mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-06 16:36:16 +08:00
Add X509_KEY to support different public key algos
This commit is contained in:
Zhi Guan
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -155,6 +155,7 @@ int certgen_main(int argc, char **argv)
|
||||
FILE *keyfp = NULL;
|
||||
char *pass = NULL;
|
||||
SM2_KEY sm2_key;
|
||||
X509_KEY x509_key;
|
||||
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
|
||||
size_t signer_id_len = 0;
|
||||
|
||||
@@ -403,6 +404,10 @@ bad:
|
||||
strcpy(signer_id, SM2_DEFAULT_ID);
|
||||
signer_id_len = strlen(SM2_DEFAULT_ID);
|
||||
}
|
||||
if (x509_key_set_sm2_key(&x509_key, &sm2_key) != 1) {
|
||||
//
|
||||
goto end;
|
||||
}
|
||||
|
||||
// Serial
|
||||
if (rand_bytes(serial, sizeof(serial)) != 1) {
|
||||
@@ -425,13 +430,13 @@ bad:
|
||||
|
||||
// Extensions
|
||||
if (gen_authority_key_id) {
|
||||
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &sm2_key) != 1) {
|
||||
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &x509_key) != 1) {
|
||||
fprintf(stderr, "%s: set AuthorityKeyIdentifier extension failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if (gen_subject_key_id) {
|
||||
if (x509_exts_add_subject_key_identifier_ex(exts, &extslen, sizeof(exts), -1, &sm2_key) != 1) {
|
||||
if (x509_exts_add_subject_key_identifier_ex(exts, &extslen, sizeof(exts), -1, &x509_key) != 1) {
|
||||
fprintf(stderr, "%s: set SubjectKeyIdentifier extension failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
@@ -507,11 +512,11 @@ bad:
|
||||
name, namelen,
|
||||
not_before, not_after,
|
||||
name, namelen,
|
||||
&sm2_key,
|
||||
&x509_key,
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
exts, extslen,
|
||||
&sm2_key, signer_id, signer_id_len,
|
||||
&x509_key, signer_id, signer_id_len,
|
||||
NULL, &certlen) != 1) {
|
||||
fprintf(stderr, "%s: certificate generation failure\n", prog);
|
||||
goto end;
|
||||
@@ -529,11 +534,11 @@ bad:
|
||||
name, namelen,
|
||||
not_before, not_after,
|
||||
name, namelen,
|
||||
&sm2_key,
|
||||
&x509_key,
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
exts, extslen,
|
||||
&sm2_key, signer_id, signer_id_len,
|
||||
&x509_key, signer_id, signer_id_len,
|
||||
&p, &certlen) != 1) {
|
||||
fprintf(stderr, "%s: certificate generation failure\n", prog);
|
||||
goto end;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -15,7 +15,7 @@
|
||||
#include <gmssl/file.h>
|
||||
#include <gmssl/x509.h>
|
||||
#include <gmssl/cms.h>
|
||||
|
||||
#include <gmssl/error.h>
|
||||
|
||||
|
||||
static const char *options = "-key file -pass str -cert file -in file [-out file]";
|
||||
@@ -38,7 +38,8 @@ int cmsdecrypt_main(int argc, char **argv)
|
||||
size_t inlen;
|
||||
uint8_t *cms = NULL;
|
||||
size_t cmslen, cms_maxlen;
|
||||
SM2_KEY key;
|
||||
SM2_KEY sm2_key;
|
||||
X509_KEY x509_key;
|
||||
int content_type;
|
||||
uint8_t *content = NULL;
|
||||
size_t content_len;
|
||||
@@ -121,10 +122,15 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
|
||||
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
|
||||
fprintf(stderr, "%s: private key decryption failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (x509_key_set_sm2_key(&x509_key, &sm2_key) != 1) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1) {
|
||||
fprintf(stderr, "%s: load certificate failure\n", prog);
|
||||
goto end;
|
||||
@@ -150,7 +156,7 @@ bad:
|
||||
}
|
||||
|
||||
if (cms_deenvelop(cms, cmslen,
|
||||
&key, cert, certlen,
|
||||
&x509_key, cert, certlen,
|
||||
&content_type, content, &content_len,
|
