From 90a001b539dfabc0825af47d3fffbb630fa45456 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 19 Feb 2017 23:41:47 +0800 Subject: [PATCH] update gm apis --- crypto/saf/saf_app.c | 53 +- crypto/saf/saf_ec.c | 279 +------- crypto/saf/saf_enc.c | 1 - crypto/saf/saf_err.c | 14 +- crypto/saf/saf_keyhandle.c | 73 +- crypto/saf/saf_lcl.h | 76 +-- crypto/saf/saf_mac.c | 27 +- crypto/saf/saf_pkcs7.c | 249 +------ crypto/saf/saf_rand.c | 13 +- crypto/saf/saf_rsa.c | 103 --- crypto/saf/saf_sm2.c | 102 --- crypto/saf/saf_symmkeyobj.c | 66 +- crypto/sdf/build.info | 17 +- crypto/sdf/sdf_dev.c | 119 ---- crypto/sdf/sdf_ec.c | 918 ------------------------- crypto/sdf/sdf_enc.c | 215 ------ crypto/sdf/sdf_err.c | 129 ---- crypto/sdf/sdf_errstr.c | 99 --- crypto/sdf/sdf_ext.c | 238 ------- crypto/sdf/sdf_file.c | 89 --- crypto/sdf/sdf_hash.c | 217 ------ crypto/sdf/sdf_key.c | 97 --- crypto/sdf/sdf_key2.c | 99 --- crypto/sdf/sdf_lcl.h | 81 --- crypto/sdf/sdf_lib.c | 327 --------- crypto/sdf/sdf_mac.c | 131 ---- crypto/sdf/sdf_rand.c | 95 --- crypto/sdf/sdf_rsa.c | 570 ---------------- crypto/sdf/sdf_session.c | 237 ------- crypto/skf/skf_dgst.c | 235 ------- crypto/skf/skf_dummy.c | 938 +++++++++++++++++++++++++ crypto/skf/skf_ec.c | 272 -------- crypto/skf/skf_enc.c | 404 ----------- crypto/skf/skf_err.c | 122 ---- crypto/skf/skf_handle.c | 248 ------- crypto/skf/skf_handle.d.tmp | 16 - crypto/skf/skf_lcl.h | 107 --- crypto/skf/skf_lib.c | 1280 +++++++++++++++++++++++++++++++++++ crypto/skf/skf_mac.c | 180 ----- crypto/skf/skf_meth.c | 157 +++++ crypto/skf/skf_rand.c | 84 --- crypto/skf/skf_rsa.c | 222 ------ crypto/skf/skf_sesskey.c | 98 --- crypto/skf/skf_token.c | 394 ----------- include/internal/sdf_meth.h | 443 ++++++++++++ include/internal/skf_meth.h | 616 +++++++++++++++++ include/openssl/gmsaf.h | 12 + include/openssl/gmsdf.h | 128 ++-- include/openssl/saf.h | 2 +- test/sdf_dummy.c | 645 ++++++++++++++++++ test/sdftest.c | 1069 ++++++++++++++++++++++++++++- util/mkdef.pl | 2 +- 52 files changed, 5370 insertions(+), 7038 deletions(-) delete mode 100644 crypto/sdf/sdf_dev.c delete mode 100644 crypto/sdf/sdf_ec.c delete mode 100644 crypto/sdf/sdf_enc.c delete mode 100644 crypto/sdf/sdf_err.c delete mode 100644 crypto/sdf/sdf_errstr.c delete mode 100644 crypto/sdf/sdf_ext.c delete mode 100644 crypto/sdf/sdf_file.c delete mode 100644 crypto/sdf/sdf_hash.c delete mode 100644 crypto/sdf/sdf_key.c delete mode 100644 crypto/sdf/sdf_key2.c delete mode 100644 crypto/sdf/sdf_lcl.h delete mode 100644 crypto/sdf/sdf_lib.c delete mode 100644 crypto/sdf/sdf_mac.c delete mode 100644 crypto/sdf/sdf_rand.c delete mode 100644 crypto/sdf/sdf_rsa.c delete mode 100644 crypto/sdf/sdf_session.c delete mode 100644 crypto/skf/skf_dgst.c create mode 100644 crypto/skf/skf_dummy.c delete mode 100644 crypto/skf/skf_ec.c delete mode 100644 crypto/skf/skf_enc.c delete mode 100644 crypto/skf/skf_handle.c delete mode 100644 crypto/skf/skf_handle.d.tmp delete mode 100644 crypto/skf/skf_lcl.h create mode 100644 crypto/skf/skf_lib.c delete mode 100644 crypto/skf/skf_mac.c create mode 100644 crypto/skf/skf_meth.c delete mode 100644 crypto/skf/skf_rand.c delete mode 100644 crypto/skf/skf_rsa.c delete mode 100644 crypto/skf/skf_sesskey.c delete mode 100644 crypto/skf/skf_token.c create mode 100644 include/internal/sdf_meth.h create mode 100644 include/internal/skf_meth.h create mode 100644 test/sdf_dummy.c diff --git a/crypto/saf/saf_app.c b/crypto/saf/saf_app.c index fabeafd2..4a999537 100644 --- a/crypto/saf/saf_app.c +++ b/crypto/saf/saf_app.c @@ -46,35 +46,35 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ -/* - * the software implementation of SAF application and related storage - * is determined by a standard OpenSSL configuration file `openssl.cnf`. - * If no config file is given, the default openssl config file will be - * used. This means that the SAF API is only a wrapper of the EVP API. - * - * The OpenSSL use file-level access control, i.e. private keys are - * encrypted by passwords, there is no default container-level access - * control mechnsims such as the Java Keytool for the application-level - * access control of SAF API. - * - * We use the AppHandle to preserve the CONF object. - * - * So we dont provide such access control. The Login() will always - * success. And the ChangePin() has no effects. - */ #include #include #include +#include #include #include +#include +#include "saf_lcl.h" /* 7.1.2 */ int SAF_Initialize( void **phAppHandle, char *pubCfgFilePath) { + int ret = SAR_UnknownErr; + SAF_APP *app = NULL; + if (!phAppHandle || !pubCfgFilePath) { + SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!(app = OPENSSL_zalloc(sizeof(*app)))) { + SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_MALLOC_FAILURE); + return SAR_MemoryErr; + } + + *phAppHandle = app; return SAR_Ok; } @@ -82,6 +82,8 @@ int SAF_Initialize( int SAF_Finalize( void *hAppHandle) { + SAF_APP *app = (SAF_APP *)hAppHandle; + OPENSSL_free(app); return SAR_Ok; } @@ -89,7 +91,12 @@ int SAF_Finalize( int SAF_GetVersion( unsigned int *puiVersion) { - *puiVersion = 0x01000000; + if (!puiVersion) { + SAFerr(SAF_F_SAF_GETVERSION, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + *puiVersion = (unsigned int)OpenSSL_version_num(); return SAR_Ok; } @@ -103,8 +110,8 @@ int SAF_Login( unsigned int uiPinLen, unsigned int *puiRemainCount) { - *puiRemainCount = 100; - return SAR_Ok; + SAFerr(SAF_F_SAF_LOGIN, SAF_R_NOT_SUPPORTED); + return SAR_NotSupportYetErr; } /* 7.1.6 */ @@ -119,8 +126,8 @@ int SAF_ChangePin( unsigned int uiNewPinLen, unsigned int *puiRemainCount) { - *puiRemainCount = 100; - return SAR_Ok; + SAFerr(SAF_F_SAF_CHANGEPIN, SAF_R_NOT_SUPPORTED); + return SAR_NotSupportYetErr; } /* 7.1.7 */ @@ -128,6 +135,6 @@ int SAF_Logout( void *hAppHandle, unsigned int uiUsrType) { - return SAR_Ok; + SAFerr(SAF_F_SAF_LOGOUT, SAF_R_NOT_SUPPORTED); + return SAR_NotSupportYetErr; } - diff --git a/crypto/saf/saf_ec.c b/crypto/saf/saf_ec.c index ca2c7fb3..eeed3140 100644 --- a/crypto/saf/saf_ec.c +++ b/crypto/saf/saf_ec.c @@ -47,30 +47,10 @@ * ==================================================================== */ -/* GM/T 0019-2012: 7.3.23 */ -/* - * uiKeyUsage in {SGD_SM2_1, SGD_SM2_2, SGD_SM2_3} - * uiExportFlag = 1 means exportable, 0 means non-exportable - * we will generate a key pair and import into ENGINE - * or use ENGINE to generate key pair - */ - #include #include #include -int saf_save_ec_keypair( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiKeyBits, - unsigned int uiKeyUsage, - unsigned int uiExportFlag, - ECCrefPublicKey *pucPublicKey, - ECCrefPrivateKey *pucPrivateKey) -{ - return -1; -} /* 7.3.23 */ int SAF_GenEccKeyPair( @@ -82,8 +62,6 @@ int SAF_GenEccKeyPair( unsigned int uiExportFlag) { int ret = -1; - ECCrefPublicKey publicKey; - ECCrefPrivateKey privateKey; /* check arguments */ if (!hAppHandle || !pucContainerName) { @@ -91,7 +69,7 @@ int SAF_GenEccKeyPair( ERR_R_PASSED_NULL_PARAMETER); return SAR_IndataErr; } - if (uiContainerNameLen <= 0 || uiContainerName > SGD_MAX_NAME_SIZE || + if (uiContainerNameLen <= 0 || uiContainerNameLen > SGD_MAX_NAME_SIZE || strlen((char *)pucContainerName) != uiContainerNameLen) { SAFerr(SAF_F_SAF_GENECCKEYPAIR, SAF_R_INVALID_INPUT_LENGTH); @@ -109,63 +87,15 @@ int SAF_GenEccKeyPair( return SAR_KeyUsageErr; } - /* generate keypair */ - if (SDF_GenerateKeyPair_ECC( - NULL, - uiKeyUsage, - uiKeyBits, - &publicKey, - &privateKey) != SDR_OK) { - SAFerr(SAF_F_SAF_GENECCKEYPAIR, SAF_R_SAF_ERROR); - goto end; - } - - /* save keypair */ - if (saf_save_ec_keypair( - hAppHandle, - pucContainerName, - uiContainerNameLen, - uiKeyBits, - uiKeyUsage, - uiExportFlag, - &publicKey, - &privateKey) != SAR_Ok) { - - SAFerr(SAF_F_SAF_GENECCKEYPAIR, ERR_R_GMAPI_LIB); - goto end; - } /* set return value */ ret = SAR_Ok; end: - /* clear private key */ - memset(&privateKey, 0, sizeof(ECCrefPrivateKey)); return ret; } -int saf_get_sdf_session_and_keyindex( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiKeyUsage, - void *phSessionHandle, - unsigned int puiKeyIndex) -{ - return -1; -} - -void saf_release_sdf_session( - void *hSessionHandle) -{ -} - -/* - * `crypto/ec` only support `i2o_ECPublicKey` and `o2i_ECPublicKey`, there - * are no DER encoding/decoding routines for EC public key. The encoding of - * `i2o` is just the result of `EC_POINT_point2oct` on the public key point. - */ /* 7.3.24 */ int SAF_GetEccPublicKey( void *hAppHandle, @@ -175,9 +105,8 @@ int SAF_GetEccPublicKey( unsigned char *pucPublicKey, unsigned int *puiPublicKeyLen) { - int ret = -1; - void *hSessionHandle = NULL; - unsigned int uiKeyIndex; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; int rv; /* check arguments */ @@ -206,64 +135,17 @@ int SAF_GetEccPublicKey( return SAR_IndataErr; } - /* get session and key index*/ - if ((rv = saf_get_sdf_session_and_keyindex( - hAppHandle, - pucContainerName, - uiContainerNameLen, - uiKeyUsage, - &hSessionHandle, - &uiKeyIndex)) != SAR_Ok) { + /* load public key */ - SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB); - ret = rv; - goto end; - } - - /* load key */ - if (uiKeyUsage == SGD_SM2_1) { - if (SDF_ExportSignPublicKey_ECC( - hSessionHandle, - uiKeyIndex, - (ECCrefPublicKey *)pucPublicKey) != SDR_OK) { - - SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB); - goto end; - } - } else { - if (SDF_ExportEncPublicKey_ECC( - hSessionHandle, - uiKeyIndex, - (ECCrefPublicKey *)pucPublicKey) != SDR_OK) { - - SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB); - goto end; - } - } /* set return value */ - *puiPublicKeyLen = (unsigned int)sizeof(ECCrefPublicKey); ret = SAR_Ok; end: - sdf_release_sdf_session(hSessionHandle); return ret; } /* 7.3.25 */ -/* input data is message, not digest - * otuput is the DER encoding of the signature - * - * WHY do we need a seperate function for EC and RSA? - */ -int saf_get_sdf_session_and_ecsignkey( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiAlgorithmID, /* SGD_SM2_1 */ - void **phSessionhandle, - unsigned int *puiISKIndex); - int SAF_EccSign( void *hAppHandle, unsigned char *pucContainerName, @@ -304,43 +186,12 @@ int SAF_EccSign( return SAR_IndataErr; } - /* get session and ec sign key */ - if ((rv = saf_get_sdf_session_and_ecsignkey( - hAppHandle, - pucContainerName, - uiContainerNameLen, - uiAlgorithmID, - &hSessionHandle, - &uiISKIndex)) != SAR_Ok) { - - SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_GMAPI_LIB); - ret = rv; - goto end; - } - - /* sign */ - if (SDF_InternalSign_ECC( - hSessionHandle, - uiISKIndex, - pucInData, - uiInDataLen, - (ECCSignature *)pucSignData) != SDR_OK) { - - SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_GMAPI_LIB); - goto end; - } - - /* set return value */ - *puiSignDataLen = (unsigned int)sizeof(ECCSignature); ret = SAR_Ok; - end: - saf_release_sdf_session(hSessionhandle); return ret; } /* 7.3.26 */ -/* it seems that we need the public key has more info */ int SAF_EccVerifySign( unsigned char *pucPublicKey, unsigned int uiPublicKeyLen, @@ -351,11 +202,11 @@ int SAF_EccVerifySign( unsigned int uiSignDataLen) { int ret = SAR_UnknownErr; - + /* check arguments */ if (!pucPublicKey || !pucInData || !pucSignData) { SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_PASSED_NULL_PARAMETER); - return SAR_IndataErr); + return SAR_IndataErr; } if (uiPublicKeyLen != sizeof(ECCrefPublic)) { SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH); @@ -374,18 +225,6 @@ int SAF_EccVerifySign( return SAR_IndataLenErr; } - if (SDF_ExternalVerify_ECC( - NULL, /* hSessionHandle */ - uiAlgorithmID, - (ECCrefPublicKey *)pucPublicKey, - pucInData, - uiInDataLen, - (ECCSignature *)pucSignData) != SDR_OK) { - - SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_GMAPI_LIB); - goto end; - } - ret = SAR_Ok; end: @@ -429,33 +268,11 @@ int SAF_EccPublicKeyEnc( return SAR_IndataLenErr; } - /* encrypt */ - if (SDF_ExternalEncrypt_ECC( - NULL, /* hSessionHandle */ - uiAlgorithmID, - (ECCrefPublicKey *)pucPublicKey, - pucInData, - uiInDataLen, - (ECCCipher *)pucOutData) != SDR_OK) { - - SAFerr(SAF_F_SAF_ECCPUBLICKEYENC, ERR_R_GMAPI_LIB); - goto end; - } - ret = SAR_Ok; - end: return ret; } -int saf_get_ec_public_key_from_cert( - unsigned char *pucCertificate, - unsigned int uiCertificateLen, - ECCrefPublicKey *pucPublicKey) -{ - return -1; -} - /* 7.3.28 */ int SAF_EccPublicKeyEncByCert( unsigned char *pucCertificate, @@ -474,7 +291,7 @@ int SAF_EccPublicKeyEncByCert( if (!pucCertificate || !pucInData || !pucOutData || !puiOutDataLen) { SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_PASSED_NULL_PARAMETER); - return SAR_IndataErr); + return SAR_IndataErr; } if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) { SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, @@ -497,34 +314,8 @@ int SAF_EccPublicKeyEncByCert( return SAR_IndataLenErr; } - /* get public key from cert */ - if ((rv = saf_get_ec_public_key_from_cert( - pucCertificate, - uiCertificateLen, - &publicKey)) != SAR_OK) { - - SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_GMAPI_LIB); - ret = rv; - goto end; - } - - /* encrypt */ - if (SAF_EccPublicKeyEnc( - (unsigned char *)&publicKey, - (unsigned int)sizeof(ECCrefPublicKey), - uiAlgorithmID, - pucInData, - uiInDataLen, - pucOutData, - puiOutDataLen) != SAR_OK) { - - SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_GMAPI_LIB); - goto end; - } - /* set return value */ ret = SAR_Ok; - end: return ret; } @@ -547,7 +338,7 @@ int SAF_EccVerifySignByCert( if (!pucCertificate || !pucInData || !pucSignData) { SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_PASSED_NULL_PARAMETER); - return SAR_IndataErr); + return SAR_IndataErr; } if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) { SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, @@ -571,33 +362,9 @@ int SAF_EccVerifySignByCert( } /* load public key form cert */ - if ((rv = saf_get_ec_public_key_from_cert( - pucCertificate, - uiCertificateLen, - &publicKey))!= SAR_OK) { - - SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_GMAPI_LIB); - ret = rv; - goto end; - } - - /* verify */ - if (SAF_EccVerifySign( - (unsigned char *)&publicKey, - (unsigned int )sizeof(ECCrefPublicKey), - uiAlgorithmID, - pucInData, - uiInDataLen, - pucSignData, - uiSignDataLen)!= SAR_Ok) { - - SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_GMAPI_LIB); - goto end; - } /* set return value */ ret = SAR_Ok; - end: return ret; } @@ -616,24 +383,7 @@ int SAF_GenerateAgreementDataWithECC( void **phAgreementHandle) { int ret = -1; - void *hSessionHandle = NULL; unsigned int uiISKIndex; - - - if (SDF_GenerateAgreementDataWithECC( - hSessionHandle, - uiISKIndex, - uiKeyBits, - pucSponsorID, - uiSponsorIDLength, - (ECCrefPublicKey *)pucSponsorPublicKey, - (ECCrefPublicKey *)pucSponsorTmpPublicKey, - phAgreementHandle) != SDR_OK) { - - SAFerr(SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC, - ERR_R_GMAPI_LIB); - goto end; - } ret = SAR_Ok; end: @@ -653,19 +403,6 @@ int SAF_GenerateKeyWithECC( { int ret = -1; - if (SDF_GenerateKeyWithECC( - NULL, /*hSessionHandle */ - pucResponseID, - uiResponseIDLength, - (ECCrefPublicKey *)pucResponsePublicKey, - (ECCrefPublicKey *)pucResponseTmpPublicKey, - phAgreementHandle, - phKeyHandle) != SDR_OK) { - - SAFerr(SAF_F_SAF_GENERATEKEYWITHECC, ERR_R_GMAPI_LIB); - goto end; - } - return 0; } diff --git a/crypto/saf/saf_enc.c b/crypto/saf/saf_enc.c index 99ed2ef4..bd9906a5 100644 --- a/crypto/saf/saf_enc.c +++ b/crypto/saf/saf_enc.c @@ -269,4 +269,3 @@ int SAF_SymmDecrypt( *puiOutDataLen = out - pucOutData; return SAR_OK; } - diff --git a/crypto/saf/saf_err.c b/crypto/saf/saf_err.c index c2360af9..fd9f59cd 100644 --- a/crypto/saf/saf_err.c +++ b/crypto/saf/saf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,6 +27,7 @@ static ERR_STRING_DATA SAF_str_functs[] = { {ERR_FUNC(SAF_F_SAF_BASE64_ENCODE), "SAF_Base64_Encode"}, {ERR_FUNC(SAF_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"}, {ERR_FUNC(SAF_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"}, + {ERR_FUNC(SAF_F_SAF_CHANGEPIN), "SAF_ChangePin"}, {ERR_FUNC(SAF_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"}, {ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"}, {ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENCBYCERT), "SAF_EccPublicKeyEncByCert"}, @@ -37,7 +38,14 @@ static ERR_STRING_DATA SAF_str_functs[] = { {ERR_FUNC(SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC), "SAF_GenerateAgreementDataWithECC"}, {ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHECC), "SAF_GenerateKeyWithECC"}, + {ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"}, + {ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"}, {ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"}, + {ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"}, + {ERR_FUNC(SAF_F_SAF_IMPORTENCEDKEY), "SAF_ImportEncedKey"}, + {ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"}, + {ERR_FUNC(SAF_F_SAF_LOGIN), "SAF_Login"}, + {ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"}, {ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"}, {ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"}, {ERR_FUNC(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA), @@ -52,7 +60,10 @@ static ERR_STRING_DATA SAF_str_functs[] = { static ERR_STRING_DATA SAF_str_reasons[] = { {ERR_REASON(SAF_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_REASON(SAF_R_CBCMAC_FAILURE), "cbcmac failure"}, + {ERR_REASON(SAF_R_CMAC_FAILURE), "cmac failure"}, + {ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"}, {ERR_REASON(SAF_R_GEN_RANDOM), "gen random"}, + {ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"}, {ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"}, {ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"}, {ERR_REASON(SAF_R_INVALID_CONTEXT), "invalid context"}, @@ -63,6 +74,7 @@ static ERR_STRING_DATA SAF_str_reasons[] = { {ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"}, {ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"}, + {ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"}, {ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED), "operation not initialized"}, {ERR_REASON(SAF_R_SAF_ERROR), "saf error"}, diff --git a/crypto/saf/saf_keyhandle.c b/crypto/saf/saf_keyhandle.c index 54380751..50de4f45 100644 --- a/crypto/saf/saf_keyhandle.c +++ b/crypto/saf/saf_keyhandle.c @@ -53,60 +53,77 @@ #include #include "saf_lcl.h" -/* 7.3.31 - * Generate session key returned by `phKeyHandle` - * Encrypt the symmetric key `hSymmKeyObj` with the input public key - * `pucPublicKey`, output the encrypted results to `pucSymmKey`, - * - * how can we encrypt data with public key? - * it this function relies on ther SAF API? - * - * The function don't care the input public key. It should be an exported - * public key. Some extra information should be appened into the output key. - */ +/* 7.3.31 */ int SAF_GenerateKeyWithEPK( void *hSymmKeyObj, unsigned char *pucPublicKey, unsigned int uiPublicKeyLen, unsigned char *pucSymmKey, - unsigned int uiSymmKeyLen, + unsigned int *puiSymmKeyLen, void **phKeyHandle) { - int pkey_type; + int ret = SAR_UnknownErr; + SAF_KEY *hkey = NULL; + SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj; + const EVP_CIPHER *cipher; + unsigned char keybuf[32]; EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pkctx = NULL; + size_t outlen; - - if (!(pkey = d2i_PublicKey(pkey_type, NULL, &p, - (long)uiPublicKeyLen))) { + if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey + || !puiSymmKeyLen || !phKeyHandle) { + SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; } + if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) { + SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + outlen = (size_t)*puiSymmKeyLen; + if (!(cipher = EVP_get_cipherbysgd(obj->algor)) + || !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher)) + || !(pkey = d2i_PUBKEY(NULL, &pucPublicKey, (long)uiPublicKeyLen)) + || !(pkctx = EVP_PKEY_CTX_new(pkey, NULL)) + || !EVP_PKEY_encrypt_init(pkctx) + || !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) { + SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE); + goto end; + } + + // init EVP_CIPHER_CTX + if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) { + SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE); + goto end; + } + + *puiSymmKeyLen = (unsigned int)outlen; + ret = SAR_Ok; + +end: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pkctx); + return ret; } /* 7.3.32 */ -/* all the inforamtion should be kept in encrypted key - * the encrytped key can be decrypted with the default private key - */ int SAF_ImportEncedKey( void *hSymmKeyObj, unsigned char *pucSymmKey, unsigned int uiSymmKeyLen, void **phKeyHandle) { - return 0; + SAFerr(SAF_F_SAF_IMPORTENCEDKEY, SAF_R_NOT_SUPPORTED); + return SAR_NotSupportYetErr; } /* 7.3.37 */ int SAF_DestroyKeyHandle( void *hKeyHandle) { - SAF_KeyHandle *hkey = (SAF_KeyHandle *)hKeyHandle; - - if (!hKeyHandle) { - return SAR_OK; - } - - OPENSSL_clear_free(hkey->key, hkey->keylen); + SAF_KEY *hkey = (SAF_KEY *)hKeyHandle; + OPENSSL_clear_free(hkey, hkey->keylen); return SAR_OK; } - diff --git a/crypto/saf/saf_lcl.h b/crypto/saf/saf_lcl.h index 551aae09..1d0f7f8e 100644 --- a/crypto/saf/saf_lcl.h +++ b/crypto/saf/saf_lcl.h @@ -47,7 +47,6 @@ * ==================================================================== */ - #include #include #include @@ -65,73 +64,18 @@ typedef struct { } SAF_BASE64OBJ; typedef struct { - void *hAppHandle; - unsigned char *pucContainerName; - unsigned int uiContainerLen; - unsigned char *pucIV; - unsigned int uiIVLen; - unsigned int uiEncOrDec; - unsigned int uiCryptoAlgID; -} SAF_SymmKeyObj; + unsigned int algor; + unsigned char container[256]; + unsigned int containerlen; + unsigned char iv[16]; + unsigned int ivlen; + unsigned int enc; +} SAF_SYMMKEYOBJ; typedef struct { - unsigned char *key; - size_t keylen; - - /* used by `SAF_SymmEncryptUpdate`, `SAF_SymmEncryptFinal`, - * `SAF_SymmDecryptUpdate`, `SAF_SymmDecryptFinal` - */ + SAF_SYMMKEYOBJ obj; + unsigned char key[64]; EVP_CIPHER_CTX *cipher_ctx; - const EVP_CIPHER *cipher; CMAC_CTX *cmac_ctx; -} SAF_KEY_HANDLE; - -int saf_readfile( - const char *file, - unsigned char **pout, - size_t *len); - -int saf_save_ec_keypair( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiKeyBits, - unsigned int uiKeyUsage, - unsigned int uiExportFlag, - ECCrefPublicKey *pucPublicKey, - ECCrefPrivateKey *pucPrivateKey); - -int saf_save_rsa_keypair( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiKeyBits, - unsigned int uiKeyUsage, - unsigned int uiExportFlag, - RSArefPublicKey *pucPublicKey, - RSArefPrivateKey *pucPrivateKey); - -int saf_get_sdf_session_and_keyindex( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiKeyUsage, - void *phSessionHandle, - unsigned int puiKeyIndex); - -int saf_get_sdf_session_and_ecsignkey( - void *hAppHandle, - unsigned char *pucContainerName, - unsigned int uiContainerNameLen, - unsigned int uiAlgorithmID, /* SGD_SM2_1 */ - void **phSessionhandle, - unsigned int *puiISKIndex); - -void saf_release_sdf_session( - void *hSessionHandle); - -int saf_get_ec_public_key_from_cert( - unsigned char *pucCertificate, - unsigned int uiCertificateLen, - ECCrefPublicKey *pucPublicKey); +} SAF_KEY; diff --git a/crypto/saf/saf_mac.c b/crypto/saf/saf_mac.c index c4a8e174..bd506e18 100644 --- a/crypto/saf/saf_mac.c +++ b/crypto/saf/saf_mac.c @@ -49,7 +49,6 @@ #include #include -#include #include #include @@ -60,35 +59,35 @@ int SAF_MacUpdate( unsigned int uiInDataLen) { int ret = SAR_UnknownErr; - SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle; + SAF_KEY *hkey = (SAF_KEY *)hKeyHandle; if (!hKeyHandle || !pucInData) { SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_PASSED_NULL_PARAMETER); return SAR_IndataErr; } - if (!hkey->cbcmac_ctx) { - if (!(hkey->cbcmac_ctx = CBCMAC_CTX_new())) { + if (!hkey->cmac_ctx) { + if (!(hkey->cmac_ctx = CMAC_CTX_new())) { SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_MALLOC_FAILURE); goto end; } - if (!CBCMAC_Init(hkey->cbcmac_ctx, hkey->key, hkey->keylen, hkey->cipher, NULL)) { - SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CBCMAC_FAILURE); + if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, hkey->cipher, NULL)) { + SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE); goto end; } } - if (!CBCMAC_Update(hkey->cbcmac_ctx, pucInData, (size_t)uiInDataLen)) { - SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CBCMAC_FAILURE); + if (!CMAC_Update(hkey->cmac_ctx, pucInData, (size_t)uiInDataLen)) { + SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE); return SAR_UnknownErr; } ret = SAR_OK; end: - if (ret != SAR_OK && hkey->cbcmac_ctx) { - CBCMAC_CTX_free(hkey->cbcmac_ctx); - hkey->cbcmac_ctx = NULL; + if (ret != SAR_OK && hkey->cmac_ctx) { + CMAC_CTX_free(hkey->cmac_ctx); + hkey->cmac_ctx = NULL; } return ret; } @@ -99,7 +98,7 @@ int SAF_MacFinal( unsigned char *pucOutData, unsigned int *puiOutDataLen) { - SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle; + SAF_KEY *hkey = (SAF_KEY *)hKeyHandle; size_t siz; if (!hKeyHandle || !pucOutData || !puiOutDataLen) { @@ -112,7 +111,7 @@ int SAF_MacFinal( return SAR_IndataLenErr; } - if (!hkey->cbcmac_ctx) { + if (!hkey->cmac_ctx) { SAFerr(SAF_F_SAF_MACFINAL, SAF_R_OPERATION_NOT_INITIALIZED); return SAR_UnknownErr; } @@ -123,7 +122,7 @@ int SAF_MacFinal( return SAR_UnknownErr; } - *puiOutDataLen = siz; + *puiOutDataLen = (unsigned int)siz; return SAR_OK; } diff --git a/crypto/saf/saf_pkcs7.c b/crypto/saf/saf_pkcs7.c index 487cf634..e81552a8 100644 --- a/crypto/saf/saf_pkcs7.c +++ b/crypto/saf/saf_pkcs7.c @@ -50,32 +50,9 @@ #include #include #include -#incluce "saf_lcl.h" - -/* - -In GMAPI we will use private keys handled by ENGINE, the keys in ENGINE -is referenced by ENGINE and key label `key_id` -*/ - -EVP_PKEY *saf_load_private_key( void *hAppHandle, - unsigned char *containerName, unsigned int containerNameLen, - unsigned int keyUsage) -{ - return NULL; -} - -int GMAPI_CONTAINER_get_cert_and_key(GMAPI_CONTAINER *container, - int key_usage, X509 **cert, EVP_PKEY **pkey) -{ - return 0; -} +#include "saf_lcl.h" /* 7.4.2 */ -/* we need AppHandle before doing this - * App + Container + KeyUsage => sign_key - * the private key is referenced by a string label `key_id` - */ int SAF_Pkcs7_EncodeData( void *hAppHandle, unsigned char *pucSignContainerName, @@ -92,22 +69,7 @@ int SAF_Pkcs7_EncodeData( unsigned int *puiDerP7DataLen) { int ret = SAR_UnknownErr; - PKCS7 *p7 = NULL; - EVP_PKEY *pkey = NULL; - const EVP_MD *md; - - p7 = PKCS7_new(); - - pkey = saf_load_private_key(hAppHandle, - pucSignContainerName, uiSignContainerNameLen - uiSignKeyUsage); - - PKCS7_set_type(p7, 0); - - - - - return 0; + return ret; } @@ -115,7 +77,8 @@ int SAF_Pkcs7_EncodeData( int SAF_Pkcs7_DecodeData( void *hAppHandle) { - return 0; + int ret = SAR_UnknownErr; + return ret; } /* 7.4.4 */ @@ -132,52 +95,11 @@ int SAF_Pkcs7_EncodeSignedData( unsigned char *pucDerP7Data, unsigned int *puiDerP7DataLen) { - - int flags; - BIO *bio = NULL; - EVP_PKEY *pkey = NULL; - X509 *cert = NULL; - unsigned char *p; - - if (!(pkey = saf_load_private_key(hAppHandle, pucSignContainerName, - uiSignContainerNameLen, uiSignKeyUsage))) { - } - - /* decode certificate, check no extra input */ - p = pucSignerCertificate; - if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) { - } - if (p - pucSignerCertificate != uiSignerCertificateLen) { - } - - /* data bio */ - if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))) { - } - - /* set digest */ - if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) { - } - - flags = PKCS7_BINARY; - p7 = PKCS7_sign(cert, pkey, NULL, bio, flags); - - - p = pucDerP7Data; - if (i2d_PKCS7(p7, &p) < 0) { - } - - *puiDerP7DataLen = p - pucDerP7Data; - - return 0; + int ret = SAR_UnknownErr; + return ret; } /* 7.4.5 */ -/* - * The content data in PKCS #7 SignedData format is optional, as the - * `SAF_Pkcs7_DecodeSignedData` function has explicit content data input - * with parameter `pucData`, the `SAF_Pkcs7_EncodeSignedData` will not carry - * content data, with the `PKCS7_DETACHED` flag bit set. - */ int SAF_Pkcs7_DecodeSignedData( void *hAppHandle, unsigned char *pucDerP7SignedData, @@ -190,37 +112,8 @@ int SAF_Pkcs7_DecodeSignedData( unsigned char *pucSign, unsigned int *puiSignLen) { - int ret; - PKCS7 *p7 = NULL; - X509 *cert = NULL; - const EVP_MD *md; - BIO *bio = NULL; - STACK_OF(X509) *certs = NULL; - X509_STORE *store = NULL; - int flags = 0; - - p = pucDerP7SignedData; - if (!(p7 = d2i_PKCS7(NULL, &p, (long)uiDerP7SignedDataLen))) { - } - if (p - pucDerP7SignedData != uiDerP7SignedDataLen) { - } - - p = pucSignerCertificate; - if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) { - } - if (p - pucSignerCertificate != uiSignerCertificateLen) { - } - - if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) { - } - if (!PKCS7_set_digest(p7, md)) { - } - - if (!PKCS7_verify(p7, cert, store, bio, NULL, flags)) { - } - - - return 0; + int ret = SAR_UnknownErr; + return ret; } /* 7.4.6 */ @@ -235,27 +128,10 @@ int SAF_Pkcs7_EncodeEnvelopedData( unsigned int *puiDerP7EnvelopedDataLen) { int ret = SAR_UnknownErr; - PKCS7 *p7 = NULL; - X509 *cert = NULL; - BIO *bio = NULL; - const EVP_CIPHER *cipher; - int flags; - - cipher = EVP_get_cipherbysgd(uiSymmAlgorithm); - bio = BIO_new(BIO_s_mem()); - // set data to bio - - p = pucEncCertificate; - cert = d2i_X509(NULL, &p, uiEncCertificateLen); - - p7 = PKCS7_encrypt(cert, bio, cipher, flags); -end: - PKCS7_free(p7); return ret; } /* 7.4.7 */ -/* key is referenced by App.Container.KeyUsage */ int SAF_Pkcs7_DecodeEnvelopedData( void *hAppHandle, unsigned char *pucDecContainerName, @@ -266,20 +142,11 @@ int SAF_Pkcs7_DecodeEnvelopedData( unsigned char *pucData, unsigned int *puiDataLen) { - PKCS7 *p7 = NULL; - BIO *bio = NULL; - X509 *cert = NULL; - EVP_PKEY *pkey = NULL; - - // get cert and pkey from App.Container.KeyUsage - - PKCS7_decrypt(p7, pkey, cert, bio, flags); - - return 0; + int ret = SAR_UnknownErr; + return ret; } /* 7.4.8 */ -/* the `hAppHandle` and key is not required in digest */ int SAF_Pkcs7_EncodeDigestedData( void *hAppHandle, unsigned int uiDigestAlgorithm, @@ -289,89 +156,10 @@ int SAF_Pkcs7_EncodeDigestedData( unsigned int *puiDerP7DigestedDataLen) { int ret = SAR_UnknownErr; - PKCS7 *p7 = NULL; - BIO *bio = NULL; - const EVP_MD *md; - unsigned char *p; - int len; - - if (!hAppHandle || !pucData || !pucDerP7DigestedData || !puiDerP7DigestedDataLen) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER); - return SAR_IndataErr; - } - if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR); - return SAR_AlgoTypeErr; - } - if (uiDataLen > INT_MAX) { - return SAR_IndataLenErr; - } - len = (int)uiDataLen; - - if (!(p7 = PKCS7_new())) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_MALLOC_FAILURE); - goto end; - } - if (!PKCS7_set_type(p7, NID_pkcs7_digest)) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); - goto end; - } - - /* set digest */ - if (!PKCS7_set_digest(p7, md)) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); - goto end; - } - - /* set content */ - if (!PKCS7_content_new(p7, NID_pkcs7_data)) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); - goto end; - } - if (!(bio = PKCS7_dataInit(p7, NULL))) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); - goto end; - } - if (!BIO_write(bio, pucData, len)) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_GMAPI_LIB); - goto end; - } - if (!BIO_flush(bio)) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_GMAPI_LIB); - goto end; - } - if (!PKCS7_dataFinal(p7, bio)) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); - goto end; - } - - /* check output buffer length */ - if ((len = i2d_PKCS7(p7, NULL)) <= 0) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); - goto end; - } - if (*puiDerP7DigestedDataLen < len) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL); - goto end; - } - - /* der encoding */ - p = pucDerP7DigestedData; - if ((len = i2d_PKCS7(p7, &p)) <= 0) { - SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB); - goto end; - } - - *puiDerP7DigestedDataLen = (unsigned int)len; - ret = SAR_OK; - -end: - PKCS7_free(p7); return ret; } /* 7.4.9 */ -/* parse pkcs7 and get data and digest */ int SAF_Pkcs7_DecodeDigestedData( void *hAppHandle, unsigned int uiDigestAlgorithm, @@ -383,22 +171,5 @@ int SAF_Pkcs7_DecodeDigestedData( unsigned int *puiDigestLen) { int ret = SAR_UnknownErr; - PKCS7 *p7 = NULL; - unsigned char *p; - long len; - - if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) { - SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR); - return SAR_AlgoTypeErr; - } - - p = pucDerP7DigestedData; - len = uiDerP7DigestedDataLen; - if (!