From c04b2060af5e1251ee56946eab41cbeb7dd693bb Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Wed, 15 Feb 2017 15:53:30 +0800 Subject: [PATCH] add gmapi --- Configure | 2 +- crypto/err/err.c | 2 + crypto/err/err_all.c | 5 + crypto/err/openssl.ec | 1 + crypto/gmapi/build.info | 3 + crypto/gmapi/gmapi_err.c | 252 +++++++++++++ crypto/gmapi/gmapi_sdf_ec.c | 696 +++++++++++++++++++++++++++++++++++ crypto/gmapi/gmapi_sdf_rsa.c | 209 +++++++++++ crypto/gmapi/gmapi_sgd.c | 118 ++++++ crypto/gmapi/gmapi_skf_ec.c | 492 +++++++++++++++++++++++++ crypto/gmapi/gmapi_skf_rsa.c | 214 +++++++++++ include/openssl/err.h | 3 + include/openssl/gmapi.h | 299 +++++++++++++++ include/openssl/sgd.h | 315 ++++++++++++++++ test/build.info | 6 +- test/gmapitest.c | 291 +++++++++++++++ test/recipes/30-test_gmapi.t | 12 + util/mkdef.pl | 2 +- 18 files changed, 2919 insertions(+), 3 deletions(-) create mode 100644 crypto/gmapi/build.info create mode 100644 crypto/gmapi/gmapi_err.c create mode 100644 crypto/gmapi/gmapi_sdf_ec.c create mode 100644 crypto/gmapi/gmapi_sdf_rsa.c create mode 100644 crypto/gmapi/gmapi_sgd.c create mode 100644 crypto/gmapi/gmapi_skf_ec.c create mode 100644 crypto/gmapi/gmapi_skf_rsa.c create mode 100644 include/openssl/gmapi.h create mode 100644 include/openssl/sgd.h create mode 100644 test/gmapitest.c create mode 100644 test/recipes/30-test_gmapi.t diff --git a/Configure b/Configure index 4a10dd08..f5285065 100755 --- a/Configure +++ b/Configure @@ -311,7 +311,7 @@ $config{sdirs} = [ "buffer", "bio", "stack", "lhash", "rand", "err", "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", - "sm3", "sms4", "kdf2", "ecies", "ffx", "sm2", "paillier", "cpk", "otp" + "sm3", "sms4", "kdf2", "ecies", "ffx", "sm2", "paillier", "cpk", "otp", "gmapi" ]; # Known TLS and DTLS protocols diff --git a/crypto/err/err.c b/crypto/err/err.c index 33fa0510..7fdc2b4f 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -64,6 +64,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_PAILLIER, 0, 0), "PAILLIER routines"}, {ERR_PACK(ERR_LIB_CPK, 0, 0), "CPK routines"}, {ERR_PACK(ERR_LIB_OTP, 0, 0), "OTP routines"}, + {ERR_PACK(ERR_LIB_GMAPI, 0, 0), "GMAPI routines"}, {0, NULL}, }; @@ -113,6 +114,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_PAILLIER_LIB, "PAILLIER lib"}, {ERR_R_CPK_LIB, "CPK lib"}, {ERR_R_OTP_LIB, "OTP lib"}, + {ERR_R_GMAPI_LIB, "GMAPI lib"}, {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 022cb5d2..12bf302f 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -43,6 +43,8 @@ #include #include #include +#include +#include int err_load_crypto_strings_int(void) { @@ -120,6 +122,9 @@ int err_load_crypto_strings_int(void) # ifndef OPENSSL_NO_OTP ERR_load_OTP_strings() == 0 || # endif +# ifndef OPENSSL_NO_GMAPI + ERR_load_GMAPI_strings() == 0 || +# endif #endif ERR_load_KDF_strings() == 0) return 0; diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index b710b1a0..8988a842 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -40,6 +40,7 @@ L FFX include/openssl/ffx.h crypto/ffx/ffx_err.c L PAILLIER include/openssl/paillier.h crypto/paillier/pai_err.c L CPK include/openssl/cpk.h crypto/cpk/cpk_err.c L OTP include/openssl/otp.h crypto/otp/otp_err.c +L GMAPI include/openssl/gmapi.h crypto/gmapi/gmapi_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/gmapi/build.info b/crypto/gmapi/build.info new file mode 100644 index 00000000..ef7a7b7f --- /dev/null +++ b/crypto/gmapi/build.info @@ -0,0 +1,3 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=gmapi_err.c gmapi_sgd.c \ + gmapi_sdf_ec.c gmapi_sdf_rsa.c gmapi_skf_ec.c gmapi_skf_rsa.c diff --git a/crypto/gmapi/gmapi_err.c b/crypto/gmapi/gmapi_err.c new file mode 100644 index 00000000..9405425b --- /dev/null +++ b/crypto/gmapi/gmapi_err.c @@ -0,0 +1,252 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_GMAPI,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_GMAPI,0,reason) + +static ERR_STRING_DATA GMAPI_str_functs[] = { + {ERR_FUNC(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATURE), + "ECDSA_SIG_get_ECCSignature"}, + {ERR_FUNC(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATUREBLOB), + "ECDSA_SIG_get_ECCSIGNATUREBLOB"}, + {ERR_FUNC(GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATURE), + "ECDSA_SIG_new_from_ECCSignature"}, + {ERR_FUNC(GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATUREBLOB), + "ECDSA_SIG_new_from_ECCSIGNATUREBLOB"}, + {ERR_FUNC(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATURE), + "ECDSA_SIG_set_ECCSignature"}, + {ERR_FUNC(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATUREBLOB), + "ECDSA_SIG_set_ECCSIGNATUREBLOB"}, + {ERR_FUNC(GMAPI_F_EC_KEY_GET_ECCPRIVATEKEYBLOB), + "EC_KEY_get_ECCPRIVATEKEYBLOB"}, + {ERR_FUNC(GMAPI_F_EC_KEY_GET_ECCPUBLICKEYBLOB), + "EC_KEY_get_ECCPUBLICKEYBLOB"}, + {ERR_FUNC(GMAPI_F_EC_KEY_GET_ECCREFPRIVATEKEY), + "EC_KEY_get_ECCrefPrivateKey"}, + {ERR_FUNC(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY), + "EC_KEY_get_ECCrefPublicKey"}, + {ERR_FUNC(GMAPI_F_EC_KEY_NEW_FROM_ECCPRIVATEKEYBLOB), + "EC_KEY_new_from_ECCPRIVATEKEYBLOB"}, + {ERR_FUNC(GMAPI_F_EC_KEY_NEW_FROM_ECCPUBLICKEYBLOB), + "EC_KEY_new_from_ECCPUBLICKEYBLOB"}, + {ERR_FUNC(GMAPI_F_EC_KEY_NEW_FROM_ECCREFPRIVATEKEY), + "EC_KEY_new_from_ECCrefPrivateKey"}, + {ERR_FUNC(GMAPI_F_EC_KEY_NEW_FROM_ECCREFPUBLICKEY), + "EC_KEY_new_from_ECCrefPublicKey"}, + {ERR_FUNC(GMAPI_F_EC_KEY_SET_ECCPRIVATEKEYBLOB), + "EC_KEY_set_ECCPRIVATEKEYBLOB"}, + {ERR_FUNC(GMAPI_F_EC_KEY_SET_ECCPUBLICKEYBLOB), + "EC_KEY_set_ECCPUBLICKEYBLOB"}, + {ERR_FUNC(GMAPI_F_EC_KEY_SET_ECCREFPRIVATEKEY), + "EC_KEY_set_ECCrefPrivateKey"}, + {ERR_FUNC(GMAPI_F_EC_KEY_SET_ECCREFPUBLICKEY), + "EC_KEY_set_ECCrefPublicKey"}, + {ERR_FUNC(GMAPI_F_RSA_GET_RSAPRIVATEKEYBLOB), + "RSA_get_RSAPRIVATEKEYBLOB"}, + {ERR_FUNC(GMAPI_F_RSA_GET_RSAPUBLICKEYBLOB), "RSA_get_RSAPUBLICKEYBLOB"}, + {ERR_FUNC(GMAPI_F_RSA_GET_RSAREFPRIVATEKEY), "RSA_get_RSArefPrivateKey"}, + {ERR_FUNC(GMAPI_F_RSA_GET_RSAREFPUBLICKEY), "RSA_get_RSArefPublicKey"}, + {ERR_FUNC(GMAPI_F_RSA_NEW_FROM_RSAPRIVATEKEYBLOB), + "RSA_new_from_RSAPRIVATEKEYBLOB"}, + {ERR_FUNC(GMAPI_F_RSA_NEW_FROM_RSAPUBLICKEYBLOB), + "RSA_new_from_RSAPUBLICKEYBLOB"}, + {ERR_FUNC(GMAPI_F_RSA_NEW_FROM_RSAREFPRIVATEKEY), + "RSA_new_from_RSArefPrivateKey"}, + {ERR_FUNC(GMAPI_F_RSA_NEW_FROM_RSAREFPUBLICKEY), + "RSA_new_from_RSArefPublicKey"}, + {ERR_FUNC(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB), + "RSA_set_RSAPRIVATEKEYBLOB"}, + {ERR_FUNC(GMAPI_F_RSA_SET_RSAPUBLICKEYBLOB), "RSA_set_RSAPUBLICKEYBLOB"}, + {ERR_FUNC(GMAPI_F_RSA_SET_RSAREFPRIVATEKEY), "RSA_set_RSArefPrivateKey"}, + {ERR_FUNC(GMAPI_F_RSA_SET_RSAREFPUBLICKEY), "RSA_set_RSArefPublicKey"}, + {ERR_FUNC(GMAPI_F_SAF_BASE64_CREATEBASE64OBJ), + "SAF_Base64_CreateBase64Obj"}, + {ERR_FUNC(GMAPI_F_SAF_BASE64_DECODE), "SAF_Base64_Decode"}, + {ERR_FUNC(GMAPI_F_SAF_BASE64_DECODEFINAL), "SAF_Base64_DecodeFinal"}, + {ERR_FUNC(GMAPI_F_SAF_BASE64_DECODEUPDATE), "SAF_Base64_DecodeUpdate"}, + {ERR_FUNC(GMAPI_F_SAF_BASE64_ENCODE), "SAF_Base64_Encode"}, + {ERR_FUNC(GMAPI_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"}, + {ERR_FUNC(GMAPI_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"}, + {ERR_FUNC(GMAPI_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"}, + {ERR_FUNC(GMAPI_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"}, + {ERR_FUNC(GMAPI_F_SAF_ECCPUBLICKEYENCBYCERT), + "SAF_EccPublicKeyEncByCert"}, + {ERR_FUNC(GMAPI_F_SAF_ECCSIGN), "SAF_EccSign"}, + {ERR_FUNC(GMAPI_F_SAF_ECCVERIFYSIGN), "SAF_EccVerifySign"}, + {ERR_FUNC(GMAPI_F_SAF_ECCVERIFYSIGNBYCERT), "SAF_EccVerifySignByCert"}, + {ERR_FUNC(GMAPI_F_SAF_GENECCKEYPAIR), "SAF_GenEccKeyPair"}, + {ERR_FUNC(GMAPI_F_SAF_GENERATEAGREEMENTDATAWITHECC), + "SAF_GenerateAgreementDataWithECC"}, + {ERR_FUNC(GMAPI_F_SAF_GENERATEKEYWITHECC), "SAF_GenerateKeyWithECC"}, + {ERR_FUNC(GMAPI_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"}, + {ERR_FUNC(GMAPI_F_SAF_MACFINAL), "SAF_MacFinal"}, + {ERR_FUNC(GMAPI_F_SAF_MACUPDATE), "SAF_MacUpdate"}, + {ERR_FUNC(GMAPI_F_SAF_PKCS7_DECODEDIGESTEDDATA), + "SAF_Pkcs7_DecodeDigestedData"}, + {ERR_FUNC(GMAPI_F_SAF_PKCS7_ENCODEDIGESTEDDATA), + "SAF_Pkcs7_EncodeDigestedData"}, + {ERR_FUNC(GMAPI_F_SAF_SYMMDECRYPTUPDATE), "SAF_SymmDecryptUpdate"}, + {ERR_FUNC(GMAPI_F_SAF_SYMMENCRYPTUPDATE), "SAF_SymmEncryptUpdate"}, + {ERR_FUNC(GMAPI_F_SKF_CLOSEHANDLE), "SKF_CloseHandle"}, + {ERR_FUNC(GMAPI_F_SKF_DECRYPT), "SKF_Decrypt"}, + {ERR_FUNC(GMAPI_F_SKF_DECRYPTFINAL), "SKF_DecryptFinal"}, + {ERR_FUNC(GMAPI_F_SKF_DECRYPTINIT), "SKF_DecryptInit"}, + {ERR_FUNC(GMAPI_F_SKF_DECRYPTUPDATE), "SKF_DecryptUpdate"}, + {ERR_FUNC(GMAPI_F_SKF_DIGEST), "SKF_Digest"}, + {ERR_FUNC(GMAPI_F_SKF_DIGESTFINAL), "SKF_DigestFinal"}, + {ERR_FUNC(GMAPI_F_SKF_DIGESTINIT), "SKF_DigestInit"}, + {ERR_FUNC(GMAPI_F_SKF_DIGESTUPDATE), "SKF_DigestUpdate"}, + {ERR_FUNC(GMAPI_F_SKF_ENCRYPT), "SKF_Encrypt"}, + {ERR_FUNC(GMAPI_F_SKF_ENCRYPTFINAL), "SKF_EncryptFinal"}, + {ERR_FUNC(GMAPI_F_SKF_ENCRYPTINIT), "SKF_EncryptInit"}, + {ERR_FUNC(GMAPI_F_SKF_ENCRYPTUPDATE), "SKF_EncryptUpdate"}, + {ERR_FUNC(GMAPI_F_SKF_EXTECCDECRYPT), "SKF_ExtECCDecrypt"}, + {ERR_FUNC(GMAPI_F_SKF_EXTECCENCRYPT), "SKF_ExtECCEncrypt"}, + {ERR_FUNC(GMAPI_F_SKF_EXTECCSIGN), "SKF_ExtECCSign"}, + {ERR_FUNC(GMAPI_F_SKF_EXTECCVERIFY), "SKF_ExtECCVerify"}, + {ERR_FUNC(GMAPI_F_SKF_EXTRSAPRIKEYOPERATION), + "SKF_ExtRSAPriKeyOperation"}, + {ERR_FUNC(GMAPI_F_SKF_EXTRSAPUBKEYOPERATION), + "SKF_ExtRSAPubKeyOperation"}, + {ERR_FUNC(GMAPI_F_SKF_GENEXTECCKEYPAIR), "SKF_GenExtECCKeyPair"}, + {ERR_FUNC(GMAPI_F_SKF_GENEXTRSAKEY), "SKF_GenExtRSAKey"}, + {ERR_FUNC(GMAPI_F_SKF_GENRANDOM), "SKF_GenRandom"}, + {ERR_FUNC(GMAPI_F_SKF_GETDEVINFO), "SKF_GetDevInfo"}, + {ERR_FUNC(GMAPI_F_SKF_GETDEVSTATE), "SKF_GetDevState"}, + {ERR_FUNC(GMAPI_F_SKF_HANDLE_GET_CBCMAC_CTX), + "SKF_HANDLE_get_cbcmac_ctx"}, + {ERR_FUNC(GMAPI_F_SKF_HANDLE_GET_CIPHER), "SKF_HANDLE_get_cipher"}, + {ERR_FUNC(GMAPI_F_SKF_HANDLE_GET_CIPHER_CTX), + "SKF_HANDLE_get_cipher_ctx"}, + {ERR_FUNC(GMAPI_F_SKF_HANDLE_GET_KEY), "SKF_HANDLE_get_key"}, + {ERR_FUNC(GMAPI_F_SKF_HANDLE_GET_MD_CTX), "SKF_HANDLE_get_md_ctx"}, + {ERR_FUNC(GMAPI_F_SKF_MAC), "SKF_Mac"}, + {ERR_FUNC(GMAPI_F_SKF_MACFINAL), "SKF_MacFinal"}, + {ERR_FUNC(GMAPI_F_SKF_MACINIT), "SKF_MacInit"}, + {ERR_FUNC(GMAPI_F_SKF_MACUPDATE), "SKF_MacUpdate"}, + {ERR_FUNC(GMAPI_F_SKF_SETSYMMKEY), "SKF_SetSymmKey"}, + {ERR_FUNC(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER), + "SM2_CIPHERTEXT_VALUE_get_ECCCipher"}, + {ERR_FUNC(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB), + "SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB"}, + {ERR_FUNC(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER), + "SM2_CIPHERTEXT_VALUE_new_from_ECCCipher"}, + {ERR_FUNC(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHERBLOB), + "SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB"}, + {ERR_FUNC(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER), + "SM2_CIPHERTEXT_VALUE_set_ECCCipher"}, + {ERR_FUNC(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB), + "SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB"}, + {0, NULL} +}; + +static