETSCAPE_CERT_TYPE_INFO:
case SGD_EXT_SELFDEFINED_EXTENSION_INFO:
case SGD_CERT_ISSUER_CN:
case SGD_CERT_ISSUER_O:
case SGD_CERT_ISSUER_OU:
case SGD_CERT_SUBJECT_CN:
case SGD_CERT_SUBJECT_O:
case SGD_CERT_SUBJECT_OU:
case SGD_CERT_SUBJECT_EMAIL:
case SGD_CERT_NOTBEFORE_TIME:
case SGD_CERT_NOTAFTER_TIME:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED);
goto end;
default:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_INVALID_CERT_ATTRIBUTE);
goto end;
}
end:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED);
return ret;
}
SOF_BSTR SOF_GetCertInfoByOid(SOF_BSTR Base64EncodeCert, SOF_BSTR Oid)
{
SOFerr(SOF_F_SOF_GETCERTINFOBYOID, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GetDeviceInfo(SOF_BSTR ContainerName, SOF_LONG Type)
{
SOFerr(SOF_F_SOF_GETDEVICEINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_ValidateCert(SOF_BSTR Base64EncodeCert)
{
SOFerr(SOF_F_SOF_VALIDATECERT, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_SignData(SOF_BSTR ContainerName, SOF_BSTR InData)
{
char *ret = NULL;
char *b64 = NULL;
unsigned int uiHashAlgoType = SGD_SM3;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen = strlen(InData) + 128;
unsigned char pucSignature[256];
unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature);
int rv;
if (!(pucInData = OPENSSL_malloc(uiInDataLen))) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (SAF_Base64_Decode((unsigned char *)InData, (unsigned int)strlen(InData),
pucInData, &uiInDataLen) != SOR_OK) {
SOFerr(SOF_F_SOF_SIGNDATA, SOF_R_DECODE_FAILURE);
goto end;
}
if (SOF_GetSignMethod() == SGD_SM2) {
if ((rv = SAF_RsaSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_SAF_LIB);
goto end;
}
} else {
if ((rv = SAF_EccSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_SAF_LIB);
goto end;
}
}
ret = SOR_OK;
end:
OPENSSL_free(b64);
OPENSSL_free(pucInData);
return ret;
}
SOF_BOOL SOF_VerifySignedData(SOF_BSTR Base64EncodeCert, SOF_BSTR InData, SOF_BSTR SignValue)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDDATA, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_SignFile(SOF_BSTR ContainerName, SOF_BSTR InFile)
{
SOF_BSTR ret = NULL;
char *b64 = NULL;
unsigned int uiHashAlgoType = SGD_SM3;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
unsigned char pucSignature[256];
unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature);
int rv;
if (!sof_read_file(InFile, &pucInData, &uiInDataLen)) {
SOFerr(SOF_F_SOF_SIGNFILE, SOF_R_READ_FILE_FAILURE);
return NULL;
}
if ((rv = SAF_EccSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNFILE, ERR_R_SAF_LIB);
goto end;
}
if (!(b64 = sof_encode(pucSignature, uiSignatureLen))) {
SOFerr(SOF_F_SOF_SIGNFILE, ERR_R_SOF_LIB);
goto end;
}
ret = b64;
b64 = NULL;
end:
OPENSSL_free(b64);
OPENSSL_free(pucInData);
return ret;
}
SOF_BOOL SOF_VerifySignedFile(SOF_BSTR Base64EncodeCert, SOF_BSTR InFile, SOF_BSTR SignValue)
{
return SGD_FALSE;
}
SOF_BSTR SOF_EncryptData(SOF_BSTR Base64EncodeCert, SOF_BSTR InData)
{
#if 0
char *ret = NULL;
unsigned char *pucCertificate = NULL;
unsigned int uiCertificateLen;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
int rv;
if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK
|| SOF_Decode(InData, &pucInData, &uiInDataLen) != SOR_OK
|| (rv = SAF_EccPublicKeyEncByCert(
pucCertificate,
uiCertificateLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
}
#endif
return NULL;
}
SOF_BSTR SOF_DecryptData(SOF_BSTR ContainerName, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_DECRYPTDATA, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_EncryptFile(SOF_BSTR Base64EncodeCert, SOF_BSTR InFile, SOF_BSTR OutFile)
{
int ret = SGD_FALSE;
#if 0
unsigned char *pucCertificate = NULL;
unsigned int uiCertificateLen;
int rv;
if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK) {
