update saf

2026-05-07 08:56:17 +08:00 · 2017-02-22 18:21:02 +08:00
parent c966a3a3d1
commit b683fd00e0
11 changed files with 1488 additions and 39 deletions
--- a/crypto/saf/saf_cert.c
+++ b/crypto/saf/saf_cert.c
@@ -53,6 +53,7 @@
 #include <openssl/evp.h>
 #include <openssl/conf.h>
 #include <openssl/gmsaf.h>
+#include "saf_lcl.h"


 /* 7.2.2 */
--- a/crypto/saf/saf_ec.c
+++ b/crypto/saf/saf_ec.c
@@ -50,6 +50,7 @@
 #include <openssl/gmapi.h>
 #include <openssl/gmsdf.h>
 #include <openssl/gmsaf.h>
+#include "saf_lcl.h"


 /* 7.3.23 */
@@ -87,8 +88,6 @@ int SAF_GenEccKeyPair(
 		return SAR_KeyUsageErr;
 	}

-
-
 	/* set return value */
 	ret = SAR_Ok;

@@ -110,7 +109,7 @@ int SAF_GetEccPublicKey(
 	int rv;

 	/* check arguments */
-	if (!hAppHandle || !pucContainerNamae || !pucPUblicKey ||
+	if (!hAppHandle || !pucContainerName || !pucPublicKey ||
 		!puiPublicKeyLen) {
 		SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
 			ERR_R_PASSED_NULL_PARAMETER);
@@ -161,8 +160,8 @@ int SAF_EccSign(
 	unsigned int uiISKIndex;

 	/* check arguments */
-	if (!hAppHandle || !pucContainerNamae || !pucPUblicKey ||
-		!pucSignData || !pucSignDataLen) {
+	if (!hAppHandle || !pucContainerName || !pucInData ||
+		!pucSignData || !puiSignDataLen) {
 		SAFerr(SAF_F_SAF_ECCSIGN,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
@@ -208,7 +207,7 @@ int SAF_EccVerifySign(
 		SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
 	}
-	if (uiPublicKeyLen != sizeof(ECCrefPublic)) {
+	if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
 		SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
 		return SAR_IndataLenErr;
 	}
@@ -241,13 +240,15 @@ int SAF_EccPublicKeyEnc(
 	unsigned char *pucOutData,
 	unsigned int *puiOutDataLen)
 {
+	int ret = -1;
+
 	/* check arguments */
 	if (!pucPublicKey || !pucInData || !pucOutData || !puiOutDataLen) {
 		SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
 	}
-	if (uiPublicKeyLen != sizeof(ECCrefPublic)) {
+	if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
 		SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
 			SAF_R_INVALID_INPUT_LENGTH);
 		return SAR_IndataLenErr;
@@ -293,7 +294,7 @@ int SAF_EccPublicKeyEncByCert(
 			ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
 	}
-	if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) {
+	if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
 		SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
 			SAF_R_INVALID_INPUT_LENGTH);
 		return SAR_IndataLenErr;
@@ -340,7 +341,7 @@ int SAF_EccVerifySignByCert(
 			ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
 	}
-	if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) {
+	if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
 		SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
 			SAF_R_INVALID_INPUT_LENGTH);
 		return SAR_IndataLenErr;
@@ -372,7 +373,8 @@ end:
 /* 7.3.33 */
 int SAF_GenerateAgreementDataWithECC(
 	void *hSymmKeyObj,
-	unsigned int uiISKIndex,
+	unsigned char *pucContainerName,
+	unsigned int uiContainerNameLen,
 	unsigned int uiKeyBits,
 	unsigned char *pucSponsorID,
 	unsigned int uiSponsorIDLength,
@@ -409,7 +411,8 @@ int SAF_GenerateKeyWithECC(
 /* 7.3.35 */
 int SAF_GenerateAgreementDataAdnKeyWithECC(
 	void *hSymmKeyObj,
-	unsigned int uiISKIndex,
+	unsigned char *pucContainerName,
+	unsigned int uiContainerNameLen,
 	unsigned int uiKeyBits,
 	unsigned char *pucResponseID,
 	unsigned int uiResponseIDLength,
@@ -430,7 +433,8 @@ int SAF_GenerateAgreementDataAdnKeyWithECC(

 	if ((ret = SAF_GenerateAgreementDataWithECC(
 		hSymmKeyObj,
-		uiISKIndex,
+		pucContainerName,
+		uiContainerNameLen,
 		uiKeyBits,
 		pucSponsorID,
 		uiSponsorIDLength,
--- a/crypto/saf/saf_enc.c
+++ b/crypto/saf/saf_enc.c
@@ -51,6 +51,7 @@
 #include <openssl/rand.h>
 #include <openssl/gmsaf.h>
 #include <openssl/gmapi.h>
+#include "saf_lcl.h"

