Add sm2utl and sm9utl commands

apps/build.info

@@ -11,7 +11,9 @@ IF[{- !$disabled{apps} -}]
           s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \
           srp.c ts.c verify.c version.c x509.c rehash.c \
           apps.c opt.c s_cb.c s_socket.c \
-          app_rand.c cpk.c sm2.c sm9.c otp.c fpe.c \
+          app_rand.c cpk.c otp.c fpe.c \
+          sm2.c sm2utl.c \
+          sm9param.c gensm9.c sm9.c sm9utl.c \
           {- $target{apps_aux_src} -}
   INCLUDE[gmssl]=.. ../include
   DEPEND[gmssl]=../libssl

apps/gensm9.c

@@ -0,0 +1,81 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SM9
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+# include <openssl/sm9.h>
+# include "apps.h"
+
+typedef enum OPTION_choice {
+	OPT_ERR = -1,
+	OPT_EOF = 0,
+	OPT_HELP
+} OPTION_CHOICE;
+
+OPTIONS gensm9_options[] = {
+	{"help", OPT_HELP, '-', "Display this summary"},
+	{NULL}
+};
+
+int gensm9_main(int argc, char **argv)
+{
+	printf("sm9 not implemented\n");
+	return 0;
+}
+#endif

apps/progs.h

@@ -45,6 +45,7 @@ extern int fpe_main(int argc, char *argv[]);
 extern int gendsa_main(int argc, char *argv[]);
 extern int genpkey_main(int argc, char *argv[]);
 extern int genrsa_main(int argc, char *argv[]);
+extern int gensm9_main(int argc, char *argv[]);
 extern int help_main(int argc, char *argv[]);
 extern int list_main(int argc, char *argv[]);
 extern int nseq_main(int argc, char *argv[]);
@@ -68,7 +69,10 @@ extern int s_server_main(int argc, char *argv[]);
 extern int s_time_main(int argc, char *argv[]);
 extern int sess_id_main(int argc, char *argv[]);
 extern int sm2_main(int argc, char *argv[]);
+extern int sm2utl_main(int argc, char *argv[]);
 extern int sm9_main(int argc, char *argv[]);
+extern int sm9param_main(int argc, char *argv[]);
+extern int sm9utl_main(int argc, char *argv[]);
 extern int smime_main(int argc, char *argv[]);
 extern int speed_main(int argc, char *argv[]);
 extern int spkac_main(int argc, char *argv[]);
@@ -99,6 +103,7 @@ extern OPTIONS fpe_options[];
 extern OPTIONS gendsa_options[];
 extern OPTIONS genpkey_options[];
 extern OPTIONS genrsa_options[];
+extern OPTIONS gensm9_options[];
 extern OPTIONS help_options[];
 extern OPTIONS list_options[];
 extern OPTIONS nseq_options[];
@@ -122,7 +127,10 @@ extern OPTIONS s_server_options[];
 extern OPTIONS s_time_options[];
 extern OPTIONS sess_id_options[];
 extern OPTIONS sm2_options[];
+extern OPTIONS sm2utl_options[];
 extern OPTIONS sm9_options[];
+extern OPTIONS sm9param_options[];
+extern OPTIONS sm9utl_options[];
 extern OPTIONS smime_options[];
 extern OPTIONS speed_options[];
 extern OPTIONS spkac_options[];
@@ -179,6 +187,7 @@ static FUNCTION functions[] = {
 #ifndef OPENSSL_NO_RSA
     { FT_general, "genrsa", genrsa_main, genrsa_options },
 #endif
+    { FT_general, "gensm9", gensm9_main, gensm9_options },
     { FT_general, "help", help_main, help_options },
     { FT_general, "list", list_main, list_options },
     { FT_general, "nseq", nseq_main, nseq_options },
@@ -222,9 +231,12 @@ static FUNCTION functions[] = {
 #ifndef OPENSSL_NO_SM2
     { FT_general, "sm2", sm2_main, sm2_options },
 #endif
+    { FT_general, "sm2utl", sm2utl_main, sm2utl_options },
 #ifndef OPENSSL_NO_SM9
     { FT_general, "sm9", sm9_main, sm9_options },
 #endif
+    { FT_general, "sm9param", sm9param_main, sm9param_options },
+    { FT_general, "sm9utl", sm9utl_main, sm9utl_options },
     { FT_general, "smime", smime_main, smime_options },
     { FT_general, "speed", speed_main, speed_options },
     { FT_general, "spkac", spkac_main, spkac_options },

