abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 08:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

add cpk

Browse Source
This commit is contained in:
Zhi Guan
2017-02-15 15:03:35 +08:00
parent d943331746
commit 7eb9c6664a
17 changed files with 1871 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Configure
View File

@@ -311,7 +311,7 @@ $config{sdirs} = [
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf",
"sm3", "sms4", "kdf2", "ecies", "ffx", "sm2", "paillier"
"sm3", "sms4", "kdf2", "ecies", "ffx", "sm2", "paillier", "cpk"
];
# Known TLS and DTLS protocols

3
crypto/cpk/build.info Normal file
View File

@@ -0,0 +1,3 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=cpk_asn1.c cpk_err.c cpk_kap.c cpk_lib.c cpk_map.c \
cpk_prn.c

94
crypto/cpk/cpk_asn1.c Executable file
View File

@@ -0,0 +1,94 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/cpk.h>
ASN1_SEQUENCE(CPK_MASTER_SECRET) = {
ASN1_SIMPLE(CPK_MASTER_SECRET, version, LONG),
ASN1_SIMPLE(CPK_MASTER_SECRET, id, X509_NAME),
ASN1_SIMPLE(CPK_MASTER_SECRET, pkey_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_MASTER_SECRET, map_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_MASTER_SECRET, secret_factors, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CPK_MASTER_SECRET)
IMPLEMENT_ASN1_FUNCTIONS(CPK_MASTER_SECRET)
IMPLEMENT_ASN1_DUP_FUNCTION(CPK_MASTER_SECRET)
ASN1_SEQUENCE(CPK_PUBLIC_PARAMS) = {
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, version, LONG),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, id, X509_NAME),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, pkey_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, map_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, public_factors, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CPK_PUBLIC_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(CPK_PUBLIC_PARAMS)
IMPLEMENT_ASN1_DUP_FUNCTION(CPK_PUBLIC_PARAMS)
CPK_MASTER_SECRET *d2i_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET **master)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CPK_MASTER_SECRET), bp, master);
}
int i2d_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET *master)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_MASTER_SECRET), bp, master);
}
CPK_PUBLIC_PARAMS *d2i_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS **params)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params);
}
int i2d_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS *params)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params);
}

61
crypto/cpk/cpk_err.c Executable file
View File

@@ -0,0 +1,61 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/cpk.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CPK,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CPK,0,reason)
static ERR_STRING_DATA CPK_str_functs[] = {
{ERR_FUNC(CPK_F_CPK_MAP_NEW_DEFAULT), "CPK_MAP_new_default"},
{ERR_FUNC(CPK_F_CPK_MAP_STR2INDEX), "CPK_MAP_str2index"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_CREATE), "CPK_MASTER_SECRET_create"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY),
"CPK_MASTER_SECRET_extract_private_key"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS),
"CPK_MASTER_SECRET_extract_public_params"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY),
"CPK_PUBLIC_PARAMS_compute_share_key"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY),
"CPK_PUBLIC_PARAMS_extract_public_key"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY),
"CPK_PUBLIC_PARAMS_validate_private_key"},
{ERR_FUNC(CPK_F_X509_ALGOR_GET1_DSA), "X509_ALGOR_get1_DSA"},
{ERR_FUNC(CPK_F_X509_ALGOR_GET1_EC_KEY), "X509_ALGOR_get1_EC_KEY"},
{0, NULL}
};
static ERR_STRING_DATA CPK_str_reasons[] = {
{ERR_REASON(CPK_R_BAD_ARGUMENT), "bad argument"},
{ERR_REASON(CPK_R_BAD_DATA), "bad data"},
{ERR_REASON(CPK_R_INVALID_ID_LENGTH), "invalid id length"},
{ERR_REASON(CPK_R_INVALID_MAP_ALGOR), "invalid map algor"},
{ERR_REASON(CPK_R_INVALID_PKEY_TYPE), "invalid pkey type"},
{0, NULL}
};
#endif
int ERR_load_CPK_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(CPK_str_functs[0].error) == NULL) {
ERR_load_strings(0, CPK_str_functs);
ERR_load_strings(0, CPK_str_reasons);
}
#endif
return 1;
}

95
crypto/cpk/cpk_kap.c Executable file
View File

@@ -0,0 +1,95 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/ecdh.h>
#include <openssl/objects.h>
#include <openssl/cpk.h>
int CPK_PUBLIC_PARAMS_compute_share_key(CPK_PUBLIC_PARAMS *params,
void *out, size_t outlen, const char *id, EVP_PKEY *priv_key,
void *(*kdf)(const void *in, size_t inlen, void *out, size_t *outlen))
{
int ret = 0;
EVP_PKEY *pub_key = NULL;
int pkey_type = OBJ_obj2nid(params->pkey_algor->algorithm);
OPENSSL_assert(kdf != NULL);
printf("%d\n", __LINE__);
if (EVP_PKEY_id(priv_key) != pkey_type) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY,
ERR_R_MALLOC_FAILURE); //FIXME: ERR_R_XXX
goto err;
}
if (!(pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY,
ERR_R_MALLOC_FAILURE); //FIXME: ERR_R_XXX
goto err;
}
if (pkey_type == EVP_PKEY_EC) {
if (!ECDH_compute_key(out, outlen,
EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0(pub_key)),
(EC_KEY *)EVP_PKEY_get0(priv_key), kdf)) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY,
ERR_R_MALLOC_FAILURE); //FIXME: ERR_R_XXX
goto err;
}
} else if (pkey_type == EVP_PKEY_DH) {
// not supported yet
goto err;
}
ret = 1;
err:
return ret;
}

