add sdf and skf

skf/sgd.h

@@ -0,0 +1,438 @@
+/* ====================================================================
+ * Copyright (c) 2015 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/*
+ * this header file is based on the standard GM/T 0006-2012
+ * Cryptographic Application Identifier Criterion Specification
+ */
+
+#ifndef HEADER_SGD_H
+#define HEADER_SGD_H
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_GMAPI
+
+#include <openssl/e_os2.h>
+
+/* block cipher modes */
+#define SGD_ECB			0x01
+#define SGD_CBC			0x02
+#define SGD_CFB			0x04
+#define SGD_OFB			0x08
+#define SGD_MAC			0x10
+
+/* stream cipher modes */
+#define SGD_EEA3		0x01
+#define SGD_EIA3		0x02
+
+/* ciphers */
+#define SGD_SM1			0x00000100
+#define SGD_SSF33		0x00000200
+#define SGD_SM4			0x00000400
+#define SGD_ZUC			0x00000800
+
+/* ciphers with modes */
+#define SGD_SM1_ECB		(SGD_SM1|SGD_ECB)
+#define SGD_SM1_CBC		(SGD_SM1|SGD_CBC)
+#define SGD_SM1_CFB		(SGD_SM1|SGD_CFB)
+#define SGD_SM1_OFB		(SGD_SM1|SGD_OFB)
+#define SGD_SM1_MAC		(SGD_SM1|SGD_MAC)
+#define SGD_SSF33_ECB		(SGD_SSF33|SGD_ECB)
+#define SGD_SSF33_CBC		(SGD_SSF33|SGD_CBC)
+#define SGD_SSF33_CFB		(SGD_SSF33|SGD_CFB)
+#define SGD_SSF33_OFB		(SGD_SSF33|SGD_OFB)
+#define SGD_SSF33_MAC		(SGD_SSF33|SGD_MAC)
+#define SGD_SM4_ECB		(SGD_SM4|SGD_ECB)
+#define SGD_SM4_CBC		(SGD_SM4|SGD_CBC)
+#define SGD_SM4_CFB		(SGD_SM4|SGD_CFB)
+#define SGD_SM4_OFB		(SGD_SM4|SGD_OFB)
+#define SGD_SM4_MAC		(SGD_SM4|SGD_MAC)
+#define SGD_ZUC_EEA3		(SGD_ZUC|SGD_EEA3)
+#define SGD_ZUC_EIA3		(SGD_ZUC|SGD_EIA3)
+
+/* public key usage */
+#define SGD_PK_SIGN		0x0100
+#define SGD_PK_DH		0x0200
+#define SGD_PK_ENC		0x0400
+
+/* public key types */
+#define SGD_RSA			0x00010000
+#define SGD_RSA_SIGN		(SGD_RSA|SGD_PK_SIGN)
+#define SGD_RSA_ENC		(SGD_RSA|SGD_PK_ENC)
+#define SGD_SM2			0x00020000
+#define SGD_SM2_1		(SGD_SM2|SGD_PK_SIGN)
+#define SGD_SM2_2		(SGD_SM2|SGD_PK_DH)
+#define SGD_SM2_3		(SGD_SM2|SGD_PK_ENC)
+
+/* hash */
+#define SGD_SM3			0x00000001
+#define SGD_SHA1		0x00000002
+#define SGD_SHA256		0x00000004
+#define SGD_HASH_FROM		0x00000008
+#define SGD_HASH_TO		0x000000FF
+
+/* signatue schemes */
+#define SGD_SM3_RSA		(SGD_SM3|SGD_RSA)
+#define SGD_SHA1_RSA		(SGD_SHA1|SGD_RSA)
+#define SGD_SHA256_RSA		(SGD_SHA256|SGD_RSA)
+#define SGD_SM3_SM2		(SGD_SM3|SGD_SM2)
+#define SGD_SIG_FROM		0x00040000
+#define SGD_SIG_TO		0x800000FF
+
+/* data types */
+typedef char			SGD_CHAR;
+typedef char			SGD_INT8;
+typedef int16_t			SGD_INT16;
+typedef int32_t			SGD_INT32;
+typedef int64_t			SGD_INT64;
+typedef unsigned char		SGD_UCHAR;
+typedef uint8_t			SGD_UINT8;
+typedef uint16_t		SGD_UINT16;
+typedef uint32_t		SGD_UINT32;
+typedef uint64_t		SGD_UINT64;
+typedef uint32_t		SGD_RV;
+typedef void *			SGD_OBJ;
+typedef int32_t			SGD_BOOL;
+
+#define SGD_TRUE		0x00000001
+#define SGD_FALSE		0x00000000
+
+#define SGD_KEY_INDEX		0x00000101
+#define SGD_SECRET_KEY		0x00000102
+#define SGD_PUBLIC_KEY_SIGN	0x00000103
+#define SGD_PUBLIC_KEY_ENCRYPT	0x00000104
+#define SGD_PRIVATE_KEY_SIGN	0x00000105
+#define SGD_PRIVATE_KEY_ENCRYPT	0x00000106
+#define SGD_KEY_COMPONENT	0x00000107
+#define SGD_PASSWORD		0x00000108
+#define SGD_PUBLIC_KEY_CERT	0x00000109
+#define SGD_ATTRIBUTE_CERT	0x1000010A
+#define SGD_SIGNATURE_DATA	0x10000111
+#define SGD_ENVELOPE_DATA	0x10000112
+#define SGD_RANDOM_DATA		0x10000113
+#define SGD_PLAIN_DATA		0x10000114
+#define SGD_CIPHER_DATA		0x10000115
+#define SGD_DIGEST_DATA		0x10000116
+#define SGD_USER_DATA		0x10000117
+
+/* certificate */
+#define SGD_CERT_VERSION			0x00000001
+#define SGD_CERT_SERIAL				0x00000002
+#define SGD_CERT_ISSUER				0x00000005
+#define SGD_CERT_VALID_TIME			0x00000006
+#define SGD_CERT_SUBJECT			0x00000007
+#define SGD_CERT_DER_PUBLIC_KEY			0x00000008
+#define SGD_CERT_DER_EXTENSIONS			0x00000009
+#define SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO	0x00000011
+#define SGD_EXT_SUBJECTKEYIDENTIFIER_INFO	0x00000012
+#define SGD_EXT_KEYUSAGE_INFO			0x00000013
+#define SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO	0x00000014
+#define SGD_EXT_CERTIFICATEPOLICIES_INFO	0x00000015
+#define SGD_EXT_POLICYMAPPINGS_INFO		0x00000016
+#define SGD_EXT_BASICCONSTRAINTS_INFO		0x00000017
+#define SGD_EXT_POLICYCONSTRAINTS_INFO		0x00000018
+#define SGD_EXT_EXTKEYUSAGE_INFO		0x00000019
+#define SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO	0x0000001A
+#define SGD_EXT_NETSCAPE_CERT_TYPE_INFO		0x0000001B
+#define SGD_EXT_SELFDEFINED_EXTENSION_INFO	0x0000001C
+#define SGD_CERT_ISSUER_CN			0x00000021
+#define SGD_CERT_ISSUER_O			0x00000022
+#define SGD_CERT_ISSUER_OU			0x00000023
+#define SGD_CERT_SUBJECT_CN			0x00000031
+#define SGD_CERT_SUBJECT_O			0x00000032
+#define SGD_CERT_SUBJECT_OU			0x00000033
+#define SGD_CERT_SUBJECT_EMAIL			0x00000034
+#define SGD_CERT_NOTBEFORE_TIME			0x00000035
+#define SGD_CERT_NOTAFTER_TIME			0x00000036
+
+/* timestamp info */
+#define SGD_TIME_OF_STAMP		0x00000201
+#define SGD_CN_OF_TSSIGNER		0x00000202 /* Common Name of TS Signer */
+#define SGD_ORININAL_DATA		0x00000203
+#define SGD_CERT_OF_TSSSERVER		0x00000204
+#define SGD_GERTCHAIN_OF_TSSERVER	0x00000205
+#define SGD_SOURCE_OF_TIME		0x00000206
+#define SGD_TIME_PRECISION		0x00000207
+#define SGD_RESPONSE_TYPE		0x00000208
+#define SGD_SUBJECT_COUNTRY_OF_TSSIGNER	0x00000209
+#define SGD_SUBJECT_ORGNIZATION_OF_TSSIGNER 0x0000020A
+#define SGD_SUJECT_CITY_OF_TSSIGNER	0x0000020B
+#define SGD_SUBJECT_EMAIL_OF_TSSIGNER	0x0000020C
+
+/* single sign-on */
+#define SGD_SP_ID			0x00000001
+#define SGD_SP_USER_ID			0x00000002
+#define SGD_IDP_ID			0x00000003
+#define SGD_IDP_USER_ID			0x00000004
+
+/* data encoding */
+#define SGD_ENCODING_RAW		0x00000000
+#define SGD_ENCODING_DER		0x01000000
+#define SGD_ENCODING_BASE64		0x02000000
+#define SGD_ENCODING_PEM		0x03000000
+#define SGD_ENCODING_TXT		0x04000000
+
+/* APIs */
+#define SGD_PROTOCOL_CSP		1 /* Microsoft CryptoAPI */
+#define SGD_PROTOCOL_PKCS11		2 /* PKCS#11 */
+#define SGD_PROTOCOL_SDS		3 /* SDF API */
+#define SGD_PROTOCOL_UKEY		4 /* SKF API */
+#define SGD_PROTOCOL_CNG		5 /* Microsoft CryptoAPI Next Gen */
+#define SGD_PROTOCOL_GCS		6 /* */
+
+/* certificate validation */
+#define SGD_CRL_VERIFY			1
+#define SGD_OCSP_VEIFY			2
+
+/* role */
+#define SGD_ROLE_SUPER_MANAGER		0x00000001
+#define SGD_ROLE_MANAGER		0x00000002
+#define SGD_ROLE_AUDIT_MANAGER		0x00000003
+#define SGD_ROLE_AUDITOR		0x00000004
+#define SGD_ROLE_OPERATOR		0x00000005
+#define SGD_ROLE_USER			0x00000006
+
+/* user operations */
+#define SGD_OPERATION_SIGNIN		0x00000001
+#define SGD_OPERATION_SIGNOUT		0x00000002
+#define SGD_OPERATION_CREATE		0x00000003
+#define SGD_OPERATION_DELETE		0x00000004
+#define SGD_OPERATION_MODIFY		0x00000005
+#define SGD_OPERATION_CHG_PWD		0x00000006
+#define SGD_OPERATION_AUTHORIZATION	0x00000007
+
+/* user operation results */
+#define SGD_OPERATION_SUCCESS		0x00000000
+
+/* key types */
+#define SGD_MAIN_KEY			0x00000101
+#define SGD_DEVICE_KEYS			0x00000102
+#define SGD_USER_KEYS			0x00000103
+#define SGD_KEY				0x00000104
+#define SGD_SESSION_KEY			0x00000105
+#define SGD_PRIKEY_PASSWD		0x00000106
+#define SGD_COMPARTITION_KEY		0x00000107
+
+/* key operations */
+#define SGD_KEY_GENERATION		0x00000101
+#define SGD_KEY_DISPENSE		0x00000102
+#define SGD_KEY_IMPORT			0x00000103
+#define SGD_KEY_EXPORT			0x00000104
+#define SGD_KEY_DIVISION		0x00000105
+#define SGD_KEY_COMPOSE			0x00000106
+#define SGD_KEY_RENEWAL			0x00000107
+#define SGD_KEY_BACKUP			0x00000108
+#define SGD_KEY_RESTORE			0x00000109
+#define SGD_KEY_DESTORY			0x0000010A
+
+/* system operations */
+#define SGD_SYSTEM_INIT			0x00000201
+#define SGD_SYSTEM_START		0x00000202
+#define SGD_SYSTEM_SHUT			0x00000203
+#define SGD_SYSTEM_RESTART		0x00000204
+#define SGD_SYSTEM_QUERY		0x00000205
+#define SGD_SYSTEM_BACKUP		0x00000206
+#define SGD_SYSTEM_RESTORE		0x00000207
+
+/* device info */
+#define SGD_DEVICE_SORT			0x00000201
+#define SGD_DEVICE_TYPE			0x00000202
+#define SGD_DEVICE_NAME			0x00000203
+#define SGD_DEVICE_MANUFACTURER		0x00000204
+#define SGD_DEVICE_HARDWARE_VERSION	0x00000205
+#define SGD_DEVICE_SOFTWARE_VERSION	0x00000206
+#define SGD_DEVICE_STANDARD_VERSION	0x00000207
+#define SGD_DEVICE_SERIAL_NUMBER	0x00000208
+#define SGD_DEVICE_SUPPORT_SYMM_ALG	0x00000209
+#define SGD_DEVICE_SUPPORT_PKEY_ALG	0x0000020A
+#define SGD_DEVICE_SUPPORT_HASH_ALG	0x0000020B
+#define SGD_DEVICE_SUPPORT_STORAGE_SPACE 0x0000020C
+#define SGD_DEVICE_SUPPORT_FREE_SPACE	0x0000020D
+#define SGD_DEVICE_RUNTIME		0x0000020E
+#define SGD_DEVICE_USED_TIMES		0x0000020F
+#define SGD_DEVICE_LOCATION		0x00000210
+#define SGD_DEVICE_DESCRIPTION		0x00000211
+#define SGD_DEVICE_MANAGER_INFO		0x00000212
+#define SGD_DEVICE_MAX_DATA_SIZE	0x00000213
+
+/* device types */
+#define SGD_DEVICE_SORT_SJ		0x02000000 /* Server */
+#define SGD_DEVICE_SORT_SK		0x03000000 /* PCI-E Card */
+#define SGD_DEVICE_SORT_SM		0x04000000 /* USB-Key and SmartCard */
+
+/* device functionality */
+#define SGD_DEVICE_SORT_FE		0x00000100 /* encryption */
+#define SGD_DEVICE_SORT_FA		0x00000200 /* authentication */
+#define SGD_DEVICE_SORT_FM		0x00000300 /* key management */
+
+/* device status */
+#define SGD_STATUS_INIT			0x00000201
+#define SGD_STATUS_READY		0x00000202
+#define SGD_STATUS_EXCEPTION		0x00000203
+
+/* SKF */
+#ifndef WIN32
+typedef signed char		INT8;
+typedef signed short		INT16;
+typedef signed int		INT32;
+typedef unsigned char		UINT8;
+typedef unsigned short		UINT16;
+typedef unsigned int		UINT32;
+typedef long			BOOL;
+typedef UINT8			BYTE;
+typedef UINT8			CHAR;
+typedef INT16			SHORT;
+typedef UINT16			USHORT;
+# ifndef SGD_NATIVE_LONG
+typedef INT32			LONG;
+typedef UINT32			ULONG;
+# else
+typedef long			LONG;
+typedef unsigned long		ULONG;
+# endif
+typedef UINT32			UINT;
+typedef UINT16			WORD;
+typedef UINT32			DWORD;
+typedef UINT32			FLAGS;
+typedef CHAR *			LPSTR;
+typedef void *			HANDLE;
+#else
+#ifndef _WINDEF_H
+typedef signed char		INT8;
+typedef signed short		INT16;
+typedef signed int		INT32;
+typedef unsigned char		UINT8;
+typedef unsigned short		UINT16;
+typedef unsigned int		UINT32;
+typedef long			BOOL;
+typedef UINT8			BYTE;
+typedef UINT8			CHAR;
+typedef INT16			SHORT;
+typedef UINT16			USHORT;
+# ifndef SGD_NATIVE_LONG
+typedef INT32			LONG;
+typedef UINT32			ULONG;
+# else
+typedef long			LONG;
+typedef unsigned long		ULONG;
+# endif
+typedef UINT32			UINT;
+typedef UINT16			WORD;
+typedef UINT32			DWORD;
+typedef UINT32			FLAGS;
+typedef CHAR *			LPSTR;
+typedef void *			HANDLE;
+#endif
+#endif
+
+typedef HANDLE DEVHANDLE;
+typedef HANDLE HAPPLICATION;
+typedef HANDLE HSESSION;
+typedef HANDLE HCONTAINER;
+
+#ifndef FALSE
+#define FALSE			0x00000000
+#endif
+
+#ifndef TRUE
+#define TRUE			0x00000001
+#endif
+
+#ifdef WIN32
+#define DEVAPI __stdcall
+#else
+#define DEVAPI
+#endif
+
+#ifndef ADMIN_TYPE
+#define ADMIN_TYPE			0
+#endif
+
+#ifndef USER_TYPE
+#define USER_TYPE			1
+#endif
+
+#define MAX_RSA_MODULUS_LEN		256
+#define MAX_RSA_EXPONENT_LEN		4
+#define ECC_MAX_XCOORDINATE_BITS_LEN	512
+#define ECC_MAX_YCOORDINATE_BITS_LEN	512
+#define ECC_MAX_MODULUS_BITS_LEN	512
+
+#define MAX_IV_LEN			32
+
+#define MAX_FILE_NAME_SIZE		32
+#define MAX_FILE_CONTAINER_NAME_SIZE	64
+
+#define SECURE_NEVER_ACCOUNT		0x00000000
+#define SECURE_ADM_ACCOUNT		0x00000001
+#define SECURE_USER_ACCOUNT		0x00000010
+#define SECURE_ANYONE_ACCOUNT		0x000000FF
+
+
+/* SDF */
+
+#define RSAref_MAX_BITS			2048
+#define RSAref_MAX_LEN			((RSAref_MAX_BITS + 7) / 8)
+#define RSAref_MAX_PBITS		((RSAref_MAX_BITS + 1) / 2)
+#define RSAref_MAX_PLEN			((RSAref_MAX_PBITS + 7)/ 8)
+
+#ifdef SGD_MAX_ECC_BITS_256
+#define ECCref_MAX_BITS			256
+#else
+#define ECCref_MAX_BITS			512
+#endif
+#define ECCref_MAX_LEN			((ECCref_MAX_BITS+7) / 8)
+
+
+/* SAF */
+#define SGD_MAX_COUNT		64
+#define SGD_MAX_NAME_SIZE	256
+
+
+#endif
+#endif

