abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add examples to tools

Browse Source
This commit is contained in:
Zhi Guan
2024-05-20 22:55:58 +08:00
parent 926e063353
commit 8a52a2137d
5 changed files with 162 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
tools/sm2decrypt.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* *
* Licensed under the Apache License, Version 2.0 (the License); you may * Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License. * not use this file except in compliance with the License.
@@ -16,7 +16,23 @@
#include <gmssl/sm2.h> #include <gmssl/sm2.h>
static const char *options = "-key pem -pass str [-in file] [-out file]"; static const char *usage = "-key pem -pass str [-in file] [-out file]";
static const char *options =
"\n"
"Options\n"
"\n"
" -key pem Decryption private key file in PEM format\n"
" -pass str Password to open the private key\n"
" -in file | stdin Input ciphertext in binary DER-encoding\n"
" -in file | stdout Output decrypted data\n"
"\n"
"Examples\n"
"\n"
" $ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem\n"
" $ echo 'Secret message' | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der\n"
" $ gmssl sm2decrypt -key sm2.pem -pass P@ssw0rd -in sm2.der\n"
"\n";
int sm2decrypt_main(int argc, char **argv) int sm2decrypt_main(int argc, char **argv)
{ {
@@ -39,20 +55,21 @@ int sm2decrypt_main(int argc, char **argv)
argv++; argv++;
if (argc < 1) { if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options); fprintf(stderr, "usage: gmssl %s %s\n", prog, usage);
return 1; return 1;
} }
while (argc > 0) { while (argc > 0) {
if (!strcmp(*argv, "-help")) { if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options); printf("usage: gmssl %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0; ret = 0;
goto end; goto end;
} else if (!strcmp(*argv, "-key")) { } else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
keyfile = *(++argv); keyfile = *(++argv);
if (!(keyfp = fopen(keyfile, "rb"))) { if (!(keyfp = fopen(keyfile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, keyfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, keyfile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-pass")) { } else if (!strcmp(*argv, "-pass")) {
@@ -62,21 +79,21 @@ int sm2decrypt_main(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
if (!(infp = fopen(infile, "rb"))) { if (!(infp = fopen(infile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, infile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-out")) { } else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
if (!(outfp = fopen(outfile, "wb"))) { if (!(outfp = fopen(outfile, "wb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
goto end; goto end;
} }
} else { } else {
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv); fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
goto end; goto end;
bad: bad:
fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv); fprintf(stderr, "gmssl %s: '%s' option value missing\n", prog, *argv);
goto end; goto end;
} }
@@ -85,38 +102,38 @@ bad:
} }
if (!keyfile) { if (!keyfile) {
fprintf(stderr, "%s: '-key' option required\n", prog); fprintf(stderr, "gmssl %s: '-key' option required\n", prog);
goto end; goto end;
} }
if (!pass) { if (!pass) {
fprintf(stderr, "%s: '-pass' option required\n", prog); fprintf(stderr, "gmssl %s: '-pass' option required\n", prog);
goto end; goto end;
} }
if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) { if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
fprintf(stderr, "%s: private key decryption failure\n", prog); fprintf(stderr, "gmssl %s: private key decryption failure\n", prog);
goto end; goto end;
} }
if ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) <= 0) { if ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) <= 0) {
fprintf(stderr, "%s: read input failed : %s\n", prog, strerror(errno)); fprintf(stderr, "gmssl %s: read input failed : %s\n", prog, strerror(errno));
goto end; goto end;
} }
if (sm2_decrypt_init(&ctx) != 1) { if (sm2_decrypt_init(&ctx) != 1) {
fprintf(stderr, "%s: sm2_decrypt_init failed\n", prog); fprintf(stderr, "gmssl %s: sm2_decrypt_init failed\n", prog);
goto end; goto end;
} }
if (sm2_decrypt_update(&ctx, inbuf, inlen) != 1) { if (sm2_decrypt_update(&ctx, inbuf, inlen) != 1) {
fprintf(stderr, "%s: sm2_decyrpt_update failed\n", prog); fprintf(stderr, "gmssl %s: sm2_decyrpt_update failed\n", prog);
goto end; goto end;
} }
if (sm2_decrypt_finish(&ctx, &key, outbuf, &outlen) != 1) { if (sm2_decrypt_finish(&ctx, &key, outbuf, &outlen) != 1) {
fprintf(stderr, "%s: decryption failure\n", prog); fprintf(stderr, "gmssl %s: decryption failure\n", prog);
goto end; goto end;
} }
if (outlen != fwrite(outbuf, 1, outlen, outfp)) { if (outlen != fwrite(outbuf, 1, outlen, outfp)) {
fprintf(stderr, "%s: output plaintext failed : %s\n", prog, strerror(errno)); fprintf(stderr, "gmssl %s: output plaintext failed : %s\n", prog, strerror(errno));
goto end; goto end;
} }
ret = 0; ret = 0;

61
tools/sm2encrypt.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* *
* Licensed under the Apache License, Version 2.0 (the License); you may * Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License. * not use this file except in compliance with the License.
