first step of v2 final release

go/gmssl/certificate.go

@@ -1,20 +0,0 @@
-/* +build cgo */
-package gmssl
-
-/*
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-*/
-import "C"
-
-import (
-	"errors"
-)
-
-func GetAttributesFromCertificate(cert string) (map[string]string, error) {
-	return nil, errors.New("Not implemented")
-}
-
-func GetPublicKeyFromCertificate(cert string) (*PublicKey, error) {
-	return nil, errors.New("Not implemented")
-}

go/gmssl/cipher.go

@@ -13,8 +13,157 @@ import (
 	"unsafe"
 )
 
-func GetCiphers(aliases bool) []string {
-	return []string{"sms4-cbc", "aes-128-cbc", "aes-256-cbc"}
+/* generated by `gmssl list -cipher-algorithms | sort -f | uniq -i` */
+func GetCipherNames() []string {
+	return []string{
+		"AES-128-CBC",
+		"AES-128-CBC-HMAC-SHA1",
+		"AES-128-CBC-HMAC-SHA256",
+		"AES-128-CFB",
+		"AES-128-CFB1",
+		"AES-128-CFB8",
+		"AES-128-CTR",
+		"AES-128-ECB",
+		"AES-128-OCB",
+		"AES-128-OFB",
+		"AES-128-XTS",
+		"AES-192-CBC",
+		"AES-192-CFB",
+		"AES-192-CFB1",
+		"AES-192-CFB8",
+		"AES-192-CTR",
+		"AES-192-ECB",
+		"AES-192-OCB",
+		"AES-192-OFB",
+		"AES-256-CBC",
+		"AES-256-CBC-HMAC-SHA1",
+		"AES-256-CBC-HMAC-SHA256",
+		"AES-256-CFB",
+		"AES-256-CFB1",
+		"AES-256-CFB8",
+		"AES-256-CTR",
+		"AES-256-ECB",
+		"AES-256-OCB",
+		"AES-256-OFB",
+		"AES-256-XTS",
+		"AES128",
+		"aes128-wrap",
+		"AES192",
+		"aes192-wrap",
+		"AES256",
+		"aes256-wrap",
+		"BF",
+		"BF-CBC",
+		"BF-CFB",
+		"BF-ECB",
+		"BF-OFB",
+		"blowfish",
+		"CAMELLIA-128-CBC",
+		"CAMELLIA-128-CFB",
+		"CAMELLIA-128-CFB1",
+		"CAMELLIA-128-CFB8",
+		"CAMELLIA-128-CTR",
+		"CAMELLIA-128-ECB",
+		"CAMELLIA-128-OFB",
+		"CAMELLIA-192-CBC",
+		"CAMELLIA-192-CFB",
+		"CAMELLIA-192-CFB1",
+		"CAMELLIA-192-CFB8",
+		"CAMELLIA-192-CTR",
+		"CAMELLIA-192-ECB",
+		"CAMELLIA-192-OFB",
+		"CAMELLIA-256-CBC",
+		"CAMELLIA-256-CFB",
+		"CAMELLIA-256-CFB1",
+		"CAMELLIA-256-CFB8",
+		"CAMELLIA-256-CTR",
+		"CAMELLIA-256-ECB",
+		"CAMELLIA-256-OFB",
+		"CAMELLIA128",
+		"CAMELLIA192",
+		"CAMELLIA256",
+		"CAST",
+		"CAST-cbc",
+		"CAST5-CBC",
+		"CAST5-CFB",
+		"CAST5-ECB",
+		"CAST5-OFB",
+		"ChaCha20",
+		"ChaCha20-Poly1305",
+		"DES",
+		"DES-CBC",
+		"DES-CFB",
+		"DES-CFB1",
+		"DES-CFB8",
+		"DES-ECB",
+		"DES-EDE",
+		"DES-EDE-CBC",
+		"DES-EDE-CFB",
+		"DES-EDE-ECB",
+		"DES-EDE-OFB",
+		"DES-EDE3",
+		"DES-EDE3-CBC",
+		"DES-EDE3-CFB",
+		"DES-EDE3-CFB1",
+		"DES-EDE3-CFB8",
+		"DES-EDE3-ECB",
+		"DES-EDE3-OFB",
+		"DES-OFB",
+		"DES3",
+		"des3-wrap",
+		"DESX",
+		"DESX-CBC",
+		"id-aes128-CCM",
+		"id-aes128-GCM",
+		"id-aes128-wrap",
+		"id-aes128-wrap-pad",
+		"id-aes192-CCM",
+		"id-aes192-GCM",
+		"id-aes192-wrap",
+		"id-aes192-wrap-pad",
+		"id-aes256-CCM",
+		"id-aes256-GCM",
+		"id-aes256-wrap",
+		"id-aes256-wrap-pad",
+		"id-smime-alg-CMS3DESwrap",
+		"IDEA",
+		"IDEA-CBC",
+		"IDEA-CFB",
+		"IDEA-ECB",
+		"IDEA-OFB",
+		"RC2",
+		"rc2-128",
+		"rc2-40",
+		"RC2-40-CBC",
+		"rc2-64",
+		"RC2-64-CBC",
+		"RC2-CBC",
+		"RC2-CFB",
+		"RC2-ECB",
+		"RC2-OFB",
+		"RC4",
+		"RC4-40",
+		"RC4-HMAC-MD5",
+		"SEED",
+		"SEED-CBC",
+		"SEED-CFB",
+		"SEED-ECB",
+		"SEED-OFB",
+		"SMS4",
+		"SMS4-CBC",
+		"SMS4-CCM",
+		"SMS4-CFB",
+		"SMS4-CFB1",
+		"SMS4-CFB8",
+		"SMS4-CTR",
+		"SMS4-ECB",
+		"SMS4-GCM",
+		"SMS4-OCB",
+		"SMS4-OFB",
+		"SMS4-WRAP",
+		"SMS4-WRAP-PAD",
+		"SMS4-XTS",
+	}
 }
 
 func GetCipherKeyLength(name string) (int, error) {
@@ -27,7 +176,7 @@ func GetCipherKeyLength(name string) (int, error) {
 	return int(C.EVP_CIPHER_key_length(cipher)), nil
 }
 
-func GetCipherBlockSize(name string) (int, error) {
+func GetCipherBlockLength(name string) (int, error) {
 	cname := C.CString(name)
 	defer C.free(unsafe.Pointer(cname))
 	cipher := C.EVP_get_cipherbyname(cname)
@@ -51,7 +200,7 @@ type CipherContext struct {
 	ctx *C.EVP_CIPHER_CTX
 }
 
-func NewCipherContext(name string, args map[string]string, key, iv []byte, encrypt bool) (
+func NewCipherContext(name string, eng *Engine, key, iv []byte, encrypt bool) (
 	*CipherContext, error) {
 
 	cname := C.CString(name)

go/gmssl/cms.go

@@ -1,2 +0,0 @@
-/* +build cgo */
-package gmssl

go/gmssl/digest.go

@@ -14,8 +14,30 @@ import (
 	"unsafe"
 )
 