994
crypto/cpk/cpk_lib.c Executable file
View File

@@ -0,0 +1,994 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <string.h>
#include <assert.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/ecdsa.h>
#include <openssl/objects.h>
#include <openssl/cpk.h>
#include "../dsa/dsa_locl.h"
#include "../x509/x509_lcl.h"
#define ASN1_STRING_data(a) ((a)->data)
static DSA *X509_ALGOR_get1_DSA(X509_ALGOR *algor);
static int extract_dsa_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param);
static DSA *extract_dsa_priv_key(CPK_MASTER_SECRET *master, const char *id);
static DSA *extract_dsa_pub_key(CPK_PUBLIC_PARAMS *param, const char *id);
static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor);
static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param);
static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id);
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id);
CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id,
EVP_PKEY *pkey, X509_ALGOR *map_algor)
{
int e = 1;
CPK_MASTER_SECRET *master = NULL;
BIGNUM *bn = NULL;
BIGNUM *order = NULL;
X509_PUBKEY *pubkey = NULL;
int pkey_type;
int i, bn_size, num_factors;
unsigned char *bn_ptr;
if (!domain_id || !pkey || !map_algor) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (strlen(domain_id) <= 0 || strlen(domain_id) > CPK_MAX_ID_LENGTH) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_ID_LENGTH);
return NULL;
}
pkey_type = EVP_PKEY_id(pkey);
if (pkey_type == EVP_PKEY_DSA) {
if (!(order = ((DSA *)EVP_PKEY_get0(pkey))->q)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_BAD_ARGUMENT);
goto err;
}
} else if (pkey_type == EVP_PKEY_EC) {
const EC_GROUP *ec_group;
if (!(order = BN_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto err;
}
ec_group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0(pkey));
if (!EC_GROUP_get_order(ec_group, order, NULL)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
goto err;
}
OPENSSL_assert(EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0(pkey)) != NULL);
} else {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_PKEY_TYPE);
goto err;
}
if (!(master = CPK_MASTER_SECRET_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto err;
}
master->version = 1;
if (!X509_NAME_add_entry_by_NID(master->id, NID_organizationName,
MBSTRING_UTF8, (unsigned char *)domain_id, -1, -1, 0)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
goto err;
}
/*
* convert EVP_PKEY to X509_ALGOR through X509_PUBKEY_set
* X509_ALGOR_set0() is another choice but require more code
*/
// FIXME: X509_PUBKEY require pkey has a public key
if (!X509_PUBKEY_set(&pubkey, pkey)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
goto err;
}
X509_ALGOR_free(master->pkey_algor);
X509_ALGOR_set0(master->pkey_algor, OBJ_nid2obj(EVP_PKEY_id(pkey)), 0, NULL);
/*
if (!(master->pkey_algor = X509_ALGOR_dup(pubkey->algor))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
goto err;
}
*/
//FIXME: check the validity of CPK_MAP
X509_ALGOR_free(master->map_algor);
if (!(master->map_algor = X509_ALGOR_dup(map_algor))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto err;
}
if ((num_factors = CPK_MAP_num_factors(map_algor)) <= 0) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_MAP_ALGOR);
goto err;
}
/*
* create secret factors, for both DSA and EC,
* the private keys are both big integers,
*/
bn_size = BN_num_bytes(order);
if (!ASN1_STRING_set(master->secret_factors, NULL, bn_size * num_factors)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_ASN1_LIB);
goto err;
}
bn_ptr = master->secret_factors->data;
memset(bn_ptr, 0, ASN1_STRING_length(master->secret_factors));
if (!(bn = BN_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto err;
}
for (i = 0; i < num_factors; i++) {
do {
if (!BN_rand_range(bn, order)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE,
ERR_R_BN_LIB);
goto err;
}
} while (BN_is_zero(bn));
if (!BN_bn2bin(bn, bn_ptr + bn_size - BN_num_bytes(bn))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_BN_LIB);
goto err;
}
bn_ptr += bn_size;
}
e = 0;
err:
if (e && master) {
CPK_MASTER_SECRET_free(master);
master = NULL;
}
if (pubkey) X509_PUBKEY_free(pubkey);
if (order && pkey_type == EVP_PKEY_EC) BN_free(order);
if (bn) BN_free(bn);
return master;
}
CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master)
{
CPK_PUBLIC_PARAMS *param = NULL;
int pkey_type;
pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm);
if (!(param = CPK_PUBLIC_PARAMS_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
param->version = master->version;
X509_NAME_free(param->id);
if (!(param->id = X509_NAME_dup(master->id))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
X509_ALGOR_free(param->pkey_algor);
if (!(param->pkey_algor = X509_ALGOR_dup(master->pkey_algor))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
X509_ALGOR_free(param->map_algor);
if (!(param->map_algor = X509_ALGOR_dup(master->map_algor))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
