abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-30 01:33:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

update gm apis

Browse Source
This commit is contained in:
Zhi Guan
2017-02-19 23:41:47 +08:00
parent d7aca8255f
commit 90a001b539
52 changed files with 5370 additions and 7038 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
crypto/saf/saf_app.c
View File

@@ -46,35 +46,35 @@
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* the software implementation of SAF application and related storage
* is determined by a standard OpenSSL configuration file `openssl.cnf`.
* If no config file is given, the default openssl config file will be
* used. This means that the SAF API is only a wrapper of the EVP API.
*
* The OpenSSL use file-level access control, i.e. private keys are
* encrypted by passwords, there is no default container-level access
* control mechnsims such as the Java Keytool for the application-level
* access control of SAF API.
*
* We use the AppHandle to preserve the CONF object.
*
* So we dont provide such access control. The Login() will always
* success. And the ChangePin() has no effects.
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/crypto.h>
#include "saf_lcl.h"
/* 7.1.2 */
int SAF_Initialize(
void **phAppHandle,
char *pubCfgFilePath)
{
int ret = SAR_UnknownErr;
SAF_APP *app = NULL;
if (!phAppHandle || !pubCfgFilePath) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(app = OPENSSL_zalloc(sizeof(*app)))) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_MALLOC_FAILURE);
return SAR_MemoryErr;
}
*phAppHandle = app;
return SAR_Ok;
}
@@ -82,6 +82,8 @@ int SAF_Initialize(
int SAF_Finalize(
void *hAppHandle)
{
SAF_APP *app = (SAF_APP *)hAppHandle;
OPENSSL_free(app);
return SAR_Ok;
}
@@ -89,7 +91,12 @@ int SAF_Finalize(
int SAF_GetVersion(
unsigned int *puiVersion)
{
*puiVersion = 0x01000000;
if (!puiVersion) {
SAFerr(SAF_F_SAF_GETVERSION, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
*puiVersion = (unsigned int)OpenSSL_version_num();
return SAR_Ok;
}
@@ -103,8 +110,8 @@ int SAF_Login(
unsigned int uiPinLen,
unsigned int *puiRemainCount)
{
*puiRemainCount = 100;
return SAR_Ok;
SAFerr(SAF_F_SAF_LOGIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.6 */
@@ -119,8 +126,8 @@ int SAF_ChangePin(
unsigned int uiNewPinLen,
unsigned int *puiRemainCount)
{
*puiRemainCount = 100;
return SAR_Ok;
SAFerr(SAF_F_SAF_CHANGEPIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.7 */
@@ -128,6 +135,6 @@ int SAF_Logout(
void *hAppHandle,
unsigned int uiUsrType)
{
return SAR_Ok;
SAFerr(SAF_F_SAF_LOGOUT, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}

