abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-13 08:23:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

update gm apis

Browse Source
This commit is contained in:
Zhi Guan
2017-02-19 23:41:47 +08:00
parent d7aca8255f
commit 90a001b539
52 changed files with 5370 additions and 7038 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
crypto/saf/saf_app.c
View File

@@ -46,35 +46,35 @@
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* the software implementation of SAF application and related storage
* is determined by a standard OpenSSL configuration file `openssl.cnf`.
* If no config file is given, the default openssl config file will be
* used. This means that the SAF API is only a wrapper of the EVP API.
*
* The OpenSSL use file-level access control, i.e. private keys are
* encrypted by passwords, there is no default container-level access
* control mechnsims such as the Java Keytool for the application-level
* access control of SAF API.
*
* We use the AppHandle to preserve the CONF object.
*
* So we dont provide such access control. The Login() will always
* success. And the ChangePin() has no effects.
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/crypto.h>
#include "saf_lcl.h"
/* 7.1.2 */
int SAF_Initialize(
void **phAppHandle,
char *pubCfgFilePath)
{
int ret = SAR_UnknownErr;
SAF_APP *app = NULL;
if (!phAppHandle || !pubCfgFilePath) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(app = OPENSSL_zalloc(sizeof(*app)))) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_MALLOC_FAILURE);
return SAR_MemoryErr;
}
*phAppHandle = app;
return SAR_Ok;
}
@@ -82,6 +82,8 @@ int SAF_Initialize(
int SAF_Finalize(
void *hAppHandle)
{
SAF_APP *app = (SAF_APP *)hAppHandle;
OPENSSL_free(app);
return SAR_Ok;
}
@@ -89,7 +91,12 @@ int SAF_Finalize(
int SAF_GetVersion(
unsigned int *puiVersion)
{
*puiVersion = 0x01000000;
if (!puiVersion) {
SAFerr(SAF_F_SAF_GETVERSION, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
*puiVersion = (unsigned int)OpenSSL_version_num();
return SAR_Ok;
}
@@ -103,8 +110,8 @@ int SAF_Login(
unsigned int uiPinLen,
unsigned int *puiRemainCount)
{
*puiRemainCount = 100;
return SAR_Ok;
SAFerr(SAF_F_SAF_LOGIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.6 */
@@ -119,8 +126,8 @@ int SAF_ChangePin(
unsigned int uiNewPinLen,
unsigned int *puiRemainCount)
{
*puiRemainCount = 100;
return SAR_Ok;
SAFerr(SAF_F_SAF_CHANGEPIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.7 */
@@ -128,6 +135,6 @@ int SAF_Logout(
void *hAppHandle,
unsigned int uiUsrType)
{
return SAR_Ok;
SAFerr(SAF_F_SAF_LOGOUT, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}

279
crypto/saf/saf_ec.c
View File

@@ -47,30 +47,10 @@
* ====================================================================
*/
/* GM/T 0019-2012: 7.3.23 */
/*
* uiKeyUsage in {SGD_SM2_1, SGD_SM2_2, SGD_SM2_3}
* uiExportFlag = 1 means exportable, 0 means non-exportable
* we will generate a key pair and import into ENGINE
* or use ENGINE to generate key pair
*/
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include <openssl/gmsaf.h>
int saf_save_ec_keypair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey)
{
return -1;
}
/* 7.3.23 */
int SAF_GenEccKeyPair(
@@ -82,8 +62,6 @@ int SAF_GenEccKeyPair(
unsigned int uiExportFlag)
{
int ret = -1;
ECCrefPublicKey publicKey;
ECCrefPrivateKey privateKey;
/* check arguments */
if (!hAppHandle || !pucContainerName) {
@@ -91,7 +69,7 @@ int SAF_GenEccKeyPair(
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 || uiContainerName > SGD_MAX_NAME_SIZE ||
if (uiContainerNameLen <= 0 || uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_INPUT_LENGTH);
@@ -109,63 +87,15 @@ int SAF_GenEccKeyPair(
return SAR_KeyUsageErr;
}
/* generate keypair */
if (SDF_GenerateKeyPair_ECC(
NULL,
uiKeyUsage,
uiKeyBits,
&publicKey,
&privateKey) != SDR_OK) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR, SAF_R_SAF_ERROR);
goto end;
}
/* save keypair */
if (saf_save_ec_keypair(
hAppHandle,
pucContainerName,
uiContainerNameLen,
uiKeyBits,
uiKeyUsage,
uiExportFlag,
&publicKey,
&privateKey) != SAR_Ok) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
ret = SAR_Ok;
end:
/* clear private key */
memset(&privateKey, 0, sizeof(ECCrefPrivateKey));
return ret;
}
int saf_get_sdf_session_and_keyindex(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
void *phSessionHandle,
unsigned int puiKeyIndex)
{
return -1;
}
void saf_release_sdf_session(
void *hSessionHandle)
{
}
/*
* `crypto/ec` only support `i2o_ECPublicKey` and `o2i_ECPublicKey`, there
* are no DER encoding/decoding routines for EC public key. The encoding of
* `i2o` is just the result of `EC_POINT_point2oct` on the public key point.
*/
/* 7.3.24 */
int SAF_GetEccPublicKey(
void *hAppHandle,
@@ -175,9 +105,8 @@ int SAF_GetEccPublicKey(
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
int ret = -1;
void *hSessionHandle = NULL;
unsigned int uiKeyIndex;
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
int rv;
/* check arguments */
@@ -206,64 +135,17 @@ int SAF_GetEccPublicKey(
return SAR_IndataErr;
}
/* get session and key index*/
if ((rv = saf_get_sdf_session_and_keyindex(
hAppHandle,
pucContainerName,
uiContainerNameLen,
uiKeyUsage,
&hSessionHandle,
&uiKeyIndex)) != SAR_Ok) {
/* load public key */
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB);
ret = rv;
goto end;
}
/* load key */
if (uiKeyUsage == SGD_SM2_1) {
if (SDF_ExportSignPublicKey_ECC(
hSessionHandle,
uiKeyIndex,
(ECCrefPublicKey *)pucPublicKey) != SDR_OK) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB);
goto end;
}
} else {
if (SDF_ExportEncPublicKey_ECC(
hSessionHandle,
uiKeyIndex,
(ECCrefPublicKey *)pucPublicKey) != SDR_OK) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB);
goto end;
}
}
/* set return value */
*puiPublicKeyLen = (unsigned int)sizeof(ECCrefPublicKey);
ret = SAR_Ok;
end:
sdf_release_sdf_session(hSessionHandle);
return ret;
}
/* 7.3.25 */
/* input data is message, not digest
* otuput is the DER encoding of the signature
*
* WHY do we need a seperate function for EC and RSA?
*/
int saf_get_sdf_session_and_ecsignkey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiAlgorithmID, /* SGD_SM2_1 */
void **phSessionhandle,
unsigned int *puiISKIndex);
int SAF_EccSign(
void *hAppHandle,
unsigned char *pucContainerName,
@@ -304,43 +186,12 @@ int SAF_EccSign(
return SAR_IndataErr;
}
/* get session and ec sign key */
if ((rv = saf_get_sdf_session_and_ecsignkey(
hAppHandle,
pucContainerName,
uiContainerNameLen,
uiAlgorithmID,
&hSessionHandle,
&uiISKIndex)) != SAR_Ok) {
SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_GMAPI_LIB);
ret = rv;
goto end;
}
/* sign */
if (SDF_InternalSign_ECC(
hSessionHandle,
uiISKIndex,
pucInData,
uiInDataLen,
(ECCSignature *)pucSignData) != SDR_OK) {
SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
*puiSignDataLen = (unsigned int)sizeof(ECCSignature);
ret = SAR_Ok;
end:
saf_release_sdf_session(hSessionhandle);
return ret;
}
/* 7.3.26 */
/* it seems that we need the public key has more info */
int SAF_EccVerifySign(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
@@ -351,11 +202,11 @@ int SAF_EccVerifySign(
unsigned int uiSignDataLen)
{
int ret = SAR_UnknownErr;
/* check arguments */
if (!pucPublicKey || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr);
return SAR_IndataErr;
}
if (uiPublicKeyLen != sizeof(ECCrefPublic)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
@@ -374,18 +225,6 @@ int SAF_EccVerifySign(
return SAR_IndataLenErr;
}
if (SDF_ExternalVerify_ECC(
NULL, /* hSessionHandle */
uiAlgorithmID,
(ECCrefPublicKey *)pucPublicKey,
pucInData,
uiInDataLen,
(ECCSignature *)pucSignData) != SDR_OK) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_GMAPI_LIB);
goto end;
}
ret = SAR_Ok;
end:
@@ -429,33 +268,11 @@ int SAF_EccPublicKeyEnc(
return SAR_IndataLenErr;
}
/* encrypt */
if (SDF_ExternalEncrypt_ECC(
NULL, /* hSessionHandle */
uiAlgorithmID,
(ECCrefPublicKey *)pucPublicKey,
pucInData,
uiInDataLen,
(ECCCipher *)pucOutData) != SDR_OK) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC, ERR_R_GMAPI_LIB);
goto end;
}
ret = SAR_Ok;
end:
return ret;
}
int saf_get_ec_public_key_from_cert(
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
ECCrefPublicKey *pucPublicKey)
{
return -1;
}
/* 7.3.28 */
int SAF_EccPublicKeyEncByCert(
unsigned char *pucCertificate,
@@ -474,7 +291,7 @@ int SAF_EccPublicKeyEncByCert(
if (!pucCertificate || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
@@ -497,34 +314,8 @@ int SAF_EccPublicKeyEncByCert(
return SAR_IndataLenErr;
}
/* get public key from cert */
if ((rv = saf_get_ec_public_key_from_cert(
pucCertificate,
uiCertificateLen,
&publicKey)) != SAR_OK) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_GMAPI_LIB);
ret = rv;
goto end;
}
/* encrypt */
if (SAF_EccPublicKeyEnc(
(unsigned char *)&publicKey,
(unsigned int)sizeof(ECCrefPublicKey),
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen) != SAR_OK) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
ret = SAR_Ok;
end:
return ret;
}
@@ -547,7 +338,7 @@ int SAF_EccVerifySignByCert(
if (!pucCertificate || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
@@ -571,33 +362,9 @@ int SAF_EccVerifySignByCert(
}
/* load public key form cert */
if ((rv = saf_get_ec_public_key_from_cert(
pucCertificate,
uiCertificateLen,
&publicKey))!= SAR_OK) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_GMAPI_LIB);
ret = rv;
goto end;
}
/* verify */
if (SAF_EccVerifySign(
(unsigned char *)&publicKey,
(unsigned int )sizeof(ECCrefPublicKey),
uiAlgorithmID,
pucInData,
uiInDataLen,
pucSignData,
uiSignDataLen)!= SAR_Ok) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
ret = SAR_Ok;
end:
return ret;
}
@@ -616,24 +383,7 @@ int SAF_GenerateAgreementDataWithECC(
void **phAgreementHandle)
{
int ret = -1;
void *hSessionHandle = NULL;
unsigned int uiISKIndex;
if (SDF_GenerateAgreementDataWithECC(
hSessionHandle,
uiISKIndex,
uiKeyBits,
pucSponsorID,
uiSponsorIDLength,
(ECCrefPublicKey *)pucSponsorPublicKey,
(ECCrefPublicKey *)pucSponsorTmpPublicKey,
phAgreementHandle) != SDR_OK) {
SAFerr(SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC,
ERR_R_GMAPI_LIB);
goto end;
}
ret = SAR_Ok;
end:
@@ -653,19 +403,6 @@ int SAF_GenerateKeyWithECC(
{
int ret = -1;
if (SDF_GenerateKeyWithECC(
NULL, /*hSessionHandle */
pucResponseID,
uiResponseIDLength,
(ECCrefPublicKey *)pucResponsePublicKey,
(ECCrefPublicKey *)pucResponseTmpPublicKey,
phAgreementHandle,
phKeyHandle) != SDR_OK) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHECC, ERR_R_GMAPI_LIB);
goto end;
}
return 0;
}

1
crypto/saf/saf_enc.c
View File

@@ -269,4 +269,3 @@ int SAF_SymmDecrypt(
*puiOutDataLen = out - pucOutData;
return SAR_OK;
}

14
crypto/saf/saf_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,6 +27,7 @@ static ERR_STRING_DATA SAF_str_functs[] = {
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODE), "SAF_Base64_Encode"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"},
{ERR_FUNC(SAF_F_SAF_CHANGEPIN), "SAF_ChangePin"},
{ERR_FUNC(SAF_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENCBYCERT), "SAF_EccPublicKeyEncByCert"},
@@ -37,7 +38,14 @@ static ERR_STRING_DATA SAF_str_functs[] = {
{ERR_FUNC(SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC),
"SAF_GenerateAgreementDataWithECC"},
{ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHECC), "SAF_GenerateKeyWithECC"},
{ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"},
{ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"},
{ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"},
{ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"},
{ERR_FUNC(SAF_F_SAF_IMPORTENCEDKEY), "SAF_ImportEncedKey"},
{ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"},
{ERR_FUNC(SAF_F_SAF_LOGIN), "SAF_Login"},
{ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"},
{ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"},
{ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA),
@@ -52,7 +60,10 @@ static ERR_STRING_DATA SAF_str_functs[] = {
static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SAF_R_CBCMAC_FAILURE), "cbcmac failure"},
{ERR_REASON(SAF_R_CMAC_FAILURE), "cmac failure"},
{ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"},
{ERR_REASON(SAF_R_GEN_RANDOM), "gen random"},
{ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"},
{ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"},
{ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"},
{ERR_REASON(SAF_R_INVALID_CONTEXT), "invalid context"},
@@ -63,6 +74,7 @@ static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"},
{ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"},
{ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"},
{ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED),
"operation not initialized"},
{ERR_REASON(SAF_R_SAF_ERROR), "saf error"},

73
crypto/saf/saf_keyhandle.c
View File

@@ -53,60 +53,77 @@
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.31
* Generate session key returned by `phKeyHandle`
* Encrypt the symmetric key `hSymmKeyObj` with the input public key
* `pucPublicKey`, output the encrypted results to `pucSymmKey`,
*
* how can we encrypt data with public key?
* it this function relies on ther SAF API?
*
* The function don't care the input public key. It should be an exported
* public key. Some extra information should be appened into the output key.
*/
/* 7.3.31 */
int SAF_GenerateKeyWithEPK(
void *hSymmKeyObj,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
unsigned int *puiSymmKeyLen,
void **phKeyHandle)
{
int pkey_type;
int ret = SAR_UnknownErr;
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
const EVP_CIPHER *cipher;
unsigned char keybuf[32];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pkctx = NULL;
size_t outlen;
if (!(pkey = d2i_PublicKey(pkey_type, NULL, &p,
(long)uiPublicKeyLen))) {
if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey
|| !puiSymmKeyLen || !phKeyHandle) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
outlen = (size_t)*puiSymmKeyLen;
if (!(cipher = EVP_get_cipherbysgd(obj->algor))
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|| !(pkey = d2i_PUBKEY(NULL, &pucPublicKey, (long)uiPublicKeyLen))
|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
|| !EVP_PKEY_encrypt_init(pkctx)
|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE);
goto end;
}
// init EVP_CIPHER_CTX
if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE);
goto end;
}
*puiSymmKeyLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pkctx);
return ret;
}
/* 7.3.32 */
/* all the inforamtion should be kept in encrypted key
* the encrytped key can be decrypted with the default private key
*/
int SAF_ImportEncedKey(
void *hSymmKeyObj,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
void **phKeyHandle)
{
return 0;
SAFerr(SAF_F_SAF_IMPORTENCEDKEY, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.3.37 */
int SAF_DestroyKeyHandle(
void *hKeyHandle)
{
SAF_KeyHandle *hkey = (SAF_KeyHandle *)hKeyHandle;
if (!hKeyHandle) {
return SAR_OK;
}
OPENSSL_clear_free(hkey->key, hkey->keylen);
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
OPENSSL_clear_free(hkey, hkey->keylen);
return SAR_OK;
}

76
crypto/saf/saf_lcl.h
View File

@@ -47,7 +47,6 @@
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsdf.h>
@@ -65,73 +64,18 @@ typedef struct {
} SAF_BASE64OBJ;
typedef struct {
void *hAppHandle;
unsigned char *pucContainerName;
unsigned int uiContainerLen;
unsigned char *pucIV;
unsigned int uiIVLen;
unsigned int uiEncOrDec;
unsigned int uiCryptoAlgID;
} SAF_SymmKeyObj;
unsigned int algor;
unsigned char container[256];
unsigned int containerlen;
unsigned char iv[16];
unsigned int ivlen;
unsigned int enc;
} SAF_SYMMKEYOBJ;
typedef struct {
unsigned char *key;
size_t keylen;
/* used by `SAF_SymmEncryptUpdate`, `SAF_SymmEncryptFinal`,
* `SAF_SymmDecryptUpdate`, `SAF_SymmDecryptFinal`
*/
SAF_SYMMKEYOBJ obj;
unsigned char key[64];
EVP_CIPHER_CTX *cipher_ctx;
const EVP_CIPHER *cipher;
CMAC_CTX *cmac_ctx;
} SAF_KEY_HANDLE;
int saf_readfile(
const char *file,
unsigned char **pout,
size_t *len);
int saf_save_ec_keypair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey);
int saf_save_rsa_keypair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag,
RSArefPublicKey *pucPublicKey,
RSArefPrivateKey *pucPrivateKey);
int saf_get_sdf_session_and_keyindex(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
void *phSessionHandle,
unsigned int puiKeyIndex);
int saf_get_sdf_session_and_ecsignkey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiAlgorithmID, /* SGD_SM2_1 */
void **phSessionhandle,
unsigned int *puiISKIndex);
void saf_release_sdf_session(
void *hSessionHandle);
int saf_get_ec_public_key_from_cert(
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
ECCrefPublicKey *pucPublicKey);
} SAF_KEY;

27
crypto/saf/saf_mac.c
View File

@@ -49,7 +49,6 @@
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/cbcmac.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
@@ -60,35 +59,35 @@ int SAF_MacUpdate(
unsigned int uiInDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
if (!hKeyHandle || !pucInData) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cbcmac_ctx) {
if (!(hkey->cbcmac_ctx = CBCMAC_CTX_new())) {
if (!hkey->cmac_ctx) {
if (!(hkey->cmac_ctx = CMAC_CTX_new())) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!CBCMAC_Init(hkey->cbcmac_ctx, hkey->key, hkey->keylen, hkey->cipher, NULL)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CBCMAC_FAILURE);
if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, hkey->cipher, NULL)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
goto end;
}
}
if (!CBCMAC_Update(hkey->cbcmac_ctx, pucInData, (size_t)uiInDataLen)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CBCMAC_FAILURE);
if (!CMAC_Update(hkey->cmac_ctx, pucInData, (size_t)uiInDataLen)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
return SAR_UnknownErr;
}
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cbcmac_ctx) {
CBCMAC_CTX_free(hkey->cbcmac_ctx);
hkey->cbcmac_ctx = NULL;
if (ret != SAR_OK && hkey->cmac_ctx) {
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
}
return ret;
}
@@ -99,7 +98,7 @@ int SAF_MacFinal(
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
size_t siz;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
@@ -112,7 +111,7 @@ int SAF_MacFinal(
return SAR_IndataLenErr;
}
if (!hkey->cbcmac_ctx) {
if (!hkey->cmac_ctx) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_OPERATION_NOT_INITIALIZED);
return SAR_UnknownErr;
}
@@ -123,7 +122,7 @@ int SAF_MacFinal(
return SAR_UnknownErr;
}
*puiOutDataLen = siz;
*puiOutDataLen = (unsigned int)siz;
return SAR_OK;
}

249
crypto/saf/saf_pkcs7.c
View File

@@ -50,32 +50,9 @@
#include <openssl/evp.h>
#include <openssl/gmapi.h>
#include <openssl/gmsaf.h>
#incluce "saf_lcl.h"
/*
In GMAPI we will use private keys handled by ENGINE, the keys in ENGINE
is referenced by ENGINE and key label `key_id`
*/
EVP_PKEY *saf_load_private_key( void *hAppHandle,
unsigned char *containerName, unsigned int containerNameLen,
unsigned int keyUsage)
{
return NULL;
}
int GMAPI_CONTAINER_get_cert_and_key(GMAPI_CONTAINER *container,
int key_usage, X509 **cert, EVP_PKEY **pkey)
{
return 0;
}
#include "saf_lcl.h"
/* 7.4.2 */
/* we need AppHandle before doing this
* App + Container + KeyUsage => sign_key
* the private key is referenced by a string label `key_id`
*/
int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
@@ -92,22 +69,7 @@ int SAF_Pkcs7_EncodeData(
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
const EVP_MD *md;
p7 = PKCS7_new();
pkey = saf_load_private_key(hAppHandle,
pucSignContainerName, uiSignContainerNameLen
uiSignKeyUsage);
PKCS7_set_type(p7, 0);
return 0;
return ret;
}
@@ -115,7 +77,8 @@ int SAF_Pkcs7_EncodeData(
int SAF_Pkcs7_DecodeData(
void *hAppHandle)
{
return 0;
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.4 */
@@ -132,52 +95,11 @@ int SAF_Pkcs7_EncodeSignedData(
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int flags;
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
X509 *cert = NULL;
unsigned char *p;
if (!(pkey = saf_load_private_key(hAppHandle, pucSignContainerName,
uiSignContainerNameLen, uiSignKeyUsage))) {
}
/* decode certificate, check no extra input */
p = pucSignerCertificate;
if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) {
}
if (p - pucSignerCertificate != uiSignerCertificateLen) {
}
/* data bio */
if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))) {
}
/* set digest */
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
}
flags = PKCS7_BINARY;
p7 = PKCS7_sign(cert, pkey, NULL, bio, flags);
p = pucDerP7Data;
if (i2d_PKCS7(p7, &p) < 0) {
}
*puiDerP7DataLen = p - pucDerP7Data;
return 0;
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.5 */
/*
* The content data in PKCS #7 SignedData format is optional, as the
* `SAF_Pkcs7_DecodeSignedData` function has explicit content data input
* with parameter `pucData`, the `SAF_Pkcs7_EncodeSignedData` will not carry
* content data, with the `PKCS7_DETACHED` flag bit set.
*/
int SAF_Pkcs7_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerP7SignedData,
@@ -190,37 +112,8 @@ int SAF_Pkcs7_DecodeSignedData(
unsigned char *pucSign,
unsigned int *puiSignLen)
{
int ret;
PKCS7 *p7 = NULL;
X509 *cert = NULL;
const EVP_MD *md;
BIO *bio = NULL;
STACK_OF(X509) *certs = NULL;
X509_STORE *store = NULL;
int flags = 0;
p = pucDerP7SignedData;
if (!(p7 = d2i_PKCS7(NULL, &p, (long)uiDerP7SignedDataLen))) {
}
if (p - pucDerP7SignedData != uiDerP7SignedDataLen) {
}
p = pucSignerCertificate;
if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) {
}
if (p - pucSignerCertificate != uiSignerCertificateLen) {
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
}
if (!PKCS7_set_digest(p7, md)) {
}
if (!PKCS7_verify(p7, cert, store, bio, NULL, flags)) {
}
return 0;
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.6 */
@@ -235,27 +128,10 @@ int SAF_Pkcs7_EncodeEnvelopedData(
unsigned int *puiDerP7EnvelopedDataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
X509 *cert = NULL;
BIO *bio = NULL;
const EVP_CIPHER *cipher;
int flags;
cipher = EVP_get_cipherbysgd(uiSymmAlgorithm);
bio = BIO_new(BIO_s_mem());
// set data to bio
p = pucEncCertificate;
cert = d2i_X509(NULL, &p, uiEncCertificateLen);
p7 = PKCS7_encrypt(cert, bio, cipher, flags);
end:
PKCS7_free(p7);
return ret;
}
/* 7.4.7 */
/* key is referenced by App.Container.KeyUsage */
int SAF_Pkcs7_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
@@ -266,20 +142,11 @@ int SAF_Pkcs7_DecodeEnvelopedData(
unsigned char *pucData,
unsigned int *puiDataLen)
{
PKCS7 *p7 = NULL;
BIO *bio = NULL;
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
// get cert and pkey from App.Container.KeyUsage
PKCS7_decrypt(p7, pkey, cert, bio, flags);
return 0;
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.8 */
/* the `hAppHandle` and key is not required in digest */
int SAF_Pkcs7_EncodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
@@ -289,89 +156,10 @@ int SAF_Pkcs7_EncodeDigestedData(
unsigned int *puiDerP7DigestedDataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
BIO *bio = NULL;
const EVP_MD *md;
unsigned char *p;
int len;
if (!hAppHandle || !pucData || !pucDerP7DigestedData || !puiDerP7DigestedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiDataLen > INT_MAX) {
return SAR_IndataLenErr;
}
len = (int)uiDataLen;
if (!(p7 = PKCS7_new())) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!PKCS7_set_type(p7, NID_pkcs7_digest)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
/* set digest */
if (!PKCS7_set_digest(p7, md)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
/* set content */
if (!PKCS7_content_new(p7, NID_pkcs7_data)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (!(bio = PKCS7_dataInit(p7, NULL))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (!BIO_write(bio, pucData, len)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_GMAPI_LIB);
goto end;
}
if (!BIO_flush(bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_GMAPI_LIB);
goto end;
}
if (!PKCS7_dataFinal(p7, bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
/* check output buffer length */
if ((len = i2d_PKCS7(p7, NULL)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DigestedDataLen < len) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
/* der encoding */
p = pucDerP7DigestedData;
if ((len = i2d_PKCS7(p7, &p)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
*puiDerP7DigestedDataLen = (unsigned int)len;
ret = SAR_OK;
end:
PKCS7_free(p7);
return ret;
}
/* 7.4.9 */
/* parse pkcs7 and get data and digest */
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
@@ -383,22 +171,5 @@ int SAF_Pkcs7_DecodeDigestedData(
unsigned int *puiDigestLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
unsigned char *p;
long len;
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
p = pucDerP7DigestedData;
len = uiDerP7DigestedDataLen;
if (!(p7 = d2i_PKCS7(NULL, &p, len))) {
goto end;
}
return ret;
}

13
crypto/saf/saf_rand.c
View File

@@ -60,13 +60,20 @@ int SAF_GenRandom(
unsigned int uiRandLen,
unsigned char *pucRand)
{
int len;
if (uiRandLen > 1024 * 1024) {
if (uiRandLen <= 0 || uiRandLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
len = (int)uiRandLen;
if (!pucRand) {
SAFerr(SAF_F_SAF_GENRANDOM, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!RAND_bytes(pucRand, len)) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE);
return SAR_GenRandErr;
}
return SAR_OK;
}

103
crypto/saf/saf_rsa.c
View File

@@ -61,28 +61,6 @@ int SAF_GenRsaKeyPair(void *hAppHandle,
unsigned int uiKeyUsage,
unsigned int uiExportFlag)
{
RSArefPublicKey publicKey;
RSArefPrivateKey privateKey;
if (SDR_OK != SDF_GenerateKeyPair_RSA(
NULL,
uiKeyBits,
&publicKey,
&privateKey)) {
}
if ((ret = saf_save_rsa_keypair(
hAppHandle,
pucContainerName,
uiContainerNameLen,
uiKeyBits,
uiKeyUsage,
uiExportFlag,
&publicKey,
&privateKey))
!= SAR_Ok) {
}
return SAR_NotSupportYetErr;
}
@@ -95,47 +73,10 @@ int SAF_GetPublicKey(
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
unsigned int uiAlgID;
if (uiAlgID = SGD_RSA) {
if (uiKeyUsage == 1) {
if (SDF_ExportSignPublicKey_RSA(
hSessionHandle,
uiKeyIndex,
(RSArefPublicKey *)pucPublicKey) != SDR_OK) {
}
} else {
if (SDF_ExportEncPublicKey_RSA(
hSessionHandle,
uiKeyIndex,
(RSArefPublicKey *)pucPublicKey) != SDR_OK) {
}
}
*puiPublicKeyLen = (unsigned int)sizeof(RSArefPublicKey);
} else {
if (uiKeyUsage == 1) {
if (SDF_ExportSignPublicKey_ECC(
hSessionHandle,
uiKeyIndex,
(ECCrefPublicKey *)pucPublicKey) != SDR_OK) {
}
} else {
if (SDF_ExportEncPublicKey_ECC(
hSessionHandle,
uiKeyIndex,
(ECCrefPublicKey *)pucPublicKey) != SDR_OK) {
}
}
*puiPublicKeyLen = (unsigned int)sizeof(ECCrefPublicKey);
}
return SAR_NotSupportYetErr;
}
/* 7.3.18 */
/* the `pucInData` is message, not digest */
int SAF_RsaSign(
void *hAppHandle,
unsigned char *pucContainerName,
@@ -146,8 +87,6 @@ int SAF_RsaSign(
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
return SAR_NotSupportYetErr;
}
@@ -161,20 +100,6 @@ int SAF_RsaSignFile(
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
int ret;
unsigned char *buf = NULL;
unsigned int buflen;
if ((ret = readfile(pucFileName, &buf, &buflen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_RsaSign(hAppHandle, pucContainerName, uiContainerNameLen,
uiHashAlgoType, buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) {
OPENSSL_free(buf);
return ret;
}
OPENSSL_free(buf);
return SAR_OK;
}
@@ -200,20 +125,6 @@ int SAF_RsaVerifySignFile(
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret;
unsigned char *buf = NULL;
unsigned int buflen;
if ((ret = readfile(pucFileName, &buf, &buflen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_RsaVerifySign(uiHashAlgoType, pucPublicKey, uiPublicKeyLen,
buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) {
OPENSSL_free(buf);
return ret;
}
OPENSSL_free(buf);
return SAR_OK;
}
@@ -227,20 +138,6 @@ int SAF_VerifySignByCert(
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret;
unsigned char *buf = NULL;
unsigned int buflen;
if ((ret = cert_get_pubkey(pucCertificate, uiCertificateLen, &buf, &buflen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_RsaVerifySign(uiHashAlgoType, pucPublicKey, uiPublicKeyLen,
buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) {
OPENSSL_free(buf);
return ret;
}
OPENSSL_free(buf);
return SAR_OK;
}

