database/openGauss-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

提交硬件密码模块接口库

Browse Source
This commit is contained in:
lyoursly
2024-08-27 17:26:39 +08:00
parent 4789e6555b
commit 1046a3b463
14 changed files with 2939 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
GNUmakefile.in
View File

@ -63,6 +63,7 @@ install:
$(MAKE) -C $(root_builddir)/distribute/kernel/extension/dimsearch $@
$(MAKE) -C contrib/security_plugin $@
$(MAKE) -C $(root_builddir)/distribute/kernel/extension/tsdb $@
$(MAKE) -C contrib/common_cipher $@
+@echo "openGauss installation complete."
else
ifeq ($(enable_privategauss), yes)
@ -75,6 +76,7 @@ install:
$(MAKE) -C contrib/hstore $@
$(MAKE) -C $(root_builddir)/privategauss/kernel/extension/packages $@
$(MAKE) -C $(root_builddir)/contrib/gsredistribute $@
$(MAKE) -C contrib/common_cipher $@
+@echo "openGauss installation complete."
else
install:
@ -84,6 +86,7 @@ install:
$(MAKE) -C contrib/postgres_fdw $@
$(MAKE) -C contrib/hstore $@
$(MAKE) -C $(root_builddir)/privategauss/kernel/extension/packages $@
$(MAKE) -C contrib/common_cipher $@
+@echo "openGauss installation complete."
endif
else
@ -95,6 +98,7 @@ install:
$(MAKE) -C contrib/hstore $@
$(MAKE) -C contrib/dblink $@
$(MAKE) -C contrib/ndpplugin $@
$(MAKE) -C contrib/common_cipher $@
@if test -d contrib/spq_plugin; then $(MAKE) -C contrib/spq_plugin $@; fi
@if test -d contrib/dolphin; then $(MAKE) -C contrib/dolphin $@; fi
@if test -d contrib/age; then $(MAKE) -C contrib/age $@; fi

14
contrib/common_cipher/Makefile Executable file
View File

@ -0,0 +1,14 @@
# contrib/common_cipher/Makefile
SRCS = common_err.cpp common_utils.cpp common_algo.cpp common_internal_interfaces.cpp common_cipher.cpp
MODULE_big = common_cipher
OBJS = $(SRCS:.cpp=.o)
subdir = contrib/common_cipher
top_builddir = ../..
include $(top_builddir)/src/Makefile.global
include $(top_srcdir)/contrib/contrib-global.mk
override CPPFLAGS := -fPIC -shared
override CFLAGS := -fPIC -shared

18
contrib/common_cipher/README.md Normal file
View File

@ -0,0 +1,18 @@
动态库使用说明:
a.硬件动态库中目前适配的三种硬件信息如下:
三未信安密钥管理系统,型号SYT1306
江南天安密钥管理系统,型号SJJ1988
光电安辰PCI-E密码卡,型号TOEC-GMPCIE01
b.硬件动态库使用需要配置的入参
指定所使用的硬件,必须项,取值范围["GDACCARD" "JNTAKMS" "SWXAKMS"]。
指定具体硬件提供so所在路径,必须项。
硬件配置文件所在路径:密钥管理系统需要配置此变量,指定kms的配置文件路径,可选项。
江南天安配置文件只需要传入路径,三未信安需要带配置文件名称。
配置示例:
MODLUE_TYPE=GDACCARD,MODLUE_LIB_PATH=/home/lib/libsdf.so
MODLUE_TYPE=JNTAKMS,MODLUE_LIB_PATH=/home/lib/libsdf.so,MODULE_CONFIG_FILE_PATH=/home/etc/
MODLUE_TYPE=SWXAKMS,MODLUE_LIB_PATH=/home/lib/libsdf.so,MODULE_CONFIG_FILE_PATH=/home/etc/xxx.ini
使用具体的接口详见:common_cipher.h

300
contrib/common_cipher/common_algo.cpp Executable file
View File

@ -0,0 +1,300 @@
#include "common_algo.h"
#include "common_cipher.h"
#include "common_err.h"
#include "common_utils.h"
#define SUPPORTED 1
#define UNSUPPORTED 0
static void set_gdac_supported_feature(SupportedFeature *supported_feature)
{
memcpy(supported_feature->provider_name, MODULE_GDAC_CARD_STR, strlen(MODULE_GDAC_CARD_STR));
/*光电安辰提供了扩展的生成内部KEK接口,可以支持索引*/
supported_feature->key_type = KEY_TYPE_NAMEORIDX;
supported_feature->supported_symm[MODULE_AES_128_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_AES_256_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_SM4_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_HMAC_SHA256] = SUPPORTED;
supported_feature->supported_symm[MODULE_HMAC_SM3] = SUPPORTED;
supported_feature->supported_symm[MODULE_DETERMINISTIC_KEY] = SUPPORTED;
supported_feature->supported_digest[MODULE_SHA256] = SUPPORTED;
supported_feature->supported_digest[MODULE_SM3] = SUPPORTED;
}
static void set_swxa_supported_feature(SupportedFeature *supported_feature)
{
memcpy(supported_feature->provider_name, MODULE_SWXA_KMS_STR, strlen(MODULE_SWXA_KMS_STR));
/*三未信安提供了生成密钥密文的接口,可以支持密钥密文。*/
supported_feature->key_type = KEY_TYPE_CIPHERTEXT;
supported_feature->supported_symm[MODULE_AES_128_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_AES_256_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_SM4_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_AES_128_CTR] = SUPPORTED;
supported_feature->supported_symm[MODULE_AES_256_CTR] = SUPPORTED;
supported_feature->supported_symm[MODULE_SM4_CTR] = SUPPORTED;
supported_feature->supported_symm[MODULE_HMAC_SHA256] = SUPPORTED;
supported_feature->supported_symm[MODULE_HMAC_SM3] = SUPPORTED;
supported_feature->supported_symm[MODULE_DETERMINISTIC_KEY] = SUPPORTED;
supported_feature->supported_digest[MODULE_SHA256] = SUPPORTED;
supported_feature->supported_digest[MODULE_SM3] = SUPPORTED;
}
static void set_jnta_supported_feature(SupportedFeature *supported_feature)
{
memcpy(supported_feature->provider_name, MODULE_JNTA_KMS_STR, strlen(MODULE_JNTA_KMS_STR));
/*江南天安提供了生成密钥密文和导入密钥密文到指定索引的接口,可以支持密钥索引。*/
supported_feature->key_type = KEY_TYPE_NAMEORIDX;
supported_feature->supported_symm[MODULE_AES_128_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_AES_256_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_SM4_CBC] = SUPPORTED;
supported_feature->supported_symm[MODULE_HMAC_SHA256] = SUPPORTED;
supported_feature->supported_symm[MODULE_HMAC_SM3] = SUPPORTED;
supported_feature->supported_symm[MODULE_DETERMINISTIC_KEY] = SUPPORTED;
supported_feature->supported_digest[MODULE_SHA256] = SUPPORTED;
supported_feature->supported_digest[MODULE_SM3] = SUPPORTED;
}
int get_supported_feature(ModuleType type, SupportedFeature *supported_feature)
{
if (supported_feature == NULL) {
return CRYPTO_MOD_PARAM_INVALID_ERR;
}
memset(supported_feature->provider_name, 0x0, MAX_PROVIDER_NAME_LEN);
memset(supported_feature->supported_symm, UNSUPPORTED, sizeof(supported_feature->supported_symm));
memset(supported_feature->supported_digest, UNSUPPORTED, sizeof(supported_feature->supported_digest));
supported_feature->key_type = KEY_TYPE_INVALID;
switch (type) {
case MODULE_GDAC_CARD_TYPE:
set_gdac_supported_feature(supported_feature);
break;
case MODULE_JNTA_KMS_TYPE:
set_jnta_supported_feature(supported_feature);
break;
case MODULE_SWXA_KMS_TYPE:
set_swxa_supported_feature(supported_feature);
break;
default:
return CRYPTO_MOD_TYPE_INVALID_ERR;
}
return CRYPT_MOD_OK;
}
static int get_gdac_symm_algo_type(ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype)
{
switch (symmalgotype) {
case MODULE_AES_128_CBC:
*realtype = GDAC_AES128_CBC;
break;
case MODULE_AES_256_CBC:
*realtype = GDAC_AES256_CBC;
break;
case MODULE_SM4_CBC:
*realtype = GDAC_SM4_CBC;
break;
case MODULE_HMAC_SHA256:
*realtype = GDAC_HMAC_SHA256;
break;
case MODULE_HMAC_SM3:
*realtype = GDAC_HMAC_SM3;
break;
default:
return CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR;
}
return CRYPT_MOD_OK;
}
static int get_swxa_symm_algo_type(ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype)
{
switch (symmalgotype) {
case MODULE_AES_128_CBC:
case MODULE_AES_256_CBC:
*realtype = SWXA_AES_CBC;
break;
case MODULE_AES_128_CTR:
case MODULE_AES_256_CTR:
*realtype = SWXA_AES_CTR;
break;
case MODULE_SM4_CBC:
*realtype = SWXA_SMS4_CBC;
break;
case MODULE_SM4_CTR:
*realtype = SWXA_SMS4_CTR;
break;
case MODULE_HMAC_SHA256:
*realtype = SWXA_SHA256;
break;
case MODULE_HMAC_SM3:
*realtype = SWXA_SM3;
break;
default:
return CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR;
}
return CRYPT_MOD_OK;
}
static int get_jnta_symm_algo_type(ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype, unsigned int* realmode)
{
switch (symmalgotype) {
case MODULE_AES_128_CBC:
*realtype = TA_AES128;
*realmode = TA_CBC;
break;
case MODULE_AES_256_CBC:
*realtype = TA_AES256;
*realmode = TA_CBC;
break;
case MODULE_SM4_CBC:
*realtype = TA_SM4;
*realmode = TA_CBC;
break;
case MODULE_HMAC_SHA256:
*realtype = TA_HMAC_SHA256;
break;
case MODULE_HMAC_SM3:
*realtype = TA_HMAC_SM3;
break;
default:
return CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR;
}
return CRYPT_MOD_OK;
}
int get_real_symm_algo_type(ModuleType moduletype, ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype, unsigned int* realmode)
{
/*严格加解密,不属于硬件密码模块内部算法类型,在库中直接自行处理*/
if (symmalgotype == MODULE_DETERMINISTIC_KEY) {
*realtype = MODULE_DETERMINISTIC_KEY;
return CRYPT_MOD_OK;
}
switch (moduletype) {
case MODULE_GDAC_CARD_TYPE:
return get_gdac_symm_algo_type(symmalgotype, realtype);
case MODULE_JNTA_KMS_TYPE:
return get_jnta_symm_algo_type(symmalgotype, realtype, realmode);
case MODULE_SWXA_KMS_TYPE:
return get_swxa_symm_algo_type(symmalgotype, realtype);
default:
return CRYPTO_MOD_TYPE_INVALID_ERR;
}
return CRYPT_MOD_OK;
}
void transform_jnta_algo_type(unsigned int type, unsigned int mode, unsigned int *standardtype)
{
switch (type) {
case TA_AES128:
case TA_AES256:
if (mode == TA_CBC) {
*standardtype = TA_AES_CBC;
}
break;
case TA_SM4:
if (mode == TA_CBC) {
*standardtype = TA_SM4_CBC;
}
break;
default:
break;
}
}
static int get_gdac_digest_algo_type(ModuleDigestAlgo type, unsigned int* realtype)
{
switch (type) {
case MODULE_SHA256:
*realtype = GDAC_SHA256;
break;
case MODULE_SM3:
*realtype = GDAC_SM3;
break;
default:
return CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR;
}
return CRYPT_MOD_OK;
}
static int get_swxa_digest_algo_type(ModuleDigestAlgo type, unsigned int* realtype)
{
switch (type) {
case MODULE_SHA256:
*realtype = SWXA_SHA256;
break;
case MODULE_SM3:
*realtype = SWXA_SM3;
break;
default:
return CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR;
}
return CRYPT_MOD_OK;
}
static int get_jnta_digest_algo_type(ModuleDigestAlgo type, unsigned int* realtype)
{
switch (type) {
case MODULE_SHA256:
*realtype = TA_SHA256;
break;
case MODULE_SM3:
*realtype = TA_SM3;
break;
default:
return CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR;
}
return CRYPT_MOD_OK;
}
int get_real_digest_algo_type(ModuleType moduletype, ModuleDigestAlgo type, unsigned int* realtype)
{
switch (moduletype) {
case MODULE_GDAC_CARD_TYPE:
return get_gdac_digest_algo_type(type, realtype);
case MODULE_JNTA_KMS_TYPE:
return get_jnta_digest_algo_type(type, realtype);
case MODULE_SWXA_KMS_TYPE:
return get_swxa_digest_algo_type(type, realtype);
default:
return CRYPTO_MOD_TYPE_INVALID_ERR;
}
return CRYPT_MOD_OK;
}
int get_key_len_by_algo_type(ModuleSymmKeyAlgo type)
{
switch (type) {
case MODULE_AES_128_CBC:
case MODULE_AES_128_CTR:
case MODULE_SM4_CBC:
case MODULE_SM4_CTR:
return INTERNAL_KEY_128_BITS;
case MODULE_AES_256_CBC:
case MODULE_AES_256_CTR:
return INTERNAL_KEY_256_BITS;
default:
return INTERNAL_KEY_128_BITS;
}
}

