abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 08:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove SAF and SOF module

Browse Source
This commit is contained in:
Zhi Guan
2019-06-13 18:17:26 +08:00
parent 24f8a17c63
commit bdd3d75e89
36 changed files with 2 additions and 11738 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Configure
View File

@@ -425,10 +425,8 @@ my @disablables = (
"bfibe",
"bb1ibe",
"sm9",
"saf",
"sdf",
"skf",
"sof",
"zuc",
"aes",
"sha",

4
crypto/err/err.c
View File

@@ -69,10 +69,8 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_BB1IBE, 0, 0), "BB1IBE routines"},
{ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
{ERR_PACK(ERR_LIB_SM9, 0, 0), "SM9 routines"},
{ERR_PACK(ERR_LIB_SAF, 0, 0), "SAF routines"},
{ERR_PACK(ERR_LIB_SDF, 0, 0), "SDF routines"},
{ERR_PACK(ERR_LIB_SKF, 0, 0), "SKF routines"},
{ERR_PACK(ERR_LIB_SOF, 0, 0), "SOF routines"},
{ERR_PACK(ERR_LIB_BASE58, 0, 0), "BASE58 routines"},
{0, NULL},
};
@@ -128,10 +126,8 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
{ERR_R_BB1IBE_LIB, "BB1IBE lib"},
{ERR_R_SM2_LIB, "SM2 lib"},
{ERR_R_SM9_LIB, "SM9 lib"},
{ERR_R_SAF_LIB, "SAF lib"},
{ERR_R_SDF_LIB, "SDF lib"},
{ERR_R_SKF_LIB, "SKF lib"},
{ERR_R_SOF_LIB, "SOF lib"},
{ERR_R_BASE58_LIB, "BASE58 lib"},
{ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},

12
crypto/err/err_all.c
View File

@@ -93,18 +93,12 @@
#ifndef OPENSSL_NO_SM9
# include <openssl/sm9.h>
#endif
#ifndef OPENSSL_NO_SAF
# include <openssl/gmsaf.h>
#endif
#ifndef OPENSSL_NO_SDF
# include <openssl/gmsdf.h>
#endif
#ifndef OPENSSL_NO_SKF
# include <openssl/gmskf.h>
#endif
#ifndef OPENSSL_NO_SOF
# include <openssl/gmsof.h>
#endif
#ifndef OPENSSL_NO_BASE58
# include <openssl/base58.h>
#endif
@@ -203,18 +197,12 @@ int err_load_crypto_strings_int(void)
# ifndef OPENSSL_NO_SM9
ERR_load_SM9_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SAF
ERR_load_SAF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SDF
ERR_load_SDF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SKF
ERR_load_SKF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SOF
ERR_load_SOF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_BASE58
ERR_load_BASE58_strings() == 0 ||
# endif

2
crypto/err/openssl.ec
View File

@@ -45,10 +45,8 @@ L BFIBE include/openssl/bfibe.h crypto/bfibe/bfibe_err.c
L BB1IBE include/openssl/bb1ibe.h crypto/bb1ibe/bb1ibe_err.c
L SM2 include/openssl/sm2.h crypto/sm2/sm2_err.c
L SM9 include/openssl/sm9.h crypto/sm9/sm9_err.c
L SAF include/openssl/gmsaf.h crypto/saf/saf_err.c
L SDF include/openssl/gmsdf.h crypto/sdf/sdf_err.c
L SKF include/openssl/gmskf.h crypto/skf/skf_err.c
L SOF include/openssl/gmsof.h crypto/sof/sof_err.c
L BASE58 include/openssl/base58.h crypto/base58/base58_err.c
# additional header files to be scanned for function names

18
crypto/saf/build.info
View File

@@ -1,18 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]= \
saf_app.c \
saf_base64.c \
saf_cert.c \
saf_ec.c \
saf_enc.c \
saf_err.c \
saf_errstr.c \
saf_hash.c \
saf_keyhandle.c \
saf_lib.c \
saf_mac.c \
saf_pkcs7.c \
saf_rand.c \
saf_rsa.c \
saf_sm2.c \
saf_symmkeyobj.c

158
crypto/saf/saf_app.c
View File

@@ -1,158 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/crypto.h>
#include "saf_lcl.h"
/* 7.1.2 */
int SAF_Initialize(
void **phAppHandle,
char *pubCfgFilePath)
{
int ret = SAR_UnknownErr;
SAF_APP *app = NULL;
char *engine_id = pubCfgFilePath;
if (!phAppHandle || !pubCfgFilePath) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(app = OPENSSL_zalloc(sizeof(*app)))) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_MALLOC_FAILURE);
return SAR_MemoryErr;
}
if (!(app->engine = ENGINE_by_id(engine_id))
|| !ENGINE_init(app->engine)) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_ENGINE_LIB);
goto end;
}
*phAppHandle = app;
app = NULL;
ret = SAR_Ok;
end:
SAF_Finalize(app);
return ret;
}
/* 7.1.3 */
int SAF_Finalize(
void *hAppHandle)
{
SAF_APP *app = (SAF_APP *)hAppHandle;
if (app->engine) {
ENGINE_finish(app->engine);
ENGINE_free(app->engine);
}
OPENSSL_free(app);
return SAR_Ok;
}
/* 7.1.4 */
int SAF_GetVersion(
unsigned int *puiVersion)
{
if (!puiVersion) {
SAFerr(SAF_F_SAF_GETVERSION, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
*puiVersion = (unsigned int)OpenSSL_version_num();
return SAR_Ok;
}
/* 7.1.5 */
int SAF_Login(
void *hAppHandle,
unsigned int uiUsrType,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned char *pucPin,
unsigned int uiPinLen,
unsigned int *puiRemainCount)
{
SAFerr(SAF_F_SAF_LOGIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.6 */
int SAF_ChangePin(
void *hAppHandle,
unsigned int uiUsrType,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned char *pucOldPin,
unsigned int uiOldPinLen,
unsigned char *pucNewPin,
unsigned int uiNewPinLen,
unsigned int *puiRemainCount)
{
SAFerr(SAF_F_SAF_CHANGEPIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.7 */
int SAF_Logout(
void *hAppHandle,
unsigned int uiUsrType)
{
SAFerr(SAF_F_SAF_LOGOUT, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}

364
crypto/saf/saf_base64.c
View File

@@ -1,364 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.4 */
int SAF_Base64_CreateBase64Obj(
void **phBase64Obj)
{
int ret = SAR_UnknownErr;
SAF_BASE64OBJ *obj = NULL;
if (!(obj = OPENSSL_malloc(sizeof(*obj)))) {
SAFerr(SAF_F_SAF_BASE64_CREATEBASE64OBJ, ERR_R_MALLOC_FAILURE);
return SAR_MemoryErr;
}
if (!(obj->ctx = EVP_ENCODE_CTX_new())) {
SAFerr(SAF_F_SAF_BASE64_CREATEBASE64OBJ, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
obj->inited = 0;
*phBase64Obj = obj;
ret = SAR_OK;
end:
if (ret != SAR_OK) {
EVP_ENCODE_CTX_free(obj->ctx);
OPENSSL_free(obj);
}
return ret;
}
/* 7.3.5 */
/* always return success for software implementation */
int SAF_Base64_DestroyBase64Obj(
void *hBase64Obj)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
if (obj) {
EVP_ENCODE_CTX_free(obj->ctx);
}
OPENSSL_free(obj);
return SAR_OK;
}
/* 7.3.6 */
int SAF_Base64_EncodeUpdate(
void *hBase64Obj,
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int inlen, outlen;
if (!hBase64Obj || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (puiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* check handle */
if (!obj->ctx) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
if (!obj->inited) {
EVP_EncodeInit(obj->ctx);
obj->inited = 1;
}
inlen = (int)puiInDataLen;
outlen = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
if (!EVP_EncodeUpdate(obj->ctx, pucOutData, &outlen, pucInData, inlen)) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)outlen;
return SAR_OK;
}
/* 7.3.7 */
int SAF_Base64_EncodeFinal(
void *hBase64Obj,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int len;
if (!hBase64Obj || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (*puiOutDataLen < 66) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!obj->ctx || !obj->inited) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
/* the max output length of EVP_EncodeFinal() is 66
* this function return void, so we need to check `*outlen`
*/
len = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
EVP_EncodeFinal(obj->ctx, pucOutData, &len);
*puiOutDataLen = (unsigned int)len;
return SAR_OK;
}
/* 7.3.8 */
int SAF_Base64_DecodeUpdate(
void *hBase64Obj,
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int inlen, outlen;
if (!hBase64Obj || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (puiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (!obj->ctx) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
if (!obj->inited) {
EVP_DecodeInit(obj->ctx);
obj->inited = 1;
}
inlen = (int)puiInDataLen;
outlen = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
/*
* EVP_DecodeUpdate() return -1 for error, 0 or 1 for success
* 0 means the last char of the input is `=`
*/
if (EVP_DecodeUpdate(obj->ctx, pucOutData, &outlen, pucInData, inlen) < 0) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)outlen;
return SAR_OK;
}
/* 7.3.9 */
int SAF_Base64_DecodeFinal(
void *hBase64Obj,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int len;
if (!hBase64Obj || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (!obj->ctx || !obj->inited) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
len = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
if (!EVP_DecodeFinal(obj->ctx, pucOutData, &len)) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)len;
return SAR_OK;
}
/* 7.3.2 */
int SAF_Base64_Encode(
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
void *handle = NULL;
unsigned char *p;
unsigned int len;
if (!pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if ((ret = SAF_Base64_CreateBase64Obj(&handle)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p = pucOutData;
len = *puiOutDataLen;
if ((ret = SAF_Base64_EncodeUpdate(handle, pucInData, puiInDataLen,
p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
len = *puiOutDataLen - len;
if ((ret = SAF_Base64_EncodeFinal(handle, p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
*puiOutDataLen = p - pucOutData;
ret = SAR_OK;
end:
SAF_Base64_DestroyBase64Obj(handle);
return ret;
}
/* 7.3.3 */
int SAF_Base64_Decode(
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
void *handle = NULL;
unsigned char *p;
unsigned int len;
if ((ret = SAF_Base64_CreateBase64Obj(&handle)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p = pucOutData;
len = *puiOutDataLen;
if ((ret = SAF_Base64_DecodeUpdate(handle, pucInData, puiInDataLen,
p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
len = *puiOutDataLen - len;
if ((ret = SAF_Base64_DecodeFinal(handle, p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
*puiOutDataLen = p - pucOutData;
ret = SAR_OK;
end:
SAF_Base64_DestroyBase64Obj(handle);
return ret;
}

521
crypto/saf/saf_cert.c
View File

@@ -1,521 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
#include "../../apps/apps.h"
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *cert_descrip)
{
return 0;
}
/* 7.2.2 */
int SAF_AddTrustedRootCaCertificate(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
X509 *x509 = NULL;
BIO *bio = NULL;
if (!hAppHandle || !pucCertificate) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(bio = BIO_new_file(app->rootcacerts, "a"))) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!PEM_write_bio_X509(bio, x509)) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PEM_LIB);
goto end;
}
ret = SAR_Ok;
end:
X509_free(x509);
BIO_free(bio);
return ret;
}
/* 7.2.3 */
int SAF_GetRootCaCertificateCount(
void *hAppHandle,
unsigned int *puiCount)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
if (!hAppHandle || !puiCount) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
*puiCount = sk_X509_num(certs);
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.4 */
int SAF_GetRootCaCertificate(
void *hAppHandle,
unsigned int uiIndex,
unsigned char *pucCertificate,
unsigned int *puiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509;
int len;
if (!hAppHandle || !pucCertificate || !puiCertificateLen) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL,
"root ca certificates")) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(x509 = sk_X509_value(certs, uiIndex))) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
if (*puiCertificateLen < i2d_X509(x509, NULL)) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_X509(x509, &pucCertificate)) <= 0) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_X509_LIB);
goto end;
}
*puiCertificateLen = len;
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.5 */
int SAF_RemoveRootCaCertificate(
void *hAppHandle,
unsigned int uiIndex)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
int i, err = 0;
if (!hAppHandle) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(bio = BIO_new_file(app->rootcacerts, "w"))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = sk_X509_delete(certs, uiIndex))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
for (i = 0; i < sk_X509_num(certs); i++) {
if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PEM_LIB);
err++;
}
}
ret = SAR_Ok;
end:
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
return ret;
}
/* 7.2.6 */
int SAF_AddCaCertificate(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
X509 *x509 = NULL;
BIO *bio = NULL;
if (!hAppHandle || !pucCertificate) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(bio = BIO_new_file(app->cacerts, "a"))) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!PEM_write_bio_X509(bio, x509)) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PEM_LIB);
goto end;
}
ret = SAR_Ok;
end:
X509_free(x509);
BIO_free(bio);
return ret;
}
/* 7.2.7 */
int SAF_GetCaCertificateCount(
void *hAppHandle,
unsigned int *puiCount)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
if (!hAppHandle || !puiCount) {
SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
*puiCount = sk_X509_num(certs);
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.8 */
int SAF_GetCaCertificate(
void *hAppHandle,
unsigned int uiIndex,
unsigned char *pucCertificate,
unsigned int *puiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509;
int len;
if (!hAppHandle || !pucCertificate || !puiCertificateLen) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(x509 = sk_X509_value(certs, uiIndex))) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
if (*puiCertificateLen < i2d_X509(x509, NULL)) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_X509(x509, &pucCertificate)) <= 0) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_X509_LIB);
goto end;
}
*puiCertificateLen = len;
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.9 */
int SAF_RemoveCaCertificate(
void *hAppHandle,
unsigned int uiIndex)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
int i, err = 0;
if (!hAppHandle) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(bio = BIO_new_file(app->rootcacerts, "w"))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = sk_X509_delete(certs, uiIndex))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
for (i = 0; i < sk_X509_num(certs); i++) {
if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PEM_LIB);
err++;
}
}
ret = SAR_Ok;
end:
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
return ret;
}
/* 7.2.10 */
int SAF_AddCrl(
void *hAppHandle,
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.11 */
int SAF_VerifyCertificate(
void *hAppHandle,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.12 */
int SAF_VerifyCertificateByCrl(
void *hAppHandle,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen,
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.13 */
int SAF_GetCertificateStateByOCSP(
void *hAppHandle,
unsigned char *pcOcspHostURL,
unsigned int uiOcspHostURLLen,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen,
unsigned char *pucCACertificate,
unsigned int uiCACertficateLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.14 */
int SAF_GetCertFromLdap(
void *hAppHandle,
char *pcLdapHostURL,
unsigned int uiLdapHostURLLen,
unsigned char *pucQueryDN,
unsigned int uiQueryDNLen,
unsigned char *pucOutCert,
unsigned int *puiOutCertLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.15 */
int SAF_GetCrlFromLdap(
void *hAppHandle,
char *pcLdapHostURL,
unsigned int uiLdapHostURLLen,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucCrlData,
unsigned int *puiCrlDataLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.16 */
int SAF_GetCertificateInfo(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned int uiInfoType,
unsigned char *pucInfo,
unsigned int *puiInfoLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.17 */
int SAF_GetExtTypeInfo(
void *hAppHandle,
unsigned char *pucDerCert,
unsigned int uiDerCertLen,
unsigned int uiInfoType,
unsigned char *pucPriOid,
unsigned int uiPriOidLen,
unsigned char *pucInfo,
unsigned int *puiInfoLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.18 */
int SAF_EnumCertificates(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts)
{
return SAR_NotSupportYetErr;
}
/* 7.2.19 */
int SAF_EnumKeyContainerInfo(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
{
return SAR_NotSupportYetErr;
}
/* 7.2.20 */
int SAF_EnumCertificatesFree(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts)
{
return SAR_NotSupportYetErr;
}
/* 7.2.21 */
int SAF_EnumKeyContainerInfoFree(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
{
return SAR_NotSupportYetErr;
}