apps/sm2utl.c

@@ -0,0 +1,449 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SM2
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <ctype.h>
+# include <stdio.h>
+# include <string.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/sm2.h>
+# include "../crypto/sm2/sm2_lcl.h"
+# include "apps.h"
+
+
+# define OP_UNDEF	0
+# define OP_DGST	1
+# define OP_SIGN	2
+# define OP_VERIFY	3
+# define OP_ENCRYPT	4
+# define OP_DECRYPT	5
+
+# define KEY_NONE	0
+# define KEY_PRIVKEY	1
+# define KEY_PUBKEY	2
+# define KEY_CERT	3
+
+typedef enum OPTION_choice {
+	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+	OPT_IN,
+	OPT_OUT,
+	OPT_DGST,
+	OPT_SIGN,
+	OPT_VERIFY,
+	OPT_ENCRYPT,
+	OPT_DECRYPT,
+	OPT_ID,
+	OPT_SIGFILE,
+	OPT_INKEY,
+	OPT_PUBIN,
+	OPT_CERTIN,
+	OPT_PASSIN,
+	OPT_KEYFORM,
+	OPT_MD,
+	OPT_ENGINE,
+	OPT_ENGINE_IMPL,
+	OPT_CONFIG
+} OPTION_CHOICE;
+
+OPTIONS sm2utl_options[] = {
+	{"help", OPT_HELP, '-', "Display this summary"},
+	{"in", OPT_IN, '<', "Input file - default stdin"},
+	{"out", OPT_OUT, '>', "Output file - default stdout"},
+	{"dgst", OPT_SIGN, '-', "Generate input data digest with Z value"},
+	{"sign", OPT_SIGN, '-', "Sign input data with private key and public parameters"},
+	{"verify", OPT_VERIFY, '-', "Verify with signer's ID and public parameters"},
+	{"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with recipient's ID"},
+	{"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
+	{"id", OPT_ID, 's', "Identity for Z value"},
+	{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
+	{"inkey", OPT_INKEY, 's', "Private key for signing or decryption"},
+	{"pubin", OPT_PUBIN, '-', "Input is a public key"},
+	{"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
+	{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+	{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+	{"", OPT_MD, '-', "Any supported digest"},
+# ifndef OPENSSL_NO_ENGINE
+	{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+	{"engine_impl", OPT_ENGINE_IMPL, '-', "Also use engine given by -engine for crypto operations"},
+	{"config", OPT_CONFIG, 's', "A config file"},
+# endif
+	{NULL}
+};
+
+static int sm2utl_sign(const EVP_MD *md, BIO *in, BIO *out, const char *id,
+	ENGINE *e, EC_KEY *key, int sign);
+static int sm2utl_verify(const EVP_MD *md, BIO *in, BIO *out, BIO *sig,
+	const char *id, ENGINE *e, EC_KEY *ec_key);
+static int sm2utl_encrypt(const EVP_MD *md, BIO *in, BIO *out, EC_KEY *ec_key);
+static int sm2utl_decrypt(const EVP_MD *md, BIO *in, BIO *out, EC_KEY *ec_key);
+
+int sm2utl_main(int argc, char **argv)
+{
+	int ret = 1;
+	OPTION_CHOICE o;
+	char *prog;
+	char *infile = NULL;
+	char *outfile = NULL;
+	BIO *in = NULL;
+	BIO *out = NULL;
+	int op = OP_UNDEF;
+	char *id = NULL;
+	char *sigfile = NULL;
+	BIO *sig = NULL;
+	char *keyfile = NULL;
+	int key_type = KEY_PRIVKEY;
+	char *passinarg = NULL;
+	char *passin = NULL;
+	int keyform = FORMAT_PEM;
+	const EVP_MD *md = EVP_sm3(), *m;
+# ifndef OPENSSL_NO_ENGINE
+	ENGINE *e = NULL;
+	CONF *conf = NULL;
+	char *configfile = default_config_file;
+# endif
+	int engine_impl = 0;
+	EVP_PKEY *pkey = NULL;
+	EC_KEY *ec_key;
+
+	prog = opt_init(argc, argv, sm9utl_options);