ERR_STRING_DATA GMAPI_str_reasons[] = { + {ERR_REASON(GMAPI_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_REASON(GMAPI_R_CBCMAC_FAILURE), "cbcmac failure"}, + {ERR_REASON(GMAPI_R_CTX_NOT_CREATED), "ctx not created"}, + {ERR_REASON(GMAPI_R_DECODE_EC_PRIVATE_KEY_FAILED), + "decode ec private key failed"}, + {ERR_REASON(GMAPI_R_DECODE_EC_PUBLIC_KEY_FAILED), + "decode ec public key failed"}, + {ERR_REASON(GMAPI_R_DECRYPT_FAILED), "decrypt failed"}, + {ERR_REASON(GMAPI_R_ENCODE_CIPHERTEXT_FAILED), + "encode ciphertext failed"}, + {ERR_REASON(GMAPI_R_ENCODE_FAILED), "encode failed"}, + {ERR_REASON(GMAPI_R_ENCODE_RSA_PUBLIC_KEY_FAILED), + "encode rsa public key failed"}, + {ERR_REASON(GMAPI_R_ENCODE_SIGNATURE_FAILED), "encode signature failed"}, + {ERR_REASON(GMAPI_R_ENCRYPT_FAILED), "encrypt failed"}, + {ERR_REASON(GMAPI_R_FAIL), "fail"}, + {ERR_REASON(GMAPI_R_GEN_RANDOM), "gen random"}, + {ERR_REASON(GMAPI_R_GEN_RSA_FAILED), "gen rsa failed"}, + {ERR_REASON(GMAPI_R_GET_PRIVATE_KEY_FAILED), "get private key failed"}, + {ERR_REASON(GMAPI_R_GET_PUBLIC_KEY_FAILED), "get public key failed"}, + {ERR_REASON(GMAPI_R_INT_OVERFLOW), "int overflow"}, + {ERR_REASON(GMAPI_R_INVALID_ALGID), "invalid algid"}, + {ERR_REASON(GMAPI_R_INVALID_ALGOR), "invalid algor"}, + {ERR_REASON(GMAPI_R_INVALID_ARGUMENTS), "invalid arguments"}, + {ERR_REASON(GMAPI_R_INVALID_BIGNUM_LENGTH), "invalid bignum length"}, + {ERR_REASON(GMAPI_R_INVALID_BLOB), "invalid blob"}, + {ERR_REASON(GMAPI_R_INVALID_CIPHERTEXT), "invalid ciphertext"}, + {ERR_REASON(GMAPI_R_INVALID_CIPHERTEXT_LENGTH), + "invalid ciphertext length"}, + {ERR_REASON(GMAPI_R_INVALID_CIPHERTEXT_MAC), "invalid ciphertext mac"}, + {ERR_REASON(GMAPI_R_INVALID_CIPHERTEXT_POINT), + "invalid ciphertext point"}, + {ERR_REASON(GMAPI_R_INVALID_CIPHER_CTX_HANDLE), + "invalid cipher ctx handle"}, + {ERR_REASON(GMAPI_R_INVALID_CIPHETEXT_LENGTH), + "invalid ciphetext length"}, + {ERR_REASON(GMAPI_R_INVALID_CONTEXT), "invalid context"}, + {ERR_REASON(GMAPI_R_INVALID_DIGEST_ALGOR), "invalid digest algor"}, + {ERR_REASON(GMAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, + {ERR_REASON(GMAPI_R_INVALID_ECC_PRIVATE_KEY), "invalid ecc private key"}, + {ERR_REASON(GMAPI_R_INVALID_ECC_PUBLIC_KEY), "invalid ecc public key"}, + {ERR_REASON(GMAPI_R_INVALID_EC_KEY), "invalid ec key"}, + {ERR_REASON(GMAPI_R_INVALID_EC_PRIVATE_KEY), "invalid ec private key"}, + {ERR_REASON(GMAPI_R_INVALID_EC_PUBLIC_KEY), "invalid ec public key"}, + {ERR_REASON(GMAPI_R_INVALID_FEED_BIT_LENGTH), "invalid feed bit length"}, + {ERR_REASON(GMAPI_R_INVALID_HANDLE), "invalid handle"}, + {ERR_REASON(GMAPI_R_INVALID_HANDLE_ALGOR), "invalid handle algor"}, + {ERR_REASON(GMAPI_R_INVALID_HANDLE_MAGIC), "invalid handle magic"}, + {ERR_REASON(GMAPI_R_INVALID_HANDLE_TYPE), "invalid handle type"}, + {ERR_REASON(GMAPI_R_INVALID_HASH_HANDLE), "invalid hash handle"}, + {ERR_REASON(GMAPI_R_INVALID_ID_LENGTH), "invalid id length"}, + {ERR_REASON(GMAPI_R_INVALID_INPUT_LENGTH), "invalid input length"}, + {ERR_REASON(GMAPI_R_INVALID_IV_LENGTH), "invalid iv length"}, + {ERR_REASON(GMAPI_R_INVALID_KEY_HANDLE), "invalid key handle"}, + {ERR_REASON(GMAPI_R_INVALID_KEY_LENGTH), "invalid key length"}, + {ERR_REASON(GMAPI_R_INVALID_KEY_USAGE), "invalid key usage"}, + {ERR_REASON(GMAPI_R_INVALID_LENGTH), "invalid length"}, + {ERR_REASON(GMAPI_R_INVALID_MAC_HANDLE), "invalid mac handle"}, + {ERR_REASON(GMAPI_R_INVALID_PLAINTEXT_LENGTH), + "invalid plaintext length"}, + {ERR_REASON(GMAPI_R_INVALID_PRIVATE_KEY), "invalid private key"}, + {ERR_REASON(GMAPI_R_INVALID_PUBLIC_KEY), "invalid public key"}, + {ERR_REASON(GMAPI_R_INVALID_RANDOM_LENGTH), "invalid random length"}, + {ERR_REASON(GMAPI_R_INVALID_RSA_KEY_LENGTH), "invalid rsa key length"}, + {ERR_REASON(GMAPI_R_INVALID_RSA_PRIVATE_KEY), "invalid rsa private key"}, + {ERR_REASON(GMAPI_R_INVALID_RSA_PUBLIC_KEY), "invalid rsa public key"}, + {ERR_REASON(GMAPI_R_INVALID_SIGNATURE), "invalid signature"}, + {ERR_REASON(GMAPI_R_INVALID_SM2_CIPHERTEXT), "invalid sm2 ciphertext"}, + {ERR_REASON(GMAPI_R_INVALID_SM2_SIGNATURE), "invalid sm2 signature"}, + {ERR_REASON(GMAPI_R_MAC_FAILURE), "mac failure"}, + {ERR_REASON(GMAPI_R_MALLOC_FAILED), "malloc failed"}, + {ERR_REASON(GMAPI_R_NOT_CONVERTABLE), "not convertable"}, + {ERR_REASON(GMAPI_R_NO_PUBLIC_KEY), "no public key"}, + {ERR_REASON(GMAPI_R_NULL_ARGUMENT), "null argument"}, + {ERR_REASON(GMAPI_R_OPERATION_NOT_INITIALIZED), + "operation not initialized"}, + {ERR_REASON(GMAPI_R_SAF_ERROR), "saf error"}, + {ERR_REASON(GMAPI_R_SIGN_FAILED), "sign failed"}, + {ERR_REASON(GMAPI_R_VERIFY_NOT_PASS), "verify not pass"}, + {0, NULL} +}; + +#endif + +int ERR_load_GMAPI_strings(void) +{ +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(GMAPI_str_functs[0].error) == NULL) { + ERR_load_strings(0, GMAPI_str_functs); + ERR_load_strings(0, GMAPI_str_reasons); + } +#endif + return 1; +} diff --git a/crypto/gmapi/gmapi_sdf_ec.c b/crypto/gmapi/gmapi_sdf_ec.c new file mode 100644 index 00000000..b78f1ba6 --- /dev/null +++ b/crypto/gmapi/gmapi_sdf_ec.c @@ -0,0 +1,696 @@ +/* ==================================================================== + * Copyright (c) 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* put these functions under name `gmapi`, even if in the future the SDF + * implementation is organized into a standalone sub-library, we still need + * some convert functions between native types and the SDF types. So we can + * mix this with SDF engine without relying on the `sdf` sub-library + * + * Attension: as the functions in this file can be seen as the native + * functions of GmSSL/OpenSSL, so the return values of these functions will + * follow the convention of OpenSSL, return 1 for success and 0 for error. + * This is different from SAF/SDF/SKF where return 0 means success. + */ + +#include +#include +#include +#include +#include + +EC_KEY *EC_KEY_new_from_ECCrefPublicKey(const ECCrefPublicKey *ref) +{ + EC_KEY *ret; + + if (!(ret = EC_KEY_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_EC_KEY_NEW_FROM_ECCREFPUBLICKEY, ERR_R_EC_LIB); + return NULL; + } + + if (!EC_KEY_set_ECCrefPublicKey(ret, ref)) { + GMAPIerr(GMAPI_F_EC_KEY_NEW_FROM_ECCREFPUBLICKEY, + GMAPI_R_DECODE_EC_PUBLIC_KEY_FAILED); + EC_KEY_free(ret); + return NULL; + } + + return ret; +} + +int EC_KEY_set_ECCrefPublicKey(EC_KEY *ec_key, const ECCrefPublicKey *ref) +{ + int ret = 0; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + int nbytes; + + /* check arguments */ + if (!ec_key || !ref) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPUBLICKEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (ref->bits != EC_GROUP_get_degree(EC_KEY_get0_group(ec_key))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPUBLICKEY, + GMAPI_R_INVALID_KEY_LENGTH); + return 0; + } + + /* ECCrefPublicKey ==> EC_KEY */ + nbytes = (ref->bits + 7)/8; + + if (!(x = BN_bin2bn(ref->x, nbytes, NULL))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPUBLICKEY, ERR_R_BN_LIB); + goto end; + } + if (!(y = BN_bin2bn(ref->y, nbytes, NULL))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPUBLICKEY, ERR_R_BN_LIB); + goto end; + } + if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x, y)) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPUBLICKEY, + GMAPI_R_INVALID_PUBLIC_KEY); + goto end; + } + + ret = 1; +end: + BN_free(x); + BN_free(y); + return ret; +} + +int EC_KEY_get_ECCrefPublicKey(EC_KEY *ec_key, ECCrefPublicKey *ref) +{ + int ret = 0; + BN_CTX *bn_ctx = NULL; + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + const EC_POINT *point = EC_KEY_get0_public_key(ec_key); + BIGNUM *x; + BIGNUM *y; + + /* check arguments */ + if (!ec_key || !ref) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + /* prepare */ + if (!(bn_ctx = BN_CTX_new())) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY, ERR_R_BN_LIB); + goto end; + } + BN_CTX_start(bn_ctx); + x = BN_CTX_get(bn_ctx); + y = BN_CTX_get(bn_ctx); + if (!x || !y) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY, ERR_R_BN_LIB); + goto end; + } + + if (EC_GROUP_get_degree(group) > ECCref_MAX_BITS) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY, + GMAPI_R_INVALID_KEY_LENGTH); + goto end; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY, ERR_R_EC_LIB); + goto end; + } + } + + /* EC_KEY ==> ECCrefPublicKey */ + memset(ref, 0, sizeof(*ref)); + ref->bits = EC_GROUP_get_degree(group); + if (!BN_bn2bin(x, ref->x + ECCref_MAX_LEN - BN_num_bytes(x))) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY, ERR_R_BN_LIB); + goto end; + } + if (!BN_bn2bin(y, ref->y + ECCref_MAX_LEN - BN_num_bytes(y))) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY, ERR_R_BN_LIB); + goto end; + } + + ret = 1; +end: + if (bn_ctx) { + BN_CTX_end(bn_ctx); + } + BN_CTX_free(bn_ctx); + return ret; +} + +EC_KEY *EC_KEY_new_from_ECCrefPrivateKey(const ECCrefPrivateKey *ref) +{ + EC_KEY *ret; + + if (!(ret = EC_KEY_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_EC_KEY_NEW_FROM_ECCREFPRIVATEKEY, ERR_R_EC_LIB); + return NULL; + } + + if (!EC_KEY_set_ECCrefPrivateKey(ret, ref)) { + GMAPIerr(GMAPI_F_EC_KEY_NEW_FROM_ECCREFPRIVATEKEY, + GMAPI_R_DECODE_EC_PRIVATE_KEY_FAILED); + EC_KEY_free(ret); + return NULL; + } + + return ret; +} + +int EC_KEY_set_ECCrefPrivateKey(EC_KEY *ec_key, const ECCrefPrivateKey *ref) +{ + int ret = 0; + BIGNUM *d = NULL; + + if (!ec_key || !ref) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPRIVATEKEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (ref->bits != EC_GROUP_get_degree(EC_KEY_get0_group(ec_key))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPRIVATEKEY, + GMAPI_R_INVALID_KEY_LENGTH); + goto end; + } + + if (!