1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11
12 #include <stdio.h>
13 #include <errno.h>
14 #include <stdlib.h>
15 #include <string.h>
16 #include <gmssl/mem.h>
17 #include <gmssl/hex.h>
18 #include <gmssl/sm2.h>
19 #include <gmssl/sm3.h>
20 #include <gmssl/skf.h>
21
22
23 #define OP_NONE 0
24 #define OP_DEVINFO 1
25 #define OP_EXPORTPUBKEY 2
26 #define OP_SIGN 3
27 #define OP_RAND 4
28
29
30
print_usage(FILE * fp,const char * prog)31 static void print_usage(FILE *fp, const char *prog)
32 {
33 fprintf(fp, "usage:\n");
34 fprintf(fp, " %s -lib so_path -dev str -devinfo\n", prog);
35 fprintf(fp, " %s -lib so_path -dev str -app str [-pass str] -container str -exportpubkey [-out file]\n", prog);
36 fprintf(fp, " %s -lib so_path -dev str -app str [-pass str] -container str -sign [-in file] [-out file]\n", prog);
37 fprintf(fp, " %s -lib so_path -dev str -rand num [-out file]\n", prog);
38 }
39
skfutil_main(int argc,char ** argv)40 int skfutil_main(int argc, char **argv)
41 {
42 int ret = 1;
43 char *prog = argv[0];
44 char *lib = NULL;
45 int op = 0;
46 char *devname = NULL;
47 char *authkeystr = NULL;
48 char *appname = NULL;
49 char *container_name = NULL;
50 char *pass = NULL;
51 char *id = SM2_DEFAULT_ID;
52 int num = 0;
53 char *infile = NULL;
54 char *outfile = NULL;
55 FILE *infp = stdin;
56 FILE *outfp = stdout;
57 unsigned char buf[4096];
58 unsigned int ulen;
59 int len;
60
61 uint8_t authkey[16];
62 size_t authkeylen;
63 SKF_DEVICE dev;
64 SKF_KEY key;
65 int dev_opened = 0;
66 int key_opened = 0;
67
68 memset(&dev, 0, sizeof(dev));
69 memset(&key, 0, sizeof(key));
70
71 argc--;
72 argv++;
73
74 if (argc < 1) {
75 print_usage(stderr, prog);
76 return 1;
77 }
78
79 while (argc > 0) {
80 if (!strcmp(*argv, "-help")) {
81 print_usage(stdout, prog);
82 goto end;
83 } else if (!strcmp(*argv, "-lib")) {
84 if (--argc < 1) goto bad;
85 lib = *(++argv);
86 } else if (!strcmp(*argv, "-lib")) {
87 if (--argc < 1) goto bad;
88 devname = *(++argv);
89 } else if (!strcmp(*argv, "-devinfo")) {
90 op = OP_DEVINFO;
91 } else if (!strcmp(*argv, "-dev")) {
92 if (--argc < 1) goto bad;
93 devname = *(++argv);
94 } else if (!strcmp(*argv, "-authkey")) {
95 if (--argc < 1) goto bad;
96 authkeystr = *(++argv);
97 if (strlen(authkeystr) != 32) {
98 fprintf(stderr, "%s: invalid authkey length\n", prog);
99 goto end;
100 }
101 hex_to_bytes(authkeystr, strlen(authkeystr), authkey, &authkeylen);
102 } else if (!strcmp(*argv, "-exportpubkey")) {
103 op = OP_EXPORTPUBKEY;
104 } else if (!strcmp(*argv, "-sign")) {
105 op = OP_SIGN;
106 } else if (!strcmp(*argv, "-app")) {
107 if (--argc < 1) goto bad;
108 appname = *(++argv);
109 } else if (!strcmp(*argv, "-container")) {
110 if (--argc < 1) goto bad;
111 container_name = *(++argv);
112 } else if (!strcmp(*argv, "-pass")) {
113 if (--argc < 1) goto bad;
114 pass = *(++argv);
115 } else if (!strcmp(*argv, "-id")) {
116 if (--argc < 1) goto bad;
117 id = *(++argv);
118 } else if (!strcmp(*argv, "-rand")) {
119 if (--argc < 1) goto bad;
120 len = atoi(*(++argv));
121 } else if (!strcmp(*argv, "-in")) {
122 if (--argc < 1) goto bad;
123 infile = *(++argv);
124 if (!(infp = fopen(infile, "r"))) {
125 fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno));
126 goto end;
127 }
