diff --git a/CMakeLists.txt b/CMakeLists.txt index 6cd15a213..132f756be 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -160,29 +160,78 @@ set(tests ) set(demos - demo_sm2_encrypt - demo_sm2_keygen - demo_sm2_keyparse - demo_sm2_private_key - demo_sm2_private_key_parse - demo_sm2_public_key - demo_sm2_sign - demo_sm2_sign_ctx - demo_sm3 - demo_sm3_hmac - demo_sm3_kdf - demo_sm4 - demo_sm4_cbc - demo_sm4_cbc_decrypt_update - demo_sm4_cbc_encrypt_update - demo_sm4_cbc_padding - demo_sm4_ctr - demo_sm4_ctr_encrypt_update - demo_sm4_gcm - demo_sm9_encrypt - demo_sm9_keygen - demo_sm9_sign - demo_zuc + asn1_oid_from_der_demo + asn1_oid_to_der_demo + base64_demo + http_get_demo + password_to_key_demo + pem_from_der_demo + pem_to_der_demo + rand_demo + sdf_info_demo + sdf_rand_demo + sdf_sign_demo + sha256_digest_demo + sha512_256_digest_demo + sha512_digest_demo + #sm2_ciphertext_to_der_demo + sm2_ecdh_demo + sm2_encrypt_demo + sm2_encrypt_fixlen_demo + sm2_id_demo + sm2_keygen_demo + sm2_keyparse_demo + sm2_point_demo + sm2_point_from_bin_demo + sm2_point_from_hash_demo + sm2_point_from_octets_demo + sm2_point_to_bin_demo + sm2_point_to_octets_demo + sm2_private_key_demo + sm2_private_key_parse_demo + sm2_public_key_demo + sm2_sig_from_bin_demo + #sm2_sig_from_der_demo + sm2_sig_to_der_demo + sm2_sign_ctx_demo + sm2_sign_ctx_fixlen_demo + sm2_sign_demo + #sm2_sign_digest_demo + sm3_ctx_demo + sm3_ctx_stdin_demo + sm3_demo + sm3_hmac_ctx_demo + sm3_hmac_demo + sm4_cbc_ctx_decrypt_stdin_demo + sm4_cbc_ctx_encrypt_stdin_demo + sm4_cbc_demo + sm4_cbc_padding_demo + sm4_cbc_sm3_hmac_demo + sm4_consts_demo + sm4_ctr_demo + sm4_ctr_encrypt_update_demo + sm4_ctr_sm3_hmac_demo + sm4_demo + sm4_ecb_demo + sm4_gcm_ctx_demo + sm4_gcm_demo + sm4_key_demo + sm9_encrypt_demo + sm9_keygen_demo + sm9_sign_demo + #tlcp_get_demo + #tlcp_post_demo + version_demo + x509_cert_check_demo + x509_cert_parse_demo + x509_cert_print_demo + x509_cert_verify_demo + x509_crl_download_demo + #x509_crl_find_revoked_cert_demo + x509_crl_print_demo + #x509_crl_verify_demo + zuc_demo + zuc_encrypt_stdin_demo ) include(CheckSymbolExists) @@ -201,7 +250,7 @@ option(ENABLE_SM2_PRIVATE_KEY_EXPORT "Enable export un-encrypted SM2 private key if (ENABLE_SM2_PRIVATE_KEY_EXPORT) message(STATUS "ENABLE_SM2_PRIVATE_KEY_EXPORT") add_definitions(-DSM2_PRIVATE_KEY_EXPORT) - list(APPEND demos demo_sm2_key_export) + list(APPEND demos sm2_key_export_demo) endif() @@ -249,6 +298,7 @@ if (ENABLE_BROKEN_CRYPTO) message(STATUS "ENABLE_BROKEN_CRYPTO") list(APPEND src src/sha1.c) list(APPEND tests sha1) + list(APPEND demos sha1_digest_demo) endif() @@ -265,6 +315,7 @@ if (ENABLE_INTEL_RDRAND) message(STATUS "ENABLE_INTEL_RDRAND") add_definitions(-DINTEL_RDRAND) list(APPEND src src/rdrand.c) + list(APPEND demos rdrand_demo) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd") endif() if (ENABLE_INTEL_RDSEED) @@ -286,6 +337,7 @@ if (ENABLE_GMT_0105_RNG) message(STATUS "ENABLE_GMT_0105_RNG") list(APPEND src src/sm3_rng.c src/sm4_cbc_mac.c src/sm4_rng.c) list(APPEND tests sm3_rng sm4_cbc_mac sm4_rng) + list(APPEND demos sm4_cbc_mac_demo) endif() diff --git a/demos/src/asn1_oid_from_der_demo.c b/demos/src/asn1_oid_from_der_demo.c new file mode 100644 index 000000000..c93cea2d3 --- /dev/null +++ b/demos/src/asn1_oid_from_der_demo.c @@ -0,0 +1,44 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + int ret = -1; + uint8_t der[] = { 0x06,0x06,0x2a,0x81,0x1c,0xcf,0x55,0x01 }; + uint32_t oid[32]; + size_t oid_num; + const uint8_t *cp; + size_t len; + size_t i; + + cp = der; + len = sizeof(der); + if (asn1_object_identifier_from_der(oid, &oid_num, &cp, &len) != 1) { + fprintf(stderr, "asn1_object_identifier_from_der() error\n"); + goto err; + } + + printf("oid: "); + for (i = 0; i < oid_num; i++) { + printf("%u ", oid[i]); + } + printf("\n"); + + ret = 0; +err: + return ret; +} diff --git a/demos/src/asn1_oid_to_der_demo.c b/demos/src/asn1_oid_to_der_demo.c new file mode 100644 index 000000000..7700bfea4 --- /dev/null +++ b/demos/src/asn1_oid_to_der_demo.c @@ -0,0 +1,49 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + int ret = -1; + uint32_t oid[] = {1,2,156,10197,1}; + uint8_t buf[64]; + uint8_t *p; + size_t len; + size_t i; + + p = buf; + len = 0; + if (asn1_object_identifier_to_der(oid, sizeof(oid)/sizeof(oid[0]), &p, &len) != 1) { + fprintf(stderr, "asn1_object_identifier_to_der() error\n"); + goto err; + } + + printf("oid: "); + for (i = 0; i < sizeof(oid)/sizeof(oid[0]); i++) { + printf("%u ", oid[i]); + } + printf("\n"); + + printf("der: "); + for (i = 0; i < len; i++) { + printf("%02x ", buf[i]); + } + printf("\n"); + + ret = 0; +err: + return ret; +} diff --git a/demos/src/base64_demo.c b/demos/src/base64_demo.c new file mode 100644 index 000000000..fbe68c174 --- /dev/null +++ b/demos/src/base64_demo.c @@ -0,0 +1,56 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include +#include + +int main(void) +{ + BASE64_CTX ctx; + + uint8_t buf[200]; + char base64[400] = {0}; + uint8_t *in = buf; + uint8_t *out = (uint8_t *)base64; + int len; + int i; + int inlen = 47; + + rand_bytes(buf, sizeof(buf)); + + base64_encode_init(&ctx); + + base64_encode_update(&ctx, in, inlen, out, &len); + out += len; + in += inlen; + printf("1 %s\n", base64); + + base64_encode_update(&ctx, in, inlen, out, &len); + out += len; + in += inlen; + printf("2 %s\n", base64); + + base64_encode_update(&ctx, in, 30, out, &len); + out += len; + in += 48; + printf("3 %s\n", base64); + + base64_encode_update(&ctx, in, 30, out, &len); + out += len; + in += 48; + printf("4 %s\n", base64); + + return 0; + +} diff --git a/demos/src/demo_cert_gen.c b/demos/src/demo_cert_gen.c deleted file mode 100644 index 790b8caf5..000000000 --- a/demos/src/demo_cert_gen.c +++ /dev/null @@ -1,258 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - - - - -static int ext_key_usage_set(int *usages, const char *usage_name) -{ - int flag; - if (x509_key_usage_from_name(&flag, usage_name) != 1) { - error_print(); - return -1; - } - *usages |= flag; - return 1; -} - -int main(int argc, char *argv[]) -{ - int ret = 1; - char *prog = argv[0]; - char *str; - - // SerialNumber - uint8_t serial[20]; - int serial_len = 12; - - // Issuer, Subject - uint8_t name[256]; - size_t namelen; - char *country = "CN"; - char *state = "Beijing"; - char *locality = "Haidian"; - char *org = "PKU"; - char *org_unit = "CS"; - char *common_name = "ROOTCA"; - - // Validity - int days = 3650; - time_t not_before; - time_t not_after; - - // Private Key - char *keyfile="rootcakey.pem"; //可由/demos/scripts/cert_gen.sh生成 - FILE *keyfp = NULL; - char *pass = "1234"; - SM2_KEY sm2_key; - char signer_id[SM2_MAX_ID_LENGTH + 1] = {0}; - size_t signer_id_len = 0; - - uint8_t *cert = NULL; - size_t certlen = 0; - FILE *outfp = stdout; - char *outfile = "rootcacert.pem"; - uint8_t *p; - - // Extensions - uint8_t exts[4096]; - size_t extslen = 0; - - // AuthorityKeyIdentifier - int gen_authority_key_id = 0; - - // SubjectKeyIdentifier - int gen_subject_key_id = 0; - - // KeyUsage - int key_usage = 0; - char *keyusage1="keyCertSign"; - char *keyusage2="cRLSign"; - - // SubjectAltName - uint8_t subject_alt_name[2048]; - size_t subject_alt_name_len = 0; - - // IssuerAltName - uint8_t issuer_alt_name[512]; - size_t issuer_alt_name_len = 0; - - // BasicConstraints - int ca = 1; - int path_len_constraint = 6; - - // ExtKeyUsageSyntax - int ext_key_usages[12]; - size_t ext_key_usages_cnt = 0; - - // CRLDistributionPoints - char *crl_http_uri = "http://pku.edu.cn/ca.crl"; - char *crl_ldap_uri = NULL; - - // InhibitAnyPolicy - int inhibit_any_policy = -1; - - // FreshestCRL - char *ca_issuers_uri = "http://pku.edu.cn/ca.crt"; - char *ocsp_uri = "http://ocsp.pku.edu.cn"; - - - if (!(keyfp = fopen(keyfile, "rb"))) { - fprintf(stderr, "%s: open '%s' failure : %s\n", prog, keyfile, strerror(errno)); - goto end; - } - - - if (ext_key_usage_set(&key_usage, keyusage1) != 1) { - fprintf(stderr, "%s: invalid `-key_usage` value '%s'\n", prog, keyusage1); - goto end; - } - - if (ext_key_usage_set(&key_usage, keyusage2) != 1) { - fprintf(stderr, "%s: invalid `-key_usage` value '%s'\n", prog, keyusage2); - goto end; - } - - - if (!(outfp = fopen(outfile, "wb"))) { - fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); - goto end; - } - - if (!signer_id_len) { - strcpy(signer_id, SM2_DEFAULT_ID); - signer_id_len = strlen(SM2_DEFAULT_ID); - } - - - - if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) { - fprintf(stderr, "%s: load private key failed\n", prog); - goto end; - } - - - - - // Issuer, Subject - if (x509_name_set(name, &namelen, sizeof(name), country, state, locality, org, org_unit, common_name) != 1) { - fprintf(stderr, "%s: set Issuer/Subject Name error\n", prog); - goto end; - } - - // Validity - time(¬_before); - if (x509_validity_add_days(¬_after, not_before, days) != 1) { - fprintf(stderr, "%s: set Validity failure\n", prog); - goto end; - } - - - if (key_usage) { - if (x509_exts_add_key_usage(exts, &extslen, sizeof(exts), X509_critical, key_usage) != 1) { - fprintf(stderr, "%s: set KeyUsage extension failure\n", prog); - goto end; - } - } - - - // no SubjectDirectoryAttributes - if (ca >= 0 || path_len_constraint >= 0) { - if (x509_exts_add_basic_constraints(exts, &extslen, sizeof(exts), - X509_critical, ca, path_len_constraint) != 1) { - fprintf(stderr, "%s: set BasicConstraints extension failure\n", prog); - goto end; - } - } - // no NameConstraints - // no PolicyConstraints - - if (crl_http_uri || crl_ldap_uri) { - if (x509_exts_add_crl_distribution_points(exts, &extslen, sizeof(exts), - -1, - crl_http_uri, crl_http_uri ? strlen(crl_http_uri) : 0, - crl_ldap_uri, crl_ldap_uri ? strlen(crl_ldap_uri) : 0) != 1) { - fprintf(stderr, "%s: set CRLDistributionPoints extension failure\n", prog); - return -1; - } - } - - - if (ca_issuers_uri || ocsp_uri) { - if (x509_exts_add_authority_info_access(exts, &extslen, sizeof(exts), 0, - ca_issuers_uri, ca_issuers_uri ? strlen(ca_issuers_uri) : 0, - ocsp_uri, ocsp_uri ? strlen(ocsp_uri) : 0) != 1) { - fprintf(stderr, "%s: set AuthorityInfoAccess extension failure\n", prog); - goto end; - } - } - - if (x509_cert_sign_to_der( - X509_version_v3, - serial, serial_len, - OID_sm2sign_with_sm3, - name, namelen, - not_before, not_after, - name, namelen, - &sm2_key, - NULL, 0, - NULL, 0, - exts, extslen, - &sm2_key, signer_id, signer_id_len, - NULL, &certlen) != 1) { - fprintf(stderr, "%s: certificate generation failure\n", prog); - goto end; - } - if (!(cert = malloc(certlen))) { - fprintf(stderr, "%s: malloc failure\n", prog); - goto end; - } - p = cert; - certlen = 0; - if (x509_cert_sign_to_der( - X509_version_v3, - serial, serial_len, - OID_sm2sign_with_sm3, - name, namelen, - not_before, not_after, - name, namelen, - &sm2_key, - NULL, 0, - NULL, 0, - exts, extslen, - &sm2_key, signer_id, signer_id_len, - &p, &certlen) != 1) { - fprintf(stderr, "%s: certificate generation failure\n", prog); - goto end; - } - if (x509_cert_to_pem(cert, certlen, outfp) != 1) { - fprintf(stderr, "%s: output certificate failed\n", prog); - goto end; - } - ret = 0; - -end: - gmssl_secure_clear(&sm2_key, sizeof(SM2_KEY)); - if (cert) free(cert); - if (keyfp) fclose(keyfp); - if (outfile && outfp) fclose(outfp); - return ret; -} diff --git a/demos/src/demo_cert_sign.c b/demos/src/demo_cert_sign.c deleted file mode 100644 index 54d642c43..000000000 --- a/demos/src/demo_cert_sign.c +++ /dev/null @@ -1,353 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - - - -static int ext_key_usage_set(int *usages, const char *usage_name) -{ - int flag = 0; - if (x509_key_usage_from_name(&flag, usage_name) != 1) { - return -1; - } - *usages |= flag; - return 1; -} - -int main(int argc, char **argv) -{ - int ret = 1; - char *prog = argv[0]; - char *str; - - // Input Req/CSR - char *infile = "careq.pem"; - FILE *infp = NULL; - uint8_t req[512]; - size_t reqlen; - char req_id[SM2_MAX_ID_LENGTH + 1] = {0}; - size_t req_id_len = 0; - - // SerialNumber - uint8_t serial[20]; - int serial_len = 12; - - // Validity - int days = 365; - time_t not_before; - time_t not_after; - - // Subject from Req - const uint8_t *subject; - size_t subject_len; - SM2_KEY subject_public_key; - - // CA certficate and Private Key - uint8_t *cacert = NULL; - char *rootcacert="rootcacert.pem"; - size_t cacertlen; - FILE *keyfp = NULL; - char *rootcakey="rootcakey.pem"; - char *pass = "1234"; - SM2_KEY sm2_key; - char signer_id[SM2_MAX_ID_LENGTH + 1] = {0}; - size_t signer_id_len = 0; - - // Issuer from CA certificate - const uint8_t *issuer; - size_t issuer_len; - SM2_KEY issuer_public_key; - - // Output - char *outfile = "cacert.pem"; - FILE *outfp = stdout; - uint8_t *cert = NULL; - size_t certlen = 0; - uint8_t *p; - - // Extensions - uint8_t exts[4096]; - size_t extslen = 0; - - // AuthorityKeyIdentifier - int gen_authority_key_id = 0; - - // SubjectKeyIdentifier - int gen_subject_key_id = 0; - - // KeyUsage - int key_usage = 0; - char *keyusage="keyCertSign"; - - // SubjectAltName - uint8_t subject_alt_name[2048]; - size_t subject_alt_name_len = 0; - - // IssuerAltName - uint8_t issuer_alt_name[512]; - size_t issuer_alt_name_len = 0; - - // BasicConstraints - int ca = -1; - int path_len_constraint = 0; - - // ExtKeyUsageSyntax - int ext_key_usages[12]; - size_t ext_key_usages_cnt = 0; - - // CRLDistributionPoints - char *crl_http_uri = NULL; - char *crl_ldap_uri = NULL; - - // InhibitAnyPolicy - int inhibit_any_policy = -1; - - // FreshestCRL - char *ca_issuers_uri = NULL; - char *ocsp_uri = NULL; - - - - - - if (!