diff --git a/KAEOpensslProvider/src/Makefile.am b/KAEOpensslProvider/src/Makefile.am index 376945d15880d0034bf83787a17dcb88d7d41cb4..77f8085de907971afeefc68aa336352d05cf235b 100644 --- a/KAEOpensslProvider/src/Makefile.am +++ b/KAEOpensslProvider/src/Makefile.am @@ -1,4 +1,4 @@ -VERSION = 2:0:3 +VERSION = 2:0:4 ACLOCAL_AMFLAGS = -I m4 AUTOMAKE_OPTIONS = subdir-objects CFLAGS =-ftrapv -fPIC -fPIE -pie -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 diff --git a/KAEOpensslProvider/src/adapter/nosva/algorithm/cipher/sec_ciphers.c b/KAEOpensslProvider/src/adapter/nosva/algorithm/cipher/sec_ciphers.c index b1a63686877f461da2e89e5f3e701f8ae533938d..93ec6446b6e090106623ebbd39aaf5a561933d7b 100644 --- a/KAEOpensslProvider/src/adapter/nosva/algorithm/cipher/sec_ciphers.c +++ b/KAEOpensslProvider/src/adapter/nosva/algorithm/cipher/sec_ciphers.c @@ -151,11 +151,12 @@ static void sec_ciphers_update_priv_ctx(cipher_priv_ctx *priv_ctx) switch (priv_ctx->c_mode) { case ECB: break; + case CFB: case CBC: if (priv_ctx->encrypt == OPENSSL_ENCRYPTION) kae_memcpy(priv_ctx->iv, priv_ctx->out - 16, 16); // hardware need 16-byte alignment else - kae_memcpy(priv_ctx->iv, priv_ctx->next_iv, 16); // hardware need 16-byte alignment + kae_memcpy(priv_ctx->iv, priv_ctx->in - 16, 16); // hardware need 16-byte alignment break; case CTR: increase_counter = (do_cipher_len + priv_ctx->offset) >> 4; // right shift 4 @@ -182,10 +183,6 @@ static void sec_ciphers_update_priv_ctx(cipher_priv_ctx *priv_ctx) static int sec_ciphers_before_dociphers_cb(cipher_priv_ctx *priv_ctx) { - // store IV for next cbc decryption operation - if (priv_ctx->encrypt == OPENSSL_DECRYPTION && priv_ctx->c_mode == CBC) - kae_memcpy(priv_ctx->next_iv, priv_ctx->in + priv_ctx->do_cipher_len - priv_ctx->iv_len, priv_ctx->iv_len); - if (priv_ctx->c_mode == XTS && priv_ctx->c_alg == AES) { sec_ciphers_ecb_encryt( priv_ctx->ecb_encryto, priv_ctx->ecb_encryto->encryto_iv, priv_ctx->iv, priv_ctx->iv_len); @@ -221,7 +218,7 @@ int sec_ciphers_sync_do_crypto(cipher_engine_ctx_t *e_cipher_ctx, cipher_priv_ct // after cipher cycle should update: in, out, iv, key, length. sec_ciphers_update_priv_ctx(priv_ctx); - (void)sec_ciphers_after_dociphers_cb(priv_ctx->sw_ctx); // todo how? + // (void)sec_ciphers_after_dociphers_cb(priv_ctx->sw_ctx); // todo how? leftlen -= priv_ctx->do_cipher_len; } @@ -348,7 +345,7 @@ err: static int sec_ciphers_is_check_valid(cipher_priv_ctx *priv_ctx) { - if (priv_ctx->switch_threshold > (size_t)priv_ctx->inl) { + if (priv_ctx->switch_threshold > (size_t)priv_ctx->inl && !priv_ctx->use_hw) { US_WARN_LIMIT("small packet cipher offload, switch to soft cipher, inl %d", (int)priv_ctx->inl); return KAE_FAIL; } @@ -399,7 +396,8 @@ int sec_ciphers_do_cipher( goto do_soft_cipher; } - US_DEBUG("do cipher success. priv_ctx=%p, inl=%d", priv_ctx, (int)inl); + priv_ctx->use_hw = 1; + US_DEBUG("sec cipher success!"); return OPENSSL_SUCCESS; diff --git a/KAEOpensslProvider/src/adapter/nosva/algorithm/cipher/sec_ciphers.h b/KAEOpensslProvider/src/adapter/nosva/algorithm/cipher/sec_ciphers.h index dbd5cde0b9cb6654d2edf54ec2e54bc0ac6e5474..94a0c66fc8172d52a79c679ea7f101f0dd0fe7a3 100644 --- a/KAEOpensslProvider/src/adapter/nosva/algorithm/cipher/sec_ciphers.h +++ b/KAEOpensslProvider/src/adapter/nosva/algorithm/cipher/sec_ciphers.h @@ -90,6 +90,9 @@ typedef struct { EVP_CIPHER *sw_cipher; unsigned char key[MAX_KEY_LEN]; unsigned char iv[IV_LEN]; + // int sw_init; + int sw_update; + int use_hw; } cipher_priv_ctx; struct cipher_engine_ctx { diff --git a/KAEOpensslProvider/src/adapter/nosva/algorithm/digest/sec_digests.c b/KAEOpensslProvider/src/adapter/nosva/algorithm/digest/sec_digests.c index 8a1a260ce046283ab555b335ef7a25bb7bb807bb..89d4839306458347e4bccee8f3bb3d53aa223ca7 100644 --- a/KAEOpensslProvider/src/adapter/nosva/algorithm/digest/sec_digests.c +++ b/KAEOpensslProvider/src/adapter/nosva/algorithm/digest/sec_digests.c @@ -150,6 +150,7 @@ static int sec_digests_update_inner(sec_digest_priv *md_ctx, size_t data_len, co } } + US_DEBUG("sec digest update success!"); return OPENSSL_SUCCESS; } @@ -246,7 +247,7 @@ int sec_digests_final(sec_digest_priv *md_ctx, unsigned char *digest) ret = OPENSSL_SUCCESS; } - US_DEBUG("do digest success. ctx=%p", md_ctx); + US_DEBUG("sec digest final success!"); // end: return ret; @@ -474,6 +475,7 @@ int sec_digests_copy(sec_digest_priv *to_ctx, const sec_digest_priv *from_ctx) } } + US_DEBUG("sec digest copy success."); return 1; } diff --git a/KAEOpensslProvider/src/adapter/nosva/algorithm/pkey/hpre_sm2.c b/KAEOpensslProvider/src/adapter/nosva/algorithm/pkey/hpre_sm2.c index fce7e5f65f55b7a98a43f2079bba1b46f48ea1de..e98008278275ba237412792d12e229415219da64 100644 --- a/KAEOpensslProvider/src/adapter/nosva/algorithm/pkey/hpre_sm2.c +++ b/KAEOpensslProvider/src/adapter/nosva/algorithm/pkey/hpre_sm2.c @@ -57,7 +57,7 @@ static int hpre_sm2_get_rand(char *out, size_t out_len, void *usr) int ret; if (!out) { - fprintf(stderr, "out is NULL\n"); + US_ERR("out is NULL."); return -1; } @@ -68,7 +68,7 @@ static int hpre_sm2_get_rand(char *out, size_t out_len, void *usr) do { ret = BN_priv_rand_range(k, usr); if (!ret) { - fprintf(stderr, "failed to BN_priv_rand_range\n"); + US_ERR("failed to BN_priv_rand_range."); ret = -ENOMEM; goto err; } @@ -76,7 +76,7 @@ static int hpre_sm2_get_rand(char *out, size_t out_len, void *usr) ret = BN_bn2binpad(k, (void *)out, (int)out_len); if (ret < 0) { ret = -ENOMEM; - fprintf(stderr, "failed to BN_bn2binpad\n"); + US_ERR("failed to BN_bn2binpad."); goto err; } } while (--count >= 0 && BN_is_zero(k)); @@ -100,7 +100,7 @@ static int hpre_sm2_compute_hash(const char *in, size_t in_len, char *out, size_ digest = digest ? digest : EVP_sm3(); if (EVP_DigestInit(hash, digest) == 0 || EVP_DigestUpdate(hash, in, in_len) == 0 || EVP_DigestFinal(hash, (void *)out, NULL) == 0) { - fprintf(stderr, "compute hash failed\n"); + US_ERR("compute hash failed."); ret = -1; } @@ -178,7 +178,6 @@ hpre_sm2_engine_ctx_t *wd_sm2_get_engine_ctx(hpre_sm2_priv_ctx *priv_ctx) US_ERR("sm2 cipher priv ctx NULL!"); return NULL; } - US_DEBUG("kae hpre_sm2 get queue node from pool start."); q_node = kae_get_node_from_pool(g_hpre_sm2_qnode_pool); if (q_node == NULL) { @@ -282,7 +281,7 @@ int hpre_sm2_update_sess(SM2_PROV_CTX *sm2_pctx) if (!sm2_pctx->hsmctx) { sm2_pctx->hsmctx = (hpre_sm2_priv_ctx *)OPENSSL_malloc(sizeof(hpre_sm2_priv_ctx)); if (sm2_pctx->hsmctx == NULL) { - printf("hpre smctx malloc fail"); + US_ERR("hpre smctx malloc fail"); return OPENSSL_FAIL; } kae_memset(sm2_pctx->hsmctx, 0, sizeof(hpre_sm2_priv_ctx)); @@ -313,7 +312,7 @@ int hpre_sm2_update_sess(SM2_PROV_CTX *sm2_pctx) type = hpre_sm2_get_hash_type(smctx->md_nid); if (type < 0) { wd_sm2_put_engine_ctx(smctx->e_hpre_sm2_ctx); - fprintf(stderr, "uadk not support hash nid %d\n", smctx->md_nid); + US_ERR("uadk not support hash nid"); return OPENSSL_FAIL; } e_sm2_ctx->setup.hash.type = type; @@ -325,7 +324,7 @@ int hpre_sm2_update_sess(SM2_PROV_CTX *sm2_pctx) e_sm2_ctx->setup.cb = (wcrypto_cb)hpre_sm2_cb; sess = wcrypto_create_ecc_ctx(queue, &e_sm2_ctx->setup); if (!sess) { - fprintf(stderr, "failed to alloc sess\n"); + US_ERR("failed to alloc sess"); wd_sm2_put_engine_ctx(smctx->e_hpre_sm2_ctx); BN_free(order); smctx->init_status = HPRE_SM2_INIT_FAIL; @@ -380,7 +379,7 @@ static int get_hpre_sm2_param(struct hpre_sm2_param *sm2_param, BN_CTX *ctx) return OPENSSL_SUCCESS; end: - fprintf(stderr, "failed to malloc params\n"); + US_ERR("failed to malloc params."); return OPENSSL_FAIL; } @@ -389,13 +388,13 @@ static int hpre_sm2_check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, uint8_t e_byte; uint16_t entl; if (!EVP_DigestInit(hash, digest)) { - fprintf(stderr, "error evp lib\n"); + US_ERR("error evp lib."); return OPENSSL_FAIL; } /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) { - fprintf(stderr, "id too large\n"); + US_ERR("id too large."); return OPENSSL_FAIL; } @@ -404,19 +403,19 @@ static int hpre_sm2_check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash, /* Update the most significant (first) byte of 'entl' */ e_byte = GET_MS_BYTE(entl); if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - fprintf(stderr, "error evp lib\n"); + US_ERR("error evp lib."); return OPENSSL_FAIL; } /* Update the least significant (second) byte of 'entl' */ e_byte = GET_LS_BYTE(entl); if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - fprintf(stderr, "error evp lib\n"); + US_ERR("error evp lib."); return OPENSSL_FAIL; } if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) { - fprintf(stderr, "error evp lib\n"); + US_ERR("error evp lib."); return OPENSSL_FAIL; } @@ -427,7 +426,7 @@ static int check_equation_param(struct hpre_sm2_param *param, EVP_MD_CTX *hash, { if (BN_bn2binpad(param->a, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(param->b, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes)) { - fprintf(stderr, "failed to check equation param\n"); + US_ERR("failed to check equation param."); return OPENSSL_FAIL; } @@ -439,7 +438,7 @@ static int check_base_point_group_param(struct hpre_sm2_param *param, BN_CTX *ct const EC_GROUP *group = EC_KEY_get0_group(key); if (!EC_POINT_get_affine_coordinates(group, EC_GROUP_get0_generator(group), param->xG, param->yG, ctx)) { - fprintf(stderr, "failed to check base point group param\n"); + US_ERR("failed to check base point group param."); return OPENSSL_FAIL; } @@ -450,7 +449,7 @@ static int check_base_point_param(struct hpre_sm2_param *param, EVP_MD_CTX *hash { if (BN_bn2binpad(param->xG, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(param->yG, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes)) { - fprintf(stderr, "failed to check base point param\n"); + US_ERR("failed to check base point param."); return OPENSSL_FAIL; } @@ -462,7 +461,7 @@ static int check_pkey_point_group_param(struct hpre_sm2_param *param, BN_CTX *ct const EC_GROUP *group = EC_KEY_get0_group(key); if (!EC_POINT_get_affine_coordinates(group, EC_KEY_get0_public_key(key), param->xA, param->yA, ctx)) { - fprintf(stderr, "failed to check pkey point group param\n"); + US_ERR("failed to check pkey point group param."); return OPENSSL_FAIL; } return OPENSSL_SUCCESS; @@ -474,7 +473,7 @@ static int check_pkey_point_param( if (BN_bn2binpad(param->xA, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(param->yA, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || !EVP_DigestFinal(hash, out, NULL)) { - fprintf(stderr, "failed to check pkey point param\n"); + US_ERR("failed to check pkey point param."); return OPENSSL_FAIL; } @@ -502,7 +501,7 @@ int hpre_sm2_compute_z_digest( param = OPENSSL_zalloc(sizeof(struct hpre_sm2_param)); if (!param) { - fprintf(stderr, "failed to malloc sm2 param\n"); + US_ERR("failed to malloc sm2 param."); goto free_ctx; } @@ -513,14 +512,14 @@ int hpre_sm2_compute_z_digest( goto free_param; if (!EC_GROUP_get_curve(group, param->p, param->a, param->b, ctx)) { - fprintf(stderr, "failed to get curve\n"); + US_ERR("failed to get curve."); goto free_param; } p_bytes = BN_num_bytes(param->p); buf = OPENSSL_zalloc(p_bytes); if (!buf) { - fprintf(stderr, "failed to malloc buf\n"); + US_ERR("failed to malloc buf."); goto free_param; } @@ -591,7 +590,7 @@ static int hpre_sm2_smctx_check(SM2_PROV_CTX *sm2_pctx) { if (!sm2_pctx) { - fprintf(stderr, "smctx is NULL\n"); + US_ERR("smctx is NULL."); return OPENSSL_FAIL; } @@ -627,7 +626,7 @@ static int hpre_sm2_encrypt_check( md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; c3_size = EVP_MD_size(md); if (c3_size <= 0) { - fprintf(stderr, "c3 size error\n"); + US_ERR("c3 size error."); return OPENSSL_FAIL; } @@ -652,7 +651,7 @@ static int hpre_sm2_encrypt_init_iot(void *sess, struct wcrypto_ecc_op_data *opd ecc_out = wcrypto_new_sm2_enc_out(sess, inlen); if (!ecc_out) { - fprintf(stderr, "failed to new enc out\n"); + US_ERR("failed to new enc out."); return OPENSSL_FAIL; } @@ -660,7 +659,7 @@ static int hpre_sm2_encrypt_init_iot(void *sess, struct wcrypto_ecc_op_data *opd e.dsize = inlen; ecc_in = wcrypto_new_sm2_enc_in(sess, NULL, &e); if (!ecc_in) { - fprintf(stderr, "failed to new enc in\n"); + US_ERR("failed to new enc in."); wcrypto_del_ecc_out(sess, ecc_out); return OPENSSL_FAIL; } @@ -682,14 +681,14 @@ int hpre_sm2_set_public_key(void *sess, const EC_KEY *eckey) point = EC_KEY_get0_public_key(eckey); if (!point) { - fprintf(stderr, "pubkey not set!\n"); + US_ERR("pubkey not set!"); return OPENSSL_FAIL; } group = EC_KEY_get0_group(eckey); len = EC_POINT_point2buf(group, point, SM2_OCTET_STRING, &point_bin, NULL); if (!len) { - fprintf(stderr, "EC_POINT_point2buf error.\n"); + US_ERR("EC_POINT_point2buf error."); return OPENSSL_FAIL; } @@ -701,7 +700,7 @@ int hpre_sm2_set_public_key(void *sess, const EC_KEY *eckey) ecc_key = wcrypto_get_ecc_key(sess); ret = wcrypto_set_ecc_pubkey(ecc_key, &pubkey); if (ret) { - fprintf(stderr, "failed to set ecc pubkey\n"); + US_ERR("failed to set ecc pubkey."); ret = OPENSSL_FAIL; } @@ -718,7 +717,7 @@ static int hpre_sm2_update_public_key(hpre_sm2_priv_ctx *smctx, EC_KEY *ec_key) point = EC_KEY_get0_public_key(ec_key); if (!point) { - fprintf(stderr, "pubkey not set!\n"); + US_ERR("pubkey not set!"); return OPENSSL_FAIL; } @@ -836,13 +835,13 @@ static int sm2_cipher_bin_to_ber(const EVP_MD *md, struct wcrypto_ecc_point *c1, x1 = BN_bin2bn((void *)c1->x.data, c1->x.dsize, NULL); if (!x1) { - fprintf(stderr, "failed to BN_bin2bn x1\n"); + US_ERR("failed to BN_bin2bn x1."); return OPENSSL_FAIL; } y1 = BN_bin2bn((void *)c1->y.data, c1->y.dsize, NULL); if (!y1) { - fprintf(stderr, "failed to BN_bin2bn y1\n"); + US_ERR("failed to BN_bin2bn y1."); ret = OPENSSL_FAIL; goto free_x1; } @@ -863,7 +862,7 @@ static int sm2_cipher_bin_to_ber(const EVP_MD *md, struct wcrypto_ecc_point *c1, if (!ASN1_OCTET_STRING_set(ctext_struct.C3, (void *)c3->data, c3->dsize) || !ASN1_OCTET_STRING_set(ctext_struct.C2, (void *)c2->data, c2->dsize)) { - fprintf(stderr, "failed to ASN1_OCTET_STRING_set\n"); + US_ERR("failed to ASN1_OCTET_STRING_set."); ret = OPENSSL_FAIL; goto free_y1; } @@ -944,19 +943,16 @@ int hpre_sm2_encrypt( if (!ret) goto uninit_iot; + US_DEBUG("hpre sm2 encrypt success!"); ret = OPENSSL_SUCCESS; uninit_iot: - // wcrypto_del_ecc_in(smctx->e_hpre_sm2_ctx->wd_ctx, opdata.in); - // wcrypto_del_ecc_out(smctx->e_hpre_sm2_ctx->wd_ctx, opdata.out); hpre_free_sm2_eng_ctx(smctx->e_hpre_sm2_ctx, opdata); if (ret == OPENSSL_SUCCESS) return ret; -do_soft: - US_ERR("hpre_sm2_encrypt switch to execute openssl software calculation.\n"); - psm2ctx->sm2_pctx->do_soft = 1; - return OPENSSL_FAIL; - // return kae_prov_sm2_encrypt_sw(psm2ctx, out, outlen, in, inlen); +do_soft: + US_WARN("hpre_sm2_encrypt switch to execute openssl software calculation.\n"); + return KAE_CRYPTO_FAIL; } static int sm2_cipher_ber_to_bin( @@ -967,7 +963,7 @@ static int sm2_cipher_ber_to_bin( ctext_struct = d2i_HPRE_SM2_Ciphertext(NULL, (const unsigned char **)&ber, ber_len); if (!ctext_struct) { - fprintf(stderr, "failed to d2i_SM2_Ciphertext\n"); + US_ERR("failed to d2i_SM2_Ciphertext."); return OPENSSL_FAIL; } @@ -1003,13 +999,13 @@ static int hpre_sm2_decrypt_init_iot( ecc_out = wcrypto_new_sm2_dec_out(sess, c2->dsize); if (!ecc_out) { - fprintf(stderr, "failed to new dec out\n"); + US_ERR("failed to new dec out."); return OPENSSL_FAIL; } ecc_in = wcrypto_new_sm2_dec_in(sess, c1, c2, c3); if (!ecc_in) { - fprintf(stderr, "failed to new dec in\n"); + US_ERR("failed to new dec in."); wcrypto_del_ecc_out(sess, ecc_out); return OPENSSL_FAIL; } @@ -1034,13 +1030,13 @@ int hpre_sm2_set_private_key(void *sess, const EC_KEY *eckey) d = EC_KEY_get0_private_key(eckey); if (!d) { - fprintf(stderr, "private key not set\n"); + US_ERR("private key not set."); return OPENSSL_FAIL; } group = EC_KEY_get0_group(eckey); if (!group) { - fprintf(stderr, "failed to get ecc group\n"); + US_ERR("failed to get ecc group."); return OPENSSL_FAIL; } @@ -1052,7 +1048,7 @@ int hpre_sm2_set_private_key(void *sess, const EC_KEY *eckey) ret = wcrypto_set_ecc_prikey(ecc_key, &prikey); if (ret != KAE_SUCCESS) { - fprintf(stderr, "failed to set ecc prikey, ret = %d\n", ret); + US_ERR("failed to set ecc prikey."); ret = OPENSSL_FAIL; } // 是否考虑下其他返回码 @@ -1061,13 +1057,12 @@ int hpre_sm2_set_private_key(void *sess, const EC_KEY *eckey) static int hpre_sm2_update_private_key(hpre_sm2_priv_ctx *smctx, EC_KEY *ec_key) { - const BIGNUM *d; int ret; d = EC_KEY_get0_private_key(ec_key); if (!d) { - fprintf(stderr, "private key not set\n"); + US_ERR("private key not set."); return OPENSSL_FAIL; } @@ -1088,12 +1083,12 @@ static int hpre_sm2_get_plaintext(struct wcrypto_ecc_op_data *opdata, unsigned c wcrypto_get_sm2_dec_out_params(opdata->out, &ptext); if (!ptext) { - fprintf(stderr, "failed to get ptext\n"); + US_ERR("failed to get ptext."); return OPENSSL_FAIL; } if (*outlen < ptext->dsize) { - fprintf(stderr, "outlen(%lu) < (%u)\n", *outlen, ptext->dsize); + US_ERR("invalid: outlen is less than data size."); return OPENSSL_FAIL; } @@ -1109,7 +1104,7 @@ static int hpre_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size sm2_ctext = d2i_HPRE_SM2_Ciphertext(NULL, &ct, ct_size); if (!sm2_ctext) { - fprintf(stderr, "invalid sm2 encoding\n"); + US_ERR("invalid sm2 encoding."); return OPENSSL_FAIL; } @@ -1131,14 +1126,14 @@ static int hpre_sm2_decrypt_check( } if (smctx->init_status != HPRE_SM2_INIT_SUCC) { - fprintf(stderr, "sm2 ctx init failed\n"); + US_ERR("sm2 ctx init failed."); return OPENSSL_FAIL; } md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md; hash_size = EVP_MD_size(md); if (hash_size <= 0) { - fprintf(stderr, "hash size = %d error\n", hash_size); + US_ERR("hash size <= 0."); return OPENSSL_FAIL; } @@ -1177,7 +1172,7 @@ int hpre_sm2_decrypt( goto do_soft; if (c3.dsize != EVP_MD_size(md)) { - fprintf(stderr, "c3 dsize != hash_size\n"); + US_ERR("c3 dsize != hash_size."); goto free_c1; } @@ -1193,7 +1188,7 @@ int hpre_sm2_decrypt( ret = hpre_sm2_crypto(&opdata, smctx); if (!ret) { - printf("failed to sm2_crypto in decrypt, ret = %d\n", ret); + US_ERR("failed to sm2_crypto in decrypt."); goto uninit_iot; } @@ -1201,20 +1196,18 @@ int hpre_sm2_decrypt( if (!ret) goto uninit_iot; + US_DEBUG("hpre sm2 decrypt success!"); ret = OPENSSL_SUCCESS; -uninit_iot: - // wcrypto_del_ecc_in(smctx->e_hpre_sm2_ctx->wd_ctx, opdata.in); - // wcrypto_del_ecc_out(smctx->e_hpre_sm2_ctx->wd_ctx, opdata.out); +uninit_iot: hpre_free_sm2_eng_ctx(smctx->e_hpre_sm2_ctx, opdata); free_c1: free(c1.x.data); if (ret == OPENSSL_SUCCESS) // 得考虑异常情况不走soft,抛异常 return ret; do_soft: - printf("hpre_sm2_decrypt switch to execute openssl software calculation.\n"); - psm2ctx->sm2_pctx->do_soft = 1; - return OPENSSL_FAIL; + US_WARN("hpre_sm2_decrypt switch to execute openssl software calculation."); + return KAE_CRYPTO_FAIL; } static int hpre_sm2_sign_init_iot( @@ -1226,7 +1219,7 @@ static int hpre_sm2_sign_init_iot( ecc_out = wcrypto_new_sm2_sign_out(sess); if (!ecc_out) { - fprintf(stderr, "failed to new sign out\n"); + US_ERR("failed to new sign out."); return OPENSSL_FAIL; } @@ -1234,7 +1227,7 @@ static int hpre_sm2_sign_init_iot( e.dsize = digest_len; ecc_in = wcrypto_new_sm2_sign_in(sess, &e, NULL, NULL, 1); if (!ecc_in) { - fprintf(stderr, "failed to new sign in\n"); + US_ERR("failed to new sign in."); wcrypto_del_ecc_out(sess, ecc_out); return OPENSSL_FAIL; } @@ -1281,12 +1274,12 @@ static int hpre_sm2_sign_check( } if (sig_sz <= 0) { - fprintf(stderr, "sig_sz error\n"); + US_ERR("sig_sz error\n"); return OPENSSL_FAIL; } if (*siglen < (size_t)sig_sz) { - fprintf(stderr, "siglen(%lu) < sig_sz(%lu)\n", *siglen, (size_t)sig_sz); + US_ERR("invalide: siglen < sig_sz."); return OPENSSL_FAIL; } @@ -1308,31 +1301,31 @@ static int hpre_sm2_sign_bin_to_ber(EC_KEY *ec, struct wd_dtb *r, struct wd_dtb e_sig = ECDSA_SIG_new(); if (!e_sig) { - fprintf(stderr, "failed to ECDSA_SIG_new\n"); + US_ERR("failed to ECDSA_SIG_new."); return OPENSSL_FAIL; } br = BN_bin2bn((void *)r->data, r->dsize, NULL); if (!br) { - fprintf(stderr, "failed to BN_bin2bn r\n"); + US_ERR("failed to BN_bin2bn r."); goto free_sig; } bs = BN_bin2bn((void *)s->data, s->dsize, NULL); if (!bs) { - fprintf(stderr, "failed to BN_bin2bn s\n"); + US_ERR("failed to BN_bin2bn s."); goto free_r; } ret = ECDSA_SIG_set0(e_sig, br, bs); if (!ret) { - fprintf(stderr, "failed to ECDSA_SIG_set0\n"); + US_ERR("failed to ECDSA_SIG_set0."); goto free_s; } sltmp = i2d_ECDSA_SIG(e_sig, &sig); if (sltmp < 0) { - fprintf(stderr, "failed to i2d_ECDSA_SIG\n"); + US_ERR("failed to i2d_ECDSA_SIG."); goto free_s; } *siglen = (size_t)sltmp; @@ -1378,7 +1371,7 @@ int hpre_sm2_sign( ret = hpre_sm2_crypto(&opdata, smctx); if (!ret) { - fprintf(stderr, "failed to sm2_crypto in sign, ret = %d\n", ret); + US_ERR("failed to sm2_crypto in sign."); goto uninit_iot; } @@ -1391,11 +1384,10 @@ int hpre_sm2_sign( if (!ret) goto uninit_iot; + US_DEBUG("hpre sm2 sign success!"); ret = OPENSSL_SUCCESS; uninit_iot: - // wcrypto_del_ecc_in(smctx->e_hpre_sm2_ctx->wd_ctx, opdata.in); - // wcrypto_del_ecc_out(smctx->e_hpre_sm2_ctx->wd_ctx, opdata.out); hpre_free_sm2_eng_ctx(smctx->e_hpre_sm2_ctx, opdata); if (ret == OPENSSL_SUCCESS) { @@ -1403,9 +1395,8 @@ uninit_iot: return OPENSSL_SUCCESS; } do_soft: - US_ERR("sm2_sign failed, switch to execute openssl software calculation.