abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add X509_KEY to support different public key algos

Browse Source
This commit is contained in:
Zhi Guan
2026-01-16 17:25:17 +08:00
parent d7f93bf379
commit 47639a9e23
37 changed files with 1539 additions and 364 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
CMakeLists.txt
View File

@@ -54,7 +54,7 @@ option(ENABLE_SM4_CBC_MAC "Enable SM4-CBC-MAC" ON)
option(ENABLE_SM2_EXTS "Enable SM2 Extensions" OFF)
option(ENABLE_LMS_HSS "Enable LMS/HSS signature" ON)
option(ENABLE_LMS "Enable LMS/HSS signature" ON)
option(ENABLE_XMSS "Enable XMSS/XMSS^MT signature" ON)
option(ENABLE_SPHINCS "Enable SPHINCS+ signature" ON)
option(ENABLE_KYBER "Enable Kyber" ON)
@@ -120,6 +120,7 @@ set(src
src/x509_req.c
src/x509_crl.c
src/x509_new.c
src/x509_key.c
src/cms.c
src/socket.c
src/tls.c
@@ -418,18 +419,18 @@ if (ENABLE_SM2_EXTS)
endif()
if (ENABLE_LMS_HSS)
message(STATUS "ENABLE_LMS_HSS is ON")
add_definitions(-DENABLE_LMS_HSS)
if (ENABLE_LMS)
message(STATUS "ENABLE_LMS is ON")
add_definitions(-DENABLE_LMS)
list(APPEND src src/lms.c)
list(APPEND tools tools/lmskeygen.c tools/lmssign.c tools/lmsverify.c)
list(APPEND tools tools/hsskeygen.c tools/hsssign.c tools/hssverify.c)
list(APPEND tests lms)
option(ENABLE_LMS_HSS_CROSSCHECK "Enable LMS SHA-256 cross-check" OFF)
if (ENABLE_LMS_HSS_CROSSCHECK)
message(STATUS "ENABLE_LMS_HSS_CROSSCHECK is ON")
add_definitions(-DENABLE_LMS_HSS_CROSSCHECK)
option(ENABLE_LMS_CROSSCHECK "Enable LMS SHA-256 cross-check" OFF)
if (ENABLE_LMS_CROSSCHECK)
message(STATUS "ENABLE_LMS_CROSSCHECK is ON")
add_definitions(-DENABLE_LMS_CROSSCHECK)
endif()
endif()

34
include/gmssl/asn1.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -47,10 +47,14 @@ enum ASN1_TAG {
ASN1_TAG_ObjectDescriptor = 7,
ASN1_TAG_EXTERNAL = 8,
ASN1_TAG_REAL = 9,
ASN1_TAG_ENUMERATED = 10, // 0x0A
ASN1_TAG_EMBEDDED = 11, // 0x0B
ASN1_TAG_UTF8String = 12, // 0x0C
ASN1_TAG_RELATIVE_OID = 13, // 0x0D
ASN1_TAG_ENUMERATED = 10, // 0x0a
ASN1_TAG_EMBEDDED = 11, // 0x0b
ASN1_TAG_UTF8String = 12, // 0x0c
ASN1_TAG_RELATIVE_OID = 13, // 0x0d
// 14 reserved
// 15 reserved
// 16 SEQUENCE, SEQUENCE OF without CONSTRUCTED bit
// 17 SET, SET OF without CONSTRUCTED bit
ASN1_TAG_NumericString = 18, // 0x12
ASN1_TAG_PrintableString = 19, // 0x13, printable subset of ascii
ASN1_TAG_TeletexString = 20, // 0x14, T61String
@@ -59,14 +63,22 @@ enum ASN1_TAG {
ASN1_TAG_UTCTime = 23, // 0x17
ASN1_TAG_GeneralizedTime = 24, // 0x18
ASN1_TAG_GraphicString = 25, // 0x19
ASN1_TAG_VisibleString = 26, // 0x20
ASN1_TAG_GeneralString = 27, // 0x21
ASN1_TAG_UniversalString = 28, // 0x22
ASN1_TAG_CHARACTER_STRING = 29, // 0x23
ASN1_TAG_BMPString = 30, // 0x24, 2-byte unicode with zeros
ASN1_TAG_VisibleString = 26, // 0x1a
ASN1_TAG_GeneralString = 27, // 0x1b
ASN1_TAG_UniversalString = 28, // 0x1c
ASN1_TAG_CHARACTER_STRING = 29, // 0x1d
ASN1_TAG_BMPString = 30, // 0x1e, 2-byte unicode with zeros
// 31 (0x1f) means tag is multi-bytes, not supported yet
// UNIVERAL + CONSTRUCTED (0x20 - 0x3f): only SEQUENCE and TAG
ASN1_TAG_SEQUENCE = 0x30,
ASN1_TAG_SET = 0x31,
ASN1_TAG_EXPLICIT = 0xa0,
// APPLICATION (0x40 - 0x7f) all avaiable
// CONTENT_SPECIFIC (0x40 - 0xbf)
ASN1_TAG_EXPLICIT = 0xa0, // 这里有问题了,已经有一个同名的宏了,不要设置这个了
// PRIVATE: 0xC0 - 0xDE, 0xE0 - 0xFE
};
#define ASN1_R_OK 1