@@ -16,7 +16,23 @@
#include <gmssl/sm2.h> #include <gmssl/sm2.h>
#include <gmssl/x509.h> #include <gmssl/x509.h>
static const char *options = "(-pubkey pem | -cert pem) [-in file] [-out file]"; static const char *usage = "(-pubkey pem | -cert pem) [-in file] [-out file]";
static const char *options =
"\n"
"Options\n"
"\n"
" -pubkey pem Recepient's public key file in PEM format\n"
" -cert pem Recipient's certificate in PEM format\n"
" -in file | stdin To be encrypted data, at most 255 bytes\n"
" -out file | stdout Output ciphertext in binary DER-encoding\n"
"\n"
"Examples\n"
"\n"
" $ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem\n"
" $ echo 'Secret message' | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der\n"
" $ gmssl sm2decrypt -key sm2.pem -pass P@ssw0rd -in sm2.der\n"
"\n";
int sm2encrypt_main(int argc, char **argv) int sm2encrypt_main(int argc, char **argv)
{ {
@@ -42,56 +58,57 @@ int sm2encrypt_main(int argc, char **argv)
argv++; argv++;
if (argc < 1) { if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options); fprintf(stderr, "usage: gmssl %s %s\n", prog, usage);
return 1; return 1;
} }
while (argc > 1) { while (argc > 0) {
if (!strcmp(*argv, "-help")) { if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options); printf("usage: gmssl %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0; ret = 0;
goto end; goto end;
} else if (!strcmp(*argv, "-pubkey")) { } else if (!strcmp(*argv, "-pubkey")) {
if (certfile) { if (certfile) {
fprintf(stderr, "%s: options '-pubkey' '-cert' conflict\n", prog); fprintf(stderr, "gmssl %s: options '-pubkey' '-cert' conflict\n", prog);
goto end; goto end;
} }
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
pubkeyfile = *(++argv); pubkeyfile = *(++argv);
if (!(pubkeyfp = fopen(pubkeyfile, "rb"))) { if (!(pubkeyfp = fopen(pubkeyfile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, pubkeyfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, pubkeyfile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-cert")) { } else if (!strcmp(*argv, "-cert")) {
if (pubkeyfile) { if (pubkeyfile) {
fprintf(stderr, "%s: options '-pubkey' '-cert' conflict\n", prog); fprintf(stderr, "gmssl %s: options '-pubkey' '-cert' conflict\n", prog);
goto end; goto end;
} }
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
certfile = *(++argv); certfile = *(++argv);
if (!(certfp = fopen(certfile, "rb"))) { if (!(certfp = fopen(certfile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, certfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, certfile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-in")) { } else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
if (!(infp = fopen(infile, "rb"))) { if (!(infp = fopen(infile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, infile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-out")) { } else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
if (!(outfp = fopen(outfile, "wb"))) { if (!(outfp = fopen(outfile, "wb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
goto end; goto end;
} }
} else { } else {