\n"); - psm2ctx->sm2_pctx->do_soft = 1; - return OPENSSL_FAIL; + US_WARN("sm2_sign failed, switch to execute openssl software calculation.\n"); + return KAE_CRYPTO_FAIL; } static int hpre_sm2_verify_check( @@ -1433,7 +1424,7 @@ static int hpre_sm2_verify_init_iot( ecc_in = wcrypto_new_sm2_verf_in(sess, e, r, s, NULL, 1); if (!ecc_in) { - fprintf(stderr, "failed to new verf in\n"); + US_ERR("failed to new verf in."); return OPENSSL_FAIL; } @@ -1453,12 +1444,12 @@ static int hpre_sm2_sig_ber_to_bin(EC_KEY *ec, unsigned char *sig, size_t sig_le e_sig = ECDSA_SIG_new(); if (!e_sig) { - fprintf(stderr, "failed to ECDSA_SIG_new\n"); + US_ERR("failed to ECDSA_SIG_new."); return OPENSSL_FAIL; } if (d2i_ECDSA_SIG(&e_sig, &p, sig_len) == NULL) { - fprintf(stderr, "d2i_ECDSA_SIG error\n"); + US_ERR("d2i_ECDSA_SIG error."); ret = OPENSSL_FAIL; goto free_sig; } @@ -1466,21 +1457,21 @@ static int hpre_sm2_sig_ber_to_bin(EC_KEY *ec, unsigned char *sig, size_t sig_le /* Ensure signature uses DER and doesn't have trailing garbage */ len1 = i2d_ECDSA_SIG(e_sig, &der); if (len1 != sig_len || memcmp(sig, der, len1) != 0) { - fprintf(stderr, "sig data error, derlen(%d), sig_len(%lu)\n", len1, sig_len); + US_ERR("sig data error, len1 != sig_len."); ret = OPENSSL_FAIL; goto free_der; } b_r = (void *)ECDSA_SIG_get0_r((const ECDSA_SIG *)e_sig); if (!b_r) { - fprintf(stderr, "failed to get r\n"); + US_ERR("failed to get r."); ret = OPENSSL_FAIL; goto free_der; } b_s = (void *)ECDSA_SIG_get0_s((const ECDSA_SIG *)e_sig); if (!b_s) { - fprintf(stderr, "failed to get s\n"); + US_ERR("failed to get s."); ret = OPENSSL_FAIL; goto free_der; } @@ -1488,7 +1479,7 @@ static int hpre_sm2_sig_ber_to_bin(EC_KEY *ec, unsigned char *sig, size_t sig_le len1 = BN_num_bytes(b_r); len2 = BN_num_bytes(b_s); if (len1 > SM2_MAX_KEY_BYTES || len2 > SM2_MAX_KEY_BYTES) { - fprintf(stderr, "r or s bytes = (%d, %d) error\n", len1, len2); + US_ERR("r or s bytes error."); ret = OPENSSL_FAIL; goto free_der; } @@ -1552,26 +1543,23 @@ int hpre_sm2_verify( ret = hpre_sm2_crypto(&opdata, smctx); if (!ret) { ret = OPENSSL_FAIL; - fprintf(stderr, "failed to sm2_crypto in verify, ret = %d\n", ret); US_ERR("uadk_ecc_crypto failed,switch to soft.\n"); goto uninit_iot; } + + US_DEBUG("hpre sm2 verify success!"); ret = OPENSSL_SUCCESS; uninit_iot: - // wcrypto_del_ecc_in(smctx->e_hpre_sm2_ctx->wd_ctx, opdata.in); - // wcrypto_del_ecc_out(smctx->e_hpre_sm2_ctx->wd_ctx, opdata.out); hpre_free_sm2_eng_ctx(smctx->e_hpre_sm2_ctx, opdata); if (ret == OPENSSL_SUCCESS) { US_DEBUG("sm2_verify successed!\n"); return OPENSSL_SUCCESS; } -do_soft: - US_ERR("sm2_verify failed,switch to execute openssl software calculation.\n"); - psm2ctx->sm2_pctx->do_soft = 1; - return OPENSSL_FAIL; - // return openssl_soft_verify(ctx, sig, siglen, tbs, tbslen); +do_soft: + US_WARN("sm2_verify failed,switch to execute openssl software calculation.\n"); + return KAE_CRYPTO_FAIL; } int wd_sm2_init_qnode_pool(void) diff --git a/KAEOpensslProvider/src/provider/prov_nosva.c b/KAEOpensslProvider/src/provider/prov_nosva.c index 3f54622306e1b351ba809b7db662896ea5573eef..57fdbf55076032ca46e556cdd3ce7e97cd54f095 100644 --- a/KAEOpensslProvider/src/provider/prov_nosva.c +++ b/KAEOpensslProvider/src/provider/prov_nosva.c @@ -17,6 +17,7 @@ #include #include +#include #include #include #include @@ -25,8 +26,6 @@ #include #include -#include - #include "prov_nosva/prov.h" #include "prov_nosva/internal/prov_bio.h" #include "prov_nosva/prov_pkey.h" @@ -37,7 +36,7 @@ #include "../adapter/nosva/async/async_check.h" static const char KAE_DEFAULT_PROPERTIES[] = "provider=kae_provider"; -static OSSL_PROVIDER *prov; +static OSSL_PROVIDER *prov = NULL; /* Functions provided by the core */ static OSSL_FUNC_core_gettable_params_fn *c_gettable_params; @@ -97,31 +96,70 @@ const OSSL_ALGORITHM kae_prov_ciphers[] = { {"SM4-CFB", KAE_DEFAULT_PROPERTIES, kae_sm4_cfb128_functions, "kae_provider sm4-cfb"}, {"SM4-CTR", KAE_DEFAULT_PROPERTIES, kae_sm4_ctr_functions, "kae_provider sm4-ctr"}, {NULL, NULL, NULL}}; -static const OSSL_ALGORITHM kae_prov_signature[] = { - {"RSA", KAE_DEFAULT_PROPERTIES, kae_rsa_signature_functions, "kae_provider rsa_signature"}, - {"SM2", KAE_DEFAULT_PROPERTIES, kae_sm2_signature_functions, "kae_provider sm2_signature"}, - {NULL, NULL, NULL}}; +static const OSSL_ALGORITHM *kae_prov_signature; +static const OSSL_ALGORITHM *kae_prov_keymgmt; +static const OSSL_ALGORITHM *kae_prov_asym_cipher; -static const OSSL_ALGORITHM kae_prov_keymgmt[] = { - {"RSA", KAE_DEFAULT_PROPERTIES, kae_rsa_keymgmt_functions, "kae RSA Keymgmt implementation."}, - // {"DH", KAE_DEFAULT_PROPERTIES, kae_dh_keymgmt_functions, "kae DH Keymgmt implementation."}, - {"SM2", KAE_DEFAULT_PROPERTIES, kae_sm2_keymgmt_functions, "kae SM2 Keymgmt implementation."}, - {NULL, NULL, NULL}}; +static const OSSL_ALGORITHM kae_prov_keyexch[] = { + {"DH", KAE_DEFAULT_PROPERTIES, kae_dh_keyexch_functions, "KAE DH keyexch implementation"}, {NULL, NULL, NULL} +}; -static const OSSL_ALGORITHM kae_prov_asym_cipher[] = { - {"RSA", KAE_DEFAULT_PROPERTIES, kae_rsa_asym_cipher_functions, "kae RSA asym cipher implementation."}, - {"SM2", KAE_DEFAULT_PROPERTIES, kae_sm2_asym_cipher_functions, "kae SM2 asym cipher implementation."}, - {NULL, NULL, NULL}}; +static const OSSL_ALGORITHM *kae_prov_signature_query() +{ + static OSSL_ALGORITHM algs[3]; + int i = 0; -static const OSSL_ALGORITHM kae_prov_keyexch[] = { - // {"DH", KAE_DEFAULT_PROPERTIES, kae_dh_keyexch_functions, "KAE DH keyexch implementation"}, {NULL, NULL, NULL} - }; + if (uadk_sm2_nosva) { + algs[i++] = + (OSSL_ALGORITHM){"SM2", KAE_DEFAULT_PROPERTIES, kae_sm2_signature_functions, "kae_provider sm2_signature"}; + } + algs[i++] = + (OSSL_ALGORITHM){"RSA", KAE_DEFAULT_PROPERTIES, kae_rsa_signature_functions, "kae_provider rsa_signature"}; + algs[i] = (OSSL_ALGORITHM){NULL, NULL, NULL, NULL}; + + return algs; +} + +static const OSSL_ALGORITHM *kae_prov_keymgmt_query() +{ + static OSSL_ALGORITHM algs[4]; + int i = 0; + + if (uadk_sm2_nosva) { + algs[i++] = (OSSL_ALGORITHM){ + "SM2", KAE_DEFAULT_PROPERTIES, kae_sm2_keymgmt_functions, "kae SM2 Keymgmt implementation."}; + } + algs[i++] = + (OSSL_ALGORITHM){"RSA", KAE_DEFAULT_PROPERTIES, kae_rsa_keymgmt_functions, "kae RSA Keymgmt implementation."}; + // algs[i++] = + // (OSSL_ALGORITHM){"DH", KAE_DEFAULT_PROPERTIES, kae_dh_keymgmt_functions, "kae DH Keymgmt implementation."}; + algs[i] = (OSSL_ALGORITHM){NULL, NULL, NULL, NULL}; + + return algs; +} + +static const OSSL_ALGORITHM *kae_prov_asym_cipher_query() +{ + static OSSL_ALGORITHM algs[3]; + int i = 0; + + if (uadk_sm2_nosva) { + algs[i++] = (OSSL_ALGORITHM){ + "SM2", KAE_DEFAULT_PROPERTIES, kae_sm2_asym_cipher_functions, "kae SM2 asym cipher implementation."}; + } + algs[i++] = (OSSL_ALGORITHM){ + "RSA", KAE_DEFAULT_PROPERTIES, kae_rsa_asym_cipher_functions, "kae RSA asym cipher implementation."}; + algs[i] = (OSSL_ALGORITHM){NULL, NULL, NULL, NULL}; + + return algs; +} static const OSSL_ALGORITHM *kae_query(void *provctx, int operation_id, int *no_cache) { static int prov_init; - prov = (OSSL_PROVIDER *)OSSL_PROVIDER_load(NULL, "default"); + if (!prov) + prov = (OSSL_PROVIDER *)OSSL_PROVIDER_load(NULL, "default"); if (!prov_init) { prov_init = 1; /* kae_provider takes the highest priority @@ -133,8 +171,12 @@ static const OSSL_ALGORITHM *kae_query(void *provctx, int operation_id, int *no_ *no_cache = 0; switch (operation_id) { case OSSL_OP_DIGEST: + if (!uadk_digest_nosva) + return prov->query_operation(provctx, operation_id, no_cache); return kae_prov_digests; case OSSL_OP_CIPHER: + if (!uadk_cipher_nosva) + return prov->query_operation(provctx, operation_id, no_cache); return kae_prov_ciphers; case OSSL_OP_SIGNATURE: return kae_prov_signature; @@ -142,8 +184,8 @@ static const OSSL_ALGORITHM *kae_query(void *provctx, int operation_id, int *no_ return kae_prov_keymgmt; case OSSL_OP_ASYM_CIPHER: return kae_prov_asym_cipher; - case OSSL_OP_KEYEXCH: - return kae_prov_keyexch; + // case OSSL_OP_KEYEXCH: + // return kae_prov_keyexch; case OSSL_OP_STORE: return prov->query_operation(provctx, operation_id, no_cache); } @@ -155,6 +197,7 @@ static void kae_teardown(void *provctx) struct kae_prov_ctx *ctx = (struct kae_prov_ctx *)provctx; OPENSSL_free(ctx); + BIO_meth_free(ctx->corebiometh); kae_checking_q_sync_destroy(); OSSL_PROVIDER_unload(prov); async_poll_task_free_v1(); @@ -173,7 +216,7 @@ int kae_get_params_from_core(const OSSL_CORE_HANDLE *handle) *p = OSSL_PARAM_construct_end(); if (!c_get_params(handle, core_params)) { - fprintf(stderr, "WARN: KAE get parameters from core is failed.\n"); + US_WARN("WARN: can not get parameters from core."); return 0; } @@ -197,7 +240,7 @@ static int kae_prov_ctx_set_core_bio_method(struct kae_prov_ctx *ctx) core_bio = ossl_bio_prov_init_bio_method(); if (core_bio == NULL) { - fprintf(stderr, "failed to set bio from dispatch\n"); + US_ERR("failed to set bio from dispatch."); return 0; } @@ -235,7 +278,7 @@ int OSSL_provider_init( int dev_num; if (oin == NULL) { - fprintf(stderr, "failed to get dispatch in\n"); + US_ERR("failed to get dispatch in."); return 0; } @@ -247,70 +290,70 @@ int OSSL_provider_init( dev_num = wd_get_available_dev_num("rsa"); if (dev_num > 0) { if (!hpre_module_rsa_init()) { - fprintf(stderr, "kae nosva rsa module init fail, switch to soft.\n"); + US_ERR("kae nosva rsa module init fail, switch to soft."); rsa_switch_soft = 1; } else { uadk_rsa_nosva = 1; - printf("kae nosva rsa module init success.\n"); + US_DEBUG("kae nosva rsa module init success."); } } else { - fprintf(stderr, "no available rsa dev, switch to soft.\n"); + US_ERR("no available rsa dev, switch to soft."); rsa_switch_soft = 1; } - dev_num = wd_get_available_dev_num("sm2"); - if (dev_num > 0) { - if (!hpre_module_sm2_init()) { - fprintf(stderr, "kae nosva sm2 module init fail, switch to soft.\n"); - sm2_switch_soft = 1; - } else { - uadk_sm2_nosva = 1; - printf("kae nosva sm2 module init success.\n"); - } - } else { - fprintf(stderr, "no available sm2 dev, switch to soft.\n"); - sm2_switch_soft = 1; - } + // dev_num = wd_get_available_dev_num("sm2"); + // if (dev_num > 0) { + // if (!hpre_module_sm2_init()) { + // US_ERR("kae nosva sm2 module init fail, switch to soft."); + // sm2_switch_soft = 1; + // } else { + // uadk_sm2_nosva = 1; + // US_DEBUG("kae nosva sm2 module init success.\n"); + // } + // } else { + // US_ERR("no available sm2 dev, switch to soft."); + // sm2_switch_soft = 1; + // } // dev_num = wd_get_available_dev_num("dh"); // if (dev_num > 0) { // if (!hpre_module_dh_init()) { - // fprintf(stderr, "kae nosva dh module init fail, switch to soft.\n"); + // US_ERR("kae nosva dh module init fail, switch to soft."); // dh_switch_soft = 1; // } else { // uadk_dh_nosva = 1; - // printf("kae nosva dh module init success.\n"); + // US_DEBUG("kae nosva dh module init success."); // } // } else { - // fprintf(stderr, "no available dh dev, switch to soft.\n"); + // US_ERR("no available dh dev, switch to soft."); // dh_switch_soft = 1; // } dev_num = wd_get_available_dev_num("digest"); if (dev_num > 0) { if (!sec_digest_module_init()) { - fprintf(stderr, "kae nosva digest module init fail, switch to soft.\n"); + US_ERR("kae nosva digest module init fail, switch to soft."); digest_switch_soft = 1; } else { uadk_digest_nosva = 1; - printf("kae nosva digest module init success.\n"); + US_DEBUG("kae nosva digest module init success."); } } else { - fprintf(stderr, "no available digest dev, switch to soft.\n"); + US_ERR("no available digest dev, switch to soft."); digest_switch_soft = 1; } dev_num = wd_get_available_dev_num("cipher"); if (dev_num > 0) { if (!sec_cipher_module_init()) { - fprintf(stderr, "kae nosva cipher module init fail, switch to soft.\n"); + US_ERR("kae nosva cipher module init fail, switch to soft."); cipher_switch_soft = 1; } else { uadk_cipher_nosva = 1; - printf("kae nosva cipher module init success.\n"); + US_DEBUG("kae nosva cipher module init success."); } } else { - fprintf(stderr, "no available cipher dev, switch to soft.\n"); + US_ERR("no available cipher dev, switch to soft."); cipher_switch_soft = 1; } @@ -320,7 +363,7 @@ int OSSL_provider_init( ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { - fprintf(stderr, "failed to alloc ctx\n"); + US_ERR("failed to alloc ctx."); return 0; } @@ -336,6 +379,9 @@ int OSSL_provider_init( pthread_atfork(NULL, NULL, provider_init_child_at_fork_handler); + kae_prov_signature = kae_prov_signature_query(); + kae_prov_keymgmt = kae_prov_keymgmt_query(); + kae_prov_asym_cipher = kae_prov_asym_cipher_query(); *provctx = (void *)ctx; *out = kae_dispatch_table; diff --git a/KAEOpensslProvider/src/provider/prov_nosva/prov_cipher.c b/KAEOpensslProvider/src/provider/prov_nosva/prov_cipher.c index 5d494ad6ab370d931a2077c0cda05fe9467e2abd..1f6ffcccb5ab7907e8683afb4476699949cacaa7 100644 --- a/KAEOpensslProvider/src/provider/prov_nosva/prov_cipher.c +++ b/KAEOpensslProvider/src/provider/prov_nosva/prov_cipher.c @@ -101,6 +101,7 @@ EVP_CIPHER *get_default_soft_cipher(int nid) cipher = EVP_CIPHER_fetch(NULL, "AES-256-XTS", "provider=default"); break; default: + US_ERR("invalid: kae unsupport digest cipher nid."); cipher = NULL; break; } @@ -110,9 +111,10 @@ EVP_CIPHER *get_default_soft_cipher(int nid) int ciphers_sw_impl_init(cipher_priv_ctx *priv, const unsigned char *key, const unsigned char *iv, int enc) { - priv->sw_ctx = EVP_CIPHER_CTX_new(); + if (!priv->sw_ctx) + priv->sw_ctx = EVP_CIPHER_CTX_new(); if (!priv->sw_ctx) { - fprintf(stderr, "EVP_CIPHER_CTX_new failed.\n"); + US_ERR("new soft cipher ctx failed."); return OPENSSL_FAIL; } @@ -121,17 +123,18 @@ int ciphers_sw_impl_init(cipher_priv_ctx *priv, const unsigned char *key, const return OPENSSL_FAIL; } - if (!EVP_CipherInit_ex2(priv->sw_ctx, priv->sw_cipher, key, iv, priv->encrypt, NULL)) { - fprintf(stderr, "cipher soft init failed!\n"); - return OPENSSL_FAIL; - } + // if (!EVP_CipherInit_ex2(priv->sw_ctx, priv->sw_cipher, key, iv, priv->encrypt, NULL)) { + // US_ERR("soft cipher init failed."); + // return OPENSSL_FAIL; + // } return OPENSSL_SUCCESS; } static void init_soft_cipher_ctx(cipher_priv_ctx *priv, const unsigned char *key, const unsigned char *iv) { - priv->sw_cipher = get_default_soft_cipher(priv->nid); + if (!priv->sw_cipher) + priv->sw_cipher = get_default_soft_cipher(priv->nid); ciphers_sw_impl_init(priv, key, iv, priv->encrypt); } @@ -147,6 +150,10 @@ static int kae_cipher_einit(void *vctx, const unsigned char *key, size_t keylen, priv->encrypt = 1; ret = sec_ciphers_init_priv_ctx(priv, key, keylen, iv, ivlen); + if (!ret) { + US_ERR("sec cipher init ctx failed."); + } + if (priv->c_mode == XTS && priv->ecb_encryto) { if (priv->ecb_encryto->key2_len == 32) { // 256-xts key2len is 32 priv->ecb_encryto->cipher_type = get_default_soft_cipher(NID_aes_256_ecb); @@ -166,12 +173,18 @@ static int kae_cipher_dinit(void *vctx, const unsigned char *key, size_t keylen, cipher_priv_ctx *priv = (cipher_priv_ctx *)vctx; int ret; - if (!vctx) + if (!vctx) { + US_ERR("invalid: cipher ctx failed."); return KAE_P_FAIL; + } priv->encrypt = 0; ret = sec_ciphers_init_priv_ctx(priv, key, keylen, iv, ivlen); + if (!ret) { + US_ERR("sec cipher init ctx failed."); + } + if (priv->c_mode == XTS && priv->ecb_encryto) { if (priv->ecb_encryto->key2_len == 32) { // 256-xts key2len is 32 priv->ecb_encryto->cipher_type = get_default_soft_cipher(NID_aes_256_ecb); @@ -188,18 +201,23 @@ static int kae_cipher_dinit(void *vctx, const unsigned char *key, size_t keylen, static int prov_cipher_soft_update( cipher_priv_ctx *priv, unsigned char *out, int *outl, const unsigned char *in, size_t len) { - if (!priv->sw_cipher) + if (!priv->sw_cipher) { + US_ERR("invalid: soft cipher is NULL."); return KAE_P_FAIL; + } if (!EVP_CipherInit_ex2(priv->sw_ctx, priv->sw_cipher, priv->key, priv->iv, priv->encrypt, NULL)) { - fprintf(stderr, "cipher soft init error!\n"); + US_ERR("soft cipher init failed."); return KAE_P_FAIL; } + // priv->sw_init = 1; if (!EVP_CipherUpdate(priv->sw_ctx, out, outl, in, len)) { - fprintf(stderr, "cipher soft update error!\n"); + US_ERR("soft cipher update failed."); return KAE_P_FAIL; } + EVP_CIPHER_CTX_get_updated_iv(priv->sw_ctx, priv->iv, priv->iv_len); + priv->sw_update = 1; return KAE_P_SUCCESS; } @@ -215,7 +233,6 @@ static int ossl_cipher_trailingdata( return KAE_P_SUCCESS; if (*buflen + *inlen > blocksize) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); return KAE_P_FAIL; } @@ -263,7 +280,6 @@ static int prov_do_cipher( if (priv->buf_size == blksz && (priv->encrypt || inlen > 0 || !priv->pad)) { ret = sec_ciphers_do_cipher(priv, out, outsize, priv->buf, blksz); if (ret != KAE_P_SUCCESS) { - fprintf(stderr, "do hw ciphers failed.\n"); if (priv->sw_cipher) goto do_soft; return ret; @@ -283,7 +299,6 @@ static int prov_do_cipher( if (nextblocks > 0) { ret = sec_ciphers_do_cipher(priv, out, outsize, in, nextblocks); if (ret != KAE_P_SUCCESS) { - // fprintf(stderr, "last block do hw ciphers failed.\n"); if (priv->sw_cipher) goto do_soft; return ret; @@ -301,14 +316,22 @@ out: return inlen == 0; do_soft: - + US_WARN("kae cipher update failed, switch to soft."); ret = prov_cipher_soft_update(priv, out, &outlint, in, inlen); - if (ret) { - *outl = outlint; - return KAE_P_SUCCESS; + if (!ret) { + return OPENSSL_FAIL; } - return KAE_P_FAIL; + if (!priv->encrypt) { + in += nextblocks; + inlen -= nextblocks; + if (!ossl_cipher_trailingdata(priv->buf, &priv->buf_size, blksz, &in, &inlen)){ + return KAE_P_FAIL; + } + } + + *outl = outlint; + return KAE_P_SUCCESS; } static int kae_cipher_block_update( @@ -325,7 +348,7 @@ static int kae_cipher_block_update( } if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + US_ERR("invalid: outsize is less than inlen."); return KAE_P_FAIL; } @@ -339,16 +362,19 @@ static int kae_cipher_stream_update( int len = 0; int ret; - if (!vctx || !outl || !input || !output) + if (!vctx || !outl || !input || !output) { + US_ERR("invaild: cipher ctx or outlen or input or output is NULL."); return KAE_P_FAIL; + } if (inl == 0) { *outl = 0; + US_ERR("invalid: inlen is zero."); return KAE_P_SUCCESS; } if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + US_ERR("invalid: outsize is less than inlen."); return KAE_P_FAIL; } @@ -358,6 +384,7 @@ static int kae_cipher_stream_update( goto do_soft; } if (ret != KAE_P_SUCCESS) { + US_ERR("cipher update failed."); return ret; } @@ -365,6 +392,7 @@ static int kae_cipher_stream_update( return KAE_P_SUCCESS; do_soft: + US_WARN("sec cipher update failed, switch to soft."); /* have isseu if both using hw and soft partly */ ret = prov_cipher_soft_update(priv, output, &len, input, inl); if (ret) { @@ -372,8 +400,7 @@ do_soft: return KAE_P_SUCCESS; } - fprintf(stderr, "do soft ciphers failed.\n"); - + US_ERR("cipher update failed."); return KAE_P_FAIL; } @@ -391,16 +418,22 @@ static int prov_cipher_soft_final(cipher_priv_ctx *priv, unsigned char *out, siz { int sw_final_len = 0; - if (!priv->sw_cipher) + if (!priv->sw_update) { + US_ERR("invalid: soft cipher is NULL."); return KAE_P_FAIL; + } + + // if (!EVP_CipherInit_ex2(priv->sw_ctx, priv->sw_cipher, priv->key, priv->iv, priv->encrypt, NULL)) { + // US_ERR("soft cipher init failed."); + // return KAE_P_FAIL; + // } if (!EVP_CipherFinal_ex(priv->sw_ctx, out, &sw_final_len)) { - fprintf(stderr, "cipher soft final failed.\n"); + US_WARN("soft cipher final failed."); return KAE_P_FAIL; } *outl = sw_final_len; - // priv->switch_flag = 0; return KAE_P_SUCCESS; } @@ -416,18 +449,19 @@ static int kae_cipher_block_encrypto(cipher_priv_ctx *priv, unsigned char *out, *outl = 0; return KAE_P_SUCCESS; } else if (priv->buf_size != blksz) { - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); + US_ERR("invalid: buf size is not equal to block size."); return KAE_P_FAIL; } if (outsize < blksz) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + US_ERR("invalid: outsize is less than "); return KAE_P_FAIL; } ret = sec_ciphers_do_cipher(priv, out, outsize, priv->buf, blksz); if (ret != KAE_P_SUCCESS) { - fprintf(stderr, "do hw ciphers failed, switch to soft ciphers.\n"); + // kae_memcpy(priv->sw_ctx->buf, priv->buf, priv->blk_size); + US_WARN("sec cipher failed, switch to soft."); return prov_cipher_soft_final(priv, out, outl); } @@ -442,7 +476,6 @@ static int ossl_cipher_unpadblock(unsigned char *buf, size_t *buflen, size_t blo size_t pad, i; if (len != blocksize) { - // ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); return KAE_P_FAIL; } @@ -452,12 +485,10 @@ static int ossl_cipher_unpadblock(unsigned char *buf, size_t *buflen, size_t blo */ pad = buf[blocksize - 1]; if (pad == 0 || pad > blocksize) { - // ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT); return KAE_P_FAIL; } for (i = 0; i < pad; i++) { if (buf[--len] != pad) { - // ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT); return KAE_P_FAIL; } } @@ -476,13 +507,13 @@ static int kae_cipher_block_decrypto(cipher_priv_ctx *priv, unsigned char *out, *outl = 0; return KAE_P_SUCCESS; } - ERR_raise(ERR_LIB_PROV, PROV_R_WRONG_FINAL_BLOCK_LENGTH); + US_ERR("kae cipher block decrypto failed."); return KAE_P_FAIL; } ret = sec_ciphers_do_cipher(priv, priv->buf, outsize, priv->buf, priv->blk_size); if (ret != KAE_P_SUCCESS) { - fprintf(stderr, "do hw ciphers failed, switch to soft ciphers.