From b4ad0da508e2646e95b7f1d4966cea980737c9fd Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Wed, 7 Oct 2015 15:23:34 +0800 Subject: [PATCH] update --- Makefile | 7 +- Makefile.bak | 8 +- Makefile.org | 8 +- apps/Makefile | 1 + apps/ca-gencert-engine.sh | 70 ++++++++++++ apps/ca-gencert.sh | 17 +++ apps/ca-key.pem | 15 --- apps/ca-req.pem | 11 -- apps/ca-setup.sh | 22 ++++ apps/ca-show-token-info.sh | 11 ++ apps/progs.h | 134 ++++++++++++++++++++++ apps/{sm2_cert.pem => sm2-cert.pem} | 0 apps/{sm2_key.pem => sm2-key.pem} | 0 build-mac.sh | 14 --- crypto/cpk/Makefile | 78 +++++++++++++ crypto/cpk/cpk.h | 2 +- crypto/cpk/cpktest.c | 169 ++++++++++++++++++++++++++++ crypto/evp/e_zuc.c | 4 +- crypto/sm2/sm2test.c | 29 +++++ crypto/zuc/zuc.c | 17 ++- crypto/zuc/zuc.h | 4 + include/openssl/cpk.h | 1 + sm2test.c | 29 ----- test/cpktest.c | 1 + util/mk1mf.pl | 8 ++ util/mkdef.pl | 17 ++- util/mkfiles.pl | 1 + 27 files changed, 590 insertions(+), 88 deletions(-) create mode 100755 apps/ca-gencert-engine.sh create mode 100755 apps/ca-gencert.sh delete mode 100644 apps/ca-key.pem delete mode 100644 apps/ca-req.pem create mode 100755 apps/ca-setup.sh create mode 100755 apps/ca-show-token-info.sh rename apps/{sm2_cert.pem => sm2-cert.pem} (100%) rename apps/{sm2_key.pem => sm2-key.pem} (100%) delete mode 100755 build-mac.sh create mode 100644 crypto/cpk/Makefile create mode 100644 crypto/cpk/cpktest.c create mode 120000 include/openssl/cpk.h delete mode 100644 sm2test.c create mode 120000 test/cpktest.c diff --git a/Makefile b/Makefile index c641504a..af528047 100644 --- a/Makefile +++ b/Makefile @@ -145,12 +145,13 @@ SHLIBDIRS= crypto ssl # dirs in crypto to build SDIRS= \ objects \ - md4 md5 sha mdc2 hmac ripemd whrlpool sm3 \ - des aes rc2 rc4 idea bf cast camellia seed modes sms4 zuc \ + md4 md5 sha mdc2 hmac ripemd whrlpool \ + des aes rc2 rc4 idea bf cast camellia seed modes \ bn ec rsa dsa ecdsa dh ecdh ecies dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - cms pqueue ts srp cmac + cms pqueue ts srp cmac \ + sm3 sms4 zuc cpk # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... diff --git a/Makefile.bak b/Makefile.bak index d4bb6e63..af528047 100644 --- a/Makefile.bak +++ b/Makefile.bak @@ -145,12 +145,14 @@ SHLIBDIRS= crypto ssl # dirs in crypto to build SDIRS= \ objects \ - md4 md5 sha mdc2 hmac ripemd whrlpool sm3 \ - des aes rc2 rc4 idea bf cast camellia seed modes sms4 zuc \ + md4 md5 sha mdc2 hmac ripemd whrlpool \ + des aes rc2 rc4 idea bf cast camellia seed modes \ bn ec rsa dsa ecdsa dh ecdh ecies dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - cms pqueue ts srp cmac + cms pqueue ts srp cmac \ + sm3 sms4 zuc cpk + # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... diff --git a/Makefile.org b/Makefile.org index 97cab7ed..77e84977 100644 --- a/Makefile.org +++ b/Makefile.org @@ -143,12 +143,14 @@ SHLIBDIRS= crypto ssl # dirs in crypto to build SDIRS= \ objects \ - md2 md4 md5 sha mdc2 hmac ripemd whrlpool sm3 \ - des aes rc2 rc4 rc5 idea bf cast camellia seed modes sms4 zuc \ + md2 md4 md5 sha mdc2 hmac ripemd whrlpool \ + des aes rc2 rc4 rc5 idea bf cast camellia seed modes \ bn ec rsa dsa ecdsa dh ecdh ecies dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - cms pqueue ts jpake srp store cmac + cms pqueue ts jpake srp store cmac \ + sm3 sms4 zuc cpk + # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... diff --git a/apps/Makefile b/apps/Makefile index d5f5bc97..f1477494 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -946,6 +946,7 @@ speed.o: ../include/openssl/lhash.h ../include/openssl/md4.h speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h speed.o: ../include/openssl/sm3.h ../include/openssl/sms4.h speed.o: ../include/openssl/zuc.h +speed.o: ../include/openssl/cpk.h speed.o: ../include/openssl/modes.h ../include/openssl/obj_mac.h speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h diff --git a/apps/ca-gencert-engine.sh b/apps/ca-gencert-engine.sh new file mode 100755 index 00000000..923f29b6 --- /dev/null +++ b/apps/ca-gencert-engine.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +PIN=123456 +PUK=654321 +P11LIB=/usr/local/lib/opensc-pkcs11.so +REQFILE=req.pem +USERNAME="John Doe" + +echo " *** Erase card ***" +pkcs15-init --erase-card --verbose + +echo " *** Initialization ***" +pkcs15-init \ + --create-pkcs15 \ + --profile pkcs15+onepin \ + --pin $PIN \ + --puk $PUK \ + --label "Personal Crypto Token" \ + --verbose + +echo " *** Generate Key Pair ***" +pkcs11-tool \ + --keypairgen \ + --module $P11LIB \ + --login --pin $PIN \ + --key-type rsa:2048 \ + --usage-sign \ + --subject $USERNAME \ + --label "Private Key" + +KEYID=`pkcs11-tool --module $P11LIB --list-objects | grep "ID" | awk '{ print $2}'` + + +echo " *** Generate Certificate Request ***" +openssl req \ + -new \ + -engine pkcs11 \ + -config openssl.conf \ + -keyform engine \ + -key 1:$KEYID \ + -subj "/C=CN/ST=Beijing/L=Beijing/O=PKU/OU=Infosec/CN=$1/emailAddress=$1@pku.edu.cn" \ + -out $REQFILE + +openssl req -in $REQFILE -text + +CERTFILE=user.pem +CERTDER=user.der + +echo " *** Sign Certificate ***" +openssl ca -batch -out $CERTFILE -notext -outdir . -infiles $REQFILE +openssl x509 -in $CERTFILE -outform DER -out $CERTDER + +echo " *** Import Certificate to Token ***" +pkcs11-tool --write-object $CERTDER \ + --module $P11LIB \ + --login --pin $PIN \ + --label Certificate \ + --type cert + +echo " *** Show Token Info ***" +pkcs11-tool --list-token-slots \ + --module $P11LIB + +pkcs11-tool --list-objects \ + --module $P11LIB \ + --login --pin $PIN + +openssl x509 -in $CERTFILE -text -noout + + diff --git a/apps/ca-gencert.sh b/apps/ca-gencert.sh new file mode 100755 index 00000000..5a1c9f4e --- /dev/null +++ b/apps/ca-gencert.sh @@ -0,0 +1,17 @@ +#!/bin/bash -x + +CURVE=secp192k1 +KEY_FILE=user.key +REQ_FILE=user.req +CERT_FILE=user.pem + +#openssl ecparam -genkey -name $CURVE -text -out $KEY_FILE +openssl genrsa 1024 -text > $KEY_FILE +openssl req -new -key $KEY_FILE -out $REQ_FILE +openssl ca -out $CERT_FILE -outdir . -infiles $REQ_FILE +openssl pkcs12 -export -out user.pfx -in $CERT_FILE -inkey $KEY_FILE -certfile .demoCA/cacert.pem + +#rm -f $KEY_FILE +#rm -f $REQ_FILE +#rm -f $CERT_FILE + diff --git a/apps/ca-key.pem b/apps/ca-key.pem deleted file mode 100644 index 3a520b23..00000000 --- a/apps/ca-key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425 -gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd -2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB -AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6 -hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2 -J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs -HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL -21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s -nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz -MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa -pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb -KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2 -XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ ------END RSA PRIVATE KEY----- diff --git a/apps/ca-req.pem b/apps/ca-req.pem deleted file mode 100644 index 77bf7ec3..00000000 --- a/apps/ca-req.