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv); fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
goto end; goto end;
bad: bad:
fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv); fprintf(stderr, "gmssl %s: '%s' option value missing\n", prog, *argv);
goto end; goto end;
} }
@@ -102,44 +119,44 @@ bad:
if (pubkeyfile) { if (pubkeyfile) {
if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) { if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) {
fprintf(stderr, "%s: parse public key failed\n", prog); fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
goto end; goto end;
} }
} else if (certfile) { } else if (certfile) {
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1 if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1
|| x509_cert_get_subject_public_key(cert, certlen, &key) != 1) { || x509_cert_get_subject_public_key(cert, certlen, &key) != 1) {
fprintf(stderr, "%s: parse certificate failed\n", prog); fprintf(stderr, "gmssl %s: parse certificate failed\n", prog);
goto end; goto end;
} }
} else { } else {
fprintf(stderr, "%s: '-pubkey' or '-cert' option required\n", prog); fprintf(stderr, "gmssl %s: '-pubkey' or '-cert' option required\n", prog);
goto end; goto end;
} }
if ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) <= 0) { if ((inlen = fread(inbuf, 1, sizeof(inbuf), infp)) <= 0) {
fprintf(stderr, "%s: read input error : %s\n", prog, strerror(errno)); fprintf(stderr, "gmssl %s: read input error : %s\n", prog, strerror(errno));
goto end; goto end;
} }
if (inlen > SM2_MAX_PLAINTEXT_SIZE) { if (inlen > SM2_MAX_PLAINTEXT_SIZE) {
fprintf(stderr, "%s: input long than SM2_MAX_PLAINTEXT_SIZE (%d)\n", prog, SM2_MAX_PLAINTEXT_SIZE); fprintf(stderr, "gmssl %s: input long than SM2_MAX_PLAINTEXT_SIZE (%d)\n", prog, SM2_MAX_PLAINTEXT_SIZE);
goto end; goto end;
} }
if (sm2_encrypt_init(&ctx) != 1) { if (sm2_encrypt_init(&ctx) != 1) {
fprintf(stderr, "%s: sm2_encrypt_init failed\n", prog); fprintf(stderr, "gmssl %s: sm2_encrypt_init failed\n", prog);
goto end; goto end;
} }
if (sm2_encrypt_update(&ctx, inbuf, inlen) != 1) { if (sm2_encrypt_update(&ctx, inbuf, inlen) != 1) {
fprintf(stderr, "%s: sm2_encrypt_update failed\n", prog); fprintf(stderr, "gmssl %s: sm2_encrypt_update failed\n", prog);
return -1; return -1;
} }
if (sm2_encrypt_finish(&ctx, &key, outbuf, &outlen) != 1) { if (sm2_encrypt_finish(&ctx, &key, outbuf, &outlen) != 1) {
fprintf(stderr, "%s: sm2_encrypt_finish error\n", prog); fprintf(stderr, "gmssl %s: sm2_encrypt_finish error\n", prog);
goto end; goto end;
} }
if (outlen != fwrite(outbuf, 1, outlen, outfp)) { if (outlen != fwrite(outbuf, 1, outlen, outfp)) {
fprintf(stderr, "%s: output error : %s\n", prog, strerror(errno)); fprintf(stderr, "gmssl %s: output error : %s\n", prog, strerror(errno));
goto end; goto end;
} }
ret = 0; ret = 0;

24
tools/sm2keygen.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* *
* Licensed under the Apache License, Version 2.0 (the License); you may * Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License. * not use this file except in compliance with the License.