(infp = fopen(infile, "rb"))) { - fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno)); - goto end; - } - - - if (!(outfp = fopen(outfile, "wb"))) { - fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); - goto end; - } - - - if (x509_cert_new_from_file(&cacert, &cacertlen, rootcacert) != 1) { - fprintf(stderr, "%s: load ca certificate '%s' failure\n", prog, rootcacert); - goto end; - } - - - if (!(keyfp = fopen(rootcakey, "rb"))) { - fprintf(stderr, "%s: open '%s' failure : %s\n", prog, rootcakey, strerror(errno)); - goto end; - } - - - if (ext_key_usage_set(&key_usage, keyusage) != 1) { - fprintf(stderr, "%s: invalid `-key_usage` value '%s'\n", prog, keyusage); - goto end; - } - - if (!days) { - fprintf(stderr, "%s: '-days' option required\n", prog); - goto end; - } - if (!cacert) { - fprintf(stderr, "%s: '-cacert' option required\n", prog); - goto end; - } - if (!keyfp) { - fprintf(stderr, "%s: '-key' option required\n", prog); - goto end; - } - if (!pass) { - fprintf(stderr, "%s: '-pass' option required\n", prog); - goto end; - } - - if (x509_req_from_pem(req, &reqlen, sizeof(req), infp) != 1) { - fprintf(stderr, "%s: parse CSR failure\n", prog); - goto end; - } - if (!req_id_len) { - strcpy(req_id, SM2_DEFAULT_ID); - req_id_len = strlen(SM2_DEFAULT_ID); - } - if (x509_req_verify(req, reqlen, req_id, req_id_len) != 1) { - fprintf(stderr, "%s: signature verification failure\n", prog); - goto end; - } - if (x509_req_get_details(req, reqlen, - NULL, &subject, &subject_len, &subject_public_key, - NULL, NULL, NULL, NULL, NULL) != 1) { - fprintf(stderr, "%s: parse CSR failure\n", prog); - goto end; - } - - if (x509_cert_get_subject(cacert, cacertlen, &issuer, &issuer_len) != 1 - || x509_cert_get_subject_public_key(cacert, cacertlen, &issuer_public_key) != 1) { - fprintf(stderr, "%s: parse CA certificate failure\n", prog); - goto end; - } - if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) { - fprintf(stderr, "%s: load private key failure\n", prog); - goto end; - } - if (sm2_public_key_equ(&sm2_key, &issuer_public_key) != 1) { - fprintf(stderr, "%s: private key and CA certificate not match\n", prog); - goto end; - } - if (!signer_id_len) { - strcpy(signer_id, SM2_DEFAULT_ID); - signer_id_len = strlen(SM2_DEFAULT_ID); - } - - if (rand_bytes(serial, serial_len) != 1) { - fprintf(stderr, "%s: random number generator error\n", prog); - goto end; - } - - time(¬_before); - if (x509_validity_add_days(¬_after, not_before, days) != 1) { - fprintf(stderr, "%s: set Validity failure\n", prog); - goto end; - } - - // following code copy from certgen.c - // Extensions - if (gen_authority_key_id) { - if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &sm2_key) != 1) { - fprintf(stderr, "%s: set AuthorityKeyIdentifier extension failure\n", prog); - goto end; - } - } - if (gen_subject_key_id) { - if (x509_exts_add_subject_key_identifier_ex(exts, &extslen, sizeof(exts), -1, &sm2_key) != 1) { - fprintf(stderr, "%s: set SubjectKeyIdentifier extension failure\n", prog); - goto end; - } - } - if (key_usage) { - if (x509_exts_add_key_usage(exts, &extslen, sizeof(exts), X509_critical, key_usage) != 1) { - fprintf(stderr, "%s: set KeyUsage extension failure\n", prog); - goto end; - } - } - // no CertificatePolicies - // no PolicyMappings - if (subject_alt_name_len) { - if (x509_exts_add_subject_alt_name(exts, &extslen, sizeof(exts), - -1, subject_alt_name, subject_alt_name_len) != 1) { - fprintf(stderr, "%s: set SubjectAltName extension failure\n", prog); - goto end; - } - } - if (issuer_alt_name_len) { - if (x509_exts_add_issuer_alt_name(exts, &extslen, sizeof(exts), - -1, issuer_alt_name, issuer_alt_name_len) != 1) { - fprintf(stderr, "%s: set IssuerAltName extension failure\n", prog); - goto end; - } - } - // no SubjectDirectoryAttributes - if (ca >= 0 || path_len_constraint >= 0) { - if (x509_exts_add_basic_constraints(exts, &extslen, sizeof(exts), - X509_critical, ca, path_len_constraint) != 1) { - fprintf(stderr, "%s: set BasicConstraints extension failure\n", prog); - goto end; - } - } - // no NameConstraints - // no PolicyConstraints - if (ext_key_usages_cnt) { - if (x509_exts_add_ext_key_usage(exts, &extslen, sizeof(exts), - -1, ext_key_usages, ext_key_usages_cnt) != 1) { - fprintf(stderr, "%s: set ExtKeyUsage extension failure\n", prog); - goto end; - } - } - if (crl_http_uri || crl_ldap_uri) { - if (x509_exts_add_crl_distribution_points(exts, &extslen, sizeof(exts), - -1, - crl_http_uri, crl_http_uri ? strlen(crl_http_uri) : 0, - crl_ldap_uri, crl_ldap_uri ? strlen(crl_ldap_uri) : 0) != 1) { - fprintf(stderr, "%s: set CRLDistributionPoints extension failure\n", prog); - return -1; - } - } - if (inhibit_any_policy >= 0) { - if (x509_exts_add_inhibit_any_policy(exts, &extslen, sizeof(exts), - X509_critical, inhibit_any_policy) != 1) { - fprintf(stderr, "%s: set InhibitAnyPolicy extension failure\n", prog); - goto end; - } - } - if (ca_issuers_uri || ocsp_uri) { - if (x509_exts_add_authority_info_access(exts, &extslen, sizeof(exts), 0, - ca_issuers_uri, ca_issuers_uri ? strlen(ca_issuers_uri) : 0, - ocsp_uri, ocsp_uri ? strlen(ocsp_uri) : 0) != 1) { - fprintf(stderr, "%s: set AuthorityInfoAccess extension failure\n", prog); - goto end; - } - } - - if (x509_cert_sign_to_der( - X509_version_v3, - serial, serial_len, - OID_sm2sign_with_sm3, - issuer, issuer_len, - not_before, not_after, - subject, subject_len, - &subject_public_key, - NULL, 0, - NULL, 0, - exts, extslen, - &sm2_key, signer_id, signer_id_len, - NULL, &certlen) != 1) { - fprintf(stderr, "%s: certificate generation failure\n", prog); - goto end; - } - if (!(cert = malloc(certlen))) { - fprintf(stderr, "%s: malloc failure\n", prog); - goto end; - } - p = cert; - certlen = 0; - if (x509_cert_sign_to_der( - X509_version_v3, - serial, serial_len, - OID_sm2sign_with_sm3, - issuer, issuer_len, - not_before, not_after, - subject, subject_len, - &subject_public_key, - NULL, 0, - NULL, 0, - exts, extslen, - &sm2_key, signer_id, signer_id_len, - &p, &certlen) != 1) { - fprintf(stderr, "%s: certificate generation failure\n", prog); - goto end; - } - - if (x509_cert_to_pem(cert, certlen, outfp) != 1) { - fprintf(stderr, "%s: output certificate failed\n", prog); - goto end; - } - ret = 0; -end: - gmssl_secure_clear(&sm2_key, sizeof(SM2_KEY)); - if (cert) free(cert); - if (keyfp) fclose(keyfp); - if (infile && infp) fclose(infp); - if (outfile && outfp) fclose(outfp); - return ret; -} diff --git a/demos/src/demo_sm2_public_key_copy.c b/demos/src/demo_sm2_public_key_copy.c deleted file mode 100644 index 1d18dd3fb..000000000 --- a/demos/src/demo_sm2_public_key_copy.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#include -#include -#include -#include -#include - -int main(void){ - SM2_KEY sm2_key; - SM2_KEY pub_key; - - printf("Read SM2 public key file (PEM) from stdin ...\n"); - - if (sm2_public_key_info_from_pem(&sm2_key, stdin) != 1) { - fprintf(stderr, "error\n"); - return 1; - } - - if (sm2_public_key_copy(&pub_key, &sm2_key) != 1) { - fprintf(stderr, "error\n"); - return 1; - } - - sm2_public_key_print(stdout, 0, 0, "SM2PublicKey", &pub_key); - - gmssl_secure_clear(&sm2_key, sizeof(sm2_key)); - gmssl_secure_clear(&pub_key, sizeof(pub_key)); - return 0; -} diff --git a/demos/src/demo_sm2_public_key_digest.c b/demos/src/demo_sm2_public_key_digest.c deleted file mode 100644 index e1c01ac07..000000000 --- a/demos/src/demo_sm2_public_key_digest.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#include -#include -#include -#include -#include -#include - -int main(void){ - SM2_KEY sm2_key; - uint8_t dgst[32]; - int i; - - printf("Read SM2 public key file (PEM) from stdin ...\n"); - - if (sm2_public_key_info_from_pem(&sm2_key, stdin) != 1) { - fprintf(stderr, "error\n"); - return 1; - } - - if (sm2_public_key_digest(&sm2_key, dgst) != 1) { - fprintf(stderr, "error\n"); - return 1; - } - - for (i = 0; i < sizeof(dgst); i++) { - printf("%02x", dgst[i]); - } - printf("\n"); - - gmssl_secure_clear(&sm2_key, sizeof(sm2_key)); - return 0; -} diff --git a/demos/src/demo_sm2_public_key_equ.c b/demos/src/demo_sm2_public_key_equ.c deleted file mode 100644 index 70073f3e7..000000000 --- a/demos/src/demo_sm2_public_key_equ.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#include -#include -#include -#include -#include - -int main(void){ - SM2_KEY sm2_key; - SM2_KEY pub_key; - - printf("Read SM2 public key1 file (PEM) from stdin ...\n"); - - if (sm2_public_key_info_from_pem(&sm2_key, stdin) != 1) { - fprintf(stderr, "error\n"); - return 1; - } - - printf("Read SM2 public key2 file (PEM) from stdin ...\n"); - - if (sm2_public_key_info_from_pem(&pub_key, stdin) != 1) { - fprintf(stderr, "error\n"); - return 1; - } - - if (sm2_public_key_equ(&sm2_key, &pub_key) == 1) { - printf("equal\n"); - } else { - printf("not equal\n"); - } - - gmssl_secure_clear(&sm2_key, sizeof(sm2_key)); - gmssl_secure_clear(&pub_key, sizeof(pub_key)); - return 0; -} diff --git a/demos/src/demo_sm2_public_key_parse.c b/demos/src/demo_sm2_public_key_parse.c deleted file mode 100644 index 463e90ec4..000000000 --- a/demos/src/demo_sm2_public_key_parse.c +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#include -#include -#include -#include -#include - - -int main(void) -{ - SM2_KEY sm2_key; - - printf("Read SM2 public key file (PEM) from stdin ...\n"); - - if (sm2_public_key_info_from_pem(&sm2_key, stdin) != 1) { - fprintf(stderr, "error\n"); - return 1; - } - - sm2_public_key_print(stdout, 0, 0, "SM2PublicKey", &sm2_key); - - gmssl_secure_clear(&sm2_key, sizeof(sm2_key)); - return 0; -} diff --git a/demos/src/http_get_demo.c b/demos/src/http_get_demo.c new file mode 100644 index 000000000..e51e7cf49 --- /dev/null +++ b/demos/src/http_get_demo.c @@ -0,0 +1,57 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + +char *http_uri = "http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl"; +char *file_name = "Microsoft RSA TLS CA 02.crl"; + +int main(int argc, char **argv) +{ + uint8_t *buf = NULL; + size_t buflen; + size_t len; + FILE *fp = NULL; + + printf("http_get %s\n", http_uri); + + if (http_get(http_uri, NULL, &buflen, 0) != 1) { + fprintf(stderr, "http_get() error\n"); + goto err; + } + + if (!(buf = malloc(len))) { + fprintf(stderr, "malloc() error\n"); + goto err; + } + + if (http_get(http_uri, buf, &len, buflen) != 1) { + fprintf(stderr, "http_get() error\n"); + goto err; + } + + if (!