abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove SDF and SKF

Browse Source
This commit is contained in:
Zhi Guan
2022-03-16 15:21:14 +08:00
parent ea4cc6585c
commit ad1a4d66f9
23 changed files with 0 additions and 11492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sdf/Makefile
View File

@@ -1,3 +0,0 @@
all:
gcc -I ../include *.c -o sdfutil

17
sdf/README.md
View File

@@ -1,17 +0,0 @@
# SDF
SDF模块用于支持SDF密码卡硬件。目前这部分代码完全是从GmSSL 2.x中移植过来并移除了对OpenSSL的依赖。
源文件包括:
* `sdf.h`, `sgd.h`这两个头文件来自于SDF的标准
* `sdf_ext.h`,即原来的`gmsdf.h`为SDF接口增加了一些辅助功能。实现在`sdf_ext.c`中。
* `sdf_int.h``sdf_meth.c`实现了对SDF动态库函数的调用将SDF动态库转换为一个SDF的对象包含函数指针
* `sdf_lib.c`调用SDF_METHOD实现了sdf.h的功能
* `sdf_sansec.h/c`,针对三未信安密码卡非标准功能的支持
* `sdfutil.c`一个访问SDF密码卡的命令行程序
后续工作:
* 在gmssl的API中融入对SDF的支持。以相对ENGINE更轻量级的方式来实现。

471
sdf/sdf.h
View File

@@ -1,471 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* SDF API is a cryptographic API for PCI-E cards defined in standard
* GM/T 0018-2012: Interface Specifications of Cryptography Device Application
*
* Note: this header file follows the specification of GM/T 0018-2012. As we
* know, some vendors provide header files with some differences, especially
* the definations of data structures. So be sure to check the file provided by
* vendors and compare with this one.
*
* The implementations of SDF API from different vendors might have different
* behaviors on the same function. The comments in this file will show
* information and warnings on these issues. If the application developer use
* the GmSSL implementation, see `crypto/gmapi/sdf_lcl.h` for more information.
*/
#ifndef HEADER_SDF_H
#define HEADER_SDF_H
#include <stdio.h>
#include "sgd.h"
#ifdef __cplusplus
extern "C" {
#endif
#pragma pack(1)
typedef struct DeviceInfo_st {
unsigned char IssuerName[40];
unsigned char DeviceName[16];
unsigned char DeviceSerial[16]; /* 8-char date +
* 3-char batch num +
* 5-char serial num
*/
unsigned int DeviceVersion;
unsigned int StandardVersion;
unsigned int AsymAlgAbility[2]; /* AsymAlgAbility[0] = algors
* AsymAlgAbility[1] = modulus lens
*/
unsigned int SymAlgAbility;
unsigned int HashAlgAbility;
unsigned int BufferSize;
} DEVICEINFO;
typedef struct RSArefPublicKey_st {
unsigned int bits;
unsigned char m[RSAref_MAX_LEN];
unsigned char e[RSAref_MAX_LEN];
} RSArefPublicKey;
typedef struct RSArefPrivateKey_st {
unsigned int bits;
unsigned char m[RSAref_MAX_LEN];
unsigned char e[RSAref_MAX_LEN];
unsigned char d[RSAref_MAX_LEN];
unsigned char prime[2][RSAref_MAX_PLEN];
unsigned char pexp[2][RSAref_MAX_PLEN];
unsigned char coef[RSAref_MAX_PLEN];
} RSArefPrivateKey;
typedef struct ECCrefPublicKey_st {
unsigned int bits;
unsigned char x[ECCref_MAX_LEN];
unsigned char y[ECCref_MAX_LEN];
} ECCrefPublicKey;
typedef struct ECCrefPrivateKey_st {
unsigned int bits;
unsigned char K[ECCref_MAX_LEN];
} ECCrefPrivateKey;
typedef struct ECCCipher_st {
unsigned char x[ECCref_MAX_LEN];
unsigned char y[ECCref_MAX_LEN];
unsigned char M[32];
unsigned int L;
unsigned char C[1];
} ECCCipher;
typedef struct ECCSignature_st {
unsigned char r[ECCref_MAX_LEN];
unsigned char s[ECCref_MAX_LEN];
} ECCSignature;
typedef struct SDF_ENVELOPEDKEYBLOB {
unsigned long Version;
unsigned long ulSymmAlgID;
ECCCipher ECCCipehrBlob;
ECCrefPublicKey PubKey;
unsigned char cbEncryptedPrivKey[64];
} EnvelopedKeyBlob, *PEnvelopedKeyBlob;
#pragma pack()
int SDF_OpenDevice(
void **phDeviceHandle);
int SDF_CloseDevice(
void *hDeviceHandle);
int SDF_OpenSession(
void *hDeviceHandle,
void **phSessionHandle);
int SDF_CloseSession(
void *hSessionHandle);
int SDF_GetDeviceInfo(
void *hSessionHandle,
DEVICEINFO *pstDeviceInfo);
int SDF_GenerateRandom(
void *hSessionHandle,
unsigned int uiLength,
unsigned char *pucRandom);
int SDF_GetPrivateKeyAccessRight(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucPassword,
unsigned int uiPwdLength);
int SDF_ReleasePrivateKeyAccessRight(
void *hSessionHandle,
unsigned int uiKeyIndex);
int SDF_ExportSignPublicKey_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey);
int SDF_ExportEncPublicKey_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey);
int SDF_GenerateKeyPair_RSA(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
RSArefPrivateKey *pucPrivateKey);
int SDF_GenerateKeyWithIPK_RSA(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
int SDF_GenerateKeyWithEPK_RSA(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
int SDF_ImportKeyWithISK_RSA(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle);
int SDF_ExchangeDigitEnvelopeBaseOnRSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDEInput,
unsigned int uiDELength,
unsigned char *pucDEOutput,
unsigned int *puiDELength);
int SDF_ExportSignPublicKey_ECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey);
int SDF_ExportEncPublicKey_ECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey);
int SDF_GenerateKeyPair_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKeyBits,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey);
int SDF_GenerateKeyWithIPK_ECC(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits,
ECCCipher *pucKey,
void **phKeyHandle);
int SDF_GenerateKeyWithEPK_ECC(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucKey,
void **phKeyHandle);
int SDF_ImportKeyWithISK_ECC(
void *hSessionHandle,
unsigned int uiISKIndex,
ECCCipher *pucKey,
void **phKeyHandle);
int SDF_GenerateAgreementDataWithECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
void **phAgreementHandle);
int SDF_GenerateKeyWithECC(
void *hSessionHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void *hAgreementHandle,
void **phKeyHandle);
int SDF_GenerateAgreementDataAndKeyWithECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void **phKeyHandle);
int SDF_ExchangeDigitEnvelopeBaseOnECC(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucEncDataIn,
ECCCipher *pucEncDataOut);
int SDF_GenerateKeyWithKEK(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
int SDF_ImportKeyWithKEK(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle);
int SDF_DestroyKey(
void *hSessionHandle,
void *hKeyHandle);
int SDF_ExternalPublicKeyOperation_RSA(
void *hSessionHandle,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
int SDF_InternalPublicKeyOperation_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
int SDF_InternalPrivateKeyOperation_RSA(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
int SDF_ExternalVerify_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
ECCSignature *pucSignature);
int SDF_InternalSign_ECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature);
int SDF_InternalVerify_ECC(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature);
int SDF_ExternalEncrypt_ECC(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData);
int SDF_InternalEncrypt_ECC(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiAlgID,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData);
int SDF_InternalDecrypt_ECC(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiAlgID,
ECCCipher *pucEncData,
unsigned char *pucData,
unsigned int *uiDataLength);
int SDF_Encrypt(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucEncData,
unsigned int *puiEncDataLength);
int SDF_Decrypt(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucEncData,
unsigned int uiEncDataLength,
unsigned char *pucData,
unsigned int *puiDataLength);
int SDF_CalculateMAC(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucMAC,
unsigned int *puiMACLength);
int SDF_HashInit(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucID,
unsigned int uiIDLength);
int SDF_HashUpdate(
void *hSessionHandle,
unsigned char *pucData,
unsigned int uiDataLength);
int SDF_HashFinal(void *hSessionHandle,
unsigned char *pucHash,
unsigned int *puiHashLength);
int SDF_CreateFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen, /* max 128-byte */
unsigned int uiFileSize);
int SDF_ReadFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int *puiReadLength,
unsigned char *pucBuffer);
int SDF_WriteFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int uiWriteLength,
unsigned char *pucBuffer);
int SDF_DeleteFile(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen);
#define SDR_OK 0x0
#define SDR_BASE 0x01000000
#define SDR_UNKNOWERR (SDR_BASE + 0x00000001)
#define SDR_NOTSUPPORT (SDR_BASE + 0x00000002)
#define SDR_COMMFAIL (SDR_BASE + 0x00000003)
#define SDR_HARDFAIL (SDR_BASE + 0x00000004)
#define SDR_OPENDEVICE (SDR_BASE + 0x00000005)
#define SDR_OPENSESSION (SDR_BASE + 0x00000006)
#define SDR_PARDENY (SDR_BASE + 0x00000007)
#define SDR_KEYNOTEXIST (SDR_BASE + 0x00000008)
#define SDR_ALGNOTSUPPORT (SDR_BASE + 0x00000009)
#define SDR_ALGMODNOTSUPPORT (SDR_BASE + 0x0000000A)
#define SDR_PKOPERR (SDR_BASE + 0x0000000B)
#define SDR_SKOPERR (SDR_BASE + 0x0000000C)
#define SDR_SIGNERR (SDR_BASE + 0x0000000D)
#define SDR_VERIFYERR (SDR_BASE + 0x0000000E)
#define SDR_SYMOPERR (SDR_BASE + 0x0000000F)
#define SDR_STEPERR (SDR_BASE + 0x00000010)
#define SDR_FILESIZEERR (SDR_BASE + 0x00000011)
#define SDR_FILENOEXIST (SDR_BASE + 0x00000012)
#define SDR_FILEOFSERR (SDR_BASE + 0x00000013)
#define SDR_KEYTYPEERR (SDR_BASE + 0x00000014)
#define SDR_KEYERR (SDR_BASE + 0x00000015)
#define SDR_ENCDATAERR (SDR_BASE + 0x00000016)
#define SDR_RANDERR (SDR_BASE + 0x00000017)
#define SDR_PRKRERR (SDR_BASE + 0x00000018)
#define SDR_MACERR (SDR_BASE + 0x00000019)
#define SDR_FILEEXSITS (SDR_BASE + 0x0000001A)
#define SDR_FILEWERR (SDR_BASE + 0x0000001B)
#define SDR_NOBUFFER (SDR_BASE + 0x0000001C)
#define SDR_INARGERR (SDR_BASE + 0x0000001D)
#define SDR_OUTARGERR (SDR_BASE + 0x0000001E)
#ifdef __cplusplus
}
#endif
#endif

259
sdf/sdf_ext.c
View File

@@ -1,259 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include "sdf_int.h"
#include "sdf_sansec.h"
int format_bytes(FILE *out, int indent, int format, const uint8_t *data, size_t datalen)
{
return 0;
}
#define SDFerr(a,b)
typedef struct {
ULONG id;
char *name;
} table_item_t;
static table_item_t sdf_cipher_caps[] = {
{ SGD_SM1_ECB, "sm1-ecb" },
{ SGD_SM1_CBC, "sm1-cbc" },
{ SGD_SM1_CFB, "sm1-cfb" },
{ SGD_SM1_OFB, "sm1-ofb128" },
{ SGD_SM1_MAC, "cbcmac-sm1" },
{ SGD_SSF33_ECB, "ssf33-ecb" },
{ SGD_SSF33_CBC, "ssf33-cbc" },
{ SGD_SSF33_CFB, "ssf33-cfb" },
{ SGD_SSF33_OFB, "ssf33-ofb128" },
{ SGD_SSF33_MAC, "cbcmac-ssf33" },
{ SGD_SM4_ECB, "sms4-ecb" },
{ SGD_SM4_CBC, "sms4-cbc" },
{ SGD_SM4_CFB, "sms4-cfb" },
{ SGD_SM4_OFB, "sms4-ofb128" },
{ SGD_SM4_MAC, "cbcmac-sms4" },
{ SGD_ZUC_EEA3, "zuc_128eea3" },
{ SGD_ZUC_EIA3, "zuc_128eia3" }
};
static table_item_t sdf_digest_caps[] = {
{ SGD_SM3, "sm3" },
{ SGD_SHA1, "sha1" },
{ SGD_SHA256, "sha256" },
};
static table_item_t sdf_pkey_caps[] = {
{ SGD_RSA_SIGN, "rsa" },
{ SGD_RSA_ENC, "rsaEncryption" },
{ SGD_SM2_1, "sm2sign" },
{ SGD_SM2_2, "sm2exchange" },
{ SGD_SM2_3, "sm2encrypt" }
};
int SDF_PrintDeviceInfo(FILE *out, DEVICEINFO *pstDeviceInfo)
{
size_t i, n;
DEVICEINFO buf;
DEVICEINFO *devInfo = &buf;
memcpy(devInfo, pstDeviceInfo, sizeof(DEVICEINFO));
devInfo->IssuerName[39] = 0;
devInfo->DeviceName[15] = 0;
devInfo->DeviceSerial[15] = 0;
fprintf(out, " %-18s : %s\n", "Device Name", devInfo->DeviceName);
fprintf(out, " %-18s : %s\n", "Serial Number", devInfo->DeviceSerial);
fprintf(out, " %-18s : %s\n", "Issuer", devInfo->IssuerName);
fprintf(out, " %-18s : %u\n", "Hardware Version", devInfo->DeviceVersion);
fprintf(out, " %-18s : %u\n", "Standard Version", devInfo->StandardVersion);
fprintf(out, " %-18s : ", "Public Key Algors");
for (i = n = 0; i < sizeof(sdf_pkey_caps)/sizeof(sdf_pkey_caps[0]); i++) {
if ((devInfo->AsymAlgAbility[0] & sdf_pkey_caps[i].id) ==
sdf_pkey_caps[i].id) {
fprintf(out, "%s%s", n ? "," : "", sdf_pkey_caps[i].name);
n++;
}
}
fprintf(out, "\n");
fprintf(out, " %-18s : ", "Ciphers");
for (i = n = 0; i < sizeof(sdf_cipher_caps)/sizeof(sdf_cipher_caps[0]); i++) {
if ((devInfo->SymAlgAbility & sdf_cipher_caps[i].id) ==
sdf_cipher_caps[i].id) {
fprintf(out, "%s%s", n ? "," : "", sdf_cipher_caps[i].name);
n++;
}
}
fprintf(out, "\n");
fprintf(out, " %-18s : ", "Digests");
for (i = n = 0; i < sizeof(sdf_digest_caps)/sizeof(sdf_digest_caps[0]); i++) {
if ((devInfo->HashAlgAbility & sdf_digest_caps[i].id) ==
sdf_digest_caps[i].id) {
fprintf(out, "%s%s", n ? "," : "", sdf_digest_caps[i].name);
n++;
}
}
fprintf(out, "\n");
fprintf(out, "\n");
return SDR_OK;
}
int SDF_PrintRSAPublicKey(FILE *out, RSArefPublicKey *blob)
{
(void)fprintf(out, "bits: %d\n", blob->bits);
(void)fprintf(out, "m:\n ");
(void)format_bytes(out, 4, 16, blob->m, sizeof(blob->m));
(void)fprintf(out, "\n");
(void)fprintf(out, "e:\n ");
(void)format_bytes(out, 4, 16, blob->e, sizeof(blob->e));
(void)fprintf(out, "\n");
return SDR_OK;
}
int SDF_PrintRSAPrivateKey(FILE *bio, RSArefPrivateKey *blob)
{
(void)fprintf(bio, "bits: %d", blob->bits);
(void)fprintf(bio, "\n%s:\n ", "m");
(void)format_bytes(bio, 4, 16, blob->m, sizeof(blob->m));
(void)fprintf(bio, "\n%s:\n ", "e");
(void)format_bytes(bio, 4, 16, blob->e, sizeof(blob->e));
(void)fprintf(bio, "\n%s:\n ", "d");
(void)format_bytes(bio, 4, 16, blob->d, sizeof(blob->d));
(void)fprintf(bio, "\n%s:\n ", "prime[0]");
(void)format_bytes(bio, 4, 16, blob->prime[0], sizeof(blob->prime[0]));
(void)fprintf(bio, "\n%s:\n ", "prime[1]");
(void)format_bytes(bio, 4, 16, blob->prime[1], sizeof(blob->prime[1]));
(void)fprintf(bio, "\n%s:\n ", "pexp[0]");
(void)format_bytes(bio, 4, 16, blob->pexp[0], sizeof(blob->pexp[0]));
(void)fprintf(bio, "\n%s:\n ", "pexp[1]");
(void)format_bytes(bio, 4, 16, blob->pexp[1], sizeof(blob->pexp[1]));
(void)fprintf(bio, "\n%s:\n ", "coef");
(void)format_bytes(bio, 4, 16, blob->coef, sizeof(blob->coef));
(void)fprintf(bio, "\n");
return SDR_OK;
}
int SDF_PrintECCPublicKey(FILE *bio, ECCrefPublicKey *blob)
{
(void)fprintf(bio, "bits: %d", blob->bits);
(void)fprintf(bio, "\n%s:\n ", "x");
(void)format_bytes(bio, 4, 16, blob->x, sizeof(blob->x));
(void)fprintf(bio, "\n%s:\n ", "y");
(void)format_bytes(bio, 4, 16, blob->y, sizeof(blob->y));
(void)fprintf(bio, "\n");
return SDR_OK;
}
int SDF_PrintECCPrivateKey(FILE *bio, ECCrefPrivateKey *blob)
{
(void)fprintf(bio, "bits: %d", blob->bits);
(void)fprintf(bio, "\n%s:\n ", "K");
(void)format_bytes(bio, 4, 16, blob->K, sizeof(blob->K));
(void)fprintf(bio, "\n");
return SDR_OK;
}
int SDF_PrintECCCipher(FILE *bio, ECCCipher *blob)
{
(void)fprintf(bio, "%s:\n ", "x");
(void)format_bytes(bio, 4, 16, blob->x, sizeof(blob->x));
(void)fprintf(bio, "\n%s:\n ", "y");
(void)format_bytes(bio, 4, 16, blob->y, sizeof(blob->y));
(void)fprintf(bio, "\n%s:\n ", "M");
(void)format_bytes(bio, 4, 16, blob->M, sizeof(blob->M));
(void)fprintf(bio, "\nL: %d", blob->L);
(void)fprintf(bio, "\n%s:\n ", "C");
(void)format_bytes(bio, 4, 16, blob->C, sizeof(blob->C));
(void)fprintf(bio, "\n");
return SDR_OK;
}
int SDF_PrintECCSignature(FILE *bio, ECCSignature *blob)
{
(void)fprintf(bio, "%s:\n ", "r");
(void)format_bytes(bio, 4, 16, blob->r, sizeof(blob->r));
(void)fprintf(bio, "\n%s:\n ", "s");
(void)format_bytes(bio, 4, 16, blob->s, sizeof(blob->s));
(void)fprintf(bio, "\n");
return SDR_OK;
}
int SDF_ImportKey(
void *hSessionHandle,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle)
{
(void)hSessionHandle;
(void)pucKey;
(void)uiKeyLength;
(void)phKeyHandle;
SDFerr(SDF_F_SDF_IMPORTKEY, SDF_R_NOT_IMPLEMENTED);
return SDR_NOTSUPPORT;
}
int SDF_NewECCCipher(ECCCipher **cipher, size_t ulDataLen)
{
ECCCipher *ecc_cipher = NULL;
size_t len;
if (!cipher) {
SDFerr(SDF_F_SDF_NEWECCCIPHER, ERR_R_PASSED_NULL_PARAMETER);
return SDR_INARGERR;
}
if (!ulDataLen || ulDataLen > INT_MAX) {
SDFerr(SDF_F_SDF_NEWECCCIPHER,
SDF_R_INVALID_SM2_CIPHERTEXT_LENGTH);
return SDR_INARGERR;
}
len = sizeof(ECCCipher) - 1 + ulDataLen;
if (len < sizeof(SANSEC_ECCCipher)) {
len = sizeof(SANSEC_ECCCipher);
}
if (!(ecc_cipher = malloc(len))) {
SDFerr(SDF_F_SDF_NEWECCCIPHER, ERR_R_MALLOC_FAILURE);
return SDR_NOBUFFER;
}
memset(ecc_cipher, 0, sizeof(*ecc_cipher));
ecc_cipher->L = (unsigned int)ulDataLen;
*cipher = ecc_cipher;
return SDR_OK;
}
int SDF_FreeECCCipher(ECCCipher *cipher)
{
free(cipher);
return SDR_OK;
}

60
sdf/sdf_ext.h
View File

@@ -1,60 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef GMSSL_SDF_EXT_H
#define GMSSL_SDF_EXT_H
#include <stdio.h>
#include <stdint.h>
#include "sgd.h"
#include "sdf.h"
#ifdef __cplusplus
extern "C" {
#endif
#define SDF_MIN_KEY_INDEX 1 /* defined by GM/T 0018 */
#define SDF_MAX_KEY_INDEX 32 /* defined by GmSSL */
#define SDF_MIN_PASSWORD_LENGTH 8 /* defined by GM/T 0018 */
#define SDF_MAX_PASSWORD_LENGTH 255 /* defined by GmSSL */
#define SDF_MAX_FILE_SIZE (256 * 1024)
int SDF_LoadLibrary(char *so_path, char *vendor);
int SDF_UnloadLibrary(void);
int SDF_ImportKey(void *hSessionHandle, unsigned char *pucKey,
unsigned int uiKeyLength, void **phKeyHandle);
int SDF_PrintDeviceInfo(FILE *out, DEVICEINFO *devInfo);
int SDF_PrintRSAPublicKey(FILE *out, RSArefPublicKey *ref);
int SDF_PrintRSAPrivateKey(FILE *out, RSArefPrivateKey *ref);
int SDF_PrintECCPublicKey(FILE *out, ECCrefPublicKey *ref);
int SDF_PrintECCPrivateKey(FILE *out, ECCrefPrivateKey *ref);
int SDF_NewECCCipher(ECCCipher **cipher, size_t ulDataLen);
int SDF_FreeECCCipher(ECCCipher *cipher);
int SDF_PrintECCCipher(FILE *out, ECCCipher *cipher);
int SDF_PrintECCSignature(FILE *out, ECCSignature *sig);
int SDF_GetErrorString(int err, char **str);
#ifdef __cplusplus
}
#endif
#endif