-func GetDigests(aliases bool) []string {
-	return []string{"sm3", "sha1", "sha256"}
+func GetDigestNames() []string {
+	return []string{
+		"BLAKE2b512",
+		"BLAKE2s256",
+		"MD4",
+		"MD5",
+		"MD5-SHA1",
+		"MDC2",
+		"RIPEMD160",
+		"rmd160",
+		"SHA1",
+		"SHA224",
+		"SHA256",
+		"SHA384",
+		"SHA512",
+		"SM3",
+		"SHA1",
+		"SHA224",
+		"SHA256",
+		"SHA384",
+		"SHA512",
+		"SM3",
+		"whirlpool",
+	}
 }
 
 func GetDigestLength(name string) (int, error) {
@@ -32,7 +54,7 @@ type DigestContext struct {
 	ctx *C.EVP_MD_CTX
 }
 
-func NewDigestContext(name string, args map[string]string) (*DigestContext, error) {
+func NewDigestContext(name string, eng *Engine) (*DigestContext, error) {
 	cname := C.CString(name)
 	defer C.free(unsafe.Pointer(cname))
 	md := C.EVP_get_digestbyname(cname)

go/gmssl/engine.go

@@ -2,85 +2,119 @@
 package gmssl
 
 /*
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
 #include <openssl/engine.h>
+
+char *get_errors() {
+	char *ret;
+	BIO *bio;
+	char *data;
+	long len;
+	if (!(bio = BIO_new(BIO_s_mem()))) {
+		return (char *)NULL;
+	}
+	ERR_print_errors(bio);
+	len = BIO_get_mem_data(bio, &data);
+	ret = OPENSSL_strdup(data);
+	BIO_free(bio);
+	return ret;
+}
+
+EVP_PKEY *load_private_key_from_engine(ENGINE *e, const char *key_id,
+	const char *pass)
+{
+	return (EVP_PKEY *)NULL;
+}
 */
 import "C"
 
 import (
-	"runtime"
 	"errors"
+	"runtime"
 	"unsafe"
-	"fmt"
 )
 
 func GetEngineNames() []string {
-	return []string{"skf", "sdf"}
+	engines := []string{}
+	C.ENGINE_load_builtin_engines()
+	eng := C.ENGINE_get_first()
+	for {
+		if eng == nil {
+			break
+		}
+		engines = append(engines, C.GoString(C.ENGINE_get_id(eng)))
+		eng = C.ENGINE_get_next(eng)
+	}
+	C.ENGINE_free(eng)
+	return engines
 }
 
 type Engine struct {
-	engine *C.ENGINE
+	engine *C.ENGINE;
 }
 
-func OpenEngine(name string, args map[string]string) (*Engine, error) {
+func GetEngineByName(name string) (*Engine, error) {
 	cname := C.CString(name)
 	defer C.free(unsafe.Pointer(cname))
-
-	engine := C.ENGINE_by_id(cname)
-	if engine == nil {
-		return nil, fmt.Errorf("shit")
+	eng := C.ENGINE_by_id(cname)
+	if eng == nil {
+		cerrors := C.get_errors()
+		return nil, errors.New(C.GoString(cerrors))
 	}
-
-	ret := &Engine{engine}
+	ret := &Engine{eng}
 	runtime.SetFinalizer(ret, func(ret *Engine) {
+		C.ENGINE_finish(ret.engine)
 		C.ENGINE_free(ret.engine)
 	})
+	if 1 != C.ENGINE_init(eng) {
+		cerrors := C.get_errors()
+		return nil, errors.New(C.GoString(cerrors))
+	}
 	return ret, nil
 }
 
-func (eng *Engine) ExecuteCommand(cmd_name string, arg string, optinal bool) error {
-	ccmd := C.CString(cmd_name)
-	defer C.free(unsafe.Pointer(ccmd))
+func (e *Engine) RunCommand(name, arg string) error {
+	cname := C.CString(name)
+	defer C.free(unsafe.Pointer(cname))
 	carg := C.CString(arg)
 	defer C.free(unsafe.Pointer(carg))
-
-	if 1 != C.ENGINE_ctrl_cmd_string(eng.engine, ccmd, carg, 0) {
-		return errors.New("Not implemented")
+	if 1 != C.ENGINE_ctrl_cmd_string(e.engine, cname, carg, 0) {
+		cerrors := C.get_errors()
+		return errors.New(C.GoString(cerrors))
 	}
 	return nil
 }
 
-func (eng *Engine) LoadPrivateKey(key_id string, args map[string]string) (*PrivateKey, error) {
-	cid := C.CString(key_id)
+func (e *Engine) LoadConfigFile(path string) error {
+	return errors.New("Engine.LoadConfigFile() not implemented")
+}
+
+func (e *Engine) GetPrivateKey(id string, pass string) (*PrivateKey, error) {
+	cid := C.CString(id)
 	defer C.free(unsafe.Pointer(cid))
-
-	pkey := C.ENGINE_load_private_key(eng.engine, cid, C.NULL, C.NULL)
-	if pkey == nil {
-		return nil, fmt.Errorf("shit")
+	cpass := C.CString(pass)
+	defer C.free(unsafe.Pointer(cpass))
+	sk := C.load_private_key_from_engine(e.engine, cid, cpass)
+	if sk == nil {
+		cerrors := C.get_errors()
+		return nil, errors.New(C.GoString(cerrors))
 	}
-
-	ret := &PrivateKey{pkey}
-	runtime.SetFinalizer(ret, func(ret *PrivateKey) {
-		C.EVP_PKEY_free(ret.pkey)
-	})
-	return ret, nil
+	return &PrivateKey{sk}, nil
 }
 
-func (eng *Engine) LoadPublicKey(key_id string, args map[string]string) (*PublicKey, error) {
-	cid := C.CString(key_id)
+func (e *Engine) GetPublicKey(id string) (
+	*PublicKey, error) {
+	cid := C.CString(id)
 	defer C.free(unsafe.Pointer(cid))
-
-	pkey := C.ENGINE_load_public_key(eng.engine, cid, C.NULL, C.NULL)
-	if pkey == nil {
-		return nil, fmt.Errorf("shit")
-	}
-
-	ret := &PublicKey{pkey}
-	runtime.SetFinalizer(ret, func(ret *PublicKey) {
-		C.EVP_PKEY_free(ret.pkey)
-	})
-	return ret, nil
-}
-
-func (eng *Engine) LoadCertificate(ca_dn []string, args map[string]string) (string, error) {
-	return "", errors.New("Not implemented")
+	//pk := C.ENGINE_load_public_key(e.engine, cid, C.NULL, C.NULL)
+	//if pk == nil {
+	//	cerrors := C.get_errors()
+	//	return nil, errors.New(C.GoString(cerrors))
+	//}
+	//return &PublicKey{pk}, nil
+	return nil, nil
 }

