SMTC改进

根据GM/T 0105-2021设置参数值. 完整性验证机制采用SM2签名. SMTC随机数获取熵后,使用扩展函数sm3_df(). rand app supports get entropy from specified source. Rename rtc1 to rtcode, rtc2 to rtmem. Support acquiring entropy from specified entropy source. imporve self_test_drbg, test instantiate, reseed and generate. Support atf-slibce engine.
dongbeiouba · May 20, 2024 · 30506f0 · 30506f0
1 parent 8ad48a8
commit 30506f0
Show file tree

Hide file tree

Showing 43 changed files with 1,844 additions and 606 deletions.
diff --git a/Configure b/Configure
@@ -271,9 +271,14 @@ $config{builddir} = abs2rel($blddir, $blddir);
 # echo -n 'holy hand grenade of antioch' | openssl sha256
 $config{FIPSKEY} =
     'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813';
-# echo -n "Tongsuo in hand, no worries about compliance" | tongsuo sm3
-$config{SMTCKEY} =
-    '5b3d9ad84fd72961e63f27a3d5da2bb663e2ed9c7b761b8ad6d041ebc68f5098';
+$config{SMTCPASSWD} = 'TSsmtc0028';
+$config{SMTCPUBKEY} =
+'-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAERjiZ5ubxrnOZnjhvqvuJ5UcdRI64
+sBEVwF0UztQK9eYzqOsFEm0PKkCjoYkdmiZ+Und0agHk94eFKhtUYsu0bw==
+-----END PUBLIC KEY-----';
+$config{SMTCPUBKEY} =~ s|\n|\\n|g;
+
 
 # Collect reconfiguration information if needed
 my @argvcopy=@ARGV;
@@ -355,8 +360,6 @@ $config{tongsuo_prerelease} =
 $config{tongsuo_version} = "$config{tongsuo_major}.$config{tongsuo_minor}.$config{tongsuo_patch}";
 $config{tongsuo_full_version} = "$config{tongsuo_version}$config{tongsuo_prerelease}";
 
-$config{tongsuo_smtc_info} = $version{TONGSUO_SMTC_INFO};
-
 die "erroneous version information in VERSION.dat: ",
     "$config{version}, $config{shlib_version}\n"
     unless (defined $version{MAJOR}
@@ -404,6 +407,7 @@ my @dtls = qw(dtls1 dtls1_2);
 my @disablables = (
     "acvp-tests",
     "afalgeng",
+    "atf_slibce",
     "asan",
     "asm",
     "async",
@@ -588,8 +592,9 @@ our %disabled = ( # "what"         => "comment"
                   "zkp-gadget"          => "default",
                   "zkp-transcript"      => "default",
                   "bn-method"           => "default",
-                  "smtc"                 => "default",
-                  "smtc-debug"           => "default",
+                  "smtc"                => "default",
+                  "smtc-debug"          => "default",
+                  "atf_slibce"          => "default",
                 );
 
 # Note: => pair form used for aesthetics, not to truly make a hash table
@@ -796,7 +801,7 @@ my %cmdvars = ();               # Stores FOO='blah' type arguments
 my %unsupported_options = ();
 my %deprecated_options = ();
 # If you change this, update apps/version.c
-my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom rtc);
+my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom rtcode rtmem rtsock);
 my @seed_sources = ();
 while (@argvcopy)
         {
@@ -1011,6 +1016,10 @@ while (@argvcopy)
                             push @seed_sources, $x;
                             }
                         }
+                elsif (/^--with-atf_slibce-lib=(.*)$/)
+                        {
+                        $withargs{atf_slibce_lib}=$1;
+                        }
                 elsif (/^--fips-key=(.*)$/)
                         {
                         $user{FIPSKEY}=lc($1);
@@ -1021,15 +1030,25 @@ while (@argvcopy)
                         die "FIPS key too long (64 bytes max)\n"
                            if length $1 > 64;
                         }
-                elsif (/^--smtc-key=(.*)$/)
+                elsif (/^--smtc-pubkey=(.*)$/)
                         {
-                        $user{SMTCKEY}=lc($1);
-                        die "Non-hex character in SMTC key\n"
-                           if $user{SMTCKEY} =~ /[^a-f0-9]/;
-                        die "SMTC key must have even number of characters\n"
-                           if length $1 & 1;
-                        die "SMTC key too long (64 bytes max)\n"
-                           if length $1 > 64;
+                        open my $fh, "<", $1 or die "Can't open $1: $!\n";
+                        $user{SMTCPUBKEY} = <$fh>;
+                        close $fh;
+                        chomp $user{SMTCPUBKEY};
+                        $user{SMTCPUBKEY} =~ s|\n|\\n|g;
+                        }
+                elsif (/^--smtc-passwd=(.*)$/)
+                        {
+                        $user{SMTCPASSWD} = $1;
+                        die "Invalid character in SMTC password (A-Z, a-z, 0-9)\n"
+                           if $user{SMTCPASSWD} =~ /[^A-Za-z0-9]/;
+                        die "Invalid SMTC password length (8 ~ 64 bytes)\n"
+                           if length $1 < 8 or length $1 > 64;
+                        }
+                elsif (/^--smtc-info=(.*)$/)
+                        {
+                        $config{tongsuo_smtc_info} = $1;
                         }
                 elsif (/^--banner=(.*)$/)
                         {

diff --git a/VERSION.dat b/VERSION.dat
@@ -8,5 +8,4 @@ SHLIB_VERSION=3
 TONGSUO_MAJOR=8
 TONGSUO_MINOR=5
 TONGSUO_PATCH=0
-TONGSUO_PRE_RELEASE_TAG=dev
-TONGSUO_SMTC_INFO=
+TONGSUO_PRE_RELEASE_TAG=dev