630
crypto/saf/saf_ec.c
View File

@@ -1,630 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.3.23 */
int SAF_GenEccKeyPair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag)
{
int ret = -1;
SAF_APP *app = (SAF_APP *)hAppHandle;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
/* check arguments */
if (!hAppHandle || !pucContainerName) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 || uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiKeyBits < 160 || uiKeyBits > ECCref_MAX_BITS) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_KEY_LENGTH);
return SAR_ModulusLenErr;
}
if (uiKeyUsage != SGD_SM2_1 && uiKeyUsage != SGD_SM2_2 &&
uiKeyUsage != SGD_SM2_3) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_KEY_USAGE);
return SAR_KeyUsageErr;
}
/* process */
if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, app->engine))
|| EVP_PKEY_keygen_init(pctx) <= 0
|| EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_free(pkey);
return ret;
}
const char *SGD_GetKeyUsageName(unsigned int uiKeyUsage)
{
switch (uiKeyUsage) {
case SGD_PK_SIGN:
return "sign";
case SGD_PK_ENC:
return "enc";
case SGD_PK_DH:
return "dh";
}
return NULL;
}
/* 7.3.24 */
int SAF_GetEccPublicKey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
EVP_PKEY *pkey = NULL;
char key_id[1024];
int len;
/* check arguments */
if (!hAppHandle || !pucContainerName || !pucPublicKey ||
!puiPublicKeyLen) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 ||
uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiKeyUsage != SGD_SM2_1 && uiKeyUsage != SGD_SM2_2 &&
uiKeyUsage != SGD_SM2_3) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_INVALID_KEY_USAGE);
return SAR_KeyUsageErr;
}
if ((size_t)*puiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataErr;
}
/* process */
/*
snprintf(key_id, sizeof(key_id), "%s.%s", (char *)pucContainerName,
SGD_GetKeyUsageName(uiKeyUsage));
*/
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if ((len = i2d_PUBKEY(pkey, &pucPublicKey)) <= 0) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_X509_LIB);
goto end;
}
*puiPublicKeyLen = (unsigned int)len;
/* set return value */
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
return ret;
}
/* 7.3.25 */
int SAF_EccSign(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiAlgorithmID, /* SGD_SM2_1 */
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int *puiSignDataLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
char key_id[1024];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t siglen;
/* check arguments */
if (!hAppHandle || !pucContainerName || !pucInData ||
!pucSignData || !puiSignDataLen) {
SAFerr(SAF_F_SAF_ECCSIGN,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 ||
uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if ((size_t)*puiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataErr;
}
/* process */
/*
snprintf(key_id, sizeof(key_id), "%s.sign", (char *)pucContainerName);
*/
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, app->engine))
|| EVP_PKEY_sign_init(pctx) <= 0
|| EVP_PKEY_sign(pctx, pucSignData, &siglen, pucInData, (size_t)uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_EVP_LIB);
goto end;
}
*puiSignDataLen = (unsigned int)siglen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.26 */
int SAF_EccVerifySign(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int uiSignDataLen)
{
int ret = SAR_UnknownErr;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
/* check arguments */
if (!pucPublicKey || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_verify_init(pctx) <= 0
|| EVP_PKEY_verify(pctx, pucSignData, uiSignDataLen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.27 */
int SAF_EccPublicKeyEnc(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = -1;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t outlen = *puiOutDataLen;
/* check arguments */
if (!pucPublicKey || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_3) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen <= 0 || uiInDataLen > SAF_MAX_EC_CIPHERTEXT_LENGTH) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (*puiOutDataLen != sizeof(ECCCipher)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* precess */
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_decrypt_init(pctx) <= 0
|| EVP_PKEY_decrypt(pctx, pucOutData, &outlen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.28 */
int SAF_EccPublicKeyEncByCert(
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
X509 *x509 = NULL;
unsigned char pubkey[1024];
unsigned char *p = pubkey;
int len;
/* check arguments */
if (!pucCertificate || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_3) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen <= 0 || uiInDataLen > SAF_MAX_EC_CIPHERTEXT_LENGTH) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (*puiOutDataLen != sizeof(ECCCipher)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_X509_LIB);
goto end;
}
ret = SAF_EccPublicKeyEnc(
pubkey,
(unsigned int)len,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
return ret;
}
/* 7.3.29 */
int SAF_EccVerifySignByCert(
unsigned int uiAlgorithmID,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int uiSignDataLen)
{
int ret = SAR_UnknownErr;
X509 *x509 = NULL;
unsigned char pucPublicKey[1024];
unsigned int uiPublicKeyLen;
unsigned char *p = pucPublicKey;
int len;
/* check arguments */
if (!pucCertificate || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
uiPublicKeyLen = (unsigned int)len;
ret = SAF_EccVerifySign(
pucPublicKey,
uiPublicKeyLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucSignData,
uiSignDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
return ret;
}
/* 7.3.33 */
int SAF_GenerateAgreementDataWithECC(
void *hSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
unsigned char *pucSponsorPublicKey,
unsigned int *puiSponsorPublicKeyLen,
unsigned char *pucSponsorTmpPublicKey,
unsigned int *puiSponsorTmpPublicKeyLen,
void **phAgreementHandle)
{
int ret = -1;
ret = SAR_Ok;
return ret;
}
/* 7.3.34 */
int SAF_GenerateKeyWithECC(
void *phAgreementHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucResponsePublicKey,
unsigned int uiResponsePublicKeyLen,
unsigned char *pucResponseTmpPublicKey,
unsigned int uiResponseTmpPublicKeyLen,
void **phKeyHandle)
{
int ret = -1;
return ret;
}
/* 7.3.35 */
int SAF_GenerateAgreementDataAdnKeyWithECC(
void *hSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
unsigned char *pucSponsorPublicKey,
unsigned int *puiSponsorPublicKeyLen,
unsigned char *pucSponsorTmpPublicKey,
unsigned int *puiSponsorTmpPublicKeyLen,
unsigned char *pucResponsePublicKey,
unsigned int uiResponsePublicKeyLen,
unsigned char *pucResponseTmpPublicKey,
unsigned int uiResponseTmpPublicKeyLen,
void **phKeyHandle)
{
int ret;
void *hAgreementHandle = NULL;
if ((ret = SAF_GenerateAgreementDataWithECC(
hSymmKeyObj,
pucContainerName,
uiContainerNameLen,
uiKeyBits,
pucSponsorID,
uiSponsorIDLength,
pucSponsorPublicKey,
puiSponsorPublicKeyLen,
pucSponsorTmpPublicKey,
puiSponsorTmpPublicKeyLen,
&hAgreementHandle)) != SAR_OK) {
}
if ((ret = SAF_GenerateKeyWithECC(
hAgreementHandle,
pucResponseID,
uiResponseIDLength,
pucResponsePublicKey,
uiResponsePublicKeyLen,
pucResponseTmpPublicKey,
uiResponseTmpPublicKeyLen,
phKeyHandle)) != SAR_OK) {
}
return 0;
}
/* GmSSL Extension */
int SAF_EccSignFile(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
return SAR_OK;
}
int SAF_EccVerifySignFile(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
return SAR_OK;
}

297
crypto/saf/saf_enc.c
View File

@@ -1,297 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.39 */
int SAF_SymmEncryptUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cipher_ctx) {
const EVP_CIPHER *cipher;
// FIXME: get ulFeedBitLen from key handle
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!EVP_EncryptInit_ex(hkey->cipher_ctx, cipher,
hkey->hSymmKeyObj->app->engine,
hkey->key, hkey->hSymmKeyObj->pucIV)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
}
if (!EVP_EncryptUpdate(hkey->cipher_ctx, pucOutData, &outlen,
pucInData, (int)uiInDataLen)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cipher_ctx) {
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
}
return ret;
}
/* 7.3.40 */
int SAF_SymmEncryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cipher_ctx) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, SAF_R_ENCRYPT_NOT_INITIALIED);
return SAR_NotInitializeErr;
}
if (!EVP_EncryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
return ret;
}
/* 7.3.42 */
int SAF_SymmDecryptUpdate(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cipher_ctx) {
const EVP_CIPHER *cipher;
//Get feedbitlen from keyhandle
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!EVP_DecryptInit_ex(hkey->cipher_ctx, cipher,
hkey->hSymmKeyObj->app->engine,
hkey->key, hkey->hSymmKeyObj->pucIV)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
}
if (!EVP_DecryptUpdate(hkey->cipher_ctx, pucOutData, &outlen,
pucInData, (int)uiInDataLen)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cipher_ctx) {
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
}
return ret;
}
/* 7.3.43 */
int SAF_SymmDecryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cipher_ctx) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, SAF_R_DECRYPT_NOT_INITIALIZED);
return SAR_NotInitializeErr;
}
if (!EVP_DecryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
return ret;
}
/* 7.3.38 */
int SAF_SymmEncrypt(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
unsigned int len;
if ((ret = SAF_SymmEncryptUpdate(hKeyHandle, pucInData, uiInDataLen,
pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_SymmEncryptFinal(hKeyHandle,
pucOutData + *puiOutDataLen, &len)) != SAR_OK) {
return ret;
}
*puiOutDataLen += len;
return SAR_OK;
}
/* 7.3.41 */
int SAF_SymmDecrypt(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
unsigned int len;
if ((ret = SAF_SymmDecryptUpdate(hKeyHandle, pucInData, uiInDataLen,
pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_SymmDecryptFinal(hKeyHandle,
pucOutData + *puiOutDataLen, &len)) != SAR_OK) {
return ret;
}
*puiOutDataLen += len;
return SAR_OK;
}

142
crypto/saf/saf_err.c
View File

@@ -1,142 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gmsaf.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SAF,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SAF,0,reason)
static ERR_STRING_DATA SAF_str_functs[] = {
{ERR_FUNC(SAF_F_SAF_ADDCACERTIFICATE), "SAF_AddCaCertificate"},
{ERR_FUNC(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE),
"SAF_AddTrustedRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_BASE64_CREATEBASE64OBJ),
"SAF_Base64_CreateBase64Obj"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODE), "SAF_Base64_Decode"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODEFINAL), "SAF_Base64_DecodeFinal"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODEUPDATE), "SAF_Base64_DecodeUpdate"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODE), "SAF_Base64_Encode"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"},
{ERR_FUNC(SAF_F_SAF_CHANGEPIN), "SAF_ChangePin"},
{ERR_FUNC(SAF_F_SAF_CREATEHASHOBJ), "SAF_CreateHashObj"},
{ERR_FUNC(SAF_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"},
{ERR_FUNC(SAF_F_SAF_DESTROYHASHOBJ), "SAF_DestroyHashObj"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENCBYCERT), "SAF_EccPublicKeyEncByCert"},
{ERR_FUNC(SAF_F_SAF_ECCSIGN), "SAF_EccSign"},
{ERR_FUNC(SAF_F_SAF_ECCVERIFYSIGN), "SAF_EccVerifySign"},
{ERR_FUNC(SAF_F_SAF_ECCVERIFYSIGNBYCERT), "SAF_EccVerifySignByCert"},
{ERR_FUNC(SAF_F_SAF_GENECCKEYPAIR), "SAF_GenEccKeyPair"},
{ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"},
{ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"},
{ERR_FUNC(SAF_F_SAF_GENRSAKEYPAIR), "SAF_GenRsaKeyPair"},
{ERR_FUNC(SAF_F_SAF_GETCACERTIFICATE), "SAF_GetCaCertificate"},
{ERR_FUNC(SAF_F_SAF_GETCACERTIFICATECOUNT), "SAF_GetCaCertificateCount"},
{ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"},
{ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATE), "SAF_GetRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATECOUNT),
"SAF_GetRootCaCertificateCount"},
{ERR_FUNC(SAF_F_SAF_GETRSAPUBLICKEY), "SAF_GetRsaPublicKey"},
{ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"},
{ERR_FUNC(SAF_F_SAF_HASH), "SAF_Hash"},
{ERR_FUNC(SAF_F_SAF_HASHFINAL), "SAF_HashFinal"},
{ERR_FUNC(SAF_F_SAF_HASHUPDATE), "SAF_HashUpdate"},
{ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"},
{ERR_FUNC(SAF_F_SAF_KEY_NEW), "SAF_KEY_new"},
{ERR_FUNC(SAF_F_SAF_LOAD_PRIVATE_KEY), "SAF_load_private_key"},
{ERR_FUNC(SAF_F_SAF_LOAD_PUBLIC_KEY), "SAF_load_public_key"},
{ERR_FUNC(SAF_F_SAF_LOGIN), "SAF_Login"},
{ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"},
{ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"},
{ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA),
"SAF_Pkcs7_DecodeDigestedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA),
"SAF_Pkcs7_DecodeEnvelopedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODESIGNEDDATA),
"SAF_Pkcs7_DecodeSignedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA),
"SAF_Pkcs7_EncodeDigestedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA),
"SAF_Pkcs7_EncodeEnvelopedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA),
"SAF_Pkcs7_EncodeSignedData"},
{ERR_FUNC(SAF_F_SAF_REMOVECACERTIFICATE), "SAF_RemoveCaCertificate"},
{ERR_FUNC(SAF_F_SAF_REMOVEROOTCACERTIFICATE),
"SAF_RemoveRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_RSASIGN), "SAF_RsaSign"},
{ERR_FUNC(SAF_F_SAF_RSAVERIFYSIGN), "SAF_RsaVerifySign"},
{ERR_FUNC(SAF_F_SAF_SYMMDECRYPTFINAL), "SAF_SymmDecryptFinal"},
{ERR_FUNC(SAF_F_SAF_SYMMDECRYPTUPDATE), "SAF_SymmDecryptUpdate"},
{ERR_FUNC(SAF_F_SAF_SYMMENCRYPTFINAL), "SAF_SymmEncryptFinal"},
{ERR_FUNC(SAF_F_SAF_SYMMENCRYPTUPDATE), "SAF_SymmEncryptUpdate"},
{ERR_FUNC(SAF_F_SAF_SYMMKEYOBJ_DUP), "SAF_SYMMKEYOBJ_dup"},
{ERR_FUNC(SAF_F_SAF_VERIFYSIGNBYCERT), "SAF_VerifySignByCert"},
{0, NULL}
};
static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SAF_R_CMAC_FAILURE), "cmac failure"},
{ERR_REASON(SAF_R_DECRYPT_NOT_INITIALIZED), "decrypt not initialized"},
{ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"},
{ERR_REASON(SAF_R_ENCRYPT_NOT_INITIALIED), "encrypt not initialied"},
{ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"},
{ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"},
{ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"},
{ERR_REASON(SAF_R_INVALID_APP), "invalid app"},
{ERR_REASON(SAF_R_INVALID_CERTIFICATE), "invalid certificate"},
{ERR_REASON(SAF_R_INVALID_DIGEST_ALGOR), "invalid digest algor"},
{ERR_REASON(SAF_R_INVALID_HANDLE), "invalid handle"},
{ERR_REASON(SAF_R_INVALID_INDEX), "invalid index"},
{ERR_REASON(SAF_R_INVALID_INPUT_LENGTH), "invalid input length"},
{ERR_REASON(SAF_R_INVALID_KEY_HANDLE), "invalid key handle"},
{ERR_REASON(SAF_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"},
{ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(SAF_R_INVALID_PKCS7), "invalid pkcs7"},
{ERR_REASON(SAF_R_INVALID_PKCS7_DATA), "invalid pkcs7 data"},
{ERR_REASON(SAF_R_INVALID_PKCS7_TYPE), "invalid pkcs7 type"},
{ERR_REASON(SAF_R_INVALID_PKEY_TYPE), "invalid pkey type"},
{ERR_REASON(SAF_R_INVALID_PUBLIC_KEY), "invalid public key"},
{ERR_REASON(SAF_R_LOA), "loa"},
{ERR_REASON(SAF_R_LOAD_CERTS_FAILURE), "load certs failure"},
{ERR_REASON(SAF_R_LOAD_KEY_FAILURE), "load key failure"},
{ERR_REASON(SAF_R_LOAD_PRIVATE_KEY_FAILURE), "load private key failure"},
{ERR_REASON(SAF_R_LOAD_PUBLIC_KEY_FAILURE), "load public key failure"},
{ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"},
{ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"},
{ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED),
"operation not initialized"},
{ERR_REASON(SAF_R_PKCS7_VERIFY_FAILURE), "pkcs7 verify failure"},
{ERR_REASON(SAF_R_UNSUPPORTED_ALGOR), "unsupported algor"},
{ERR_REASON(SAF_R_UNSUPPORTED_DIGEST_ALGOR), "unsupported digest algor"},
{0, NULL}
};
#endif
int ERR_load_SAF_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SAF_str_functs[0].error) == NULL) {
ERR_load_strings(0, SAF_str_functs);
ERR_load_strings(0, SAF_str_reasons);
}
#endif
return 1;
}

105
crypto/saf/saf_errstr.c
View File

@@ -1,105 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include <openssl/gmsaf.h>
#include "../../e_os.h"
static ERR_STRING_DATA saf_errstr[] = {
{ SAR_Ok, "Success" },
{ SAR_UnknownErr, "Unknown error" },
{ SAR_NotSupportYetErr, "Not supported yet error" },
{ SAR_FileErr, "File error" },
{ SAR_ProviderTypeErr, "Provider type error" },
{ SAR_LoadProviderErr, "Load provider error" },
{ SAR_LoadDevMngApiErr, "Load Device management API error" },
{ SAR_AlgoTypeErr, "Algorithm type error" },
{ SAR_NameLenErr, "Name length error" },
{ SAR_KeyUsageErr, "Key usage error" },
{ SAR_ModulusLenErr, "Modulus length error" },
{ SAR_NotInitializeErr, "Not initialized error" },
{ SAR_ObjErr, "Object error" },
{ SAR_MemoryErr, "Memory error" },
{ SAR_TimeoutErr, "Timeout error" },
{ SAR_IndataLenErr, "Input data length error" },
{ SAR_IndataErr, "Input data error" },
{ SAR_GenRandErr, "Generate random error" },
{ SAR_HashObjErr, "Hash object error" },
{ SAR_HashErr, "Hash error" },
{ SAR_GenRsaKeyErr, "Generate RSA key error" },
{ SAR_RsaModulusLenErr, "RSA modulus length error" },
{ SAR_CspImportPubKeyErr,"CSP import public key error" },
{ SAR_RsaEncErr, "RSA encryption error" },
{ SAR_RsaDecErr, "RSA decryption error" },
{ SAR_HashNotEqualErr, "Hash not equal error" },
{ SAR_KeyNotFoundErr, "Key not found error" },
{ SAR_CertNotFoundErr, "Certificate not found error" },
{ SAR_NotExportErr, "Non-exportable error" },
{ SAR_CertRevokedErr, "Certificate revoked error" },
{ SAR_CertNotYetValidErr,"Certificate not yet valid error" },
{ SAR_CerthashExpiredErr,"Certificate hash expirted error" },
{ SAR_CertVerifyErr, "Certificate verification error" },
{ SAR_CertEncodeErr, "Certificate encoding error" },
{ SAR_DecryptPadErr, "Decryption padding error" },
{ SAR_MacLenErr, "MAC length error" },
{ SAR_KeyInfoTypeErr, "Key information type error" },
{ SAR_NotLogin, "Not login" },
};
const char *SAF_GetErrorString(int err)
{
int i;
for (i = 0; i < OSSL_NELEM(saf_errstr); i++) {
if (err == saf_errstr[i].error) {
return saf_errstr[i].string;
}
}
return "(undef)";
}