124
contrib/common_cipher/common_algo.h Executable file
View File

@ -0,0 +1,124 @@
#ifndef COMMON_ALGO_H
#define COMMON_ALGO_H
#include "common_cipher.h"
#include "common_utils.h"
#ifdef __cplusplus
extern "C" {
#endif
/*密钥索引最大值1024,最小值1*/
#define INTERNAL_MIN_INDEX_NUM 1
#define INTERNAL_MAX_INDEX_NUM 1024
/*光电安辰相关宏定义*/
/*光电安辰卡内密钥类型*/
#define GDAC_KEK_TYPE 9
/*光电安辰卡内密钥状态*/
#define GDAC_KEY_EXIST 0x100000
#define GDAC_KEY_NOT_EXIST 0
/*对称算法模式*/
#define GDAC_MODE_CBC 0x00000002
/*对称算法类型*/
#define GDAC_SM4 0x00000400
#define GDAC_AES128 0x00004000
#define GDAC_AES256 0x00008000
/*对称算法及模式*/
#define GDAC_SM4_CBC (GDAC_SM4|GDAC_MODE_CBC)
#define GDAC_AES128_CBC (GDAC_AES128|GDAC_MODE_CBC)
#define GDAC_AES256_CBC (GDAC_AES256|GDAC_MODE_CBC)
/*摘要算法*/
#define GDAC_SM3 0x00000001
#define GDAC_SHA256 0x00000004
/*HMAC算法*/
#define GDAC_HMAC_SM3 0x00100001
#define GDAC_HMAC_SHA256 0x00100004
/*三未信安相关宏定义*/
/*对称算法及模式*/
#define SWXA_SMS4_CBC 0x00000402
#define SWXA_SMS4_CTR 0x00000420
#define SWXA_AES_CBC 0x00002002
#define SWXA_AES_CTR 0x00002020
/*摘要算法,三未的hmac指定算法和摘要算法相同即可*/
#define SWXA_SM3 0x00000001
#define SWXA_SHA256 0x00000004
/*江南天安相关*/
typedef enum {
TA_HMAC_SHA256 = 6,
TA_HMAC_SM3 = 20,
}TA_HMAC_ALG;
typedef enum {
TA_AES128 = 3,
TA_AES256 = 5,
TA_SM4 = 7,
}TA_SYMM_ALG;
typedef enum {
TA_CBC = 1,
}TA_SYMM_MODE;
typedef enum {
TA_SM3 = 1,
TA_SHA256 = 4,
}TA_HASH_ALG;
#define TA_SM4_CBC 0X00000402
#define TA_AES_CBC 0x80000202
/*内部通用宏定义*/
#define INTERNAL_DO_ENC 1
#define INTERNAL_DO_DEC 0
#define INTERNAL_MAX_KEY_LEN 32
#define INTERNAL_BLOCK_LEN 16
#define INTERNAL_IV_LEN 16
#define INTERNAL_HMAC_LEN 32
#define INTERNAL_MSG_BLOCK_LEN 8192
#define INTERNAL_KEY_128_BITS 128
#define INTERNAL_KEY_256_BITS 256
typedef struct {
void *session; /*和硬件建立的会话*/
unsigned int algotype; /*算法类型*/
unsigned int algomode; /*算法模式,江南天安使用;光电安辰和三未信安algotype已包含模式*/
int enc; /*0表示解密,1表示加密*/
unsigned int keysize; /*key的长度*/
unsigned char key[INTERNAL_MAX_KEY_LEN]; /*存储密钥id/密钥密文值/密钥明文值,AES256密钥长度32*/
}InternalKeyCtx;
extern int get_supported_feature(ModuleType type, SupportedFeature *supported_feature);
extern int get_real_symm_algo_type(ModuleType moduletype, ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype, unsigned int* realmode);
extern int get_real_digest_algo_type(ModuleType moduletype, ModuleDigestAlgo type, unsigned int* realtype);
extern int get_key_len_by_algo_type(ModuleSymmKeyAlgo type);
extern void transform_jnta_algo_type(unsigned int type, unsigned int mode, unsigned int *standardtype);
#ifdef __cplusplus
}
#endif
#endif /* COMMON_ALGO_H */

538
contrib/common_cipher/common_cipher.cpp Executable file
View File

@ -0,0 +1,538 @@
#include "common_cipher.h"
#include "common_err.h"
#include "common_utils.h"
#include "common_internal_interfaces.h"
/** 初始化密码模块
*
* @param[in]
* load_info 密码模块相关信息(硬件设备口令,硬件设备、硬件库路径等),通过kv方式传入
*
* @param[out]
* supported_feature 返回当前密码模块支持的加密方式,参考上述结构体
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
* 示例:
* 用户设置GUC参数crypto_module_info = 'enable_crypto_module=on,module_third_msg=aaa'
* 传入接口时load_info = 'aaa'
*/
int crypto_module_init(char *load_info, SupportedFeature *supported_feature)
{
int ret = CRYPT_MOD_OK;
ModuleParams moduleparams;
memset(&moduleparams, 0x0, sizeof(ModuleParams));
/* 1.解析load_info获取加载密码模块的参数*/
ret = parse_module_params(load_info, &moduleparams);
if (ret != CRYPT_MOD_OK) {
goto err;
}
/* 2.根据密码模块类型填充supported_feature*/
ret = get_supported_feature(moduleparams.moduletype, supported_feature);
if (ret != CRYPT_MOD_OK) {
goto err;
}
/* 3.dlopen打开密码模块驱动库,并加载接口函数*/
ret = load_module_driver(moduleparams);
if (ret != CRYPT_MOD_OK) {
goto err;
}
/* 4.打开设备*/
ret = internal_open_device(moduleparams.cfgfilepath);
if (ret != CRYPT_MOD_OK) {
goto err;
}
return CRYPT_MOD_OK;
err:
/*可能已经打开/加载,尝试释放*/
(void)internal_close_device();
(void)unload_module_driver();
set_thread_errno(ret);
return ret;
}
/** 会话中连接密码模块
*
* @param[in]
* key_info 密码相关信息(用户口令等信息),通过kv方式传入
*
* @param[out]
* sess 会话信息
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
* 示例:
* 用户设置GUC参数tde_key_info = 'keyType=third_kms, keyThirdMsg =bbb'
* 传入接口时key_info = 'bbb'
*/
int crypto_module_sess_init(char *key_info, void **sess)
{
int ret = CRYPT_MOD_OK;
ret = internal_open_session(sess);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
}
return ret;
}
/** 会话中断开连接密码模块
*
* @param[in]
* sess 会话信息
*
* @param[out]
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
void crypto_module_sess_exit(void *sess)
{
int ret = CRYPT_MOD_OK;
ret = internal_close_session(sess);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
}
}
/** 创建密钥
*
* @param[in]
* sess 会话信息
* algo 密钥使用场景的算法
*
* @param[out]
* key_id 返回生成密钥/密钥ID/密钥密文
* key_id_size 返回生成内容长度
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_create_symm_key(void *sess, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t *key_id_size)
{
int ret = CRYPT_MOD_OK;
ret = internal_generate_symm_key(sess, algo, key_id, (unsigned int*)key_id_size);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
}
return ret;
}
/** 密钥上下文初始化,后续进行加解密可直接使用上下文
*
* @param[in]
* sess 会话信息
* algo 加密算法
* enc 加密1、解密0
* key_id 密码信息
* key_id_size 密码信息长度
* @param[out]
* ctx 返回使用密钥信息
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_ctx_init(void *sess, void **ctx, ModuleSymmKeyAlgo algo, int enc, unsigned char *key_id, size_t key_id_size)
{
InternalKeyCtx *keyctx = NULL;
int ret = CRYPT_MOD_OK;
if (sess == NULL) {
return CRYPTO_MOD_NOT_OPENSESSION_ERR;
}
if (enc != INTERNAL_DO_DEC && enc != INTERNAL_DO_ENC) {
return CRYPTO_MOD_INVALID_CRYPTO_TYPE_ERR;
}
if (key_id == NULL || key_id[0] == '\0' || key_id_size <= 0 || key_id_size > INTERNAL_MAX_KEY_LEN) {
return CRYPTO_MOD_INVALID_KEY_ERR;
}
keyctx = (InternalKeyCtx*)malloc(sizeof(InternalKeyCtx));
keyctx->session = sess;
ret = get_real_symm_algo_type(get_current_module_type(), algo, &(keyctx->algotype), &(keyctx->algomode));
if (ret != CRYPT_MOD_OK) {
free(keyctx);
return ret;
}
keyctx->enc = enc;
memset(keyctx->key, 0x0, sizeof(keyctx->key));
memcpy(keyctx->key, key_id, key_id_size);
keyctx->keysize = key_id_size;
*ctx = keyctx;
return CRYPT_MOD_OK;
}
/** 获取数据加解密后的数据长度
*
* @param[in]
* ctx 加解密上下文信息
* enc 加密1、解密0
* data_size 返回加解密结果长度
* @return 返回数据长度
*
*/
int crypto_result_size(void *ctx, int enc, size_t data_size)
{
if (ctx == NULL) {
return CRYPTO_MOD_INVALID_KEY_CTX_ERR;
}
if (enc == INTERNAL_DO_DEC) {
return data_size;
} else if (enc == INTERNAL_DO_ENC) {
return (data_size + INTERNAL_BLOCK_LEN);
} else
return CRYPTO_MOD_INVALID_CRYPTO_TYPE_ERR;
}
/** 密钥上下文清理
*
* @param[in]
* ctx 加解密上下文信息
* @param[out]
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
void crypto_ctx_clean(void *ctx)
{
if (ctx) {
free(ctx);
ctx = NULL;
}
}
/** 执行加解密
*
* @param[in]
* ctx 加解密上下文信息
* enc 加密1、解密0
* data 原数据信息
* data_size 原数据长度
* iv iv信息
* iv_size iv信息长度
* tag GCM模式的校验值
* @param[out]
* result 返回结果信息
* result_size 返回结果信息长度
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_encrypt_decrypt(void *ctx, int enc, unsigned char *data, size_t data_size, unsigned char *iv, size_t iv_size, unsigned char *result, size_t *result_size, unsigned char *tag)
{
int ret = CRYPT_MOD_OK;
if ((enc == INTERNAL_DO_ENC && *result_size < (data_size + INTERNAL_BLOCK_LEN))
|| (enc == INTERNAL_DO_DEC && *result_size < data_size)) {
set_thread_errno(CRYPTO_MOD_NOT_ENOUGH_SPACE_ERR);
return CRYPTO_MOD_NOT_ENOUGH_SPACE_ERR;
}
if (enc == INTERNAL_DO_ENC) {
ret = internal_symm_encrypt(ctx, data, data_size, iv, iv_size, result, (unsigned int*)result_size, tag);
} else if (enc == INTERNAL_DO_DEC) {
ret = internal_symm_decrypt(ctx, data, data_size, iv, iv_size, result, (unsigned int*)result_size, tag);
}
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
}
return ret;
}
/** 计算摘要
*
* @param[in]
* sess 会话信息
* algo 摘要算法
* data 原数据信息
* data_size 原数据长度
* @param[out]
* result 返回结果信息
* result_size 返回结果信息长度
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_digest(void *sess, ModuleDigestAlgo algo, unsigned char * data, size_t data_size,unsigned char *result, size_t *result_size)
{
int ret = CRYPT_MOD_OK;
ret = internal_digest(sess, algo, data, data_size, result, (unsigned int*)result_size);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
}
return ret;
}
/** hmac初始化
*
* @param[in]
* sess 会话信息
* algo 摘要算法
* key_id 密码信息
* key_id_size 密码信息长度
* @param[out]
* ctx 返回密钥上下文
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_hmac_init(void *sess, void **ctx, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t key_id_size)
{
InternalKeyCtx *keyctx = NULL;
int ret = CRYPT_MOD_OK;
if (sess == NULL) {
return CRYPTO_MOD_NOT_OPENSESSION_ERR;
}
if (key_id == NULL || key_id[0] == '\0' || key_id_size <= 0 || key_id_size > INTERNAL_MAX_KEY_LEN) {
return CRYPTO_MOD_INVALID_KEY_ERR;
}
keyctx = (InternalKeyCtx*)malloc(sizeof(InternalKeyCtx));
keyctx->session = sess;
ret = get_real_symm_algo_type(get_current_module_type(), algo, &(keyctx->algotype), &(keyctx->algomode));
if (ret != CRYPT_MOD_OK) {
free(keyctx);
return ret;
}
memcpy(keyctx->key, key_id, key_id_size);
keyctx->keysize = key_id_size;
*ctx = keyctx;
return ret;
}
/** hmac清理
*
* @param[in]
* ctx 密钥上下文信息
*
* @param[out]
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
void crypto_hmac_clean(void *ctx)
{
if (ctx) {
free(ctx);
ctx = NULL;
}
}
/** 执行hmac计算
*
* @param[in]
* ctx 密钥上下文信息
* data 原数据信息
* data_size 原数据长度
* @param[out]
* result 返回结果信息
* result_size 返回结果信息长度
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_hmac(void *ctx, unsigned char * data, size_t data_size, unsigned char *result, size_t *result_size)
{
int ret = CRYPT_MOD_OK;
ret = internal_hmac(ctx, data, data_size, result, result_size);
if (ret != CRYPT_MOD_OK)
set_thread_errno(ret);
return ret;
}
/** 生成随机数
*
* @param[in]
* sess 会话信息
* size 申请的随机信息长度
*
* @param[out]
* buffer 返回随机信息
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_gen_random(void *sess, char *buffer, size_t size)
{
int ret = CRYPT_MOD_OK;
ret = internal_generate_random(sess, buffer, size);
if (ret != CRYPT_MOD_OK)
set_thread_errno(ret);
return ret;
}
/** 执行确定性加解密
*
* @param[in]
* sess 会话信息
* enc 加密1、解密0
* data 原数据信息
* data_size 原数据长度
* key_id 密钥信息
* key_id_size 密钥信息长度
* @param[out]
* result 返回结果信息
* result_size 返回结果信息长度
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_deterministic_enc_dec(void *sess, int enc, unsigned char *data, unsigned char *key_id, size_t key_id_size, size_t data_size, unsigned char *result, size_t *result_size)
{
int ret = CRYPT_MOD_OK;
void *tmpkeyctx = NULL;
unsigned char tmpiv[INTERNAL_IV_LEN + 1] = {0};
ret = crypto_ctx_init(sess, &tmpkeyctx, MODULE_SM4_CBC, enc, key_id, key_id_size);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
return ret;
}
/*加密:对明文计算hmac作为iv,并将hmac放到密文串头;
*解密:从密文头获取iv和hmac,并对解密出的明文计算hmac进行校验*/
if (enc == INTERNAL_DO_ENC) {
void *tmphmacctx = NULL;
unsigned char tmphmac[INTERNAL_HMAC_LEN] = {0};
long unsigned int hmaclen = 0;
/*计算iv */
ret = crypto_hmac_init(sess, &tmphmacctx, MODULE_HMAC_SM3, key_id, key_id_size);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
crypto_ctx_clean(tmpkeyctx);
return ret;
}
ret = crypto_hmac(tmphmacctx, data, data_size, tmphmac, &hmaclen);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
crypto_ctx_clean(tmphmacctx);
crypto_ctx_clean(tmpkeyctx);
return ret;
}
memcpy(tmpiv, tmphmac, INTERNAL_IV_LEN);
/*把hmac放到密文头 */
memcpy(result, tmphmac, INTERNAL_HMAC_LEN);
crypto_hmac_clean(tmphmacctx);
ret = internal_symm_encrypt(tmpkeyctx, data, data_size, tmpiv, INTERNAL_IV_LEN, result + INTERNAL_HMAC_LEN, (unsigned int*)result_size, NULL);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
}
crypto_ctx_clean(tmpkeyctx);
*result_size += INTERNAL_HMAC_LEN;
return ret;
} else if (enc == INTERNAL_DO_DEC){
void *tmphmacctx = NULL;
unsigned char tmphmac[INTERNAL_HMAC_LEN] = {0};
long unsigned int hmaclen = 0;
unsigned char verifyhmac[INTERNAL_HMAC_LEN] = {0};
/*获取iv */
memcpy(tmpiv, data, INTERNAL_IV_LEN);
/*获取hmac*/
memcpy(verifyhmac, data, INTERNAL_HMAC_LEN);
ret = internal_symm_decrypt(tmpkeyctx, data + INTERNAL_HMAC_LEN, data_size - INTERNAL_HMAC_LEN, tmpiv, INTERNAL_IV_LEN, result, (unsigned int*)result_size, NULL);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
crypto_ctx_clean(tmpkeyctx);
return ret;
}
crypto_ctx_clean(tmpkeyctx);
/*计算明文hmac */
ret = crypto_hmac_init(sess, &tmphmacctx, MODULE_HMAC_SM3, key_id, key_id_size);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
return ret;
}
ret = crypto_hmac(tmphmacctx, result, *result_size, tmphmac, &hmaclen);
if (ret != CRYPT_MOD_OK) {
set_thread_errno(ret);
crypto_ctx_clean(tmphmacctx);
return ret;
}
crypto_hmac_clean(tmphmacctx);
/*校验明文hmac值 */
if (strncmp((char*)tmphmac, (char*)verifyhmac, INTERNAL_HMAC_LEN)) {
set_thread_errno(CRYPTO_MOD_DETERMINISTIC_DEC_VERIFY_ERR);
return CRYPTO_MOD_DETERMINISTIC_DEC_VERIFY_ERR;
}
return ret;
}
return ret;
}
/** 获取报错信息
*
* @param[in]
* sess 会话信息
* @param[out]
* errmsg 返回结果信息,最长256字节
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_get_errmsg(void *sess, char *errmsg)
{
strcpy(errmsg, common_get_errmsg());
return CRYPT_MOD_OK;
}

