abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-14 12:26:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove CPK module

Browse Source
This commit is contained in:
Zhi Guan
2019-06-13 18:22:44 +08:00
parent bdd3d75e89
commit c0984b6436
18 changed files with 4 additions and 1734 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Configure
View File

@@ -313,7 +313,7 @@ $config{sdirs} = [
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf",
"sm3", "base58", "sms4", "zuc", "serpent", "speck", "kdf2", "ffx", "otp",
"ecies", "sm2", "cpk", "paillier", "ec2", "sm9", "bfibe", "bb1ibe",
"ecies", "sm2", "paillier", "ec2", "sm9", "bfibe", "bb1ibe",
"gmapi", "skf", "sdf", "saf", "sof"
];
@@ -418,7 +418,6 @@ my @disablables = (
"ffx",
"sm2",
"paillier",
"cpk",
"otp",
"gmapi",
"ec2",
@@ -481,7 +480,6 @@ our %disabled = ( # "what" => "comment"
"skfeng" => "default",
"sdfeng" => "default",
"gmieng" => "default",
"cpk" => "default",
"speck" => "default",
);
@@ -507,7 +505,7 @@ my @disable_cascades = (
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"md5" => [ "ssl", "tls1", "tls1_1", "dtls1", "engine" ],
# current pkcs12 rfc only define sha1/des bag
"sha" => [ "ssl", "tls1", "tls1_1", "dtls1", "engine", "rsa", "dh", "dsa", "ocsp", "ct", "srp", "ts", "ec2", "cpk" ],
"sha" => [ "ssl", "tls1", "tls1_1", "dtls1", "engine", "rsa", "dh", "dsa", "ocsp", "ct", "srp", "ts", "ec2"],
"aes" => [ "engine" ],
"ec2" => [ "sm9", "bfibe", "bb1ibe" ],

2
apps/progs.h
View File

@@ -158,9 +158,7 @@ static FUNCTION functions[] = {
#ifndef OPENSSL_NO_CMS
{ FT_general, "cms", cms_main, cms_options },
#endif
#ifndef OPENSSL_NO_CPK
{ FT_general, "cpk", cpk_main, cpk_options },
#endif
{ FT_general, "crl", crl_main, crl_options },
{ FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options },
{ FT_general, "dgst", dgst_main, dgst_options },

2
crypto/cpk/build.info
View File

@@ -1,2 +0,0 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]=cpk_asn1.c cpk_err.c cpk_lib.c cpk_map.c cpk_prn.c

94
crypto/cpk/cpk_asn1.c
View File

@@ -1,94 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/cpk.h>
#include "cpk_lcl.h"
ASN1_SEQUENCE(CPK_MASTER_SECRET) = {
ASN1_SIMPLE(CPK_MASTER_SECRET, version, LONG),
ASN1_SIMPLE(CPK_MASTER_SECRET, id, X509_NAME),
ASN1_SIMPLE(CPK_MASTER_SECRET, pkey_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_MASTER_SECRET, map_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_MASTER_SECRET, secret_factors, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CPK_MASTER_SECRET)
IMPLEMENT_ASN1_FUNCTIONS(CPK_MASTER_SECRET)
IMPLEMENT_ASN1_DUP_FUNCTION(CPK_MASTER_SECRET)
ASN1_SEQUENCE(CPK_PUBLIC_PARAMS) = {
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, version, LONG),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, id, X509_NAME),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, pkey_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, map_algor, X509_ALGOR),
ASN1_SIMPLE(CPK_PUBLIC_PARAMS, public_factors, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CPK_PUBLIC_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(CPK_PUBLIC_PARAMS)
IMPLEMENT_ASN1_DUP_FUNCTION(CPK_PUBLIC_PARAMS)
CPK_MASTER_SECRET *d2i_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET **master)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CPK_MASTER_SECRET), bp, master);
}
int i2d_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET *master)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_MASTER_SECRET), bp, master);
}
CPK_PUBLIC_PARAMS *d2i_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS **params)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params);
}
int i2d_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS *params)
{
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CPK_PUBLIC_PARAMS), bp, params);
}

77
crypto/cpk/cpk_err.c
View File

@@ -1,77 +0,0 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/cpk.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CPK,func,0)
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CPK,0,reason)
static ERR_STRING_DATA CPK_str_functs[] = {
{ERR_FUNC(CPK_F_CPK_MAP_GET_MD), "CPK_MAP_get_md"},
{ERR_FUNC(CPK_F_CPK_MAP_IS_VALID), "CPK_MAP_is_valid"},
{ERR_FUNC(CPK_F_CPK_MAP_NEW), "CPK_MAP_new"},
{ERR_FUNC(CPK_F_CPK_MAP_NEW_DEFAULT), "CPK_MAP_new_default"},
{ERR_FUNC(CPK_F_CPK_MAP_NUM_FACTORS), "CPK_MAP_num_factors"},
{ERR_FUNC(CPK_F_CPK_MAP_NUM_INDEXES), "CPK_MAP_num_indexes"},
{ERR_FUNC(CPK_F_CPK_MAP_NUM_SUBSET), "CPK_MAP_num_subset"},
{ERR_FUNC(CPK_F_CPK_MAP_STR2INDEX), "CPK_MAP_str2index"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_CREATE), "CPK_MASTER_SECRET_create"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY),
"CPK_MASTER_SECRET_extract_private_key"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS),
"CPK_MASTER_SECRET_extract_public_params"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_PRINT), "CPK_MASTER_SECRET_print"},
{ERR_FUNC(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS),
"CPK_MASTER_SECRET_validate_public_params"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY),
"CPK_PUBLIC_PARAMS_compute_share_key"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY),
"CPK_PUBLIC_PARAMS_extract_public_key"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_PRINT), "CPK_PUBLIC_PARAMS_print"},
{ERR_FUNC(CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY),
"CPK_PUBLIC_PARAMS_validate_private_key"},
{ERR_FUNC(CPK_F_EXTRACT_EC_PARAMS), "extract_ec_params"},
{ERR_FUNC(CPK_F_EXTRACT_EC_PRIV_KEY), "extract_ec_priv_key"},
{ERR_FUNC(CPK_F_EXTRACT_EC_PUB_KEY), "extract_ec_pub_key"},
{ERR_FUNC(CPK_F_X509_ALGOR_GET1_EC_KEY), "X509_ALGOR_get1_EC_KEY"},
{0, NULL}
};
static ERR_STRING_DATA CPK_str_reasons[] = {
{ERR_REASON(CPK_R_BAD_ARGUMENT), "bad argument"},
{ERR_REASON(CPK_R_BAD_ARGUMENTS), "bad arguments"},
{ERR_REASON(CPK_R_BAD_DATA), "bad data"},
{ERR_REASON(CPK_R_INVALID_ALGORITHM), "invalid algorithm"},
{ERR_REASON(CPK_R_INVALID_ARGUMENT), "invalid argument"},
{ERR_REASON(CPK_R_INVALID_CURVE), "invalid curve"},
{ERR_REASON(CPK_R_INVALID_ID_LENGTH), "invalid id length"},
{ERR_REASON(CPK_R_INVALID_MAP_ALGOR), "invalid map algor"},
{ERR_REASON(CPK_R_INVALID_PKEY_TYPE), "invalid pkey type"},
{0, NULL}
};
#endif
int ERR_load_CPK_strings(void)
{
#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(CPK_str_functs[0].error) == NULL) {
ERR_load_strings(0, CPK_str_functs);
ERR_load_strings(0, CPK_str_reasons);
}
#endif
return 1;
}