\n"); + US_WARN("sec cipher failed, switch to soft."); return prov_cipher_soft_final(priv, out, outl); } @@ -492,7 +523,7 @@ static int kae_cipher_block_decrypto(cipher_priv_ctx *priv, unsigned char *out, } if (outsize < priv->buf_size) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + US_ERR("invalid: out size is less than buf size."); return KAE_P_FAIL; } @@ -508,11 +539,10 @@ static int kae_cipher_block_final(void *vctx, unsigned char *out, size_t *outl, cipher_priv_ctx *priv = (cipher_priv_ctx *)vctx; int ret; - if (!vctx || !out || !outl) + if (!vctx || !out || !outl) { + US_ERR("cipher ctx or out or out len is NULL."); return KAE_P_FAIL; - - // if (priv->switch_flag == KAE_DO_SOFT) - // return kae_prov_cipher_soft_final(priv, out, outl); + } if (priv->encrypt) ret = kae_cipher_block_encrypto(priv, out, outl, outsize); @@ -524,13 +554,10 @@ static int kae_cipher_block_final(void *vctx, unsigned char *out, size_t *outl, static int kae_cipher_stream_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { - // cipher_priv_ctx *priv = (cipher_priv_ctx *)vctx; - - if (!vctx || !out || !outl) + if (!vctx || !out || !outl) { + US_ERR("invalid: cipher ctx or out or out len is NULL."); return KAE_P_FAIL; - - // if (priv->switch_flag == KAE_DO_SOFT) - // return prov_cipher_soft_final(priv, out, outl); + } *outl = 0; @@ -543,8 +570,10 @@ static int kae_cipher_cipher( cipher_priv_ctx *priv = (cipher_priv_ctx *)vctx; int ret; - if (!vctx || !output || !input || !outl) + if (!vctx || !output || !input || !outl) { + US_ERR("cipher ctx or output or input or out len is NULL."); return KAE_P_FAIL; + } if (inl == 0) { *outl = 0; @@ -552,13 +581,15 @@ static int kae_cipher_cipher( } if (outsize < inl) { - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + US_ERR("invalid: out size is less than in len."); return KAE_P_FAIL; } ret = prov_do_cipher(priv, output, outl, outsize, input, inl); - if (ret != KAE_P_SUCCESS) + if (ret != KAE_P_SUCCESS) { + US_ERR("kae cipher failed."); return ret; + } *outl = inl; @@ -709,7 +740,7 @@ static int kae_cipher_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return KAE_P_FAIL; } priv->pad = pad ? 1 : 0; - EVP_CIPHER_CTX_set_padding(priv->sw_ctx, pad); + // EVP_CIPHER_CTX_set_padding(priv->sw_ctx, pad); } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); diff --git a/KAEOpensslProvider/src/provider/prov_nosva/prov_dh.c b/KAEOpensslProvider/src/provider/prov_nosva/prov_dh.c index 1be740f528687413d74f0cc10e5bbc66c84b1bb8..672f6847b3f6f18c097f1cba15d5cc1a5de1ed59 100644 --- a/KAEOpensslProvider/src/provider/prov_nosva/prov_dh.c +++ b/KAEOpensslProvider/src/provider/prov_nosva/prov_dh.c @@ -30,80 +30,100 @@ KAE_PKEY_KEYEXCH_DESCR(dh, DH); static void *kae_keymgmt_dh_new(void *provctx) { - if (get_default_dh_keymgmt().new_fun == NULL) + if (get_default_dh_keymgmt().new_fun == NULL) { + US_WARN("failed to get dh keymgmt new function."); return NULL; + } return get_default_dh_keymgmt().new_fun(provctx); } static void kae_keymgmt_dh_free(void *keydata) { - if (get_default_dh_keymgmt().free == NULL) + if (get_default_dh_keymgmt().free == NULL) { + US_WARN("failed to get dh keymgmt free function."); return; + } get_default_dh_keymgmt().free(keydata); } static ossl_inline int kae_keymgmt_dh_get_params(void *key, OSSL_PARAM params[]) { - if (get_default_dh_keymgmt().get_params == NULL) + if (get_default_dh_keymgmt().get_params == NULL) { + US_WARN("failed to get dh keymgmt get params function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().get_params(key, params); } static const OSSL_PARAM *kae_keymgmt_dh_gettable_params(void *provctx) { - if (get_default_dh_keymgmt().gettable_params == NULL) + if (get_default_dh_keymgmt().gettable_params == NULL) { + US_WARN("failed to get dh keymgmt gettable params function."); return NULL; + } return get_default_dh_keymgmt().gettable_params(provctx); } static int kae_keymgmt_dh_set_params(void *key, const OSSL_PARAM params[]) { - if (get_default_dh_keymgmt().set_params == NULL) + if (get_default_dh_keymgmt().set_params == NULL) { + US_WARN("failed to get dh keymgmt set params function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().set_params(key, params); } static const OSSL_PARAM *kae_keymgmt_dh_settable_params(void *provctx) { - if (get_default_dh_keymgmt().settable_params == NULL) + if (get_default_dh_keymgmt().settable_params == NULL) { + US_WARN("failed to get dh keymgmt settable params function."); return NULL; + } return get_default_dh_keymgmt().settable_params(provctx); } static void *kae_keymgmt_dh_gen_init(void *provctx, int selection, const OSSL_PARAM params[]) { - if (get_default_dh_keymgmt().gen_init == NULL) + if (get_default_dh_keymgmt().gen_init == NULL) { + US_WARN("failed to get dh keymgmt gen init function."); return NULL; + } return get_default_dh_keymgmt().gen_init(provctx, selection, params); } static int kae_keymgmt_dh_gen_set_template(void *genctx, void *templ) { - if (get_default_dh_keymgmt().gen_set_template == NULL) + if (get_default_dh_keymgmt().gen_set_template == NULL) { + US_WARN("failed to get dh keymgmt get set template function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().gen_set_template(genctx, templ); } static int kae_keymgmt_dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) { - if (get_default_dh_keymgmt().gen_set_params == NULL) + if (get_default_dh_keymgmt().gen_set_params == NULL) { + US_WARN("failed to get dh keymgmt gen set params function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().gen_set_params(genctx, params); } static const OSSL_PARAM *kae_keymgmt_dh_gen_settable_params(ossl_unused void *genctx, ossl_unused void *provctx) { - if (get_default_dh_keymgmt().gen_settable_params == NULL) + if (get_default_dh_keymgmt().gen_settable_params == NULL) { + US_WARN("failed to get dh keymgmt gen settable params function."); return NULL; + } return get_default_dh_keymgmt().gen_settable_params(genctx, provctx); } @@ -137,6 +157,7 @@ static int ossl_dh_get_named_group_uid_from_size(int pbits) * */ default: + US_ERR("kae unsupport dh size."); return NID_undef; } @@ -148,14 +169,14 @@ static DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx) DH *dh = OPENSSL_zalloc(sizeof(*dh)); if (dh == NULL) { - fprintf(stderr, "failed to alloc dh\n"); + US_ERR("failed to alloc dh."); return NULL; } dh->references = 1; dh->lock = CRYPTO_THREAD_lock_new(); if (dh->lock == NULL) { - fprintf(stderr, "failed to new dh thread lock\n"); + US_ERR("failed to new dh thread lock."); OPENSSL_free(dh); return NULL; } @@ -212,7 +233,7 @@ static int prov_dh_gen_params_cb(PROV_DH_KEYMGMT_CTX *gctx, DH *dh, OSSL_CALLBAC BN_GENCB *gencb; if (cb == NULL || cb_params == NULL) { - fprintf(stderr, "invalid: cb function or param is NULL\n"); + US_ERR("invalid: cb function or param is NULL."); return KAE_P_FAIL; } @@ -234,7 +255,7 @@ static int prov_dh_gen_params_cb(PROV_DH_KEYMGMT_CTX *gctx, DH *dh, OSSL_CALLBAC else ret = ossl_dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits, gctx->qbits, gencb); if (ret <= 0) { - fprintf(stderr, "failed to generate ffc parameters\n"); + US_ERR("failed to generate ffc parameters."); ret = KAE_P_FAIL; } } @@ -252,24 +273,24 @@ static DH *prov_dh_gen_params_ex(PROV_DH_KEYMGMT_CTX *gctx, FFC_PARAMS **ffc) /* Use existing params */ dh = ossl_dh_new_ex(gctx->libctx); if (dh == NULL) { - fprintf(stderr, "failed to new dh by nid\n"); + US_ERR("failed to new dh by nid."); return NULL; } *ffc = ossl_dh_get0_params(dh); if (*ffc == NULL) { - fprintf(stderr, "failed to get ffc params\n"); + US_ERR("failed to get ffc params."); goto free_dh; } /* Copy the template value if one was passed */ if (gctx->ffc_params != NULL && ossl_ffc_params_copy(*ffc, gctx->ffc_params) == 0) { - fprintf(stderr, "failed to copy params\n"); + US_ERR("failed to copy params."); goto free_dh; } if (ossl_ffc_params_set_seed(*ffc, gctx->seed, gctx->seedlen) == 0) { - fprintf(stderr, "failed to set seed\n"); + US_ERR("failed to set seed."); goto free_dh; } @@ -283,7 +304,7 @@ static DH *prov_dh_gen_params_ex(PROV_DH_KEYMGMT_CTX *gctx, FFC_PARAMS **ffc) if (gctx->mdname) { if (ossl_ffc_set_digest(*ffc, gctx->mdname, gctx->mdprops) == 0) { - fprintf(stderr, "failed to set digest\n"); + US_ERR("failed to set digest."); goto free_dh; } } @@ -305,20 +326,20 @@ static DH *prov_dh_gen_params_with_group(PROV_DH_KEYMGMT_CTX *gctx, FFC_PARAMS * if (gctx->group_nid == NID_undef) { gctx->group_nid = ossl_dh_get_named_group_uid_from_size(gctx->pbits); if (gctx->group_nid == NID_undef) { - fprintf(stderr, "failed to get named group uid from size\n"); + US_ERR("failed to get named group uid from size."); return NULL; } } group = ossl_ffc_uid_to_dh_named_group(gctx->group_nid); if (!group) { - fprintf(stderr, "failed to get dh named group\n"); + US_ERR("failed to get dh named group."); return NULL; } dh = ossl_dh_new_ex(gctx->libctx); if (dh == NULL) { - fprintf(stderr, "failed to get dh from libctx\n"); + US_ERR("failed to get dh from libctx."); return NULL; } @@ -329,7 +350,7 @@ static DH *prov_dh_gen_params_with_group(PROV_DH_KEYMGMT_CTX *gctx, FFC_PARAMS * *ffc = ossl_dh_get0_params(dh); if (*ffc == NULL) { - fprintf(stderr, "failed to gen ffc params\n"); + US_ERR("failed to gen ffc params."); ossl_dh_free_ex(dh); return NULL; } @@ -364,10 +385,11 @@ static DH *prov_dh_gen_params(PROV_DH_KEYMGMT_CTX *gctx, FFC_PARAMS **ffc, OSSL_ static void *kae_dh_sw_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_params) { - if (!get_default_dh_keymgmt().gen) + if (!get_default_dh_keymgmt().gen) { + US_WARN("failed to get dh keymgmt gen function."); return NULL; + } - fprintf(stderr, "switch to openssl software calculation in dh generation.\n"); return get_default_dh_keymgmt().gen(genctx, cb, cb_params); } @@ -394,7 +416,7 @@ static void *kae_keymgmt_dh_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_params int ret = KAE_P_FAIL; if (gctx == NULL) { - fprintf(stderr, "invalid: keygen ctx is NULL\n"); + US_ERR("invalid: keygen ctx is NULL."); return NULL; } @@ -414,7 +436,7 @@ static void *kae_keymgmt_dh_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_params /* DH key generation */ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { if (ffc->p == NULL || ffc->g == NULL) { - fprintf(stderr, "invalid: ffc->p or ffc->g is NULL\n"); + US_ERR("invalid: ffc->p or ffc->g is NULL."); goto free_gen_params; } @@ -426,7 +448,7 @@ static void *kae_keymgmt_dh_gen(void *genctx, OSSL_CALLBACK *cb, void *cb_params ret = hpre_dh_generate_key(dh); if (ret != KAE_P_SUCCESS) { - fprintf(stderr, "failed to do dh generation key\n"); + US_ERR("failed to do dh generation key."); goto free_gen_params; } } @@ -446,88 +468,110 @@ free_gen_params: static void kae_keymgmt_dh_gen_cleanup(void *genctx) { - if (get_default_dh_keymgmt().gen_cleanup == NULL) + if (get_default_dh_keymgmt().gen_cleanup == NULL) { + US_WARN("failed to get dh keymgmt gen cleanup function."); return; + } get_default_dh_keymgmt().gen_cleanup(genctx); } static void *kae_keymgmt_dh_load(const void *reference, size_t reference_sz) { - if (get_default_dh_keymgmt().load == NULL) + if (get_default_dh_keymgmt().load == NULL) { + US_WARN("failed to get dh keymgmt load function."); return NULL; + } return get_default_dh_keymgmt().load(reference, reference_sz); } static int kae_keymgmt_dh_has(const void *keydata, int selection) { - if (get_default_dh_keymgmt().has == NULL) + if (get_default_dh_keymgmt().has == NULL) { + US_WARN("failed to get dh keymgmt has function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().has(keydata, selection); } static int kae_keymgmt_dh_validate(const void *keydata, int selection, int checktype) { - if (get_default_dh_keymgmt().validate == NULL) + if (get_default_dh_keymgmt().validate == NULL) { + US_WARN("failed to get dh keymgmt validate function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().validate(keydata, selection, checktype); } static int kae_keymgmt_dh_match(const void *keydata1, const void *keydata2, int selection) { - if (get_default_dh_keymgmt().match == NULL) + if (get_default_dh_keymgmt().match == NULL) { + US_WARN("failed to get dh keymgmt match function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().match(keydata1, keydata2, selection); } static int kae_keymgmt_dh_import(void *keydata, int selection, const OSSL_PARAM params[]) { - if (get_default_dh_keymgmt().import == NULL) + if (get_default_dh_keymgmt().import == NULL) { + US_WARN("failed to get dh keymgmt import function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().import(keydata, selection, params); } static const OSSL_PARAM *kae_keymgmt_dh_import_types(int selection) { - if (get_default_dh_keymgmt().import_types == NULL) + if (get_default_dh_keymgmt().import_types == NULL) { + US_WARN("failed to get dh keymgmt import types function."); return NULL; + } return get_default_dh_keymgmt().import_types(selection); } static int kae_keymgmt_dh_export(void *keydata, int selection, OSSL_CALLBACK *cb, void *cb_params) { - if (get_default_dh_keymgmt().export_fun == NULL) + if (get_default_dh_keymgmt().export_fun == NULL) { + US_WARN("failed to get dh keymgmt export function."); return KAE_P_FAIL; + } return get_default_dh_keymgmt().export_fun(keydata, selection, cb, cb_params); } static const OSSL_PARAM *kae_keymgmt_dh_export_types(int selection) { - if (get_default_dh_keymgmt().export_types == NULL) + if (get_default_dh_keymgmt().export_types == NULL) { + US_WARN("failed to get dh keymgmt export types function."); return NULL; + } return get_default_dh_keymgmt().export_types(selection); } static void *kae_keymgmt_dh_dup(const void *keydata_from, int selection) { - if (get_default_dh_keymgmt().dup == NULL) + if (get_default_dh_keymgmt().dup == NULL) { + US_WARN("failed to get dh keymgmt dup function."); return NULL; + } return get_default_dh_keymgmt().dup(keydata_from, selection); } static const char *kae_keymgmt_dh_query_operation_name(int operation_id) { - if (get_default_dh_keymgmt().query_operation_name == NULL) + if (get_default_dh_keymgmt().query_operation_name == NULL) { + US_WARN("failed to get dh keymgmt query op name function."); return NULL; + } return get_default_dh_keymgmt().query_operation_name(operation_id); } @@ -538,7 +582,7 @@ static void *kae_keyexch_dh_newctx(void *provctx) pdhctx = OPENSSL_zalloc(sizeof(PROV_DH_KEYEXCH_CTX)); if (pdhctx == NULL) { - fprintf(stderr, "failed to alloc pdhctx\n"); + US_ERR("failed to alloc pdhctx."); return NULL; } @@ -663,7 +707,7 @@ static int kae_keyexch_dh_set_ctx_params(void *dhctx, const OSSL_PARAM params[]) int ret = KAE_P_FAIL; if (pdhctx == NULL) { - fprintf(stderr, "invalid: dh ctx is NULL\n"); + US_ERR("invalid: dh ctx is NULL."); return ret; } @@ -674,31 +718,31 @@ static int kae_keyexch_dh_set_ctx_params(void *dhctx, const OSSL_PARAM params[]) // pthread_mutex_lock(&dh_mutex); ret = prov_dh_locate_kdf_type(pdhctx, params); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to locate kdf type\n"); + US_ERR("failed to locate kdf type."); goto end; } ret = prov_dh_locate_kdf_digest(pdhctx, params); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to locate kdf digest\n"); + US_ERR("failed to locate kdf digest."); goto end; } ret = prov_dh_locate_kdf_outlen(pdhctx, params); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to locate kdf outlen\n"); + US_ERR("failed to locate kdf outlen."); goto end; } ret = prov_dh_locate_kdf_ukm(pdhctx, params); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to locate kdf ukm\n"); + US_ERR("failed to locate kdf ukm."); goto end; } ret = prov_dh_locate_kdf_pad(pdhctx, params); if (ret == KAE_P_FAIL) - fprintf(stderr, "failed to locate kdf pad\n"); + US_ERR("failed to locate kdf pad."); end: // pthread_mutex_unlock(&dh_mutex); @@ -710,12 +754,12 @@ static int kae_keyexch_dh_init(void *dhctx, void *dh, const OSSL_PARAM params[]) PROV_DH_KEYEXCH_CTX *pdhctx = (PROV_DH_KEYEXCH_CTX *)dhctx; if (pdhctx == NULL) { - fprintf(stderr, "invalid: dhctx is NULL\n"); + US_ERR("invalid: dhctx is NULL."); return KAE_P_FAIL; } if (dh == NULL || !DH_up_ref(dh)) { - fprintf(stderr, "invalid: dh is NULL\n"); + US_ERR("invalid: dh is NULL."); return KAE_P_FAIL; } @@ -734,10 +778,11 @@ static int kae_keyexch_dh_init(void *dhctx, void *dh, const OSSL_PARAM params[]) static int kae_dh_sw_derive(void *dhctx, unsigned char *secret, size_t *psecretlen, size_t outlen) { - if (!get_default_dh_keyexch().derive) + if (!get_default_dh_keyexch().derive) { + US_WARN("failed to get dh keyexch derive function."); return KAE_P_FAIL; + } - fprintf(stderr, "switch to openssl software calculation in dh derivation.\n"); return get_default_dh_keyexch().derive(dhctx, secret, psecretlen, outlen); } @@ -760,7 +805,7 @@ static int dh_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH * } if (pad < 0) { - fprintf(stderr, "invalid: recv key size(%d) > dhsize(%zu)", rv, dhsize); + US_ERR("invalid: recv key size > dhsize."); return KAE_P_FAIL; } @@ -776,13 +821,13 @@ static int prov_dh_plain_derive( /* pdhctx has been checked when the function is called */ if (pdhctx->dh == NULL) { - fprintf(stderr, "invalid: dh is NULL\n"); + US_ERR("invalid: dh is NULL."); return KAE_P_FAIL; } dhsize = (size_t)DH_size(pdhctx->dh); if (dhsize == 0) { - fprintf(stderr, "invalid: dhszie is zero\n"); + US_ERR("invalid: dhszie is zero."); return KAE_P_FAIL; } @@ -792,12 +837,12 @@ static int prov_dh_plain_derive( } if (outlen < dhsize) { - fprintf(stderr, "invalid: outlen(%zu) < dhsize(%zu)\n", outlen, dhsize); + US_ERR("invalid: outlen < dhsize."); return KAE_P_FAIL; } if (pdhctx->dhpeer == NULL) { - fprintf(stderr, "invalid: dhpeer is NULL\n"); + US_ERR("invalid: dhpeer is NULL."); return KAE_P_FAIL; } @@ -808,7 +853,7 @@ static int prov_dh_plain_derive( else ret = hpre_dh_compute_key(secret, pubkey, pdhctx->dh); if (ret <= 0) { - fprintf(stderr, "failed to do dh compute, pad(%u)\n", pad); + US_ERR("failed to do dh compute, pad."); return ret; } @@ -872,7 +917,7 @@ static int prov_dh_X9_42_kdf_derive( } if (outlen < pdhctx->kdf_outlen) { - fprintf(stderr, "invalid: outlen(%zu) < kdf_outlen(%zu)\n", outlen, pdhctx->kdf_outlen); + US_ERR("invalid: outlen < kdf_outlen."); return KAE_P_FAIL; } @@ -881,7 +926,7 @@ static int prov_dh_X9_42_kdf_derive( stmp = OPENSSL_secure_malloc(stmplen); if (stmp == NULL) { - fprintf(stderr, "failed to do OPENSSL_secure_malloc\n"); + US_ERR("failed to do OPENSSL_secure_malloc."); return KAE_P_FAIL; } @@ -893,7 +938,7 @@ static int prov_dh_X9_42_kdf_derive( if (pdhctx->kdf_type == PROV_DH_KDF_X9_42_ASN1) { if (ossl_dh_kdf_X9_42_asn1(secret, pdhctx, stmp, stmplen, NULL) == KAE_P_FAIL) { ret = KAE_P_FAIL; - fprintf(stderr, "failed to do ossl_dh_kdf_X9_42_asn1\n"); + US_ERR("failed to do ossl_dh_kdf_X9_42_asn1."); goto end; } } @@ -913,7 +958,7 @@ static int kae_keyexch_dh_derive(void *dhctx, unsigned char *secret, size_t *pse int ret = KAE_P_FAIL; if (pdhctx == NULL) { - fprintf(stderr, "invalid: pdhctx is NULL\n"); + US_ERR("invalid: pdhctx is NULL."); return KAE_P_FAIL; } @@ -925,7 +970,7 @@ static int kae_keyexch_dh_derive(void *dhctx, unsigned char *secret, size_t *pse ret = prov_dh_X9_42_kdf_derive(pdhctx, secret, psecretlen, outlen); break; default: - fprintf(stderr, "invalid: unsupport kdf type\n"); + US_ERR("invalid: unsupport kdf type."); ret = KAE_P_FAIL; break; } @@ -945,13 +990,13 @@ static int kae_keyexch_dh_match_params(DH *priv, DH *peer) int ret; if (dhparams_priv == NULL || dhparams_peer == NULL) { - fprintf(stderr, "failed to get dh params\n"); + US_ERR("failed to get dh params."); return KAE_P_FAIL; } ret = ossl_ffc_params_cmp(dhparams_priv, dhparams_peer, IGNORE_Q); if (ret == KAE_P_FAIL) - fprintf(stderr, "invalid: domain parameters of both parties do not match\n"); + US_ERR("invalid: domain parameters of both parties do not match."); return ret; } @@ -961,12 +1006,12 @@ static int kae_keyexch_dh_set_peer(void *dhctx, void *dh) PROV_DH_KEYEXCH_CTX *pdhctx = (PROV_DH_KEYEXCH_CTX *)dhctx; if (pdhctx == NULL || dh == NULL) { - fprintf(stderr, "invalid: dh ctx or object is NULL\n"); + US_ERR("invalid: dh ctx or object is NULL."); return KAE_P_FAIL; } if (kae_keyexch_dh_match_params(dh, pdhctx->dh) == KAE_P_FAIL || DH_up_ref(dh) == KAE_P_FAIL) { - fprintf(stderr, "failed to match dh params\n"); + US_ERR("failed to match dh params."); return KAE_P_FAIL; } @@ -1025,13 +1070,13 @@ static void *kae_keyexch_dh_dupctx(void *dhctx) PROV_DH_KEYEXCH_CTX *dstctx; if (srcctx == NULL) { - fprintf(stderr, "invalid: src ctx is NULL\n"); + US_ERR("invalid: src ctx is NULL."); return NULL; } dstctx = OPENSSL_zalloc(sizeof(*dstctx)); if (dstctx == NULL) { - fprintf(stderr, "failed to alloc dst ctx\n"); + US_ERR("failed to alloc dst ctx."); return NULL; } @@ -1099,7 +1144,7 @@ static int kae_keyexch_dh_get_ctx_params(void *dhctx, OSSL_PARAM params[]) OSSL_PARAM *p; if (pdhctx == NULL) { - fprintf(stderr, "invalid: dh ctx is NULL\n"); + US_ERR("invalid: dh ctx is NULL."); return KAE_P_FAIL; } @@ -1113,37 +1158,37 @@ static int kae_keyexch_dh_get_ctx_params(void *dhctx, OSSL_PARAM params[]) kdf_type = OSSL_KDF_NAME_X942KDF_ASN1; break; default: - fprintf(stderr, "invalid kdf_type\n"); + US_ERR("invalid kdf_type."); return KAE_P_FAIL; } if (!OSSL_PARAM_set_utf8_string(p, kdf_type)) { - fprintf(stderr, "failed to set utf8 string for kdf_type\n"); + US_ERR("failed to set utf8 string for kdf_type."); return KAE_P_FAIL; } } p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST); if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_md == NULL ? "" : EVP_MD_get0_name(pdhctx->kdf_md))) { - fprintf(stderr, "failed to set kdf_md\n"); + US_ERR("failed to set kdf_md."); return KAE_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_OUTLEN); if (p != NULL && !OSSL_PARAM_set_size_t(p, pdhctx->kdf_outlen)) { - fprintf(stderr, "failed to set kdf_outlen\n"); + US_ERR("failed to set kdf_outlen."); return KAE_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM); if (p != NULL && !OSSL_PARAM_set_octet_ptr(p, pdhctx->kdf_ukm, pdhctx->kdf_ukmlen)) { - fprintf(stderr, "failed to set kdf_ukm\n"); + US_ERR("failed to set kdf_ukm."); return KAE_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_CEK_ALG); if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_cekalg == NULL ? "" : pdhctx->kdf_cekalg)) { - fprintf(stderr, "failed to set kdf_cekalg\n"); + US_ERR("failed to set kdf_cekalg."); return KAE_P_FAIL; } diff --git a/KAEOpensslProvider/src/provider/prov_nosva/prov_digest.c b/KAEOpensslProvider/src/provider/prov_nosva/prov_digest.c index acdaea6ea44bb4cb8643b332aacaad0a0c217aec..e4e6f8d66d7896e6c016b78b550e15527c111438 100644 --- a/KAEOpensslProvider/src/provider/prov_nosva/prov_digest.c +++ b/KAEOpensslProvider/src/provider/prov_nosva/prov_digest.c @@ -41,11 +41,12 @@ static int sec_digests_soft_md(sec_digest_priv *priv) priv->soft_md = EVP_MD_fetch(NULL, "MD5", "provider=default"); break; default: + US_ERR("invalid: kae unsupport digest nid."); break; } if (unlikely(priv->soft_md == NULL)) - return 0; + return OPENSSL_FAIL; app_datasize = EVP_MD_meth_get_app_datasize(priv->soft_md); if (app_datasize == 0) { @@ -67,39 +68,40 @@ static int sec_digests_soft_md(sec_digest_priv *priv) if (priv->soft_ctx == NULL) { EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - if (ctx == NULL) - return 0; + if (ctx == NULL) { + US_WARN("failed to alloc md ctx."); + return OPENSSL_FAIL; + } ctx->md_data = OPENSSL_malloc(app_datasize); - if (ctx->md_data == NULL) - return 0; + if (ctx->md_data == NULL) { + US_ERR("failed to alloc md data."); + return OPENSSL_FAIL; + } priv->soft_ctx = ctx; priv->app_datasize = app_datasize; } - return 1; + return OPENSSL_SUCCESS; } int sec_digests_soft_init(sec_digest_priv *priv) { - if (sec_digests_soft_md(priv) == 0) - return 0; + if (sec_digests_soft_md(priv) == 0) { + US_ERR("failed to init soft digest."); + return OPENSSL_FAIL; + } - // return EVP_MD_meth_get_init(priv->soft_md)(priv->soft_ctx); return EVP_DigestInit_ex(priv->soft_ctx, priv->soft_md, NULL); } int sec_digests_soft_update(sec_digest_priv *priv, const void *data, size_t len) { - // return EVP_MD_meth_get_update(priv->soft_md)(priv->soft_ctx, data, len); - return EVP_DigestUpdate(priv->soft_ctx, data, len); } int sec_digests_soft_final(sec_digest_priv *priv, unsigned char *digest) { - // return EVP_MD_meth_get_final(priv->soft_md)(priv->soft_ctx, digest); - unsigned int digest_length; return EVP_DigestFinal_ex(priv->soft_ctx, digest, &digest_length); @@ -155,6 +157,7 @@ int sec_digests_soft_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) to_ctx->soft_ctx = NULL; ret = sec_digests_soft_init(to_ctx); if (ret != OPENSSL_SUCCESS) { + US_ERR("soft digest init failed."); return OPENSSL_FAIL; } @@ -169,15 +172,17 @@ static int kae_digest_init(void *dctx, const OSSL_PARAM params[]) sec_digest_priv *priv = (sec_digest_priv *)dctx; if (!priv) { - fprintf(stderr, "CTX is NULL.\n"); + US_ERR("invalid: digest ctx is NULL."); return KAE_P_FAIL; } if (!sec_digests_soft_md(priv)) { + US_ERR("soft digest md init failed."); return KAE_P_FAIL; } if (!sec_digests_init(priv)) { + US_ERR("soft digest init failed."); return KAE_P_FAIL; } priv->switch_flag = 0; @@ -190,7 +195,7 @@ static int kae_digest_update(void *dctx, const unsigned char *in, size_t inl) sec_digest_priv *priv = (sec_digest_priv *)dctx; int ret; if (!dctx || !in) { - fprintf(stderr, "CTX or input data is NULL.\n"); + US_ERR("invalid: digest ctx or input data is NULL."); return KAE_P_FAIL; } @@ -202,6 +207,7 @@ static int kae_digest_update(void *dctx, const unsigned char *in, size_t inl) return ret; soft: + US_WARN("sec digest update failed, switch to soft."); if (sec_digests_soft_init(priv) != OPENSSL_SUCCESS) { US_ERR("do sec digest soft init failed"); return OPENSSL_FAIL; @@ -216,7 +222,7 @@ static int kae_digest_final(void *dctx, unsigned char *out, size_t *outl, size_t int ret; if (!dctx || !out) { - fprintf(stderr, "CTX or output data is NULL.\n"); + US_ERR("invalid: digest ctx or out is NULL."); return KAE_P_FAIL; } @@ -238,6 +244,7 @@ static int kae_digest_final(void *dctx, unsigned char *out, size_t *outl, size_t return KAE_P_SUCCESS; soft_final: + US_WARN("sec digest final failed, switch to soft."); ret = sec_digests_soft_final(priv, out); sec_digests_soft_cleanup(priv); @@ -250,6 +257,7 @@ soft_final: return ret; soft: + US_WARN("sec digest final failed, switch to soft."); if (priv->state == SEC_DIGEST_INIT) { ret = sec_digests_soft_work(priv, priv->last_update_bufflen, out); if (!ret) @@ -271,28 +279,28 @@ static int kae_digest_digest( int ret; if (!dctx || !in || !out) { - fprintf(stderr, "CTX or input or output data is NULL.\n"); + US_ERR("invalid: digest ctx or in or out is NULL."); return KAE_P_FAIL; } - // if (inl > BUF_LEN) { - // fprintf(stderr, "data len(%zu) can not be processed in single digest.\n", - // inl); - // return KAE_DIGEST_FAIL; - // } - if (outsz > 0) { ret = kae_digest_init(priv, NULL); - if (!ret) + if (!ret) { + US_ERR("kae digest init failed."); return ret; + } ret = kae_digest_update(priv, in, inl); - if (!ret) + if (!ret) { + US_ERR("kae digest update failed."); return ret; + } ret = kae_digest_final(priv, out, outl, outsz); - if (!ret) + if (!ret) { + US_WARN("kae digest final failed."); return ret; + } } return KAE_P_SUCCESS; @@ -310,11 +318,13 @@ static void *kae_digest_dupctx(void *dctx) dst_ctx->switch_flag = priv->switch_flag; if (!sec_digests_soft_md(dst_ctx)) { + US_ERR("sec soft digest md init failed."); return KAE_P_FAIL; } ret = sec_digests_copy(dst_ctx, priv); if (!ret) { + US_ERR("sec digest copy failed."); return NULL; } return dst_ctx; @@ -325,7 +335,7 @@ static void kae_digest_freectx(void *dctx) sec_digest_priv *priv = (sec_digest_priv *)dctx; if (!dctx) { - fprintf(stderr, "the CTX to be free is NULL.\n"); + US_WARN("invalid: digest ctx is NULL."); return; } diff --git a/KAEOpensslProvider/src/provider/prov_nosva/prov_digest.h b/KAEOpensslProvider/src/provider/prov_nosva/prov_digest.h index 1eeff1906e1fd2af7c04084683c8fa7f3686e590..10278e95dc0cd0d077b27e7fc385a2a1b44dbc6d 100644 --- a/KAEOpensslProvider/src/provider/prov_nosva/prov_digest.h +++ b/KAEOpensslProvider/src/provider/prov_nosva/prov_digest.h @@ -40,7 +40,7 @@ typedef struct SM3state_st { // static OSSL_FUNC_digest_freectx_fn kae_digest_freectx; // static OSSL_FUNC_digest_dupctx_fn kae_digest_dupctx; // static OSSL_FUNC_digest_get_params_fn kae_digest_get_params; -// static OSSL_FUNC_digest_set_ctx_params_fn lkae_digest_set_ctx_params; +// static OSSL_FUNC_digest_set_ctx_params_fn kae_digest_set_ctx_params; // static OSSL_FUNC_digest_get_ctx_params_fn kae_digest_get_ctx_params; // static OSSL_FUNC_digest_gettable_params_fn kae_gettable_params; // static OSSL_FUNC_digest_settable_ctx_params_fn kae_settable_ctx_params; diff --git a/KAEOpensslProvider/src/provider/prov_nosva/prov_pkey.h b/KAEOpensslProvider/src/provider/prov_nosva/prov_pkey.h index 6814f58076246e512b91c22d84030e26b785a263..afb150d55739000a74d8815809252a640997a8db 100644 --- a/KAEOpensslProvider/src/provider/prov_nosva/prov_pkey.h +++ b/KAEOpensslProvider/src/provider/prov_nosva/prov_pkey.h @@ -33,25 +33,6 @@ #include #include "prov.h" -#define KAE_ECC_MAX_KEY_BITS 521 -#define KAE_ECC_MAX_KEY_BYTES 66 -#define KAE_ECC_CV_PARAM_NUM 6 -#define KAE_P_INTI_SUCCESS 0 -#define PROV_SEND_MAX_CNT 90000000 -#define PROV_RECV_MAX_CNT 60000000 -#define PROV_ENV_RECV_MAX_CNT 60000 -#define PROV_KEYMGMT_ALG_NUM 7 -// #define ECC_POINT_SIZE(n) ((n) << 1) -#define KAE_OCTET_STRING 0x04 -#define ECC128BITS 128 -#define ECC192BITS 192 -#define ECC224BITS 224 -#define ECC256BITS 256 -#define ECC320BITS 320 -#define ECC384BITS 384 -#define ECC521BITS 521 -#define GET_RAND_MAX_CNT 100 - enum { KEYMGMT_SM2 = 0x0, KEYMGMT_MAX = 0x6 diff --git a/KAEOpensslProvider/src/provider/prov_nosva/prov_rsa.c b/KAEOpensslProvider/src/provider/prov_nosva/prov_rsa.c index ce284e2afeae130c66852e4194e543baf51ea2c9..661f3dab0dc6392955a1e18ed4ad0540b94d1f96 100644 --- a/KAEOpensslProvider/src/provider/prov_nosva/prov_rsa.c +++ b/KAEOpensslProvider/src/provider/prov_nosva/prov_rsa.c @@ -61,7 +61,7 @@ static int setup_tbuf(PROV_RSA_SIG_CTX *ctx) } if ((ctx->tbuf = OPENSSL_malloc(RSA_size(ctx->rsa))) == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + US_WARN("failed to alloc tbuf."); return OPENSSL_FAIL; } @@ -86,14 +86,14 @@ static RSA *ossl_rsa_new_with_ctx(OSSL_LIB_CTX *libctx) RSA *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); + US_WARN("failed to alloc rsa."); return NULL; } ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); + US_WARN("failed to new crypto thread lock."); OPENSSL_free(ret); return NULL; } @@ -115,32 +115,40 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb) static void *kae_keymgmt_rsa_new(void *provctx) { - if (!get_default_rsa_keymgmt().new_fun) + if (!get_default_rsa_keymgmt().new_fun) { + US_WARN("failed to get rsa keymgmt new function."); return NULL; + } return get_default_rsa_keymgmt().new_fun(provctx); } static void kae_keymgmt_rsa_free(void *keydata) { - if (!get_default_rsa_keymgmt().free) + if (!get_default_rsa_keymgmt().free) { + US_WARN("failed to get sm2 keymgmt free function."); return; + } get_default_rsa_keymgmt().free(keydata); } static int kae_keymgmt_rsa_get_params(void *key, OSSL_PARAM params[]) { - if (!get_default_rsa_keymgmt().get_params) + if (!get_default_rsa_keymgmt().get_params) { + US_WARN("failed to get rsa keymgmt get params function."); return KAE_P_FAIL; + } return get_default_rsa_keymgmt().get_params(key, params); } static const OSSL_PARAM *kae_keymgmt_rsa_gettable_params(void *provctx) { - if (!get_default_rsa_keymgmt().gettable_params) + if (!get_default_rsa_keymgmt().gettable_params) { + US_WARN("failed to get rsa keymgmt gettable params function."); return NULL; + } return get_default_rsa_keymgmt().gettable_params(provctx); } @@ -148,6 +156,7 @@ static const OSSL_PARAM *kae_keymgmt_rsa_gettable_params(void *provctx) static int kae_keymgmt_rsa_set_params(void *key, const OSSL_PARAM params[]) { if (!get_default_rsa_keymgmt().set_params) { + US_WARN("failed to get rsa keymgmt set params function."); return KAE_P_FAIL; } @@ -157,6 +166,7 @@ static int kae_keymgmt_rsa_set_params(void *key, const OSSL_PARAM params[]) static const OSSL_PARAM *kae_keymgmt_rsa_settable_params(ossl_unused void *provctx) { if (!get_default_rsa_keymgmt().settable_params) { + US_WARN("failed to get rsa keymgmt settable params function."); return NULL; } @@ -165,8 +175,10 @@ static const OSSL_PARAM *kae_keymgmt_rsa_settable_params(ossl_unused void *provc static void *kae_keymgmt_rsa_gen_init(void *provctx, int selection, const OSSL_PARAM params[]) { - if (!get_default_rsa_keymgmt().gen_init) + if (!get_default_rsa_keymgmt().gen_init) { + US_WARN("failed to get rsa keymgmt gen init function."); return NULL; + } return get_default_rsa_keymgmt().gen_init(provctx, selection, params); } @@ -174,6 +186,7 @@ static void *kae_keymgmt_rsa_gen_init(void *provctx, int selection, const OSSL_P static int kae_keymgmt_rsa_gen_set_template(void *genctx, void *templates) { if (!get_default_rsa_keymgmt().gen_set_template) { + US_WARN("failed to get rsa keymgmt gen set template function."); return KAE_P_FAIL; } @@ -182,16 +195,20 @@ static int kae_keymgmt_rsa_gen_set_template(void *genctx, void *templates) static int kae_keymgmt_rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) { - if (!get_default_rsa_keymgmt().gen_set_params) + if (!get_default_rsa_keymgmt().gen_set_params) { + US_WARN("failed to get rsa keymgmt gen set params function."); return KAE_P_FAIL; + } return get_default_rsa_keymgmt().gen_set_params(genctx, params); } static const OSSL_PARAM *kae_keymgmt_rsa_gen_settable_params(ossl_unused void *genctx, ossl_unused void *provctx) { - if (!get_default_rsa_keymgmt().gen_settable_params) + if (!get_default_rsa_keymgmt().gen_settable_params) { + US_WARN("failed to get rsa keymgmt gen settable params function."); return NULL; + } return get_default_rsa_keymgmt().gen_settable_params(genctx, provctx); } @@ -203,8 +220,10 @@ static void *kae_keymgmt_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbar BN_GENCB *gencb = NULL; int ret; - if (gctx == NULL) + if (gctx == NULL) { + US_WARN("invalid: rsa gen gctx is NULL."); return NULL; + } rsa = ossl_rsa_new_with_ctx(gctx->libctx); if (rsa == NULL) @@ -230,31 +249,40 @@ static void *kae_keymgmt_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbar return rsa; soft: - fprintf(stderr, "switch to execute openssl software calculation.\n"); - if (!get_default_rsa_keymgmt().gen) + US_WARN("kae prov rsa keygen failed, switch to execute openssl software calculation.\n"); + if (!get_default_rsa_keymgmt().gen) { + US_WARN("failed to get rsa keymgmt gen function."); return NULL; + } + return get_default_rsa_keymgmt().gen(genctx, osslcb, cbarg); } static void kae_keymgmt_rsa_gen_cleanup(void *genctx) { - if (!get_default_rsa_keymgmt().gen_cleanup) + if (!get_default_rsa_keymgmt().gen_cleanup) { + US_WARN("failed to get rsa keymgmt gen cleanup function."); return; + } get_default_rsa_keymgmt().gen_cleanup(genctx); } static void *kae_keymgmt_rsa_load(const void *reference, size_t reference_sz) { - if (!get_default_rsa_keymgmt().load) + if (!get_default_rsa_keymgmt().load) { + US_WARN("failed to get rsa keymgmt function."); return NULL; + } return get_default_rsa_keymgmt().load(reference, reference_sz); } static int kae_keymgmt_rsa_has(const void *keydata, int selection) { - if (!get_default_rsa_keymgmt().has) + if (!get_default_rsa_keymgmt().has) { + US_WARN("failed to get rsa keymgmt has function."); + } return KAE_P_FAIL; return get_default_rsa_keymgmt().has(keydata, selection); @@ -262,64 +290,80 @@ static int kae_keymgmt_rsa_has(const void *keydata, int selection) static int kae_keymgmt_rsa_validate(const void *keydata, int selection, int checktype) { - if (!get_default_rsa_keymgmt().validate) + if (!get_default_rsa_keymgmt().validate) { + US_WARN("failed to get rsa keymgmt validate function."); return KAE_P_FAIL; + } return get_default_rsa_keymgmt().validate(keydata, selection, checktype); } static int kae_keymgmt_rsa_match(const void *keydata1, const void *keydata2, int selection) { - if (!get_default_rsa_keymgmt().match) + if (!get_default_rsa_keymgmt().match) { + US_WARN("failed to get rsa keymgmt match function."); return KAE_P_FAIL; + } return get_default_rsa_keymgmt().match(keydata1, keydata2, selection); } static int kae_keymgmt_rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) { - if (!get_default_rsa_keymgmt().import) + if (!get_default_rsa_keymgmt().import) { + US_WARN("failed to get rsa keymgmt import function."); return KAE_P_FAIL; + } return get_default_rsa_keymgmt().import(keydata, selection, params); } static const OSSL_PARAM *kae_keymgmt_rsa_import_types(int selection) { - if (!get_default_rsa_keymgmt().import_types) + if (!get_default_rsa_keymgmt().import_types) { + US_WARN("failed to get rsa keymgmt import types function."); return NULL; + } return get_default_rsa_keymgmt().import_types(selection); } static int kae_keymgmt_rsa_export(void *keydata, int selection, OSSL_CALLBACK *param_callback, void *cbarg) { - if (!get_default_rsa_keymgmt().export_fun) + if (!get_default_rsa_keymgmt().export_fun) { + US_WARN("failed to get rsa keymgmt export fun function."); return KAE_P_FAIL; + } return get_default_rsa_keymgmt().export_fun(keydata, selection, param_callback, cbarg); } static const OSSL_PARAM *kae_keymgmt_rsa_export_types(int selection) { - if (!get_default_rsa_keymgmt().export_types) + if (!get_default_rsa_keymgmt().export_types) { + US_WARN("failed to get rsa keymgmt function."); return NULL; + } return get_default_rsa_keymgmt().export_types(selection); } static void *kae_keymgmt_rsa_dup(const void *keydata_from, int selection) { - if (!get_default_rsa_keymgmt().dup) + if (!get_default_rsa_keymgmt().dup) { + US_WARN("failed to get rsa keymgmt dup function."); return NULL; + } return get_default_rsa_keymgmt().dup(keydata_from, selection); } static const char *kae_keymgmt_rsa_query_operation_name(int operation_id) { - if (!get_default_rsa_keymgmt().query_operation_name) + if (!get_default_rsa_keymgmt().query_operation_name) { + US_WARN("failed to get rsa keymgmt query operation function."); return NULL; + } return get_default_rsa_keymgmt().query_operation_name(operation_id); } @@ -329,8 +373,11 @@ static void *kae_asym_cipher_rsa_newctx(void *provctx) PROV_RSA_ASYM_CTX *priv = NULL; priv = OPENSSL_zalloc(sizeof(*priv)); - if (priv == NULL) + if (priv == NULL) { + US_WARN("failed to alloc rsa asym ctx."); return NULL; + } + priv->libctx = prov_libctx_of(provctx); return priv; @@ -351,7 +398,7 @@ static int kae_rsa_asym_init(void *vprsactx, void *vrsa, const OSSL_PARAM params priv->pad_mode = RSA_PKCS1_PSS_PADDING; break; default: - ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + US_WARN("invalid: unknown rsa flag type."); return OPENSSL_FAIL; } @@ -373,7 +420,7 @@ static int kae_asym_cipher_rsa_encrypt( if (out == NULL) { len = kae_rsa_size(priv->rsa); if (len == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + US_WARN("invalid: rsa size is zero."); return OPENSSL_FAIL; } *outlen = len; @@ -390,9 +437,11 @@ static int kae_asym_cipher_rsa_encrypt( return OPENSSL_SUCCESS; soft: - fprintf(stderr, "switch to execute openssl software calculation.\n"); - if (!get_default_rsa_asym_cipher().encrypt) + US_WARN("kae prov rsa encrypt failed, switch to execute openssl software calculation.\n"); + if (!get_default_rsa_asym_cipher().encrypt) { + US_WARN("failed to get rsa asym encrypt function."); return KAE_P_FAIL; + } return get_default_rsa_asym_cipher().encrypt(vprsactx, out, outlen, outsize, in, inlen); } @@ -411,7 +460,7 @@ static int kae_asym_cipher_rsa_decrypt( if (out == NULL) { if (len == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + US_WARN("invalid: rsa size is zero."); return OPENSSL_FAIL; } *outlen = len; @@ -419,7 +468,7 @@ static int kae_asym_cipher_rsa_decrypt( } if (outsize < len) { - ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); + US_WARN("invalid: outsize is size is zero."); return OPENSSL_FAIL; } @@ -433,9 +482,11 @@ static int kae_asym_cipher_rsa_decrypt( return OPENSSL_SUCCESS; soft: - fprintf(stderr, "switch to execute openssl software calculation.\n"); - if (!get_default_rsa_asym_cipher().decrypt) + US_WARN("kae prov rsa decrypt failed, switch to execute openssl software calculation.