(p7 = d2i_PKCS7(NULL, &p, len))) { - goto end; - } - - return ret; } - diff --git a/crypto/saf/saf_rand.c b/crypto/saf/saf_rand.c index 556bc1f1..92d1ac55 100644 --- a/crypto/saf/saf_rand.c +++ b/crypto/saf/saf_rand.c @@ -60,13 +60,20 @@ int SAF_GenRandom( unsigned int uiRandLen, unsigned char *pucRand) { - int len; - if (uiRandLen > 1024 * 1024) { + if (uiRandLen <= 0 || uiRandLen > INT_MAX) { + SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_INVALID_INPUT_LENGTH); return SAR_IndataLenErr; } - len = (int)uiRandLen; + + if (!pucRand) { + SAFerr(SAF_F_SAF_GENRANDOM, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + if (!RAND_bytes(pucRand, len)) { + SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE); return SAR_GenRandErr; } + return SAR_OK; } diff --git a/crypto/saf/saf_rsa.c b/crypto/saf/saf_rsa.c index 051ebf19..f05e4e8c 100644 --- a/crypto/saf/saf_rsa.c +++ b/crypto/saf/saf_rsa.c @@ -61,28 +61,6 @@ int SAF_GenRsaKeyPair(void *hAppHandle, unsigned int uiKeyUsage, unsigned int uiExportFlag) { - RSArefPublicKey publicKey; - RSArefPrivateKey privateKey; - - if (SDR_OK != SDF_GenerateKeyPair_RSA( - NULL, - uiKeyBits, - &publicKey, - &privateKey)) { - } - - if ((ret = saf_save_rsa_keypair( - hAppHandle, - pucContainerName, - uiContainerNameLen, - uiKeyBits, - uiKeyUsage, - uiExportFlag, - &publicKey, - &privateKey)) - != SAR_Ok) { - } - return SAR_NotSupportYetErr; } @@ -95,47 +73,10 @@ int SAF_GetPublicKey( unsigned char *pucPublicKey, unsigned int *puiPublicKeyLen) { - - unsigned int uiAlgID; - - - if (uiAlgID = SGD_RSA) { - if (uiKeyUsage == 1) { - if (SDF_ExportSignPublicKey_RSA( - hSessionHandle, - uiKeyIndex, - (RSArefPublicKey *)pucPublicKey) != SDR_OK) { - } - } else { - if (SDF_ExportEncPublicKey_RSA( - hSessionHandle, - uiKeyIndex, - (RSArefPublicKey *)pucPublicKey) != SDR_OK) { - } - } - *puiPublicKeyLen = (unsigned int)sizeof(RSArefPublicKey); - } else { - if (uiKeyUsage == 1) { - if (SDF_ExportSignPublicKey_ECC( - hSessionHandle, - uiKeyIndex, - (ECCrefPublicKey *)pucPublicKey) != SDR_OK) { - } - } else { - if (SDF_ExportEncPublicKey_ECC( - hSessionHandle, - uiKeyIndex, - (ECCrefPublicKey *)pucPublicKey) != SDR_OK) { - } - } - *puiPublicKeyLen = (unsigned int)sizeof(ECCrefPublicKey); - } - return SAR_NotSupportYetErr; } /* 7.3.18 */ -/* the `pucInData` is message, not digest */ int SAF_RsaSign( void *hAppHandle, unsigned char *pucContainerName, @@ -146,8 +87,6 @@ int SAF_RsaSign( unsigned char *pucSignature, unsigned int *puiSignatureLen) { - - return SAR_NotSupportYetErr; } @@ -161,20 +100,6 @@ int SAF_RsaSignFile( unsigned char *pucSignature, unsigned int *puiSignatureLen) { - int ret; - unsigned char *buf = NULL; - unsigned int buflen; - - if ((ret = readfile(pucFileName, &buf, &buflen)) != SAR_OK) { - return ret; - } - if ((ret = SAF_RsaSign(hAppHandle, pucContainerName, uiContainerNameLen, - uiHashAlgoType, buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) { - OPENSSL_free(buf); - return ret; - } - - OPENSSL_free(buf); return SAR_OK; } @@ -200,20 +125,6 @@ int SAF_RsaVerifySignFile( unsigned char *pucSignature, unsigned int uiSignatureLen) { - int ret; - unsigned char *buf = NULL; - unsigned int buflen; - - if ((ret = readfile(pucFileName, &buf, &buflen)) != SAR_OK) { - return ret; - } - if ((ret = SAF_RsaVerifySign(uiHashAlgoType, pucPublicKey, uiPublicKeyLen, - buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) { - OPENSSL_free(buf); - return ret; - } - - OPENSSL_free(buf); return SAR_OK; } @@ -227,20 +138,6 @@ int SAF_VerifySignByCert( unsigned char *pucSignature, unsigned int uiSignatureLen) { - int ret; - unsigned char *buf = NULL; - unsigned int buflen; - - if ((ret = cert_get_pubkey(pucCertificate, uiCertificateLen, &buf, &buflen)) != SAR_OK) { - return ret; - } - if ((ret = SAF_RsaVerifySign(uiHashAlgoType, pucPublicKey, uiPublicKeyLen, - buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) { - OPENSSL_free(buf); - return ret; - } - - OPENSSL_free(buf); return SAR_OK; } diff --git a/crypto/saf/saf_sm2.c b/crypto/saf/saf_sm2.c index d134c7dc..1fc18df2 100644 --- a/crypto/saf/saf_sm2.c +++ b/crypto/saf/saf_sm2.c @@ -70,17 +70,6 @@ int SAF_SM2_EncodeSignedAndEnvelopedData( unsigned int *puiDerSignedAndEnvelopedDataLen) { int ret = SAR_UnknownErr; - PKCS7 *p7 = NULL; - EVP_PKEY *pkey = NULL; - const EVP_MD *md; - - p7 = PKCS7_new(); - - pkey = saf_load_private_key(hAppHandle, - pucSignContainerName, uiSignContainerNameLen - uiSignKeyUsage); - - PKCS7_set_type(p7, 0); return 0; } @@ -115,42 +104,6 @@ int SAF_SM2_EncodeSignedData( unsigned char *pucDerSignedData, unsigned int *puiDerSignedDataLen) { - - int flags; - BIO *bio = NULL; - EVP_PKEY *pkey = NULL; - X509 *cert = NULL; - unsigned char *p; - - if (!(pkey = saf_load_private_key(hAppHandle, pucSignContainerName, - uiSignContainerNameLen, uiSignKeyUsage))) { - } - - /* decode certificate, check no extra input */ - p = pucSignerCertificate; - if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) { - } - if (p - pucSignerCertificate != uiSignerCertificateLen) { - } - - /* data bio */ - if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))) { - } - - /* set digest */ - if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) { - } - - flags = PKCS7_BINARY; - p7 = PKCS7_sign(cert, pkey, NULL, bio, flags); - - - p = pucDerP7Data; - if (i2d_PKCS7(p7, &p) < 0) { - } - - *puiDerP7DataLen = p - pucDerP7Data; - return 0; } @@ -167,36 +120,6 @@ int SAF_SM2_DecodeSignedData( unsigned char *pucSign, unsigned int *puiSignLen) { - int ret; - PKCS7 *p7 = NULL; - X509 *cert = NULL; - const EVP_MD *md; - BIO *bio = NULL; - STACK_OF(X509) *certs = NULL; - X509_STORE *store = NULL; - int flags = 0; - - p = pucDerP7SignedData; - if (!(p7 = d2i_PKCS7(NULL, &p, (long)uiDerP7SignedDataLen))) { - } - if (p - pucDerP7SignedData != uiDerP7SignedDataLen) { - } - - p = pucSignerCertificate; - if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) { - } - if (p - pucSignerCertificate != uiSignerCertificateLen) { - } - - if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) { - } - if (!PKCS7_set_digest(p7, md)) { - } - - if (!PKCS7_verify(p7, cert, store, bio, NULL, flags)) { - } - - return 0; } @@ -212,22 +135,6 @@ int SAF_SM2_EncodeEnvelopedData( unsigned int *puiDerEnvelopedDataLen) { int ret = SAR_UnknownErr; - PKCS7 *p7 = NULL; - X509 *cert = NULL; - BIO *bio = NULL; - const EVP_CIPHER *cipher; - int flags; - - cipher = EVP_get_cipherbysgd(uiSymmAlgorithm); - bio = BIO_new(BIO_s_mem()); - // set data to bio - - p = pucEncCertificate; - cert = d2i_X509(NULL, &p, uiEncCertificateLen); - - p7 = PKCS7_encrypt(cert, bio, cipher, flags); -end: - PKCS7_free(p7); return ret; } @@ -242,14 +149,5 @@ int SAF_SM2_DecodeEnvelopedData( unsigned char *pucData, unsigned int *puiDataLen) { - PKCS7 *p7 = NULL; - BIO *bio = NULL; - X509 *cert = NULL; - EVP_PKEY *pkey = NULL; - - // get cert and pkey from App.Container.KeyUsage - - PKCS7_decrypt(p7, pkey, cert, bio, flags); - return 0; } diff --git a/crypto/saf/saf_symmkeyobj.c b/crypto/saf/saf_symmkeyobj.c index 29e71ea6..7a25bc20 100644 --- a/crypto/saf/saf_symmkeyobj.c +++ b/crypto/saf/saf_symmkeyobj.c @@ -54,10 +54,7 @@ #include "saf_lcl.h" -/* 7.3.30 - * All symmetric keys in GMAPI are session objects. - * The `SymmKeyObj` is a EVP_CIPHER_CTX - */ +/* 7.3.30 */ int SAF_CreateSymmKeyObj( void *hAppHandle, void **phSymmKeyObj, @@ -69,52 +66,31 @@ int SAF_CreateSymmKeyObj( unsigned int uiCryptoAlgID) { int ret = SAR_UnknownErr; - SAF_SymmKeyObj *obj = NULL; + SAF_SYMMKEYOBJ *obj = NULL; /* check arguments */ if (!hAppHandle || !phSymmKeyObj || !pucContainerName || !pucIV) { - SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, - ERR_R_PASSED_NULL_PARAMETER); - return -1; + SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; } - if (uiContainerLen > INT_MAX) { - SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, - SAF_R_INVALID_INPUT_LENGTH); - return -1; - } - if (uiIVLen > EVP_MAX_IV_LENGTH) { - SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, - SAF_R_INVALID_INPUT_LENGTH); - return -1; + if (uiContainerLen <= 0 || uiContainerLen > 255 || + uiIVLen > EVP_MAX_IV_LENGTH) { + SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; } /* init object */ if (!(obj = OPENSSL_zalloc(sizeof(*obj)))) { - SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, - ERR_R_MALLOC_FAILURE); + SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_MALLOC_FAILURE); goto end; } - obj->hAppHandle = hAppHandle; - if (!(obj->pucContainerName = OPENSSL_memdup(pucContainerName, - (size_t)uiContainerLen))) { - SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, - ERR_R_MALLOC_FAILURE); - goto end; - } - if (!(obj->pucIV = OPENSSL_memdup(pucIV, (size_t)uiIVLen))) { - SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, - ERR_R_MALLOC_FAILURE); - goto end; - } - obj->uiEncOrDec = uiEncOrDec; - - if (!EVP_get_cipherbysgd(uiCryptoAlgID)) { - SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, - SAF_R_INVALID_ALGOR); - goto end; - } - obj->uiCryptoAlgID = uiCryptoAlgID; + memcpy(obj->container, pucContainerName, uiContainerLen); + obj->containerlen = uiContainerLen; + memcpy(obj->iv, pucIV, uiIVLen); + obj->ivlen = uiIVLen; + obj->enc = uiEncOrDec; + obj->algor = uiCryptoAlgID; /* set output */ *phSymmKeyObj = obj; @@ -131,14 +107,10 @@ end: int SAF_DestroySymmAlgoObj( void *hSymmKeyObj) { - SAF_SymmKeyObj *obj = (SAF_SymmKeyObj *)hSymmKeyObj; - - if (!hSymmKeyObj) { - return SAR_OK; + SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj; + if (obj) { + OPENSSL_cleanse(obj, sizeof(*obj)); + OPENSSL_free(obj); } - - OPENSSL_free(obj->pucContainerName); - OPENSSL_free(obj->pucIV); - memset(obj, 0, sizeof(*obj)); return SAR_OK; } diff --git a/crypto/sdf/build.info b/crypto/sdf/build.info index 07225b35..c225dbf3 100644 --- a/crypto/sdf/build.info +++ b/crypto/sdf/build.info @@ -1,17 +1,2 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - sdf_dev.c \ - sdf_ec.c \ - sdf_enc.c \ - sdf_err.c \ - sdf_errstr.c \ - sdf_ext.c \ - sdf_file.c \ - sdf_hash.c \ - sdf_key.c \ - sdf_key2.c \ - sdf_lib.c \ - sdf_mac.c \ - sdf_rand.c \ - sdf_rsa.c \ - sdf_session.c +SOURCE[../../libcrypto]=sdf_err.c sdf_lib.c sdf_meth.c diff --git a/crypto/sdf/sdf_dev.c b/crypto/sdf/sdf_dev.c deleted file mode 100644 index 2ff7e25d..00000000 --- a/crypto/sdf/sdf_dev.c +++ /dev/null @@ -1,119 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -char *deviceHandle = "SDF Device Handle"; - -int SDF_OpenDevice( - void **phDeviceHandle) -{ - if (!phDeviceHandle) { - SDFerr(SDF_F_SDF_OPENDEVICE, ERR_R_PASSED_NULL_PARAMETER); - return SDR_OUTARGERR; - } - -#ifndef OPENSSL_NO_ENGINE - ENGINE_load_builtin_engines(); -#endif - - *phDeviceHandle = deviceHandle; - return SDR_OK; -} - -int SDF_CloseDevice( - void *hDeviceHandle) -{ - if (hDeviceHandle != deviceHandle) { - SDFerr(SDF_F_SDF_CLOSEDEVICE, SDF_R_INVALID_DEVICE_HANDLE); - return SDR_INARGERR; - } -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif - return SDR_OK; -} - -int SDF_GetDeviceInfo( - void *hSessionHandle, - DEVICEINFO *pstDeviceInfo) -{ - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - - if (!hSessionHandle || !pstDeviceInfo) { - SDFerr(SDF_F_SDF_GETDEVICEINFO, ERR_R_PASSED_NULL_PARAMETER); - return SDR_INARGERR; - } - if (session->magic != SDF_SESSION_MAGIC) { - SDFerr(SDF_F_SDF_GETDEVICEINFO, SDF_R_INVALID_SESSION_HANDLE); - return SDR_INARGERR; - } - - memset(pstDeviceInfo, 0, sizeof(*pstDeviceInfo)); - strncpy((char *)pstDeviceInfo->IssuerName, "GmSSL Project (http://gmssl.org)", 40); - strncpy((char *)pstDeviceInfo->DeviceName, "GmSSL Soft SDF", 16); - strncpy((char *)pstDeviceInfo->DeviceSerial, "201608020010123", 16); - pstDeviceInfo->DeviceVersion = 2; - pstDeviceInfo->StandardVersion = 1; - pstDeviceInfo->AsymAlgAbility[0] = SGD_RSA|SGD_SM2_1; - pstDeviceInfo->AsymAlgAbility[1] = SGD_RSA|SGD_SM2_3; - pstDeviceInfo->SymAlgAbility = SGD_SM1|SGD_SSF33|SGD_SM4|SGD_ZUC; - pstDeviceInfo->HashAlgAbility = SGD_SM3|SGD_SHA1|SGD_SHA256; - pstDeviceInfo->BufferSize = 0; - - return SDR_OK; -} - diff --git a/crypto/sdf/sdf_ec.c b/crypto/sdf/sdf_ec.c deleted file mode 100644 index 2a89f386..00000000 --- a/crypto/sdf/sdf_ec.c +++ /dev/null @@ -1,918 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -/* - * For all the ECC signing/verification, the to be signed data `pucData` - * should be the digest of the message, instead of the original message. If - * the application requires a GM standard signature with the hashed identity - * `Z`, then `SDF_HashInit` must be called with the `pucPublicKey` and - * `pucID` provided. - */ - -/* - * some of these functions require an `uiAlgID` to specify the algorithm. - * Currently only `SGD_SM2_1` and `SGD_SM2_3` should be used. Maybe for some - * implementations might also support international algorithms such as ECDSA - * and ECIES. - */ -/* - * there are limits on the max size of input plaintext, for SM2 encryptions, - * the length will be equal to the `ECCref_MAX_CIPHER_LEN` - */ -/* - * Symmetric Encryption: - * `SDF_Encrypt` - * `SDF_Decrypt` - * - * we will not provide two-step operations for SDF API which means the - * caller can not assign the `pucEnData` to be NULL hoping that the API will - * return the proper out length through `*puiEncDataLength`. The reason is - * that the maximum output length can be easily estimated in almost all the - * APIs of SDF. So when `pucEncData` is NULL or `*puiEncDataLength` is not - * large enough, the API will just return with an error. - * - * The implementation will not carefully to estimate the output length, so - * always prepare the max output buffer. For exmaple, prepare at least two - * extra blocks for symmetric encryption, prepare max digest length of known - * hash functions as the MAC buffer size. - * - * Note: the GM/T 0018-2012 standard requires the implementation MUST NOT do - * any padding operatons, and the input data length should be multiple block - * length. Thus these two functions can be used for modes such as CBC, the - * caller can use a function more than once and do the padding himself. - */ - -int SDF_GenerateKeyPair_ECC( - void *hSessionHandle, - unsigned int uiAlgID, - unsigned int uiKeyBits, - ECCrefPublicKey *pucPublicKey, - ECCrefPrivateKey *pucPrivateKey) -{ - int ret = SDR_UNKNOWERR; - EC_KEY *ec_key = NULL; - - /* check arguments */ - if (!hSessionHandle || !pucPublicKey || !pucPrivateKey) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - if (uiAlgID != SGD_SM2 && uiAlgID != SGD_SM2_1 && - uiAlgID != SGD_SM2_2 && uiAlgID != SGD_SM2_3) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC, - SDF_R_INVALID_ALGOR); - return SDR_UNKNOWERR; - } - if (uiKeyBits != 256) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC, - SDF_R_INVALID_KEY_LENGTH); - return SDR_UNKNOWERR; - } - - /* generate */ - if(!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC, ERR_R_EC_LIB); - goto end; - } - - /* convert */ - if (!EC_KEY_get_ECCrefPublicKey(ec_key, pucPublicKey)) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC, - SDF_R_GET_PUBLIC_KEY_FAILED); - goto end; - } - if (!EC_KEY_get_ECCrefPrivateKey(ec_key, pucPrivateKey)) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_ECC, - SDF_R_GET_PRIVATE_KEY_FAILED); - goto end; - } - - ret = SAR_OK; -end: - EC_KEY_free(ec_key); - return ret; -} - -int SDF_ExportSignPublicKey_ECC( - void *hSessionHandle, - unsigned int uiKeyIndex, - ECCrefPublicKey *pucPublicKey) -{ - int ret = SDR_UNKNOWERR; - EVP_PKEY *pkey = NULL; - unsigned int uiKeyUsage = SGD_SM2_1; - - /* check arguments */ - if (!hSessionHandle || !pucPublicKey) { - SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - - /* load key */ - if (!(pkey = sdf_load_ec_public_key(hSessionHandle, - uiKeyIndex, uiKeyUsage))) { - SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - - /* set return value */ - if (!EC_KEY_get_ECCrefPublicKey(EVP_PKEY_get0_EC_KEY(pkey), - pucPublicKey)) { - SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - ret = SDR_OK; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -int SDF_ExportEncPublicKey_ECC( - void *hSessionHandle, - unsigned int uiKeyIndex, - ECCrefPublicKey *pucPublicKey) -{ - int ret = SDR_UNKNOWERR; - EVP_PKEY *pkey = NULL; - unsigned int uiKeyUsage = 1; - - /* check arguments */ - if (!hSessionHandle || !pucPublicKey) { - SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - - /* load key */ - if (!(pkey = sdf_load_ec_public_key(hSessionHandle, - uiKeyIndex, uiKeyUsage))) { - SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - - /* set return value */ - if (!EC_KEY_get_ECCrefPublicKey(EVP_PKEY_get0_EC_KEY(pkey), - pucPublicKey)) { - SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - ret = SDR_OK; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -int SDF_GenerateAgreementDataWithECC( - void *hSessionHandle, - unsigned int uiISKIndex, - unsigned int uiKeyBits, - unsigned char *pucSponsorID, - unsigned int uiSponsorIDLength, - ECCrefPublicKey *pucSponsorPublicKey, - ECCrefPublicKey *pucSponsorTmpPublicKey, - void **phAgreementHandle) -{ - return 0; -} - -int SDF_GenerateKeyWithECC( - void *hSessionHandle, - unsigned char *pucResponseID, - unsigned int uiResponseIDLength, - ECCrefPublicKey *pucResponsePublicKey, - ECCrefPublicKey *pucResponseTmpPublicKey, - void *hAgreementHandle, - void **phKeyHandle) -{ - return 0; -} - -int SDF_GenerateAgreementDataAndKeyWithECC( - void *hSessionHandle, - unsigned int uiISKIndex, - unsigned int uiKeyBits, - unsigned char *pucResponseID, - unsigned int uiResponseIDLength, - unsigned char *pucSponsorID, - unsigned int uiSponsorIDLength, - ECCrefPublicKey *pucSponsorPublicKey, - ECCrefPublicKey *pucSponsorTmpPublicKey, - ECCrefPublicKey *pucResponsePublicKey, - ECCrefPublicKey *pucResponseTmpPublicKey, - void **phKeyHandle) -{ - return 0; -} - -/* generate a session key and encrypt it with internal public key - * we can first random a key, - * export the public key, - * and then use the SDF_GenerateKeyWithEPK_ECC to encrypt the key - * the output key handle is only a pointer to the key buffer. - */ -int SDF_GenerateKeyWithIPK_ECC( - void *hSessionHandle, - unsigned int uiIPKIndex, - unsigned int uiKeyBits, /* output session key length */ - ECCCipher *pucKey, - void **phKeyHandle) -{ - int ret = SDR_UNKNOWERR; - SDF_KEY *key = NULL; - unsigned int uiAlgID = SGD_SM2_3; - - /* check arguments */ - if (!hSessionHandle || !pucKey || !phKeyHandle) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - if (uiKeyBits <= 0 || uiKeyBits > EVP_MAX_KEY_LENGTH * 8 || - uiKeyBits % 8) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC, - SDF_R_INVALID_KEY_LENGTH); - return SDR_UNKNOWERR; - } - - /* random key */ - if (!(key = OPENSSL_zalloc(sizeof(*key)))) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC, - ERR_R_MALLOC_FAILURE); - goto end; - } - key->keylen = uiKeyBits/8; - if ((ret = SDF_GenerateRandom(hSessionHandle, key->keylen, - key->key)) != SDR_OK) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - - /* encrypt key with external ec public key */ - if ((ret = SDF_InternalEncrypt_ECC( - hSessionHandle, - uiIPKIndex, - uiAlgID, - key->key, - key->keylen, - pucKey)) != SDR_OK) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - - /* set return value */ - *phKeyHandle = key; - key = NULL; - ret = SDR_OK; - -end: - OPENSSL_clear_free(key, sizeof(*key)); - return ret; -} - -int SDF_GenerateKeyWithEPK_ECC( - void *hSessionHandle, - unsigned int uiKeyBits, - unsigned int uiAlgID, /* must be SGD_SM2_3 */ - ECCrefPublicKey *pucPublicKey, - ECCCipher *pucKey, - void **phKeyHandle) -{ - int ret = SDR_UNKNOWERR; - SDF_KEY *key = NULL; - - /* check arguments */ - if (!hSessionHandle || !pucPublicKey || !pucKey || !phKeyHandle) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - if (uiKeyBits <= 0 || uiKeyBits >= EVP_MAX_KEY_LENGTH * 8 || - uiKeyBits % 8) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC, - SDF_R_INVALID_KEY_LENGTH); - return SDR_UNKNOWERR; - } - if (uiAlgID != SGD_SM2_3) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC, - SDF_R_INVALID_ALGOR); - return SDR_UNKNOWERR; - } - - /* random key */ - if (!(key = OPENSSL_zalloc(sizeof(*key)))) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC, - ERR_R_MALLOC_FAILURE); - goto end; - } - key->keylen = uiKeyBits/8; - if ((ret = SDF_GenerateRandom(hSessionHandle, key->keylen, - key->key)) != SDR_OK) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - - /* encrypt key with external ec public key */ - if ((ret = SDF_ExternalEncrypt_ECC( - hSessionHandle, - uiAlgID, - pucPublicKey, - key->key, - key->keylen, - pucKey)) != SDR_OK) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - - /* set return value */ - *phKeyHandle = key; - key = NULL; - ret = SDR_OK; - -end: - OPENSSL_clear_free(key, sizeof(*key)); - return ret; -} - -/* import session key - * use the engine to decrypt the ECCipher - */ -int SDF_ImportKeyWithISK_ECC( - void *hSessionHandle, - unsigned int uiISKIndex, - ECCCipher *pucKey, - void **phKeyHandle) -{ - int ret = SDR_UNKNOWERR; - SDF_KEY *key = NULL; - unsigned int uiAlgID = SGD_SM2_3; - - /* check arguments */ - if (!hSessionHandle || !pucKey || !phKeyHandle) { - SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - - /* prepare key */ - if (!(key = OPENSSL_zalloc(sizeof(*key)))) { - SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_ECC, - ERR_R_MALLOC_FAILURE); - goto end; - } - key->keylen = EVP_MAX_KEY_LENGTH; - - /* decrypt with internal ec private key */ - if ((ret = SDF_InternalDecrypt_ECC( - hSessionHandle, - uiISKIndex, - uiAlgID, - pucKey, - key->key, - &key->keylen)) != SDR_OK) { - SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - - /* set return value */ - *phKeyHandle = key; - key = NULL; - ret = SDR_OK; - -end: - OPENSSL_clear_free(key, sizeof(*key)); - return ret; -} - -int SDF_ExchangeDigitEnvelopeBaseOnECC( - void *hSessionHandle, - unsigned int uiKeyIndex, - unsigned int uiAlgID, - ECCrefPublicKey *pucPublicKey, - ECCCipher *pucEncDataIn, - ECCCipher *pucEncDataOut) -{ - return 0; -} - -/* - * Implementation of SM2 signing - * - * Although the digest and signing operations should be the wrapping of the EVP - * API, it will be simpler when using the native API of the `sm2` module. - * Another consideration is that the usage of SM2 EVP might be changed, and the - * operations might also be different from the GM standards, like signing the - * H(Z||H(M)) instead of signing H(Z||M). So in the GMAPI we use the SM2 API - * directly. - */ - -int SDF_ExternalSign_ECC( - void *hSessionHandle, /* no use so not checked */ - unsigned int uiAlgID, /* must be SGD_SM2_1 */ - ECCrefPrivateKey *pucPrivateKey, - unsigned char *pucData, /* digest */ - unsigned int uiDataLength, - ECCSignature *pucSignature) -{ - int ret = SDR_UNKNOWERR; - EC_KEY *ec_key = NULL; - ECDSA_SIG *sig = NULL; - - /* check arguments */ - if (!hSessionHandle || !pucData || !pucSignature) { - SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (uiAlgID != SGD_SM2_1) { - SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC, - SDF_R_INVALID_ALGOR); - return 0; - } - if (uiDataLength > INT_MAX) { - SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC, - SDF_R_INVALID_INPUT_LENGTH); - return 0; - } - - /* load ec private key */ - if (!(ec_key = EC_KEY_new_from_ECCrefPrivateKey(pucPrivateKey))) { - SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - if (!(sig = SM2_do_sign(pucData, uiDataLength, ec_key))) { - SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC, - ERR_R_EC_LIB); - goto end; - } - - /* set return value */ - if (!ECDSA_SIG_get_ECCSignature(sig, pucSignature)) { - SDFerr(SDF_F_SDF_EXTERNALSIGN_ECC, - ERR_R_GMAPI_LIB); - goto end; - } - ret = SDR_OK; - -end: - EC_KEY_free(ec_key); - ECDSA_SIG_free(sig); - return ret; -} - -int SDF_ExternalVerify_ECC( - void *hSessionHandle, - unsigned int uiAlgID, - ECCrefPublicKey *pucPublicKey, - unsigned char *pucDataInput, - unsigned int uiInputLength, - ECCSignature *pucSignature) -{ - int ret = SDR_UNKNOWERR; - EC_KEY *ec_key = NULL; - ECDSA_SIG *sig = NULL; - - /* check arguments */ - if (!hSessionHandle || !pucPublicKey || !pucDataInput || - !pucSignature) { - SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - if (uiAlgID != SGD_SM2_1) { - SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC, - SDF_R_INVALID_ALGOR); - return SDR_UNKNOWERR; - } - if (uiInputLength != SM3_DIGEST_LENGTH) { - SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC, - SDF_R_INVALID_INPUT_LENGTH); - return SDR_UNKNOWERR; - } - - /* parse arguments */ - if (!(ec_key = EC_KEY_new_from_ECCrefPublicKey(pucPublicKey))) { - SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC, - SDF_R_INVALID_EC_PUBLIC_KEY); - goto end; - } - if (!(sig = SM2_do_sign(pucDataInput, uiInputLength, ec_key))) { - SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC, ERR_R_EC_LIB); - goto end; - } - if (!ECDSA_SIG_get_ECCSignature(sig, pucSignature)) { - SDFerr(SDF_F_SDF_EXTERNALVERIFY_ECC, ERR_R_GMAPI_LIB); - goto end; - } - - /* set return value */ - ret = SDR_OK; - -end: - EC_KEY_free(ec_key); - ECDSA_SIG_free(sig); - return ret; -} - -int SDF_ExternalEncrypt_ECC( - void *hSessionHandle, - unsigned int uiAlgID, /* SGD_SM2_3 */ - ECCrefPublicKey *pucPublicKey, - unsigned char *pucData, - unsigned int uiDataLength, - ECCCipher *pucEncData) -{ - int ret = SDR_UNKNOWERR; - EC_KEY *ec_key = NULL; - SM2_CIPHERTEXT_VALUE *cv = NULL; - SM2_ENC_PARAMS params; - - /* check arguments */ - if (!hSessionHandle || !pucPublicKey || !pucData || !pucEncData) { - SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (uiAlgID != SGD_SM2_3) { - SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, - SDF_R_INVALID_ALGOR); - return 0; - } - /* FIXME - if (uiDataLength > ECCref_MAX_CIPHER_LEN) { - SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, - SDF_R_INVALID_INPUT_LENGTH); - return 0; - } - */ - - /* parse public key */ - if (!(ec_key = EC_KEY_new_from_ECCrefPublicKey(pucPublicKey))) { - SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, ERR_R_GMAPI_LIB); - goto end; - } - - /* encrypt */ - (void)SM2_ENC_PARAMS_init_with_recommended(¶ms); - if (!(cv = SM2_do_encrypt(¶ms, pucData, (size_t)uiDataLength, - ec_key))) { - SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, ERR_R_EC_LIB); - goto end; - } - /* encode ciphertext */ - if (!SM2_CIPHERTEXT_VALUE_get_ECCCipher(cv, pucEncData)) { - SDFerr(SDF_F_SDF_EXTERNALENCRYPT_ECC, ERR_R_EC_LIB); - goto end; - } - - ret = SDR_OK; - -end: - EC_KEY_free(ec_key); - SM2_CIPHERTEXT_VALUE_free(cv); - return ret; -} - -int SDF_ExternalDecrypt_ECC( - void *hSessionHandle, - unsigned int uiAlgID, - ECCrefPrivateKey *pucPrivateKey, - ECCCipher *pucEncData, - unsigned char *pucData, - unsigned int *puiDataLength) -{ - int ret = SDR_UNKNOWERR; - EC_KEY *ec_key = NULL; - SM2_CIPHERTEXT_VALUE *cv = NULL; - SM2_ENC_PARAMS params; - size_t siz; - - /* check arguments */ - if (!hSessionHandle || !pucPrivateKey || !pucEncData || - !pucData || !puiDataLength) { - SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - /* FIXME - if (*puiDataLength < ECCref_MAX_CIPHER_LEN) { - SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC, - SDF_R_BUFFER_TOO_SMALL); - return SDR_UNKNOWERR; - } - */ - - /* parse arguments */ - if (!(ec_key = EC_KEY_new_from_ECCrefPrivateKey(pucPrivateKey))) { - SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC, - SDF_R_INVALID_EC_PRIVATE_KEY); - goto end; - } - if (!(cv = SM2_CIPHERTEXT_VALUE_new_from_ECCCipher(pucEncData))) { - SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC, - SDF_R_INVALID_EC_CIPHERTEXT); - goto end; - } - - /* decrypt */ - (void)SM2_ENC_PARAMS_init_with_recommended(¶ms); - siz = (size_t)*puiDataLength; - if (!SM2_do_decrypt(¶ms, cv, pucData, &siz, ec_key)) { - SDFerr(SDF_F_SDF_EXTERNALDECRYPT_ECC, ERR_R_EC_LIB); - } - - /* set return value */ - *puiDataLength = (unsigned int)siz; - ret = SDR_OK; - -end: - EC_KEY_free(ec_key); - SM2_CIPHERTEXT_VALUE_free(cv); - return ret; -} - -/* internal private key operation will use ENGINE */ -int SDF_InternalSign_ECC( - void *hSessionHandle, - unsigned int uiISKIndex, - unsigned char *pucData, - unsigned int uiDataLength, - ECCSignature *pucSignature) -{ - int ret = 0; - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *pkey = NULL; - unsigned char buf[256/4 + 32]; - size_t siz; - - /* check arguments */ - if (!hSessionHandle || !pucData || !pucSignature) { - SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - if (uiDataLength > SM3_DIGEST_LENGTH) { - SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, - SDF_R_INVALID_INPUT_LENGTH); - return SDR_UNKNOWERR; - } - - /* parse arguments */ - if (!(pkey = sdf_load_ec_private_key(hSessionHandle, uiISKIndex, - SGD_PK_SIGN))) { - SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, - SDF_R_INVALID_KEY_HANDLE); - goto end; - } - - /* sign - * use the EVP API instead of the native SM2 API to use ENGINE - */ - if (!(ctx = EVP_PKEY_CTX_new(pkey, session->engine))) { - SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_EVP_LIB); - goto end; - } - if (!EVP_PKEY_sign_init(ctx)) { - SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_EVP_LIB); - goto end; - } - if (!EVP_PKEY_CTX_set_ec_sign_type(ctx, NID_sm_scheme)) { - SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_EVP_LIB); - goto end; - } - siz = sizeof(buf); - if (!EVP_PKEY_sign(ctx, buf, &siz, pucData, (size_t)uiDataLength)) { - SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_EVP_LIB); - goto end; - } - - /* convert signature buf to ECCSignature */ - if (!sdf_decode_ec_signature(pucSignature, buf, siz)) { - SDFerr(SDF_F_SDF_INTERNALSIGN_ECC, ERR_R_GMAPI_LIB); - goto end; - } - - /* set return value */ - ret = SDR_OK; - -end: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - return ret; -} - -int SDF_InternalVerify_ECC( - void *hSessionHandle, - unsigned int uiIPKIndex, - unsigned char *pucData, - unsigned int uiDataLength, - ECCSignature *pucSignature) -{ - int ret = SDR_UNKNOWERR; - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - unsigned char buf[521/4 + 32]; - size_t siz; - - /* check arguments */ - if (!hSessionHandle || !pucData || !pucSignature) { - SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - if (uiDataLength != SM3_DIGEST_LENGTH) { - SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, - SDF_R_INVALID_INPUT_LENGTH); - return SDR_UNKNOWERR; - } - - /* parse arguments */ - if (!(pkey = sdf_load_ec_public_key(hSessionHandle, uiIPKIndex, - SGD_PK_SIGN))) { - SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_GMAPI_LIB); - goto end; - } - siz = sizeof(buf); - if (!sdf_encode_ec_signature(pucSignature, buf, &siz)) { - SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_GMAPI_LIB); - goto end; - } - - /* verify with EVP API and ENGINE */ - if (!(ctx = EVP_PKEY_CTX_new(pkey, session->engine))) { - SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_EVP_LIB); - goto end; - } - if (!EVP_PKEY_verify_init(ctx)) { - SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_EVP_LIB); - goto end; - } - if (!EVP_PKEY_CTX_set_ec_sign_type(ctx, NID_sm_scheme)) { - SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_EVP_LIB); - goto end; - } - if (1 != EVP_PKEY_verify(ctx, buf, siz, pucData, - (size_t)uiDataLength)) { - SDFerr(SDF_F_SDF_INTERNALVERIFY_ECC, ERR_R_EVP_LIB); - goto end; - } - - ret = SDR_OK; - -end: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - return ret; -} - -int SDF_InternalEncrypt_ECC( - void *hSessionHandle, - unsigned int uiIPKIndex, - unsigned int uiAlgID, - unsigned char *pucData, - unsigned int uiDataLength, - ECCCipher *pucEncData) -{ - int ret = 0; - EVP_PKEY *pkey = NULL; - SM2_CIPHERTEXT_VALUE *cv = NULL; - SM2_ENC_PARAMS params; - - /* check arguments */ - if (!hSessionHandle || !pucData || !pucEncData) { - SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (uiDataLength > ECCref_MAX_LEN) { - SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC, - SDF_R_INVALID_INPUT_LENGTH); - return 0; - } - - if (!(pkey = sdf_load_ec_public_key((SDF_SESSION *)hSessionHandle, - uiIPKIndex, uiAlgID))) { - SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC, ERR_R_GMAPI_LIB); - goto end; - } - - (void)SM2_ENC_PARAMS_init_with_recommended(¶ms); - - /* we need to use the EVP_PKEY interface to use ENGINE ?*/ - if (!(cv = SM2_do_encrypt(¶ms, pucData, (size_t)uiDataLength, - EVP_PKEY_get0_EC_KEY(pkey)))) { - SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC, ERR_R_EC_LIB); - goto end; - } - - if (!SM2_CIPHERTEXT_VALUE_get_ECCCipher(cv, pucEncData)) { - SDFerr(SDF_F_SDF_INTERNALENCRYPT_ECC, ERR_R_EC_LIB); - goto end; - } - - ret = SDR_OK; - -end: - EVP_PKEY_free(pkey); - SM2_CIPHERTEXT_VALUE_free(cv); - return ret; -} - -int SDF_InternalDecrypt_ECC( - void *hSessionHandle, - unsigned int uiISKIndex, - unsigned int uiAlgID, - ECCCipher *pucEncData, - unsigned char *pucData, - unsigned int *puiDataLength) -{ - int ret = 0; - EVP_PKEY *pkey = NULL; - - - /* check arguments */ - if (!hSessionHandle || !pucEncData || !pucData || !puiDataLength) { - SDFerr(SDF_F_SDF_INTERNALDECRYPT_ECC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - - if (!(pkey = sdf_load_ec_private_key(hSessionHandle, - uiISKIndex, uiAlgID))) { - SDFerr(SDF_F_SDF_INTERNALDECRYPT_ECC, ERR_R_GMAPI_LIB); - goto end; - } - - -end: - return 0; -} - diff --git a/crypto/sdf/sdf_enc.c b/crypto/sdf/sdf_enc.c deleted file mode 100644 index 9e278944..00000000 --- a/crypto/sdf/sdf_enc.c +++ /dev/null @@ -1,215 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -/* TODO: current max input length is INT_MAX - * we will return error when the input is longer than INT_MAX. - * do not fixed this in GmSSL 2.x, fixed it in the future. - * we can seperate the input to multiple of INT_MAX with multiple upadtes. - */ -/* - * Implement with ENGINE - * as some of the ciphers such as SM1/SSF33 can not be supported by - * software, we can use ENGINEs hoping that such ciphers can be supported. - */ -int SDF_Encrypt( - void *hSessionHandle, - void *hKeyHandle, - unsigned int uiAlgID, - unsigned char *pucIV, - unsigned char *pucData, - unsigned int uiDataLength, - unsigned char *pucEncData, - unsigned int *puiEncDataLength) -{ - int ret = SDR_UNKNOWERR; - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - SDF_KEY *key = (SDF_KEY *)hKeyHandle; - EVP_CIPHER_CTX *ctx = NULL; - const EVP_CIPHER *cipher; - unsigned char *p; - int len; - - /* check arguments */ - if (!hSessionHandle || !hKeyHandle || !pucIV || !pucData || !pucEncData - || !puiEncDataLength) { - SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - if (uiDataLength <= 0 || uiDataLength > INT_MAX) { - SDFerr(SDF_F_SDF_ENCRYPT, SDF_R_INVALID_INPUT_LENGTH); - return SDR_UNKNOWERR; - } - if (*puiEncDataLength < uiDataLength + EVP_MAX_BLOCK_LENGTH * 2) { - SDFerr(SDF_F_SDF_ENCRYPT, SDF_R_BUFFER_TOO_SMALL); - return SDR_UNKNOWERR; - } - - /* parse arguments */ - if (!(cipher = sdf_get_cipher(hSessionHandle, uiAlgID))) { - SDFerr(SDF_F_SDF_ENCRYPT, SDF_R_INVALID_ALGOR); - goto end; - } - if (key->keylen != EVP_CIPHER_key_length(cipher)) { - SDFerr(SDF_F_SDF_ENCRYPT, SDF_R_INVALID_KEY_HANDLE); - goto end; - } - - /* encrypt */ - if (!(ctx = EVP_CIPHER_CTX_new())) { - SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_MALLOC_FAILURE); - goto end; - } - if (!EVP_EncryptInit_ex(ctx, cipher, session->engine, key->key, pucIV)) { - SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_EVP_LIB); - goto end; - } - p = pucEncData; - if (!EVP_EncryptUpdate(ctx, p, &len, pucData, (int)uiDataLength)) { - SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_EVP_LIB); - goto end; - } - p += len; - if (!EVP_EncryptFinal_ex(ctx, p, &len)) { - SDFerr(SDF_F_SDF_ENCRYPT, ERR_R_EVP_LIB); - goto end; - } - p += len; - - /* set return value */ - *puiEncDataLength = p - pucEncData; - ret = SDR_OK; - -end: - EVP_CIPHER_CTX_free(ctx); - return 0; -} - -int SDF_Decrypt( - void *hSessionHandle, - void *hKeyHandle, - unsigned int uiAlgID, - unsigned char *pucIV, - unsigned char *pucEncData, - unsigned int uiEncDataLength, - unsigned char *pucData, - unsigned int *puiDataLength) -{ - int ret = SDR_UNKNOWERR; - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - SDF_KEY *key = (SDF_KEY *)hKeyHandle; - const EVP_CIPHER *cipher; - EVP_CIPHER_CTX *ctx = NULL; - unsigned char *p; - int len; - - /* check arguments */ - if (!hSessionHandle || !hKeyHandle || !pucIV || !pucEncData || - !pucData || !puiDataLength) { - SDFerr(SDF_F_SDF_DECRYPT, ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - if (uiEncDataLength <= 0 || uiEncDataLength > INT_MAX) { - SDFerr(SDF_F_SDF_DECRYPT, SDF_R_INVALID_INPUT_LENGTH); - return SDR_UNKNOWERR; - } - if (*puiDataLength < uiEncDataLength) { - SDFerr(SDF_F_SDF_DECRYPT, SDF_R_BUFFER_TOO_SMALL); - return SDR_UNKNOWERR; - } - - /* parse arguments */ - if (!