abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-22 05:06:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove SAF and SOF module

Browse Source
This commit is contained in:
Zhi Guan
2019-06-13 18:17:26 +08:00
parent 24f8a17c63
commit bdd3d75e89
36 changed files with 2 additions and 11738 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/err/err.c
View File

@@ -69,10 +69,8 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_BB1IBE, 0, 0), "BB1IBE routines"},
{ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
{ERR_PACK(ERR_LIB_SM9, 0, 0), "SM9 routines"},
{ERR_PACK(ERR_LIB_SAF, 0, 0), "SAF routines"},
{ERR_PACK(ERR_LIB_SDF, 0, 0), "SDF routines"},
{ERR_PACK(ERR_LIB_SKF, 0, 0), "SKF routines"},
{ERR_PACK(ERR_LIB_SOF, 0, 0), "SOF routines"},
{ERR_PACK(ERR_LIB_BASE58, 0, 0), "BASE58 routines"},
{0, NULL},
};
@@ -128,10 +126,8 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
{ERR_R_BB1IBE_LIB, "BB1IBE lib"},
{ERR_R_SM2_LIB, "SM2 lib"},
{ERR_R_SM9_LIB, "SM9 lib"},
{ERR_R_SAF_LIB, "SAF lib"},
{ERR_R_SDF_LIB, "SDF lib"},
{ERR_R_SKF_LIB, "SKF lib"},
{ERR_R_SOF_LIB, "SOF lib"},
{ERR_R_BASE58_LIB, "BASE58 lib"},
{ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},

12
crypto/err/err_all.c
View File

@@ -93,18 +93,12 @@
#ifndef OPENSSL_NO_SM9
# include <openssl/sm9.h>
#endif
#ifndef OPENSSL_NO_SAF
# include <openssl/gmsaf.h>
#endif
#ifndef OPENSSL_NO_SDF
# include <openssl/gmsdf.h>
#endif
#ifndef OPENSSL_NO_SKF
# include <openssl/gmskf.h>
#endif
#ifndef OPENSSL_NO_SOF
# include <openssl/gmsof.h>
#endif
#ifndef OPENSSL_NO_BASE58
# include <openssl/base58.h>
#endif
@@ -203,18 +197,12 @@ int err_load_crypto_strings_int(void)
# ifndef OPENSSL_NO_SM9
ERR_load_SM9_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SAF
ERR_load_SAF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SDF
ERR_load_SDF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SKF
ERR_load_SKF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_SOF
ERR_load_SOF_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_BASE58
ERR_load_BASE58_strings() == 0 ||
# endif

2
crypto/err/openssl.ec
View File

@@ -45,10 +45,8 @@ L BFIBE include/openssl/bfibe.h crypto/bfibe/bfibe_err.c
L BB1IBE include/openssl/bb1ibe.h crypto/bb1ibe/bb1ibe_err.c
L SM2 include/openssl/sm2.h crypto/sm2/sm2_err.c
L SM9 include/openssl/sm9.h crypto/sm9/sm9_err.c
L SAF include/openssl/gmsaf.h crypto/saf/saf_err.c
L SDF include/openssl/gmsdf.h crypto/sdf/sdf_err.c
L SKF include/openssl/gmskf.h crypto/skf/skf_err.c
L SOF include/openssl/gmsof.h crypto/sof/sof_err.c
L BASE58 include/openssl/base58.h crypto/base58/base58_err.c
# additional header files to be scanned for function names

18
crypto/saf/build.info
View File

@@ -1,18 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]= \
saf_app.c \
saf_base64.c \
saf_cert.c \
saf_ec.c \
saf_enc.c \
saf_err.c \
saf_errstr.c \
saf_hash.c \
saf_keyhandle.c \
saf_lib.c \
saf_mac.c \
saf_pkcs7.c \
saf_rand.c \
saf_rsa.c \
saf_sm2.c \
saf_symmkeyobj.c

158
crypto/saf/saf_app.c
View File

@@ -1,158 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/crypto.h>
#include "saf_lcl.h"
/* 7.1.2 */
int SAF_Initialize(
void **phAppHandle,
char *pubCfgFilePath)
{
int ret = SAR_UnknownErr;
SAF_APP *app = NULL;
char *engine_id = pubCfgFilePath;
if (!phAppHandle || !pubCfgFilePath) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(app = OPENSSL_zalloc(sizeof(*app)))) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_MALLOC_FAILURE);
return SAR_MemoryErr;
}
if (!(app->engine = ENGINE_by_id(engine_id))
|| !ENGINE_init(app->engine)) {
SAFerr(SAF_F_SAF_INITIALIZE, ERR_R_ENGINE_LIB);
goto end;
}
*phAppHandle = app;
app = NULL;
ret = SAR_Ok;
end:
SAF_Finalize(app);
return ret;
}
/* 7.1.3 */
int SAF_Finalize(
void *hAppHandle)
{
SAF_APP *app = (SAF_APP *)hAppHandle;
if (app->engine) {
ENGINE_finish(app->engine);
ENGINE_free(app->engine);
}
OPENSSL_free(app);
return SAR_Ok;
}
/* 7.1.4 */
int SAF_GetVersion(
unsigned int *puiVersion)
{
if (!puiVersion) {
SAFerr(SAF_F_SAF_GETVERSION, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
*puiVersion = (unsigned int)OpenSSL_version_num();
return SAR_Ok;
}
/* 7.1.5 */
int SAF_Login(
void *hAppHandle,
unsigned int uiUsrType,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned char *pucPin,
unsigned int uiPinLen,
unsigned int *puiRemainCount)
{
SAFerr(SAF_F_SAF_LOGIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.6 */
int SAF_ChangePin(
void *hAppHandle,
unsigned int uiUsrType,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned char *pucOldPin,
unsigned int uiOldPinLen,
unsigned char *pucNewPin,
unsigned int uiNewPinLen,
unsigned int *puiRemainCount)
{
SAFerr(SAF_F_SAF_CHANGEPIN, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}
/* 7.1.7 */
int SAF_Logout(
void *hAppHandle,
unsigned int uiUsrType)
{
SAFerr(SAF_F_SAF_LOGOUT, SAF_R_NOT_SUPPORTED);
return SAR_NotSupportYetErr;
}

364
crypto/saf/saf_base64.c
View File

@@ -1,364 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.4 */
int SAF_Base64_CreateBase64Obj(
void **phBase64Obj)
{
int ret = SAR_UnknownErr;
SAF_BASE64OBJ *obj = NULL;
if (!(obj = OPENSSL_malloc(sizeof(*obj)))) {
SAFerr(SAF_F_SAF_BASE64_CREATEBASE64OBJ, ERR_R_MALLOC_FAILURE);
return SAR_MemoryErr;
}
if (!(obj->ctx = EVP_ENCODE_CTX_new())) {
SAFerr(SAF_F_SAF_BASE64_CREATEBASE64OBJ, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
obj->inited = 0;
*phBase64Obj = obj;
ret = SAR_OK;
end:
if (ret != SAR_OK) {
EVP_ENCODE_CTX_free(obj->ctx);
OPENSSL_free(obj);
}
return ret;
}
/* 7.3.5 */
/* always return success for software implementation */
int SAF_Base64_DestroyBase64Obj(
void *hBase64Obj)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
if (obj) {
EVP_ENCODE_CTX_free(obj->ctx);
}
OPENSSL_free(obj);
return SAR_OK;
}
/* 7.3.6 */
int SAF_Base64_EncodeUpdate(
void *hBase64Obj,
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int inlen, outlen;
if (!hBase64Obj || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (puiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* check handle */
if (!obj->ctx) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
if (!obj->inited) {
EVP_EncodeInit(obj->ctx);
obj->inited = 1;
}
inlen = (int)puiInDataLen;
outlen = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
if (!EVP_EncodeUpdate(obj->ctx, pucOutData, &outlen, pucInData, inlen)) {
SAFerr(SAF_F_SAF_BASE64_ENCODEUPDATE, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)outlen;
return SAR_OK;
}
/* 7.3.7 */
int SAF_Base64_EncodeFinal(
void *hBase64Obj,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int len;
if (!hBase64Obj || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (*puiOutDataLen < 66) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!obj->ctx || !obj->inited) {
SAFerr(SAF_F_SAF_BASE64_ENCODEFINAL, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
/* the max output length of EVP_EncodeFinal() is 66
* this function return void, so we need to check `*outlen`
*/
len = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
EVP_EncodeFinal(obj->ctx, pucOutData, &len);
*puiOutDataLen = (unsigned int)len;
return SAR_OK;
}
/* 7.3.8 */
int SAF_Base64_DecodeUpdate(
void *hBase64Obj,
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int inlen, outlen;
if (!hBase64Obj || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (puiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
/* GMAPI dont check function specific length, leave to EVP */
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (!obj->ctx) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
if (!obj->inited) {
EVP_DecodeInit(obj->ctx);
obj->inited = 1;
}
inlen = (int)puiInDataLen;
outlen = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
/*
* EVP_DecodeUpdate() return -1 for error, 0 or 1 for success
* 0 means the last char of the input is `=`
*/
if (EVP_DecodeUpdate(obj->ctx, pucOutData, &outlen, pucInData, inlen) < 0) {
SAFerr(SAF_F_SAF_BASE64_DECODEUPDATE, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)outlen;
return SAR_OK;
}
/* 7.3.9 */
int SAF_Base64_DecodeFinal(
void *hBase64Obj,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
SAF_BASE64OBJ *obj = (SAF_BASE64OBJ *)hBase64Obj;
int len;
if (!hBase64Obj || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, SAF_R_INT_OVERFLOW);
return SAR_IndataLenErr;
}
if (!obj->ctx || !obj->inited) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, SAF_R_INVALID_HANDLE);
return SAR_ObjErr;
}
len = (int)(*puiOutDataLen);
//TODO: check outlen, or EVP will fail without error messages
if (!EVP_DecodeFinal(obj->ctx, pucOutData, &len)) {
SAFerr(SAF_F_SAF_BASE64_DECODEFINAL, ERR_R_EVP_LIB);
return SAR_UnknownErr;
}
*puiOutDataLen = (unsigned int)len;
return SAR_OK;
}
/* 7.3.2 */
int SAF_Base64_Encode(
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
void *handle = NULL;
unsigned char *p;
unsigned int len;
if (!pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if ((ret = SAF_Base64_CreateBase64Obj(&handle)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p = pucOutData;
len = *puiOutDataLen;
if ((ret = SAF_Base64_EncodeUpdate(handle, pucInData, puiInDataLen,
p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
len = *puiOutDataLen - len;
if ((ret = SAF_Base64_EncodeFinal(handle, p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_ENCODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
*puiOutDataLen = p - pucOutData;
ret = SAR_OK;
end:
SAF_Base64_DestroyBase64Obj(handle);
return ret;
}
/* 7.3.3 */
int SAF_Base64_Decode(
unsigned char *pucInData,
unsigned int puiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
void *handle = NULL;
unsigned char *p;
unsigned int len;
if ((ret = SAF_Base64_CreateBase64Obj(&handle)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p = pucOutData;
len = *puiOutDataLen;
if ((ret = SAF_Base64_DecodeUpdate(handle, pucInData, puiInDataLen,
p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
len = *puiOutDataLen - len;
if ((ret = SAF_Base64_DecodeFinal(handle, p, &len)) != SAR_OK) {
SAFerr(SAF_F_SAF_BASE64_DECODE, ERR_R_GMAPI_LIB);
goto end;
}
p += len;
*puiOutDataLen = p - pucOutData;
ret = SAR_OK;
end:
SAF_Base64_DestroyBase64Obj(handle);
return ret;
}

