文章目录
- 《密码系统设计》实验
- 实验项目
- 实验三 密码模块实现
- 1-3 学时实践要求(30 分)
《密码系统设计》实验
实验项目
实验序号 | 实验名称 | 实验学时数 | 实验目的 | 实验内容 | 实验类型 | 学生学习预期成果 |
---|---|---|---|---|---|---|
实验三 | 密码模块实现 | 6 | 基于商用密码标准的密码模块的实现 | 实现简单的密码引擎,能够提供对称密码算法、非对称密码算法、Hash算法等的密码服务。 | 综合性 | 1.理解密码系统固件、接口等的设计和开发流程; 2.参考《GMT 0018-2023密码设备应用接口规范》等商用密码标准设计实现密码算法进行加密/解密、签名/验签、密钥生成/导出等的接口; 3.与其他商用密码模块进行兼容性测试。 |
实验三 密码模块实现
1-3 学时实践要求(30 分)
- 阅读学习 《GM/T 0016智能密码钥匙密码应用接口规范》和《GMT 0018 密码设备应用接口规范》
《GM/T 0016智能密码钥匙密码应用接口规范》:这是智能密码钥匙设备的应用接口标准,规定了密码相关应用接口的函数、数据类型、参数的定义和设备的安全要求。
《GMT 0018密码设备应用接口规范》:这是服务端密码设备应用接口的算法标识、数据结构和接口函数的标准。
-
在 Ubuntu或openEuler中(推荐 openEuler)中编译运行附件中《GM/T 0016智能密码钥匙密码应用接口规范》相关代码,并新增完成标准中至少一项功能。使用Markdown记录详细记录实践过程,每完成一项功能或者一个函数git commit 一次。(15分)
-
在 Ubuntu或openEuler中(推荐 openEuler)中编译运行附件中《GMT 0018 密码设备应用接口规范》相关代码,并新增完成标准中至少一项功能。(15分)
-
实验记录中提交 gitee 课程项目链接,提交本次实验相关 git log运行结果。
- GMT0018 裸卡ukey
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf# cd config
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/config# ls
config.sh unconfig.sh
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/config# chmod +x *.sh
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/config# sudo ./config.sh
Please restart your computer in order for this change of udev rules to take effect
run finished!
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/config# git init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: git branch -m <name>
Initialized empty Git repository in /root/bestidiocs2024/ch06/rochs0018sdf/config/.git/
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/config# git add .
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/config# git commit -m "GMT0018-1"
[master (root-commit) 92f92df] GMT0018-1
Committer: root <root@LAPTOP-PRC71A0C>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly. Run the
following command and follow the instructions in your editor to edit
your configuration file:
git config --global --edit
After doing this, you may fix the identity used for this commit with:
git commit --amend --reset-author
2 files changed, 153 insertions(+)
create mode 100755 config.sh
create mode 100755 unconfig.sh
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/config# git log
commit 92f92df3d195bb5689d59c1c362d342543571284 (HEAD -> master)
Author: root <root@LAPTOP-PRC71A0C>
Date: Sun Nov 17 19:44:27 2024 +0800
GMT0018-1
//
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf# git init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: git branch -m <name>
Initialized empty Git repository in /root/bestidiocs2024/ch06/rochs0018sdf/.git/
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf# ls
config example-x86-64.zip examples-arm.zip readMe.txt rochs0018电路图.pdf
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf# unzip example-x86-64.zip
Archive: example-x86-64.zip
creating: examples/
inflating: examples/sm4.o
inflating: examples/test.o
inflating: examples/sm4.c
inflating: examples/Makefile
inflating: examples/test.c
inflating: examples/test
inflating: examples/libhsctu_guomi_vpn.so
inflating: examples/sm4.h
inflating: examples/sdf.h
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf# ls
config example-x86-64.zip examples examples-arm.zip readMe.txt rochs0018电路图.pdf
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf# cd examples
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/examples# ls
Makefile libhsctu_guomi_vpn.so sdf.h sm4.c sm4.h sm4.o test test.c test.o
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/examples# make
make: 'test' is up to date.
