From a1e9e04cc97da0402c7f0de71ea3a6bb94f1047e Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Wed, 22 Feb 2017 18:22:36 +0800 Subject: [PATCH] updates of --- crypto/saf/saf_ec.d.tmp | 16 ----- crypto/sdf/sdf_meth.c | 126 ++++++++++++++++++++++++++++++++++++++++ crypto/sof/sof_errstr.c | 72 ----------------------- crypto/sof/sof_lib.c | 56 ++++++++++++------ include/openssl/gmsdf.h | 2 + include/openssl/sof.h | 9 +-- 6 files changed, 172 insertions(+), 109 deletions(-) delete mode 100644 crypto/saf/saf_ec.d.tmp create mode 100644 crypto/sdf/sdf_meth.c delete mode 100644 crypto/sof/sof_errstr.c diff --git a/crypto/saf/saf_ec.d.tmp b/crypto/saf/saf_ec.d.tmp deleted file mode 100644 index cdae33c4..00000000 --- a/crypto/saf/saf_ec.d.tmp +++ /dev/null @@ -1,16 +0,0 @@ -crypto/saf/saf_ec.o: crypto/saf/saf_ec.c include/openssl/gmapi.h \ - include/openssl/ec.h include/openssl/opensslconf.h \ - include/openssl/asn1.h include/openssl/e_os2.h include/openssl/bio.h \ - include/openssl/crypto.h include/openssl/stack.h \ - include/openssl/safestack.h include/openssl/opensslv.h \ - include/openssl/ossl_typ.h include/openssl/symhacks.h \ - include/openssl/bn.h include/openssl/sm2.h include/openssl/err.h \ - include/openssl/lhash.h include/openssl/evp.h \ - include/openssl/objects.h include/openssl/obj_mac.h \ - include/openssl/kdf2.h include/openssl/kdf.h include/openssl/x509.h \ - include/openssl/buffer.h include/openssl/rsa.h include/openssl/dsa.h \ - include/openssl/dh.h include/openssl/sha.h include/openssl/x509_vfy.h \ - include/openssl/pkcs7.h include/openssl/ecdsa.h include/openssl/sm3.h \ - include/openssl/sgd.h include/openssl/saf.h include/openssl/sdf.h \ - include/openssl/skf.h include/openssl/sof.h include/openssl/gmsdf.h \ - include/openssl/gmsaf.h diff --git a/crypto/sdf/sdf_meth.c b/crypto/sdf/sdf_meth.c new file mode 100644 index 00000000..65630619 --- /dev/null +++ b/crypto/sdf/sdf_meth.c @@ -0,0 +1,126 @@ +/* ==================================================================== + * Copyright (c) 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include "internal/dso.h" +#include "internal/sdf_meth.h" + +SDF_METHOD *SDF_METHOD_load_library(const char *so_path) +{ + SDF_METHOD *ret = NULL; + SDF_METHOD *sdf = NULL; + DSO *dso = NULL; + void *func; + int i; + + if (!(dso = DSO_load(NULL, so_path, NULL, 0))) { + goto end; + } + if (!