258
crypto/saf/saf_hash.c
View File

@@ -1,258 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.12 */
int SAF_CreateHashObj(void **phHashObj,
unsigned int uiAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucID,
unsigned int uiIDLen)
{
int ret = SAR_UnknownErr;
const EVP_MD *md;
EVP_MD_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
if (!phHashObj) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(md = EVP_get_digestbysgd(uiAlgoType))) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (!(ctx = EVP_MD_CTX_new())) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_MALLOC_FAILURE);
goto end;
}
/* limitation of the SAF hashing:
* can not specify an engine, only use the default implementation
*/
if (!EVP_DigestInit_ex(ctx, md, NULL)) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB);
goto end;
}
if (pucPublicKey) {
unsigned char dgst[EVP_MAX_MD_SIZE];
size_t dgstlen = sizeof(dgst);
if (!pucID) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
ret = SAR_IndataErr;
goto end;
}
if (uiIDLen <= 0 || uiIDLen > SM2_MAX_ID_LENGTH
|| strlen((char *)pucID) != uiIDLen
|| uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_INPUT_LENGTH);
ret = SAR_IndataLenErr;
goto end;
}
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_PUBLIC_KEY);
ret = SAR_IndataErr;
goto end;
}
if (!SM2_compute_id_digest(md, (char *)pucID, uiIDLen, dgst, &dgstlen,
EVP_PKEY_get0_EC_KEY(pkey))) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestUpdate(ctx, dgst, dgstlen)) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB);
goto end;
}
}
*phHashObj = ctx;
ctx = NULL;
ret = SAR_Ok;
end:
if (ret != SAR_Ok) {
*phHashObj = NULL;
}
EVP_MD_CTX_free(ctx);
EVP_PKEY_free(pkey);
return ret;
}
/* 7.3.13 */
int SAF_DestroyHashObj(
void *phHashObj)
{
if (!phHashObj) {
SAFerr(SAF_F_SAF_DESTROYHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
EVP_MD_CTX_free((EVP_MD_CTX *)phHashObj);
return SAR_Ok;
}
/* 7.3.14 */
int SAF_HashUpdate(
void *phHashObj,
const unsigned char *pucInData,
unsigned int uiInDataLen)
{
if (!phHashObj || pucInData) {
SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_HASHUPDATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, uiInDataLen)) {
SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_EVP_LIB);
return SAR_HashErr;
}
return SAR_Ok;
}
/* 7.3.15 */
int SAF_HashFinal(void *phHashObj,
unsigned char *pucOutData,
unsigned int *uiOutDataLen)
{
if (!phHashObj || !pucOutData || !uiOutDataLen) {
SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*uiOutDataLen < EVP_MAX_MD_SIZE) {
SAFerr(SAF_F_SAF_HASHFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!EVP_DigestFinal_ex((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) {
SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_EVP_LIB);
return SAR_HashErr;
}
return SAR_Ok;
}
/* 7.3.11 */
int SAF_Hash(
unsigned int uiAlgoType,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pubID,
unsigned int uiIDLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret;
void *hHashObj = NULL;
if ((ret = SAF_CreateHashObj(
&hHashObj,
uiAlgoType,
pucPublicKey,
uiPublicKeyLen,
pubID,
uiIDLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
return ret;
}
if ((ret = SAF_HashUpdate(
hHashObj,
pucInData,
uiInDataLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
goto err;
}
if ((ret = SAF_HashFinal(
hHashObj,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
goto err;
}
if ((ret = SAF_DestroyHashObj(
hHashObj)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
return ret;
}
return SAR_Ok;
err:
/* keep the first error */
(void)SAF_DestroyHashObj(hHashObj);
return ret;
}

229
crypto/saf/saf_keyhandle.c
View File

@@ -1,229 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <limits.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include <openssl/crypto.h>
#include "saf_lcl.h"
/* 7.3.31 */
int SAF_GenerateKeyWithEPK(
void *hSymmKeyObj,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int *puiSymmKeyLen,
void **phKeyHandle)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
const EVP_CIPHER *cipher;
unsigned char keybuf[32];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pkctx = NULL;
size_t outlen;
if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey
|| !puiSymmKeyLen || !phKeyHandle) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
outlen = (size_t)*puiSymmKeyLen;
if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID, 0)) //fixme: feedbitlen
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|| !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
|| !EVP_PKEY_encrypt_init(pkctx)
|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE);
goto end;
}
// init EVP_CIPHER_CTX
if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE);
goto end;
}
*puiSymmKeyLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pkctx);
return ret;
}
/*
65 typedef struct {
66 SAF_APP *app;
67 unsigned char *pucContainerName;
68 unsigned int uiContainerLen;
69 unsigned char *pucIV;
70 unsigned int uiIVLen;
71 unsigned int uiEncOrDec;
72 unsigned int uiCryptoAlgID;
73 } SAF_SYMMKEYOBJ;
74
75 typedef struct {
76 SAF_SYMMKEYOBJ *hSymmKeyObj;
77 unsigned char key[64];
78 int keylen;
79 EVP_CIPHER_CTX *cipher_ctx;
80 CMAC_CTX *cmac_ctx;
81 } SAF_KEY;
*/
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *hSymmKeyObj)
{
SAF_KEY *ret = NULL;
SAF_KEY *key = NULL;
if (!(key = OPENSSL_zalloc(sizeof(*key)))
|| !(key->hSymmKeyObj = SAF_SYMMKEYOBJ_dup(hSymmKeyObj))) {
SAFerr(SAF_F_SAF_KEY_NEW, ERR_R_MALLOC_FAILURE);
goto end;
}
ret = key;
key = NULL;
end:
SAF_KEY_free(key);
return ret;
}
void SAF_KEY_free(SAF_KEY *key)
{
if (key) {
SAF_SYMMKEYOBJ_free(key->hSymmKeyObj);
}
OPENSSL_clear_free(key, sizeof(*key));
}
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a)
{
SAF_SYMMKEYOBJ *ret = NULL;
SAF_SYMMKEYOBJ *obj = NULL;
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))
|| !(obj->pucContainerName = OPENSSL_memdup(a->pucContainerName, a->uiContainerLen))
|| !(obj->pucIV = OPENSSL_memdup(a->pucIV, a->uiIVLen))) {
SAFerr(SAF_F_SAF_SYMMKEYOBJ_DUP, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->uiContainerLen = a->uiContainerLen;
obj->uiIVLen = a->uiIVLen;
obj->uiEncOrDec = a->uiEncOrDec;
obj->uiCryptoAlgID = a->uiCryptoAlgID;
ret = obj;
obj = NULL;
end:
SAF_SYMMKEYOBJ_free(obj);
return ret;
}
void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *obj)
{
if (obj) {
OPENSSL_free(obj->pucContainerName);
OPENSSL_free(obj->pucIV);
OPENSSL_free(obj);
}
}
/* 7.3.32 */
int SAF_ImportEncedKey(
void *hSymmKeyObj,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
void **phKeyHandle)
{
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *hobj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
char key_id[1024];
/*
snprintf(key_id, sizeof(key_id), "%s.enc", hobj->pucContainerName);
*/
if (!(pkey = ENGINE_load_private_key(hobj->app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, hobj->app->engine))
|| EVP_PKEY_decrypt_init(pctx) <= 0
|| EVP_PKEY_decrypt(pctx, hkey->key, &hkey->keylen, pucSymmKey, uiSymmKeyLen) <= 0) {
goto end;
}
end:
return 0;
}
/* 7.3.37 */
int SAF_DestroyKeyHandle(
void *hKeyHandle)
{
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
OPENSSL_clear_free(hkey, hkey->keylen);
return SAR_OK;
}

95
crypto/saf/saf_lcl.h
View File

@@ -1,95 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsdf.h>
#include <openssl/gmsaf.h>
#include <openssl/engine.h>
#include <openssl/err.h>
typedef struct saf_app_st {
ENGINE *engine;
char *rootcacerts;
char *cacerts;
} SAF_APP;
typedef struct {
EVP_ENCODE_CTX *ctx;
int inited;
} SAF_BASE64OBJ;
typedef struct {
SAF_APP *app;
unsigned char *pucContainerName;
unsigned int uiContainerLen;
unsigned char *pucIV;
unsigned int uiIVLen;
unsigned int uiEncOrDec;
unsigned int uiCryptoAlgID;
} SAF_SYMMKEYOBJ;
typedef struct {
SAF_SYMMKEYOBJ *hSymmKeyObj;
unsigned char key[64];
size_t keylen;
EVP_CIPHER_CTX *cipher_ctx;
CMAC_CTX *cmac_ctx;
} SAF_KEY;
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *obj);
void SAF_KEY_free(SAF_KEY *key);
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a);
void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *a);
EVP_PKEY *SAF_load_private_key(SAF_APP *app, const char *container, int flags);
EVP_PKEY *SAF_load_public_key(SAF_APP *app, const char *container, int flags);

121
crypto/saf/saf_lib.c
View File

@@ -1,121 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
EVP_PKEY *SAF_load_private_key(SAF_APP *app, const char *container, int flags)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[1024];
if (!app->engine) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_INVALID_APP);
return NULL;
}
/*
snprintf(key_id, sizeof(key_id), "%s.%s", container,
((flags & EVP_PKT_SIGN) ? "sign" : "enc"));
*/
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_LOAD_PRIVATE_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_base_id(pkey) !=
((flags & EVP_PK_EC) ? EVP_PKEY_EC : EVP_PKEY_RSA)) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_INVALID_PKEY_TYPE);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}
EVP_PKEY *SAF_load_public_key(SAF_APP *app, const char *container, int flags)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[1024];
if (!app->engine) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_INVALID_APP);
return NULL;
}
/*
snprintf(key_id, sizeof(key_id), "%s.%s", container,
((flags & EVP_PKT_SIGN) ? "sign" : "enc"));
*/
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_LOAD_PUBLIC_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_base_id(pkey) !=
((flags & EVP_PK_EC) ? EVP_PKEY_EC : EVP_PKEY_RSA)) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_INVALID_PKEY_TYPE);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}

167
crypto/saf/saf_mac.c
View File

@@ -1,167 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.45 */
int SAF_MacUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
if (!hKeyHandle || !pucInData) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cmac_ctx) {
const EVP_CIPHER *cipher;
//Fixme: feedbitlen
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cmac_ctx = CMAC_CTX_new())) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, cipher,
hkey->hSymmKeyObj->app->engine)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
goto end;
}
}
if (!CMAC_Update(hkey->cmac_ctx, pucInData, uiInDataLen)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
return SAR_UnknownErr;
}
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cmac_ctx) {
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
}
return ret;
}
/* 7.3.46 */
int SAF_MacFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
size_t outlen = *puiOutDataLen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_MACFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen < EVP_MAX_MD_SIZE) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!hkey->cmac_ctx) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_OPERATION_NOT_INITIALIZED);
return SAR_UnknownErr;
}
if (!CMAC_Final(hkey->cmac_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
return ret;
}
/* 7.4.44 */
int SAF_Mac(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret;
if ((ret = SAF_MacUpdate(hKeyHandle, pucInData, uiInDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_MacFinal(hKeyHandle, pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
return SAR_OK;
}

634
crypto/saf/saf_pkcs7.c
View File

@@ -1,634 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/pkcs7.h>
#include <openssl/gmapi.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.4.2 */
int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.3 */
int SAF_Pkcs7_DecodeData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerP7Data,
unsigned int uiDerP7DataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithm)
{
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.4 */
int SAF_Pkcs7_EncodeSignedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *data = NULL;
int len;
if (!hAppHandle || !pucSignContainerName || !pucSignerCertificate
|| !pucData || !pucDerP7Data || !puiDerP7DataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiSignContainerNameLen <= 0 || uiSignContainerNameLen > INT_MAX
|| strlen((char *)pucSignContainerName) != uiSignContainerNameLen
|| uiSignerCertificateLen <= 0 || uiSignerCertificateLen > INT_MAX
|| uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_load_private_key(app, (char *)pucSignContainerName,
EVP_PK_EC|EVP_PKT_SIGN))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_LOAD_KEY_FAILURE);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucSignerCertificate,
uiSignerCertificateLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
if (!(data = BIO_new_mem_buf(pucData, uiDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_BIO_LIB);
goto end;
}
if (!(p7 = PKCS7_sign(x509, pkey, NULL, data, PKCS7_BINARY))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7Data)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
*puiDerP7DataLen = len;
ret = SAR_Ok;
end:
PKCS7_free(p7);
X509_free(x509);
BIO_free(data);
return ret;
}
/* 7.4.5 */
int SAF_Pkcs7_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerP7SignedData,
unsigned int uiDerP7SignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSig,
unsigned int *puiSigLen)
{
int ret = SAR_UnknownErr;
#if 0
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7signed;
X509 *x509 = NULL;
PKCS7_SIGNER_INFO *signer_info;
X509_ALGOR *algor;
BIO *bio = NULL;
if (!hAppHandle || !pucDerP7SignedData || !puiDigestAlgorithm
|| !puiSignerCertificateLen || !puiDataLen || !puiSigLen) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDerP7SignedDataLen <= 0 || uiDerP7SignedDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(p7 = d2i_PKCS7(NULL, (const unsigned char **)&pucDerP7SignedData,
uiDerP7SignedDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (!(bio = BIO_new(BIO_s_mem()))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!PKCS7_type_is_signed(p7)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_TYPE);
goto end;
}
if (!PKCS7_verify(p7, NULL, NULL, NULL, bio, 0)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_PKCS7_VERIFY_FAILURE);
goto end;
}
if (!(p7signed = p7->d.sign)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
/* get digest algor */
if (sk_X509_ALGOR_num(p7signed->md_algs) != 1
|| !(algor = sk_X509_ALGOR_value(p7signed->md_algs, 0))
|| (*puiDigestAlgorithm = EVP_MD_sgd(EVP_get_digestbyobj(algor->algorithm))) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
/* get signer's certificate */
if (sk_X509_ALGOR_num(p7signed->cert) != 1
|| !(x509 = sk_X509_ALGOR_value(p7signed->cert, 0))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if ((len = i2d_X509(x509, NULL)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
if (*puiSignerCertificateLen < len) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
if ((len = i2d_X509(x509, &pucSignerCertficate)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
*puiSignerCertificateLen = len;
/* get data */
if (!(p7signed->contents)
|| !PKCS7_type_is_data(p7signed->contents)
|| !(data = p7signed->contents->d.data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (*puiDataLen < ASN1_STRING_length(data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
memcpy(pucData, ASN1_STRING_get0_data(data), ASN1_STRING_length(data));
*puiDataLen = ASN1_STRING_length(data);
/* get signature */
if (sk_SIGNER_INFO_num(p7signed->signer_info) <= 0
|| !(signer_info = sk_SIGNER_INFO_value(p7signed->signer_info, 0))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (*puiSigLen < ASN1_STRING_length(signer_info->enc_digest)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
memcpy(pucSig, ASN1_STRING_get0_data(signer_info->enc_digest),
ASN1_STRING_length(signer_info->enc_digest));
*puiSigLen = ASN1_STRING_length(signer_info->enc_digest);
ret = SAR_Ok;
end:
PKCS7_free(p7);
X509_free(x509);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.6 */
int SAF_Pkcs7_EncodeEnvelopedData(
void *hAppHandle,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucDerP7EnvelopedData,
unsigned int *puiDerP7EnvelopedDataLen)
{
int ret = SAR_UnknownErr;
#if 0
PKCS7 *p7 = NULL;
X509 *x509 = NULL;
STACK_OF(X509) *certs = NULL;
BIO *bio = NULL;
const EVP_CIPHER *cipher;
int len;
/* check arguments */
if (!hAppHandle || !pucData || !pucEncCertificate || !puiDerP7EnvelopedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDataLen <= 0 || uiDataLen > INT_MAX
|| uiEncCertificateLen <= 0 || uiEncCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(cipher = EVP_get_cipherbysgd(uiSymmAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_UNSUPPORTED_ALGOR);
return SAR_AlgoTypeErr;
}
/* process */
if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))
|| !(certs = sk_X509_new_null())
|| !(x509 = X509_new())) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!d2i_X509(&x509, &pucEncCertificate, (long)uiEncCertificateLen)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_CERTIFICATE);
ret = SAR_CertEncodeErr;
goto end;
}
sk_X509_push(certs, x509);
x509 = NULL;
if (!(p7 = PKCS7_encrypt(certs, bio, cipher, PKCS7_BINARY))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if ((len = i2d_PKCS7(p7, NULL)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (!pucDerP7EnvelopedData) {
*puiDerP7EnvelopedDataLen = (unsigned int)len;
ret = SAR_Ok;
goto end;
}
if (*puiDerP7EnvelopedDataLen < (unsigned int)len) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
len = i2d_PKCS7(p7, pucDerP7EnvelopedData);
*puiDerP7EnvelopedDataLen = (unsigned int)len;
ret = SAR_OK;
end:
PKCS7_free(p7);
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.7 */
int SAF_Pkcs7_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerP7EnvelopedData,
unsigned int uiDerP7EnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
BUF_MEM *buf = NULL;
if (!hAppHandle || !pucDecContainerName || !pucDerP7EnvelopedData || !pucData)
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDecContainerNameLen <= 0 || uiDecContainerNameLen > INT_MAX
|| uiDerP7EnvelopedDataLen <= 0 || uiDerP7EnvelopedDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!pucData) {
*puiDataLen = uiDerP7EnvelopedDataLen;
return SAR_Ok;
} else if (*puiDataLen <= 0 || *puiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_load_private_key(app, (char *)pucDecContainerName,
EVP_PK_EC|EVP_PKT_ENC))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_LOAd_PUBLIC_KEY_FAILURE);
goto end;
}
if (!(x509 = SAF_LoadCertificate(app, pucDecContainerName,
uiDecContainerNameLen, SGD_PK_ENC))) {
goto end;
}
if (!(bio = BIO_new(BIO_s_membuf()))) {
goto end;
}
if (!PKCS7_decrypt(p7, pkey, x509, bio, 0)) {
goto end;
}
if (!BIO_get_mem_buf(bio, &buf)) {
goto end;
}
memcpy(pucData, buf->data, buf->length);
*puiDataLen = buf->length;
ret = SAR_Ok;
end:
PKCS7_free(p7);
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.8 */
int SAF_Pkcs7_EncodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7DigestedData,
unsigned int *puiDerP7DigestedDataLen)
{
int ret = SAR_UnknownErr;
const EVP_MD *md;
PKCS7 *p7 = NULL;
BIO *p7bio = NULL;
int len;
if (!hAppHandle || !pucData || !pucDerP7DigestedData
|| !puiDerP7DigestedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
if (!(p7 = PKCS7_new())
|| !PKCS7_set_type(p7, NID_pkcs7_digest)
|| !PKCS7_set_digest(p7, md)
|| !PKCS7_content_new(p7, NID_pkcs7_data)
|| !(p7bio = PKCS7_dataInit(p7, NULL))
|| BIO_write(p7bio, pucData, (int)uiDataLen) != uiDataLen
|| !PKCS7_dataFinal(p7, p7bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DigestedDataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7DigestedData)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
ret = SAR_Ok;
end:
PKCS7_free(p7);
BIO_free(p7bio);
return ret;
}
/* 7.4.9 */
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned char *pucDerP7DigestedData,
unsigned int uiDerP7DigestedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucDigest,
unsigned int *puiDigestLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
PKCS7_DIGEST *p7dgst;
ASN1_OCTET_STRING *data;
if (!hAppHandle || !puiDigestAlgorithm || !puiDataLen || !puiDigestLen) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!pucData) {
*puiDataLen = uiDerP7DigestedDataLen;
return SAR_Ok;
}
if (!pucDigest) {
*puiDigestLen = EVP_MAX_MD_SIZE;
return SAR_Ok;
}
if (uiDerP7DigestedDataLen <= 0 || uiDerP7DigestedDataLen > INT_MAX
|| *puiDataLen <= 0 || *puiDataLen > INT_MAX
|| *puiDigestLen <= 0 || *puiDigestLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(p7 = d2i_PKCS7(NULL, (const unsigned char **)&pucDerP7DigestedData,
uiDerP7DigestedDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7);
ret = SAR_IndataErr;
goto end;
}
if (!PKCS7_type_is_digest(p7)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_TYPE);
ret = SAR_IndataErr;
goto end;
}
p7dgst = p7->d.digest;
/* output digset algor */
//EVP_MD_sgd
#if 0
if ((*puiDigestAlgorithm = EVP_MD_sgd(
EVP_get_digestbyobj(p7dgst->md->algorithm))) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_UNSUPPORTED_DIGEST_ALGOR);
ret = SAR_IndataErr;
goto end;
}
#endif
/* output digested data */
if (!PKCS7_type_is_data(p7dgst->contents)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (!(data = p7dgst->contents->d.data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDataLen < ASN1_STRING_length(data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucData, ASN1_STRING_get0_data(data), ASN1_STRING_length(data));
*puiDataLen = ASN1_STRING_length(data);
/* output digest */
if (!p7dgst->digest) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDigestLen < ASN1_STRING_length(p7dgst->digest)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucDigest, ASN1_STRING_get0_data(p7dgst->digest), ASN1_STRING_length(p7dgst->digest));
*puiDigestLen = ASN1_STRING_length(p7dgst->digest);
ret = SAR_Ok;
end:
PKCS7_free(p7);
return ret;
}