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/examples# sudo ./test
open device successed!
open session successed!
CosVer: 6200
SDF_GetCosVersion successed
pucChipID[16]:
43464759 32542c05 050207e7 48531020
SDF_GetChipID successed
KeyList:
SGD_KEY_TYPE_ROOTKEY-80: 01
SGD_KEY_TYPE_KPK-81: 00
SGD_KEY_TYPE_FILEKEY-82: 00
SGD_KEY_TYPE_SESSIONKEY-83: 00000000000000000000000000000000
SGD_KEY_TYPE_SM2-84: 00000000000000000000000000000000
SGD_KEY_TYPE_RSA-85: 0000000000000000000000000000000000000000000000000000000000000000
SGD_KEY_TYPE_ECC-86: 00000000000000000000000000000000
SDF_GetKeyList successed
pOutRand[16]:
ae16c18e 346e1223 b81a218a 3977ce64
SDF_GenerateRandom successed!
SDF_ExternalAuthen successed
ExternalAuthen rootkey successed!
SDF_ImportManagerialKey rootkey successed!
SDF_ImportManagerialKey SGD_KEY_TYPE_KPK successed!
SDF_ImportManagerialKey SGD_KEY_TYPE_FILEKEY successed!
SDF_InstallDeviceSN successed!
KeyList:
SGD_KEY_TYPE_ROOTKEY-80: 01
SGD_KEY_TYPE_KPK-81: 01
SGD_KEY_TYPE_FILEKEY-82: 01
SGD_KEY_TYPE_SESSIONKEY-83: 00000000000000000000000000000000
SGD_KEY_TYPE_SM2-84: 00000000000000000000000000000000
SGD_KEY_TYPE_RSA-85: 0000000000000000000000000000000000000000000000000000000000000000
SGD_KEY_TYPE_ECC-86: 00000000000000000000000000000000
SDF_GetKeyList successed
DevSN:hs_0000000000001
SDF_GetDeviceSN successed
SDF_ExternalAuthen successed
ExternalAuthen SGD_KEY_TYPE_FILEKEY successed!
SDF_ConfigDataAreaPermission successed
BinaryReadWriteTest success!
SDF_ImportSessionKey success!
KeyList:
SGD_KEY_TYPE_ROOTKEY-80: 01
SGD_KEY_TYPE_KPK-81: 01
SGD_KEY_TYPE_FILEKEY-82: 01
SGD_KEY_TYPE_SESSIONKEY-83: 01010101010101010101010101010101
SGD_KEY_TYPE_SM2-84: 00000000000000000000000000000000
SGD_KEY_TYPE_RSA-85: 0000000000000000000000000000000000000000000000000000000000000000
SGD_KEY_TYPE_ECC-86: 00000000000000000000000000000000
SDF_GetKeyList successed
SDF_DestroySessionKey success!