521
crypto/saf/saf_cert.c
View File

@@ -1,521 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
#include "../../apps/apps.h"
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, const char *cert_descrip)
{
return 0;
}
/* 7.2.2 */
int SAF_AddTrustedRootCaCertificate(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
X509 *x509 = NULL;
BIO *bio = NULL;
if (!hAppHandle || !pucCertificate) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(bio = BIO_new_file(app->rootcacerts, "a"))) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!PEM_write_bio_X509(bio, x509)) {
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PEM_LIB);
goto end;
}
ret = SAR_Ok;
end:
X509_free(x509);
BIO_free(bio);
return ret;
}
/* 7.2.3 */
int SAF_GetRootCaCertificateCount(
void *hAppHandle,
unsigned int *puiCount)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
if (!hAppHandle || !puiCount) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
*puiCount = sk_X509_num(certs);
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.4 */
int SAF_GetRootCaCertificate(
void *hAppHandle,
unsigned int uiIndex,
unsigned char *pucCertificate,
unsigned int *puiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509;
int len;
if (!hAppHandle || !pucCertificate || !puiCertificateLen) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL,
"root ca certificates")) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(x509 = sk_X509_value(certs, uiIndex))) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
if (*puiCertificateLen < i2d_X509(x509, NULL)) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_X509(x509, &pucCertificate)) <= 0) {
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_X509_LIB);
goto end;
}
*puiCertificateLen = len;
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.5 */
int SAF_RemoveRootCaCertificate(
void *hAppHandle,
unsigned int uiIndex)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
int i, err = 0;
if (!hAppHandle) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(bio = BIO_new_file(app->rootcacerts, "w"))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = sk_X509_delete(certs, uiIndex))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
for (i = 0; i < sk_X509_num(certs); i++) {
if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) {
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PEM_LIB);
err++;
}
}
ret = SAR_Ok;
end:
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
return ret;
}
/* 7.2.6 */
int SAF_AddCaCertificate(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
X509 *x509 = NULL;
BIO *bio = NULL;
if (!hAppHandle || !pucCertificate) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(bio = BIO_new_file(app->cacerts, "a"))) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, uiCertificateLen))) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!PEM_write_bio_X509(bio, x509)) {
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PEM_LIB);
goto end;
}
ret = SAR_Ok;
end:
X509_free(x509);
BIO_free(bio);
return ret;
}
/* 7.2.7 */
int SAF_GetCaCertificateCount(
void *hAppHandle,
unsigned int *puiCount)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
if (!hAppHandle || !puiCount) {
SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
*puiCount = sk_X509_num(certs);
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.8 */
int SAF_GetCaCertificate(
void *hAppHandle,
unsigned int uiIndex,
unsigned char *pucCertificate,
unsigned int *puiCertificateLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509;
int len;
if (!hAppHandle || !pucCertificate || !puiCertificateLen) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(x509 = sk_X509_value(certs, uiIndex))) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
if (*puiCertificateLen < i2d_X509(x509, NULL)) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_X509(x509, &pucCertificate)) <= 0) {
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_X509_LIB);
goto end;
}
*puiCertificateLen = len;
ret = SAR_Ok;
end:
sk_X509_free(certs);
return ret;
}
/* 7.2.9 */
int SAF_RemoveCaCertificate(
void *hAppHandle,
unsigned int uiIndex)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
STACK_OF(X509) *certs = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
int i, err = 0;
if (!hAppHandle) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
goto end;
}
if (!(bio = BIO_new_file(app->rootcacerts, "w"))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_BIO_LIB);
goto end;
}
if (!(x509 = sk_X509_delete(certs, uiIndex))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_INVALID_INDEX);
goto end;
}
for (i = 0; i < sk_X509_num(certs); i++) {
if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) {
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PEM_LIB);
err++;
}
}
ret = SAR_Ok;
end:
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
return ret;
}
/* 7.2.10 */
int SAF_AddCrl(
void *hAppHandle,
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.11 */
int SAF_VerifyCertificate(
void *hAppHandle,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.12 */
int SAF_VerifyCertificateByCrl(
void *hAppHandle,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen,
unsigned char *pucDerCrl,
unsigned int uiDerCrlLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.13 */
int SAF_GetCertificateStateByOCSP(
void *hAppHandle,
unsigned char *pcOcspHostURL,
unsigned int uiOcspHostURLLen,
unsigned char *pucUsrCertificate,
unsigned int uiUsrCertificateLen,
unsigned char *pucCACertificate,
unsigned int uiCACertficateLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.14 */
int SAF_GetCertFromLdap(
void *hAppHandle,
char *pcLdapHostURL,
unsigned int uiLdapHostURLLen,
unsigned char *pucQueryDN,
unsigned int uiQueryDNLen,
unsigned char *pucOutCert,
unsigned int *puiOutCertLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.15 */
int SAF_GetCrlFromLdap(
void *hAppHandle,
char *pcLdapHostURL,
unsigned int uiLdapHostURLLen,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucCrlData,
unsigned int *puiCrlDataLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.16 */
int SAF_GetCertificateInfo(
void *hAppHandle,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned int uiInfoType,
unsigned char *pucInfo,
unsigned int *puiInfoLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.17 */
int SAF_GetExtTypeInfo(
void *hAppHandle,
unsigned char *pucDerCert,
unsigned int uiDerCertLen,
unsigned int uiInfoType,
unsigned char *pucPriOid,
unsigned int uiPriOidLen,
unsigned char *pucInfo,
unsigned int *puiInfoLen)
{
return SAR_NotSupportYetErr;
}
/* 7.2.18 */
int SAF_EnumCertificates(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts)
{
return SAR_NotSupportYetErr;
}
/* 7.2.19 */
int SAF_EnumKeyContainerInfo(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
{
return SAR_NotSupportYetErr;
}
/* 7.2.20 */
int SAF_EnumCertificatesFree(
void *hAppHandle,
SGD_USR_CERT_ENUMLIST *usrCerts)
{
return SAR_NotSupportYetErr;
}
/* 7.2.21 */
int SAF_EnumKeyContainerInfoFree(
void *hAppHandle,
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
{
return SAR_NotSupportYetErr;
}

630
crypto/saf/saf_ec.c
View File

@@ -1,630 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/gmapi.h>
#include <openssl/gmsdf.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.3.23 */
int SAF_GenEccKeyPair(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag)
{
int ret = -1;
SAF_APP *app = (SAF_APP *)hAppHandle;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
/* check arguments */
if (!hAppHandle || !pucContainerName) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 || uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiKeyBits < 160 || uiKeyBits > ECCref_MAX_BITS) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_KEY_LENGTH);
return SAR_ModulusLenErr;
}
if (uiKeyUsage != SGD_SM2_1 && uiKeyUsage != SGD_SM2_2 &&
uiKeyUsage != SGD_SM2_3) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR,
SAF_R_INVALID_KEY_USAGE);
return SAR_KeyUsageErr;
}
/* process */
if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, app->engine))
|| EVP_PKEY_keygen_init(pctx) <= 0
|| EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SAFerr(SAF_F_SAF_GENECCKEYPAIR, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_free(pkey);
return ret;
}
const char *SGD_GetKeyUsageName(unsigned int uiKeyUsage)
{
switch (uiKeyUsage) {
case SGD_PK_SIGN:
return "sign";
case SGD_PK_ENC:
return "enc";
case SGD_PK_DH:
return "dh";
}
return NULL;
}
/* 7.3.24 */
int SAF_GetEccPublicKey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
EVP_PKEY *pkey = NULL;
char key_id[1024];
int len;
/* check arguments */
if (!hAppHandle || !pucContainerName || !pucPublicKey ||
!puiPublicKeyLen) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 ||
uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiKeyUsage != SGD_SM2_1 && uiKeyUsage != SGD_SM2_2 &&
uiKeyUsage != SGD_SM2_3) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_INVALID_KEY_USAGE);
return SAR_KeyUsageErr;
}
if ((size_t)*puiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY,
SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataErr;
}
/* process */
/*
snprintf(key_id, sizeof(key_id), "%s.%s", (char *)pucContainerName,
SGD_GetKeyUsageName(uiKeyUsage));
*/
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if ((len = i2d_PUBKEY(pkey, &pucPublicKey)) <= 0) {
SAFerr(SAF_F_SAF_GETECCPUBLICKEY, ERR_R_X509_LIB);
goto end;
}
*puiPublicKeyLen = (unsigned int)len;
/* set return value */
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
return ret;
}
/* 7.3.25 */
int SAF_EccSign(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiAlgorithmID, /* SGD_SM2_1 */
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int *puiSignDataLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
char key_id[1024];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t siglen;
/* check arguments */
if (!hAppHandle || !pucContainerName || !pucInData ||
!pucSignData || !puiSignDataLen) {
SAFerr(SAF_F_SAF_ECCSIGN,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerNameLen <= 0 ||
uiContainerNameLen > SGD_MAX_NAME_SIZE ||
strlen((char *)pucContainerName) != uiContainerNameLen) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_NameLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if ((size_t)*puiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCSIGN, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataErr;
}
/* process */
/*
snprintf(key_id, sizeof(key_id), "%s.sign", (char *)pucContainerName);
*/
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, app->engine))
|| EVP_PKEY_sign_init(pctx) <= 0
|| EVP_PKEY_sign(pctx, pucSignData, &siglen, pucInData, (size_t)uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCSIGN, ERR_R_EVP_LIB);
goto end;
}
*puiSignDataLen = (unsigned int)siglen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.26 */
int SAF_EccVerifySign(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int uiSignDataLen)
{
int ret = SAR_UnknownErr;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
/* check arguments */
if (!pucPublicKey || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_verify_init(pctx) <= 0
|| EVP_PKEY_verify(pctx, pucSignData, uiSignDataLen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGN, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.27 */
int SAF_EccPublicKeyEnc(
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = -1;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t outlen = *puiOutDataLen;
/* check arguments */
if (!pucPublicKey || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen != sizeof(ECCrefPublicKey)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_3) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen <= 0 || uiInDataLen > SAF_MAX_EC_CIPHERTEXT_LENGTH) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (*puiOutDataLen != sizeof(ECCCipher)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* precess */
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_decrypt_init(pctx) <= 0
|| EVP_PKEY_decrypt(pctx, pucOutData, &outlen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENC, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
return ret;
}
/* 7.3.28 */
int SAF_EccPublicKeyEncByCert(
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned int uiAlgorithmID,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
X509 *x509 = NULL;
unsigned char pubkey[1024];
unsigned char *p = pubkey;
int len;
/* check arguments */
if (!pucCertificate || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_3) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen <= 0 || uiInDataLen > SAF_MAX_EC_CIPHERTEXT_LENGTH) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (*puiOutDataLen != sizeof(ECCCipher)) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_ECCPUBLICKEYENCBYCERT, ERR_R_X509_LIB);
goto end;
}
ret = SAF_EccPublicKeyEnc(
pubkey,
(unsigned int)len,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
return ret;
}
/* 7.3.29 */
int SAF_EccVerifySignByCert(
unsigned int uiAlgorithmID,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignData,
unsigned int uiSignDataLen)
{
int ret = SAR_UnknownErr;
X509 *x509 = NULL;
unsigned char pucPublicKey[1024];
unsigned int uiPublicKeyLen;
unsigned char *p = pucPublicKey;
int len;
/* check arguments */
if (!pucCertificate || !pucInData || !pucSignData) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiAlgorithmID != SGD_SM2_1) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (uiInDataLen != SM3_DIGEST_LENGTH) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (uiSignDataLen != sizeof(ECCSignature)) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT,
SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_ECCVERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
uiPublicKeyLen = (unsigned int)len;
ret = SAF_EccVerifySign(
pucPublicKey,
uiPublicKeyLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucSignData,
uiSignDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
return ret;
}
/* 7.3.33 */
int SAF_GenerateAgreementDataWithECC(
void *hSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
unsigned char *pucSponsorPublicKey,
unsigned int *puiSponsorPublicKeyLen,
unsigned char *pucSponsorTmpPublicKey,
unsigned int *puiSponsorTmpPublicKeyLen,
void **phAgreementHandle)
{
int ret = -1;
ret = SAR_Ok;
return ret;
}
/* 7.3.34 */
int SAF_GenerateKeyWithECC(
void *phAgreementHandle,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucResponsePublicKey,
unsigned int uiResponsePublicKeyLen,
unsigned char *pucResponseTmpPublicKey,
unsigned int uiResponseTmpPublicKeyLen,
void **phKeyHandle)
{
int ret = -1;
return ret;
}
/* 7.3.35 */
int SAF_GenerateAgreementDataAdnKeyWithECC(
void *hSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned char *pucResponseID,
unsigned int uiResponseIDLength,
unsigned char *pucSponsorID,
unsigned int uiSponsorIDLength,
unsigned char *pucSponsorPublicKey,
unsigned int *puiSponsorPublicKeyLen,
unsigned char *pucSponsorTmpPublicKey,
unsigned int *puiSponsorTmpPublicKeyLen,
unsigned char *pucResponsePublicKey,
unsigned int uiResponsePublicKeyLen,
unsigned char *pucResponseTmpPublicKey,
unsigned int uiResponseTmpPublicKeyLen,
void **phKeyHandle)
{
int ret;
void *hAgreementHandle = NULL;
if ((ret = SAF_GenerateAgreementDataWithECC(
hSymmKeyObj,
pucContainerName,
uiContainerNameLen,
uiKeyBits,
pucSponsorID,
uiSponsorIDLength,
pucSponsorPublicKey,
puiSponsorPublicKeyLen,
pucSponsorTmpPublicKey,
puiSponsorTmpPublicKeyLen,
&hAgreementHandle)) != SAR_OK) {
}
if ((ret = SAF_GenerateKeyWithECC(
hAgreementHandle,
pucResponseID,
uiResponseIDLength,
pucResponsePublicKey,
uiResponsePublicKeyLen,
pucResponseTmpPublicKey,
uiResponseTmpPublicKeyLen,
phKeyHandle)) != SAR_OK) {
}
return 0;
}
/* GmSSL Extension */
int SAF_EccSignFile(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
return SAR_OK;
}
int SAF_EccVerifySignFile(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
return SAR_OK;
}

