abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

修改License

Browse Source
This commit is contained in:
Simon
2022-08-25 22:42:11 -07:00
parent 16b39da60b
commit 0b4308b948
268 changed files with 67247 additions and 67015 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
.github/workflows/cmake.yml vendored
View File

@@ -1,37 +1,37 @@
name: CMake
on:
push:
branches: [ develop ]
pull_request:
branches: [ develop ]
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
jobs:
build:
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
# You can convert this to a matrix build if you need cross-platform coverage.
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Configure CMake
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
- name: Build
# Build your program with the given configuration
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
- name: Test
working-directory: ${{github.workspace}}/build
# Execute tests defined by the CMake configuration.
# See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
run: ctest -C ${{env.BUILD_TYPE}}
name: CMake
on:
push:
branches: [ develop ]
pull_request:
branches: [ develop ]
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
jobs:
build:
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
# You can convert this to a matrix build if you need cross-platform coverage.
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Configure CMake
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
run: cmake -B ${{github.workspace}}/build -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}}
- name: Build
# Build your program with the given configuration
run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}}
- name: Test
working-directory: ${{github.workspace}}/build
# Execute tests defined by the CMake configuration.
# See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
run: ctest -C ${{env.BUILD_TYPE}}

62
.github/workflows/cygwin.yml vendored
View File

@@ -1,31 +1,31 @@
name: Cygwin
on:
push:
branches: [ develop ]
pull_request:
branches: [ develop ]
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
jobs:
build:
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
# You can convert this to a matrix build if you need cross-platform coverage.
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
runs-on: windows-latest
env:
SHELLOPTS: igncr
defaults:
run:
shell: C:\tools\cygwin\bin\bash.exe --login '{0}'
steps:
- uses: actions/checkout@v3
- name: Set up Cygwin
uses: egor-tensin/setup-cygwin@v3
with:
platform: x64
packages: cmake gcc-g++
name: Cygwin
on:
push:
branches: [ develop ]
pull_request:
branches: [ develop ]
env:
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
BUILD_TYPE: Release
jobs:
build:
# The CMake configure and build commands are platform agnostic and should work equally well on Windows or Mac.
# You can convert this to a matrix build if you need cross-platform coverage.
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
runs-on: windows-latest
env:
SHELLOPTS: igncr
defaults:
run:
shell: C:\tools\cygwin\bin\bash.exe --login '{0}'
steps:
- uses: actions/checkout@v3
- name: Set up Cygwin
uses: egor-tensin/setup-cygwin@v3
with:
platform: x64
packages: cmake gcc-g++

433
.gitignore vendored
View File

@@ -1,216 +1,217 @@
# Ignore editor artefacts
/.dir-locals.el
# Top level excludes
/Makefile.orig
/MINFO
/TABLE
/*.a
/*.pc
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm
/build
/Makefile
# *all* Makefiles
#Makefile
*.tmp
# Java
/java/*.class
/java/Makefile*
# Links under apps
/apps/CA.pl
/apps/tsget
/apps/tsget.pl
/apps/md4.c
# Auto generated headers
/crypto/buildinf.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd
# Executables
/apps/openssl
/test/sha256t
/test/sha512t
/test/gost2814789t
/test/ssltest_old
/test/*test
/test/fips_aesavs
/test/fips_desmovs
/test/fips_dhvs
/test/fips_drbgvs
/test/fips_dssvs
/test/fips_ecdhvs
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
/test/x509aux
/test/v3ext
# Certain files that get created by tests on the fly
/test/*.ss
/test/*.srl
/test/.rnd
/test/test*.pem
/test/newkey.pem
/test/*.log
/test/buildtest_*
/test/*.p
/test/*.dd
/test/*.dp
/test/*.pd
/test/*.p
/util/shlib_wrap.sh
# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
# with extensions. And we keep the corpora subddir versioned as well.
# Anything more generic with extensions that should be ignored will be taken
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
/fuzz/*
!/fuzz/README*
!/fuzz/corpora
!/fuzz/*.*
# Misc auto generated files
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/tags
/TAGS
/crypto.map
/ssl.map
# Windows (legacy)
/tmp32
/tmp32.dbg
/tmp32dll
/tmp32dll.dbg
/out32
/out32.dbg
/out32dll
/out32dll.dbg
/inc32
/MINFO
/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
/ms/ntdll.mak
/ms/ssleay32.def
/ms/version32.rc
# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/asn1_mac.h
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
/include/openssl/krb5_asn.h
/include/openssl/kssl.h
/include/openssl/pq_compat.h
/include/openssl/ssl23.h
/include/openssl/tmdiff.h
/include/openssl/ui_compat.h
/test/fips_aesavs.c
/test/fips_desmovs.c
/test/fips_dsatest.c
/test/fips_dssvs.c
/test/fips_hmactest.c
/test/fips_randtest.c
/test/fips_rngvs.c
/test/fips_rsagtest.c
/test/fips_rsastest.c
/test/fips_rsavtest.c
/test/fips_shatest.c
/test/fips_test_suite.c
/test/shatest.c
##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/arm*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm
# Object files
*.o
*.obj
# editor artefacts
*.swp
.#*
\#*#
*~
# Certificate symbolic links
*.0
# All kinds of executables
*.so
*.so.*
*.dylib
*.dylib.*
*.dll
*.dll.*
*.exe
*.pyc
*.exp
*.lib
*.pdb
*.ilk
*.def
*.rc
*.res
# Misc generated stuff
Makefile.save
/crypto/**/lib
/engines/**/lib
/ssl/**/lib
*.bak
cscope.*
*.d
# macOS
.DS_Store
*.tar.gz
# add by LiTianjue for GmSSL
# auto create by Configure
crypto/opensslconf.h
tool/c_rehash
# exec file
apps/gmssl
apps/gmca/.ca
# gmtls
/ssl/ssl_load.c
# engines
/engines/e_skf*
/engines/e_sdf*
/engines/sdf
/engines/skf
include/openssl/srp.h
/*.sh
/rust
/python
/build
# Ignore editor artefacts
/.dir-locals.el
# Top level excludes
/Makefile.orig
/MINFO
/TABLE
/*.a
/*.pc
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm
/build
/Makefile
# *all* Makefiles
#Makefile
*.tmp
# Java
/java/*.class
/java/Makefile*
# Links under apps
/apps/CA.pl
/apps/tsget
/apps/tsget.pl
/apps/md4.c
# Auto generated headers
/crypto/buildinf.h
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd
# Executables
/apps/openssl
/test/sha256t
/test/sha512t
/test/gost2814789t
/test/ssltest_old
/test/*test
/test/fips_aesavs
/test/fips_desmovs
/test/fips_dhvs
/test/fips_drbgvs
/test/fips_dssvs
/test/fips_ecdhvs
/test/fips_ecdsavs
/test/fips_rngvs
/test/fips_test_suite
/test/ssltest_old
/test/x509aux
/test/v3ext
# Certain files that get created by tests on the fly
/test/*.ss
/test/*.srl
/test/.rnd
/test/test*.pem
/test/newkey.pem
/test/*.log
/test/buildtest_*
/test/*.p
/test/*.dd
/test/*.dp
/test/*.pd
/test/*.p
/demos/*.pem
/util/shlib_wrap.sh
# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
# with extensions. And we keep the corpora subddir versioned as well.
# Anything more generic with extensions that should be ignored will be taken
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
/fuzz/*
!/fuzz/README*
!/fuzz/corpora
!/fuzz/*.*
# Misc auto generated files
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/tags
/TAGS
/crypto.map
/ssl.map
# Windows (legacy)
/tmp32
/tmp32.dbg
/tmp32dll
/tmp32dll.dbg
/out32
/out32.dbg
/out32dll
/out32dll.dbg
/inc32
/MINFO
/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
/ms/ntdll.mak
/ms/ssleay32.def
/ms/version32.rc
# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/asn1_mac.h
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
/include/openssl/krb5_asn.h
/include/openssl/kssl.h
/include/openssl/pq_compat.h
/include/openssl/ssl23.h
/include/openssl/tmdiff.h
/include/openssl/ui_compat.h
/test/fips_aesavs.c
/test/fips_desmovs.c
/test/fips_dsatest.c
/test/fips_dssvs.c
/test/fips_hmactest.c
/test/fips_randtest.c
/test/fips_rngvs.c
/test/fips_rsagtest.c
/test/fips_rsastest.c
/test/fips_rsavtest.c
/test/fips_shatest.c
/test/fips_test_suite.c
/test/shatest.c
##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/arm*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm
# Object files
*.o
*.obj
# editor artefacts
*.swp
.#*
\#*#
*~
# Certificate symbolic links
*.0
# All kinds of executables
*.so
*.so.*
*.dylib
*.dylib.*
*.dll
*.dll.*
*.exe
*.pyc
*.exp
*.lib
*.pdb
*.ilk
*.def
*.rc
*.res
# Misc generated stuff
Makefile.save
/crypto/**/lib
/engines/**/lib
/ssl/**/lib
*.bak
cscope.*
*.d
# macOS
.DS_Store
*.tar.gz
# add by LiTianjue for GmSSL
# auto create by Configure
crypto/opensslconf.h
tool/c_rehash
# exec file
apps/gmssl
apps/gmca/.ca
# gmtls
/ssl/ssl_load.c
# engines
/engines/e_skf*
/engines/e_sdf*
/engines/sdf
/engines/skf
include/openssl/srp.h
/*.sh
/rust
/python
/build

552
CMakeLists.txt
View File

@@ -1,276 +1,276 @@
cmake_minimum_required(VERSION 3.0)
project(GmSSL)
#set(CMAKE_MACOSX_RPATH 1)
SET(EXECUTABLE_OUTPUT_PATH ${PROJECT_BINARY_DIR}/bin)
SET(LIBRARY_OUTPUT_PATH ${PROJECT_BINARY_DIR}/lib)
if (CMAKE_VERSION VERSION_LESS "3.1")
if (CMAKE_C_COMPILER_ID STREQUAL "GNU")
set (CMAKE_C_FLAGS "-std=gnu99 ${CMAKE_C_FLAGS}")
endif ()
else ()
set (CMAKE_C_STANDARD 99)
endif ()
#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd -mrdseed")
include_directories(include)
add_library(
gmssl
SHARED
src/version.c
src/debug.c
src/sm4_common.c
src/sm4_enc.c
src/sm4_modes.c
src/sm4_setkey.c
src/sm3.c
src/sm3_hmac.c
src/sm3_kdf.c
src/sm2_alg.c
src/sm2_key.c
src/sm2_lib.c
src/sm9_alg.c
src/sm9_key.c
src/sm9_lib.c
src/zuc.c
src/zuc_modes.c
src/aes.c
src/aes_modes.c
src/sha256.c
src/sha512.c
src/chacha20.c
src/des.c
src/sha1.c
src/md5.c
src/rc4.c
src/rand.c
src/hash_drbg.c
# src/rdrand.c
src/block_cipher.c
src/digest.c
src/hmac.c
src/hkdf.c
src/pbkdf2.c
src/gf128.c
src/gcm.c
src/pkcs8.c
src/ec.c
src/rsa.c
src/asn1.c
src/hex.c
src/base64.c
src/pem.c
src/x509_oid.c
src/x509_alg.c
src/x509_str.c
src/x509_cer.c
src/x509_ext.c
src/x509_req.c
src/x509_crl.c
src/cms.c
src/sdf/sdf.c
src/sdf/sdf_lib.c
src/sdf/sdf_meth.c
src/sdf/sdf_ext.c
src/sdf/sdf_sansec.c
src/skf/skf.c
src/skf/skf_lib.c
src/skf/skf_meth.c
src/skf/skf_ext.c
src/skf/skf_prn.c
src/skf/skf_wisec.c
src/tls.c
src/tls_ext.c
src/tls_trace.c
src/tlcp.c
src/tls12.c
src/tls13.c
)
target_link_libraries(gmssl dl)
SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.0 SOVERSION 3)
add_library(sdf_dummy SHARED src/sdf/sdf_dummy.c)
SET_TARGET_PROPERTIES(sdf_dummy PROPERTIES VERSION 3.0 SOVERSION 3)
add_library(skf_dummy SHARED src/skf/skf_dummy.c)
SET_TARGET_PROPERTIES(skf_dummy PROPERTIES VERSION 3.0 SOVERSION 3)
add_executable(
gmssl-bin
tools/gmssl.c
tools/version.c
tools/sm4.c
tools/sm3.c
tools/sm3hmac.c
tools/sm2keygen.c
tools/sm2sign.c
tools/sm2verify.c
tools/sm2encrypt.c
tools/sm2decrypt.c
tools/sm9setup.c
tools/sm9keygen.c
tools/sm9sign.c
tools/sm9verify.c
tools/sm9encrypt.c
tools/sm9decrypt.c
tools/zuc.c
tools/rand.c
tools/pbkdf2.c
tools/certgen.c
tools/certparse.c
tools/certverify.c
tools/reqgen.c
tools/reqparse.c
tools/reqsign.c
tools/crlparse.c
tools/crlverify.c
tools/cmssign.c
tools/cmsverify.c
tools/cmsencrypt.c
tools/cmsdecrypt.c
tools/cmsparse.c
tools/sdfutil.c
tools/skfutil.c
tools/tlcp_client.c
tools/tlcp_server.c
tools/tls12_client.c
tools/tls12_server.c
tools/tls13_client.c
tools/tls13_server.c
)
target_link_libraries (gmssl-bin LINK_PUBLIC gmssl)
set_target_properties (gmssl-bin PROPERTIES RUNTIME_OUTPUT_NAME gmssl)
enable_testing()
add_test(NAME sm4 COMMAND sm4test)
add_test(NAME sm3 COMMAND sm3test)
add_test(NAME sm2 COMMAND sm2test)
add_test(NAME sm9 COMMAND sm9test)
add_test(NAME zuc COMMAND zuctest)
add_test(NAME aes COMMAND aestest)
add_test(NAME sha224 COMMAND sha224test)
add_test(NAME sha256 COMMAND sha256test)
add_test(NAME sha384 COMMAND sha384test)
add_test(NAME sha512 COMMAND sha512test)
add_test(NAME chacha20 COMMAND chacha20test)
add_test(NAME des COMMAND destest)
add_test(NAME sha1 COMMAND sha1test)
add_test(NAME md5 COMMAND md5test)
add_test(NAME rc4 COMMAND rc4test)
add_test(NAME hash_drbg COMMAND hash_drbgtest)
add_test(NAME block_cipher COMMAND block_ciphertest)
add_test(NAME digest COMMAND digesttest)
add_test(NAME hmac COMMAND hmactest)
add_test(NAME hkdf COMMAND hkdftest)
add_test(NAME pbkdf2 COMMAND pbkdf2test)
add_test(NAME gf128 COMMAND gf128test)
add_test(NAME gcm COMMAND gcmtest)
add_test(NAME pkcs8 COMMAND pkcs8test)
add_test(NAME ec COMMAND ectest)
add_test(NAME asn1 COMMAND asn1test)
add_test(NAME hex COMMAND hextest)
add_test(NAME base64 COMMAND base64test)
add_test(NAME pem COMMAND pemtest)
add_test(NAME x509 COMMAND x509test)
add_test(NAME x509_oid COMMAND x509_oidtest)
add_test(NAME x509_alg COMMAND x509_algtest)
add_test(NAME x509_str COMMAND x509_strtest)
add_test(NAME x509_ext COMMAND x509_exttest)
add_test(NAME x509_req COMMAND x509_reqtest)
add_test(NAME x509_crl COMMAND x509_crltest)
add_test(NAME cms COMMAND cmstest)
add_test(NAME tls COMMAND tlstest)
add_test(NAME tls13 COMMAND tls13test)
add_executable(sm4test tests/sm4test.c)
target_link_libraries (sm4test LINK_PUBLIC gmssl)
add_executable(sm3test tests/sm3test.c)
target_link_libraries (sm3test LINK_PUBLIC gmssl)
add_executable(sm2test tests/sm2test.c)
target_link_libraries (sm2test LINK_PUBLIC gmssl)
add_executable(sm9test tests/sm9test.c)
target_link_libraries (sm9test LINK_PUBLIC gmssl)
add_executable(zuctest tests/zuctest.c)
target_link_libraries (zuctest LINK_PUBLIC gmssl)
add_executable(aestest tests/aestest.c)
target_link_libraries (aestest LINK_PUBLIC gmssl)
add_executable(sha224test tests/sha224test.c)
target_link_libraries (sha224test LINK_PUBLIC gmssl)
add_executable(sha256test tests/sha256test.c)
target_link_libraries (sha256test LINK_PUBLIC gmssl)
add_executable(sha384test tests/sha384test.c)
target_link_libraries (sha384test LINK_PUBLIC gmssl)
add_executable(sha512test tests/sha512test.c)
target_link_libraries (sha512test LINK_PUBLIC gmssl)
add_executable(chacha20test tests/chacha20test.c)
target_link_libraries (chacha20test LINK_PUBLIC gmssl)
add_executable(destest tests/destest.c)
target_link_libraries (destest LINK_PUBLIC gmssl)
add_executable(sha1test tests/sha1test.c)
target_link_libraries (sha1test LINK_PUBLIC gmssl)
add_executable(md5test tests/md5test.c)
target_link_libraries (md5test LINK_PUBLIC gmssl)
add_executable(rc4test tests/rc4test.c)
target_link_libraries (rc4test LINK_PUBLIC gmssl)
add_executable(hash_drbgtest tests/hash_drbgtest.c)
target_link_libraries (hash_drbgtest LINK_PUBLIC gmssl)
add_executable(block_ciphertest tests/block_ciphertest.c)
target_link_libraries (block_ciphertest LINK_PUBLIC gmssl)
add_executable(digesttest tests/digesttest.c)
target_link_libraries (digesttest LINK_PUBLIC gmssl)
add_executable(hmactest tests/hmactest.c)
target_link_libraries (hmactest LINK_PUBLIC gmssl)
add_executable(hkdftest tests/hkdftest.c)
target_link_libraries (hkdftest LINK_PUBLIC gmssl)
add_executable(pbkdf2test tests/pbkdf2test.c)
target_link_libraries (pbkdf2test LINK_PUBLIC gmssl)
add_executable(gf128test tests/gf128test.c)
target_link_libraries (gf128test LINK_PUBLIC gmssl)
add_executable(gcmtest tests/gcmtest.c)
target_link_libraries (gcmtest LINK_PUBLIC gmssl)
add_executable(pkcs8test tests/pkcs8test.c)
target_link_libraries (pkcs8test LINK_PUBLIC gmssl)
add_executable(ectest tests/ectest.c)
target_link_libraries (ectest LINK_PUBLIC gmssl)
add_executable(asn1test tests/asn1test.c)
target_link_libraries (asn1test LINK_PUBLIC gmssl)
add_executable(hextest tests/hextest.c)
target_link_libraries (hextest LINK_PUBLIC gmssl)
add_executable(base64test tests/base64test.c)
target_link_libraries (base64test LINK_PUBLIC gmssl)
add_executable(pemtest tests/pemtest.c)
target_link_libraries (pemtest LINK_PUBLIC gmssl)
add_executable(x509test tests/x509test.c)
target_link_libraries (x509test LINK_PUBLIC gmssl)
add_executable(x509_oidtest tests/x509_oidtest.c)
target_link_libraries (x509_oidtest LINK_PUBLIC gmssl)
add_executable(x509_algtest tests/x509_algtest.c)
target_link_libraries (x509_algtest LINK_PUBLIC gmssl)
add_executable(x509_strtest tests/x509_strtest.c)
target_link_libraries (x509_strtest LINK_PUBLIC gmssl)
add_executable(x509_exttest tests/x509_exttest.c)
target_link_libraries (x509_exttest LINK_PUBLIC gmssl)
add_executable(x509_reqtest tests/x509_reqtest.c)
target_link_libraries (x509_reqtest LINK_PUBLIC gmssl)
add_executable(x509_crltest tests/x509_crltest.c)
target_link_libraries (x509_crltest LINK_PUBLIC gmssl)
add_executable(cmstest tests/cmstest.c)
target_link_libraries (cmstest LINK_PUBLIC gmssl)
add_executable(tlstest tests/tlstest.c)
target_link_libraries (tlstest LINK_PUBLIC gmssl)
add_executable(tls13test tests/tls13test.c)
target_link_libraries (tls13test LINK_PUBLIC gmssl)
INSTALL(TARGETS gmssl ARCHIVE DESTINATION lib LIBRARY DESTINATION lib)
INSTALL(DIRECTORY ${CMAKE_SOURCE_DIR}/include/gmssl DESTINATION include)
INSTALL(TARGETS gmssl-bin RUNTIME DESTINATION bin)
cmake_minimum_required(VERSION 3.0)
project(GmSSL)
#set(CMAKE_MACOSX_RPATH 1)
SET(EXECUTABLE_OUTPUT_PATH ${PROJECT_BINARY_DIR}/bin)
SET(LIBRARY_OUTPUT_PATH ${PROJECT_BINARY_DIR}/lib)
if (CMAKE_VERSION VERSION_LESS "3.1")
if (CMAKE_C_COMPILER_ID STREQUAL "GNU")
set (CMAKE_C_FLAGS "-std=gnu99 ${CMAKE_C_FLAGS}")
endif ()
else ()
set (CMAKE_C_STANDARD 99)
endif ()
#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd -mrdseed")
include_directories(include)
add_library(
gmssl
SHARED
src/version.c
src/debug.c
src/sm4_common.c
src/sm4_enc.c
src/sm4_modes.c
src/sm4_setkey.c
src/sm3.c
src/sm3_hmac.c
src/sm3_kdf.c
src/sm2_alg.c
src/sm2_key.c
src/sm2_lib.c
src/sm9_alg.c
src/sm9_key.c
src/sm9_lib.c
src/zuc.c
src/zuc_modes.c
src/aes.c
src/aes_modes.c
src/sha256.c
src/sha512.c
src/chacha20.c
src/des.c
src/sha1.c
src/md5.c
src/rc4.c
src/rand.c
src/hash_drbg.c
# src/rdrand.c
src/block_cipher.c
src/digest.c
src/hmac.c
src/hkdf.c
src/pbkdf2.c
src/gf128.c
src/gcm.c
src/pkcs8.c
src/ec.c
src/rsa.c
src/asn1.c
src/hex.c
src/base64.c
src/pem.c
src/x509_oid.c
src/x509_alg.c
src/x509_str.c
src/x509_cer.c
src/x509_ext.c
src/x509_req.c
src/x509_crl.c
src/cms.c
src/sdf/sdf.c
src/sdf/sdf_lib.c
src/sdf/sdf_meth.c
src/sdf/sdf_ext.c
src/sdf/sdf_sansec.c
src/skf/skf.c
src/skf/skf_lib.c
src/skf/skf_meth.c
src/skf/skf_ext.c
src/skf/skf_prn.c
src/skf/skf_wisec.c
src/tls.c
src/tls_ext.c
src/tls_trace.c
src/tlcp.c
src/tls12.c
src/tls13.c
)
target_link_libraries(gmssl dl)
SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.0 SOVERSION 3)
add_library(sdf_dummy SHARED src/sdf/sdf_dummy.c)
SET_TARGET_PROPERTIES(sdf_dummy PROPERTIES VERSION 3.0 SOVERSION 3)
add_library(skf_dummy SHARED src/skf/skf_dummy.c)
SET_TARGET_PROPERTIES(skf_dummy PROPERTIES VERSION 3.0 SOVERSION 3)
add_executable(
gmssl-bin
tools/gmssl.c
tools/version.c
tools/sm4.c
tools/sm3.c
tools/sm3hmac.c
tools/sm2keygen.c
tools/sm2sign.c
tools/sm2verify.c
tools/sm2encrypt.c
tools/sm2decrypt.c
tools/sm9setup.c
tools/sm9keygen.c
tools/sm9sign.c
tools/sm9verify.c
tools/sm9encrypt.c
tools/sm9decrypt.c
tools/zuc.c
tools/rand.c
tools/pbkdf2.c
tools/certgen.c
tools/certparse.c
tools/certverify.c
tools/reqgen.c
tools/reqparse.c
tools/reqsign.c
tools/crlparse.c
tools/crlverify.c
tools/cmssign.c
tools/cmsverify.c
tools/cmsencrypt.c
tools/cmsdecrypt.c
tools/cmsparse.c
tools/sdfutil.c
tools/skfutil.c
tools/tlcp_client.c
tools/tlcp_server.c
tools/tls12_client.c
tools/tls12_server.c
tools/tls13_client.c
tools/tls13_server.c
)
target_link_libraries (gmssl-bin LINK_PUBLIC gmssl)
set_target_properties (gmssl-bin PROPERTIES RUNTIME_OUTPUT_NAME gmssl)
enable_testing()
add_test(NAME sm4 COMMAND sm4test)
add_test(NAME sm3 COMMAND sm3test)
add_test(NAME sm2 COMMAND sm2test)
add_test(NAME sm9 COMMAND sm9test)
add_test(NAME zuc COMMAND zuctest)
add_test(NAME aes COMMAND aestest)
add_test(NAME sha224 COMMAND sha224test)
add_test(NAME sha256 COMMAND sha256test)
add_test(NAME sha384 COMMAND sha384test)
add_test(NAME sha512 COMMAND sha512test)
add_test(NAME chacha20 COMMAND chacha20test)
add_test(NAME des COMMAND destest)
add_test(NAME sha1 COMMAND sha1test)
add_test(NAME md5 COMMAND md5test)
add_test(NAME rc4 COMMAND rc4test)
add_test(NAME hash_drbg COMMAND hash_drbgtest)
add_test(NAME block_cipher COMMAND block_ciphertest)
add_test(NAME digest COMMAND digesttest)
add_test(NAME hmac COMMAND hmactest)
add_test(NAME hkdf COMMAND hkdftest)
add_test(NAME pbkdf2 COMMAND pbkdf2test)
add_test(NAME gf128 COMMAND gf128test)
add_test(NAME gcm COMMAND gcmtest)
add_test(NAME pkcs8 COMMAND pkcs8test)
add_test(NAME ec COMMAND ectest)
add_test(NAME asn1 COMMAND asn1test)
add_test(NAME hex COMMAND hextest)
add_test(NAME base64 COMMAND base64test)
add_test(NAME pem COMMAND pemtest)
add_test(NAME x509 COMMAND x509test)
add_test(NAME x509_oid COMMAND x509_oidtest)
add_test(NAME x509_alg COMMAND x509_algtest)
add_test(NAME x509_str COMMAND x509_strtest)
add_test(NAME x509_ext COMMAND x509_exttest)
add_test(NAME x509_req COMMAND x509_reqtest)
add_test(NAME x509_crl COMMAND x509_crltest)
add_test(NAME cms COMMAND cmstest)
add_test(NAME tls COMMAND tlstest)
add_test(NAME tls13 COMMAND tls13test)
add_executable(sm4test tests/sm4test.c)
target_link_libraries (sm4test LINK_PUBLIC gmssl)
add_executable(sm3test tests/sm3test.c)
target_link_libraries (sm3test LINK_PUBLIC gmssl)
add_executable(sm2test tests/sm2test.c)
target_link_libraries (sm2test LINK_PUBLIC gmssl)
add_executable(sm9test tests/sm9test.c)
target_link_libraries (sm9test LINK_PUBLIC gmssl)
add_executable(zuctest tests/zuctest.c)
target_link_libraries (zuctest LINK_PUBLIC gmssl)
add_executable(aestest tests/aestest.c)
target_link_libraries (aestest LINK_PUBLIC gmssl)
add_executable(sha224test tests/sha224test.c)
target_link_libraries (sha224test LINK_PUBLIC gmssl)
add_executable(sha256test tests/sha256test.c)
target_link_libraries (sha256test LINK_PUBLIC gmssl)
add_executable(sha384test tests/sha384test.c)
target_link_libraries (sha384test LINK_PUBLIC gmssl)
add_executable(sha512test tests/sha512test.c)
target_link_libraries (sha512test LINK_PUBLIC gmssl)
add_executable(chacha20test tests/chacha20test.c)
target_link_libraries (chacha20test LINK_PUBLIC gmssl)
add_executable(destest tests/destest.c)
target_link_libraries (destest LINK_PUBLIC gmssl)
add_executable(sha1test tests/sha1test.c)
target_link_libraries (sha1test LINK_PUBLIC gmssl)
add_executable(md5test tests/md5test.c)
target_link_libraries (md5test LINK_PUBLIC gmssl)
add_executable(rc4test tests/rc4test.c)
target_link_libraries (rc4test LINK_PUBLIC gmssl)
add_executable(hash_drbgtest tests/hash_drbgtest.c)
target_link_libraries (hash_drbgtest LINK_PUBLIC gmssl)
add_executable(block_ciphertest tests/block_ciphertest.c)
target_link_libraries (block_ciphertest LINK_PUBLIC gmssl)
add_executable(digesttest tests/digesttest.c)
target_link_libraries (digesttest LINK_PUBLIC gmssl)
add_executable(hmactest tests/hmactest.c)
target_link_libraries (hmactest LINK_PUBLIC gmssl)
add_executable(hkdftest tests/hkdftest.c)
target_link_libraries (hkdftest LINK_PUBLIC gmssl)
add_executable(pbkdf2test tests/pbkdf2test.c)
target_link_libraries (pbkdf2test LINK_PUBLIC gmssl)
add_executable(gf128test tests/gf128test.c)
target_link_libraries (gf128test LINK_PUBLIC gmssl)
add_executable(gcmtest tests/gcmtest.c)
target_link_libraries (gcmtest LINK_PUBLIC gmssl)
add_executable(pkcs8test tests/pkcs8test.c)
target_link_libraries (pkcs8test LINK_PUBLIC gmssl)
add_executable(ectest tests/ectest.c)
target_link_libraries (ectest LINK_PUBLIC gmssl)
add_executable(asn1test tests/asn1test.c)
target_link_libraries (asn1test LINK_PUBLIC gmssl)
add_executable(hextest tests/hextest.c)
target_link_libraries (hextest LINK_PUBLIC gmssl)
add_executable(base64test tests/base64test.c)
target_link_libraries (base64test LINK_PUBLIC gmssl)
add_executable(pemtest tests/pemtest.c)
target_link_libraries (pemtest LINK_PUBLIC gmssl)
add_executable(x509test tests/x509test.c)
target_link_libraries (x509test LINK_PUBLIC gmssl)
add_executable(x509_oidtest tests/x509_oidtest.c)
target_link_libraries (x509_oidtest LINK_PUBLIC gmssl)
add_executable(x509_algtest tests/x509_algtest.c)
target_link_libraries (x509_algtest LINK_PUBLIC gmssl)
add_executable(x509_strtest tests/x509_strtest.c)
target_link_libraries (x509_strtest LINK_PUBLIC gmssl)
add_executable(x509_exttest tests/x509_exttest.c)
target_link_libraries (x509_exttest LINK_PUBLIC gmssl)
add_executable(x509_reqtest tests/x509_reqtest.c)
target_link_libraries (x509_reqtest LINK_PUBLIC gmssl)
add_executable(x509_crltest tests/x509_crltest.c)
target_link_libraries (x509_crltest LINK_PUBLIC gmssl)
add_executable(cmstest tests/cmstest.c)
target_link_libraries (cmstest LINK_PUBLIC gmssl)
add_executable(tlstest tests/tlstest.c)
target_link_libraries (tlstest LINK_PUBLIC gmssl)
add_executable(tls13test tests/tls13test.c)
target_link_libraries (tls13test LINK_PUBLIC gmssl)
INSTALL(TARGETS gmssl ARCHIVE DESTINATION lib LIBRARY DESTINATION lib)
INSTALL(DIRECTORY ${CMAKE_SOURCE_DIR}/include/gmssl DESTINATION include)
INSTALL(TARGETS gmssl-bin RUNTIME DESTINATION bin)

352
LICENSE
View File

@@ -1,176 +1,176 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS

110
README.md
View File

@@ -1,55 +1,55 @@
# GmSSL 3.0
[![CMake](https://github.com/guanzhi/GmSSL/workflows/CMake/badge.svg)](https://github.com/guanzhi/GmSSL/actions/workflows/cmake.yml)
GmSSL的2.x版本的开发始于2016年目前主分支在功能上实现了对主要国密算法、标准和协议的覆盖并成功应用于多种互联网场景中。但是随着GmSSL在物联网、区块链等新场景中的应用及在密码产品合规检测过程中的实践我们发现应用对GmSSL提出了一些新的需求。由于很难在基于OpenSSL的GmSSL 2.x版本上满足新需求因此我们重新设计了GmSSL的架构GmSSL也迎来第三个大版本——GmSSL 3.0。
## 主要特性
* 超轻量GmSSL 3.0大幅度降低了内存需求和二进制代码体积,不依赖动态内存,可以用于无操作系统的低功耗嵌入式环境(MCU、SOC等)开发者也可以更容易地将国密算法和SSL协议嵌入到现有的项目中。
* 更合规GmSSL 3.0 可以配置为仅包含国密算法和国密协议(TLCP协议)依赖GmSSL 的密码应用更容易满足密码产品型号检测的要求,避免由于混杂非国密算法、不安全算法等导致的安全问题和合规问题。
* 更安全TLS 1.3在安全性和通信延迟上相对之前的TLS协议有巨大的提升GmSSL 3.0支持TLS 1.3协议和RFC 8998的国密套件。GmSSL 3.0默认支持密钥的加密保护,提升了密码算法的抗侧信道攻击能力。
* 跨平台GmSSL 3.0更容易跨平台构建系统不再依赖Perl默认的CMake构建系统可以容易地和Visual Studio、Android NDK等默认编译工具配合使用开发者也可以手工编写Makefile在特殊环境中编译、剪裁。
## 编译与安装
GmSSL 3.0 采用了cmake构建系统。下载源代码后将其解压缩进入源码目录执行
```bash
mkdir build
cd build
cmake ..
make
make test
sudo make install
```
## 主要功能
### 密码算法
* 分组密码SM4 (CBC/CTR/GCM), AES (CBC/CTR/GCM)
* 序列密码ZUC/ZUC-256, ChaCha20, RC4
* 哈希函数: SM3, SHA-224/256/384/512, SHA-1, MD5
* 公钥密码SM2加密/签名, SM9加密/签名
* MAC算法HMAC, GHASH
* 密钥导出函数PBKDF2、HKDF
* 随机数生成器Intel RDRAND, HASH_DRBG (NIST.SP.800-90A)
### 证书和数字信封
* 数字证书X.509证书, CRL证书注销列表, CSR (PKCS #10) 证书签名请求
* 私钥加密基于SM4/SM3口令加密的PEM格式私钥 (PKCS #8)
* 数字信封SM2密码消息 (GM/T 0010-2012)
### SSL协议
* TLCP 1.1,支持密码套`TLS_ECC_SM4_CBC_SM3 {0xE0,0x13}` (GB/T 38636-2020、GM/T 0024-2014)
* TLS 1.2,支持密码套件`TLS_ECDHE_SM4_CBC_SM3 {0xE0,0x11}` (GB/T 38636-2020、GM/T 0024-2014)
* TLS 1.3,支持密码套件`TLS_SM4_GCM_SM3 {0x00,0xC6}` (RFC 8998)
## 典型应用
#### Nginx-with-GmSSL3.0
GmSSL支持Nginx的适配并提供了Docker实现具体参见[Nginx-with-GmSSL3.0](https://github.com/zhaoxiaomeng/Nginx-with-GmSSLv3) 项目。
# GmSSL 3.0
[![CMake](https://github.com/guanzhi/GmSSL/workflows/CMake/badge.svg)](https://github.com/guanzhi/GmSSL/actions/workflows/cmake.yml)
GmSSL的2.x版本的开发始于2016年目前主分支在功能上实现了对主要国密算法、标准和协议的覆盖并成功应用于多种互联网场景中。但是随着GmSSL在物联网、区块链等新场景中的应用及在密码产品合规检测过程中的实践我们发现应用对GmSSL提出了一些新的需求。由于很难在基于OpenSSL的GmSSL 2.x版本上满足新需求因此我们重新设计了GmSSL的架构GmSSL也迎来第三个大版本——GmSSL 3.0。
## 主要特性
* 超轻量GmSSL 3.0大幅度降低了内存需求和二进制代码体积,不依赖动态内存,可以用于无操作系统的低功耗嵌入式环境(MCU、SOC等)开发者也可以更容易地将国密算法和SSL协议嵌入到现有的项目中。
* 更合规GmSSL 3.0 可以配置为仅包含国密算法和国密协议(TLCP协议)依赖GmSSL 的密码应用更容易满足密码产品型号检测的要求,避免由于混杂非国密算法、不安全算法等导致的安全问题和合规问题。
* 更安全TLS 1.3在安全性和通信延迟上相对之前的TLS协议有巨大的提升GmSSL 3.0支持TLS 1.3协议和RFC 8998的国密套件。GmSSL 3.0默认支持密钥的加密保护,提升了密码算法的抗侧信道攻击能力。
* 跨平台GmSSL 3.0更容易跨平台构建系统不再依赖Perl默认的CMake构建系统可以容易地和Visual Studio、Android NDK等默认编译工具配合使用开发者也可以手工编写Makefile在特殊环境中编译、剪裁。
## 编译与安装
GmSSL 3.0 采用了cmake构建系统。下载源代码后将其解压缩进入源码目录执行
```bash
mkdir build
cd build
cmake ..
make
make test
sudo make install
```
## 主要功能
### 密码算法
* 分组密码SM4 (CBC/CTR/GCM), AES (CBC/CTR/GCM)
* 序列密码ZUC/ZUC-256, ChaCha20, RC4
* 哈希函数: SM3, SHA-224/256/384/512, SHA-1, MD5
* 公钥密码SM2加密/签名, SM9加密/签名
* MAC算法HMAC, GHASH
* 密钥导出函数PBKDF2、HKDF
* 随机数生成器Intel RDRAND, HASH_DRBG (NIST.SP.800-90A)
### 证书和数字信封
* 数字证书X.509证书, CRL证书注销列表, CSR (PKCS #10) 证书签名请求
* 私钥加密基于SM4/SM3口令加密的PEM格式私钥 (PKCS #8)
* 数字信封SM2密码消息 (GM/T 0010-2012)
### SSL协议
* TLCP 1.1,支持密码套`TLS_ECC_SM4_CBC_SM3 {0xE0,0x13}` (GB/T 38636-2020、GM/T 0024-2014)
* TLS 1.2,支持密码套件`TLS_ECDHE_SM4_CBC_SM3 {0xE0,0x11}` (GB/T 38636-2020、GM/T 0024-2014)
* TLS 1.3,支持密码套件`TLS_SM4_GCM_SM3 {0x00,0xC6}` (RFC 8998)
## 典型应用
#### Nginx-with-GmSSL3.0
GmSSL支持Nginx的适配并提供了Docker实现具体参见[Nginx-with-GmSSL3.0](https://github.com/zhaoxiaomeng/Nginx-with-GmSSLv3) 项目。

