mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-20 15:26:26 +08:00
update gmapi
This commit is contained in:
Zhi Guan
@@ -98,6 +98,7 @@ int SAF_Finalize(
|
||||
|
||||
if (app->engine) {
|
||||
ENGINE_finish(app->engine);
|
||||
ENGINE_free(app->engine);
|
||||
}
|
||||
|
||||
OPENSSL_free(app);
|
||||
|
||||
@@ -54,7 +54,7 @@
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/gmsaf.h>
|
||||
#include "saf_lcl.h"
|
||||
|
||||
#include "../../apps/apps.h"
|
||||
|
||||
/* 7.2.2 */
|
||||
int SAF_AddTrustedRootCaCertificate(
|
||||
@@ -62,7 +62,42 @@ int SAF_AddTrustedRootCaCertificate(
|
||||
unsigned char *pucCertificate,
|
||||
unsigned int uiCertificateLen)
|
||||
{
|
||||
return SAR_NotSupportYetErr;
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
X509 *x509 = NULL;
|
||||
BIO *bio = NULL;
|
||||
|
||||
if (!hAppHandle || !pucCertificate) {
|
||||
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
|
||||
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH);
|
||||
return SAR_IndataLenErr;
|
||||
}
|
||||
|
||||
if (!(bio = BIO_new_file(app->rootcacerts, "a"))) {
|
||||
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_BIO_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(x509 = d2i_X509(NULL, &pucCertificate, uiCertificateLen))) {
|
||||
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!PEM_write_bio_X509(bio, x509)) {
|
||||
SAFerr(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE, ERR_R_PEM_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = SAR_Ok;
|
||||
|
||||
end:
|
||||
X509_free(x509);
|
||||
BIO_free(bio);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 7.2.3 */
|
||||
@@ -70,8 +105,26 @@ int SAF_GetRootCaCertificateCount(
|
||||
void *hAppHandle,
|
||||
unsigned int *puiCount)
|
||||
{
|
||||
*puiCount = 0;
|
||||
return SAR_Ok;
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
STACK_OF(X509) *certs = NULL;
|
||||
|
||||
if (!hAppHandle || !puiCount) {
|
||||
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) {
|
||||
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
*puiCount = sk_X509_num(certs);
|
||||
ret = SAR_Ok;
|
||||
|
||||
end:
|
||||
sk_X509_free(certs);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 7.2.4 */
|
||||
@@ -81,7 +134,44 @@ int SAF_GetRootCaCertificate(
|
||||
unsigned char *pucCertificate,
|
||||
unsigned int *puiCertificateLen)
|
||||
{
|
||||
return SAR_NotSupportYetErr;
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
STACK_OF(X509) *certs = NULL;
|
||||
X509 *x509;
|
||||
int len;
|
||||
|
||||
if (!hAppHandle || !pucCertificate || !puiCertificateLen) {
|
||||
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL,
|
||||
"root ca certificates")) {
|
||||
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(x509 = sk_X509_value(certs, uiIndex))) {
|
||||
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_INVALID_INDEX);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (*puiCertificateLen < i2d_X509(x509, NULL)) {
|
||||
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL);
|
||||
ret = SAR_IndataLenErr;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((len = i2d_X509(x509, pucCertificate)) <= 0) {
|
||||
SAFerr(SAF_F_SAF_GETROOTCACERTIFICATE, ERR_R_X509_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
