abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add sdfsign command

Browse Source
This commit is contained in:
Zhi Guan
2024-06-07 19:45:10 +08:00
parent 4363740477
commit c4e5cf0deb
6 changed files with 339 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@@ -552,7 +552,7 @@ if (ENABLE_SDF)
src/sdf/sdf_meth.c src/sdf/sdf_meth.c
src/sdf/sdf_ext.c src/sdf/sdf_ext.c
src/sdf/sdf_sansec.c) src/sdf/sdf_sansec.c)
list(APPEND tools tools/sdfutil.c tools/sdfinfo.c tools/sdfexport.c tools/sdftest.c) list(APPEND tools tools/sdfinfo.c tools/sdfexport.c tools/sdfsign.c tools/sdftest.c)
endif() endif()

24
include/gmssl/sdf.h
View File

@@ -29,11 +29,18 @@ typedef struct {
} SDF_DEVICE; } SDF_DEVICE;
typedef struct { typedef struct {
SM2_KEY public_key; SM2_Z256_POINT public_key;
void *session; void *session;
int index; int index;
} SDF_KEY; } SDF_SIGN_KEY;
typedef struct {
SM3_CTX sm3_ctx;
SM3_CTX saved_sm3_ctx;
SDF_SIGN_KEY key;
} SDF_SIGN_CTX;
/*
typedef struct { typedef struct {
void *hSession; void *hSession;
} SDF_SM3_CTX; } SDF_SM3_CTX;
@@ -54,17 +61,20 @@ typedef struct {
uint8_t passlen; uint8_t passlen;
unsigned char pass[26 + 1]; unsigned char pass[26 + 1];
} SDF_PRIVATE_KEY; } SDF_PRIVATE_KEY;
*/
int sdf_load_library(const char *so_path, const char *vendor); int sdf_load_library(const char *so_path, const char *vendor);
int sdf_open_device(SDF_DEVICE *dev); int sdf_open_device(SDF_DEVICE *dev);
int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev); int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev);
int sdf_rand_bytes(SDF_DEVICE *dev, uint8_t *buf, size_t len);
int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_key); int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_key);
int sdf_export_enc_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_key); int sdf_load_sign_key(SDF_DEVICE *dev, SDF_SIGN_KEY *key, int key_index, const char *pass);
int sdf_load_sign_key(SDF_DEVICE *dev, SDF_KEY *key, int index, const char *pass); int sdf_sign(SDF_SIGN_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen); int sdf_sign_init(SDF_SIGN_CTX *ctx, const SDF_SIGN_KEY *key, const char *id, size_t idlen);
int sdf_release_key(SDF_KEY *key); int sdf_sign_update(SDF_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sdf_sign_finish(SDF_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
int sdf_sign_reset(SDF_SIGN_CTX *ctx);
int sdf_release_sign_key(SDF_SIGN_KEY *key);
int sdf_close_device(SDF_DEVICE *dev); int sdf_close_device(SDF_DEVICE *dev);
void sdf_unload_library(void); void sdf_unload_library(void);

250
src/sdf/sdf.c
View File

@@ -18,50 +18,46 @@
#include "sdf_ext.h" #include "sdf_ext.h"
static int SDF_ECCrefPublicKey_to_SM2_Z256_POINT(const ECCrefPublicKey *ref, SM2_Z256_POINT *z256_point)
static const uint8_t zeros[ECCref_MAX_LEN - 32] = {0};
static int SDF_ECCrefPublicKey_to_SM2_KEY(const ECCrefPublicKey *ref, SM2_KEY *sm2_key)
{ {
uint8_t bytes[64] = {0}; static const uint8_t zeros[ECCref_MAX_LEN - 32] = {0};
SM2_Z256_POINT point; SM2_POINT point;
if (ref->bits != 256) { if (ref->bits != 256) {