297
crypto/saf/saf_enc.c
View File

@@ -1,297 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.39 */
int SAF_SymmEncryptUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cipher_ctx) {
const EVP_CIPHER *cipher;
// FIXME: get ulFeedBitLen from key handle
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!EVP_EncryptInit_ex(hkey->cipher_ctx, cipher,
hkey->hSymmKeyObj->app->engine,
hkey->key, hkey->hSymmKeyObj->pucIV)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
}
if (!EVP_EncryptUpdate(hkey->cipher_ctx, pucOutData, &outlen,
pucInData, (int)uiInDataLen)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cipher_ctx) {
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
}
return ret;
}
/* 7.3.40 */
int SAF_SymmEncryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cipher_ctx) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, SAF_R_ENCRYPT_NOT_INITIALIED);
return SAR_NotInitializeErr;
}
if (!EVP_EncryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_SYMMENCRYPTFINAL, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
return ret;
}
/* 7.3.42 */
int SAF_SymmDecryptUpdate(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucInData || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cipher_ctx) {
const EVP_CIPHER *cipher;
//Get feedbitlen from keyhandle
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cipher_ctx = EVP_CIPHER_CTX_new())) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!EVP_DecryptInit_ex(hkey->cipher_ctx, cipher,
hkey->hSymmKeyObj->app->engine,
hkey->key, hkey->hSymmKeyObj->pucIV)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
}
if (!EVP_DecryptUpdate(hkey->cipher_ctx, pucOutData, &outlen,
pucInData, (int)uiInDataLen)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTUPDATE, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cipher_ctx) {
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
}
return ret;
}
/* 7.3.43 */
int SAF_SymmDecryptFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
int outlen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!hkey->cipher_ctx) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, SAF_R_DECRYPT_NOT_INITIALIZED);
return SAR_NotInitializeErr;
}
if (!EVP_DecryptFinal_ex(hkey->cipher_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_SYMMDECRYPTFINAL, ERR_R_EVP_LIB);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_OK;
end:
EVP_CIPHER_CTX_free(hkey->cipher_ctx);
hkey->cipher_ctx = NULL;
return ret;
}
/* 7.3.38 */
int SAF_SymmEncrypt(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
unsigned int len;
if ((ret = SAF_SymmEncryptUpdate(hKeyHandle, pucInData, uiInDataLen,
pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_SymmEncryptFinal(hKeyHandle,
pucOutData + *puiOutDataLen, &len)) != SAR_OK) {
return ret;
}
*puiOutDataLen += len;
return SAR_OK;
}
/* 7.3.41 */
int SAF_SymmDecrypt(
void *hKeyHandle,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
unsigned int len;
if ((ret = SAF_SymmDecryptUpdate(hKeyHandle, pucInData, uiInDataLen,
pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_SymmDecryptFinal(hKeyHandle,
pucOutData + *puiOutDataLen, &len)) != SAR_OK) {
return ret;
}
*puiOutDataLen += len;
return SAR_OK;
}

142
crypto/saf/saf_err.c
View File

@@ -1,142 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gmsaf.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SAF,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SAF,0,reason)
static ERR_STRING_DATA SAF_str_functs[] = {
{ERR_FUNC(SAF_F_SAF_ADDCACERTIFICATE), "SAF_AddCaCertificate"},
{ERR_FUNC(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE),
"SAF_AddTrustedRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_BASE64_CREATEBASE64OBJ),
"SAF_Base64_CreateBase64Obj"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODE), "SAF_Base64_Decode"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODEFINAL), "SAF_Base64_DecodeFinal"},
{ERR_FUNC(SAF_F_SAF_BASE64_DECODEUPDATE), "SAF_Base64_DecodeUpdate"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODE), "SAF_Base64_Encode"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"},
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"},
{ERR_FUNC(SAF_F_SAF_CHANGEPIN), "SAF_ChangePin"},
{ERR_FUNC(SAF_F_SAF_CREATEHASHOBJ), "SAF_CreateHashObj"},
{ERR_FUNC(SAF_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"},
{ERR_FUNC(SAF_F_SAF_DESTROYHASHOBJ), "SAF_DestroyHashObj"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"},
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENCBYCERT), "SAF_EccPublicKeyEncByCert"},
{ERR_FUNC(SAF_F_SAF_ECCSIGN), "SAF_EccSign"},
{ERR_FUNC(SAF_F_SAF_ECCVERIFYSIGN), "SAF_EccVerifySign"},
{ERR_FUNC(SAF_F_SAF_ECCVERIFYSIGNBYCERT), "SAF_EccVerifySignByCert"},
{ERR_FUNC(SAF_F_SAF_GENECCKEYPAIR), "SAF_GenEccKeyPair"},
{ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"},
{ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"},
{ERR_FUNC(SAF_F_SAF_GENRSAKEYPAIR), "SAF_GenRsaKeyPair"},
{ERR_FUNC(SAF_F_SAF_GETCACERTIFICATE), "SAF_GetCaCertificate"},
{ERR_FUNC(SAF_F_SAF_GETCACERTIFICATECOUNT), "SAF_GetCaCertificateCount"},
{ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"},
{ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATE), "SAF_GetRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATECOUNT),
"SAF_GetRootCaCertificateCount"},
{ERR_FUNC(SAF_F_SAF_GETRSAPUBLICKEY), "SAF_GetRsaPublicKey"},
{ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"},
{ERR_FUNC(SAF_F_SAF_HASH), "SAF_Hash"},
{ERR_FUNC(SAF_F_SAF_HASHFINAL), "SAF_HashFinal"},
{ERR_FUNC(SAF_F_SAF_HASHUPDATE), "SAF_HashUpdate"},
{ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"},
{ERR_FUNC(SAF_F_SAF_KEY_NEW), "SAF_KEY_new"},
{ERR_FUNC(SAF_F_SAF_LOAD_PRIVATE_KEY), "SAF_load_private_key"},
{ERR_FUNC(SAF_F_SAF_LOAD_PUBLIC_KEY), "SAF_load_public_key"},
{ERR_FUNC(SAF_F_SAF_LOGIN), "SAF_Login"},
{ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"},
{ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"},
{ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA),
"SAF_Pkcs7_DecodeDigestedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA),
"SAF_Pkcs7_DecodeEnvelopedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_DECODESIGNEDDATA),
"SAF_Pkcs7_DecodeSignedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA),
"SAF_Pkcs7_EncodeDigestedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA),
"SAF_Pkcs7_EncodeEnvelopedData"},
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA),
"SAF_Pkcs7_EncodeSignedData"},
{ERR_FUNC(SAF_F_SAF_REMOVECACERTIFICATE), "SAF_RemoveCaCertificate"},
{ERR_FUNC(SAF_F_SAF_REMOVEROOTCACERTIFICATE),
"SAF_RemoveRootCaCertificate"},
{ERR_FUNC(SAF_F_SAF_RSASIGN), "SAF_RsaSign"},
{ERR_FUNC(SAF_F_SAF_RSAVERIFYSIGN), "SAF_RsaVerifySign"},
{ERR_FUNC(SAF_F_SAF_SYMMDECRYPTFINAL), "SAF_SymmDecryptFinal"},
{ERR_FUNC(SAF_F_SAF_SYMMDECRYPTUPDATE), "SAF_SymmDecryptUpdate"},
{ERR_FUNC(SAF_F_SAF_SYMMENCRYPTFINAL), "SAF_SymmEncryptFinal"},
{ERR_FUNC(SAF_F_SAF_SYMMENCRYPTUPDATE), "SAF_SymmEncryptUpdate"},
{ERR_FUNC(SAF_F_SAF_SYMMKEYOBJ_DUP), "SAF_SYMMKEYOBJ_dup"},
{ERR_FUNC(SAF_F_SAF_VERIFYSIGNBYCERT), "SAF_VerifySignByCert"},
{0, NULL}
};
static ERR_STRING_DATA SAF_str_reasons[] = {
{ERR_REASON(SAF_R_BUFFER_TOO_SMALL), "buffer too small"},
{ERR_REASON(SAF_R_CMAC_FAILURE), "cmac failure"},
{ERR_REASON(SAF_R_DECRYPT_NOT_INITIALIZED), "decrypt not initialized"},
{ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"},
{ERR_REASON(SAF_R_ENCRYPT_NOT_INITIALIED), "encrypt not initialied"},
{ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"},
{ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"},
{ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"},
{ERR_REASON(SAF_R_INVALID_APP), "invalid app"},
{ERR_REASON(SAF_R_INVALID_CERTIFICATE), "invalid certificate"},
{ERR_REASON(SAF_R_INVALID_DIGEST_ALGOR), "invalid digest algor"},
{ERR_REASON(SAF_R_INVALID_HANDLE), "invalid handle"},
{ERR_REASON(SAF_R_INVALID_INDEX), "invalid index"},
{ERR_REASON(SAF_R_INVALID_INPUT_LENGTH), "invalid input length"},
{ERR_REASON(SAF_R_INVALID_KEY_HANDLE), "invalid key handle"},
{ERR_REASON(SAF_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"},
{ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(SAF_R_INVALID_PKCS7), "invalid pkcs7"},
{ERR_REASON(SAF_R_INVALID_PKCS7_DATA), "invalid pkcs7 data"},
{ERR_REASON(SAF_R_INVALID_PKCS7_TYPE), "invalid pkcs7 type"},
{ERR_REASON(SAF_R_INVALID_PKEY_TYPE), "invalid pkey type"},
{ERR_REASON(SAF_R_INVALID_PUBLIC_KEY), "invalid public key"},
{ERR_REASON(SAF_R_LOA), "loa"},
{ERR_REASON(SAF_R_LOAD_CERTS_FAILURE), "load certs failure"},
{ERR_REASON(SAF_R_LOAD_KEY_FAILURE), "load key failure"},
{ERR_REASON(SAF_R_LOAD_PRIVATE_KEY_FAILURE), "load private key failure"},
{ERR_REASON(SAF_R_LOAD_PUBLIC_KEY_FAILURE), "load public key failure"},
{ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"},
{ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"},
{ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED),
"operation not initialized"},
{ERR_REASON(SAF_R_PKCS7_VERIFY_FAILURE), "pkcs7 verify failure"},
{ERR_REASON(SAF_R_UNSUPPORTED_ALGOR), "unsupported algor"},
{ERR_REASON(SAF_R_UNSUPPORTED_DIGEST_ALGOR), "unsupported digest algor"},
{0, NULL}
};
#endif
int ERR_load_SAF_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SAF_str_functs[0].error) == NULL) {
ERR_load_strings(0, SAF_str_functs);
ERR_load_strings(0, SAF_str_reasons);
}
#endif
return 1;
}