skf/skf.h

@@ -0,0 +1,750 @@
+/* ====================================================================
+ * Copyright (c) 2015 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/* This header file is from the official specification with minor
+ * modification.
+ */
+
+#ifndef HEADER_SKF_H
+#define HEADER_SKF_H
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_SKF
+
+#include <openssl/sgd.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#pragma pack(1)
+typedef struct Struct_Version{
+	BYTE major;
+	BYTE minor;
+} VERSION;
+
+typedef struct Struct_DEVINFO {
+	VERSION	Version;
+	CHAR	Manufacturer[64];
+	CHAR	Issuer[64];
+	CHAR	Label[32];
+	CHAR	SerialNumber[32];
+	VERSION	HWVersion;
+	VERSION	FirmwareVersion;
+	ULONG	AlgSymCap;
+	ULONG	AlgAsymCap;
+	ULONG	AlgHashCap;
+	ULONG	DevAuthAlgId;
+	ULONG	TotalSpace;
+	ULONG	FreeSpace;
+	ULONG	MaxECCBufferSize;
+	ULONG	MaxBufferSize;
+	BYTE  	Reserved[64];
+} DEVINFO, *PDEVINFO;
+
+typedef struct Struct_RSAPUBLICKEYBLOB {
+	ULONG	AlgID;
+	ULONG	BitLen;
+	BYTE	Modulus[MAX_RSA_MODULUS_LEN];
+	BYTE	PublicExponent[MAX_RSA_EXPONENT_LEN];
+} RSAPUBLICKEYBLOB, *PRSAPUBLICKEYBLOB;
+
+typedef struct Struct_RSAPRIVATEKEYBLOB {
+	ULONG	AlgID;
+	ULONG	BitLen;
+	BYTE	Modulus[MAX_RSA_MODULUS_LEN];
+	BYTE	PublicExponent[MAX_RSA_EXPONENT_LEN];
+	BYTE	PrivateExponent[MAX_RSA_MODULUS_LEN];
+	BYTE	Prime1[MAX_RSA_MODULUS_LEN/2];
+	BYTE	Prime2[MAX_RSA_MODULUS_LEN/2];
+	BYTE	Prime1Exponent[MAX_RSA_MODULUS_LEN/2];
+	BYTE	Prime2Exponent[MAX_RSA_MODULUS_LEN/2];
+	BYTE	Coefficient[MAX_RSA_MODULUS_LEN/2];
+} RSAPRIVATEKEYBLOB, *PRSAPRIVATEKEYBLOB;
+
+typedef struct Struct_ECCPUBLICKEYBLOB {
+	ULONG	BitLen;
+	BYTE	XCoordinate[ECC_MAX_XCOORDINATE_BITS_LEN/8];
+	BYTE	YCoordinate[ECC_MAX_YCOORDINATE_BITS_LEN/8];
+} ECCPUBLICKEYBLOB, *PECCPUBLICKEYBLOB;
+
+typedef struct Struct_ECCPRIVATEKEYBLOB {
+	ULONG	BitLen;
+	BYTE	PrivateKey[ECC_MAX_MODULUS_BITS_LEN/8];
+} ECCPRIVATEKEYBLOB, *PECCPRIVATEKEYBLOB;
+
+typedef struct Struct_ECCCIPHERBLOB {
+	BYTE	XCoordinate[ECC_MAX_XCOORDINATE_BITS_LEN/8];
+	BYTE	YCoordinate[ECC_MAX_XCOORDINATE_BITS_LEN/8];
+	BYTE	HASH[32];
+	ULONG	CipherLen;
+	BYTE	Cipher[1];
+} ECCCIPHERBLOB, *PECCCIPHERBLOB;
+
+typedef struct Struct_ECCSIGNATUREBLOB {
+	BYTE	r[ECC_MAX_XCOORDINATE_BITS_LEN/8];
+	BYTE	s[ECC_MAX_XCOORDINATE_BITS_LEN/8];
+} ECCSIGNATUREBLOB, *PECCSIGNATUREBLOB;
+
+typedef struct Struct_BLOCKCIPHERPARAM {
+	BYTE	IV[MAX_IV_LEN];
+	ULONG	IVLen;
+	ULONG	PaddingType;
+	ULONG	FeedBitLen;
+} BLOCKCIPHERPARAM, *PBLOCKCIPHERPARAM;
+
+typedef struct SKF_ENVELOPEDKEYBLOB {
+	ULONG	Version;
+	ULONG	ulSymmAlgID;
+	ULONG	ulBits;
+	BYTE	cbEncryptedPriKey[64];
+	ECCPUBLICKEYBLOB	PubKey;
+	ECCCIPHERBLOB		ECCCipherBlob;
+} ENVELOPEDKEYBLOB, *PENVELOPEDKEYBLOB;
+
+typedef struct Struct_FILEATTRIBUTE {
+	CHAR	FileName[MAX_FILE_NAME_SIZE];
+	ULONG	FileSize;
+	ULONG	ReadRights;
+	ULONG	WriteRights;
+} FILEATTRIBUTE, *PFILEATTRIBUTE;
+#pragma pack()
+
+/* 7.1.2 */
+ULONG DEVAPI SKF_WaitForDevEvent(
+	LPSTR szDevName,
+	ULONG *pulDevNameLen,
+	ULONG *pulEvent);
+
+/* 7.1.3 */
+ULONG DEVAPI SKF_CancelWaitForDevEvent(
+	void);
+
+/* 7.1.4 */
+ULONG DEVAPI SKF_EnumDev(
+	BOOL bPresent,
+	LPSTR szNameList,
+	ULONG *pulSize);
+
+/* 7.1.5 */
+ULONG DEVAPI SKF_ConnectDev(
+	LPSTR szName,
+	DEVHANDLE *phDev);
+
+/* 7.1.6 */
+ULONG DEVAPI SKF_DisConnectDev(
+	DEVHANDLE hDev);
+
+/* 7.1.7 */
+ULONG DEVAPI SKF_GetDevState(
+	LPSTR szDevName,
+	ULONG *pulDevState);
+
+/* 7.1.8 */
+ULONG DEVAPI SKF_SetLabel(
+	DEVHANDLE hDev,
+	LPSTR szLabel);
+
+/* 7.1.9 */
+ULONG DEVAPI SKF_GetDevInfo(
+	DEVHANDLE hDev,
+	DEVINFO *pDevInfo);
+
+/* 7.1.10 */
+ULONG DEVAPI SKF_LockDev(
+	DEVHANDLE hDev,
+	ULONG ulTimeOut);
+
+/* 7.1.11 */
+ULONG DEVAPI SKF_UnlockDev(
+	DEVHANDLE hDev);
+
+/* 7.1.12 */
+ULONG DEVAPI SKF_Transmit(
+	DEVHANDLE hDev,
+	BYTE *pbCommand,
+	ULONG ulCommandLen,
+	BYTE *pbData,
+	ULONG *pulDataLen);
+
+/* 7.2.2 */
+ULONG DEVAPI SKF_ChangeDevAuthKey(
+	DEVHANDLE hDev,
+	BYTE *pbKeyValue,
+	ULONG ulKeyLen);
+
+/* 7.2.3 */
+ULONG DEVAPI SKF_DevAuth(
+	DEVHANDLE hDev,
+	BYTE *pbAuthData,
+	ULONG ulLen);
+
+/* 7.2.4 */
+ULONG DEVAPI SKF_ChangePIN(
+	HAPPLICATION hApplication,
+	ULONG ulPINType,
+	LPSTR szOldPin,
+	LPSTR szNewPin,
+	ULONG *pulRetryCount);
+
+/* 7.2.5 */
+LONG DEVAPI SKF_GetPINInfo(
+	HAPPLICATION hApplication,
+	ULONG ulPINType,
+	ULONG *pulMaxRetryCount,
+	ULONG *pulRemainRetryCount,
+	BOOL *pbDefaultPin);
+
+/* 7.2.6 */
+ULONG DEVAPI SKF_VerifyPIN(
+	HAPPLICATION hApplication,
+	ULONG ulPINType,
+	LPSTR szPIN,
+	ULONG *pulRetryCount);
+
+/* 7.2.7 */
+ULONG DEVAPI SKF_UnblockPIN(
+	HAPPLICATION hApplication,
+	LPSTR szAdminPIN,
+	LPSTR szNewUserPIN,
+	ULONG *pulRetryCount);
+
+/* 7.2.8 */
+ULONG DEVAPI SKF_ClearSecureState(
+	HAPPLICATION hApplication);
+
+/* 7.3.2 */
+ULONG DEVAPI SKF_CreateApplication(
+	DEVHANDLE hDev,
+	LPSTR szAppName,
+	LPSTR szAdminPin,
+	DWORD dwAdminPinRetryCount,
+	LPSTR szUserPin,
+	DWORD dwUserPinRetryCount,
+	DWORD dwCreateFileRights,
+	HAPPLICATION *phApplication);
+
+/* 7.3.3 */
+ULONG DEVAPI SKF_EnumApplication(
+	DEVHANDLE hDev,
+	LPSTR szAppName,
+	ULONG *pulSize);
+
+/* 7.3.4 */
+ULONG DEVAPI SKF_DeleteApplication(
+	DEVHANDLE hDev,
+	LPSTR szAppName);
+
+/* 7.3.5 */
+ULONG DEVAPI SKF_OpenApplication(
+	DEVHANDLE hDev,
+	LPSTR szAppName,
+	HAPPLICATION *phApplication);
+
+/* 7.3.6 */
+ULONG DEVAPI SKF_CloseApplication(
+	HAPPLICATION hApplication);
+
+/* 7.4.2 */
+ULONG DEVAPI SKF_CreateFile(
+	HAPPLICATION hApplication,
+	LPSTR szFileName,
+	ULONG ulFileSize,
+	ULONG ulReadRights,
+	ULONG ulWriteRights);
+
+/* 7.4.3 */
+ULONG DEVAPI SKF_DeleteFile(
+	HAPPLICATION hApplication,
+	LPSTR szFileName);
+
+/* 7.4.4 */
+ULONG DEVAPI SKF_EnumFiles(
+	HAPPLICATION hApplication,
+	LPSTR szFileList,
+	ULONG *pulSize);
+
+/* 7.4.5 */
+ULONG DEVAPI SKF_GetFileInfo(
+	HAPPLICATION hApplication,
+	LPSTR szFileName,
+	FILEATTRIBUTE *pFileInfo);
+
+/* 7.4.6 */
+ULONG DEVAPI SKF_ReadFile(
+	HAPPLICATION hApplication,
+	LPSTR szFileName,
+	ULONG ulOffset,
+	ULONG ulSize,
+	BYTE *pbOutData,
+	ULONG *pulOutLen);
+
+/* 7.4.7 */
+ULONG DEVAPI SKF_WriteFile(
+	HAPPLICATION hApplication,
+	LPSTR szFileName,
+	ULONG ulOffset,
+	BYTE *pbData,
+	ULONG ulSize);
+
+/* 7.5.2 */
+ULONG DEVAPI SKF_CreateContainer(
+	HAPPLICATION hApplication,
+	LPSTR szContainerName,
+	HCONTAINER *phContainer);
+
+/* 7.5.3 */
+ULONG DEVAPI SKF_DeleteContainer(
+	HAPPLICATION hApplication,
+	LPSTR szContainerName);
+
+/* 7.5.4 */
+ULONG DEVAPI SKF_OpenContainer(
+	HAPPLICATION hApplication,
+	LPSTR szContainerName,
+	HCONTAINER *phContainer);
+
+/* 7.5.5 */
+ULONG DEVAPI SKF_CloseContainer(
+	HCONTAINER hContainer);
+
+/* 7.5.6 */
+ULONG DEVAPI SKF_EnumContainer(
+	HAPPLICATION hApplication,
+	LPSTR szContainerName,
+	ULONG *pulSize);
+
+/* 7.5.7 */
+ULONG DEVAPI SKF_GetContainerType(
+	HCONTAINER hContainer,
+	ULONG *pulContainerType);
+
+/* 7.5.8 */
+ULONG DEVAPI SKF_ImportCertificate(
+	HCONTAINER hContainer,
+	BOOL bExportSignKey,
+	BYTE *pbCert,
+	ULONG ulCertLen);
+
+/* 7.5.9 */
+ULONG DEVAPI SKF_ExportCertificate(
+	HCONTAINER hContainer,
+	BOOL bSignFlag,
+	BYTE *pbCert,
+	ULONG *pulCertLen);
+
+/* 7.6.2 */
+ULONG DEVAPI SKF_GenRandom(
+	DEVHANDLE hDev,
+	BYTE *pbRandom,
+	ULONG ulRandomLen);
+
+/* 7.6.3 */
+ULONG DEVAPI SKF_GenExtRSAKey(
+	DEVHANDLE hDev,
+	ULONG ulBitsLen,
+	RSAPRIVATEKEYBLOB *pBlob);
+
+/* 7.6.4 */
+ULONG DEVAPI SKF_GenRSAKeyPair(
+	HCONTAINER hContainer,
+	ULONG ulBitsLen,
+	RSAPUBLICKEYBLOB *pBlob);
+
+/* 7.6.5 */
+ULONG DEVAPI SKF_ImportRSAKeyPair(
+	HCONTAINER hContainer,
+	ULONG ulSymAlgId,
+	BYTE *pbWrappedKey,
+	ULONG ulWrappedKeyLen,
+	BYTE *pbEncryptedData,
+	ULONG ulEncryptedDataLen);
+
+/* 7.6.6 */
+ULONG DEVAPI SKF_RSASignData(
+	HCONTAINER hContainer,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbSignature,