*puiCertificateLen = len;
|
||||
ret = SAR_Ok;
|
||||
end:
|
||||
sk_X509_free(certs);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 7.2.5 */
|
||||
@@ -89,16 +179,91 @@ int SAF_RemoveRootCaCertificate(
|
||||
void *hAppHandle,
|
||||
unsigned int uiIndex)
|
||||
{
|
||||
return SAR_NotSupportYetErr;
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
STACK_OF(X509) *certs = NULL;
|
||||
X509 *x509 = NULL;
|
||||
BIO *bio = NULL;
|
||||
int i, err = 0;
|
||||
|
||||
if (!hAppHandle) {
|
||||
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (!load_certs(app->rootcacerts, &certs, FORMAT_PEM, NULL, "root ca certificates")) {
|
||||
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(bio = BIO_new_file(app->rootcacerts, "w"))) {
|
||||
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_BIO_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(x509 = sk_X509_delete(certs, uiIndex))) {
|
||||
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, SAF_R_INVALID_INDEX);
|
||||
goto end;
|
||||
}
|
||||
|
||||
for (i = 0; i < sk_X509_num(certs); i++) {
|
||||
if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) {
|
||||
SAFerr(SAF_F_SAF_REMOVEROOTCACERTIFICATE, ERR_R_PEM_LIB);
|
||||
err++;
|
||||
}
|
||||
}
|
||||
|
||||
ret = SAR_Ok;
|
||||
|
||||
end:
|
||||
X509_free(x509);
|
||||
sk_X509_free(certs);
|
||||
BIO_free(bio);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 7.2.6 */
|
||||
int SAF_AddCaCertificate(
|
||||
void *hAppHandle,
|
||||
unsigned char *pucCertificate,
|
||||
unsigned int *puiCertificateLen)
|
||||
unsigned int uiCertificateLen)
|
||||
{
|
||||
return SAR_NotSupportYetErr;
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
X509 *x509 = NULL;
|
||||
BIO *bio = NULL;
|
||||
|
||||
if (!hAppHandle || !pucCertificate) {
|
||||
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (uiCertificateLen <= 0 || uiCertificateLen > INT_MAX) {
|
||||
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_INVALID_INPUT_LENGTH);
|
||||
return SAR_IndataLenErr;
|
||||
}
|
||||
|
||||
if (!(bio = BIO_new_file(app->cacerts, "a"))) {
|
||||
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_BIO_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(x509 = d2i_X509(NULL, &pucCertificate, uiCertificateLen))) {
|
||||
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!PEM_write_bio_X509(bio, x509)) {
|
||||
SAFerr(SAF_F_SAF_ADDCACERTIFICATE, ERR_R_PEM_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = SAR_Ok;
|
||||
|
||||
end:
|
||||
X509_free(x509);
|
||||
BIO_free(bio);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 7.2.7 */
|
||||
@@ -106,7 +271,26 @@ int SAF_GetCaCertificateCount(
|
||||
void *hAppHandle,
|
||||
unsigned int *puiCount)
|
||||
{
|
||||
return SAR_NotSupportYetErr;
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
STACK_OF(X509) *certs = NULL;
|
||||
|
||||
if (!hAppHandle || !puiCount) {
|
||||
SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
|
||||
SAFerr(SAF_F_SAF_GETCACERTIFICATECOUNT, SAF_R_LOAD_CERTS_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
*puiCount = sk_X509_num(certs);
|
||||
ret = SAR_Ok;
|
||||
|
||||
end:
|
||||
sk_X509_free(certs);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 7.2.8 */