go/gmssl/error.go

@@ -0,0 +1,32 @@
+/* +build cgo */
+package gmssl
+
+/*
+#include <openssl/err.h>
+#include <openssl/bio.h>
+
+long bio_get_mem_data(BIO *bio, char **pp) {
+	return BIO_get_mem_data(bio, pp);
+}
+
+*/
+import "C"
+
+import (
+	"errors"
+)
+
+func GetErrors() error {
+	bio := C.BIO_new(C.BIO_s_mem())
+	if bio == nil {
+		return errors.New("GetErrors function failure")
+	}
+	defer C.BIO_free(bio)
+	C.ERR_print_errors(bio)
+	var p *C.char
+	len := C.bio_get_mem_data(bio, &p)
+	if len <= 0 {
+		return errors.New("GetErrors function failure")
+	}
+	return errors.New(C.GoString(p))
+}

go/gmssl/ibc.go

@@ -1,56 +0,0 @@
-/* +build cgo */
-package gmssl
-
-/*
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-*/
-import "C"
-
-import (
-	"errors"
-	"unsafe"
-)
-
-func GetIdentityBasedCryptoSchemes(aliases bool) []string {
-	return []string{"CPK", "SM9", "BFIBE", "BB1IBE"}
-}
-
-type MasterSecret struct {
-	pkey *C.EVP_PKEY
-}
-
-type PublicParams struct {
-	pkey *C.EVP_PKEY
-}
-
-func IdentityBasedCryptoSetup() {
-}
-
-func IdentityBasedCryptoExportPrivateKey() {
-}
-
-func IdentityBasedCryptoExportPublicKey() {
-}
-
-func IdentityBasedEncrypt() {
-}
-
-func IdentityBasedDecrypt() {
-}
-
-func IdentityBasedSign() {
-}
-
-func IdentityBasedVerify() {
-}
-
-func GetCipherKeyLength(name string) (int, error) {
-	cname := C.CString(name)
-	defer C.free(unsafe.Pointer(cname))
-	cipher := C.EVP_get_cipherbyname(cname)
-	if cipher == nil {
-		return 0, errors.New("Invalid cipher name")
-
-
-

go/gmssl/mac.go

@@ -15,8 +15,30 @@ import (
 	"unsafe"
 )
 
-func GetMacs(aliases bool) []string {
-	return []string{"hello", "world"}
+func GetMacNames(aliases bool) []string {
+	return []string{
+		"HMAC-BLAKE2b512",
+		"HMAC-BLAKE2s256",
+		"HMAC-MD4",
+		"HMAC-MD5",
+		"HMAC-MD5-SHA1",
+		"HMAC-MDC2",
+		"HMAC-RIPEMD160",
+		"HMAC-rmd160",
+		"HMAC-SHA1",
+		"HMAC-SHA224",
+		"HMAC-SHA256",
+		"HMAC-SHA384",
+		"HMAC-SHA512",
+		"HMAC-SM3",
+		"HMAC-SHA1",
+		"HMAC-SHA224",
+		"HMAC-SHA256",
+		"HMAC-SHA384",
+		"HMAC-SHA512",
+		"HMAC-SM3",
+		"HMAC-whirlpool",
+	}
 }
 
 func GetMacKeyLength(name string) (int, error) {
@@ -31,7 +53,7 @@ type MACContext struct {
 	hctx *C.HMAC_CTX
 }
 
-func NewMACContext(name string, args map[string]string, key []byte) (*MACContext, error) {
+func NewMACContext(name string, eng *Engine, key []byte) (*MACContext, error) {
 	cname := C.CString(name)
 	defer C.free(unsafe.Pointer(cname))
 	md := C.EVP_get_digestbyname(cname)

go/gmssl/ocsp.go

@@ -1,2 +0,0 @@
-/* +build cgo */
-package gmssl

go/gmssl/otp.go

@@ -1,24 +0,0 @@
-/* +build cgo */
-package gmssl
-
-/*
-#include <openssl/otp.h>
-*/
-import "C"
-
-import (
-	"errors"
-	"fmt"
-	"runtime"
-	"unsafe"
-)
-
-func GetOTPAlgors(aliases bool) []string {
-	return []string{"sms4-cbc", "aes-128-cbc", "aes-256-cbc"}
-}
-
-func GenerateOTPKey() []byte {
-}
-
-func GenerateOneTimePassword() string {
-}

go/gmssl/pbkdf.go

@@ -1,36 +0,0 @@
-/* +build cgo */
-package gmssl
-
-/*
-#include <openssl/evp.h>
-*/
-import "C"
-
-import (
-	"errors"
-)
-
-/*
-int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
-                      const unsigned char *salt, int saltlen, int iter,
-                      const EVP_MD *digest, int keylen, unsigned char *out);
-int EVP_PBE_scrypt(const char *pass, size_t passlen,
-                   const unsigned char *salt, size_t saltlen,
-                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
-                   unsigned char *key, size_t keylen);
-*/
-
-func GetKeyDeriveFunctions(aliases bool) []string {
-	return []string{"PBKDF", "PBKDF2", "scrypt"}
-}
-
-func DeriveKeyFromPassword(algor string, args map[string]string, password string, salt []byte, keylen int) ([]byte, error) {
-	if algor == "PBKDF2" {
-		if 1 != PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, md, keylen, out) {
-		}
-	else if algor == "scrypt" {
-		if 1 != gmssl_scrypt()
-	} else {
-		return nil, errors.New("Not implemented")
-	}
-}