(d = BN_bin2bn(ref->K, ECCref_MAX_LEN, NULL))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPRIVATEKEY, ERR_R_BN_LIB); + goto end; + } + if (!EC_KEY_set_private_key(ec_key, d)) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCREFPRIVATEKEY, + GMAPI_R_INVALID_PRIVATE_KEY); + goto end; + } + + ret = 1; +end: + BN_clear_free(d); + return ret; +} + +int EC_KEY_get_ECCrefPrivateKey(EC_KEY *ec_key, ECCrefPrivateKey *ref) +{ + const EC_GROUP *group; + const BIGNUM *sk; + int nbytes; + + /* check arguments */ + if (!ec_key || !ref) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPRIVATEKEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + group = EC_KEY_get0_group(ec_key); + sk = EC_KEY_get0_private_key(ec_key); + + if (!group || !sk) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPRIVATEKEY, + GMAPI_R_INVALID_EC_PRIVATE_KEY); + return 0; + } + + if (EC_GROUP_get_degree(group) > ECCref_MAX_BITS) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPRIVATEKEY, + GMAPI_R_INVALID_KEY_LENGTH); + return 0; + } + + /* EC_KEY ==> ECCrefPrivateKey */ + memset(ref, 0, sizeof(*ref)); + + ref->bits = EC_GROUP_get_degree(group); + + nbytes = (EC_GROUP_get_degree(group) + 7)/8; + if (!BN_bn2bin(sk, ref->K + nbytes - BN_num_bytes(sk))) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCREFPRIVATEKEY, ERR_R_BN_LIB); + return 0; + } + + return 1; +} + +SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCipher( + const ECCCipher *ref) +{ + SM2_CIPHERTEXT_VALUE *ret = NULL; + SM2_CIPHERTEXT_VALUE *cv = NULL; + EC_GROUP *group = NULL; + + /* check arguments */ + if (!ref) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (ref->L > INT_MAX) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + GMAPI_R_INVALID_CIPHETEXT_LENGTH); + return NULL; + } + + /* ECCCipher => SM2_CIPHERTEXT_VALUE */ + if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + ERR_R_EC_LIB); + goto end; + } + + if (!(cv = SM2_CIPHERTEXT_VALUE_new(group))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + GMAPI_R_MALLOC_FAILED); + goto end; + } + + if (!SM2_CIPHERTEXT_VALUE_set_ECCCipher(cv, ref)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER, + GMAPI_R_INVALID_SM2_CIPHERTEXT); + goto end; + } + + ret = cv; + cv = NULL; + +end: + EC_GROUP_free(group); + SM2_CIPHERTEXT_VALUE_free(cv); + return ret; +} + +/* + * Different vendors might have different encoding of field elements when + * the buffer is larger than requirment. We assume the encoding to be + * big-endian, which means that there will be prefix zeros in the buffer + * before the field element. Another popular encoding is to use the suffix + * zeros. When the gmapi wrapper is working with vendor's SDF + * implementations, developers have to check the encoding of the vendor's + * library to make sure the encoding/decoding is correct + */ +int SM2_CIPHERTEXT_VALUE_set_ECCCipher(SM2_CIPHERTEXT_VALUE *cv, + const ECCCipher *ref) +{ + int ret = 0; + BN_CTX *bn_ctx = NULL; + EC_GROUP *group = NULL; + BIGNUM *x; + BIGNUM *y; + int nbytes; + + /* check arguments */ + if (!cv || !ref) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + /* variables */ + if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + ERR_R_EC_LIB); + goto end; + } + /* this will never happen with GmSSL's sdf.h */ + if (EC_GROUP_get_degree(group) > ECCref_MAX_BITS) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPI_R_INVALID_KEY_LENGTH); + goto end; + } + nbytes = (EC_GROUP_get_degree(group) + 7)/8; + + /* malloc */ + if (!(bn_ctx = BN_CTX_new())) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + ERR_R_MALLOC_FAILURE); + goto end; + } + BN_CTX_start(bn_ctx); + x = BN_CTX_get(bn_ctx); + y = BN_CTX_get(bn_ctx); + if (!x || !y) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + ERR_R_MALLOC_FAILURE); + goto end; + } + + /* ECCCipher ==> SM2_CIPHERTEXT_VALUE */ + if (!BN_bin2bn(ref->x, ECCref_MAX_LEN, x)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + ERR_R_BN_LIB); + goto end; + } + if (!BN_bin2bn(ref->y, ECCref_MAX_LEN, y)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + ERR_R_BN_LIB); + goto end; + } + if (!cv->ephem_point) { + if (!(cv->ephem_point = EC_POINT_new(group))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, ERR_R_EC_LIB); + goto end; + } + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_set_affine_coordinates_GFp(group, cv->ephem_point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, cv->ephem_point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, ERR_R_EC_LIB); + goto end; + } + } + + cv->mactag_size = 32; + memcpy(cv->mactag, ref->M, 32); + + if (ref->L <= 0 || ref->L > INT_MAX) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPI_R_INVALID_CIPHERTEXT_LENGTH); + goto end; + } + cv->ciphertext_size = (size_t)ref->L; + + if (!(cv->ciphertext = OPENSSL_realloc(cv->ciphertext, (size_t)ref->L))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER, + GMAPI_R_MALLOC_FAILED); + goto end; + } + memcpy(cv->ciphertext, ref->C, (size_t)ref->L); + + /* set return value */ + ret = 0; + +end: + EC_GROUP_free(group); + if (bn_ctx) { + BN_CTX_end(bn_ctx); + } + BN_CTX_free(bn_ctx); + return ret; +} + +/* The caller need to prepare buffer larger than `sizeof(ECCipher)` to hold + * the result. Some vendors might change the define of `ECCCipher->C[1]` to + * larger buffer, such as `ECCCipher->C[ECC_CIPHER_MAX_LEN]`, but our + * implementation will not know this. So always init `ECCCipher->L` to the + * buffer size for ciphertext. + * Some vendors might even change the definition of `ECCCipher`, then there + * will be compiling errors when compiled with the vendor's header file. So + * when you will use a vendor's SDF library, do not use `openssl/sdf.h`, but + * use the vendor's header file. Then the errors can be found by the + * compiler. + */ +int SM2_CIPHERTEXT_VALUE_get_ECCCipher(const SM2_CIPHERTEXT_VALUE *cv, + ECCCipher *ref) +{ + int ret = 0; + BN_CTX *bn_ctx = NULL; + EC_GROUP *group = NULL; + BIGNUM *x; + BIGNUM *y; + + /* check arguments */ + if (!cv || !ref) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + /* as the `ECCCipher->C[1]` default size is too small, we have to + * check `ECCCipher->L` to make sure caller has initialized this + * structure and prepared enough buffer to hold variable length + * ciphertext + */ + if (ref->L < cv->ciphertext_size) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPI_R_BUFFER_TOO_SMALL); + return 0; + } + + /* malloc */ + if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, ERR_R_EC_LIB); + return 0; + } + + if (!(bn_ctx = BN_CTX_new())) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, ERR_R_BN_LIB); + goto end; + } + + BN_CTX_start(bn_ctx); + x = BN_CTX_get(bn_ctx); + y = BN_CTX_get(bn_ctx); + if (!x || !y) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + ERR_R_MALLOC_FAILURE); + goto end; + } + + /* SM2_CIPHERTEXT_VALUE ==> ECCCipher */ + memset(ref, 0, sizeof(*ref)); + + /* encode ephem point `ECCCipher->x`, `ECCCipher->y` */ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, cv->ephem_point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, cv->ephem_point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + ERR_R_EC_LIB); + goto end; + } + } + /* + * check compatible of SM2_CIPHERTEXT_VALUE with EC_GROUP + * In gmapi we only do simple checks, i.e. length of coordinates. + * We assume that more checks, such as x, y in the range of [1, p] + * and other semantic checks should be done by the `sm2` module. + */ + if (BN_num_bits(x) > EC_GROUP_get_degree(group) || + BN_num_bits(y) > EC_GROUP_get_degree(group)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPI_R_INVALID_CIPHERTEXT_POINT); + goto end; + } + if (!BN_bn2bin(x, ref->x + ECCref_MAX_LEN - BN_num_bytes(x))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + ERR_R_BN_LIB); + goto end; + } + if (!BN_bn2bin(y, ref->y + ECCref_MAX_LEN - BN_num_bytes(y))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + ERR_R_BN_LIB); + goto end; + } + + /* encode mac `ECCCipher->M[32]` */ + if (cv->mactag_size != 32) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPI_R_INVALID_CIPHERTEXT_MAC); + goto end; + } + memcpy(ref->M, cv->mactag, cv->mactag_size); + + /* encode ciphertext `ECCCipher->L`, `ECCCipher->C[]` */ + if (cv->ciphertext_size <= 0 || cv->ciphertext_size > INT_MAX) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER, + GMAPI_R_INVALID_CIPHERTEXT_LENGTH); + goto end; + } + ref->L = (unsigned int)cv->ciphertext_size; + memcpy(ref->C, cv->ciphertext, cv->ciphertext_size); + + /* set return value */ + ret = 1; +end: + if (bn_ctx) { + BN_CTX_end(bn_ctx); + } + BN_CTX_free(bn_ctx); + EC_GROUP_free(group); + return ret; +} + +ECDSA_SIG *ECDSA_SIG_new_from_ECCSignature(const ECCSignature *ref) +{ + ECDSA_SIG *ret = NULL; + ECDSA_SIG *sig = NULL; + + /* check arguments */ + if (!ref) { + GMAPIerr(GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATURE, + ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + /* generate and convert */ + if (!(sig = ECDSA_SIG_new())) { + GMAPIerr(GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATURE, + GMAPI_R_MALLOC_FAILED); + goto end; + } + if (!ECDSA_SIG_set_ECCSignature(sig, ref)) { + GMAPIerr(GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATURE, + GMAPI_R_INVALID_SIGNATURE); + goto end; + } + + /* set return value */ + ret = sig; + sig = NULL; + +end: + ECDSA_SIG_free(sig); + return ret; +} + +int ECDSA_SIG_set_ECCSignature(ECDSA_SIG *sig, const ECCSignature *ref) +{ + int ret = 0; + BIGNUM *r = NULL; + BIGNUM *s = NULL; + + /* check arguments */ + if (!sig || !ref) { + GMAPIerr(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATURE, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + /* ECCSignature ==> ECDSA_SIG */ + if (!(r = BN_bin2bn(ref->r, ECCref_MAX_LEN, NULL))) { + GMAPIerr(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATURE, ERR_R_BN_LIB); + goto end; + } + if (!