105
crypto/saf/saf_errstr.c
View File

@@ -1,105 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include <openssl/gmsaf.h>
#include "../../e_os.h"
static ERR_STRING_DATA saf_errstr[] = {
{ SAR_Ok, "Success" },
{ SAR_UnknownErr, "Unknown error" },
{ SAR_NotSupportYetErr, "Not supported yet error" },
{ SAR_FileErr, "File error" },
{ SAR_ProviderTypeErr, "Provider type error" },
{ SAR_LoadProviderErr, "Load provider error" },
{ SAR_LoadDevMngApiErr, "Load Device management API error" },
{ SAR_AlgoTypeErr, "Algorithm type error" },
{ SAR_NameLenErr, "Name length error" },
{ SAR_KeyUsageErr, "Key usage error" },
{ SAR_ModulusLenErr, "Modulus length error" },
{ SAR_NotInitializeErr, "Not initialized error" },
{ SAR_ObjErr, "Object error" },
{ SAR_MemoryErr, "Memory error" },
{ SAR_TimeoutErr, "Timeout error" },
{ SAR_IndataLenErr, "Input data length error" },
{ SAR_IndataErr, "Input data error" },
{ SAR_GenRandErr, "Generate random error" },
{ SAR_HashObjErr, "Hash object error" },
{ SAR_HashErr, "Hash error" },
{ SAR_GenRsaKeyErr, "Generate RSA key error" },
{ SAR_RsaModulusLenErr, "RSA modulus length error" },
{ SAR_CspImportPubKeyErr,"CSP import public key error" },
{ SAR_RsaEncErr, "RSA encryption error" },
{ SAR_RsaDecErr, "RSA decryption error" },
{ SAR_HashNotEqualErr, "Hash not equal error" },
{ SAR_KeyNotFoundErr, "Key not found error" },
{ SAR_CertNotFoundErr, "Certificate not found error" },
{ SAR_NotExportErr, "Non-exportable error" },
{ SAR_CertRevokedErr, "Certificate revoked error" },
{ SAR_CertNotYetValidErr,"Certificate not yet valid error" },
{ SAR_CerthashExpiredErr,"Certificate hash expirted error" },
{ SAR_CertVerifyErr, "Certificate verification error" },
{ SAR_CertEncodeErr, "Certificate encoding error" },
{ SAR_DecryptPadErr, "Decryption padding error" },
{ SAR_MacLenErr, "MAC length error" },
{ SAR_KeyInfoTypeErr, "Key information type error" },
{ SAR_NotLogin, "Not login" },
};
const char *SAF_GetErrorString(int err)
{
int i;
for (i = 0; i < OSSL_NELEM(saf_errstr); i++) {
if (err == saf_errstr[i].error) {
return saf_errstr[i].string;
}
}
return "(undef)";
}

258
crypto/saf/saf_hash.c
View File

@@ -1,258 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.12 */
int SAF_CreateHashObj(void **phHashObj,
unsigned int uiAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucID,
unsigned int uiIDLen)
{
int ret = SAR_UnknownErr;
const EVP_MD *md;
EVP_MD_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
if (!phHashObj) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!(md = EVP_get_digestbysgd(uiAlgoType))) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_ALGOR);
return SAR_AlgoTypeErr;
}
if (!(ctx = EVP_MD_CTX_new())) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_MALLOC_FAILURE);
goto end;
}
/* limitation of the SAF hashing:
* can not specify an engine, only use the default implementation
*/
if (!EVP_DigestInit_ex(ctx, md, NULL)) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB);
goto end;
}
if (pucPublicKey) {
unsigned char dgst[EVP_MAX_MD_SIZE];
size_t dgstlen = sizeof(dgst);
if (!pucID) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
ret = SAR_IndataErr;
goto end;
}
if (uiIDLen <= 0 || uiIDLen > SM2_MAX_ID_LENGTH
|| strlen((char *)pucID) != uiIDLen
|| uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_INPUT_LENGTH);
ret = SAR_IndataLenErr;
goto end;
}
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_PUBLIC_KEY);
ret = SAR_IndataErr;
goto end;
}
if (!SM2_compute_id_digest(md, (char *)pucID, uiIDLen, dgst, &dgstlen,
EVP_PKEY_get0_EC_KEY(pkey))) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EC_LIB);
goto end;
}
if (!EVP_DigestUpdate(ctx, dgst, dgstlen)) {
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB);
goto end;
}
}
*phHashObj = ctx;
ctx = NULL;
ret = SAR_Ok;
end:
if (ret != SAR_Ok) {
*phHashObj = NULL;
}
EVP_MD_CTX_free(ctx);
EVP_PKEY_free(pkey);
return ret;
}
/* 7.3.13 */
int SAF_DestroyHashObj(
void *phHashObj)
{
if (!phHashObj) {
SAFerr(SAF_F_SAF_DESTROYHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
EVP_MD_CTX_free((EVP_MD_CTX *)phHashObj);
return SAR_Ok;
}
/* 7.3.14 */
int SAF_HashUpdate(
void *phHashObj,
const unsigned char *pucInData,
unsigned int uiInDataLen)
{
if (!phHashObj || pucInData) {
SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_HASHUPDATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, uiInDataLen)) {
SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_EVP_LIB);
return SAR_HashErr;
}
return SAR_Ok;
}
/* 7.3.15 */
int SAF_HashFinal(void *phHashObj,
unsigned char *pucOutData,
unsigned int *uiOutDataLen)
{
if (!phHashObj || !pucOutData || !uiOutDataLen) {
SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*uiOutDataLen < EVP_MAX_MD_SIZE) {
SAFerr(SAF_F_SAF_HASHFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!EVP_DigestFinal_ex((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) {
SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_EVP_LIB);
return SAR_HashErr;
}
return SAR_Ok;
}
/* 7.3.11 */
int SAF_Hash(
unsigned int uiAlgoType,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pubID,
unsigned int uiIDLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret;
void *hHashObj = NULL;
if ((ret = SAF_CreateHashObj(
&hHashObj,
uiAlgoType,
pucPublicKey,
uiPublicKeyLen,
pubID,
uiIDLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
return ret;
}
if ((ret = SAF_HashUpdate(
hHashObj,
pucInData,
uiInDataLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
goto err;
}
if ((ret = SAF_HashFinal(
hHashObj,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
goto err;
}
if ((ret = SAF_DestroyHashObj(
hHashObj)) != SAR_Ok) {
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
return ret;
}
return SAR_Ok;
err:
/* keep the first error */
(void)SAF_DestroyHashObj(hHashObj);
return ret;
}

229
crypto/saf/saf_keyhandle.c
View File

@@ -1,229 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <limits.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include <openssl/crypto.h>
#include "saf_lcl.h"
/* 7.3.31 */
int SAF_GenerateKeyWithEPK(
void *hSymmKeyObj,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int *puiSymmKeyLen,
void **phKeyHandle)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
const EVP_CIPHER *cipher;
unsigned char keybuf[32];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pkctx = NULL;
size_t outlen;
if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey
|| !puiSymmKeyLen || !phKeyHandle) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
outlen = (size_t)*puiSymmKeyLen;
if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID, 0)) //fixme: feedbitlen
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|| !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
|| !EVP_PKEY_encrypt_init(pkctx)
|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE);
goto end;
}
// init EVP_CIPHER_CTX
if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE);
goto end;
}
*puiSymmKeyLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pkctx);
return ret;
}
/*
65 typedef struct {
66 SAF_APP *app;
67 unsigned char *pucContainerName;
68 unsigned int uiContainerLen;
69 unsigned char *pucIV;
70 unsigned int uiIVLen;
71 unsigned int uiEncOrDec;
72 unsigned int uiCryptoAlgID;
73 } SAF_SYMMKEYOBJ;
74
75 typedef struct {
76 SAF_SYMMKEYOBJ *hSymmKeyObj;
77 unsigned char key[64];
78 int keylen;
79 EVP_CIPHER_CTX *cipher_ctx;
80 CMAC_CTX *cmac_ctx;
81 } SAF_KEY;
*/
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *hSymmKeyObj)
{
SAF_KEY *ret = NULL;
SAF_KEY *key = NULL;
if (!(key = OPENSSL_zalloc(sizeof(*key)))
|| !(key->hSymmKeyObj = SAF_SYMMKEYOBJ_dup(hSymmKeyObj))) {
SAFerr(SAF_F_SAF_KEY_NEW, ERR_R_MALLOC_FAILURE);
goto end;
}
ret = key;
key = NULL;
end:
SAF_KEY_free(key);
return ret;
}
void SAF_KEY_free(SAF_KEY *key)
{
if (key) {
SAF_SYMMKEYOBJ_free(key->hSymmKeyObj);
}
OPENSSL_clear_free(key, sizeof(*key));
}
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a)
{
SAF_SYMMKEYOBJ *ret = NULL;
SAF_SYMMKEYOBJ *obj = NULL;
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))
|| !(obj->pucContainerName = OPENSSL_memdup(a->pucContainerName, a->uiContainerLen))
|| !(obj->pucIV = OPENSSL_memdup(a->pucIV, a->uiIVLen))) {
SAFerr(SAF_F_SAF_SYMMKEYOBJ_DUP, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->uiContainerLen = a->uiContainerLen;
obj->uiIVLen = a->uiIVLen;
obj->uiEncOrDec = a->uiEncOrDec;
obj->uiCryptoAlgID = a->uiCryptoAlgID;
ret = obj;
obj = NULL;
end:
SAF_SYMMKEYOBJ_free(obj);
return ret;
}
void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *obj)
{
if (obj) {
OPENSSL_free(obj->pucContainerName);
OPENSSL_free(obj->pucIV);
OPENSSL_free(obj);
}
}
/* 7.3.32 */
int SAF_ImportEncedKey(
void *hSymmKeyObj,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
void **phKeyHandle)
{
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *hobj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
char key_id[1024];
/*
snprintf(key_id, sizeof(key_id), "%s.enc", hobj->pucContainerName);
*/
if (!(pkey = ENGINE_load_private_key(hobj->app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, hobj->app->engine))
|| EVP_PKEY_decrypt_init(pctx) <= 0
|| EVP_PKEY_decrypt(pctx, hkey->key, &hkey->keylen, pucSymmKey, uiSymmKeyLen) <= 0) {
goto end;
}
end:
return 0;
}
/* 7.3.37 */
int SAF_DestroyKeyHandle(
void *hKeyHandle)
{
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
OPENSSL_clear_free(hkey, hkey->keylen);
return SAR_OK;
}

95
crypto/saf/saf_lcl.h
View File

@@ -1,95 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsdf.h>
#include <openssl/gmsaf.h>
#include <openssl/engine.h>
#include <openssl/err.h>
typedef struct saf_app_st {
ENGINE *engine;
char *rootcacerts;
char *cacerts;
} SAF_APP;
typedef struct {
EVP_ENCODE_CTX *ctx;
int inited;
} SAF_BASE64OBJ;
typedef struct {
SAF_APP *app;
unsigned char *pucContainerName;
unsigned int uiContainerLen;
unsigned char *pucIV;
unsigned int uiIVLen;
unsigned int uiEncOrDec;
unsigned int uiCryptoAlgID;
} SAF_SYMMKEYOBJ;
typedef struct {
SAF_SYMMKEYOBJ *hSymmKeyObj;
unsigned char key[64];
size_t keylen;
EVP_CIPHER_CTX *cipher_ctx;
CMAC_CTX *cmac_ctx;
} SAF_KEY;
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *obj);
void SAF_KEY_free(SAF_KEY *key);
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a);
void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *a);
EVP_PKEY *SAF_load_private_key(SAF_APP *app, const char *container, int flags);
EVP_PKEY *SAF_load_public_key(SAF_APP *app, const char *container, int flags);