switch (pkey_type) {
case EVP_PKEY_DSA:
if (!extract_dsa_params(master, param)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_CPK_LIB);
goto err;
}
break;
case EVP_PKEY_EC:
if (!extract_ec_params(master, param)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_CPK_LIB);
goto err;
}
break;
default:
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, CPK_R_INVALID_PKEY_TYPE);
goto err;
}
return param;
err:
if (param) CPK_PUBLIC_PARAMS_free(param);
return NULL;
}
EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(
CPK_MASTER_SECRET *master, const char *id)
{
EVP_PKEY *pkey = NULL;
int pkey_type;
if (!(pkey = EVP_PKEY_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_MALLOC_FAILURE);
goto err;
}
pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm);
if (pkey_type == EVP_PKEY_DSA) {
DSA *dsa;
if (!(dsa = extract_dsa_priv_key(master, id))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_CPK_LIB);
goto err;
}
if (!EVP_PKEY_assign_DSA(pkey, dsa)) {
DSA_free(dsa);
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_EVP_LIB);
goto err;
}
} else if (pkey_type == EVP_PKEY_EC) {
EC_KEY *ec_key;
if (!(ec_key = extract_ec_priv_key(master, id))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_CPK_LIB);
goto err;
}
if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_EVP_LIB);
goto err;
}
} else {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
CPK_R_INVALID_PKEY_TYPE);
goto err;
}
return pkey;
err:
if (pkey) EVP_PKEY_free(pkey);
return NULL;
}
EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *param,
const char *id)
{
EVP_PKEY *pkey = NULL;
int pkey_type;
//char domain_id[CPK_MAX_ID_LENGTH + 1];
if (!(pkey = EVP_PKEY_new())) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_MALLOC_FAILURE);
goto err;
}
pkey_type = OBJ_obj2nid(param->pkey_algor->algorithm);
if (pkey_type == EVP_PKEY_DSA) {
DSA *dsa = NULL;
if (!(dsa = extract_dsa_pub_key(param, id))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_CPK_LIB);
goto err;
}
if (!EVP_PKEY_assign_DSA(pkey, dsa)) {
DSA_free(dsa);
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_EVP_LIB);
goto err;
}
} else if (pkey_type == EVP_PKEY_EC) {
EC_KEY *ec_key = NULL;
if (!(ec_key = extract_ec_pub_key(param, id))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_CPK_LIB);
goto err;
}
if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_EVP_LIB);
goto err;
}
} else {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
CPK_R_INVALID_PKEY_TYPE);
goto err;
}
return pkey;
err:
if (pkey) EVP_PKEY_free(pkey);
return NULL;
}
int CPK_MASTER_SECRET_digest(CPK_MASTER_SECRET *master, const EVP_MD *md,
unsigned char *dgst, unsigned int *dgstlen)
{
if (!EVP_Digest(ASN1_STRING_data(master->secret_factors),
ASN1_STRING_length(master->secret_factors),
dgst, dgstlen, md, NULL)) {
return 0;
}
return 1;
}
int CPK_PUBLIC_PARAMS_digest(CPK_PUBLIC_PARAMS *params, const EVP_MD *md,
unsigned char *dgst, unsigned int *dgstlen)
{
if (!EVP_Digest(ASN1_STRING_data(params->public_factors),
ASN1_STRING_length(params->public_factors),
dgst, dgstlen, md, NULL)) {
return 0;
}
return 1;
}
char *CPK_MASTER_SECRET_get_name(CPK_MASTER_SECRET *master, char *buf, int size)
{
return X509_NAME_oneline(master->id, buf, size);
}
char *CPK_PUBLIC_PARAMS_name(CPK_PUBLIC_PARAMS *params, char *buf, int size)
{
return X509_NAME_oneline(params->id, buf, size);
}
int CPK_MASTER_SECRET_validate_public_params(CPK_MASTER_SECRET *master,
CPK_PUBLIC_PARAMS *params)
{
int ret = 0;
CPK_PUBLIC_PARAMS *tmp = NULL;
if (!(tmp = CPK_MASTER_SECRET_extract_public_params(master))) {
fprintf(stderr, "shit1\n");
goto err;
}
if (tmp->version != params->version) {
fprintf(stderr, "shit2\n");
goto err;
}
if (X509_NAME_cmp(tmp->id, params->id)) {
fprintf(stderr, "shit3\n");
goto err;
}
/*
* two ASN_OBJECT * with different address may have same NID
* thus we can not check with:
* tmp->pkey_algor->algorithm != params->pkey_algor->algorithm
*/
if (OBJ_obj2nid(tmp->pkey_algor->algorithm) !=
OBJ_obj2nid(params->pkey_algor->algorithm)) {
fprintf(stderr, "shit4\n");
goto err;
}
// FIXME: pkey_algor->parameters
if (OBJ_obj2nid(tmp->map_algor->algorithm) !=
OBJ_obj2nid(params->map_algor->algorithm)) {
fprintf(stderr, "shit5\n");
goto err;
}
if (ASN1_STRING_cmp(tmp->public_factors, params->public_factors)) {
fprintf(stderr, "shit6\n");
goto err;
}
ret = 1;
err:
if (tmp) CPK_PUBLIC_PARAMS_free(tmp);
return ret;
}
int CPK_PUBLIC_PARAMS_validate_private_key(CPK_PUBLIC_PARAMS *params,
const char *id, const EVP_PKEY *priv_key)
{
int ret = -3;
EVP_PKEY *pub_key = NULL;
if (!(pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY,
ERR_R_EVP_LIB);
goto err;
}
ret = EVP_PKEY_cmp(pub_key, priv_key);
err:
if (pub_key) EVP_PKEY_free(pub_key);
return ret;
}
/*
* static functions
*/
#if 0
// FIXME: check DSA and EC_KEY
static int X509_ALGOR_cmp(X509_ALGOR *a, X509_ALGOR *b)
{
int pkey_type = OBJ_obj2nid(a->algorithm);
