update gm apis

2026-05-07 17:06:25 +08:00 · 2017-02-23 17:28:06 +08:00
parent 89574f6f95
commit dc4041ea4b
5 changed files with 156 additions and 80 deletions
--- a/crypto/saf/saf_mac.c
+++ b/crypto/saf/saf_mac.c
@@ -118,7 +118,7 @@ int SAF_MacFinal(
 	}

 	siz = EVP_CIPHER_block_size(hkey->cipher);
-	if (!CBCMAC_Final(hkey->cmac_ctx, pucOutData, &siz)) {
+	if (!CMAC_Final(hkey->cmac_ctx, pucOutData, &siz)) {
 		SAFerr(SAF_F_SAF_MACFINAL, SAF_R_MAC_FAILURE);
 		return SAR_UnknownErr;
 	}
--- a/crypto/saf/saf_pkcs7.c
+++ b/crypto/saf/saf_pkcs7.c
@@ -48,6 +48,7 @@
 */

 #include <openssl/evp.h>
+#include <openssl/pkcs7.h>
 #include <openssl/gmapi.h>
 #include <openssl/gmsaf.h>
 #include "saf_lcl.h"
@@ -128,6 +129,80 @@ int SAF_Pkcs7_EncodeEnvelopedData(
 	unsigned int *puiDerP7EnvelopedDataLen)
 {
 	int ret = SAR_UnknownErr;
+	PKCS7 *p7 = NULL;
+	X509 *x509 = NULL;
+	STACK_OF(X509) *certs = NULL;
+	BIO *bio = NULL;
+	const EVP_CIPHER *cipher;
+
+	/* check arguments */
+	if (!hAppHandle || !pucData || !pucEncCertificate || !puiDerP7EnvelopedDataLen) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PASSED_NULL_PARAMETER);
+		return SAR_IndataErr;
+	}
+
+	if (uiDataLen <= 0 || uiDataLen > INT_MAX
+		|| uiEncCertificateLen <= 0 || uiEncCertificateLen > INT_MAX) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_INPUT_LENGTH);
+		return SAR_IndataLenErr;
+	}
+
+	if (!(cipher = EVP_get_cipherbysgd(uiSymmAlgorithm))) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_UNSUPPORTED_ALGOR);
+		return SAR_AlgoTypeErr;
+	}
+
+	/* process */
+	if (!(bio = BIO_new_mem_buf(pucData, (int)uiDataLen))
+		|| !(certs = sk_X509_new_null())
+		|| !(x509 = X509_new())) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_MALLOC_FAILURE);
+		ret = SAR_MemoryErr;
+		goto end;
+	}
+
+	if (!d2i_X509(&x509, &pucEncCertificate, (long)uiEncCertificateLen)) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_INVALID_CERTIFICATE);
+		ret = SAR_CertEncodeErr;
+		goto end;
+	}
+	// FIXME: check usage, valid time of x509
+
+	sk_X509_push(certs, x509);
+	x509 = NULL;
+
+	if (!(p7 = PKCS7_encrypt(certs, bio, cipher, PKCS7_BINARY))) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
+		goto end;
+	}
+
+	if ((len = i2d_PKCS7(p7, NULL)) <= 0) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, ERR_R_PKCS7_LIB);
+		goto end;
+	}
+
+	if (!pucDerP7EnvelopedData) {
+		*puiDerP7EnvelopedDataLen = (unsigned int)len;
+		ret = SAR_Ok;
+		goto end;
+	}
+
+	if (*puiDerP7EnvelopedDataLen < (unsigned int)len) {
+		SAFerr(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA, SAF_R_BUFFER_TOO_SMALL);
+		ret = SAR_IndataLenErr;
+		goto end;
+	}
+
+	len = i2d_PKCS7(p7, pucDerP7EnvelopedData);
+	*puiDerP7EnvelopedDataLen = (unsigned int)len;
+
+	ret = SAR_OK;
+
+end:
+	PKCS7_free(p7);
+	X509_free(x509);
+	sk_X509_free(certs);
+	BIO_free(bio);
 	return ret;
 }