275
contrib/common_cipher/common_cipher.h Executable file
View File

@ -0,0 +1,275 @@
#ifndef COMMON_CIPHER_H
#define COMMON_CIPHER_H
#include <pthread.h>
#include <dlfcn.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdarg.h>
#ifdef __cplusplus
extern "C" {
#endif
#define MAX_PROVIDER_NAME_LEN 128
#define MAX_ERRMSG_LEN 256
typedef enum {
MODULE_AES_128_CBC = 0,
MODULE_AES_128_CTR,
MODULE_AES_128_GCM,
MODULE_AES_256_CBC,
MODULE_AES_256_CTR,
MODULE_AES_256_GCM,
MODULE_SM4_CBC,
MODULE_SM4_CTR,
MODULE_HMAC_SHA256,
MODULE_HMAC_SM3,
MODULE_DETERMINISTIC_KEY,
MODULE_ALGO_MAX = 1024
} ModuleSymmKeyAlgo;
typedef enum {
MODULE_SHA256 = 0,
MODULE_SM3,
MODULE_DIGEST_MAX = 1024
} ModuleDigestAlgo;
typedef enum {
KEY_TYPE_INVALID,
KEY_TYPE_PLAINTEXT,
KEY_TYPE_CIPHERTEXT,
KEY_TYPE_NAMEORIDX,
KEY_TYPE_MAX
} KeyType;
typedef struct {
char provider_name[MAX_PROVIDER_NAME_LEN];
KeyType key_type;
int supported_symm[MODULE_ALGO_MAX]; // 不支持算法填入0或者支持算法填入1
int supported_digest[MODULE_DIGEST_MAX]; // 不支持算法填入0或者支持算法填入1
} SupportedFeature;
/** 初始化密码模块
*
* @param[in]
* load_info 密码模块相关信息(硬件设备口令,硬件设备、硬件库路径等),通过kv方式传入
*
* @param[out]
* supported_feature 返回当前密码模块支持的加密方式,参考上述结构体
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
* 示例:
* 用户设置GUC参数crypto_module_info = 'enable_crypto_module=on,module_third_msg=aaa'
* 传入接口时load_info = 'aaa'
*/
int crypto_module_init(char *load_info, SupportedFeature *supported_feature);
/** 会话中连接密码模块
*
* @param[in]
* key_info 密码相关信息(用户口令等信息),通过kv方式传入
*
* @param[out]
* sess 会话信息
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
* 示例:
* 用户设置GUC参数tde_key_info = 'keyType=third_kms, keyThirdMsg =bbb'
* 传入接口时key_info = 'bbb'
*/
int crypto_module_sess_init(char *key_info, void **sess);
/** 会话中断开连接密码模块
*
* @param[in]
* sess 会话信息
*
* @param[out]
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
void crypto_module_sess_exit(void *sess);
/** 创建密钥
*
* @param[in]
* sess 会话信息
* algo 密钥使用场景的算法
*
* @param[out]
* key_id 返回生成密钥/密钥ID/密钥密文
* key_id_size 返回生成内容长度
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_create_symm_key(void *sess, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t *key_id_size);
/** 密钥上下文初始化,后续进行加解密可直接使用上下文
*
* @param[in]
* sess 会话信息
* algo 加密算法
* enc 加密1、解密0
* key_id 密码信息
* key_id_size 密码信息长度
* @param[out]
* ctx 返回使用密钥信息
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_ctx_init(void *sess, void **ctx, ModuleSymmKeyAlgo algo, int enc, unsigned char *key_id, size_t key_id_size);
/** 获取数据加解密后的数据长度
*
* @param[in]
* ctx 加解密上下文信息
* enc 加密1、解密0
* data_size 返回加解密结果长度
* @return 返回数据长度
*
*/
int crypto_result_size(void *ctx, int enc, size_t data_size);
/** 密钥上下文清理
*
* @param[in]
* ctx 加解密上下文信息
* @param[out]
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
void crypto_ctx_clean(void *ctx);
/** 执行加解密
*
* @param[in]
* ctx 加解密上下文信息
* enc 加密1、解密0
* data 原数据信息
* data_size 原数据长度
* iv iv信息
* iv_size iv信息长度
* tag GCM模式的校验值
* @param[out]
* result 返回结果信息
* result_size 返回结果信息长度
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_encrypt_decrypt(void *ctx, int enc, unsigned char *data, size_t data_size, unsigned char *iv, size_t iv_size, unsigned char *result, size_t *result_size, unsigned char *tag);
/** 计算摘要
*
* @param[in]
* sess 会话信息
* algo 摘要算法
* data 原数据信息
* data_size 原数据长度
* @param[out]
* result 返回结果信息
* result_size 返回结果信息长度
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_digest(void *sess, ModuleDigestAlgo algo, unsigned char * data, size_t data_size,unsigned char *result, size_t *result_size);
/** hmac初始化
*
* @param[in]
* sess 会话信息
* algo 摘要算法
* key_id 密码信息
* key_id_size 密码信息长度
* @param[out]
* ctx 返回密钥上下文
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_hmac_init(void *sess, void **ctx, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t key_id_size);
/** hmac清理
*
* @param[in]
* ctx 密钥上下文信息
*
* @param[out]
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
void crypto_hmac_clean(void *ctx);
/** 执行hmac计算
*
* @param[in]
* ctx 密钥上下文信息
* data 原数据信息
* data_size 原数据长度
* @param[out]
* result 返回结果信息
* result_size 返回结果信息长度
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_hmac(void *ctx, unsigned char * data, size_t data_size, unsigned char *result, size_t *result_size);
/** 生成随机数
*
* @param[in]
* sess 会话信息
* size 申请的随机信息长度
*
* @param[out]
* buffer 返回随机信息
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_gen_random(void *sess, char *buffer, size_t size);
/** 执行确定性加解密
*
* @param[in]
* sess 会话信息
* enc 加密1、解密0
* data 原数据信息
* data_size 原数据长度
* key_id 密钥信息
* key_id_size 密钥信息长度
* @param[out]
* result 返回结果信息
* result_size 返回结果信息长度
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_deterministic_enc_dec(void *sess, int enc, unsigned char *data, unsigned char *key_id, size_t key_id_size, size_t data_size, unsigned char *result, size_t *result_size);
/** 获取报错信息
*
* @param[in]
* sess 会话信息
* @param[out]
* errmsg 返回结果信息,最长256字节
*
* @return 成功返回CRYPT_MOD_OK,失败返回错误码
*
*/
int crypto_get_errmsg(void *sess, char *errmsg);
#ifdef __cplusplus
}
#endif
#endif /*COMMON_CIPHER_H*/

126
contrib/common_cipher/common_err.cpp Executable file
View File

@ -0,0 +1,126 @@
#include "common_err.h"
#define MAX_ERRMSG_LEN 256
#define lengthof(array) (sizeof(array) / sizeof(array[0]))
static thread_local int internalthreaderrno = 0;
static void reset_thread_errno();
typedef struct {
int errno;
char errmsg[MAX_ERRMSG_LEN];
}CommonErrInfo;
/*HSM:hardware security module,硬件安全模块。*/
static const CommonErrInfo internal_err_info[] = {
{INTERNAL_UNKNOWNERR, "HSM unknown error"},
{INTERNAL_NOTSUPPORT, "HSM not support"},
{INTERNAL_COMMFAIL, "HSM communication error"},
{INTERNAL_HARDFAIL, "HSM hard error"},
{INTERNAL_OPENDEVICE, "HSM open device error"},
{INTERNAL_OPENSESSION, "HSM open session error"},
{INTERNAL_PARDENY, "HSM permission error"},
{INTERNAL_KEYNOTEXIST, "HSM key not exist"},
{INTERNAL_ALGNOTSUPPORT, "HSM not support algorithm"},
{INTERNAL_ALGMODNOTSUPPORT, "HSM not support algorithm mode"},
{INTERNAL_PKOPERR, "HSM public key operation error"},
{INTERNAL_SKOPERR, "HSM private key operation error"},
{INTERNAL_SIGNERR, "HSM sign error"},
{INTERNAL_VERIFYERR, "HSM verify error"},
{INTERNAL_SYMOPERR, "HSM symmetry operation error"},
{INTERNAL_STEPERR, "HSM step error"},
{INTERNAL_FILESIZEERR, "HSM file size or data len error"},
{INTERNAL_FILENOEXIST, "HSM file not exist"},
{INTERNAL_FILEOFSERR, "HSM file offset operation error"},
{INTERNAL_KEYTYPEERR, "HSM key type error"},
{INTERNAL_KEYERR, "HSM key error"},
{INTERNAL_ENCDATAERR, "HSM encrypt data error"},
{INTERNAL_RANDERR, "HSM random error"},
{INTERNAL_PRKRERR, "HSM private access right error"},
{INTERNAL_MACERR, "HSM MAC error"},
{INTERNAL_FILEEXISTS, "HSM file exists"},
{INTERNAL_FILEWERR, "HSM write file error"},
{INTERNAL_NOBUFFER, "HSM not enough storage"},
{INTERNAL_INARGERR, "HSM input param error"},
{INTERNAL_OUTARGERR, "HSM output param error"},
{INTERNAL_UKEYERR, "HSM ukey error"},
{INTERNAL_GENKEYERR, "HSM generate key error"},
{INTERNAL_STATEERR, "HSM status error"},
{INTERNAL_RETRYERR, "HSM retry exceeded"},
{INTERNAL_DEVICE_BUSY, "HSM is busy"}
};
static int internal_err_number = lengthof(internal_err_info);
static const CommonErrInfo common_err_info[] = {
{CRYPTO_MOD_TYPE_REPEATED_ERR, "module type set repeated"},
{CRYPTO_MOD_TYPE_INVALID_ERR, "invalid module type"},
{CRYPTO_MOD_LIBPATH_REPEATED_ERR, "module lib path set repeated"},
{CRYPTO_MOD_LIBPATH_INVALID_ERR, "invalid module lib path"},
{CRYPTO_MOD_CFG_PATH_REPEATED_ERR, "module config file set repeated"},
{CRYPTO_MOD_CFG_PATH_INVALID_ERR, "invalid module config file"},
{CRYPTO_MOD_PARAM_TOO_MANY_ERR, "param is too many"},
{CRYPTO_MOD_PARAM_INVALID_ERR, "invalid param"},
{CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR, "unsupported symm algo type"},
{CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR, "unsupported digest algo type"},
{CRYPTO_MOD_DLOPEN_ERR, "dlopen error"},
{CRYPTO_MOD_DLSYM_ERR, "dlsym error"},
{CRYPTO_MOD_UNLOAD_ERR, "unload error"},
{CRYPTO_MOD_NOT_LOADED_ERR, "module not loaded"},
{CRYPTO_MOD_NOT_OPENDEVICE_ERR, "device not opened"},
{CRYPTO_MOD_NOT_OPENSESSION_ERR, "session not opened"},
{CRYPTO_MOD_INVALID_KEY_ERR, "invalid key"},
{CRYPTO_MOD_INVALID_CRYPTO_TYPE_ERR, "invalid crypto type"},
{CRYPTO_MOD_INVALID_KEY_CTX_ERR, "invalid key ctx"},
{CRYPTO_MOD_UNPADDING_ERR, "unpadding err"},
{CRYPTO_MOD_NOT_ENOUGH_SPACE_ERR, "not enough space"},
{CRYPTO_MOD_DETERMINISTIC_DEC_VERIFY_ERR, "deterministic dec verify error"},
{CRYPTO_MOD_UNKNOWN_PARAM_ERR, "unknown module param"}
};
static int common_err_number = lengthof(common_err_info);
static const char* unknown_err = "unknown err";
const char* common_get_errmsg()
{
int i = 0;
if (internalthreaderrno & INTERNAL_BASE_ERR) {
for (i = 0; i < internal_err_number; i++) {
if (internalthreaderrno == internal_err_info[i].errno) {
reset_thread_errno();
return internal_err_info[i].errmsg;
}
}
} else if (internalthreaderrno & CRYPTO_MOD_BASE_ERR) {
for (i = 0; i < common_err_number; i++) {
if (internalthreaderrno == common_err_info[i].errno) {
reset_thread_errno();
return common_err_info[i].errmsg;
}
}
} else {
reset_thread_errno();
return unknown_err;
}
if (i != internal_err_number && i != common_err_number) {
reset_thread_errno();
return unknown_err;
}
return unknown_err;
}
void set_thread_errno(int errno)
{
internalthreaderrno = errno;
}
static void reset_thread_errno()
{
internalthreaderrno = 0;
}