 /* 7.3.39 */
 int SAF_SymmEncryptUpdate(
@@ -61,7 +62,7 @@ int SAF_SymmEncryptUpdate(
 	unsigned int *puiOutDataLen)
 {
 	int ret = SAR_UnknownErr;
-	SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle;
+	SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
 	unsigned char *out = pucOutData;
 	int inlen, outlen;

@@ -142,7 +143,7 @@ int SAF_SymmDecryptUpdate(
 	unsigned int *puiOutDataLen)
 {
 	int ret = SAR_UnknownErr;
-	SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle;
+	SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
 	unsigned char *in = pucInData;
 	int inlen, outlen;

@@ -204,8 +205,6 @@ end:
 /* 7.3.43 */
 int SAF_SymmDecryptFinal(
 	void *hKeyHandle,
-	const unsigned char *pucInData,
-	unsigned int uiInDataLen,
 	unsigned char *pucOutData,
 	unsigned int *puiOutDataLen)
 {
--- a/crypto/saf/saf_errstr.c
+++ b/crypto/saf/saf_errstr.c
@@ -92,7 +92,7 @@ static ERR_STRING_DATA saf_errstr[] = {
 	{ SAR_NotLogin,		"Not login" },
 };

-char *SAF_GetErrorString(int err)
+const char *SAF_GetErrorString(int err)
 {
 	int i;
 	for (i = 0; i < OSSL_NELEM(saf_errstr); i++) {
--- a/crypto/saf/saf_hash.c
+++ b/crypto/saf/saf_hash.c
@@ -52,6 +52,7 @@
 #include <stdlib.h>
 #include <openssl/evp.h>
 #include <openssl/gmsaf.h>
+#include "saf_lcl.h"

 /* 7.3.12 */
 int SAF_CreateHashObj(void **phHashObj,
@@ -61,11 +62,11 @@ int SAF_CreateHashObj(void **phHashObj,
 	unsigned char *pucID,
 	unsigned int ulIDLen)
 {
-	int ret = SAR_UnkownErr;
+	int ret = SAR_UnknownErr;
 	const EVP_MD *md;
 	EVP_MD_CTX *ctx = NULL;

-	if (!(md = EVP_get_digestbysgd(uiAlgorithmType))) {
+	if (!(md = EVP_get_digestbysgd(uiAlgoType))) {
 		return SAR_AlgoTypeErr;
 	}

@@ -80,7 +81,7 @@ int SAF_CreateHashObj(void **phHashObj,
 	*phHashObj = ctx;

 end:
-	if (ret != SAR_OK) {
+	if (ret != SAR_Ok) {
 		EVP_MD_CTX_free(ctx);
 		*phHashObj = NULL;
 	}
@@ -92,7 +93,7 @@ int SAF_DestroyHashObj(
 	void *phHashObj)
 {
 	EVP_MD_CTX_free((EVP_MD_CTX *)phHashObj);
-	return SAR_OK;
+	return SAR_Ok;
 }

 /* 7.3.14 */
@@ -101,10 +102,10 @@ int SAF_HashUpdate(
 	const unsigned char *pucInData,
 	unsigned int uiInDataLen)
 {
-	if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, (size_t)uiInDataLne)) {
+	if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, (size_t)uiInDataLen)) {
 		return SAR_HashErr;
 	}
-	return SAR_OK;
+	return SAR_Ok;
 }

 /* 7.3.15 */
@@ -115,7 +116,7 @@ int SAF_HashFinal(void *phHashObj,
 	if (!EVP_DigestFinal((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) {
 		return SAR_HashErr;
 	}
-	return SAR_OK;
+	return SAR_Ok;
 }

 /* 7.3.11 */
@@ -142,6 +143,6 @@ int SAF_Hash(
 		return SAR_HashErr;
 	}

-	return SAR_OK;
+	return SAR_Ok;
 }

--- a/crypto/saf/saf_lcl.h
+++ b/crypto/saf/saf_lcl.h
@@ -51,9 +51,9 @@
 #include <openssl/cmac.h>
 #include <openssl/gmsdf.h>
 #include <openssl/gmsaf.h>
+#include <openssl/engine.h>