@@ -20,9 +20,15 @@ static const char *usage = "-pass str [-out pem] [-pubout pem]\n";
static const char *options = static const char *options =
"Options\n" "Options\n"
"\n"
" -pass pass Password to encrypt the private key\n" " -pass pass Password to encrypt the private key\n"
" -out pem Output password-encrypted PKCS #8 private key in PEM format\n" " -out pem Output password-encrypted PKCS #8 private key in PEM format\n"
" -pubout pem Output public key in PEM format\n" " -pubout pem Output public key in PEM format\n"
"\n"
"Examples\n"
"\n"
" $ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem\n"
" $ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem\n"
"\n"; "\n";
int sm2keygen_main(int argc, char **argv) int sm2keygen_main(int argc, char **argv)
@@ -40,13 +46,13 @@ int sm2keygen_main(int argc, char **argv)
argv++; argv++;
if (argc < 1) { if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options); fprintf(stderr, "usage: gmssl %s %s\n", prog, usage);
return 1; return 1;
} }
while (argc > 0) { while (argc > 0) {
if (!strcmp(*argv, "-help")) { if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, usage); printf("usage: gmssl %s %s\n", prog, usage);
printf("%s\n", options); printf("%s\n", options);
ret = 0; ret = 0;
goto end; goto end;
@@ -57,21 +63,21 @@ int sm2keygen_main(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
if (!(outfp = fopen(outfile, "wb"))) { if (!(outfp = fopen(outfile, "wb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-pubout")) { } else if (!strcmp(*argv, "-pubout")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
puboutfile = *(++argv); puboutfile = *(++argv);
if (!(puboutfp = fopen(puboutfile, "wb"))) { if (!(puboutfp = fopen(puboutfile, "wb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
goto end; goto end;
} }
} else { } else {
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv); fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
goto end; goto end;
bad: bad:
fprintf(stderr, "%s: `%s` option value missing\n", prog, *argv); fprintf(stderr, "gmssl %s: `%s` option value missing\n", prog, *argv);
goto end; goto end;
} }
@@ -80,14 +86,14 @@ bad:
} }
if (!pass) { if (!pass) {
fprintf(stderr, "%s: `-pass` option required\n", prog); fprintf(stderr, "gmssl %s: `-pass` option required\n", prog);
goto end; goto end;
} }
if (sm2_key_generate(&key) != 1 if (sm2_key_generate(&key) != 1
|| sm2_private_key_info_encrypt_to_pem(&key, pass, outfp) != 1 || sm2_private_key_info_encrypt_to_pem(&key, pass, outfp) != 1
|| sm2_public_key_info_to_pem(&key, puboutfp) != 1) { || sm2_public_key_info_to_pem(&key, puboutfp) != 1) {
fprintf(stderr, "%s: inner failure\n", prog); fprintf(stderr, "gmssl %s: inner failure\n", prog);
goto end; goto end;
} }
ret = 0; ret = 0;

51
tools/sm2sign.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* *
* Licensed under the Apache License, Version 2.0 (the License); you may * Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License. * not use this file except in compliance with the License.
@@ -16,7 +16,25 @@
#include <gmssl/mem.h> #include <gmssl/mem.h>
static const char *options = "-key pem -pass str [-id str] [-in file] [-out file]"; static const char *usage = "-key pem -pass str [-id str] [-in file] [-out file]";
static const char *options =
"\n"
"Options\n"
"\n"
" -key pem Signing private key file in PEM format\n"
" -pass str Password to open the private key\n"
" -id str Signer's identity string, '1234567812345678' by default\n"
" -in file | stdin To be signed file or data\n"
" -out file | stdout Output signature in binary DER encoding\n"
"\n"
"Examples\n"
"\n"
" $ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem\n"
" $ echo -n 'message to be signed' | gmssl sm2sign -key sm2.pem -pass P@ssw0rd -out sm2.sig\n"
" $ echo -n 'message to be signed' | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig\n"
"\n";
int sm2sign_main(int argc, char **argv) int sm2sign_main(int argc, char **argv)
{ {
@@ -41,20 +59,21 @@ int sm2sign_main(int argc, char **argv)
argv++; argv++;
if (argc < 1) { if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options); fprintf(stderr, "usage: gmssl %s %s\n", prog, usage);
return 1; return 1;
} }
while (argc > 0) { while (argc > 0) {
if (!strcmp(*argv, "-help")) { if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options); printf("usage: gmssl %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0; ret = 0;
goto end; goto end;
} else if (!strcmp(*argv, "-key")) { } else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
keyfile = *(++argv); keyfile = *(++argv);