go/gmssl/pkey.go

@@ -2,28 +2,460 @@
 package gmssl
 
 /*
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/ec.h>
+#include <openssl/sm2.h>
+#include <openssl/bio.h>
 #include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
+#include <openssl/opensslconf.h>
+
+extern long bio_get_mem_data(BIO *bio, char **pp);
+
+
+
+EVP_PKEY_CTX *new_pkey_keygen_ctx(const char *alg, ENGINE *e)
+{
+	int pkey_id;
+
+
+	return NULL;
+}
+
+EVP_PKEY *pem_read_bio_pubkey(BIO *bio) {
+	return PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
+}
+
+int pem_write_bio_pubkey(BIO *bio, EVP_PKEY *pkey) {
+	return PEM_write_bio_PUBKEY(bio, pkey);
+}
+
+int pem_write_bio_privatekey(BIO *bio, EVP_PKEY *pkey,
+	const EVP_CIPHER *cipher, const char *pass) {
+	return PEM_write_bio_PrivateKey(bio, pkey, cipher, NULL, 0, NULL, (void *)pass);
+}
+
+int sign_nids[] = {
+#ifndef OPENSSL_NO_SM2
+	NID_sm2sign,
+#endif
+	NID_ecdsa_with_Recommended,
+#ifndef OPENSSL_NO_SHA
+	NID_ecdsa_with_SHA1,
+	NID_ecdsa_with_SHA256,
+	NID_ecdsa_with_SHA512,
+# ifndef OPENSSL_NO_RSA
+	NID_sha1WithRSAEncryption,
+	NID_sha256WithRSAEncryption,
+	NID_sha512WithRSAEncryption,
+# endif
+# ifndef OPENSSL_NO_DSA
+	NID_dsaWithSHA1,
+# endif
+#endif
+};
+
+static int get_sign_info(const char *alg, int *ppkey_type,
+	const EVP_MD **pmd, int *pec_scheme)
+{
+	int pkey_type;
+	const EVP_MD *md = NULL;
+	int ec_scheme = -1;
+
+	switch (OBJ_txt2nid(alg)) {
+	case NID_sm2sign:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_sm_scheme;
+		break;
+	case NID_ecdsa_with_Recommended:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		break;
+	case NID_ecdsa_with_SHA1:
+		pkey_type = EVP_PKEY_EC;
+		md = EVP_sha1();
+		ec_scheme = NID_secg_scheme;
+		break;
+	case NID_ecdsa_with_SHA256:
+		pkey_type = EVP_PKEY_EC;
+		md = EVP_sha256();
+		ec_scheme = NID_secg_scheme;
+		break;
+	case NID_ecdsa_with_SHA512:
+		pkey_type = EVP_PKEY_EC;
+		md = EVP_sha512();
+		ec_scheme = NID_secg_scheme;
+		break;
+	case NID_sha1WithRSAEncryption:
+		pkey_type = EVP_PKEY_RSA;
+		md = EVP_sha1();
+		break;
+	case NID_sha256WithRSAEncryption:
+		pkey_type = EVP_PKEY_RSA;
+		md = EVP_sha256();
+		break;
+	case NID_sha512WithRSAEncryption:
+		pkey_type = EVP_PKEY_RSA;
+		md = EVP_sha512();
+		break;
+	case NID_dsaWithSHA1:
+		pkey_type = EVP_PKEY_DSA;
+		md = EVP_sha1();
+		break;
+	default:
+		return 0;
+	}
+
+	*ppkey_type = pkey_type;
+	*pmd = md;
+	*pec_scheme = ec_scheme;
+
+	return 1;
+}
+
+int pke_nids[] = {
+#ifndef OPENSSL_NO_RSA
+	NID_rsaesOaep,
+#endif
+#ifndef OPENSSL_NO_ECIES
+	NID_ecies_recommendedParameters,
+	NID_ecies_specifiedParameters,
+# ifndef OPENSSL_NO_SHA
+	NID_ecies_with_x9_63_sha1_xor_hmac,
+	NID_ecies_with_x9_63_sha256_xor_hmac,
+	NID_ecies_with_x9_63_sha512_xor_hmac,
+	NID_ecies_with_x9_63_sha1_aes128_cbc_hmac,
+	NID_ecies_with_x9_63_sha256_aes128_cbc_hmac,
+	NID_ecies_with_x9_63_sha512_aes256_cbc_hmac,
+	NID_ecies_with_x9_63_sha256_aes128_ctr_hmac,
+	NID_ecies_with_x9_63_sha512_aes256_ctr_hmac,
+	NID_ecies_with_x9_63_sha256_aes128_cbc_hmac_half,
+	NID_ecies_with_x9_63_sha512_aes256_cbc_hmac_half,
+	NID_ecies_with_x9_63_sha256_aes128_ctr_hmac_half,
+	NID_ecies_with_x9_63_sha512_aes256_ctr_hmac_half,
+	NID_ecies_with_x9_63_sha1_aes128_cbc_cmac,
+	NID_ecies_with_x9_63_sha256_aes128_cbc_cmac,
+	NID_ecies_with_x9_63_sha512_aes256_cbc_cmac,
+	NID_ecies_with_x9_63_sha256_aes128_ctr_cmac,
+	NID_ecies_with_x9_63_sha512_aes256_ctr_cmac,
+# endif
+#endif
+#ifndef OPENSSL_NO_SM2
+	NID_sm2encrypt_with_sm3,
+# ifndef OPENSSL_NO_SHA
+	NID_sm2encrypt_with_sha1,
+	NID_sm2encrypt_with_sha256,
+	NID_sm2encrypt_with_sha512,
+# endif
+#endif
+};
+
+static int get_pke_info(const char *alg, int *ppkey_type,
+	int *pec_scheme, int *pec_encrypt_param)
+{
+	int pkey_type = 0;
+	int ec_scheme = 0;
+	int ec_encrypt_param = 0;
+
+	switch (OBJ_txt2nid(alg)) {
+	case NID_rsaesOaep:
+		pkey_type = EVP_PKEY_RSA;
+		break;
+	case NID_ecies_recommendedParameters:
+	case NID_ecies_specifiedParameters:
+	case NID_ecies_with_x9_63_sha1_xor_hmac:
+	case NID_ecies_with_x9_63_sha256_xor_hmac:
+	case NID_ecies_with_x9_63_sha512_xor_hmac:
+	case NID_ecies_with_x9_63_sha1_aes128_cbc_hmac:
+	case NID_ecies_with_x9_63_sha256_aes128_cbc_hmac:
+	case NID_ecies_with_x9_63_sha512_aes256_cbc_hmac:
+	case NID_ecies_with_x9_63_sha256_aes128_ctr_hmac:
+	case NID_ecies_with_x9_63_sha512_aes256_ctr_hmac:
+	case NID_ecies_with_x9_63_sha256_aes128_cbc_hmac_half:
+	case NID_ecies_with_x9_63_sha512_aes256_cbc_hmac_half:
+	case NID_ecies_with_x9_63_sha256_aes128_ctr_hmac_half:
+	case NID_ecies_with_x9_63_sha512_aes256_ctr_hmac_half:
+	case NID_ecies_with_x9_63_sha1_aes128_cbc_cmac:
+	case NID_ecies_with_x9_63_sha256_aes128_cbc_cmac:
+	case NID_ecies_with_x9_63_sha512_aes256_cbc_cmac:
+	case NID_ecies_with_x9_63_sha256_aes128_ctr_cmac:
+	case NID_ecies_with_x9_63_sha512_aes256_ctr_cmac:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ec_encrypt_param = OBJ_txt2nid(alg);