(s = BN_bin2bn(ref->s, ECCref_MAX_LEN, NULL))) { + GMAPIerr(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATURE, ERR_R_BN_LIB); + goto end; + } + /* when using `sm2p256v1`, we need to check (s, r) length correct */ + if (BN_num_bytes(r) != 256/8 || BN_num_bytes(s) != 256/8) { + GMAPIerr(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATURE, + GMAPI_R_INVALID_SM2_SIGNATURE); + goto end; + } + + /* set return value + * `ECDSA_SIG_set0` should make sure that if failed, do not accept + * the value of (r, s), or there will be double-free + */ + if (!ECDSA_SIG_set0(sig, r, s)) { + GMAPIerr(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATURE, + ERR_R_EC_LIB); + goto end; + } + + r = NULL; + s = NULL; + ret = 1; + +end: + BN_free(r); + BN_free(s); + return ret; +} + +int ECDSA_SIG_get_ECCSignature(const ECDSA_SIG *sig, ECCSignature *ref) +{ + /* (r, s) are pointed to (sig->r, sig->s), so dont free (r, s) */ + const BIGNUM *r = NULL; + const BIGNUM *s = NULL; + + /* check arguments */ + if (!sig || !ref) { + GMAPIerr(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATURE, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + /* check ECDSA_SIG + * `ECDSA_SIG_get0() return void + */ + ECDSA_SIG_get0(sig, &r, &s); + + if (BN_num_bytes(r) > ECCref_MAX_LEN || + BN_num_bytes(s) > ECCref_MAX_LEN) { + GMAPIerr(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATURE, + GMAPI_R_NOT_CONVERTABLE); + return 0; + } + + /* ECDSA_SIG ==> ECCSignature */ + memset(ref, 0, sizeof(*ref)); + + if (!BN_bn2bin(r, ref->r + ECCref_MAX_LEN - BN_num_bytes(r))) { + GMAPIerr(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATURE, ERR_R_BN_LIB); + return 0; + } + if (!BN_bn2bin(s, ref->s + ECCref_MAX_LEN - BN_num_bytes(s))) { + GMAPIerr(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATURE, ERR_R_BN_LIB); + return 0; + } + + return 1; +} + diff --git a/crypto/gmapi/gmapi_sdf_rsa.c b/crypto/gmapi/gmapi_sdf_rsa.c new file mode 100644 index 00000000..822f3d98 --- /dev/null +++ b/crypto/gmapi/gmapi_sdf_rsa.c @@ -0,0 +1,209 @@ +/* ==================================================================== + * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* convert RSA between native and SDF types, never include skf.h */ +#include +#include +#include +#include +#include +#include "../rsa/rsa_locl.h" //FIXME + + +RSA *RSA_new_from_RSArefPublicKey(const RSArefPublicKey *ref) +{ + RSA *ret; + if (!(ret = RSA_new())) { + GMAPIerr(GMAPI_F_RSA_NEW_FROM_RSAREFPUBLICKEY, ERR_R_RSA_LIB); + return NULL; + } + if (!RSA_set_RSArefPublicKey(ret, ref)) { + GMAPIerr(GMAPI_F_RSA_NEW_FROM_RSAREFPUBLICKEY, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + RSA_free(ret); + return NULL; + } + return ret; +} + +int RSA_set_RSArefPublicKey(RSA *rsa, const RSArefPublicKey *ref) +{ + if (!rsa || !ref) { + GMAPIerr(GMAPI_F_RSA_SET_RSAREFPUBLICKEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if ((ref->bits < 1024) || (ref->bits > RSAref_MAX_LEN*8) || + (ref->bits % 8 != 0)) { + GMAPIerr(GMAPI_F_RSA_SET_RSAREFPUBLICKEY, + GMAPI_R_INVALID_RSA_KEY_LENGTH); + return 0; + } + if (!(rsa->n = BN_bin2bn(ref->m, ref->bits/8, rsa->n))) { + GMAPIerr(GMAPI_F_RSA_SET_RSAREFPUBLICKEY, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + if (!(rsa->e = BN_bin2bn(ref->e, RSAref_MAX_LEN, rsa->e))) { + GMAPIerr(GMAPI_F_RSA_SET_RSAREFPUBLICKEY, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + if (!RSA_check_key(rsa)) { + GMAPIerr(GMAPI_F_RSA_SET_RSAREFPUBLICKEY, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + return 1; +} + +int RSA_get_RSArefPublicKey(RSA *rsa, RSArefPublicKey *ref) +{ + int nbytes; + if (!rsa || !ref) { + GMAPIerr(GMAPI_F_RSA_GET_RSAREFPUBLICKEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!rsa->n || !rsa->e) { + GMAPIerr(GMAPI_F_RSA_GET_RSAREFPUBLICKEY, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + nbytes = BN_num_bytes(rsa->n); + if (!BN_bn2bin(rsa->n, ref->m) || !BN_bn2bin(rsa->e, + ref->e + MAX_RSA_EXPONENT_LEN - BN_num_bytes(rsa->e))) { + GMAPIerr(GMAPI_F_RSA_GET_RSAREFPUBLICKEY, + GMAPI_R_ENCODE_RSA_PUBLIC_KEY_FAILED); + return 0; + } + return 1; +} + +RSA *RSA_new_from_RSArefPrivateKey(const RSArefPrivateKey *ref) +{ + RSA *ret; + if (!(ret = RSA_new())) { + GMAPIerr(GMAPI_F_RSA_NEW_FROM_RSAREFPRIVATEKEY, ERR_R_RSA_LIB); + return NULL; + } + if (!RSA_set_RSArefPrivateKey(ret, ref)) { + GMAPIerr(GMAPI_F_RSA_NEW_FROM_RSAREFPRIVATEKEY, + GMAPI_R_INVALID_RSA_PRIVATE_KEY); + RSA_free(ret); + return NULL; + } + return ret; +} + + +int RSA_set_RSArefPrivateKey(RSA *rsa, const RSArefPrivateKey *ref) +{ + int nbytes; + if (!rsa || !ref) { + GMAPIerr(GMAPI_F_RSA_SET_RSAREFPRIVATEKEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if ((ref->bits < 1024) || (ref->bits > RSAref_MAX_LEN*8) || + (ref->bits % 8 != 0) || (ref->bits % 16 != 0)) { + GMAPIerr(GMAPI_F_RSA_SET_RSAREFPRIVATEKEY, + GMAPI_R_INVALID_KEY_LENGTH); + return 0; + } + nbytes = ref->bits/8; + if (!(rsa->n = BN_bin2bn(ref->m, nbytes, rsa->n)) || + !(rsa->e = BN_bin2bn(ref->e, MAX_RSA_EXPONENT_LEN, rsa->e)) || + !(rsa->d = BN_bin2bn(ref->d, nbytes, rsa->d)) || + !(rsa->p = BN_bin2bn(ref->prime[0], nbytes/2, rsa->p)) || + !(rsa->q = BN_bin2bn(ref->prime[1], nbytes/2, rsa->q)) || + !(rsa->dmp1 = BN_bin2bn(ref->pexp[0], nbytes/2, rsa->dmp1)) || + !(rsa->dmq1 = BN_bin2bn(ref->pexp[1], nbytes/2, rsa->dmq1)) || + !(rsa->iqmp = BN_bin2bn(ref->coef, nbytes/2, rsa->iqmp))) { + GMAPIerr(GMAPI_F_RSA_SET_RSAREFPRIVATEKEY, + GMAPI_R_INVALID_RSA_PRIVATE_KEY); + return 0; + } + return 1; +} + +int RSA_get_RSArefPrivateKey(RSA *rsa, RSArefPrivateKey *ref) +{ + int nbytes; + if (!rsa || !ref) { + GMAPIerr(GMAPI_F_RSA_GET_RSAREFPRIVATEKEY, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!rsa->n || !rsa->e || !rsa->d || !rsa->p || !rsa->q || + !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { + GMAPIerr(GMAPI_F_RSA_GET_RSAREFPRIVATEKEY, + GMAPI_R_INVALID_RSA_PRIVATE_KEY); + return 0; + } + + memset(ref, 0, sizeof(*ref)); + ref->bits = BN_num_bits(rsa->n); + + nbytes = BN_num_bytes(rsa->n); + if (!BN_bn2bin(rsa->n, ref->m) || + !BN_bn2bin(rsa->e, ref->e + MAX_RSA_EXPONENT_LEN - BN_num_bytes(rsa->e)) || + !BN_bn2bin(rsa->d, ref->d + nbytes - BN_num_bytes(rsa->d)) || + !BN_bn2bin(rsa->p, &(ref->prime[0]) + nbytes/2 - BN_num_bytes(rsa->p)) || + !BN_bn2bin(rsa->q, &(ref->prime[1]) + nbytes/2 - BN_num_bytes(rsa->q)) || + !BN_bn2bin(rsa->dmp1, &(ref->pexp[0]) + nbytes/2 - BN_num_bytes(rsa->dmp1)) || + !BN_bn2bin(rsa->dmq1, &(ref->pexp[1]) + nbytes/2 - BN_num_bytes(rsa->dmq1)) || + !BN_bn2bin(rsa->iqmp, ref->coef + nbytes/2 - BN_num_bytes(rsa->iqmp))) { + GMAPIerr(GMAPI_F_RSA_GET_RSAREFPRIVATEKEY, + GMAPI_R_INVALID_RSA_PRIVATE_KEY); + return 0; + } + + return 1; +} diff --git a/crypto/gmapi/gmapi_sgd.c b/crypto/gmapi/gmapi_sgd.c new file mode 100644 index 00000000..e81684f4 --- /dev/null +++ b/crypto/gmapi/gmapi_sgd.c @@ -0,0 +1,118 @@ +/* ==================================================================== + * Copyright (c) 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include + +const EVP_MD *EVP_get_digestbysgd(int sgd) +{ + switch (sgd) { + case SGD_SM3: + return EVP_sm3(); + case SGD_SHA1: + return EVP_sha1(); + case SGD_SHA256: + return EVP_sha256(); + } + return NULL; +} + +const EVP_CIPHER *EVP_get_cipherbysgd(int sgd) +{ + switch (sgd) { + case SGD_SM4_ECB: + return EVP_sms4_ecb(); + case SGD_SM4_CBC: + return EVP_sms4_cbc(); + case SGD_SM4_CFB: + return EVP_sms4_cfb(); + case SGD_SM4_OFB: + return EVP_sms4_ofb(); +#define OPENSSL_NO_ZUC +#ifndef OPENSSL_NO_ZUC + case SGD_ZUC: + return EVP_zuc(); + case SGD_ZUC_EEA3: + return EVP_zuc_eea3(); +#endif + } + return NULL; +} + +/* +int load_engine(void) +{ + ENGINE *e; + + ENGINE_load_builtin_engines(0); + + ENGINE_register_all_complete(); + + +} +*/ + + +const char *GMAPI_keyusage2str(int usage) +{ + return NULL; +} + +int GMAPI_sgd2ciphernid(int sgd) +{ + return 0; +} + +int GMAPI_sgd2mdnid(int sgd) +{ + return 0; +} + diff --git a/crypto/gmapi/gmapi_skf_ec.c b/crypto/gmapi/gmapi_skf_ec.c new file mode 100644 index 00000000..bc345399 --- /dev/null +++ b/crypto/gmapi/gmapi_skf_ec.c @@ -0,0 +1,492 @@ +/* ==================================================================== + * Copyright (c) 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include "../ec/ec_lcl.h" + + +EC_KEY *EC_KEY_new_from_ECCPUBLICKEYBLOB(const ECCPUBLICKEYBLOB *blob) +{ + EC_KEY *ret; + + if (!(ret = EC_KEY_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_EC_KEY_NEW_FROM_ECCPUBLICKEYBLOB, ERR_R_EC_LIB); + return NULL; + } + + if (!EC_KEY_set_ECCPUBLICKEYBLOB(ret, blob)) { + GMAPIerr(GMAPI_F_EC_KEY_NEW_FROM_ECCPUBLICKEYBLOB, + GMAPI_R_DECODE_EC_PUBLIC_KEY_FAILED); + EC_KEY_free(ret); + return NULL; + } + + return ret; +} + +int EC_KEY_set_ECCPUBLICKEYBLOB(EC_KEY *ec_key, const ECCPUBLICKEYBLOB *blob) +{ + int ret = 0; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + int nbytes; + + if (blob->BitLen != EC_GROUP_get_degree(EC_KEY_get0_group(ec_key))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCPUBLICKEYBLOB, GMAPI_R_INVALID_KEY_LENGTH); + return 0; + } + + nbytes = (blob->BitLen + 7)/8; + + if (!(x = BN_bin2bn(blob->XCoordinate, nbytes, NULL))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCPUBLICKEYBLOB, ERR_R_BN_LIB); + goto end; + } + if (!(y = BN_bin2bn(blob->YCoordinate, nbytes, NULL))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCPUBLICKEYBLOB, ERR_R_BN_LIB); + goto end; + } + if (!EC_KEY_set_public_key_affine_coordinates(ec_key, x, y)) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCPUBLICKEYBLOB, GMAPI_R_INVALID_PUBLIC_KEY); + goto end; + } + + ret = 1; +end: + BN_free(x); + BN_free(y); + return ret; +} + +int EC_KEY_get_ECCPUBLICKEYBLOB(EC_KEY *ec_key, ECCPUBLICKEYBLOB *blob) +{ + int ret = 0; + int nbytes; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + BN_CTX *bn_ctx = NULL; + const EC_GROUP *group = EC_KEY_get0_group(ec_key); + const EC_POINT *point = EC_KEY_get0_public_key(ec_key); + + nbytes = (EC_GROUP_get_degree(group) + 7)/8; + if (nbytes > ECC_MAX_MODULUS_BITS_LEN/8) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPUBLICKEYBLOB, GMAPI_R_INVALID_KEY_LENGTH); + goto end; + } + + x = BN_new(); + y = BN_new(); + bn_ctx = BN_CTX_new(); + if (!x || !y || !bn_ctx) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPUBLICKEYBLOB, ERR_R_BN_LIB); + goto end; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPUBLICKEYBLOB, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPUBLICKEYBLOB, ERR_R_EC_LIB); + goto end; + } + } + + memset(blob, 0, sizeof(*blob)); + blob->BitLen = EC_GROUP_get_degree(group); + if (!BN_bn2bin(x, blob->XCoordinate + nbytes - BN_num_bytes(x))) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPUBLICKEYBLOB, ERR_R_BN_LIB); + goto end; + } + if (!BN_bn2bin(y, blob->YCoordinate + nbytes - BN_num_bytes(y))) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPUBLICKEYBLOB, ERR_R_BN_LIB); + goto end; + } + + ret = 1; +end: + BN_free(x); + BN_free(y); + BN_CTX_free(bn_ctx); + return ret; +} + +EC_KEY *EC_KEY_new_from_ECCPRIVATEKEYBLOB(const ECCPRIVATEKEYBLOB *blob) +{ + EC_KEY *ret; + + if (!