79
crypto/saf/saf_rand.c
View File

@@ -1,79 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.10 */
int SAF_GenRandom(
unsigned int uiRandLen,
unsigned char *pucRand)
{
if (uiRandLen <= 0 || uiRandLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!pucRand) {
SAFerr(SAF_F_SAF_GENRANDOM, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!RAND_bytes(pucRand, (int)uiRandLen)) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE);
return SAR_GenRandErr;
}
return SAR_OK;
}

279
crypto/saf/saf_rsa.c
View File

@@ -1,279 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.16 */
int SAF_GenRsaKeyPair(void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, app->engine))
|| EVP_PKEY_keygen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, uiKeyBits) <= 0
|| EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SAFerr(SAF_F_SAF_GENRSAKEYPAIR, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_free(pkey);
#endif
return ret;
}
/* 7.3.17 */
int SAF_GetRsaPublicKey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
EVP_PKEY *pkey = NULL;
char key_id[1024];
int len;
snprintf(key_id, sizeof(key_id), "%s.%s", (char *)pucContainerName,
SGD_GetKeyUsageName(uiKeyUsage));
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if ((len = i2d_PUBKEY(pkey, &pucPublicKey)) <= 0) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_X509_LIB);
goto end;
}
*puiPublicKeyLen = (unsigned int)len;
/* set return value */
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
#endif
return ret;
}
/* 7.3.18 */
int SAF_RsaSign(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
char key_id[1024];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t siglen;
snprintf(key_id, sizeof(key_id), "%s.sign", (char *)pucContainerName);
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, app->engine))
|| EVP_PKEY_sign_init(pctx) <= 0
|| EVP_PKEY_sign(pctx, pucSignData, &siglen, pucInData, (size_t)uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_RSASIGN, ERR_R_EVP_LIB);
goto end;
}
*puiSignDataLen = (unsigned int)siglen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
#endif
return ret;
}
/* 7.3.19 */
int SAF_RsaSignFile(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
return SAR_OK;
}
/* 7.3.20 */
int SAF_RsaVerifySign(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
/* process */
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_verify_init(pctx) <= 0
|| EVP_PKEY_verify(pctx, pucSignData, uiSignDataLen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_RSAVERIFYSIGN, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
#endif
return ret;
}
/* 7.3.21 */
int SAF_RsaVerifySignFile(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
return SAR_OK;
}
/* 7.3.22 */
int SAF_VerifySignByCert(
unsigned int uiHashAlgoType,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
/* process */
X509 *x509 = NULL;
unsigned char pucPublicKey[1024];
unsigned int uiPublicKeyLen;
unsigned char *p = pucPublicKey;
int len;
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_VERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_VERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
uiPublicKeyLen = (unsigned int)len;
ret = SAF_RsaVerifySign(
pucPublicKey,
uiPublicKeyLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucSignData,
uiSignDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
#endif
return ret;
}

207
crypto/saf/saf_sm2.c
View File

@@ -1,207 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/gmapi.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.4.10 */
int SAF_SM2_EncodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int *puiDerSignedAndEnvelopedDataLen)
{
return SAF_Pkcs7_EncodeData(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen,
pucSignerCertificate,
uiSignerCertificateLen,
uiDigestAlgorithm,
pucEncCertificate,
uiEncCertificateLen,
uiSymmAlgorithm,
pucData,
uiDataLen,
pucDerSignedAndEnvelopedData,
puiDerSignedAndEnvelopedDataLen);
}
/* 7.4.11 */
int SAF_SM2_DecodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucDerContainerName,
unsigned int uiDerContainerNameLen,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int uiDerSignedAndEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithm)
{
return SAF_Pkcs7_DecodeData(
hAppHandle,
pucDerContainerName,
uiDerContainerNameLen,
pucDerSignedAndEnvelopedData,
uiDerSignedAndEnvelopedDataLen,
pucData,
puiDataLen,
pucSignerCertificate,
puiSignerCertificateLen,
puiDigestAlgorithm);
}
/* 7.4.12 */
int SAF_SM2_EncodeSignedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerSignedData,
unsigned int *puiDerSignedDataLen)
{
return SAF_Pkcs7_EncodeSignedData(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen,
uiSignKeyUsage,
pucSignerCertificate,
uiSignerCertificateLen,
uiDigestAlgorithm,
pucData,
uiDataLen,
pucDerSignedData,
puiDerSignedDataLen);
}
/* 7.4.13 */
int SAF_SM2_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerSignedData,
unsigned int uiDerSignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSign,
unsigned int *puiSignLen)
{
return SAF_Pkcs7_DecodeSignedData(
hAppHandle,
pucDerSignedData,
uiDerSignedDataLen,
puiDigestAlgorithm,
pucSignerCertificate,
puiSignerCertificateLen,
pucData,
puiDataLen,
pucSign,
puiSignLen);
}
/* 7.4.14 */
int SAF_SM2_EncodeEnvelopedData(
void *hAppHandle,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucDerEnvelopedData,
unsigned int *puiDerEnvelopedDataLen)
{
return SAF_Pkcs7_EncodeEnvelopedData(
hAppHandle,
pucData,
uiDataLen,
pucEncCertificate,
uiEncCertificateLen,
uiSymmAlgorithm,
pucDerEnvelopedData,
puiDerEnvelopedDataLen);
}
/* 7.4.15 */
int SAF_SM2_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerEnvelopedData,
unsigned int uiDerEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen)
{
return SAF_Pkcs7_DecodeEnvelopedData(
hAppHandle,
pucDecContainerName,
uiDecContainerNameLen,
pucDerEnvelopedData,
uiDerEnvelopedDataLen,
pucData,
puiDataLen);
}

117
crypto/saf/saf_symmkeyobj.c
View File

@@ -1,117 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <limits.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.30 */
int SAF_CreateSymmKeyObj(
void *hAppHandle,
void **phSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerLen,
unsigned char *pucIV,
unsigned int uiIVLen,
unsigned int uiEncOrDec,
unsigned int uiCryptoAlgID)
{
int ret = SAR_UnknownErr;
SAF_SYMMKEYOBJ *obj = NULL;
/* check arguments */
if (!hAppHandle || !phSymmKeyObj || !pucContainerName || !pucIV) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerLen <= 0 || uiContainerLen > 255 ||
uiIVLen > EVP_MAX_IV_LENGTH) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))
|| !(obj->pucContainerName = OPENSSL_memdup(pucContainerName, uiContainerLen))
|| !(obj->pucIV = OPENSSL_memdup(pucIV, uiIVLen))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->app = (SAF_APP *)hAppHandle;
obj->uiContainerLen = uiContainerLen;
obj->uiIVLen = uiIVLen;
obj->uiEncOrDec = uiEncOrDec;
obj->uiCryptoAlgID = uiCryptoAlgID;
/* set output */
*phSymmKeyObj = obj;
obj = NULL;
ret = SAR_OK;
end:
(void)SAF_DestroySymmAlgoObj(obj);
return ret;
}
/* 7.3.36 */
int SAF_DestroySymmAlgoObj(
void *hSymmKeyObj)
{
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
if (obj) {
OPENSSL_free(obj->pucContainerName);
OPENSSL_free(obj->pucIV);
OPENSSL_free(obj);
}
return SAR_OK;
}

4
crypto/sof/build.info
View File

@@ -1,4 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
sof_err.c \
sof_lib.c

95
crypto/sof/sof_err.c
View File

@@ -1,95 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gmsof.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SOF,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SOF,0,reason)
static ERR_STRING_DATA SOF_str_functs[] = {
{ERR_FUNC(SOF_F_SOF_CHANGEPASSWD), "SOF_ChangePassWd"},
{ERR_FUNC(SOF_F_SOF_CREATETIMESTAMPREQUEST),
"SOF_CreateTimeStampRequest"},
{ERR_FUNC(SOF_F_SOF_CREATETIMESTAMPRESPONSE),
"SOF_CreateTimeStampResponse"},
{ERR_FUNC(SOF_F_SOF_DECRYPTDATA), "SOF_DecryptData"},
{ERR_FUNC(SOF_F_SOF_DECRYPTFILE), "SOF_DecryptFile"},
{ERR_FUNC(SOF_F_SOF_DELCERTTRUSTLIST), "SOF_DelCertTrustList"},
{ERR_FUNC(SOF_F_SOF_ENCRYPTDATA), "SOF_EncryptData"},
{ERR_FUNC(SOF_F_SOF_ENCRYPTFILE), "SOF_EncryptFile"},
{ERR_FUNC(SOF_F_SOF_EXPORTEXCHANGEUSERCERT),
"SOF_ExportExchangeUserCert"},
{ERR_FUNC(SOF_F_SOF_EXPORTUSERCERT), "SOF_ExportUserCert"},
{ERR_FUNC(SOF_F_SOF_G), "SOF_GenRandom"},
{ERR_FUNC(SOF_F_SOF_GENRANDOM), "SOF_GenRandom"},
{ERR_FUNC(SOF_F_SOF_GETCERTINFO), "SOF_GetCertInfo"},
{ERR_FUNC(SOF_F_SOF_GETCERTINFOBYOID), "SOF_GetCertInfoByOid"},
{ERR_FUNC(SOF_F_SOF_GETCERTTRUSTLIST), "SOF_GetCertTrustList"},
{ERR_FUNC(SOF_F_SOF_GETCERTTRUSTLISTALTNAMES),
"SOF_GetCertTrustListAltNames"},
{ERR_FUNC(SOF_F_SOF_GETDEVICEINFO), "SOF_GetDeviceInfo"},
{ERR_FUNC(SOF_F_SOF_GETENCRYPTMETHOD), "SOF_GetEncryptMethod"},
{ERR_FUNC(SOF_F_SOF_GETINFOFROMSIGNEDMESSAGE),
"SOF_GetInfoFromSignedMessage"},
{ERR_FUNC(SOF_F_SOF_GETLASTERROR), "SOF_GetLastError"},
{ERR_FUNC(SOF_F_SOF_GETPINRETRYCOUNT), "SOF_GetPinRetryCount"},
{ERR_FUNC(SOF_F_SOF_GETSERVERCERTIFICATE), "SOF_GetServerCertificate"},
{ERR_FUNC(SOF_F_SOF_GETSIGNMETHOD), "SOF_GetSignMethod"},
{ERR_FUNC(SOF_F_SOF_GETTIMESTAMPINFO), "SOF_GetTimeStampInfo"},
{ERR_FUNC(SOF_F_SOF_GETUSERLIST), "SOF_GetUserList"},
{ERR_FUNC(SOF_F_SOF_GETVERSION), "SOF_GetVersion"},
{ERR_FUNC(SOF_F_SOF_GETXMLSIGNATUREINFO), "SOF_GetXMLSignatureInfo"},
{ERR_FUNC(SOF_F_SOF_INITCERTAPPPOLICY), "SOF_InitCertAppPolicy"},
{ERR_FUNC(SOF_F_SOF_LOGIN), "SOF_Login"},
{ERR_FUNC(SOF_F_SOF_SETCERTTRUSTLIST), "SOF_SetCertTrustList"},
{ERR_FUNC(SOF_F_SOF_SETENCRYPTMETHOD), "SOF_SetEncryptMethod"},
{ERR_FUNC(SOF_F_SOF_SETSIGNMETHOD), "SOF_SetSignMethod"},
{ERR_FUNC(SOF_F_SOF_SIGNDATA), "SOF_SignData"},
{ERR_FUNC(SOF_F_SOF_SIGNDATAXML), "SOF_SignDataXML"},
{ERR_FUNC(SOF_F_SOF_SIGNFILE), "SOF_SignFile"},
{ERR_FUNC(SOF_F_SOF_SIGNMESSAGE), "SOF_SignMessage"},
{ERR_FUNC(SOF_F_SOF_SIGNMESSAGEDETACH), "SOF_SignMessageDetach"},
{ERR_FUNC(SOF_F_SOF_VALIDATECERT), "SOF_ValidateCert"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDDATA), "SOF_VerifySignedData"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDDATAXML), "SOF_VerifySignedDataXML"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDFILE), "SOF_VerifySignedFile"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDMESSAGE), "SOF_VerifySignedMessage"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDMESSAGEDETACH),
"SOF_VerifySignedMessageDetach"},
{ERR_FUNC(SOF_F_SOF_VERIFYTIMESTAMP), "SOF_VerifyTimeStamp"},
{0, NULL}
};
static ERR_STRING_DATA SOF_str_reasons[] = {
{ERR_REASON(SOF_R_DECODE_FAILURE), "decode failure"},
{ERR_REASON(SOF_R_INVALID_CERT_ATTRIBUTE), "invalid cert attribute"},
{ERR_REASON(SOF_R_NOT_IMPLEMENTED), "not implemented"},
{ERR_REASON(SOF_R_READ_FILE_FAILURE), "read file failure"},
{0, NULL}
};
#endif
int ERR_load_SOF_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SOF_str_functs[0].error) == NULL) {
ERR_load_strings(0, SOF_str_functs);
ERR_load_strings(0, SOF_str_reasons);
}
#endif
return 1;
}