+	ULONG *pulSignLen);
+
+/* 7.6.7 */
+ULONG DEVAPI SKF_RSAVerify(
+	DEVHANDLE hDev,
+	RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbSignature,
+	ULONG ulSignLen);
+
+/* 7.6.8 */
+ULONG DEVAPI SKF_RSAExportSessionKey(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	RSAPUBLICKEYBLOB *pPubKey,
+	BYTE *pbData,
+	ULONG *pulDataLen,
+	HANDLE *phSessionKey);
+
+/* 7.6.9 */
+ULONG DEVAPI SKF_ExtRSAPubKeyOperation(
+	DEVHANDLE hDev,
+	RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
+	BYTE *pbInput,
+	ULONG ulInputLen,
+	BYTE *pbOutput,
+	ULONG *pulOutputLen);
+
+/* 7.6.10 */
+ULONG DEVAPI SKF_ExtRSAPriKeyOperation(
+	DEVHANDLE hDev,
+	RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
+	BYTE *pbInput,
+	ULONG ulInputLen,
+	BYTE *pbOutput,
+	ULONG *pulOutputLen);
+
+/* 7.6.11 */
+ULONG DEVAPI SKF_GenECCKeyPair(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	ECCPUBLICKEYBLOB *pBlob);
+
+/* 7.6.12 */
+ULONG DEVAPI SKF_ImportECCKeyPair(
+	HCONTAINER hContainer,
+	ENVELOPEDKEYBLOB *pEnvelopedKeyBlob);
+
+/* 7.6.13 */
+ULONG DEVAPI SKF_ECCSignData(
+	HCONTAINER hContainer,
+	BYTE *pbDigest,
+	ULONG ulDigestLen,
+	ECCSIGNATUREBLOB *pSignature);
+
+#ifdef SKF_HAS_ECCDECRYPT
+ULONG DEVAPI SKF_ECCDecrypt(
+	HCONTAINER hContainer,
+	ECCCIPHERBLOB *pCipherBlob,
+	BYTE *pbPlainText,
+	ULONG *pulPlainTextLen);
+#endif
+
+/* 7.6.14 */
+ULONG DEVAPI SKF_ECCVerify(
+	DEVHANDLE hDev,
+	ECCPUBLICKEYBLOB *pECCPubKeyBlob,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	ECCSIGNATUREBLOB *pSignature);
+
+/* 7.6.15 */
+ULONG DEVAPI SKF_ECCExportSessionKey(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	ECCPUBLICKEYBLOB *pPubKey,
+	ECCCIPHERBLOB *pData,
+	HANDLE *phSessionKey);
+
+/* 7.6.16 */
+ULONG DEVAPI SKF_ExtECCEncrypt(
+	DEVHANDLE hDev,
+	ECCPUBLICKEYBLOB *pECCPubKeyBlob,
+	BYTE *pbPlainText,
+	ULONG ulPlainTextLen,
+	ECCCIPHERBLOB *pCipherText);
+
+/* 7.6.17 */
+ULONG DEVAPI SKF_ExtECCDecrypt(
+	DEVHANDLE hDev,
+	ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
+	ECCCIPHERBLOB *pCipherText,
+	BYTE *pbPlainText,
+	ULONG *pulPlainTextLen);
+
+/* 7.6.18 */
+ULONG DEVAPI SKF_ExtECCSign(
+	DEVHANDLE hDev,
+	ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	ECCSIGNATUREBLOB *pSignature);
+
+/* 7.6.19 */
+ULONG DEVAPI SKF_ExtECCVerify(
+	DEVHANDLE hDev,
+	ECCPUBLICKEYBLOB *pECCPubKeyBlob,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	ECCSIGNATUREBLOB *pSignature);
+
+/* 7.6.20 */
+ULONG DEVAPI SKF_GenerateAgreementDataWithECC(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
+	BYTE *pbID,
+	ULONG ulIDLen,
+	HANDLE *phAgreementHandle);
+
+/* 7.6.21 */
+ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(
+	HANDLE hContainer,
+	ULONG ulAlgId,
+	ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
+	ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
+	ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
+	BYTE *pbID,
+	ULONG ulIDLen,
+	BYTE *pbSponsorID,
+	ULONG ulSponsorIDLen,
+	HANDLE *phKeyHandle);
+
+/* 7.6.22 */
+ULONG DEVAPI SKF_GenerateKeyWithECC(
+	HANDLE hAgreementHandle,
+	ECCPUBLICKEYBLOB *pECCPubKeyBlob,
+	ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
+	BYTE *pbID,
+	ULONG ulIDLen,
+	HANDLE *phKeyHandle);
+
+/* 7.6.23 */
+ULONG DEVAPI SKF_ExportPublicKey(
+	HCONTAINER hContainer,
+	BOOL bSignFlag,
+	BYTE *pbBlob,
+	ULONG *pulBlobLen);
+
+/* 7.6.24 */
+ULONG DEVAPI SKF_ImportSessionKey(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	BYTE *pbWrapedData,
+	ULONG ulWrapedLen,
+	HANDLE *phKey);
+
+/* 7.6.25 */
+ULONG DEVAPI SKF_SetSymmKey(
+	DEVHANDLE hDev,
+	BYTE *pbKey,
+	ULONG ulAlgID,
+	HANDLE *phKey);
+
+/* 7.6.26 */
+ULONG DEVAPI SKF_EncryptInit(
+	HANDLE hKey,
+	BLOCKCIPHERPARAM EncryptParam);
+
+/* 7.6.27 */
+ULONG DEVAPI SKF_Encrypt(
+	HANDLE hKey,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbEncryptedData,
+	ULONG *pulEncryptedLen);
+
+/* 7.6.28 */
+ULONG DEVAPI SKF_EncryptUpdate(
+	HANDLE hKey,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbEncryptedData,
+	ULONG *pulEncryptedLen);
+
+/* 7.6.29 */
+ULONG DEVAPI SKF_EncryptFinal(
+	HANDLE hKey,
+	BYTE *pbEncryptedData,
+	ULONG *pulEncryptedDataLen);
+
+/* 7.6.30 */
+ULONG DEVAPI SKF_DecryptInit(
+	HANDLE hKey,
+	BLOCKCIPHERPARAM DecryptParam);
+
+/* 7.6.31 */
+ULONG DEVAPI SKF_Decrypt(
+	HANDLE hKey,
+	BYTE *pbEncryptedData,
+	ULONG ulEncryptedLen,
+	BYTE *pbData,
+	ULONG *pulDataLen);
+
+/* 7.6.32 */
+ULONG DEVAPI SKF_DecryptUpdate(
+	HANDLE hKey,
+	BYTE *pbEncryptedData,
+	ULONG ulEncryptedLen,
+	BYTE *pbData,
+	ULONG *pulDataLen);
+
+/* 7.6.33 */
+ULONG DEVAPI SKF_DecryptFinal(
+	HANDLE hKey,
+	BYTE *pbDecryptedData,
+	ULONG *pulDecryptedDataLen);
+
+/* 7.6.34 */
+ULONG DEVAPI SKF_DigestInit(
+	DEVHANDLE hDev,
+	ULONG ulAlgID,
+	ECCPUBLICKEYBLOB *pPubKey,
+	BYTE *pbID,
+	ULONG ulIDLen,
+	HANDLE *phHash);
+
+/* 7.6.35 */
+ULONG DEVAPI SKF_Digest(
+	HANDLE hHash,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbHashData,
+	ULONG *pulHashLen);
+
+/* 7.6.36 */
+ULONG DEVAPI SKF_DigestUpdate(
+	HANDLE hHash,
+	BYTE *pbData,
+	ULONG ulDataLen);
+
+/* 7.6.37 */
+ULONG DEVAPI SKF_DigestFinal(
+	HANDLE hHash,
+	BYTE *pHashData,
+	ULONG *pulHashLen);
+
+/* 7.6.38 */
+ULONG DEVAPI SKF_MacInit(
+	HANDLE hKey,
+	BLOCKCIPHERPARAM *pMacParam,
+	HANDLE *phMac);
+
+/* 7.6.39 */
+ULONG DEVAPI SKF_Mac(
+	HANDLE hMac,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbMacData,
+	ULONG *pulMacLen);
+
+/* 7.6.40 */
+ULONG DEVAPI SKF_MacUpdate(
+	HANDLE hMac,
+	BYTE *pbData,
+	ULONG ulDataLen);
+
+/* 7.6.41 */
+ULONG DEVAPI SKF_MacFinal(
+	HANDLE hMac,
+	BYTE *pbMacData,
+	ULONG *pulMacDataLen);
+
+/* 7.6.42 */
+ULONG DEVAPI SKF_CloseHandle(
+	HANDLE hHandle);
+
+
+#define SAR_OK				0x00000000
+#define SAR_FAIL			0x0A000001
+#define SAR_UNKNOWNERR			0x0A000002
+#define SAR_NOTSUPPORTYETERR		0x0A000003
+#define SAR_FILEERR			0x0A000004
+#define SAR_INVALIDHANDLEERR		0x0A000005
+#define SAR_INVALIDPARAMERR		0x0A000006
+#define SAR_READFILEERR			0x0A000007
+#define SAR_WRITEFILEERR		0x0A000008
+#define SAR_NAMELENERR			0x0A000009
+#define SAR_KEYUSAGEERR			0x0A00000A
+#define SAR_MODULUSLENERR		0x0A00000B
+#define SAR_NOTINITIALIZEERR		0x0A00000C
+#define SAR_OBJERR			0x0A00000D
+#define SAR_MEMORYERR			0x0A00000E
+#define SAR_TIMEOUTERR			0x0A00000F
+#define SAR_INDATALENERR		0x0A000010
+#define SAR_INDATAERR			0x0A000011
+#define SAR_GENRANDERR			0x0A000012
+#define SAR_HASHOBJERR			0x0A000013
+#define SAR_HASHERR			0x0A000014
+#define SAR_GENRSAKEYERR		0x0A000015
+#define SAR_RSAMODULUSLENERR		0x0A000016
+#define SAR_CSPIMPRTPUBKEYERR		0x0A000017
+#define SAR_RSAENCERR			0x0A000018
+#define SAR_RSADECERR			0x0A000019
+#define SAR_HASHNOTEQUALERR		0x0A00001A
+#define SAR_KEYNOTFOUNTERR		0x0A00001B
+#define SAR_CERTNOTFOUNTERR		0x0A00001C
+#define SAR_NOTEXPORTERR		0x0A00001D
+#define SAR_DECRYPTPADERR		0x0A00001E
+#define SAR_MACLENERR			0x0A00001F
+#define SAR_BUFFER_TOO_SMALL		0x0A000020
+#define SAR_KEYINFOTYPEERR		0x0A000021
+#define SAR_NOT_EVENTERR		0x0A000022
+#define SAR_DEVICE_REMOVED		0x0A000023
+#define SAR_PIN_INCORRECT		0x0A000024
+#define SAR_PIN_LOCKED			0x0A000025
+#define SAR_PIN_INVALID			0x0A000026
+#define SAR_PIN_LEN_RANGE		0x0A000027
+#define SAR_USER_ALREADY_LOGGED_IN	0x0A000028
+#define SAR_USER_PIN_NOT_INITIALIZED	0x0A000029
+#define SAR_USER_TYPE_INVALID		0x0A00002A
+#define SAR_APPLICATION_NAME_INVALID	0x0A00002B
+#define SAR_APPLICATION_EXISTS		0x0A00002C
+#define SAR_USER_NOT_LOGGED_IN		0x0A00002D
+#define SAR_APPLICATION_NOT_EXISTS	0x0A00002E
+#define SAR_FILE_ALREADY_EXIST		0x0A00002F
+#define SAR_NO_ROOM			0x0A000030
+#define SAR_FILE_NOT_EXIST		0x0A000031
+#define SAR_REACH_MAX_CONTAINER_COUNT	0x0A000032
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+#endif