121
crypto/saf/saf_lib.c
View File

@@ -1,121 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
EVP_PKEY *SAF_load_private_key(SAF_APP *app, const char *container, int flags)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[1024];
if (!app->engine) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_INVALID_APP);
return NULL;
}
/*
snprintf(key_id, sizeof(key_id), "%s.%s", container,
((flags & EVP_PKT_SIGN) ? "sign" : "enc"));
*/
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_LOAD_PRIVATE_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_base_id(pkey) !=
((flags & EVP_PK_EC) ? EVP_PKEY_EC : EVP_PKEY_RSA)) {
SAFerr(SAF_F_SAF_LOAD_PRIVATE_KEY, SAF_R_INVALID_PKEY_TYPE);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}
EVP_PKEY *SAF_load_public_key(SAF_APP *app, const char *container, int flags)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
char key_id[1024];
if (!app->engine) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_INVALID_APP);
return NULL;
}
/*
snprintf(key_id, sizeof(key_id), "%s.%s", container,
((flags & EVP_PKT_SIGN) ? "sign" : "enc"));
*/
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_LOAD_PUBLIC_KEY_FAILURE);
goto end;
}
if (EVP_PKEY_base_id(pkey) !=
((flags & EVP_PK_EC) ? EVP_PKEY_EC : EVP_PKEY_RSA)) {
SAFerr(SAF_F_SAF_LOAD_PUBLIC_KEY, SAF_R_INVALID_PKEY_TYPE);
goto end;
}
ret = pkey;
pkey = NULL;
end:
EVP_PKEY_free(pkey);
return ret;
}

167
crypto/saf/saf_mac.c
View File

@@ -1,167 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/cmac.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.45 */
int SAF_MacUpdate(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
if (!hKeyHandle || !pucInData) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!hkey->cmac_ctx) {
const EVP_CIPHER *cipher;
//Fixme: feedbitlen
if (!(cipher = EVP_get_cipherbysgd(hkey->hSymmKeyObj->uiCryptoAlgID, 0))) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_INVALID_KEY_HANDLE);
ret = SAR_IndataErr;
goto end;
}
if (!(hkey->cmac_ctx = CMAC_CTX_new())) {
SAFerr(SAF_F_SAF_MACUPDATE, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!CMAC_Init(hkey->cmac_ctx, hkey->key, hkey->keylen, cipher,
hkey->hSymmKeyObj->app->engine)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
goto end;
}
}
if (!CMAC_Update(hkey->cmac_ctx, pucInData, uiInDataLen)) {
SAFerr(SAF_F_SAF_MACUPDATE, SAF_R_CMAC_FAILURE);
return SAR_UnknownErr;
}
ret = SAR_OK;
end:
if (ret != SAR_OK && hkey->cmac_ctx) {
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
}
return ret;
}
/* 7.3.46 */
int SAF_MacFinal(
void *hKeyHandle,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = (SAF_KEY *)hKeyHandle;
size_t outlen = *puiOutDataLen;
if (!hKeyHandle || !pucOutData || !puiOutDataLen) {
SAFerr(SAF_F_SAF_MACFINAL, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (*puiOutDataLen < EVP_MAX_MD_SIZE) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_BUFFER_TOO_SMALL);
return SAR_IndataLenErr;
}
if (!hkey->cmac_ctx) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_OPERATION_NOT_INITIALIZED);
return SAR_UnknownErr;
}
if (!CMAC_Final(hkey->cmac_ctx, pucOutData, &outlen)) {
SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE);
goto end;
}
*puiOutDataLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
CMAC_CTX_free(hkey->cmac_ctx);
hkey->cmac_ctx = NULL;
return ret;
}
/* 7.4.44 */
int SAF_Mac(
void *hKeyHandle,
const unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucOutData,
unsigned int *puiOutDataLen)
{
int ret;
if ((ret = SAF_MacUpdate(hKeyHandle, pucInData, uiInDataLen)) != SAR_OK) {
return ret;
}
if ((ret = SAF_MacFinal(hKeyHandle, pucOutData, puiOutDataLen)) != SAR_OK) {
return ret;
}
return SAR_OK;
}

634
crypto/saf/saf_pkcs7.c
View File

@@ -1,634 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/pkcs7.h>
#include <openssl/gmapi.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.4.2 */
int SAF_Pkcs7_EncodeData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.3 */
int SAF_Pkcs7_DecodeData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerP7Data,
unsigned int uiDerP7DataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithm)
{
int ret = SAR_UnknownErr;
return ret;
}
/* 7.4.4 */
int SAF_Pkcs7_EncodeSignedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7Data,
unsigned int *puiDerP7DataLen)
{
int ret = SAR_UnknownErr;
SAF_APP *app = (SAF_APP *)hAppHandle;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *data = NULL;
int len;
if (!hAppHandle || !pucSignContainerName || !pucSignerCertificate
|| !pucData || !pucDerP7Data || !puiDerP7DataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiSignContainerNameLen <= 0 || uiSignContainerNameLen > INT_MAX
|| strlen((char *)pucSignContainerName) != uiSignContainerNameLen
|| uiSignerCertificateLen <= 0 || uiSignerCertificateLen > INT_MAX
|| uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_load_private_key(app, (char *)pucSignContainerName,
EVP_PK_EC|EVP_PKT_SIGN))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_LOAD_KEY_FAILURE);
goto end;
}
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucSignerCertificate,
uiSignerCertificateLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
if (!(data = BIO_new_mem_buf(pucData, uiDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_BIO_LIB);
goto end;
}
if (!(p7 = PKCS7_sign(x509, pkey, NULL, data, PKCS7_BINARY))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7Data)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODESIGNEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
*puiDerP7DataLen = len;
ret = SAR_Ok;
end:
PKCS7_free(p7);
X509_free(x509);
BIO_free(data);
return ret;
}
/* 7.4.5 */
int SAF_Pkcs7_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerP7SignedData,
unsigned int uiDerP7SignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSig,
unsigned int *puiSigLen)
{
int ret = SAR_UnknownErr;
#if 0
PKCS7 *p7 = NULL;
PKCS7_SIGNED *p7signed;
X509 *x509 = NULL;
PKCS7_SIGNER_INFO *signer_info;
X509_ALGOR *algor;
BIO *bio = NULL;
if (!hAppHandle || !pucDerP7SignedData || !puiDigestAlgorithm
|| !puiSignerCertificateLen || !puiDataLen || !puiSigLen) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDerP7SignedDataLen <= 0 || uiDerP7SignedDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(p7 = d2i_PKCS7(NULL, (const unsigned char **)&pucDerP7SignedData,
uiDerP7SignedDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (!(bio = BIO_new(BIO_s_mem()))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!PKCS7_type_is_signed(p7)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_TYPE);
goto end;
}
if (!PKCS7_verify(p7, NULL, NULL, NULL, bio, 0)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_PKCS7_VERIFY_FAILURE);
goto end;
}
if (!(p7signed = p7->d.sign)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
/* get digest algor */
if (sk_X509_ALGOR_num(p7signed->md_algs) != 1
|| !(algor = sk_X509_ALGOR_value(p7signed->md_algs, 0))
|| (*puiDigestAlgorithm = EVP_MD_sgd(EVP_get_digestbyobj(algor->algorithm))) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
/* get signer's certificate */
if (sk_X509_ALGOR_num(p7signed->cert) != 1
|| !(x509 = sk_X509_ALGOR_value(p7signed->cert, 0))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if ((len = i2d_X509(x509, NULL)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
if (*puiSignerCertificateLen < len) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
if ((len = i2d_X509(x509, &pucSignerCertficate)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, ERR_R_X509_LIB);
goto end;
}
*puiSignerCertificateLen = len;
/* get data */
if (!(p7signed->contents)
|| !PKCS7_type_is_data(p7signed->contents)
|| !(data = p7signed->contents->d.data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (*puiDataLen < ASN1_STRING_length(data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
memcpy(pucData, ASN1_STRING_get0_data(data), ASN1_STRING_length(data));
*puiDataLen = ASN1_STRING_length(data);
/* get signature */
if (sk_SIGNER_INFO_num(p7signed->signer_info) <= 0
|| !(signer_info = sk_SIGNER_INFO_value(p7signed->signer_info, 0))) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_INVALID_PKCS7_DATA);
goto end;
}
if (*puiSigLen < ASN1_STRING_length(signer_info->enc_digest)) {
SAFerr(SAF_F_SAF_PKCS7_DECODESIGNEDDATA, SAF_R_BUFFER_TOO_SMALL);
goto end;
}
memcpy(pucSig, ASN1_STRING_get0_data(signer_info->enc_digest),
ASN1_STRING_length(signer_info->enc_digest));
*puiSigLen = ASN1_STRING_length(signer_info->enc_digest);
ret = SAR_Ok;
end:
PKCS7_free(p7);
X509_free(x509);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.6 */
int SAF_Pkcs7_EncodeEnvelopedData(
void *hAppHandle,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucDerP7EnvelopedData,
unsigned int *puiDerP7EnvelopedDataLen)
{
int ret = SAR_UnknownErr;
#if 0
PKCS7 *p7 = NULL;
X509 *x509 = NULL;
STACK_OF(X509) *certs = NULL;
BIO *bio = NULL;
const EVP_CIPHER *cipher;
int len;
/* check arguments */
if (!hAppHandle || !pucData || !pucEncCertificate || !puiDerP7EnvelopedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDataLen <= 0 || uiDataLen > INT_MAX
|| uiEncCertificateLen <= 0 || uiEncCertificateLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(cipher = EVP_get_cipherbysgd(uiSymmAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_UNSUPPORTED_ALGOR);
return SAR_AlgoTypeErr;
}
/* process */
if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))
|| !(certs = sk_X509_new_null())
|| !(x509 = X509_new())) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_MALLOC_FAILURE);
ret = SAR_MemoryErr;
goto end;
}
if (!d2i_X509(&x509, &pucEncCertificate, (long)uiEncCertificateLen)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_CERTIFICATE);
ret = SAR_CertEncodeErr;
goto end;
}
sk_X509_push(certs, x509);
x509 = NULL;
if (!(p7 = PKCS7_encrypt(certs, bio, cipher, PKCS7_BINARY))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if ((len = i2d_PKCS7(p7, NULL)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (!pucDerP7EnvelopedData) {
*puiDerP7EnvelopedDataLen = (unsigned int)len;
ret = SAR_Ok;
goto end;
}
if (*puiDerP7EnvelopedDataLen < (unsigned int)len) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
len = i2d_PKCS7(p7, pucDerP7EnvelopedData);
*puiDerP7EnvelopedDataLen = (unsigned int)len;
ret = SAR_OK;
end:
PKCS7_free(p7);
X509_free(x509);
sk_X509_free(certs);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.7 */
int SAF_Pkcs7_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerP7EnvelopedData,
unsigned int uiDerP7EnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
PKCS7 *p7 = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
BIO *bio = NULL;
BUF_MEM *buf = NULL;
if (!hAppHandle || !pucDecContainerName || !pucDerP7EnvelopedData || !pucData)
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDecContainerNameLen <= 0 || uiDecContainerNameLen > INT_MAX
|| uiDerP7EnvelopedDataLen <= 0 || uiDerP7EnvelopedDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!pucData) {
*puiDataLen = uiDerP7EnvelopedDataLen;
return SAR_Ok;
} else if (*puiDataLen <= 0 || *puiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(pkey = SAF_load_private_key(app, (char *)pucDecContainerName,
EVP_PK_EC|EVP_PKT_ENC))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEENVELOPEDDATA, SAF_R_LOAd_PUBLIC_KEY_FAILURE);
goto end;
}
if (!(x509 = SAF_LoadCertificate(app, pucDecContainerName,
uiDecContainerNameLen, SGD_PK_ENC))) {
goto end;
}
if (!(bio = BIO_new(BIO_s_membuf()))) {
goto end;
}
if (!PKCS7_decrypt(p7, pkey, x509, bio, 0)) {
goto end;
}
if (!BIO_get_mem_buf(bio, &buf)) {
goto end;
}
memcpy(pucData, buf->data, buf->length);
*puiDataLen = buf->length;
ret = SAR_Ok;
end:
PKCS7_free(p7);
EVP_PKEY_free(pkey);
X509_free(x509);
BIO_free(bio);
#endif
return ret;
}
/* 7.4.8 */
int SAF_Pkcs7_EncodeDigestedData(
void *hAppHandle,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerP7DigestedData,
unsigned int *puiDerP7DigestedDataLen)
{
int ret = SAR_UnknownErr;
const EVP_MD *md;
PKCS7 *p7 = NULL;
BIO *p7bio = NULL;
int len;
if (!hAppHandle || !pucData || !pucDerP7DigestedData
|| !puiDerP7DigestedDataLen) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiDataLen <= 0 || uiDataLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(md = EVP_get_digestbysgd(uiDigestAlgorithm))) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_INVALID_DIGEST_ALGOR);
return SAR_AlgoTypeErr;
}
if (!(p7 = PKCS7_new())
|| !PKCS7_set_type(p7, NID_pkcs7_digest)
|| !PKCS7_set_digest(p7, md)
|| !PKCS7_content_new(p7, NID_pkcs7_data)
|| !(p7bio = PKCS7_dataInit(p7, NULL))
|| BIO_write(p7bio, pucData, (int)uiDataLen) != uiDataLen
|| !PKCS7_dataFinal(p7, p7bio)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
if (*puiDerP7DigestedDataLen < i2d_PKCS7(p7, NULL)) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
if ((len = i2d_PKCS7(p7, &pucDerP7DigestedData)) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_ENCODEDIGESTEDDATA, ERR_R_PKCS7_LIB);
goto end;
}
ret = SAR_Ok;
end:
PKCS7_free(p7);
BIO_free(p7bio);
return ret;
}
/* 7.4.9 */
int SAF_Pkcs7_DecodeDigestedData(
void *hAppHandle,
unsigned char *pucDerP7DigestedData,
unsigned int uiDerP7DigestedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucDigest,
unsigned int *puiDigestLen)
{
int ret = SAR_UnknownErr;
PKCS7 *p7 = NULL;
PKCS7_DIGEST *p7dgst;
ASN1_OCTET_STRING *data;
if (!hAppHandle || !puiDigestAlgorithm || !puiDataLen || !puiDigestLen) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!pucData) {
*puiDataLen = uiDerP7DigestedDataLen;
return SAR_Ok;
}
if (!pucDigest) {
*puiDigestLen = EVP_MAX_MD_SIZE;
return SAR_Ok;
}
if (uiDerP7DigestedDataLen <= 0 || uiDerP7DigestedDataLen > INT_MAX
|| *puiDataLen <= 0 || *puiDataLen > INT_MAX
|| *puiDigestLen <= 0 || *puiDigestLen > INT_MAX) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
/* process */
if (!(p7 = d2i_PKCS7(NULL, (const unsigned char **)&pucDerP7DigestedData,
uiDerP7DigestedDataLen))) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7);
ret = SAR_IndataErr;
goto end;
}
if (!PKCS7_type_is_digest(p7)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_TYPE);
ret = SAR_IndataErr;
goto end;
}
p7dgst = p7->d.digest;
/* output digset algor */
//EVP_MD_sgd
#if 0
if ((*puiDigestAlgorithm = EVP_MD_sgd(
EVP_get_digestbyobj(p7dgst->md->algorithm))) <= 0) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_UNSUPPORTED_DIGEST_ALGOR);
ret = SAR_IndataErr;
goto end;
}
#endif
/* output digested data */
if (!PKCS7_type_is_data(p7dgst->contents)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (!(data = p7dgst->contents->d.data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDataLen < ASN1_STRING_length(data)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucData, ASN1_STRING_get0_data(data), ASN1_STRING_length(data));
*puiDataLen = ASN1_STRING_length(data);
/* output digest */
if (!p7dgst->digest) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_INVALID_PKCS7_DATA);
ret = SAR_IndataErr;
goto end;
}
if (*puiDigestLen < ASN1_STRING_length(p7dgst->digest)) {
SAFerr(SAF_F_SAF_PKCS7_DECODEDIGESTEDDATA, SAF_R_BUFFER_TOO_SMALL);
ret = SAR_IndataLenErr;
goto end;
}
memcpy(pucDigest, ASN1_STRING_get0_data(p7dgst->digest), ASN1_STRING_length(p7dgst->digest));
*puiDigestLen = ASN1_STRING_length(p7dgst->digest);
ret = SAR_Ok;
end:
PKCS7_free(p7);
return ret;
}

