add cpk

test/build.info

@@ -17,7 +17,7 @@ IF[{- !$disabled{tests} -}]
           dtlsv1listentest ct_test threadstest afalgtest d2i_test \
           ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
           bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
-          sm3test sms4test kdf2test eciestest ffxtest sm2test pailliertest
+          sm3test sms4test kdf2test eciestest ffxtest sm2test pailliertest cpktest
 
   SOURCE[aborttest]=aborttest.c
   INCLUDE[aborttest]=../include
@@ -312,6 +312,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[pailliertest]=../include
   DEPEND[pailliertest]=../libcrypto
 
+  SOURCE[cpktest]=cpktest.c
+  INCLUDE[cpktest]=../include
+  DEPEND[cpktest]=../libcrypto
+
   IF[{- !$disabled{shared} -}]
     PROGRAMS_NO_INST=shlibloadtest
     SOURCE[shlibloadtest]=shlibloadtest.c

test/cpktest.c

@@ -0,0 +1,198 @@
+/* ====================================================================
+ * Copyright (c) 2007 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_CPK
+int main(int argc, char **argv)
+{
+	printf("NO CPK support\n");
+	return 0;
+}
+#else
+# include <openssl/ec.h>
+# include <openssl/evp.h>
+# include <openssl/kdf2.h>
+# include <openssl/x509.h>
+# include <openssl/ecies.h>
+# include <openssl/objects.h>
+# include <openssl/cpk.h>
+
+
+const char *id_short = "id";
+const char *id_long =
+		"123456789022345678903234567890423456789052345678906234567890"
+		"123456789022345678903234567890423456789052345678906234567890";
+
+
+int EVP_PKEY_print_fp(const EVP_PKEY *pkey, FILE *fp)
+{
+	ASN1_PCTX *ctx = ASN1_PCTX_new();
+	BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
+
+	EVP_PKEY_print_params(bio, pkey, 0, ctx);
+	EVP_PKEY_print_public(bio, pkey, 0, ctx);
+	EVP_PKEY_print_private(bio, pkey, 0, NULL);
+
+	return 0;
+}
+
+int main(int argc, char **argv)
+{
+	int r, i;
+	KDF_FUNC kdf = NULL;
+	EC_GROUP *ec_group = NULL;
+	EC_KEY *ec_key = NULL;
+	EVP_PKEY *pkey = NULL;
+	EVP_PKEY *pub_key = NULL;
+	EVP_PKEY *priv_key = NULL;
+	X509_ALGOR *map = NULL;
+	CPK_MASTER_SECRET *master = NULL;
+	CPK_PUBLIC_PARAMS *params = NULL;
+	BIO *bio_out = NULL;
+	unsigned char *buf = NULL;
+	unsigned char *p;
+	const unsigned char *cp;
+	int len;
+
+	return 0;
+
+	/* init openssl global functions */
+	ERR_load_crypto_strings();
+	OpenSSL_add_all_algorithms();
+
+	/* prepare cpk setup parameters */
+	if (!(ec_key = EC_KEY_new_by_curve_name(OBJ_sn2nid("prime192v1")))) {
+		goto end;
+	}
+	EC_GROUP_set_asn1_flag((EC_GROUP *)EC_KEY_get0_group(ec_key), OPENSSL_EC_NAMED_CURVE);
+	r = EC_KEY_generate_key(ec_key);
+
+
+
+
+
+	pkey = EVP_PKEY_new();
+	r = EVP_PKEY_set1_EC_KEY(pkey, ec_key);
+	map = CPK_MAP_new_default();
+
+
+	//EVP_PKEY_print_fp(pkey, stdout);
+
+	/* generate master_secret and public_params */
+	master = CPK_MASTER_SECRET_create("domainid", pkey, map);
+
+	bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+	r = CPK_MASTER_SECRET_print(bio_out, master, 0, 0);
+
+	EVP_PKEY_free(pkey);
+	pkey = NULL;
+	pkey = CPK_MASTER_SECRET_extract_private_key(master, "id");
+	EVP_PKEY_free(pkey);
+	//pkey = CPK_MASTER_SECRET_extract_private_key(master, NULL);
+	//assert(pkey == NULL);
+	pkey = CPK_MASTER_SECRET_extract_private_key(master, id_long);
+	EVP_PKEY_print_fp(pkey, stdout);
+	params = CPK_MASTER_SECRET_extract_public_params(master);
+	r = CPK_PUBLIC_PARAMS_print(bio_out, params, 0, 0);
+	printf("\n");
+
+	printf("test CPK_PUBLIC_PARAMS_extract_public_key()\n");
+	pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id_short);
+	EVP_PKEY_free(pub_key);
+
+	pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id_long);
+	printf("Public Key of '%s':\n", id_long);
+	EVP_PKEY_print_fp(pkey, stdout);
+	printf("\n");
+
+	r = CPK_MASTER_SECRET_validate_public_params(master, params);
+	if (priv_key) EVP_PKEY_free(priv_key);
+	priv_key = CPK_MASTER_SECRET_extract_private_key(master, "identity");
+	r = CPK_PUBLIC_PARAMS_validate_private_key(params, "identity", priv_key);
+	r = CPK_PUBLIC_PARAMS_validate_private_key(params, "id", priv_key);
+
+	/* der encoding and decoding */
+	len = i2d_CPK_MASTER_SECRET(master, NULL);
+	if (buf != NULL) OPENSSL_free(buf);
+	buf = OPENSSL_malloc(len);
+	p = buf;
+	len = i2d_CPK_MASTER_SECRET(master, &p);
+
+	cp = buf;
+	if (master) CPK_MASTER_SECRET_free(master);
+	master = NULL;
+	master = d2i_CPK_MASTER_SECRET(NULL, &cp, len);
+	r = CPK_MASTER_SECRET_validate_public_params(master, params);
+
+	kdf = KDF_get_x9_63(EVP_sha1());
+
+	if (priv_key != NULL) EVP_PKEY_free(priv_key);
+	priv_key = CPK_MASTER_SECRET_extract_private_key(master, "Alice");
+
+	if (buf != NULL) OPENSSL_free(buf);
+	buf = OPENSSL_malloc(1024);
+	r = CPK_PUBLIC_PARAMS_compute_share_key(params, buf, 64, "Bob", priv_key, kdf);
+	for (i = 0; i < 64; i++) printf("%02x", buf[i]); printf("\n");
+
+	if (priv_key != NULL)
+		EVP_PKEY_free(priv_key);
+	priv_key = CPK_MASTER_SECRET_extract_private_key(master, "Bob");
+	r = CPK_PUBLIC_PARAMS_compute_share_key(params, buf, 64, "Alice", priv_key, kdf);
+	for (i = 0; i < 64; i++) printf("%02x", buf[i]); printf("\n");
+
+end:
+	printf("ok\n");
+	return 0;
+}
+#endif

test/recipes/15-test_cpk.t

@@ -0,0 +1,12 @@
+#! /usr/bin/env perl
+# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test::Simple;
+
+simple_test("test_cpk", "cpktest", "cpk");