|
||||
@@ -116,7 +300,43 @@ int SAF_GetCaCertificate(
|
||||
unsigned char *pucCertificate,
|
||||
unsigned int *puiCertificateLen)
|
||||
{
|
||||
return SAR_NotSupportYetErr;
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
STACK_OF(X509) *certs = NULL;
|
||||
X509 *x509;
|
||||
int len;
|
||||
|
||||
if (!hAppHandle || !pucCertificate || !puiCertificateLen) {
|
||||
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
|
||||
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(x509 = sk_X509_value(certs, uiIndex))) {
|
||||
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_INVALID_INDEX);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (*puiCertificateLen < i2d_X509(x509, NULL)) {
|
||||
SAFerr(SAF_F_SAF_GETCACERTIFICATE, SAF_R_BUFFER_TOO_SMALL);
|
||||
ret = SAR_IndataLenErr;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if ((len = i2d_X509(x509, pucCertificate)) <= 0) {
|
||||
SAFerr(SAF_F_SAF_GETCACERTIFICATE, ERR_R_X509_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
*puiCertificateLen = len;
|
||||
ret = SAR_Ok;
|
||||
end:
|
||||
sk_X509_free(certs);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 7.2.9 */
|
||||
@@ -124,7 +344,47 @@ int SAF_RemoveCaCertificate(
|
||||
void *hAppHandle,
|
||||
unsigned int uiIndex)
|
||||
{
|
||||
return SAR_NotSupportYetErr;
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
STACK_OF(X509) *certs = NULL;
|
||||
X509 *x509 = NULL;
|
||||
BIO *bio = NULL;
|
||||
int i, err = 0;
|
||||
|
||||
if (!hAppHandle) {
|
||||
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (!load_certs(app->cacerts, &certs, FORMAT_PEM, NULL, "ca certificates")) {
|
||||
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_LOAD_CERTS_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(bio = BIO_new_file(app->rootcacerts, "w"))) {
|
||||
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_BIO_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(x509 = sk_X509_delete(certs, uiIndex))) {
|
||||
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, SAF_R_INVALID_INDEX);
|
||||
goto end;
|
||||
}
|
||||
|
||||
for (i = 0; i < sk_X509_num(certs); i++) {
|
||||
if (!PEM_write_bio_X509(bio, sk_X509_value(certs, i))) {
|
||||
SAFerr(SAF_F_SAF_REMOVECACERTIFICATE, ERR_R_PEM_LIB);
|
||||
err++;
|
||||
}
|
||||
}
|
||||
|
||||
ret = SAR_Ok;
|
||||
|
||||
end:
|
||||
X509_free(x509);
|
||||
sk_X509_free(certs);
|
||||
BIO_free(bio);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* 7.2.10 */
|
||||
@@ -133,6 +393,8 @@ int SAF_AddCrl(
|
||||
unsigned char *pucDerCrl,
|
||||
unsigned int uiDerCrlLen)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -142,6 +404,8 @@ int SAF_VerifyCertificate(
|
||||
unsigned char *pucUsrCertificate,
|
||||
unsigned int uiUsrCertificateLen)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -153,6 +417,8 @@ int SAF_VerifyCertificateByCrl(
|
||||
unsigned char *pucDerCrl,
|
||||
unsigned int uiDerCrlLen)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -179,6 +445,8 @@ int SAF_GetCertFromLdap(
|
||||
unsigned char *pucOutCert,
|
||||
unsigned int *puiOutCertLen)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -204,6 +472,8 @@ int SAF_GetCertificateInfo(
|
||||
unsigned char *pucInfo,
|
||||