89
contrib/common_cipher/common_err.h Executable file
View File

@ -0,0 +1,89 @@
#ifndef COMMON_ERR_H
#define COMMON_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/*硬件内部错误码*/
#define INTERNAL_OK 0
#define INTERNAL_BASE_ERR 0x01000000
#define INTERNAL_UNKNOWNERR (INTERNAL_BASE_ERR + 0x00000001) /* 未知错误 */
#define INTERNAL_NOTSUPPORT (INTERNAL_BASE_ERR + 0x00000002) /* 不支持 */
#define INTERNAL_COMMFAIL (INTERNAL_BASE_ERR + 0x00000003) /* 通信错误 */
#define INTERNAL_HARDFAIL (INTERNAL_BASE_ERR + 0x00000004) /* 硬件错误 */
#define INTERNAL_OPENDEVICE (INTERNAL_BASE_ERR + 0x00000005) /* 打开设备错误 */
#define INTERNAL_OPENSESSION (INTERNAL_BASE_ERR + 0x00000006) /* 打开会话句柄错误 */
#define INTERNAL_PARDENY (INTERNAL_BASE_ERR + 0x00000007) /* 权限不满足 */
#define INTERNAL_KEYNOTEXIST (INTERNAL_BASE_ERR + 0x00000008) /* 密钥不存在 */
#define INTERNAL_ALGNOTSUPPORT (INTERNAL_BASE_ERR + 0x00000009) /* 不支持的算法 */
#define INTERNAL_ALGMODNOTSUPPORT (INTERNAL_BASE_ERR + 0x0000000A) /* 不支持的算法模式 */
#define INTERNAL_PKOPERR (INTERNAL_BASE_ERR + 0x0000000B) /* 公钥运算错误 */
#define INTERNAL_SKOPERR (INTERNAL_BASE_ERR + 0x0000000C) /* 私钥运算错误 */
#define INTERNAL_SIGNERR (INTERNAL_BASE_ERR + 0x0000000D) /* 签名错误 */
#define INTERNAL_VERIFYERR (INTERNAL_BASE_ERR + 0x0000000E) /* 验证错误 */
#define INTERNAL_SYMOPERR (INTERNAL_BASE_ERR + 0x0000000F) /* 对称运算错误 */
#define INTERNAL_STEPERR (INTERNAL_BASE_ERR + 0x00000010) /* 步骤错误 */
#define INTERNAL_FILESIZEERR (INTERNAL_BASE_ERR + 0x00000011) /* 文件大小错误或输入数据长度非法 */
#define INTERNAL_FILENOEXIST (INTERNAL_BASE_ERR + 0x00000012) /* 文件不存在 */
#define INTERNAL_FILEOFSERR (INTERNAL_BASE_ERR + 0x00000013) /* 文件操作偏移量错误 */
#define INTERNAL_KEYTYPEERR (INTERNAL_BASE_ERR + 0x00000014) /* 密钥类型错误 */
#define INTERNAL_KEYERR (INTERNAL_BASE_ERR + 0x00000015) /* 密钥错误 */
#define INTERNAL_ENCDATAERR (INTERNAL_BASE_ERR + 0x00000016) /* 加密数据错误 */
#define INTERNAL_RANDERR (INTERNAL_BASE_ERR + 0x00000017) /* 随机数产生失败 */
#define INTERNAL_PRKRERR (INTERNAL_BASE_ERR + 0x00000018) /* 私钥使用权限获取失败 */
#define INTERNAL_MACERR (INTERNAL_BASE_ERR + 0x00000019) /* MAC 运算失败 */
#define INTERNAL_FILEEXISTS (INTERNAL_BASE_ERR + 0x0000001A) /* 指定文件已存在 */
#define INTERNAL_FILEWERR (INTERNAL_BASE_ERR + 0x0000001B) /* 文件写入失败 */
#define INTERNAL_NOBUFFER (INTERNAL_BASE_ERR + 0x0000001C) /* 存储空间不足 */
#define INTERNAL_INARGERR (INTERNAL_BASE_ERR + 0x0000001D) /* 输入参数错误 */
#define INTERNAL_OUTARGERR (INTERNAL_BASE_ERR + 0x0000001E) /* 输出参数错误 */
#define INTERNAL_UKEYERR (INTERNAL_BASE_ERR + 0x0000001F) /* Ukey错误 */
#define INTERNAL_GENKEYERR (INTERNAL_BASE_ERR + 0x00000020) /* 密钥生成错误 */
#define INTERNAL_STATEERR (INTERNAL_BASE_ERR + 0x00000021) /* 状态错误 */
#define INTERNAL_RETRYERR (INTERNAL_BASE_ERR + 0x00000022) /* 重试超过次数 */
#define INTERNAL_DEVICE_BUSY (INTERNAL_BASE_ERR + 0x00000023) /* 设备忙 */
/*库中自定义错误码*/
/*特别注意,硬件密码模块的返回值是0表示成功,非0表示失败(错误码),和库对外返回的不一样*/
#define CRYPT_MOD_OK 1
#define CRYPT_MOD_ERR 0
#define CRYPTO_MOD_BASE_ERR 0x01000
#define CRYPTO_MOD_TYPE_REPEATED_ERR (CRYPTO_MOD_BASE_ERR + 0x00001)/*密码模块类型重复设置*/
#define CRYPTO_MOD_TYPE_INVALID_ERR (CRYPTO_MOD_BASE_ERR + 0x00002)/*无效的密码模块类型*/
#define CRYPTO_MOD_LIBPATH_REPEATED_ERR (CRYPTO_MOD_BASE_ERR + 0x00003)/*密码模块库路径重复设置*/
#define CRYPTO_MOD_LIBPATH_INVALID_ERR (CRYPTO_MOD_BASE_ERR + 0x00004)/*无效的密码模块库路径*/
#define CRYPTO_MOD_CFG_PATH_REPEATED_ERR (CRYPTO_MOD_BASE_ERR + 0x00005)/*密码模块配置文件重复设置*/
#define CRYPTO_MOD_CFG_PATH_INVALID_ERR (CRYPTO_MOD_BASE_ERR + 0x00006)/*无效的密码模块配置文件*/
#define CRYPTO_MOD_PARAM_TOO_MANY_ERR (CRYPTO_MOD_BASE_ERR + 0x00007)/*密码卡参数配置过多*/
#define CRYPTO_MOD_PARAM_INVALID_ERR (CRYPTO_MOD_BASE_ERR + 0x00008)/*无效的参数*/
#define CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR (CRYPTO_MOD_BASE_ERR + 0x00009)/*不支持的对称算法类型*/
#define CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR (CRYPTO_MOD_BASE_ERR + 0x0000A)/*不支持的摘要算法类型*/
#define CRYPTO_MOD_DLOPEN_ERR (CRYPTO_MOD_BASE_ERR + 0x0000B)/*dlopen失败*/
#define CRYPTO_MOD_DLSYM_ERR (CRYPTO_MOD_BASE_ERR + 0x0000C)/*dlsym失败*/
#define CRYPTO_MOD_UNLOAD_ERR (CRYPTO_MOD_BASE_ERR + 0x0000D)/*dlclose失败*/
#define CRYPTO_MOD_NOT_LOADED_ERR (CRYPTO_MOD_BASE_ERR + 0x0000E)/*还未加载驱动库*/
#define CRYPTO_MOD_NOT_OPENDEVICE_ERR (CRYPTO_MOD_BASE_ERR + 0x0000F)/*还未打开设备*/
#define CRYPTO_MOD_NOT_OPENSESSION_ERR (CRYPTO_MOD_BASE_ERR + 0x00010)/*还未建立会话*/
#define CRYPTO_MOD_INVALID_KEY_ERR (CRYPTO_MOD_BASE_ERR + 0x00011)/*无效的密钥*/
#define CRYPTO_MOD_INVALID_CRYPTO_TYPE_ERR (CRYPTO_MOD_BASE_ERR + 0x00012)/*无效的加解密类型*/
#define CRYPTO_MOD_INVALID_KEY_CTX_ERR (CRYPTO_MOD_BASE_ERR + 0x00013)/*无效密钥上下文*/
#define CRYPTO_MOD_UNPADDING_ERR (CRYPTO_MOD_BASE_ERR + 0x00014)/*去pad失败*/
#define CRYPTO_MOD_NOT_ENOUGH_SPACE_ERR (CRYPTO_MOD_BASE_ERR + 0x00015)/*分配的空间不足*/
#define CRYPTO_MOD_DETERMINISTIC_DEC_VERIFY_ERR (CRYPTO_MOD_BASE_ERR + 0x00016)/*确定性解密校验失败*/
#define CRYPTO_MOD_UNKNOWN_PARAM_ERR (CRYPTO_MOD_BASE_ERR + 0xFFFFF)/*未知的参数*/
extern void set_thread_errno(int errno);
extern const char* common_get_errmsg();
#ifdef __cplusplus
}
#endif
#endif /* COMMON_ERR_H */

796
contrib/common_cipher/common_internal_interfaces.cpp Executable file
View File