79
crypto/cpk/cpk_lcl.h
View File

@@ -1,79 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/ossl_typ.h>
#define CPK_VERSION 2
struct cpk_master_secret_st {
long version;
X509_NAME *id;
X509_ALGOR *pkey_algor;
X509_ALGOR *map_algor;
ASN1_OCTET_STRING *secret_factors;
};
struct cpk_public_params_st {
long version;
X509_NAME *id;
X509_ALGOR *pkey_algor;
X509_ALGOR *map_algor;
ASN1_OCTET_STRING *public_factors;
};
X509_ALGOR *CPK_MAP_new(int type);
X509_ALGOR * CPK_MAP_new_default(void);
int CPK_MAP_is_valid(const X509_ALGOR *algor);
int CPK_MAP_num_factors(const X509_ALGOR *algor);
int CPK_MAP_num_indexes(const X509_ALGOR *algor);
int CPK_MAP_str2index(const X509_ALGOR *algor, const char *str, int *index);

738
crypto/cpk/cpk_lib.c
View File

@@ -1,738 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2018 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
*/
#include <string.h>
#include <assert.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/rand.h>
#include <openssl/ecdsa.h>
#include <openssl/objects.h>
#include <openssl/cpk.h>
#include "../x509/x509_lcl.h"
#include "cpk_lcl.h"
static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor);
static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param);
static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id);
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id);
CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, int curve, int map)
{
CPK_MASTER_SECRET *ret = NULL;
CPK_MASTER_SECRET *master = NULL;
EC_KEY *ec_key = NULL;
EVP_PKEY *pkey = NULL;
X509_PUBKEY *pubkey = NULL;
const BIGNUM *order;
int order_bytes;
int num_factors;
unsigned char *secret_buf = NULL;
size_t secret_len;
unsigned char *p;
BIGNUM *bn = NULL;
int i;
/* check domain_id */
if (!(master = CPK_MASTER_SECRET_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto end;
}
/* set version */
master->version = CPK_VERSION;
/* set domain_id */
if (!domain_id) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_PASSED_NULL_PARAMETER);
goto end;
}
if (strlen(domain_id) <= 0 || strlen(domain_id) > CPK_MAX_ID_LENGTH) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_ID_LENGTH);
goto end;
}
if (!X509_NAME_add_entry_by_NID(master->id, NID_organizationName,
MBSTRING_UTF8, (unsigned char *)domain_id, -1, -1, 0)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
goto end;
}
/* set pkey algor */
if (!(ec_key = EC_KEY_new_by_curve_name(curve))) {
//CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_CURVE);
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
goto end;
}
if (!(pkey = EVP_PKEY_new())
|| !EVP_PKEY_set1_EC_KEY(pkey, ec_key)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_EVP_LIB);
goto end;
}
if (!(pubkey = X509_PUBKEY_new())
|| !X509_PUBKEY_set(&pubkey, pkey)
|| !X509_PUBKEY_get0_param(NULL, NULL, NULL, &master->pkey_algor, pubkey)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB);
goto end;
}
/* get order and order_bytes */
if (!(order = EC_GROUP_get0_order(EC_KEY_get0_group(ec_key)))
|| !(order_bytes = BN_num_bytes(order))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
goto end;
}
/* set map algor */
X509_ALGOR_free(master->map_algor);
if (!(master->map_algor = CPK_MAP_new(map))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_CPK_LIB);
goto end;
}
/* get num_factors */
if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_MAP_ALGOR);
goto end;
}
/* set random secret_factors */
secret_len = order_bytes * num_factors;
if (!(secret_buf = OPENSSL_zalloc(secret_len))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto end;
}
p = secret_buf;
if (!(bn = BN_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE);
goto end;
}
for (i = 0; i < num_factors; i++) {
do {
if (!BN_rand_range(bn, order)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE,
ERR_R_BN_LIB);
goto end;
}
} while (BN_is_zero(bn));
if (!BN_bn2bin(bn, p + order_bytes - BN_num_bytes(bn))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_BN_LIB);
goto end;
}
p += order_bytes;
}
if (!ASN1_STRING_set(master->secret_factors, secret_buf, secret_len)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_ASN1_LIB);
goto end;
}
ret = master;
master = NULL;
end:
CPK_MASTER_SECRET_free(master);
EC_KEY_free(ec_key);
EVP_PKEY_free(pkey);
X509_PUBKEY_free(pubkey);
OPENSSL_clear_free(secret_buf, secret_len);
BN_free(bn);
return ret;
}
CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master)
{
CPK_PUBLIC_PARAMS *ret = NULL;
CPK_PUBLIC_PARAMS *param = NULL;
int pkey_type;
OPENSSL_assert(master->pkey_algor->algorithm);
pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm);
if (!(param = CPK_PUBLIC_PARAMS_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
param->version = master->version;
X509_NAME_free(param->id);
if (!(param->id = X509_NAME_dup(master->id))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
X509_ALGOR_free(param->pkey_algor);