429
sdf/sdf_int.h
View File

@@ -1,429 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HEADER_SDF_METH_H
#define HEADER_SDF_METH_H
#include <openssl/sdf.h>
typedef int (*SDF_OpenDevice_FuncPtr)(
void **phDeviceHandle);
typedef int (*SDF_CloseDevice_FuncPtr)(
void *hDeviceHandle);
typedef int (*SDF_OpenSession_FuncPtr)(
void *hDeviceHandle,
void **phSessionHandle);
typedef int (*SDF_CloseSession_FuncPtr)(
void *hSessionHandle);
typedef int (*SDF_GetDeviceInfo_FuncPtr)(
void *hSessionHandle,
DEVICEINFO *pstDeviceInfo);
typedef int (*SDF_GenerateRandom_FuncPtr)(
void *hSessionHandle,
unsigned int uiLength,
unsigned char *pucRandom);
typedef int (*SDF_GetPrivateKeyAccessRight_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucPassword,
unsigned int uiPwdLength);
typedef int (*SDF_ReleasePrivateKeyAccessRight_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex);
typedef int (*SDF_ExportSignPublicKey_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey);
typedef int (*SDF_ExportEncPublicKey_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey);
typedef int (*SDF_GenerateKeyPair_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
RSArefPrivateKey *pucPrivateKey);
typedef int (*SDF_GenerateKeyWithIPK_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
typedef int (*SDF_GenerateKeyWithEPK_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyBits,
RSArefPublicKey *pucPublicKey,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
typedef int (*SDF_ImportKeyWithISK_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle);
typedef int (*SDF_ExchangeDigitEnvelopeBaseOnRSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDEInput,
unsigned int uiDELength,
unsigned char *pucDEOutput,
unsigned int *puiDELength);
typedef int (*SDF_ExportSignPublicKey_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey);
typedef int (*SDF_ExportEncPublicKey_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
ECCrefPublicKey *pucPublicKey);
typedef int (*SDF_GenerateKeyPair_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKeyBits,
ECCrefPublicKey *pucPublicKey,
ECCrefPrivateKey *pucPrivateKey);
typedef int (*SDF_GenerateKeyWithIPK_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiKeyBits,
ECCCipher *pucKey,
void **phKeyHandle);
typedef int (*SDF_GenerateKeyWithEPK_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucKey,
void **phKeyHandle);
typedef int (*SDF_ImportKeyWithISK_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
ECCCipher *pucKey,
void **phKeyHandle);
typedef int (*SDF_GenerateAgreementDataWithECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
void **phAgreementHandle);
typedef int (*SDF_GenerateKeyWithECC_FuncPtr)(
void *hSessionHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void *hAgreementHandle,
void **phKeyHandle);
typedef int (*SDF_GenerateAgreementDataAndKeyWithECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
ECCrefPublicKey *pucSponsorPublicKey,
ECCrefPublicKey *pucSponsorTmpPublicKey,
ECCrefPublicKey *pucResponsePublicKey,
ECCrefPublicKey *pucResponseTmpPublicKey,
void **phKeyHandle);
typedef int (*SDF_ExchangeDigitEnvelopeBaseOnECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
ECCCipher *pucEncDataIn,
ECCCipher *pucEncDataOut);
typedef int (*SDF_GenerateKeyWithKEK_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyBits,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int *puiKeyLength,
void **phKeyHandle);
typedef int (*SDF_ImportKeyWithKEK_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
unsigned int uiKEKIndex,
unsigned char *pucKey,
unsigned int uiKeyLength,
void **phKeyHandle);
typedef int (*SDF_DestroyKey_FuncPtr)(
void *hSessionHandle,
void *hKeyHandle);
typedef int (*SDF_ExternalPublicKeyOperation_RSA_FuncPtr)(
void *hSessionHandle,
RSArefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
typedef int (*SDF_InternalPublicKeyOperation_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
typedef int (*SDF_InternalPrivateKeyOperation_RSA_FuncPtr)(
void *hSessionHandle,
unsigned int uiKeyIndex,
unsigned char *pucDataInput,
unsigned int uiInputLength,
unsigned char *pucDataOutput,
unsigned int *puiOutputLength);
typedef int (*SDF_ExternalVerify_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucDataInput,
unsigned int uiInputLength,
ECCSignature *pucSignature);
typedef int (*SDF_InternalSign_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature);
typedef int (*SDF_InternalVerify_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned char *pucData,
unsigned int uiDataLength,
ECCSignature *pucSignature);
typedef int (*SDF_ExternalEncrypt_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData);
typedef int (*SDF_ExternalDecrypt_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPrivateKey *pucPrivateKey,
ECCCipher *pucEncData,
unsigned char *pucData,
unsigned int *puiDataLength);
typedef int (*SDF_InternalEncrypt_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiIPKIndex,
unsigned int uiAlgID,
unsigned char *pucData,
unsigned int uiDataLength,
ECCCipher *pucEncData);
typedef int (*SDF_InternalDecrypt_ECC_FuncPtr)(
void *hSessionHandle,
unsigned int uiISKIndex,
unsigned int uiAlgID,
ECCCipher *pucEncData,
unsigned char *pucData,
unsigned int *puiDataLength);
typedef int (*SDF_Encrypt_FuncPtr)(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucEncData,
unsigned int *puiEncDataLength);
typedef int (*SDF_Decrypt_FuncPtr)(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucEncData,
unsigned int uiEncDataLength,
unsigned char *pucData,
unsigned int *puiDataLength);
typedef int (*SDF_CalculateMAC_FuncPtr)(
void *hSessionHandle,
void *hKeyHandle,
unsigned int uiAlgID,
unsigned char *pucIV,
unsigned char *pucData,
unsigned int uiDataLength,
unsigned char *pucMAC,
unsigned int *puiMACLength);
typedef int (*SDF_HashInit_FuncPtr)(
void *hSessionHandle,
unsigned int uiAlgID,
ECCrefPublicKey *pucPublicKey,
unsigned char *pucID,
unsigned int uiIDLength);
typedef int (*SDF_HashUpdate_FuncPtr)(
void *hSessionHandle,
unsigned char *pucData,
unsigned int uiDataLength);
typedef int (*SDF_HashFinal_FuncPtr)(void *hSessionHandle,
unsigned char *pucHash,
unsigned int *puiHashLength);
typedef int (*SDF_CreateObject_FuncPtr)(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiFileSize);
typedef int (*SDF_ReadObject_FuncPtr)(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int *puiReadLength,
unsigned char *pucBuffer);
typedef int (*SDF_WriteObject_FuncPtr)(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen,
unsigned int uiOffset,
unsigned int uiWriteLength,
unsigned char *pucBuffer);
typedef int (*SDF_DeleteObject_FuncPtr)(
void *hSessionHandle,
unsigned char *pucFileName,
unsigned int uiNameLen);
typedef struct sdf_method_st {
char *name;
void *dso;
SDF_OpenDevice_FuncPtr OpenDevice;
SDF_CloseDevice_FuncPtr CloseDevice;
SDF_OpenSession_FuncPtr OpenSession;
SDF_CloseSession_FuncPtr CloseSession;
SDF_GetDeviceInfo_FuncPtr GetDeviceInfo;
SDF_GenerateRandom_FuncPtr GenerateRandom;
SDF_GetPrivateKeyAccessRight_FuncPtr GetPrivateKeyAccessRight;
SDF_ReleasePrivateKeyAccessRight_FuncPtr ReleasePrivateKeyAccessRight;
SDF_ExportSignPublicKey_RSA_FuncPtr ExportSignPublicKey_RSA;
SDF_ExportEncPublicKey_RSA_FuncPtr ExportEncPublicKey_RSA;
SDF_GenerateKeyPair_RSA_FuncPtr GenerateKeyPair_RSA;
SDF_GenerateKeyWithIPK_RSA_FuncPtr GenerateKeyWithIPK_RSA;
SDF_GenerateKeyWithEPK_RSA_FuncPtr GenerateKeyWithEPK_RSA;
SDF_ImportKeyWithISK_RSA_FuncPtr ImportKeyWithISK_RSA;
SDF_ExchangeDigitEnvelopeBaseOnRSA_FuncPtr ExchangeDigitEnvelopeBaseOnRSA;
SDF_ExportSignPublicKey_ECC_FuncPtr ExportSignPublicKey_ECC;
SDF_ExportEncPublicKey_ECC_FuncPtr ExportEncPublicKey_ECC;
SDF_GenerateKeyPair_ECC_FuncPtr GenerateKeyPair_ECC;
SDF_GenerateKeyWithIPK_ECC_FuncPtr GenerateKeyWithIPK_ECC;
SDF_GenerateKeyWithEPK_ECC_FuncPtr GenerateKeyWithEPK_ECC;
SDF_ImportKeyWithISK_ECC_FuncPtr ImportKeyWithISK_ECC;
SDF_GenerateAgreementDataWithECC_FuncPtr GenerateAgreementDataWithECC;
SDF_GenerateKeyWithECC_FuncPtr GenerateKeyWithECC;
SDF_GenerateAgreementDataAndKeyWithECC_FuncPtr GenerateAgreementDataAndKeyWithECC;
SDF_ExchangeDigitEnvelopeBaseOnECC_FuncPtr ExchangeDigitEnvelopeBaseOnECC;
SDF_GenerateKeyWithKEK_FuncPtr GenerateKeyWithKEK;
SDF_ImportKeyWithKEK_FuncPtr ImportKeyWithKEK;
SDF_DestroyKey_FuncPtr DestroyKey;
SDF_ExternalPublicKeyOperation_RSA_FuncPtr ExternalPublicKeyOperation_RSA;
SDF_InternalPublicKeyOperation_RSA_FuncPtr InternalPublicKeyOperation_RSA;
SDF_InternalPrivateKeyOperation_RSA_FuncPtr InternalPrivateKeyOperation_RSA;
SDF_ExternalVerify_ECC_FuncPtr ExternalVerify_ECC;
SDF_InternalSign_ECC_FuncPtr InternalSign_ECC;
SDF_InternalVerify_ECC_FuncPtr InternalVerify_ECC;
SDF_ExternalEncrypt_ECC_FuncPtr ExternalEncrypt_ECC;
SDF_ExternalDecrypt_ECC_FuncPtr ExternalDecrypt_ECC;
SDF_InternalEncrypt_ECC_FuncPtr InternalEncrypt_ECC;
SDF_InternalDecrypt_ECC_FuncPtr InternalDecrypt_ECC;
SDF_Encrypt_FuncPtr Encrypt;
SDF_Decrypt_FuncPtr Decrypt;
SDF_CalculateMAC_FuncPtr CalculateMAC;
SDF_HashInit_FuncPtr HashInit;
SDF_HashUpdate_FuncPtr HashUpdate;
SDF_HashFinal_FuncPtr HashFinal;
SDF_CreateObject_FuncPtr CreateObject;
SDF_ReadObject_FuncPtr ReadObject;
SDF_WriteObject_FuncPtr WriteObject;
SDF_DeleteObject_FuncPtr DeleteObject;
} SDF_METHOD;
SDF_METHOD *SDF_METHOD_load_library(const char *so_path);
void SDF_METHOD_free(SDF_METHOD *meth);
typedef struct sdf_vendor_st {
char *name;
unsigned int (*cipher_vendor2std)(unsigned int vendor_id);
unsigned int (*cipher_std2vendor)(unsigned int std_id);
unsigned int (*cipher_cap)(unsigned int vendor_cap);
unsigned int (*digest_vendor2std)(unsigned int vendor_id);
unsigned int (*digest_std2vendor)(unsigned int std_id);
unsigned int (*digest_cap)(unsigned int vendor_cap);
unsigned int (*pkey_vendor2std)(unsigned int vendor_id);
unsigned int (*pkey_std2vendor)(unsigned int std_id);
unsigned int (*pkey_cap)(unsigned int vendor_cap);
int (*encode_ecccipher)(const ECCCipher *a, void *buf);
int (*decode_ecccipher)(ECCCipher *a, const void *buf);
unsigned long (*get_error_reason)(int err);
} SDF_VENDOR;
#endif

1575
sdf/sdf_lib.c
View File

File diff suppressed because it is too large Load Diff

110
sdf/sdf_meth.c
View File

@@ -1,110 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dlfcn.h>
#include "sdf_int.h"
#define SDFerr(a,b)
#define SDF_METHOD_BIND_FUNCTION_EX(func,name) \
sdf->func = (SDF_##func##_FuncPtr)dlsym(sdf->dso, "SDF_"#name)
#define SDF_METHOD_BIND_FUNCTION(func) \
SDF_METHOD_BIND_FUNCTION_EX(func,func)
SDF_METHOD *SDF_METHOD_load_library(const char *so_path)
{
SDF_METHOD *ret = NULL;
SDF_METHOD *sdf = NULL;
if (!(sdf = malloc(sizeof(*sdf)))) {
SDFerr(SDF_F_SDF_METHOD_LOAD_LIBRARY, ERR_R_MALLOC_FAILURE);
goto end;
}
memset(sdf, 0, sizeof(*sdf));
if (!(sdf->dso = dlopen(so_path, 0))) {
SDFerr(SDF_F_SDF_METHOD_LOAD_LIBRARY, SDF_R_DSO_LOAD_FAILURE);
goto end;
}
SDF_METHOD_BIND_FUNCTION(OpenDevice);
SDF_METHOD_BIND_FUNCTION(CloseDevice);
SDF_METHOD_BIND_FUNCTION(OpenSession);
SDF_METHOD_BIND_FUNCTION(CloseSession);
SDF_METHOD_BIND_FUNCTION(GetDeviceInfo);
SDF_METHOD_BIND_FUNCTION(GenerateRandom);
SDF_METHOD_BIND_FUNCTION(GetPrivateKeyAccessRight);
SDF_METHOD_BIND_FUNCTION(ReleasePrivateKeyAccessRight);
SDF_METHOD_BIND_FUNCTION(ExportSignPublicKey_RSA);
SDF_METHOD_BIND_FUNCTION(ExportEncPublicKey_RSA);
SDF_METHOD_BIND_FUNCTION(GenerateKeyPair_RSA);
SDF_METHOD_BIND_FUNCTION(GenerateKeyWithIPK_RSA);
SDF_METHOD_BIND_FUNCTION(GenerateKeyWithEPK_RSA);
SDF_METHOD_BIND_FUNCTION(ImportKeyWithISK_RSA);
SDF_METHOD_BIND_FUNCTION(ExchangeDigitEnvelopeBaseOnRSA);
SDF_METHOD_BIND_FUNCTION(ExportSignPublicKey_ECC);
SDF_METHOD_BIND_FUNCTION(ExportEncPublicKey_ECC);
SDF_METHOD_BIND_FUNCTION(GenerateKeyPair_ECC);
SDF_METHOD_BIND_FUNCTION(GenerateKeyWithIPK_ECC);
SDF_METHOD_BIND_FUNCTION(GenerateKeyWithEPK_ECC);
SDF_METHOD_BIND_FUNCTION(ImportKeyWithISK_ECC);
SDF_METHOD_BIND_FUNCTION(GenerateAgreementDataWithECC);
SDF_METHOD_BIND_FUNCTION(GenerateKeyWithECC);
SDF_METHOD_BIND_FUNCTION(GenerateAgreementDataAndKeyWithECC);
SDF_METHOD_BIND_FUNCTION(ExchangeDigitEnvelopeBaseOnECC);
SDF_METHOD_BIND_FUNCTION(GenerateKeyWithKEK);
SDF_METHOD_BIND_FUNCTION(ImportKeyWithKEK);
SDF_METHOD_BIND_FUNCTION(DestroyKey);
SDF_METHOD_BIND_FUNCTION(ExternalPublicKeyOperation_RSA);
//SDF_METHOD_BIND_FUNCTION(InternalPublicKeyOperation_RSA);
SDF_METHOD_BIND_FUNCTION(InternalPrivateKeyOperation_RSA);
SDF_METHOD_BIND_FUNCTION(ExternalVerify_ECC);
SDF_METHOD_BIND_FUNCTION(InternalSign_ECC);
SDF_METHOD_BIND_FUNCTION(InternalVerify_ECC);
SDF_METHOD_BIND_FUNCTION(ExternalEncrypt_ECC);
//SDF_METHOD_BIND_FUNCTION(ExternalDecrypt_ECC);
SDF_METHOD_BIND_FUNCTION(InternalEncrypt_ECC);
SDF_METHOD_BIND_FUNCTION(InternalDecrypt_ECC);
SDF_METHOD_BIND_FUNCTION(Encrypt);
SDF_METHOD_BIND_FUNCTION(Decrypt);
SDF_METHOD_BIND_FUNCTION(CalculateMAC);
SDF_METHOD_BIND_FUNCTION(HashInit);
SDF_METHOD_BIND_FUNCTION(HashUpdate);
SDF_METHOD_BIND_FUNCTION(HashFinal);
SDF_METHOD_BIND_FUNCTION_EX(CreateObject,CreateFile);
SDF_METHOD_BIND_FUNCTION_EX(ReadObject,ReadFile);
SDF_METHOD_BIND_FUNCTION_EX(WriteObject,WriteFile);
SDF_METHOD_BIND_FUNCTION_EX(DeleteObject,DeleteFile);
ret = sdf;
sdf = NULL;
end:
SDF_METHOD_free(sdf);
return ret;
}
void SDF_METHOD_free(SDF_METHOD *meth)
{
if (meth) dlclose(meth->dso);
free(meth);
}

338
sdf/sdf_sansec.c
View File

@@ -1,338 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <string.h>
#include "sdf.h"
#include "sdf_int.h"
#include "sdf_sansec.h"
#define SDFerr(a,b)
typedef struct {
unsigned int std_id;
unsigned int vendor_id;
} SDF_ALGOR_PAIR;
static SDF_ALGOR_PAIR sansec_ciphers[] = {
{ SGD_SM1, SANSEC_SM1 },
{ SGD_SM1_ECB, SANSEC_SM1_ECB },
{ SGD_SM1_CBC, SANSEC_SM1_CBC },
{ SGD_SM1_CFB, SANSEC_SM1_CFB },
{ SGD_SM1_OFB, SANSEC_SM1_OFB },
{ SGD_SM1_MAC, SANSEC_SM1_MAC },
{ SGD_SM4, SANSEC_SM4 },
{ SGD_SM4_ECB, SANSEC_SM4_ECB },
{ SGD_SM4_CBC, SANSEC_SM4_CBC },
{ SGD_SM4_CFB, SANSEC_SM4_CFB },
{ SGD_SM4_OFB, SANSEC_SM4_OFB },
{ SGD_SM4_MAC, SANSEC_SM4_MAC },
{ SGD_SSF33, SANSEC_SSF33 },
{ SGD_SSF33_ECB, SANSEC_SSF33_ECB },
{ SGD_SSF33_CBC, SANSEC_SSF33_CBC },
{ SGD_SSF33_CFB, SANSEC_SSF33_CFB },
{ SGD_SSF33_OFB, SANSEC_SSF33_OFB },
{ SGD_SSF33_MAC, SANSEC_SSF33_MAC },
{ 0, SANSEC_AES },
{ 0, SANSEC_AES_ECB },
{ 0, SANSEC_AES_CBC },
{ 0, SANSEC_AES_CFB },
{ 0, SANSEC_AES_OFB },
{ 0, SANSEC_AES_MAC },
{ 0, SANSEC_DES },
{ 0, SANSEC_DES_ECB },
{ 0, SANSEC_DES_CBC },
{ 0, SANSEC_DES_CFB },
{ 0, SANSEC_DES_OFB },
{ 0, SANSEC_DES_MAC },
{ 0, SANSEC_3DES },
{ 0, SANSEC_3DES_ECB },
{ 0, SANSEC_3DES_CBC },
{ 0, SANSEC_3DES_CFB },
{ 0, SANSEC_3DES_OFB },
{ 0, SANSEC_3DES_MAC },
};
static unsigned int sansec_cipher_vendor2std(unsigned int vendor_id)
{
size_t i;
for (i = 0; i < sizeof(sansec_ciphers)/sizeof(sansec_ciphers[0]); i++) {
if (vendor_id == sansec_ciphers[i].vendor_id) {
return sansec_ciphers[i].std_id;
}
}
return 0;
}
static unsigned int sansec_cipher_std2vendor(unsigned int std_id)
{
size_t i;
for (i = 0; i < sizeof(sansec_ciphers)/sizeof(sansec_ciphers[0]); i++) {
if (std_id == sansec_ciphers[i].std_id) {
return sansec_ciphers[i].vendor_id;
}
}
return 0;
}
static unsigned int sansec_cipher_cap(unsigned int vendor_cap)
{
unsigned int std_cap = 0;
size_t i;
for (i = 0; i < sizeof(sansec_ciphers)/sizeof(sansec_ciphers[0]); i++) {
if (vendor_cap & sansec_ciphers[i].vendor_id) {
std_cap |= sansec_ciphers[i].std_id;
}
}
return std_cap;
}
static SDF_ALGOR_PAIR sansec_digests[] = {
{ SGD_SM3, SANSEC_SM3 },
{ SGD_SHA1, SANSEC_SHA1 },
{ SGD_SHA256, SANSEC_SHA256 },
{ 0, SANSEC_SHA512 },
{ 0, SANSEC_SHA384 },
{ 0, SANSEC_SHA224 },
{ 0, SANSEC_MD5 },
};
static unsigned int sansec_digest_vendor2std(unsigned int vendor_id)
{
size_t i;
for (i = 0; i < sizeof(sansec_digests)/sizeof(sansec_digests[0]); i++) {
if (vendor_id == sansec_digests[i].vendor_id) {
return sansec_digests[i].std_id;
}
}
return 0;
}
static unsigned int sansec_digest_std2vendor(unsigned int std_id)
{
size_t i;
for (i = 0; i < sizeof(sansec_digests)/sizeof(sansec_digests[0]); i++) {
if (std_id == sansec_digests[i].std_id) {
return sansec_digests[i].vendor_id;
}
}
return 0;
}
static unsigned int sansec_digest_cap(unsigned int vendor_cap)
{
unsigned int std_cap = 0;
size_t i;
for (i = 0; i < sizeof(sansec_digests)/sizeof(sansec_digests[0]); i++) {
if (vendor_cap & sansec_digests[i].vendor_id) {
std_cap |= sansec_digests[i].std_id;
}
}
return std_cap;
}
static SDF_ALGOR_PAIR sansec_pkeys[] = {
{ SGD_RSA,SANSEC_RSA },
{ SGD_RSA_SIGN,SANSEC_RSA_SIGN },
{ SGD_RSA_ENC,SANSEC_RSA_ENC },
{ SGD_SM2,SANSEC_SM2 },
{ SGD_SM2_1,SANSEC_SM2_1 },
{ SGD_SM2_2,SANSEC_SM2_2 },
{ SGD_SM2_3,SANSEC_SM2_3 },
};
static unsigned int sansec_pkey_vendor2std(unsigned int vendor_id)
{
size_t i;
for (i = 0; i < sizeof(sansec_pkeys)/sizeof(sansec_pkeys[0]); i++) {
if (vendor_id == sansec_pkeys[i].vendor_id) {
return sansec_pkeys[i].std_id;
}
}
return 0;
}
static unsigned int sansec_pkey_std2vendor(unsigned int std_id)
{
size_t i;
for (i = 0; i < sizeof(sansec_pkeys)/sizeof(sansec_pkeys[0]); i++) {
if (std_id == sansec_pkeys[i].std_id) {
return sansec_pkeys[i].vendor_id;
}
}
return 0;
}
static unsigned int sansec_pkey_cap(unsigned int vendor_cap)
{
unsigned int std_cap = 0;
size_t i;
for (i = 0; i < sizeof(sansec_pkeys)/sizeof(sansec_pkeys[0]); i++) {
if (vendor_cap & sansec_pkeys[i].vendor_id) {
std_cap |= sansec_pkeys[i].std_id;
}
}
return std_cap;
}
static int sansec_encode_ecccipher(const ECCCipher *ec, void *vendor)
{
int ret;
SANSEC_ECCCipher *sansec = vendor;
ret = sizeof(SANSEC_ECCCipher);
if (ec->L > sizeof(sansec->C)) {
SDFerr(SDF_F_SANSEC_ENCODE_ECCCIPHER,
SDF_R_INVALID_SANSEC_ECCCIPHER_LENGTH);
return 0;
}
if (vendor) {
sansec->clength = ec->L;
memcpy(sansec->x, ec->x, sizeof(ec->x));
memcpy(sansec->y, ec->y, sizeof(ec->y));
memcpy(sansec->M, ec->M, sizeof(ec->M));
memset(sansec->M + sizeof(ec->M), 0, sizeof(sansec->M) - sizeof(ec->M));
memcpy(sansec->C, ec->C, ec->L);
memset(sansec->C + ec->L, 0, sizeof(sansec->C) - ec->L);
}
return ret;
}
static int sansec_decode_ecccipher(ECCCipher *ec, const void *vendor)
{
int ret;
const SANSEC_ECCCipher *sansec = vendor;
ret = sizeof(ECCCipher) -1 + sansec->clength;
if (sansec->clength > sizeof(sansec->C)) {
SDFerr(SDF_F_SANSEC_DECODE_ECCCIPHER,
SDF_R_INVALID_SANSEC_ECCCIPHER_LENGTH);
return 0;
}
if (ec) {
memcpy(ec->x, sansec->x, sizeof(ec->x));
memcpy(ec->y, sansec->y, sizeof(ec->y));
memcpy(ec->M, sansec->M, sizeof(ec->M));
ec->L = sansec->clength;
memcpy(ec->C, sansec->C, sansec->clength);
}
return ret;
}
/*
static SDF_ERR_REASON sansec_errors[] = {
{ SANSEC_BASE, SDF_R_SANSEC_BASE },
{ SANSEC_INVALID_USER, SDF_R_SANSEC_INVALID_USER },
{ SANSEC_INVALID_AUTHENCODE, SDF_R_SANSEC_INVALID_AUTHENCODE },
{ SANSEC_PROTOCOL_VERSION_ERROR, SDF_R_SANSEC_PROTOCOL_VERSION_ERROR },
{ SANSEC_INVALID_COMMAND, SDF_R_SANSEC_INVALID_COMMAND },
{ SANSEC_INVALID_PARAMETERS, SDF_R_SANSEC_INVALID_PARAMETERS },
{ SANSEC_FILE_ALREADY_EXIST, SDF_R_SANSEC_FILE_ALREADY_EXIST },
{ SANSEC_SYNC_ERROR, SDF_R_SANSEC_SYNC_ERROR },
{ SANSEC_SYNC_LOGIN_ERROR, SDF_R_SANSEC_SYNC_LOGIN_ERROR },
{ SANSEC_SOCKET_TIMEOUT, SDF_R_SANSEC_SOCKET_TIMEOUT },
{ SANSEC_CONNECT_ERROR, SDF_R_SANSEC_CONNECT_ERROR },
{ SANSEC_SET_SOCKET_OPTION_ERROR, SDF_R_SANSEC_SET_SOCKET_OPTION_ERROR },
{ SANSEC_SOCKET_SEND_ERROR, SDF_R_SANSEC_SOCKET_SEND_ERROR },
{ SANSEC_SOCKET_RECV_ERROR, SDF_R_SANSEC_SOCKET_RECV_ERROR },
{ SANSEC_SOCKET_RECV_0, SDF_R_SANSEC_SOCKET_RECV_0 },
{ SANSEC_SEM_TIMEOUT, SDF_R_SANSEC_SEM_TIMEOUT },
{ SANSEC_NO_AVAILABLE_HSM, SDF_R_SANSEC_NO_AVAILABLE_HSM },
{ SANSEC_NO_AVAILABLE_CSM, SDF_R_SANSEC_NO_AVAILABLE_CSM },
{ SANSEC_CONFIG_ERROR, SDF_R_SANSEC_CONFIG_ERROR },
{ SANSEC_CARD_BASE, SDF_R_SANSEC_CARD_BASE },
{ SANSEC_CARD_UNKNOW_ERROR, SDF_R_SANSEC_CARD_UNKNOW_ERROR },
{ SANSEC_CARD_NOT_SUPPORTED, SDF_R_SANSEC_CARD_NOT_SUPPORTED },
{ SANSEC_CARD_COMMMUCATION_FAILED, SDF_R_SANSEC_CARD_COMMMUCATION_FAILED },
{ SANSEC_CARD_HARDWARE_FAILURE, SDF_R_SANSEC_CARD_HARDWARE_FAILURE },
{ SANSEC_CARD_OPEN_DEVICE_FAILED, SDF_R_SANSEC_CARD_OPEN_DEVICE_FAILED },
{ SANSEC_CARD_OPEN_SESSION_FAILED, SDF_R_SANSEC_CARD_OPEN_SESSION_FAILED },
{ SANSEC_CARD_PRIVATE_KEY_ACCESS_DENYED, SDF_R_SANSEC_CARD_PRIVATE_KEY_ACCESS_DENYED },
{ SANSEC_CARD_KEY_NOT_EXIST, SDF_R_SANSEC_CARD_KEY_NOT_EXIST },
{ SANSEC_CARD_ALGOR_NOT_SUPPORTED, SDF_R_SANSEC_CARD_ALGOR_NOT_SUPPORTED },
{ SANSEC_CARD_ALG_MODE_NOT_SUPPORTED, SDF_R_SANSEC_CARD_ALG_MODE_NOT_SUPPORTED },
{ SANSEC_CARD_PUBLIC_KEY_OPERATION_ERROR, SDF_R_SANSEC_CARD_PUBLIC_KEY_OPERATION_ERROR },
{ SANSEC_CARD_PRIVATE_KEY_OPERATION_ERROR, SDF_R_SANSEC_CARD_PRIVATE_KEY_OPERATION_ERROR },
{ SANSEC_CARD_SIGN_ERROR, SDF_R_SANSEC_CARD_SIGN_ERROR },
{ SANSEC_CARD_VERIFY_ERROR, SDF_R_SANSEC_CARD_VERIFY_ERROR },
{ SANSEC_CARD_SYMMETRIC_ALGOR_ERROR, SDF_R_SANSEC_CARD_SYMMETRIC_ALGOR_ERROR },
{ SANSEC_CARD_STEP_ERROR, SDF_R_SANSEC_CARD_STEP_ERROR },
{ SANSEC_CARD_FILE_SIZE_ERROR, SDF_R_SANSEC_CARD_FILE_SIZE_ERROR },
{ SANSEC_CARD_FILE_NOT_EXIST, SDF_R_SANSEC_CARD_FILE_NOT_EXIST },
{ SANSEC_CARD_FILE_OFFSET_ERROR, SDF_R_SANSEC_CARD_FILE_OFFSET_ERROR },
{ SANSEC_CARD_KEY_TYPE_ERROR, SDF_R_SANSEC_CARD_KEY_TYPE_ERROR },
{ SANSEC_CARD_KEY_ERROR, SDF_R_SANSEC_CARD_KEY_ERROR },
{ SANSEC_CARD_BUFFER_TOO_SMALL, SDF_R_SANSEC_CARD_BUFFER_TOO_SMALL },
{ SANSEC_CARD_DATA_PADDING_ERROR, SDF_R_SANSEC_CARD_DATA_PADDING_ERROR },
{ SANSEC_CARD_DATA_SIZE, SDF_R_SANSEC_CARD_DATA_SIZE },
{ SANSEC_CARD_CRYPTO_NOT_INITED, SDF_R_SANSEC_CARD_CRYPTO_NOT_INITED },
{ SANSEC_CARD_MANAGEMENT_DENYED, SDF_R_SANSEC_CARD_MANAGEMENT_DENYED },
{ SANSEC_CARD_OPERATION_DENYED, SDF_R_SANSEC_CARD_OPERATION_DENYED },
{ SANSEC_CARD_DEVICE_STATUS_ERROR, SDF_R_SANSEC_CARD_DEVICE_STATUS_ERROR },
{ SANSEC_CARD_LOGIN_ERROR, SDF_R_SANSEC_CARD_LOGIN_ERROR },
{ SANSEC_CARD_USERID_ERROR, SDF_R_SANSEC_CARD_USERID_ERROR },
{ SANSEC_CARD_PARAMENT_ERROR, SDF_R_SANSEC_CARD_PARAMENT_ERROR },
{ SANSEC_CARD_MANAGEMENT_DENYED_05, SDF_R_SANSEC_CARD_MANAGEMENT_DENYED_05 },
{ SANSEC_CARD_OPERATION_DENYED_05, SDF_R_SANSEC_CARD_OPERATION_DENYED_05 },
{ SANSEC_CARD_DEVICE_STATUS_ERROR_05, SDF_R_SANSEC_CARD_DEVICE_STATUS_ERROR_05 },
{ SANSEC_CARD_LOGIN_ERROR_05, SDF_R_SANSEC_CARD_LOGIN_ERROR_05 },
{ SANSEC_CARD_USERID_ERROR_05, SDF_R_SANSEC_CARD_USERID_ERROR_05 },
{ SANSEC_CARD_PARAMENT_ERROR_05, SDF_R_SANSEC_CARD_PARAMENT_ERROR_05 },
{ SANSEC_CARD_READER_BASE, SDF_R_SANSEC_CARD_READER_BASE },
{ SANSEC_CARD_READER_PIN_ERROR, SDF_R_SANSEC_CARD_READER_PIN_ERROR },
{ SANSEC_CARD_READER_NO_CARD, SDF_R_SANSEC_CARD_READER_NO_CARD },
{ SANSEC_CARD_READER_CARD_INSERT, SDF_R_SANSEC_CARD_READER_CARD_INSERT },
{ SANSEC_CARD_READER_CARD_INSERT_TYPE, SDF_R_SANSEC_CARD_READER_CARD_INSERT_TYPE },
};
*/
static unsigned long sansec_get_error_reason(int err)
{
/*
size_t i = 0;
for (i = 0; i < OSSL_NELEM(sansec_errors); i++) {
if (err == sansec_errors[i].err) {
return sansec_errors[i].reason;
}
}
*/
return 0;
}
SDF_VENDOR sdf_sansec = {
"sansec",
sansec_cipher_vendor2std,
sansec_cipher_std2vendor,
sansec_cipher_cap,
sansec_digest_vendor2std,
sansec_digest_std2vendor,
sansec_digest_cap,
sansec_pkey_vendor2std,
sansec_pkey_std2vendor,
sansec_pkey_cap,
sansec_encode_ecccipher,
sansec_decode_ecccipher,
sansec_get_error_reason,
};

