From d56eeaac5ae26cc41fb2f38633836f2520346554 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Fri, 17 May 2024 13:12:51 +0800 Subject: [PATCH] Remove warnings --- CMakeLists.txt | 5 +- include/gmssl/tls.h | 2 +- src/asn1.c | 2 +- src/debug.c | 2 +- src/hmac.c | 2 +- src/sm4_ccm.c | 2 +- tests/sm4_cbctest.c | 1 - tests/sm4_ctrtest.c | 2 - tests/sm4test.c | 2 +- tools/copyright.sh | 53 ---- tools/gmssl.c | 16 +- tools/sdftest.c | 487 ++++++++----------------------- tools/{pbkdf2.c => sm3_pbkdf2.c} | 57 ++-- tools/sm4_ccm.c | 2 +- tools/tlcp_client.c | 1 - 15 files changed, 176 insertions(+), 460 deletions(-) delete mode 100755 tools/copyright.sh rename tools/{pbkdf2.c => sm3_pbkdf2.c} (56%) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9d1f3738d..28efe890d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -133,6 +133,7 @@ set(tools tools/sm4_ctr_sm3_hmac.c tools/sm3.c tools/sm3hmac.c + tools/sm3_pbkdf2.c tools/sm3xmss_keygen.c tools/sm2keygen.c tools/sm2sign.c @@ -148,7 +149,6 @@ set(tools tools/zuc.c tools/rand.c tools/ghash.c - tools/pbkdf2.c tools/certgen.c tools/certparse.c tools/certverify.c @@ -507,13 +507,14 @@ endif() if (ENABLE_SDF) message(STATUS "ENABLE_SDF is ON") + add_definitions(-DENABLE_SDF) list(APPEND src src/sdf/sdf.c src/sdf/sdf_lib.c src/sdf/sdf_meth.c src/sdf/sdf_ext.c src/sdf/sdf_sansec.c) - list(APPEND tools tools/sdfutil.c) + list(APPEND tools tools/sdfutil.c tools/sdftest.c) endif() diff --git a/include/gmssl/tls.h b/include/gmssl/tls.h index 940e25b69..ced6d7524 100644 --- a/include/gmssl/tls.h +++ b/include/gmssl/tls.h @@ -408,7 +408,7 @@ typedef struct { #define tls_record_protocol(record) (((uint16_t)((record)[1]) << 8) | (record)[2]) #define tls_record_data(record) ((record)+TLS_RECORD_HEADER_SIZE) #define tls_record_data_length(record) (((uint16_t)((record)[3]) << 8) | (record)[4]) -#define tls_record_length(record) (TLS_RECORD_HEADER_SIZE + tls_record_data_length(record)) +#define tls_record_length(record) ((size_t)(TLS_RECORD_HEADER_SIZE + tls_record_data_length(record))) int tls_record_set_type(uint8_t *record, int type); int tls_record_set_protocol(uint8_t *record, int protocol); diff --git a/src/asn1.c b/src/asn1.c index 515cba25c..a89f7f564 100644 --- a/src/asn1.c +++ b/src/asn1.c @@ -191,7 +191,7 @@ int asn1_length_from_der(size_t *len, const uint8_t **in, size_t *inlen) } else { uint8_t buf[4] = {0}; - int nbytes = *(*in)++ & 0x7f; + size_t nbytes = *(*in)++ & 0x7f; (*inlen)--; if (nbytes < 1 || nbytes > 4) { diff --git a/src/debug.c b/src/debug.c index 340c98ebe..48343032c 100644 --- a/src/debug.c +++ b/src/debug.c @@ -66,7 +66,7 @@ int format_bytes(FILE *fp, int format, int indent, const char *str, const uint8_ return -1; } - for (i = 0; i < indent; i++) { + for (i = 0; i < (size_t)indent; i++) { fprintf(fp, " "); } fprintf(fp, "%s: ", str); diff --git a/src/hmac.c b/src/hmac.c index 03dce8e84..a50a7bca8 100644 --- a/src/hmac.c +++ b/src/hmac.c @@ -22,7 +22,7 @@ int hmac_init(HMAC_CTX *ctx, const DIGEST *digest, const uint8_t *key, size_t ke uint8_t i_key[DIGEST_MAX_BLOCK_SIZE] = {0}; uint8_t o_key[DIGEST_MAX_BLOCK_SIZE] = {0}; size_t blocksize; - int i; + size_t i; if (!ctx || !digest || !key || !keylen) { error_print(); diff --git a/src/sm4_ccm.c b/src/sm4_ccm.c index faf046b91..f59aee55f 100644 --- a/src/sm4_ccm.c +++ b/src/sm4_ccm.c @@ -96,7 +96,7 @@ int sm4_ccm_encrypt(const SM4_KEY *sm4_key, const uint8_t *iv, size_t ivlen, if (aadlen < ((1<<16) - (1<<8))) { length_to_bytes(aadlen, 2, block); alen = 2; - } else if (aadlen < ((size_t)1<<32)) { + } else if ((uint64_t)aadlen < ((uint64_t)1<<32)) { block[0] = 0xff; block[1] = 0xfe; length_to_bytes(aadlen, 4, block + 2); diff --git a/tests/sm4_cbctest.c b/tests/sm4_cbctest.c index 0bd375d57..590a3de3e 100644 --- a/tests/sm4_cbctest.c +++ b/tests/sm4_cbctest.c @@ -87,7 +87,6 @@ static int test_sm4_cbc_test_vectors(void) uint8_t *ciphertext; size_t ciphertext_len; uint8_t *encrypted; - size_t encrypted_len; size_t i; for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { diff --git a/tests/sm4_ctrtest.c b/tests/sm4_ctrtest.c index 3db3853eb..abb257190 100644 --- a/tests/sm4_ctrtest.c +++ b/tests/sm4_ctrtest.c @@ -87,9 +87,7 @@ static int test_sm4_ctr_test_vectors(void) SM4_KEY sm4_key; uint8_t *encrypted; - size_t encrypted_len; uint8_t *decrypted; - size_t decrypted_len; size_t i; for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { diff --git a/tests/sm4test.c b/tests/sm4test.c index 4776c30d1..464085b5f 100644 --- a/tests/sm4test.c +++ b/tests/sm4test.c @@ -192,7 +192,7 @@ static int speed_sm4_encrypt(void) size_t nbytes = 16 * 1024 * 1024; clock_t begin, end; double seconds; - int i; + size_t i; sm4_set_encrypt_key(&sm4_key, key); for (i = 0; i < nbytes/sizeof(buf); i++) { diff --git a/tools/copyright.sh b/tools/copyright.sh deleted file mode 100755 index ca44f7487..000000000 --- a/tools/copyright.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -YEAR=`date "+%Y"` -COPYRIGHT="" -COPYRIGHT+="/*"$'\n' -COPYRIGHT+=" * Copyright 2014-$YEAR The GmSSL Project. All Rights Reserved."$'\n' -COPYRIGHT+=" *"$'\n' -COPYRIGHT+=" * Licensed under the Apache License, Version 2.0 (the "License"); you may"$'\n' -COPYRIGHT+=" * not use this file except in compliance with the License."$'\n' -COPYRIGHT+=" *"$'\n' -COPYRIGHT+=" * http://www.apache.org/licenses/LICENSE-2.0"$'\n' -COPYRIGHT+=" */" -COPYRIGHT_FILE=copyright.txt -echo "$COPYRIGHT" > $COPYRIGHT_FILE -TEMP_FILE=tempfile.temp -touch $TEMP_FILE -copyright_start_string="/*" -copyright_end_string="*/" - -function modify_copyright(){ - file_path=$1 - copyright_start_line=`grep -n "/\*" $file_path | head -1 | cut -d ':' -f 1` - copyright_end_line=`grep -n "\*/" $file_path | head -1| cut -d ':' -f 1` - echo $file_path $copyright_start_line $copyright_end_line - if [[ $copyright_start_line && $copyright_end_line ]];then - sed -i $copyright_start_line,$copyright_end_line'd' $file_path - fi - - cat $COPYRIGHT_FILE > $TEMP_FILE - cat $file_path >> $TEMP_FILE - mv $TEMP_FILE $file_path - -} - -function getDir() { - for filename in $1/* - do - if [[ -d $filename ]]; - then - getDir $filename - else - if [[ "${filename##*.}" == 'h' || "${filename##*.}" == 'c' ]] - then - modify_copyright $filename - #sed -i "1i\/*$filename*/" $filename - fi - fi - done -} - -getDir .. - -rm -f $COPYRIGHT_FILE diff --git a/tools/gmssl.c b/tools/gmssl.c index adfdfa7b8..aadbbf87e 100644 --- a/tools/gmssl.c +++ b/tools/gmssl.c @@ -23,7 +23,6 @@ extern int crlget_main(int argc, char **argv); extern int crlgen_main(int argc, char **argv); extern int crlparse_main(int argc, char **argv); extern int crlverify_main(int argc, char **argv); -extern int pbkdf2_main(int argc, char **argv); extern int reqgen_main(int argc, char **argv); extern int reqparse_main(int argc, char **argv); extern int reqsign_main(int argc, char **argv); @@ -34,8 +33,8 @@ extern int sm2encrypt_main(int argc, char **argv); extern int sm2decrypt_main(int argc, char **argv); extern int sm3_main(int argc, char **argv); extern int sm3hmac_main(int argc, char **argv); +extern int sm3_pbkdf2_main(int argc, char **argv); extern int sm3xmss_keygen_main(int argc, char **argv); -extern int sm4_main(int argc, char **argv); extern int sm4_ecb_main(int argc, char **argv); extern int sm4_cbc_main(int argc, char **argv); extern int sm4_ctr_main(int argc, char **argv); @@ -68,6 +67,7 @@ extern int tls13_client_main(int argc, char **argv); extern int tls13_server_main(int argc, char **argv); #ifdef ENABLE_SDF extern int sdfutil_main(int argc, char **argv); +extern int sdftest_main(int argc, char **argv); #endif #ifdef ENABLE_SKF extern int skfutil_main(int argc, char **argv); @@ -88,8 +88,8 @@ static const char *options = " sm2decrypt Decrypt with SM2 private key\n" " sm3 Generate SM3 hash\n" " sm3hmac