From df18c19abc181513511d73273a036907a99c96d3 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 26 Feb 2017 16:37:23 +0800 Subject: [PATCH] update gmapi --- crypto/objects/objects.txt | 2 - crypto/saf/saf_app.c | 1 + crypto/saf/saf_cert.c | 302 ++++++++++++++++++++++++++++++++++-- crypto/saf/saf_err.c | 24 ++- crypto/saf/saf_hash.c | 141 +++++++++++++++-- crypto/saf/saf_keyhandle.c | 121 ++++++++++++--- crypto/saf/saf_lcl.h | 5 + crypto/sdf/sdf_meth.c | 2 - crypto/skf/skf_lib.c | 1 + crypto/sms4/sms4_enc_avx2.c | 149 ++++++++++++++++++ crypto/sms4/sms4_enc_knc.c | 159 +++++++++++++++++++ engines/e_avx2.c | 28 +--- engines/e_sdf.c | 299 +++++++++++++++++++++++++++++++++++ engines/e_sdf.ec | 1 + engines/e_sdf_err.c | 86 ++++++++++ engines/e_sdf_err.h | 42 +++++ engines/e_skf.c | 293 ++++++++++++++++++++++++++++++++++ engines/e_skf.ec | 1 + include/openssl/gmsaf.h | 121 ++++++++------- include/openssl/saf.h | 2 +- include/openssl/sms4.h | 8 + 21 files changed, 1657 insertions(+), 131 deletions(-) create mode 100644 crypto/sms4/sms4_enc_avx2.c create mode 100644 crypto/sms4/sms4_enc_knc.c create mode 100755 engines/e_sdf.c create mode 100644 engines/e_sdf.ec create mode 100644 engines/e_sdf_err.c create mode 100644 engines/e_sdf_err.h create mode 100755 engines/e_skf.c create mode 100644 engines/e_skf.ec diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index dce57b44..efda31fb 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1611,5 +1611,3 @@ ibcs1 3 4 : r-ate-pairing sm-scheme 1000 : cpk sm-scheme 1001 : paillier - - diff --git a/crypto/saf/saf_app.c b/crypto/saf/saf_app.c index 9bbe105f..8eb75416 100644 --- a/crypto/saf/saf_app.c +++ b/crypto/saf/saf_app.c @@ -98,6 +98,7 @@ int SAF_Finalize( if (app->engine) { ENGINE_finish(app->engine); + ENGINE_free(app->engine); } OPENSSL_free(app); diff --git a/crypto/saf/saf_cert.c b/crypto/saf/saf_cert.c index 032d90ce..4cb1feec 100644 --- a/crypto/saf/saf_cert.c +++ b/crypto/saf/saf_cert.c @@ -54,7 +54,7 @@ #include #include #include "saf_lcl.h" - +#include "../../apps/apps.h" /* 7.2.2 */ int SAF_AddTrustedRootCaCertificate( @@ -62,7 +62,42 @@ int SAF_AddTrustedRootCaCertificate( unsigned char *pucCertificate, unsigned int uiCertificateLen) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + X509 *x509 = NULL; + BIO *bio = NULL; + + if (!hAppHandle || !pucCertificate) { + SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) { + SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + + if (!(bio = BIO_new_file(app->rootcacerts, "a"))) { + SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_BIO_LIB); + goto end; + } + + if (!(x509 = d2i_X509(NULL, &pucCertificate, uiCertificateLen))) { + SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE); + goto end; + } + + if (!PEM_write_bio_X509(bio, x509)) { + SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PEM_LIB); + goto end; + } + + ret = SAR_Ok; + +end: + X509_free(x509); + BIO_free(bio); + return ret; } /* 7.2.3 */ @@ -70,8 +105,26 @@ int SAF_GetRootCaCertificateCount( void *hAppHandle, unsigned int *puiCount) { - *puiCount = 0; - return SAR_Ok; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + STACK_OF(X509) *certs = NULL; + + if (!hAppHandle || !puiCount) { + SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) { + SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE); + goto end; + } + + *puiCount = sk_X509_num(certs); + ret = SAR_Ok; + +end: + sk_X509_free(certs); + return ret; } /* 7.2.4 */ @@ -81,7 +134,44 @@ int SAF_GetRootCaCertificate( unsigned char *pucCertificate, unsigned int *puiCertificateLen) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + STACK_OF(X509) *certs = NULL; + X509 *x509; + int len; + + if (!hAppHandle || !pucCertificate || !puiCertificateLen) { + SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, + "root ca certificates")) { + SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE); + goto end; + } + + if (!(x509 = sk_X509_value(certs, uiIndex))) { + SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_INVALID_INDEX); + goto end; + } + + if (*puiCertificateLen < i2d_X509(x509, NULL)) { + SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL); + ret = SAR_IndataLenErr; + goto end; + } + + if ((len = i2d_X509(x509, pucCertificate)) <= 0) { + SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_X509_LIB); + goto end; + } + + *puiCertificateLen = len; + ret = SAR_Ok; +end: + sk_X509_free(certs); + return ret; } /* 7.2.5 */ @@ -89,16 +179,91 @@ int SAF_RemoveRootCaCertificate( void *hAppHandle, unsigned int uiIndex) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + STACK_OF(X509) *certs = NULL; + X509 *x509 = NULL; + BIO *bio = NULL; + int i, err = 0; + + if (!hAppHandle) { + SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) { + SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE); + goto end; + } + + if (!(bio = BIO_new_file(app->rootcacerts, "w"))) { + SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_BIO_LIB); + goto end; + } + + if (!(x509 = sk_X509_delete(certs, uiIndex))) { + SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_INVALID_INDEX); + goto end; + } + + for (i = 0; i < sk_X509_num(certs); i++) { + if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) { + SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PEM_LIB); + err++; + } + } + + ret = SAR_Ok; + +end: + X509_free(x509); + sk_X509_free(certs); + BIO_free(bio); + return ret; } /* 7.2.6 */ int SAF_AddCaCertificate( void *hAppHandle, unsigned char *pucCertificate, - unsigned int *puiCertificateLen) + unsigned int uiCertificateLen) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + X509 *x509 = NULL; + BIO *bio = NULL; + + if (!hAppHandle || !pucCertificate) { + SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) { + SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + + if (!(bio = BIO_new_file(app->cacerts, "a"))) { + SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_BIO_LIB); + goto end; + } + + if (!