159
sdf/sdf_sansec.h
View File

@@ -1,159 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef GMSSL_SDF_SANSEC_H
#define GMSSL_SDF_SANSEC_H
#include "sgd.h"
#ifdef __cplusplus
extern "C" {
#endif
#define SANSEC_SM1 (SGD_SM1)
#define SANSEC_SM1_ECB (SANSEC_SM1|SGD_ECB)
#define SANSEC_SM1_CBC (SANSEC_SM1|SGD_CBC)
#define SANSEC_SM1_CFB (SANSEC_SM1|SGD_CFB)
#define SANSEC_SM1_OFB (SANSEC_SM1|SGD_OFB)
#define SANSEC_SM1_MAC (SANSEC_SM1|SGD_MAC)
#define SANSEC_SM4 0x00002000
#define SANSEC_SM4_ECB (SANSEC_SM4|SGD_ECB)
#define SANSEC_SM4_CBC (SANSEC_SM4|SGD_CBC)
#define SANSEC_SM4_CFB (SANSEC_SM4|SGD_CFB)
#define SANSEC_SM4_OFB (SANSEC_SM4|SGD_OFB)
#define SANSEC_SM4_MAC (SANSEC_SM4|SGD_MAC)
#define SANSEC_SSF33 (SGD_SSF33)
#define SANSEC_SSF33_ECB (SANSEC_SSF33|SGD_ECB)
#define SANSEC_SSF33_CBC (SANSEC_SSF33|SGD_CBC)
#define SANSEC_SSF33_CFB (SANSEC_SSF33|SGD_CFB)
#define SANSEC_SSF33_OFB (SANSEC_SSF33|SGD_OFB)
#define SANSEC_SSF33_MAC (SANSEC_SSF33|SGD_MAC)
#define SANSEC_AES 0x00000400
#define SANSEC_AES_ECB (SANSEC_AES|SGD_ECB)
#define SANSEC_AES_CBC (SANSEC_AES|SGD_CBC)
#define SANSEC_AES_CFB (SANSEC_AES|SGD_CFB)
#define SANSEC_AES_OFB (SANSEC_AES|SGD_OFB)
#define SANSEC_AES_MAC (SANSEC_AES|SGD_MAC)
#define SANSEC_DES 0x00004000
#define SANSEC_DES_ECB (SANSEC_DES|SGD_ECB)
#define SANSEC_DES_CBC (SANSEC_DES|SGD_CBC)
#define SANSEC_DES_CFB (SANSEC_DES|SGD_CFB)
#define SANSEC_DES_OFB (SANSEC_DES|SGD_OFB)
#define SANSEC_DES_MAC (SANSEC_DES|SGD_MAC)
#define SANSEC_3DES 0x00000800
#define SANSEC_3DES_ECB (SANSEC_3DES|SGD_ECB)
#define SANSEC_3DES_CBC (SANSEC_3DES|SGD_CBC)
#define SANSEC_3DES_CFB (SANSEC_3DES|SGD_CFB)
#define SANSEC_3DES_OFB (SANSEC_3DES|SGD_OFB)
#define SANSEC_3DES_MAC (SANSEC_3DES|SGD_MAC)
#define SANSEC_SM3 (SGD_SM3)
#define SANSEC_SHA1 (SGD_SHA1)
#define SANSEC_SHA256 (SGD_SHA256)
#define SANSEC_SHA512 0x00000008
#define SANSEC_SHA384 0x00000010
#define SANSEC_SHA224 0x00000020
#define SANSEC_MD5 0x00000080
#define SANSEC_RSA (SGD_RSA)
#define SANSEC_RSA_SIGN (SGD_RSA_SIGN)
#define SANSEC_RSA_ENC 0x00010200
#define SANSEC_SM2 (SGD_SM2)
#define SANSEC_SM2_1 (SGD_SM2_1)
#define SANSEC_SM2_2 (SGD_SM2_2)
#define SANSEC_SM2_3 (SGD_SM2_3)
#define SANSEC_BASE (SDR_BASE + 0x00010000)
#define SANSEC_INVALID_USER (SANSEC_BASE + 0x00000001)
#define SANSEC_INVALID_AUTHENCODE (SANSEC_BASE + 0x00000002)
#define SANSEC_PROTOCOL_VERSION_ERROR (SANSEC_BASE + 0x00000003)
#define SANSEC_INVALID_COMMAND (SANSEC_BASE + 0x00000004)
#define SANSEC_INVALID_PARAMETERS (SANSEC_BASE + 0x00000005)
#define SANSEC_FILE_ALREADY_EXIST (SANSEC_BASE + 0x00000006)
#define SANSEC_SYNC_ERROR (SANSEC_BASE + 0x00000007)
#define SANSEC_SYNC_LOGIN_ERROR (SANSEC_BASE + 0x00000008)
#define SANSEC_SOCKET_TIMEOUT (SANSEC_BASE + 0x00000100)
#define SANSEC_CONNECT_ERROR (SANSEC_BASE + 0x00000101)
#define SANSEC_SET_SOCKET_OPTION_ERROR (SANSEC_BASE + 0x00000102)
#define SANSEC_SOCKET_SEND_ERROR (SANSEC_BASE + 0x00000104)
#define SANSEC_SOCKET_RECV_ERROR (SANSEC_BASE + 0x00000105)
#define SANSEC_SOCKET_RECV_0 (SANSEC_BASE + 0x00000106)
#define SANSEC_SEM_TIMEOUT (SANSEC_BASE + 0x00000200)
#define SANSEC_NO_AVAILABLE_HSM (SANSEC_BASE + 0x00000201)
#define SANSEC_NO_AVAILABLE_CSM (SANSEC_BASE + 0x00000202)
#define SANSEC_CONFIG_ERROR (SANSEC_BASE + 0x00000301)
#define SANSEC_CARD_BASE (SDR_BASE + 0x00020000)
#define SANSEC_CARD_UNKNOW_ERROR (SANSEC_CARD_BASE + 0x00000001)
#define SANSEC_CARD_NOT_SUPPORTED (SANSEC_CARD_BASE + 0x00000002)
#define SANSEC_CARD_COMMMUCATION_FAILED (SANSEC_CARD_BASE + 0x00000003)
#define SANSEC_CARD_HARDWARE_FAILURE (SANSEC_CARD_BASE + 0x00000004)
#define SANSEC_CARD_OPEN_DEVICE_FAILED (SANSEC_CARD_BASE + 0x00000005)
#define SANSEC_CARD_OPEN_SESSION_FAILED (SANSEC_CARD_BASE + 0x00000006)
#define SANSEC_CARD_PRIVATE_KEY_ACCESS_DENYED (SANSEC_CARD_BASE + 0x00000007)
#define SANSEC_CARD_KEY_NOT_EXIST (SANSEC_CARD_BASE + 0x00000008)
#define SANSEC_CARD_ALGOR_NOT_SUPPORTED (SANSEC_CARD_BASE + 0x00000009)
#define SANSEC_CARD_ALG_MODE_NOT_SUPPORTED (SANSEC_CARD_BASE + 0x00000010)
#define SANSEC_CARD_PUBLIC_KEY_OPERATION_ERROR (SANSEC_CARD_BASE + 0x00000011)
#define SANSEC_CARD_PRIVATE_KEY_OPERATION_ERROR (SANSEC_CARD_BASE + 0x00000012)
#define SANSEC_CARD_SIGN_ERROR (SANSEC_CARD_BASE + 0x00000013)
#define SANSEC_CARD_VERIFY_ERROR (SANSEC_CARD_BASE + 0x00000014)
#define SANSEC_CARD_SYMMETRIC_ALGOR_ERROR (SANSEC_CARD_BASE + 0x00000015)
#define SANSEC_CARD_STEP_ERROR (SANSEC_CARD_BASE + 0x00000016)
#define SANSEC_CARD_FILE_SIZE_ERROR (SANSEC_CARD_BASE + 0x00000017)
#define SANSEC_CARD_FILE_NOT_EXIST (SANSEC_CARD_BASE + 0x00000018)
#define SANSEC_CARD_FILE_OFFSET_ERROR (SANSEC_CARD_BASE + 0x00000019)
#define SANSEC_CARD_KEY_TYPE_ERROR (SANSEC_CARD_BASE + 0x00000020)
#define SANSEC_CARD_KEY_ERROR (SANSEC_CARD_BASE + 0x00000021)
#define SANSEC_CARD_BUFFER_TOO_SMALL (SANSEC_CARD_BASE + 0x00000101)
#define SANSEC_CARD_DATA_PADDING_ERROR (SANSEC_CARD_BASE + 0x00000102)
#define SANSEC_CARD_DATA_SIZE (SANSEC_CARD_BASE + 0x00000103)
#define SANSEC_CARD_CRYPTO_NOT_INITED (SANSEC_CARD_BASE + 0x00000104)
#define SANSEC_CARD_MANAGEMENT_DENYED (SANSEC_CARD_BASE + 0x00001001)
#define SANSEC_CARD_OPERATION_DENYED (SANSEC_CARD_BASE + 0x00001002)
#define SANSEC_CARD_DEVICE_STATUS_ERROR (SANSEC_CARD_BASE + 0x00001003)
#define SANSEC_CARD_LOGIN_ERROR (SANSEC_CARD_BASE + 0x00001011)
#define SANSEC_CARD_USERID_ERROR (SANSEC_CARD_BASE + 0x00001012)
#define SANSEC_CARD_PARAMENT_ERROR (SANSEC_CARD_BASE + 0x00001013)
#define SANSEC_CARD_MANAGEMENT_DENYED_05 (SANSEC_CARD_BASE + 0x00000801)
#define SANSEC_CARD_OPERATION_DENYED_05 (SANSEC_CARD_BASE + 0x00000802)
#define SANSEC_CARD_DEVICE_STATUS_ERROR_05 (SANSEC_CARD_BASE + 0x00000803)
#define SANSEC_CARD_LOGIN_ERROR_05 (SANSEC_CARD_BASE + 0x00000811)
#define SANSEC_CARD_USERID_ERROR_05 (SANSEC_CARD_BASE + 0x00000812)
#define SANSEC_CARD_PARAMENT_ERROR_05 (SANSEC_CARD_BASE + 0x00000813)
#define SANSEC_CARD_READER_BASE (SDR_BASE + 0x00030000)
#define SANSEC_CARD_READER_PIN_ERROR (SANSEC_CARD_READER_BASE + 0x000063CE)
#define SANSEC_CARD_READER_NO_CARD (SANSEC_CARD_READER_BASE + 0x0000FF01)
#define SANSEC_CARD_READER_CARD_INSERT (SANSEC_CARD_READER_BASE + 0x0000FF02)
#define SANSEC_CARD_READER_CARD_INSERT_TYPE (SANSEC_CARD_READER_BASE + 0x0000FF03)
#pragma pack(1)
typedef struct {
unsigned int clength;
unsigned char x[ECCref_MAX_LEN];
unsigned char y[ECCref_MAX_LEN];
unsigned char C[136];
unsigned char M[ECCref_MAX_LEN];
} SANSEC_ECCCipher;
#pragma pack()
#ifdef __cplusplus
}
#endif
#endif

332
sdf/sdfutil.c
View File

@@ -1,332 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# include <stdio.h>
# include <stdlib.h>
# include <string.h>
#include "sdf.h"
#include "sdf_ext.h"
# define OP_NONE 0
# define OP_PRINTDEVINFO 1
# define OP_PRINTSM2SIGN 2
# define OP_PRINTSM2ENC 3
# define OP_PRINTRSASIGN 4
# define OP_PRINTRSAENC 5
# define OP_ACCESSKEY 6
# define OP_IMPORTOBJ 7
# define OP_EXPORTOBJ 8
# define OP_DELOBJ 9
void print_usage(FILE *out, const char *prog)
{
fprintf(out, "Usage: %s commands\n", prog);
fprintf(out, "\n");
fprintf(out, "Commands:\n");
fprintf(out, " -help print the usage message\n");
fprintf(out, " -lib Vendor's SDF dynamic library\n");
fprintf(out, " -vendor Vendor name\n");
fprintf(out, " -printdevinfo Print device information\n");
fprintf(out, " -printsm2sign Print SM2 signing key with key index\n");
fprintf(out, " -printsm2enc Print SM2 encryption key with key index\n");
fprintf(out, " -printrsasign Print RSA signing key with key index\n");
fprintf(out, " -printrsaenc Print RSA encryption key with key index\n");
fprintf(out, " -accesskey Access private key with the key index number\n");
fprintf(out, " -pass Passphrase source for accessing private key\n");
fprintf(out, " -importobj Import data object into device\n");
fprintf(out, " -exportobj Export data object from device\n");
fprintf(out, " -delobj Delete data object from device\n");
fprintf(out, " -in File to be imported from\n");
fprintf(out, " -out File to be exported to\n");
}
int main(int argc, char **argv)
{
int ret = 1;
char *infile = NULL, *outfile = NULL, *prog;
char *objname = NULL, *passarg = NULL, *pass = NULL;
FILE *in = NULL, *out = NULL;
char *lib = NULL, *vendor = NULL;
unsigned char buf[SDF_MAX_FILE_SIZE];
unsigned int ulen;
int len, key_idx = -1;
int o;
int op = OP_NONE;
void *hDev = NULL;
void *hSession = NULL;
argc--;
argv++;
while (argc >= 1) {
if (!strcmp(*argv, "-help")) {
opthelp:
print_usage(stdout, prog);
goto end;
} else if (!strcmp(*argv, "-lib")) {
if (--argc < 1) goto bad;
lib = *(++argv);
} else if (!strcmp(*argv, "-vendor")) {
if (--argc < 1) goto bad;
vendor = *(++argv);
} else if (!strcmp(*argv, "-printdevinfo")) {
if (op)
goto opthelp;
op = OP_PRINTDEVINFO;
if (--argc < 1) goto bad;
key_idx = atoi(*(++argv));
} else if (!strcmp(*argv, "-printsm2sign")) {
if (op)
goto opthelp;
op = OP_PRINTSM2SIGN;
if (--argc < 1) goto bad;
key_idx = atoi(*(++argv));
} else if (!strcmp(*argv, "-printsm2enc")) {
if (op)
goto opthelp;
op = OP_PRINTSM2ENC;
if (--argc < 1) goto bad;
key_idx = atoi(*(++argv));
} else if (!strcmp(*argv, "-printrsasign")) {
if (op)
goto opthelp;
op = OP_PRINTRSASIGN;
if (--argc < 1) goto bad;
key_idx = atoi(*(++argv));
} else if (!strcmp(*argv, "-printrsaenc")) {
if (op)
goto opthelp;
op = OP_PRINTRSAENC;
if (--argc < 1) goto bad;
key_idx = atoi(*(++argv));
} else if (!strcmp(*argv, "-accesskey")) {
if (--argc < 1) goto bad;
key_idx = atoi(*(++argv));
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else if (!strcmp(*argv, "-importobj")) {
if (op)
goto opthelp;
op = OP_IMPORTOBJ;
if (--argc < 1) goto bad;
objname = *(++argv);
} else if (!strcmp(*argv, "-exportobj")) {
if (op)
goto opthelp;
op = OP_EXPORTOBJ;
if (--argc < 1) goto bad;
objname = *(++argv);
} else if (!strcmp(*argv, "-delobj")) {
if (op)
goto opthelp;
op = OP_DELOBJ;
if (--argc < 1) goto bad;
objname = *(++argv);
} else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad;
infile = *(++argv);
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad;
outfile = *(++argv);
} else {
break;
}
argc--;
argv++;
}
if (argc != 0)
goto opthelp;
if (!lib) {
fprintf(stderr, "Option '-lib' required\n");
goto opthelp;
}
if (SDF_LoadLibrary(lib, vendor) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
if (op == OP_NONE) {
ret = 0;
goto end;
}
if (SDF_OpenDevice(&hDev) != SDR_OK
|| SDF_OpenSession(hDev, &hSession) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
switch (op) {
case OP_PRINTDEVINFO:
case OP_PRINTSM2SIGN:
case OP_PRINTSM2ENC:
case OP_PRINTRSASIGN:
case OP_PRINTRSAENC:
if (!(out = fopen(outfile, "w"))) {
goto opthelp;
}
break;
}
switch (op) {
case OP_PRINTSM2SIGN:
case OP_PRINTSM2ENC:
case OP_PRINTRSASIGN:
case OP_PRINTRSAENC:
case OP_ACCESSKEY:
if (key_idx < SDF_MIN_KEY_INDEX || key_idx > SDF_MAX_KEY_INDEX) {
fprintf(stderr, "Invalid key index\n");
goto end;
}
break;
}
if (op == OP_PRINTDEVINFO) {
DEVICEINFO devInfo;
if (SDF_GetDeviceInfo(hSession, &devInfo) != SDR_OK
|| SDF_PrintDeviceInfo(out, &devInfo) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
} else if (op == OP_PRINTSM2SIGN || op == OP_PRINTSM2ENC) {
ECCrefPublicKey publicKey;
if (op == OP_PRINTSM2SIGN) {
if (SDF_ExportSignPublicKey_ECC(hSession,
key_idx, &publicKey) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
fprintf(out, "SM2 Signing Public Key:\n");
} else {
if (SDF_ExportEncPublicKey_ECC(hSession,
key_idx, &publicKey) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
fprintf(out, "SM2 Encryption Public Key:\n");
}
if (SDF_PrintECCPublicKey(out, &publicKey) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
} else if (op == OP_PRINTRSASIGN || op == OP_PRINTRSAENC) {
RSArefPublicKey publicKey;
if (op == OP_PRINTRSASIGN) {
if (SDF_ExportSignPublicKey_RSA(hSession,
key_idx, &publicKey) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
fprintf(out, "RSA Signing Public Key:\n");
} else {
if (SDF_ExportEncPublicKey_RSA(hSession,
key_idx, &publicKey) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
fprintf(out, "RSA Encryption Public Key:\n");
}
if (SDF_PrintRSAPublicKey(out, &publicKey) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
} else if (op == OP_ACCESSKEY) {
if (SDF_GetPrivateKeyAccessRight(hSession, (unsigned int)key_idx,
(unsigned char *)pass, strlen(pass)) != SDR_OK) {
return 0;
}
(void)SDF_ReleasePrivateKeyAccessRight(hSession, (unsigned int)key_idx);
fprintf(stderr, "Access private key %d success\n", key_idx);
} else if (op == OP_IMPORTOBJ) {
if (!(in = fopen(infile, "r"))) {
goto opthelp;
}
if ((len = fread(buf, 1, SDF_MAX_FILE_SIZE, in)) < 0) {
fprintf(stderr, "Error reading data object content\n");
goto end;
}
if (SDF_CreateFile(hSession, (unsigned char *)objname, strlen(objname), len) != SDR_OK
|| SDF_WriteFile(hSession, (unsigned char *)objname, strlen(objname), 0, len, buf) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
fprintf(stderr, "Object '%s' (%d bytes) created\n", objname, len);
} else if (op == OP_EXPORTOBJ) {
if (!(out = fopen(outfile, "w"))) {
goto opthelp;
}
if (SDF_ReadFile(hSession, (unsigned char *)objname, strlen(objname), 0, &ulen, buf) != SDR_OK
|| fwrite(buf, 1, ulen, out) != ulen) {
//ERR_print_errors(stderr);
goto end;
}
fprintf(stderr, "Object '%s' (%u bytes) exported\n", objname, ulen);
} else if (op == OP_DELOBJ) {
if (SDF_DeleteFile(hSession, (unsigned char *)objname, strlen(objname)) != SDR_OK) {
//ERR_print_errors(stderr);
goto end;
}
fprintf(stderr, "Object '%s' deleted\n", objname);
} else {
goto end;
}
ret = 0;
bad:
fprintf(stderr, "%s: commands should not be used together\n", prog);
end:
fclose(in);
fclose(out);
if (hSession) (void)SDF_CloseSession(hSession);
if (hDev) (void)SDF_CloseDevice(hDev);
if (lib) SDF_UnloadLibrary();
return ret;
}