if (pkey_type != EVP_PKEY_DSA || pkey_type != EVP_PKEY_EC)
return 1;
if (a->algorithm != b->algorithm)
return -1;
return 0;
}
#endif
static DSA *X509_ALGOR_get1_DSA(X509_ALGOR *algor)
{
DSA *dsa = NULL;
int ptype;
void *pval;
ASN1_OCTET_STRING *pstr;
const unsigned char *p;
X509_ALGOR_get0(NULL, &ptype, &pval, algor);
if (ptype != V_ASN1_SEQUENCE) {
CPKerr(CPK_F_X509_ALGOR_GET1_DSA, CPK_R_BAD_DATA);
return NULL;
}
pstr = (ASN1_OCTET_STRING *)pval;
p = pstr->data;
if (!(dsa = d2i_DSAparams(NULL, &p, pstr->length))) {
CPKerr(CPK_F_X509_ALGOR_GET1_DSA, ERR_R_DSA_LIB);
return NULL;
}
return dsa;
}
static int extract_dsa_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param)
{
int ret = 0;
DSA *dsa = NULL;
BIGNUM *pri = BN_new();
BIGNUM *pub = BN_new();
BN_CTX *ctx = BN_CTX_new();
int i, pri_size, pub_size, num_factors;
const unsigned char *pri_ptr;
unsigned char *pub_ptr;
if (!pri || !pub || !ctx) {
goto err;
}
if (!(dsa = (DSA *)X509_ALGOR_get1_DSA(master->pkey_algor))) {
goto err;
}
pri_size = BN_num_bytes(dsa->q);
pub_size = BN_num_bytes(dsa->p);
if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
goto err;
}
if (ASN1_STRING_length(master->secret_factors) != pri_size * num_factors) {
goto err;
}
ASN1_STRING_free(param->public_factors);
if (!ASN1_STRING_set(param->public_factors, NULL, pub_size * num_factors)) {
goto err;
}
pri_ptr = ASN1_STRING_data(master->secret_factors);
pub_ptr = ASN1_STRING_data(param->public_factors);
memset(pub_ptr, 0, ASN1_STRING_length(param->public_factors));
for (i = 0; i < num_factors; i++) {
if (!BN_bin2bn(pri_ptr, pri_size, pri)) {
goto err;
}
if (BN_is_zero(pri) || BN_cmp(pri, dsa->q) >= 0) {
goto err;
}
if (!BN_mod_exp(pub, dsa->g, pri, dsa->p, ctx)) {
goto err;
}
if (!BN_bn2bin(pub, pub_ptr + pub_size - BN_num_bytes(pub))) {
goto err;
}
pri_ptr += pri_size;
pub_ptr += pub_size;
}
ret = 1;
err:
if (dsa) DSA_free(dsa);
if (pri) BN_free(pri);
if (pub) BN_free(pub);
if (ctx) BN_CTX_free(ctx);
return ret;
}
static DSA *extract_dsa_priv_key(CPK_MASTER_SECRET *master, const char *id)
{
int e = 1;
DSA *dsa = NULL;
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
const unsigned char *p;
int *index = NULL;
int i, num_indexes, bn_size;
if (!bn || !ctx) {
goto err;
}
if (!(dsa = X509_ALGOR_get1_DSA(master->pkey_algor))) {
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) {
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
goto err;
}
if (!CPK_MAP_str2index(master->map_algor, id, index)) {
goto err;
}
if (!dsa->priv_key) {
if (!(dsa->priv_key = BN_new())) {
goto err;
}
}
BN_zero(dsa->priv_key);
bn_size = BN_num_bytes(dsa->q);
for (i = 0; i < num_indexes; i++) {
p = ASN1_STRING_data(master->secret_factors) + bn_size * index[i];
if (!BN_bin2bn(p, bn_size, bn)) {
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, dsa->q) >= 0) {
goto err;
}
if (!BN_mod_add(dsa->priv_key, dsa->priv_key, bn, dsa->q, ctx)) {
goto err;
}
}
if (!(dsa->pub_key))
if (!(dsa->pub_key = BN_new())) {
goto err;
}
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
goto err;
}
e = 0;
err:
if (e && dsa) {
DSA_free(dsa);
dsa = NULL;
}
if (bn) BN_free(bn);
if (ctx) BN_CTX_free(ctx);
if (index) OPENSSL_free(index);
return dsa;
}
static DSA *extract_dsa_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
{
int e = 1;
DSA *dsa = NULL;
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
const unsigned char *p;
int *index = NULL;
int i, num_indexes, bn_size;
if (!bn || !ctx) {
goto err;
}
if (!(dsa = X509_ALGOR_get1_DSA(param->pkey_algor))) {
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) {
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
goto err;
}
if (!CPK_MAP_str2index(param->map_algor, id, index)) {
goto err;
}
if (!dsa->pub_key) {
if (!(dsa->pub_key = BN_new())) {
goto err;
}
}
BN_zero(dsa->pub_key);
bn_size = BN_num_bytes(dsa->p);
for (i = 0; i < num_indexes; i++) {
p = ASN1_STRING_data(param->public_factors) + bn_size * index[i];
if (!BN_bin2bn(p, bn_size, bn)) {
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, dsa->p) >= 0) {
goto err;
}
if (!BN_mod_add(dsa->pub_key, dsa->pub_key, bn, dsa->p, ctx)) {
goto err;
}
}
e = 0;
err:
if (e && dsa) {
DSA_free(dsa);
dsa = NULL;
}
if (bn) BN_free(bn);
if (ctx) BN_CTX_free(ctx);
if (index) OPENSSL_free(index);
return dsa;
}
static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor)
{
EC_KEY *ec_key = NULL;
int ptype;
void *pval;
const unsigned char *p;
X509_ALGOR_get0(NULL, &ptype, &pval, algor);
if (ptype == V_ASN1_SEQUENCE) {
ASN1_OCTET_STRING *pstr = (ASN1_OCTET_STRING *)pval;
p = pstr->data;
if (!(ec_key = d2i_ECParameters(NULL, &p, pstr->length))) {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
} else if (ptype == V_ASN1_OBJECT) {
ASN1_OBJECT *poid = (ASN1_OBJECT *)pval;
EC_GROUP *group;
if (!(ec_key = EC_KEY_new())) {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!(group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)))) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (!EC_KEY_set_group(ec_key, group)) {