29
include/gmssl/cms.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -23,6 +23,7 @@ References:
#include <stdint.h>
#include <sys/types.h>
#include <gmssl/x509.h>
#include <gmssl/x509_key.h>
#ifdef __cplusplus
@@ -200,7 +201,7 @@ int cms_signer_info_from_der(
int cms_signer_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int cms_signer_info_sign_to_der(
const SM3_CTX *sm3_ctx, const SM2_KEY *sm2_key,
const SM3_CTX *sm3_ctx, const X509_KEY *x509_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial_number, size_t serial_number_len,
const uint8_t *authed_attrs, size_t authed_attrs_len,
@@ -219,7 +220,7 @@ SignerInfos ::= SET OF SignerInfo;
*/
int cms_signer_infos_add_signer_info(
uint8_t *d, size_t *dlen, size_t maxlen,
const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key,
const SM3_CTX *sm3_ctx, const X509_KEY *sign_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial_number, size_t serial_number_len,
const uint8_t *authed_attrs, size_t authed_attrs_len,
@@ -264,7 +265,7 @@ int cms_signed_data_print(FILE *fp, int fmt, int ind, const char *label, const u
typedef struct {
uint8_t *certs;
size_t certs_len;
SM2_KEY *sign_key;
X509_KEY *sign_key;
} CMS_CERTS_AND_KEY;
int cms_signed_data_sign_to_der(
@@ -310,13 +311,13 @@ int cms_recipient_info_print(FILE *fp, int fmt, int ind, const char *label, cons
int cms_recipient_info_encrypt_to_der(
const SM2_KEY *public_key,
const X509_KEY *public_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial, size_t serial_len,
const uint8_t *in, size_t inlen,
uint8_t **out, size_t *outlen);
int cms_recipient_info_decrypt_from_der(
const SM2_KEY *sm2_key,
const X509_KEY *sm2_key,
const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
const uint8_t *rcpt_serial, size_t rcpt_serial_len,
uint8_t *out, size_t *outlen, size_t maxlen,
@@ -324,7 +325,7 @@ int cms_recipient_info_decrypt_from_der(
int cms_recipient_infos_add_recipient_info(
uint8_t *d, size_t *dlen, size_t maxlen,
const SM2_KEY *public_key,
const X509_KEY *public_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial, size_t serial_len,
const uint8_t *in, size_t inlen);
@@ -362,7 +363,7 @@ int cms_enveloped_data_encrypt_to_der(
const uint8_t *shared_info2, size_t shared_info2_len,
uint8_t **out, size_t *outlen);
int cms_enveloped_data_decrypt_from_der(
const SM2_KEY *sm2_key,
const X509_KEY *sm2_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial_number, size_t serial_number_len,
int *content_type, uint8_t *content, size_t *content_len,
@@ -415,7 +416,7 @@ int cms_signed_and_enveloped_data_encipher_to_der(
const uint8_t *shared_info2, size_t shared_info2_len,
uint8_t **out, size_t *outlen);
int cms_signed_and_enveloped_data_decipher_from_der(
const SM2_KEY *rcpt_key,
const X509_KEY *rcpt_key,
const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
const uint8_t *rcpt_serial, size_t rcpt_serial_len,
int *content_type, uint8_t *content, size_t *content_len,
@@ -438,13 +439,13 @@ KeyAgreementInfo ::= SEQUENCE {
*/
int cms_key_agreement_info_to_der(
int version,
const SM2_KEY *temp_public_key_r,
const X509_KEY *temp_public_key_r,
const uint8_t *user_cert, size_t user_cert_len,
const uint8_t *user_id, size_t user_id_len,
uint8_t **out, size_t *outlen);
int cms_key_agreement_info_from_der(
int *version,
SM2_KEY *temp_public_key_r,
X509_KEY *temp_public_key_r,
const uint8_t **user_cert, size_t *user_cert_len,
const uint8_t **user_id, size_t *user_id_len,
const uint8_t **in, size_t *inlen);
@@ -496,7 +497,7 @@ int cms_envelop(
int cms_deenvelop(
const uint8_t *cms, size_t cms_len,
const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
const X509_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
int *content_type, uint8_t *content, size_t *content_len,
const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
const uint8_t **shared_info1, size_t *shared_info1_len,
@@ -514,7 +515,7 @@ int cms_sign_and_envelop(
int cms_deenvelop_and_verify(
const uint8_t *cms, size_t cms_len,
const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
const X509_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
const uint8_t *extra_signer_certs, size_t extra_signer_certs_len,
const uint8_t *extra_signer_crls, size_t extra_signer_crls_len,
int *content_type, uint8_t *content, size_t *content_len,
@@ -528,7 +529,7 @@ int cms_deenvelop_and_verify(
// create ContentInfo, type == keyAgreementInfo
int cms_set_key_agreement_info(
uint8_t *cms, size_t *cms_len,
const SM2_KEY *temp_public_key_r,
const X509_KEY *temp_public_key_r,
const uint8_t *user_cert, size_t user_cert_len,
const uint8_t *user_id, size_t user_id_len);