279
crypto/saf/saf_ec.c
View File

@@ -47,30 +47,10 @@
* ====================================================================
*/
/* GM/T 0019-2012: 7.3.23 */
/*
* uiKeyUsage in {SGD_SM2_1, SGD_SM2_2, SGD_SM2_3}
* uiExportFlag = 1 means exportable, 0 means non-exportable
* we will generate a key pair and import into ENGINE
* or use ENGINE to generate key pair
*/
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include <openssl/gmsaf.h>
int saf_save_ec_keypair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey)
{
return -1;
}
/* 7.3.23 */
int SAF_GenEccKeyPair(
@@ -82,8 +62,6 @@ int SAF_GenEccKeyPair(
unsigned int uiExportFlag)
{
int ret = -1;
ECCrefPublicKey publicKey;
ECCrefPrivateKey privateKey;
/* check arguments */
if (!hAppHandle || !pucContainerName) {
@@ -91,7 +69,7 @@ int SAF_GenEccKeyPair(
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 || uiContainerName > SGD_MAX_NAME_SIZE ||
if (uiContainerNameLen <= 0 || uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_INPUT_LENGTH);
@@ -109,63 +87,15 @@ int SAF_GenEccKeyPair(
return SAR_KeyUsageErr;
}
/* generate keypair */
if (SDF_GenerateKeyPair_ECC(
NULL,
uiKeyUsage,
uiKeyBits,
&publicKey,
&privateKey) != SDR_OK) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR, SAF_R_SAF_ERROR);
goto end;
}
/* save keypair */
if (saf_save_ec_keypair(
hAppHandle,
pucContainerName,
uiContainerNameLen,
uiKeyBits,
uiKeyUsage,
uiExportFlag,
&publicKey,
&privateKey) != SAR_Ok) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
ret = SAR_Ok;
end:
/* clear private key */
memset(&privateKey, 0, sizeof(ECCrefPrivateKey));
return ret;
}
int saf_get_sdf_session_and_keyindex(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
void *phSessionHandle,
unsigned int puiKeyIndex)
{
return -1;
}
void saf_release_sdf_session(
void *hSessionHandle)
{
}
/*
* `crypto/ec` only support `i2o_ECPublicKey` and `o2i_ECPublicKey`, there
* are no DER encoding/decoding routines for EC public key. The encoding of
* `i2o` is just the result of `EC_POINT_point2oct` on the public key point.
*/
/* 7.3.24 */
int SAF_GetEccPublicKey(
void *hAppHandle,
@@ -175,9 +105,8 @@ int SAF_GetEccPublicKey(
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
int ret = -1;
void *hSessionHandle = NULL;
unsigned int uiKeyIndex;
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
int rv;
/* check arguments */
@@ -206,64 +135,17 @@ int SAF_GetEccPublicKey(
return SAR_IndataErr;
}
/* get session and key index*/
if ((rv = saf_get_sdf_session_and_keyindex(
hAppHandle,
pucContainerName,
uiContainerNameLen,
uiKeyUsage,
&hSessionHandle,
&uiKeyIndex)) != SAR_Ok) {
/* load public key */
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB);
ret = rv;
goto end;
}
/* load key */
if (uiKeyUsage == SGD_SM2_1) {
if (SDF_ExportSignPublicKey_ECC(
hSessionHandle,
uiKeyIndex,
(ECCrefPublicKey *)pucPublicKey) != SDR_OK) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB);
goto end;
}
} else {
if (SDF_ExportEncPublicKey_ECC(
hSessionHandle,
uiKeyIndex,
(ECCrefPublicKey *)pucPublicKey) != SDR_OK) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_GMAPI_LIB);
goto end;
}
}
/* set return value */
*puiPublicKeyLen = (unsigned int)sizeof(ECCrefPublicKey);
ret = SAR_Ok;
end:
sdf_release_sdf_session(hSessionHandle);
return ret;
}
/* 7.3.25 */
/* input data is message, not digest
* otuput is the DER encoding of the signature
*
* WHY do we need a seperate function for EC and RSA?
*/
int saf_get_sdf_session_and_ecsignkey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiAlgorithmID, /* SGD_SM2_1 */
void **phSessionhandle,
unsigned int *puiISKIndex);
int SAF_EccSign(
void *hAppHandle,
unsigned char *pucContainerName,
@@ -304,43 +186,12 @@ int SAF_EccSign(
return SAR_IndataErr;
}
/* get session and ec sign key */
if ((rv = saf_get_sdf_session_and_ecsignkey(
hAppHandle,
pucContainerName,
uiContainerNameLen,
uiAlgorithmID,
&hSessionHandle,
&uiISKIndex)) != SAR_Ok) {
SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_GMAPI_LIB);
ret = rv;
goto end;
}
/* sign */
if (SDF_InternalSign_ECC(
hSessionHandle,
uiISKIndex,
pucInData,
uiInDataLen,
(ECCSignature *)pucSignData) != SDR_OK) {
SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
*puiSignDataLen = (unsigned int)sizeof(ECCSignature);
ret = SAR_Ok;
end:
saf_release_sdf_session(hSessionhandle);
return ret;
}
/* 7.3.26 */
/* it seems that we need the public key has more info */
int SAF_EccVerifySign(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
@@ -351,11 +202,11 @@ int SAF_EccVerifySign(
unsigned int uiSignDataLen)
{
int ret = SAR_UnknownErr;
/* check arguments */
if (!pucPublicKey || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr);
return SAR_IndataErr;
}
if (uiPublicKeyLen != sizeof(ECCrefPublic)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
@@ -374,18 +225,6 @@ int SAF_EccVerifySign(
return SAR_IndataLenErr;
}
if (SDF_ExternalVerify_ECC(
NULL, /* hSessionHandle */
uiAlgorithmID,
(ECCrefPublicKey *)pucPublicKey,
pucInData,
uiInDataLen,
(ECCSignature *)pucSignData) != SDR_OK) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_GMAPI_LIB);
goto end;
}
ret = SAR_Ok;
end:
@@ -429,33 +268,11 @@ int SAF_EccPublicKeyEnc(
return SAR_IndataLenErr;
}
/* encrypt */
if (SDF_ExternalEncrypt_ECC(
NULL, /* hSessionHandle */
uiAlgorithmID,
(ECCrefPublicKey *)pucPublicKey,
pucInData,
uiInDataLen,
(ECCCipher *)pucOutData) != SDR_OK) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC, ERR_R_GMAPI_LIB);
goto end;
}
ret = SAR_Ok;
end:
return ret;
}
int saf_get_ec_public_key_from_cert(
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
ECCrefPublicKey *pucPublicKey)
{
return -1;
}
/* 7.3.28 */
int SAF_EccPublicKeyEncByCert(
unsigned char *pucCertificate,
@@ -474,7 +291,7 @@ int SAF_EccPublicKeyEncByCert(
if (!pucCertificate || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
@@ -497,34 +314,8 @@ int SAF_EccPublicKeyEncByCert(
return SAR_IndataLenErr;
}
/* get public key from cert */
if ((rv = saf_get_ec_public_key_from_cert(
pucCertificate,
uiCertificateLen,
&publicKey)) != SAR_OK) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_GMAPI_LIB);
ret = rv;
goto end;
}
/* encrypt */
if (SAF_EccPublicKeyEnc(
(unsigned char *)&publicKey,
(unsigned int)sizeof(ECCrefPublicKey),
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen) != SAR_OK) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
ret = SAR_Ok;
end:
return ret;
}
@@ -547,7 +338,7 @@ int SAF_EccVerifySignByCert(
if (!pucCertificate || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
@@ -571,33 +362,9 @@ int SAF_EccVerifySignByCert(
}
/* load public key form cert */
if ((rv = saf_get_ec_public_key_from_cert(
pucCertificate,
uiCertificateLen,
&publicKey))!= SAR_OK) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_GMAPI_LIB);
ret = rv;
goto end;
}
/* verify */
if (SAF_EccVerifySign(
(unsigned char *)&publicKey,
(unsigned int )sizeof(ECCrefPublicKey),
uiAlgorithmID,
pucInData,
uiInDataLen,
pucSignData,
uiSignDataLen)!= SAR_Ok) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_GMAPI_LIB);
goto end;
}
/* set return value */
ret = SAR_Ok;
end:
return ret;
}
@@ -616,24 +383,7 @@ int SAF_GenerateAgreementDataWithECC(
void **phAgreementHandle)
{
int ret = -1;
void *hSessionHandle = NULL;
unsigned int uiISKIndex;
if (SDF_GenerateAgreementDataWithECC(
hSessionHandle,
uiISKIndex,
uiKeyBits,
pucSponsorID,
uiSponsorIDLength,
(ECCrefPublicKey *)pucSponsorPublicKey,
(ECCrefPublicKey *)pucSponsorTmpPublicKey,
phAgreementHandle) != SDR_OK) {
SAFerr(SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC,
ERR_R_GMAPI_LIB);
goto end;
}
ret = SAR_Ok;
end:
@@ -653,19 +403,6 @@ int SAF_GenerateKeyWithECC(
{
int ret = -1;
if (SDF_GenerateKeyWithECC(
NULL, /*hSessionHandle */
pucResponseID,
uiResponseIDLength,
(ECCrefPublicKey *)pucResponsePublicKey,
(ECCrefPublicKey *)pucResponseTmpPublicKey,
phAgreementHandle,
phKeyHandle) != SDR_OK) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHECC, ERR_R_GMAPI_LIB);
goto end;
}
return 0;
}

