Add X509_KEY to support different public key algos

include/gmssl/asn1.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -47,10 +47,14 @@ enum ASN1_TAG {
 	ASN1_TAG_ObjectDescriptor	= 7,
 	ASN1_TAG_EXTERNAL		= 8,
 	ASN1_TAG_REAL			= 9,
-	ASN1_TAG_ENUMERATED		= 10, // 0x0A
-	ASN1_TAG_EMBEDDED		= 11, // 0x0B
-	ASN1_TAG_UTF8String		= 12, // 0x0C
-	ASN1_TAG_RELATIVE_OID		= 13, // 0x0D
+	ASN1_TAG_ENUMERATED		= 10, // 0x0a
+	ASN1_TAG_EMBEDDED		= 11, // 0x0b
+	ASN1_TAG_UTF8String		= 12, // 0x0c
+	ASN1_TAG_RELATIVE_OID		= 13, // 0x0d
+	// 14 reserved
+	// 15 reserved
+	// 16 SEQUENCE, SEQUENCE OF without CONSTRUCTED bit
+	// 17 SET, SET OF without CONSTRUCTED bit
 	ASN1_TAG_NumericString		= 18, // 0x12
 	ASN1_TAG_PrintableString	= 19, // 0x13, printable subset of ascii
 	ASN1_TAG_TeletexString		= 20, // 0x14, T61String
@@ -59,14 +63,22 @@ enum ASN1_TAG {
 	ASN1_TAG_UTCTime		= 23, // 0x17
 	ASN1_TAG_GeneralizedTime	= 24, // 0x18
 	ASN1_TAG_GraphicString		= 25, // 0x19
-	ASN1_TAG_VisibleString		= 26, // 0x20
-	ASN1_TAG_GeneralString		= 27, // 0x21
-	ASN1_TAG_UniversalString	= 28, // 0x22
-	ASN1_TAG_CHARACTER_STRING	= 29, // 0x23
-	ASN1_TAG_BMPString		= 30, // 0x24, 2-byte unicode with zeros
+	ASN1_TAG_VisibleString		= 26, // 0x1a
+	ASN1_TAG_GeneralString		= 27, // 0x1b
+	ASN1_TAG_UniversalString	= 28, // 0x1c
+	ASN1_TAG_CHARACTER_STRING	= 29, // 0x1d
+	ASN1_TAG_BMPString		= 30, // 0x1e, 2-byte unicode with zeros
+	// 31 (0x1f) means tag is multi-bytes, not supported yet
+	// UNIVERAL + CONSTRUCTED (0x20 - 0x3f): only SEQUENCE and TAG
 	ASN1_TAG_SEQUENCE		= 0x30,
 	ASN1_TAG_SET			= 0x31,
-	ASN1_TAG_EXPLICIT		= 0xa0,
+	// APPLICATION (0x40 - 0x7f) all avaiable
+	// CONTENT_SPECIFIC (0x40 - 0xbf)
+	ASN1_TAG_EXPLICIT		= 0xa0, // 这里有问题了，已经有一个同名的宏了，不要设置这个了
+
+
+
+	// PRIVATE: 0xC0 - 0xDE, 0xE0 - 0xFE
 };
 
 #define ASN1_R_OK		 1

include/gmssl/cms.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -23,6 +23,7 @@ References:
 #include <stdint.h>
 #include <sys/types.h>
 #include <gmssl/x509.h>
+#include <gmssl/x509_key.h>
 
 
 #ifdef __cplusplus
@@ -200,7 +201,7 @@ int cms_signer_info_from_der(
 int cms_signer_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 int cms_signer_info_sign_to_der(
-	const SM3_CTX *sm3_ctx, const SM2_KEY *sm2_key,
+	const SM3_CTX *sm3_ctx, const X509_KEY *x509_key,
 	const uint8_t *issuer, size_t issuer_len,
 	const uint8_t *serial_number, size_t serial_number_len,
 	const uint8_t *authed_attrs, size_t authed_attrs_len,
@@ -219,7 +220,7 @@ SignerInfos ::= SET OF SignerInfo;
 */
 int cms_signer_infos_add_signer_info(
 	uint8_t *d, size_t *dlen, size_t maxlen,
-	const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key,
+	const SM3_CTX *sm3_ctx, const X509_KEY *sign_key,
 	const uint8_t *issuer, size_t issuer_len,
 	const uint8_t *serial_number, size_t serial_number_len,
 	const uint8_t *authed_attrs, size_t authed_attrs_len,
@@ -264,7 +265,7 @@ int cms_signed_data_print(FILE *fp, int fmt, int ind, const char *label, const u
 typedef struct {
 	uint8_t *certs;
 	size_t certs_len;
-	SM2_KEY *sign_key;
+	X509_KEY *sign_key;
 } CMS_CERTS_AND_KEY;
 