@ -0,0 +1,796 @@
#include <pthread.h>
#include <dlfcn.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "common_internal_interfaces.h"
#include "common_err.h"
#include "common_utils.h"
#define INTERNAL_SHARED_LOCK 0
#define INTERNAL_EXCLUSIVE_LOCK 1
#define SET_JNTA_CFG_PATH(path) (setenv("TASS_GHVSM_CFG_PATH", path, 1))
#define INTERNAL_RETURN(ret) \
{ \
if (ret == INTERNAL_OK) \
return CRYPT_MOD_OK; \
else \
return ret; \
}while(0)
/*dlopen句柄*/
static void *driverhandle = NULL;
/*密码模块接口*/
static ModuleInterfaces *moduleinterfaces = NULL;
/*定义一个锁,对driverhandle和moduleinterfaces做读写保护*/
static pthread_rwlock_t drivermutex;
/*设备句柄*/
static void *devicehandle = NULL;
/*定义一个锁,对devicehandle做读写保护*/
static pthread_rwlock_t devicehandlemutex;
/*记录当前空闲的最小索引号,在第一次生成密钥时获取并设置。这个需要保证密钥都是从该接口库生成*/
static int currnetindex = 0;
/*定义一个锁,保证同一时刻只有一个线程在生成密钥*/
static pthread_mutex_t genkeymutex;
static int internal_padding(char *indata, int inlen, char *outdata, int *outlen);
static int internal_unpadding(char *indata, int *inlen);
static void internal_lock(int loketype, pthread_rwlock_t *lock)
{
if (loketype == INTERNAL_SHARED_LOCK) {
pthread_rwlock_rdlock(lock);
} else if (loketype == INTERNAL_EXCLUSIVE_LOCK){
pthread_rwlock_wrlock(lock);
} else {
/*do nothing*/
}
}
static void internal_unlock(pthread_rwlock_t *lock)
{
pthread_rwlock_unlock(lock);
}
ModuleType get_current_module_type()
{
internal_lock(INTERNAL_SHARED_LOCK, &drivermutex);
if (moduleinterfaces) {
internal_unlock(&drivermutex);
return moduleinterfaces->type;
}
internal_unlock(&drivermutex);
return MODULE_INVALID_TYPE;
}
static int load_standard_interfaces(ModuleStandardInterfaces *standardinterfaces)
{
standardinterfaces->InternalOpenDevice = (StandardOpenDevice_type)dlsym(driverhandle, "SDF_OpenDevice");
standardinterfaces->InternalCloseDevice = (StandardCloseDevice_type)dlsym(driverhandle, "SDF_CloseDevice");
standardinterfaces->InternalOpenSession = (StandardOpenSession_type)dlsym(driverhandle, "SDF_OpenSession");
standardinterfaces->InternalCloseSession = (StandardCloseSession_type)dlsym(driverhandle, "SDF_CloseSession");
standardinterfaces->InternalGenerateRandom = (StandardGenerateRandom_type)dlsym(driverhandle, "SDF_GenerateRandom");
standardinterfaces->InternalEncrypt = (StandardEncrypt_type)dlsym(driverhandle, "SDF_Encrypt");
standardinterfaces->InternalDecrypt = (StandardDecrypt_type)dlsym(driverhandle, "SDF_Decrypt");
standardinterfaces->InternalDestroyKey = (StandardDestroyKey_type)dlsym(driverhandle, "SDF_DestroyKey");
standardinterfaces->InternalHashInit = (StandardHashInit_type)dlsym(driverhandle, "SDF_HashInit");
standardinterfaces->InternalHashUpdate = (StandardHashUpdate_type)dlsym(driverhandle, "SDF_HashUpdate");
standardinterfaces->InternalHashFinal = (StandardHashFinal_type)dlsym(driverhandle, "SDF_HashFinal");
if (standardinterfaces->InternalOpenDevice == NULL
|| standardinterfaces->InternalCloseDevice == NULL
|| standardinterfaces->InternalOpenSession == NULL
|| standardinterfaces->InternalCloseSession == NULL
|| standardinterfaces->InternalGenerateRandom == NULL
|| standardinterfaces->InternalEncrypt == NULL
|| standardinterfaces->InternalDecrypt == NULL
|| standardinterfaces->InternalDestroyKey == NULL
|| standardinterfaces->InternalHashInit == NULL
|| standardinterfaces->InternalHashUpdate == NULL
|| standardinterfaces->InternalHashFinal == NULL) {
return CRYPTO_MOD_DLSYM_ERR;
}
return CRYPT_MOD_OK;
}
static int load_gdac_interfaces(ModuleGdacInterfaces* gdacinterfaces)
{
gdacinterfaces->GDACGenerateKEK = (GDACGenerateKEK_type)dlsym(driverhandle, "SDFE_GenerateKEK");
gdacinterfaces->GDACHMAC = (GDACHMAC_type)dlsym(driverhandle, "SDFE_Hmac");
gdacinterfaces->GDACEncryptWithIndex = (GDACEncryptWithIndex_type)dlsym(driverhandle, "SDFE_Encrypt");
gdacinterfaces->GDACDecryptWithIndex = (GDACDecryptWithIndex_type)dlsym(driverhandle, "SDFE_Decrypt");
gdacinterfaces->GDACExportKEK = (GDACExportKEK_type)dlsym(driverhandle, "SDFE_ExportKEK");
gdacinterfaces->GDACGetkeyState = (GDACGetkeyState_type)dlsym(driverhandle, "SDFE_GetkeyState");
if (gdacinterfaces->GDACGenerateKEK == NULL
|| gdacinterfaces->GDACHMAC == NULL
|| gdacinterfaces->GDACEncryptWithIndex == NULL
|| gdacinterfaces->GDACDecryptWithIndex == NULL
|| gdacinterfaces->GDACExportKEK == NULL
|| gdacinterfaces->GDACGetkeyState == NULL) {
return CRYPTO_MOD_DLSYM_ERR;
}
return CRYPT_MOD_OK;
}
static int load_jnta_interfaces(ModuleJntaInterfaces* jntainterfaces)
{
jntainterfaces->JNTACalculateHmac = (JNTACalculateHmac_type)dlsym(driverhandle, "Tass_CalculateHmac");
jntainterfaces->JNTAGenerateSymmKeyWithLMK = (JNTAGenerateSymmKeyWithLMK_type)dlsym(driverhandle, "Tass_GenerateSymmKeyWithLMK");
jntainterfaces->JNTAImportKeyCipherByLMK = (JNTAImportKeyCipherByLMK_type)dlsym(driverhandle, "Tass_ImportKeyCipherByLMK");
if (jntainterfaces->JNTACalculateHmac == NULL
|| jntainterfaces->JNTAGenerateSymmKeyWithLMK == NULL
|| jntainterfaces->JNTAImportKeyCipherByLMK == NULL) {
return CRYPTO_MOD_DLSYM_ERR;
}
return CRYPT_MOD_OK;
}
static int load_swxa_interfaces(ModuleSwxaInterfaces* swxainterfaces)
{
swxainterfaces->SWXAGenerateKeyCipher = (SWXAGenerateKeyCipher_type)dlsym(driverhandle, "SDF_GenerateKey_Cipher");
swxainterfaces->SWXAEncKeyEncrypt = (SWXAEncKeyEncrypt_type)dlsym(driverhandle, "SDF_EncKeyEncrypt");
swxainterfaces->SWXAEncKeyDecrypt = (SWXAEncKeyDecrypt_type)dlsym(driverhandle, "SDF_EncKeyDecrypt");
swxainterfaces->SWXAHMAC = (SWXAHMAC_type)dlsym(driverhandle, "SDF_EncKeyHMAC");
swxainterfaces->SWXAOpenDeviceWithPathAndName = (SWXAOpenDeviceWithPathAndName_type)dlsym(driverhandle, "SDF_OpenDeviceWithPathAndName");
if (swxainterfaces->SWXAGenerateKeyCipher == NULL
|| swxainterfaces->SWXAEncKeyEncrypt == NULL
|| swxainterfaces->SWXAEncKeyDecrypt == NULL
|| swxainterfaces->SWXAHMAC == NULL
|| swxainterfaces->SWXAOpenDeviceWithPathAndName == NULL) {
return CRYPTO_MOD_DLSYM_ERR;
}
return CRYPT_MOD_OK;
}
/*加载驱动库*/
int load_module_driver(ModuleParams moduleparams)
{
int ret = CRYPT_MOD_OK;
/*加写锁*/
internal_lock(INTERNAL_EXCLUSIVE_LOCK, &drivermutex);
/*检查是否已经加载,如果已经加载过,则直接返回*/
if (driverhandle && moduleinterfaces) {
internal_unlock(&drivermutex);
return CRYPT_MOD_OK;
}
/*dlopen动态库*/
driverhandle = dlopen(moduleparams.libpath, RTLD_LAZY);
if (driverhandle == NULL) {
internal_unlock(&drivermutex);
return CRYPTO_MOD_DLOPEN_ERR;
}
/*为接口分配空间*/
moduleinterfaces = (ModuleInterfaces*)malloc(sizeof(ModuleInterfaces));
moduleinterfaces->type = moduleparams.moduletype;
moduleinterfaces->standardInterfaces = (ModuleStandardInterfaces*)malloc(sizeof(ModuleStandardInterfaces));
/*加载标准接口*/
ret = load_standard_interfaces(moduleinterfaces->standardInterfaces);
if (ret != CRYPT_MOD_OK) {
free(moduleinterfaces->standardInterfaces);
free(moduleinterfaces);
internal_unlock(&drivermutex);
return ret;
}
/*加载扩展接口*/
switch (moduleparams.moduletype)
{
case MODULE_GDAC_CARD_TYPE:
moduleinterfaces->extendInterfaces.gdacInterfaces = (ModuleGdacInterfaces*)malloc(sizeof(ModuleGdacInterfaces));
ret = load_gdac_interfaces(moduleinterfaces->extendInterfaces.gdacInterfaces);
break;
case MODULE_JNTA_KMS_TYPE:
moduleinterfaces->extendInterfaces.jntaInterfaces = (ModuleJntaInterfaces*)malloc(sizeof(ModuleJntaInterfaces));
ret = load_jnta_interfaces(moduleinterfaces->extendInterfaces.jntaInterfaces);
break;
case MODULE_SWXA_KMS_TYPE:
moduleinterfaces->extendInterfaces.swxaInterfaces = (ModuleSwxaInterfaces*)malloc(sizeof(ModuleSwxaInterfaces));
ret = load_swxa_interfaces(moduleinterfaces->extendInterfaces.swxaInterfaces);
break;
default:
free(moduleinterfaces->standardInterfaces);
free(moduleinterfaces);
internal_unlock(&drivermutex);
return CRYPTO_MOD_TYPE_INVALID_ERR;
}
if (ret != CRYPT_MOD_OK) {
if (moduleinterfaces->extendInterfaces.gdacInterfaces)
free(moduleinterfaces->extendInterfaces.gdacInterfaces);
if (moduleinterfaces->extendInterfaces.jntaInterfaces)
free(moduleinterfaces->extendInterfaces.jntaInterfaces);
if (moduleinterfaces->extendInterfaces.swxaInterfaces)
free(moduleinterfaces->extendInterfaces.swxaInterfaces);
free(moduleinterfaces->standardInterfaces);
free(moduleinterfaces);
moduleinterfaces = NULL;
internal_unlock(&drivermutex);
return ret;
}
internal_unlock(&drivermutex);
return CRYPT_MOD_OK;
}
int unload_module_driver()
{
/*加写锁*/
internal_lock(INTERNAL_EXCLUSIVE_LOCK, &drivermutex);
if (driverhandle == NULL || moduleinterfaces) {
internal_unlock(&drivermutex);
return CRYPTO_MOD_UNLOAD_ERR;
}
/*释放接口空间*/
if (moduleinterfaces->extendInterfaces.gdacInterfaces) {
free(moduleinterfaces->extendInterfaces.gdacInterfaces);
moduleinterfaces->extendInterfaces.gdacInterfaces = NULL;
}
if (moduleinterfaces->extendInterfaces.jntaInterfaces) {
free(moduleinterfaces->extendInterfaces.jntaInterfaces);
moduleinterfaces->extendInterfaces.jntaInterfaces = NULL;
}
if (moduleinterfaces->extendInterfaces.swxaInterfaces) {
free(moduleinterfaces->extendInterfaces.swxaInterfaces);
moduleinterfaces->extendInterfaces.swxaInterfaces = NULL;
}
free(moduleinterfaces->standardInterfaces);
moduleinterfaces->standardInterfaces = NULL;
free(moduleinterfaces);
moduleinterfaces = NULL;
dlclose(driverhandle);
driverhandle = NULL;
internal_unlock(&drivermutex);
return CRYPT_MOD_OK;
}
int internal_open_device(char* cfg_path)
{
/*这里调用密码硬件的接口,需要注意硬件接口返回0表示成功。*/
int ret = INTERNAL_OK;
/*判断是否已加载驱动并加载驱动接口*/
internal_lock(INTERNAL_SHARED_LOCK, &drivermutex);
if (driverhandle == NULL || moduleinterfaces == NULL) {
internal_unlock(&drivermutex);
return CRYPTO_MOD_NOT_LOADED_ERR;
}
/*大胆一些,在这里释放掉锁*/
internal_unlock(&drivermutex);
/*对设备句柄加写锁*/
internal_lock(INTERNAL_EXCLUSIVE_LOCK, &devicehandlemutex);
/*已经打开过,直接返回*/
if (devicehandle != NULL) {
internal_unlock(&devicehandlemutex);
return CRYPT_MOD_OK;
}
switch (moduleinterfaces->type)
{
case MODULE_GDAC_CARD_TYPE:
ret = moduleinterfaces->standardInterfaces->InternalOpenDevice(&devicehandle);
break;
case MODULE_SWXA_KMS_TYPE:
ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAOpenDeviceWithPathAndName((unsigned char*)cfg_path, &devicehandle);
break;
case MODULE_JNTA_KMS_TYPE:
/*江南天安从环境变量获取配置文件路径,这里设置一下*/
SET_JNTA_CFG_PATH(cfg_path);
ret = moduleinterfaces->standardInterfaces->InternalOpenDevice(&devicehandle);
break;
default:
internal_unlock(&devicehandlemutex);
return CRYPTO_MOD_TYPE_INVALID_ERR;
}
internal_unlock(&devicehandlemutex);
INTERNAL_RETURN(ret);
}
int internal_close_device()
{
int ret = INTERNAL_OK;
internal_lock(INTERNAL_EXCLUSIVE_LOCK, &devicehandlemutex);
if (devicehandle != NULL) {
ret = moduleinterfaces->standardInterfaces->InternalCloseDevice(devicehandle);
devicehandle = NULL;
}
internal_unlock(&devicehandlemutex);
INTERNAL_RETURN(ret);
}
int internal_open_session(void **sess)
{
int ret = INTERNAL_OK;
internal_lock(INTERNAL_SHARED_LOCK, &devicehandlemutex);
if (devicehandle == NULL) {
internal_unlock(&devicehandlemutex);
return CRYPTO_MOD_NOT_OPENDEVICE_ERR;
}
ret = moduleinterfaces->standardInterfaces->InternalOpenSession(devicehandle, sess);
internal_unlock(&devicehandlemutex);
INTERNAL_RETURN(ret);
}
int internal_close_session(void *sess)
{
int ret = INTERNAL_OK;
if (sess == NULL) {
return CRYPTO_MOD_NOT_OPENSESSION_ERR;