error_print(); error_print();
return -1; return -1;
} }
if (memcmp(ref->x, zeros, sizeof(zeros)) != 0 if (memcmp(ref->x, zeros, sizeof(zeros)) != 0) {
|| memcmp(ref->y, zeros, sizeof(zeros)) != 0) {
error_print(); error_print();
return -1; return -1;
} }
if (memcmp(ref->y, zeros, sizeof(zeros)) != 0) {
memcpy(bytes , ref->x + ECCref_MAX_LEN - 32, 32);
memcpy(bytes + 32, ref->y + ECCref_MAX_LEN - 32, 32);
if (sm2_z256_point_from_bytes(&point, bytes) != 1) {
error_print(); error_print();
return -1; return -1;
} }
memcpy(point.x, ref->x + sizeof(zeros), 32);
if (sm2_key_set_public_key(sm2_key, &point) != 1) { memcpy(point.y, ref->y + sizeof(zeros), 32);
if (sm2_z256_point_from_bytes(z256_point, (uint8_t *)&point) != 1) {
error_print(); error_print();
return -1; return -1;
} }
return SDR_OK; return SDR_OK;
} }
static int SDF_ECCSignature_to_SM2_SIGNATURE(const ECCSignature *ref, SM2_SIGNATURE *sig) static int SDF_ECCSignature_to_SM2_SIGNATURE(const ECCSignature *ref, SM2_SIGNATURE *sig)
{ {
if (memcmp(ref->r, zeros, sizeof(zeros)) != 0 static const uint8_t zeros[ECCref_MAX_LEN - 32] = {0};
|| memcmp(ref->s, zeros, sizeof(zeros)) != 0) {
if (memcmp(ref->r, zeros, sizeof(zeros)) != 0) {
error_print(); error_print();
return -1; return -1;
} }
memset(sig, 0, sizeof(SM2_SIGNATURE)); if (memcmp(ref->s, zeros, sizeof(zeros)) != 0) {
memcpy(sig->r, ref->r + ECCref_MAX_LEN - 32, 32); error_print();
memcpy(sig->s, ref->s + ECCref_MAX_LEN - 32, 32); return -1;
}
memcpy(sig->r, ref->r + sizeof(zeros), 32);
memcpy(sig->s, ref->s + sizeof(zeros), 32);
return SDR_OK; return SDR_OK;
} }
@@ -86,70 +82,57 @@ int sdf_open_device(SDF_DEVICE *dev)
void *hSession = NULL; void *hSession = NULL;
DEVICEINFO devInfo; DEVICEINFO devInfo;
if (SDF_OpenDevice(&hDevice) != SDR_OK if (SDF_OpenDevice(&hDevice) != SDR_OK) {
|| SDF_OpenSession(hDevice, &hSession) != SDR_OK
|| SDF_GetDeviceInfo(hSession, &devInfo) != SDR_OK) {
error_print(); error_print();
goto end; return -1;
} }
if (SDF_OpenSession(hDevice, &hSession) != SDR_OK) {
(void)SDF_CloseDevice(hDevice);
error_print();
return -1;
}
if (SDF_GetDeviceInfo(hSession, &devInfo) != SDR_OK) {
(void)SDF_CloseSession(hSession);
(void)SDF_CloseDevice(hDevice);
error_print();
return -1;
}
(void)SDF_CloseSession(hSession);
memset(dev, 0, sizeof(SDF_DEVICE)); memset(dev, 0, sizeof(SDF_DEVICE));
dev->handle = hDevice; dev->handle = hDevice;
hDevice = NULL;
memcpy(dev->issuer, devInfo.IssuerName, 40); memcpy(dev->issuer, devInfo.IssuerName, 40);
memcpy(dev->name, devInfo.DeviceName, 16); memcpy(dev->name, devInfo.DeviceName, 16);
memcpy(dev->serial, devInfo.DeviceSerial, 16); memcpy(dev->serial, devInfo.DeviceSerial, 16);
ret = 1; return 1;
end:
if (hSession) SDF_CloseSession(hSession);
if (hDevice) SDF_CloseDevice(hDevice);
return ret;
} }
int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev) int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev)
{ {
int ret = -1;
void *hSession = NULL; void *hSession = NULL;
DEVICEINFO devInfo; DEVICEINFO devInfo;
if (SDF_OpenSession(dev->handle, &hSession) != SDR_OK if (SDF_OpenSession(dev->handle, &hSession) != SDR_OK) {