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx -GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx -MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy -bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d -FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe -cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7 -cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR -5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW -kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA= ------END CERTIFICATE REQUEST----- diff --git a/apps/ca-setup.sh b/apps/ca-setup.sh new file mode 100755 index 00000000..c6f8c4cc --- /dev/null +++ b/apps/ca-setup.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +CURVE=prime256v1 +DIR=demoCA + +rm -fr $DIR +mkdir $DIR +mkdir $DIR/certs +mkdir $DIR/crl +mkdir $DIR/newcerts +mkdir $DIR/private/ +touch $DIR/index.txt +touch $DIR/crlnumber +touch $DIR/private/.rand +echo 01 > $DIR/serial + +#openssl ecparam -genkey -name $CURVE -text -out $DIR/private/cakey.pem + +openssl genrsa 2048 -text > $DIR/private/cakey.pem +openssl req -new -x509 -days 3650 -key $DIR/private/cakey.pem -out $DIR/cacert.pem +openssl x509 -text -noout -in $DIR/cacert.pem + diff --git a/apps/ca-show-token-info.sh b/apps/ca-show-token-info.sh new file mode 100755 index 00000000..0af330a1 --- /dev/null +++ b/apps/ca-show-token-info.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +PIN=123456 +PUK=654321 +P11LIB=/usr/local/lib/opensc-pkcs11.so + +pkcs11-tool --list-token-slots --module $P11LIB +pkcs11-tool --list-objects \ + --module $P11LIB \ + --login --pin $PIN + diff --git a/apps/progs.h b/apps/progs.h index b88a3b92..f25adb1e 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -1,6 +1,52 @@ /* apps/progs.h */ /* automatically generated by progs.pl for openssl.c */ +extern int verify_main(int argc,char *argv[]); +extern int asn1parse_main(int argc,char *argv[]); +extern int req_main(int argc,char *argv[]); +extern int dgst_main(int argc,char *argv[]); +extern int dh_main(int argc,char *argv[]); +extern int dhparam_main(int argc,char *argv[]); +extern int enc_main(int argc,char *argv[]); +extern int passwd_main(int argc,char *argv[]); +extern int gendh_main(int argc,char *argv[]); +extern int errstr_main(int argc,char *argv[]); +extern int ca_main(int argc,char *argv[]); +extern int crl_main(int argc,char *argv[]); +extern int rsa_main(int argc,char *argv[]); +extern int rsautl_main(int argc,char *argv[]); +extern int dsa_main(int argc,char *argv[]); +extern int dsaparam_main(int argc,char *argv[]); +extern int ec_main(int argc,char *argv[]); +extern int ecparam_main(int argc,char *argv[]); +extern int x509_main(int argc,char *argv[]); +extern int genrsa_main(int argc,char *argv[]); +extern int gendsa_main(int argc,char *argv[]); +extern int genpkey_main(int argc,char *argv[]); +extern int s_server_main(int argc,char *argv[]); +extern int s_client_main(int argc,char *argv[]); +extern int speed_main(int argc,char *argv[]); +extern int s_time_main(int argc,char *argv[]); +extern int version_main(int argc,char *argv[]); +extern int pkcs7_main(int argc,char *argv[]); +extern int cms_main(int argc,char *argv[]); +extern int crl2pkcs7_main(int argc,char *argv[]); +extern int sess_id_main(int argc,char *argv[]); +extern int ciphers_main(int argc,char *argv[]); +extern int nseq_main(int argc,char *argv[]); +extern int pkcs12_main(int argc,char *argv[]); +extern int pkcs8_main(int argc,char *argv[]); +extern int pkey_main(int argc,char *argv[]); +extern int pkeyparam_main(int argc,char *argv[]); +extern int pkeyutl_main(int argc,char *argv[]); +extern int spkac_main(int argc,char *argv[]); +extern int smime_main(int argc,char *argv[]); +extern int rand_main(int argc,char *argv[]); +extern int engine_main(int argc,char *argv[]); +extern int ocsp_main(int argc,char *argv[]); +extern int prime_main(int argc,char *argv[]); +extern int ts_main(int argc,char *argv[]); +extern int srp_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 @@ -17,6 +63,94 @@ typedef struct { DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { + {FUNC_TYPE_GENERAL,"verify",verify_main}, + {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main}, + {FUNC_TYPE_GENERAL,"req",req_main}, + {FUNC_TYPE_GENERAL,"dgst",dgst_main}, +#ifndef OPENSSL_NO_DH + {FUNC_TYPE_GENERAL,"dh",dh_main}, +#endif +#ifndef OPENSSL_NO_DH + {FUNC_TYPE_GENERAL,"dhparam",dhparam_main}, +#endif + {FUNC_TYPE_GENERAL,"enc",enc_main}, + {FUNC_TYPE_GENERAL,"passwd",passwd_main}, +#ifndef OPENSSL_NO_DH + {FUNC_TYPE_GENERAL,"gendh",gendh_main}, +#endif + {FUNC_TYPE_GENERAL,"errstr",errstr_main}, + {FUNC_TYPE_GENERAL,"ca",ca_main}, + {FUNC_TYPE_GENERAL,"crl",crl_main}, +#ifndef OPENSSL_NO_RSA + {FUNC_TYPE_GENERAL,"rsa",rsa_main}, +#endif +#ifndef OPENSSL_NO_RSA + {FUNC_TYPE_GENERAL,"rsautl",rsautl_main}, +#endif +#ifndef OPENSSL_NO_DSA + {FUNC_TYPE_GENERAL,"dsa",dsa_main}, +#endif +#ifndef OPENSSL_NO_DSA + {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main}, +#endif +#ifndef OPENSSL_NO_EC + {FUNC_TYPE_GENERAL,"ec",ec_main}, +#endif +#ifndef OPENSSL_NO_EC + {FUNC_TYPE_GENERAL,"ecparam",ecparam_main}, +#endif + {FUNC_TYPE_GENERAL,"x509",x509_main}, +#ifndef OPENSSL_NO_RSA + {FUNC_TYPE_GENERAL,"genrsa",genrsa_main}, +#endif +#ifndef OPENSSL_NO_DSA + {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, +#endif + {FUNC_TYPE_GENERAL,"genpkey",genpkey_main}, +#if !defined(OPENSSL_NO_SOCK) + {FUNC_TYPE_GENERAL,"s_server",s_server_main}, +#endif +#if !defined(OPENSSL_NO_SOCK) + {FUNC_TYPE_GENERAL,"s_client",s_client_main}, +#endif +#ifndef OPENSSL_NO_SPEED + {FUNC_TYPE_GENERAL,"speed",speed_main}, +#endif +#if !defined(OPENSSL_NO_SOCK) + {FUNC_TYPE_GENERAL,"s_time",s_time_main}, +#endif + {FUNC_TYPE_GENERAL,"version",version_main}, + {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main}, +#ifndef OPENSSL_NO_CMS + {FUNC_TYPE_GENERAL,"cms",cms_main}, +#endif + {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main}, + {FUNC_TYPE_GENERAL,"sess_id",sess_id_main}, +#if !defined(OPENSSL_NO_SOCK) + {FUNC_TYPE_GENERAL,"ciphers",ciphers_main}, +#endif + {FUNC_TYPE_GENERAL,"nseq",nseq_main}, +#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) + {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main}, +#endif + {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main}, + {FUNC_TYPE_GENERAL,"pkey",pkey_main}, + {FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main}, + {FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main}, + {FUNC_TYPE_GENERAL,"spkac",spkac_main}, + {FUNC_TYPE_GENERAL,"smime",smime_main}, + {FUNC_TYPE_GENERAL,"rand",rand_main}, +#ifndef OPENSSL_NO_ENGINE + {FUNC_TYPE_GENERAL,"engine",engine_main}, +#endif +#ifndef OPENSSL_NO_OCSP + {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, +#endif + {FUNC_TYPE_GENERAL,"prime",prime_main}, + {FUNC_TYPE_GENERAL,"ts",ts_main}, +#ifndef OPENSSL_NO_SRP + {FUNC_TYPE_GENERAL,"srp",srp_main}, +#endif #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, #endif diff --git a/apps/sm2_cert.pem b/apps/sm2-cert.pem similarity index 100% rename from apps/sm2_cert.pem rename to apps/sm2-cert.pem diff --git a/apps/sm2_key.pem b/apps/sm2-key.pem similarity index 100% rename from apps/sm2_key.pem rename to apps/sm2-key.pem diff --git a/build-mac.sh b/build-mac.sh deleted file mode 100755 index 24016b93..00000000 --- a/build-mac.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -./Configure darwin64-x86_64-cc --prefix=/usr/local --openssldir=/usr/local/openssl -make -sudo make install - - - -# build libp11 -# $ ./bootstrap -# $ LIBP11_CFLAGS='-I/usr/local/include'; export LIBP11_CFLAGS -# $ LIBP11_LIBS='-L/usr/local/lib -lp11'; export LIBP11_LIBS -# $ ./configure - diff --git a/crypto/cpk/Makefile b/crypto/cpk/Makefile new file mode 100644 index 00000000..00972229 --- /dev/null +++ b/crypto/cpk/Makefile @@ -0,0 +1,78 @@ +# +# crypto/cpk/Makefile +# + +DIR= cpk +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g -Wall +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=cpktest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= cpk_lib.c cpk_map.c cpk_kap.c cpk_asn1.c cpk_prn.c cpk_err.c +LIBOBJ= cpk_lib.o cpk_map.o cpk_kap.o cpk_asn1.o cpk_prn.o cpk_err.o + +SRC= $(LIBSRC) + +EXHEADER= cpk.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +update: depend + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + diff --git a/crypto/cpk/cpk.h b/crypto/cpk/cpk.h index 40896cd8..799a07d7 100644 --- a/crypto/cpk/cpk.h +++ b/crypto/cpk/cpk.h @@ -4,7 +4,7 @@ #include #include #include -#include "ecies.h" +#include #ifdef __cplusplus extern "C" { diff --git a/crypto/cpk/cpktest.c b/crypto/cpk/cpktest.c new file mode 100644 index 00000000..ad77169d --- /dev/null +++ b/crypto/cpk/cpktest.c @@ -0,0 +1,169 @@ +#include +#include +#include +#include +#include +#include +#include +#include "cpk.h" +#include "kdf.h" +#include "ecies.h" + + +const char *id_short = "id"; +const char *id_long = + "123456789022345678903234567890423456789052345678906234567890" + "123456789022345678903234567890423456789052345678906234567890"; + + + +int EVP_PKEY_print_fp(const EVP_PKEY *pkey, FILE *fp) +{ + ASN1_PCTX *ctx = ASN1_PCTX_new(); + BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE); + + EVP_PKEY_print_params(bio, pkey, 0, ctx); + EVP_PKEY_print_public(bio, pkey, 0, ctx); + EVP_PKEY_print_private(bio, pkey, 0, NULL); + + return 0; +} + +int main(int argc, char **argv) +{ + int r, i; + KDF_FUNC kdf = NULL; + EC_GROUP *ec_group = NULL; + EC_KEY *ec_key = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY *pub_key = NULL; + EVP_PKEY *priv_key = NULL; + X509_ALGOR *map = NULL; + CPK_MASTER_SECRET *master = NULL; + CPK_PUBLIC_PARAMS *params = NULL; + BIO *bio_out = NULL; + unsigned char *buf = NULL; + unsigned