(x509 = d2i_X509(NULL, &pucCertificate, uiCertificateLen))) { + SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE); + goto end; + } + + if (!PEM_write_bio_X509(bio, x509)) { + SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PEM_LIB); + goto end; + } + + ret = SAR_Ok; + +end: + X509_free(x509); + BIO_free(bio); + return ret; } /* 7.2.7 */ @@ -106,7 +271,26 @@ int SAF_GetCaCertificateCount( void *hAppHandle, unsigned int *puiCount) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + STACK_OF(X509) *certs = NULL; + + if (!hAppHandle || !puiCount) { + SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) { + SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE); + goto end; + } + + *puiCount = sk_X509_num(certs); + ret = SAR_Ok; + +end: + sk_X509_free(certs); + return ret; } /* 7.2.8 */ @@ -116,7 +300,43 @@ int SAF_GetCaCertificate( unsigned char *pucCertificate, unsigned int *puiCertificateLen) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + STACK_OF(X509) *certs = NULL; + X509 *x509; + int len; + + if (!hAppHandle || !pucCertificate || !puiCertificateLen) { + SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) { + SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE); + goto end; + } + + if (!(x509 = sk_X509_value(certs, uiIndex))) { + SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_INVALID_INDEX); + goto end; + } + + if (*puiCertificateLen < i2d_X509(x509, NULL)) { + SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL); + ret = SAR_IndataLenErr; + goto end; + } + + if ((len = i2d_X509(x509, pucCertificate)) <= 0) { + SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_X509_LIB); + goto end; + } + + *puiCertificateLen = len; + ret = SAR_Ok; +end: + sk_X509_free(certs); + return ret; } /* 7.2.9 */ @@ -124,7 +344,47 @@ int SAF_RemoveCaCertificate( void *hAppHandle, unsigned int uiIndex) { - return SAR_NotSupportYetErr; + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; + STACK_OF(X509) *certs = NULL; + X509 *x509 = NULL; + BIO *bio = NULL; + int i, err = 0; + + if (!hAppHandle) { + SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) { + SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE); + goto end; + } + + if (!(bio = BIO_new_file(app->rootcacerts, "w"))) { + SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_BIO_LIB); + goto end; + } + + if (!(x509 = sk_X509_delete(certs, uiIndex))) { + SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_INVALID_INDEX); + goto end; + } + + for (i = 0; i < sk_X509_num(certs); i++) { + if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) { + SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PEM_LIB); + err++; + } + } + + ret = SAR_Ok; + +end: + X509_free(x509); + sk_X509_free(certs); + BIO_free(bio); + return ret; } /* 7.2.10 */ @@ -133,6 +393,8 @@ int SAF_AddCrl( unsigned char *pucDerCrl, unsigned int uiDerCrlLen) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -142,6 +404,8 @@ int SAF_VerifyCertificate( unsigned char *pucUsrCertificate, unsigned int uiUsrCertificateLen) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -153,6 +417,8 @@ int SAF_VerifyCertificateByCrl( unsigned char *pucDerCrl, unsigned int uiDerCrlLen) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -179,6 +445,8 @@ int SAF_GetCertFromLdap( unsigned char *pucOutCert, unsigned int *puiOutCertLen) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -204,6 +472,8 @@ int SAF_GetCertificateInfo( unsigned char *pucInfo, unsigned int *puiInfoLen) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -218,6 +488,8 @@ int SAF_GetExtTypeInfo( unsigned char *pucInfo, unsigned int *puiInfoLen) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -226,6 +498,8 @@ int SAF_EnumCertificates( void *hAppHandle, SGD_USR_CERT_ENUMLIST *usrCerts) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -234,6 +508,8 @@ int SAF_EnumKeyContainerInfo( void *hAppHandle, SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -242,6 +518,8 @@ int SAF_EnumCertificatesFree( void *hAppHandle, SGD_USR_CERT_ENUMLIST *usrCerts) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } @@ -250,5 +528,7 @@ int SAF_EnumKeyContainerInfoFree( void *hAppHandle, SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo) { + int ret = SAR_UnknownErr; + SAF_APP *app = (SAF_APP *)hAppHandle; return SAR_NotSupportYetErr; } diff --git a/crypto/saf/saf_err.c b/crypto/saf/saf_err.c index 8fe3a94c..21f4d07c 100644 --- a/crypto/saf/saf_err.c +++ b/crypto/saf/saf_err.c @@ -19,6 +19,9 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_SAF,0,reason) static ERR_STRING_DATA SAF_str_functs[] = { + {ERR_FUNC(SAF_F_SAF_ADDCACERTIFICATE), "SAF_AddCaCertificate"}, + {ERR_FUNC(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE), + "SAF_AddTrustedRootCaCertificate"}, {ERR_FUNC(SAF_F_SAF_BASE64_CREATEBASE64OBJ), "SAF_Base64_CreateBase64Obj"}, {ERR_FUNC(SAF_F_SAF_BASE64_DECODE), "SAF_Base64_Decode"}, @@ -28,7 +31,9 @@ static ERR_STRING_DATA SAF_str_functs[] = { {ERR_FUNC(SAF_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"}, {ERR_FUNC(SAF_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"}, {ERR_FUNC(SAF_F_SAF_CHANGEPIN), "SAF_ChangePin"}, + {ERR_FUNC(SAF_F_SAF_CREATEHASHOBJ), "SAF_CreateHashObj"}, {ERR_FUNC(SAF_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"}, + {ERR_FUNC(SAF_F_SAF_DESTROYHASHOBJ), "SAF_DestroyHashObj"}, {ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"}, {ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENCBYCERT), "SAF_EccPublicKeyEncByCert"}, {ERR_FUNC(SAF_F_SAF_ECCSIGN), "SAF_EccSign"}, @@ -38,23 +43,35 @@ static ERR_STRING_DATA SAF_str_functs[] = { {ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"}, {ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"}, {ERR_FUNC(SAF_F_SAF_GENRSAKEYPAIR), "SAF_GenRsaKeyPair"}, + {ERR_FUNC(SAF_F_SAF_GETCACERTIFICATE), "SAF_GetCaCertificate"}, + {ERR_FUNC(SAF_F_SAF_GETCACERTIFICATECOUNT), "SAF_GetCaCertificateCount"}, {ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"}, + {ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATE), "SAF_GetRootCaCertificate"}, + {ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATECOUNT), + "SAF_GetRootCaCertificateCount"}, {ERR_FUNC(SAF_F_SAF_GETRSAPUBLICKEY), "SAF_GetRsaPublicKey"}, {ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"}, - {ERR_FUNC(SAF_F_SAF_IMPORTENCEDKEY), "SAF_ImportEncedKey"}, + {ERR_FUNC(SAF_F_SAF_HASH), "SAF_Hash"}, + {ERR_FUNC(SAF_F_SAF_HASHFINAL), "SAF_HashFinal"}, + {ERR_FUNC(SAF_F_SAF_HASHUPDATE), "SAF_HashUpdate"}, {ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"}, + {ERR_FUNC(SAF_F_SAF_KEY_NEW), "SAF_KEY_new"}, {ERR_FUNC(SAF_F_SAF_LOGIN), "SAF_Login"}, {ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"}, {ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"}, {ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"}, {ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA), "SAF_Pkcs7_EncodeEnvelopedData"}, + {ERR_FUNC(SAF_F_SAF_REMOVECACERTIFICATE), "SAF_RemoveCaCertificate"}, + {ERR_FUNC(SAF_F_SAF_REMOVEROOTCACERTIFICATE), + "SAF_RemoveRootCaCertificate"}, {ERR_FUNC(SAF_F_SAF_RSASIGN), "SAF_RsaSign"}, {ERR_FUNC(SAF_F_SAF_RSAVERIFYSIGN), "SAF_RsaVerifySign"}, {ERR_FUNC(SAF_F_SAF_SYMMDECRYPTFINAL), "SAF_SymmDecryptFinal"}, {ERR_FUNC(SAF_F_SAF_SYMMDECRYPTUPDATE), "SAF_SymmDecryptUpdate"}, {ERR_FUNC(SAF_F_SAF_SYMMENCRYPTFINAL), "SAF_SymmEncryptFinal"}, {ERR_FUNC(SAF_F_SAF_SYMMENCRYPTUPDATE), "SAF_SymmEncryptUpdate"}, + {ERR_FUNC(SAF_F_SAF_SYMMKEYOBJ_DUP), "SAF_SYMMKEYOBJ_dup"}, {ERR_FUNC(SAF_F_SAF_VERIFYSIGNBYCERT), "SAF_VerifySignByCert"}, {0, NULL} }; @@ -65,18 +82,19 @@ static ERR_STRING_DATA SAF_str_reasons[] = { {ERR_REASON(SAF_R_DECRYPT_NOT_INITIALIZED), "decrypt not initialized"}, {ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"}, {ERR_REASON(SAF_R_ENCRYPT_NOT_INITIALIED), "encrypt not initialied"}, - {ERR_REASON(SAF_R_GEN_RANDOM), "gen random"}, {ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"}, {ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"}, {ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"}, {ERR_REASON(SAF_R_INVALID_CERTIFICATE), "invalid certificate"}, - {ERR_REASON(SAF_R_INVALID_CONTEXT), "invalid context"}, {ERR_REASON(SAF_R_INVALID_HANDLE), "invalid handle"}, + {ERR_REASON(SAF_R_INVALID_INDEX), "invalid index"}, {ERR_REASON(SAF_R_INVALID_INPUT_LENGTH), "invalid input length"}, {ERR_REASON(SAF_R_INVALID_KEY_HANDLE), "invalid key handle"}, {ERR_REASON(SAF_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"}, {ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"}, + {ERR_REASON(SAF_R_INVALID_PUBLIC_KEY), "invalid public key"}, + {ERR_REASON(SAF_R_LOAD_CERTS_FAILURE), "load certs failure"}, {ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"}, {ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"}, {ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED), diff --git a/crypto/saf/saf_hash.c b/crypto/saf/saf_hash.c index 46b9c6b3..c353e325 100644 --- a/crypto/saf/saf_hash.c +++ b/crypto/saf/saf_hash.c @@ -52,6 +52,7 @@ #include #include #include +#include #include "saf_lcl.h" /* 7.3.12 */ @@ -60,31 +61,84 @@ int SAF_CreateHashObj(void **phHashObj, unsigned char *pucPublicKey, unsigned int uiPublicKeyLen, unsigned char *pucID, - unsigned int ulIDLen) + unsigned int uiIDLen) { int ret = SAR_UnknownErr; const EVP_MD *md; EVP_MD_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + + if (!phHashObj) { + SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } if (!(md = EVP_get_digestbysgd(uiAlgoType))) { + SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_ALGOR); return SAR_AlgoTypeErr; } if (!(ctx = EVP_MD_CTX_new())) { - return 0; + SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_MALLOC_FAILURE); + goto end; } - if (!EVP_DigestInit(ctx, md)) { - return 0; + /* limitation of the SAF hashing: + * can not specify an engine, only use the default implementation + */ + if (!EVP_DigestInit_ex(ctx, md, NULL)) { + SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB); + goto end; + } + + if (pucPublicKey) { + unsigned char dgst[EVP_MAX_MD_SIZE]; + size_t dgstlen = sizeof(dgst); + + if (!pucID) { + SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER); + ret = SAR_IndataErr; + goto end; + } + + if (uiIDLen <= 0 || uiIDLen > SM2_MAX_ID_LENGTH + || strlen((char *)pucID) != uiIDLen + || uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) { + SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_INPUT_LENGTH); + ret = SAR_IndataLenErr; + goto end; + } + + if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen)) + || EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { + SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_PUBLIC_KEY); + ret = SAR_IndataErr; + goto end; + } + + if (!SM2_compute_id_digest(md, (char *)pucID, uiIDLen, dgst, &dgstlen, + EVP_PKEY_get0_EC_KEY(pkey))) { + SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EC_LIB); + goto end; + } + + if (!EVP_DigestUpdate(ctx, dgst, dgstlen)) { + SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB); + goto end; + } } *phHashObj = ctx; + ctx = NULL; + + ret = SAR_Ok; end: if (ret != SAR_Ok) { - EVP_MD_CTX_free(ctx); *phHashObj = NULL; } + EVP_MD_CTX_free(ctx); + EVP_PKEY_free(pkey); return ret; } @@ -92,6 +146,10 @@ end: int SAF_DestroyHashObj( void *phHashObj) { + if (!phHashObj) { + SAFerr(SAF_F_SAF_DESTROYHASHOBJ, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } EVP_MD_CTX_free((EVP_MD_CTX *)phHashObj); return SAR_Ok; } @@ -102,9 +160,21 @@ int SAF_HashUpdate( const unsigned char *pucInData, unsigned int uiInDataLen) { - if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, (size_t)uiInDataLen)) { + if (!phHashObj || pucInData) { + SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) { + SAFerr(SAF_F_SAF_HASHUPDATE, SAF_R_INVALID_INPUT_LENGTH); + return SAR_IndataLenErr; + } + + if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, uiInDataLen)) { + SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_EVP_LIB); return SAR_HashErr; } + return SAR_Ok; } @@ -113,9 +183,21 @@ int SAF_HashFinal(void *phHashObj, unsigned char *pucOutData, unsigned int *uiOutDataLen) { - if (!EVP_DigestFinal((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) { + if (!phHashObj || !pucOutData || !uiOutDataLen) { + SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_PASSED_NULL_PARAMETER); + return SAR_IndataErr; + } + + if (*uiOutDataLen < EVP_MAX_MD_SIZE) { + SAFerr(SAF_F_SAF_HASHFINAL, SAF_R_BUFFER_TOO_SMALL); + return SAR_IndataLenErr; + } + + if (!EVP_DigestFinal_ex((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) { + SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_EVP_LIB); return SAR_HashErr; } + return SAR_Ok; } @@ -127,21 +209,50 @@ int SAF_Hash( unsigned char *pucPublicKey, unsigned int uiPublicKeyLen, unsigned char *pubID, - unsigned int ulIDLen, + unsigned int uiIDLen, unsigned char *pucOutData, unsigned int *puiOutDataLen) { - const EVP_MD *md; - size_t siz; + int ret; + void *hHashObj = NULL; - if (!