|| SDF_GetDeviceInfo(hSession, &devInfo) != SDR_OK) {
error_print();
goto end;
}
SDF_PrintDeviceInfo(fp, &devInfo);
ret = 1;
end:
if (hSession) SDF_CloseSession(hSession);
return ret;
}
int sdf_rand_bytes(SDF_DEVICE *dev, uint8_t *buf, size_t len)
{
int ret = -1;
void *hSession = NULL;
if (!dev || !buf || !len) {
error_print(); error_print();
return -1; return -1;
} }
if (SDF_OpenSession(dev->handle, &hSession) != SDR_OK if (SDF_GetDeviceInfo(hSession, &devInfo) != SDR_OK) {
|| SDF_GenerateRandom(hSession, (unsigned int)len, buf) != SDR_OK) { (void)SDF_CloseSession(hSession);
error_print(); error_print();
goto end; return -1;
} }
ret = 1; (void)SDF_CloseSession(hSession);
end:
if (hSession) SDF_CloseSession(hSession); (void)SDF_PrintDeviceInfo(fp, &devInfo);
return ret; return 1;
} }
int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_key) int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *sm2_key)
{ {
void *hSession; void *hSession;
ECCrefPublicKey eccPublicKey; ECCrefPublicKey eccPublicKey;
if (!dev || !public_key) { if (!dev || !sm2_key) {
error_print(); error_print();
return -1; return -1;
} }
@@ -165,20 +148,24 @@ int sdf_export_sign_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_k
} }
(void)SDF_CloseSession(hSession); (void)SDF_CloseSession(hSession);
if (SDF_ECCrefPublicKey_to_SM2_KEY(&eccPublicKey, public_key) != SDR_OK) { memset(sm2_key, 0, sizeof(SM2_KEY));
if (SDF_ECCrefPublicKey_to_SM2_Z256_POINT(&eccPublicKey, &sm2_key->public_key) != SDR_OK) {
error_print(); error_print();
return -1; return -1;
} }
return 1; return 1;
} }
int sdf_export_enc_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_key) int sdf_load_sign_key(SDF_DEVICE *dev, SDF_SIGN_KEY *key, int key_index, const char *pass)
{ {
void *hSession; void *hSession = NULL;
ECCrefPublicKey eccPublicKey; ECCrefPublicKey eccPublicKey;
if (!dev || !public_key) { if (!dev || !key || !pass) {
error_print();
return -1;
}
if (key_index < 0) {
error_print(); error_print();
return -1; return -1;
} }
@@ -187,60 +174,27 @@ int sdf_export_enc_public_key(SDF_DEVICE *dev, int key_index, SM2_KEY *public_ke
error_print(); error_print();
return -1; return -1;
} }
if (SDF_ExportEncPublicKey_ECC(hSession, key_index, &eccPublicKey) != SDR_OK) { if (SDF_ExportSignPublicKey_ECC(hSession, key_index, &eccPublicKey) != SDR_OK) {
(void)SDF_CloseSession(hSession); (void)SDF_CloseSession(hSession);
error_print(); error_print();
return -1; return -1;
} }
if (SDF_GetPrivateKeyAccessRight(hSession, key_index, (unsigned char *)pass, (unsigned int)strlen(pass)) != SDR_OK) {
(void)SDF_CloseSession(hSession); (void)SDF_CloseSession(hSession);
if (SDF_ECCrefPublicKey_to_SM2_KEY(&eccPublicKey, public_key) != SDR_OK) {
error_print(); error_print();
return -1; return -1;
} }
if (SDF_ECCrefPublicKey_to_SM2_Z256_POINT(&eccPublicKey, &key->public_key) != SDR_OK) {
error_print();
return -1;
}
key->session = hSession;
key->index = key_index;
return 1; return 1;
} }
int sdf_sign(SDF_SIGN_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen)
