From 1046a3b4634ba0c956bb58aea122f16e31b6f2b8 Mon Sep 17 00:00:00 2001 From: lyoursly Date: Tue, 27 Aug 2024 17:26:39 +0800 Subject: [PATCH] =?UTF-8?q?=E6=8F=90=E4=BA=A4=E7=A1=AC=E4=BB=B6=E5=AF=86?= =?UTF-8?q?=E7=A0=81=E6=A8=A1=E5=9D=97=E6=8E=A5=E5=8F=A3=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- GNUmakefile.in | 4 + contrib/common_cipher/Makefile | 14 + contrib/common_cipher/README.md | 18 + contrib/common_cipher/common_algo.cpp | 300 +++++++ contrib/common_cipher/common_algo.h | 124 +++ contrib/common_cipher/common_cipher.cpp | 538 ++++++++++++ contrib/common_cipher/common_cipher.h | 275 ++++++ contrib/common_cipher/common_err.cpp | 126 +++ contrib/common_cipher/common_err.h | 89 ++ .../common_internal_interfaces.cpp | 796 ++++++++++++++++++ .../common_internal_interfaces.h | 127 +++ contrib/common_cipher/common_utils.cpp | 155 ++++ contrib/common_cipher/common_utils.h | 52 ++ contrib/common_cipher/test.cpp | 321 +++++++ 14 files changed, 2939 insertions(+) create mode 100755 contrib/common_cipher/Makefile create mode 100644 contrib/common_cipher/README.md create mode 100755 contrib/common_cipher/common_algo.cpp create mode 100755 contrib/common_cipher/common_algo.h create mode 100755 contrib/common_cipher/common_cipher.cpp create mode 100755 contrib/common_cipher/common_cipher.h create mode 100755 contrib/common_cipher/common_err.cpp create mode 100755 contrib/common_cipher/common_err.h create mode 100755 contrib/common_cipher/common_internal_interfaces.cpp create mode 100755 contrib/common_cipher/common_internal_interfaces.h create mode 100755 contrib/common_cipher/common_utils.cpp create mode 100755 contrib/common_cipher/common_utils.h create mode 100755 contrib/common_cipher/test.cpp diff --git a/GNUmakefile.in b/GNUmakefile.in index 2e95bfab4..456761e73 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -63,6 +63,7 @@ install: $(MAKE) -C $(root_builddir)/distribute/kernel/extension/dimsearch $@ $(MAKE) -C contrib/security_plugin $@ $(MAKE) -C $(root_builddir)/distribute/kernel/extension/tsdb $@ + $(MAKE) -C contrib/common_cipher $@ +@echo "openGauss installation complete." else ifeq ($(enable_privategauss), yes) @@ -75,6 +76,7 @@ install: $(MAKE) -C contrib/hstore $@ $(MAKE) -C $(root_builddir)/privategauss/kernel/extension/packages $@ $(MAKE) -C $(root_builddir)/contrib/gsredistribute $@ + $(MAKE) -C contrib/common_cipher $@ +@echo "openGauss installation complete." else install: @@ -84,6 +86,7 @@ install: $(MAKE) -C contrib/postgres_fdw $@ $(MAKE) -C contrib/hstore $@ $(MAKE) -C $(root_builddir)/privategauss/kernel/extension/packages $@ + $(MAKE) -C contrib/common_cipher $@ +@echo "openGauss installation complete." endif else @@ -95,6 +98,7 @@ install: $(MAKE) -C contrib/hstore $@ $(MAKE) -C contrib/dblink $@ $(MAKE) -C contrib/ndpplugin $@ + $(MAKE) -C contrib/common_cipher $@ @if test -d contrib/spq_plugin; then $(MAKE) -C contrib/spq_plugin $@; fi @if test -d contrib/dolphin; then $(MAKE) -C contrib/dolphin $@; fi @if test -d contrib/age; then $(MAKE) -C contrib/age $@; fi diff --git a/contrib/common_cipher/Makefile b/contrib/common_cipher/Makefile new file mode 100755 index 000000000..1fed3612d --- /dev/null +++ b/contrib/common_cipher/Makefile @@ -0,0 +1,14 @@ +# contrib/common_cipher/Makefile + +SRCS = common_err.cpp common_utils.cpp common_algo.cpp common_internal_interfaces.cpp common_cipher.cpp + +MODULE_big = common_cipher +OBJS = $(SRCS:.cpp=.o) + +subdir = contrib/common_cipher +top_builddir = ../.. +include $(top_builddir)/src/Makefile.global +include $(top_srcdir)/contrib/contrib-global.mk + +override CPPFLAGS := -fPIC -shared +override CFLAGS := -fPIC -shared diff --git a/contrib/common_cipher/README.md b/contrib/common_cipher/README.md new file mode 100644 index 000000000..67efc64ac --- /dev/null +++ b/contrib/common_cipher/README.md @@ -0,0 +1,18 @@ +动态库使用说明: +a.硬件动态库中目前适配的三种硬件信息如下: +三未信安密钥管理系统,型号SYT1306 +江南天安密钥管理系统,型号SJJ1988 +光电安辰PCI-E密码卡,型号TOEC-GMPCIE01 + +b.硬件动态库使用需要配置的入参 +指定所使用的硬件,必须项,取值范围["GDACCARD" "JNTAKMS" "SWXAKMS"]。 +指定具体硬件提供so所在路径,必须项。 +硬件配置文件所在路径:密钥管理系统需要配置此变量,指定kms的配置文件路径,可选项。 +江南天安配置文件只需要传入路径,三未信安需要带配置文件名称。 +配置示例: +MODLUE_TYPE=GDACCARD,MODLUE_LIB_PATH=/home/lib/libsdf.so +MODLUE_TYPE=JNTAKMS,MODLUE_LIB_PATH=/home/lib/libsdf.so,MODULE_CONFIG_FILE_PATH=/home/etc/ +MODLUE_TYPE=SWXAKMS,MODLUE_LIB_PATH=/home/lib/libsdf.so,MODULE_CONFIG_FILE_PATH=/home/etc/xxx.ini + +使用具体的接口详见:common_cipher.h + diff --git a/contrib/common_cipher/common_algo.cpp b/contrib/common_cipher/common_algo.cpp new file mode 100755 index 000000000..65ac296d6 --- /dev/null +++ b/contrib/common_cipher/common_algo.cpp @@ -0,0 +1,300 @@ +#include "common_algo.h" +#include "common_cipher.h" +#include "common_err.h" +#include "common_utils.h" + +#define SUPPORTED 1 +#define UNSUPPORTED 0 + + +static void set_gdac_supported_feature(SupportedFeature *supported_feature) +{ + memcpy(supported_feature->provider_name, MODULE_GDAC_CARD_STR, strlen(MODULE_GDAC_CARD_STR)); + + /*光电安辰提供了扩展的生成内部KEK接口,可以支持索引*/ + supported_feature->key_type = KEY_TYPE_NAMEORIDX; + + supported_feature->supported_symm[MODULE_AES_128_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_AES_256_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_SM4_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_HMAC_SHA256] = SUPPORTED; + supported_feature->supported_symm[MODULE_HMAC_SM3] = SUPPORTED; + supported_feature->supported_symm[MODULE_DETERMINISTIC_KEY] = SUPPORTED; + + supported_feature->supported_digest[MODULE_SHA256] = SUPPORTED; + supported_feature->supported_digest[MODULE_SM3] = SUPPORTED; +} + +static void set_swxa_supported_feature(SupportedFeature *supported_feature) +{ + memcpy(supported_feature->provider_name, MODULE_SWXA_KMS_STR, strlen(MODULE_SWXA_KMS_STR)); + + /*三未信安提供了生成密钥密文的接口,可以支持密钥密文。*/ + supported_feature->key_type = KEY_TYPE_CIPHERTEXT; + + supported_feature->supported_symm[MODULE_AES_128_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_AES_256_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_SM4_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_AES_128_CTR] = SUPPORTED; + supported_feature->supported_symm[MODULE_AES_256_CTR] = SUPPORTED; + supported_feature->supported_symm[MODULE_SM4_CTR] = SUPPORTED; + supported_feature->supported_symm[MODULE_HMAC_SHA256] = SUPPORTED; + supported_feature->supported_symm[MODULE_HMAC_SM3] = SUPPORTED; + supported_feature->supported_symm[MODULE_DETERMINISTIC_KEY] = SUPPORTED; + + supported_feature->supported_digest[MODULE_SHA256] = SUPPORTED; + supported_feature->supported_digest[MODULE_SM3] = SUPPORTED; +} + + +static void set_jnta_supported_feature(SupportedFeature *supported_feature) +{ + memcpy(supported_feature->provider_name, MODULE_JNTA_KMS_STR, strlen(MODULE_JNTA_KMS_STR)); + + /*江南天安提供了生成密钥密文和导入密钥密文到指定索引的接口,可以支持密钥索引。*/ + supported_feature->key_type = KEY_TYPE_NAMEORIDX; + + supported_feature->supported_symm[MODULE_AES_128_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_AES_256_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_SM4_CBC] = SUPPORTED; + supported_feature->supported_symm[MODULE_HMAC_SHA256] = SUPPORTED; + supported_feature->supported_symm[MODULE_HMAC_SM3] = SUPPORTED; + supported_feature->supported_symm[MODULE_DETERMINISTIC_KEY] = SUPPORTED; + + supported_feature->supported_digest[MODULE_SHA256] = SUPPORTED; + supported_feature->supported_digest[MODULE_SM3] = SUPPORTED; +} + +int get_supported_feature(ModuleType type, SupportedFeature *supported_feature) +{ + if (supported_feature == NULL) { + return CRYPTO_MOD_PARAM_INVALID_ERR; + } + + memset(supported_feature->provider_name, 0x0, MAX_PROVIDER_NAME_LEN); + memset(supported_feature->supported_symm, UNSUPPORTED, sizeof(supported_feature->supported_symm)); + memset(supported_feature->supported_digest, UNSUPPORTED, sizeof(supported_feature->supported_digest)); + supported_feature->key_type = KEY_TYPE_INVALID; + + switch (type) { + case MODULE_GDAC_CARD_TYPE: + set_gdac_supported_feature(supported_feature); + break; + case MODULE_JNTA_KMS_TYPE: + set_jnta_supported_feature(supported_feature); + break; + case MODULE_SWXA_KMS_TYPE: + set_swxa_supported_feature(supported_feature); + break; + default: + return CRYPTO_MOD_TYPE_INVALID_ERR; + } + + return CRYPT_MOD_OK; +} + +static int get_gdac_symm_algo_type(ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype) +{ + switch (symmalgotype) { + case MODULE_AES_128_CBC: + *realtype = GDAC_AES128_CBC; + break; + case MODULE_AES_256_CBC: + *realtype = GDAC_AES256_CBC; + break; + case MODULE_SM4_CBC: + *realtype = GDAC_SM4_CBC; + break; + case MODULE_HMAC_SHA256: + *realtype = GDAC_HMAC_SHA256; + break; + case MODULE_HMAC_SM3: + *realtype = GDAC_HMAC_SM3; + break; + default: + return CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR; + } + + return CRYPT_MOD_OK; +} + +static int get_swxa_symm_algo_type(ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype) +{ + switch (symmalgotype) { + case MODULE_AES_128_CBC: + case MODULE_AES_256_CBC: + *realtype = SWXA_AES_CBC; + break; + case MODULE_AES_128_CTR: + case MODULE_AES_256_CTR: + *realtype = SWXA_AES_CTR; + break; + case MODULE_SM4_CBC: + *realtype = SWXA_SMS4_CBC; + break; + case MODULE_SM4_CTR: + *realtype = SWXA_SMS4_CTR; + break; + case MODULE_HMAC_SHA256: + *realtype = SWXA_SHA256; + break; + case MODULE_HMAC_SM3: + *realtype = SWXA_SM3; + break; + default: + return CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR; + } + + return CRYPT_MOD_OK; +} + +static int get_jnta_symm_algo_type(ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype, unsigned int* realmode) +{ + switch (symmalgotype) { + case MODULE_AES_128_CBC: + *realtype = TA_AES128; + *realmode = TA_CBC; + break; + case MODULE_AES_256_CBC: + *realtype = TA_AES256; + *realmode = TA_CBC; + break; + case MODULE_SM4_CBC: + *realtype = TA_SM4; + *realmode = TA_CBC; + break; + case MODULE_HMAC_SHA256: + *realtype = TA_HMAC_SHA256; + break; + case MODULE_HMAC_SM3: + *realtype = TA_HMAC_SM3; + break; + default: + return CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR; + } + + return CRYPT_MOD_OK; +} + +int get_real_symm_algo_type(ModuleType moduletype, ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype, unsigned int* realmode) +{ + /*严格加解密,不属于硬件密码模块内部算法类型,在库中直接自行处理*/ + if (symmalgotype == MODULE_DETERMINISTIC_KEY) { + *realtype = MODULE_DETERMINISTIC_KEY; + + return CRYPT_MOD_OK; + } + + switch (moduletype) { + case MODULE_GDAC_CARD_TYPE: + return get_gdac_symm_algo_type(symmalgotype, realtype); + case MODULE_JNTA_KMS_TYPE: + return get_jnta_symm_algo_type(symmalgotype, realtype, realmode); + case MODULE_SWXA_KMS_TYPE: + return get_swxa_symm_algo_type(symmalgotype, realtype); + default: + return CRYPTO_MOD_TYPE_INVALID_ERR; + } + + return CRYPT_MOD_OK; +} + +void transform_jnta_algo_type(unsigned int type, unsigned int mode, unsigned int *standardtype) +{ + switch (type) { + case TA_AES128: + case TA_AES256: + if (mode == TA_CBC) { + *standardtype = TA_AES_CBC; + } + break; + case TA_SM4: + if (mode == TA_CBC) { + *standardtype = TA_SM4_CBC; + } + break; + default: + break; + } +} + +static int get_gdac_digest_algo_type(ModuleDigestAlgo type, unsigned int* realtype) +{ + switch (type) { + case