8
certs/README.md
View File

@@ -1,4 +1,4 @@
# 国密证书库
# 国密证书库

36
certs/ca/Ant Financial Certification Authority S1.pem
View File

@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIICzjCCAnKgAwIBAgIQZMsSZdRKbxEiVT+tvsQxfzAMBggqgRzPVQGDdQUAMC4x
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X
DTE4MDMwNTA3MDEwOFoXDTM4MDIyODA3MDEwOFowejELMAkGA1UEBhMCQ04xFjAU
BgNVBAoMDUFudCBGaW5hbmNpYWwxIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0
aG9yaXR5MTEwLwYDVQQDDChBbnQgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IFMxMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEGmfMCs2ZerI5lvrO
bxfY8HJyIcTwfMtXb3R1KgqJmUTmsdlb3g13lkvkp2GwqGOpptUOxE09hZAeF4tY
QzSkSaOCASIwggEeMB8GA1UdIwQYMBaAFEwysZfZMxvEpgXBxuWLYlvwl3ZYMA8G
A1UdEwEB/wQFMAMBAf8wgboGA1UdHwSBsjCBrzBBoD+gPaQ7MDkxCzAJBgNVBAYT
AkNOMQ4wDAYDVQQKDAVOUkNBQzEMMAoGA1UECwwDQVJMMQwwCgYDVQQDDANhcmww
KqAooCaGJGh0dHA6Ly93d3cucm9vdGNhLmdvdi5jbi9hcmwvYXJsLmNybDA+oDyg
OoY4bGRhcDovL2xkYXAucm9vdGNhLmdvdi5jbjozODkvQ049YXJsLE9VPUFSTCxP
PU5SQ0FDLEM9Q04wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ3NFyrGaAF5BAy
72g+BP4NTGdGEzAMBggqgRzPVQGDdQUAA0gAMEUCIQCXq5uO1PaKFI764ak1Ah5R
5vc7E6WGBsO7Jv8+GM8xFgIgbCi8GfqKKiAAhJ3grv5vbQy5kPeC5I/8X3igW4k5
1Tc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICzjCCAnKgAwIBAgIQZMsSZdRKbxEiVT+tvsQxfzAMBggqgRzPVQGDdQUAMC4x
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X
DTE4MDMwNTA3MDEwOFoXDTM4MDIyODA3MDEwOFowejELMAkGA1UEBhMCQ04xFjAU
BgNVBAoMDUFudCBGaW5hbmNpYWwxIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0
aG9yaXR5MTEwLwYDVQQDDChBbnQgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IFMxMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEGmfMCs2ZerI5lvrO
bxfY8HJyIcTwfMtXb3R1KgqJmUTmsdlb3g13lkvkp2GwqGOpptUOxE09hZAeF4tY
QzSkSaOCASIwggEeMB8GA1UdIwQYMBaAFEwysZfZMxvEpgXBxuWLYlvwl3ZYMA8G
A1UdEwEB/wQFMAMBAf8wgboGA1UdHwSBsjCBrzBBoD+gPaQ7MDkxCzAJBgNVBAYT
AkNOMQ4wDAYDVQQKDAVOUkNBQzEMMAoGA1UECwwDQVJMMQwwCgYDVQQDDANhcmww
KqAooCaGJGh0dHA6Ly93d3cucm9vdGNhLmdvdi5jbi9hcmwvYXJsLmNybDA+oDyg
OoY4bGRhcDovL2xkYXAucm9vdGNhLmdvdi5jbjozODkvQ049YXJsLE9VPUFSTCxP
PU5SQ0FDLEM9Q04wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ3NFyrGaAF5BAy
72g+BP4NTGdGEzAMBggqgRzPVQGDdQUAA0gAMEUCIQCXq5uO1PaKFI764ak1Ah5R
5vc7E6WGBsO7Jv8+GM8xFgIgbCi8GfqKKiAAhJ3grv5vbQy5kPeC5I/8X3igW4k5
1Tc=
-----END CERTIFICATE-----

36
certs/ca/TJCA.pem
View File

@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC7jCCApKgAwIBAgIQS66cxft/wk8MdWCL2qSImjAMBggqgRzPVQGDdQUAMDox
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEbMBkGA1UEAwwSQ2l2aWwgU2Vy
dmFudCBST09UMB4XDTE3MTIwNjAyNTczMFoXDTM3MTIwMTAyNTczMFowVjELMAkG
A1UEBhMCQ04xEjAQBgNVBAgMCeWkqea0peW4gjEkMCIGA1UECgwb5aSp5rSl5biC
55S15a2Q6K6k6K+B5Lit5b+DMQ0wCwYDVQQDDARUSkNBMFkwEwYHKoZIzj0CAQYI
KoEcz1UBgi0DQgAE2GJUeLtgaq271GSkgvmvBHJVxrg6K8Nx6AogQxNB/qoQjup4
YDw9odBrYiqdTbOgYL5I+iiPCXJg+6xKL3VA6aOCAVowggFWMB8GA1UdIwQYMBaA
FJ/cX1elCW5m8PJ1du0BYnAE/PpUMA8GA1UdEwEB/wQFMAMBAf8wgfIGA1UdHwSB
6jCB5zBPoE2gS6RJMEcxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEMMAoG
A1UECwwDQVJMMRowGAYDVQQDDBFDaXZpbF9TZXJ2YW50X0FSTDBGoESgQoZAaHR0
cDovL3d3dy5yb290Y2EuZ292LmNuL0NpdmlsX1NlcnZhbnRfYXJsL0NpdmlsX1Nl
cnZhbnRfQVJMLmNybDBMoEqgSIZGbGRhcDovL2xkYXAucm9vdGNhLmdvdi5jbjoz
OTAvQ049Q2l2aWxfU2VydmFudF9BUkwsT1U9QVJMLE89TlJDQUMsQz1DTjAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFE6BR1+l7EDGRDMxpkHLpByil04oMAwGCCqB
HM9VAYN1BQADSAAwRQIgC79X9bYZNHi88AOzS1mcL8iMOTnuOhISxkw6Hbou9bIC
IQCGFTlCuEYGX3Qc+HlufzqyKjyYyUCTb0FkfhOfhcEU+g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC7jCCApKgAwIBAgIQS66cxft/wk8MdWCL2qSImjAMBggqgRzPVQGDdQUAMDox
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEbMBkGA1UEAwwSQ2l2aWwgU2Vy
dmFudCBST09UMB4XDTE3MTIwNjAyNTczMFoXDTM3MTIwMTAyNTczMFowVjELMAkG
A1UEBhMCQ04xEjAQBgNVBAgMCeWkqea0peW4gjEkMCIGA1UECgwb5aSp5rSl5biC
55S15a2Q6K6k6K+B5Lit5b+DMQ0wCwYDVQQDDARUSkNBMFkwEwYHKoZIzj0CAQYI
KoEcz1UBgi0DQgAE2GJUeLtgaq271GSkgvmvBHJVxrg6K8Nx6AogQxNB/qoQjup4
YDw9odBrYiqdTbOgYL5I+iiPCXJg+6xKL3VA6aOCAVowggFWMB8GA1UdIwQYMBaA
FJ/cX1elCW5m8PJ1du0BYnAE/PpUMA8GA1UdEwEB/wQFMAMBAf8wgfIGA1UdHwSB
6jCB5zBPoE2gS6RJMEcxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEMMAoG
A1UECwwDQVJMMRowGAYDVQQDDBFDaXZpbF9TZXJ2YW50X0FSTDBGoESgQoZAaHR0
cDovL3d3dy5yb290Y2EuZ292LmNuL0NpdmlsX1NlcnZhbnRfYXJsL0NpdmlsX1Nl
cnZhbnRfQVJMLmNybDBMoEqgSIZGbGRhcDovL2xkYXAucm9vdGNhLmdvdi5jbjoz
OTAvQ049Q2l2aWxfU2VydmFudF9BUkwsT1U9QVJMLE89TlJDQUMsQz1DTjAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFE6BR1+l7EDGRDMxpkHLpByil04oMAwGCCqB
HM9VAYN1BQADSAAwRQIgC79X9bYZNHi88AOzS1mcL8iMOTnuOhISxkw6Hbou9bIC
IQCGFTlCuEYGX3Qc+HlufzqyKjyYyUCTb0FkfhOfhcEU+g==
-----END CERTIFICATE-----

32
certs/ca/Taier CA.pem
View File

@@ -1,16 +1,16 @@
-----BEGIN CERTIFICATE-----
MIIChDCCAiigAwIBAgIQLXrZ9QK+bZE4WSoVyuo7GzAMBggqgRzPVQGDdQUAMC4x
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X
DTE2MDcxMzA4MjQ1NFoXDTM2MDcwODA4MjQ1NFowMDELMAkGA1UEBhMCQ04xDjAM
BgNVBAoMBUNBSUNUMREwDwYDVQQDDAhUYWllciBDQTBZMBMGByqGSM49AgEGCCqB
HM9VAYItA0IABAxbfsHfqwv8GmfhJYnj0R+fFFqkegyvdZgzRtnnnEDmoy4GNwQa
kVNElUTsMFIJDOEbXTfYazvOghVNsR1UFRujggEiMIIBHjAfBgNVHSMEGDAWgBRM
MrGX2TMbxKYFwcbli2Jb8Jd2WDAPBgNVHRMBAf8EBTADAQH/MIG6BgNVHR8EgbIw
ga8wQaA/oD2kOzA5MQswCQYDVQQGEwJDTjEOMAwGA1UECgwFTlJDQUMxDDAKBgNV
BAsMA0FSTDEMMAoGA1UEAwwDYXJsMCqgKKAmhiRodHRwOi8vd3d3LnJvb3RjYS5n
b3YuY24vYXJsL2FybC5jcmwwPqA8oDqGOGxkYXA6Ly9sZGFwLnJvb3RjYS5nb3Yu
Y246Mzg5L0NOPWFybCxPVT1BUkwsTz1OUkNBQyxDPUNOMA4GA1UdDwEB/wQEAwIB
BjAdBgNVHQ4EFgQUi2kQa6VC3y6m96DZs4ykCLs9UDkwDAYIKoEcz1UBg3UFAANI
ADBFAiAnOTxqRKjk7+RlMuu6dRIoncmZPPkmVytXeGkvxmN8zAIhAI4zYqRtqy4e
754IdYX8fZDRQi9Mf2ZIkEEgIy9o1+Gf
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIChDCCAiigAwIBAgIQLXrZ9QK+bZE4WSoVyuo7GzAMBggqgRzPVQGDdQUAMC4x
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X
DTE2MDcxMzA4MjQ1NFoXDTM2MDcwODA4MjQ1NFowMDELMAkGA1UEBhMCQ04xDjAM
BgNVBAoMBUNBSUNUMREwDwYDVQQDDAhUYWllciBDQTBZMBMGByqGSM49AgEGCCqB
HM9VAYItA0IABAxbfsHfqwv8GmfhJYnj0R+fFFqkegyvdZgzRtnnnEDmoy4GNwQa
kVNElUTsMFIJDOEbXTfYazvOghVNsR1UFRujggEiMIIBHjAfBgNVHSMEGDAWgBRM
MrGX2TMbxKYFwcbli2Jb8Jd2WDAPBgNVHRMBAf8EBTADAQH/MIG6BgNVHR8EgbIw
ga8wQaA/oD2kOzA5MQswCQYDVQQGEwJDTjEOMAwGA1UECgwFTlJDQUMxDDAKBgNV
BAsMA0FSTDEMMAoGA1UEAwwDYXJsMCqgKKAmhiRodHRwOi8vd3d3LnJvb3RjYS5n
b3YuY24vYXJsL2FybC5jcmwwPqA8oDqGOGxkYXA6Ly9sZGFwLnJvb3RjYS5nb3Yu
Y246Mzg5L0NOPWFybCxPVT1BUkwsTz1OUkNBQyxDPUNOMA4GA1UdDwEB/wQEAwIB
BjAdBgNVHQ4EFgQUi2kQa6VC3y6m96DZs4ykCLs9UDkwDAYIKoEcz1UBg3UFAANI
ADBFAiAnOTxqRKjk7+RlMuu6dRIoncmZPPkmVytXeGkvxmN8zAIhAI4zYqRtqy4e
754IdYX8fZDRQi9Mf2ZIkEEgIy9o1+Gf
-----END CERTIFICATE-----

24
certs/rootca/Civil Servant ROOT.pem
View File

@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIB0jCCAXegAwIBAgIQEdZMMEt/UB6aBlClCPrHdDAMBggqgRzPVQGDdQUAMDox
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEbMBkGA1UEAwwSQ2l2aWwgU2Vy
dmFudCBST09UMB4XDTE0MDcxNTA2NDg1NloXDTQ0MDcwNzA2NDg1NlowOjELMAkG
A1UEBhMCQ04xDjAMBgNVBAoMBU5SQ0FDMRswGQYDVQQDDBJDaXZpbCBTZXJ2YW50
IFJPT1QwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAR1whSysIMDakj11nL+KgJ1
J+HtXJU2D/EhV+QC1b+/yDXWdcZay7X79wC/g4vJdUIAdyZfLVy3lYYFc3aJ2smr
o10wWzAfBgNVHSMEGDAWgBSf3F9XpQluZvDydXbtAWJwBPz6VDAMBgNVHRMEBTAD
AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUn9xfV6UJbmbw8nV27QFicAT8+lQw
DAYIKoEcz1UBg3UFAANHADBEAiAkrV4rtXx+4fdJBIVSxHFKh2znz2vnSgk/eBIl
gNQK7AIgNVusahBBOxafSdIB1cX8zJCnq+OcCNLRezYSbXQ45Jg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB0jCCAXegAwIBAgIQEdZMMEt/UB6aBlClCPrHdDAMBggqgRzPVQGDdQUAMDox
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEbMBkGA1UEAwwSQ2l2aWwgU2Vy
dmFudCBST09UMB4XDTE0MDcxNTA2NDg1NloXDTQ0MDcwNzA2NDg1NlowOjELMAkG
A1UEBhMCQ04xDjAMBgNVBAoMBU5SQ0FDMRswGQYDVQQDDBJDaXZpbCBTZXJ2YW50
IFJPT1QwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAR1whSysIMDakj11nL+KgJ1
J+HtXJU2D/EhV+QC1b+/yDXWdcZay7X79wC/g4vJdUIAdyZfLVy3lYYFc3aJ2smr
o10wWzAfBgNVHSMEGDAWgBSf3F9XpQluZvDydXbtAWJwBPz6VDAMBgNVHRMEBTAD
AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUn9xfV6UJbmbw8nV27QFicAT8+lQw
DAYIKoEcz1UBg3UFAANHADBEAiAkrV4rtXx+4fdJBIVSxHFKh2znz2vnSgk/eBIl
gNQK7AIgNVusahBBOxafSdIB1cX8zJCnq+OcCNLRezYSbXQ45Jg=
-----END CERTIFICATE-----

24
certs/rootca/Device ROOT.pem
View File

@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBxjCCAWmgAwIBAgIQVWEAYiD7bkTypcG5eLcUIzAMBggqgRzPVQGDdQUAMDMx
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEUMBIGA1UEAwwLRGV2aWNlIFJP
T1QwHhcNMTQwNzE1MDY0OTE0WhcNNDQwNzA3MDY0OTE0WjAzMQswCQYDVQQGEwJD
TjEOMAwGA1UECgwFTlJDQUMxFDASBgNVBAMMC0RldmljZSBST09UMFkwEwYHKoZI
zj0CAQYIKoEcz1UBgi0DQgAErrT3rKewd5fIH38K5dUcB6dxxYcFCqHlklxWnwiU
n39eP3O8D3h7gncGBJoxX5XToyqwy4saICZq3MEIBf6XKqNdMFswHwYDVR0jBBgw
FoAUodkX9LXKzt+c9s0ZP86nFwz5gPUwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
AQYwHQYDVR0OBBYEFKHZF/S1ys7fnPbNGT/OpxcM+YD1MAwGCCqBHM9VAYN1BQAD
SQAwRgIhAO6XHWXfSyMUt/fn6yB5vPH9bHofYkylecmwqbN7jNlBAiEA2b8vR1TR
u1rh597JnGgp8tdjAiBbPWYjHcJDRBGcljA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBxjCCAWmgAwIBAgIQVWEAYiD7bkTypcG5eLcUIzAMBggqgRzPVQGDdQUAMDMx
CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEUMBIGA1UEAwwLRGV2aWNlIFJP
T1QwHhcNMTQwNzE1MDY0OTE0WhcNNDQwNzA3MDY0OTE0WjAzMQswCQYDVQQGEwJD
TjEOMAwGA1UECgwFTlJDQUMxFDASBgNVBAMMC0RldmljZSBST09UMFkwEwYHKoZI
zj0CAQYIKoEcz1UBgi0DQgAErrT3rKewd5fIH38K5dUcB6dxxYcFCqHlklxWnwiU
n39eP3O8D3h7gncGBJoxX5XToyqwy4saICZq3MEIBf6XKqNdMFswHwYDVR0jBBgw
FoAUodkX9LXKzt+c9s0ZP86nFwz5gPUwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
AQYwHQYDVR0OBBYEFKHZF/S1ys7fnPbNGT/OpxcM+YD1MAwGCCqBHM9VAYN1BQAD
SQAwRgIhAO6XHWXfSyMUt/fn6yB5vPH9bHofYkylecmwqbN7jNlBAiEA2b8vR1TR
u1rh597JnGgp8tdjAiBbPWYjHcJDRBGcljA=
-----END CERTIFICATE-----

24
certs/rootca/ROOTCA.pem
View File

@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG
EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw
MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO
UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE
MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT
V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti
W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ
MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b
53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI
pDoiVhsLwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG
EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw
MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO
UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE
MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT
V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti
W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ
MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b
53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI
pDoiVhsLwg==
-----END CERTIFICATE-----

44
demos/cademo.sh
View File

@@ -1,22 +1,22 @@
#!/bin/bash
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem
#!/bin/bash
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem

68
demos/certdemo.sh
View File

@@ -1,34 +1,34 @@
#!/bin/bash
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem
cat signcert.pem > certs.pem
cat cacert.pem >> certs.pem
gmssl certverify -in certs.pem -cacert rootcacert.pem
cat signcert.pem > dbl_certs.pem
cat enccert.pem >> dbl_certs.pem
cat cacert.pem >> dbl_certs.pem
gmssl certverify -double_certs -in dbl_certs.pem -cacert rootcacert.pem
#!/bin/bash
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem
cat signcert.pem > certs.pem
cat cacert.pem >> certs.pem
gmssl certverify -in certs.pem -cacert rootcacert.pem
cat signcert.pem > dbl_certs.pem
cat enccert.pem >> dbl_certs.pem
cat cacert.pem >> dbl_certs.pem
gmssl certverify -double_certs -in dbl_certs.pem -cacert rootcacert.pem

34
demos/cmsdemo.sh
View File

@@ -1,17 +1,17 @@
#!/bin/bash
gmssl sm2keygen -pass 1234 -out key.pem -pubout keypub.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key_usage dataEncipherment -days 365 -key key.pem -pass 1234 -out cert.pem
echo "<html>The plaintext message.</html>" > plain.txt
gmssl cmsencrypt -in plain.txt -rcptcert cert.pem -out enveloped_data.pem
gmssl cmsparse -in enveloped_data.pem
gmssl cmsdecrypt -key key.pem -pass 1234 -cert cert.pem -in enveloped_data.pem
gmssl cmssign -key key.pem -pass 1234 -cert cert.pem -in plain.txt -out signed_data.pem
gmssl cmsparse -in signed_data.pem
gmssl cmsverify -in signed_data.pem -out signed_data.txt
cat signed_data.txt
#!/bin/bash
gmssl sm2keygen -pass 1234 -out key.pem -pubout keypub.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key_usage dataEncipherment -days 365 -key key.pem -pass 1234 -out cert.pem
echo "<html>The plaintext message.</html>" > plain.txt
gmssl cmsencrypt -in plain.txt -rcptcert cert.pem -out enveloped_data.pem
gmssl cmsparse -in enveloped_data.pem
gmssl cmsdecrypt -key key.pem -pass 1234 -cert cert.pem -in enveloped_data.pem
gmssl cmssign -key key.pem -pass 1234 -cert cert.pem -in plain.txt -out signed_data.pem
gmssl cmsparse -in signed_data.pem
gmssl cmsverify -in signed_data.pem -out signed_data.txt
cat signed_data.txt

10
demos/pbkdf2demo.sh
View File

@@ -1,5 +1,5 @@
#!/bin/bash
gmssl pbkdf2 -pass 1234 -salt 1122334455667788 -iter 60000 -outlen 16
#!/bin/bash
gmssl pbkdf2 -pass 1234 -salt 1122334455667788 -iter 60000 -outlen 16

38
demos/reqdemo.sh
View File

@@ -1,19 +1,19 @@
#!/bin/bash -x
# generate self-signed CA certificate
gmssl sm2keygen -pass 1234 -out cakey.pem -pubout pubkey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN CA -days 365 -key cakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
# generate a req and sign by CA certificate
gmssl sm2keygen -pass 1234 -out signkey.pem -pubout pubkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
# sign a encryption certificate with the same DN, different KeyUsage extension
gmssl sm2keygen -pass 1234 -out enckey.pem -pubout pubkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem
#!/bin/bash -x
# generate self-signed CA certificate
gmssl sm2keygen -pass 1234 -out cakey.pem -pubout pubkey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN CA -days 365 -key cakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
# generate a req and sign by CA certificate
gmssl sm2keygen -pass 1234 -out signkey.pem -pubout pubkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
# sign a encryption certificate with the same DN, different KeyUsage extension
gmssl sm2keygen -pass 1234 -out enckey.pem -pubout pubkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem

36
demos/sm2/Makefile
View File

@@ -1,18 +1,18 @@
all:
cc sm2_keygen_demo.c -lgmssl -o sm2_keygen_demo
cc sm2_private_key_demo.c -lgmssl -o sm2_private_key_demo
cc sm2_private_key_parse_demo.c -lgmssl -o sm2_private_key_parse_demo
cc sm2_public_key_demo.c -lgmssl -o sm2_public_key_demo
cc sm2_sign_demo.c -lgmssl -o sm2_sign_demo
cc sm2_sign_ctx_demo.c -lgmssl -o sm2_sign_ctx_demo
cc sm2_encrypt_demo.c -lgmssl -o sm2_encrypt_demo
clear:
rm -fr sm2_keygen_demo
rm -fr sm2_private_key_demo
rm -fr sm2_private_key_parse_demo
rm -fr sm2_public_key_demo
rm -fr sm2_sign_demo
rm -fr sm2_sign_ctx_demo
rm -fr sm2_encrypt_demo
all:
cc sm2_keygen_demo.c -lgmssl -o sm2_keygen_demo
cc sm2_private_key_demo.c -lgmssl -o sm2_private_key_demo
cc sm2_private_key_parse_demo.c -lgmssl -o sm2_private_key_parse_demo
cc sm2_public_key_demo.c -lgmssl -o sm2_public_key_demo
cc sm2_sign_demo.c -lgmssl -o sm2_sign_demo
cc sm2_sign_ctx_demo.c -lgmssl -o sm2_sign_ctx_demo
cc sm2_encrypt_demo.c -lgmssl -o sm2_encrypt_demo
clear:
rm -fr sm2_keygen_demo
rm -fr sm2_private_key_demo
rm -fr sm2_private_key_parse_demo
rm -fr sm2_public_key_demo
rm -fr sm2_sign_demo
rm -fr sm2_sign_ctx_demo
rm -fr sm2_encrypt_demo

63
demos/sm2/sm2_encrypt_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,33 +7,34 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/error.h>
int main(void)
{
SM2_KEY sm2_key;
SM2_KEY pub_key;
unsigned char plaintext[SM2_MAX_PLAINTEXT_SIZE];
unsigned char ciphertext[SM2_MAX_CIPHERTEXT_SIZE];
size_t len;
sm2_key_generate(&sm2_key);
memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
sm2_encrypt(&pub_key, (uint8_t *)"hello world", strlen("hello world"), ciphertext, &len);
format_bytes(stdout, 0, 0, "ciphertext", ciphertext, len);
if (sm2_decrypt(&sm2_key, ciphertext, len, plaintext, &len) != 1) {
fprintf(stderr, "error\n");
return 1;
}
plaintext[len] = 0;
printf("plaintext: %s\n", plaintext);
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/error.h>
int main(void)
{
SM2_KEY sm2_key;
SM2_KEY pub_key;
unsigned char plaintext[SM2_MAX_PLAINTEXT_SIZE];
unsigned char ciphertext[SM2_MAX_CIPHERTEXT_SIZE];
size_t len;
sm2_key_generate(&sm2_key);
memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
sm2_encrypt(&pub_key, (uint8_t *)"hello world", strlen("hello world"), ciphertext, &len);
format_bytes(stdout, 0, 0, "ciphertext", ciphertext, len);
if (sm2_decrypt(&sm2_key, ciphertext, len, plaintext, &len) != 1) {
fprintf(stderr, "error\n");
return 1;
}
plaintext[len] = 0;
printf("plaintext: %s\n", plaintext);
return 0;
}

41
demos/sm2/sm2_keygen_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,22 +7,23 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
int main(void)
{
SM2_KEY sm2_key;
if (sm2_key_generate(&sm2_key) != 1) {
fprintf(stderr, "error\n");
return 1;
}
sm2_key_print(stdout, 0, 0, "SM2PrivateKey", &sm2_key);
sm2_public_key_print(stdout, 0, 0, "SM2PublicKey", &sm2_key);
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
int main(void)
{
SM2_KEY sm2_key;
if (sm2_key_generate(&sm2_key) != 1) {
fprintf(stderr, "error\n");
return 1;
}
sm2_key_print(stdout, 0, 0, "SM2PrivateKey", &sm2_key);
sm2_public_key_print(stdout, 0, 0, "SM2PublicKey", &sm2_key);
return 0;
}

47
demos/sm2/sm2_private_key_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,25 +7,26 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
int main(void)
{
SM2_KEY sm2_key;
char *password = "123456";
if (sm2_key_generate(&sm2_key) != 1) {
fprintf(stderr, "error\n");
return 1;
}
if (sm2_private_key_info_encrypt_to_pem(&sm2_key, password, stdout) != 1) {
fprintf(stderr, "error\n");
return 1;
}
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
int main(void)
{
SM2_KEY sm2_key;
char *password = "123456";
if (sm2_key_generate(&sm2_key) != 1) {
fprintf(stderr, "error\n");
return 1;
}
if (sm2_private_key_info_encrypt_to_pem(&sm2_key, password, stdout) != 1) {
fprintf(stderr, "error\n");
return 1;
}
return 0;
}

67
demos/sm2/sm2_private_key_parse_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,35 +7,36 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/mem.h>
#include <gmssl/sm2.h>
int main(void)
{
SM2_KEY sm2_key;
char *password = "123456";
unsigned char buf[512];
unsigned char *p;
size_t len;
printf("Read SM2 private key file (PEM) from stdin ...\n");
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
fprintf(stderr, "error\n");
return 1;
}
p = buf;
len = 0;
if (sm2_private_key_to_der(&sm2_key, &p, &len) != 1) {
fprintf(stderr, "error\n");
return 1;
}
fwrite(buf, 1, len, stdout);
gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/mem.h>
#include <gmssl/sm2.h>
int main(void)
{
SM2_KEY sm2_key;
char *password = "123456";
unsigned char buf[512];
unsigned char *p;
size_t len;
printf("Read SM2 private key file (PEM) from stdin ...\n");
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
fprintf(stderr, "error\n");
return 1;
}
p = buf;
len = 0;
if (sm2_private_key_to_der(&sm2_key, &p, &len) != 1) {
fprintf(stderr, "error\n");
return 1;
}
fwrite(buf, 1, len, stdout);
gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
return 0;
}

51
demos/sm2/sm2_public_key_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,27 +7,28 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/mem.h>
#include <gmssl/sm2.h>
int main(void)
{
SM2_KEY sm2_key;
char *password = "123456";
printf("Read SM2 private key file (PEM) from stdin ...\n");
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
fprintf(stderr, "error\n");
return 1;
}
// openssl ec -pubin -in sm2pub.pem -text
sm2_public_key_info_to_pem(&sm2_key, stdout);
gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/mem.h>
#include <gmssl/sm2.h>
int main(void)
{
SM2_KEY sm2_key;
char *password = "123456";
printf("Read SM2 private key file (PEM) from stdin ...\n");
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
fprintf(stderr, "error\n");
return 1;
}
// openssl ec -pubin -in sm2pub.pem -text
sm2_public_key_info_to_pem(&sm2_key, stdout);
gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
return 0;
}

109
demos/sm2/sm2_sign_ctx_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,56 +7,57 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/error.h>
int main(void)
{
SM2_KEY sm2_key;
SM2_KEY pub_key;
SM2_SIGN_CTX sign_ctx;
unsigned char dgst[32];
unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen;
int ret;
sm2_key_generate(&sm2_key);
memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
// sign without signer ID (and Z value)
sm2_sign_init(&sign_ctx, &sm2_key, NULL, 0);
sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
sm2_sign_finish(&sign_ctx, sig, &siglen);
format_bytes(stdout, 0, 0, "signature", sig, siglen);
// digest and verify
sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
ret = sm2_verify(&pub_key, dgst, sig, siglen);
printf("verify result: %s\n", ret == 1 ? "success" : "failure");
// use verify update API
sm2_verify_init(&sign_ctx, &pub_key, NULL, 0);
sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
ret = sm2_verify_finish(&sign_ctx, sig, siglen);
printf("verify result: %s\n", ret == 1 ? "success" : "failure");
// sign use default signer ID
sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
sm2_sign_finish(&sign_ctx, sig, &siglen);
format_bytes(stdout, 0, 0, "signature", sig, siglen);
sm2_verify_init(&sign_ctx, &pub_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
ret = sm2_verify_finish(&sign_ctx, sig, siglen);
printf("verify result: %s\n", ret == 1 ? "success" : "failure");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/error.h>
int main(void)
{
SM2_KEY sm2_key;
SM2_KEY pub_key;
SM2_SIGN_CTX sign_ctx;
unsigned char dgst[32];
unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen;
int ret;
sm2_key_generate(&sm2_key);
memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
// sign without signer ID (and Z value)
sm2_sign_init(&sign_ctx, &sm2_key, NULL, 0);
sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
sm2_sign_finish(&sign_ctx, sig, &siglen);
format_bytes(stdout, 0, 0, "signature", sig, siglen);
// digest and verify
sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
ret = sm2_verify(&pub_key, dgst, sig, siglen);
printf("verify result: %s\n", ret == 1 ? "success" : "failure");
// use verify update API
sm2_verify_init(&sign_ctx, &pub_key, NULL, 0);
sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
ret = sm2_verify_finish(&sign_ctx, sig, siglen);
printf("verify result: %s\n", ret == 1 ? "success" : "failure");
// sign use default signer ID
sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
sm2_sign_finish(&sign_ctx, sig, &siglen);
format_bytes(stdout, 0, 0, "signature", sig, siglen);
sm2_verify_init(&sign_ctx, &pub_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
ret = sm2_verify_finish(&sign_ctx, sig, siglen);
printf("verify result: %s\n", ret == 1 ? "success" : "failure");
return 0;
}

71
demos/sm2/sm2_sign_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,37 +7,38 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/error.h>
int main(void)
{
SM2_KEY sm2_key;
SM2_KEY pub_key;
unsigned char dgst[32];
unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen;
int ret;
sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
format_bytes(stdout, 0, 0, "to be signed digest", dgst, sizeof(dgst));
sm2_key_generate(&sm2_key);
sm2_sign(&sm2_key, dgst, sig, &siglen);
format_bytes(stdout, 0, 0, "signature", sig, siglen);
memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
if ((ret = sm2_verify(&pub_key, dgst, sig, siglen)) != 1) {
fprintf(stderr, "verify failed\n");
} else {
printf("verify success\n");
}
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/error.h>
int main(void)
{
SM2_KEY sm2_key;
SM2_KEY pub_key;
unsigned char dgst[32];
unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen;
int ret;
sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
format_bytes(stdout, 0, 0, "to be signed digest", dgst, sizeof(dgst));
sm2_key_generate(&sm2_key);
sm2_sign(&sm2_key, dgst, sig, &siglen);
format_bytes(stdout, 0, 0, "signature", sig, siglen);
memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
if ((ret = sm2_verify(&pub_key, dgst, sig, siglen)) != 1) {
fprintf(stderr, "verify failed\n");
} else {
printf("verify success\n");
}
return 0;
}

69
demos/sm2/sm2keyparse.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,36 +7,37 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
int main(int argc, char **argv)
{
uint8_t buf[4096];
ssize_t len;
uint8_t dgst[32];
int i;
for (i = 0; i < sizeof(dgst); i++) {
printf("%02x", dgst[i]);
}
printf("\n");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
int main(int argc, char **argv)
{
uint8_t buf[4096];
ssize_t len;
uint8_t dgst[32];
int i;
for (i = 0; i < sizeof(dgst); i++) {
printf("%02x", dgst[i]);
}
printf("\n");
return 0;
}

20
demos/sm2demo.sh
View File

@@ -1,10 +1,10 @@
#!/bin/bash
gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
echo hello | gmssl sm2sign -key sm2.pem -pass 1234 -out sm2.sig #-id 1234567812345678
echo hello | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig -id 1234567812345678
echo hello | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der
gmssl sm2decrypt -key sm2.pem -pass 1234 -in sm2.der
#!/bin/bash
gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
echo hello | gmssl sm2sign -key sm2.pem -pass 1234 -out sm2.sig #-id 1234567812345678
echo hello | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig -id 1234567812345678
echo hello | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der
gmssl sm2decrypt -key sm2.pem -pass 1234 -in sm2.der

24
demos/sm3/CMakeLists.txt
View File

@@ -1,12 +1,12 @@
cmake_minimum_required(VERSION 3.0)
project(sm3demo)
include_directories(/usr/local/include)
link_directories(/usr/local/lib)
add_executable(sm3_demo sm3_demo.c)
add_executable(sm3_hmac_demo sm3_hmac_demo.c)
add_executable(sm3_kdf_demo sm3_kdf_demo.c)
target_link_libraries(sm3_demo gmssl)
target_link_libraries(sm3_hmac_demo gmssl)
target_link_libraries(sm3_kdf_demo gmssl)
cmake_minimum_required(VERSION 3.0)
project(sm3demo)
include_directories(/usr/local/include)
link_directories(/usr/local/lib)
add_executable(sm3_demo sm3_demo.c)
add_executable(sm3_hmac_demo sm3_hmac_demo.c)
add_executable(sm3_kdf_demo sm3_kdf_demo.c)
target_link_libraries(sm3_demo gmssl)
target_link_libraries(sm3_hmac_demo gmssl)
target_link_libraries(sm3_kdf_demo gmssl)

18
demos/sm3/Makefile
View File

@@ -1,9 +1,9 @@
all:
cc sm3_demo.c -lgmssl -o sm3_demo
cc sm3_hmac_demo.c -lgmssl -o sm3_hmac_demo
cc sm3_kdf_demo.c -lgmssl -o sm3_kdf_demo
clean:
rm -fr sm3_demo
rm -fr sm3_hmac_demo
rm -fr sm3_kdf_demo
all:
cc sm3_demo.c -lgmssl -o sm3_demo
cc sm3_hmac_demo.c -lgmssl -o sm3_hmac_demo
cc sm3_kdf_demo.c -lgmssl -o sm3_kdf_demo
clean:
rm -fr sm3_demo
rm -fr sm3_hmac_demo
rm -fr sm3_kdf_demo

57
demos/sm3/sm3_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,30 +7,31 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
int main(int argc, char **argv)
{
SM3_CTX sm3_ctx;
uint8_t buf[4096];
ssize_t len;
uint8_t dgst[32];
int i;
sm3_init(&sm3_ctx);
while ((len = fread(buf, 1, sizeof(buf), stdin)) > 0) {
sm3_update(&sm3_ctx, buf, len);
}
sm3_finish(&sm3_ctx, dgst);
for (i = 0; i < sizeof(dgst); i++) {
printf("%02x", dgst[i]);
}
printf("\n");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
int main(int argc, char **argv)
{
SM3_CTX sm3_ctx;
uint8_t buf[4096];
ssize_t len;
uint8_t dgst[32];
int i;
sm3_init(&sm3_ctx);
while ((len = fread(buf, 1, sizeof(buf), stdin)) > 0) {
sm3_update(&sm3_ctx, buf, len);
}
sm3_finish(&sm3_ctx, dgst);
for (i = 0; i < sizeof(dgst); i++) {
printf("%02x", dgst[i]);
}
printf("\n");
return 0;
}