int sdf_load_sign_key(SDF_DEVICE *dev, SDF_KEY *key, int index, const char *pass)
{
int ret = -1;
void *hSession = NULL;
ECCrefPublicKey eccPublicKey;
SM2_KEY public_key;
if (!dev || !key || !pass) {
error_print();
return -1;
}
if (SDF_OpenSession(dev->handle, &hSession) != SDR_OK
|| SDF_ExportSignPublicKey_ECC(hSession, index, &eccPublicKey) != SDR_OK
|| SDF_ECCrefPublicKey_to_SM2_KEY(&eccPublicKey, &public_key) != SDR_OK
|| SDF_GetPrivateKeyAccessRight(hSession, index, (unsigned char *)pass, (unsigned int)strlen(pass)) != SDR_OK) {
error_print();
goto end;
}
memset(key, 0, sizeof(SDF_KEY));
key->public_key = public_key;
key->session = hSession;
key->index = index;
hSession = NULL;
ret = 1;
end:
if (hSession) SDF_CloseSession(hSession);
return ret;
}
int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen)
{ {
ECCSignature ecc_sig; ECCSignature ecc_sig;
SM2_SIGNATURE sm2_sig; SM2_SIGNATURE sm2_sig;
@@ -249,15 +203,14 @@ int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen)
error_print(); error_print();
return -1; return -1;
} }
if (SDF_InternalSign_ECC(key->session, key->index, (unsigned char *)dgst, 32, &ecc_sig) != SDR_OK if (SDF_InternalSign_ECC(key->session, key->index, (unsigned char *)dgst, 32, &ecc_sig) != SDR_OK) {
|| SDF_ECCSignature_to_SM2_SIGNATURE(&ecc_sig, &sm2_sig) != SDR_OK) { error_print();
return -1;
}
if (SDF_ECCSignature_to_SM2_SIGNATURE(&ecc_sig, &sm2_sig) != SDR_OK) {
error_print(); error_print();
return -1; return -1;
} }
*siglen = 0; *siglen = 0;
if (sm2_signature_to_der(&sm2_sig, &sig, siglen) != 1) { if (sm2_signature_to_der(&sm2_sig, &sig, siglen) != 1) {
error_print(); error_print();
@@ -266,14 +219,79 @@ int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen)
return 1; return 1;
} }
int sdf_release_key(SDF_KEY *key) int sdf_sign_init(SDF_SIGN_CTX *ctx, const SDF_SIGN_KEY *key, const char *id, size_t idlen)
{ {
if (SDF_ReleasePrivateKeyAccessRight(key->session, key->index) != SDR_OK if (!ctx || !key) {
|| SDF_CloseSession(key->session) != SDR_OK) { error_print();
return -1;
}
sm3_init(&ctx->sm3_ctx);
if (id) {
uint8_t z[SM3_DIGEST_SIZE];
if (idlen <= 0 || idlen > SM2_MAX_ID_LENGTH) {
error_print();
return -1;
}
sm2_compute_z(z, &key->public_key, id, idlen);
sm3_update(&ctx->sm3_ctx, z, sizeof(z));
}
ctx->saved_sm3_ctx = ctx->sm3_ctx;
ctx->key = *key;
return 1;
}
int sdf_sign_update(SDF_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
{
if (!ctx) {
error_print();
return -1;
}
if (data && datalen > 0) {
sm3_update(&ctx->sm3_ctx, data, datalen);
}
return 1;
}
int sdf_sign_finish(SDF_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
{
uint8_t dgst[SM3_DIGEST_SIZE];
if (!ctx || !sig || !siglen) {
error_print();
return -1;
}
sm3_finish(&ctx->sm3_ctx, dgst);
if (sdf_sign(&ctx->key, dgst, sig, siglen) != 1) {
error_print();
return -1;
}
return 1;
}
int sdf_sign_reset(SDF_SIGN_CTX *ctx)
{
if (!ctx) {
error_print();
return -1;
}
ctx->sm3_ctx = ctx->saved_sm3_ctx;
return 1;
}
int sdf_release_key(SDF_SIGN_KEY *key)
{
if (SDF_ReleasePrivateKeyAccessRight(key->session, key->index) != SDR_OK) {
error_print();