}
internal_lock(INTERNAL_SHARED_LOCK, &devicehandlemutex);
if (devicehandle == NULL) {
internal_unlock(&devicehandlemutex);
return CRYPTO_MOD_NOT_OPENDEVICE_ERR;
}
ret = moduleinterfaces->standardInterfaces->InternalCloseSession(sess);
internal_unlock(&devicehandlemutex);
INTERNAL_RETURN(ret);
}
static bool use_key_index()
{
switch (moduleinterfaces->type) {
case MODULE_GDAC_CARD_TYPE:
case MODULE_JNTA_KMS_TYPE:
return true;
case MODULE_SWXA_KMS_TYPE:
return false;
default:
return false;
}
}
static int init_gdac_key_index(void* sess)
{
int keystatus = 0;
int i =0;
int ret = INTERNAL_OK;
/*需要获取当前存在密钥的最大索引值*/
for (i = INTERNAL_MIN_INDEX_NUM; i <= INTERNAL_MAX_INDEX_NUM; i++) {
ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACGetkeyState(sess, GDAC_KEK_TYPE, (unsigned int)i, (unsigned int*)&keystatus);
if (ret != INTERNAL_OK) {
return ret;
}
if (keystatus == GDAC_KEY_NOT_EXIST) {
currnetindex = i;
break;
}
}
if (i == (INTERNAL_MAX_INDEX_NUM + 1)) {
return INTERNAL_NOBUFFER;
}
return INTERNAL_OK;
}
static int init_jnta_key_index(void* sess)
{
int ret = INTERNAL_OK;
int i = 0;
InternalKeyCtx *keyctx = NULL;
unsigned char tmpdata[] = {"12345678"};
int tmplen = 8;
unsigned char tmpiv[] = {"1234567812345678"};
int tmpivlen = 16;
unsigned char tmpout[32] = {0};
unsigned int tmpoutlen = 0;
keyctx = (InternalKeyCtx*)malloc(sizeof(InternalKeyCtx));
keyctx->session = sess;
keyctx->enc = INTERNAL_DO_ENC;
keyctx->algotype = TA_SM4;
keyctx->algomode = TA_CBC;
/*需要获取当前存在密钥的最大索引值*/
for (i = INTERNAL_MIN_INDEX_NUM; i <= INTERNAL_MAX_INDEX_NUM; i++) {
sprintf((char *)(keyctx->key), "%d",i);
keyctx->keysize = strlen((char*)(keyctx->key));
/*没有获取密钥状态接口,通过做加密判断错误发为密钥不存在*/
ret = internal_symm_encrypt(keyctx, tmpdata, tmplen, tmpiv, tmpivlen, tmpout, &tmpoutlen, NULL);
if (ret == INTERNAL_KEYNOTEXIST) {
currnetindex = i;
break;
}
memset(keyctx->key, 0x0, INTERNAL_MAX_KEY_LEN);
}
free(keyctx);
if (i == (INTERNAL_MAX_INDEX_NUM + 1)) {
return INTERNAL_NOBUFFER;
}
return INTERNAL_OK;
}
static int init_current_key_index(void* sess)
{
int ret = INTERNAL_OK;
switch (moduleinterfaces->type) {
case MODULE_GDAC_CARD_TYPE:
ret = init_gdac_key_index(sess);
break;
case MODULE_JNTA_KMS_TYPE:
ret = init_jnta_key_index(sess);
break;
case MODULE_SWXA_KMS_TYPE:
default:
break;
}
return ret;
}
int internal_generate_symm_key(void* sess, ModuleSymmKeyAlgo algo, unsigned char* key, unsigned int* keylen)
{
int ret = INTERNAL_OK;
bool useindex = use_key_index();
if (sess == NULL) {
return CRYPTO_MOD_NOT_OPENSESSION_ERR;
}
if (useindex) {
pthread_mutex_lock(&genkeymutex);
if (currnetindex == 0) {
ret = init_current_key_index(sess);
if (ret != INTERNAL_OK) {
pthread_mutex_unlock(&genkeymutex);
return ret;
}
} else if (currnetindex == (INTERNAL_MAX_INDEX_NUM + 1)) {
pthread_mutex_unlock(&genkeymutex);
return INTERNAL_NOBUFFER;
}
}
switch(moduleinterfaces->type) {
case MODULE_GDAC_CARD_TYPE:
ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACGenerateKEK(sess, get_key_len_by_algo_type(algo), currnetindex);
break;
case MODULE_JNTA_KMS_TYPE: {
unsigned int realalgo;
unsigned int realmode;
unsigned char tmpcipher[INTERNAL_MAX_KEY_LEN + 1] = {0};
unsigned int tmpcipherlen = 0;
unsigned char kcv[8] = {0};
unsigned int kcvlen = 0;
ret = get_real_symm_algo_type(moduleinterfaces->type, algo, &realalgo, &realmode);
if (ret != CRYPT_MOD_OK)
break;
ret = moduleinterfaces->extendInterfaces.jntaInterfaces->JNTAGenerateSymmKeyWithLMK(sess, (TA_SYMM_ALG)realalgo, tmpcipher, &tmpcipherlen, kcv, &kcvlen);
if (ret != INTERNAL_OK)
break;
ret = moduleinterfaces->extendInterfaces.jntaInterfaces->JNTAImportKeyCipherByLMK(sess, currnetindex, 0, 0, (TA_SYMM_ALG)realalgo, 0, NULL, 0, NULL, 0, tmpcipher, tmpcipherlen, kcv, 0);
if (ret != INTERNAL_OK)
break;
break;
}
case MODULE_SWXA_KMS_TYPE:
ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAGenerateKeyCipher(sess, get_key_len_by_algo_type(algo), key, keylen);
break;
default:
ret = CRYPTO_MOD_TYPE_INVALID_ERR;
break;
}
if (useindex) {
if (ret != CRYPT_MOD_OK && ret != INTERNAL_OK) {
pthread_mutex_unlock(&genkeymutex);
return ret;
} else {
sprintf((char*)key, "%d",currnetindex);
*keylen = strlen((char*)key);
currnetindex++;
pthread_mutex_unlock(&genkeymutex);
return CRYPT_MOD_OK;
}
}
if (ret != CRYPT_MOD_OK && ret != INTERNAL_OK) {
return ret;
} else {
return CRYPT_MOD_OK;
}
}
int internal_symm_encrypt(void *keyctx, unsigned char *indata, unsigned int inlen, unsigned char *iv, unsigned int ivlen, unsigned char *outdata, unsigned int *outlen, unsigned char *tag)
{
int ret = INTERNAL_OK;
InternalKeyCtx *tmpctx = (InternalKeyCtx *)keyctx;
unsigned char *paddingdata = NULL;
int paddinglen = 0;
unsigned char tmpiv[INTERNAL_IV_LEN + 1] = {0};
memcpy(tmpiv, iv, ivlen);
paddinglen = inlen + INTERNAL_BLOCK_LEN + 1;
paddingdata = (unsigned char *)malloc(paddinglen);
memset(paddingdata, 0x0, paddinglen);
internal_padding((char*)indata, inlen, (char*)paddingdata, &paddinglen);
switch (moduleinterfaces->type) {
case MODULE_GDAC_CARD_TYPE: {
unsigned char tmpkey[INTERNAL_MAX_KEY_LEN] = {0};
unsigned int keylen = 0;
ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACExportKEK(tmpctx->session, atoi((char*)tmpctx->key), tmpkey, &keylen);
if (ret != INTERNAL_OK)
return ret;
ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACEncryptWithIndex(tmpctx->session, tmpkey, keylen, tmpctx->algotype, tmpiv, ivlen, paddingdata, paddinglen, outdata, outlen, NULL, 0, NULL);
break;
}
case MODULE_JNTA_KMS_TYPE: {
int tmpindex = atoi((char*)(tmpctx->key));
unsigned int standardtype = 0;
transform_jnta_algo_type(tmpctx->algotype, tmpctx->algomode, &standardtype);
ret = moduleinterfaces->standardInterfaces->InternalEncrypt(tmpctx->session, (void*)&tmpindex, standardtype, tmpiv, paddingdata, paddinglen, outdata, outlen);
break;
}
case MODULE_SWXA_KMS_TYPE:
ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAEncKeyEncrypt(tmpctx->session, tmpctx->key, tmpctx->keysize, tmpctx->algotype, tmpiv, paddingdata, paddinglen, outdata, outlen);
break;
default:
ret = CRYPTO_MOD_TYPE_INVALID_ERR;
break;;
}
free(paddingdata);
INTERNAL_RETURN(ret);
}
int internal_symm_decrypt(void *keyctx, unsigned char *indata, unsigned int inlen, unsigned char *iv, unsigned int ivlen, unsigned char *outdata, unsigned int *outlen, unsigned char *tag)
{
int ret = INTERNAL_OK;
InternalKeyCtx *tmpctx = (InternalKeyCtx *)keyctx;
unsigned char tmpiv[INTERNAL_IV_LEN + 1] = {0};
memcpy(tmpiv, iv, ivlen);
switch (moduleinterfaces->type) {
case MODULE_GDAC_CARD_TYPE: {
unsigned char tmpkey[INTERNAL_MAX_KEY_LEN] = {0};
unsigned int keylen = 0;
ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACExportKEK(tmpctx->session, atoi((char*)tmpctx->key), tmpkey, &keylen);
if (ret != INTERNAL_OK)
return ret;
ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACDecryptWithIndex(tmpctx->session, tmpkey, keylen, tmpctx->algotype, tmpiv, ivlen, indata, inlen, outdata, outlen, NULL, 0, NULL);
break;
}
case MODULE_JNTA_KMS_TYPE: {
int index = atoi((char *)(tmpctx->key));
unsigned int standardtype = 0;
transform_jnta_algo_type(tmpctx->algotype, tmpctx->algomode, &standardtype);
ret = moduleinterfaces->standardInterfaces->InternalDecrypt(tmpctx->session, (void*)&index, standardtype, tmpiv, indata, inlen, outdata, outlen);
break;
}
case MODULE_SWXA_KMS_TYPE:
ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAEncKeyDecrypt(tmpctx->session, tmpctx->key, tmpctx->keysize, tmpctx->algotype, tmpiv, indata, inlen, outdata, outlen);
break;
default:
ret = CRYPTO_MOD_TYPE_INVALID_ERR;
break;
}
if (ret == INTERNAL_OK) {
return internal_unpadding((char*)outdata, (int*)outlen);
}
INTERNAL_RETURN(ret);
}
int internal_digest(void *sess, ModuleDigestAlgo algo, unsigned char * indata, unsigned int inlen, unsigned char *outdata, unsigned int *outlen)
{
int ret = CRYPT_MOD_OK;
unsigned int realtype = 0;
int position = 0;
int updatelen = 0;
ret = get_real_digest_algo_type(moduleinterfaces->type, algo, &realtype);
if (ret != CRYPT_MOD_OK) {
return ret;
}
ret = moduleinterfaces->standardInterfaces->InternalHashInit(sess, realtype, NULL, NULL, 0);
if (ret != INTERNAL_OK)
return ret;
while (inlen) {
if (inlen >= INTERNAL_MSG_BLOCK_LEN) {
updatelen = INTERNAL_MSG_BLOCK_LEN;
inlen -= INTERNAL_MSG_BLOCK_LEN;
} else {
updatelen = inlen;
inlen = 0;
}
ret = moduleinterfaces->standardInterfaces->InternalHashUpdate(sess, indata + position, updatelen);
if (ret != INTERNAL_OK)
return ret;
position += updatelen;
}
ret = moduleinterfaces->standardInterfaces->InternalHashFinal(sess, outdata, outlen);
INTERNAL_RETURN(ret);
}
/*如果传入的data为NULL,并且data_size为0,则对key自身做hmac*/
int internal_hmac(void *ctx, unsigned char * data, unsigned int data_size, unsigned char *result, size_t *result_size)
{
int ret = INTERNAL_OK;
InternalKeyCtx *tmpctx = (InternalKeyCtx *)ctx;
switch (moduleinterfaces->type) {
case MODULE_GDAC_CARD_TYPE:{
unsigned char tmpkey[INTERNAL_MAX_KEY_LEN] = {0};
unsigned int keylen = 0;
ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACExportKEK(tmpctx->session, atoi((char*)tmpctx->key), tmpkey, &keylen);
if (ret != INTERNAL_OK)
return ret;
ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACHMAC(tmpctx->session, tmpkey, keylen, tmpctx->algotype,
(data != NULL) ? data : tmpkey, (data_size != 0) ? data_size : keylen, result, (unsigned int*)result_size);
memset(tmpkey,0x0,INTERNAL_MAX_KEY_LEN);
break;
}
case MODULE_JNTA_KMS_TYPE:{
ret = moduleinterfaces->extendInterfaces.jntaInterfaces->JNTACalculateHmac(tmpctx->session, (TA_HMAC_ALG)tmpctx->algotype, atoi((char*)tmpctx->key),
NULL, 0, (data != NULL) ? data : tmpctx->key, (data_size != 0) ? data_size : tmpctx->keysize, result, (unsigned int*)result_size);
break;
}
case MODULE_SWXA_KMS_TYPE:{
ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAHMAC(tmpctx->session, tmpctx->key, tmpctx->keysize, tmpctx->algotype,
(data != NULL) ? data : tmpctx->key, (data_size != 0) ? data_size : tmpctx->keysize, result, (unsigned int*)result_size);
break;
}
default:
ret = CRYPTO_MOD_TYPE_INVALID_ERR;
break;
}
INTERNAL_RETURN(ret);
}
int internal_generate_random(void *sess, char *buffer, size_t size)
{
int ret = INTERNAL_OK;
ret = moduleinterfaces->standardInterfaces->InternalGenerateRandom(sess, size, (unsigned char*)buffer);
INTERNAL_RETURN(ret);
}
/*第一位补0x80,后面补0x00,强补,即如果inlen正好是16的整数倍,则补一个0x80和15个0x00,如果只缺一,则只补一个0x80*/
static int internal_padding(char *indata, int inlen, char *outdata, int *outlen)
{
int i = 0;
int firstpad = 0x80;
int secondpad = 0x00;
int paddlen = 0;
paddlen = INTERNAL_BLOCK_LEN - inlen%INTERNAL_BLOCK_LEN;
memcpy(outdata, indata, inlen);
for (i = 0; i < paddlen; i++) {
if (i == 0)
outdata[inlen + i] = firstpad;
else
outdata[inlen + i] = secondpad;
}
*outlen = inlen + paddlen;
return CRYPT_MOD_OK;
}
static int internal_unpadding(char *indata, int *inlen)
{
int firstpad = 0x80;
int secondpad = 0x00;
int tmplen = 0;
tmplen = *inlen - 1;
while (*(indata + tmplen) == secondpad) {
tmplen--;
}
if (tmplen >= ((*inlen) - INTERNAL_BLOCK_LEN) && *(unsigned char*)(indata + tmplen) == firstpad) {
*inlen = tmplen;
} else {
return CRYPTO_MOD_UNPADDING_ERR;
}
indata[tmplen] = '\0';
return CRYPT_MOD_OK;
}