||||
&rcpt_infos, &rcpt_infos_len,
|
||||
&shared_info1, &shared_info1_len,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -18,16 +18,6 @@
|
||||
#include <gmssl/error.h>
|
||||
|
||||
|
||||
/*
|
||||
302 typedef struct {
|
||||
303 uint8_t *certs;
|
||||
304 size_t certs_len;
|
||||
305 SM2_KEY *sign_key;
|
||||
306 } CMS_CERTS_AND_KEY;
|
||||
|
||||
|
||||
*/
|
||||
|
||||
static const char *options = "-key file -pass str -cert file -in file [-out file]";
|
||||
|
||||
int cmssign_main(int argc, char **argv)
|
||||
@@ -43,7 +33,8 @@ int cmssign_main(int argc, char **argv)
|
||||
FILE *certfp = NULL;
|
||||
FILE *infp = NULL;
|
||||
FILE *outfp = stdout;
|
||||
SM2_KEY key;
|
||||
SM2_KEY sm2_key;
|
||||
X509_KEY public_key;
|
||||
uint8_t cert[1024];
|
||||
size_t certlen;
|
||||
uint8_t *in = NULL;
|
||||
@@ -125,29 +116,29 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
|
||||
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
|
||||
fprintf(stderr, "%s: private key decryption failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1) {
|
||||
fprintf(stderr, "%s: load certificate failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
{
|
||||
SM2_KEY public_key;
|
||||
if (x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1) {
|
||||
fprintf(stderr, "%s: parse certficate failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (sm2_public_key_equ(&key, &public_key) != 1) {
|
||||
fprintf(stderr, "%s: key and cert are not match!\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1) {
|
||||
fprintf(stderr, "%s: parse certficate failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (sm2_public_key_equ(&sm2_key, &public_key.u.sm2_key) != 1) {
|
||||
fprintf(stderr, "%s: key and cert are not match!\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
||||
cert_and_key.certs = cert;
|
||||
cert_and_key.certs_len = certlen;
|
||||
cert_and_key.sign_key = &key;
|
||||
cert_and_key.sign_key = &public_key;
|
||||
|
||||
if (file_size(infp, &inlen) != 1) {
|
||||
fprintf(stderr, "%s: get input length failed\n", prog);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -14,6 +14,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <gmssl/hex.h>
|
||||
#include <gmssl/pem.h>
|
||||
#include <gmssl/mem.h>
|
||||
#include <gmssl/x509.h>
|
||||
#include <gmssl/x509_ext.h>
|
||||
#include <gmssl/x509_crl.h>
|
||||
@@ -75,7 +76,8 @@ int crlgen_main(int argc, char **argv)
|
||||
size_t cacert_len = 0;
|
||||
FILE *keyfp = NULL;
|
||||
char *pass = NULL;
|
||||
SM2_KEY sign_key;
|
||||
SM2_KEY sm2_key;
|
||||
X509_KEY sign_key;
|
||||
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
|
||||
size_t signer_id_len = 0;
|
||||
|
||||
@@ -234,7 +236,7 @@ bad:
|
||||
fprintf(stderr, "%s: `-pass` option required\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (sm2_private_key_info_decrypt_from_pem(&sign_key, pass, keyfp) != 1) {
|
||||
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
|
||||
fprintf(stderr, "%s: load private key failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
@@ -242,6 +244,10 @@ bad:
|
||||
strcpy(signer_id, SM2_DEFAULT_ID);
|
||||
signer_id_len = strlen(SM2_DEFAULT_ID);
|
||||
}
|
||||
if (x509_key_set_sm2_key(&sign_key, &sm2_key) != 1) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (x509_cert_get_subject(cacert, cacert_len, &issuer, &issuer_len) != 1) {
|
||||
fprintf(stderr, "%s: parse CA certificate failure\n", prog);
|
||||
@@ -317,6 +323,8 @@ bad:
|
||||
ret = 0;
|
||||
|
||||
end:
|
||||
gmssl_secure_clear(&sm2_key, sizeof(SM2_KEY)); // FIXME: sm2_clean?