87
demos/sm3/sm3_hmac_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,45 +7,46 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
int main(void)
{
SM3_HMAC_CTX hmac_ctx;
unsigned char key[16] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
};
unsigned char mbuf[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char hmac[32] = {0};
int i;
sm3_hmac_init(&hmac_ctx, key, sizeof(key));
sm3_hmac_update(&hmac_ctx, mbuf, sizeof(mbuf));
sm3_hmac_finish(&hmac_ctx, hmac);
printf("hmac: ");
for (i = 0; i < sizeof(hmac); i++) {
printf("%02X", hmac[i]);
}
printf("\n");
memset(hmac, 0, sizeof(hmac));
sm3_hmac(key, sizeof(key), mbuf, sizeof(mbuf), hmac);
printf("hmac: ");
for (i = 0; i < sizeof(hmac); i++) {
printf("%02X", hmac[i]);
}
printf("\n");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
int main(void)
{
SM3_HMAC_CTX hmac_ctx;
unsigned char key[16] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
};
unsigned char mbuf[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char hmac[32] = {0};
int i;
sm3_hmac_init(&hmac_ctx, key, sizeof(key));
sm3_hmac_update(&hmac_ctx, mbuf, sizeof(mbuf));
sm3_hmac_finish(&hmac_ctx, hmac);
printf("hmac: ");
for (i = 0; i < sizeof(hmac); i++) {
printf("%02X", hmac[i]);
}
printf("\n");
memset(hmac, 0, sizeof(hmac));
sm3_hmac(key, sizeof(key), mbuf, sizeof(mbuf), hmac);
printf("hmac: ");
for (i = 0; i < sizeof(hmac); i++) {
printf("%02X", hmac[i]);
}
printf("\n");
return 0;
}

59
demos/sm3/sm3_kdf_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,31 +7,32 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
int main(void)
{
SM3_KDF_CTX kdf_ctx;
unsigned char key[16] = {0};
unsigned char raw[32] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
int i;
sm3_kdf_init(&kdf_ctx, sizeof(key));
sm3_kdf_update(&kdf_ctx, raw, sizeof(raw));
sm3_kdf_finish(&kdf_ctx, key);
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
int main(void)
{
SM3_KDF_CTX kdf_ctx;
unsigned char key[16] = {0};
unsigned char raw[32] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
int i;
sm3_kdf_init(&kdf_ctx, sizeof(key));
sm3_kdf_update(&kdf_ctx, raw, sizeof(raw));
sm3_kdf_finish(&kdf_ctx, key);
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
return 0;
}

20
demos/sm3demo.sh
View File

@@ -1,10 +1,10 @@
#!/bin/bash
echo -n abc | gmssl sm3
gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
echo -n abc | gmssl sm3 -pubkey sm2pub.pem -id 1234567812345678
echo -n abc | gmssl sm3hmac -key 11223344556677881122334455667788
#!/bin/bash
echo -n abc | gmssl sm3
gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
echo -n abc | gmssl sm3 -pubkey sm2pub.pem -id 1234567812345678
echo -n abc | gmssl sm3hmac -key 11223344556677881122334455667788

44
demos/sm4/Makefile
View File

@@ -1,22 +1,22 @@
all:
cc sm4_demo.c -lgmssl -o sm4_demo
cc sm4_cbc_demo.c -lgmssl -o sm4_cbc_demo
cc sm4_cbc_padding_demo.c -lgmssl -o sm4_cbc_padding_demo
cc sm4_ctr_demo.c -lgmssl -o sm4_ctr_demo
cc sm4_gcm_demo.c -lgmssl -o sm4_gcm_demo
cc sm4_cbc_encrypt_update_demo.c -lgmssl -o sm4_cbc_encrypt_update_demo
cc sm4_cbc_decrypt_update_demo.c -lgmssl -o sm4_cbc_decrypt_update_demo
cc sm4_ctr_encrypt_update_demo.c -lgmssl -o sm4_ctr_encrypt_update_demo
cc sm4_ctr_encrypt_update_demo.c -lgmssl -o sm4_ctr_decrypt_update_demo
clean:
rm -fr sm4_demo
rm -fr sm4_cbc_demo
rm -fr sm4_cbc_padding_demo
rm -fr sm4_ctr_demo
rm -fr sm4_gcm_demo
rm -fr sm4_cbc_encrypt_update_demo
rm -fr sm4_cbc_decrypt_update_demo
rm -fr sm4_ctr_encrypt_update_demo
rm -fr sm4_ctr_decrypt_update_demo
all:
cc sm4_demo.c -lgmssl -o sm4_demo
cc sm4_cbc_demo.c -lgmssl -o sm4_cbc_demo
cc sm4_cbc_padding_demo.c -lgmssl -o sm4_cbc_padding_demo
cc sm4_ctr_demo.c -lgmssl -o sm4_ctr_demo
cc sm4_gcm_demo.c -lgmssl -o sm4_gcm_demo
cc sm4_cbc_encrypt_update_demo.c -lgmssl -o sm4_cbc_encrypt_update_demo
cc sm4_cbc_decrypt_update_demo.c -lgmssl -o sm4_cbc_decrypt_update_demo
cc sm4_ctr_encrypt_update_demo.c -lgmssl -o sm4_ctr_encrypt_update_demo
cc sm4_ctr_encrypt_update_demo.c -lgmssl -o sm4_ctr_decrypt_update_demo
clean:
rm -fr sm4_demo
rm -fr sm4_cbc_demo
rm -fr sm4_cbc_padding_demo
rm -fr sm4_ctr_demo
rm -fr sm4_gcm_demo
rm -fr sm4_cbc_encrypt_update_demo
rm -fr sm4_cbc_decrypt_update_demo
rm -fr sm4_ctr_encrypt_update_demo
rm -fr sm4_ctr_decrypt_update_demo

87
demos/sm4/sm4_cbc_decrypt_update_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,45 +7,46 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_CBC_CTX cbc_ctx;
unsigned char key[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char iv[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char inbuf[1024];
unsigned char outbuf[1024 + 32];
ssize_t inlen;
size_t outlen;
if (sm4_cbc_decrypt_init(&cbc_ctx, key, iv) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
if (sm4_cbc_decrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
}
if (sm4_cbc_decrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_CBC_CTX cbc_ctx;
unsigned char key[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char iv[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char inbuf[1024];
unsigned char outbuf[1024 + 32];
ssize_t inlen;
size_t outlen;
if (sm4_cbc_decrypt_init(&cbc_ctx, key, iv) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
if (sm4_cbc_decrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
}
if (sm4_cbc_decrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
return 0;
}

129
demos/sm4/sm4_cbc_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,66 +7,67 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16];
unsigned char iv[16];
unsigned char mbuf[32] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char cbuf[32] = {0};
unsigned char pbuf[32] = {0};
int i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("iv: ");
for (i = 0; i < sizeof(iv); i++) {
printf("%02X", iv[i]);
}
printf("\n");
printf("plaintext: ");
for (i = 0; i < sizeof(mbuf); i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
sm4_cbc_encrypt(&sm4_key, iv, mbuf, sizeof(mbuf)/SM4_BLOCK_SIZE, cbuf);
printf("ciphertext: ");
for (i = 0; i < sizeof(cbuf); i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
sm4_set_decrypt_key(&sm4_key, key);
sm4_cbc_decrypt(&sm4_key, iv, cbuf, sizeof(cbuf)/SM4_BLOCK_SIZE, pbuf);
printf("decrypted: ");
for (i = 0; i < sizeof(pbuf); i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16];
unsigned char iv[16];
unsigned char mbuf[32] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char cbuf[32] = {0};
unsigned char pbuf[32] = {0};
int i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("iv: ");
for (i = 0; i < sizeof(iv); i++) {
printf("%02X", iv[i]);
}
printf("\n");
printf("plaintext: ");
for (i = 0; i < sizeof(mbuf); i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
sm4_cbc_encrypt(&sm4_key, iv, mbuf, sizeof(mbuf)/SM4_BLOCK_SIZE, cbuf);
printf("ciphertext: ");
for (i = 0; i < sizeof(cbuf); i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
sm4_set_decrypt_key(&sm4_key, key);
sm4_cbc_decrypt(&sm4_key, iv, cbuf, sizeof(cbuf)/SM4_BLOCK_SIZE, pbuf);
printf("decrypted: ");
for (i = 0; i < sizeof(pbuf); i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}

87
demos/sm4/sm4_cbc_encrypt_update_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,45 +7,46 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_CBC_CTX cbc_ctx;
unsigned char key[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char iv[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char inbuf[1024];
unsigned char outbuf[1024 + 32];
ssize_t inlen;
size_t outlen;
if (sm4_cbc_encrypt_init(&cbc_ctx, key, iv) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
if (sm4_cbc_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
}
if (sm4_cbc_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_CBC_CTX cbc_ctx;
unsigned char key[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char iv[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char inbuf[1024];
unsigned char outbuf[1024 + 32];
ssize_t inlen;
size_t outlen;
if (sm4_cbc_encrypt_init(&cbc_ctx, key, iv) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
if (sm4_cbc_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
}
if (sm4_cbc_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
return 0;
}

195
demos/sm4/sm4_cbc_padding_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,99 +7,100 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16];
unsigned char iv[16];
unsigned char mbuf[32] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char cbuf[32] = {0};
unsigned char pbuf[32] = {0};
size_t mlen1 = 20, mlen2 = 16;
size_t clen1, clen2;
size_t plen1, plen2;
int i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("iv: ");
for (i = 0; i < sizeof(iv); i++) {
printf("%02X", iv[i]);
}
printf("\n");
printf("sm4_cbc_pading encrypt %zu bytes\n", mlen1);
printf("plaintext: ");
for (i = 0; i < mlen1; i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
sm4_cbc_padding_encrypt(&sm4_key, iv, mbuf, mlen1, cbuf, &clen1);
printf("ciphertext: ");
for (i = 0; i < clen1; i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
sm4_set_decrypt_key(&sm4_key, key);
sm4_cbc_padding_decrypt(&sm4_key, iv, cbuf, clen1, pbuf, &plen1);
printf("decrypted: ");
for (i = 0; i < plen1; i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
printf("sm4_cbc_pading encrypt %zu bytes\n", mlen2);
printf("plaintext: ");
for (i = 0; i < mlen2; i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
sm4_cbc_padding_encrypt(&sm4_key, iv, mbuf, mlen2, cbuf, &clen2);
printf("ciphertext: ");
for (i = 0; i < clen2; i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
sm4_set_decrypt_key(&sm4_key, key);
sm4_cbc_padding_decrypt(&sm4_key, iv, cbuf, clen2, pbuf, &plen2);
printf("decrypted: ");
for (i = 0; i < plen2; i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16];
unsigned char iv[16];
unsigned char mbuf[32] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char cbuf[32] = {0};
unsigned char pbuf[32] = {0};
size_t mlen1 = 20, mlen2 = 16;
size_t clen1, clen2;
size_t plen1, plen2;
int i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("iv: ");
for (i = 0; i < sizeof(iv); i++) {
printf("%02X", iv[i]);
}
printf("\n");
printf("sm4_cbc_pading encrypt %zu bytes\n", mlen1);
printf("plaintext: ");
for (i = 0; i < mlen1; i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
sm4_cbc_padding_encrypt(&sm4_key, iv, mbuf, mlen1, cbuf, &clen1);
printf("ciphertext: ");
for (i = 0; i < clen1; i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
sm4_set_decrypt_key(&sm4_key, key);
sm4_cbc_padding_decrypt(&sm4_key, iv, cbuf, clen1, pbuf, &plen1);
printf("decrypted: ");
for (i = 0; i < plen1; i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
printf("sm4_cbc_pading encrypt %zu bytes\n", mlen2);
printf("plaintext: ");
for (i = 0; i < mlen2; i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
sm4_cbc_padding_encrypt(&sm4_key, iv, mbuf, mlen2, cbuf, &clen2);
printf("ciphertext: ");
for (i = 0; i < clen2; i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
sm4_set_decrypt_key(&sm4_key, key);
sm4_cbc_padding_decrypt(&sm4_key, iv, cbuf, clen2, pbuf, &plen2);
printf("decrypted: ");
for (i = 0; i < plen2; i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}

137
demos/sm4/sm4_ctr_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,70 +7,71 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16];
unsigned char iv[16];
unsigned char ctr[16];
unsigned char mbuf[20] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,
};
unsigned char cbuf[20] = {0};
unsigned char pbuf[20] = {0};
int i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("ctr: ");
for (i = 0; i < sizeof(iv); i++) {
printf("%02X", iv[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
printf("sm4 ctr encrypt %zu bytes\n", sizeof(mbuf));
printf("plaintext: ");
for (i = 0; i < sizeof(mbuf); i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
memcpy(ctr, iv, 16);
sm4_ctr_encrypt(&sm4_key, ctr, mbuf, sizeof(mbuf), cbuf);
printf("ciphertext: ");
for (i = 0; i < sizeof(cbuf); i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
memcpy(ctr, iv, 16);
sm4_ctr_decrypt(&sm4_key, ctr, cbuf, sizeof(cbuf), pbuf);
printf("decrypted: ");
for (i = 0; i < sizeof(pbuf); i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16];
unsigned char iv[16];
unsigned char ctr[16];
unsigned char mbuf[20] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,
};
unsigned char cbuf[20] = {0};
unsigned char pbuf[20] = {0};
int i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("ctr: ");
for (i = 0; i < sizeof(iv); i++) {
printf("%02X", iv[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
printf("sm4 ctr encrypt %zu bytes\n", sizeof(mbuf));
printf("plaintext: ");
for (i = 0; i < sizeof(mbuf); i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
memcpy(ctr, iv, 16);
sm4_ctr_encrypt(&sm4_key, ctr, mbuf, sizeof(mbuf), cbuf);
printf("ciphertext: ");
for (i = 0; i < sizeof(cbuf); i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
memcpy(ctr, iv, 16);
sm4_ctr_decrypt(&sm4_key, ctr, cbuf, sizeof(cbuf), pbuf);
printf("decrypted: ");
for (i = 0; i < sizeof(pbuf); i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}

87
demos/sm4/sm4_ctr_encrypt_update_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,45 +7,46 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_CTR_CTX cbc_ctx;
unsigned char key[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char ctr[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char inbuf[1024];
unsigned char outbuf[1024 + 32];
ssize_t inlen;
size_t outlen;
if (sm4_ctr_encrypt_init(&cbc_ctx, key, ctr) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
if (sm4_ctr_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
}
if (sm4_ctr_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_CTR_CTX cbc_ctx;
unsigned char key[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char ctr[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char inbuf[1024];
unsigned char outbuf[1024 + 32];
ssize_t inlen;
size_t outlen;
if (sm4_ctr_encrypt_init(&cbc_ctx, key, ctr) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
if (sm4_ctr_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
}
if (sm4_ctr_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
return 0;
}

113
demos/sm4/sm4_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,58 +7,59 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
// sm4 demo1: encrypt and decrypt a block of message (16 bytes)
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
};
unsigned char mbuf[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char cbuf[16];
unsigned char pbuf[16];
int i;
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("plaintext: ");
for (i = 0; i < sizeof(mbuf); i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
sm4_encrypt(&sm4_key, mbuf, cbuf);
printf("ciphertext: ");
for (i = 0; i < sizeof(cbuf); i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
sm4_set_decrypt_key(&sm4_key, key);
sm4_decrypt(&sm4_key, cbuf, pbuf);
printf("decrypted: ");
for (i = 0; i < sizeof(pbuf); i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}
// sm4 demo1: encrypt and decrypt a block of message (16 bytes)
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
};
unsigned char mbuf[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char cbuf[16];
unsigned char pbuf[16];
int i;
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("plaintext: ");
for (i = 0; i < sizeof(mbuf); i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
sm4_encrypt(&sm4_key, mbuf, cbuf);
printf("ciphertext: ");
for (i = 0; i < sizeof(cbuf); i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
sm4_set_decrypt_key(&sm4_key, key);
sm4_decrypt(&sm4_key, cbuf, pbuf);
printf("decrypted: ");
for (i = 0; i < sizeof(pbuf); i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}

165
demos/sm4/sm4_gcm_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,84 +7,85 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16];
unsigned char iv[16];
unsigned char aad[20];
unsigned char mbuf[64] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,
};
unsigned char cbuf[64] = {0};
unsigned char pbuf[64] = {0};
unsigned char tag[16];
int i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("iv: ");
for (i = 0; i < sizeof(iv); i++) {
printf("%02X", iv[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
printf("sm4 gcm encrypt\n");
printf("auth-only data: ");
for (i = 0; i < sizeof(aad); i++) {
printf("%02X", aad[i]);
}
printf("\n");
printf("plaintext: ");
for (i = 0; i < sizeof(mbuf); i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_gcm_encrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), mbuf, sizeof(mbuf), cbuf, sizeof(tag), tag);
printf("ciphertext: ");
for (i = 0; i < sizeof(cbuf); i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
printf("mac-tag: ");
for (i = 0; i < sizeof(tag); i++) {
printf("%02X", tag[i]);
}
printf("\n");
if (sm4_gcm_decrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), cbuf, sizeof(mbuf), tag, sizeof(tag), pbuf) != 1) {
fprintf(stderr, "sm4 gcm decrypt failed\n");
return 1;
}
printf("decrypted: ");
for (i = 0; i < sizeof(pbuf); i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm4.h>
#include <gmssl/rand.h>
int main(void)
{
SM4_KEY sm4_key;
unsigned char key[16];
unsigned char iv[16];
unsigned char aad[20];
unsigned char mbuf[64] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,
};
unsigned char cbuf[64] = {0};
unsigned char pbuf[64] = {0};
unsigned char tag[16];
int i;
rand_bytes(key, sizeof(key));
rand_bytes(iv, sizeof(iv));
printf("key: ");
for (i = 0; i < sizeof(key); i++) {
printf("%02X", key[i]);
}
printf("\n");
printf("iv: ");
for (i = 0; i < sizeof(iv); i++) {
printf("%02X", iv[i]);
}
printf("\n");
sm4_set_encrypt_key(&sm4_key, key);
printf("sm4 gcm encrypt\n");
printf("auth-only data: ");
for (i = 0; i < sizeof(aad); i++) {
printf("%02X", aad[i]);
}
printf("\n");
printf("plaintext: ");
for (i = 0; i < sizeof(mbuf); i++) {
printf("%02X", mbuf[i]);
}
printf("\n");
sm4_gcm_encrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), mbuf, sizeof(mbuf), cbuf, sizeof(tag), tag);
printf("ciphertext: ");
for (i = 0; i < sizeof(cbuf); i++) {
printf("%02X", cbuf[i]);
}
printf("\n");
printf("mac-tag: ");
for (i = 0; i < sizeof(tag); i++) {
printf("%02X", tag[i]);
}
printf("\n");
if (sm4_gcm_decrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), cbuf, sizeof(mbuf), tag, sizeof(tag), pbuf) != 1) {
fprintf(stderr, "sm4 gcm decrypt failed\n");
return 1;
}
printf("decrypted: ");
for (i = 0; i < sizeof(pbuf); i++) {
printf("%02X", pbuf[i]);
}
printf("\n");
return 0;
}

24
demos/sm4demo.sh
View File

@@ -1,12 +1,12 @@
#!/bin/bash
KEY=11223344556677881122334455667788
IV=11223344556677881122334455667788
echo hello | gmssl sm4 -cbc -encrypt -key $KEY -iv $IV -out sm4.cbc
gmssl sm4 -cbc -decrypt -key $KEY -iv $IV -in sm4.cbc
echo hello | gmssl sm4 -ctr -encrypt -key $KEY -iv $IV -out sm4.ctr
gmssl sm4 -ctr -decrypt -key $KEY -iv $IV -in sm4.ctr
#!/bin/bash
KEY=11223344556677881122334455667788
IV=11223344556677881122334455667788
echo hello | gmssl sm4 -cbc -encrypt -key $KEY -iv $IV -out sm4.cbc
gmssl sm4 -cbc -decrypt -key $KEY -iv $IV -in sm4.cbc
echo hello | gmssl sm4 -ctr -encrypt -key $KEY -iv $IV -out sm4.ctr
gmssl sm4 -ctr -decrypt -key $KEY -iv $IV -in sm4.ctr

20
demos/sm9/Makefile
View File

@@ -1,10 +1,10 @@
all:
cc sm9_keygen_demo.c -lgmssl -o sm9_keygen_demo
cc sm9_sign_demo.c -lgmssl -o sm9_sign_demo
cc sm9_encrypt_demo.c -lgmssl -o sm9_encrypt_demo
clean:
rm -fr sm9_keygen_demo
rm -fr sm9_sign_demo
rm -fr sm9_encrypt_demo
all:
cc sm9_keygen_demo.c -lgmssl -o sm9_keygen_demo
cc sm9_sign_demo.c -lgmssl -o sm9_sign_demo
cc sm9_encrypt_demo.c -lgmssl -o sm9_encrypt_demo
clean:
rm -fr sm9_keygen_demo
rm -fr sm9_sign_demo
rm -fr sm9_encrypt_demo

79
demos/sm9/sm9_encrypt_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,41 +7,42 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm9.h>
#include <gmssl/error.h>
int main(void)
{
SM9_ENC_MASTER_KEY master;
SM9_ENC_MASTER_KEY master_public;
SM9_ENC_KEY key;
const char *id = "Alice";
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len;
char mbuf[256];
size_t mlen;
int ret;
sm9_enc_master_key_generate(&master);
sm9_enc_master_key_extract_key(&master, id, strlen(id), &key);
sm9_enc_master_public_key_to_der(&master, &p, &len);
sm9_enc_master_public_key_from_der(&master_public, &cp, &len);
sm9_encrypt(&master_public, id, strlen(id), (uint8_t *)"hello", strlen("hello"), buf, &len);
ret = sm9_decrypt(&key, id, strlen(id), buf, len, (uint8_t *)mbuf, &mlen);
if (ret != 1) {
fprintf(stderr, "decrypt failed\n");
return 1;
}
mbuf[mlen] = 0;
printf("decrypt result: %s\n", mbuf);
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm9.h>
#include <gmssl/error.h>
int main(void)
{
SM9_ENC_MASTER_KEY master;
SM9_ENC_MASTER_KEY master_public;
SM9_ENC_KEY key;
const char *id = "Alice";
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len;
char mbuf[256];
size_t mlen;
int ret;
sm9_enc_master_key_generate(&master);
sm9_enc_master_key_extract_key(&master, id, strlen(id), &key);
sm9_enc_master_public_key_to_der(&master, &p, &len);
sm9_enc_master_public_key_from_der(&master_public, &cp, &len);
sm9_encrypt(&master_public, id, strlen(id), (uint8_t *)"hello", strlen("hello"), buf, &len);
ret = sm9_decrypt(&key, id, strlen(id), buf, len, (uint8_t *)mbuf, &mlen);
if (ret != 1) {
fprintf(stderr, "decrypt failed\n");
return 1;
}
mbuf[mlen] = 0;
printf("decrypt result: %s\n", mbuf);
return 0;
}

55
demos/sm9/sm9_keygen_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,29 +7,30 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm9.h>
int main(void)
{
SM9_SIGN_MASTER_KEY sign_master;
SM9_SIGN_KEY sign_key;
sm9_sign_master_key_generate(&sign_master);
printf("SM9 Master Secret\n");
sm9_sign_master_key_info_encrypt_to_pem(&sign_master, "P@ssw0rd", stdout);
printf("SM9 Public Parameters\n");
sm9_sign_master_public_key_to_pem(&sign_master, stdout);
sm9_sign_master_key_extract_key(&sign_master, "alice", strlen("alice"), &sign_key);
printf("SM9 private key for ID '%s'\n", "alice");
sm9_sign_key_info_encrypt_to_pem(&sign_key, "123456", stdout);
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm9.h>
int main(void)
{
SM9_SIGN_MASTER_KEY sign_master;
SM9_SIGN_KEY sign_key;
sm9_sign_master_key_generate(&sign_master);
printf("SM9 Master Secret\n");
sm9_sign_master_key_info_encrypt_to_pem(&sign_master, "P@ssw0rd", stdout);
printf("SM9 Public Parameters\n");
sm9_sign_master_public_key_to_pem(&sign_master, stdout);
sm9_sign_master_key_extract_key(&sign_master, "alice", strlen("alice"), &sign_key);
printf("SM9 private key for ID '%s'\n", "alice");
sm9_sign_key_info_encrypt_to_pem(&sign_key, "123456", stdout);
return 0;
}

91
demos/sm9/sm9_sign_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,47 +7,48 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm9.h>
#include <gmssl/error.h>
int main(void)
{
SM9_SIGN_MASTER_KEY sign_master;
SM9_SIGN_MASTER_KEY sign_master_public;
SM9_SIGN_KEY sign_key;
SM9_SIGN_CTX sign_ctx;
const char *id = "Alice";
uint8_t sig[SM9_SIGNATURE_SIZE];
size_t siglen;
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len;
int ret;
sm9_sign_master_key_generate(&sign_master);
sm9_sign_master_key_extract_key(&sign_master, id, strlen(id), &sign_key);
sm9_sign_init(&sign_ctx);
sm9_sign_update(&sign_ctx, (uint8_t *)"hello world", strlen("hello world"));
sm9_sign_finish(&sign_ctx, &sign_key, sig, &siglen);
format_bytes(stdout, 0, 0, "signature", sig, siglen);
sm9_sign_master_public_key_to_der(&sign_master, &p, &len);
sm9_sign_master_public_key_from_der(&sign_master_public, &cp, &len);
sm9_verify_init(&sign_ctx);
sm9_verify_update(&sign_ctx, (uint8_t *)"hello world", strlen("hello world"));
ret = sm9_verify_finish(&sign_ctx, sig, siglen, &sign_master_public, id, strlen(id));
printf("verify %s\n", ret == 1 ? "success" : "failure");
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/sm9.h>
#include <gmssl/error.h>
int main(void)
{
SM9_SIGN_MASTER_KEY sign_master;
SM9_SIGN_MASTER_KEY sign_master_public;
SM9_SIGN_KEY sign_key;
SM9_SIGN_CTX sign_ctx;
const char *id = "Alice";
uint8_t sig[SM9_SIGNATURE_SIZE];
size_t siglen;
uint8_t buf[512];
uint8_t *p = buf;
const uint8_t *cp = buf;
size_t len;
int ret;
sm9_sign_master_key_generate(&sign_master);
sm9_sign_master_key_extract_key(&sign_master, id, strlen(id), &sign_key);
sm9_sign_init(&sign_ctx);
sm9_sign_update(&sign_ctx, (uint8_t *)"hello world", strlen("hello world"));
sm9_sign_finish(&sign_ctx, &sign_key, sig, &siglen);
format_bytes(stdout, 0, 0, "signature", sig, siglen);
sm9_sign_master_public_key_to_der(&sign_master, &p, &len);
sm9_sign_master_public_key_from_der(&sign_master_public, &cp, &len);
sm9_verify_init(&sign_ctx);
sm9_verify_update(&sign_ctx, (uint8_t *)"hello world", strlen("hello world"));
ret = sm9_verify_finish(&sign_ctx, sig, siglen, &sign_master_public, id, strlen(id));
printf("verify %s\n", ret == 1 ? "success" : "failure");
return 0;
}

24
demos/sm9demo.sh
View File

@@ -1,12 +1,12 @@
#!/bin/bash
gmssl sm9setup -alg sm9sign -pass 1234 -out sign_msk.pem -pubout sign_mpk.pem
gmssl sm9keygen -alg sm9sign -in sign_msk.pem -inpass 1234 -id alice -out alice.pem -outpass 1234
echo hello | gmssl sm9sign -key alice.pem -pass 1234 -out hello.sig
echo hello | gmssl sm9verify -pubmaster sign_mpk.pem -id alice -sig hello.sig
gmssl sm9setup -alg sm9encrypt -pass 1234 -out enc_msk.pem -pubout enc_mpk.pem
gmssl sm9keygen -alg sm9encrypt -in enc_msk.pem -inpass 1234 -id bob -out bob.pem -outpass 1234
echo hello | gmssl sm9encrypt -pubmaster enc_mpk.pem -id bob -out hello.der
gmssl sm9decrypt -key bob.pem -pass 1234 -id bob -in hello.der
#!/bin/bash
gmssl sm9setup -alg sm9sign -pass 1234 -out sign_msk.pem -pubout sign_mpk.pem
gmssl sm9keygen -alg sm9sign -in sign_msk.pem -inpass 1234 -id alice -out alice.pem -outpass 1234
echo hello | gmssl sm9sign -key alice.pem -pass 1234 -out hello.sig
echo hello | gmssl sm9verify -pubmaster sign_mpk.pem -id alice -sig hello.sig
gmssl sm9setup -alg sm9encrypt -pass 1234 -out enc_msk.pem -pubout enc_mpk.pem
gmssl sm9keygen -alg sm9encrypt -in enc_msk.pem -inpass 1234 -id bob -out bob.pem -outpass 1234
echo hello | gmssl sm9encrypt -pubmaster enc_mpk.pem -id bob -out hello.der
gmssl sm9decrypt -key bob.pem -pass 1234 -id bob -in hello.der

16
demos/tlcp/Makefile
View File

@@ -1,8 +1,8 @@
all:
cc tlcp_get.c url_parser.c -lgmssl -o tlcp_get
cc tlcp_post.c url_parser.c -lgmssl -o tlcp_post
clean:
rm -fr tlcp_get
rm -fr tlcp_post
all:
cc tlcp_get.c url_parser.c -lgmssl -o tlcp_get
cc tlcp_post.c url_parser.c -lgmssl -o tlcp_post
clean:
rm -fr tlcp_get
rm -fr tlcp_post

203
demos/tlcp/tlcp_get.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,103 +7,104 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <gmssl/tls.h>
#include <gmssl/error.h>
#include "url_parser.h"
int main(int argc, char *argv[])
{
int ret = -1;
char *prog = argv[0];
const int cipher = TLS_cipher_ecc_sm4_cbc_sm3;
URL_COMPONENTS *url;
struct hostent *hp;
int port = 443;
struct sockaddr_in server;
int sock;
TLS_CTX ctx;
TLS_CONNECT conn;
char request[1024];
uint8_t buf[16800];
char *p;
size_t len;
if (argc != 2) {
fprintf(stderr, "example: tlcp_get https://sm2only.ovssl.cn\n");
return 1;
}
if (!(url = parse_url(argv[1]))) {
fprintf(stderr, "parse url '%s' failure\n", argv[1]);
return 1;
}
if (!(hp = gethostbyname(url->host))) {
herror("tlcp_client: '-host' invalid");
goto end;
}
if (url->port != -1) {
port = url->port;
}
server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
server.sin_family = AF_INET;
server.sin_port = htons(port);
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("socket");
goto end;
}
if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
perror("connect");
goto end;
}
memset(&ctx, 0, sizeof(ctx));
memset(&conn, 0, sizeof(conn));
tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode);
tls_ctx_set_cipher_suites(&ctx, &cipher, 1);
tls_init(&conn, &ctx);
tls_set_socket(&conn, sock);
if (tls_do_handshake(&conn) != 1) {
fprintf(stderr, "%s: error\n", prog);
goto end;
}
snprintf(request, sizeof(request)-1, "GET %s HTTP/1.1\r\nHost: %s\r\n\r\n",
url->path ? url->path : "/",
url->host);
tls_send(&conn, (uint8_t *)request, strlen(request), &len);
if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) {
fprintf(stderr, "recv failure\n");
goto end;
}
buf[len] = 0;
p = strstr((char *)buf, "\r\n\r\n");
if (p) {
printf("%s", p + 4);
fflush(stdout);
}
end:
free_url_components(url);
close(sock);
tls_ctx_cleanup(&ctx);
tls_cleanup(&conn);
return 0;
}
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <gmssl/tls.h>
#include <gmssl/error.h>
#include "url_parser.h"
int main(int argc, char *argv[])
{
int ret = -1;
char *prog = argv[0];
const int cipher = TLS_cipher_ecc_sm4_cbc_sm3;
URL_COMPONENTS *url;
struct hostent *hp;
int port = 443;
struct sockaddr_in server;
int sock;
TLS_CTX ctx;
TLS_CONNECT conn;
char request[1024];
uint8_t buf[16800];
char *p;
size_t len;
if (argc != 2) {
fprintf(stderr, "example: tlcp_get https://sm2only.ovssl.cn\n");
return 1;
}
if (!(url = parse_url(argv[1]))) {
fprintf(stderr, "parse url '%s' failure\n", argv[1]);
return 1;
}
if (!(hp = gethostbyname(url->host))) {
herror("tlcp_client: '-host' invalid");
goto end;
}
if (url->port != -1) {
port = url->port;
}
server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
server.sin_family = AF_INET;
server.sin_port = htons(port);
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("socket");
goto end;
}
if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
perror("connect");
goto end;
}
memset(&ctx, 0, sizeof(ctx));
memset(&conn, 0, sizeof(conn));
tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode);
tls_ctx_set_cipher_suites(&ctx, &cipher, 1);
tls_init(&conn, &ctx);
tls_set_socket(&conn, sock);
if (tls_do_handshake(&conn) != 1) {
fprintf(stderr, "%s: error\n", prog);
goto end;
}
snprintf(request, sizeof(request)-1, "GET %s HTTP/1.1\r\nHost: %s\r\n\r\n",
url->path ? url->path : "/",
url->host);
tls_send(&conn, (uint8_t *)request, strlen(request), &len);
if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) {
fprintf(stderr, "recv failure\n");
goto end;
}
buf[len] = 0;
p = strstr((char *)buf, "\r\n\r\n");
if (p) {
printf("%s", p + 4);
fflush(stdout);
}
end:
free_url_components(url);
close(sock);
tls_ctx_cleanup(&ctx);
tls_cleanup(&conn);
return 0;
}

213
demos/tlcp/tlcp_post.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,108 +7,109 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <gmssl/tls.h>
#include <gmssl/error.h>
#include "url_parser.h"
int main(int argc, char *argv[])
{
int ret = -1;
char *prog = argv[0];
const int cipher = TLS_cipher_ecc_sm4_cbc_sm3;
URL_COMPONENTS *url;
struct hostent *hp;
int port = 443;
struct sockaddr_in server;
int sock;
TLS_CTX ctx;
TLS_CONNECT conn;
char request[1024];
uint8_t buf[16800];
char *p;
size_t len;
if (argc != 2) {
fprintf(stderr, "example: echo \"key=word\" | tlcp_post https://sm2only.ovssl.cn\n");
return 1;
}
if (!(url = parse_url(argv[1]))) {
fprintf(stderr, "parse url '%s' failure\n", argv[1]);
return 1;
}
if (!(hp = gethostbyname(url->host))) {
herror("tlcp_client: '-host' invalid");
goto end;
}
if (url->port != -1) {
port = url->port;
}
server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
server.sin_family = AF_INET;
server.sin_port = htons(port);
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("socket");
goto end;
}
if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
perror("connect");
goto end;
}
memset(&ctx, 0, sizeof(ctx));
memset(&conn, 0, sizeof(conn));
tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode);
tls_ctx_set_cipher_suites(&ctx, &cipher, 1);
tls_init(&conn, &ctx);
tls_set_socket(&conn, sock);
if (tls_do_handshake(&conn) != 1) {
fprintf(stderr, "%s: error\n", prog);
goto end;
}
snprintf(request, sizeof(request)-1, "POST %s HTTP/1.1\r\nHost: %s\r\n\r\n",
url->path ? url->path : "/",
url->host);
tls_send(&conn, (uint8_t *)request, strlen(request), &len);
len = fread(buf, 1, sizeof(buf), stdin);
if (len) {
tls_send(&conn, buf, len, &len);
}
if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) {
fprintf(stderr, "recv failure\n");
goto end;
}
buf[len] = 0;
p = strstr((char *)buf, "\r\n\r\n");
if (p) {
printf("%s", p + 4);
fflush(stdout);
}
end:
free_url_components(url);
close(sock);
tls_ctx_cleanup(&ctx);
tls_cleanup(&conn);
return 0;
}
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <gmssl/tls.h>
#include <gmssl/error.h>
#include "url_parser.h"
int main(int argc, char *argv[])
{
int ret = -1;
char *prog = argv[0];
const int cipher = TLS_cipher_ecc_sm4_cbc_sm3;
URL_COMPONENTS *url;
struct hostent *hp;
int port = 443;
struct sockaddr_in server;
int sock;
TLS_CTX ctx;
TLS_CONNECT conn;
char request[1024];
uint8_t buf[16800];
char *p;
size_t len;
if (argc != 2) {
fprintf(stderr, "example: echo \"key=word\" | tlcp_post https://sm2only.ovssl.cn\n");
return 1;
}
if (!(url = parse_url(argv[1]))) {
fprintf(stderr, "parse url '%s' failure\n", argv[1]);
return 1;
}
if (!(hp = gethostbyname(url->host))) {
herror("tlcp_client: '-host' invalid");
goto end;
}
if (url->port != -1) {
port = url->port;
}
server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
server.sin_family = AF_INET;
server.sin_port = htons(port);
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
perror("socket");
goto end;
}
if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
perror("connect");
goto end;
}
memset(&ctx, 0, sizeof(ctx));
memset(&conn, 0, sizeof(conn));
tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode);
tls_ctx_set_cipher_suites(&ctx, &cipher, 1);
tls_init(&conn, &ctx);
tls_set_socket(&conn, sock);
if (tls_do_handshake(&conn) != 1) {
fprintf(stderr, "%s: error\n", prog);
goto end;
}
snprintf(request, sizeof(request)-1, "POST %s HTTP/1.1\r\nHost: %s\r\n\r\n",
url->path ? url->path : "/",
url->host);
tls_send(&conn, (uint8_t *)request, strlen(request), &len);
len = fread(buf, 1, sizeof(buf), stdin);
if (len) {
tls_send(&conn, buf, len, &len);
}
if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) {
fprintf(stderr, "recv failure\n");
goto end;
}
buf[len] = 0;
p = strstr((char *)buf, "\r\n\r\n");
if (p) {
printf("%s", p + 4);
fflush(stdout);
}
end:
free_url_components(url);
close(sock);
tls_ctx_cleanup(&ctx);
tls_cleanup(&conn);
return 0;
}

