SKF Wrapper

2026-05-17 13:56:25 +08:00 · 2016-05-29 00:22:33 +02:00
parent 0cf9126a7d
commit ee4384daeb
142 changed files with 9469 additions and 6750 deletions
--- a/crypto/ec/Makefile
+++ b/crypto/ec/Makefile
@@ -124,11 +124,13 @@ ec_ameth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
 ec_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ec_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ec_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ec_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ec_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ec_ameth.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
+ec_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ec_ameth.o: ../../include/openssl/opensslconf.h
 ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
+ec_ameth.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
 ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
 ec_ameth.o: ec_ameth.c
@@ -136,11 +138,12 @@ ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ec_asn1.o: ../../include/openssl/ec.h ../../include/openssl/err.h
-ec_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ec_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ec_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ec_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ec_asn1.o: ../../include/openssl/symhacks.h ec_asn1.c ec_lcl.h
+ec_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ec_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ec_asn1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ec_asn1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ec_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_asn1.o: ec_asn1.c ec_lcl.h
 ec_check.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ec_check.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 ec_check.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -209,13 +212,15 @@ ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 ec_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 ec_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ec_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ec_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ec_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ec_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/ecies.h
+ec_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ec_pmeth.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
 ec_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 ec_pmeth.o: ../../include/openssl/opensslconf.h
 ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
+ec_pmeth.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
 ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
 ec_pmeth.o: ec_lcl.h ec_pmeth.c
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -1264,32 +1264,31 @@ void ERR_load_EC_strings(void);
 # define EC_F_OLD_EC_PRIV_DECODE                          222
 # define EC_F_PKEY_EC_CTRL                                197
 # define EC_F_PKEY_EC_CTRL_STR                            198
+# define EC_F_PKEY_EC_DECRYPT                             301
 # define EC_F_PKEY_EC_DERIVE                              217
+# define EC_F_PKEY_EC_ENCRYPT                             300
 # define EC_F_PKEY_EC_KEYGEN                              199
 # define EC_F_PKEY_EC_PARAMGEN                            219
 # define EC_F_PKEY_EC_SIGN                                218
-
-# ifndef OPENSSL_NO_GMSSL
-# define EC_F_PKEY_EC_ENCRYPT				  300
-# define EC_F_PKEY_EC_DECRYPT				  301
-# define EC_F_PKEY_SM2_INIT				  302
-# define EC_F_PKEY_SM2_COPY				  303
-# define EC_F_PKEY_SM2_CLEANUP				  304
-# define EC_F_PKEY_SM2_PARAMGEN				  305
-# define EC_F_PKEY_SM2_KEYGEN				  306
-# define EC_F_PKEY_SM2_SIGN				  307
-# define EC_F_PKEY_SM2_VERIFY				  308
-# define EC_F_PKEY_SM2_SIGNCTX_INIT			  309
-# define EC_F_PKEY_SM2_SIGNCTX				  310
-# define EC_F_PKEY_SM2_VERIFYCTX_INIT			  311
-# define EC_F_PKEY_SM2_VERIFYCTX			  312 
-# define EC_F_PKEY_SM2_ENCRYPT				  313
-# define EC_F_PKEY_SM2_DECRYPT				  314
-# define EC_F_PKEY_SM2_DERIVE_INIT			  315
-# define EC_F_PKEY_SM2_DERIVE				  316
-# define EC_F_PKEY_SM2_CTRL				  317
-# define EC_F_PKEY_SM2_CTRL_STR				  318
-# endif
+# define EC_F_PKEY_EC_SIGNCTX                             246
+# define EC_F_PKEY_EC_SIGNCTX_INIT                        247
+# define EC_F_PKEY_SM2_CLEANUP                            304
+# define EC_F_PKEY_SM2_COPY                               303
+# define EC_F_PKEY_SM2_CTRL                               317
+# define EC_F_PKEY_SM2_CTRL_STR                           318
+# define EC_F_PKEY_SM2_DECRYPT                            314
+# define EC_F_PKEY_SM2_DERIVE                             316
+# define EC_F_PKEY_SM2_DERIVE_INIT                        315
+# define EC_F_PKEY_SM2_ENCRYPT                            313
+# define EC_F_PKEY_SM2_INIT                               302
+# define EC_F_PKEY_SM2_KEYGEN                             306
+# define EC_F_PKEY_SM2_PARAMGEN                           305
+# define EC_F_PKEY_SM2_SIGN                               307
+# define EC_F_PKEY_SM2_SIGNCTX                            310
+# define EC_F_PKEY_SM2_SIGNCTX_INIT                       309
+# define EC_F_PKEY_SM2_VERIFY                             308
+# define EC_F_PKEY_SM2_VERIFYCTX                          312
+# define EC_F_PKEY_SM2_VERIFYCTX_INIT                     311