KeyList:
SGD_KEY_TYPE_ROOTKEY-80: 01
SGD_KEY_TYPE_KPK-81: 01
SGD_KEY_TYPE_FILEKEY-82: 01
SGD_KEY_TYPE_SESSIONKEY-83: 01010101010101010000000000000000
SGD_KEY_TYPE_SM2-84: 00000000000000000000000000000000
SGD_KEY_TYPE_RSA-85: 0000000000000000000000000000000000000000000000000000000000000000
SGD_KEY_TYPE_ECC-86: 00000000000000000000000000000000
SDF_GetKeyList successed line 4380
SGD_SM4_ECB Encrypt datasize: 4000000 Bytes used time: 6415261 us
SGD_SM4_ECB Encrypt average speed: 4988105 bps
SGD_SM4_ECB Decrypt datasize: 4000000 Bytes used time: 6465405 us
SGD_SM4_ECB Decrypt average speed: 4949419 bps
SGD_SM4_CBC Encrypt datasize: 4000000 Bytes used time: 6524927 us
SGD_SM4_CBC Encrypt average speed: 4904269 bps
SGD_SM4_CBC Decrypt datasize: 4000000 Bytes used time: 6445218 us
SGD_SM4_CBC Decrypt average speed: 4964921 bps
SGD_SM1_ECB Encrypt datasize: 4000000 Bytes used time: 6456104 us
SGD_SM1_ECB Encrypt average speed: 4956549 bps
SGD_SM1_ECB Decrypt datasize: 4000000 Bytes used time: 6539830 us
SGD_SM1_ECB Decrypt average speed: 4893093 bps
SGD_SM1_CBC Encrypt datasize: 4000000 Bytes used time: 6536405 us
SGD_SM1_CBC Encrypt average speed: 4895657 bps
SGD_SM1_CBC Decrypt datasize: 4000000 Bytes used time: 6559270 us
SGD_SM1_CBC Decrypt average speed: 4878591 bps
SGD_AES_ECB Encrypt datasize: 4000000 Bytes used time: 6545869 us
SGD_AES_ECB Encrypt average speed: 4888579 bps
SGD_AES_ECB Decrypt datasize: 4000000 Bytes used time: 6609826 us
SGD_AES_ECB Decrypt average speed: 4841277 bps
SGD_AES_CBC Encrypt datasize: 4000000 Bytes used time: 6489441 us
SGD_AES_CBC Encrypt average speed: 4931087 bps
SGD_AES_CBC Decrypt datasize: 4000000 Bytes used time: 6411746 us
SGD_AES_CBC Decrypt average speed: 4990840 bps
SGD_IPSEC_SM1 Encrypt datasize: 4000000 Bytes used time: 6384714 us
SGD_IPSEC_SM1 Encrypt average speed: 5011970 bps
SGD_IPSEC_SM1 Decrypt datasize: 4000000 Bytes used time: 6461360 us
SGD_IPSEC_SM1 Decrypt average speed: 4952517 bps
SGD_IPSEC_SM4 Encrypt datasize: 4000000 Bytes used time: 6533533 us
SGD_IPSEC_SM4 Encrypt average speed: 4897809 bps
SGD_IPSEC_SM4 Decrypt datasize: 4000000 Bytes used time: 6460892 us
SGD_IPSEC_SM4 Decrypt average speed: 4952876 bps
SDF_ExternalAuthen successed
ExternalAuthen SGD_KEY_TYPE_KPK successed!
Generate_Export_Import_SM2_KeyPair successed!
Generate_Export_Import_ECC_KeyPair successed!
Generate_Export_Import_RSA1024_KeyPair successed!
Generate_Export_Import_RSA2048_KeyPair successed!
KeyList:
SGD_KEY_TYPE_ROOTKEY-80: 01
SGD_KEY_TYPE_KPK-81: 01
SGD_KEY_TYPE_FILEKEY-82: 01
SGD_KEY_TYPE_SESSIONKEY-83: 01010101010101010000000000000000
SGD_KEY_TYPE_SM2-84: 03030302020303030301010300000000
SGD_KEY_TYPE_RSA-85: 0505050101050505050404050000000005050501010505050504040500000000
SGD_KEY_TYPE_ECC-86: 03030302020303030301010300000000
SDF_GetKeyList successed
SM2_Internal_EncDec successed!
ECC_Internal_EncDec successed!
RSA1024_Internal_EncDec successed!
RSA2048_Internal_EncDec successed!
SM2_Internal_SignVerify successed!
SM2-Sign Times: 100 times; Spent time: 650689 us
SM2-Sign average speed: 153 times/s
SM2-Verify Times: 100 times; Spent time: 659184 us
SM2-Verify average speed: 151 times/s
SM2_Internal_SignVerify_test successed!
ECC_Internal_SignVerify successed!
RSA1024_Internal_SignVerify successed!
RSA2048_Internal_SignVerify successed!
RSA1024-Sign Times: 100 times; Spent time: 661723 us
RSA1024-Sign average speed: 151 times/s
RSA1024-Verify Times: 100 times; Spent time: 661700 us
RSA1024-Verify average speed: 151 times/s
RSA1024_Internal_SignVerify_test successed!