403
sdf/sgd.h
View File

@@ -1,403 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* this header file is based on the standard GM/T 0006-2012
* Cryptographic Application Identifier Criterion Specification
*/
#ifndef GMSSL_SGD_H
#define GMSSL_SGD_H
#include <stdint.h>
/* block cipher modes */
#define SGD_ECB 0x01
#define SGD_CBC 0x02
#define SGD_CFB 0x04
#define SGD_OFB 0x08
#define SGD_MAC 0x10
/* stream cipher modes */
#define SGD_EEA3 0x01
#define SGD_EIA3 0x02
/* ciphers */
#define SGD_SM1 0x00000100
#define SGD_SSF33 0x00000200
#define SGD_SM4 0x00000400
#define SGD_ZUC 0x00000800
/* ciphers with modes */
#define SGD_SM1_ECB (SGD_SM1|SGD_ECB)
#define SGD_SM1_CBC (SGD_SM1|SGD_CBC)
#define SGD_SM1_CFB (SGD_SM1|SGD_CFB)
#define SGD_SM1_OFB (SGD_SM1|SGD_OFB)
#define SGD_SM1_MAC (SGD_SM1|SGD_MAC)
#define SGD_SSF33_ECB (SGD_SSF33|SGD_ECB)
#define SGD_SSF33_CBC (SGD_SSF33|SGD_CBC)
#define SGD_SSF33_CFB (SGD_SSF33|SGD_CFB)
#define SGD_SSF33_OFB (SGD_SSF33|SGD_OFB)
#define SGD_SSF33_MAC (SGD_SSF33|SGD_MAC)
#define SGD_SM4_ECB (SGD_SM4|SGD_ECB)
#define SGD_SM4_CBC (SGD_SM4|SGD_CBC)
#define SGD_SM4_CFB (SGD_SM4|SGD_CFB)
#define SGD_SM4_OFB (SGD_SM4|SGD_OFB)
#define SGD_SM4_MAC (SGD_SM4|SGD_MAC)
#define SGD_ZUC_EEA3 (SGD_ZUC|SGD_EEA3)
#define SGD_ZUC_EIA3 (SGD_ZUC|SGD_EIA3)
/* public key usage */
#define SGD_PK_SIGN 0x0100
#define SGD_PK_DH 0x0200
#define SGD_PK_ENC 0x0400
/* public key types */
#define SGD_RSA 0x00010000
#define SGD_RSA_SIGN (SGD_RSA|SGD_PK_SIGN)
#define SGD_RSA_ENC (SGD_RSA|SGD_PK_ENC)
#define SGD_SM2 0x00020000
#define SGD_SM2_1 (SGD_SM2|SGD_PK_SIGN)
#define SGD_SM2_2 (SGD_SM2|SGD_PK_DH)
#define SGD_SM2_3 (SGD_SM2|SGD_PK_ENC)
/* hash */
#define SGD_SM3 0x00000001
#define SGD_SHA1 0x00000002
#define SGD_SHA256 0x00000004
#define SGD_HASH_FROM 0x00000008
#define SGD_HASH_TO 0x000000FF
/* signatue schemes */
#define SGD_SM3_RSA (SGD_SM3|SGD_RSA)
#define SGD_SHA1_RSA (SGD_SHA1|SGD_RSA)
#define SGD_SHA256_RSA (SGD_SHA256|SGD_RSA)
#define SGD_SM3_SM2 (SGD_SM3|SGD_SM2)
#define SGD_SIG_FROM 0x00040000
#define SGD_SIG_TO 0x800000FF
/* data types */
typedef char SGD_CHAR;
typedef char SGD_INT8;
typedef int16_t SGD_INT16;
typedef int32_t SGD_INT32;
typedef int64_t SGD_INT64;
typedef unsigned char SGD_UCHAR;
typedef uint8_t SGD_UINT8;
typedef uint16_t SGD_UINT16;
typedef uint32_t SGD_UINT32;
typedef uint64_t SGD_UINT64;
typedef uint32_t SGD_RV;
typedef void * SGD_OBJ;
typedef int32_t SGD_BOOL;
#define SGD_TRUE 0x00000001
#define SGD_FALSE 0x00000000
#define SGD_KEY_INDEX 0x00000101
#define SGD_SECRET_KEY 0x00000102
#define SGD_PUBLIC_KEY_SIGN 0x00000103
#define SGD_PUBLIC_KEY_ENCRYPT 0x00000104
#define SGD_PRIVATE_KEY_SIGN 0x00000105
#define SGD_PRIVATE_KEY_ENCRYPT 0x00000106
#define SGD_KEY_COMPONENT 0x00000107
#define SGD_PASSWORD 0x00000108
#define SGD_PUBLIC_KEY_CERT 0x00000109
#define SGD_ATTRIBUTE_CERT 0x1000010A
#define SGD_SIGNATURE_DATA 0x10000111
#define SGD_ENVELOPE_DATA 0x10000112
#define SGD_RANDOM_DATA 0x10000113
#define SGD_PLAIN_DATA 0x10000114
#define SGD_CIPHER_DATA 0x10000115
#define SGD_DIGEST_DATA 0x10000116
#define SGD_USER_DATA 0x10000117
/* certificate */
#define SGD_CERT_VERSION 0x00000001
#define SGD_CERT_SERIAL 0x00000002
#define SGD_CERT_ISSUER 0x00000005
#define SGD_CERT_VALID_TIME 0x00000006
#define SGD_CERT_SUBJECT 0x00000007
#define SGD_CERT_DER_PUBLIC_KEY 0x00000008
#define SGD_CERT_DER_EXTENSIONS 0x00000009
#define SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO 0x00000011
#define SGD_EXT_SUBJECTKEYIDENTIFIER_INFO 0x00000012
#define SGD_EXT_KEYUSAGE_INFO 0x00000013
#define SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO 0x00000014
#define SGD_EXT_CERTIFICATEPOLICIES_INFO 0x00000015
#define SGD_EXT_POLICYMAPPINGS_INFO 0x00000016
#define SGD_EXT_BASICCONSTRAINTS_INFO 0x00000017
#define SGD_EXT_POLICYCONSTRAINTS_INFO 0x00000018
#define SGD_EXT_EXTKEYUSAGE_INFO 0x00000019
#define SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO 0x0000001A
#define SGD_EXT_NETSCAPE_CERT_TYPE_INFO 0x0000001B
#define SGD_EXT_SELFDEFINED_EXTENSION_INFO 0x0000001C
#define SGD_CERT_ISSUER_CN 0x00000021
#define SGD_CERT_ISSUER_O 0x00000022
#define SGD_CERT_ISSUER_OU 0x00000023
#define SGD_CERT_SUBJECT_CN 0x00000031
#define SGD_CERT_SUBJECT_O 0x00000032
#define SGD_CERT_SUBJECT_OU 0x00000033
#define SGD_CERT_SUBJECT_EMAIL 0x00000034
#define SGD_CERT_NOTBEFORE_TIME 0x00000035
#define SGD_CERT_NOTAFTER_TIME 0x00000036
/* timestamp info */
#define SGD_TIME_OF_STAMP 0x00000201
#define SGD_CN_OF_TSSIGNER 0x00000202 /* Common Name of TS Signer */
#define SGD_ORININAL_DATA 0x00000203
#define SGD_CERT_OF_TSSSERVER 0x00000204
#define SGD_GERTCHAIN_OF_TSSERVER 0x00000205
#define SGD_SOURCE_OF_TIME 0x00000206
#define SGD_TIME_PRECISION 0x00000207
#define SGD_RESPONSE_TYPE 0x00000208
#define SGD_SUBJECT_COUNTRY_OF_TSSIGNER 0x00000209
#define SGD_SUBJECT_ORGNIZATION_OF_TSSIGNER 0x0000020A
#define SGD_SUJECT_CITY_OF_TSSIGNER 0x0000020B
#define SGD_SUBJECT_EMAIL_OF_TSSIGNER 0x0000020C
/* single sign-on */
#define SGD_SP_ID 0x00000001
#define SGD_SP_USER_ID 0x00000002
#define SGD_IDP_ID 0x00000003
#define SGD_IDP_USER_ID 0x00000004
/* data encoding */
#define SGD_ENCODING_RAW 0x00000000
#define SGD_ENCODING_DER 0x01000000
#define SGD_ENCODING_BASE64 0x02000000
#define SGD_ENCODING_PEM 0x03000000
#define SGD_ENCODING_TXT 0x04000000
/* APIs */
#define SGD_PROTOCOL_CSP 1 /* Microsoft CryptoAPI */
#define SGD_PROTOCOL_PKCS11 2 /* PKCS#11 */
#define SGD_PROTOCOL_SDS 3 /* SDF API */
#define SGD_PROTOCOL_UKEY 4 /* SKF API */
#define SGD_PROTOCOL_CNG 5 /* Microsoft CryptoAPI Next Gen */
#define SGD_PROTOCOL_GCS 6 /* */
/* certificate validation */
#define SGD_CRL_VERIFY 1
#define SGD_OCSP_VEIFY 2
/* role */
#define SGD_ROLE_SUPER_MANAGER 0x00000001
#define SGD_ROLE_MANAGER 0x00000002
#define SGD_ROLE_AUDIT_MANAGER 0x00000003
#define SGD_ROLE_AUDITOR 0x00000004
#define SGD_ROLE_OPERATOR 0x00000005
#define SGD_ROLE_USER 0x00000006
/* user operations */
#define SGD_OPERATION_SIGNIN 0x00000001
#define SGD_OPERATION_SIGNOUT 0x00000002
#define SGD_OPERATION_CREATE 0x00000003
#define SGD_OPERATION_DELETE 0x00000004
#define SGD_OPERATION_MODIFY 0x00000005
#define SGD_OPERATION_CHG_PWD 0x00000006
#define SGD_OPERATION_AUTHORIZATION 0x00000007
/* user operation results */
#define SGD_OPERATION_SUCCESS 0x00000000
/* key types */
#define SGD_MAIN_KEY 0x00000101
#define SGD_DEVICE_KEYS 0x00000102
#define SGD_USER_KEYS 0x00000103
#define SGD_KEY 0x00000104
#define SGD_SESSION_KEY 0x00000105
#define SGD_PRIKEY_PASSWD 0x00000106
#define SGD_COMPARTITION_KEY 0x00000107
/* key operations */
#define SGD_KEY_GENERATION 0x00000101
#define SGD_KEY_DISPENSE 0x00000102
#define SGD_KEY_IMPORT 0x00000103
#define SGD_KEY_EXPORT 0x00000104
#define SGD_KEY_DIVISION 0x00000105
#define SGD_KEY_COMPOSE 0x00000106
#define SGD_KEY_RENEWAL 0x00000107
#define SGD_KEY_BACKUP 0x00000108
#define SGD_KEY_RESTORE 0x00000109
#define SGD_KEY_DESTORY 0x0000010A
/* system operations */
#define SGD_SYSTEM_INIT 0x00000201
#define SGD_SYSTEM_START 0x00000202
#define SGD_SYSTEM_SHUT 0x00000203
#define SGD_SYSTEM_RESTART 0x00000204
#define SGD_SYSTEM_QUERY 0x00000205
#define SGD_SYSTEM_BACKUP 0x00000206
#define SGD_SYSTEM_RESTORE 0x00000207
/* device info */
#define SGD_DEVICE_SORT 0x00000201
#define SGD_DEVICE_TYPE 0x00000202
#define SGD_DEVICE_NAME 0x00000203
#define SGD_DEVICE_MANUFACTURER 0x00000204
#define SGD_DEVICE_HARDWARE_VERSION 0x00000205
#define SGD_DEVICE_SOFTWARE_VERSION 0x00000206
#define SGD_DEVICE_STANDARD_VERSION 0x00000207
#define SGD_DEVICE_SERIAL_NUMBER 0x00000208
#define SGD_DEVICE_SUPPORT_SYMM_ALG 0x00000209
#define SGD_DEVICE_SUPPORT_PKEY_ALG 0x0000020A
#define SGD_DEVICE_SUPPORT_HASH_ALG 0x0000020B
#define SGD_DEVICE_SUPPORT_STORAGE_SPACE 0x0000020C
#define SGD_DEVICE_SUPPORT_FREE_SPACE 0x0000020D
#define SGD_DEVICE_RUNTIME 0x0000020E
#define SGD_DEVICE_USED_TIMES 0x0000020F
#define SGD_DEVICE_LOCATION 0x00000210
#define SGD_DEVICE_DESCRIPTION 0x00000211
#define SGD_DEVICE_MANAGER_INFO 0x00000212
#define SGD_DEVICE_MAX_DATA_SIZE 0x00000213
/* device types */
#define SGD_DEVICE_SORT_SJ 0x02000000 /* Server */
#define SGD_DEVICE_SORT_SK 0x03000000 /* PCI-E Card */
#define SGD_DEVICE_SORT_SM 0x04000000 /* USB-Key and SmartCard */
/* device functionality */
#define SGD_DEVICE_SORT_FE 0x00000100 /* encryption */
#define SGD_DEVICE_SORT_FA 0x00000200 /* authentication */
#define SGD_DEVICE_SORT_FM 0x00000300 /* key management */
/* device status */
#define SGD_STATUS_INIT 0x00000201
#define SGD_STATUS_READY 0x00000202
#define SGD_STATUS_EXCEPTION 0x00000203
/* SKF */
#ifndef WIN32
typedef signed char INT8;
typedef signed short INT16;
typedef signed int INT32;
typedef unsigned char UINT8;
typedef unsigned short UINT16;
typedef unsigned int UINT32;
typedef long BOOL;
typedef UINT8 BYTE;
typedef UINT8 CHAR;
typedef INT16 SHORT;
typedef UINT16 USHORT;
# ifndef SGD_NATIVE_LONG
typedef INT32 LONG;
typedef UINT32 ULONG;
# else
typedef long LONG;
typedef unsigned long ULONG;
# endif
typedef UINT32 UINT;
typedef UINT16 WORD;
typedef UINT32 DWORD;
typedef UINT32 FLAGS;
typedef CHAR * LPSTR;
typedef void * HANDLE;
#else
#ifndef _WINDEF_H
typedef signed char INT8;
typedef signed short INT16;
typedef signed int INT32;
typedef unsigned char UINT8;
typedef unsigned short UINT16;
typedef unsigned int UINT32;
typedef long BOOL;
typedef UINT8 BYTE;
typedef UINT8 CHAR;
typedef INT16 SHORT;
typedef UINT16 USHORT;
# ifndef SGD_NATIVE_LONG
typedef INT32 LONG;
typedef UINT32 ULONG;
# else
typedef long LONG;
typedef unsigned long ULONG;
# endif
typedef UINT32 UINT;
typedef UINT16 WORD;
typedef UINT32 DWORD;
typedef UINT32 FLAGS;
typedef CHAR * LPSTR;
typedef void * HANDLE;
#endif
#endif
typedef HANDLE DEVHANDLE;
typedef HANDLE HAPPLICATION;
typedef HANDLE HSESSION;
typedef HANDLE HCONTAINER;
#ifndef FALSE
#define FALSE 0x00000000
#endif
#ifndef TRUE
#define TRUE 0x00000001
#endif
#ifdef WIN32
#define DEVAPI __stdcall
#else
#define DEVAPI
#endif
#ifndef ADMIN_TYPE
#define ADMIN_TYPE 0
#endif
#ifndef USER_TYPE
#define USER_TYPE 1
#endif
#define MAX_RSA_MODULUS_LEN 256
#define MAX_RSA_EXPONENT_LEN 4
#define ECC_MAX_XCOORDINATE_BITS_LEN 512
#define ECC_MAX_YCOORDINATE_BITS_LEN 512
#define ECC_MAX_MODULUS_BITS_LEN 512
#define MAX_IV_LEN 32
#define MAX_FILE_NAME_SIZE 32
#define MAX_FILE_CONTAINER_NAME_SIZE 64
#define SECURE_NEVER_ACCOUNT 0x00000000
#define SECURE_ADM_ACCOUNT 0x00000001
#define SECURE_USER_ACCOUNT 0x00000010
#define SECURE_ANYONE_ACCOUNT 0x000000FF
/* SDF */
#define RSAref_MAX_BITS 2048
#define RSAref_MAX_LEN ((RSAref_MAX_BITS + 7) / 8)
#define RSAref_MAX_PBITS ((RSAref_MAX_BITS + 1) / 2)
#define RSAref_MAX_PLEN ((RSAref_MAX_PBITS + 7)/ 8)
#ifdef SGD_MAX_ECC_BITS_256
#define ECCref_MAX_BITS 256
#else
#define ECCref_MAX_BITS 512
#endif
#define ECCref_MAX_LEN ((ECCref_MAX_BITS+7) / 8)
/* SAF */
#define SGD_MAX_COUNT 64
#define SGD_MAX_NAME_SIZE 256
#endif

405
skf/sgd.h
View File

@@ -1,405 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* this header file is based on the standard GM/T 0006-2012
* Cryptographic Application Identifier Criterion Specification
*/
#ifndef HEADER_SGD_H
#define HEADER_SGD_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_GMAPI
#include <openssl/e_os2.h>
/* block cipher modes */
#define SGD_ECB 0x01
#define SGD_CBC 0x02
#define SGD_CFB 0x04
#define SGD_OFB 0x08
#define SGD_MAC 0x10
/* stream cipher modes */
#define SGD_EEA3 0x01
#define SGD_EIA3 0x02
/* ciphers */
#define SGD_SM1 0x00000100
#define SGD_SSF33 0x00000200
#define SGD_SM4 0x00000400
#define SGD_ZUC 0x00000800
/* ciphers with modes */
#define SGD_SM1_ECB (SGD_SM1|SGD_ECB)
#define SGD_SM1_CBC (SGD_SM1|SGD_CBC)
#define SGD_SM1_CFB (SGD_SM1|SGD_CFB)
#define SGD_SM1_OFB (SGD_SM1|SGD_OFB)
#define SGD_SM1_MAC (SGD_SM1|SGD_MAC)
#define SGD_SSF33_ECB (SGD_SSF33|SGD_ECB)
#define SGD_SSF33_CBC (SGD_SSF33|SGD_CBC)
#define SGD_SSF33_CFB (SGD_SSF33|SGD_CFB)
#define SGD_SSF33_OFB (SGD_SSF33|SGD_OFB)
#define SGD_SSF33_MAC (SGD_SSF33|SGD_MAC)
#define SGD_SM4_ECB (SGD_SM4|SGD_ECB)
#define SGD_SM4_CBC (SGD_SM4|SGD_CBC)
#define SGD_SM4_CFB (SGD_SM4|SGD_CFB)
#define SGD_SM4_OFB (SGD_SM4|SGD_OFB)
#define SGD_SM4_MAC (SGD_SM4|SGD_MAC)
#define SGD_ZUC_EEA3 (SGD_ZUC|SGD_EEA3)
#define SGD_ZUC_EIA3 (SGD_ZUC|SGD_EIA3)
/* public key usage */
#define SGD_PK_SIGN 0x0100
#define SGD_PK_DH 0x0200
#define SGD_PK_ENC 0x0400
/* public key types */
#define SGD_RSA 0x00010000
#define SGD_RSA_SIGN (SGD_RSA|SGD_PK_SIGN)
#define SGD_RSA_ENC (SGD_RSA|SGD_PK_ENC)
#define SGD_SM2 0x00020000
#define SGD_SM2_1 (SGD_SM2|SGD_PK_SIGN)
#define SGD_SM2_2 (SGD_SM2|SGD_PK_DH)
#define SGD_SM2_3 (SGD_SM2|SGD_PK_ENC)
/* hash */
#define SGD_SM3 0x00000001
#define SGD_SHA1 0x00000002
#define SGD_SHA256 0x00000004
#define SGD_HASH_FROM 0x00000008
#define SGD_HASH_TO 0x000000FF
/* signatue schemes */
#define SGD_SM3_RSA (SGD_SM3|SGD_RSA)
#define SGD_SHA1_RSA (SGD_SHA1|SGD_RSA)
#define SGD_SHA256_RSA (SGD_SHA256|SGD_RSA)
#define SGD_SM3_SM2 (SGD_SM3|SGD_SM2)
#define SGD_SIG_FROM 0x00040000
#define SGD_SIG_TO 0x800000FF
/* data types */
typedef char SGD_CHAR;
typedef char SGD_INT8;
typedef int16_t SGD_INT16;
typedef int32_t SGD_INT32;
typedef int64_t SGD_INT64;
typedef unsigned char SGD_UCHAR;
typedef uint8_t SGD_UINT8;
typedef uint16_t SGD_UINT16;
typedef uint32_t SGD_UINT32;
typedef uint64_t SGD_UINT64;
typedef uint32_t SGD_RV;
typedef void * SGD_OBJ;
typedef int32_t SGD_BOOL;
#define SGD_TRUE 0x00000001
#define SGD_FALSE 0x00000000
#define SGD_KEY_INDEX 0x00000101
#define SGD_SECRET_KEY 0x00000102
#define SGD_PUBLIC_KEY_SIGN 0x00000103
#define SGD_PUBLIC_KEY_ENCRYPT 0x00000104
#define SGD_PRIVATE_KEY_SIGN 0x00000105
#define SGD_PRIVATE_KEY_ENCRYPT 0x00000106
#define SGD_KEY_COMPONENT 0x00000107
#define SGD_PASSWORD 0x00000108
#define SGD_PUBLIC_KEY_CERT 0x00000109
#define SGD_ATTRIBUTE_CERT 0x1000010A
#define SGD_SIGNATURE_DATA 0x10000111
#define SGD_ENVELOPE_DATA 0x10000112
#define SGD_RANDOM_DATA 0x10000113
#define SGD_PLAIN_DATA 0x10000114
#define SGD_CIPHER_DATA 0x10000115
#define SGD_DIGEST_DATA 0x10000116
#define SGD_USER_DATA 0x10000117
/* certificate */
#define SGD_CERT_VERSION 0x00000001
#define SGD_CERT_SERIAL 0x00000002
#define SGD_CERT_ISSUER 0x00000005
#define SGD_CERT_VALID_TIME 0x00000006
#define SGD_CERT_SUBJECT 0x00000007
#define SGD_CERT_DER_PUBLIC_KEY 0x00000008
#define SGD_CERT_DER_EXTENSIONS 0x00000009
#define SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO 0x00000011
#define SGD_EXT_SUBJECTKEYIDENTIFIER_INFO 0x00000012
#define SGD_EXT_KEYUSAGE_INFO 0x00000013
#define SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO 0x00000014
#define SGD_EXT_CERTIFICATEPOLICIES_INFO 0x00000015
#define SGD_EXT_POLICYMAPPINGS_INFO 0x00000016
#define SGD_EXT_BASICCONSTRAINTS_INFO 0x00000017
#define SGD_EXT_POLICYCONSTRAINTS_INFO 0x00000018
#define SGD_EXT_EXTKEYUSAGE_INFO 0x00000019
#define SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO 0x0000001A
#define SGD_EXT_NETSCAPE_CERT_TYPE_INFO 0x0000001B
#define SGD_EXT_SELFDEFINED_EXTENSION_INFO 0x0000001C
#define SGD_CERT_ISSUER_CN 0x00000021
#define SGD_CERT_ISSUER_O 0x00000022
#define SGD_CERT_ISSUER_OU 0x00000023
#define SGD_CERT_SUBJECT_CN 0x00000031
#define SGD_CERT_SUBJECT_O 0x00000032
#define SGD_CERT_SUBJECT_OU 0x00000033
#define SGD_CERT_SUBJECT_EMAIL 0x00000034
#define SGD_CERT_NOTBEFORE_TIME 0x00000035
#define SGD_CERT_NOTAFTER_TIME 0x00000036
/* timestamp info */
#define SGD_TIME_OF_STAMP 0x00000201
#define SGD_CN_OF_TSSIGNER 0x00000202 /* Common Name of TS Signer */
#define SGD_ORININAL_DATA 0x00000203
#define SGD_CERT_OF_TSSSERVER 0x00000204
#define SGD_GERTCHAIN_OF_TSSERVER 0x00000205
#define SGD_SOURCE_OF_TIME 0x00000206
#define SGD_TIME_PRECISION 0x00000207
#define SGD_RESPONSE_TYPE 0x00000208
#define SGD_SUBJECT_COUNTRY_OF_TSSIGNER 0x00000209
#define SGD_SUBJECT_ORGNIZATION_OF_TSSIGNER 0x0000020A
#define SGD_SUJECT_CITY_OF_TSSIGNER 0x0000020B
#define SGD_SUBJECT_EMAIL_OF_TSSIGNER 0x0000020C
/* single sign-on */
#define SGD_SP_ID 0x00000001
#define SGD_SP_USER_ID 0x00000002
#define SGD_IDP_ID 0x00000003
#define SGD_IDP_USER_ID 0x00000004
/* data encoding */
#define SGD_ENCODING_RAW 0x00000000
#define SGD_ENCODING_DER 0x01000000
#define SGD_ENCODING_BASE64 0x02000000
#define SGD_ENCODING_PEM 0x03000000
#define SGD_ENCODING_TXT 0x04000000
/* APIs */
#define SGD_PROTOCOL_CSP 1 /* Microsoft CryptoAPI */
#define SGD_PROTOCOL_PKCS11 2 /* PKCS#11 */
#define SGD_PROTOCOL_SDS 3 /* SDF API */
#define SGD_PROTOCOL_UKEY 4 /* SKF API */
#define SGD_PROTOCOL_CNG 5 /* Microsoft CryptoAPI Next Gen */
#define SGD_PROTOCOL_GCS 6 /* */
/* certificate validation */
#define SGD_CRL_VERIFY 1
#define SGD_OCSP_VEIFY 2
/* role */
#define SGD_ROLE_SUPER_MANAGER 0x00000001
#define SGD_ROLE_MANAGER 0x00000002
#define SGD_ROLE_AUDIT_MANAGER 0x00000003
#define SGD_ROLE_AUDITOR 0x00000004
#define SGD_ROLE_OPERATOR 0x00000005
#define SGD_ROLE_USER 0x00000006
/* user operations */
#define SGD_OPERATION_SIGNIN 0x00000001
#define SGD_OPERATION_SIGNOUT 0x00000002
#define SGD_OPERATION_CREATE 0x00000003
#define SGD_OPERATION_DELETE 0x00000004
#define SGD_OPERATION_MODIFY 0x00000005
#define SGD_OPERATION_CHG_PWD 0x00000006
#define SGD_OPERATION_AUTHORIZATION 0x00000007
/* user operation results */
#define SGD_OPERATION_SUCCESS 0x00000000
/* key types */
#define SGD_MAIN_KEY 0x00000101
#define SGD_DEVICE_KEYS 0x00000102
#define SGD_USER_KEYS 0x00000103
#define SGD_KEY 0x00000104
#define SGD_SESSION_KEY 0x00000105
#define SGD_PRIKEY_PASSWD 0x00000106
#define SGD_COMPARTITION_KEY 0x00000107
/* key operations */
#define SGD_KEY_GENERATION 0x00000101
#define SGD_KEY_DISPENSE 0x00000102
#define SGD_KEY_IMPORT 0x00000103
#define SGD_KEY_EXPORT 0x00000104
#define SGD_KEY_DIVISION 0x00000105
#define SGD_KEY_COMPOSE 0x00000106
#define SGD_KEY_RENEWAL 0x00000107
#define SGD_KEY_BACKUP 0x00000108
#define SGD_KEY_RESTORE 0x00000109
#define SGD_KEY_DESTORY 0x0000010A
/* system operations */
#define SGD_SYSTEM_INIT 0x00000201
#define SGD_SYSTEM_START 0x00000202
#define SGD_SYSTEM_SHUT 0x00000203
#define SGD_SYSTEM_RESTART 0x00000204
#define SGD_SYSTEM_QUERY 0x00000205
#define SGD_SYSTEM_BACKUP 0x00000206
#define SGD_SYSTEM_RESTORE 0x00000207
/* device info */
#define SGD_DEVICE_SORT 0x00000201
#define SGD_DEVICE_TYPE 0x00000202
#define SGD_DEVICE_NAME 0x00000203
#define SGD_DEVICE_MANUFACTURER 0x00000204
#define SGD_DEVICE_HARDWARE_VERSION 0x00000205
#define SGD_DEVICE_SOFTWARE_VERSION 0x00000206
#define SGD_DEVICE_STANDARD_VERSION 0x00000207
#define SGD_DEVICE_SERIAL_NUMBER 0x00000208
#define SGD_DEVICE_SUPPORT_SYMM_ALG 0x00000209
#define SGD_DEVICE_SUPPORT_PKEY_ALG 0x0000020A
#define SGD_DEVICE_SUPPORT_HASH_ALG 0x0000020B
#define SGD_DEVICE_SUPPORT_STORAGE_SPACE 0x0000020C
#define SGD_DEVICE_SUPPORT_FREE_SPACE 0x0000020D
#define SGD_DEVICE_RUNTIME 0x0000020E
#define SGD_DEVICE_USED_TIMES 0x0000020F
#define SGD_DEVICE_LOCATION 0x00000210
#define SGD_DEVICE_DESCRIPTION 0x00000211
#define SGD_DEVICE_MANAGER_INFO 0x00000212
#define SGD_DEVICE_MAX_DATA_SIZE 0x00000213
/* device types */
#define SGD_DEVICE_SORT_SJ 0x02000000 /* Server */
#define SGD_DEVICE_SORT_SK 0x03000000 /* PCI-E Card */
#define SGD_DEVICE_SORT_SM 0x04000000 /* USB-Key and SmartCard */
/* device functionality */
#define SGD_DEVICE_SORT_FE 0x00000100 /* encryption */
#define SGD_DEVICE_SORT_FA 0x00000200 /* authentication */
#define SGD_DEVICE_SORT_FM 0x00000300 /* key management */
/* device status */
#define SGD_STATUS_INIT 0x00000201
#define SGD_STATUS_READY 0x00000202
#define SGD_STATUS_EXCEPTION 0x00000203
/* SKF */
#ifndef WIN32
typedef signed char INT8;
typedef signed short INT16;
typedef signed int INT32;
typedef unsigned char UINT8;
typedef unsigned short UINT16;
typedef unsigned int UINT32;
typedef long BOOL;
typedef UINT8 BYTE;
typedef UINT8 CHAR;
typedef INT16 SHORT;
typedef UINT16 USHORT;
# ifndef SGD_NATIVE_LONG
typedef INT32 LONG;
typedef UINT32 ULONG;
# else
typedef long LONG;
typedef unsigned long ULONG;
# endif
typedef UINT32 UINT;
typedef UINT16 WORD;
typedef UINT32 DWORD;
typedef UINT32 FLAGS;
typedef CHAR * LPSTR;
typedef void * HANDLE;
#else
#ifndef _WINDEF_H
typedef signed char INT8;
typedef signed short INT16;
typedef signed int INT32;
typedef unsigned char UINT8;
typedef unsigned short UINT16;
typedef unsigned int UINT32;
typedef long BOOL;
typedef UINT8 BYTE;
typedef UINT8 CHAR;
typedef INT16 SHORT;
typedef UINT16 USHORT;
# ifndef SGD_NATIVE_LONG
typedef INT32 LONG;
typedef UINT32 ULONG;
# else
typedef long LONG;
typedef unsigned long ULONG;
# endif
typedef UINT32 UINT;
typedef UINT16 WORD;
typedef UINT32 DWORD;
typedef UINT32 FLAGS;
typedef CHAR * LPSTR;
typedef void * HANDLE;
#endif
#endif
typedef HANDLE DEVHANDLE;
typedef HANDLE HAPPLICATION;
typedef HANDLE HSESSION;
typedef HANDLE HCONTAINER;
#ifndef FALSE
#define FALSE 0x00000000
#endif
#ifndef TRUE
#define TRUE 0x00000001
#endif
#ifdef WIN32
#define DEVAPI __stdcall
#else
#define DEVAPI
#endif
#ifndef ADMIN_TYPE
#define ADMIN_TYPE 0
#endif
#ifndef USER_TYPE
#define USER_TYPE 1
#endif
#define MAX_RSA_MODULUS_LEN 256
#define MAX_RSA_EXPONENT_LEN 4
#define ECC_MAX_XCOORDINATE_BITS_LEN 512
#define ECC_MAX_YCOORDINATE_BITS_LEN 512
#define ECC_MAX_MODULUS_BITS_LEN 512
#define MAX_IV_LEN 32
#define MAX_FILE_NAME_SIZE 32
#define MAX_FILE_CONTAINER_NAME_SIZE 64
#define SECURE_NEVER_ACCOUNT 0x00000000
#define SECURE_ADM_ACCOUNT 0x00000001
#define SECURE_USER_ACCOUNT 0x00000010
#define SECURE_ANYONE_ACCOUNT 0x000000FF
/* SDF */
#define RSAref_MAX_BITS 2048
#define RSAref_MAX_LEN ((RSAref_MAX_BITS + 7) / 8)
#define RSAref_MAX_PBITS ((RSAref_MAX_BITS + 1) / 2)
#define RSAref_MAX_PLEN ((RSAref_MAX_PBITS + 7)/ 8)
#ifdef SGD_MAX_ECC_BITS_256
#define ECCref_MAX_BITS 256
#else
#define ECCref_MAX_BITS 512
#endif
#define ECCref_MAX_LEN ((ECCref_MAX_BITS+7) / 8)
/* SAF */
#define SGD_MAX_COUNT 64
#define SGD_MAX_NAME_SIZE 256
#endif
#endif