6
include/gmssl/oid.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -174,9 +174,11 @@ enum {
OID_cms_encrypted_data,
OID_cms_key_agreement_info,
OID_hss_lms_hashsig, // LMS/HSS public key
OID_lms_hashsig, // OID is not defined in RFC, so no oid[]
OID_hss_lms_hashsig, // HSS only
OID_xmss_hashsig,
OID_xmssmt_hashsig,
OID_sphincs_hashsig, // OID not defined in RFC, so no oid[]
};
// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}

6
include/gmssl/sm2.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -28,6 +28,9 @@ typedef struct {
sm2_z256_t private_key;
} SM2_KEY;
#define SM2_PUBLIC_KEY_SIZE 64
#define SM2_PRIVATE_KEY_SIZE 96
int sm2_key_generate(SM2_KEY *key);
int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key);
int sm2_key_set_private_key(SM2_KEY *key, const sm2_z256_t private_key);
@@ -54,6 +57,7 @@ ECPrivateKey ::= SEQUENCE {
ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER }
*/
// FIXME: change to XXX_DER_SIZE ...
#define SM2_PRIVATE_KEY_DEFAULT_SIZE 120 // generated
#define SM2_PRIVATE_KEY_BUF_SIZE 512 // MUST >= SM2_PRIVATE_KEY_DEFAULT_SIZE

21
include/gmssl/x509_cer.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
#include <gmssl/sm2.h>
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#include <gmssl/x509_key.h>
#ifdef __cplusplus
extern "C" {
@@ -164,8 +165,8 @@ algorithm.algorithm = OID_ec_public_key;
algorithm.parameters = OID_sm2;
subjectPublicKey = ECPoint
*/
#define x509_public_key_info_to_der(key,out,outlen) sm2_public_key_info_to_der(key,out,outlen)
#define x509_public_key_info_from_der(key,in,inlen) sm2_public_key_info_from_der(key,in,inlen)
int x509_public_key_info_to_der(const X509_KEY *key, uint8_t **out, size_t *outlen);
int x509_public_key_info_from_der(X509_KEY *key, const uint8_t **in, size_t *inlen);
int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
/*
@@ -238,7 +239,7 @@ int x509_tbs_cert_to_der(
const uint8_t *issuer, size_t issuer_len,
time_t not_before, time_t not_after,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const X509_KEY *subject_public_key,
const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
const uint8_t *subject_unique_id, size_t subject_unique_id_len,
const uint8_t *exts, size_t exts_len,
@@ -250,7 +251,7 @@ int x509_tbs_cert_from_der(
const uint8_t **issuer, size_t *issuer_len,
time_t *not_before, time_t *not_after,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
X509_KEY *subject_public_key,
const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
const uint8_t **exts, size_t *exts_len,
@@ -279,7 +280,7 @@ int x509_signed_from_der(
int *signature_algor,
const uint8_t **sig, size_t *siglen,
const uint8_t **in, size_t *inlen);
int x509_signed_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key,
int x509_signed_verify(const uint8_t *a, size_t alen, const X509_KEY *pub_key,
const char *signer_id, size_t signer_id_len);
int x509_signed_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
const char *signer_id, size_t signer_id_len);
@@ -292,11 +293,11 @@ int x509_cert_sign_to_der(
const uint8_t *issuer, size_t issuer_len,
time_t not_before, time_t not_after,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const X509_KEY *subject_public_key,
const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
const uint8_t *subject_unique_id, size_t subject_unique_id_len,
const uint8_t *exts, size_t exts_len,
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen);
int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
@@ -316,7 +317,7 @@ int x509_cert_get_details(const uint8_t *a, size_t alen,
const uint8_t **issuer, size_t *issuer_len,
time_t *not_before, time_t *not_after,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
X509_KEY *subject_public_key,
const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
const uint8_t **extensions, size_t *extensions_len,
@@ -346,7 +347,7 @@ int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
const uint8_t **serial_number, size_t *serial_number_len);
int x509_cert_get_issuer(const uint8_t *a, size_t alen, const uint8_t **name, size_t *namelen);
int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len);
int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key);
int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, X509_KEY *public_key);
int x509_cert_get_exts(const uint8_t *a, size_t alen, const uint8_t **d, size_t *dlen);
int x509_certs_to_pem(const uint8_t *d, size_t dlen, FILE *fp);