(md = EVP_get_digestbysgd(uiAlgoType))) { - return SAR_AlgoTypeErr; + if ((ret = SAF_CreateHashObj( + &hHashObj, + uiAlgoType, + pucPublicKey, + uiPublicKeyLen, + pubID, + uiIDLen)) != SAR_Ok) { + SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB); + return ret; } - siz = (size_t)uiInDataLen; - if (!EVP_Digest(pucInData, siz, pucOutData, puiOutDataLen, md, NULL)) { - return SAR_HashErr; + if ((ret = SAF_HashUpdate( + hHashObj, + pucInData, + uiInDataLen)) != SAR_Ok) { + SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB); + goto err; + } + + if ((ret = SAF_HashFinal( + hHashObj, + pucOutData, + puiOutDataLen)) != SAR_Ok) { + SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB); + goto err; + } + + if ((ret = SAF_DestroyHashObj( + hHashObj)) != SAR_Ok) { + SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB); + return ret; } return SAR_Ok; + +err: + /* keep the first error */ + (void)SAF_DestroyHashObj(hHashObj); + return ret; } diff --git a/crypto/saf/saf_keyhandle.c b/crypto/saf/saf_keyhandle.c index 634d8880..fbb172ac 100644 --- a/crypto/saf/saf_keyhandle.c +++ b/crypto/saf/saf_keyhandle.c @@ -51,6 +51,7 @@ #include #include #include +#include #include "saf_lcl.h" /* 7.3.31 */ @@ -82,26 +83,6 @@ int SAF_GenerateKeyWithEPK( return SAR_IndataLenErr; } -/* - 65 typedef struct { - 66 SAF_APP *app; - 67 unsigned char *pucContainerName; - 68 unsigned int uiContainerLen; - 69 unsigned char *pucIV; - 70 unsigned int uiIVLen; - 71 unsigned int uiEncOrDec; - 72 unsigned int uiCryptoAlgID; - 73 } SAF_SYMMKEYOBJ; - 74 - 75 typedef struct { - 76 SAF_SYMMKEYOBJ *hSymmKeyObj; - 77 unsigned char key[64]; - 78 int keylen; - 79 EVP_CIPHER_CTX *cipher_ctx; - 80 CMAC_CTX *cmac_ctx; - 81 } SAF_KEY; -*/ - outlen = (size_t)*puiSymmKeyLen; if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID)) || !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher)) @@ -128,6 +109,87 @@ end: return ret; } +/* + 65 typedef struct { + 66 SAF_APP *app; + 67 unsigned char *pucContainerName; + 68 unsigned int uiContainerLen; + 69 unsigned char *pucIV; + 70 unsigned int uiIVLen; + 71 unsigned int uiEncOrDec; + 72 unsigned int uiCryptoAlgID; + 73 } SAF_SYMMKEYOBJ; + 74 + 75 typedef struct { + 76 SAF_SYMMKEYOBJ *hSymmKeyObj; + 77 unsigned char key[64]; + 78 int keylen; + 79 EVP_CIPHER_CTX *cipher_ctx; + 80 CMAC_CTX *cmac_ctx; + 81 } SAF_KEY; +*/ + +SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *hSymmKeyObj) +{ + SAF_KEY *ret = NULL; + SAF_KEY *key = NULL; + + if (!(key = OPENSSL_zalloc(sizeof(*key))) + || !(key->hSymmKeyObj = SAF_SYMMKEYOBJ_dup(hSymmKeyObj))) { + SAFerr(SAF_F_SAF_KEY_NEW, ERR_R_MALLOC_FAILURE); + goto end; + } + + ret = key; + key = NULL; + +end: + SAF_KEY_free(key); + return ret; +} + +void SAF_KEY_free(SAF_KEY *key) +{ + if (key) { + SAF_SYMMKEYOBJ_free(key->hSymmKeyObj); + } + OPENSSL_clear_free(key, sizeof(*key)); +} + +SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a) +{ + SAF_SYMMKEYOBJ *ret = NULL; + SAF_SYMMKEYOBJ *obj = NULL; + + if (!(obj = OPENSSL_zalloc(sizeof(*obj))) + || !(obj->pucContainerName = OPENSSL_memdup(a->pucContainerName, a->uiContainerLen)) + || !(obj->pucIV = OPENSSL_memdup(a->pucIV, a->uiIVLen))) { + SAFerr(SAF_F_SAF_SYMMKEYOBJ_DUP, ERR_R_MALLOC_FAILURE); + goto end; + } + + obj->uiContainerLen = a->uiContainerLen; + obj->uiIVLen = a->uiIVLen; + obj->uiEncOrDec = a->uiEncOrDec; + obj->uiCryptoAlgID = a->uiCryptoAlgID; + + ret = obj; + obj = NULL; + +end: + SAF_SYMMKEYOBJ_free(obj); + return ret; +} + +void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *obj) +{ + if (obj) { + OPENSSL_free(obj->pucContainerName); + OPENSSL_free(obj->pucIV); + OPENSSL_free(obj); + } +} + /* 7.3.32 */ int SAF_ImportEncedKey( void *hSymmKeyObj, @@ -135,8 +197,23 @@ int SAF_ImportEncedKey( unsigned int uiSymmKeyLen, void **phKeyHandle) { - SAFerr(SAF_F_SAF_IMPORTENCEDKEY, SAF_R_NOT_SUPPORTED); - return SAR_NotSupportYetErr; + SAF_KEY *hkey = NULL; + SAF_SYMMKEYOBJ *hobj = (SAF_SYMMKEYOBJ *)hSymmKeyObj; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + char key_id[1024]; + + snprintf(key_id, sizeof(key_id), "%s.enc", hobj->pucContainerName); + + if (!(pkey = ENGINE_load_private_key(hobj->app->engine, key_id, NULL, NULL)) + || !(pctx = EVP_PKEY_CTX_new(pkey, hobj->app->engine)) + || EVP_PKEY_decrypt_init(pctx) <= 0 + || EVP_PKEY_decrypt(pctx, hkey->key, &hkey->keylen, pucSymmKey, uiSymmKeyLen) <= 0) { + goto end; + } + +end: + return 0; } /* 7.3.37 */ diff --git a/crypto/saf/saf_lcl.h b/crypto/saf/saf_lcl.h index 55f6040b..7a0caf4b 100644 --- a/crypto/saf/saf_lcl.h +++ b/crypto/saf/saf_lcl.h @@ -55,6 +55,8 @@ typedef struct saf_app_st { ENGINE *engine; + char *rootcacerts; + char *cacerts; } SAF_APP; typedef struct { @@ -80,5 +82,8 @@ typedef struct { CMAC_CTX *cmac_ctx; } SAF_KEY; +SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *obj); +void SAF_KEY_free(SAF_KEY *key); + SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a); void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *a); diff --git a/crypto/sdf/sdf_meth.c b/crypto/sdf/sdf_meth.c index 65630619..fde132b4 100644 --- a/crypto/sdf/sdf_meth.c +++ b/crypto/sdf/sdf_meth.c @@ -56,8 +56,6 @@ SDF_METHOD *SDF_METHOD_load_library(const char *so_path) SDF_METHOD *ret = NULL; SDF_METHOD *sdf = NULL; DSO *dso = NULL; - void *func; - int i; if (!(dso = DSO_load(NULL, so_path, NULL, 0))) { goto end; diff --git a/crypto/skf/skf_lib.c b/crypto/skf/skf_lib.c index 421484dd..0a298472 100644 --- a/crypto/skf/skf_lib.c +++ b/crypto/skf/skf_lib.c @@ -67,6 +67,7 @@ ULONG SKF_LoadLibrary(const char *so_path) ULONG SKF_UnloadLibrary(void) { skf_method = NULL; + return 0; } diff --git a/crypto/sms4/sms4_enc_avx2.c b/crypto/sms4/sms4_enc_avx2.c new file mode 100644 index 00000000..2131d4f3 --- /dev/null +++ b/crypto/sms4/sms4_enc_avx2.c @@ -0,0 +1,149 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#include +#include +#include "sms4_lcl.h" + +static __m256i mask_ffff; +static __m256i vindex_0s; +static __m256i vindex_4i; +static __m256i vindex_swap; +static __m256i vindex_read; + + +void sms4_avx2_encrypt_init(sms4_key_t *key) +{ + mask_ffff = _mm256_set1_epi32(0xffff); + vindex_0s = _mm256_set1_epi32(0); + vindex_4i = _mm256_setr_epi32(0,4,8,12,16,20,24,28); + vindex_read = _mm256_setr_epi32(0,8,16,24,1,9,17,25); + vindex_swap = _mm256_setr_epi8( + 3,2,1,0,7,6,5,4,11,10,9,8,15,14,13,12, + 3,2,1,0,7,6,5,4,11,10,9,8,15,14,13,12 + ); + sms4_init_sbox32(); +} + +#define GET_BLKS(x0, x1, x2, x3, in) \ + t0 = _mm256_i32gather_epi32((int *)(in+4*0), vindex_4i, 4); \ + t1 = _mm256_i32gather_epi32((int *)(in+4*1), vindex_4i, 4); \ + t2 = _mm256_i32gather_epi32((int *)(in+4*2), vindex_4i, 4); \ + t3 = _mm256_i32gather_epi32((int *)(in+4*3), vindex_4i, 4); \ + x0 = _mm256_shuffle_epi8(t0, vindex_swap); \ + x1 = _mm256_shuffle_epi8(t1, vindex_swap); \ + x2 = _mm256_shuffle_epi8(t2, vindex_swap); \ + x3 = _mm256_shuffle_epi8(t3, vindex_swap) + +#define PUT_BLKS(out, x0, x1, x2, x3) \ + t0 = _mm256_shuffle_epi8(x0, vindex_swap); \ + t1 = _mm256_shuffle_epi8(x1, vindex_swap); \ + t2 = _mm256_shuffle_epi8(x2, vindex_swap); \ + t3 = _mm256_shuffle_epi8(x3, vindex_swap); \ + _mm256_storeu_si256((__m256i *)(out+32*0), t0); \ + _mm256_storeu_si256((__m256i *)(out+32*1), t1); \ + _mm256_storeu_si256((__m256i *)(out+32*2), t2); \ + _mm256_storeu_si256((__m256i *)(out+32*3), t3); \ + x0 = _mm256_i32gather_epi32((int *)(in+32*0), vindex_read, 4); \ + x1 = _mm256_i32gather_epi32((int *)(in+32*1), vindex_read, 4); \ + x2 = _mm256_i32gather_epi32((int *)(in+32*2), vindex_read, 4); \ + x3 = _mm256_i32gather_epi32((int *)(in+32*3), vindex_read, 4); \ + _mm256_storeu_si256((__m256i *)(out+2*0), x0); \ + _mm256_storeu_si256((__m256i *)(out+2*1), x1); \ + _mm256_storeu_si256((__m256i *)(out+2*2), x2); \ + _mm256_storeu_si256((__m256i *)(out+2*3), x3) + +#define S(x0, t0, t1, t2) \ + t0 = _mm256_and_si256(x0, mask_ffff); \ + t1 = _mm256_i32gather_epi32(SBOX32L, t0, 4); \ + t0 = _mm256_srli_epi32(x0, 16); \ + t2 = _mm256_i32gather_epi32(SBOX32H, t0, 4); \ + x0 = _mm256_xor_si256(t1, t2) + +#define ROT(r0, x0, i, t0, t1) \ + t0 = _mm256_slli_epi32(x0, i); \ + t1 = _mm256_srli_epi32(x0,32-i); \ + r0 = _mm256_xor_si256(t0, t1) + +#define L(x0, t0, t1, t2, t3, t4) \ + ROT(t0, x0, 2, t2, t3); \ + ROT(t1, x0, 10, t2, t3); \ + t4 = _mm256_xor_si256(t0, t1); \ + ROT(t0, x0, 18, t2, t3); \ + ROT(t1, x0, 24, t2, t3); \ + t3 = _mm256_xor_si256(t0, t1); \ + t2 = _mm256_xor_si256(x0, t3); \ + x0 = _mm256_xor_si256(t2, t4) + +#define ROUND(x0, x1, x2, x3, x4, i) \ + t0 = _mm256_i32gather_epi32(rk+i, vindex_0s, 4); \ + t1 = _mm256_xor_si256(x1, x2); \ + t2 = _mm256_xor_si256(x3, t0); \ + t0 = _mm256_xor_si256(t1, t2); \ + S(t0, x4, t1, t2); \ + L(t0, x4, t1, t2, t3, t4); \ + x4 = _mm256_xor_si256(x0, t0); + + +void sms4_avx2_encrypt_8blocks(const unsigned char *in, unsigned char *out, const sms4_key_t *key) +{ + const int *rk = (int *)key->rk; + __m256i x0, x1, x2, x3, x4; + __m256i t0, t1, t2, t3, t4; + GET_BLKS(x0, x1, x2, x3, in); + ROUNDS(x0, x1, x2, x3, x4); + PUT_BLKS(out, x0, x4, x3, x2); +} + +void sms4_avx2_encrypt_16blocks(const unsigned char *in, unsigned char *out, const sms4_key_t *key) +{ + sms4_encrypt_8blocks(key, in, out); + sms4_encrypt_8blocks(key, in + 16*8, out + 16*8); +} diff --git a/crypto/sms4/sms4_enc_knc.c b/crypto/sms4/sms4_enc_knc.c new file mode 100644 index 00000000..a5e10397 --- /dev/null +++ b/crypto/sms4/sms4_enc_knc.c @@ -0,0 +1,159 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#include +#include +#include +#include "sms4_lcl.h" + + +static __m512i mask_ff00; +static __m512i mask_ffff; +static __m512i mask_ff0000; +static __m512i vindex_0s; +static __m512i vindex_4i; + + +void sms4_knc_encrypt_init(sms4_key_t *key) +{ + uint64_t value[sizeof(__m512i)/sizeof(uint64_t)]; + int *p = (int *)value; + + for (i = 0; i < 16; i++) + p[i] = 0xff00; + mask_ff00 = _mm512_load_epi32(value); + + for (i = 0; i < 16; i++) + p[i] = 0xffff; + mask_ffff = _mm512_load_epi32(value); + + for (i = 0; i < 16; i++) + p[i] = 0xff0000; + mask_ff0000 = _mm512_load_epi32(value); + + for (i = 0; i < 16; i++) + p[i] = 0; + vindex_0s = _mm512_load_epi32(value); + + for (i = 0; i < 16; i++) + p[i] = 4 * i; + vindex_4i = _mm512_load_epi32(value); + + sms4_init_sbox32(); +} + +#define SWAP32(x) \ + t0 = _mm512_slli_epi32(x, 24); \ + t1 = _mm512_srli_epi32(x, 24); \ + t2 = _mm512_or_epi32(t0, t1); \ + t0 = _mm512_slli_epi32(x, 8); \ + t1 = _mm512_and_epi32(t0, mask_ff0000); \ + t0 = _mm512_or_epi32(t2, t1); \ + t1 = _mm512_srli_epi32(x, 8); \ + t2 = _mm512_and_epi32(t1, mask_ff00); \ + x = _mm512_or_epi32(t0, t2) + +#define GET_BLKS(x0, x1, x2, x3, in) \ + x0 = _mm512_i32gather_epi32(vindex_4i, in+4*0, 4); \ + x1 = _mm512_i32gather_epi32(vindex_4i, in+4*1, 4); \ + x2 = _mm512_i32gather_epi32(vindex_4i, in+4*2, 4); \ + x3 = _mm512_i32gather_epi32(vindex_4i, in+4*3, 4); \ + SWAP32(x0); SWAP32(x1); SWAP32(x2); SWAP32(x3) + +#define PUT_BLKS(out, x0, x1, x2, x3) \ + SWAP32(x0); SWAP32(x1); SWAP32(x2); SWAP32(x3); \ + _mm512_i32scatter_epi32(out+4*0, vindex_4i, x0, 4); \ + _mm512_i32scatter_epi32(out+4*1, vindex_4i, x1, 4); \ + _mm512_i32scatter_epi32(out+4*2, vindex_4i, x2, 4); \ + _mm512_i32scatter_epi32(out+4*3, vindex_4i, x3, 4) + +#define S(x0, t0, t1, t2) \ + t0 = _mm512_and_epi32(x0, mask_ffff); \ + t1 = _mm512_i32gather_epi32(t0, SBOX32L, 4); \ + t0 = _mm512_srli_epi32(x0, 16); \ + t2 = _mm512_i32gather_epi32(t0, SBOX32H, 4); \ + x0 = _mm512_xor_epi32(t1, t2) + +#define ROT(r0, x0, i, t0, t1) \ + t0 = _mm512_slli_epi32(x0, i); \ + t1 = _mm512_srli_epi32(x0, 32-i); \ + r0 = _mm512_xor_epi32(t0, t1) + +#define L(x0, t0, t1, t2, t3, t4) \ + ROT(t0, x0, 2, t2, t3); \ + ROT(t1, x0, 10, t2, t3); \ + t4 = _mm512_xor_epi32(t0, t1); \ + ROT(t0, x0, 18, t2, t3); \ + ROT(t1, x0, 24, t2, t3); \ + t3 = _mm512_xor_epi32(t0, t1); \ + t2 = _mm512_xor_epi32(x0, t3); \ + x0 = _mm512_xor_epi32(t2, t4) + +#define ROUND(x0, x1, x2, x3, x4, i) \ + t0 = _mm512_i32gather_epi32(vindex_0s, rk+i*4, 4); \ + t1 = _mm512_xor_epi32(x1, x2); \ + t2 = _mm512_xor_epi32(x3, t0); \ + t0 = _mm512_xor_epi32(t1, t2); \ + S(t0, x4, t1, t2); \ + L(t0, x4, t1, t2, t3, t4); \ + x4 = _mm512_xor_epi32(x0, t0) + + +void sms4_knc_encrypt_16blocks(sms4_key_t *key, const unsigned char *in, unsigned char *out) +{ + int *rk = (int *)key->rk; + __m512i x0, x1, x2, x3, x4; + __m512i t0, t1, t2, t3, t4; + + GET_BLKS(x0, x1, x2, x3, in); + ROUNDS(x0, x1, x2, x3, x4, ROUND); + PUT_BLKS(out, x2, x3, x4, x0); +} + diff --git a/engines/e_avx2.c b/engines/e_avx2.c index 20c1479f..b227241c 100644 --- a/engines/e_avx2.c +++ b/engines/e_avx2.c @@ -57,22 +57,12 @@ static const char *avx2_id = "avx2"; static const char *avx2_name = "ENGINE with Intel AVX2 Intructions"; -#define SDF_CMD_STRING ENGINE_CMD_BASE -#define SDF_CMD_NUMERIC (ENGINE_CMD_BASE + 1) -#define SDF_CMD_NO_INPUT (ENGINE_CMD_BASE + 2) +#define SDF_CMD_CPUID ENGINE_CMD_BASE static const ENGINE_CMD_DEFN avx2_cmd_defns[] = { - {SDF_CMD_STRING, - "STRING", - "Specifies the path to the vendor's SDF shared library", - ENGINE_CMD_FLAG_STRING}, - {SDF_CMD_NUMERIC, - "NUMERIC", - "Connect SKF device with device name", - ENGINE_CMD_FLAG_NUMERIC}, - {SDF_CMD_NO_INPUT, - "NO_INPUT", - "Example NO_INPUT", + {SDF_CMD_CPUID, + "CPUID", + "Show CPUID", ENGINE_CMD_FLAG_NO_INPUT}, {0, NULL, NULL, 0}, }; @@ -80,14 +70,8 @@ static const ENGINE_CMD_DEFN avx2_cmd_defns[] = { static int avx2_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { switch (cmd) { - case SDF_CMD_STRING: - printf("cmd = %s\n", (char *)p); - break; - case SDF_CMD_NUMERIC: - printf("cmd = %d\n", (int)i); - break; - case SDF_CMD_NO_INPUT: - printf("cmd = (null)\n"); + case SDF_CMD_CPUID: + printf("not implemented\n"); break; default: printf("unknown cmd\n"); diff --git a/engines/e_sdf.c b/engines/e_sdf.c