skf/skf_ext.c

@@ -0,0 +1,606 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2019 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/gmskf.h>
+#include <openssl/gmapi.h>
+#include <openssl/x509v3.h>
+#include "internal/skf_int.h"
+#include "../../e_os.h"
+
+
+ULONG DEVAPI SKF_NewECCCipher(ULONG ulCipherLen, ECCCIPHERBLOB **cipherBlob)
+{
+	ECCCIPHERBLOB *ret = NULL;
+
+	if (!(ret = OPENSSL_malloc(sizeof(ECCCIPHERBLOB) - 1 + ulCipherLen))) {
+		SKFerr(SKF_F_SKF_NEWECCCIPHER, ERR_R_MALLOC_FAILURE);
+		return SAR_MEMORYERR;
+	}
+
+	ret->CipherLen = ulCipherLen;
+	*cipherBlob = ret;
+	return SAR_OK;
+}
+
+ULONG DEVAPI SKF_NewEnvelopedKey(ULONG ulCipherLen, ENVELOPEDKEYBLOB **envelopedKeyBlob)
+{
+	ENVELOPEDKEYBLOB *ret = NULL;
+
+	if (!(ret = OPENSSL_zalloc(sizeof(ENVELOPEDKEYBLOB) - 1 + ulCipherLen))) {
+		SKFerr(SKF_F_SKF_NEWENVELOPEDKEY, ERR_R_MALLOC_FAILURE);
+		return SAR_MEMORYERR;
+	}
+
+	ret->ECCCipherBlob.CipherLen = ulCipherLen;
+	*envelopedKeyBlob = ret;
+	return SAR_OK;
+}
+
+ULONG DEVAPI SKF_OpenDevice(LPSTR devName, BYTE authKey[16], DEVINFO *devInfo, DEVHANDLE *phDev)
+{
+	ULONG rv;
+	DEVHANDLE hDev = NULL;
+	HANDLE hKey = NULL;
+	ULONG ulTimeOut = 0xffffffff;
+	BYTE authRand[16] = {0};
+	BYTE authData[16] = {0};
+	ULONG authRandLen = SKF_AUTHRAND_LENGTH;
+	ULONG authDataLen = sizeof(authData);
+	BLOCKCIPHERPARAM encParam = {{0}, 0, 0, 0};
+
+	if ((rv = SKF_ConnectDev((LPSTR)devName, &hDev)) != SAR_OK
+		|| (rv = SKF_GetDevInfo(hDev, devInfo)) != SAR_OK
+		|| (rv = SKF_LockDev(hDev, ulTimeOut)) != SAR_OK
+		|| (rv = SKF_GenRandom(hDev, authRand, authRandLen)) != SAR_OK
+		|| (rv = SKF_SetSymmKey(hDev, authKey, devInfo->DevAuthAlgId, &hKey)) != SAR_OK
+		|| (rv = SKF_EncryptInit(hKey, encParam)) != SAR_OK
+		|| (rv = SKF_Encrypt(hKey, authRand, sizeof(authRand), authData, &authDataLen)) != SAR_OK
+		|| (rv =SKF_DevAuth(hDev, authData, authDataLen)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
+		goto end;
+	}
+	*phDev = hDev;
+	hDev = NULL;
+
+end:
+	OPENSSL_cleanse(authRand, sizeof(authRand));
+	OPENSSL_cleanse(authData, sizeof(authData));
+	if (hKey && (rv = SKF_CloseHandle(hKey)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
+	}
+	if (hDev  && (rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
+	}
+	return rv;
+}
+
+ULONG DEVAPI SKF_CloseDevice(DEVHANDLE hDev)
+{
+	ULONG rv;
+	if ((rv = SKF_UnlockDev(hDev)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_CLOSEDEVICE, ERR_R_SKF_LIB);
+	}
+	if ((rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_CLOSEDEVICE, ERR_R_SKF_LIB);
+	}
+	return rv;
+}
+
+
+ULONG DEVAPI SKF_ImportECCPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
+	EC_KEY *ec_key, ULONG symmAlgId)
+{
+	int ret = 0;
+	ULONG rv;
+	ULONG containerType;
+	ECCPRIVATEKEYBLOB eccPriKeyBlob;
+	BYTE symmKey[16];
+	HANDLE hSymmKey = NULL;
+	BLOCKCIPHERPARAM encParam;
+	ULONG encedPriKeyLen;
+	SKF_PUBLICKEYBLOB signPubKeyBlob;
+	ULONG signPubKeyLen = sizeof(signPubKeyBlob);
+	ENVELOPEDKEYBLOB envelopedKeyBlob;
+
+	/* check container type */
+	if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		return rv;
+	}
+	if (containerType != SKF_CONTAINER_TYPE_ECC) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
+		return SAR_FAIL;
+	}
+
+	/* get private key and public key */
+	if (!EC_KEY_get_ECCPRIVATEKEYBLOB(ec_key, &eccPriKeyBlob)
+		|| !EC_KEY_get_ECCPUBLICKEYBLOB(ec_key, &(envelopedKeyBlob.PubKey))) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_GMAPI_LIB);
+		rv = SAR_FAIL;
+		goto end;
+	}
+
+	/* set Version, ulSymmAlgID, ulBits */
+	envelopedKeyBlob.Version = SKF_ENVELOPEDKEYBLOB_VERSION;
+	envelopedKeyBlob.ulSymmAlgID = symmAlgId;
+	envelopedKeyBlob.ulBits = eccPriKeyBlob.BitLen;
+
+	/* encrypt private key with random generated symmkey */
+	if (!RAND_bytes(symmKey, sizeof(symmKey))) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		rv = SAR_FAIL;
+		goto end;
+	}
+	if ((rv = SKF_SetSymmKey(hDev, symmKey, symmAlgId, &hSymmKey)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+	encParam.IVLen = 0;
+	encParam.PaddingType = SKF_NO_PADDING;
+	if ((rv = SKF_EncryptInit(hSymmKey, encParam)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+	encedPriKeyLen = sizeof(envelopedKeyBlob.cbEncryptedPriKey);
+	if ((rv = SKF_Encrypt(hSymmKey,
+		eccPriKeyBlob.PrivateKey, sizeof(eccPriKeyBlob.PrivateKey),
+		(BYTE *)&(envelopedKeyBlob.cbEncryptedPriKey), &encedPriKeyLen)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+	if (encedPriKeyLen != sizeof(eccPriKeyBlob.PrivateKey)) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		rv = SAR_FAIL;
+		goto end;
+	}
+
+	/* encrypt symmKey */
+	if ((rv = SKF_ExportPublicKey(hContainer, TRUE,
+		(BYTE *)&signPubKeyBlob, &signPubKeyLen)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+	if (signPubKeyLen != sizeof(ECCPUBLICKEYBLOB)) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		rv = SAR_FAIL;
+		goto end;
+	}
+	if ((rv = SKF_ExtECCEncrypt(hDev, (ECCPUBLICKEYBLOB *)&signPubKeyBlob,
+		symmKey, sizeof(symmKey), &(envelopedKeyBlob.ECCCipherBlob))) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+
+	ret = 1;
+end:
+	OPENSSL_cleanse(&eccPriKeyBlob, sizeof(eccPriKeyBlob));
+	OPENSSL_cleanse(symmKey, sizeof(symmKey));
+	if (hSymmKey && SKF_CloseHandle(hSymmKey) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
+		ret = 0;
+	}
+	return ret;
+}
+
+ULONG DEVAPI SKF_ImportRSAPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
+	RSA *rsa, ULONG symmAlgId)
+{
+	ULONG rv;
+	ULONG containerType;
+	RSAPRIVATEKEYBLOB rsaPriKeyBlob;
+	unsigned char symmKey[16];
+	RSAPUBLICKEYBLOB rsaPubKeyBlob;
+	ULONG rsaPubKeyLen = sizeof(rsaPubKeyBlob);
+	BYTE wrappedKey[MAX_RSA_MODULUS_LEN];
+	ULONG wrappedKeyLen = sizeof(wrappedKey);
+	EVP_CIPHER_CTX *cctx = NULL;
+	unsigned char *p;
+	int len;
+	BYTE encedPriKey[sizeof(RSAPRIVATEKEYBLOB) + 16*2];
+	ULONG encedPriKeyLen = sizeof(encedPriKey);
+
+
+	if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
+		return rv;
+	}
+	if (containerType != SKF_CONTAINER_TYPE_RSA) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
+		return SAR_FAIL;
+	}
+
+	if (!RSA_get_RSAPRIVATEKEYBLOB(rsa, &rsaPriKeyBlob)) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+
+	/* generate symmkey */
+	/* wrap symmkey with signing public key */
+	if (!RAND_bytes(symmKey, sizeof(symmKey))) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+	if ((rv = SKF_ExportPublicKey(hContainer, SGD_TRUE,
+		(BYTE *)&rsaPubKeyBlob, &rsaPubKeyLen)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+	if (!(rsa = RSA_new_from_RSAPUBLICKEYBLOB(&rsaPubKeyBlob))) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+	if ((len = RSA_public_encrypt(sizeof(symmKey), symmKey, wrappedKey,
+		rsa, RSA_PKCS1_PADDING)) != rsaPriKeyBlob.BitLen / 8) {
+		goto end;
+	}
+	wrappedKeyLen = (ULONG)len;
+
+	/* encrypt private key with symmkey in ECB mode */
+	if (!(cctx = EVP_CIPHER_CTX_new())) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+		goto end;
+	}
+	if (!EVP_EncryptInit_ex(cctx, EVP_sms4_ecb(), NULL, symmKey, NULL)) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
+		goto end;
+	}
+	p = encedPriKey;
+	if (!EVP_EncryptUpdate(cctx, p, &len, (unsigned char *)&rsaPriKeyBlob,
+		sizeof(RSAPRIVATEKEYBLOB))) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
+		goto end;
+	}
+	p += len;
+	if (!EVP_EncryptFinal_ex(cctx, p, &len)) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
+		goto end;
+	}
+	p += len;
+	encedPriKeyLen = p - encedPriKey;
+
+	/* import */
+	if ((rv = SKF_ImportRSAKeyPair(hContainer, symmAlgId, wrappedKey, wrappedKeyLen,
+		encedPriKey, encedPriKeyLen)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
+		goto end;
+	}
+
+end:
+	OPENSSL_cleanse(&rsaPriKeyBlob, sizeof(rsaPriKeyBlob));
+	OPENSSL_cleanse(symmKey, sizeof(symmKey));
+	OPENSSL_cleanse(wrappedKey, sizeof(wrappedKey));
+	EVP_CIPHER_CTX_free(cctx);
+	return rv;
+}
+
+ULONG DEVAPI SKF_ImportPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
+	EVP_PKEY *pkey, ULONG symmAlgId)
+{
+	ULONG rv;
+	switch (EVP_PKEY_id(pkey)) {
+	case EVP_PKEY_EC:
+		if ((rv = SKF_ImportECCPrivateKey(hDev, hContainer,
+			EVP_PKEY_get0_EC_KEY(pkey), symmAlgId)) != SAR_OK) {
+			SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY, ERR_R_SKF_LIB);
+			return rv;
+		}
+		break;
+	case EVP_PKEY_RSA:
+		if ((rv = SKF_ImportRSAPrivateKey(hDev, hContainer,
+			EVP_PKEY_get0_RSA(pkey), symmAlgId)) != SAR_OK) {
+			SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY, ERR_R_SKF_LIB);
+			return rv;
+		}
+		break;
+	default:
+		SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY,
+			SKF_R_UNSUPPORTED_PRIVATE_KEY_TYPE);
+		return SAR_FAIL;
+	}
+	return SAR_OK;
+}
+
+ULONG DEVAPI SKF_ExportECCPublicKey(HCONTAINER hContainer, BOOL bSign, EC_KEY **ec_key)
+{
+	ULONG rv;
+	ULONG containerType;
+	BYTE pubKeyBlob[sizeof(SKF_PUBLICKEYBLOB)];
+	ECCPUBLICKEYBLOB *pubKey = (ECCPUBLICKEYBLOB *)pubKeyBlob;
+	ULONG pubKeyLen = sizeof(SKF_PUBLICKEYBLOB);
+
+	if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
+		return rv;
+	}
+	if (containerType != SKF_CONTAINER_TYPE_ECC) {
+		SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
+		return SAR_FAIL;
+	}
+
+	if ((rv = SKF_ExportPublicKey(hContainer, bSign,
+		pubKeyBlob, &pubKeyLen)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
+		return rv;
+	}
+	if (pubKeyLen != sizeof(ECCPUBLICKEYBLOB)) {
+		SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
+		return SAR_FAIL;
+	}
+
+	if (!(*ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pubKey))) {
+		SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, SKF_R_INVALID_ECC_PUBLIC_KEY);
+		return SAR_FAIL;
+	}
+	return SAR_OK;
+}
+
+ULONG DEVAPI SKF_ExportRSAPublicKey(HCONTAINER hContainer, BOOL bSign, RSA **rsa)
+{
+	ULONG rv;
+	ULONG containerType;
+	BYTE pubKeyBlob[sizeof(SKF_PUBLICKEYBLOB)];
+	RSAPUBLICKEYBLOB *pubKey = (RSAPUBLICKEYBLOB *)pubKeyBlob;
+	ULONG pubKeyLen = sizeof(SKF_PUBLICKEYBLOB);
+
+	if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
+		return rv;
+	}
+	if (containerType != SKF_CONTAINER_TYPE_RSA) {
+		SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
+		return SAR_FAIL;
+	}
+
+	if ((rv = SKF_ExportPublicKey(hContainer, bSign,
+		pubKeyBlob, &pubKeyLen)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
+		return rv;
+	}
+	if (pubKeyLen != sizeof(RSAPUBLICKEYBLOB)) {
+		SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
+		return SAR_FAIL;
+	}
+
+	if (!(*rsa = RSA_new_from_RSAPUBLICKEYBLOB(pubKey))) {
+		SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, SKF_R_INVALID_RSA_PUBLIC_KEY);
+		return SAR_FAIL;
+	}
+	return SAR_OK;
+}
+
+ULONG DEVAPI SKF_ExportEVPPublicKey(HCONTAINER hContainer, BOOL bSign, EVP_PKEY **pp)
+{
+	ULONG rv;
+	ULONG containerType;
+	EVP_PKEY *pkey = NULL;
+
+	if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
+		return rv;
+	}
+
+	if (!(pkey = EVP_PKEY_new())) {
+		SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_MALLOC_FAILURE);
+		return SAR_MEMORYERR;
+	}
+
+	if (containerType == SKF_CONTAINER_TYPE_ECC) {
+		EC_KEY *ec_key = NULL;
+		if ((rv = SKF_ExportECCPublicKey(hContainer, bSign,
+			&ec_key)) != SAR_OK) {
+			SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
+			goto end;
+		}
+		if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
+			EC_KEY_free(ec_key);
+			rv = SAR_FAIL;
+			goto end;
+		}
+
+	} else if (containerType == SKF_CONTAINER_TYPE_RSA) {
+		RSA *rsa = NULL;
+		if ((rv = SKF_ExportRSAPublicKey(hContainer, bSign,
+			&rsa)) != SAR_OK) {
+			SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
+			goto end;
+		}
+		if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
+			RSA_free(rsa);
+			rv = SAR_FAIL;
+			goto end;
+		}
+
+	} else {
+		SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, SKF_R_INVALID_CONTAINER_TYPE);
+		rv = SAR_FAIL;
+		goto end;
+	}
+
+	*pp = pkey;
+	pkey = NULL;
+	rv = SAR_OK;
+
+end:
+	EVP_PKEY_free(pkey);
+	return rv;
+}
+
+ULONG DEVAPI SKF_ImportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 *x509)
+{
+	int ret = 0;
+	ULONG containerType;
+	unsigned char *cert = NULL;
+	unsigned char *p;
+	int len;
+
+	if (SKF_GetContainerType(hContainer, &containerType) != SAR_OK) {
+		return 0;
+	}
+	if (containerType == SKF_CONTAINER_TYPE_UNDEF) {
+		return 0;
+	}
+
+	switch (EVP_PKEY_id(X509_get0_pubkey(x509))) {
+	case  EVP_PKEY_EC:
+		if (containerType != SKF_CONTAINER_TYPE_ECC) {
+			goto end;
+		}
+		if (!EC_KEY_is_sm2p256v1(EVP_PKEY_get0_EC_KEY(X509_get0_pubkey(x509)))) {
+			goto end;
+		}
+		break;
+
+	case EVP_PKEY_RSA:
+		if (containerType != SKF_CONTAINER_TYPE_RSA) {
+			goto end;
+		}
+		break;
+	default:
+		goto end;
+	}
+
+	if (X509_get_key_usage(x509) & (KU_DIGITAL_SIGNATURE|
+		KU_NON_REPUDIATION|KU_KEY_CERT_SIGN|KU_CRL_SIGN)) {
+		bSign = SGD_TRUE;
+	} else if (X509_get_key_usage(x509) & (KU_KEY_ENCIPHERMENT|
+		KU_DATA_ENCIPHERMENT|KU_KEY_AGREEMENT|KU_ENCIPHER_ONLY)) {
+		bSign = SGD_FALSE;
+	} else {
+		goto end;
+	}
+
+	if ((len = i2d_X509(x509, NULL)) <= 0
+		|| !(p = cert = OPENSSL_malloc(len))
+		|| (len = i2d_X509(x509, &p)) <= 0) {
+		goto end;
+	}
+
+	if (SKF_ImportCertificate(hContainer, bSign, cert, (ULONG)len) != SAR_OK) {
+		goto end;
+	}
+
+	ret = 1;
+end:
+	X509_free(x509);
+	OPENSSL_free(cert);
+	return ret;
+}
+
+ULONG DEVAPI SKF_ImportX509CertificateByKeyUsage(HCONTAINER hContainer, X509 *x509)
+{
+	ULONG rv;
+	BOOL bSign;
+
+	if (X509_get_key_usage(x509) & (KU_DIGITAL_SIGNATURE|
+		KU_NON_REPUDIATION|KU_KEY_CERT_SIGN|KU_CRL_SIGN)) {
+		bSign = SGD_TRUE;
+	} else if (X509_get_key_usage(x509) & (KU_KEY_ENCIPHERMENT|
+		KU_DATA_ENCIPHERMENT|KU_KEY_AGREEMENT|KU_ENCIPHER_ONLY)) {
+		bSign = SGD_FALSE;
+	} else {
+		SKFerr(SKF_F_SKF_IMPORTX509CERTIFICATEBYKEYUSAGE,
+			SKF_R_UNKNOWN_CERTIFICATE_KEYUSAGE);
+		return SAR_FAIL;
+	}
+
+	if ((rv = SKF_ImportX509Certificate(hContainer, bSign, x509)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_IMPORTX509CERTIFICATEBYKEYUSAGE, ERR_R_SKF_LIB);
+		return rv;
+	}
+
+	return SAR_OK;
+}
+
+ULONG DEVAPI SKF_ExportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 **px509)
+{
+	ULONG rv = SAR_FAIL;
+	BYTE *pbCert = NULL;
+	ULONG ulCertLen;
+	const unsigned char *p;
+	X509 *x509 = NULL;
+
+	ulCertLen = SKF_MAX_CERTIFICATE_SIZE;
+	if (!(pbCert = OPENSSL_zalloc(ulCertLen))) {
+		SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE, ERR_R_MALLOC_FAILURE);
+		rv = SAR_MEMORYERR;
+		goto end;
+	}
+	if ((rv = SKF_ExportCertificate(hContainer, bSign,
+		pbCert, &ulCertLen)) != SAR_OK) {
+		SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE, ERR_R_SKF_LIB);
+		goto end;
+	}
+
+	p = pbCert;
+	if (!(x509 = d2i_X509(NULL, &p, (long)ulCertLen))) {
+		SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE,
+			SKF_R_PARSE_CERTIFICATE_FAILURE);
+		goto end;
+	}
+	if (p - pbCert != ulCertLen) {
+		SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE,
+			SKF_R_PARSE_CERTIFICATE_FAILURE);
+		goto end;
+	}
+
+	*px509 = x509;
+	x509 = NULL;
+	rv = SAR_OK;
+
+end:
+	OPENSSL_free(pbCert);
+	X509_free(x509);
+	return rv;
+}