1
crypto/saf/saf_enc.c
View File

@@ -269,4 +269,3 @@ int SAF_SymmDecrypt(
*puiOutDataLen = out - pucOutData;
return SAR_OK;
}

14
crypto/saf/saf_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,6 +27,7 @@ static ERR_STRING_DATA SAF_str_functs[] = {
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODE), "SAF_Base64_Encode"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"},
{ERR_FUNC(SAF_F_SAF_CHANGEPIN), "SAF_ChangePin"},
{ERR_FUNC(SAF_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENCBYCERT), "SAF_EccPublicKeyEncByCert"},
@@ -37,7 +38,14 @@ static ERR_STRING_DATA SAF_str_functs[] = {
{ERR_FUNC(SAF_F_SAF_GENERATEAGREEMENTDATAWITHECC),
"SAF_GenerateAgreementDataWithECC"},
{ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHECC), "SAF_GenerateKeyWithECC"},
{ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"},
{ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"},
{ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"},
{ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"},
{ERR_FUNC(SAF_F_SAF_IMPORTENCEDKEY), "SAF_ImportEncedKey"},
{ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"},
{ERR_FUNC(SAF_F_SAF_LOGIN), "SAF_Login"},
{ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"},
{ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"},
{ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA),
@@ -52,7 +60,10 @@ static ERR_STRING_DATA SAF_str_functs[] = {
static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SAF_R_CBCMAC_FAILURE), "cbcmac failure"},
{ERR_REASON(SAF_R_CMAC_FAILURE), "cmac failure"},
{ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"},
{ERR_REASON(SAF_R_GEN_RANDOM), "gen random"},
{ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"},
{ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"},
{ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"},
{ERR_REASON(SAF_R_INVALID_CONTEXT), "invalid context"},
@@ -63,6 +74,7 @@ static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"},
{ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"},
{ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"},
{ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED),
"operation not initialized"},
{ERR_REASON(SAF_R_SAF_ERROR), "saf error"},