 /* Reason codes. */
 # define EC_R_ASN1_ERROR                                  115
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -2835,7 +2835,7 @@ static const struct {
    }
 };

-#ifndef OPENSSL_NO_SM2
+#ifndef OPENSSL_NO_GMSSL
 static const struct {
 	EC_CURVE_DATA h;
 	unsigned char data[0 + 32 * 6];
@@ -2865,12 +2865,42 @@ static const struct {
 		0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C, 0x59, 0xBD, 0xCE, 0xE3,
 		0x6B, 0x69, 0x21, 0x53, 0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40,
 		0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0,
-	 /* order */
+		/* order */
 		0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 		0xFF, 0xFF, 0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B,
 		0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23
 	}
 };
+
+static const struct {
+	EC_CURVE_DATA h;
+	unsigned char data[0 + 24 * 6];
+} _EC_WAPI_PRIME_192V1 = {
+	{
+		NID_X9_62_prime_field, 0, 24, 1
+	},
+	{
+		/* no seed */
+		/* p */
+		0xBD, 0xB6, 0xF4, 0xFE, 0x3E, 0x8B, 0x1D, 0x9E, 0x0D, 0xA8, 0xC0, 0xD4,
+		0x6F, 0x4C, 0x31, 0x8C, 0xEF, 0xE4, 0xAF, 0xE3, 0xB6, 0xB8, 0x55, 0x1F,
+		/* a */
+		0xBB, 0x8E, 0x5E, 0x8F, 0xBC, 0x11, 0x5E, 0x13, 0x9F, 0xE6, 0xA8, 0x14,
+		0xFE, 0x48, 0xAA, 0xA6, 0xF0, 0xAD, 0xA1, 0xAA, 0x5D, 0xF9, 0x19, 0x85,
+		/* b */
+		0x18, 0x54, 0xBE, 0xBD, 0xC3, 0x1B, 0x21, 0xB7, 0xAE, 0xFC, 0x80, 0xAB,
+		0x0E, 0xCD, 0x10, 0xD5, 0xB1, 0xB3, 0x30, 0x8E, 0x6D, 0xBF, 0x11, 0xC1,
+		/* x */
+		0x4A, 0xD5, 0xF7, 0x04, 0x8D, 0xE7, 0x09, 0xAD, 0x51, 0x23, 0x6D, 0xE6,
+		0x5E, 0x4D, 0x4B, 0x48, 0x2C, 0x83, 0x6D, 0xC6, 0xE4, 0x10, 0x66, 0x40,
+		/* y */
+		0x02, 0xBB, 0x3A, 0x02, 0xD4, 0xAA, 0xAD, 0xAC, 0xAE, 0x24, 0x81, 0x7A,
+		0x4C, 0xA3, 0xA1, 0xB0, 0x14, 0xB5, 0x27, 0x04, 0x32, 0xDB, 0x27, 0xD2,
+	 	/* order */
+		0xBD, 0xB6, 0xF4, 0xFE, 0x3E, 0x8B, 0x1D, 0x9E, 0x0D, 0xA8, 0xC0, 0xD4,
+		0x0F, 0xC9, 0x62, 0x19, 0x5D, 0xFA, 0xE7, 0x6F, 0x56, 0x56, 0x46, 0x77,
+	}
+};
 #endif