SOFerr(SOF_F_SOF_ENCRYPTFILE, SOF_R_DECODE_FAILURE);
goto end;
}
if ((rv = SAF_EccPublicKeyEncByCert(
pucCertificate,
uiCertificateLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_ENCRYPTFILE, ERR_R_SAF_LIB);
goto end;
}
ret = SGD_TRUE;
end:
OPENSSL_free(pucCertificate);
#endif
return ret;
}
SOF_BOOL SOF_DecryptFile(SOF_BSTR ContainerName, SOF_BSTR InFile, SOF_BSTR OutFile)
{
int ret = SGD_FALSE;
return ret;
}
SOF_BSTR SOF_SignMessage(SOF_SHORT flag, SOF_BSTR ContainerName, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_SIGNMESSAGE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_VerifySignedMessage(SOF_BSTR MessageData, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDMESSAGE, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetInfoFromSignedMessage(SOF_BSTR SignedMessage, SOF_SHORT Type)
{
SOFerr(SOF_F_SOF_GETINFOFROMSIGNEDMESSAGE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_SignDataXML(SOF_BSTR ContainerName, SOF_BSTR InData)
{
return NULL;
}
SOF_BOOL SOF_VerifySignedDataXML(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDDATAXML, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetXMLSignatureInfo(SOF_BSTR XMLSignedData, SOF_SHORT Type)
{
SOFerr(SOF_F_SOF_GETXMLSIGNATUREINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GenRandom(SOF_SHORT RandomLen)
{
char *ret = NULL;
char *b64 = NULL;
unsigned char *bin = NULL;
int rv;
if (!(bin = OPENSSL_malloc(RandomLen))
|| (rv = SAF_GenRandom(RandomLen, bin)) != SAR_Ok
|| !(b64 = sof_encode(bin, RandomLen))) {
SOFerr(SOF_F_SOF_GENRANDOM, ERR_R_SOF_LIB);
goto end;
}
end:
OPENSSL_free(bin);
OPENSSL_free(b64);
return ret;
}
SOF_LONG SOF_GetLastError(void)
{
return sof_last_error;
}
SOF_LONG SOF_SetCertTrustList(SOF_BSTR CTLAltName, SOF_BSTR CTLContent, SOF_SHORT CTLContentLen)
{
SOFerr(SOF_F_SOF_SETCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetCertTrustListAltNames(void)
{
SOFerr(SOF_F_SOF_GETCERTTRUSTLISTALTNAMES, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GetCertTrustList(SOF_BSTR CTLAltName)
{
SOFerr(SOF_F_SOF_GETCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_DelCertTrustList(SOF_BSTR CTLAltName)
{
SOFerr(SOF_F_SOF_DELCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_LONG SOF_InitCertAppPolicy(SOF_BSTR PolicyName)
{
SOFerr(SOF_F_SOF_INITCERTAPPPOLICY, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetServerCertificate(SOF_SHORT CertUsage)
{
SOFerr(SOF_F_SOF_GETSERVERCERTIFICATE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_SignMessageDetach(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_SIGNMESSAGEDETACH, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_VerifySignedMessageDetach(SOF_BSTR InData, SOF_BSTR SignedMessage)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDMESSAGEDETACH, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_CreateTimeStampRequest(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_CREATETIMESTAMPREQUEST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_CreateTimeStampResponse(SOF_BSTR TimeStampRequest)
{
SOFerr(SOF_F_SOF_CREATETIMESTAMPRESPONSE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_VerifyTimeStamp(SOF_BSTR InData, SOF_BSTR tsResponseData)
{
SOFerr(SOF_F_SOF_VERIFYTIMESTAMP, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetTimeStampInfo(SOF_BSTR tsResponseData, SOF_SHORT type)
{
SOFerr(SOF_F_SOF_GETTIMESTAMPINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
static ERR_STRING_DATA sof_errstr[] = {
{ SOR_OK, "Success" },
{ SOR_UnknownErr, "Unknown error" },
{ SOR_FileErr, "File error" },
{ SOR_ProviderTypeErr, "Provider type error" },
{ SOR_LoadProviderErr, "Load provider error" },
};
const char *SOF_GetErrorString(int err)
{
int i;
for (i = 0; i < OSSL_NELEM(sof_errstr); i++) {
if (err == sof_errstr[i].error) {
return sof_errstr[i].string;
}
}
return "(undef)";
}