unsigned int *puiInfoLen)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -218,6 +488,8 @@ int SAF_GetExtTypeInfo(
|
||||
unsigned char *pucInfo,
|
||||
unsigned int *puiInfoLen)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -226,6 +498,8 @@ int SAF_EnumCertificates(
|
||||
void *hAppHandle,
|
||||
SGD_USR_CERT_ENUMLIST *usrCerts)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -234,6 +508,8 @@ int SAF_EnumKeyContainerInfo(
|
||||
void *hAppHandle,
|
||||
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -242,6 +518,8 @@ int SAF_EnumCertificatesFree(
|
||||
void *hAppHandle,
|
||||
SGD_USR_CERT_ENUMLIST *usrCerts)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -250,5 +528,7 @@ int SAF_EnumKeyContainerInfoFree(
|
||||
void *hAppHandle,
|
||||
SGD_KEYCONTAINERINFO_ENUMLIST *keyContainerInfo)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
SAF_APP *app = (SAF_APP *)hAppHandle;
|
||||
return SAR_NotSupportYetErr;
|
||||
}
|
||||
|
||||
@@ -19,6 +19,9 @@
|
||||
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SAF,0,reason)
|
||||
|
||||
static ERR_STRING_DATA SAF_str_functs[] = {
|
||||
{ERR_FUNC(SAF_F_SAF_ADDCACERTIFICATE), "SAF_AddCaCertificate"},
|
||||
{ERR_FUNC(SAF_F_SAF_ADDTRUSTEDROOTCACERTIFICATE),
|
||||
"SAF_AddTrustedRootCaCertificate"},
|
||||
{ERR_FUNC(SAF_F_SAF_BASE64_CREATEBASE64OBJ),
|
||||
"SAF_Base64_CreateBase64Obj"},
|
||||
{ERR_FUNC(SAF_F_SAF_BASE64_DECODE), "SAF_Base64_Decode"},
|
||||
@@ -28,7 +31,9 @@ static ERR_STRING_DATA SAF_str_functs[] = {
|
||||
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEFINAL), "SAF_Base64_EncodeFinal"},
|
||||
{ERR_FUNC(SAF_F_SAF_BASE64_ENCODEUPDATE), "SAF_Base64_EncodeUpdate"},
|
||||
{ERR_FUNC(SAF_F_SAF_CHANGEPIN), "SAF_ChangePin"},
|
||||
{ERR_FUNC(SAF_F_SAF_CREATEHASHOBJ), "SAF_CreateHashObj"},
|
||||
{ERR_FUNC(SAF_F_SAF_CREATESYMMKEYOBJ), "SAF_CreateSymmKeyObj"},
|
||||
{ERR_FUNC(SAF_F_SAF_DESTROYHASHOBJ), "SAF_DestroyHashObj"},
|
||||
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENC), "SAF_EccPublicKeyEnc"},
|
||||
{ERR_FUNC(SAF_F_SAF_ECCPUBLICKEYENCBYCERT), "SAF_EccPublicKeyEncByCert"},
|
||||
{ERR_FUNC(SAF_F_SAF_ECCSIGN), "SAF_EccSign"},
|
||||
@@ -38,23 +43,35 @@ static ERR_STRING_DATA SAF_str_functs[] = {
|
||||
{ERR_FUNC(SAF_F_SAF_GENERATEKEYWITHEPK), "SAF_GenerateKeyWithEPK"},
|
||||
{ERR_FUNC(SAF_F_SAF_GENRANDOM), "SAF_GenRandom"},
|
||||
{ERR_FUNC(SAF_F_SAF_GENRSAKEYPAIR), "SAF_GenRsaKeyPair"},
|
||||
{ERR_FUNC(SAF_F_SAF_GETCACERTIFICATE), "SAF_GetCaCertificate"},
|
||||
{ERR_FUNC(SAF_F_SAF_GETCACERTIFICATECOUNT), "SAF_GetCaCertificateCount"},
|
||||
{ERR_FUNC(SAF_F_SAF_GETECCPUBLICKEY), "SAF_GetEccPublicKey"},
|
||||
{ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATE), "SAF_GetRootCaCertificate"},
|
||||
{ERR_FUNC(SAF_F_SAF_GETROOTCACERTIFICATECOUNT),
|
||||
"SAF_GetRootCaCertificateCount"},
|
||||
{ERR_FUNC(SAF_F_SAF_GETRSAPUBLICKEY), "SAF_GetRsaPublicKey"},
|
||||
{ERR_FUNC(SAF_F_SAF_GETVERSION), "SAF_GetVersion"},
|
||||
{ERR_FUNC(SAF_F_SAF_IMPORTENCEDKEY), "SAF_ImportEncedKey"},
|
||||
{ERR_FUNC(SAF_F_SAF_HASH), "SAF_Hash"},
|
||||
{ERR_FUNC(SAF_F_SAF_HASHFINAL), "SAF_HashFinal"},
|
||||
{ERR_FUNC(SAF_F_SAF_HASHUPDATE), "SAF_HashUpdate"},
|
||||
{ERR_FUNC(SAF_F_SAF_INITIALIZE), "SAF_Initialize"},