char *p; + const unsigned char *cp; + int len; + + /* init openssl global functions */ + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + + /* prepare cpk setup parameters */ + ec_key = EC_KEY_new_by_curve_name(OBJ_sn2nid("prime192v1")); + assert(ec_key != NULL); + + EC_GROUP_set_asn1_flag((EC_GROUP *)EC_KEY_get0_group(ec_key), OPENSSL_EC_NAMED_CURVE); + r = EC_KEY_generate_key(ec_key); + assert(r == 1); + + pkey = EVP_PKEY_new(); + assert(pkey != NULL); + r = EVP_PKEY_set1_EC_KEY(pkey, ec_key); + assert(r == 1); + map = CPK_MAP_new_default(); + assert(map != NULL); + + + //EVP_PKEY_print_fp(pkey, stdout); + + /* generate master_secret and public_params */ + master = CPK_MASTER_SECRET_create("domainid", pkey, map); + OPENSSL_assert(master); + + bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); + OPENSSL_assert(bio_out); + + r = CPK_MASTER_SECRET_print(bio_out, master, 0, 0); + assert(r == 1); + + EVP_PKEY_free(pkey); + pkey = NULL; + pkey = CPK_MASTER_SECRET_extract_private_key(master, "id"); + assert(pkey != NULL); + EVP_PKEY_free(pkey); + //pkey = CPK_MASTER_SECRET_extract_private_key(master, NULL); + //assert(pkey == NULL); + pkey = CPK_MASTER_SECRET_extract_private_key(master, id_long); + assert(pkey != NULL); + printf("EVP_PKEY of '%s':\n", id_long); + EVP_PKEY_print_fp(pkey, stdout); + printf("\n"); + + params = CPK_MASTER_SECRET_extract_public_params(master); + assert(params); + r = CPK_PUBLIC_PARAMS_print(bio_out, params, 0, 0); + assert(r == 1); + printf("\n"); + + printf("test CPK_PUBLIC_PARAMS_extract_public_key()\n"); + pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id_short); + assert(pub_key != NULL); + EVP_PKEY_free(pub_key); + + pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id_long); + assert(pub_key != NULL); + printf("Public Key of '%s':\n", id_long); + EVP_PKEY_print_fp(pkey, stdout); + printf("\n"); + + + r = CPK_MASTER_SECRET_validate_public_params(master, params); + assert(r == 1); + if (priv_key) EVP_PKEY_free(priv_key); + priv_key = CPK_MASTER_SECRET_extract_private_key(master, "identity"); + assert(priv_key); + r = CPK_PUBLIC_PARAMS_validate_private_key(params, "identity", priv_key); + assert(r == 1); + r = CPK_PUBLIC_PARAMS_validate_private_key(params, "id", priv_key); + assert(r == 0); + + /* der encoding and decoding */ + len = i2d_CPK_MASTER_SECRET(master, NULL); + assert(len > 0); + if (buf != NULL) OPENSSL_free(buf); + buf = OPENSSL_malloc(len); + assert(buf != NULL); + p = buf; + len = i2d_CPK_MASTER_SECRET(master, &p); + assert(len > 0); + assert(p - buf == len); + + cp = buf; + if (master) CPK_MASTER_SECRET_free(master); + master = NULL; + master = d2i_CPK_MASTER_SECRET(NULL, &cp, len); + assert(master != NULL); + r = CPK_MASTER_SECRET_validate_public_params(master, params); + assert(r == 1); + + kdf = KDF_get_x9_63(EVP_sha1()); + assert(kdf != NULL); + + + if (priv_key != NULL) EVP_PKEY_free(priv_key); + priv_key = CPK_MASTER_SECRET_extract_private_key(master, "Alice"); + assert(priv_key != NULL); + + if (buf != NULL) OPENSSL_free(buf); + buf = OPENSSL_malloc(1024); + assert(buf != NULL); + r = CPK_PUBLIC_PARAMS_compute_share_key(params, buf, 64, "Bob", priv_key, kdf); + for (i = 0; i < 64; i++) printf("%02x", buf[i]); printf("\n"); + + if (priv_key != NULL) + EVP_PKEY_free(priv_key); + priv_key = CPK_MASTER_SECRET_extract_private_key(master, "Bob"); + assert(priv_key != NULL); + r = CPK_PUBLIC_PARAMS_compute_share_key(params, buf, 64, "Alice", priv_key, kdf); + for (i = 0; i < 64; i++) printf("%02x", buf[i]); printf("\n"); + + + printf("ok\n"); + + return 0; +} + + diff --git a/crypto/evp/e_zuc.c b/crypto/evp/e_zuc.c index 0a7388bf..a69e5eab 100644 --- a/crypto/evp/e_zuc.c +++ b/crypto/evp/e_zuc.c @@ -12,14 +12,14 @@ static int zuc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - //ZUC_set_key((ZUC_KEY *)&ctx->cipher_data, EVP_CIPHER_CTX_key_length(ctx), key); + ZUC_set_key((ZUC_KEY *)&ctx->cipher_data, EVP_CIPHER_CTX_key_length(ctx), key); return 1; } static int zuc_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inlen) { - //ZUC_encrypt((ZUC_KEY *)&ctx->cipher_data, inlen, in, out); + ZUC_encrypt((ZUC_KEY *)&ctx->cipher_data, inlen, in, out); return 1; } diff --git a/crypto/sm2/sm2test.c b/crypto/sm2/sm2test.c index c5f14ea4..991fc7cb 100644 --- a/crypto/sm2/sm2test.c +++ b/crypto/sm2/sm2test.c @@ -112,3 +112,32 @@ int main() return 0; } +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + int ok; + EC_KEY *ec_key; + ECDSA_SIG *sig; + unsigned char dgst[32]; + + ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1); + OPENSSL_assert(ec_key); + + ok = EC_KEY_generate_key(ec_key); + OPENSSL_assert(ok); + + sig = ECDSA_do_sign(dgst, 32, ec_key); + ok = ECDSA_do_verify(dgst, 32, sig, ec_key); + + printf("ok = %d\n", ok); + + return 0; +} + diff --git a/crypto/zuc/zuc.c b/crypto/zuc/zuc.c index a97e320e..af44139e 100755 --- a/crypto/zuc/zuc.c +++ b/crypto/zuc/zuc.c @@ -200,12 +200,27 @@ void ZUC_set_key(ZUC_KEY *key, const unsigned char *k, const unsigned char *iv) LFSRWithInitialisationMode(key, w >> 1); nCount--; } + + /* set buffer */ + key->buflen = 0; } void ZUC_encrypt(ZUC_KEY *key, size_t inlen, const unsigned char *in, unsigned char *out) { #if 0 int i; + + if (key->buflen) { + int len = inlen < 4 - key->buflen ? inlen : 4 - key->buflen; + memcpy(key->buf + key->buflen, in, len); + inlen -= len; + + if (key->buflen == 4) { + } + } + if (inlen < 4) { + } + BitReorganization(key); F(key); /* discard the output of F */ LFSRWithWorkMode(key); @@ -216,6 +231,6 @@ void ZUC_encrypt(ZUC_KEY *key, size_t inlen, const unsigned char *in, unsigned c pKeystream[i] = F(key) ^ key->BRC_X3; LFSRWithWorkMode(key); } -#endif +#endif } diff --git a/crypto/zuc/zuc.h b/crypto/zuc/zuc.h index b0984c2c..ca1040bf 100755 --- a/crypto/zuc/zuc.h +++ b/crypto/zuc/zuc.h @@ -36,6 +36,10 @@ typedef struct { uint32_t BRC_X1; uint32_t BRC_X2; uint32_t BRC_X3; + + /* word buffer */ + unsigned char buf[4]; + int buflen; } ZUC_KEY; diff --git a/include/openssl/cpk.h b/include/openssl/cpk.h new file mode 120000 index 00000000..0a5d9644 --- /dev/null +++ b/include/openssl/cpk.h @@ -0,0 +1 @@ +../../crypto/cpk/cpk.h \ No newline at end of file diff --git a/sm2test.c b/sm2test.c deleted file mode 100644 index c6324c47..00000000 --- a/sm2test.c +++ /dev/null @@ -1,29 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - int ok; - EC_KEY *ec_key; - ECDSA_SIG *sig; - unsigned char dgst[32]; - - ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1); - OPENSSL_assert(ec_key); - - ok = EC_KEY_generate_key(ec_key); - OPENSSL_assert(ok); - - sig = ECDSA_do_sign(dgst, 32, ec_key); - ok = ECDSA_do_verify(dgst, 32, sig, ec_key); - - printf("ok = %d\n", ok); - - return 0; -} - diff --git a/test/cpktest.c b/test/cpktest.c new file mode 120000 index 