RSA2048-Sign Times: 100 times; Spent time: 1694808 us
RSA2048-Sign average speed: 59 times/s
RSA2048-Verify Times: 100 times; Spent time: 644265 us
RSA2048-Verify average speed: 155 times/s
RSA2048_Internal_SignVerify_Test successed!
SM2_External_EncDec successed!
ECC_External_EncDec successed!
RSA1024_External_EncDec successed!
RSA2048_External_EncDec successed!
SM2_External_SignVerify successed!
ECC_External_SignVerify successed!
RSA1024_External_SignVerify successed!
RSA2048_External_SignVerify successed!
The amount of data: 4000000 bytes time: 6500002 us
SGD_SM3Hash average speed: 4923075 bps
SGD_SM3Hash successed!
SGD_SHA_160_Hash successed!
SGD_SHA_224_Hash successed!
SGD_SHA_256_Hash successed!
SGD_SHA_384_Hash successed!
SGD_SHA_512_Hash successed!
SGD_HMac successed!
test successed.
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/examples# git add .
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/examples# git commit -m "GMT0018-2"
[master (root-commit) d535b84] GMT0018-2
Committer: root <root@LAPTOP-PRC71A0C>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly. Run the
following command and follow the instructions in your editor to edit
your configuration file:
git config --global --edit
After doing this, you may fix the identity used for this commit with:
git commit --amend --reset-author
9 files changed, 6257 insertions(+)
create mode 100644 examples/Makefile
create mode 100755 examples/libhsctu_guomi_vpn.so
create mode 100644 examples/sdf.h
create mode 100644 examples/sm4.c
create mode 100644 examples/sm4.h
create mode 100644 examples/sm4.o
create mode 100755 examples/test
create mode 100644 examples/test.c
create mode 100644 examples/test.o
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/rochs0018sdf/examples# git log
commit d535b8424133893ce6112cfd602bdd2c859bacdf (HEAD -> master)
Author: root <root@LAPTOP-PRC71A0C>
Date: Sun Nov 17 19:47:29 2024 +0800
GMT0018-2
- 龙脉ukey
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac# tree
.
├── FingerMgrDemo
│ ├── 90-mtoken.rules
│ ├── main.cpp
│ ├── makefile
│ ├── skfapi.h
│ └── skfapi_finger.h
├── encrypt
│ ├── main.cpp
│ ├── main.o
│ ├── makefile
│ └── makefile_mac
├── enumdevinfo
│ ├── main.cpp
│ ├── makefile_linux
│ └── makefile_mac
├── include
│ └── skfapi.h
├── interruptTest
│ ├── main.cpp
│ └── makefile
├── lib
│ └── x64
│ ├── libFingerPopUi.so
│ ├── libFingerPopUi.so:Zone.Identifier
│ ├── libgm3000.1.0.so
│ ├── libgm3000.1.0.so:Zone.Identifier
│ ├── readme.txt
│ └── readme.txt:Zone.Identifier
├── monitordev
│ ├── main.cpp
│ ├── makefile_linux
│ └── makefile_mac
├── readme.txt
└── signature
├── main.cpp
├── makefile_linux
└── makefile_mac
9 directories, 28 files
//encrypt
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# vim makefile
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# ls
main.cpp main.o makefile makefile_mac
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# git init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint: git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint: git branch -m <name>
Initialized empty Git repository in /root/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt/.git/
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# make
rm -f encryptTest
g++ -o encryptTest main.o ../lib/x64/libgm3000.1.0.so
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# ls
encryptTest main.cpp main.o makefile makefile_mac
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# ./encryptTest
encrypt data ok!
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# git add .
