Skip to content

Commit

Permalink
SMTC integrates with crypto card based on atf-slibce engine;add sdf, …
Browse files Browse the repository at this point in the history 
…TSAPI and etc.

DRBG set reseed interval and reseed_time_interval according to GM/T 0105-2021.

Modify of the integrity verification mechanism to SM2 signature.

App rand supports getting entropy from specified source.

Rename entropy rtc1 to rtcode, rtc2 to rtmem.

Add rtsock entropy source.

Support requesting entropy from specified entropy source.

Support atf-slibce engine.

Add sdf framework and partial APIs.

Add sdf app.

App speed add keygen for SM2 and GenerateKey with SDF.

Add TSAPI, mainly includes functions such as random number,

signature verification, encryption and decryption, etc.
  • Loading branch information
@dongbeiouba
dongbeiouba committed Jun 13, 2024
1 parent 45a8a9d commit bc72fe8
Show file tree
Hide file tree
Showing 79 changed files with 6,216 additions and 777 deletions.
6 changes: 6 additions & 0 deletions Configurations/00-base-templates.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,19 @@ my %targets=(
my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};

push @defs, "SDF_LIB" unless $disabled{"sdf-lib"};
push @defs, "SDF_LIB_SHARED" unless $disabled{"sdf-lib-dynamic"};
return [ @defs ];
},
includes =>
sub {
my @incs = ();
push @incs, $withargs{zlib_include}
if !$disabled{zlib} && $withargs{zlib_include};

push @incs, $withargs{sdf_include}
if !$disabled{sdf_lib} && $withargs{sdf_include};
return [ @incs ];
},
},
Expand Down
68 changes: 52 additions & 16 deletions Configure
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,9 +271,14 @@ $config{builddir} = abs2rel($blddir, $blddir);
# echo -n 'holy hand grenade of antioch' | openssl sha256
$config{FIPSKEY} =
'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813';
# echo -n "Tongsuo in hand, no worries about compliance" | tongsuo sm3
$config{SMTCKEY} =
'5b3d9ad84fd72961e63f27a3d5da2bb663e2ed9c7b761b8ad6d041ebc68f5098';
$config{SMTCPASSWD} = 'Tongsuo123';
$config{SMTCPUBKEY} =
'-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAERjiZ5ubxrnOZnjhvqvuJ5UcdRI64
sBEVwF0UztQK9eYzqOsFEm0PKkCjoYkdmiZ+Und0agHk94eFKhtUYsu0bw==
-----END PUBLIC KEY-----';
$config{SMTCPUBKEY} =~ s|\n|\\n|g;


# Collect reconfiguration information if needed
my @argvcopy=@ARGV;
Expand Down Expand Up @@ -355,8 +360,6 @@ $config{tongsuo_prerelease} =
$config{tongsuo_version} = "$config{tongsuo_major}.$config{tongsuo_minor}.$config{tongsuo_patch}";
$config{tongsuo_full_version} = "$config{tongsuo_version}$config{tongsuo_prerelease}";

$config{tongsuo_smtc_info} = $version{TONGSUO_SMTC_INFO};

die "erroneous version information in VERSION.dat: ",
"$config{version}, $config{shlib_version}\n"
unless (defined $version{MAJOR}
Expand Down Expand Up @@ -404,6 +407,7 @@ my @dtls = qw(dtls1 dtls1_2);
my @disablables = (
"acvp-tests",
"afalgeng",
"atf_slibce",
"asan",
"asm",
"async",
Expand Down Expand Up @@ -474,6 +478,8 @@ my @disablables = (
"smtc-debug",
"scrypt",
"sctp",
"sdf-lib",
"sdf-lib-dynamic",
"secure-memory",
"shared",
"siphash",
Expand Down Expand Up @@ -588,8 +594,11 @@ our %disabled = ( # "what" => "comment"
"zkp-gadget" => "default",
"zkp-transcript" => "default",
"bn-method" => "default",
"smtc" => "default",
"smtc-debug" => "default",
"smtc" => "default",
"smtc-debug" => "default",
"atf_slibce" => "default",
"sdf-lib" => "default",
"sdf-lib-dynamic" => "default",
);