717
skf/skf.h
View File

@@ -1,717 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* This header file is from the official specification with minor
* modification.
*/
#ifndef HEADER_SKF_H
#define HEADER_SKF_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_SKF
#include <openssl/sgd.h>
#ifdef __cplusplus
extern "C" {
#endif
#pragma pack(1)
typedef struct Struct_Version{
BYTE major;
BYTE minor;
} VERSION;
typedef struct Struct_DEVINFO {
VERSION Version;
CHAR Manufacturer[64];
CHAR Issuer[64];
CHAR Label[32];
CHAR SerialNumber[32];
VERSION HWVersion;
VERSION FirmwareVersion;
ULONG AlgSymCap;
ULONG AlgAsymCap;
ULONG AlgHashCap;
ULONG DevAuthAlgId;
ULONG TotalSpace;
ULONG FreeSpace;
ULONG MaxECCBufferSize;
ULONG MaxBufferSize;
BYTE Reserved[64];
} DEVINFO, *PDEVINFO;
typedef struct Struct_RSAPUBLICKEYBLOB {
ULONG AlgID;
ULONG BitLen;
BYTE Modulus[MAX_RSA_MODULUS_LEN];
BYTE PublicExponent[MAX_RSA_EXPONENT_LEN];
} RSAPUBLICKEYBLOB, *PRSAPUBLICKEYBLOB;
typedef struct Struct_RSAPRIVATEKEYBLOB {
ULONG AlgID;
ULONG BitLen;
BYTE Modulus[MAX_RSA_MODULUS_LEN];
BYTE PublicExponent[MAX_RSA_EXPONENT_LEN];
BYTE PrivateExponent[MAX_RSA_MODULUS_LEN];
BYTE Prime1[MAX_RSA_MODULUS_LEN/2];
BYTE Prime2[MAX_RSA_MODULUS_LEN/2];
BYTE Prime1Exponent[MAX_RSA_MODULUS_LEN/2];
BYTE Prime2Exponent[MAX_RSA_MODULUS_LEN/2];
BYTE Coefficient[MAX_RSA_MODULUS_LEN/2];
} RSAPRIVATEKEYBLOB, *PRSAPRIVATEKEYBLOB;
typedef struct Struct_ECCPUBLICKEYBLOB {
ULONG BitLen;
BYTE XCoordinate[ECC_MAX_XCOORDINATE_BITS_LEN/8];
BYTE YCoordinate[ECC_MAX_YCOORDINATE_BITS_LEN/8];
} ECCPUBLICKEYBLOB, *PECCPUBLICKEYBLOB;
typedef struct Struct_ECCPRIVATEKEYBLOB {
ULONG BitLen;
BYTE PrivateKey[ECC_MAX_MODULUS_BITS_LEN/8];
} ECCPRIVATEKEYBLOB, *PECCPRIVATEKEYBLOB;
typedef struct Struct_ECCCIPHERBLOB {
BYTE XCoordinate[ECC_MAX_XCOORDINATE_BITS_LEN/8];
BYTE YCoordinate[ECC_MAX_XCOORDINATE_BITS_LEN/8];
BYTE HASH[32];
ULONG CipherLen;
BYTE Cipher[1];
} ECCCIPHERBLOB, *PECCCIPHERBLOB;
typedef struct Struct_ECCSIGNATUREBLOB {
BYTE r[ECC_MAX_XCOORDINATE_BITS_LEN/8];
BYTE s[ECC_MAX_XCOORDINATE_BITS_LEN/8];
} ECCSIGNATUREBLOB, *PECCSIGNATUREBLOB;
typedef struct Struct_BLOCKCIPHERPARAM {
BYTE IV[MAX_IV_LEN];
ULONG IVLen;
ULONG PaddingType;
ULONG FeedBitLen;
} BLOCKCIPHERPARAM, *PBLOCKCIPHERPARAM;
typedef struct SKF_ENVELOPEDKEYBLOB {
ULONG Version;
ULONG ulSymmAlgID;
ULONG ulBits;
BYTE cbEncryptedPriKey[64];
ECCPUBLICKEYBLOB PubKey;
ECCCIPHERBLOB ECCCipherBlob;
} ENVELOPEDKEYBLOB, *PENVELOPEDKEYBLOB;
typedef struct Struct_FILEATTRIBUTE {
CHAR FileName[MAX_FILE_NAME_SIZE];
ULONG FileSize;
ULONG ReadRights;
ULONG WriteRights;
} FILEATTRIBUTE, *PFILEATTRIBUTE;
#pragma pack()
/* 7.1.2 */
ULONG DEVAPI SKF_WaitForDevEvent(
LPSTR szDevName,
ULONG *pulDevNameLen,
ULONG *pulEvent);
/* 7.1.3 */
ULONG DEVAPI SKF_CancelWaitForDevEvent(
void);
/* 7.1.4 */
ULONG DEVAPI SKF_EnumDev(
BOOL bPresent,
LPSTR szNameList,
ULONG *pulSize);
/* 7.1.5 */
ULONG DEVAPI SKF_ConnectDev(
LPSTR szName,
DEVHANDLE *phDev);
/* 7.1.6 */
ULONG DEVAPI SKF_DisConnectDev(
DEVHANDLE hDev);
/* 7.1.7 */
ULONG DEVAPI SKF_GetDevState(
LPSTR szDevName,
ULONG *pulDevState);
/* 7.1.8 */
ULONG DEVAPI SKF_SetLabel(
DEVHANDLE hDev,
LPSTR szLabel);
/* 7.1.9 */
ULONG DEVAPI SKF_GetDevInfo(
DEVHANDLE hDev,
DEVINFO *pDevInfo);
/* 7.1.10 */
ULONG DEVAPI SKF_LockDev(
DEVHANDLE hDev,
ULONG ulTimeOut);
/* 7.1.11 */
ULONG DEVAPI SKF_UnlockDev(
DEVHANDLE hDev);
/* 7.1.12 */
ULONG DEVAPI SKF_Transmit(
DEVHANDLE hDev,
BYTE *pbCommand,
ULONG ulCommandLen,
BYTE *pbData,
ULONG *pulDataLen);
/* 7.2.2 */
ULONG DEVAPI SKF_ChangeDevAuthKey(
DEVHANDLE hDev,
BYTE *pbKeyValue,
ULONG ulKeyLen);
/* 7.2.3 */
ULONG DEVAPI SKF_DevAuth(
DEVHANDLE hDev,
BYTE *pbAuthData,
ULONG ulLen);
/* 7.2.4 */
ULONG DEVAPI SKF_ChangePIN(
HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szOldPin,
LPSTR szNewPin,
ULONG *pulRetryCount);
/* 7.2.5 */
LONG DEVAPI SKF_GetPINInfo(
HAPPLICATION hApplication,
ULONG ulPINType,
ULONG *pulMaxRetryCount,
ULONG *pulRemainRetryCount,
BOOL *pbDefaultPin);
/* 7.2.6 */
ULONG DEVAPI SKF_VerifyPIN(
HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szPIN,
ULONG *pulRetryCount);
/* 7.2.7 */
ULONG DEVAPI SKF_UnblockPIN(
HAPPLICATION hApplication,
LPSTR szAdminPIN,
LPSTR szNewUserPIN,
ULONG *pulRetryCount);
/* 7.2.8 */
ULONG DEVAPI SKF_ClearSecureState(
HAPPLICATION hApplication);
/* 7.3.2 */
ULONG DEVAPI SKF_CreateApplication(
DEVHANDLE hDev,
LPSTR szAppName,
LPSTR szAdminPin,
DWORD dwAdminPinRetryCount,
LPSTR szUserPin,
DWORD dwUserPinRetryCount,
DWORD dwCreateFileRights,
HAPPLICATION *phApplication);
/* 7.3.3 */
ULONG DEVAPI SKF_EnumApplication(
DEVHANDLE hDev,
LPSTR szAppName,
ULONG *pulSize);
/* 7.3.4 */
ULONG DEVAPI SKF_DeleteApplication(
DEVHANDLE hDev,
LPSTR szAppName);
/* 7.3.5 */
ULONG DEVAPI SKF_OpenApplication(
DEVHANDLE hDev,
LPSTR szAppName,
HAPPLICATION *phApplication);
/* 7.3.6 */
ULONG DEVAPI SKF_CloseApplication(
HAPPLICATION hApplication);
/* 7.4.2 */
ULONG DEVAPI SKF_CreateFile(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulFileSize,
ULONG ulReadRights,
ULONG ulWriteRights);
/* 7.4.3 */
ULONG DEVAPI SKF_DeleteFile(
HAPPLICATION hApplication,
LPSTR szFileName);
/* 7.4.4 */
ULONG DEVAPI SKF_EnumFiles(
HAPPLICATION hApplication,
LPSTR szFileList,
ULONG *pulSize);
/* 7.4.5 */
ULONG DEVAPI SKF_GetFileInfo(
HAPPLICATION hApplication,
LPSTR szFileName,
FILEATTRIBUTE *pFileInfo);
/* 7.4.6 */
ULONG DEVAPI SKF_ReadFile(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
ULONG ulSize,
BYTE *pbOutData,
ULONG *pulOutLen);
/* 7.4.7 */
ULONG DEVAPI SKF_WriteFile(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
BYTE *pbData,
ULONG ulSize);
/* 7.5.2 */
ULONG DEVAPI SKF_CreateContainer(
HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer);
/* 7.5.3 */
ULONG DEVAPI SKF_DeleteContainer(
HAPPLICATION hApplication,
LPSTR szContainerName);
/* 7.5.4 */
ULONG DEVAPI SKF_OpenContainer(
HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer);
/* 7.5.5 */
ULONG DEVAPI SKF_CloseContainer(
HCONTAINER hContainer);
/* 7.5.6 */
ULONG DEVAPI SKF_EnumContainer(
HAPPLICATION hApplication,
LPSTR szContainerName,
ULONG *pulSize);
/* 7.5.7 */
ULONG DEVAPI SKF_GetContainerType(
HCONTAINER hContainer,
ULONG *pulContainerType);
/* 7.5.8 */
ULONG DEVAPI SKF_ImportCertificate(
HCONTAINER hContainer,
BOOL bExportSignKey,
BYTE *pbCert,
ULONG ulCertLen);
/* 7.5.9 */
ULONG DEVAPI SKF_ExportCertificate(
HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbCert,
ULONG *pulCertLen);
/* 7.6.2 */
ULONG DEVAPI SKF_GenRandom(
DEVHANDLE hDev,
BYTE *pbRandom,
ULONG ulRandomLen);
/* 7.6.3 */
ULONG DEVAPI SKF_GenExtRSAKey(
DEVHANDLE hDev,
ULONG ulBitsLen,
RSAPRIVATEKEYBLOB *pBlob);
/* 7.6.4 */
ULONG DEVAPI SKF_GenRSAKeyPair(
HCONTAINER hContainer,
ULONG ulBitsLen,
RSAPUBLICKEYBLOB *pBlob);
/* 7.6.5 */
ULONG DEVAPI SKF_ImportRSAKeyPair(
HCONTAINER hContainer,
ULONG ulSymAlgId,
BYTE *pbWrappedKey,
ULONG ulWrappedKeyLen,
BYTE *pbEncryptedData,
ULONG ulEncryptedDataLen);
/* 7.6.6 */
ULONG DEVAPI SKF_RSASignData(
HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG *pulSignLen);
/* 7.6.7 */
ULONG DEVAPI SKF_RSAVerify(
DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG ulSignLen);
/* 7.6.8 */
ULONG DEVAPI SKF_RSAExportSessionKey(
HCONTAINER hContainer,
ULONG ulAlgId,
RSAPUBLICKEYBLOB *pPubKey,
BYTE *pbData,
ULONG *pulDataLen,
HANDLE *phSessionKey);
/* 7.6.9 */
ULONG DEVAPI SKF_ExtRSAPubKeyOperation(
DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen);
/* 7.6.10 */
ULONG DEVAPI SKF_ExtRSAPriKeyOperation(
DEVHANDLE hDev,
RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen);
/* 7.6.11 */
ULONG DEVAPI SKF_GenECCKeyPair(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pBlob);
/* 7.6.12 */
ULONG DEVAPI SKF_ImportECCKeyPair(
HCONTAINER hContainer,
ENVELOPEDKEYBLOB *pEnvelopedKeyBlob);
/* 7.6.13 */
ULONG DEVAPI SKF_ECCSignData(
HCONTAINER hContainer,
BYTE *pbDigest,
ULONG ulDigestLen,
ECCSIGNATUREBLOB *pSignature);
#ifdef SKF_HAS_ECCDECRYPT
ULONG DEVAPI SKF_ECCDecrypt(
HCONTAINER hContainer,
ECCCIPHERBLOB *pCipherBlob,
BYTE *pbPlainText,
ULONG *pulPlainTextLen);
#endif
/* 7.6.14 */
ULONG DEVAPI SKF_ECCVerify(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
/* 7.6.15 */
ULONG DEVAPI SKF_ECCExportSessionKey(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pPubKey,
ECCCIPHERBLOB *pData,
HANDLE *phSessionKey);
/* 7.6.16 */
ULONG DEVAPI SKF_ExtECCEncrypt(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbPlainText,
ULONG ulPlainTextLen,
ECCCIPHERBLOB *pCipherText);
/* 7.6.17 */
ULONG DEVAPI SKF_ExtECCDecrypt(
DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
ECCCIPHERBLOB *pCipherText,
BYTE *pbPlainText,
ULONG *pulPlainTextLen);
/* 7.6.18 */
ULONG DEVAPI SKF_ExtECCSign(
DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
/* 7.6.19 */
ULONG DEVAPI SKF_ExtECCVerify(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
/* 7.6.20 */
ULONG DEVAPI SKF_GenerateAgreementDataWithECC(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phAgreementHandle);
/* 7.6.21 */
ULONG DEVAPI SKF_GenerateAgreementDataAndKeyWithECC(
HANDLE hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
BYTE *pbSponsorID,
ULONG ulSponsorIDLen,
HANDLE *phKeyHandle);
/* 7.6.22 */
ULONG DEVAPI SKF_GenerateKeyWithECC(
HANDLE hAgreementHandle,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phKeyHandle);
/* 7.6.23 */
ULONG DEVAPI SKF_ExportPublicKey(
HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbBlob,
ULONG *pulBlobLen);
/* 7.6.24 */
ULONG DEVAPI SKF_ImportSessionKey(
HCONTAINER hContainer,
ULONG ulAlgId,
BYTE *pbWrapedData,
ULONG ulWrapedLen,
HANDLE *phKey);
/* 7.6.25 */
ULONG DEVAPI SKF_SetSymmKey(
DEVHANDLE hDev,
BYTE *pbKey,
ULONG ulAlgID,
HANDLE *phKey);
/* 7.6.26 */
ULONG DEVAPI SKF_EncryptInit(
HANDLE hKey,
BLOCKCIPHERPARAM EncryptParam);
/* 7.6.27 */
ULONG DEVAPI SKF_Encrypt(
HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen);
/* 7.6.28 */
ULONG DEVAPI SKF_EncryptUpdate(
HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen);
/* 7.6.29 */
ULONG DEVAPI SKF_EncryptFinal(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG *pulEncryptedDataLen);
/* 7.6.30 */
ULONG DEVAPI SKF_DecryptInit(
HANDLE hKey,
BLOCKCIPHERPARAM DecryptParam);
/* 7.6.31 */
ULONG DEVAPI SKF_Decrypt(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen);
/* 7.6.32 */
ULONG DEVAPI SKF_DecryptUpdate(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen);
/* 7.6.33 */
ULONG DEVAPI SKF_DecryptFinal(
HANDLE hKey,
BYTE *pbDecryptedData,
ULONG *pulDecryptedDataLen);
/* 7.6.34 */
ULONG DEVAPI SKF_DigestInit(
DEVHANDLE hDev,
ULONG ulAlgID,
ECCPUBLICKEYBLOB *pPubKey,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phHash);
/* 7.6.35 */
ULONG DEVAPI SKF_Digest(
HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbHashData,
ULONG *pulHashLen);
/* 7.6.36 */
ULONG DEVAPI SKF_DigestUpdate(
HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen);
/* 7.6.37 */
ULONG DEVAPI SKF_DigestFinal(
HANDLE hHash,
BYTE *pHashData,
ULONG *pulHashLen);
/* 7.6.38 */
ULONG DEVAPI SKF_MacInit(
HANDLE hKey,
BLOCKCIPHERPARAM *pMacParam,
HANDLE *phMac);
/* 7.6.39 */
ULONG DEVAPI SKF_Mac(
HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbMacData,
ULONG *pulMacLen);
/* 7.6.40 */
ULONG DEVAPI SKF_MacUpdate(
HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen);
/* 7.6.41 */
ULONG DEVAPI SKF_MacFinal(
HANDLE hMac,
BYTE *pbMacData,
ULONG *pulMacDataLen);
/* 7.6.42 */
ULONG DEVAPI SKF_CloseHandle(
HANDLE hHandle);
#define SAR_OK 0x00000000
#define SAR_FAIL 0x0A000001
#define SAR_UNKNOWNERR 0x0A000002
#define SAR_NOTSUPPORTYETERR 0x0A000003
#define SAR_FILEERR 0x0A000004
#define SAR_INVALIDHANDLEERR 0x0A000005
#define SAR_INVALIDPARAMERR 0x0A000006
#define SAR_READFILEERR 0x0A000007
#define SAR_WRITEFILEERR 0x0A000008
#define SAR_NAMELENERR 0x0A000009
#define SAR_KEYUSAGEERR 0x0A00000A
#define SAR_MODULUSLENERR 0x0A00000B
#define SAR_NOTINITIALIZEERR 0x0A00000C
#define SAR_OBJERR 0x0A00000D
#define SAR_MEMORYERR 0x0A00000E
#define SAR_TIMEOUTERR 0x0A00000F
#define SAR_INDATALENERR 0x0A000010
#define SAR_INDATAERR 0x0A000011
#define SAR_GENRANDERR 0x0A000012
#define SAR_HASHOBJERR 0x0A000013
#define SAR_HASHERR 0x0A000014
#define SAR_GENRSAKEYERR 0x0A000015
#define SAR_RSAMODULUSLENERR 0x0A000016
#define SAR_CSPIMPRTPUBKEYERR 0x0A000017
#define SAR_RSAENCERR 0x0A000018
#define SAR_RSADECERR 0x0A000019
#define SAR_HASHNOTEQUALERR 0x0A00001A
#define SAR_KEYNOTFOUNTERR 0x0A00001B
#define SAR_CERTNOTFOUNTERR 0x0A00001C
#define SAR_NOTEXPORTERR 0x0A00001D
#define SAR_DECRYPTPADERR 0x0A00001E
#define SAR_MACLENERR 0x0A00001F
#define SAR_BUFFER_TOO_SMALL 0x0A000020
#define SAR_KEYINFOTYPEERR 0x0A000021
#define SAR_NOT_EVENTERR 0x0A000022
#define SAR_DEVICE_REMOVED 0x0A000023
#define SAR_PIN_INCORRECT 0x0A000024
#define SAR_PIN_LOCKED 0x0A000025
#define SAR_PIN_INVALID 0x0A000026
#define SAR_PIN_LEN_RANGE 0x0A000027
#define SAR_USER_ALREADY_LOGGED_IN 0x0A000028
#define SAR_USER_PIN_NOT_INITIALIZED 0x0A000029
#define SAR_USER_TYPE_INVALID 0x0A00002A
#define SAR_APPLICATION_NAME_INVALID 0x0A00002B
#define SAR_APPLICATION_EXISTS 0x0A00002C
#define SAR_USER_NOT_LOGGED_IN 0x0A00002D
#define SAR_APPLICATION_NOT_EXISTS 0x0A00002E
#define SAR_FILE_ALREADY_EXIST 0x0A00002F
#define SAR_NO_ROOM 0x0A000030
#define SAR_FILE_NOT_EXIST 0x0A000031
#define SAR_REACH_MAX_CONTAINER_COUNT 0x0A000032
#ifdef __cplusplus
}
#endif
#endif
#endif