9
include/gmssl/x509_crl.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
#include <time.h>
#include <stdint.h>
#include <gmssl/sm2.h>
#include <gmssl/x509_key.h>
#ifdef __cplusplus
@@ -174,7 +175,7 @@ int x509_crl_exts_add_authority_key_identifier(
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial, size_t serial_len);
int x509_crl_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
const SM2_KEY *public_key);
const X509_KEY *public_key);
int x509_crl_exts_add_issuer_alt_name(
uint8_t *exts, size_t *extslen, size_t maxlen,
int critical,
@@ -262,7 +263,7 @@ int x509_crl_sign_to_der(
time_t this_update, time_t next_update,
const uint8_t *revoked_certs, size_t revoked_certs_len,
const uint8_t *crl_exts, size_t crl_exts_len,
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen);
int x509_crl_from_der_ex(
int *version,
@@ -275,7 +276,7 @@ int x509_crl_from_der_ex(
const uint8_t **in, size_t *inlen);
int x509_crl_check(const uint8_t *a, size_t alen, time_t now);
int x509_crl_verify(const uint8_t *a, size_t alen,
const SM2_KEY *sign_pub_key, const char *signer_id, size_t signer_id_len);
const X509_KEY *sign_pub_key, const char *signer_id, size_t signer_id_len);
int x509_crl_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
const char *signer_id, size_t signer_id_len);
int x509_crl_get_details(const uint8_t *crl, size_t crl_len,

8
include/gmssl/x509_ext.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -19,6 +19,8 @@
#include <gmssl/sm2.h>
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#include <gmssl/x509_key.h>
#ifdef __cplusplus
extern "C" {
@@ -55,9 +57,9 @@ int x509_exts_add_authority_key_identifier(uint8_t *exts, size_t *extslen, size_
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial, size_t serial_len);
int x509_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
const SM2_KEY *public_key);
const X509_KEY *public_key);
int x509_exts_add_subject_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen);
int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const SM2_KEY *subject_key);
int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const X509_KEY *subject_key);
int x509_exts_add_key_usage(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, int bits);
int x509_exts_add_certificate_policies(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen);
int x509_exts_add_policy_mappings(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen);

121
include/gmssl/x509_key.h Normal file
View File

@@ -0,0 +1,121 @@
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#ifndef GMSSL_X509_KEY_H
#define GMSSL_X509_KEY_H
#include <time.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#include <gmssl/sm2.h>
#include <gmssl/lms.h>
#include <gmssl/xmss.h>
#include <gmssl/sphincs.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
Supported public key type OIDs
* OID_ec_public_key
* OID_rsa_encryption
* OID_lms_hashsig
* OID_hss_lms_hashsig
* OID_xmss_hashsig
* OID_xmssmt_hashsig
* OID_sphincs_hashsig
*/
typedef struct {
int algor;
int algor_param;
union {
SM2_KEY sm2_key;
LMS_KEY lms_key;
HSS_KEY hss_key;
XMSS_KEY xmss_key;
XMSSMT_KEY xmssmt_key;
SPHINCS_KEY sphincs_key;
} u;
} X509_KEY;
int x509_key_generate(X509_KEY *key, int algor, int algor_param);
int x509_key_set_sm2_key(X509_KEY *x509_key, SM2_KEY *sm2_key);
int x509_key_set_lms_key(X509_KEY *x509_key, LMS_KEY *lms_key);
int x509_key_set_hss_key(X509_KEY *x509_key, HSS_KEY *hss_key);
int x509_key_set_xmss_key(X509_KEY *x509_key, XMSS_KEY *xmss_key);
int x509_key_set_xmssmt_key(X509_KEY *x509_key, XMSSMT_KEY *xmssmt_key);
int x509_key_set_sphincs_key(X509_KEY *x509_key, SPHINCS_KEY *sphincs_key);
int x509_public_key_digest(const X509_KEY *key, uint8_t dgst[32]);
int x509_public_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key);
typedef union {
SM2_POINT sm2;
HSS_PUBLIC_KEY hss;
XMSS_PUBLIC_KEY xmss;
XMSSMT_PUBLIC_KEY xmssmt;
} X509_PUBLIC_KEY;
#define X509_PUBLIC_KEY_MAX_SIZE sizeof(X509_PUBLIC_KEY)
typedef union {
uint8_t sm2_sig[SM2_MAX_SIGNATURE_SIZE];
HSS_SIGNATURE hss_sig;
XMSS_SIGNATURE xmss_sig;
XMSSMT_SIGNATURE xmssmt_sig;
} X509_SIGNATURE;
#define X509_SIGNATURE_MAX_SIZE sizeof(X509_SIGNATURE)
typedef struct {
union {
SM2_SIGN_CTX sm2_sign_ctx;
SM2_VERIFY_CTX sm2_verify_ctx;
HSS_SIGN_CTX hss_sign_ctx;
XMSS_SIGN_CTX xmss_sign_ctx;
XMSSMT_SIGN_CTX xmssmt_sign_ctx;
} u;
int sign_algor;
uint8_t sig[X509_SIGNATURE_MAX_SIZE];
size_t siglen;
} X509_SIGN_CTX;
int x509_key_get_sign_algor(const X509_KEY *key, int *algor);
int x509_key_get_signature_size(const X509_KEY *key, size_t *siglen);
int x509_sign_init(X509_SIGN_CTX *ctx, X509_KEY *key, const char *signer_id, size_t signer_idlen);
int x509_sign_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int x509_sign_finish(X509_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
int x509_verify_init(X509_SIGN_CTX *ctx, const X509_KEY *key,
const char *signer_id, size_t signer_idlen, // 这里可能要去掉这个功能
const uint8_t *sig, size_t siglen);
int x509_verify_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
int x509_verify_finish(X509_SIGN_CTX *ctx);
#ifdef __cplusplus
}
#endif
#endif

