Skip to content

Commit

Permalink
SMTC改进
Browse files Browse the repository at this point in the history 
根据GM/T 0105-2021设置参数值.
完整性验证机制采用SM2签名.
SMTC随机数获取熵后,使用扩展函数sm3_df().
rand app supports get entropy from specified source.
Rename rtc1 to rtcode, rtc2 to rtmem.
Support acquiring entropy from specified entropy source.
imporve self_test_drbg, test instantiate, reseed and generate.
Support atf-slibce engine.
Add sdf framework and few APIs.
  • Loading branch information
@dongbeiouba
dongbeiouba committed May 22, 2024
1 parent 8ad48a8 commit 67af3fd
Show file tree
Hide file tree
Showing 54 changed files with 2,350 additions and 652 deletions.
3 changes: 3 additions & 0 deletions Configurations/00-base-templates.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,9 @@ my %targets=(
my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};

push @defs, "SDF_LIB" unless $disabled{"sdf-lib"};
push @defs, "SDF_LIB_SHARED" unless $disabled{"sdf-lib-dynamic"};
return [ @defs ];
},
includes =>
Expand Down
64 changes: 48 additions & 16 deletions Configure
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,9 +271,14 @@ $config{builddir} = abs2rel($blddir, $blddir);
# echo -n 'holy hand grenade of antioch' | openssl sha256
$config{FIPSKEY} =
'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813';
# echo -n "Tongsuo in hand, no worries about compliance" | tongsuo sm3
$config{SMTCKEY} =
'5b3d9ad84fd72961e63f27a3d5da2bb663e2ed9c7b761b8ad6d041ebc68f5098';
$config{SMTCPASSWD} = 'TSsmtc0028';
$config{SMTCPUBKEY} =
'-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAERjiZ5ubxrnOZnjhvqvuJ5UcdRI64
sBEVwF0UztQK9eYzqOsFEm0PKkCjoYkdmiZ+Und0agHk94eFKhtUYsu0bw==
-----END PUBLIC KEY-----';
$config{SMTCPUBKEY} =~ s|\n|\\n|g;


# Collect reconfiguration information if needed
my @argvcopy=@ARGV;
Expand Down Expand Up @@ -355,8 +360,6 @@ $config{tongsuo_prerelease} =
$config{tongsuo_version} = "$config{tongsuo_major}.$config{tongsuo_minor}.$config{tongsuo_patch}";
$config{tongsuo_full_version} = "$config{tongsuo_version}$config{tongsuo_prerelease}";

$config{tongsuo_smtc_info} = $version{TONGSUO_SMTC_INFO};

die "erroneous version information in VERSION.dat: ",
"$config{version}, $config{shlib_version}\n"
unless (defined $version{MAJOR}
Expand Down Expand Up @@ -404,6 +407,7 @@ my @dtls = qw(dtls1 dtls1_2);
my @disablables = (
"acvp-tests",
"afalgeng",
"atf_slibce",
"asan",
"asm",
"async",
Expand Down Expand Up @@ -474,6 +478,8 @@ my @disablables = (
"smtc-debug",
"scrypt",
"sctp",
"sdf-lib",
"sdf-lib-dynamic",
"secure-memory",
"shared",
"siphash",
Expand Down Expand Up @@ -588,8 +594,11 @@ our %disabled = ( # "what" => "comment"
"zkp-gadget" => "default",
"zkp-transcript" => "default",
"bn-method" => "default",
"smtc" => "default",
"smtc-debug" => "default",
"smtc" => "default",
"smtc-debug" => "default",
"atf_slibce" => "default",
"sdf-lib" => "default",
"sdf-lib-dynamic" => "default",
);

# Note: => pair form used for aesthetics, not to truly make a hash table
Expand Down Expand Up @@ -679,6 +688,7 @@ my @disable_cascades = (
# SMTC does not support ct for now
# SMTC only support builtin module for now
sub { !$disabled{"smtc"}} => [ "ct", "module" ],
"sdf-lib" => [ "sdf-lib-dynamic" ],
);

# Avoid protocol support holes. Also disable all versions below N, if version
Expand Down Expand Up @@ -796,7 +806,7 @@ my %cmdvars = (); # Stores FOO='blah' type arguments
my %unsupported_options = ();
my %deprecated_options = ();
# If you change this, update apps/version.c
my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom rtc);
my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom rtcode rtmem rtsock);
my @seed_sources = ();
while (@argvcopy)
{
Expand Down Expand Up @@ -914,6 +924,10 @@ while (@argvcopy)
{
delete $disabled{"zlib"};
}
elsif ($1 eq "sdf-lib-dynamic")
{
delete $disabled{"sdf-lib"};
}
my $algo = $1;
delete $disabled{$algo};

Expand Down Expand Up @@ -1011,6 +1025,14 @@ while (@argvcopy)
push @seed_sources, $x;
}
}
elsif (/^--with-atf_slibce-lib=(.*)$/)
{
$withargs{atf_slibce_lib}=$1;
}
elsif (/^--with-sdf-lib=(.*)$/)
{
$withargs{sdf_lib}=$1;
}
elsif (/^--fips-key=(.*)$/)
{
$user{FIPSKEY}=lc($1);
Expand All @@ -1021,15 +1043,25 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
elsif (/^--smtc-key=(.*)$/)
elsif (/^--smtc-pubkey=(.*)$/)
{
$user{SMTCKEY}=lc($1);
die "Non-hex character in SMTC key\n"
if $user{SMTCKEY} =~ /[^a-f0-9]/;
die "SMTC key must have even number of characters\n"
if length $1 & 1;
die "SMTC key too long (64 bytes max)\n"
if length $1 > 64;
open my $fh, "<", $1 or die "Can't open $1: $!\n";
$user{SMTCPUBKEY} = do { local $/; <$fh> };
close $fh;
chomp $user{SMTCPUBKEY};
$user{SMTCPUBKEY} =~ s|\n|\\n|g;
}
elsif (/^--smtc-passwd=(.*)$/)
{
$user{SMTCPASSWD} = $1;
die "Invalid character in SMTC password (A-Z, a-z, 0-9)\n"
if $user{SMTCPASSWD} =~ /[^A-Za-z0-9]/;
die "Invalid SMTC password length (8 ~ 64 bytes)\n"
if length $1 < 8 or length $1 > 64;
}
elsif (/^--smtc-info=(.*)$/)
{
$config{tongsuo_smtc_info} = $1;
}
elsif (/^--banner=(.*)$/)
{
Expand Down
3 changes: 1 addition & 2 deletions VERSION.dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,4 @@ SHLIB_VERSION=3
TONGSUO_MAJOR=8
TONGSUO_MINOR=5
TONGSUO_PATCH=0
TONGSUO_PRE_RELEASE_TAG=dev
TONGSUO_SMTC_INFO=
TONGSUO_PRE_RELEASE_TAG=dev
Loading

0 comments on commit 67af3fd

Please sign in to comment.