573
crypto/sof/sof_lib.c
View File

@@ -1,573 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/gmsaf.h>
#include <openssl/gmsof.h>
#include <openssl/crypto.h>
#include "../../e_os.h"
static SOF_LONG sof_sign_method = SGD_SM2;
static SOF_LONG sof_enc_method = SGD_SM4_CBC;
static SOF_LONG sof_last_error = SOR_OK;
static void *sof_app = NULL;
static int sof_user_type = SGD_ROLE_USER;
static int sof_read_file(const char *path, unsigned char **pdata,
unsigned int *pdatalen)
{
return 0;
}
static char *sof_encode(const unsigned char *bin, unsigned int binlen)
{
return NULL;
}
#if 0
static int sof_decode(const char *b64, unsigned char **pdata, unsigned int *pdatalen)
{
return 0;
}
#endif
SOF_BSTR SOF_GetVersion(void)
{
return OPENSSL_strdup(OpenSSL_version(0));
}
SOF_LONG SOF_SetSignMethod(SOF_LONG SignMethod)
{
sof_sign_method = SignMethod;
return SOR_OK;
}
SOF_LONG SOF_GetSignMethod(void)
{
return sof_sign_method;
}
SOF_LONG SOF_SetEncryptMethod(SOF_LONG EncryptMethod)
{
sof_enc_method = EncryptMethod;
return SOR_OK;
}
SOF_LONG SOF_GetEncryptMethod(void)
{
return sof_enc_method;
}
/* list installed client's certificates */
SOF_BSTR SOF_GetUserList(void)
{
SOFerr(SOF_F_SOF_GETUSERLIST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
/* we need an reference to engine */
SOF_BSTR SOF_ExportUserCert(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_EXPORTUSERCERT, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_Login(SOF_BSTR ContainerName, SOF_BSTR PassWd)
{
unsigned int uiRemainCount;
int rv;
if ((rv = SAF_Login(
sof_app,
sof_user_type,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
(unsigned char *)PassWd,
(unsigned int)strlen(PassWd),
&uiRemainCount)) != SAR_Ok) {
SOFerr(SOF_F_SOF_LOGIN, ERR_R_SAF_LIB);
return SGD_FALSE;
}
return SGD_TRUE;
}
SOF_LONG SOF_GetPinRetryCount(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_GETPINRETRYCOUNT, SOF_R_NOT_IMPLEMENTED);
return SOR_NotSupportYetErr;
}
SOF_BOOL SOF_ChangePassWd(SOF_BSTR ContainerName, SOF_BSTR OldPassWd, SOF_BSTR NewPassWd)
{
int rv;
unsigned int uiRemainCount;
if ((rv = SAF_ChangePin(
sof_app,
sof_user_type,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
(unsigned char *)OldPassWd,
(unsigned int)strlen(OldPassWd),
(unsigned char *)NewPassWd,
(unsigned int)strlen(NewPassWd),
&uiRemainCount)) != SAR_Ok) {
SOFerr(SOF_F_SOF_CHANGEPASSWD, ERR_R_SAF_LIB);
return SGD_FALSE;
}
return SGD_TRUE;
}
SOF_BSTR SOF_ExportExchangeUserCert(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_EXPORTEXCHANGEUSERCERT, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
/* `type` defined as SGD_CERT_XXX, SGD_EXT_XXX in sgd.h */
SOF_BSTR SOF_GetCertInfo(SOF_BSTR Base64EncodeCert, SOF_SHORT Type)
{
char *ret = NULL;
switch (Type) {
case SGD_CERT_VERSION:
case SGD_CERT_SERIAL:
case SGD_CERT_ISSUER:
case SGD_CERT_VALID_TIME:
case SGD_CERT_SUBJECT:
case SGD_CERT_DER_PUBLIC_KEY:
case SGD_CERT_DER_EXTENSIONS:
case SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO:
case SGD_EXT_SUBJECTKEYIDENTIFIER_INFO:
case SGD_EXT_KEYUSAGE_INFO:
case SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO:
case SGD_EXT_CERTIFICATEPOLICIES_INFO:
case SGD_EXT_POLICYMAPPINGS_INFO:
case SGD_EXT_BASICCONSTRAINTS_INFO:
case SGD_EXT_POLICYCONSTRAINTS_INFO:
case SGD_EXT_EXTKEYUSAGE_INFO:
case SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO:
case SGD_EXT_NETSCAPE_CERT_TYPE_INFO:
case SGD_EXT_SELFDEFINED_EXTENSION_INFO:
case SGD_CERT_ISSUER_CN:
case SGD_CERT_ISSUER_O:
case SGD_CERT_ISSUER_OU:
case SGD_CERT_SUBJECT_CN:
case SGD_CERT_SUBJECT_O:
case SGD_CERT_SUBJECT_OU:
case SGD_CERT_SUBJECT_EMAIL:
case SGD_CERT_NOTBEFORE_TIME:
case SGD_CERT_NOTAFTER_TIME:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED);
goto end;
default:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_INVALID_CERT_ATTRIBUTE);
goto end;
}
end:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED);
return ret;
}
SOF_BSTR SOF_GetCertInfoByOid(SOF_BSTR Base64EncodeCert, SOF_BSTR Oid)
{
SOFerr(SOF_F_SOF_GETCERTINFOBYOID, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GetDeviceInfo(SOF_BSTR ContainerName, SOF_LONG Type)
{
SOFerr(SOF_F_SOF_GETDEVICEINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_ValidateCert(SOF_BSTR Base64EncodeCert)
{
SOFerr(SOF_F_SOF_VALIDATECERT, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_SignData(SOF_BSTR ContainerName, SOF_BSTR InData)
{
char *ret = NULL;
char *b64 = NULL;
unsigned int uiHashAlgoType = SGD_SM3;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen = strlen(InData) + 128;
unsigned char pucSignature[256];
unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature);
int rv;
if (!(pucInData = OPENSSL_malloc(uiInDataLen))) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (SAF_Base64_Decode((unsigned char *)InData, (unsigned int)strlen(InData),
pucInData, &uiInDataLen) != SOR_OK) {
SOFerr(SOF_F_SOF_SIGNDATA, SOF_R_DECODE_FAILURE);
goto end;
}
if (SOF_GetSignMethod() == SGD_SM2) {
if ((rv = SAF_RsaSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_SAF_LIB);
goto end;
}
} else {
if ((rv = SAF_EccSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_SAF_LIB);
goto end;
}
}
ret = SOR_OK;
end:
OPENSSL_free(b64);
OPENSSL_free(pucInData);
return ret;
}
SOF_BOOL SOF_VerifySignedData(SOF_BSTR Base64EncodeCert, SOF_BSTR InData, SOF_BSTR SignValue)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDDATA, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_SignFile(SOF_BSTR ContainerName, SOF_BSTR InFile)
{
SOF_BSTR ret = NULL;
char *b64 = NULL;
unsigned int uiHashAlgoType = SGD_SM3;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
unsigned char pucSignature[256];
unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature);
int rv;
if (!sof_read_file(InFile, &pucInData, &uiInDataLen)) {
SOFerr(SOF_F_SOF_SIGNFILE, SOF_R_READ_FILE_FAILURE);
return NULL;
}
if ((rv = SAF_EccSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNFILE, ERR_R_SAF_LIB);
goto end;
}
if (!(b64 = sof_encode(pucSignature, uiSignatureLen))) {
SOFerr(SOF_F_SOF_SIGNFILE, ERR_R_SOF_LIB);
goto end;
}
ret = b64;
b64 = NULL;
end:
OPENSSL_free(b64);
OPENSSL_free(pucInData);
return ret;
}
SOF_BOOL SOF_VerifySignedFile(SOF_BSTR Base64EncodeCert, SOF_BSTR InFile, SOF_BSTR SignValue)
{
return SGD_FALSE;
}
SOF_BSTR SOF_EncryptData(SOF_BSTR Base64EncodeCert, SOF_BSTR InData)
{
#if 0
char *ret = NULL;
unsigned char *pucCertificate = NULL;
unsigned int uiCertificateLen;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
int rv;
if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK
|| SOF_Decode(InData, &pucInData, &uiInDataLen) != SOR_OK
|| (rv = SAF_EccPublicKeyEncByCert(
pucCertificate,
uiCertificateLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
}
#endif
return NULL;
}
SOF_BSTR SOF_DecryptData(SOF_BSTR ContainerName, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_DECRYPTDATA, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_EncryptFile(SOF_BSTR Base64EncodeCert, SOF_BSTR InFile, SOF_BSTR OutFile)
{
int ret = SGD_FALSE;
#if 0
unsigned char *pucCertificate = NULL;
unsigned int uiCertificateLen;
int rv;
if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK) {
SOFerr(SOF_F_SOF_ENCRYPTFILE, SOF_R_DECODE_FAILURE);
goto end;
}
if ((rv = SAF_EccPublicKeyEncByCert(
pucCertificate,
uiCertificateLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_ENCRYPTFILE, ERR_R_SAF_LIB);
goto end;
}
ret = SGD_TRUE;
end:
OPENSSL_free(pucCertificate);
#endif
return ret;
}
SOF_BOOL SOF_DecryptFile(SOF_BSTR ContainerName, SOF_BSTR InFile, SOF_BSTR OutFile)
{
int ret = SGD_FALSE;
return ret;
}
SOF_BSTR SOF_SignMessage(SOF_SHORT flag, SOF_BSTR ContainerName, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_SIGNMESSAGE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_VerifySignedMessage(SOF_BSTR MessageData, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDMESSAGE, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetInfoFromSignedMessage(SOF_BSTR SignedMessage, SOF_SHORT Type)
{
SOFerr(SOF_F_SOF_GETINFOFROMSIGNEDMESSAGE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_SignDataXML(SOF_BSTR ContainerName, SOF_BSTR InData)
{
return NULL;
}
SOF_BOOL SOF_VerifySignedDataXML(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDDATAXML, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetXMLSignatureInfo(SOF_BSTR XMLSignedData, SOF_SHORT Type)
{
SOFerr(SOF_F_SOF_GETXMLSIGNATUREINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GenRandom(SOF_SHORT RandomLen)
{
char *ret = NULL;
char *b64 = NULL;
unsigned char *bin = NULL;
int rv;
if (!(bin = OPENSSL_malloc(RandomLen))
|| (rv = SAF_GenRandom(RandomLen, bin)) != SAR_Ok
|| !(b64 = sof_encode(bin, RandomLen))) {
SOFerr(SOF_F_SOF_GENRANDOM, ERR_R_SOF_LIB);
goto end;
}
end:
OPENSSL_free(bin);
OPENSSL_free(b64);
return ret;
}
SOF_LONG SOF_GetLastError(void)
{
return sof_last_error;
}
SOF_LONG SOF_SetCertTrustList(SOF_BSTR CTLAltName, SOF_BSTR CTLContent, SOF_SHORT CTLContentLen)
{
SOFerr(SOF_F_SOF_SETCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetCertTrustListAltNames(void)
{
SOFerr(SOF_F_SOF_GETCERTTRUSTLISTALTNAMES, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GetCertTrustList(SOF_BSTR CTLAltName)
{
SOFerr(SOF_F_SOF_GETCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_DelCertTrustList(SOF_BSTR CTLAltName)
{
SOFerr(SOF_F_SOF_DELCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_LONG SOF_InitCertAppPolicy(SOF_BSTR PolicyName)
{
SOFerr(SOF_F_SOF_INITCERTAPPPOLICY, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetServerCertificate(SOF_SHORT CertUsage)
{
SOFerr(SOF_F_SOF_GETSERVERCERTIFICATE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_SignMessageDetach(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_SIGNMESSAGEDETACH, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_VerifySignedMessageDetach(SOF_BSTR InData, SOF_BSTR SignedMessage)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDMESSAGEDETACH, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_CreateTimeStampRequest(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_CREATETIMESTAMPREQUEST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_CreateTimeStampResponse(SOF_BSTR TimeStampRequest)
{
SOFerr(SOF_F_SOF_CREATETIMESTAMPRESPONSE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_VerifyTimeStamp(SOF_BSTR InData, SOF_BSTR tsResponseData)
{
SOFerr(SOF_F_SOF_VERIFYTIMESTAMP, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetTimeStampInfo(SOF_BSTR tsResponseData, SOF_SHORT type)
{
SOFerr(SOF_F_SOF_GETTIMESTAMPINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
static ERR_STRING_DATA sof_errstr[] = {
{ SOR_OK, "Success" },
{ SOR_UnknownErr, "Unknown error" },
{ SOR_FileErr, "File error" },
{ SOR_ProviderTypeErr, "Provider type error" },
{ SOR_LoadProviderErr, "Load provider error" },
};
const char *SOF_GetErrorString(int err)
{
int i;
for (i = 0; i < OSSL_NELEM(sof_errstr); i++) {
if (err == sof_errstr[i].error) {
return sof_errstr[i].string;
}
}
return "(undef)";
}

6
include/openssl/err.h
View File

@@ -102,10 +102,8 @@ typedef struct err_state_st {
# define ERR_LIB_BFIBE 59
# define ERR_LIB_BB1IBE 60
# define ERR_LIB_SM9 61
# define ERR_LIB_SAF 62
# define ERR_LIB_SDF 63
# define ERR_LIB_SKF 64
# define ERR_LIB_SOF 65
# define ERR_LIB_SM2 66
# define ERR_LIB_BASE58 67
@@ -156,10 +154,8 @@ typedef struct err_state_st {
# define BB1IBEerr(f,r) ERR_PUT_error(ERR_LIB_BB1IBE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SM9err(f,r) ERR_PUT_error(ERR_LIB_SM9,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SAFerr(f,r) ERR_PUT_error(ERR_LIB_SAF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SDFerr(f,r) ERR_PUT_error(ERR_LIB_SDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SKFerr(f,r) ERR_PUT_error(ERR_LIB_SKF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define SOFerr(f,r) ERR_PUT_error(ERR_LIB_SOF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define BASE58err(f,r) ERR_PUT_error(ERR_LIB_BASE58,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define ERR_PACK(l,f,r) ( \
@@ -218,10 +214,8 @@ typedef struct err_state_st {
# define ERR_R_BB1IBE_LIB ERR_LIB_BB1IBE/* 60 */
# define ERR_R_SM2_LIB ERR_LIB_SM2/* 66 */
# define ERR_R_SM9_LIB ERR_LIB_SM9/* 61 */
# define ERR_R_SAF_LIB ERR_LIB_SAF/* 62 */
# define ERR_R_SDF_LIB ERR_LIB_SDF/* 63 */
# define ERR_R_SKF_LIB ERR_LIB_SKF/* 64 */
# define ERR_R_SOF_LIB ERR_LIB_SOF/* 65 */
# define ERR_R_BASE58_LIB ERR_LIB_BASE58/* 67 */
# define ERR_R_NESTED_ASN1_ERROR 58

2
include/openssl/gmapi.h
View File

@@ -67,10 +67,8 @@
#endif
#include <openssl/evp.h>
#include <openssl/sgd.h>
#include <openssl/saf.h>
#include <openssl/sdf.h>
#include <openssl/skf.h>
#include <openssl/sof.h>
#ifdef __cplusplus
extern "C" {

197
include/openssl/gmsaf.h
View File

@@ -1,197 +0,0 @@
/* ====================================================================
* Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_GMSAF_H
#define HEADER_GMSAF_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_SAF
#include <stdio.h>
#include <openssl/sgd.h>
#include <openssl/saf.h>
#define SAF_MAX_EC_CIPHERTEXT_LENGTH 136
#ifdef __cplusplus
extern "C" {
#endif
const char *SAF_GetErrorString(int err);
/* GmSSL Extension */
int SAF_EccSignFile(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int *puiSignatureLen);
int SAF_EccVerifySignFile(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int uiSignatureLen);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
int ERR_load_SAF_strings(void);
/* Error codes for the SAF functions. */
/* Function codes. */
# define SAF_F_SAF_ADDCACERTIFICATE 100
# define SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE 101
# define SAF_F_SAF_BASE64_CREATEBASE64OBJ 102
# define SAF_F_SAF_BASE64_DECODE 103
# define SAF_F_SAF_BASE64_DECODEFINAL 104
# define SAF_F_SAF_BASE64_DECODEUPDATE 105
# define SAF_F_SAF_BASE64_ENCODE 106
# define SAF_F_SAF_BASE64_ENCODEFINAL 107
# define SAF_F_SAF_BASE64_ENCODEUPDATE 108
# define SAF_F_SAF_CHANGEPIN 109
# define SAF_F_SAF_CREATEHASHOBJ 110
# define SAF_F_SAF_CREATESYMMKEYOBJ 111
# define SAF_F_SAF_DESTROYHASHOBJ 112
# define SAF_F_SAF_ECCPUBLICKEYENC 113
# define SAF_F_SAF_ECCPUBLICKEYENCBYCERT 114
# define SAF_F_SAF_ECCSIGN 115
# define SAF_F_SAF_ECCVERIFYSIGN 116
# define SAF_F_SAF_ECCVERIFYSIGNBYCERT 117
# define SAF_F_SAF_GENECCKEYPAIR 118
# define SAF_F_SAF_GENERATEKEYWITHEPK 119
# define SAF_F_SAF_GENRANDOM 120
# define SAF_F_SAF_GENRSAKEYPAIR 121
# define SAF_F_SAF_GETCACERTIFICATE 122
# define SAF_F_SAF_GETCACERTIFICATECOUNT 123
# define SAF_F_SAF_GETECCPUBLICKEY 124
# define SAF_F_SAF_GETROOTCACERTIFICATE 125
# define SAF_F_SAF_GETROOTCACERTIFICATECOUNT 126
# define SAF_F_SAF_GETRSAPUBLICKEY 127
# define SAF_F_SAF_GETVERSION 128
# define SAF_F_SAF_HASH 129
# define SAF_F_SAF_HASHFINAL 130
# define SAF_F_SAF_HASHUPDATE 131
# define SAF_F_SAF_INITIALIZE 132
# define SAF_F_SAF_KEY_NEW 133
# define SAF_F_SAF_LOAD_PRIVATE_KEY 151
# define SAF_F_SAF_LOAD_PUBLIC_KEY 152
# define SAF_F_SAF_LOGIN 134
# define SAF_F_SAF_LOGOUT 135
# define SAF_F_SAF_MACFINAL 136
# define SAF_F_SAF_MACUPDATE 137
# define SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA 153
# define SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA 154
# define SAF_F_SAF_PKCS7_DECODESIGNEDDATA 155
# define SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA 149
# define SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA 138
# define SAF_F_SAF_PKCS7_ENCODESIGNEDDATA 150
# define SAF_F_SAF_REMOVECACERTIFICATE 139
# define SAF_F_SAF_REMOVEROOTCACERTIFICATE 140
# define SAF_F_SAF_RSASIGN 141
# define SAF_F_SAF_RSAVERIFYSIGN 142
# define SAF_F_SAF_SYMMDECRYPTFINAL 143
# define SAF_F_SAF_SYMMDECRYPTUPDATE 144
# define SAF_F_SAF_SYMMENCRYPTFINAL 145
# define SAF_F_SAF_SYMMENCRYPTUPDATE 146
# define SAF_F_SAF_SYMMKEYOBJ_DUP 147
# define SAF_F_SAF_VERIFYSIGNBYCERT 148
/* Reason codes. */
# define SAF_R_BUFFER_TOO_SMALL 100
# define SAF_R_CMAC_FAILURE 101
# define SAF_R_DECRYPT_NOT_INITIALIZED 102
# define SAF_R_ENCRYPT_KEY_FAILURE 103
# define SAF_R_ENCRYPT_NOT_INITIALIED 104
# define SAF_R_GEN_RANDOM_FAILURE 105
# define SAF_R_INT_OVERFLOW 106
# define SAF_R_INVALID_ALGOR 107
# define SAF_R_INVALID_APP 124
# define SAF_R_INVALID_CERTIFICATE 108
# define SAF_R_INVALID_DIGEST_ALGOR 122
# define SAF_R_INVALID_HANDLE 109
# define SAF_R_INVALID_INDEX 110
# define SAF_R_INVALID_INPUT_LENGTH 111
# define SAF_R_INVALID_KEY_HANDLE 112
# define SAF_R_INVALID_KEY_LENGTH 113
# define SAF_R_INVALID_KEY_USAGE 114
# define SAF_R_INVALID_LENGTH 115
# define SAF_R_INVALID_PKCS7 125
# define SAF_R_INVALID_PKCS7_DATA 126
# define SAF_R_INVALID_PKCS7_TYPE 127
# define SAF_R_INVALID_PKEY_TYPE 128
# define SAF_R_INVALID_PUBLIC_KEY 116
# define SAF_R_LOA 132
# define SAF_R_LOAD_CERTS_FAILURE 117
# define SAF_R_LOAD_KEY_FAILURE 123
# define SAF_R_LOAD_PRIVATE_KEY_FAILURE 129
# define SAF_R_LOAD_PUBLIC_KEY_FAILURE 130
# define SAF_R_MAC_FAILURE 118
# define SAF_R_NOT_SUPPORTED 119
# define SAF_R_OPERATION_NOT_INITIALIZED 120
# define SAF_R_PKCS7_VERIFY_FAILURE 133
# define SAF_R_UNSUPPORTED_ALGOR 121
# define SAF_R_UNSUPPORTED_DIGEST_ALGOR 131
# ifdef __cplusplus
}
# endif
#endif
#endif