2
crypto/speck/build.info
View File

@@ -1,2 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=speck.c

198
crypto/speck/speck.c
View File

@@ -1,198 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/speck.h>
#include "speck_lcl.h"
void speck_set_encrypt_key16(SPECK_TYPE16 const K[SPECK_KEY_LEN16], SPECK_TYPE16 S[SPECK_ROUNDS16])
{
SPECK_TYPE16 i, b = K[0];
SPECK_TYPE16 a[SPECK_KEY_LEN16 - 1];
for (i = 0; i < (SPECK_KEY_LEN16 - 1); i++)
{
a[i] = K[i + 1];
}
S[0] = b;
for (i = 0; i < SPECK_ROUNDS16 - 1; i++) {
R16(a[i % (SPECK_KEY_LEN16 - 1)], b, i);
S[i + 1] = b;
}
}
void speck_set_decrypt_key16(SPECK_TYPE16 const K[SPECK_KEY_LEN16], SPECK_TYPE16 S[SPECK_ROUNDS16])
{
SPECK_TYPE16 i, b = K[0];
SPECK_TYPE16 a[SPECK_KEY_LEN16 - 1];
for (i = 0; i < (SPECK_KEY_LEN16 - 1); i++)
{
a[i] = K[i + 1];
}
S[0] = b;
for (i = 0; i < SPECK_ROUNDS16 - 1; i++) {
R16(a[i % (SPECK_KEY_LEN16 - 1)], b, i);
S[i + 1] = b;
}
}
void speck_encrypt16(SPECK_TYPE16 const pt[2], SPECK_TYPE16 ct[2], SPECK_TYPE16 const K[SPECK_ROUNDS16])
{
SPECK_TYPE16 i;
ct[0] = pt[0]; ct[1] = pt[1];
for (i = 0; i < SPECK_ROUNDS16; i++){
R16(ct[1], ct[0], K[i]);
}
}
void speck_decrypt16(SPECK_TYPE16 const ct[2], SPECK_TYPE16 pt[2], SPECK_TYPE16 const K[SPECK_ROUNDS16])
{
SPECK_TYPE16 i;
pt[0] = ct[0]; pt[1] = ct[1];
for (i = 0; i < SPECK_ROUNDS16; i++){
RR16(pt[1], pt[0], K[(SPECK_ROUNDS16 - 1) - i]);
}
}
void speck_set_encrypt_key32(SPECK_TYPE32 const K[SPECK_KEY_LEN32], SPECK_TYPE32 S[SPECK_ROUNDS32])
{
SPECK_TYPE32 i, b = K[0];
SPECK_TYPE32 a[SPECK_KEY_LEN32 - 1];
for (i = 0; i < (SPECK_KEY_LEN32 - 1); i++)
{
a[i] = K[i + 1];
}
S[0] = b;
for (i = 0; i < SPECK_ROUNDS32 - 1; i++) {
R32(a[i % (SPECK_KEY_LEN32 - 1)], b, i);
S[i + 1] = b;
}
}
void speck_set_decrypt_key32(SPECK_TYPE32 const K[SPECK_KEY_LEN32], SPECK_TYPE32 S[SPECK_ROUNDS32])
{
SPECK_TYPE32 i, b = K[0];
SPECK_TYPE32 a[SPECK_KEY_LEN32 - 1];
for (i = 0; i < (SPECK_KEY_LEN32 - 1); i++)
{
a[i] = K[i + 1];
}
S[0] = b;
for (i = 0; i < SPECK_ROUNDS32 - 1; i++) {
R32(a[i % (SPECK_KEY_LEN32 - 1)], b, i);
S[i + 1] = b;
}
}
void speck_encrypt32(SPECK_TYPE32 const pt[2], SPECK_TYPE32 ct[2], SPECK_TYPE32 const K[SPECK_ROUNDS32])
{
SPECK_TYPE32 i;
ct[0] = pt[0]; ct[1] = pt[1];
for (i = 0; i < SPECK_ROUNDS32; i++){
R32(ct[1], ct[0], K[i]);
}
}
void speck_decrypt32(SPECK_TYPE32 const ct[2], SPECK_TYPE32 pt[2], SPECK_TYPE32 const K[SPECK_ROUNDS32])
{
SPECK_TYPE32 i;
pt[0] = ct[0]; pt[1] = ct[1];
for (i = 0; i < SPECK_ROUNDS32; i++){
RR32(pt[1], pt[0], K[(SPECK_ROUNDS32 - 1) - i]);
}
}
void speck_set_encrypt_key64(SPECK_TYPE64 const K[SPECK_KEY_LEN64], SPECK_TYPE64 S[SPECK_ROUNDS64])
{
SPECK_TYPE64 i, b = K[0];
SPECK_TYPE64 a[SPECK_KEY_LEN64 - 1];
for (i = 0; i < (SPECK_KEY_LEN64 - 1); i++)
{
a[i] = K[i + 1];
}
S[0] = b;
for (i = 0; i < SPECK_ROUNDS64 - 1; i++) {
R64(a[i % (SPECK_KEY_LEN64 - 1)], b, i);
S[i + 1] = b;
}
}
void speck_set_decrypt_key64(SPECK_TYPE64 const K[SPECK_KEY_LEN64], SPECK_TYPE64 S[SPECK_ROUNDS64])
{
SPECK_TYPE64 i, b = K[0];
SPECK_TYPE64 a[SPECK_KEY_LEN64 - 1];
for (i = 0; i < (SPECK_KEY_LEN64 - 1); i++)
{
a[i] = K[i + 1];
}
S[0] = b;
for (i = 0; i < SPECK_ROUNDS64 - 1; i++) {
R64(a[i % (SPECK_KEY_LEN64 - 1)], b, i);
S[i + 1] = b;
}
}
void speck_encrypt64(SPECK_TYPE64 const pt[2], SPECK_TYPE64 ct[2], SPECK_TYPE64 const K[SPECK_ROUNDS64])
{
SPECK_TYPE64 i;
ct[0] = pt[0]; ct[1] = pt[1];
for (i = 0; i < SPECK_ROUNDS64; i++){
R64(ct[1], ct[0], K[i]);
}
}
void speck_decrypt64(SPECK_TYPE64 const ct[2], SPECK_TYPE64 pt[2], SPECK_TYPE64 const K[SPECK_ROUNDS64])
{
SPECK_TYPE64 i;
pt[0] = ct[0]; pt[1] = ct[1];
for (i = 0; i < SPECK_ROUNDS64; i++){
RR64(pt[1], pt[0], K[(SPECK_ROUNDS64 - 1) - i]);
}
}