|
||||
gmssl_secure_clear(&sign_key, sizeof(X509_KEY)); // x509_key_clean?
|
||||
if (revoked_certs) free(revoked_certs);
|
||||
if (keyfp) fclose(keyfp);
|
||||
if (cacert) free(cacert);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -82,6 +82,7 @@ int reqgen_main(int argc, char **argv)
|
||||
SM2_KEY sm2_key;
|
||||
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
|
||||
size_t signer_id_len = 0;
|
||||
X509_KEY x509_key;
|
||||
|
||||
// Output
|
||||
char *outfile = NULL;
|
||||
@@ -197,6 +198,11 @@ bad:
|
||||
strcpy(signer_id, SM2_DEFAULT_ID);
|
||||
signer_id_len = strlen(SM2_DEFAULT_ID);
|
||||
}
|
||||
if (x509_key_set_sm2_key(&x509_key, &sm2_key) != 1) {
|
||||
// output error message
|
||||
//error_print();
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (x509_name_set(name, &namelen, sizeof(name), country, state, locality, org, org_unit, common_name) != 1) {
|
||||
fprintf(stderr, "%s: set Subject Name error\n", prog);
|
||||
@@ -206,10 +212,10 @@ bad:
|
||||
if (x509_req_sign_to_der(
|
||||
X509_version_v1,
|
||||
name, namelen,
|
||||
&sm2_key,
|
||||
&x509_key,
|
||||
attrs, attrs_len,
|
||||
OID_sm2sign_with_sm3,
|
||||
&sm2_key, signer_id, signer_id_len,
|
||||
&x509_key, signer_id, signer_id_len,
|
||||
&p, &reqlen) != 1) {
|
||||
fprintf(stderr, "%s: inner error\n", prog);
|
||||
goto end;
|
||||
|
||||
@@ -165,7 +165,7 @@ int reqsign_main(int argc, char **argv)
|
||||
// Subject from Req
|
||||
const uint8_t *subject;
|
||||
size_t subject_len;
|
||||
SM2_KEY subject_public_key;
|
||||
X509_KEY subject_public_key;
|
||||
|
||||
// CA certficate and Private Key
|
||||
uint8_t *cacert = NULL;
|
||||
@@ -173,13 +173,15 @@ int reqsign_main(int argc, char **argv)
|
||||
FILE *keyfp = NULL;
|
||||
char *pass = NULL;
|
||||
SM2_KEY sm2_key;
|
||||
X509_KEY x509_key;
|
||||
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
|
||||
size_t signer_id_len = 0;
|
||||
|
||||
// Issuer from CA certificate
|
||||
const uint8_t *issuer;
|
||||
size_t issuer_len;
|
||||
SM2_KEY issuer_public_key;
|
||||
SM2_KEY sm2_issuer_public_key;
|
||||
X509_KEY issuer_public_key;
|
||||
|
||||
// Output
|
||||
char *outfile = NULL;
|
||||
@@ -461,7 +463,8 @@ bad:
|
||||
fprintf(stderr, "%s: load private key failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (sm2_public_key_equ(&sm2_key, &issuer_public_key) != 1) {
|
||||
// 这里可能需要修改一下,x509_key和sm2_key对比
|
||||
if (sm2_public_key_equ(&sm2_key, &issuer_public_key.u.sm2_key) != 1) {
|
||||
fprintf(stderr, "%s: private key and CA certificate not match\n", prog);
|
||||
goto end;
|
||||
}
|
||||
@@ -469,6 +472,10 @@ bad:
|
||||
strcpy(signer_id, SM2_DEFAULT_ID);
|
||||
signer_id_len = strlen(SM2_DEFAULT_ID);
|
||||
}
|
||||
if (x509_key_set_sm2_key(&x509_key, &sm2_key) != 1) {
|
||||
//fprint
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (rand_bytes(serial, serial_len) != 1) {
|
||||
fprintf(stderr, "%s: random number generator error\n", prog);
|
||||
@@ -484,7 +491,7 @@ bad:
|
||||
// following code copy from certgen.c
|
||||
// Extensions