151
include/openssl/gmsof.h
View File

@@ -1,151 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_GMSOF_H
#define HEADER_GMSOF_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_SOF
#include <stdio.h>
#include <openssl/sgd.h>
#include <openssl/sof.h>
/* SOF_SignMessage Flag */
#define SOF_FLAG_SIG_WITH_MESSAGE 0
#define SOF_FLAG_SIG_WITHOUT_MESSAGE 1
/* SOF_GetInfoFromSignedMessage Type */
#define SOF_SIGNED_MESSAGE_MESSAGE 1
#define SOF_SIGNED_MESSAGE_CERT 2
#define SOF_SIGNED_MESSAGE_SIGNATURE 3
/* SOF_GetXMLSignatureInfo */
#define SOF_XML_TYPE_MESSAGE 1
#define SOF_XML_TYPE_DIGEST 2
#define SOF_XML_TYPE_SIGNATURE 3
#define SOF_XML_TYPE_CERTIFICATE 4
#define SOF_XML_TYPE_DIGEST_ALGOR 5
#define SOF_XML_TYPE_SIGN_ALGOR 6
#ifdef __cplusplus
extern "C" {
#endif
const char *SOF_GetErrorString(int err);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
int ERR_load_SOF_strings(void);
/* Error codes for the SOF functions. */
/* Function codes. */
# define SOF_F_SOF_CHANGEPASSWD 100
# define SOF_F_SOF_CREATETIMESTAMPREQUEST 101
# define SOF_F_SOF_CREATETIMESTAMPRESPONSE 102
# define SOF_F_SOF_DECRYPTDATA 103
# define SOF_F_SOF_DECRYPTFILE 104
# define SOF_F_SOF_DELCERTTRUSTLIST 105
# define SOF_F_SOF_ENCRYPTDATA 106
# define SOF_F_SOF_ENCRYPTFILE 107
# define SOF_F_SOF_EXPORTEXCHANGEUSERCERT 108
# define SOF_F_SOF_EXPORTUSERCERT 109
# define SOF_F_SOF_G 143
# define SOF_F_SOF_GENRANDOM 110
# define SOF_F_SOF_GETCERTINFO 111
# define SOF_F_SOF_GETCERTINFOBYOID 112
# define SOF_F_SOF_GETCERTTRUSTLIST 113
# define SOF_F_SOF_GETCERTTRUSTLISTALTNAMES 114
# define SOF_F_SOF_GETDEVICEINFO 115
# define SOF_F_SOF_GETENCRYPTMETHOD 116
# define SOF_F_SOF_GETINFOFROMSIGNEDMESSAGE 117
# define SOF_F_SOF_GETLASTERROR 118
# define SOF_F_SOF_GETPINRETRYCOUNT 119
# define SOF_F_SOF_GETSERVERCERTIFICATE 120
# define SOF_F_SOF_GETSIGNMETHOD 121
# define SOF_F_SOF_GETTIMESTAMPINFO 122
# define SOF_F_SOF_GETUSERLIST 123
# define SOF_F_SOF_GETVERSION 124
# define SOF_F_SOF_GETXMLSIGNATUREINFO 125
# define SOF_F_SOF_INITCERTAPPPOLICY 126
# define SOF_F_SOF_LOGIN 127
# define SOF_F_SOF_SETCERTTRUSTLIST 128
# define SOF_F_SOF_SETENCRYPTMETHOD 129
# define SOF_F_SOF_SETSIGNMETHOD 130
# define SOF_F_SOF_SIGNDATA 131
# define SOF_F_SOF_SIGNDATAXML 132
# define SOF_F_SOF_SIGNFILE 133
# define SOF_F_SOF_SIGNMESSAGE 134
# define SOF_F_SOF_SIGNMESSAGEDETACH 135
# define SOF_F_SOF_VALIDATECERT 136
# define SOF_F_SOF_VERIFYSIGNEDDATA 137
# define SOF_F_SOF_VERIFYSIGNEDDATAXML 138
# define SOF_F_SOF_VERIFYSIGNEDFILE 139
# define SOF_F_SOF_VERIFYSIGNEDMESSAGE 140
# define SOF_F_SOF_VERIFYSIGNEDMESSAGEDETACH 141
# define SOF_F_SOF_VERIFYTIMESTAMP 142
/* Reason codes. */
# define SOF_R_DECODE_FAILURE 101
# define SOF_R_INVALID_CERT_ATTRIBUTE 103
# define SOF_R_NOT_IMPLEMENTED 100
# define SOF_R_READ_FILE_FAILURE 102
# ifdef __cplusplus
}
# endif
#endif
#endif

779
include/openssl/saf.h
View File

@@ -1,779 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_SAF_H
#define HEADER_SAF_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_SAF
#include <openssl/sgd.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct SGD_USR_CERT_ENUMLIST_ {
unsigned int certCount;
unsigned char *certificate[SGD_MAX_COUNT];
unsigned int certificateLen[SGD_MAX_COUNT];
unsigned char *containerName[SGD_MAX_COUNT];
unsigned int containterNameLen[SGD_MAX_COUNT];
unsigned int keyUsage[SGD_MAX_COUNT];
} SGD_USR_CERT_ENUMLIST;
typedef struct SGD_KEYCONTAINERINFO_ENUMLIST_ {
unsigned int keyPairCount;
unsigned char *containerName[SGD_MAX_COUNT];
unsigned int conatinerNameLen[SGD_MAX_COUNT];
unsigned int keyUsage[SGD_MAX_COUNT];
unsigned int keyType[SGD_MAX_COUNT];
} SGD_KEYCONTAINERINFO_ENUMLIST;
typedef struct {
unsigned char dn_c[SGD_MAX_NAME_SIZE];
unsigned char dn_c_len[1];
unsigned char dn_s[SGD_MAX_NAME_SIZE];
unsigned char dn_s_len[1];
unsigned char dn_l[SGD_MAX_NAME_SIZE];
unsigned char dn_l_len[1];
unsigned char dn_o[5][SGD_MAX_NAME_SIZE];
unsigned int dn_o_len[5];
unsigned char dn_ou[5][SGD_MAX_NAME_SIZE];
unsigned int dn_ou_len[5];
unsigned char dn_cn[2][SGD_MAX_NAME_SIZE];
unsigned int dn_cn_len[2];
unsigned char dn_email[2][SGD_MAX_NAME_SIZE];
unsigned int dn_email_len[2];
} SGD_NAME_INFO;
int SAF_Initialize(
void **phAppHandle,
char *pubCfgFilePath);
int SAF_Finalize(
void *hAppHandle);
int SAF_GetVersion(
unsigned int *puiVersion);
int SAF_Login(
void *hAppHandle,
unsigned int uiUsrType,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned char *pucPin,
unsigned int uiPinLen,
unsigned int *puiRemainCount);
int SAF_ChangePin(
void *hAppHandle,
unsigned int uiUsrType,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned char *pucOldPin,
unsigned int uiOldPinLen,
unsigned char *pucNewPin,
unsigned int uiNewPinLen,
unsigned int *puiRemainCount);
int SAF_Logout(
void *hAppHandle,
unsigned int uiUsrType);
int SAF_AddTrustedRootCaCertificate(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen);
int SAF_GetRootCaCertificateCount(
void *hAppHandle,
unsigned int *puiCount);
int SAF_GetRootCaCertificate(
void *hAppHandle,
unsigned int uiIndex,
unsigned char *pucCertificate,
unsigned int *puiCertificateLen);
int SAF_RemoveRootCaCertificate(
void *hAppHandle,
unsigned int uiIndex);
int SAF_AddCaCertificate(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen);
int SAF_GetCaCertificateCount(
void *hAppHandle,
unsigned int *puiCount);
int SAF_GetCaCertificate(
void *hAppHandle,
unsigned int uiIndex,
unsigned char *pucCertificate,
unsigned int *puiCertificateLen);
int SAF_RemoveCaCertificate(
void *hAppHandle,
unsigned int uiIndex);
int SAF_AddCrl(
void *hAppHandle,
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen);
int SAF_VerifyCertificate(
void *hAppHandle,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen);
int SAF_VerifyCertificateByCrl(
void *hAppHandle,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen,
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen);
int SAF_GetCertificateStateByOCSP(
void *hAppHandle,
unsigned char *pcOcspHostURL,
unsigned int uiOcspHostURLLen,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen,
unsigned char *pucCACertificate,
unsigned int uiCACertficateLen);
int SAF_GetCertFromLdap(
void *hAppHandle,
char *pcLdapHostURL,
unsigned int uiLdapHostURLLen,
unsigned char *pucQueryDN,
unsigned int uiQueryDNLen,
unsigned char *pucOutCert,
unsigned int *puiOutCertLen);
int SAF_GetCrlFromLdap(
void *hAppHandle,
char *pcLdapHostURL,
unsigned int uiLdapHostURLLen,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucCrlData,
unsigned int *puiCrlDataLen);
int SAF_GetCertificateInfo(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned int uiInfoType,
unsigned char *pucInfo,
unsigned int *puiInfoLen);
int SAF_GetExtTypeInfo(
void *hAppHandle,
unsigned char *pucDerCert,
unsigned int uiDerCertLen,
unsigned int uiInfoType,
unsigned char *pucPriOid,
unsigned int uiPriOidLen,
unsigned char *pucInfo,
unsigned int *puiInfoLen);
int SAF_EnumCertificates(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts);
int SAF_EnumKeyContainerInfo(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo);
int SAF_EnumCertificatesFree(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts);
int SAF_EnumKeyContainerInfoFree(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo);
int SAF_Base64_Encode(
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_Base64_Decode(
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_Base64_CreateBase64Obj(
void **phBase64Obj);
int SAF_Base64_DestroyBase64Obj(
void *hBase64Obj);
int SAF_Base64_EncodeUpdate(
void *hBase64Obj,
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_Base64_EncodeFinal(
void *hBase64Obj,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_Base64_DecodeUpdate(
void *hBase64Obj,
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_Base64_DecodeFinal(
void *hBase64Obj,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_GenRandom(
unsigned int uiRandLen,
unsigned char *pucRand);
int SAF_Hash(
unsigned int uiAlgoType,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pubID,
unsigned int ulIDLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_CreateHashObj(void **phHashObj,
unsigned int uiAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucID,
unsigned int ulIDLen);
int SAF_DestroyHashObj(
void *phHashObj);
int SAF_HashUpdate(
void *phHashObj,
const unsigned char *pucInData,
unsigned int uiInDataLen);
int SAF_HashFinal(
void *phHashObj,
unsigned char *pucOutData,
unsigned int *uiOutDataLen);
int SAF_GenRsaKeyPair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag);
int SAF_GetRsaPublicKey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen);
int SAF_RsaSign(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int *puiSignatureLen);
int SAF_RsaSignFile(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int *puiSignatureLen);
int SAF_RsaVerifySign(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int uiSignatureLen);
int SAF_RsaVerifySignFile(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int uiSignatureLen);
int SAF_VerifySignByCert(
unsigned int uiHashAlgoType,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int uiSignatureLen);
int SAF_GenEccKeyPair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag);
int SAF_GetEccPublicKey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen);
int SAF_EccSign(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int *puiSignDataLen);
int SAF_EccVerifySign(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int uiSignDataLen);
int SAF_EccPublicKeyEnc(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_EccPublicKeyEncByCert(
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_EccVerifySignByCert(
unsigned int uiAlgorithmID,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int uiSignDataLen);
int SAF_CreateSymmKeyObj(
void *hAppHandle,
void **phSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerLen,
unsigned char *pucIV,
unsigned int uiIVLen,
unsigned int uiEncOrDec,
unsigned int uiCryptoAlgID);
int SAF_GenerateKeyWithEPK(
void *hSymmKeyObj,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int *puiSymmKeyLen,
void **phKeyHandle);
int SAF_ImportEncedKey(
void *hSymmKeyObj,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
void **phKeyHandle);
int SAF_GenerateAgreementDataWithECC(
void *hSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
unsigned char *pucSponsorPublicKey,
unsigned int *puiSponsorPublicKeyLen,
unsigned char *pucSponsorTmpPublicKey,
unsigned int *puiSponsorTmpPublicKeyLen,
void **phAgreementHandle);
int SAF_GenerateKeyWithECC(
void *phAgreementHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucResponsePublicKey,
unsigned int uiResponsePublicKeyLen,
unsigned char *pucResponseTmpPublicKey,
unsigned int uiResponseTmpPublicKeyLen,
void **phKeyHandle);
int SAF_GenerateAgreementDataAdnKeyWithECC(
void *hSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
unsigned char *pucSponsorPublicKey,
unsigned int *puiSponsorPublicKeyLen,
unsigned char *pucSponsorTmpPublicKey,
unsigned int *puiSponsorTmpPublicKeyLen,
unsigned char *pucResponsePublicKey,
unsigned int uiResponsePublicKeyLen,
unsigned char *pucResponseTmpPublicKey,
unsigned int uiResponseTmpPublicKeyLen,
void **phKeyHandle);
int SAF_DestroySymmAlgoObj(
void *hSymmKeyObj);
int SAF_DestroyKeyHandle(
void *hKeyHandle);
int SAF_SymmEncrypt(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_SymmEncryptUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_SymmEncryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_SymmDecrypt(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_SymmDecryptUpdate(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_SymmDecryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_Mac(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_MacUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen);
int SAF_MacFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen);
int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen);
int SAF_Pkcs7_DecodeData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerP7Data,
unsigned int uiDerP7DataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithm);
int SAF_Pkcs7_EncodeSignedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen);
int SAF_Pkcs7_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerP7SignedData,
unsigned int uiDerP7SignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSig,
unsigned int *puiSigLen);
int SAF_Pkcs7_EncodeEnvelopedData(
void *hAppHandle,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucDerP7EnvelopedData,
unsigned int *puiDerP7EnvelopedDataLen);
int SAF_Pkcs7_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerP7EnvelopedData,
unsigned int uiDerP7EnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen);
int SAF_Pkcs7_EncodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7DigestedData,
unsigned int *puiDerP7DigestedDataLen);
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned char *pucDerP7DigestedData,
unsigned int uiDerP7DigestedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucDigest,
unsigned int *puiDigestLen);
int SAF_SM2_EncodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int *puiDerSignedAndEnvelopedDataLen);
int SAF_SM2_DecodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucDerContainerName,
unsigned int uiDerContainerNameLen,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int uiDerSignedAndEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithm);
int SAF_SM2_EncodeSignedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerSignedData,
unsigned int *puiDerSignedDataLen);
int SAF_SM2_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerSignedData,
unsigned int uiDerSignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSign,
unsigned int *puiSignLen);
int SAF_SM2_EncodeEnvelopedData(
void *hAppHandle,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucDerEnvelopedData,
unsigned int *puiDerEnvelopedDataLen);
int SAF_SM2_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerEnvelopedData,
unsigned int uiDerEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen);
#define SAR_Ok 0x00000000
#define SAR_UnknownErr 0x02000001
#define SAR_NotSupportYetErr 0x02000002
#define SAR_FileErr 0x02000003
#define SAR_ProviderTypeErr 0x02000004
#define SAR_LoadProviderErr 0x02000005
#define SAR_LoadDevMngApiErr 0x02000006
#define SAR_AlgoTypeErr 0x02000007
#define SAR_NameLenErr 0x02000008
#define SAR_KeyUsageErr 0x02000009
#define SAR_ModulusLenErr 0x02000010
#define SAR_NotInitializeErr 0x02000011
#define SAR_ObjErr 0x02000012
#define SAR_MemoryErr 0x02000100
#define SAR_TimeoutErr 0x02000101
#define SAR_IndataLenErr 0x02000200
#define SAR_IndataErr 0x02000201
#define SAR_GenRandErr 0x02000300
#define SAR_HashObjErr 0x02000301
#define SAR_HashErr 0x02000302
#define SAR_GenRsaKeyErr 0x02000303
#define SAR_RsaModulusLenErr 0x02000304
#define SAR_CspImportPubKeyErr 0x02000305
#define SAR_RsaEncErr 0x02000306
#define SAR_RsaDecErr 0x02000307
#define SAR_HashNotEqualErr 0x02000308
#define SAR_KeyNotFoundErr 0x02000309
#define SAR_CertNotFoundErr 0x02000310
#define SAR_NotExportErr 0x02000311
#define SAR_CertRevokedErr 0x02000316
#define SAR_CertNotYetValidErr 0x02000317
#define SAR_CerthashExpiredErr 0x02000318
#define SAR_CertVerifyErr 0x02000319
#define SAR_CertEncodeErr 0x02000320
#define SAR_DecryptPadErr 0x02000400
#define SAR_MacLenErr 0x02000401
#define SAR_KeyInfoTypeErr 0x02000402
#define SAR_NotLogin 0x02000403
#ifdef __cplusplus
}
#endif
#endif
#endif