817
demos/tlcp/url_parser.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,410 +7,411 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include "url_parser.h"
#include <errno.h>
#include <stdlib.h>
#include <string.h>
static const char *_strnstr(const char *s, size_t s_len, const char *needle)
{
const char *end = s + s_len;
size_t needle_len = strlen(needle);
const char *p;
p = s;
while (p < end - needle_len + 1) {
if (strncmp(p, needle, needle_len) == 0) {
return p;
}
p++;
}
return NULL;
}
static const char *find_chars(const char *s, size_t s_len, const char *chars)
{
const char *end = s + s_len;
size_t chars_n = strlen(chars);
const char *p;
int i;
p = s;
while (p < end) {
for (i = 0 ; i < chars_n ; i++) {
if (*p == chars[i]) {
return p;
}
}
p++;
}
return NULL;
}
static const char *find_chars_reverse(const char *s, size_t s_len, const char *chars)
{
const char *end = s + s_len;
size_t chars_n = strlen(chars);
const char *p;
int i;
p = end - 1;
while (p >= s) {
for (i = 0 ; i < chars_n ; i++) {
if (*p == chars[i]) {
return p;
}
}
p--;
}
return NULL;
}
static int is_alpha(char c)
{
if ((c >= 'a' && c <= 'z') ||
(c >= 'A' && c <= 'Z')) {
return 1;
}
return 0;
}
static int is_digit(char c)
{
if (c >= '0' && c <= '9') {
return 1;
}
return 0;
}
static int is_control(char c)
{
if ((c >= 0x00 && c <= 0x1f) ||
c == 0x7f) {
return 1;
}
return 0;
}
static const char *lookup_scheme(const char *s)
{
const char *p = s;
char c;
if (strlen(s) == 0) {
return NULL;
}
if (!is_alpha(*p)) {
return NULL;
}
p++;
while (*p != '\0') {
c = *p;
if (c == ':') {
return p;
}
if (!is_alpha(c) &&
!is_digit(c) &&
c != '+' &&
c != '-' &&
c != '.') {
return NULL;
}
p++;
}
return NULL;
}
static int parse_user_password(const char *s, size_t s_len, URL_COMPONENTS *c)
{
const char *end = s + s_len;
const char *found;
found = _strnstr(s, s_len, ":");
if (found) {
c->user = strndup(s, found - s);
if (c->user == NULL) {
return -1; /* ENOMEM */
}
c->password = strndup(found + 1, end - found - 1);
if (c->password == NULL) {
return -1; /* ENOMEM */
}
} else {
c->user = strndup(s, s_len);
if (c->user == NULL) {
return -1; /* ENOMEM */
}
}
return 0;
}
static int parse_authority(const char *s, size_t s_len, URL_COMPONENTS *c)
{
const char *end = s + s_len;
const char *p, *found, *host_start, *host_end;
int port;
c->port = -1;
if (s_len == 0) { /* empty authority */
return 0;
}
found = _strnstr(s, s_len, "@");
if (found) {
if (parse_user_password(s, found - s, c) == -1) {
return -1;
}
host_start = found + 1;
} else {
host_start = s;
}
if (*host_start == '[') {
/* IP-literal host */
if (find_chars(host_start + 1, end - host_start - 1, "[")) {
errno = EINVAL;
return -1;
}
host_end = find_chars(host_start + 1, end - host_start - 1, "]");
if (!host_end) {
errno = EINVAL;
return -1;
}
/* The next character of ']' is termination or ':'. */
if (host_end + 1 != end && host_end[1] != ':') {
errno = EINVAL;
return -1;
}
host_end++;
} else {
/* IPv4address / reg-name host */
host_end = find_chars_reverse(host_start, end - host_start, ":");
if (host_end == NULL) {
host_end = end;
}
if (find_chars(host_start, host_end - host_start, "[]")) {
errno = EINVAL;
return -1;
}
}
if (find_chars(host_start, host_end - host_start, " ")) {
errno = EINVAL;
return -1;
}
/* ASSERT: host_end == end or *host_end == ':' */
if (host_end == end) {
/* without port number */
if (host_start == end) { /* empty host */
errno = EINVAL;
return -1;
}
c->host = strndup(host_start, end - host_start);
if (c->host == NULL) {
return -1; /* ENOMEM */
}
return 0;
}
/* ASSERT: *host_end == ':' */
/* host and port */
if (host_start == host_end) { /* empty host */
errno = EINVAL;
return -1;
}
if (host_end + 1 < end) {
p = host_end + 1;
port = 0;
while (p < end) {
if (*p < '0' || *p > '9') {
errno = EINVAL;
return -1;
}
port = port * 10 + *p - '0';
if (port > 65535) {
errno = EINVAL;
return -1;
}
p++;
}
} else {
/* empty port number */
port = -1;
}
c->host = strndup(host_start, (size_t) (host_end - host_start));
if (c->host == NULL) {
return -1; /* ENOMEM */
}
c->port = port;
return 0;
}
URL_COMPONENTS *parse_url(const char *url)
{
URL_COMPONENTS *c;
const char *p;
const char *end = url + strlen(url);
const char *found;
size_t len;
for (p = url ; p < end ; p++) {
if (is_control(*p)) {
errno = EINVAL;
return NULL;
}
}
c = malloc(sizeof(URL_COMPONENTS));
if (!c) {
return NULL;
}
memset(c, 0, sizeof(URL_COMPONENTS));
c->port = -1;
p = url;
/* lookup scheme */
found = lookup_scheme(p);
if (found) {
c->scheme = strndup(url, (size_t) (found - p));
if (c->scheme == NULL) {
goto error;
}
p = found + 1; /* skip a colon */
if (p >= end) {
return c;
}
}
if (strlen(p) >= 2 &&
p[0] == '/' && p[1] == '/') {
/* authority */
p = p + 2;
found = find_chars(p, strlen(p), "/?#");
if (found == NULL) {
len = strlen(p);
} else {
len = (size_t) (found - p);
}
if (parse_authority(p, len, c) == -1) {
goto error; /* ENOMEM,EINVAL */
}
if (!found) {
return c;
}
p = found;
}
if (*p != '?' && *p != '#') {
/* path */
found = find_chars(p, strlen(p), "?#");
found = NULL;
if (found == NULL) {
c->path = strdup(p);
if (c->path == NULL) {
goto error;
}
} else
{
if (found != p) {
c->path = strndup(p, (size_t) (found - p));
if (c->path == NULL) {
goto error;
}
}
}
if (!found) {
return c;
}
p = found;
}
/* ASSERT: *p is '?' or '#' */
#if 0
if (*p == '?') {
/* query */
p = p + 1;
found = find_chars(p, strlen(p), "#");
if (found == NULL) {
c->query = strdup(p);
} else {
c->query = strndup(p, (size_t) (found - p));
}
if (c->query == NULL) {
goto error;
}
if (!found) {
return c;
}
p = found;
}
#endif
/* ASSERT: *p is '#' */
/* fragment */
p = p + 1;
c->fragment = strdup(p);
if (c->fragment == NULL) {
goto error;
}
return c;
error:
free(c);
return NULL;
}
void free_url_components(URL_COMPONENTS *c)
{
if (c->scheme) {
free(c->scheme);
}
if (c->user) {
free(c->user);
}
if (c->password) {
free(c->password);
}
if (c->host) {
free(c->host);
}
if (c->path) {
free(c->path);
}
if (c->query) {
free(c->query);
}
if (c->fragment) {
free(c->fragment);
}
free(c);
}
#include "url_parser.h"
#include <errno.h>
#include <stdlib.h>
#include <string.h>
static const char *_strnstr(const char *s, size_t s_len, const char *needle)
{
const char *end = s + s_len;
size_t needle_len = strlen(needle);
const char *p;
p = s;
while (p < end - needle_len + 1) {
if (strncmp(p, needle, needle_len) == 0) {
return p;
}
p++;
}
return NULL;
}
static const char *find_chars(const char *s, size_t s_len, const char *chars)
{
const char *end = s + s_len;
size_t chars_n = strlen(chars);
const char *p;
int i;
p = s;
while (p < end) {
for (i = 0 ; i < chars_n ; i++) {
if (*p == chars[i]) {
return p;
}
}
p++;
}
return NULL;
}
static const char *find_chars_reverse(const char *s, size_t s_len, const char *chars)
{
const char *end = s + s_len;
size_t chars_n = strlen(chars);
const char *p;
int i;
p = end - 1;
while (p >= s) {
for (i = 0 ; i < chars_n ; i++) {
if (*p == chars[i]) {
return p;
}
}
p--;
}
return NULL;
}
static int is_alpha(char c)
{
if ((c >= 'a' && c <= 'z') ||
(c >= 'A' && c <= 'Z')) {
return 1;
}
return 0;
}
static int is_digit(char c)
{
if (c >= '0' && c <= '9') {
return 1;
}
return 0;
}
static int is_control(char c)
{
if ((c >= 0x00 && c <= 0x1f) ||
c == 0x7f) {
return 1;
}
return 0;
}
static const char *lookup_scheme(const char *s)
{
const char *p = s;
char c;
if (strlen(s) == 0) {
return NULL;
}
if (!is_alpha(*p)) {
return NULL;
}
p++;
while (*p != '\0') {
c = *p;
if (c == ':') {
return p;
}
if (!is_alpha(c) &&
!is_digit(c) &&
c != '+' &&
c != '-' &&
c != '.') {
return NULL;
}
p++;
}
return NULL;
}
static int parse_user_password(const char *s, size_t s_len, URL_COMPONENTS *c)
{
const char *end = s + s_len;
const char *found;
found = _strnstr(s, s_len, ":");
if (found) {
c->user = strndup(s, found - s);
if (c->user == NULL) {
return -1; /* ENOMEM */
}
c->password = strndup(found + 1, end - found - 1);
if (c->password == NULL) {
return -1; /* ENOMEM */
}
} else {
c->user = strndup(s, s_len);
if (c->user == NULL) {
return -1; /* ENOMEM */
}
}
return 0;
}
static int parse_authority(const char *s, size_t s_len, URL_COMPONENTS *c)
{
const char *end = s + s_len;
const char *p, *found, *host_start, *host_end;
int port;
c->port = -1;
if (s_len == 0) { /* empty authority */
return 0;
}
found = _strnstr(s, s_len, "@");
if (found) {
if (parse_user_password(s, found - s, c) == -1) {
return -1;
}
host_start = found + 1;
} else {
host_start = s;
}
if (*host_start == '[') {
/* IP-literal host */
if (find_chars(host_start + 1, end - host_start - 1, "[")) {
errno = EINVAL;
return -1;
}
host_end = find_chars(host_start + 1, end - host_start - 1, "]");
if (!host_end) {
errno = EINVAL;
return -1;
}
/* The next character of ']' is termination or ':'. */
if (host_end + 1 != end && host_end[1] != ':') {
errno = EINVAL;
return -1;
}
host_end++;
} else {
/* IPv4address / reg-name host */
host_end = find_chars_reverse(host_start, end - host_start, ":");
if (host_end == NULL) {
host_end = end;
}
if (find_chars(host_start, host_end - host_start, "[]")) {
errno = EINVAL;
return -1;
}
}
if (find_chars(host_start, host_end - host_start, " ")) {
errno = EINVAL;
return -1;
}
/* ASSERT: host_end == end or *host_end == ':' */
if (host_end == end) {
/* without port number */
if (host_start == end) { /* empty host */
errno = EINVAL;
return -1;
}
c->host = strndup(host_start, end - host_start);
if (c->host == NULL) {
return -1; /* ENOMEM */
}
return 0;
}
/* ASSERT: *host_end == ':' */
/* host and port */
if (host_start == host_end) { /* empty host */
errno = EINVAL;
return -1;
}
if (host_end + 1 < end) {
p = host_end + 1;
port = 0;
while (p < end) {
if (*p < '0' || *p > '9') {
errno = EINVAL;
return -1;
}
port = port * 10 + *p - '0';
if (port > 65535) {
errno = EINVAL;
return -1;
}
p++;
}
} else {
/* empty port number */
port = -1;
}
c->host = strndup(host_start, (size_t) (host_end - host_start));
if (c->host == NULL) {
return -1; /* ENOMEM */
}
c->port = port;
return 0;
}
URL_COMPONENTS *parse_url(const char *url)
{
URL_COMPONENTS *c;
const char *p;
const char *end = url + strlen(url);
const char *found;
size_t len;
for (p = url ; p < end ; p++) {
if (is_control(*p)) {
errno = EINVAL;
return NULL;
}
}
c = malloc(sizeof(URL_COMPONENTS));
if (!c) {
return NULL;
}
memset(c, 0, sizeof(URL_COMPONENTS));
c->port = -1;
p = url;
/* lookup scheme */
found = lookup_scheme(p);
if (found) {
c->scheme = strndup(url, (size_t) (found - p));
if (c->scheme == NULL) {
goto error;
}
p = found + 1; /* skip a colon */
if (p >= end) {
return c;
}
}
if (strlen(p) >= 2 &&
p[0] == '/' && p[1] == '/') {
/* authority */
p = p + 2;
found = find_chars(p, strlen(p), "/?#");
if (found == NULL) {
len = strlen(p);
} else {
len = (size_t) (found - p);
}
if (parse_authority(p, len, c) == -1) {
goto error; /* ENOMEM,EINVAL */
}
if (!found) {
return c;
}
p = found;
}
if (*p != '?' && *p != '#') {
/* path */
found = find_chars(p, strlen(p), "?#");
found = NULL;
if (found == NULL) {
c->path = strdup(p);
if (c->path == NULL) {
goto error;
}
} else
{
if (found != p) {
c->path = strndup(p, (size_t) (found - p));
if (c->path == NULL) {
goto error;
}
}
}
if (!found) {
return c;
}
p = found;
}
/* ASSERT: *p is '?' or '#' */
#if 0
if (*p == '?') {
/* query */
p = p + 1;
found = find_chars(p, strlen(p), "#");
if (found == NULL) {
c->query = strdup(p);
} else {
c->query = strndup(p, (size_t) (found - p));
}
if (c->query == NULL) {
goto error;
}
if (!found) {
return c;
}
p = found;
}
#endif
/* ASSERT: *p is '#' */
/* fragment */
p = p + 1;
c->fragment = strdup(p);
if (c->fragment == NULL) {
goto error;
}
return c;
error:
free(c);
return NULL;
}
void free_url_components(URL_COMPONENTS *c)
{
if (c->scheme) {
free(c->scheme);
}
if (c->user) {
free(c->user);
}
if (c->password) {
free(c->password);
}
if (c->host) {
free(c->host);
}
if (c->path) {
free(c->path);
}
if (c->query) {
free(c->query);
}
if (c->fragment) {
free(c->fragment);
}
free(c);
}

45
demos/tlcp/url_parser.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,24 +7,25 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef URL_PARSER_H
#define URL_PARSER_H
#define URL_PARSER_VERSION 0x00000300 /* 0.0.3 */
typedef struct url_components {
char *scheme;
char *user;
char *password;
char *host;
int port;
char *path;
char *query;
char *fragment;
} URL_COMPONENTS;
extern URL_COMPONENTS *parse_url(const char *url);
extern void free_url_components(URL_COMPONENTS *c);
#endif
#ifndef URL_PARSER_H
#define URL_PARSER_H
#define URL_PARSER_VERSION 0x00000300 /* 0.0.3 */
typedef struct url_components {
char *scheme;
char *user;
char *password;
char *host;
int port;
char *path;
char *query;
char *fragment;
} URL_COMPONENTS;
extern URL_COMPONENTS *parse_url(const char *url);
extern void free_url_components(URL_COMPONENTS *c);
#endif

16
demos/tlcp_client.sh
View File

@@ -1,8 +1,8 @@
#!/bin/bash -x
# https://ebssec.boc.cn
gmssl tlcp_client -host 123.124.191.183
# https://zffw.jxzwfww.gov.cn
gmssl tlcp_client -host 218.87.21.62
#!/bin/bash -x
# https://ebssec.boc.cn
gmssl tlcp_client -host 123.124.191.183
# https://zffw.jxzwfww.gov.cn
gmssl tlcp_client -host 218.87.21.62

78
demos/tlcp_server.sh
View File

@@ -1,39 +1,39 @@
#!/bin/bash -x
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem
cat signcert.pem > double_certs.pem
cat enccert.pem >> double_certs.pem
cat cacert.pem >> double_certs.pem
sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem
# build and install BabaSSL 8.3.1
openssl version
openssl s_client -enable_ntls -ntls -connect localhost:443 -no_ticket -CAfile rootcacert.pem
#!/bin/bash -x
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem
cat signcert.pem > double_certs.pem
cat enccert.pem >> double_certs.pem
cat cacert.pem >> double_certs.pem
sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem
# build and install BabaSSL 8.3.1
openssl version
openssl s_client -enable_ntls -ntls -connect localhost:443 -no_ticket -CAfile rootcacert.pem

72
demos/tlcpdemo.sh
View File

@@ -1,36 +1,36 @@
#!/bin/bash -x
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem
cat signcert.pem > double_certs.pem
cat enccert.pem >> double_certs.pem
cat cacert.pem >> double_certs.pem
sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem
gmssl tlcp_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
#!/bin/bash -x
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem
cat signcert.pem > double_certs.pem
cat enccert.pem >> double_certs.pem
cat cacert.pem >> double_certs.pem
sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem
gmssl tlcp_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234

60
demos/tls12demo.sh
View File

@@ -1,30 +1,30 @@
#!/bin/bash -x
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
cat signcert.pem > certs.pem
cat cacert.pem >> certs.pem
sudo gmssl tls12_server -port 443 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem
gmssl tls12_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
#!/bin/bash -x
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
cat signcert.pem > certs.pem
cat cacert.pem >> certs.pem
sudo gmssl tls12_server -port 443 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem
gmssl tls12_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234

60
demos/tls13demo.sh
View File

@@ -1,30 +1,30 @@
#!/bin/bash -x
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
cat signcert.pem > certs.pem
cat cacert.pem >> certs.pem
sudo gmssl tls13_server -port 443 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem
gmssl tls13_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
#!/bin/bash -x
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem
cat signcert.pem > certs.pem
cat cacert.pem >> certs.pem
sudo gmssl tls13_server -port 443 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem 1>/dev/null 2>/dev/null &
sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem
gmssl tls13_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234

16
demos/zuc/Makefile
View File

@@ -1,8 +1,8 @@
all:
cc zuc_demo.c -lgmssl -o zuc_encrypt_demo
cc zuc_demo.c -lgmssl -o zuc_decrypt_demo
clean:
rm -fr zuc_encrypt_demo
rm -fr zuc_decrypt_demo
all:
cc zuc_demo.c -lgmssl -o zuc_encrypt_demo
cc zuc_demo.c -lgmssl -o zuc_decrypt_demo
clean:
rm -fr zuc_encrypt_demo
rm -fr zuc_decrypt_demo

85
demos/zuc/zuc_demo.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,44 +7,45 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/zuc.h>
int main(void)
{
ZUC_CTX zuc_ctx;
unsigned char key[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char iv[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char inbuf[1024];
unsigned char outbuf[1024 + 32];
ssize_t inlen;
size_t outlen;
if (zuc_encrypt_init(&zuc_ctx, key, iv) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
if (zuc_encrypt_update(&zuc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
}
if (zuc_encrypt_finish(&zuc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
return 0;
}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/zuc.h>
int main(void)
{
ZUC_CTX zuc_ctx;
unsigned char key[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char iv[16] = {
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
};
unsigned char inbuf[1024];
unsigned char outbuf[1024 + 32];
ssize_t inlen;
size_t outlen;
if (zuc_encrypt_init(&zuc_ctx, key, iv) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
if (zuc_encrypt_update(&zuc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
}
if (zuc_encrypt_finish(&zuc_ctx, outbuf, &outlen) != 1) {
fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
return 1;
}
fwrite(outbuf, 1, outlen, stdout);
return 0;
}

20
demos/zucdemo.sh
View File

@@ -1,10 +1,10 @@
#!/bin/bash
KEY=11223344556677881122334455667788
IV=11223344556677881122334455667788
echo hello | gmssl zuc -key $KEY -iv $IV -out zuc.bin
gmssl zuc -key $KEY -iv $IV -in zuc.bin
#!/bin/bash
KEY=11223344556677881122334455667788
IV=11223344556677881122334455667788
echo hello | gmssl zuc -key $KEY -iv $IV -out zuc.bin
gmssl zuc -key $KEY -iv $IV -in zuc.bin

165
include/gmssl/aes.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,84 +7,85 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_AES_H
#define GMSSL_AES_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
#define AES128_KEY_BITS 128
#define AES192_KEY_BITS 192
#define AES256_KEY_BITS 256
#define AES128_KEY_SIZE (AES128_KEY_BITS/8)
#define AES192_KEY_SIZE (AES192_KEY_BITS/8)
#define AES256_KEY_SIZE (AES256_KEY_BITS/8)
#define AES_BLOCK_SIZE 16
#define AES128_ROUNDS 10
#define AES192_ROUNDS 12
#define AES256_ROUNDS 14
#define AES_MAX_ROUNDS AES256_ROUNDS
typedef struct {
uint32_t rk[4 * (AES_MAX_ROUNDS + 1)];
size_t rounds;
} AES_KEY;
int aes_set_encrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
int aes_set_decrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
void aes_encrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
void aes_decrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
void aes_cbc_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
const uint8_t *in, size_t nblocks, uint8_t *out);
void aes_cbc_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
const uint8_t *in, size_t nblocks, uint8_t *out);
int aes_cbc_padding_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
const uint8_t *in, size_t inlen,
uint8_t *out, size_t *outlen);
int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
const uint8_t *in, size_t inlen,
uint8_t *out, size_t *outlen);
void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[AES_BLOCK_SIZE],
const uint8_t *in, size_t inlen, uint8_t *out);
#define aes_ctr_decrypt(key,ctr,in,inlen,out) aes_ctr_encrypt(key,ctr,in,inlen,out)
#define AES_GCM_IV_MIN_SIZE 1
#define AES_GCM_IV_MAX_SIZE ((uint64_t)(1 << (64-3)))
#define AES_GCM_IV_DEFAULT_BITS 96
#define AES_GCM_IV_DEFAULT_SIZE 12
#define AES_GCM_MIN_AAD_SIZE 0
#define AES_GCM_MAX_AAD_SIZE ((uint64_t)(1 << (64-3)))
#define AES_GCM_MIN_PLAINTEXT_SIZE 0
#define AES_GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3)
#define AES_GCM_MAX_TAG_SIZE 16
int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
uint8_t *out, size_t taglen, uint8_t *tag);
int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
const uint8_t *tag, size_t taglen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_AES_H
#define GMSSL_AES_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
#define AES128_KEY_BITS 128
#define AES192_KEY_BITS 192
#define AES256_KEY_BITS 256
#define AES128_KEY_SIZE (AES128_KEY_BITS/8)
#define AES192_KEY_SIZE (AES192_KEY_BITS/8)
#define AES256_KEY_SIZE (AES256_KEY_BITS/8)
#define AES_BLOCK_SIZE 16
#define AES128_ROUNDS 10
#define AES192_ROUNDS 12
#define AES256_ROUNDS 14
#define AES_MAX_ROUNDS AES256_ROUNDS
typedef struct {
uint32_t rk[4 * (AES_MAX_ROUNDS + 1)];
size_t rounds;
} AES_KEY;
int aes_set_encrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
int aes_set_decrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
void aes_encrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
void aes_decrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
void aes_cbc_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
const uint8_t *in, size_t nblocks, uint8_t *out);
void aes_cbc_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
const uint8_t *in, size_t nblocks, uint8_t *out);
int aes_cbc_padding_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
const uint8_t *in, size_t inlen,
uint8_t *out, size_t *outlen);
int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
const uint8_t *in, size_t inlen,
uint8_t *out, size_t *outlen);
void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[AES_BLOCK_SIZE],
const uint8_t *in, size_t inlen, uint8_t *out);
#define aes_ctr_decrypt(key,ctr,in,inlen,out) aes_ctr_encrypt(key,ctr,in,inlen,out)
#define AES_GCM_IV_MIN_SIZE 1
#define AES_GCM_IV_MAX_SIZE ((uint64_t)(1 << (64-3)))
#define AES_GCM_IV_DEFAULT_BITS 96
#define AES_GCM_IV_DEFAULT_SIZE 12
#define AES_GCM_MIN_AAD_SIZE 0
#define AES_GCM_MAX_AAD_SIZE ((uint64_t)(1 << (64-3)))
#define AES_GCM_MIN_PLAINTEXT_SIZE 0
#define AES_GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3)
#define AES_GCM_MAX_TAG_SIZE 16
int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
uint8_t *out, size_t taglen, uint8_t *tag);
int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
const uint8_t *tag, size_t taglen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif

539
include/gmssl/asn1.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,271 +7,272 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_ASN1_H
#define GMSSL_ASN1_H
#include <time.h>
#include <stdlib.h>
#include <stdint.h>
#if __cplusplus
extern "C" {
#endif
#define ASN1_TAG_UNIVERSAL 0x00
#define ASN1_TAG_APPLICATION 0x40
#define ASN1_TAG_CONTENT_SPECIFIC 0x80
#define ASN1_TAG_PRIVATE 0xC0
#define ASN1_TAG_PRIMITIVE 0x00
#define ASN1_TAG_CONSTRUCTED 0x20
#define ASN1_TAG_IMPLICIT(index) (ASN1_TAG_CONTENT_SPECIFIC|(index))
#define ASN1_TAG_EXPLICIT(index) ASN1_TAG_IMPLICIT(ASN1_TAG_CONSTRUCTED|(index))
#define ASN1_FMT_FULL 0x01
enum ASN1_TAG {
ASN1_TAG_BOOLEAN = 1,
ASN1_TAG_INTEGER = 2,
ASN1_TAG_BIT_STRING = 3,
ASN1_TAG_OCTET_STRING = 4,
ASN1_TAG_NULL = 5,
ASN1_TAG_OBJECT_IDENTIFIER = 6,
ASN1_TAG_ObjectDescriptor = 7,
ASN1_TAG_EXTERNAL = 8,
ASN1_TAG_REAL = 9,
ASN1_TAG_ENUMERATED = 10, // 0x0A
ASN1_TAG_EMBEDDED = 11, // 0x0B
ASN1_TAG_UTF8String = 12, // 0x0C
ASN1_TAG_RELATIVE_OID = 13, // 0x0D
ASN1_TAG_NumericString = 18, // 0x12
ASN1_TAG_PrintableString = 19, // 0x13, printable subset of ascii
ASN1_TAG_TeletexString = 20, // 0x14, T61String
ASN1_TAG_VideotexString = 21, // 0x15
ASN1_TAG_IA5String = 22, // 0x16, 7-bit ascii
ASN1_TAG_UTCTime = 23, // 0x17
ASN1_TAG_GeneralizedTime = 24, // 0x18
ASN1_TAG_GraphicString = 25, // 0x19
ASN1_TAG_VisibleString = 26, // 0x20
ASN1_TAG_GeneralString = 27, // 0x21
ASN1_TAG_UniversalString = 28, // 0x22
ASN1_TAG_CHARACTER_STRING = 29, // 0x23
ASN1_TAG_BMPString = 30, // 0x24, 2-byte unicode with zeros
ASN1_TAG_SEQUENCE = 0x30,
ASN1_TAG_SET = 0x31,
ASN1_TAG_EXPLICIT = 0xa0,
};
const char *asn1_tag_name(int tag);
int asn1_tag_to_der(int tag, uint8_t **out, size_t *outlen);
int asn1_tag_from_der(int tag, const uint8_t **in, size_t *inlen);
int asn1_any_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
int asn1_tag_get(int *tag, const uint8_t **in, size_t *inlen); // 尝试读取下一个tag但是并不修改in,inlen
int asn1_tag_is_cstring(int tag);
int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen);
int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen);
int asn1_length_is_zero(size_t len);
int asn1_length_le(size_t len1, size_t len2); // less than
int asn1_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_data_from_der(const uint8_t **d, size_t dlen, const uint8_t **in, size_t *inlen);
int asn1_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV
const char *asn1_boolean_name(int val);
int asn1_boolean_from_name(int *val, const char *name);
int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen);
int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen);
#define asn1_boolean_to_der(val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen)
#define asn1_boolean_from_der(val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_BOOLEAN,val,in,inlen)
#define asn1_implicit_boolean_to_der(i,val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
#define asn1_implicit_boolean_from_der(i,val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
// asn1_integer_ 不支持负数编解码
int asn1_integer_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_integer_to_der(d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen)
#define asn1_integer_from_der(d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_INTEGER,d,dlen,in,inlen)
#define asn1_implicit_integer_to_der(i,d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_integer_from_der(i,d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
// asn1_int_ 只支持小的无符号整数的编解码,不支持负数
int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // 当 val == -1 时,不输出,返回 0
int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // 不支持负数返回0时 *val 设置为 -1
#define asn1_int_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen)
#define asn1_int_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen)
#define asn1_implicit_int_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
#define asn1_implicit_int_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
// 比特长度不必须为8的整数倍
int asn1_bit_string_to_der_ex(int tag, const uint8_t *d, size_t nbits, uint8_t **out, size_t *outlen);
int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const uint8_t **in, size_t *inlen);
#define asn1_bit_string_to_der(d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen)
#define asn1_bit_string_from_der(d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_BIT_STRING,d,nbits,in,inlen)
#define asn1_implicit_bit_string_to_der(i,d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,out,outlen)
#define asn1_implicit_bit_string_from_der(i,d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,in,inlen)
// 比特长度必须为8的整数倍因此使用字节长度
int asn1_bit_octets_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_bit_octets_to_der(d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
#define asn1_bit_octets_from_der(d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_BIT_STRING,d,dlen,in,inlen)
#define asn1_implicit_bit_octets_to_der(i,d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_bit_octets_from_der(i,d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
// bits == -1 不编码,只支持较少的比特数量
int asn1_bits_to_der_ex(int tag, int bits, uint8_t **out, size_t *outlen);
int asn1_bits_from_der_ex(int tag, int *bits, const uint8_t **in, size_t *inlen);
#define asn1_bits_to_der(bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,bits,out,outlen)
#define asn1_bits_from_der(bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,bits,in,inlen)
#define asn1_implicit_bits_to_der(i,bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(i),bits,out,outlen)
#define asn1_implicit_bits_from_der(i,bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(i),bits,in,inlen)
// names[i]对应第i个比特
int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **names, size_t names_cnt, int bits);
#define asn1_octet_string_to_der_ex(tag,d,dlen,out,outlen) asn1_type_to_der(tag,d,dlen,out,outlen)
#define asn1_octet_string_from_der_ex(tag,d,dlen,in,inlen) asn1_type_from_der(tag,d,dlen,in,inlen)
#define asn1_octet_string_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_OCTET_STRING,d,dlen,out,outlen)
#define asn1_octet_string_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_OCTET_STRING,d,dlen,in,inlen)
#define asn1_implicit_octet_string_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_octet_string_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
const char *asn1_null_name(void);
int asn1_null_to_der(uint8_t **out, size_t *outlen);
int asn1_null_from_der(const uint8_t **in, size_t *inlen);
#define ASN1_OID_MAX_NODES 32
int asn1_object_identifier_to_octets(const uint32_t *nodes, size_t nodes_cnt, uint8_t *out, size_t *outlen);
int asn1_object_identifier_from_octets(uint32_t *nodes, size_t *nodes_cnt, const uint8_t *in, size_t inlen);
int asn1_object_identifier_equ(const uint32_t *a, size_t a_cnt, const uint32_t *b, size_t b_cnt);
int asn1_object_identifier_to_der_ex(int tag, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
int asn1_object_identifier_from_der_ex(int tag, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
#define asn1_object_identifier_to_der(nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,out,outlen)
#define asn1_object_identifier_from_der(nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,in,inlen)
#define asn1_implicit_object_identifier_to_der(i,nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,out,outlen)
#define asn1_implicit_object_identifier_from_der(i,nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,in,inlen)
int asn1_object_identifier_print(FILE *fp, int fmt, int ind, const char *label, const char *name,
const uint32_t *nodes, size_t nodes_cnt);
#define asn1_enumerated_to_der_ex(tag,val,out,outlen) asn1_int_to_der_ex(tag,val,out,outlen)
#define asn1_enumerated_from_der_ex(tag,val,in,inlen) asn1_int_from_der_ex(tag,val,in,inlen)
#define asn1_enumerated_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen)
#define asn1_enumerated_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_ENUMERATED,val,in,inlen)
#define asn1_implicit_enumerated_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
#define asn1_implicit_enumerated_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
int asn1_utf8_string_check(const char *d, size_t dlen);
int asn1_utf8_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_utf8_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_utf8_string_to_der(d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_UTF8String,d,dlen,out,outlen)
#define asn1_utf8_string_from_der(d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_UTF8String,d,dlen,in,inlen)
#define asn1_implicit_utf8_string_to_der(i,d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_utf8_string_from_der(i,d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
int asn1_printable_string_check(const char *d, size_t dlen);
int asn1_printable_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_printable_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_printable_string_to_der(d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_PrintableString,d,dlen,out,outlen)
#define asn1_printable_string_from_der(d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_PrintableString,d,dlen,in,inlen)
#define asn1_implicit_printable_string_to_der(i,d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_printable_string_from_der(i,d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
int asn1_ia5_string_check(const char *d, size_t dlen);
int asn1_ia5_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_ia5_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_ia5_string_to_der(d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IA5String,d,dlen,out,outlen)
#define asn1_ia5_string_from_der(d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IA5String,d,dlen,in,inlen)
#define asn1_implicit_ia5_string_to_der(i,d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_ia5_string_from_der(i,d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
int asn1_string_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
#define ASN1_UTC_TIME_LEN (sizeof("YYMMDDHHMMSSZ")-1)
#define ASN1_GENERALIZED_TIME_LEN (sizeof("YYYYMMDDHHMMSSZ")-1)
int asn1_utc_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
int asn1_utc_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
#define asn1_utc_time_to_der(tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,tv,out,outlen)
#define asn1_utc_time_from_der(tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_UTCTime,tv,in,inlen)
#define asn1_implicit_utc_time_to_der(i,tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
#define asn1_implicit_utc_time_from_der(i,tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
int asn1_generalized_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
#define asn1_generalized_time_to_der(tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_GeneralizedTime,tv,out,outlen)
#define asn1_generalized_time_from_der(tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_GeneralizedTime,tv,in,inlen)
#define asn1_implicit_generalized_time_to_der(i,tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
#define asn1_implicit_generalized_time_from_der(i,tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
#define asn1_set_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
#define asn1_set_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);
#define asn1_implicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
#define asn1_octet_string_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_OCTET_STRING,dlen,out,outlen)
#define asn1_sequence_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SEQUENCE,dlen,out,outlen)
#define asn1_implicit_sequence_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
#define asn1_set_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SET,dlen,out,outlen)
#define asn1_implicit_set_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
#define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
// d,dlen 是 SEQUENCE OF, SET OF 中的值
int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt);
int asn1_types_get_item_by_index(const uint8_t *d, size_t *dlen, int tag,
int index, const uint8_t **item_d, size_t *item_dlen);
int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, const uint8_t **in, size_t *inlen);
int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
typedef struct {
int oid;
char *name;
uint32_t *nodes;
size_t nodes_cnt;
int flags;
char *description;
} ASN1_OID_INFO;
const ASN1_OID_INFO *asn1_oid_info_from_name(const ASN1_OID_INFO *infos, size_t count, const char *name);
const ASN1_OID_INFO *asn1_oid_info_from_oid(const ASN1_OID_INFO *infos, size_t count, int oid);
int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_cnt,
const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
int asn1_oid_info_from_der(const ASN1_OID_INFO **info,
const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
int asn1_check(int expr);
#if __cplusplus
}
#endif
#endif
#ifndef GMSSL_ASN1_H
#define GMSSL_ASN1_H
#include <time.h>
#include <stdlib.h>
#include <stdint.h>
#if __cplusplus
extern "C" {
#endif
#define ASN1_TAG_UNIVERSAL 0x00
#define ASN1_TAG_APPLICATION 0x40
#define ASN1_TAG_CONTENT_SPECIFIC 0x80
#define ASN1_TAG_PRIVATE 0xC0
#define ASN1_TAG_PRIMITIVE 0x00
#define ASN1_TAG_CONSTRUCTED 0x20
#define ASN1_TAG_IMPLICIT(index) (ASN1_TAG_CONTENT_SPECIFIC|(index))
#define ASN1_TAG_EXPLICIT(index) ASN1_TAG_IMPLICIT(ASN1_TAG_CONSTRUCTED|(index))
#define ASN1_FMT_FULL 0x01
enum ASN1_TAG {
ASN1_TAG_BOOLEAN = 1,
ASN1_TAG_INTEGER = 2,
ASN1_TAG_BIT_STRING = 3,
ASN1_TAG_OCTET_STRING = 4,
ASN1_TAG_NULL = 5,
ASN1_TAG_OBJECT_IDENTIFIER = 6,
ASN1_TAG_ObjectDescriptor = 7,
ASN1_TAG_EXTERNAL = 8,
ASN1_TAG_REAL = 9,
ASN1_TAG_ENUMERATED = 10, // 0x0A
ASN1_TAG_EMBEDDED = 11, // 0x0B
ASN1_TAG_UTF8String = 12, // 0x0C
ASN1_TAG_RELATIVE_OID = 13, // 0x0D
ASN1_TAG_NumericString = 18, // 0x12
ASN1_TAG_PrintableString = 19, // 0x13, printable subset of ascii
ASN1_TAG_TeletexString = 20, // 0x14, T61String
ASN1_TAG_VideotexString = 21, // 0x15
ASN1_TAG_IA5String = 22, // 0x16, 7-bit ascii
ASN1_TAG_UTCTime = 23, // 0x17
ASN1_TAG_GeneralizedTime = 24, // 0x18
ASN1_TAG_GraphicString = 25, // 0x19
ASN1_TAG_VisibleString = 26, // 0x20
ASN1_TAG_GeneralString = 27, // 0x21
ASN1_TAG_UniversalString = 28, // 0x22
ASN1_TAG_CHARACTER_STRING = 29, // 0x23
ASN1_TAG_BMPString = 30, // 0x24, 2-byte unicode with zeros
ASN1_TAG_SEQUENCE = 0x30,
ASN1_TAG_SET = 0x31,
ASN1_TAG_EXPLICIT = 0xa0,
};
const char *asn1_tag_name(int tag);
int asn1_tag_to_der(int tag, uint8_t **out, size_t *outlen);
int asn1_tag_from_der(int tag, const uint8_t **in, size_t *inlen);
int asn1_any_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
int asn1_tag_get(int *tag, const uint8_t **in, size_t *inlen); // 尝试读取下一个tag但是并不修改in,inlen
int asn1_tag_is_cstring(int tag);
int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen);
int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen);
int asn1_length_is_zero(size_t len);
int asn1_length_le(size_t len1, size_t len2); // less than
int asn1_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_data_from_der(const uint8_t **d, size_t dlen, const uint8_t **in, size_t *inlen);
int asn1_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV
const char *asn1_boolean_name(int val);
int asn1_boolean_from_name(int *val, const char *name);
int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen);
int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen);
#define asn1_boolean_to_der(val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen)
#define asn1_boolean_from_der(val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_BOOLEAN,val,in,inlen)
#define asn1_implicit_boolean_to_der(i,val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
#define asn1_implicit_boolean_from_der(i,val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
// asn1_integer_ 不支持负数编解码
int asn1_integer_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_integer_to_der(d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen)
#define asn1_integer_from_der(d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_INTEGER,d,dlen,in,inlen)
#define asn1_implicit_integer_to_der(i,d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_integer_from_der(i,d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
// asn1_int_ 只支持小的无符号整数的编解码,不支持负数
int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // 当 val == -1 时,不输出,返回 0
int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // 不支持负数返回0时 *val 设置为 -1
#define asn1_int_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen)
#define asn1_int_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen)
#define asn1_implicit_int_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
#define asn1_implicit_int_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
// 比特长度不必须为8的整数倍
int asn1_bit_string_to_der_ex(int tag, const uint8_t *d, size_t nbits, uint8_t **out, size_t *outlen);
int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const uint8_t **in, size_t *inlen);
#define asn1_bit_string_to_der(d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen)
#define asn1_bit_string_from_der(d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_BIT_STRING,d,nbits,in,inlen)
#define asn1_implicit_bit_string_to_der(i,d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,out,outlen)
#define asn1_implicit_bit_string_from_der(i,d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,in,inlen)
// 比特长度必须为8的整数倍因此使用字节长度
int asn1_bit_octets_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_bit_octets_to_der(d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
#define asn1_bit_octets_from_der(d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_BIT_STRING,d,dlen,in,inlen)
#define asn1_implicit_bit_octets_to_der(i,d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_bit_octets_from_der(i,d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
// bits == -1 不编码,只支持较少的比特数量
int asn1_bits_to_der_ex(int tag, int bits, uint8_t **out, size_t *outlen);
int asn1_bits_from_der_ex(int tag, int *bits, const uint8_t **in, size_t *inlen);
#define asn1_bits_to_der(bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,bits,out,outlen)
#define asn1_bits_from_der(bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,bits,in,inlen)
#define asn1_implicit_bits_to_der(i,bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(i),bits,out,outlen)
#define asn1_implicit_bits_from_der(i,bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(i),bits,in,inlen)
// names[i]对应第i个比特
int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **names, size_t names_cnt, int bits);
#define asn1_octet_string_to_der_ex(tag,d,dlen,out,outlen) asn1_type_to_der(tag,d,dlen,out,outlen)
#define asn1_octet_string_from_der_ex(tag,d,dlen,in,inlen) asn1_type_from_der(tag,d,dlen,in,inlen)
#define asn1_octet_string_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_OCTET_STRING,d,dlen,out,outlen)
#define asn1_octet_string_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_OCTET_STRING,d,dlen,in,inlen)
#define asn1_implicit_octet_string_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_octet_string_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
const char *asn1_null_name(void);
int asn1_null_to_der(uint8_t **out, size_t *outlen);
int asn1_null_from_der(const uint8_t **in, size_t *inlen);
#define ASN1_OID_MAX_NODES 32
int asn1_object_identifier_to_octets(const uint32_t *nodes, size_t nodes_cnt, uint8_t *out, size_t *outlen);
int asn1_object_identifier_from_octets(uint32_t *nodes, size_t *nodes_cnt, const uint8_t *in, size_t inlen);
int asn1_object_identifier_equ(const uint32_t *a, size_t a_cnt, const uint32_t *b, size_t b_cnt);
int asn1_object_identifier_to_der_ex(int tag, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
int asn1_object_identifier_from_der_ex(int tag, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
#define asn1_object_identifier_to_der(nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,out,outlen)
#define asn1_object_identifier_from_der(nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,in,inlen)
#define asn1_implicit_object_identifier_to_der(i,nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,out,outlen)
#define asn1_implicit_object_identifier_from_der(i,nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,in,inlen)
int asn1_object_identifier_print(FILE *fp, int fmt, int ind, const char *label, const char *name,
const uint32_t *nodes, size_t nodes_cnt);
#define asn1_enumerated_to_der_ex(tag,val,out,outlen) asn1_int_to_der_ex(tag,val,out,outlen)
#define asn1_enumerated_from_der_ex(tag,val,in,inlen) asn1_int_from_der_ex(tag,val,in,inlen)
#define asn1_enumerated_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen)
#define asn1_enumerated_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_ENUMERATED,val,in,inlen)
#define asn1_implicit_enumerated_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
#define asn1_implicit_enumerated_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
int asn1_utf8_string_check(const char *d, size_t dlen);
int asn1_utf8_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_utf8_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_utf8_string_to_der(d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_UTF8String,d,dlen,out,outlen)
#define asn1_utf8_string_from_der(d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_UTF8String,d,dlen,in,inlen)
#define asn1_implicit_utf8_string_to_der(i,d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_utf8_string_from_der(i,d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
int asn1_printable_string_check(const char *d, size_t dlen);
int asn1_printable_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_printable_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_printable_string_to_der(d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_PrintableString,d,dlen,out,outlen)
#define asn1_printable_string_from_der(d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_PrintableString,d,dlen,in,inlen)
#define asn1_implicit_printable_string_to_der(i,d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_printable_string_from_der(i,d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
int asn1_ia5_string_check(const char *d, size_t dlen);
int asn1_ia5_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
int asn1_ia5_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define asn1_ia5_string_to_der(d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IA5String,d,dlen,out,outlen)
#define asn1_ia5_string_from_der(d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IA5String,d,dlen,in,inlen)
#define asn1_implicit_ia5_string_to_der(i,d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_ia5_string_from_der(i,d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
int asn1_string_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
#define ASN1_UTC_TIME_LEN (sizeof("YYMMDDHHMMSSZ")-1)
#define ASN1_GENERALIZED_TIME_LEN (sizeof("YYYYMMDDHHMMSSZ")-1)
int asn1_utc_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
int asn1_utc_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
#define asn1_utc_time_to_der(tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,tv,out,outlen)
#define asn1_utc_time_from_der(tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_UTCTime,tv,in,inlen)
#define asn1_implicit_utc_time_to_der(i,tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
#define asn1_implicit_utc_time_from_der(i,tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
int asn1_generalized_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
#define asn1_generalized_time_to_der(tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_GeneralizedTime,tv,out,outlen)
#define asn1_generalized_time_from_der(tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_GeneralizedTime,tv,in,inlen)
#define asn1_implicit_generalized_time_to_der(i,tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
#define asn1_implicit_generalized_time_from_der(i,tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
#define asn1_set_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
#define asn1_set_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);
#define asn1_implicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
#define asn1_octet_string_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_OCTET_STRING,dlen,out,outlen)
#define asn1_sequence_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SEQUENCE,dlen,out,outlen)
#define asn1_implicit_sequence_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
#define asn1_set_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SET,dlen,out,outlen)
#define asn1_implicit_set_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
#define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
// d,dlen 是 SEQUENCE OF, SET OF 中的值
int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt);
int asn1_types_get_item_by_index(const uint8_t *d, size_t *dlen, int tag,
int index, const uint8_t **item_d, size_t *item_dlen);
int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, const uint8_t **in, size_t *inlen);
int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
typedef struct {
int oid;
char *name;
uint32_t *nodes;
size_t nodes_cnt;
int flags;
char *description;
} ASN1_OID_INFO;
const ASN1_OID_INFO *asn1_oid_info_from_name(const ASN1_OID_INFO *infos, size_t count, const char *name);
const ASN1_OID_INFO *asn1_oid_info_from_oid(const ASN1_OID_INFO *infos, size_t count, int oid);
int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_cnt,
const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
int asn1_oid_info_from_der(const ASN1_OID_INFO **info,
const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
int asn1_check(int expr);
#if __cplusplus
}
#endif
#endif