-
-typedef struct {
+typedef struct saf_app_st {
 	const char *config_path;
 	ENGINE *engine;
 } SAF_APP;
@@ -75,6 +75,8 @@ typedef struct {
 typedef struct {
 	SAF_SYMMKEYOBJ obj;
 	unsigned char key[64];
+	int keylen;
+	const EVP_CIPHER *cipher;
 	EVP_CIPHER_CTX *cipher_ctx;
 	CMAC_CTX *cmac_ctx;
 } SAF_KEY;
--- a/crypto/saf/saf_lib.c
+++ b/crypto/saf/saf_lib.c
@@ -112,16 +112,7 @@ int saf_get_ec_public_key_from_cert(

 static int readfile(const char *file, unsigned char **pout, size_t *len)
 {
-	FILE *fp = fopen(file, "rb");
-	fseek(fp, 0, SEEK_END);
-	long fsize = ftell(fp);
-	fseek(fp, 0, SEEK_SET);
-	char *out = malloc(fsize);
-	fread(out, fsize, 1, f);
-	fclose(f);
-	*pout = out;
-	*len = fsize;
-	return SAR_OK;
+	return SAR_Ok;
 }

 static int cert_get_pubkey(
--- a/crypto/saf/saf_mac.c
+++ b/crypto/saf/saf_mac.c
@@ -51,6 +51,7 @@
 #include <openssl/cmac.h>
 #include <openssl/gmsaf.h>
 #include <openssl/gmapi.h>
+#include "saf_lcl.h"

 /* 7.3.45 */
 int SAF_MacUpdate(
@@ -117,7 +118,7 @@ int SAF_MacFinal(
 	}

 	siz = EVP_CIPHER_block_size(hkey->cipher);
-	if (!CBCMAC_Final(hkey->cbcmac_ctx, pucOutData, &siz)) {
+	if (!CBCMAC_Final(hkey->cmac_ctx, pucOutData, &siz)) {
 		SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE);
 		return SAR_UnknownErr;
 	}
--- a/crypto/saf/saf_rand.c
+++ b/crypto/saf/saf_rand.c
@@ -70,7 +70,7 @@ int SAF_GenRandom(
 		return SAR_IndataErr;
 	}