14
test/build.info
View File

@@ -20,7 +20,7 @@ IF[{- !$disabled{tests} -}]
sm3test sms4test kdf2test eciestest ffxtest sm2test \
pailliertest cpktest otptest gmapitest ec2test \
bfibetest bb1ibetest sm9test \
saftest sdftest skftest softest zuctest \
sdftest skftest zuctest \
serpenttest specktest base58test
SOURCE[aborttest]=aborttest.c
@@ -344,10 +344,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[sm9test]=../include
DEPEND[sm9test]=../libcrypto
SOURCE[saftest]=saftest.c
INCLUDE[saftest]=../include
DEPEND[saftest]=../libcrypto
SOURCE[sdftest]=sdftest.c
INCLUDE[sdftest]=../include
DEPEND[sdftest]=../libcrypto
@@ -356,10 +352,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[skftest]=../include
DEPEND[skftest]=../libcrypto
SOURCE[softest]=softest.c
INCLUDE[softest]=../include
DEPEND[softest]=../libcrypto
SOURCE[zuctest]=zuctest.c
INCLUDE[zuctest]=../include
DEPEND[zuctest]=../libcrypto
@@ -376,10 +368,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[base58test]=../include
DEPEND[base58test]=../libcrypto
SOURCE[ecrstest]=ecrstest.c
INCLUDE[ecrstest]=../include
DEPEND[ecrstest]=../libcrypto
IF[{- !$disabled{shared} -}]
PROGRAMS_NO_INST=shlibloadtest
SOURCE[shlibloadtest]=shlibloadtest.c

12
test/recipes/30-test_saf.t
View File

@@ -1,12 +0,0 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test::Simple;
simple_test("test_saf", "saftest", "saf");

12
test/recipes/30-test_sof.t
View File

@@ -1,12 +0,0 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test::Simple;
simple_test("test_sof", "softest", "sof");

