update saf

crypto/saf/saf_cert.c

@@ -53,6 +53,7 @@
 #include <openssl/evp.h>
 #include <openssl/conf.h>
 #include <openssl/gmsaf.h>
+#include "saf_lcl.h"
 
 
 /* 7.2.2 */

crypto/saf/saf_ec.c

@@ -50,6 +50,7 @@
 #include <openssl/gmapi.h>
 #include <openssl/gmsdf.h>
 #include <openssl/gmsaf.h>
+#include "saf_lcl.h"
 
 
 /* 7.3.23 */
@@ -87,8 +88,6 @@ int SAF_GenEccKeyPair(
 		return SAR_KeyUsageErr;
 	}
 
-
-
 	/* set return value */
 	ret = SAR_Ok;
 
@@ -110,7 +109,7 @@ int SAF_GetEccPublicKey(
 	int rv;
 
 	/* check arguments */
-	if (!hAppHandle || !pucContainerNamae || !pucPUblicKey ||
+	if (!hAppHandle || !pucContainerName || !pucPublicKey ||
 		!puiPublicKeyLen) {
 		SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
 			ERR_R_PASSED_NULL_PARAMETER);
@@ -161,8 +160,8 @@ int SAF_EccSign(
 	unsigned int uiISKIndex;
 
 	/* check arguments */
-	if (!hAppHandle || !pucContainerNamae || !pucPUblicKey ||
-		!pucSignData || !pucSignDataLen) {
+	if (!hAppHandle || !pucContainerName || !pucInData ||
+		!pucSignData || !puiSignDataLen) {
 		SAFerr(SAF_F_SAF_ECCSIGN,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
@@ -208,7 +207,7 @@ int SAF_EccVerifySign(
 		SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
 	}
-	if (uiPublicKeyLen != sizeof(ECCrefPublic)) {
+	if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
 		SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
 		return SAR_IndataLenErr;
 	}
@@ -241,13 +240,15 @@ int SAF_EccPublicKeyEnc(
 	unsigned char *pucOutData,
 	unsigned int *puiOutDataLen)
 {
+	int ret = -1;
+
 	/* check arguments */
 	if (!pucPublicKey || !pucInData || !pucOutData || !puiOutDataLen) {
 		SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
 			ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
 	}
-	if (uiPublicKeyLen != sizeof(ECCrefPublic)) {
+	if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
 		SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
 			SAF_R_INVALID_INPUT_LENGTH);
 		return SAR_IndataLenErr;
@@ -293,7 +294,7 @@ int SAF_EccPublicKeyEncByCert(
 			ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
 	}
-	if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) {
+	if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
 		SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
 			SAF_R_INVALID_INPUT_LENGTH);
 		return SAR_IndataLenErr;
@@ -340,7 +341,7 @@ int SAF_EccVerifySignByCert(
 			ERR_R_PASSED_NULL_PARAMETER);
 		return SAR_IndataErr;
 	}
-	if (uiCertificateLen <= 0 || uiCertificate > INT_MAX) {
+	if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
 		SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
 			SAF_R_INVALID_INPUT_LENGTH);
 		return SAR_IndataLenErr;
@@ -372,7 +373,8 @@ end:
 /* 7.3.33 */
 int SAF_GenerateAgreementDataWithECC(
 	void *hSymmKeyObj,
-	unsigned int uiISKIndex,
+	unsigned char *pucContainerName,
+	unsigned int uiContainerNameLen,
 	unsigned int uiKeyBits,
 	unsigned char *pucSponsorID,
 	unsigned int uiSponsorIDLength,
@@ -409,7 +411,8 @@ int SAF_GenerateKeyWithECC(
 /* 7.3.35 */
 int SAF_GenerateAgreementDataAdnKeyWithECC(
 	void *hSymmKeyObj,
-	unsigned int uiISKIndex,
+	unsigned char *pucContainerName,
+	unsigned int uiContainerNameLen,
 	unsigned int uiKeyBits,
 	unsigned char *pucResponseID,
 	unsigned int uiResponseIDLength,
@@ -430,7 +433,8 @@ int SAF_GenerateAgreementDataAdnKeyWithECC(
 
 	if ((ret = SAF_GenerateAgreementDataWithECC(
 		hSymmKeyObj,
-		uiISKIndex,
+		pucContainerName,
+		uiContainerNameLen,
 		uiKeyBits,
 		pucSponsorID,
 		uiSponsorIDLength,

crypto/saf/saf_enc.c

@@ -51,6 +51,7 @@
 #include <openssl/rand.h>
 #include <openssl/gmsaf.h>
 #include <openssl/gmapi.h>
+#include "saf_lcl.h"
 
 /* 7.3.39 */
 int SAF_SymmEncryptUpdate(
@@ -61,7 +62,7 @@ int SAF_SymmEncryptUpdate(
 	unsigned int *puiOutDataLen)
 {
 	int ret = SAR_UnknownErr;
-	SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle;
+	SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
 	unsigned char *out = pucOutData;
 	int inlen, outlen;
 
@@ -142,7 +143,7 @@ int SAF_SymmDecryptUpdate(
 	unsigned int *puiOutDataLen)
 {
 	int ret = SAR_UnknownErr;
-	SAF_KEY_HANDLE *hkey = (SAF_KEY_HANDLE *)hKeyHandle;
+	SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
 	unsigned char *in = pucInData;
 	int inlen, outlen;
 