128 } else if (!strcmp(*argv, "-out")) {
129 if (--argc < 1) goto bad;
130 outfile = *(++argv);
131 if (!(outfp = fopen(outfile, "w"))) {
132 fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
133 goto end;
134 }
135 } else {
136 fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
137 goto end;
138 bad:
139 fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv);
140 goto end;
141 }
142
143 argc--;
144 argv++;
145 }
146
147 if (!lib) {
148 fprintf(stderr, "%s: option '-lib' required\n", prog);
149 goto end;
150 }
151 if (skf_load_library(lib, NULL) != 1) {
152 fprintf(stderr, "%s: load library failure\n", prog);
153 goto end;
154 }
155
156 if (!op) {
157 fprintf(stderr, "%s: option of (-devinfo|-exportpubkey|-sign|-rand) required\n", prog);
158 goto end;
159 }
160
161 if (!devname) {
162 fprintf(stderr, "%s: option '-dev' required\n", prog);
163 goto end;
164 }
165 if (op == OP_DEVINFO) {
166 skf_print_device_info(stdout, 0, 0, devname);
167 ret = 0;
168 goto end;
169 }
170
171 if (skf_open_device(&dev, devname, authkey) != 1) {
172 fprintf(stderr, "%s: open device failure\n", prog);
173 goto end;
174 }
175 dev_opened = 1;
176
177 if (op == OP_RAND) {
178 if (skf_rand_bytes(&dev, buf, len) != 1) {
179 fprintf(stderr, "%s: inner error\n", prog);
180 goto end;
181 }
182 if (fwrite(buf, 1, len, outfp) != len) {
183 fprintf(stderr, "%s: output failure : %s\n", prog, strerror(errno));
184 goto end;
185 }
186 ret = 0;
187 goto end;
188 }
189
190 if (!appname) {
191 fprintf(stderr, "%s: option '-app' required\n", prog);
192 goto end;
193 }
194 if (!container_name) {
195 fprintf(stderr, "%s: option '-container' required\n", prog);
196 goto end;
197 }
198 if (!pass) {
199 fprintf(stderr, "%s: option '-pass' required\n", prog);
200 goto end;
201 }
202
203 if (op == OP_EXPORTPUBKEY) {
204 if (skf_load_sign_key(&dev, appname, pass, container_name, &key) != 1) {
205 fprintf(stderr, "%s: load sign key failed\n", prog);
206 goto end;
207 }
208 if (sm2_public_key_info_to_pem(&(key.public_key), outfp) != 1) {
209 fprintf(stderr, "%s: output public key PEM failure\n", prog);
210 goto end;
211 }
212 ret = 0;
213 goto end;
214 }
215
216 if (op == OP_SIGN) {
217 SM3_CTX sm3_ctx;
218 uint8_t dgst[32];
219 uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
220 size_t siglen;
221
222 if (skf_load_sign_key(&dev, appname, pass, container_name, &key) != 1) {
223 fprintf(stderr, "%s: load sign key failed\n", prog);
224 goto end;
225 }
226 key_opened = 1;
227
228 sm3_init(&sm3_ctx);
229 sm2_compute_z(dgst, &(key.public_key.public_key), id, strlen(id));
230 sm3_update(&sm3_ctx, dgst, sizeof(dgst));
231
232 while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) {
233 sm3_update(&sm3_ctx, buf, len);
234 }
235 sm3_finish(&sm3_ctx, dgst);
236
237 if ((ret = skf_sign(&key, dgst, sig, &siglen)) != 1) {
238 fprintf(stderr, "%s: inner error\n", prog);
239 goto end;
240 }
241 ret = 0;
242 goto end;
243
244 } else {
245 fprintf(stderr, "%s: this should not happen\n", prog);
246 goto end;
247 }
248
249 end:
250 gmssl_secure_clear(buf, sizeof(buf));
251 if (key_opened) skf_release_key(&key);
252 if (dev_opened) skf_close_device(&dev);
253 if (lib) skf_unload_library();
254 if (infile && infp) fclose(infp);
255 if (outfile && outfp) fclose(outfp);
256 return ret;
257 }
258