skf/skf_ext.h

@@ -0,0 +1,129 @@
+/* ====================================================================
+ * Copyright (c) 2015 - 2016 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_GMSKF_H
+#define HEADER_GMSKF_H
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_SKF
+
+#include <stdio.h>
+#include <openssl/bio.h>
+#include <openssl/sgd.h>
+#include <openssl/skf.h>
+
+#define SKF_NO_PADDING		0
+#define SKF_PKCS5_PADDING	1
+
+#define SKF_DEV_STATE_ABSENT	0x00000000
+#define SKF_DEV_STATE_PRESENT	0x00000001
+#define SKF_DEV_STATE_UNKNOW	0x00000010
+
+#define SKF_CONTAINER_TYPE_UNDEF	0
+#define SKF_CONTAINER_TYPE_RSA		1
+#define SKF_CONTAINER_TYPE_ECC		2
+
+#define SKF_ENVELOPEDKEYBLOB_VERSION	1
+#define SKF_AUTHKEY_LENGTH		16
+#define SKF_AUTHRAND_LENGTH		16
+#define SKF_MAX_FILE_SIZE		(256*1024)
+#define SKF_MAX_CERTIFICATE_SIZE	(8*1024)
+
+
+#define SKF_DEFAULT_ADMIN_PIN_RETRY_COUNT	6
+#define SKF_DEFAULT_USER_PIN_RETRY_COUNT	6
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+	union {
+		ECCPUBLICKEYBLOB ecc;
+		RSAPUBLICKEYBLOB rsa;
+	} u;
+} SKF_PUBLICKEYBLOB;
+#define SKF_MAX_PUBLICKEYBOLB_LENGTH sizeof(SKF_PUBLICKEYBLOB)
+
+typedef struct {
+	char *name;
+	unsigned char *buf;
+	int offset;
+	int length;
+} SKF_FILE_OP_PARAMS;
+
+
+ULONG DEVAPI SKF_LoadLibrary(LPSTR so_path, LPSTR vendor);
+ULONG DEVAPI SKF_UnloadLibrary(void);
+ULONG DEVAPI SKF_OpenDevice(LPSTR devName, BYTE authKey[16], DEVINFO *devInfo, DEVHANDLE *phDev);
+ULONG DEVAPI SKF_CloseDevice(DEVHANDLE hDev);
+ULONG DEVAPI SKF_GetDevStateName(ULONG ulDevState, LPSTR *szName);
+ULONG DEVAPI SKF_GetContainerTypeName(ULONG ulContainerType, LPSTR *szName);
+ULONG DEVAPI SKF_GetAlgorName(ULONG ulAlgID, LPSTR *szName);
+ULONG DEVAPI SKF_PrintDevInfo(BIO *out, DEVINFO *devInfo);
+ULONG DEVAPI SKF_PrintRSAPublicKey(BIO *out, RSAPUBLICKEYBLOB *blob);
+ULONG DEVAPI SKF_PrintRSAPrivateKey(BIO *out, RSAPRIVATEKEYBLOB *blob);
+ULONG DEVAPI SKF_PrintECCPublicKey(BIO *out, ECCPUBLICKEYBLOB *blob);
+ULONG DEVAPI SKF_PrintECCPrivateKey(BIO *out, ECCPRIVATEKEYBLOB *blob);
+ULONG DEVAPI SKF_PrintECCCipher(BIO *out, ECCCIPHERBLOB *blob);
+ULONG DEVAPI SKF_PrintECCSignature(BIO *out, ECCSIGNATUREBLOB *blob);
+ULONG DEVAPI SKF_GetErrorString(ULONG ulError, LPSTR *szErrorStr);
+ULONG DEVAPI SKF_NewECCCipher(ULONG ulCipherLen, ECCCIPHERBLOB **cipherBlob);
+ULONG DEVAPI SKF_NewEnvelopedKey(ULONG ulCipherLen, ENVELOPEDKEYBLOB **envelopedKeyBlob);
+ULONG DEVAPI SKF_ImportECCPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer, EC_KEY *ec_key, ULONG symmAlgId);
+ULONG DEVAPI SKF_ImportRSAPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer, RSA *rsa, ULONG symmAlgId);
+ULONG DEVAPI SKF_ImportPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer, EVP_PKEY *pkey, ULONG symmAlgId);
+ULONG DEVAPI SKF_ExportECCPublicKey(HCONTAINER hContainer, BOOL bSign, EC_KEY **pp);
+ULONG DEVAPI SKF_ExportRSAPublicKey(HCONTAINER hContainer, BOOL bSign, RSA **pp);
+ULONG DEVAPI SKF_ExportEVPPublicKey(HCONTAINER hContainer, BOOL bSign, EVP_PKEY **pp);
+ULONG DEVAPI SKF_ImportX509CertificateByKeyUsage(HCONTAINER hContainer, X509 *x509);
+ULONG DEVAPI SKF_ImportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 *x509);
+ULONG DEVAPI SKF_ExportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 **px509);
+
+