MODULE_SHA256: + *realtype = GDAC_SHA256; + break; + case MODULE_SM3: + *realtype = GDAC_SM3; + break; + default: + return CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR; + } + + return CRYPT_MOD_OK; +} + +static int get_swxa_digest_algo_type(ModuleDigestAlgo type, unsigned int* realtype) +{ + switch (type) { + case MODULE_SHA256: + *realtype = SWXA_SHA256; + break; + case MODULE_SM3: + *realtype = SWXA_SM3; + break; + default: + return CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR; + } + + return CRYPT_MOD_OK; +} + +static int get_jnta_digest_algo_type(ModuleDigestAlgo type, unsigned int* realtype) +{ + switch (type) { + case MODULE_SHA256: + *realtype = TA_SHA256; + break; + case MODULE_SM3: + *realtype = TA_SM3; + break; + default: + return CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR; + } + + return CRYPT_MOD_OK; +} + +int get_real_digest_algo_type(ModuleType moduletype, ModuleDigestAlgo type, unsigned int* realtype) +{ + switch (moduletype) { + case MODULE_GDAC_CARD_TYPE: + return get_gdac_digest_algo_type(type, realtype); + case MODULE_JNTA_KMS_TYPE: + return get_jnta_digest_algo_type(type, realtype); + case MODULE_SWXA_KMS_TYPE: + return get_swxa_digest_algo_type(type, realtype); + default: + return CRYPTO_MOD_TYPE_INVALID_ERR; + } + + return CRYPT_MOD_OK; +} + +int get_key_len_by_algo_type(ModuleSymmKeyAlgo type) +{ + switch (type) { + case MODULE_AES_128_CBC: + case MODULE_AES_128_CTR: + case MODULE_SM4_CBC: + case MODULE_SM4_CTR: + return INTERNAL_KEY_128_BITS; + case MODULE_AES_256_CBC: + case MODULE_AES_256_CTR: + return INTERNAL_KEY_256_BITS; + default: + return INTERNAL_KEY_128_BITS; + } + +} diff --git a/contrib/common_cipher/common_algo.h b/contrib/common_cipher/common_algo.h new file mode 100755 index 000000000..9b88e4030 --- /dev/null +++ b/contrib/common_cipher/common_algo.h @@ -0,0 +1,124 @@ +#ifndef COMMON_ALGO_H +#define COMMON_ALGO_H + +#include "common_cipher.h" +#include "common_utils.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/*密钥索引最大值1024,最小值1*/ + +#define INTERNAL_MIN_INDEX_NUM 1 +#define INTERNAL_MAX_INDEX_NUM 1024 + +/*光电安辰相关宏定义*/ + +/*光电安辰卡内密钥类型*/ +#define GDAC_KEK_TYPE 9 + +/*光电安辰卡内密钥状态*/ +#define GDAC_KEY_EXIST 0x100000 +#define GDAC_KEY_NOT_EXIST 0 + + +/*对称算法模式*/ +#define GDAC_MODE_CBC 0x00000002 + +/*对称算法类型*/ +#define GDAC_SM4 0x00000400 +#define GDAC_AES128 0x00004000 +#define GDAC_AES256 0x00008000 + +/*对称算法及模式*/ +#define GDAC_SM4_CBC (GDAC_SM4|GDAC_MODE_CBC) +#define GDAC_AES128_CBC (GDAC_AES128|GDAC_MODE_CBC) +#define GDAC_AES256_CBC (GDAC_AES256|GDAC_MODE_CBC) + +/*摘要算法*/ +#define GDAC_SM3 0x00000001 +#define GDAC_SHA256 0x00000004 + +/*HMAC算法*/ +#define GDAC_HMAC_SM3 0x00100001 +#define GDAC_HMAC_SHA256 0x00100004 + +/*三未信安相关宏定义*/ + +/*对称算法及模式*/ +#define SWXA_SMS4_CBC 0x00000402 +#define SWXA_SMS4_CTR 0x00000420 + +#define SWXA_AES_CBC 0x00002002 +#define SWXA_AES_CTR 0x00002020 + +/*摘要算法,三未的hmac指定算法和摘要算法相同即可*/ +#define SWXA_SM3 0x00000001 +#define SWXA_SHA256 0x00000004 + +/*江南天安相关*/ + +typedef enum { + TA_HMAC_SHA256 = 6, + TA_HMAC_SM3 = 20, +}TA_HMAC_ALG; + +typedef enum { + TA_AES128 = 3, + TA_AES256 = 5, + TA_SM4 = 7, +}TA_SYMM_ALG; + +typedef enum { + TA_CBC = 1, +}TA_SYMM_MODE; + +typedef enum { + TA_SM3 = 1, + TA_SHA256 = 4, +}TA_HASH_ALG; + + +#define TA_SM4_CBC 0X00000402 +#define TA_AES_CBC 0x80000202 + +/*内部通用宏定义*/ +#define INTERNAL_DO_ENC 1 +#define INTERNAL_DO_DEC 0 + +#define INTERNAL_MAX_KEY_LEN 32 + +#define INTERNAL_BLOCK_LEN 16 + +#define INTERNAL_IV_LEN 16 + +#define INTERNAL_HMAC_LEN 32 + +#define INTERNAL_MSG_BLOCK_LEN 8192 + +#define INTERNAL_KEY_128_BITS 128 +#define INTERNAL_KEY_256_BITS 256 + + +typedef struct { + void *session; /*和硬件建立的会话*/ + unsigned int algotype; /*算法类型*/ + unsigned int algomode; /*算法模式,江南天安使用;光电安辰和三未信安algotype已包含模式*/ + int enc; /*0表示解密,1表示加密*/ + unsigned int keysize; /*key的长度*/ + unsigned char key[INTERNAL_MAX_KEY_LEN]; /*存储密钥id/密钥密文值/密钥明文值,AES256密钥长度32*/ +}InternalKeyCtx; + + +extern int get_supported_feature(ModuleType type, SupportedFeature *supported_feature); +extern int get_real_symm_algo_type(ModuleType moduletype, ModuleSymmKeyAlgo symmalgotype, unsigned int* realtype, unsigned int* realmode); +extern int get_real_digest_algo_type(ModuleType moduletype, ModuleDigestAlgo type, unsigned int* realtype); +extern int get_key_len_by_algo_type(ModuleSymmKeyAlgo type); +extern void transform_jnta_algo_type(unsigned int type, unsigned int mode, unsigned int *standardtype); + +#ifdef __cplusplus +} +#endif + +#endif /* COMMON_ALGO_H */ diff --git a/contrib/common_cipher/common_cipher.cpp b/contrib/common_cipher/common_cipher.cpp new file mode 100755 index 000000000..a020fd63b --- /dev/null +++ b/contrib/common_cipher/common_cipher.cpp @@ -0,0 +1,538 @@ +#include "common_cipher.h" +#include "common_err.h" +#include "common_utils.h" +#include "common_internal_interfaces.h" + +/** 初始化密码模块 + * + * @param[in] + * load_info 密码模块相关信息(硬件设备口令,硬件设备、硬件库路径等),通过kv方式传入 + * + * @param[out] + * supported_feature 返回当前密码模块支持的加密方式,参考上述结构体 + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + * 示例: + * 用户设置GUC参数crypto_module_info = 'enable_crypto_module=on,module_third_msg=aaa' + * 传入接口时load_info = 'aaa' + */ +int crypto_module_init(char *load_info, SupportedFeature *supported_feature) +{ + int ret = CRYPT_MOD_OK; + + ModuleParams moduleparams; + + memset(&moduleparams, 0x0, sizeof(ModuleParams)); + + /* 1.解析load_info获取加载密码模块的参数*/ + ret = parse_module_params(load_info, &moduleparams); + if (ret != CRYPT_MOD_OK) { + goto err; + } + + /* 2.根据密码模块类型填充supported_feature*/ + ret = get_supported_feature(moduleparams.moduletype, supported_feature); + if (ret != CRYPT_MOD_OK) { + + goto err; + } + + /* 3.dlopen打开密码模块驱动库,并加载接口函数*/ + ret = load_module_driver(moduleparams); + if (ret != CRYPT_MOD_OK) { + goto err; + } + + /* 4.打开设备*/ + ret = internal_open_device(moduleparams.cfgfilepath); + if (ret != CRYPT_MOD_OK) { + goto err; + } + + return CRYPT_MOD_OK; +err: + /*可能已经打开/加载,尝试释放*/ + (void)internal_close_device(); + (void)unload_module_driver(); + set_thread_errno(ret); + return ret; + +} + +/** 会话中连接密码模块 + * + * @param[in] + * key_info 密码相关信息(用户口令等信息),通过kv方式传入 + * + * @param[out] + * sess 会话信息 + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + * 示例: + * 用户设置GUC参数tde_key_info = 'keyType=third_kms, keyThirdMsg =bbb' + * 传入接口时key_info = 'bbb' + */ +int crypto_module_sess_init(char *key_info, void **sess) +{ + int ret = CRYPT_MOD_OK; + + ret = internal_open_session(sess); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + } + + return ret; +} + +/** 会话中断开连接密码模块 + * + * @param[in] + * sess 会话信息 + * + * @param[out] + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +void crypto_module_sess_exit(void *sess) +{ + int ret = CRYPT_MOD_OK; + + ret = internal_close_session(sess); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + } + +} + +/** 创建密钥 + * + * @param[in] + * sess 会话信息 + * algo 密钥使用场景的算法 + * + * @param[out] + * key_id 返回生成密钥/密钥ID/密钥密文 + * key_id_size 返回生成内容长度 + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_create_symm_key(void *sess, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t *key_id_size) +{ + int ret = CRYPT_MOD_OK; + + ret = internal_generate_symm_key(sess, algo, key_id, (unsigned int*)key_id_size); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + } + + return ret; +} + +/** 密钥上下文初始化,后续进行加解密可直接使用上下文 + * + * @param[in] + * sess 会话信息 + * algo 加密算法 + * enc 加密1、解密0 + * key_id 密码信息 + * key_id_size 密码信息长度 + * @param[out] + * ctx 返回使用密钥信息 + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_ctx_init(void *sess, void **ctx, ModuleSymmKeyAlgo algo, int enc, unsigned char *key_id, size_t key_id_size) +{ + InternalKeyCtx *keyctx = NULL; + int ret = CRYPT_MOD_OK; + + if (sess == NULL) { + return CRYPTO_MOD_NOT_OPENSESSION_ERR; + } + + if (enc != INTERNAL_DO_DEC && enc != INTERNAL_DO_ENC) { + return CRYPTO_MOD_INVALID_CRYPTO_TYPE_ERR; + } + + if (key_id == NULL || key_id[0] == '\0' || key_id_size <= 0 || key_id_size > INTERNAL_MAX_KEY_LEN) { + return CRYPTO_MOD_INVALID_KEY_ERR; + } + + keyctx = (InternalKeyCtx*)malloc(sizeof(InternalKeyCtx)); + + keyctx->session = sess; + + ret = get_real_symm_algo_type(get_current_module_type(), algo, &(keyctx->algotype), &(keyctx->algomode)); + if (ret != CRYPT_MOD_OK) { + free(keyctx); + return ret; + } + + keyctx->enc = enc; + + memset(keyctx->key, 0x0, sizeof(keyctx->key)); + memcpy(keyctx->key, key_id, key_id_size); + keyctx->keysize = key_id_size; + + *ctx = keyctx; + + return CRYPT_MOD_OK; +} + +/** 获取数据加解密后的数据长度 + * + * @param[in] + * ctx 加解密上下文信息 + * enc 加密1、解密0 + * data_size 返回加解密结果长度 + * @return 返回数据长度 + * + */ +int crypto_result_size(void *ctx, int enc, size_t data_size) +{ + if (ctx == NULL) { + return CRYPTO_MOD_INVALID_KEY_CTX_ERR; + } + + if (enc == INTERNAL_DO_DEC) { + return data_size; + } else if (enc == INTERNAL_DO_ENC) { + return (data_size + INTERNAL_BLOCK_LEN); + } else + return CRYPTO_MOD_INVALID_CRYPTO_TYPE_ERR; +} + +/** 密钥上下文清理 + * + * @param[in] + * ctx 加解密上下文信息 + * @param[out] + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +void crypto_ctx_clean(void *ctx) +{ + if (ctx) { + free(ctx); + ctx = NULL; + } +} + +/** 执行加解密 + * + * @param[in] + * ctx 加解密上下文信息 + * enc 加密1、解密0 + * data 原数据信息 + * data_size 原数据长度 + * iv iv信息 + * iv_size iv信息长度 + * tag GCM模式的校验值 + * @param[out] + * result 返回结果信息 + * result_size 返回结果信息长度 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_encrypt_decrypt(void *ctx, int enc, unsigned char *data, size_t data_size, unsigned char *iv, size_t iv_size, unsigned char *result, size_t *result_size, unsigned char *tag) +{ + int ret = CRYPT_MOD_OK; + + if ((enc == INTERNAL_DO_ENC && *result_size < (data_size + INTERNAL_BLOCK_LEN)) + || (enc == INTERNAL_DO_DEC && *result_size < data_size)) { + set_thread_errno(CRYPTO_MOD_NOT_ENOUGH_SPACE_ERR); + return CRYPTO_MOD_NOT_ENOUGH_SPACE_ERR; + } + + if (enc == INTERNAL_DO_ENC) { + ret = internal_symm_encrypt(ctx, data, data_size, iv, iv_size, result, (unsigned int*)result_size, tag); + } else if (enc == INTERNAL_DO_DEC) { + ret = internal_symm_decrypt(ctx, data, data_size, iv, iv_size, result, (unsigned int*)result_size, tag); + } + + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + } + + return ret; + +} + +/** 计算摘要 + * + * @param[in] + * sess 会话信息 + * algo 摘要算法 + * data 原数据信息 + * data_size 原数据长度 + * @param[out] + * result 返回结果信息 + * result_size 返回结果信息长度 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_digest(void *sess, ModuleDigestAlgo algo, unsigned char * data, size_t data_size,unsigned char *result, size_t *result_size) +{ + int ret = CRYPT_MOD_OK; + + ret = internal_digest(sess, algo, data, data_size, result, (unsigned int*)result_size); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + } + + return ret; +} + +/** hmac初始化 + * + * @param[in] + * sess 会话信息 + * algo 摘要算法 + * key_id 密码信息 + * key_id_size 密码信息长度 + * @param[out] + * ctx 返回密钥上下文 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_hmac_init(void *sess, void **ctx, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t key_id_size) +{ + InternalKeyCtx *keyctx = NULL; + int ret = CRYPT_MOD_OK; + + if (sess == NULL) { + return CRYPTO_MOD_NOT_OPENSESSION_ERR; + } + + if (key_id == NULL || key_id[0] == '\0' || key_id_size <= 0 || key_id_size > INTERNAL_MAX_KEY_LEN) { + return CRYPTO_MOD_INVALID_KEY_ERR; + } + + keyctx = (InternalKeyCtx*)malloc(sizeof(InternalKeyCtx)); + + + keyctx->session = sess; + + ret = get_real_symm_algo_type(get_current_module_type(), algo, &(keyctx->algotype), &(keyctx->algomode)); + if (ret != CRYPT_MOD_OK) { + free(keyctx); + return ret; + } + + memcpy(keyctx->key, key_id, key_id_size); + keyctx->keysize = key_id_size; + + *ctx = keyctx; + + return ret; +} + +/** hmac清理 + * + * @param[in] + * ctx 密钥上下文信息 + * + * @param[out] + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +void crypto_hmac_clean(void *ctx) +{ + if (ctx) { + free(ctx); + ctx = NULL; + } +} + +/** 执行hmac计算 + * + * @param[in] + * ctx 密钥上下文信息 + * data 原数据信息 + * data_size 原数据长度 + * @param[out] + * result 返回结果信息 + * result_size 返回结果信息长度 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_hmac(void *ctx, unsigned char * data, size_t data_size, unsigned char *result, size_t *result_size) +{ + int ret = CRYPT_MOD_OK; + + ret = internal_hmac(ctx, data, data_size, result, result_size); + if (ret != CRYPT_MOD_OK) + set_thread_errno(ret); + + return ret; +} + +/** 生成随机数 + * + * @param[in] + * sess 会话信息 + * size 申请的随机信息长度 + * + * @param[out] + * buffer 返回随机信息 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_gen_random(void *sess, char *buffer, size_t size) +{ + int ret = CRYPT_MOD_OK; + + ret = internal_generate_random(sess, buffer, size); + if (ret != CRYPT_MOD_OK) + set_thread_errno(ret); + + return ret; + +} + +/** 执行确定性加解密 + * + * @param[in] + * sess 会话信息 + * enc 加密1、解密0 + * data 原数据信息 + * data_size 原数据长度 + * key_id 密钥信息 + * key_id_size 密钥信息长度 + * @param[out] + * result 返回结果信息 + * result_size 返回结果信息长度 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_deterministic_enc_dec(void *sess, int enc, unsigned char *data, unsigned char *key_id, size_t key_id_size, size_t data_size, unsigned char *result, size_t *result_size) +{ + int ret = CRYPT_MOD_OK; + void *tmpkeyctx = NULL; + unsigned char tmpiv[INTERNAL_IV_LEN + 1] = {0}; + + ret = crypto_ctx_init(sess, &tmpkeyctx, MODULE_SM4_CBC, enc, key_id, key_id_size); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + return ret; + } + + /*加密:对明文计算hmac作为iv,并将hmac放到密文串头; + *解密:从密文头获取iv和hmac,并对解密出的明文计算hmac进行校验*/ + + if (enc == INTERNAL_DO_ENC) { + void *tmphmacctx = NULL; + unsigned char tmphmac[INTERNAL_HMAC_LEN] = {0}; + long unsigned int hmaclen = 0; + + /*计算iv */ + ret = crypto_hmac_init(sess, &tmphmacctx, MODULE_HMAC_SM3, key_id, key_id_size); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + crypto_ctx_clean(tmpkeyctx); + return ret; + } + + ret = crypto_hmac(tmphmacctx, data, data_size, tmphmac, &hmaclen); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + crypto_ctx_clean(tmphmacctx); + crypto_ctx_clean(tmpkeyctx); + return ret; + } + + memcpy(tmpiv, tmphmac, INTERNAL_IV_LEN); + + /*把hmac放到密文头 */ + memcpy(result, tmphmac, INTERNAL_HMAC_LEN); + + crypto_hmac_clean(tmphmacctx); + + + ret = internal_symm_encrypt(tmpkeyctx, data, data_size, tmpiv, INTERNAL_IV_LEN, result + INTERNAL_HMAC_LEN, (unsigned int*)result_size, NULL); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + } + + crypto_ctx_clean(tmpkeyctx); + + *result_size += INTERNAL_HMAC_LEN; + + return ret; + + } else if (enc == INTERNAL_DO_DEC){ + void *tmphmacctx = NULL; + unsigned char tmphmac[INTERNAL_HMAC_LEN] = {0}; + long unsigned int hmaclen = 0; + unsigned char verifyhmac[INTERNAL_HMAC_LEN] = {0}; + /*获取iv */ + memcpy(tmpiv, data, INTERNAL_IV_LEN); + + /*获取hmac*/ + memcpy(verifyhmac, data, INTERNAL_HMAC_LEN); + + ret = internal_symm_decrypt(tmpkeyctx, data + INTERNAL_HMAC_LEN, data_size - INTERNAL_HMAC_LEN, tmpiv, INTERNAL_IV_LEN, result, (unsigned int*)result_size, NULL); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + crypto_ctx_clean(tmpkeyctx); + return ret; + } + + crypto_ctx_clean(tmpkeyctx); + + /*计算明文hmac */ + ret = crypto_hmac_init(sess, &tmphmacctx, MODULE_HMAC_SM3, key_id, key_id_size); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + return ret; + } + + ret = crypto_hmac(tmphmacctx, result, *result_size, tmphmac, &hmaclen); + if (ret != CRYPT_MOD_OK) { + set_thread_errno(ret); + crypto_ctx_clean(tmphmacctx); + return ret; + } + + crypto_hmac_clean(tmphmacctx); + + /*校验明文hmac值 */ + if (strncmp((char*)tmphmac, (char*)verifyhmac, INTERNAL_HMAC_LEN)) { + set_thread_errno(CRYPTO_MOD_DETERMINISTIC_DEC_VERIFY_ERR); + return CRYPTO_MOD_DETERMINISTIC_DEC_VERIFY_ERR; + } + + return ret; + } + + return ret; + +} + +/** 获取报错信息 + * + * @param[in] + * sess 会话信息 + * @param[out] + * errmsg 返回结果信息,最长256字节 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_get_errmsg(void *sess, char *errmsg) +{ + strcpy(errmsg, common_get_errmsg()); + + return CRYPT_MOD_OK; +} + + diff --git a/contrib/common_cipher/common_cipher.h b/contrib/common_cipher/common_cipher.h new file mode 100755 index 000000000..7b0a5738e --- /dev/null +++ b/contrib/common_cipher/common_cipher.h @@ -0,0 +1,275 @@ +#ifndef COMMON_CIPHER_H +#define COMMON_CIPHER_H +#include +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define MAX_PROVIDER_NAME_LEN 128 +#define MAX_ERRMSG_LEN 256 + +typedef enum { + MODULE_AES_128_CBC = 0, + MODULE_AES_128_CTR, + MODULE_AES_128_GCM, + MODULE_AES_256_CBC, + MODULE_AES_256_CTR, + MODULE_AES_256_GCM, + MODULE_SM4_CBC, + MODULE_SM4_CTR, + MODULE_HMAC_SHA256, + MODULE_HMAC_SM3, + MODULE_DETERMINISTIC_KEY, + MODULE_ALGO_MAX = 1024 +} ModuleSymmKeyAlgo; + + +typedef enum { + MODULE_SHA256 = 0, + MODULE_SM3, + MODULE_DIGEST_MAX = 1024 +} ModuleDigestAlgo; + + +typedef enum { + KEY_TYPE_INVALID, + KEY_TYPE_PLAINTEXT, + KEY_TYPE_CIPHERTEXT, + KEY_TYPE_NAMEORIDX, + KEY_TYPE_MAX +} KeyType; + + +typedef struct { + char provider_name[MAX_PROVIDER_NAME_LEN]; + KeyType key_type; + int supported_symm[MODULE_ALGO_MAX]; // 不支持算法填入0或者支持算法填入1 + int supported_digest[MODULE_DIGEST_MAX]; // 不支持算法填入0或者支持算法填入1 +} SupportedFeature; + + +/** 初始化密码模块 + * + * @param[in] + * load_info 密码模块相关信息(硬件设备口令,硬件设备、硬件库路径等),通过kv方式传入 + * + * @param[out] + * supported_feature 返回当前密码模块支持的加密方式,参考上述结构体 + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + * 示例: + * 用户设置GUC参数crypto_module_info = 'enable_crypto_module=on,module_third_msg=aaa' + * 传入接口时load_info = 'aaa' + */ +int crypto_module_init(char *load_info, SupportedFeature *supported_feature); + +/** 会话中连接密码模块 + * + * @param[in] + * key_info 密码相关信息(用户口令等信息),通过kv方式传入 + * + * @param[out] + * sess 会话信息 + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + * 示例: + * 用户设置GUC参数tde_key_info = 'keyType=third_kms, keyThirdMsg =bbb' + * 传入接口时key_info = 'bbb' + */ +int crypto_module_sess_init(char *key_info, void **sess); + +/** 会话中断开连接密码模块 + * + * @param[in] + * sess 会话信息 + * + * @param[out] + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +void crypto_module_sess_exit(void *sess); + +/** 创建密钥 + * + * @param[in] + * sess 会话信息 + * algo 密钥使用场景的算法 + * + * @param[out] + * key_id 返回生成密钥/密钥ID/密钥密文 + * key_id_size 返回生成内容长度 + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_create_symm_key(void *sess, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t *key_id_size); + +/** 密钥上下文初始化,后续进行加解密可直接使用上下文 + * + * @param[in] + * sess 会话信息 + * algo 加密算法 + * enc 加密1、解密0 + * key_id 密码信息 + * key_id_size 密码信息长度 + * @param[out] + * ctx 返回使用密钥信息 + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_ctx_init(void *sess, void **ctx, ModuleSymmKeyAlgo algo, int enc, unsigned char *key_id, size_t key_id_size); + +/** 获取数据加解密后的数据长度 + * + * @param[in] + * ctx 加解密上下文信息 + * enc 加密1、解密0 + * data_size 返回加解密结果长度 + * @return 返回数据长度 + * + */ +int crypto_result_size(void *ctx, int enc, size_t data_size); + +/** 密钥上下文清理 + * + * @param[in] + * ctx 加解密上下文信息 + * @param[out] + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +void crypto_ctx_clean(void *ctx); + +/** 执行加解密 + * + * @param[in] + * ctx 加解密上下文信息 + * enc 加密1、解密0 + * data 原数据信息 + * data_size 原数据长度 + * iv iv信息 + * iv_size iv信息长度 + * tag GCM模式的校验值 + * @param[out] + * result 返回结果信息 + * result_size 返回结果信息长度 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_encrypt_decrypt(void *ctx, int enc, unsigned char *data, size_t data_size, unsigned char *iv, size_t iv_size, unsigned char *result, size_t *result_size, unsigned char *tag); + +/** 计算摘要 + * + * @param[in] + * sess 会话信息 + * algo 摘要算法 + * data 原数据信息 + * data_size 原数据长度 + * @param[out] + * result 返回结果信息 + * result_size 返回结果信息长度 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_digest(void *sess, ModuleDigestAlgo algo, unsigned char * data, size_t data_size,unsigned char *result, size_t *result_size); + +/** hmac初始化 + * + * @param[in] + * sess 会话信息 + * algo 摘要算法 + * key_id 密码信息 + * key_id_size 密码信息长度 + * @param[out] + * ctx 返回密钥上下文 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_hmac_init(void *sess, void **ctx, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t key_id_size); + +/** hmac清理 + * + * @param[in] + * ctx 密钥上下文信息 + * + * @param[out] + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +void crypto_hmac_clean(void *ctx); + +/** 执行hmac计算 + * + * @param[in] + * ctx 密钥上下文信息 + * data 原数据信息 + * data_size 原数据长度 + * @param[out] + * result 返回结果信息 + * result_size 返回结果信息长度 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_hmac(void *ctx, unsigned char * data, size_t data_size, unsigned char *result, size_t *result_size); + +/** 生成随机数 + * + * @param[in] + * sess 会话信息 + * size 申请的随机信息长度 + * + * @param[out] + * buffer 返回随机信息 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_gen_random(void *sess, char *buffer, size_t size); + +/** 执行确定性加解密 + * + * @param[in] + * sess 会话信息 + * enc 加密1、解密0 + * data 原数据信息 + * data_size 原数据长度 + * key_id 密钥信息 + * key_id_size 密钥信息长度 + * @param[out] + * result 返回结果信息 + * result_size 返回结果信息长度 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_deterministic_enc_dec(void *sess, int enc, unsigned char *data, unsigned char *key_id, size_t key_id_size, size_t data_size, unsigned char *result, size_t *result_size); + +/** 获取报错信息 + * + * @param[in] + * sess 会话信息 + * @param[out] + * errmsg 返回结果信息,最长256字节 + * + * @return 成功返回CRYPT_MOD_OK,失败返回错误码 + * + */ +int crypto_get_errmsg(void *sess, char *errmsg); + +#ifdef __cplusplus +} +#endif + +#endif /*COMMON_CIPHER_H*/ \ No newline at end of file diff --git a/contrib/common_cipher/common_err.cpp b/contrib/common_cipher/common_err.cpp new file mode 100755 index 000000000..748018bf4 --- /dev/null +++ b/contrib/common_cipher/common_err.cpp @@ -0,0 +1,126 @@ +#include "common_err.h" + +#define MAX_ERRMSG_LEN 256 + +#define lengthof(array) (sizeof(array) / sizeof(array[0])) + +static thread_local int internalthreaderrno = 0; + +static void reset_thread_errno(); + +typedef struct { + int errno; + char errmsg[MAX_ERRMSG_LEN]; +}CommonErrInfo; + +/*HSM:hardware security module,硬件安全模块。