# Note: => pair form used for aesthetics, not to truly make a hash table
Expand Down Expand Up @@ -679,6 +688,7 @@ my @disable_cascades = (
# SMTC does not support ct for now
# SMTC only support builtin module for now
sub { !$disabled{"smtc"}} => [ "ct", "module" ],
"sdf-lib" => [ "sdf-lib-dynamic" ],
);

# Avoid protocol support holes. Also disable all versions below N, if version
Expand Down Expand Up @@ -796,7 +806,7 @@ my %cmdvars = (); # Stores FOO='blah' type arguments
my %unsupported_options = ();
my %deprecated_options = ();
# If you change this, update apps/version.c
my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom rtc);
my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom rtcode rtmem rtsock);
my @seed_sources = ();
while (@argvcopy)
{
Expand Down Expand Up @@ -914,6 +924,10 @@ while (@argvcopy)
{
delete $disabled{"zlib"};
}
elsif ($1 eq "sdf-lib-dynamic")
{
delete $disabled{"sdf-lib"};
}
my $algo = $1;
delete $disabled{$algo};

Expand Down Expand Up @@ -1011,6 +1025,18 @@ while (@argvcopy)
push @seed_sources, $x;
}
}
elsif (/^--with-atf_slibce-lib=(.*)$/)
{
$withargs{atf_slibce_lib}=$1;
}
elsif (/^--with-sdf-lib=(.*)$/)
{
$withargs{sdf_lib}=$1;
}
elsif (/^--with-sdf-include=(.*)$/)
{
$withargs{sdf_include}=$1;
}
elsif (/^--fips-key=(.*)$/)
{
$user{FIPSKEY}=lc($1);
Expand All @@ -1021,15 +1047,25 @@ while (@argvcopy)
die "FIPS key too long (64 bytes max)\n"
if length $1 > 64;
}
elsif (/^--smtc-key=(.*)$/)
elsif (/^--smtc-pubkey=(.*)$/)
{
$user{SMTCKEY}=lc($1);
die "Non-hex character in SMTC key\n"
if $user{SMTCKEY} =~ /[^a-f0-9]/;
die "SMTC key must have even number of characters\n"
if length $1 & 1;
die "SMTC key too long (64 bytes max)\n"
if length $1 > 64;
open my $fh, "<", $1 or die "Can't open $1: $!\n";
$user{SMTCPUBKEY} = do { local $/; <$fh> };
close $fh;
chomp $user{SMTCPUBKEY};
$user{SMTCPUBKEY} =~ s|\n|\\n|g;
}
elsif (/^--smtc-passwd=(.*)$/)
{
$user{SMTCPASSWD} = $1;
die "Invalid character in SMTC password (A-Z, a-z, 0-9)\n"
if $user{SMTCPASSWD} =~ /[^A-Za-z0-9]/;
die "Invalid SMTC password length (8 ~ 64 bytes)\n"
if length $1 < 8 or length $1 > 64;
}
elsif (/^--smtc-info=(.*)$/)
{
$config{tongsuo_smtc_info} = $1;
}
elsif (/^--banner=(.*)$/)
{
Expand Down
3 changes: 1 addition & 2 deletions VERSION.dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,4 @@ SHLIB_VERSION=3
TONGSUO_MAJOR=8
TONGSUO_MINOR=5
TONGSUO_PATCH=0
TONGSUO_PRE_RELEASE_TAG=dev
TONGSUO_SMTC_INFO=
TONGSUO_PRE_RELEASE_TAG=dev
2 changes: 1 addition & 1 deletion apps/build.info
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ $OPENSSLSRC=\
pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
spkac.c verify.c version.c x509.c rehash.c storeutl.c \
list.c info.c fipsinstall.c pkcs12.c
list.c info.c fipsinstall.c pkcs12.c sdf.c
IF[{- !$disabled{'ec'} -}]
$OPENSSLSRC=$OPENSSLSRC ec.c ecparam.c
ENDIF
Expand Down
1 change: 1 addition & 0 deletions apps/enc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -534,6 +534,7 @@ int enc_main(int argc, char **argv)
BIO_printf(bio_err, "iv undefined\n");
goto end;
}

if (hkey != NULL) {
if (!set_hex(hkey, key, EVP_CIPHER_get_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n");
Expand Down
Loading

0 comments on commit bc72fe8

Please sign in to comment.