(sdf = OPENSSL_zalloc(sizeof(*sdf)))) { + goto end; + } + + sdf->OpenDevice = (SDF_OpenDevice_FuncPtr)DSO_bind_func(dso, "SDF_OpenDevice"); + sdf->CloseDevice = (SDF_CloseDevice_FuncPtr)DSO_bind_func(dso, "SDF_CloseDevice"); + sdf->OpenSession = (SDF_OpenSession_FuncPtr)DSO_bind_func(dso, "SDF_OpenSession"); + sdf->CloseSession = (SDF_CloseSession_FuncPtr)DSO_bind_func(dso, "SDF_CloseSession"); + sdf->GetDeviceInfo = (SDF_GetDeviceInfo_FuncPtr)DSO_bind_func(dso, "SDF_GetDeviceInfo"); + sdf->GenerateRandom = (SDF_GenerateRandom_FuncPtr)DSO_bind_func(dso, "SDF_GenerateRandom"); + sdf->GetPrivateKeyAccessRight = (SDF_GetPrivateKeyAccessRight_FuncPtr)DSO_bind_func(dso, "SDF_GetPrivateKeyAccessRight"); + sdf->ReleasePrivateKeyAccessRight = (SDF_ReleasePrivateKeyAccessRight_FuncPtr)DSO_bind_func(dso, "SDF_ReleasePrivateKeyAccessRight"); + sdf->ExportSignPublicKey_RSA = (SDF_ExportSignPublicKey_RSA_FuncPtr)DSO_bind_func(dso, "SDF_ExportSignPublicKey_RSA"); + sdf->ExportEncPublicKey_RSA = (SDF_ExportEncPublicKey_RSA_FuncPtr)DSO_bind_func(dso, "SDF_ExportEncPublicKey_RSA"); + sdf->GenerateKeyPair_RSA = (SDF_GenerateKeyPair_RSA_FuncPtr)DSO_bind_func(dso, "SDF_GenerateKeyPair_RSA"); + sdf->GenerateKeyWithIPK_RSA = (SDF_GenerateKeyWithIPK_RSA_FuncPtr)DSO_bind_func(dso, "SDF_GenerateKeyWithIPK_RSA"); + sdf->GenerateKeyWithEPK_RSA = (SDF_GenerateKeyWithEPK_RSA_FuncPtr)DSO_bind_func(dso, "SDF_GenerateKeyWithEPK_RSA"); + sdf->ImportKeyWithISK_RSA = (SDF_ImportKeyWithISK_RSA_FuncPtr)DSO_bind_func(dso, "SDF_ImportKeyWithISK_RSA"); + sdf->ExchangeDigitEnvelopeBaseOnRSA = (SDF_ExchangeDigitEnvelopeBaseOnRSA_FuncPtr)DSO_bind_func(dso, "SDF_ExchangeDigitEnvelopeBaseOnRSA"); + sdf->ExportSignPublicKey_ECC = (SDF_ExportSignPublicKey_ECC_FuncPtr)DSO_bind_func(dso, "SDF_ExportSignPublicKey_ECC"); + sdf->ExportEncPublicKey_ECC = (SDF_ExportEncPublicKey_ECC_FuncPtr)DSO_bind_func(dso, "SDF_ExportEncPublicKey_ECC"); + sdf->GenerateKeyPair_ECC = (SDF_GenerateKeyPair_ECC_FuncPtr)DSO_bind_func(dso, "SDF_GenerateKeyPair_ECC"); + sdf->GenerateKeyWithIPK_ECC = (SDF_GenerateKeyWithIPK_ECC_FuncPtr)DSO_bind_func(dso, "SDF_GenerateKeyWithIPK_ECC"); + sdf->GenerateKeyWithEPK_ECC = (SDF_GenerateKeyWithEPK_ECC_FuncPtr)DSO_bind_func(dso, "SDF_GenerateKeyWithEPK_ECC"); + sdf->ImportKeyWithISK_ECC = (SDF_ImportKeyWithISK_ECC_FuncPtr)DSO_bind_func(dso, "SDF_ImportKeyWithISK_ECC"); + sdf->GenerateAgreementDataWithECC = (SDF_GenerateAgreementDataWithECC_FuncPtr)DSO_bind_func(dso, "SDF_GenerateAgreementDataWithECC"); + sdf->GenerateKeyWithECC = (SDF_GenerateKeyWithECC_FuncPtr)DSO_bind_func(dso, "SDF_GenerateKeyWithECC"); + sdf->GenerateAgreementDataAndKeyWithECC = (SDF_GenerateAgreementDataAndKeyWithECC_FuncPtr)DSO_bind_func(dso, "SDF_GenerateAgreementDataAndKeyWithECC"); + sdf->ExchangeDigitEnvelopeBaseOnECC = (SDF_ExchangeDigitEnvelopeBaseOnECC_FuncPtr)DSO_bind_func(dso, "SDF_ExchangeDigitEnvelopeBaseOnECC"); + sdf->GenerateKeyWithKEK = (SDF_GenerateKeyWithKEK_FuncPtr)DSO_bind_func(dso, "SDF_GenerateKeyWithKEK"); + sdf->ImportKeyWithKEK = (SDF_ImportKeyWithKEK_FuncPtr)DSO_bind_func(dso, "SDF_ImportKeyWithKEK"); + sdf->DestroyKey = (SDF_DestroyKey_FuncPtr)DSO_bind_func(dso, "SDF_DestroyKey"); + sdf->ExternalPublicKeyOperation_RSA = (SDF_ExternalPublicKeyOperation_RSA_FuncPtr)DSO_bind_func(dso, "SDF_ExternalPublicKeyOperation_RSA"); + sdf->InternalPublicKeyOperation_RSA = (SDF_InternalPublicKeyOperation_RSA_FuncPtr)DSO_bind_func(dso, "SDF_InternalPublicKeyOperation_RSA"); + sdf->InternalPrivateKeyOperation_RSA = (SDF_InternalPrivateKeyOperation_RSA_FuncPtr)DSO_bind_func(dso, "SDF_InternalPrivateKeyOperation_RSA"); + sdf->ExternalVerify_ECC = (SDF_ExternalVerify_ECC_FuncPtr)DSO_bind_func(dso, "SDF_ExternalVerify_ECC"); + sdf->InternalSign_ECC = (SDF_InternalSign_ECC_FuncPtr)DSO_bind_func(dso, "SDF_InternalSign_ECC"); + sdf->InternalVerify_ECC = (SDF_InternalVerify_ECC_FuncPtr)DSO_bind_func(dso, "SDF_InternalVerify_ECC"); + sdf->ExternalEncrypt_ECC = (SDF_ExternalEncrypt_ECC_FuncPtr)DSO_bind_func(dso, "SDF_ExternalEncrypt_ECC"); + sdf->ExternalDecrypt_ECC = (SDF_ExternalDecrypt_ECC_FuncPtr)DSO_bind_func(dso, "SDF_ExternalDecrypt_ECC"); + sdf->InternalEncrypt_ECC = (SDF_InternalEncrypt_ECC_FuncPtr)DSO_bind_func(dso, "SDF_InternalEncrypt_ECC"); + sdf->InternalDecrypt_ECC = (SDF_InternalDecrypt_ECC_FuncPtr)DSO_bind_func(dso, "SDF_InternalDecrypt_ECC"); + sdf->Encrypt = (SDF_Encrypt_FuncPtr)DSO_bind_func(dso, "SDF_Encrypt"); + sdf->Decrypt = (SDF_Decrypt_FuncPtr)DSO_bind_func(dso, "SDF_Decrypt"); + sdf->CalculateMAC = (SDF_CalculateMAC_FuncPtr)DSO_bind_func(dso, "SDF_CalculateMAC"); + sdf->HashInit = (SDF_HashInit_FuncPtr)DSO_bind_func(dso, "SDF_HashInit"); + sdf->HashUpdate = (SDF_HashUpdate_FuncPtr)DSO_bind_func(dso, "SDF_HashUpdate"); + sdf->HashFinal = (SDF_HashFinal_FuncPtr)DSO_bind_func(dso, "SDF_HashFinal"); + sdf->CreateFile = (SDF_CreateFile_FuncPtr)DSO_bind_func(dso, "SDF_CreateFile"); + sdf->ReadFile = (SDF_ReadFile_FuncPtr)DSO_bind_func(dso, "SDF_ReadFile"); + sdf->WriteFile = (SDF_WriteFile_FuncPtr)DSO_bind_func(dso, "SDF_WriteFile"); + sdf->DeleteFile = (SDF_DeleteFile_FuncPtr)DSO_bind_func(dso, "SDF_DeleteFile"); + + + ret = sdf; + sdf = NULL; + +end: + OPENSSL_free(sdf); + DSO_free(dso); + return ret; +} diff --git a/crypto/sof/sof_errstr.c b/crypto/sof/sof_errstr.c deleted file mode 100644 index 67eaee5c..00000000 --- a/crypto/sof/sof_errstr.c +++ /dev/null @@ -1,72 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2016 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include "../../e_os.h" - -static ERR_STRING_DATA sof_errstr[] = { - { SOR_OK, "Success" }, - { SOR_UnknownErr, "Unknown error" }, - { SOF_FileErr, "File