(cipher = sdf_get_cipher(hSessionHandle, uiAlgID))) { - SDFerr(SDF_F_SDF_DECRYPT, SDF_R_INVALID_ALGOR); - goto end; - } - if (key->keylen != EVP_CIPHER_key_length(cipher)) { - SDFerr(SDF_F_SDF_DECRYPT, SDF_R_INVALID_KEY_HANDLE); - goto end; - } - - /* decrypt */ - if (!(ctx = EVP_CIPHER_CTX_new())) { - SDFerr(SDF_F_SDF_DECRYPT, ERR_R_MALLOC_FAILURE); - goto end; - } - if (!EVP_DecryptInit_ex(ctx, cipher, session->engine, key->key, pucIV)) { - SDFerr(SDF_F_SDF_DECRYPT, ERR_R_EVP_LIB); - goto end; - } - p = pucData; - if (!EVP_DecryptUpdate(ctx, p, &len, pucEncData, - (int)uiEncDataLength)) { - SDFerr(SDF_F_SDF_DECRYPT, ERR_R_EVP_LIB); - goto end; - } - p += len; - if (!EVP_DecryptFinal_ex(ctx, p, &len)) { - SDFerr(SDF_F_SDF_DECRYPT, ERR_R_EVP_LIB); - goto end; - } - p += len; - - /* set return value */ - *puiDataLength = p - pucEncData; - ret =SDR_OK; - -end: - EVP_CIPHER_CTX_free(ctx); - return ret; -} - diff --git a/crypto/sdf/sdf_err.c b/crypto/sdf/sdf_err.c deleted file mode 100644 index 887c5c02..00000000 --- a/crypto/sdf/sdf_err.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SDF,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SDF,0,reason) - -static ERR_STRING_DATA SDF_str_functs[] = { - {ERR_FUNC(SDF_F_SDF_CALCULATEMAC), "SDF_CalculateMAC"}, - {ERR_FUNC(SDF_F_SDF_CLOSEDEVICE), "SDF_CloseDevice"}, - {ERR_FUNC(SDF_F_SDF_CLOSESESSION), "SDF_CloseSession"}, - {ERR_FUNC(SDF_F_SDF_DECODE_EC_SIGNATURE), "sdf_decode_ec_signature"}, - {ERR_FUNC(SDF_F_SDF_DECRYPT), "SDF_Decrypt"}, - {ERR_FUNC(SDF_F_SDF_ENCODE_EC_SIGNATURE), "sdf_encode_ec_signature"}, - {ERR_FUNC(SDF_F_SDF_ENCRYPT), "SDF_Encrypt"}, - {ERR_FUNC(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC), - "SDF_ExportEncPublicKey_ECC"}, - {ERR_FUNC(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA), - "SDF_ExportEncPublicKey_RSA"}, - {ERR_FUNC(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC), - "SDF_ExportSignPublicKey_ECC"}, - {ERR_FUNC(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA), - "SDF_ExportSignPublicKey_RSA"}, - {ERR_FUNC(SDF_F_SDF_EXTERNALDECRYPT_ECC), "SDF_ExternalDecrypt_ECC"}, - {ERR_FUNC(SDF_F_SDF_EXTERNALENCRYPT_ECC), "SDF_ExternalEncrypt_ECC"}, - {ERR_FUNC(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA), - "SDF_ExternalPrivateKeyOperation_RSA"}, - {ERR_FUNC(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA), - "SDF_ExternalPublicKeyOperation_RSA"}, - {ERR_FUNC(SDF_F_SDF_EXTERNALSIGN_ECC), "SDF_ExternalSign_ECC"}, - {ERR_FUNC(SDF_F_SDF_EXTERNALVERIFY_ECC), "SDF_ExternalVerify_ECC"}, - {ERR_FUNC(SDF_F_SDF_GENERATEKEYPAIR_ECC), "SDF_GenerateKeyPair_ECC"}, - {ERR_FUNC(SDF_F_SDF_GENERATEKEYPAIR_RSA), "SDF_GenerateKeyPair_RSA"}, - {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHEPK_ECC), - "SDF_GenerateKeyWithEPK_ECC"}, - {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHEPK_RSA), - "SDF_GenerateKeyWithEPK_RSA"}, - {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHIPK_ECC), - "SDF_GenerateKeyWithIPK_ECC"}, - {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHIPK_RSA), - "SDF_GenerateKeyWithIPK_RSA"}, - {ERR_FUNC(SDF_F_SDF_GENERATERANDOM), "SDF_GenerateRandom"}, - {ERR_FUNC(SDF_F_SDF_GETDEVICEINFO), "SDF_GetDeviceInfo"}, - {ERR_FUNC(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT), - "SDF_GetPrivateKeyAccessRight"}, - {ERR_FUNC(SDF_F_SDF_GET_CIPHER), "sdf_get_cipher"}, - {ERR_FUNC(SDF_F_SDF_GET_DIGEST), "sdf_get_digest"}, - {ERR_FUNC(SDF_F_SDF_HASHFINAL), "SDF_HashFinal"}, - {ERR_FUNC(SDF_F_SDF_HASHINIT), "SDF_HashInit"}, - {ERR_FUNC(SDF_F_SDF_HASHUPDATE), "SDF_HashUpdate"}, - {ERR_FUNC(SDF_F_SDF_IMPORTKEY), "SDF_ImportKey"}, - {ERR_FUNC(SDF_F_SDF_IMPORTKEYWITHISK_ECC), "SDF_ImportKeyWithISK_ECC"}, - {ERR_FUNC(SDF_F_SDF_IMPORTKEYWITHISK_RSA), "SDF_ImportKeyWithISK_RSA"}, - {ERR_FUNC(SDF_F_SDF_INTERNALDECRYPT_ECC), "SDF_InternalDecrypt_ECC"}, - {ERR_FUNC(SDF_F_SDF_INTERNALENCRYPT_ECC), "SDF_InternalEncrypt_ECC"}, - {ERR_FUNC(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA), - "SDF_InternalPrivateKeyOperation_RSA"}, - {ERR_FUNC(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA), - "SDF_InternalPublicKeyOperation_RSA"}, - {ERR_FUNC(SDF_F_SDF_INTERNALSIGN_ECC), "SDF_InternalSign_ECC"}, - {ERR_FUNC(SDF_F_SDF_INTERNALVERIFY_ECC), "SDF_InternalVerify_ECC"}, - {ERR_FUNC(SDF_F_SDF_LOAD_EC_PRIVATE_KEY), "sdf_load_ec_private_key"}, - {ERR_FUNC(SDF_F_SDF_LOAD_EC_PUBLIC_KEY), "sdf_load_ec_public_key"}, - {ERR_FUNC(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY), "sdf_load_rsa_private_key"}, - {ERR_FUNC(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY), "sdf_load_rsa_public_key"}, - {ERR_FUNC(SDF_F_SDF_OPENDEVICE), "SDF_OpenDevice"}, - {ERR_FUNC(SDF_F_SDF_OPENSESSION), "SDF_OpenSession"}, - {ERR_FUNC(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT), - "SDF_ReleasePrivateKeyAccessRight"}, - {0, NULL} -}; - -static ERR_STRING_DATA SDF_str_reasons[] = { - {ERR_REASON(SDF_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(SDF_R_BUUTER_TOO_SMALL), "buuter too small"}, - {ERR_REASON(SDF_R_CBCMAC_FAILURE), "cbcmac failure"}, - {ERR_REASON(SDF_R_CMAC_FAILURE), "cmac failure"}, - {ERR_REASON(SDF_R_COMPUTE_SM2_ID_FAILURE), "compute sm2 id failure"}, - {ERR_REASON(SDF_R_ENGINE_LOAD_KEY_FAILURE), "engine load key failure"}, - {ERR_REASON(SDF_R_GET_PRIVATE_KEY_FAILED), "get private key failed"}, - {ERR_REASON(SDF_R_GET_PUBLIC_KEY_FAILED), "get public key failed"}, - {ERR_REASON(SDF_R_INVALID_ALGOR), "invalid algor"}, - {ERR_REASON(SDF_R_INVALID_DEVICE_HANDLE), "invalid device handle"}, - {ERR_REASON(SDF_R_INVALID_EC_CIPHERTEXT), "invalid ec ciphertext"}, - {ERR_REASON(SDF_R_INVALID_EC_PRIVATE_KEY), "invalid ec private key"}, - {ERR_REASON(SDF_R_INVALID_EC_PUBLIC_KEY), "invalid ec public key"}, - {ERR_REASON(SDF_R_INVALID_INPUT_LENGTH), "invalid input length"}, - {ERR_REASON(SDF_R_INVALID_KEY_HANDLE), "invalid key handle"}, - {ERR_REASON(SDF_R_INVALID_KEY_INDEX), "invalid key index"}, - {ERR_REASON(SDF_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_REASON(SDF_R_INVALID_KEY_USAGE), "invalid key usage"}, - {ERR_REASON(SDF_R_INVALID_LENGTH), "invalid length"}, - {ERR_REASON(SDF_R_INVALID_OPERATION_STATE), "invalid operation state"}, - {ERR_REASON(SDF_R_INVALID_PASSWORD_LENGTH), "invalid password length"}, - {ERR_REASON(SDF_R_INVALID_SESSION), "invalid session"}, - {ERR_REASON(SDF_R_INVALID_SESSION_HANDLE), "invalid session handle"}, - {ERR_REASON(SDF_R_KEY_TYPE_NOT_MATCH), "key type not match"}, - {ERR_REASON(SDF_R_LOAD_ENGINE_FAILURE), "load engine failure"}, - {ERR_REASON(SDF_R_RANDOM_FAILURE), "random failure"}, - {ERR_REASON(SDF_R_SDF_SESSION_NO_ENGINE), "sdf session no engine"}, - {0, NULL} -}; - -#endif - -int ERR_load_SDF_strings(void) -{ -#ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(SDF_str_functs[0].error) == NULL) { - ERR_load_strings(0, SDF_str_functs); - ERR_load_strings(0, SDF_str_reasons); - } -#endif - return 1; -} diff --git a/crypto/sdf/sdf_errstr.c b/crypto/sdf/sdf_errstr.c deleted file mode 100644 index add89a03..00000000 --- a/crypto/sdf/sdf_errstr.c +++ /dev/null @@ -1,99 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include "../../e_os.h" - -static ERR_STRING_DATA sdf_errstr[] = { - { SDR_OK, "Success" }, - { SDR_BASE, "Base" }, - { SDR_UNKNOWERR, "Unknown error" }, - { SDR_NOTSUPPORT, "Not supported" }, - { SDR_COMMFAIL, "Commnunication failure" }, - { SDR_HARDFAIL, "Hardware failure" }, - { SDR_OPENDEVICE, "Open device" }, - { SDR_OPENSESSION, "Open session" }, - { SDR_PARDENY, "Private key access denied (for index 0)" }, - { SDR_KEYNOTEXIST, "Key not exist" }, - { SDR_ALGNOTSUPPOT, "Algorithm not supported" }, - { SDR_ALGMODNOTSUPPORT, "Algorithm mode not supported" }, - { SDR_PKOPERR, "Public key operation error" }, - { SDR_SKOPERR, "Private key operation error" }, - { SDR_SIGNERR, "Signature generation error" }, - { SDR_VERIFYERR, "Singature verification error" }, - { SDR_SYMOPERR, "Symmetric encryption error" }, - { SDR_STEPERR, "Multi-step operation error" }, - { SDR_FILESIZEERR, "File size error" }, - { SDR_FILENOEXIST, "File not exist" }, - { SDR_FILEOFSERR, "File offset error" }, - { SDR_KEYTYPEERR, "Key type error" }, - { SDR_KEYERR, "Key error" }, - { SDR_ENCDATAERR, "ECC encrypted data error" }, - { SDR_RANDERR, "Random number generator error" }, - { SDR_PRKRERR, "Private key privilege error" }, - { SDR_MACERR, "MAC computation error" }, - { SDR_FILEEXSITS, "File already exist" }, - { SDR_FILEWERR, "File write error" }, - { SDR_NOBUFFER, "No buffer" }, - { SDR_INARGERR, "Input argument error" }, - { SDR_OUTARGERR, "Output argument error" }, -}; - -const char *SDF_GetErrorString(int err) -{ - int i; - for (i = 0; i < OSSL_NELEM(sdf_errstr); i++) { - if (err == sdf_errstr[i].error) { - return sdf_errstr[i].string; - } - } - return "(undef)"; -} - diff --git a/crypto/sdf/sdf_ext.c b/crypto/sdf/sdf_ext.c deleted file mode 100644 index f973eacc..00000000 --- a/crypto/sdf/sdf_ext.c +++ /dev/null @@ -1,238 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -int SDF_PrintDeviceInfo(FILE *fp, DEVICEINFO *devInfo) -{ - char issuerName[41]; - char deviceName[17]; - char deviceSerial[17]; - - /* IssuerName */ - memcpy(issuerName, devInfo->IssuerName, 40); - issuerName[40] = 0; - fprintf(fp, "IssuerName = %s\n", issuerName); - - /* DeviceName */ - memcpy(deviceName, devInfo->DeviceName, 16); - deviceName[16] = 0; - fprintf(fp, "DeviceName = %s\n", deviceName); - - /* DeviceSerial */ - memcpy(deviceSerial, devInfo->DeviceSerial, 16); - deviceSerial[16] = 0; - fprintf(fp, "DeviceSerial = %s\n", deviceSerial); - - /* DeviceVersion */ - fprintf(fp, "DeviceVersion = 0x%08X\n", devInfo->DeviceVersion); - - /* StandardVersion */ - fprintf(fp, "StandardVersion = 0x%08X\n", devInfo->StandardVersion); - - /* AsymAlgAbility */ - fputs("AsymAlgAbility[0] =", fp); - if (devInfo->AsymAlgAbility[0] & SGD_RSA) { - fputs(" RSA", fp); - } - if (devInfo->AsymAlgAbility[0] & SGD_SM2) { - fputs(" SM2", fp); - } - fputs("\n", fp); - fprintf(fp, "AsymAlgAbility[1] = 0x%08X\n", devInfo->AsymAlgAbility[1]); - - /* SymAlgAbility */ - fputs("SymAlgAbility =", fp); - if (devInfo->SymAlgAbility & SGD_SM1) - fputs(" SM1", fp); - if (devInfo->SymAlgAbility & SGD_SSF33) - fputs(" SSF33", fp); - if (devInfo->SymAlgAbility & SGD_SM4) - fputs(" SM4", fp); - if (devInfo->SymAlgAbility & SGD_ZUC) - fputs(" ZUC", fp); - fputs("\n", fp); - - /* HashAlgAbility */ - fputs("HashAlgAbility =", fp); - if (devInfo->HashAlgAbility & SGD_SM3) - fputs(" SM3", fp); - if (devInfo->HashAlgAbility & SGD_SHA1) - fputs(" SHA1", fp); - if (devInfo->HashAlgAbility & SGD_SHA256) - fputs(" SHA256", fp); - fputs("\n", fp); - - /* BufferSize */ - fprintf(fp, "BufferSize = %u\n", devInfo->BufferSize); - - return SDR_OK; -} - -int SDF_PrintRSAPublicKey(FILE *fp, RSArefPublicKey *pk) -{ - int i; - - /* bits */ - (void)fprintf(fp, "bits = %u\n", pk->bits); - - /* m */ - (void)fputs("m = ", fp); - for (i = 0; i < RSAref_MAX_LEN; i++) { - (void)fprintf(fp, "%02X", pk->m[i]); - } - (void)fputs("\n", fp); - - /* e */ - (void)fputs("e = ", fp); - for (i = 0; i < RSAref_MAX_LEN; i++) { - (void)fprintf(fp, "%02X", pk->e[i]); - } - (void)fputs("\n", fp); - - return 1; -} - -int SDF_PrintRSAPrivateKey(FILE *fp, RSArefPrivateKey *sk) -{ - return 0; -} - -int SDF_PrintECCPublicKey(FILE *fp, ECCrefPublicKey *pk) -{ - int i; - - /* bits */ - (void)fprintf(fp, "bits = %u\n", pk->bits); - - /* x */ - (void)fputs("x = ", fp); - for (i = 0; i < ECCref_MAX_LEN; i++) { - (void)fprintf(fp, "%02X", pk->x[i]); - } - (void)fputs("\n", fp); - - /* y */ - (void)fputs("y = ", fp); - for (i = 0; i < ECCref_MAX_LEN; i++) { - (void)fprintf(fp, "%02X", pk->y[i]); - } - (void)fputs("\n", fp); - - return 1; -} - -int SDF_PrintECCPrivateKey(FILE *fp, ECCrefPrivateKey *pk) -{ - return 0; -} - -int SDF_PrintECCCipher(FILE *fp, ECCCipher *cipher) -{ - int i; - - /* x */ - (void)fputs("x = ", fp); - for (i = 0; i < ECCref_MAX_LEN; i++) { - (void)fprintf(fp, "%02X", cipher->x[i]); - } - (void)fputs("\n", fp); - - /* y */ - (void)fputs("y = ", fp); - for (i = 0; i < ECCref_MAX_LEN; i++) { - (void)fprintf(fp, "%02X", cipher->y[i]); - } - (void)fputs("\n", fp); - - /* M */ - (void)fputs("M = ", fp); - for (i = 0; i < 32; i++) { - (void)fprintf(fp, "%02X", cipher->M[i]); - } - (void)fputs("\n", fp); - - /* L */ - (void)fprintf(fp, "L = %u\n", cipher->L); - - /* C */ - for (i = 0; i < cipher->L; i++) { - (void)fprintf(fp, "%02X", cipher->C[i]); - } - (void)fputs("\n", fp); - - return 1; -} - -int SDF_PrintECCSignature(FILE *fp, ECCSignature *sig) -{ - int i; - - /* r */ - (void)fputs("r = ", fp); - for (i = 0; i < ECCref_MAX_LEN; i++) { - (void)fprintf(fp, "%02X", sig->r[i]); - } - (void)fputs("\n", fp); - - /* s */ - (void)fputs("s = ", fp); - for (i = 0; i < ECCref_MAX_LEN; i++) { - (void)fprintf(fp, "%02X", sig->s[i]); - } - (void)fputs("\n", fp); - - return 1; -} - diff --git a/crypto/sdf/sdf_file.c b/crypto/sdf/sdf_file.c deleted file mode 100644 index cc714698..00000000 --- a/crypto/sdf/sdf_file.c +++ /dev/null @@ -1,89 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -int SDF_CreateFile( - void *hSessionHandle, - unsigned char *pucFileName, - unsigned int uiNameLen, - unsigned int uiFileSize) -{ - return SDR_NOTSUPPORT; -} - -int SDF_ReadFile( - void *hSessionHandle, - unsigned char *pucFileName, - unsigned int uiNameLen, - unsigned int uiOffset, - unsigned int *puiReadLength, - unsigned char *pucBuffer) -{ - return SDR_NOTSUPPORT; -} - -int SDF_WriteFile( - void *hSessionHandle, - unsigned char *pucFileName, - unsigned int uiNameLen, - unsigned int uiOffset, - unsigned int uiWriteLength, - unsigned char *pucBuffer) -{ - return SDR_NOTSUPPORT; -} - -int SDF_DeleteFile( - void *hSessionHandle, - unsigned char *pucFileName, - unsigned int uiNameLen) -{ - return SDR_NOTSUPPORT; -} diff --git a/crypto/sdf/sdf_hash.c b/crypto/sdf/sdf_hash.c deleted file mode 100644 index ff106777..00000000 --- a/crypto/sdf/sdf_hash.c +++ /dev/null @@ -1,217 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -int SDF_HashInit( - void *hSessionHandle, - unsigned int uiAlgID, - ECCrefPublicKey *pucPublicKey, - unsigned char *pucID, - unsigned int uiIDLength) -{ - int ret = SDR_UNKNOWERR; - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - EVP_MD_CTX *md_ctx = NULL; - const EVP_MD *md; - - /* check arguments */ - if (!hSessionHandle) { - SDFerr(SDF_F_SDF_HASHINIT, ERR_R_PASSED_NULL_PARAMETER); - return SDR_INARGERR; - } - if (pucID && (uiIDLength <= 0 || uiIDLength > INT_MAX)) { - SDFerr(SDF_F_SDF_HASHINIT, SDF_R_INVALID_LENGTH); - return SDR_INARGERR; - } - if (session->md_ctx) { - SDFerr(SDF_F_SDF_HASHINIT, SDF_R_INVALID_OPERATION_STATE); - return SDR_INARGERR; - } - if (!(md = EVP_get_digestbysgd(uiAlgID))) { - SDFerr(SDF_F_SDF_HASHINIT, SDF_R_INVALID_ALGOR); - return SDR_INARGERR; - } - - /* malloc and init */ - if (!(md_ctx = EVP_MD_CTX_new())) { - SDFerr(SDF_F_SDF_HASHINIT, ERR_R_MALLOC_FAILURE); - ret = SDR_NOBUFFER; - goto end; - } - if (!EVP_DigestInit_ex(md_ctx, md, session->engine)) { - SDFerr(SDF_F_SDF_HASHINIT, ERR_R_EVP_LIB); - ret = SDR_UNKNOWERR; - goto end; - } - - /* compute ZA and update */ - if (pucPublicKey) { - EC_KEY *ec_key = NULL; - unsigned char za[EVP_MAX_MD_SIZE]; - size_t zalen = sizeof(za); - char *id; - size_t idlen; - - if (pucID) { - id = (char *)pucID; - idlen = uiIDLength; - } else { - id = SM2_DEFAULT_ID; - idlen = strlen(SM2_DEFAULT_ID); - } - - if (!(ec_key = EC_KEY_new_from_ECCrefPublicKey(pucPublicKey))) { - SDFerr(SDF_F_SDF_HASHINIT, ERR_R_GMAPI_LIB); - ret = SDR_INARGERR; - goto end; - } - - if (!SM2_compute_id_digest(md, id, idlen, za, &zalen, ec_key)) { - SDFerr(SDF_F_SDF_HASHINIT, - SDF_R_COMPUTE_SM2_ID_FAILURE); - ret = SDR_UNKNOWERR; - EC_KEY_free(ec_key); - goto end; - } - - EC_KEY_free(ec_key); - - if (!EVP_DigestUpdate(md_ctx, za, zalen)) { - SDFerr(SDF_F_SDF_HASHINIT, ERR_R_EVP_LIB); - ret = SDR_UNKNOWERR; - goto end; - } - } - - session->md_ctx = md_ctx; - md_ctx = NULL; - ret = SDR_OK; - -end: - EVP_MD_CTX_free(md_ctx); - return ret; -} - -int SDF_HashUpdate( - void *hSessionHandle, - unsigned char *pucData, - unsigned int uiDataLength) -{ - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - - /* check arguments */ - if (!hSessionHandle || !pucData) { - SDFerr(SDF_F_SDF_HASHUPDATE, ERR_R_PASSED_NULL_PARAMETER); - return SDR_INARGERR; - } - if (session->magic != SDF_SESSION_MAGIC) { - SDFerr(SDF_F_SDF_HASHUPDATE, SDF_R_INVALID_SESSION); - return SDR_INARGERR; - } - if (!session->md_ctx) { - SDFerr(SDF_F_SDF_HASHUPDATE, SDF_R_INVALID_OPERATION_STATE); - return SDR_INARGERR; - } - - /* update */ - if (!EVP_DigestUpdate(session->md_ctx, pucData, (size_t)uiDataLength)) { - SDFerr(SDF_F_SDF_HASHUPDATE, ERR_R_EVP_LIB); - return SDR_UNKNOWERR; - } - - return SDR_OK; -} - -int SDF_HashFinal( - void *hSessionHandle, - unsigned char *pucHash, - unsigned int *puiHashLength) -{ - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - - /* check arguments */ - if (!hSessionHandle || !pucHash || !puiHashLength) { - SDFerr(SDF_F_SDF_HASHFINAL, ERR_R_PASSED_NULL_PARAMETER); - return SDR_INARGERR; - } - if (session->magic != SDF_SESSION_MAGIC) { - SDFerr(SDF_F_SDF_HASHFINAL, SDF_R_INVALID_SESSION); - return SDR_INARGERR; - } - if (!session->md_ctx) { - SDFerr(SDF_F_SDF_HASHFINAL, - SDF_R_INVALID_OPERATION_STATE); - return SDR_INARGERR; - } - if (*puiHashLength < EVP_MD_CTX_size(session->md_ctx)) { - SDFerr(SDF_F_SDF_HASHFINAL, SDF_R_BUFFER_TOO_SMALL); - return SDR_INARGERR; - } - - /* digest final */ - if (!EVP_DigestFinal_ex(session->md_ctx, pucHash, puiHashLength)) { - SDFerr(SDF_F_SDF_HASHFINAL, ERR_R_EVP_LIB); - return SDR_UNKNOWERR; - } - - /* note: only success, the md_ctx can be free-ed */ - EVP_MD_CTX_free(session->md_ctx); - session->md_ctx = NULL; - - return SDR_OK; -} - diff --git a/crypto/sdf/sdf_key.c b/crypto/sdf/sdf_key.c deleted file mode 100644 index a302e190..00000000 --- a/crypto/sdf/sdf_key.c +++ /dev/null @@ -1,97 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ -/* - * In the standard GM/T 0018, the value of `uiKeyIndex` should start from 1, - * and the maximum value is defined by the vendor. - * The password length should be at least 8-byte. - */ - -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -int SDF_GenerateKeyWithKEK( - void *hSessionHandle, - unsigned int uiKeyBits, - unsigned int uiAlgID, - unsigned int uiKEKIndex, - unsigned char *pucKey, - unsigned int *puiKeyLength, - void **phKeyHandle) -{ - return SDR_NOTSUPPORT; -} - -int SDF_ImportKeyWithKEK( - void *hSessionHandle, - unsigned int uiAlgID, - unsigned int uiKEKIndex, - unsigned char *pucKey, - unsigned int uiKeyLength, - void **phKeyHandle) -{ - /* dont support this in GmSSL 2.x */ - return SDR_NOTSUPPORT; -} - -/* the destroy operation will always success! */ -int SDF_DestroyKey( - void *hSessionHandle, - void *hKeyHandle) -{ - SDF_KEY *key = (SDF_KEY *)hKeyHandle; - OPENSSL_clear_free(key, sizeof(*key)); - return SDR_OK; -} - diff --git a/crypto/sdf/sdf_key2.c b/crypto/sdf/sdf_key2.c deleted file mode 100644 index 528a0244..00000000 --- a/crypto/sdf/sdf_key2.c +++ /dev/null @@ -1,99 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -int SDF_ImportKey( - void *hSessionHandle, - unsigned char *pucKey, - unsigned int uiKeyLength, - void **phKeyHandle) -{ - int ret = 0; - SDF_KEY *key = NULL; - - /* check arguments */ - if (!hSessionHandle || !pucKey || !phKeyHandle) { - SDFerr(SDF_F_SDF_IMPORTKEY, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (uiKeyLength <= 0 || uiKeyLength > EVP_MAX_KEY_LENGTH) { - SDFerr(SDF_F_SDF_IMPORTKEY, - SDF_R_INVALID_KEY_LENGTH); - return 0; - } - - /* create object */ - if (!(key = OPENSSL_zalloc(sizeof(*key)))) { - SDFerr(SDF_F_SDF_IMPORTKEY, ERR_R_MALLOC_FAILURE); - goto end; - } - - /* copy key data */ - memcpy(key->key, pucKey, uiKeyLength); - key->keylen = uiKeyLength; - - /* set output */ - *phKeyHandle = key; - key = NULL; - ret = SDR_OK; - -end: - OPENSSL_clear_free(key, sizeof(*key)); - return ret; -} - diff --git a/crypto/sdf/sdf_lcl.h b/crypto/sdf/sdf_lcl.h deleted file mode 100644 index 3754ddfa..00000000 --- a/crypto/sdf/sdf_lcl.h +++ /dev/null @@ -1,81 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - - -#include -#include - -extern char *deviceHandle; - -#define SDF_ENGINE_ID "openssl" -#define SDF_SESSION_MAGIC 0x12345678 - -typedef struct { - uint32_t magic; - char *app; - ENGINE *engine; - char *password[SDF_MAX_KEY_INDEX]; - EVP_MD_CTX *md_ctx; -} SDF_SESSION; - -typedef struct { - unsigned char key[EVP_MAX_KEY_LENGTH]; - unsigned int keylen; -} SDF_KEY; - -const EVP_CIPHER *sdf_get_cipher(SDF_SESSION *session, unsigned int uiAlgoID); -const EVP_MD *sdf_get_digest(SDF_SESSION *session, unsigned int uiAlgoID); -EVP_PKEY *sdf_load_rsa_public_key(SDF_SESSION *session, unsigned int uiKeyIndex, unsigned int uiKeyUsage); -EVP_PKEY *sdf_load_rsa_private_key(SDF_SESSION *session, unsigned int uiKeyIndex, unsigned int uiKeyUsage); -EVP_PKEY *sdf_load_ec_public_key(SDF_SESSION *session, unsigned int uiKeyIndex, unsigned int uiKeyUsage); -EVP_PKEY *sdf_load_ec_private_key(SDF_SESSION *session, unsigned int uiKeyIndex, unsigned int uiKeyUsage); -int sdf_encode_ec_signature(ECCSignature *ref, unsigned char *out, size_t *outlen); -int sdf_decode_ec_signature(ECCSignature *ref, const unsigned char *in, size_t inlen); - - diff --git a/crypto/sdf/sdf_lib.c b/crypto/sdf/sdf_lib.c deleted file mode 100644 index 2ff31611..00000000 --- a/crypto/sdf/sdf_lib.c +++ /dev/null @@ -1,327 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -/* - * We always get these objects from engine, hardware-based engine, - * software-based engine with storage, or just ossl default engine. - */ - -const EVP_CIPHER *sdf_get_cipher(SDF_SESSION *session, - unsigned int uiAlgoID) -{ - int nid; - - if (!session->engine) { - SDFerr(SDF_F_SDF_GET_CIPHER, - SDF_R_SDF_SESSION_NO_ENGINE); - return NULL; - } - if ((nid = GMAPI_sgd2ciphernid(uiAlgoID)) == NID_undef) { - SDFerr(SDF_F_SDF_GET_CIPHER, - SDF_R_INVALID_ALGOR); - return NULL; - } - - return ENGINE_get_cipher(session->engine, nid); -} - -const EVP_MD *sdf_get_digest(SDF_SESSION *session, - unsigned int uiAlgoID) -{ - int nid; - - if (!session->engine) { - SDFerr(SDF_F_SDF_GET_DIGEST, - SDF_R_SDF_SESSION_NO_ENGINE); - return NULL; - } - if ((nid = GMAPI_sgd2mdnid(uiAlgoID)) == NID_undef) { - SDFerr(SDF_F_SDF_GET_DIGEST, - SDF_R_INVALID_ALGOR); - return NULL; - } - - return ENGINE_get_digest(session->engine, nid); -} - -/* we assume that the SDF ENGINE implementations follow the same design of - * the SKF key storage model: app/container/keyusage. And we assume the - * session is binded with app, the container is refered by key index, and - * the key usage is the same. So the `key_id` string used for ENGINE is as - * follows: - * "AppName/ContainerNameOrIndex/KeyUsage" - */ -//FIXME: we should change the following 4 functions into 1 and 4 macros -EVP_PKEY *sdf_load_rsa_public_key(SDF_SESSION *session, - unsigned int uiKeyIndex, unsigned int uiKeyUsage) -{ - EVP_PKEY *ret = NULL; - EVP_PKEY *pkey = NULL; - char key_id[256]; - char *app = ""; - char *usage; - - if (!session->engine) { - SDFerr(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY, - SDF_R_SDF_SESSION_NO_ENGINE); - return NULL; - } - if (!(usage = GMAPI_keyusage2str(uiKeyUsage))) { - SDFerr(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY, - SDF_R_INVALID_KEY_USAGE); - return NULL; - } - - snprintf(key_id, sizeof(key_id), "%s/%u/%s", app, uiKeyIndex, usage); - - if (!(pkey = ENGINE_load_public_key(session->engine, key_id, - NULL, NULL))) { - SDFerr(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY, - SDF_R_ENGINE_LOAD_KEY_FAILURE); - goto end; - } - - if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) { - SDFerr(SDF_F_SDF_LOAD_RSA_PUBLIC_KEY, - SDF_R_KEY_TYPE_NOT_MATCH); - goto end; - } - - ret = pkey; - pkey = NULL; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -EVP_PKEY *sdf_load_rsa_private_key(SDF_SESSION *session, - unsigned int uiKeyIndex, unsigned int uiKeyUsage) -{ - EVP_PKEY *ret = NULL; - EVP_PKEY *pkey = NULL; - char key_id[256]; - char *app = ""; - char *usage; - - if (!session->engine) { - SDFerr(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY, - SDF_R_SDF_SESSION_NO_ENGINE); - return NULL; - } - if (!(usage = GMAPI_keyusage2str(uiKeyUsage))) { - SDFerr(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY, - SDF_R_INVALID_KEY_USAGE); - return NULL; - } - - snprintf(key_id, sizeof(key_id), "%s/%u/%s", app, uiKeyIndex, usage); - - if (!(pkey = ENGINE_load_private_key(session->engine, key_id, - NULL, NULL))) { - SDFerr(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY, - SDF_R_ENGINE_LOAD_KEY_FAILURE); - goto end; - } - - if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) { - SDFerr(SDF_F_SDF_LOAD_RSA_PRIVATE_KEY, - SDF_R_KEY_TYPE_NOT_MATCH); - goto end; - } - - ret = pkey; - pkey = NULL; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -EVP_PKEY *sdf_load_ec_public_key(SDF_SESSION *session, - unsigned int uiKeyIndex, unsigned int uiKeyUsage) -{ - EVP_PKEY *ret = NULL; - EVP_PKEY *pkey = NULL; - char key_id[256]; - char *app = ""; - char *usage; - - if (!session->engine) { - SDFerr(SDF_F_SDF_LOAD_EC_PUBLIC_KEY, - SDF_R_SDF_SESSION_NO_ENGINE); - return NULL; - } - if (!(usage = GMAPI_keyusage2str(uiKeyUsage))) { - SDFerr(SDF_F_SDF_LOAD_EC_PUBLIC_KEY, - SDF_R_INVALID_KEY_USAGE); - return NULL; - } - - snprintf(key_id, sizeof(key_id), "%s/%u/%s", app, uiKeyIndex, usage); - - if (!(pkey = ENGINE_load_public_key(session->engine, key_id, - NULL, NULL))) { - SDFerr(SDF_F_SDF_LOAD_EC_PUBLIC_KEY, - SDF_R_ENGINE_LOAD_KEY_FAILURE); - goto end; - } - if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) { - SDFerr(SDF_F_SDF_LOAD_EC_PUBLIC_KEY, - SDF_R_KEY_TYPE_NOT_MATCH); - goto end; - } - - ret = pkey; - pkey = NULL; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -EVP_PKEY *sdf_load_ec_private_key(SDF_SESSION *session, - unsigned int uiKeyIndex, unsigned int uiKeyUsage) -{ - EVP_PKEY *ret = NULL; - EVP_PKEY *pkey = NULL; - char key_id[256]; - char *app = ""; - char *usage; - - if (!session->engine) { - SDFerr(SDF_F_SDF_LOAD_EC_PRIVATE_KEY, - SDF_R_SDF_SESSION_NO_ENGINE); - return NULL; - } - if (!(usage = GMAPI_keyusage2str(uiKeyUsage))) { - SDFerr(SDF_F_SDF_LOAD_EC_PRIVATE_KEY, - SDF_R_INVALID_KEY_USAGE); - return NULL; - } - - snprintf(key_id, sizeof(key_id), "%s/%u/%s", app, uiKeyIndex, usage); - - if (!(pkey = ENGINE_load_private_key(session->engine, key_id, - NULL, NULL))) { - SDFerr(SDF_F_SDF_LOAD_EC_PRIVATE_KEY, - SDF_R_ENGINE_LOAD_KEY_FAILURE); - goto end; - } - if (EVP_PKEY_id(pkey) != EVP_PKEY_EC) { - SDFerr(SDF_F_SDF_LOAD_EC_PRIVATE_KEY, - SDF_R_KEY_TYPE_NOT_MATCH); - goto end; - } - - ret = pkey; - pkey = NULL; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -int sdf_encode_ec_signature(ECCSignature *ref, unsigned char *out, - size_t *outlen) -{ - int ret = 0; - ECDSA_SIG *sig = NULL; - unsigned char *p; - int len; - - if (!(sig = ECDSA_SIG_new_from_ECCSignature(ref))) { - SDFerr(SDF_F_SDF_ENCODE_EC_SIGNATURE, ERR_R_GMAPI_LIB); - goto end; - } - - p = out; - if ((len = i2d_ECDSA_SIG(sig, &p)) <= 0) { - SDFerr(SDF_F_SDF_ENCODE_EC_SIGNATURE, ERR_R_EC_LIB); - goto end; - } - - ret = 1; - -end: - ECDSA_SIG_free(sig); - return ret; -} - -int sdf_decode_ec_signature(ECCSignature *ref, const unsigned char *in, - size_t inlen) -{ - int ret = 0; - ECDSA_SIG *sig = NULL; - const unsigned char *p; - - p = in; - if (!(sig = d2i_ECDSA_SIG(NULL, &p, inlen))) { - SDFerr(SDF_F_SDF_DECODE_EC_SIGNATURE, ERR_R_EC_LIB); - goto end; - } - - if (!ECDSA_SIG_get_ECCSignature(sig, ref)) { - SDFerr(SDF_F_SDF_DECODE_EC_SIGNATURE, ERR_R_GMAPI_LIB); - goto end; - } - - ret = 1; - -end: - ECDSA_SIG_free(sig); - return ret; -} diff --git a/crypto/sdf/sdf_mac.c b/crypto/sdf/sdf_mac.c deleted file mode 100644 index 9e8a2af7..00000000 --- a/crypto/sdf/sdf_mac.c +++ /dev/null @@ -1,131 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -int SDF_CalculateMAC( - void *hSessionHandle, - void *hKeyHandle, - unsigned int uiAlgID, - unsigned char *pucIV, - unsigned char *pucData, - unsigned int uiDataLength, - unsigned char *pucMAC, - unsigned int *puiMACLength) -{ - int ret = SDR_UNKNOWERR; - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - SDF_KEY *key = (SDF_KEY *)hKeyHandle; - CMAC_CTX *ctx = NULL; - const EVP_CIPHER *cipher; - size_t siz; - - /* check arguments, omit the useless pucIV in CBC-MAC */ - if (!hSessionHandle || !hKeyHandle || !pucData || - !pucMAC || !puiMACLength) { - SDFerr(SDF_F_SDF_CALCULATEMAC, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_UNKNOWERR; - } - /* the CBC-MAC API accept size_t input length, but we don't - * know whether future MAC implementation will change this */ - if (uiDataLength <= 0 || uiDataLength > INT_MAX) { - SDFerr(SDF_F_SDF_CALCULATEMAC, - SDF_R_INVALID_INPUT_LENGTH); - return SDR_UNKNOWERR; - } - - /* parse arguments */ - if (!(cipher = sdf_get_cipher(hSessionHandle, uiAlgID))) { - SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_INVALID_ALGOR); - goto end; - } - if (key->keylen != EVP_CIPHER_key_length(cipher)) { - SDFerr(SDF_F_SDF_CALCULATEMAC, - SDF_R_INVALID_KEY_HANDLE); - goto end; - } - if (*puiMACLength < EVP_CIPHER_block_size(cipher)) { - SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_BUUTER_TOO_SMALL); - goto end; - } - - /* generate mac */ - if (!(ctx = CMAC_CTX_new())) { - SDFerr(SDF_F_SDF_CALCULATEMAC, ERR_R_MALLOC_FAILURE); - goto end; - } - if (!CMAC_Init(ctx, key->key, key->keylen, cipher, session->engine)) { - SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_CMAC_FAILURE); - goto end; - } - if (!CMAC_Update(ctx, pucData, (size_t)uiDataLength)) { - SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_CMAC_FAILURE); - goto end; - } - if (!CMAC_Final(ctx, pucMAC, &siz)) { - SDFerr(SDF_F_SDF_CALCULATEMAC, SDF_R_CMAC_FAILURE); - goto end; - } - - *puiMACLength = (unsigned int)siz; - ret = SDR_OK; - -end: - CMAC_CTX_free(ctx); - return ret; -} - diff --git a/crypto/sdf/sdf_rand.c b/crypto/sdf/sdf_rand.c deleted file mode 100644 index 4102d8c9..00000000 --- a/crypto/sdf/sdf_rand.c +++ /dev/null @@ -1,95 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -int SDF_GenerateRandom( - void *hSessionHandle, - unsigned int uiLength, - unsigned char *pucRandom) -{ - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - - if (!hSessionHandle || !pucRandom) { - SDFerr(SDF_F_SDF_GENERATERANDOM, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_INARGERR; - } - - if (uiLength > INT_MAX) { - SDFerr(SDF_F_SDF_GENERATERANDOM, SDF_R_INVALID_LENGTH); - return SDR_INARGERR; - } - -#ifndef OPENSSL_NO_ENGINE - /* try to use the hardware random generator */ - if (session->engine) { - if (!RAND_set_rand_engine(session->engine)) { - //SDFerr(SDF_F_SDF_GENERATERANDOM, ERR_R_RAND_LIB); - return SDR_UNKNOWERR; - } - } -#endif - - if (!RAND_bytes(pucRandom, (int)uiLength)) { - SDFerr(SDF_F_SDF_GENERATERANDOM, SDF_R_RANDOM_FAILURE); - return SDR_RANDERR; - } - - return SDR_OK; -} - diff --git a/crypto/sdf/sdf_rsa.c b/crypto/sdf/sdf_rsa.c deleted file mode 100644 index e1e95576..00000000 --- a/crypto/sdf/sdf_rsa.c +++ /dev/null @@ -1,570 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -/* As there are two APIs for export signing key and decryption key, this - * means that keys with different usage can be referenced by the same - * `uiKeyIndex`, and `uiKeyIndex` is the index of a key container. - */ -int SDF_ExportSignPublicKey_RSA( - void *hSessionHandle, - unsigned int uiKeyIndex, - RSArefPublicKey *pucPublicKey) -{ - int ret = 0; - EVP_PKEY *pkey = NULL; - unsigned int uiKeyUsage = 0; - - if (!hSessionHandle || !pucPublicKey) { - SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!(pkey = sdf_load_rsa_public_key((SDF_SESSION *)hSessionHandle, - uiKeyIndex, uiKeyUsage))) { - SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA, ERR_R_GMAPI_LIB); - goto end; - } - - if (!RSA_get_RSArefPublicKey(EVP_PKEY_get0_RSA(pkey), pucPublicKey)) { - SDFerr(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA, ERR_R_GMAPI_LIB); - goto end; - } - - ret = SDR_OK; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -int SDF_ExportEncPublicKey_RSA( - void *hSessionHandle, - unsigned int uiKeyIndex, - RSArefPublicKey *pucPublicKey) -{ - int ret = 0; - EVP_PKEY *pkey = NULL; - unsigned int uiKeyUsage = 1; //FIXME - - if (!hSessionHandle || !pucPublicKey) { - SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!(pkey = sdf_load_rsa_public_key((SDF_SESSION *)hSessionHandle, - uiKeyIndex, uiKeyUsage))) { - SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA, ERR_R_GMAPI_LIB); - goto end; - } - - if (!RSA_get_RSArefPublicKey(EVP_PKEY_get0_RSA(pkey), pucPublicKey)) { - SDFerr(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA, ERR_R_GMAPI_LIB); - goto end; - } - - ret = SDR_OK; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -/* - * Generate RSA key pair. - * The MAX RSA bits is defined as 2048 in GM/T 0018-2012. As 1024 is not very - * secure, applications should always use 2048-bit. Use 1024-bit only for - * legacy applications. - */ -int SDF_GenerateKeyPair_RSA( - void *hSessionHandle, /* not used */ - unsigned int uiKeyBits, - RSArefPublicKey *pucPublicKey, - RSArefPrivateKey *pucPrivateKey) -{ - int ret = 0; - RSA *rsa = NULL; - - if (!hSessionHandle || !pucPublicKey || !pucPrivateKey) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!