102
crypto/saf/saf_sm2.c
View File

@@ -70,17 +70,6 @@ int SAF_SM2_EncodeSignedAndEnvelopedData(
unsigned int *puiDerSignedAndEnvelopedDataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
const EVP_MD *md;
p7 = PKCS7_new();
pkey = saf_load_private_key(hAppHandle,
pucSignContainerName, uiSignContainerNameLen
uiSignKeyUsage);
PKCS7_set_type(p7, 0);
return 0;
}
@@ -115,42 +104,6 @@ int SAF_SM2_EncodeSignedData(
unsigned char *pucDerSignedData,
unsigned int *puiDerSignedDataLen)
{
int flags;
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
X509 *cert = NULL;
unsigned char *p;
if (!(pkey = saf_load_private_key(hAppHandle, pucSignContainerName,
uiSignContainerNameLen, uiSignKeyUsage))) {
}
/* decode certificate, check no extra input */
p = pucSignerCertificate;
if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) {
}
if (p - pucSignerCertificate != uiSignerCertificateLen) {
}
/* data bio */
if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))) {
}
/* set digest */
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
}
flags = PKCS7_BINARY;
p7 = PKCS7_sign(cert, pkey, NULL, bio, flags);
p = pucDerP7Data;
if (i2d_PKCS7(p7, &p) < 0) {
}
*puiDerP7DataLen = p - pucDerP7Data;
return 0;
}
@@ -167,36 +120,6 @@ int SAF_SM2_DecodeSignedData(
unsigned char *pucSign,
unsigned int *puiSignLen)
{
int ret;
PKCS7 *p7 = NULL;
X509 *cert = NULL;
const EVP_MD *md;
BIO *bio = NULL;
STACK_OF(X509) *certs = NULL;
X509_STORE *store = NULL;
int flags = 0;
p = pucDerP7SignedData;
if (!(p7 = d2i_PKCS7(NULL, &p, (long)uiDerP7SignedDataLen))) {
}
if (p - pucDerP7SignedData != uiDerP7SignedDataLen) {
}
p = pucSignerCertificate;
if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) {
}
if (p - pucSignerCertificate != uiSignerCertificateLen) {
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
}
if (!PKCS7_set_digest(p7, md)) {
}
if (!PKCS7_verify(p7, cert, store, bio, NULL, flags)) {
}
return 0;
}
@@ -212,22 +135,6 @@ int SAF_SM2_EncodeEnvelopedData(
unsigned int *puiDerEnvelopedDataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
X509 *cert = NULL;
BIO *bio = NULL;
const EVP_CIPHER *cipher;
int flags;
cipher = EVP_get_cipherbysgd(uiSymmAlgorithm);
bio = BIO_new(BIO_s_mem());
// set data to bio
p = pucEncCertificate;
cert = d2i_X509(NULL, &p, uiEncCertificateLen);
p7 = PKCS7_encrypt(cert, bio, cipher, flags);
end:
PKCS7_free(p7);
return ret;
}
@@ -242,14 +149,5 @@ int SAF_SM2_DecodeEnvelopedData(
unsigned char *pucData,
unsigned int *puiDataLen)
{
PKCS7 *p7 = NULL;
BIO *bio = NULL;
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
// get cert and pkey from App.Container.KeyUsage
PKCS7_decrypt(p7, pkey, cert, bio, flags);
return 0;
}

66
crypto/saf/saf_symmkeyobj.c
View File

@@ -54,10 +54,7 @@
#include "saf_lcl.h"
/* 7.3.30
* All symmetric keys in GMAPI are session objects.
* The `SymmKeyObj` is a EVP_CIPHER_CTX
*/
/* 7.3.30 */
int SAF_CreateSymmKeyObj(
void *hAppHandle,
void **phSymmKeyObj,
@@ -69,52 +66,31 @@ int SAF_CreateSymmKeyObj(
unsigned int uiCryptoAlgID)
{
int ret = SAR_UnknownErr;
SAF_SymmKeyObj *obj = NULL;
SAF_SYMMKEYOBJ *obj = NULL;
/* check arguments */
if (!hAppHandle || !phSymmKeyObj || !pucContainerName || !pucIV) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
ERR_R_PASSED_NULL_PARAMETER);
return -1;
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerLen > INT_MAX) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
SAF_R_INVALID_INPUT_LENGTH);
return -1;
}
if (uiIVLen > EVP_MAX_IV_LENGTH) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
SAF_R_INVALID_INPUT_LENGTH);
return -1;
if (uiContainerLen <= 0 || uiContainerLen > 255 ||
uiIVLen > EVP_MAX_IV_LENGTH) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* init object */
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
ERR_R_MALLOC_FAILURE);
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->hAppHandle = hAppHandle;
if (!(obj->pucContainerName = OPENSSL_memdup(pucContainerName,
(size_t)uiContainerLen))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
ERR_R_MALLOC_FAILURE);
goto end;
}
if (!(obj->pucIV = OPENSSL_memdup(pucIV, (size_t)uiIVLen))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
ERR_R_MALLOC_FAILURE);
goto end;
}
obj->uiEncOrDec = uiEncOrDec;
if (!EVP_get_cipherbysgd(uiCryptoAlgID)) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
SAF_R_INVALID_ALGOR);
goto end;
}
obj->uiCryptoAlgID = uiCryptoAlgID;
memcpy(obj->container, pucContainerName, uiContainerLen);
obj->containerlen = uiContainerLen;
memcpy(obj->iv, pucIV, uiIVLen);
obj->ivlen = uiIVLen;
obj->enc = uiEncOrDec;
obj->algor = uiCryptoAlgID;
/* set output */
*phSymmKeyObj = obj;
@@ -131,14 +107,10 @@ end:
int SAF_DestroySymmAlgoObj(
void *hSymmKeyObj)
{
SAF_SymmKeyObj *obj = (SAF_SymmKeyObj *)hSymmKeyObj;
if (!hSymmKeyObj) {
return SAR_OK;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
if (obj) {
OPENSSL_cleanse(obj, sizeof(*obj));
OPENSSL_free(obj);
}
OPENSSL_free(obj->pucContainerName);
OPENSSL_free(obj->pucIV);
memset(obj, 0, sizeof(*obj));
return SAR_OK;
}

17
crypto/sdf/build.info
View File

@@ -1,17 +1,2 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
sdf_dev.c \
sdf_ec.c \
sdf_enc.c \
sdf_err.c \
sdf_errstr.c \
sdf_ext.c \
sdf_file.c \
sdf_hash.c \
sdf_key.c \
sdf_key2.c \
sdf_lib.c \
sdf_mac.c \
sdf_rand.c \
sdf_rsa.c \
sdf_session.c
SOURCE[../../libcrypto]=sdf_err.c sdf_lib.c sdf_meth.c

119
crypto/sdf/sdf_dev.c
View File

@@ -1,119 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/gmsdf.h>
#include <openssl/engine.h>
#include "sdf_lcl.h"
char *deviceHandle = "SDF Device Handle";
int SDF_OpenDevice(
void **phDeviceHandle)
{
if (!phDeviceHandle) {
SDFerr(SDF_F_SDF_OPENDEVICE, ERR_R_PASSED_NULL_PARAMETER);
return SDR_OUTARGERR;
}
#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
#endif
*phDeviceHandle = deviceHandle;
return SDR_OK;
}
int SDF_CloseDevice(
void *hDeviceHandle)
{
if (hDeviceHandle != deviceHandle) {
SDFerr(SDF_F_SDF_CLOSEDEVICE, SDF_R_INVALID_DEVICE_HANDLE);
return SDR_INARGERR;
}
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
return SDR_OK;
}
int SDF_GetDeviceInfo(
void *hSessionHandle,
DEVICEINFO *pstDeviceInfo)
{
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
if (!hSessionHandle || !pstDeviceInfo) {
SDFerr(SDF_F_SDF_GETDEVICEINFO, ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (session->magic != SDF_SESSION_MAGIC) {
SDFerr(SDF_F_SDF_GETDEVICEINFO, SDF_R_INVALID_SESSION_HANDLE);
return SDR_INARGERR;
}
memset(pstDeviceInfo, 0, sizeof(*pstDeviceInfo));
strncpy((char *)pstDeviceInfo->IssuerName, "GmSSL Project (http://gmssl.org)", 40);
strncpy((char *)pstDeviceInfo->DeviceName, "GmSSL Soft SDF", 16);
strncpy((char *)pstDeviceInfo->DeviceSerial, "201608020010123", 16);
pstDeviceInfo->DeviceVersion = 2;
pstDeviceInfo->StandardVersion = 1;
pstDeviceInfo->AsymAlgAbility[0] = SGD_RSA|SGD_SM2_1;
pstDeviceInfo->AsymAlgAbility[1] = SGD_RSA|SGD_SM2_3;
pstDeviceInfo->SymAlgAbility = SGD_SM1|SGD_SSF33|SGD_SM4|SGD_ZUC;
pstDeviceInfo->HashAlgAbility = SGD_SM3|SGD_SHA1|SGD_SHA256;
pstDeviceInfo->BufferSize = 0;
return SDR_OK;
}

918
crypto/sdf/sdf_ec.c
View File

@@ -1,918 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <openssl/ec.h>
#include <openssl/sm2.h>
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include "sdf_lcl.h"
/*
* For all the ECC signing/verification, the to be signed data `pucData`
* should be the digest of the message, instead of the original message. If
* the application requires a GM standard signature with the hashed identity
* `Z`, then `SDF_HashInit` must be called with the `pucPublicKey` and
* `pucID` provided.
*/
/*
* some of these functions require an `uiAlgID` to specify the algorithm.
* Currently only `SGD_SM2_1` and `SGD_SM2_3` should be used. Maybe for some
* implementations might also support international algorithms such as ECDSA
* and ECIES.
*/
/*
* there are limits on the max size of input plaintext, for SM2 encryptions,
* the length will be equal to the `ECCref_MAX_CIPHER_LEN`
*/
/*
* Symmetric Encryption:
* `SDF_Encrypt`
* `SDF_Decrypt`
*
* we will not provide two-step operations for SDF API which means the
* caller can not assign the `pucEnData` to be NULL hoping that the API will
* return the proper out length through `*puiEncDataLength`. The reason is
* that the maximum output length can be easily estimated in almost all the
* APIs of SDF. So when `pucEncData` is NULL or `*puiEncDataLength` is not
* large enough, the API will just return with an error.
*
* The implementation will not carefully to estimate the output length, so
* always prepare the max output buffer. For exmaple, prepare at least two
* extra blocks for symmetric encryption, prepare max digest length of known
* hash functions as the MAC buffer size.
*
* Note: the GM/T 0018-2012 standard requires the implementation MUST NOT do
* any padding operatons, and the input data length should be multiple block
* length. Thus these two functions can be used for modes such as CBC, the
* caller can use a function more than once and do the padding himself.
*/
int SDF_GenerateKeyPair_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKeyBits,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey)
{
int ret = SDR_UNKNOWERR;
EC_KEY *ec_key = NULL;
/* check arguments */
if (!hSessionHandle || !pucPublicKey || !pucPrivateKey) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (uiAlgID != SGD_SM2 && uiAlgID != SGD_SM2_1 &&
uiAlgID != SGD_SM2_2 && uiAlgID != SGD_SM2_3) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC,
SDF_R_INVALID_ALGOR);
return SDR_UNKNOWERR;
}
if (uiKeyBits != 256) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC,
SDF_R_INVALID_KEY_LENGTH);
return SDR_UNKNOWERR;
}
/* generate */
if(!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC, ERR_R_EC_LIB);
goto end;
}
/* convert */
if (!EC_KEY_get_ECCrefPublicKey(ec_key, pucPublicKey)) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC,
SDF_R_GET_PUBLIC_KEY_FAILED);
goto end;
}
if (!EC_KEY_get_ECCrefPrivateKey(ec_key, pucPrivateKey)) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC,
SDF_R_GET_PRIVATE_KEY_FAILED);
goto end;
}
ret = SAR_OK;
end:
EC_KEY_free(ec_key);
return ret;
}
int SDF_ExportSignPublicKey_ECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey)
{
int ret = SDR_UNKNOWERR;
EVP_PKEY *pkey = NULL;
unsigned int uiKeyUsage = SGD_SM2_1;
/* check arguments */
if (!hSessionHandle || !pucPublicKey) {
SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
/* load key */
if (!(pkey = sdf_load_ec_public_key(hSessionHandle,
uiKeyIndex, uiKeyUsage))) {
SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
if (!EC_KEY_get_ECCrefPublicKey(EVP_PKEY_get0_EC_KEY(pkey),
pucPublicKey)) {
SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
ret = SDR_OK;
end:
EVP_PKEY_free(pkey);
return ret;
}
int SDF_ExportEncPublicKey_ECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey)
{
int ret = SDR_UNKNOWERR;
EVP_PKEY *pkey = NULL;
unsigned int uiKeyUsage = 1;
/* check arguments */
if (!hSessionHandle || !pucPublicKey) {
SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
/* load key */
if (!(pkey = sdf_load_ec_public_key(hSessionHandle,
uiKeyIndex, uiKeyUsage))) {
SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
if (!EC_KEY_get_ECCrefPublicKey(EVP_PKEY_get0_EC_KEY(pkey),
pucPublicKey)) {
SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
ret = SDR_OK;
end:
EVP_PKEY_free(pkey);
return ret;
}
int SDF_GenerateAgreementDataWithECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
void **phAgreementHandle)
{
return 0;
}
int SDF_GenerateKeyWithECC(
void *hSessionHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void *hAgreementHandle,
void **phKeyHandle)
{
return 0;
}
int SDF_GenerateAgreementDataAndKeyWithECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void **phKeyHandle)
{
return 0;
}
/* generate a session key and encrypt it with internal public key
* we can first random a key,
* export the public key,
* and then use the SDF_GenerateKeyWithEPK_ECC to encrypt the key
* the output key handle is only a pointer to the key buffer.
*/
int SDF_GenerateKeyWithIPK_ECC(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits, /* output session key length */
ECCCipher *pucKey,
void **phKeyHandle)
{
int ret = SDR_UNKNOWERR;
SDF_KEY *key = NULL;
unsigned int uiAlgID = SGD_SM2_3;
/* check arguments */
if (!hSessionHandle || !pucKey || !phKeyHandle) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (uiKeyBits <= 0 || uiKeyBits > EVP_MAX_KEY_LENGTH * 8 ||
uiKeyBits % 8) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC,
SDF_R_INVALID_KEY_LENGTH);
return SDR_UNKNOWERR;
}
/* random key */
if (!(key = OPENSSL_zalloc(sizeof(*key)))) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC,
ERR_R_MALLOC_FAILURE);
goto end;
}
key->keylen = uiKeyBits/8;
if ((ret = SDF_GenerateRandom(hSessionHandle, key->keylen,
key->key)) != SDR_OK) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
/* encrypt key with external ec public key */
if ((ret = SDF_InternalEncrypt_ECC(
hSessionHandle,
uiIPKIndex,
uiAlgID,
key->key,
key->keylen,
pucKey)) != SDR_OK) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
*phKeyHandle = key;
key = NULL;
ret = SDR_OK;
end:
OPENSSL_clear_free(key, sizeof(*key));
return ret;
}
int SDF_GenerateKeyWithEPK_ECC(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID, /* must be SGD_SM2_3 */
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucKey,
void **phKeyHandle)
{
int ret = SDR_UNKNOWERR;
SDF_KEY *key = NULL;
/* check arguments */
if (!hSessionHandle || !pucPublicKey || !pucKey || !phKeyHandle) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (uiKeyBits <= 0 || uiKeyBits >= EVP_MAX_KEY_LENGTH * 8 ||
uiKeyBits % 8) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC,
SDF_R_INVALID_KEY_LENGTH);
return SDR_UNKNOWERR;
}
if (uiAlgID != SGD_SM2_3) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC,
SDF_R_INVALID_ALGOR);
return SDR_UNKNOWERR;
}
/* random key */
if (!(key = OPENSSL_zalloc(sizeof(*key)))) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC,
ERR_R_MALLOC_FAILURE);
goto end;
}
key->keylen = uiKeyBits/8;
if ((ret = SDF_GenerateRandom(hSessionHandle, key->keylen,
key->key)) != SDR_OK) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
/* encrypt key with external ec public key */
if ((ret = SDF_ExternalEncrypt_ECC(
hSessionHandle,
uiAlgID,
pucPublicKey,
key->key,
key->keylen,
pucKey)) != SDR_OK) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
*phKeyHandle = key;
key = NULL;
ret = SDR_OK;
end:
OPENSSL_clear_free(key, sizeof(*key));
return ret;
}
/* import session key
* use the engine to decrypt the ECCipher
*/
int SDF_ImportKeyWithISK_ECC(
void *hSessionHandle,
unsigned int uiISKIndex,
ECCCipher *pucKey,
void **phKeyHandle)
{
int ret = SDR_UNKNOWERR;
SDF_KEY *key = NULL;
unsigned int uiAlgID = SGD_SM2_3;
/* check arguments */
if (!hSessionHandle || !pucKey || !phKeyHandle) {
SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
/* prepare key */
if (!(key = OPENSSL_zalloc(sizeof(*key)))) {
SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_ECC,
ERR_R_MALLOC_FAILURE);
goto end;
}
key->keylen = EVP_MAX_KEY_LENGTH;
/* decrypt with internal ec private key */
if ((ret = SDF_InternalDecrypt_ECC(
hSessionHandle,
uiISKIndex,
uiAlgID,
pucKey,
key->key,
&key->keylen)) != SDR_OK) {
SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
*phKeyHandle = key;
key = NULL;
ret = SDR_OK;
end:
OPENSSL_clear_free(key, sizeof(*key));
return ret;
}
int SDF_ExchangeDigitEnvelopeBaseOnECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucEncDataIn,
ECCCipher *pucEncDataOut)
{
return 0;
}
/*
* Implementation of SM2 signing
*
* Although the digest and signing operations should be the wrapping of the EVP
* API, it will be simpler when using the native API of the `sm2` module.
* Another consideration is that the usage of SM2 EVP might be changed, and the
* operations might also be different from the GM standards, like signing the
* H(Z||H(M)) instead of signing H(Z||M). So in the GMAPI we use the SM2 API
* directly.
*/
int SDF_ExternalSign_ECC(
void *hSessionHandle, /* no use so not checked */
unsigned int uiAlgID, /* must be SGD_SM2_1 */
ECCrefPrivateKey *pucPrivateKey,
unsigned char *pucData, /* digest */
unsigned int uiDataLength,
ECCSignature *pucSignature)
{
int ret = SDR_UNKNOWERR;
EC_KEY *ec_key = NULL;
ECDSA_SIG *sig = NULL;
/* check arguments */
if (!hSessionHandle || !pucData || !pucSignature) {
SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (uiAlgID != SGD_SM2_1) {
SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC,
SDF_R_INVALID_ALGOR);
return 0;
}
if (uiDataLength > INT_MAX) {
SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC,
SDF_R_INVALID_INPUT_LENGTH);
return 0;
}
/* load ec private key */
if (!(ec_key = EC_KEY_new_from_ECCrefPrivateKey(pucPrivateKey))) {
SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
if (!(sig = SM2_do_sign(pucData, uiDataLength, ec_key))) {
SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC,
ERR_R_EC_LIB);
goto end;
}
/* set return value */
if (!ECDSA_SIG_get_ECCSignature(sig, pucSignature)) {
SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC,
ERR_R_GMAPI_LIB);
goto end;
}
ret = SDR_OK;
end:
EC_KEY_free(ec_key);
ECDSA_SIG_free(sig);
return ret;
}
int SDF_ExternalVerify_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
ECCSignature *pucSignature)
{
int ret = SDR_UNKNOWERR;
EC_KEY *ec_key = NULL;
ECDSA_SIG *sig = NULL;
/* check arguments */
if (!hSessionHandle || !pucPublicKey || !pucDataInput ||
!pucSignature) {
SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (uiAlgID != SGD_SM2_1) {
SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC,
SDF_R_INVALID_ALGOR);
return SDR_UNKNOWERR;
}
if (uiInputLength != SM3_DIGEST_LENGTH) {
SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC,
SDF_R_INVALID_INPUT_LENGTH);
return SDR_UNKNOWERR;
}
/* parse arguments */
if (!(ec_key = EC_KEY_new_from_ECCrefPublicKey(pucPublicKey))) {
SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC,
SDF_R_INVALID_EC_PUBLIC_KEY);
goto end;
}
if (!(sig = SM2_do_sign(pucDataInput, uiInputLength, ec_key))) {
SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC, ERR_R_EC_LIB);
goto end;
}
if (!ECDSA_SIG_get_ECCSignature(sig, pucSignature)) {
SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
ret = SDR_OK;
end:
EC_KEY_free(ec_key);
ECDSA_SIG_free(sig);
return ret;
}
int SDF_ExternalEncrypt_ECC(
void *hSessionHandle,
unsigned int uiAlgID, /* SGD_SM2_3 */
ECCrefPublicKey *pucPublicKey,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData)
{
int ret = SDR_UNKNOWERR;
EC_KEY *ec_key = NULL;
SM2_CIPHERTEXT_VALUE *cv = NULL;
SM2_ENC_PARAMS params;
/* check arguments */
if (!hSessionHandle || !pucPublicKey || !pucData || !pucEncData) {
SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (uiAlgID != SGD_SM2_3) {
SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC,
SDF_R_INVALID_ALGOR);
return 0;
}
/* FIXME
if (uiDataLength > ECCref_MAX_CIPHER_LEN) {
SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC,
SDF_R_INVALID_INPUT_LENGTH);
return 0;
}
*/
/* parse public key */
if (!(ec_key = EC_KEY_new_from_ECCrefPublicKey(pucPublicKey))) {
SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, ERR_R_GMAPI_LIB);
goto end;
}
/* encrypt */
(void)SM2_ENC_PARAMS_init_with_recommended(&params);
if (!(cv = SM2_do_encrypt(&params, pucData, (size_t)uiDataLength,
ec_key))) {
SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, ERR_R_EC_LIB);
goto end;
}
/* encode ciphertext */
if (!SM2_CIPHERTEXT_VALUE_get_ECCCipher(cv, pucEncData)) {
SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, ERR_R_EC_LIB);
goto end;
}
ret = SDR_OK;
end:
EC_KEY_free(ec_key);
SM2_CIPHERTEXT_VALUE_free(cv);
return ret;
}
int SDF_ExternalDecrypt_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPrivateKey *pucPrivateKey,
ECCCipher *pucEncData,
unsigned char *pucData,
unsigned int *puiDataLength)
{
int ret = SDR_UNKNOWERR;
EC_KEY *ec_key = NULL;
SM2_CIPHERTEXT_VALUE *cv = NULL;
SM2_ENC_PARAMS params;
size_t siz;
/* check arguments */
if (!hSessionHandle || !pucPrivateKey || !pucEncData ||
!pucData || !puiDataLength) {
SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
/* FIXME
if (*puiDataLength < ECCref_MAX_CIPHER_LEN) {
SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC,
SDF_R_BUFFER_TOO_SMALL);
return SDR_UNKNOWERR;
}
*/
/* parse arguments */
if (!(ec_key = EC_KEY_new_from_ECCrefPrivateKey(pucPrivateKey))) {
SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC,
SDF_R_INVALID_EC_PRIVATE_KEY);
goto end;
}
if (!(cv = SM2_CIPHERTEXT_VALUE_new_from_ECCCipher(pucEncData))) {
SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC,
SDF_R_INVALID_EC_CIPHERTEXT);
goto end;
}
/* decrypt */
(void)SM2_ENC_PARAMS_init_with_recommended(&params);
siz = (size_t)*puiDataLength;
if (!SM2_do_decrypt(&params, cv, pucData, &siz, ec_key)) {
SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC, ERR_R_EC_LIB);
}
/* set return value */
*puiDataLength = (unsigned int)siz;
ret = SDR_OK;
end:
EC_KEY_free(ec_key);
SM2_CIPHERTEXT_VALUE_free(cv);
return ret;
}
/* internal private key operation will use ENGINE */
int SDF_InternalSign_ECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature)
{
int ret = 0;
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned char buf[256/4 + 32];
size_t siz;
/* check arguments */
if (!hSessionHandle || !pucData || !pucSignature) {
SDFerr(SDF_F_SDF_INTERNALSIGN_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (uiDataLength > SM3_DIGEST_LENGTH) {
SDFerr(SDF_F_SDF_INTERNALSIGN_ECC,
SDF_R_INVALID_INPUT_LENGTH);
return SDR_UNKNOWERR;
}
/* parse arguments */
if (!(pkey = sdf_load_ec_private_key(hSessionHandle, uiISKIndex,
SGD_PK_SIGN))) {
SDFerr(SDF_F_SDF_INTERNALSIGN_ECC,
SDF_R_INVALID_KEY_HANDLE);
goto end;
}
/* sign
* use the EVP API instead of the native SM2 API to use ENGINE
*/
if (!(ctx = EVP_PKEY_CTX_new(pkey, session->engine))) {
SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_PKEY_sign_init(ctx)) {
SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_PKEY_CTX_set_ec_sign_type(ctx, NID_sm_scheme)) {
SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_EVP_LIB);
goto end;
}
siz = sizeof(buf);
if (!EVP_PKEY_sign(ctx, buf, &siz, pucData, (size_t)uiDataLength)) {
SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_EVP_LIB);
goto end;
}
/* convert signature buf to ECCSignature */
if (!sdf_decode_ec_signature(pucSignature, buf, siz)) {
SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
ret = SDR_OK;
end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
return ret;
}
int SDF_InternalVerify_ECC(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature)
{
int ret = SDR_UNKNOWERR;
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
unsigned char buf[521/4 + 32];
size_t siz;
/* check arguments */
if (!hSessionHandle || !pucData || !pucSignature) {
SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (uiDataLength != SM3_DIGEST_LENGTH) {
SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC,
SDF_R_INVALID_INPUT_LENGTH);
return SDR_UNKNOWERR;
}
/* parse arguments */
if (!(pkey = sdf_load_ec_public_key(hSessionHandle, uiIPKIndex,
SGD_PK_SIGN))) {
SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_GMAPI_LIB);
goto end;
}
siz = sizeof(buf);
if (!sdf_encode_ec_signature(pucSignature, buf, &siz)) {
SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_GMAPI_LIB);
goto end;
}
/* verify with EVP API and ENGINE */
if (!(ctx = EVP_PKEY_CTX_new(pkey, session->engine))) {
SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_PKEY_verify_init(ctx)) {
SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_PKEY_CTX_set_ec_sign_type(ctx, NID_sm_scheme)) {
SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_EVP_LIB);
goto end;
}
if (1 != EVP_PKEY_verify(ctx, buf, siz, pucData,
(size_t)uiDataLength)) {
SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_EVP_LIB);
goto end;
}
ret = SDR_OK;
end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey);
return ret;
}
int SDF_InternalEncrypt_ECC(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiAlgID,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
SM2_CIPHERTEXT_VALUE *cv = NULL;
SM2_ENC_PARAMS params;
/* check arguments */
if (!hSessionHandle || !pucData || !pucEncData) {
SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (uiDataLength > ECCref_MAX_LEN) {
SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC,
SDF_R_INVALID_INPUT_LENGTH);
return 0;
}
if (!(pkey = sdf_load_ec_public_key((SDF_SESSION *)hSessionHandle,
uiIPKIndex, uiAlgID))) {
SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC, ERR_R_GMAPI_LIB);
goto end;
}
(void)SM2_ENC_PARAMS_init_with_recommended(&params);
/* we need to use the EVP_PKEY interface to use ENGINE ?*/
if (!(cv = SM2_do_encrypt(&params, pucData, (size_t)uiDataLength,
EVP_PKEY_get0_EC_KEY(pkey)))) {
SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC, ERR_R_EC_LIB);
goto end;
}
if (!SM2_CIPHERTEXT_VALUE_get_ECCCipher(cv, pucEncData)) {
SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC, ERR_R_EC_LIB);
goto end;
}
ret = SDR_OK;
end:
EVP_PKEY_free(pkey);
SM2_CIPHERTEXT_VALUE_free(cv);
return ret;
}
int SDF_InternalDecrypt_ECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiAlgID,
ECCCipher *pucEncData,
unsigned char *pucData,
unsigned int *puiDataLength)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
/* check arguments */
if (!hSessionHandle || !pucEncData || !pucData || !puiDataLength) {
SDFerr(SDF_F_SDF_INTERNALDECRYPT_ECC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (!(pkey = sdf_load_ec_private_key(hSessionHandle,
uiISKIndex, uiAlgID))) {
SDFerr(SDF_F_SDF_INTERNALDECRYPT_ECC, ERR_R_GMAPI_LIB);
goto end;
}
end:
return 0;
}

215
crypto/sdf/sdf_enc.c
View File

@@ -1,215 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include "sdf_lcl.h"
/* TODO: current max input length is INT_MAX
* we will return error when the input is longer than INT_MAX.
* do not fixed this in GmSSL 2.x, fixed it in the future.
* we can seperate the input to multiple of INT_MAX with multiple upadtes.
*/
/*
* Implement with ENGINE
* as some of the ciphers such as SM1/SSF33 can not be supported by
* software, we can use ENGINEs hoping that such ciphers can be supported.
*/
int SDF_Encrypt(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucEncData,
unsigned int *puiEncDataLength)
{
int ret = SDR_UNKNOWERR;
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
SDF_KEY *key = (SDF_KEY *)hKeyHandle;
EVP_CIPHER_CTX *ctx = NULL;
const EVP_CIPHER *cipher;
unsigned char *p;
int len;
/* check arguments */
if (!hSessionHandle || !hKeyHandle || !pucIV || !pucData || !pucEncData
|| !puiEncDataLength) {
SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (uiDataLength <= 0 || uiDataLength > INT_MAX) {
SDFerr(SDF_F_SDF_ENCRYPT, SDF_R_INVALID_INPUT_LENGTH);
return SDR_UNKNOWERR;
}
if (*puiEncDataLength < uiDataLength + EVP_MAX_BLOCK_LENGTH * 2) {
SDFerr(SDF_F_SDF_ENCRYPT, SDF_R_BUFFER_TOO_SMALL);
return SDR_UNKNOWERR;
}
/* parse arguments */
if (!(cipher = sdf_get_cipher(hSessionHandle, uiAlgID))) {
SDFerr(SDF_F_SDF_ENCRYPT, SDF_R_INVALID_ALGOR);
goto end;
}
if (key->keylen != EVP_CIPHER_key_length(cipher)) {
SDFerr(SDF_F_SDF_ENCRYPT, SDF_R_INVALID_KEY_HANDLE);
goto end;
}
/* encrypt */
if (!(ctx = EVP_CIPHER_CTX_new())) {
SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EVP_EncryptInit_ex(ctx, cipher, session->engine, key->key, pucIV)) {
SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_EVP_LIB);
goto end;
}
p = pucEncData;
if (!EVP_EncryptUpdate(ctx, p, &len, pucData, (int)uiDataLength)) {
SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_EVP_LIB);
goto end;
}
p += len;
if (!EVP_EncryptFinal_ex(ctx, p, &len)) {
SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_EVP_LIB);
goto end;
}
p += len;
/* set return value */
*puiEncDataLength = p - pucEncData;
ret = SDR_OK;
end:
EVP_CIPHER_CTX_free(ctx);
return 0;
}
int SDF_Decrypt(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucEncData,
unsigned int uiEncDataLength,
unsigned char *pucData,
unsigned int *puiDataLength)
{
int ret = SDR_UNKNOWERR;
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
SDF_KEY *key = (SDF_KEY *)hKeyHandle;
const EVP_CIPHER *cipher;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char *p;
int len;
/* check arguments */
if (!hSessionHandle || !hKeyHandle || !pucIV || !pucEncData ||
!pucData || !puiDataLength) {
SDFerr(SDF_F_SDF_DECRYPT, ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
if (uiEncDataLength <= 0 || uiEncDataLength > INT_MAX) {
SDFerr(SDF_F_SDF_DECRYPT, SDF_R_INVALID_INPUT_LENGTH);
return SDR_UNKNOWERR;
}
if (*puiDataLength < uiEncDataLength) {
SDFerr(SDF_F_SDF_DECRYPT, SDF_R_BUFFER_TOO_SMALL);
return SDR_UNKNOWERR;
}
/* parse arguments */
if (!(cipher = sdf_get_cipher(hSessionHandle, uiAlgID))) {
SDFerr(SDF_F_SDF_DECRYPT, SDF_R_INVALID_ALGOR);
goto end;
}
if (key->keylen != EVP_CIPHER_key_length(cipher)) {
SDFerr(SDF_F_SDF_DECRYPT, SDF_R_INVALID_KEY_HANDLE);
goto end;
}
/* decrypt */
if (!(ctx = EVP_CIPHER_CTX_new())) {
SDFerr(SDF_F_SDF_DECRYPT, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EVP_DecryptInit_ex(ctx, cipher, session->engine, key->key, pucIV)) {
SDFerr(SDF_F_SDF_DECRYPT, ERR_R_EVP_LIB);
goto end;
}
p = pucData;
if (!EVP_DecryptUpdate(ctx, p, &len, pucEncData,
(int)uiEncDataLength)) {
SDFerr(SDF_F_SDF_DECRYPT, ERR_R_EVP_LIB);
goto end;
}
p += len;
if (!EVP_DecryptFinal_ex(ctx, p, &len)) {
SDFerr(SDF_F_SDF_DECRYPT, ERR_R_EVP_LIB);
goto end;
}
p += len;
/* set return value */
*puiDataLength = p - pucEncData;
ret =SDR_OK;
end:
EVP_CIPHER_CTX_free(ctx);
return ret;
}