*/ +static const CommonErrInfo internal_err_info[] = { + {INTERNAL_UNKNOWNERR, "HSM unknown error"}, + {INTERNAL_NOTSUPPORT, "HSM not support"}, + {INTERNAL_COMMFAIL, "HSM communication error"}, + {INTERNAL_HARDFAIL, "HSM hard error"}, + {INTERNAL_OPENDEVICE, "HSM open device error"}, + {INTERNAL_OPENSESSION, "HSM open session error"}, + {INTERNAL_PARDENY, "HSM permission error"}, + {INTERNAL_KEYNOTEXIST, "HSM key not exist"}, + {INTERNAL_ALGNOTSUPPORT, "HSM not support algorithm"}, + {INTERNAL_ALGMODNOTSUPPORT, "HSM not support algorithm mode"}, + {INTERNAL_PKOPERR, "HSM public key operation error"}, + {INTERNAL_SKOPERR, "HSM private key operation error"}, + {INTERNAL_SIGNERR, "HSM sign error"}, + {INTERNAL_VERIFYERR, "HSM verify error"}, + {INTERNAL_SYMOPERR, "HSM symmetry operation error"}, + {INTERNAL_STEPERR, "HSM step error"}, + {INTERNAL_FILESIZEERR, "HSM file size or data len error"}, + {INTERNAL_FILENOEXIST, "HSM file not exist"}, + {INTERNAL_FILEOFSERR, "HSM file offset operation error"}, + {INTERNAL_KEYTYPEERR, "HSM key type error"}, + {INTERNAL_KEYERR, "HSM key error"}, + {INTERNAL_ENCDATAERR, "HSM encrypt data error"}, + {INTERNAL_RANDERR, "HSM random error"}, + {INTERNAL_PRKRERR, "HSM private access right error"}, + {INTERNAL_MACERR, "HSM MAC error"}, + {INTERNAL_FILEEXISTS, "HSM file exists"}, + {INTERNAL_FILEWERR, "HSM write file error"}, + {INTERNAL_NOBUFFER, "HSM not enough storage"}, + {INTERNAL_INARGERR, "HSM input param error"}, + {INTERNAL_OUTARGERR, "HSM output param error"}, + {INTERNAL_UKEYERR, "HSM ukey error"}, + {INTERNAL_GENKEYERR, "HSM generate key error"}, + {INTERNAL_STATEERR, "HSM status error"}, + {INTERNAL_RETRYERR, "HSM retry exceeded"}, + {INTERNAL_DEVICE_BUSY, "HSM is busy"} +}; + +static int internal_err_number = lengthof(internal_err_info); + +static const CommonErrInfo common_err_info[] = { + {CRYPTO_MOD_TYPE_REPEATED_ERR, "module type set repeated"}, + {CRYPTO_MOD_TYPE_INVALID_ERR, "invalid module type"}, + {CRYPTO_MOD_LIBPATH_REPEATED_ERR, "module lib path set repeated"}, + {CRYPTO_MOD_LIBPATH_INVALID_ERR, "invalid module lib path"}, + {CRYPTO_MOD_CFG_PATH_REPEATED_ERR, "module config file set repeated"}, + {CRYPTO_MOD_CFG_PATH_INVALID_ERR, "invalid module config file"}, + {CRYPTO_MOD_PARAM_TOO_MANY_ERR, "param is too many"}, + {CRYPTO_MOD_PARAM_INVALID_ERR, "invalid param"}, + {CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR, "unsupported symm algo type"}, + {CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR, "unsupported digest algo type"}, + {CRYPTO_MOD_DLOPEN_ERR, "dlopen error"}, + {CRYPTO_MOD_DLSYM_ERR, "dlsym error"}, + {CRYPTO_MOD_UNLOAD_ERR, "unload error"}, + {CRYPTO_MOD_NOT_LOADED_ERR, "module not loaded"}, + {CRYPTO_MOD_NOT_OPENDEVICE_ERR, "device not opened"}, + {CRYPTO_MOD_NOT_OPENSESSION_ERR, "session not opened"}, + {CRYPTO_MOD_INVALID_KEY_ERR, "invalid key"}, + {CRYPTO_MOD_INVALID_CRYPTO_TYPE_ERR, "invalid crypto type"}, + {CRYPTO_MOD_INVALID_KEY_CTX_ERR, "invalid key ctx"}, + {CRYPTO_MOD_UNPADDING_ERR, "unpadding err"}, + {CRYPTO_MOD_NOT_ENOUGH_SPACE_ERR, "not enough space"}, + {CRYPTO_MOD_DETERMINISTIC_DEC_VERIFY_ERR, "deterministic dec verify error"}, + {CRYPTO_MOD_UNKNOWN_PARAM_ERR, "unknown module param"} +}; + +static int common_err_number = lengthof(common_err_info); + +static const char* unknown_err = "unknown err"; + +const char* common_get_errmsg() +{ + int i = 0; + + if (internalthreaderrno & INTERNAL_BASE_ERR) { + for (i = 0; i < internal_err_number; i++) { + if (internalthreaderrno == internal_err_info[i].errno) { + reset_thread_errno(); + return internal_err_info[i].errmsg; + } + } + } else if (internalthreaderrno & CRYPTO_MOD_BASE_ERR) { + for (i = 0; i < common_err_number; i++) { + if (internalthreaderrno == common_err_info[i].errno) { + reset_thread_errno(); + return common_err_info[i].errmsg; + } + } + } else { + reset_thread_errno(); + return unknown_err; + } + + if (i != internal_err_number && i != common_err_number) { + reset_thread_errno(); + return unknown_err; + } + + return unknown_err; +} + +void set_thread_errno(int errno) +{ + internalthreaderrno = errno; +} + +static void reset_thread_errno() +{ + internalthreaderrno = 0; +} diff --git a/contrib/common_cipher/common_err.h b/contrib/common_cipher/common_err.h new file mode 100755 index 000000000..8e8f816e2 --- /dev/null +++ b/contrib/common_cipher/common_err.h @@ -0,0 +1,89 @@ +#ifndef COMMON_ERR_H +#define COMMON_ERR_H + + +#ifdef __cplusplus +extern "C" { +#endif + +/*硬件内部错误码*/ +#define INTERNAL_OK 0 + +#define INTERNAL_BASE_ERR 0x01000000 + +#define INTERNAL_UNKNOWNERR (INTERNAL_BASE_ERR + 0x00000001) /* 未知错误 */ +#define INTERNAL_NOTSUPPORT (INTERNAL_BASE_ERR + 0x00000002) /* 不支持 */ +#define INTERNAL_COMMFAIL (INTERNAL_BASE_ERR + 0x00000003) /* 通信错误 */ +#define INTERNAL_HARDFAIL (INTERNAL_BASE_ERR + 0x00000004) /* 硬件错误 */ +#define INTERNAL_OPENDEVICE (INTERNAL_BASE_ERR + 0x00000005) /* 打开设备错误 */ +#define INTERNAL_OPENSESSION (INTERNAL_BASE_ERR + 0x00000006) /* 打开会话句柄错误 */ +#define INTERNAL_PARDENY (INTERNAL_BASE_ERR + 0x00000007) /* 权限不满足 */ +#define INTERNAL_KEYNOTEXIST (INTERNAL_BASE_ERR + 0x00000008) /* 密钥不存在 */ +#define INTERNAL_ALGNOTSUPPORT (INTERNAL_BASE_ERR + 0x00000009) /* 不支持的算法 */ +#define INTERNAL_ALGMODNOTSUPPORT (INTERNAL_BASE_ERR + 0x0000000A) /* 不支持的算法模式 */ +#define INTERNAL_PKOPERR (INTERNAL_BASE_ERR + 0x0000000B) /* 公钥运算错误 */ +#define INTERNAL_SKOPERR (INTERNAL_BASE_ERR + 0x0000000C) /* 私钥运算错误 */ +#define INTERNAL_SIGNERR (INTERNAL_BASE_ERR + 0x0000000D) /* 签名错误 */ +#define INTERNAL_VERIFYERR (INTERNAL_BASE_ERR + 0x0000000E) /* 验证错误 */ +#define INTERNAL_SYMOPERR (INTERNAL_BASE_ERR + 0x0000000F) /* 对称运算错误 */ +#define INTERNAL_STEPERR (INTERNAL_BASE_ERR + 0x00000010) /* 步骤错误 */ +#define INTERNAL_FILESIZEERR (INTERNAL_BASE_ERR + 0x00000011) /* 文件大小错误或输入数据长度非法 */ +#define INTERNAL_FILENOEXIST (INTERNAL_BASE_ERR + 0x00000012) /* 文件不存在 */ +#define INTERNAL_FILEOFSERR (INTERNAL_BASE_ERR + 0x00000013) /* 文件操作偏移量错误 */ +#define INTERNAL_KEYTYPEERR (INTERNAL_BASE_ERR + 0x00000014) /* 密钥类型错误 */ +#define INTERNAL_KEYERR (INTERNAL_BASE_ERR + 0x00000015) /* 密钥错误 */ +#define INTERNAL_ENCDATAERR (INTERNAL_BASE_ERR + 0x00000016) /* 加密数据错误 */ +#define INTERNAL_RANDERR (INTERNAL_BASE_ERR + 0x00000017) /* 随机数产生失败 */ +#define INTERNAL_PRKRERR (INTERNAL_BASE_ERR + 0x00000018) /* 私钥使用权限获取失败 */ +#define INTERNAL_MACERR (INTERNAL_BASE_ERR + 0x00000019) /* MAC 运算失败 */ +#define INTERNAL_FILEEXISTS (INTERNAL_BASE_ERR + 0x0000001A) /* 指定文件已存在 */ +#define INTERNAL_FILEWERR (INTERNAL_BASE_ERR + 0x0000001B) /* 文件写入失败 */ +#define INTERNAL_NOBUFFER (INTERNAL_BASE_ERR + 0x0000001C) /* 存储空间不足 */ +#define INTERNAL_INARGERR (INTERNAL_BASE_ERR + 0x0000001D) /* 输入参数错误 */ +#define INTERNAL_OUTARGERR (INTERNAL_BASE_ERR + 0x0000001E) /* 输出参数错误 */ +#define INTERNAL_UKEYERR (INTERNAL_BASE_ERR + 0x0000001F) /* Ukey错误 */ +#define INTERNAL_GENKEYERR (INTERNAL_BASE_ERR + 0x00000020) /* 密钥生成错误 */ +#define INTERNAL_STATEERR (INTERNAL_BASE_ERR + 0x00000021) /* 状态错误 */ +#define INTERNAL_RETRYERR (INTERNAL_BASE_ERR + 0x00000022) /* 重试超过次数 */ +#define INTERNAL_DEVICE_BUSY (INTERNAL_BASE_ERR + 0x00000023) /* 设备忙 */ + + +/*库中自定义错误码*/ +/*特别注意,硬件密码模块的返回值是0表示成功,非0表示失败(错误码),和库对外返回的不一样*/ +#define CRYPT_MOD_OK 1 +#define CRYPT_MOD_ERR 0 + +#define CRYPTO_MOD_BASE_ERR 0x01000 + +#define CRYPTO_MOD_TYPE_REPEATED_ERR (CRYPTO_MOD_BASE_ERR + 0x00001)/*密码模块类型重复设置*/ +#define CRYPTO_MOD_TYPE_INVALID_ERR (CRYPTO_MOD_BASE_ERR + 0x00002)/*无效的密码模块类型*/ +#define CRYPTO_MOD_LIBPATH_REPEATED_ERR (CRYPTO_MOD_BASE_ERR + 0x00003)/*密码模块库路径重复设置*/ +#define CRYPTO_MOD_LIBPATH_INVALID_ERR (CRYPTO_MOD_BASE_ERR + 0x00004)/*无效的密码模块库路径*/ +#define CRYPTO_MOD_CFG_PATH_REPEATED_ERR (CRYPTO_MOD_BASE_ERR + 0x00005)/*密码模块配置文件重复设置*/ +#define CRYPTO_MOD_CFG_PATH_INVALID_ERR (CRYPTO_MOD_BASE_ERR + 0x00006)/*无效的密码模块配置文件*/ +#define CRYPTO_MOD_PARAM_TOO_MANY_ERR (CRYPTO_MOD_BASE_ERR + 0x00007)/*密码卡参数配置过多*/ +#define CRYPTO_MOD_PARAM_INVALID_ERR (CRYPTO_MOD_BASE_ERR + 0x00008)/*无效的参数*/ +#define CRYPTO_MOD_UNSUPPORTED_SYMM_TYPE_ERR (CRYPTO_MOD_BASE_ERR + 0x00009)/*不支持的对称算法类型*/ +#define CRYPTO_MOD_UNSUPPORTED_DIGEST_TYPE_ERR (CRYPTO_MOD_BASE_ERR + 0x0000A)/*不支持的摘要算法类型*/ +#define CRYPTO_MOD_DLOPEN_ERR (CRYPTO_MOD_BASE_ERR + 0x0000B)/*dlopen失败*/ +#define CRYPTO_MOD_DLSYM_ERR (CRYPTO_MOD_BASE_ERR + 0x0000C)/*dlsym失败*/ +#define CRYPTO_MOD_UNLOAD_ERR (CRYPTO_MOD_BASE_ERR + 0x0000D)/*dlclose失败*/ +#define CRYPTO_MOD_NOT_LOADED_ERR (CRYPTO_MOD_BASE_ERR + 0x0000E)/*还未加载驱动库*/ +#define CRYPTO_MOD_NOT_OPENDEVICE_ERR (CRYPTO_MOD_BASE_ERR + 0x0000F)/*还未打开设备*/ +#define CRYPTO_MOD_NOT_OPENSESSION_ERR (CRYPTO_MOD_BASE_ERR + 0x00010)/*还未建立会话*/ +#define CRYPTO_MOD_INVALID_KEY_ERR (CRYPTO_MOD_BASE_ERR + 0x00011)/*无效的密钥*/ +#define CRYPTO_MOD_INVALID_CRYPTO_TYPE_ERR (CRYPTO_MOD_BASE_ERR + 0x00012)/*无效的加解密类型*/ +#define CRYPTO_MOD_INVALID_KEY_CTX_ERR (CRYPTO_MOD_BASE_ERR + 0x00013)/*无效密钥上下文*/ +#define CRYPTO_MOD_UNPADDING_ERR (CRYPTO_MOD_BASE_ERR + 0x00014)/*去pad失败*/ +#define CRYPTO_MOD_NOT_ENOUGH_SPACE_ERR (CRYPTO_MOD_BASE_ERR + 0x00015)/*分配的空间不足*/ +#define CRYPTO_MOD_DETERMINISTIC_DEC_VERIFY_ERR (CRYPTO_MOD_BASE_ERR + 0x00016)/*确定性解密校验失败*/ +#define CRYPTO_MOD_UNKNOWN_PARAM_ERR (CRYPTO_MOD_BASE_ERR + 0xFFFFF)/*未知的参数*/ + +extern void set_thread_errno(int errno); +extern const char* common_get_errmsg(); + +#ifdef __cplusplus +} +#endif + +#endif /* COMMON_ERR_H */ diff --git a/contrib/common_cipher/common_internal_interfaces.cpp b/contrib/common_cipher/common_internal_interfaces.cpp new file mode 100755 index 000000000..f76e297f2 --- /dev/null +++ b/contrib/common_cipher/common_internal_interfaces.cpp @@ -0,0 +1,796 @@ +#include +#include +#include +#include +#include + +#include "common_internal_interfaces.h" +#include "common_err.h" +#include "common_utils.h" + +#define INTERNAL_SHARED_LOCK 0 +#define INTERNAL_EXCLUSIVE_LOCK 1 + +#define SET_JNTA_CFG_PATH(path) (setenv("TASS_GHVSM_CFG_PATH", path, 1)) + +#define INTERNAL_RETURN(ret) \ +{ \ + if (ret == INTERNAL_OK) \ + return CRYPT_MOD_OK; \ + else \ + return ret; \ +}while(0) + +/*dlopen句柄*/ +static void *driverhandle = NULL; + +/*密码模块接口*/ +static ModuleInterfaces *moduleinterfaces = NULL; + +/*定义一个锁,对driverhandle和moduleinterfaces做读写保护*/ +static pthread_rwlock_t drivermutex; + +/*设备句柄*/ +static void *devicehandle = NULL; + +/*定义一个锁,对devicehandle做读写保护*/ +static pthread_rwlock_t devicehandlemutex; + +/*记录当前空闲的最小索引号,在第一次生成密钥时获取并设置。