129
include/gmssl/base64.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,66 +7,67 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_BASE64_H
#define GMSSL_BASE64_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
BASE64 Public API
BASE64_CTX
base64_encode_init
base64_encode_update
base64_encode_finish
base64_decode_init
base64_decode_update
base64_decode_finish
*/
typedef struct {
/* number saved in a partial encode/decode */
int num;
/*
* The length is either the output line length (in input bytes) or the
* shortest input line length that is ok. Once decoding begins, the
* length is adjusted up each time a longer line is decoded
*/
int length;
/* data to encode */
unsigned char enc_data[80];
/* number read on current line */
int line_num;
int expect_nl;
} BASE64_CTX;
# define BASE64_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
# define BASE64_DECODE_LENGTH(l) ((l+3)/4*3+80)
void base64_encode_init(BASE64_CTX *ctx);
int base64_encode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
void base64_encode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
void base64_decode_init(BASE64_CTX *ctx);
int base64_decode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
int base64_decode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
int base64_encode_block(unsigned char *t, const unsigned char *f, int dlen);
int base64_decode_block(unsigned char *t, const unsigned char *f, int n);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_BASE64_H
#define GMSSL_BASE64_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
BASE64 Public API
BASE64_CTX
base64_encode_init
base64_encode_update
base64_encode_finish
base64_decode_init
base64_decode_update
base64_decode_finish
*/
typedef struct {
/* number saved in a partial encode/decode */
int num;
/*
* The length is either the output line length (in input bytes) or the
* shortest input line length that is ok. Once decoding begins, the
* length is adjusted up each time a longer line is decoded
*/
int length;
/* data to encode */
unsigned char enc_data[80];
/* number read on current line */
int line_num;
int expect_nl;
} BASE64_CTX;
# define BASE64_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
# define BASE64_DECODE_LENGTH(l) ((l+3)/4*3+80)
void base64_encode_init(BASE64_CTX *ctx);
int base64_encode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
void base64_encode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
void base64_decode_init(BASE64_CTX *ctx);
int base64_decode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
int base64_decode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
int base64_encode_block(unsigned char *t, const unsigned char *f, int dlen);
int base64_decode_block(unsigned char *t, const unsigned char *f, int n);
#ifdef __cplusplus
}
#endif
#endif

133
include/gmssl/block_cipher.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,68 +7,69 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_BLOCK_CIPHER_H
#define GMSSL_BLOCK_CIPHER_H
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/aes.h>
#include <gmssl/sm4.h>
#ifdef __cplusplus
extern "C" {
#endif
#define BLOCK_CIPHER_BLOCK_SIZE 16
#define BLOCK_CIPHER_MIN_KEY_SIZE 16
#define BLOCK_CIPHER_MAX_KEY_SIZE 32
typedef struct BLOCK_CIPHER BLOCK_CIPHER;
typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY;
struct BLOCK_CIPHER_KEY {
union {
SM4_KEY sm4_key;
AES_KEY aes_key;
} u;
const BLOCK_CIPHER *cipher;
};
typedef void (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
typedef void (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
typedef void (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
typedef void (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
struct BLOCK_CIPHER {
int oid;
size_t key_size;
size_t block_size;
block_cipher_set_encrypt_key_func set_encrypt_key;
block_cipher_set_decrypt_key_func set_decrypt_key;
block_cipher_encrypt_func encrypt;
block_cipher_decrypt_func decrypt;
};
const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void);
const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void);
const BLOCK_CIPHER *block_cipher_from_name(const char *name);
const char *block_cipher_name(const BLOCK_CIPHER *cipher);
int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
int block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
int block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_BLOCK_CIPHER_H
#define GMSSL_BLOCK_CIPHER_H
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/aes.h>
#include <gmssl/sm4.h>
#ifdef __cplusplus
extern "C" {
#endif
#define BLOCK_CIPHER_BLOCK_SIZE 16
#define BLOCK_CIPHER_MIN_KEY_SIZE 16
#define BLOCK_CIPHER_MAX_KEY_SIZE 32
typedef struct BLOCK_CIPHER BLOCK_CIPHER;
typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY;
struct BLOCK_CIPHER_KEY {
union {
SM4_KEY sm4_key;
AES_KEY aes_key;
} u;
const BLOCK_CIPHER *cipher;
};
typedef void (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
typedef void (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
typedef void (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
typedef void (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
struct BLOCK_CIPHER {
int oid;
size_t key_size;
size_t block_size;
block_cipher_set_encrypt_key_func set_encrypt_key;
block_cipher_set_decrypt_key_func set_decrypt_key;
block_cipher_encrypt_func encrypt;
block_cipher_decrypt_func decrypt;
};
const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void);
const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void);
const BLOCK_CIPHER *block_cipher_from_name(const char *name);
const char *block_cipher_name(const BLOCK_CIPHER *cipher);
int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
int block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
int block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif

99
include/gmssl/chacha20.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,51 +7,52 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
/* RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols" */
#ifndef GMSSL_CHACHA20_H
#define GMSSL_CHACHA20_H
#define CHACHA20_IS_BIG_ENDIAN 0
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#define CHACHA20_KEY_BITS 256
#define CHACHA20_NONCE_BITS 96
#define CHACHA20_COUNTER_BITS 32
#define CHACHA20_KEY_SIZE (CHACHA20_KEY_BITS/8)
#define CHACHA20_NONCE_SIZE (CHACHA20_NONCE_BITS/8)
#define CHACHA20_COUNTER_SIZE (CHACHA20_COUNTER_BITS/8)
#define CHACHA20_KEY_WORDS (CHACHA20_KEY_SIZE/sizeof(uint32_t))
#define CHACHA20_NONCE_WORDS (CHACHA20_NONCE_SIZE/sizeof(uint32_t))
#define CHACHA20_COUNTER_WORDS (CHACHA20_COUNTER_SIZE/sizeof(uint32_t))
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
uint32_t d[16];
} CHACHA20_STATE;
void chacha20_init(CHACHA20_STATE *state,
const uint8_t key[CHACHA20_KEY_SIZE],
const uint8_t nonce[CHACHA20_NONCE_SIZE], uint32_t counter);
void chacha20_generate_keystream(CHACHA20_STATE *state,
size_t counts, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif
/* RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols" */
#ifndef GMSSL_CHACHA20_H
#define GMSSL_CHACHA20_H
#define CHACHA20_IS_BIG_ENDIAN 0
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#define CHACHA20_KEY_BITS 256
#define CHACHA20_NONCE_BITS 96
#define CHACHA20_COUNTER_BITS 32
#define CHACHA20_KEY_SIZE (CHACHA20_KEY_BITS/8)
#define CHACHA20_NONCE_SIZE (CHACHA20_NONCE_BITS/8)
#define CHACHA20_COUNTER_SIZE (CHACHA20_COUNTER_BITS/8)
#define CHACHA20_KEY_WORDS (CHACHA20_KEY_SIZE/sizeof(uint32_t))
#define CHACHA20_NONCE_WORDS (CHACHA20_NONCE_SIZE/sizeof(uint32_t))
#define CHACHA20_COUNTER_WORDS (CHACHA20_COUNTER_SIZE/sizeof(uint32_t))
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
uint32_t d[16];
} CHACHA20_STATE;
void chacha20_init(CHACHA20_STATE *state,
const uint8_t key[CHACHA20_KEY_SIZE],
const uint8_t nonce[CHACHA20_NONCE_SIZE], uint32_t counter);
void chacha20_generate_keystream(CHACHA20_STATE *state,
size_t counts, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif

1089
include/gmssl/cms.h
View File

File diff suppressed because it is too large Load Diff

101
include/gmssl/des.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,52 +7,53 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
/* FIPS PUB 46-3 "Data Encryption Standard (DES)" */
#ifndef GMSSL_DES_H
#define GMSSL_DES_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
#define DES_KEY_BITS 56
#define DES_BLOCK_BITS 64
#define DES_KEY_SIZE ((DES_KEY_BITS)/7)
#define DES_BLOCK_SIZE (DES_BLOCK_BITS/8)
#define DES_RK_BITS 48
#define DES_RK_SIZE (DES_RK_BITS/8)
#define DES_ROUNDS 16
#define DES_EDE_KEY_SIZE (DES_KEY_SIZE * 3)
typedef struct {
uint64_t rk[DES_ROUNDS];
} DES_KEY;
void des_set_encrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
void des_set_decrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
void des_encrypt(DES_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
typedef struct {
DES_KEY K[3];
} DES_EDE_KEY;
void des_ede_set_encrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
void des_ede_set_decrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
void des_ede_encrypt(DES_EDE_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
#ifdef __cplusplus
}
#endif
#endif
/* FIPS PUB 46-3 "Data Encryption Standard (DES)" */
#ifndef GMSSL_DES_H
#define GMSSL_DES_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
#define DES_KEY_BITS 56
#define DES_BLOCK_BITS 64
#define DES_KEY_SIZE ((DES_KEY_BITS)/7)
#define DES_BLOCK_SIZE (DES_BLOCK_BITS/8)
#define DES_RK_BITS 48
#define DES_RK_SIZE (DES_RK_BITS/8)
#define DES_ROUNDS 16
#define DES_EDE_KEY_SIZE (DES_KEY_SIZE * 3)
typedef struct {
uint64_t rk[DES_ROUNDS];
} DES_KEY;
void des_set_encrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
void des_set_decrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
void des_encrypt(DES_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
typedef struct {
DES_KEY K[3];
} DES_EDE_KEY;
void des_ede_set_encrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
void des_ede_set_decrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
void des_ede_encrypt(DES_EDE_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
#ifdef __cplusplus
}
#endif
#endif

147
include/gmssl/digest.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,75 +7,76 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_DIGEST_H
#define GMSSL_DIGEST_H
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
#include <gmssl/md5.h>
#include <gmssl/sha1.h>
#include <gmssl/sha2.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct DIGEST DIGEST;
typedef struct DIGEST_CTX DIGEST_CTX;
#define DIGEST_MAX_SIZE 64
#define DIGEST_MAX_BLOCK_SIZE (1024/8)
struct DIGEST_CTX {
union {
SM3_CTX sm3_ctx;
// MD5_CTX md5_ctx;
SHA1_CTX sha1_ctx;
SHA224_CTX sha224_ctx;
SHA256_CTX sha256_ctx;
SHA384_CTX sha384_ctx;
SHA512_CTX sha512_ctx;
} u;
const DIGEST *digest;
};
struct DIGEST {
int oid;
size_t digest_size;
size_t block_size;
size_t ctx_size;
int (*init)(DIGEST_CTX *ctx);
int (*update)(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
int (*finish)(DIGEST_CTX *ctx, uint8_t *dgst);
};
const DIGEST *DIGEST_sm3(void);
//const DIGEST *DIGEST_md5(void);
const DIGEST *DIGEST_sha1(void);
const DIGEST *DIGEST_sha224(void);
const DIGEST *DIGEST_sha256(void);
const DIGEST *DIGEST_sha384(void);
const DIGEST *DIGEST_sha512(void);
const DIGEST *DIGEST_sha512_224(void);
const DIGEST *DIGEST_sha512_256(void);
const DIGEST *digest_from_name(const char *name);
const char *digest_name(const DIGEST *digest);
int digest_init(DIGEST_CTX *ctx, const DIGEST *algor);
int digest_update(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
int digest_finish(DIGEST_CTX *ctx, uint8_t *dgst, size_t *dgstlen);
int digest(const DIGEST *digest, const uint8_t *data, size_t datalen, uint8_t *dgst, size_t *dgstlen);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_DIGEST_H
#define GMSSL_DIGEST_H
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
#include <gmssl/md5.h>
#include <gmssl/sha1.h>
#include <gmssl/sha2.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct DIGEST DIGEST;
typedef struct DIGEST_CTX DIGEST_CTX;
#define DIGEST_MAX_SIZE 64
#define DIGEST_MAX_BLOCK_SIZE (1024/8)
struct DIGEST_CTX {
union {
SM3_CTX sm3_ctx;
// MD5_CTX md5_ctx;
SHA1_CTX sha1_ctx;
SHA224_CTX sha224_ctx;
SHA256_CTX sha256_ctx;
SHA384_CTX sha384_ctx;
SHA512_CTX sha512_ctx;
} u;
const DIGEST *digest;
};
struct DIGEST {
int oid;
size_t digest_size;
size_t block_size;
size_t ctx_size;
int (*init)(DIGEST_CTX *ctx);
int (*update)(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
int (*finish)(DIGEST_CTX *ctx, uint8_t *dgst);
};
const DIGEST *DIGEST_sm3(void);
//const DIGEST *DIGEST_md5(void);
const DIGEST *DIGEST_sha1(void);
const DIGEST *DIGEST_sha224(void);
const DIGEST *DIGEST_sha256(void);
const DIGEST *DIGEST_sha384(void);
const DIGEST *DIGEST_sha512(void);
const DIGEST *DIGEST_sha512_224(void);
const DIGEST *DIGEST_sha512_256(void);
const DIGEST *digest_from_name(const char *name);
const char *digest_name(const DIGEST *digest);
int digest_init(DIGEST_CTX *ctx, const DIGEST *algor);
int digest_update(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
int digest_finish(DIGEST_CTX *ctx, uint8_t *dgst, size_t *dgstlen);
int digest(const DIGEST *digest, const uint8_t *data, size_t datalen, uint8_t *dgst, size_t *dgstlen);
#ifdef __cplusplus
}
#endif
#endif

113
include/gmssl/ec.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,58 +7,59 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_EC_H
#define GMSSL_EC_H
#include <time.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
NamedCurve:
OID_sm2
OID_prime192v1
OID_prime256v1
OID_secp256k1
OID_secp384r1
OID_secp521r1
*/
const char *ec_named_curve_name(int curve);
int ec_named_curve_from_name(const char *name);
int ec_named_curve_to_der(int curve, uint8_t **out, size_t *outlen);
int ec_named_curve_from_der(int *curve, const uint8_t **in, size_t *inlen);
/*
ECPoint ::= OCTET STRING -- uncompressed point
*/
int ec_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
ECPrivateKey ::= SEQUENCE {
version INTEGER, -- value MUST be (1)
privateKey OCTET STRING, -- big endian encoding of integer
parameters [0] EXPLICIT OBJECT IDENTIFIER OPTIONAL, -- namedCurve
publicKey [1] EXPLICIT BIT STRING OPTIONAL -- ECPoint
}
*/
enum {
EC_private_key_version = 1,
};
int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_EC_H
#define GMSSL_EC_H
#include <time.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
NamedCurve:
OID_sm2
OID_prime192v1
OID_prime256v1
OID_secp256k1
OID_secp384r1
OID_secp521r1
*/
const char *ec_named_curve_name(int curve);
int ec_named_curve_from_name(const char *name);
int ec_named_curve_to_der(int curve, uint8_t **out, size_t *outlen);
int ec_named_curve_from_der(int *curve, const uint8_t **in, size_t *inlen);
/*
ECPoint ::= OCTET STRING -- uncompressed point
*/
int ec_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
ECPrivateKey ::= SEQUENCE {
version INTEGER, -- value MUST be (1)
privateKey OCTET STRING, -- big endian encoding of integer
parameters [0] EXPLICIT OBJECT IDENTIFIER OPTIONAL, -- namedCurve
publicKey [1] EXPLICIT BIT STRING OPTIONAL -- ECPoint
}
*/
enum {
EC_private_key_version = 1,
};
int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
#ifdef __cplusplus
}
#endif
#endif

141
include/gmssl/endian.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,72 +7,73 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_ENDIAN_H
#define GMSSL_ENDIAN_H
/* Big Endian R/W */
#define GETU16(p) \
((uint16_t)(p)[0] << 8 | \
(uint16_t)(p)[1])
#define GETU32(p) \
((uint32_t)(p)[0] << 24 | \
(uint32_t)(p)[1] << 16 | \
(uint32_t)(p)[2] << 8 | \
(uint32_t)(p)[3])
#define GETU64(p) \
((uint64_t)(p)[0] << 56 | \
(uint64_t)(p)[1] << 48 | \
(uint64_t)(p)[2] << 40 | \
(uint64_t)(p)[3] << 32 | \
(uint64_t)(p)[4] << 24 | \
(uint64_t)(p)[5] << 16 | \
(uint64_t)(p)[6] << 8 | \
(uint64_t)(p)[7])
// 注意PUTU32(buf, val++) 会出错!
#define PUTU16(p,V) \
((p)[0] = (uint8_t)((V) >> 8), \
(p)[1] = (uint8_t)(V))
#define PUTU32(p,V) \
((p)[0] = (uint8_t)((V) >> 24), \
(p)[1] = (uint8_t)((V) >> 16), \
(p)[2] = (uint8_t)((V) >> 8), \
(p)[3] = (uint8_t)(V))
#define PUTU64(p,V) \
((p)[0] = (uint8_t)((V) >> 56), \
(p)[1] = (uint8_t)((V) >> 48), \
(p)[2] = (uint8_t)((V) >> 40), \
(p)[3] = (uint8_t)((V) >> 32), \
(p)[4] = (uint8_t)((V) >> 24), \
(p)[5] = (uint8_t)((V) >> 16), \
(p)[6] = (uint8_t)((V) >> 8), \
(p)[7] = (uint8_t)(V))
/* Little Endian R/W */
#define GETU16_LE(p) (*(const uint16_t *)(p))
#define GETU32_LE(p) (*(const uint32_t *)(p))
#define GETU64_LE(p) (*(const uint64_t *)(p))
#define PUTU16_LE(p,V) *(uint16_t *)(p) = (V)
#define PUTU32_LE(p,V) *(uint32_t *)(p) = (V)
#define PUTU64_LE(p,V) *(uint64_t *)(p) = (V)
/* Rotate */
#define ROL32(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
#define ROL64(a,n) (((a)<<(n))|((a)>>(64-(n))))
#define ROR32(a,n) ROL32((a),32-(n))
#define ROR64(a,n) ROL64(a,64-n)
#endif
#ifndef GMSSL_ENDIAN_H
#define GMSSL_ENDIAN_H
/* Big Endian R/W */
#define GETU16(p) \
((uint16_t)(p)[0] << 8 | \
(uint16_t)(p)[1])
#define GETU32(p) \
((uint32_t)(p)[0] << 24 | \
(uint32_t)(p)[1] << 16 | \
(uint32_t)(p)[2] << 8 | \
(uint32_t)(p)[3])
#define GETU64(p) \
((uint64_t)(p)[0] << 56 | \
(uint64_t)(p)[1] << 48 | \
(uint64_t)(p)[2] << 40 | \
(uint64_t)(p)[3] << 32 | \
(uint64_t)(p)[4] << 24 | \
(uint64_t)(p)[5] << 16 | \
(uint64_t)(p)[6] << 8 | \
(uint64_t)(p)[7])
// 注意PUTU32(buf, val++) 会出错!
#define PUTU16(p,V) \
((p)[0] = (uint8_t)((V) >> 8), \
(p)[1] = (uint8_t)(V))
#define PUTU32(p,V) \
((p)[0] = (uint8_t)((V) >> 24), \
(p)[1] = (uint8_t)((V) >> 16), \
(p)[2] = (uint8_t)((V) >> 8), \
(p)[3] = (uint8_t)(V))
#define PUTU64(p,V) \
((p)[0] = (uint8_t)((V) >> 56), \
(p)[1] = (uint8_t)((V) >> 48), \
(p)[2] = (uint8_t)((V) >> 40), \
(p)[3] = (uint8_t)((V) >> 32), \
(p)[4] = (uint8_t)((V) >> 24), \
(p)[5] = (uint8_t)((V) >> 16), \
(p)[6] = (uint8_t)((V) >> 8), \
(p)[7] = (uint8_t)(V))
/* Little Endian R/W */
#define GETU16_LE(p) (*(const uint16_t *)(p))
#define GETU32_LE(p) (*(const uint32_t *)(p))
#define GETU64_LE(p) (*(const uint64_t *)(p))
#define PUTU16_LE(p,V) *(uint16_t *)(p) = (V)
#define PUTU32_LE(p,V) *(uint32_t *)(p) = (V)
#define PUTU64_LE(p,V) *(uint64_t *)(p) = (V)
/* Rotate */
#define ROL32(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
#define ROL64(a,n) (((a)<<(n))|((a)>>(64-(n))))
#define ROR32(a,n) ROL32((a),32-(n))
#define ROR64(a,n) ROL64(a,64-n)
#endif

113
include/gmssl/error.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,58 +7,59 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_ERROR_H
#define GMSSL_ERROR_H
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define GMSSL_FMT_BIN 1
#define GMSSL_FMT_HEX 2
#define GMSSL_FMT_DER 4
#define GMSSL_FMT_PEM 8
#define DEBUG 1
#define error_print() \
do { if (DEBUG) fprintf(stderr, "%s:%d:%s():\n",__FILE__, __LINE__, __func__); } while (0)
#define error_print_msg(fmt, ...) \
do { if (DEBUG) fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, __func__, __VA_ARGS__); } while (0)
#define error_puts(str) \
do { if (DEBUG) fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, __func__, str); } while (0)
void print_der(const uint8_t *in, size_t inlen);
void print_bytes(const uint8_t *in, size_t inlen);
void print_nodes(const uint32_t *in, size_t inlen);
#define FMT_CARRAY 0x80
int format_print(FILE *fp, int format, int indent, const char *str, ...);
int format_bytes(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
int format_string(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
//int tls_trace(int format, int indent, const char *str, ...);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_ERROR_H
#define GMSSL_ERROR_H
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define GMSSL_FMT_BIN 1
#define GMSSL_FMT_HEX 2
#define GMSSL_FMT_DER 4
#define GMSSL_FMT_PEM 8
#define DEBUG 1
#define error_print() \
do { if (DEBUG) fprintf(stderr, "%s:%d:%s():\n",__FILE__, __LINE__, __func__); } while (0)
#define error_print_msg(fmt, ...) \
do { if (DEBUG) fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, __func__, __VA_ARGS__); } while (0)
#define error_puts(str) \
do { if (DEBUG) fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, __func__, str); } while (0)
void print_der(const uint8_t *in, size_t inlen);
void print_bytes(const uint8_t *in, size_t inlen);
void print_nodes(const uint32_t *in, size_t inlen);
#define FMT_CARRAY 0x80
int format_print(FILE *fp, int format, int indent, const char *str, ...);
int format_bytes(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
int format_string(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
//int tls_trace(int format, int indent, const char *str, ...);
#ifdef __cplusplus
}
#endif
#endif

103
include/gmssl/gcm.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,53 +7,54 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_GCM_H
#define GMSSL_GCM_H
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <gmssl/gf128.h>
#include <gmssl/block_cipher.h>
#ifdef __cplusplus
extern "C" {
#endif
#define GCM_IV_MIN_SIZE 1
#define GCM_IV_MAX_SIZE ((uint64_t)(1 << (64-3)))
#define GCM_IV_DEFAULT_BITS 96
#define GCM_IV_DEFAULT_SIZE 12
#define GCM_MIN_AAD_SIZE 0
#define GCM_MAX_AAD_SIZE ((uint64_t)(1 << (64-3)))
#define GCM_MIN_PLAINTEXT_SIZE 0
#define GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3)
#define GHASH_SIZE (16)
#define GCM_IS_LITTLE_ENDIAN 1
void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen,
const uint8_t *c, size_t clen, uint8_t out[16]);
int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
uint8_t *out, size_t taglen, uint8_t *tag);
int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
const uint8_t *tag, size_t taglen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_GCM_H
#define GMSSL_GCM_H
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <gmssl/gf128.h>
#include <gmssl/block_cipher.h>
#ifdef __cplusplus
extern "C" {
#endif
#define GCM_IV_MIN_SIZE 1
#define GCM_IV_MAX_SIZE ((uint64_t)(1 << (64-3)))
#define GCM_IV_DEFAULT_BITS 96
#define GCM_IV_DEFAULT_SIZE 12
#define GCM_MIN_AAD_SIZE 0
#define GCM_MAX_AAD_SIZE ((uint64_t)(1 << (64-3)))
#define GCM_MIN_PLAINTEXT_SIZE 0
#define GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3)
#define GHASH_SIZE (16)
#define GCM_IS_LITTLE_ENDIAN 1
void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen,
const uint8_t *c, size_t clen, uint8_t out[16]);
int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
uint8_t *out, size_t taglen, uint8_t *tag);
int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
const uint8_t *tag, size_t taglen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif

91
include/gmssl/gf128.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,47 +7,48 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
/* GF(2^128) defined by f(x) = x^128 + x^7 + x^2 + x + 1
* A + B mod f(x) = a xor b
* A * 2 mod f(x)
*/
#ifndef GMSSL_GF128_H
#define GMSSL_GF128_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
//typedef unsigned __int128 gf128_t;
typedef struct {
uint64_t hi;
uint64_t lo;
} gf128_t;
// Note: send by value is comptabile with uint128_t and sse2
gf128_t gf128_from_hex(const char *s);
int gf128_equ_hex(gf128_t a, const char *s);
gf128_t gf128_zero(void);
gf128_t gf128_add(gf128_t a, gf128_t b);
gf128_t gf128_mul(gf128_t a, gf128_t b);
gf128_t gf128_mul2(gf128_t a);
gf128_t gf128_from_bytes(const uint8_t p[16]);
void gf128_to_bytes(gf128_t a, uint8_t p[16]);
int gf128_print(FILE *fp, int fmt ,int ind, const char *label, gf128_t a);
#ifdef __cplusplus
}
#endif
#endif
/* GF(2^128) defined by f(x) = x^128 + x^7 + x^2 + x + 1
* A + B mod f(x) = a xor b
* A * 2 mod f(x)
*/
#ifndef GMSSL_GF128_H
#define GMSSL_GF128_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
//typedef unsigned __int128 gf128_t;
typedef struct {
uint64_t hi;
uint64_t lo;
} gf128_t;
// Note: send by value is comptabile with uint128_t and sse2
gf128_t gf128_from_hex(const char *s);
int gf128_equ_hex(gf128_t a, const char *s);
gf128_t gf128_zero(void);
gf128_t gf128_add(gf128_t a, gf128_t b);
gf128_t gf128_mul(gf128_t a, gf128_t b);
gf128_t gf128_mul2(gf128_t a);
gf128_t gf128_from_bytes(const uint8_t p[16]);
void gf128_to_bytes(gf128_t a, uint8_t p[16]);
int gf128_print(FILE *fp, int fmt ,int ind, const char *label, gf128_t a);
#ifdef __cplusplus
}
#endif
#endif

143
include/gmssl/hash_drbg.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,73 +7,74 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
/* NIST SP800-90A Rev.1 "Recommendation for Random Number Generation
* Using Deterministic Random Bit Generators", 10.1.1 Hash_DRBG */
#ifndef GMSSL_HASH_DRBG_H
#define GMSSL_HASH_DRBG_H
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/digest.h>
/* seedlen for hash_drgb, table 2 of nist sp 800-90a rev.1 */
#define HASH_DRBG_SM3_SEED_BITS 440 /* 55 bytes */
#define HASH_DRBG_SHA1_SEED_BITS 440
#define HASH_DRBG_SHA224_SEED_BITS 440
#define HASH_DRBG_SHA512_224_SEED_BITS 440
#define HASH_DRBG_SHA256_SEED_BITS 440
#define HASH_DRBG_SHA512_256_SEED_BITS 440
#define HASH_DRBG_SHA384_SEED_BITS 888 /* 110 bytes */
#define HASH_DRBG_SHA512_SEED_BITS 888
#define HASH_DRBG_MAX_SEED_BITS 888
#define HASH_DRBG_SM3_SEED_SIZE (HASH_DRBG_SM3_SEED_BITS/8)
#define HASH_DRBG_SHA1_SEED_SIZE (HASH_DRBG_SHA1_SEED_BITS/8)
#define HASH_DRBG_SHA224_SEED_SIZE (HASH_DRBG_SHA224_SEED_BITS/8)
#define HASH_DRBG_SHA512_224_SEED_SIZE (HASH_DRBG_SHA512_224_SEED_BITS/8)
#define HASH_DRBG_SHA256_SEED_SIZE (HASH_DRBG_SHA256_SEED_BITS/8)
#define HASH_DRBG_SHA512_256_SEED_SIZE (HASH_DRBG_SHA512_256_SEED_BITS/8)
#define HASH_DRBG_SHA384_SEED_SIZE (HASH_DRBG_SHA384_SEED_BITS/8)
#define HASH_DRBG_SHA512_SEED_SIZE (HASH_DRBG_SHA512_SEED_BITS/8)
#define HASH_DRBG_MAX_SEED_SIZE (HASH_DRBG_MAX_SEED_BITS/8)
#define HASH_DRBG_RESEED_INTERVAL ((uint64_t)1 << 48)
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
const DIGEST *digest;
uint8_t V[HASH_DRBG_MAX_SEED_SIZE];
uint8_t C[HASH_DRBG_MAX_SEED_SIZE];
size_t seedlen;
uint64_t reseed_counter;
} HASH_DRBG;
int hash_drbg_init(HASH_DRBG *drbg,
const DIGEST *digest,
const uint8_t *entropy, size_t entropy_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *personalstr, size_t personalstr_len);
int hash_drbg_reseed(HASH_DRBG *drbg,
const uint8_t *entropy, size_t entropy_len,
const uint8_t *additional, size_t additional_len);
int hash_drbg_generate(HASH_DRBG *drbg,
const uint8_t *additional, size_t additional_len,
size_t outlen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif
/* NIST SP800-90A Rev.1 "Recommendation for Random Number Generation
* Using Deterministic Random Bit Generators", 10.1.1 Hash_DRBG */
#ifndef GMSSL_HASH_DRBG_H
#define GMSSL_HASH_DRBG_H
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/digest.h>
/* seedlen for hash_drgb, table 2 of nist sp 800-90a rev.1 */
#define HASH_DRBG_SM3_SEED_BITS 440 /* 55 bytes */
#define HASH_DRBG_SHA1_SEED_BITS 440
#define HASH_DRBG_SHA224_SEED_BITS 440
#define HASH_DRBG_SHA512_224_SEED_BITS 440
#define HASH_DRBG_SHA256_SEED_BITS 440
#define HASH_DRBG_SHA512_256_SEED_BITS 440
#define HASH_DRBG_SHA384_SEED_BITS 888 /* 110 bytes */
#define HASH_DRBG_SHA512_SEED_BITS 888
#define HASH_DRBG_MAX_SEED_BITS 888
#define HASH_DRBG_SM3_SEED_SIZE (HASH_DRBG_SM3_SEED_BITS/8)
#define HASH_DRBG_SHA1_SEED_SIZE (HASH_DRBG_SHA1_SEED_BITS/8)
#define HASH_DRBG_SHA224_SEED_SIZE (HASH_DRBG_SHA224_SEED_BITS/8)
#define HASH_DRBG_SHA512_224_SEED_SIZE (HASH_DRBG_SHA512_224_SEED_BITS/8)
#define HASH_DRBG_SHA256_SEED_SIZE (HASH_DRBG_SHA256_SEED_BITS/8)
#define HASH_DRBG_SHA512_256_SEED_SIZE (HASH_DRBG_SHA512_256_SEED_BITS/8)
#define HASH_DRBG_SHA384_SEED_SIZE (HASH_DRBG_SHA384_SEED_BITS/8)
#define HASH_DRBG_SHA512_SEED_SIZE (HASH_DRBG_SHA512_SEED_BITS/8)
#define HASH_DRBG_MAX_SEED_SIZE (HASH_DRBG_MAX_SEED_BITS/8)
#define HASH_DRBG_RESEED_INTERVAL ((uint64_t)1 << 48)
#ifdef __cplusplus
extern "C" {
#endif
typedef struct {
const DIGEST *digest;
uint8_t V[HASH_DRBG_MAX_SEED_SIZE];
uint8_t C[HASH_DRBG_MAX_SEED_SIZE];
size_t seedlen;
uint64_t reseed_counter;
} HASH_DRBG;
int hash_drbg_init(HASH_DRBG *drbg,
const DIGEST *digest,
const uint8_t *entropy, size_t entropy_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *personalstr, size_t personalstr_len);
int hash_drbg_reseed(HASH_DRBG *drbg,
const uint8_t *entropy, size_t entropy_len,
const uint8_t *additional, size_t additional_len);
int hash_drbg_generate(HASH_DRBG *drbg,
const uint8_t *additional, size_t additional_len,
size_t outlen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif

49
include/gmssl/hex.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,26 +7,27 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_HEX_H
#define GMSSL_HEX_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
int hex_to_bytes(const char *in, size_t inlen, uint8_t *out, size_t *outlen);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_HEX_H
#define GMSSL_HEX_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
int hex_to_bytes(const char *in, size_t inlen, uint8_t *out, size_t *outlen);
#ifdef __cplusplus
}
#endif
#endif

75
include/gmssl/hkdf.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,39 +7,40 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
// RFC 5869
#ifndef GMSSL_HKDF_H
#define GMSSL_HKDF_H
#include <string.h>
#include <gmssl/digest.h>
#include <gmssl/hmac.h>
#ifdef __cplusplus
extern "C" {
#endif
int hkdf_extract(const DIGEST *digest, const uint8_t *salt, size_t saltlen,
const uint8_t *ikm, size_t ikmlen,
uint8_t *prk, size_t *prklen);
int hkdf_expand(const DIGEST *digest, const uint8_t *prk, size_t prklen,
const uint8_t *opt_info, size_t opt_infolen,
size_t L, uint8_t *okm);
int sm3_hkdf_extract(const uint8_t *salt, size_t saltlen,
const uint8_t *ikm, size_t ikmlen,
uint8_t *prk, size_t *prklen);
int sm3_hkdf_expand(const uint8_t *prk, size_t prklen,
const uint8_t *opt_info, size_t opt_infolen,
size_t L, uint8_t *okm);
#ifdef __cplusplus
}
#endif
#endif
// RFC 5869
#ifndef GMSSL_HKDF_H
#define GMSSL_HKDF_H
#include <string.h>
#include <gmssl/digest.h>
#include <gmssl/hmac.h>
#ifdef __cplusplus
extern "C" {
#endif
int hkdf_extract(const DIGEST *digest, const uint8_t *salt, size_t saltlen,
const uint8_t *ikm, size_t ikmlen,
uint8_t *prk, size_t *prklen);
int hkdf_expand(const DIGEST *digest, const uint8_t *prk, size_t prklen,
const uint8_t *opt_info, size_t opt_infolen,
size_t L, uint8_t *okm);
int sm3_hkdf_extract(const uint8_t *salt, size_t saltlen,
const uint8_t *ikm, size_t ikmlen,
uint8_t *prk, size_t *prklen);
int sm3_hkdf_expand(const uint8_t *prk, size_t prklen,
const uint8_t *opt_info, size_t opt_infolen,
size_t L, uint8_t *okm);
#ifdef __cplusplus
}
#endif
#endif

79
include/gmssl/hmac.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,41 +7,42 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_HMAC_H
#define GMSSL_HMAC_H
#include <string.h>
#include <gmssl/digest.h>
#ifdef __cplusplus
extern "C" {
#endif
#define HMAC_MAX_SIZE (DIGEST_MAX_SIZE)
typedef struct hmac_ctx_st {
const DIGEST *digest;
DIGEST_CTX digest_ctx;
DIGEST_CTX i_ctx;
DIGEST_CTX o_ctx;
} HMAC_CTX;
size_t hmac_size(const HMAC_CTX *ctx);
int hmac_init(HMAC_CTX *ctx, const DIGEST *digest, const uint8_t *key, size_t keylen);
int hmac_update(HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
int hmac_finish(HMAC_CTX *ctx, uint8_t *mac, size_t *maclen);
int hmac(const DIGEST *md, const uint8_t *key, size_t keylen,
const uint8_t *data, size_t dlen,
uint8_t *mac, size_t *maclen);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_HMAC_H
#define GMSSL_HMAC_H
#include <string.h>
#include <gmssl/digest.h>
#ifdef __cplusplus
extern "C" {
#endif
#define HMAC_MAX_SIZE (DIGEST_MAX_SIZE)
typedef struct hmac_ctx_st {
const DIGEST *digest;
DIGEST_CTX digest_ctx;
DIGEST_CTX i_ctx;
DIGEST_CTX o_ctx;
} HMAC_CTX;
size_t hmac_size(const HMAC_CTX *ctx);
int hmac_init(HMAC_CTX *ctx, const DIGEST *digest, const uint8_t *key, size_t keylen);
int hmac_update(HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
int hmac_finish(HMAC_CTX *ctx, uint8_t *mac, size_t *maclen);
int hmac(const DIGEST *md, const uint8_t *key, size_t keylen,
const uint8_t *data, size_t dlen,
uint8_t *mac, size_t *maclen);
#ifdef __cplusplus
}
#endif
#endif

81
include/gmssl/md5.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,42 +7,43 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_MD5_H
#define GMSSL_MD5_H
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define MD5_IS_BIG_ENDIAN 0
#define MD5_DIGEST_SIZE 16
#define MD5_BLOCK_SIZE 64
#define MD5_STATE_WORDS (MD5_BLOCK_SIZE/sizeof(uint32_t))
typedef struct {
uint32_t state[MD5_STATE_WORDS];
uint64_t nblocks;
uint8_t block[MD5_BLOCK_SIZE];
size_t num;
} MD5_CTX;
void md5_init(MD5_CTX *ctx);
void md5_update(MD5_CTX *ctx, const uint8_t *data, size_t datalen);
void md5_finish(MD5_CTX *ctx, uint8_t dgst[MD5_DIGEST_SIZE]);
void md5_digest(const uint8_t *data, size_t datalen, uint8_t dgst[MD5_DIGEST_SIZE]);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_MD5_H
#define GMSSL_MD5_H
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define MD5_IS_BIG_ENDIAN 0
#define MD5_DIGEST_SIZE 16
#define MD5_BLOCK_SIZE 64
#define MD5_STATE_WORDS (MD5_BLOCK_SIZE/sizeof(uint32_t))
typedef struct {
uint32_t state[MD5_STATE_WORDS];
uint64_t nblocks;
uint8_t block[MD5_BLOCK_SIZE];
size_t num;
} MD5_CTX;
void md5_init(MD5_CTX *ctx);
void md5_update(MD5_CTX *ctx, const uint8_t *data, size_t datalen);
void md5_finish(MD5_CTX *ctx, uint8_t dgst[MD5_DIGEST_SIZE]);
void md5_digest(const uint8_t *data, size_t datalen, uint8_t dgst[MD5_DIGEST_SIZE]);
#ifdef __cplusplus
}
#endif
#endif

39
include/gmssl/mem.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,21 +7,22 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_MEM_H
#define GMSSL_MEM_H
#include <stdint.h>
#include <stddef.h> // where size_t from
void memxor(void *r, const void *a, size_t len);
void gmssl_memxor(void *r, const void *a, const void *b, size_t len);
int gmssl_secure_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
void gmssl_secure_clear(void *ptr, size_t len);
int mem_is_zero(const uint8_t *buf, size_t len); // FIXME: uint8_t * to void *
#endif
#ifndef GMSSL_MEM_H
#define GMSSL_MEM_H
#include <stdint.h>
#include <stddef.h> // where size_t from
void memxor(void *r, const void *a, size_t len);
void gmssl_memxor(void *r, const void *a, const void *b, size_t len);
int gmssl_secure_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
void gmssl_secure_clear(void *ptr, size_t len);
int mem_is_zero(const uint8_t *buf, size_t len); // FIXME: uint8_t * to void *
#endif

411
include/gmssl/oid.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,207 +7,208 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_OID_H
#define GMSSL_OID_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
enum {
OID_undef = 0,
// ShangMi schemes in GM/T 0006-2012
OID_sm1,
OID_ssf33,
OID_sm4,
OID_zuc,
OID_sm2,
OID_sm2sign,
OID_sm2keyagreement,
OID_sm2encrypt,
OID_sm9,
OID_sm9sign,
OID_sm9keyagreement,
OID_sm9encrypt,
OID_sm3,
OID_sm3_keyless,
OID_hmac_sm3,
OID_sm2sign_with_sm3,
OID_rsasign_with_sm3,
OID_ec_public_key, // X9.62 ecPublicKey
OID_prime192v1,
OID_prime256v1,
OID_secp256k1,
OID_secp192k1,
OID_secp224k1,
OID_secp224r1,
OID_secp384r1,
OID_secp521r1,
OID_at_name,
OID_at_surname,
OID_at_given_name,
OID_at_initials,
OID_at_generation_qualifier,
OID_at_common_name,
OID_at_locality_name,
OID_at_state_or_province_name,
OID_at_organization_name,
OID_at_organizational_unit_name,
OID_at_title,
OID_at_dn_qualifier,
OID_at_country_name,
OID_at_serial_number,
OID_at_pseudonym,
OID_domain_component,
OID_email_address,
// Cert Extensions
OID_ce_authority_key_identifier,
OID_ce_subject_key_identifier,
OID_ce_key_usage,
OID_ce_certificate_policies,
OID_ce_policy_mappings,
OID_ce_subject_alt_name,
OID_ce_issuer_alt_name,
OID_ce_subject_directory_attributes,
OID_ce_basic_constraints,
OID_ce_name_constraints,
OID_ce_policy_constraints,
OID_ce_ext_key_usage,
OID_ce_crl_distribution_points,
OID_ce_inhibit_any_policy,
OID_ce_freshest_crl,
OID_netscape_cert_type,
OID_netscape_cert_comment,
OID_cert_authority_info_access,
OID_ct_precertificate_scts,
// CRL Extensions
//OID_ce_authority_key_identifier,
//OID_ce_issuer_alt_name,
OID_ce_crl_number,
OID_ce_delta_crl_indicator,
OID_ce_issuing_distribution_point,
//OID_ce_freshest_crl,
OID_pe_authority_info_access,
// CRL Entry Extensions
OID_ce_crl_reasons,
OID_ce_invalidity_date,
OID_ce_certificate_issuer,
// X.509 KeyPropuseID
OID_kp_server_auth,
OID_kp_client_auth,
OID_kp_code_signing,
OID_kp_email_protection,
OID_kp_time_stamping,
OID_kp_ocsp_signing,
OID_qt_cps,
OID_qt_unotice,
OID_md5,
OID_sha1,
OID_sha224,
OID_sha256,
OID_sha384,
OID_sha512,
OID_sha512_224,
OID_sha512_256,
OID_hmac_sha1,
OID_hmac_sha224,
OID_hmac_sha256,
OID_hmac_sha384,
OID_hmac_sha512,
OID_hmac_sha512_224,
OID_hmac_sha512_256,
OID_pbkdf2, // {pkcs-5 12}
OID_pbes2, // {pkcs-5 13}
OID_sm4_ecb, // 1 2 156 10197 1 104 1
OID_sm4_cbc, // 1 2 156 10197 1 104 2
OID_aes,
OID_aes128_cbc,
OID_aes192_cbc,
OID_aes256_cbc,
OID_aes128, // 没有OID
OID_ecdsa_with_sha1,
OID_ecdsa_with_sha224,
OID_ecdsa_with_sha256,
OID_ecdsa_with_sha384,
OID_ecdsa_with_sha512,
OID_rsasign_with_md5,
OID_rsasign_with_sha1,
OID_rsasign_with_sha224,
OID_rsasign_with_sha256,
OID_rsasign_with_sha384,
OID_rsasign_with_sha512,
OID_rsa_encryption,
OID_rsaes_oaep,
OID_any_policy,
OID_cms_data,
OID_cms_signed_data,
OID_cms_enveloped_data,
OID_cms_signed_and_enveloped_data,
OID_cms_encrypted_data,
OID_cms_key_agreement_info,
};
// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
#define oid_pkix 1,3,6,1,5,5,7
#define oid_pe oid_pkix,1
#define oid_qt oid_pkix,2
#define oid_kp oid_pkix,3
#define oid_ad oid_pkix,48
// {iso(1) member-body(2) us(840) rsadsi(113549)}
#define oid_rsadsi 1,2,840,113549
#define oid_pkcs oid_rsadsi,1
#define oid_pkcs5 oid_pkcs,5
// {iso(1) member-body(2) us(840) ansi-x962(10045)}
#define oid_x9_62 1,2,840,10045
#define oid_at 2,5,4
#define oid_ce 2,5,29
#define oid_sm 1,2,156,10197
#define oid_sm_algors oid_sm,1
#define oid_sm2_cms oid_sm,6,1,4,2
#define oid_cnt(nodes) (sizeof(nodes)/sizeof(int))
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_OID_H
#define GMSSL_OID_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
enum {
OID_undef = 0,
// ShangMi schemes in GM/T 0006-2012
OID_sm1,
OID_ssf33,
OID_sm4,
OID_zuc,
OID_sm2,
OID_sm2sign,
OID_sm2keyagreement,
OID_sm2encrypt,
OID_sm9,
OID_sm9sign,
OID_sm9keyagreement,
OID_sm9encrypt,
OID_sm3,
OID_sm3_keyless,
OID_hmac_sm3,
OID_sm2sign_with_sm3,
OID_rsasign_with_sm3,
OID_ec_public_key, // X9.62 ecPublicKey
OID_prime192v1,
OID_prime256v1,
OID_secp256k1,
OID_secp192k1,
OID_secp224k1,
OID_secp224r1,
OID_secp384r1,
OID_secp521r1,
OID_at_name,
OID_at_surname,
OID_at_given_name,
OID_at_initials,
OID_at_generation_qualifier,
OID_at_common_name,
OID_at_locality_name,
OID_at_state_or_province_name,
OID_at_organization_name,
OID_at_organizational_unit_name,
OID_at_title,
OID_at_dn_qualifier,
OID_at_country_name,
OID_at_serial_number,
OID_at_pseudonym,
OID_domain_component,
OID_email_address,
// Cert Extensions
OID_ce_authority_key_identifier,
OID_ce_subject_key_identifier,
OID_ce_key_usage,
OID_ce_certificate_policies,
OID_ce_policy_mappings,
OID_ce_subject_alt_name,
OID_ce_issuer_alt_name,
OID_ce_subject_directory_attributes,
OID_ce_basic_constraints,
OID_ce_name_constraints,
OID_ce_policy_constraints,
OID_ce_ext_key_usage,
OID_ce_crl_distribution_points,
OID_ce_inhibit_any_policy,
OID_ce_freshest_crl,
OID_netscape_cert_type,
OID_netscape_cert_comment,
OID_cert_authority_info_access,
OID_ct_precertificate_scts,
// CRL Extensions
//OID_ce_authority_key_identifier,
//OID_ce_issuer_alt_name,
OID_ce_crl_number,
OID_ce_delta_crl_indicator,
OID_ce_issuing_distribution_point,
//OID_ce_freshest_crl,
OID_pe_authority_info_access,
// CRL Entry Extensions
OID_ce_crl_reasons,
OID_ce_invalidity_date,
OID_ce_certificate_issuer,
// X.509 KeyPropuseID
OID_kp_server_auth,
OID_kp_client_auth,
OID_kp_code_signing,
OID_kp_email_protection,
OID_kp_time_stamping,
OID_kp_ocsp_signing,
OID_qt_cps,
OID_qt_unotice,
OID_md5,
OID_sha1,
OID_sha224,
OID_sha256,
OID_sha384,
OID_sha512,
OID_sha512_224,
OID_sha512_256,
OID_hmac_sha1,
OID_hmac_sha224,
OID_hmac_sha256,
OID_hmac_sha384,
OID_hmac_sha512,
OID_hmac_sha512_224,
OID_hmac_sha512_256,
OID_pbkdf2, // {pkcs-5 12}
OID_pbes2, // {pkcs-5 13}
OID_sm4_ecb, // 1 2 156 10197 1 104 1
OID_sm4_cbc, // 1 2 156 10197 1 104 2
OID_aes,
OID_aes128_cbc,
OID_aes192_cbc,
OID_aes256_cbc,
OID_aes128, // 没有OID
OID_ecdsa_with_sha1,
OID_ecdsa_with_sha224,
OID_ecdsa_with_sha256,
OID_ecdsa_with_sha384,
OID_ecdsa_with_sha512,
OID_rsasign_with_md5,
OID_rsasign_with_sha1,
OID_rsasign_with_sha224,
OID_rsasign_with_sha256,
OID_rsasign_with_sha384,
OID_rsasign_with_sha512,
OID_rsa_encryption,
OID_rsaes_oaep,
OID_any_policy,
OID_cms_data,
OID_cms_signed_data,
OID_cms_enveloped_data,
OID_cms_signed_and_enveloped_data,
OID_cms_encrypted_data,
OID_cms_key_agreement_info,
};
// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
#define oid_pkix 1,3,6,1,5,5,7
#define oid_pe oid_pkix,1
#define oid_qt oid_pkix,2
#define oid_kp oid_pkix,3
#define oid_ad oid_pkix,48
// {iso(1) member-body(2) us(840) rsadsi(113549)}
#define oid_rsadsi 1,2,840,113549
#define oid_pkcs oid_rsadsi,1
#define oid_pkcs5 oid_pkcs,5
// {iso(1) member-body(2) us(840) ansi-x962(10045)}
#define oid_x9_62 1,2,840,10045
#define oid_at 2,5,4
#define oid_ce 2,5,29
#define oid_sm 1,2,156,10197
#define oid_sm_algors oid_sm,1
#define oid_sm2_cms oid_sm,6,1,4,2
#define oid_cnt(nodes) (sizeof(nodes)/sizeof(int))
#ifdef __cplusplus
}
#endif
#endif

93
include/gmssl/pbkdf2.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,48 +7,49 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_PBKDF2_H
#define GMSSL_PBKDF2_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <limits.h>
#include <gmssl/hmac.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
PBKDF2 Public API
PBKDF2_MIN_ITER
PBKDF2_DEFAULT_SALT_SIZE
PBKDF2_MAX_SALT_SIZE
pbkdf2_hmac_sm3_genkey
*/
#define PBKDF2_MIN_ITER 10000
#define PBKDF2_MAX_ITER (INT_MAX)
#define PBKDF2_MAX_SALT_SIZE 64
#define PBKDF2_DEFAULT_SALT_SIZE 8
int pbkdf2_genkey(const DIGEST *digest,
const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
size_t outlen, uint8_t *out);
int pbkdf2_hmac_sm3_genkey(
const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
size_t outlen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_PBKDF2_H
#define GMSSL_PBKDF2_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <limits.h>
#include <gmssl/hmac.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
PBKDF2 Public API
PBKDF2_MIN_ITER
PBKDF2_DEFAULT_SALT_SIZE
PBKDF2_MAX_SALT_SIZE
pbkdf2_hmac_sm3_genkey
*/
#define PBKDF2_MIN_ITER 10000
#define PBKDF2_MAX_ITER (INT_MAX)
#define PBKDF2_MAX_SALT_SIZE 64
#define PBKDF2_DEFAULT_SALT_SIZE 8
int pbkdf2_genkey(const DIGEST *digest,
const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
size_t outlen, uint8_t *out);
int pbkdf2_hmac_sm3_genkey(
const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
size_t outlen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif

51
include/gmssl/pem.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,27 +7,28 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_PEM_H
#define GMSSL_PEM_H
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/base64.h>
#ifdef __cplusplus
extern "C" {
#endif
int pem_read(FILE *fp, const char *name, uint8_t *out, size_t *outlen, size_t maxlen);
int pem_write(FILE *fp, const char *name, const uint8_t *in, size_t inlen);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_PEM_H
#define GMSSL_PEM_H
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/base64.h>
#ifdef __cplusplus
extern "C" {
#endif
int pem_read(FILE *fp, const char *name, uint8_t *out, size_t *outlen, size_t maxlen);
int pem_write(FILE *fp, const char *name, const uint8_t *in, size_t inlen);
#ifdef __cplusplus
}
#endif
#endif

323
include/gmssl/pkcs8.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,163 +7,164 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
// RFC 5208: PKCS #8: Private-Key Information Syntax Specification version 1.2
#ifndef GMSSL_PKCS8_H
#define GMSSL_PKCS8_H
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#include <gmssl/pem.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
},
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL, -- 这个参数可以由函数指定
prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
}
prf must be OID_hmac_sm3
cipher must be OID_sm4_cbc
*/
int pbkdf2_params_to_der(const uint8_t *salt, size_t saltlen, int iter, int keylen, int prf,
uint8_t **out, size_t *outlen);
int pbkdf2_params_from_der(const uint8_t **salt, size_t *saltlen, int *iter, int *keylen, int *prf,
const uint8_t **in, size_t *inlen);
int pbkdf2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int pbkdf2_algor_to_der(
const uint8_t *salt, size_t saltlen,
int iter,
int keylen,
int prf,
uint8_t **out, size_t *outlen);
int pbkdf2_algor_from_der(
const uint8_t **salt, size_t *saltlen,
int *iter,
int *keylen,
int *prf,
const uint8_t **in, size_t *inlen);
int pbkdf2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
PBES2-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, -- id-PBKDF2
encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}}
PBES2-Encs:
AES-CBC-Pad [RFC2898]
RC5-CBC-Pad
DES-CBC-Pad legacy
DES-EDE3-CBC-Pad legacy
RC2-CBC-Pad legacy
*/
int pbes2_enc_algor_to_der(
int cipher,
const uint8_t *iv, size_t ivlen,
uint8_t **out, size_t *outlen);
int pbes2_enc_algor_from_der(
int *cipher,
const uint8_t **iv, size_t *ivlen,
const uint8_t **in, size_t *inlen);
int pbes2_enc_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int pbes2_params_to_der(
const uint8_t *salt, size_t saltlen,
int iter,
int keylen,
int prf,
int cipher,
const uint8_t *iv, size_t ivlen,
uint8_t **out, size_t *outlen);
int pbes2_params_from_der(
const uint8_t **salt, size_t *saltlen,
int *iter,
int *keylen,
int *prf,
int *cipher,
const uint8_t **iv, size_t *ivlen,
const uint8_t **in, size_t *inlen);
int pbes2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int pbes2_algor_to_der(
const uint8_t *salt, size_t saltlen,
int iter,
int keylen,
int prf,
int cipher,
const uint8_t *iv, size_t ivlen,
uint8_t **out, size_t *outlen);
int pbes2_algor_from_der(
const uint8_t **salt, size_t *saltlen,
int *iter,
int *keylen,
int *prf,
int *cipher,
const uint8_t **iv, size_t *ivlen,
const uint8_t **in, size_t *inlen);
int pbes2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
from [RFC 5208]
EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm EncryptionAlgorithmIdentifier,
encryptedData OCTET STRING }
encryptionAlgorithm:
id-PBES2
PrivateKeyInfo ::= SEQUENCE {
version INTEGER { v1(0) },
privateKeyAlgorithm AlgorithmIdentifier,
privateKey OCTET STRING,
attributes [0] Attributes OPTIONAL }
*/
int pkcs8_enced_private_key_info_to_der(
const uint8_t *salt, size_t saltlen,
int iter,
int keylen,
int prf,
int cipher,
const uint8_t *iv, size_t ivlen,
const uint8_t *enced, size_t encedlen,
uint8_t **out, size_t *outlen);
int pkcs8_enced_private_key_info_from_der(
const uint8_t **salt, size_t *saltlen,
int *iter,
int *keylen,
int *prf,
int *cipher,
const uint8_t **iv, size_t *ivlen,
const uint8_t **enced, size_t *encedlen,
const uint8_t **in, size_t *inlen);
int pkcs8_enced_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
#ifdef __cplusplus
}
#endif
#endif
// RFC 5208: PKCS #8: Private-Key Information Syntax Specification version 1.2
#ifndef GMSSL_PKCS8_H
#define GMSSL_PKCS8_H
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#include <gmssl/pem.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
},
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL, -- 这个参数可以由函数指定
prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
}
prf must be OID_hmac_sm3
cipher must be OID_sm4_cbc
*/
int pbkdf2_params_to_der(const uint8_t *salt, size_t saltlen, int iter, int keylen, int prf,
uint8_t **out, size_t *outlen);
int pbkdf2_params_from_der(const uint8_t **salt, size_t *saltlen, int *iter, int *keylen, int *prf,
const uint8_t **in, size_t *inlen);
int pbkdf2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int pbkdf2_algor_to_der(
const uint8_t *salt, size_t saltlen,
int iter,
int keylen,
int prf,
uint8_t **out, size_t *outlen);
int pbkdf2_algor_from_der(
const uint8_t **salt, size_t *saltlen,
int *iter,
int *keylen,
int *prf,
const uint8_t **in, size_t *inlen);
int pbkdf2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
PBES2-params ::= SEQUENCE {
keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, -- id-PBKDF2
encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}}
PBES2-Encs:
AES-CBC-Pad [RFC2898]
RC5-CBC-Pad
DES-CBC-Pad legacy
DES-EDE3-CBC-Pad legacy
RC2-CBC-Pad legacy
*/
int pbes2_enc_algor_to_der(
int cipher,
const uint8_t *iv, size_t ivlen,
uint8_t **out, size_t *outlen);
int pbes2_enc_algor_from_der(
int *cipher,
const uint8_t **iv, size_t *ivlen,
const uint8_t **in, size_t *inlen);
int pbes2_enc_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int pbes2_params_to_der(
const uint8_t *salt, size_t saltlen,
int iter,
int keylen,
int prf,
int cipher,
const uint8_t *iv, size_t ivlen,
uint8_t **out, size_t *outlen);
int pbes2_params_from_der(
const uint8_t **salt, size_t *saltlen,
int *iter,
int *keylen,
int *prf,
int *cipher,
const uint8_t **iv, size_t *ivlen,
const uint8_t **in, size_t *inlen);
int pbes2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int pbes2_algor_to_der(
const uint8_t *salt, size_t saltlen,
int iter,
int keylen,
int prf,
int cipher,
const uint8_t *iv, size_t ivlen,
uint8_t **out, size_t *outlen);
int pbes2_algor_from_der(
const uint8_t **salt, size_t *saltlen,
int *iter,
int *keylen,
int *prf,
int *cipher,
const uint8_t **iv, size_t *ivlen,
const uint8_t **in, size_t *inlen);
int pbes2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
from [RFC 5208]
EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm EncryptionAlgorithmIdentifier,
encryptedData OCTET STRING }
encryptionAlgorithm:
id-PBES2
PrivateKeyInfo ::= SEQUENCE {
version INTEGER { v1(0) },
privateKeyAlgorithm AlgorithmIdentifier,
privateKey OCTET STRING,
attributes [0] Attributes OPTIONAL }
*/
int pkcs8_enced_private_key_info_to_der(
const uint8_t *salt, size_t saltlen,
int iter,
int keylen,
int prf,
int cipher,
const uint8_t *iv, size_t ivlen,
const uint8_t *enced, size_t encedlen,
uint8_t **out, size_t *outlen);
int pkcs8_enced_private_key_info_from_der(
const uint8_t **salt, size_t *saltlen,
int *iter,
int *keylen,
int *prf,
int *cipher,
const uint8_t **iv, size_t *ivlen,
const uint8_t **enced, size_t *encedlen,
const uint8_t **in, size_t *inlen);
int pkcs8_enced_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
#ifdef __cplusplus
}
#endif
#endif

61
include/gmssl/rand.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,32 +7,33 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_RAND_H
#define GMSSL_RAND_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
Rand Public API
rand_bytes
*/
int rand_bytes(uint8_t *buf, size_t buflen);
int rdrand_bytes(uint8_t *buf, size_t buflen);
int rdseed_bytes(uint8_t *buf, size_t buflen);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_RAND_H
#define GMSSL_RAND_H
#include <stdint.h>
#include <stdlib.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
Rand Public API
rand_bytes
*/
int rand_bytes(uint8_t *buf, size_t buflen);
int rdrand_bytes(uint8_t *buf, size_t buflen);
int rdseed_bytes(uint8_t *buf, size_t buflen);
#ifdef __cplusplus
}
#endif
#endif

65
include/gmssl/rc4.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,34 +7,35 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_RC4_H
#define GMSSL_RC4_H
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define RC4_MIN_KEY_BITS 40
#define RC4_STATE_NUM_WORDS 256
typedef struct {
uint8_t d[RC4_STATE_NUM_WORDS];
} RC4_STATE;
void rc4_init(RC4_STATE *state, const uint8_t *key, size_t keylen);
void rc4_generate_keystream(RC4_STATE *state, size_t outlen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_RC4_H
#define GMSSL_RC4_H
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define RC4_MIN_KEY_BITS 40
#define RC4_STATE_NUM_WORDS 256
typedef struct {
uint8_t d[RC4_STATE_NUM_WORDS];
} RC4_STATE;
void rc4_init(RC4_STATE *state, const uint8_t *key, size_t keylen);
void rc4_generate_keystream(RC4_STATE *state, size_t outlen, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif

97
include/gmssl/rsa.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,50 +7,51 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_RSA_H
#define GMSSL_RSA_H
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}
RSAPrivateKey ::= SEQUENCE {
version INTEGER, -- 0
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER -- q^-1 mod p
}
*/
int rsa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_RSA_H
#define GMSSL_RSA_H
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}
RSAPrivateKey ::= SEQUENCE {
version INTEGER, -- 0
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER -- q^-1 mod p
}
*/
int rsa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
#ifdef __cplusplus
}
#endif
#endif

123
include/gmssl/sdf.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,63 +7,64 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SDF_H
#define GMSSL_SDF_H
#include <string.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SDF Public API
sdf_load_library
sdf_unload_library
SDF_DEVICE
sdf_open_device
sdf_close_device
sdf_print_device_info
sdf_rand_bytes
sdf_load_sign_key
SDF_KEY
sdf_sign
sdf_release_key
*/
typedef struct {
void *handle;
char issuer[41];
char name[17];
char serial[17];
} SDF_DEVICE;
typedef struct {
SM2_KEY public_key;
void *session;
int index;
} SDF_KEY;
int sdf_load_library(const char *so_path, const char *vendor);
int sdf_open_device(SDF_DEVICE *dev);
int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev);
int sdf_rand_bytes(SDF_DEVICE *dev, uint8_t *buf, size_t len);
int sdf_load_sign_key(SDF_DEVICE *dev, SDF_KEY *key, int index, const char *pass);
int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sdf_release_key(SDF_KEY *key);
int sdf_close_device(SDF_DEVICE *dev);
void sdf_unload_library(void);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_SDF_H
#define GMSSL_SDF_H
#include <string.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SDF Public API
sdf_load_library
sdf_unload_library
SDF_DEVICE
sdf_open_device
sdf_close_device
sdf_print_device_info
sdf_rand_bytes
sdf_load_sign_key
SDF_KEY
sdf_sign
sdf_release_key
*/
typedef struct {
void *handle;
char issuer[41];
char name[17];
char serial[17];
} SDF_DEVICE;
typedef struct {
SM2_KEY public_key;
void *session;
int index;
} SDF_KEY;
int sdf_load_library(const char *so_path, const char *vendor);
int sdf_open_device(SDF_DEVICE *dev);
int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev);
int sdf_rand_bytes(SDF_DEVICE *dev, uint8_t *buf, size_t len);
int sdf_load_sign_key(SDF_DEVICE *dev, SDF_KEY *key, int index, const char *pass);
int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sdf_release_key(SDF_KEY *key);
int sdf_close_device(SDF_DEVICE *dev);
void sdf_unload_library(void);
#ifdef __cplusplus
}
#endif
#endif

75
include/gmssl/sha1.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,39 +7,40 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SHA1_H
#define GMSSL_SHA1_H
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SHA1_IS_BIG_ENDIAN 1
#define SHA1_DIGEST_SIZE 20
#define SHA1_BLOCK_SIZE 64
#define SHA1_STATE_WORDS (SHA1_DIGEST_SIZE/sizeof(uint32_t))
typedef struct {
uint32_t state[SHA1_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA1_BLOCK_SIZE];
size_t num;
} SHA1_CTX;
void sha1_init(SHA1_CTX *ctx);
void sha1_update(SHA1_CTX *ctx, const uint8_t *data, size_t datalen);
void sha1_finish(SHA1_CTX *ctx, uint8_t dgst[SHA1_DIGEST_SIZE]);
void sha1_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SHA1_DIGEST_SIZE]);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_SHA1_H
#define GMSSL_SHA1_H
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SHA1_IS_BIG_ENDIAN 1
#define SHA1_DIGEST_SIZE 20
#define SHA1_BLOCK_SIZE 64
#define SHA1_STATE_WORDS (SHA1_DIGEST_SIZE/sizeof(uint32_t))
typedef struct {
uint32_t state[SHA1_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA1_BLOCK_SIZE];
size_t num;
} SHA1_CTX;
void sha1_init(SHA1_CTX *ctx);
void sha1_update(SHA1_CTX *ctx, const uint8_t *data, size_t datalen);
void sha1_finish(SHA1_CTX *ctx, uint8_t dgst[SHA1_DIGEST_SIZE]);
void sha1_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SHA1_DIGEST_SIZE]);
#ifdef __cplusplus
}
#endif
#endif

189
include/gmssl/sha2.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,96 +7,97 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SHA2_H
#define GMSSL_SHA2_H
#include <string.h>
#include <stdint.h>
#include <sys/types.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SHA2_IS_BIG_ENDIAN 1
#define SHA224_DIGEST_SIZE 28
#define SHA224_BLOCK_SIZE 64
#define SHA224_STATE_WORDS 8
typedef struct {
uint32_t state[SHA224_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA224_BLOCK_SIZE];
int num;
} SHA224_CTX;
void sha224_init(SHA224_CTX *ctx);
void sha224_update(SHA224_CTX *ctx, const uint8_t* data, size_t datalen);
void sha224_finish(SHA224_CTX *ctx, uint8_t dgst[SHA224_DIGEST_SIZE]);
void sha224_digest(const uint8_t *data, size_t datalen,
uint8_t dgst[SHA224_DIGEST_SIZE]);
#define SHA256_DIGEST_SIZE 32
#define SHA256_BLOCK_SIZE 64
#define SHA256_STATE_WORDS 8
typedef struct {
uint32_t state[SHA256_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA256_BLOCK_SIZE];
int num;
} SHA256_CTX;
void sha256_init(SHA256_CTX *ctx);
void sha256_update(SHA256_CTX *ctx, const uint8_t* data, size_t datalen);
void sha256_finish(SHA256_CTX *ctx, uint8_t dgst[SHA256_DIGEST_SIZE]);
void sha256_digest(const uint8_t *data, size_t datalen,
uint8_t dgst[SHA256_DIGEST_SIZE]);
#define SHA384_DIGEST_SIZE 48
#define SHA384_BLOCK_SIZE 128
#define SHA384_STATE_WORDS 8
typedef struct {
uint64_t state[SHA384_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA384_BLOCK_SIZE];
int num;
} SHA384_CTX;
void sha384_init(SHA384_CTX *ctx);
void sha384_update(SHA384_CTX *ctx, const uint8_t* data, size_t datalen);
void sha384_finish(SHA384_CTX *ctx, uint8_t dgst[SHA384_DIGEST_SIZE]);
void sha384_digest(const uint8_t *data, size_t datalen,
uint8_t dgst[SHA384_DIGEST_SIZE]);
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
#define SHA512_STATE_WORDS 8
typedef struct {
uint64_t state[SHA512_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA512_BLOCK_SIZE];
int num;
} SHA512_CTX;
void sha512_init(SHA512_CTX *ctx);
void sha512_update(SHA512_CTX *ctx, const uint8_t* data, size_t datalen);
void sha512_finish(SHA512_CTX *ctx, uint8_t dgst[SHA512_DIGEST_SIZE]);
void sha512_digest(const uint8_t *data, size_t datalen,
uint8_t dgst[SHA512_DIGEST_SIZE]);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_SHA2_H
#define GMSSL_SHA2_H
#include <string.h>
#include <stdint.h>
#include <sys/types.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SHA2_IS_BIG_ENDIAN 1
#define SHA224_DIGEST_SIZE 28
#define SHA224_BLOCK_SIZE 64
#define SHA224_STATE_WORDS 8
typedef struct {
uint32_t state[SHA224_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA224_BLOCK_SIZE];
int num;
} SHA224_CTX;
void sha224_init(SHA224_CTX *ctx);
void sha224_update(SHA224_CTX *ctx, const uint8_t* data, size_t datalen);
void sha224_finish(SHA224_CTX *ctx, uint8_t dgst[SHA224_DIGEST_SIZE]);
void sha224_digest(const uint8_t *data, size_t datalen,
uint8_t dgst[SHA224_DIGEST_SIZE]);
#define SHA256_DIGEST_SIZE 32
#define SHA256_BLOCK_SIZE 64
#define SHA256_STATE_WORDS 8
typedef struct {
uint32_t state[SHA256_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA256_BLOCK_SIZE];
int num;
} SHA256_CTX;
void sha256_init(SHA256_CTX *ctx);
void sha256_update(SHA256_CTX *ctx, const uint8_t* data, size_t datalen);
void sha256_finish(SHA256_CTX *ctx, uint8_t dgst[SHA256_DIGEST_SIZE]);
void sha256_digest(const uint8_t *data, size_t datalen,
uint8_t dgst[SHA256_DIGEST_SIZE]);
#define SHA384_DIGEST_SIZE 48
#define SHA384_BLOCK_SIZE 128
#define SHA384_STATE_WORDS 8
typedef struct {
uint64_t state[SHA384_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA384_BLOCK_SIZE];
int num;
} SHA384_CTX;
void sha384_init(SHA384_CTX *ctx);
void sha384_update(SHA384_CTX *ctx, const uint8_t* data, size_t datalen);
void sha384_finish(SHA384_CTX *ctx, uint8_t dgst[SHA384_DIGEST_SIZE]);
void sha384_digest(const uint8_t *data, size_t datalen,
uint8_t dgst[SHA384_DIGEST_SIZE]);
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
#define SHA512_STATE_WORDS 8
typedef struct {
uint64_t state[SHA512_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SHA512_BLOCK_SIZE];
int num;
} SHA512_CTX;
void sha512_init(SHA512_CTX *ctx);
void sha512_update(SHA512_CTX *ctx, const uint8_t* data, size_t datalen);
void sha512_finish(SHA512_CTX *ctx, uint8_t dgst[SHA512_DIGEST_SIZE]);
void sha512_digest(const uint8_t *data, size_t datalen,
uint8_t dgst[SHA512_DIGEST_SIZE]);
#ifdef __cplusplus
}
#endif
#endif