}
if (SDF_CloseSession(key->session) != SDR_OK) {
error_print(); error_print();
return -1; return -1;
} }
memset(key, 0, sizeof(SDF_KEY));
return 1; return 1;
} }

10
tools/gmssl.c
View File

@@ -66,9 +66,9 @@ extern int tls12_server_main(int argc, char **argv);
extern int tls13_client_main(int argc, char **argv); extern int tls13_client_main(int argc, char **argv);
extern int tls13_server_main(int argc, char **argv); extern int tls13_server_main(int argc, char **argv);
#ifdef ENABLE_SDF #ifdef ENABLE_SDF
extern int sdfutil_main(int argc, char **argv);
extern int sdfinfo_main(int argc, char **argv); extern int sdfinfo_main(int argc, char **argv);
extern int sdfexport_main(int argc, char **argv); extern int sdfexport_main(int argc, char **argv);
extern int sdfsign_main(int argc, char **argv);
extern int sdftest_main(int argc, char **argv); extern int sdftest_main(int argc, char **argv);
#endif #endif
#ifdef ENABLE_SKF #ifdef ENABLE_SKF
@@ -128,9 +128,9 @@ static const char *options =
" cmssign Generate CMS SignedData\n" " cmssign Generate CMS SignedData\n"
" cmsverify Verify CMS SignedData\n" " cmsverify Verify CMS SignedData\n"
#ifdef ENABLE_SDF #ifdef ENABLE_SDF
" sdfutil SDF crypto device utility\n"
" sdfinfo Print SDF device info\n" " sdfinfo Print SDF device info\n"
" sdfexport Export public key from SDF device\n" " sdfexport Export SM2 signing public key from SDF device\n"
" sdfsign Generate SM2 signature with SDF internal private key\n"
" sdftest Test vendor's SDF library and device\n" " sdftest Test vendor's SDF library and device\n"
#endif #endif
#ifdef ENABLE_SKF #ifdef ENABLE_SKF
@@ -285,8 +285,8 @@ int main(int argc, char **argv)
return sdfinfo_main(argc, argv); return sdfinfo_main(argc, argv);
} else if (!strcmp(*argv, "sdfexport")) { } else if (!strcmp(*argv, "sdfexport")) {
return sdfexport_main(argc, argv); return sdfexport_main(argc, argv);
} else if (!strcmp(*argv, "sdfutil")) { } else if (!strcmp(*argv, "sdfsign")) {
return sdfutil_main(argc, argv); return sdfsign_main(argc, argv);
} else if (!strcmp(*argv, "sdftest")) { } else if (!strcmp(*argv, "sdftest")) {
return sdftest_main(argc, argv); return sdftest_main(argc, argv);
#endif #endif

35
tools/sdfexport.c
View File

@@ -16,22 +16,19 @@
#include <gmssl/sdf.h> #include <gmssl/sdf.h>
static const char *usage = "-lib so_path {-sign_public_key|-encrypt_public_key} -index num [-out file]"; static const char *usage = "-lib so_path -key num [-out file]";
static const char *options = static const char *options =
"\n" "\n"
"Options\n" "Options\n"
"\n" "\n"
" -lib so_path Vendor's SDF dynamic library\n" " -lib so_path Vendor's SDF dynamic library\n"
" -sign_public_key Export signing public key\n" " -key num Private key index number\n"
" -encrypt_public_key Export encryption public key\n"
" -index num Private key index number\n"
" -out file | stdout Output public key in PEM format\n" " -out file | stdout Output public key in PEM format\n"
"\n" "\n"
"Examples\n" "Examples\n"
"\n" "\n"
" $ gmssl sdfexport -sign_public_key -index 1 -out sm2signpub.pem\n" " $ gmssl sdfexport -key 1 -out sm2signpub.pem\n"