127
contrib/common_cipher/common_internal_interfaces.h Executable file
View File

@ -0,0 +1,127 @@
#ifndef COMMON_INTERNAL_INTERFACES_H
#define COMMON_INTERNAL_INTERFACES_H
#include "common_algo.h"
#ifdef __cplusplus
extern "C" {
#endif
#define ECCref_MAX_BITS 512
#define ECCref_MAX_LEN ((ECCref_MAX_BITS+7) / 8)
/* ECC key data public key structure definition */
typedef struct ECCrefPublicKey_st
{
unsigned int bits;
unsigned char x[ECCref_MAX_LEN];
unsigned char y[ECCref_MAX_LEN];
} ECCrefPublicKey;
typedef int (*StandardOpenDevice_type)(void**);
typedef int (*StandardCloseDevice_type)(void*);
typedef int (*StandardOpenSession_type)(void*, void**);
typedef int (*StandardCloseSession_type)(void*);
typedef int (*StandardGenerateRandom_type)(void*, unsigned int, unsigned char*);
typedef int (*StandardHashInit_type)(void*, unsigned int, ECCrefPublicKey*, unsigned char*, unsigned int);
typedef int (*StandardHashUpdate_type)(void*, unsigned char*, unsigned int);
typedef int (*StandardHashFinal_type)(void*, unsigned char*, unsigned int*);
typedef int (*StandardEncrypt_type)(void*, void*, unsigned int, unsigned char*, unsigned char*, unsigned int, unsigned char*, unsigned int*);
typedef int (*StandardDecrypt_type)(void*, void*, unsigned int, unsigned char*, unsigned char*, unsigned int, unsigned char*, unsigned int*);
typedef int (*StandardDestroyKey_type)(void*, void*);
/*SDF标准接口*/
typedef struct {
StandardOpenDevice_type InternalOpenDevice; /*打开设备*/
StandardCloseDevice_type InternalCloseDevice; /*关闭设备*/
StandardOpenSession_type InternalOpenSession; /*打开会话*/
StandardCloseSession_type InternalCloseSession; /*关闭会话*/
StandardGenerateRandom_type InternalGenerateRandom; /*生成随机数*/
StandardHashInit_type InternalHashInit; /*哈希初始化*/
StandardHashUpdate_type InternalHashUpdate; /*哈希update*/
StandardHashFinal_type InternalHashFinal; /*哈希结束*/
StandardEncrypt_type InternalEncrypt; /*使用密钥句柄加密*/
StandardDecrypt_type InternalDecrypt; /*使用密钥句柄解密*/
StandardDestroyKey_type InternalDestroyKey; /*销毁密钥句柄*/
}ModuleStandardInterfaces;
typedef int (*GDACHMAC_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int*);
typedef int (*GDACGenerateKEK_type)(void*, unsigned int, unsigned int);
typedef int (*GDACEncryptWithIndex_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int*, unsigned char*, unsigned int, unsigned char*);
typedef int (*GDACDecryptWithIndex_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int*, unsigned char*, unsigned int, unsigned char*);
typedef int (*GDACExportKEK_type)(void*, unsigned int, void*, unsigned int*);
typedef int (*GDACGetkeyState_type)(void*, unsigned int, unsigned int, unsigned int*);
/*光电安辰扩展接口*/
typedef struct {
GDACHMAC_type GDACHMAC; /*hmac*/
GDACGenerateKEK_type GDACGenerateKEK; /*生成指定索引密钥*/
GDACEncryptWithIndex_type GDACEncryptWithIndex; /*使用索引密钥加密*/
GDACDecryptWithIndex_type GDACDecryptWithIndex; /*使用索引密钥解密*/
GDACExportKEK_type GDACExportKEK; /*导出KEK,不对外提供,内做索引转密钥使用*/
GDACGetkeyState_type GDACGetkeyState; /*获取密钥状态*/
}ModuleGdacInterfaces;
typedef int (*SWXAOpenDeviceWithPathAndName_type)(unsigned char*, void **);
typedef int (*SWXAHMAC_type)(void *, unsigned char *, unsigned int, unsigned int, unsigned char *, unsigned int, unsigned char *,unsigned int*);
typedef int (*SWXAGenerateKeyCipher_type)(void*, unsigned int, unsigned char*, unsigned int*);
typedef int (*SWXAEncKeyEncrypt_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned char*, unsigned int, unsigned char*, unsigned int*);
typedef int (*SWXAEncKeyDecrypt_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned char*, unsigned int, unsigned char*, unsigned int*);
/*三未信安扩展接口*/
typedef struct {
SWXAOpenDeviceWithPathAndName_type SWXAOpenDeviceWithPathAndName; /*指定配置文件路径和名称打开设备*/
SWXAHMAC_type SWXAHMAC; /*hmac*/
SWXAGenerateKeyCipher_type SWXAGenerateKeyCipher; /*生成密钥密文*/
SWXAEncKeyEncrypt_type SWXAEncKeyEncrypt; /*使用密钥密文加密*/
SWXAEncKeyDecrypt_type SWXAEncKeyDecrypt; /*使用密钥密文解密*/
}ModuleSwxaInterfaces;
typedef int (*JNTACalculateHmac_type)(void *, TA_HMAC_ALG, unsigned int, const unsigned char*, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int*);
typedef int (*JNTAGenerateSymmKeyWithLMK_type)(void *, TA_SYMM_ALG, unsigned char*, unsigned int*, unsigned char*,unsigned int*);
typedef int (*JNTAImportKeyCipherByLMK_type)(void*, unsigned int, int, int, TA_SYMM_ALG, int, const unsigned char*, unsigned int, const unsigned char*, unsigned int,
const unsigned char*, unsigned int, const unsigned char symmKcv[8], unsigned int);
/*江南天安扩展接口*/
typedef struct {
JNTACalculateHmac_type JNTACalculateHmac; /*hmac*/
JNTAGenerateSymmKeyWithLMK_type JNTAGenerateSymmKeyWithLMK; /*生成LMK加密的密钥密文*/
JNTAImportKeyCipherByLMK_type JNTAImportKeyCipherByLMK; /*导入LMK加密的密钥密文到指定的索引位置*/
}ModuleJntaInterfaces;
/*硬件提供的所有接口*/
typedef struct {
ModuleType type;
ModuleStandardInterfaces *standardInterfaces;
union {
ModuleGdacInterfaces *gdacInterfaces;
ModuleSwxaInterfaces *swxaInterfaces;
ModuleJntaInterfaces *jntaInterfaces;
}extendInterfaces;
}ModuleInterfaces;
extern int load_module_driver(ModuleParams moduleparams);
extern int unload_module_driver();
extern int internal_open_device(char* cfg_path);
extern int internal_close_device();
extern int internal_open_session(void **sess);
extern int internal_close_session(void *sess);
extern ModuleType get_current_module_type();
extern int internal_generate_symm_key(void* sess, ModuleSymmKeyAlgo algo, unsigned char* key, unsigned int* keylen);
extern int internal_symm_encrypt(void *keyctx, unsigned char *indata, unsigned int inlen, unsigned char *iv, unsigned int ivlen, unsigned char *outdata, unsigned int *outlen, unsigned char *tag);
extern int internal_symm_decrypt(void *keyctx, unsigned char *indata, unsigned int inlen, unsigned char *iv, unsigned int ivlen, unsigned char *outdata, unsigned int *outlen, unsigned char *tag);
extern int internal_digest(void *sess, ModuleDigestAlgo algo, unsigned char * indata, unsigned int inlen, unsigned char *outdata, unsigned int *outlen);
extern int internal_hmac(void *ctx, unsigned char * data, unsigned int data_size, unsigned char *result, long unsigned int *result_size);
extern int internal_generate_random(void *sess, char *buffer, long unsigned int size);
#ifdef __cplusplus
}
#endif
#endif /* COMMON_INTERNAL_INTERFACES_H */

155
contrib/common_cipher/common_utils.cpp Executable file
View File

@ -0,0 +1,155 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include "common_utils.h"
#include "common_err.h"
#include "common_algo.h"
/*去掉字符串头和尾的空格*/
static char* remove_space(char *input)
{
int header = 0;
int end = 0;
int inputlen = 0;
const char filter = ' ';
char *tmp = NULL;
if (input == NULL || input[0] == '\0') {
return NULL;
}
inputlen = strlen(input);
/*去头部空格*/
while(input[header++] == filter && header < inputlen) {
/*do nothing*/
}
end = inputlen - 1;
/*去尾部空格*/
while(input[end--] == filter && end >= (header - 1)) {
/*do nothing*/
}
tmp = (char*)malloc(inputlen + 1);
memset(tmp,0x0,inputlen + 1);
/*初始位置为header - 1,长度为(end + 1)- (header -1) + 1*/
memcpy(tmp, input + header - 1, end - header + 3);
return tmp;
}
static int set_module_params(char* k, char* v, ModuleParams *moduleparams)
{
if (IS_MODULE_TYPE(k)) {
if (moduleparams->moduletype != MODULE_INVALID_TYPE) {
return CRYPTO_MOD_TYPE_REPEATED_ERR;
}
moduleparams->moduletype = GET_MODULE_TYPE(v);
if (moduleparams->moduletype == MODULE_INVALID_TYPE) {
return CRYPTO_MOD_TYPE_INVALID_ERR;
}
} else if (IS_MODULE_LIB_PATH(k)) {
if (moduleparams->libpath[0] != '\0') {
return CRYPTO_MOD_LIBPATH_REPEATED_ERR;
}
if (v[0] == '\0' || strlen(v) >= MODULE_MAX_PATH_LEN) {
return CRYPTO_MOD_LIBPATH_INVALID_ERR;
} else {
memcpy(moduleparams->libpath, v, strlen(v));
}
} else if(IS_MODULE_CONFIG_FILE_PATH(k)) {
if (moduleparams->cfgfilepath[0] != '\0') {
return CRYPTO_MOD_CFG_PATH_REPEATED_ERR;
}
if (v[0] == '\0' || strlen(v) >= MODULE_MAX_PATH_LEN) {
return CRYPTO_MOD_CFG_PATH_INVALID_ERR;
} else {
memcpy(moduleparams->cfgfilepath, v, strlen(v));
}
} else {
return CRYPTO_MOD_UNKNOWN_PARAM_ERR;
}
return CRYPT_MOD_OK;
}
static int check_module_params(ModuleParams *moduleparams)
{
if (moduleparams->libpath[0] == '\0') {
return CRYPTO_MOD_LIBPATH_INVALID_ERR;
}
switch (moduleparams->moduletype) {
case MODULE_GDAC_CARD_TYPE:
/*光电安辰密码卡不需要配置文件*/
if (moduleparams->cfgfilepath[0] != '\0') {
return CRYPTO_MOD_PARAM_TOO_MANY_ERR;
}
break;
case MODULE_JNTA_KMS_TYPE:
/*江南天安的配置文件,需要设置为环境变量使用"TASS_GHVSM_CFG_PATH",在后面加载时自己临时设置使用*/
if (moduleparams->cfgfilepath[0] == '\0') {
return CRYPTO_MOD_CFG_PATH_INVALID_ERR;
}
break;
case MODULE_SWXA_KMS_TYPE:
/*三未信安kms使用带配置文件路径名称的接口*/
if (moduleparams->cfgfilepath[0] == '\0') {
return CRYPTO_MOD_CFG_PATH_INVALID_ERR;
}
break;
default:
return CRYPTO_MOD_TYPE_INVALID_ERR;
}
return CRYPT_MOD_OK;
}
int parse_module_params(char *paramsstring, ModuleParams *moduleparams)
{
char *p = NULL;
char *saveptr1 = NULL;
const char *split1 = ",";
const char *split2 = "=";
int ret = 0;
p = strtok_r(paramsstring, split1, &saveptr1);
while (p != NULL) {
char *q = NULL;
char *saveptr2 = NULL;
char *tmp_p = NULL;
char *tmp_ptr2 = NULL;
q = strtok_r(p, split2, &saveptr2);
tmp_p = remove_space(p);
tmp_ptr2 = remove_space(saveptr2);
ret = set_module_params(tmp_p, tmp_ptr2, moduleparams);
if (ret != CRYPT_MOD_OK) {
free(tmp_p);
free(tmp_ptr2);
return ret;
}
free(tmp_p);
free(tmp_ptr2);
q = NULL;
p = strtok_r(NULL, split1, &saveptr1);
}
return check_module_params(moduleparams);
}