if (!(param->pkey_algor = X509_ALGOR_dup(master->pkey_algor))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
X509_ALGOR_free(param->map_algor);
if (!(param->map_algor = X509_ALGOR_dup(master->map_algor))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_MALLOC_FAILURE);
goto err;
}
switch (pkey_type) {
case EVP_PKEY_EC:
if (!extract_ec_params(master, param)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS,
ERR_R_CPK_LIB);
goto err;
}
break;
default:
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, CPK_R_INVALID_PKEY_TYPE);
goto err;
}
ret = param;
param = NULL;
err:
CPK_PUBLIC_PARAMS_free(param);
return ret;
}
EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(
CPK_MASTER_SECRET *master, const char *id)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
int pkey_type;
if (!(pkey = EVP_PKEY_new())) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_MALLOC_FAILURE);
goto err;
}
pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm);
if (pkey_type == EVP_PKEY_EC) {
EC_KEY *ec_key;
if (!(ec_key = extract_ec_priv_key(master, id))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_CPK_LIB);
goto err;
}
if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
ERR_R_EVP_LIB);
goto err;
}
} else {
CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY,
CPK_R_INVALID_PKEY_TYPE);
goto err;
}
ret = pkey;
pkey = NULL;
err:
EVP_PKEY_free(pkey);
return ret;
}
EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *param,
const char *id)
{
EVP_PKEY *ret = NULL;
EVP_PKEY *pkey = NULL;
int pkey_type;
if (!(pkey = EVP_PKEY_new())) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_MALLOC_FAILURE);
goto err;
}
pkey_type = OBJ_obj2nid(param->pkey_algor->algorithm);
if (pkey_type == EVP_PKEY_EC) {
EC_KEY *ec_key = NULL;
if (!(ec_key = extract_ec_pub_key(param, id))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_CPK_LIB);
goto err;
}
if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
ERR_R_EVP_LIB);
goto err;
}
} else {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY,
CPK_R_INVALID_PKEY_TYPE);
goto err;
}
ret = pkey;
pkey = NULL;
err:
EVP_PKEY_free(pkey);
return ret;
}
char *CPK_MASTER_SECRET_get_name(CPK_MASTER_SECRET *master, char *buf, int size)
{
return X509_NAME_oneline(master->id, buf, size);
}
char *CPK_PUBLIC_PARAMS_get_name(CPK_PUBLIC_PARAMS *params, char *buf, int size)
{
return X509_NAME_oneline(params->id, buf, size);
}
int CPK_MASTER_SECRET_validate_public_params(CPK_MASTER_SECRET *master,
CPK_PUBLIC_PARAMS *params)
{
int ret = 0;
CPK_PUBLIC_PARAMS *tmp = NULL;
if (!(tmp = CPK_MASTER_SECRET_extract_public_params(master))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (tmp->version != params->version) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (X509_NAME_cmp(tmp->id, params->id)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
/*
* two ASN_OBJECT * with different address may have same NID
* thus we can not check with:
* tmp->pkey_algor->algorithm != params->pkey_algor->algorithm
*/
if (OBJ_obj2nid(tmp->pkey_algor->algorithm) !=
OBJ_obj2nid(params->pkey_algor->algorithm)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
// FIXME: pkey_algor->parameters
if (OBJ_obj2nid(tmp->map_algor->algorithm) !=
OBJ_obj2nid(params->map_algor->algorithm)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (ASN1_STRING_cmp(tmp->public_factors, params->public_factors)) {
CPKerr(CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
ret = 1;
err:
CPK_PUBLIC_PARAMS_free(tmp);
return ret;
}
int CPK_PUBLIC_PARAMS_validate_private_key(CPK_PUBLIC_PARAMS *params,
const char *id, const EVP_PKEY *priv_key)
{
int ret = -3;
EVP_PKEY *pub_key = NULL;
if (!(pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY,
ERR_R_EVP_LIB);
goto err;
}
ret = EVP_PKEY_cmp(pub_key, priv_key);
err:
EVP_PKEY_free(pub_key);
return ret;
}
static EC_KEY *X509_ALGOR_get1_EC_KEY(X509_ALGOR *algor)
{
EC_KEY *ec_key = NULL;
int ptype;
const void *pval;
const unsigned char *p;
X509_ALGOR_get0(NULL, &ptype, &pval, algor);
if (ptype == V_ASN1_SEQUENCE) {
ASN1_OCTET_STRING *pstr = (ASN1_OCTET_STRING *)pval;
p = pstr->data;
if (!(ec_key = d2i_ECParameters(NULL, &p, pstr->length))) {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
} else if (ptype == V_ASN1_OBJECT) {
ASN1_OBJECT *poid = (ASN1_OBJECT *)pval;
EC_GROUP *group;
if (!(ec_key = EC_KEY_new())) {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!(group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)))) {
EC_KEY_free(ec_key);
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (!EC_KEY_set_group(ec_key, group)) {
EC_GROUP_free(group);
EC_KEY_free(ec_key);
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, ERR_R_EC_LIB);
return NULL;
}
EC_GROUP_free(group);
} else {
CPKerr(CPK_F_X509_ALGOR_GET1_EC_KEY, CPK_R_BAD_DATA);
return NULL;
}
return ec_key;
}
static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param)
{
int ret = 0;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