|
||||
{ERR_FUNC(SAF_F_SAF_KEY_NEW), "SAF_KEY_new"},
|
||||
{ERR_FUNC(SAF_F_SAF_LOGIN), "SAF_Login"},
|
||||
{ERR_FUNC(SAF_F_SAF_LOGOUT), "SAF_Logout"},
|
||||
{ERR_FUNC(SAF_F_SAF_MACFINAL), "SAF_MacFinal"},
|
||||
{ERR_FUNC(SAF_F_SAF_MACUPDATE), "SAF_MacUpdate"},
|
||||
{ERR_FUNC(SAF_F_SAF_PKCS7_ENCODEENVELOPEDDATA),
|
||||
"SAF_Pkcs7_EncodeEnvelopedData"},
|
||||
{ERR_FUNC(SAF_F_SAF_REMOVECACERTIFICATE), "SAF_RemoveCaCertificate"},
|
||||
{ERR_FUNC(SAF_F_SAF_REMOVEROOTCACERTIFICATE),
|
||||
"SAF_RemoveRootCaCertificate"},
|
||||
{ERR_FUNC(SAF_F_SAF_RSASIGN), "SAF_RsaSign"},
|
||||
{ERR_FUNC(SAF_F_SAF_RSAVERIFYSIGN), "SAF_RsaVerifySign"},
|
||||
{ERR_FUNC(SAF_F_SAF_SYMMDECRYPTFINAL), "SAF_SymmDecryptFinal"},
|
||||
{ERR_FUNC(SAF_F_SAF_SYMMDECRYPTUPDATE), "SAF_SymmDecryptUpdate"},
|
||||
{ERR_FUNC(SAF_F_SAF_SYMMENCRYPTFINAL), "SAF_SymmEncryptFinal"},
|
||||
{ERR_FUNC(SAF_F_SAF_SYMMENCRYPTUPDATE), "SAF_SymmEncryptUpdate"},
|
||||
{ERR_FUNC(SAF_F_SAF_SYMMKEYOBJ_DUP), "SAF_SYMMKEYOBJ_dup"},
|
||||
{ERR_FUNC(SAF_F_SAF_VERIFYSIGNBYCERT), "SAF_VerifySignByCert"},
|
||||
{0, NULL}
|
||||
};
|
||||
@@ -65,18 +82,19 @@ static ERR_STRING_DATA SAF_str_reasons[] = {
|
||||
{ERR_REASON(SAF_R_DECRYPT_NOT_INITIALIZED), "decrypt not initialized"},
|
||||
{ERR_REASON(SAF_R_ENCRYPT_KEY_FAILURE), "encrypt key failure"},
|
||||
{ERR_REASON(SAF_R_ENCRYPT_NOT_INITIALIED), "encrypt not initialied"},
|
||||
{ERR_REASON(SAF_R_GEN_RANDOM), "gen random"},
|
||||
{ERR_REASON(SAF_R_GEN_RANDOM_FAILURE), "gen random failure"},
|
||||
{ERR_REASON(SAF_R_INT_OVERFLOW), "int overflow"},
|
||||
{ERR_REASON(SAF_R_INVALID_ALGOR), "invalid algor"},
|
||||
{ERR_REASON(SAF_R_INVALID_CERTIFICATE), "invalid certificate"},
|
||||
{ERR_REASON(SAF_R_INVALID_CONTEXT), "invalid context"},
|
||||
{ERR_REASON(SAF_R_INVALID_HANDLE), "invalid handle"},
|
||||
{ERR_REASON(SAF_R_INVALID_INDEX), "invalid index"},
|
||||
{ERR_REASON(SAF_R_INVALID_INPUT_LENGTH), "invalid input length"},
|
||||
{ERR_REASON(SAF_R_INVALID_KEY_HANDLE), "invalid key handle"},
|
||||
{ERR_REASON(SAF_R_INVALID_KEY_LENGTH), "invalid key length"},
|
||||
{ERR_REASON(SAF_R_INVALID_KEY_USAGE), "invalid key usage"},
|
||||
{ERR_REASON(SAF_R_INVALID_LENGTH), "invalid length"},
|
||||
{ERR_REASON(SAF_R_INVALID_PUBLIC_KEY), "invalid public key"},
|
||||
{ERR_REASON(SAF_R_LOAD_CERTS_FAILURE), "load certs failure"},
|
||||
{ERR_REASON(SAF_R_MAC_FAILURE), "mac failure"},
|
||||
{ERR_REASON(SAF_R_NOT_SUPPORTED), "not supported"},
|
||||
{ERR_REASON(SAF_R_OPERATION_NOT_INITIALIZED),
|
||||
|
||||
@@ -52,6 +52,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/gmsaf.h>
|
||||
#include <openssl/gmapi.h>
|
||||
#include "saf_lcl.h"
|
||||
|
||||
/* 7.3.12 */
|
||||
@@ -60,31 +61,84 @@ int SAF_CreateHashObj(void **phHashObj,
|
||||
unsigned char *pucPublicKey,
|
||||
unsigned int uiPublicKeyLen,
|
||||
unsigned char *pucID,
|
||||
unsigned int ulIDLen)
|
||||
unsigned int uiIDLen)
|
||||
{
|
||||
int ret = SAR_UnknownErr;
|
||||
const EVP_MD *md;
|
||||
EVP_MD_CTX *ctx = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
|
||||
if (!phHashObj) {
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (!(md = EVP_get_digestbysgd(uiAlgoType))) {
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_ALGOR);