skf/skf_int.h

@@ -0,0 +1,618 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_SKF_INT_H
+#define HEADER_SKF_INT_H
+
+
+#include <openssl/skf.h>
+#include "internal/dso.h"
+
+
+typedef ULONG (DEVAPI *SKF_WaitForDevEvent_FuncPtr)(
+	LPSTR szDevName,
+	ULONG *pulDevNameLen,
+	ULONG *pulEvent);
+
+typedef ULONG (DEVAPI *SKF_CancelWaitForDevEvent_FuncPtr)(
+	void);
+
+typedef ULONG (DEVAPI *SKF_EnumDev_FuncPtr)(
+	BOOL bPresent,
+	LPSTR szNameList,
+	ULONG *pulSize);
+
+typedef ULONG (DEVAPI *SKF_ConnectDev_FuncPtr)(
+	LPSTR szName,
+	DEVHANDLE *phDev);
+
+typedef ULONG (DEVAPI *SKF_DisConnectDev_FuncPtr)(
+	DEVHANDLE hDev);
+
+typedef ULONG (DEVAPI *SKF_GetDevState_FuncPtr)(
+	LPSTR szDevName,
+	ULONG *pulDevState);
+
+typedef ULONG (DEVAPI *SKF_SetLabel_FuncPtr)(
+	DEVHANDLE hDev,
+	LPSTR szLabel);
+
+typedef ULONG (DEVAPI *SKF_GetDevInfo_FuncPtr)(
+	DEVHANDLE hDev,
+	DEVINFO *pDevInfo);
+
+typedef ULONG (DEVAPI *SKF_LockDev_FuncPtr)(
+	DEVHANDLE hDev,
+	ULONG ulTimeOut);
+
+typedef ULONG (DEVAPI *SKF_UnlockDev_FuncPtr)(
+	DEVHANDLE hDev);
+
+typedef ULONG (DEVAPI *SKF_Transmit_FuncPtr)(
+	DEVHANDLE hDev,
+	BYTE *pbCommand,
+	ULONG ulCommandLen,
+	BYTE *pbData,
+	ULONG *pulDataLen);
+
+typedef ULONG (DEVAPI *SKF_ChangeDevAuthKey_FuncPtr)(
+	DEVHANDLE hDev,
+	BYTE *pbKeyValue,
+	ULONG ulKeyLen);
+
+typedef ULONG (DEVAPI *SKF_DevAuth_FuncPtr)(
+	DEVHANDLE hDev,
+	BYTE *pbAuthData,
+	ULONG ulLen);
+
+typedef ULONG (DEVAPI *SKF_ChangePIN_FuncPtr)(
+	HAPPLICATION hApplication,
+	ULONG ulPINType,
+	LPSTR szOldPin,
+	LPSTR szNewPin,
+	ULONG *pulRetryCount);
+
+typedef LONG (DEVAPI *SKF_GetPINInfo_FuncPtr)(
+	HAPPLICATION hApplication,
+	ULONG ulPINType,
+	ULONG *pulMaxRetryCount,
+	ULONG *pulRemainRetryCount,
+	BOOL *pbDefaultPin);
+
+typedef ULONG (DEVAPI *SKF_VerifyPIN_FuncPtr)(
+	HAPPLICATION hApplication,
+	ULONG ulPINType,
+	LPSTR szPIN,
+	ULONG *pulRetryCount);
+
+typedef ULONG (DEVAPI *SKF_UnblockPIN_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szAdminPIN,
+	LPSTR szNewUserPIN,
+	ULONG *pulRetryCount);
+
+typedef ULONG (DEVAPI *SKF_ClearSecureState_FuncPtr)(
+	HAPPLICATION hApplication);
+
+typedef ULONG (DEVAPI *SKF_CreateApplication_FuncPtr)(
+	DEVHANDLE hDev,
+	LPSTR szAppName,
+	LPSTR szAdminPin,
+	DWORD dwAdminPinRetryCount,
+	LPSTR szUserPin,
+	DWORD dwUserPinRetryCount,
+	DWORD dwCreateFileRights,
+	HAPPLICATION *phApplication);
+
+typedef ULONG (DEVAPI *SKF_EnumApplication_FuncPtr)(
+	DEVHANDLE hDev,
+	LPSTR szAppName,
+	ULONG *pulSize);
+
+typedef ULONG (DEVAPI *SKF_DeleteApplication_FuncPtr)(
+	DEVHANDLE hDev,
+	LPSTR szAppName);
+
+typedef ULONG (DEVAPI *SKF_OpenApplication_FuncPtr)(
+	DEVHANDLE hDev,
+	LPSTR szAppName,
+	HAPPLICATION *phApplication);
+
+typedef ULONG (DEVAPI *SKF_CloseApplication_FuncPtr)(
+	HAPPLICATION hApplication);
+
+typedef ULONG (DEVAPI *SKF_CreateObject_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szFileName,
+	ULONG ulFileSize,
+	ULONG ulReadRights,
+	ULONG ulWriteRights);
+
+typedef ULONG (DEVAPI *SKF_DeleteObject_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szFileName);
+
+typedef ULONG (DEVAPI *SKF_EnumObjects_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szFileList,
+	ULONG *pulSize);
+
+typedef ULONG (DEVAPI *SKF_GetObjectInfo_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szFileName,
+	FILEATTRIBUTE *pFileInfo);
+
+typedef ULONG (DEVAPI *SKF_ReadObject_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szFileName,
+	ULONG ulOffset,
+	ULONG ulSize,
+	BYTE *pbOutData,
+	ULONG *pulOutLen);
+
+typedef ULONG (DEVAPI *SKF_WriteObject_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szFileName,
+	ULONG ulOffset,
+	BYTE *pbData,
+	ULONG ulSize);
+
+typedef ULONG (DEVAPI *SKF_CreateContainer_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szContainerName,
+	HCONTAINER *phContainer);
+
+typedef ULONG (DEVAPI *SKF_DeleteContainer_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szContainerName);
+
+typedef ULONG (DEVAPI *SKF_EnumContainer_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szContainerName,
+	ULONG *pulSize);
+
+typedef ULONG (DEVAPI *SKF_OpenContainer_FuncPtr)(
+	HAPPLICATION hApplication,
+	LPSTR szContainerName,
+	HCONTAINER *phContainer);
+
+typedef ULONG (DEVAPI *SKF_CloseContainer_FuncPtr)(
+	HCONTAINER hContainer);
+
+typedef ULONG (DEVAPI *SKF_GetContainerType_FuncPtr)(
+	HCONTAINER hContainer,
+	ULONG *pulContainerType);
+
+typedef ULONG (DEVAPI *SKF_ImportCertificate_FuncPtr)(
+	HCONTAINER hContainer,
+	BOOL bExportSignKey,
+	BYTE *pbCert,
+	ULONG ulCertLen);
+
+typedef ULONG (DEVAPI *SKF_ExportCertificate_FuncPtr)(
+	HCONTAINER hContainer,
+	BOOL bSignFlag,
+	BYTE *pbCert,
+	ULONG *pulCertLen);
+
+typedef ULONG (DEVAPI *SKF_ExportPublicKey_FuncPtr)(
+	HCONTAINER hContainer,
+	BOOL bSignFlag,
+	BYTE *pbBlob,
+	ULONG *pulBlobLen);
+
+typedef ULONG (DEVAPI *SKF_GenRandom_FuncPtr)(
+	DEVHANDLE hDev,
+	BYTE *pbRandom,
+	ULONG ulRandomLen);
+
+typedef ULONG (DEVAPI *SKF_GenExtRSAKey_FuncPtr)(
+	DEVHANDLE hDev,
+	ULONG ulBitsLen,
+	RSAPRIVATEKEYBLOB *pBlob);
+
+typedef ULONG (DEVAPI *SKF_GenRSAKeyPair_FuncPtr)(
+	HCONTAINER hContainer,
+	ULONG ulBitsLen,
+	RSAPUBLICKEYBLOB *pBlob);
+
+typedef ULONG (DEVAPI *SKF_ImportRSAKeyPair_FuncPtr)(
+	HCONTAINER hContainer,
+	ULONG ulSymAlgId,
+	BYTE *pbWrappedKey,
+	ULONG ulWrappedKeyLen,
+	BYTE *pbEncryptedData,
+	ULONG ulEncryptedDataLen);
+
+typedef ULONG (DEVAPI *SKF_RSASignData_FuncPtr)(
+	HCONTAINER hContainer,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbSignature,
+	ULONG *pulSignLen);
+
+typedef ULONG (DEVAPI *SKF_RSAVerify_FuncPtr)(
+	DEVHANDLE hDev,
+	RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbSignature,
+	ULONG ulSignLen);
+
+typedef ULONG (DEVAPI *SKF_RSAExportSessionKey_FuncPtr)(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	RSAPUBLICKEYBLOB *pPubKey,
+	BYTE *pbData,
+	ULONG *pulDataLen,
+	HANDLE *phSessionKey);
+
+typedef ULONG (DEVAPI *SKF_ExtRSAPubKeyOperation_FuncPtr)(
+	DEVHANDLE hDev,
+	RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
+	BYTE *pbInput,
+	ULONG ulInputLen,
+	BYTE *pbOutput,
+	ULONG *pulOutputLen);
+
+typedef ULONG (DEVAPI *SKF_ExtRSAPriKeyOperation_FuncPtr)(
+	DEVHANDLE hDev,
+	RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
+	BYTE *pbInput,
+	ULONG ulInputLen,
+	BYTE *pbOutput,
+	ULONG *pulOutputLen);
+
+typedef ULONG (DEVAPI *SKF_GenECCKeyPair_FuncPtr)(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	ECCPUBLICKEYBLOB *pBlob);
+
+typedef ULONG (DEVAPI *SKF_ImportECCKeyPair_FuncPtr)(
+	HCONTAINER hContainer,
+	ENVELOPEDKEYBLOB *pEnvelopedKeyBlob);
+
+typedef ULONG (DEVAPI *SKF_ECCSignData_FuncPtr)(
+	HCONTAINER hContainer,
+	BYTE *pbDigest,
+	ULONG ulDigestLen,
+	ECCSIGNATUREBLOB *pSignature);
+
+typedef ULONG (DEVAPI *SKF_ECCVerify_FuncPtr)(
+	DEVHANDLE hDev,
+	ECCPUBLICKEYBLOB *pECCPubKeyBlob,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	ECCSIGNATUREBLOB *pSignature);
+
+typedef ULONG (DEVAPI *SKF_ECCExportSessionKey_FuncPtr)(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	ECCPUBLICKEYBLOB *pPubKey,
+	ECCCIPHERBLOB *pData,
+	HANDLE *phSessionKey);
+
+typedef ULONG (DEVAPI *SKF_ExtECCEncrypt_FuncPtr)(
+	DEVHANDLE hDev,
+	ECCPUBLICKEYBLOB *pECCPubKeyBlob,
+	BYTE *pbPlainText,
+	ULONG ulPlainTextLen,
+	ECCCIPHERBLOB *pCipherText);
+
+typedef ULONG (DEVAPI *SKF_ECCDecrypt_FuncPtr)(
+	HCONTAINER hContainer,
+	ECCCIPHERBLOB *pCipherText,
+	BYTE *pbPlainText,
+	ULONG *pulPlainTextLen);
+
+typedef ULONG (DEVAPI *SKF_ExtECCDecrypt_FuncPtr)(
+	DEVHANDLE hDev,
+	ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
+	ECCCIPHERBLOB *pCipherText,
+	BYTE *pbPlainText,
+	ULONG *pulPlainTextLen);
+
+typedef ULONG (DEVAPI *SKF_ExtECCSign_FuncPtr)(
+	DEVHANDLE hDev,
+	ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	ECCSIGNATUREBLOB *pSignature);
+
+typedef ULONG (DEVAPI *SKF_ExtECCVerify_FuncPtr)(
+	DEVHANDLE hDev,
+	ECCPUBLICKEYBLOB *pECCPubKeyBlob,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	ECCSIGNATUREBLOB *pSignature);
+
+typedef ULONG (DEVAPI *SKF_GenerateAgreementDataWithECC_FuncPtr)(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
+	BYTE *pbID,
+	ULONG ulIDLen,
+	HANDLE *phAgreementHandle);
+
+typedef ULONG (DEVAPI *SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr)(
+	HANDLE hContainer,
+	ULONG ulAlgId,
+	ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
+	ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
+	ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
+	BYTE *pbID,
+	ULONG ulIDLen,
+	BYTE *pbSponsorID,
+	ULONG ulSponsorIDLen,
+	HANDLE *phKeyHandle);
+
+typedef ULONG (DEVAPI *SKF_GenerateKeyWithECC_FuncPtr)(
+	HANDLE hAgreementHandle,
+	ECCPUBLICKEYBLOB *pECCPubKeyBlob,
+	ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
+	BYTE *pbID,
+	ULONG ulIDLen,
+	HANDLE *phKeyHandle);
+
+typedef ULONG (DEVAPI *SKF_ImportSessionKey_FuncPtr)(
+	HCONTAINER hContainer,
+	ULONG ulAlgId,
+	BYTE *pbWrapedData,
+	ULONG ulWrapedLen,
+	HANDLE *phKey);
+
+typedef ULONG (DEVAPI *SKF_SetSymmKey_FuncPtr)(
+	DEVHANDLE hDev,
+	BYTE *pbKey,
+	ULONG ulAlgID,
+	HANDLE *phKey);
+
+typedef ULONG (DEVAPI *SKF_EncryptInit_FuncPtr)(
+	HANDLE hKey,
+	BLOCKCIPHERPARAM EncryptParam);
+
+typedef ULONG (DEVAPI *SKF_Encrypt_FuncPtr)(
+	HANDLE hKey,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbEncryptedData,
+	ULONG *pulEncryptedLen);
+
+typedef ULONG (DEVAPI *SKF_EncryptUpdate_FuncPtr)(
+	HANDLE hKey,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbEncryptedData,
+	ULONG *pulEncryptedLen);
+
+typedef ULONG (DEVAPI *SKF_EncryptFinal_FuncPtr)(
+	HANDLE hKey,
+	BYTE *pbEncryptedData,
+	ULONG *pulEncryptedDataLen);
+
+typedef ULONG (DEVAPI *SKF_DecryptInit_FuncPtr)(
+	HANDLE hKey,
+	BLOCKCIPHERPARAM DecryptParam);
+
+typedef ULONG (DEVAPI *SKF_Decrypt_FuncPtr)(
+	HANDLE hKey,
+	BYTE *pbEncryptedData,
+	ULONG ulEncryptedLen,
+	BYTE *pbData,
+	ULONG *pulDataLen);
+
+typedef ULONG (DEVAPI *SKF_DecryptUpdate_FuncPtr)(
+	HANDLE hKey,
+	BYTE *pbEncryptedData,
+	ULONG ulEncryptedLen,
+	BYTE *pbData,
+	ULONG *pulDataLen);
+
+typedef ULONG (DEVAPI *SKF_DecryptFinal_FuncPtr)(
+	HANDLE hKey,
+	BYTE *pbDecryptedData,
+	ULONG *pulDecryptedDataLen);
+
+typedef ULONG (DEVAPI *SKF_DigestInit_FuncPtr)(
+	DEVHANDLE hDev,
+	ULONG ulAlgID,
+	ECCPUBLICKEYBLOB *pPubKey,
+	BYTE *pbID,
+	ULONG ulIDLen,
+	HANDLE *phHash);
+
+typedef ULONG (DEVAPI *SKF_Digest_FuncPtr)(
+	HANDLE hHash,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbHashData,
+	ULONG *pulHashLen);
+
+typedef ULONG (DEVAPI *SKF_DigestUpdate_FuncPtr)(
+	HANDLE hHash,
+	BYTE *pbData,
+	ULONG ulDataLen);
+
+typedef ULONG (DEVAPI *SKF_DigestFinal_FuncPtr)(
+	HANDLE hHash,
+	BYTE *pHashData,
+	ULONG *pulHashLen);
+
+typedef ULONG (DEVAPI *SKF_MacInit_FuncPtr)(
+	HANDLE hKey,
+	BLOCKCIPHERPARAM *pMacParam,
+	HANDLE *phMac);
+
+typedef ULONG (DEVAPI *SKF_Mac_FuncPtr)(
+	HANDLE hMac,
+	BYTE *pbData,
+	ULONG ulDataLen,
+	BYTE *pbMacData,
+	ULONG *pulMacLen);
+
+typedef ULONG (DEVAPI *SKF_MacUpdate_FuncPtr)(
+	HANDLE hMac,
+	BYTE *pbData,
+	ULONG ulDataLen);
+
+typedef ULONG (DEVAPI *SKF_MacFinal_FuncPtr)(
+	HANDLE hMac,
+	BYTE *pbMacData,
+	ULONG *pulMacDataLen);
+
+typedef ULONG (DEVAPI *SKF_CloseHandle_FuncPtr)(
+	HANDLE hHandle);
+
+
+typedef struct skf_method_st {
+	char *name;
+	DSO *dso;
+	SKF_WaitForDevEvent_FuncPtr WaitForDevEvent;
+	SKF_CancelWaitForDevEvent_FuncPtr CancelWaitForDevEvent;
+	SKF_EnumDev_FuncPtr EnumDev;
+	SKF_ConnectDev_FuncPtr ConnectDev;
+	SKF_DisConnectDev_FuncPtr DisConnectDev;
+	SKF_GetDevState_FuncPtr GetDevState;
+	SKF_SetLabel_FuncPtr SetLabel;
+	SKF_GetDevInfo_FuncPtr GetDevInfo;
+	SKF_LockDev_FuncPtr LockDev;
+	SKF_UnlockDev_FuncPtr UnlockDev;
+	SKF_Transmit_FuncPtr Transmit;
+	SKF_ChangeDevAuthKey_FuncPtr ChangeDevAuthKey;
+	SKF_DevAuth_FuncPtr DevAuth;
+	SKF_ChangePIN_FuncPtr ChangePIN;
+	SKF_GetPINInfo_FuncPtr GetPINInfo;
+	SKF_VerifyPIN_FuncPtr VerifyPIN;
+	SKF_UnblockPIN_FuncPtr UnblockPIN;
+	SKF_ClearSecureState_FuncPtr ClearSecureState;
+	SKF_CreateApplication_FuncPtr CreateApplication;
+	SKF_EnumApplication_FuncPtr EnumApplication;
+	SKF_DeleteApplication_FuncPtr DeleteApplication;
+	SKF_OpenApplication_FuncPtr OpenApplication;
+	SKF_CloseApplication_FuncPtr CloseApplication;
+	SKF_CreateObject_FuncPtr CreateObject;
+	SKF_DeleteObject_FuncPtr DeleteObject;
+	SKF_EnumObjects_FuncPtr EnumObjects;
+	SKF_GetObjectInfo_FuncPtr GetObjectInfo;
+	SKF_ReadObject_FuncPtr ReadObject;
+	SKF_WriteObject_FuncPtr WriteObject;
+	SKF_CreateContainer_FuncPtr CreateContainer;
+	SKF_DeleteContainer_FuncPtr DeleteContainer;
+	SKF_EnumContainer_FuncPtr EnumContainer;
+	SKF_OpenContainer_FuncPtr OpenContainer;
+	SKF_CloseContainer_FuncPtr CloseContainer;
+	SKF_GetContainerType_FuncPtr GetContainerType;
+	SKF_ImportCertificate_FuncPtr ImportCertificate;
+	SKF_ExportCertificate_FuncPtr ExportCertificate;
+	SKF_ExportPublicKey_FuncPtr ExportPublicKey;
+	SKF_GenRandom_FuncPtr GenRandom;
+	SKF_GenExtRSAKey_FuncPtr GenExtRSAKey;
+	SKF_GenRSAKeyPair_FuncPtr GenRSAKeyPair;
+	SKF_ImportRSAKeyPair_FuncPtr ImportRSAKeyPair;
+	SKF_RSASignData_FuncPtr RSASignData;
+	SKF_RSAVerify_FuncPtr RSAVerify;
+	SKF_RSAExportSessionKey_FuncPtr RSAExportSessionKey;
+	SKF_ExtRSAPubKeyOperation_FuncPtr ExtRSAPubKeyOperation;
+	SKF_ExtRSAPriKeyOperation_FuncPtr ExtRSAPriKeyOperation;
+	SKF_GenECCKeyPair_FuncPtr GenECCKeyPair;
+	SKF_ImportECCKeyPair_FuncPtr ImportECCKeyPair;
+	SKF_ECCSignData_FuncPtr ECCSignData;
+	SKF_ECCVerify_FuncPtr ECCVerify;
+	SKF_ECCExportSessionKey_FuncPtr ECCExportSessionKey;
+	SKF_ExtECCEncrypt_FuncPtr ExtECCEncrypt;
+	SKF_ExtECCDecrypt_FuncPtr ExtECCDecrypt;
+	SKF_ECCDecrypt_FuncPtr ECCDecrypt;
+	SKF_ExtECCSign_FuncPtr ExtECCSign;
+	SKF_ExtECCVerify_FuncPtr ExtECCVerify;
+	SKF_GenerateAgreementDataWithECC_FuncPtr GenerateAgreementDataWithECC;
+	SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr GenerateAgreementDataAndKeyWithECC;
+	SKF_GenerateKeyWithECC_FuncPtr GenerateKeyWithECC;
+	SKF_ImportSessionKey_FuncPtr ImportSessionKey;
+	SKF_SetSymmKey_FuncPtr SetSymmKey;
+	SKF_EncryptInit_FuncPtr EncryptInit;
+	SKF_Encrypt_FuncPtr Encrypt;
+	SKF_EncryptUpdate_FuncPtr EncryptUpdate;
+	SKF_EncryptFinal_FuncPtr EncryptFinal;
+	SKF_DecryptInit_FuncPtr DecryptInit;
+	SKF_Decrypt_FuncPtr Decrypt;
+	SKF_DecryptUpdate_FuncPtr DecryptUpdate;
+	SKF_DecryptFinal_FuncPtr DecryptFinal;
+	SKF_DigestInit_FuncPtr DigestInit;
+	SKF_Digest_FuncPtr Digest;
+	SKF_DigestUpdate_FuncPtr DigestUpdate;
+	SKF_DigestFinal_FuncPtr DigestFinal;
+	SKF_MacInit_FuncPtr MacInit;
+	SKF_Mac_FuncPtr Mac;
+	SKF_MacUpdate_FuncPtr MacUpdate;
+	SKF_MacFinal_FuncPtr MacFinal;
+	SKF_CloseHandle_FuncPtr CloseHandle;
+} SKF_METHOD;
+
+SKF_METHOD *SKF_METHOD_load_library(const char *so_path);
+void SKF_METHOD_free(SKF_METHOD *meth);
+
+
+typedef struct skf_vendor_st {
+	char *name;
+	unsigned int authrand_length;
+	ULONG (*get_cipher_algor)(ULONG vendor_id);
+	ULONG (*get_cipher_cap)(ULONG vendor_cap);
+	ULONG (*get_digest_algor)(ULONG vendor_id);
+	ULONG (*get_digest_cap)(ULONG vendor_cap);
+	ULONG (*get_pkey_algor)(ULONG vendor_id);
+	ULONG (*get_pkey_cap)(ULONG vendor_cap);
+	unsigned long (*get_error_reason)(ULONG err);
+} SKF_VENDOR;
+
+typedef struct {
+	ULONG err;
+	unsigned long reason;
+} SKF_ERR_REASON;
+
+#endif