52
contrib/common_cipher/common_utils.h Executable file
View File

@ -0,0 +1,52 @@
#ifndef COMMON_UTILS_H
#define COMMON_UTILS_H
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
MODULE_INVALID_TYPE = 0,
MODULE_GDAC_CARD_TYPE, /*光电安辰密码卡*/
MODULE_JNTA_KMS_TYPE, /*江南天安KMS*/
MODULE_SWXA_KMS_TYPE /*三未信安KMS*/
} ModuleType;
/*定义以下字符串宏,用来对输入的kv结构字符串做解析,获取对应的value*/
#define MODLUE_TYPE "MODLUE_TYPE"
#define MODLUE_LIB_PATH "MODLUE_LIB_PATH"
#define MODULE_CONFIG_FILE_PATH "MODULE_CONFIG_FILE_PATH"
/*支持的硬件类型字符串*/
#define MODULE_GDAC_CARD_STR "GDACCARD"
#define MODULE_JNTA_KMS_STR "JNTAKMS"
#define MODULE_SWXA_KMS_STR "SWXAKMS"
#define IS_GDAC_CARD_TYPE(s) (strcmp(s, MODULE_GDAC_CARD_STR) == 0)
#define IS_JNTA_KMS_TYPE(s) (strcmp(s, MODULE_JNTA_KMS_STR) == 0)
#define IS_SWXA_KMS_TYPE(s) (strcmp(s, MODULE_SWXA_KMS_STR) == 0)
/*字符串转为枚举类型*/
#define GET_MODULE_TYPE(s) (IS_GDAC_CARD_TYPE(s) ? MODULE_GDAC_CARD_TYPE \
: IS_JNTA_KMS_TYPE(s) ? MODULE_JNTA_KMS_TYPE \
: IS_SWXA_KMS_TYPE(s) ? MODULE_SWXA_KMS_TYPE : MODULE_INVALID_TYPE)
#define IS_MODULE_TYPE(s) (strcmp(s, MODLUE_TYPE) == 0)
#define IS_MODULE_LIB_PATH(s) (strcmp(s, MODLUE_LIB_PATH) == 0)
#define IS_MODULE_CONFIG_FILE_PATH(s) (strcmp(s, MODULE_CONFIG_FILE_PATH) == 0)
#define MODULE_MAX_PATH_LEN 1024
typedef struct {
ModuleType moduletype;
char libpath[MODULE_MAX_PATH_LEN];
char cfgfilepath[MODULE_MAX_PATH_LEN];
}ModuleParams;
extern int parse_module_params(char *paramsstring, ModuleParams *moduleparams);
#ifdef __cplusplus
}
#endif
#endif /* COMMON_UTILS_H */

321
contrib/common_cipher/test.cpp Executable file
View File

@ -0,0 +1,321 @@
#include<pthread.h>
#include<dlfcn.h>
#include<stdlib.h>
#include<stdio.h>
#include<string.h>
#define MAX_PROVIDER_NAME_LEN 128
#define MAX_ERRMSG_LEN 256
static pthread_rwlock_t drivermutex;
typedef enum {
MODULE_AES_128_CBC = 0,
MODULE_AES_128_CTR,
MODULE_AES_128_GCM,
MODULE_AES_256_CBC,
MODULE_AES_256_CTR,
MODULE_AES_256_GCM,
MODULE_SM4_CBC,
MODULE_SM4_CTR,
MODULE_HMAC_SHA256,
MODULE_HMAC_SM3,
MODULE_DETERMINISTIC_KEY,
MODULE_ALGO_MAX = 1024
} ModuleSymmKeyAlgo;
typedef enum {
MODULE_SHA256 = 0,
MODULE_SM3,
MODULE_DIGEST_MAX = 1024
} ModuleDigestAlgo;
typedef enum {
KEY_TYPE_INVALID,
KEY_TYPE_PLAINTEXT,
KEY_TYPE_CIPHERTEXT,
KEY_TYPE_NAMEORIDX,
KEY_TYPE_MAX
} KeyType;
typedef struct {
char provider_name[MAX_PROVIDER_NAME_LEN];
KeyType key_type;
int supported_symm[MODULE_ALGO_MAX]; // 不支持算法填入0或者支持算法填入1
int supported_digest[MODULE_DIGEST_MAX]; // 不支持算法填入0或者支持算法填入1
} SupportedFeature;
typedef int (*crypto_module_init_type)(char *load_info, SupportedFeature *supported_feature);
typedef int (*crypto_module_sess_init_type)(char *key_info, void **sess);
typedef void (*crypto_module_sess_exit_type)(void *sess);
typedef int (*crypto_create_symm_key_type)(void *sess, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t *key_id_size);
typedef int (*crypto_ctx_init_type)(void *sess, void **ctx, ModuleSymmKeyAlgo algo, int enc, unsigned char *key_id, size_t key_id_size);
typedef int (*crypto_result_size_type)(void *ctx, int enc, size_t data_size);
typedef void (*crypto_ctx_clean_type)(void *ctx);
typedef int (*crypto_encrypt_decrypt_type)(void *ctx, int enc, unsigned char *data, size_t data_size, unsigned char *iv, size_t iv_size, unsigned char *result, size_t *result_size, unsigned char *tag);
typedef int (*crypto_digest_type)(void *sess, ModuleDigestAlgo algo, unsigned char * data, size_t data_size,unsigned char *result, size_t *result_size);
typedef int (*crypto_hmac_init_type)(void *sess, void **ctx, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t key_id_size);
typedef void (*crypto_hmac_clean_type)(void *ctx);
typedef int (*crypto_hmac_type)(void *ctx, unsigned char * data, size_t data_size, unsigned char *result, size_t *result_size);
typedef int (*crypto_gen_random_type)(void *sess, char *buffer, size_t size);
typedef int (*crypto_deterministic_enc_dec_type)(void *sess, int enc, unsigned char *data, unsigned char *key_id, size_t key_id_size, size_t data_size, unsigned char *result, size_t *result_size);
typedef int (*crypto_get_errmsg_type)(void *sess, char *errmsg);
void *libhandle = NULL;
crypto_module_init_type crypto_module_init_use = NULL;
crypto_module_sess_init_type crypto_module_sess_init_use = NULL;
crypto_module_sess_exit_type crypto_module_sess_exit_use = NULL;
crypto_create_symm_key_type crypto_create_symm_key_use = NULL;
crypto_ctx_init_type crypto_ctx_init_use = NULL;
crypto_result_size_type crypto_result_size_use = NULL;
crypto_ctx_clean_type crypto_ctx_clean_use = NULL;
crypto_encrypt_decrypt_type crypto_encrypt_decrypt_use = NULL;
crypto_digest_type crypto_digest_use = NULL;
crypto_hmac_init_type crypto_hmac_init_use = NULL;
crypto_hmac_clean_type crypto_hmac_clean_use = NULL;
crypto_hmac_type crypto_hmac_use = NULL;
crypto_gen_random_type crypto_gen_random_use = NULL;
crypto_deterministic_enc_dec_type crypto_deterministic_enc_dec_use = NULL;
crypto_get_errmsg_type crypto_get_errmsg_use = NULL;
static void load_lib()
{
libhandle = dlopen("/home//vastbase/contrib/common_cipher/libcommoncipher.so", RTLD_LAZY);
crypto_module_init_use = (crypto_module_init_type)dlsym(libhandle, "crypto_module_init");
crypto_module_sess_init_use = (crypto_module_sess_init_type)dlsym(libhandle, "crypto_module_sess_init");
crypto_module_sess_exit_use = (crypto_module_sess_exit_type)dlsym(libhandle, "crypto_module_sess_exit");
crypto_create_symm_key_use = (crypto_create_symm_key_type)dlsym(libhandle, "crypto_create_symm_key");
crypto_ctx_init_use = (crypto_ctx_init_type)dlsym(libhandle, "crypto_ctx_init");
crypto_result_size_use = (crypto_result_size_type)dlsym(libhandle, "crypto_result_size");
crypto_ctx_clean_use = (crypto_ctx_clean_type)dlsym(libhandle, "crypto_ctx_clean");
crypto_encrypt_decrypt_use = (crypto_encrypt_decrypt_type)dlsym(libhandle, "crypto_encrypt_decrypt");
crypto_digest_use = (crypto_digest_type)dlsym(libhandle, "crypto_digest");
crypto_hmac_init_use = (crypto_hmac_init_type)dlsym(libhandle, "crypto_hmac_init");
crypto_hmac_clean_use = (crypto_hmac_clean_type)dlsym(libhandle, "crypto_hmac_clean");
crypto_hmac_use = (crypto_hmac_type)dlsym(libhandle, "crypto_hmac");
crypto_gen_random_use = (crypto_gen_random_type)dlsym(libhandle, "crypto_gen_random");
crypto_deterministic_enc_dec_use = (crypto_deterministic_enc_dec_type)dlsym(libhandle, "crypto_deterministic_enc_dec");
crypto_get_errmsg_use = (crypto_get_errmsg_type)dlsym(libhandle, "crypto_get_errmsg");
}
static void* one_thread_func(void *data)
{
int ret = 1;
int i = 0;
char options[] = {"MODLUE_TYPE=JNTAKMS,MODLUE_LIB_PATH=/home//vastbase/contrib/common_cipher/libTassSDF4GHVSM.so,MODULE_CONFIG_FILE_PATH=/home//vastbase/contrib/common_cipher/"};
SupportedFeature supportedfeature;
char errmsg[MAX_ERRMSG_LEN] = {0};
void *session = NULL;
unsigned char key[32] = {0};
long unsigned int keylen = 0;
void *keyctx = NULL;
unsigned char srcdata[] = {"12345678"};
unsigned char plaint[32] = {0};
long unsigned int plaintlen = 32;
unsigned char encdata[32] = {0};
long unsigned int enclen = 32;
unsigned char encdata2[32] = {0};
long unsigned int enclen2 = 32;
unsigned char hashdata[32] = {0};
long unsigned int hashlen = 0;
unsigned char hmacdata[32] = {0};
long unsigned int hmaclen = 0;
long unsigned int needlen = 16;
char random[32] = {0};
unsigned char iv[] = {"1234567812345678"};
ret = crypto_module_init_use(options, &supportedfeature);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_module_init error,errmsg:%s\n", errmsg);
return NULL;
} else {
printf("crypto_module_init success\n");
printf("provider_name = %s,key_type = %d\n",supportedfeature.provider_name,supportedfeature.key_type);
for (i = 0; i < MODULE_ALGO_MAX;i++) {
if (supportedfeature.supported_symm[i] == 1)
printf("supported_symm[%d]\n",i);
}
for (i = 0; i < MODULE_DIGEST_MAX;i++) {
if (supportedfeature.supported_digest[i] == 1)
printf("supported_digest[%d]\n",i);
}
}
ret = crypto_module_sess_init_use(NULL, &session);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_module_sess_init error,errmsg:%s\n", errmsg);
return NULL;
} else {
printf("crypto_module_sess_init success\n");
}
ret = crypto_create_symm_key_use(session, MODULE_SM4_CBC, key, &keylen);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_create_symm_key_use error,errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_create_symm_key_use success\n");
printf("key = %s\n",key);
}
ret = crypto_ctx_init_use(session, &keyctx, MODULE_SM4_CBC, 1, key, keylen);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_ctx_init_use error,errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_ctx_init_use success\n");
}
ret = crypto_encrypt_decrypt_use(keyctx, 1, srcdata, 8, iv, 16, encdata, &enclen, NULL);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_encrypt_decrypt_use enc error,errmsg:%s\n", errmsg);
crypto_ctx_clean_use(keyctx);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_encrypt_decrypt_use enc success\n");
}
ret = crypto_encrypt_decrypt_use(keyctx, 0, encdata, enclen, iv, 16, plaint, &plaintlen, NULL);
if (ret != 1 || strcmp((char*)plaint, (char*)srcdata))
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_encrypt_decrypt_use dec error,errmsg:%s\n", errmsg);
crypto_ctx_clean_use(keyctx);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_encrypt_decrypt_use dec success\n");
}
printf("enc nedd len:%d\n",crypto_result_size_use(keyctx, 1, needlen));
printf("dec nedd len:%d\n",crypto_result_size_use(keyctx, 0, needlen));
crypto_ctx_clean_use(keyctx);
ret = crypto_digest_use(session, MODULE_SM3, plaint, plaintlen, hashdata, &hashlen);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_digest_use error,errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_digest_use success\n");
printf("hashlen = %ld\n", hashlen);
}
ret = crypto_hmac_init_use(session, &keyctx, MODULE_HMAC_SM3, key, keylen);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_hmac_init_use error,errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_hmac_init_use success\n");
}
ret = crypto_hmac_use(keyctx, plaint, plaintlen, hmacdata, &hmaclen);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_hmac_use error,errmsg:%s\n", errmsg);
crypto_hmac_clean_use(keyctx);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_hmac_use success\n");
printf("hmaclen = %ld\n", hmaclen);
}
crypto_hmac_clean_use(keyctx);
ret = crypto_gen_random_use(session, random, 31);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_gen_random_use error,errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_gen_random_use success\n");
}
ret = crypto_deterministic_enc_dec_use(session, 1, plaint, key, keylen, plaintlen, encdata, &enclen);
if (ret != 1)
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_deterministic_enc_dec_use1 enc error,errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_deterministic_enc_dec_use1 enc success\n");
}
ret = crypto_deterministic_enc_dec_use(session, 1, plaint, key, keylen, plaintlen, encdata2, &enclen2);
if (ret != 1 || strcmp((char*)encdata, (char*)encdata2))
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_deterministic_enc_dec_use2 enc error,errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_deterministic_enc_dec_use2 enc success\n");
}
ret = crypto_deterministic_enc_dec_use(session, 0, encdata2, key, keylen, enclen2, plaint, &plaintlen);
if (ret != 1 || strcmp((char*)plaint, (char*)srcdata))
{
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_deterministic_enc_dec_use2 dec error,errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
} else {
printf("crypto_deterministic_enc_dec_use2 dec success\n");
}
crypto_get_errmsg_use(NULL, errmsg);
printf("crypto_get_errmsg_use errmsg:%s\n", errmsg);
crypto_module_sess_exit_use(session);
return NULL;
}
int main()
{
pthread_t t1, t2, t3, t4;
load_lib();
pthread_create(&t1,0,one_thread_func,NULL);
pthread_create(&t2,0,one_thread_func,NULL);
pthread_create(&t3,0,one_thread_func,NULL);
pthread_create(&t4,0,one_thread_func,NULL);
pthread_join(t1,NULL);
pthread_join(t2,NULL);
pthread_join(t3,NULL);
pthread_join(t4,NULL);
return 0;
}