74
crypto/speck/speck_lcl.h
View File

@@ -1,74 +0,0 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_SPECK_LCL_H
#define HEADER_SPECK_LCL_H
#define SPECK_TYPE16 uint16_t
#define SPECK_TYPE32 uint32_t
#define SPECK_TYPE64 uint64_t
#define ROR16(x, r) ((x >> r) | (x << ((sizeof(SPECK_TYPE16) * 8) - r)))
#define ROL16(x, r) ((x << r) | (x >> ((sizeof(SPECK_TYPE16) * 8) - r)))
#define ROR32(x, r) ((x >> r) | (x << ((sizeof(SPECK_TYPE32) * 8) - r)))
#define ROL32(x, r) ((x << r) | (x >> ((sizeof(SPECK_TYPE32) * 8) - r)))
#define ROR64(x, r) ((x >> r) | (x << ((sizeof(SPECK_TYPE64) * 8) - r)))
#define ROL64(x, r) ((x << r) | (x >> ((sizeof(SPECK_TYPE64) * 8) - r)))
#define R16(x, y, k) (x = ROR16(x, 7), x += y, x ^= k, y = ROL16(y, 2), y ^= x)
#define RR16(x, y, k) (y ^= x, y = ROR16(y, 2), x ^= k, x -= y, x = ROL16(x, 7))
#define R32(x, y, k) (x = ROR32(x, 8), x += y, x ^= k, y = ROL32(y, 3), y ^= x)
#define RR32(x, y, k) (y ^= x, y = ROR32(y, 3), x ^= k, x -= y, x = ROL32(x, 8))
#define R64(x, y, k) (x = ROR64(x, 8), x += y, x ^= k, y = ROL64(y, 3), y ^= x)
#define RR64(x, y, k) (y ^= x, y = ROR64(y, 3), x ^= k, x -= y, x = ROL64(x, 8))
#endif