|
||||
return SAR_AlgoTypeErr;
|
||||
}
|
||||
|
||||
if (!(ctx = EVP_MD_CTX_new())) {
|
||||
return 0;
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_MALLOC_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_DigestInit(ctx, md)) {
|
||||
return 0;
|
||||
/* limitation of the SAF hashing:
|
||||
* can not specify an engine, only use the default implementation
|
||||
*/
|
||||
if (!EVP_DigestInit_ex(ctx, md, NULL)) {
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (pucPublicKey) {
|
||||
unsigned char dgst[EVP_MAX_MD_SIZE];
|
||||
size_t dgstlen = sizeof(dgst);
|
||||
|
||||
if (!pucID) {
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
|
||||
ret = SAR_IndataErr;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (uiIDLen <= 0 || uiIDLen > SM2_MAX_ID_LENGTH
|
||||
|| strlen((char *)pucID) != uiIDLen
|
||||
|| uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_INPUT_LENGTH);
|
||||
ret = SAR_IndataLenErr;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|
||||
|| EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, SAF_R_INVALID_PUBLIC_KEY);
|
||||
ret = SAR_IndataErr;
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!SM2_compute_id_digest(md, (char *)pucID, uiIDLen, dgst, &dgstlen,
|
||||
EVP_PKEY_get0_EC_KEY(pkey))) {
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EC_LIB);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate(ctx, dgst, dgstlen)) {
|
||||
SAFerr(SAF_F_SAF_CREATEHASHOBJ, ERR_R_EVP_LIB);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
*phHashObj = ctx;
|
||||
ctx = NULL;
|
||||
|
||||
ret = SAR_Ok;
|
||||
|
||||
end:
|
||||
if (ret != SAR_Ok) {
|
||||
EVP_MD_CTX_free(ctx);
|
||||
*phHashObj = NULL;
|
||||
}
|
||||
EVP_MD_CTX_free(ctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -92,6 +146,10 @@ end:
|
||||
int SAF_DestroyHashObj(
|
||||
void *phHashObj)
|
||||
{
|
||||
if (!phHashObj) {
|
||||
SAFerr(SAF_F_SAF_DESTROYHASHOBJ, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
EVP_MD_CTX_free((EVP_MD_CTX *)phHashObj);
|
||||
return SAR_Ok;
|
||||
}
|
||||
@@ -102,9 +160,21 @@ int SAF_HashUpdate(
|
||||
const unsigned char *pucInData,
|
||||
unsigned int uiInDataLen)
|
||||
{
|
||||
if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, (size_t)uiInDataLen)) {
|
||||
if (!phHashObj || pucInData) {
|
||||
SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (uiInDataLen <= 0 || uiInDataLen > INT_MAX) {
|
||||
SAFerr(SAF_F_SAF_HASHUPDATE, SAF_R_INVALID_INPUT_LENGTH);
|
||||
return SAR_IndataLenErr;
|
||||
}
|
||||
|
||||
if (!EVP_DigestUpdate((EVP_MD_CTX *)phHashObj, pucInData, uiInDataLen)) {
|
||||
SAFerr(SAF_F_SAF_HASHUPDATE, ERR_R_EVP_LIB);
|
||||
return SAR_HashErr;
|
||||
}
|
||||
|
||||
return SAR_Ok;
|
||||
}
|
||||
|
||||
@@ -113,9 +183,21 @@ int SAF_HashFinal(void *phHashObj,
|
||||
unsigned char *pucOutData,
|
||||
unsigned int *uiOutDataLen)
|
||||
{
|
||||
if (!EVP_DigestFinal((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) {
|
||||
if (!phHashObj || !pucOutData || !uiOutDataLen) {
|
||||
SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return SAR_IndataErr;
|
||||
}
|
||||
|
||||
if (*uiOutDataLen < EVP_MAX_MD_SIZE) {
|
||||
SAFerr(SAF_F_SAF_HASHFINAL, SAF_R_BUFFER_TOO_SMALL);
|
||||