EC_GROUP_free(group);
EC_KEY_free(ec_key);
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
EC_GROUP_free(group);
} else {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, CPK_R_BAD_DATA);
return NULL;
}
return ec_key;
}
static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param)
{
int ret = 0;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
BIGNUM *bn = BN_new();
BIGNUM *order = BN_new();
BN_CTX *ctx = BN_CTX_new();
EC_POINT *pt = NULL;
int i, bn_size, pt_size, num_factors;
const unsigned char *bn_ptr;
unsigned char *pt_ptr;
if (!bn || !order || !ctx) {
goto err;
}
if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(EC_GROUP_get_order(ec_group, order, ctx))) {
goto err;
}
bn_size = BN_num_bytes(order);
pt_size = bn_size + 1;
if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
goto err;
}
if (ASN1_STRING_length(master->secret_factors) != bn_size * num_factors) {
goto err;
}
if (!ASN1_STRING_set(param->public_factors, NULL, pt_size * num_factors)) {
goto err;
}
bn_ptr = ASN1_STRING_data(master->secret_factors);
pt_ptr = ASN1_STRING_data(param->public_factors);
memset(pt_ptr, 0, ASN1_STRING_length(param->public_factors));
if (!(pt = EC_POINT_new(ec_group))) {
goto err;
}
for (i = 0; i < num_factors; i++) {
if (!BN_bin2bn(bn_ptr, bn_size, bn)) {
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {
goto err;
}
if (!EC_POINT_mul(ec_group, pt, bn, NULL, NULL, ctx)) {
goto err;
}
if (!EC_POINT_point2oct(ec_group, pt,
POINT_CONVERSION_COMPRESSED, pt_ptr, pt_size, ctx)) {
goto err;
}
bn_ptr += bn_size;
pt_ptr += pt_size;
}
ret = 1;
err:
if (ec_key) EC_KEY_free(ec_key);
if (bn) BN_free(bn);
if (order) BN_free(order);
if (ctx) BN_CTX_free(ctx);
if (pt) EC_POINT_free(pt);
return ret;
}
static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id)
{
int e = 1;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
EC_POINT *pub_key = NULL;
BIGNUM *priv_key = BN_new();
BIGNUM *order = BN_new();
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
int *index = NULL;
int i, num_indexes, bn_size;
if (!priv_key || !bn || !order || !ctx) {
goto err;
}
if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(pub_key = EC_POINT_new(ec_group))) {
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) {
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
goto err;
}
if (!CPK_MAP_str2index(master->map_algor, id, index)) {
goto err;
}
BN_zero(priv_key);
if (!(EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, ctx))) {
goto err;
}
bn_size = BN_num_bytes(order);
for (i = 0; i < num_indexes; i++) {
const unsigned char *p =
ASN1_STRING_data(master->secret_factors) +
bn_size * index[i];
if (!BN_bin2bn(p, bn_size, bn)) {
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {
goto err;
}
if (!BN_mod_add(priv_key, priv_key, bn, order, ctx)) {
goto err;
}
}
if (!EC_KEY_set_private_key(ec_key, priv_key)) {
goto err;
}
if (!EC_POINT_mul(ec_group, pub_key, priv_key, NULL, NULL, ctx)) {
goto err;
}
if (!EC_KEY_set_public_key(ec_key, pub_key)) {
goto err;
}
e = 0;
err:
if (e && ec_key) {
EC_KEY_free(ec_key);
ec_key = NULL;
}
if (priv_key) BN_free(priv_key);
if (pub_key) EC_POINT_free(pub_key);
if (order) BN_free(order);
if (bn) BN_free(bn);
if (ctx) BN_CTX_free(ctx);
if (index) OPENSSL_free(index);
return ec_key;
}
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
{
int e = 1;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
EC_POINT *pub_key = NULL;
EC_POINT *pt = NULL;
BIGNUM *order = BN_new();
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
int *index = NULL;
int i, bn_size, pt_size, num_indexes, num_factors;
if (!(ec_key = X509_ALGOR_get1_EC_KEY(param->pkey_algor))) {
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(pub_key = EC_POINT_new(ec_group))) {
goto err;
}
if (!(pt = EC_POINT_new(ec_group))) {
goto err;
}
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
goto err;
}
bn_size = BN_num_bytes(order);
pt_size = bn_size + 1;
if ((num_factors = CPK_MAP_num_factors(param->map_algor)) <= 0) {
goto err;
}
if (ASN1_STRING_length(param->public_factors) != pt_size * num_factors) {
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) {
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
goto err;
}
if (!CPK_MAP_str2index(param->map_algor, id, index)) {
goto err;
}
if (!EC_POINT_set_to_infinity(ec_group, pub_key)) {
goto err;
}
for (i = 0; i < num_indexes; i++) {
const unsigned char *p =
ASN1_STRING_data(param->public_factors) +
pt_size * index[i];
if (!EC_POINT_oct2point(ec_group, pt, p, pt_size, ctx)) {
goto err;
}
if (!EC_POINT_add(ec_group, pub_key, pub_key, pt, ctx)) {
goto err;
}
}
if (!EC_KEY_set_public_key(ec_key, pub_key)) {
goto err;
}
e = 0;
err:
if (e && ec_key) {
EC_KEY_free(ec_key);
ec_key = NULL;
}
if (pub_key) EC_POINT_free(pub_key);
if (order) BN_free(order);
if (bn) BN_free(bn);
if (ctx) BN_CTX_free(ctx);
if (index) OPENSSL_free(index);
return ec_key;
}