129
crypto/sdf/sdf_err.c
View File

@@ -1,129 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gmsdf.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SDF,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SDF,0,reason)
static ERR_STRING_DATA SDF_str_functs[] = {
{ERR_FUNC(SDF_F_SDF_CALCULATEMAC), "SDF_CalculateMAC"},
{ERR_FUNC(SDF_F_SDF_CLOSEDEVICE), "SDF_CloseDevice"},
{ERR_FUNC(SDF_F_SDF_CLOSESESSION), "SDF_CloseSession"},
{ERR_FUNC(SDF_F_SDF_DECODE_EC_SIGNATURE), "sdf_decode_ec_signature"},
{ERR_FUNC(SDF_F_SDF_DECRYPT), "SDF_Decrypt"},
{ERR_FUNC(SDF_F_SDF_ENCODE_EC_SIGNATURE), "sdf_encode_ec_signature"},
{ERR_FUNC(SDF_F_SDF_ENCRYPT), "SDF_Encrypt"},
{ERR_FUNC(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC),
"SDF_ExportEncPublicKey_ECC"},
{ERR_FUNC(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA),
"SDF_ExportEncPublicKey_RSA"},
{ERR_FUNC(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC),
"SDF_ExportSignPublicKey_ECC"},
{ERR_FUNC(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA),
"SDF_ExportSignPublicKey_RSA"},
{ERR_FUNC(SDF_F_SDF_EXTERNALDECRYPT_ECC), "SDF_ExternalDecrypt_ECC"},
{ERR_FUNC(SDF_F_SDF_EXTERNALENCRYPT_ECC), "SDF_ExternalEncrypt_ECC"},
{ERR_FUNC(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA),
"SDF_ExternalPrivateKeyOperation_RSA"},
{ERR_FUNC(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA),
"SDF_ExternalPublicKeyOperation_RSA"},
{ERR_FUNC(SDF_F_SDF_EXTERNALSIGN_ECC), "SDF_ExternalSign_ECC"},
{ERR_FUNC(SDF_F_SDF_EXTERNALVERIFY_ECC), "SDF_ExternalVerify_ECC"},
{ERR_FUNC(SDF_F_SDF_GENERATEKEYPAIR_ECC), "SDF_GenerateKeyPair_ECC"},
{ERR_FUNC(SDF_F_SDF_GENERATEKEYPAIR_RSA), "SDF_GenerateKeyPair_RSA"},
{ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHEPK_ECC),
"SDF_GenerateKeyWithEPK_ECC"},
{ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHEPK_RSA),
"SDF_GenerateKeyWithEPK_RSA"},
{ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHIPK_ECC),
"SDF_GenerateKeyWithIPK_ECC"},
{ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHIPK_RSA),
"SDF_GenerateKeyWithIPK_RSA"},
{ERR_FUNC(SDF_F_SDF_GENERATERANDOM), "SDF_GenerateRandom"},
{ERR_FUNC(SDF_F_SDF_GETDEVICEINFO), "SDF_GetDeviceInfo"},
{ERR_FUNC(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT),
"SDF_GetPrivateKeyAccessRight"},
{ERR_FUNC(SDF_F_SDF_GET_CIPHER), "sdf_get_cipher"},
{ERR_FUNC(SDF_F_SDF_GET_DIGEST), "sdf_get_digest"},
{ERR_FUNC(SDF_F_SDF_HASHFINAL), "SDF_HashFinal"},
{ERR_FUNC(SDF_F_SDF_HASHINIT), "SDF_HashInit"},
{ERR_FUNC(SDF_F_SDF_HASHUPDATE), "SDF_HashUpdate"},
{ERR_FUNC(SDF_F_SDF_IMPORTKEY), "SDF_ImportKey"},
{ERR_FUNC(SDF_F_SDF_IMPORTKEYWITHISK_ECC), "SDF_ImportKeyWithISK_ECC"},
{ERR_FUNC(SDF_F_SDF_IMPORTKEYWITHISK_RSA), "SDF_ImportKeyWithISK_RSA"},
{ERR_FUNC(SDF_F_SDF_INTERNALDECRYPT_ECC), "SDF_InternalDecrypt_ECC"},
{ERR_FUNC(SDF_F_SDF_INTERNALENCRYPT_ECC), "SDF_InternalEncrypt_ECC"},
{ERR_FUNC(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA),
"SDF_InternalPrivateKeyOperation_RSA"},
{ERR_FUNC(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA),
"SDF_InternalPublicKeyOperation_RSA"},
{ERR_FUNC(SDF_F_SDF_INTERNALSIGN_ECC), "SDF_InternalSign_ECC"},
{ERR_FUNC(SDF_F_SDF_INTERNALVERIFY_ECC), "SDF_InternalVerify_ECC"},
{ERR_FUNC(SDF_F_SDF_LOAD_EC_PRIVATE_KEY), "sdf_load_ec_private_key"},
{ERR_FUNC(SDF_F_SDF_LOAD_EC_PUBLIC_KEY), "sdf_load_ec_public_key"},
{ERR_FUNC(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY), "sdf_load_rsa_private_key"},
{ERR_FUNC(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY), "sdf_load_rsa_public_key"},
{ERR_FUNC(SDF_F_SDF_OPENDEVICE), "SDF_OpenDevice"},
{ERR_FUNC(SDF_F_SDF_OPENSESSION), "SDF_OpenSession"},
{ERR_FUNC(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT),
"SDF_ReleasePrivateKeyAccessRight"},
{0, NULL}
};
static ERR_STRING_DATA SDF_str_reasons[] = {
{ERR_REASON(SDF_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SDF_R_BUUTER_TOO_SMALL), "buuter too small"},
{ERR_REASON(SDF_R_CBCMAC_FAILURE), "cbcmac failure"},
{ERR_REASON(SDF_R_CMAC_FAILURE), "cmac failure"},
{ERR_REASON(SDF_R_COMPUTE_SM2_ID_FAILURE), "compute sm2 id failure"},
{ERR_REASON(SDF_R_ENGINE_LOAD_KEY_FAILURE), "engine load key failure"},
{ERR_REASON(SDF_R_GET_PRIVATE_KEY_FAILED), "get private key failed"},
{ERR_REASON(SDF_R_GET_PUBLIC_KEY_FAILED), "get public key failed"},
{ERR_REASON(SDF_R_INVALID_ALGOR), "invalid algor"},
{ERR_REASON(SDF_R_INVALID_DEVICE_HANDLE), "invalid device handle"},
{ERR_REASON(SDF_R_INVALID_EC_CIPHERTEXT), "invalid ec ciphertext"},
{ERR_REASON(SDF_R_INVALID_EC_PRIVATE_KEY), "invalid ec private key"},
{ERR_REASON(SDF_R_INVALID_EC_PUBLIC_KEY), "invalid ec public key"},
{ERR_REASON(SDF_R_INVALID_INPUT_LENGTH), "invalid input length"},
{ERR_REASON(SDF_R_INVALID_KEY_HANDLE), "invalid key handle"},
{ERR_REASON(SDF_R_INVALID_KEY_INDEX), "invalid key index"},
{ERR_REASON(SDF_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_REASON(SDF_R_INVALID_KEY_USAGE), "invalid key usage"},
{ERR_REASON(SDF_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(SDF_R_INVALID_OPERATION_STATE), "invalid operation state"},
{ERR_REASON(SDF_R_INVALID_PASSWORD_LENGTH), "invalid password length"},
{ERR_REASON(SDF_R_INVALID_SESSION), "invalid session"},
{ERR_REASON(SDF_R_INVALID_SESSION_HANDLE), "invalid session handle"},
{ERR_REASON(SDF_R_KEY_TYPE_NOT_MATCH), "key type not match"},
{ERR_REASON(SDF_R_LOAD_ENGINE_FAILURE), "load engine failure"},
{ERR_REASON(SDF_R_RANDOM_FAILURE), "random failure"},
{ERR_REASON(SDF_R_SDF_SESSION_NO_ENGINE), "sdf session no engine"},
{0, NULL}
};
#endif
int ERR_load_SDF_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SDF_str_functs[0].error) == NULL) {
ERR_load_strings(0, SDF_str_functs);
ERR_load_strings(0, SDF_str_reasons);
}
#endif
return 1;
}

99
crypto/sdf/sdf_errstr.c
View File

@@ -1,99 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include <openssl/sdf.h>
#include "../../e_os.h"
static ERR_STRING_DATA sdf_errstr[] = {
{ SDR_OK, "Success" },
{ SDR_BASE, "Base" },
{ SDR_UNKNOWERR, "Unknown error" },
{ SDR_NOTSUPPORT, "Not supported" },
{ SDR_COMMFAIL, "Commnunication failure" },
{ SDR_HARDFAIL, "Hardware failure" },
{ SDR_OPENDEVICE, "Open device" },
{ SDR_OPENSESSION, "Open session" },
{ SDR_PARDENY, "Private key access denied (for index 0)" },
{ SDR_KEYNOTEXIST, "Key not exist" },
{ SDR_ALGNOTSUPPOT, "Algorithm not supported" },
{ SDR_ALGMODNOTSUPPORT, "Algorithm mode not supported" },
{ SDR_PKOPERR, "Public key operation error" },
{ SDR_SKOPERR, "Private key operation error" },
{ SDR_SIGNERR, "Signature generation error" },
{ SDR_VERIFYERR, "Singature verification error" },
{ SDR_SYMOPERR, "Symmetric encryption error" },
{ SDR_STEPERR, "Multi-step operation error" },
{ SDR_FILESIZEERR, "File size error" },
{ SDR_FILENOEXIST, "File not exist" },
{ SDR_FILEOFSERR, "File offset error" },
{ SDR_KEYTYPEERR, "Key type error" },
{ SDR_KEYERR, "Key error" },
{ SDR_ENCDATAERR, "ECC encrypted data error" },
{ SDR_RANDERR, "Random number generator error" },
{ SDR_PRKRERR, "Private key privilege error" },
{ SDR_MACERR, "MAC computation error" },
{ SDR_FILEEXSITS, "File already exist" },
{ SDR_FILEWERR, "File write error" },
{ SDR_NOBUFFER, "No buffer" },
{ SDR_INARGERR, "Input argument error" },
{ SDR_OUTARGERR, "Output argument error" },
};
const char *SDF_GetErrorString(int err)
{
int i;
for (i = 0; i < OSSL_NELEM(sdf_errstr); i++) {
if (err == sdf_errstr[i].error) {
return sdf_errstr[i].string;
}
}
return "(undef)";
}

238
crypto/sdf/sdf_ext.c
View File

@@ -1,238 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/gmsdf.h>
#include <openssl/gmapi.h>
#include "sdf_lcl.h"
int SDF_PrintDeviceInfo(FILE *fp, DEVICEINFO *devInfo)
{
char issuerName[41];
char deviceName[17];
char deviceSerial[17];
/* IssuerName */
memcpy(issuerName, devInfo->IssuerName, 40);
issuerName[40] = 0;
fprintf(fp, "IssuerName = %s\n", issuerName);
/* DeviceName */
memcpy(deviceName, devInfo->DeviceName, 16);
deviceName[16] = 0;
fprintf(fp, "DeviceName = %s\n", deviceName);
/* DeviceSerial */
memcpy(deviceSerial, devInfo->DeviceSerial, 16);
deviceSerial[16] = 0;
fprintf(fp, "DeviceSerial = %s\n", deviceSerial);
/* DeviceVersion */
fprintf(fp, "DeviceVersion = 0x%08X\n", devInfo->DeviceVersion);
/* StandardVersion */
fprintf(fp, "StandardVersion = 0x%08X\n", devInfo->StandardVersion);
/* AsymAlgAbility */
fputs("AsymAlgAbility[0] =", fp);
if (devInfo->AsymAlgAbility[0] & SGD_RSA) {
fputs(" RSA", fp);
}
if (devInfo->AsymAlgAbility[0] & SGD_SM2) {
fputs(" SM2", fp);
}
fputs("\n", fp);
fprintf(fp, "AsymAlgAbility[1] = 0x%08X\n", devInfo->AsymAlgAbility[1]);
/* SymAlgAbility */
fputs("SymAlgAbility =", fp);
if (devInfo->SymAlgAbility & SGD_SM1)
fputs(" SM1", fp);
if (devInfo->SymAlgAbility & SGD_SSF33)
fputs(" SSF33", fp);
if (devInfo->SymAlgAbility & SGD_SM4)
fputs(" SM4", fp);
if (devInfo->SymAlgAbility & SGD_ZUC)
fputs(" ZUC", fp);
fputs("\n", fp);
/* HashAlgAbility */
fputs("HashAlgAbility =", fp);
if (devInfo->HashAlgAbility & SGD_SM3)
fputs(" SM3", fp);
if (devInfo->HashAlgAbility & SGD_SHA1)
fputs(" SHA1", fp);
if (devInfo->HashAlgAbility & SGD_SHA256)
fputs(" SHA256", fp);
fputs("\n", fp);
/* BufferSize */
fprintf(fp, "BufferSize = %u\n", devInfo->BufferSize);
return SDR_OK;
}
int SDF_PrintRSAPublicKey(FILE *fp, RSArefPublicKey *pk)
{
int i;
/* bits */
(void)fprintf(fp, "bits = %u\n", pk->bits);
/* m */
(void)fputs("m = ", fp);
for (i = 0; i < RSAref_MAX_LEN; i++) {
(void)fprintf(fp, "%02X", pk->m[i]);
}
(void)fputs("\n", fp);
/* e */
(void)fputs("e = ", fp);
for (i = 0; i < RSAref_MAX_LEN; i++) {
(void)fprintf(fp, "%02X", pk->e[i]);
}
(void)fputs("\n", fp);
return 1;
}
int SDF_PrintRSAPrivateKey(FILE *fp, RSArefPrivateKey *sk)
{
return 0;
}
int SDF_PrintECCPublicKey(FILE *fp, ECCrefPublicKey *pk)
{
int i;
/* bits */
(void)fprintf(fp, "bits = %u\n", pk->bits);
/* x */
(void)fputs("x = ", fp);
for (i = 0; i < ECCref_MAX_LEN; i++) {
(void)fprintf(fp, "%02X", pk->x[i]);
}
(void)fputs("\n", fp);
/* y */
(void)fputs("y = ", fp);
for (i = 0; i < ECCref_MAX_LEN; i++) {
(void)fprintf(fp, "%02X", pk->y[i]);
}
(void)fputs("\n", fp);
return 1;
}
int SDF_PrintECCPrivateKey(FILE *fp, ECCrefPrivateKey *pk)
{
return 0;
}
int SDF_PrintECCCipher(FILE *fp, ECCCipher *cipher)
{
int i;
/* x */
(void)fputs("x = ", fp);
for (i = 0; i < ECCref_MAX_LEN; i++) {
(void)fprintf(fp, "%02X", cipher->x[i]);
}
(void)fputs("\n", fp);
/* y */
(void)fputs("y = ", fp);
for (i = 0; i < ECCref_MAX_LEN; i++) {
(void)fprintf(fp, "%02X", cipher->y[i]);
}
(void)fputs("\n", fp);
/* M */
(void)fputs("M = ", fp);
for (i = 0; i < 32; i++) {
(void)fprintf(fp, "%02X", cipher->M[i]);
}
(void)fputs("\n", fp);
/* L */
(void)fprintf(fp, "L = %u\n", cipher->L);
/* C */
for (i = 0; i < cipher->L; i++) {
(void)fprintf(fp, "%02X", cipher->C[i]);
}
(void)fputs("\n", fp);
return 1;
}
int SDF_PrintECCSignature(FILE *fp, ECCSignature *sig)
{
int i;
/* r */
(void)fputs("r = ", fp);
for (i = 0; i < ECCref_MAX_LEN; i++) {
(void)fprintf(fp, "%02X", sig->r[i]);
}
(void)fputs("\n", fp);
/* s */
(void)fputs("s = ", fp);
for (i = 0; i < ECCref_MAX_LEN; i++) {
(void)fprintf(fp, "%02X", sig->s[i]);
}
(void)fputs("\n", fp);
return 1;
}

89
crypto/sdf/sdf_file.c
View File

@@ -1,89 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/gmsdf.h>
int SDF_CreateFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiFileSize)
{
return SDR_NOTSUPPORT;
}
int SDF_ReadFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int *puiReadLength,
unsigned char *pucBuffer)
{
return SDR_NOTSUPPORT;
}
int SDF_WriteFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int uiWriteLength,
unsigned char *pucBuffer)
{
return SDR_NOTSUPPORT;
}
int SDF_DeleteFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen)
{
return SDR_NOTSUPPORT;
}

217
crypto/sdf/sdf_hash.c
View File

@@ -1,217 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/sm2.h>
#include <openssl/gmsdf.h>
#include "sdf_lcl.h"
int SDF_HashInit(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucID,
unsigned int uiIDLength)
{
int ret = SDR_UNKNOWERR;
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
EVP_MD_CTX *md_ctx = NULL;
const EVP_MD *md;
/* check arguments */
if (!hSessionHandle) {
SDFerr(SDF_F_SDF_HASHINIT, ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (pucID && (uiIDLength <= 0 || uiIDLength > INT_MAX)) {
SDFerr(SDF_F_SDF_HASHINIT, SDF_R_INVALID_LENGTH);
return SDR_INARGERR;
}
if (session->md_ctx) {
SDFerr(SDF_F_SDF_HASHINIT, SDF_R_INVALID_OPERATION_STATE);
return SDR_INARGERR;
}
if (!(md = EVP_get_digestbysgd(uiAlgID))) {
SDFerr(SDF_F_SDF_HASHINIT, SDF_R_INVALID_ALGOR);
return SDR_INARGERR;
}
/* malloc and init */
if (!(md_ctx = EVP_MD_CTX_new())) {
SDFerr(SDF_F_SDF_HASHINIT, ERR_R_MALLOC_FAILURE);
ret = SDR_NOBUFFER;
goto end;
}
if (!EVP_DigestInit_ex(md_ctx, md, session->engine)) {
SDFerr(SDF_F_SDF_HASHINIT, ERR_R_EVP_LIB);
ret = SDR_UNKNOWERR;
goto end;
}
/* compute ZA and update */
if (pucPublicKey) {
EC_KEY *ec_key = NULL;
unsigned char za[EVP_MAX_MD_SIZE];
size_t zalen = sizeof(za);
char *id;
size_t idlen;
if (pucID) {
id = (char *)pucID;
idlen = uiIDLength;
} else {
id = SM2_DEFAULT_ID;
idlen = strlen(SM2_DEFAULT_ID);
}
if (!(ec_key = EC_KEY_new_from_ECCrefPublicKey(pucPublicKey))) {
SDFerr(SDF_F_SDF_HASHINIT, ERR_R_GMAPI_LIB);
ret = SDR_INARGERR;
goto end;
}
if (!SM2_compute_id_digest(md, id, idlen, za, &zalen, ec_key)) {
SDFerr(SDF_F_SDF_HASHINIT,
SDF_R_COMPUTE_SM2_ID_FAILURE);
ret = SDR_UNKNOWERR;
EC_KEY_free(ec_key);
goto end;
}
EC_KEY_free(ec_key);
if (!EVP_DigestUpdate(md_ctx, za, zalen)) {
SDFerr(SDF_F_SDF_HASHINIT, ERR_R_EVP_LIB);
ret = SDR_UNKNOWERR;
goto end;
}
}
session->md_ctx = md_ctx;
md_ctx = NULL;
ret = SDR_OK;
end:
EVP_MD_CTX_free(md_ctx);
return ret;
}
int SDF_HashUpdate(
void *hSessionHandle,
unsigned char *pucData,
unsigned int uiDataLength)
{
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
/* check arguments */
if (!hSessionHandle || !pucData) {
SDFerr(SDF_F_SDF_HASHUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (session->magic != SDF_SESSION_MAGIC) {
SDFerr(SDF_F_SDF_HASHUPDATE, SDF_R_INVALID_SESSION);
return SDR_INARGERR;
}
if (!session->md_ctx) {
SDFerr(SDF_F_SDF_HASHUPDATE, SDF_R_INVALID_OPERATION_STATE);
return SDR_INARGERR;
}
/* update */
if (!EVP_DigestUpdate(session->md_ctx, pucData, (size_t)uiDataLength)) {
SDFerr(SDF_F_SDF_HASHUPDATE, ERR_R_EVP_LIB);
return SDR_UNKNOWERR;
}
return SDR_OK;
}
int SDF_HashFinal(
void *hSessionHandle,
unsigned char *pucHash,
unsigned int *puiHashLength)
{
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
/* check arguments */
if (!hSessionHandle || !pucHash || !puiHashLength) {
SDFerr(SDF_F_SDF_HASHFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (session->magic != SDF_SESSION_MAGIC) {
SDFerr(SDF_F_SDF_HASHFINAL, SDF_R_INVALID_SESSION);
return SDR_INARGERR;
}
if (!session->md_ctx) {
SDFerr(SDF_F_SDF_HASHFINAL,
SDF_R_INVALID_OPERATION_STATE);
return SDR_INARGERR;
}
if (*puiHashLength < EVP_MD_CTX_size(session->md_ctx)) {
SDFerr(SDF_F_SDF_HASHFINAL, SDF_R_BUFFER_TOO_SMALL);
return SDR_INARGERR;
}
/* digest final */
if (!EVP_DigestFinal_ex(session->md_ctx, pucHash, puiHashLength)) {
SDFerr(SDF_F_SDF_HASHFINAL, ERR_R_EVP_LIB);
return SDR_UNKNOWERR;
}
/* note: only success, the md_ctx can be free-ed */
EVP_MD_CTX_free(session->md_ctx);
session->md_ctx = NULL;
return SDR_OK;
}

97
crypto/sdf/sdf_key.c
View File

@@ -1,97 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* In the standard GM/T 0018, the value of `uiKeyIndex` should start from 1,
* and the maximum value is defined by the vendor.
* The password length should be at least 8-byte.
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include "sdf_lcl.h"
int SDF_GenerateKeyWithKEK(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle)
{
return SDR_NOTSUPPORT;
}
int SDF_ImportKeyWithKEK(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle)
{
/* dont support this in GmSSL 2.x */
return SDR_NOTSUPPORT;
}
/* the destroy operation will always success! */
int SDF_DestroyKey(
void *hSessionHandle,
void *hKeyHandle)
{
SDF_KEY *key = (SDF_KEY *)hKeyHandle;
OPENSSL_clear_free(key, sizeof(*key));
return SDR_OK;
}

99
crypto/sdf/sdf_key2.c
View File

@@ -1,99 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include "sdf_lcl.h"
int SDF_ImportKey(
void *hSessionHandle,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle)
{
int ret = 0;
SDF_KEY *key = NULL;
/* check arguments */
if (!hSessionHandle || !pucKey || !phKeyHandle) {
SDFerr(SDF_F_SDF_IMPORTKEY,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (uiKeyLength <= 0 || uiKeyLength > EVP_MAX_KEY_LENGTH) {
SDFerr(SDF_F_SDF_IMPORTKEY,
SDF_R_INVALID_KEY_LENGTH);
return 0;
}
/* create object */
if (!(key = OPENSSL_zalloc(sizeof(*key)))) {
SDFerr(SDF_F_SDF_IMPORTKEY, ERR_R_MALLOC_FAILURE);
goto end;
}
/* copy key data */
memcpy(key->key, pucKey, uiKeyLength);
key->keylen = uiKeyLength;
/* set output */
*phKeyHandle = key;
key = NULL;
ret = SDR_OK;
end:
OPENSSL_clear_free(key, sizeof(*key));
return ret;
}

81
crypto/sdf/sdf_lcl.h
View File

@@ -1,81 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/e_os2.h>
extern char *deviceHandle;
#define SDF_ENGINE_ID "openssl"
#define SDF_SESSION_MAGIC 0x12345678
typedef struct {
uint32_t magic;
char *app;
ENGINE *engine;
char *password[SDF_MAX_KEY_INDEX];
EVP_MD_CTX *md_ctx;
} SDF_SESSION;
typedef struct {
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned int keylen;
} SDF_KEY;
const EVP_CIPHER *sdf_get_cipher(SDF_SESSION *session, unsigned int uiAlgoID);
const EVP_MD *sdf_get_digest(SDF_SESSION *session, unsigned int uiAlgoID);
EVP_PKEY *sdf_load_rsa_public_key(SDF_SESSION *session, unsigned int uiKeyIndex, unsigned int uiKeyUsage);
EVP_PKEY *sdf_load_rsa_private_key(SDF_SESSION *session, unsigned int uiKeyIndex, unsigned int uiKeyUsage);
EVP_PKEY *sdf_load_ec_public_key(SDF_SESSION *session, unsigned int uiKeyIndex, unsigned int uiKeyUsage);
EVP_PKEY *sdf_load_ec_private_key(SDF_SESSION *session, unsigned int uiKeyIndex, unsigned int uiKeyUsage);
int sdf_encode_ec_signature(ECCSignature *ref, unsigned char *out, size_t *outlen);
int sdf_decode_ec_signature(ECCSignature *ref, const unsigned char *in, size_t inlen);

327
crypto/sdf/sdf_lib.c
View File

@@ -1,327 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/sgd.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/gmsdf.h>
#include <openssl/gmapi.h>
#include "sdf_lcl.h"
/*
* We always get these objects from engine, hardware-based engine,
* software-based engine with storage, or just ossl default engine.
*/
const EVP_CIPHER *sdf_get_cipher(SDF_SESSION *session,
unsigned int uiAlgoID)
{
int nid;
if (!session->engine) {
SDFerr(SDF_F_SDF_GET_CIPHER,
SDF_R_SDF_SESSION_NO_ENGINE);
return NULL;
}
if ((nid = GMAPI_sgd2ciphernid(uiAlgoID)) == NID_undef) {
SDFerr(SDF_F_SDF_GET_CIPHER,
SDF_R_INVALID_ALGOR);
return NULL;
}
return ENGINE_get_cipher(session->engine, nid);
}
const EVP_MD *sdf_get_digest(SDF_SESSION *session,
unsigned int uiAlgoID)
{
int nid;
if (!session->engine) {
SDFerr(SDF_F_SDF_GET_DIGEST,
SDF_R_SDF_SESSION_NO_ENGINE);
return NULL;
}
if ((nid = GMAPI_sgd2mdnid(uiAlgoID)) == NID_undef) {
SDFerr(SDF_F_SDF_GET_DIGEST,
SDF_R_INVALID_ALGOR);
return NULL;
}
return ENGINE_get_digest(session->engine, nid);
}
/* we assume that the SDF ENGINE implementations follow the same design of
* the SKF key storage model: app/container/keyusage. And we assume the
* session is binded with app, the container is refered by key index, and
* the key usage is the same. So the `key_id` string used for ENGINE is as
* follows:
* "AppName/ContainerNameOrIndex/KeyUsage"
*/
//FIXME: we should change the following 4 functions into 1 and 4 macros
EVP_PKEY *sdf_load_rsa_public_key(SDF_SESSION *session,
unsigned int uiKeyIndex, unsigned int uiKeyUsage)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[256];
char *app = "";
char *usage;
if (!session->engine) {
SDFerr(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY,
SDF_R_SDF_SESSION_NO_ENGINE);
return NULL;
}
if (!(usage = GMAPI_keyusage2str(uiKeyUsage))) {
SDFerr(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY,
SDF_R_INVALID_KEY_USAGE);
return NULL;
}
snprintf(key_id, sizeof(key_id), "%s/%u/%s", app, uiKeyIndex, usage);
if (!(pkey = ENGINE_load_public_key(session->engine, key_id,
NULL, NULL))) {
SDFerr(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY,
SDF_R_ENGINE_LOAD_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) {
SDFerr(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY,
SDF_R_KEY_TYPE_NOT_MATCH);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}
EVP_PKEY *sdf_load_rsa_private_key(SDF_SESSION *session,
unsigned int uiKeyIndex, unsigned int uiKeyUsage)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[256];
char *app = "";
char *usage;
if (!session->engine) {
SDFerr(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY,
SDF_R_SDF_SESSION_NO_ENGINE);
return NULL;
}
if (!(usage = GMAPI_keyusage2str(uiKeyUsage))) {
SDFerr(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY,
SDF_R_INVALID_KEY_USAGE);
return NULL;
}
snprintf(key_id, sizeof(key_id), "%s/%u/%s", app, uiKeyIndex, usage);
if (!(pkey = ENGINE_load_private_key(session->engine, key_id,
NULL, NULL))) {
SDFerr(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY,
SDF_R_ENGINE_LOAD_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) {
SDFerr(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY,
SDF_R_KEY_TYPE_NOT_MATCH);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}
EVP_PKEY *sdf_load_ec_public_key(SDF_SESSION *session,
unsigned int uiKeyIndex, unsigned int uiKeyUsage)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[256];
char *app = "";
char *usage;
if (!session->engine) {
SDFerr(SDF_F_SDF_LOAD_EC_PUBLIC_KEY,
SDF_R_SDF_SESSION_NO_ENGINE);
return NULL;
}
if (!(usage = GMAPI_keyusage2str(uiKeyUsage))) {
SDFerr(SDF_F_SDF_LOAD_EC_PUBLIC_KEY,
SDF_R_INVALID_KEY_USAGE);
return NULL;
}
snprintf(key_id, sizeof(key_id), "%s/%u/%s", app, uiKeyIndex, usage);
if (!(pkey = ENGINE_load_public_key(session->engine, key_id,
NULL, NULL))) {
SDFerr(SDF_F_SDF_LOAD_EC_PUBLIC_KEY,
SDF_R_ENGINE_LOAD_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) {
SDFerr(SDF_F_SDF_LOAD_EC_PUBLIC_KEY,
SDF_R_KEY_TYPE_NOT_MATCH);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}
EVP_PKEY *sdf_load_ec_private_key(SDF_SESSION *session,
unsigned int uiKeyIndex, unsigned int uiKeyUsage)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[256];
char *app = "";
char *usage;
if (!session->engine) {
SDFerr(SDF_F_SDF_LOAD_EC_PRIVATE_KEY,
SDF_R_SDF_SESSION_NO_ENGINE);
return NULL;
}
if (!(usage = GMAPI_keyusage2str(uiKeyUsage))) {
SDFerr(SDF_F_SDF_LOAD_EC_PRIVATE_KEY,
SDF_R_INVALID_KEY_USAGE);
return NULL;
}
snprintf(key_id, sizeof(key_id), "%s/%u/%s", app, uiKeyIndex, usage);
if (!(pkey = ENGINE_load_private_key(session->engine, key_id,
NULL, NULL))) {
SDFerr(SDF_F_SDF_LOAD_EC_PRIVATE_KEY,
SDF_R_ENGINE_LOAD_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) {
SDFerr(SDF_F_SDF_LOAD_EC_PRIVATE_KEY,
SDF_R_KEY_TYPE_NOT_MATCH);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}
int sdf_encode_ec_signature(ECCSignature *ref, unsigned char *out,
size_t *outlen)
{
int ret = 0;
ECDSA_SIG *sig = NULL;
unsigned char *p;
int len;
if (!(sig = ECDSA_SIG_new_from_ECCSignature(ref))) {
SDFerr(SDF_F_SDF_ENCODE_EC_SIGNATURE, ERR_R_GMAPI_LIB);
goto end;
}
p = out;
if ((len = i2d_ECDSA_SIG(sig, &p)) <= 0) {
SDFerr(SDF_F_SDF_ENCODE_EC_SIGNATURE, ERR_R_EC_LIB);
goto end;
}
ret = 1;
end:
ECDSA_SIG_free(sig);
return ret;
}
int sdf_decode_ec_signature(ECCSignature *ref, const unsigned char *in,
size_t inlen)
{
int ret = 0;
ECDSA_SIG *sig = NULL;
const unsigned char *p;
p = in;
if (!(sig = d2i_ECDSA_SIG(NULL, &p, inlen))) {
SDFerr(SDF_F_SDF_DECODE_EC_SIGNATURE, ERR_R_EC_LIB);
goto end;
}
if (!ECDSA_SIG_get_ECCSignature(sig, ref)) {
SDFerr(SDF_F_SDF_DECODE_EC_SIGNATURE, ERR_R_GMAPI_LIB);
goto end;
}
ret = 1;
end:
ECDSA_SIG_free(sig);
return ret;
}