14
include/gmssl/x509_req.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -20,6 +20,8 @@
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#include <gmssl/x509.h>
#include <gmssl/x509_key.h>
#ifdef __cplusplus
extern "C" {
@@ -35,10 +37,10 @@ CertificationRequestInfo ::= SEQUENCE {
attributes [0] IMPLICIT SET OF Attribute }
*/
int x509_request_info_to_der(int version, const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key, const uint8_t *attrs, size_t attrs_len,
const X509_KEY *subject_public_key, const uint8_t *attrs, size_t attrs_len,
uint8_t **out, size_t *outlen);
int x509_request_info_from_der(int *version, const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key, const uint8_t **attrs, size_t *attrs_len,
X509_KEY *subject_public_key, const uint8_t **attrs, size_t *attrs_len,
const uint8_t **in, size_t *inlen);
int x509_request_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
@@ -51,17 +53,17 @@ CertificationRequest ::= SEQUENCE {
int x509_req_sign_to_der(
int version,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const X509_KEY *subject_public_key,
const uint8_t *attrs, size_t attrs_len,
int signature_algor,
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen);
int x509_req_verify(const uint8_t *req, size_t reqlen,
const char *signer_id, size_t signer_id_len);
int x509_req_get_details(const uint8_t *req, size_t reqlen,
int *verison,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
X509_KEY *subject_public_key,
const uint8_t **attributes, size_t *attributes_len,
int *signature_algor,
const uint8_t **signature, size_t *signature_len);

4
src/asn1.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -44,7 +44,7 @@ const char *asn1_tag_name(int tag)
}
switch (tag) {
case ASN1_TAG_END_OF_CONTENTS: return "End-of-contents";
//case ASN1_TAG_END_OF_CONTENTS: return "End-of-contents";
case ASN1_TAG_BOOLEAN: return "BOOLEAN";
case ASN1_TAG_INTEGER: return "INTEGER";
case ASN1_TAG_BIT_STRING: return "BIT STRING";