这个需要保证密钥都是从该接口库生成*/ +static int currnetindex = 0; + +/*定义一个锁,保证同一时刻只有一个线程在生成密钥*/ +static pthread_mutex_t genkeymutex; + + +static int internal_padding(char *indata, int inlen, char *outdata, int *outlen); +static int internal_unpadding(char *indata, int *inlen); + +static void internal_lock(int loketype, pthread_rwlock_t *lock) +{ + if (loketype == INTERNAL_SHARED_LOCK) { + pthread_rwlock_rdlock(lock); + } else if (loketype == INTERNAL_EXCLUSIVE_LOCK){ + pthread_rwlock_wrlock(lock); + } else { + /*do nothing*/ + } +} + +static void internal_unlock(pthread_rwlock_t *lock) +{ + pthread_rwlock_unlock(lock); +} + +ModuleType get_current_module_type() +{ + internal_lock(INTERNAL_SHARED_LOCK, &drivermutex); + + if (moduleinterfaces) { + internal_unlock(&drivermutex); + return moduleinterfaces->type; + } + + internal_unlock(&drivermutex); + + return MODULE_INVALID_TYPE; +} + +static int load_standard_interfaces(ModuleStandardInterfaces *standardinterfaces) +{ + standardinterfaces->InternalOpenDevice = (StandardOpenDevice_type)dlsym(driverhandle, "SDF_OpenDevice"); + standardinterfaces->InternalCloseDevice = (StandardCloseDevice_type)dlsym(driverhandle, "SDF_CloseDevice"); + standardinterfaces->InternalOpenSession = (StandardOpenSession_type)dlsym(driverhandle, "SDF_OpenSession"); + standardinterfaces->InternalCloseSession = (StandardCloseSession_type)dlsym(driverhandle, "SDF_CloseSession"); + standardinterfaces->InternalGenerateRandom = (StandardGenerateRandom_type)dlsym(driverhandle, "SDF_GenerateRandom"); + standardinterfaces->InternalEncrypt = (StandardEncrypt_type)dlsym(driverhandle, "SDF_Encrypt"); + standardinterfaces->InternalDecrypt = (StandardDecrypt_type)dlsym(driverhandle, "SDF_Decrypt"); + standardinterfaces->InternalDestroyKey = (StandardDestroyKey_type)dlsym(driverhandle, "SDF_DestroyKey"); + standardinterfaces->InternalHashInit = (StandardHashInit_type)dlsym(driverhandle, "SDF_HashInit"); + standardinterfaces->InternalHashUpdate = (StandardHashUpdate_type)dlsym(driverhandle, "SDF_HashUpdate"); + standardinterfaces->InternalHashFinal = (StandardHashFinal_type)dlsym(driverhandle, "SDF_HashFinal"); + + if (standardinterfaces->InternalOpenDevice == NULL + || standardinterfaces->InternalCloseDevice == NULL + || standardinterfaces->InternalOpenSession == NULL + || standardinterfaces->InternalCloseSession == NULL + || standardinterfaces->InternalGenerateRandom == NULL + || standardinterfaces->InternalEncrypt == NULL + || standardinterfaces->InternalDecrypt == NULL + || standardinterfaces->InternalDestroyKey == NULL + || standardinterfaces->InternalHashInit == NULL + || standardinterfaces->InternalHashUpdate == NULL + || standardinterfaces->InternalHashFinal == NULL) { + + return CRYPTO_MOD_DLSYM_ERR; + } + + return CRYPT_MOD_OK; +} + +static int load_gdac_interfaces(ModuleGdacInterfaces* gdacinterfaces) +{ + gdacinterfaces->GDACGenerateKEK = (GDACGenerateKEK_type)dlsym(driverhandle, "SDFE_GenerateKEK"); + gdacinterfaces->GDACHMAC = (GDACHMAC_type)dlsym(driverhandle, "SDFE_Hmac"); + gdacinterfaces->GDACEncryptWithIndex = (GDACEncryptWithIndex_type)dlsym(driverhandle, "SDFE_Encrypt"); + gdacinterfaces->GDACDecryptWithIndex = (GDACDecryptWithIndex_type)dlsym(driverhandle, "SDFE_Decrypt"); + gdacinterfaces->GDACExportKEK = (GDACExportKEK_type)dlsym(driverhandle, "SDFE_ExportKEK"); + gdacinterfaces->GDACGetkeyState = (GDACGetkeyState_type)dlsym(driverhandle, "SDFE_GetkeyState"); + + if (gdacinterfaces->GDACGenerateKEK == NULL + || gdacinterfaces->GDACHMAC == NULL + || gdacinterfaces->GDACEncryptWithIndex == NULL + || gdacinterfaces->GDACDecryptWithIndex == NULL + || gdacinterfaces->GDACExportKEK == NULL + || gdacinterfaces->GDACGetkeyState == NULL) { + + return CRYPTO_MOD_DLSYM_ERR; + } + + return CRYPT_MOD_OK; +} + +static int load_jnta_interfaces(ModuleJntaInterfaces* jntainterfaces) +{ + jntainterfaces->JNTACalculateHmac = (JNTACalculateHmac_type)dlsym(driverhandle, "Tass_CalculateHmac"); + jntainterfaces->JNTAGenerateSymmKeyWithLMK = (JNTAGenerateSymmKeyWithLMK_type)dlsym(driverhandle, "Tass_GenerateSymmKeyWithLMK"); + jntainterfaces->JNTAImportKeyCipherByLMK = (JNTAImportKeyCipherByLMK_type)dlsym(driverhandle, "Tass_ImportKeyCipherByLMK"); + + if (jntainterfaces->JNTACalculateHmac == NULL + || jntainterfaces->JNTAGenerateSymmKeyWithLMK == NULL + || jntainterfaces->JNTAImportKeyCipherByLMK == NULL) { + + return CRYPTO_MOD_DLSYM_ERR; + } + + return CRYPT_MOD_OK; +} + +static int load_swxa_interfaces(ModuleSwxaInterfaces* swxainterfaces) +{ + swxainterfaces->SWXAGenerateKeyCipher = (SWXAGenerateKeyCipher_type)dlsym(driverhandle, "SDF_GenerateKey_Cipher"); + swxainterfaces->SWXAEncKeyEncrypt = (SWXAEncKeyEncrypt_type)dlsym(driverhandle, "SDF_EncKeyEncrypt"); + swxainterfaces->SWXAEncKeyDecrypt = (SWXAEncKeyDecrypt_type)dlsym(driverhandle, "SDF_EncKeyDecrypt"); + swxainterfaces->SWXAHMAC = (SWXAHMAC_type)dlsym(driverhandle, "SDF_EncKeyHMAC"); + swxainterfaces->SWXAOpenDeviceWithPathAndName = (SWXAOpenDeviceWithPathAndName_type)dlsym(driverhandle, "SDF_OpenDeviceWithPathAndName"); + + if (swxainterfaces->SWXAGenerateKeyCipher == NULL + || swxainterfaces->SWXAEncKeyEncrypt == NULL + || swxainterfaces->SWXAEncKeyDecrypt == NULL + || swxainterfaces->SWXAHMAC == NULL + || swxainterfaces->SWXAOpenDeviceWithPathAndName == NULL) { + + return CRYPTO_MOD_DLSYM_ERR; + } + + return CRYPT_MOD_OK; +} + +/*加载驱动库*/ +int load_module_driver(ModuleParams moduleparams) +{ + + int ret = CRYPT_MOD_OK; + + /*加写锁*/ + internal_lock(INTERNAL_EXCLUSIVE_LOCK, &drivermutex); + + /*检查是否已经加载,如果已经加载过,则直接返回*/ + if (driverhandle && moduleinterfaces) { + internal_unlock(&drivermutex); + return CRYPT_MOD_OK; + } + + /*dlopen动态库*/ + driverhandle = dlopen(moduleparams.libpath, RTLD_LAZY); + if (driverhandle == NULL) { + internal_unlock(&drivermutex); + return CRYPTO_MOD_DLOPEN_ERR; + } + + /*为接口分配空间*/ + moduleinterfaces = (ModuleInterfaces*)malloc(sizeof(ModuleInterfaces)); + + moduleinterfaces->type = moduleparams.moduletype; + + moduleinterfaces->standardInterfaces = (ModuleStandardInterfaces*)malloc(sizeof(ModuleStandardInterfaces)); + + /*加载标准接口*/ + ret = load_standard_interfaces(moduleinterfaces->standardInterfaces); + if (ret != CRYPT_MOD_OK) { + free(moduleinterfaces->standardInterfaces); + free(moduleinterfaces); + internal_unlock(&drivermutex); + return ret; + } + + /*加载扩展接口*/ + switch (moduleparams.moduletype) + { + case MODULE_GDAC_CARD_TYPE: + moduleinterfaces->extendInterfaces.gdacInterfaces = (ModuleGdacInterfaces*)malloc(sizeof(ModuleGdacInterfaces)); + ret = load_gdac_interfaces(moduleinterfaces->extendInterfaces.gdacInterfaces); + break; + case MODULE_JNTA_KMS_TYPE: + moduleinterfaces->extendInterfaces.jntaInterfaces = (ModuleJntaInterfaces*)malloc(sizeof(ModuleJntaInterfaces)); + ret = load_jnta_interfaces(moduleinterfaces->extendInterfaces.jntaInterfaces); + break; + case MODULE_SWXA_KMS_TYPE: + moduleinterfaces->extendInterfaces.swxaInterfaces = (ModuleSwxaInterfaces*)malloc(sizeof(ModuleSwxaInterfaces)); + ret = load_swxa_interfaces(moduleinterfaces->extendInterfaces.swxaInterfaces); + break; + default: + free(moduleinterfaces->standardInterfaces); + free(moduleinterfaces); + internal_unlock(&drivermutex); + return CRYPTO_MOD_TYPE_INVALID_ERR; + } + + if (ret != CRYPT_MOD_OK) { + if (moduleinterfaces->extendInterfaces.gdacInterfaces) + free(moduleinterfaces->extendInterfaces.gdacInterfaces); + if (moduleinterfaces->extendInterfaces.jntaInterfaces) + free(moduleinterfaces->extendInterfaces.jntaInterfaces); + if (moduleinterfaces->extendInterfaces.swxaInterfaces) + free(moduleinterfaces->extendInterfaces.swxaInterfaces); + free(moduleinterfaces->standardInterfaces); + free(moduleinterfaces); + moduleinterfaces = NULL; + internal_unlock(&drivermutex); + return ret; + } + + internal_unlock(&drivermutex); + return CRYPT_MOD_OK; + +} + +int unload_module_driver() +{ + /*加写锁*/ + internal_lock(INTERNAL_EXCLUSIVE_LOCK, &drivermutex); + if (driverhandle == NULL || moduleinterfaces) { + + internal_unlock(&drivermutex); + return CRYPTO_MOD_UNLOAD_ERR; + } + + /*释放接口空间*/ + + if (moduleinterfaces->extendInterfaces.gdacInterfaces) { + free(moduleinterfaces->extendInterfaces.gdacInterfaces); + moduleinterfaces->extendInterfaces.gdacInterfaces = NULL; + } + + if (moduleinterfaces->extendInterfaces.jntaInterfaces) { + free(moduleinterfaces->extendInterfaces.jntaInterfaces); + moduleinterfaces->extendInterfaces.jntaInterfaces = NULL; + } + + if (moduleinterfaces->extendInterfaces.swxaInterfaces) { + free(moduleinterfaces->extendInterfaces.swxaInterfaces); + moduleinterfaces->extendInterfaces.swxaInterfaces = NULL; + } + + free(moduleinterfaces->standardInterfaces); + moduleinterfaces->standardInterfaces = NULL; + + free(moduleinterfaces); + moduleinterfaces = NULL; + + dlclose(driverhandle); + driverhandle = NULL; + + internal_unlock(&drivermutex); + + return CRYPT_MOD_OK; + +} + +int internal_open_device(char* cfg_path) +{ + /*这里调用密码硬件的接口,需要注意硬件接口返回0表示成功。*/ + int ret = INTERNAL_OK; + + /*判断是否已加载驱动并加载驱动接口*/ + internal_lock(INTERNAL_SHARED_LOCK, &drivermutex); + + if (driverhandle == NULL || moduleinterfaces == NULL) { + internal_unlock(&drivermutex); + return CRYPTO_MOD_NOT_LOADED_ERR; + } + + /*大胆一些,在这里释放掉锁*/ + internal_unlock(&drivermutex); + + /*对设备句柄加写锁*/ + internal_lock(INTERNAL_EXCLUSIVE_LOCK, &devicehandlemutex); + + /*已经打开过,直接返回*/ + if (devicehandle != NULL) { + internal_unlock(&devicehandlemutex); + return CRYPT_MOD_OK; + } + + switch (moduleinterfaces->type) + { + case MODULE_GDAC_CARD_TYPE: + ret = moduleinterfaces->standardInterfaces->InternalOpenDevice(&devicehandle); + break; + case MODULE_SWXA_KMS_TYPE: + ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAOpenDeviceWithPathAndName((unsigned char*)cfg_path, &devicehandle); + break; + case MODULE_JNTA_KMS_TYPE: + /*江南天安从环境变量获取配置文件路径,这里设置一下*/ + SET_JNTA_CFG_PATH(cfg_path); + ret = moduleinterfaces->standardInterfaces->InternalOpenDevice(&devicehandle); + break; + default: + internal_unlock(&devicehandlemutex); + return CRYPTO_MOD_TYPE_INVALID_ERR; + } + + internal_unlock(&devicehandlemutex); + + INTERNAL_RETURN(ret); + +} + +int internal_close_device() +{ + int ret = INTERNAL_OK; + + internal_lock(INTERNAL_EXCLUSIVE_LOCK, &devicehandlemutex); + + if (devicehandle != NULL) { + ret = moduleinterfaces->standardInterfaces->InternalCloseDevice(devicehandle); + devicehandle = NULL; + } + + internal_unlock(&devicehandlemutex); + + INTERNAL_RETURN(ret); +} + +int internal_open_session(void **sess) +{ + int ret = INTERNAL_OK; + + internal_lock(INTERNAL_SHARED_LOCK, &devicehandlemutex); + + if (devicehandle == NULL) { + internal_unlock(&devicehandlemutex); + return CRYPTO_MOD_NOT_OPENDEVICE_ERR; + } + + ret = moduleinterfaces->standardInterfaces->InternalOpenSession(devicehandle, sess); + + internal_unlock(&devicehandlemutex); + + INTERNAL_RETURN(ret); +} + +int internal_close_session(void *sess) +{ + int ret = INTERNAL_OK; + + if (sess == NULL) { + return CRYPTO_MOD_NOT_OPENSESSION_ERR; + } + + internal_lock(INTERNAL_SHARED_LOCK, &devicehandlemutex); + + if (devicehandle == NULL) { + internal_unlock(&devicehandlemutex); + return CRYPTO_MOD_NOT_OPENDEVICE_ERR; + } + + ret = moduleinterfaces->standardInterfaces->InternalCloseSession(sess); + + internal_unlock(&devicehandlemutex); + + INTERNAL_RETURN(ret); +} + +static bool use_key_index() +{ + switch (moduleinterfaces->type) { + case MODULE_GDAC_CARD_TYPE: + case MODULE_JNTA_KMS_TYPE: + return true; + case MODULE_SWXA_KMS_TYPE: + return false; + default: + return false; + } +} + +static int init_gdac_key_index(void* sess) +{ + int keystatus = 0; + int i =0; + int ret = INTERNAL_OK; + + /*需要获取当前存在密钥的最大索引值*/ + for (i = INTERNAL_MIN_INDEX_NUM; i <= INTERNAL_MAX_INDEX_NUM; i++) { + ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACGetkeyState(sess, GDAC_KEK_TYPE, (unsigned int)i, (unsigned int*)&keystatus); + if (ret != INTERNAL_OK) { + return ret; + } + if (keystatus == GDAC_KEY_NOT_EXIST) { + currnetindex = i; + break; + } + } + + if (i == (INTERNAL_MAX_INDEX_NUM + 1)) { + return INTERNAL_NOBUFFER; + } + + return INTERNAL_OK; +} + +static int init_jnta_key_index(void* sess) +{ + int ret = INTERNAL_OK; + int i = 0; + InternalKeyCtx *keyctx = NULL; + + unsigned char tmpdata[] = {"12345678"}; + int tmplen = 8; + + unsigned char tmpiv[] = {"1234567812345678"}; + int tmpivlen = 16; + + unsigned char tmpout[32] = {0}; + unsigned