(ret = EC_KEY_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_EC_KEY_NEW_FROM_ECCPRIVATEKEYBLOB, ERR_R_EC_LIB); + return NULL; + } + + if (!EC_KEY_set_ECCPRIVATEKEYBLOB(ret, blob)) { + GMAPIerr(GMAPI_F_EC_KEY_NEW_FROM_ECCPRIVATEKEYBLOB, + GMAPI_R_DECODE_EC_PRIVATE_KEY_FAILED); + EC_KEY_free(ret); + return NULL; + } + + return ret; +} + +int EC_KEY_set_ECCPRIVATEKEYBLOB(EC_KEY *ec_key, const ECCPRIVATEKEYBLOB *blob) +{ + int ret = 0; + BIGNUM *d = NULL; + int nbytes; + + //FIXME: is this right? + if (blob->BitLen != EC_GROUP_get_degree(EC_KEY_get0_group(ec_key))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCPRIVATEKEYBLOB, GMAPI_R_INVALID_KEY_LENGTH); + goto end; + } + + nbytes = (blob->BitLen + 7)/8; + + if (!(d = BN_bin2bn(blob->PrivateKey, nbytes, NULL))) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCPRIVATEKEYBLOB, ERR_R_BN_LIB); + goto end; + } + if (!EC_KEY_set_private_key(ec_key, d)) { + GMAPIerr(GMAPI_F_EC_KEY_SET_ECCPRIVATEKEYBLOB, GMAPI_R_INVALID_PRIVATE_KEY); + goto end; + } + + ret = 1; +end: + BN_clear_free(d); + return ret; +} + +int EC_KEY_get_ECCPRIVATEKEYBLOB(EC_KEY *ec_key, ECCPRIVATEKEYBLOB *blob) +{ + int ret = 0; + BIGNUM *order = NULL; + const BIGNUM *d; + int nbytes; + + if (!(order = BN_new())) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPRIVATEKEYBLOB, GMAPI_R_MALLOC_FAILED); + goto end; + } + + if (!EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, NULL)) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPRIVATEKEYBLOB, ERR_R_EC_LIB); + goto end; + } + + nbytes = BN_num_bytes(order); + if (nbytes > ECC_MAX_MODULUS_BITS_LEN/8) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPRIVATEKEYBLOB, GMAPI_R_INVALID_KEY_LENGTH); + goto end; + } + + if (!(d = EC_KEY_get0_private_key(ec_key))) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPRIVATEKEYBLOB, GMAPI_R_INVALID_EC_KEY); + goto end; + } + + if (!BN_bn2bin(d, blob->PrivateKey + nbytes - BN_num_bytes(d))) { + GMAPIerr(GMAPI_F_EC_KEY_GET_ECCPRIVATEKEYBLOB, ERR_R_BN_LIB); + goto end; + } + + ret = 1; + +end: + BN_free(order); + return ret; +} + +SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB( + const ECCCIPHERBLOB *blob) +{ + int ok = 0; + SM2_CIPHERTEXT_VALUE *ret = NULL; + EC_GROUP *group = NULL; + + if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHERBLOB, + ERR_R_EC_LIB); + goto end; + } + + if (!(ret = SM2_CIPHERTEXT_VALUE_new(group))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHERBLOB, + GMAPI_R_MALLOC_FAILED); + goto end; + } + + if (!SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(ret, blob)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHERBLOB, + GMAPI_R_INVALID_EC_PUBLIC_KEY); + goto end; + } + + ok = 1; + +end: + if (!ok) { + SM2_CIPHERTEXT_VALUE_free(ret); + ret = NULL; + } + EC_GROUP_free(group); + return ret; +} + +int SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(SM2_CIPHERTEXT_VALUE *cv, + const ECCCIPHERBLOB *blob) +{ + int ret = 0; + EC_GROUP *group = NULL; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + BN_CTX *bn_ctx = NULL; + int nbytes; + + if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, + ERR_R_EC_LIB); + return 0; + } + + nbytes = (EC_GROUP_get_degree(group) + 7)/8; + if (nbytes > ECC_MAX_XCOORDINATE_BITS_LEN/8) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, + GMAPI_R_INVALID_KEY_LENGTH); + goto end; + } + + if (!(x = BN_bin2bn(blob->XCoordinate, nbytes, NULL))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); + goto end; + } + if (!(y = BN_bin2bn(blob->YCoordinate, nbytes, NULL))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); + goto end; + } + if (!(bn_ctx = BN_CTX_new())) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_BN_LIB); + goto end; + } + + if (!cv->ephem_point) { + if (!(cv->ephem_point = EC_POINT_new(group))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); + goto end; + } + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_set_affine_coordinates_GFp(group, cv->ephem_point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, cv->ephem_point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, ERR_R_EC_LIB); + goto end; + } + } + + memcpy(cv->mactag, blob->HASH, 32); + cv->mactag_size = 32; + + if ((cv->ciphertext_size = blob->CipherLen) <= 0) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, + GMAPI_R_INVALID_CIPHERTEXT_LENGTH); + goto end; + } + if (!(cv->ciphertext = OPENSSL_realloc(cv->ciphertext, blob->CipherLen))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB, + GMAPI_R_MALLOC_FAILED); + goto end; + } + memcpy(cv->ciphertext, blob->Cipher, blob->CipherLen); + + ret = 0; + +end: + EC_GROUP_free(group); + BN_free(x); + BN_free(y); + BN_CTX_free(bn_ctx); + return ret; +} + +int SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(const SM2_CIPHERTEXT_VALUE *cv, + ECCCIPHERBLOB *blob) +{ + int ret = 0; + EC_GROUP *group = NULL; + BIGNUM *x = NULL; + BIGNUM *y = NULL; + BN_CTX *bn_ctx = NULL; + + if (!(group = EC_GROUP_new_by_curve_name(NID_sm2p256v1))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); + return 0; + } + + x = BN_new(); + y = BN_new(); + bn_ctx = BN_CTX_new(); + if (!x || !y || !bn_ctx) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); + goto end; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, cv->ephem_point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); + goto end; + } + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, cv->ephem_point, x, y, bn_ctx)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_EC_LIB); + goto end; + } + } + + if ((BN_num_bytes(x) > 256/8) || (BN_num_bytes(y) > 256/8)) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, + GMAPI_R_INVALID_CIPHERTEXT_POINT); + goto end; + } + if (!BN_bn2bin(x, blob->XCoordinate + 256/8 - BN_num_bytes(x))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); + goto end; + } + if (!BN_bn2bin(y, blob->YCoordinate + 256/8 - BN_num_bytes(y))) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, ERR_R_BN_LIB); + goto end; + } + + if (cv->mactag_size != 32) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, + GMAPI_R_INVALID_CIPHERTEXT_MAC); + goto end; + } + memcpy(blob->HASH, cv->mactag, cv->mactag_size); + + if (cv->ciphertext_size <= 0) { + GMAPIerr(GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB, + GMAPI_R_INVALID_CIPHERTEXT_LENGTH); + goto end; + } + memcpy(blob->Cipher, cv->ciphertext, cv->ciphertext_size); + + ret = 1; +end: + EC_GROUP_free(group); + BN_free(x); + BN_free(y); + BN_CTX_free(bn_ctx); + return ret; +} + +ECDSA_SIG *ECDSA_SIG_new_from_ECCSIGNATUREBLOB(const ECCSIGNATUREBLOB *blob) +{ + ECDSA_SIG *ret = NULL; + + if (!(ret = ECDSA_SIG_new())) { + GMAPIerr(GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATUREBLOB, + GMAPI_R_MALLOC_FAILED); + return NULL; + } + + if (!ECDSA_SIG_set_ECCSIGNATUREBLOB(ret, blob)) { + GMAPIerr(GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATUREBLOB, + GMAPI_R_INVALID_SIGNATURE); + ECDSA_SIG_free(ret); + return NULL; + } + + return ret; +} + +int ECDSA_SIG_set_ECCSIGNATUREBLOB(ECDSA_SIG *sig, const ECCSIGNATUREBLOB *blob) +{ + if (!(sig->r = BN_bin2bn(blob->r, 256/8, sig->r))) { + GMAPIerr(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATUREBLOB, ERR_R_BN_LIB); + return SAR_FAIL; + } + + if (!(sig->s = BN_bin2bn(blob->s, 256/8, sig->s))) { + GMAPIerr(GMAPI_F_ECDSA_SIG_SET_ECCSIGNATUREBLOB, ERR_R_BN_LIB); + return SAR_FAIL; + } + + return SAR_OK; +} + +int ECDSA_SIG_get_ECCSIGNATUREBLOB(const ECDSA_SIG *sig, ECCSIGNATUREBLOB *blob) +{ + if ((BN_num_bytes(sig->r) > 256/8) || (BN_num_bytes(sig->s) > 256/8)) { + GMAPIerr(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATUREBLOB, GMAPI_R_INVALID_BIGNUM_LENGTH); + return SAR_FAIL; + } + + if (!BN_bn2bin(sig->r, blob->r + 256/8 - BN_num_bytes(sig->r))) { + GMAPIerr(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATUREBLOB, ERR_R_BN_LIB); + return SAR_FAIL; + } + + if (!BN_bn2bin(sig->s, blob->s + 256/8 - BN_num_bytes(sig->s))) { + GMAPIerr(GMAPI_F_ECDSA_SIG_GET_ECCSIGNATUREBLOB, ERR_R_BN_LIB); + return SAR_FAIL; + } + + return SAR_OK; +} diff --git a/crypto/gmapi/gmapi_skf_rsa.c b/crypto/gmapi/gmapi_skf_rsa.c new file mode 100644 index 00000000..ee7ca6ee --- /dev/null +++ b/crypto/gmapi/gmapi_skf_rsa.c @@ -0,0 +1,214 @@ +/* ==================================================================== + * Copyright (c) 2015-2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include +#include "../rsa/rsa_locl.h" + +/* Wrapper functions */ + +RSA *RSA_new_from_RSAPUBLICKEYBLOB(const RSAPUBLICKEYBLOB *blob) +{ + RSA *ret; + if (!(ret = RSA_new())) { + GMAPIerr(GMAPI_F_RSA_NEW_FROM_RSAPUBLICKEYBLOB, ERR_R_RSA_LIB); + return NULL; + } + if (!RSA_set_RSAPUBLICKEYBLOB(ret, blob)) { + GMAPIerr(GMAPI_F_RSA_NEW_FROM_RSAPUBLICKEYBLOB, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + RSA_free(ret); + return NULL; + } + return ret; +} + +RSA *RSA_new_from_RSAPRIVATEKEYBLOB(const RSAPRIVATEKEYBLOB *blob) +{ + RSA *ret; + if (!(ret = RSA_new())) { + GMAPIerr(GMAPI_F_RSA_NEW_FROM_RSAPRIVATEKEYBLOB, ERR_R_RSA_LIB); + return NULL; + } + if (!RSA_set_RSAPRIVATEKEYBLOB(ret, blob)) { + GMAPIerr(GMAPI_F_RSA_NEW_FROM_RSAPRIVATEKEYBLOB, + GMAPI_R_INVALID_RSA_PRIVATE_KEY); + RSA_free(ret); + return NULL; + } + return ret; +} + +int RSA_set_RSAPUBLICKEYBLOB(RSA *rsa, const RSAPUBLICKEYBLOB *blob) +{ + if (!rsa || !blob) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPUBLICKEYBLOB, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if ((blob->BitLen < 1024) || (blob->BitLen > MAX_RSA_MODULUS_LEN*8) || + (blob->BitLen / 8 != 0)) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPUBLICKEYBLOB, + GMAPI_R_INVALID_RSA_KEY_LENGTH); + return 0; + } + if (!(rsa->n = BN_bin2bn(blob->Modulus, blob->BitLen/8, rsa->n))) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPUBLICKEYBLOB, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + if (!