+	while ((o = opt_next()) != OPT_EOF) {
+		switch (o) {
+		case OPT_EOF:
+		case OPT_ERR:
+opthelp:
+			BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+			goto end;
+		case OPT_HELP:
+			opt_help(sm9utl_options);
+			ret = 0;
+			goto end;
+		case OPT_IN:
+			infile = opt_arg();
+			break;
+		case OPT_OUT:
+			outfile = opt_arg();
+			break;
+		case OPT_DGST:
+			op = OP_DGST;
+			break;
+		case OPT_SIGN:
+			op = OP_SIGN;
+			break;
+		case OPT_VERIFY:
+			op = OP_VERIFY;
+			break;
+		case OPT_ENCRYPT:
+			op = OP_ENCRYPT;
+			break;
+		case OPT_DECRYPT:
+			op = OP_DECRYPT;
+			break;
+		case OPT_ID:
+			id = opt_arg();
+			break;
+		case OPT_SIGFILE:
+			sigfile = opt_arg();
+			break;
+		case OPT_INKEY:
+			keyfile = opt_arg();
+			break;
+		case OPT_PUBIN:
+			key_type = KEY_PUBKEY;
+			break;
+		case OPT_CERTIN:
+			key_type = KEY_CERT;
+			break;
+		case OPT_PASSIN:
+			passinarg = opt_arg();
+			break;
+		case OPT_KEYFORM:
+			if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
+				goto opthelp;
+			break;
+		case OPT_ENGINE:
+			e = setup_engine(opt_arg(), 0);
+			break;
+		case OPT_ENGINE_IMPL:
+			engine_impl = 1;
+			break;
+		case OPT_CONFIG:
+			configfile = opt_arg();
+			break;
+		case OPT_MD:
+			if (!opt_md(opt_unknown(), &m))
+				goto opthelp;
+			md = m;
+			break;
+		}
+	}
+	argc = opt_num_rest();
+	if (argc != 0)
+		goto opthelp;
+
+
+	if (e)
+		BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+
+	if ((conf = app_load_config(configfile)) == NULL)
+		goto end;
+	if (configfile != default_config_file && !app_load_modules(conf))
+		goto end;
+
+	in = bio_open_default(infile, 'r', FORMAT_BINARY);
+	if (!in)
+		goto end;
+
+	out = bio_open_default(outfile, 'w', FORMAT_BINARY);
+	if (!out)
+		goto end;
+
+	if (sigfile) {
+		sig = BIO_new_file(sigfile, "rb");
+		if (!sig) {
+			BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
+			goto end;
+		}
+	}
+
+	app_RAND_load_file(NULL, 0);
+
+	switch (key_type) {
+	case KEY_PRIVKEY:
+		pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+		break;
+
+	case KEY_PUBKEY:
+		pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
+		break;
+
+	case KEY_CERT:
+		{
+			X509 *x = load_cert(keyfile, keyform, "Certificate");
+			if (x) {
+				pkey = X509_get_pubkey(x);
+				X509_free(x);
+			}
+		}
+		break;
+	}
+
+	ec_key = EVP_PKEY_get0_EC_KEY(pkey);
+
+	switch (op) {
+	case OP_DGST:
+		return sm2utl_sign(md, in, out, id, e, ec_key, 0);
+	case OP_SIGN:
+		return sm2utl_sign(md, in, out, id, e, ec_key, 1);
+	case OP_VERIFY:
+		return sm2utl_verify(md, in, out, sig, id, e, ec_key);
+	case OP_ENCRYPT:
+		return sm2utl_encrypt(md, in, out, ec_key);
+	case OP_DECRYPT:
+		return sm2utl_decrypt(md, in, out, ec_key);
+	default:
+		goto end;
+	}
+
+
+end:
+	OPENSSL_free(passin);
+	return ret;
+}
+static int sm2utl_sign(const EVP_MD *md, BIO *in, BIO *out, const char *id,
+	ENGINE *e, EC_KEY *ec_key, int sign)
+{
+	int ret = 0;
+	EVP_MD_CTX *md_ctx = NULL;
+	ECDSA_SIG *sig = NULL;
+	unsigned char buf[1024];
+	size_t siz = sizeof(buf);
+	unsigned int ulen = sizeof(buf);
+	int len;
+
+	if (!(md_ctx = EVP_MD_CTX_new())
+		|| !EVP_DigestInit_ex(md_ctx, md, e)