73
crypto/saf/saf_keyhandle.c
View File

@@ -53,60 +53,77 @@
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.31
* Generate session key returned by `phKeyHandle`
* Encrypt the symmetric key `hSymmKeyObj` with the input public key
* `pucPublicKey`, output the encrypted results to `pucSymmKey`,
*
* how can we encrypt data with public key?
* it this function relies on ther SAF API?
*
* The function don't care the input public key. It should be an exported
* public key. Some extra information should be appened into the output key.
*/
/* 7.3.31 */
int SAF_GenerateKeyWithEPK(
void *hSymmKeyObj,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
unsigned int *puiSymmKeyLen,
void **phKeyHandle)
{
int pkey_type;
int ret = SAR_UnknownErr;
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
const EVP_CIPHER *cipher;
unsigned char keybuf[32];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pkctx = NULL;
size_t outlen;
if (!(pkey = d2i_PublicKey(pkey_type, NULL, &p,
(long)uiPublicKeyLen))) {
if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey
|| !puiSymmKeyLen || !phKeyHandle) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
outlen = (size_t)*puiSymmKeyLen;
if (!(cipher = EVP_get_cipherbysgd(obj->algor))
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|| !(pkey = d2i_PUBKEY(NULL, &pucPublicKey, (long)uiPublicKeyLen))
|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
|| !EVP_PKEY_encrypt_init(pkctx)
|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE);
goto end;
}
// init EVP_CIPHER_CTX
if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE);
goto end;
}
*puiSymmKeyLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pkctx);
return ret;
}
/* 7.3.32 */
/* all the inforamtion should be kept in encrypted key
* the encrytped key can be decrypted with the default private key
*/
int SAF_ImportEncedKey(
void *hSymmKeyObj,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
void **phKeyHandle)
{
return 0;
SAFerr(SAF_F_SAF_IMPORTENCEDKEY, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.3.37 */
int SAF_DestroyKeyHandle(
void *hKeyHandle)
{
SAF_KeyHandle *hkey = (SAF_KeyHandle *)hKeyHandle;
if (!hKeyHandle) {
return SAR_OK;
}
OPENSSL_clear_free(hkey->key, hkey->keylen);
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
OPENSSL_clear_free(hkey, hkey->keylen);
return SAR_OK;
}

76
crypto/saf/saf_lcl.h
View File

@@ -47,7 +47,6 @@
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsdf.h>
@@ -65,73 +64,18 @@ typedef struct {
} SAF_BASE64OBJ;
typedef struct {
void *hAppHandle;
unsigned char *pucContainerName;
unsigned int uiContainerLen;
unsigned char *pucIV;
unsigned int uiIVLen;
unsigned int uiEncOrDec;
unsigned int uiCryptoAlgID;
} SAF_SymmKeyObj;
unsigned int algor;
unsigned char container[256];
unsigned int containerlen;
unsigned char iv[16];
unsigned int ivlen;
unsigned int enc;
} SAF_SYMMKEYOBJ;
typedef struct {
unsigned char *key;
size_t keylen;
/* used by `SAF_SymmEncryptUpdate`, `SAF_SymmEncryptFinal`,
* `SAF_SymmDecryptUpdate`, `SAF_SymmDecryptFinal`
*/
SAF_SYMMKEYOBJ obj;
unsigned char key[64];
EVP_CIPHER_CTX *cipher_ctx;
const EVP_CIPHER *cipher;
CMAC_CTX *cmac_ctx;
} SAF_KEY_HANDLE;
int saf_readfile(
const char *file,
unsigned char **pout,
size_t *len);
int saf_save_ec_keypair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey);
int saf_save_rsa_keypair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag,
RSArefPublicKey *pucPublicKey,
RSArefPrivateKey *pucPrivateKey);
int saf_get_sdf_session_and_keyindex(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
void *phSessionHandle,
unsigned int puiKeyIndex);
int saf_get_sdf_session_and_ecsignkey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiAlgorithmID, /* SGD_SM2_1 */
void **phSessionhandle,
unsigned int *puiISKIndex);
void saf_release_sdf_session(
void *hSessionHandle);
int saf_get_ec_public_key_from_cert(
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
ECCrefPublicKey *pucPublicKey);
} SAF_KEY;