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# git commit -m "longmai ukeyEncrypt"
[master (root-commit) 091bcb0] longmai ukeyEncrypt
Committer: root <root@LAPTOP-PRC71A0C>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly. Run the
following command and follow the instructions in your editor to edit
your configuration file:
git config --global --edit
After doing this, you may fix the identity used for this commit with:
git commit --amend --reset-author
5 files changed, 169 insertions(+)
create mode 100755 encryptTest
create mode 100644 main.cpp
create mode 100644 main.o
create mode 100644 makefile
create mode 100644 makefile_mac
//signature
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac# cd signature
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/signature# ls
main.cpp makefile_linux makefile_mac
stu/samples/skf/linux_mac/signature# mv makefile_linux makefile
main.cpp makefile makefile_mac
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/signature# make
g++ -c -o main.o main.cpp
main.cpp: In function ‘int main()’:
main.cpp:24:29: warning: ISO C++ forbids converting a string constant to ‘char*’ [-Wwrite-strings]
24 | char *pUserPin = "123456";
| ^~~~~~~~
main.cpp:36:23: warning: ISO C++ forbids converting a string constant to ‘char*’ [-Wwrite-strings]
36 | char *pubid = "1234567812345678";
| ^~~~~~~~~~~~~~~~~~
main.cpp:38:26: warning: ISO C++ forbids converting a string constant to ‘char*’ [-Wwrite-strings]
38 | char *psrcdata = "1234567812345678";
| ^~~~~~~~~~~~~~~~~~
rm -f signatureTest
g++ -o signatureTest main.o ../lib/x64/libgm3000.1.0.so
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/signature# ls
main.cpp main.o makefile makefile_mac signatureTest
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/signature# ./signatureTest
Signature successful.
Verify signature successful.
如果出现了运行时无权限访问内存的情况
使用 Valgrind 检查内存问题
valgrind ./signatureTest
程序在尝试执行 libgm3000.1.0.so 动态库中的 libusb_get_device_list
函数时发生了段错误。具体的错误信息如下:Invalid read of size 4:
这表明程序试图读取一个无效的内存地址(0x30),这个地址既不是栈内存、也不是通过 malloc 分配的内存,也不是最近释放的内存。
Address 0x30 is not stack’d, malloc’d or (recently) free’d:这进一步确认了上述错误,指出地址 0x30 不是栈内存、动态分配的内存或最近释放的内存。 Process terminating with
default action of signal 11 (SIGSEGV):程序因为接收到信号 11(段错误)而终止。
这个段错误可能是由于动态库 libgm3000.1.0.so 中的内存访问错误引起的。据推测,可能需要检查库文件的完整性和兼容性,以及代码中的指针和内存操作。使用 GDB 和 Valgrind 进一步调试或许可以帮助找到具体的问题所在。
git log
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/encrypt# git log
commit 091bcb027410f8ca9c5a38a1137feb030514908e (HEAD -> master)
Author: root <root@LAPTOP-PRC71A0C>
Date: Sun Nov 17 20:33:02 2024 +0800
longmai ukeyEncrypt
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/monitordev# git log
commit 3080b3ce1201dfa5deebac013934e7700ed471e8 (HEAD -> master)
Author: root <root@LAPTOP-PRC71A0C>
Date: Sun Nov 17 20:41:19 2024 +0800
longmaiukey monitordev
commit 9703b19ccbcf51113a84eda7321dc4f4938f346a (origin/master, origin/HEAD)
root@LAPTOP-PRC71A0C:~/bestidiocs2024/ch06/longmaiskf0016-stu/samples/skf/linux_mac/signature# git log
commit 93dbfdae93ac5dba6169670e5aa57337538e9dbd (HEAD -> master)
Author: root <root@LAPTOP-PRC71A0C>
Date: Sun Nov 17 20:44:50 2024 +0800
signatureTest
commit c1993ca739225264b28caba72185661f58b93f08
Author: root <root@LAPTOP-PRC71A0C>
Date: Sun Nov 17 20:31:25 2024 +0800
longmai ukey
- 提交要求:
- 提交实践过程Markdown和转化的PDF文件
- 代码,文档托管到gitee或github等
- 记录实验过程中遇到的问题,解决过程,反思等内容,用于后面实验报告