131
crypto/sdf/sdf_mac.c
View File

@@ -1,131 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsdf.h>
#include "sdf_lcl.h"
int SDF_CalculateMAC(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucMAC,
unsigned int *puiMACLength)
{
int ret = SDR_UNKNOWERR;
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
SDF_KEY *key = (SDF_KEY *)hKeyHandle;
CMAC_CTX *ctx = NULL;
const EVP_CIPHER *cipher;
size_t siz;
/* check arguments, omit the useless pucIV in CBC-MAC */
if (!hSessionHandle || !hKeyHandle || !pucData ||
!pucMAC || !puiMACLength) {
SDFerr(SDF_F_SDF_CALCULATEMAC,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_UNKNOWERR;
}
/* the CBC-MAC API accept size_t input length, but we don't
* know whether future MAC implementation will change this */
if (uiDataLength <= 0 || uiDataLength > INT_MAX) {
SDFerr(SDF_F_SDF_CALCULATEMAC,
SDF_R_INVALID_INPUT_LENGTH);
return SDR_UNKNOWERR;
}
/* parse arguments */
if (!(cipher = sdf_get_cipher(hSessionHandle, uiAlgID))) {
SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_INVALID_ALGOR);
goto end;
}
if (key->keylen != EVP_CIPHER_key_length(cipher)) {
SDFerr(SDF_F_SDF_CALCULATEMAC,
SDF_R_INVALID_KEY_HANDLE);
goto end;
}
if (*puiMACLength < EVP_CIPHER_block_size(cipher)) {
SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_BUUTER_TOO_SMALL);
goto end;
}
/* generate mac */
if (!(ctx = CMAC_CTX_new())) {
SDFerr(SDF_F_SDF_CALCULATEMAC, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!CMAC_Init(ctx, key->key, key->keylen, cipher, session->engine)) {
SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_CMAC_FAILURE);
goto end;
}
if (!CMAC_Update(ctx, pucData, (size_t)uiDataLength)) {
SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_CMAC_FAILURE);
goto end;
}
if (!CMAC_Final(ctx, pucMAC, &siz)) {
SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_CMAC_FAILURE);
goto end;
}
*puiMACLength = (unsigned int)siz;
ret = SDR_OK;
end:
CMAC_CTX_free(ctx);
return ret;
}

95
crypto/sdf/sdf_rand.c
View File

@@ -1,95 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/e_os2.h>
#include <openssl/gmsdf.h>
#include "sdf_lcl.h"
int SDF_GenerateRandom(
void *hSessionHandle,
unsigned int uiLength,
unsigned char *pucRandom)
{
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
if (!hSessionHandle || !pucRandom) {
SDFerr(SDF_F_SDF_GENERATERANDOM,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (uiLength > INT_MAX) {
SDFerr(SDF_F_SDF_GENERATERANDOM, SDF_R_INVALID_LENGTH);
return SDR_INARGERR;
}
#ifndef OPENSSL_NO_ENGINE
/* try to use the hardware random generator */
if (session->engine) {
if (!RAND_set_rand_engine(session->engine)) {
//SDFerr(SDF_F_SDF_GENERATERANDOM, ERR_R_RAND_LIB);
return SDR_UNKNOWERR;
}
}
#endif
if (!RAND_bytes(pucRandom, (int)uiLength)) {
SDFerr(SDF_F_SDF_GENERATERANDOM, SDF_R_RANDOM_FAILURE);
return SDR_RANDERR;
}
return SDR_OK;
}

570
crypto/sdf/sdf_rsa.c
View File

@@ -1,570 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include <openssl/gmsdf.h>
#include <openssl/gmapi.h>
#include "sdf_lcl.h"
/* As there are two APIs for export signing key and decryption key, this
* means that keys with different usage can be referenced by the same
* `uiKeyIndex`, and `uiKeyIndex` is the index of a key container.
*/
int SDF_ExportSignPublicKey_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
unsigned int uiKeyUsage = 0;
if (!hSessionHandle || !pucPublicKey) {
SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(pkey = sdf_load_rsa_public_key((SDF_SESSION *)hSessionHandle,
uiKeyIndex, uiKeyUsage))) {
SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA, ERR_R_GMAPI_LIB);
goto end;
}
if (!RSA_get_RSArefPublicKey(EVP_PKEY_get0_RSA(pkey), pucPublicKey)) {
SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA, ERR_R_GMAPI_LIB);
goto end;
}
ret = SDR_OK;
end:
EVP_PKEY_free(pkey);
return ret;
}
int SDF_ExportEncPublicKey_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
unsigned int uiKeyUsage = 1; //FIXME
if (!hSessionHandle || !pucPublicKey) {
SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(pkey = sdf_load_rsa_public_key((SDF_SESSION *)hSessionHandle,
uiKeyIndex, uiKeyUsage))) {
SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA, ERR_R_GMAPI_LIB);
goto end;
}
if (!RSA_get_RSArefPublicKey(EVP_PKEY_get0_RSA(pkey), pucPublicKey)) {
SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA, ERR_R_GMAPI_LIB);
goto end;
}
ret = SDR_OK;
end:
EVP_PKEY_free(pkey);
return ret;
}
/*
* Generate RSA key pair.
* The MAX RSA bits is defined as 2048 in GM/T 0018-2012. As 1024 is not very
* secure, applications should always use 2048-bit. Use 1024-bit only for
* legacy applications.
*/
int SDF_GenerateKeyPair_RSA(
void *hSessionHandle, /* not used */
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
RSArefPrivateKey *pucPrivateKey)
{
int ret = 0;
RSA *rsa = NULL;
if (!hSessionHandle || !pucPublicKey || !pucPrivateKey) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(rsa = RSA_new())) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA,
ERR_R_MALLOC_FAILURE);
goto end;
}
if (!RSA_generate_key_ex(rsa, uiKeyBits, NULL, NULL)) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA, ERR_R_RSA_LIB);
goto end;
}
if (!RSA_get_RSArefPublicKey(rsa, pucPublicKey)) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA, ERR_R_GMAPI_LIB);
goto end;
}
if (!RSA_get_RSArefPrivateKey(rsa, pucPrivateKey)) {
SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA, ERR_R_GMAPI_LIB);
goto end;
}
ret = SDR_OK;
end:
RSA_free(rsa);
return ret;
}
/*
* In a cryptographic API the symmetric keys (and otehr keys) can be
* classified into session keys and storage keys. The storage keys will be
* persistantly stored in the secure storage of a cryptograhic hardware
* device. While the session keys only exist in the session period, after
* the session is finished, it will be destroyed even if the symmetric key
* operations are performed inside the hardware.
*
* The `gmapi` module only support session keys.
*/
/*
* In the current version of GmSSL (2.x), the session keys will be kept in
* the host memory intead of the cryptographic hardware's internal memory.
* So the key handle will suffer memory attacks.
*/
/*
* Generate a symmetric key with bit length `uiKeyBits`, encrypt the key data
* with an internal RSA public key with index `uiIPKIndex`, output the
* encrypted key data to buffer `pucKey` and length `puiKeyLength`, also return
* the handle of the generated key `phKeyHandle`.
*/
/* generate session key and encrypt with internal public key */
int SDF_GenerateKeyWithIPK_RSA(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits, /* generate key length */
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle)
{
int ret = 0;
SDF_KEY *hkey = NULL;
if (!hSessionHandle || !pucKey || !puiKeyLength || !phKeyHandle) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (uiKeyBits <= 0 || uiKeyBits % 8 || uiKeyBits > EVP_MAX_KEY_LENGTH) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_RSA,
SDF_R_INVALID_KEY_LENGTH);
return 0;
}
if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_RSA,
ERR_R_MALLOC_FAILURE);
return 0;
}
if ((ret = SDF_InternalPublicKeyOperation_RSA(
hSessionHandle,
uiIPKIndex,
hkey->key,
hkey->keylen,
pucKey,
puiKeyLength)) != SDR_OK) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_RSA, ERR_R_GMAPI_LIB);
goto end;
}
*phKeyHandle = hkey;
hkey = NULL;
ret = SDR_OK;
end:
OPENSSL_clear_free(hkey, sizeof(*hkey));
return ret;
}
/*
* Generate a symmetric key with bit length `uiKeyBits`, encrypt the key data
* with an external RSA public key with data `pucPublicKey` in format
* `RSArefPublickey`, output the encrypted key data to buffer `pucKey` and
* length `puiKeyLength`, also return the handle `phKeyHandle` of the generated
* key.
*/
int SDF_GenerateKeyWithEPK_RSA(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle)
{
int ret = 0;
SDF_KEY *key = NULL;
if (!hSessionHandle || !pucPublicKey || !pucKey || !puiKeyLength ||
!phKeyHandle) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (uiKeyBits <= 0 || uiKeyBits % 8 || uiKeyBits >
EVP_MAX_KEY_LENGTH) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_RSA,
SDF_R_INVALID_KEY_LENGTH);
return 0;
}
if (!(key = OPENSSL_zalloc(sizeof(*key)))) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_RSA,
ERR_R_MALLOC_FAILURE);
goto end;
}
if ((ret = SDF_ExternalPublicKeyOperation_RSA(
hSessionHandle,
pucPublicKey,
key->key,
key->keylen,
pucKey,
puiKeyLength)) != SDR_OK) {
SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_RSA, ERR_R_GMAPI_LIB);
goto end;
}
*phKeyHandle = key;
key = NULL;
ret = SDR_OK;
end:
OPENSSL_clear_free(key, sizeof(*key));
return ret;
}
/*
* Import the encrypted key generated from `SDF_GenerateKeyWithIPK_RSA` to the
* session context, the internal RSA key index `uiISKIndex` should be the same
* index of the parameter `uiIPKIndex` of `SDF_GenerateKeyWithIPK_RSA`.
*/
/* Import session key `pucKey` encrypted by the internal public key indexed
* by `uiISKIndex`. As there are no session key in device, we need to
* decrypt the `pucKey` with the internal key `uiISKIndex`.
*/
int SDF_ImportKeyWithISK_RSA(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle)
{
int ret = 0;
SDF_KEY *key = NULL;
if (!hSessionHandle || !pucKey || !phKeyHandle) {
SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(key = OPENSSL_zalloc(sizeof(*key)))) {
SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_RSA,
ERR_R_MALLOC_FAILURE);
goto end;
}
key->keylen = EVP_MAX_KEY_LENGTH;
if ((ret = SDF_InternalPrivateKeyOperation_RSA(
hSessionHandle,
uiISKIndex,
pucKey,
uiKeyLength,
key->key,
&key->keylen)) != SDR_OK) {
SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_RSA, ERR_R_GMAPI_LIB);
goto end;
}
*phKeyHandle = key;
key = NULL;
ret = SDR_OK;
end:
OPENSSL_clear_free(key, sizeof(*key));
return ret;
}
/*
* Convert internal public key encrypted symmetric key into ciphertext
* encrypted by external public key. The input `pucDEInput` is the symmetric
* key encrypted by internal public key `uiKeyIndex`. The output `pucDEOutput`
* is encrypted under the external public key `pucPublicKey`.
*
* Note: This function is very dangerous. It convert a well protected symmetric
* key into a state with security unknown. If the external private key is not
* well protected, this function is the same as to unwrap of the symmetric key
* and output the plaintext.
*/
/*
* convert the `pucDEInput` encrypted by internal RSA public key
* `uiKeyIndex` to `pucDEOutput` encrypted by the external RSA public key
* `pucPublicKey`
*/
int SDF_ExchangeDigitEnvelopeBaseOnRSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDEInput,
unsigned int uiDELength,
unsigned char *pucDEOutput,
unsigned int *puiDELength)
{
return 0;
}
int SDF_ExternalPublicKeyOperation_RSA(
void *hSessionHandle,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength)
{
int ret = 0;
RSA *rsa = NULL;
int outlen;
if (!hSessionHandle || !pucPublicKey || !pucDataInput ||
!pucDataOutput || !puiOutputLength) {
SDFerr(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(rsa = RSA_new_from_RSArefPublicKey(pucPublicKey))) {
SDFerr(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA,
ERR_R_GMAPI_LIB);
goto end;
}
if ((outlen = RSA_public_encrypt((int)uiInputLength, pucDataInput,
pucDataOutput, rsa, RSA_NO_PADDING)) < 0) {
SDFerr(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA,
ERR_R_RSA_LIB);
goto end;
}
*puiOutputLength = (unsigned int)outlen;
ret = SDR_OK;
end:
RSA_free(rsa);
return ret;
}
/*
* The RSA Operations include
* `SDF_ExternalPublicKeyOperation_RSA`
* `SDF_InternalPublicKeyOperation_RSA`
* `SDF_InternalPrivateKeyOperation_RSA`
*
* Noramlly RSA operations should be working with some padding methods, such
* as PKCS #1 OAEP padding or PSS padding. As the SDF API does not provide any
* parameter to set padding method, and it is neither specified in the GM/T
* 0018-2012 standard, application developers need to ask the vendor or try
* testing. The GmSSL SDF implementation will always try to use the PKCS #1
* padding, but the underlying ENGINEs might not support this padding options.
*
* It should be noted that the SDF API does not support external private key
* operations.
*/
int SDF_ExternalPrivateKeyOperation_RSA(
void *hSessionHandle,
RSArefPrivateKey *pucPrivateKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength)
{
int ret = 0;
RSA *rsa = NULL;
int outlen;
if (!hSessionHandle || !pucPrivateKey || !pucDataInput ||
!pucDataOutput || !puiOutputLength) {
SDFerr(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(rsa = RSA_new_from_RSArefPrivateKey(pucPrivateKey))) {
SDFerr(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA,
ERR_R_GMAPI_LIB);
goto end;
}
if ((outlen = RSA_private_decrypt((int)uiInputLength, pucDataInput,
pucDataOutput, rsa, RSA_NO_PADDING)) < 0) {
SDFerr(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA,
ERR_R_RSA_LIB);
goto end;
}
*puiOutputLength = (unsigned int)outlen;
ret = SDR_OK;
end:
RSA_free(rsa);
return ret;
}
int SDF_InternalPublicKeyOperation_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
int outlen;
unsigned int uiKeyUsage = -12345; //FIXME: which key should we use?
if (!hSessionHandle || !pucDataInput || !pucDataOutput ||
!puiOutputLength) {
SDFerr(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(pkey = sdf_load_rsa_public_key((SDF_SESSION *)hSessionHandle,
uiKeyIndex, uiKeyUsage))) {
SDFerr(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA,
ERR_R_GMAPI_LIB);
goto end;
}
if ((outlen = RSA_public_encrypt((int)uiInputLength, pucDataInput,
pucDataOutput, EVP_PKEY_get0_RSA(pkey), RSA_NO_PADDING)) < 0) {
SDFerr(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA,
ERR_R_RSA_LIB);
goto end;
}
*puiOutputLength = (unsigned int)outlen;
ret = SDR_OK;
end:
EVP_PKEY_free(pkey);
return ret;
}
int SDF_InternalPrivateKeyOperation_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
int outlen;
unsigned int uiKeyUsage; //FIXME
if (!hSessionHandle || !pucDataInput || !pucDataOutput ||
!puiOutputLength) {
SDFerr(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(pkey = sdf_load_rsa_private_key((SDF_SESSION *)hSessionHandle,
uiKeyIndex, uiKeyUsage))) {
SDFerr(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA,
ERR_R_GMAPI_LIB);
goto end;
}
if ((outlen = RSA_private_decrypt(uiInputLength, pucDataInput,
pucDataOutput, EVP_PKEY_get0_RSA(pkey), RSA_NO_PADDING)) < 0) {
SDFerr(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA,
ERR_R_RSA_LIB);
goto end;
}
*puiOutputLength = (unsigned int)outlen;
ret = SDR_OK;
end:
EVP_PKEY_free(pkey);
return ret;
}

237
crypto/sdf/sdf_session.c
View File

@@ -1,237 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmsdf.h>
#include <openssl/engine.h>
#include "sdf_lcl.h"
/*
* Unlike the `SDF_OpenDevice`, we always assume that the `SDF_OpenSession` can
* be called multiple times, and the implementation will always return a new
* session handle on success. But noramlly the hardware and the software can
* only support limited sessions, so this function can also failed.
*
* For portability, the application should assume that only one cryptographic
* operation can be processed over one session. For example, do not mix
* symmetric encryption and hash functions over the same session. The
* implementation might support multiple operations, check the vendor's manual.
*/
/*
* there are two purpose for session:
* (1) hold session information
* (2) a reference to ENGINE
*/
/*
typedef struct {
uint32_t magic;
char *app;
ENGINE *engine;
char *passwords[SDF_MAX_KEY_INDEX];
EVP_MD_CTX *md_ctx;
} SDF_SESSION;
*/
int SDF_OpenSession(
void *hDeviceHandle,
void **phSessionHandle)
{
int ret = SDR_UNKNOWERR;
SDF_SESSION *session = NULL;
if (!hDeviceHandle || !phSessionHandle) {
SDFerr(SDF_F_SDF_OPENSESSION, ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (hDeviceHandle != deviceHandle) {
SDFerr(SDF_F_SDF_OPENSESSION, SDF_R_INVALID_DEVICE_HANDLE);
return SDR_INARGERR;
}
if (!(session = OPENSSL_zalloc(sizeof(*session)))) {
SDFerr(SDF_F_SDF_OPENSESSION, ERR_R_MALLOC_FAILURE);
ret = SDR_NOBUFFER;
goto end;
}
session->magic = SDF_SESSION_MAGIC;
#ifndef OPENSSL_NO_ENGINE
if (!(session->engine = ENGINE_by_id(SDF_ENGINE_ID))) {
SDFerr(SDF_F_SDF_OPENSESSION, SDF_R_LOAD_ENGINE_FAILURE);
ret = SDR_HARDFAIL;
goto end;
}
#endif
*phSessionHandle = session;
session = NULL;
ret = SDR_OK;
end:
OPENSSL_free(session);
return ret;
}
int SDF_CloseSession(
void *hSessionHandle)
{
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
int i;
if (!hSessionHandle) {
return SDR_OK;
}
if (session->magic != SDF_SESSION_MAGIC) {
SDFerr(SDF_F_SDF_CLOSESESSION, SDF_R_INVALID_SESSION);
return SDR_INARGERR;
}
#ifndef OPENSSL_NO_ENGINE
if (session->engine) {
ENGINE_finish(session->engine);
ENGINE_free(session->engine);
session->engine = NULL;
}
#endif
for (i = 0; i <= SDF_MAX_KEY_INDEX; i++) {
OPENSSL_clear_free(session->password[i],
strlen(session->password[i]));
session->password[i] = NULL;
}
OPENSSL_free(session);
return SDR_OK;
}
/* we try that the password is correct by `ENGINE_load_private_key`, then we
* destory the returned `EVP_PKEY` and keep the verified password in the
* session. We can use `UI_set_result` to pass the password to the ENGINE
*/
int SDF_GetPrivateKeyAccessRight(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucPassword,
unsigned int uiPwdLength)
{
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
EVP_PKEY *pkey = NULL;
char *key_id = NULL;
UI_METHOD *ui_meth = NULL;
void *cb_data = NULL;
if (!hSessionHandle || !pucPassword) {
SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (session->magic != SDF_SESSION_MAGIC) {
SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT,
SDF_R_INVALID_SESSION_HANDLE);
return SDR_INARGERR;
}
if (uiKeyIndex <= 0 || uiKeyIndex > SDF_MAX_KEY_INDEX) {
SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT,
SDF_R_INVALID_KEY_INDEX);
return -1;
}
if (uiPwdLength <= 0 || uiPwdLength > INT_MAX) {
SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT,
SDF_R_INVALID_PASSWORD_LENGTH);
return SDR_INARGERR;
}
if (!(pkey = ENGINE_load_private_key(session->engine, key_id,
ui_meth, cb_data))) {
SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT, ERR_R_ENGINE_LIB);
return 0;
}
return SDR_OK;
}
int SDF_ReleasePrivateKeyAccessRight(
void *hSessionHandle,
unsigned int uiKeyIndex)
{
SDF_SESSION *session = (SDF_SESSION *)hSessionHandle;
if (!hSessionHandle) {
SDFerr(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT,
ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (session->magic != SDF_SESSION_MAGIC) {
SDFerr(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT,
SDF_R_INVALID_SESSION_HANDLE);
return SDR_INARGERR;
}
if (uiKeyIndex <= 0 || uiKeyIndex > SDF_MAX_KEY_INDEX) {
SDFerr(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT,
SDF_R_INVALID_KEY_INDEX);
return -1;
}
if (session->password[uiKeyIndex]) {
OPENSSL_clear_free(session->password[uiKeyIndex],
strlen(session->password[uiKeyIndex]));
session->password[uiKeyIndex] = NULL;
}
return SDR_OK;
}

235
crypto/skf/skf_dgst.c
View File

@@ -1,235 +0,0 @@
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/gmskf.h>
#include "skf_lcl.h"
ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev,
ULONG ulAlgID,
ECCPUBLICKEYBLOB *pPubKey,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phHash)
{
ULONG ret = SAR_FAIL;
const EVP_MD *md;
EVP_MD_CTX *mdctx = NULL;
EC_KEY *ec_key = NULL;
SKF_HANDLE *hHash;
switch (ulAlgID) {
case SGD_SM3:
md = EVP_sm3();
break;
case SGD_SHA1:
md = EVP_sha1();
break;
case SGD_SHA256:
md = EVP_sha256();
break;
default:
SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_INVALID_ALGID);
return SAR_INVALIDPARAMERR;
}
if (!(mdctx = EVP_MD_CTX_create())) {
SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_MALLOC_FAILED);
return SAR_FAIL;
}
if (!EVP_DigestInit_ex(mdctx, md, NULL)) {
SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_EVP_LIB);
goto end;
}
if (pPubKey) {
if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pPubKey))) {
SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_INVALID_BLOB);
ret = SAR_INVALIDPARAMERR;
goto end;
}
/*
//FIXME
if (pbID) {
if (ulIDLen <= 0 || ulIDLen > SM2_MAX_ID_LENGTH) {
SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_INVALID_ID_LENGTH);
ret = SAR_INVALIDPARAMERR;
goto end;
}
OPENSSL_assert(strlen((char *)pbID) == ulIDLen);
if (!SM2_set_id(ec_key, (char *)pbID)) {
SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_SM2_LIB);
ret = SAR_FAIL;
goto end;
}
}
dgstlen = sizeof(dgst);
if (!SM2_compute_id_digest(md, dgst, &dgstlen, ec_key)) {
SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_SM2_LIB);
goto end;
}
if (!EVP_DigestUpdate(mdctx, dgst, dgstlen)) {
goto end;
}
*/
} else {
if (pbID) {
SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_NO_PUBLIC_KEY);
ret = SAR_INVALIDPARAMERR;
goto end;
}
}
if (!(hHash = OPENSSL_malloc(sizeof(*hHash)))) {
SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_MALLOC_FAILURE);
goto end;
}
memset(hHash, 0, sizeof(*hHash));
hHash->magic = SKF_HANDLE_MAGIC;
hHash->type = SKF_HASH_HANDLE;
hHash->u.md_ctx = mdctx;
mdctx = NULL;
*phHash = hHash;
ret = SAR_OK;
end:
EVP_MD_CTX_destroy(mdctx);
EC_KEY_free(ec_key);
return ret;
}
ULONG DEVAPI SKF_DigestUpdate(HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen)
{
EVP_MD_CTX *md_ctx;
if (!(md_ctx = SKF_HANDLE_get_md_ctx(hHash))) {
SKFerr(SKF_F_SKF_DIGESTUPDATE, SKF_R_INVALID_HASH_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (!pbData) {
SKFerr(SKF_F_SKF_DIGESTUPDATE, SKF_R_INVALID_ARGUMENTS);
return SAR_INVALIDPARAMERR;
}
if (ulDataLen == 0) {
return SAR_OK;
}
if (!EVP_DigestUpdate(md_ctx, pbData, ulDataLen)) {
SKFerr(SKF_F_SKF_DIGESTUPDATE, ERR_R_EVP_LIB);
return SAR_FAIL;
}
return SAR_OK;
}
ULONG DEVAPI SKF_DigestFinal(HANDLE hHash,
BYTE *pHashData,
ULONG *pulHashLen)
{
EVP_MD_CTX *mdctx;
if (!(mdctx = SKF_HANDLE_get_md_ctx(hHash))) {
SKFerr(SKF_F_SKF_DIGESTFINAL, SKF_R_INVALID_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (!pulHashLen) {
SKFerr(SKF_F_SKF_DIGESTFINAL, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (!EVP_DigestFinal_ex(mdctx, pHashData, pulHashLen)) {
SKFerr(SKF_F_SKF_DIGESTFINAL, ERR_R_EVP_LIB);
return SAR_FAIL;
}
EVP_MD_CTX_destroy(mdctx);
((SKF_HANDLE *)hHash)->u.md_ctx = NULL;
return SAR_OK;
}
ULONG DEVAPI SKF_Digest(HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbHashData,
ULONG *pulHashLen)
{
ULONG rv;
if ((rv = SKF_DigestUpdate(hHash, pbData, ulDataLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_DIGEST, ERR_R_GMAPI_LIB);
return rv;
}
if ((rv = SKF_DigestFinal(hHash, pbHashData, pulHashLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_DIGEST, ERR_R_GMAPI_LIB);
return rv;
}
return SAR_OK;
}