27
crypto/saf/saf_mac.c
View File

@@ -49,7 +49,6 @@
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/cbcmac.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
@@ -60,35 +59,35 @@ int SAF_MacUpdate(
unsigned int uiInDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
if (!hKeyHandle || !pucInData) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cbcmac_ctx) {
if (!(hkey->cbcmac_ctx = CBCMAC_CTX_new())) {
if (!hkey->cmac_ctx) {
if (!(hkey->cmac_ctx = CMAC_CTX_new())) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!CBCMAC_Init(hkey->cbcmac_ctx, hkey->key, hkey->keylen, hkey->cipher, NULL)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CBCMAC_FAILURE);
if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, hkey->cipher, NULL)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
goto end;
}
}
if (!CBCMAC_Update(hkey->cbcmac_ctx, pucInData, (size_t)uiInDataLen)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CBCMAC_FAILURE);
if (!CMAC_Update(hkey->cmac_ctx, pucInData, (size_t)uiInDataLen)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
return SAR_UnknownErr;
}
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cbcmac_ctx) {
CBCMAC_CTX_free(hkey->cbcmac_ctx);
hkey->cbcmac_ctx = NULL;
if (ret != SAR_OK && hkey->cmac_ctx) {
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
}
return ret;
}
@@ -99,7 +98,7 @@ int SAF_MacFinal(
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
size_t siz;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
@@ -112,7 +111,7 @@ int SAF_MacFinal(
return SAR_IndataLenErr;
}
if (!hkey->cbcmac_ctx) {
if (!hkey->cmac_ctx) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_OPERATION_NOT_INITIALIZED);
return SAR_UnknownErr;
}
@@ -123,7 +122,7 @@ int SAF_MacFinal(
return SAR_UnknownErr;
}
*puiOutDataLen = siz;
*puiOutDataLen = (unsigned int)siz;
return SAR_OK;
}