 int cms_signed_data_sign_to_der(
@@ -310,13 +311,13 @@ int cms_recipient_info_print(FILE *fp, int fmt, int ind, const char *label, cons
 
 
 int cms_recipient_info_encrypt_to_der(
-	const SM2_KEY *public_key,
+	const X509_KEY *public_key,
 	const uint8_t *issuer, size_t issuer_len,
 	const uint8_t *serial, size_t serial_len,
 	const uint8_t *in, size_t inlen,
 	uint8_t **out, size_t *outlen);
 int cms_recipient_info_decrypt_from_der(
-	const SM2_KEY *sm2_key,
+	const X509_KEY *sm2_key,
 	const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
 	const uint8_t *rcpt_serial, size_t rcpt_serial_len,
 	uint8_t *out, size_t *outlen, size_t maxlen,
@@ -324,7 +325,7 @@ int cms_recipient_info_decrypt_from_der(
 
 int cms_recipient_infos_add_recipient_info(
 	uint8_t *d, size_t *dlen, size_t maxlen,
-	const SM2_KEY *public_key,
+	const X509_KEY *public_key,
 	const uint8_t *issuer, size_t issuer_len,
 	const uint8_t *serial, size_t serial_len,
 	const uint8_t *in, size_t inlen);
@@ -362,7 +363,7 @@ int cms_enveloped_data_encrypt_to_der(
 	const uint8_t *shared_info2, size_t shared_info2_len,
 	uint8_t **out, size_t *outlen);
 int cms_enveloped_data_decrypt_from_der(
-	const SM2_KEY *sm2_key,
+	const X509_KEY *sm2_key,
 	const uint8_t *issuer, size_t issuer_len,
 	const uint8_t *serial_number, size_t serial_number_len,
 	int *content_type, uint8_t *content, size_t *content_len,
@@ -415,7 +416,7 @@ int cms_signed_and_enveloped_data_encipher_to_der(
 	const uint8_t *shared_info2, size_t shared_info2_len,
 	uint8_t **out, size_t *outlen);
 int cms_signed_and_enveloped_data_decipher_from_der(
-	const SM2_KEY *rcpt_key,
+	const X509_KEY *rcpt_key,
 	const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
 	const uint8_t *rcpt_serial, size_t rcpt_serial_len,
 	int *content_type, uint8_t *content, size_t *content_len,
@@ -438,13 +439,13 @@ KeyAgreementInfo ::= SEQUENCE {
 */
 int cms_key_agreement_info_to_der(
 	int version,
-	const SM2_KEY *temp_public_key_r,
+	const X509_KEY *temp_public_key_r,
 	const uint8_t *user_cert, size_t user_cert_len,
 	const uint8_t *user_id, size_t user_id_len,
 	uint8_t **out, size_t *outlen);
 int cms_key_agreement_info_from_der(
 	int *version,
-	SM2_KEY *temp_public_key_r,
+	X509_KEY *temp_public_key_r,
 	const uint8_t **user_cert, size_t *user_cert_len,
 	const uint8_t **user_id, size_t *user_id_len,
 	const uint8_t **in, size_t *inlen);
@@ -496,7 +497,7 @@ int cms_envelop(
 
 int cms_deenvelop(
 	const uint8_t *cms, size_t cms_len,
-	const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
+	const X509_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
 	int *content_type, uint8_t *content, size_t *content_len,
 	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
 	const uint8_t **shared_info1, size_t *shared_info1_len,
@@ -514,7 +515,7 @@ int cms_sign_and_envelop(
 
 int cms_deenvelop_and_verify(
 	const uint8_t *cms, size_t cms_len,
-	const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
+	const X509_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
 	const uint8_t *extra_signer_certs, size_t extra_signer_certs_len,
 	const uint8_t *extra_signer_crls, size_t extra_signer_crls_len,
 	int *content_type, uint8_t *content, size_t *content_len,
@@ -528,7 +529,7 @@ int cms_deenvelop_and_verify(
 // create ContentInfo, type == keyAgreementInfo
 int cms_set_key_agreement_info(
 	uint8_t *cms, size_t *cms_len,
-	const SM2_KEY *temp_public_key_r,
+	const X509_KEY *temp_public_key_r,
 	const uint8_t *user_cert, size_t user_cert_len,
 	const uint8_t *user_id, size_t user_id_len);
 

include/gmssl/oid.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -174,9 +174,11 @@ enum {
 	OID_cms_encrypted_data,
 	OID_cms_key_agreement_info,
 