(rsa = RSA_new())) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA, - ERR_R_MALLOC_FAILURE); - goto end; - } - if (!RSA_generate_key_ex(rsa, uiKeyBits, NULL, NULL)) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA, ERR_R_RSA_LIB); - goto end; - } - - if (!RSA_get_RSArefPublicKey(rsa, pucPublicKey)) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA, ERR_R_GMAPI_LIB); - goto end; - } - if (!RSA_get_RSArefPrivateKey(rsa, pucPrivateKey)) { - SDFerr(SDF_F_SDF_GENERATEKEYPAIR_RSA, ERR_R_GMAPI_LIB); - goto end; - } - - ret = SDR_OK; - -end: - RSA_free(rsa); - return ret; -} - -/* - * In a cryptographic API the symmetric keys (and otehr keys) can be - * classified into session keys and storage keys. The storage keys will be - * persistantly stored in the secure storage of a cryptograhic hardware - * device. While the session keys only exist in the session period, after - * the session is finished, it will be destroyed even if the symmetric key - * operations are performed inside the hardware. - * - * The `gmapi` module only support session keys. - */ -/* - * In the current version of GmSSL (2.x), the session keys will be kept in - * the host memory intead of the cryptographic hardware's internal memory. - * So the key handle will suffer memory attacks. - */ - -/* - * Generate a symmetric key with bit length `uiKeyBits`, encrypt the key data - * with an internal RSA public key with index `uiIPKIndex`, output the - * encrypted key data to buffer `pucKey` and length `puiKeyLength`, also return - * the handle of the generated key `phKeyHandle`. - */ - -/* generate session key and encrypt with internal public key */ -int SDF_GenerateKeyWithIPK_RSA( - void *hSessionHandle, - unsigned int uiIPKIndex, - unsigned int uiKeyBits, /* generate key length */ - unsigned char *pucKey, - unsigned int *puiKeyLength, - void **phKeyHandle) -{ - int ret = 0; - SDF_KEY *hkey = NULL; - - if (!hSessionHandle || !pucKey || !puiKeyLength || !phKeyHandle) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (uiKeyBits <= 0 || uiKeyBits % 8 || uiKeyBits > EVP_MAX_KEY_LENGTH) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_RSA, - SDF_R_INVALID_KEY_LENGTH); - return 0; - } - - if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_RSA, - ERR_R_MALLOC_FAILURE); - return 0; - } - - if ((ret = SDF_InternalPublicKeyOperation_RSA( - hSessionHandle, - uiIPKIndex, - hkey->key, - hkey->keylen, - pucKey, - puiKeyLength)) != SDR_OK) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHIPK_RSA, ERR_R_GMAPI_LIB); - goto end; - } - - *phKeyHandle = hkey; - hkey = NULL; - ret = SDR_OK; - -end: - OPENSSL_clear_free(hkey, sizeof(*hkey)); - return ret; -} - -/* - * Generate a symmetric key with bit length `uiKeyBits`, encrypt the key data - * with an external RSA public key with data `pucPublicKey` in format - * `RSArefPublickey`, output the encrypted key data to buffer `pucKey` and - * length `puiKeyLength`, also return the handle `phKeyHandle` of the generated - * key. - */ -int SDF_GenerateKeyWithEPK_RSA( - void *hSessionHandle, - unsigned int uiKeyBits, - RSArefPublicKey *pucPublicKey, - unsigned char *pucKey, - unsigned int *puiKeyLength, - void **phKeyHandle) -{ - int ret = 0; - SDF_KEY *key = NULL; - - if (!hSessionHandle || !pucPublicKey || !pucKey || !puiKeyLength || - !phKeyHandle) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (uiKeyBits <= 0 || uiKeyBits % 8 || uiKeyBits > - EVP_MAX_KEY_LENGTH) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_RSA, - SDF_R_INVALID_KEY_LENGTH); - return 0; - } - - if (!(key = OPENSSL_zalloc(sizeof(*key)))) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_RSA, - ERR_R_MALLOC_FAILURE); - goto end; - } - - if ((ret = SDF_ExternalPublicKeyOperation_RSA( - hSessionHandle, - pucPublicKey, - key->key, - key->keylen, - pucKey, - puiKeyLength)) != SDR_OK) { - SDFerr(SDF_F_SDF_GENERATEKEYWITHEPK_RSA, ERR_R_GMAPI_LIB); - goto end; - } - - *phKeyHandle = key; - key = NULL; - ret = SDR_OK; - -end: - OPENSSL_clear_free(key, sizeof(*key)); - return ret; -} - -/* - * Import the encrypted key generated from `SDF_GenerateKeyWithIPK_RSA` to the - * session context, the internal RSA key index `uiISKIndex` should be the same - * index of the parameter `uiIPKIndex` of `SDF_GenerateKeyWithIPK_RSA`. - */ - -/* Import session key `pucKey` encrypted by the internal public key indexed - * by `uiISKIndex`. As there are no session key in device, we need to - * decrypt the `pucKey` with the internal key `uiISKIndex`. - */ -int SDF_ImportKeyWithISK_RSA( - void *hSessionHandle, - unsigned int uiISKIndex, - unsigned char *pucKey, - unsigned int uiKeyLength, - void **phKeyHandle) -{ - int ret = 0; - SDF_KEY *key = NULL; - - if (!hSessionHandle || !pucKey || !phKeyHandle) { - SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!(key = OPENSSL_zalloc(sizeof(*key)))) { - SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_RSA, - ERR_R_MALLOC_FAILURE); - goto end; - } - - key->keylen = EVP_MAX_KEY_LENGTH; - if ((ret = SDF_InternalPrivateKeyOperation_RSA( - hSessionHandle, - uiISKIndex, - pucKey, - uiKeyLength, - key->key, - &key->keylen)) != SDR_OK) { - SDFerr(SDF_F_SDF_IMPORTKEYWITHISK_RSA, ERR_R_GMAPI_LIB); - goto end; - } - - *phKeyHandle = key; - key = NULL; - ret = SDR_OK; - -end: - OPENSSL_clear_free(key, sizeof(*key)); - return ret; -} - -/* - * Convert internal public key encrypted symmetric key into ciphertext - * encrypted by external public key. The input `pucDEInput` is the symmetric - * key encrypted by internal public key `uiKeyIndex`. The output `pucDEOutput` - * is encrypted under the external public key `pucPublicKey`. - * - * Note: This function is very dangerous. It convert a well protected symmetric - * key into a state with security unknown. If the external private key is not - * well protected, this function is the same as to unwrap of the symmetric key - * and output the plaintext. - */ - -/* - * convert the `pucDEInput` encrypted by internal RSA public key - * `uiKeyIndex` to `pucDEOutput` encrypted by the external RSA public key - * `pucPublicKey` - */ -int SDF_ExchangeDigitEnvelopeBaseOnRSA( - void *hSessionHandle, - unsigned int uiKeyIndex, - RSArefPublicKey *pucPublicKey, - unsigned char *pucDEInput, - unsigned int uiDELength, - unsigned char *pucDEOutput, - unsigned int *puiDELength) -{ - return 0; -} - -int SDF_ExternalPublicKeyOperation_RSA( - void *hSessionHandle, - RSArefPublicKey *pucPublicKey, - unsigned char *pucDataInput, - unsigned int uiInputLength, - unsigned char *pucDataOutput, - unsigned int *puiOutputLength) -{ - int ret = 0; - RSA *rsa = NULL; - int outlen; - - if (!hSessionHandle || !pucPublicKey || !pucDataInput || - !pucDataOutput || !puiOutputLength) { - SDFerr(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!(rsa = RSA_new_from_RSArefPublicKey(pucPublicKey))) { - SDFerr(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA, - ERR_R_GMAPI_LIB); - goto end; - } - - if ((outlen = RSA_public_encrypt((int)uiInputLength, pucDataInput, - pucDataOutput, rsa, RSA_NO_PADDING)) < 0) { - SDFerr(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA, - ERR_R_RSA_LIB); - goto end; - } - - *puiOutputLength = (unsigned int)outlen; - ret = SDR_OK; - -end: - RSA_free(rsa); - return ret; -} - -/* - * The RSA Operations include - * `SDF_ExternalPublicKeyOperation_RSA` - * `SDF_InternalPublicKeyOperation_RSA` - * `SDF_InternalPrivateKeyOperation_RSA` - * - * Noramlly RSA operations should be working with some padding methods, such - * as PKCS #1 OAEP padding or PSS padding. As the SDF API does not provide any - * parameter to set padding method, and it is neither specified in the GM/T - * 0018-2012 standard, application developers need to ask the vendor or try - * testing. The GmSSL SDF implementation will always try to use the PKCS #1 - * padding, but the underlying ENGINEs might not support this padding options. - * - * It should be noted that the SDF API does not support external private key - * operations. - */ - -int SDF_ExternalPrivateKeyOperation_RSA( - void *hSessionHandle, - RSArefPrivateKey *pucPrivateKey, - unsigned char *pucDataInput, - unsigned int uiInputLength, - unsigned char *pucDataOutput, - unsigned int *puiOutputLength) -{ - int ret = 0; - RSA *rsa = NULL; - int outlen; - - if (!hSessionHandle || !pucPrivateKey || !pucDataInput || - !pucDataOutput || !puiOutputLength) { - SDFerr(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!(rsa = RSA_new_from_RSArefPrivateKey(pucPrivateKey))) { - SDFerr(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA, - ERR_R_GMAPI_LIB); - goto end; - } - - if ((outlen = RSA_private_decrypt((int)uiInputLength, pucDataInput, - pucDataOutput, rsa, RSA_NO_PADDING)) < 0) { - SDFerr(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA, - ERR_R_RSA_LIB); - goto end; - } - - *puiOutputLength = (unsigned int)outlen; - ret = SDR_OK; - -end: - RSA_free(rsa); - return ret; -} - - -int SDF_InternalPublicKeyOperation_RSA( - void *hSessionHandle, - unsigned int uiKeyIndex, - unsigned char *pucDataInput, - unsigned int uiInputLength, - unsigned char *pucDataOutput, - unsigned int *puiOutputLength) -{ - int ret = 0; - EVP_PKEY *pkey = NULL; - int outlen; - unsigned int uiKeyUsage = -12345; //FIXME: which key should we use? - - if (!hSessionHandle || !pucDataInput || !pucDataOutput || - !puiOutputLength) { - SDFerr(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!(pkey = sdf_load_rsa_public_key((SDF_SESSION *)hSessionHandle, - uiKeyIndex, uiKeyUsage))) { - SDFerr(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA, - ERR_R_GMAPI_LIB); - goto end; - } - - if ((outlen = RSA_public_encrypt((int)uiInputLength, pucDataInput, - pucDataOutput, EVP_PKEY_get0_RSA(pkey), RSA_NO_PADDING)) < 0) { - SDFerr(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA, - ERR_R_RSA_LIB); - goto end; - } - - *puiOutputLength = (unsigned int)outlen; - ret = SDR_OK; - -end: - EVP_PKEY_free(pkey); - return ret; -} - -int SDF_InternalPrivateKeyOperation_RSA( - void *hSessionHandle, - unsigned int uiKeyIndex, - unsigned char *pucDataInput, - unsigned int uiInputLength, - unsigned char *pucDataOutput, - unsigned int *puiOutputLength) -{ - int ret = 0; - EVP_PKEY *pkey = NULL; - int outlen; - unsigned int uiKeyUsage; //FIXME - - if (!hSessionHandle || !pucDataInput || !pucDataOutput || - !puiOutputLength) { - SDFerr(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!(pkey = sdf_load_rsa_private_key((SDF_SESSION *)hSessionHandle, - uiKeyIndex, uiKeyUsage))) { - SDFerr(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA, - ERR_R_GMAPI_LIB); - goto end; - } - - if ((outlen = RSA_private_decrypt(uiInputLength, pucDataInput, - pucDataOutput, EVP_PKEY_get0_RSA(pkey), RSA_NO_PADDING)) < 0) { - SDFerr(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA, - ERR_R_RSA_LIB); - goto end; - } - - *puiOutputLength = (unsigned int)outlen; - ret = SDR_OK; - -end: - EVP_PKEY_free(pkey); - return ret; -} - diff --git a/crypto/sdf/sdf_session.c b/crypto/sdf/sdf_session.c deleted file mode 100644 index 5f736aec..00000000 --- a/crypto/sdf/sdf_session.c +++ /dev/null @@ -1,237 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES - * LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "sdf_lcl.h" - -/* - * Unlike the `SDF_OpenDevice`, we always assume that the `SDF_OpenSession` can - * be called multiple times, and the implementation will always return a new - * session handle on success. But noramlly the hardware and the software can - * only support limited sessions, so this function can also failed. - * - * For portability, the application should assume that only one cryptographic - * operation can be processed over one session. For example, do not mix - * symmetric encryption and hash functions over the same session. The - * implementation might support multiple operations, check the vendor's manual. - */ - -/* - * there are two purpose for session: - * (1) hold session information - * (2) a reference to ENGINE - */ -/* -typedef struct { - uint32_t magic; - char *app; - ENGINE *engine; - char *passwords[SDF_MAX_KEY_INDEX]; - EVP_MD_CTX *md_ctx; -} SDF_SESSION; -*/ - -int SDF_OpenSession( - void *hDeviceHandle, - void **phSessionHandle) -{ - int ret = SDR_UNKNOWERR; - SDF_SESSION *session = NULL; - - if (!hDeviceHandle || !phSessionHandle) { - SDFerr(SDF_F_SDF_OPENSESSION, ERR_R_PASSED_NULL_PARAMETER); - return SDR_INARGERR; - } - if (hDeviceHandle != deviceHandle) { - SDFerr(SDF_F_SDF_OPENSESSION, SDF_R_INVALID_DEVICE_HANDLE); - return SDR_INARGERR; - } - - if (!(session = OPENSSL_zalloc(sizeof(*session)))) { - SDFerr(SDF_F_SDF_OPENSESSION, ERR_R_MALLOC_FAILURE); - ret = SDR_NOBUFFER; - goto end; - } - - session->magic = SDF_SESSION_MAGIC; - -#ifndef OPENSSL_NO_ENGINE - if (!(session->engine = ENGINE_by_id(SDF_ENGINE_ID))) { - SDFerr(SDF_F_SDF_OPENSESSION, SDF_R_LOAD_ENGINE_FAILURE); - ret = SDR_HARDFAIL; - goto end; - } -#endif - - *phSessionHandle = session; - session = NULL; - ret = SDR_OK; - -end: - OPENSSL_free(session); - return ret; -} - -int SDF_CloseSession( - void *hSessionHandle) -{ - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - int i; - - if (!hSessionHandle) { - return SDR_OK; - } - - if (session->magic != SDF_SESSION_MAGIC) { - SDFerr(SDF_F_SDF_CLOSESESSION, SDF_R_INVALID_SESSION); - return SDR_INARGERR; - } - -#ifndef OPENSSL_NO_ENGINE - if (session->engine) { - ENGINE_finish(session->engine); - ENGINE_free(session->engine); - session->engine = NULL; - } -#endif - - for (i = 0; i <= SDF_MAX_KEY_INDEX; i++) { - OPENSSL_clear_free(session->password[i], - strlen(session->password[i])); - session->password[i] = NULL; - } - - OPENSSL_free(session); - return SDR_OK; -} - -/* we try that the password is correct by `ENGINE_load_private_key`, then we - * destory the returned `EVP_PKEY` and keep the verified password in the - * session. We can use `UI_set_result` to pass the password to the ENGINE - */ -int SDF_GetPrivateKeyAccessRight( - void *hSessionHandle, - unsigned int uiKeyIndex, - unsigned char *pucPassword, - unsigned int uiPwdLength) -{ - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - EVP_PKEY *pkey = NULL; - char *key_id = NULL; - UI_METHOD *ui_meth = NULL; - void *cb_data = NULL; - - if (!hSessionHandle || !pucPassword) { - SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_INARGERR; - } - if (session->magic != SDF_SESSION_MAGIC) { - SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT, - SDF_R_INVALID_SESSION_HANDLE); - return SDR_INARGERR; - } - if (uiKeyIndex <= 0 || uiKeyIndex > SDF_MAX_KEY_INDEX) { - SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT, - SDF_R_INVALID_KEY_INDEX); - return -1; - } - if (uiPwdLength <= 0 || uiPwdLength > INT_MAX) { - SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT, - SDF_R_INVALID_PASSWORD_LENGTH); - return SDR_INARGERR; - } - - if (!(pkey = ENGINE_load_private_key(session->engine, key_id, - ui_meth, cb_data))) { - SDFerr(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT, ERR_R_ENGINE_LIB); - return 0; - } - - return SDR_OK; -} - -int SDF_ReleasePrivateKeyAccessRight( - void *hSessionHandle, - unsigned int uiKeyIndex) -{ - SDF_SESSION *session = (SDF_SESSION *)hSessionHandle; - - if (!hSessionHandle) { - SDFerr(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT, - ERR_R_PASSED_NULL_PARAMETER); - return SDR_INARGERR; - } - if (session->magic != SDF_SESSION_MAGIC) { - SDFerr(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT, - SDF_R_INVALID_SESSION_HANDLE); - return SDR_INARGERR; - } - if (uiKeyIndex <= 0 || uiKeyIndex > SDF_MAX_KEY_INDEX) { - SDFerr(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT, - SDF_R_INVALID_KEY_INDEX); - return -1; - } - - if (session->password[uiKeyIndex]) { - OPENSSL_clear_free(session->password[uiKeyIndex], - strlen(session->password[uiKeyIndex])); - session->password[uiKeyIndex] = NULL; - } - - return SDR_OK; -} - diff --git a/crypto/skf/skf_dgst.c b/crypto/skf/skf_dgst.c deleted file mode 100644 index caa249b2..00000000 --- a/crypto/skf/skf_dgst.c +++ /dev/null @@ -1,235 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include -#include -#include -#include "skf_lcl.h" - - -ULONG DEVAPI SKF_DigestInit(DEVHANDLE hDev, - ULONG ulAlgID, - ECCPUBLICKEYBLOB *pPubKey, - BYTE *pbID, - ULONG ulIDLen, - HANDLE *phHash) -{ - ULONG ret = SAR_FAIL; - const EVP_MD *md; - EVP_MD_CTX *mdctx = NULL; - EC_KEY *ec_key = NULL; - SKF_HANDLE *hHash; - - switch (ulAlgID) { - case SGD_SM3: - md = EVP_sm3(); - break; - case SGD_SHA1: - md = EVP_sha1(); - break; - case SGD_SHA256: - md = EVP_sha256(); - break; - default: - SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_INVALID_ALGID); - return SAR_INVALIDPARAMERR; - } - - if (!(mdctx = EVP_MD_CTX_create())) { - SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_MALLOC_FAILED); - return SAR_FAIL; - } - - if (!EVP_DigestInit_ex(mdctx, md, NULL)) { - SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_EVP_LIB); - goto end; - } - - if (pPubKey) { - - if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pPubKey))) { - SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_INVALID_BLOB); - ret = SAR_INVALIDPARAMERR; - goto end; - } - - /* - //FIXME - if (pbID) { - if (ulIDLen <= 0 || ulIDLen > SM2_MAX_ID_LENGTH) { - SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_INVALID_ID_LENGTH); - ret = SAR_INVALIDPARAMERR; - goto end; - } - - OPENSSL_assert(strlen((char *)pbID) == ulIDLen); - if (!SM2_set_id(ec_key, (char *)pbID)) { - SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_SM2_LIB); - ret = SAR_FAIL; - goto end; - } - } - - dgstlen = sizeof(dgst); - if (!SM2_compute_id_digest(md, dgst, &dgstlen, ec_key)) { - SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_SM2_LIB); - goto end; - } - - if (!EVP_DigestUpdate(mdctx, dgst, dgstlen)) { - goto end; - } - */ - - } else { - if (pbID) { - SKFerr(SKF_F_SKF_DIGESTINIT, SKF_R_NO_PUBLIC_KEY); - ret = SAR_INVALIDPARAMERR; - goto end; - } - } - - - if (!(hHash = OPENSSL_malloc(sizeof(*hHash)))) { - SKFerr(SKF_F_SKF_DIGESTINIT, ERR_R_MALLOC_FAILURE); - goto end; - } - - memset(hHash, 0, sizeof(*hHash)); - hHash->magic = SKF_HANDLE_MAGIC; - hHash->type = SKF_HASH_HANDLE; - hHash->u.md_ctx = mdctx; - mdctx = NULL; - - *phHash = hHash; - ret = SAR_OK; -end: - EVP_MD_CTX_destroy(mdctx); - EC_KEY_free(ec_key); - return ret; -} - - -ULONG DEVAPI SKF_DigestUpdate(HANDLE hHash, - BYTE *pbData, - ULONG ulDataLen) -{ - EVP_MD_CTX *md_ctx; - - if (!(md_ctx = SKF_HANDLE_get_md_ctx(hHash))) { - SKFerr(SKF_F_SKF_DIGESTUPDATE, SKF_R_INVALID_HASH_HANDLE); - return SAR_INVALIDPARAMERR; - } - - if (!pbData) { - SKFerr(SKF_F_SKF_DIGESTUPDATE, SKF_R_INVALID_ARGUMENTS); - return SAR_INVALIDPARAMERR; - } - - if (ulDataLen == 0) { - return SAR_OK; - } - - if (!EVP_DigestUpdate(md_ctx, pbData, ulDataLen)) { - SKFerr(SKF_F_SKF_DIGESTUPDATE, ERR_R_EVP_LIB); - return SAR_FAIL; - } - - return SAR_OK; -} - -ULONG DEVAPI SKF_DigestFinal(HANDLE hHash, - BYTE *pHashData, - ULONG *pulHashLen) -{ - EVP_MD_CTX *mdctx; - - if (!(mdctx = SKF_HANDLE_get_md_ctx(hHash))) { - SKFerr(SKF_F_SKF_DIGESTFINAL, SKF_R_INVALID_HANDLE); - return SAR_INVALIDPARAMERR; - } - - if (!pulHashLen) { - SKFerr(SKF_F_SKF_DIGESTFINAL, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (!EVP_DigestFinal_ex(mdctx, pHashData, pulHashLen)) { - SKFerr(SKF_F_SKF_DIGESTFINAL, ERR_R_EVP_LIB); - return SAR_FAIL; - } - - EVP_MD_CTX_destroy(mdctx); - ((SKF_HANDLE *)hHash)->u.md_ctx = NULL; - return SAR_OK; -} - -ULONG DEVAPI SKF_Digest(HANDLE hHash, - BYTE *pbData, - ULONG ulDataLen, - BYTE *pbHashData, - ULONG *pulHashLen) -{ - ULONG rv; - - if ((rv = SKF_DigestUpdate(hHash, pbData, ulDataLen)) != SAR_OK) { - SKFerr(SKF_F_SKF_DIGEST, ERR_R_GMAPI_LIB); - return rv; - } - - if ((rv = SKF_DigestFinal(hHash, pbHashData, pulHashLen)) != SAR_OK) { - SKFerr(SKF_F_SKF_DIGEST, ERR_R_GMAPI_LIB); - return rv; - } - - return SAR_OK; -} - diff --git a/crypto/skf/skf_dummy.c b/crypto/skf/skf_dummy.c new file mode 100644 index 00000000..ee9402bc --- /dev/null +++ b/crypto/skf/skf_dummy.c @@ -0,0 +1,938 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include + +static char *hDeviceHandle = "hDeviceHandle"; +static char *hApplication = "hApplication"; +static char *hContainer = "hContainer"; +static char *hAgreementHandle = "AgreementHandle"; +static char *hKeyHandle = "KeyHandle"; +static char *hHashHandle = "HashHandle"; +static char *hMacHandle = "MacHandle"; + +ULONG DEVAPI SKF_WaitForDevEvent( + LPSTR szDevName, + ULONG *pulDevNameLen, + ULONG *pulEvent) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_CancelWaitForDevEvent( + void) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_EnumDev(BOOL bPresent, + LPSTR szNameList, + ULONG *pulSize) +{ + char *dev_list = "dev1\0dev2\0"; + if (!szNameList || !pulSize) { + return SAR_INVALIDPARAMERR; + } + strcpy((char *)szNameList, dev_list); + *pulSize = sizeof(dev_list); + return SAR_OK; +} + +ULONG DEVAPI SKF_ConnectDev( + LPSTR szName, + DEVHANDLE *phDev) +{ + if (!phDev) { + return SAR_INVALIDPARAMERR; + } + *phDev = hDeviceHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_DisConnectDev( + DEVHANDLE hDev) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GetDevState( + LPSTR szDevName, + ULONG *pulDevState) +{ + *pulDevState = 0; + return SAR_OK; +} + +ULONG DEVAPI SKF_SetLabel( + DEVHANDLE hDev, + LPSTR szLabel) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GetDevInfo( + DEVHANDLE hDev, + DEVINFO *pDevInfo) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_LockDev( + DEVHANDLE hDev, + ULONG ulTimeOut) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_UnlockDev( + DEVHANDLE hDev) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_Transmit( + DEVHANDLE hDev, + BYTE *pbCommand, + ULONG ulCommandLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (!pbData || !pulDataLen) { + return SAR_INVALIDPARAMERR; + } + memcpy(pbData, pbCommand, ulCommandLen); + *pulDataLen = ulCommandLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_ChangeDevAuthKey( + DEVHANDLE hDev, + BYTE *pbKeyValue, + ULONG ulKeyLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_DevAuth( + DEVHANDLE hDev, + BYTE *pbAuthData, + ULONG ulLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ChangePIN( + HAPPLICATION hApplication, + ULONG ulPINType, + LPSTR szOldPin, + LPSTR szNewPin, + ULONG *pulRetryCount) +{ + if (!pulRetryCount) { + return SAR_INVALIDPARAMERR; + } + *pulRetryCount = 100; + return SAR_OK; +} + +LONG DEVAPI SKF_GetPINInfo( + HAPPLICATION hApplication, + ULONG ulPINType, + ULONG *pulMaxRetryCount, + ULONG *pulRemainRetryCount, + BOOL *pbDefaultPin) +{ + if (!pulMaxRetryCount || !pulRemainRetryCount || !pbDefaultPin) { + return SAR_INVALIDPARAMERR; + } + *pulMaxRetryCount = 100; + *pulRemainRetryCount = 100; + *pbDefaultPin = 0; + return SAR_OK; +} + +ULONG DEVAPI SKF_VerifyPIN( + HAPPLICATION hApplication, + ULONG ulPINType, + LPSTR szPIN, + ULONG *pulRetryCount) +{ + if (!pulRetryCount) { + return SAR_INVALIDPARAMERR; + } + *pulRetryCount = 100; + return SAR_OK; +} + +ULONG DEVAPI SKF_UnblockPIN( + HAPPLICATION hApplication, + LPSTR szAdminPIN, + LPSTR szNewUserPIN, + ULONG *pulRetryCount) +{ + if (!pulRetryCount) { + return SAR_INVALIDPARAMERR; + } + *pulRetryCount = 100; + return SAR_OK; +} + +ULONG DEVAPI SKF_ClearSecureState( + HAPPLICATION hApplication) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_CreateApplication( + DEVHANDLE hDev, + LPSTR szAppName, + LPSTR szAdminPin, + DWORD dwAdminPinRetryCount, + LPSTR szUserPin, + DWORD dwUserPinRetryCount, + DWORD dwCreateFileRights, + HAPPLICATION *phApplication) +{ + if (!phApplication) { + return SAR_INVALIDPARAMERR; + } + *phApplication = hApplication; + return SAR_OK; +} + +ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev, + LPSTR szAppName, + ULONG *pulSize) +{ + char *app_list = "app1\0app2\0"; + if (!szAppName || !pulSize) { + return SAR_INVALIDPARAMERR; + } + strcpy((char *)szAppName, app_list); + *pulSize = strlen(app_list); + return SAR_OK; +} + +ULONG DEVAPI SKF_DeleteApplication( + DEVHANDLE hDev, + LPSTR szAppName) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_OpenApplication( + DEVHANDLE hDev, + LPSTR szAppName, + HAPPLICATION *phApplication) +{ + if (!phApplication) { + return SAR_INVALIDPARAMERR; + } + *phApplication = hApplication; + return SAR_OK; +} + +ULONG DEVAPI SKF_CloseApplication( + HAPPLICATION hApplication) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_CreateFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulFileSize, + ULONG ulReadRights, + ULONG ulWriteRights) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_DeleteFile( + HAPPLICATION hApplication, + LPSTR szFileName) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_EnumFiles( + HAPPLICATION hApplication, + LPSTR szFileList, + ULONG *pulSize) +{ + char *file_list = "file1.txt\0file2.txt\0"; + if (!pulSize) { + return SAR_INVALIDPARAMERR; + } + strcpy((char *)szFileList, file_list); + *pulSize = strlen(file_list); + return SAR_OK; +} + +ULONG DEVAPI SKF_GetFileInfo( + HAPPLICATION hApplication, + LPSTR szFileName, + FILEATTRIBUTE *pFileInfo) +{ + if (!pFileInfo) { + return SAR_INVALIDPARAMERR; + } + //TODO: set pFileInfo; + return SAR_OK; +} + +ULONG DEVAPI SKF_ReadFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulOffset, + ULONG ulSize, + BYTE *pbOutData, + ULONG *pulOutLen) +{ + if (!pbOutData || !pulOutLen) { + return SAR_INVALIDPARAMERR; + } + *pulOutLen = ulSize; + return SAR_OK; +} + +ULONG DEVAPI SKF_WriteFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulOffset, + BYTE *pbData, + ULONG ulSize) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_CreateContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + HCONTAINER *phContainer) +{ + if (!phContainer) { + return SAR_INVALIDPARAMERR; + } + *phContainer = hContainer; + return SAR_OK; +} + +ULONG DEVAPI SKF_DeleteContainer( + HAPPLICATION hApplication, + LPSTR szContainerName) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_EnumContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + ULONG *pulSize) +{ + char *cont_list = "container1\0container2\0"; + if (!szContainerName || !pulSize) { + return SAR_INVALIDPARAMERR; + } + strcpy((char *)szContainerName, cont_list); + *pulSize = strlen(cont_list); + return SAR_OK; +} + +ULONG DEVAPI SKF_OpenContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + HCONTAINER *phContainer) +{ + if (!phContainer) { + return SAR_INVALIDPARAMERR; + } + *phContainer = hContainer; + return SAR_OK; +} + +ULONG DEVAPI SKF_CloseContainer( + HCONTAINER hContainer) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GetContainerType( + HCONTAINER hContainer, + ULONG *pulContainerType) +{ + if (!pulContainerType) { + return SAR_INVALIDPARAMERR; + } + *pulContainerType = 0; + return SAR_OK; +} + +ULONG DEVAPI SKF_ImportCertificate( + HCONTAINER hContainer, + BOOL bExportSignKey, + BYTE *pbCert, + ULONG ulCertLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ExportCertificate( + HCONTAINER hContainer, + BOOL bSignFlag, + BYTE *pbCert, + ULONG *pulCertLen) +{ + if (!pbCert || !pulCertLen) { + return SAR_INVALIDPARAMERR; + } + memset(pbCert, 'c', 512); + *pulCertLen = 512; + return SAR_OK; +} + +ULONG DEVAPI SKF_ExportPublicKey( + HCONTAINER hContainer, + BOOL bSignFlag, + BYTE *pbBlob, + ULONG *pulBlobLen) +{ + if (!pbBlob || !pulBlobLen) { + return SAR_INVALIDPARAMERR; + } + *pulBlobLen = 1024; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenRandom( + DEVHANDLE hDev, + BYTE *pbRandom, + ULONG ulRandomLen) +{ + if (!pbRandom) { + return SAR_INVALIDPARAMERR; + } + memset(pbRandom, 'r', ulRandomLen); + return SAR_OK; +} + +ULONG DEVAPI SKF_GenExtRSAKey( + DEVHANDLE hDev, + ULONG ulBitsLen, + RSAPRIVATEKEYBLOB *pBlob) +{ + if (!pBlob) { + return SAR_INVALIDPARAMERR; + } + return SAR_OK; +} + +ULONG DEVAPI SKF_GenRSAKeyPair( + HCONTAINER hContainer, + ULONG ulBitsLen, + RSAPUBLICKEYBLOB *pBlob) +{ + if (!pBlob) { + return SAR_INVALIDPARAMERR; + } + return SAR_OK; +} + +ULONG DEVAPI SKF_ImportRSAKeyPair( + HCONTAINER hContainer, + ULONG ulSymAlgId, + BYTE *pbWrappedKey, + ULONG ulWrappedKeyLen, + BYTE *pbEncryptedData, + ULONG ulEncryptedDataLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_RSASignData( + HCONTAINER hContainer, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbSignature, + ULONG *pulSignLen) +{ + if (!pbSignature || !pulSignLen) { + return SAR_INVALIDPARAMERR; + } + *pulSignLen = 256; + return SAR_OK; +} + +ULONG DEVAPI SKF_RSAVerify( + DEVHANDLE hDev, + RSAPUBLICKEYBLOB *pRSAPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbSignature, + ULONG ulSignLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_RSAExportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + RSAPUBLICKEYBLOB *pPubKey, + BYTE *pbData, + ULONG *pulDataLen, + HANDLE *phSessionKey); + +ULONG DEVAPI SKF_ExtRSAPubKeyOperation( + DEVHANDLE hDev, + RSAPUBLICKEYBLOB *pRSAPubKeyBlob, + BYTE *pbInput, + ULONG ulInputLen, + BYTE *pbOutput, + ULONG *pulOutputLen) +{ + if (!pbOutput || !pulOutputLen) { + return SAR_INVALIDPARAMERR; + } + *pulOutputLen = 256; + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtRSAPriKeyOperation( + DEVHANDLE hDev, + RSAPRIVATEKEYBLOB *pRSAPriKeyBlob, + BYTE *pbInput, + ULONG ulInputLen, + BYTE *pbOutput, + ULONG *pulOutputLen) +{ + if (!pbOutput || !pulOutputLen) { + return SAR_INVALIDPARAMERR; + } + *pulOutputLen = 256; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenECCKeyPair( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pBlob) +{ + if (!pBlob) { + return SAR_INVALIDPARAMERR; + } + return SAR_OK; +} + +ULONG DEVAPI SKF_ImportECCKeyPair( + HCONTAINER hContainer, + ENVELOPEDKEYBLOB *pEnvelopedKeyBlob) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ECCSignData( + HCONTAINER hContainer, + BYTE *pbDigest, + ULONG ulDigestLen, + ECCSIGNATUREBLOB *pSignature) +{ + if (!pSignature) { + return SAR_INVALIDPARAMERR; + } + return SAR_OK; +} + +ULONG DEVAPI SKF_ECCVerify( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ECCExportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pPubKey, + ECCCIPHERBLOB *pData, + HANDLE *phSessionKey) +{ + if (!phSessionKey) { + return SAR_INVALIDPARAMERR; + } + *phSessionKey = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCEncrypt( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbPlainText, + ULONG ulPlainTextLen, + ECCCIPHERBLOB *pCipherText) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCDecrypt( + DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *pECCPriKeyBlob, + ECCCIPHERBLOB *pCipherText, + BYTE *pbPlainText, + ULONG *pulPlainTextLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCSign( + DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *pECCPriKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + if (!pSignature) { + return SAR_INVALIDPARAMERR; + } + return SAR_OK; +} + +ULONG DEVAPI SKF_ExtECCVerify( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_GenerateAgreementDataWithECC( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phAgreementHandle) +{ + if (!phAgreementHandle) { + return SAR_INVALIDPARAMERR; + } + *phAgreementHandle = hAgreementHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC( + HANDLE hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob, + ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + BYTE *pbSponsorID, + ULONG ulSponsorIDLen, + HANDLE *phKeyHandle) +{ + if (!phKeyHandle) { + return SAR_INVALIDPARAMERR; + } + *phKeyHandle = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_GenerateKeyWithECC( + HANDLE hAgreementHandle, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phKeyHandle) +{ + if (!phKeyHandle) { + return SAR_INVALIDPARAMERR; + } + *phKeyHandle = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_ImportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + BYTE *pbWrapedData, + ULONG ulWrapedLen, + HANDLE *phKey) +{ + if (!phKey) { + return SAR_INVALIDPARAMERR; + } + *phKey = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_SetSymmKey( + DEVHANDLE hDev, + BYTE *pbKey, + ULONG ulAlgID, + HANDLE *phKey) +{ + if (!phKey) { + return SAR_INVALIDPARAMERR; + } + *phKey = hKeyHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_EncryptInit( + HANDLE hKey, + BLOCKCIPHERPARAM EncryptParam) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_Encrypt( + HANDLE hKey, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbEncryptedData, + ULONG *pulEncryptedLen) +{ + if (!pbData || !pbEncryptedData || !pulEncryptedLen) { + return SAR_INVALIDPARAMERR; + } + memcpy(pbEncryptedData, pbData, ulDataLen); + *pulEncryptedLen = ulDataLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_EncryptUpdate( + HANDLE hKey, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbEncryptedData, + ULONG *pulEncryptedLen) +{ + if (!pbData || !pbEncryptedData || !pulEncryptedLen) { + return SAR_INVALIDPARAMERR; + } + memcpy(pbEncryptedData, pbData, ulDataLen); + *pulEncryptedLen = ulDataLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_EncryptFinal( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG *pulEncryptedDataLen) +{ + if (!pbEncryptedData || !pulEncryptedDataLen) { + return SAR_INVALIDPARAMERR; + } + *pulEncryptedDataLen = 0; + return SAR_OK; +} + +ULONG DEVAPI SKF_DecryptInit( + HANDLE hKey, + BLOCKCIPHERPARAM DecryptParam) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_Decrypt( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG ulEncryptedLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (!pbEncryptedData || !pbData || !pulDataLen) { + return SAR_INVALIDPARAMERR; + } + memcpy(pbData, pbEncryptedData, ulEncryptedLen); + *pulDataLen = ulEncryptedLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_DecryptUpdate( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG ulEncryptedLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (!pbEncryptedData || !pbData || !pulDataLen) { + return SAR_INVALIDPARAMERR; + } + memcpy(pbData, pbEncryptedData, ulEncryptedLen); + *pulDataLen = ulEncryptedLen; + return SAR_OK; +} + +ULONG DEVAPI SKF_DecryptFinal( + HANDLE hKey, + BYTE *pbDecryptedData, + ULONG *pulDecryptedDataLen) +{ + if (!pulDecryptedDataLen) { + return SAR_INVALIDPARAMERR; + } + *pulDecryptedDataLen = 0; + return SAR_OK; +} + +ULONG DEVAPI SKF_DigestInit( + DEVHANDLE hDev, + ULONG ulAlgID, + ECCPUBLICKEYBLOB *pPubKey, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phHash) +{ + if (!phHash) { + return SAR_INVALIDPARAMERR; + } + *phHash = hHashHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_Digest( + HANDLE hHash, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbHashData, + ULONG *pulHashLen) +{ + if (!pbHashData || !pulHashLen) { + return SAR_INVALIDPARAMERR; + } + memset(pbHashData, 'h', 32); + *pulHashLen = 32; + return SAR_OK; +} + +ULONG DEVAPI SKF_DigestUpdate( + HANDLE hHash, + BYTE *pbData, + ULONG ulDataLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_DigestFinal( + HANDLE hHash, + BYTE *pbHashData, + ULONG *pulHashLen) +{ + if (!pbHashData || !pulHashLen) { + return SAR_INVALIDPARAMERR; + } + memset(pbHashData, 'h', 32); + *pulHashLen = 32; + return SAR_OK; +} + +ULONG DEVAPI SKF_MacInit( + HANDLE hKey, + BLOCKCIPHERPARAM *pMacParam, + HANDLE *phMac) +{ + if (!phMac) { + return SAR_INVALIDPARAMERR; + } + *phMac = hMacHandle; + return SAR_OK; +} + +ULONG DEVAPI SKF_Mac( + HANDLE hMac, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbMacData, + ULONG *pulMacLen) +{ + if (!pbMacData || !pulMacLen) { + return SAR_INVALIDPARAMERR; + } + memset(pbMacData, 'm', 32); + *pulMacLen = 32; + return SAR_OK; +} + +ULONG DEVAPI SKF_MacUpdate( + HANDLE hMac, + BYTE *pbData, + ULONG ulDataLen) +{ + return SAR_OK; +} + +ULONG DEVAPI SKF_MacFinal( + HANDLE hMac, + BYTE *pbMacData, + ULONG *pulMacDataLen) +{ + if (!pbMacData || !pulMacDataLen) { + return SAR_INVALIDPARAMERR; + } + memset(pbMacData, 'm', 32); + *pulMacDataLen = 32; + return SAR_OK; +} + +ULONG DEVAPI SKF_CloseHandle( + HANDLE hHandle) +{ + return SAR_OK; +} diff --git a/crypto/skf/skf_ec.c b/crypto/skf/skf_ec.c deleted file mode 100644 index 2865ed82..00000000 --- a/crypto/skf/skf_ec.c +++ /dev/null @@ -1,272 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include "skf_lcl.h" - -ULONG DEVAPI SKF_GenExtECCKeyPair(DEVHANDLE hDev, - ECCPRIVATEKEYBLOB *priKey, - ECCPUBLICKEYBLOB *pubKey) -{ - ULONG ret = SAR_FAIL; - EC_KEY *ec_key = NULL; - - if(!(ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1))) { - SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, ERR_R_EC_LIB); - return SAR_FAIL; - } - if (!EC_KEY_get_ECCPRIVATEKEYBLOB(ec_key, priKey)) { - SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, SKF_R_GET_PRIVATE_KEY_FAILED); - goto end; - } - if (!EC_KEY_get_ECCPUBLICKEYBLOB(ec_key, pubKey)) { - SKFerr(SKF_F_SKF_GENEXTECCKEYPAIR, SKF_R_GET_PUBLIC_KEY_FAILED); - goto end; - } - ret = SAR_OK; -end: - EC_KEY_free(ec_key); - return ret; -} - -ULONG DEVAPI SKF_ExtECCSign(DEVHANDLE hDev, - ECCPRIVATEKEYBLOB *pECCPriKeyBlob, - BYTE *pbData, - ULONG ulDataLen, - ECCSIGNATUREBLOB *pSignature) -{ - ULONG ret = SAR_FAIL; - EC_KEY *ec_key = NULL; - ECDSA_SIG *sig = NULL; - - if (!pECCPriKeyBlob || !pbData || !pSignature) { - SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (ulDataLen != SM3_DIGEST_LENGTH) { - SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_INVALID_DIGEST_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!(ec_key = EC_KEY_new_from_ECCPRIVATEKEYBLOB(pECCPriKeyBlob))) { - SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_INVALID_ECC_PRIVATE_KEY); - goto end; - } - - if (!(sig = SM2_do_sign(pbData, (int)ulDataLen, ec_key))) { - SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_SIGN_FAILED); - goto end; - } - - if (!ECDSA_SIG_get_ECCSIGNATUREBLOB(sig, pSignature)) { - SKFerr(SKF_F_SKF_EXTECCSIGN, SKF_R_ENCODE_SIGNATURE_FAILED); - goto end; - } - - ret = SAR_OK; -end: - EC_KEY_free(ec_key); - ECDSA_SIG_free(sig); - return ret; -} - -ULONG DEVAPI SKF_ExtECCVerify(DEVHANDLE hDev, - ECCPUBLICKEYBLOB *pECCPubKeyBlob, - BYTE *pbData, - ULONG ulDataLen, - ECCSIGNATUREBLOB *pSignature) -{ - ULONG ret = SAR_FAIL; - EC_KEY *ec_key = NULL; - ECDSA_SIG *sig = NULL; - - if (!pECCPubKeyBlob || !pbData || pSignature) { - SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (ulDataLen != SM3_DIGEST_LENGTH) { - SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_INVALID_DIGEST_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pECCPubKeyBlob))) { - SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_INVALID_ECC_PUBLIC_KEY); - goto end; - } - - if (!(sig = ECDSA_SIG_new_from_ECCSIGNATUREBLOB(pSignature))) { - SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_INVALID_SIGNATURE); - goto end; - } - - if (1 != SM2_do_verify(pbData, (int)ulDataLen, sig, ec_key)) { - SKFerr(SKF_F_SKF_EXTECCVERIFY, SKF_R_VERIFY_NOT_PASS); - goto end; - } - - ret = SAR_OK; - -end: - EC_KEY_free(ec_key); - ECDSA_SIG_free(sig); - return ret; -} - -ULONG DEVAPI SKF_ECCVerify(DEVHANDLE hDev, - ECCPUBLICKEYBLOB *pECCPubKeyBlob, - BYTE *pbData, - ULONG ulDataLen, - ECCSIGNATUREBLOB *pSignature) -{ - return SKF_ExtECCVerify(hDev, pECCPubKeyBlob, pbData, ulDataLen, pSignature); -} - -ULONG DEVAPI SKF_ExtECCEncrypt(DEVHANDLE hDev, - ECCPUBLICKEYBLOB *pECCPubKeyBlob, - BYTE *pbPlainText, - ULONG ulPlainTextLen, - ECCCIPHERBLOB *pCipherText) -{ - ULONG ret = SAR_FAIL; - EC_KEY *ec_key = NULL; - SM2_CIPHERTEXT_VALUE *cv = NULL; - SM2_ENC_PARAMS params; - - if (!pECCPubKeyBlob || !pbPlainText || !pCipherText) { - SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (ulPlainTextLen <= 0) { - SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_INVALID_PLAINTEXT_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!(ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pECCPubKeyBlob))) { - SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_INVALID_EC_PUBLIC_KEY); - goto end; - } - - SM2_ENC_PARAMS_init_with_recommended(¶ms); - if (!(cv = SM2_do_encrypt(¶ms, pbPlainText, ulPlainTextLen, ec_key))) { - SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_ENCRYPT_FAILED); - goto end; - } - - if (!SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(cv, pCipherText)) { - SKFerr(SKF_F_SKF_EXTECCENCRYPT, SKF_R_ENCODE_CIPHERTEXT_FAILED); - goto end; - } - - ret = SAR_OK; - -end: - EC_KEY_free(ec_key); - SM2_CIPHERTEXT_VALUE_free(cv); - return ret; -} - -ULONG DEVAPI SKF_ExtECCDecrypt(DEVHANDLE hDev, - ECCPRIVATEKEYBLOB *pECCPriKeyBlob, - ECCCIPHERBLOB *pCipherText, - BYTE *pbPlainText, - ULONG *pulPlainTextLen) -{ - ULONG ret = SAR_FAIL; - EC_KEY *ec_key = NULL; - SM2_CIPHERTEXT_VALUE *cv = NULL; - SM2_ENC_PARAMS params; - size_t len; - - if (!pECCPriKeyBlob || !pCipherText || !pulPlainTextLen) { - SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (pCipherText->CipherLen <= 0) { - SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_INVALID_CIPHERTEXT_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!pbPlainText) { - *pulPlainTextLen = pCipherText->CipherLen; - return SAR_OK; - } - - if (!(ec_key = EC_KEY_new_from_ECCPRIVATEKEYBLOB(pECCPriKeyBlob))) { - SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_INVALID_EC_PRIVATE_KEY); - goto end; - } - - if (!(cv = SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB(pCipherText))) { - SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_INVALID_CIPHERTEXT); - goto end; - } - - SM2_ENC_PARAMS_init_with_recommended(¶ms); - len = *pulPlainTextLen; //FIXME: check length? - if (!SM2_do_decrypt(¶ms, cv, pbPlainText, &len, ec_key)) { - SKFerr(SKF_F_SKF_EXTECCDECRYPT, SKF_R_DECRYPT_FAILED); - goto end; - } - *pulPlainTextLen = (ULONG)len; - - ret = SAR_OK; - -end: - EC_KEY_free(ec_key); - SM2_CIPHERTEXT_VALUE_free(cv); - return ret; -} - diff --git a/crypto/skf/skf_enc.c b/crypto/skf/skf_enc.c deleted file mode 100644 index 7c24b1d8..00000000 --- a/crypto/skf/skf_enc.c +++ /dev/null @@ -1,404 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include "skf_lcl.h" - -#define PADDING_TYPE_NO_PADDING 0 -#define PADDING_TYPE_PKCS5 1 - -/* -229 typedef struct Struct_BLOCKCIPHERPARAM { -230 BYTE IV[MAX_IV_LEN]; -231 ULONG IVLen; -232 ULONG PaddingType; -233 ULONG FeedBitLen; -234 } BLOCKCIPHERPARAM, *PBLOCKCIPHERPARAM; -*/ - -int SKF_nid_to_encparams(int nid, ULONG *algID, BLOCKCIPHERPARAM *params) -{ - ULONG ulAlgID = 0; - - switch (nid) { - case NID_ssf33_ecb: - ulAlgID = SGD_SSF33_ECB; - break; - case NID_ssf33_cbc: - ulAlgID = SGD_SSF33_CBC; - break; - case NID_ssf33_cfb1: - case NID_ssf33_cfb8: - case NID_ssf33_cfb128: - ulAlgID = SGD_SSF33_CFB; - break; - case NID_ssf33_ofb128: - ulAlgID = SGD_SSF33_OFB; - break; - case NID_sm1_ecb: - ulAlgID = SGD_SM1_ECB; - break; - case NID_sm1_cbc: - ulAlgID = SGD_SM1_CBC; - break; - case NID_sm1_cfb1: - case NID_sm1_cfb8: - case NID_sm1_cfb128: - ulAlgID = SGD_SM1_CFB; - break; - case NID_sm1_ofb128: - ulAlgID = SGD_SM1_OFB; - break; - case NID_sms4_ecb: - ulAlgID = SGD_SM4_ECB; - break; - case NID_sms4_cbc: - ulAlgID = SGD_SM4_CBC; - break; - case NID_sms4_cfb1: - case NID_sms4_cfb8: - case NID_sms4_cfb128: - ulAlgID = SGD_SM4_CFB; - break; - case NID_sms4_ofb128: - ulAlgID = SGD_SM4_OFB; - break; - default: - return 0; - } - - *algID = ulAlgID; - - switch (nid) { - case NID_sm1_cfb1: - case NID_sms4_cfb1: - case NID_ssf33_cfb1: - params->FeedBitLen = 1; - break; - case NID_sm1_cfb8: - case NID_sms4_cfb8: - case NID_ssf33_cfb8: - params->FeedBitLen = 8; - break; - case NID_sm1_cfb128: - case NID_sms4_cfb128: - case NID_ssf33_cfb128: - params->FeedBitLen = 128; - break; - default: - params->FeedBitLen = 0; - } - - switch (nid) { - case NID_sm1_cbc: - case NID_sms4_cbc: - case NID_ssf33_cbc: - params->PaddingType = SKF_PKCS5_PADDING; - break; - default: - params->PaddingType = SKF_NO_PADDING; - } - - return 1; -} - - -ULONG DEVAPI SKF_EncryptInit(HANDLE hKey, - BLOCKCIPHERPARAM encryptParam) -{ - ULONG ret = SAR_FAIL; - BLOCKCIPHERPARAM *encparam = &encryptParam; - EVP_CIPHER_CTX *ctx = NULL; - const EVP_CIPHER *cipher; - unsigned char *key; - unsigned char *iv; - - if (!(cipher = SKF_HANDLE_get_cipher(hKey, encparam))) { - SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_KEY_HANDLE); - return SAR_INVALIDPARAMERR; - } - - if (!(key = SKF_HANDLE_get_key(hKey))) { - SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_KEY_HANDLE); - return SAR_INVALIDPARAMERR; - } - - if (encparam->IVLen != SMS4_IV_LENGTH) { - SKFerr(SKF_F_SKF_ENCRYPTINIT, SKF_R_INVALID_IV_LENGTH); - return SAR_INVALIDPARAMERR; - } - iv = encparam->IV; - - if (!(ctx = EVP_CIPHER_CTX_new())) { - SKFerr(SKF_F_SKF_ENCRYPTINIT, ERR_R_EVP_LIB); - return SAR_INVALIDPARAMERR; - } - - if (!EVP_EncryptInit_ex(ctx, cipher, NULL, key, iv)) { - SKFerr(SKF_F_SKF_ENCRYPTINIT, ERR_R_EVP_LIB); - goto end; - } - - ((SKF_HANDLE *)hKey)->type = SKF_CIPHER_HANDLE; - ((SKF_HANDLE *)hKey)->u.cipher_ctx = ctx; - ctx = NULL; - - ret = SAR_OK; -end: - EVP_CIPHER_CTX_free(ctx); - return ret; -} - -ULONG DEVAPI SKF_EncryptUpdate(HANDLE hKey, - BYTE *pbData, - ULONG ulDataLen, - BYTE *pbEncryptedData, - ULONG *pulEncryptedLen) -{ - EVP_CIPHER_CTX *ctx; - int inlen, outlen; - - if (!(ctx = SKF_HANDLE_get_cipher_ctx(hKey))) { - SKFerr(SKF_F_SKF_ENCRYPTUPDATE, SKF_R_INVALID_CIPHER_CTX_HANDLE); - return SAR_INVALIDPARAMERR; - } - - //FIXME: check INT_MAX - inlen = ulDataLen; - outlen = *pulEncryptedLen; - if (!EVP_EncryptUpdate(ctx, pbEncryptedData, &outlen, pbData, inlen)) { - SKFerr(SKF_F_SKF_ENCRYPTUPDATE, ERR_R_EVP_LIB); - return SAR_FAIL; - } - - *pulEncryptedLen = outlen; - return SAR_OK; -} - -ULONG DEVAPI SKF_EncryptFinal(HANDLE hKey, - BYTE *pbEncryptedData, - ULONG *pulEncryptedDataLen) -{ - EVP_CIPHER_CTX *ctx; - int outlen; - - if (!(ctx = SKF_HANDLE_get_cipher_ctx(hKey))) { - SKFerr(SKF_F_SKF_ENCRYPTFINAL, SKF_R_INVALID_CIPHER_CTX_HANDLE); - return SAR_INVALIDPARAMERR; - } - - outlen = *pulEncryptedDataLen; - if (!EVP_EncryptFinal(ctx, pbEncryptedData, &outlen)) { - SKFerr(SKF_F_SKF_ENCRYPTFINAL, ERR_R_EVP_LIB); - return SAR_FAIL; - } - - *pulEncryptedDataLen = outlen; - EVP_CIPHER_CTX_free(ctx); - ((SKF_HANDLE *)hKey)->u.cipher_ctx = NULL; - ((SKF_HANDLE *)hKey)->type = SKF_KEY_HANDLE; - return SAR_OK; -} - -ULONG DEVAPI SKF_DecryptInit(HANDLE hKey, - BLOCKCIPHERPARAM DecryptParam) -{ - ULONG ret = SAR_FAIL; - BLOCKCIPHERPARAM *param = &DecryptParam; - EVP_CIPHER_CTX *ctx = NULL; - const EVP_CIPHER *cipher; - unsigned char *key; - unsigned char *iv; - - if (!(cipher = SKF_HANDLE_get_cipher(hKey, param))) { - SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_KEY_HANDLE); - return SAR_INVALIDPARAMERR; - } - if (!(key = SKF_HANDLE_get_key(hKey))) { - SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_KEY_HANDLE); - return SAR_INVALIDPARAMERR; - } - if (param->IVLen != SMS4_IV_LENGTH) { - SKFerr(SKF_F_SKF_DECRYPTINIT, SKF_R_INVALID_IV_LENGTH); - ret = SAR_INVALIDPARAMERR; - goto end; - } - iv = param->IV; - - if (!(ctx = EVP_CIPHER_CTX_new())) { - SKFerr(SKF_F_SKF_DECRYPTINIT, ERR_R_EVP_LIB); - goto end; - } - - if (!EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) { - SKFerr(SKF_F_SKF_DECRYPTINIT, ERR_R_EVP_LIB); - goto end; - } - - ((SKF_HANDLE *)hKey)->type = SKF_CIPHER_HANDLE; - ((SKF_HANDLE *)hKey)->u.cipher_ctx = ctx; - ctx = NULL; - - ret = SAR_OK; -end: - EVP_CIPHER_CTX_free(ctx); - return ret; - - return SAR_OK; -} - -ULONG DEVAPI SKF_DecryptUpdate(HANDLE hKey, - BYTE *pbEncryptedData, - ULONG ulEncryptedLen, - BYTE *pbData, - ULONG *pulDataLen) -{ - EVP_CIPHER_CTX *ctx; - int inlen, outlen; - - if (!(ctx = SKF_HANDLE_get_cipher_ctx(hKey))) { - SKFerr(SKF_F_SKF_DECRYPTUPDATE, SKF_R_INVALID_CIPHER_CTX_HANDLE); - return SAR_INVALIDPARAMERR; - } - - //FIXME: check INT_MAX - inlen = ulEncryptedLen; - outlen = *pulDataLen; - if (!EVP_DecryptUpdate(ctx, pbData, &outlen, pbEncryptedData, inlen)) { - SKFerr(SKF_F_SKF_DECRYPTUPDATE, ERR_R_EVP_LIB); - return SAR_FAIL; - } - - *pulDataLen = outlen; - return SAR_OK; -} - -ULONG DEVAPI SKF_DecryptFinal(HANDLE hKey, - BYTE *pbDecryptedData, - ULONG *pulDecryptedDataLen) -{ - EVP_CIPHER_CTX *ctx; - int len; - - if (!(ctx = SKF_HANDLE_get_cipher_ctx(hKey))) { - SKFerr(SKF_F_SKF_DECRYPTFINAL, SKF_R_INVALID_KEY_HANDLE); - return SAR_INVALIDPARAMERR; - } - - if (!EVP_DecryptFinal(ctx, pbDecryptedData, &len)) { - return SAR_FAIL; - } - - *pulDecryptedDataLen = len; - EVP_CIPHER_CTX_free(ctx); - ((SKF_HANDLE *)hKey)->u.cipher_ctx = NULL; - ((SKF_HANDLE *)hKey)->type = SKF_KEY_HANDLE; - return SAR_OK; -} - -ULONG DEVAPI SKF_Encrypt(HANDLE hKey, - BYTE *pbData, - ULONG ulDataLen, - BYTE *pbEncryptedData, - ULONG *pulEncryptedLen) -{ - ULONG rv; - BYTE *p; - ULONG len; - - p = pbEncryptedData; - len = *pulEncryptedLen; - if ((rv = SKF_EncryptUpdate(hKey, pbData, ulDataLen, p, &len)) != SAR_OK) { - SKFerr(SKF_F_SKF_ENCRYPT, ERR_R_GMAPI_LIB); - return rv; - } - - p += len; - len = *pulEncryptedLen - len; - if ((rv = SKF_EncryptFinal(hKey, p, &len)) != SAR_OK) { - SKFerr(SKF_F_SKF_ENCRYPT, ERR_R_GMAPI_LIB); - return rv; - } - - *pulEncryptedLen = p + len - pbEncryptedData; - return SAR_OK; -} - -ULONG DEVAPI SKF_Decrypt(HANDLE hKey, - BYTE *pbEncryptedData, - ULONG ulEncryptedLen, - BYTE *pbData, - ULONG *pulDataLen) -{ - ULONG rv; - BYTE *p; - ULONG len; - - p = pbData; - len = *pulDataLen; - if ((rv = SKF_DecryptUpdate(hKey, pbEncryptedData, ulEncryptedLen, p, &len)) != SAR_OK) { - SKFerr(SKF_F_SKF_DECRYPT, ERR_R_GMAPI_LIB); - return rv; - } - - p += len; - len = *pulDataLen - len; - if ((rv = SKF_DecryptFinal(hKey, p, &len)) != SAR_OK) { - SKFerr(SKF_F_SKF_DECRYPT, ERR_R_GMAPI_LIB); - return rv; - } - - *pulDataLen = p + len - pbData; - return SAR_OK; -} - diff --git a/crypto/skf/skf_err.c b/crypto/skf/skf_err.c index 3efed92e..e69de29b 100644 --- a/crypto/skf/skf_err.c +++ b/crypto/skf/skf_err.c @@ -1,122 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR - -# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SKF,func,0) -# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SKF,0,reason) - -static ERR_STRING_DATA SKF_str_functs[] = { - {ERR_FUNC(SKF_F_SKF_CLOSEHANDLE), "SKF_CloseHandle"}, - {ERR_FUNC(SKF_F_SKF_DECRYPT), "SKF_Decrypt"}, - {ERR_FUNC(SKF_F_SKF_DECRYPTFINAL), "SKF_DecryptFinal"}, - {ERR_FUNC(SKF_F_SKF_DECRYPTINIT), "SKF_DecryptInit"}, - {ERR_FUNC(SKF_F_SKF_DECRYPTUPDATE), "SKF_DecryptUpdate"}, - {ERR_FUNC(SKF_F_SKF_DIGEST), "SKF_Digest"}, - {ERR_FUNC(SKF_F_SKF_DIGESTFINAL), "SKF_DigestFinal"}, - {ERR_FUNC(SKF_F_SKF_DIGESTINIT), "SKF_DigestInit"}, - {ERR_FUNC(SKF_F_SKF_DIGESTUPDATE), "SKF_DigestUpdate"}, - {ERR_FUNC(SKF_F_SKF_ENCRYPT), "SKF_Encrypt"}, - {ERR_FUNC(SKF_F_SKF_ENCRYPTFINAL), "SKF_EncryptFinal"}, - {ERR_FUNC(SKF_F_SKF_ENCRYPTINIT), "SKF_EncryptInit"}, - {ERR_FUNC(SKF_F_SKF_ENCRYPTUPDATE), "SKF_EncryptUpdate"}, - {ERR_FUNC(SKF_F_SKF_EXTECCDECRYPT), "SKF_ExtECCDecrypt"}, - {ERR_FUNC(SKF_F_SKF_EXTECCENCRYPT), "SKF_ExtECCEncrypt"}, - {ERR_FUNC(SKF_F_SKF_EXTECCSIGN), "SKF_ExtECCSign"}, - {ERR_FUNC(SKF_F_SKF_EXTECCVERIFY), "SKF_ExtECCVerify"}, - {ERR_FUNC(SKF_F_SKF_EXTRSAPRIKEYOPERATION), "SKF_ExtRSAPriKeyOperation"}, - {ERR_FUNC(SKF_F_SKF_EXTRSAPUBKEYOPERATION), "SKF_ExtRSAPubKeyOperation"}, - {ERR_FUNC(SKF_F_SKF_GENEXTECCKEYPAIR), "SKF_GenExtECCKeyPair"}, - {ERR_FUNC(SKF_F_SKF_GENEXTRSAKEY), "SKF_GenExtRSAKey"}, - {ERR_FUNC(SKF_F_SKF_GENRANDOM), "SKF_GenRandom"}, - {ERR_FUNC(SKF_F_SKF_GETDEVINFO), "SKF_GetDevInfo"}, - {ERR_FUNC(SKF_F_SKF_GETDEVSTATE), "SKF_GetDevState"}, - {ERR_FUNC(SKF_F_SKF_HANDLE_GET_CBCMAC_CTX), "SKF_HANDLE_get_cbcmac_ctx"}, - {ERR_FUNC(SKF_F_SKF_HANDLE_GET_CIPHER), "SKF_HANDLE_get_cipher"}, - {ERR_FUNC(SKF_F_SKF_HANDLE_GET_CIPHER_CTX), "SKF_HANDLE_get_cipher_ctx"}, - {ERR_FUNC(SKF_F_SKF_HANDLE_GET_CMAC_CTX), "SKF_HANDLE_get_cmac_ctx"}, - {ERR_FUNC(SKF_F_SKF_HANDLE_GET_KEY), "SKF_HANDLE_get_key"}, - {ERR_FUNC(SKF_F_SKF_HANDLE_GET_MD_CTX), "SKF_HANDLE_get_md_ctx"}, - {ERR_FUNC(SKF_F_SKF_MAC), "SKF_Mac"}, - {ERR_FUNC(SKF_F_SKF_MACFINAL), "SKF_MacFinal"}, - {ERR_FUNC(SKF_F_SKF_MACINIT), "SKF_MacInit"}, - {ERR_FUNC(SKF_F_SKF_MACUPDATE), "SKF_MacUpdate"}, - {ERR_FUNC(SKF_F_SKF_SETSYMMKEY), "SKF_SetSymmKey"}, - {0, NULL} -}; - -static ERR_STRING_DATA SKF_str_reasons[] = { - {ERR_REASON(SKF_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(SKF_R_CTX_NOT_CREATED), "ctx not created"}, - {ERR_REASON(SKF_R_DECRYPT_FAILED), "decrypt failed"}, - {ERR_REASON(SKF_R_ENCODE_CIPHERTEXT_FAILED), "encode ciphertext failed"}, - {ERR_REASON(SKF_R_ENCODE_FAILED), "encode failed"}, - {ERR_REASON(SKF_R_ENCODE_SIGNATURE_FAILED), "encode signature failed"}, - {ERR_REASON(SKF_R_ENCRYPT_FAILED), "encrypt failed"}, - {ERR_REASON(SKF_R_FAIL), "fail"}, - {ERR_REASON(SKF_R_GEN_RSA_FAILED), "gen rsa failed"}, - {ERR_REASON(SKF_R_GET_PRIVATE_KEY_FAILED), "get private key failed"}, - {ERR_REASON(SKF_R_GET_PUBLIC_KEY_FAILED), "get public key failed"}, - {ERR_REASON(SKF_R_INVALID_ALGID), "invalid algid"}, - {ERR_REASON(SKF_R_INVALID_ALGOR), "invalid algor"}, - {ERR_REASON(SKF_R_INVALID_ARGUMENTS), "invalid arguments"}, - {ERR_REASON(SKF_R_INVALID_BLOB), "invalid blob"}, - {ERR_REASON(SKF_R_INVALID_CIPHERTEXT), "invalid ciphertext"}, - {ERR_REASON(SKF_R_INVALID_CIPHERTEXT_LENGTH), - "invalid ciphertext length"}, - {ERR_REASON(SKF_R_INVALID_CIPHER_CTX_HANDLE), - "invalid cipher ctx handle"}, - {ERR_REASON(SKF_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, - {ERR_REASON(SKF_R_INVALID_ECC_PRIVATE_KEY), "invalid ecc private key"}, - {ERR_REASON(SKF_R_INVALID_ECC_PUBLIC_KEY), "invalid ecc public key"}, - {ERR_REASON(SKF_R_INVALID_EC_PRIVATE_KEY), "invalid ec private key"}, - {ERR_REASON(SKF_R_INVALID_EC_PUBLIC_KEY), "invalid ec public key"}, - {ERR_REASON(SKF_R_INVALID_FEED_BIT_LENGTH), "invalid feed bit length"}, - {ERR_REASON(SKF_R_INVALID_HANDLE), "invalid handle"}, - {ERR_REASON(SKF_R_INVALID_HANDLE_ALGOR), "invalid handle algor"}, - {ERR_REASON(SKF_R_INVALID_HANDLE_MAGIC), "invalid handle magic"}, - {ERR_REASON(SKF_R_INVALID_HANDLE_TYPE), "invalid handle type"}, - {ERR_REASON(SKF_R_INVALID_HASH_HANDLE), "invalid hash handle"}, - {ERR_REASON(SKF_R_INVALID_ID_LENGTH), "invalid id length"}, - {ERR_REASON(SKF_R_INVALID_INPUT_LENGTH), "invalid input length"}, - {ERR_REASON(SKF_R_INVALID_IV_LENGTH), "invalid iv length"}, - {ERR_REASON(SKF_R_INVALID_KEY_HANDLE), "invalid key handle"}, - {ERR_REASON(SKF_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_REASON(SKF_R_INVALID_MAC_HANDLE), "invalid mac handle"}, - {ERR_REASON(SKF_R_INVALID_PLAINTEXT_LENGTH), "invalid plaintext length"}, - {ERR_REASON(SKF_R_INVALID_RANDOM_LENGTH), "invalid random length"}, - {ERR_REASON(SKF_R_INVALID_RSA_PUBLIC_KEY), "invalid rsa public key"}, - {ERR_REASON(SKF_R_INVALID_SIGNATURE), "invalid signature"}, - {ERR_REASON(SKF_R_MALLOC_FAILED), "malloc failed"}, - {ERR_REASON(SKF_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_REASON(SKF_R_NULL_ARGUMENT), "null argument"}, - {ERR_REASON(SKF_R_SIGN_FAILED), "sign failed"}, - {ERR_REASON(SKF_R_VERIFY_NOT_PASS), "verify not pass"}, - {0, NULL} -}; - -#endif - -int ERR_load_SKF_strings(void) -{ -#ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(SKF_str_functs[0].error) == NULL) { - ERR_load_strings(0, SKF_str_functs); - ERR_load_strings(0, SKF_str_reasons); - } -#endif - return 1; -} diff --git a/crypto/skf/skf_handle.c b/crypto/skf/skf_handle.c deleted file mode 100644 index fef6439a..00000000 --- a/crypto/skf/skf_handle.c +++ /dev/null @@ -1,248 +0,0 @@ -/* crypto/gmapi/skf_handle.c */ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include -#include -#include "skf_lcl.h" - -unsigned char *SKF_HANDLE_get_key(HANDLE hKey) -{ - SKF_HANDLE *handle; - - if (!(handle = (SKF_HANDLE *)hKey)) { - SKFerr(SKF_F_SKF_HANDLE_GET_KEY, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (handle->magic != SKF_HANDLE_MAGIC) { - SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_HANDLE_MAGIC); - return NULL; - } - if (handle->type < SKF_KEY_HANDLE) { - SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_HANDLE_TYPE); - return NULL; - } - - switch (handle->algid) { - case SGD_SM4_ECB: - case SGD_SM4_CBC: - case SGD_SM4_CFB: - case SGD_SM4_OFB: - case SGD_SM4_MAC: - break; - default: - SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_ALGOR); - return NULL; - } - - if (!handle->keylen) { - SKFerr(SKF_F_SKF_HANDLE_GET_KEY, SKF_R_INVALID_KEY_HANDLE); - return NULL; - } - return handle->key; -} - -const EVP_CIPHER *SKF_HANDLE_get_cipher(HANDLE hKey, BLOCKCIPHERPARAM *param) -{ - SKF_HANDLE *handle = (SKF_HANDLE *)hKey; - if (!SKF_HANDLE_get_key(hKey)) { - SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_KEY_HANDLE); - return NULL; - } - - switch (handle->algid) { - case SGD_SM4_ECB: - return EVP_sms4_ecb(); - case SGD_SM4_CBC: - return EVP_sms4_cbc(); - case SGD_SM4_OFB: - return EVP_sms4_ofb(); - case SGD_SM4_CFB: - switch (param->FeedBitLen) { - case 1: return EVP_sms4_cfb1(); - case 8: return EVP_sms4_cfb8(); - case 128: return EVP_sms4_cfb128(); - } - SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_FEED_BIT_LENGTH); - return NULL; - } - - SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER, SKF_R_INVALID_HANDLE_ALGOR); - return NULL; -} - -EVP_MD_CTX *SKF_HANDLE_get_md_ctx(HANDLE hHash) -{ - EVP_MD_CTX *ret; - SKF_HANDLE *handle; - - if (!(handle = (SKF_HANDLE *)hHash)) { - SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (handle->magic != SKF_HANDLE_MAGIC) { - SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_INVALID_HANDLE_MAGIC); - return NULL; - } - if (handle->type != SKF_HASH_HANDLE) { - SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_INVALID_HANDLE_TYPE); - return NULL; - } - - if (!(ret = handle->u.md_ctx)) { - SKFerr(SKF_F_SKF_HANDLE_GET_MD_CTX, SKF_R_CTX_NOT_CREATED); - return NULL; - } - return ret; -} - -CMAC_CTX *SKF_HANDLE_get_cmac_ctx(HANDLE hMac) -{ - CMAC_CTX *ret; - SKF_HANDLE *handle; - - if (!(handle = (SKF_HANDLE *)hMac)) { - SKFerr(SKF_F_SKF_HANDLE_GET_CMAC_CTX, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (handle->magic != SKF_HANDLE_MAGIC) { - SKFerr(SKF_F_SKF_HANDLE_GET_CMAC_CTX, SKF_R_INVALID_HANDLE_MAGIC); - return NULL; - } - if (handle->type != SKF_MAC_HANDLE) { - SKFerr(SKF_F_SKF_HANDLE_GET_CMAC_CTX, SKF_R_INVALID_HANDLE_TYPE); - return NULL; - } - - if (!(ret = handle->u.cbcmac_ctx)) { - SKFerr(SKF_F_SKF_HANDLE_GET_CMAC_CTX, SKF_R_CTX_NOT_CREATED); - return NULL; - } - return ret; -} - -EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(HANDLE hKey) -{ - EVP_CIPHER_CTX *ret; - SKF_HANDLE *handle; - - if (!(handle = (SKF_HANDLE *)hKey)) { - SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (handle->magic != SKF_HANDLE_MAGIC) { - SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_INVALID_HANDLE_MAGIC); - return NULL; - } - if (handle->type != SKF_CIPHER_HANDLE) { - SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_INVALID_HANDLE_TYPE); - return NULL; - } - - if (!(ret = handle->u.cipher_ctx)) { - SKFerr(SKF_F_SKF_HANDLE_GET_CIPHER_CTX, SKF_R_CTX_NOT_CREATED); - return NULL; - } - return ret; -} - -int SKF_HANDLE_free(HANDLE handle) -{ - return 0; -} - - -HANDLE SKF_HANDLE_new(int type) -{ - - return NULL; -} - -ULONG DEVAPI SKF_CloseHandle(HANDLE hHandle) -{ - SKF_HANDLE *handle; - return SAR_OK; //FIXME: - - if (!(handle = (SKF_HANDLE *)hHandle)) { - return SAR_OK; - } - - if (handle->magic != SKF_HANDLE_MAGIC) { - SKFerr(SKF_F_SKF_CLOSEHANDLE, SKF_R_INVALID_HANDLE_MAGIC); - return SAR_INVALIDPARAMERR; - } - - switch (handle->type) { - case SKF_KEY_HANDLE: - OPENSSL_cleanse(handle->key, EVP_MAX_KEY_LENGTH); - // FIXME: we need to make sure there are no pending operation - if (handle->u.cipher_ctx) { - EVP_CIPHER_CTX_cleanup(handle->u.cipher_ctx); - } - break; - - case SKF_MAC_HANDLE: - CMAC_CTX_cleanup(handle->u.cbcmac_ctx); - break; - - case SKF_HASH_HANDLE: - EVP_MD_CTX_cleanup(handle->u.md_ctx); - break; - - default: - SKFerr(SKF_F_SKF_CLOSEHANDLE, SKF_R_INVALID_HANDLE_TYPE); - return SAR_INVALIDPARAMERR; - } - - /* now we remove this handle from list */ - - return SAR_OK; -} diff --git a/crypto/skf/skf_handle.d.tmp b/crypto/skf/skf_handle.d.tmp deleted file mode 100644 index 3748cdef..00000000 --- a/crypto/skf/skf_handle.d.tmp +++ /dev/null @@ -1,16 +0,0 @@ -crypto/skf/skf_handle.o: crypto/skf/skf_handle.c include/openssl/gmskf.h \ - include/openssl/sgd.h include/openssl/skf.h include/openssl/gmapi.h \ - include/openssl/ec.h include/openssl/opensslconf.h \ - include/openssl/asn1.h include/openssl/e_os2.h include/openssl/bio.h \ - include/openssl/crypto.h include/openssl/stack.h \ - include/openssl/safestack.h include/openssl/opensslv.h \ - include/openssl/ossl_typ.h include/openssl/symhacks.h \ - include/openssl/bn.h include/openssl/sm2.h include/openssl/err.h \ - include/openssl/lhash.h include/openssl/evp.h \ - include/openssl/objects.h include/openssl/obj_mac.h \ - include/openssl/kdf2.h include/openssl/kdf.h include/openssl/x509.h \ - include/openssl/buffer.h include/openssl/rsa.h include/openssl/dsa.h \ - include/openssl/dh.h include/openssl/sha.h include/openssl/x509_vfy.h \ - include/openssl/pkcs7.h include/openssl/ecdsa.h include/openssl/sm3.h \ - include/openssl/saf.h include/openssl/sdf.h include/openssl/sof.h \ - crypto/skf/skf_lcl.h include/openssl/cmac.h diff --git a/crypto/skf/skf_lcl.h b/crypto/skf/skf_lcl.h deleted file mode 100644 index 1e50aadc..00000000 --- a/crypto/skf/skf_lcl.h +++ /dev/null @@ -1,107 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_GMAPI_LCL_H -#define HEADER_GMAPI_LCL_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define SKF_HANDLE_MAGIC 0x31323334 -#define SKF_HASH_HANDLE 1 -#define SKF_MAC_HANDLE 2 -#define SKF_KEY_HANDLE 10 -#define SKF_CIPHER_HANDLE 11 - - -typedef struct { - CMAC_CTX *ctx; - int inited; -} SAF_MAC_CTX; - -typedef struct { - CMAC_CTX *cbcmac_ctx; - EVP_CIPHER_CTX *cipher_ctx; - unsigned char *key; - unsigned int keylen; - const EVP_CIPHER *cipher; -} SAF_KEY_HANDLE; - -struct SKF_HANDLE { - unsigned int magic; - int type; - int algid; - unsigned int keylen; - unsigned char key[EVP_MAX_KEY_LENGTH]; - union { - EVP_MD_CTX *md_ctx; - CMAC_CTX *cbcmac_ctx; - EVP_CIPHER_CTX *cipher_ctx; - } u; - struct SKF_HANDLE *next; - struct SKF_HANDLE *prev; -}; - -typedef struct SKF_HANDLE SKF_HANDLE; - -EVP_MD_CTX *SKF_HANDLE_get_md_ctx(HANDLE hHash); -CMAC_CTX *SKF_HANDLE_get_cbcmac_ctx(HANDLE hMac); -const EVP_CIPHER *SKF_HANDLE_get_cipher(HANDLE hKey, BLOCKCIPHERPARAM *param); -EVP_CIPHER_CTX *SKF_HANDLE_get_cipher_ctx(HANDLE hKey); -unsigned char *SKF_HANDLE_get_key(HANDLE hKey); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/crypto/skf/skf_lib.c b/crypto/skf/skf_lib.c new file mode 100644 index 00000000..6f1b6188 --- /dev/null +++ b/crypto/skf/skf_lib.c @@ -0,0 +1,1280 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include "internal/dso.h" +#include "skf_meth.h" + +static SKF_METHOD *skf_method = NULL; + +ULONG SKF_LoadLibrary(const char *so_path) +{ + DSO *dso = NULL; + + dso = DSO_load(NULL, so_path); + SKF_METHOD_load_library(skf_method, dso); + + return SAR_OK; +} + +ULONG SKF_UnloadLibrary(void) +{ + skf_method = NULL; +} + +ULONG DEVAPI SKF_WaitForDevEvent( + LPSTR szDevName, + ULONG *pulDevNameLen, + ULONG *pulEvent) +{ + if (skf_method->WaitForDevEvent) { + return skf_method->WaitForDevEvent( + szDevName, + pulDevNameLen, + pulEvent); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_CancelWaitForDevEvent( + void) +{ + if (skf_method->CancelWaitForDevEvent) { + return skf_method->CancelWaitForDevEvent(); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_EnumDev( + BOOL bPresent, + LPSTR szNameList, + ULONG *pulSize) +{ + if (skf_method->EnumDev) { + return skf_method->EnumDev( + bPresent, + szNameList, + pulSize); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ConnectDev( + LPSTR szName, + DEVHANDLE *phDev) +{ + if (skf_method->ConnectDev) { + return skf_method->ConnectDev( + szName, + phDev); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DisConnectDev( + DEVHANDLE hDev) +{ + if (skf_method->DisConnectDev) { + return skf_method->DisConnectDev( + hDev); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GetDevState( + LPSTR szDevName, + ULONG *pulDevState) +{ + if (skf_method->GetDevState) { + return skf_method->GetDevState( + szDevName, + pulDevState); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_SetLabel( + DEVHANDLE hDev, + LPSTR szLabel) +{ + if (skf_method->SetLabel) { + return skf_method->SetLabel( + hDev, + szLabel); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GetDevInfo( + DEVHANDLE hDev, + DEVINFO *pDevInfo) +{ + if (skf_method->GetDevInfo) { + return skf_method->GetDevInfo( + hDev, + pDevInfo); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_LockDev( + DEVHANDLE hDev, + ULONG ulTimeOut) +{ + if (skf_method->LockDev) { + return skf_method->LockDev( + hDev, + ulTimeOut); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_UnlockDev( + DEVHANDLE hDev) +{ + if (skf_method->UnlockDev) { + return skf_method->UnlockDev( + hDev); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_Transmit( + DEVHANDLE hDev, + BYTE *pbCommand, + ULONG ulCommandLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (skf_method->Transmit) { + return skf_method->Transmit( + hDev, + pbCommand, + ulCommandLen, + pbData, + pulDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ChangeDevAuthKey( + DEVHANDLE hDev, + BYTE *pbKeyValue, + ULONG ulKeyLen) +{ + if (skf_method->ChangeDevAuthKey) { + return skf_method->ChangeDevAuthKey( + hDev, + pbKeyValue, + ulKeyLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DevAuth( + DEVHANDLE hDev, + BYTE *pbAuthData, + ULONG ulLen) +{ + if (skf_method->DevAuth) { + return skf_method->DevAuth( + hDev, + pbAuthData, + ulLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ChangePIN( + HAPPLICATION hApplication, + ULONG ulPINType, + LPSTR szOldPin, + LPSTR szNewPin, + ULONG *pulRetryCount) +{ + if (skf_method->ChangePIN) { + return skf_method->ChangePIN( + hApplication, + ulPINType, + szOldPin, + szNewPin, + pulRetryCount); + } + return SAR_NOTSUPPORTYETERR; +} + +LONG DEVAPI SKF_GetPINInfo( + HAPPLICATION hApplication, + ULONG ulPINType, + ULONG *pulMaxRetryCount, + ULONG *pulRemainRetryCount, + BOOL *pbDefaultPin) +{ + if (skf_method->GetPINInfo) { + return skf_method->GetPINInfo( + hApplication, + ulPINType, + pulMaxRetryCount, + pulRemainRetryCount, + pbDefaultPin); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_VerifyPIN( + HAPPLICATION hApplication, + ULONG ulPINType, + LPSTR szPIN, + ULONG *pulRetryCount) +{ + if (skf_method->VerifyPIN) { + return skf_method->VerifyPIN( + hApplication, + ulPINType, + szPIN, + pulRetryCount); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_UnblockPIN( + HAPPLICATION hApplication, + LPSTR szAdminPIN, + LPSTR szNewUserPIN, + ULONG *pulRetryCount) +{ + if (skf_method->UnblockPIN) { + return skf_method->UnblockPIN( + hApplication, + szAdminPIN, + szNewUserPIN, + pulRetryCount); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ClearSecureState( + HAPPLICATION hApplication) +{ + if (skf_method->ClearSecureState) { + return skf_method->ClearSecureState( + hApplication); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_CreateApplication( + DEVHANDLE hDev, + LPSTR szAppName, + LPSTR szAdminPin, + DWORD dwAdminPinRetryCount, + LPSTR szUserPin, + DWORD dwUserPinRetryCount, + DWORD dwCreateFileRights, + HAPPLICATION *phApplication) +{ + if (skf_method->CreateApplication) { + return skf_method->CreateApplication( + hDev, + szAppName, + szAdminPin, + dwAdminPinRetryCount, + szUserPin, + dwUserPinRetryCount, + dwCreateFileRights, + phApplication); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_EnumApplication( + DEVHANDLE hDev, + LPSTR szAppName, + ULONG *pulSize) +{ + if (skf_method->EnumApplication) { + return skf_method->EnumApplication( + hDev, + szAppName, + pulSize); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DeleteApplication( + DEVHANDLE hDev, + LPSTR szAppName) +{ + if (skf_method->DeleteApplication) { + return skf_method->DeleteApplication( + hDev, + szAppName); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_OpenApplication( + DEVHANDLE hDev, + LPSTR szAppName, + HAPPLICATION *phApplication) +{ + if (skf_method->OpenApplication) { + return skf_method->OpenApplication( + hDev, + szAppName, + phApplication); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_CloseApplication( + HAPPLICATION hApplication) +{ + if (skf_method->CloseApplication) { + return skf_method->CloseApplication( + hApplication); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_CreateFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulFileSize, + ULONG ulReadRights, + ULONG ulWriteRights) +{ + if (skf_method->CreateFile) { + return skf_method->CreateFile( + hApplication, + szFileName, + ulFileSize, + ulReadRights, + ulWriteRights); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DeleteFile( + HAPPLICATION hApplication, + LPSTR szFileName) +{ + if (skf_method->DeleteFile) { + return skf_method->DeleteFile( + hApplication, + szFileName); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_EnumFiles( + HAPPLICATION hApplication, + LPSTR szFileList, + ULONG *pulSize) +{ + if (skf_method->EnumFiles) { + return skf_method->EnumFiles( + hApplication, + szFileList, + pulSize); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GetFileInfo( + HAPPLICATION hApplication, + LPSTR szFileName, + FILEATTRIBUTE *pFileInfo) +{ + if (skf_method->GetFileInfo) { + return skf_method->GetFileInfo( + hApplication, + szFileName, + pFileInfo); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ReadFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulOffset, + ULONG ulSize, + BYTE *pbOutData, + ULONG *pulOutLen) +{ + if (skf_method->ReadFile) { + return skf_method->ReadFile( + hApplication, + szFileName, + ulOffset, + ulSize, + pbOutData, + pulOutLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_WriteFile( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulOffset, + BYTE *pbData, + ULONG ulSize) +{ + if (skf_method->WriteFile) { + return skf_method->WriteFile( + hApplication, + szFileName, + ulOffset, + pbData, + ulSize); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_CreateContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + HCONTAINER *phContainer) +{ + if (skf_method->CreateContainer) { + return skf_method->CreateContainer( + hApplication, + szContainerName, + phContainer); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DeleteContainer( + HAPPLICATION hApplication, + LPSTR szContainerName) +{ + if (skf_method->DeleteContainer) { + return skf_method->DeleteContainer( + hApplication, + szContainerName); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_EnumContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + ULONG *pulSize) +{ + if (skf_method->EnumContainer) { + return skf_method->EnumContainer( + hApplication, + szContainerName, + pulSize); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_OpenContainer( + HAPPLICATION hApplication, + LPSTR szContainerName, + HCONTAINER *phContainer) +{ + if (skf_method->OpenContainer) { + return