249
crypto/saf/saf_pkcs7.c
View File

@@ -50,32 +50,9 @@
#include <openssl/evp.h>
#include <openssl/gmapi.h>
#include <openssl/gmsaf.h>
#incluce "saf_lcl.h"
/*
In GMAPI we will use private keys handled by ENGINE, the keys in ENGINE
is referenced by ENGINE and key label `key_id`
*/
EVP_PKEY *saf_load_private_key( void *hAppHandle,
unsigned char *containerName, unsigned int containerNameLen,
unsigned int keyUsage)
{
return NULL;
}
int GMAPI_CONTAINER_get_cert_and_key(GMAPI_CONTAINER *container,
int key_usage, X509 **cert, EVP_PKEY **pkey)
{
return 0;
}
#include "saf_lcl.h"
/* 7.4.2 */
/* we need AppHandle before doing this
* App + Container + KeyUsage => sign_key
* the private key is referenced by a string label `key_id`
*/
int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
@@ -92,22 +69,7 @@ int SAF_Pkcs7_EncodeData(
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
const EVP_MD *md;
p7 = PKCS7_new();
pkey = saf_load_private_key(hAppHandle,
pucSignContainerName, uiSignContainerNameLen
uiSignKeyUsage);
PKCS7_set_type(p7, 0);
return 0;
return ret;
}
@@ -115,7 +77,8 @@ int SAF_Pkcs7_EncodeData(
int SAF_Pkcs7_DecodeData(
void *hAppHandle)
{
return 0;
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.4 */
@@ -132,52 +95,11 @@ int SAF_Pkcs7_EncodeSignedData(
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int flags;
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
X509 *cert = NULL;
unsigned char *p;
if (!(pkey = saf_load_private_key(hAppHandle, pucSignContainerName,
uiSignContainerNameLen, uiSignKeyUsage))) {
}
/* decode certificate, check no extra input */
p = pucSignerCertificate;
if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) {
}
if (p - pucSignerCertificate != uiSignerCertificateLen) {
}
/* data bio */
if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))) {
}
/* set digest */
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
}
flags = PKCS7_BINARY;
p7 = PKCS7_sign(cert, pkey, NULL, bio, flags);
p = pucDerP7Data;
if (i2d_PKCS7(p7, &p) < 0) {
}
*puiDerP7DataLen = p - pucDerP7Data;
return 0;
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.5 */
/*
* The content data in PKCS #7 SignedData format is optional, as the
* `SAF_Pkcs7_DecodeSignedData` function has explicit content data input
* with parameter `pucData`, the `SAF_Pkcs7_EncodeSignedData` will not carry
* content data, with the `PKCS7_DETACHED` flag bit set.
*/
int SAF_Pkcs7_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerP7SignedData,
@@ -190,37 +112,8 @@ int SAF_Pkcs7_DecodeSignedData(
unsigned char *pucSign,
unsigned int *puiSignLen)
{
int ret;
PKCS7 *p7 = NULL;
X509 *cert = NULL;
const EVP_MD *md;
BIO *bio = NULL;
STACK_OF(X509) *certs = NULL;
X509_STORE *store = NULL;
int flags = 0;
p = pucDerP7SignedData;
if (!(p7 = d2i_PKCS7(NULL, &p, (long)uiDerP7SignedDataLen))) {
}
if (p - pucDerP7SignedData != uiDerP7SignedDataLen) {
}
p = pucSignerCertificate;
if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) {
}
if (p - pucSignerCertificate != uiSignerCertificateLen) {
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
}
if (!PKCS7_set_digest(p7, md)) {
}
if (!PKCS7_verify(p7, cert, store, bio, NULL, flags)) {
}
return 0;
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.6 */
@@ -235,27 +128,10 @@ int SAF_Pkcs7_EncodeEnvelopedData(
unsigned int *puiDerP7EnvelopedDataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
X509 *cert = NULL;
BIO *bio = NULL;
const EVP_CIPHER *cipher;
int flags;
cipher = EVP_get_cipherbysgd(uiSymmAlgorithm);
bio = BIO_new(BIO_s_mem());
// set data to bio
p = pucEncCertificate;
cert = d2i_X509(NULL, &p, uiEncCertificateLen);
p7 = PKCS7_encrypt(cert, bio, cipher, flags);
end:
PKCS7_free(p7);
return ret;
}
/* 7.4.7 */
/* key is referenced by App.Container.KeyUsage */
int SAF_Pkcs7_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
@@ -266,20 +142,11 @@ int SAF_Pkcs7_DecodeEnvelopedData(
unsigned char *pucData,
unsigned int *puiDataLen)
{
PKCS7 *p7 = NULL;
BIO *bio = NULL;
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
// get cert and pkey from App.Container.KeyUsage
PKCS7_decrypt(p7, pkey, cert, bio, flags);
return 0;
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.8 */
/* the `hAppHandle` and key is not required in digest */
int SAF_Pkcs7_EncodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
@@ -289,89 +156,10 @@ int SAF_Pkcs7_EncodeDigestedData(
unsigned int *puiDerP7DigestedDataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
BIO *bio = NULL;
const EVP_MD *md;
unsigned char *p;
int len;
if (!hAppHandle || !pucData || !pucDerP7DigestedData || !puiDerP7DigestedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiDataLen > INT_MAX) {
return SAR_IndataLenErr;
}
len = (int)uiDataLen;
if (!(p7 = PKCS7_new())) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!PKCS7_set_type(p7, NID_pkcs7_digest)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
/* set digest */
if (!PKCS7_set_digest(p7, md)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
/* set content */
if (!PKCS7_content_new(p7, NID_pkcs7_data)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (!(bio = PKCS7_dataInit(p7, NULL))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (!BIO_write(bio, pucData, len)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_GMAPI_LIB);
goto end;
}
if (!BIO_flush(bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_GMAPI_LIB);
goto end;
}
if (!PKCS7_dataFinal(p7, bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
/* check output buffer length */
if ((len = i2d_PKCS7(p7, NULL)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DigestedDataLen < len) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
/* der encoding */
p = pucDerP7DigestedData;
if ((len = i2d_PKCS7(p7, &p)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
*puiDerP7DigestedDataLen = (unsigned int)len;
ret = SAR_OK;
end:
PKCS7_free(p7);
return ret;
}
/* 7.4.9 */
/* parse pkcs7 and get data and digest */
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
@@ -383,22 +171,5 @@ int SAF_Pkcs7_DecodeDigestedData(
unsigned int *puiDigestLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
unsigned char *p;
long len;
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
p = pucDerP7DigestedData;
len = uiDerP7DigestedDataLen;
if (!(p7 = d2i_PKCS7(NULL, &p, len))) {
goto end;
}
return ret;
}

13
crypto/saf/saf_rand.c
View File

@@ -60,13 +60,20 @@ int SAF_GenRandom(
unsigned int uiRandLen,
unsigned char *pucRand)
{
int len;
if (uiRandLen > 1024 * 1024) {
if (uiRandLen <= 0 || uiRandLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
len = (int)uiRandLen;
if (!pucRand) {
SAFerr(SAF_F_SAF_GENRANDOM, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!RAND_bytes(pucRand, len)) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE);
return SAR_GenRandErr;
}
return SAR_OK;
}