938
crypto/skf/skf_dummy.c Normal file
View File

@@ -0,0 +1,938 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/skf.h>
static char *hDeviceHandle = "hDeviceHandle";
static char *hApplication = "hApplication";
static char *hContainer = "hContainer";
static char *hAgreementHandle = "AgreementHandle";
static char *hKeyHandle = "KeyHandle";
static char *hHashHandle = "HashHandle";
static char *hMacHandle = "MacHandle";
ULONG DEVAPI SKF_WaitForDevEvent(
LPSTR szDevName,
ULONG *pulDevNameLen,
ULONG *pulEvent)
{
return SAR_OK;
}
ULONG DEVAPI SKF_CancelWaitForDevEvent(
void)
{
return SAR_OK;
}
ULONG DEVAPI SKF_EnumDev(BOOL bPresent,
LPSTR szNameList,
ULONG *pulSize)
{
char *dev_list = "dev1\0dev2\0";
if (!szNameList || !pulSize) {
return SAR_INVALIDPARAMERR;
}
strcpy((char *)szNameList, dev_list);
*pulSize = sizeof(dev_list);
return SAR_OK;
}
ULONG DEVAPI SKF_ConnectDev(
LPSTR szName,
DEVHANDLE *phDev)
{
if (!phDev) {
return SAR_INVALIDPARAMERR;
}
*phDev = hDeviceHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_DisConnectDev(
DEVHANDLE hDev)
{
return SAR_OK;
}
ULONG DEVAPI SKF_GetDevState(
LPSTR szDevName,
ULONG *pulDevState)
{
*pulDevState = 0;
return SAR_OK;
}
ULONG DEVAPI SKF_SetLabel(
DEVHANDLE hDev,
LPSTR szLabel)
{
return SAR_OK;
}
ULONG DEVAPI SKF_GetDevInfo(
DEVHANDLE hDev,
DEVINFO *pDevInfo)
{
return SAR_OK;
}
ULONG DEVAPI SKF_LockDev(
DEVHANDLE hDev,
ULONG ulTimeOut)
{
return SAR_OK;
}
ULONG DEVAPI SKF_UnlockDev(
DEVHANDLE hDev)
{
return SAR_OK;
}
ULONG DEVAPI SKF_Transmit(
DEVHANDLE hDev,
BYTE *pbCommand,
ULONG ulCommandLen,
BYTE *pbData,
ULONG *pulDataLen)
{
if (!pbData || !pulDataLen) {
return SAR_INVALIDPARAMERR;
}
memcpy(pbData, pbCommand, ulCommandLen);
*pulDataLen = ulCommandLen;
return SAR_OK;
}
ULONG DEVAPI SKF_ChangeDevAuthKey(
DEVHANDLE hDev,
BYTE *pbKeyValue,
ULONG ulKeyLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_DevAuth(
DEVHANDLE hDev,
BYTE *pbAuthData,
ULONG ulLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_ChangePIN(
HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szOldPin,
LPSTR szNewPin,
ULONG *pulRetryCount)
{
if (!pulRetryCount) {
return SAR_INVALIDPARAMERR;
}
*pulRetryCount = 100;
return SAR_OK;
}
LONG DEVAPI SKF_GetPINInfo(
HAPPLICATION hApplication,
ULONG ulPINType,
ULONG *pulMaxRetryCount,
ULONG *pulRemainRetryCount,
BOOL *pbDefaultPin)
{
if (!pulMaxRetryCount || !pulRemainRetryCount || !pbDefaultPin) {
return SAR_INVALIDPARAMERR;
}
*pulMaxRetryCount = 100;
*pulRemainRetryCount = 100;
*pbDefaultPin = 0;
return SAR_OK;
}
ULONG DEVAPI SKF_VerifyPIN(
HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szPIN,
ULONG *pulRetryCount)
{
if (!pulRetryCount) {
return SAR_INVALIDPARAMERR;
}
*pulRetryCount = 100;
return SAR_OK;
}
ULONG DEVAPI SKF_UnblockPIN(
HAPPLICATION hApplication,
LPSTR szAdminPIN,
LPSTR szNewUserPIN,
ULONG *pulRetryCount)
{
if (!pulRetryCount) {
return SAR_INVALIDPARAMERR;
}
*pulRetryCount = 100;
return SAR_OK;
}
ULONG DEVAPI SKF_ClearSecureState(
HAPPLICATION hApplication)
{
return SAR_OK;
}
ULONG DEVAPI SKF_CreateApplication(
DEVHANDLE hDev,
LPSTR szAppName,
LPSTR szAdminPin,
DWORD dwAdminPinRetryCount,
LPSTR szUserPin,
DWORD dwUserPinRetryCount,
DWORD dwCreateFileRights,
HAPPLICATION *phApplication)
{
if (!phApplication) {
return SAR_INVALIDPARAMERR;
}
*phApplication = hApplication;
return SAR_OK;
}
ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev,
LPSTR szAppName,
ULONG *pulSize)
{
char *app_list = "app1\0app2\0";
if (!szAppName || !pulSize) {
return SAR_INVALIDPARAMERR;
}
strcpy((char *)szAppName, app_list);
*pulSize = strlen(app_list);
return SAR_OK;
}
ULONG DEVAPI SKF_DeleteApplication(
DEVHANDLE hDev,
LPSTR szAppName)
{
return SAR_OK;
}
ULONG DEVAPI SKF_OpenApplication(
DEVHANDLE hDev,
LPSTR szAppName,
HAPPLICATION *phApplication)
{
if (!phApplication) {
return SAR_INVALIDPARAMERR;
}
*phApplication = hApplication;
return SAR_OK;
}
ULONG DEVAPI SKF_CloseApplication(
HAPPLICATION hApplication)
{
return SAR_OK;
}
ULONG DEVAPI SKF_CreateFile(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulFileSize,
ULONG ulReadRights,
ULONG ulWriteRights)
{
return SAR_OK;
}
ULONG DEVAPI SKF_DeleteFile(
HAPPLICATION hApplication,
LPSTR szFileName)
{
return SAR_OK;
}
ULONG DEVAPI SKF_EnumFiles(
HAPPLICATION hApplication,
LPSTR szFileList,
ULONG *pulSize)
{
char *file_list = "file1.txt\0file2.txt\0";
if (!pulSize) {
return SAR_INVALIDPARAMERR;
}
strcpy((char *)szFileList, file_list);
*pulSize = strlen(file_list);
return SAR_OK;
}
ULONG DEVAPI SKF_GetFileInfo(
HAPPLICATION hApplication,
LPSTR szFileName,
FILEATTRIBUTE *pFileInfo)
{
if (!pFileInfo) {
return SAR_INVALIDPARAMERR;
}
//TODO: set pFileInfo;
return SAR_OK;
}
ULONG DEVAPI SKF_ReadFile(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
ULONG ulSize,
BYTE *pbOutData,
ULONG *pulOutLen)
{
if (!pbOutData || !pulOutLen) {
return SAR_INVALIDPARAMERR;
}
*pulOutLen = ulSize;
return SAR_OK;
}
ULONG DEVAPI SKF_WriteFile(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
BYTE *pbData,
ULONG ulSize)
{
return SAR_OK;
}
ULONG DEVAPI SKF_CreateContainer(
HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer)
{
if (!phContainer) {
return SAR_INVALIDPARAMERR;
}
*phContainer = hContainer;
return SAR_OK;
}
ULONG DEVAPI SKF_DeleteContainer(
HAPPLICATION hApplication,
LPSTR szContainerName)
{
return SAR_OK;
}
ULONG DEVAPI SKF_EnumContainer(
HAPPLICATION hApplication,
LPSTR szContainerName,
ULONG *pulSize)
{
char *cont_list = "container1\0container2\0";
if (!szContainerName || !pulSize) {
return SAR_INVALIDPARAMERR;
}
strcpy((char *)szContainerName, cont_list);
*pulSize = strlen(cont_list);
return SAR_OK;
}
ULONG DEVAPI SKF_OpenContainer(
HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer)
{
if (!phContainer) {
return SAR_INVALIDPARAMERR;
}
*phContainer = hContainer;
return SAR_OK;
}
ULONG DEVAPI SKF_CloseContainer(
HCONTAINER hContainer)
{
return SAR_OK;
}
ULONG DEVAPI SKF_GetContainerType(
HCONTAINER hContainer,
ULONG *pulContainerType)
{
if (!pulContainerType) {
return SAR_INVALIDPARAMERR;
}
*pulContainerType = 0;
return SAR_OK;
}
ULONG DEVAPI SKF_ImportCertificate(
HCONTAINER hContainer,
BOOL bExportSignKey,
BYTE *pbCert,
ULONG ulCertLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_ExportCertificate(
HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbCert,
ULONG *pulCertLen)
{
if (!pbCert || !pulCertLen) {
return SAR_INVALIDPARAMERR;
}
memset(pbCert, 'c', 512);
*pulCertLen = 512;
return SAR_OK;
}
ULONG DEVAPI SKF_ExportPublicKey(
HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbBlob,
ULONG *pulBlobLen)
{
if (!pbBlob || !pulBlobLen) {
return SAR_INVALIDPARAMERR;
}
*pulBlobLen = 1024;
return SAR_OK;
}
ULONG DEVAPI SKF_GenRandom(
DEVHANDLE hDev,
BYTE *pbRandom,
ULONG ulRandomLen)
{
if (!pbRandom) {
return SAR_INVALIDPARAMERR;
}
memset(pbRandom, 'r', ulRandomLen);
return SAR_OK;
}
ULONG DEVAPI SKF_GenExtRSAKey(
DEVHANDLE hDev,
ULONG ulBitsLen,
RSAPRIVATEKEYBLOB *pBlob)
{
if (!pBlob) {
return SAR_INVALIDPARAMERR;
}
return SAR_OK;
}
ULONG DEVAPI SKF_GenRSAKeyPair(
HCONTAINER hContainer,
ULONG ulBitsLen,
RSAPUBLICKEYBLOB *pBlob)
{
if (!pBlob) {
return SAR_INVALIDPARAMERR;
}
return SAR_OK;
}
ULONG DEVAPI SKF_ImportRSAKeyPair(
HCONTAINER hContainer,
ULONG ulSymAlgId,
BYTE *pbWrappedKey,
ULONG ulWrappedKeyLen,
BYTE *pbEncryptedData,
ULONG ulEncryptedDataLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_RSASignData(
HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG *pulSignLen)
{
if (!pbSignature || !pulSignLen) {
return SAR_INVALIDPARAMERR;
}
*pulSignLen = 256;
return SAR_OK;
}
ULONG DEVAPI SKF_RSAVerify(
DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG ulSignLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_RSAExportSessionKey(
HCONTAINER hContainer,
ULONG ulAlgId,
RSAPUBLICKEYBLOB *pPubKey,
BYTE *pbData,
ULONG *pulDataLen,
HANDLE *phSessionKey);
ULONG DEVAPI SKF_ExtRSAPubKeyOperation(
DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen)
{
if (!pbOutput || !pulOutputLen) {
return SAR_INVALIDPARAMERR;
}
*pulOutputLen = 256;
return SAR_OK;
}
ULONG DEVAPI SKF_ExtRSAPriKeyOperation(
DEVHANDLE hDev,
RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen)
{
if (!pbOutput || !pulOutputLen) {
return SAR_INVALIDPARAMERR;
}
*pulOutputLen = 256;
return SAR_OK;
}
ULONG DEVAPI SKF_GenECCKeyPair(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pBlob)
{
if (!pBlob) {
return SAR_INVALIDPARAMERR;
}
return SAR_OK;
}
ULONG DEVAPI SKF_ImportECCKeyPair(
HCONTAINER hContainer,
ENVELOPEDKEYBLOB *pEnvelopedKeyBlob)
{
return SAR_OK;
}
ULONG DEVAPI SKF_ECCSignData(
HCONTAINER hContainer,
BYTE *pbDigest,
ULONG ulDigestLen,
ECCSIGNATUREBLOB *pSignature)
{
if (!pSignature) {
return SAR_INVALIDPARAMERR;
}
return SAR_OK;
}
ULONG DEVAPI SKF_ECCVerify(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
return SAR_OK;
}
ULONG DEVAPI SKF_ECCExportSessionKey(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pPubKey,
ECCCIPHERBLOB *pData,
HANDLE *phSessionKey)
{
if (!phSessionKey) {
return SAR_INVALIDPARAMERR;
}
*phSessionKey = hKeyHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_ExtECCEncrypt(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbPlainText,
ULONG ulPlainTextLen,
ECCCIPHERBLOB *pCipherText)
{
return SAR_OK;
}
ULONG DEVAPI SKF_ExtECCDecrypt(
DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
ECCCIPHERBLOB *pCipherText,
BYTE *pbPlainText,
ULONG *pulPlainTextLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_ExtECCSign(
DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
if (!pSignature) {
return SAR_INVALIDPARAMERR;
}
return SAR_OK;
}
ULONG DEVAPI SKF_ExtECCVerify(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
return SAR_OK;
}
ULONG DEVAPI SKF_GenerateAgreementDataWithECC(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phAgreementHandle)
{
if (!phAgreementHandle) {
return SAR_INVALIDPARAMERR;
}
*phAgreementHandle = hAgreementHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(
HANDLE hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
BYTE *pbSponsorID,
ULONG ulSponsorIDLen,
HANDLE *phKeyHandle)
{
if (!phKeyHandle) {
return SAR_INVALIDPARAMERR;
}
*phKeyHandle = hKeyHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_GenerateKeyWithECC(
HANDLE hAgreementHandle,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phKeyHandle)
{
if (!phKeyHandle) {
return SAR_INVALIDPARAMERR;
}
*phKeyHandle = hKeyHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_ImportSessionKey(
HCONTAINER hContainer,
ULONG ulAlgId,
BYTE *pbWrapedData,
ULONG ulWrapedLen,
HANDLE *phKey)
{
if (!phKey) {
return SAR_INVALIDPARAMERR;
}
*phKey = hKeyHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_SetSymmKey(
DEVHANDLE hDev,
BYTE *pbKey,
ULONG ulAlgID,
HANDLE *phKey)
{
if (!phKey) {
return SAR_INVALIDPARAMERR;
}
*phKey = hKeyHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_EncryptInit(
HANDLE hKey,
BLOCKCIPHERPARAM EncryptParam)
{
return SAR_OK;
}
ULONG DEVAPI SKF_Encrypt(
HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen)
{
if (!pbData || !pbEncryptedData || !pulEncryptedLen) {
return SAR_INVALIDPARAMERR;
}
memcpy(pbEncryptedData, pbData, ulDataLen);
*pulEncryptedLen = ulDataLen;
return SAR_OK;
}
ULONG DEVAPI SKF_EncryptUpdate(
HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen)
{
if (!pbData || !pbEncryptedData || !pulEncryptedLen) {
return SAR_INVALIDPARAMERR;
}
memcpy(pbEncryptedData, pbData, ulDataLen);
*pulEncryptedLen = ulDataLen;
return SAR_OK;
}
ULONG DEVAPI SKF_EncryptFinal(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG *pulEncryptedDataLen)
{
if (!pbEncryptedData || !pulEncryptedDataLen) {
return SAR_INVALIDPARAMERR;
}
*pulEncryptedDataLen = 0;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptInit(
HANDLE hKey,
BLOCKCIPHERPARAM DecryptParam)
{
return SAR_OK;
}
ULONG DEVAPI SKF_Decrypt(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen)
{
if (!pbEncryptedData || !pbData || !pulDataLen) {
return SAR_INVALIDPARAMERR;
}
memcpy(pbData, pbEncryptedData, ulEncryptedLen);
*pulDataLen = ulEncryptedLen;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptUpdate(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen)
{
if (!pbEncryptedData || !pbData || !pulDataLen) {
return SAR_INVALIDPARAMERR;
}
memcpy(pbData, pbEncryptedData, ulEncryptedLen);
*pulDataLen = ulEncryptedLen;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptFinal(
HANDLE hKey,
BYTE *pbDecryptedData,
ULONG *pulDecryptedDataLen)
{
if (!pulDecryptedDataLen) {
return SAR_INVALIDPARAMERR;
}
*pulDecryptedDataLen = 0;
return SAR_OK;
}
ULONG DEVAPI SKF_DigestInit(
DEVHANDLE hDev,
ULONG ulAlgID,
ECCPUBLICKEYBLOB *pPubKey,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phHash)
{
if (!phHash) {
return SAR_INVALIDPARAMERR;
}
*phHash = hHashHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_Digest(
HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbHashData,
ULONG *pulHashLen)
{
if (!pbHashData || !pulHashLen) {
return SAR_INVALIDPARAMERR;
}
memset(pbHashData, 'h', 32);
*pulHashLen = 32;
return SAR_OK;
}
ULONG DEVAPI SKF_DigestUpdate(
HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_DigestFinal(
HANDLE hHash,
BYTE *pbHashData,
ULONG *pulHashLen)
{
if (!pbHashData || !pulHashLen) {
return SAR_INVALIDPARAMERR;
}
memset(pbHashData, 'h', 32);
*pulHashLen = 32;
return SAR_OK;
}
ULONG DEVAPI SKF_MacInit(
HANDLE hKey,
BLOCKCIPHERPARAM *pMacParam,
HANDLE *phMac)
{
if (!phMac) {
return SAR_INVALIDPARAMERR;
}
*phMac = hMacHandle;
return SAR_OK;
}
ULONG DEVAPI SKF_Mac(
HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbMacData,
ULONG *pulMacLen)
{
if (!pbMacData || !pulMacLen) {
return SAR_INVALIDPARAMERR;
}
memset(pbMacData, 'm', 32);
*pulMacLen = 32;
return SAR_OK;
}
ULONG DEVAPI SKF_MacUpdate(
HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_MacFinal(
HANDLE hMac,
BYTE *pbMacData,
ULONG *pulMacDataLen)
{
if (!pbMacData || !pulMacDataLen) {
return SAR_INVALIDPARAMERR;
}
memset(pbMacData, 'm', 32);
*pulMacDataLen = 32;
return SAR_OK;
}
ULONG DEVAPI SKF_CloseHandle(
HANDLE hHandle)
{
return SAR_OK;
}

272
crypto/skf/skf_ec.c
View File

@@ -1,272 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <openssl/ec.h>
#include <openssl/sm2.h>
#include <openssl/gmskf.h>
#include "skf_lcl.h"
ULONG DEVAPI SKF_GenExtECCKeyPair(DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *priKey,
ECCPUBLICKEYBLOB *pubKey)
{
ULONG ret = SAR_FAIL;
EC_KEY *ec_key = NULL;
if(!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) {
SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, ERR_R_EC_LIB);
return SAR_FAIL;
}
if (!EC_KEY_get_ECCPRIVATEKEYBLOB(ec_key, priKey)) {
SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, SKF_R_GET_PRIVATE_KEY_FAILED);
goto end;
}
if (!EC_KEY_get_ECCPUBLICKEYBLOB(ec_key, pubKey)) {
SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, SKF_R_GET_PUBLIC_KEY_FAILED);
goto end;
}
ret = SAR_OK;
end:
EC_KEY_free(ec_key);
return ret;
}
ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
ULONG ret = SAR_FAIL;
EC_KEY *ec_key = NULL;
ECDSA_SIG *sig = NULL;
if (!pECCPriKeyBlob || !pbData || !pSignature) {
SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (ulDataLen != SM3_DIGEST_LENGTH) {
SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_INVALID_DIGEST_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!(ec_key = EC_KEY_new_from_ECCPRIVATEKEYBLOB(pECCPriKeyBlob))) {
SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_INVALID_ECC_PRIVATE_KEY);
goto end;
}
if (!(sig = SM2_do_sign(pbData, (int)ulDataLen, ec_key))) {
SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_SIGN_FAILED);
goto end;
}
if (!ECDSA_SIG_get_ECCSIGNATUREBLOB(sig, pSignature)) {
SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_ENCODE_SIGNATURE_FAILED);
goto end;
}
ret = SAR_OK;
end:
EC_KEY_free(ec_key);
ECDSA_SIG_free(sig);
return ret;
}
ULONG DEVAPI SKF_ExtECCVerify(DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
ULONG ret = SAR_FAIL;
EC_KEY *ec_key = NULL;
ECDSA_SIG *sig = NULL;
if (!pECCPubKeyBlob || !pbData || pSignature) {
SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (ulDataLen != SM3_DIGEST_LENGTH) {
SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_INVALID_DIGEST_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pECCPubKeyBlob))) {
SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_INVALID_ECC_PUBLIC_KEY);
goto end;
}
if (!(sig = ECDSA_SIG_new_from_ECCSIGNATUREBLOB(pSignature))) {
SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_INVALID_SIGNATURE);
goto end;
}
if (1 != SM2_do_verify(pbData, (int)ulDataLen, sig, ec_key)) {
SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_VERIFY_NOT_PASS);
goto end;
}
ret = SAR_OK;
end:
EC_KEY_free(ec_key);
ECDSA_SIG_free(sig);
return ret;
}
ULONG DEVAPI SKF_ECCVerify(DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
return SKF_ExtECCVerify(hDev, pECCPubKeyBlob, pbData, ulDataLen, pSignature);
}
ULONG DEVAPI SKF_ExtECCEncrypt(DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbPlainText,
ULONG ulPlainTextLen,
ECCCIPHERBLOB *pCipherText)
{
ULONG ret = SAR_FAIL;
EC_KEY *ec_key = NULL;
SM2_CIPHERTEXT_VALUE *cv = NULL;
SM2_ENC_PARAMS params;
if (!pECCPubKeyBlob || !pbPlainText || !pCipherText) {
SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (ulPlainTextLen <= 0) {
SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_INVALID_PLAINTEXT_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pECCPubKeyBlob))) {
SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_INVALID_EC_PUBLIC_KEY);
goto end;
}
SM2_ENC_PARAMS_init_with_recommended(&params);
if (!(cv = SM2_do_encrypt(&params, pbPlainText, ulPlainTextLen, ec_key))) {
SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_ENCRYPT_FAILED);
goto end;
}
if (!SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(cv, pCipherText)) {
SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_ENCODE_CIPHERTEXT_FAILED);
goto end;
}
ret = SAR_OK;
end:
EC_KEY_free(ec_key);
SM2_CIPHERTEXT_VALUE_free(cv);
return ret;
}
ULONG DEVAPI SKF_ExtECCDecrypt(DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
ECCCIPHERBLOB *pCipherText,
BYTE *pbPlainText,
ULONG *pulPlainTextLen)
{
ULONG ret = SAR_FAIL;
EC_KEY *ec_key = NULL;
SM2_CIPHERTEXT_VALUE *cv = NULL;
SM2_ENC_PARAMS params;
size_t len;
if (!pECCPriKeyBlob || !pCipherText || !pulPlainTextLen) {
SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (pCipherText->CipherLen <= 0) {
SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_INVALID_CIPHERTEXT_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!pbPlainText) {
*pulPlainTextLen = pCipherText->CipherLen;
return SAR_OK;
}
if (!(ec_key = EC_KEY_new_from_ECCPRIVATEKEYBLOB(pECCPriKeyBlob))) {
SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_INVALID_EC_PRIVATE_KEY);
goto end;
}
if (!(cv = SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB(pCipherText))) {
SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_INVALID_CIPHERTEXT);
goto end;
}
SM2_ENC_PARAMS_init_with_recommended(&params);
len = *pulPlainTextLen; //FIXME: check length?
if (!SM2_do_decrypt(&params, cv, pbPlainText, &len, ec_key)) {
SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_DECRYPT_FAILED);
goto end;
}
*pulPlainTextLen = (ULONG)len;
ret = SAR_OK;
end:
EC_KEY_free(ec_key);
SM2_CIPHERTEXT_VALUE_free(cv);
return ret;
}

404
crypto/skf/skf_enc.c
View File

@@ -1,404 +0,0 @@
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/sms4.h>
#include <openssl/gmskf.h>
#include "skf_lcl.h"
#define PADDING_TYPE_NO_PADDING 0
#define PADDING_TYPE_PKCS5 1
/*
229 typedef struct Struct_BLOCKCIPHERPARAM {
230 BYTE IV[MAX_IV_LEN];
231 ULONG IVLen;
232 ULONG PaddingType;
233 ULONG FeedBitLen;
234 } BLOCKCIPHERPARAM, *PBLOCKCIPHERPARAM;
*/
int SKF_nid_to_encparams(int nid, ULONG *algID, BLOCKCIPHERPARAM *params)
{
ULONG ulAlgID = 0;
switch (nid) {
case NID_ssf33_ecb:
ulAlgID = SGD_SSF33_ECB;
break;
case NID_ssf33_cbc:
ulAlgID = SGD_SSF33_CBC;
break;
case NID_ssf33_cfb1:
case NID_ssf33_cfb8:
case NID_ssf33_cfb128:
ulAlgID = SGD_SSF33_CFB;
break;
case NID_ssf33_ofb128:
ulAlgID = SGD_SSF33_OFB;
break;
case NID_sm1_ecb:
ulAlgID = SGD_SM1_ECB;
break;
case NID_sm1_cbc:
ulAlgID = SGD_SM1_CBC;
break;
case NID_sm1_cfb1:
case NID_sm1_cfb8:
case NID_sm1_cfb128:
ulAlgID = SGD_SM1_CFB;
break;
case NID_sm1_ofb128:
ulAlgID = SGD_SM1_OFB;
break;
case NID_sms4_ecb:
ulAlgID = SGD_SM4_ECB;
break;
case NID_sms4_cbc:
ulAlgID = SGD_SM4_CBC;
break;
case NID_sms4_cfb1:
case NID_sms4_cfb8:
case NID_sms4_cfb128:
ulAlgID = SGD_SM4_CFB;
break;
case NID_sms4_ofb128:
ulAlgID = SGD_SM4_OFB;
break;
default:
return 0;
}
*algID = ulAlgID;
switch (nid) {
case NID_sm1_cfb1:
case NID_sms4_cfb1:
case NID_ssf33_cfb1:
params->FeedBitLen = 1;
break;
case NID_sm1_cfb8:
case NID_sms4_cfb8:
case NID_ssf33_cfb8:
params->FeedBitLen = 8;
break;
case NID_sm1_cfb128:
case NID_sms4_cfb128:
case NID_ssf33_cfb128:
params->FeedBitLen = 128;
break;
default:
params->FeedBitLen = 0;
}
switch (nid) {
case NID_sm1_cbc:
case NID_sms4_cbc:
case NID_ssf33_cbc:
params->PaddingType = SKF_PKCS5_PADDING;
break;
default:
params->PaddingType = SKF_NO_PADDING;
}
return 1;
}
ULONG DEVAPI SKF_EncryptInit(HANDLE hKey,
BLOCKCIPHERPARAM encryptParam)
{
ULONG ret = SAR_FAIL;
BLOCKCIPHERPARAM *encparam = &encryptParam;
EVP_CIPHER_CTX *ctx = NULL;
const EVP_CIPHER *cipher;
unsigned char *key;
unsigned char *iv;
if (!(cipher = SKF_HANDLE_get_cipher(hKey, encparam))) {
SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_KEY_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (!(key = SKF_HANDLE_get_key(hKey))) {
SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_KEY_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (encparam->IVLen != SMS4_IV_LENGTH) {
SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_IV_LENGTH);
return SAR_INVALIDPARAMERR;
}
iv = encparam->IV;
if (!(ctx = EVP_CIPHER_CTX_new())) {
SKFerr(SKF_F_SKF_ENCRYPTINIT, ERR_R_EVP_LIB);
return SAR_INVALIDPARAMERR;
}
if (!EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) {
SKFerr(SKF_F_SKF_ENCRYPTINIT, ERR_R_EVP_LIB);
goto end;
}
((SKF_HANDLE *)hKey)->type = SKF_CIPHER_HANDLE;
((SKF_HANDLE *)hKey)->u.cipher_ctx = ctx;
ctx = NULL;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(ctx);
return ret;
}
ULONG DEVAPI SKF_EncryptUpdate(HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen)
{
EVP_CIPHER_CTX *ctx;
int inlen, outlen;
if (!(ctx = SKF_HANDLE_get_cipher_ctx(hKey))) {
SKFerr(SKF_F_SKF_ENCRYPTUPDATE, SKF_R_INVALID_CIPHER_CTX_HANDLE);
return SAR_INVALIDPARAMERR;
}
//FIXME: check INT_MAX
inlen = ulDataLen;
outlen = *pulEncryptedLen;
if (!EVP_EncryptUpdate(ctx, pbEncryptedData, &outlen, pbData, inlen)) {
SKFerr(SKF_F_SKF_ENCRYPTUPDATE, ERR_R_EVP_LIB);
return SAR_FAIL;
}
*pulEncryptedLen = outlen;
return SAR_OK;
}
ULONG DEVAPI SKF_EncryptFinal(HANDLE hKey,
BYTE *pbEncryptedData,
ULONG *pulEncryptedDataLen)
{
EVP_CIPHER_CTX *ctx;
int outlen;
if (!(ctx = SKF_HANDLE_get_cipher_ctx(hKey))) {
SKFerr(SKF_F_SKF_ENCRYPTFINAL, SKF_R_INVALID_CIPHER_CTX_HANDLE);
return SAR_INVALIDPARAMERR;
}
outlen = *pulEncryptedDataLen;
if (!EVP_EncryptFinal(ctx, pbEncryptedData, &outlen)) {
SKFerr(SKF_F_SKF_ENCRYPTFINAL, ERR_R_EVP_LIB);
return SAR_FAIL;
}
*pulEncryptedDataLen = outlen;
EVP_CIPHER_CTX_free(ctx);
((SKF_HANDLE *)hKey)->u.cipher_ctx = NULL;
((SKF_HANDLE *)hKey)->type = SKF_KEY_HANDLE;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptInit(HANDLE hKey,
BLOCKCIPHERPARAM DecryptParam)
{
ULONG ret = SAR_FAIL;
BLOCKCIPHERPARAM *param = &DecryptParam;
EVP_CIPHER_CTX *ctx = NULL;
const EVP_CIPHER *cipher;
unsigned char *key;
unsigned char *iv;
if (!(cipher = SKF_HANDLE_get_cipher(hKey, param))) {
SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_KEY_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (!(key = SKF_HANDLE_get_key(hKey))) {
SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_KEY_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (param->IVLen != SMS4_IV_LENGTH) {
SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_IV_LENGTH);
ret = SAR_INVALIDPARAMERR;
goto end;
}
iv = param->IV;
if (!(ctx = EVP_CIPHER_CTX_new())) {
SKFerr(SKF_F_SKF_DECRYPTINIT, ERR_R_EVP_LIB);
goto end;
}
if (!EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) {
SKFerr(SKF_F_SKF_DECRYPTINIT, ERR_R_EVP_LIB);
goto end;
}
((SKF_HANDLE *)hKey)->type = SKF_CIPHER_HANDLE;
((SKF_HANDLE *)hKey)->u.cipher_ctx = ctx;
ctx = NULL;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(ctx);
return ret;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen)
{
EVP_CIPHER_CTX *ctx;
int inlen, outlen;
if (!(ctx = SKF_HANDLE_get_cipher_ctx(hKey))) {
SKFerr(SKF_F_SKF_DECRYPTUPDATE, SKF_R_INVALID_CIPHER_CTX_HANDLE);
return SAR_INVALIDPARAMERR;
}
//FIXME: check INT_MAX
inlen = ulEncryptedLen;
outlen = *pulDataLen;
if (!EVP_DecryptUpdate(ctx, pbData, &outlen, pbEncryptedData, inlen)) {
SKFerr(SKF_F_SKF_DECRYPTUPDATE, ERR_R_EVP_LIB);
return SAR_FAIL;
}
*pulDataLen = outlen;
return SAR_OK;
}
ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey,
BYTE *pbDecryptedData,
ULONG *pulDecryptedDataLen)
{
EVP_CIPHER_CTX *ctx;
int len;
if (!(ctx = SKF_HANDLE_get_cipher_ctx(hKey))) {
SKFerr(SKF_F_SKF_DECRYPTFINAL, SKF_R_INVALID_KEY_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (!EVP_DecryptFinal(ctx, pbDecryptedData, &len)) {
return SAR_FAIL;
}
*pulDecryptedDataLen = len;
EVP_CIPHER_CTX_free(ctx);
((SKF_HANDLE *)hKey)->u.cipher_ctx = NULL;
((SKF_HANDLE *)hKey)->type = SKF_KEY_HANDLE;
return SAR_OK;
}
ULONG DEVAPI SKF_Encrypt(HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen)
{
ULONG rv;
BYTE *p;
ULONG len;
p = pbEncryptedData;
len = *pulEncryptedLen;
if ((rv = SKF_EncryptUpdate(hKey, pbData, ulDataLen, p, &len)) != SAR_OK) {
SKFerr(SKF_F_SKF_ENCRYPT, ERR_R_GMAPI_LIB);
return rv;
}
p += len;
len = *pulEncryptedLen - len;
if ((rv = SKF_EncryptFinal(hKey, p, &len)) != SAR_OK) {
SKFerr(SKF_F_SKF_ENCRYPT, ERR_R_GMAPI_LIB);
return rv;
}
*pulEncryptedLen = p + len - pbEncryptedData;
return SAR_OK;
}
ULONG DEVAPI SKF_Decrypt(HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen)
{
ULONG rv;
BYTE *p;
ULONG len;
p = pbData;
len = *pulDataLen;
if ((rv = SKF_DecryptUpdate(hKey, pbEncryptedData, ulEncryptedLen, p, &len)) != SAR_OK) {
SKFerr(SKF_F_SKF_DECRYPT, ERR_R_GMAPI_LIB);
return rv;
}
p += len;
len = *pulDataLen - len;
if ((rv = SKF_DecryptFinal(hKey, p, &len)) != SAR_OK) {
SKFerr(SKF_F_SKF_DECRYPT, ERR_R_GMAPI_LIB);
return rv;
}
*pulDataLen = p + len - pbData;
return SAR_OK;
}