skf/skf_meth.c

@@ -0,0 +1,172 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/err.h>
+#include <openssl/gmskf.h>
+#include "internal/dso.h"
+#include "internal/skf_int.h"
+
+
+#define SKF_METHOD_BIND_FUNCTION_EX(func,name) \
+	skf->func = (SKF_##func##_FuncPtr)DSO_bind_func(skf->dso, "SKF_"#name)
+
+#define SKF_METHOD_BIND_FUNCTION(func) \
+	SKF_METHOD_BIND_FUNCTION_EX(func,func)
+
+
+SKF_METHOD *SKF_METHOD_load_library(const char *so_path)
+{
+	SKF_METHOD *ret = NULL;
+	SKF_METHOD *skf = NULL;
+
+	if (!(skf = OPENSSL_zalloc(sizeof(*skf)))) {
+		SKFerr(SKF_F_SKF_METHOD_LOAD_LIBRARY, ERR_R_MALLOC_FAILURE);
+		goto end;
+	}
+	if (!(skf->dso = DSO_load(NULL, so_path, NULL, 0))) {
+		SKFerr(SKF_F_SKF_METHOD_LOAD_LIBRARY, SKF_R_DSO_LOAD_FAILURE);
+		goto end;
+	}
+
+	SKF_METHOD_BIND_FUNCTION(WaitForDevEvent);
+	SKF_METHOD_BIND_FUNCTION(CancelWaitForDevEvent);
+	SKF_METHOD_BIND_FUNCTION(EnumDev);
+	SKF_METHOD_BIND_FUNCTION(ConnectDev);
+	SKF_METHOD_BIND_FUNCTION(DisConnectDev);
+	SKF_METHOD_BIND_FUNCTION(GetDevState);
+	SKF_METHOD_BIND_FUNCTION(SetLabel);
+	SKF_METHOD_BIND_FUNCTION(GetDevInfo);
+	SKF_METHOD_BIND_FUNCTION(LockDev);
+	SKF_METHOD_BIND_FUNCTION(UnlockDev);
+	SKF_METHOD_BIND_FUNCTION(Transmit);
+	SKF_METHOD_BIND_FUNCTION(ChangeDevAuthKey);
+	SKF_METHOD_BIND_FUNCTION(DevAuth);
+	SKF_METHOD_BIND_FUNCTION(ChangePIN);
+	SKF_METHOD_BIND_FUNCTION(GetPINInfo);
+	SKF_METHOD_BIND_FUNCTION(VerifyPIN);
+	SKF_METHOD_BIND_FUNCTION(UnblockPIN);
+	SKF_METHOD_BIND_FUNCTION(ClearSecureState);
+	SKF_METHOD_BIND_FUNCTION(CreateApplication);
+	SKF_METHOD_BIND_FUNCTION(EnumApplication);
+	SKF_METHOD_BIND_FUNCTION(DeleteApplication);
+	SKF_METHOD_BIND_FUNCTION(OpenApplication);
+	SKF_METHOD_BIND_FUNCTION(CloseApplication);
+	SKF_METHOD_BIND_FUNCTION_EX(CreateObject,CreateFile);
+	SKF_METHOD_BIND_FUNCTION_EX(DeleteObject,DeleteFile);
+	SKF_METHOD_BIND_FUNCTION_EX(EnumObjects,EnumFiles);
+	SKF_METHOD_BIND_FUNCTION_EX(GetObjectInfo,GetFileInfo);
+	SKF_METHOD_BIND_FUNCTION_EX(ReadObject,ReadFile);
+	SKF_METHOD_BIND_FUNCTION_EX(WriteObject,WriteFile);
+	SKF_METHOD_BIND_FUNCTION(CreateContainer);
+	SKF_METHOD_BIND_FUNCTION(DeleteContainer);
+	SKF_METHOD_BIND_FUNCTION(EnumContainer);
+	SKF_METHOD_BIND_FUNCTION(OpenContainer);
+	SKF_METHOD_BIND_FUNCTION(CloseContainer);
+	SKF_METHOD_BIND_FUNCTION(GetContainerType);
+	SKF_METHOD_BIND_FUNCTION(ImportCertificate);
+	SKF_METHOD_BIND_FUNCTION(ExportCertificate);
+	SKF_METHOD_BIND_FUNCTION(ExportPublicKey);
+	SKF_METHOD_BIND_FUNCTION(GenRandom);
+	SKF_METHOD_BIND_FUNCTION(GenExtRSAKey);
+	SKF_METHOD_BIND_FUNCTION(GenRSAKeyPair);
+	SKF_METHOD_BIND_FUNCTION(ImportRSAKeyPair);
+	SKF_METHOD_BIND_FUNCTION(RSASignData);
+	SKF_METHOD_BIND_FUNCTION(RSAVerify);
+	SKF_METHOD_BIND_FUNCTION(RSAExportSessionKey);
+	SKF_METHOD_BIND_FUNCTION(ExtRSAPubKeyOperation);
+	SKF_METHOD_BIND_FUNCTION(ExtRSAPriKeyOperation);
+	SKF_METHOD_BIND_FUNCTION(GenECCKeyPair);
+	SKF_METHOD_BIND_FUNCTION(ImportECCKeyPair);
+	SKF_METHOD_BIND_FUNCTION(ECCSignData);
+	SKF_METHOD_BIND_FUNCTION(ECCVerify);
+	SKF_METHOD_BIND_FUNCTION(ECCExportSessionKey);
+	SKF_METHOD_BIND_FUNCTION(ExtECCEncrypt);
+	SKF_METHOD_BIND_FUNCTION(ExtECCDecrypt);
+	SKF_METHOD_BIND_FUNCTION(ExtECCSign);
+	SKF_METHOD_BIND_FUNCTION(ExtECCVerify);
+	SKF_METHOD_BIND_FUNCTION(GenerateAgreementDataWithECC);
+	SKF_METHOD_BIND_FUNCTION(GenerateAgreementDataAndKeyWithECC);
+	SKF_METHOD_BIND_FUNCTION(GenerateKeyWithECC);
+	SKF_METHOD_BIND_FUNCTION(ImportSessionKey);
+	SKF_METHOD_BIND_FUNCTION(SetSymmKey);
+	SKF_METHOD_BIND_FUNCTION(EncryptInit);
+	SKF_METHOD_BIND_FUNCTION(Encrypt);
+	SKF_METHOD_BIND_FUNCTION(EncryptUpdate);
+	SKF_METHOD_BIND_FUNCTION(EncryptFinal);
+	SKF_METHOD_BIND_FUNCTION(DecryptInit);
+	SKF_METHOD_BIND_FUNCTION(Decrypt);
+	SKF_METHOD_BIND_FUNCTION(DecryptUpdate);
+	SKF_METHOD_BIND_FUNCTION(DecryptFinal);
+	SKF_METHOD_BIND_FUNCTION(DigestInit);
+	SKF_METHOD_BIND_FUNCTION(Digest);
+	SKF_METHOD_BIND_FUNCTION(DigestUpdate);
+	SKF_METHOD_BIND_FUNCTION(DigestFinal);
+	SKF_METHOD_BIND_FUNCTION(MacInit);
+	SKF_METHOD_BIND_FUNCTION(Mac);
+	SKF_METHOD_BIND_FUNCTION(MacUpdate);
+	SKF_METHOD_BIND_FUNCTION(MacFinal);
+	SKF_METHOD_BIND_FUNCTION(CloseHandle);
+#ifdef SKF_HAS_ECCDECRYPT
+	SKF_METHOD_BIND_FUNCTION(ECCDecrypt);
+#endif
+
+	ret = skf;
+	skf = NULL;
+
+end:
+	SKF_METHOD_free(skf);
+	return ret;
+}
+
+void SKF_METHOD_free(SKF_METHOD *meth)
+{
+	if (meth)
+		DSO_free(meth->dso);
+	OPENSSL_free(meth);
+}

skf/skf_prn.c

@@ -0,0 +1,373 @@
+/* ====================================================================
+ * Copyright (c) 2014 - 2019 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <openssl/err.h>
+#include <openssl/gmskf.h>
+#include "internal/skf_int.h"
+#include "../../e_os.h"
+
+
+static char *skf_algor_name(ULONG ulAlgID)
+{
+	switch (ulAlgID) {
+	case SGD_SM1_ECB: return "sm1-ecb";
+	case SGD_SM1_CBC: return "sm1-cbc";
+	case SGD_SM1_CFB: return "sm1-cfb";
+	case SGD_SM1_OFB: return "sm1-ofb128";
+	case SGD_SM1_MAC: return "sm1-mac";
+	case SGD_SM4_ECB: return "sms4-ecb";
+	case SGD_SM4_CBC: return "sms4-cbc";
+	case SGD_SM4_CFB: return "sms4-cfb";
+	case SGD_SM4_OFB: return "sms4-ofb128";
+	case SGD_SM4_MAC: return "sms4-mac";
+	case SGD_SSF33_ECB: return "ssf33-ecb";
+	case SGD_SSF33_CBC: return "ssf33-cbc";
+	case SGD_SSF33_CFB: return "ssf33-cfb";
+	case SGD_SSF33_OFB: return "ssf33-ofb128";
+	case SGD_SSF33_MAC: return "ssf33-mac";
+	case SGD_RSA: return "rsa";
+	case SGD_SM2_1: return "sm2sign";
+	case SGD_SM2_2: return "sm2encrypt";
+	case SGD_SM2_3: return "sm2keyagreement";
+	case SGD_SM3: return "sm3";
+	case SGD_SHA1: return "sha1";
+	case SGD_SHA256: return "sha256";
+	}
+	return NULL;
+}
+
+ULONG SKF_GetDevStateName(ULONG ulDevState, LPSTR *szDevStateName)
+{
+	if (!szDevStateName) {
+		return SAR_INDATALENERR;
+	}
+
+	switch (ulDevState) {
+	case SKF_DEV_STATE_ABSENT:
+		*szDevStateName = (LPSTR)"Absent";
+		break;
+	case SKF_DEV_STATE_PRESENT:
+		*szDevStateName = (LPSTR)"Present";
+		break;
+	case SKF_DEV_STATE_UNKNOW:
+		*szDevStateName = (LPSTR)"Unknown";
+		break;
+	default:
+		*szDevStateName = (LPSTR)"(Error)";
+		return SAR_INDATALENERR;
+	}
+
+	return SAR_OK;
+}
+
+ULONG SKF_GetContainerTypeName(ULONG ulContainerType, LPSTR *szName)
+{
+	switch (ulContainerType) {
+	case SKF_CONTAINER_TYPE_UNDEF:
+		*szName = (LPSTR)"(undef)";
+		break;
+	case SKF_CONTAINER_TYPE_RSA:
+		*szName = (LPSTR)"RSA";
+		break;
+	case SKF_CONTAINER_TYPE_ECC:
+		*szName = (LPSTR)"EC";
+		break;
+	default:
+		*szName = (LPSTR)"(unknown)";
+	}
+	/* always success for help functions */
+	return SAR_OK;
+}
+
+typedef struct {
+	ULONG id;
+	char *name;
+} table_item_t;
+
+static table_item_t skf_cipher_caps[] = {
+	{ SGD_SM1_ECB, "sm1-ecb" },
+	{ SGD_SM1_CBC, "sm1-cbc" },
+	{ SGD_SM1_CFB, "sm1-cfb" },
+	{ SGD_SM1_OFB, "sm1-ofb128" },
+	{ SGD_SM1_MAC, "cbcmac-sm1" },
+	{ SGD_SSF33_ECB, "ssf33-ecb" },
+	{ SGD_SSF33_CBC, "ssf33-cbc" },
+	{ SGD_SSF33_CFB, "ssf33-cfb" },
+	{ SGD_SSF33_OFB, "ssf33-ofb128" },
+	{ SGD_SSF33_MAC, "cbcmac-ssf33" },
+	{ SGD_SM4_ECB, "sms4-ecb" },
+	{ SGD_SM4_CBC, "sms4-cbc" },
+	{ SGD_SM4_CFB, "sms4-cfb" },
+	{ SGD_SM4_OFB, "sms4-ofb128" },
+	{ SGD_SM4_MAC, "cbcmac-sms4" },
+	{ SGD_ZUC_EEA3, "zuc_128eea3" },
+	{ SGD_ZUC_EIA3, "zuc_128eia3" }
+};
+
+static table_item_t skf_digest_caps[] = {
+	{ SGD_SM3,  "sm3" },
+	{ SGD_SHA1, "sha1" },
+	{ SGD_SHA256, "sha256" },
+};
+
+static table_item_t skf_pkey_caps[] = {
+	{ SGD_RSA_SIGN, "rsa" },
+	{ SGD_RSA_ENC, "rsaEncryption" },
+	{ SGD_SM2_1, "sm2sign" },
+	{ SGD_SM2_2, "sm2exchange" },
+	{ SGD_SM2_3, "sm2encrypt" }
+};
+
+ULONG SKF_PrintDevInfo(BIO *out, DEVINFO *devInfo)
+{
+	size_t i, n;
+	char *serial = OPENSSL_buf2hexstr(devInfo->SerialNumber, strlen((char *)devInfo->SerialNumber));
+
+	BIO_printf(out, "  %-16s : %d.%d\n", "Version", devInfo->Version.major, devInfo->Version.minor);
+	BIO_printf(out, "  %-16s : %s\n", "Manufacturer", devInfo->Manufacturer);
+	BIO_printf(out, "  %-16s : %s\n", "Issuer", devInfo->Issuer);
+	BIO_printf(out, "  %-16s : %s\n", "Label", devInfo->Label);
+	BIO_printf(out, "  %-16s : %s\n", "Serial Number", serial);
+	BIO_printf(out, "  %-16s : %d.%d\n", "Firmware Version", devInfo->HWVersion.major, devInfo->HWVersion.minor);
+
+	BIO_printf(out, "  %-16s : ", "Ciphers");
+	for (i = n = 0; i < OSSL_NELEM(skf_cipher_caps); i++) {
+		if ((devInfo->AlgSymCap & skf_cipher_caps[i].id) ==
+			skf_cipher_caps[i].id) {
+			BIO_printf(out, "%s%s", n ? "," : "", skf_cipher_caps[i].name);
+			n++;
+		}
+	}
+	BIO_puts(out, "\n");
+
+	BIO_printf(out, "  %-16s : ", "Public Keys");
+	for (i = n = 0; i < OSSL_NELEM(skf_pkey_caps); i++) {
+		if ((devInfo->AlgAsymCap & skf_pkey_caps[i].id) ==
+			skf_pkey_caps[i].id) {
+			BIO_printf(out, "%s%s", n ? "," : "", skf_pkey_caps[i].name);
+			n++;
+		}
+	}
+	BIO_puts(out, "\n");
+
+	BIO_printf(out, "  %-16s : ", "Digests");
+	for (i = n = 0; i < OSSL_NELEM(skf_digest_caps); i++) {
+		if ((devInfo->AlgHashCap & skf_digest_caps[i].id) ==
+			skf_digest_caps[i].id) {
+			BIO_printf(out, "%s%s", n ? "," : "", skf_digest_caps[i].name);
+			n++;
+		}
+	}
+	BIO_puts(out, "\n");
+
+	BIO_printf(out, "  %-16s : ", "Auth Cipher");
+	for (i = 0; i < OSSL_NELEM(skf_cipher_caps); i++) {
+		if (devInfo->DevAuthAlgId == skf_cipher_caps[i].id) {
+			BIO_printf(out, "%s\n", skf_cipher_caps[i].name);
+			break;
+		}
+	}
+	if (i == OSSL_NELEM(skf_cipher_caps)) {
+		BIO_puts(out, "(unknown)\n");
+	}
+
+	if (devInfo->TotalSpace == UINT_MAX)
+		BIO_printf(out, "  %-16s : %s\n", "Total Sapce", "(unlimited)");
+	else	BIO_printf(out, "  %-16s : %u\n", "Total Sapce", devInfo->TotalSpace);
+
+	if (devInfo->FreeSpace == UINT_MAX)
+		BIO_printf(out, "  %-16s : %s\n", "Free Space", "(unlimited)");
+	else	BIO_printf(out, "  %-16s : %u\n", "Free Space", devInfo->FreeSpace);
+
+	if (devInfo->MaxECCBufferSize == UINT_MAX)
+		BIO_printf(out, "  %-16s : %s\n", "MAX ECC Input", "(unlimited)");
+	else	BIO_printf(out, "  %-16s : %u\n", "MAX ECC Input", devInfo->MaxECCBufferSize);
+
+	if (devInfo->MaxBufferSize == UINT_MAX)
+		BIO_printf(out, "  %-16s : %s\n", "MAX Cipher Input", "(unlimited)");
+	else	BIO_printf(out, "  %-16s : %u\n", "MAX Cipher Input", devInfo->MaxBufferSize);
+
+	OPENSSL_free(serial);
+	return SAR_OK;
+}
+
+ULONG SKF_PrintRSAPublicKey(BIO *out, RSAPUBLICKEYBLOB *blob)
+{
+	BIO_printf(out, "AlgID : %s\n", skf_algor_name(blob->AlgID));
+	BIO_printf(out, "BitLen : %u\n", blob->BitLen);
+	BIO_puts(out, "Modulus:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->Modulus, MAX_RSA_MODULUS_LEN);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "PublicExponent:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->PublicExponent, MAX_RSA_EXPONENT_LEN);
+	BIO_puts(out, "\n");
+	return SAR_OK;
+}
+
+ULONG SKF_PrintRSAPrivateKey(BIO *out, RSAPRIVATEKEYBLOB *blob)
+{
+	BIO_printf(out, "AlgID : %s\n", skf_algor_name(blob->AlgID));
+	BIO_printf(out, "BitLen : %u\n", blob->BitLen);
+	BIO_puts(out, "Modulus:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->Modulus, MAX_RSA_MODULUS_LEN);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "PublicExponent:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->PublicExponent, MAX_RSA_EXPONENT_LEN);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "PrivateExponent:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->PrivateExponent, MAX_RSA_MODULUS_LEN);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "Prime1:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->Prime1, MAX_RSA_MODULUS_LEN/2);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "Prime2:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->Prime2, MAX_RSA_MODULUS_LEN/2);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "Prime1Exponent:\n");
+	BIO_hex_string(out, 4, 16, blob->Prime1Exponent, MAX_RSA_MODULUS_LEN/2);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "    ");
+	BIO_puts(out, "Prime2Exponent:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->Prime2Exponent, MAX_RSA_MODULUS_LEN/2);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "Coefficient:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->Coefficient, MAX_RSA_MODULUS_LEN/2);
+	BIO_puts(out, "\n");
+	return SAR_OK;
+}
+
+ULONG SKF_PrintECCPublicKey(BIO *out, ECCPUBLICKEYBLOB *blob)
+{
+	BIO_printf(out, "BitLen : %u\n", blob->BitLen);
+	BIO_puts(out, "XCoordinate:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->XCoordinate, ECC_MAX_XCOORDINATE_BITS_LEN/8);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "YCoordinate:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->YCoordinate, ECC_MAX_XCOORDINATE_BITS_LEN/8);
+	BIO_puts(out, "\n");
+	return SAR_OK;
+}
+
+ULONG SKF_PrintECCPrivateKey(BIO *out, ECCPRIVATEKEYBLOB *blob)
+{
+	BIO_printf(out, "BitLen : %u\n", blob->BitLen);
+	BIO_puts(out, "PrivateKey:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->PrivateKey, ECC_MAX_MODULUS_BITS_LEN/8);
+	BIO_puts(out, "\n");
+	return SAR_OK;
+}
+
+ULONG SKF_PrintECCCipher(BIO *out, ECCCIPHERBLOB *blob)
+{
+	BIO_puts(out, "XCoordinate:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->XCoordinate, ECC_MAX_XCOORDINATE_BITS_LEN/8);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "YCoordinate:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->YCoordinate, ECC_MAX_XCOORDINATE_BITS_LEN/8);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "HASH:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->HASH, 32);
+	BIO_puts(out, "\n");
+	BIO_printf(out, "CipherLen: %u\n", blob->CipherLen);
+	BIO_puts(out, "Cipher:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->Cipher, blob->CipherLen);
+	BIO_puts(out, "\n");
+	return SAR_OK;
+}
+
+ULONG SKF_PrintECCSignature(BIO *out, ECCSIGNATUREBLOB *blob)
+{
+	BIO_puts(out, "r:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->r, ECC_MAX_XCOORDINATE_BITS_LEN/8);
+	BIO_puts(out, "\n");
+	BIO_puts(out, "s:\n");
+	BIO_puts(out, "    ");
+	BIO_hex_string(out, 4, 16, blob->s, ECC_MAX_XCOORDINATE_BITS_LEN/8);
+	BIO_puts(out, "\n");
+	return SAR_OK;
+}
+
+ULONG DEVAPI SKF_GetAlgorName(ULONG ulAlgID, LPSTR *szName)
+{
+	char *name;
+	if ((name = skf_algor_name(ulAlgID)) != NULL) {
+		*szName = (LPSTR)&name;
+		return SAR_OK;
+	}
+	return SAR_FAIL;
+}
+
+ULONG DEVAPI SKF_PrintErrorString(BIO *out, ULONG ulError)
+{
+	LPSTR str = NULL;
+	SKF_GetErrorString(ulError, &str);
+	BIO_printf(out, "SKF Error: %s\n", (char *)str);
+	return SAR_OK;
+}