178
crypto/cpk/cpk_map.c Executable file
View File

@@ -0,0 +1,178 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <string.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/cpk.h>
X509_ALGOR *CPK_MAP_new_default()
{
X509_ALGOR *algor = NULL;
const EVP_MD *md = EVP_sha1();
if (md != EVP_sha1() && md != EVP_sha384()) {
CPKerr(CPK_F_CPK_MAP_NEW_DEFAULT, CPK_R_BAD_ARGUMENT);
goto end;
}
if (!(algor = X509_ALGOR_new())) {
CPKerr(CPK_F_CPK_MAP_NEW_DEFAULT, ERR_R_X509_LIB);
goto end;
}
if (!X509_ALGOR_set0(algor, OBJ_nid2obj(EVP_MD_nid(md)),
V_ASN1_UNDEF, NULL)) {
X509_ALGOR_free(algor);
algor = NULL;
CPKerr(CPK_F_CPK_MAP_NEW_DEFAULT, ERR_R_X509_LIB);
goto end;
}
end:
return algor;
}
int CPK_MAP_is_valid(const X509_ALGOR *algor)
{
OPENSSL_assert(algor);
OPENSSL_assert(algor->algorithm);
switch (OBJ_obj2nid(algor->algorithm)) {
case NID_sha1:
case NID_sha384:
return 1;
}
return 0;
}
int CPK_MAP_num_subset(const X509_ALGOR *algor)
{
OPENSSL_assert(algor);
OPENSSL_assert(algor->algorithm);
switch (OBJ_obj2nid(algor->algorithm)) {
case NID_sha1:
return 32;
case NID_sha384:
return 4096;
}
return -1;
}
int CPK_MAP_num_factors(const X509_ALGOR *algor)
{
return 1024;
}
int CPK_MAP_num_indexes(const X509_ALGOR *algor)
{
return 32;
}
int CPK_MAP_num_index(const X509_ALGOR *algor)
{
OPENSSL_assert(algor);
OPENSSL_assert(algor->algorithm);
switch (OBJ_obj2nid(algor->algorithm)) {
case NID_sha1:
return 32;
case NID_sha384:
return 32;
}
return -1;
}
int CPK_MAP_str2index(const X509_ALGOR *algor, const char *str, int *index)
{
int ret = 0;
const EVP_MD *md;
unsigned char dgst[EVP_MAX_MD_SIZE];
unsigned int dgstlen;
BIGNUM *bn = NULL;
int i, num_index, num_subset;
OPENSSL_assert(algor);
OPENSSL_assert(algor->algorithm);
OPENSSL_assert(str);
OPENSSL_assert(strlen(str) > 0);
if (!CPK_MAP_is_valid(algor)) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, CPK_R_INVALID_MAP_ALGOR);
goto err;
}
if (!index) {
ret = CPK_MAP_num_index(algor);
goto err;
}
if (!(md = EVP_get_digestbyobj(algor->algorithm))) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_EVP_LIB);
goto err;
}
if (!EVP_Digest(str, strlen(str), dgst, &dgstlen, md, NULL)) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_EVP_LIB);
return 0;
}
if (!(bn = BN_new())) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_BN_LIB);
goto err;
}
if (!BN_bin2bn(dgst, dgstlen, bn)) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_BN_LIB);
goto err;
}
num_index = CPK_MAP_num_index(algor);
num_subset = CPK_MAP_num_subset(algor);
for (i = 0; i < num_index; i++) {
int r = BN_mod_word(bn, num_subset);
index[i] = num_subset * i + r;
}
ret = num_index;
err:
if (bn) BN_free(bn);
return ret;
}

69
crypto/cpk/cpk_prn.c Normal file
View File

@@ -0,0 +1,69 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/bio.h>
#include <openssl/cpk.h>
int CPK_MASTER_SECRET_print(BIO *out, CPK_MASTER_SECRET *master,
int indent, unsigned long flags)
{
BIO_printf(out, "%s() not implemented\n", __FUNCTION__);
return 1;
}
int CPK_PUBLIC_PARAMS_print(BIO *out, CPK_PUBLIC_PARAMS *params,
int indent, unsigned long flags)
{
BIO_printf(out, "%s() not implemented\n", __FUNCTION__);
return 1;
}

2
crypto/err/err.c
View File

@@ -62,6 +62,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_KDF2, 0, 0), "KDF2 routines"},
{ERR_PACK(ERR_LIB_FFX, 0, 0), "FFX routines"},
{ERR_PACK(ERR_LIB_PAILLIER, 0, 0), "PAILLIER routines"},
{ERR_PACK(ERR_LIB_CPK, 0, 0), "CPK routines"},
{0, NULL},
};
@@ -109,6 +110,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
{ERR_R_KDF2_LIB, "KDF2 lib"},
{ERR_R_FFX_LIB, "FFX lib"},
{ERR_R_PAILLIER_LIB, "PAILLIER lib"},
{ERR_R_CPK_LIB, "CPK lib"},
{ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
{ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},

4
crypto/err/err_all.c
View File

@@ -42,6 +42,7 @@
#include <openssl/kdf2.h>
#include <openssl/ffx.h>
#include <openssl/paillier.h>
#include <openssl/cpk.h>
int err_load_crypto_strings_int(void)
{
@@ -113,6 +114,9 @@ int err_load_crypto_strings_int(void)
# ifndef OPENSSL_NO_PAILLIER
ERR_load_PAILLIER_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_CPK
ERR_load_CPK_strings() == 0 ||
# endif
#endif
ERR_load_KDF_strings() == 0)
return 0;

1
crypto/err/openssl.ec
View File

@@ -38,6 +38,7 @@ L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
L KDF2 include/openssl/kdf2.h crypto/kdf2/kdf2_err.c
L FFX include/openssl/ffx.h crypto/ffx/ffx_err.c
L PAILLIER include/openssl/paillier.h crypto/paillier/paillier_err.c
L CPK include/openssl/cpk.h crypto/cpk/cpk_err.c
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE

150
include/openssl/cpk.h Executable file
View File

@@ -0,0 +1,150 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* CPK (Combined Public Key) is an identity-based cryptographic scheme
* with bound security.
*/
#ifndef HEADER_CPK_H
#define HEADER_CPK_H
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/ossl_typ.h>
#include <openssl/ecies.h>
#ifdef __cplusplus
extern "C" {
#endif
#define CPK_MAX_ID_LENGTH 64
X509_ALGOR *CPK_MAP_new_default(void);
int CPK_MAP_is_valid(const X509_ALGOR *algor);
int CPK_MAP_num_factors(const X509_ALGOR *algor);
int CPK_MAP_num_indexes(const X509_ALGOR *algor);
int CPK_MAP_str2index(const X509_ALGOR *algor, const char *str, int *index);
int CPK_MAP_print(BIO *out, X509_ALGOR *map, int indent, unsigned long flags);
typedef struct cpk_master_secret_st {
long version;
X509_NAME *id;
X509_ALGOR *pkey_algor;
X509_ALGOR *map_algor;
ASN1_OCTET_STRING *secret_factors;
} CPK_MASTER_SECRET;
DECLARE_ASN1_FUNCTIONS(CPK_MASTER_SECRET)
typedef struct cpk_public_params_st {
long version;
X509_NAME *id;
X509_ALGOR *pkey_algor;
X509_ALGOR *map_algor;
ASN1_OCTET_STRING *public_factors;
} CPK_PUBLIC_PARAMS;
DECLARE_ASN1_FUNCTIONS(CPK_PUBLIC_PARAMS)
CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, EVP_PKEY *pkey, X509_ALGOR *map_algor);
CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master);
EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(CPK_MASTER_SECRET *master, const char *id);
EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *params, const char *id);
int CPK_PUBLIC_PARAMS_compute_share_key(CPK_PUBLIC_PARAMS *params,
void *out, size_t outlen, const char *id, EVP_PKEY *priv_key,
void *(*kdf)(const void *in, size_t inlen, void *out, size_t *outlen));
char *CPK_MASTER_SECRET_get_name(CPK_MASTER_SECRET *master, char *buf, int size);
char *CPK_PUBLIC_PARAMS_get_name(CPK_PUBLIC_PARAMS *params);
int CPK_MASTER_SECRET_digest(CPK_MASTER_SECRET *master, const EVP_MD *type, unsigned char *md, unsigned int *len);
int CPK_PUBLIC_PARAMS_digest(CPK_PUBLIC_PARAMS *params, const EVP_MD *type, unsigned char *md, unsigned int *len);
int CPK_MASTER_SECRET_print(BIO *out, CPK_MASTER_SECRET *master, int indent, unsigned long flags);
int CPK_PUBLIC_PARAMS_print(BIO *out, CPK_PUBLIC_PARAMS *params, int indent, unsigned long flags);
int CPK_MASTER_SECRET_validate_public_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *params);
int CPK_PUBLIC_PARAMS_validate_private_key(CPK_PUBLIC_PARAMS *params, const char *id, const EVP_PKEY *pkey);
CPK_MASTER_SECRET *d2i_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET **master);
int i2d_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET *master);
CPK_PUBLIC_PARAMS *d2i_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS **params);
int i2d_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS *params);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
int ERR_load_CPK_strings(void);
/* Error codes for the CPK functions. */
/* Function codes. */
# define CPK_F_CPK_MAP_NEW_DEFAULT 100
# define CPK_F_CPK_MAP_STR2INDEX 101
# define CPK_F_CPK_MASTER_SECRET_CREATE 102
# define CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY 103
# define CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS 104
# define CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY 105
# define CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY 106
# define CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY 107
# define CPK_F_X509_ALGOR_GET1_DSA 108
# define CPK_F_X509_ALGOR_GET1_EC_KEY 109
/* Reason codes. */
# define CPK_R_BAD_ARGUMENT 100
# define CPK_R_BAD_DATA 101
# define CPK_R_INVALID_ID_LENGTH 102
# define CPK_R_INVALID_MAP_ALGOR 103
# define CPK_R_INVALID_PKEY_TYPE 104
# ifdef __cplusplus
}
# endif
#endif

3
include/openssl/err.h
View File

@@ -96,6 +96,7 @@ typedef struct err_state_st {
# define ERR_LIB_KDF2 53
# define ERR_LIB_FFX 54
# define ERR_LIB_PAILLIER 55
# define ERR_LIB_CPK 56
# define ERR_LIB_USER 128
@@ -137,6 +138,7 @@ typedef struct err_state_st {
# define KDF2err(f,r) ERR_PUT_error(ERR_LIB_KDF2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define FFXerr(f,r) ERR_PUT_error(ERR_LIB_FFX,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define PAILLIERerr(f,r) ERR_PUT_error(ERR_LIB_PAILLIER,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define CPKerr(f,r) ERR_PUT_error(ERR_LIB_CPK,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ERR_PACK(l,f,r) ( \
(((unsigned int)(l) & 0x0FF) << 24L) | \
@@ -187,6 +189,7 @@ typedef struct err_state_st {
# define ERR_R_KDF2_LIB ERR_LIB_KDF2/* 53 */
# define ERR_R_FFX_LIB ERR_LIB_FFX/* 54 */
# define ERR_R_PAILLIER_LIB ERR_LIB_PAILLIER/* 55 */
# define ERR_R_CPK_LIB ERR_LIB_CPK/* 56 */
# define ERR_R_NESTED_ASN1_ERROR 58
# define ERR_R_MISSING_ASN1_EOS 63

6
test/build.info
View File

@@ -17,7 +17,7 @@ IF[{- !$disabled{tests} -}]
dtlsv1listentest ct_test threadstest afalgtest d2i_test \
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
sm3test sms4test kdf2test eciestest ffxtest sm2test pailliertest
sm3test sms4test kdf2test eciestest ffxtest sm2test pailliertest cpktest
SOURCE[aborttest]=aborttest.c
INCLUDE[aborttest]=../include
@@ -312,6 +312,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[pailliertest]=../include
DEPEND[pailliertest]=../libcrypto
SOURCE[cpktest]=cpktest.c
INCLUDE[cpktest]=../include
DEPEND[cpktest]=../libcrypto
IF[{- !$disabled{shared} -}]
PROGRAMS_NO_INST=shlibloadtest
SOURCE[shlibloadtest]=shlibloadtest.c