-	OID_hss_lms_hashsig, // LMS/HSS public key
+	OID_lms_hashsig, // OID is not defined in RFC, so no oid[]
+	OID_hss_lms_hashsig, // HSS only
 	OID_xmss_hashsig,
 	OID_xmssmt_hashsig,
+	OID_sphincs_hashsig, // OID not defined in RFC, so no oid[]
 };
 
 // {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}

include/gmssl/sm2.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -28,6 +28,9 @@ typedef struct {
 	sm2_z256_t private_key;
 } SM2_KEY;
 
+#define SM2_PUBLIC_KEY_SIZE 64
+#define SM2_PRIVATE_KEY_SIZE 96
+
 int sm2_key_generate(SM2_KEY *key);
 int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key);
 int sm2_key_set_private_key(SM2_KEY *key, const sm2_z256_t private_key);
@@ -54,6 +57,7 @@ ECPrivateKey ::= SEQUENCE {
 
 ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER }
 */
+// FIXME: change to XXX_DER_SIZE ...
 #define SM2_PRIVATE_KEY_DEFAULT_SIZE 120 // generated
 #define SM2_PRIVATE_KEY_BUF_SIZE 512 // MUST >= SM2_PRIVATE_KEY_DEFAULT_SIZE
 

include/gmssl/x509_cer.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
 #include <gmssl/sm2.h>
 #include <gmssl/oid.h>
 #include <gmssl/asn1.h>
+#include <gmssl/x509_key.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -164,8 +165,8 @@ algorithm.algorithm = OID_ec_public_key;
 algorithm.parameters = OID_sm2;
 subjectPublicKey = ECPoint
 */
-#define x509_public_key_info_to_der(key,out,outlen) sm2_public_key_info_to_der(key,out,outlen)
-#define x509_public_key_info_from_der(key,in,inlen) sm2_public_key_info_from_der(key,in,inlen)
+int x509_public_key_info_to_der(const X509_KEY *key, uint8_t **out, size_t *outlen);
+int x509_public_key_info_from_der(X509_KEY *key, const uint8_t **in, size_t *inlen);
 int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 /*
@@ -238,7 +239,7 @@ int x509_tbs_cert_to_der(
 	const uint8_t *issuer, size_t issuer_len,
 	time_t not_before, time_t not_after,
 	const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key,
+	const X509_KEY *subject_public_key,
 	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
 	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
 	const uint8_t *exts, size_t exts_len,
@@ -250,7 +251,7 @@ int x509_tbs_cert_from_der(
 	const uint8_t **issuer, size_t *issuer_len,
 	time_t *not_before, time_t *not_after,
 	const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key,
+	X509_KEY *subject_public_key,
 	const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
 	const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
 	const uint8_t **exts, size_t *exts_len,
@@ -279,7 +280,7 @@ int x509_signed_from_der(
 	int *signature_algor,
 	const uint8_t **sig, size_t *siglen,
 	const uint8_t **in, size_t *inlen);
-int x509_signed_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key,
+int x509_signed_verify(const uint8_t *a, size_t alen, const X509_KEY *pub_key,
 	const char *signer_id, size_t signer_id_len);
 int x509_signed_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
 	const char *signer_id, size_t signer_id_len);
@@ -292,11 +293,11 @@ int x509_cert_sign_to_der(
 	const uint8_t *issuer, size_t issuer_len,
 	time_t not_before, time_t not_after,
 	const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key,
+	const X509_KEY *subject_public_key,
 	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
 	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
 	const uint8_t *exts, size_t exts_len,
-	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
+	X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
 	uint8_t **out, size_t *outlen);
 
 int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
@@ -316,7 +317,7 @@ int x509_cert_get_details(const uint8_t *a, size_t alen,
 	const uint8_t **issuer, size_t *issuer_len,
 	time_t *not_before, time_t *not_after,
 	const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key,
+	X509_KEY *subject_public_key,
 	const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
 	const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
 	const uint8_t **extensions, size_t *extensions_len,
@@ -346,7 +347,7 @@ int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
 	const uint8_t **serial_number, size_t *serial_number_len);
 int x509_cert_get_issuer(const uint8_t *a, size_t alen, const uint8_t **name, size_t *namelen);
 int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len);
-int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key);
+int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, X509_KEY *public_key);
 int x509_cert_get_exts(const uint8_t *a, size_t alen, const uint8_t **d, size_t *dlen);
 
 int x509_certs_to_pem(const uint8_t *d, size_t dlen, FILE *fp);

include/gmssl/x509_crl.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 #include <time.h>
 #include <stdint.h>
 #include <gmssl/sm2.h>
+#include <gmssl/x509_key.h>
 