573
skf/skf_ext.c
View File

@@ -1,573 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/gmskf.h>
#include <openssl/gmapi.h>
#include <openssl/x509v3.h>
#include "internal/skf_int.h"
#include "../../e_os.h"
ULONG DEVAPI SKF_NewECCCipher(ULONG ulCipherLen, ECCCIPHERBLOB **cipherBlob)
{
ECCCIPHERBLOB *ret = NULL;
if (!(ret = OPENSSL_malloc(sizeof(ECCCIPHERBLOB) - 1 + ulCipherLen))) {
SKFerr(SKF_F_SKF_NEWECCCIPHER, ERR_R_MALLOC_FAILURE);
return SAR_MEMORYERR;
}
ret->CipherLen = ulCipherLen;
*cipherBlob = ret;
return SAR_OK;
}
ULONG DEVAPI SKF_NewEnvelopedKey(ULONG ulCipherLen, ENVELOPEDKEYBLOB **envelopedKeyBlob)
{
ENVELOPEDKEYBLOB *ret = NULL;
if (!(ret = OPENSSL_zalloc(sizeof(ENVELOPEDKEYBLOB) - 1 + ulCipherLen))) {
SKFerr(SKF_F_SKF_NEWENVELOPEDKEY, ERR_R_MALLOC_FAILURE);
return SAR_MEMORYERR;
}
ret->ECCCipherBlob.CipherLen = ulCipherLen;
*envelopedKeyBlob = ret;
return SAR_OK;
}
ULONG DEVAPI SKF_OpenDevice(LPSTR devName, BYTE authKey[16], DEVINFO *devInfo, DEVHANDLE *phDev)
{
ULONG rv;
DEVHANDLE hDev = NULL;
HANDLE hKey = NULL;
ULONG ulTimeOut = 0xffffffff;
BYTE authRand[16] = {0};
BYTE authData[16] = {0};
ULONG authRandLen = SKF_AUTHRAND_LENGTH;
ULONG authDataLen = sizeof(authData);
BLOCKCIPHERPARAM encParam = {{0}, 0, 0, 0};
if ((rv = SKF_ConnectDev((LPSTR)devName, &hDev)) != SAR_OK
|| (rv = SKF_GetDevInfo(hDev, devInfo)) != SAR_OK
|| (rv = SKF_LockDev(hDev, ulTimeOut)) != SAR_OK
|| (rv = SKF_GenRandom(hDev, authRand, authRandLen)) != SAR_OK
|| (rv = SKF_SetSymmKey(hDev, authKey, devInfo->DevAuthAlgId, &hKey)) != SAR_OK
|| (rv = SKF_EncryptInit(hKey, encParam)) != SAR_OK
|| (rv = SKF_Encrypt(hKey, authRand, sizeof(authRand), authData, &authDataLen)) != SAR_OK
|| (rv =SKF_DevAuth(hDev, authData, authDataLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
goto end;
}
*phDev = hDev;
hDev = NULL;
end:
OPENSSL_cleanse(authRand, sizeof(authRand));
OPENSSL_cleanse(authData, sizeof(authData));
if (hKey && (rv = SKF_CloseHandle(hKey)) != SAR_OK) {
SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
}
if (hDev && (rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
SKFerr(SKF_F_SKF_OPENDEVICE, ERR_R_SKF_LIB);
}
return rv;
}
ULONG DEVAPI SKF_CloseDevice(DEVHANDLE hDev)
{
ULONG rv;
if ((rv = SKF_UnlockDev(hDev)) != SAR_OK) {
SKFerr(SKF_F_SKF_CLOSEDEVICE, ERR_R_SKF_LIB);
}
if ((rv = SKF_DisConnectDev(hDev)) != SAR_OK) {
SKFerr(SKF_F_SKF_CLOSEDEVICE, ERR_R_SKF_LIB);
}
return rv;
}
ULONG DEVAPI SKF_ImportECCPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
EC_KEY *ec_key, ULONG symmAlgId)
{
int ret = 0;
ULONG rv;
ULONG containerType;
ECCPRIVATEKEYBLOB eccPriKeyBlob;
BYTE symmKey[16];
HANDLE hSymmKey = NULL;
BLOCKCIPHERPARAM encParam;
ULONG encedPriKeyLen;
SKF_PUBLICKEYBLOB signPubKeyBlob;
ULONG signPubKeyLen = sizeof(signPubKeyBlob);
ENVELOPEDKEYBLOB envelopedKeyBlob;
/* check container type */
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
return rv;
}
if (containerType != SKF_CONTAINER_TYPE_ECC) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
return SAR_FAIL;
}
/* get private key and public key */
if (!EC_KEY_get_ECCPRIVATEKEYBLOB(ec_key, &eccPriKeyBlob)
|| !EC_KEY_get_ECCPUBLICKEYBLOB(ec_key, &(envelopedKeyBlob.PubKey))) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_GMAPI_LIB);
rv = SAR_FAIL;
goto end;
}
/* set Version, ulSymmAlgID, ulBits */
envelopedKeyBlob.Version = SKF_ENVELOPEDKEYBLOB_VERSION;
envelopedKeyBlob.ulSymmAlgID = symmAlgId;
envelopedKeyBlob.ulBits = eccPriKeyBlob.BitLen;
/* encrypt private key with random generated symmkey */
if (!RAND_bytes(symmKey, sizeof(symmKey))) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
rv = SAR_FAIL;
goto end;
}
if ((rv = SKF_SetSymmKey(hDev, symmKey, symmAlgId, &hSymmKey)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
encParam.IVLen = 0;
encParam.PaddingType = SKF_NO_PADDING;
if ((rv = SKF_EncryptInit(hSymmKey, encParam)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
encedPriKeyLen = sizeof(envelopedKeyBlob.cbEncryptedPriKey);
if ((rv = SKF_Encrypt(hSymmKey,
eccPriKeyBlob.PrivateKey, sizeof(eccPriKeyBlob.PrivateKey),
(BYTE *)&(envelopedKeyBlob.cbEncryptedPriKey), &encedPriKeyLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
if (encedPriKeyLen != sizeof(eccPriKeyBlob.PrivateKey)) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
rv = SAR_FAIL;
goto end;
}
/* encrypt symmKey */
if ((rv = SKF_ExportPublicKey(hContainer, TRUE,
(BYTE *)&signPubKeyBlob, &signPubKeyLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
if (signPubKeyLen != sizeof(ECCPUBLICKEYBLOB)) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
rv = SAR_FAIL;
goto end;
}
if ((rv = SKF_ExtECCEncrypt(hDev, (ECCPUBLICKEYBLOB *)&signPubKeyBlob,
symmKey, sizeof(symmKey), &(envelopedKeyBlob.ECCCipherBlob))) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
ret = 1;
end:
OPENSSL_cleanse(&eccPriKeyBlob, sizeof(eccPriKeyBlob));
OPENSSL_cleanse(symmKey, sizeof(symmKey));
if (hSymmKey && SKF_CloseHandle(hSymmKey) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTECCPRIVATEKEY, ERR_R_SKF_LIB);
ret = 0;
}
return ret;
}
ULONG DEVAPI SKF_ImportRSAPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
RSA *rsa, ULONG symmAlgId)
{
ULONG rv;
ULONG containerType;
RSAPRIVATEKEYBLOB rsaPriKeyBlob;
unsigned char symmKey[16];
RSAPUBLICKEYBLOB rsaPubKeyBlob;
ULONG rsaPubKeyLen = sizeof(rsaPubKeyBlob);
BYTE wrappedKey[MAX_RSA_MODULUS_LEN];
ULONG wrappedKeyLen = sizeof(wrappedKey);
EVP_CIPHER_CTX *cctx = NULL;
unsigned char *p;
int len;
BYTE encedPriKey[sizeof(RSAPRIVATEKEYBLOB) + 16*2];
ULONG encedPriKeyLen = sizeof(encedPriKey);
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
return rv;
}
if (containerType != SKF_CONTAINER_TYPE_RSA) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
return SAR_FAIL;
}
if (!RSA_get_RSAPRIVATEKEYBLOB(rsa, &rsaPriKeyBlob)) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
/* generate symmkey */
/* wrap symmkey with signing public key */
if (!RAND_bytes(symmKey, sizeof(symmKey))) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
if ((rv = SKF_ExportPublicKey(hContainer, SGD_TRUE,
(BYTE *)&rsaPubKeyBlob, &rsaPubKeyLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
if (!(rsa = RSA_new_from_RSAPUBLICKEYBLOB(&rsaPubKeyBlob))) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
if ((len = RSA_public_encrypt(sizeof(symmKey), symmKey, wrappedKey,
rsa, RSA_PKCS1_PADDING)) != rsaPriKeyBlob.BitLen / 8) {
goto end;
}
wrappedKeyLen = (ULONG)len;
/* encrypt private key with symmkey in ECB mode */
if (!(cctx = EVP_CIPHER_CTX_new())) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!EVP_EncryptInit_ex(cctx, EVP_sms4_ecb(), NULL, symmKey, NULL)) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
goto end;
}
p = encedPriKey;
if (!EVP_EncryptUpdate(cctx, p, &len, (unsigned char *)&rsaPriKeyBlob,
sizeof(RSAPRIVATEKEYBLOB))) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
goto end;
}
p += len;
if (!EVP_EncryptFinal_ex(cctx, p, &len)) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_EVP_LIB);
goto end;
}
p += len;
encedPriKeyLen = p - encedPriKey;
/* import */
if ((rv = SKF_ImportRSAKeyPair(hContainer, symmAlgId, wrappedKey, wrappedKeyLen,
encedPriKey, encedPriKeyLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTRSAPRIVATEKEY, ERR_R_SKF_LIB);
goto end;
}
end:
OPENSSL_cleanse(&rsaPriKeyBlob, sizeof(rsaPriKeyBlob));
OPENSSL_cleanse(symmKey, sizeof(symmKey));
OPENSSL_cleanse(wrappedKey, sizeof(wrappedKey));
EVP_CIPHER_CTX_free(cctx);
return rv;
}
ULONG DEVAPI SKF_ImportPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer,
EVP_PKEY *pkey, ULONG symmAlgId)
{
ULONG rv;
switch (EVP_PKEY_id(pkey)) {
case EVP_PKEY_EC:
if ((rv = SKF_ImportECCPrivateKey(hDev, hContainer,
EVP_PKEY_get0_EC_KEY(pkey), symmAlgId)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY, ERR_R_SKF_LIB);
return rv;
}
break;
case EVP_PKEY_RSA:
if ((rv = SKF_ImportRSAPrivateKey(hDev, hContainer,
EVP_PKEY_get0_RSA(pkey), symmAlgId)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY, ERR_R_SKF_LIB);
return rv;
}
break;
default:
SKFerr(SKF_F_SKF_IMPORTPRIVATEKEY,
SKF_R_UNSUPPORTED_PRIVATE_KEY_TYPE);
return SAR_FAIL;
}
return SAR_OK;
}
ULONG DEVAPI SKF_ExportECCPublicKey(HCONTAINER hContainer, BOOL bSign, EC_KEY **ec_key)
{
ULONG rv;
ULONG containerType;
BYTE pubKeyBlob[sizeof(SKF_PUBLICKEYBLOB)];
ECCPUBLICKEYBLOB *pubKey = (ECCPUBLICKEYBLOB *)pubKeyBlob;
ULONG pubKeyLen = sizeof(SKF_PUBLICKEYBLOB);
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
return rv;
}
if (containerType != SKF_CONTAINER_TYPE_ECC) {
SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
return SAR_FAIL;
}
if ((rv = SKF_ExportPublicKey(hContainer, bSign,
pubKeyBlob, &pubKeyLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
return rv;
}
if (pubKeyLen != sizeof(ECCPUBLICKEYBLOB)) {
SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, ERR_R_SKF_LIB);
return SAR_FAIL;
}
if (!(*ec_key = EC_KEY_new_from_ECCPUBLICKEYBLOB(pubKey))) {
SKFerr(SKF_F_SKF_EXPORTECCPUBLICKEY, SKF_R_INVALID_ECC_PUBLIC_KEY);
return SAR_FAIL;
}
return SAR_OK;
}
ULONG DEVAPI SKF_ExportRSAPublicKey(HCONTAINER hContainer, BOOL bSign, RSA **rsa)
{
ULONG rv;
ULONG containerType;
BYTE pubKeyBlob[sizeof(SKF_PUBLICKEYBLOB)];
RSAPUBLICKEYBLOB *pubKey = (RSAPUBLICKEYBLOB *)pubKeyBlob;
ULONG pubKeyLen = sizeof(SKF_PUBLICKEYBLOB);
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
return rv;
}
if (containerType != SKF_CONTAINER_TYPE_RSA) {
SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, SKF_R_CONTAINER_TYPE_NOT_MATCH);
return SAR_FAIL;
}
if ((rv = SKF_ExportPublicKey(hContainer, bSign,
pubKeyBlob, &pubKeyLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
return rv;
}
if (pubKeyLen != sizeof(RSAPUBLICKEYBLOB)) {
SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, ERR_R_SKF_LIB);
return SAR_FAIL;
}
if (!(*rsa = RSA_new_from_RSAPUBLICKEYBLOB(pubKey))) {
SKFerr(SKF_F_SKF_EXPORTRSAPUBLICKEY, SKF_R_INVALID_RSA_PUBLIC_KEY);
return SAR_FAIL;
}
return SAR_OK;
}
ULONG DEVAPI SKF_ExportEVPPublicKey(HCONTAINER hContainer, BOOL bSign, EVP_PKEY **pp)
{
ULONG rv;
ULONG containerType;
EVP_PKEY *pkey = NULL;
if ((rv = SKF_GetContainerType(hContainer, &containerType)) != SAR_OK) {
SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
return rv;
}
if (!(pkey = EVP_PKEY_new())) {
SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_MALLOC_FAILURE);
return SAR_MEMORYERR;
}
if (containerType == SKF_CONTAINER_TYPE_ECC) {
EC_KEY *ec_key = NULL;
if ((rv = SKF_ExportECCPublicKey(hContainer, bSign,
&ec_key)) != SAR_OK) {
SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
goto end;
}
if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
EC_KEY_free(ec_key);
rv = SAR_FAIL;
goto end;
}
} else if (containerType == SKF_CONTAINER_TYPE_RSA) {
RSA *rsa = NULL;
if ((rv = SKF_ExportRSAPublicKey(hContainer, bSign,
&rsa)) != SAR_OK) {
SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, ERR_R_SKF_LIB);
goto end;
}
if (!EVP_PKEY_assign_RSA(pkey, rsa)) {
RSA_free(rsa);
rv = SAR_FAIL;
goto end;
}
} else {
SKFerr(SKF_F_SKF_EXPORTEVPPUBLICKEY, SKF_R_INVALID_CONTAINER_TYPE);
rv = SAR_FAIL;
goto end;
}
*pp = pkey;
pkey = NULL;
rv = SAR_OK;
end:
EVP_PKEY_free(pkey);
return rv;
}
ULONG DEVAPI SKF_ImportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 *x509)
{
int ret = 0;
ULONG containerType;
unsigned char *cert = NULL;
unsigned char *p;
int len;
if (SKF_GetContainerType(hContainer, &containerType) != SAR_OK) {
return 0;
}
if (containerType == SKF_CONTAINER_TYPE_UNDEF) {
return 0;
}
switch (EVP_PKEY_id(X509_get0_pubkey(x509))) {
case EVP_PKEY_EC:
if (containerType != SKF_CONTAINER_TYPE_ECC) {
goto end;
}
if (!EC_KEY_is_sm2p256v1(EVP_PKEY_get0_EC_KEY(X509_get0_pubkey(x509)))) {
goto end;
}
break;
case EVP_PKEY_RSA:
if (containerType != SKF_CONTAINER_TYPE_RSA) {
goto end;
}
break;
default:
goto end;
}
if (X509_get_key_usage(x509) & (KU_DIGITAL_SIGNATURE|
KU_NON_REPUDIATION|KU_KEY_CERT_SIGN|KU_CRL_SIGN)) {
bSign = SGD_TRUE;
} else if (X509_get_key_usage(x509) & (KU_KEY_ENCIPHERMENT|
KU_DATA_ENCIPHERMENT|KU_KEY_AGREEMENT|KU_ENCIPHER_ONLY)) {
bSign = SGD_FALSE;
} else {
goto end;
}
if ((len = i2d_X509(x509, NULL)) <= 0
|| !(p = cert = OPENSSL_malloc(len))
|| (len = i2d_X509(x509, &p)) <= 0) {
goto end;
}
if (SKF_ImportCertificate(hContainer, bSign, cert, (ULONG)len) != SAR_OK) {
goto end;
}
ret = 1;
end:
X509_free(x509);
OPENSSL_free(cert);
return ret;
}
ULONG DEVAPI SKF_ImportX509CertificateByKeyUsage(HCONTAINER hContainer, X509 *x509)
{
ULONG rv;
BOOL bSign;
if (X509_get_key_usage(x509) & (KU_DIGITAL_SIGNATURE|
KU_NON_REPUDIATION|KU_KEY_CERT_SIGN|KU_CRL_SIGN)) {
bSign = SGD_TRUE;
} else if (X509_get_key_usage(x509) & (KU_KEY_ENCIPHERMENT|
KU_DATA_ENCIPHERMENT|KU_KEY_AGREEMENT|KU_ENCIPHER_ONLY)) {
bSign = SGD_FALSE;
} else {
SKFerr(SKF_F_SKF_IMPORTX509CERTIFICATEBYKEYUSAGE,
SKF_R_UNKNOWN_CERTIFICATE_KEYUSAGE);
return SAR_FAIL;
}
if ((rv = SKF_ImportX509Certificate(hContainer, bSign, x509)) != SAR_OK) {
SKFerr(SKF_F_SKF_IMPORTX509CERTIFICATEBYKEYUSAGE, ERR_R_SKF_LIB);
return rv;
}
return SAR_OK;
}
ULONG DEVAPI SKF_ExportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 **px509)
{
ULONG rv = SAR_FAIL;
BYTE *pbCert = NULL;
ULONG ulCertLen;
const unsigned char *p;
X509 *x509 = NULL;
ulCertLen = SKF_MAX_CERTIFICATE_SIZE;
if (!(pbCert = OPENSSL_zalloc(ulCertLen))) {
SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE, ERR_R_MALLOC_FAILURE);
rv = SAR_MEMORYERR;
goto end;
}
if ((rv = SKF_ExportCertificate(hContainer, bSign,
pbCert, &ulCertLen)) != SAR_OK) {
SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE, ERR_R_SKF_LIB);
goto end;
}
p = pbCert;
if (!(x509 = d2i_X509(NULL, &p, (long)ulCertLen))) {
SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE,
SKF_R_PARSE_CERTIFICATE_FAILURE);
goto end;
}
if (p - pbCert != ulCertLen) {
SKFerr(SKF_F_SKF_EXPORTX509CERTIFICATE,
SKF_R_PARSE_CERTIFICATE_FAILURE);
goto end;
}
*px509 = x509;
x509 = NULL;
rv = SAR_OK;
end:
OPENSSL_free(pbCert);
X509_free(x509);
return rv;
}

96
skf/skf_ext.h
View File

@@ -1,96 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HEADER_GMSKF_H
#define HEADER_GMSKF_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_SKF
#include <stdio.h>
#include <openssl/bio.h>
#include <openssl/sgd.h>
#include <openssl/skf.h>
#define SKF_NO_PADDING 0
#define SKF_PKCS5_PADDING 1
#define SKF_DEV_STATE_ABSENT 0x00000000
#define SKF_DEV_STATE_PRESENT 0x00000001
#define SKF_DEV_STATE_UNKNOW 0x00000010
#define SKF_CONTAINER_TYPE_UNDEF 0
#define SKF_CONTAINER_TYPE_RSA 1
#define SKF_CONTAINER_TYPE_ECC 2
#define SKF_ENVELOPEDKEYBLOB_VERSION 1
#define SKF_AUTHKEY_LENGTH 16
#define SKF_AUTHRAND_LENGTH 16
#define SKF_MAX_FILE_SIZE (256*1024)
#define SKF_MAX_CERTIFICATE_SIZE (8*1024)
#define SKF_DEFAULT_ADMIN_PIN_RETRY_COUNT 6
#define SKF_DEFAULT_USER_PIN_RETRY_COUNT 6
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
union {
ECCPUBLICKEYBLOB ecc;
RSAPUBLICKEYBLOB rsa;
} u;
} SKF_PUBLICKEYBLOB;
#define SKF_MAX_PUBLICKEYBOLB_LENGTH sizeof(SKF_PUBLICKEYBLOB)
typedef struct {
char *name;
unsigned char *buf;
int offset;
int length;
} SKF_FILE_OP_PARAMS;
ULONG DEVAPI SKF_LoadLibrary(LPSTR so_path, LPSTR vendor);
ULONG DEVAPI SKF_UnloadLibrary(void);
ULONG DEVAPI SKF_OpenDevice(LPSTR devName, BYTE authKey[16], DEVINFO *devInfo, DEVHANDLE *phDev);
ULONG DEVAPI SKF_CloseDevice(DEVHANDLE hDev);
ULONG DEVAPI SKF_GetDevStateName(ULONG ulDevState, LPSTR *szName);
ULONG DEVAPI SKF_GetContainerTypeName(ULONG ulContainerType, LPSTR *szName);
ULONG DEVAPI SKF_GetAlgorName(ULONG ulAlgID, LPSTR *szName);
ULONG DEVAPI SKF_PrintDevInfo(BIO *out, DEVINFO *devInfo);
ULONG DEVAPI SKF_PrintRSAPublicKey(BIO *out, RSAPUBLICKEYBLOB *blob);
ULONG DEVAPI SKF_PrintRSAPrivateKey(BIO *out, RSAPRIVATEKEYBLOB *blob);
ULONG DEVAPI SKF_PrintECCPublicKey(BIO *out, ECCPUBLICKEYBLOB *blob);
ULONG DEVAPI SKF_PrintECCPrivateKey(BIO *out, ECCPRIVATEKEYBLOB *blob);
ULONG DEVAPI SKF_PrintECCCipher(BIO *out, ECCCIPHERBLOB *blob);
ULONG DEVAPI SKF_PrintECCSignature(BIO *out, ECCSIGNATUREBLOB *blob);
ULONG DEVAPI SKF_GetErrorString(ULONG ulError, LPSTR *szErrorStr);
ULONG DEVAPI SKF_NewECCCipher(ULONG ulCipherLen, ECCCIPHERBLOB **cipherBlob);
ULONG DEVAPI SKF_NewEnvelopedKey(ULONG ulCipherLen, ENVELOPEDKEYBLOB **envelopedKeyBlob);
ULONG DEVAPI SKF_ImportECCPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer, EC_KEY *ec_key, ULONG symmAlgId);
ULONG DEVAPI SKF_ImportRSAPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer, RSA *rsa, ULONG symmAlgId);
ULONG DEVAPI SKF_ImportPrivateKey(DEVHANDLE hDev, HCONTAINER hContainer, EVP_PKEY *pkey, ULONG symmAlgId);
ULONG DEVAPI SKF_ExportECCPublicKey(HCONTAINER hContainer, BOOL bSign, EC_KEY **pp);
ULONG DEVAPI SKF_ExportRSAPublicKey(HCONTAINER hContainer, BOOL bSign, RSA **pp);
ULONG DEVAPI SKF_ExportEVPPublicKey(HCONTAINER hContainer, BOOL bSign, EVP_PKEY **pp);
ULONG DEVAPI SKF_ImportX509CertificateByKeyUsage(HCONTAINER hContainer, X509 *x509);
ULONG DEVAPI SKF_ImportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 *x509);
ULONG DEVAPI SKF_ExportX509Certificate(HCONTAINER hContainer, BOOL bSign, X509 **px509);