97
src/cms.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -739,7 +739,7 @@ err:
}
int cms_signer_info_sign_to_der(
const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key,
const SM3_CTX *sm3_ctx, const X509_KEY *sign_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial_number, size_t serial_number_len,
const uint8_t *authed_attrs, size_t authed_attrs_len,
@@ -755,7 +755,15 @@ int cms_signer_info_sign_to_der(
sm3_update(&ctx, authed_attrs, authed_attrs_len);
sm3_finish(&ctx, dgst);
if (sm2_sign_fixlen(sign_key, dgst, siglen, sig) != 1) {
// 显然我们没有这个功能了!
// 这是个严重的问题啊,这个签名是有问题的!这里签名的是 dgst啊
// 没想到会出现如此严重的问题!
if (sign_key->algor != OID_ec_public_key
|| sign_key->algor_param != OID_sm2) {
error_print();
return -1;
}
if (sm2_sign_fixlen(&sign_key->u.sm2_key, dgst, siglen, sig) != 1) {
error_print();
return -1;
}
@@ -784,7 +792,7 @@ int cms_signer_info_verify_from_der(
int signature_algor;
const uint8_t *sig;
size_t siglen;
SM2_KEY public_key;
X509_KEY public_key;
SM3_CTX sm3_ctx = *ctx;
uint8_t dgst[32];
@@ -807,11 +815,16 @@ int cms_signer_info_verify_from_der(
error_print();
return -1;
}
if (public_key.algor != OID_ec_public_key
|| public_key.algor_param != OID_sm2) {
error_print();
return -1;
}
sm3_update(&sm3_ctx, *authed_attrs, *authed_attrs_len);
sm3_finish(&sm3_ctx, dgst);
if (sm2_verify(&public_key, dgst, sig, siglen) != 1) {
if (sm2_verify(&public_key.u.sm2_key, dgst, sig, siglen) != 1) {
error_print();
return -1;
}
@@ -820,7 +833,7 @@ int cms_signer_info_verify_from_der(
int cms_signer_infos_add_signer_info(
uint8_t *d, size_t *dlen, size_t maxlen,
const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key,
const SM3_CTX *sm3_ctx, const X509_KEY *sign_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial_number, size_t serial_number_len,
const uint8_t *authed_attrs, size_t authed_attrs_len,
@@ -1297,7 +1310,7 @@ err:
}
int cms_recipient_info_encrypt_to_der(
const SM2_KEY *public_key,
const X509_KEY *public_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial_number, size_t serial_number_len,
const uint8_t *in, size_t inlen,
@@ -1308,12 +1321,17 @@ int cms_recipient_info_encrypt_to_der(
size_t enced_key_len;
int fixed_outlen = 1;
if (public_key->algor != OID_ec_public_key
|| public_key->algor_param != OID_sm2) {
error_print();
return -1;
}
if (pke_algor != OID_sm2encrypt) {
error_print();
return -1;
}
if (sm2_encrypt_fixlen(public_key, in, inlen, SM2_ciphertext_typical_point_size,
if (sm2_encrypt_fixlen(&public_key->u.sm2_key, in, inlen, SM2_ciphertext_typical_point_size,
enced_key, &enced_key_len) != 1) {
error_print();
return -1;
@@ -1329,7 +1347,7 @@ int cms_recipient_info_encrypt_to_der(
}
int cms_recipient_info_decrypt_from_der(
const SM2_KEY *sm2_key,
const X509_KEY *x509_key,
const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
const uint8_t *rcpt_serial, size_t rcpt_serial_len,
uint8_t *out, size_t *outlen, size_t maxlen,
@@ -1366,7 +1384,13 @@ int cms_recipient_info_decrypt_from_der(
error_print();
return -1;
}
if (sm2_decrypt(sm2_key, enced_key, enced_key_len, outbuf, outlen) != 1) {
if (x509_key->algor != OID_ec_public_key
|| x509_key->algor_param != OID_sm2) {
error_print();
return -1;
}
if (sm2_decrypt(&x509_key->u.sm2_key, enced_key, enced_key_len, outbuf, outlen) != 1) {
error_print();
return -1;
}
@@ -1380,7 +1404,7 @@ int cms_recipient_info_decrypt_from_der(
int cms_recipient_infos_add_recipient_info(
uint8_t *d, size_t *dlen, size_t maxlen,
const SM2_KEY *public_key,
const X509_KEY *public_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial, size_t serial_len,
const uint8_t *in, size_t inlen)
@@ -1521,7 +1545,7 @@ int cms_enveloped_data_encrypt_to_der(
while (rcpt_certs_len) {
const uint8_t *cert;
size_t certlen;
SM2_KEY public_key;
X509_KEY public_key;
const uint8_t *issuer;
size_t issuer_len;
const uint8_t *serial;
@@ -1534,6 +1558,11 @@ int cms_enveloped_data_encrypt_to_der(
error_print();
return -1;
}
if (public_key.algor != OID_ec_public_key
|| public_key.algor_param != OID_sm2) {
error_print();
return -1;
}
if (cms_recipient_info_encrypt_to_der(&public_key,
issuer, issuer_len, serial, serial_len,
key, keylen, NULL, &len) != 1
@@ -1570,7 +1599,7 @@ int cms_enveloped_data_encrypt_to_der(
}
int cms_enveloped_data_decrypt_from_der(
const SM2_KEY *sm2_key,
const X509_KEY *x509_key,
const uint8_t *issuer, size_t issuer_len,
const uint8_t *serial, size_t serial_len,
int *content_type, uint8_t *content, size_t *content_len,
@@ -1601,7 +1630,7 @@ int cms_enveloped_data_decrypt_from_der(
while (rcpt_infos_len) {
if ((ret = cms_recipient_info_decrypt_from_der(
sm2_key,
x509_key,
issuer, issuer_len,
serial, serial_len,
key, &keylen, sizeof(key),
@@ -1768,13 +1797,21 @@ int cms_signed_and_enveloped_data_encipher_to_der(
while (rcpt_certs_len) {
const uint8_t *cert;
size_t certlen;
SM2_KEY public_key;
X509_KEY public_key;
if (asn1_any_from_der(&cert, &certlen, &rcpt_certs, &rcpt_certs_len) != 1
|| x509_cert_get_issuer_and_serial_number(cert, certlen,
&issuer, &issuer_len, &serial, &serial_len) != 1
|| x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1
|| cms_recipient_info_encrypt_to_der(&public_key,
|| x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1) {
error_print();
return -1;
}
if (public_key.algor != OID_ec_public_key
|| public_key.algor_param != OID_sm2) {
error_print();
return -1;
}
if (cms_recipient_info_encrypt_to_der(&public_key,
issuer, issuer_len, serial, serial_len,
key, keylen, NULL, &len) != 1
|| asn1_length_le(len, sizeof(rcpt_infos)) != 1
@@ -1843,7 +1880,7 @@ int cms_signed_and_enveloped_data_encipher_to_der(
}
int cms_signed_and_enveloped_data_decipher_from_der(
const SM2_KEY *rcpt_key,
const X509_KEY *rcpt_key,
const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
const uint8_t *rcpt_serial, size_t rcpt_serial_len,
int *content_type, uint8_t *content, size_t *content_len,
@@ -1961,19 +1998,19 @@ int cms_signed_and_enveloped_data_decipher_from_der(
int cms_key_agreement_info_to_der(
int version,
const SM2_KEY *temp_public_key_r,
const X509_KEY *temp_public_key_r,
const uint8_t *user_cert, size_t user_cert_len,
const uint8_t *user_id, size_t user_id_len,
uint8_t **out, size_t *outlen)
{
size_t len = 0;
if (asn1_int_to_der(version, NULL, &len) != 1
|| sm2_public_key_info_to_der(temp_public_key_r, NULL, &len) != 1
|| x509_public_key_info_to_der(temp_public_key_r, NULL, &len) != 1
|| x509_cert_to_der(user_cert, user_cert_len, NULL, &len) != 1
|| asn1_octet_string_to_der(user_id, user_id_len, NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|| asn1_int_to_der(version, out, outlen) != 1
|| sm2_public_key_info_to_der(temp_public_key_r, out, outlen) != 1
|| x509_public_key_info_to_der(temp_public_key_r, out, outlen) != 1
|| x509_cert_to_der(user_cert, user_cert_len, out, outlen) != 1
|| asn1_octet_string_to_der(user_id, user_id_len, out, outlen) != 1) {
error_print();
@@ -1984,7 +2021,7 @@ int cms_key_agreement_info_to_der(
int cms_key_agreement_info_from_der(
int *version,
SM2_KEY *temp_public_key_r,
X509_KEY *temp_public_key_r,
const uint8_t **user_cert, size_t *user_cert_len,
const uint8_t **user_id, size_t *user_id_len,
const uint8_t **in, size_t *inlen)
@@ -1998,7 +2035,7 @@ int cms_key_agreement_info_from_der(
return ret;
}
if (asn1_int_from_der(version, &d, &dlen) != 1
|| sm2_public_key_info_from_der(temp_public_key_r, &d, &dlen) != 1
|| x509_public_key_info_from_der(temp_public_key_r, &d, &dlen) != 1
|| x509_cert_from_der(user_cert, user_cert_len, &d, &dlen) != 1
|| asn1_octet_string_from_der(user_id, user_id_len, &d, &dlen) != 1
|| asn1_length_is_zero(dlen) != 1) {
@@ -2252,7 +2289,7 @@ int cms_envelop(
}
int cms_deenvelop(const uint8_t *cms, size_t cmslen,
const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
const X509_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
int *content_type, uint8_t *content, size_t *content_len,
const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
const uint8_t **shared_info1, size_t *shared_info1_len,
@@ -2265,7 +2302,7 @@ int cms_deenvelop(const uint8_t *cms, size_t cmslen,
size_t issuer_len;
const uint8_t *serial;
size_t serial_len;
SM2_KEY public_key;
X509_KEY public_key;
if (cms_content_info_from_der(&cms_type, &cms_content, &cms_content_len, &cms, &cmslen) != 1
|| asn1_check(cms_type == OID_cms_enveloped_data) != 1
@@ -2282,7 +2319,7 @@ int cms_deenvelop(const uint8_t *cms, size_t cmslen,
error_print();
return -1;
}
if (memcmp(&public_key, rcpt_key, sizeof(SM2_POINT)) != 0) {
if (memcmp(&public_key.u.sm2_key, rcpt_key, sizeof(SM2_POINT)) != 0) {
error_print();
return -1;
}
@@ -2351,7 +2388,7 @@ int cms_sign_and_envelop(uint8_t *cms, size_t *cmslen,
}
int cms_deenvelop_and_verify(const uint8_t *cms, size_t cmslen,
const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
const X509_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
const uint8_t *extra_certs, size_t extra_certs_len,
const uint8_t *extra_crls, size_t extra_crls_len,
int *content_type, uint8_t *content, size_t *content_len,
@@ -2366,7 +2403,7 @@ int cms_deenvelop_and_verify(const uint8_t *cms, size_t cmslen,
size_t rcpt_issuer_len;
const uint8_t *rcpt_serial;
size_t rcpt_serial_len;
SM2_KEY public_key;
X509_KEY public_key;
int cms_type;
const uint8_t *cms_content;
size_t cms_content_len;
@@ -2387,7 +2424,7 @@ int cms_deenvelop_and_verify(const uint8_t *cms, size_t cmslen,
error_print();
return -1;
}
if (memcmp(&public_key, rcpt_key, sizeof(SM2_POINT)) != 0) {
if (memcmp(&public_key.u.sm2_key, rcpt_key, sizeof(SM2_POINT)) != 0) {
error_print();
return -1;
}
@@ -2415,7 +2452,7 @@ int cms_deenvelop_and_verify(const uint8_t *cms, size_t cmslen,
int cms_set_key_agreement_info(
uint8_t *cms, size_t *cmslen,
const SM2_KEY *temp_public_key_r,
const X509_KEY *temp_public_key_r,
const uint8_t *user_cert, size_t user_cert_len,
const uint8_t *user_id, size_t user_id_len)
{