46
crypto/sphincs/.clang-format
View File

@@ -1,46 +0,0 @@
AccessModifierOffset: 0
AlignEscapedNewlinesLeft: false
AlignTrailingComments: true
AllowAllParametersOfDeclarationOnNextLine: false
AllowShortFunctionsOnASingleLine: true
AllowShortIfStatementsOnASingleLine: true
AllowShortLoopsOnASingleLine: true
AlwaysBreakBeforeMultilineStrings: false
AlwaysBreakTemplateDeclarations: false
BinPackParameters: false
BreakBeforeBinaryOperators: false
BreakBeforeBraces: Attach
BreakBeforeTernaryOperators: false
BreakConstructorInitializersBeforeComma: false
ColumnLimit: 80
CommentPragmas: ''
ConstructorInitializerAllOnOneLineOrOnePerLine: false
ConstructorInitializerIndentWidth: 0
ContinuationIndentWidth: 0
Cpp11BracedListStyle: false
DerivePointerBinding: false
IndentCaseLabels: false
IndentFunctionDeclarationAfterType: false
IndentWidth: 4
Language: Cpp
MaxEmptyLinesToKeep: 2
NamespaceIndentation: None
ObjCSpaceAfterProperty: true
ObjCSpaceBeforeProtocolList: true
PenaltyBreakBeforeFirstCallParameter: 100
PenaltyBreakComment: 100
PenaltyBreakFirstLessLess: 0
PenaltyBreakString: 100
PenaltyExcessCharacter: 1
PenaltyReturnTypeOnItsOwnLine: 20
SpaceBeforeAssignmentOperators: true
SpaceBeforeParens: Always
SpaceInEmptyParentheses: false
SpacesBeforeTrailingComments: 1
SpacesInAngles: false
SpacesInCStyleCastParentheses: false
SpacesInContainerLiterals: false
SpacesInParentheses: false
Standard: Cpp11
TabWidth: 4
UseTab: Never

3
crypto/sphincs/.gitignore vendored
View File

@@ -1,3 +0,0 @@
bench
*.o
*.dSYM

13
crypto/sphincs/LICENSE
View File

@@ -1,13 +0,0 @@
Copyright 2017 Nagravision S.A.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

52
crypto/sphincs/Makefile
View File

@@ -1,52 +0,0 @@
SRC=$(wildcard *.c) $(wildcard primitives/*.c)
OBJ=$(patsubst %.c, %.o, $(SRC))
CFLAGS_COMMON=-std=c89 -pedantic -Wall -Wextra -Wno-long-long -march=native
LDFLAGS=-lcrypto
VERSION_S= -DPORS_k=24 -DMERKLE_h=5 -DGRAVITY_d=1 -DGRAVITY_c=10
VERSION_M= -DPORS_k=32 -DMERKLE_h=5 -DGRAVITY_d=7 -DGRAVITY_c=15
VERSION_L= -DPORS_k=28 -DMERKLE_h=5 -DGRAVITY_d=10 -DGRAVITY_c=14
VERSION=$(VERSION_S)
CFLAGS_COMMON+=$(VERSION)
CFLAGS=$(CFLAGS_COMMON) -O3 -fomit-frame-pointer
CFLAGS_SANITIZED=$(CFLAGS_COMMON) -fsanitize=address,undefined -g
KERNEL_NAME := $(shell uname -s)
ifeq ($(KERNEL_NAME), Darwin)
CFLAGS += -I/usr/local/opt/openssl/include
LDFLAGS += -L/usr/local/opt/openssl/lib
endif
all: help
help:
@echo "Please choose a target:"
@echo "\tanalyze\t\t runs static analyzers"
@echo "\tbench\t\t runs speed benchmarks"
@echo "\tclean\t\t cleans up"
@echo "\tformat\t\t formats the code using .clang-format rules"
bench: $(SRC)
$(CC) $(CFLAGS) $(LDFLAGS) $^ -o bench
./bench
format:
clang-format -i *.c *.h
analyze:
cppcheck . --std=c89
scan-build gcc -c $(CFLAGS_SANITIZED) *.c
cppclean .
rm -f *.o
cloc:
cloc $(wildcard *.c) $(wildcard *.h)
clean:
rm -f bench *.dSYM *.o
.PHONY: clean format analyze cloc bench

10
crypto/sphincs/aes.h
View File

@@ -1,10 +0,0 @@
/*
* Copyright (C) 2017 Nagravision S.A.
*/
#pragma once
#include <stdint.h>
int aesctr256 (uint8_t *out, const uint8_t *sk, const void *counter, int bytes);
int aesctr256_zeroiv (uint8_t *out, const uint8_t *sk, int bytes);

Some files were not shown because too many files have changed in this diff Show More