(fp = fopen(file_name, "wb"))) { + fprintf(stderr, "fopen() error\n"); + goto err; + } + + fwrite(buf, 1, len, fp); + + printf("save to %s\n", file_name); + +err: + if (buf) free(buf); + if (fp) fclose(fp); + return 0; +} diff --git a/demos/src/list.c b/demos/src/list.c new file mode 100644 index 000000000..430f35a63 --- /dev/null +++ b/demos/src/list.c @@ -0,0 +1,77 @@ + asn1_oid_from_der_demo.c + asn1_oid_to_der_demo.c + base64_demo.c + http_get_demo.c + list.txt + password_to_key_demo.c + pem_from_der_demo.c + pem_to_der_demo.c + rand_demo.c + rdrand_demo.c + sdf_info_demo.c + sdf_rand_demo.c + sdf_sign_demo.c + sha1_digest_demo.c + sha256_digest_demo.c + sha512_256_digest_demo.c + sha512_digest_demo.c + sm2_ciphertext_to_der_demo.c + sm2_ecdh_demo.c + sm2_encrypt_demo.c + sm2_encrypt_fixlen_demo.c + sm2_id_demo.c + sm2_key_export_demo.c + sm2_keygen_demo.c + sm2_keyparse_demo.c + sm2_point_demo.c + sm2_point_from_bin_demo.c + sm2_point_from_hash_demo.c + sm2_point_from_octets_demo.c + sm2_point_to_bin_demo.c + sm2_point_to_octets_demo.c + sm2_private_key_demo.c + sm2_private_key_parse_demo.c + sm2_public_key_demo.c + sm2_sig_from_bin_demo.c + sm2_sig_from_der_demo.c + sm2_sig_to_der_demo.c + sm2_sign_ctx_demo.c + sm2_sign_ctx_fixlen_demo.c + sm2_sign_demo.c + sm2_sign_digest_demo.c + sm3_ctx_demo.c + sm3_ctx_stdin_demo.c + sm3_demo.c + sm3_hmac_ctx_demo.c + sm3_hmac_demo.c + sm4_cbc_ctx_decrypt_stdin_demo.c + sm4_cbc_ctx_encrypt_stdin_demo.c + sm4_cbc_demo.c + sm4_cbc_mac_demo.c + sm4_cbc_padding_demo.c + sm4_cbc_sm3_hmac_demo.c + sm4_consts_demo.c + sm4_ctr_demo.c + sm4_ctr_encrypt_update_demo.c + sm4_ctr_sm3_hmac_demo.c + sm4_demo.c + sm4_ecb_demo.c + sm4_gcm_ctx_demo.c + sm4_gcm_demo.c + sm4_key_demo.c + sm9_encrypt_demo.c + sm9_keygen_demo.c + sm9_sign_demo.c + tlcp_get_demo.c + tlcp_post_demo.c + version_demo.c + x509_cert_check_demo.c + x509_cert_parse_demo.c + x509_cert_print_demo.c + x509_cert_verify_demo.c + x509_crl_download_demo.c + x509_crl_find_revoked_cert_demo.c + x509_crl_print_demo.c + x509_crl_verify_demo.c + zuc_demo.c + zuc_encrypt_stdin_demo.c diff --git a/demos/src/password_to_key_demo.c b/demos/src/password_to_key_demo.c new file mode 100644 index 000000000..09de06cf1 --- /dev/null +++ b/demos/src/password_to_key_demo.c @@ -0,0 +1,43 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + char *pass = "P@ssw0rd"; + uint8_t salt[8]; + size_t iter = 8000; + uint8_t key[16]; + size_t i; + + if (rand_bytes(salt, sizeof(salt)) != 1) { + fprintf(stderr, "rand_bytes() error\n"); + return -1; + } + + if (pbkdf2_hmac_sm3_genkey(pass, strlen(pass), salt, sizeof(salt), iter, sizeof(key), key) != 1) { + fprintf(stderr, "pbkdf2 error\n"); + return -1; + } + + printf("pbkdf2('%s') = ", pass); + for (i = 0; i < sizeof(key); i++) { + printf("%02x", key[i]); + } + printf("\n"); + + return 0; +} diff --git a/demos/src/pem_from_der_demo.c b/demos/src/pem_from_der_demo.c new file mode 100644 index 000000000..07ee51be0 --- /dev/null +++ b/demos/src/pem_from_der_demo.c @@ -0,0 +1,103 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +uint8_t crl_der[] = { +0x30,0x82,0x04,0x09,0x30,0x82,0x03,0xb0,0x02,0x01,0x01,0x30,0x0a,0x06,0x08,0x2a, +0x81,0x1c,0xcf,0x55,0x01,0x83,0x75,0x30,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55, +0x04,0x06,0x13,0x02,0x43,0x4e,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x0a,0x0c, +0x05,0x4e,0x52,0x43,0x41,0x43,0x31,0x0f,0x30,0x0d,0x06,0x03,0x55,0x04,0x03,0x0c, +0x06,0x52,0x4f,0x4f,0x54,0x43,0x41,0x17,0x0d,0x32,0x32,0x30,0x35,0x30,0x35,0x30, +0x36,0x32,0x30,0x35,0x34,0x5a,0x17,0x0d,0x32,0x32,0x30,0x36,0x30,0x34,0x30,0x36, +0x32,0x30,0x35,0x34,0x5a,0x30,0x82,0x03,0x1e,0x30,0x21,0x02,0x10,0x12,0xf2,0xd0, +0x93,0x24,0xb0,0xa3,0xeb,0x71,0x32,0xaa,0x7f,0x24,0xa8,0x14,0x9a,0x17,0x0d,0x31, +0x34,0x30,0x36,0x32,0x36,0x30,0x36,0x35,0x38,0x34,0x38,0x5a,0x30,0x2f,0x02,0x10, +0x17,0x59,0x1f,0x6e,0x22,0x4b,0x3e,0xb6,0x0a,0x35,0xdc,0x48,0x27,0x8c,0x37,0x74, +0x17,0x0d,0x32,0x32,0x30,0x33,0x31,0x30,0x30,0x37,0x32,0x36,0x34,0x36,0x5a,0x30, +0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x05,0x30,0x2f,0x02, +0x10,0x21,0x6b,0xbe,0xb7,0x4c,0x02,0xb6,0x80,0x24,0xa0,0xed,0x70,0xe8,0xa9,0x25, +0x8c,0x17,0x0d,0x31,0x34,0x30,0x33,0x31,0x31,0x30,0x32,0x31,0x38,0x34,0x37,0x5a, +0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f, +0x02,0x10,0x2c,0xa3,0x5f,0xa2,0xf0,0x60,0x79,0x1b,0xb1,0xf3,0x7d,0xb6,0x5c,0x1c, +0x77,0x1f,0x17,0x0d,0x31,0x38,0x30,0x35,0x32,0x38,0x30,0x36,0x35,0x30,0x34,0x38, +0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30, +0x21,0x02,0x10,0x2e,0x7f,0x89,0x45,0x69,0xce,0x6d,0xf5,0x2d,0x7e,0xe2,0x84,0x67, +0xd2,0xe4,0xdf,0x17,0x0d,0x31,0x35,0x30,0x37,0x31,0x30,0x30,0x36,0x31,0x36,0x34, +0x33,0x5a,0x30,0x2f,0x02,0x10,0x31,0xbc,0x81,0x40,0x9c,0x89,0x35,0x13,0x14,0x22, +0x94,0xb6,0xbb,0x97,0x2e,0xdf,0x17,0x0d,0x32,0x32,0x30,0x31,0x32,0x30,0x30,0x32, +0x30,0x39,0x30,0x37,0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03, +0x0a,0x01,0x04,0x30,0x21,0x02,0x10,0x42,0xaa,0xc5,0x23,0x6b,0x62,0xf6,0x02,0x6f, +0x47,0xef,0xd4,0x89,0x14,0x75,0x27,0x17,0x0d,0x31,0x32,0x31,0x30,0x31,0x33,0x30, +0x37,0x32,0x34,0x30,0x31,0x5a,0x30,0x2f,0x02,0x10,0x4a,0xa5,0x3f,0x14,0x67,0x70, +0xca,0x9f,0x98,0x9c,0x85,0x55,0x33,0x2c,0x79,0x92,0x17,0x0d,0x32,0x32,0x30,0x34, +0x31,0x32,0x30,0x37,0x32,0x32,0x30,0x30,0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55, +0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x21,0x02,0x10,0x4c,0x0f,0x16,0xed,0xaa, +0x13,0x37,0xb4,0x88,0xb2,0xf6,0x0e,0x43,0x4a,0x68,0x17,0x17,0x0d,0x31,0x33,0x30, +0x36,0x30,0x34,0x30,0x32,0x34,0x35,0x31,0x39,0x5a,0x30,0x2f,0x02,0x10,0x52,0xe1, +0xbb,0x7d,0x5f,0x1f,0x20,0x39,0x03,0xc1,0x5c,0xca,0x1a,0x4c,0x83,0x76,0x17,0x0d, +0x31,0x38,0x30,0x36,0x30,0x35,0x30,0x32,0x32,0x37,0x35,0x39,0x5a,0x30,0x0c,0x30, +0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f,0x02,0x10,0x5c, +0x15,0x8a,0x4c,0xbf,0x15,0xd7,0xee,0x15,0x40,0xad,0xce,0x01,0x08,0x79,0x32,0x17, +0x0d,0x31,0x38,0x31,0x31,0x30,0x39,0x30,0x32,0x30,0x38,0x32,0x32,0x5a,0x30,0x0c, +0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f,0x02,0x10, +0x66,0x5f,0x88,0xb8,0xdd,0x4b,0x55,0xfa,0x7d,0x04,0x51,0x1c,0xf0,0x1a,0xba,0x17, +0x17,0x0d,0x32,0x32,0x30,0x34,0x32,0x31,0x30,0x38,0x30,0x31,0x34,0x34,0x5a,0x30, +0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f,0x02, +0x10,0x69,0x70,0x58,0x15,0xa8,0x93,0x5e,0x56,0x18,0x76,0xdd,0xe1,0x5d,0x71,0x98, +0x29,0x17,0x0d,0x32,0x30,0x31,0x30,0x32,0x39,0x30,0x30,0x31,0x36,0x31,0x30,0x5a, +0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30,0x2f, +0x02,0x10,0x6d,0x62,0x99,0x0b,0x63,0x49,0xe7,0x85,0xe6,0xb2,0x5b,0xf6,0x51,0x2e, +0x89,0xcd,0x17,0x0d,0x32,0x32,0x30,0x32,0x32,0x38,0x30,0x37,0x31,0x36,0x34,0x35, +0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03,0x0a,0x01,0x04,0x30, +0x21,0x02,0x10,0x6e,0x5d,0x72,0xce,0x80,0xdc,0x72,0x56,0x45,0xb7,0x4c,0xea,0xa7, +0xc8,0x85,0xc1,0x17,0x0d,0x31,0x32,0x31,0x30,0x31,0x33,0x30,0x38,0x34,0x38,0x32, +0x33,0x5a,0x30,0x2f,0x02,0x10,0x76,0x59,0x40,0x26,0x0b,0xb4,0xd6,0xf5,0xdb,0x3f, +0xe8,0xad,0x95,0x58,0x6b,0x1f,0x17,0x0d,0x32,0x31,0x31,0x32,0x30,0x38,0x31,0x30, +0x32,0x34,0x35,0x35,0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04,0x03, +0x0a,0x01,0x05,0x30,0x2f,0x02,0x10,0x79,0x1c,0x2d,0x38,0x15,0x8d,0x88,0xab,0x00, +0x4b,0x00,0x91,0xda,0x2e,0x90,0x7e,0x17,0x0d,0x32,0x32,0x30,0x34,0x32,0x30,0x30, +0x38,0x32,0x36,0x34,0x35,0x5a,0x30,0x0c,0x30,0x0a,0x06,0x03,0x55,0x1d,0x15,0x04, +0x03,0x0a,0x01,0x04,0x30,0x21,0x02,0x10,0x7e,0x15,0xe7,0xdf,0x22,0x39,0x96,0xf2, +0x2d,0xd4,0x66,0x05,0xa7,0x68,0xad,0xf7,0x17,0x0d,0x31,0x32,0x31,0x30,0x31,0x33, +0x30,0x38,0x34,0x37,0x34,0x38,0x5a,0xa0,0x2f,0x30,0x2d,0x30,0x1f,0x06,0x03,0x55, +0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x4c,0x32,0xb1,0x97,0xd9,0x33,0x1b,0xc4, +0xa6,0x05,0xc1,0xc6,0xe5,0x8b,0x62,0x5b,0xf0,0x97,0x76,0x58,0x30,0x0a,0x06,0x03, +0x55,0x1d,0x14,0x04,0x03,0x02,0x01,0x00,0x30,0x0a,0x06,0x08,0x2a,0x81,0x1c,0xcf, +0x55,0x01,0x83,0x75,0x03,0x47,0x00,0x30,0x44,0x02,0x20,0x3c,0x84,0xcf,0x42,0x86, +0x30,0xdb,0xc4,0xd4,0x27,0xb9,0x9c,0xdb,0xdf,0x3d,0xa8,0x39,0xa1,0x25,0xf1,0x89, +0xf6,0xe7,0x75,0x23,0xf4,0x5f,0xaf,0x31,0x8d,0x36,0x66,0x02,0x20,0x3a,0x22,0x79, +0xd2,0x7f,0x6d,0x6e,0x96,0x10,0x86,0xbc,0xe1,0x78,0x93,0x33,0xdd,0xef,0x6b,0xfc, +0x08,0xe6,0x0f,0x16,0x4b,0xc9,0xab,0x4e,0x90,0xc0,0xf7,0xd4,0xc2,}; + +int main(int argc, char **argv) +{ + int ret = -1; + FILE *fp = NULL; + + if (!(fp = fopen("crl.pem", "wb"))) { + fprintf(stderr, "open crl.pem error\n"); + goto err; + } + + if (pem_write(fp, "X509 CRL", crl_der, sizeof(crl_der)) != 1) { + fprintf(stderr, "pem_write() error\n"); + goto err; + } + + ret = 0; +err: + fclose(fp); + return ret; +} diff --git a/demos/src/pem_to_der_demo.c b/demos/src/pem_to_der_demo.c new file mode 100644 index 000000000..f608f4fd0 --- /dev/null +++ b/demos/src/pem_to_der_demo.c @@ -0,0 +1,92 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +char *pem = +"-----BEGIN X509 CRL-----\n" +"MIIECTCCA7ACAQEwCgYIKoEcz1UBg3UwLjELMAkGA1UEBhMCQ04xDjAMBgNVBAoM\n" +"BU5SQ0FDMQ8wDQYDVQQDDAZST09UQ0EXDTIyMDUwNTA2MjA1NFoXDTIyMDYwNDA2\n" +"MjA1NFowggMeMCECEBLy0JMksKPrcTKqfySoFJoXDTE0MDYyNjA2NTg0OFowLwIQ\n" +"F1kfbiJLPrYKNdxIJ4w3dBcNMjIwMzEwMDcyNjQ2WjAMMAoGA1UdFQQDCgEFMC8C\n" +"ECFrvrdMAraAJKDtcOipJYwXDTE0MDMxMTAyMTg0N1owDDAKBgNVHRUEAwoBBDAv\n" +"AhAso1+i8GB5G7HzfbZcHHcfFw0xODA1MjgwNjUwNDhaMAwwCgYDVR0VBAMKAQQw\n" +"IQIQLn+JRWnObfUtfuKEZ9Lk3xcNMTUwNzEwMDYxNjQzWjAvAhAxvIFAnIk1ExQi\n" +"lLa7ly7fFw0yMjAxMjAwMjA5MDdaMAwwCgYDVR0VBAMKAQQwIQIQQqrFI2ti9gJv\n" +"R+/UiRR1JxcNMTIxMDEzMDcyNDAxWjAvAhBKpT8UZ3DKn5ichVUzLHmSFw0yMjA0\n" +"MTIwNzIyMDBaMAwwCgYDVR0VBAMKAQQwIQIQTA8W7aoTN7SIsvYOQ0poFxcNMTMw\n" +"NjA0MDI0NTE5WjAvAhBS4bt9Xx8gOQPBXMoaTIN2Fw0xODA2MDUwMjI3NTlaMAww\n" +"CgYDVR0VBAMKAQQwLwIQXBWKTL8V1+4VQK3OAQh5MhcNMTgxMTA5MDIwODIyWjAM\n" +"MAoGA1UdFQQDCgEEMC8CEGZfiLjdS1X6fQRRHPAauhcXDTIyMDQyMTA4MDE0NFow\n" +"DDAKBgNVHRUEAwoBBDAvAhBpcFgVqJNeVhh23eFdcZgpFw0yMDEwMjkwMDE2MTBa\n" +"MAwwCgYDVR0VBAMKAQQwLwIQbWKZC2NJ54Xmslv2US6JzRcNMjIwMjI4MDcxNjQ1\n" +"WjAMMAoGA1UdFQQDCgEEMCECEG5dcs6A3HJWRbdM6qfIhcEXDTEyMTAxMzA4NDgy\n" +"M1owLwIQdllAJgu01vXbP+itlVhrHxcNMjExMjA4MTAyNDU1WjAMMAoGA1UdFQQD\n" +"CgEFMC8CEHkcLTgVjYirAEsAkdoukH4XDTIyMDQyMDA4MjY0NVowDDAKBgNVHRUE\n" +"AwoBBDAhAhB+FeffIjmW8i3UZgWnaK33Fw0xMjEwMTMwODQ3NDhaoC8wLTAfBgNV\n" +"HSMEGDAWgBRMMrGX2TMbxKYFwcbli2Jb8Jd2WDAKBgNVHRQEAwIBADAKBggqgRzP\n" +"VQGDdQNHADBEAiA8hM9ChjDbxNQnuZzb3z2oOaEl8Yn253Uj9F+vMY02ZgIgOiJ5\n" +"0n9tbpYQhrzheJMz3e9r/AjmDxZLyatOkMD31MI=\n" +"-----END X509 CRL-----\n"; + +static int prepare_pem_file(void) +{ + FILE *fp; + + if (!(fp = fopen("crl.pem", "wb"))) { + fprintf(stderr, "fopen() error\n"); + return -1; + } + + if (fwrite(pem, 1, strlen(pem), fp) != strlen(pem)) { + fprintf(stderr, "fwrite() error\n"); + return -1; + } + + fclose(fp); + return 1; +} + +int main(int argc, char **argv) +{ + int ret = -1; + FILE *fp = NULL; + uint8_t buf[4096]; + size_t len; + size_t i; + + (void)prepare_pem_file(); + + if (!(fp = fopen("crl.pem", "rb"))) { + fprintf(stderr, "open crl.pem error\n"); + goto err; + } + + if (pem_read(fp, "X509 CRL", buf, &len, sizeof(buf)) != 1) { + fprintf(stderr, "pem_read() error\n"); + goto err; + } + + printf("uint8_t crl_der[] = {"); + for (i = 0; i < len; i++) { + if (i % 16 == 0) printf("\n"); + printf("0x%02x,", buf[i]); + } + printf("};\n"); + + ret = 0; +err: + fclose(fp); + return ret; +} diff --git a/demos/src/rand_demo.c b/demos/src/rand_demo.c new file mode 100644 index 000000000..07a038784 --- /dev/null +++ b/demos/src/rand_demo.c @@ -0,0 +1,38 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + uint8_t buf[1024]; + size_t i; + + if (rand_bytes(buf, 32) != 1) { + fprintf(stderr, "rand_bytes() failure\n"); + return 1; + } + printf("rand_bytes() output: "); + for (i = 0; i < 32; i++) { + printf("%02x", buf[i]); + } + printf("\n"); + + if (rand_bytes(buf, sizeof(buf)) != 1) { + fprintf(stderr, "rand_bytes() failure, maybe %zu is too long\n", sizeof(buf)); + return 1; + } + + return 0; +} diff --git a/demos/src/demo_wget.c b/demos/src/rdrand_demo.c similarity index 56% rename from demos/src/demo_wget.c rename to demos/src/rdrand_demo.c index b1317314a..8d1b21d40 100644 --- a/demos/src/demo_wget.c +++ b/demos/src/rdrand_demo.c @@ -11,23 +11,20 @@ #include #include #include -#include +#include #include -int main(int argc, char **argv) + +int main(void) { - uint8_t buf[65536]; - uint8_t *content; - size_t contentlen; + uint8_t buf[32]; - if (argc < 2) { - printf("usage: %s \n", argv[0]); - return 1; - } - if (http_get(argv[1], buf, sizeof(buf), &content, &contentlen) != 1) { + if (rdrand_bytes(buf, sizeof(buf)) != 1) { error_print(); return -1; } - fwrite(content, contentlen, 1, stdout); + + format_bytes(stdout, 0, 0, "rdrand output", buf, sizeof(buf)); + return 0; } diff --git a/demos/src/sdf_info_demo.c b/demos/src/sdf_info_demo.c new file mode 100644 index 000000000..8c7b0d09e --- /dev/null +++ b/demos/src/sdf_info_demo.c @@ -0,0 +1,41 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + + +int main(void) +{ + int ret = -1; + char *so_path = "libsdf_dummy.so"; + SDF_DEVICE dev; + + if (sdf_load_library(so_path, NULL) != 1) { + error_print(); + return -1; + } + + if (sdf_open_device(&dev) != 1) { + error_print(); + goto err; + } + + sdf_print_device_info(stdout, 0, 0, "SDF Device Info", &dev); + + ret = 0; +err: + sdf_close_device(&dev); + sdf_unload_library(); + return ret; +} diff --git a/demos/src/sdf_rand_demo.c b/demos/src/sdf_rand_demo.c new file mode 100644 index 000000000..aaa1d5503 --- /dev/null +++ b/demos/src/sdf_rand_demo.c @@ -0,0 +1,47 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + + +int main(void) +{ + int ret = -1; + char *so_path = "libsdf_dummy.so"; + SDF_DEVICE dev; + uint8_t buf[32]; + + if (sdf_load_library(so_path, NULL) != 1) { + error_print(); + return -1; + } + + if (sdf_open_device(&dev) != 1) { + error_print(); + goto err; + } + + if (sdf_rand_bytes(&dev, buf, sizeof(buf)) != 1) { + error_print(); + goto