+		|| !SM2_compute_id_digest(md, id, strlen(id), buf, &siz, ec_key)
+		|| !EVP_DigestUpdate(md_ctx, buf, siz)) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	while ((len = BIO_read(in, buf, sizeof(buf))) <= 0) {
+		if (!EVP_DigestUpdate(md_ctx, buf, len)) {
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+	if (!EVP_DigestFinal_ex(md_ctx, buf, &ulen)) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	len = (int)ulen;
+
+	if (sign) {
+		unsigned char *p = buf;
+		if (!(sig = SM2_do_sign(buf, len, ec_key))
+			|| (len = i2d_ECDSA_SIG(sig, &p)) <= 0) {
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+	if (BIO_write(out, buf, len) != len) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	ret = 1;
+end:
+	EVP_MD_CTX_free(md_ctx);
+	ECDSA_SIG_free(sig);
+	return ret;
+}
+
+static int sm2utl_verify(const EVP_MD *md, BIO *in, BIO *out, BIO *sig,
+	const char *id, ENGINE *e, EC_KEY *ec_key)
+{
+	int ret = 0;
+	EVP_MD_CTX *md_ctx = NULL;
+	unsigned char *sigbuf = NULL;
+	unsigned char buf[1024];
+	size_t siz = sizeof(buf);
+	unsigned int ulen = sizeof(buf);
+	int siglen, len;
+
+	siglen = bio_to_mem(&sigbuf, 256, sig);
+	if (siglen < 0) {
+		BIO_printf(bio_err, "Error reading signature data\n");
+		goto end;
+	}
+
+	if (!(md_ctx = EVP_MD_CTX_new())
+		|| !EVP_DigestInit_ex(md_ctx, md, e)
+		|| !SM2_compute_id_digest(md, id, strlen(id), buf, &siz, ec_key)
+		|| !EVP_DigestUpdate(md_ctx, buf, siz)) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	while ((len = BIO_read(in, buf, sizeof(buf))) <= 0) {
+		if (!EVP_DigestUpdate(md_ctx, buf, len)) {
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+	siz = sizeof(buf);
+	if (!EVP_DigestFinal_ex(md_ctx, buf, &ulen)) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	/* SM2_verify() can check no suffix on signature */
+	ret = SM2_verify(NID_undef, buf, ulen, sigbuf, siglen, ec_key);
+	if (ret == 1) {
+		BIO_puts(out, "Signature Verification Successful\n");
+	} else {
+		BIO_puts(out, "Signature Verification Failure\n");
+		ret = 0;
+	}
+
+end:
+	OPENSSL_free(sigbuf);
+	EVP_MD_CTX_free(md_ctx);
+	return ret;
+}
+
+static int sm2utl_encrypt(const EVP_MD *md, BIO *in, BIO *out, EC_KEY *ec_key)
+{
+	int ret = 0;
+	SM2CiphertextValue *cval = NULL;
+	unsigned char *buf = NULL;
+	int len;
+
+	if (!(len = bio_to_mem(&buf, SM2_MAX_PLAINTEXT_LENGTH, in))) {
+	}
+	if (!(cval = SM2_do_encrypt(md, buf, len, ec_key))
+		|| i2d_SM2CiphertextValue_bio(out, cval) <= 0) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	ret = 1;
+
+end:
+	OPENSSL_free(buf);
+	SM2CiphertextValue_free(cval);
+	return ret;
+}
+
+static int sm2utl_decrypt(const EVP_MD *md, BIO *in, BIO *out, EC_KEY *ec_key)
+{
+	int ret = 0;
+	SM2CiphertextValue *cval = NULL;
+	unsigned char *buf = NULL;
+	size_t siz;
+
+	if (!(cval = d2i_SM2CiphertextValue_bio(in, NULL))
+		|| !SM2_do_decrypt(md, cval, NULL, &siz, ec_key)
+		|| !(buf = OPENSSL_malloc(siz))
+		|| !SM2_do_decrypt(md, cval, buf, &siz, ec_key)
+		|| BIO_write(out, buf, siz) != siz) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	ret = 1;
+
+end:
+	SM2CiphertextValue_free(cval);
+	OPENSSL_free(buf);
+	return ret;
+}
+#endif