169
include/gmssl/sha3.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,86 +7,87 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SHA3_H
#define GMSSL_SHA3_H
#include <string.h>
#include <stdint.h>
#include <sys/types.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SHA3_KECCAK_P_SIZE (1600/8)
#define SHA3_224_DIGEST_SIZE (224/8)
#define SHA3_256_DIGEST_SIZE (256/8)
#define SHA3_384_DIGEST_SIZE (384/8)
#define SHA3_512_DIGEST_SIZE (512/8)
#define SHA3_224_CAPACITY (SHA3_224_DIGEST_SIZE * 2)
#define SHA3_256_CAPACITY (SHA3_256_DIGEST_SIZE * 2)
#define SHA3_384_CAPACITY (SHA3_384_DIGEST_SIZE * 2)
#define SHA3_512_CAPACITY (SHA3_512_DIGEST_SIZE * 2)
#define SHA3_224_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 144
#define SHA3_256_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 136
#define SHA3_384_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 104
#define SHA3_512_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 72
typedef struct {
uint64_t A[5][5];
uint8_t buf[SHA3_224_BLOCK_SIZE];
int num;
} SHA3_224_CTX;
void sha3_224_init(SHA3_224_CTX *ctx);
void sha3_224_update(SHA3_224_CTX *ctx, const uint8_t *data, size_t datalen);
void sha3_224_finish(SHA3_224_CTX *ctx, uint8_t dgst[SHA3_224_DIGEST_SIZE]);
typedef struct {
uint64_t A[5][5];
uint8_t buf[SHA3_256_BLOCK_SIZE];
int num;
} SHA3_256_CTX;
void sha3_256_init(SHA3_256_CTX *ctx);
void sha3_256_update(SHA3_256_CTX *ctx, const uint8_t *data, size_t datalen);
void sha3_256_finish(SHA3_256_CTX *ctx, uint8_t dgst[SHA3_256_DIGEST_SIZE]);
typedef struct {
uint64_t A[5][5];
uint8_t buf[SHA3_384_BLOCK_SIZE];
int num;
} SHA3_384_CTX;
void sha3_384_init(SHA3_384_CTX *ctx);
void sha3_384_update(SHA3_384_CTX *ctx, const uint8_t *data, size_t datalen);
void sha3_384_finish(SHA3_384_CTX *ctx, uint8_t dgst[SHA3_384_DIGEST_SIZE]);
typedef struct {
uint64_t A[5][5];
uint8_t buf[SHA3_512_BLOCK_SIZE];
int num;
} SHA3_512_CTX;
void sha3_512_init(SHA3_512_CTX *ctx);
void sha3_512_update(SHA3_512_CTX *ctx, const uint8_t *data, size_t datalen);
void sha3_512_finish(SHA3_512_CTX *ctx, uint8_t dgst[SHA3_512_DIGEST_SIZE]);
void sha3_shake128(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out);
void sha3_shake256(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out);
void sha3_keccak_p(uint8_t state[SHA3_KECCAK_P_SIZE]);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_SHA3_H
#define GMSSL_SHA3_H
#include <string.h>
#include <stdint.h>
#include <sys/types.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SHA3_KECCAK_P_SIZE (1600/8)
#define SHA3_224_DIGEST_SIZE (224/8)
#define SHA3_256_DIGEST_SIZE (256/8)
#define SHA3_384_DIGEST_SIZE (384/8)
#define SHA3_512_DIGEST_SIZE (512/8)
#define SHA3_224_CAPACITY (SHA3_224_DIGEST_SIZE * 2)
#define SHA3_256_CAPACITY (SHA3_256_DIGEST_SIZE * 2)
#define SHA3_384_CAPACITY (SHA3_384_DIGEST_SIZE * 2)
#define SHA3_512_CAPACITY (SHA3_512_DIGEST_SIZE * 2)
#define SHA3_224_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 144
#define SHA3_256_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 136
#define SHA3_384_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 104
#define SHA3_512_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 72
typedef struct {
uint64_t A[5][5];
uint8_t buf[SHA3_224_BLOCK_SIZE];
int num;
} SHA3_224_CTX;
void sha3_224_init(SHA3_224_CTX *ctx);
void sha3_224_update(SHA3_224_CTX *ctx, const uint8_t *data, size_t datalen);
void sha3_224_finish(SHA3_224_CTX *ctx, uint8_t dgst[SHA3_224_DIGEST_SIZE]);
typedef struct {
uint64_t A[5][5];
uint8_t buf[SHA3_256_BLOCK_SIZE];
int num;
} SHA3_256_CTX;
void sha3_256_init(SHA3_256_CTX *ctx);
void sha3_256_update(SHA3_256_CTX *ctx, const uint8_t *data, size_t datalen);
void sha3_256_finish(SHA3_256_CTX *ctx, uint8_t dgst[SHA3_256_DIGEST_SIZE]);
typedef struct {
uint64_t A[5][5];
uint8_t buf[SHA3_384_BLOCK_SIZE];
int num;
} SHA3_384_CTX;
void sha3_384_init(SHA3_384_CTX *ctx);
void sha3_384_update(SHA3_384_CTX *ctx, const uint8_t *data, size_t datalen);
void sha3_384_finish(SHA3_384_CTX *ctx, uint8_t dgst[SHA3_384_DIGEST_SIZE]);
typedef struct {
uint64_t A[5][5];
uint8_t buf[SHA3_512_BLOCK_SIZE];
int num;
} SHA3_512_CTX;
void sha3_512_init(SHA3_512_CTX *ctx);
void sha3_512_update(SHA3_512_CTX *ctx, const uint8_t *data, size_t datalen);
void sha3_512_finish(SHA3_512_CTX *ctx, uint8_t dgst[SHA3_512_DIGEST_SIZE]);
void sha3_shake128(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out);
void sha3_shake256(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out);
void sha3_keccak_p(uint8_t state[SHA3_KECCAK_P_SIZE]);
#ifdef __cplusplus
}
#endif
#endif

217
include/gmssl/skf.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,110 +7,111 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SKF_H
#define GMSSL_SKF_H
#include <string.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SKF Public API
skf_load_library
skf_unload_library
skf_list_devices
skf_print_device_info
SKF_DEVICE
skf_open_device
skf_close_deivce
skf_set_label
skf_change_authkey
skf_list_apps
skf_create_app
skf_delete_app
skf_change_app_admin_pin
skf_change_app_user_pin
skf_unblock_user_pin
skf_list_objects
skf_import_object
skf_export_object
skf_delete_object
skf_list_containers
skf_create_container
skf_delete_container
skf_import_sign_cert
skf_export_sign_cert
skf_rand_bytes
skf_load_sign_key
SKF_KEY
skf_sign
skf_release_key
*/
typedef struct {
void *handle;
char manufacturer[65];
char issuer[65];
char label[33];
char serial[33];
uint8_t hardware_version[2];
uint8_t firmware_version[2];
} SKF_DEVICE;
typedef struct {
SM2_KEY public_key;
void *app_handle;
char app_name[65];
void *container_handle;
char container_name[65];
} SKF_KEY;
int skf_load_library(const char *so_path, const char *vendor);
void skf_unload_library(void);
int skf_list_devices(FILE *fp, int fmt, int ind, const char *label);
int skf_print_device_info(FILE *fp, int fmt, int ind, const char *devname);
int skf_open_device(SKF_DEVICE *dev, const char *devname, const uint8_t authkey[16]);
int skf_set_label(SKF_DEVICE *dev, const char *label);
int skf_change_authkey(SKF_DEVICE *dev, const uint8_t authkey[16]);
int skf_close_device(SKF_DEVICE *dev);
int skf_list_apps(SKF_DEVICE *dev, int fmt, int ind, const char *label, FILE *fp);
int skf_create_app(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *user_pin);
int skf_delete_app(SKF_DEVICE *dev, const char *appname);
int skf_change_app_admin_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin);
int skf_change_app_user_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin);
int skf_unblock_user_pin(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *new_user_pin);
int skf_list_objects(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin);
int skf_import_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, const uint8_t *data, size_t datalen);
int skf_export_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, uint8_t *out, size_t *outlen);
int skf_delete_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname);
int skf_list_containers(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin);
int skf_create_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name);
int skf_delete_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name);
int skf_import_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, const uint8_t *cert, size_t certlen);
int skf_export_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, uint8_t *cert, size_t *certlen);
int skf_rand_bytes(SKF_DEVICE *dev, uint8_t *buf, size_t len);
int skf_load_sign_key(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, SKF_KEY *key);
int skf_sign(SKF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int skf_release_key(SKF_KEY *key);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_SKF_H
#define GMSSL_SKF_H
#include <string.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SKF Public API
skf_load_library
skf_unload_library
skf_list_devices
skf_print_device_info
SKF_DEVICE
skf_open_device
skf_close_deivce
skf_set_label
skf_change_authkey
skf_list_apps
skf_create_app
skf_delete_app
skf_change_app_admin_pin
skf_change_app_user_pin
skf_unblock_user_pin
skf_list_objects
skf_import_object
skf_export_object
skf_delete_object
skf_list_containers
skf_create_container
skf_delete_container
skf_import_sign_cert
skf_export_sign_cert
skf_rand_bytes
skf_load_sign_key
SKF_KEY
skf_sign
skf_release_key
*/
typedef struct {
void *handle;
char manufacturer[65];
char issuer[65];
char label[33];
char serial[33];
uint8_t hardware_version[2];
uint8_t firmware_version[2];
} SKF_DEVICE;
typedef struct {
SM2_KEY public_key;
void *app_handle;
char app_name[65];
void *container_handle;
char container_name[65];
} SKF_KEY;
int skf_load_library(const char *so_path, const char *vendor);
void skf_unload_library(void);
int skf_list_devices(FILE *fp, int fmt, int ind, const char *label);
int skf_print_device_info(FILE *fp, int fmt, int ind, const char *devname);
int skf_open_device(SKF_DEVICE *dev, const char *devname, const uint8_t authkey[16]);
int skf_set_label(SKF_DEVICE *dev, const char *label);
int skf_change_authkey(SKF_DEVICE *dev, const uint8_t authkey[16]);
int skf_close_device(SKF_DEVICE *dev);
int skf_list_apps(SKF_DEVICE *dev, int fmt, int ind, const char *label, FILE *fp);
int skf_create_app(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *user_pin);
int skf_delete_app(SKF_DEVICE *dev, const char *appname);
int skf_change_app_admin_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin);
int skf_change_app_user_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin);
int skf_unblock_user_pin(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *new_user_pin);
int skf_list_objects(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin);
int skf_import_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, const uint8_t *data, size_t datalen);
int skf_export_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, uint8_t *out, size_t *outlen);
int skf_delete_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname);
int skf_list_containers(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin);
int skf_create_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name);
int skf_delete_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name);
int skf_import_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, const uint8_t *cert, size_t certlen);
int skf_export_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, uint8_t *cert, size_t *certlen);
int skf_rand_bytes(SKF_DEVICE *dev, uint8_t *buf, size_t len);
int skf_load_sign_key(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, SKF_KEY *key);
int skf_sign(SKF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int skf_release_key(SKF_KEY *key);
#ifdef __cplusplus
}
#endif
#endif

733
include/gmssl/sm2.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,368 +7,369 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM2_H
#define GMSSL_SM2_H
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SM2 Public API
SM2_DEFAULT_ID
SM2_MAX_ID_LENGTH
SM2_MAX_SIGNATURE_SIZE
SM2_MAX_PLAINTEXT_SIZE
SM2_MAX_CIPHERTEXT_SIZE
SM2_KEY
sm2_key_generate
sm2_private_key_info_encrypt_to_der
sm2_private_key_info_decrypt_from_der
sm2_private_key_info_encrypt_to_pem
sm2_private_key_info_decrypt_from_pem
sm2_public_key_info_to_der
sm2_public_key_info_from_der
sm2_public_key_info_to_pem
sm2_public_key_info_from_pem
sm2_sign
sm2_verify
sm2_encrypt
sm2_decrypt
sm2_ecdh
SM2_SIGN_CTX
sm2_sign_init
sm2_sign_update
sm2_sign_finish
sm2_verify_init
sm2_verify_update
sm2_verify_finish
*/
typedef uint64_t SM2_BN[8];
int sm2_bn_is_zero(const SM2_BN a);
int sm2_bn_is_one(const SM2_BN a);
int sm2_bn_is_odd(const SM2_BN a);
int sm2_bn_cmp(const SM2_BN a, const SM2_BN b);
int sm2_bn_from_hex(SM2_BN r, const char hex[64]);
int sm2_bn_from_asn1_integer(SM2_BN r, const uint8_t *d, size_t dlen);
int sm2_bn_equ_hex(const SM2_BN a, const char *hex);
int sm2_bn_print(FILE *fp, int fmt, int ind, const char *label, const SM2_BN a);
void sm2_bn_to_bytes(const SM2_BN a, uint8_t out[32]);
void sm2_bn_from_bytes(SM2_BN r, const uint8_t in[32]);
void sm2_bn_to_hex(const SM2_BN a, char hex[64]);
void sm2_bn_to_bits(const SM2_BN a, char bits[256]);
void sm2_bn_set_word(SM2_BN r, uint32_t a);
void sm2_bn_add(SM2_BN r, const SM2_BN a, const SM2_BN b);
void sm2_bn_sub(SM2_BN ret, const SM2_BN a, const SM2_BN b);
void sm2_bn_rand_range(SM2_BN r, const SM2_BN range); // 这个函数需要修改一下,从外部引入随机数
#define sm2_bn_init(r) memset((r),0,sizeof(SM2_BN))
#define sm2_bn_set_zero(r) memset((r),0,sizeof(SM2_BN))
#define sm2_bn_set_one(r) sm2_bn_set_word((r),1)
#define sm2_bn_copy(r,a) memcpy((r),(a),sizeof(SM2_BN))
#define sm2_bn_clean(r) memset((r),0,sizeof(SM2_BN))
// GF(p)
typedef SM2_BN SM2_Fp;
void sm2_fp_add(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
void sm2_fp_sub(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
void sm2_fp_mul(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
void sm2_fp_exp(SM2_Fp r, const SM2_Fp a, const SM2_Fp e);
void sm2_fp_dbl(SM2_Fp r, const SM2_Fp a);
void sm2_fp_tri(SM2_Fp r, const SM2_Fp a);
void sm2_fp_div2(SM2_Fp r, const SM2_Fp a);
void sm2_fp_neg(SM2_Fp r, const SM2_Fp a);
void sm2_fp_sqr(SM2_Fp r, const SM2_Fp a);
void sm2_fp_inv(SM2_Fp r, const SM2_Fp a);
void sm2_fp_rand(SM2_Fp r); // 外部提供随机性,如果满足条件就输出,如果不满足条件就哈希一下再输出
#define sm2_fp_init(r) sm2_bn_init(r)
#define sm2_fp_set_zero(r) sm2_bn_set_zero(r)
#define sm2_fp_set_one(r) sm2_bn_set_one(r)
#define sm2_fp_copy(r,a) sm2_bn_copy(r,a)
#define sm2_fp_clean(r) sm2_bn_clean(r)
// GF(n)
typedef SM2_BN SM2_Fn;
void sm2_fn_add(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
void sm2_fn_sub(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
void sm2_fn_mul(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
void sm2_fn_exp(SM2_Fn r, const SM2_Fn a, const SM2_Fn e);
void sm2_fn_neg(SM2_Fn r, const SM2_Fn a);
void sm2_fn_sqr(SM2_Fn r, const SM2_Fn a);
void sm2_fn_inv(SM2_Fn r, const SM2_Fn a);
void sm2_fn_rand(SM2_Fn r);
#define sm2_fn_init(r) sm2_bn_init(r)
#define sm2_fn_set_zero(r) sm2_bn_set_zero(r)
#define sm2_fn_set_one(r) sm2_bn_set_one(r)
#define sm2_fn_copy(r,a) sm2_bn_copy(r,a)
#define sm2_fn_clean(r) sm2_bn_clean(r)
typedef struct {
SM2_BN X;
SM2_BN Y;
SM2_BN Z;
} SM2_JACOBIAN_POINT;
void sm2_jacobian_point_init(SM2_JACOBIAN_POINT *R);
void sm2_jacobian_point_set_xy(SM2_JACOBIAN_POINT *R, const SM2_BN x, const SM2_BN y); // 应该返回错误
void sm2_jacobian_point_get_xy(const SM2_JACOBIAN_POINT *P, SM2_BN x, SM2_BN y);
void sm2_jacobian_point_neg(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P);
void sm2_jacobian_point_dbl(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P);
void sm2_jacobian_point_add(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q);
void sm2_jacobian_point_sub(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q);
void sm2_jacobian_point_mul(SM2_JACOBIAN_POINT *R, const SM2_BN k, const SM2_JACOBIAN_POINT *P);
void sm2_jacobian_point_to_bytes(const SM2_JACOBIAN_POINT *P, uint8_t out[64]);
void sm2_jacobian_point_from_bytes(SM2_JACOBIAN_POINT *P, const uint8_t in[64]);
void sm2_jacobian_point_mul_generator(SM2_JACOBIAN_POINT *R, const SM2_BN k);
void sm2_jacobian_point_mul_sum(SM2_JACOBIAN_POINT *R, const SM2_BN t, const SM2_JACOBIAN_POINT *P, const SM2_BN s); // 应该返回错误
void sm2_jacobian_point_from_hex(SM2_JACOBIAN_POINT *P, const char hex[64 * 2]); // 应该返回错误
int sm2_jacobian_point_is_at_infinity(const SM2_JACOBIAN_POINT *P);
int sm2_jacobian_point_is_on_curve(const SM2_JACOBIAN_POINT *P);
int sm2_jacobian_point_equ_hex(const SM2_JACOBIAN_POINT *P, const char hex[128]);
int sm2_jacobian_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_JACOBIAN_POINT *P);
#define sm2_jacobian_point_set_infinity(R) sm2_jacobian_point_init(R)
#define sm2_jacobian_point_copy(R, P) memcpy((R), (P), sizeof(SM2_JACOBIAN_POINT))
/*
SM2 Public API
SM2接口有两个层次基本的和ASN.1/PKI的
基本的接口不依赖ASN.1编码,可以直接将结构体的内存输出(endian一致即可)
基本的接口也不进行输入的格式检查,调用方应保证输入不为空
*/
// 这里应该用#define 给出常量的值
extern const SM2_BN SM2_P;
//extern const SM2_BN SM2_A;
extern const SM2_BN SM2_B;
extern const SM2_BN SM2_N;
extern const SM2_BN SM2_ONE;
extern const SM2_BN SM2_TWO;
extern const SM2_BN SM2_THREE;
extern const SM2_BN SM2_U_PLUS_ONE;
extern const SM2_JACOBIAN_POINT *SM2_G; // 应该同时给出Affine的
typedef struct {
uint8_t x[32];
uint8_t y[32];
} SM2_POINT;
void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33]);
void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65]);
int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen);
int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y);
int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32]);
int sm2_point_is_on_curve(const SM2_POINT *P);
int sm2_point_mul(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P);
int sm2_point_mul_generator(SM2_POINT *R, const uint8_t k[32]);
int sm2_point_mul_sum(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P, const uint8_t s[32]); // R = k * P + s * G
/*
RFC 5480 Elliptic Curve Cryptography Subject Public Key Information
ECPoint ::= OCTET STRING
*/
#define SM2_POINT_MAX_SIZE (2 + 65)
int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen);
int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen);
int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POINT *P);
typedef struct {
SM2_POINT public_key;
uint8_t private_key[32];
} SM2_KEY;
int sm2_key_generate(SM2_KEY *key);
int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // 自动生成公钥
int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // 自动清空私钥不要和set_private_key同时用
int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key);
int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key);
//int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key); // 这个函数的逻辑不清楚
int sm2_public_key_digest(const SM2_KEY *key, uint8_t dgst[32]);
int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key); // 和private_key_print参数不一致
/*
from RFC 5915
ECPrivateKey ::= SEQUENCE {
version INTEGER, -- value MUST be (1)
privateKey OCTET STRING, -- big endian encoding of integer 这里不是以INTEGER编码的因此长度固定
parameters [0] EXPLICIT ECParameters OPTIONAL,
-- ONLY namedCurve OID is permitted, by RFC 5480
-- MUST always include this field, by RFC 5915
publicKey [1] EXPLICIT BIT STRING OPTIONAL -- compressed_point
-- SHOULD always include this field, by RFC 5915 }
ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER }
*/
#define SM2_PRIVATE_KEY_DEFAULT_SIZE 120 // generated
#define SM2_PRIVATE_KEY_BUF_SIZE 512 // MUST >= SM2_PRIVATE_KEY_DEFAULT_SIZE
int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen);
int sm2_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
//int sm2_private_key_to_pem(const SM2_KEY *key, FILE *fp);
//int sm2_private_key_from_pem(SM2_KEY *key, FILE *fp);
/*
AlgorithmIdentifier ::= {
algorithm OBJECT IDENTIFIER { id-ecPublicKey },
parameters OBJECT IDENTIFIER { id-sm2 } }
*/
int sm2_public_key_algor_to_der(uint8_t **out, size_t *outlen);
int sm2_public_key_algor_from_der(const uint8_t **in, size_t *inlen);
/*
X.509 SubjectPublicKeyInfo from RFC 5280
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING -- uncompressed octets of ECPoint }
*/
int sm2_public_key_info_to_der(const SM2_KEY *a, uint8_t **out, size_t *outlen);
int sm2_public_key_info_from_der(SM2_KEY *a, const uint8_t **in, size_t *inlen);
int sm2_public_key_info_to_pem(const SM2_KEY *a, FILE *fp);
int sm2_public_key_info_from_pem(SM2_KEY *a, FILE *fp);
/*
PKCS #8 PrivateKeyInfo from RFC 5208
PrivateKeyInfo ::= SEQUENCE {
version Version { v1(0) },
privateKeyAlgorithm AlgorithmIdentifier,
privateKey OCTET STRING, -- DER-encoding of ECPrivateKey
attributes [0] IMPLICIT SET OF Attribute OPTIONAL }
*/
enum {
PKCS8_private_key_info_version = 0,
};
int sm2_private_key_info_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
int sm2_private_key_info_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, const uint8_t **in, size_t *inlen);
int sm2_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
//int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp);
//int sm2_private_key_info_from_pem(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, FILE *fp);
/*
EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm EncryptionAlgorithmIdentifier, -- id-PBES2
encryptedData OCTET STRING }
*/
int sm2_private_key_info_encrypt_to_der(const SM2_KEY *key,
const char *pass, uint8_t **out, size_t *outlen);
int sm2_private_key_info_decrypt_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrs_len,
const char *pass, const uint8_t **in, size_t *inlen);
int sm2_private_key_info_encrypt_to_pem(const SM2_KEY *key, const char *pass, FILE *fp);
int sm2_private_key_info_decrypt_from_pem(SM2_KEY *key, const char *pass, FILE *fp);
typedef struct {
uint8_t r[32];
uint8_t s[32];
} SM2_SIGNATURE;
int sm2_do_sign_ex(const SM2_KEY *key, int flags, const uint8_t dgst[32], SM2_SIGNATURE *sig);
int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig);
int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig);
#define SM2_MIN_SIGNATURE_SIZE 8
#define SM2_MAX_SIGNATURE_SIZE 72
int sm2_signature_to_der(const SM2_SIGNATURE *sig, uint8_t **out, size_t *outlen);
int sm2_signature_from_der(SM2_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
int sm2_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
int sm2_sign_ex(const SM2_KEY *key, int flags, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sm2_sign(const SM2_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sm2_verify(const SM2_KEY *key, const uint8_t dgst[32], const uint8_t *sig, size_t siglen);
#define SM2_DEFAULT_ID "1234567812345678"
#define SM2_DEFAULT_ID_LENGTH (sizeof(SM2_DEFAULT_ID) - 1) // LENGTH for string and SIZE for bytes
#define SM2_DEFAULT_ID_BITS (SM2_DEFAULT_ID_LENGTH * 8)
#define SM2_MAX_ID_BITS 65535
#define SM2_MAX_ID_LENGTH (SM2_MAX_ID_BITS/8)
int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen);
typedef struct {
SM3_CTX sm3_ctx;
SM2_KEY key;
} SM2_SIGN_CTX;
int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
int sm2_sign_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
int sm2_verify_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
int sm2_verify_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_verify_finish(SM2_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen);
/*
SM2Cipher ::= SEQUENCE {
XCoordinate INTEGER,
YCoordinate INTEGER,
HASH OCTET STRING SIZE(32),
CipherText OCTET STRING }
*/
#define SM2_MIN_PLAINTEXT_SIZE 1 // re-compute SM2_MIN_CIPHERTEXT_SIZE when modify
#define SM2_MAX_PLAINTEXT_SIZE 255 // re-compute SM2_MAX_CIPHERTEXT_SIZE when modify
typedef struct {
SM2_POINT point;
uint8_t hash[32];
uint8_t ciphertext_size;
uint8_t ciphertext[SM2_MAX_PLAINTEXT_SIZE];
} SM2_CIPHERTEXT;
int sm2_do_encrypt_ex(const SM2_KEY *key, int flags, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, size_t *outlen);
#define SM2_MIN_CIPHERTEXT_SIZE 45 // dependes on SM2_MIN_PLAINTEXT_SIZE
#define SM2_MAX_CIPHERTEXT_SIZE 366 // depends on SM2_MAX_PLAINTEXT_SIZE
int sm2_ciphertext_to_der(const SM2_CIPHERTEXT *c, uint8_t **out, size_t *outlen);
int sm2_ciphertext_from_der(SM2_CIPHERTEXT *c, const uint8_t **in, size_t *inlen);
int sm2_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
int sm2_encrypt_ex(const SM2_KEY *key, int flags, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm2_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm2_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_SM2_H
#define GMSSL_SM2_H
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm3.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SM2 Public API
SM2_DEFAULT_ID
SM2_MAX_ID_LENGTH
SM2_MAX_SIGNATURE_SIZE
SM2_MAX_PLAINTEXT_SIZE
SM2_MAX_CIPHERTEXT_SIZE
SM2_KEY
sm2_key_generate
sm2_private_key_info_encrypt_to_der
sm2_private_key_info_decrypt_from_der
sm2_private_key_info_encrypt_to_pem
sm2_private_key_info_decrypt_from_pem
sm2_public_key_info_to_der
sm2_public_key_info_from_der
sm2_public_key_info_to_pem
sm2_public_key_info_from_pem
sm2_sign
sm2_verify
sm2_encrypt
sm2_decrypt
sm2_ecdh
SM2_SIGN_CTX
sm2_sign_init
sm2_sign_update
sm2_sign_finish
sm2_verify_init
sm2_verify_update
sm2_verify_finish
*/
typedef uint64_t SM2_BN[8];
int sm2_bn_is_zero(const SM2_BN a);
int sm2_bn_is_one(const SM2_BN a);
int sm2_bn_is_odd(const SM2_BN a);
int sm2_bn_cmp(const SM2_BN a, const SM2_BN b);
int sm2_bn_from_hex(SM2_BN r, const char hex[64]);
int sm2_bn_from_asn1_integer(SM2_BN r, const uint8_t *d, size_t dlen);
int sm2_bn_equ_hex(const SM2_BN a, const char *hex);
int sm2_bn_print(FILE *fp, int fmt, int ind, const char *label, const SM2_BN a);
void sm2_bn_to_bytes(const SM2_BN a, uint8_t out[32]);
void sm2_bn_from_bytes(SM2_BN r, const uint8_t in[32]);
void sm2_bn_to_hex(const SM2_BN a, char hex[64]);
void sm2_bn_to_bits(const SM2_BN a, char bits[256]);
void sm2_bn_set_word(SM2_BN r, uint32_t a);
void sm2_bn_add(SM2_BN r, const SM2_BN a, const SM2_BN b);
void sm2_bn_sub(SM2_BN ret, const SM2_BN a, const SM2_BN b);
void sm2_bn_rand_range(SM2_BN r, const SM2_BN range); // 这个函数需要修改一下,从外部引入随机数
#define sm2_bn_init(r) memset((r),0,sizeof(SM2_BN))
#define sm2_bn_set_zero(r) memset((r),0,sizeof(SM2_BN))
#define sm2_bn_set_one(r) sm2_bn_set_word((r),1)
#define sm2_bn_copy(r,a) memcpy((r),(a),sizeof(SM2_BN))
#define sm2_bn_clean(r) memset((r),0,sizeof(SM2_BN))
// GF(p)
typedef SM2_BN SM2_Fp;
void sm2_fp_add(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
void sm2_fp_sub(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
void sm2_fp_mul(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
void sm2_fp_exp(SM2_Fp r, const SM2_Fp a, const SM2_Fp e);
void sm2_fp_dbl(SM2_Fp r, const SM2_Fp a);
void sm2_fp_tri(SM2_Fp r, const SM2_Fp a);
void sm2_fp_div2(SM2_Fp r, const SM2_Fp a);
void sm2_fp_neg(SM2_Fp r, const SM2_Fp a);
void sm2_fp_sqr(SM2_Fp r, const SM2_Fp a);
void sm2_fp_inv(SM2_Fp r, const SM2_Fp a);
void sm2_fp_rand(SM2_Fp r); // 外部提供随机性,如果满足条件就输出,如果不满足条件就哈希一下再输出
#define sm2_fp_init(r) sm2_bn_init(r)
#define sm2_fp_set_zero(r) sm2_bn_set_zero(r)
#define sm2_fp_set_one(r) sm2_bn_set_one(r)
#define sm2_fp_copy(r,a) sm2_bn_copy(r,a)
#define sm2_fp_clean(r) sm2_bn_clean(r)
// GF(n)
typedef SM2_BN SM2_Fn;
void sm2_fn_add(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
void sm2_fn_sub(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
void sm2_fn_mul(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
void sm2_fn_exp(SM2_Fn r, const SM2_Fn a, const SM2_Fn e);
void sm2_fn_neg(SM2_Fn r, const SM2_Fn a);
void sm2_fn_sqr(SM2_Fn r, const SM2_Fn a);
void sm2_fn_inv(SM2_Fn r, const SM2_Fn a);
void sm2_fn_rand(SM2_Fn r);
#define sm2_fn_init(r) sm2_bn_init(r)
#define sm2_fn_set_zero(r) sm2_bn_set_zero(r)
#define sm2_fn_set_one(r) sm2_bn_set_one(r)
#define sm2_fn_copy(r,a) sm2_bn_copy(r,a)
#define sm2_fn_clean(r) sm2_bn_clean(r)
typedef struct {
SM2_BN X;
SM2_BN Y;
SM2_BN Z;
} SM2_JACOBIAN_POINT;
void sm2_jacobian_point_init(SM2_JACOBIAN_POINT *R);
void sm2_jacobian_point_set_xy(SM2_JACOBIAN_POINT *R, const SM2_BN x, const SM2_BN y); // 应该返回错误
void sm2_jacobian_point_get_xy(const SM2_JACOBIAN_POINT *P, SM2_BN x, SM2_BN y);
void sm2_jacobian_point_neg(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P);
void sm2_jacobian_point_dbl(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P);
void sm2_jacobian_point_add(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q);
void sm2_jacobian_point_sub(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q);
void sm2_jacobian_point_mul(SM2_JACOBIAN_POINT *R, const SM2_BN k, const SM2_JACOBIAN_POINT *P);
void sm2_jacobian_point_to_bytes(const SM2_JACOBIAN_POINT *P, uint8_t out[64]);
void sm2_jacobian_point_from_bytes(SM2_JACOBIAN_POINT *P, const uint8_t in[64]);
void sm2_jacobian_point_mul_generator(SM2_JACOBIAN_POINT *R, const SM2_BN k);
void sm2_jacobian_point_mul_sum(SM2_JACOBIAN_POINT *R, const SM2_BN t, const SM2_JACOBIAN_POINT *P, const SM2_BN s); // 应该返回错误
void sm2_jacobian_point_from_hex(SM2_JACOBIAN_POINT *P, const char hex[64 * 2]); // 应该返回错误
int sm2_jacobian_point_is_at_infinity(const SM2_JACOBIAN_POINT *P);
int sm2_jacobian_point_is_on_curve(const SM2_JACOBIAN_POINT *P);
int sm2_jacobian_point_equ_hex(const SM2_JACOBIAN_POINT *P, const char hex[128]);
int sm2_jacobian_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_JACOBIAN_POINT *P);
#define sm2_jacobian_point_set_infinity(R) sm2_jacobian_point_init(R)
#define sm2_jacobian_point_copy(R, P) memcpy((R), (P), sizeof(SM2_JACOBIAN_POINT))
/*
SM2 Public API
SM2接口有两个层次基本的和ASN.1/PKI的
基本的接口不依赖ASN.1编码,可以直接将结构体的内存输出(endian一致即可)
基本的接口也不进行输入的格式检查,调用方应保证输入不为空
*/
// 这里应该用#define 给出常量的值
extern const SM2_BN SM2_P;
//extern const SM2_BN SM2_A;
extern const SM2_BN SM2_B;
extern const SM2_BN SM2_N;
extern const SM2_BN SM2_ONE;
extern const SM2_BN SM2_TWO;
extern const SM2_BN SM2_THREE;
extern const SM2_BN SM2_U_PLUS_ONE;
extern const SM2_JACOBIAN_POINT *SM2_G; // 应该同时给出Affine的
typedef struct {
uint8_t x[32];
uint8_t y[32];
} SM2_POINT;
void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33]);
void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65]);
int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen);
int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y);
int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32]);
int sm2_point_is_on_curve(const SM2_POINT *P);
int sm2_point_mul(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P);
int sm2_point_mul_generator(SM2_POINT *R, const uint8_t k[32]);
int sm2_point_mul_sum(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P, const uint8_t s[32]); // R = k * P + s * G
/*
RFC 5480 Elliptic Curve Cryptography Subject Public Key Information
ECPoint ::= OCTET STRING
*/
#define SM2_POINT_MAX_SIZE (2 + 65)
int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen);
int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen);
int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POINT *P);
typedef struct {
SM2_POINT public_key;
uint8_t private_key[32];
} SM2_KEY;
int sm2_key_generate(SM2_KEY *key);
int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // 自动生成公钥
int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // 自动清空私钥不要和set_private_key同时用
int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key);
int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key);
//int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key); // 这个函数的逻辑不清楚
int sm2_public_key_digest(const SM2_KEY *key, uint8_t dgst[32]);
int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key); // 和private_key_print参数不一致
/*
from RFC 5915
ECPrivateKey ::= SEQUENCE {
version INTEGER, -- value MUST be (1)
privateKey OCTET STRING, -- big endian encoding of integer 这里不是以INTEGER编码的因此长度固定
parameters [0] EXPLICIT ECParameters OPTIONAL,
-- ONLY namedCurve OID is permitted, by RFC 5480
-- MUST always include this field, by RFC 5915
publicKey [1] EXPLICIT BIT STRING OPTIONAL -- compressed_point
-- SHOULD always include this field, by RFC 5915 }
ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER }
*/
#define SM2_PRIVATE_KEY_DEFAULT_SIZE 120 // generated
#define SM2_PRIVATE_KEY_BUF_SIZE 512 // MUST >= SM2_PRIVATE_KEY_DEFAULT_SIZE
int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen);
int sm2_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
//int sm2_private_key_to_pem(const SM2_KEY *key, FILE *fp);
//int sm2_private_key_from_pem(SM2_KEY *key, FILE *fp);
/*
AlgorithmIdentifier ::= {
algorithm OBJECT IDENTIFIER { id-ecPublicKey },
parameters OBJECT IDENTIFIER { id-sm2 } }
*/
int sm2_public_key_algor_to_der(uint8_t **out, size_t *outlen);
int sm2_public_key_algor_from_der(const uint8_t **in, size_t *inlen);
/*
X.509 SubjectPublicKeyInfo from RFC 5280
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING -- uncompressed octets of ECPoint }
*/
int sm2_public_key_info_to_der(const SM2_KEY *a, uint8_t **out, size_t *outlen);
int sm2_public_key_info_from_der(SM2_KEY *a, const uint8_t **in, size_t *inlen);
int sm2_public_key_info_to_pem(const SM2_KEY *a, FILE *fp);
int sm2_public_key_info_from_pem(SM2_KEY *a, FILE *fp);
/*
PKCS #8 PrivateKeyInfo from RFC 5208
PrivateKeyInfo ::= SEQUENCE {
version Version { v1(0) },
privateKeyAlgorithm AlgorithmIdentifier,
privateKey OCTET STRING, -- DER-encoding of ECPrivateKey
attributes [0] IMPLICIT SET OF Attribute OPTIONAL }
*/
enum {
PKCS8_private_key_info_version = 0,
};
int sm2_private_key_info_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
int sm2_private_key_info_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, const uint8_t **in, size_t *inlen);
int sm2_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
//int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp);
//int sm2_private_key_info_from_pem(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, FILE *fp);
/*
EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm EncryptionAlgorithmIdentifier, -- id-PBES2
encryptedData OCTET STRING }
*/
int sm2_private_key_info_encrypt_to_der(const SM2_KEY *key,
const char *pass, uint8_t **out, size_t *outlen);
int sm2_private_key_info_decrypt_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrs_len,
const char *pass, const uint8_t **in, size_t *inlen);
int sm2_private_key_info_encrypt_to_pem(const SM2_KEY *key, const char *pass, FILE *fp);
int sm2_private_key_info_decrypt_from_pem(SM2_KEY *key, const char *pass, FILE *fp);
typedef struct {
uint8_t r[32];
uint8_t s[32];
} SM2_SIGNATURE;
int sm2_do_sign_ex(const SM2_KEY *key, int flags, const uint8_t dgst[32], SM2_SIGNATURE *sig);
int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig);
int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig);
#define SM2_MIN_SIGNATURE_SIZE 8
#define SM2_MAX_SIGNATURE_SIZE 72
int sm2_signature_to_der(const SM2_SIGNATURE *sig, uint8_t **out, size_t *outlen);
int sm2_signature_from_der(SM2_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
int sm2_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
int sm2_sign_ex(const SM2_KEY *key, int flags, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sm2_sign(const SM2_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
int sm2_verify(const SM2_KEY *key, const uint8_t dgst[32], const uint8_t *sig, size_t siglen);
#define SM2_DEFAULT_ID "1234567812345678"
#define SM2_DEFAULT_ID_LENGTH (sizeof(SM2_DEFAULT_ID) - 1) // LENGTH for string and SIZE for bytes
#define SM2_DEFAULT_ID_BITS (SM2_DEFAULT_ID_LENGTH * 8)
#define SM2_MAX_ID_BITS 65535
#define SM2_MAX_ID_LENGTH (SM2_MAX_ID_BITS/8)
int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen);
typedef struct {
SM3_CTX sm3_ctx;
SM2_KEY key;
} SM2_SIGN_CTX;
int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
int sm2_sign_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
int sm2_verify_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
int sm2_verify_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int sm2_verify_finish(SM2_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen);
/*
SM2Cipher ::= SEQUENCE {
XCoordinate INTEGER,
YCoordinate INTEGER,
HASH OCTET STRING SIZE(32),
CipherText OCTET STRING }
*/
#define SM2_MIN_PLAINTEXT_SIZE 1 // re-compute SM2_MIN_CIPHERTEXT_SIZE when modify
#define SM2_MAX_PLAINTEXT_SIZE 255 // re-compute SM2_MAX_CIPHERTEXT_SIZE when modify
typedef struct {
SM2_POINT point;
uint8_t hash[32];
uint8_t ciphertext_size;
uint8_t ciphertext[SM2_MAX_PLAINTEXT_SIZE];
} SM2_CIPHERTEXT;
int sm2_do_encrypt_ex(const SM2_KEY *key, int flags, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, size_t *outlen);
#define SM2_MIN_CIPHERTEXT_SIZE 45 // dependes on SM2_MIN_PLAINTEXT_SIZE
#define SM2_MAX_CIPHERTEXT_SIZE 366 // depends on SM2_MAX_PLAINTEXT_SIZE
int sm2_ciphertext_to_der(const SM2_CIPHERTEXT *c, uint8_t **out, size_t *outlen);
int sm2_ciphertext_from_der(SM2_CIPHERTEXT *c, const uint8_t **in, size_t *inlen);
int sm2_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
int sm2_encrypt_ex(const SM2_KEY *key, int flags, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm2_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm2_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out);
#ifdef __cplusplus
}
#endif
#endif