\n"); + if (!get_default_rsa_asym_cipher().decrypt) { + US_WARN("failed to get rsa asym decrypt function."); return KAE_P_FAIL; + } return get_default_rsa_asym_cipher().decrypt(vprsactx, out, outlen, outsize, in, inlen); } @@ -452,39 +503,49 @@ static void kae_asym_cipher_rsa_freectx(void *vprsactx) static void *kae_asym_cipher_rsa_dupctx(void *vprsactx) { - if (!get_default_rsa_asym_cipher().dupctx) + if (!get_default_rsa_asym_cipher().dupctx) { + US_WARN("failed to get rsa asym dupctx function."); + } return KAE_P_FAIL; return get_default_rsa_asym_cipher().dupctx(vprsactx); } static int kae_asym_cipher_rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) { - if (!get_default_rsa_asym_cipher().get_ctx_params) + if (!get_default_rsa_asym_cipher().get_ctx_params) { + US_WARN("failed to get rsa asym get ctx params function."); return KAE_P_FAIL; + } return get_default_rsa_asym_cipher().get_ctx_params(vprsactx, params); } static const OSSL_PARAM *kae_asym_cipher_rsa_gettable_ctx_params(void *vprsactx, void *provctx) { - if (!get_default_rsa_asym_cipher().gettable_ctx_params) + if (!get_default_rsa_asym_cipher().gettable_ctx_params) { + US_WARN("failed to get rsa asym gettable ctx params function."); return KAE_P_FAIL; + } return get_default_rsa_asym_cipher().gettable_ctx_params(vprsactx, provctx); } static int kae_asym_cipher_rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) { - if (!get_default_rsa_asym_cipher().set_ctx_params) + if (!get_default_rsa_asym_cipher().set_ctx_params) { + US_WARN("failed to get rsa asym set ctx params function."); return KAE_P_FAIL; + } return get_default_rsa_asym_cipher().set_ctx_params(vprsactx, params); } static const OSSL_PARAM *kae_asym_cipher_rsa_settable_ctx_params(void *vprsactx, void *provctx) { - if (!get_default_rsa_asym_cipher().settable_ctx_params) + if (!get_default_rsa_asym_cipher().settable_ctx_params) { + US_WARN("failed to get rsa asym settable ctx params function."); return KAE_P_FAIL; + } return get_default_rsa_asym_cipher().settable_ctx_params(vprsactx, provctx); } @@ -494,13 +555,17 @@ static void *kae_signature_rsa_newctx(void *provctx, const char *propq) PROV_RSA_SIG_CTX *priv = OPENSSL_zalloc(sizeof(PROV_RSA_SIG_CTX)); char *propq_copy = NULL; - if (priv == NULL) + if (priv == NULL) { + US_WARN("invalid: signature ctx is NULL."); goto err; + } if (propq != NULL) { propq_copy = OPENSSL_strdup(propq); - if (propq_copy == NULL) + if (propq_copy == NULL) { + US_WARN("failed to dup propq."); goto err; + } } priv->libctx = prov_libctx_of(provctx); @@ -510,7 +575,6 @@ static void *kae_signature_rsa_newctx(void *provctx, const char *propq) err: OPENSSL_free(priv); - fprintf(stderr, "%s failed.\n", __func__); return NULL; } @@ -519,6 +583,7 @@ static int kae_rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[], i PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; if (priv == NULL || vrsa == NULL) { + US_WARN("invalid: sig ctx or rsa is NULL."); return OPENSSL_FAIL; } @@ -537,7 +602,7 @@ static int kae_rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[], i priv->pad_mode = RSA_PKCS1_PSS_PADDING; break; default: - ERR_raise(ERR_LIB_RSA, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + US_WARN("invalid: unknown rsa flag type."); return OPENSSL_FAIL; } @@ -682,18 +747,18 @@ int encode_pkcs1(unsigned char **out, size_t *out_len, int type, const unsigned unsigned char *dig_info; if (type == NID_undef) { - + US_WARN("invalid: unknown nid."); return 0; } di_prefix = kae_rsa_digestinfo_encoding(type, &di_prefix_len); if (di_prefix == NULL) { - + US_WARN("invalid: unknown digest info encoding."); return 0; } dig_info_len = di_prefix_len + m_len; dig_info = OPENSSL_malloc(dig_info_len); if (dig_info == NULL) { - + US_WARN("failed to alloc digest info."); return 0; } memcpy(dig_info, di_prefix, di_prefix_len); @@ -721,7 +786,7 @@ int KAE_RSA_sign( * RSASSA-PKCS1-v1_5. */ if (m_len != SSL_SIG_LENGTH) { - + US_WARN("invalid: message length is not equal to sig length."); return 0; } encoded_len = SSL_SIG_LENGTH; @@ -810,7 +875,7 @@ static int kae_signature_rsa_sign( } if (sigsize < rsasize) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_SIGNATURE_SIZE, "is %zu, should be at least %zu", sigsize, rsasize); + US_WARN("invalid: sigsize is less than rsasize."); return OPENSSL_FAIL; } @@ -828,7 +893,6 @@ static int kae_signature_rsa_sign( unsigned int sltmp; if (priv->pad_mode != RSA_PKCS1_PADDING) { - goto err; } ret = KAE_RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, priv->rsa); @@ -878,7 +942,6 @@ static int kae_signature_rsa_sign( switch (priv->saltlen) { case RSA_PSS_SALTLEN_DIGEST: if (priv->min_saltlen > EVP_MD_size(priv->md)) { - goto err; } /* FALLTHRU */ @@ -924,9 +987,11 @@ err: return OPENSSL_FAIL; soft: - fprintf(stderr, "switch to execute openssl software calculation.\n"); - if (!get_default_rsa_signature().sign) + US_WARN("kae prov rsa sign failed, switch to execute openssl software calculation.\n"); + if (!get_default_rsa_signature().sign) { + US_WARN("failed to get rsa signature sign function."); return KAE_P_FAIL; + } return get_default_rsa_signature().sign(vprsactx, sig, siglen, sigsize, tbs, tbslen); } @@ -939,6 +1004,7 @@ int KAE_RSA_verify(int type, const unsigned char *m, unsigned int m_len, unsigne unsigned char *decrypt_buf = NULL, *encoded = NULL; if (siglen != (size_t)kae_rsa_size(rsa)) { + US_WARN("invalid: sig len is not equal to rsa size."); return ret; } @@ -964,7 +1030,6 @@ int KAE_RSA_verify(int type, const unsigned char *m, unsigned int m_len, unsigne * RSASSA-PKCS1-v1_5. */ if (decrypt_len != SSL_SIG_LENGTH) { - goto err; } @@ -973,12 +1038,10 @@ int KAE_RSA_verify(int type, const unsigned char *m, unsigned int m_len, unsigne *prm_len = SSL_SIG_LENGTH; } else { if (m_len != SSL_SIG_LENGTH) { - goto err; } if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) { - goto err; } } @@ -992,12 +1055,10 @@ int KAE_RSA_verify(int type, const unsigned char *m, unsigned int m_len, unsigne *prm_len = 16; } else { if (m_len != 16) { - goto err; } if (memcmp(m, decrypt_buf + 2, 16) != 0) { - goto err; } } @@ -1014,7 +1075,6 @@ int KAE_RSA_verify(int type, const unsigned char *m, unsigned int m_len, unsigne goto err; m_len = (unsigned int)len; if (m_len > decrypt_len) { - goto err; } m = decrypt_buf + decrypt_len - m_len; @@ -1025,7 +1085,6 @@ int KAE_RSA_verify(int type, const unsigned char *m, unsigned int m_len, unsigne goto err; if (encoded_len != decrypt_len || memcmp(encoded, decrypt_buf, encoded_len) != 0) { - goto err; } @@ -1056,6 +1115,7 @@ static int kae_signature_rsa_verify( case RSA_PKCS1_PADDING: ret = KAE_RSA_verify(priv->mdnid, tbs, tbslen, NULL, NULL, sig, siglen, priv->rsa); if (ret == KAE_CRYPTO_FAIL) { + US_WARN("kae rsa verify failed."); goto soft; } if (!ret) { @@ -1121,17 +1181,21 @@ static int kae_signature_rsa_verify( return OPENSSL_SUCCESS; soft: - US_DEBUG("RSA verify fail, switch to execute openssl software calculation"); - if (!get_default_rsa_signature().verify) + US_DEBUG("kae prov rsa verify failed, switch to execute openssl software calculation"); + if (!get_default_rsa_signature().verify) { + US_WARN("failed to get rsa signature verify function."); return KAE_P_FAIL; + } return get_default_rsa_signature().verify(vprsactx, sig, siglen, tbs, tbslen); } static int kae_signature_rsa_verify_recover_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[]) { - if (!get_default_rsa_signature().verify_recover_init) + if (!get_default_rsa_signature().verify_recover_init) { + US_WARN("failed to get rsa signature verify recover init function."); return KAE_P_FAIL; + } return get_default_rsa_signature().verify_recover_init(vprsactx, vrsa, params); } @@ -1139,16 +1203,81 @@ static int kae_signature_rsa_verify_recover_init(void *vprsactx, void *vrsa, con static int kae_signature_rsa_verify_recover( void *vprsactx, unsigned char *rout, size_t *routlen, size_t routsize, const unsigned char *sig, size_t siglen) { - if (!get_default_rsa_signature().verify_recover) - return KAE_P_FAIL; + // if (!get_default_rsa_signature().verify_recover) { + // US_WARN("failed to get rsa signature verify recover function."); + // return KAE_P_FAIL; + // } - return get_default_rsa_signature().verify_recover(vprsactx, rout, routlen, routsize, sig, siglen); -} + // return get_default_rsa_signature().verify_recover(vprsactx, rout, routlen, routsize, sig, siglen); + PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; + int ret; + + if (rout == NULL) { + *routlen = RSA_size(priv->rsa); + return 1; + } + + if (priv->md != NULL) { + switch (priv->pad_mode) { + case RSA_X931_PADDING: + if (!setup_tbuf(priv)) + return 0; + ret = hpre_rsa_public_decrypt(siglen, sig, priv->tbuf, priv->rsa, + RSA_X931_PADDING); + if (ret < 1) { + return 0; + } + ret--; + if (priv->tbuf[ret] != RSA_X931_hash_id(priv->mdnid)) { + return 0; + } + if (ret != EVP_MD_get_size(priv->md)) { + return 0; + } + + *routlen = ret; + if (rout != priv->tbuf) { + if (routsize < (size_t)ret) { + return 0; + } + memcpy(rout, priv->tbuf, ret); + } + break; + + case RSA_PKCS1_PADDING: + { + size_t sltmp; + + ret = KAE_RSA_verify(priv->mdnid, NULL, 0, rout, &sltmp, + sig, siglen, priv->rsa); + if (ret <= 0) { + return 0; + } + ret = sltmp; + } + break; + + default: + US_ERR("rsa verify unsupport padding."); + return 0; + } + } else { + ret = hpre_rsa_public_decrypt(siglen, sig, rout, priv->rsa, + priv->pad_mode); + if (ret < 0) { + return 0; + } + } + *routlen = ret; + return 1; +} static int kae_signature_rsa_digest_sign_init(void *vprsactx, const char *mdname, void *vrsa, const OSSL_PARAM params[]) { - if (!get_default_rsa_signature().digest_sign_init) + if (!get_default_rsa_signature().digest_sign_init) { + US_WARN("failed to get rsa signature digest sign init function."); return KAE_P_FAIL; + } return get_default_rsa_signature().digest_sign_init(vprsactx, mdname, vrsa, params); } @@ -1157,8 +1286,10 @@ static int kae_signature_rsa_digest_sign_update(void *vprsactx, const unsigned c { PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; - if (priv == NULL || priv->mdctx == NULL) + if (priv == NULL || priv->mdctx == NULL) { + US_WARN("invalid: sig ctx or mdctx is NULL."); return OPENSSL_FAIL; + } return EVP_DigestUpdate(priv->mdctx, data, datalen); } @@ -1169,12 +1300,13 @@ static int kae_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *si unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int dlen = 0; - if (priv == NULL) + if (priv == NULL || priv->mdctx == NULL) { + US_WARN("invalid: sig ctx or mdctx is NULL."); return OPENSSL_FAIL; + } + priv->flag_allow_md = 1; - if (priv->mdctx == NULL) - return OPENSSL_FAIL; /* * If sig is NULL then we're just finding out the sig size. Other fields * are ignored. Defer to rsa_sign. @@ -1184,8 +1316,10 @@ static int kae_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *si * The digests used here are all known (see rsa_get_md_nid()), so they * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. */ - if (!EVP_DigestFinal_ex(priv->mdctx, digest, &dlen)) + if (!EVP_DigestFinal_ex(priv->mdctx, digest, &dlen)) { + US_WARN("rsa sign digest final failed."); return OPENSSL_FAIL; + } } return kae_signature_rsa_sign(vprsactx, sig, siglen, sigsize, digest, (size_t)dlen); @@ -1194,16 +1328,20 @@ static int kae_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *si static int kae_signature_rsa_digest_verify_init( void *vprsactx, const char *mdname, void *vrsa, const OSSL_PARAM params[]) { - if (!get_default_rsa_signature().digest_verify_init) + if (!get_default_rsa_signature().digest_verify_init) { + US_WARN("failed to get rsa signature digest verify init function."); return KAE_P_FAIL; + } return get_default_rsa_signature().digest_verify_init(vprsactx, mdname, vrsa, params); } static int kae_signature_rsa_digest_verify_update(void *vprsactx, const unsigned char *data, size_t datalen) { - if (!get_default_rsa_signature().digest_verify_update) + if (!get_default_rsa_signature().digest_verify_update) { + US_WARN("failed to get rsa signature digest verify update function."); return KAE_P_FAIL; + } return get_default_rsa_signature().digest_verify_update(vprsactx, data, datalen); } @@ -1214,19 +1352,21 @@ static int kae_signature_rsa_digest_verify_final(void *vprsactx, const unsigned unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int dlen = 0; - if (priv == NULL) + if (priv == NULL || priv->mdctx == NULL) { + US_WARN("invalid: sig ctx or md ctx is NULL."); return OPENSSL_FAIL; + } priv->flag_allow_md = 1; - if (priv->mdctx == NULL) - return OPENSSL_FAIL; /* * The digests used here are all known (see rsa_get_md_nid()), so they * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. */ - if (!EVP_DigestFinal_ex(priv->mdctx, digest, &dlen)) + if (!EVP_DigestFinal_ex(priv->mdctx, digest, &dlen)) { + US_WARN("rsa verify digest final failed."); return OPENSSL_FAIL; + } return kae_signature_rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen); } @@ -1235,8 +1375,10 @@ static void kae_signature_rsa_freectx(void *vprsactx) { PROV_RSA_SIG_CTX *priv = (PROV_RSA_SIG_CTX *)vprsactx; - if (priv == NULL) + if (priv == NULL) { + US_WARN("invalid: sig ctx is NULL."); return; + } free_tbuf(priv); OPENSSL_clear_free(priv, sizeof(*priv)); @@ -1244,24 +1386,30 @@ static void kae_signature_rsa_freectx(void *vprsactx) static void *kae_signature_rsa_dupctx(void *vprsactx) { - if (!get_default_rsa_signature().dupctx) + if (!get_default_rsa_signature().dupctx) { + US_WARN("failed to get rsa signature dupctx function."); return NULL; + } return get_default_rsa_signature().dupctx(vprsactx); } static int kae_signature_rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) { - if (!get_default_rsa_signature().get_ctx_params) + if (!get_default_rsa_signature().get_ctx_params) { + US_WARN("failed to get rsa signature get ctx params function."); return KAE_P_FAIL; + } return get_default_rsa_signature().get_ctx_params(vprsactx, params); } static const OSSL_PARAM *kae_signature_rsa_gettable_ctx_params(ossl_unused void *vprsactx, ossl_unused void *provctx) { - if (!get_default_rsa_signature().gettable_ctx_params) + if (!get_default_rsa_signature().gettable_ctx_params) { + US_WARN("failed to get rsa signature gettable ctx params function."); return NULL; + } return get_default_rsa_signature().gettable_ctx_params(vprsactx, provctx); } @@ -1269,48 +1417,60 @@ static const OSSL_PARAM *kae_signature_rsa_gettable_ctx_params(ossl_unused void static int kae_signature_rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) { - if (!get_default_rsa_signature().set_ctx_params) + if (!get_default_rsa_signature().set_ctx_params) { + US_WARN("failed to get rsa signature set ctx params function."); return KAE_P_FAIL; + } return get_default_rsa_signature().set_ctx_params(vprsactx, params); } static const OSSL_PARAM *kae_signature_rsa_settable_ctx_params(void *vprsactx, void *provctx) { - if (!get_default_rsa_signature().settable_ctx_params) + if (!get_default_rsa_signature().settable_ctx_params) { + US_WARN("failed to get rsa signature settable ctx params function."); return NULL; + } return get_default_rsa_signature().settable_ctx_params(vprsactx, provctx); } static int kae_signature_rsa_get_ctx_md_params(void *vprsactx, OSSL_PARAM *params) { - if (!get_default_rsa_signature().get_ctx_md_params) + if (!get_default_rsa_signature().get_ctx_md_params) { + US_WARN("failed to get rsa signature get ctx md params function."); return KAE_P_FAIL; + } return get_default_rsa_signature().get_ctx_md_params(vprsactx, params); } static const OSSL_PARAM *kae_signature_rsa_gettable_ctx_md_params(void *vprsactx) { - if (!get_default_rsa_signature().gettable_ctx_md_params) + if (!get_default_rsa_signature().gettable_ctx_md_params) { + US_WARN("failed to get rsa signature function."); return NULL; + } return get_default_rsa_signature().gettable_ctx_md_params(vprsactx); } static int kae_signature_rsa_set_ctx_md_params(void *vprsactx, const OSSL_PARAM params[]) { - if (!get_default_rsa_signature().set_ctx_md_params) + if (!get_default_rsa_signature().set_ctx_md_params) { + US_WARN("failed to get rsa signature set ctx md params function."); return KAE_P_FAIL; + } return get_default_rsa_signature().set_ctx_md_params(vprsactx, params); } static const OSSL_PARAM *kae_signature_rsa_settable_ctx_md_params(void *vprsactx) { - if (!get_default_rsa_signature().settable_ctx_md_params) + if (!get_default_rsa_signature().settable_ctx_md_params) { + US_WARN("failed to get rsa signature settable ctx md params function."); return NULL; + } return get_default_rsa_signature().settable_ctx_md_params(vprsactx); } \ No newline at end of file diff --git a/KAEOpensslProvider/src/provider/prov_nosva/prov_sm2.c b/KAEOpensslProvider/src/provider/prov_nosva/prov_sm2.c index 0dcdc2c392f36b35928eacafcc3599307b71d4cf..ce35f7fc71eecc2bbf4f12f4879969562404a3c6 100644 --- a/KAEOpensslProvider/src/provider/prov_nosva/prov_sm2.c +++ b/KAEOpensslProvider/src/provider/prov_nosva/prov_sm2.c @@ -27,6 +27,8 @@ #include "prov_pkey.h" #include "internal/prov_packet.h" #include "internal/prov_der_writer.h" +#include "../../adapter/common/kae_log.h" +#include "../../adapter/common/kae_types.h" #include "../../adapter/nosva/algorithm/pkey/hpre_sm2.h" #define SM2_KEY_BYTES 32 @@ -63,7 +65,7 @@ enum { CTX_INIT_FAIL = -1, CTX_UNINIT, CTX_INIT_SUCC }; static void *kae_keymgmt_sm2_new(void *provctx) { if (!get_default_sm2_keymgmt().new_fun) { - fprintf(stderr, "failed to get keymgmt new function\n"); + US_WARN("failed to get sm2 keymgmt new function."); return NULL; } @@ -73,7 +75,7 @@ static void *kae_keymgmt_sm2_new(void *provctx) static void kae_keymgmt_sm2_free(void *keydata) { if (!get_default_sm2_keymgmt().free) { - fprintf(stderr, "failed to get keymgmt free function\n"); + US_WARN("failed to get sm2 keymgmt free function."); return; } @@ -83,7 +85,7 @@ static void kae_keymgmt_sm2_free(void *keydata) static int kae_keymgmt_sm2_get_params(void *key, OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().get_params) { - fprintf(stderr, "failed to get keymgmt get_params function\n"); + US_WARN("failed to get sm2 keymgmt get_params function."); return KAE_P_FAIL; } @@ -93,7 +95,7 @@ static int kae_keymgmt_sm2_get_params(void *key, OSSL_PARAM params[]) static const OSSL_PARAM *kae_keymgmt_sm2_gettable_params(void *provctx) { if (!get_default_sm2_keymgmt().gettable_params) { - fprintf(stderr, "failed to get keymgmt gettable_params function\n"); + US_WARN("failed to get sm2 keymgmt gettable_params function."); return NULL; } @@ -103,7 +105,7 @@ static const OSSL_PARAM *kae_keymgmt_sm2_gettable_params(void *provctx) static int kae_keymgmt_sm2_set_params(void *key, const OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().set_params) { - fprintf(stderr, "failed to get keymgmt set_params function\n"); + US_WARN("failed to get sm2 keymgmt set_params function."); return KAE_P_FAIL; } @@ -113,7 +115,7 @@ static int kae_keymgmt_sm2_set_params(void *key, const OSSL_PARAM params[]) static const OSSL_PARAM *kae_keymgmt_sm2_settable_params(ossl_unused void *provctx) { if (!get_default_sm2_keymgmt().settable_params) { - fprintf(stderr, "failed to get keymgmt settable_params function\n"); + US_WARN("failed to get sm2 keymgmt settable_params function."); return NULL; } @@ -123,7 +125,7 @@ static const OSSL_PARAM *kae_keymgmt_sm2_settable_params(ossl_unused void *provc static void *kae_keymgmt_sm2_gen_init(void *provctx, int selection, const OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().gen_init) { - fprintf(stderr, "failed to get keymgmt gen_init function\n"); + US_WARN("failed to get sm2 keymgmt gen_init function."); return NULL; } @@ -133,7 +135,7 @@ static void *kae_keymgmt_sm2_gen_init(void *provctx, int selection, const OSSL_P static int kae_keymgmt_sm2_gen_set_template(void *genctx, void *templates) { if (!get_default_sm2_keymgmt().gen_set_template) { - fprintf(stderr, "failed to get keymgmt gen_set_template function\n"); + US_WARN("failed to get sm2 keymgmt gen_set_template function."); return KAE_P_FAIL; } @@ -143,7 +145,7 @@ static int kae_keymgmt_sm2_gen_set_template(void *genctx, void *templates) static int kae_keymgmt_sm2_gen_set_params(void *genctx, const OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().gen_set_params) { - fprintf(stderr, "failed to get keymgmt gen_set_params function\n"); + US_WARN("failed to get sm2 keymgmt gen_set_params function."); return KAE_P_FAIL; } @@ -153,7 +155,7 @@ static int kae_keymgmt_sm2_gen_set_params(void *genctx, const OSSL_PARAM params[ static const OSSL_PARAM *kae_keymgmt_sm2_gen_settable_params(ossl_unused void *genctx, ossl_unused void *provctx) { if (!get_default_sm2_keymgmt().gen_settable_params) { - fprintf(stderr, "failed to get keymgmt gen_settable_params function\n"); + US_WARN("failed to get sm2 keymgmt gen_settable_params function."); return NULL; } @@ -164,7 +166,7 @@ static void *kae_keymgmt_sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbar { // todo; use hardware? if (!get_default_sm2_keymgmt().gen) { - fprintf(stderr, "failed to get keymgmt gen function\n"); + US_WARN("failed to get sm2 keymgmt gen function."); return NULL; } @@ -174,7 +176,7 @@ static void *kae_keymgmt_sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbar static void kae_keymgmt_sm2_gen_cleanup(void *genctx) { if (!get_default_sm2_keymgmt().gen_cleanup) { - fprintf(stderr, "failed to get keymgmt gen_cleanup function\n"); + US_WARN("failed to get sm2 keymgmt gen_cleanup function."); return; } @@ -184,7 +186,7 @@ static void kae_keymgmt_sm2_gen_cleanup(void *genctx) static void *kae_keymgmt_sm2_load(const void *reference, size_t reference_sz) { if (!get_default_sm2_keymgmt().load) { - fprintf(stderr, "failed to get keymgmt load function\n"); + US_WARN("failed to get sm2 keymgmt load function."); return NULL; } @@ -194,7 +196,7 @@ static void *kae_keymgmt_sm2_load(const void *reference, size_t reference_sz) static int kae_keymgmt_sm2_has(const void *keydata, int selection) { if (!get_default_sm2_keymgmt().has) { - fprintf(stderr, "failed to get keymgmt has function\n"); + US_WARN("failed to get sm2 keymgmt has function."); return KAE_P_FAIL; } @@ -204,7 +206,7 @@ static int kae_keymgmt_sm2_has(const void *keydata, int selection) static int kae_keymgmt_sm2_validate(const void *keydata, int selection, int checktype) { if (!get_default_sm2_keymgmt().validate) { - fprintf(stderr, "failed