apps/sm9.c

@@ -46,13 +46,6 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
  */
-/*
- * gmssl sm9 -setup
- * gmssl sm9 -genkey
- * gmssl sm9 -encrypt
- * gmssl sm9 -sign
- * gmssl sm9 -verify
- */
 
 #include <openssl/opensslconf.h>
 #ifdef OPENSSL_NO_SM9
@@ -62,12 +55,12 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <stdio.h>
 # include <stdlib.h>
 # include <string.h>
-# include "apps.h"
 # include <openssl/bio.h>
 # include <openssl/err.h>
 # include <openssl/evp.h>
 # include <openssl/pem.h>
-# include <openssl/cpk.h>
+# include <openssl/sm9.h>
+# include "apps.h"
 
 typedef enum OPTION_choice {
 	OPT_ERR = -1,
@@ -77,6 +70,7 @@ typedef enum OPTION_choice {
 
 OPTIONS sm9_options[] = {
 	{"help", OPT_HELP, '-', "Display this summary"},
+	{"in", OPT_IN, 's', "Input key"},
 	{NULL}
 };
 

apps/sm9param.c

@@ -0,0 +1,81 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SM9
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+# include <openssl/sm9.h>
+# include "apps.h"
+
+typedef enum OPTION_choice {
+	OPT_ERR = -1,
+	OPT_EOF = 0,
+	OPT_HELP
+} OPTION_CHOICE;
+
+OPTIONS sm9param_options[] = {
+	{"help", OPT_HELP, '-', "Display this summary"},
+	{NULL}
+};
+
+int sm9param_main(int argc, char **argv)
+{
+	printf("sm9param not implemented\n");
+	return 0;
+}
+#endif