00000000..8e79013d --- /dev/null +++ b/test/cpktest.c @@ -0,0 +1 @@ +../crypto/cpk/cpktest.c \ No newline at end of file diff --git a/util/mk1mf.pl b/util/mk1mf.pl index bee44449..7f7f3b96 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -121,6 +121,8 @@ and [options] can be one of no-ec - No EC no-ecdsa - No ECDSA no-ecdh - No ECDH + no-ecies - No ECIES + no-cpk - No CPK no-engine - No engine no-hw - No hw nasm - Use NASM for x86 asm @@ -296,6 +298,8 @@ $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; $cflags.=" -DOPENSSL_NO_SM3" if $no_sm3; $cflags.=" -DOPENSSL_NO_SMS4" if $no_sms4; $cflags.=" -DOPENSSL_NO_ZUC" if $no_zuc; +$cflags.=" -DOPENSSL_NO_ECIES" if $no_ecies; +$cflags.=" -DOPENSSL_NO_CPK" if $no_cpk; if ($no_static_engine) { @@ -921,6 +925,8 @@ sub var_add @a=grep(!/(^sm3)|(_sm3$)/,@a) if $no_sm3; @a=grep(!/(^sms4)|(_sms4$)/,@a) if $no_sms4; @a=grep(!/(^zuc)|(_zuc$)/,@a) if $no_zuc; + @a=grep(!/(^ecies)|(_ecies$)/,@a) if $no_ecies; + @a=grep(!/(^cpk)|(_cpk$)/,@a) if $no_cpk; grep($_="$dir/$_",@a); @a=grep(!/(^|\/)s_/,@a) if $no_sock; @@ -1252,6 +1258,8 @@ sub read_options "no-sm3" => \$no_sm3, "no-sms4" => \$no_sms4, "no-zuc" => \$no_zuc + "no-ecies" => \$no_ecies + "no-cpk" => \$no_cpk ); if (exists $valid_options{$_}) diff --git a/util/mkdef.pl b/util/mkdef.pl index c782f8c0..7a7f9f9d 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -146,7 +146,7 @@ my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; -my $no_sm3; my $no_sms4; my $no_zuc; +my $no_sm3; my $no_sms4; my $no_zuc; my $no_ecies; my $no_cpk; my $fips; @@ -252,6 +252,8 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-sm3$/) { $no_sm3=1; } elsif (/^no-sms4$/) { $no_sms4=1; } elsif (/^no-zuc$/) { $no_zuc=1; } + elsif (/^no-ecies$/) { $no_ecies=1; } + elsif (/^no-cpk$/) { $no_cpk=1; } } @@ -319,8 +321,6 @@ $crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa; $crypto.=" crypto/dh/dh.h" ; # unless $no_dh; $crypto.=" crypto/ec/ec.h" ; # unless $no_ec; $crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa; -$crypto.=" crypto/ecies/ecies.h" ; -$crypto.=" crypto/ecies/kdf.h" ; $crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh; $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; $crypto.=" crypto/cmac/cmac.h" ; # unless $no_hmac; @@ -360,9 +360,12 @@ $crypto.=" crypto/jpake/jpake.h"; $crypto.=" crypto/modes/modes.h"; $crypto.=" crypto/srp/srp.h"; -$crypto.=" crypto/sm3/sm3.h" ; # unless $no_sm3; -$crypto.=" crypto/sms4/sms4.h" ; # unless $no_sms4; -$crypto.=" crypto/zuc/zuc.h" ; # unless $no_zuc; +$crypto.=" crypto/sm3/sm3.h"; # unless $no_sm3; +$crypto.=" crypto/sms4/sms4.h"; # unless $no_sms4; +$crypto.=" crypto/zuc/zuc.h"; # unless $no_zuc; +$crypto.=" crypto/ecies/ecies.h"; +$crypto.=" crypto/ecies/kdf.h"; +$crypto.=" crypto/ecies/cpk.h"; my $symhacks="crypto/symhacks.h"; @@ -1240,6 +1243,8 @@ sub is_valid if ($keyword eq "SM3" && $no_sm3) { return 0; } if ($keyword eq "SMS4" && $no_sms4) { return 0; } if ($keyword eq "ZUC" && $no_zuc) { return 0; } + if ($keyword eq "ECIES" && $no_ecies) { return 0; } + if ($keyword eq "CPK" && $no_cpk) { return 0; } # Nothing recognise as true return 1; diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 8fa37f45..72a7a6bb 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -40,6 +40,7 @@ my @dirs = ( "crypto/ecdh", "crypto/ecdsa", "crypto/ecies", +"crypto/cpk", "crypto/buffer", "crypto/bio", "crypto/stack",