|
||||
if (gen_authority_key_id) {
|
||||
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &sm2_key) != 1) {
|
||||
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &x509_key) != 1) {
|
||||
fprintf(stderr, "%s: set AuthorityKeyIdentifier extension failure\n", prog);
|
||||
goto end;
|
||||
}
|
||||
@@ -570,7 +577,7 @@ bad:
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
exts, extslen,
|
||||
&sm2_key, signer_id, signer_id_len,
|
||||
&x509_key, signer_id, signer_id_len,
|
||||
NULL, &certlen) != 1) {
|
||||
fprintf(stderr, "%s: certificate generation failure\n", prog);
|
||||
goto end;
|
||||
@@ -592,7 +599,7 @@ bad:
|
||||
NULL, 0,
|
||||
NULL, 0,
|
||||
exts, extslen,
|
||||
&sm2_key, signer_id, signer_id_len,
|
||||
&x509_key, signer_id, signer_id_len,
|
||||
&p, &certlen) != 1) {
|
||||
fprintf(stderr, "%s: certificate generation failure\n", prog);
|
||||
goto end;
|
||||
@@ -604,7 +611,7 @@ bad:
|
||||
}
|
||||
ret = 0;
|
||||
end:
|
||||
gmssl_secure_clear(&sm2_key, sizeof(SM2_KEY));
|
||||
gmssl_secure_clear(&x509_key, sizeof(SM2_KEY));
|
||||
if (cert) free(cert);
|
||||
if (keyfp) fclose(keyfp);
|
||||
if (infile && infp) fclose(infp);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -53,7 +53,8 @@ int sdfencrypt_main(int argc, char **argv)
|
||||
FILE *certfp = NULL;
|
||||
FILE *infp = stdin;
|
||||
FILE *outfp = stdout;
|
||||
SM2_KEY sm2_pub;
|
||||
SM2_KEY sm2_key;
|
||||
X509_KEY x509_key;
|
||||
uint8_t cert[1024];
|
||||
size_t certlen;
|
||||
uint8_t iv[16];
|
||||
@@ -150,7 +151,7 @@ bad:
|
||||
|
||||
// get public key
|
||||
if (pubkeyfile) {
|
||||
if (sm2_public_key_info_from_pem(&sm2_pub, pubkeyfp) != 1) {
|
||||
if (sm2_public_key_info_from_pem(&sm2_key, pubkeyfp) != 1) {
|
||||
fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
|
||||
goto end;
|
||||
}
|
||||
@@ -159,17 +160,23 @@ bad:
|
||||
fprintf(stderr, "gmssl %s: parse certificate from PEM failed\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (x509_cert_get_subject_public_key(cert, certlen, &sm2_pub) != 1) {
|
||||
if (x509_cert_get_subject_public_key(cert, certlen, &x509_key) != 1) {
|
||||
fprintf(stderr, "gmssl %s: parse certificate failed\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (x509_key.algor != OID_ec_public_key
|
||||
|| x509_key.algor_param != OID_sm2) {
|
||||
fprintf(stderr, "gmssl %s: invalid certificate type\n", prog);
|
||||
goto end;
|
||||
}
|
||||
sm2_key = x509_key.u.sm2_key;
|
||||
} else {
|
||||
fprintf(stderr, "gmssl %s: '-pubkey' or '-cert' option required\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
// generate key and output wrapped key in DER(SM2_CIPHERTEXT) format
|
||||
if (sdf_generate_key(&dev, &key, &sm2_pub, buf, &outlen) != 1) {
|
||||
if (sdf_generate_key(&dev, &key, &sm2_key, buf, &outlen) != 1) {
|
||||
error_print();
|
||||
goto end;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -48,7 +48,8 @@ int sm2encrypt_main(int argc, char **argv)
|
||||
FILE *outfp = stdout;
|
||||
uint8_t cert[1024];
|
||||
size_t certlen;
|
||||
SM2_KEY key;
|