122
crypto/skf/skf_err.c
View File

@@ -1,122 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gmskf.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SKF,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SKF,0,reason)
static ERR_STRING_DATA SKF_str_functs[] = {
{ERR_FUNC(SKF_F_SKF_CLOSEHANDLE), "SKF_CloseHandle"},
{ERR_FUNC(SKF_F_SKF_DECRYPT), "SKF_Decrypt"},
{ERR_FUNC(SKF_F_SKF_DECRYPTFINAL), "SKF_DecryptFinal"},
{ERR_FUNC(SKF_F_SKF_DECRYPTINIT), "SKF_DecryptInit"},
{ERR_FUNC(SKF_F_SKF_DECRYPTUPDATE), "SKF_DecryptUpdate"},
{ERR_FUNC(SKF_F_SKF_DIGEST), "SKF_Digest"},
{ERR_FUNC(SKF_F_SKF_DIGESTFINAL), "SKF_DigestFinal"},
{ERR_FUNC(SKF_F_SKF_DIGESTINIT), "SKF_DigestInit"},
{ERR_FUNC(SKF_F_SKF_DIGESTUPDATE), "SKF_DigestUpdate"},
{ERR_FUNC(SKF_F_SKF_ENCRYPT), "SKF_Encrypt"},
{ERR_FUNC(SKF_F_SKF_ENCRYPTFINAL), "SKF_EncryptFinal"},
{ERR_FUNC(SKF_F_SKF_ENCRYPTINIT), "SKF_EncryptInit"},
{ERR_FUNC(SKF_F_SKF_ENCRYPTUPDATE), "SKF_EncryptUpdate"},
{ERR_FUNC(SKF_F_SKF_EXTECCDECRYPT), "SKF_ExtECCDecrypt"},
{ERR_FUNC(SKF_F_SKF_EXTECCENCRYPT), "SKF_ExtECCEncrypt"},
{ERR_FUNC(SKF_F_SKF_EXTECCSIGN), "SKF_ExtECCSign"},
{ERR_FUNC(SKF_F_SKF_EXTECCVERIFY), "SKF_ExtECCVerify"},
{ERR_FUNC(SKF_F_SKF_EXTRSAPRIKEYOPERATION), "SKF_ExtRSAPriKeyOperation"},
{ERR_FUNC(SKF_F_SKF_EXTRSAPUBKEYOPERATION), "SKF_ExtRSAPubKeyOperation"},
{ERR_FUNC(SKF_F_SKF_GENEXTECCKEYPAIR), "SKF_GenExtECCKeyPair"},
{ERR_FUNC(SKF_F_SKF_GENEXTRSAKEY), "SKF_GenExtRSAKey"},
{ERR_FUNC(SKF_F_SKF_GENRANDOM), "SKF_GenRandom"},
{ERR_FUNC(SKF_F_SKF_GETDEVINFO), "SKF_GetDevInfo"},
{ERR_FUNC(SKF_F_SKF_GETDEVSTATE), "SKF_GetDevState"},
{ERR_FUNC(SKF_F_SKF_HANDLE_GET_CBCMAC_CTX), "SKF_HANDLE_get_cbcmac_ctx"},
{ERR_FUNC(SKF_F_SKF_HANDLE_GET_CIPHER), "SKF_HANDLE_get_cipher"},
{ERR_FUNC(SKF_F_SKF_HANDLE_GET_CIPHER_CTX), "SKF_HANDLE_get_cipher_ctx"},
{ERR_FUNC(SKF_F_SKF_HANDLE_GET_CMAC_CTX), "SKF_HANDLE_get_cmac_ctx"},
{ERR_FUNC(SKF_F_SKF_HANDLE_GET_KEY), "SKF_HANDLE_get_key"},
{ERR_FUNC(SKF_F_SKF_HANDLE_GET_MD_CTX), "SKF_HANDLE_get_md_ctx"},
{ERR_FUNC(SKF_F_SKF_MAC), "SKF_Mac"},
{ERR_FUNC(SKF_F_SKF_MACFINAL), "SKF_MacFinal"},
{ERR_FUNC(SKF_F_SKF_MACINIT), "SKF_MacInit"},
{ERR_FUNC(SKF_F_SKF_MACUPDATE), "SKF_MacUpdate"},
{ERR_FUNC(SKF_F_SKF_SETSYMMKEY), "SKF_SetSymmKey"},
{0, NULL}
};
static ERR_STRING_DATA SKF_str_reasons[] = {
{ERR_REASON(SKF_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SKF_R_CTX_NOT_CREATED), "ctx not created"},
{ERR_REASON(SKF_R_DECRYPT_FAILED), "decrypt failed"},
{ERR_REASON(SKF_R_ENCODE_CIPHERTEXT_FAILED), "encode ciphertext failed"},
{ERR_REASON(SKF_R_ENCODE_FAILED), "encode failed"},
{ERR_REASON(SKF_R_ENCODE_SIGNATURE_FAILED), "encode signature failed"},
{ERR_REASON(SKF_R_ENCRYPT_FAILED), "encrypt failed"},
{ERR_REASON(SKF_R_FAIL), "fail"},
{ERR_REASON(SKF_R_GEN_RSA_FAILED), "gen rsa failed"},
{ERR_REASON(SKF_R_GET_PRIVATE_KEY_FAILED), "get private key failed"},
{ERR_REASON(SKF_R_GET_PUBLIC_KEY_FAILED), "get public key failed"},
{ERR_REASON(SKF_R_INVALID_ALGID), "invalid algid"},
{ERR_REASON(SKF_R_INVALID_ALGOR), "invalid algor"},
{ERR_REASON(SKF_R_INVALID_ARGUMENTS), "invalid arguments"},
{ERR_REASON(SKF_R_INVALID_BLOB), "invalid blob"},
{ERR_REASON(SKF_R_INVALID_CIPHERTEXT), "invalid ciphertext"},
{ERR_REASON(SKF_R_INVALID_CIPHERTEXT_LENGTH),
"invalid ciphertext length"},
{ERR_REASON(SKF_R_INVALID_CIPHER_CTX_HANDLE),
"invalid cipher ctx handle"},
{ERR_REASON(SKF_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
{ERR_REASON(SKF_R_INVALID_ECC_PRIVATE_KEY), "invalid ecc private key"},
{ERR_REASON(SKF_R_INVALID_ECC_PUBLIC_KEY), "invalid ecc public key"},
{ERR_REASON(SKF_R_INVALID_EC_PRIVATE_KEY), "invalid ec private key"},
{ERR_REASON(SKF_R_INVALID_EC_PUBLIC_KEY), "invalid ec public key"},
{ERR_REASON(SKF_R_INVALID_FEED_BIT_LENGTH), "invalid feed bit length"},
{ERR_REASON(SKF_R_INVALID_HANDLE), "invalid handle"},
{ERR_REASON(SKF_R_INVALID_HANDLE_ALGOR), "invalid handle algor"},
{ERR_REASON(SKF_R_INVALID_HANDLE_MAGIC), "invalid handle magic"},
{ERR_REASON(SKF_R_INVALID_HANDLE_TYPE), "invalid handle type"},
{ERR_REASON(SKF_R_INVALID_HASH_HANDLE), "invalid hash handle"},
{ERR_REASON(SKF_R_INVALID_ID_LENGTH), "invalid id length"},
{ERR_REASON(SKF_R_INVALID_INPUT_LENGTH), "invalid input length"},
{ERR_REASON(SKF_R_INVALID_IV_LENGTH), "invalid iv length"},
{ERR_REASON(SKF_R_INVALID_KEY_HANDLE), "invalid key handle"},
{ERR_REASON(SKF_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_REASON(SKF_R_INVALID_MAC_HANDLE), "invalid mac handle"},
{ERR_REASON(SKF_R_INVALID_PLAINTEXT_LENGTH), "invalid plaintext length"},
{ERR_REASON(SKF_R_INVALID_RANDOM_LENGTH), "invalid random length"},
{ERR_REASON(SKF_R_INVALID_RSA_PUBLIC_KEY), "invalid rsa public key"},
{ERR_REASON(SKF_R_INVALID_SIGNATURE), "invalid signature"},
{ERR_REASON(SKF_R_MALLOC_FAILED), "malloc failed"},
{ERR_REASON(SKF_R_NO_PUBLIC_KEY), "no public key"},
{ERR_REASON(SKF_R_NULL_ARGUMENT), "null argument"},
{ERR_REASON(SKF_R_SIGN_FAILED), "sign failed"},
{ERR_REASON(SKF_R_VERIFY_NOT_PASS), "verify not pass"},
{0, NULL}
};
#endif
int ERR_load_SKF_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SKF_str_functs[0].error) == NULL) {
ERR_load_strings(0, SKF_str_functs);
ERR_load_strings(0, SKF_str_reasons);
}
#endif
return 1;
}

248
crypto/skf/skf_handle.c
View File

@@ -1,248 +0,0 @@
/* crypto/gmapi/skf_handle.c */
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include <openssl/gmskf.h>
#include <openssl/gmapi.h>
#include "skf_lcl.h"
unsigned char *SKF_HANDLE_get_key(HANDLE hKey)
{
SKF_HANDLE *handle;
if (!(handle = (SKF_HANDLE *)hKey)) {
SKFerr(SKF_F_SKF_HANDLE_GET_KEY, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (handle->magic != SKF_HANDLE_MAGIC) {
SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_HANDLE_MAGIC);
return NULL;
}
if (handle->type < SKF_KEY_HANDLE) {
SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_HANDLE_TYPE);
return NULL;
}
switch (handle->algid) {
case SGD_SM4_ECB:
case SGD_SM4_CBC:
case SGD_SM4_CFB:
case SGD_SM4_OFB:
case SGD_SM4_MAC:
break;
default:
SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_ALGOR);
return NULL;
}
if (!handle->keylen) {
SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_KEY_HANDLE);
return NULL;
}
return handle->key;
}
const EVP_CIPHER *SKF_HANDLE_get_cipher(HANDLE hKey, BLOCKCIPHERPARAM *param)
{
SKF_HANDLE *handle = (SKF_HANDLE *)hKey;
if (!SKF_HANDLE_get_key(hKey)) {
SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_KEY_HANDLE);
return NULL;
}
switch (handle->algid) {
case SGD_SM4_ECB:
return EVP_sms4_ecb();
case SGD_SM4_CBC:
return EVP_sms4_cbc();
case SGD_SM4_OFB:
return EVP_sms4_ofb();
case SGD_SM4_CFB:
switch (param->FeedBitLen) {
case 1: return EVP_sms4_cfb1();
case 8: return EVP_sms4_cfb8();
case 128: return EVP_sms4_cfb128();
}
SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_FEED_BIT_LENGTH);
return NULL;
}
SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_HANDLE_ALGOR);
return NULL;
}
EVP_MD_CTX *SKF_HANDLE_get_md_ctx(HANDLE hHash)
{
EVP_MD_CTX *ret;
SKF_HANDLE *handle;
if (!(handle = (SKF_HANDLE *)hHash)) {
SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (handle->magic != SKF_HANDLE_MAGIC) {
SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_INVALID_HANDLE_MAGIC);
return NULL;
}
if (handle->type != SKF_HASH_HANDLE) {
SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_INVALID_HANDLE_TYPE);
return NULL;
}
if (!(ret = handle->u.md_ctx)) {
SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_CTX_NOT_CREATED);
return NULL;
}
return ret;
}
CMAC_CTX *SKF_HANDLE_get_cmac_ctx(HANDLE hMac)
{
CMAC_CTX *ret;
SKF_HANDLE *handle;
if (!(handle = (SKF_HANDLE *)hMac)) {
SKFerr(SKF_F_SKF_HANDLE_GET_CMAC_CTX, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (handle->magic != SKF_HANDLE_MAGIC) {
SKFerr(SKF_F_SKF_HANDLE_GET_CMAC_CTX, SKF_R_INVALID_HANDLE_MAGIC);
return NULL;
}
if (handle->type != SKF_MAC_HANDLE) {
SKFerr(SKF_F_SKF_HANDLE_GET_CMAC_CTX, SKF_R_INVALID_HANDLE_TYPE);
return NULL;
}
if (!(ret = handle->u.cbcmac_ctx)) {
SKFerr(SKF_F_SKF_HANDLE_GET_CMAC_CTX, SKF_R_CTX_NOT_CREATED);
return NULL;
}
return ret;
}
EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(HANDLE hKey)
{
EVP_CIPHER_CTX *ret;
SKF_HANDLE *handle;
if (!(handle = (SKF_HANDLE *)hKey)) {
SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (handle->magic != SKF_HANDLE_MAGIC) {
SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_INVALID_HANDLE_MAGIC);
return NULL;
}
if (handle->type != SKF_CIPHER_HANDLE) {
SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_INVALID_HANDLE_TYPE);
return NULL;
}
if (!(ret = handle->u.cipher_ctx)) {
SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_CTX_NOT_CREATED);
return NULL;
}
return ret;
}
int SKF_HANDLE_free(HANDLE handle)
{
return 0;
}
HANDLE SKF_HANDLE_new(int type)
{
return NULL;
}
ULONG DEVAPI SKF_CloseHandle(HANDLE hHandle)
{
SKF_HANDLE *handle;
return SAR_OK; //FIXME:
if (!(handle = (SKF_HANDLE *)hHandle)) {
return SAR_OK;
}
if (handle->magic != SKF_HANDLE_MAGIC) {
SKFerr(SKF_F_SKF_CLOSEHANDLE, SKF_R_INVALID_HANDLE_MAGIC);
return SAR_INVALIDPARAMERR;
}
switch (handle->type) {
case SKF_KEY_HANDLE:
OPENSSL_cleanse(handle->key, EVP_MAX_KEY_LENGTH);
// FIXME: we need to make sure there are no pending operation
if (handle->u.cipher_ctx) {
EVP_CIPHER_CTX_cleanup(handle->u.cipher_ctx);
}
break;
case SKF_MAC_HANDLE:
CMAC_CTX_cleanup(handle->u.cbcmac_ctx);
break;
case SKF_HASH_HANDLE:
EVP_MD_CTX_cleanup(handle->u.md_ctx);
break;
default:
SKFerr(SKF_F_SKF_CLOSEHANDLE, SKF_R_INVALID_HANDLE_TYPE);
return SAR_INVALIDPARAMERR;
}
/* now we remove this handle from list */
return SAR_OK;
}

16
crypto/skf/skf_handle.d.tmp
View File

@@ -1,16 +0,0 @@
crypto/skf/skf_handle.o: crypto/skf/skf_handle.c include/openssl/gmskf.h \
include/openssl/sgd.h include/openssl/skf.h include/openssl/gmapi.h \
include/openssl/ec.h include/openssl/opensslconf.h \
include/openssl/asn1.h include/openssl/e_os2.h include/openssl/bio.h \
include/openssl/crypto.h include/openssl/stack.h \
include/openssl/safestack.h include/openssl/opensslv.h \
include/openssl/ossl_typ.h include/openssl/symhacks.h \
include/openssl/bn.h include/openssl/sm2.h include/openssl/err.h \
include/openssl/lhash.h include/openssl/evp.h \
include/openssl/objects.h include/openssl/obj_mac.h \
include/openssl/kdf2.h include/openssl/kdf.h include/openssl/x509.h \
include/openssl/buffer.h include/openssl/rsa.h include/openssl/dsa.h \
include/openssl/dh.h include/openssl/sha.h include/openssl/x509_vfy.h \
include/openssl/pkcs7.h include/openssl/ecdsa.h include/openssl/sm3.h \
include/openssl/saf.h include/openssl/sdf.h include/openssl/sof.h \
crypto/skf/skf_lcl.h include/openssl/cmac.h

107
crypto/skf/skf_lcl.h
View File

@@ -1,107 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_GMAPI_LCL_H
#define HEADER_GMAPI_LCL_H
#include <openssl/evp.h>
#include <openssl/cmac.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SKF_HANDLE_MAGIC 0x31323334
#define SKF_HASH_HANDLE 1
#define SKF_MAC_HANDLE 2
#define SKF_KEY_HANDLE 10
#define SKF_CIPHER_HANDLE 11
typedef struct {
CMAC_CTX *ctx;
int inited;
} SAF_MAC_CTX;
typedef struct {
CMAC_CTX *cbcmac_ctx;
EVP_CIPHER_CTX *cipher_ctx;
unsigned char *key;
unsigned int keylen;
const EVP_CIPHER *cipher;
} SAF_KEY_HANDLE;
struct SKF_HANDLE {
unsigned int magic;
int type;
int algid;
unsigned int keylen;
unsigned char key[EVP_MAX_KEY_LENGTH];
union {
EVP_MD_CTX *md_ctx;
CMAC_CTX *cbcmac_ctx;
EVP_CIPHER_CTX *cipher_ctx;
} u;
struct SKF_HANDLE *next;
struct SKF_HANDLE *prev;
};
typedef struct SKF_HANDLE SKF_HANDLE;
EVP_MD_CTX *SKF_HANDLE_get_md_ctx(HANDLE hHash);
CMAC_CTX *SKF_HANDLE_get_cbcmac_ctx(HANDLE hMac);
const EVP_CIPHER *SKF_HANDLE_get_cipher(HANDLE hKey, BLOCKCIPHERPARAM *param);
EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(HANDLE hKey);
unsigned char *SKF_HANDLE_get_key(HANDLE hKey);
#ifdef __cplusplus
}
#endif
#endif

1280
crypto/skf/skf_lib.c Normal file
View File

File diff suppressed because it is too large Load Diff

180
crypto/skf/skf_mac.c
View File

@@ -1,180 +0,0 @@
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/sms4.h>
#include <openssl/cmac.h>
#include <openssl/gmskf.h>
#include "skf_lcl.h"
ULONG DEVAPI SKF_MacInit(HANDLE hKey,
BLOCKCIPHERPARAM *pMacParam,
HANDLE *phMac)
{
SKF_HANDLE *key;
SKF_HANDLE *hMac = NULL;
const EVP_CIPHER *cipher;
if (!(key = (SKF_HANDLE *)hKey)) {
SKFerr(SKF_F_SKF_MACINIT, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
//TODO: check pMacParam
if (key->magic != SKF_HANDLE_MAGIC) {
SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_HANDLE_MAGIC);
return SAR_INVALIDPARAMERR;
}
if (key->type < SKF_KEY_HANDLE) {
SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_KEY_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (key->algid != SGD_SM4_MAC) {
SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_ALGOR);
return SAR_INVALIDPARAMERR;
}
cipher = EVP_sms4_ecb();
if (key->keylen < SMS4_KEY_LENGTH) {
SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_KEY_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!(hMac = OPENSSL_malloc(sizeof(*hMac)))) {
SKFerr(SKF_F_SKF_MACINIT, SKF_R_FAIL);
return SAR_FAIL;
}
hMac->magic = SKF_HANDLE_MAGIC;
hMac->type = SKF_MAC_HANDLE;
hMac->algid = key->algid;
if (!(hMac->u.cbcmac_ctx = CMAC_CTX_new())) {
SKFerr(SKF_F_SKF_MACINIT, ERR_R_GMAPI_LIB);
goto end;
}
if (!CMAC_Init(hMac->u.cbcmac_ctx, key->key, key->keylen, cipher, NULL)) {
SKFerr(SKF_F_SKF_MACINIT, ERR_R_GMAPI_LIB);
return SAR_FAIL;
}
*phMac = hMac;
end:
return SAR_OK;
}
ULONG DEVAPI SKF_MacUpdate(HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen)
{
CMAC_CTX *ctx;
if (!(ctx = SKF_HANDLE_get_cbcmac_ctx(hMac))) {
SKFerr(SKF_F_SKF_MACUPDATE, SKF_R_INVALID_MAC_HANDLE);
return SAR_INVALIDPARAMERR;
}
if (!CMAC_Update(ctx, pbData, ulDataLen)) {
SKFerr(SKF_F_SKF_MACUPDATE, ERR_R_GMAPI_LIB);
return SAR_FAIL;
}
return SAR_OK;
}
ULONG DEVAPI SKF_MacFinal(HANDLE hMac,
BYTE *pbMacData,
ULONG *pulMacDataLen)
{
CMAC_CTX *ctx;
size_t size;
if (!(ctx = SKF_HANDLE_get_cbcmac_ctx(hMac))) {
SKFerr(SKF_F_SKF_MACFINAL, SKF_R_INVALID_MAC_HANDLE);
return SAR_INVALIDPARAMERR;
}
size = *pulMacDataLen;
if (!CMAC_Final(ctx, pbMacData, &size)) {
SKFerr(SKF_F_SKF_MACFINAL, ERR_R_GMAPI_LIB);
return SAR_FAIL;
}
*pulMacDataLen = (ULONG)size;
return SAR_OK;
}
ULONG DEVAPI SKF_Mac(HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbMacData,
ULONG *pulMacLen)
{
ULONG rv;
if ((rv = SKF_MacUpdate(hMac, pbData, ulDataLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_MAC, ERR_R_GMAPI_LIB);
return rv;
}
if ((rv = SKF_MacFinal(hMac, pbMacData, pulMacLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_MAC, ERR_R_GMAPI_LIB);
return rv;
}
return SAR_OK;
}

157
crypto/skf/skf_meth.c Normal file
View File

@@ -0,0 +1,157 @@
/* ====================================================================
* Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include "internal/dso.h"
#include "internal/sdf_meth.h"
SKF_METHOD *SKF_METHOD_load_library(const char *so_path)
{
SKF_METHOD *ret = NULL;
SKF_METHOD *skf = NULL;
DSO *dso = NULL;
void *func;
int i;
if (!(dso = DSO_load(NULL, so_path, NULL, 0))) {
goto end;
}
if (!(skf = OPENSSL_zalloc(sizeof(*skf)))) {
goto end;
}
skf->SKF_WaitForDevEvent = (SKF_WaitForDevEvent_FuncPtr)DSO_bind_func(dso, "SKF_WaitForDevEvent");
skf->SKF_CancelWaitForDevEvent = (SKF_CancelWaitForDevEvent_FuncPtr)DSO_bind_func(dso, "SKF_CancelWaitForDevEvent");
skf->SKF_EnumDev = (SKF_EnumDev_FuncPtr)DSO_bind_func(dso, "SKF_EnumDev");
skf->SKF_ConnectDev = (SKF_ConnectDev_FuncPtr)DSO_bind_func(dso, "SKF_ConnectDev");
skf->SKF_DisConnectDev = (SKF_DisConnectDev_FuncPtr)DSO_bind_func(dso, "SKF_DisConnectDev");
skf->SKF_GetDevState = (SKF_GetDevState_FuncPtr)DSO_bind_func(dso, "SKF_GetDevState");
skf->SKF_SetLabel = (SKF_SetLabel_FuncPtr)DSO_bind_func(dso, "SKF_SetLabel");
skf->SKF_GetDevInfo = (SKF_GetDevInfo_FuncPtr)DSO_bind_func(dso, "SKF_GetDevInfo");
skf->SKF_LockDev = (SKF_LockDev_FuncPtr)DSO_bind_func(dso, "SKF_LockDev");
skf->SKF_UnlockDev = (SKF_UnlockDev_FuncPtr)DSO_bind_func(dso, "SKF_UnlockDev");
skf->SKF_Transmit = (SKF_Transmit_FuncPtr)DSO_bind_func(dso, "SKF_Transmit");
skf->SKF_ChangeDevAuthKey = (SKF_ChangeDevAuthKey_FuncPtr)DSO_bind_func(dso, "SKF_ChangeDevAuthKey");
skf->SKF_DevAuth = (SKF_DevAuth_FuncPtr)DSO_bind_func(dso, "SKF_DevAuth");
skf->SKF_ChangePIN = (SKF_ChangePIN_FuncPtr)DSO_bind_func(dso, "SKF_ChangePIN");
skf->SKF_GetPINInfo = (SKF_GetPINInfo_FuncPtr)DSO_bind_func(dso, "SKF_GetPINInfo");
skf->SKF_VerifyPIN = (SKF_VerifyPIN_FuncPtr)DSO_bind_func(dso, "SKF_VerifyPIN");
skf->SKF_UnblockPIN = (SKF_UnblockPIN_FuncPtr)DSO_bind_func(dso, "SKF_UnblockPIN");
skf->SKF_ClearSecureState = (SKF_ClearSecureState_FuncPtr)DSO_bind_func(dso, "SKF_ClearSecureState");
skf->SKF_CreateApplication = (SKF_CreateApplication_FuncPtr)DSO_bind_func(dso, "SKF_CreateApplication");
skf->SKF_EnumApplication = (SKF_EnumApplication_FuncPtr)DSO_bind_func(dso, "SKF_EnumApplication");
skf->SKF_DeleteApplication = (SKF_DeleteApplication_FuncPtr)DSO_bind_func(dso, "SKF_DeleteApplication");
skf->SKF_OpenApplication = (SKF_OpenApplication_FuncPtr)DSO_bind_func(dso, "SKF_OpenApplication");
skf->SKF_CloseApplication = (SKF_CloseApplication_FuncPtr)DSO_bind_func(dso, "SKF_CloseApplication");
skf->SKF_CreateFile = (SKF_CreateFile_FuncPtr)DSO_bind_func(dso, "SKF_CreateFile");
skf->SKF_DeleteFile = (SKF_DeleteFile_FuncPtr)DSO_bind_func(dso, "SKF_DeleteFile");
skf->SKF_EnumFiles = (SKF_EnumFiles_FuncPtr)DSO_bind_func(dso, "SKF_EnumFiles");
skf->SKF_GetFileInfo = (SKF_GetFileInfo_FuncPtr)DSO_bind_func(dso, "SKF_GetFileInfo");
skf->SKF_ReadFile = (SKF_ReadFile_FuncPtr)DSO_bind_func(dso, "SKF_ReadFile");
skf->SKF_WriteFile = (SKF_WriteFile_FuncPtr)DSO_bind_func(dso, "SKF_WriteFile");
skf->SKF_CreateContainer = (SKF_CreateContainer_FuncPtr)DSO_bind_func(dso, "SKF_CreateContainer");
skf->SKF_DeleteContainer = (SKF_DeleteContainer_FuncPtr)DSO_bind_func(dso, "SKF_DeleteContainer");
skf->SKF_EnumContainer = (SKF_EnumContainer_FuncPtr)DSO_bind_func(dso, "SKF_EnumContainer");
skf->SKF_OpenContainer = (SKF_OpenContainer_FuncPtr)DSO_bind_func(dso, "SKF_OpenContainer");
skf->SKF_CloseContainer = (SKF_CloseContainer_FuncPtr)DSO_bind_func(dso, "SKF_CloseContainer");
skf->SKF_GetContainerType = (SKF_GetContainerType_FuncPtr)DSO_bind_func(dso, "SKF_GetContainerType");
skf->SKF_ImportCertificate = (SKF_ImportCertificate_FuncPtr)DSO_bind_func(dso, "SKF_ImportCertificate");
skf->SKF_ExportCertificate = (SKF_ExportCertificate_FuncPtr)DSO_bind_func(dso, "SKF_ExportCertificate");
skf->SKF_ExportPublicKey = (SKF_ExportPublicKey_FuncPtr)DSO_bind_func(dso, "SKF_ExportPublicKey");
skf->SKF_GenRandom = (SKF_GenRandom_FuncPtr)DSO_bind_func(dso, "SKF_GenRandom");
skf->SKF_GenExtRSAKey = (SKF_GenExtRSAKey_FuncPtr)DSO_bind_func(dso, "SKF_GenExtRSAKey");
skf->SKF_GenRSAKeyPair = (SKF_GenRSAKeyPair_FuncPtr)DSO_bind_func(dso, "SKF_GenRSAKeyPair");
skf->SKF_ImportRSAKeyPair = (SKF_ImportRSAKeyPair_FuncPtr)DSO_bind_func(dso, "SKF_ImportRSAKeyPair");
skf->SKF_RSASignData = (SKF_RSASignData_FuncPtr)DSO_bind_func(dso, "SKF_RSASignData");
skf->SKF_RSAVerify = (SKF_RSAVerify_FuncPtr)DSO_bind_func(dso, "SKF_RSAVerify");
skf->SKF_RSAExportSessionKey = (SKF_RSAExportSessionKey_FuncPtr)DSO_bind_func(dso, "SKF_RSAExportSessionKey");
skf->SKF_ExtRSAPubKeyOperation = (SKF_ExtRSAPubKeyOperation_FuncPtr)DSO_bind_func(dso, "SKF_ExtRSAPubKeyOperation");
skf->SKF_ExtRSAPriKeyOperation = (SKF_ExtRSAPriKeyOperation_FuncPtr)DSO_bind_func(dso, "SKF_ExtRSAPriKeyOperation");
skf->SKF_GenECCKeyPair = (SKF_GenECCKeyPair_FuncPtr)DSO_bind_func(dso, "SKF_GenECCKeyPair");
skf->SKF_ImportECCKeyPair = (SKF_ImportECCKeyPair_FuncPtr)DSO_bind_func(dso, "SKF_ImportECCKeyPair");
skf->SKF_ECCSignData = (SKF_ECCSignData_FuncPtr)DSO_bind_func(dso, "SKF_ECCSignData");
skf->SKF_ECCVerify = (SKF_ECCVerify_FuncPtr)DSO_bind_func(dso, "SKF_ECCVerify");
skf->SKF_ECCExportSessionKey = (SKF_ECCExportSessionKey_FuncPtr)DSO_bind_func(dso, "SKF_ECCExportSessionKey");
skf->SKF_ExtECCEncrypt = (SKF_ExtECCEncrypt_FuncPtr)DSO_bind_func(dso, "SKF_ExtECCEncrypt");
skf->SKF_ExtECCDecrypt = (SKF_ExtECCDecrypt_FuncPtr)DSO_bind_func(dso, "SKF_ExtECCDecrypt");
skf->SKF_ExtECCSign = (SKF_ExtECCSign_FuncPtr)DSO_bind_func(dso, "SKF_ExtECCSign");
skf->SKF_ExtECCVerify = (SKF_ExtECCVerify_FuncPtr)DSO_bind_func(dso, "SKF_ExtECCVerify");
skf->SKF_GenerateAgreementDataWithECC = (SKF_GenerateAgreementDataWithECC_FuncPtr)DSO_bind_func(dso, "SKF_GenerateAgreementDataWithECC");
skf->SKF_GenerateAgreementDataAndKeyWithECC = (SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr)DSO_bind_func(dso, "SKF_GenerateAgreementDataAndKeyWithECC");
skf->SKF_GenerateKeyWithECC = (SKF_GenerateKeyWithECC_FuncPtr)DSO_bind_func(dso, "SKF_GenerateKeyWithECC");
skf->SKF_ImportSessionKey = (SKF_ImportSessionKey_FuncPtr)DSO_bind_func(dso, "SKF_ImportSessionKey");
skf->SKF_SetSymmKey = (SKF_SetSymmKey_FuncPtr)DSO_bind_func(dso, "SKF_SetSymmKey");
skf->SKF_EncryptInit = (SKF_EncryptInit_FuncPtr)DSO_bind_func(dso, "SKF_EncryptInit");
skf->SKF_Encrypt = (SKF_Encrypt_FuncPtr)DSO_bind_func(dso, "SKF_Encrypt");
skf->SKF_EncryptUpdate = (SKF_EncryptUpdate_FuncPtr)DSO_bind_func(dso, "SKF_EncryptUpdate");
skf->SKF_EncryptFinal = (SKF_EncryptFinal_FuncPtr)DSO_bind_func(dso, "SKF_EncryptFinal");
skf->SKF_DecryptInit = (SKF_DecryptInit_FuncPtr)DSO_bind_func(dso, "SKF_DecryptInit");
skf->SKF_Decrypt = (SKF_Decrypt_FuncPtr)DSO_bind_func(dso, "SKF_Decrypt");
skf->SKF_DecryptUpdate = (SKF_DecryptUpdate_FuncPtr)DSO_bind_func(dso, "SKF_DecryptUpdate");
skf->SKF_DecryptFinal = (SKF_DecryptFinal_FuncPtr)DSO_bind_func(dso, "SKF_DecryptFinal");
skf->SKF_DigestInit = (SKF_DigestInit_FuncPtr)DSO_bind_func(dso, "SKF_DigestInit");
skf->SKF_Digest = (SKF_Digest_FuncPtr)DSO_bind_func(dso, "SKF_Digest");
skf->SKF_DigestUpdate = (SKF_DigestUpdate_FuncPtr)DSO_bind_func(dso, "SKF_DigestUpdate");
skf->SKF_DigestFinal = (SKF_DigestFinal_FuncPtr)DSO_bind_func(dso, "SKF_DigestFinal");
skf->SKF_MacInit = (SKF_MacInit_FuncPtr)DSO_bind_func(dso, "SKF_MacInit");
skf->SKF_Mac = (SKF_Mac_FuncPtr)DSO_bind_func(dso, "SKF_Mac");
skf->SKF_MacUpdate = (SKF_MacUpdate_FuncPtr)DSO_bind_func(dso, "SKF_MacUpdate");
skf->SKF_MacFinal = (SKF_MacFinal_FuncPtr)DSO_bind_func(dso, "SKF_MacFinal");
skf->SKF_CloseHandle = (SKF_CloseHandle_FuncPtr)DSO_bind_func(dso, "SKF_CloseHandle");
ret = skf;
skf = NULL;
end:
OPENSSL_free(skf);
DSO_free(dso);
return ret;
}