+		break;
+	case NID_sm2encrypt_with_sm3:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_sm_scheme;
+		ec_encrypt_param = NID_sm3;
+		break;
+	case NID_sm2encrypt_with_sha1:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_sm_scheme;
+		ec_encrypt_param = NID_sha1;
+		break;
+	case NID_sm2encrypt_with_sha256:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_sm_scheme;
+		ec_encrypt_param = NID_sha256;
+		break;
+	case NID_sm2encrypt_with_sha512:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_sm_scheme;
+		ec_encrypt_param = NID_sha512;
+		break;
+	default:
+		return 0;
+	}
+
+	*ppkey_type = pkey_type;
+	*pec_scheme = ec_scheme;
+	*pec_encrypt_param = ec_encrypt_param;
+
+	return 1;
+}
+
+int exch_nids[] = {
+#ifndef OPENSSL_NO_SM2
+	NID_sm2exchange,
+#endif
+#ifndef OPENSSL_NO_SHA
+	NID_dhSinglePass_stdDH_sha1kdf_scheme,
+	NID_dhSinglePass_stdDH_sha224kdf_scheme,
+	NID_dhSinglePass_stdDH_sha256kdf_scheme,
+	NID_dhSinglePass_stdDH_sha384kdf_scheme,
+	NID_dhSinglePass_stdDH_sha512kdf_scheme,
+	NID_dhSinglePass_cofactorDH_sha1kdf_scheme,
+	NID_dhSinglePass_cofactorDH_sha224kdf_scheme,
+	NID_dhSinglePass_cofactorDH_sha256kdf_scheme,
+	NID_dhSinglePass_cofactorDH_sha384kdf_scheme,
+	NID_dhSinglePass_cofactorDH_sha512kdf_scheme,
+#endif
+#ifndef OPENSSL_NO_DH
+	NID_dhKeyAgreement,
+#endif
+};
+
+static int get_exch_info(const char *alg, int *ppkey_type, int *pec_scheme,
+	int *pecdh_cofactor_mode, int *pecdh_kdf_type, int *pecdh_kdf_md,
+	int *pecdh_kdf_outlen, char **pecdh_kdf_ukm, int *pecdh_kdf_ukmlen)
+{
+	int pkey_type = 0;
+	int ec_scheme = 0;
+	int ecdh_cofactor_mode = 0;
+	int ecdh_kdf_type = 0;
+	int ecdh_kdf_md = 0;
+	int ecdh_kdf_outlen = 0;
+	char *ecdh_kdf_ukm = NULL;
+	int ecdh_kdf_ukmlen = 0;
+
+	switch (OBJ_txt2nid(alg)) {
+	case NID_sm2exchange:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_sm_scheme;
+		ecdh_kdf_md = NID_sm3;
+		break;
+	case NID_dhSinglePass_stdDH_sha1kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 0;
+		ecdh_kdf_type = NID_sha1;
+		break;
+	case NID_dhSinglePass_stdDH_sha224kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 0;
+		ecdh_kdf_type = NID_sha224;
+		break;
+	case NID_dhSinglePass_stdDH_sha256kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 0;
+		ecdh_kdf_type = NID_sha256;
+		break;
+	case NID_dhSinglePass_stdDH_sha384kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 0;
+		ecdh_kdf_type = NID_sha384;
+		break;
+	case NID_dhSinglePass_stdDH_sha512kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 0;
+		ecdh_kdf_type = NID_sha512;
+		break;
+	case NID_dhSinglePass_cofactorDH_sha1kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 1;
+		ecdh_kdf_type = NID_sha1;
+		break;
+	case NID_dhSinglePass_cofactorDH_sha224kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 1;
+		ecdh_kdf_type = NID_sha224;
+		break;
+	case NID_dhSinglePass_cofactorDH_sha256kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 1;
+		ecdh_kdf_type = NID_sha256;
+		break;
+	case NID_dhSinglePass_cofactorDH_sha384kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 1;
+		ecdh_kdf_type = NID_sha384;
+		break;
+	case NID_dhSinglePass_cofactorDH_sha512kdf_scheme:
+		pkey_type = EVP_PKEY_EC;
+		ec_scheme = NID_secg_scheme;
+		ecdh_cofactor_mode = 1;
+		ecdh_kdf_type = NID_sha512;
+		break;
+	case NID_dhKeyAgreement:
+		pkey_type = EVP_PKEY_DH;
+		break;
+	default:
+		return 0;
+	}
+
+	*ppkey_type = pkey_type;
+	*pec_scheme = ec_scheme;
+	*pecdh_cofactor_mode = ecdh_cofactor_mode;
+	*pecdh_kdf_type = ecdh_kdf_type;
+	*pecdh_kdf_md = ecdh_kdf_md;
+	*pecdh_kdf_outlen = ecdh_kdf_outlen;
+	*pecdh_kdf_ukm = ecdh_kdf_ukm;
+	*pecdh_kdf_ukmlen = ecdh_kdf_ukmlen;
+
+	return 1;
+}
+
+unsigned char *pk_encrypt(EVP_PKEY *pk, const char *alg, const unsigned char *in,
+	size_t inlen, size_t *outlen, ENGINE *e) {
+	int pkey_id, ec_scheme, ec_encrypt_param;
+	if (!get_pke_info(alg, &pkey_id, ec_scheme, &ec_encrypt_param)) {
+		return NULL;
+	}
+	if (pkey_id != EVP_PKEY_id(pk)) {
+		return NULL;
+	}
+	if (!(ctx = EVP_PKEY_CTX_new(pk, e))) {
+	}
+	if (!EVP_PKEY_encrypt_init(ctx)) {
+	}
+	if (!EVP_PKEY_CTX_set_ec_scheme(ctx, ec_scheme)) {
+	}
+	if (!EVP_PKEY_CTX_set_ec_encrypt_param(ctx, ec_encrypt_param)) {
+	}
+	if (!EVP_PKEY_CTX_encrypt(ctx, outbuf, outlen, in, inlen)) {
+	}
+	return NULL;
+}
+
+unsigned char *sk_decrypt(EVP_PKEY *sk, const char *alg, const unsigned char *in,
+	size_t inlen, size_t *outlen, ENGINE *e) {
+	return NULL;
+}
+
+unsigned char *sk_sign(EVP_PKEY *sk, const char *alg, const unsigned char *dgst,
+	size_t dgstlen, size_t *siglen, ENGINE *e) {
+	return NULL;
+}
+
+int pk_verify(EVP_PKEY *pk, const char *alg, const unsigned char *dgst,
+	size_t dgstlen, const unsigned char *sig, size_t siglen, ENGINE *e) {
+	return 0;
+}
+
+unsigned char *sk_derive(EVP_PKEY *sk, const char *alg, EVP_PKEY *peer,
+	size_t *outlen, ENGINE *e) {
+	return NULL;
+}
+
 */
 import "C"
 