if (!(keyfp = fopen(keyfile, "rb"))) { if (!(keyfp = fopen(keyfile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, keyfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, keyfile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-pass")) { } else if (!strcmp(*argv, "-pass")) {
@@ -67,21 +86,21 @@ int sm2sign_main(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
if (!(infp = fopen(infile, "rb"))) { if (!(infp = fopen(infile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, infile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-out")) { } else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
outfile = *(++argv); outfile = *(++argv);
if (!(outfp = fopen(outfile, "wb"))) { if (!(outfp = fopen(outfile, "wb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
goto end; goto end;
} }
} else { } else {
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv); fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
goto end; goto end;
bad: bad:
fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv); fprintf(stderr, "gmssl %s: '%s' option value missing\n", prog, *argv);
goto end; goto end;
} }
@@ -90,34 +109,34 @@ bad:
} }
if (!keyfile) { if (!keyfile) {
fprintf(stderr, "%s: '-key' option required\n", prog); fprintf(stderr, "gmssl %s: '-key' option required\n", prog);
goto end; goto end;
} }
if (!pass) { if (!pass) {
fprintf(stderr, "%s: '-pass' option required\n", prog); fprintf(stderr, "gmssl %s: '-pass' option required\n", prog);
goto end; goto end;
} }
if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) { if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
fprintf(stderr, "%s: private key decryption failure\n", prog); fprintf(stderr, "gmssl %s: private key decryption failure\n", prog);
goto end; goto end;
} }
if (sm2_sign_init(&sign_ctx, &key, id, strlen(id)) != 1) { if (sm2_sign_init(&sign_ctx, &key, id, strlen(id)) != 1) {
fprintf(stderr, "%s: inner error\n", prog); fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end; goto end;
} }
while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) { while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) {
if (sm2_sign_update(&sign_ctx, buf, len) != 1) { if (sm2_sign_update(&sign_ctx, buf, len) != 1) {
fprintf(stderr, "%s: inner error\n", prog); fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end; goto end;
} }
} }
if (sm2_sign_finish(&sign_ctx, sig, &siglen) != 1) { if (sm2_sign_finish(&sign_ctx, sig, &siglen) != 1) {
fprintf(stderr, "%s: inner error\n", prog); fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end; goto end;
} }
if (fwrite(sig, 1, siglen, outfp) != siglen) { if (fwrite(sig, 1, siglen, outfp) != siglen) {
fprintf(stderr, "%s: output signature failed : %s\n", prog, strerror(errno)); fprintf(stderr, "gmssl %s: output signature failed : %s\n", prog, strerror(errno));
goto end; goto end;
} }
ret = 0; ret = 0;

59
tools/sm2verify.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* *
* Licensed under the Apache License, Version 2.0 (the License); you may * Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License. * not use this file except in compliance with the License.
@@ -16,7 +16,25 @@
#include <gmssl/x509.h> #include <gmssl/x509.h>
static const char *options = "(-pubkey pem | -cert pem) [-id str] [-in file] -sig file"; static const char *usage = "(-pubkey pem | -cert pem) [-id str] [-in file] -sig file";
static const char *options =
"\n"
"Options\n"
"\n"
" -pubkey pem Signer's public key file in PEM format\n"
" -cert pem Signer's certificate in PEM format\n"
" -id str Signer's identity string, '1234567812345678' by default\n"
" -in file | stdin Signed file or data\n"
" -sig file Signature in binary DER encoding\n"
"\n"
"Examples\n"
"\n"
" $ gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem\n"
" $ echo -n 'message to be signed' | gmssl sm2sign -key sm2.pem -pass P@ssw0rd -out sm2.sig\n"
" $ echo -n 'message to be signed' | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig\n"
"\n";
int sm2verify_main(int argc, char **argv) int sm2verify_main(int argc, char **argv)
{ {
@@ -45,35 +63,36 @@ int sm2verify_main(int argc, char **argv)
argv++; argv++;
if (argc < 1) { if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options); fprintf(stderr, "usage: gmssl %s %s\n", prog, usage);
return 1; return 1;
} }
while (argc > 0) { while (argc > 0) {
if (!strcmp(*argv, "-help")) { if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options); printf("usage: gmssl %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0; ret = 0;
goto end; goto end;