28
src/tlcp.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -145,8 +145,8 @@ int tlcp_do_connect(TLS_CONNECT *conn)
const uint8_t *exts;
size_t exts_len;
SM2_KEY server_sign_key;
SM2_KEY server_enc_key;
X509_KEY server_sign_key;
X509_KEY server_enc_key;
SM2_VERIFY_CTX verify_ctx;
SM2_SIGN_CTX sign_ctx;
const uint8_t *sig;
@@ -292,9 +292,17 @@ int tlcp_do_connect(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
if (server_sign_key.algor != OID_ec_public_key
|| server_sign_key.algor_param != OID_sm2
|| server_enc_key.algor != OID_ec_public_key
|| server_enc_key.algor_param != OID_sm2) {
error_print();
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
p = server_enc_cert_lenbuf; len = 0;
tls_uint24_to_bytes((uint24_t)server_enc_cert_len, &p, &len);
if (sm2_verify_init(&verify_ctx, &server_sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH) != 1
if (sm2_verify_init(&verify_ctx, &server_sign_key.u.sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH) != 1
|| sm2_verify_update(&verify_ctx, client_random, 32) != 1
|| sm2_verify_update(&verify_ctx, server_random, 32) != 1
|| sm2_verify_update(&verify_ctx, server_enc_cert_lenbuf, 3) != 1
@@ -411,7 +419,7 @@ int tlcp_do_connect(TLS_CONNECT *conn)
// send ClientKeyExchange
tls_trace("send ClientKeyExchange\n");
if (sm2_encrypt(&server_enc_key, pre_master_secret, 48,
if (sm2_encrypt(&server_enc_key.u.sm2_key, pre_master_secret, 48,
enced_pre_master_secret, &enced_pre_master_secret_len) != 1
|| tls_record_set_handshake_client_key_exchange_pke(record, &recordlen,
enced_pre_master_secret, enced_pre_master_secret_len) != 1) {
@@ -604,7 +612,7 @@ int tlcp_do_accept(TLS_CONNECT *conn)
size_t siglen;
// ClientCertificate, CertificateVerify
SM2_KEY client_sign_key;
X509_KEY client_sign_key;
SM2_VERIFY_CTX verify_ctx;
const uint8_t *sig;
const int verify_depth = 5;
@@ -853,9 +861,15 @@ int tlcp_do_accept(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
if (client_sign_key.algor != OID_ec_public_key
|| client_sign_key.algor_param != OID_sm2) {
tls_send_alert(conn, TLS_alert_bad_certificate);
error_print();
goto end;
}
sm3_finish(&cert_verify_sm3_ctx, cert_verify_hash);
if (sm2_verify_init(&verify_ctx, &client_sign_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH) != 1
if (sm2_verify_init(&verify_ctx, &client_sign_key.u.sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH) != 1
|| sm2_verify_update(&verify_ctx, cert_verify_hash, SM3_DIGEST_SIZE) != 1
|| sm2_verify_finish(&verify_ctx, sig, siglen) != 1) {
error_print();