(rsa->e = BN_bin2bn(blob->PublicExponent, MAX_RSA_EXPONENT_LEN, + rsa->e))) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPUBLICKEYBLOB, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + if (!RSA_check_key(rsa)) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPUBLICKEYBLOB, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + return 1; +} + +int RSA_get_RSAPUBLICKEYBLOB(RSA *rsa, RSAPUBLICKEYBLOB *blob) +{ + int nbytes; + if (!rsa || !blob) { + GMAPIerr(GMAPI_F_RSA_GET_RSAPUBLICKEYBLOB, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!rsa->n || !rsa->e) { + GMAPIerr(GMAPI_F_RSA_GET_RSAPUBLICKEYBLOB, + GMAPI_R_INVALID_RSA_PUBLIC_KEY); + return 0; + } + nbytes = BN_num_bytes(rsa->n); + if (!BN_bn2bin(rsa->n, blob->Modulus) || !BN_bn2bin(rsa->e, + blob->PublicExponent + MAX_RSA_EXPONENT_LEN - BN_num_bytes(rsa->e))) { + GMAPIerr(GMAPI_F_RSA_GET_RSAPUBLICKEYBLOB, + GMAPI_R_ENCODE_RSA_PUBLIC_KEY_FAILED); + return 0; + } + return 1; +} + +int RSA_set_RSAPRIVATEKEYBLOB(RSA *rsa, const RSAPRIVATEKEYBLOB *blob) +{ + int nbytes; + if (!rsa || !blob) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (blob->AlgID != SGD_RSA) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB, + GMAPI_R_INVALID_ALGOR); + return 0; + } + if ((blob->BitLen < 1024) || (blob->BitLen > MAX_RSA_MODULUS_LEN*8) || + (blob->BitLen % 8 != 0) || (blob->BitLen % 16 != 0)) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB, + GMAPI_R_INVALID_KEY_LENGTH); + return 0; + } + nbytes = blob->BitLen/8; + if (!(rsa->n = BN_bin2bn(blob->Modulus, nbytes, rsa->n)) || + !(rsa->e = BN_bin2bn(blob->PublicExponent, MAX_RSA_EXPONENT_LEN, rsa->e)) || + !(rsa->d = BN_bin2bn(blob->PrivateExponent, nbytes, rsa->d)) || + !(rsa->p = BN_bin2bn(blob->Prime1, nbytes/2, rsa->p)) || + !(rsa->q = BN_bin2bn(blob->Prime2, nbytes/2, rsa->q)) || + !(rsa->dmp1 = BN_bin2bn(blob->Prime1Exponent, nbytes/2, rsa->dmp1)) || + !(rsa->dmq1 = BN_bin2bn(blob->Prime2Exponent, nbytes/2, rsa->dmq1)) || + !(rsa->iqmp = BN_bin2bn(blob->Coefficient, nbytes/2, rsa->iqmp))) { + GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB, GMAPI_R_INVALID_RSA_PRIVATE_KEY); + return 0; + } + return 1; +} + +int RSA_get_RSAPRIVATEKEYBLOB(RSA *rsa, RSAPRIVATEKEYBLOB *blob) +{ + int nbytes; + if (!rsa || !blob) { + GMAPIerr(GMAPI_F_RSA_GET_RSAPRIVATEKEYBLOB, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!rsa->n || !rsa->e || !rsa->d || !rsa->p || !rsa->q || + !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { + GMAPIerr(GMAPI_F_RSA_GET_RSAPRIVATEKEYBLOB, + GMAPI_R_INVALID_RSA_PRIVATE_KEY); + return 0; + } + + memset(blob, 0, sizeof(*blob)); + blob->AlgID = SGD_RSA; + blob->BitLen = BN_num_bits(rsa->n); + + nbytes = BN_num_bytes(rsa->n); + if (!BN_bn2bin(rsa->n, blob->Modulus) || + !BN_bn2bin(rsa->e, blob->PublicExponent + MAX_RSA_EXPONENT_LEN - BN_num_bytes(rsa->e)) || + !BN_bn2bin(rsa->d, blob->PrivateExponent + nbytes - BN_num_bytes(rsa->d)) || + !BN_bn2bin(rsa->p, blob->Prime1 + nbytes/2 - BN_num_bytes(rsa->p)) || + !BN_bn2bin(rsa->q, blob->Prime2 + nbytes/2 - BN_num_bytes(rsa->q)) || + !BN_bn2bin(rsa->dmp1, blob->Prime1Exponent + nbytes/2 - BN_num_bytes(rsa->dmp1)) || + !BN_bn2bin(rsa->dmq1, blob->Prime2Exponent + nbytes/2 - BN_num_bytes(rsa->dmq1)) || + !BN_bn2bin(rsa->iqmp, blob->Coefficient + nbytes/2 - BN_num_bytes(rsa->iqmp))) { + GMAPIerr(GMAPI_F_RSA_GET_RSAPRIVATEKEYBLOB, GMAPI_R_INVALID_RSA_PRIVATE_KEY); + return 0; + } + + return 1; +} + diff --git a/include/openssl/err.h b/include/openssl/err.h index 71e22d86..86b599d8 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -98,6 +98,7 @@ typedef struct err_state_st { # define ERR_LIB_PAILLIER 55 # define ERR_LIB_CPK 56 # define ERR_LIB_OTP 57 +# define ERR_LIB_GMAPI 58 # define ERR_LIB_USER 128 @@ -141,6 +142,7 @@ typedef struct err_state_st { # define PAILLIERerr(f,r) ERR_PUT_error(ERR_LIB_PAILLIER,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define CPKerr(f,r) ERR_PUT_error(ERR_LIB_CPK,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define OTPerr(f,r) ERR_PUT_error(ERR_LIB_OTP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define GMAPIerr(f,r) ERR_PUT_error(ERR_LIB_GMAPI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ERR_PACK(l,f,r) ( \ (((unsigned int)(l) & 0x0FF) << 24L) | \ @@ -193,6 +195,7 @@ typedef struct err_state_st { # define ERR_R_PAILLIER_LIB ERR_LIB_PAILLIER/* 55 */ # define ERR_R_CPK_LIB ERR_LIB_CPK/* 56 */ # define ERR_R_OTP_LIB ERR_LIB_OTP/* 57 */ +# define ERR_R_GMAPI_LIB ERR_LIB_GMAPI/* 58 */ # define ERR_R_NESTED_ASN1_ERROR 58 # define ERR_R_MISSING_ASN1_EOS 63 diff --git a/include/openssl/gmapi.h b/include/openssl/gmapi.h new file mode 100644 index 00000000..a33260c2 --- /dev/null +++ b/include/openssl/gmapi.h @@ -0,0 +1,299 @@ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ +/* + * Converting types between native types and GM API types + */ + +#ifndef HEADER_GMAPI_H +#define HEADER_GMAPI_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +const char *GMAPI_keyusage2str(int usage); +int GMAPI_sgd2ciphernid(int sgd); +int GMAPI_sgd2mdnid(int sgd); + + +/* SGD <==> EVP */ +const EVP_MD *EVP_get_digestbysgd(int sgd); +const EVP_CIPHER *EVP_get_cipherbysgd(int sgd); + +/* SDF types <==> Native types */ +RSA *RSA_new_from_RSArefPublicKey(const RSArefPublicKey *ref); +RSA *RSA_new_from_RSArefPrivateKey(const RSArefPrivateKey *ref); +int RSA_set_RSArefPublicKey(RSA *rsa, const RSArefPublicKey *ref); +int RSA_set_RSArefPrivateKey(RSA *rsa, const RSArefPrivateKey *ref); +int RSA_get_RSArefPublicKey(RSA *rsa, RSArefPublicKey *ref); +int RSA_get_RSArefPrivateKey(RSA *rsa, RSArefPrivateKey *ref); +EC_KEY *EC_KEY_new_from_ECCrefPublicKey(const ECCrefPublicKey *ref); +EC_KEY *EC_KEY_new_from_ECCrefPrivateKey(const ECCrefPrivateKey *ref); +int EC_KEY_set_ECCrefPublicKey(EC_KEY *ec_key, const ECCrefPublicKey *ref); +int EC_KEY_set_ECCrefPrivateKey(EC_KEY *ec_key, const ECCrefPrivateKey *ref); +int EC_KEY_get_ECCrefPublicKey(EC_KEY *ec_key, ECCrefPublicKey *ref); +int EC_KEY_get_ECCrefPrivateKey(EC_KEY *ec_key, ECCrefPrivateKey *ref); +SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCipher(const ECCCipher *ref); +int SM2_CIPHERTEXT_VALUE_set_ECCCipher(SM2_CIPHERTEXT_VALUE *cv, const ECCCipher *ref); +int SM2_CIPHERTEXT_VALUE_get_ECCCipher(const SM2_CIPHERTEXT_VALUE *cv, ECCCipher *ref); +ECDSA_SIG *ECDSA_SIG_new_from_ECCSignature(const ECCSignature *ref); +int ECDSA_SIG_set_ECCSignature(ECDSA_SIG *sig, const ECCSignature *ref); +int ECDSA_SIG_get_ECCSignature(const ECDSA_SIG *sig, ECCSignature *ref); + +/* SKF types <==> Native types */ +RSA *RSA_new_from_RSAPUBLICKEYBLOB(const RSAPUBLICKEYBLOB *blob); +RSA *RSA_new_from_RSAPRIVATEKEYBLOB(const RSAPRIVATEKEYBLOB *blob); +int RSA_set_RSAPUBLICKEYBLOB(RSA *rsa, const RSAPUBLICKEYBLOB *blob); +int RSA_set_RSAPRIVATEKEYBLOB(RSA *rsa, const RSAPRIVATEKEYBLOB *blob); +int RSA_get_RSAPUBLICKEYBLOB(RSA *rsa, RSAPUBLICKEYBLOB *blob); +int RSA_get_RSAPRIVATEKEYBLOB(RSA *rsa, RSAPRIVATEKEYBLOB *blob); +EC_KEY *EC_KEY_new_from_ECCPUBLICKEYBLOB(const ECCPUBLICKEYBLOB *blob); +EC_KEY *EC_KEY_new_from_ECCPRIVATEKEYBLOB(const ECCPRIVATEKEYBLOB *blob); +int EC_KEY_set_ECCPUBLICKEYBLOB(EC_KEY *ec_key, const ECCPUBLICKEYBLOB *blob); +int EC_KEY_get_ECCPUBLICKEYBLOB(EC_KEY *ec_key, ECCPUBLICKEYBLOB *blob); +int EC_KEY_set_ECCPRIVATEKEYBLOB(EC_KEY *ec_key, const ECCPRIVATEKEYBLOB *blob); +int EC_KEY_get_ECCPRIVATEKEYBLOB(EC_KEY *ec_key, ECCPRIVATEKEYBLOB *blob); +SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB(const ECCCIPHERBLOB *blob); +int SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(SM2_CIPHERTEXT_VALUE *cv, const ECCCIPHERBLOB *blob); +int SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(const SM2_CIPHERTEXT_VALUE *cv, ECCCIPHERBLOB *blob); +ECDSA_SIG *ECDSA_SIG_new_from_ECCSIGNATUREBLOB(const ECCSIGNATUREBLOB *blob); +int ECDSA_SIG_get_ECCSIGNATUREBLOB(const ECDSA_SIG *sig, ECCSIGNATUREBLOB *blob); +int ECDSA_SIG_set_ECCSIGNATUREBLOB(ECDSA_SIG *sig, const ECCSIGNATUREBLOB *blob); + + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +int ERR_load_GMAPI_strings(void); + +/* Error codes for the GMAPI functions. */ + +/* Function codes. */ +# define GMAPI_F_ECDSA_SIG_GET_ECCSIGNATURE 100 +# define GMAPI_F_ECDSA_SIG_GET_ECCSIGNATUREBLOB 101 +# define GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATURE 102 +# define GMAPI_F_ECDSA_SIG_NEW_FROM_ECCSIGNATUREBLOB 103 +# define GMAPI_F_ECDSA_SIG_SET_ECCSIGNATURE 104 +# define GMAPI_F_ECDSA_SIG_SET_ECCSIGNATUREBLOB 105 +# define GMAPI_F_EC_KEY_GET_ECCPRIVATEKEYBLOB 106 +# define GMAPI_F_EC_KEY_GET_ECCPUBLICKEYBLOB 107 +# define GMAPI_F_EC_KEY_GET_ECCREFPRIVATEKEY 108 +# define GMAPI_F_EC_KEY_GET_ECCREFPUBLICKEY 109 +# define GMAPI_F_EC_KEY_NEW_FROM_ECCPRIVATEKEYBLOB 110 +# define GMAPI_F_EC_KEY_NEW_FROM_ECCPUBLICKEYBLOB 111 +# define GMAPI_F_EC_KEY_NEW_FROM_ECCREFPRIVATEKEY 112 +# define GMAPI_F_EC_KEY_NEW_FROM_ECCREFPUBLICKEY 113 +# define GMAPI_F_EC_KEY_SET_ECCPRIVATEKEYBLOB 114 +# define GMAPI_F_EC_KEY_SET_ECCPUBLICKEYBLOB 115 +# define GMAPI_F_EC_KEY_SET_ECCREFPRIVATEKEY 116 +# define GMAPI_F_EC_KEY_SET_ECCREFPUBLICKEY 117 +# define GMAPI_F_RSA_GET_RSAPRIVATEKEYBLOB 118 +# define GMAPI_F_RSA_GET_RSAPUBLICKEYBLOB 119 +# define GMAPI_F_RSA_GET_RSAREFPRIVATEKEY 120 +# define GMAPI_F_RSA_GET_RSAREFPUBLICKEY 121 +# define GMAPI_F_RSA_NEW_FROM_RSAPRIVATEKEYBLOB 122 +# define GMAPI_F_RSA_NEW_FROM_RSAPUBLICKEYBLOB 123 +# define GMAPI_F_RSA_NEW_FROM_RSAREFPRIVATEKEY 124 +# define GMAPI_F_RSA_NEW_FROM_RSAREFPUBLICKEY 125 +# define GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB 126 +# define GMAPI_F_RSA_SET_RSAPUBLICKEYBLOB 127 +# define GMAPI_F_RSA_SET_RSAREFPRIVATEKEY 128 +# define GMAPI_F_RSA_SET_RSAREFPUBLICKEY 129 +# define GMAPI_F_SAF_BASE64_CREATEBASE64OBJ 130 +# define GMAPI_F_SAF_BASE64_DECODE 131 +# define GMAPI_F_SAF_BASE64_DECODEFINAL 132 +# define GMAPI_F_SAF_BASE64_DECODEUPDATE 133 +# define GMAPI_F_SAF_BASE64_ENCODE 134 +# define GMAPI_F_SAF_BASE64_ENCODEFINAL 135 +# define GMAPI_F_SAF_BASE64_ENCODEUPDATE 136 +# define GMAPI_F_SAF_CREATESYMMKEYOBJ 137 +# define GMAPI_F_SAF_ECCPUBLICKEYENC 138 +# define GMAPI_F_SAF_ECCPUBLICKEYENCBYCERT 139 +# define GMAPI_F_SAF_ECCSIGN 140 +# define GMAPI_F_SAF_ECCVERIFYSIGN 141 +# define GMAPI_F_SAF_ECCVERIFYSIGNBYCERT 142 +# define GMAPI_F_SAF_GENECCKEYPAIR 143 +# define GMAPI_F_SAF_GENERATEAGREEMENTDATAWITHECC 144 +# define GMAPI_F_SAF_GENERATEKEYWITHECC 145 +# define GMAPI_F_SAF_GETECCPUBLICKEY 146 +# define