} else if (!strcmp(*argv, "-pubkey")) { } else if (!strcmp(*argv, "-pubkey")) {
if (certfile) { if (certfile) {
fprintf(stderr, "%s: options '-pubkey' '-cert' conflict\n", prog); fprintf(stderr, "gmssl %s: options '-pubkey' '-cert' conflict\n", prog);
goto end; goto end;
} }
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
pubkeyfile = *(++argv); pubkeyfile = *(++argv);
if (!(pubkeyfp = fopen(pubkeyfile, "rb"))) { if (!(pubkeyfp = fopen(pubkeyfile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, pubkeyfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, pubkeyfile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-cert")) { } else if (!strcmp(*argv, "-cert")) {
if (pubkeyfile) { if (pubkeyfile) {
fprintf(stderr, "%s: options '-pubkey' '-cert' conflict\n", prog); fprintf(stderr, "gmssl %s: options '-pubkey' '-cert' conflict\n", prog);
goto end; goto end;
} }
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
certfile = *(++argv); certfile = *(++argv);
if (!(certfp = fopen(certfile, "rb"))) { if (!(certfp = fopen(certfile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, certfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, certfile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-id")) { } else if (!strcmp(*argv, "-id")) {
@@ -83,22 +102,22 @@ int sm2verify_main(int argc, char **argv)
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
infile = *(++argv); infile = *(++argv);
if (!(infp = fopen(infile, "rb"))) { if (!(infp = fopen(infile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, infile, strerror(errno));
goto end; goto end;
} }
} else if (!strcmp(*argv, "-sig")) { } else if (!strcmp(*argv, "-sig")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
sigfile = *(++argv); sigfile = *(++argv);
if (!(sigfp = fopen(sigfile, "rb"))) { if (!(sigfp = fopen(sigfile, "rb"))) {
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, sigfile, strerror(errno)); fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, sigfile, strerror(errno));
goto end; goto end;
} }
} else { } else {
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv); fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
goto end; goto end;
bad: bad:
fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv); fprintf(stderr, "gmssl %s: '%s' option value missing\n", prog, *argv);
goto end; goto end;
} }
@@ -107,43 +126,43 @@ bad:
} }
if (!sigfile) { if (!sigfile) {
fprintf(stderr, "%s: '-sig' option required\n", prog); fprintf(stderr, "gmssl %s: '-sig' option required\n", prog);
goto end; goto end;
} }
if ((siglen = fread(sig, 1, sizeof(sig), sigfp)) <= 0) { if ((siglen = fread(sig, 1, sizeof(sig), sigfp)) <= 0) {
fprintf(stderr, "%s: read signature error : %s\n", prog, strerror(errno)); fprintf(stderr, "gmssl %s: read signature error : %s\n", prog, strerror(errno));
goto end; goto end;
} }
if (pubkeyfile) { if (pubkeyfile) {
if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) { if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) {
fprintf(stderr, "%s: parse public key failed\n", prog); fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
goto end; goto end;
} }
} else if (certfile) { } else if (certfile) {
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1 if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1
|| x509_cert_get_subject_public_key(cert, certlen, &key) != 1) { || x509_cert_get_subject_public_key(cert, certlen, &key) != 1) {
fprintf(stderr, "%s: parse certificate failed\n", prog); fprintf(stderr, "gmssl %s: parse certificate failed\n", prog);
goto end; goto end;
} }
} else { } else {
fprintf(stderr, "%s: '-pubkey' or '-cert' option required\n", prog); fprintf(stderr, "gmssl %s: '-pubkey' or '-cert' option required\n", prog);
goto end; goto end;
} }
if (sm2_verify_init(&verify_ctx, &key, id, strlen(id)) != 1) { if (sm2_verify_init(&verify_ctx, &key, id, strlen(id)) != 1) {
fprintf(stderr, "%s: inner error\n", prog); fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end; goto end;
} }
while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) { while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) {
if (sm2_verify_update(&verify_ctx, buf, len) != 1) { if (sm2_verify_update(&verify_ctx, buf, len) != 1) {
fprintf(stderr, "%s: inner error\n", prog); fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end; goto end;
} }
} }
if ((vr = sm2_verify_finish(&verify_ctx, sig, siglen)) < 0) { if ((vr = sm2_verify_finish(&verify_ctx, sig, siglen)) < 0) {
fprintf(stderr, "%s: inner error\n", prog); fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end; goto end;
} }