skf/skf_wisec.c

@@ -0,0 +1,200 @@
+/* ====================================================================
+ * Copyright (c) 2016 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/err.h>
+#include <openssl/gmskf.h>
+#include "internal/skf_int.h"
+#include "../../e_os.h"
+#include "skf_wisec.h"
+
+typedef struct {
+	ULONG std_id;
+	ULONG vendor_id;
+} SKF_ALGOR_PAIR;
+
+static SKF_ALGOR_PAIR wisec_ciphers[] = {
+	{ SGD_SM1, WISEC_SM1 },
+	{ SGD_SM1_ECB, WISEC_SM1_ECB },
+	{ SGD_SM1_CBC, WISEC_SM1_CBC },
+	{ SGD_SM1_CFB, WISEC_SM1_CFB },
+	{ SGD_SM1_OFB, WISEC_SM1_OFB },
+	{ SGD_SM1_MAC, WISEC_SM1_MAC },
+	{ SGD_SM4, WISEC_SM4 },
+	{ SGD_SM4_ECB, WISEC_SM4_ECB },
+	{ SGD_SM4_CBC, WISEC_SM4_CBC },
+	{ SGD_SM4_CFB, WISEC_SM4_CFB },
+	{ SGD_SM4_OFB, WISEC_SM4_OFB },
+	{ SGD_SM4_MAC, WISEC_SM4_MAC },
+	{ SGD_SSF33, WISEC_SSF33 },
+	{ SGD_SSF33_ECB, WISEC_SSF33_ECB },
+	{ SGD_SSF33_CBC, WISEC_SSF33_CBC },
+	{ SGD_SSF33_CFB, WISEC_SSF33_CFB },
+	{ SGD_SSF33_OFB, WISEC_SSF33_OFB },
+	{ SGD_SSF33_MAC, WISEC_SSF33_MAC },
+};
+
+static ULONG wisec_get_cipher_algor(ULONG vendor_id)
+{
+	size_t i;
+	for (i = 0; i < OSSL_NELEM(wisec_ciphers); i++) {
+		if (vendor_id == wisec_ciphers[i].vendor_id) {
+			return wisec_ciphers[i].std_id;
+		}
+	}
+	return 0;
+}
+
+static ULONG wisec_get_cipher_cap(ULONG vendor_cap)
+{
+	ULONG std_cap = 0;
+	size_t i;
+	for (i = 0; i < OSSL_NELEM(wisec_ciphers); i++) {
+		if (vendor_cap & wisec_ciphers[i].vendor_id) {
+			std_cap |= wisec_ciphers[i].std_id;
+		}
+	}
+	return std_cap;
+}
+
+static SKF_ALGOR_PAIR wisec_digests[] = {
+	{ SGD_SM3, WISEC_SM3 },
+	{ SGD_SHA1, WISEC_SHA1 },
+	{ SGD_SHA256, WISEC_SHA256 },
+};
+
+static ULONG wisec_get_digest_algor(ULONG vendor_id)
+{
+	size_t i;
+	for (i = 0; i < OSSL_NELEM(wisec_digests); i++) {
+		if (vendor_id == wisec_digests[i].vendor_id) {
+			return wisec_digests[i].std_id;
+		}
+	}
+	return 0;
+}
+
+static ULONG wisec_get_digest_cap(ULONG vendor_cap)
+{
+	ULONG std_cap = 0;
+	size_t i;
+	for (i = 0; i < OSSL_NELEM(wisec_digests); i++) {
+		if (vendor_cap & wisec_digests[i].vendor_id) {
+			std_cap |= wisec_digests[i].std_id;
+		}
+	}
+	return std_cap;
+}
+
+static SKF_ALGOR_PAIR wisec_pkeys[] = {
+	{ SGD_RSA, WISEC_RSA },
+	{ SGD_RSA_SIGN, WISEC_RSA_SIGN },
+	{ SGD_RSA_ENC, WISEC_RSA_ENC },
+	{ SGD_SM2, WISEC_SM2 },
+	{ SGD_SM2_1, WISEC_SM2_1 },
+	{ SGD_SM2_2, WISEC_SM2_2 },
+	{ SGD_SM2_3, WISEC_SM2_3 },
+};
+
+static ULONG wisec_get_pkey_algor(ULONG vendor_id)
+{
+	size_t i;
+	for (i = 0; i < OSSL_NELEM(wisec_pkeys); i++) {
+		if (vendor_id == wisec_pkeys[i].vendor_id) {
+			return wisec_pkeys[i].std_id;
+		}
+	}
+	return 0;
+}
+
+static ULONG wisec_get_pkey_cap(ULONG vendor_cap)
+{
+	ULONG std_cap = 0;
+	size_t i;
+	for (i = 0; i < OSSL_NELEM(wisec_pkeys); i++) {
+		if (vendor_cap & wisec_pkeys[i].vendor_id) {
+			std_cap |= wisec_pkeys[i].std_id;
+		}
+	}
+	return std_cap;
+}
+
+static SKF_ERR_REASON wisec_errors[] = {
+	{ WISEC_AUTH_BLOCKED, SKF_R_WISEC_AUTH_BLOCKED },
+	{ WISEC_CERTNOUSAGEERR, SKF_R_WISEC_CERTNOUSAGEERR },
+	{ WISEC_INVALIDCONTAINERERR, SKF_R_WISEC_INVALIDCONTAINERERR },
+	{ WISEC_CONTAINER_NOT_EXISTS, SKF_R_WISEC_CONTAINER_NOT_EXISTS },
+	{ WISEC_CONTAINER_EXISTS, SKF_R_WISEC_CONTAINER_EXISTS },
+	{ WISEC_CERTUSAGEERR, SKF_R_WISEC_CERTUSAGEERR },
+	{ WISEC_KEYNOUSAGEERR, SKF_R_WISEC_KEYNOUSAGEERR },
+	{ WISEC_FILEATTRIBUTEERR, SKF_R_WISEC_FILEATTRIBUTEERR },
+	{ WISEC_DEVNOAUTH, SKF_R_WISEC_DEVNOAUTH },
+};
+
+static unsigned long wisec_get_error_reason(ULONG err)
+{
+	size_t i = 0;
+	for (i = 0; i < OSSL_NELEM(wisec_errors); i++) {
+		if (err == wisec_errors[i].err) {
+			return wisec_errors[i].reason;
+		}
+	}
+	return 0;
+}
+
+SKF_VENDOR skf_wisec = {
+	"wisec",
+	16,
+	wisec_get_cipher_algor,
+	wisec_get_cipher_cap,
+	wisec_get_digest_algor,
+	wisec_get_digest_cap,
+	wisec_get_pkey_algor,
+	wisec_get_pkey_cap,
+	wisec_get_error_reason,
+};

skf/skf_wisec.h

@@ -0,0 +1,157 @@
+/* ====================================================================
+ * Copyright (c) 2016 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_SKF_WISEC_H
+#define HEADER_SKF_WISEC_H
+
+#include <openssl/err.h>
+#include <openssl/gmskf.h>
+
+
+#define WISEC_SM1		(SGD_SM1)
+#define WISEC_SM1_ECB		(SGD_SM1_ECB)
+#define WISEC_SM1_CBC		(SGD_SM1_CBC)
+#define WISEC_SM1_CFB		(SGD_SM1_CFB)
+#define WISEC_SM1_OFB		(SGD_SM1_OFB)
+#define WISEC_SM1_MAC		(SGD_SM1_MAC)
+
+#define WISEC_SSF33		(SGD_SSF33)
+#define WISEC_SSF33_ECB		(SGD_SSF33_ECB)
+#define WISEC_SSF33_CBC		(SGD_SSF33_CBC)
+#define WISEC_SSF33_CFB		(SGD_SSF33_CFB)
+#define WISEC_SSF33_OFB		(SGD_SSF33_OFB)
+#define WISEC_SSF33_MAC		(SGD_SSF33_MAC)
+
+#define WISEC_SM4		(SGD_SM4)
+#define WISEC_SM4_ECB		(WISEC_SM4|SGD_ECB)
+#define WISEC_SM4_CBC		(WISEC_SM4|SGD_CBC)
+#define WISEC_SM4_CFB		(WISEC_SM4|SGD_CFB)
+#define WISEC_SM4_OFB		(WISEC_SM4|SGD_OFB)
+#define WISEC_SM4_MAC		(WISEC_SM4|SGD_MAC)
+
+#define WISEC_AES		0x00000800
+#define WISEC_128		0x00000000
+#define WISEC_192		0x00000010
+#define WISEC_256		0x00000020
+#define WISEC_AES128		(WISEC_AES|WISEC_128)
+#define WISEC_AES192		(WISEC_AES|WISEC_192)
+#define WISEC_AES256		(WISEC_AES|WISEC_256)
+#define WISEC_AES128_ECB	(WISEC_AES128|SGD_ECB)
+#define WISEC_AES128_CBC	(WISEC_AES128|SGD_CBC)
+#define WISEC_AES128_CFB	(WISEC_AES128|SGD_CFB)
+#define WISEC_AES128_OFB	(WISEC_AES128|SGD_OFB)
+#define WISEC_AES128_MAC	(WISEC_AES128|SGD_MAC)
+#define WISEC_AES192_ECB	(WISEC_AES192|SGD_ECB)
+#define WISEC_AES192_CBC	(WISEC_AES192|SGD_CBC)
+#define WISEC_AES192_CFB	(WISEC_AES192|SGD_CFB)
+#define WISEC_AES192_OFB	(WISEC_AES192|SGD_OFB)
+#define WISEC_AES192_MAC	(WISEC_AES192|SGD_MAC)
+#define WISEC_AES256_ECB	(WISEC_AES256|SGD_ECB)
+#define WISEC_AES256_CBC	(WISEC_AES256|SGD_CBC)
+#define WISEC_AES256_CFB	(WISEC_AES256|SGD_CFB)
+#define WISEC_AES256_OFB	(WISEC_AES256|SGD_OFB)
+#define WISEC_AES256_MAC	(WISEC_AES256|SGD_MAC)
+
+#define WISEC_DES		0x00001000
+#define WISEC_DES_ECB		(WISEC_DES|SGD_ECB)
+#define WISEC_DES_CBC		(WISEC_DES|SGD_CBC)
+#define WISEC_DES_CFB		(WISEC_DES|SGD_CFB)
+#define WISEC_DES_OFB		(WISEC_DES|SGD_OFB)
+#define WISEC_DES_MAC		(WISEC_DES|SGD_MAC)
+
+#define WISEC_D3DES		0x00001010
+#define WISEC_D3DES_ECB		(WISEC_D3DES|SGD_ECB)
+#define WISEC_D3DES_CBC		(WISEC_D3DES|SGD_CBC)
+#define WISEC_D3DES_CFB		(WISEC_D3DES|SGD_CFB)
+#define WISEC_D3DES_OFB		(WISEC_D3DES|SGD_OFB)
+#define WISEC_D3DES_MAC		(WISEC_D3DES|SGD_MAC)
+
+#define WISEC_T3DES		0x00001020
+#define WISEC_T3DES_ECB		(WISEC_T3DES|SGD_ECB)
+#define WISEC_T3DES_CBC		(WISEC_T3DES|SGD_CBC)
+#define WISEC_T3DES_CFB		(WISEC_T3DES|SGD_CFB)
+#define WISEC_T3DES_OFB		(WISEC_T3DES|SGD_OFB)
+#define WISEC_T3DES_MAC		(WISEC_T3DES|SGD_MAC)
+
+#define WISEC_SM3		(SGD_SM3)
+#define WISEC_SHA1		(SGD_SHA1)
+#define WISEC_SHA256		(SGD_SHA256)
+
+#define WISEC_RSA		(SGD_RSA)
+#define WISEC_RSA_SIGN		(SGD_RSA_SIGN)
+#define WISEC_RSA_ENC		(SGD_RSA_ENC)
+#define WISEC_SM2		(SGD_SM2)
+#define WISEC_SM2_1		(SGD_SM2_1)
+#define WISEC_SM2_2		(SGD_SM2_2)
+#define WISEC_SM2_3		(SGD_SM2_3)
+
+
+#define WISEC_AUTH_BLOCKED		0x0A000033
+#define WISEC_CERTNOUSAGEERR		0x0A000034
+#define WISEC_INVALIDCONTAINERERR	0x0A000035
+#define WISEC_CONTAINER_NOT_EXISTS	0x0A000036
+#define WISEC_CONTAINER_EXISTS		0x0A000037
+#define WISEC_CERTUSAGEERR		0x0A000038
+#define WISEC_KEYNOUSAGEERR		0x0A000039
+#define WISEC_FILEATTRIBUTEERR		0x0A00003A
+#define WISEC_DEVNOAUTH			0x0A00003B
+
+/*
+ULONG DEVAPI SKFE_SetSN(DEVHANDLE hDev, CHAR *SN, UINT SNLen);
+ULONG DEVAPI SKFE_GenExtECCKey(DEVHANDLE hDev, PECCPRIVATEKEYBLOB pPriBlob, PECCPUBLICKEYBLOB pPubBlob);
+ULONG DEVAPI SKF_ECCDecrypt(HCONTAINER hContainer, PECCCIPHERBLOB pCipherText, BYTE *pbPlainText,ULONG *pulPlainTextLen);
+ULONG DEVAPI SKF_GenerateKey(HCONTAINER hContainer, ULONG ulAlgId, HANDLE *phSessionKey) ;
+ULONG DEVAPI SKF_ECCExportSessionKeyByHandle(HANDLE phSessionKey, ECCPUBLICKEYBLOB *pPubKey,PECCCIPHERBLOB pData);
+ULONG DEVAPI SKF_RSAExportSessionKeyByHandle(HANDLE phSessionKey, RSAPUBLICKEYBLOB*pPubKey,BYTE *pbData, ULONG *pulDataLen);
+ULONG DEVAPI SKF_PrvKeyDecrypt(HCONTAINER hContainer, PECCCIPHERBLOB pCipherText, BYTE *pbData, ULONG *pbDataLen);
+ULONG DEVAPI SKF_PrvKeyDecrypt(HCONTAINER hContainer, ULONG ulType, PECCCIPHERBLOB pCipherText, BYTE *pbData, ULONG *pbDataLen);
+ULONG DEVAPI SKF_RSAPrvKeyDecrypt(HCONTAINER hContainer, BYTE *pCipherData, ULONG pCipherDataLen, BYTE *pbData, ULONG *pbDataLen);
+*/
+
+#endif