 import (
-	"errors"
+	"unsafe"
+	"runtime"
 )
 
-func GetPublicKeyTypes(aliases bool) []string {
-	return []string{"RSA", "DH", "DSA"}
+func GetPublicKeyAlgorithmNames() []string {
+	return []string{
+		"DH",
+		"DSA",
+		"EC",
+		"RSA",
+		"SM2",
+		"X25519",
+	}
 }
 
-func GetSignatureSchemes(publicKeyType string, aliases bool) []string {
-	return []string{"RSA", "DSA", "ECDSA", "SM2"}
+func GetSignAlgorithmNames(pkey string) ([]string, error) {
+	return []string{
+		"sm2sign",
+		"ecdsa-with-Recommended",
+		"ecdsa-with-SHA1",
+		"ecdsa-with-SHA256",
+		"ecdsa-with-SHA512",
+		"RSA-SHA1",
+		"RSA-SHA256",
+		"RSA-SHA512",
+		"DSA-SHA1",
+	}
 }
 
-func GetPublicKeyEncryptions(publicKeyType string, aliases bool) []string {
-	return []string{"RSA", "ECIES", "SM2"}
+func GetPublicKeyEncryptionNames(pkey string) ([]string, error) {
+	return []string{
+		"RSAES-OAEP",
+		"ecies-recommendedParameters",
+		"ecies-specifiedParameters",
+		"ecies-with-x9-63-sha1-xor-hmac",
+		"ecies-with-x9-63-sha256-xor-hmac",
+		"ecies-with-x9-63-sha512-xor-hmac",
+		"ecies-with-x9-63-sha1-aes128-cbc-hmac",
+		"ecies-with-x9-63-sha256-aes128-cbc-hmac",
+		"ecies-with-x9-63-sha512-aes256-cbc-hmac",
+		"ecies-with-x9-63-sha256-aes128-ctr-hmac",
+		"ecies-with-x9-63-sha512-aes256-ctr-hmac",
+		"ecies-with-x9-63-sha256-aes128-cbc-hmac-half",
+		"ecies-with-x9-63-sha512-aes256-cbc-hmac-half",
+		"ecies-with-x9-63-sha256-aes128-ctr-hmac-half",
+		"ecies-with-x9-63-sha512-aes256-ctr-hmac-half",
+		"ecies-with-x9-63-sha1-aes128-cbc-cmac",
+		"ecies-with-x9-63-sha256-aes128-cbc-cmac",
+		"ecies-with-x9-63-sha512-aes256-cbc-cmac",
+		"ecies-with-x9-63-sha256-aes128-ctr-cmac",
+		"ecies-with-x9-63-sha512-aes256-ctr-cmac",
+		"sm2encrypt-with-sm3",
+		"sm2encrypt-with-sha1",
+		"sm2encrypt-with-sha256",
+		"sm2encrypt-with-sha512",
+	}
 }
 
-func GetKeyExchanges(publicKeyType string, aliases bool) []string {
-	return []string{"DH", "ECDH", "SM2"}
+func GetDeriveKeyAlgorithmNames(pkey string) ([]string, error) {
+	return []string{
+		"sm2exchange",
+		"dhSinglePass-stdDH-sha1kdf-scheme",
+		"dhSinglePass-stdDH-sha224kdf-scheme",
+		"dhSinglePass-stdDH-sha256kdf-scheme",
+		"dhSinglePass-stdDH-sha384kdf-scheme",
+		"dhSinglePass-stdDH-sha512kdf-scheme",
+		"dhSinglePass-cofactorDH-sha1kdf-scheme",
+		"dhSinglePass-cofactorDH-sha224kdf-scheme",
+		"dhSinglePass-cofactorDH-sha256kdf-scheme",
+		"dhSinglePass-cofactorDH-sha384kdf-scheme",
+		"dhSinglePass-cofactorDH-sha512kdf-scheme",
+		"dhKeyAgreement",
+	}
 }
 
 type PublicKey struct {
@@ -34,116 +466,258 @@ type PrivateKey struct {
 	pkey *C.EVP_PKEY
 }
 
-func GenerateKeyPair(publicKeyType string, args map[string]string, bits int) (*PublicKey, *PrivateKey, error) {
-	return nil, nil, errors.New("Not implemented")
-}
-
-func LoadPublicKey(publicKeyType string, args map[string]string, data []byte) (*PublicKey, error) {
-	return nil, errors.New("Not implemented")
-}
-
-func LoadPrivateKey(publicKeyType string, args map[string]string, data []byte) (*PrivateKey, error) {
-	return nil, errors.New("Not implemented")
-}
-
-func (pkey *PublicKey) Save(args map[string]string) ([]byte, error) {
-	return nil, errors.New("Not implemented")
-}
-
-func (pkey *PrivateKey) Save(args map[string]string) ([]byte, error) {
-	return nil, errors.New("Not implemented")
-}
-
-func (pkey *PublicKey) GetAttributes(args map[string]string) (map[string]string, error) {
-	return nil, errors.New("Not implemented")
-}
-
-func (pkey *PrivateKey) GetAttributes(args map[string]string) (map[string]string, error) {
-	return nil, errors.New("Not implemented")
-}
-
-func (pkey *PublicKey) Encrypt(scheme string, args map[string]string, in []byte) ([]byte, error) {
-	ctx := C.EVP_PKEY_CTX_new(pkey.pkey, nil)
+func GeneratePrivateKey(alg string, args map[string]string, eng Engine) (*PrivateKey, error) {
+	calg := C.CString(alg)
+	defer C.free(unsafe.Pointer(calg))
+	ctx := C.new_pkey_keygen_ctx(calg, eng.engine)
 	if ctx == nil {
-		return nil, errors.New("Failure")
+		return nil, GetErrors()
 	}
-	if 1 != C.EVP_PKEY_encrypt_init(ctx) {
-		return nil, errors.New("Failurew")
+	var pkey *C.EVP_PKEY
+
+	if alg == "DH" || alg == "DSA" {
+
+		if 1 != C.EVP_PKEY_paramgen_init(ctx) {
+			return nil, GetErrors()
+		}
+		for name, value := range args {
+			cname := C.CString(name)
+			defer C.free(unsafe.Pointer(cname))
+			cvalue := C.CString(value)
+			defer C.free(unsafe.Pointer(cvalue))
+			if C.EVP_PKEY_CTX_ctrl_str(ctx, cname, cvalue) <= 0 {
+				return nil, GetErrors()
+			}
+		}
+		if 1 != C.EVP_PKEY_paramgen(ctx, &pkey) {
+			return nil, GetErrors()
+		}
+		if 1 != C.EVP_PKEY_keygen_init(ctx) {
+			return nil, GetErrors()
+		}
+		if 1 != C.EVP_PKEY_keygen(ctx, &pkey) {
+			return nil, GetErrors()
+		}
+
+	} else {
+		if 1 != C.EVP_PKEY_keygen_init(ctx) {
+			return nil, GetErrors()
+		}
+
+		for name, value := range args {
+			cname := C.CString(name)
+			defer C.free(unsafe.Pointer(cname))
+			cvalue := C.CString(value)
+			defer C.free(unsafe.Pointer(cvalue))
+			if C.EVP_PKEY_CTX_ctrl_str(ctx, cname, cvalue) <= 0 {
+				return nil, GetErrors()
+			}
+		}
+
+		if 1 != C.EVP_PKEY_keygen(ctx, &pkey) {
+			return nil, GetErrors()
+		}
 	}
-	outbuf := make([]byte, len(in) + 1024)
-	outlen := C.size_t(len(outbuf))
-	if 1 != C.EVP_PKEY_encrypt(ctx, (*C.uchar)(&outbuf[0]), &outlen,
-		(*C.uchar)(&in[0]), C.size_t(len(in))) {
-		return nil, errors.New("Failurew")
-	}
-	return outbuf[:outlen], nil
+
+	sk := &PrivateKey{pkey}
+	runtime.SetFinalizer(sk, func(sk *PrivateKey) {
+		C.EVP_PKEY_free(sk.pkey)
+	})
+
+	return sk, nil
 }
 