@@ -204,8 +205,6 @@ end:
 /* 7.3.43 */
 int SAF_SymmDecryptFinal(
 	void *hKeyHandle,
-	const unsigned char *pucInData,
-	unsigned int uiInDataLen,
 	unsigned char *pucOutData,
 	unsigned int *puiOutDataLen)
 {

crypto/saf/saf_errstr.c

@@ -92,7 +92,7 @@ static ERR_STRING_DATA saf_errstr[] = {
 	{ SAR_NotLogin,		"Not login" },
 };
 
-char *SAF_GetErrorString(int err)
+const char *SAF_GetErrorString(int err)
 {
 	int i;
 	for (i = 0; i < OSSL_NELEM(saf_errstr); i++) {

crypto/saf/saf_hash.c

@@ -52,6 +52,7 @@
 #include <stdlib.h>
 #include <openssl/evp.h>
 #include <openssl/gmsaf.h>
+#include "saf_lcl.h"
 
 /* 7.3.12 */
 int SAF_CreateHashObj(void **phHashObj,
@@ -61,11 +62,11 @@ int SAF_CreateHashObj(void **phHashObj,
 	unsigned char *pucID,
 	unsigned int ulIDLen)
 {
-	int ret = SAR_UnkownErr;
+	int ret = SAR_UnknownErr;
 	const EVP_MD *md;
 	EVP_MD_CTX *ctx = NULL;
 
-	if (!(md = EVP_get_digestbysgd(uiAlgorithmType))) {
+	if (!(md = EVP_get_digestbysgd(uiAlgoType))) {
 		return SAR_AlgoTypeErr;
 	}
 
@@ -80,7 +81,7 @@ int SAF_CreateHashObj(void **phHashObj,
 	*phHashObj = ctx;
 
 end:
-	if (ret != SAR_OK) {
+	if (ret != SAR_Ok) {
 		EVP_MD_CTX_free(ctx);
 		*phHashObj = NULL;
 	}
@@ -92,7 +93,7 @@ int SAF_DestroyHashObj(
 	void *phHashObj)
 {
 	EVP_MD_CTX_free((EVP_MD_CTX *)phHashObj);
-	return SAR_OK;
+	return SAR_Ok;
 }
 
 /* 7.3.14 */
@@ -101,10 +102,10 @@ int SAF_HashUpdate(
 	const unsigned char *pucInData,
 	unsigned int uiInDataLen)
 {
-	if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, (size_t)uiInDataLne)) {
+	if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, (size_t)uiInDataLen)) {
 		return SAR_HashErr;
 	}
-	return SAR_OK;
+	return SAR_Ok;
 }
 
 /* 7.3.15 */
@@ -115,7 +116,7 @@ int SAF_HashFinal(void *phHashObj,
 	if (!EVP_DigestFinal((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) {
 		return SAR_HashErr;
 	}
-	return SAR_OK;
+	return SAR_Ok;
 }
 
 /* 7.3.11 */
@@ -142,6 +143,6 @@ int SAF_Hash(
 		return SAR_HashErr;
 	}
 
-	return SAR_OK;
+	return SAR_Ok;
 }
 

crypto/saf/saf_lcl.h

@@ -51,9 +51,9 @@
 #include <openssl/cmac.h>
 #include <openssl/gmsdf.h>
 #include <openssl/gmsaf.h>
+#include <openssl/engine.h>
 
-
-typedef struct {
+typedef struct saf_app_st {
 	const char *config_path;
 	ENGINE *engine;
 } SAF_APP;
@@ -75,6 +75,8 @@ typedef struct {
 typedef struct {
 	SAF_SYMMKEYOBJ obj;
 	unsigned char key[64];
+	int keylen;
+	const EVP_CIPHER *cipher;
 	EVP_CIPHER_CTX *cipher_ctx;
 	CMAC_CTX *cmac_ctx;
 } SAF_KEY;

crypto/saf/saf_lib.c

@@ -112,16 +112,7 @@ int saf_get_ec_public_key_from_cert(
 
 static int readfile(const char *file, unsigned char **pout, size_t *len)
 {
-	FILE *fp = fopen(file, "rb");
-	fseek(fp, 0, SEEK_END);
-	long fsize = ftell(fp);
-	fseek(fp, 0, SEEK_SET);
-	char *out = malloc(fsize);
-	fread(out, fsize, 1, f);
-	fclose(f);
-	*pout = out;
-	*len = fsize;
-	return SAR_OK;
+	return SAR_Ok;
 }
 
 static int cert_get_pubkey(

crypto/saf/saf_mac.c

@@ -51,6 +51,7 @@
 #include <openssl/cmac.h>
 #include <openssl/gmsaf.h>
 #include <openssl/gmapi.h>
+#include "saf_lcl.h"
 
 /* 7.3.45 */
 int SAF_MacUpdate(
@@ -117,7 +118,7 @@ int SAF_MacFinal(
 	}
 
 	siz = EVP_CIPHER_block_size(hkey->cipher);
-	if (!CBCMAC_Final(hkey->cbcmac_ctx, pucOutData, &siz)) {
+	if (!CBCMAC_Final(hkey->cmac_ctx, pucOutData, &siz)) {
 		SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE);
 		return SAR_UnknownErr;
 	}

crypto/saf/saf_rand.c

@@ -70,7 +70,7 @@ int SAF_GenRandom(
 		return SAR_IndataErr;
 	}
 
-	if (!RAND_bytes(pucRand, len)) {
+	if (!RAND_bytes(pucRand, uiRandLen)) {
 		SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE);
 		return SAR_GenRandErr;
 	}