 
 #ifdef __cplusplus
@@ -174,7 +175,7 @@ int x509_crl_exts_add_authority_key_identifier(
 	const uint8_t *issuer, size_t issuer_len,
 	const uint8_t *serial, size_t serial_len);
 int x509_crl_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
-	const SM2_KEY *public_key);
+	const X509_KEY *public_key);
 int x509_crl_exts_add_issuer_alt_name(
 	uint8_t *exts, size_t *extslen, size_t maxlen,
 	int critical,
@@ -262,7 +263,7 @@ int x509_crl_sign_to_der(
 	time_t this_update, time_t next_update,
 	const uint8_t *revoked_certs, size_t revoked_certs_len,
 	const uint8_t *crl_exts, size_t crl_exts_len,
-	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
+	X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
 	uint8_t **out, size_t *outlen);
 int x509_crl_from_der_ex(
 	int *version,
@@ -275,7 +276,7 @@ int x509_crl_from_der_ex(
 	const uint8_t **in, size_t *inlen);
 int x509_crl_check(const uint8_t *a, size_t alen, time_t now);
 int x509_crl_verify(const uint8_t *a, size_t alen,
-	const SM2_KEY *sign_pub_key, const char *signer_id, size_t signer_id_len);
+	const X509_KEY *sign_pub_key, const char *signer_id, size_t signer_id_len);
 int x509_crl_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
 	const char *signer_id, size_t signer_id_len);
 int x509_crl_get_details(const uint8_t *crl, size_t crl_len,

include/gmssl/x509_ext.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -19,6 +19,8 @@
 #include <gmssl/sm2.h>
 #include <gmssl/oid.h>
 #include <gmssl/asn1.h>
+#include <gmssl/x509_key.h>
+
 
 #ifdef __cplusplus
 extern "C" {
@@ -55,9 +57,9 @@ int x509_exts_add_authority_key_identifier(uint8_t *exts, size_t *extslen, size_
 	const uint8_t *issuer, size_t issuer_len,
 	const uint8_t *serial, size_t serial_len);
 int x509_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
-	const SM2_KEY *public_key);
+	const X509_KEY *public_key);
 int x509_exts_add_subject_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen);
-int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const SM2_KEY *subject_key);
+int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const X509_KEY *subject_key);
 int x509_exts_add_key_usage(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, int bits);
 int x509_exts_add_certificate_policies(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen);
 int x509_exts_add_policy_mappings(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen);