GMAPI_F_SAF_MACFINAL 147 +# define GMAPI_F_SAF_MACUPDATE 148 +# define GMAPI_F_SAF_PKCS7_DECODEDIGESTEDDATA 149 +# define GMAPI_F_SAF_PKCS7_ENCODEDIGESTEDDATA 150 +# define GMAPI_F_SAF_SYMMDECRYPTUPDATE 151 +# define GMAPI_F_SAF_SYMMENCRYPTUPDATE 152 +# define GMAPI_F_SKF_CLOSEHANDLE 153 +# define GMAPI_F_SKF_DECRYPT 154 +# define GMAPI_F_SKF_DECRYPTFINAL 155 +# define GMAPI_F_SKF_DECRYPTINIT 156 +# define GMAPI_F_SKF_DECRYPTUPDATE 157 +# define GMAPI_F_SKF_DIGEST 158 +# define GMAPI_F_SKF_DIGESTFINAL 159 +# define GMAPI_F_SKF_DIGESTINIT 160 +# define GMAPI_F_SKF_DIGESTUPDATE 161 +# define GMAPI_F_SKF_ENCRYPT 162 +# define GMAPI_F_SKF_ENCRYPTFINAL 163 +# define GMAPI_F_SKF_ENCRYPTINIT 164 +# define GMAPI_F_SKF_ENCRYPTUPDATE 165 +# define GMAPI_F_SKF_EXTECCDECRYPT 166 +# define GMAPI_F_SKF_EXTECCENCRYPT 167 +# define GMAPI_F_SKF_EXTECCSIGN 168 +# define GMAPI_F_SKF_EXTECCVERIFY 169 +# define GMAPI_F_SKF_EXTRSAPRIKEYOPERATION 170 +# define GMAPI_F_SKF_EXTRSAPUBKEYOPERATION 171 +# define GMAPI_F_SKF_GENEXTECCKEYPAIR 172 +# define GMAPI_F_SKF_GENEXTRSAKEY 173 +# define GMAPI_F_SKF_GENRANDOM 174 +# define GMAPI_F_SKF_GETDEVINFO 175 +# define GMAPI_F_SKF_GETDEVSTATE 176 +# define GMAPI_F_SKF_HANDLE_GET_CBCMAC_CTX 177 +# define GMAPI_F_SKF_HANDLE_GET_CIPHER 178 +# define GMAPI_F_SKF_HANDLE_GET_CIPHER_CTX 179 +# define GMAPI_F_SKF_HANDLE_GET_KEY 180 +# define GMAPI_F_SKF_HANDLE_GET_MD_CTX 181 +# define GMAPI_F_SKF_MAC 182 +# define GMAPI_F_SKF_MACFINAL 183 +# define GMAPI_F_SKF_MACINIT 184 +# define GMAPI_F_SKF_MACUPDATE 185 +# define GMAPI_F_SKF_SETSYMMKEY 186 +# define GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHER 187 +# define GMAPI_F_SM2_CIPHERTEXT_VALUE_GET_ECCCIPHERBLOB 188 +# define GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHER 189 +# define GMAPI_F_SM2_CIPHERTEXT_VALUE_NEW_FROM_ECCCIPHERBLOB 190 +# define GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHER 191 +# define GMAPI_F_SM2_CIPHERTEXT_VALUE_SET_ECCCIPHERBLOB 192 + +/* Reason codes. */ +# define GMAPI_R_BUFFER_TOO_SMALL 100 +# define GMAPI_R_CBCMAC_FAILURE 101 +# define GMAPI_R_CTX_NOT_CREATED 102 +# define GMAPI_R_DECODE_EC_PRIVATE_KEY_FAILED 103 +# define GMAPI_R_DECODE_EC_PUBLIC_KEY_FAILED 104 +# define GMAPI_R_DECRYPT_FAILED 105 +# define GMAPI_R_ENCODE_CIPHERTEXT_FAILED 106 +# define GMAPI_R_ENCODE_FAILED 107 +# define GMAPI_R_ENCODE_RSA_PUBLIC_KEY_FAILED 108 +# define GMAPI_R_ENCODE_SIGNATURE_FAILED 109 +# define GMAPI_R_ENCRYPT_FAILED 110 +# define GMAPI_R_FAIL 111 +# define GMAPI_R_GEN_RANDOM 112 +# define GMAPI_R_GEN_RSA_FAILED 113 +# define GMAPI_R_GET_PRIVATE_KEY_FAILED 114 +# define GMAPI_R_GET_PUBLIC_KEY_FAILED 115 +# define GMAPI_R_INT_OVERFLOW 116 +# define GMAPI_R_INVALID_ALGID 117 +# define GMAPI_R_INVALID_ALGOR 118 +# define GMAPI_R_INVALID_ARGUMENTS 119 +# define GMAPI_R_INVALID_BIGNUM_LENGTH 120 +# define GMAPI_R_INVALID_BLOB 121 +# define GMAPI_R_INVALID_CIPHERTEXT 122 +# define GMAPI_R_INVALID_CIPHERTEXT_LENGTH 123 +# define GMAPI_R_INVALID_CIPHERTEXT_MAC 124 +# define GMAPI_R_INVALID_CIPHERTEXT_POINT 125 +# define GMAPI_R_INVALID_CIPHER_CTX_HANDLE 126 +# define GMAPI_R_INVALID_CIPHETEXT_LENGTH 127 +# define GMAPI_R_INVALID_CONTEXT 128 +# define GMAPI_R_INVALID_DIGEST_ALGOR 129 +# define GMAPI_R_INVALID_DIGEST_LENGTH 130 +# define GMAPI_R_INVALID_ECC_PRIVATE_KEY 131 +# define GMAPI_R_INVALID_ECC_PUBLIC_KEY 132 +# define GMAPI_R_INVALID_EC_KEY 133 +# define GMAPI_R_INVALID_EC_PRIVATE_KEY 134 +# define GMAPI_R_INVALID_EC_PUBLIC_KEY 135 +# define GMAPI_R_INVALID_FEED_BIT_LENGTH 136 +# define GMAPI_R_INVALID_HANDLE 137 +# define GMAPI_R_INVALID_HANDLE_ALGOR 138 +# define GMAPI_R_INVALID_HANDLE_MAGIC 139 +# define GMAPI_R_INVALID_HANDLE_TYPE 140 +# define GMAPI_R_INVALID_HASH_HANDLE 141 +# define GMAPI_R_INVALID_ID_LENGTH 142 +# define GMAPI_R_INVALID_INPUT_LENGTH 143 +# define GMAPI_R_INVALID_IV_LENGTH 144 +# define GMAPI_R_INVALID_KEY_HANDLE 145 +# define GMAPI_R_INVALID_KEY_LENGTH 146 +# define GMAPI_R_INVALID_KEY_USAGE 147 +# define GMAPI_R_INVALID_LENGTH 148 +# define GMAPI_R_INVALID_MAC_HANDLE 149 +# define GMAPI_R_INVALID_PLAINTEXT_LENGTH 150 +# define GMAPI_R_INVALID_PRIVATE_KEY 151 +# define GMAPI_R_INVALID_PUBLIC_KEY 152 +# define GMAPI_R_INVALID_RANDOM_LENGTH 153 +# define GMAPI_R_INVALID_RSA_KEY_LENGTH 154 +# define GMAPI_R_INVALID_RSA_PRIVATE_KEY 155 +# define GMAPI_R_INVALID_RSA_PUBLIC_KEY 156 +# define GMAPI_R_INVALID_SIGNATURE 157 +# define GMAPI_R_INVALID_SM2_CIPHERTEXT 158 +# define GMAPI_R_INVALID_SM2_SIGNATURE 159 +# define GMAPI_R_MAC_FAILURE 160 +# define GMAPI_R_MALLOC_FAILED 161 +# define GMAPI_R_NOT_CONVERTABLE 162 +# define GMAPI_R_NO_PUBLIC_KEY 163 +# define GMAPI_R_NULL_ARGUMENT 164 +# define GMAPI_R_OPERATION_NOT_INITIALIZED 165 +# define GMAPI_R_SAF_ERROR 166 +# define GMAPI_R_SIGN_FAILED 167 +# define GMAPI_R_VERIFY_NOT_PASS 168 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/openssl/sgd.h b/include/openssl/sgd.h new file mode 100644 index 00000000..c2574935 --- /dev/null +++ b/include/openssl/sgd.h @@ -0,0 +1,315 @@ +/* ==================================================================== + * Copyright (c) 2015 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ +/* + * this header file is based on the standard GM/T 0006-2012 + * Cryptographic Application Identifier Criterion Specification + */ + +#ifndef HEADER_SGD_H +#define HEADER_SGD_H + +#include + +/* block cipher modes */ +#define SGD_ECB 0x01 +#define SGD_CBC 0x02 +#define SGD_CFB 0x04 +#define SGD_OFB 0x08 +#define SGD_MAC 0x10 + +/* stream cipher modes */ +#define SGD_EEA3 0x01 +#define SGD_EIA3 0x02 + +/* ciphers */ +#define SGD_SM1 0x00000100 +#define SGD_SSF33 0x00000200 +#define SGD_SM4 0x00000400 +#define SGD_ZUC 0x00000800 + +/* ciphers with modes */ +#define SGD_SM1_ECB (SGD_SM1|SGD_ECB) +#define SGD_SM1_CBC (SGD_SM1|SGD_CBC) +#define SGD_SM1_CFB (SGD_SM1|SGD_CFB) +#define SGD_SM1_OFB (SGD_SM1|SGD_OFB) +#define SGD_SM1_MAC (SGD_SM1|SGD_MAC) +#define SGD_SSF33_ECB (SGD_SSF33|SGD_ECB) +#define SGD_SSF33_CBC (SGD_SSF33|SGD_CBC) +#define SGD_SSF33_CFB (SGD_SSF33|SGD_CFB) +#define SGD_SSF33_OFB (SGD_SSF33|SGD_OFB) +#define SGD_SSF33_MAC (SGD_SSF33|SGD_MAC) +#define SGD_SM4_ECB (SGD_SM4|SGD_ECB) +#define SGD_SM4_CBC (SGD_SM4|SGD_CBC) +#define SGD_SM4_CFB (SGD_SM4|SGD_CFB) +#define SGD_SM4_OFB (SGD_SM4|SGD_OFB) +#define SGD_SM4_MAC (SGD_SM4|SGD_MAC) +#define SGD_ZUC_EEA3 (SGD_ZUC|SGD_EEA3) +#define SGD_ZUC_EIA3 (SGD_ZUC|SGD_EIA3) + +/* public key usage */ +#define SGD_PK_SIGN 0x0100 +#define SGD_PK_DH 0x0200 +#define SGD_PK_ENC 0x0400 + +/* public key types */ +#define SGD_RSA 0x00010000 +#define SGD_RSA_SIGN (SGD_RSA|SGD_PK_SIGN) +#define SGD_RSA_ENC (SGD_RSA|SGD_PK_ENC) +#define SGD_SM2 0x00020000 +#define SGD_SM2_1 (SGD_SM2|SGD_PK_SIGN) +#define SGD_SM2_2 (SGD_SM2|SGD_PK_DH) +#define SGD_SM2_3 (SGD_SM2|SGD_PK_ENC) + +/* hash */ +#define SGD_SM3 0x00000001 +#define SGD_SHA1 0x00000002 +#define SGD_SHA256 0x00000004 +#define SGD_HASH_FROM 0x00000008 +#define SGD_HASH_TO 0x000000FF + +/* signatue schemes */ +#define SGD_SM3_RSA (SGD_SM3|SGD_RSA) +#define SGD_SHA1_RSA (SGD_SHA1|SGD_RSA) +#define SGD_SHA256_RSA (SGD_SHA256|SGD_RSA) +#define SGD_SM3_SM2 (SGD_SM3|SGD_SM2) +#define SGD_SIG_FROM 0x00040000 +#define SGD_SIG_TO 0x800000FF + +/* data types */ +typedef char SGD_CHAR; +typedef char SGD_INT8; +typedef int16_t SGD_INT16; +typedef int32_t SGD_INT32; +typedef int64_t SGD_INT64; +typedef unsigned char SGD_UCHAR; +typedef uint8_t SGD_UINT8; +typedef uint16_t SGD_UINT16; +typedef uint32_t SGD_UINT32; +typedef uint64_t SGD_UINT64; +typedef uint32_t SGD_RV; +typedef void * SGD_OBJ; +typedef int32_t SGD_BOOL; + +#define SGD_TRUE 0x00000001 +#define SGD_FALSE 0x00000000 + +#define SGD_KEY_INDEX 0x00000101 +#define SGD_SECRET_KEY 0x00000102 +#define SGD_PUBLIC_KEY_SIGN 0x00000103 +#define SGD_PUBLIC_KEY_ENCRYPT 0x00000104 +#define SGD_PRIVATE_KEY_SIGN 0x00000105 +#define SGD_PRIVATE_KEY_ENCRYPT 0x00000106 +#define SGD_KEY_COMPONENT 0x00000107 +#define SGD_PASSWORD 0x00000108 +#define SGD_PUBLIC_KEY_CERT 0x00000109 +#define SGD_ATTRIBUTE_CERT 0x1000010A +#define SGD_SIGNATURE_DATA 0x10000111 +#define SGD_ENVELOPE_DATA 0x10000112 +#define SGD_RANDOM_DATA 0x10000113 +#define SGD_PLAIN_DATA 0x10000114 +#define SGD_CIPHER_DATA 0x10000115 +#define SGD_DIGEST_DATA 0x10000116 +#define SGD_USER_DATA 0x10000117 + +/* certificate */ +#define SGD_CERT_VERSION 0x00000001 +#define SGD_CERT_SERIAL 0x00000002 +#define SGD_CERT_ISSUER 0x00000005 +#define SGD_CERT_VALID_TIME 0x00000006 +#define SGD_CERT_SUBJECT 0x00000007 +#define SGD_CERT_DER_PUBLIC_KEY 0x00000008 +#define SGD_CERT_DER_EXTENSIONS 0x00000009 +#define SGD_EXT_AUTHORITYKEYIDENTIFIER_INFO 0x00000011 +#define SGD_EXT_SUBJECTKEYIDENTIFIER_INFO 0x00000012 +#define SGD_EXT_KEYUSAGE_INFO 0x00000013 +#define SGD_EXT_PRIVATEKEYUSAGEPERIOD_INFO 0x00000014 +#define SGD_EXT_CERTIFICATEPOLICIES_INFO 0x00000015 +#define SGD_EXT_POLICYMAPPINGS_INFO 0x00000016 +#define SGD_EXT_BASICCONSTRAINTS_INFO 0x00000017 +#define SGD_EXT_POLICYCONSTRAINTS_INFO 0x00000018 +#define SGD_EXT_EXTKEYUSAGE_INFO 0x00000019 +#define SGD_EXT_CRLDISTRIBUTIONPOINTS_INFO 0x0000001A +#define SGD_EXT_NETSCAPE_CERT_TYPE_INFO 0x0000001B +#define SGD_EXT_SELFDEFINED_EXTENSION_INFO 0x0000001C +#define SGD_CERT_ISSUER_CN 0x00000021 +#define SGD_CERT_ISSUER_O 0x00000022 +#define SGD_CERT_ISSUER_OU 0x00000023 +#define SGD_CERT_SUBJECT_CN 0x00000031 +#define SGD_CERT_SUBJECT_O 0x00000032 +#define SGD_CERT_SUBJECT_OU 0x00000033 +#define SGD_CERT_SUBJECT_EMAIL 0x00000034 +#define SGD_CERT_NOTBEFORE_TIME 0x00000035 +#define SGD_CERT_NOTAFTER_TIME 0x00000036 + +/* timestamp info */ +#define SGD_TIME_OF_STAMP 0x00000201 +#define SGD_CN_OF_TSSIGNER 0x00000202 /* Common Name of TS Signer */ +#define SGD_ORININAL_DATA 0x00000203 +#define SGD_CERT_OF_TSSSERVER 0x00000204 +#define SGD_GERTCHAIN_OF_TSSERVER 0x00000205 +#define SGD_SOURCE_OF_TIME 0x00000206 +#define SGD_TIME_PRECISION 0x00000207 +#define SGD_RESPONSE_TYPE 0x00000208 +#define SGD_SUBJECT_COUNTRY_OF_TSSIGNER 0x00000209 +#define SGD_SUBJECT_ORGNIZATION_OF_TSSIGNER 0x0000020A +#define SGD_SUJECT_CITY_OF_TSSIGNER 0x0000020B +#define SGD_SUBJECT_EMAIL_OF_TSSIGNER 0x0000020C + +/* single sign-on */ +#define SGD_SP_ID 0x00000001 +#define SGD_SP_USER_ID 0x00000002 +#define SGD_IDP_ID 0x00000003 +#define SGD_IDP_USER_ID 0x00000004 + +/* data encoding */ +#define SGD_ENCODING_RAW 0x00000000 +#define SGD_ENCODING_DER 0x01000000 +#define SGD_ENCODING_BASE64 0x02000000 +#define SGD_ENCODING_PEM 0x03000000 +#define SGD_ENCODING_TXT 0x04000000 + +/* APIs */ +#define SGD_PROTOCOL_CSP 1 /* Microsoft CryptoAPI */ +#define SGD_PROTOCOL_PKCS11 2 /* PKCS#11 */ +#define SGD_PROTOCOL_SDS 3 /* SDF API */ +#define SGD_PROTOCOL_UKEY 4 /* SKF API */ +#define SGD_PROTOCOL_CNG 5 /* Microsoft CryptoAPI Next Gen */ +#define SGD_PROTOCOL_GCS 6 /* */ + +/* certificate validation */ +#define SGD_CRL_VERIFY 1 +#define SGD_OCSP_VEIFY 2 + +/* role */ +#define SGD_ROLE_SUPER_MANAGER 0x00000001 +#define SGD_ROLE_MANAGER 0x00000002 +#define SGD_ROLE_AUDIT_MANAGER 0x00000003 +#define SGD_ROLE_AUDITOR 0x00000004 +#define SGD_ROLE_OPERATOR 0x00000005 +#define SGD_ROLE_USER 0x00000006 + +/* user operations */ +#define SGD_OPERATION_SIGNIN 0x00000001 +#define SGD_OPERATION_SIGNOUT 0x00000002 +#define SGD_OPERATION_CREATE 0x00000003 +#define SGD_OPERATION_DELETE 0x00000004 +#define SGD_OPERATION_MODIFY 0x00000005 +#define SGD_OPERATION_CHG_PWD 0x00000006 +#define SGD_OPERATION_AUTHORIZATION 0x00000007 + +/* user operation results */ +#define SGD_OPERATION_SUCCESS 0x00000000 + +/* key types */ +#define SGD_MAIN_KEY 0x00000101 +#define SGD_DEVICE_KEYS 0x00000102 +#define SGD_USER_KEYS 0x00000103 +#define SGD_KEY 0x00000104 +#define SGD_SESSION_KEY 0x00000105 +#define SGD_PRIKEY_PASSWD 0x00000106 +#define SGD_COMPARTITION_KEY 0x00000107 + +/* key operations */ +#define SGD_KEY_GENERATION 0x00000101 +#define SGD_KEY_DISPENSE 0x00000102 +#define SGD_KEY_IMPORT 0x00000103 +#define SGD_KEY_EXPORT 0x00000104 +#define SGD_KEY_DIVISION 0x00000105 +#define SGD_KEY_COMPOSE 0x00000106 +#define SGD_KEY_RENEWAL 0x00000107 +#define SGD_KEY_BACKUP 0x00000108 +#define SGD_KEY_RESTORE 0x00000109 +#define SGD_KEY_DESTORY 0x0000010A + +/* system operations */ +#define SGD_SYSTEM_INIT 0x00000201 +#define SGD_SYSTEM_START 0x00000202 +#define SGD_SYSTEM_SHUT 0x00000203 +#define SGD_SYSTEM_RESTART 0x00000204 +#define SGD_SYSTEM_QUERY 0x00000205 +#define SGD_SYSTEM_BACKUP 0x00000206 +#define SGD_SYSTEM_RESTORE 0x00000207 + +/* device info */ +#define SGD_DEVICE_SORT 0x00000201 +#define SGD_DEVICE_TYPE 0x00000202 +#define SGD_DEVICE_NAME 0x00000203 +#define SGD_DEVICE_MANUFACTURER 0x00000204 +#define SGD_DEVICE_HARDWARE_VERSION 0x00000205 +#define SGD_DEVICE_SOFTWARE_VERSION 0x00000206 +#define SGD_DEVICE_STANDARD_VERSION 0x00000207 +#define SGD_DEVICE_SERIAL_NUMBER 0x00000208 +#define SGD_DEVICE_SUPPORT_SYMM_ALG 0x00000209 +#define SGD_DEVICE_SUPPORT_PKEY_ALG 0x0000020A +#define SGD_DEVICE_SUPPORT_HASH_ALG 0x0000020B +#define SGD_DEVICE_SUPPORT_STORAGE_SPACE 0x0000020C +#define SGD_DEVICE_SUPPORT_FREE_SPACE 0x0000020D +#define SGD_DEVICE_RUNTIME 0x0000020E +#define SGD_DEVICE_USED_TIMES 0x0000020F +#define SGD_DEVICE_LOCATION 0x00000210 +#define SGD_DEVICE_DESCRIPTION 0x00000211 +#define SGD_DEVICE_MANAGER_INFO 0x00000212 +#define SGD_DEVICE_MAX_DATA_SIZE 0x00000213 + +/* device types */ +#define SGD_DEVICE_SORT_SJ 0x02000000 /* Server */ +#define SGD_DEVICE_SORT_SK 0x03000000 /* PCI-E Card */ +#define SGD_DEVICE_SORT_SM 0x04000000 /* USB-Key and SmartCard */ + +/* device functionality */ +#define SGD_DEVICE_SORT_FE 0x00000100 /* encryption */ +#define SGD_DEVICE_SORT_FA 0x00000200 /* authentication */ +#define SGD_DEVICE_SORT_FM 0x00000300 /* key management */ + +/* device status */ +#define SGD_STATUS_INIT 0x00000201 +#define SGD_STATUS_READY 0x00000202 +#define SGD_STATUS_EXCEPTION 0x00000203 + +#endif diff --git a/test/build.info b/test/build.info index 55185ff9..05480751 100644 --- a/test/build.info +++ b/test/build.info @@ -18,7 +18,7 @@ IF[{- !$disabled{tests} -}] ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ sm3test sms4test kdf2test eciestest ffxtest sm2test \ - pailliertest cpktest otptest + pailliertest cpktest otptest gmapitest SOURCE[aborttest]=aborttest.c INCLUDE[aborttest]=../include @@ -321,6 +321,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[otptest]=../include DEPEND[otptest]=../libcrypto + SOURCE[gmapitest]=gmapitest.c + INCLUDE[gmapitest]=../include + DEPEND[gmapitest]=../libcrypto + IF[{- !$disabled{shared} -}] PROGRAMS_NO_INST=shlibloadtest SOURCE[shlibloadtest]=shlibloadtest.c diff --git a/test/gmapitest.c b/test/gmapitest.c new file mode 100644 index 00000000..3526dd61 --- /dev/null +++ b/test/gmapitest.c @@ -0,0 +1,291 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ +/* + * we need some testing data for signature and ciphertext + */ + +#include +#include +#include +#include "../e_os.h" + +#ifdef OPENSSL_NO_GMAPI +int main(int argc, char **argv) +{ + printf("NO GMAPI support\n"); + return 0; +} +#else +# include +# include + +static int test_sgd(int verbose) +{ + int usage[] = { + SGD_PK_SIGN, + SGD_PK_DH, + SGD_PK_ENC, + }; + int cipher[] = { + SGD_SM1_ECB, + SGD_SM1_CBC, + SGD_SM1_CFB, + SGD_SM1_OFB, + SGD_SSF33_ECB, + SGD_SSF33_CBC, + SGD_SSF33_CFB, + SGD_SSF33_OFB, + SGD_SM4_ECB, + SGD_SM4_CBC, + SGD_SM4_CFB, + SGD_SM4_OFB, + SGD_ZUC_EEA3, + }; + int md[] = { + SGD_SM3, + SGD_SHA1, + SGD_SHA256, + }; + int i; + + for (i = 0; i < OSSL_NELEM(usage); i++) { + if (!GMAPI_keyusage2str(usage[i])) { + return 0; + } + } + + for (i = 0; i < OSSL_NELEM(cipher); i++) { + if (GMAPI_sgd2ciphernid(cipher[i]) == NID_undef) { + return 0; + } + } + + for (i = 0; i < OSSL_NELEM(md); i++) { + if (GMAPI_sgd2mdnid(md[i]) == NID_undef) { + return 0; + } + } + + return 1; +} + +static int test_sdf_rsa(int verbose) +{ + int ret = 0; + unsigned char pkbuf[] = { + 0x01, 0x02, + }; + unsigned char skbuf[] = { + 0x01, 0x02, + }; + RSArefPublicKey *pkref = (RSArefPublicKey *)pkbuf; + RSArefPrivateKey *skref = (RSArefPrivateKey *)skbuf; + RSA *pk = NULL; + RSA *sk = NULL; + + if (!(pk = RSA_new_from_RSArefPublicKey(pkref)) + || !RSA_set_RSArefPublicKey(pk, pkref) + || !RSA_get_RSArefPublicKey(pk, pkref) + || !(sk = RSA_new_from_RSArefPrivateKey(skref)) + || !RSA_set_RSArefPrivateKey(sk, skref) + || !RSA_get_RSArefPrivateKey(sk, skref)) { + goto end; + } + + ret = 1; +end: + RSA_free(pk); + RSA_free(sk); + return ret; +} + +static int test_sdf_ec(int verbose) +{ + int ret = 0; + + unsigned char pkbuf[] = { + 0x01, 0x02, + }; + unsigned char skbuf[] = { + 0x01, 0x02, + }; + unsigned char cvbuf[] = { + 0x01, 0x02, + }; + unsigned char sigbuf[] = { + 0x01, 0x02, + }; + ECCrefPublicKey *pkref = (ECCrefPublicKey *)pkbuf; + ECCrefPrivateKey *skref = (ECCrefPrivateKey *)skbuf; + ECCCipher *cvref = (ECCCipher *)cvbuf; + ECCSignature *sigref = (ECCSignature *)sigbuf; + EC_KEY *pk = NULL; + EC_KEY *sk = NULL; + SM2_CIPHERTEXT_VALUE *cv = NULL; + ECDSA_SIG *sig = NULL; + + if (!(pk = EC_KEY_new_from_ECCrefPublicKey(pkref)) + || !EC_KEY_set_ECCrefPublicKey(pk, pkref) + || !EC_KEY_get_ECCrefPublicKey(pk, pkref) + || !(sk = EC_KEY_new_from_ECCrefPrivateKey(skref)) + || !EC_KEY_set_ECCrefPrivateKey(sk, skref) + || !EC_KEY_get_ECCrefPrivateKey(sk, skref) + || !(cv = SM2_CIPHERTEXT_VALUE_new_from_ECCCipher(cvref)) + || !SM2_CIPHERTEXT_VALUE_set_ECCCipher(cv, cvref) + || !SM2_CIPHERTEXT_VALUE_get_ECCCipher(cv, cvref) + || !(sig = ECDSA_SIG_new_from_ECCSignature(sigref)) + || !ECDSA_SIG_set_ECCSignature(sig, sigref) + || !ECDSA_SIG_get_ECCSignature(sig, sigref)) { + goto end; + } + + ret = 1; +end: + EC_KEY_free(pk); + EC_KEY_free(sk); + SM2_CIPHERTEXT_VALUE_free(cv); + ECDSA_SIG_free(sig); + return ret; +} + +static int test_skf_rsa(int verbose) +{ + int ret = 0; + unsigned char pkbuf[] = { + 0x01, 0x02, + }; + unsigned char skbuf[] = { + 0x01, 0x02, + }; + RSAPUBLICKEYBLOB *pkref = (RSAPUBLICKEYBLOB *)pkbuf; + RSArefPrivateKey *skref = (RSArefPrivateKey *)skbuf; + RSA *pk = NULL; + RSA *sk = NULL; + + if (!(pk = RSA_new_from_RSAPUBLICKEYBLOB(pkref)) + || !RSA_set_RSAPUBLICKEYBLOB(pk, pkref) + || !RSA_get_RSAPUBLICKEYBLOB(pk, pkref) + || !(sk = RSA_new_from_RSArefPrivateKey(skref)) + || !RSA_set_RSArefPrivateKey(sk, skref) + || !RSA_get_RSArefPrivateKey(sk, skref)) { + goto end; + } + + ret = 1; +end: + RSA_free(pk); + RSA_free(sk); + return ret; +} + +static int test_skf_ec(int verbose) +{ + int ret = 0; + + unsigned char pkbuf[] = { + 0x01, 0x02, + }; + unsigned char skbuf[] = { + 0x01, 0x02, + }; + unsigned char cvbuf[] = { + 0x01, 0x02, + }; + unsigned char sigbuf[] = { + 0x01, 0x02, + }; + ECCPUBLICKEYBLOB *pkref = (ECCPUBLICKEYBLOB *)pkbuf; + ECCPRIVATEKEYBLOB *skref = (ECCPRIVATEKEYBLOB *)skbuf; + ECCCIPHERBLOB *cvref = (ECCCIPHERBLOB *)cvbuf; + ECCSIGNATUREBLOB *sigref = (ECCSIGNATUREBLOB *)sigbuf; + EC_KEY *pk = NULL; + EC_KEY *sk = NULL; + SM2_CIPHERTEXT_VALUE *cv = NULL; + ECDSA_SIG *sig = NULL; + + if (!(pk = EC_KEY_new_from_ECCPUBLICKEYBLOB(pkref)) + || !EC_KEY_set_ECCPUBLICKEYBLOB(pk, pkref) + || !EC_KEY_get_ECCPUBLICKEYBLOB(pk, pkref) + || !(sk = EC_KEY_new_from_ECCPRIVATEKEYBLOB(skref)) + || !EC_KEY_set_ECCPRIVATEKEYBLOB(sk, skref) + || !EC_KEY_get_ECCPRIVATEKEYBLOB(sk, skref) + || !(cv = SM2_CIPHERTEXT_VALUE_new_from_ECCCIPHERBLOB(cvref)) + || !SM2_CIPHERTEXT_VALUE_set_ECCCIPHERBLOB(cv, cvref) + || !SM2_CIPHERTEXT_VALUE_get_ECCCIPHERBLOB(cv, cvref) + || !(sig = ECDSA_SIG_new_from_ECCSIGNATUREBLOB(sigref)) + || !ECDSA_SIG_set_ECCSIGNATUREBLOB(sig, sigref) + || !ECDSA_SIG_get_ECCSIGNATUREBLOB(sig, sigref)) { + goto end; + } + + ret = 1; +end: + EC_KEY_free(pk); + EC_KEY_free(sk); + SM2_CIPHERTEXT_VALUE_free(cv); + ECDSA_SIG_free(sig); + return ret; +} + +int main(int argc, char **argv) +{ + int verbose = 1; + if (!test_sgd(verbose) + || !test_sdf_ec(verbose) + || !test_sdf_rsa(verbose) + || !test_skf_ec(verbose) + || !test_skf_rsa(verbose)) { + printf("test failed\n"); + return 1; + } else { + printf("test ok\n"); + return 0; + } +} +#endif diff --git a/test/recipes/30-test_gmapi.t b/test/recipes/30-test_gmapi.t new file mode 100644 index 00000000..cca0bf89 --- /dev/null +++ b/test/recipes/30-test_gmapi.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_gmapi", "gmapitest", "gmapi"); diff --git a/util/mkdef.pl b/util/mkdef.pl index 11539333..1c372c1a 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -132,7 +132,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMAC", # APPLINK (win build feature?) "APPLINK", - "SM3", "SMS4", "KDF2", "ECIES", "FFX", "PAILLIER", "CPK", "OTP" + "SM3", "SMS4", "KDF2", "ECIES", "FFX", "PAILLIER", "CPK", "OTP", "GMAPI" ); my %disabled_algorithms;