err; + } + + format_bytes(stdout, 0, 0, "sdf_rand_bytes", buf, sizeof(buf)); + + ret = 0; +err: + sdf_close_device(&dev); + sdf_unload_library(); + return ret; +} diff --git a/demos/src/sdf_sign_demo.c b/demos/src/sdf_sign_demo.c new file mode 100644 index 000000000..28fec2551 --- /dev/null +++ b/demos/src/sdf_sign_demo.c @@ -0,0 +1,67 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + + +int main(void) +{ + int ret = -1; + char *so_path = "libsdf_dummy.so"; + SDF_DEVICE dev; + + SDF_KEY sign_key; + int key_index = 0; + char *key_pass = "P@ssw0rd"; + + uint8_t dgst[32]; + uint8_t sig[SM2_MAX_SIGNATURE_SIZE]; + size_t siglen; + + if (sdf_load_library(so_path, NULL) != 1) { + error_print(); + return -1; + } + + if (sdf_open_device(&dev) != 1) { + error_print(); + goto err; + } + + if (sdf_load_sign_key(&dev, &sign_key, key_index, key_pass) != 1) { + error_print(); + goto err; + } + + if (sdf_sign(&sign_key, dgst, sig, &siglen) != 1) { + error_print(); + goto err; + } + +#if 0 + // TODO: verify_key ... + if (sm2_verify(&verify_key, dgst, sig, siglen) != 1) { + error_print(); + goto err; + } +#endif + + ret = 0; + +err: + sdf_release_key(&sign_key); + sdf_close_device(&dev); + sdf_unload_library(); + return ret; +} diff --git a/demos/src/sha1_digest_demo.c b/demos/src/sha1_digest_demo.c new file mode 100644 index 000000000..5203c1ec8 --- /dev/null +++ b/demos/src/sha1_digest_demo.c @@ -0,0 +1,31 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + uint8_t dgst[SHA1_DIGEST_SIZE]; + size_t i; + + sha1_digest((uint8_t *)"abc", 3, dgst); + + printf("sha1('abc') = "); + for (i = 0; i < sizeof(dgst); i++) { + printf("%02x", dgst[i]); + } + printf("\n"); + + return 0; +} diff --git a/demos/src/sha256_digest_demo.c b/demos/src/sha256_digest_demo.c new file mode 100644 index 000000000..346f8f3dc --- /dev/null +++ b/demos/src/sha256_digest_demo.c @@ -0,0 +1,31 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + uint8_t dgst[SHA256_DIGEST_SIZE]; + size_t i; + + sha256_digest((uint8_t *)"abc", 3, dgst); + + printf("sha256('abc') = "); + for (i = 0; i < sizeof(dgst); i++) { + printf("%02x", dgst[i]); + } + printf("\n"); + + return 0; +} diff --git a/demos/src/sha512_256_digest_demo.c b/demos/src/sha512_256_digest_demo.c new file mode 100644 index 000000000..bf8e9576e --- /dev/null +++ b/demos/src/sha512_256_digest_demo.c @@ -0,0 +1,31 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + uint8_t dgst[SHA512_DIGEST_SIZE]; + size_t i; + + sha512_digest((uint8_t *)"abc", 3, dgst); + + printf("sha512_256('abc') = "); + for (i = 0; i < 256/8; i++) { + printf("%02x", dgst[i]); + } + printf("\n"); + + return 0; +} diff --git a/demos/src/sha512_digest_demo.c b/demos/src/sha512_digest_demo.c new file mode 100644 index 000000000..e42835f88 --- /dev/null +++ b/demos/src/sha512_digest_demo.c @@ -0,0 +1,31 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + uint8_t dgst[SHA512_DIGEST_SIZE]; + size_t i; + + sha512_digest((uint8_t *)"abc", 3, dgst); + + printf("sha512('abc') = "); + for (i = 0; i < sizeof(dgst); i++) { + printf("%02x", dgst[i]); + } + printf("\n"); + + return 0; +} diff --git a/demos/src/sm2_ciphertext_to_der_demo.c b/demos/src/sm2_ciphertext_to_der_demo.c new file mode 100644 index 000000000..cae808a6b --- /dev/null +++ b/demos/src/sm2_ciphertext_to_der_demo.c @@ -0,0 +1,43 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + +void gen_ciphertext(void) +{ + SM2_KEY sm2_key; + SM2_CIPHERTEXT ciphertext; + + sm2_key_generate(&sm2_key); + sm2_do_encrypt(&sm2_key, (uint8_t *)"P@ssw0rd", 8, &ciphertext); + + // 这里我们需要把密文的各个部分输出乘C的数组 +} + + +// 这个例子要把一个来自于其他软件的密文转换为GmSSL的密文 +int main(void) +{ + SM2_CIPHERTEXT C; + uint8_t ciphertext_der[SM2_MAX_CIPHERTEXT_SIZE]; + + if (sm2_ciphertext_to_der(&C, &p, &len) != 1) { + fprintf(stderr, "sm2_ciphertext_to_der() error\n"); + goto err; + } + + format_bytes(stdout, 0, 0, "Ciphertext", der, derlen); + + return 0; +} diff --git a/demos/src/sm2_ecdh_demo.c b/demos/src/sm2_ecdh_demo.c new file mode 100644 index 000000000..682162afe --- /dev/null +++ b/demos/src/sm2_ecdh_demo.c @@ -0,0 +1,66 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include + + +int main(void) +{ +// Alice Bob + + SM2_KEY alice_ecdhe; SM2_KEY bob_ecdhe; + uint8_t alice_public[65]; uint8_t bob_public[65]; + SM2_POINT alice_share_point; SM2_POINT bob_share_point; + SM3_KDF_CTX alice_ctx; SM3_KDF_CTX bob_ctx; + uint8_t alice_share_key[32]; uint8_t bob_share_key[32]; + + + sm2_key_generate(&alice_ecdhe); sm2_key_generate(&bob_ecdhe); + + + sm2_point_to_uncompressed_octets( + &alice_ecdhe.public_key, + alice_public); +// alice_public +// ====================> + sm2_point_to_uncompressed_octets( + &bob_ecdhe.public_key, + bob_public); + + if (sm2_ecdh(&bob_ecdhe, + alice_public, sizeof(alice_public), + &bob_share_point) != 1) { + fprintf(stderr, "bob error\n"); + goto err; + } + sm3_kdf_init(&bob_ctx, 32); + sm3_kdf_update(&bob_ctx, + (uint8_t *)&bob_share_point, sizeof(SM2_POINT)); + sm3_kdf_finish(&bob_ctx, bob_share_key); +// bob_public +// <==================== + + if (sm2_ecdh(&alice_ecdhe, + bob_public, sizeof(bob_public), + &alice_share_point) != 1) { + fprintf(stderr, "Alice failed\n"); + goto err; + } + + sm3_kdf_init(&alice_ctx, 32); + sm3_kdf_update(&alice_ctx, (uint8_t *)&alice_share_point, sizeof(SM2_POINT)); + sm3_kdf_finish(&alice_ctx, alice_share_key); + +err: + // FIXME: clean all + return 0; +} diff --git a/demos/src/demo_sm2_encrypt.c b/demos/src/sm2_encrypt_demo.c similarity index 93% rename from demos/src/demo_sm2_encrypt.c rename to demos/src/sm2_encrypt_demo.c index 6c4a4410b..11975cb1a 100644 --- a/demos/src/demo_sm2_encrypt.c +++ b/demos/src/sm2_encrypt_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm2_encrypt_fixlen_demo.c b/demos/src/sm2_encrypt_fixlen_demo.c new file mode 100644 index 000000000..15cce50ec --- /dev/null +++ b/demos/src/sm2_encrypt_fixlen_demo.c @@ -0,0 +1,35 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + + +int main(void) +{ + SM2_KEY sm2_key; + SM2_KEY pub_key; + unsigned char plaintext[SM2_MAX_PLAINTEXT_SIZE]; + unsigned char ciphertext[SM2_MAX_CIPHERTEXT_SIZE]; + size_t len; + + sm2_key_generate(&sm2_key); + memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT)); + + + + + + + + return 0; +} diff --git a/demos/src/sm2_id_demo.c b/demos/src/sm2_id_demo.c new file mode 100644 index 000000000..29a62ce6f --- /dev/null +++ b/demos/src/sm2_id_demo.c @@ -0,0 +1,60 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + char *prog = argv[0]; + char *keyfile; + char *pass; + FILE *keyfp = NULL; + SM2_KEY sm2_key; + uint8_t z[32]; + + if (argc < 2) { + fprintf(stderr, "usage: %s \n", prog); + return -1; + } + keyfile = argv[1]; + + if (!(keyfp = fopen(keyfile, "rb"))) { + fprintf(stderr, "%s: open file '%s' failure\n", prog, keyfile); + return -1; + } + if (sm2_public_key_info_from_pem(&sm2_key, keyfp) != 1) { + fprintf(stderr, "%s: load key failure\n", prog); + fclose(keyfp); + return -1; + } + + sm2_compute_z(z, &sm2_key.public_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)); + format_bytes(stdout, 0, 0, "z", z, sizeof(z)); + + fclose(keyfp); + return 0; +} + + + + + + + + + + + + diff --git a/demos/src/demo_sm2_key_export.c b/demos/src/sm2_key_export_demo.c similarity index 94% rename from demos/src/demo_sm2_key_export.c rename to demos/src/sm2_key_export_demo.c index 8f96c51d3..30fdcb4e3 100644 --- a/demos/src/demo_sm2_key_export.c +++ b/demos/src/sm2_key_export_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/demo_sm2_keygen.c b/demos/src/sm2_keygen_demo.c similarity index 89% rename from demos/src/demo_sm2_keygen.c rename to demos/src/sm2_keygen_demo.c index dbabf098e..c4a557ec7 100644 --- a/demos/src/demo_sm2_keygen.c +++ b/demos/src/sm2_keygen_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/demo_sm2_keyparse.c b/demos/src/sm2_keyparse_demo.c similarity index 93% rename from demos/src/demo_sm2_keyparse.c rename to demos/src/sm2_keyparse_demo.c index 681fcabca..696d57145 100644 --- a/demos/src/demo_sm2_keyparse.c +++ b/demos/src/sm2_keyparse_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm2_point_demo.c b/demos/src/sm2_point_demo.c new file mode 100644 index 000000000..ab230fb4c --- /dev/null +++ b/demos/src/sm2_point_demo.c @@ -0,0 +1,54 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include + + +int main(void) +{ + SM2_POINT A; + SM2_POINT B; + SM2_POINT C; + uint8_t a[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3}; + uint8_t b[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5}; + uint8_t c[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4}; + uint8_t zero[32] = {0}; + + sm2_point_mul_generator(&A, a); + sm2_point_mul_generator(&B, b); + sm2_point_mul_generator(&C, c); + + printf("G is the generator point on SM2 curve\n"); + sm2_point_print(stdout, 0, 0, "3G", &A); + sm2_point_print(stdout, 0, 0, "5G", &B); + sm2_point_print(stdout, 0, 0, "4G", &C); + + sm2_point_add(&A, &A, &B); + sm2_point_dbl(&C, &C); + + sm2_point_print(stdout, 0, 0, "3G + 5G", &A); + sm2_point_print(stdout, 0, 0, "2 * 4G", &C); + + sm2_point_mul_generator(&C, c); + sm2_point_add(&C, &C, &C); + + sm2_point_print(stdout, 0, 0, "4G + 4G", &C); + + sm2_point_mul_generator(&C, zero); + sm2_point_print(stdout, 0, 0, "0 * G", &C); + + if (sm2_point_is_on_curve(&C) == 1) { + printf("0 * G is on SM2 curve\n"); + } + + return 0; +} diff --git a/demos/src/sm2_point_from_bin_demo.c b/demos/src/sm2_point_from_bin_demo.c new file mode 100644 index 000000000..134f5f8b5 --- /dev/null +++ b/demos/src/sm2_point_from_bin_demo.c @@ -0,0 +1,60 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +/* +void gen_point(void) +{ + SM2_KEY sm2_key; + size_t i; + uint8_t *p = &sm2_key; + + sm2_key_generate(&sm2_key); + for (i = 0; i < 64; i++) { + printf("0x%02x,", p[i]); + } + printf("\n"); +} +*/ + +int main(void) +{ + SM2_POINT P; + uint8_t bin[64] = { + 0x0e,0x90,0x75,0x97,0x92,0x4f,0x48,0x6d, + 0x9f,0xa9,0x58,0x63,0xeb,0xb2,0x7b,0xa5, + 0xd2,0xc7,0x77,0x64,0x2c,0x94,0x8f,0x32, + 0xda,0x3a,0xd6,0xef,0xef,0xe4,0xda,0xaf, + 0x41,0x70,0x92,0x65,0x4f,0xf8,0x81,0x57, + 0x70,0x83,0x00,0xab,0x71,0xae,0xb0,0xaf, + 0x7b,0x55,0xe1,0x45,0xc7,0x9d,0xfb,0xcc, + 0xf4,0x10,0xff,0xe3,0x32,0xc4,0xcb,0x07, + }; + + if (sm2_point_from_xy(&P, bin, bin + 32) != 1) { + fprintf(stderr, "sm2_point_from_xy() error\n"); + goto err; + } + sm2_point_print(stdout, 0, 0, "SM2_POINT", &P); + + rand_bytes(bin, 64); + + if (sm2_point_from_xy(&P, bin, bin + 32) != 1) { + fprintf(stderr, "sm2_point_from_xy() error on random data\n"); + goto err; + } + +err: + return 0; +} diff --git a/demos/src/sm2_point_from_hash_demo.c b/demos/src/sm2_point_from_hash_demo.c new file mode 100644 index 000000000..fba9364db --- /dev/null +++ b/demos/src/sm2_point_from_hash_demo.c @@ -0,0 +1,31 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include + + +int main(void) +{ + SM2_POINT P; + + if (sm2_point_from_hash(&P, (uint8_t *)"Alice", strlen("Alice")) != 1) { + fprintf(stderr, "sm2_point_from_hash() error\n"); + goto err; + } + + sm2_point_print(stdout, 0, 0, "SM2_POINT = Hash(\"Alice\")", &P); + +err: + return 0; +} diff --git a/demos/src/sm2_point_from_octets_demo.c b/demos/src/sm2_point_from_octets_demo.c new file mode 100644 index 000000000..af0481e40 --- /dev/null +++ b/demos/src/sm2_point_from_octets_demo.c @@ -0,0 +1,47 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include + + +int main(void) +{ + SM2_POINT P; + uint8_t uncompressed[65] = { + 0x04, + 0x0e,0x90,0x75,0x97,0x92,0x4f,0x48,0x6d, + 0x9f,0xa9,0x58,0x63,0xeb,0xb2,0x7b,0xa5, + 0xd2,0xc7,0x77,0x64,0x2c,0x94,0x8f,0x32, + 0xda,0x3a,0xd6,0xef,0xef,0xe4,0xda,0xaf, + 0x41,0x70,0x92,0x65,0x4f,0xf8,0x81,0x57, + 0x70,0x83,0x00,0xab,0x71,0xae,0xb0,0xaf, + 0x7b,0x55,0xe1,0x45,0xc7,0x9d,0xfb,0xcc, + 0xf4,0x10,0xff,0xe3,0x32,0xc4,0xcb,0x07, + }; + + if (sm2_point_from_octets(&P, uncompressed, 65) != 1) { + fprintf(stderr, "sm2_point_from_octets() error\n"); + goto err; + } + printf("sm2_point_from_octets() success\n"); + + rand_bytes(uncompressed + 1, 64); + if (sm2_point_from_octets(&P, uncompressed, 65) != 1) { + fprintf(stderr, "sm2_point_from_octets() error\n"); + goto err; + } + +err: + return 0; +} diff --git a/demos/src/sm2_point_to_bin_demo.c b/demos/src/sm2_point_to_bin_demo.c new file mode 100644 index 000000000..3170a5899 --- /dev/null +++ b/demos/src/sm2_point_to_bin_demo.c @@ -0,0 +1,36 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + + +int main(void) +{ + SM2_POINT P = { + {0x0e,0x90,0x75,0x97,0x92,0x4f,0x48,0x6d, + 0x9f,0xa9,0x58,0x63,0xeb,0xb2,0x7b,0xa5, + 0xd2,0xc7,0x77,0x64,0x2c,0x94,0x8f,0x32, + 0xda,0x3a,0xd6,0xef,0xef,0xe4,0xda,0xaf,}, + {0x41,0x70,0x92,0x65,0x4f,0xf8,0x81,0x57, + 