BIGNUM *bn = BN_new();
BIGNUM *order = BN_new();
BN_CTX *ctx = BN_CTX_new();
EC_POINT *pt = NULL;
int i, bn_size, pt_size, num_factors;
const unsigned char *bn_ptr;
unsigned char *pt_ptr;
if (!bn || !order || !ctx) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(EC_GROUP_get_order(ec_group, order, ctx))) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
bn_size = BN_num_bytes(order);
pt_size = bn_size + 1;
if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (ASN1_STRING_length(master->secret_factors) != bn_size * num_factors) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (!ASN1_STRING_set(param->public_factors, NULL, pt_size * num_factors)) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
bn_ptr = ASN1_STRING_get0_data(master->secret_factors);
pt_ptr = ASN1_STRING_get0_data(param->public_factors);
memset(pt_ptr, 0, ASN1_STRING_length(param->public_factors));
if (!(pt = EC_POINT_new(ec_group))) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
for (i = 0; i < num_factors; i++) {
if (!BN_bin2bn(bn_ptr, bn_size, bn)) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_mul(ec_group, pt, bn, NULL, NULL, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_point2oct(ec_group, pt,
POINT_CONVERSION_COMPRESSED, pt_ptr, pt_size, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PARAMS, ERR_R_CPK_LIB);
goto err;
}
bn_ptr += bn_size;
pt_ptr += pt_size;
}
ret = 1;
err:
EC_KEY_free(ec_key);
BN_free(bn);
BN_free(order);
BN_CTX_free(ctx);
EC_POINT_free(pt);
return ret;
}
static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id)
{
EC_KEY *ret = NULL;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
EC_POINT *pub_key = NULL;
BIGNUM *priv_key = BN_new();
BIGNUM *order = BN_new();
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
int *index = NULL;
int i, num_indexes, bn_size;
if (!priv_key || !bn || !order || !ctx) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(pub_key = EC_POINT_new(ec_group))) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!CPK_MAP_str2index(master->map_algor, id, index)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
BN_zero(priv_key);
if (!(EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, ctx))) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
bn_size = BN_num_bytes(order);
for (i = 0; i < num_indexes; i++) {
const unsigned char *p =
ASN1_STRING_get0_data(master->secret_factors) +
bn_size * index[i];
if (!BN_bin2bn(p, bn_size, bn)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!BN_mod_add(priv_key, priv_key, bn, order, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
}
if (!EC_KEY_set_private_key(ec_key, priv_key)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_mul(ec_group, pub_key, priv_key, NULL, NULL, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_KEY_set_public_key(ec_key, pub_key)) {
CPKerr(CPK_F_EXTRACT_EC_PRIV_KEY, ERR_R_CPK_LIB);
goto err;
}
ret = ec_key;
ec_key = NULL;
err:
EC_KEY_free(ec_key);
BN_free(priv_key);
EC_POINT_free(pub_key);
BN_free(order);
BN_free(bn);
BN_CTX_free(ctx);
OPENSSL_free(index);
return ret;
}
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id)
{
EC_KEY *ret = NULL;
EC_KEY *ec_key = NULL;
const EC_GROUP *ec_group;
EC_POINT *pub_key = NULL;
EC_POINT *pt = NULL;
BIGNUM *order = BN_new();
BIGNUM *bn = BN_new();
BN_CTX *ctx = BN_CTX_new();
int *index = NULL;
int i, bn_size, pt_size, num_indexes, num_factors;
if (!(ec_key = X509_ALGOR_get1_EC_KEY(param->pkey_algor))) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
ec_group = EC_KEY_get0_group(ec_key);
if (!(pub_key = EC_POINT_new(ec_group))) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!(pt = EC_POINT_new(ec_group))) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_GROUP_get_order(ec_group, order, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
bn_size = BN_num_bytes(order);
pt_size = bn_size + 1;
if ((num_factors = CPK_MAP_num_factors(param->map_algor)) <= 0) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (ASN1_STRING_length(param->public_factors) != pt_size * num_factors) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!CPK_MAP_str2index(param->map_algor, id, index)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_set_to_infinity(ec_group, pub_key)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
for (i = 0; i < num_indexes; i++) {
const unsigned char *p =
ASN1_STRING_get0_data(param->public_factors) +
pt_size * index[i];
if (!EC_POINT_oct2point(ec_group, pt, p, pt_size, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
if (!EC_POINT_add(ec_group, pub_key, pub_key, pt, ctx)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
}
if (!EC_KEY_set_public_key(ec_key, pub_key)) {
CPKerr(CPK_F_EXTRACT_EC_PUB_KEY, ERR_R_CPK_LIB);
goto err;
}
ret = ec_key;
ec_key = NULL;
err:
EC_KEY_free(ec_key);
EC_POINT_free(pub_key);
BN_free(order);
BN_free(bn);
BN_CTX_free(ctx);
OPENSSL_free(index);
return ret;
}