new file mode 100755 index 00000000..265ba997 --- /dev/null +++ b/engines/e_sdf.c @@ -0,0 +1,299 @@ +/* ==================================================================== + * Copyright (c) 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +static const SDF_METHOD *sdf_meth; + +static const char *sdf_id = "sdf"; +static const char *sdf_name = "ENGINE connect to SDF Devices"; + +#define SDF_CMD_SO_PATH ENGINE_CMD_BASE + +static const ENGINE_CMD_DEFN sdf_cmd_defns[] = { + {SDF_CMD_SO_PATH, + "SO_PATH", + "Specifies the path to the vendor's SDF shared library", + ENGINE_CMD_FLAG_STRING}, + {0, NULL, NULL, 0}, +}; + +static int sdf_load_library(const char *so_path) +{ + sdf_meth = SDF_METHOD_load_library(so_path); + return 1; +} + +static int sdf_open_device() +{ + int rv; + if ((rv = sdf_meth->OpenDevice(&hDevice)) != SDR_OK) { + ESDFerr(ESDF_F_SDF_OPEN_DEVICE, ESDF_R_OPEN_DEVICE_FAILURE); + fprintf(stderr, "so_path: %s\n", SDF_GetErrorString(rv)); + return 0; + } + if ((rv = sdf_meth->OpenSession(hDevice, &hSession)) != SDR_OK) { + ESDFerr(ESDF_F_SDF_OPEN_DEVICE, ESDF_R_OPEN_SESSION_FAILURE); + fprintf(stderr, "so_path: %s\n", SDF_GetErrorString(rv)); + return 0; + } + + return 1; +} + +static int sdf_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) +{ + switch (cmd) { + case SDF_CMD_SO_PATH: + so_path = (char *)p; + sdf_load_library(so_path); + break; + default: + printf("unknown cmd\n"); + return 0; + } + return 1; +} + +static int sdf_ec_idx = -1; +static const EC_KEY_METHOD *sdf_ec_method = NULL; + +static ECDSA_SIG *sdf_ec_sign_sig(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *ec_key) +{ + unsigned int key_index; + ECCSignature sigbuf; + + rv = sdf_meth->InternalSign_ECC( + hSession, + key_index, + dgst, + dgstlen, + &sigbuf); + + return ret; +} + +const EC_KEY_METHOD *sdf_get_ec_method(void) +{ + EC_KEY_METHOD *ret = NULL; + + if (sdf_ec_method) { + return sdf_ec_method; + } + + if (!(ret = EC_KEY_METHOD_new(EC_KEY_OpenSSL()))) { + return NULL; + } + + EC_KEY_METHOD_set_sign(ret, NULL, NULL, sdf_ec_sign_sig); + + sdf_ec_method = ret; + return ret; +} + +static EVP_PKEY *sdf_load_privkey(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) +{ + UI *ui = NULL; + char buf1[256]; + char buf2[256]; + int r; + char *password; + ECCrefPublicKey keybuf; + + ui = UI_new_method(ui_method); + + if ((r = UI_add_input_string(ui, "> ", 0, buf1, 0, sizeof(buf1)-1)) < 0) { + goto end; + } + if (UI_process(ui) < 0) { + } + + password = UI_get0_result(ui, 0); + + + sdf_meth->GetPrivateKeyAccessRight( + hSession, + key_index, + password, + strlen(password)); + + sdf_meth->ExportSignPublicKey_ECC( + hSession, + key_index, + &keybuf); + + ec_key = EC_KEY_new_by_ECCrefPublicKey(&keybuf); + + EVP_PKEY_set0_EC(ret, ec_key); + + return NULL; +} + +static EVP_PKEY *sdf_load_pubkey(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) +{ + EVP_PKEY *ret = NULL; + int rv; + + unsigned int index; + int is_sign_key; + RSArefPublicKey publicKey; + + parse_key_id(key_id, &index, &is_sign_key); + + rv = SDF_OpenSession(hDevice, &hSession); + + if (is_sign_key) { + rv = SDF_ExportSignPublicKey_RSA(hSession, index, &publicKey); + } else { + rv = SDF_ExportEncPublicKey_RSA(hSession, index, &publicKey); + } + + return NULL; +} + +static int sdf_destroy(ENGINE *e) +{ + return 1; +} + +static void *hDevice = NULL; +static void *hSession = NULL; + +static int sdf_init(ENGINE *e) +{ + sdf_meth = NULL; + return 1; +} + +static int sdf_finish(ENGINE *e) +{ + if (hSession) { + sdf_meth->CloseSession(hSession); + hSession = NULL; + } + + if (hDevice) { + sdf_meth->CloseDevice(hDevice); + } + return 1; +} + +static int bind_sdf(ENGINE *e) +{ + if (!ENGINE_set_id(e, sdf_id) + || !ENGINE_set_name(e, sdf_name) + || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) + || !ENGINE_set_cmd_defns(e, sdf_cmd_defns) + || !ENGINE_set_ctrl_function(e, sdf_ctrl) + || !ENGINE_set_init_function(e, sdf_init) + || !ENGINE_set_finish_function(e, sdf_finish) + || !ENGINE_set_destroy_function(e, sdf_destroy) + || !ENGINE_set_load_privkey_function(e, sdf_load_privkey) + || !ENGINE_set_load_pubkey_function(e, sdf_load_pubkey) + || !ENGINE_set_EC(e, sdf_get_ec_method())) { + return 0; + } + + return 1; +} + +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +static int bind_helper(ENGINE *e, const char *id) +{ + if (id && strcmp(id, sdf_id) != 0) { + return 0; + } + if (!bind_sdf(e)) { + return 0; + } + return 1; +} + +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) + +#else + +static ENGINE *engine_sdf(void) +{ + ENGINE *ret = NULL; + if (!(ret = ENGINE_new())) { + return NULL; + } + if (!bind_sdf(ret)) { + ENGINE_free(ret); + return NULL; + } + return ret; +} + +void engine_load_sdf_int(void) +{ + ENGINE *eng = NULL; + if (!(eng = engine_sdf())) { + return; + } + ENGINE_add(eng); + ENGINE_free(eng); + ERR_clear_error(); +} +#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ diff --git a/engines/e_sdf.ec b/engines/e_sdf.ec new file mode 100644 index 00000000..a251265a --- /dev/null +++ b/engines/e_sdf.ec @@ -0,0 +1 @@ +L ESDF e_sdf_err.h e_sdf_err.c diff --git a/engines/e_sdf_err.c b/engines/e_sdf_err.c new file mode 100644 index 00000000..aa0fbdab --- /dev/null +++ b/engines/e_sdf_err.c @@ -0,0 +1,86 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "e_sdf_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +# define ERR_FUNC(func) ERR_PACK(0,func,0) +# define ERR_REASON(reason) ERR_PACK(0,0,reason) + +static ERR_STRING_DATA ESDF_str_functs[] = { + {ERR_FUNC(ESDF_F_SDF_OPEN_DEVICE), "sdf_open_device"}, + {ERR_FUNC(ESDF_F_SDF_RAND_BYTES), "sdf_rand_bytes"}, + {0, NULL} +}; + +static ERR_STRING_DATA ESDF_str_reasons[] = { + {ERR_REASON(ESDF_R_OPEN_DEVICE_FAILURE), "open device failure"}, + {ERR_REASON(ESDF_R_OPEN_SESSION_FAILURE), "open session failure"}, + {ERR_REASON(ESDF_R_OPERATION_FAILURE), "operation failure"}, + {0, NULL} +}; + +#endif + +#ifdef ESDF_LIB_NAME +static ERR_STRING_DATA ESDF_lib_name[] = { + {0, ESDF_LIB_NAME}, + {0, NULL} +}; +#endif + +static int ESDF_lib_error_code = 0; +static int ESDF_error_init = 1; + +static int ERR_load_ESDF_strings(void) +{ + if (ESDF_lib_error_code == 0) + ESDF_lib_error_code = ERR_get_next_error_library(); + + if (ESDF_error_init) { + ESDF_error_init = 0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(ESDF_lib_error_code, ESDF_str_functs); + ERR_load_strings(ESDF_lib_error_code, ESDF_str_reasons); +#endif + +#ifdef ESDF_LIB_NAME + ESDF_lib_name->error = ERR_PACK(ESDF_lib_error_code, 0, 0); + ERR_load_strings(0, ESDF_lib_name); +#endif + } + return 1; +} + +static void ERR_unload_ESDF_strings(void) +{ + if (ESDF_error_init == 0) { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(ESDF_lib_error_code, ESDF_str_functs); + ERR_unload_strings(ESDF_lib_error_code, ESDF_str_reasons); +#endif + +#ifdef ESDF_LIB_NAME + ERR_unload_strings(0, ESDF_lib_name); +#endif + ESDF_error_init = 1; + } +} + +static void ERR_ESDF_error(int function, int reason, char *file, int line) +{ + if (ESDF_lib_error_code == 0) + ESDF_lib_error_code = ERR_get_next_error_library(); + ERR_PUT_error(ESDF_lib_error_code, function, reason, file, line); +} diff --git a/engines/e_sdf_err.h b/engines/e_sdf_err.h new file mode 100644 index 00000000..0fbc2908 --- /dev/null +++ b/engines/e_sdf_err.h @@ -0,0 +1,42 @@ +/* + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_ESDF_ERR_H +# define HEADER_ESDF_ERR_H + +# ifdef __cplusplus +extern "C" { +# endif + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +static int ERR_load_ESDF_strings(void); +static void ERR_unload_ESDF_strings(void); +static void ERR_ESDF_error(int function, int reason, char *file, int line); +# define ESDFerr(f,r) ERR_ESDF_error((f),(r),OPENSSL_FILE,OPENSSL_LINE) + +/* Error codes for the ESDF functions. */ + +/* Function codes. */ +# define ESDF_F_SDF_OPEN_DEVICE 100 +# define ESDF_F_SDF_RAND_BYTES 101 + +/* Reason codes. */ +# define ESDF_R_OPEN_DEVICE_FAILURE 100 +# define ESDF_R_OPEN_SESSION_FAILURE 101 +# define ESDF_R_OPERATION_FAILURE 102 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/engines/e_skf.c b/engines/e_skf.c new file mode 100755 index 00000000..a7dcfa1d --- /dev/null +++ b/engines/e_skf.c @@ -0,0 +1,293 @@ +/* ==================================================================== + * Copyright (c) 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +static const SDF_METHOD *sdf_meth; + +static const char *sdf_id = "sdf"; +static const char *sdf_name = "ENGINE connect to SDF Devices"; + +#define SDF_CMD_SO_PATH ENGINE_CMD_BASE + +static const ENGINE_CMD_DEFN sdf_cmd_defns[] = { + {SDF_CMD_SO_PATH, + "SO_PATH", + "Specifies the path to the vendor's SDF shared library", + ENGINE_CMD_FLAG_STRING}, + {0, NULL, NULL, 0}, +}; + +static int sdf_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) +{ + switch (cmd) { + case SDF_CMD_SO_PATH: + so_path = (char *)p; + sdf_load_library(so_path); + break; + default: + printf("unknown cmd\n"); + return 0; + } + return 1; +} + +static int sdf_rand_bytes(unsigned char *out, int outlen) +{ + if (sdf_meth->GenerateRandom) { + if ((sdf_meth->GenerateRandom(hSession, out, outlen)) != SDR_OK) { + ESDFerr(ESDF_F_SDF_RAND_BYTES, ESDF_R_OPERATION_FAILURE); + return 0; + } + } + return 1; +} + +static int sdf_rand_status(void) +{ + return 1; +} + +static RAND_METHOD sdf_rand_method = { + NULL, + sdf_rand_bytes, + NULL, + NULL, + sdf_rand_bytes, + sdf_rand_status, +}; + +const RAND_METHOD *sdf_get_rand_method(void) +{ + return &sdf_rand_method; +} + +static int sdf_ec_idx = -1; +static const EC_KEY_METHOD *sdf_ec_method = NULL; + +static int sdf_ec_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *ec_key) +{ + printf(" call %s()\n", __func__); + return 1; +} + +static int sdf_ec_sign_setup(EC_KEY *ec_key, BN_CTX *ctx, + BIGNUM **kinvp, BIGNUM **rp) +{ + printf(" call %s()\n", __func__); + return 1; +} + +static ECDSA_SIG *sdf_ec_sign_sig(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *r, + EC_KEY *ec_key) +{ + ECDSA_SIG *ret = ECDSA_SIG_new(); + printf(" call %s()\n", __func__); + return ret; +} + +const EC_KEY_METHOD *sdf_get_ec_method(void) +{ + EC_KEY_METHOD *ret = NULL; + + if (sdf_ec_method) { + return sdf_ec_method; + } + + if (!(ret = EC_KEY_METHOD_new(EC_KEY_OpenSSL()))) { + return NULL; + } + + EC_KEY_METHOD_set_sign(ret, sdf_ec_sign, sdf_ec_sign_setup, sdf_ec_sign_sig); + + sdf_ec_method = ret; + return ret; +} + +static EVP_PKEY *sdf_load_privkey(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) +{ + UI *ui = NULL; + char buf1[256]; + char buf2[256]; + int r; + + ui = UI_new_method(ui_method); + + r = UI_add_input_string(ui, "> ", 0, buf1, 0, sizeof(buf1)-1); + assert(r >= 0); + r = UI_process(ui); + assert(r >= 0); + + printf("password = %s\n", UI_get0_result(ui, 0)); + + printf("%s\n", __func__); + return NULL; +} + +static EVP_PKEY *sdf_load_pubkey(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) +{ + unsigned int index; + int is_sign_key; + RSArefPublicKey publicKey; + + parse_key_id(key_id, &index, &is_sign_key); + + rv = SDF_OpenSession(hDevice, &hSession); + + if (is_sign_key) { + rv = SDF_ExportSignPublicKey_RSA(hSession, index, &publicKey); + } else { + rv = SDF_ExportEncPublicKey_RSA(hSession, index, &publicKey); + } + + printf("%s\n", __func__); + return NULL; +} + +/****************************************************************************/ + +static int sdf_destroy(ENGINE *e) +{ + return 1; +} + +static void *hDevice = NULL; +static void *hSession = NULL; + +static int sdf_init(ENGINE *e) +{ + int rv; + rv = sdf_meth->OpenDevice(&hDevice); + rv = sdf_meth->OpenSession(hDevice, &hSession); + return 1; +} + +static int sdf_finish(ENGINE *e) +{ + sdf_meth->CloseSession(hSession); + sdf_meth->CloseDevice(hDevice); + return 1; +} + +static int bind_sdf(ENGINE *e) +{ + if (!ENGINE_set_id(e, sdf_id) + || !ENGINE_set_name(e, sdf_name) + || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) + || !ENGINE_set_cmd_defns(e, sdf_cmd_defns) + || !ENGINE_set_ctrl_function(e, sdf_ctrl) + || !ENGINE_set_init_function(e, sdf_init) + || !ENGINE_set_finish_function(e, sdf_finish) + || !ENGINE_set_destroy_function(e, sdf_destroy) + || !ENGINE_set_load_privkey_function(e, sdf_load_privkey) + || !ENGINE_set_load_pubkey_function(e, sdf_load_pubkey) + || !ENGINE_set_RAND(e, sdf_get_rand_method()) + || !ENGINE_set_EC(e, sdf_get_ec_method())) { + return 0; + } + + return 1; +} + +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +static int bind_helper(ENGINE *e, const char *id) +{ + if (id && strcmp(id, sdf_id) != 0) { + return 0; + } + if (!bind_sdf(e)) { + return 0; + } + return 1; +} + +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) + +#else + +static ENGINE *engine_sdf(void) +{ + ENGINE *ret = NULL; + if (!(ret = ENGINE_new())) { + return NULL; + } + if (!bind_sdf(ret)) { + ENGINE_free(ret); + return NULL; + } + return ret; +} + +void engine_load_sdf_int(void) +{ + ENGINE *eng = NULL; + if (!