to get keymgmt validate function\n"); + US_WARN("failed to get sm2 keymgmt validate function."); return KAE_P_FAIL; } @@ -214,7 +216,7 @@ static int kae_keymgmt_sm2_validate(const void *keydata, int selection, int chec static int kae_keymgmt_sm2_match(const void *keydata1, const void *keydata2, int selection) { if (!get_default_sm2_keymgmt().match) { - fprintf(stderr, "failed to get keymgmt validate function\n"); + US_WARN("failed to get sm2 keymgmt validate function."); return KAE_P_FAIL; } @@ -224,7 +226,7 @@ static int kae_keymgmt_sm2_match(const void *keydata1, const void *keydata2, int static int kae_keymgmt_sm2_import(void *keydata, int selection, const OSSL_PARAM params[]) { if (!get_default_sm2_keymgmt().import) { - fprintf(stderr, "failed to get keymgmt import function\n"); + US_WARN("failed to get sm2 keymgmt import function."); return KAE_P_FAIL; } @@ -234,7 +236,7 @@ static int kae_keymgmt_sm2_import(void *keydata, int selection, const OSSL_PARAM static const OSSL_PARAM *kae_keymgmt_sm2_import_types(int selection) { if (!get_default_sm2_keymgmt().import_types) { - fprintf(stderr, "failed to get keymgmt import_types function\n"); + US_WARN("failed to get sm2 keymgmt import_types function."); return NULL; } @@ -244,7 +246,7 @@ static const OSSL_PARAM *kae_keymgmt_sm2_import_types(int selection) static int kae_keymgmt_sm2_export(void *keydata, int selection, OSSL_CALLBACK *param_callback, void *cbarg) { if (!get_default_sm2_keymgmt().export_fun) { - fprintf(stderr, "failed to get keymgmt export function\n"); + US_WARN("failed to get sm2 keymgmt export function."); return KAE_P_FAIL; } @@ -254,7 +256,7 @@ static int kae_keymgmt_sm2_export(void *keydata, int selection, OSSL_CALLBACK *p static const OSSL_PARAM *kae_keymgmt_sm2_export_types(int selection) { if (!get_default_sm2_keymgmt().export_types) { - fprintf(stderr, "failed to get keymgmt export_types function\n"); + US_WARN("failed to get sm2 keymgmt export_types function."); return NULL; } @@ -264,7 +266,7 @@ static const OSSL_PARAM *kae_keymgmt_sm2_export_types(int selection) static void *kae_keymgmt_sm2_dup(const void *keydata_from, int selection) { if (!get_default_sm2_keymgmt().dup) { - fprintf(stderr, "failed to get keymgmt dup function\n"); + US_WARN("failed to get sm2 keymgmt dup function."); return NULL; } @@ -274,7 +276,7 @@ static void *kae_keymgmt_sm2_dup(const void *keydata_from, int selection) static const char *kae_keymgmt_sm2_query_operation_name(int operation_id) { if (!get_default_sm2_keymgmt().query_operation_name) { - fprintf(stderr, "failed to get keymgmt query_operation_name function\n"); + US_WARN("failed to get sm2 keymgmt query_operation_name function."); return NULL; } @@ -287,7 +289,7 @@ static void *kae_asym_cipher_sm2_newctx(void *provctx) SM2_PROV_CTX *smctx; if (psm2ctx == NULL) { - fprintf(stderr, "failed to alloc PROV_SM2_ASYM_CTX\n"); + US_WARN("failed to alloc PROV_SM2_ASYM_CTX."); return NULL; } @@ -295,13 +297,13 @@ static void *kae_asym_cipher_sm2_newctx(void *provctx) smctx = OPENSSL_zalloc(sizeof(SM2_PROV_CTX)); if (smctx == NULL) { - fprintf(stderr, "failed to alloc sm2 prov ctx\n"); + US_WARN("failed to alloc sm2 prov ctx."); goto free_psm2ctx; } smctx->sm2_md = OPENSSL_zalloc(sizeof(SM2_MD_DATA)); if (smctx->sm2_md == NULL) { - fprintf(stderr, "failed to alloc sm2 md data\n"); + US_WARN("failed to alloc sm2 md data."); goto free_smctx; } @@ -310,14 +312,13 @@ static void *kae_asym_cipher_sm2_newctx(void *provctx) smctx->sm2_pd = OPENSSL_zalloc(sizeof(SM2_PKEY_DATA)); if (smctx->sm2_pd == NULL) { - fprintf(stderr, "failed to alloc sm2 pkey data\n"); + US_WARN("failed to alloc sm2 pkey data."); goto free_sm2_md; } - smctx->do_soft = 0; - // smctx->hsmctx = OPENSSL_malloc(sizeof(hpre_sm2_priv_ctx)); psm2ctx->sm2_pctx = smctx; + US_DEBUG("kae prov sm2 new ctx success!"); return psm2ctx; free_sm2_md: @@ -345,7 +346,7 @@ static void kae_prov_sm2_set_default_md(PROV_SM2_ASYM_CTX *psm2ctx) static int kae_asym_cipher_sm2_encrypt_init_sw(void *vpsm2ctx, void *vkey, const OSSL_PARAM params[]) { if (!get_default_sm2_asym_cipher().encrypt_init) { - fprintf(stderr, "failed to get keymgmt encrypt init function\n"); + US_WARN("failed to get sm2 keymgmt encrypt init function."); return KAE_P_FAIL; } @@ -359,18 +360,18 @@ static int kae_asym_cipher_sm2_encrypt_init(void *vpsm2ctx, void *vkey, const OS int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + US_WARN("invalid: psm2ctx is NULL."); return KAE_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } if (vkey == NULL || !EC_KEY_up_ref(vkey)) { - fprintf(stderr, "invalid: vkey is NULL\n"); + US_WARN("invalid: vkey is NULL."); return KAE_P_FAIL; } EC_KEY_free(psm2ctx->ec_key); @@ -381,40 +382,30 @@ static int kae_asym_cipher_sm2_encrypt_init(void *vpsm2ctx, void *vkey, const OS ret = kae_asym_cipher_sm2_set_ctx_params(psm2ctx, params); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to set_ctx_params\n"); + US_WARN("failed to set_ctx_params."); goto do_soft; } - // ret = kae_prov_asym_cipher_get_support_state(SIGNATURE_SM2); - // if (ret == KAE_P_FAIL) { - // fprintf(stderr, "failed to get hardware sm2 signature support\n"); - // goto do_soft; - // } - - // /* Init with KAE */ - // ret = kae_prov_ecc_init("sm2"); - // if (ret == KAE_P_FAIL) { - // fprintf(stderr, "failed to init sm2\n"); - // goto do_soft; - // } - // smctx->hsmctx = calloc(1, sizeof(smctx->hsmctx)); // 不同于cipher的自动申请和回收pkey需要自己申请的 if (!smctx->hsmctx) { - fprintf(stderr, "failed to alloc sm2 ctx\n"); + US_WARN("failed to alloc sm2 ctx."); return OPENSSL_FAIL; } ret = hpre_sm2_update_sess(smctx); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to update sess\n"); + US_WARN("failed to update sess."); goto do_soft; } smctx->init_status = CTX_INIT_SUCC; smctx->hsmctx->init_status = HPRE_SM2_INIT_SUCC; + + US_DEBUG("kae prov sm2 encrypt init success!"); return KAE_P_SUCCESS; do_soft: + US_WARN("kae prov sm2 encrypt init failed, switch to soft."); return kae_asym_cipher_sm2_encrypt_init_sw(vpsm2ctx, vkey, params); } @@ -425,12 +416,12 @@ static int kae_prov_sm2_encrypt_check( const EVP_MD *md; if (smctx == NULL || smctx->hsmctx == NULL) { - fprintf(stderr, "smctx or hsmctx NULL\n"); + US_WARN("smctx or hsmctx NULL."); return KAE_P_FAIL; } if (smctx->init_status != CTX_INIT_SUCC) { - fprintf(stderr, "sm2 ctx init failed\n"); + US_WARN("sm2 ctx init failed."); return KAE_P_FAIL; } @@ -441,21 +432,10 @@ static int kae_prov_sm2_encrypt_check( */ md = smctx->sm2_md->md; if (md == NULL) { - fprintf(stderr, "failed to get md method\n"); + US_WARN("failed to get md method."); return KAE_P_FAIL; } - // c3_size = EVP_MD_size(md); - // if (c3_size <= 0) { - // fprintf(stderr, "c3 size error\n"); - // return KAE_P_FAIL; - // } - - // if (inlen > UINT_MAX) { - // fprintf(stderr, "invalid: inlen is out of range\n"); - // return KAE_P_FAIL; - // } - return KAE_P_SUCCESS; } @@ -463,7 +443,7 @@ static int kae_prov_sm2_encrypt_sw( PROV_SM2_ASYM_CTX *vpsm2ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { if (!get_default_sm2_asym_cipher().encrypt) { - fprintf(stderr, "fail to get sm2 asym encrypt function.\n"); + US_WARN("fail to get sm2 asym encrypt function."); return KAE_P_FAIL; } @@ -477,7 +457,7 @@ static int kae_asym_cipher_sm2_encrypt( int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + US_WARN("invalid: psm2ctx is NULL."); return KAE_P_FAIL; } @@ -485,21 +465,12 @@ static int kae_asym_cipher_sm2_encrypt( if (ret == KAE_P_FAIL) return ret; - // /* If out is NULL, compute outlen size and return */ - // if (out == NULL) { - // smctx = psm2ctx->sm2_pctx; - // smd = smctx->sm2_md; - // md = (const EVP_MD *)smd->md; - // if (!kae_prov_sm2_ciphertext_size(psm2ctx->ec_key, md, inlen, outlen)) - // return KAE_P_FAIL; - // else - // return KAE_P_SUCCESS; - // } - ret = hpre_sm2_encrypt(psm2ctx, out, outlen, in, inlen); - if (ret == OPENSSL_FAIL && psm2ctx->sm2_pctx->do_soft == 1) { + if (ret == KAE_CRYPTO_FAIL) { return kae_prov_sm2_encrypt_sw(psm2ctx, out, outlen, in, inlen); } + + US_DEBUG("kae prov sm2 encrypt success!"); return OPENSSL_SUCCESS; } @@ -512,32 +483,15 @@ static int kae_prov_sm2_decrypt_check( SM2_PROV_CTX *smctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen) { if (smctx == NULL || smctx->hsmctx == NULL) { - fprintf(stderr, "smctx or sess NULL\n"); + US_WARN("smctx or sess NULL."); return KAE_P_FAIL; } if (smctx->init_status != CTX_INIT_SUCC) { - fprintf(stderr, "sm2 ctx init failed\n"); + US_WARN("sm2 ctx init failed."); return KAE_P_FAIL; } - // /* - // * As we have already set md method in init, if not set, will use default digest. - // * The md is unlikey to be NULL here, so if the md is still NULL when encrypt start, - // * just return fail. - // */ - // md = smctx->sm2_md->md; - // if (md == NULL) { - // fprintf(stderr, "failed to get md method\n"); - // return KAE_P_FAIL; - // } - - // hash_size = EVP_MD_size(md); - // if (hash_size <= 0) { - // fprintf(stderr, "hash size = %d error\n", hash_size); - // return KAE_P_FAIL; - // } - return KAE_P_SUCCESS; } @@ -549,7 +503,7 @@ static int kae_asym_cipher_sm2_decrypt( int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + US_WARN("invalid: psm2ctx is NULL."); return KAE_P_FAIL; } @@ -558,13 +512,6 @@ static int kae_asym_cipher_sm2_decrypt( if (ret == KAE_P_FAIL) return ret; - // if (out == NULL) { - // if (!kae_prov_sm2_plaintext_size(in, inlen, outlen)) - // return KAE_P_FAIL; - // else - // return KAE_P_SUCCESS; - // } - return hpre_sm2_decrypt(psm2ctx, out, outlen, in, inlen); } @@ -602,47 +549,47 @@ static void *kae_asym_cipher_sm2_dupctx(void *vpsm2ctx) PROV_SM2_ASYM_CTX *dstctx; if (srcctx == NULL) { - fprintf(stderr, "src ctx is NULL\n"); + US_WARN("src ctx is NULL."); return NULL; } src_smctx = srcctx->sm2_pctx; if (src_smctx == NULL) { - fprintf(stderr, "src_smctx is NULL\n"); + US_WARN("src_smctx is NULL."); return NULL; } if (src_smctx->sm2_md == NULL) { - fprintf(stderr, "src_smctx is NULL\n"); + US_WARN("src_smctx is NULL."); return NULL; } dstctx = OPENSSL_zalloc(sizeof(PROV_SM2_ASYM_CTX)); if (dstctx == NULL) { - fprintf(stderr, "failed to alloc dst ctx\n"); + US_WARN("failed to alloc dst ctx."); return NULL; } *dstctx = *srcctx; dst_smctx = OPENSSL_zalloc(sizeof(SM2_PROV_CTX)); if (dst_smctx == NULL) { - fprintf(stderr, "failed to alloc dst_smctx\n"); + US_WARN("failed to alloc dst_smctx."); goto free; } dst_smctx->sm2_md = OPENSSL_zalloc(sizeof(SM2_MD_DATA)); if (dst_smctx->sm2_md == NULL) { - fprintf(stderr, "failed to alloc dst_smd\n"); + US_WARN("failed to alloc dst_smd."); goto free; } if (dstctx->ec_key != NULL && !EC_KEY_up_ref(dstctx->ec_key)) { - fprintf(stderr, "failed to check dstctx key reference\n"); + US_WARN("failed to check dstctx key reference."); goto free; } if (dst_smctx->sm2_md->alloc_md && !EVP_MD_up_ref(dst_smctx->sm2_md->alloc_md)) { - fprintf(stderr, "failed to check alloc_md reference\n"); + US_WARN("failed to check alloc_md reference."); goto free; } @@ -667,24 +614,24 @@ static int kae_asym_cipher_sm2_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params EVP_MD *md; if (psm2ctx == NULL) { - fprintf(stderr, "failed to get psm2ctx\n"); + US_WARN("failed to get psm2ctx."); return KAE_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "failed to get smctx\n"); + US_WARN("failed to get smctx."); return KAE_P_FAIL; } smd = smctx->sm2_md; if (smd == NULL) { - fprintf(stderr, "failed to get sm2 md\n"); + US_WARN("failed to get sm2 md."); return KAE_P_FAIL; } if (params == NULL) { - fprintf(stderr, "params is NULL\n"); + US_WARN("params is NULL."); return KAE_P_FAIL; } @@ -692,7 +639,7 @@ static int kae_asym_cipher_sm2_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params if (p != NULL) { md = smd->md; if (!OSSL_PARAM_set_utf8_string(p, md == NULL ? "" : EVP_MD_get0_name(md))) { - fprintf(stderr, "failed to set utf8 string\n"); + US_WARN("failed to set utf8 string."); return KAE_P_FAIL; } smd->md_nid = EVP_MD_type(md); @@ -717,7 +664,7 @@ static EVP_MD *kae_prov_load_digest_from_params(SM2_MD_DATA *smd, const OSSL_PAR p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES); if (p) { if (p->data_type != OSSL_PARAM_UTF8_STRING) { - fprintf(stderr, "data_type != OSSL_PARAM_UTF8_STRING\n"); + US_WARN("data_type != OSSL_PARAM_UTF8_STRING."); return NULL; } propquery = p->data; @@ -727,7 +674,7 @@ static EVP_MD *kae_prov_load_digest_from_params(SM2_MD_DATA *smd, const OSSL_PAR p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST); if (p) { if (p->data_type != OSSL_PARAM_UTF8_STRING) { - fprintf(stderr, "data_type != OSSL_PARAM_UTF8_STRING\n"); + US_WARN("data_type != OSSL_PARAM_UTF8_STRING."); return NULL; } } else { @@ -739,7 +686,7 @@ static EVP_MD *kae_prov_load_digest_from_params(SM2_MD_DATA *smd, const OSSL_PAR EVP_MD_free(smd->alloc_md); smd->md = smd->alloc_md = EVP_MD_fetch(ctx, p->data, propquery); if (smd->md == NULL) { - fprintf(stderr, "failed to fetch MD method\n"); + US_WARN("failed to fetch MD method."); return NULL; } @@ -749,7 +696,7 @@ static EVP_MD *kae_prov_load_digest_from_params(SM2_MD_DATA *smd, const OSSL_PAR static int kae_asym_cipher_sm2_set_ctx_params_sw(void *vpsm2ctx, const OSSL_PARAM params[]) { if (!get_default_sm2_asym_cipher().set_ctx_params) { - fprintf(stderr, "fail to get sm2 asym set_ctx_params function.\n"); + US_WARN("fail to get sm2 asym set_ctx_params function."); return KAE_P_FAIL; } return get_default_sm2_asym_cipher().set_ctx_params(vpsm2ctx, params); @@ -763,7 +710,7 @@ static int kae_asym_cipher_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM p int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: sm2 ctx is NULL\n"); + US_WARN("invalid: sm2 ctx is NULL."); return KAE_P_FAIL; } @@ -773,20 +720,20 @@ static int kae_asym_cipher_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM p smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } /* Set digest method */ smd = smctx->sm2_md; if (smd == NULL) { - fprintf(stderr, "invalid: sm2 md is NULL\n"); + US_WARN("invalid: sm2 md is NULL."); return KAE_P_FAIL; } smd->md = kae_prov_load_digest_from_params(smctx->sm2_md, params, psm2ctx->libctx); if (smd->md == NULL) { - fprintf(stderr, "failed to set digest with set_ctx_params\n"); + US_WARN("failed to set digest with set_ctx_params."); return KAE_P_FAIL; } smd->md_nid = EVP_MD_type(smd->md); @@ -795,7 +742,7 @@ static int kae_asym_cipher_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM p if (smctx->init_status == CTX_INIT_SUCC) { ret = hpre_sm2_update_sess(smctx); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to update sess\n"); + US_WARN("failed to update sess."); goto do_soft; } } @@ -817,7 +764,7 @@ static void *kae_signature_sm2_newctx(void *provctx, const char *propq) SM2_PROV_CTX *smctx; if (psm2ctx == NULL) { - fprintf(stderr, "failed to alloc sm2 signature ctx\n"); + US_WARN("failed to alloc sm2 signature ctx."); return NULL; } /* The libctx maybe NULL, if libctx is NULL, will use default ctx. */ @@ -825,19 +772,19 @@ static void *kae_signature_sm2_newctx(void *provctx, const char *propq) smctx = OPENSSL_zalloc(sizeof(SM2_PROV_CTX)); if (smctx == NULL) { - fprintf(stderr, "failed to alloc sm2 prov ctx\n"); + US_WARN("failed to alloc sm2 prov ctx."); goto free_ctx; } smctx->sm2_pd = OPENSSL_zalloc(sizeof(SM2_PKEY_DATA)); if (smctx->sm2_pd == NULL) { - fprintf(stderr, "failed to alloc sm2 pkey data\n"); + US_WARN("failed to alloc sm2 pkey data."); goto free_smctx; } smctx->sm2_md = OPENSSL_zalloc(sizeof(SM2_MD_DATA)); if (smctx->sm2_md == NULL) { - fprintf(stderr, "failed to alloc sm2 md data\n"); + US_WARN("failed to alloc sm2 md data."); goto free_pd; } @@ -850,18 +797,16 @@ static void *kae_signature_sm2_newctx(void *provctx, const char *propq) strcpy(psm2ctx->mdname, OSSL_DIGEST_NAME_SM3); smctx->sm2_md->mdctx = EVP_MD_CTX_new(); if (smctx->sm2_md->mdctx == NULL) { - fprintf(stderr, "failed to alloc sm2 mdctx\n"); + US_WARN("failed to alloc sm2 mdctx."); goto free_md; } - smctx->do_soft = 0; - // smctx->hsmctx = OPENSSL_malloc(sizeof(hpre_sm2_priv_ctx)); psm2ctx->sm2_pctx = smctx; if (propq) { psm2ctx->propq = OPENSSL_strdup(propq); if (psm2ctx->propq == NULL) { - fprintf(stderr, "failed to dup propq\n"); + US_WARN("failed to dup propq."); goto free_mdctx; } } @@ -884,7 +829,7 @@ free_ctx: static int kae_signature_sm2_sign_init_sw(void *vpsm2ctx, void *ec, const OSSL_PARAM params[]) { if (!get_default_sm2_signature().sign_init) { - fprintf(stderr, "fail to get sm2 sign_init function.\n"); + US_WARN("fail to get sm2 sign_init function."); return KAE_P_FAIL; } return get_default_sm2_signature().sign_init(vpsm2ctx, ec, params); @@ -896,18 +841,18 @@ static int kae_signature_sm2_sign_init(void *vpsm2ctx, void *ec, const OSSL_PARA int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: vpsm2ctx is NULL\n"); + US_WARN("invalid: vpsm2ctx is NULL."); return KAE_P_FAIL; } if (ec == NULL && psm2ctx->ec_key == NULL) { - fprintf(stderr, "invalid: sm2 key is NULL\n"); + US_WARN("invalid: sm2 key is NULL."); return KAE_P_FAIL; } if (ec) { if (!EC_KEY_up_ref(ec)) { - fprintf(stderr, "failed to EC_KEY_up_ref\n"); + US_WARN("failed to EC_KEY_up_ref."); return KAE_P_FAIL; } EC_KEY_free(psm2ctx->ec_key); @@ -915,7 +860,7 @@ static int kae_signature_sm2_sign_init(void *vpsm2ctx, void *ec, const OSSL_PARA } if (psm2ctx->sm2_pctx == NULL) { - fprintf(stderr, "failed to get smctx\n"); + US_WARN("failed to get smctx."); return KAE_P_FAIL; } @@ -925,27 +870,27 @@ static int kae_signature_sm2_sign_init(void *vpsm2ctx, void *ec, const OSSL_PARA ret = kae_signature_sm2_set_ctx_params((void *)psm2ctx, params); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to set sm2 sig ctx params\n"); + US_WARN("failed to set sm2 sig ctx params."); goto do_soft; } // ret = kae_prov_signature_get_support_state(SIGNATURE_SM2); // if (ret == KAE_P_FAIL) { - // fprintf(stderr, "failed to get hardware sm2 signature support\n"); + // US_WARN("failed to get hardware sm2 signature support."); // goto do_soft; // } // /* Init with KAE */ // ret = kae_prov_ecc_init("sm2"); // if (ret == KAE_P_FAIL) { - // fprintf(stderr, "failed to init sm2\n"); + // US_WARN("failed to init sm2."); // goto do_soft; // } ret = hpre_sm2_update_sess(psm2ctx->sm2_pctx); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to update sess in sign init\n"); + US_WARN("failed to update sess in sign init."); goto do_soft; } @@ -967,40 +912,30 @@ static int kae_prov_sm2_check_tbs_params(PROV_SM2_SIGN_CTX *psm2ctx, const unsig SM2_PROV_CTX *smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: ctx is NULL\n"); + US_WARN("invalid: ctx is NULL."); return KAE_P_FAIL; } if (smctx->hsmctx == NULL) { - fprintf(stderr, "invalid: smctx->sess is NULL\n"); + US_WARN("invalid: smctx->sess is NULL."); return KAE_P_FAIL; } if (smctx->init_status != CTX_INIT_SUCC) { - fprintf(stderr, "sm2 ctx init did not init\n"); + US_WARN("sm2 ctx init did not init."); return KAE_P_FAIL; } if (smctx->sm2_md == NULL) { - fprintf(stderr, "invalid: sm2_md is NULL\n"); + US_WARN("invalid: sm2_md is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md->mdsize != 0 && tbslen != smctx->sm2_md->mdsize) { - fprintf(stderr, "invalid: tbslen(%zu) != mdsize(%zu)\n", tbslen, smctx->sm2_md->mdsize); + US_WARN("invalid: tbslen(%zu) != mdsize(%zu).", tbslen, smctx->sm2_md->mdsize); return KAE_P_FAIL; } - // if (tbslen > SM2_KEY_BYTES) { - // fprintf(stderr, "invalid: tbslen(%zu) > SM2_KEY_BYTES(32)\n", tbslen); - // return KAE_P_FAIL; - // } - - // if (kae_prov_is_all_zero(tbs, tbslen)) { - // fprintf(stderr, "invalid: tbs all zero\n"); - // return KAE_P_FAIL; - // } - return KAE_P_SUCCESS; } @@ -1008,7 +943,7 @@ static int kae_signature_sm2_sign_sw( void *vpsm2ctx, unsigned char *sig, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen) { if (!get_default_sm2_signature().sign) { - fprintf(stderr, "fail to get sm2 sign function.\n"); + US_WARN("fail to get sm2 sign function."); return KAE_P_FAIL; } @@ -1023,18 +958,18 @@ static int kae_signature_sm2_sign( size_t sltmp; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + US_WARN("invalid: psm2ctx is NULL."); return KAE_P_FAIL; } if (psm2ctx->ec_key == NULL) { - fprintf(stderr, "invalid: sm2 ec is NULL\n"); + US_WARN("invalid: sm2 ec is NULL."); return KAE_P_FAIL; } ecsize = ECDSA_size(psm2ctx->ec_key); if (ecsize <= 0) { - fprintf(stderr, "ecsize error %d\n", ecsize); + US_WARN("ecsize error %d.", ecsize); return KAE_P_FAIL; } @@ -1049,19 +984,19 @@ static int kae_signature_sm2_sign( } if (sigsize < (size_t)ecsize) { - fprintf(stderr, "sigsize(%zu) < ecsize(%d)\n", sigsize, ecsize); + US_WARN("sigsize(%zu) < ecsize(%d).", sigsize, ecsize); goto do_soft; } ret = kae_prov_sm2_check_tbs_params(psm2ctx, tbs, tbslen); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to check sm2 signature params\n"); + US_WARN("failed to check sm2 signature params."); goto do_soft; } ret = hpre_sm2_sign(psm2ctx, sig, &sltmp, tbs, tbslen); - if (ret == OPENSSL_FAIL && psm2ctx->sm2_pctx->do_soft == 1) { - fprintf(stderr, "failed to do sm2 sign\n"); + if (ret == KAE_CRYPTO_FAIL) { + US_WARN("failed to do sm2 sign."); goto do_soft; } @@ -1078,7 +1013,7 @@ static int kae_signature_sm2_verify_sw( void *vpsm2ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen) { if (!get_default_sm2_signature().verify) { - fprintf(stderr, "fail to get sm2 verify function.