161
include/gmssl/sm3.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,82 +7,83 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM3_H
#define GMSSL_SM3_H
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SM3 Public API
SM3_DIGEST_SIZE
SM3_HMAC_SIZE
SM3_CTX
sm3_init
sm3_update
sm3_finish
SM3_HMAC_CTX
sm3_hmac_init
sm3_hmac_update
sm3_hmac_finish
sm3_digest
sm3_hmac
*/
#define SM3_IS_BIG_ENDIAN 1
#define SM3_DIGEST_SIZE 32
#define SM3_BLOCK_SIZE 64
#define SM3_STATE_WORDS 8
#define SM3_HMAC_SIZE (SM3_DIGEST_SIZE)
typedef struct {
uint32_t digest[SM3_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SM3_BLOCK_SIZE];
size_t num;
} SM3_CTX;
void sm3_init(SM3_CTX *ctx);
void sm3_update(SM3_CTX *ctx, const uint8_t *data, size_t datalen);
void sm3_finish(SM3_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]);
void sm3_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SM3_DIGEST_SIZE]);
typedef struct {
SM3_CTX sm3_ctx;
unsigned char key[SM3_BLOCK_SIZE];
} SM3_HMAC_CTX;
void sm3_hmac_init(SM3_HMAC_CTX *ctx, const uint8_t *key, size_t keylen);
void sm3_hmac_update(SM3_HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
void sm3_hmac_finish(SM3_HMAC_CTX *ctx, uint8_t mac[SM3_HMAC_SIZE]);
void sm3_hmac(const uint8_t *key, size_t keylen,
const uint8_t *data, size_t datalen,
uint8_t mac[SM3_HMAC_SIZE]);
typedef struct {
SM3_CTX sm3_ctx;
size_t outlen;
} SM3_KDF_CTX;
void sm3_kdf_init(SM3_KDF_CTX *ctx, size_t outlen);
void sm3_kdf_update(SM3_KDF_CTX *ctx, const uint8_t *data, size_t datalen);
void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_SM3_H
#define GMSSL_SM3_H
#include <string.h>
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SM3 Public API
SM3_DIGEST_SIZE
SM3_HMAC_SIZE
SM3_CTX
sm3_init
sm3_update
sm3_finish
SM3_HMAC_CTX
sm3_hmac_init
sm3_hmac_update
sm3_hmac_finish
sm3_digest
sm3_hmac
*/
#define SM3_IS_BIG_ENDIAN 1
#define SM3_DIGEST_SIZE 32
#define SM3_BLOCK_SIZE 64
#define SM3_STATE_WORDS 8
#define SM3_HMAC_SIZE (SM3_DIGEST_SIZE)
typedef struct {
uint32_t digest[SM3_STATE_WORDS];
uint64_t nblocks;
uint8_t block[SM3_BLOCK_SIZE];
size_t num;
} SM3_CTX;
void sm3_init(SM3_CTX *ctx);
void sm3_update(SM3_CTX *ctx, const uint8_t *data, size_t datalen);
void sm3_finish(SM3_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]);
void sm3_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SM3_DIGEST_SIZE]);
typedef struct {
SM3_CTX sm3_ctx;
unsigned char key[SM3_BLOCK_SIZE];
} SM3_HMAC_CTX;
void sm3_hmac_init(SM3_HMAC_CTX *ctx, const uint8_t *key, size_t keylen);
void sm3_hmac_update(SM3_HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
void sm3_hmac_finish(SM3_HMAC_CTX *ctx, uint8_t mac[SM3_HMAC_SIZE]);
void sm3_hmac(const uint8_t *key, size_t keylen,
const uint8_t *data, size_t datalen,
uint8_t mac[SM3_HMAC_SIZE]);
typedef struct {
SM3_CTX sm3_ctx;
size_t outlen;
} SM3_KDF_CTX;
void sm3_kdf_init(SM3_KDF_CTX *ctx, size_t outlen);
void sm3_kdf_update(SM3_KDF_CTX *ctx, const uint8_t *data, size_t datalen);
void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out);
#ifdef __cplusplus
}
#endif
#endif

247
include/gmssl/sm4.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,125 +7,126 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_SM4_H
#define GMSSL_SM4_H
#include <stdint.h>
#include <string.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SM4 Public API
SM4_KEY_SIZE
SM4_BLOCK_SIZE
SM4_CBC_CTX
sm4_cbc_encrypt_init
sm4_cbc_encrypt_update
sm4_cbc_encrypt_finish
sm4_cbc_decrypt_init
sm4_cbc_decrypt_update
sm4_cbc_decrypt_finish
SM4_CTR_CTX
sm4_ctr_encrypt_init
sm4_ctr_encrypt_update
sm4_ctr_encrypt_finish
sm4_ctr_decrypt_init
sm4_ctr_decrypt_update
sm4_ctr_decrypt_finish
*/
#define SM4_KEY_SIZE (16)
#define SM4_BLOCK_SIZE (16)
#define SM4_NUM_ROUNDS (32)
typedef struct {
uint32_t rk[SM4_NUM_ROUNDS];
} SM4_KEY;
void sm4_set_encrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
void sm4_set_decrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
void sm4_encrypt(const SM4_KEY *key, const uint8_t in[SM4_BLOCK_SIZE], uint8_t out[SM4_BLOCK_SIZE]);
#define sm4_decrypt(key,in,out) sm4_encrypt(key,in,out)
void sm4_cbc_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *in, size_t nblocks, uint8_t *out);
void sm4_cbc_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *in, size_t nblocks, uint8_t *out);
int sm4_cbc_padding_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_padding_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[SM4_BLOCK_SIZE],
const uint8_t *in, size_t inlen, uint8_t *out);
#define sm4_ctr_decrypt(key,ctr,in,inlen,out) sm4_ctr_encrypt(key,ctr,in,inlen,out)
#define SM4_GCM_IV_MIN_SIZE 1
#define SM4_GCM_IV_MAX_SIZE ((uint64_t)(1 << (64-3)))
#define SM4_GCM_IV_DEFAULT_BITS 96
#define SM4_GCM_IV_DEFAULT_SIZE 12
#define SM4_GCM_MIN_AAD_SIZE 0
#define SM4_GCM_MAX_AAD_SIZE ((uint64_t)(1 << (64-3)))
#define SM4_GCM_MIN_PLAINTEXT_SIZE 0
#define SM4_GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3)
#define SM4_GCM_MAX_TAG_SIZE 16
int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
uint8_t *out, size_t taglen, uint8_t *tag);
int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
const uint8_t *tag, size_t taglen, uint8_t *out);
typedef struct {
SM4_KEY sm4_key;
uint8_t iv[SM4_BLOCK_SIZE];
uint8_t block[SM4_BLOCK_SIZE];
size_t block_nbytes;
} SM4_CBC_CTX;
int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
typedef struct {
SM4_KEY sm4_key;
uint8_t ctr[SM4_BLOCK_SIZE];
uint8_t block[SM4_BLOCK_SIZE];
size_t block_nbytes;
} SM4_CTR_CTX;
int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen);
#define sm4_ctr_decrypt_init(ctx,key,ctr) sm4_ctr_encrypt_init(ctx,key,ctr)
#define sm4_ctr_decrypt_update(ctx,in,inlen,out,outlen) sm4_ctr_encrypt_update(ctx,in,inlen,out,outlen)
#define sm4_ctr_decrypt_finish(ctx,out,outlen) sm4_ctr_encrypt_finish(ctx,out,outlen)
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_SM4_H
#define GMSSL_SM4_H
#include <stdint.h>
#include <string.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
SM4 Public API
SM4_KEY_SIZE
SM4_BLOCK_SIZE
SM4_CBC_CTX
sm4_cbc_encrypt_init
sm4_cbc_encrypt_update
sm4_cbc_encrypt_finish
sm4_cbc_decrypt_init
sm4_cbc_decrypt_update
sm4_cbc_decrypt_finish
SM4_CTR_CTX
sm4_ctr_encrypt_init
sm4_ctr_encrypt_update
sm4_ctr_encrypt_finish
sm4_ctr_decrypt_init
sm4_ctr_decrypt_update
sm4_ctr_decrypt_finish
*/
#define SM4_KEY_SIZE (16)
#define SM4_BLOCK_SIZE (16)
#define SM4_NUM_ROUNDS (32)
typedef struct {
uint32_t rk[SM4_NUM_ROUNDS];
} SM4_KEY;
void sm4_set_encrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
void sm4_set_decrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
void sm4_encrypt(const SM4_KEY *key, const uint8_t in[SM4_BLOCK_SIZE], uint8_t out[SM4_BLOCK_SIZE]);
#define sm4_decrypt(key,in,out) sm4_encrypt(key,in,out)
void sm4_cbc_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *in, size_t nblocks, uint8_t *out);
void sm4_cbc_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *in, size_t nblocks, uint8_t *out);
int sm4_cbc_padding_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_padding_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[SM4_BLOCK_SIZE],
const uint8_t *in, size_t inlen, uint8_t *out);
#define sm4_ctr_decrypt(key,ctr,in,inlen,out) sm4_ctr_encrypt(key,ctr,in,inlen,out)
#define SM4_GCM_IV_MIN_SIZE 1
#define SM4_GCM_IV_MAX_SIZE ((uint64_t)(1 << (64-3)))
#define SM4_GCM_IV_DEFAULT_BITS 96
#define SM4_GCM_IV_DEFAULT_SIZE 12
#define SM4_GCM_MIN_AAD_SIZE 0
#define SM4_GCM_MAX_AAD_SIZE ((uint64_t)(1 << (64-3)))
#define SM4_GCM_MIN_PLAINTEXT_SIZE 0
#define SM4_GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3)
#define SM4_GCM_MAX_TAG_SIZE 16
int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
uint8_t *out, size_t taglen, uint8_t *tag);
int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
const uint8_t *tag, size_t taglen, uint8_t *out);
typedef struct {
SM4_KEY sm4_key;
uint8_t iv[SM4_BLOCK_SIZE];
uint8_t block[SM4_BLOCK_SIZE];
size_t block_nbytes;
} SM4_CBC_CTX;
int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
typedef struct {
SM4_KEY sm4_key;
uint8_t ctr[SM4_BLOCK_SIZE];
uint8_t block[SM4_BLOCK_SIZE];
size_t block_nbytes;
} SM4_CTR_CTX;
int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen);
#define sm4_ctr_decrypt_init(ctx,key,ctr) sm4_ctr_encrypt_init(ctx,key,ctr)
#define sm4_ctr_decrypt_update(ctx,in,inlen,out,outlen) sm4_ctr_encrypt_update(ctx,in,inlen,out,outlen)
#define sm4_ctr_decrypt_finish(ctx,out,outlen) sm4_ctr_encrypt_finish(ctx,out,outlen)
#ifdef __cplusplus
}
#endif
#endif

1123
include/gmssl/sm9.h
View File

File diff suppressed because it is too large Load Diff

1745
include/gmssl/tls.h
View File

File diff suppressed because it is too large Load Diff

55
include/gmssl/version.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,29 +7,30 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_VERSION_H
#define GMSSL_VERSION_H
#ifdef __cplusplus
extern "C" {
#endif
/*
Version Public API
gmssl_version_num
gmssl_version_str
*/
#define GMSSL_VERSION_NUM 30000
#define GMSSL_VERSION_STR "GmSSL 3.0.0 Beta"
int gmssl_version_num(void);
const char *gmssl_version_str(void);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_VERSION_H
#define GMSSL_VERSION_H
#ifdef __cplusplus
extern "C" {
#endif
/*
Version Public API
gmssl_version_num
gmssl_version_str
*/
#define GMSSL_VERSION_NUM 30000
#define GMSSL_VERSION_STR "GmSSL 3.0.0 Beta"
int gmssl_version_num(void);
const char *gmssl_version_str(void);
#ifdef __cplusplus
}
#endif
#endif

707
include/gmssl/x509.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -7,355 +7,356 @@
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_X509_H
#define GMSSL_X509_H
#include <time.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
X509 Public API
x509_name_add_rdn
x509_name_add_country_name
x509_name_add_state_or_province_name
x509_name_add_locality_name
x509_name_add_organization_name
x509_name_add_organizational_unit_name
x509_name_add_common_name
x509_name_add_domain_component
x509_name_to_der
x509_name_from_der
x509_name_print
x509_name_get_value_by_type
x509_name_get_common_name
x509_cert_sign
x509_cert_verify
x509_cert_verify_by_ca_cert
x509_cert_get_issuer_and_serial_number
x509_cert_get_issuer
x509_cert_get_subject
x509_cert_get_subject_public_key
x509_cert_to_der
x509_cert_from_der
x509_cert_to_pem
x509_cert_from_pem
x509_cert_print
*/
enum X509_Version {
X509_version_v1 = 0,
X509_version_v2 = 1,
X509_version_v3 = 2,
};
const char *x509_version_name(int version);
int x509_explicit_version_to_der(int index, int version, uint8_t **out, size_t *outlen);
int x509_explicit_version_from_der(int index, int *version, const uint8_t **in, size_t *inlen);
/*
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
*/
int x509_time_to_der(time_t a, uint8_t **out, size_t *outlen);
int x509_time_from_der(time_t *a, const uint8_t **in, size_t *inlen);
/*
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
*/
#define X509_VALIDITY_MIN_DAYS 1
#define X509_VALIDITY_MAX_DAYS (365 * 10) // ROOTCA, CA需要更长的时间
int x509_validity_add_days(time_t *not_after, time_t not_before, int days);
int x509_validity_to_der(time_t not_before, time_t not_after, uint8_t **out, size_t *outlen);
int x509_validity_from_der(time_t *not_before, time_t *not_after, const uint8_t **in, size_t *inlen);
int x509_validity_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
AttributeTypeAndValue ::= SEQUENCE {
type OBJECT IDENTIFIER,
value ANY -- DEFINED BY AttributeType }
id-at
name DirectoryName 1..ub-name
surname DirectoryName 1..ub-name
givenName DirectoryName 1..ub-name
initials DirectoryName 1..ub-name
generationQualifier DirectoryName 1..ub-name
commonName DirectoryName 1..ub-common-name
localityName DirectoryName 1..ub-locality-name
stateOrProvinceName DirectoryName 1..ub-state-name
organizationName DirectoryName 1..ub-organization-name
organizationalUnitName DirectoryName 1..ub-organizational-unit-name
title DirectoryName 1..ub-title
dnQualifier PrintableString N/A
countryName PrintableString 2..2
serialNumber PrintableString 1..ub-serial-number
pseudonym DirectoryName 1..ub-pseudonym
domainComponent IA5String N/A
*/
#define X509_ub_name 32768
#define X509_ub_common_name 64
#define X509_ub_locality_name 128
#define X509_ub_state_name 128
#define X509_ub_organization_name 64
#define X509_ub_organizational_unit_name 64
#define X509_ub_title 64
#define X509_ub_serial_number 64
#define X509_ub_pseudonym 128
int x509_attr_type_and_value_check(int oid, int tag, const uint8_t *val, size_t vlen);
int x509_attr_type_and_value_to_der(int oid, int tag, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
int x509_attr_type_and_value_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
int x509_attr_type_and_value_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
*/
int x509_rdn_to_der(int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen, uint8_t **out, size_t *outlen);
int x509_rdn_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **more, size_t *mlen, const uint8_t **in, size_t *inlen);
int x509_rdn_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
Name ::= SEQUENCE OF RelativeDistinguishedName
Example:
SEQUENCE LEN
SET LEN
SEQUENCE LEN OID=countryName, String=CN
SET LEN
SEQUENCE LEN OID=stateName, String=CN
SEQUENCE LEN OID=unknown, String=ABC
SET LEN
SEQUENCE LEN OID=commonNmame, String=ABC
*/
int x509_name_add_rdn(uint8_t *d, size_t *dlen, size_t maxlen, int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen);
int x509_name_add_country_name(uint8_t *d, size_t *dlen, int maxlen, const char val[2] ); // val: PrintableString SIZE(2)
int x509_name_add_state_or_province_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_locality_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_organization_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_organizational_unit_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_common_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_domain_component(uint8_t *d, size_t *dlen, int maxlen, const char *val, size_t vlen); // val: IA5String
int x509_name_set(uint8_t *d, size_t *dlen, size_t maxlen,
const char *country, const char *state, const char *locality,
const char *org, const char *org_unit, const char *common_name);
#define x509_name_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
#define x509_name_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
int x509_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int x509_name_get_value_by_type(const uint8_t *d, size_t dlen, int oid, int *tag, const uint8_t **val, size_t *vlen);
int x509_name_get_common_name(const uint8_t *d, size_t dlen, int *tag, const uint8_t **val, size_t *vlen);
int x509_name_equ(const uint8_t *a, size_t alen, const uint8_t *b, size_t blen);
int x509_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
algorithm.algorithm = OID_ec_public_key;
algorithm.parameters = OID_sm2;
subjectPublicKey = ECPoint
*/
#define x509_public_key_info_to_der(key,out,outlen) sm2_public_key_info_to_der(key,out,outlen)
#define x509_public_key_info_from_der(key,in,inlen) sm2_public_key_info_from_der(key,in,inlen)
int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value
*/
int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
int x509_ext_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
int x509_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
[3] EXPLICIT SEQUENCE OF Extension
*/
int x509_explicit_exts_to_der(int index, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int x509_explicit_exts_from_der(int index, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define x509_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(3,d,dlen,out,outlen)
#define x509_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(3,d,dlen,in,inlen)
int x509_exts_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
int x509_exts_get_ext_by_index(const uint8_t *d, size_t dlen, int index,
int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical,
const uint8_t **val, size_t *vlen);
int x509_exts_get_ext_by_oid(const uint8_t *d, size_t dlen, int oid,
int *critical, const uint8_t **val, size_t *vlen);
int x509_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT INTEGER DEFAULT v1,
serialNumber INTEGER,
siganture AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPulbicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3
subjectUniqueID [2] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3
extensions [3] EXPLICIT Extensions OPTIONAL -- If present, must be v3 }
*/
#define X509_SERIAL_NUMBER_MIN_LEN 1
#define X509_SERIAL_NUMBER_MAX_LEN 20
#define X509_UNIQUE_ID_MIN_LEN 32
#define X509_UNIQUE_ID_MAX_LEN 32
int x509_tbs_cert_to_der(
int version,
const uint8_t *serial, size_t serial_len,
int signature_algor,
const uint8_t *issuer, size_t issuer_len,
time_t not_before, time_t not_after,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
const uint8_t *subject_unique_id, size_t subject_unique_id_len,
const uint8_t *exts, size_t exts_len,
uint8_t **out, size_t *outlen);
int x509_tbs_cert_from_der(
int *version,
const uint8_t **serial, size_t *serial_len,
int *signature_algor,
const uint8_t **issuer, size_t *issuer_len,
time_t *not_before, time_t *not_after,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
const uint8_t **exts, size_t *exts_len,
const uint8_t **in, size_t *inlen);
int x509_tbs_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
*/
int x509_certificate_to_der(
const uint8_t *tbs, size_t tbslen,
int signature_algor,
const uint8_t *sig, size_t siglen,
uint8_t **out, size_t *outlen);
int x509_certificate_from_der(
const uint8_t **tbs, size_t *tbslen,
int *signature_algor,
const uint8_t **sig, size_t *siglen,
const uint8_t **in, size_t *inlen);
int x509_certificate_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
// x509_cert functions
int x509_cert_sign(
uint8_t *cert, size_t *certlen, size_t maxlen,
int version,
const uint8_t *serial, size_t serial_len,
int signature_algor,
const uint8_t *issuer, size_t issuer_len,
time_t not_before, time_t not_after,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
const uint8_t *subject_unique_id, size_t subject_unique_id_len,
const uint8_t *exts, size_t exts_len,
const SM2_KEY *sign_key,
const char *signer_id, size_t signer_id_len);
int x509_cert_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key,
const char *signer_id, size_t signer_id_len);
int x509_cert_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
const char *signer_id, size_t signer_id_len);
int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
int x509_cert_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
int x509_cert_to_pem(const uint8_t *a, size_t alen, FILE *fp);
int x509_cert_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp);
int x509_cert_from_pem_by_index(uint8_t *a, size_t *alen, size_t maxlen, int index, FILE *fp);
int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, const uint8_t *name, size_t namelen, FILE *fp);
int x509_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
int x509_cert_get_details(const uint8_t *a, size_t alen,
int *version,
const uint8_t **serial_number, size_t *serial_number_len,
int *inner_signature_algor,
const uint8_t **issuer, size_t *issuer_len,
time_t *not_before, time_t *not_after,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
const uint8_t **extensions, size_t *extensions_len,
int *signature_algor,
const uint8_t **signature, size_t *signature_len);
/*
IssuerAndSerialNumber ::= SEQUENCE {
isser Name,
serialNumber INTEGER }
*/
int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
const uint8_t **issuer, size_t *issuer_len,
const uint8_t **serial_number, size_t *serial_number_len);
int x509_cert_get_issuer(const uint8_t *a, size_t alen, const uint8_t **name, size_t *namelen);
int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len);
int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key);
int x509_certs_to_pem(const uint8_t *d, size_t dlen, FILE *fp);
int x509_certs_from_pem(uint8_t *d, size_t *dlen, size_t maxlen, FILE *fp);
int x509_certs_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
int x509_certs_get_cert_by_index(const uint8_t *d, size_t dlen, int index, const uint8_t **cert, size_t *certlen);
int x509_certs_get_cert_by_subject(const uint8_t *d, size_t dlen, const uint8_t *subject, size_t subject_len, const uint8_t **cert, size_t *certlen);
int x509_certs_get_last(const uint8_t *d, size_t dlen, const uint8_t **cert, size_t *certlen);
int x509_certs_get_cert_by_issuer_and_serial_number(
const uint8_t *certs, size_t certs_len,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial, size_t serial_len,
const uint8_t **cert, size_t *cert_len);
typedef enum {
X509_verify_err_cert_revoked = -2,
X509_verify_err_cert_not_yet_valid = -3,
X509_verify_err_cert_has_expired = -4,
X509_verify_err_cert_chain_too_long = -5,
} X509_VERIFY_ERR;
int x509_certs_verify(const uint8_t *certs, size_t certslen,
const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen,
const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
int x509_certs_get_subjects(const uint8_t *certs, size_t certslen, uint8_t *names, size_t *nameslen);
int x509_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int x509_cert_new_from_file(uint8_t **out, size_t *outlen, const char *file);
int x509_certs_new_from_file(uint8_t **out, size_t *outlen, const char *file);
#ifdef __cplusplus
}
#endif
#endif
#ifndef GMSSL_X509_H
#define GMSSL_X509_H
#include <time.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/sm2.h>
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
X509 Public API
x509_name_add_rdn
x509_name_add_country_name
x509_name_add_state_or_province_name
x509_name_add_locality_name
x509_name_add_organization_name
x509_name_add_organizational_unit_name
x509_name_add_common_name
x509_name_add_domain_component
x509_name_to_der
x509_name_from_der
x509_name_print
x509_name_get_value_by_type
x509_name_get_common_name
x509_cert_sign
x509_cert_verify
x509_cert_verify_by_ca_cert
x509_cert_get_issuer_and_serial_number
x509_cert_get_issuer
x509_cert_get_subject
x509_cert_get_subject_public_key
x509_cert_to_der
x509_cert_from_der
x509_cert_to_pem
x509_cert_from_pem
x509_cert_print
*/
enum X509_Version {
X509_version_v1 = 0,
X509_version_v2 = 1,
X509_version_v3 = 2,
};
const char *x509_version_name(int version);
int x509_explicit_version_to_der(int index, int version, uint8_t **out, size_t *outlen);
int x509_explicit_version_from_der(int index, int *version, const uint8_t **in, size_t *inlen);
/*
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
*/
int x509_time_to_der(time_t a, uint8_t **out, size_t *outlen);
int x509_time_from_der(time_t *a, const uint8_t **in, size_t *inlen);
/*
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
*/
#define X509_VALIDITY_MIN_DAYS 1
#define X509_VALIDITY_MAX_DAYS (365 * 10) // ROOTCA, CA需要更长的时间
int x509_validity_add_days(time_t *not_after, time_t not_before, int days);
int x509_validity_to_der(time_t not_before, time_t not_after, uint8_t **out, size_t *outlen);
int x509_validity_from_der(time_t *not_before, time_t *not_after, const uint8_t **in, size_t *inlen);
int x509_validity_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
AttributeTypeAndValue ::= SEQUENCE {
type OBJECT IDENTIFIER,
value ANY -- DEFINED BY AttributeType }
id-at
name DirectoryName 1..ub-name
surname DirectoryName 1..ub-name
givenName DirectoryName 1..ub-name
initials DirectoryName 1..ub-name
generationQualifier DirectoryName 1..ub-name
commonName DirectoryName 1..ub-common-name
localityName DirectoryName 1..ub-locality-name
stateOrProvinceName DirectoryName 1..ub-state-name
organizationName DirectoryName 1..ub-organization-name
organizationalUnitName DirectoryName 1..ub-organizational-unit-name
title DirectoryName 1..ub-title
dnQualifier PrintableString N/A
countryName PrintableString 2..2
serialNumber PrintableString 1..ub-serial-number
pseudonym DirectoryName 1..ub-pseudonym
domainComponent IA5String N/A
*/
#define X509_ub_name 32768
#define X509_ub_common_name 64
#define X509_ub_locality_name 128
#define X509_ub_state_name 128
#define X509_ub_organization_name 64
#define X509_ub_organizational_unit_name 64
#define X509_ub_title 64
#define X509_ub_serial_number 64
#define X509_ub_pseudonym 128
int x509_attr_type_and_value_check(int oid, int tag, const uint8_t *val, size_t vlen);
int x509_attr_type_and_value_to_der(int oid, int tag, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
int x509_attr_type_and_value_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
int x509_attr_type_and_value_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
*/
int x509_rdn_to_der(int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen, uint8_t **out, size_t *outlen);
int x509_rdn_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **more, size_t *mlen, const uint8_t **in, size_t *inlen);
int x509_rdn_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
Name ::= SEQUENCE OF RelativeDistinguishedName
Example:
SEQUENCE LEN
SET LEN
SEQUENCE LEN OID=countryName, String=CN
SET LEN
SEQUENCE LEN OID=stateName, String=CN
SEQUENCE LEN OID=unknown, String=ABC
SET LEN
SEQUENCE LEN OID=commonNmame, String=ABC
*/
int x509_name_add_rdn(uint8_t *d, size_t *dlen, size_t maxlen, int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen);
int x509_name_add_country_name(uint8_t *d, size_t *dlen, int maxlen, const char val[2] ); // val: PrintableString SIZE(2)
int x509_name_add_state_or_province_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_locality_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_organization_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_organizational_unit_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_common_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
int x509_name_add_domain_component(uint8_t *d, size_t *dlen, int maxlen, const char *val, size_t vlen); // val: IA5String
int x509_name_set(uint8_t *d, size_t *dlen, size_t maxlen,
const char *country, const char *state, const char *locality,
const char *org, const char *org_unit, const char *common_name);
#define x509_name_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
#define x509_name_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
int x509_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int x509_name_get_value_by_type(const uint8_t *d, size_t dlen, int oid, int *tag, const uint8_t **val, size_t *vlen);
int x509_name_get_common_name(const uint8_t *d, size_t dlen, int *tag, const uint8_t **val, size_t *vlen);
int x509_name_equ(const uint8_t *a, size_t alen, const uint8_t *b, size_t blen);
int x509_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
algorithm.algorithm = OID_ec_public_key;
algorithm.parameters = OID_sm2;
subjectPublicKey = ECPoint
*/
#define x509_public_key_info_to_der(key,out,outlen) sm2_public_key_info_to_der(key,out,outlen)
#define x509_public_key_info_from_der(key,in,inlen) sm2_public_key_info_from_der(key,in,inlen)
int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value
*/
int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
int x509_ext_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
int x509_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
[3] EXPLICIT SEQUENCE OF Extension
*/
int x509_explicit_exts_to_der(int index, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int x509_explicit_exts_from_der(int index, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
#define x509_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(3,d,dlen,out,outlen)
#define x509_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(3,d,dlen,in,inlen)
int x509_exts_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
int x509_exts_get_ext_by_index(const uint8_t *d, size_t dlen, int index,
int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical,
const uint8_t **val, size_t *vlen);
int x509_exts_get_ext_by_oid(const uint8_t *d, size_t dlen, int oid,
int *critical, const uint8_t **val, size_t *vlen);
int x509_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT INTEGER DEFAULT v1,
serialNumber INTEGER,
siganture AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPulbicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3
subjectUniqueID [2] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3
extensions [3] EXPLICIT Extensions OPTIONAL -- If present, must be v3 }
*/
#define X509_SERIAL_NUMBER_MIN_LEN 1
#define X509_SERIAL_NUMBER_MAX_LEN 20
#define X509_UNIQUE_ID_MIN_LEN 32
#define X509_UNIQUE_ID_MAX_LEN 32
int x509_tbs_cert_to_der(
int version,
const uint8_t *serial, size_t serial_len,
int signature_algor,
const uint8_t *issuer, size_t issuer_len,
time_t not_before, time_t not_after,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
const uint8_t *subject_unique_id, size_t subject_unique_id_len,
const uint8_t *exts, size_t exts_len,
uint8_t **out, size_t *outlen);
int x509_tbs_cert_from_der(
int *version,
const uint8_t **serial, size_t *serial_len,
int *signature_algor,
const uint8_t **issuer, size_t *issuer_len,
time_t *not_before, time_t *not_after,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
const uint8_t **exts, size_t *exts_len,
const uint8_t **in, size_t *inlen);
int x509_tbs_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
*/
int x509_certificate_to_der(
const uint8_t *tbs, size_t tbslen,
int signature_algor,
const uint8_t *sig, size_t siglen,
uint8_t **out, size_t *outlen);
int x509_certificate_from_der(
const uint8_t **tbs, size_t *tbslen,
int *signature_algor,
const uint8_t **sig, size_t *siglen,
const uint8_t **in, size_t *inlen);
int x509_certificate_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
// x509_cert functions
int x509_cert_sign(
uint8_t *cert, size_t *certlen, size_t maxlen,
int version,
const uint8_t *serial, size_t serial_len,
int signature_algor,
const uint8_t *issuer, size_t issuer_len,
time_t not_before, time_t not_after,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
const uint8_t *subject_unique_id, size_t subject_unique_id_len,
const uint8_t *exts, size_t exts_len,
const SM2_KEY *sign_key,
const char *signer_id, size_t signer_id_len);
int x509_cert_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key,
const char *signer_id, size_t signer_id_len);
int x509_cert_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
const char *signer_id, size_t signer_id_len);
int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
int x509_cert_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
int x509_cert_to_pem(const uint8_t *a, size_t alen, FILE *fp);
int x509_cert_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp);
int x509_cert_from_pem_by_index(uint8_t *a, size_t *alen, size_t maxlen, int index, FILE *fp);
int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, const uint8_t *name, size_t namelen, FILE *fp);
int x509_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
int x509_cert_get_details(const uint8_t *a, size_t alen,
int *version,
const uint8_t **serial_number, size_t *serial_number_len,
int *inner_signature_algor,
const uint8_t **issuer, size_t *issuer_len,
time_t *not_before, time_t *not_after,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
const uint8_t **extensions, size_t *extensions_len,
int *signature_algor,
const uint8_t **signature, size_t *signature_len);
/*
IssuerAndSerialNumber ::= SEQUENCE {
isser Name,
serialNumber INTEGER }
*/
int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
const uint8_t **issuer, size_t *issuer_len,
const uint8_t **serial_number, size_t *serial_number_len);
int x509_cert_get_issuer(const uint8_t *a, size_t alen, const uint8_t **name, size_t *namelen);
int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len);
int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key);
int x509_certs_to_pem(const uint8_t *d, size_t dlen, FILE *fp);
int x509_certs_from_pem(uint8_t *d, size_t *dlen, size_t maxlen, FILE *fp);
int x509_certs_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
int x509_certs_get_cert_by_index(const uint8_t *d, size_t dlen, int index, const uint8_t **cert, size_t *certlen);
int x509_certs_get_cert_by_subject(const uint8_t *d, size_t dlen, const uint8_t *subject, size_t subject_len, const uint8_t **cert, size_t *certlen);
int x509_certs_get_last(const uint8_t *d, size_t dlen, const uint8_t **cert, size_t *certlen);
int x509_certs_get_cert_by_issuer_and_serial_number(
const uint8_t *certs, size_t certs_len,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial, size_t serial_len,
const uint8_t **cert, size_t *cert_len);
typedef enum {
X509_verify_err_cert_revoked = -2,
X509_verify_err_cert_not_yet_valid = -3,
X509_verify_err_cert_has_expired = -4,
X509_verify_err_cert_chain_too_long = -5,
} X509_VERIFY_ERR;
int x509_certs_verify(const uint8_t *certs, size_t certslen,
const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen,
const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
int x509_certs_get_subjects(const uint8_t *certs, size_t certslen, uint8_t *names, size_t *nameslen);
int x509_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int x509_cert_new_from_file(uint8_t **out, size_t *outlen, const char *file);
int x509_certs_new_from_file(uint8_t **out, size_t *outlen, const char *file);
#ifdef __cplusplus
}
#endif
#endif

Some files were not shown because too many files have changed in this diff Show More