error" }, - { SOR_ProviderTypeErr, "Provider type error" }, - { SOR_LoadProviderErr, "Load provider error" }, -}; - -char *SOF_GetErrorString(int err) -{ - int i; - for (i = 0; i < OSSL_NELEM(sof_errstr); i++) { - if (err == sof_errstr[i].error) { - return sof_errstr[i].string; - } - } - return "(undef)"; -} - diff --git a/crypto/sof/sof_lib.c b/crypto/sof/sof_lib.c index 1d155d27..6eaaf77f 100644 --- a/crypto/sof/sof_lib.c +++ b/crypto/sof/sof_lib.c @@ -49,53 +49,55 @@ #include #include +#include "../../e_os.h" + +static long sof_sign_method = SGD_SM2; +static long sof_enc_method = SGD_SM4_CBC; +static long sof_last_error = SOR_OK; -BSTR sof_version = "1.0"; -long sof_sign_method = SGD_SM2; -long sof_enc_method = SGD_SM4_CBC; BSTR SOF_GetVersion(void) { - SOFerr(SOF_F_SOF_GETVERSION, SOF_R_NOT_IMPLEMENTED); - return NULL; + return OpenSSL_version(0); } long SOF_SetSignMethod(long SignMethod) { - SOFerr(SOF_F_SOF_SETSIGNMETHOD, SOF_R_NOT_IMPLEMENTED); - return 0; + sof_sign_method = SignMethod; + return SOR_OK; } long SOF_GetSignMethod(void) { - SOFerr(SOF_F_SOF_GETSIGNMETHOD, SOF_R_NOT_IMPLEMENTED); - return 0; + return sof_sign_method; } long SOF_SetEncryptMethod(long EncryptMethod) { - SOFerr(SOF_F_SOF_SETENCRYPTMETHOD, SOF_R_NOT_IMPLEMENTED); - return 0; + sof_enc_method = EncryptMethod; + return SOR_OK; } long SOF_GetEncryptMethod(void) { - SOFerr(SOF_F_SOF_GETENCRYPTMETHOD, SOF_R_NOT_IMPLEMENTED); - return 0; + return sof_enc_method; } +/* list installed client's certificates */ BSTR SOF_GetUserList(void) { SOFerr(SOF_F_SOF_GETUSERLIST, SOF_R_NOT_IMPLEMENTED); return NULL; } +/* we need an reference to engine */ BSTR SOF_ExportUserCert(BSTR ContainerName) { SOFerr(SOF_F_SOF_EXPORTUSERCERT, SOF_R_NOT_IMPLEMENTED); return NULL; } +/* LOGIN CMD ? */ BOOL SOF_Login(BSTR ContainerName, BSTR PassWd) { SOFerr(SOF_F_SOF_LOGIN, SOF_R_NOT_IMPLEMENTED); @@ -105,7 +107,7 @@ BOOL SOF_Login(BSTR ContainerName, BSTR PassWd) long SOF_GetPinRetryCount(BSTR ContainerName) { SOFerr(SOF_F_SOF_GETPINRETRYCOUNT, SOF_R_NOT_IMPLEMENTED); - return 0; + return SOR_NotSupportYetErr; } BOOL SOF_ChangePassWd(BSTR ContainerName, BSTR OldPassWd, BSTR NewPassWd) @@ -114,12 +116,13 @@ BOOL SOF_ChangePassWd(BSTR ContainerName, BSTR OldPassWd, BSTR NewPassWd) return NULL; } -BSTR SOF_ExportExChangeUserCert(BSTR ContainerName) +BSTR SOF_ExportExchangeUserCert(BSTR ContainerName) { SOFerr(SOF_F_SOF_EXPORTEXCHANGEUSERCERT, SOF_R_NOT_IMPLEMENTED); return NULL; } +/* `type` defined as SGD_CERT_XXX, SGD_EXT_XXX in sgd.h */ BSTR SOF_GetCertInfo(BSTR Base64EncodeCert, short Type) { SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED); @@ -144,6 +147,7 @@ long SOF_ValidateCert(BSTR