Generate SM3 HMAC tag\n" + " sm3_pbkdf2 Hash password into key using PBKDF2 algoritm\n" " sm3xmss_keygen Generate SM3-XMSS keypair\n" - " sm4 Encrypt or decrypt with SM4\n" " sm4_ecb Encrypt or decrypt with SM4 ECB\n" " sm4_cbc Encrypt or decrypt with SM4 CBC\n" " sm4_ctr Encrypt or decrypt with SM4 CTR\n" @@ -109,7 +109,6 @@ static const char *options = " sm9verify Verify SM9 signature\n" " sm9encrypt SM9 public key encryption\n" " sm9decrypt SM9 decryption\n" - " pbkdf2 Generate key from password\n" " reqgen Generate certificate signing request (CSR)\n" " reqsign Generate certificate from CSR\n" " reqparse Parse and print a CSR\n" @@ -128,6 +127,7 @@ static const char *options = " cmsverify Verify CMS SignedData\n" #ifdef ENABLE_SDF " sdfutil SDF crypto device utility\n" + " sdftest Test vendor's SDF library and device\n" #endif #ifdef ENABLE_SKF " skfutil SKF crypto device utility\n" @@ -186,8 +186,6 @@ int main(int argc, char **argv) return reqparse_main(argc, argv); } else if (!strcmp(*argv, "reqsign")) { return reqsign_main(argc, argv); - } else if (!strcmp(*argv, "pbkdf2")) { - return pbkdf2_main(argc, argv); } else if (!strcmp(*argv, "sm2keygen")) { return sm2keygen_main(argc, argv); } else if (!strcmp(*argv, "sm2sign")) { @@ -202,10 +200,10 @@ int main(int argc, char **argv) return sm3_main(argc, argv); } else if (!strcmp(*argv, "sm3hmac")) { return sm3hmac_main(argc, argv); + } else if (!strcmp(*argv, "sm3_pbkdf2")) { + return sm3_pbkdf2_main(argc, argv); } else if (!strcmp(*argv, "sm3xmss_keygen")) { return sm3xmss_keygen_main(argc, argv); - } else if (!strcmp(*argv, "sm4")) { - return sm4_main(argc, argv); #if ENABLE_SM4_ECB } else if (!strcmp(*argv, "sm4_ecb")) { return sm4_ecb_main(argc, argv); @@ -281,6 +279,8 @@ int main(int argc, char **argv) #ifdef ENABLE_SDF } else if (!strcmp(*argv, "sdfutil")) { return sdfutil_main(argc, argv); + } else if (!strcmp(*argv, "sdftest")) { + return sdftest_main(argc, argv); #endif #ifdef ENABLE_SKF } else if (!strcmp(*argv, "skfutil")) { diff --git a/tools/sdftest.c b/tools/sdftest.c index e9721e3ae..66b9a13dd 100644 --- a/tools/sdftest.c +++ b/tools/sdftest.c @@ -21,294 +21,24 @@ -#define TEST_KEK_INDEX 1 -#define TEST_SM2_KEY_INDEX 1 -#define TEST_SM2_KEY_PASS "123456" +static const char *usage = "-lib so_path -kek num -key num -pass str"; + +static const char *options = +"\n" +"Options\n" +"\n" +" -lib so_path Path to vendor's SDF dynamic lib (.so or .dylib)\n" +" -kek num KEK index\n" +" -key num Private key index\n" +" -pass str Password for accessing the private key\n" +"\n" +"Examples\n" +"\n" +" $ gmssl sdftest -lib soft_sdf.so -kek 1 -key 1 -pass P@ssw0rd\n" +"\n"; -// TODO: move soft_sdf init functions into soft_sdf.c - -static int generate_kek(unsigned int uiKEKIndex) -{ - char filename[256]; - uint8_t kek[16]; - FILE *file; - - if (rand_bytes(kek, sizeof(kek)) != 1) { - error_print(); - return -1; - } - - snprintf(filename, sizeof(filename), "kek-%u.key", uiKEKIndex); - if (!(file = fopen(filename, "wb"))) { - error_print(); - return -1; - } - if (fwrite(kek, 1, sizeof(kek), file) != sizeof(kek)) { - fclose(file); - error_print(); - return -1; - } - fclose(file); - - return 1; -} - -static int generate_sign_key(unsigned int uiKeyIndex, const char *pass) -{ - SM2_KEY sm2_key; - SM2_POINT point; - - uint8_t data[32]; - SM2_SIGNATURE sig; - char filename[256]; - FILE *file; - int i; - - if (sm2_key_generate(&sm2_key) != 1) { - error_print(); - return -1; - } - - sm2_key_print(stderr, 0, 0, "SDF SignKey", &sm2_key); - - snprintf(filename, sizeof(filename), "sm2sign-%u.pem", uiKeyIndex); - if ((file = fopen(filename, "wb")) == NULL) { - fclose(file); - error_print(); - return -1; - } - if (sm2_private_key_info_encrypt_to_pem(&sm2_key, pass, file) != 1) { - error_print(); - return -1; - } - fclose(file); - - snprintf(filename, sizeof(filename), "sm2signpub-%u.pem", uiKeyIndex); - if ((file = fopen(filename, "wb")) == NULL) { - fclose(file); - error_print(); - return -1; - } - if (sm2_public_key_info_to_pem(&sm2_key, file) != 1) { - error_print(); - return -1; - } - fclose(file); - - - // print public key as ECCrefPublicKey - sm2_z256_point_to_bytes(&sm2_key.public_key, (uint8_t *)&point); - - printf("ECCrefPublicKey eccPublicKey = {\n"); - printf("256,\n"); - - printf("{\n"); - for (i = 0; i < 32; i++) { - printf("0x00,"); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - for (i = 0; i < 32; i++) { - printf("0x%02x,", point.x[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("{\n"); - for (i = 0; i < 32; i++) { - printf("0x00,"); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - for (i = 0; i < 32; i++) { - printf("0x%02x,", point.y[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("};\n"); - - - - // print to be signed data - rand_bytes(data, sizeof(data)); - printf("unsigned char ucData[] = {\n"); - for (i = 0; i < sizeof(data); i++) { - printf("0x%02x,", data[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("};\n"); - - sm2_do_sign(&sm2_key, data, &sig); - - // print ECCSignature - - printf("ECCSignature eccSignature = {\n"); - - printf("{\n"); - for (i = 0; i < 32; i++) { - printf("0x00,"); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - for (i = 0; i < 32; i++) { - printf("0x%02x,", sig.r[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("{\n"); - for (i = 0; i < 32; i++) { - printf("0x00,"); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - for (i = 0; i < 32; i++) { - printf("0x%02x,", sig.s[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("};\n"); - - - return 1; -} - -static int generate_enc_key(unsigned int uiKeyIndex, const char *pass) -{ - SM2_KEY sm2_key; - char filename[256]; - FILE *file; - size_t i; - - if (sm2_key_generate(&sm2_key) != 1) { - error_print(); - return -1; - } - - snprintf(filename, sizeof(filename), "sm2enc-%u.pem", uiKeyIndex); - if ((file = fopen(filename, "wb")) == NULL) { - fclose(file); - error_print(); - return -1; - } - if (sm2_private_key_info_encrypt_to_pem(&sm2_key, pass, file) != 1) { - error_print(); - return -1; - } - fclose(file); - - snprintf(filename, sizeof(filename), "sm2encpub-%u.pem", uiKeyIndex); - if ((file = fopen(filename, "wb")) == NULL) { - fclose(file); - error_print(); - return -1; - } - if (sm2_public_key_info_to_pem(&sm2_key, file) != 1) { - error_print(); - return -1; - } - fclose(file); - - SM2_POINT point; - - // print public key as ECCrefPublicKey - sm2_z256_point_to_bytes(&sm2_key.public_key, (uint8_t *)&point); - - printf("ECCrefPublicKey eccPublicKey = {\n"); - printf("256,\n"); - - printf("{\n"); - for (i = 0; i < 32; i++) { - printf("0x00,"); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - for (i = 0; i < 32; i++) { - printf("0x%02x,", point.x[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("{\n"); - for (i = 0; i < 32; i++) { - printf("0x00,"); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - for (i = 0; i < 32; i++) { - printf("0x%02x,", point.y[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("};\n"); - - - // 准备待加密的数据 - uint8_t data[48]; - - rand_bytes(data, sizeof(data)); - - printf("unsigned char ucData[] = {\n"); - for (i = 0; i < sizeof(data); i++) { - printf("0x%02x,", data[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("};\n"); - - - // 现在要加密了 - SM2_CIPHERTEXT ciphertext; - - sm2_do_encrypt(&sm2_key, data, sizeof(data), &ciphertext); - - - // 打印CIPHERTEXT - - printf("ECCCipher eccCipher = {\n"); - - printf("{\n"); - for (i = 0; i < ECCref_MAX_LEN - 32; i++) { - printf("0x00,"); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - for (i = 0; i < 32; i++) { - printf("0x%02x,", ciphertext.point.x[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("{\n"); - for (i = 0; i < ECCref_MAX_LEN - 32; i++) { - printf("0x00,"); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - for (i = 0; i < 32; i++) { - printf("0x%02x,", ciphertext.point.y[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("{\n"); - for (i = 0; i < 32; i++) { - printf("0x%02x,", ciphertext.hash[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - printf("%u,\n", ciphertext.ciphertext_size); - - printf("{\n"); - for (i = 0; i < ciphertext.ciphertext_size; i++) { - printf("0x%02x,", ciphertext.ciphertext[i]); - printf("%s", (i + 1) % 8 ? " " : "\n"); - } - printf("},\n"); - - - printf("};\n"); - - - return 1; -} - +/* static int test_SDF_GetDeviceInfo(void) { void *hDeviceHandle = NULL; @@ -374,6 +104,7 @@ static int test_SDF_GetDeviceInfo(void) printf("%s() ok\n", __FUNCTION__); return 1; } +*/ static int test_SDF_GenerateRandom(void) { @@ -420,12 +151,11 @@ static int test_SDF_GenerateRandom(void) } // FIXME: check generated public key is not [n-1]G, i.e. -G -int test_SDF_ExportSignPublicKey_ECC(void) +int test_SDF_ExportSignPublicKey_ECC(int key) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; - unsigned int uiKeyIndex = TEST_SM2_KEY_INDEX; - unsigned char *pucPassword = (unsigned char *)TEST_SM2_KEY_PASS; + unsigned int uiKeyIndex = (unsigned int)key; ECCrefPublicKey eccPublicKey; uint8_t zeros[ECCref_MAX_LEN] = {0}; SM2_POINT point; @@ -477,12 +207,11 @@ int test_SDF_ExportSignPublicKey_ECC(void) return 1; } -int test_SDF_ExportEncPublicKey_ECC(void) +int test_SDF_ExportEncPublicKey_ECC(int key) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; - unsigned int uiKeyIndex = TEST_SM2_KEY_INDEX; - unsigned char *pucPassword = (unsigned char *)TEST_SM2_KEY_PASS; + unsigned int uiKeyIndex = (unsigned int)key; ECCrefPublicKey eccPublicKey; uint8_t zeros[ECCref_MAX_LEN] = {0}; SM2_POINT point; @@ -534,38 +263,6 @@ int test_SDF_ExportEncPublicKey_ECC(void) return 1; } -// FIXME: use format_bytes -void printECCPublicKey(const ECCrefPublicKey *publicKey) -{ - int i; - printf("ECC Public Key:\n"); - printf("Bits: %u\n", publicKey->bits); - - printf("X: "); - for (int i = 0; i < ECCref_MAX_LEN; i++) { - printf("%02X", publicKey->x[i]); - } - printf("\n"); - - printf("Y: "); - for (i = 0; i < ECCref_MAX_LEN; i++) { - printf("%02X", publicKey->y[i]); - } - printf("\n"); -} - -void printECCPrivateKey(const ECCrefPrivateKey *eccRefPrivateKey) -{ - int i; - printf("ECC Private Key:\n"); - printf("Bits: %u\n", eccRefPrivateKey->bits); - printf("K Value: "); - for (i = 0; i < ECCref_MAX_LEN; i++) { - printf("%02X", eccRefPrivateKey->K[i]); - } - printf("\n"); -} - // FIXME: check generated public key is not [n-1]G, i.e. -G static int test_SDF_GenerateKeyPair_ECC(void) { @@ -852,6 +549,7 @@ static int test_SDF_ExternalEncrypt_ECC(void) return 1; } +/* void printECCCipher(const ECCCipher *cipher) { printf("ECCCipher:\n"); @@ -881,6 +579,7 @@ void printECCCipher(const ECCCipher *cipher) } printf("\n"); } +*/ int test_SDF_GenerateKeyWithEPK_ECC(void) { @@ -949,13 +648,13 @@ int test_SDF_GenerateKeyWithEPK_ECC(void) return 1; } -int test_SDF_GenerateKeyWithKEK(void) +int test_SDF_GenerateKeyWithKEK(int kek) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; void *hKeyHandle = NULL; unsigned int uiKeyBits = 128; - unsigned int uiKEKIndex = TEST_KEK_INDEX; + unsigned int uiKEKIndex = (unsigned int)kek; unsigned char ucKey[64]; // encrypted key with SGD_SM4_CBC unsigned int uiKeyLength; int ret; @@ -1166,14 +865,15 @@ static int test_SDF_Hash_Z(void) return 1; } -static int test_SDF_GenerateKeyWithIPK_ECC(void) +// 这个函数是否做的太多了? +static int test_SDF_GenerateKeyWithIPK_ECC(int key, char *pass) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; void *hKeyHandle = NULL; - unsigned int uiIPKIndex = TEST_SM2_KEY_INDEX; - unsigned char *pucPassword = (unsigned char *)TEST_SM2_KEY_PASS; - unsigned int uiPwdLength = (unsigned int)strlen((char *)pucPassword); + unsigned int uiIPKIndex =(unsigned int)key; + unsigned char *pucPassword = (unsigned char *)pass; + unsigned int uiPwdLength = (unsigned int)strlen(pass); unsigned int uiKeyBits = 128; ECCCipher eccCipher; unsigned char ucIV[16]; @@ -1272,7 +972,7 @@ static int test_SDF_GenerateKeyWithIPK_ECC(void) return 1; } -static int test_SDF_Encrypt_SM4_CBC(void) +static int test_SDF_Encrypt_SM4_CBC(int key, char *pass) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; @@ -1284,9 +984,9 @@ static int test_SDF_Encrypt_SM4_CBC(void) unsigned int uiEncDataLength = (unsigned int)sizeof(pucEncData); unsigned char pucCiphertext[64]; - unsigned int uiIPKIndex = TEST_SM2_KEY_INDEX; - unsigned char *pucPassword = (unsigned char *)TEST_SM2_KEY_PASS; - unsigned int uiPwdLength = (unsigned int)strlen((char *)pucPassword); + unsigned int uiIPKIndex = (unsigned int)key; + unsigned char *pucPassword = (unsigned char *)pass; + unsigned int uiPwdLength = (unsigned int)strlen(pass); ECCCipher eccCipher; int ret; @@ -1355,13 +1055,13 @@ static int test_SDF_Encrypt_SM4_CBC(void) return 1; } -static int test_SDF_Encrypt(void) +static int test_SDF_Encrypt(int kek) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; void *hKeyHandle = NULL; unsigned int uiKeyBits = 128; - unsigned int uiKEKIndex = TEST_KEK_INDEX; + unsigned int uiKEKIndex = (unsigned int)kek; unsigned char pucKey[64]; unsigned int uiKeyLength = (unsigned int)sizeof(pucKey); unsigned char pucIV[16]; @@ -1434,14 +1134,14 @@ static int test_SDF_Encrypt(void) return 1; } -static int test_SDF_CalculateMAC(void) +static int test_SDF_CalculateMAC(int kek) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; void *hKeyHandle = NULL; unsigned int uiHMACKeyBits = 256; unsigned int uiKeyEncAlgID = SGD_SM4_CBC; - unsigned int uiKEKIndex = TEST_KEK_INDEX; + unsigned int uiKEKIndex = (unsigned int)kek; unsigned char ucEncedKey[256]; unsigned int uiEncedKeyLength = (unsigned int)sizeof(ucEncedKey); unsigned int uiMACAlgID = SGD_SM3; @@ -1488,13 +1188,13 @@ static int test_SDF_CalculateMAC(void) return 1; } -static int test_SDF_InternalSign_ECC(void) +static int test_SDF_InternalSign_ECC(int key, char *pass) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; - unsigned int uiIPKIndex = TEST_SM2_KEY_INDEX; - unsigned char *ucPassword = (unsigned char *)TEST_SM2_KEY_PASS; - unsigned int uiPwdLength = (unsigned int)strlen((char *)ucPassword); + unsigned int uiIPKIndex = (unsigned int)key; + unsigned char *ucPassword = (unsigned char *)pass; + unsigned int uiPwdLength = (unsigned int)strlen(pass); unsigned char ucData[32] = { 1,2,3,4 }; unsigned int uiDataLength = 32; ECCSignature eccSignature; @@ -1546,13 +1246,13 @@ static int test_SDF_InternalSign_ECC(void) } -static int test_SDF_InternalEncrypt_ECC(void) +static int test_SDF_InternalEncrypt_ECC(int key, char *pass) { void *hDeviceHandle = NULL; void *hSessionHandle = NULL; - unsigned int uiIPKIndex = TEST_SM2_KEY_INDEX; - unsigned char *ucPassword = (unsigned char *)TEST_SM2_KEY_PASS; - unsigned int uiPwdLength = (unsigned int)strlen((char *)ucPassword); + unsigned int uiIPKIndex = (unsigned int)key; + unsigned char *ucPassword = (unsigned char *)pass; + unsigned int uiPwdLength = (unsigned int)strlen(pass); unsigned char ucData[48] = { 1,2,3,4 }; unsigned int uiDataLength = (unsigned int)sizeof(ucData); ECCCipher eccCipher; @@ -1616,49 +1316,98 @@ static int test_SDF_InternalEncrypt_ECC(void) return 1; } -int main(void) +int sdftest_main(int argc, char **argv) { - /* - if (generate_kek(TEST_KEK_INDEX) != 1) { - error_print(); - goto err; + int ret = 1; + char *prog = argv[0]; + char *so_path = NULL; + int kek = 1; + int key = 1; + char *pass = NULL; + + argc--; + argv++; + + if (argc < 1) { + fprintf(stderr, "usage: gmssl %s %s\n", prog, usage); + return 1; + } + + while (argc > 0) { + if (!strcmp(*argv, "-help")) { + printf("usage: gmssl %s %s\n", prog, usage); + printf("%s\n", options); + ret = 0; + goto end; + } else if (!strcmp(*argv, "-lib")) { + if (--argc < 1) goto bad; + so_path = *(++argv); + } else if (!strcmp(*argv, "-kek")) { + if (--argc < 1) goto bad; + kek = atoi(*(++argv)); + if (kek < 1 || kek > 4096) { + fprintf(stderr, "gmssl %s: `-kek` invalid index\n", prog); + goto end; + } + } else if (!strcmp(*argv, "-key")) { + if (--argc < 1) goto bad; + key = atoi(*(++argv)); + if (key < 0 || key > 4096) { + fprintf(stderr, "gmssl %s: `-key` invalid index\n", prog); + goto end; + } + } else if (!strcmp(*argv, "-pass")) { + if (--argc < 1) goto bad; + pass = *(++argv); + } else { + fprintf(stderr, "gmssl %s: illegal option `%s`\n", prog, *argv); + goto end; +bad: + fprintf(stderr, "gmssl %s: `%s` option value missing\n", prog, *argv); + goto end; + } + + argc--; + argv++; } - if (generate_sign_key(TEST_SM2_KEY_INDEX, TEST_SM2_KEY_PASS) != 1) { - error_print(); - goto err; + + if (!so_path) { + fprintf(stderr, "gmssl %s: option `-lib` missing\n", prog); + goto end; } - if (generate_enc_key(TEST_SM2_KEY_INDEX, TEST_SM2_KEY_PASS) != 1) { - error_print(); - goto err; + if (!pass) { + fprintf(stderr, "gmssl %s: option `-pass` missing\n", prog); + goto end; } - */ - if (SDF_LoadLibrary("libsoft_sdf.dylib", NULL) != SDR_OK) { + if (SDF_LoadLibrary(so_path, NULL) != SDR_OK) { error_print(); goto err; } - if (test_SDF_GetDeviceInfo() != 1) goto err; if (test_SDF_GenerateRandom() != 1) goto err; if (test_SDF_Hash() != 1) goto err; if (test_SDF_Hash_Z() != 1) goto err; - if (test_SDF_GenerateKeyWithKEK() != 1) goto err; - if (test_SDF_CalculateMAC() != 1) goto err; - if (test_SDF_Encrypt() != 1) goto err; - if (test_SDF_Encrypt_SM4_CBC() != 1) goto err; + if (test_SDF_GenerateKeyWithKEK(kek) != 1) goto err; + if (test_SDF_CalculateMAC(kek) != 1) goto err; + if (test_SDF_Encrypt(kek) != 1) goto err; + if (test_SDF_Encrypt_SM4_CBC(key, pass) != 1) goto err; if (test_SDF_GenerateKeyPair_ECC() != 1) goto err; - if (test_SDF_ExportSignPublicKey_ECC() != 1) goto err; - if (test_SDF_ExportEncPublicKey_ECC() != 1) goto err; + if (test_SDF_ExportSignPublicKey_ECC(key) != 1) goto err; + if (test_SDF_ExportEncPublicKey_ECC(key) != 1) goto err; if (test_SDF_GenerateKeyWithEPK_ECC() != 1) goto err; - if (test_SDF_GenerateKeyWithIPK_ECC() != 1) goto err; + if (test_SDF_GenerateKeyWithIPK_ECC(key, pass) != 1) goto err; if (test_SDF_ExternalVerify_ECC() != 1) goto err; if (test_SDF_ExternalEncrypt_ECC() != 1) goto err; //FIXME: test this before any ECCCipher used - if (test_SDF_InternalSign_ECC() != 1) goto err; - if (test_SDF_InternalEncrypt_ECC() != 1) goto err; + if (test_SDF_InternalSign_ECC(key, pass) != 1) goto err; + if (test_SDF_InternalEncrypt_ECC(key, pass) != 1) goto err; printf("%s all tests passed\n", __FILE__); return 0; + err: error_print(); return 1; +end: + return ret; } diff --git a/tools/pbkdf2.c b/tools/sm3_pbkdf2.c similarity index 56% rename from tools/pbkdf2.c rename to tools/sm3_pbkdf2.c index 7e0673a7f..b448cefb2 100644 --- a/tools/pbkdf2.c +++ b/tools/sm3_pbkdf2.c @@ -17,9 +17,28 @@ #include -static const char *options = "-pass str -salt hex -iter num -outlen num [-bin|-hex] [-out file]"; +static const char *usage = "-pass str -salt hex -iter num -outlen num [-bin|-hex] [-out file]"; -int pbkdf2_main(int argc, char **argv) +static const char *options = +"\n" +"Options\n" +"\n" +" -pass str Password to be converted into key\n" +" -salt hex Salt value, 8 to 64 bytes\n" +" -iter num Iteration count, larger iter make it more secure but slower\n" +" -outlen num Generate key bytes\n" +" -bin Output binary key\n" +" -hex Output key in hex digits\n" +" -out file | stdout Output data\n" +"\n" +"Examples\n" +"\n" +" $ SALT=`gmssl rand -outlen 8 -hex`\n" +" $ gmssl sm3_pbkdf2 -pass P@ssw0rd -salt $SALT -iter 10000 -outlen 16 -hex\n" +"\n"; + + +int sm3_pbkdf2_main(int argc, char **argv) { int ret = 1; char *prog = argv[0]; @@ -39,13 +58,13 @@ int pbkdf2_main(int argc, char **argv) argv++; if (argc < 1) { - fprintf(stderr, "usage: %s %s\n", prog, options); + fprintf(stderr, "usage: gmssl %s %s\n", prog, usage); return 1; } while (argc > 0) { if (!strcmp(*argv, "-help")) { - printf("usage: %s %s\n", prog, options); + printf("usage: gmssl %s %s\n", prog, options); ret = 0; goto end; } else if (!strcmp(*argv, "-pass")) { @@ -55,25 +74,29 @@ int pbkdf2_main(int argc, char **argv) if (--argc < 1) goto bad; salthex = *(++argv); if (strlen(salthex) > sizeof(salt) * 2) { - fprintf(stderr, "%s: invalid salt length\n", prog); + fprintf(stderr, "gmssl %s: invalid salt length\n", prog); goto end; } if (hex_to_bytes(salthex, strlen(salthex), salt, &saltlen) != 1) { - fprintf(stderr, "%s: invalid HEX digits\n", prog); + fprintf(stderr, "gmssl %s: invalid HEX digits\n", prog); + goto end; + } + if (saltlen < 1 || saltlen > SM3_PBKDF2_MAX_SALT_SIZE) { + fprintf(stderr, "gmssl %s: invalid salt length\n", prog); goto end; } } else if (!strcmp(*argv, "-iter")) { if (--argc < 1) goto bad; iter = atoi(*(++argv)); if (iter < SM3_PBKDF2_MIN_ITER || iter > SM3_PBKDF2_MAX_ITER) { - fprintf(stderr, "%s: invalid '-iter' value\n", prog); + fprintf(stderr, "gmssl %s: invalid '-iter' value\n", prog); goto end; } } else if (!strcmp(*argv, "-outlen")) { if (--argc < 1) goto bad; outlen = atoi(*(++argv)); if (outlen < 1 || outlen > sizeof(outbuf)) { - fprintf(stderr, "%s: invalid outlen\n", prog); + fprintf(stderr, "gmssl %s: invalid outlen\n", prog); goto end; } } else if (!strcmp(*argv, "-hex")) { @@ -84,14 +107,14 @@ int pbkdf2_main(int argc, char **argv) if (--argc < 1) goto bad; outfile = *(++argv); if (!(outfp = fopen(outfile, "wb"))) { - fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); + fprintf(stderr, "gmssl %s: open '%s' failure : %s\n", prog, outfile, strerror(errno)); goto end; } } else { - fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv); + fprintf(stderr, "gmssl %s: illegal option '%s'\n", prog, *argv); goto end; bad: - fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv); + fprintf(stderr, "gmssl %s: '%s' option value missing\n", prog, *argv); goto end; } @@ -100,30 +123,30 @@ int pbkdf2_main(int argc, char **argv) } if (!pass) { - fprintf(stderr, "%s: option '-pass' required\n", prog); + fprintf(stderr, "gmssl %s: option '-pass' required\n", prog); goto end; } if (!salthex) { - fprintf(stderr, "%s: option '-salt' required\n", prog); + fprintf(stderr, "gmssl %s: option '-salt' required\n", prog); goto end; } if (!iter) { - fprintf(stderr, "%s: option '-iter' required\n", prog); + fprintf(stderr, "gmssl %s: option '-iter' required\n", prog); goto end; } if (!outlen) { - fprintf(stderr, "%s: option '-outlen' required\n", prog); + fprintf(stderr, "gmssl %s: option '-outlen' required\n", prog); goto end; } if (sm3_pbkdf2(pass, strlen(pass), salt, saltlen, iter, outlen, outbuf) != 1) { - fprintf(stderr, "%s: inner error\n", prog); + fprintf(stderr, "gmssl %s: inner error\n", prog); goto end; } if (bin) { if (fwrite(outbuf, 1, outlen, outfp) != outlen) { - fprintf(stderr, "%s: output failure : %s\n", prog, strerror(errno)); + fprintf(stderr, "gmssl %s: output failure : %s\n", prog, strerror(errno)); goto end; } } else { diff --git a/tools/sm4_ccm.c b/tools/sm4_ccm.c index bf5230a05..a2b42a2e4 100755 --- a/tools/sm4_ccm.c +++ b/tools/sm4_ccm.c @@ -267,7 +267,7 @@ int sm4_ccm_main(int argc, char **argv) } } else { - if (inlen < taglen) { + if (inlen < (size_t)taglen) { fprintf(stderr, "gmssl %s: input length (%zu bytes) shorter than tag length (%d bytes)\n", prog, inlen, taglen); goto end; diff --git a/tools/tlcp_client.c b/tools/tlcp_client.c index 24c1be26e..ab114203c 100644 --- a/tools/tlcp_client.c +++ b/tools/tlcp_client.c @@ -69,7 +69,6 @@ int tlcp_client_main(int argc, char *argv[]) char buf[1024] = {0}; size_t len = sizeof(buf); char send_buf[1024] = {0}; - size_t sentlen; int read_stdin = 1; argc--;