198
test/cpktest.c Normal file
View File

@@ -0,0 +1,198 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "../e_os.h"
#ifdef OPENSSL_NO_CPK
int main(int argc, char **argv)
{
printf("NO CPK support\n");
return 0;
}
#else
# include <openssl/ec.h>
# include <openssl/evp.h>
# include <openssl/kdf2.h>
# include <openssl/x509.h>
# include <openssl/ecies.h>
# include <openssl/objects.h>
# include <openssl/cpk.h>
const char *id_short = "id";
const char *id_long =
"123456789022345678903234567890423456789052345678906234567890"
"123456789022345678903234567890423456789052345678906234567890";
int EVP_PKEY_print_fp(const EVP_PKEY *pkey, FILE *fp)
{
ASN1_PCTX *ctx = ASN1_PCTX_new();
BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
EVP_PKEY_print_params(bio, pkey, 0, ctx);
EVP_PKEY_print_public(bio, pkey, 0, ctx);
EVP_PKEY_print_private(bio, pkey, 0, NULL);
return 0;
}
int main(int argc, char **argv)
{
int r, i;
KDF_FUNC kdf = NULL;
EC_GROUP *ec_group = NULL;
EC_KEY *ec_key = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY *pub_key = NULL;
EVP_PKEY *priv_key = NULL;
X509_ALGOR *map = NULL;
CPK_MASTER_SECRET *master = NULL;
CPK_PUBLIC_PARAMS *params = NULL;
BIO *bio_out = NULL;
unsigned char *buf = NULL;
unsigned char *p;
const unsigned char *cp;
int len;
return 0;
/* init openssl global functions */
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
/* prepare cpk setup parameters */
if (!(ec_key = EC_KEY_new_by_curve_name(OBJ_sn2nid("prime192v1")))) {
goto end;
}
EC_GROUP_set_asn1_flag((EC_GROUP *)EC_KEY_get0_group(ec_key), OPENSSL_EC_NAMED_CURVE);
r = EC_KEY_generate_key(ec_key);
pkey = EVP_PKEY_new();
r = EVP_PKEY_set1_EC_KEY(pkey, ec_key);
map = CPK_MAP_new_default();
//EVP_PKEY_print_fp(pkey, stdout);
/* generate master_secret and public_params */
master = CPK_MASTER_SECRET_create("domainid", pkey, map);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
r = CPK_MASTER_SECRET_print(bio_out, master, 0, 0);
EVP_PKEY_free(pkey);
pkey = NULL;
pkey = CPK_MASTER_SECRET_extract_private_key(master, "id");
EVP_PKEY_free(pkey);
//pkey = CPK_MASTER_SECRET_extract_private_key(master, NULL);
//assert(pkey == NULL);
pkey = CPK_MASTER_SECRET_extract_private_key(master, id_long);
EVP_PKEY_print_fp(pkey, stdout);
params = CPK_MASTER_SECRET_extract_public_params(master);
r = CPK_PUBLIC_PARAMS_print(bio_out, params, 0, 0);
printf("\n");
printf("test CPK_PUBLIC_PARAMS_extract_public_key()\n");
pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id_short);
EVP_PKEY_free(pub_key);
pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id_long);
printf("Public Key of '%s':\n", id_long);
EVP_PKEY_print_fp(pkey, stdout);
printf("\n");
r = CPK_MASTER_SECRET_validate_public_params(master, params);
if (priv_key) EVP_PKEY_free(priv_key);
priv_key = CPK_MASTER_SECRET_extract_private_key(master, "identity");
r = CPK_PUBLIC_PARAMS_validate_private_key(params, "identity", priv_key);
r = CPK_PUBLIC_PARAMS_validate_private_key(params, "id", priv_key);
/* der encoding and decoding */
len = i2d_CPK_MASTER_SECRET(master, NULL);
if (buf != NULL) OPENSSL_free(buf);
buf = OPENSSL_malloc(len);
p = buf;
len = i2d_CPK_MASTER_SECRET(master, &p);
cp = buf;
if (master) CPK_MASTER_SECRET_free(master);
master = NULL;
master = d2i_CPK_MASTER_SECRET(NULL, &cp, len);
r = CPK_MASTER_SECRET_validate_public_params(master, params);
kdf = KDF_get_x9_63(EVP_sha1());
if (priv_key != NULL) EVP_PKEY_free(priv_key);
priv_key = CPK_MASTER_SECRET_extract_private_key(master, "Alice");
if (buf != NULL) OPENSSL_free(buf);
buf = OPENSSL_malloc(1024);
r = CPK_PUBLIC_PARAMS_compute_share_key(params, buf, 64, "Bob", priv_key, kdf);
for (i = 0; i < 64; i++) printf("%02x", buf[i]); printf("\n");
if (priv_key != NULL)
EVP_PKEY_free(priv_key);
priv_key = CPK_MASTER_SECRET_extract_private_key(master, "Bob");
r = CPK_PUBLIC_PARAMS_compute_share_key(params, buf, 64, "Alice", priv_key, kdf);
for (i = 0; i < 64; i++) printf("%02x", buf[i]); printf("\n");
end:
printf("ok\n");
return 0;
}
#endif

12
test/recipes/15-test_cpk.t Normal file
View File

@@ -0,0 +1,12 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test::Simple;
simple_test("test_cpk", "cpktest", "cpk");

2
util/mkdef.pl
View File

@@ -132,7 +132,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CMAC",
# APPLINK (win build feature?)
"APPLINK",
"SM3", "SMS4", "KDF2", "ECIES", "FFX", "PAILLIER"
"SM3", "SMS4", "KDF2", "ECIES", "FFX", "PAILLIER", "CPK"
);
my %disabled_algorithms;