\n"); + US_WARN("fail to get sm2 verify function."); return KAE_P_FAIL; } return get_default_sm2_signature().verify(vpsm2ctx, sig, siglen, tbs, tbslen); @@ -1091,19 +1026,19 @@ static int kae_signature_sm2_verify( int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + US_WARN("invalid: psm2ctx is NULL."); return KAE_P_FAIL; } ret = kae_prov_sm2_check_tbs_params(psm2ctx, tbs, tbslen); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to check sm2 verify params\n"); + US_WARN("failed to check sm2 verify params."); goto do_soft; } ret = hpre_sm2_verify(psm2ctx, sig, siglen, tbs, tbslen); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to do sm2 verify\n"); + US_WARN("failed to do sm2 verify."); goto do_soft; } @@ -1136,25 +1071,26 @@ static int kae_prov_sm2_sig_set_mdname(PROV_SM2_SIGN_CTX *psm2ctx, const char *m /* 'psm2ctx' has already been checked when call this function, no need to check again */ smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md == NULL) { - fprintf(stderr, "invalid: smctx->sm2_md is NULL\n"); + US_WARN("invalid: smctx->sm2_md is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md->md == NULL) { - smctx->sm2_md->md = EVP_MD_fetch(psm2ctx->libctx, psm2ctx->mdname, psm2ctx->propq); + // smctx->sm2_md->md = EVP_MD_fetch(psm2ctx->libctx, psm2ctx->mdname, psm2ctx->propq); + smctx->sm2_md->md = EVP_MD_fetch(NULL, "SM3", "provider=default"); if (smctx->sm2_md->md == NULL) { - fprintf(stderr, "failed to fetch digest method\n"); + US_WARN("failed to fetch digest method."); return KAE_P_FAIL; } } if (strlen(mdname) >= sizeof(psm2ctx->mdname) || !EVP_MD_is_a(smctx->sm2_md->md, mdname)) { - fprintf(stderr, "failed to check mdname, digest=%s\n", mdname); + US_WARN("failed to check mdname, digest=%s.", mdname); return KAE_P_FAIL; } @@ -1178,7 +1114,7 @@ static int kae_signature_sm2_digest_sign_init(void *vpsm2ctx, const char *mdname if (smctx->sm2_md->mdctx == NULL) { smctx->sm2_md->mdctx = EVP_MD_CTX_new(); if (unlikely(smctx->sm2_md->mdctx == NULL)) { - fprintf(stderr, "failed to EVP_MD_CTX_new\n"); + US_WARN("failed to EVP_MD_CTX_new."); return KAE_P_FAIL; } } @@ -1201,7 +1137,7 @@ static int kae_signature_sm2_digest_sign_init(void *vpsm2ctx, const char *mdname WPACKET_cleanup(&pkt); if (!EVP_DigestInit_ex2(smctx->sm2_md->mdctx, smctx->sm2_md->md, params)) { - fprintf(stderr, "failed to do digest init\n"); + US_WARN("failed to do digest init."); EVP_MD_CTX_free(smctx->sm2_md->mdctx); return KAE_P_FAIL; } @@ -1214,22 +1150,153 @@ static int kae_signature_sm2_digest_sign_init(void *vpsm2ctx, const char *mdname static int kae_prov_sm2_check_md_params(SM2_PROV_CTX *smctx) { if (smctx->sm2_md == NULL) { - fprintf(stderr, "invalid: sm2_md is NULL\n"); + US_WARN("invalid: sm2_md is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md->md == NULL) { - fprintf(stderr, "invalid: md is NULL\n"); + US_WARN("invalid: md is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md->mdctx == NULL) { - fprintf(stderr, "invalid: mdctx is NULL\n"); + US_WARN("invalid: mdctx is NULL."); return KAE_P_FAIL; } return KAE_P_SUCCESS; } +# define SM2_R_ID_TOO_LARGE 111 + +OSSL_LIB_CTX *ossl_ec_key_get_libctx(const EC_KEY *key) +{ + return key->libctx; +} + + +int ossl_sm2_compute_z_digest(uint8_t *out, + const EVP_MD *digest, + const uint8_t *id, + const size_t id_len, + const EC_KEY *key) +{ + int rc = 0; + const EC_GROUP *group = EC_KEY_get0_group(key); + const EC_POINT *pubkey = EC_KEY_get0_public_key(key); + BN_CTX *ctx = NULL; + EVP_MD_CTX *hash = NULL; + BIGNUM *p = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *xG = NULL; + BIGNUM *yG = NULL; + BIGNUM *xA = NULL; + BIGNUM *yA = NULL; + int p_bytes = 0; + uint8_t *buf = NULL; + uint16_t entl = 0; + uint8_t e_byte = 0; + + /* SM2 Signatures require a public key, check for it */ + if (pubkey == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER); + goto done; + } + + hash = EVP_MD_CTX_new(); + ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(key)); + if (hash == NULL || ctx == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); + goto done; + } + + p = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + xG = BN_CTX_get(ctx); + yG = BN_CTX_get(ctx); + xA = BN_CTX_get(ctx); + yA = BN_CTX_get(ctx); + + if (yA == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); + goto done; + } + + if (!EVP_DigestInit(hash, digest)) { + ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); + goto done; + } + + /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ + + if (id_len >= (UINT16_MAX / 8)) { + /* too large */ + ERR_raise(ERR_LIB_SM2, SM2_R_ID_TOO_LARGE); + goto done; + } + + entl = (uint16_t)(8 * id_len); + + e_byte = entl >> 8; + if (!EVP_DigestUpdate(hash, &e_byte, 1)) { + ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); + goto done; + } + e_byte = entl & 0xFF; + if (!EVP_DigestUpdate(hash, &e_byte, 1)) { + ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); + goto done; + } + + if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) { + ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); + goto done; + } + + if (!EC_GROUP_get_curve(group, p, a, b, ctx)) { + ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); + goto done; + } + + p_bytes = BN_num_bytes(p); + buf = OPENSSL_zalloc(p_bytes); + if (buf == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); + goto done; + } + + if (BN_bn2binpad(a, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(b, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EC_POINT_get_affine_coordinates(group, + EC_GROUP_get0_generator(group), + xG, yG, ctx) + || BN_bn2binpad(xG, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(yG, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EC_POINT_get_affine_coordinates(group, + pubkey, + xA, yA, ctx) + || BN_bn2binpad(xA, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || BN_bn2binpad(yA, buf, p_bytes) < 0 + || !EVP_DigestUpdate(hash, buf, p_bytes) + || !EVP_DigestFinal(hash, out, NULL)) { + ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); + goto done; + } + + rc = 1; + + done: + OPENSSL_free(buf); + BN_CTX_free(ctx); + EVP_MD_CTX_free(hash); + return rc; +} static int sm2_sig_compute_z_digest(PROV_SM2_SIGN_CTX *psm2ctx) { @@ -1243,20 +1310,20 @@ static int sm2_sig_compute_z_digest(PROV_SM2_SIGN_CTX *psm2ctx) z = OPENSSL_zalloc(smctx->sm2_md->mdsize); if (z == NULL) { - fprintf(stderr, "failed to alloc z\n"); + US_WARN("failed to alloc z."); return KAE_P_FAIL; } /* get hashed prefix 'z' of tbs message */ - ret = hpre_sm2_compute_z_digest(z, smctx->sm2_md->md, psm2ctx->id, psm2ctx->id_len, psm2ctx->ec_key); + ret = ossl_sm2_compute_z_digest(z, smctx->sm2_md->md, psm2ctx->id, psm2ctx->id_len, psm2ctx->ec_key); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to kae_prov_sm2_compute_z_digest\n"); + US_WARN("failed to kae_prov_sm2_compute_z_digest."); goto free_z; } ret = EVP_DigestUpdate(smctx->sm2_md->mdctx, z, smctx->sm2_md->mdsize); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to EVP_DigestUpdate\n"); + US_WARN("failed to EVP_DigestUpdate."); goto free_z; } OPENSSL_free(z); @@ -1276,13 +1343,13 @@ static int kae_signature_sm2_digest_sign_update(void *vpsm2ctx, const unsigned c int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL in digest sign update\n"); + US_WARN("invalid: psm2ctx is NULL in digest sign update."); return KAE_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL in compute z digest\n"); + US_WARN("invalid: smctx is NULL in compute z digest."); return KAE_P_FAIL; } @@ -1292,13 +1359,13 @@ static int kae_signature_sm2_digest_sign_update(void *vpsm2ctx, const unsigned c ret = sm2_sig_compute_z_digest(psm2ctx); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to compute z digest\n"); + US_WARN("failed to compute z digest."); return ret; } ret = EVP_DigestUpdate(smctx->sm2_md->mdctx, data, datalen); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to EVP_DigestUpdate\n"); + US_WARN("failed to EVP_DigestUpdate."); return ret; } @@ -1314,13 +1381,13 @@ static int kae_signature_sm2_digest_sign_final(void *vpsm2ctx, unsigned char *si int ret; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + US_WARN("invalid: psm2ctx is NULL."); return KAE_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } @@ -1339,7 +1406,7 @@ static int kae_signature_sm2_digest_sign_final(void *vpsm2ctx, unsigned char *si ret = EVP_DigestFinal_ex(smctx->sm2_md->mdctx, digest, &dlen); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to do EVP_DigestFinal_ex\n"); + US_WARN("failed to do EVP_DigestFinal_ex."); return ret; } } @@ -1366,13 +1433,13 @@ static int kae_signature_sm2_digest_verify_final(void *vpsm2ctx, const unsigned int ret, size; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + US_WARN("invalid: psm2ctx is NULL."); return KAE_P_FAIL; } smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } @@ -1382,19 +1449,19 @@ static int kae_signature_sm2_digest_verify_final(void *vpsm2ctx, const unsigned size = EVP_MD_get_size(smctx->sm2_md->md); if (size > EVP_MAX_MD_SIZE) { - fprintf(stderr, "invalid: md size(%d) > %d\n", size, EVP_MAX_MD_SIZE); + US_WARN("invalid: md size(%d) > %d.", size, EVP_MAX_MD_SIZE); return KAE_P_FAIL; } ret = sm2_sig_compute_z_digest(psm2ctx); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to do sm2_sig_compute_z_digest\n"); + US_WARN("failed to do sm2_sig_compute_z_digest."); return ret; } ret = EVP_DigestFinal_ex(smctx->sm2_md->mdctx, digest, &dlen); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to do EVP_DigestFinal_ex, dlen = %u\n", dlen); + US_WARN("failed to do EVP_DigestFinal_ex, dlen = %u.", dlen); return ret; } @@ -1441,28 +1508,28 @@ static int check_signature_src_ctx(PROV_SM2_SIGN_CTX *srcctx) SM2_PROV_CTX *src_smctx; if (srcctx == NULL) { - fprintf(stderr, "invalid: src ctx is NULL\n"); + US_WARN("invalid: src ctx is NULL."); return KAE_P_FAIL; } if (srcctx->ec_key != NULL && !EC_KEY_up_ref(srcctx->ec_key)) { - fprintf(stderr, "failed to check srcctx key reference\n"); + US_WARN("failed to check srcctx key reference."); return KAE_P_FAIL; } src_smctx = srcctx->sm2_pctx; if (src_smctx == NULL) { - fprintf(stderr, "invalid: src_smctx is NULL\n"); + US_WARN("invalid: src_smctx is NULL."); return KAE_P_FAIL; } if (src_smctx->sm2_md == NULL) { - fprintf(stderr, "invalid: sm2_md is NULL\n"); + US_WARN("invalid: sm2_md is NULL."); return KAE_P_FAIL; } if (src_smctx->sm2_md->md != NULL && !EVP_MD_up_ref(src_smctx->sm2_md->md)) { - fprintf(stderr, "failed to check srcctx md reference\n"); + US_WARN("failed to check srcctx md reference."); return KAE_P_FAIL; } @@ -1473,13 +1540,13 @@ static int create_dst_ctx_data(SM2_PROV_CTX *dst_smctx) { dst_smctx->sm2_md = OPENSSL_zalloc(sizeof(SM2_MD_DATA)); if (dst_smctx->sm2_md == NULL) { - fprintf(stderr, "failed to alloc dst_smctx->sm2_md\n"); + US_WARN("failed to alloc dst_smctx->sm2_md."); return KAE_P_FAIL; } dst_smctx->sm2_pd = OPENSSL_zalloc(sizeof(SM2_PKEY_DATA)); if (dst_smctx->sm2_pd == NULL) { - fprintf(stderr, "failed to alloc dst_smctx->sm2_pd\n"); + US_WARN("failed to alloc dst_smctx->sm2_pd."); OPENSSL_free(dst_smctx->sm2_md); return KAE_P_FAIL; } @@ -1518,7 +1585,7 @@ static void *kae_signature_sm2_dupctx(void *vpsm2ctx) dstctx = OPENSSL_zalloc(sizeof(PROV_SM2_SIGN_CTX)); if (dstctx == NULL) { - fprintf(stderr, "failed to alloc dst ctx\n"); + US_WARN("failed to alloc dst ctx."); return NULL; } @@ -1527,7 +1594,7 @@ static void *kae_signature_sm2_dupctx(void *vpsm2ctx) dst_smctx = OPENSSL_zalloc(sizeof(SM2_PROV_CTX)); if (dst_smctx == NULL) { - fprintf(stderr, "failed to alloc dst_smctx\n"); + US_WARN("failed to alloc dst_smctx."); goto free_dstctx; } dstctx->sm2_pctx = dst_smctx; @@ -1539,7 +1606,7 @@ static void *kae_signature_sm2_dupctx(void *vpsm2ctx) dst_smctx->sm2_md->mdctx = EVP_MD_CTX_new(); if (dst_smctx->sm2_md->mdctx == NULL || EVP_MD_CTX_copy_ex(dst_smctx->sm2_md->mdctx, src_smctx->sm2_md->mdctx) == 0) { - fprintf(stderr, "failed to new dst mdctx or copy src mdctx\n"); + US_WARN("failed to new dst mdctx or copy src mdctx."); goto free_dst_ctx_data; } } @@ -1549,7 +1616,7 @@ static void *kae_signature_sm2_dupctx(void *vpsm2ctx) if (srcctx->id != NULL) { dstctx->id = OPENSSL_malloc(srcctx->id_len); if (dstctx->id == NULL) { - fprintf(stderr, "failed to alloc id\n"); + US_WARN("failed to alloc id."); goto free_dst_mdctx; } dstctx->id_len = srcctx->id_len; @@ -1575,19 +1642,19 @@ static int kae_signature_sm2_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params) OSSL_PARAM *p; if (psm2ctx == NULL) { - fprintf(stderr, "invalid: psm2ctx is NULL\n"); + US_WARN("invalid: psm2ctx is NULL."); return KAE_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); if (p != NULL && !OSSL_PARAM_set_octet_string(p, psm2ctx->aid, psm2ctx->aid_len)) { - fprintf(stderr, "failed to locate algorithm id\n"); + US_WARN("failed to locate algorithm id."); return KAE_P_FAIL; } p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); if (p != NULL && !OSSL_PARAM_set_size_t(p, psm2ctx->sm2_pctx->sm2_md->mdsize)) { - fprintf(stderr, "failed to locate digest size\n"); + US_WARN("failed to locate digest size."); return KAE_P_FAIL; } @@ -1595,7 +1662,7 @@ static int kae_signature_sm2_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params) if (p != NULL && !OSSL_PARAM_set_utf8_string(p, psm2ctx->sm2_pctx->sm2_md->md == NULL ? psm2ctx->mdname : EVP_MD_get0_name(psm2ctx->sm2_pctx->sm2_md->md))) { - fprintf(stderr, "failed to locate digest\n"); + US_WARN("failed to locate digest."); return KAE_P_FAIL; } @@ -1619,12 +1686,12 @@ static int kae_prov_sm2_locate_id_digest(PROV_SM2_SIGN_CTX *psm2ctx, const OSSL_ if (p) { /*If the 'z' digest has already been computed, the ID is set too late */ if (psm2ctx->flag_compute_z_digest == 0) { - fprintf(stderr, "invalid: should set ID param before z digest\n"); + US_WARN("invalid: should set ID param before z digest."); return KAE_P_FAIL; } if (p->data_size != 0 && !OSSL_PARAM_get_octet_string(p, &tmp_id, 0, &tmp_idlen)) { - fprintf(stderr, "failed to OSSL_PARAM_get_octet_string\n"); + US_WARN("failed to OSSL_PARAM_get_octet_string."); return KAE_P_FAIL; } if (psm2ctx->id != NULL) @@ -1641,20 +1708,20 @@ static int kae_prov_sm2_locate_id_digest(PROV_SM2_SIGN_CTX *psm2ctx, const OSSL_ */ p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); if (p != NULL && (!OSSL_PARAM_get_size_t(p, &mdsize) || mdsize != psm2ctx->sm2_pctx->sm2_md->mdsize)) { - fprintf(stderr, "failed to locate digest size\n"); + US_WARN("failed to locate digest size."); return KAE_P_FAIL; } p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); if (p) { if (!OSSL_PARAM_get_utf8_string(p, &mdname, 0)) { - fprintf(stderr, "failed to OSSL_PARAM_get_utf8_string\n"); + US_WARN("failed to OSSL_PARAM_get_utf8_string."); return KAE_P_FAIL; } if (!kae_prov_sm2_sig_set_mdname(psm2ctx, mdname)) { OPENSSL_free(mdname); - fprintf(stderr, "failed to OSSL_PARAM_get_utf8_string\n"); + US_WARN("failed to OSSL_PARAM_get_utf8_string."); return KAE_P_FAIL; } @@ -1668,7 +1735,7 @@ static int kae_prov_sm2_locate_id_digest(PROV_SM2_SIGN_CTX *psm2ctx, const OSSL_ static int kae_signature_sm2_set_ctx_params_sw(void *vpsm2ctx, const OSSL_PARAM params[]) { if (!get_default_sm2_signature().set_ctx_params) { - fprintf(stderr, "fail to get sm2 set_ctx_params function.\n"); + US_WARN("fail to get sm2 set_ctx_params function."); return KAE_P_FAIL; } @@ -1686,7 +1753,7 @@ static int kae_signature_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM par * so check 'psm2ctx' again here. */ if (psm2ctx == NULL) { - fprintf(stderr, "invalid: sm2 ctx is NULL\n"); + US_WARN("invalid: sm2 ctx is NULL."); return KAE_P_FAIL; } @@ -1696,7 +1763,7 @@ static int kae_signature_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM par smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } @@ -1708,7 +1775,7 @@ static int kae_signature_sm2_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM par if (smctx->init_status == CTX_INIT_SUCC) { ret = hpre_sm2_update_sess(psm2ctx->sm2_pctx); if (ret == KAE_P_FAIL) { - fprintf(stderr, "failed to update sess in set_ctx\n"); + US_WARN("failed to update sess in set_ctx."); goto do_soft; } } @@ -1731,12 +1798,12 @@ static int kae_signature_sm2_get_ctx_md_params(void *vpsm2ctx, OSSL_PARAM *param smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md->mdctx == NULL) { - fprintf(stderr, "invalid: mdctx is NULL\n"); + US_WARN("invalid: mdctx is NULL."); return KAE_P_FAIL; } @@ -1750,12 +1817,12 @@ static const OSSL_PARAM *kae_signature_sm2_gettable_ctx_md_params(void *vpsm2ctx smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md->md == NULL) { - fprintf(stderr, "invalid: md is NULL\n"); + US_WARN("invalid: md is NULL."); return KAE_P_FAIL; } @@ -1769,12 +1836,12 @@ static int kae_signature_sm2_set_ctx_md_params(void *vpsm2ctx, const OSSL_PARAM smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md->mdctx == NULL) { - fprintf(stderr, "invalid: mdctx is NULL\n"); + US_WARN("invalid: mdctx is NULL."); return KAE_P_FAIL; } @@ -1788,12 +1855,12 @@ static const OSSL_PARAM *kae_signature_sm2_settable_ctx_md_params(void *vpsm2ctx smctx = psm2ctx->sm2_pctx; if (smctx == NULL) { - fprintf(stderr, "invalid: smctx is NULL\n"); + US_WARN("invalid: smctx is NULL."); return KAE_P_FAIL; } if (smctx->sm2_md->md == NULL) { - fprintf(stderr, "invalid: md is NULL\n"); + US_WARN("invalid: md is NULL."); return KAE_P_FAIL; } diff --git a/KAEOpensslProvider/test/func/.keep b/KAEOpensslProvider/test/func/.keep deleted file mode 100644 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/KAEOpensslProvider/test/func/demo/cipher.c b/KAEOpensslProvider/test/func/demo/cipher.c new file mode 100644 index 0000000000000000000000000000000000000000..d06f2fcbfb3900ee21948e575ea33c976f3c6286 --- /dev/null +++ b/KAEOpensslProvider/test/func/demo/cipher.c @@ -0,0 +1,89 @@ +#include +#include +#include +#include + +#define DATA_SIZE (16 * 1024) // 16KB + +int main(void) +{ + OSSL_PROVIDER *prov_kae = NULL, *prov_def = NULL; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *cipher = NULL; + + // 加载 KAE provider 和 default provider + prov_kae = OSSL_PROVIDER_load(NULL, "kae_provider"); + if (!prov_kae) { + fprintf("Warning: kae_provider not available, will fallback.\n"); + return 1; + } + + // 加载 default provider 作为 fallback + prov_def = OSSL_PROVIDER_load(NULL, "default"); + if (!prov_def) { + fprintf(stderr, "Error: default provider not available!\n"); + return 1; + } + + // 设置属性:优先使用 kae_provider,如果是kae不支持的算法,则使用default provider + EVP_set_default_properties(NULL, "?provider=kae_provider"); + + // 获取 SM4-CBC 算法(优先 kae_provider, fallback 到 default) + cipher = EVP_CIPHER_fetch(NULL, "SM4-CBC", NULL); + if (!cipher) { + fprintf(stderr, "EVP_CIPHER_fetch(SM4-CBC) failed\n"); + goto end; + } + printf("SM4-CBC fetched from provider: %s\n", + EVP_CIPHER_get0_provider(cipher) + ? OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(cipher)) + : "unknown"); + + // 创建上下文并初始化 + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) { + fprintf(stderr, "EVP_CIPHER_CTX_new failed\n"); + goto end; + } + + unsigned char key[16] = {0}; // 128-bit key + unsigned char iv[16] = {0}; // 128-bit IV + unsigned char *in = OPENSSL_malloc(DATA_SIZE); + unsigned char *out = OPENSSL_malloc(DATA_SIZE + 16); // 可能有padding + if (!in || !out) { + fprintf(stderr, "malloc failed\n"); + goto end; + } + + // 填充输入数据(16KB) + for (int i = 0; i < DATA_SIZE; i++) { + in[i] = (unsigned char)(i & 0xFF); + } + + int outlen = 0, tmplen = 0; + + if (!EVP_CipherInit_ex2(ctx, cipher, key, iv, 1, NULL)) { + fprintf(stderr, "EVP_CipherInit_ex2 failed\n"); + goto end; + } + + if (!EVP_CipherUpdate(ctx, out, &outlen, in, DATA_SIZE)) { + fprintf(stderr, "EVP_CipherUpdate failed\n"); + goto end; + } + + if (!EVP_CipherFinal_ex(ctx, out + outlen, &tmplen)) { + fprintf(stderr, "EVP_CipherFinal_ex failed\n"); + goto end; + } + outlen += tmplen; + + printf("Input size = %d bytes, Ciphertext length = %d\n", DATA_SIZE, outlen); + +end: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + OSSL_PROVIDER_unload(prov_kae); + OSSL_PROVIDER_unload(prov_def); + return 0; +} diff --git a/KAEOpensslProvider/test/func/demo/digest.c b/KAEOpensslProvider/test/func/demo/digest.c new file mode 100644 index 0000000000000000000000000000000000000000..722d6077dece0151b425a1bf37c182c925956688 --- /dev/null +++ b/KAEOpensslProvider/test/func/demo/digest.c @@ -0,0 +1,104 @@ +#include +#include +#include +#include +#include +#include + +#define DATA_SIZE (16 * 1024) // 16KB input + +int main(void) +{ + OSSL_PROVIDER *prov_kae = NULL, *prov_def = NULL; + EVP_MD_CTX *mdctx = NULL; + const EVP_MD *md = NULL; + unsigned char *data = NULL; + unsigned char md_value[EVP_MAX_MD_SIZE]; + unsigned int md_len; + int i; + + // 加载 KAE provider(硬件加速) + prov_kae = OSSL_PROVIDER_load(NULL, "kae_provider"); + if (!prov_kae) { + fprintf(stderr, "Warning: kae_provider not available, will fallback to default.