0x70,0x83,0x00,0xab,0x71,0xae,0xb0,0xaf, + 0x7b,0x55,0xe1,0x45,0xc7,0x9d,0xfb,0xcc, + 0xf4,0x10,0xff,0xe3,0x32,0xc4,0xcb,0x07,}, + }; + uint8_t bin[64]; + + memcpy(bin, &P, 64); + + format_bytes(stdout, 0, 0, "SM2_POITN RAW (64-byte)", bin, 64); + + return 0; +} diff --git a/demos/src/sm2_point_to_octets_demo.c b/demos/src/sm2_point_to_octets_demo.c new file mode 100644 index 000000000..03b8b8c40 --- /dev/null +++ b/demos/src/sm2_point_to_octets_demo.c @@ -0,0 +1,34 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + + +int main(void) +{ + SM2_KEY sm2_key; + SM2_POINT P; + uint8_t compressed[33] = {0}; + uint8_t uncompressed[65] = {0}; + + sm2_key_generate(&sm2_key); + P = sm2_key.public_key; + + sm2_point_to_uncompressed_octets(&P, uncompressed); + format_bytes(stdout, 0, 0, "SM2 Point (uncompressed) ", uncompressed, 65); + + sm2_point_to_compressed_octets(&P, compressed); + format_bytes(stdout, 0, 0, "SM2 Point (compressed) ", compressed, 33); + + return 0; +} diff --git a/demos/src/demo_sm2_private_key.c b/demos/src/sm2_private_key_demo.c similarity index 89% rename from demos/src/demo_sm2_private_key.c rename to demos/src/sm2_private_key_demo.c index d64ae240d..f562fc522 100644 --- a/demos/src/demo_sm2_private_key.c +++ b/demos/src/sm2_private_key_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/demo_sm2_private_key_parse.c b/demos/src/sm2_private_key_parse_demo.c similarity index 80% rename from demos/src/demo_sm2_private_key_parse.c rename to demos/src/sm2_private_key_parse_demo.c index f17e890af..0479c2c57 100644 --- a/demos/src/demo_sm2_private_key_parse.c +++ b/demos/src/sm2_private_key_parse_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -12,7 +12,7 @@ #include #include #include -#include + int main(void) { @@ -34,8 +34,7 @@ int main(void) fprintf(stderr, "error\n"); return 1; } - format_bytes(stdout, 0, 0, "buf", buf, len); - sm2_key_print(stdout, 0, 0, "SM2PrivateKey", &sm2_key); + fwrite(buf, 1, len, stdout); gmssl_secure_clear(&sm2_key, sizeof(sm2_key)); return 0; diff --git a/demos/src/demo_sm2_public_key.c b/demos/src/sm2_public_key_demo.c similarity index 91% rename from demos/src/demo_sm2_public_key.c rename to demos/src/sm2_public_key_demo.c index 710c6078c..65a2981a1 100644 --- a/demos/src/demo_sm2_public_key.c +++ b/demos/src/sm2_public_key_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm2_sig_from_bin_demo.c b/demos/src/sm2_sig_from_bin_demo.c new file mode 100644 index 000000000..2c66d3be9 --- /dev/null +++ b/demos/src/sm2_sig_from_bin_demo.c @@ -0,0 +1,29 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(void) +{ + SM2_SIGNATURE sig; + + // the signatue binary data might be invalid, and will not pass verification + uint8_t r[32] = { 1, 2, 3, }; + uint8_t s[32] = { 4, 5, 6, }; + + memcpy(sig.r, r, 32); + memcpy(sig.s, s, 32); + + return 0; +} diff --git a/demos/src/sm2_sig_from_der_demo.c b/demos/src/sm2_sig_from_der_demo.c new file mode 100644 index 000000000..939b5a184 --- /dev/null +++ b/demos/src/sm2_sig_from_der_demo.c @@ -0,0 +1,37 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include +#include + + +int main(void) +{ + SM2_SIGNATURE sig; + uint8_t der[SM2_MAX_SIGNATURE_SIZE]; + size_t derlen; + + if (sm2_signature_from_der(&sig, &cp, &derlen) != 1) { + fprintf(stderr, "sm2_signature_from_der() error\n"); + goto err; + } + + if (dlen > 0) { + fprintf(stderr, "signature followed by other data\n"); + goto err; + } + +err: + return 0; +} diff --git a/demos/src/sm2_sig_to_der_demo.c b/demos/src/sm2_sig_to_der_demo.c new file mode 100644 index 000000000..88b3b6611 --- /dev/null +++ b/demos/src/sm2_sig_to_der_demo.c @@ -0,0 +1,40 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include + + +int main(void) +{ + SM2_KEY sm2_key; + uint8_t dgst[32] = {0}; + + SM2_SIGNATURE sig; + uint8_t der[SM2_MAX_SIGNATURE_SIZE]; + uint8_t *p = der; + size_t derlen = 0; + + sm2_key_generate(&sm2_key); + sm2_do_sign(&sm2_key, dgst, &sig); + + if (sm2_signature_to_der(&sig, &p, &derlen) != 1) { + fprintf(stderr, "sm2_signature_to_der() error\n"); + return -1; + } + + format_bytes(stdout, 0, 0, "signature", der, derlen); + printf("signature length = %zu bytes\n", derlen); + + return 0; +} diff --git a/demos/src/demo_sm2_sign_ctx.c b/demos/src/sm2_sign_ctx_demo.c similarity index 96% rename from demos/src/demo_sm2_sign_ctx.c rename to demos/src/sm2_sign_ctx_demo.c index 965cf7e46..bda32a7c4 100644 --- a/demos/src/demo_sm2_sign_ctx.c +++ b/demos/src/sm2_sign_ctx_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm2_sign_ctx_fixlen_demo.c b/demos/src/sm2_sign_ctx_fixlen_demo.c new file mode 100644 index 000000000..263bf835e --- /dev/null +++ b/demos/src/sm2_sign_ctx_fixlen_demo.c @@ -0,0 +1,65 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + + +int main(void) +{ + SM2_KEY sm2_key; + SM2_SIGN_CTX sign_ctx; + unsigned char sig[SM2_MAX_SIGNATURE_SIZE]; + size_t siglen; + + + sm2_key_generate(&sm2_key); + + + siglen = SM2_signature_compact_size; + memset(sig, 0, sizeof(sig)); + if (sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1 + || sm2_sign_update(&sign_ctx, (uint8_t *)"hello ", strlen("hello ")) != 1 + || sm2_sign_update(&sign_ctx, (uint8_t *)"world", strlen("world")) != 1 + || sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) { + fprintf(stderr, "error\n"); + goto err; + } + format_bytes(stdout, 0, 0, "sig", sig, sizeof(sig)); + + + siglen = SM2_signature_typical_size; + memset(sig, 0, sizeof(sig)); + if (sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1 + || sm2_sign_update(&sign_ctx, (uint8_t *)"hello ", strlen("hello ")) != 1 + || sm2_sign_update(&sign_ctx, (uint8_t *)"world", strlen("world")) != 1 + || sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) { + fprintf(stderr, "error\n"); + goto err; + } + format_bytes(stdout, 0, 0, "sig", sig, sizeof(sig)); + + + siglen = SM2_signature_max_size; + memset(sig, 0, sizeof(sig)); + if (sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1 + || sm2_sign_update(&sign_ctx, (uint8_t *)"hello ", strlen("hello ")) != 1 + || sm2_sign_update(&sign_ctx, (uint8_t *)"world", strlen("world")) != 1 + || sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) { + fprintf(stderr, "error\n"); + goto err; + } + format_bytes(stdout, 0, 0, "sig", sig, sizeof(sig)); + +err: + return 0; +} diff --git a/demos/src/demo_sm2_sign.c b/demos/src/sm2_sign_demo.c similarity index 93% rename from demos/src/demo_sm2_sign.c rename to demos/src/sm2_sign_demo.c index de0cdf8f2..2ab75a631 100644 --- a/demos/src/demo_sm2_sign.c +++ b/demos/src/sm2_sign_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm2_sign_digest_demo.c b/demos/src/sm2_sign_digest_demo.c new file mode 100644 index 000000000..a90953f33 --- /dev/null +++ b/demos/src/sm2_sign_digest_demo.c @@ -0,0 +1,31 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(void) +{ + SM2_KEY sm2_key; + uint8_t dgst[32]; + uint8_t sig[SM2_MAX_SIGNATURE_SIZE] = {0}; + size_t siglen; + + sm2_key_generate(&sm2_key); + sm3_digest((uint8_t *)"abc", 3, dgst); + + if (sm2_sign(&key, + + + return 0; +} diff --git a/demos/src/sm3_ctx_demo.c b/demos/src/sm3_ctx_demo.c new file mode 100644 index 000000000..0d1289afb --- /dev/null +++ b/demos/src/sm3_ctx_demo.c @@ -0,0 +1,35 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(void) +{ + SM3_CTX sm3_ctx; + uint8_t dgst[SM3_DIGEST_SIZE]; + size_t i; + + sm3_init(&sm3_ctx); + sm3_update(&sm3_ctx, (uint8_t *)"a", 1); + sm3_update(&sm3_ctx, (uint8_t *)"bc", 2); + sm3_finish(&sm3_ctx, dgst); + + printf("sm3('abc') = "); + for (i = 0; i < sizeof(dgst); i++) { + printf("%02x", dgst[i]); + } + printf("\n"); + + return 0; +} diff --git a/demos/src/demo_sm3.c b/demos/src/sm3_ctx_stdin_demo.c similarity index 86% rename from demos/src/demo_sm3.c rename to demos/src/sm3_ctx_stdin_demo.c index 2e876dd5a..8f9e6547f 100644 --- a/demos/src/demo_sm3.c +++ b/demos/src/sm3_ctx_stdin_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -22,6 +22,8 @@ int main(int argc, char **argv) uint8_t dgst[32]; int i; + printf("read from stdin ...\n"); + sm3_init(&sm3_ctx); while ((len = fread(buf, 1, sizeof(buf), stdin)) > 0) { sm3_update(&sm3_ctx, buf, len); diff --git a/demos/src/sm3_demo.c b/demos/src/sm3_demo.c new file mode 100644 index 000000000..b5b8196a0 --- /dev/null +++ b/demos/src/sm3_demo.c @@ -0,0 +1,31 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(void) +{ + uint8_t dgst[SM3_DIGEST_SIZE]; + size_t i; + + sm3_digest((uint8_t *)"abc", 3, dgst); + + printf("sm3('abc') = "); + for (i = 0; i < sizeof(dgst); i++) { + printf("%02x", dgst[i]); + } + printf("\n"); + + return 0; +} diff --git a/demos/src/demo_sm3_hmac.c b/demos/src/sm3_hmac_ctx_demo.c similarity index 69% rename from demos/src/demo_sm3_hmac.c rename to demos/src/sm3_hmac_ctx_demo.c index 234ef8229..de5b7cb2a 100644 --- a/demos/src/demo_sm3_hmac.c +++ b/demos/src/sm3_hmac_ctx_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -11,6 +11,7 @@ #include #include #include +#include int main(void) @@ -20,7 +21,7 @@ int main(void) 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08, }; - unsigned char mbuf[16] = { + unsigned char data[16] = { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, }; @@ -29,7 +30,8 @@ int main(void) sm3_hmac_init(&hmac_ctx, key, sizeof(key)); - sm3_hmac_update(&hmac_ctx, mbuf, sizeof(mbuf)); + sm3_hmac_update(&hmac_ctx, data, 8); + sm3_hmac_update(&hmac_ctx, data + 8, sizeof(data) - 8); sm3_hmac_finish(&hmac_ctx, hmac); printf("hmac: "); @@ -38,14 +40,7 @@ int main(void) } printf("\n"); - memset(hmac, 0, sizeof(hmac)); - sm3_hmac(key, sizeof(key), mbuf, sizeof(mbuf), hmac); - - printf("hmac: "); - for (i = 0; i < sizeof(hmac); i++) { - printf("%02X", hmac[i]); - } - printf("\n"); + gmssl_secure_clear(&hmac_ctx, sizeof(hmac_ctx)); return 0; } diff --git a/demos/src/demo_sm3_kdf.c b/demos/src/sm3_hmac_demo.c similarity index 53% rename from demos/src/demo_sm3_kdf.c rename to demos/src/sm3_hmac_demo.c index 5c0ecbbfb..4a1538a7f 100644 --- a/demos/src/demo_sm3_kdf.c +++ b/demos/src/sm3_hmac_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -15,21 +15,22 @@ int main(void) { - SM3_KDF_CTX kdf_ctx; - unsigned char key[16] = {0}; - unsigned char raw[32] = { + unsigned char key[16] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08, + }; + unsigned char data[16] = { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, }; + unsigned char hmac[32] = {0}; int i; - sm3_kdf_init(&kdf_ctx, sizeof(key)); - sm3_kdf_update(&kdf_ctx, raw, sizeof(raw)); - sm3_kdf_finish(&kdf_ctx, key); + sm3_hmac(key, sizeof(key), data, sizeof(data), hmac); - printf("key: "); - for (i = 0; i < sizeof(key); i++) { - printf("%02X", key[i]); + printf("hmac: "); + for (i = 0; i < sizeof(hmac); i++) { + printf("%02x", hmac[i]); } printf("\n"); diff --git a/demos/src/demo_sm4_cbc_decrypt_update.c b/demos/src/sm4_cbc_ctx_decrypt_stdin_demo.c similarity index 77% rename from demos/src/demo_sm4_cbc_decrypt_update.c rename to demos/src/sm4_cbc_ctx_decrypt_stdin_demo.c index e32333d4c..0ae9941a7 100644 --- a/demos/src/demo_sm4_cbc_decrypt_update.c +++ b/demos/src/sm4_cbc_ctx_decrypt_stdin_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -11,12 +11,13 @@ #include #include #include +#include #include +#include int main(void) { - SM4_CBC_CTX cbc_ctx; unsigned char key[16] = { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, @@ -25,27 +26,34 @@ int main(void) 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, }; + + SM4_CBC_CTX cbc_ctx; unsigned char inbuf[1024]; unsigned char outbuf[1024 + 32]; size_t inlen; size_t outlen; if (sm4_cbc_decrypt_init(&cbc_ctx, key, iv) != 1) { - fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); - return 1; + error_print(); + goto err; } + + fprintf(stderr, "read from stdin ...\n"); while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) { if (sm4_cbc_decrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) { - fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); - return 1; + error_print(); + goto err; } fwrite(outbuf, 1, outlen, stdout); } + if (sm4_cbc_decrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) { - fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); - return 1; + error_print(); + goto err; } fwrite(outbuf, 1, outlen, stdout); +err: + gmssl_secure_clear(&cbc_ctx, sizeof(cbc_ctx)); return 0; } diff --git a/demos/src/demo_sm4_cbc_encrypt_update.c b/demos/src/sm4_cbc_ctx_encrypt_stdin_demo.c similarity index 77% rename from demos/src/demo_sm4_cbc_encrypt_update.c rename to demos/src/sm4_cbc_ctx_encrypt_stdin_demo.c index 4e97d62f5..6ac1ae47b 100644 --- a/demos/src/demo_sm4_cbc_encrypt_update.c +++ b/demos/src/sm4_cbc_ctx_encrypt_stdin_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -11,12 +11,13 @@ #include #include #include +#include #include +#include int main(void) { - SM4_CBC_CTX cbc_ctx; unsigned char key[16] = { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, @@ -25,27 +26,34 @@ int main(void) 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, }; + + SM4_CBC_CTX cbc_ctx; unsigned char inbuf[1024]; unsigned char outbuf[1024 + 32]; size_t inlen; size_t outlen; if (sm4_cbc_encrypt_init(&cbc_ctx, key, iv) != 1) { - fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); - return 1; + error_print(); + goto err; } + + fprintf(stderr, "read from stdin ...