-func (pkey *PrivateKey) Decrypt(scheme string, args map[string]string, in []byte) ([]byte, error) {
-	ctx := C.EVP_PKEY_CTX_new(pkey.pkey, nil)
-	if ctx == nil {
-		return nil, errors.New("Failure")
+func NewPrivateKeyFromPEM(pem string, pass string) (*PrivateKey, error) {
+	cpem := C.CString(pem)
+	defer C.free(unsafe.Pointer(cpem))
+	cpass := C.CString(pass)
+	defer C.free(unsafe.Pointer(cpass))
+	bio := C.BIO_new_mem_buf(unsafe.Pointer(cpem), -1)
+	if bio == nil {
+		return nil, GetErrors()
 	}
-	if 1 != C.EVP_PKEY_decrypt_init(ctx) {
-		return nil, errors.New("Failure")
+	defer C.BIO_free(bio)
+	pkey := C.PEM_read_bio_PrivateKey(bio, nil, nil, unsafe.Pointer(cpass))
+	if pkey == nil {
+		return nil, GetErrors()
 	}
-	outbuf := make([]byte, len(in))
-	outlen := C.size_t(len(outbuf))
-	if 1 != C.EVP_PKEY_decrypt(ctx, (*C.uchar)(&outbuf[0]), &outlen,
-		(*C.uchar)(&in[0]), C.size_t(len(in))) {
-		return nil, errors.New("Failure")
-	}
-	return outbuf[:outlen], nil
+	sk := &PrivateKey{pkey}
+	runtime.SetFinalizer(sk, func(sk *PrivateKey) {
+		C.EVP_PKEY_free(sk.pkey)
+	})
+	return sk, nil
 }
 
-func (pkey *PrivateKey) Sign(scheme string, args map[string]string, data []byte) ([]byte, error) {
-	ctx := C.EVP_PKEY_CTX_new(pkey.pkey, nil)
-	if ctx == nil {
-		return nil, errors.New("Failure")
+func (sk *PrivateKey) GetPEM(cipher string, pass string) (string, error) {
+	ccipher := C.CString(cipher)
+	defer C.free(unsafe.Pointer(ccipher))
+	cpass := C.CString(pass)
+	defer C.free(unsafe.Pointer(cpass))
+
+	bio := C.BIO_new(C.BIO_s_mem())
+	if bio == nil {
+		return "", GetErrors()
 	}
-	if 1 != C.EVP_PKEY_sign_init(ctx) {
-		return nil, errors.New("Failure")
+	defer C.BIO_free(bio)
+
+	enc := C.EVP_get_cipherbyname(ccipher)
+	if enc == nil {
+		return "", GetErrors()
 	}
-	outbuf := make([]byte, C.EVP_PKEY_size(pkey.pkey))
-	outlen := C.size_t(len(outbuf))
-	if 1 != C.EVP_PKEY_sign(ctx, (*C.uchar)(&outbuf[0]), &outlen,
-		(*C.uchar)(&data[0]), C.size_t(len(data))) {
-		return nil, errors.New("Failure")
+
+	if 1 != C.PEM_write_bio_PrivateKey(bio, sk.pkey,
+		C.EVP_sms4_cbc(), nil, C.int(0), nil, unsafe.Pointer(cpass)) {
+		return "", GetErrors()
 	}
-	return outbuf[:outlen], nil
+
+	var p *C.char
+	len := C.bio_get_mem_data(bio, &p)
+	if len <= 0 {
+		return "", GetErrors()
+	}
+
+	return C.GoString(p), nil
 }
 
-func (pkey *PublicKey) Verify(scheme string, args map[string]string, data, signature []byte) error {
-	ctx := C.EVP_PKEY_CTX_new(pkey.pkey, nil)
-	if ctx == nil {
-		return errors.New("Failure")
+func (sk *PrivateKey) GetPublicKeyPEM() (string, error) {
+	bio := C.BIO_new(C.BIO_s_mem())
+	if bio == nil {
+		return "", GetErrors()
 	}
-	if 1 != C.EVP_PKEY_sign_init(ctx) {
-		return errors.New("Failure")
+	defer C.BIO_free(bio)
+	if 1 != C.pem_write_bio_pubkey(bio, sk.pkey) {
+		return "", GetErrors()
 	}
-	ret := C.EVP_PKEY_verify(ctx, (*C.uchar)(&signature[0]), C.size_t(len(signature)),
-		(*C.uchar)(&data[0]), C.size_t(len(data)))
-	if ret != 1 {
-		return errors.New("Failure")
+	var p *C.char
+	len := C.bio_get_mem_data(bio, &p)
+	if len <= 0 {
+		return "", GetErrors()
+	}
+	return C.GoString(p), nil
+}
+
+func (sk *PrivateKey) GetText() (string, error) {
+	bio := C.BIO_new(C.BIO_s_mem())
+	if bio == nil {
+		return "", GetErrors()
+	}
+	defer C.BIO_free(bio)
+	if 1 != C.EVP_PKEY_print_private(bio, sk.pkey, 4, nil) {
+		return "", GetErrors()
+	}
+	var p *C.char
+	len := C.bio_get_mem_data(bio, &p)
+	if len <= 0 {
+		return "", GetErrors()
+	}
+	return C.GoString(p), nil
+}
+
+func NewPublicKeyFromPEM(pem string)(*PublicKey, error) {
+	cpem := C.CString(pem)
+	defer C.free(unsafe.Pointer(cpem))
+	bio := C.BIO_new_mem_buf(unsafe.Pointer(cpem), -1)
+	if bio == nil {
+		return nil, GetErrors()
+	}
+	defer C.BIO_free(bio)
+	pkey := C.pem_read_bio_pubkey(bio)
+	if pkey == nil {
+		return nil, GetErrors()
+	}
+	pk := &PublicKey{pkey}
+	runtime.SetFinalizer(pk, func(pk *PublicKey) {
+		C.EVP_PKEY_free(pk.pkey)
+	})
+	return pk, nil
+}
+
+func (pk *PublicKey) GetPEM() (string, error) {
+	bio := C.BIO_new(C.BIO_s_mem())
+	if bio == nil {
+		return "", GetErrors()
+	}
+	defer C.BIO_free(bio)
+	if 1 != C.pem_write_bio_pubkey(bio, pk.pkey) {
+		return "", GetErrors()
+	}
+	var p *C.char
+	len := C.bio_get_mem_data(bio, &p)
+	if len <= 0 {
+		return "", GetErrors()
+	}
+	return C.GoString(p), nil
+}
+
+func (pk *PublicKey) GetText() (string, error) {
+	bio := C.BIO_new(C.BIO_s_mem())
+	if bio == nil {
+		return "", GetErrors()
+	}
+	defer C.BIO_free(bio)
+	if 1 != C.EVP_PKEY_print_public(bio, pk.pkey, 4, nil) {
+		return "", GetErrors()
+	}
+	var p *C.char
+	len := C.bio_get_mem_data(bio, &p)
+	if len <= 0 {
+		return "", GetErrors()
+	}
+	return C.GoString(p), nil
+}
+
+func (pk *PublicKey) Encrypt(alg string, in []byte, eng Engine) ([]byte, error) {
+	calg := C.CString(alg)
+	defer C.free(unsafe.Pointer(calg))
+	var outlen C.size_t
+	out := C.pk_encrypt(pk.pkey, calg, (*C.uchar)(&in[0]),
+		C.size_t(len(in)), &outlen, eng.engine)
+	if out == nil {
+		return nil, GetErrors()
+	}
+	return C.GoBytes(unsafe.Pointer(out), C.int(outlen)), nil
+}
+
+func (sk *PrivateKey) Decrypt(alg string, in []byte, eng Engine) ([]byte, error) {
+	calg := C.CString(alg)
+	defer C.free(unsafe.Pointer(calg))
+	var outlen C.size_t
+	out := C.sk_decrypt(sk.pkey, calg, (*C.uchar)(&in[0]),
+		C.size_t(len(in)), &outlen, eng.engine)
+	if out == nil {
+		return nil, GetErrors()
+	}
+	return C.GoBytes(unsafe.Pointer(out), C.int(outlen)), nil
+}
+
+func (sk *PrivateKey) Sign(alg string, dgst []byte, eng Engine) ([]byte, error) {
+	calg := C.CString(alg)
+	defer C.free(unsafe.Pointer(calg))
+	var siglen C.size_t
+	sig := C.sk_sign(sk.pkey, calg, (*C.uchar)(&dgst[0]), C.size_t(len(dgst)), &siglen, eng.engine)
+	if sig == nil {
+		return nil, GetErrors()
+	}
+	return C.GoBytes(unsafe.Pointer(sig), C.int(siglen)), nil
+}
+
+func (pk *PublicKey) Verify(alg string, dgst, sig []byte, eng Engine) error {
+	calg := C.CString(alg)
+	defer C.free(unsafe.Pointer(calg))
+	if 1 != C.pk_verify(pk.pkey, calg, (*C.uchar)(&dgst[0]), C.size_t(len(dgst)),
+		(*C.uchar)(&sig[0]), C.size_t(len(sig)), eng.engine) {
+		return GetErrors()
 	}
 	return nil
 }
 