\n"); + return 1; + } + + // 加载 default provider 作为 fallback + prov_def = OSSL_PROVIDER_load(NULL, "default"); + if (!prov_def) { + fprintf(stderr, "Error: default provider not available!\n"); + return 1; + } + + // 设置默认属性:优先使用 kae_provider + if (EVP_set_default_properties(NULL, "?provider=kae_provider") != 1) { + fprintf(stderr, "EVP_set_default_properties failed\n"); + goto end; + } + + // 获取 SM3 算法实现(优先 kae,fallback default) + md = EVP_MD_fetch(NULL, "SM3", NULL); + if (!md) { + fprintf(stderr, "EVP_MD_fetch(SM3) failed\n"); + goto end; + } + + const OSSL_PROVIDER *prov = EVP_MD_get0_provider(md); + printf("SM3 algorithm fetched from provider: %s\n", + prov ? OSSL_PROVIDER_get0_name(prov) : "unknown"); + + // 创建哈希上下文 + mdctx = EVP_MD_CTX_new(); + if (!mdctx) { + fprintf(stderr, "EVP_MD_CTX_new failed\n"); + goto end; + } + + // 初始化数据(16KB,可替换为真实数据) + data = OPENSSL_malloc(DATA_SIZE); + if (!data) { + fprintf(stderr, "OPENSSL_malloc failed\n"); + goto end; + } + for (int i = 0; i < DATA_SIZE; i++) { + data[i] = (unsigned char)(i & 0xFF); // 填充测试数据 + } + + // 开始哈希计算 + if (EVP_DigestInit_ex2(mdctx, md, NULL) <= 0) { + fprintf(stderr, "EVP_DigestInit_ex2 failed\n"); + goto end; + } + + if (EVP_DigestUpdate(mdctx, data, DATA_SIZE) <= 0) { + fprintf(stderr, "EVP_DigestUpdate failed\n"); + goto end; + } + + if (EVP_DigestFinal_ex(mdctx, md_value, &md_len) <= 0) { + fprintf(stderr, "EVP_DigestFinal_ex failed\n"); + goto end; + } + + // 输出结果 + printf("Input size: %d bytes\n", DATA_SIZE); + printf("SM3 digest: "); + for (i = 0; i < md_len; i++) { + printf("%02x", md_value[i]); + } + printf("\n"); + + // 成功 + printf("SM3 calculation completed.\n"); + +end: + // 清理资源 + OPENSSL_free(data); + EVP_MD_CTX_free(mdctx); + EVP_MD_free((EVP_MD *)md); + OSSL_PROVIDER_unload(prov_kae); + OSSL_PROVIDER_unload(prov_def); + + return 0; +} \ No newline at end of file diff --git a/KAEOpensslProvider/test/func/demo/pkey.c b/KAEOpensslProvider/test/func/demo/pkey.c new file mode 100644 index 0000000000000000000000000000000000000000..a8e0a2297a39766fd3d76c0cbcf37af05229a021 --- /dev/null +++ b/KAEOpensslProvider/test/func/demo/pkey.c @@ -0,0 +1,129 @@ +#include +#include +#include +#include +#include +#include +#include + +int main(void) { + OSSL_PROVIDER *prov_kae = NULL, *prov_def = NULL; + EVP_PKEY_CTX *kctx = NULL; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *mdctx = NULL; + unsigned char sig[512]; + size_t siglen = sizeof(sig); + + const char msg[] = "Hello RSA Sign/Verify with KAE provider"; + int ret = 0; + + // 加载 KAE provider 和 default provider + prov_kae = OSSL_PROVIDER_load(NULL, "kae_provider"); + if (!prov_kae) { + fprintf(stderr, "Warning: kae_provider not available, will fallback to default.\n"); + return 1; + } + + prov_def = OSSL_PROVIDER_load(NULL, "default"); + if (!prov_def) { + fprintf(stderr, "Error: default provider not available!\n"); + return 1; + } + + /* 设置默认 provider 优先级:优先使用 kae_provider,失败则 fallback */ + EVP_set_default_properties(NULL, "?provider=kae_provider"); + + /* 生成 RSA 2048 key */ + kctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); + if (!kctx) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_name(RSA) failed\n"); + goto end; + } + + if (EVP_PKEY_keygen_init(kctx) <= 0) { + fprintf(stderr, "EVP_PKEY_keygen_init(RSA) failed\n"); + goto end; + } + + if (EVP_PKEY_CTX_set_rsa_keygen_bits(kctx, 2048) <= 0) { + fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_bits failed\n"); + goto end; + } + + if (EVP_PKEY_generate(kctx, &pkey) <= 0) { + fprintf(stderr, "EVP_PKEY_generate(RSA) failed\n"); + goto end; + } + + const OSSL_PROVIDER *prov = EVP_PKEY_get0_provider(pkey); + printf("RSA key generated from provider: %s\n", + prov ? OSSL_PROVIDER_get0_name(prov) : "unknown"); + + EVP_PKEY_CTX_free(kctx); + kctx = NULL; + + /* 签名 */ + mdctx = EVP_MD_CTX_new(); + if (!mdctx) { + fprintf(stderr, "EVP_MD_CTX_new failed\n"); + goto end; + } + + if (EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, pkey) <= 0) { + fprintf(stderr, "EVP_DigestSignInit failed\n"); + goto end; + } + + if (EVP_DigestSignUpdate(mdctx, msg, strlen(msg)) <= 0) { + fprintf(stderr, "EVP_DigestSignUpdate failed\n"); + goto end; + } + + if (EVP_DigestSignFinal(mdctx, sig, &siglen) <= 0) { + fprintf(stderr, "EVP_DigestSignFinal failed\n"); + goto end; + } + + printf("Signature generated, length = %zu bytes\n", siglen); + + EVP_MD_CTX_free(mdctx); + mdctx = NULL; + + /* 验证 */ + mdctx = EVP_MD_CTX_new(); + if (!mdctx) { + fprintf(stderr, "EVP_MD_CTX_new failed\n"); + goto end; + } + + if (EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pkey) <= 0) { + fprintf(stderr, "EVP_DigestVerifyInit failed\n"); + goto end; + } + + if (EVP_DigestVerifyUpdate(mdctx, msg, strlen(msg)) <= 0) { + fprintf(stderr, "EVP_DigestVerifyUpdate failed\n"); + goto end; + } + + ret = EVP_DigestVerifyFinal(mdctx, sig, siglen); + if (ret == 1) { + printf("Signature verify success\n"); + } else { + printf("Signature verify failed\n"); + // 可选:打印 OpenSSL 错误栈(不强制) + ERR_print_errors_fp(stderr); + } + + ret = 0; // 成功执行完 + +end: + EVP_PKEY_CTX_free(kctx); + EVP_PKEY_free(pkey); + EVP_MD_CTX_free(mdctx); + + OSSL_PROVIDER_unload(prov_kae); + OSSL_PROVIDER_unload(prov_def); + + return ret; +} \ No newline at end of file diff --git a/KAEOpensslProvider/test/func/shell/cipher_t.sh b/KAEOpensslProvider/test/func/shell/cipher_t.sh new file mode 100644 index 0000000000000000000000000000000000000000..3c41a4689cfd936d6d12ba20d0e98f155cac3e06 --- /dev/null +++ b/KAEOpensslProvider/test/func/shell/cipher_t.sh @@ -0,0 +1,103 @@ +#!/bin/bash +set -e + +export KAE_CONF_ENV=/var/log/ +export OPENSSL_MODULES=/usr/local/lib/ossl-modules +echo -e "[LogSection]\ndebug_level=debug" > /var/log/kae.cnf + + +# 16进制 +key="0123456789abcdef0123456789abcde1" +iv="0123456789abcdef0123456789abcde2" + + +# tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 16384 > plain.txt +# openssl enc -sm4-cbc -in plain.txt -out cipher.bin -K 0123456789abcdef0123456789abcde1 -iv 0123456789abcdef0123456789abcde2 -provider kae_provider -provider default +# openssl enc -d -sm4-cbc -in cipher.bin -out decrypt.txt -K 0123456789abcdef0123456789abcde1 -iv 0123456789abcdef0123456789abcde2 -provider kae_provider -provider default + + +# 封装测试函数 +run_cipher_test() { + local algo=$1 + local size=$2 + local label=$3 + + local log_threshold=192 + + # 硬算加密、硬算解密 + rm -rf /var/log/kae.log plain.txt cipher.bin decrypt.txt + echo "(${label}) character data" + #dd if=/dev/urandom of=plain.txt bs=${size} count=1 2>/dev/null + tr -dc 'A-Za-z0-9' < /dev/urandom | head -c ${size} > plain.txt + openssl enc -${algo} -in plain.txt -out cipher.bin -K ${key} -iv ${iv} -provider kae_provider -provider default 2>/dev/null + if [ "${size}" -ge "${log_threshold}" ]; then + if ! grep -qE "sec cipher success" /var/log/kae.log 2>/dev/null; then + echo "Neither of the two messages found!" + exit 1 + fi + fi + rm -rf /var/log/kae.log + openssl enc -d -${algo} -in cipher.bin -out decrypt.txt -K ${key} -iv ${iv} -provider kae_provider -provider default 2>/dev/null + if [ "${size}" -ge "${log_threshold}" ]; then + if ! grep -qE "sec cipher success" /var/log/kae.log 2>/dev/null; then + echo "Neither of the two messages found!" + exit 1 + fi + fi + if ! diff plain.txt decrypt.txt >/dev/null; then + echo -e "${algo} kae enc and kae dec failed!\n" + exit 1 + fi + + # 软算加密、硬算解密 + rm -rf /var/log/kae.log plain.txt cipher.bin decrypt.txt + #dd if=/dev/urandom of=plain.txt bs=${size} count=1 2>/dev/null + tr -dc 'A-Za-z0-9' < /dev/urandom | head -c ${size} > plain.txt + openssl enc -${algo} -in plain.txt -out cipher.bin -K ${key} -iv ${iv} -provider default 2>/dev/null + openssl enc -d -${algo} -in cipher.bin -out decrypt.txt -K ${key} -iv ${iv} -provider kae_provider -provider default 2>/dev/null + if [ "${size}" -ge "${log_threshold}" ]; then + if ! grep -qE "sec cipher success" /var/log/kae.log 2>/dev/null; then + echo "Neither of the two messages found!" + exit 1 + fi + fi + if ! diff plain.txt decrypt.txt >/dev/null; then + echo -e "${algo} soft enc and kae dec failed!\n" + exit 1 + fi + + # 硬算加密、软算解密 + rm -rf /var/log/kae.log plain.txt cipher.bin decrypt.txt + #dd if=/dev/urandom of=plain.txt bs=${size} count=1 2>/dev/null + tr -dc 'A-Za-z0-9' < /dev/urandom | head -c ${size} > plain.txt + openssl enc -${algo} -in plain.txt -out cipher.bin -K ${key} -iv ${iv} -provider kae_provider -provider default 2>/dev/null + if [ "${size}" -ge "${log_threshold}" ]; then + if ! grep -qE "sec cipher success" /var/log/kae.log 2>/dev/null; then + echo "Neither of the two messages found!" + exit 1 + fi + fi + openssl enc -d -${algo} -in cipher.bin -out decrypt.txt -K ${key} -iv ${iv} -provider default 2>/dev/null + + if ! diff plain.txt decrypt.txt >/dev/null; then + echo -e "${algo} kae enc and soft dec failed!\n" + exit 1 + fi +} + +# 测试不同文件大小 (md5 / sm3) +for algo in sm4-cbc aes-128-cbc sm4-ecb aes-128-ecb sm4-ctr aes-128-ctr sm4-ofb aes-128-ofb sm4-cfb aes-128-cfb; do + echo "=====(${algo}) test======" + run_cipher_test $algo 64 "64B" + run_cipher_test $algo 254 "254B" + run_cipher_test $algo 256 "256B" + run_cipher_test $algo 4096 "4K" + run_cipher_test $algo 16384 "16K" + run_cipher_test $algo 524288 "512K" + echo -e "${algo} cipher success!\n" +done + +rm -rf /var/log/kae.log +rm -rf plain.txt +rm -rf cipher.bin +rm -rf decrypt.txt \ No newline at end of file diff --git a/KAEOpensslProvider/test/func/shell/digest_t.sh b/KAEOpensslProvider/test/func/shell/digest_t.sh new file mode 100644 index 0000000000000000000000000000000000000000..0da3651f2cf70077ff1c1dfeda20e739a165b2e7 --- /dev/null +++ b/KAEOpensslProvider/test/func/shell/digest_t.sh @@ -0,0 +1,71 @@ +#!/bin/bash +set -e + +export KAE_CONF_ENV=/var/log/ +export OPENSSL_MODULES=/usr/local/lib/ossl-modules +echo -e "[LogSection]\ndebug_level=debug" > /var/log/kae.cnf + +# 封装测试函数 +run_digest_test() { + local algo=$1 + local size=$2 + local label=$3 + + local log_threshold=0 + if [ "$algo" = "md5" ]; then + log_threshold=8196 + elif [ "$algo" = "sm3" ]; then + log_threshold=512 + fi + + + rm -rf /var/log/kae.log msg.txt + echo "(${label}) character data" + tr -dc 'A-Za-z0-9' < /dev/urandom | head -c ${size} > msg.txt + kae_val=$(openssl dgst -${algo} -provider kae_provider msg.txt | awk '{print $2}') + if [ "${size}" -ge "${log_threshold}" ]; then + if ! grep -qE "sec digest final success|sec digest update success" /var/log/kae.log 2>/dev/null; then + echo "Neither of the two messages found!" + exit 1 + fi + fi + def_val=$(openssl dgst -${algo} -provider default msg.txt | awk '{print $2}') + if [ "$kae_val" = "$def_val" ]; then + echo "success" + else + echo "failed" + fi + + + rm -rf /var/log/kae.log msg.txt + echo "(${label}) bin data" + dd if=/dev/urandom of=msg.txt bs=${size} count=1 2>/dev/null + kae_val=$(openssl dgst -${algo} -provider kae_provider msg.txt | awk '{print $2}') + if [ "${size}" -ge "${log_threshold}" ]; then + if ! grep -qE "sec digest final success|sec digest update success" /var/log/kae.log 2>/dev/null; then + echo "Neither of the two messages found!" + exit 1 + fi + fi + def_val=$(openssl dgst -${algo} -provider default msg.txt | awk '{print $2}') + if [ "$kae_val" = "$def_val" ]; then + echo "success" + else + echo "failed" + fi +} + +# 测试不同文件大小 (md5 / sm3) +for algo in md5 sm3; do + echo "=====(${algo}) test======" + run_digest_test $algo 256 "256B" + run_digest_test $algo 1024 "1K" + run_digest_test $algo 8192 "8K" + run_digest_test $algo 16384 "16K" + run_digest_test $algo 524288 "512K" + run_digest_test $algo 525312 "513K" + echo -e "" +done + +rm -rf /var/log/kae.log +rm -rf msg.txt \ No newline at end of file diff --git a/KAEOpensslProvider/test/func/shell/rsa_t.sh b/KAEOpensslProvider/test/func/shell/rsa_t.sh new file mode 100644 index 0000000000000000000000000000000000000000..19e6faf7c8619a072d734d39c7a16b1229e3a3d6 --- /dev/null +++ b/KAEOpensslProvider/test/func/shell/rsa_t.sh @@ -0,0 +1,136 @@ +#!/bin/bash +set -e + +export KAE_CONF_ENV=/var/log/ +export OPENSSL_MODULES=/usr/local/lib/ossl-modules +echo -e "[LogSection]\ndebug_level=debug" > /var/log/kae.cnf + +# 准备消息和hash +echo "The journey of a thousand miles begins with a single step." > msg.txt +openssl dgst -sha256 -binary msg.txt > hash.bin + +# 生成RSA key(硬算) +echo -e "==== Testing Keygen ====\n" +rm -rf /var/log/kae.log +openssl genpkey -algorithm RSA -out rsa_priv.pem -pkeyopt rsa_keygen_bits:2048 -provider kae_provider 2>/dev/null +if ! grep -q "hpre rsa keygen success" /var/log/kae.log 2>/dev/null; then + echo "RSA KeyGen NOT accelerated by HPRE!" + exit 1 +fi +openssl rsa -in rsa_priv.pem -pubout -out rsa_pub.pem +echo "RSA KAE gen key success!" + +# 需要测试的模式(按适用场景分类) +SIGN_PADDINGS=("pkcs1" "pss" "x931" "no") +ENC_PADDINGS=("pkcs1" "oaep" "none") + +############################ +# 签名/验证测试 +############################ +for PADDING_MODE in "${SIGN_PADDINGS[@]}"; do + echo -e "\n==== Testing Signature rsa_padding_mode:${PADDING_MODE} ====\n" + + # 1. 硬算签名 + 硬算验证 + rm -rf /var/log/kae.log sig.bin + openssl pkeyutl -sign -inkey rsa_priv.pem -in hash.bin -out sig.bin -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider kae_provider -provider default + if ! grep -q "hpre rsa priv encrypt success" /var/log/kae.log 2>/dev/null; then + echo "RSA Sign NOT accelerated by HPRE!" + exit 1 + fi + openssl pkeyutl -verify -pubin -inkey rsa_pub.pem -in hash.bin -sigfile sig.bin -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider kae_provider -provider default + if ! grep -q "hpre rsa public decrypt success" /var/log/kae.log 2>/dev/null; then + echo "RSA Verify NOT accelerated by HPRE!" + exit 1 + fi + echo -e "rsa kae sign and kae verify done!\n" + + # 2. 硬算签名 + 软算验证 + rm -rf /var/log/kae.log sig.bin + openssl pkeyutl -sign -inkey rsa_priv.pem -in hash.bin -out sig.bin -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider kae_provider -provider default + if ! grep -q "hpre rsa priv encrypt success" /var/log/kae.log 2>/dev/null; then + echo "RSA Sign NOT accelerated by HPRE!" + exit 1 + fi + openssl pkeyutl -verify -pubin -inkey rsa_pub.pem -in hash.bin -sigfile sig.bin -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider default + echo -e "rsa kae sign and soft verify done!\n" + + # 3. 软算签名 + 硬算验证 + rm -rf /var/log/kae.log sig.bin + openssl pkeyutl -sign -inkey rsa_priv.pem -in hash.bin -out sig.bin -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider default + openssl pkeyutl -verify -pubin -inkey rsa_pub.pem -in hash.bin -sigfile sig.bin -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider kae_provider -provider default + if ! grep -q "hpre rsa public decrypt success" /var/log/kae.log 2>/dev/null; then + echo "RSA Verify NOT accelerated by HPRE!" + exit 1 + fi + echo -e "rsa soft sign and kae verify done!\n" +done + +############################ +# 加密/解密测试 +############################ +for PADDING_MODE in "${ENC_PADDINGS[@]}"; do + echo -e "\n==== Testing Encryption rsa_padding_mode:${PADDING_MODE} ====\n" + + if [ "$PADDING_MODE" = "none" ]; then + tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 256 > msg.txt + fi + + # 4. 硬算加密 + 硬算解密 + rm -rf /var/log/kae.log msg.enc msg.dec + openssl pkeyutl -encrypt -pubin -inkey rsa_pub.pem -in msg.txt -out msg.enc -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider kae_provider -provider default + if ! grep -q "hpre rsa public encrypt success" /var/log/kae.log 2>/dev/null; then + echo "RSA Sign NOT accelerated by HPRE!" + exit 1 + fi + openssl pkeyutl -decrypt -inkey rsa_priv.pem -in msg.enc -out msg.dec -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider kae_provider -provider default + if ! grep -q "hpre rsa priv decrypt success" /var/log/kae.log 2>/dev/null; then + echo "RSA Sign NOT accelerated by HPRE!" + exit 1 + fi + if diff msg.txt msg.dec >/dev/null; then + echo -e "rsa kae public encrypt and kae private decrypt success!\n" + else + echo "Decrypted data mismatch!" + exit 1 + fi + + # 5. 硬算加密 + 软算解密 + rm -rf /var/log/kae.log msg.enc msg.dec + openssl pkeyutl -encrypt -pubin -inkey rsa_pub.pem -in msg.txt -out msg.enc -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider kae_provider -provider default + if ! grep -q "hpre rsa public encrypt success" /var/log/kae.log 2>/dev/null; then + echo "RSA Sign NOT accelerated by HPRE!" + exit 1 + fi + openssl pkeyutl -decrypt -inkey rsa_priv.pem -in msg.enc -out msg.dec -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider default + if diff msg.txt msg.dec >/dev/null; then + echo -e "rsa kae public encrypt and soft private decrypt success!\n" + else + echo "Decrypted data mismatch!" + exit 1 + fi + + # 6. 软算加密 + 硬算解密 + rm -rf /var/log/kae.log msg.enc msg.dec + openssl pkeyutl -encrypt -pubin -inkey rsa_pub.pem -in msg.txt -out msg.enc -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider default + openssl pkeyutl -decrypt -inkey rsa_priv.pem -in msg.enc -out msg.dec -pkeyopt rsa_padding_mode:${PADDING_MODE} -provider kae_provider -provider default + if ! grep -q "hpre rsa priv decrypt success" /var/log/kae.log 2>/dev/null; then + echo "RSA Sign NOT accelerated by HPRE!" + exit 1 + fi + if diff msg.txt msg.dec >/dev/null; then + echo -e "rsa soft public encrypt and kae private decrypt success!\n" + else + echo "Decrypted data mismatch!" + exit 1 + fi +done + + +rm -rf /var/log/kae.log +rm -rf hash.bin +rm -rf msg.dec +rm -rf msg.enc +rm -rf msg.txt +rm -rf rsa_priv.pem +rm -rf rsa_pub.pem +rm -rf sig.bin \ No newline at end of file diff --git a/KAEOpensslProvider/test/func/shell/sm2_t.sh b/KAEOpensslProvider/test/func/shell/sm2_t.sh new file mode 100644 index 0000000000000000000000000000000000000000..5a7ea016362d925b945dc46c64bfe1fddd6cc2d7 --- /dev/null +++ b/KAEOpensslProvider/test/func/shell/sm2_t.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +# 定义变量 +PRIVATE_KEY="private.key" +PUBLIC_KEY="public.key" +DATA_FILE="data.txt" +SIGNATURE_FILE="signature.bin" +PROVIDER="kae_provider" + +# 要签名的数据 +DATA="待签名的数据内容" + +echo "==================================" +echo "KAE Provider SM2 签名与验证测试脚本" +echo "==================================" + + +echo -e "\n生成 SM2 私钥..." +openssl ecparam -name SM2 -genkey -out "$PRIVATE_KEY" -provider "$PROVIDER" +if [ $? -ne 0 ]; then + echo "错误:生成私钥失败" + exit 1 +fi +echo "导出 SM2 公钥..." +openssl ec -in "$PRIVATE_KEY" -pubout -out "$PUBLIC_KEY" +if [ $? -ne 0 ]; then + echo "错误:生成公钥失败" + exit 1 +fi +# 创建数据文件 +echo "$DATA" > "$DATA_FILE" +if [ $? -ne 0 ]; then + echo "错误:创建数据文件失败" + exit 1 +fi + +echo -e "\n硬算签名、硬算验证" +echo "[1/2] 使用私钥进行 SM3 签名..." +openssl dgst -sm3 -sign "$PRIVATE_KEY" -out "$SIGNATURE_FILE" -provider "$PROVIDER" "$DATA_FILE" +if [ $? -ne 0 ]; then + echo "错误:签名失败" + exit 1 +fi +echo "[2/2] 验证签名..." +openssl dgst -sm3 -verify "$PUBLIC_KEY" -signature "$SIGNATURE_FILE" -provider "$PROVIDER" "$DATA_FILE" + + +echo -e "\n软算签名、硬算验证" +echo "[1/2] 使用私钥进行 SM3 签名..." +openssl dgst -sm3 -sign "$PRIVATE_KEY" -out "$SIGNATURE_FILE" "$DATA_FILE" +if [ $? -ne 0 ]; then + echo "错误:签名失败" + exit 1 +fi +echo "[2/2] 验证签名..." +openssl dgst -sm3 -verify "$PUBLIC_KEY" -signature "$SIGNATURE_FILE" -provider "$PROVIDER" "$DATA_FILE" + + +# 会失败。。 +echo -e "\n硬算签名、软算验证" +echo "[1/2] 使用私钥进行 SM3 签名..." +openssl dgst -sm3 -sign "$PRIVATE_KEY" -out "$SIGNATURE_FILE" -provider "$PROVIDER" "$DATA_FILE" +if [ $? -ne 0 ]; then + echo "错误:签名失败" + exit 1 +fi +echo "[2/2] 验证签名..." +openssl dgst -sm3 -verify "$PUBLIC_KEY" -signature "$SIGNATURE_FILE" "$DATA_FILE" \ No newline at end of file diff --git a/KAEOpensslProvider/test/perf/bandwidth.sh b/KAEOpensslProvider/test/perf/bandwidth.sh index e90439aff9078c26ed4bc03aa9ec65ff884a797f..53a3c158f7b87cb96000ebf17b5c91892e267c82 100644 --- a/KAEOpensslProvider/test/perf/bandwidth.sh +++ b/KAEOpensslProvider/test/perf/bandwidth.sh @@ -262,10 +262,10 @@ function main(){ DO_RSA_BD "rsa2048 rsa4096" #SM2 - DO_RSA_BD "sm2" + #DO_RSA_BD "sm2" #DH - DO_DH_BD "ffdh2048 ffdh4096" + #DO_DH_BD "ffdh2048 ffdh4096" } diff --git a/KAEOpensslProvider/test/perf/multi_perf.sh b/KAEOpensslProvider/test/perf/multi_perf.sh index 32182f5f2c0300839d217f62da364146a0c69301..47a1a12acc8a38b1f3a5d32d6f4157bf06a0c0ba 100644 --- a/KAEOpensslProvider/test/perf/multi_perf.sh +++ b/KAEOpensslProvider/test/perf/multi_perf.sh @@ -339,10 +339,10 @@ function main(){ DO_RSA "rsa2048 rsa4096" #SM2 - DO_RSA "sm2" + #DO_RSA "sm2" #DH - DO_DH "ffdh2048 ffdh4096" + #DO_DH "ffdh2048 ffdh4096" } diff --git a/build.sh b/build.sh index a6fb3d7ac9eb06efdf6c123276c4089faa745e40..252422f415b0abdc84c45dd1a676b1f9bcf10c0a 100644 --- a/build.sh +++ b/build.sh @@ -678,6 +678,9 @@ function help() echo "sh build.sh engine3 -- install KAE openssl3.0 engine" echo "sh build.sh engine3 clean -- uninstall KAE openssl3.0 engine" + echo "sh build.sh ossl_provider -- install KAE openssl3.0 provider" + echo "sh build.sh ossl_provider clean -- uninstall KAE openssl3.0 provider" + echo "sh build.sh engine_gmssl -- install KAE gmssl engine" echo "sh build.sh engine_gmssl clean -- uninstall KAE gmssl engine"