||||
SM2_KEY sm2_key;
|
||||
X509_KEY x509_key;
|
||||
SM2_ENC_CTX ctx;
|
||||
uint8_t inbuf[SM2_MAX_PLAINTEXT_SIZE + 1];
|
||||
uint8_t outbuf[SM2_MAX_CIPHERTEXT_SIZE];
|
||||
@@ -118,16 +119,22 @@ bad:
|
||||
|
||||
|
||||
if (pubkeyfile) {
|
||||
if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) {
|
||||
if (sm2_public_key_info_from_pem(&sm2_key, pubkeyfp) != 1) {
|
||||
fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
|
||||
goto end;
|
||||
}
|
||||
} else if (certfile) {
|
||||
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1
|
||||
|| x509_cert_get_subject_public_key(cert, certlen, &key) != 1) {
|
||||
|| x509_cert_get_subject_public_key(cert, certlen, &x509_key) != 1) {
|
||||
fprintf(stderr, "gmssl %s: parse certificate failed\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (x509_key.algor != OID_ec_public_key
|
||||
|| x509_key.algor_param != OID_sm2) {
|
||||
fprintf(stderr, "gmssl %s: invalid certificate type\n", prog);
|
||||
goto end;
|
||||
}
|
||||
sm2_key = x509_key.u.sm2_key;
|
||||
} else {
|
||||
fprintf(stderr, "gmssl %s: '-pubkey' or '-cert' option required\n", prog);
|
||||
goto end;
|
||||
@@ -150,7 +157,7 @@ bad:
|
||||
fprintf(stderr, "gmssl %s: sm2_encrypt_update failed\n", prog);
|
||||
return -1;
|
||||
}
|
||||
if (sm2_encrypt_finish(&ctx, &key, outbuf, &outlen) != 1) {
|
||||
if (sm2_encrypt_finish(&ctx, &sm2_key, outbuf, &outlen) != 1) {
|
||||
fprintf(stderr, "gmssl %s: sm2_encrypt_finish error\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -49,7 +49,8 @@ int sm2verify_main(int argc, char **argv)
|
||||
FILE *certfp = NULL;
|
||||
FILE *infp = stdin;
|
||||
FILE *sigfp = NULL;
|
||||
SM2_KEY key;
|
||||
SM2_KEY sm2_key;
|
||||
X509_KEY x509_key;
|
||||
SM2_VERIFY_CTX verify_ctx;
|
||||
uint8_t cert[1024];
|
||||
size_t certlen;
|
||||
@@ -135,23 +136,28 @@ bad:
|
||||
}
|
||||
|
||||
if (pubkeyfile) {
|
||||
if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) {
|
||||
if (sm2_public_key_info_from_pem(&sm2_key, pubkeyfp) != 1) {
|
||||
fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
|
||||
goto end;
|
||||
}
|
||||
} else if (certfile) {
|
||||
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1
|
||||
|| x509_cert_get_subject_public_key(cert, certlen, &key) != 1) {
|
||||
|| x509_cert_get_subject_public_key(cert, certlen, &x509_key) != 1) {
|
||||
fprintf(stderr, "gmssl %s: parse certificate failed\n", prog);
|
||||
goto end;
|
||||
}
|
||||
if (x509_key.algor != OID_ec_public_key
|
||||
|| x509_key.algor_param != OID_sm2) {
|
||||
fprintf(stderr, "gmssl %s: invalid cert type\n", prog);
|
||||
goto end;
|
||||
}
|
||||
sm2_key = x509_key.u.sm2_key;
|
||||
} else {
|
||||
fprintf(stderr, "gmssl %s: '-pubkey' or '-cert' option required\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
||||
if (sm2_verify_init(&verify_ctx, &key, id, strlen(id)) != 1) {
|
||||
if (sm2_verify_init(&verify_ctx, &sm2_key, id, strlen(id)) != 1) {
|
||||
fprintf(stderr, "gmssl %s: inner error\n", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user