Base64EncodeCert) return 0; } +/* PKCS #7 or CMS ? */ BSTR SOF_SignData(BSTR ContainerName, BSTR InData) { SOFerr(SOF_F_SOF_SIGNDATA, SOF_R_NOT_IMPLEMENTED); @@ -228,6 +232,7 @@ BSTR SOF_GetXMLSignatureInfo(BSTR XMLSignedData, short Type) return NULL; } +/* return base64 encoded data */ BSTR SOF_GenRandom(short RandomLen) { SOFerr(SOF_F_SOF_GENRANDOM, SOF_R_NOT_IMPLEMENTED); @@ -236,8 +241,7 @@ BSTR SOF_GenRandom(short RandomLen) long SOF_GetLastError(void) { - SOFerr(SOF_F_SOF_GETLASTERROR, SOF_R_NOT_IMPLEMENTED); - return 0; + return sof_last_error; } long SOF_SetCertTrustList(BSTR CTLAltName, BSTR CTLContent, short CTLContentLen) @@ -312,3 +316,21 @@ BSTR SOF_GetTimeStampInfo(BSTR tsResponseData, short type) return NULL; } +static ERR_STRING_DATA sof_errstr[] = { + { SOR_OK, "Success" }, + { SOR_UnknownErr, "Unknown error" }, + { SOR_FileErr, "File error" }, + { SOR_ProviderTypeErr, "Provider type error" }, + { SOR_LoadProviderErr, "Load provider error" }, +}; + +char *SOF_GetErrorString(int err) +{ + int i; + for (i = 0; i < OSSL_NELEM(sof_errstr); i++) { + if (err == sof_errstr[i].error) { + return sof_errstr[i].string; + } + } + return "(undef)"; +} diff --git a/include/openssl/gmsdf.h b/include/openssl/gmsdf.h index fce5bba7..c5f7585b 100644 --- a/include/openssl/gmsdf.h +++ b/include/openssl/gmsdf.h @@ -148,6 +148,8 @@ int ERR_load_SDF_strings(void); # define SDF_R_INVALID_SDF_LIBRARY 101 # define SDF_R_INVALID_SESSION_HANDLE 102 # define SDF_R_LOAD_LIBRARY_FAILURE 107 +# define SDF_R_METHOD_OPERATION_FAILURE 108 +# define SDF_R_NOT_INITIALIZED 109 # define SDF_R_NOT_SUPPORTED 103 # define SDF_R_OPERATION_FAILED 104 # define SDF_R_SDF_METHOD_RETURN_FAILURE 105 diff --git a/include/openssl/sof.h b/include/openssl/sof.h index e7539ca9..990eb328 100644 --- a/include/openssl/sof.h +++ b/include/openssl/sof.h @@ -46,13 +46,14 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ -/* GM/T 0020 */ - +/* This header file is from "GM/T 0020-2012 Certificate Application + * Integrated Service Interface Specification" + */ #ifndef HEADER_SOF_H #define HEADER_SOF_H -typedef char * BSTR; +typedef char *BSTR; typedef long BOOL; #ifdef __cplusplus @@ -69,7 +70,7 @@ BSTR SOF_ExportUserCert(BSTR ContainerName); BOOL SOF_Login(BSTR ContainerName, BSTR PassWd); long SOF_GetPinRetryCount(BSTR ContainerName); BOOL SOF_ChangePassWd(BSTR ContainerName, BSTR OldPassWd, BSTR NewPassWd); -BSTR SOF_ExportExChangeUserCert(BSTR ContainerName); +BSTR SOF_ExportExchangeUserCert(BSTR ContainerName); BSTR SOF_GetCertInfo(BSTR Base64EncodeCert, short Type); BSTR SOF_GetCertInfoByOid(BSTR Base64EncodeCert, BSTR Oid); BSTR SOF_GetDeviceInfo(BSTR ContainerName, long Type);