84
crypto/skf/skf_rand.c
View File

@@ -1,84 +0,0 @@
/* crypto/skf/skf_rand.c */
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/gmskf.h>
#include <openssl/gmapi.h>
#include "skf_lcl.h"
#define SKF_DEV_AUTH_RANDOM_LENGTH 16
#define SKF_MAX_RANDOM_LENGTH (1024*1024*1024)
//FIXME: INT_MAX
ULONG DEVAPI SKF_GenRandom(DEVHANDLE hDev,
BYTE *pbRandom,
ULONG ulRandomLen)
{
if (!pbRandom) {
SKFerr(SKF_F_SKF_GENRANDOM, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (ulRandomLen > SKF_MAX_RANDOM_LENGTH) {
SKFerr(SKF_F_SKF_GENRANDOM, SKF_R_INVALID_RANDOM_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!RAND_bytes(pbRandom, ulRandomLen)) {
SKFerr(SKF_F_SKF_GENRANDOM, ERR_R_GMAPI_LIB);
return SAR_GENRANDERR;
}
return SAR_OK;
}

222
crypto/skf/skf_rsa.c
View File

@@ -1,222 +0,0 @@
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include <openssl/rsa.h>
#include <openssl/gmskf.h>
#include <openssl/gmapi.h>
#include "../rsa/rsa_locl.h"
ULONG DEVAPI SKF_GenExtRSAKey(DEVHANDLE hDev,
ULONG ulBitsLen,
RSAPRIVATEKEYBLOB *pBlob)
{
ULONG ret = SAR_FAIL;
RSA *rsa = NULL;
if ((ulBitsLen > MAX_RSA_MODULUS_LEN * 8) || (ulBitsLen < 1024) ||
(ulBitsLen % 8 != 0)) {
SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_INVALID_KEY_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!pBlob) {
SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (!(rsa = RSA_new())) {
SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_MALLOC_FAILED);
return SAR_FAIL;
}
if (!RSA_generate_key_ex(rsa, ulBitsLen, NULL, NULL)) {
SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_GEN_RSA_FAILED);
goto end;
}
if (!RSA_get_RSAPRIVATEKEYBLOB(rsa, pBlob)) {
SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_ENCODE_FAILED);
goto end;
}
ret = SAR_OK;
end:
RSA_free(rsa);
return ret;
}
ULONG DEVAPI SKF_ExtRSAPubKeyOperation(DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen)
{
ULONG ret = SAR_FAIL;
RSA *rsa = NULL;
int inlen, outlen;
if (!pRSAPubKeyBlob || !pbInput || !pulOutputLen) {
SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (pRSAPubKeyBlob->AlgID != SGD_RSA) {
SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_INVALID_ALGOR);
return SAR_INVALIDPARAMERR;
}
if (pRSAPubKeyBlob->BitLen % 8) {
SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_INVALID_KEY_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (ulInputLen * 8 != pRSAPubKeyBlob->BitLen) {
SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_INVALID_INPUT_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!pbOutput) {
*pulOutputLen = pRSAPubKeyBlob->BitLen / 8;
return SAR_OK;
}
if (*pulOutputLen < pRSAPubKeyBlob->BitLen / 8) {
SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_BUFFER_TOO_SMALL);
return SAR_BUFFER_TOO_SMALL;
}
if (!(rsa = RSA_new_from_RSAPUBLICKEYBLOB(pRSAPubKeyBlob))) {
SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_INVALID_RSA_PUBLIC_KEY);
goto end;
}
inlen = (int)ulInputLen;
if ((outlen = RSA_public_encrypt(inlen, pbInput, pbOutput, rsa, RSA_NO_PADDING)) < 0) {
SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, ERR_R_RSA_LIB);
goto end;
}
*pulOutputLen = outlen;
ret = SAR_OK;
end:
RSA_free(rsa);
return ret;
}
ULONG DEVAPI SKF_ExtRSAPriKeyOperation(DEVHANDLE hDev,
RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen)
{
ULONG ret = SAR_FAIL;
RSA *rsa = NULL;
int inlen, outlen;
if (!pRSAPriKeyBlob || !pbInput || !pulOutputLen) {
SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_NULL_ARGUMENT);
return SAR_INVALIDPARAMERR;
}
if (pRSAPriKeyBlob->AlgID != SGD_RSA) {
SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_INVALID_ALGOR);
return SAR_INVALIDPARAMERR;
}
if (pRSAPriKeyBlob->BitLen % 8) {
SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_INVALID_KEY_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (ulInputLen * 8 != pRSAPriKeyBlob->BitLen) {
SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_INVALID_INPUT_LENGTH);
return SAR_INVALIDPARAMERR;
}
if (!pbOutput) {
*pulOutputLen = pRSAPriKeyBlob->BitLen / 8;
return SAR_OK;
}
if (*pulOutputLen < pRSAPriKeyBlob->BitLen / 8) {
SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_BUFFER_TOO_SMALL);
return SAR_BUFFER_TOO_SMALL;
}
if (!(rsa = RSA_new_from_RSAPRIVATEKEYBLOB(pRSAPriKeyBlob))) {
SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_INVALID_RSA_PUBLIC_KEY);
goto end;
}
inlen = (int)ulInputLen;
if ((outlen = RSA_private_decrypt(inlen, pbInput, pbOutput, rsa, RSA_NO_PADDING)) < 0) {
SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, ERR_R_RSA_LIB);
goto end;
}
*pulOutputLen = outlen;
ret = SAR_OK;
end:
RSA_free(rsa);
return ret;
}
ULONG DEVAPI SKF_RSAVerify(DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG ulSignLen)
{
return SAR_FAIL;
}

98
crypto/skf/skf_sesskey.c
View File

@@ -1,98 +0,0 @@
/* crypto/skf/skf_sesskey.c */
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include <string.h>
#include <openssl/sms4.h>
#include <openssl/evp.h>
#include <openssl/gmskf.h>
#include <openssl/gmapi.h>
#include "skf_lcl.h"
#define PADDING_TYPE_NO_PADDING 0
#define PADDING_TYPE_PKCS5 1
ULONG DEVAPI SKF_SetSymmKey(DEVHANDLE hDev,
BYTE *pbKey,
ULONG ulAlgID,
HANDLE *phKey)
{
SKF_HANDLE *hKey = NULL;
if (!(hKey = OPENSSL_malloc(sizeof(*hKey)))) {
SKFerr(SKF_F_SKF_SETSYMMKEY, SKF_R_MALLOC_FAILED);
return SAR_FAIL;
}
memset(hKey, 0, sizeof(*hKey));
hKey->magic = SKF_HANDLE_MAGIC;
hKey->type = SKF_KEY_HANDLE;
switch (ulAlgID) {
case SGD_SM4_ECB:
case SGD_SM4_CBC:
case SGD_SM4_CFB:
case SGD_SM4_OFB:
case SGD_SM4_MAC:
hKey->algid = ulAlgID;
hKey->keylen = SMS4_KEY_LENGTH;
break;
default:
SKFerr(SKF_F_SKF_SETSYMMKEY, SKF_R_INVALID_ALGOR);
return SAR_INVALIDPARAMERR;
}
memcpy(hKey->key, pbKey, hKey->keylen);
*phKey = hKey;
return SAR_OK;
}

394
crypto/skf/skf_token.c
View File

@@ -1,394 +0,0 @@
/* crypto/skf/skf_app.c */
/* ====================================================================
* Copyright (c) 2015-2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <stdio.h>
#include <openssl/skf.h>
ULONG DEVAPI SKF_WaitForDevEvent(LPSTR szDevName,
ULONG *pulDevNameLen,
ULONG *pulEvent)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_CancelWaitForDevEvent(void)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_SetLabel(DEVHANDLE hDev,
LPSTR szLabel)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_LockDev(DEVHANDLE hDev,
ULONG ulTimeOut)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_UnlockDev(DEVHANDLE hDev)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_Transmit(DEVHANDLE hDev,
BYTE* pbCommand,
ULONG ulCommandLen,
BYTE* pbData,
ULONG* pulDataLen)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ChangeDevAuthKey(DEVHANDLE hDev,
BYTE *pbKeyValue,
ULONG ulKeyLen)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_DevAuth(DEVHANDLE hDev,
BYTE *pbAuthData,
ULONG ulLen)
{
return SAR_OK;
}
ULONG DEVAPI SKF_CreateApplication(DEVHANDLE hDev,
LPSTR szAppName,
LPSTR szAdminPin,
DWORD dwAdminPinRetryCount,
LPSTR szUserPin,
DWORD dwUserPinRetryCount,
DWORD dwCreateFileRights,
HAPPLICATION *phApplication)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev,
LPSTR szAppName,
ULONG *pulSize)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_DeleteApplication(DEVHANDLE hDev,
LPSTR szAppName)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_OpenApplication(DEVHANDLE hDev,
LPSTR szAppName,
HAPPLICATION *phApplication)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_CloseApplication(HAPPLICATION hApplication)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ChangePIN(HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szOldPin,
LPSTR szNewPin,
ULONG *pulRetryCount)
{
return SAR_NOTSUPPORTYETERR;
}
LONG DEVAPI SKF_GetPINInfo(HAPPLICATION hApplication,
ULONG ulPINType,
ULONG *pulMaxRetryCount,
ULONG *pulRemainRetryCount,
BOOL *pbDefaultPin)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_VerifyPIN(HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szPIN,
ULONG *pulRetryCount)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_UnblockPIN(HAPPLICATION hApplication,
LPSTR szAdminPIN,
LPSTR szNewUserPIN,
ULONG *pulRetryCount)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ClearSecureState(HAPPLICATION hApplication)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_CreateContainer(HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_DeleteContainer(HAPPLICATION hApplication,
LPSTR szContainerName)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_EnumContainer(HAPPLICATION hApplication,
LPSTR szContainerName,
ULONG *pulSize)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_OpenContainer(HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_CloseContainer(HCONTAINER hContainer)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_GetContainerType(HCONTAINER hContainer,
ULONG *pulContainerType)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ImportCertificate(HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbCert,
ULONG ulCertLen)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ExportCertificate(HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbCert,
ULONG *pulCertLen)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_CreateFile(HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulFileSize,
ULONG ulReadRights,
ULONG ulWriteRights)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_EnumFiles(HAPPLICATION hApplication,
LPSTR szFileList,
ULONG *pulSize)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_GetFileInfo(HAPPLICATION hApplication,
LPSTR szFileName,
FILEATTRIBUTE *pFileInfo)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ReadFile(HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
ULONG ulSize,
BYTE *pbOutData,
ULONG *pulOutLen)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_WriteFile(HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
BYTE *pbData,
ULONG ulSize)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_DeleteFile(HAPPLICATION hApplication,
LPSTR szFileName)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_GenECCKeyPair(HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pBlob)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ImportECCKeyPair(HCONTAINER hContainer,
ENVELOPEDKEYBLOB *pEnvelopedKeyBlob)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ECCSignData(HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_GenerateAgreementDataWithECC(HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phAgreementHandle)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(HANDLE hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
BYTE *pbSponsorID,
ULONG ulSponsorIDLen,
HANDLE *phKeyHandle)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_GenerateKeyWithECC(HANDLE hAgreementHandle,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phKeyHandle)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_GenRSAKeyPair(HCONTAINER hContainer,
ULONG ulBitsLen,
RSAPUBLICKEYBLOB *pBlob)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ImportRSAKeyPair(HCONTAINER hContainer,
ULONG ulSymAlgId,
BYTE *pbWrappedKey,
ULONG ulWrappedKeyLen,
BYTE *pbEncryptedData,
ULONG ulEncryptedDataLen)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_RSASignData(HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG *pulSignLen)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ImportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
BYTE *pbWrapedData,
ULONG ulWrapedLen,
HANDLE *phKey)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_RSAExportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
RSAPUBLICKEYBLOB *pPubKey,
BYTE *pbData,
ULONG *pulDataLen,
HANDLE *phSessionKey)
{
return SAR_NOTSUPPORTYETERR;
}
ULONG DEVAPI SKF_ECCExportSessionKey(HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pPubKey,
ECCCIPHERBLOB *pData,
HANDLE *phSessionKey)
{
return SAR_NOTSUPPORTYETERR;
}

443
include/internal/sdf_meth.h Normal file
View File

@@ -0,0 +1,443 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_SDF_METH_H
#define HEADER_SDF_METH_H
#include <openssl/sgd.h>
#include <openssl/sdf.h>
#include "internal/dso.h"
typedef int (*SDF_OpenDevice_FuncPtr)(
void **phDeviceHandle);
typedef int (*SDF_CloseDevice_FuncPtr)(
void *hDeviceHandle);
typedef int (*SDF_OpenSession_FuncPtr)(
void *hDeviceHandle,
void **phSessionHandle);
typedef int (*SDF_CloseSession_FuncPtr)(
void *hSessionHandle);
typedef int (*SDF_GetDeviceInfo_FuncPtr)(
void *hSessionHandle,
DEVICEINFO *pstDeviceInfo);
typedef int (*SDF_GenerateRandom_FuncPtr)(
void *hSessionHandle,
unsigned int uiLength,
unsigned char *pucRandom);
typedef int (*SDF_GetPrivateKeyAccessRight_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucPassword,
unsigned int uiPwdLength);
typedef int (*SDF_ReleasePrivateKeyAccessRight_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex);
typedef int (*SDF_ExportSignPublicKey_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey);
typedef int (*SDF_ExportEncPublicKey_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey);
typedef int (*SDF_GenerateKeyPair_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
RSArefPrivateKey *pucPrivateKey);
typedef int (*SDF_GenerateKeyWithIPK_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
typedef int (*SDF_GenerateKeyWithEPK_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
typedef int (*SDF_ImportKeyWithISK_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle);
typedef int (*SDF_ExchangeDigitEnvelopeBaseOnRSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDEInput,
unsigned int uiDELength,
unsigned char *pucDEOutput,
unsigned int *puiDELength);
typedef int (*SDF_ExportSignPublicKey_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey);
typedef int (*SDF_ExportEncPublicKey_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey);
typedef int (*SDF_GenerateKeyPair_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKeyBits,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey);
typedef int (*SDF_GenerateKeyWithIPK_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits,
ECCCipher *pucKey,
void **phKeyHandle);
typedef int (*SDF_GenerateKeyWithEPK_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucKey,
void **phKeyHandle);
typedef int (*SDF_ImportKeyWithISK_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
ECCCipher *pucKey,
void **phKeyHandle);
typedef int (*SDF_GenerateAgreementDataWithECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
void **phAgreementHandle);
typedef int (*SDF_GenerateKeyWithECC_FuncPtr)(
void *hSessionHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void *hAgreementHandle,
void **phKeyHandle);
typedef int (*SDF_GenerateAgreementDataAndKeyWithECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void **phKeyHandle);
typedef int (*SDF_ExchangeDigitEnvelopeBaseOnECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucEncDataIn,
ECCCipher *pucEncDataOut);
typedef int (*SDF_GenerateKeyWithKEK_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
typedef int (*SDF_ImportKeyWithKEK_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle);
typedef int (*SDF_DestroyKey_FuncPtr)(
void *hSessionHandle,
void *hKeyHandle);
typedef int (*SDF_ExternalPublicKeyOperation_RSA_FuncPtr)(
void *hSessionHandle,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
typedef int (*SDF_InternalPublicKeyOperation_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
typedef int (*SDF_InternalPrivateKeyOperation_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
typedef int (*SDF_ExternalVerify_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
ECCSignature *pucSignature);
typedef int (*SDF_InternalSign_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature);
typedef int (*SDF_InternalVerify_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature);
typedef int (*SDF_ExternalEncrypt_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData);
typedef int (*SDF_ExternalDecrypt_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPrivateKey *pucPrivateKey,
ECCCipher *pucEncData,
unsigned char *pucData,
unsigned int *puiDataLength);
typedef int (*SDF_InternalEncrypt_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiAlgID,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData);
typedef int (*SDF_InternalDecrypt_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiAlgID,
ECCCipher *pucEncData,
unsigned char *pucData,
unsigned int *puiDataLength);
typedef int (*SDF_Encrypt_FuncPtr)(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucEncData,
unsigned int *puiEncDataLength);
typedef int (*SDF_Decrypt_FuncPtr)(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucEncData,
unsigned int uiEncDataLength,
unsigned char *pucData,
unsigned int *puiDataLength);
typedef int (*SDF_CalculateMAC_FuncPtr)(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucMAC,
unsigned int *puiMACLength);
typedef int (*SDF_HashInit_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucID,
unsigned int uiIDLength);
typedef int (*SDF_HashUpdate_FuncPtr)(
void *hSessionHandle,
unsigned char *pucData,
unsigned int uiDataLength);
typedef int (*SDF_HashFinal_FuncPtr)(void *hSessionHandle,
unsigned char *pucHash,
unsigned int *puiHashLength);
typedef int (*SDF_CreateFile_FuncPtr)(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiFileSize);
typedef int (*SDF_ReadFile_FuncPtr)(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int *puiReadLength,
unsigned char *pucBuffer);
typedef int (*SDF_WriteFile_FuncPtr)(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int uiWriteLength,
unsigned char *pucBuffer);
typedef int (*SDF_DeleteFile_FuncPtr)(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen);
typedef struct sdf_method_st {
char *name;
SDF_OpenDevice_FuncPtr OpenDevice;
SDF_CloseDevice_FuncPtr CloseDevice;
SDF_OpenSession_FuncPtr OpenSession;
SDF_CloseSession_FuncPtr CloseSession;
SDF_GetDeviceInfo_FuncPtr GetDeviceInfo;
SDF_GenerateRandom_FuncPtr GenerateRandom;
SDF_GetPrivateKeyAccessRight_FuncPtr GetPrivateKeyAccessRight;
SDF_ReleasePrivateKeyAccessRight_FuncPtr ReleasePrivateKeyAccessRight;
SDF_ExportSignPublicKey_RSA_FuncPtr ExportSignPublicKey_RSA;
SDF_ExportEncPublicKey_RSA_FuncPtr ExportEncPublicKey_RSA;
SDF_GenerateKeyPair_RSA_FuncPtr GenerateKeyPair_RSA;
SDF_GenerateKeyWithIPK_RSA_FuncPtr GenerateKeyWithIPK_RSA;
SDF_GenerateKeyWithEPK_RSA_FuncPtr GenerateKeyWithEPK_RSA;
SDF_ImportKeyWithISK_RSA_FuncPtr ImportKeyWithISK_RSA;
SDF_ExchangeDigitEnvelopeBaseOnRSA_FuncPtr ExchangeDigitEnvelopeBaseOnRSA;
SDF_ExportSignPublicKey_ECC_FuncPtr ExportSignPublicKey_ECC;
SDF_ExportEncPublicKey_ECC_FuncPtr ExportEncPublicKey_ECC;
SDF_GenerateKeyPair_ECC_FuncPtr GenerateKeyPair_ECC;
SDF_GenerateKeyWithIPK_ECC_FuncPtr GenerateKeyWithIPK_ECC;
SDF_GenerateKeyWithEPK_ECC_FuncPtr GenerateKeyWithEPK_ECC;
SDF_ImportKeyWithISK_ECC_FuncPtr ImportKeyWithISK_ECC;
SDF_GenerateAgreementDataWithECC_FuncPtr GenerateAgreementDataWithECC;
SDF_GenerateKeyWithECC_FuncPtr GenerateKeyWithECC;
SDF_GenerateAgreementDataAndKeyWithECC_FuncPtr GenerateAgreementDataAndKeyWithECC;
SDF_ExchangeDigitEnvelopeBaseOnECC_FuncPtr ExchangeDigitEnvelopeBaseOnECC;
SDF_GenerateKeyWithKEK_FuncPtr GenerateKeyWithKEK;
SDF_ImportKeyWithKEK_FuncPtr ImportKeyWithKEK;
SDF_DestroyKey_FuncPtr DestroyKey;
SDF_ExternalPublicKeyOperation_RSA_FuncPtr ExternalPublicKeyOperation_RSA;
SDF_InternalPublicKeyOperation_RSA_FuncPtr InternalPublicKeyOperation_RSA;
SDF_InternalPrivateKeyOperation_RSA_FuncPtr InternalPrivateKeyOperation_RSA;
SDF_ExternalVerify_ECC_FuncPtr ExternalVerify_ECC;
SDF_InternalSign_ECC_FuncPtr InternalSign_ECC;
SDF_InternalVerify_ECC_FuncPtr InternalVerify_ECC;
SDF_ExternalEncrypt_ECC_FuncPtr ExternalEncrypt_ECC;
SDF_ExternalDecrypt_ECC_FuncPtr ExternalDecrypt_ECC;
SDF_InternalEncrypt_ECC_FuncPtr InternalEncrypt_ECC;
SDF_InternalDecrypt_ECC_FuncPtr InternalDecrypt_ECC;
SDF_Encrypt_FuncPtr Encrypt;
SDF_Decrypt_FuncPtr Decrypt;
SDF_CalculateMAC_FuncPtr CalculateMAC;
SDF_HashInit_FuncPtr HashInit;
SDF_HashUpdate_FuncPtr HashUpdate;
SDF_HashFinal_FuncPtr HashFinal;
SDF_CreateFile_FuncPtr CreateFile;
SDF_ReadFile_FuncPtr ReadFile;
SDF_WriteFile_FuncPtr WriteFile;
SDF_DeleteFile_FuncPtr DeleteFile;
} SDF_METHOD;
SDF_METHOD *SDF_METHOD_load_library(const char *so_path);
#endif