219
crypto/cpk/cpk_map.c
View File

@@ -1,219 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/cpk.h>
#include "cpk_lcl.h"
#include "../../e_os.h"
/* Currently we only support fixed 32 indexes
* this means EC_POINT_add() called 32 times */
#define CPK_NUM_INDEXES 32
typedef struct {
int map_nid;
int md_nid;
} CPK_MAP_TABLE;
static CPK_MAP_TABLE map_table[] = {
{NID_cpk_map_sm3, NID_sm3},
{NID_cpk_map_sha1, NID_sha1},
{NID_cpk_map_sha256, NID_sha256},
{NID_cpk_map_sha384, NID_sha384},
{NID_cpk_map_sha512, NID_sha512}
};
static const EVP_MD *cpk_map2md(int type)
{
int i;
for (i = 0; i < OSSL_NELEM(map_table); i++) {
if (map_table[i].map_nid == type) {
return EVP_get_digestbynid(map_table[i].md_nid);
}
}
return NULL;
}
static const EVP_MD *CPK_MAP_get_md(const X509_ALGOR *algor)
{
const EVP_MD *md;
if (!algor->algorithm) {
CPKerr(CPK_F_CPK_MAP_GET_MD, CPK_R_INVALID_ARGUMENT);
return NULL;
}
if (!(md = cpk_map2md(OBJ_obj2nid(algor->algorithm)))) {
CPKerr(CPK_F_CPK_MAP_GET_MD, ERR_R_CPK_LIB);
return NULL;
}
return md;
}
X509_ALGOR *CPK_MAP_new(int type)
{
X509_ALGOR *ret = NULL;
X509_ALGOR *algor = NULL;
if (!cpk_map2md(type)) {
CPKerr(CPK_F_CPK_MAP_NEW, CPK_R_INVALID_MAP_ALGOR);
return NULL;
}
if (!(algor = X509_ALGOR_new())) {
CPKerr(CPK_F_CPK_MAP_NEW, ERR_R_X509_LIB);
goto end;
}
if (!X509_ALGOR_set0(algor, OBJ_nid2obj(type), V_ASN1_UNDEF, NULL)) {
CPKerr(CPK_F_CPK_MAP_NEW, ERR_R_X509_LIB);
goto end;
}
ret = algor;
algor = NULL;
end:
X509_ALGOR_free(algor);
return ret;
}
X509_ALGOR *CPK_MAP_new_default(void)
{
return CPK_MAP_new(NID_cpk_map_sha1);
}
int CPK_MAP_is_valid(const X509_ALGOR *algor)
{
return CPK_MAP_get_md(algor) != NULL;
}
int CPK_MAP_num_indexes(const X509_ALGOR *algor)
{
if (!CPK_MAP_is_valid(algor)) {
CPKerr(CPK_F_CPK_MAP_NUM_INDEXES, CPK_R_INVALID_MAP_ALGOR);
return 0;
}
/* current only use fixed num_indexes */
return CPK_NUM_INDEXES;
}
int CPK_MAP_num_subset(const X509_ALGOR *algor)
{
const EVP_MD *md;
if (!(md = CPK_MAP_get_md(algor))) {
CPKerr(CPK_F_CPK_MAP_NUM_SUBSET, ERR_R_CPK_LIB);
return 0;
}
return 1 << ((EVP_MD_size(md) * 8) / CPK_MAP_num_indexes(algor));
}
int CPK_MAP_num_factors(const X509_ALGOR *algor)
{
int num_indexes;
int num_subset;
if (!(num_indexes = CPK_MAP_num_indexes(algor))) {
CPKerr(CPK_F_CPK_MAP_NUM_FACTORS, ERR_R_CPK_LIB);
return 0;
}
if (!(num_subset = CPK_MAP_num_subset(algor))) {
CPKerr(CPK_F_CPK_MAP_NUM_FACTORS, ERR_R_CPK_LIB);
return 0;
}
return num_indexes * num_subset;
}
int CPK_MAP_str2index(const X509_ALGOR *algor, const char *str, int *index)
{
int ret = 0;
const EVP_MD *md;
unsigned char dgst[EVP_MAX_MD_SIZE];
unsigned int dgstlen;
BIGNUM *bn = NULL;
int i;
int num_indexes, num_subset;
OPENSSL_assert(algor);
OPENSSL_assert(algor->algorithm);
OPENSSL_assert(str);
OPENSSL_assert(strlen(str) > 0);
if (!(md = CPK_MAP_get_md(algor))
|| !(num_indexes = CPK_MAP_num_indexes(algor))
|| !(num_subset = CPK_MAP_num_subset(algor))) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, CPK_R_INVALID_MAP_ALGOR);
return 0;
}
if (!index) {
return CPK_MAP_num_indexes(algor);
}
if (!EVP_Digest(str, strlen(str), dgst, &dgstlen, md, NULL)) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_EVP_LIB);
return 0;
}
if (!(bn = BN_new())) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!BN_bin2bn(dgst, dgstlen, bn)) {
CPKerr(CPK_F_CPK_MAP_STR2INDEX, ERR_R_BN_LIB);
goto end;
}
for (i = 0; i < num_indexes; i++) {
int r = BN_mod_word(bn, num_subset);
BN_div_word(bn, num_subset);
index[i] = num_subset * i + r;
}
ret = num_indexes;
end:
BN_free(bn);
return ret;
}

144
crypto/cpk/cpk_prn.c
View File

@@ -1,144 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <string.h>
#include <openssl/bio.h>
#include <openssl/cpk.h>
#include <openssl/objects.h>
#include "cpk_lcl.h"
int CPK_MASTER_SECRET_print(BIO *out, CPK_MASTER_SECRET *master,
int indent, unsigned long flags)
{
char name[1024] = {0};
int num_factors;
const unsigned char *p;
int i, len;
if (!X509_NAME_oneline(master->id, name, sizeof(name))) {
CPKerr(CPK_F_CPK_MASTER_SECRET_PRINT, ERR_R_CPK_LIB);
return 0;
}
BIO_printf(out, "CPK_MASTER_SECRET\n");
BIO_printf(out, " Version : %ld\n", master->version);
BIO_printf(out, " Domain-ID : %s\n", name);
BIO_printf(out, " Public-Key-Algor : %s\n", OBJ_nid2sn(OBJ_obj2nid(master->pkey_algor->algorithm)));
BIO_printf(out, " Map-Algor : %s\n", OBJ_nid2sn(OBJ_obj2nid(master->map_algor->algorithm)));
BIO_printf(out, " Secret-Factors :\n");
if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) {
fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
return 0;
}
p = ASN1_STRING_get0_data(master->secret_factors);
len = ASN1_STRING_length(master->secret_factors)/num_factors;
if (ASN1_STRING_length(master->secret_factors) % num_factors) {
CPKerr(CPK_F_CPK_MASTER_SECRET_PRINT, ERR_R_CPK_LIB);
return 0;
}
for (i = 0; i < num_factors; i++) {
int j;
printf(" %-8d ", i);
for (j = 0; j < len; j++) {
BIO_printf(out, "%02X", p[j]);
}
printf("\n");
p += len;
}
return 1;
}
int CPK_PUBLIC_PARAMS_print(BIO *out, CPK_PUBLIC_PARAMS *params,
int indent, unsigned long flags)
{
char name[1024] = {0};
int num_factors;
const unsigned char *p;
int len, i;
if (!X509_NAME_oneline(params->id, name, sizeof(name))) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_PRINT, ERR_R_CPK_LIB);
return 0;
}
BIO_printf(out, "CPK_PUBLIC_PARAMS\n");
BIO_printf(out, " Version : %ld\n", params->version);
BIO_printf(out, " Domain-ID : %s\n", name);
BIO_printf(out, " Public-Key-Algor : %s\n", OBJ_nid2sn(OBJ_obj2nid(params->pkey_algor->algorithm)));
BIO_printf(out, " Map-Algor : %s\n", OBJ_nid2sn(OBJ_obj2nid(params->map_algor->algorithm)));
BIO_printf(out, " Secret-Factors :\n");
if ((num_factors = CPK_MAP_num_factors(params->map_algor)) <= 0) {
fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
return 0;
}
p = ASN1_STRING_get0_data(params->public_factors);
len = ASN1_STRING_length(params->public_factors)/num_factors;
if (ASN1_STRING_length(params->public_factors) % num_factors) {
CPKerr(CPK_F_CPK_PUBLIC_PARAMS_PRINT, ERR_R_CPK_LIB);
return 0;
}
for (i = 0; i < num_factors; i++) {
int j;
printf(" %-8d ", i);
for (j = 0; j < len; j++) {
BIO_printf(out, "%02X", p[j]);
}
printf("\n");
p += len;
}
return 1;
}