5038
util/libcrypto.num
View File

File diff suppressed because it is too large Load Diff

411
util/libssl.num
View File

@@ -1,411 +0,0 @@
SSL_CTX_sess_set_new_cb 1 1_1_0d EXIST::FUNCTION:
SSL_SESSION_new 2 1_1_0d EXIST::FUNCTION:
SSL_clear 3 1_1_0d EXIST::FUNCTION:
TLSv1_2_server_method 4 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
SSL_clear_options 5 1_1_0d EXIST::FUNCTION:
SSL_CTX_get0_ctlog_store 6 1_1_0d EXIST::FUNCTION:CT
SSL_client_version 7 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_ex_data 8 1_1_0d EXIST::FUNCTION:
SSL_set_fd 9 1_1_0d EXIST::FUNCTION:SOCK
SSL_CTX_set_client_cert_engine 10 1_1_0d EXIST::FUNCTION:ENGINE
SSLv3_client_method 11 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
SSL_dane_set_flags 12 1_1_0d EXIST::FUNCTION:
SSL_write 13 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_srp_strength 14 1_1_0d EXIST::FUNCTION:SRP
BIO_ssl_shutdown 15 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get0_cipher 16 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_security_callback 17 1_1_0d EXIST::FUNCTION:
SSL_get_verify_depth 18 1_1_0d EXIST::FUNCTION:
SSL_use_certificate_ASN1 19 1_1_0d EXIST::FUNCTION:
SSL_use_PrivateKey_ASN1 20 1_1_0d EXIST::FUNCTION:
SSL_set_connect_state 21 1_1_0d EXIST::FUNCTION:
SSL_get_info_callback 22 1_1_0d EXIST::FUNCTION:
DTLSv1_2_server_method 23 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
SSL_CONF_cmd_value_type 24 1_1_0d EXIST::FUNCTION:
SSL_set_wfd 25 1_1_0d EXIST::FUNCTION:SOCK
SSL_use_PrivateKey_file 26 1_1_0d EXIST::FUNCTION:
SSL_get_changed_async_fds 27 1_1_0d EXIST::FUNCTION:
SSL_CTX_add_client_custom_ext 28 1_1_0d EXIST::FUNCTION:
SSL_CTX_dane_clear_flags 29 1_1_0d EXIST::FUNCTION:
SSL_get_finished 30 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_PrivateKey 31 1_1_0d EXIST::FUNCTION:
SSL_dane_tlsa_add 32 1_1_0d EXIST::FUNCTION:
SSL_get_rfd 33 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_srp_username 34 1_1_0d EXIST::FUNCTION:SRP
SSL_add_ssl_module 35 1_1_0d EXIST::FUNCTION:
SSL_get_psk_identity 36 1_1_0d EXIST::FUNCTION:PSK
SSL_CTX_set_timeout 37 1_1_0d EXIST::FUNCTION:
SSL_srp_server_param_with_username 38 1_1_0d EXIST::FUNCTION:SRP
PEM_write_SSL_SESSION 39 1_1_0d EXIST::FUNCTION:STDIO
SSL_config 40 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_info_callback 41 1_1_0d EXIST::FUNCTION:
SSL_select_next_proto 42 1_1_0d EXIST::FUNCTION:
SSL_SESSION_free 43 1_1_0d EXIST::FUNCTION:
TLS_client_method 44 1_1_0d EXIST::FUNCTION:
SSL_get_fd 45 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_certificate_ASN1 46 1_1_0d EXIST::FUNCTION:
SSL_get_shared_sigalgs 47 1_1_0d EXIST::FUNCTION:
SSL_set0_wbio 48 1_1_0d EXIST::FUNCTION:
SSL_COMP_get_compression_methods 49 1_1_0d EXIST::FUNCTION:
SSL_add1_host 50 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_get_kx_nid 51 1_1_0d EXIST::FUNCTION:
SSL_set_default_read_buffer_len 52 1_1_0d EXIST::FUNCTION:
SSL_CTX_up_ref 53 1_1_0d EXIST::FUNCTION:
SSL_rstate_string_long 54 1_1_0d EXIST::FUNCTION:
SSL_get_sigalgs 55 1_1_0d EXIST::FUNCTION:
SSL_use_psk_identity_hint 56 1_1_0d EXIST::FUNCTION:PSK
SSL_get_current_cipher 57 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_verify_depth 58 1_1_0d EXIST::FUNCTION:
OPENSSL_init_ssl 59 1_1_0d EXIST::FUNCTION:
SSL_get_client_CA_list 60 1_1_0d EXIST::FUNCTION:
SSL_get_privatekey 61 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_get_name 62 1_1_0d EXIST::FUNCTION:
DTLSv1_server_method 63 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
SSL_set_security_callback 64 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_default_read_buffer_len 65 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_options 66 1_1_0d EXIST::FUNCTION:
SSLv3_server_method 67 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
SSL_set_read_ahead 68 1_1_0d EXIST::FUNCTION:
SSL_CONF_cmd_argv 69 1_1_0d EXIST::FUNCTION:
SSL_get_wfd 70 1_1_0d EXIST::FUNCTION:
SSL_CTX_clear_options 71 1_1_0d EXIST::FUNCTION:
SSL_CTX_sess_get_new_cb 72 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_ctlog_list_file 73 1_1_0d EXIST::FUNCTION:CT
SSL_renegotiate 74 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_options 75 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_get_cipher_nid 76 1_1_0d EXIST::FUNCTION:
SSL_set_hostflags 77 1_1_0d EXIST::FUNCTION:
SSL_set_psk_client_callback 78 1_1_0d EXIST::FUNCTION:PSK
SSL_has_matching_session_id 79 1_1_0d EXIST::FUNCTION:
DTLSv1_client_method 80 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
SSL_CONF_CTX_free 81 1_1_0d EXIST::FUNCTION:
SSL_get_quiet_shutdown 82 1_1_0d EXIST::FUNCTION:
SSL_get0_dane 83 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_default_verify_paths 84 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_srp_verify_param_callback 85 1_1_0d EXIST::FUNCTION:SRP
SSL_get0_peername 86 1_1_0d EXIST::FUNCTION:
SSL_alert_desc_string 87 1_1_0d EXIST::FUNCTION:
SSL_CTX_dane_enable 88 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_default_ctlog_list_file 89 1_1_0d EXIST::FUNCTION:CT
TLS_server_method 90 1_1_0d EXIST::FUNCTION:
SSL_get_psk_identity_hint 91 1_1_0d EXIST::FUNCTION:PSK
SSL_CTX_get_client_cert_cb 92 1_1_0d EXIST::FUNCTION:
SSL_get0_dane_authority 93 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_not_resumable_session_callback 94 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_srp_username_callback 95 1_1_0d EXIST::FUNCTION:SRP
SSL_use_RSAPrivateKey_file 96 1_1_0d EXIST::FUNCTION:RSA
SSL_do_handshake 97 1_1_0d EXIST::FUNCTION:
SSL_dane_enable 98 1_1_0d EXIST::FUNCTION:
SSL_CTX_config 99 1_1_0d EXIST::FUNCTION:
d2i_SSL_SESSION 100 1_1_0d EXIST::FUNCTION:
SSL_set_options 101 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_security_level 102 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_verify_callback 103 1_1_0d EXIST::FUNCTION:
SSL_CONF_CTX_finish 104 1_1_0d EXIST::FUNCTION:
TLSv1_2_client_method 105 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
SRP_Calc_A_param 106 1_1_0d EXIST::FUNCTION:SRP
BIO_new_buffer_ssl_connect 107 1_1_0d EXIST::FUNCTION:
SSL_connect 108 1_1_0d EXIST::FUNCTION:
SSL_dup_CA_list 109 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_info_callback 110 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_timeout 111 1_1_0d EXIST::FUNCTION:
SSL_CTX_set0_ctlog_store 112 1_1_0d EXIST::FUNCTION:CT
SSL_CTX_enable_ct 113 1_1_0d EXIST::FUNCTION:CT
SSL_CTX_use_serverinfo 114 1_1_0d EXIST::FUNCTION:
SSL_use_certificate_chain_file 115 1_1_0d EXIST::FUNCTION:
SSL_trace 116 1_1_0d EXIST::FUNCTION:SSL_TRACE
SSL_set_verify 117 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_certificate_file 118 1_1_0d EXIST::FUNCTION:
SSL_COMP_get_name 119 1_1_0d EXIST::FUNCTION:
SSL_CTX_get0_certificate 120 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_get_version 121 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_cipher_list 122 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_description 123 1_1_0d EXIST::FUNCTION:
SSL_CTX_SRP_CTX_free 124 1_1_0d EXIST::FUNCTION:SRP
SSL_get_server_random 125 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_get_auth_nid 126 1_1_0d EXIST::FUNCTION:
SSL_get0_param 127 1_1_0d EXIST::FUNCTION:
SSL_set_default_passwd_cb 128 1_1_0d EXIST::FUNCTION:
SSL_in_init 129 1_1_0d EXIST::FUNCTION:
SSL_set_session_id_context 130 1_1_0d EXIST::FUNCTION:
GMTLS_method 131 1_1_0d EXIST::FUNCTION:GMTLS
i2d_SSL_SESSION 132 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_next_protos_advertised_cb 133 1_1_0d EXIST::FUNCTION:NEXTPROTONEG
SSL_get_ssl_method 134 1_1_0d EXIST::FUNCTION:
SSL_copy_session_id 135 1_1_0d EXIST::FUNCTION:
SSL_set_security_level 136 1_1_0d EXIST::FUNCTION:
SSL_set_verify_depth 137 1_1_0d EXIST::FUNCTION:
SSL_set_SSL_CTX 138 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_srp_password 139 1_1_0d EXIST::FUNCTION:SRP
SSL_CTX_set_tlsext_use_srtp 140 1_1_0d EXIST::FUNCTION:SRTP
SSL_CIPHER_standard_name 141 1_1_0d EXIST::FUNCTION:SSL_TRACE
SSL_CTX_callback_ctrl 142 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_client_CA_list 143 1_1_0d EXIST::FUNCTION:
SSL_set_cert_cb 144 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_alpn_select_cb 145 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_generate_session_id 146 1_1_0d EXIST::FUNCTION:
SSL_set_srp_server_param_pw 147 1_1_0d EXIST::FUNCTION:SRP
SSL_add_file_cert_subjects_to_stack 148 1_1_0d EXIST::FUNCTION:
SSL_rstate_string 149 1_1_0d EXIST::FUNCTION:
GMTLS_client_method 150 1_1_0d EXIST::FUNCTION:GMTLS
SSL_CTX_add_server_custom_ext 151 1_1_0d EXIST::FUNCTION:
SSL_set_generate_session_id 152 1_1_0d EXIST::FUNCTION:
SSL_get0_security_ex_data 153 1_1_0d EXIST::FUNCTION:
TLSv1_client_method 154 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
TLSv1_server_method 155 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
SSL_get_srp_username 156 1_1_0d EXIST::FUNCTION:SRP
SSL_in_before 157 1_1_0d EXIST::FUNCTION:
TLSv1_1_server_method 158 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
SSL_CTX_set_cert_cb 159 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_cert_store 160 1_1_0d EXIST::FUNCTION:
SSL_CONF_CTX_set_flags 161 1_1_0d EXIST::FUNCTION:
SSL_get_ex_data_X509_STORE_CTX_idx 162 1_1_0d EXIST::FUNCTION:
DTLS_client_method 163 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_RSAPrivateKey 164 1_1_0d EXIST::FUNCTION:RSA
SSL_SESSION_get_protocol_version 165 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_trust 166 1_1_0d EXIST::FUNCTION:
SSL_want 167 1_1_0d EXIST::FUNCTION:
SSL_CTX_add_session 168 1_1_0d EXIST::FUNCTION:
SSL_SESSION_print 169 1_1_0d EXIST::FUNCTION:
SSL_CTX_get0_security_ex_data 170 1_1_0d EXIST::FUNCTION:
ERR_load_SSL_strings 171 1_1_0d EXIST::FUNCTION:
SSL_set_trust 172 1_1_0d EXIST::FUNCTION:
SSL_alert_desc_string_long 173 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_find 174 1_1_0d EXIST::FUNCTION:
DTLSv1_2_client_method 175 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
SSL_SESSION_set_time 176 1_1_0d EXIST::FUNCTION:
SSL_get_SSL_CTX 177 1_1_0d EXIST::FUNCTION:
SSL_get_version 178 1_1_0d EXIST::FUNCTION:
SSL_get_current_compression 179 1_1_0d EXIST::FUNCTION:
SSL_SESSION_print_fp 180 1_1_0d EXIST::FUNCTION:STDIO
SSL_CTX_set_client_cert_cb 181 1_1_0d EXIST::FUNCTION:
SSL_get0_peer_scts 182 1_1_0d EXIST::FUNCTION:CT
SSL_CTX_get_ciphers 183 1_1_0d EXIST::FUNCTION:
SSL_CTX_free 184 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_psk_client_callback 185 1_1_0d EXIST::FUNCTION:PSK
SSL_SESSION_get_compress_id 186 1_1_0d EXIST::FUNCTION:
SSL_callback_ctrl 187 1_1_0d EXIST::FUNCTION:
SSL_set_tlsext_use_srtp 188 1_1_0d EXIST::FUNCTION:SRTP
SSL_CONF_CTX_set_ssl 189 1_1_0d EXIST::FUNCTION:
SSL_alert_type_string_long 190 1_1_0d EXIST::FUNCTION:
SSL_set_quiet_shutdown 191 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_ex_data 192 1_1_0d EXIST::FUNCTION:
SSL_version 193 1_1_0d EXIST::FUNCTION:
SSL_state_string 194 1_1_0d EXIST::FUNCTION:
SSL_SESSION_set_timeout 195 1_1_0d EXIST::FUNCTION:
SSL_has_pending 196 1_1_0d EXIST::FUNCTION:
SSL_use_certificate 197 1_1_0d EXIST::FUNCTION:
SSL_set_cipher_list 198 1_1_0d EXIST::FUNCTION:
SSL_set_session_secret_cb 199 1_1_0d EXIST::FUNCTION:
DTLSv1_2_method 200 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_2_METHOD
SSL_ctrl 201 1_1_0d EXIST::FUNCTION:
SSL_CONF_CTX_clear_flags 202 1_1_0d EXIST::FUNCTION:
PEM_read_SSL_SESSION 203 1_1_0d EXIST::FUNCTION:STDIO
SSL_get_verify_result 204 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_default_passwd_cb_userdata 205 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_srp_client_pwd_callback 206 1_1_0d EXIST::FUNCTION:SRP
SSL_shutdown 207 1_1_0d EXIST::FUNCTION:
SSL_CTX_add_client_CA 208 1_1_0d EXIST::FUNCTION:
SSL_CTX_get0_privatekey 209 1_1_0d EXIST::FUNCTION:
SSL_set_not_resumable_session_callback 210 1_1_0d EXIST::FUNCTION:
SSL_use_certificate_file 211 1_1_0d EXIST::FUNCTION:
SSL_get_peer_certificate 212 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get0_ticket 213 1_1_0d EXIST::FUNCTION:
SSL_alert_type_string 214 1_1_0d EXIST::FUNCTION:
SSL_get_srtp_profiles 215 1_1_0d EXIST::FUNCTION:SRTP
SSL_set1_param 216 1_1_0d EXIST::FUNCTION:
SSL_get_shared_ciphers 217 1_1_0d EXIST::FUNCTION:
SSL_set_info_callback 218 1_1_0d EXIST::FUNCTION:
SSL_waiting_for_async 219 1_1_0d EXIST::FUNCTION:
SSL_dane_clear_flags 220 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_security_callback 221 1_1_0d EXIST::FUNCTION:
SSL_check_chain 222 1_1_0d EXIST::FUNCTION:
GMTLS_server_method 223 1_1_0d EXIST::FUNCTION:GMTLS
BIO_new_ssl_connect 224 1_1_0d EXIST::FUNCTION:
SSL_CTX_flush_sessions 225 1_1_0d EXIST::FUNCTION:
SSL_pending 226 1_1_0d EXIST::FUNCTION:
SSL_is_server 227 1_1_0d EXIST::FUNCTION:
SSL_set_msg_callback 228 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_cookie_generate_cb 229 1_1_0d EXIST::FUNCTION:
SSL_set_psk_server_callback 230 1_1_0d EXIST::FUNCTION:PSK
SSL_get_error 231 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_certificate_chain_file 232 1_1_0d EXIST::FUNCTION:
SSL_CONF_CTX_new 233 1_1_0d EXIST::FUNCTION:
SSL_set_ct_validation_callback 234 1_1_0d EXIST::FUNCTION:CT
SSL_SESSION_set1_id 235 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_default_verify_dir 236 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get_ticket_lifetime_hint 237 1_1_0d EXIST::FUNCTION:
SSL_COMP_add_compression_method 238 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_purpose 239 1_1_0d EXIST::FUNCTION:
BIO_new_ssl 240 1_1_0d EXIST::FUNCTION:
SSL_set_accept_state 241 1_1_0d EXIST::FUNCTION:
SSL_get_wbio 242 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_srp_cb_arg 243 1_1_0d EXIST::FUNCTION:SRP
SSL_SESSION_up_ref 244 1_1_0d EXIST::FUNCTION:
SSL_CTX_SRP_CTX_init 245 1_1_0d EXIST::FUNCTION:SRP
SSL_get_client_ciphers 246 1_1_0d EXIST::FUNCTION:
SSL_set_default_passwd_cb_userdata 247 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_default_passwd_cb_userdata 248 1_1_0d EXIST::FUNCTION:
SSL_CTX_sess_set_get_cb 249 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get0_peer 250 1_1_0d EXIST::FUNCTION:
SSL_free 251 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_verify 252 1_1_0d EXIST::FUNCTION:
SSL_SESSION_print_keylog 253 1_1_0d EXIST::FUNCTION:
SSL_is_dtls 254 1_1_0d EXIST::FUNCTION:
SSL_set_verify_result 255 1_1_0d EXIST::FUNCTION:
SSL_SRP_CTX_free 256 1_1_0d EXIST::FUNCTION:SRP
SSL_get_peer_cert_chain 257 1_1_0d EXIST::FUNCTION:
TLSv1_method 258 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_METHOD
SSL_get_rbio 259 1_1_0d EXIST::FUNCTION:
SSL_CTX_dane_mtype_set 260 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_cert_verify_callback 261 1_1_0d EXIST::FUNCTION:
SSL_SRP_CTX_init 262 1_1_0d EXIST::FUNCTION:SRP
SSL_CTX_load_verify_locations 263 1_1_0d EXIST::FUNCTION:
SSL_set_session_ticket_ext_cb 264 1_1_0d EXIST::FUNCTION:
SSL_set_shutdown 265 1_1_0d EXIST::FUNCTION:
SSL_state_string_long 266 1_1_0d EXIST::FUNCTION:
SSLv3_method 267 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SSL3_METHOD
SSL_CTX_use_RSAPrivateKey_file 268 1_1_0d EXIST::FUNCTION:RSA
SSL_CTX_ctrl 269 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_quiet_shutdown 270 1_1_0d EXIST::FUNCTION:
SSL_get_default_timeout 271 1_1_0d EXIST::FUNCTION:
TLSv1_1_client_method 272 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
SSL_get_verify_callback 273 1_1_0d EXIST::FUNCTION:
SSL_CONF_cmd 274 1_1_0d EXIST::FUNCTION:
BIO_ssl_copy_session_id 275 1_1_0d EXIST::FUNCTION:
SSL_CTX_set1_param 276 1_1_0d EXIST::FUNCTION:
SSL_set_rfd 277 1_1_0d EXIST::FUNCTION:SOCK
SSL_get_srp_g 278 1_1_0d EXIST::FUNCTION:SRP
SSL_COMP_get_id 279 1_1_0d EXIST::FUNCTION:
SSL_CTX_has_client_custom_ext 280 1_1_0d EXIST::FUNCTION:
SSL_set0_security_ex_data 281 1_1_0d EXIST::FUNCTION:
SSL_check_private_key 282 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get_master_key 283 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get0_id_context 284 1_1_0d EXIST::FUNCTION:
SSL_get_ex_data 285 1_1_0d EXIST::FUNCTION:
SSL_CTX_remove_session 286 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_serverinfo_file 287 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_quiet_shutdown 288 1_1_0d EXIST::FUNCTION:
SSL_export_keying_material 289 1_1_0d EXIST::FUNCTION:
SSL_get_ciphers 290 1_1_0d EXIST::FUNCTION:
SSL_dup 291 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_PrivateKey_ASN1 292 1_1_0d EXIST::FUNCTION:
SSL_renegotiate_abbreviated 293 1_1_0d EXIST::FUNCTION:
SSL_get_verify_mode 294 1_1_0d EXIST::FUNCTION:
SSL_set0_rbio 295 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get_ex_data 296 1_1_0d EXIST::FUNCTION:
SSL_peek 297 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_psk_server_callback 298 1_1_0d EXIST::FUNCTION:PSK
SSL_extension_supported 299 1_1_0d EXIST::FUNCTION:
SSL_CTX_get0_param 300 1_1_0d EXIST::FUNCTION:
SSL_set_bio 301 1_1_0d EXIST::FUNCTION:
SSL_SESSION_set1_id_context 302 1_1_0d EXIST::FUNCTION:
SSL_CTX_sessions 303 1_1_0d EXIST::FUNCTION:
SSL_get1_session 304 1_1_0d EXIST::FUNCTION:
SSL_get_servername_type 305 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get0_hostname 306 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_ssl_method 307 1_1_0d EXIST::FUNCTION:
SSL_add_client_CA 308 1_1_0d EXIST::FUNCTION:
SSL_get_srp_N 309 1_1_0d EXIST::FUNCTION:SRP
SSL_SESSION_set_ex_data 310 1_1_0d EXIST::FUNCTION:
SSL_get_all_async_fds 311 1_1_0d EXIST::FUNCTION:
SSL_get_certificate 312 1_1_0d EXIST::FUNCTION:
SSL_CONF_CTX_set1_prefix 313 1_1_0d EXIST::FUNCTION:
DTLS_method 314 1_1_0d EXIST::FUNCTION:
SSL_add_dir_cert_subjects_to_stack 315 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get_time 316 1_1_0d EXIST::FUNCTION:
TLSv1_1_method 317 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
SSL_set_session_ticket_ext 318 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_verify_depth 319 1_1_0d EXIST::FUNCTION:
SSL_CTX_sess_get_get_cb 320 1_1_0d EXIST::FUNCTION:
SSL_set_ssl_method 321 1_1_0d EXIST::FUNCTION:
SSL_get_security_level 322 1_1_0d EXIST::FUNCTION:
SSL_get_default_passwd_cb_userdata 323 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_certificate 324 1_1_0d EXIST::FUNCTION:
SSL_enable_ct 325 1_1_0d EXIST::FUNCTION:CT
SSL_CTX_sess_set_remove_cb 326 1_1_0d EXIST::FUNCTION:
SSL_get_srp_userinfo 327 1_1_0d EXIST::FUNCTION:SRP
PEM_read_bio_SSL_SESSION 328 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_is_aead 329 1_1_0d EXIST::FUNCTION:
SSL_get_state 330 1_1_0d EXIST::FUNCTION:
SSL_COMP_get0_name 331 1_1_0d EXIST::FUNCTION:
SSL_get_read_ahead 332 1_1_0d EXIST::FUNCTION:
BIO_f_ssl 333 1_1_0d EXIST::FUNCTION:
SSL_CTX_set0_security_ex_data 334 1_1_0d EXIST::FUNCTION:
TLSv1_2_method 335 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_2_METHOD
SSL_get_shutdown 336 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_get_id 337 1_1_0d EXIST::FUNCTION:
SSL_get_options 338 1_1_0d EXIST::FUNCTION:
SSL_get_servername 339 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_default_passwd_cb 340 1_1_0d EXIST::FUNCTION:
DTLS_server_method 341 1_1_0d EXIST::FUNCTION:
DTLSv1_method 342 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0,DTLS1_METHOD
SSL_SESSION_get_timeout 343 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_session_id_context 344 1_1_0d EXIST::FUNCTION:
SSL_get_client_random 345 1_1_0d EXIST::FUNCTION:
SSL_new 346 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_ct_validation_callback 347 1_1_0d EXIST::FUNCTION:CT
SSL_CTX_set_alpn_protos 348 1_1_0d EXIST::FUNCTION:
SSL_CTX_get_verify_mode 349 1_1_0d EXIST::FUNCTION:
SSL_CTX_check_private_key 350 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_msg_callback 351 1_1_0d EXIST::FUNCTION:
SSL_CTX_ct_is_enabled 352 1_1_0d EXIST::FUNCTION:CT
SSL_get_current_expansion 353 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_cert_store 354 1_1_0d EXIST::FUNCTION:
SSL_SESSION_get_id 355 1_1_0d EXIST::FUNCTION:
SSL_get0_next_proto_negotiated 356 1_1_0d EXIST::FUNCTION:NEXTPROTONEG
SSL_is_gmtls 357 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_tmp_dh_callback 358 1_1_0d EXIST::FUNCTION:DH
SSL_load_client_CA_file 359 1_1_0d EXIST::FUNCTION:
SSL_up_ref 360 1_1_0d EXIST::FUNCTION:
SSL_is_init_finished 361 1_1_0d EXIST::FUNCTION:
SSL_set1_host 362 1_1_0d EXIST::FUNCTION:
SSL_session_reused 363 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_security_level 364 1_1_0d EXIST::FUNCTION:
SSL_use_RSAPrivateKey_ASN1 365 1_1_0d EXIST::FUNCTION:RSA
SSL_ct_is_enabled 366 1_1_0d EXIST::FUNCTION:CT
SSL_get1_supported_ciphers 367 1_1_0d EXIST::FUNCTION:
SSL_get0_verified_chain 368 1_1_0d EXIST::FUNCTION:
SSL_get_default_passwd_cb 369 1_1_0d EXIST::FUNCTION:
SSL_CIPHER_get_bits 370 1_1_0d EXIST::FUNCTION:
SSL_read 371 1_1_0d EXIST::FUNCTION:
SSL_CTX_new 372 1_1_0d EXIST::FUNCTION:
SSL_COMP_set0_compression_methods 373 1_1_0d EXIST::FUNCTION:
SSL_renegotiate_pending 374 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_client_CA_list 375 1_1_0d EXIST::FUNCTION:
SSL_use_RSAPrivateKey 376 1_1_0d EXIST::FUNCTION:RSA
SSL_CTX_set_default_verify_file 377 1_1_0d EXIST::FUNCTION:
SSL_set_session 378 1_1_0d EXIST::FUNCTION:
SSL_get_selected_srtp_profile 379 1_1_0d EXIST::FUNCTION:SRTP
SSL_get_security_callback 380 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_default_passwd_cb 381 1_1_0d EXIST::FUNCTION:
TLS_method 382 1_1_0d EXIST::FUNCTION:
SSL_get_cipher_list 383 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_ssl_version 384 1_1_0d EXIST::FUNCTION:
SSL_CONF_CTX_set_ssl_ctx 385 1_1_0d EXIST::FUNCTION:
SSL_get_session 386 1_1_0d EXIST::FUNCTION:
SSL_use_PrivateKey 387 1_1_0d EXIST::FUNCTION:
SSL_SESSION_has_ticket 388 1_1_0d EXIST::FUNCTION:
SSL_get_peer_finished 389 1_1_0d EXIST::FUNCTION:
SSL_CTX_dane_set_flags 390 1_1_0d EXIST::FUNCTION:
SSL_get0_dane_tlsa 391 1_1_0d EXIST::FUNCTION:
SSL_CTX_use_RSAPrivateKey_ASN1 392 1_1_0d EXIST::FUNCTION:RSA
SSL_CTX_set_next_proto_select_cb 393 1_1_0d EXIST::FUNCTION:NEXTPROTONEG
SSL_certs_clear 394 1_1_0d EXIST::FUNCTION:
SSL_set_tmp_dh_callback 395 1_1_0d EXIST::FUNCTION:DH
SSL_CTX_use_psk_identity_hint 396 1_1_0d EXIST::FUNCTION:PSK
DTLSv1_listen 397 1_1_0d EXIST::FUNCTION:SOCK
SSL_set_debug 398 1_1_0d EXIST::FUNCTION:DEPRECATEDIN_1_1_0
SSL_CIPHER_get_digest_nid 399 1_1_0d EXIST::FUNCTION:
SSL_test_functions 400 1_1_0d EXIST::FUNCTION:UNIT_TEST
SSL_set_purpose 401 1_1_0d EXIST::FUNCTION:
SSL_set_srp_server_param 402 1_1_0d EXIST::FUNCTION:SRP
SSL_CTX_use_PrivateKey_file 403 1_1_0d EXIST::FUNCTION:
SSL_set_client_CA_list 404 1_1_0d EXIST::FUNCTION:
SSL_CTX_sess_get_remove_cb 405 1_1_0d EXIST::FUNCTION:
PEM_write_bio_SSL_SESSION 406 1_1_0d EXIST::FUNCTION:
SSL_get0_alpn_selected 407 1_1_0d EXIST::FUNCTION:
SSL_accept 408 1_1_0d EXIST::FUNCTION:
SSL_CTX_set_cookie_verify_cb 409 1_1_0d EXIST::FUNCTION:
SSL_set_alpn_protos 410 1_1_0d EXIST::FUNCTION:
SSL_set_ex_data 411 1_1_0d EXIST::FUNCTION:

5
util/mkdef.pl
View File

@@ -134,7 +134,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"APPLINK",
# GmSSL
"SM3", "SMS4", "KDF2", "ECIES", "FFX", "SM2", "PAILLIER", "CPK", "OTP", "GMAPI", "EC2",
"BFIBE", "BB1IBE", "SM9", "SAF", "SDF", "SKF", "SOF", "ZUC", "SERPENT", "SPECK", "BASE58",
"BFIBE", "BB1IBE", "SM9", "SDF", "SKF", "ZUC", "SERPENT", "SPECK", "BASE58",
"GMTLS", "GMTLS_METHOD", "CA", "MACRO", "ASYNC"
);
@@ -324,10 +324,8 @@ $crypto.=" include/openssl/ecies.h";
$crypto.=" include/openssl/ffx.h";
$crypto.=" include/openssl/fppoint.h";
$crypto.=" include/openssl/gmapi.h";
$crypto.=" include/openssl/gmsaf.h";
$crypto.=" include/openssl/gmsdf.h";
$crypto.=" include/openssl/gmskf.h";
$crypto.=" include/openssl/gmsof.h";
$crypto.=" include/openssl/kdf2.h";
$crypto.=" include/openssl/otp.h";
$crypto.=" include/openssl/paillier.h";
@@ -340,7 +338,6 @@ $crypto.=" include/openssl/sm2.h";
$crypto.=" include/openssl/sm3.h";
$crypto.=" include/openssl/sm9.h";
$crypto.=" include/openssl/sms4.h";
$crypto.=" include/openssl/sof.h";
$crypto.=" include/openssl/ssf33.h";
$crypto.=" include/openssl/zuc.h";
$crypto.=" include/openssl/serpent.h";