int tmpoutlen = 0; + keyctx = (InternalKeyCtx*)malloc(sizeof(InternalKeyCtx)); + + keyctx->session = sess; + + keyctx->enc = INTERNAL_DO_ENC; + + keyctx->algotype = TA_SM4; + keyctx->algomode = TA_CBC; + + /*需要获取当前存在密钥的最大索引值*/ + for (i = INTERNAL_MIN_INDEX_NUM; i <= INTERNAL_MAX_INDEX_NUM; i++) { + sprintf((char *)(keyctx->key), "%d",i); + keyctx->keysize = strlen((char*)(keyctx->key)); + /*没有获取密钥状态接口,通过做加密判断错误发为密钥不存在*/ + ret = internal_symm_encrypt(keyctx, tmpdata, tmplen, tmpiv, tmpivlen, tmpout, &tmpoutlen, NULL); + if (ret == INTERNAL_KEYNOTEXIST) { + currnetindex = i; + break; + } + memset(keyctx->key, 0x0, INTERNAL_MAX_KEY_LEN); + } + + free(keyctx); + + if (i == (INTERNAL_MAX_INDEX_NUM + 1)) { + return INTERNAL_NOBUFFER; + } + + return INTERNAL_OK; + +} +static int init_current_key_index(void* sess) +{ + int ret = INTERNAL_OK; + + switch (moduleinterfaces->type) { + case MODULE_GDAC_CARD_TYPE: + ret = init_gdac_key_index(sess); + break; + case MODULE_JNTA_KMS_TYPE: + ret = init_jnta_key_index(sess); + break; + case MODULE_SWXA_KMS_TYPE: + default: + break; + } + + return ret; + +} + + +int internal_generate_symm_key(void* sess, ModuleSymmKeyAlgo algo, unsigned char* key, unsigned int* keylen) +{ + int ret = INTERNAL_OK; + bool useindex = use_key_index(); + + if (sess == NULL) { + return CRYPTO_MOD_NOT_OPENSESSION_ERR; + } + + if (useindex) { + pthread_mutex_lock(&genkeymutex); + if (currnetindex == 0) { + ret = init_current_key_index(sess); + if (ret != INTERNAL_OK) { + pthread_mutex_unlock(&genkeymutex); + return ret; + } + } else if (currnetindex == (INTERNAL_MAX_INDEX_NUM + 1)) { + pthread_mutex_unlock(&genkeymutex); + return INTERNAL_NOBUFFER; + } + } + + switch(moduleinterfaces->type) { + case MODULE_GDAC_CARD_TYPE: + ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACGenerateKEK(sess, get_key_len_by_algo_type(algo), currnetindex); + break; + case MODULE_JNTA_KMS_TYPE: { + unsigned int realalgo; + unsigned int realmode; + unsigned char tmpcipher[INTERNAL_MAX_KEY_LEN + 1] = {0}; + unsigned int tmpcipherlen = 0; + unsigned char kcv[8] = {0}; + unsigned int kcvlen = 0; + + ret = get_real_symm_algo_type(moduleinterfaces->type, algo, &realalgo, &realmode); + if (ret != CRYPT_MOD_OK) + break; + ret = moduleinterfaces->extendInterfaces.jntaInterfaces->JNTAGenerateSymmKeyWithLMK(sess, (TA_SYMM_ALG)realalgo, tmpcipher, &tmpcipherlen, kcv, &kcvlen); + if (ret != INTERNAL_OK) + break; + ret = moduleinterfaces->extendInterfaces.jntaInterfaces->JNTAImportKeyCipherByLMK(sess, currnetindex, 0, 0, (TA_SYMM_ALG)realalgo, 0, NULL, 0, NULL, 0, tmpcipher, tmpcipherlen, kcv, 0); + if (ret != INTERNAL_OK) + break; + break; + } + case MODULE_SWXA_KMS_TYPE: + ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAGenerateKeyCipher(sess, get_key_len_by_algo_type(algo), key, keylen); + break; + default: + ret = CRYPTO_MOD_TYPE_INVALID_ERR; + break; + } + + if (useindex) { + if (ret != CRYPT_MOD_OK && ret != INTERNAL_OK) { + pthread_mutex_unlock(&genkeymutex); + return ret; + } else { + sprintf((char*)key, "%d",currnetindex); + *keylen = strlen((char*)key); + currnetindex++; + pthread_mutex_unlock(&genkeymutex); + return CRYPT_MOD_OK; + } + } + + if (ret != CRYPT_MOD_OK && ret != INTERNAL_OK) { + return ret; + } else { + return CRYPT_MOD_OK; + } + +} + +int internal_symm_encrypt(void *keyctx, unsigned char *indata, unsigned int inlen, unsigned char *iv, unsigned int ivlen, unsigned char *outdata, unsigned int *outlen, unsigned char *tag) +{ + int ret = INTERNAL_OK; + + InternalKeyCtx *tmpctx = (InternalKeyCtx *)keyctx; + unsigned char *paddingdata = NULL; + int paddinglen = 0; + unsigned char tmpiv[INTERNAL_IV_LEN + 1] = {0}; + + memcpy(tmpiv, iv, ivlen); + paddinglen = inlen + INTERNAL_BLOCK_LEN + 1; + paddingdata = (unsigned char *)malloc(paddinglen); + + memset(paddingdata, 0x0, paddinglen); + internal_padding((char*)indata, inlen, (char*)paddingdata, &paddinglen); + + switch (moduleinterfaces->type) { + case MODULE_GDAC_CARD_TYPE: { + unsigned char tmpkey[INTERNAL_MAX_KEY_LEN] = {0}; + unsigned int keylen = 0; + ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACExportKEK(tmpctx->session, atoi((char*)tmpctx->key), tmpkey, &keylen); + if (ret != INTERNAL_OK) + return ret; + ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACEncryptWithIndex(tmpctx->session, tmpkey, keylen, tmpctx->algotype, tmpiv, ivlen, paddingdata, paddinglen, outdata, outlen, NULL, 0, NULL); + break; + } + case MODULE_JNTA_KMS_TYPE: { + int tmpindex = atoi((char*)(tmpctx->key)); + unsigned int standardtype = 0; + transform_jnta_algo_type(tmpctx->algotype, tmpctx->algomode, &standardtype); + ret = moduleinterfaces->standardInterfaces->InternalEncrypt(tmpctx->session, (void*)&tmpindex, standardtype, tmpiv, paddingdata, paddinglen, outdata, outlen); + break; + } + case MODULE_SWXA_KMS_TYPE: + ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAEncKeyEncrypt(tmpctx->session, tmpctx->key, tmpctx->keysize, tmpctx->algotype, tmpiv, paddingdata, paddinglen, outdata, outlen); + break; + default: + ret = CRYPTO_MOD_TYPE_INVALID_ERR; + break;; + } + + free(paddingdata); + + INTERNAL_RETURN(ret); + +} + +int internal_symm_decrypt(void *keyctx, unsigned char *indata, unsigned int inlen, unsigned char *iv, unsigned int ivlen, unsigned char *outdata, unsigned int *outlen, unsigned char *tag) +{ + int ret = INTERNAL_OK; + + InternalKeyCtx *tmpctx = (InternalKeyCtx *)keyctx; + unsigned char tmpiv[INTERNAL_IV_LEN + 1] = {0}; + + memcpy(tmpiv, iv, ivlen); + + switch (moduleinterfaces->type) { + case MODULE_GDAC_CARD_TYPE: { + unsigned char tmpkey[INTERNAL_MAX_KEY_LEN] = {0}; + unsigned int keylen = 0; + ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACExportKEK(tmpctx->session, atoi((char*)tmpctx->key), tmpkey, &keylen); + if (ret != INTERNAL_OK) + return ret; + ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACDecryptWithIndex(tmpctx->session, tmpkey, keylen, tmpctx->algotype, tmpiv, ivlen, indata, inlen, outdata, outlen, NULL, 0, NULL); + break; + } + case MODULE_JNTA_KMS_TYPE: { + int index = atoi((char *)(tmpctx->key)); + unsigned int standardtype = 0; + transform_jnta_algo_type(tmpctx->algotype, tmpctx->algomode, &standardtype); + ret = moduleinterfaces->standardInterfaces->InternalDecrypt(tmpctx->session, (void*)&index, standardtype, tmpiv, indata, inlen, outdata, outlen); + break; + } + case MODULE_SWXA_KMS_TYPE: + ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAEncKeyDecrypt(tmpctx->session, tmpctx->key, tmpctx->keysize, tmpctx->algotype, tmpiv, indata, inlen, outdata, outlen); + break; + default: + ret = CRYPTO_MOD_TYPE_INVALID_ERR; + break; + } + + if (ret == INTERNAL_OK) { + return internal_unpadding((char*)outdata, (int*)outlen); + } + + INTERNAL_RETURN(ret); + +} + +int internal_digest(void *sess, ModuleDigestAlgo algo, unsigned char * indata, unsigned int inlen, unsigned char *outdata, unsigned int *outlen) +{ + int ret = CRYPT_MOD_OK; + unsigned int realtype = 0; + int position = 0; + int updatelen = 0; + + ret = get_real_digest_algo_type(moduleinterfaces->type, algo, &realtype); + if (ret != CRYPT_MOD_OK) { + return ret; + } + + ret = moduleinterfaces->standardInterfaces->InternalHashInit(sess, realtype, NULL, NULL, 0); + if (ret != INTERNAL_OK) + return ret; + + while (inlen) { + if (inlen >= INTERNAL_MSG_BLOCK_LEN) { + updatelen = INTERNAL_MSG_BLOCK_LEN; + inlen -= INTERNAL_MSG_BLOCK_LEN; + } else { + updatelen = inlen; + inlen = 0; + } + + ret = moduleinterfaces->standardInterfaces->InternalHashUpdate(sess, indata + position, updatelen); + if (ret != INTERNAL_OK) + return ret; + position += updatelen; + } + + ret = moduleinterfaces->standardInterfaces->InternalHashFinal(sess, outdata, outlen); + + INTERNAL_RETURN(ret); +} + +/*如果传入的data为NULL,并且data_size为0,则对key自身做hmac*/ +int internal_hmac(void *ctx, unsigned char * data, unsigned int data_size, unsigned char *result, size_t *result_size) +{ + int ret = INTERNAL_OK; + + InternalKeyCtx *tmpctx = (InternalKeyCtx *)ctx; + + switch (moduleinterfaces->type) { + case MODULE_GDAC_CARD_TYPE:{ + unsigned char tmpkey[INTERNAL_MAX_KEY_LEN] = {0}; + unsigned int keylen = 0; + ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACExportKEK(tmpctx->session, atoi((char*)tmpctx->key), tmpkey, &keylen); + if (ret != INTERNAL_OK) + return ret; + ret = moduleinterfaces->extendInterfaces.gdacInterfaces->GDACHMAC(tmpctx->session, tmpkey, keylen, tmpctx->algotype, + (data != NULL) ? data : tmpkey, (data_size != 0) ? data_size : keylen, result, (unsigned int*)result_size); + memset(tmpkey,0x0,INTERNAL_MAX_KEY_LEN); + break; + } + case MODULE_JNTA_KMS_TYPE:{ + ret = moduleinterfaces->extendInterfaces.jntaInterfaces->JNTACalculateHmac(tmpctx->session, (TA_HMAC_ALG)tmpctx->algotype, atoi((char*)tmpctx->key), + NULL, 0, (data != NULL) ? data : tmpctx->key, (data_size != 0) ? data_size : tmpctx->keysize, result, (unsigned int*)result_size); + break; + } + case MODULE_SWXA_KMS_TYPE:{ + ret = moduleinterfaces->extendInterfaces.swxaInterfaces->SWXAHMAC(tmpctx->session, tmpctx->key, tmpctx->keysize, tmpctx->algotype, + (data != NULL) ? data : tmpctx->key, (data_size != 0) ? data_size : tmpctx->keysize, result, (unsigned int*)result_size); + break; + } + default: + ret = CRYPTO_MOD_TYPE_INVALID_ERR; + break; + } + + INTERNAL_RETURN(ret); + +} + +int internal_generate_random(void *sess, char *buffer, size_t size) +{ + int ret = INTERNAL_OK; + + ret = moduleinterfaces->standardInterfaces->InternalGenerateRandom(sess, size, (unsigned char*)buffer); + + INTERNAL_RETURN(ret); +} + + +/*第一位补0x80,后面补0x00,强补,即如果inlen正好是16的整数倍,则补一个0x80和15个0x00,如果只缺一,则只补一个0x80*/ +static int internal_padding(char *indata, int inlen, char *outdata, int *outlen) +{ + int i = 0; + int firstpad = 0x80; + int secondpad = 0x00; + + int paddlen = 0; + + paddlen = INTERNAL_BLOCK_LEN - inlen%INTERNAL_BLOCK_LEN; + + memcpy(outdata, indata, inlen); + + + for (i = 0; i < paddlen; i++) { + if (i == 0) + outdata[inlen + i] = firstpad; + else + outdata[inlen + i] = secondpad; + } + + *outlen = inlen + paddlen; + + return CRYPT_MOD_OK; +} + +static int internal_unpadding(char *indata, int *inlen) +{ + int firstpad = 0x80; + int secondpad = 0x00; + int tmplen = 0; + + tmplen = *inlen - 1; + + while (*(indata + tmplen) == secondpad) { + tmplen--; + } + + if (tmplen >= ((*inlen) - INTERNAL_BLOCK_LEN) && *(unsigned char*)(indata + tmplen) == firstpad) { + *inlen = tmplen; + } else { + return CRYPTO_MOD_UNPADDING_ERR; + } + + indata[tmplen] = '\0'; + + return CRYPT_MOD_OK; +} + + diff --git a/contrib/common_cipher/common_internal_interfaces.h b/contrib/common_cipher/common_internal_interfaces.h new file mode 100755 index 000000000..b7aa6f1bd --- /dev/null +++ b/contrib/common_cipher/common_internal_interfaces.h @@ -0,0 +1,127 @@ +#ifndef COMMON_INTERNAL_INTERFACES_H +#define COMMON_INTERNAL_INTERFACES_H + +#include "common_algo.