2
crypto/err/err.c
View File

@@ -62,7 +62,6 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
{ERR_PACK(ERR_LIB_KDF2, 0, 0), "KDF2 routines"},
{ERR_PACK(ERR_LIB_FFX, 0, 0), "FFX routines"},
{ERR_PACK(ERR_LIB_PAILLIER, 0, 0), "PAILLIER routines"},
{ERR_PACK(ERR_LIB_CPK, 0, 0), "CPK routines"},
{ERR_PACK(ERR_LIB_OTP, 0, 0), "OTP routines"},
{ERR_PACK(ERR_LIB_GMAPI, 0, 0), "GMAPI routines"},
{ERR_PACK(ERR_LIB_BFIBE, 0, 0), "BFIBE routines"},
@@ -119,7 +118,6 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
{ERR_R_KDF2_LIB, "KDF2 lib"},
{ERR_R_FFX_LIB, "FFX lib"},
{ERR_R_PAILLIER_LIB, "PAILLIER lib"},
{ERR_R_CPK_LIB, "CPK lib"},
{ERR_R_OTP_LIB, "OTP lib"},
{ERR_R_GMAPI_LIB, "GMAPI lib"},
{ERR_R_BFIBE_LIB, "BFIBE lib"},

6
crypto/err/err_all.c
View File

@@ -72,9 +72,6 @@
#ifndef OPENSSL_NO_PAILLIER
# include <openssl/paillier.h>
#endif
#ifndef OPENSSL_NO_CPK
# include <openssl/cpk.h>
#endif
#ifndef OPENSSL_NO_OTP
# include <openssl/otp.h>
#endif
@@ -176,9 +173,6 @@ int err_load_crypto_strings_int(void)
# ifndef OPENSSL_NO_PAILLIER
ERR_load_PAILLIER_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_CPK
ERR_load_CPK_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_OTP
ERR_load_OTP_strings() == 0 ||
# endif

1
crypto/err/openssl.ec
View File

@@ -38,7 +38,6 @@ L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c
L KDF2 include/openssl/kdf2.h crypto/kdf2/kdf2_err.c
L FFX include/openssl/ffx.h crypto/ffx/ffx_err.c
L PAILLIER include/openssl/paillier.h crypto/paillier/pai_err.c
L CPK include/openssl/cpk.h crypto/cpk/cpk_err.c
L OTP include/openssl/otp.h crypto/otp/otp_err.c
L GMAPI include/openssl/gmapi.h crypto/gmapi/gmapi_err.c
L BFIBE include/openssl/bfibe.h crypto/bfibe/bfibe_err.c