--- a/crypto/sdf/sdf_lib.c
+++ b/crypto/sdf/sdf_lib.c
@@ -1330,3 +1330,38 @@ int SDF_DeleteFile(
 	return SDR_OK;
 }

+/* helpers */
+const char *SDF_GetErrorString(int err)
+{
+	return NULL;
+}
+
+int SDF_PrintDeviceInfo(FILE *fp, DEVICEINFO *devInfo)
+{
+	return 0;
+}
+
+int SDF_PrintECCPrivateKey(FILE *fp, ECCrefPrivateKey *privateKey)
+{
+	return 0;
+}
+
+int SDF_PrintECCPublicKey(FILE *fp, ECCrefPublicKey *publicKey)
+{
+	return 0;
+}
+
+int SDF_PrintRSAPrivateKey(FILE *fp, RSArefPrivateKey *privateKey)
+{
+	return 0;
+}
+
+int SDF_PrintRSAPublicKey(FILE *fp, RSArefPublicKey *publicKey)
+{
+	return 0;
+}
+
+
+
+
+
--- a/crypto/skf/skf_err.c
+++ b/crypto/skf/skf_err.c
@@ -0,0 +1,43 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/gmskf.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SKF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SKF,0,reason)
+
+static ERR_STRING_DATA SKF_str_functs[] = {
+    {ERR_FUNC(SKF_F_SKF_GETDEVINFO), "SKF_GetDevInfo"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA SKF_str_reasons[] = {
+    {ERR_REASON(SKF_R_NULL_ARGUMENT), "null argument"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SKF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(SKF_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, SKF_str_functs);
+        ERR_load_strings(0, SKF_str_reasons);
+    }
+#endif
+    return 1;
+}
--- a/include/openssl/gmskf.h
+++ b/include/openssl/gmskf.h
@@ -100,87 +100,10 @@ int ERR_load_SKF_strings(void);
 /* Error codes for the SKF functions. */

 /* Function codes. */
-# define SKF_F_SKF_CLOSEHANDLE                            100
-# define SKF_F_SKF_DECRYPT                                101
-# define SKF_F_SKF_DECRYPTFINAL                           102
-# define SKF_F_SKF_DECRYPTINIT                            103
-# define SKF_F_SKF_DECRYPTUPDATE                          104
-# define SKF_F_SKF_DIGEST                                 105
-# define SKF_F_SKF_DIGESTFINAL                            106
-# define SKF_F_SKF_DIGESTINIT                             107
-# define SKF_F_SKF_DIGESTUPDATE                           108
-# define SKF_F_SKF_ENCRYPT                                109
-# define SKF_F_SKF_ENCRYPTFINAL                           110
-# define SKF_F_SKF_ENCRYPTINIT                            111
-# define SKF_F_SKF_ENCRYPTUPDATE                          112
-# define SKF_F_SKF_EXTECCDECRYPT                          113
-# define SKF_F_SKF_EXTECCENCRYPT                          114
-# define SKF_F_SKF_EXTECCSIGN                             115
-# define SKF_F_SKF_EXTECCVERIFY                           116
-# define SKF_F_SKF_EXTRSAPRIKEYOPERATION                  117
-# define SKF_F_SKF_EXTRSAPUBKEYOPERATION                  118
-# define SKF_F_SKF_GENEXTECCKEYPAIR                       119
-# define SKF_F_SKF_GENEXTRSAKEY                           120
-# define SKF_F_SKF_GENRANDOM                              121
-# define SKF_F_SKF_GETDEVINFO                             122
-# define SKF_F_SKF_GETDEVSTATE                            123
-# define SKF_F_SKF_HANDLE_GET_CBCMAC_CTX                  124
-# define SKF_F_SKF_HANDLE_GET_CIPHER                      125
-# define SKF_F_SKF_HANDLE_GET_CIPHER_CTX                  126
-# define SKF_F_SKF_HANDLE_GET_CMAC_CTX                    134
-# define SKF_F_SKF_HANDLE_GET_KEY                         127
-# define SKF_F_SKF_HANDLE_GET_MD_CTX                      128
-# define SKF_F_SKF_MAC                                    129
-# define SKF_F_SKF_MACFINAL                               130
-# define SKF_F_SKF_MACINIT                                131
-# define SKF_F_SKF_MACUPDATE                              132
-# define SKF_F_SKF_SETSYMMKEY                             133
+# define SKF_F_SKF_GETDEVINFO                             100