return SAR_IndataLenErr;
|
||||
}
|
||||
|
||||
if (!EVP_DigestFinal_ex((EVP_MD_CTX *)phHashObj, pucOutData, uiOutDataLen)) {
|
||||
SAFerr(SAF_F_SAF_HASHFINAL, ERR_R_EVP_LIB);
|
||||
return SAR_HashErr;
|
||||
}
|
||||
|
||||
return SAR_Ok;
|
||||
}
|
||||
|
||||
@@ -127,21 +209,50 @@ int SAF_Hash(
|
||||
unsigned char *pucPublicKey,
|
||||
unsigned int uiPublicKeyLen,
|
||||
unsigned char *pubID,
|
||||
unsigned int ulIDLen,
|
||||
unsigned int uiIDLen,
|
||||
unsigned char *pucOutData,
|
||||
unsigned int *puiOutDataLen)
|
||||
{
|
||||
const EVP_MD *md;
|
||||
size_t siz;
|
||||
int ret;
|
||||
void *hHashObj = NULL;
|
||||
|
||||
if (!(md = EVP_get_digestbysgd(uiAlgoType))) {
|
||||
return SAR_AlgoTypeErr;
|
||||
if ((ret = SAF_CreateHashObj(
|
||||
&hHashObj,
|
||||
uiAlgoType,
|
||||
pucPublicKey,
|
||||
uiPublicKeyLen,
|
||||
pubID,
|
||||
uiIDLen)) != SAR_Ok) {
|
||||
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
|
||||
return ret;
|
||||
}
|
||||
|
||||
siz = (size_t)uiInDataLen;
|
||||
if (!EVP_Digest(pucInData, siz, pucOutData, puiOutDataLen, md, NULL)) {
|
||||
return SAR_HashErr;
|
||||
if ((ret = SAF_HashUpdate(
|
||||
hHashObj,
|
||||
pucInData,
|
||||
uiInDataLen)) != SAR_Ok) {
|
||||
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((ret = SAF_HashFinal(
|
||||
hHashObj,
|
||||
pucOutData,
|
||||
puiOutDataLen)) != SAR_Ok) {
|
||||
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((ret = SAF_DestroyHashObj(
|
||||
hHashObj)) != SAR_Ok) {
|
||||
SAFerr(SAF_F_SAF_HASH, ERR_R_SAF_LIB);
|
||||
return ret;
|
||||
}
|
||||
|
||||
return SAR_Ok;
|
||||
|
||||
err:
|
||||
/* keep the first error */
|
||||
(void)SAF_DestroyHashObj(hHashObj);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -51,6 +51,7 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/gmsaf.h>
|
||||
#include <openssl/gmapi.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include "saf_lcl.h"
|
||||
|
||||
/* 7.3.31 */
|
||||
@@ -82,26 +83,6 @@ int SAF_GenerateKeyWithEPK(
|
||||
return SAR_IndataLenErr;
|
||||
}
|
||||
|
||||
/*
|
||||
65 typedef struct {
|
||||
66 SAF_APP *app;
|
||||
67 unsigned char *pucContainerName;
|
||||
68 unsigned int uiContainerLen;
|
||||
69 unsigned char *pucIV;
|
||||
70 unsigned int uiIVLen;
|
||||
71 unsigned int uiEncOrDec;
|
||||
72 unsigned int uiCryptoAlgID;
|
||||
73 } SAF_SYMMKEYOBJ;
|
||||
74
|
||||
75 typedef struct {
|
||||
76 SAF_SYMMKEYOBJ *hSymmKeyObj;
|
||||
77 unsigned char key[64];
|
||||
78 int keylen;
|
||||
79 EVP_CIPHER_CTX *cipher_ctx;
|
||||
80 CMAC_CTX *cmac_ctx;
|
||||
81 } SAF_KEY;
|
||||
*/
|
||||
|
||||
outlen = (size_t)*puiSymmKeyLen;
|
||||
if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID))
|
||||
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|
||||
@@ -128,6 +109,87 @@ end:
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
65 typedef struct {
|
||||
66 SAF_APP *app;
|
||||
67 unsigned char *pucContainerName;
|
||||
68 unsigned int uiContainerLen;
|
||||
69 unsigned char *pucIV;
|
||||
70 unsigned int uiIVLen;
|
||||
71 unsigned int uiEncOrDec;
|
||||
72 unsigned int uiCryptoAlgID;
|
||||
73 } SAF_SYMMKEYOBJ;
|
||||
74
|
||||
75 typedef struct {
|
||||
76 SAF_SYMMKEYOBJ *hSymmKeyObj;
|
||||
77 unsigned char key[64];
|
||||