\n"); while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) { if (sm4_cbc_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) { - fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); - return 1; + error_print(); + goto err; } fwrite(outbuf, 1, outlen, stdout); } + if (sm4_cbc_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) { - fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); - return 1; + error_print(); + goto err; } fwrite(outbuf, 1, outlen, stdout); +err: + gmssl_secure_clear(&cbc_ctx, sizeof(cbc_ctx)); return 0; } diff --git a/demos/src/demo_sm4_cbc.c b/demos/src/sm4_cbc_demo.c similarity index 95% rename from demos/src/demo_sm4_cbc.c rename to demos/src/sm4_cbc_demo.c index e1272c2dd..910a88e5e 100644 --- a/demos/src/demo_sm4_cbc.c +++ b/demos/src/sm4_cbc_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm4_cbc_mac_demo.c b/demos/src/sm4_cbc_mac_demo.c new file mode 100644 index 000000000..c3dac8c6d --- /dev/null +++ b/demos/src/sm4_cbc_mac_demo.c @@ -0,0 +1,42 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + SM4_CBC_MAC_CTX ctx; + uint8_t key[16] = {0}; + uint8_t data[16 * 3] = {0}; + uint8_t mac[16] = {0}; + size_t i; + + if (sizeof(data) % SM4_BLOCK_SIZE != 0) { + fprintf(stderr, "CBC_MAC data length error\n"); + goto err; + } + + sm4_cbc_mac_init(&ctx, key); + sm4_cbc_mac_update(&ctx, data, sizeof(data)); + sm4_cbc_mac_finish(&ctx, mac); + + printf("cbc_mac = "); + for (i = 0; i < sizeof(mac); i++) { + printf("%02x", mac[i]); + } + printf("\n"); + +err: + return 0; +} diff --git a/demos/src/demo_sm4_cbc_padding.c b/demos/src/sm4_cbc_padding_demo.c similarity index 97% rename from demos/src/demo_sm4_cbc_padding.c rename to demos/src/sm4_cbc_padding_demo.c index 720e24851..00b5966a9 100644 --- a/demos/src/demo_sm4_cbc_padding.c +++ b/demos/src/sm4_cbc_padding_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm4_cbc_sm3_hmac_demo.c b/demos/src/sm4_cbc_sm3_hmac_demo.c new file mode 100644 index 000000000..c2892f2e8 --- /dev/null +++ b/demos/src/sm4_cbc_sm3_hmac_demo.c @@ -0,0 +1,100 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + int ret = -1; + uint8_t key[SM4_CBC_SM3_HMAC_KEY_SIZE]; + uint8_t iv[SM4_CBC_SM3_HMAC_IV_SIZE]; + SM4_CBC_SM3_HMAC_CTX ctx; + uint8_t aad[] = "Additianal Authenticated Data, authenticated only, not encrypted"; + uint8_t m1[] = "Plaintext part 1, to be encrypted and authenticated."; + uint8_t m2[] = "Plaintext part 2, to be encrypted and authenticated."; + uint8_t c[256]; + uint8_t d[256]; + uint8_t *p; + size_t clen, dlen, len; + + if (rand_bytes(key, sizeof(key)) != 1 + || rand_bytes(iv, sizeof(iv)) != 1) { + fprintf(stderr, "rand_bytes() error\n"); + goto end; + } + + // encrypt + + if (sm4_cbc_sm3_hmac_encrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) { + fprintf(stderr, "sm4_cbc_sm3_hmac_encrypt_init() error\n"); + goto end; + } + + p = c; + clen = 0; + + if (sm4_cbc_sm3_hmac_encrypt_update(&ctx, m1, sizeof(m1)-1, p, &len) != 1) { + fprintf(stderr, "sm4_cbc_sm3_hmac_encrypt_update() error\n"); + goto end; + } + p += len; + clen += len; + + if (sm4_cbc_sm3_hmac_encrypt_update(&ctx, m2, sizeof(m2), p, &len) != 1) { + fprintf(stderr, "sm4_cbc_sm3_hmac_encrypt_update() error\n"); + goto end; + } + p += len; + clen += len; + + if (sm4_cbc_sm3_hmac_encrypt_finish(&ctx, p, &len) != 1) { + fprintf(stderr, "sm4_cbc_sm3_hmac_encrypt_finish() error\n"); + goto end; + } + clen += len; + + // decrypt + + if (sm4_cbc_sm3_hmac_decrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) { + fprintf(stderr, "sm4_cbc_sm3_hmac_decrypt_init() error\n"); + goto end; + } + + p = d; + dlen = 0; + + if (sm4_cbc_sm3_hmac_decrypt_update(&ctx, c, clen, p, &len) != 1) { + fprintf(stderr, "sm4_cbc_sm3_hmac_decrypt_update() error\n"); + goto end; + } + p += len; + dlen += len; + + if (sm4_cbc_sm3_hmac_decrypt_finish(&ctx, p, &len) != 1) { + fprintf(stderr, "sm4_cbc_sm3_hmac_decrypt_finish() error\n"); + goto end; + } + dlen += len; + + printf("Decrypted: %s\n", (char *)d); + + ret = 0; + +end: + gmssl_secure_clear(key, sizeof(key)); + gmssl_secure_clear(&ctx, sizeof(ctx)); + return ret; +} diff --git a/demos/src/sm4_consts_demo.c b/demos/src/sm4_consts_demo.c new file mode 100644 index 000000000..036246efe --- /dev/null +++ b/demos/src/sm4_consts_demo.c @@ -0,0 +1,22 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + +int main(void) +{ + printf("%lld\n", SM4_GCM_IV_MAX_SIZE); + printf("%lld\n", SM4_GCM_MAX_AAD_SIZE); + printf("%lld\n", SM4_GCM_MAX_PLAINTEXT_SIZE); + return 0; +} diff --git a/demos/src/demo_sm4_ctr.c b/demos/src/sm4_ctr_demo.c similarity index 95% rename from demos/src/demo_sm4_ctr.c rename to demos/src/sm4_ctr_demo.c index 53ba8e3e8..fa80d3e0a 100644 --- a/demos/src/demo_sm4_ctr.c +++ b/demos/src/sm4_ctr_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/demo_sm4_ctr_encrypt_update.c b/demos/src/sm4_ctr_encrypt_update_demo.c similarity index 95% rename from demos/src/demo_sm4_ctr_encrypt_update.c rename to demos/src/sm4_ctr_encrypt_update_demo.c index 1d580f651..cfeb5125c 100644 --- a/demos/src/demo_sm4_ctr_encrypt_update.c +++ b/demos/src/sm4_ctr_encrypt_update_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm4_ctr_sm3_hmac_demo.c b/demos/src/sm4_ctr_sm3_hmac_demo.c new file mode 100644 index 000000000..46b57e54d --- /dev/null +++ b/demos/src/sm4_ctr_sm3_hmac_demo.c @@ -0,0 +1,102 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + int ret = -1; + uint8_t key[SM4_CTR_SM3_HMAC_KEY_SIZE]; + uint8_t iv[SM4_CTR_SM3_HMAC_IV_SIZE]; + SM4_CTR_SM3_HMAC_CTX ctx; + uint8_t aad[] = "Additianal Authenticated Data, authenticated only, not encrypted"; + uint8_t m1[] = "Plaintext part 1, to be encrypted and authenticated."; + size_t m1len = sizeof(m1) - 1; + uint8_t m2[] = "Plaintext part 2, to be encrypted and authenticated."; + + uint8_t c[256]; + uint8_t d[256]; + uint8_t *p; + size_t clen, dlen, len; + + if (rand_bytes(key, sizeof(key)) != 1 + || rand_bytes(iv, sizeof(iv)) != 1) { + fprintf(stderr, "rand_bytes() error\n"); + goto end; + } + + // encrypt + + if (sm4_ctr_sm3_hmac_encrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) { + fprintf(stderr, "sm4_ctr_sm3_hmac_encrypt_init() error\n"); + goto end; + } + + p = c; + clen = 0; + + if (sm4_ctr_sm3_hmac_encrypt_update(&ctx, m1, sizeof(m1)-1, p, &len) != 1) { + fprintf(stderr, "sm4_ctr_sm3_hmac_encrypt_update() error\n"); + goto end; + } + p += len; + clen += len; + + if (sm4_ctr_sm3_hmac_encrypt_update(&ctx, m2, sizeof(m2), p, &len) != 1) { + fprintf(stderr, "sm4_ctr_sm3_hmac_encrypt_update() error\n"); + goto end; + } + p += len; + clen += len; + + if (sm4_ctr_sm3_hmac_encrypt_finish(&ctx, p, &len) != 1) { + fprintf(stderr, "sm4_ctr_sm3_hmac_encrypt_finish() error\n"); + goto end; + } + clen += len; + + // decrypt + + if (sm4_ctr_sm3_hmac_decrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad)) != 1) { + fprintf(stderr, "sm4_ctr_sm3_hmac_decrypt_init() error\n"); + goto end; + } + + p = d; + dlen = 0; + + if (sm4_ctr_sm3_hmac_decrypt_update(&ctx, c, clen, p, &len) != 1) { + fprintf(stderr, "sm4_ctr_sm3_hmac_decrypt_update() error\n"); + goto end; + } + p += len; + dlen += len; + + if (sm4_ctr_sm3_hmac_decrypt_finish(&ctx, p, &len) != 1) { + fprintf(stderr, "sm4_ctr_sm3_hmac_decrypt_finish() error\n"); + goto end; + } + dlen += len; + + printf("Decrypted: %s\n", (char *)d); + + ret = 0; + +end: + gmssl_secure_clear(key, sizeof(key)); + gmssl_secure_clear(&ctx, sizeof(ctx)); + return ret; +} diff --git a/demos/src/demo_sm4.c b/demos/src/sm4_demo.c similarity index 88% rename from demos/src/demo_sm4.c rename to demos/src/sm4_demo.c index fbc0fd993..67e4b9ff8 100644 --- a/demos/src/demo_sm4.c +++ b/demos/src/sm4_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -36,12 +36,13 @@ int main(void) } printf("\n"); - printf("plaintext: "); + printf("plaintext : "); for (i = 0; i < sizeof(mbuf); i++) { printf("%02X", mbuf[i]); } printf("\n"); + // SM4 encrypt a block sm4_set_encrypt_key(&sm4_key, key); sm4_encrypt(&sm4_key, mbuf, cbuf); @@ -51,10 +52,11 @@ int main(void) } printf("\n"); + // SM4 decrypt a block sm4_set_decrypt_key(&sm4_key, key); sm4_decrypt(&sm4_key, cbuf, pbuf); - printf("decrypted: "); + printf("decrypted : "); for (i = 0; i < sizeof(pbuf); i++) { printf("%02X", pbuf[i]); } diff --git a/demos/src/sm4_ecb_demo.c b/demos/src/sm4_ecb_demo.c new file mode 100644 index 000000000..b9269870f --- /dev/null +++ b/demos/src/sm4_ecb_demo.c @@ -0,0 +1,56 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include + + +int main(void) +{ + SM4_KEY sm4_key; + unsigned char key[SM4_KEY_SIZE]; + uint8_t data[SM4_BLOCK_SIZE * 3]; + uint8_t *p; + size_t i; + + rand_bytes(key, sizeof(key)); + + // Plaintext block #1 and #3 are the same + rand_bytes(data, SM4_BLOCK_SIZE * 2); + memcpy(data + SM4_BLOCK_SIZE * 2, data, SM4_BLOCK_SIZE); + + format_bytes(stdout, 0, 0, "key", key, sizeof(key)); + format_bytes(stdout, 0, 0, "ECB Plaintext ", data, sizeof(data)); + + // SM4-ECB encrypt + sm4_set_encrypt_key(&sm4_key, key); + + p = data; + for (i = 0; i < sizeof(data)/SM4_BLOCK_SIZE; i++) { + sm4_encrypt(&sm4_key, p, p); + p += SM4_BLOCK_SIZE; + } + format_bytes(stdout, 0, 0, "ECB Ciphertext", data, sizeof(data)); + + // SM4-ECB decrypt + sm4_set_decrypt_key(&sm4_key, key); + + p = data; + for (i = 0; i < sizeof(data)/SM4_BLOCK_SIZE; i++) { + sm4_decrypt(&sm4_key, p, p); + p += SM4_BLOCK_SIZE; + } + format_bytes(stdout, 0, 0, "ECB Plaintext ", data, sizeof(data)); + + return 0; +} diff --git a/demos/src/sm4_gcm_ctx_demo.c b/demos/src/sm4_gcm_ctx_demo.c new file mode 100644 index 000000000..b10f616d2 --- /dev/null +++ b/demos/src/sm4_gcm_ctx_demo.c @@ -0,0 +1,100 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + int ret = -1; + uint8_t key[SM4_GCM_KEY_SIZE]; + uint8_t iv[SM4_GCM_DEFAULT_IV_SIZE]; + SM4_GCM_CTX ctx; + uint8_t aad[] = "Additianal Authenticated Data, authenticated only, not encrypted"; + uint8_t m1[] = "Plaintext part 1, to be encrypted and authenticated."; + uint8_t m2[] = "Plaintext part 2, to be encrypted and authenticated."; + uint8_t c[256]; + uint8_t d[256]; + uint8_t *p; + size_t clen, dlen, len; + + if (rand_bytes(key, sizeof(key)) != 1 + || rand_bytes(iv, sizeof(iv)) != 1) { + fprintf(stderr, "rand_bytes() error\n"); + goto end; + } + + // encrypt + + if (sm4_gcm_encrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad), SM4_GCM_DEFAULT_TAG_SIZE) != 1) { + fprintf(stderr, "sm4_gcm_encrypt_init() error\n"); + goto end; + } + + p = c; + clen = 0; + + if (sm4_gcm_encrypt_update(&ctx, m1, sizeof(m1)-1, p, &len) != 1) { + fprintf(stderr, "sm4_gcm_encrypt_update() error\n"); + goto end; + } + p += len; + clen += len; + + if (sm4_gcm_encrypt_update(&ctx, m2, sizeof(m2), p, &len) != 1) { + fprintf(stderr, "sm4_gcm_encrypt_update() error\n"); + goto end; + } + p += len; + clen += len; + + if (sm4_gcm_encrypt_finish(&ctx, p, &len) != 1) { + fprintf(stderr, "sm4_gcm_encrypt_finish() error\n"); + goto end; + } + clen += len; + + // decrypt + + if (sm4_gcm_decrypt_init(&ctx, key, sizeof(key), iv, sizeof(iv), aad, sizeof(aad), SM4_GCM_DEFAULT_TAG_SIZE) != 1) { + fprintf(stderr, "sm4_gcm_decrypt_init() error\n"); + goto end; + } + + p = d; + dlen = 0; + + if (sm4_gcm_decrypt_update(&ctx, c, clen, p, &len) != 1) { + fprintf(stderr, "sm4_gcm_decrypt_update() error\n"); + goto end; + } + p += len; + dlen += len; + + if (sm4_gcm_decrypt_finish(&ctx, p, &len) != 1) { + fprintf(stderr, "sm4_gcm_decrypt_finish() error\n"); + goto end; + } + dlen += len; + + printf("Decrypted: %s\n", (char *)d); + + ret = 0; + +end: + gmssl_secure_clear(key, sizeof(key)); + gmssl_secure_clear(&ctx, sizeof(ctx)); + return ret; +} diff --git a/demos/src/demo_sm4_gcm.c b/demos/src/sm4_gcm_demo.c similarity index 96% rename from demos/src/demo_sm4_gcm.c rename to demos/src/sm4_gcm_demo.c index e1a8cdd45..e4183bab4 100644 --- a/demos/src/demo_sm4_gcm.c +++ b/demos/src/sm4_gcm_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/sm4_key_demo.c b/demos/src/sm4_key_demo.c new file mode 100644 index 