79
crypto/saf/saf_rand.c
View File

@@ -1,79 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.10 */
int SAF_GenRandom(
unsigned int uiRandLen,
unsigned char *pucRand)
{
if (uiRandLen <= 0 || uiRandLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!pucRand) {
SAFerr(SAF_F_SAF_GENRANDOM, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (!RAND_bytes(pucRand, (int)uiRandLen)) {
SAFerr(SAF_F_SAF_GENRANDOM, SAF_R_GEN_RANDOM_FAILURE);
return SAR_GenRandErr;
}
return SAR_OK;
}

279
crypto/saf/saf_rsa.c
View File

@@ -1,279 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.16 */
int SAF_GenRsaKeyPair(void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyBits,
unsigned int uiKeyUsage,
unsigned int uiExportFlag)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, app->engine))
|| EVP_PKEY_keygen_init(pctx) <= 0
|| EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, uiKeyBits) <= 0
|| EVP_PKEY_keygen(pctx, &pkey) <= 0) {
SAFerr(SAF_F_SAF_GENRSAKEYPAIR, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_free(pkey);
#endif
return ret;
}
/* 7.3.17 */
int SAF_GetRsaPublicKey(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiKeyUsage,
unsigned char *pucPublicKey,
unsigned int *puiPublicKeyLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
EVP_PKEY *pkey = NULL;
char key_id[1024];
int len;
snprintf(key_id, sizeof(key_id), "%s.%s", (char *)pucContainerName,
SGD_GetKeyUsageName(uiKeyUsage));
if (!(pkey = ENGINE_load_public_key(app->engine, key_id, NULL, NULL))) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_ENGINE_LIB);
goto end;
}
if ((len = i2d_PUBKEY(pkey, &pucPublicKey)) <= 0) {
SAFerr(SAF_F_SAF_GETRSAPUBLICKEY, ERR_R_X509_LIB);
goto end;
}
*puiPublicKeyLen = (unsigned int)len;
/* set return value */
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
#endif
return ret;
}
/* 7.3.18 */
int SAF_RsaSign(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
SAF_APP *app = (SAF_APP *)hAppHandle;
/* process */
char key_id[1024];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
size_t siglen;
snprintf(key_id, sizeof(key_id), "%s.sign", (char *)pucContainerName);
if (!(pkey = ENGINE_load_private_key(app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, app->engine))
|| EVP_PKEY_sign_init(pctx) <= 0
|| EVP_PKEY_sign(pctx, pucSignData, &siglen, pucInData, (size_t)uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_RSASIGN, ERR_R_EVP_LIB);
goto end;
}
*puiSignDataLen = (unsigned int)siglen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
#endif
return ret;
}
/* 7.3.19 */
int SAF_RsaSignFile(
void *hAppHandle,
unsigned char *pucContainerName,
unsigned int uiContainerNameLen,
unsigned int uiHashAlgoType,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int *puiSignatureLen)
{
return SAR_OK;
}
/* 7.3.20 */
int SAF_RsaVerifySign(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
/* process */
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pctx = EVP_PKEY_CTX_new(pkey, NULL))
|| EVP_PKEY_verify_init(pctx) <= 0
|| EVP_PKEY_verify(pctx, pucSignData, uiSignDataLen, pucInData, uiInDataLen) <= 0) {
SAFerr(SAF_F_SAF_RSAVERIFYSIGN, ERR_R_EVP_LIB);
goto end;
}
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
#endif
return ret;
}
/* 7.3.21 */
int SAF_RsaVerifySignFile(
unsigned int uiHashAlgoType,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucFileName,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
return SAR_OK;
}
/* 7.3.22 */
int SAF_VerifySignByCert(
unsigned int uiHashAlgoType,
unsigned char *pucCertificate,
unsigned int uiCertificateLen,
unsigned char *pucInData,
unsigned int uiInDataLen,
unsigned char *pucSignature,
unsigned int uiSignatureLen)
{
int ret = SAR_UnknownErr;
#if 0
/* process */
X509 *x509 = NULL;
unsigned char pucPublicKey[1024];
unsigned int uiPublicKeyLen;
unsigned char *p = pucPublicKey;
int len;
if (!(x509 = d2i_X509(NULL, (const unsigned char **)&pucCertificate, (long)uiCertificateLen))) {
SAFerr(SAF_F_SAF_VERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
if ((len = i2d_PUBKEY(X509_get0_pubkey(x509), &p)) <= 0) {
SAFerr(SAF_F_SAF_VERIFYSIGNBYCERT, ERR_R_X509_LIB);
goto end;
}
uiPublicKeyLen = (unsigned int)len;
ret = SAF_RsaVerifySign(
pucPublicKey,
uiPublicKeyLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucSignData,
uiSignDataLen);
/* set return value */
ret = SAR_Ok;
end:
X509_free(x509);
#endif
return ret;
}

207
crypto/saf/saf_sm2.c
View File

@@ -1,207 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/evp.h>
#include <openssl/gmapi.h>
#include <openssl/gmsaf.h>
#include "saf_lcl.h"
/* 7.4.10 */
int SAF_SM2_EncodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int *puiDerSignedAndEnvelopedDataLen)
{
return SAF_Pkcs7_EncodeData(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen,
pucSignerCertificate,
uiSignerCertificateLen,
uiDigestAlgorithm,
pucEncCertificate,
uiEncCertificateLen,
uiSymmAlgorithm,
pucData,
uiDataLen,
pucDerSignedAndEnvelopedData,
puiDerSignedAndEnvelopedDataLen);
}
/* 7.4.11 */
int SAF_SM2_DecodeSignedAndEnvelopedData(
void *hAppHandle,
unsigned char *pucDerContainerName,
unsigned int uiDerContainerNameLen,
unsigned char *pucDerSignedAndEnvelopedData,
unsigned int uiDerSignedAndEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned int *puiDigestAlgorithm)
{
return SAF_Pkcs7_DecodeData(
hAppHandle,
pucDerContainerName,
uiDerContainerNameLen,
pucDerSignedAndEnvelopedData,
uiDerSignedAndEnvelopedDataLen,
pucData,
puiDataLen,
pucSignerCertificate,
puiSignerCertificateLen,
puiDigestAlgorithm);
}
/* 7.4.12 */
int SAF_SM2_EncodeSignedData(
void *hAppHandle,
unsigned char *pucSignContainerName,
unsigned int uiSignContainerNameLen,
unsigned int uiSignKeyUsage,
unsigned char *pucSignerCertificate,
unsigned int uiSignerCertificateLen,
unsigned int uiDigestAlgorithm,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucDerSignedData,
unsigned int *puiDerSignedDataLen)
{
return SAF_Pkcs7_EncodeSignedData(
hAppHandle,
pucSignContainerName,
uiSignContainerNameLen,
uiSignKeyUsage,
pucSignerCertificate,
uiSignerCertificateLen,
uiDigestAlgorithm,
pucData,
uiDataLen,
pucDerSignedData,
puiDerSignedDataLen);
}
/* 7.4.13 */
int SAF_SM2_DecodeSignedData(
void *hAppHandle,
unsigned char *pucDerSignedData,
unsigned int uiDerSignedDataLen,
unsigned int *puiDigestAlgorithm,
unsigned char *pucSignerCertificate,
unsigned int *puiSignerCertificateLen,
unsigned char *pucData,
unsigned int *puiDataLen,
unsigned char *pucSign,
unsigned int *puiSignLen)
{
return SAF_Pkcs7_DecodeSignedData(
hAppHandle,
pucDerSignedData,
uiDerSignedDataLen,
puiDigestAlgorithm,
pucSignerCertificate,
puiSignerCertificateLen,
pucData,
puiDataLen,
pucSign,
puiSignLen);
}
/* 7.4.14 */
int SAF_SM2_EncodeEnvelopedData(
void *hAppHandle,
unsigned char *pucData,
unsigned int uiDataLen,
unsigned char *pucEncCertificate,
unsigned int uiEncCertificateLen,
unsigned int uiSymmAlgorithm,
unsigned char *pucDerEnvelopedData,
unsigned int *puiDerEnvelopedDataLen)
{
return SAF_Pkcs7_EncodeEnvelopedData(
hAppHandle,
pucData,
uiDataLen,
pucEncCertificate,
uiEncCertificateLen,
uiSymmAlgorithm,
pucDerEnvelopedData,
puiDerEnvelopedDataLen);
}
/* 7.4.15 */
int SAF_SM2_DecodeEnvelopedData(
void *hAppHandle,
unsigned char *pucDecContainerName,
unsigned int uiDecContainerNameLen,
unsigned char *pucDerEnvelopedData,
unsigned int uiDerEnvelopedDataLen,
unsigned char *pucData,
unsigned int *puiDataLen)
{
return SAF_Pkcs7_DecodeEnvelopedData(
hAppHandle,
pucDecContainerName,
uiDecContainerNameLen,
pucDerEnvelopedData,
uiDerEnvelopedDataLen,
pucData,
puiDataLen);
}