585
skf/skf_int.h
View File

@@ -1,585 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HEADER_SKF_INT_H
#define HEADER_SKF_INT_H
#include <openssl/skf.h>
#include "internal/dso.h"
typedef ULONG (DEVAPI *SKF_WaitForDevEvent_FuncPtr)(
LPSTR szDevName,
ULONG *pulDevNameLen,
ULONG *pulEvent);
typedef ULONG (DEVAPI *SKF_CancelWaitForDevEvent_FuncPtr)(
void);
typedef ULONG (DEVAPI *SKF_EnumDev_FuncPtr)(
BOOL bPresent,
LPSTR szNameList,
ULONG *pulSize);
typedef ULONG (DEVAPI *SKF_ConnectDev_FuncPtr)(
LPSTR szName,
DEVHANDLE *phDev);
typedef ULONG (DEVAPI *SKF_DisConnectDev_FuncPtr)(
DEVHANDLE hDev);
typedef ULONG (DEVAPI *SKF_GetDevState_FuncPtr)(
LPSTR szDevName,
ULONG *pulDevState);
typedef ULONG (DEVAPI *SKF_SetLabel_FuncPtr)(
DEVHANDLE hDev,
LPSTR szLabel);
typedef ULONG (DEVAPI *SKF_GetDevInfo_FuncPtr)(
DEVHANDLE hDev,
DEVINFO *pDevInfo);
typedef ULONG (DEVAPI *SKF_LockDev_FuncPtr)(
DEVHANDLE hDev,
ULONG ulTimeOut);
typedef ULONG (DEVAPI *SKF_UnlockDev_FuncPtr)(
DEVHANDLE hDev);
typedef ULONG (DEVAPI *SKF_Transmit_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbCommand,
ULONG ulCommandLen,
BYTE *pbData,
ULONG *pulDataLen);
typedef ULONG (DEVAPI *SKF_ChangeDevAuthKey_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbKeyValue,
ULONG ulKeyLen);
typedef ULONG (DEVAPI *SKF_DevAuth_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbAuthData,
ULONG ulLen);
typedef ULONG (DEVAPI *SKF_ChangePIN_FuncPtr)(
HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szOldPin,
LPSTR szNewPin,
ULONG *pulRetryCount);
typedef LONG (DEVAPI *SKF_GetPINInfo_FuncPtr)(
HAPPLICATION hApplication,
ULONG ulPINType,
ULONG *pulMaxRetryCount,
ULONG *pulRemainRetryCount,
BOOL *pbDefaultPin);
typedef ULONG (DEVAPI *SKF_VerifyPIN_FuncPtr)(
HAPPLICATION hApplication,
ULONG ulPINType,
LPSTR szPIN,
ULONG *pulRetryCount);
typedef ULONG (DEVAPI *SKF_UnblockPIN_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szAdminPIN,
LPSTR szNewUserPIN,
ULONG *pulRetryCount);
typedef ULONG (DEVAPI *SKF_ClearSecureState_FuncPtr)(
HAPPLICATION hApplication);
typedef ULONG (DEVAPI *SKF_CreateApplication_FuncPtr)(
DEVHANDLE hDev,
LPSTR szAppName,
LPSTR szAdminPin,
DWORD dwAdminPinRetryCount,
LPSTR szUserPin,
DWORD dwUserPinRetryCount,
DWORD dwCreateFileRights,
HAPPLICATION *phApplication);
typedef ULONG (DEVAPI *SKF_EnumApplication_FuncPtr)(
DEVHANDLE hDev,
LPSTR szAppName,
ULONG *pulSize);
typedef ULONG (DEVAPI *SKF_DeleteApplication_FuncPtr)(
DEVHANDLE hDev,
LPSTR szAppName);
typedef ULONG (DEVAPI *SKF_OpenApplication_FuncPtr)(
DEVHANDLE hDev,
LPSTR szAppName,
HAPPLICATION *phApplication);
typedef ULONG (DEVAPI *SKF_CloseApplication_FuncPtr)(
HAPPLICATION hApplication);
typedef ULONG (DEVAPI *SKF_CreateObject_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulFileSize,
ULONG ulReadRights,
ULONG ulWriteRights);
typedef ULONG (DEVAPI *SKF_DeleteObject_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName);
typedef ULONG (DEVAPI *SKF_EnumObjects_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileList,
ULONG *pulSize);
typedef ULONG (DEVAPI *SKF_GetObjectInfo_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName,
FILEATTRIBUTE *pFileInfo);
typedef ULONG (DEVAPI *SKF_ReadObject_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
ULONG ulSize,
BYTE *pbOutData,
ULONG *pulOutLen);
typedef ULONG (DEVAPI *SKF_WriteObject_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szFileName,
ULONG ulOffset,
BYTE *pbData,
ULONG ulSize);
typedef ULONG (DEVAPI *SKF_CreateContainer_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer);
typedef ULONG (DEVAPI *SKF_DeleteContainer_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szContainerName);
typedef ULONG (DEVAPI *SKF_EnumContainer_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szContainerName,
ULONG *pulSize);
typedef ULONG (DEVAPI *SKF_OpenContainer_FuncPtr)(
HAPPLICATION hApplication,
LPSTR szContainerName,
HCONTAINER *phContainer);
typedef ULONG (DEVAPI *SKF_CloseContainer_FuncPtr)(
HCONTAINER hContainer);
typedef ULONG (DEVAPI *SKF_GetContainerType_FuncPtr)(
HCONTAINER hContainer,
ULONG *pulContainerType);
typedef ULONG (DEVAPI *SKF_ImportCertificate_FuncPtr)(
HCONTAINER hContainer,
BOOL bExportSignKey,
BYTE *pbCert,
ULONG ulCertLen);
typedef ULONG (DEVAPI *SKF_ExportCertificate_FuncPtr)(
HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbCert,
ULONG *pulCertLen);
typedef ULONG (DEVAPI *SKF_ExportPublicKey_FuncPtr)(
HCONTAINER hContainer,
BOOL bSignFlag,
BYTE *pbBlob,
ULONG *pulBlobLen);
typedef ULONG (DEVAPI *SKF_GenRandom_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbRandom,
ULONG ulRandomLen);
typedef ULONG (DEVAPI *SKF_GenExtRSAKey_FuncPtr)(
DEVHANDLE hDev,
ULONG ulBitsLen,
RSAPRIVATEKEYBLOB *pBlob);
typedef ULONG (DEVAPI *SKF_GenRSAKeyPair_FuncPtr)(
HCONTAINER hContainer,
ULONG ulBitsLen,
RSAPUBLICKEYBLOB *pBlob);
typedef ULONG (DEVAPI *SKF_ImportRSAKeyPair_FuncPtr)(
HCONTAINER hContainer,
ULONG ulSymAlgId,
BYTE *pbWrappedKey,
ULONG ulWrappedKeyLen,
BYTE *pbEncryptedData,
ULONG ulEncryptedDataLen);
typedef ULONG (DEVAPI *SKF_RSASignData_FuncPtr)(
HCONTAINER hContainer,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG *pulSignLen);
typedef ULONG (DEVAPI *SKF_RSAVerify_FuncPtr)(
DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbSignature,
ULONG ulSignLen);
typedef ULONG (DEVAPI *SKF_RSAExportSessionKey_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
RSAPUBLICKEYBLOB *pPubKey,
BYTE *pbData,
ULONG *pulDataLen,
HANDLE *phSessionKey);
typedef ULONG (DEVAPI *SKF_ExtRSAPubKeyOperation_FuncPtr)(
DEVHANDLE hDev,
RSAPUBLICKEYBLOB *pRSAPubKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen);
typedef ULONG (DEVAPI *SKF_ExtRSAPriKeyOperation_FuncPtr)(
DEVHANDLE hDev,
RSAPRIVATEKEYBLOB *pRSAPriKeyBlob,
BYTE *pbInput,
ULONG ulInputLen,
BYTE *pbOutput,
ULONG *pulOutputLen);
typedef ULONG (DEVAPI *SKF_GenECCKeyPair_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pBlob);
typedef ULONG (DEVAPI *SKF_ImportECCKeyPair_FuncPtr)(
HCONTAINER hContainer,
ENVELOPEDKEYBLOB *pEnvelopedKeyBlob);
typedef ULONG (DEVAPI *SKF_ECCSignData_FuncPtr)(
HCONTAINER hContainer,
BYTE *pbDigest,
ULONG ulDigestLen,
ECCSIGNATUREBLOB *pSignature);
typedef ULONG (DEVAPI *SKF_ECCVerify_FuncPtr)(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
typedef ULONG (DEVAPI *SKF_ECCExportSessionKey_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pPubKey,
ECCCIPHERBLOB *pData,
HANDLE *phSessionKey);
typedef ULONG (DEVAPI *SKF_ExtECCEncrypt_FuncPtr)(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbPlainText,
ULONG ulPlainTextLen,
ECCCIPHERBLOB *pCipherText);
typedef ULONG (DEVAPI *SKF_ECCDecrypt_FuncPtr)(
HCONTAINER hContainer,
ECCCIPHERBLOB *pCipherText,
BYTE *pbPlainText,
ULONG *pulPlainTextLen);
typedef ULONG (DEVAPI *SKF_ExtECCDecrypt_FuncPtr)(
DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
ECCCIPHERBLOB *pCipherText,
BYTE *pbPlainText,
ULONG *pulPlainTextLen);
typedef ULONG (DEVAPI *SKF_ExtECCSign_FuncPtr)(
DEVHANDLE hDev,
ECCPRIVATEKEYBLOB *pECCPriKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
typedef ULONG (DEVAPI *SKF_ExtECCVerify_FuncPtr)(
DEVHANDLE hDev,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
BYTE *pbData,
ULONG ulDataLen,
ECCSIGNATUREBLOB *pSignature);
typedef ULONG (DEVAPI *SKF_GenerateAgreementDataWithECC_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phAgreementHandle);
typedef ULONG (DEVAPI *SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr)(
HANDLE hContainer,
ULONG ulAlgId,
ECCPUBLICKEYBLOB *pSponsorECCPubKeyBlob,
ECCPUBLICKEYBLOB *pSponsorTempECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
BYTE *pbSponsorID,
ULONG ulSponsorIDLen,
HANDLE *phKeyHandle);
typedef ULONG (DEVAPI *SKF_GenerateKeyWithECC_FuncPtr)(
HANDLE hAgreementHandle,
ECCPUBLICKEYBLOB *pECCPubKeyBlob,
ECCPUBLICKEYBLOB *pTempECCPubKeyBlob,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phKeyHandle);
typedef ULONG (DEVAPI *SKF_ImportSessionKey_FuncPtr)(
HCONTAINER hContainer,
ULONG ulAlgId,
BYTE *pbWrapedData,
ULONG ulWrapedLen,
HANDLE *phKey);
typedef ULONG (DEVAPI *SKF_SetSymmKey_FuncPtr)(
DEVHANDLE hDev,
BYTE *pbKey,
ULONG ulAlgID,
HANDLE *phKey);
typedef ULONG (DEVAPI *SKF_EncryptInit_FuncPtr)(
HANDLE hKey,
BLOCKCIPHERPARAM EncryptParam);
typedef ULONG (DEVAPI *SKF_Encrypt_FuncPtr)(
HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen);
typedef ULONG (DEVAPI *SKF_EncryptUpdate_FuncPtr)(
HANDLE hKey,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbEncryptedData,
ULONG *pulEncryptedLen);
typedef ULONG (DEVAPI *SKF_EncryptFinal_FuncPtr)(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG *pulEncryptedDataLen);
typedef ULONG (DEVAPI *SKF_DecryptInit_FuncPtr)(
HANDLE hKey,
BLOCKCIPHERPARAM DecryptParam);
typedef ULONG (DEVAPI *SKF_Decrypt_FuncPtr)(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen);
typedef ULONG (DEVAPI *SKF_DecryptUpdate_FuncPtr)(
HANDLE hKey,
BYTE *pbEncryptedData,
ULONG ulEncryptedLen,
BYTE *pbData,
ULONG *pulDataLen);
typedef ULONG (DEVAPI *SKF_DecryptFinal_FuncPtr)(
HANDLE hKey,
BYTE *pbDecryptedData,
ULONG *pulDecryptedDataLen);
typedef ULONG (DEVAPI *SKF_DigestInit_FuncPtr)(
DEVHANDLE hDev,
ULONG ulAlgID,
ECCPUBLICKEYBLOB *pPubKey,
BYTE *pbID,
ULONG ulIDLen,
HANDLE *phHash);
typedef ULONG (DEVAPI *SKF_Digest_FuncPtr)(
HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbHashData,
ULONG *pulHashLen);
typedef ULONG (DEVAPI *SKF_DigestUpdate_FuncPtr)(
HANDLE hHash,
BYTE *pbData,
ULONG ulDataLen);
typedef ULONG (DEVAPI *SKF_DigestFinal_FuncPtr)(
HANDLE hHash,
BYTE *pHashData,
ULONG *pulHashLen);
typedef ULONG (DEVAPI *SKF_MacInit_FuncPtr)(
HANDLE hKey,
BLOCKCIPHERPARAM *pMacParam,
HANDLE *phMac);
typedef ULONG (DEVAPI *SKF_Mac_FuncPtr)(
HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen,
BYTE *pbMacData,
ULONG *pulMacLen);
typedef ULONG (DEVAPI *SKF_MacUpdate_FuncPtr)(
HANDLE hMac,
BYTE *pbData,
ULONG ulDataLen);
typedef ULONG (DEVAPI *SKF_MacFinal_FuncPtr)(
HANDLE hMac,
BYTE *pbMacData,
ULONG *pulMacDataLen);
typedef ULONG (DEVAPI *SKF_CloseHandle_FuncPtr)(
HANDLE hHandle);
typedef struct skf_method_st {
char *name;
DSO *dso;
SKF_WaitForDevEvent_FuncPtr WaitForDevEvent;
SKF_CancelWaitForDevEvent_FuncPtr CancelWaitForDevEvent;
SKF_EnumDev_FuncPtr EnumDev;
SKF_ConnectDev_FuncPtr ConnectDev;
SKF_DisConnectDev_FuncPtr DisConnectDev;
SKF_GetDevState_FuncPtr GetDevState;
SKF_SetLabel_FuncPtr SetLabel;
SKF_GetDevInfo_FuncPtr GetDevInfo;
SKF_LockDev_FuncPtr LockDev;
SKF_UnlockDev_FuncPtr UnlockDev;
SKF_Transmit_FuncPtr Transmit;
SKF_ChangeDevAuthKey_FuncPtr ChangeDevAuthKey;
SKF_DevAuth_FuncPtr DevAuth;
SKF_ChangePIN_FuncPtr ChangePIN;
SKF_GetPINInfo_FuncPtr GetPINInfo;
SKF_VerifyPIN_FuncPtr VerifyPIN;
SKF_UnblockPIN_FuncPtr UnblockPIN;
SKF_ClearSecureState_FuncPtr ClearSecureState;
SKF_CreateApplication_FuncPtr CreateApplication;
SKF_EnumApplication_FuncPtr EnumApplication;
SKF_DeleteApplication_FuncPtr DeleteApplication;
SKF_OpenApplication_FuncPtr OpenApplication;
SKF_CloseApplication_FuncPtr CloseApplication;
SKF_CreateObject_FuncPtr CreateObject;
SKF_DeleteObject_FuncPtr DeleteObject;
SKF_EnumObjects_FuncPtr EnumObjects;
SKF_GetObjectInfo_FuncPtr GetObjectInfo;
SKF_ReadObject_FuncPtr ReadObject;
SKF_WriteObject_FuncPtr WriteObject;
SKF_CreateContainer_FuncPtr CreateContainer;
SKF_DeleteContainer_FuncPtr DeleteContainer;
SKF_EnumContainer_FuncPtr EnumContainer;
SKF_OpenContainer_FuncPtr OpenContainer;
SKF_CloseContainer_FuncPtr CloseContainer;
SKF_GetContainerType_FuncPtr GetContainerType;
SKF_ImportCertificate_FuncPtr ImportCertificate;
SKF_ExportCertificate_FuncPtr ExportCertificate;
SKF_ExportPublicKey_FuncPtr ExportPublicKey;
SKF_GenRandom_FuncPtr GenRandom;
SKF_GenExtRSAKey_FuncPtr GenExtRSAKey;
SKF_GenRSAKeyPair_FuncPtr GenRSAKeyPair;
SKF_ImportRSAKeyPair_FuncPtr ImportRSAKeyPair;
SKF_RSASignData_FuncPtr RSASignData;
SKF_RSAVerify_FuncPtr RSAVerify;
SKF_RSAExportSessionKey_FuncPtr RSAExportSessionKey;
SKF_ExtRSAPubKeyOperation_FuncPtr ExtRSAPubKeyOperation;
SKF_ExtRSAPriKeyOperation_FuncPtr ExtRSAPriKeyOperation;
SKF_GenECCKeyPair_FuncPtr GenECCKeyPair;
SKF_ImportECCKeyPair_FuncPtr ImportECCKeyPair;
SKF_ECCSignData_FuncPtr ECCSignData;
SKF_ECCVerify_FuncPtr ECCVerify;
SKF_ECCExportSessionKey_FuncPtr ECCExportSessionKey;
SKF_ExtECCEncrypt_FuncPtr ExtECCEncrypt;
SKF_ExtECCDecrypt_FuncPtr ExtECCDecrypt;
SKF_ECCDecrypt_FuncPtr ECCDecrypt;
SKF_ExtECCSign_FuncPtr ExtECCSign;
SKF_ExtECCVerify_FuncPtr ExtECCVerify;
SKF_GenerateAgreementDataWithECC_FuncPtr GenerateAgreementDataWithECC;
SKF_GenerateAgreementDataAndKeyWithECC_FuncPtr GenerateAgreementDataAndKeyWithECC;
SKF_GenerateKeyWithECC_FuncPtr GenerateKeyWithECC;
SKF_ImportSessionKey_FuncPtr ImportSessionKey;
SKF_SetSymmKey_FuncPtr SetSymmKey;
SKF_EncryptInit_FuncPtr EncryptInit;
SKF_Encrypt_FuncPtr Encrypt;
SKF_EncryptUpdate_FuncPtr EncryptUpdate;
SKF_EncryptFinal_FuncPtr EncryptFinal;
SKF_DecryptInit_FuncPtr DecryptInit;
SKF_Decrypt_FuncPtr Decrypt;
SKF_DecryptUpdate_FuncPtr DecryptUpdate;
SKF_DecryptFinal_FuncPtr DecryptFinal;
SKF_DigestInit_FuncPtr DigestInit;
SKF_Digest_FuncPtr Digest;
SKF_DigestUpdate_FuncPtr DigestUpdate;
SKF_DigestFinal_FuncPtr DigestFinal;
SKF_MacInit_FuncPtr MacInit;
SKF_Mac_FuncPtr Mac;
SKF_MacUpdate_FuncPtr MacUpdate;
SKF_MacFinal_FuncPtr MacFinal;
SKF_CloseHandle_FuncPtr CloseHandle;
} SKF_METHOD;
SKF_METHOD *SKF_METHOD_load_library(const char *so_path);
void SKF_METHOD_free(SKF_METHOD *meth);
typedef struct skf_vendor_st {
char *name;
unsigned int authrand_length;
ULONG (*get_cipher_algor)(ULONG vendor_id);
ULONG (*get_cipher_cap)(ULONG vendor_cap);
ULONG (*get_digest_algor)(ULONG vendor_id);
ULONG (*get_digest_cap)(ULONG vendor_cap);
ULONG (*get_pkey_algor)(ULONG vendor_id);
ULONG (*get_pkey_cap)(ULONG vendor_cap);
unsigned long (*get_error_reason)(ULONG err);
} SKF_VENDOR;
typedef struct {
ULONG err;
unsigned long reason;
} SKF_ERR_REASON;
#endif

2739
skf/skf_lib.c
View File

File diff suppressed because it is too large Load Diff

139
skf/skf_meth.c
View File

@@ -1,139 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <openssl/err.h>
#include <openssl/gmskf.h>
#include "internal/dso.h"
#include "internal/skf_int.h"
#define SKF_METHOD_BIND_FUNCTION_EX(func,name) \
skf->func = (SKF_##func##_FuncPtr)DSO_bind_func(skf->dso, "SKF_"#name)
#define SKF_METHOD_BIND_FUNCTION(func) \
SKF_METHOD_BIND_FUNCTION_EX(func,func)
SKF_METHOD *SKF_METHOD_load_library(const char *so_path)
{
SKF_METHOD *ret = NULL;
SKF_METHOD *skf = NULL;
if (!(skf = OPENSSL_zalloc(sizeof(*skf)))) {
SKFerr(SKF_F_SKF_METHOD_LOAD_LIBRARY, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!(skf->dso = DSO_load(NULL, so_path, NULL, 0))) {
SKFerr(SKF_F_SKF_METHOD_LOAD_LIBRARY, SKF_R_DSO_LOAD_FAILURE);
goto end;
}
SKF_METHOD_BIND_FUNCTION(WaitForDevEvent);
SKF_METHOD_BIND_FUNCTION(CancelWaitForDevEvent);
SKF_METHOD_BIND_FUNCTION(EnumDev);
SKF_METHOD_BIND_FUNCTION(ConnectDev);
SKF_METHOD_BIND_FUNCTION(DisConnectDev);
SKF_METHOD_BIND_FUNCTION(GetDevState);
SKF_METHOD_BIND_FUNCTION(SetLabel);
SKF_METHOD_BIND_FUNCTION(GetDevInfo);
SKF_METHOD_BIND_FUNCTION(LockDev);
SKF_METHOD_BIND_FUNCTION(UnlockDev);
SKF_METHOD_BIND_FUNCTION(Transmit);
SKF_METHOD_BIND_FUNCTION(ChangeDevAuthKey);
SKF_METHOD_BIND_FUNCTION(DevAuth);
SKF_METHOD_BIND_FUNCTION(ChangePIN);
SKF_METHOD_BIND_FUNCTION(GetPINInfo);
SKF_METHOD_BIND_FUNCTION(VerifyPIN);
SKF_METHOD_BIND_FUNCTION(UnblockPIN);
SKF_METHOD_BIND_FUNCTION(ClearSecureState);
SKF_METHOD_BIND_FUNCTION(CreateApplication);
SKF_METHOD_BIND_FUNCTION(EnumApplication);
SKF_METHOD_BIND_FUNCTION(DeleteApplication);
SKF_METHOD_BIND_FUNCTION(OpenApplication);
SKF_METHOD_BIND_FUNCTION(CloseApplication);
SKF_METHOD_BIND_FUNCTION_EX(CreateObject,CreateFile);
SKF_METHOD_BIND_FUNCTION_EX(DeleteObject,DeleteFile);
SKF_METHOD_BIND_FUNCTION_EX(EnumObjects,EnumFiles);
SKF_METHOD_BIND_FUNCTION_EX(GetObjectInfo,GetFileInfo);
SKF_METHOD_BIND_FUNCTION_EX(ReadObject,ReadFile);
SKF_METHOD_BIND_FUNCTION_EX(WriteObject,WriteFile);
SKF_METHOD_BIND_FUNCTION(CreateContainer);
SKF_METHOD_BIND_FUNCTION(DeleteContainer);
SKF_METHOD_BIND_FUNCTION(EnumContainer);
SKF_METHOD_BIND_FUNCTION(OpenContainer);
SKF_METHOD_BIND_FUNCTION(CloseContainer);
SKF_METHOD_BIND_FUNCTION(GetContainerType);
SKF_METHOD_BIND_FUNCTION(ImportCertificate);
SKF_METHOD_BIND_FUNCTION(ExportCertificate);
SKF_METHOD_BIND_FUNCTION(ExportPublicKey);
SKF_METHOD_BIND_FUNCTION(GenRandom);
SKF_METHOD_BIND_FUNCTION(GenExtRSAKey);
SKF_METHOD_BIND_FUNCTION(GenRSAKeyPair);
SKF_METHOD_BIND_FUNCTION(ImportRSAKeyPair);
SKF_METHOD_BIND_FUNCTION(RSASignData);
SKF_METHOD_BIND_FUNCTION(RSAVerify);
SKF_METHOD_BIND_FUNCTION(RSAExportSessionKey);
SKF_METHOD_BIND_FUNCTION(ExtRSAPubKeyOperation);
SKF_METHOD_BIND_FUNCTION(ExtRSAPriKeyOperation);
SKF_METHOD_BIND_FUNCTION(GenECCKeyPair);
SKF_METHOD_BIND_FUNCTION(ImportECCKeyPair);
SKF_METHOD_BIND_FUNCTION(ECCSignData);
SKF_METHOD_BIND_FUNCTION(ECCVerify);
SKF_METHOD_BIND_FUNCTION(ECCExportSessionKey);
SKF_METHOD_BIND_FUNCTION(ExtECCEncrypt);
SKF_METHOD_BIND_FUNCTION(ExtECCDecrypt);
SKF_METHOD_BIND_FUNCTION(ExtECCSign);
SKF_METHOD_BIND_FUNCTION(ExtECCVerify);
SKF_METHOD_BIND_FUNCTION(GenerateAgreementDataWithECC);
SKF_METHOD_BIND_FUNCTION(GenerateAgreementDataAndKeyWithECC);
SKF_METHOD_BIND_FUNCTION(GenerateKeyWithECC);
SKF_METHOD_BIND_FUNCTION(ImportSessionKey);
SKF_METHOD_BIND_FUNCTION(SetSymmKey);
SKF_METHOD_BIND_FUNCTION(EncryptInit);
SKF_METHOD_BIND_FUNCTION(Encrypt);
SKF_METHOD_BIND_FUNCTION(EncryptUpdate);
SKF_METHOD_BIND_FUNCTION(EncryptFinal);
SKF_METHOD_BIND_FUNCTION(DecryptInit);
SKF_METHOD_BIND_FUNCTION(Decrypt);
SKF_METHOD_BIND_FUNCTION(DecryptUpdate);
SKF_METHOD_BIND_FUNCTION(DecryptFinal);
SKF_METHOD_BIND_FUNCTION(DigestInit);
SKF_METHOD_BIND_FUNCTION(Digest);
SKF_METHOD_BIND_FUNCTION(DigestUpdate);
SKF_METHOD_BIND_FUNCTION(DigestFinal);
SKF_METHOD_BIND_FUNCTION(MacInit);
SKF_METHOD_BIND_FUNCTION(Mac);
SKF_METHOD_BIND_FUNCTION(MacUpdate);
SKF_METHOD_BIND_FUNCTION(MacFinal);
SKF_METHOD_BIND_FUNCTION(CloseHandle);
#ifdef SKF_HAS_ECCDECRYPT
SKF_METHOD_BIND_FUNCTION(ECCDecrypt);
#endif
ret = skf;
skf = NULL;
end:
SKF_METHOD_free(skf);
return ret;
}
void SKF_METHOD_free(SKF_METHOD *meth)
{
if (meth)
DSO_free(meth->dso);
OPENSSL_free(meth);
}