" $ gmssl sdfexport -encrypt_public_key -index 1 -out sm2encpub.pem\n"
"\n"; "\n";
@@ -65,19 +62,7 @@ int sdfexport_main(int argc, char **argv)
} else if (!strcmp(*argv, "-lib")) { } else if (!strcmp(*argv, "-lib")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
lib = *(++argv); lib = *(++argv);
} else if (!strcmp(*argv, "-sign_public_key")) { } else if (!strcmp(*argv, "-key")) {
if (enc_public_key) {
fprintf(stderr, "gmssl %s: '-sign_public_key' and '-encrypt_public_key' should not used together\n", prog);
goto end;
}
sign_public_key = 1;
} else if (!strcmp(*argv, "-encrypt_public_key")) {
if (sign_public_key) {
fprintf(stderr, "gmssl %s: '-sign_public_key' and '-encrypt_public_key' should not used together\n", prog);
goto end;
}
enc_public_key = 1;
} else if (!strcmp(*argv, "-index")) {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
index = atoi(*(++argv)); index = atoi(*(++argv));
if (index < 0) { if (index < 0) {
@@ -107,10 +92,6 @@ bad:
fprintf(stderr, "gmssl %s: option '-lib' required\n", prog); fprintf(stderr, "gmssl %s: option '-lib' required\n", prog);
goto end; goto end;
} }
if (!sign_public_key && !enc_public_key) {
fprintf(stderr, "gmssl %s: option '-sign_public_key' or '-encrypt_public_key' is required\n", prog);
goto end;
}
if (index < 0) { if (index < 0) {
fprintf(stderr, "gmssl %s: '-index' option required\n", prog); fprintf(stderr, "gmssl %s: '-index' option required\n", prog);
goto end; goto end;
@@ -125,18 +106,10 @@ bad:
goto end; goto end;
} }
if (sign_public_key) {
if (sdf_export_sign_public_key(&dev, index, &sm2_key) != 1) { if (sdf_export_sign_public_key(&dev, index, &sm2_key) != 1) {
fprintf(stderr, "%s: load sign key failed\n", prog); fprintf(stderr, "%s: load sign key failed\n", prog);
goto end; goto end;
} }
} else {
if (sdf_export_enc_public_key(&dev, index, &sm2_key) != 1) {
fprintf(stderr, "%s: load sign key failed\n", prog);
goto end;
}
}
if (sm2_public_key_info_to_pem(&sm2_key, outfp) != 1) { if (sm2_public_key_info_to_pem(&sm2_key, outfp) != 1) {
fprintf(stderr, "gmssl %s: output public key to PEM failed\n", prog); fprintf(stderr, "gmssl %s: output public key to PEM failed\n", prog);
goto end; goto end;

174
tools/sdfsign.c Normal file
View File

@@ -0,0 +1,174 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sdf.h>
#include <gmssl/mem.h>
static const char *usage = "-lib so_path -key num -pass str [-id str] [-in file] [-out file]";
static const char *options =
"\n"
"Options\n"
"\n"
" -lib so_path Vendor's SDF dynamic library\n"
" -key num Signing private key index number\n"
" -pass str Password to get the private key access right\n"
" -id str Signer's identity string, '1234567812345678' by default\n"
" -in file | stdin To be signed file or data\n"
" -out file | stdout Output signature in binary DER encoding\n"
"\n"
"Examples\n"
"\n"
" $ echo -n 'message to be signed' | gmssl sdfsign -lib libsoftsdf.so -key 1 -pass P@ssw0rd -out sm2.sig\n"
" $ gmssl sdfexport -lib libsoftsdf.so -key 1 -out sm2pub.pem\n"
" $ echo -n 'message to be signed' | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig\n"