616
include/internal/skf_meth.h Normal file
View File

@@ -0,0 +1,616 @@
/* ====================================================================
* Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_SKF_METH_H
#define HEADER_SKF_METH_H
typedef signed char INT8;
typedef signed short INT16;
typedef signed int INT32;
typedef unsigned char UINT8;
typedef unsigned short UINT16;
typedef unsigned int UINT32;
typedef long BOOL;
typedef UINT8 BYTE;
typedef UINT8 CHAR;
typedef INT16 SHORT;
typedef UINT16 USHORT;
typedef INT32 LONG;
typedef UINT32 ULONG;
typedef UINT32 UINT;
typedef UINT16 WORD;
typedef UINT32 DWORD;
typedef UINT32 FLAGS;
typedef CHAR * LPSTR;
typedef void * HANDLE;
#ifdef __cplusplus
extern "C" {
#endif
typedef ULONG (*SKF_WaitForDevEvent_FuncPtr)(
LPSTR szDevName,
ULONG *pulDevNameLen,
ULONG *pulEvent);
typedef ULONG (*SKF_CancelWaitForDevEvent_FuncPtr)(
void);
typedef ULONG (*SKF_EnumDev_FuncPtr)(
BOOL bPresent,
LPSTR szNameList,
ULONG *pulSize);
typedef ULONG (*SKF_ConnectDev_FuncPtr)(
LPSTR szName,
DEVHANDLE *phDev);
typedef ULONG (*SKF_DisConnectDev_FuncPtr)(
DEVHANDLE hDev);
typedef ULONG (*SKF_GetDevState_FuncPtr)(
LPSTR szDevName,
ULONG *pulDevState);
typedef ULONG (*SKF_SetLabel_FuncPtr)(
DEVHANDLE hDev,
LPSTR szLabel);
typedef ULONG (*SKF_GetDevInfo_FuncPtr)(
DEVHANDLE hDev,
DEVINFO *pDevInfo);
typedef ULONG (*SKF_LockDev_FuncPtr)(
DEVHANDLE hDev,
ULONG ulTimeOut);
typedef ULONG (*SKF_UnlockDev_FuncPtr)(
DEVHANDLE hDev);
typedef ULONG (*SKF_Transmit_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbCommand,
ULONG ulCommandLen,
BYTE *pbData,
ULONG *pulDataLen);
typedef ULONG (*SKF_ChangeDevAuthKey_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbKeyValue,
ULONG ulKeyLen);
typedef ULONG (*SKF_DevAuth_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbAuthData,
ULONG ulLen);
typedef ULONG (*SKF_ChangePIN_FuncPtr)(
HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szOldPin,
LPSTR szNewPin,
ULONG *pulRetryCount);
typedef LONG (*SKF_GetPINInfo_FuncPtr)(
HAPPLICATION hApplication,
ULONG ulPINType,
ULONG *pulMaxRetryCount,
ULONG *pulRemainRetryCount,
BOOL *pbDefaultPin);
typedef ULONG (*SKF_VerifyPIN_FuncPtr)(
HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szPIN,
ULONG *pulRetryCount);
typedef ULONG (*SKF_UnblockPIN_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szAdminPIN,
LPSTR szNewUserPIN,
ULONG *pulRetryCount);
typedef ULONG (*SKF_ClearSecureState_FuncPtr)(
HAPPLICATION hApplication);
typedef ULONG (*SKF_CreateApplication_FuncPtr)(
DEVHANDLE hDev,
LPSTR szAppName,
LPSTR szAdminPin,
DWORD dwAdminPinRetryCount,
LPSTR szUserPin,
DWORD dwUserPinRetryCount,
DWORD dwCreateFileRights,
HAPPLICATION *phApplication);
typedef ULONG (*SKF_EnumApplication_FuncPtr)(
DEVHANDLE hDev,
LPSTR szAppName,
ULONG *pulSize);
typedef ULONG (*SKF_DeleteApplication_FuncPtr)(
DEVHANDLE hDev,
LPSTR szAppName);
typedef ULONG (*SKF_OpenApplication_FuncPtr)(
DEVHANDLE hDev,
LPSTR szAppName,
HAPPLICATION *phApplication);
typedef ULONG (*SKF_CloseApplication_FuncPtr)(
HAPPLICATION hApplication);
typedef ULONG (*SKF_CreateFile_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulFileSize,
ULONG ulReadRights,
ULONG ulWriteRights);
typedef ULONG (*SKF_DeleteFile_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName);
typedef ULONG (*SKF_EnumFiles_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileList,
ULONG *pulSize);
typedef ULONG (*SKF_GetFileInfo_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName,
FILEATTRIBUTE *pFileInfo);
typedef ULONG (*SKF_ReadFile_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
ULONG ulSize,
BYTE *pbOutData,
ULONG *pulOutLen);
typedef ULONG (*SKF_WriteFile_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
BYTE *pbData,
ULONG ulSize);
typedef ULONG (*SKF_CreateContainer_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer);
typedef ULONG (*SKF_DeleteContainer_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szContainerName);
typedef ULONG (*SKF_EnumContainer_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szContainerName,
ULONG *pulSize);
typedef ULONG (*SKF_OpenContainer_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer);
typedef ULONG (*SKF_CloseContainer_FuncPtr)(
HCONTAINER hContainer);
typedef ULONG (*SKF_GetContainerType_FuncPtr)(
HCONTAINER hContainer,
ULONG *pulContainerType);
typedef ULONG (*SKF_ImportCertificate_FuncPtr)(
HCONTAINER hContainer,
BOOL bExportSignKey,
BYTE *pbCert,
ULONG ulCertLen);
typedef ULONG (*SKF_ExportCertificate_FuncPtr)(
HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbCert,
ULONG *pulCertLen);
typedef ULONG (*SKF_ExportPublicKey_FuncPtr)(
HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbBlob,
ULONG *pulBlobLen);
typedef ULONG (*SKF_GenRandom_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbRandom,
ULONG ulRandomLen);
typedef ULONG (*SKF_GenExtRSAKey_FuncPtr)(
DEVHANDLE hDev,
ULONG ulBitsLen,
RSAPRIVATEKEYBLOB *pBlob);
typedef ULONG (*SKF_GenRSAKeyPair_FuncPtr)(
HCONTAINER hContainer,
ULONG ulBitsLen,
RSAPUBLICKEYBLOB *pBlob);
typedef ULONG (*SKF_ImportRSAKeyPair_FuncPtr)(
HCONTAINER hContainer,
ULONG ulSymAlgId,
BYTE *pbWrappedKey,
ULONG ulWrappedKeyLen,
BYTE *pbEncryptedData,
ULONG ulEncryptedDataLen);
typedef ULONG (*SKF_RSASignData_FuncPtr)(
HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG *pulSignLen);
typedef ULONG (*SKF_RSAVerify_FuncPtr)(
DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG ulSignLen);
typedef ULONG (*SKF_RSAExportSessionKey_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
RSAPUBLICKEYBLOB *pPubKey,
BYTE *pbData,
ULONG *pulDataLen,
HANDLE *phSessionKey);
typedef ULONG (*SKF_ExtRSAPubKeyOperation_FuncPtr)(
DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen);
typedef ULONG (*SKF_ExtRSAPriKeyOperation_FuncPtr)(
DEVHANDLE hDev,
RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen);
typedef ULONG (*SKF_GenECCKeyPair_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pBlob);
typedef ULONG (*SKF_ImportECCKeyPair_FuncPtr)(
HCONTAINER hContainer,
ENVELOPEDKEYBLOB *pEnvelopedKeyBlob);
typedef ULONG (*SKF_ECCSignData_FuncPtr)(
HCONTAINER hContainer,
BYTE *pbDigest,
ULONG ulDigestLen,
ECCSIGNATUREBLOB *pSignature);
typedef ULONG (*SKF_ECCVerify_FuncPtr)(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
typedef ULONG (*SKF_ECCExportSessionKey_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pPubKey,
ECCCIPHERBLOB *pData,
HANDLE *phSessionKey);
typedef ULONG (*SKF_ExtECCEncrypt_FuncPtr)(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbPlainText,
ULONG ulPlainTextLen,
ECCCIPHERBLOB *pCipherText);
typedef ULONG (*SKF_ExtECCDecrypt_FuncPtr)(
DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
ECCCIPHERBLOB *pCipherText,
BYTE *pbPlainText,
ULONG *pulPlainTextLen);
typedef ULONG (*SKF_ExtECCSign_FuncPtr)(
DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
typedef ULONG (*SKF_ExtECCVerify_FuncPtr)(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
typedef ULONG (*SKF_GenerateAgreementDataWithECC_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phAgreementHandle);
typedef ULONG (*SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr)(
HANDLE hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
BYTE *pbSponsorID,
ULONG ulSponsorIDLen,
HANDLE *phKeyHandle);
typedef ULONG (*SKF_GenerateKeyWithECC_FuncPtr)(
HANDLE hAgreementHandle,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phKeyHandle);
typedef ULONG (*SKF_ImportSessionKey_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
BYTE *pbWrapedData,
ULONG ulWrapedLen,
HANDLE *phKey);
typedef ULONG (*SKF_SetSymmKey_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbKey,
ULONG ulAlgID,
HANDLE *phKey);
typedef ULONG (*SKF_EncryptInit_FuncPtr)(
HANDLE hKey,
BLOCKCIPHERPARAM EncryptParam);
typedef ULONG (*SKF_Encrypt_FuncPtr)(
HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen);
typedef ULONG (*SKF_EncryptUpdate_FuncPtr)(
HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen);
typedef ULONG (*SKF_EncryptFinal_FuncPtr)(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG *pulEncryptedDataLen);
typedef ULONG (*SKF_DecryptInit_FuncPtr)(
HANDLE hKey,
BLOCKCIPHERPARAM DecryptParam);
typedef ULONG (*SKF_Decrypt_FuncPtr)(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen);
typedef ULONG (*SKF_DecryptUpdate_FuncPtr)(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen);
typedef ULONG (*SKF_DecryptFinal_FuncPtr)(
HANDLE hKey,
BYTE *pbDecryptedData,
ULONG *pulDecryptedDataLen);
typedef ULONG (*SKF_DigestInit_FuncPtr)(
DEVHANDLE hDev,
ULONG ulAlgID,
ECCPUBLICKEYBLOB *pPubKey,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phHash);
typedef ULONG (*SKF_Digest_FuncPtr)(
HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbHashData,
ULONG *pulHashLen);
typedef ULONG (*SKF_DigestUpdate_FuncPtr)(
HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen);
typedef ULONG (*SKF_DigestFinal_FuncPtr)(
HANDLE hHash,
BYTE *pHashData,
ULONG *pulHashLen);
typedef ULONG (*SKF_MacInit_FuncPtr)(
HANDLE hKey,
BLOCKCIPHERPARAM *pMacParam,
HANDLE *phMac);
typedef ULONG (*SKF_Mac_FuncPtr)(
HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbMacData,
ULONG *pulMacLen);
typedef ULONG (*SKF_MacUpdate_FuncPtr)(
HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen);
typedef ULONG (*SKF_MacFinal_FuncPtr)(
HANDLE hMac,
BYTE *pbMacData,
ULONG *pulMacDataLen);
typedef ULONG (*SKF_CloseHandle_FuncPtr)(
HANDLE hHandle);
typedef struct skf_method_st {
char *name;
SKF_WaitForDevEvent_FuncPtr WaitForDevEvent;
SKF_CancelWaitForDevEvent_FuncPtr CancelWaitForDevEvent;
SKF_EnumDev_FuncPtr EnumDev;
SKF_ConnectDev_FuncPtr ConnectDev;
SKF_DisConnectDev_FuncPtr DisConnectDev;
SKF_GetDevState_FuncPtr GetDevState;
SKF_SetLabel_FuncPtr SetLabel;
SKF_GetDevInfo_FuncPtr GetDevInfo;
SKF_LockDev_FuncPtr LockDev;
SKF_UnlockDev_FuncPtr UnlockDev;
SKF_Transmit_FuncPtr Transmit;
SKF_ChangeDevAuthKey_FuncPtr ChangeDevAuthKey;
SKF_DevAuth_FuncPtr DevAuth;
SKF_ChangePIN_FuncPtr ChangePIN;
SKF_GetPINInfo_FuncPtr GetPINInfo;
SKF_VerifyPIN_FuncPtr VerifyPIN;
SKF_UnblockPIN_FuncPtr UnblockPIN;
SKF_ClearSecureState_FuncPtr ClearSecureState;
SKF_CreateApplication_FuncPtr CreateApplication;
SKF_EnumApplication_FuncPtr EnumApplication;
SKF_DeleteApplication_FuncPtr DeleteApplication;
SKF_OpenApplication_FuncPtr OpenApplication;
SKF_CloseApplication_FuncPtr CloseApplication;
SKF_CreateFile_FuncPtr CreateFile;
SKF_DeleteFile_FuncPtr DeleteFile;
SKF_EnumFiles_FuncPtr EnumFiles;
SKF_GetFileInfo_FuncPtr GetFileInfo;
SKF_ReadFile_FuncPtr ReadFile;
SKF_WriteFile_FuncPtr WriteFile;
SKF_CreateContainer_FuncPtr CreateContainer;
SKF_DeleteContainer_FuncPtr DeleteContainer;
SKF_EnumContainer_FuncPtr EnumContainer;
SKF_OpenContainer_FuncPtr OpenContainer;
SKF_CloseContainer_FuncPtr CloseContainer;
SKF_GetContainerType_FuncPtr GetContainerType;
SKF_ImportCertificate_FuncPtr ImportCertificate;
SKF_ExportCertificate_FuncPtr ExportCertificate;
SKF_ExportPublicKey_FuncPtr ExportPublicKey;
SKF_GenRandom_FuncPtr GenRandom;
SKF_GenExtRSAKey_FuncPtr GenExtRSAKey;
SKF_GenRSAKeyPair_FuncPtr GenRSAKeyPair;
SKF_ImportRSAKeyPair_FuncPtr ImportRSAKeyPair;
SKF_RSASignData_FuncPtr RSASignData;
SKF_RSAVerify_FuncPtr RSAVerify;
SKF_RSAExportSessionKey_FuncPtr RSAExportSessionKey;
SKF_ExtRSAPubKeyOperation_FuncPtr ExtRSAPubKeyOperation;
SKF_ExtRSAPriKeyOperation_FuncPtr ExtRSAPriKeyOperation;
SKF_GenECCKeyPair_FuncPtr GenECCKeyPair;
SKF_ImportECCKeyPair_FuncPtr ImportECCKeyPair;
SKF_ECCSignData_FuncPtr ECCSignData;
SKF_ECCVerify_FuncPtr ECCVerify;
SKF_ECCExportSessionKey_FuncPtr ECCExportSessionKey;
SKF_ExtECCEncrypt_FuncPtr ExtECCEncrypt;
SKF_ExtECCDecrypt_FuncPtr ExtECCDecrypt;
SKF_ExtECCSign_FuncPtr ExtECCSign;
SKF_ExtECCVerify_FuncPtr ExtECCVerify;
SKF_GenerateAgreementDataWithECC_FuncPtr GenerateAgreementDataWithECC;
SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr GenerateAgreementDataAndKeyWithECC;
SKF_GenerateKeyWithECC_FuncPtr GenerateKeyWithECC;
SKF_ImportSessionKey_FuncPtr ImportSessionKey;
SKF_SetSymmKey_FuncPtr SetSymmKey;
SKF_EncryptInit_FuncPtr EncryptInit;
SKF_Encrypt_FuncPtr Encrypt;
SKF_EncryptUpdate_FuncPtr EncryptUpdate;
SKF_EncryptFinal_FuncPtr EncryptFinal;
SKF_DecryptInit_FuncPtr DecryptInit;
SKF_Decrypt_FuncPtr Decrypt;
SKF_DecryptUpdate_FuncPtr DecryptUpdate;
SKF_DecryptFinal_FuncPtr DecryptFinal;
SKF_DigestInit_FuncPtr DigestInit;
SKF_Digest_FuncPtr Digest;
SKF_DigestUpdate_FuncPtr DigestUpdate;
SKF_DigestFinal_FuncPtr DigestFinal;
SKF_MacInit_FuncPtr MacInit;
SKF_Mac_FuncPtr Mac;
SKF_MacUpdate_FuncPtr MacUpdate;
SKF_MacFinal_FuncPtr MacFinal;
SKF_CloseHandle_FuncPtr CloseHandle;
} SKF_METHOD;
SKF_METHOD *SKF_METHOD_load_library(const char *so_path);
#ifdef __cplusplus
}
#endif
#endif

12
include/openssl/gmsaf.h
View File

@@ -80,6 +80,7 @@ int ERR_load_SAF_strings(void);
# define SAF_F_SAF_BASE64_ENCODE 104
# define SAF_F_SAF_BASE64_ENCODEFINAL 105
# define SAF_F_SAF_BASE64_ENCODEUPDATE 106
# define SAF_F_SAF_CHANGEPIN 123
# define SAF_F_SAF_CREATESYMMKEYOBJ 107
# define SAF_F_SAF_ECCPUBLICKEYENC 108
# define SAF_F_SAF_ECCPUBLICKEYENCBYCERT 109
@@ -89,7 +90,14 @@ int ERR_load_SAF_strings(void);
# define SAF_F_SAF_GENECCKEYPAIR 113
# define SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC 114
# define SAF_F_SAF_GENERATEKEYWITHECC 115
# define SAF_F_SAF_GENERATEKEYWITHEPK 124
# define SAF_F_SAF_GENRANDOM 125
# define SAF_F_SAF_GETECCPUBLICKEY 116
# define SAF_F_SAF_GETVERSION 126
# define SAF_F_SAF_IMPORTENCEDKEY 127
# define SAF_F_SAF_INITIALIZE 128
# define SAF_F_SAF_LOGIN 129
# define SAF_F_SAF_LOGOUT 130
# define SAF_F_SAF_MACFINAL 117
# define SAF_F_SAF_MACUPDATE 118
# define SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA 119
@@ -100,7 +108,10 @@ int ERR_load_SAF_strings(void);
/* Reason codes. */
# define SAF_R_BUFFER_TOO_SMALL 100
# define SAF_R_CBCMAC_FAILURE 101
# define SAF_R_CMAC_FAILURE 115
# define SAF_R_ENCRYPT_KEY_FAILURE 116
# define SAF_R_GEN_RANDOM 102
# define SAF_R_GEN_RANDOM_FAILURE 117
# define SAF_R_INT_OVERFLOW 103
# define SAF_R_INVALID_ALGOR 104
# define SAF_R_INVALID_CONTEXT 105
@@ -111,6 +122,7 @@ int ERR_load_SAF_strings(void);
# define SAF_R_INVALID_KEY_USAGE 110
# define SAF_R_INVALID_LENGTH 111
# define SAF_R_MAC_FAILURE 112
# define SAF_R_NOT_SUPPORTED 118
# define SAF_R_OPERATION_NOT_INITIALIZED 113
# define SAF_R_SAF_ERROR 114

128
include/openssl/gmsdf.h
View File

@@ -95,81 +95,63 @@ int ERR_load_SDF_strings(void);
/* Function codes. */
# define SDF_F_SDF_CALCULATEMAC 100
# define SDF_F_SDF_CLOSEDEVICE 145
# define SDF_F_SDF_CLOSESESSION 101
# define SDF_F_SDF_DECODE_EC_SIGNATURE 102
# define SDF_F_SDF_DECRYPT 103
# define SDF_F_SDF_ENCODE_EC_SIGNATURE 104
# define SDF_F_SDF_ENCRYPT 105
# define SDF_F_SDF_EXPORTENCPUBLICKEY_ECC 106
# define SDF_F_SDF_EXPORTENCPUBLICKEY_RSA 107
# define SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC 108
# define SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA 109
# define SDF_F_SDF_EXTERNALDECRYPT_ECC 110
# define SDF_F_SDF_EXTERNALENCRYPT_ECC 111
# define SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA 112
# define SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA 113
# define SDF_F_SDF_EXTERNALSIGN_ECC 114
# define SDF_F_SDF_EXTERNALVERIFY_ECC 115
# define SDF_F_SDF_GENERATEKEYPAIR_ECC 116
# define SDF_F_SDF_GENERATEKEYPAIR_RSA 117
# define SDF_F_SDF_GENERATEKEYWITHEPK_ECC 118
# define SDF_F_SDF_GENERATEKEYWITHEPK_RSA 119
# define SDF_F_SDF_GENERATEKEYWITHIPK_ECC 120
# define SDF_F_SDF_GENERATEKEYWITHIPK_RSA 121
# define SDF_F_SDF_GENERATERANDOM 122
# define SDF_F_SDF_GETDEVICEINFO 123
# define SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT 124
# define SDF_F_SDF_GET_CIPHER 125
# define SDF_F_SDF_GET_DIGEST 126
# define SDF_F_SDF_HASHFINAL 127
# define SDF_F_SDF_HASHINIT 128
# define SDF_F_SDF_HASHUPDATE 129
# define SDF_F_SDF_IMPORTKEY 130
# define SDF_F_SDF_IMPORTKEYWITHISK_ECC 131
# define SDF_F_SDF_IMPORTKEYWITHISK_RSA 132
# define SDF_F_SDF_INTERNALDECRYPT_ECC 133
# define SDF_F_SDF_INTERNALENCRYPT_ECC 134
# define SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA 135
# define SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA 136
# define SDF_F_SDF_INTERNALSIGN_ECC 137
# define SDF_F_SDF_INTERNALVERIFY_ECC 138
# define SDF_F_SDF_LOAD_EC_PRIVATE_KEY 139
# define SDF_F_SDF_LOAD_EC_PUBLIC_KEY 140
# define SDF_F_SDF_LOAD_RSA_PRIVATE_KEY 141
# define SDF_F_SDF_LOAD_RSA_PUBLIC_KEY 142
# define SDF_F_SDF_OPENDEVICE 143
# define SDF_F_SDF_OPENSESSION 144
# define SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT 146
# define SDF_F_SDF_CLOSEDEVICE 101
# define SDF_F_SDF_CLOSESESSION 102
# define SDF_F_SDF_CREATEFILE 103
# define SDF_F_SDF_DECRYPT 104
# define SDF_F_SDF_DELETEFILE 105
# define SDF_F_SDF_DESTROYKEY 106
# define SDF_F_SDF_ENCRYPT 107
# define SDF_F_SDF_EXCHANGEDIGITENVELOPEBASEONECC 108
# define SDF_F_SDF_EXCHANGEDIGITENVELOPEBASEONRSA 109
# define SDF_F_SDF_EXPORTENCPUBLICKEY_ECC 110
# define SDF_F_SDF_EXPORTENCPUBLICKEY_RSA 111
# define SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC 112
# define SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA 113
# define SDF_F_SDF_EXTERNALENCRYPT_ECC 114
# define SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA 115
# define SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA 116
# define SDF_F_SDF_EXTERNALVERIFY_ECC 117
# define SDF_F_SDF_GENERATEAGREEMENTDATAANDKEYWITHECC 118
# define SDF_F_SDF_GENERATEAGREEMENTDATAWITHECC 119
# define SDF_F_SDF_GENERATEKEYPAIR_ECC 120
# define SDF_F_SDF_GENERATEKEYPAIR_RSA 121
# define SDF_F_SDF_GENERATEKEYWITHECC 122
# define SDF_F_SDF_GENERATEKEYWITHEPK_ECC 123
# define SDF_F_SDF_GENERATEKEYWITHEPK_RSA 124
# define SDF_F_SDF_GENERATEKEYWITHIPK_ECC 125
# define SDF_F_SDF_GENERATEKEYWITHIPK_RSA 126
# define SDF_F_SDF_GENERATEKEYWITHKEK 127
# define SDF_F_SDF_GENERATERANDOM 128
# define SDF_F_SDF_GETDEVICEINFO 129
# define SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT 130
# define SDF_F_SDF_HASHFINAL 131
# define SDF_F_SDF_HASHINIT 132
# define SDF_F_SDF_HASHUPDATE 133
# define SDF_F_SDF_IMPORTKEY 134
# define SDF_F_SDF_IMPORTKEYWITHISK_ECC 135
# define SDF_F_SDF_IMPORTKEYWITHISK_RSA 136
# define SDF_F_SDF_IMPORTKEYWITHKEK 137
# define SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA 138
# define SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA 147
# define SDF_F_SDF_INTERNALSIGN_ECC 139
# define SDF_F_SDF_INTERNALVERIFY_ECC 140
# define SDF_F_SDF_METHOD_LOAD_LIBRARY 141
# define SDF_F_SDF_OPENDEVICE 142
# define SDF_F_SDF_OPENSESSION 143
# define SDF_F_SDF_READFILE 144
# define SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT 145
# define SDF_F_SDF_WRITEFILE 146
/* Reason codes. */
# define SDF_R_BUFFER_TOO_SMALL 100
# define SDF_R_BUUTER_TOO_SMALL 101
# define SDF_R_CBCMAC_FAILURE 102
# define SDF_R_CMAC_FAILURE 126
# define SDF_R_COMPUTE_SM2_ID_FAILURE 103
# define SDF_R_ENGINE_LOAD_KEY_FAILURE 104
# define SDF_R_GET_PRIVATE_KEY_FAILED 105
# define SDF_R_GET_PUBLIC_KEY_FAILED 106
# define SDF_R_INVALID_ALGOR 107
# define SDF_R_INVALID_DEVICE_HANDLE 122
# define SDF_R_INVALID_EC_CIPHERTEXT 108
# define SDF_R_INVALID_EC_PRIVATE_KEY 109
# define SDF_R_INVALID_EC_PUBLIC_KEY 110
# define SDF_R_INVALID_INPUT_LENGTH 111
# define SDF_R_INVALID_KEY_HANDLE 112
# define SDF_R_INVALID_KEY_INDEX 123
# define SDF_R_INVALID_KEY_LENGTH 113
# define SDF_R_INVALID_KEY_USAGE 114
# define SDF_R_INVALID_LENGTH 115
# define SDF_R_INVALID_OPERATION_STATE 116
# define SDF_R_INVALID_PASSWORD_LENGTH 124
# define SDF_R_INVALID_SESSION 117
# define SDF_R_INVALID_SESSION_HANDLE 125
# define SDF_R_KEY_TYPE_NOT_MATCH 118
# define SDF_R_LOAD_ENGINE_FAILURE 119
# define SDF_R_RANDOM_FAILURE 120
# define SDF_R_SDF_SESSION_NO_ENGINE 121
# define SDF_R_INVALID_KEY_LENGTH 100
# define SDF_R_INVALID_SDF_LIBRARY 101
# define SDF_R_INVALID_SESSION_HANDLE 102
# define SDF_R_LOAD_LIBRARY_FAILURE 107
# define SDF_R_NOT_SUPPORTED 103
# define SDF_R_OPERATION_FAILED 104
# define SDF_R_SDF_METHOD_RETURN_FAILURE 105
# define SDF_R_SDF_OPERATION_FAILED 106
# ifdef __cplusplus
}

2
include/openssl/saf.h
View File

@@ -464,7 +464,7 @@ int SAF_GenerateKeyWithEPK(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
unsigned int *puiSymmKeyLen,
void **phKeyHandle);
int SAF_ImportEncedKey(

645
test/sdf_dummy.c Normal file
View File

@@ -0,0 +1,645 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/* Dummy SDF Library
*
* This is the **dummy** implementation of the SDF API, used by the SDF
* ENGINE for compiling and basic testing. For products this should be
* replaced by the library provided by hardware vendors.
*
* Design principles:
* 1. All the functions of this dummy library will return success, which
* is `SDR_OK`.
* 2. If there are return value pointers, such as handles, output length
* or generated key data types, the output will be filled with valid
* data. Such that the caller can parse these data without errors.
* 3. The implementation should not relay on any other libraries, source
* files or header files except the `sdf.h`.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/sgd.h>
#include <openssl/sdf.h>
static char *deviceHandle = "SDF Device Handle";
static char *sessionHandle = "SDF Session Handle";
static char *keyHandle = "SDF Key Handle";
static char *agreementHandle = "SDF Agreement Handle";
static int hashAlgor;
/*
static unsigned char certificate[] = {
0x03, 0x04,
};
*/
static unsigned char rsaPublicKey[] = {
0x03, 0x04,
};
static unsigned char rsaPrivateKey[] = {
0x03, 0x04,
};
static unsigned char ecPublicKey[] = {
0x03, 0x04,
};
static unsigned char ecPrivateKey[] = {
0x03, 0x04,
};
static unsigned char ecCiphertext[] = {
0x03,
};
static unsigned char ecSignature[] = {
0x03,
};
/* 6.2.1 */
int SDF_OpenDevice(
void **phDeviceHandle)
{
*phDeviceHandle = deviceHandle;
return SDR_OK;
}
/* 6.2.2 */
int SDF_CloseDevice(
void *hDeviceHandle)
{
return SDR_OK;
}
/* 6.2.3 */
int SDF_OpenSession(
void *hDeviceHandle,
void **phSessionHandle)
{
*phSessionHandle = sessionHandle;
return SDR_OK;
}
/* 6.2.4 */
int SDF_CloseSession(
void *hSessionHandle)
{
return SDR_OK;
}
/* 6.2.5 */
int SDF_GetDeviceInfo(
void *hSessionHandle,
DEVICEINFO *pstDeviceInfo)
{
memset(pstDeviceInfo, 0, sizeof(*pstDeviceInfo));
strcpy((char *)pstDeviceInfo->IssuerName, "GmSSL");
strcpy((char *)pstDeviceInfo->DeviceName, "Dummy SDF");
strcpy((char *)pstDeviceInfo->DeviceSerial, "000001");
pstDeviceInfo->DeviceVersion = 2;
pstDeviceInfo->StandardVersion = 1;
pstDeviceInfo->AsymAlgAbility[0] = SGD_RSA|SGD_SM2_1;
pstDeviceInfo->AsymAlgAbility[1] = SGD_RSA|SGD_SM2_3;
pstDeviceInfo->SymAlgAbility = SGD_SM1|SGD_SSF33|SGD_SM4|SGD_ZUC;
pstDeviceInfo->HashAlgAbility = SGD_SM3|SGD_SHA1|SGD_SHA256;
pstDeviceInfo->BufferSize = 0;
return SDR_OK;
}
/* 6.2.6 */
int SDF_GenerateRandom(
void *hSessionHandle,
unsigned int uiLength,
unsigned char *pucRandom)
{
memset(pucRandom, 'R', uiLength);
return SDR_OK;
}
/* 6.2.7 */
int SDF_GetPrivateKeyAccessRight(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucPassword,
unsigned int uiPwdLength)
{
return SDR_OK;
}
/* 6.2.8 */
int SDF_ReleasePrivateKeyAccessRight(
void *hSessionHandle,
unsigned int uiKeyIndex)
{
return SDR_OK;
}
/* 6.3.1 */
int SDF_ExportSignPublicKey_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey)
{
memcpy(pucPublicKey, rsaPublicKey, sizeof(*pucPublicKey));
return SDR_OK;
}
/* 6.3.2 */
int SDF_ExportEncPublicKey_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey)
{
memcpy(pucPublicKey, rsaPublicKey, sizeof(*pucPublicKey));
return SDR_OK;
}
/* 6.3.3 */
int SDF_GenerateKeyPair_RSA(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
RSArefPrivateKey *pucPrivateKey)
{
memcpy(pucPublicKey, rsaPublicKey, sizeof(*pucPublicKey));
memcpy(pucPrivateKey, rsaPrivateKey, sizeof(*pucPrivateKey));
return SDR_OK;
}
/* 6.3.4 */
int SDF_GenerateKeyWithIPK_RSA(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.5 */
int SDF_GenerateKeyWithEPK_RSA(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.6 */
int SDF_ImportKeyWithISK_RSA(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.7 */
int SDF_ExchangeDigitEnvelopeBaseOnRSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDEInput,
unsigned int uiDELength,
unsigned char *pucDEOutput,
unsigned int *puiDELength)
{
*puiDELength = 256; // correct?
return SDR_OK;
}
/* 6.3.8 */
int SDF_ExportSignPublicKey_ECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey)
{
memcpy(pucPublicKey, ecPublicKey, sizeof(*pucPublicKey));
return SDR_OK;
}
/* 6.3.9 */
int SDF_ExportEncPublicKey_ECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey)
{
memcpy(pucPublicKey, ecPublicKey, sizeof(*pucPublicKey));
return SDR_OK;
}
/* 6.3.10 */
int SDF_GenerateKeyPair_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKeyBits,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey)
{
memcpy(pucPublicKey, ecPublicKey, sizeof(*pucPublicKey));
memcpy(pucPrivateKey, ecPrivateKey, sizeof(*pucPrivateKey));
return SDR_OK;
}
/* 6.3.11 */
int SDF_GenerateKeyWithIPK_ECC(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits,
ECCCipher *pucKey,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.12 */
int SDF_GenerateKeyWithEPK_ECC(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucKey,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.13 */
int SDF_ImportKeyWithISK_ECC(
void *hSessionHandle,
unsigned int uiISKIndex,
ECCCipher *pucKey,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.14 */
int SDF_GenerateAgreementDataWithECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
void **phAgreementHandle)
{
*phAgreementHandle = agreementHandle;
return SDR_OK;
}
/* 6.3.15 */
int SDF_GenerateKeyWithECC(
void *hSessionHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void *hAgreementHandle,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.16 */
int SDF_GenerateAgreementDataAndKeyWithECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.17 */
int SDF_ExchangeDigitEnvelopeBaseOnECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucEncDataIn,
ECCCipher *pucEncDataOut)
{
return SDR_OK;
}
/* 6.3.18 */
int SDF_GenerateKeyWithKEK(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.19 */
int SDF_ImportKeyWithKEK(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle)
{
*phKeyHandle = keyHandle;
return SDR_OK;
}
/* 6.3.20 */
int SDF_DestroyKey(
void *hSessionHandle,
void *hKeyHandle)
{
return SDR_OK;
}
/* 6.4.1 */
int SDF_ExternalPublicKeyOperation_RSA(
void *hSessionHandle,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength)
{
*puiOutputLength = 2048/8;
return SDR_OK;
}
/* 6.4.2 */
int SDF_ExternalPrivateKeyOperation_RSA(
void *hSessionHandle,
RSArefPrivateKey *pucPrivateKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength)
{
*puiOutputLength = 2048/8;
return SDR_OK;
}
/* 6.4.3 */
int SDF_InternalPrivateKeyOperation_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength)
{
*puiOutputLength = 2048/8;
return SDR_OK;
}
/* 6.4.4 */
int SDF_ExternalVerify_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
ECCSignature *pucSignature)
{
return SDR_OK;
}
/* 6.4.5 */
int SDF_InternalSign_ECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature)
{
memcpy(pucSignature, ecSignature, sizeof(*pucSignature));
return SDR_OK;
}
/* 6.4.6 */
int SDF_InternalVerify_ECC(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature)
{
return SDR_OK;
}
/* 6.4.7 */
int SDF_ExternalEncrypt_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData)
{
memcpy(pucEncData, ecCiphertext, sizeof(*pucEncData));
return SDR_OK;
}
/* 6.5.1 */
int SDF_Encrypt(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucEncData,
unsigned int *puiEncDataLength)
{
*puiEncDataLength = uiDataLength + 16;
return SDR_OK;
}
/* 6.5.2 */
int SDF_Decrypt(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucEncData,
unsigned int uiEncDataLength,
unsigned char *pucData,
unsigned int *puiDataLength)
{
*puiDataLength = uiEncDataLength;
return SDR_OK;
}
/* 6.5.3 */
int SDF_CalculateMAC(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucMAC,
unsigned int *puiMACLength)
{
*puiMACLength = 128/8;
return SDR_OK;
}
/* 6.6.1 */
int SDF_HashInit(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucID,
unsigned int uiIDLength)
{
return SDR_OK;
}
/* 6.6.2 */
int SDF_HashUpdate(
void *hSessionHandle,
unsigned char *pucData,
unsigned int uiDataLength)
{
return SDR_OK;
}
/* 6.6.3 */
int SDF_HashFinal(void *hSessionHandle,
unsigned char *pucHash,
unsigned int *puiHashLength)
{
switch (hashAlgor) {
case SGD_SM3:
*puiHashLength = 256/8;
break;
case SGD_SHA1:
*puiHashLength = 160/8;
break;
case SGD_SHA256:
*puiHashLength = 256/8;
break;
}
return SDR_OK;
}
/* 6.7.1 */
int SDF_CreateFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiFileSize)
{
return SDR_OK;
}
/* 6.7.2 */
int SDF_ReadFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int *puiReadLength,
unsigned char *pucBuffer)
{
// return a certificate
return SDR_OK;
}
/* 6.7.3 */
int SDF_WriteFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int uiWriteLength,
unsigned char *pucBuffer)
{
return SDR_OK;
}
/* 6.7.4 */
int SDF_DeleteFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen)
{
return SDR_OK;
}

1069
test/sdftest.c
View File

File diff suppressed because it is too large Load Diff

2
util/mkdef.pl
View File

@@ -132,7 +132,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CMAC",
# APPLINK (win build feature?)
"APPLINK",
"SM3", "SMS4", "KDF2", "ECIES", "FFX", "PAILLIER", "CPK", "OTP", "GMAPI", "EC2",
"SM3", "SMS4", "KDF2", "ECIES", "FFX", "SM2", "PAILLIER", "CPK", "OTP", "GMAPI", "EC2",
"BFIBE", "BB1IBE", "SM9", "SAF", "SDF", "SKF", "SOF", "ZUC"
);