apps/sm9utl.c

@@ -0,0 +1,418 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2018 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SM9
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <ctype.h>
+# include <stdio.h>
+# include <string.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/sm9.h>
+# include "../crypto/sm9/sm9_lcl.h"
+# include "apps.h"
+
+typedef enum OPTION_choice {
+	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+	OPT_IN, OPT_OUT, OPT_SIGFILE,
+	OPT_SIGN, OPT_VERIFY, OPT_ENCRYPT, OPT_DECRYPT,
+	OPT_MD, OPT_SCHEME,
+	OPT_PARAMFILE, OPT_ID, OPT_INKEY, OPT_PASSIN,
+	OPT_KEYFORM, OPT_PARAMFORM
+} OPTION_CHOICE;
+
+OPTIONS sm9utl_options[] = {
+	{"help", OPT_HELP, '-', "Display this summary"},
+	{"in", OPT_IN, '<', "Input file - default stdin"},
+	{"out", OPT_OUT, '>', "Output file - default stdout"},
+	{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
+	{"sign", OPT_SIGN, '-', "Sign input data with private key and public parameters"},
+	{"verify", OPT_VERIFY, '-', "Verify with signer's ID and public parameters"},
+	{"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with recipient's ID"},
+	{"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
+	{"md", OPT_MD, 's', "Digest algorithm for signing or verification"},
+	{"scheme", OPT_SCHEME, 's', "Encryption scheme"},
+	{"paramfile", OPT_PARAMFILE, 's', "Public parameters file"},
+	{"id", OPT_ID, 's', "Recipient's or signer's ID"},
+	{"inkey", OPT_INKEY, 's', "Private key for signing or decryption"},
+	{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+	{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+	{"paramform", OPT_PARAMFORM, 'E', "Public parameters format - default PEM"},
+	{NULL}
+};
+
+static int sm9_sign(const EVP_MD *md, BIO *in, BIO *out,
+	SM9_KEY *key, const char *prog)
+{
+	int ret = 0;
+	EVP_MD_CTX *md_ctx = NULL;
+	SM9Signature *sig = NULL;
+	unsigned char buf[1024];
+	int len;
+
+	if (!(md_ctx = EVP_MD_CTX_new())
+		|| !SM9_SignInit(md_ctx, md, NULL)) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	while ((len = BIO_read(in, buf, sizeof(buf))) > 0) {
+		if (!SM9_SignUpdate(md_ctx, buf, len)) {
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+	if (!(sig = SM9_SignFinal(md_ctx, key))) {
+		ERR_print_errors(bio_err);
+		goto end;
+}
+	if (i2d_SM9Signature_bio(out, sig) <= 0) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	ret = 1;
+
+end:
+	EVP_MD_CTX_free(md_ctx);
+	SM9Signature_free(sig);
+	return ret;
+}
+
+static int sm9_verify(const EVP_MD *md, BIO *in, BIO *out, const char *sigfile,
+	SM9_MASTER_KEY *param, const char *id, const char *prog)
+{
+	int ret = 0;
+	BIO *sig_bio = NULL;
+	SM9_KEY *key = NULL;
+	EVP_MD_CTX *md_ctx = NULL;
+	SM9Signature *sig = NULL;
+	unsigned char buf[1024];
+	int len;
+
+	if (!sigfile) {
+		BIO_printf(bio_err, "%s: `-sigfile` required for verification\n", prog);
+		return 0;
+	}
+	if (!(sig_bio = BIO_new_file(sigfile, "rb"))
+		|| !(sig = d2i_SM9Signature_bio(sig_bio, NULL))) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	if (!param || !id) {
+		BIO_printf(bio_err, "%s: param and id required\n", prog);
+		goto end;
+	}
+	if (!(key = SM9_extract_public_key(param, id, strlen(id)))) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	if (!(md_ctx = EVP_MD_CTX_new())
+		|| !SM9_VerifyInit(md_ctx, md, NULL)) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	while ((len = BIO_read(in, buf, sizeof(buf))) > 0) {
+		if (!SM9_VerifyUpdate(md_ctx, buf, len)) {
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+	if ((ret = SM9_VerifyFinal(md_ctx, sig, key)) != 1) {
+		ERR_print_errors(bio_err);
+	}
+	BIO_printf(out, "Signature Verified %s\n", ret ? "Successfully" : "Failure");
+
+end:
+	BIO_free(sig_bio);
+	SM9_KEY_free(key);
+	EVP_MD_CTX_free(md_ctx);
+	SM9Signature_free(sig);
+	return ret;
+}
+
+static int sm9_encrypt(int scheme, BIO *in, BIO *out,
+	SM9_MASTER_KEY *param, const char *id, const char *prog)
+{
+	int ret = 0;
+	unsigned char *inbuf = NULL;
+	unsigned char *outbuf = NULL;
+	int inlen;
+	size_t outlen;
+
+	if (!param || !id) {
+		BIO_printf(bio_err, "%s: param and id required\n", prog);
+		return 0;
+	}
+
+	if (!(inlen = bio_to_mem(&inbuf, SM9_MAX_PLAINTEXT_LENGTH, in))) {
+		BIO_printf(bio_err, "%s: error reading input\n", prog);
+		return 0;
+	}
+
+	if (!SM9_encrypt(scheme, inbuf, inlen, NULL, &outlen, param, id, strlen(id))
+		|| !(outbuf = OPENSSL_malloc(outlen))
+		|| !SM9_encrypt(scheme, inbuf, inlen, outbuf, &outlen,
+			param, id, strlen(id))
