Add demos to CMake

demos/scripts/cademo.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+

demos/scripts/certdemo.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \
+	-key rootcakey.pem -pass 1234 \
+	-out rootcacert.pem \
+	-ca -path_len_constraint 6 \
+	-key_usage keyCertSign -key_usage cRLSign \
+	-crl_http_uri http://pku.edu.cn/ca.crl -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
+
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem \
+	-crl_http_uri http://pku.edu.cn/ca.crl -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem \
+	-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem \
+	-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
+gmssl certparse -in enccert.pem
+
+
+cat signcert.pem > certs.pem
+cat cacert.pem >> certs.pem
+gmssl certverify -in certs.pem -cacert rootcacert.pem #-check_crl
+
+cat signcert.pem > dbl_certs.pem
+cat enccert.pem >> dbl_certs.pem
+cat cacert.pem >> dbl_certs.pem
+gmssl certverify -double_certs -in dbl_certs.pem -cacert rootcacert.pem #-check_crl
+
+

demos/scripts/cmsdemo.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+
+gmssl sm2keygen -pass 1234 -out key.pem -pubout keypub.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key_usage dataEncipherment -days 365 -key key.pem -pass 1234 -out cert.pem
+
+echo "<html>The plaintext message.</html>" > plain.txt
+
+gmssl cmsencrypt -in plain.txt -rcptcert cert.pem -out enveloped_data.pem
+gmssl cmsparse -in enveloped_data.pem
+gmssl cmsdecrypt -key key.pem -pass 1234 -cert cert.pem -in enveloped_data.pem
+
+gmssl cmssign -key key.pem -pass 1234 -cert cert.pem -in plain.txt -out signed_data.pem
+gmssl cmsparse -in signed_data.pem
+gmssl cmsverify -in signed_data.pem -out signed_data.txt
+cat signed_data.txt
+

demos/scripts/pbkdf2demo.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+
+gmssl pbkdf2 -pass 1234 -salt 1122334455667788 -iter 60000 -outlen 16
+

demos/scripts/reqdemo.sh

@@ -0,0 +1,19 @@
+#!/bin/bash -x
+
+# generate self-signed CA certificate
+gmssl sm2keygen -pass 1234 -out cakey.pem -pubout pubkey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN CA -days 365 -key cakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+# generate a req and sign by CA certificate
+gmssl sm2keygen -pass 1234 -out signkey.pem -pubout pubkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+# sign a encryption certificate with the same DN, different KeyUsage extension
+gmssl sm2keygen -pass 1234 -out enckey.pem -pubout pubkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+

demos/scripts/sm2demo.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
+
+echo hello | gmssl sm2sign -key sm2.pem -pass 1234 -out sm2.sig #-id 1234567812345678
+echo hello | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig -id 1234567812345678
+
+echo hello | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der
+gmssl sm2decrypt -key sm2.pem -pass 1234 -in sm2.der
+

demos/scripts/sm3demo.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+echo -n abc | gmssl sm3
+
+gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
+echo -n abc | gmssl sm3 -pubkey sm2pub.pem -id 1234567812345678
+
+
+echo -n abc | gmssl sm3hmac -key 11223344556677881122334455667788
+

demos/scripts/sm4demo.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+
+KEY=11223344556677881122334455667788
+IV=11223344556677881122334455667788
+
+echo hello | gmssl sm4 -cbc -encrypt -key $KEY -iv $IV -out sm4.cbc
+gmssl sm4 -cbc -decrypt -key $KEY -iv $IV -in sm4.cbc
+
+echo hello | gmssl sm4 -ctr -encrypt -key $KEY -iv $IV -out sm4.ctr
+gmssl sm4 -ctr -decrypt -key $KEY -iv $IV -in sm4.ctr
+

demos/scripts/sm9demo.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+gmssl sm9setup -alg sm9sign -pass 1234 -out sign_msk.pem -pubout sign_mpk.pem
+gmssl sm9keygen -alg sm9sign -in sign_msk.pem -inpass 1234 -id alice -out alice.pem -outpass 1234
+echo hello | gmssl sm9sign -key alice.pem -pass 1234  -out hello.sig
+echo hello | gmssl sm9verify -pubmaster sign_mpk.pem -id alice -sig hello.sig
+
+gmssl sm9setup -alg sm9encrypt -pass 1234 -out enc_msk.pem -pubout enc_mpk.pem
+gmssl sm9keygen -alg sm9encrypt -in enc_msk.pem -inpass 1234 -id bob -out bob.pem -outpass 1234
+echo hello | gmssl sm9encrypt -pubmaster enc_mpk.pem -id bob -out hello.der
+gmssl sm9decrypt -key bob.pem -pass 1234 -id bob -in hello.der
+

demos/scripts/tlcp_client.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -x
+
+
+# https://ebssec.boc.cn
+gmssl tlcp_client -host 123.124.191.183
+
+# https://zffw.jxzwfww.gov.cn
+gmssl tlcp_client -host 218.87.21.62

demos/scripts/tlcp_server.sh

@@ -0,0 +1,39 @@
+#!/bin/bash -x
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+
+cat signcert.pem > double_certs.pem
+cat enccert.pem >> double_certs.pem
+cat cacert.pem >> double_certs.pem
+
+sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem  1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+# build and install BabaSSL 8.3.1
+openssl version
+openssl s_client -enable_ntls -ntls -connect localhost:443 -no_ticket -CAfile rootcacert.pem
+
+

demos/scripts/tlcpdemo.sh

@@ -0,0 +1,38 @@
+#!/bin/bash -x
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+
+cat signcert.pem > double_certs.pem
+cat enccert.pem >> double_certs.pem
+cat cacert.pem >> double_certs.pem
+
+# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
+# TODO: check if `gmssl` is failed
+sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem & # 1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+gmssl tlcp_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
+

demos/scripts/tls12demo.sh

@@ -0,0 +1,32 @@
+#!/bin/bash -x
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+cat signcert.pem > certs.pem
+cat cacert.pem >> certs.pem
+
+# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
+# TODO: check if `gmssl` is failed
+sudo gmssl tls12_server -port 443 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem & #1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+gmssl tls12_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
+

demos/scripts/tls13demo.sh

@@ -0,0 +1,32 @@
+#!/bin/bash -x
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+cat signcert.pem > certs.pem
+cat cacert.pem >> certs.pem
+
+# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
+# TODO: check if `gmssl` is failed
+sudo gmssl tls13_server -port 443 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem & # 1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+gmssl tls13_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
+

demos/scripts/zucdemo.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+
+KEY=11223344556677881122334455667788
+IV=11223344556677881122334455667788
+
+echo hello | gmssl zuc -key $KEY -iv $IV -out zuc.bin
+gmssl zuc -key $KEY -iv $IV -in zuc.bin
+
+