000000000..aee0e59a0 --- /dev/null +++ b/demos/src/sm4_key_demo.c @@ -0,0 +1,46 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include + + +int main(void) +{ + SM4_KEY sm4_key; + uint8_t key[SM4_KEY_SIZE]; + int i; + + rand_bytes(key, sizeof(key)); + + format_bytes(stdout, 0, 0, "SM4 Raw Key", key, sizeof(key)); + printf("\n"); + + sm4_set_encrypt_key(&sm4_key, key); + + printf("SM4 Round Keys for Encryption\n"); + for (i = 0; i < SM4_NUM_ROUNDS; i++) { + printf(" %08x\n", sm4_key.rk[i]); + } + printf("\n"); + + sm4_set_decrypt_key(&sm4_key, key); + + printf("SM4 Round Keys for Decryption\n"); + for (i = 0; i < SM4_NUM_ROUNDS; i++) { + printf(" %08x\n", sm4_key.rk[i]); + } + printf("\n"); + + return 0; +} diff --git a/demos/src/demo_sm9_encrypt.c b/demos/src/sm9_encrypt_demo.c similarity index 94% rename from demos/src/demo_sm9_encrypt.c rename to demos/src/sm9_encrypt_demo.c index e5d272965..b15b85fb6 100644 --- a/demos/src/demo_sm9_encrypt.c +++ b/demos/src/sm9_encrypt_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/demo_sm9_keygen.c b/demos/src/sm9_keygen_demo.c similarity index 92% rename from demos/src/demo_sm9_keygen.c rename to demos/src/sm9_keygen_demo.c index 0c645ffdb..21030d298 100644 --- a/demos/src/demo_sm9_keygen.c +++ b/demos/src/sm9_keygen_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/demo_sm9_sign.c b/demos/src/sm9_sign_demo.c similarity index 95% rename from demos/src/demo_sm9_sign.c rename to demos/src/sm9_sign_demo.c index f7d5b1908..c78e81b99 100644 --- a/demos/src/demo_sm9_sign.c +++ b/demos/src/sm9_sign_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. @@ -39,7 +39,6 @@ int main(void) format_bytes(stdout, 0, 0, "signature", sig, siglen); - sm9_sign_master_public_key_to_der(&sign_master, &p, &len); sm9_sign_master_public_key_from_der(&sign_master_public, &cp, &len); @@ -48,6 +47,5 @@ int main(void) ret = sm9_verify_finish(&sign_ctx, sig, siglen, &sign_master_public, id, strlen(id)); printf("verify %s\n", ret == 1 ? "success" : "failure"); - return 0; } diff --git a/demos/src/tlcp_get_demo.c b/demos/src/tlcp_get_demo.c new file mode 100644 index 000000000..531573611 --- /dev/null +++ b/demos/src/tlcp_get_demo.c @@ -0,0 +1,106 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include +#include + + +int main(int argc, char *argv[]) +{ + int ret = -1; + + + const int cipher = TLS_cipher_ecc_sm4_cbc_sm3; + struct hostent *hp; + int port = 443; + + struct sockaddr_in server; + int sock; + TLS_CTX ctx; + TLS_CONNECT conn; + + + char request[1024]; + uint8_t buf[16800]; + char *p; + size_t len; + + if (argc != 2) { + fprintf(stderr, "example: tlcp_get https://sm2only.ovssl.cn\n"); + return 1; + } + + if (!(url = parse_url(argv[1]))) { + fprintf(stderr, "parse url '%s' failure\n", argv[1]); + return 1; + } + if (!(hp = gethostbyname(url->host))) { + herror("tlcp_client: '-host' invalid"); + goto end; + } + if (url->port != -1) { + port = url->port; + } + + server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]); + server.sin_family = AF_INET; + server.sin_port = htons(port); + + if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket"); + goto end; + } + if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) { + perror("connect"); + goto end; + } + + memset(&ctx, 0, sizeof(ctx)); + memset(&conn, 0, sizeof(conn)); + + tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode); + tls_ctx_set_cipher_suites(&ctx, &cipher, 1); + tls_init(&conn, &ctx); + tls_set_socket(&conn, sock); + + if (tls_do_handshake(&conn) != 1) { + fprintf(stderr, "%s: error\n", prog); + goto end; + } + + snprintf(request, sizeof(request)-1, "GET %s HTTP/1.1\r\nHost: %s\r\n\r\n", + url->path ? url->path : "/", + url->host); + + tls_send(&conn, (uint8_t *)request, strlen(request), &len); + + if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) { + fprintf(stderr, "recv failure\n"); + goto end; + } + buf[len] = 0; + + p = strstr((char *)buf, "\r\n\r\n"); + if (p) { + printf("%s", p + 4); + fflush(stdout); + } + +end: + free_url_components(url); + close(sock); + tls_ctx_cleanup(&ctx); + tls_cleanup(&conn); + return 0; +} diff --git a/demos/src/tlcp_post_demo.c b/demos/src/tlcp_post_demo.c new file mode 100644 index 000000000..eebdbee38 --- /dev/null +++ b/demos/src/tlcp_post_demo.c @@ -0,0 +1,113 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +int main(int argc, char *argv[]) +{ + int ret = -1; + char *prog = argv[0]; + const int cipher = TLS_cipher_ecc_sm4_cbc_sm3; + URL_COMPONENTS *url; + struct hostent *hp; + int port = 443; + struct sockaddr_in server; + int sock; + TLS_CTX ctx; + TLS_CONNECT conn; + char request[1024]; + uint8_t buf[16800]; + char *p; + size_t len; + + if (argc != 2) { + fprintf(stderr, "example: echo \"key=word\" | tlcp_post https://sm2only.ovssl.cn\n"); + return 1; + } + + if (!(url = parse_url(argv[1]))) { + fprintf(stderr, "parse url '%s' failure\n", argv[1]); + return 1; + } + if (!(hp = gethostbyname(url->host))) { + herror("tlcp_client: '-host' invalid"); + goto end; + } + if (url->port != -1) { + port = url->port; + } + + server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]); + server.sin_family = AF_INET; + server.sin_port = htons(port); + + if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket"); + goto end; + } + if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) { + perror("connect"); + goto end; + } + + memset(&ctx, 0, sizeof(ctx)); + memset(&conn, 0, sizeof(conn)); + + tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode); + tls_ctx_set_cipher_suites(&ctx, &cipher, 1); + tls_init(&conn, &ctx); + tls_set_socket(&conn, sock); + + if (tls_do_handshake(&conn) != 1) { + fprintf(stderr, "%s: error\n", prog); + goto end; + } + + snprintf(request, sizeof(request)-1, "POST %s HTTP/1.1\r\nHost: %s\r\n\r\n", + url->path ? url->path : "/", + url->host); + + tls_send(&conn, (uint8_t *)request, strlen(request), &len); + + len = fread(buf, 1, sizeof(buf), stdin); + if (len) { + tls_send(&conn, buf, len, &len); + } + + if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) { + fprintf(stderr, "recv failure\n"); + goto end; + } + buf[len] = 0; + + p = strstr((char *)buf, "\r\n\r\n"); + if (p) { + printf("%s", p + 4); + fflush(stdout); + } + +end: + free_url_components(url); + close(sock); + tls_ctx_cleanup(&ctx); + tls_cleanup(&conn); + return 0; +} diff --git a/demos/src/version_demo.c b/demos/src/version_demo.c new file mode 100644 index 000000000..eb1e75bb5 --- /dev/null +++ b/demos/src/version_demo.c @@ -0,0 +1,26 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + + +int main(int argc, char **argv) +{ + if (gmssl_version_num() < 30100) { + fprintf(stderr, "GmSSL version is lower than 3.0.0\n"); + return 1; + } + printf("GmSSL version: %s\n", gmssl_version_str()); + + return 0; +} diff --git a/demos/src/x509_cert_check_demo.c b/demos/src/x509_cert_check_demo.c new file mode 100644 index 000000000..84c984ecb --- /dev/null +++ b/demos/src/x509_cert_check_demo.c @@ -0,0 +1,88 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + +char *pem = +"-----BEGIN CERTIFICATE-----\n" +"MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG\n" +"EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw\n" +"MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO\n" +"UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" +"MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT\n" +"V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti\n" +"W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ\n" +"MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b\n" +"53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI\n" +"pDoiVhsLwg==\n" +"-----END CERTIFICATE-----\n"; + +static int prepare_pem_file(void) +{ + FILE *fp; + + if (!(fp = fopen("cert.pem", "wb"))) { + fprintf(stderr, "fopen() error\n"); + return -1; + } + + if (fwrite(pem, 1, strlen(pem), fp) != strlen(pem)) { + fprintf(stderr, "fwrite() error\n"); + return -1; + } + + fclose(fp); + return 1; +} + +int main(int argc, char **argv) +{ + int ret = -1; + FILE *fp = NULL; + uint8_t cert[2048]; + size_t certlen; + int cert_type = X509_cert_root_ca; + /* + cert_type options: + X509_cert_server_auth, + X509_cert_client_auth, + X509_cert_server_key_encipher, + X509_cert_client_key_encipher, + X509_cert_ca, + X509_cert_root_ca, + X509_cert_crl_sign, + */ + int path_len_constraint; + + (void)prepare_pem_file(); + + if (!(fp = fopen("cert.pem", "rb"))) { + fprintf(stderr, "fopen() cert.pem error\n"); + goto err; + } + + if (x509_cert_from_pem(cert, &certlen, sizeof(cert), fp) != 1) { + fprintf(stderr, "x509_cert_from_pem() error\n"); + goto err; + } + + if (x509_cert_check(cert, certlen, cert_type, &path_len_constraint) != 1) { + fprintf(stderr, "invalid cert\n"); + goto err; + } + + ret = 0; +err: + if (fp) fclose(fp); + return ret; +} diff --git a/demos/src/x509_cert_parse_demo.c b/demos/src/x509_cert_parse_demo.c new file mode 100644 index 000000000..33a51ee3b --- /dev/null +++ b/demos/src/x509_cert_parse_demo.c @@ -0,0 +1,100 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + +char *pem = +"-----BEGIN CERTIFICATE-----\n" +"MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG\n" +"EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw\n" +"MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO\n" +"UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" +"MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT\n" +"V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti\n" +"W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ\n" +"MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b\n" +"53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI\n" +"pDoiVhsLwg==\n" +"-----END CERTIFICATE-----\n"; + +static int prepare_pem_file(void) +{ + FILE *fp; + + if (!(fp = fopen("cert.pem", "wb"))) { + fprintf(stderr, "fopen() error\n"); + return -1; + } + + if (fwrite(pem, 1, strlen(pem), fp) != strlen(pem)) { + fprintf(stderr, "fwrite() error\n"); + return -1; + } + + fclose(fp); + return 1; +} + +int main(int argc, char **argv) +{ + int ret = -1; + FILE *fp = NULL; + uint8_t cert[2048]; + size_t certlen; + const uint8_t *serial; + size_t serial_len; + const uint8_t *issuer; + size_t issuer_len; + const uint8_t *subject; + size_t subject_len; + SM2_KEY subject_public_key; + size_t i; + + (void)prepare_pem_file(); + + if (!(fp = fopen("cert.pem", "rb"))) { + fprintf(stderr, "fopen() cert.pem error\n"); + goto err; + } + + if (x509_cert_from_pem(cert, &certlen, sizeof(cert), fp) != 1) { + fprintf(stderr, "x509_cert_from_pem() error\n"); + goto err; + } + + if (x509_cert_get_issuer_and_serial_number(cert, certlen, &issuer, &issuer_len, &serial, &serial_len) != 1) + goto err; + if (x509_cert_get_subject(cert, certlen, &subject, &subject_len) != 1) + goto err; + if (x509_cert_get_subject_public_key(cert, certlen, &subject_public_key) != 1) + goto err; + + if (x509_name_equ(subject, subject_len, issuer, issuer_len) == 1) { + printf("This is self-signed certificate\n"); + } + + printf("SerialNumber: "); + for (i = 0; i < serial_len; i++) { + printf("%02X", serial[i]); + } + printf("\n"); + + x509_name_print(stdout, 0, 0, "Issuer", issuer, issuer_len); + x509_name_print(stdout, 0, 0, "Subject", subject, subject_len); + sm2_public_key_print(stdout, 0, 0, "SubjectPublicKey", &subject_public_key); + + ret = 0; +err: + if (fp) fclose(fp); + return ret; +} diff --git a/demos/src/x509_cert_print_demo.c b/demos/src/x509_cert_print_demo.c new file mode 100644 index 000000000..0458bcb5e --- /dev/null +++ b/demos/src/x509_cert_print_demo.c @@ -0,0 +1,72 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + +char *pem = +"-----BEGIN CERTIFICATE-----\n" +"MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG\n" +"EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw\n" +"MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO\n" +"UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE\n" +"MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT\n" +"V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti\n" +"W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ\n" +"MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b\n" +"53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI\n" +"pDoiVhsLwg==\n" +"-----END CERTIFICATE-----\n"; + +static int prepare_pem_file(void) +{ + FILE *fp; + + if (!(fp = fopen("cert.pem", "wb"))) { + fprintf(stderr, "fopen() error\n"); + return -1; + } + + if (fwrite(pem, 1, strlen(pem), fp) != strlen(pem)) { + fprintf(stderr, "fwrite() error\n"); + return -1; + } + + fclose(fp); + return 1; +} + +int main(int argc, char **argv) +{ + int ret = -1; + FILE *fp = NULL; + uint8_t cert[2048]; + size_t certlen; + + (void)prepare_pem_file(); + + if (!