"\n";
int sdfsign_main(int argc, char **argv)
{
int ret = 1;
char *prog = argv[0];
char *lib = NULL;
int key_index = -1;
char *pass = NULL;
char *id = SM2_DEFAULT_ID;
char *infile = NULL;
char *outfile = NULL;
FILE *infp = stdin;
FILE *outfp = stdout;
uint8_t buf[4096];
size_t len;
uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen;
SDF_DEVICE dev;
SDF_SIGN_KEY key;
SDF_SIGN_CTX ctx;
argc--;
argv++;
if (argc < 1) {
fprintf(stderr, "usage: gmssl %s %s\n", prog, usage);
return 1;
}
while (argc > 0) {
if (!strcmp(*argv, "-help")) {
printf("usage: gmssl %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0;
goto end;
} else if (!strcmp(*argv, "-lib")) {
if (--argc < 1) goto bad;
lib = *(++argv);
} else if (!strcmp(*argv, "-key")) {
if (--argc < 1) goto bad;
key_index = atoi(*(++argv));
if (key_index < 0) {
fprintf(stderr, "gmssl %s: illegal key index %d\n", prog, key_index);
goto end;
}
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else if (!strcmp(*argv, "-id")) {
if (--argc < 1) goto bad;
id = *(++argv);
} else if (!strcmp(*argv, "-in")) {
if (--argc < 1) goto bad;
infile = *(++argv);
if (!(infp = fopen(infile, "rb"))) {
fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, infile, strerror(errno));
goto end;
}
} else if (!strcmp(*argv, "-out")) {
if (--argc < 1) goto bad;
outfile = *(++argv);
if (!(outfp = fopen(outfile, "wb"))) {
fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
goto end;
}
} else {
fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv);
goto end;
bad:
fprintf(stderr, "gmssl %s: '%s' option value missing\n", prog, *argv);
goto end;
}
argc--;
argv++;
}
if (!lib) {
fprintf(stderr, "gmssl %s: '-lib' option required\n", prog);
goto end;
}
if (key_index < 0) {
fprintf(stderr, "gmssl %s: '-key' option required\n", prog);
goto end;
}
if (!pass) {
fprintf(stderr, "gmssl %s: '-pass' option required\n", prog);
goto end;
}
if (sdf_load_library(lib, NULL) != 1) {
fprintf(stderr, "gmssl %s: load library failure\n", prog);
goto end;
}
if (sdf_open_device(&dev) != 1) {
fprintf(stderr, "gmssl %s: open device failure\n", prog);
goto end;
}
if (sdf_load_sign_key(&dev, &key, key_index, pass) != 1) {
(void)sdf_close_device(&dev);
fprintf(stderr, "gmssl %s: load signing key #%d failure\n", prog, key_index);
goto end;
}
if (sdf_sign_init(&ctx, &key, id, strlen(id)) != 1) {
(void)sdf_close_device(&dev);
fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end;
}
while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) {
if (sdf_sign_update(&ctx, buf, len) != 1) {
(void)sdf_close_device(&dev);
fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end;
}
}
if (sdf_sign_finish(&ctx, sig, &siglen) != 1) {
(void)sdf_close_device(&dev);
fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end;
}
(void)sdf_close_device(&dev);
if (fwrite(sig, 1, siglen, outfp) != siglen) {
fprintf(stderr, "gmssl %s: output signature failed : %s\n", prog, strerror(errno));
goto end;
}
ret = 0;
end:
sdf_unload_library();
if (infile && infp) fclose(infp);
if (outfile && outfp) fclose(outfp);
return ret;
}