-func (pkey *PrivateKey) DeriveKey(scheme string, args map[string]string, publicKey PublicKey) ([]byte, error) {
-	ctx := C.EVP_PKEY_CTX_new(pkey.pkey, nil)
-	if ctx == nil {
-		return nil, errors.New("Failure")
+func (sk *PrivateKey) DeriveKey(alg string, peer PublicKey, eng Engine) ([]byte, error) {
+	calg := C.CString(alg)
+	defer C.free(unsafe.Pointer(calg))
+	var keylen C.size_t
+	key := C.sk_derive(sk.pkey, calg, peer.pkey, &keylen, eng.engine)
+	if key == nil {
+		return nil, GetErrors()
 	}
-	if 1 != C.EVP_PKEY_derive_init(ctx) {
-	}
-	/*
-	if 1 != C.EVP_PKEY_derive_set_peer(ctx, PublicKey.pkey) {
-	}
-	*/
-
-	outbuf := make([]byte, C.EVP_PKEY_size(pkey.pkey))
-	outlen := C.size_t(len(outbuf))
-	if 1 != C.EVP_PKEY_derive(ctx, (*C.uchar)(&outbuf[0]), &outlen) {
-	}
-	return nil, errors.New("Not implemented")
+	return C.GoBytes(unsafe.Pointer(key), C.int(keylen)), nil
 }

go/gmssl/rand.go

@@ -18,7 +18,7 @@ func SeedRandom(seed []byte) error {
 
 func GenerateRandom(length int) ([]byte, error) {
 	outbuf := make([]byte, length)
-	if 1 != C.RAND_bytes((*C.uchar)(&outbuf[0]), C.int(length)) {
+	if C.RAND_bytes((*C.uchar)(&outbuf[0]), C.int(length)) <= 0 {
 		return nil, errors.New("GmSSL Failure")
 	}
 

go/gmssl/ssl.go

@@ -1,2 +0,0 @@
-/* +build cgo */
-package gmssl

go/gmssl/version.go

@@ -6,8 +6,9 @@ package gmssl
 */
 import "C"
 
-func GetVersion() []string {
-	version := []string{
+func GetVersions() []string {
+	versions := []string{
+		"GmSSL-Go API/1.0",
 		C.GoString(C.OpenSSL_version(C.OPENSSL_VERSION)),
 		C.GoString(C.OpenSSL_version(C.OPENSSL_BUILT_ON)),
 		C.GoString(C.OpenSSL_version(C.OPENSSL_CFLAGS)),
@@ -15,5 +16,5 @@ func GetVersion() []string {
 		C.GoString(C.OpenSSL_version(C.OPENSSL_DIR)),
 		C.GoString(C.OpenSSL_version(C.OPENSSL_ENGINES_DIR)),
 	}
-	return version
+	return versions
 }

go/gmssltest.go

@@ -1,81 +0,0 @@
-package main
-
-import (
-	"gmssl"
-	"fmt"
-)
-
-func main() {
-
-	versions := gmssl.GetVersion()
-	for _, version := range versions {
-		fmt.Println(version)
-	}
-
-	digests := gmssl.GetDigests(false)
-	for _, digest := range digests {
-		fmt.Println(digest)
-	}
-
-	ciphers := gmssl.GetCiphers(false)
-	for _, cipher := range ciphers {
-		fmt.Println(cipher)
-	}
-
-	macs := gmssl.GetMacs(false)
-	for _, mac := range macs {
-		fmt.Println(mac)
-	}
-
-	sm3, err := gmssl.NewDigestContext("SM3", nil)
-	if err != nil {
-	}
-
-	if err := sm3.Update([]byte("hello")); err != nil {
-	}
-
-	if err := sm3.Update([]byte("world")); err != nil {
-	}
-
-	sm3digest, err := sm3.Final()
-	if err != nil {
-	}
-	fmt.Printf("%x", sm3digest)
-
-
-	hmac_sm3, err := gmssl.NewMACContext("HMAC-SM3", nil, []byte("this is the key"))
-	if err != nil {
-	}
-
-	if err := hmac_sm3.Update([]byte("hello")); err != nil {
-	}
-
-	if err := hmac_sm3.Update([]byte("world")); err != nil {
-	}
-
-	mactag, err := hmac_sm3.Final()
-	if err != nil {
-	}
-	fmt.Printf("%x", mactag)
-
-	key := []byte("key")
-	iv := []byte("iv")
-	sms4, err := gmssl.NewCipherContext("SMS4", nil, key, iv, true)
-	if err != nil {
-	}
-
-	ciphertext1, err := sms4.Update([]byte("hello"))
-	if err != nil {
-	}
-
-	ciphertext2, err := sms4.Final()
-	if err != nil {
-	}
-
-	ciphertext := make([]byte, 0, len(ciphertext1) + len(ciphertext2))
-	ciphertext = append(ciphertext, ciphertext1...)
-	ciphertext = append(ciphertext, ciphertext2...)
-	fmt.Printf("%x", ciphertext)
-
-}
-