skf_method->OpenContainer( + hApplication, + szContainerName, + phContainer); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_CloseContainer( + HCONTAINER hContainer) +{ + if (skf_method->CloseContainer) { + return skf_method->CloseContainer( + hContainer); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GetContainerType( + HCONTAINER hContainer, + ULONG *pulContainerType) +{ + if (skf_method->GetContainerType) { + return skf_method->GetContainerType( + hContainer, + pulContainerType); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ImportCertificate( + HCONTAINER hContainer, + BOOL bExportSignKey, + BYTE *pbCert, + ULONG ulCertLen) +{ + if (skf_method->ImportCertificate) { + return skf_method->ImportCertificate( + hContainer, + bExportSignKey, + pbCert, + ulCertLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ExportCertificate( + HCONTAINER hContainer, + BOOL bSignFlag, + BYTE *pbCert, + ULONG *pulCertLen) +{ + if (skf_method->ExportCertificate) { + return skf_method->ExportCertificate( + hContainer, + bSignFlag, + pbCert, + pulCertLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ExportPublicKey( + HCONTAINER hContainer, + BOOL bSignFlag, + BYTE *pbBlob, + ULONG *pulBlobLen) +{ + if (skf_method->ExportPublicKey) { + return skf_method->ExportPublicKey( + hContainer, + bSignFlag, + pbBlob, + pulBlobLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GenRandom( + DEVHANDLE hDev, + BYTE *pbRandom, + ULONG ulRandomLen) +{ + if (skf_method->GenRandom) { + return skf_method->GenRandom( + hDev, + pbRandom, + ulRandomLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GenExtRSAKey( + DEVHANDLE hDev, + ULONG ulBitsLen, + RSAPRIVATEKEYBLOB *pBlob) +{ + if (skf_method->GenExtRSAKey) { + return skf_method->GenExtRSAKey( + hDev, + ulBitsLen, + pBlob); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GenRSAKeyPair( + HCONTAINER hContainer, + ULONG ulBitsLen, + RSAPUBLICKEYBLOB *pBlob) +{ + if (skf_method->GenRSAKeyPair) { + return skf_method->GenRSAKeyPair( + hContainer, + ulBitsLen, + pBlob); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ImportRSAKeyPair( + HCONTAINER hContainer, + ULONG ulSymAlgId, + BYTE *pbWrappedKey, + ULONG ulWrappedKeyLen, + BYTE *pbEncryptedData, + ULONG ulEncryptedDataLen) +{ + if (skf_method->ImportRSAKeyPair) { + return skf_method->ImportRSAKeyPair( + hContainer, + ulSymAlgId, + pbWrappedKey, + ulWrappedKeyLen, + pbEncryptedData, + ulEncryptedDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_RSASignData( + HCONTAINER hContainer, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbSignature, + ULONG *pulSignLen) +{ + if (skf_method->RSASignData) { + return skf_method->RSASignData( + hContainer, + pbData, + ulDataLen, + pbSignature, + pulSignLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_RSAVerify( + DEVHANDLE hDev, + RSAPUBLICKEYBLOB *pRSAPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbSignature, + ULONG ulSignLen) +{ + if (skf_method->RSAVerify) { + return skf_method->RSAVerify( + hDev, + pRSAPubKeyBlob, + pbData, + ulDataLen, + pbSignature, + ulSignLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_RSAExportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + RSAPUBLICKEYBLOB *pPubKey, + BYTE *pbData, + ULONG *pulDataLen, + HANDLE *phSessionKey) +{ + if (skf_method->RSAExportSessionKey) { + return skf_method->RSAExportSessionKey( + hContainer, + ulAlgId, + pPubKey, + pbData, + pulDataLen, + phSessionKey); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ExtRSAPubKeyOperation( + DEVHANDLE hDev, + RSAPUBLICKEYBLOB *pRSAPubKeyBlob, + BYTE *pbInput, + ULONG ulInputLen, + BYTE *pbOutput, + ULONG *pulOutputLen) +{ + if (skf_method->ExtRSAPubKeyOperation) { + return skf_method->ExtRSAPubKeyOperation( + hDev, + pRSAPubKeyBlob, + pbInput, + ulInputLen, + pbOutput, + pulOutputLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ExtRSAPriKeyOperation( + DEVHANDLE hDev, + RSAPRIVATEKEYBLOB *pRSAPriKeyBlob, + BYTE *pbInput, + ULONG ulInputLen, + BYTE *pbOutput, + ULONG *pulOutputLen) +{ + if (skf_method->ExtRSAPriKeyOperation) { + return skf_method->ExtRSAPriKeyOperation( + hDev, + pRSAPriKeyBlob, + pbInput, + ulInputLen, + pbOutput, + pulOutputLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GenECCKeyPair( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pBlob) +{ + if (skf_method->GenECCKeyPair) { + return skf_method->GenECCKeyPair( + hContainer, + ulAlgId, + pBlob); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ImportECCKeyPair( + HCONTAINER hContainer, + ENVELOPEDKEYBLOB *pEnvelopedKeyBlob) +{ + if (skf_method->ImportECCKeyPair) { + return skf_method->ImportECCKeyPair( + hContainer, + pEnvelopedKeyBlob); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ECCSignData( + HCONTAINER hContainer, + BYTE *pbDigest, + ULONG ulDigestLen, + ECCSIGNATUREBLOB *pSignature) +{ + if (skf_method->ECCSignData) { + return skf_method->ECCSignData( + hContainer, + pbDigest, + ulDigestLen, + pSignature); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ECCVerify( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + if (skf_method->ECCVerify) { + return skf_method->ECCVerify( + hDev, + pECCPubKeyBlob, + pbData, + ulDataLen, + pSignature); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ECCExportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pPubKey, + ECCCIPHERBLOB *pData, + HANDLE *phSessionKey) +{ + if (skf_method->ECCExportSessionKey) { + return skf_method->ECCExportSessionKey( + hContainer, + ulAlgId, + pPubKey, + pData, + phSessionKey); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ExtECCEncrypt( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbPlainText, + ULONG ulPlainTextLen, + ECCCIPHERBLOB *pCipherText) +{ + if (skf_method->ExtECCEncrypt) { + return skf_method->ExtECCEncrypt( + hDev, + pECCPubKeyBlob, + pbPlainText, + ulPlainTextLen, + pCipherText); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ExtECCDecrypt( + DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *pECCPriKeyBlob, + ECCCIPHERBLOB *pCipherText, + BYTE *pbPlainText, + ULONG *pulPlainTextLen) +{ + if (skf_method->ExtECCDecrypt) { + return skf_method->ExtECCDecrypt( + hDev, + pECCPriKeyBlob, + pCipherText, + pbPlainText, + pulPlainTextLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ExtECCSign( + DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *pECCPriKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + if (skf_method->ExtECCSign) { + return skf_method->ExtECCSign( + hDev, + pECCPriKeyBlob, + pbData, + ulDataLen, + pSignature); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ExtECCVerify( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature) +{ + if (skf_method->ExtECCVerify) { + return skf_method->ExtECCVerify( + hDev, + pECCPubKeyBlob, + pbData, + ulDataLen, + pSignature); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GenerateAgreementDataWithECC( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phAgreementHandle) +{ + if (skf_method->GenerateAgreementDataWithECC) { + return skf_method->GenerateAgreementDataWithECC( + hContainer, + ulAlgId, + pTempECCPubKeyBlob, + pbID, + ulIDLen, + phAgreementHandle); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC( + HANDLE hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob, + ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + BYTE *pbSponsorID, + ULONG ulSponsorIDLen, + HANDLE *phKeyHandle) +{ + if (skf_method->GenerateAgreementDataAndKeyWithECC) { + return skf_method->GenerateAgreementDataAndKeyWithECC( + hContainer, + ulAlgId, + pSponsorECCPubKeyBlob, + pSponsorTempECCPubKeyBlob, + pTempECCPubKeyBlob, + pbID, + ulIDLen, + pbSponsorID, + ulSponsorIDLen, + phKeyHandle); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_GenerateKeyWithECC( + HANDLE hAgreementHandle, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phKeyHandle) +{ + if (skf_method->GenerateKeyWithECC) { + return skf_method->GenerateKeyWithECC( + hAgreementHandle, + pECCPubKeyBlob, + pTempECCPubKeyBlob, + pbID, + ulIDLen, + phKeyHandle); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_ImportSessionKey( + HCONTAINER hContainer, + ULONG ulAlgId, + BYTE *pbWrapedData, + ULONG ulWrapedLen, + HANDLE *phKey) +{ + if (skf_method->ImportSessionKey) { + return skf_method->ImportSessionKey( + hContainer, + ulAlgId, + pbWrapedData, + ulWrapedLen, + phKey); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_SetSymmKey( + DEVHANDLE hDev, + BYTE *pbKey, + ULONG ulAlgID, + HANDLE *phKey) +{ + if (skf_method->SetSymmKey) { + return skf_method->SetSymmKey( + hDev, + pbKey, + ulAlgID, + phKey); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_EncryptInit( + HANDLE hKey, + BLOCKCIPHERPARAM EncryptParam) +{ + if (skf_method->EncryptInit) { + return skf_method->EncryptInit( + hKey, + EncryptParam); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_Encrypt( + HANDLE hKey, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbEncryptedData, + ULONG *pulEncryptedLen) +{ + if (skf_method->Encrypt) { + return skf_method->Encrypt( + hKey, + pbData, + ulDataLen, + pbEncryptedData, + pulEncryptedLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_EncryptUpdate( + HANDLE hKey, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbEncryptedData, + ULONG *pulEncryptedLen) +{ + if (skf_method->EncryptUpdate) { + return skf_method->EncryptUpdate( + hKey, + pbData, + ulDataLen, + pbEncryptedData, + pulEncryptedLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_EncryptFinal( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG *pulEncryptedDataLen) +{ + if (skf_method->EncryptFinal) { + return skf_method->EncryptFinal( + hKey, + pbEncryptedData, + pulEncryptedDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DecryptInit( + HANDLE hKey, + BLOCKCIPHERPARAM DecryptParam) +{ + if (skf_method->DecryptInit) { + return skf_method->DecryptInit( + hKey, + DecryptParam); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_Decrypt( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG ulEncryptedLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (skf_method->Decrypt) { + return skf_method->Decrypt( + hKey, + pbEncryptedData, + ulEncryptedLen, + pbData, + pulDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DecryptUpdate( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG ulEncryptedLen, + BYTE *pbData, + ULONG *pulDataLen) +{ + if (skf_method->DecryptUpdate) { + return skf_method->DecryptUpdate( + hKey, + pbEncryptedData, + ulEncryptedLen, + pbData, + pulDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DecryptFinal( + HANDLE hKey, + BYTE *pbDecryptedData, + ULONG *pulDecryptedDataLen) +{ + if (skf_method->DecryptFinal) { + return skf_method->DecryptFinal( + hKey, + pbDecryptedData, + pulDecryptedDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DigestInit( + DEVHANDLE hDev, + ULONG ulAlgID, + ECCPUBLICKEYBLOB *pPubKey, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phHash) +{ + if (skf_method->DigestInit) { + return skf_method->DigestInit( + hDev, + ulAlgID, + pPubKey, + pbID, + ulIDLen, + phHash); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_Digest( + HANDLE hHash, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbHashData, + ULONG *pulHashLen) +{ + if (skf_method->Digest) { + return skf_method->Digest( + hHash, + pbData, + ulDataLen, + pbHashData, + pulHashLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DigestUpdate( + HANDLE hHash, + BYTE *pbData, + ULONG ulDataLen) +{ + if (skf_method->DigestUpdate) { + return skf_method->DigestUpdate( + hHash, + pbData, + ulDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_DigestFinal( + HANDLE hHash, + BYTE *pHashData, + ULONG *pulHashLen) +{ + if (skf_method->DigestFinal) { + return skf_method->DigestFinal( + hHash, + pHashData, + pulHashLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_MacInit( + HANDLE hKey, + BLOCKCIPHERPARAM *pMacParam, + HANDLE *phMac) +{ + if (skf_method->MacInit) { + return skf_method->MacInit( + hKey, + pMacParam, + phMac); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_Mac( + HANDLE hMac, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbMacData, + ULONG *pulMacLen) +{ + if (skf_method->Mac) { + return skf_method->Mac( + hMac, + pbData, + ulDataLen, + pbMacData, + pulMacLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_MacUpdate( + HANDLE hMac, + BYTE *pbData, + ULONG ulDataLen) +{ + if (skf_method->MacUpdate) { + return skf_method->MacUpdate( + hMac, + pbData, + ulDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_MacFinal( + HANDLE hMac, + BYTE *pbMacData, + ULONG *pulMacDataLen) +{ + if (skf_method->MacFinal) { + return skf_method->MacFinal( + hMac, + pbMacData, + pulMacDataLen); + } + return SAR_NOTSUPPORTYETERR; +} + +ULONG DEVAPI SKF_CloseHandle( + HANDLE hHandle) +{ + if (skf_method->CloseHandle) { + return skf_method->CloseHandle( + hHandle); + + } + return SAR_NOTSUPPORTYETERR; +} diff --git a/crypto/skf/skf_mac.c b/crypto/skf/skf_mac.c deleted file mode 100644 index 31e5170d..00000000 --- a/crypto/skf/skf_mac.c +++ /dev/null @@ -1,180 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include -#include -#include -#include -#include "skf_lcl.h" - - -ULONG DEVAPI SKF_MacInit(HANDLE hKey, - BLOCKCIPHERPARAM *pMacParam, - HANDLE *phMac) -{ - SKF_HANDLE *key; - SKF_HANDLE *hMac = NULL; - const EVP_CIPHER *cipher; - - if (!(key = (SKF_HANDLE *)hKey)) { - SKFerr(SKF_F_SKF_MACINIT, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - //TODO: check pMacParam - - if (key->magic != SKF_HANDLE_MAGIC) { - SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_HANDLE_MAGIC); - return SAR_INVALIDPARAMERR; - } - - if (key->type < SKF_KEY_HANDLE) { - SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_KEY_HANDLE); - return SAR_INVALIDPARAMERR; - } - - if (key->algid != SGD_SM4_MAC) { - SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_ALGOR); - return SAR_INVALIDPARAMERR; - } - cipher = EVP_sms4_ecb(); - - if (key->keylen < SMS4_KEY_LENGTH) { - SKFerr(SKF_F_SKF_MACINIT, SKF_R_INVALID_KEY_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!(hMac = OPENSSL_malloc(sizeof(*hMac)))) { - SKFerr(SKF_F_SKF_MACINIT, SKF_R_FAIL); - return SAR_FAIL; - } - - hMac->magic = SKF_HANDLE_MAGIC; - hMac->type = SKF_MAC_HANDLE; - hMac->algid = key->algid; - - if (!(hMac->u.cbcmac_ctx = CMAC_CTX_new())) { - SKFerr(SKF_F_SKF_MACINIT, ERR_R_GMAPI_LIB); - goto end; - } - - if (!CMAC_Init(hMac->u.cbcmac_ctx, key->key, key->keylen, cipher, NULL)) { - SKFerr(SKF_F_SKF_MACINIT, ERR_R_GMAPI_LIB); - return SAR_FAIL; - } - - *phMac = hMac; -end: - return SAR_OK; -} - -ULONG DEVAPI SKF_MacUpdate(HANDLE hMac, - BYTE *pbData, - ULONG ulDataLen) -{ - CMAC_CTX *ctx; - - if (!(ctx = SKF_HANDLE_get_cbcmac_ctx(hMac))) { - SKFerr(SKF_F_SKF_MACUPDATE, SKF_R_INVALID_MAC_HANDLE); - return SAR_INVALIDPARAMERR; - } - - if (!CMAC_Update(ctx, pbData, ulDataLen)) { - SKFerr(SKF_F_SKF_MACUPDATE, ERR_R_GMAPI_LIB); - return SAR_FAIL; - } - - return SAR_OK; -} - -ULONG DEVAPI SKF_MacFinal(HANDLE hMac, - BYTE *pbMacData, - ULONG *pulMacDataLen) -{ - CMAC_CTX *ctx; - size_t size; - - if (!(ctx = SKF_HANDLE_get_cbcmac_ctx(hMac))) { - SKFerr(SKF_F_SKF_MACFINAL, SKF_R_INVALID_MAC_HANDLE); - return SAR_INVALIDPARAMERR; - } - - size = *pulMacDataLen; - if (!CMAC_Final(ctx, pbMacData, &size)) { - SKFerr(SKF_F_SKF_MACFINAL, ERR_R_GMAPI_LIB); - return SAR_FAIL; - } - - *pulMacDataLen = (ULONG)size; - return SAR_OK; -} - -ULONG DEVAPI SKF_Mac(HANDLE hMac, - BYTE *pbData, - ULONG ulDataLen, - BYTE *pbMacData, - ULONG *pulMacLen) -{ - ULONG rv; - - if ((rv = SKF_MacUpdate(hMac, pbData, ulDataLen)) != SAR_OK) { - SKFerr(SKF_F_SKF_MAC, ERR_R_GMAPI_LIB); - return rv; - } - - if ((rv = SKF_MacFinal(hMac, pbMacData, pulMacLen)) != SAR_OK) { - SKFerr(SKF_F_SKF_MAC, ERR_R_GMAPI_LIB); - return rv; - } - - return SAR_OK; -} - diff --git a/crypto/skf/skf_meth.c b/crypto/skf/skf_meth.c new file mode 100644 index 00000000..2661db2c --- /dev/null +++ b/crypto/skf/skf_meth.c @@ -0,0 +1,157 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include "internal/dso.h" +#include "internal/sdf_meth.h" + + +SKF_METHOD *SKF_METHOD_load_library(const char *so_path) +{ + SKF_METHOD *ret = NULL; + SKF_METHOD *skf = NULL; + DSO *dso = NULL; + void *func; + int i; + + if (!(dso = DSO_load(NULL, so_path, NULL, 0))) { + goto end; + } + if (!(skf = OPENSSL_zalloc(sizeof(*skf)))) { + goto end; + } + + skf->SKF_WaitForDevEvent = (SKF_WaitForDevEvent_FuncPtr)DSO_bind_func(dso, "SKF_WaitForDevEvent"); + skf->SKF_CancelWaitForDevEvent = (SKF_CancelWaitForDevEvent_FuncPtr)DSO_bind_func(dso, "SKF_CancelWaitForDevEvent"); + skf->SKF_EnumDev = (SKF_EnumDev_FuncPtr)DSO_bind_func(dso, "SKF_EnumDev"); + skf->SKF_ConnectDev = (SKF_ConnectDev_FuncPtr)DSO_bind_func(dso, "SKF_ConnectDev"); + skf->SKF_DisConnectDev = (SKF_DisConnectDev_FuncPtr)DSO_bind_func(dso, "SKF_DisConnectDev"); + skf->SKF_GetDevState = (SKF_GetDevState_FuncPtr)DSO_bind_func(dso, "SKF_GetDevState"); + skf->SKF_SetLabel = (SKF_SetLabel_FuncPtr)DSO_bind_func(dso, "SKF_SetLabel"); + skf->SKF_GetDevInfo = (SKF_GetDevInfo_FuncPtr)DSO_bind_func(dso, "SKF_GetDevInfo"); + skf->SKF_LockDev = (SKF_LockDev_FuncPtr)DSO_bind_func(dso, "SKF_LockDev"); + skf->SKF_UnlockDev = (SKF_UnlockDev_FuncPtr)DSO_bind_func(dso, "SKF_UnlockDev"); + skf->SKF_Transmit = (SKF_Transmit_FuncPtr)DSO_bind_func(dso, "SKF_Transmit"); + skf->SKF_ChangeDevAuthKey = (SKF_ChangeDevAuthKey_FuncPtr)DSO_bind_func(dso, "SKF_ChangeDevAuthKey"); + skf->SKF_DevAuth = (SKF_DevAuth_FuncPtr)DSO_bind_func(dso, "SKF_DevAuth"); + skf->SKF_ChangePIN = (SKF_ChangePIN_FuncPtr)DSO_bind_func(dso, "SKF_ChangePIN"); + skf->SKF_GetPINInfo = (SKF_GetPINInfo_FuncPtr)DSO_bind_func(dso, "SKF_GetPINInfo"); + skf->SKF_VerifyPIN = (SKF_VerifyPIN_FuncPtr)DSO_bind_func(dso, "SKF_VerifyPIN"); + skf->SKF_UnblockPIN = (SKF_UnblockPIN_FuncPtr)DSO_bind_func(dso, "SKF_UnblockPIN"); + skf->SKF_ClearSecureState = (SKF_ClearSecureState_FuncPtr)DSO_bind_func(dso, "SKF_ClearSecureState"); + skf->SKF_CreateApplication = (SKF_CreateApplication_FuncPtr)DSO_bind_func(dso, "SKF_CreateApplication"); + skf->SKF_EnumApplication = (SKF_EnumApplication_FuncPtr)DSO_bind_func(dso, "SKF_EnumApplication"); + skf->SKF_DeleteApplication = (SKF_DeleteApplication_FuncPtr)DSO_bind_func(dso, "SKF_DeleteApplication"); + skf->SKF_OpenApplication = (SKF_OpenApplication_FuncPtr)DSO_bind_func(dso, "SKF_OpenApplication"); + skf->SKF_CloseApplication = (SKF_CloseApplication_FuncPtr)DSO_bind_func(dso, "SKF_CloseApplication"); + skf->SKF_CreateFile = (SKF_CreateFile_FuncPtr)DSO_bind_func(dso, "SKF_CreateFile"); + skf->SKF_DeleteFile = (SKF_DeleteFile_FuncPtr)DSO_bind_func(dso, "SKF_DeleteFile"); + skf->SKF_EnumFiles = (SKF_EnumFiles_FuncPtr)DSO_bind_func(dso, "SKF_EnumFiles"); + skf->SKF_GetFileInfo = (SKF_GetFileInfo_FuncPtr)DSO_bind_func(dso, "SKF_GetFileInfo"); + skf->SKF_ReadFile = (SKF_ReadFile_FuncPtr)DSO_bind_func(dso, "SKF_ReadFile"); + skf->SKF_WriteFile = (SKF_WriteFile_FuncPtr)DSO_bind_func(dso, "SKF_WriteFile"); + skf->SKF_CreateContainer = (SKF_CreateContainer_FuncPtr)DSO_bind_func(dso, "SKF_CreateContainer"); + skf->SKF_DeleteContainer = (SKF_DeleteContainer_FuncPtr)DSO_bind_func(dso, "SKF_DeleteContainer"); + skf->SKF_EnumContainer = (SKF_EnumContainer_FuncPtr)DSO_bind_func(dso, "SKF_EnumContainer"); + skf->SKF_OpenContainer = (SKF_OpenContainer_FuncPtr)DSO_bind_func(dso, "SKF_OpenContainer"); + skf->SKF_CloseContainer = (SKF_CloseContainer_FuncPtr)DSO_bind_func(dso, "SKF_CloseContainer"); + skf->SKF_GetContainerType = (SKF_GetContainerType_FuncPtr)DSO_bind_func(dso, "SKF_GetContainerType"); + skf->SKF_ImportCertificate = (SKF_ImportCertificate_FuncPtr)DSO_bind_func(dso, "SKF_ImportCertificate"); + skf->SKF_ExportCertificate = (SKF_ExportCertificate_FuncPtr)DSO_bind_func(dso, "SKF_ExportCertificate"); + skf->SKF_ExportPublicKey = (SKF_ExportPublicKey_FuncPtr)DSO_bind_func(dso, "SKF_ExportPublicKey"); + skf->SKF_GenRandom = (SKF_GenRandom_FuncPtr)DSO_bind_func(dso, "SKF_GenRandom"); + skf->SKF_GenExtRSAKey = (SKF_GenExtRSAKey_FuncPtr)DSO_bind_func(dso, "SKF_GenExtRSAKey"); + skf->SKF_GenRSAKeyPair = (SKF_GenRSAKeyPair_FuncPtr)DSO_bind_func(dso, "SKF_GenRSAKeyPair"); + skf->SKF_ImportRSAKeyPair = (SKF_ImportRSAKeyPair_FuncPtr)DSO_bind_func(dso, "SKF_ImportRSAKeyPair"); + skf->SKF_RSASignData = (SKF_RSASignData_FuncPtr)DSO_bind_func(dso, "SKF_RSASignData"); + skf->SKF_RSAVerify = (SKF_RSAVerify_FuncPtr)DSO_bind_func(dso, "SKF_RSAVerify"); + skf->SKF_RSAExportSessionKey = (SKF_RSAExportSessionKey_FuncPtr)DSO_bind_func(dso, "SKF_RSAExportSessionKey"); + skf->SKF_ExtRSAPubKeyOperation = (SKF_ExtRSAPubKeyOperation_FuncPtr)DSO_bind_func(dso, "SKF_ExtRSAPubKeyOperation"); + skf->SKF_ExtRSAPriKeyOperation = (SKF_ExtRSAPriKeyOperation_FuncPtr)DSO_bind_func(dso, "SKF_ExtRSAPriKeyOperation"); + skf->SKF_GenECCKeyPair = (SKF_GenECCKeyPair_FuncPtr)DSO_bind_func(dso, "SKF_GenECCKeyPair"); + skf->SKF_ImportECCKeyPair = (SKF_ImportECCKeyPair_FuncPtr)DSO_bind_func(dso, "SKF_ImportECCKeyPair"); + skf->SKF_ECCSignData = (SKF_ECCSignData_FuncPtr)DSO_bind_func(dso, "SKF_ECCSignData"); + skf->SKF_ECCVerify = (SKF_ECCVerify_FuncPtr)DSO_bind_func(dso, "SKF_ECCVerify"); + skf->SKF_ECCExportSessionKey = (SKF_ECCExportSessionKey_FuncPtr)DSO_bind_func(dso, "SKF_ECCExportSessionKey"); + skf->SKF_ExtECCEncrypt = (SKF_ExtECCEncrypt_FuncPtr)DSO_bind_func(dso, "SKF_ExtECCEncrypt"); + skf->SKF_ExtECCDecrypt = (SKF_ExtECCDecrypt_FuncPtr)DSO_bind_func(dso, "SKF_ExtECCDecrypt"); + skf->SKF_ExtECCSign = (SKF_ExtECCSign_FuncPtr)DSO_bind_func(dso, "SKF_ExtECCSign"); + skf->SKF_ExtECCVerify = (SKF_ExtECCVerify_FuncPtr)DSO_bind_func(dso, "SKF_ExtECCVerify"); + skf->SKF_GenerateAgreementDataWithECC = (SKF_GenerateAgreementDataWithECC_FuncPtr)DSO_bind_func(dso, "SKF_GenerateAgreementDataWithECC"); + skf->SKF_GenerateAgreementDataAndKeyWithECC = (SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr)DSO_bind_func(dso, "SKF_GenerateAgreementDataAndKeyWithECC"); + skf->SKF_GenerateKeyWithECC = (SKF_GenerateKeyWithECC_FuncPtr)DSO_bind_func(dso, "SKF_GenerateKeyWithECC"); + skf->SKF_ImportSessionKey = (SKF_ImportSessionKey_FuncPtr)DSO_bind_func(dso, "SKF_ImportSessionKey"); + skf->SKF_SetSymmKey = (SKF_SetSymmKey_FuncPtr)DSO_bind_func(dso, "SKF_SetSymmKey"); + skf->SKF_EncryptInit = (SKF_EncryptInit_FuncPtr)DSO_bind_func(dso, "SKF_EncryptInit"); + skf->SKF_Encrypt = (SKF_Encrypt_FuncPtr)DSO_bind_func(dso, "SKF_Encrypt"); + skf->SKF_EncryptUpdate = (SKF_EncryptUpdate_FuncPtr)DSO_bind_func(dso, "SKF_EncryptUpdate"); + skf->SKF_EncryptFinal = (SKF_EncryptFinal_FuncPtr)DSO_bind_func(dso, "SKF_EncryptFinal"); + skf->SKF_DecryptInit = (SKF_DecryptInit_FuncPtr)DSO_bind_func(dso, "SKF_DecryptInit"); + skf->SKF_Decrypt = (SKF_Decrypt_FuncPtr)DSO_bind_func(dso, "SKF_Decrypt"); + skf->SKF_DecryptUpdate = (SKF_DecryptUpdate_FuncPtr)DSO_bind_func(dso, "SKF_DecryptUpdate"); + skf->SKF_DecryptFinal = (SKF_DecryptFinal_FuncPtr)DSO_bind_func(dso, "SKF_DecryptFinal"); + skf->SKF_DigestInit = (SKF_DigestInit_FuncPtr)DSO_bind_func(dso, "SKF_DigestInit"); + skf->SKF_Digest = (SKF_Digest_FuncPtr)DSO_bind_func(dso, "SKF_Digest"); + skf->SKF_DigestUpdate = (SKF_DigestUpdate_FuncPtr)DSO_bind_func(dso, "SKF_DigestUpdate"); + skf->SKF_DigestFinal = (SKF_DigestFinal_FuncPtr)DSO_bind_func(dso, "SKF_DigestFinal"); + skf->SKF_MacInit = (SKF_MacInit_FuncPtr)DSO_bind_func(dso, "SKF_MacInit"); + skf->SKF_Mac = (SKF_Mac_FuncPtr)DSO_bind_func(dso, "SKF_Mac"); + skf->SKF_MacUpdate = (SKF_MacUpdate_FuncPtr)DSO_bind_func(dso, "SKF_MacUpdate"); + skf->SKF_MacFinal = (SKF_MacFinal_FuncPtr)DSO_bind_func(dso, "SKF_MacFinal"); + skf->SKF_CloseHandle = (SKF_CloseHandle_FuncPtr)DSO_bind_func(dso, "SKF_CloseHandle"); + + ret = skf; + skf = NULL; + +end: + OPENSSL_free(skf); + DSO_free(dso); + return ret; +} + diff --git a/crypto/skf/skf_rand.c b/crypto/skf/skf_rand.c deleted file mode 100644 index 843b5ec7..00000000 --- a/crypto/skf/skf_rand.c +++ /dev/null @@ -1,84 +0,0 @@ -/* crypto/skf/skf_rand.c */ -/* ==================================================================== - * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include -#include -#include -#include -#include "skf_lcl.h" - -#define SKF_DEV_AUTH_RANDOM_LENGTH 16 -#define SKF_MAX_RANDOM_LENGTH (1024*1024*1024) -//FIXME: INT_MAX - -ULONG DEVAPI SKF_GenRandom(DEVHANDLE hDev, - BYTE *pbRandom, - ULONG ulRandomLen) -{ - if (!pbRandom) { - SKFerr(SKF_F_SKF_GENRANDOM, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (ulRandomLen > SKF_MAX_RANDOM_LENGTH) { - SKFerr(SKF_F_SKF_GENRANDOM, SKF_R_INVALID_RANDOM_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!RAND_bytes(pbRandom, ulRandomLen)) { - SKFerr(SKF_F_SKF_GENRANDOM, ERR_R_GMAPI_LIB); - return SAR_GENRANDERR; - } - - return SAR_OK; -} - diff --git a/crypto/skf/skf_rsa.c b/crypto/skf/skf_rsa.c deleted file mode 100644 index c4ab35d0..00000000 --- a/crypto/skf/skf_rsa.c +++ /dev/null @@ -1,222 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include -#include -#include -#include "../rsa/rsa_locl.h" - - -ULONG DEVAPI SKF_GenExtRSAKey(DEVHANDLE hDev, - ULONG ulBitsLen, - RSAPRIVATEKEYBLOB *pBlob) -{ - ULONG ret = SAR_FAIL; - RSA *rsa = NULL; - - if ((ulBitsLen > MAX_RSA_MODULUS_LEN * 8) || (ulBitsLen < 1024) || - (ulBitsLen % 8 != 0)) { - SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_INVALID_KEY_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!pBlob) { - SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (!(rsa = RSA_new())) { - SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_MALLOC_FAILED); - return SAR_FAIL; - } - - if (!RSA_generate_key_ex(rsa, ulBitsLen, NULL, NULL)) { - SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_GEN_RSA_FAILED); - goto end; - } - - if (!RSA_get_RSAPRIVATEKEYBLOB(rsa, pBlob)) { - SKFerr(SKF_F_SKF_GENEXTRSAKEY, SKF_R_ENCODE_FAILED); - goto end; - } - - ret = SAR_OK; -end: - RSA_free(rsa); - return ret; -} - -ULONG DEVAPI SKF_ExtRSAPubKeyOperation(DEVHANDLE hDev, - RSAPUBLICKEYBLOB *pRSAPubKeyBlob, - BYTE *pbInput, - ULONG ulInputLen, - BYTE *pbOutput, - ULONG *pulOutputLen) -{ - ULONG ret = SAR_FAIL; - RSA *rsa = NULL; - int inlen, outlen; - - if (!pRSAPubKeyBlob || !pbInput || !pulOutputLen) { - SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (pRSAPubKeyBlob->AlgID != SGD_RSA) { - SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_INVALID_ALGOR); - return SAR_INVALIDPARAMERR; - } - if (pRSAPubKeyBlob->BitLen % 8) { - SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_INVALID_KEY_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (ulInputLen * 8 != pRSAPubKeyBlob->BitLen) { - SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_INVALID_INPUT_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!pbOutput) { - *pulOutputLen = pRSAPubKeyBlob->BitLen / 8; - return SAR_OK; - } - - if (*pulOutputLen < pRSAPubKeyBlob->BitLen / 8) { - SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_BUFFER_TOO_SMALL); - return SAR_BUFFER_TOO_SMALL; - } - - if (!(rsa = RSA_new_from_RSAPUBLICKEYBLOB(pRSAPubKeyBlob))) { - SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, SKF_R_INVALID_RSA_PUBLIC_KEY); - goto end; - } - - inlen = (int)ulInputLen; - if ((outlen = RSA_public_encrypt(inlen, pbInput, pbOutput, rsa, RSA_NO_PADDING)) < 0) { - SKFerr(SKF_F_SKF_EXTRSAPUBKEYOPERATION, ERR_R_RSA_LIB); - goto end; - } - - *pulOutputLen = outlen; - ret = SAR_OK; -end: - RSA_free(rsa); - return ret; -} - -ULONG DEVAPI SKF_ExtRSAPriKeyOperation(DEVHANDLE hDev, - RSAPRIVATEKEYBLOB *pRSAPriKeyBlob, - BYTE *pbInput, - ULONG ulInputLen, - BYTE *pbOutput, - ULONG *pulOutputLen) -{ - ULONG ret = SAR_FAIL; - RSA *rsa = NULL; - int inlen, outlen; - - if (!pRSAPriKeyBlob || !pbInput || !pulOutputLen) { - SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_NULL_ARGUMENT); - return SAR_INVALIDPARAMERR; - } - - if (pRSAPriKeyBlob->AlgID != SGD_RSA) { - SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_INVALID_ALGOR); - return SAR_INVALIDPARAMERR; - } - if (pRSAPriKeyBlob->BitLen % 8) { - SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_INVALID_KEY_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (ulInputLen * 8 != pRSAPriKeyBlob->BitLen) { - SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_INVALID_INPUT_LENGTH); - return SAR_INVALIDPARAMERR; - } - - if (!pbOutput) { - *pulOutputLen = pRSAPriKeyBlob->BitLen / 8; - return SAR_OK; - } - - if (*pulOutputLen < pRSAPriKeyBlob->BitLen / 8) { - SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_BUFFER_TOO_SMALL); - return SAR_BUFFER_TOO_SMALL; - } - - if (!(rsa = RSA_new_from_RSAPRIVATEKEYBLOB(pRSAPriKeyBlob))) { - SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, SKF_R_INVALID_RSA_PUBLIC_KEY); - goto end; - } - - inlen = (int)ulInputLen; - if ((outlen = RSA_private_decrypt(inlen, pbInput, pbOutput, rsa, RSA_NO_PADDING)) < 0) { - SKFerr(SKF_F_SKF_EXTRSAPRIKEYOPERATION, ERR_R_RSA_LIB); - goto end; - } - - *pulOutputLen = outlen; - ret = SAR_OK; -end: - RSA_free(rsa); - return ret; -} - -ULONG DEVAPI SKF_RSAVerify(DEVHANDLE hDev, - RSAPUBLICKEYBLOB *pRSAPubKeyBlob, - BYTE *pbData, - ULONG ulDataLen, - BYTE *pbSignature, - ULONG ulSignLen) -{ - return SAR_FAIL; -} - diff --git a/crypto/skf/skf_sesskey.c b/crypto/skf/skf_sesskey.c deleted file mode 100644 index 2a9f3e6b..00000000 --- a/crypto/skf/skf_sesskey.c +++ /dev/null @@ -1,98 +0,0 @@ -/* crypto/skf/skf_sesskey.c */ -/* ==================================================================== - * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include -#include -#include -#include -#include -#include "skf_lcl.h" - -#define PADDING_TYPE_NO_PADDING 0 -#define PADDING_TYPE_PKCS5 1 - - -ULONG DEVAPI SKF_SetSymmKey(DEVHANDLE hDev, - BYTE *pbKey, - ULONG ulAlgID, - HANDLE *phKey) -{ - SKF_HANDLE *hKey = NULL; - - if (!