117
crypto/saf/saf_symmkeyobj.c
View File

@@ -1,117 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES
* LOSS OF USE, DATA, OR PROFITS OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <limits.h>
#include <openssl/evp.h>
#include <openssl/gmsaf.h>
#include <openssl/gmapi.h>
#include "saf_lcl.h"
/* 7.3.30 */
int SAF_CreateSymmKeyObj(
void *hAppHandle,
void **phSymmKeyObj,
unsigned char *pucContainerName,
unsigned int uiContainerLen,
unsigned char *pucIV,
unsigned int uiIVLen,
unsigned int uiEncOrDec,
unsigned int uiCryptoAlgID)
{
int ret = SAR_UnknownErr;
SAF_SYMMKEYOBJ *obj = NULL;
/* check arguments */
if (!hAppHandle || !phSymmKeyObj || !pucContainerName || !pucIV) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiContainerLen <= 0 || uiContainerLen > 255 ||
uiIVLen > EVP_MAX_IV_LENGTH) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))
|| !(obj->pucContainerName = OPENSSL_memdup(pucContainerName, uiContainerLen))
|| !(obj->pucIV = OPENSSL_memdup(pucIV, uiIVLen))) {
SAFerr(SAF_F_SAF_CREATESYMMKEYOBJ, ERR_R_MALLOC_FAILURE);
goto end;
}
obj->app = (SAF_APP *)hAppHandle;
obj->uiContainerLen = uiContainerLen;
obj->uiIVLen = uiIVLen;
obj->uiEncOrDec = uiEncOrDec;
obj->uiCryptoAlgID = uiCryptoAlgID;
/* set output */
*phSymmKeyObj = obj;
obj = NULL;
ret = SAR_OK;
end:
(void)SAF_DestroySymmAlgoObj(obj);
return ret;
}
/* 7.3.36 */
int SAF_DestroySymmAlgoObj(
void *hSymmKeyObj)
{
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
if (obj) {
OPENSSL_free(obj->pucContainerName);
OPENSSL_free(obj->pucIV);
OPENSSL_free(obj);
}
return SAR_OK;
}

4
crypto/sof/build.info
View File

@@ -1,4 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=\
sof_err.c \
sof_lib.c

95
crypto/sof/sof_err.c
View File

@@ -1,95 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/gmsof.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SOF,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SOF,0,reason)
static ERR_STRING_DATA SOF_str_functs[] = {
{ERR_FUNC(SOF_F_SOF_CHANGEPASSWD), "SOF_ChangePassWd"},
{ERR_FUNC(SOF_F_SOF_CREATETIMESTAMPREQUEST),
"SOF_CreateTimeStampRequest"},
{ERR_FUNC(SOF_F_SOF_CREATETIMESTAMPRESPONSE),
"SOF_CreateTimeStampResponse"},
{ERR_FUNC(SOF_F_SOF_DECRYPTDATA), "SOF_DecryptData"},
{ERR_FUNC(SOF_F_SOF_DECRYPTFILE), "SOF_DecryptFile"},
{ERR_FUNC(SOF_F_SOF_DELCERTTRUSTLIST), "SOF_DelCertTrustList"},
{ERR_FUNC(SOF_F_SOF_ENCRYPTDATA), "SOF_EncryptData"},
{ERR_FUNC(SOF_F_SOF_ENCRYPTFILE), "SOF_EncryptFile"},
{ERR_FUNC(SOF_F_SOF_EXPORTEXCHANGEUSERCERT),
"SOF_ExportExchangeUserCert"},
{ERR_FUNC(SOF_F_SOF_EXPORTUSERCERT), "SOF_ExportUserCert"},
{ERR_FUNC(SOF_F_SOF_G), "SOF_GenRandom"},
{ERR_FUNC(SOF_F_SOF_GENRANDOM), "SOF_GenRandom"},
{ERR_FUNC(SOF_F_SOF_GETCERTINFO), "SOF_GetCertInfo"},
{ERR_FUNC(SOF_F_SOF_GETCERTINFOBYOID), "SOF_GetCertInfoByOid"},
{ERR_FUNC(SOF_F_SOF_GETCERTTRUSTLIST), "SOF_GetCertTrustList"},
{ERR_FUNC(SOF_F_SOF_GETCERTTRUSTLISTALTNAMES),
"SOF_GetCertTrustListAltNames"},
{ERR_FUNC(SOF_F_SOF_GETDEVICEINFO), "SOF_GetDeviceInfo"},
{ERR_FUNC(SOF_F_SOF_GETENCRYPTMETHOD), "SOF_GetEncryptMethod"},
{ERR_FUNC(SOF_F_SOF_GETINFOFROMSIGNEDMESSAGE),
"SOF_GetInfoFromSignedMessage"},
{ERR_FUNC(SOF_F_SOF_GETLASTERROR), "SOF_GetLastError"},
{ERR_FUNC(SOF_F_SOF_GETPINRETRYCOUNT), "SOF_GetPinRetryCount"},
{ERR_FUNC(SOF_F_SOF_GETSERVERCERTIFICATE), "SOF_GetServerCertificate"},
{ERR_FUNC(SOF_F_SOF_GETSIGNMETHOD), "SOF_GetSignMethod"},
{ERR_FUNC(SOF_F_SOF_GETTIMESTAMPINFO), "SOF_GetTimeStampInfo"},
{ERR_FUNC(SOF_F_SOF_GETUSERLIST), "SOF_GetUserList"},
{ERR_FUNC(SOF_F_SOF_GETVERSION), "SOF_GetVersion"},
{ERR_FUNC(SOF_F_SOF_GETXMLSIGNATUREINFO), "SOF_GetXMLSignatureInfo"},
{ERR_FUNC(SOF_F_SOF_INITCERTAPPPOLICY), "SOF_InitCertAppPolicy"},
{ERR_FUNC(SOF_F_SOF_LOGIN), "SOF_Login"},
{ERR_FUNC(SOF_F_SOF_SETCERTTRUSTLIST), "SOF_SetCertTrustList"},
{ERR_FUNC(SOF_F_SOF_SETENCRYPTMETHOD), "SOF_SetEncryptMethod"},
{ERR_FUNC(SOF_F_SOF_SETSIGNMETHOD), "SOF_SetSignMethod"},
{ERR_FUNC(SOF_F_SOF_SIGNDATA), "SOF_SignData"},
{ERR_FUNC(SOF_F_SOF_SIGNDATAXML), "SOF_SignDataXML"},
{ERR_FUNC(SOF_F_SOF_SIGNFILE), "SOF_SignFile"},
{ERR_FUNC(SOF_F_SOF_SIGNMESSAGE), "SOF_SignMessage"},
{ERR_FUNC(SOF_F_SOF_SIGNMESSAGEDETACH), "SOF_SignMessageDetach"},
{ERR_FUNC(SOF_F_SOF_VALIDATECERT), "SOF_ValidateCert"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDDATA), "SOF_VerifySignedData"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDDATAXML), "SOF_VerifySignedDataXML"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDFILE), "SOF_VerifySignedFile"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDMESSAGE), "SOF_VerifySignedMessage"},
{ERR_FUNC(SOF_F_SOF_VERIFYSIGNEDMESSAGEDETACH),
"SOF_VerifySignedMessageDetach"},
{ERR_FUNC(SOF_F_SOF_VERIFYTIMESTAMP), "SOF_VerifyTimeStamp"},
{0, NULL}
};
static ERR_STRING_DATA SOF_str_reasons[] = {
{ERR_REASON(SOF_R_DECODE_FAILURE), "decode failure"},
{ERR_REASON(SOF_R_INVALID_CERT_ATTRIBUTE), "invalid cert attribute"},
{ERR_REASON(SOF_R_NOT_IMPLEMENTED), "not implemented"},
{ERR_REASON(SOF_R_READ_FILE_FAILURE), "read file failure"},
{0, NULL}
};
#endif
int ERR_load_SOF_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(SOF_str_functs[0].error) == NULL) {
ERR_load_strings(0, SOF_str_functs);
ERR_load_strings(0, SOF_str_reasons);
}
#endif
return 1;
}