 /* Reason codes. */
-# define SKF_R_BUFFER_TOO_SMALL                           100
-# define SKF_R_CTX_NOT_CREATED                            101
-# define SKF_R_DECRYPT_FAILED                             102
-# define SKF_R_ENCODE_CIPHERTEXT_FAILED                   103
-# define SKF_R_ENCODE_FAILED                              104
-# define SKF_R_ENCODE_SIGNATURE_FAILED                    105
-# define SKF_R_ENCRYPT_FAILED                             106
-# define SKF_R_FAIL                                       107
-# define SKF_R_GEN_RSA_FAILED                             108
-# define SKF_R_GET_PRIVATE_KEY_FAILED                     109
-# define SKF_R_GET_PUBLIC_KEY_FAILED                      110
-# define SKF_R_INVALID_ALGID                              111
-# define SKF_R_INVALID_ALGOR                              112
-# define SKF_R_INVALID_ARGUMENTS                          113
-# define SKF_R_INVALID_BLOB                               114
-# define SKF_R_INVALID_CIPHERTEXT                         115
-# define SKF_R_INVALID_CIPHERTEXT_LENGTH                  116
-# define SKF_R_INVALID_CIPHER_CTX_HANDLE                  117
-# define SKF_R_INVALID_DIGEST_LENGTH                      118
-# define SKF_R_INVALID_ECC_PRIVATE_KEY                    119
-# define SKF_R_INVALID_ECC_PUBLIC_KEY                     120
-# define SKF_R_INVALID_EC_PRIVATE_KEY                     121
-# define SKF_R_INVALID_EC_PUBLIC_KEY                      122
-# define SKF_R_INVALID_FEED_BIT_LENGTH                    123
-# define SKF_R_INVALID_HANDLE                             124
-# define SKF_R_INVALID_HANDLE_ALGOR                       125
-# define SKF_R_INVALID_HANDLE_MAGIC                       126
-# define SKF_R_INVALID_HANDLE_TYPE                        127
-# define SKF_R_INVALID_HASH_HANDLE                        128
-# define SKF_R_INVALID_ID_LENGTH                          129
-# define SKF_R_INVALID_INPUT_LENGTH                       130
-# define SKF_R_INVALID_IV_LENGTH                          131
-# define SKF_R_INVALID_KEY_HANDLE                         132
-# define SKF_R_INVALID_KEY_LENGTH                         133
-# define SKF_R_INVALID_MAC_HANDLE                         134
-# define SKF_R_INVALID_PLAINTEXT_LENGTH                   135
-# define SKF_R_INVALID_RANDOM_LENGTH                      136
-# define SKF_R_INVALID_RSA_PUBLIC_KEY                     137
-# define SKF_R_INVALID_SIGNATURE                          138
-# define SKF_R_MALLOC_FAILED                              139
-# define SKF_R_NO_PUBLIC_KEY                              140
-# define SKF_R_NULL_ARGUMENT                              141
-# define SKF_R_SIGN_FAILED                                142
-# define SKF_R_VERIFY_NOT_PASS                            143
+# define SKF_R_NULL_ARGUMENT                              100

 # ifdef  __cplusplus
 }