151
include/openssl/cpk.h
View File

@@ -1,151 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
/*
* CPK (Combined Public Key) is an identity-based cryptographic scheme
* with bound security.
*/
#ifndef HEADER_CPK_H
#define HEADER_CPK_H
#include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_CPK
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/ossl_typ.h>
#include <openssl/ecies.h>
#ifdef __cplusplus
extern "C" {
#endif
#define CPK_MAX_ID_LENGTH 64
typedef struct cpk_master_secret_st CPK_MASTER_SECRET;
DECLARE_ASN1_FUNCTIONS(CPK_MASTER_SECRET)
typedef struct cpk_public_params_st CPK_PUBLIC_PARAMS;
DECLARE_ASN1_FUNCTIONS(CPK_PUBLIC_PARAMS)
/*
* rows cols factors
* NID_cpk_map_sha1 32 32 1024
* NID_cpk_map_sm3 32 256 8192
* NID_cpk_map_sha256 32 256 8192
* NID_cpk_map_sha384 32 4096 131072
* NID_cpk_map_sha512 32 65536 2097152
*/
CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, int curve, int map);
CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master);
EVP_PKEY *CPK_MASTER_SECRET_extract_private_key(CPK_MASTER_SECRET *master, const char *id);
EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *params, const char *id);
char *CPK_MASTER_SECRET_get_name(CPK_MASTER_SECRET *master, char *buf, int size);
char *CPK_PUBLIC_PARAMS_get_name(CPK_PUBLIC_PARAMS *params, char *buf, int size);
int CPK_MASTER_SECRET_print(BIO *out, CPK_MASTER_SECRET *master, int indent, unsigned long flags);
int CPK_PUBLIC_PARAMS_print(BIO *out, CPK_PUBLIC_PARAMS *params, int indent, unsigned long flags);
int CPK_MASTER_SECRET_validate_public_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *params);
int CPK_PUBLIC_PARAMS_validate_private_key(CPK_PUBLIC_PARAMS *params, const char *id, const EVP_PKEY *pkey);
CPK_MASTER_SECRET *d2i_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET **master);
int i2d_CPK_MASTER_SECRET_bio(BIO *bp, CPK_MASTER_SECRET *master);
CPK_PUBLIC_PARAMS *d2i_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS **params);
int i2d_CPK_PUBLIC_PARAMS_bio(BIO *bp, CPK_PUBLIC_PARAMS *params);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
int ERR_load_CPK_strings(void);
/* Error codes for the CPK functions. */
/* Function codes. */
# define CPK_F_CPK_MAP_GET_MD 116
# define CPK_F_CPK_MAP_IS_VALID 114
# define CPK_F_CPK_MAP_NEW 111
# define CPK_F_CPK_MAP_NEW_DEFAULT 100
# define CPK_F_CPK_MAP_NUM_FACTORS 112
# define CPK_F_CPK_MAP_NUM_INDEXES 113
# define CPK_F_CPK_MAP_NUM_SUBSET 115
# define CPK_F_CPK_MAP_STR2INDEX 101
# define CPK_F_CPK_MASTER_SECRET_CREATE 102
# define CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY 103
# define CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS 104
# define CPK_F_CPK_MASTER_SECRET_PRINT 109
# define CPK_F_CPK_MASTER_SECRET_VALIDATE_PUBLIC_PARAMS 117
# define CPK_F_CPK_PUBLIC_PARAMS_COMPUTE_SHARE_KEY 105
# define CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY 106
# define CPK_F_CPK_PUBLIC_PARAMS_PRINT 110
# define CPK_F_CPK_PUBLIC_PARAMS_VALIDATE_PRIVATE_KEY 107
# define CPK_F_EXTRACT_EC_PARAMS 118
# define CPK_F_EXTRACT_EC_PRIV_KEY 119
# define CPK_F_EXTRACT_EC_PUB_KEY 120
# define CPK_F_X509_ALGOR_GET1_EC_KEY 108
/* Reason codes. */
# define CPK_R_BAD_ARGUMENT 100
# define CPK_R_BAD_ARGUMENTS 105
# define CPK_R_BAD_DATA 101
# define CPK_R_INVALID_ALGORITHM 106
# define CPK_R_INVALID_ARGUMENT 107
# define CPK_R_INVALID_CURVE 108
# define CPK_R_INVALID_ID_LENGTH 102
# define CPK_R_INVALID_MAP_ALGOR 103
# define CPK_R_INVALID_PKEY_TYPE 104
# ifdef __cplusplus
}
# endif
# endif
#endif

3
include/openssl/err.h
View File

@@ -96,7 +96,6 @@ typedef struct err_state_st {
# define ERR_LIB_KDF2 53
# define ERR_LIB_FFX 54
# define ERR_LIB_PAILLIER 55
# define ERR_LIB_CPK 56
# define ERR_LIB_OTP 57
# define ERR_LIB_GMAPI 58
# define ERR_LIB_BFIBE 59
@@ -147,7 +146,6 @@ typedef struct err_state_st {
# define KDF2err(f,r) ERR_PUT_error(ERR_LIB_KDF2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define FFXerr(f,r) ERR_PUT_error(ERR_LIB_FFX,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define PAILLIERerr(f,r) ERR_PUT_error(ERR_LIB_PAILLIER,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define CPKerr(f,r) ERR_PUT_error(ERR_LIB_CPK,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define OTPerr(f,r) ERR_PUT_error(ERR_LIB_OTP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define GMAPIerr(f,r) ERR_PUT_error(ERR_LIB_GMAPI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
# define BFIBEerr(f,r) ERR_PUT_error(ERR_LIB_BFIBE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
@@ -207,7 +205,6 @@ typedef struct err_state_st {
# define ERR_R_KDF2_LIB ERR_LIB_KDF2/* 53 */
# define ERR_R_FFX_LIB ERR_LIB_FFX/* 54 */
# define ERR_R_PAILLIER_LIB ERR_LIB_PAILLIER/* 55 */
# define ERR_R_CPK_LIB ERR_LIB_CPK/* 56 */
# define ERR_R_OTP_LIB ERR_LIB_OTP/* 57 */
# define ERR_R_GMAPI_LIB ERR_LIB_GMAPI/* 58 */
# define ERR_R_BFIBE_LIB ERR_LIB_BFIBE/* 59 */

6
test/build.info
View File

@@ -18,7 +18,7 @@ IF[{- !$disabled{tests} -}]
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
sm3test sms4test kdf2test eciestest ffxtest sm2test \
pailliertest cpktest otptest gmapitest ec2test \
pailliertest otptest gmapitest ec2test \
bfibetest bb1ibetest sm9test \
sdftest skftest zuctest \
serpenttest specktest base58test
@@ -316,10 +316,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[pailliertest]=../include
DEPEND[pailliertest]=../libcrypto
SOURCE[cpktest]=cpktest.c
INCLUDE[cpktest]=../include
DEPEND[cpktest]=../libcrypto
SOURCE[otptest]=otptest.c
INCLUDE[otptest]=../include
DEPEND[otptest]=../libcrypto