103
crypto/saf/saf_rsa.c
View File

@@ -61,28 +61,6 @@ int SAF_GenRsaKeyPair(void *hAppHandle,
unsigned int uiKeyUsage,
unsigned int uiExportFlag)
{
RSArefPublicKey publicKey;
RSArefPrivateKey privateKey;
if (SDR_OK != SDF_GenerateKeyPair_RSA(
NULL,
uiKeyBits,
&publicKey,
&privateKey)) {
}
if ((ret = saf_save_rsa_keypair(
hAppHandle,
pucContainerName,
uiContainerNameLen,
uiKeyBits,
uiKeyUsage,
uiExportFlag,
&publicKey,
&privateKey))
!= SAR_Ok) {
}
return SAR_NotSupportYetErr;
}
@@ -95,47 +73,10 @@ int SAF_GetPublicKey(
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
unsigned int uiAlgID;
if (uiAlgID = SGD_RSA) {
if (uiKeyUsage == 1) {
if (SDF_ExportSignPublicKey_RSA(
hSessionHandle,
uiKeyIndex,
(RSArefPublicKey *)pucPublicKey) != SDR_OK) {
}
} else {
if (SDF_ExportEncPublicKey_RSA(
hSessionHandle,
uiKeyIndex,
(RSArefPublicKey *)pucPublicKey) != SDR_OK) {
}
}
*puiPublicKeyLen = (unsigned int)sizeof(RSArefPublicKey);
} else {
if (uiKeyUsage == 1) {
if (SDF_ExportSignPublicKey_ECC(
hSessionHandle,
uiKeyIndex,
(ECCrefPublicKey *)pucPublicKey) != SDR_OK) {
}
} else {
if (SDF_ExportEncPublicKey_ECC(
hSessionHandle,
uiKeyIndex,
(ECCrefPublicKey *)pucPublicKey) != SDR_OK) {
}
}
*puiPublicKeyLen = (unsigned int)sizeof(ECCrefPublicKey);
}
return SAR_NotSupportYetErr;
}
/* 7.3.18 */
/* the `pucInData` is message, not digest */
int SAF_RsaSign(
void *hAppHandle,
unsigned char *pucContainerName,
@@ -146,8 +87,6 @@ int SAF_RsaSign(
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
return SAR_NotSupportYetErr;
}
@@ -161,20 +100,6 @@ int SAF_RsaSignFile(
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
int ret;
unsigned char *buf = NULL;
unsigned int buflen;
if ((ret = readfile(pucFileName, &buf, &buflen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_RsaSign(hAppHandle, pucContainerName, uiContainerNameLen,
uiHashAlgoType, buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) {
OPENSSL_free(buf);
return ret;
}
OPENSSL_free(buf);
return SAR_OK;
}
@@ -200,20 +125,6 @@ int SAF_RsaVerifySignFile(
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret;
unsigned char *buf = NULL;
unsigned int buflen;
if ((ret = readfile(pucFileName, &buf, &buflen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_RsaVerifySign(uiHashAlgoType, pucPublicKey, uiPublicKeyLen,
buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) {
OPENSSL_free(buf);
return ret;
}
OPENSSL_free(buf);
return SAR_OK;
}
@@ -227,20 +138,6 @@ int SAF_VerifySignByCert(
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret;
unsigned char *buf = NULL;
unsigned int buflen;
if ((ret = cert_get_pubkey(pucCertificate, uiCertificateLen, &buf, &buflen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_RsaVerifySign(uiHashAlgoType, pucPublicKey, uiPublicKeyLen,
buf, buflen, pucSignature, puiSignatureLen)) != SAR_OK) {
OPENSSL_free(buf);
return ret;
}
OPENSSL_free(buf);
return SAR_OK;
}