(hKey = OPENSSL_malloc(sizeof(*hKey)))) { - SKFerr(SKF_F_SKF_SETSYMMKEY, SKF_R_MALLOC_FAILED); - return SAR_FAIL; - } - memset(hKey, 0, sizeof(*hKey)); - - hKey->magic = SKF_HANDLE_MAGIC; - hKey->type = SKF_KEY_HANDLE; - - switch (ulAlgID) { - case SGD_SM4_ECB: - case SGD_SM4_CBC: - case SGD_SM4_CFB: - case SGD_SM4_OFB: - case SGD_SM4_MAC: - hKey->algid = ulAlgID; - hKey->keylen = SMS4_KEY_LENGTH; - break; - default: - SKFerr(SKF_F_SKF_SETSYMMKEY, SKF_R_INVALID_ALGOR); - return SAR_INVALIDPARAMERR; - } - memcpy(hKey->key, pbKey, hKey->keylen); - - *phKey = hKey; - return SAR_OK; -} - diff --git a/crypto/skf/skf_token.c b/crypto/skf/skf_token.c deleted file mode 100644 index 98845555..00000000 --- a/crypto/skf/skf_token.c +++ /dev/null @@ -1,394 +0,0 @@ -/* crypto/skf/skf_app.c */ -/* ==================================================================== - * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - -#include -#include - -ULONG DEVAPI SKF_WaitForDevEvent(LPSTR szDevName, - ULONG *pulDevNameLen, - ULONG *pulEvent) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_CancelWaitForDevEvent(void) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_SetLabel(DEVHANDLE hDev, - LPSTR szLabel) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_LockDev(DEVHANDLE hDev, - ULONG ulTimeOut) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_UnlockDev(DEVHANDLE hDev) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_Transmit(DEVHANDLE hDev, - BYTE* pbCommand, - ULONG ulCommandLen, - BYTE* pbData, - ULONG* pulDataLen) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ChangeDevAuthKey(DEVHANDLE hDev, - BYTE *pbKeyValue, - ULONG ulKeyLen) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_DevAuth(DEVHANDLE hDev, - BYTE *pbAuthData, - ULONG ulLen) -{ - return SAR_OK; -} - -ULONG DEVAPI SKF_CreateApplication(DEVHANDLE hDev, - LPSTR szAppName, - LPSTR szAdminPin, - DWORD dwAdminPinRetryCount, - LPSTR szUserPin, - DWORD dwUserPinRetryCount, - DWORD dwCreateFileRights, - HAPPLICATION *phApplication) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_EnumApplication(DEVHANDLE hDev, - LPSTR szAppName, - ULONG *pulSize) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_DeleteApplication(DEVHANDLE hDev, - LPSTR szAppName) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_OpenApplication(DEVHANDLE hDev, - LPSTR szAppName, - HAPPLICATION *phApplication) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_CloseApplication(HAPPLICATION hApplication) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ChangePIN(HAPPLICATION hApplication, - ULONG ulPINType, - LPSTR szOldPin, - LPSTR szNewPin, - ULONG *pulRetryCount) -{ - return SAR_NOTSUPPORTYETERR; -} - -LONG DEVAPI SKF_GetPINInfo(HAPPLICATION hApplication, - ULONG ulPINType, - ULONG *pulMaxRetryCount, - ULONG *pulRemainRetryCount, - BOOL *pbDefaultPin) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_VerifyPIN(HAPPLICATION hApplication, - ULONG ulPINType, - LPSTR szPIN, - ULONG *pulRetryCount) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_UnblockPIN(HAPPLICATION hApplication, - LPSTR szAdminPIN, - LPSTR szNewUserPIN, - ULONG *pulRetryCount) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ClearSecureState(HAPPLICATION hApplication) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_CreateContainer(HAPPLICATION hApplication, - LPSTR szContainerName, - HCONTAINER *phContainer) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_DeleteContainer(HAPPLICATION hApplication, - LPSTR szContainerName) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_EnumContainer(HAPPLICATION hApplication, - LPSTR szContainerName, - ULONG *pulSize) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_OpenContainer(HAPPLICATION hApplication, - LPSTR szContainerName, - HCONTAINER *phContainer) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_CloseContainer(HCONTAINER hContainer) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_GetContainerType(HCONTAINER hContainer, - ULONG *pulContainerType) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ImportCertificate(HCONTAINER hContainer, - BOOL bSignFlag, - BYTE *pbCert, - ULONG ulCertLen) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ExportCertificate(HCONTAINER hContainer, - BOOL bSignFlag, - BYTE *pbCert, - ULONG *pulCertLen) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_CreateFile(HAPPLICATION hApplication, - LPSTR szFileName, - ULONG ulFileSize, - ULONG ulReadRights, - ULONG ulWriteRights) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_EnumFiles(HAPPLICATION hApplication, - LPSTR szFileList, - ULONG *pulSize) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_GetFileInfo(HAPPLICATION hApplication, - LPSTR szFileName, - FILEATTRIBUTE *pFileInfo) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ReadFile(HAPPLICATION hApplication, - LPSTR szFileName, - ULONG ulOffset, - ULONG ulSize, - BYTE *pbOutData, - ULONG *pulOutLen) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_WriteFile(HAPPLICATION hApplication, - LPSTR szFileName, - ULONG ulOffset, - BYTE *pbData, - ULONG ulSize) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_DeleteFile(HAPPLICATION hApplication, - LPSTR szFileName) -{ - return SAR_NOTSUPPORTYETERR; -} - - -ULONG DEVAPI SKF_GenECCKeyPair(HCONTAINER hContainer, - ULONG ulAlgId, - ECCPUBLICKEYBLOB *pBlob) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ImportECCKeyPair(HCONTAINER hContainer, - ENVELOPEDKEYBLOB *pEnvelopedKeyBlob) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ECCSignData(HCONTAINER hContainer, - BYTE *pbData, - ULONG ulDataLen, - ECCSIGNATUREBLOB *pSignature) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_GenerateAgreementDataWithECC(HCONTAINER hContainer, - ULONG ulAlgId, - ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, - BYTE *pbID, - ULONG ulIDLen, - HANDLE *phAgreementHandle) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(HANDLE hContainer, - ULONG ulAlgId, - ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob, - ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob, - ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, - BYTE *pbID, - ULONG ulIDLen, - BYTE *pbSponsorID, - ULONG ulSponsorIDLen, - HANDLE *phKeyHandle) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_GenerateKeyWithECC(HANDLE hAgreementHandle, - ECCPUBLICKEYBLOB *pECCPubKeyBlob, - ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, - BYTE *pbID, - ULONG ulIDLen, - HANDLE *phKeyHandle) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_GenRSAKeyPair(HCONTAINER hContainer, - ULONG ulBitsLen, - RSAPUBLICKEYBLOB *pBlob) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ImportRSAKeyPair(HCONTAINER hContainer, - ULONG ulSymAlgId, - BYTE *pbWrappedKey, - ULONG ulWrappedKeyLen, - BYTE *pbEncryptedData, - ULONG ulEncryptedDataLen) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_RSASignData(HCONTAINER hContainer, - BYTE *pbData, - ULONG ulDataLen, - BYTE *pbSignature, - ULONG *pulSignLen) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ImportSessionKey(HCONTAINER hContainer, - ULONG ulAlgId, - BYTE *pbWrapedData, - ULONG ulWrapedLen, - HANDLE *phKey) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_RSAExportSessionKey(HCONTAINER hContainer, - ULONG ulAlgId, - RSAPUBLICKEYBLOB *pPubKey, - BYTE *pbData, - ULONG *pulDataLen, - HANDLE *phSessionKey) -{ - return SAR_NOTSUPPORTYETERR; -} - -ULONG DEVAPI SKF_ECCExportSessionKey(HCONTAINER hContainer, - ULONG ulAlgId, - ECCPUBLICKEYBLOB *pPubKey, - ECCCIPHERBLOB *pData, - HANDLE *phSessionKey) -{ - return SAR_NOTSUPPORTYETERR; -} - diff --git a/include/internal/sdf_meth.h b/include/internal/sdf_meth.h new file mode 100644 index 00000000..ef10e5e2 --- /dev/null +++ b/include/internal/sdf_meth.h @@ -0,0 +1,443 @@ +/* ==================================================================== + * Copyright (c) 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_SDF_METH_H +#define HEADER_SDF_METH_H + +#include +#include +#include "internal/dso.h" + + +typedef int (*SDF_OpenDevice_FuncPtr)( + void **phDeviceHandle); + +typedef int (*SDF_CloseDevice_FuncPtr)( + void *hDeviceHandle); + +typedef int (*SDF_OpenSession_FuncPtr)( + void *hDeviceHandle, + void **phSessionHandle); + +typedef int (*SDF_CloseSession_FuncPtr)( + void *hSessionHandle); + +typedef int (*SDF_GetDeviceInfo_FuncPtr)( + void *hSessionHandle, + DEVICEINFO *pstDeviceInfo); + +typedef int (*SDF_GenerateRandom_FuncPtr)( + void *hSessionHandle, + unsigned int uiLength, + unsigned char *pucRandom); + +typedef int (*SDF_GetPrivateKeyAccessRight_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned char *pucPassword, + unsigned int uiPwdLength); + +typedef int (*SDF_ReleasePrivateKeyAccessRight_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex); + +typedef int (*SDF_ExportSignPublicKey_RSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey); + +typedef int (*SDF_ExportEncPublicKey_RSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey); + +typedef int (*SDF_GenerateKeyPair_RSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyBits, + RSArefPublicKey *pucPublicKey, + RSArefPrivateKey *pucPrivateKey); + +typedef int (*SDF_GenerateKeyWithIPK_RSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned int uiKeyBits, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle); + +typedef int (*SDF_GenerateKeyWithEPK_RSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyBits, + RSArefPublicKey *pucPublicKey, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle); + +typedef int (*SDF_ImportKeyWithISK_RSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned char *pucKey, + unsigned int uiKeyLength, + void **phKeyHandle); + +typedef int (*SDF_ExchangeDigitEnvelopeBaseOnRSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey, + unsigned char *pucDEInput, + unsigned int uiDELength, + unsigned char *pucDEOutput, + unsigned int *puiDELength); + +typedef int (*SDF_ExportSignPublicKey_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + ECCrefPublicKey *pucPublicKey); + +typedef int (*SDF_ExportEncPublicKey_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + ECCrefPublicKey *pucPublicKey); + +typedef int (*SDF_GenerateKeyPair_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiAlgID, + unsigned int uiKeyBits, + ECCrefPublicKey *pucPublicKey, + ECCrefPrivateKey *pucPrivateKey); + +typedef int (*SDF_GenerateKeyWithIPK_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned int uiKeyBits, + ECCCipher *pucKey, + void **phKeyHandle); + +typedef int (*SDF_GenerateKeyWithEPK_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyBits, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + ECCCipher *pucKey, + void **phKeyHandle); + +typedef int (*SDF_ImportKeyWithISK_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiISKIndex, + ECCCipher *pucKey, + void **phKeyHandle); + +typedef int (*SDF_GenerateAgreementDataWithECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned int uiKeyBits, + unsigned char *pucSponsorID, + unsigned int uiSponsorIDLength, + ECCrefPublicKey *pucSponsorPublicKey, + ECCrefPublicKey *pucSponsorTmpPublicKey, + void **phAgreementHandle); + +typedef int (*SDF_GenerateKeyWithECC_FuncPtr)( + void *hSessionHandle, + unsigned char *pucResponseID, + unsigned int uiResponseIDLength, + ECCrefPublicKey *pucResponsePublicKey, + ECCrefPublicKey *pucResponseTmpPublicKey, + void *hAgreementHandle, + void **phKeyHandle); + +typedef int (*SDF_GenerateAgreementDataAndKeyWithECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned int uiKeyBits, + unsigned char *pucResponseID, + unsigned int uiResponseIDLength, + unsigned char *pucSponsorID, + unsigned int uiSponsorIDLength, + ECCrefPublicKey *pucSponsorPublicKey, + ECCrefPublicKey *pucSponsorTmpPublicKey, + ECCrefPublicKey *pucResponsePublicKey, + ECCrefPublicKey *pucResponseTmpPublicKey, + void **phKeyHandle); + +typedef int (*SDF_ExchangeDigitEnvelopeBaseOnECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + ECCCipher *pucEncDataIn, + ECCCipher *pucEncDataOut); + +typedef int (*SDF_GenerateKeyWithKEK_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyBits, + unsigned int uiAlgID, + unsigned int uiKEKIndex, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle); + +typedef int (*SDF_ImportKeyWithKEK_FuncPtr)( + void *hSessionHandle, + unsigned int uiAlgID, + unsigned int uiKEKIndex, + unsigned char *pucKey, + unsigned int uiKeyLength, + void **phKeyHandle); + +typedef int (*SDF_DestroyKey_FuncPtr)( + void *hSessionHandle, + void *hKeyHandle); + +typedef int (*SDF_ExternalPublicKeyOperation_RSA_FuncPtr)( + void *hSessionHandle, + RSArefPublicKey *pucPublicKey, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength); + +typedef int (*SDF_InternalPublicKeyOperation_RSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength); + +typedef int (*SDF_InternalPrivateKeyOperation_RSA_FuncPtr)( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength); + +typedef int (*SDF_ExternalVerify_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucDataInput, + unsigned int uiInputLength, + ECCSignature *pucSignature); + +typedef int (*SDF_InternalSign_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned char *pucData, + unsigned int uiDataLength, + ECCSignature *pucSignature); + +typedef int (*SDF_InternalVerify_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned char *pucData, + unsigned int uiDataLength, + ECCSignature *pucSignature); + +typedef int (*SDF_ExternalEncrypt_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucData, + unsigned int uiDataLength, + ECCCipher *pucEncData); + +typedef int (*SDF_ExternalDecrypt_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPrivateKey *pucPrivateKey, + ECCCipher *pucEncData, + unsigned char *pucData, + unsigned int *puiDataLength); + +typedef int (*SDF_InternalEncrypt_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned int uiAlgID, + unsigned char *pucData, + unsigned int uiDataLength, + ECCCipher *pucEncData); + +typedef int (*SDF_InternalDecrypt_ECC_FuncPtr)( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned int uiAlgID, + ECCCipher *pucEncData, + unsigned char *pucData, + unsigned int *puiDataLength); + +typedef int (*SDF_Encrypt_FuncPtr)( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucData, + unsigned int uiDataLength, + unsigned char *pucEncData, + unsigned int *puiEncDataLength); + +typedef int (*SDF_Decrypt_FuncPtr)( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucEncData, + unsigned int uiEncDataLength, + unsigned char *pucData, + unsigned int *puiDataLength); + +typedef int (*SDF_CalculateMAC_FuncPtr)( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucData, + unsigned int uiDataLength, + unsigned char *pucMAC, + unsigned int *puiMACLength); + +typedef int (*SDF_HashInit_FuncPtr)( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucID, + unsigned int uiIDLength); + +typedef int (*SDF_HashUpdate_FuncPtr)( + void *hSessionHandle, + unsigned char *pucData, + unsigned int uiDataLength); + +typedef int (*SDF_HashFinal_FuncPtr)(void *hSessionHandle, + unsigned char *pucHash, + unsigned int *puiHashLength); + +typedef int (*SDF_CreateFile_FuncPtr)( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiFileSize); + +typedef int (*SDF_ReadFile_FuncPtr)( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiOffset, + unsigned int *puiReadLength, + unsigned char *pucBuffer); + +typedef int (*SDF_WriteFile_FuncPtr)( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiOffset, + unsigned int uiWriteLength, + unsigned char *pucBuffer); + +typedef int (*SDF_DeleteFile_FuncPtr)( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen); + +typedef struct sdf_method_st { + char *name; + SDF_OpenDevice_FuncPtr OpenDevice; + SDF_CloseDevice_FuncPtr CloseDevice; + SDF_OpenSession_FuncPtr OpenSession; + SDF_CloseSession_FuncPtr CloseSession; + SDF_GetDeviceInfo_FuncPtr GetDeviceInfo; + SDF_GenerateRandom_FuncPtr GenerateRandom; + SDF_GetPrivateKeyAccessRight_FuncPtr GetPrivateKeyAccessRight; + SDF_ReleasePrivateKeyAccessRight_FuncPtr ReleasePrivateKeyAccessRight; + SDF_ExportSignPublicKey_RSA_FuncPtr ExportSignPublicKey_RSA; + SDF_ExportEncPublicKey_RSA_FuncPtr ExportEncPublicKey_RSA; + SDF_GenerateKeyPair_RSA_FuncPtr GenerateKeyPair_RSA; + SDF_GenerateKeyWithIPK_RSA_FuncPtr GenerateKeyWithIPK_RSA; + SDF_GenerateKeyWithEPK_RSA_FuncPtr GenerateKeyWithEPK_RSA; + SDF_ImportKeyWithISK_RSA_FuncPtr ImportKeyWithISK_RSA; + SDF_ExchangeDigitEnvelopeBaseOnRSA_FuncPtr ExchangeDigitEnvelopeBaseOnRSA; + SDF_ExportSignPublicKey_ECC_FuncPtr ExportSignPublicKey_ECC; + SDF_ExportEncPublicKey_ECC_FuncPtr ExportEncPublicKey_ECC; + SDF_GenerateKeyPair_ECC_FuncPtr GenerateKeyPair_ECC; + SDF_GenerateKeyWithIPK_ECC_FuncPtr GenerateKeyWithIPK_ECC; + SDF_GenerateKeyWithEPK_ECC_FuncPtr GenerateKeyWithEPK_ECC; + SDF_ImportKeyWithISK_ECC_FuncPtr ImportKeyWithISK_ECC; + SDF_GenerateAgreementDataWithECC_FuncPtr GenerateAgreementDataWithECC; + SDF_GenerateKeyWithECC_FuncPtr GenerateKeyWithECC; + SDF_GenerateAgreementDataAndKeyWithECC_FuncPtr GenerateAgreementDataAndKeyWithECC; + SDF_ExchangeDigitEnvelopeBaseOnECC_FuncPtr ExchangeDigitEnvelopeBaseOnECC; + SDF_GenerateKeyWithKEK_FuncPtr GenerateKeyWithKEK; + SDF_ImportKeyWithKEK_FuncPtr ImportKeyWithKEK; + SDF_DestroyKey_FuncPtr DestroyKey; + SDF_ExternalPublicKeyOperation_RSA_FuncPtr ExternalPublicKeyOperation_RSA; + SDF_InternalPublicKeyOperation_RSA_FuncPtr InternalPublicKeyOperation_RSA; + SDF_InternalPrivateKeyOperation_RSA_FuncPtr InternalPrivateKeyOperation_RSA; + SDF_ExternalVerify_ECC_FuncPtr ExternalVerify_ECC; + SDF_InternalSign_ECC_FuncPtr InternalSign_ECC; + SDF_InternalVerify_ECC_FuncPtr InternalVerify_ECC; + SDF_ExternalEncrypt_ECC_FuncPtr ExternalEncrypt_ECC; + SDF_ExternalDecrypt_ECC_FuncPtr ExternalDecrypt_ECC; + SDF_InternalEncrypt_ECC_FuncPtr InternalEncrypt_ECC; + SDF_InternalDecrypt_ECC_FuncPtr InternalDecrypt_ECC; + SDF_Encrypt_FuncPtr Encrypt; + SDF_Decrypt_FuncPtr Decrypt; + SDF_CalculateMAC_FuncPtr CalculateMAC; + SDF_HashInit_FuncPtr HashInit; + SDF_HashUpdate_FuncPtr HashUpdate; + SDF_HashFinal_FuncPtr HashFinal; + SDF_CreateFile_FuncPtr CreateFile; + SDF_ReadFile_FuncPtr ReadFile; + SDF_WriteFile_FuncPtr WriteFile; + SDF_DeleteFile_FuncPtr DeleteFile; +} SDF_METHOD; + +SDF_METHOD *SDF_METHOD_load_library(const char *so_path); + +#endif diff --git a/include/internal/skf_meth.h b/include/internal/skf_meth.h new file mode 100644 index 00000000..f3c9752a --- /dev/null +++ b/include/internal/skf_meth.h @@ -0,0 +1,616 @@ +/* ==================================================================== + * Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_SKF_METH_H +#define HEADER_SKF_METH_H + + +typedef signed char INT8; +typedef signed short INT16; +typedef signed int INT32; +typedef unsigned char UINT8; +typedef unsigned short UINT16; +typedef unsigned int UINT32; +typedef long BOOL; +typedef UINT8 BYTE; +typedef UINT8 CHAR; +typedef INT16 SHORT; +typedef UINT16 USHORT; +typedef INT32 LONG; +typedef UINT32 ULONG; +typedef UINT32 UINT; +typedef UINT16 WORD; +typedef UINT32 DWORD; +typedef UINT32 FLAGS; +typedef CHAR * LPSTR; +typedef void * HANDLE; + + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef ULONG (*SKF_WaitForDevEvent_FuncPtr)( + LPSTR szDevName, + ULONG *pulDevNameLen, + ULONG *pulEvent); + +typedef ULONG (*SKF_CancelWaitForDevEvent_FuncPtr)( + void); + +typedef ULONG (*SKF_EnumDev_FuncPtr)( + BOOL bPresent, + LPSTR szNameList, + ULONG *pulSize); + +typedef ULONG (*SKF_ConnectDev_FuncPtr)( + LPSTR szName, + DEVHANDLE *phDev); + +typedef ULONG (*SKF_DisConnectDev_FuncPtr)( + DEVHANDLE hDev); + +typedef ULONG (*SKF_GetDevState_FuncPtr)( + LPSTR szDevName, + ULONG *pulDevState); + +typedef ULONG (*SKF_SetLabel_FuncPtr)( + DEVHANDLE hDev, + LPSTR szLabel); + +typedef ULONG (*SKF_GetDevInfo_FuncPtr)( + DEVHANDLE hDev, + DEVINFO *pDevInfo); + +typedef ULONG (*SKF_LockDev_FuncPtr)( + DEVHANDLE hDev, + ULONG ulTimeOut); + +typedef ULONG (*SKF_UnlockDev_FuncPtr)( + DEVHANDLE hDev); + +typedef ULONG (*SKF_Transmit_FuncPtr)( + DEVHANDLE hDev, + BYTE *pbCommand, + ULONG ulCommandLen, + BYTE *pbData, + ULONG *pulDataLen); + +typedef ULONG (*SKF_ChangeDevAuthKey_FuncPtr)( + DEVHANDLE hDev, + BYTE *pbKeyValue, + ULONG ulKeyLen); + +typedef ULONG (*SKF_DevAuth_FuncPtr)( + DEVHANDLE hDev, + BYTE *pbAuthData, + ULONG ulLen); + +typedef ULONG (*SKF_ChangePIN_FuncPtr)( + HAPPLICATION hApplication, + ULONG ulPINType, + LPSTR szOldPin, + LPSTR szNewPin, + ULONG *pulRetryCount); + +typedef LONG (*SKF_GetPINInfo_FuncPtr)( + HAPPLICATION hApplication, + ULONG ulPINType, + ULONG *pulMaxRetryCount, + ULONG *pulRemainRetryCount, + BOOL *pbDefaultPin); + +typedef ULONG (*SKF_VerifyPIN_FuncPtr)( + HAPPLICATION hApplication, + ULONG ulPINType, + LPSTR szPIN, + ULONG *pulRetryCount); + +typedef ULONG (*SKF_UnblockPIN_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szAdminPIN, + LPSTR szNewUserPIN, + ULONG *pulRetryCount); + +typedef ULONG (*SKF_ClearSecureState_FuncPtr)( + HAPPLICATION hApplication); + +typedef ULONG (*SKF_CreateApplication_FuncPtr)( + DEVHANDLE hDev, + LPSTR szAppName, + LPSTR szAdminPin, + DWORD dwAdminPinRetryCount, + LPSTR szUserPin, + DWORD dwUserPinRetryCount, + DWORD dwCreateFileRights, + HAPPLICATION *phApplication); + +typedef ULONG (*SKF_EnumApplication_FuncPtr)( + DEVHANDLE hDev, + LPSTR szAppName, + ULONG *pulSize); + +typedef ULONG (*SKF_DeleteApplication_FuncPtr)( + DEVHANDLE hDev, + LPSTR szAppName); + +typedef ULONG (*SKF_OpenApplication_FuncPtr)( + DEVHANDLE hDev, + LPSTR szAppName, + HAPPLICATION *phApplication); + +typedef ULONG (*SKF_CloseApplication_FuncPtr)( + HAPPLICATION hApplication); + +typedef ULONG (*SKF_CreateFile_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulFileSize, + ULONG ulReadRights, + ULONG ulWriteRights); + +typedef ULONG (*SKF_DeleteFile_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szFileName); + +typedef ULONG (*SKF_EnumFiles_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szFileList, + ULONG *pulSize); + +typedef ULONG (*SKF_GetFileInfo_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szFileName, + FILEATTRIBUTE *pFileInfo); + +typedef ULONG (*SKF_ReadFile_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulOffset, + ULONG ulSize, + BYTE *pbOutData, + ULONG *pulOutLen); + +typedef ULONG (*SKF_WriteFile_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szFileName, + ULONG ulOffset, + BYTE *pbData, + ULONG ulSize); + +typedef ULONG (*SKF_CreateContainer_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szContainerName, + HCONTAINER *phContainer); + +typedef ULONG (*SKF_DeleteContainer_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szContainerName); + +typedef ULONG (*SKF_EnumContainer_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szContainerName, + ULONG *pulSize); + +typedef ULONG (*SKF_OpenContainer_FuncPtr)( + HAPPLICATION hApplication, + LPSTR szContainerName, + HCONTAINER *phContainer); + +typedef ULONG (*SKF_CloseContainer_FuncPtr)( + HCONTAINER hContainer); + +typedef ULONG (*SKF_GetContainerType_FuncPtr)( + HCONTAINER hContainer, + ULONG *pulContainerType); + +typedef ULONG (*SKF_ImportCertificate_FuncPtr)( + HCONTAINER hContainer, + BOOL bExportSignKey, + BYTE *pbCert, + ULONG ulCertLen); + +typedef ULONG (*SKF_ExportCertificate_FuncPtr)( + HCONTAINER hContainer, + BOOL bSignFlag, + BYTE *pbCert, + ULONG *pulCertLen); + +typedef ULONG (*SKF_ExportPublicKey_FuncPtr)( + HCONTAINER hContainer, + BOOL bSignFlag, + BYTE *pbBlob, + ULONG *pulBlobLen); + +typedef ULONG (*SKF_GenRandom_FuncPtr)( + DEVHANDLE hDev, + BYTE *pbRandom, + ULONG ulRandomLen); + +typedef ULONG (*SKF_GenExtRSAKey_FuncPtr)( + DEVHANDLE hDev, + ULONG ulBitsLen, + RSAPRIVATEKEYBLOB *pBlob); + +typedef ULONG (*SKF_GenRSAKeyPair_FuncPtr)( + HCONTAINER hContainer, + ULONG ulBitsLen, + RSAPUBLICKEYBLOB *pBlob); + +typedef ULONG (*SKF_ImportRSAKeyPair_FuncPtr)( + HCONTAINER hContainer, + ULONG ulSymAlgId, + BYTE *pbWrappedKey, + ULONG ulWrappedKeyLen, + BYTE *pbEncryptedData, + ULONG ulEncryptedDataLen); + +typedef ULONG (*SKF_RSASignData_FuncPtr)( + HCONTAINER hContainer, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbSignature, + ULONG *pulSignLen); + +typedef ULONG (*SKF_RSAVerify_FuncPtr)( + DEVHANDLE hDev, + RSAPUBLICKEYBLOB *pRSAPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbSignature, + ULONG ulSignLen); + +typedef ULONG (*SKF_RSAExportSessionKey_FuncPtr)( + HCONTAINER hContainer, + ULONG ulAlgId, + RSAPUBLICKEYBLOB *pPubKey, + BYTE *pbData, + ULONG *pulDataLen, + HANDLE *phSessionKey); + +typedef ULONG (*SKF_ExtRSAPubKeyOperation_FuncPtr)( + DEVHANDLE hDev, + RSAPUBLICKEYBLOB *pRSAPubKeyBlob, + BYTE *pbInput, + ULONG ulInputLen, + BYTE *pbOutput, + ULONG *pulOutputLen); + +typedef ULONG (*SKF_ExtRSAPriKeyOperation_FuncPtr)( + DEVHANDLE hDev, + RSAPRIVATEKEYBLOB *pRSAPriKeyBlob, + BYTE *pbInput, + ULONG ulInputLen, + BYTE *pbOutput, + ULONG *pulOutputLen); + +typedef ULONG (*SKF_GenECCKeyPair_FuncPtr)( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pBlob); + +typedef ULONG (*SKF_ImportECCKeyPair_FuncPtr)( + HCONTAINER hContainer, + ENVELOPEDKEYBLOB *pEnvelopedKeyBlob); + +typedef ULONG (*SKF_ECCSignData_FuncPtr)( + HCONTAINER hContainer, + BYTE *pbDigest, + ULONG ulDigestLen, + ECCSIGNATUREBLOB *pSignature); + +typedef ULONG (*SKF_ECCVerify_FuncPtr)( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature); + +typedef ULONG (*SKF_ECCExportSessionKey_FuncPtr)( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pPubKey, + ECCCIPHERBLOB *pData, + HANDLE *phSessionKey); + +typedef ULONG (*SKF_ExtECCEncrypt_FuncPtr)( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbPlainText, + ULONG ulPlainTextLen, + ECCCIPHERBLOB *pCipherText); + +typedef ULONG (*SKF_ExtECCDecrypt_FuncPtr)( + DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *pECCPriKeyBlob, + ECCCIPHERBLOB *pCipherText, + BYTE *pbPlainText, + ULONG *pulPlainTextLen); + +typedef ULONG (*SKF_ExtECCSign_FuncPtr)( + DEVHANDLE hDev, + ECCPRIVATEKEYBLOB *pECCPriKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature); + +typedef ULONG (*SKF_ExtECCVerify_FuncPtr)( + DEVHANDLE hDev, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + BYTE *pbData, + ULONG ulDataLen, + ECCSIGNATUREBLOB *pSignature); + +typedef ULONG (*SKF_GenerateAgreementDataWithECC_FuncPtr)( + HCONTAINER hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phAgreementHandle); + +typedef ULONG (*SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr)( + HANDLE hContainer, + ULONG ulAlgId, + ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob, + ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + BYTE *pbSponsorID, + ULONG ulSponsorIDLen, + HANDLE *phKeyHandle); + +typedef ULONG (*SKF_GenerateKeyWithECC_FuncPtr)( + HANDLE hAgreementHandle, + ECCPUBLICKEYBLOB *pECCPubKeyBlob, + ECCPUBLICKEYBLOB *pTempECCPubKeyBlob, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phKeyHandle); + +typedef ULONG (*SKF_ImportSessionKey_FuncPtr)( + HCONTAINER hContainer, + ULONG ulAlgId, + BYTE *pbWrapedData, + ULONG ulWrapedLen, + HANDLE *phKey); + +typedef ULONG (*SKF_SetSymmKey_FuncPtr)( + DEVHANDLE hDev, + BYTE *pbKey, + ULONG ulAlgID, + HANDLE *phKey); + +typedef ULONG (*SKF_EncryptInit_FuncPtr)( + HANDLE hKey, + BLOCKCIPHERPARAM EncryptParam); + +typedef ULONG (*SKF_Encrypt_FuncPtr)( + HANDLE hKey, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbEncryptedData, + ULONG *pulEncryptedLen); + +typedef ULONG (*SKF_EncryptUpdate_FuncPtr)( + HANDLE hKey, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbEncryptedData, + ULONG *pulEncryptedLen); + +typedef ULONG (*SKF_EncryptFinal_FuncPtr)( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG *pulEncryptedDataLen); + +typedef ULONG (*SKF_DecryptInit_FuncPtr)( + HANDLE hKey, + BLOCKCIPHERPARAM DecryptParam); + +typedef ULONG (*SKF_Decrypt_FuncPtr)( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG ulEncryptedLen, + BYTE *pbData, + ULONG *pulDataLen); + +typedef ULONG (*SKF_DecryptUpdate_FuncPtr)( + HANDLE hKey, + BYTE *pbEncryptedData, + ULONG ulEncryptedLen, + BYTE *pbData, + ULONG *pulDataLen); + +typedef ULONG (*SKF_DecryptFinal_FuncPtr)( + HANDLE hKey, + BYTE *pbDecryptedData, + ULONG *pulDecryptedDataLen); + +typedef ULONG (*SKF_DigestInit_FuncPtr)( + DEVHANDLE hDev, + ULONG ulAlgID, + ECCPUBLICKEYBLOB *pPubKey, + BYTE *pbID, + ULONG ulIDLen, + HANDLE *phHash); + +typedef ULONG (*SKF_Digest_FuncPtr)( + HANDLE hHash, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbHashData, + ULONG *pulHashLen); + +typedef ULONG (*SKF_DigestUpdate_FuncPtr)( + HANDLE hHash, + BYTE *pbData, + ULONG ulDataLen); + +typedef ULONG (*SKF_DigestFinal_FuncPtr)( + HANDLE hHash, + BYTE *pHashData, + ULONG *pulHashLen); + +typedef ULONG (*SKF_MacInit_FuncPtr)( + HANDLE hKey, + BLOCKCIPHERPARAM *pMacParam, + HANDLE *phMac); + +typedef ULONG (*SKF_Mac_FuncPtr)( + HANDLE hMac, + BYTE *pbData, + ULONG ulDataLen, + BYTE *pbMacData, + ULONG *pulMacLen); + +typedef ULONG (*SKF_MacUpdate_FuncPtr)( + HANDLE hMac, + BYTE *pbData, + ULONG ulDataLen); + +typedef ULONG (*SKF_MacFinal_FuncPtr)( + HANDLE hMac, + BYTE *pbMacData, + ULONG *pulMacDataLen); + +typedef ULONG (*SKF_CloseHandle_FuncPtr)( + HANDLE hHandle); + + +typedef struct skf_method_st { + char *name; + SKF_WaitForDevEvent_FuncPtr WaitForDevEvent; + SKF_CancelWaitForDevEvent_FuncPtr CancelWaitForDevEvent; + SKF_EnumDev_FuncPtr EnumDev; + SKF_ConnectDev_FuncPtr ConnectDev; + SKF_DisConnectDev_FuncPtr DisConnectDev; + SKF_GetDevState_FuncPtr GetDevState; + SKF_SetLabel_FuncPtr SetLabel; + SKF_GetDevInfo_FuncPtr GetDevInfo; + SKF_LockDev_FuncPtr LockDev; + SKF_UnlockDev_FuncPtr UnlockDev; + SKF_Transmit_FuncPtr Transmit; + SKF_ChangeDevAuthKey_FuncPtr ChangeDevAuthKey; + SKF_DevAuth_FuncPtr DevAuth; + SKF_ChangePIN_FuncPtr ChangePIN; + SKF_GetPINInfo_FuncPtr GetPINInfo; + SKF_VerifyPIN_FuncPtr VerifyPIN; + SKF_UnblockPIN_FuncPtr UnblockPIN; + SKF_ClearSecureState_FuncPtr ClearSecureState; + SKF_CreateApplication_FuncPtr CreateApplication; + SKF_EnumApplication_FuncPtr EnumApplication; + SKF_DeleteApplication_FuncPtr DeleteApplication; + SKF_OpenApplication_FuncPtr OpenApplication; + SKF_CloseApplication_FuncPtr CloseApplication; + SKF_CreateFile_FuncPtr CreateFile; + SKF_DeleteFile_FuncPtr DeleteFile; + SKF_EnumFiles_FuncPtr EnumFiles; + SKF_GetFileInfo_FuncPtr GetFileInfo; + SKF_ReadFile_FuncPtr ReadFile; + SKF_WriteFile_FuncPtr WriteFile; + SKF_CreateContainer_FuncPtr CreateContainer; + SKF_DeleteContainer_FuncPtr DeleteContainer; + SKF_EnumContainer_FuncPtr EnumContainer; + SKF_OpenContainer_FuncPtr OpenContainer; + SKF_CloseContainer_FuncPtr CloseContainer; + SKF_GetContainerType_FuncPtr GetContainerType; + SKF_ImportCertificate_FuncPtr ImportCertificate; + SKF_ExportCertificate_FuncPtr ExportCertificate; + SKF_ExportPublicKey_FuncPtr ExportPublicKey; + SKF_GenRandom_FuncPtr GenRandom; + SKF_GenExtRSAKey_FuncPtr GenExtRSAKey; + SKF_GenRSAKeyPair_FuncPtr GenRSAKeyPair; + SKF_ImportRSAKeyPair_FuncPtr ImportRSAKeyPair; + SKF_RSASignData_FuncPtr RSASignData; + SKF_RSAVerify_FuncPtr RSAVerify; + SKF_RSAExportSessionKey_FuncPtr RSAExportSessionKey; + SKF_ExtRSAPubKeyOperation_FuncPtr ExtRSAPubKeyOperation; + SKF_ExtRSAPriKeyOperation_FuncPtr ExtRSAPriKeyOperation; + SKF_GenECCKeyPair_FuncPtr GenECCKeyPair; + SKF_ImportECCKeyPair_FuncPtr ImportECCKeyPair; + SKF_ECCSignData_FuncPtr ECCSignData; + SKF_ECCVerify_FuncPtr ECCVerify; + SKF_ECCExportSessionKey_FuncPtr ECCExportSessionKey; + SKF_ExtECCEncrypt_FuncPtr ExtECCEncrypt; + SKF_ExtECCDecrypt_FuncPtr ExtECCDecrypt; + SKF_ExtECCSign_FuncPtr ExtECCSign; + SKF_ExtECCVerify_FuncPtr ExtECCVerify; + SKF_GenerateAgreementDataWithECC_FuncPtr GenerateAgreementDataWithECC; + SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr GenerateAgreementDataAndKeyWithECC; + SKF_GenerateKeyWithECC_FuncPtr GenerateKeyWithECC; + SKF_ImportSessionKey_FuncPtr ImportSessionKey; + SKF_SetSymmKey_FuncPtr SetSymmKey; + SKF_EncryptInit_FuncPtr EncryptInit; + SKF_Encrypt_FuncPtr Encrypt; + SKF_EncryptUpdate_FuncPtr EncryptUpdate; + SKF_EncryptFinal_FuncPtr EncryptFinal; + SKF_DecryptInit_FuncPtr DecryptInit; + SKF_Decrypt_FuncPtr Decrypt; + SKF_DecryptUpdate_FuncPtr DecryptUpdate; + SKF_DecryptFinal_FuncPtr DecryptFinal; + SKF_DigestInit_FuncPtr DigestInit; + SKF_Digest_FuncPtr Digest; + SKF_DigestUpdate_FuncPtr DigestUpdate; + SKF_DigestFinal_FuncPtr DigestFinal; + SKF_MacInit_FuncPtr MacInit; + SKF_Mac_FuncPtr Mac; + SKF_MacUpdate_FuncPtr MacUpdate; + SKF_MacFinal_FuncPtr MacFinal; + SKF_CloseHandle_FuncPtr CloseHandle; +} SKF_METHOD; + +SKF_METHOD *SKF_METHOD_load_library(const char *so_path); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/include/openssl/gmsaf.h b/include/openssl/gmsaf.h index 9021d58f..0a77b383 100644 --- a/include/openssl/gmsaf.h +++ b/include/openssl/gmsaf.h @@ -80,6 +80,7 @@ int ERR_load_SAF_strings(void); # define SAF_F_SAF_BASE64_ENCODE 104 # define SAF_F_SAF_BASE64_ENCODEFINAL 105 # define SAF_F_SAF_BASE64_ENCODEUPDATE 106 +# define SAF_F_SAF_CHANGEPIN 123 # define SAF_F_SAF_CREATESYMMKEYOBJ 107 # define SAF_F_SAF_ECCPUBLICKEYENC 108 # define SAF_F_SAF_ECCPUBLICKEYENCBYCERT 109 @@ -89,7 +90,14 @@ int ERR_load_SAF_strings(void); # define SAF_F_SAF_GENECCKEYPAIR 113 # define SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC 114 # define SAF_F_SAF_GENERATEKEYWITHECC 115 +# define SAF_F_SAF_GENERATEKEYWITHEPK 124 +# define SAF_F_SAF_GENRANDOM 125 # define SAF_F_SAF_GETECCPUBLICKEY 116 +# define SAF_F_SAF_GETVERSION 126 +# define SAF_F_SAF_IMPORTENCEDKEY 127 +# define SAF_F_SAF_INITIALIZE 128 +# define SAF_F_SAF_LOGIN 129 +# define SAF_F_SAF_LOGOUT 130 # define SAF_F_SAF_MACFINAL 117 # define SAF_F_SAF_MACUPDATE 118 # define SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA 119 @@ -100,7 +108,10 @@ int ERR_load_SAF_strings(void); /* Reason codes. */ # define SAF_R_BUFFER_TOO_SMALL 100 # define SAF_R_CBCMAC_FAILURE 101 +# define SAF_R_CMAC_FAILURE 115 +# define SAF_R_ENCRYPT_KEY_FAILURE 116 # define SAF_R_GEN_RANDOM 102 +# define SAF_R_GEN_RANDOM_FAILURE 117 # define SAF_R_INT_OVERFLOW 103 # define SAF_R_INVALID_ALGOR 104 # define SAF_R_INVALID_CONTEXT 105 @@ -111,6 +122,7 @@ int ERR_load_SAF_strings(void); # define SAF_R_INVALID_KEY_USAGE 110 # define SAF_R_INVALID_LENGTH 111 # define SAF_R_MAC_FAILURE 112 +# define SAF_R_NOT_SUPPORTED 118 # define SAF_R_OPERATION_NOT_INITIALIZED 113 # define SAF_R_SAF_ERROR 114 diff --git a/include/openssl/gmsdf.h b/include/openssl/gmsdf.h index e5332eed..fce5bba7 100644 --- a/include/openssl/gmsdf.h +++ b/include/openssl/gmsdf.h @@ -95,81 +95,63 @@ int ERR_load_SDF_strings(void); /* Function codes. */ # define SDF_F_SDF_CALCULATEMAC 100 -# define SDF_F_SDF_CLOSEDEVICE 145 -# define SDF_F_SDF_CLOSESESSION 101 -# define SDF_F_SDF_DECODE_EC_SIGNATURE 102 -# define SDF_F_SDF_DECRYPT 103 -# define SDF_F_SDF_ENCODE_EC_SIGNATURE 104 -# define SDF_F_SDF_ENCRYPT 105 -# define SDF_F_SDF_EXPORTENCPUBLICKEY_ECC 106 -# define SDF_F_SDF_EXPORTENCPUBLICKEY_RSA 107 -# define SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC 108 -# define SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA 109 -# define SDF_F_SDF_EXTERNALDECRYPT_ECC 110 -# define SDF_F_SDF_EXTERNALENCRYPT_ECC 111 -# define SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA 112 -# define SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA 113 -# define SDF_F_SDF_EXTERNALSIGN_ECC 114 -# define SDF_F_SDF_EXTERNALVERIFY_ECC 115 -# define SDF_F_SDF_GENERATEKEYPAIR_ECC 116 -# define SDF_F_SDF_GENERATEKEYPAIR_RSA 117 -# define SDF_F_SDF_GENERATEKEYWITHEPK_ECC 118 -# define SDF_F_SDF_GENERATEKEYWITHEPK_RSA 119 -# define SDF_F_SDF_GENERATEKEYWITHIPK_ECC 120 -# define SDF_F_SDF_GENERATEKEYWITHIPK_RSA 121 -# define SDF_F_SDF_GENERATERANDOM 122 -# define SDF_F_SDF_GETDEVICEINFO 123 -# define SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT 124 -# define SDF_F_SDF_GET_CIPHER 125 -# define SDF_F_SDF_GET_DIGEST 126 -# define SDF_F_SDF_HASHFINAL 127 -# define SDF_F_SDF_HASHINIT 128 -# define SDF_F_SDF_HASHUPDATE 129 -# define SDF_F_SDF_IMPORTKEY 130 -# define SDF_F_SDF_IMPORTKEYWITHISK_ECC 131 -# define SDF_F_SDF_IMPORTKEYWITHISK_RSA 132 -# define SDF_F_SDF_INTERNALDECRYPT_ECC 133 -# define SDF_F_SDF_INTERNALENCRYPT_ECC 134 -# define SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA 135 -# define SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA 136 -# define SDF_F_SDF_INTERNALSIGN_ECC 137 -# define SDF_F_SDF_INTERNALVERIFY_ECC 138 -# define SDF_F_SDF_LOAD_EC_PRIVATE_KEY 139 -# define SDF_F_SDF_LOAD_EC_PUBLIC_KEY 140 -# define SDF_F_SDF_LOAD_RSA_PRIVATE_KEY 141 -# define SDF_F_SDF_LOAD_RSA_PUBLIC_KEY 142 -# define SDF_F_SDF_OPENDEVICE 143 -# define SDF_F_SDF_OPENSESSION 144 -# define SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT 146 +# define SDF_F_SDF_CLOSEDEVICE 101 +# define SDF_F_SDF_CLOSESESSION 102 +# define SDF_F_SDF_CREATEFILE 103 +# define SDF_F_SDF_DECRYPT 104 +# define SDF_F_SDF_DELETEFILE 105 +# define SDF_F_SDF_DESTROYKEY 106 +# define SDF_F_SDF_ENCRYPT 107 +# define SDF_F_SDF_EXCHANGEDIGITENVELOPEBASEONECC 108 +# define SDF_F_SDF_EXCHANGEDIGITENVELOPEBASEONRSA 109 +# define SDF_F_SDF_EXPORTENCPUBLICKEY_ECC 110 +# define SDF_F_SDF_EXPORTENCPUBLICKEY_RSA 111 +# define SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC 112 +# define SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA 113 +# define SDF_F_SDF_EXTERNALENCRYPT_ECC 114 +# define SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA 115 +# define SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA 116 +# define SDF_F_SDF_EXTERNALVERIFY_ECC 117 +# define SDF_F_SDF_GENERATEAGREEMENTDATAANDKEYWITHECC 118 +# define SDF_F_SDF_GENERATEAGREEMENTDATAWITHECC 119 +# define SDF_F_SDF_GENERATEKEYPAIR_ECC 120 +# define SDF_F_SDF_GENERATEKEYPAIR_RSA 121 +# define SDF_F_SDF_GENERATEKEYWITHECC 122 +# define SDF_F_SDF_GENERATEKEYWITHEPK_ECC 123 +# define SDF_F_SDF_GENERATEKEYWITHEPK_RSA 124 +# define SDF_F_SDF_GENERATEKEYWITHIPK_ECC 125 +# define SDF_F_SDF_GENERATEKEYWITHIPK_RSA 126 +# define SDF_F_SDF_GENERATEKEYWITHKEK 127 +# define SDF_F_SDF_GENERATERANDOM 128 +# define SDF_F_SDF_GETDEVICEINFO 129 +# define SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT 130 +# define SDF_F_SDF_HASHFINAL 131 +# define SDF_F_SDF_HASHINIT 132 +# define SDF_F_SDF_HASHUPDATE 133 +# define SDF_F_SDF_IMPORTKEY 134 +# define SDF_F_SDF_IMPORTKEYWITHISK_ECC 135 +# define SDF_F_SDF_IMPORTKEYWITHISK_RSA 136 +# define SDF_F_SDF_IMPORTKEYWITHKEK 137 +# define SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA 138 +# define SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA 147 +# define SDF_F_SDF_INTERNALSIGN_ECC 139 +# define SDF_F_SDF_INTERNALVERIFY_ECC 140 +# define SDF_F_SDF_METHOD_LOAD_LIBRARY 141 +# define SDF_F_SDF_OPENDEVICE 142 +# define SDF_F_SDF_OPENSESSION 143 +# define SDF_F_SDF_READFILE 144 +# define SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT 145 +# define SDF_F_SDF_WRITEFILE 146 /* Reason codes. */ -# define SDF_R_BUFFER_TOO_SMALL 100 -# define SDF_R_BUUTER_TOO_SMALL 101 -# define SDF_R_CBCMAC_FAILURE 102 -# define SDF_R_CMAC_FAILURE 126 -# define SDF_R_COMPUTE_SM2_ID_FAILURE 103 -# define SDF_R_ENGINE_LOAD_KEY_FAILURE 104 -# define SDF_R_GET_PRIVATE_KEY_FAILED 105 -# define SDF_R_GET_PUBLIC_KEY_FAILED 106 -# define SDF_R_INVALID_ALGOR 107 -# define SDF_R_INVALID_DEVICE_HANDLE 122 -# define SDF_R_INVALID_EC_CIPHERTEXT 108 -# define SDF_R_INVALID_EC_PRIVATE_KEY 109 -# define SDF_R_INVALID_EC_PUBLIC_KEY 110 -# define SDF_R_INVALID_INPUT_LENGTH 111 -# define SDF_R_INVALID_KEY_HANDLE 112 -# define SDF_R_INVALID_KEY_INDEX 123 -# define SDF_R_INVALID_KEY_LENGTH 113 -# define SDF_R_INVALID_KEY_USAGE 114 -# define SDF_R_INVALID_LENGTH 115 -# define SDF_R_INVALID_OPERATION_STATE 116 -# define SDF_R_INVALID_PASSWORD_LENGTH 124 -# define SDF_R_INVALID_SESSION 117 -# define SDF_R_INVALID_SESSION_HANDLE 125 -# define