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define ECCref_MAX_BITS 512 +#define ECCref_MAX_LEN ((ECCref_MAX_BITS+7) / 8) + +/* ECC key data public key structure definition */ +typedef struct ECCrefPublicKey_st +{ + unsigned int bits; + unsigned char x[ECCref_MAX_LEN]; + unsigned char y[ECCref_MAX_LEN]; +} ECCrefPublicKey; + +typedef int (*StandardOpenDevice_type)(void**); +typedef int (*StandardCloseDevice_type)(void*); +typedef int (*StandardOpenSession_type)(void*, void**); +typedef int (*StandardCloseSession_type)(void*); +typedef int (*StandardGenerateRandom_type)(void*, unsigned int, unsigned char*); +typedef int (*StandardHashInit_type)(void*, unsigned int, ECCrefPublicKey*, unsigned char*, unsigned int); +typedef int (*StandardHashUpdate_type)(void*, unsigned char*, unsigned int); +typedef int (*StandardHashFinal_type)(void*, unsigned char*, unsigned int*); +typedef int (*StandardEncrypt_type)(void*, void*, unsigned int, unsigned char*, unsigned char*, unsigned int, unsigned char*, unsigned int*); +typedef int (*StandardDecrypt_type)(void*, void*, unsigned int, unsigned char*, unsigned char*, unsigned int, unsigned char*, unsigned int*); +typedef int (*StandardDestroyKey_type)(void*, void*); + + +/*SDF标准接口*/ +typedef struct { + StandardOpenDevice_type InternalOpenDevice; /*打开设备*/ + StandardCloseDevice_type InternalCloseDevice; /*关闭设备*/ + StandardOpenSession_type InternalOpenSession; /*打开会话*/ + StandardCloseSession_type InternalCloseSession; /*关闭会话*/ + StandardGenerateRandom_type InternalGenerateRandom; /*生成随机数*/ + StandardHashInit_type InternalHashInit; /*哈希初始化*/ + StandardHashUpdate_type InternalHashUpdate; /*哈希update*/ + StandardHashFinal_type InternalHashFinal; /*哈希结束*/ + StandardEncrypt_type InternalEncrypt; /*使用密钥句柄加密*/ + StandardDecrypt_type InternalDecrypt; /*使用密钥句柄解密*/ + StandardDestroyKey_type InternalDestroyKey; /*销毁密钥句柄*/ +}ModuleStandardInterfaces; + + +typedef int (*GDACHMAC_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int*); +typedef int (*GDACGenerateKEK_type)(void*, unsigned int, unsigned int); +typedef int (*GDACEncryptWithIndex_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int*, unsigned char*, unsigned int, unsigned char*); +typedef int (*GDACDecryptWithIndex_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int*, unsigned char*, unsigned int, unsigned char*); +typedef int (*GDACExportKEK_type)(void*, unsigned int, void*, unsigned int*); +typedef int (*GDACGetkeyState_type)(void*, unsigned int, unsigned int, unsigned int*); + +/*光电安辰扩展接口*/ +typedef struct { + GDACHMAC_type GDACHMAC; /*hmac*/ + GDACGenerateKEK_type GDACGenerateKEK; /*生成指定索引密钥*/ + GDACEncryptWithIndex_type GDACEncryptWithIndex; /*使用索引密钥加密*/ + GDACDecryptWithIndex_type GDACDecryptWithIndex; /*使用索引密钥解密*/ + GDACExportKEK_type GDACExportKEK; /*导出KEK,不对外提供,内做索引转密钥使用*/ + GDACGetkeyState_type GDACGetkeyState; /*获取密钥状态*/ +}ModuleGdacInterfaces; + + +typedef int (*SWXAOpenDeviceWithPathAndName_type)(unsigned char*, void **); +typedef int (*SWXAHMAC_type)(void *, unsigned char *, unsigned int, unsigned int, unsigned char *, unsigned int, unsigned char *,unsigned int*); +typedef int (*SWXAGenerateKeyCipher_type)(void*, unsigned int, unsigned char*, unsigned int*); +typedef int (*SWXAEncKeyEncrypt_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned char*, unsigned int, unsigned char*, unsigned int*); +typedef int (*SWXAEncKeyDecrypt_type)(void*, unsigned char*, unsigned int, unsigned int, unsigned char*, unsigned char*, unsigned int, unsigned char*, unsigned int*); + +/*三未信安扩展接口*/ +typedef struct { + SWXAOpenDeviceWithPathAndName_type SWXAOpenDeviceWithPathAndName; /*指定配置文件路径和名称打开设备*/ + SWXAHMAC_type SWXAHMAC; /*hmac*/ + SWXAGenerateKeyCipher_type SWXAGenerateKeyCipher; /*生成密钥密文*/ + SWXAEncKeyEncrypt_type SWXAEncKeyEncrypt; /*使用密钥密文加密*/ + SWXAEncKeyDecrypt_type SWXAEncKeyDecrypt; /*使用密钥密文解密*/ +}ModuleSwxaInterfaces; + + +typedef int (*JNTACalculateHmac_type)(void *, TA_HMAC_ALG, unsigned int, const unsigned char*, unsigned int, unsigned char*, unsigned int, unsigned char*, unsigned int*); +typedef int (*JNTAGenerateSymmKeyWithLMK_type)(void *, TA_SYMM_ALG, unsigned char*, unsigned int*, unsigned char*,unsigned int*); +typedef int (*JNTAImportKeyCipherByLMK_type)(void*, unsigned int, int, int, TA_SYMM_ALG, int, const unsigned char*, unsigned int, const unsigned char*, unsigned int, + const unsigned char*, unsigned int, const unsigned char symmKcv[8], unsigned int); + + +/*江南天安扩展接口*/ +typedef struct { + JNTACalculateHmac_type JNTACalculateHmac; /*hmac*/ + JNTAGenerateSymmKeyWithLMK_type JNTAGenerateSymmKeyWithLMK; /*生成LMK加密的密钥密文*/ + JNTAImportKeyCipherByLMK_type JNTAImportKeyCipherByLMK; /*导入LMK加密的密钥密文到指定的索引位置*/ +}ModuleJntaInterfaces; + + +/*硬件提供的所有接口*/ +typedef struct { + ModuleType type; + ModuleStandardInterfaces *standardInterfaces; + union { + ModuleGdacInterfaces *gdacInterfaces; + ModuleSwxaInterfaces *swxaInterfaces; + ModuleJntaInterfaces *jntaInterfaces; + }extendInterfaces; +}ModuleInterfaces; + +extern int load_module_driver(ModuleParams moduleparams); +extern int unload_module_driver(); +extern int internal_open_device(char* cfg_path); +extern int internal_close_device(); +extern int internal_open_session(void **sess); +extern int internal_close_session(void *sess); +extern ModuleType get_current_module_type(); +extern int internal_generate_symm_key(void* sess, ModuleSymmKeyAlgo algo, unsigned char* key, unsigned int* keylen); +extern int internal_symm_encrypt(void *keyctx, unsigned char *indata, unsigned int inlen, unsigned char *iv, unsigned int ivlen, unsigned char *outdata, unsigned int *outlen, unsigned char *tag); +extern int internal_symm_decrypt(void *keyctx, unsigned char *indata, unsigned int inlen, unsigned char *iv, unsigned int ivlen, unsigned char *outdata, unsigned int *outlen, unsigned char *tag); +extern int internal_digest(void *sess, ModuleDigestAlgo algo, unsigned char * indata, unsigned int inlen, unsigned char *outdata, unsigned int *outlen); +extern int internal_hmac(void *ctx, unsigned char * data, unsigned int data_size, unsigned char *result, long unsigned int *result_size); +extern int internal_generate_random(void *sess, char *buffer, long unsigned int size); + +#ifdef __cplusplus +} +#endif + +#endif /* COMMON_INTERNAL_INTERFACES_H */ diff --git a/contrib/common_cipher/common_utils.cpp b/contrib/common_cipher/common_utils.cpp new file mode 100755 index 000000000..5b06cf67d --- /dev/null +++ b/contrib/common_cipher/common_utils.cpp @@ -0,0 +1,155 @@ +#include +#include +#include +#include "common_utils.h" +#include "common_err.h" +#include "common_algo.h" + +/*去掉字符串头和尾的空格*/ +static char* remove_space(char *input) +{ + int header = 0; + int end = 0; + int inputlen = 0; + const char filter = ' '; + char *tmp = NULL; + + if (input == NULL || input[0] == '\0') { + return NULL; + } + + inputlen = strlen(input); + + /*去头部空格*/ + while(input[header++] == filter && header < inputlen) { + /*do nothing*/ + } + + end = inputlen - 1; + + /*去尾部空格*/ + while(input[end--] == filter && end >= (header - 1)) { + /*do nothing*/ + } + + tmp = (char*)malloc(inputlen + 1); + memset(tmp,0x0,inputlen + 1); + + /*初始位置为header - 1,长度为(end + 1)- (header -1) + 1*/ + memcpy(tmp, input + header - 1, end - header + 3); + + return tmp; +} + +static int set_module_params(char* k, char* v, ModuleParams *moduleparams) +{ + if (IS_MODULE_TYPE(k)) { + if (moduleparams->moduletype != MODULE_INVALID_TYPE) { + return CRYPTO_MOD_TYPE_REPEATED_ERR; + } + + moduleparams->moduletype = GET_MODULE_TYPE(v); + + if (moduleparams->moduletype == MODULE_INVALID_TYPE) { + return CRYPTO_MOD_TYPE_INVALID_ERR; + } + } else if (IS_MODULE_LIB_PATH(k)) { + + if (moduleparams->libpath[0] != '\0') { + return CRYPTO_MOD_LIBPATH_REPEATED_ERR; + } + + if (v[0] == '\0' || strlen(v) >= MODULE_MAX_PATH_LEN) { + return CRYPTO_MOD_LIBPATH_INVALID_ERR; + } else { + memcpy(moduleparams->libpath, v, strlen(v)); + } + } else if(IS_MODULE_CONFIG_FILE_PATH(k)) { + + if (moduleparams->cfgfilepath[0] != '\0') { + return CRYPTO_MOD_CFG_PATH_REPEATED_ERR; + } + + if (v[0] == '\0' || strlen(v) >= MODULE_MAX_PATH_LEN) { + return CRYPTO_MOD_CFG_PATH_INVALID_ERR; + } else { + memcpy(moduleparams->cfgfilepath, v, strlen(v)); + } + } else { + return CRYPTO_MOD_UNKNOWN_PARAM_ERR; + } + + return CRYPT_MOD_OK; + +} + +static int check_module_params(ModuleParams *moduleparams) +{ + if (moduleparams->libpath[0] == '\0') { + return CRYPTO_MOD_LIBPATH_INVALID_ERR; + } + + switch (moduleparams->moduletype) { + case MODULE_GDAC_CARD_TYPE: + /*光电安辰密码卡不需要配置文件*/ + if (moduleparams->cfgfilepath[0] != '\0') { + return CRYPTO_MOD_PARAM_TOO_MANY_ERR; + } + break; + case MODULE_JNTA_KMS_TYPE: + /*江南天安的配置文件,需要设置为环境变量使用"TASS_GHVSM_CFG_PATH",在后面加载时自己临时设置使用*/ + if (moduleparams->cfgfilepath[0] == '\0') { + return CRYPTO_MOD_CFG_PATH_INVALID_ERR; + } + break; + case MODULE_SWXA_KMS_TYPE: + /*三未信安kms使用带配置文件路径名称的接口*/ + if (moduleparams->cfgfilepath[0] == '\0') { + return CRYPTO_MOD_CFG_PATH_INVALID_ERR; + } + break; + default: + return CRYPTO_MOD_TYPE_INVALID_ERR; + } + + return CRYPT_MOD_OK; +} + +int parse_module_params(char *paramsstring, ModuleParams *moduleparams) +{ + char *p = NULL; + char *saveptr1 = NULL; + const char *split1 = ","; + const char *split2 = "="; + int ret = 0; + + p = strtok_r(paramsstring, split1, &saveptr1); + + while (p != NULL) { + char *q = NULL; + char *saveptr2 = NULL; + char *tmp_p = NULL; + char *tmp_ptr2 = NULL; + q = strtok_r(p, split2, &saveptr2); + + tmp_p = remove_space(p); + tmp_ptr2 = remove_space(saveptr2); + + ret = set_module_params(tmp_p, tmp_ptr2, moduleparams); + if (ret != CRYPT_MOD_OK) { + free(tmp_p); + free(tmp_ptr2); + return ret; + } + + free(tmp_p); + free(tmp_ptr2); + + q = NULL; + p = strtok_r(NULL, split1, &saveptr1); + } + + return check_module_params(moduleparams); + +} + diff --git a/contrib/common_cipher/common_utils.h b/contrib/common_cipher/common_utils.h new file mode 100755 index 000000000..2f9d6684b --- /dev/null +++ b/contrib/common_cipher/common_utils.h @@ -0,0 +1,52 @@ +#ifndef COMMON_UTILS_H +#define COMMON_UTILS_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + MODULE_INVALID_TYPE = 0, + MODULE_GDAC_CARD_TYPE, /*光电安辰密码卡*/ + MODULE_JNTA_KMS_TYPE, /*江南天安KMS*/ + MODULE_SWXA_KMS_TYPE /*三未信安KMS*/ +} ModuleType; + +/*定义以下字符串宏,用来对输入的kv结构字符串做解析,获取对应的value*/ +#define MODLUE_TYPE "MODLUE_TYPE" +#define MODLUE_LIB_PATH "MODLUE_LIB_PATH" +#define MODULE_CONFIG_FILE_PATH "MODULE_CONFIG_FILE_PATH" + +/*支持的硬件类型字符串*/ +#define MODULE_GDAC_CARD_STR "GDACCARD" +#define MODULE_JNTA_KMS_STR "JNTAKMS" +#define MODULE_SWXA_KMS_STR "SWXAKMS" + +#define IS_GDAC_CARD_TYPE(s) (strcmp(s, MODULE_GDAC_CARD_STR) == 0) +#define IS_JNTA_KMS_TYPE(s) (strcmp(s, MODULE_JNTA_KMS_STR) == 0) +#define IS_SWXA_KMS_TYPE(s) (strcmp(s, MODULE_SWXA_KMS_STR) == 0) + +/*字符串转为枚举类型*/ +#define GET_MODULE_TYPE(s) (IS_GDAC_CARD_TYPE(s) ? MODULE_GDAC_CARD_TYPE \ + : IS_JNTA_KMS_TYPE(s) ? MODULE_JNTA_KMS_TYPE \ + : IS_SWXA_KMS_TYPE(s) ? MODULE_SWXA_KMS_TYPE : MODULE_INVALID_TYPE) + +#define IS_MODULE_TYPE(s) (strcmp(s, MODLUE_TYPE) == 0) +#define IS_MODULE_LIB_PATH(s) (strcmp(s, MODLUE_LIB_PATH) == 0) +#define IS_MODULE_CONFIG_FILE_PATH(s) (strcmp(s, MODULE_CONFIG_FILE_PATH) == 0) + +#define MODULE_MAX_PATH_LEN 1024 + +typedef struct { + ModuleType moduletype; + char libpath[MODULE_MAX_PATH_LEN]; + char cfgfilepath[MODULE_MAX_PATH_LEN]; +}ModuleParams; + +extern int parse_module_params(char *paramsstring, ModuleParams *moduleparams); + +#ifdef __cplusplus +} +#endif + +#endif /* COMMON_UTILS_H */ diff --git a/contrib/common_cipher/test.cpp b/contrib/common_cipher/test.cpp new file mode 100755 index 000000000..05e280e75 --- /dev/null +++ b/contrib/common_cipher/test.cpp @@ -0,0 +1,321 @@ +#include +#include +#include +#include +#include + +#define MAX_PROVIDER_NAME_LEN 128 +#define MAX_ERRMSG_LEN 256 + +static pthread_rwlock_t drivermutex; + +typedef enum { + MODULE_AES_128_CBC = 0, + MODULE_AES_128_CTR, + MODULE_AES_128_GCM, + MODULE_AES_256_CBC, + MODULE_AES_256_CTR, + MODULE_AES_256_GCM, + MODULE_SM4_CBC, + MODULE_SM4_CTR, + MODULE_HMAC_SHA256, + MODULE_HMAC_SM3, + MODULE_DETERMINISTIC_KEY, + MODULE_ALGO_MAX = 1024 +} ModuleSymmKeyAlgo; + + +typedef enum { + MODULE_SHA256 = 0, + MODULE_SM3, + MODULE_DIGEST_MAX = 1024 +} ModuleDigestAlgo; + + +typedef enum { + KEY_TYPE_INVALID, + KEY_TYPE_PLAINTEXT, + KEY_TYPE_CIPHERTEXT, + KEY_TYPE_NAMEORIDX, + KEY_TYPE_MAX +} KeyType; + + +typedef struct { + char provider_name[MAX_PROVIDER_NAME_LEN]; + KeyType key_type; + int supported_symm[MODULE_ALGO_MAX]; // 不支持算法填入0或者支持算法填入1 + int supported_digest[MODULE_DIGEST_MAX]; // 不支持算法填入0或者支持算法填入1 +} SupportedFeature; + + +typedef int (*crypto_module_init_type)(char *load_info, SupportedFeature *supported_feature); +typedef int (*crypto_module_sess_init_type)(char *key_info, void **sess); +typedef void (*crypto_module_sess_exit_type)(void *sess); +typedef int (*crypto_create_symm_key_type)(void *sess, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t *key_id_size); +typedef int (*crypto_ctx_init_type)(void *sess, void **ctx, ModuleSymmKeyAlgo algo, int enc, unsigned char *key_id, size_t key_id_size); +typedef int (*crypto_result_size_type)(void *ctx, int enc, size_t data_size); +typedef void (*crypto_ctx_clean_type)(void *ctx); +typedef int (*crypto_encrypt_decrypt_type)(void *ctx, int enc, unsigned char *data, size_t data_size, unsigned char *iv, size_t iv_size, unsigned char *result, size_t *result_size, unsigned char *tag); +typedef int (*crypto_digest_type)(void *sess, ModuleDigestAlgo algo, unsigned char * data, size_t data_size,unsigned char *result, size_t *result_size); +typedef int (*crypto_hmac_init_type)(void *sess, void **ctx, ModuleSymmKeyAlgo algo, unsigned char *key_id, size_t key_id_size); +typedef void (*crypto_hmac_clean_type)(void *ctx); +typedef int (*crypto_hmac_type)(void *ctx, unsigned char * data, size_t data_size, unsigned char *result, size_t *result_size); +typedef int (*crypto_gen_random_type)(void *sess, char *buffer, size_t size); +typedef int (*crypto_deterministic_enc_dec_type)(void *sess, int enc, unsigned char *data, unsigned char *key_id, size_t key_id_size, size_t data_size, unsigned char *result, size_t *result_size); +typedef int (*crypto_get_errmsg_type)(void *sess, char *errmsg); + + +void *libhandle = NULL; +crypto_module_init_type crypto_module_init_use = NULL; +crypto_module_sess_init_type crypto_module_sess_init_use = NULL; +crypto_module_sess_exit_type crypto_module_sess_exit_use = NULL; +crypto_create_symm_key_type crypto_create_symm_key_use = NULL; +crypto_ctx_init_type crypto_ctx_init_use = NULL; +crypto_result_size_type crypto_result_size_use = NULL; +crypto_ctx_clean_type crypto_ctx_clean_use = NULL; +crypto_encrypt_decrypt_type crypto_encrypt_decrypt_use = NULL; +crypto_digest_type crypto_digest_use = NULL; +crypto_hmac_init_type crypto_hmac_init_use = NULL; +crypto_hmac_clean_type crypto_hmac_clean_use = NULL; +crypto_hmac_type crypto_hmac_use = NULL; +crypto_gen_random_type crypto_gen_random_use = NULL; +crypto_deterministic_enc_dec_type crypto_deterministic_enc_dec_use = NULL; +crypto_get_errmsg_type crypto_get_errmsg_use = NULL; + +static void load_lib() +{ + libhandle = dlopen("/home//vastbase/contrib/common_cipher/libcommoncipher.so", RTLD_LAZY); + crypto_module_init_use = (crypto_module_init_type)dlsym(libhandle, "crypto_module_init"); + crypto_module_sess_init_use = (crypto_module_sess_init_type)dlsym(libhandle, "crypto_module_sess_init"); + crypto_module_sess_exit_use = (crypto_module_sess_exit_type)dlsym(libhandle, "crypto_module_sess_exit"); + crypto_create_symm_key_use = (crypto_create_symm_key_type)dlsym(libhandle, "crypto_create_symm_key"); + crypto_ctx_init_use = (crypto_ctx_init_type)dlsym(libhandle, "crypto_ctx_init"); + crypto_result_size_use = (crypto_result_size_type)dlsym(libhandle, "crypto_result_size"); + crypto_ctx_clean_use = (crypto_ctx_clean_type)dlsym(libhandle, "crypto_ctx_clean"); + crypto_encrypt_decrypt_use = (crypto_encrypt_decrypt_type)dlsym(libhandle, "crypto_encrypt_decrypt"); + crypto_digest_use = (crypto_digest_type)dlsym(libhandle, "crypto_digest"); + crypto_hmac_init_use = (crypto_hmac_init_type)dlsym(libhandle, "crypto_hmac_init"); + crypto_hmac_clean_use = (crypto_hmac_clean_type)dlsym(libhandle, "crypto_hmac_clean"); + crypto_hmac_use = (crypto_hmac_type)dlsym(libhandle, "crypto_hmac"); + crypto_gen_random_use = (crypto_gen_random_type)dlsym(libhandle, "crypto_gen_random"); + crypto_deterministic_enc_dec_use = (crypto_deterministic_enc_dec_type)dlsym(libhandle, "crypto_deterministic_enc_dec"); + crypto_get_errmsg_use = (crypto_get_errmsg_type)dlsym(libhandle, "crypto_get_errmsg"); + +} + +static void* one_thread_func(void *data) +{ + int ret = 1; + int i = 0; + char options[] = {"MODLUE_TYPE=JNTAKMS,MODLUE_LIB_PATH=/home//vastbase/contrib/common_cipher/libTassSDF4GHVSM.so,MODULE_CONFIG_FILE_PATH=/home//vastbase/contrib/common_cipher/"}; + SupportedFeature supportedfeature; + char errmsg[MAX_ERRMSG_LEN] = {0}; + void *session = NULL; + unsigned char key[32] = {0}; + long unsigned int keylen = 0; + void *keyctx = NULL; + unsigned char srcdata[] = {"12345678"}; + unsigned char plaint[32] = {0}; + long unsigned int plaintlen = 32; + unsigned char encdata[32] = {0}; + long unsigned int enclen = 32; + unsigned char encdata2[32] = {0}; + long unsigned int enclen2 = 32; + unsigned char hashdata[32] = {0}; + long unsigned int hashlen = 0; + unsigned char hmacdata[32] = {0}; + long unsigned int hmaclen = 0; + long unsigned int needlen = 16; + char random[32] = {0}; + unsigned char iv[] = {"1234567812345678"}; + + ret = crypto_module_init_use(options, &supportedfeature); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_module_init error,errmsg:%s\n", errmsg); + return NULL; + } else { + printf("crypto_module_init success\n"); + printf("provider_name = %s,key_type = %d\n",supportedfeature.provider_name,supportedfeature.key_type); + for (i = 0; i < MODULE_ALGO_MAX;i++) { + if (supportedfeature.supported_symm[i] == 1) + printf("supported_symm[%d]\n",i); + } + for (i = 0; i < MODULE_DIGEST_MAX;i++) { + if (supportedfeature.supported_digest[i] == 1) + printf("supported_digest[%d]\n",i); + } + } + + ret = crypto_module_sess_init_use(NULL, &session); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_module_sess_init error,errmsg:%s\n", errmsg); + return NULL; + } else { + printf("crypto_module_sess_init success\n"); + } + + ret = crypto_create_symm_key_use(session, MODULE_SM4_CBC, key, &keylen); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_create_symm_key_use error,errmsg:%s\n", errmsg); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_create_symm_key_use success\n"); + printf("key = %s\n",key); + } + + ret = crypto_ctx_init_use(session, &keyctx, MODULE_SM4_CBC, 1, key, keylen); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_ctx_init_use error,errmsg:%s\n", errmsg); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_ctx_init_use success\n"); + } + + ret = crypto_encrypt_decrypt_use(keyctx, 1, srcdata, 8, iv, 16, encdata, &enclen, NULL); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_encrypt_decrypt_use enc error,errmsg:%s\n", errmsg); + crypto_ctx_clean_use(keyctx); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_encrypt_decrypt_use enc success\n"); + } + + ret = crypto_encrypt_decrypt_use(keyctx, 0, encdata, enclen, iv, 16, plaint, &plaintlen, NULL); + if (ret != 1 || strcmp((char*)plaint, (char*)srcdata)) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_encrypt_decrypt_use dec error,errmsg:%s\n", errmsg); + crypto_ctx_clean_use(keyctx); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_encrypt_decrypt_use dec success\n"); + } + + printf("enc nedd len:%d\n",crypto_result_size_use(keyctx, 1, needlen)); + + printf("dec nedd len:%d\n",crypto_result_size_use(keyctx, 0, needlen)); + + crypto_ctx_clean_use(keyctx); + + ret = crypto_digest_use(session, MODULE_SM3, plaint, plaintlen, hashdata, &hashlen); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_digest_use error,errmsg:%s\n", errmsg); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_digest_use success\n"); + printf("hashlen = %ld\n", hashlen); + } + + ret = crypto_hmac_init_use(session, &keyctx, MODULE_HMAC_SM3, key, keylen); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_hmac_init_use error,errmsg:%s\n", errmsg); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_hmac_init_use success\n"); + } + + ret = crypto_hmac_use(keyctx, plaint, plaintlen, hmacdata, &hmaclen); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_hmac_use error,errmsg:%s\n", errmsg); + crypto_hmac_clean_use(keyctx); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_hmac_use success\n"); + printf("hmaclen = %ld\n", hmaclen); + } + + crypto_hmac_clean_use(keyctx); + + ret = crypto_gen_random_use(session, random, 31); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_gen_random_use error,errmsg:%s\n", errmsg); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_gen_random_use success\n"); + } + + ret = crypto_deterministic_enc_dec_use(session, 1, plaint, key, keylen, plaintlen, encdata, &enclen); + if (ret != 1) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_deterministic_enc_dec_use1 enc error,errmsg:%s\n", errmsg); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_deterministic_enc_dec_use1 enc success\n"); + } + + ret = crypto_deterministic_enc_dec_use(session, 1, plaint, key, keylen, plaintlen, encdata2, &enclen2); + if (ret != 1 || strcmp((char*)encdata, (char*)encdata2)) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_deterministic_enc_dec_use2 enc error,errmsg:%s\n", errmsg); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_deterministic_enc_dec_use2 enc success\n"); + } + + ret = crypto_deterministic_enc_dec_use(session, 0, encdata2, key, keylen, enclen2, plaint, &plaintlen); + if (ret != 1 || strcmp((char*)plaint, (char*)srcdata)) + { + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_deterministic_enc_dec_use2 dec error,errmsg:%s\n", errmsg); + crypto_module_sess_exit_use(session); + return NULL; + } else { + printf("crypto_deterministic_enc_dec_use2 dec success\n"); + } + + crypto_get_errmsg_use(NULL, errmsg); + printf("crypto_get_errmsg_use errmsg:%s\n", errmsg); + + crypto_module_sess_exit_use(session); + + return NULL; +} + +int main() +{ + pthread_t t1, t2, t3, t4; + + load_lib(); + + pthread_create(&t1,0,one_thread_func,NULL); + pthread_create(&t2,0,one_thread_func,NULL); + pthread_create(&t3,0,one_thread_func,NULL); + pthread_create(&t4,0,one_thread_func,NULL); + pthread_join(t1,NULL); + pthread_join(t2,NULL); + pthread_join(t3,NULL); + pthread_join(t4,NULL); + + return 0; +}