-	if (!RAND_bytes(pucRand, len)) {
+	if (!RAND_bytes(pucRand, uiRandLen)) {
 		SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE);
 		return SAR_GenRandErr;
 	}
--- a/crypto/sdf/sdf_err.c
+++ b/crypto/sdf/sdf_err.c
@@ -0,0 +1,118 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/gmsdf.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SDF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SDF,0,reason)
+
+static ERR_STRING_DATA SDF_str_functs[] = {
+    {ERR_FUNC(SDF_F_SDF_CALCULATEMAC), "SDF_CalculateMAC"},
+    {ERR_FUNC(SDF_F_SDF_CLOSEDEVICE), "SDF_CloseDevice"},
+    {ERR_FUNC(SDF_F_SDF_CLOSESESSION), "SDF_CloseSession"},
+    {ERR_FUNC(SDF_F_SDF_CREATEFILE), "SDF_CreateFile"},
+    {ERR_FUNC(SDF_F_SDF_DECRYPT), "SDF_Decrypt"},
+    {ERR_FUNC(SDF_F_SDF_DELETEFILE), "SDF_DeleteFile"},
+    {ERR_FUNC(SDF_F_SDF_DESTROYKEY), "SDF_DestroyKey"},
+    {ERR_FUNC(SDF_F_SDF_ENCRYPT), "SDF_Encrypt"},
+    {ERR_FUNC(SDF_F_SDF_EXCHANGEDIGITENVELOPEBASEONECC),
+     "SDF_ExchangeDigitEnvelopeBaseOnECC"},
+    {ERR_FUNC(SDF_F_SDF_EXCHANGEDIGITENVELOPEBASEONRSA),
+     "SDF_ExchangeDigitEnvelopeBaseOnRSA"},
+    {ERR_FUNC(SDF_F_SDF_EXPORTENCPUBLICKEY_ECC),
+     "SDF_ExportEncPublicKey_ECC"},
+    {ERR_FUNC(SDF_F_SDF_EXPORTENCPUBLICKEY_RSA),
+     "SDF_ExportEncPublicKey_RSA"},
+    {ERR_FUNC(SDF_F_SDF_EXPORTSIGNPUBLICKEY_ECC),
+     "SDF_ExportSignPublicKey_ECC"},
+    {ERR_FUNC(SDF_F_SDF_EXPORTSIGNPUBLICKEY_RSA),
+     "SDF_ExportSignPublicKey_RSA"},
+    {ERR_FUNC(SDF_F_SDF_EXTERNALENCRYPT_ECC), "SDF_ExternalEncrypt_ECC"},
+    {ERR_FUNC(SDF_F_SDF_EXTERNALPRIVATEKEYOPERATION_RSA),
+     "SDF_EXTERNALPRIVATEKEYOPERATION_RSA"},
+    {ERR_FUNC(SDF_F_SDF_EXTERNALPUBLICKEYOPERATION_RSA),
+     "SDF_ExternalPublicKeyOperation_RSA"},
+    {ERR_FUNC(SDF_F_SDF_EXTERNALVERIFY_ECC), "SDF_ExternalVerify_ECC"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEAGREEMENTDATAANDKEYWITHECC),
+     "SDF_GenerateAgreementDataAndKeyWithECC"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEAGREEMENTDATAWITHECC),
+     "SDF_GenerateAgreementDataWithECC"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEKEYPAIR_ECC), "SDF_GenerateKeyPair_ECC"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEKEYPAIR_RSA), "SDF_GenerateKeyPair_RSA"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHECC), "SDF_GenerateKeyWithECC"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHEPK_ECC),
+     "SDF_GenerateKeyWithEPK_ECC"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHEPK_RSA),
+     "SDF_GenerateKeyWithEPK_RSA"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHIPK_ECC),
+     "SDF_GenerateKeyWithIPK_ECC"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHIPK_RSA),
+     "SDF_GenerateKeyWithIPK_RSA"},
+    {ERR_FUNC(SDF_F_SDF_GENERATEKEYWITHKEK), "SDF_GenerateKeyWithKEK"},
+    {ERR_FUNC(SDF_F_SDF_GENERATERANDOM), "SDF_GenerateRandom"},
+    {ERR_FUNC(SDF_F_SDF_GETDEVICEINFO), "SDF_GetDeviceInfo"},
+    {ERR_FUNC(SDF_F_SDF_GETPRIVATEKEYACCESSRIGHT),
+     "SDF_GetPrivateKeyAccessRight"},
+    {ERR_FUNC(SDF_F_SDF_HASHFINAL), "SDF_HashFinal"},
+    {ERR_FUNC(SDF_F_SDF_HASHINIT), "SDF_HashInit"},
+    {ERR_FUNC(SDF_F_SDF_HASHUPDATE), "SDF_HashUpdate"},
+    {ERR_FUNC(SDF_F_SDF_IMPORTKEY), "SDF_ImportKey"},
+    {ERR_FUNC(SDF_F_SDF_IMPORTKEYWITHISK_ECC), "SDF_ImportKeyWithISK_ECC"},
+    {ERR_FUNC(SDF_F_SDF_IMPORTKEYWITHISK_RSA), "SDF_ImportKeyWithISK_RSA"},
+    {ERR_FUNC(SDF_F_SDF_IMPORTKEYWITHKEK), "SDF_ImportKeyWithKEK"},
+    {ERR_FUNC(SDF_F_SDF_INTERNALPRIVATEKEYOPERATION_RSA),
+     "SDF_InternalPrivateKeyOperation_RSA"},
+    {ERR_FUNC(SDF_F_SDF_INTERNALPUBLICKEYOPERATION_RSA),
+     "SDF_InternalPublicKeyOperation_RSA"},
+    {ERR_FUNC(SDF_F_SDF_INTERNALSIGN_ECC), "SDF_InternalSign_ECC"},
+    {ERR_FUNC(SDF_F_SDF_INTERNALVERIFY_ECC), "SDF_InternalVerify_ECC"},
+    {ERR_FUNC(SDF_F_SDF_METHOD_LOAD_LIBRARY), "SDF_METHOD_LOAD_LIBRARY"},
+    {ERR_FUNC(SDF_F_SDF_OPENDEVICE), "SDF_OpenDevice"},
+    {ERR_FUNC(SDF_F_SDF_OPENSESSION), "SDF_OpenSession"},
+    {ERR_FUNC(SDF_F_SDF_READFILE), "SDF_ReadFile"},
+    {ERR_FUNC(SDF_F_SDF_RELEASEPRIVATEKEYACCESSRIGHT),
+     "SDF_ReleasePrivateKeyAccessRight"},
+    {ERR_FUNC(SDF_F_SDF_WRITEFILE), "SDF_WriteFile"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA SDF_str_reasons[] = {
+    {ERR_REASON(SDF_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_REASON(SDF_R_INVALID_SDF_LIBRARY), "invalid sdf library"},
+    {ERR_REASON(SDF_R_INVALID_SESSION_HANDLE), "invalid session handle"},
+    {ERR_REASON(SDF_R_LOAD_LIBRARY_FAILURE), "load library failure"},
+    {ERR_REASON(SDF_R_METHOD_OPERATION_FAILURE), "method operation failure"},
+    {ERR_REASON(SDF_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_REASON(SDF_R_NOT_SUPPORTED), "not supported"},
+    {ERR_REASON(SDF_R_OPERATION_FAILED), "operation failed"},
+    {ERR_REASON(SDF_R_SDF_METHOD_RETURN_FAILURE),
+     "sdf method return failure"},
+    {ERR_REASON(SDF_R_SDF_OPERATION_FAILED), "sdf operation failed"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SDF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(SDF_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, SDF_str_functs);
+        ERR_load_strings(0, SDF_str_reasons);
+    }
+#endif
+    return 1;
+}
--- a/crypto/sdf/sdf_lib.c
+++ b/crypto/sdf/sdf_lib.c