SDF_R_KEY_TYPE_NOT_MATCH 118 -# define SDF_R_LOAD_ENGINE_FAILURE 119 -# define SDF_R_RANDOM_FAILURE 120 -# define SDF_R_SDF_SESSION_NO_ENGINE 121 +# define SDF_R_INVALID_KEY_LENGTH 100 +# define SDF_R_INVALID_SDF_LIBRARY 101 +# define SDF_R_INVALID_SESSION_HANDLE 102 +# define SDF_R_LOAD_LIBRARY_FAILURE 107 +# define SDF_R_NOT_SUPPORTED 103 +# define SDF_R_OPERATION_FAILED 104 +# define SDF_R_SDF_METHOD_RETURN_FAILURE 105 +# define SDF_R_SDF_OPERATION_FAILED 106 # ifdef __cplusplus } diff --git a/include/openssl/saf.h b/include/openssl/saf.h index 4109e15f..cb61d134 100644 --- a/include/openssl/saf.h +++ b/include/openssl/saf.h @@ -464,7 +464,7 @@ int SAF_GenerateKeyWithEPK( unsigned char *pucPublicKey, unsigned int uiPublicKeyLen, unsigned char *pucSymmKey, - unsigned int uiSymmKeyLen, + unsigned int *puiSymmKeyLen, void **phKeyHandle); int SAF_ImportEncedKey( diff --git a/test/sdf_dummy.c b/test/sdf_dummy.c new file mode 100644 index 00000000..80f824c9 --- /dev/null +++ b/test/sdf_dummy.c @@ -0,0 +1,645 @@ +/* ==================================================================== + * Copyright (c) 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* Dummy SDF Library + * + * This is the **dummy** implementation of the SDF API, used by the SDF + * ENGINE for compiling and basic testing. For products this should be + * replaced by the library provided by hardware vendors. + * + * Design principles: + * 1. All the functions of this dummy library will return success, which + * is `SDR_OK`. + * 2. If there are return value pointers, such as handles, output length + * or generated key data types, the output will be filled with valid + * data. Such that the caller can parse these data without errors. + * 3. The implementation should not relay on any other libraries, source + * files or header files except the `sdf.h`. + */ + +#include +#include +#include +#include +#include + +static char *deviceHandle = "SDF Device Handle"; +static char *sessionHandle = "SDF Session Handle"; +static char *keyHandle = "SDF Key Handle"; +static char *agreementHandle = "SDF Agreement Handle"; +static int hashAlgor; +/* +static unsigned char certificate[] = { + 0x03, 0x04, +}; +*/ + +static unsigned char rsaPublicKey[] = { + 0x03, 0x04, +}; + +static unsigned char rsaPrivateKey[] = { + 0x03, 0x04, +}; + +static unsigned char ecPublicKey[] = { + 0x03, 0x04, +}; + +static unsigned char ecPrivateKey[] = { + 0x03, 0x04, +}; + +static unsigned char ecCiphertext[] = { + 0x03, +}; + +static unsigned char ecSignature[] = { + 0x03, +}; + +/* 6.2.1 */ +int SDF_OpenDevice( + void **phDeviceHandle) +{ + *phDeviceHandle = deviceHandle; + return SDR_OK; +} + +/* 6.2.2 */ +int SDF_CloseDevice( + void *hDeviceHandle) +{ + return SDR_OK; +} + +/* 6.2.3 */ +int SDF_OpenSession( + void *hDeviceHandle, + void **phSessionHandle) +{ + *phSessionHandle = sessionHandle; + return SDR_OK; +} + +/* 6.2.4 */ +int SDF_CloseSession( + void *hSessionHandle) +{ + return SDR_OK; +} + +/* 6.2.5 */ +int SDF_GetDeviceInfo( + void *hSessionHandle, + DEVICEINFO *pstDeviceInfo) +{ + memset(pstDeviceInfo, 0, sizeof(*pstDeviceInfo)); + strcpy((char *)pstDeviceInfo->IssuerName, "GmSSL"); + strcpy((char *)pstDeviceInfo->DeviceName, "Dummy SDF"); + strcpy((char *)pstDeviceInfo->DeviceSerial, "000001"); + pstDeviceInfo->DeviceVersion = 2; + pstDeviceInfo->StandardVersion = 1; + pstDeviceInfo->AsymAlgAbility[0] = SGD_RSA|SGD_SM2_1; + pstDeviceInfo->AsymAlgAbility[1] = SGD_RSA|SGD_SM2_3; + pstDeviceInfo->SymAlgAbility = SGD_SM1|SGD_SSF33|SGD_SM4|SGD_ZUC; + pstDeviceInfo->HashAlgAbility = SGD_SM3|SGD_SHA1|SGD_SHA256; + pstDeviceInfo->BufferSize = 0; + return SDR_OK; +} + +/* 6.2.6 */ +int SDF_GenerateRandom( + void *hSessionHandle, + unsigned int uiLength, + unsigned char *pucRandom) +{ + memset(pucRandom, 'R', uiLength); + return SDR_OK; +} + +/* 6.2.7 */ +int SDF_GetPrivateKeyAccessRight( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned char *pucPassword, + unsigned int uiPwdLength) +{ + return SDR_OK; +} + +/* 6.2.8 */ +int SDF_ReleasePrivateKeyAccessRight( + void *hSessionHandle, + unsigned int uiKeyIndex) +{ + return SDR_OK; +} + +/* 6.3.1 */ +int SDF_ExportSignPublicKey_RSA( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey) +{ + memcpy(pucPublicKey, rsaPublicKey, sizeof(*pucPublicKey)); + return SDR_OK; +} + +/* 6.3.2 */ +int SDF_ExportEncPublicKey_RSA( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey) +{ + memcpy(pucPublicKey, rsaPublicKey, sizeof(*pucPublicKey)); + return SDR_OK; +} + +/* 6.3.3 */ +int SDF_GenerateKeyPair_RSA( + void *hSessionHandle, + unsigned int uiKeyBits, + RSArefPublicKey *pucPublicKey, + RSArefPrivateKey *pucPrivateKey) +{ + memcpy(pucPublicKey, rsaPublicKey, sizeof(*pucPublicKey)); + memcpy(pucPrivateKey, rsaPrivateKey, sizeof(*pucPrivateKey)); + return SDR_OK; +} + +/* 6.3.4 */ +int SDF_GenerateKeyWithIPK_RSA( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned int uiKeyBits, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.5 */ +int SDF_GenerateKeyWithEPK_RSA( + void *hSessionHandle, + unsigned int uiKeyBits, + RSArefPublicKey *pucPublicKey, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.6 */ +int SDF_ImportKeyWithISK_RSA( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned char *pucKey, + unsigned int uiKeyLength, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.7 */ +int SDF_ExchangeDigitEnvelopeBaseOnRSA( + void *hSessionHandle, + unsigned int uiKeyIndex, + RSArefPublicKey *pucPublicKey, + unsigned char *pucDEInput, + unsigned int uiDELength, + unsigned char *pucDEOutput, + unsigned int *puiDELength) +{ + *puiDELength = 256; // correct? + return SDR_OK; +} + +/* 6.3.8 */ +int SDF_ExportSignPublicKey_ECC( + void *hSessionHandle, + unsigned int uiKeyIndex, + ECCrefPublicKey *pucPublicKey) +{ + memcpy(pucPublicKey, ecPublicKey, sizeof(*pucPublicKey)); + return SDR_OK; +} + +/* 6.3.9 */ +int SDF_ExportEncPublicKey_ECC( + void *hSessionHandle, + unsigned int uiKeyIndex, + ECCrefPublicKey *pucPublicKey) +{ + memcpy(pucPublicKey, ecPublicKey, sizeof(*pucPublicKey)); + return SDR_OK; +} +/* 6.3.10 */ +int SDF_GenerateKeyPair_ECC( + void *hSessionHandle, + unsigned int uiAlgID, + unsigned int uiKeyBits, + ECCrefPublicKey *pucPublicKey, + ECCrefPrivateKey *pucPrivateKey) +{ + memcpy(pucPublicKey, ecPublicKey, sizeof(*pucPublicKey)); + memcpy(pucPrivateKey, ecPrivateKey, sizeof(*pucPrivateKey)); + return SDR_OK; +} + +/* 6.3.11 */ +int SDF_GenerateKeyWithIPK_ECC( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned int uiKeyBits, + ECCCipher *pucKey, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.12 */ +int SDF_GenerateKeyWithEPK_ECC( + void *hSessionHandle, + unsigned int uiKeyBits, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + ECCCipher *pucKey, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.13 */ +int SDF_ImportKeyWithISK_ECC( + void *hSessionHandle, + unsigned int uiISKIndex, + ECCCipher *pucKey, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.14 */ +int SDF_GenerateAgreementDataWithECC( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned int uiKeyBits, + unsigned char *pucSponsorID, + unsigned int uiSponsorIDLength, + ECCrefPublicKey *pucSponsorPublicKey, + ECCrefPublicKey *pucSponsorTmpPublicKey, + void **phAgreementHandle) +{ + *phAgreementHandle = agreementHandle; + return SDR_OK; +} + +/* 6.3.15 */ +int SDF_GenerateKeyWithECC( + void *hSessionHandle, + unsigned char *pucResponseID, + unsigned int uiResponseIDLength, + ECCrefPublicKey *pucResponsePublicKey, + ECCrefPublicKey *pucResponseTmpPublicKey, + void *hAgreementHandle, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.16 */ +int SDF_GenerateAgreementDataAndKeyWithECC( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned int uiKeyBits, + unsigned char *pucResponseID, + unsigned int uiResponseIDLength, + unsigned char *pucSponsorID, + unsigned int uiSponsorIDLength, + ECCrefPublicKey *pucSponsorPublicKey, + ECCrefPublicKey *pucSponsorTmpPublicKey, + ECCrefPublicKey *pucResponsePublicKey, + ECCrefPublicKey *pucResponseTmpPublicKey, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.17 */ +int SDF_ExchangeDigitEnvelopeBaseOnECC( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + ECCCipher *pucEncDataIn, + ECCCipher *pucEncDataOut) +{ + return SDR_OK; +} + +/* 6.3.18 */ +int SDF_GenerateKeyWithKEK( + void *hSessionHandle, + unsigned int uiKeyBits, + unsigned int uiAlgID, + unsigned int uiKEKIndex, + unsigned char *pucKey, + unsigned int *puiKeyLength, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.19 */ +int SDF_ImportKeyWithKEK( + void *hSessionHandle, + unsigned int uiAlgID, + unsigned int uiKEKIndex, + unsigned char *pucKey, + unsigned int uiKeyLength, + void **phKeyHandle) +{ + *phKeyHandle = keyHandle; + return SDR_OK; +} + +/* 6.3.20 */ +int SDF_DestroyKey( + void *hSessionHandle, + void *hKeyHandle) +{ + return SDR_OK; +} + +/* 6.4.1 */ +int SDF_ExternalPublicKeyOperation_RSA( + void *hSessionHandle, + RSArefPublicKey *pucPublicKey, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength) +{ + *puiOutputLength = 2048/8; + return SDR_OK; +} + +/* 6.4.2 */ +int SDF_ExternalPrivateKeyOperation_RSA( + void *hSessionHandle, + RSArefPrivateKey *pucPrivateKey, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength) +{ + *puiOutputLength = 2048/8; + return SDR_OK; +} + +/* 6.4.3 */ +int SDF_InternalPrivateKeyOperation_RSA( + void *hSessionHandle, + unsigned int uiKeyIndex, + unsigned char *pucDataInput, + unsigned int uiInputLength, + unsigned char *pucDataOutput, + unsigned int *puiOutputLength) +{ + *puiOutputLength = 2048/8; + return SDR_OK; +} + +/* 6.4.4 */ +int SDF_ExternalVerify_ECC( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucDataInput, + unsigned int uiInputLength, + ECCSignature *pucSignature) +{ + return SDR_OK; +} + +/* 6.4.5 */ +int SDF_InternalSign_ECC( + void *hSessionHandle, + unsigned int uiISKIndex, + unsigned char *pucData, + unsigned int uiDataLength, + ECCSignature *pucSignature) +{ + memcpy(pucSignature, ecSignature, sizeof(*pucSignature)); + return SDR_OK; +} + +/* 6.4.6 */ +int SDF_InternalVerify_ECC( + void *hSessionHandle, + unsigned int uiIPKIndex, + unsigned char *pucData, + unsigned int uiDataLength, + ECCSignature *pucSignature) +{ + return SDR_OK; +} + +/* 6.4.7 */ +int SDF_ExternalEncrypt_ECC( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucData, + unsigned int uiDataLength, + ECCCipher *pucEncData) +{ + memcpy(pucEncData, ecCiphertext, sizeof(*pucEncData)); + return SDR_OK; +} + +/* 6.5.1 */ +int SDF_Encrypt( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucData, + unsigned int uiDataLength, + unsigned char *pucEncData, + unsigned int *puiEncDataLength) +{ + *puiEncDataLength = uiDataLength + 16; + return SDR_OK; +} + +/* 6.5.2 */ +int SDF_Decrypt( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucEncData, + unsigned int uiEncDataLength, + unsigned char *pucData, + unsigned int *puiDataLength) +{ + *puiDataLength = uiEncDataLength; + return SDR_OK; +} + +/* 6.5.3 */ +int SDF_CalculateMAC( + void *hSessionHandle, + void *hKeyHandle, + unsigned int uiAlgID, + unsigned char *pucIV, + unsigned char *pucData, + unsigned int uiDataLength, + unsigned char *pucMAC, + unsigned int *puiMACLength) +{ + *puiMACLength = 128/8; + return SDR_OK; +} + +/* 6.6.1 */ +int SDF_HashInit( + void *hSessionHandle, + unsigned int uiAlgID, + ECCrefPublicKey *pucPublicKey, + unsigned char *pucID, + unsigned int uiIDLength) +{ + return SDR_OK; +} + +/* 6.6.2 */ +int SDF_HashUpdate( + void *hSessionHandle, + unsigned char *pucData, + unsigned int uiDataLength) +{ + return SDR_OK; +} + +/* 6.6.3 */ +int SDF_HashFinal(void *hSessionHandle, + unsigned char *pucHash, + unsigned int *puiHashLength) +{ + switch (hashAlgor) { + case SGD_SM3: + *puiHashLength = 256/8; + break; + case SGD_SHA1: + *puiHashLength = 160/8; + break; + case SGD_SHA256: + *puiHashLength = 256/8; + break; + } + return SDR_OK; +} + +/* 6.7.1 */ +int SDF_CreateFile( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiFileSize) +{ + return SDR_OK; +} + +/* 6.7.2 */ +int SDF_ReadFile( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiOffset, + unsigned int *puiReadLength, + unsigned char *pucBuffer) +{ + // return a certificate + return SDR_OK; +} + +/* 6.7.3 */ +int SDF_WriteFile( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen, + unsigned int uiOffset, + unsigned int uiWriteLength, + unsigned char *pucBuffer) +{ + return SDR_OK; +} + +/* 6.7.4 */ +int SDF_DeleteFile( + void *hSessionHandle, + unsigned char *pucFileName, + unsigned int uiNameLen) +{ + return SDR_OK; +} diff --git a/test/sdftest.c b/test/sdftest.c index 9d6b16bf..c94bd755 100644 --- a/test/sdftest.c +++ b/test/sdftest.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * Copyright (c) 2016 The GmSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,18 +52,1075 @@ #include #include "../e_os.h" -#ifdef OPENSSL_NO_SDF +#ifdef OPENSSL_NO_GMAPI int main(int argc, char **argv) { - printf("NO SDF support\n"); + printf("NO GMAPI support\n"); return 0; } #else -# include + +/* + * We assume there are two key containers in the device. The first container + * with index 1 is the RSA key container, two key pairs inside. The second + * container with index 2 is the ECC key container. + * + * In this test we have 6 key pairs: + * 1. Generate RSA key pair + * 2. Generate ECC key pair + * 3. RSA signing key pair with index 1 + * 4. RSA encryption key pair with index 1 + * 5. ECC signing key pair with index 2 + * 6. ECC encryption key pair with index 2 + * + * We have 2 passwords to access public key container with index 1 and 2 + * + * We also have a token symmetric key with index 1. In SDF API the indexes of + * key pairs and symmetric keys are seperated. + * + * We have the following session keys, the key handles will also created. + * 1. Generate and encrypted with internal RSA public key 4 + * 2. Generate and encrypted with external RSA public key 1 + * 3. Generate and encrypted with internal ECC public key 6 + * 4. Generate and encrypted with external ECC public key 2 + * + * We will import (1) and (3) back to the device, we will have 2 extra handles. + * + */ + + +# include + +/* RSA Key Container */ +#ifndef RSA_KEY_INDEX +#define RSA_KEY_INDEX 1 +#endif +static unsigned int uiRSAKeyIndex = RSA_KEY_INDEX; +static unsigned char pucRSAPassword[] = "12345678"; +static unsigned int uiRSAPwdLength = sizeof(pucRSAPassword) - 1; + +/* ECC Key Container */ +#ifndef ECC_KEY_INDEX +#define ECC_KEY_INDEX 2 +#endif +static unsigned int uiECCKeyIndex = ECC_KEY_INDEX; +static unsigned char pucECCPassword[] = "12345678"; +static unsigned int uiECCPwdLength = sizeof(pucECCPassword) - 1; + +#ifndef KEK_INDEX +#define KEK_INDEX 1 +#endif +static unsigned int uiKEKIndex = KEK_INDEX; + +#define PRINT_ERRSTR(rv) \ + fprintf(stderr, "Error (%s %d): %s\n", __FILE__, __LINE__, \ + SDF_GetErrorString(rv)) + +static int test_sdf_gen_symkey_rsa(void *hSessionHandle, unsigned int uiRSAKeyIndex); +static int test_sdf_ecdh(void *hSessionHandle, unsigned int uiECCKeyIndex); +static int test_sdf_gen_symkey_ecc(void *hSessionHandle, unsigned int uiECCKeyIndex); +static int test_sdf_gen_symkey_ecc(void *hSessionHandle, unsigned int uiECCKeyIndex); +static int test_sdf_kek(void *hSessionHandle, unsigned int uiKEKIndex); +static int test_sdf_gen_keypair(void *hSessionHandle); +static int test_sdf_rsa(void *hSessionHandle, unsigned int uiRSAKeyIndex); +static int test_sdf_ec(void *hSessionHandle, unsigned int uiECCKeyIndex); +static int test_sdf_cipher(void *hSessionHandle, unsigned int uiKEKIndex); +static int test_sdf_hash(void *hSessionHandle, unsigned int uiECCKeyIndex); +static int test_sdf_file(void *hSessionHandle); + +int test_sdf(void) +{ + void *hDeviceHandle; + void *hSessionHandle; + + DEVICEINFO devInfo; + unsigned char buf[128]; + int rv; + + /* + * Open device and session + */ + + hDeviceHandle = NULL; + if ((rv = SDF_OpenDevice( + &hDeviceHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + hSessionHandle = NULL; + if ((rv = SDF_OpenSession( + hDeviceHandle, + &hSessionHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + memset(&devInfo, 0, sizeof(devInfo)); + if ((rv = SDF_GetDeviceInfo( + hSessionHandle, + &devInfo)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + (void)SDF_PrintDeviceInfo(stdout, &devInfo); + + memset(buf, 0, sizeof(buf)); + if ((rv = SDF_GenerateRandom( + hSessionHandle, + sizeof(buf), + buf)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_GetPrivateKeyAccessRight( + hSessionHandle, + uiRSAKeyIndex, + pucRSAPassword, + uiRSAPwdLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + if ((rv = SDF_GetPrivateKeyAccessRight( + hSessionHandle, + uiECCKeyIndex, + pucECCPassword, + uiECCPwdLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if (!test_sdf_gen_symkey_rsa(hSessionHandle, uiRSAKeyIndex)) { + return 0; + } + if (!test_sdf_ecdh(hSessionHandle, uiECCKeyIndex)) { + return 0; + } + if (!test_sdf_gen_symkey_ecc(hSessionHandle, uiECCKeyIndex)) { + return 0; + } + if (!test_sdf_kek(hSessionHandle, uiKEKIndex)) { + return 0; + } + if (!test_sdf_gen_keypair(hSessionHandle)) { + return 0; + } + if (!test_sdf_rsa(hSessionHandle, uiRSAKeyIndex)) { + return 0; + } + if (!test_sdf_ec(hSessionHandle, uiECCKeyIndex)) { + return 0; + } + if (!test_sdf_cipher(hSessionHandle, uiKEKIndex)) { + return 0; + } + if (!test_sdf_hash(hSessionHandle, uiECCKeyIndex)) { + return 0; + } + if (!test_sdf_file(hSessionHandle)) { + return 0; + } + + if ((rv = SDF_ReleasePrivateKeyAccessRight( + hSessionHandle, + uiRSAKeyIndex)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + if ((rv = SDF_ReleasePrivateKeyAccessRight( + hSessionHandle, + uiECCKeyIndex)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_CloseSession( + hSessionHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_CloseDevice( + hDeviceHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + return 1; +} + +static int test_sdf_gen_symkey_rsa( + void *hSessionHandle, + unsigned int uiRSAKeyIndex) +{ + RSArefPublicKey rsaEncPublicKey; + unsigned int uiSM4KeyBits = 128; + unsigned char pucKey[2048/8]; + unsigned int uiKeyLength; + unsigned char pucKey2[2048/8]; + unsigned int uiKeyLength2; + void *hKeyHandle; + int rv; + + memset(pucKey, 0, sizeof(pucKey)); + uiKeyLength = sizeof(pucKey); + hKeyHandle = NULL; + + /* 6.3.4 */ + if ((rv = SDF_GenerateKeyWithIPK_RSA( + hSessionHandle, + uiRSAKeyIndex, + uiSM4KeyBits, + pucKey, + &uiKeyLength, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + hKeyHandle = NULL; + + /* 6.3.6 */ + if ((rv = SDF_ImportKeyWithISK_RSA( + hSessionHandle, + uiRSAKeyIndex, + pucKey, + uiKeyLength, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + memset(&rsaEncPublicKey, 0, sizeof(rsaEncPublicKey)); + + if ((rv = SDF_ExportEncPublicKey_RSA( + hSessionHandle, + uiRSAKeyIndex, + &rsaEncPublicKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + memset(pucKey, 0, sizeof(pucKey)); + uiKeyLength = sizeof(pucKey); + hKeyHandle = NULL; + + /* 6.3.5 */ + if ((rv = SDF_GenerateKeyWithEPK_RSA( + hSessionHandle, + uiSM4KeyBits, + &rsaEncPublicKey, + pucKey, + &uiKeyLength, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_ImportKeyWithISK_RSA( + hSessionHandle, + uiRSAKeyIndex, + pucKey, + uiKeyLength, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + memset(pucKey2, 0, sizeof(pucKey2)); + uiKeyLength2 = sizeof(pucKey2); + + /* 6.3.7 */ + if ((rv = SDF_ExchangeDigitEnvelopeBaseOnRSA( + hSessionHandle, + uiRSAKeyIndex, + &rsaEncPublicKey, + pucKey, + uiKeyLength, + pucKey2, + &uiKeyLength2)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + return 1; +} + +static int test_sdf_ecdh(void *hSessionHandle, unsigned int uiECCKeyIndex) +{ + ECCrefPublicKey sponsorPublicKey; + ECCrefPublicKey sponsorTmpPublicKey; + ECCrefPublicKey responsePublicKey; + ECCrefPublicKey responseTmpPublicKey; + unsigned char pucSponsorID[] = "Alice"; + unsigned int uiSponsorIDLength = sizeof(pucSponsorID) - 1; + unsigned char pucResponseID[] = "Bob"; + unsigned int uiResponseIDLength = sizeof(pucResponseID) - 1; + unsigned int uiSM4KeyBits = 128; + void *hAgreementHandle; + void *hKeyHandle; + int rv; + + memset(&sponsorPublicKey, 0, sizeof(sponsorPublicKey)); + memset(&sponsorTmpPublicKey, 0, sizeof(sponsorTmpPublicKey)); + hAgreementHandle = NULL; + + /* 6.3.14 */ + if ((rv = SDF_GenerateAgreementDataWithECC( + hSessionHandle, + uiECCKeyIndex, + uiSM4KeyBits * 4, /* encrypt/mac keys for 2 channels*/ + pucSponsorID, + uiSponsorIDLength, + &sponsorPublicKey, + &sponsorTmpPublicKey, + &hAgreementHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + memset(&responsePublicKey, 0, sizeof(responsePublicKey)); + memset(&responseTmpPublicKey, 0, sizeof(responseTmpPublicKey)); + hKeyHandle = NULL; + + /* 6.3.16 */ + if ((rv = SDF_GenerateKeyWithECC( + hSessionHandle, + pucResponseID, + uiResponseIDLength, + &responsePublicKey, + &responseTmpPublicKey, + hAgreementHandle, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + memset(&sponsorPublicKey, 0, sizeof(sponsorPublicKey)); + memset(&sponsorTmpPublicKey, 0, sizeof(sponsorTmpPublicKey)); + hAgreementHandle = NULL; + memset(&responsePublicKey, 0, sizeof(responsePublicKey)); + memset(&responseTmpPublicKey, 0, sizeof(responseTmpPublicKey)); + hKeyHandle = NULL; + + /* 6.3.16 */ + if ((rv = SDF_GenerateAgreementDataAndKeyWithECC( + hSessionHandle, + uiECCKeyIndex, + uiSM4KeyBits * 4, + pucResponseID, + uiResponseIDLength, + pucSponsorID, + uiSponsorIDLength, + &sponsorPublicKey, + &sponsorTmpPublicKey, + &responsePublicKey, + &responseTmpPublicKey, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.3.17 */ + /* + if ((rv = SDF_ExchangeDigitEnvelopeBaseECC( + hSession, + uiECCKeyIndex, + SGD_SM2_3, + &eccPublicKey, + (ECCCipher *)pucKeyIPKECC, + (ECCCipher *)pucKeyEPKECC)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + */ + return 1; +} + +static int test_sdf_gen_symkey_ecc(void *hSessionHandle, + unsigned int uiECCKeyIndex) +{ + ECCrefPublicKey eccEncPublicKey; + unsigned int uiSM4KeyBits = 128; + unsigned char pucKey[2048]; + void *hKeyHandle; + int rv; + + /* 6.3.11 */ + memset(pucKey, 0, sizeof(pucKey)); + hKeyHandle = NULL; + if ((rv = SDF_GenerateKeyWithIPK_ECC( + hSessionHandle, + uiECCKeyIndex, + uiSM4KeyBits, + (ECCCipher *)pucKey, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + hKeyHandle = NULL; + + /* 6.3.13 */ + if ((rv = SDF_ImportKeyWithISK_ECC( + hSessionHandle, + uiECCKeyIndex, + (ECCCipher *)pucKey, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + hKeyHandle = NULL; + + /* 6.3.8 */ + memset(&eccEncPublicKey, 0, sizeof(eccEncPublicKey)); + if ((rv = SDF_ExportEncPublicKey_ECC( + hSessionHandle, + uiECCKeyIndex, + &eccEncPublicKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.3.12 */ + memset(pucKey, 0, sizeof(pucKey)); + hKeyHandle = NULL; + if ((rv = SDF_GenerateKeyWithEPK_ECC( + hSessionHandle, + uiSM4KeyBits, + SGD_SM2_3, + &eccEncPublicKey, + (ECCCipher *)pucKey, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + hKeyHandle = NULL; + + /* 6.3.13 */ + if ((rv = SDF_ImportKeyWithISK_ECC( + hSessionHandle, + uiECCKeyIndex, + (ECCCipher *)pucKey, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + hKeyHandle = NULL; + + return 1; +} + +static int test_sdf_kek(void *hSessionHandle, unsigned int uiKEKIndex) +{ + unsigned char pucKey[16]; + unsigned int uiKeyLength; + void *hKeyHandle; + int rv; + + memset(pucKey, 0, sizeof(pucKey)); + uiKeyLength = sizeof(pucKey); + hKeyHandle = NULL; + + /* 6.3.18 */ + if ((rv = SDF_GenerateKeyWithKEK( + hSessionHandle, + 128, /* generated symmetric key bits */ + SGD_SM4, /* is this usefule ? */ + uiKEKIndex, + pucKey, + &uiKeyLength, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.3.20 */ + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + hKeyHandle = NULL; + + /* 6.3.19 */ + if ((rv = SDF_ImportKeyWithKEK( + hSessionHandle, + SGD_SM4, + uiKEKIndex, + pucKey, + uiKeyLength, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.3.20 */ + if ((rv = SDF_DestroyKey( + hSessionHandle, + hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + return 1; +} + +static int test_sdf_gen_keypair(void *hSessionHandle) +{ + RSArefPublicKey rsaPublicKey; + RSArefPrivateKey rsaPrivateKey; + ECCrefPublicKey eccPublicKey; + ECCrefPrivateKey eccPrivateKey; + int rv; + + /* 6.3.3 */ + + /* 1024-bit RSA */ + memset(&rsaPublicKey, 0, sizeof(rsaPublicKey)); + memset(&rsaPrivateKey, 0, sizeof(rsaPrivateKey)); + + if ((rv = SDF_GenerateKeyPair_RSA( + hSessionHandle, + 1024, + &rsaPublicKey, + &rsaPrivateKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + printf("Generate 1024-bit RSA key pair success\n"); + printf("RSA Public Key:\n"); + (void)SDF_PrintRSAPublicKey(stdout, &rsaPublicKey); + printf("RSA Private Key:\n"); + (void)SDF_PrintRSAPrivateKey(stdout, &rsaPrivateKey); + + /* 2048-bit RSA */ + memset(&rsaPublicKey, 0, sizeof(rsaPublicKey)); + memset(&rsaPrivateKey, 0, sizeof(rsaPrivateKey)); + + if ((rv = SDF_GenerateKeyPair_RSA( + hSessionHandle, + 2048, + &rsaPublicKey, + &rsaPrivateKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + printf("Generate 2048-bit RSA key pair success\n"); + printf("RSA Public Key:\n"); + (void)SDF_PrintRSAPublicKey(stdout, &rsaPublicKey); + printf("RSA Private Key:\n"); + (void)SDF_PrintRSAPrivateKey(stdout, &rsaPrivateKey); + + /* 6.3.10 */ + memset(&eccPublicKey, 0, sizeof(eccPublicKey)); + memset(&eccPrivateKey, 0, sizeof(eccPrivateKey)); + if ((rv = SDF_GenerateKeyPair_ECC( + hSessionHandle, + SGD_SM2, + 256, + &eccPublicKey, + &eccPrivateKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + (void)SDF_PrintECCPublicKey(stdout, &eccPublicKey); + (void)SDF_PrintECCPrivateKey(stdout, &eccPrivateKey); + + return 1; +} + +static int test_sdf_rsa(void *hSessionHandle, unsigned int uiRSAKeyIndex) +{ + RSArefPublicKey rsaSignPublicKey; + RSArefPublicKey rsaEncPublicKey; + unsigned char pucData[] = "abc"; + unsigned int uiDataLength = sizeof(pucData) - 1; + unsigned char pucRSASignature[2048/8]; + unsigned int uiRSASignatureLength; + unsigned char pucOutputData[2048/8]; + unsigned int uiOutputLength; + int rv; + + memset(&rsaSignPublicKey, 0, sizeof(rsaSignPublicKey)); + memset(&rsaEncPublicKey, 0, sizeof(rsaEncPublicKey)); + + /* 6.3.2 */ + if ((rv = SDF_ExportEncPublicKey_RSA( + hSessionHandle, + uiRSAKeyIndex, + &rsaEncPublicKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + (void)SDF_PrintRSAPublicKey(stdout, &rsaEncPublicKey); + + /* 6.2.7 */ + if ((rv = SDF_GetPrivateKeyAccessRight( + hSessionHandle, + uiRSAKeyIndex, + pucRSAPassword, + uiRSAPwdLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.4.3 */ + if ((rv = SDF_InternalPrivateKeyOperation_RSA( + hSessionHandle, + uiRSAKeyIndex, + pucData, + uiDataLength, + pucRSASignature, + &uiRSASignatureLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + memset(pucOutputData, 0, sizeof(pucOutputData)); + uiOutputLength = sizeof(pucOutputData); + + /* 6.4.1 */ + if ((rv = SDF_ExternalPublicKeyOperation_RSA( + hSessionHandle, + &rsaSignPublicKey, + pucRSASignature, + uiRSASignatureLength, + pucOutputData, + &uiOutputLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + // check output == orignal input + + memset(pucOutputData, 0, sizeof(pucOutputData)); + uiOutputLength = sizeof(pucOutputData); + + /* 6.4.2 */ + if ((rv = SDF_InternalPublicKeyOperation_RSA( + hSessionHandle, + uiRSAKeyIndex, + pucRSASignature, + uiRSASignatureLength, + pucOutputData, + &uiOutputLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + // check output == orignal input + return 1; +} + +static int test_sdf_ec(void *hSessionHandle, unsigned int uiECCKeyIndex) +{ + unsigned char pucData[] = "abc"; + unsigned int uiDataLength = sizeof(pucData) - 1; + ECCSignature eccSignature; + ECCrefPublicKey eccSignPublicKey; + ECCrefPublicKey eccEncPublicKey; + unsigned char pucEncData[2048]; + int rv; + + memset(&eccSignature, 0, sizeof(eccSignature)); + + /* 6.4.5 */ + if ((rv = SDF_InternalSign_ECC( + hSessionHandle, + uiECCKeyIndex, + pucData, + uiDataLength, + &eccSignature)) != SDR_OK) { + } + + /* 6.4.6 */ + if ((rv = SDF_InternalVerify_ECC( + hSessionHandle, + uiECCKeyIndex, + pucData, + uiDataLength, + &eccSignature)) != SDR_OK) { + } + + memset(&eccSignPublicKey, 0, sizeof(eccSignPublicKey)); + + /* 6.3.8 */ + if ((rv = SDF_ExportSignPublicKey_ECC( + hSessionHandle, + uiECCKeyIndex, + &eccSignPublicKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + (void)SDF_PrintECCPublicKey(stdout, &eccSignPublicKey); + + /* 6.4.4 */ + if ((rv = SDF_ExternalVerify_ECC( + hSessionHandle, + SGD_SM2_1, + &eccSignPublicKey, + pucData, + uiDataLength, + &eccSignature)) != SDR_OK) { + } + + memset(&eccEncPublicKey, 0, sizeof(eccEncPublicKey)); + + /* 6.3.9 */ + if ((rv = SDF_ExportEncPublicKey_ECC( + hSessionHandle, + uiECCKeyIndex, + &eccEncPublicKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + (void)SDF_PrintECCPublicKey(stdout, &eccEncPublicKey); + + memset(pucEncData, 0, sizeof(pucEncData)); + + /* 6.4.7 */ + if ((rv = SDF_ExternalEncrypt_ECC( + hSessionHandle, + SGD_SM2_3, + &eccEncPublicKey, + pucData, + uiDataLength, + (ECCCipher *)pucEncData)) != SDR_OK) { + } + + return 1; +} + +static int test_sdf_cipher(void *hSessionHandle, unsigned int uiKEKIndex) +{ + void *hKeyHandle; + unsigned char pucKey[2048]; + unsigned int uiKeyLength; + unsigned int uiSM4KeyBits = 128; + unsigned int uiEncAlgID = SGD_SM4_CBC; + unsigned int uiMACAlgID = SGD_SM4_MAC; + unsigned char pucIV[16] = {0}; + unsigned char pucData[] = "12345678901234567890123456789012"; /* 32-byte = 2 blocks */ + unsigned int uiDataLength = sizeof(pucData); + unsigned char pucEncData[sizeof(pucData)]; + unsigned int uiEncDataLength; + unsigned char pucDecData[sizeof(pucData)]; + unsigned int uiDecDataLength; + unsigned char pucMAC[32]; + unsigned int uiMACLength = sizeof(pucMAC); + int rv; + + + memset(pucKey, 0, sizeof(pucKey)); + uiKeyLength = 0; + hKeyHandle = NULL; + if ((rv = SDF_GenerateKeyWithKEK( + hSessionHandle, + uiSM4KeyBits, + SGD_SM4, + uiKEKIndex, + pucKey, + &uiKeyLength, + &hKeyHandle)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.5.1 */ + uiEncDataLength = sizeof(pucEncData); + if ((rv = SDF_Encrypt( + hSessionHandle, + hKeyHandle, + uiEncAlgID, + pucIV, + pucData, + uiDataLength, + pucEncData, + &uiEncDataLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.5.2 */ + uiDecDataLength = sizeof(pucDecData); + if ((rv = SDF_Decrypt( + hSessionHandle, + hKeyHandle, + uiEncAlgID, + pucIV, + pucEncData, + uiEncDataLength, + pucDecData, + &uiDecDataLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if (uiDecDataLength != uiDataLength || + memcmp(pucDecData, pucData, uiDataLength) != 0) { + fprintf(stderr, "Error (%s %d): SDF_Encrypt/Decrypt failed\n", __FILE__, __LINE__); + } + + /* 6.5.3 */ + if ((rv = SDF_CalculateMAC( + hSessionHandle, + hKeyHandle, + uiMACAlgID, + pucIV, + pucData, + uiDataLength, + pucMAC, + &uiMACLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + return 1; +} + +static int test_sdf_hash(void *hSessionHandle, unsigned int uiECCKeyIndex) +{ + ECCrefPublicKey eccSignPublicKey; + unsigned char pucID[] = "1234567812345678"; + unsigned int uiIDLength = sizeof(pucID) - 1; + unsigned char pucData[] = "abc"; + unsigned int uiDataLength = sizeof(pucData) - 1; + unsigned char sm3abc[] = { + 0x66, 0xc7, 0xf0, 0xf4, 0x62, 0xee, 0xed, 0xd9, + 0xd1, 0xf2, 0xd4, 0x6b, 0xdc, 0x10, 0xe4, 0xe2, + 0x41, 0x67, 0xc4, 0x87, 0x5c, 0xf2, 0xf7, 0xa2, + 0x29, 0x7d, 0xa0, 0x2b, 0x8f, 0x4b, 0xa8, 0xe0, + }; + unsigned char pucHash[64]; + unsigned int uiHashLength; + int rv; + + /* 6.6.1 */ + if ((rv = SDF_HashInit( + hSessionHandle, + SGD_SM3, + NULL, + NULL, + 0)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.6.2 */ + if ((rv = SDF_HashUpdate( + hSessionHandle, + pucData, + uiDataLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.6.3 */ + uiHashLength = sizeof(pucHash); + if ((rv = SDF_HashFinal( + hSessionHandle, + pucHash, + &uiHashLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if (uiHashLength != sizeof(sm3abc) || + memcmp(pucHash, sm3abc, sizeof(sm3abc)) != 0) { + fprintf(stderr, "Error: SM3 hash \"abc\" failed\n"); + } + + /* prepare public key */ + memset(&eccSignPublicKey, 0, sizeof(eccSignPublicKey)); + if ((rv = SDF_ExportSignPublicKey_ECC( + hSessionHandle, + uiECCKeyIndex, + &eccSignPublicKey)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.6.1 */ + if ((rv = SDF_HashInit( + hSessionHandle, + SGD_SM3, + &eccSignPublicKey, + pucID, + uiIDLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.6.2 */ + if ((rv = SDF_HashUpdate( + hSessionHandle, + pucData, + uiDataLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.6.3 */ + uiHashLength = (unsigned int)sizeof(pucHash); + if ((rv = SDF_HashFinal( + hSessionHandle, + pucHash, + &uiHashLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + + return 1; +} + +static int test_sdf_file(void *hSessionHandle) +{ + unsigned char pucFileName[128] = "certificate.cer"; + unsigned int uiNameLen = sizeof(pucFileName) - 1; + unsigned char pucBuffer[4096]; + unsigned int uiFileLength; + unsigned int uiFileLength2; + unsigned int uiOffset = 0; + int rv; + + /* 6.7.1 */ + uiFileLength = (unsigned int)sizeof(pucBuffer); + if ((rv = SDF_CreateFile( + hSessionHandle, + pucFileName, + uiNameLen, + uiFileLength)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + if (uiFileLength != sizeof(pucBuffer)) { + printf("Warning: created file length = %u, shorter\n", uiFileLength); + } + + /* 6.7.3 */ + memset(pucBuffer, 'A', sizeof(pucBuffer)); + if ((rv = SDF_WriteFile( + hSessionHandle, + pucFileName, + uiNameLen, + uiOffset, + uiFileLength, + pucBuffer)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + /* 6.7.2 */ + uiFileLength2 = uiFileLength; + if ((rv = SDF_ReadFile( + hSessionHandle, + pucFileName, + uiNameLen, + uiOffset, + &uiFileLength2, + pucBuffer)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + if (uiFileLength2 != uiFileLength) { + printf("Warning: read length length %u < %u\n", uiFileLength2, uiFileLength); + } + + /* 6.7.4 */ + if ((rv = SDF_DeleteFile( + hSessionHandle, + pucFileName, + uiNameLen)) != SDR_OK) { + PRINT_ERRSTR(rv); + return 0; + } + + return 1; +} int main(int argc, char **argv) { - int err = 0; - return err; + if (!test_sdf()) { + return -1; + } + return 0; } #endif diff --git a/util/mkdef.pl b/util/mkdef.pl index 6a0103e0..b8e41b8f 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -132,7 +132,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMAC", # APPLINK (win build feature?) "APPLINK", - "SM3", "SMS4", "KDF2", "ECIES", "FFX", "PAILLIER", "CPK", "OTP", "GMAPI", "EC2", + "SM3", "SMS4", "KDF2", "ECIES", "FFX", "SM2", "PAILLIER", "CPK", "OTP", "GMAPI", "EC2", "BFIBE", "BB1IBE", "SM9", "SAF", "SDF", "SKF", "SOF", "ZUC" );