 typedef struct _ec_list_element_st {
@@ -3082,9 +3112,11 @@ static const ec_list_element curve_list[] = {
     "RFC 5639 curve over a 512 bit prime field"},
    {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
     "RFC 5639 curve over a 512 bit prime field"},
-#ifndef OPENSSL_NO_SM2
+#ifndef OPENSSL_NO_GMSSL
    {NID_sm2p256v1, &_EC_SM2_PRIME_256V1.h, 0,
     "SM2 curve over a 256 bit prime field"},
+    {NID_wapip192v1, &_EC_WAPI_PRIME_192V1.h, 0,
+     "WAPI curve over a 192 bit prime field"},
 #endif
 };

--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
 /* crypto/ec/ec_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -250,15 +250,31 @@ static ERR_STRING_DATA EC_str_functs[] = {
    {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"},
    {ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"},
    {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "PKEY_EC_CTRL_STR"},
+    {ERR_FUNC(EC_F_PKEY_EC_DECRYPT), "PKEY_EC_DECRYPT"},
    {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"},
+    {ERR_FUNC(EC_F_PKEY_EC_ENCRYPT), "PKEY_EC_ENCRYPT"},
    {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"},
    {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"},
    {ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"},
-    {ERR_FUNC(EC_F_PKEY_EC_ENCRYPT), "PKEY_EC_ENCRYPT"},
-    {ERR_FUNC(EC_F_PKEY_EC_DECRYPT), "PKEY_EC_DECRYPT"},
-    {ERR_FUNC(EC_F_PKEY_SM2_SIGN), "PKEY_SM2_SIGN"},
-    {ERR_FUNC(EC_F_PKEY_SM2_ENCRYPT), "PKEY_SM2_ENCRYPT"},
+    {ERR_FUNC(EC_F_PKEY_EC_SIGNCTX), "PKEY_EC_SIGNCTX"},
+    {ERR_FUNC(EC_F_PKEY_EC_SIGNCTX_INIT), "PKEY_EC_SIGNCTX_INIT"},
+    {ERR_FUNC(EC_F_PKEY_SM2_CLEANUP), "PKEY_SM2_CLEANUP"},
+    {ERR_FUNC(EC_F_PKEY_SM2_COPY), "PKEY_SM2_COPY"},
+    {ERR_FUNC(EC_F_PKEY_SM2_CTRL), "PKEY_SM2_CTRL"},
+    {ERR_FUNC(EC_F_PKEY_SM2_CTRL_STR), "PKEY_SM2_CTRL_STR"},
    {ERR_FUNC(EC_F_PKEY_SM2_DECRYPT), "PKEY_SM2_DECRYPT"},
+    {ERR_FUNC(EC_F_PKEY_SM2_DERIVE), "PKEY_SM2_DERIVE"},
+    {ERR_FUNC(EC_F_PKEY_SM2_DERIVE_INIT), "PKEY_SM2_DERIVE_INIT"},
+    {ERR_FUNC(EC_F_PKEY_SM2_ENCRYPT), "PKEY_SM2_ENCRYPT"},
+    {ERR_FUNC(EC_F_PKEY_SM2_INIT), "PKEY_SM2_INIT"},
+    {ERR_FUNC(EC_F_PKEY_SM2_KEYGEN), "PKEY_SM2_KEYGEN"},
+    {ERR_FUNC(EC_F_PKEY_SM2_PARAMGEN), "PKEY_SM2_PARAMGEN"},
+    {ERR_FUNC(EC_F_PKEY_SM2_SIGN), "PKEY_SM2_SIGN"},
+    {ERR_FUNC(EC_F_PKEY_SM2_SIGNCTX), "PKEY_SM2_SIGNCTX"},
+    {ERR_FUNC(EC_F_PKEY_SM2_SIGNCTX_INIT), "PKEY_SM2_SIGNCTX_INIT"},
+    {ERR_FUNC(EC_F_PKEY_SM2_VERIFY), "PKEY_SM2_VERIFY"},
+    {ERR_FUNC(EC_F_PKEY_SM2_VERIFYCTX), "PKEY_SM2_VERIFYCTX"},
+    {ERR_FUNC(EC_F_PKEY_SM2_VERIFYCTX_INIT), "PKEY_SM2_VERIFYCTX_INIT"},
    {0, NULL}
 };