(fp = fopen("cert.pem", "rb"))) { + fprintf(stderr, "fopen() cert.pem error\n"); + goto err; + } + + if (x509_cert_from_pem(cert, &certlen, sizeof(cert), fp) != 1) { + fprintf(stderr, "x509_cert_from_pem() error\n"); + goto err; + } + x509_cert_print(stdout, 0, 0, "Certificate", cert, certlen); + + ret = 0; +err: + if (fp) fclose(fp); + return ret; +} diff --git a/demos/src/x509_cert_verify_demo.c b/demos/src/x509_cert_verify_demo.c new file mode 100644 index 000000000..2afad1777 --- /dev/null +++ b/demos/src/x509_cert_verify_demo.c @@ -0,0 +1,159 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + + +#include +#include +#include +#include + +char *signcert_pem = +"-----BEGIN CERTIFICATE-----\n" +"MIICzzCCAnKgAwIBAgIFEzY5M3AwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD\n" +"TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2\n" +"MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD\n" +"VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF\n" +"rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN\n" +"ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPsNUnoZQM9C\n" +"SnvC57TbvdfyOTCuPOSlZmPAyxBKFj+Y1QH/xlubHdVf5XqHrO1jCDRi7aN5IKGX\n" +"QF1492c803OjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB\n" +"ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF\n" +"BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f\n" +"BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j\n" +"cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCBsAwHQYD\n" +"VR0OBBYEFJ6oFo/OrKgDhHFORpaq04kX7T1KMB0GA1UdJQQWMBQGCCsGAQUFBwMC\n" +"BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0kAMEYCIQCvhSvbv5h6ERl1YcCLg+fz\n" +"9UleQbaPfBYwUjUD2dAHVQIhAMRC4k9S/mSC0UpUvCqh/DQC2Ui8Tccd5G2IgYSs\n" +"cnUN\n" +"-----END CERTIFICATE-----\n"; + +char *enccert_pem = +"-----BEGIN CERTIFICATE-----\n" +"MIICzjCCAnKgAwIBAgIFEzY5M3EwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD\n" +"TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2\n" +"MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD\n" +"VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF\n" +"rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN\n" +"ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMn1q+hbV0i1\n" +"qnKAy7QeZ3ZfAD+gqHX4F5MqIhsarODlWsavf/dcprC0F277zc44aYBB/3ucy4PF\n" +"qXaRHQp8PEyjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB\n" +"ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF\n" +"BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f\n" +"BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j\n" +"cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCAzgwHQYD\n" +"VR0OBBYEFF/a1JHvzLzbpFbBljX7hNxRpj/2MB0GA1UdJQQWMBQGCCsGAQUFBwMC\n" +"BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0gAMEUCIQDCOFi1eZcgiN6t+h6lxLwS\n" +"grAh3Jall+ZyA2ePw6xcjwIgNyDvo761dpwJhcyWfyVCAnaTf0Vf4DLWI1K+S7po\n" +"Ur8=\n" +"-----END CERTIFICATE-----\n"; + + +char *cacert_pem = +"-----BEGIN CERTIFICATE-----\n" +"MIICNTCCAdmgAwIBAgIFEAAAAAgwDAYIKoEcz1UBg3UFADBYMQswCQYDVQQGEwJD\n" +"TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y\n" +"aXR5MRcwFQYDVQQDDA5DRkNBIENTIFNNMiBDQTAeFw0xMzAxMjQwODQ2NDBaFw0z\n" +"MzAxMTkwODQ2NDBaMCUxCzAJBgNVBAYTAkNOMRYwFAYDVQQKDA1DRkNBIFNNMiBP\n" +"Q0ExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEfJqQoo0+JoyCRy0msS2Ym076\n" +"8nV1pSLuK9utS1ij38obWDymq0oMRRwUzDMEQI19Cajo3JUoGFxOvsA+YWu3XKOB\n" +"wDCBvTAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD\n" +"AQH/MGAGA1UdHwRZMFcwVaBToFGkTzBNMQswCQYDVQQGEwJDTjETMBEGA1UECgwK\n" +"Q0ZDQSBDUyBDQTEMMAoGA1UECwwDQ1JMMQwwCgYDVQQLDANTTTIxDTALBgNVBAMM\n" +"BGNybDEwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBRck1ggWiRzVhAbZFAQ7OmnygdB\n" +"ETAMBggqgRzPVQGDdQUAA0gAMEUCIBVscoZJhUy4eToK4C//LjvhjKK2qpBFac/h\n" +"Pr6yYTLzAiEAiyqrqsGUU5vGkDo5bEpmF1EbnY8xovsM9vCx98yBrVM=\n" +"-----END CERTIFICATE-----\n"; + +char *rootcacert_pem = +"-----BEGIN CERTIFICATE-----\n" +"MIICAzCCAaegAwIBAgIEFy9CWTAMBggqgRzPVQGDdQUAMFgxCzAJBgNVBAYTAkNO\n" +"MTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp\n" +"dHkxFzAVBgNVBAMMDkNGQ0EgQ1MgU00yIENBMB4XDTEyMDgzMTAyMDY1OVoXDTQy\n" +"MDgyNDAyMDY1OVowWDELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFu\n" +"Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEXMBUGA1UEAwwOQ0ZDQSBDUyBT\n" +"TTIgQ0EwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATuRh26wmtyKNMz+Pmneo3a\n" +"Sme+BCjRon8SvAxZBgLSuIxNUewq4kNujeb1I4A0yg7xNcjuOgXglAoQv+Tc+P0V\n" +"o10wWzAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD\n" +"AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU5I7d1KPntg/uHSeWzXXcJSVyad0w\n" +"DAYIKoEcz1UBg3UFAANIADBFAiBhP/rmIvles3RK1FfcmmEeS9RZdu+5lCzxF0nk\n" +"cof2QAIhAPVRpqOuceEQHsR77FBe/DgVPqF6lOyoZs0TzTDHrN8c\n" +"-----END CERTIFICATE-----\n"; + +static int prepare_pem_file(void) +{ + FILE *fp; + + if (!(fp = fopen("double_certs_chain.pem", "wb"))) { + fprintf(stderr, "fopen() error\n"); + return -1; + } + if (fwrite(signcert_pem, 1, strlen(signcert_pem), fp) != strlen(signcert_pem) + || fwrite(enccert_pem, 1, strlen(enccert_pem), fp) != strlen(enccert_pem) + || fwrite(cacert_pem, 1, strlen(cacert_pem), fp) != strlen(cacert_pem)) { + fprintf(stderr, "fwrite() error\n"); + return -1; + } + fclose(fp); + + if (!(fp = fopen("rootcacert.pem", "wb"))) { + fprintf(stderr, "fopen() error\n"); + return -1; + } + if (fwrite(rootcacert_pem, 1, strlen(rootcacert_pem), fp) != strlen(rootcacert_pem)) { + fprintf(stderr, "fwrite() error\n"); + return -1; + } + fclose(fp); + + return 1; +} + +int main(int argc, char **argv) +{ + int ret = -1; + FILE *fp = NULL; + uint8_t certs[4096]; + size_t certslen; + uint8_t rootcacert[1024]; + size_t rootcacertlen; + + (void)prepare_pem_file(); + + + if (!(fp = fopen("double_certs_chain.pem", "rb"))) { + fprintf(stderr, "fopen() error\n"); + goto err; + } + if (x509_certs_from_pem(certs, &certslen, sizeof(certs), fp) != 1) { + fprintf(stderr, "x509_certs_from_pem() error\n"); + goto err; + } + fclose(fp); + + if (!(fp = fopen("rootcacert.pem", "rb"))) { + fprintf(stderr, "fopen() error\n"); + goto err; + } + if (x509_cert_from_pem(rootcacert, &rootcacertlen, sizeof(rootcacert), fp) != 1) { + fprintf(stderr, "x509_cert_from_pem() error\n"); + goto err; + } + + int cert_type = X509_cert_chain_client; + int verify_result = 0; + if (x509_certs_verify_tlcp(certs, certslen, cert_type, rootcacert, rootcacertlen, 6, &verify_result) != 1) { + fprintf(stderr, "x509_certs_verify_tlcp() error\n"); + goto err; + } + + ret = 0; +err: + if (fp) fclose(fp); + return ret; +} diff --git a/demos/src/x509_crl_download_demo.c b/demos/src/x509_crl_download_demo.c new file mode 100644 index 000000000..eea460913 --- /dev/null +++ b/demos/src/x509_crl_download_demo.c @@ -0,0 +1,53 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + + +char *http_uri = "http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2002.crl"; +char *file_name = "Microsoft RSA TLS CA 02.crl"; + +int main(int argc, char **argv) +{ + int ret = -1; + uint8_t *crl = NULL; + size_t crllen; + FILE *fp = NULL; + + printf("Demo - Download CRL from HTTP\n\n"); + + printf(" Download from %s\n", http_uri); + + if (x509_crl_new_from_uri(&crl, &crllen, http_uri, strlen(http_uri)) != 1) { + fprintf(stderr, "x509_crl_new_from_uri() error\n"); + goto err; + } + + //x509_crl_print(stdout, 0, 0, "CRL", crl, crllen); + + if (!(fp = fopen(file_name, "wb"))) { + fprintf(stderr, "fopen() error\n"); + goto err; + } + fwrite(crl, 1, crllen, fp); + + printf(" Save to %s\n", file_name); + printf(" Run `gmssl crlparse -in \"%s\"` to print the downloaded CRL\n", file_name); + printf("\n"); + + ret = 0; +err: + if (crl) free(crl); + if (fp) fclose(fp); + return ret; +} diff --git a/demos/src/x509_crl_find_revoked_cert_demo.c b/demos/src/x509_crl_find_revoked_cert_demo.c new file mode 100644 index 000000000..fcc12d529 --- /dev/null +++ b/demos/src/x509_crl_find_revoked_cert_demo.c @@ -0,0 +1,68 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +// 为了这些demo,应该准备好测试的文件,而不是把文件都放在源代码里面 +// 这样会更灵活一些 + +int main(int argc, char **argv) +{ + int ret = -1; + + uint8_t *crl; + size_t crllen; + + char *cert; + size_t certlen; + + const uint8_t *cert_serial; + size_t cert_serial_len; + time_t cert_revoke_date; + const uint8_t *crl_entry_exts; + size_t crl_entry_exts_len; + + int revoked; + + printf("Demo - Check if a Certificate has been revoked in a CRL\n"); + + + if (x509_cert_get_issuer_and_serial_number(cert, certlen, + NULL, NULL, &cert_serial, &cert_serial_len) != 1) { + fprintf(stderr, "x509_cert_get_issuer_and_serial_number() error\n"); + goto err; + } + + if ((revoked = x509_crl_find_revoked_cert_by_serial_number( + crl, crllen, + cert_serial, cert_serial_len, + &cert_revoked_date, + &crl_entry_exts, &crl_entry_exts_len)) == -1) { + + fprintf(stderr, "x509_crl_find_revoked_cert_by_serial_number() error\n"); + goto err; + } + + if (revoked) { + printf(" The certificate has been revoked\n"); + format_bytes(stderr, 0, 4, "SerialNumber", cert_serial, cert_serial_len); + x509_crl_entry_exts_print(stderr, 0, 4, "CRLEntryExts", crl_entry_exts, crl_entry_exts_len); + } else { + printf(" The certificate not in the given CRL\n"); + } + + ret = 0; +err: + if (der) free(der); + return ret; +} diff --git a/demos/src/x509_crl_print_demo.c b/demos/src/x509_crl_print_demo.c new file mode 100644 index 000000000..6ab6fb641 --- /dev/null +++ b/demos/src/x509_crl_print_demo.c @@ -0,0 +1,47 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + + +char *crl_file = "../../demos/certs/crl/Civil Servant ROOT.crl"; + +int main(int argc, char **argv) +{ + int ret = -1; + uint8_t *der = NULL; + size_t derlen; + const uint8_t *cp; + const uint8_t *crl; + size_t crllen; + + printf("Demo - Read and print CRL in DER-encoding\n"); + + if (file_read_all(crl_file, &der, &derlen) != 1) { + fprintf(stderr, "file_read_all() error\n"); + goto err; + } + + cp = der; + if (x509_crl_from_der(&crl, &crllen, &cp, &derlen) != 1) { + fprintf(stderr, "x509_crl_from_der() error\n"); + goto err; + } + + x509_crl_print(stdout, 0, 0, "CRL", crl, crllen); + + ret = 0; +err: + if (der) free(der); + return ret; +} diff --git a/demos/src/x509_crl_verify_demo.c b/demos/src/x509_crl_verify_demo.c new file mode 100644 index 000000000..af17926da --- /dev/null +++ b/demos/src/x509_crl_verify_demo.c @@ -0,0 +1,46 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +// 为了这些demo,应该准备好测试的文件,而不是把文件都放在源代码里面 +// 这样会更灵活一些 + +int main(int argc, char **argv) +{ + int ret = -1; + + uint8_t *crl; + size_t crllen; + char *cacert; + size_t cacertlen; + + printf("Demo - Check if a Certificate has been revoked in a CRL\n"); + + +126 if ((rv = x509_crl_verify_by_ca_cert(crl, crl_len, cacert, cacertlen, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID))) < 0) { +127 fprintf(stderr, "%s: verification inner error\n", prog); +128 goto end; +129 } + + + + + + + ret = 0; +err: + if (crl) free(crl); + if (cacert) free(cacert); + return ret; +} diff --git a/demos/src/demo_zuc.c b/demos/src/zuc_demo.c similarity index 94% rename from demos/src/demo_zuc.c rename to demos/src/zuc_demo.c index 6838ce123..d00994067 100644 --- a/demos/src/demo_zuc.c +++ b/demos/src/zuc_demo.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. diff --git a/demos/src/zuc_encrypt_stdin_demo.c b/demos/src/zuc_encrypt_stdin_demo.c new file mode 100644 index 000000000..d00994067 --- /dev/null +++ b/demos/src/zuc_encrypt_stdin_demo.c @@ -0,0 +1,50 @@ +/* + * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the License); you may + * not use this file except in compliance with the License. + * + * http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include + + +int main(void) +{ + ZUC_CTX zuc_ctx; + unsigned char key[16] = { + 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, + 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, + }; + unsigned char iv[16] = { + 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, + 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, + }; + unsigned char inbuf[1024]; + unsigned char outbuf[1024 + 32]; + size_t inlen; + size_t outlen; + + if (zuc_encrypt_init(&zuc_ctx, key, iv) != 1) { + fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); + return 1; + } + while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) { + if (zuc_encrypt_update(&zuc_ctx, inbuf, inlen, outbuf, &outlen) != 1) { + fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); + return 1; + } + fwrite(outbuf, 1, outlen, stdout); + } + if (zuc_encrypt_finish(&zuc_ctx, outbuf, &outlen) != 1) { + fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__); + return 1; + } + fwrite(outbuf, 1, outlen, stdout); + + return 0; +}