+		|| BIO_write(out, outbuf, outlen) != outlen) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	ret = 1;
+
+end:
+	OPENSSL_free(inbuf);
+	OPENSSL_free(outbuf);
+	return ret;
+}
+
+static int sm9_decrypt(int scheme, BIO *in, BIO *out, SM9_KEY *key, char *prog)
+{
+	int ret = 0;
+	unsigned char *inbuf = NULL;
+	unsigned char *outbuf = NULL;
+	int inlen;
+	size_t outlen;
+
+	if (!key) {
+		BIO_printf(bio_err, "%s: private key required\n", prog);
+		goto end;
+	}
+
+	if (!(inlen = bio_to_mem(&inbuf, SM9_MAX_CIPHERTEXT_LENGTH, in))) {
+		BIO_printf(bio_err, "%s: error reading input\n", prog);
+		goto end;
+	}
+
+	if (!SM9_decrypt(scheme, inbuf, inlen, NULL, &outlen, key)
+		|| !(outbuf = OPENSSL_malloc(outlen))
+		|| !SM9_decrypt(scheme, inbuf, inlen, outbuf, &outlen, key)
+		|| BIO_write(out, outbuf, outlen) != outlen) {
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	ret = 1;
+
+end:
+	OPENSSL_free(inbuf);
+	OPENSSL_free(outbuf);
+	return ret;
+}
+
+int sm9utl_main(int argc, char **argv)
+{
+	int ret = 1;
+	OPTION_CHOICE o;
+	char *prog;
+	char *infile = NULL;
+	char *outfile = NULL;
+	char *sigfile = NULL;
+	BIO *in = NULL;
+	BIO *out = NULL;
+	int op = EVP_PKEY_OP_UNDEFINED;
+	char *paramfile = NULL;
+	char *id = NULL;
+	char *keyfile = NULL;
+	char *passinarg = NULL;
+	int keyform = FORMAT_PEM;
+	int paramform = FORMAT_PEM;
+	char *dgst = NULL;
+	char *scheme = NULL;
+	const EVP_MD *md = EVP_sm3();
+	int enc_scheme = NID_sm9encrypt_with_sm3_xor;
+	char *passin = NULL;
+
+	EVP_PKEY *pkey = NULL;
+	SM9_MASTER_KEY *param;
+	SM9_KEY *key;
+
+	prog = opt_init(argc, argv, sm9utl_options);
+	while ((o = opt_next()) != OPT_EOF) {
+		switch (o) {
+		case OPT_EOF:
+		case OPT_ERR:
+opthelp:
+			BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+			goto end;
+		case OPT_HELP:
+			opt_help(sm9utl_options);
+			ret = 0;
+			goto end;
+		case OPT_IN:
+			infile = opt_arg();
+			break;
+		case OPT_OUT:
+			outfile = opt_arg();
+			break;
+		case OPT_SIGFILE:
+			sigfile = opt_arg();
+			break;
+		case OPT_SIGN:
+			op = EVP_PKEY_OP_SIGN;
+			break;
+		case OPT_VERIFY:
+			op = EVP_PKEY_OP_VERIFY;
+			break;
+		case OPT_ENCRYPT:
+			op = EVP_PKEY_OP_ENCRYPT;
+			break;
+		case OPT_DECRYPT:
+			op = EVP_PKEY_OP_DECRYPT;
+			break;
+		case OPT_MD:
+			dgst = opt_arg();
+			break;
+		case OPT_SCHEME:
+			scheme = opt_arg();
+			break;
+		case OPT_PARAMFILE:
+			paramfile = opt_arg();
+			break;
+		case OPT_ID:
+			id = opt_arg();
+			break;
+		case OPT_INKEY:
+			keyfile = opt_arg();
+			break;
+		case OPT_PASSIN:
+			passinarg = opt_arg();
+			break;
+		case OPT_KEYFORM:
+			if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
+				goto opthelp;
+			break;
+		case OPT_PARAMFORM:
+			if (!opt_format(opt_arg(), OPT_FMT_PDE, &paramform))
+				goto opthelp;
+			break;
+		}
+	}
+	argc = opt_num_rest();
+	if (argc != 0)
+		goto opthelp;
+
+	app_RAND_load_file(NULL, 0);
+
+
+	if (op == EVP_PKEY_OP_SIGN || op == EVP_PKEY_OP_DECRYPT) {
+
+		if (!keyfile) {
+			BIO_printf(bio_err, "Private key required\n");
+			goto end;
+		}
+
+		if (paramfile || id) {
+			BIO_printf(bio_err, "Parameters and ID not required\n");
+			goto end;
+		}
+
+		if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+			BIO_printf(bio_err, "Error getting password\n");
+			goto end;
+		}
+
+		if (keyfile) {
+			pkey = load_key(keyfile, keyform, 0, passin, NULL, "Private Key");
+			if (!(key = EVP_PKEY_get0_SM9(pkey))) {
+				ERR_print_errors(bio_err);
+				goto end;
+			}
+		}
+
+		if (op == EVP_PKEY_OP_SIGN)
+			return sm9_sign(md, in, out, key, prog);
+		else
+			return sm9_decrypt(enc_scheme, in, out, key, prog);
+
+	} else if (op == EVP_PKEY_OP_VERIFY || op == EVP_PKEY_OP_ENCRYPT) {
+
+		if (!paramfile || !id) {
+			BIO_printf(bio_err, "Parameters and ID required\n");
+			goto end;
+		}
+
+		if (keyfile) {
+			BIO_printf(bio_err, "Private key not required\n");
+			goto end;
+		}
+
+		pkey = load_pubkey(keyfile, keyform,  0, NULL, NULL, "Public Key");
+		if (!(param = EVP_PKEY_get0_SM9_MASTER(pkey))) {
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+
+		if (op == EVP_PKEY_OP_VERIFY) {
+			if (!sigfile) {
+				BIO_printf(bio_err, "Signature file required\n");
+				goto end;
+			}
+			return sm9_verify(md, in, out, sigfile, param, id, prog);
+		} else {
+			return sm9_encrypt(enc_scheme, in, out, param, id, prog);
+		}
+
+	} else {
+		BIO_printf(bio_err, "%s: operation not assigned\n", prog);
+		goto end;
+	}
+
+
+end:
+	OPENSSL_free(passin);
+	return ret;
+}
+#endif