193
test/cpktest.c
View File

@@ -1,193 +0,0 @@
/* ====================================================================
* Copyright (c) 2007 - 2016 The GmSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the GmSSL Project.
* (http://gmssl.org/)"
*
* 4. The name "GmSSL Project" must not be used to endorse or promote
* products derived from this software without prior written
* permission. For written permission, please contact
* guanzhi1980@gmail.com.
*
* 5. Products derived from this software may not be called "GmSSL"
* nor may "GmSSL" appear in their names without prior written
* permission of the GmSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the GmSSL Project
* (http://gmssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "../e_os.h"
#ifdef OPENSSL_NO_CPK
int main(int argc, char **argv)
{
printf("NO CPK support\n");
return 0;
}
#else
# include <openssl/ec.h>
# include <openssl/evp.h>
# include <openssl/kdf2.h>
# include <openssl/x509.h>
# include <openssl/ecies.h>
# include <openssl/objects.h>
# include <openssl/cpk.h>
const char *id_short = "id";
const char *id_long =
"123456789022345678903234567890423456789052345678906234567890"
"123456789022345678903234567890423456789052345678906234567890";
int EVP_PKEY_print_fp(const EVP_PKEY *pkey, FILE *fp)
{
ASN1_PCTX *ctx = ASN1_PCTX_new();
BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
EVP_PKEY_print_params(bio, pkey, 0, ctx);
EVP_PKEY_print_public(bio, pkey, 0, ctx);
EVP_PKEY_print_private(bio, pkey, 0, NULL);
return 0;
}
int main(int argc, char **argv)
{
int r, i;
KDF_FUNC kdf = NULL;
EC_KEY *ec_key = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY *pub_key = NULL;
EVP_PKEY *priv_key = NULL;
X509_ALGOR *map = NULL;
CPK_MASTER_SECRET *master = NULL;
CPK_PUBLIC_PARAMS *params = NULL;
BIO *bio_out = NULL;
unsigned char *buf = NULL;
unsigned char *p;
const unsigned char *cp;
int len;
return 0;
/* prepare cpk setup parameters */
if (!(ec_key = EC_KEY_new_by_curve_name(OBJ_sn2nid("prime192v1")))) {
goto end;
}
EC_GROUP_set_asn1_flag((EC_GROUP *)EC_KEY_get0_group(ec_key), OPENSSL_EC_NAMED_CURVE);
r = EC_KEY_generate_key(ec_key);
pkey = EVP_PKEY_new();
r = EVP_PKEY_set1_EC_KEY(pkey, ec_key);
map = CPK_MAP_new_default();
//EVP_PKEY_print_fp(pkey, stdout);
/* generate master_secret and public_params */
master = CPK_MASTER_SECRET_create("domainid", pkey, map);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
r = CPK_MASTER_SECRET_print(bio_out, master, 0, 0);
EVP_PKEY_free(pkey);
pkey = NULL;
pkey = CPK_MASTER_SECRET_extract_private_key(master, "id");
EVP_PKEY_free(pkey);
//pkey = CPK_MASTER_SECRET_extract_private_key(master, NULL);
//assert(pkey == NULL);
pkey = CPK_MASTER_SECRET_extract_private_key(master, id_long);
EVP_PKEY_print_fp(pkey, stdout);
params = CPK_MASTER_SECRET_extract_public_params(master);
r = CPK_PUBLIC_PARAMS_print(bio_out, params, 0, 0);
printf("\n");
printf("test CPK_PUBLIC_PARAMS_extract_public_key()\n");
pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id_short);
EVP_PKEY_free(pub_key);
pub_key = CPK_PUBLIC_PARAMS_extract_public_key(params, id_long);
printf("Public Key of '%s':\n", id_long);
EVP_PKEY_print_fp(pkey, stdout);
printf("\n");
r = CPK_MASTER_SECRET_validate_public_params(master, params);
if (priv_key) EVP_PKEY_free(priv_key);
priv_key = CPK_MASTER_SECRET_extract_private_key(master, "identity");
r = CPK_PUBLIC_PARAMS_validate_private_key(params, "identity", priv_key);
r = CPK_PUBLIC_PARAMS_validate_private_key(params, "id", priv_key);
/* der encoding and decoding */
len = i2d_CPK_MASTER_SECRET(master, NULL);
if (buf != NULL) OPENSSL_free(buf);
buf = OPENSSL_malloc(len);
p = buf;
len = i2d_CPK_MASTER_SECRET(master, &p);
cp = buf;
if (master) CPK_MASTER_SECRET_free(master);
master = NULL;
master = d2i_CPK_MASTER_SECRET(NULL, &cp, len);
r = CPK_MASTER_SECRET_validate_public_params(master, params);
kdf = KDF_get_x9_63(EVP_sha1());
if (priv_key != NULL) EVP_PKEY_free(priv_key);
priv_key = CPK_MASTER_SECRET_extract_private_key(master, "Alice");
if (buf != NULL) OPENSSL_free(buf);
buf = OPENSSL_malloc(1024);
r = CPK_PUBLIC_PARAMS_compute_share_key(params, buf, 64, "Bob", priv_key, kdf);
for (i = 0; i < 64; i++) printf("%02x", buf[i]); printf("\n");
if (priv_key != NULL)
EVP_PKEY_free(priv_key);
priv_key = CPK_MASTER_SECRET_extract_private_key(master, "Bob");
r = CPK_PUBLIC_PARAMS_compute_share_key(params, buf, 64, "Alice", priv_key, kdf);
for (i = 0; i < 64; i++) printf("%02x", buf[i]); printf("\n");
end:
printf("ok\n");
return 0;
}
#endif

12
test/recipes/15-test_cpk.t
View File

@@ -1,12 +0,0 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test::Simple;
simple_test("test_cpk", "cpktest", "cpk");

3
util/mkdef.pl
View File

@@ -133,7 +133,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
# APPLINK (win build feature?)
"APPLINK",
# GmSSL
"SM3", "SMS4", "KDF2", "ECIES", "FFX", "SM2", "PAILLIER", "CPK", "OTP", "GMAPI", "EC2",
"SM3", "SMS4", "KDF2", "ECIES", "FFX", "SM2", "PAILLIER", "OTP", "GMAPI", "EC2",
"BFIBE", "BB1IBE", "SM9", "SDF", "SKF", "ZUC", "SERPENT", "SPECK", "BASE58",
"GMTLS", "GMTLS_METHOD", "CA", "MACRO", "ASYNC"
);
@@ -317,7 +317,6 @@ $crypto.=" include/openssl/bfibe.h";
$crypto.=" include/openssl/bn_gfp2.h";
$crypto.=" include/openssl/bn_hash.h";
$crypto.=" include/openssl/bn_solinas.h";
$crypto.=" include/openssl/cpk.h";
$crypto.=" include/openssl/ec_hash.h";
$crypto.=" include/openssl/ec_type1.h";
$crypto.=" include/openssl/ecies.h";