(eng = engine_sdf())) { + return; + } + ENGINE_add(eng); + ENGINE_free(eng); + ERR_clear_error(); +} +#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ diff --git a/engines/e_skf.ec b/engines/e_skf.ec new file mode 100644 index 00000000..b73176bc --- /dev/null +++ b/engines/e_skf.ec @@ -0,0 +1 @@ +L ESKF e_skf_err.h e_skf_err.c diff --git a/include/openssl/gmsaf.h b/include/openssl/gmsaf.h index cc236737..5f11e941 100644 --- a/include/openssl/gmsaf.h +++ b/include/openssl/gmsaf.h @@ -73,64 +73,79 @@ int ERR_load_SAF_strings(void); /* Error codes for the SAF functions. */ /* Function codes. */ -# define SAF_F_SAF_BASE64_CREATEBASE64OBJ 100 -# define SAF_F_SAF_BASE64_DECODE 101 -# define SAF_F_SAF_BASE64_DECODEFINAL 102 -# define SAF_F_SAF_BASE64_DECODEUPDATE 103 -# define SAF_F_SAF_BASE64_ENCODE 104 -# define SAF_F_SAF_BASE64_ENCODEFINAL 105 -# define SAF_F_SAF_BASE64_ENCODEUPDATE 106 -# define SAF_F_SAF_CHANGEPIN 107 -# define SAF_F_SAF_CREATESYMMKEYOBJ 108 -# define SAF_F_SAF_ECCPUBLICKEYENC 109 -# define SAF_F_SAF_ECCPUBLICKEYENCBYCERT 110 -# define SAF_F_SAF_ECCSIGN 111 -# define SAF_F_SAF_ECCVERIFYSIGN 112 -# define SAF_F_SAF_ECCVERIFYSIGNBYCERT 113 -# define SAF_F_SAF_GENECCKEYPAIR 114 -# define SAF_F_SAF_GENERATEKEYWITHEPK 115 -# define SAF_F_SAF_GENRANDOM 116 -# define SAF_F_SAF_GENRSAKEYPAIR 117 -# define SAF_F_SAF_GETECCPUBLICKEY 118 -# define SAF_F_SAF_GETRSAPUBLICKEY 119 -# define SAF_F_SAF_GETVERSION 120 -# define SAF_F_SAF_IMPORTENCEDKEY 121 -# define SAF_F_SAF_INITIALIZE 122 -# define SAF_F_SAF_LOGIN 123 -# define SAF_F_SAF_LOGOUT 124 -# define SAF_F_SAF_MACFINAL 125 -# define SAF_F_SAF_MACUPDATE 126 -# define SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA 127 -# define SAF_F_SAF_RSASIGN 128 -# define SAF_F_SAF_RSAVERIFYSIGN 129 -# define SAF_F_SAF_SYMMDECRYPTFINAL 133 -# define SAF_F_SAF_SYMMDECRYPTUPDATE 130 -# define SAF_F_SAF_SYMMENCRYPTFINAL 134 -# define SAF_F_SAF_SYMMENCRYPTUPDATE 131 -# define SAF_F_SAF_VERIFYSIGNBYCERT 132 +# define SAF_F_SAF_ADDCACERTIFICATE 100 +# define SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE 101 +# define SAF_F_SAF_BASE64_CREATEBASE64OBJ 102 +# define SAF_F_SAF_BASE64_DECODE 103 +# define SAF_F_SAF_BASE64_DECODEFINAL 104 +# define SAF_F_SAF_BASE64_DECODEUPDATE 105 +# define SAF_F_SAF_BASE64_ENCODE 106 +# define SAF_F_SAF_BASE64_ENCODEFINAL 107 +# define SAF_F_SAF_BASE64_ENCODEUPDATE 108 +# define SAF_F_SAF_CHANGEPIN 109 +# define SAF_F_SAF_CREATEHASHOBJ 110 +# define SAF_F_SAF_CREATESYMMKEYOBJ 111 +# define SAF_F_SAF_DESTROYHASHOBJ 112 +# define SAF_F_SAF_ECCPUBLICKEYENC 113 +# define SAF_F_SAF_ECCPUBLICKEYENCBYCERT 114 +# define SAF_F_SAF_ECCSIGN 115 +# define SAF_F_SAF_ECCVERIFYSIGN 116 +# define SAF_F_SAF_ECCVERIFYSIGNBYCERT 117 +# define SAF_F_SAF_GENECCKEYPAIR 118 +# define SAF_F_SAF_GENERATEKEYWITHEPK 119 +# define SAF_F_SAF_GENRANDOM 120 +# define SAF_F_SAF_GENRSAKEYPAIR 121 +# define SAF_F_SAF_GETCACERTIFICATE 122 +# define SAF_F_SAF_GETCACERTIFICATECOUNT 123 +# define SAF_F_SAF_GETECCPUBLICKEY 124 +# define SAF_F_SAF_GETROOTCACERTIFICATE 125 +# define SAF_F_SAF_GETROOTCACERTIFICATECOUNT 126 +# define SAF_F_SAF_GETRSAPUBLICKEY 127 +# define SAF_F_SAF_GETVERSION 128 +# define SAF_F_SAF_HASH 129 +# define SAF_F_SAF_HASHFINAL 130 +# define SAF_F_SAF_HASHUPDATE 131 +# define SAF_F_SAF_INITIALIZE 132 +# define SAF_F_SAF_KEY_NEW 133 +# define SAF_F_SAF_LOGIN 134 +# define SAF_F_SAF_LOGOUT 135 +# define SAF_F_SAF_MACFINAL 136 +# define SAF_F_SAF_MACUPDATE 137 +# define SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA 138 +# define SAF_F_SAF_REMOVECACERTIFICATE 139 +# define SAF_F_SAF_REMOVEROOTCACERTIFICATE 140 +# define SAF_F_SAF_RSASIGN 141 +# define SAF_F_SAF_RSAVERIFYSIGN 142 +# define SAF_F_SAF_SYMMDECRYPTFINAL 143 +# define SAF_F_SAF_SYMMDECRYPTUPDATE 144 +# define SAF_F_SAF_SYMMENCRYPTFINAL 145 +# define SAF_F_SAF_SYMMENCRYPTUPDATE 146 +# define SAF_F_SAF_SYMMKEYOBJ_DUP 147 +# define SAF_F_SAF_VERIFYSIGNBYCERT 148 /* Reason codes. */ # define SAF_R_BUFFER_TOO_SMALL 100 # define SAF_R_CMAC_FAILURE 101 -# define SAF_R_DECRYPT_NOT_INITIALIZED 118 -# define SAF_R_ENCRYPT_KEY_FAILURE 102 -# define SAF_R_ENCRYPT_NOT_INITIALIED 119 -# define SAF_R_GEN_RANDOM 103 -# define SAF_R_GEN_RANDOM_FAILURE 104 -# define SAF_R_INT_OVERFLOW 105 -# define SAF_R_INVALID_ALGOR 106 -# define SAF_R_INVALID_CERTIFICATE 107 -# define SAF_R_INVALID_CONTEXT 108 +# define SAF_R_DECRYPT_NOT_INITIALIZED 102 +# define SAF_R_ENCRYPT_KEY_FAILURE 103 +# define SAF_R_ENCRYPT_NOT_INITIALIED 104 +# define SAF_R_GEN_RANDOM_FAILURE 105 +# define SAF_R_INT_OVERFLOW 106 +# define SAF_R_INVALID_ALGOR 107 +# define SAF_R_INVALID_CERTIFICATE 108 # define SAF_R_INVALID_HANDLE 109 -# define SAF_R_INVALID_INPUT_LENGTH 110 -# define SAF_R_INVALID_KEY_HANDLE 120 -# define SAF_R_INVALID_KEY_LENGTH 111 -# define SAF_R_INVALID_KEY_USAGE 112 -# define SAF_R_INVALID_LENGTH 113 -# define SAF_R_MAC_FAILURE 114 -# define SAF_R_NOT_SUPPORTED 115 -# define SAF_R_OPERATION_NOT_INITIALIZED 116 -# define SAF_R_UNSUPPORTED_ALGOR 117 +# define SAF_R_INVALID_INDEX 110 +# define SAF_R_INVALID_INPUT_LENGTH 111 +# define SAF_R_INVALID_KEY_HANDLE 112 +# define SAF_R_INVALID_KEY_LENGTH 113 +# define SAF_R_INVALID_KEY_USAGE 114 +# define SAF_R_INVALID_LENGTH 115 +# define SAF_R_INVALID_PUBLIC_KEY 116 +# define SAF_R_LOAD_CERTS_FAILURE 117 +# define SAF_R_MAC_FAILURE 118 +# define SAF_R_NOT_SUPPORTED 119 +# define SAF_R_OPERATION_NOT_INITIALIZED 120 +# define SAF_R_UNSUPPORTED_ALGOR 121 # ifdef __cplusplus } diff --git a/include/openssl/saf.h b/include/openssl/saf.h index ce170591..b6092a49 100644 --- a/include/openssl/saf.h +++ b/include/openssl/saf.h @@ -155,7 +155,7 @@ int SAF_RemoveRootCaCertificate( int SAF_AddCaCertificate( void *hAppHandle, unsigned char *pucCertificate, - unsigned int *puiCertificateLen); + unsigned int uiCertificateLen); int SAF_GetCaCertificateCount( void *hAppHandle, diff --git a/include/openssl/sms4.h b/include/openssl/sms4.h index cb216fb1..e6c04792 100644 --- a/include/openssl/sms4.h +++ b/include/openssl/sms4.h @@ -98,6 +98,14 @@ int sms4_unwrap_key(sms4_key_t *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen); +void sms4_avx2_encrypt_init(sms4_key_t *key); +void sms4_avx2_encrypt_8blocks(const unsigned char *in, unsigned char *out, const sms4_key_t *key); +void sms4_avx2_encrypt_16blocks(const unsigned char *in, unsigned char *out, const sms4_key_t *key); + +void sms4_knc_encrypt_init(sms4_key_t *key); +void sms4_knc_encrypt_8blocks(const unsigned char *in, unsigned char *out, const sms4_key_t *key); +void sms4_knc_encrypt_16blocks(const unsigned char *in, unsigned char *out, const sms4_key_t *key); + #define SMS4_EDE_KEY_LENGTH 32