340
skf/skf_prn.c
View File

@@ -1,340 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <limits.h>
#include <openssl/err.h>
#include <openssl/gmskf.h>
#include "internal/skf_int.h"
#include "../../e_os.h"
static char *skf_algor_name(ULONG ulAlgID)
{
switch (ulAlgID) {
case SGD_SM1_ECB: return "sm1-ecb";
case SGD_SM1_CBC: return "sm1-cbc";
case SGD_SM1_CFB: return "sm1-cfb";
case SGD_SM1_OFB: return "sm1-ofb128";
case SGD_SM1_MAC: return "sm1-mac";
case SGD_SM4_ECB: return "sms4-ecb";
case SGD_SM4_CBC: return "sms4-cbc";
case SGD_SM4_CFB: return "sms4-cfb";
case SGD_SM4_OFB: return "sms4-ofb128";
case SGD_SM4_MAC: return "sms4-mac";
case SGD_SSF33_ECB: return "ssf33-ecb";
case SGD_SSF33_CBC: return "ssf33-cbc";
case SGD_SSF33_CFB: return "ssf33-cfb";
case SGD_SSF33_OFB: return "ssf33-ofb128";
case SGD_SSF33_MAC: return "ssf33-mac";
case SGD_RSA: return "rsa";
case SGD_SM2_1: return "sm2sign";
case SGD_SM2_2: return "sm2encrypt";
case SGD_SM2_3: return "sm2keyagreement";
case SGD_SM3: return "sm3";
case SGD_SHA1: return "sha1";
case SGD_SHA256: return "sha256";
}
return NULL;
}
ULONG SKF_GetDevStateName(ULONG ulDevState, LPSTR *szDevStateName)
{
if (!szDevStateName) {
return SAR_INDATALENERR;
}
switch (ulDevState) {
case SKF_DEV_STATE_ABSENT:
*szDevStateName = (LPSTR)"Absent";
break;
case SKF_DEV_STATE_PRESENT:
*szDevStateName = (LPSTR)"Present";
break;
case SKF_DEV_STATE_UNKNOW:
*szDevStateName = (LPSTR)"Unknown";
break;
default:
*szDevStateName = (LPSTR)"(Error)";
return SAR_INDATALENERR;
}
return SAR_OK;
}
ULONG SKF_GetContainerTypeName(ULONG ulContainerType, LPSTR *szName)
{
switch (ulContainerType) {
case SKF_CONTAINER_TYPE_UNDEF:
*szName = (LPSTR)"(undef)";
break;
case SKF_CONTAINER_TYPE_RSA:
*szName = (LPSTR)"RSA";
break;
case SKF_CONTAINER_TYPE_ECC:
*szName = (LPSTR)"EC";
break;
default:
*szName = (LPSTR)"(unknown)";
}
/* always success for help functions */
return SAR_OK;
}
typedef struct {
ULONG id;
char *name;
} table_item_t;
static table_item_t skf_cipher_caps[] = {
{ SGD_SM1_ECB, "sm1-ecb" },
{ SGD_SM1_CBC, "sm1-cbc" },
{ SGD_SM1_CFB, "sm1-cfb" },
{ SGD_SM1_OFB, "sm1-ofb128" },
{ SGD_SM1_MAC, "cbcmac-sm1" },
{ SGD_SSF33_ECB, "ssf33-ecb" },
{ SGD_SSF33_CBC, "ssf33-cbc" },
{ SGD_SSF33_CFB, "ssf33-cfb" },
{ SGD_SSF33_OFB, "ssf33-ofb128" },
{ SGD_SSF33_MAC, "cbcmac-ssf33" },
{ SGD_SM4_ECB, "sms4-ecb" },
{ SGD_SM4_CBC, "sms4-cbc" },
{ SGD_SM4_CFB, "sms4-cfb" },
{ SGD_SM4_OFB, "sms4-ofb128" },
{ SGD_SM4_MAC, "cbcmac-sms4" },
{ SGD_ZUC_EEA3, "zuc_128eea3" },
{ SGD_ZUC_EIA3, "zuc_128eia3" }
};
static table_item_t skf_digest_caps[] = {
{ SGD_SM3, "sm3" },
{ SGD_SHA1, "sha1" },
{ SGD_SHA256, "sha256" },
};
static table_item_t skf_pkey_caps[] = {
{ SGD_RSA_SIGN, "rsa" },
{ SGD_RSA_ENC, "rsaEncryption" },
{ SGD_SM2_1, "sm2sign" },
{ SGD_SM2_2, "sm2exchange" },
{ SGD_SM2_3, "sm2encrypt" }
};
ULONG SKF_PrintDevInfo(BIO *out, DEVINFO *devInfo)
{
size_t i, n;
char *serial = OPENSSL_buf2hexstr(devInfo->SerialNumber, strlen((char *)devInfo->SerialNumber));
BIO_printf(out, " %-16s : %d.%d\n", "Version", devInfo->Version.major, devInfo->Version.minor);
BIO_printf(out, " %-16s : %s\n", "Manufacturer", devInfo->Manufacturer);
BIO_printf(out, " %-16s : %s\n", "Issuer", devInfo->Issuer);
BIO_printf(out, " %-16s : %s\n", "Label", devInfo->Label);
BIO_printf(out, " %-16s : %s\n", "Serial Number", serial);
BIO_printf(out, " %-16s : %d.%d\n", "Firmware Version", devInfo->HWVersion.major, devInfo->HWVersion.minor);
BIO_printf(out, " %-16s : ", "Ciphers");
for (i = n = 0; i < OSSL_NELEM(skf_cipher_caps); i++) {
if ((devInfo->AlgSymCap & skf_cipher_caps[i].id) ==
skf_cipher_caps[i].id) {
BIO_printf(out, "%s%s", n ? "," : "", skf_cipher_caps[i].name);
n++;
}
}
BIO_puts(out, "\n");
BIO_printf(out, " %-16s : ", "Public Keys");
for (i = n = 0; i < OSSL_NELEM(skf_pkey_caps); i++) {
if ((devInfo->AlgAsymCap & skf_pkey_caps[i].id) ==
skf_pkey_caps[i].id) {
BIO_printf(out, "%s%s", n ? "," : "", skf_pkey_caps[i].name);
n++;
}
}
BIO_puts(out, "\n");
BIO_printf(out, " %-16s : ", "Digests");
for (i = n = 0; i < OSSL_NELEM(skf_digest_caps); i++) {
if ((devInfo->AlgHashCap & skf_digest_caps[i].id) ==
skf_digest_caps[i].id) {
BIO_printf(out, "%s%s", n ? "," : "", skf_digest_caps[i].name);
n++;
}
}
BIO_puts(out, "\n");
BIO_printf(out, " %-16s : ", "Auth Cipher");
for (i = 0; i < OSSL_NELEM(skf_cipher_caps); i++) {
if (devInfo->DevAuthAlgId == skf_cipher_caps[i].id) {
BIO_printf(out, "%s\n", skf_cipher_caps[i].name);
break;
}
}
if (i == OSSL_NELEM(skf_cipher_caps)) {
BIO_puts(out, "(unknown)\n");
}
if (devInfo->TotalSpace == UINT_MAX)
BIO_printf(out, " %-16s : %s\n", "Total Sapce", "(unlimited)");
else BIO_printf(out, " %-16s : %u\n", "Total Sapce", devInfo->TotalSpace);
if (devInfo->FreeSpace == UINT_MAX)
BIO_printf(out, " %-16s : %s\n", "Free Space", "(unlimited)");
else BIO_printf(out, " %-16s : %u\n", "Free Space", devInfo->FreeSpace);
if (devInfo->MaxECCBufferSize == UINT_MAX)
BIO_printf(out, " %-16s : %s\n", "MAX ECC Input", "(unlimited)");
else BIO_printf(out, " %-16s : %u\n", "MAX ECC Input", devInfo->MaxECCBufferSize);
if (devInfo->MaxBufferSize == UINT_MAX)
BIO_printf(out, " %-16s : %s\n", "MAX Cipher Input", "(unlimited)");
else BIO_printf(out, " %-16s : %u\n", "MAX Cipher Input", devInfo->MaxBufferSize);
OPENSSL_free(serial);
return SAR_OK;
}
ULONG SKF_PrintRSAPublicKey(BIO *out, RSAPUBLICKEYBLOB *blob)
{
BIO_printf(out, "AlgID : %s\n", skf_algor_name(blob->AlgID));
BIO_printf(out, "BitLen : %u\n", blob->BitLen);
BIO_puts(out, "Modulus:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->Modulus, MAX_RSA_MODULUS_LEN);
BIO_puts(out, "\n");
BIO_puts(out, "PublicExponent:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->PublicExponent, MAX_RSA_EXPONENT_LEN);
BIO_puts(out, "\n");
return SAR_OK;
}
ULONG SKF_PrintRSAPrivateKey(BIO *out, RSAPRIVATEKEYBLOB *blob)
{
BIO_printf(out, "AlgID : %s\n", skf_algor_name(blob->AlgID));
BIO_printf(out, "BitLen : %u\n", blob->BitLen);
BIO_puts(out, "Modulus:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->Modulus, MAX_RSA_MODULUS_LEN);
BIO_puts(out, "\n");
BIO_puts(out, "PublicExponent:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->PublicExponent, MAX_RSA_EXPONENT_LEN);
BIO_puts(out, "\n");
BIO_puts(out, "PrivateExponent:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->PrivateExponent, MAX_RSA_MODULUS_LEN);
BIO_puts(out, "\n");
BIO_puts(out, "Prime1:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->Prime1, MAX_RSA_MODULUS_LEN/2);
BIO_puts(out, "\n");
BIO_puts(out, "Prime2:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->Prime2, MAX_RSA_MODULUS_LEN/2);
BIO_puts(out, "\n");
BIO_puts(out, "Prime1Exponent:\n");
BIO_hex_string(out, 4, 16, blob->Prime1Exponent, MAX_RSA_MODULUS_LEN/2);
BIO_puts(out, "\n");
BIO_puts(out, " ");
BIO_puts(out, "Prime2Exponent:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->Prime2Exponent, MAX_RSA_MODULUS_LEN/2);
BIO_puts(out, "\n");
BIO_puts(out, "Coefficient:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->Coefficient, MAX_RSA_MODULUS_LEN/2);
BIO_puts(out, "\n");
return SAR_OK;
}
ULONG SKF_PrintECCPublicKey(BIO *out, ECCPUBLICKEYBLOB *blob)
{
BIO_printf(out, "BitLen : %u\n", blob->BitLen);
BIO_puts(out, "XCoordinate:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->XCoordinate, ECC_MAX_XCOORDINATE_BITS_LEN/8);
BIO_puts(out, "\n");
BIO_puts(out, "YCoordinate:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->YCoordinate, ECC_MAX_XCOORDINATE_BITS_LEN/8);
BIO_puts(out, "\n");
return SAR_OK;
}
ULONG SKF_PrintECCPrivateKey(BIO *out, ECCPRIVATEKEYBLOB *blob)
{
BIO_printf(out, "BitLen : %u\n", blob->BitLen);
BIO_puts(out, "PrivateKey:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->PrivateKey, ECC_MAX_MODULUS_BITS_LEN/8);
BIO_puts(out, "\n");
return SAR_OK;
}
ULONG SKF_PrintECCCipher(BIO *out, ECCCIPHERBLOB *blob)
{
BIO_puts(out, "XCoordinate:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->XCoordinate, ECC_MAX_XCOORDINATE_BITS_LEN/8);
BIO_puts(out, "\n");
BIO_puts(out, "YCoordinate:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->YCoordinate, ECC_MAX_XCOORDINATE_BITS_LEN/8);
BIO_puts(out, "\n");
BIO_puts(out, "HASH:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->HASH, 32);
BIO_puts(out, "\n");
BIO_printf(out, "CipherLen: %u\n", blob->CipherLen);
BIO_puts(out, "Cipher:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->Cipher, blob->CipherLen);
BIO_puts(out, "\n");
return SAR_OK;
}
ULONG SKF_PrintECCSignature(BIO *out, ECCSIGNATUREBLOB *blob)
{
BIO_puts(out, "r:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->r, ECC_MAX_XCOORDINATE_BITS_LEN/8);
BIO_puts(out, "\n");
BIO_puts(out, "s:\n");
BIO_puts(out, " ");
BIO_hex_string(out, 4, 16, blob->s, ECC_MAX_XCOORDINATE_BITS_LEN/8);
BIO_puts(out, "\n");
return SAR_OK;
}
ULONG DEVAPI SKF_GetAlgorName(ULONG ulAlgID, LPSTR *szName)
{
char *name;
if ((name = skf_algor_name(ulAlgID)) != NULL) {
*szName = (LPSTR)&name;
return SAR_OK;
}
return SAR_FAIL;
}
ULONG DEVAPI SKF_PrintErrorString(BIO *out, ULONG ulError)
{
LPSTR str = NULL;
SKF_GetErrorString(ulError, &str);
BIO_printf(out, "SKF Error: %s\n", (char *)str);
return SAR_OK;
}

167
skf/skf_wisec.c
View File

@@ -1,167 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <openssl/err.h>
#include <openssl/gmskf.h>
#include "internal/skf_int.h"
#include "../../e_os.h"
#include "skf_wisec.h"
typedef struct {
ULONG std_id;
ULONG vendor_id;
} SKF_ALGOR_PAIR;
static SKF_ALGOR_PAIR wisec_ciphers[] = {
{ SGD_SM1, WISEC_SM1 },
{ SGD_SM1_ECB, WISEC_SM1_ECB },
{ SGD_SM1_CBC, WISEC_SM1_CBC },
{ SGD_SM1_CFB, WISEC_SM1_CFB },
{ SGD_SM1_OFB, WISEC_SM1_OFB },
{ SGD_SM1_MAC, WISEC_SM1_MAC },
{ SGD_SM4, WISEC_SM4 },
{ SGD_SM4_ECB, WISEC_SM4_ECB },
{ SGD_SM4_CBC, WISEC_SM4_CBC },
{ SGD_SM4_CFB, WISEC_SM4_CFB },
{ SGD_SM4_OFB, WISEC_SM4_OFB },
{ SGD_SM4_MAC, WISEC_SM4_MAC },
{ SGD_SSF33, WISEC_SSF33 },
{ SGD_SSF33_ECB, WISEC_SSF33_ECB },
{ SGD_SSF33_CBC, WISEC_SSF33_CBC },
{ SGD_SSF33_CFB, WISEC_SSF33_CFB },
{ SGD_SSF33_OFB, WISEC_SSF33_OFB },
{ SGD_SSF33_MAC, WISEC_SSF33_MAC },
};
static ULONG wisec_get_cipher_algor(ULONG vendor_id)
{
size_t i;
for (i = 0; i < OSSL_NELEM(wisec_ciphers); i++) {
if (vendor_id == wisec_ciphers[i].vendor_id) {
return wisec_ciphers[i].std_id;
}
}
return 0;
}
static ULONG wisec_get_cipher_cap(ULONG vendor_cap)
{
ULONG std_cap = 0;
size_t i;
for (i = 0; i < OSSL_NELEM(wisec_ciphers); i++) {
if (vendor_cap & wisec_ciphers[i].vendor_id) {
std_cap |= wisec_ciphers[i].std_id;
}
}
return std_cap;
}
static SKF_ALGOR_PAIR wisec_digests[] = {
{ SGD_SM3, WISEC_SM3 },
{ SGD_SHA1, WISEC_SHA1 },
{ SGD_SHA256, WISEC_SHA256 },
};
static ULONG wisec_get_digest_algor(ULONG vendor_id)
{
size_t i;
for (i = 0; i < OSSL_NELEM(wisec_digests); i++) {
if (vendor_id == wisec_digests[i].vendor_id) {
return wisec_digests[i].std_id;
}
}
return 0;
}
static ULONG wisec_get_digest_cap(ULONG vendor_cap)
{
ULONG std_cap = 0;
size_t i;
for (i = 0; i < OSSL_NELEM(wisec_digests); i++) {
if (vendor_cap & wisec_digests[i].vendor_id) {
std_cap |= wisec_digests[i].std_id;
}
}
return std_cap;
}
static SKF_ALGOR_PAIR wisec_pkeys[] = {
{ SGD_RSA, WISEC_RSA },
{ SGD_RSA_SIGN, WISEC_RSA_SIGN },
{ SGD_RSA_ENC, WISEC_RSA_ENC },
{ SGD_SM2, WISEC_SM2 },
{ SGD_SM2_1, WISEC_SM2_1 },
{ SGD_SM2_2, WISEC_SM2_2 },
{ SGD_SM2_3, WISEC_SM2_3 },
};
static ULONG wisec_get_pkey_algor(ULONG vendor_id)
{
size_t i;
for (i = 0; i < OSSL_NELEM(wisec_pkeys); i++) {
if (vendor_id == wisec_pkeys[i].vendor_id) {
return wisec_pkeys[i].std_id;
}
}
return 0;
}
static ULONG wisec_get_pkey_cap(ULONG vendor_cap)
{
ULONG std_cap = 0;
size_t i;
for (i = 0; i < OSSL_NELEM(wisec_pkeys); i++) {
if (vendor_cap & wisec_pkeys[i].vendor_id) {
std_cap |= wisec_pkeys[i].std_id;
}
}
return std_cap;
}
static SKF_ERR_REASON wisec_errors[] = {
{ WISEC_AUTH_BLOCKED, SKF_R_WISEC_AUTH_BLOCKED },
{ WISEC_CERTNOUSAGEERR, SKF_R_WISEC_CERTNOUSAGEERR },
{ WISEC_INVALIDCONTAINERERR, SKF_R_WISEC_INVALIDCONTAINERERR },
{ WISEC_CONTAINER_NOT_EXISTS, SKF_R_WISEC_CONTAINER_NOT_EXISTS },
{ WISEC_CONTAINER_EXISTS, SKF_R_WISEC_CONTAINER_EXISTS },
{ WISEC_CERTUSAGEERR, SKF_R_WISEC_CERTUSAGEERR },
{ WISEC_KEYNOUSAGEERR, SKF_R_WISEC_KEYNOUSAGEERR },
{ WISEC_FILEATTRIBUTEERR, SKF_R_WISEC_FILEATTRIBUTEERR },
{ WISEC_DEVNOAUTH, SKF_R_WISEC_DEVNOAUTH },
};
static unsigned long wisec_get_error_reason(ULONG err)
{
size_t i = 0;
for (i = 0; i < OSSL_NELEM(wisec_errors); i++) {
if (err == wisec_errors[i].err) {
return wisec_errors[i].reason;
}
}
return 0;
}
SKF_VENDOR skf_wisec = {
"wisec",
16,
wisec_get_cipher_algor,
wisec_get_cipher_cap,
wisec_get_digest_algor,
wisec_get_digest_cap,
wisec_get_pkey_algor,
wisec_get_pkey_cap,
wisec_get_error_reason,
};

124
skf/skf_wisec.h
View File

@@ -1,124 +0,0 @@
/*
* Copyright 2014-2021 The GmSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef HEADER_SKF_WISEC_H
#define HEADER_SKF_WISEC_H
#include <openssl/err.h>
#include <openssl/gmskf.h>
#define WISEC_SM1 (SGD_SM1)
#define WISEC_SM1_ECB (SGD_SM1_ECB)
#define WISEC_SM1_CBC (SGD_SM1_CBC)
#define WISEC_SM1_CFB (SGD_SM1_CFB)
#define WISEC_SM1_OFB (SGD_SM1_OFB)
#define WISEC_SM1_MAC (SGD_SM1_MAC)
#define WISEC_SSF33 (SGD_SSF33)
#define WISEC_SSF33_ECB (SGD_SSF33_ECB)
#define WISEC_SSF33_CBC (SGD_SSF33_CBC)
#define WISEC_SSF33_CFB (SGD_SSF33_CFB)
#define WISEC_SSF33_OFB (SGD_SSF33_OFB)
#define WISEC_SSF33_MAC (SGD_SSF33_MAC)
#define WISEC_SM4 (SGD_SM4)
#define WISEC_SM4_ECB (WISEC_SM4|SGD_ECB)
#define WISEC_SM4_CBC (WISEC_SM4|SGD_CBC)
#define WISEC_SM4_CFB (WISEC_SM4|SGD_CFB)
#define WISEC_SM4_OFB (WISEC_SM4|SGD_OFB)
#define WISEC_SM4_MAC (WISEC_SM4|SGD_MAC)
#define WISEC_AES 0x00000800
#define WISEC_128 0x00000000
#define WISEC_192 0x00000010
#define WISEC_256 0x00000020
#define WISEC_AES128 (WISEC_AES|WISEC_128)
#define WISEC_AES192 (WISEC_AES|WISEC_192)
#define WISEC_AES256 (WISEC_AES|WISEC_256)
#define WISEC_AES128_ECB (WISEC_AES128|SGD_ECB)
#define WISEC_AES128_CBC (WISEC_AES128|SGD_CBC)
#define WISEC_AES128_CFB (WISEC_AES128|SGD_CFB)
#define WISEC_AES128_OFB (WISEC_AES128|SGD_OFB)
#define WISEC_AES128_MAC (WISEC_AES128|SGD_MAC)
#define WISEC_AES192_ECB (WISEC_AES192|SGD_ECB)
#define WISEC_AES192_CBC (WISEC_AES192|SGD_CBC)
#define WISEC_AES192_CFB (WISEC_AES192|SGD_CFB)
#define WISEC_AES192_OFB (WISEC_AES192|SGD_OFB)
#define WISEC_AES192_MAC (WISEC_AES192|SGD_MAC)
#define WISEC_AES256_ECB (WISEC_AES256|SGD_ECB)
#define WISEC_AES256_CBC (WISEC_AES256|SGD_CBC)
#define WISEC_AES256_CFB (WISEC_AES256|SGD_CFB)
#define WISEC_AES256_OFB (WISEC_AES256|SGD_OFB)
#define WISEC_AES256_MAC (WISEC_AES256|SGD_MAC)
#define WISEC_DES 0x00001000
#define WISEC_DES_ECB (WISEC_DES|SGD_ECB)
#define WISEC_DES_CBC (WISEC_DES|SGD_CBC)
#define WISEC_DES_CFB (WISEC_DES|SGD_CFB)
#define WISEC_DES_OFB (WISEC_DES|SGD_OFB)
#define WISEC_DES_MAC (WISEC_DES|SGD_MAC)
#define WISEC_D3DES 0x00001010
#define WISEC_D3DES_ECB (WISEC_D3DES|SGD_ECB)
#define WISEC_D3DES_CBC (WISEC_D3DES|SGD_CBC)
#define WISEC_D3DES_CFB (WISEC_D3DES|SGD_CFB)
#define WISEC_D3DES_OFB (WISEC_D3DES|SGD_OFB)
#define WISEC_D3DES_MAC (WISEC_D3DES|SGD_MAC)
#define WISEC_T3DES 0x00001020
#define WISEC_T3DES_ECB (WISEC_T3DES|SGD_ECB)
#define WISEC_T3DES_CBC (WISEC_T3DES|SGD_CBC)
#define WISEC_T3DES_CFB (WISEC_T3DES|SGD_CFB)
#define WISEC_T3DES_OFB (WISEC_T3DES|SGD_OFB)
#define WISEC_T3DES_MAC (WISEC_T3DES|SGD_MAC)
#define WISEC_SM3 (SGD_SM3)
#define WISEC_SHA1 (SGD_SHA1)
#define WISEC_SHA256 (SGD_SHA256)
#define WISEC_RSA (SGD_RSA)
#define WISEC_RSA_SIGN (SGD_RSA_SIGN)
#define WISEC_RSA_ENC (SGD_RSA_ENC)
#define WISEC_SM2 (SGD_SM2)
#define WISEC_SM2_1 (SGD_SM2_1)
#define WISEC_SM2_2 (SGD_SM2_2)
#define WISEC_SM2_3 (SGD_SM2_3)
#define WISEC_AUTH_BLOCKED 0x0A000033
#define WISEC_CERTNOUSAGEERR 0x0A000034
#define WISEC_INVALIDCONTAINERERR 0x0A000035
#define WISEC_CONTAINER_NOT_EXISTS 0x0A000036
#define WISEC_CONTAINER_EXISTS 0x0A000037
#define WISEC_CERTUSAGEERR 0x0A000038
#define WISEC_KEYNOUSAGEERR 0x0A000039
#define WISEC_FILEATTRIBUTEERR 0x0A00003A
#define WISEC_DEVNOAUTH 0x0A00003B
/*
ULONG DEVAPI SKFE_SetSN(DEVHANDLE hDev, CHAR *SN, UINT SNLen);
ULONG DEVAPI SKFE_GenExtECCKey(DEVHANDLE hDev, PECCPRIVATEKEYBLOB pPriBlob, PECCPUBLICKEYBLOB pPubBlob);
ULONG DEVAPI SKF_ECCDecrypt(HCONTAINER hContainer, PECCCIPHERBLOB pCipherText, BYTE *pbPlainText,ULONG *pulPlainTextLen);
ULONG DEVAPI SKF_GenerateKey(HCONTAINER hContainer, ULONG ulAlgId, HANDLE *phSessionKey) ;
ULONG DEVAPI SKF_ECCExportSessionKeyByHandle(HANDLE phSessionKey, ECCPUBLICKEYBLOB *pPubKey,PECCCIPHERBLOB pData);
ULONG DEVAPI SKF_RSAExportSessionKeyByHandle(HANDLE phSessionKey, RSAPUBLICKEYBLOB*pPubKey,BYTE *pbData, ULONG *pulDataLen);
ULONG DEVAPI SKF_PrvKeyDecrypt(HCONTAINER hContainer, PECCCIPHERBLOB pCipherText, BYTE *pbData, ULONG *pbDataLen);
ULONG DEVAPI SKF_PrvKeyDecrypt(HCONTAINER hContainer, ULONG ulType, PECCCIPHERBLOB pCipherText, BYTE *pbData, ULONG *pbDataLen);
ULONG DEVAPI SKF_RSAPrvKeyDecrypt(HCONTAINER hContainer, BYTE *pCipherData, ULONG pCipherDataLen, BYTE *pbData, ULONG *pbDataLen);
*/
#endif

1451
skf/skfutil.c
View File

File diff suppressed because it is too large Load Diff