573
crypto/sof/sof_lib.c
View File

@@ -1,573 +0,0 @@
/* ====================================================================
* Copyright (c) 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/gmsaf.h>
#include <openssl/gmsof.h>
#include <openssl/crypto.h>
#include "../../e_os.h"
static SOF_LONG sof_sign_method = SGD_SM2;
static SOF_LONG sof_enc_method = SGD_SM4_CBC;
static SOF_LONG sof_last_error = SOR_OK;
static void *sof_app = NULL;
static int sof_user_type = SGD_ROLE_USER;
static int sof_read_file(const char *path, unsigned char **pdata,
unsigned int *pdatalen)
{
return 0;
}
static char *sof_encode(const unsigned char *bin, unsigned int binlen)
{
return NULL;
}
#if 0
static int sof_decode(const char *b64, unsigned char **pdata, unsigned int *pdatalen)
{
return 0;
}
#endif
SOF_BSTR SOF_GetVersion(void)
{
return OPENSSL_strdup(OpenSSL_version(0));
}
SOF_LONG SOF_SetSignMethod(SOF_LONG SignMethod)
{
sof_sign_method = SignMethod;
return SOR_OK;
}
SOF_LONG SOF_GetSignMethod(void)
{
return sof_sign_method;
}
SOF_LONG SOF_SetEncryptMethod(SOF_LONG EncryptMethod)
{
sof_enc_method = EncryptMethod;
return SOR_OK;
}
SOF_LONG SOF_GetEncryptMethod(void)
{
return sof_enc_method;
}
/* list installed client's certificates */
SOF_BSTR SOF_GetUserList(void)
{
SOFerr(SOF_F_SOF_GETUSERLIST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
/* we need an reference to engine */
SOF_BSTR SOF_ExportUserCert(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_EXPORTUSERCERT, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_Login(SOF_BSTR ContainerName, SOF_BSTR PassWd)
{
unsigned int uiRemainCount;
int rv;
if ((rv = SAF_Login(
sof_app,
sof_user_type,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
(unsigned char *)PassWd,
(unsigned int)strlen(PassWd),
&uiRemainCount)) != SAR_Ok) {
SOFerr(SOF_F_SOF_LOGIN, ERR_R_SAF_LIB);
return SGD_FALSE;
}
return SGD_TRUE;
}
SOF_LONG SOF_GetPinRetryCount(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_GETPINRETRYCOUNT, SOF_R_NOT_IMPLEMENTED);
return SOR_NotSupportYetErr;
}
SOF_BOOL SOF_ChangePassWd(SOF_BSTR ContainerName, SOF_BSTR OldPassWd, SOF_BSTR NewPassWd)
{
int rv;
unsigned int uiRemainCount;
if ((rv = SAF_ChangePin(
sof_app,
sof_user_type,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
(unsigned char *)OldPassWd,
(unsigned int)strlen(OldPassWd),
(unsigned char *)NewPassWd,
(unsigned int)strlen(NewPassWd),
&uiRemainCount)) != SAR_Ok) {
SOFerr(SOF_F_SOF_CHANGEPASSWD, ERR_R_SAF_LIB);
return SGD_FALSE;
}
return SGD_TRUE;
}
SOF_BSTR SOF_ExportExchangeUserCert(SOF_BSTR ContainerName)
{
SOFerr(SOF_F_SOF_EXPORTEXCHANGEUSERCERT, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
/* `type` defined as SGD_CERT_XXX, SGD_EXT_XXX in sgd.h */
SOF_BSTR SOF_GetCertInfo(SOF_BSTR Base64EncodeCert, SOF_SHORT Type)
{
char *ret = NULL;
switch (Type) {
case SGD_CERT_VERSION:
case SGD_CERT_SERIAL:
case SGD_CERT_ISSUER:
case SGD_CERT_VALID_TIME:
case SGD_CERT_SUBJECT:
case SGD_CERT_DER_PUBLIC_KEY:
case SGD_CERT_DER_EXTENSIONS:
case SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO:
case SGD_EXT_SUBJECTKEYIDENTIFIER_INFO:
case SGD_EXT_KEYUSAGE_INFO:
case SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO:
case SGD_EXT_CERTIFICATEPOLICIES_INFO:
case SGD_EXT_POLICYMAPPINGS_INFO:
case SGD_EXT_BASICCONSTRAINTS_INFO:
case SGD_EXT_POLICYCONSTRAINTS_INFO:
case SGD_EXT_EXTKEYUSAGE_INFO:
case SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO:
case SGD_EXT_NETSCAPE_CERT_TYPE_INFO:
case SGD_EXT_SELFDEFINED_EXTENSION_INFO:
case SGD_CERT_ISSUER_CN:
case SGD_CERT_ISSUER_O:
case SGD_CERT_ISSUER_OU:
case SGD_CERT_SUBJECT_CN:
case SGD_CERT_SUBJECT_O:
case SGD_CERT_SUBJECT_OU:
case SGD_CERT_SUBJECT_EMAIL:
case SGD_CERT_NOTBEFORE_TIME:
case SGD_CERT_NOTAFTER_TIME:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED);
goto end;
default:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_INVALID_CERT_ATTRIBUTE);
goto end;
}
end:
SOFerr(SOF_F_SOF_GETCERTINFO, SOF_R_NOT_IMPLEMENTED);
return ret;
}
SOF_BSTR SOF_GetCertInfoByOid(SOF_BSTR Base64EncodeCert, SOF_BSTR Oid)
{
SOFerr(SOF_F_SOF_GETCERTINFOBYOID, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GetDeviceInfo(SOF_BSTR ContainerName, SOF_LONG Type)
{
SOFerr(SOF_F_SOF_GETDEVICEINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_ValidateCert(SOF_BSTR Base64EncodeCert)
{
SOFerr(SOF_F_SOF_VALIDATECERT, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_SignData(SOF_BSTR ContainerName, SOF_BSTR InData)
{
char *ret = NULL;
char *b64 = NULL;
unsigned int uiHashAlgoType = SGD_SM3;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen = strlen(InData) + 128;
unsigned char pucSignature[256];
unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature);
int rv;
if (!(pucInData = OPENSSL_malloc(uiInDataLen))) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_MALLOC_FAILURE);
goto end;
}
if (SAF_Base64_Decode((unsigned char *)InData, (unsigned int)strlen(InData),
pucInData, &uiInDataLen) != SOR_OK) {
SOFerr(SOF_F_SOF_SIGNDATA, SOF_R_DECODE_FAILURE);
goto end;
}
if (SOF_GetSignMethod() == SGD_SM2) {
if ((rv = SAF_RsaSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_SAF_LIB);
goto end;
}
} else {
if ((rv = SAF_EccSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNDATA, ERR_R_SAF_LIB);
goto end;
}
}
ret = SOR_OK;
end:
OPENSSL_free(b64);
OPENSSL_free(pucInData);
return ret;
}
SOF_BOOL SOF_VerifySignedData(SOF_BSTR Base64EncodeCert, SOF_BSTR InData, SOF_BSTR SignValue)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDDATA, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_SignFile(SOF_BSTR ContainerName, SOF_BSTR InFile)
{
SOF_BSTR ret = NULL;
char *b64 = NULL;
unsigned int uiHashAlgoType = SGD_SM3;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
unsigned char pucSignature[256];
unsigned int uiSignatureLen = (unsigned int)sizeof(pucSignature);
int rv;
if (!sof_read_file(InFile, &pucInData, &uiInDataLen)) {
SOFerr(SOF_F_SOF_SIGNFILE, SOF_R_READ_FILE_FAILURE);
return NULL;
}
if ((rv = SAF_EccSign(
sof_app,
(unsigned char *)ContainerName,
(unsigned int)strlen(ContainerName),
uiHashAlgoType,
pucInData,
uiInDataLen,
pucSignature,
&uiSignatureLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_SIGNFILE, ERR_R_SAF_LIB);
goto end;
}
if (!(b64 = sof_encode(pucSignature, uiSignatureLen))) {
SOFerr(SOF_F_SOF_SIGNFILE, ERR_R_SOF_LIB);
goto end;
}
ret = b64;
b64 = NULL;
end:
OPENSSL_free(b64);
OPENSSL_free(pucInData);
return ret;
}
SOF_BOOL SOF_VerifySignedFile(SOF_BSTR Base64EncodeCert, SOF_BSTR InFile, SOF_BSTR SignValue)
{
return SGD_FALSE;
}
SOF_BSTR SOF_EncryptData(SOF_BSTR Base64EncodeCert, SOF_BSTR InData)
{
#if 0
char *ret = NULL;
unsigned char *pucCertificate = NULL;
unsigned int uiCertificateLen;
unsigned char *pucInData = NULL;
unsigned int uiInDataLen;
int rv;
if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK
|| SOF_Decode(InData, &pucInData, &uiInDataLen) != SOR_OK
|| (rv = SAF_EccPublicKeyEncByCert(
pucCertificate,
uiCertificateLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
}
#endif
return NULL;
}
SOF_BSTR SOF_DecryptData(SOF_BSTR ContainerName, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_DECRYPTDATA, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_EncryptFile(SOF_BSTR Base64EncodeCert, SOF_BSTR InFile, SOF_BSTR OutFile)
{
int ret = SGD_FALSE;
#if 0
unsigned char *pucCertificate = NULL;
unsigned int uiCertificateLen;
int rv;
if (SOF_Decode(Base64EncodeCert, &pucCertificate, &uiCertificateLen) != SOR_OK) {
SOFerr(SOF_F_SOF_ENCRYPTFILE, SOF_R_DECODE_FAILURE);
goto end;
}
if ((rv = SAF_EccPublicKeyEncByCert(
pucCertificate,
uiCertificateLen,
uiAlgorithmID,
pucInData,
uiInDataLen,
pucOutData,
puiOutDataLen)) != SAR_Ok) {
SOFerr(SOF_F_SOF_ENCRYPTFILE, ERR_R_SAF_LIB);
goto end;
}
ret = SGD_TRUE;
end:
OPENSSL_free(pucCertificate);
#endif
return ret;
}
SOF_BOOL SOF_DecryptFile(SOF_BSTR ContainerName, SOF_BSTR InFile, SOF_BSTR OutFile)
{
int ret = SGD_FALSE;
return ret;
}
SOF_BSTR SOF_SignMessage(SOF_SHORT flag, SOF_BSTR ContainerName, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_SIGNMESSAGE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BOOL SOF_VerifySignedMessage(SOF_BSTR MessageData, SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDMESSAGE, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetInfoFromSignedMessage(SOF_BSTR SignedMessage, SOF_SHORT Type)
{
SOFerr(SOF_F_SOF_GETINFOFROMSIGNEDMESSAGE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_SignDataXML(SOF_BSTR ContainerName, SOF_BSTR InData)
{
return NULL;
}
SOF_BOOL SOF_VerifySignedDataXML(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDDATAXML, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetXMLSignatureInfo(SOF_BSTR XMLSignedData, SOF_SHORT Type)
{
SOFerr(SOF_F_SOF_GETXMLSIGNATUREINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GenRandom(SOF_SHORT RandomLen)
{
char *ret = NULL;
char *b64 = NULL;
unsigned char *bin = NULL;
int rv;
if (!(bin = OPENSSL_malloc(RandomLen))
|| (rv = SAF_GenRandom(RandomLen, bin)) != SAR_Ok
|| !(b64 = sof_encode(bin, RandomLen))) {
SOFerr(SOF_F_SOF_GENRANDOM, ERR_R_SOF_LIB);
goto end;
}
end:
OPENSSL_free(bin);
OPENSSL_free(b64);
return ret;
}
SOF_LONG SOF_GetLastError(void)
{
return sof_last_error;
}
SOF_LONG SOF_SetCertTrustList(SOF_BSTR CTLAltName, SOF_BSTR CTLContent, SOF_SHORT CTLContentLen)
{
SOFerr(SOF_F_SOF_SETCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetCertTrustListAltNames(void)
{
SOFerr(SOF_F_SOF_GETCERTTRUSTLISTALTNAMES, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_GetCertTrustList(SOF_BSTR CTLAltName)
{
SOFerr(SOF_F_SOF_GETCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_DelCertTrustList(SOF_BSTR CTLAltName)
{
SOFerr(SOF_F_SOF_DELCERTTRUSTLIST, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_LONG SOF_InitCertAppPolicy(SOF_BSTR PolicyName)
{
SOFerr(SOF_F_SOF_INITCERTAPPPOLICY, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetServerCertificate(SOF_SHORT CertUsage)
{
SOFerr(SOF_F_SOF_GETSERVERCERTIFICATE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_SignMessageDetach(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_SIGNMESSAGEDETACH, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_VerifySignedMessageDetach(SOF_BSTR InData, SOF_BSTR SignedMessage)
{
SOFerr(SOF_F_SOF_VERIFYSIGNEDMESSAGEDETACH, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_CreateTimeStampRequest(SOF_BSTR InData)
{
SOFerr(SOF_F_SOF_CREATETIMESTAMPREQUEST, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_BSTR SOF_CreateTimeStampResponse(SOF_BSTR TimeStampRequest)
{
SOFerr(SOF_F_SOF_CREATETIMESTAMPRESPONSE, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
SOF_LONG SOF_VerifyTimeStamp(SOF_BSTR InData, SOF_BSTR tsResponseData)
{
SOFerr(SOF_F_SOF_VERIFYTIMESTAMP, SOF_R_NOT_IMPLEMENTED);
return 0;
}
SOF_BSTR SOF_GetTimeStampInfo(SOF_BSTR tsResponseData, SOF_SHORT type)
{
SOFerr(SOF_F_SOF_GETTIMESTAMPINFO, SOF_R_NOT_IMPLEMENTED);
return NULL;
}
static ERR_STRING_DATA sof_errstr[] = {
{ SOR_OK, "Success" },
{ SOR_UnknownErr, "Unknown error" },
{ SOR_FileErr, "File error" },
{ SOR_ProviderTypeErr, "Provider type error" },
{ SOR_LoadProviderErr, "Load provider error" },
};
const char *SOF_GetErrorString(int err)
{
int i;
for (i = 0; i < OSSL_NELEM(sof_errstr); i++) {
if (err == sof_errstr[i].error) {
return sof_errstr[i].string;
}
}
return "(undef)";
}