include/gmssl/x509_key.h

@@ -0,0 +1,121 @@
+/*
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_X509_KEY_H
+#define GMSSL_X509_KEY_H
+
+
+#include <time.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/oid.h>
+#include <gmssl/asn1.h>
+#include <gmssl/sm2.h>
+#include <gmssl/lms.h>
+#include <gmssl/xmss.h>
+#include <gmssl/sphincs.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+   Supported public key type OIDs
+	* OID_ec_public_key
+	* OID_rsa_encryption
+	* OID_lms_hashsig
+	* OID_hss_lms_hashsig
+	* OID_xmss_hashsig
+	* OID_xmssmt_hashsig
+	* OID_sphincs_hashsig
+
+
+*/
+typedef struct {
+	int algor;
+	int algor_param;
+	union {
+		SM2_KEY sm2_key;
+		LMS_KEY lms_key;
+		HSS_KEY hss_key;
+		XMSS_KEY xmss_key;
+		XMSSMT_KEY xmssmt_key;
+		SPHINCS_KEY sphincs_key;
+	} u;
+} X509_KEY;
+
+int x509_key_generate(X509_KEY *key, int algor, int algor_param);
+
+int x509_key_set_sm2_key(X509_KEY *x509_key, SM2_KEY *sm2_key);
+int x509_key_set_lms_key(X509_KEY *x509_key, LMS_KEY *lms_key);
+int x509_key_set_hss_key(X509_KEY *x509_key, HSS_KEY *hss_key);
+int x509_key_set_xmss_key(X509_KEY *x509_key, XMSS_KEY *xmss_key);
+int x509_key_set_xmssmt_key(X509_KEY *x509_key, XMSSMT_KEY *xmssmt_key);
+int x509_key_set_sphincs_key(X509_KEY *x509_key, SPHINCS_KEY *sphincs_key);
+
+
+int x509_public_key_digest(const X509_KEY *key, uint8_t dgst[32]);
+
+int x509_public_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key);
+
+
+typedef union {
+	SM2_POINT sm2;
+	HSS_PUBLIC_KEY hss;
+	XMSS_PUBLIC_KEY xmss;
+	XMSSMT_PUBLIC_KEY xmssmt;
+} X509_PUBLIC_KEY;
+
+#define X509_PUBLIC_KEY_MAX_SIZE sizeof(X509_PUBLIC_KEY)
+
+typedef union {
+	uint8_t sm2_sig[SM2_MAX_SIGNATURE_SIZE];
+	HSS_SIGNATURE hss_sig;
+	XMSS_SIGNATURE xmss_sig;
+	XMSSMT_SIGNATURE xmssmt_sig;
+} X509_SIGNATURE;
+
+#define X509_SIGNATURE_MAX_SIZE	sizeof(X509_SIGNATURE)
+
+typedef struct {
+	union {
+		SM2_SIGN_CTX sm2_sign_ctx;
+		SM2_VERIFY_CTX sm2_verify_ctx;
+		HSS_SIGN_CTX hss_sign_ctx;
+		XMSS_SIGN_CTX xmss_sign_ctx;
+		XMSSMT_SIGN_CTX xmssmt_sign_ctx;
+	} u;
+	int sign_algor;
+	uint8_t sig[X509_SIGNATURE_MAX_SIZE];
+	size_t siglen;
+} X509_SIGN_CTX;
+
+
+int x509_key_get_sign_algor(const X509_KEY *key, int *algor);
+int x509_key_get_signature_size(const X509_KEY *key, size_t *siglen);
+
+int x509_sign_init(X509_SIGN_CTX *ctx, X509_KEY *key, const char *signer_id, size_t signer_idlen);
+int x509_sign_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
+int x509_sign_finish(X509_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
+int x509_verify_init(X509_SIGN_CTX *ctx, const X509_KEY *key,
+	const char *signer_id, size_t signer_idlen, // 这里可能要去掉这个功能
+	const uint8_t *sig, size_t siglen);
+int x509_verify_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
+int x509_verify_finish(X509_SIGN_CTX *ctx);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/x509_req.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -20,6 +20,8 @@
 #include <gmssl/oid.h>
 #include <gmssl/asn1.h>
 #include <gmssl/x509.h>
+#include <gmssl/x509_key.h>
+
 
 #ifdef __cplusplus
 extern "C" {
@@ -35,10 +37,10 @@ CertificationRequestInfo ::= SEQUENCE {
 	attributes                [0] IMPLICIT SET OF Attribute }
 */
 int x509_request_info_to_der(int version, const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key, const uint8_t *attrs, size_t attrs_len,
+	const X509_KEY *subject_public_key, const uint8_t *attrs, size_t attrs_len,
 	uint8_t **out, size_t *outlen);
 int x509_request_info_from_der(int *version, const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key, const uint8_t **attrs, size_t *attrs_len,
+	X509_KEY *subject_public_key, const uint8_t **attrs, size_t *attrs_len,
 	const uint8_t **in, size_t *inlen);
 int x509_request_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
@@ -51,17 +53,17 @@ CertificationRequest ::= SEQUENCE {
 int x509_req_sign_to_der(
 	int version,
 	const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key,
+	const X509_KEY *subject_public_key,
 	const uint8_t *attrs, size_t attrs_len,
 	int signature_algor,
-	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
+	X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
 	uint8_t **out, size_t *outlen);
 int x509_req_verify(const uint8_t *req, size_t reqlen,
 	const char *signer_id, size_t signer_id_len);
 int x509_req_get_details(const uint8_t *req, size_t reqlen,
 	int *verison,
 	const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key,
+	X509_KEY *subject_public_key,
 	const uint8_t **attributes, size_t *attributes_len,
 	int *signature_algor,
 	const uint8_t **signature, size_t *signature_len);