78 int keylen;
|
||||
79 EVP_CIPHER_CTX *cipher_ctx;
|
||||
80 CMAC_CTX *cmac_ctx;
|
||||
81 } SAF_KEY;
|
||||
*/
|
||||
|
||||
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *hSymmKeyObj)
|
||||
{
|
||||
SAF_KEY *ret = NULL;
|
||||
SAF_KEY *key = NULL;
|
||||
|
||||
if (!(key = OPENSSL_zalloc(sizeof(*key)))
|
||||
|| !(key->hSymmKeyObj = SAF_SYMMKEYOBJ_dup(hSymmKeyObj))) {
|
||||
SAFerr(SAF_F_SAF_KEY_NEW, ERR_R_MALLOC_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
ret = key;
|
||||
key = NULL;
|
||||
|
||||
end:
|
||||
SAF_KEY_free(key);
|
||||
return ret;
|
||||
}
|
||||
|
||||
void SAF_KEY_free(SAF_KEY *key)
|
||||
{
|
||||
if (key) {
|
||||
SAF_SYMMKEYOBJ_free(key->hSymmKeyObj);
|
||||
}
|
||||
OPENSSL_clear_free(key, sizeof(*key));
|
||||
}
|
||||
|
||||
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a)
|
||||
{
|
||||
SAF_SYMMKEYOBJ *ret = NULL;
|
||||
SAF_SYMMKEYOBJ *obj = NULL;
|
||||
|
||||
if (!(obj = OPENSSL_zalloc(sizeof(*obj)))
|
||||
|| !(obj->pucContainerName = OPENSSL_memdup(a->pucContainerName, a->uiContainerLen))
|
||||
|| !(obj->pucIV = OPENSSL_memdup(a->pucIV, a->uiIVLen))) {
|
||||
SAFerr(SAF_F_SAF_SYMMKEYOBJ_DUP, ERR_R_MALLOC_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
|
||||
obj->uiContainerLen = a->uiContainerLen;
|
||||
obj->uiIVLen = a->uiIVLen;
|
||||
obj->uiEncOrDec = a->uiEncOrDec;
|
||||
obj->uiCryptoAlgID = a->uiCryptoAlgID;
|
||||
|
||||
ret = obj;
|
||||
obj = NULL;
|
||||
|
||||
end:
|
||||
SAF_SYMMKEYOBJ_free(obj);
|
||||
return ret;
|
||||
}
|
||||
|
||||
void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *obj)
|
||||
{
|
||||
if (obj) {
|
||||
OPENSSL_free(obj->pucContainerName);
|
||||
OPENSSL_free(obj->pucIV);
|
||||
OPENSSL_free(obj);
|
||||
}
|
||||
}
|
||||
|
||||
/* 7.3.32 */
|
||||
int SAF_ImportEncedKey(
|
||||
void *hSymmKeyObj,
|
||||
@@ -135,8 +197,23 @@ int SAF_ImportEncedKey(
|
||||
unsigned int uiSymmKeyLen,
|
||||
void **phKeyHandle)
|
||||
{
|
||||
SAFerr(SAF_F_SAF_IMPORTENCEDKEY, SAF_R_NOT_SUPPORTED);
|
||||
return SAR_NotSupportYetErr;
|
||||
SAF_KEY *hkey = NULL;
|
||||
SAF_SYMMKEYOBJ *hobj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
EVP_PKEY_CTX *pctx = NULL;
|
||||
char key_id[1024];
|
||||
|
||||
snprintf(key_id, sizeof(key_id), "%s.enc", hobj->pucContainerName);
|
||||
|
||||
if (!(pkey = ENGINE_load_private_key(hobj->app->engine, key_id, NULL, NULL))
|
||||
|| !(pctx = EVP_PKEY_CTX_new(pkey, hobj->app->engine))
|
||||
|| EVP_PKEY_decrypt_init(pctx) <= 0
|
||||
|| EVP_PKEY_decrypt(pctx, hkey->key, &hkey->keylen, pucSymmKey, uiSymmKeyLen) <= 0) {
|
||||
goto end;
|
||||
}
|
||||
|
||||
end:
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* 7.3.37 */
|
||||
|
||||
@@ -55,6 +55,8 @@
|
||||
|
||||
typedef struct saf_app_st {
|
||||
ENGINE *engine;
|
||||
char *rootcacerts;
|
||||
char *cacerts;
|
||||
} SAF_APP;
|
||||
|
||||
typedef struct {
|
||||
@@ -80,5 +82,8 @@ typedef struct {
|
||||
CMAC_CTX *cmac_ctx;
|
||||
} SAF_KEY;
|
||||
|
||||
SAF_KEY *SAF_KEY_new(const SAF_SYMMKEYOBJ *obj);
|
||||
void SAF_KEY_free(SAF_KEY *key);
|
||||
|
||||
SAF_SYMMKEYOBJ *SAF_SYMMKEYOBJ_dup(const SAF_SYMMKEYOBJ *a);
|
||||
void SAF_SYMMKEYOBJ_free(SAF_SYMMKEYOBJ *a);
|
||||
|
||||
Reference in New Issue
Block a user