--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -177,7 +177,7 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
 static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                        const unsigned char *dgst, size_t dgstlen)
 {
-	int ret;
+	int ret = 0;
 	EC_PKEY_CTX *dctx = ctx->data;
 	EC_KEY *ec_key = ctx->pkey->pkey.ec;
 	int type;
@@ -209,6 +209,8 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
 		ret = ECDSA_sign(type, dgst, dgstlen, sig, &len, ec_key);
 	} else if (dctx->sign_type == NID_sm_scheme) {
 		ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key);
+	} else {
+		//error
 	}

 	if (ret <= 0)
@@ -239,14 +241,12 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
 	return ret;
 }

-#if 0
 static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
 	if (!EVP_DigestUpdate(ctx, data, count))
 		return 0;
 	return 1;
 }
-#endif

 static int pkey_ec_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 {
@@ -256,23 +256,22 @@ static int pkey_ec_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 	unsigned char zid[EVP_MAX_MD_SIZE];
 	unsigned int zidlen = sizeof(zid);

-	// the reason might be we need to init mctx->udpate 


 	if (dctx->sign_type == NID_sm_scheme) {
-		/*
 		if (!SM2_compute_id_digest(md, zid, &zidlen, ec_key)) {
-       		 	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_SM2_LIB);
+       		 	ECerr(EC_F_PKEY_EC_SIGNCTX_INIT, ERR_R_SM2_LIB);
 			return 0;
 		}
+
+		mctx->update = int_update;
+
 		if (!mctx->update(mctx, zid, zidlen)) {
-	        	ECerr(EC_F_PKEY_SM2_SIGNCTX_INIT, ERR_R_EVP_LIB);
+	        	ECerr(EC_F_PKEY_EC_SIGNCTX_INIT, ERR_R_EVP_LIB);
 			return 0;
 		}
-		*/
 	}

-	//ctx->update = int_update;
 	
 	return 1;
 }
@@ -280,7 +279,7 @@ static int pkey_ec_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 static int pkey_ec_signctx(EVP_PKEY_CTX *ctx,
 	unsigned char *sig, size_t *siglen, EVP_MD_CTX *mctx)
 {
-	int ret;
+	int ret = 0;
 	unsigned int len;
 	EC_PKEY_CTX *dctx = ctx->data;
 	EC_KEY *ec_key = ctx->pkey->pkey.ec;
@@ -292,15 +291,16 @@ static int pkey_ec_signctx(EVP_PKEY_CTX *ctx,
 		*siglen = SM2_signature_size(ec_key);
 		return 1;
 	} else if (*siglen < (size_t)SM2_signature_size(ec_key)) {
-		ECerr(EC_F_PKEY_SM2_SIGNCTX, EC_R_BUFFER_TOO_SMALL);
+		ECerr(EC_F_PKEY_EC_SIGNCTX, EC_R_BUFFER_TOO_SMALL);
 		return 0;
 	}

 	if (!EVP_DigestFinal_ex(mctx, dgst, &dgstlen)) {
-		ECerr(EC_F_PKEY_SM2_SIGNCTX, ERR_R_EVP_LIB);
+		ECerr(EC_F_PKEY_EC_SIGNCTX, ERR_R_EVP_LIB);
 		return 0;
 	}

+	len = *siglen;
 	if (dctx->sign_type == NID_sm_scheme)
 		ret = SM2_sign(type, dgst, dgstlen, sig, &len, ec_key);
 	else if (dctx->sign_type == NID_secg_scheme)