102
crypto/saf/saf_sm2.c
View File

@@ -70,17 +70,6 @@ int SAF_SM2_EncodeSignedAndEnvelopedData(
unsigned int *puiDerSignedAndEnvelopedDataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
const EVP_MD *md;
p7 = PKCS7_new();
pkey = saf_load_private_key(hAppHandle,
pucSignContainerName, uiSignContainerNameLen
uiSignKeyUsage);
PKCS7_set_type(p7, 0);
return 0;
}
@@ -115,42 +104,6 @@ int SAF_SM2_EncodeSignedData(
unsigned char *pucDerSignedData,
unsigned int *puiDerSignedDataLen)
{
int flags;
BIO *bio = NULL;
EVP_PKEY *pkey = NULL;
X509 *cert = NULL;
unsigned char *p;
if (!(pkey = saf_load_private_key(hAppHandle, pucSignContainerName,
uiSignContainerNameLen, uiSignKeyUsage))) {
}
/* decode certificate, check no extra input */
p = pucSignerCertificate;
if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) {
}
if (p - pucSignerCertificate != uiSignerCertificateLen) {
}
/* data bio */
if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))) {
}
/* set digest */
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
}
flags = PKCS7_BINARY;
p7 = PKCS7_sign(cert, pkey, NULL, bio, flags);
p = pucDerP7Data;
if (i2d_PKCS7(p7, &p) < 0) {
}
*puiDerP7DataLen = p - pucDerP7Data;
return 0;
}
@@ -167,36 +120,6 @@ int SAF_SM2_DecodeSignedData(
unsigned char *pucSign,
unsigned int *puiSignLen)
{
int ret;
PKCS7 *p7 = NULL;
X509 *cert = NULL;
const EVP_MD *md;
BIO *bio = NULL;
STACK_OF(X509) *certs = NULL;
X509_STORE *store = NULL;
int flags = 0;
p = pucDerP7SignedData;
if (!(p7 = d2i_PKCS7(NULL, &p, (long)uiDerP7SignedDataLen))) {
}
if (p - pucDerP7SignedData != uiDerP7SignedDataLen) {
}
p = pucSignerCertificate;
if (!(cert = d2i_X509(NULL, &p, (long)uiSignerCertificateLen))) {
}
if (p - pucSignerCertificate != uiSignerCertificateLen) {
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
}
if (!PKCS7_set_digest(p7, md)) {
}
if (!PKCS7_verify(p7, cert, store, bio, NULL, flags)) {
}
return 0;
}
@@ -212,22 +135,6 @@ int SAF_SM2_EncodeEnvelopedData(
unsigned int *puiDerEnvelopedDataLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
X509 *cert = NULL;
BIO *bio = NULL;
const EVP_CIPHER *cipher;
int flags;
cipher = EVP_get_cipherbysgd(uiSymmAlgorithm);
bio = BIO_new(BIO_s_mem());
// set data to bio
p = pucEncCertificate;
cert = d2i_X509(NULL, &p, uiEncCertificateLen);
p7 = PKCS7_encrypt(cert, bio, cipher, flags);
end:
PKCS7_free(p7);
return ret;
}
@@ -242,14 +149,5 @@ int SAF_SM2_DecodeEnvelopedData(
unsigned char *pucData,
unsigned int *puiDataLen)
{
PKCS7 *p7 = NULL;
BIO *bio = NULL;
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
// get cert and pkey from App.Container.KeyUsage
PKCS7_decrypt(p7, pkey, cert, bio, flags);
return 0;
}

66
crypto/saf/saf_symmkeyobj.c
View File

@@ -54,10 +54,7 @@
#include "saf_lcl.h"
/* 7.3.30
* All symmetric keys in GMAPI are session objects.
* The `SymmKeyObj` is a EVP_CIPHER_CTX
*/
/* 7.3.30 */
int SAF_CreateSymmKeyObj(
void *hAppHandle,
void **phSymmKeyObj,
@@ -69,52 +66,31 @@ int SAF_CreateSymmKeyObj(
unsigned int uiCryptoAlgID)
{
int ret = SAR_UnknownErr;
SAF_SymmKeyObj *obj = NULL;
SAF_SYMMKEYOBJ *obj = NULL;
/* check arguments */
if (!hAppHandle || !phSymmKeyObj || !pucContainerName || !pucIV) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
ERR_R_PASSED_NULL_PARAMETER);
return -1;
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerLen > INT_MAX) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
SAF_R_INVALID_INPUT_LENGTH);
return -1;
}
if (uiIVLen > EVP_MAX_IV_LENGTH) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
SAF_R_INVALID_INPUT_LENGTH);
return -1;
if (uiContainerLen <= 0 || uiContainerLen > 255 ||
uiIVLen > EVP_MAX_IV_LENGTH) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* init object */
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
ERR_R_MALLOC_FAILURE);
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->hAppHandle = hAppHandle;
if (!(obj->pucContainerName = OPENSSL_memdup(pucContainerName,
(size_t)uiContainerLen))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
ERR_R_MALLOC_FAILURE);
goto end;
}
if (!(obj->pucIV = OPENSSL_memdup(pucIV, (size_t)uiIVLen))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
ERR_R_MALLOC_FAILURE);
goto end;
}
obj->uiEncOrDec = uiEncOrDec;
if (!EVP_get_cipherbysgd(uiCryptoAlgID)) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ,
SAF_R_INVALID_ALGOR);
goto end;
}
obj->uiCryptoAlgID = uiCryptoAlgID;
memcpy(obj->container, pucContainerName, uiContainerLen);
obj->containerlen = uiContainerLen;
memcpy(obj->iv, pucIV, uiIVLen);
obj->ivlen = uiIVLen;
obj->enc = uiEncOrDec;
obj->algor = uiCryptoAlgID;
/* set output */
*phSymmKeyObj = obj;
@@ -131,14 +107,10 @@ end:
int SAF_DestroySymmAlgoObj(
void *hSymmKeyObj)
{
SAF_SymmKeyObj *obj = (SAF_SymmKeyObj *)hSymmKeyObj;
if (!hSymmKeyObj) {
return SAR_OK;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
if (obj) {
OPENSSL_cleanse(obj, sizeof(*obj));
OPENSSL_free(obj);
}
OPENSSL_free(obj->pucContainerName);
OPENSSL_free(obj->pucIV);
memset(obj, 0, sizeof(*obj));
return SAR_OK;
}