37
src/tls.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -2143,7 +2143,7 @@ int tls_ctx_set_certificate_and_key(TLS_CTX *ctx, const char *chainfile,
SM2_KEY key;
const uint8_t *cert;
size_t certlen;
SM2_KEY public_key;
X509_KEY public_key;
if (!ctx || !chainfile || !keyfile || !keypass) {
error_print();
@@ -2175,7 +2175,12 @@ int tls_ctx_set_certificate_and_key(TLS_CTX *ctx, const char *chainfile,
error_print();
return -1;
}
if (sm2_public_key_equ(&key, &public_key) != 1) {
if (public_key.algor != OID_ec_public_key
|| public_key.algor_param != OID_sm2) {
error_print();
return -1;
}
if (sm2_public_key_equ(&key, &public_key.u.sm2_key) != 1) {
error_print();
return -1;
}
@@ -2206,7 +2211,7 @@ int tls_ctx_set_tlcp_server_certificate_and_keys(TLS_CTX *ctx, const char *chain
const uint8_t *cert;
size_t certlen;
SM2_KEY public_key;
X509_KEY public_key;
if (!ctx || !chainfile || !signkeyfile || !signkeypass || !kenckeyfile || !kenckeypass) {
error_print();
@@ -2235,8 +2240,16 @@ int tls_ctx_set_tlcp_server_certificate_and_keys(TLS_CTX *ctx, const char *chain
goto end;
}
if (x509_certs_get_cert_by_index(certs, certslen, 0, &cert, &certlen) != 1
|| x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1
|| sm2_public_key_equ(&signkey, &public_key) != 1) {
|| x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1) {
error_print();
return -1;
}
if (public_key.algor != OID_ec_public_key
|| public_key.algor_param != OID_sm2) {
error_print();
return -1;
}
if (sm2_public_key_equ(&signkey, &public_key.u.sm2_key) != 1) {
error_print();
goto end;
}
@@ -2250,8 +2263,16 @@ int tls_ctx_set_tlcp_server_certificate_and_keys(TLS_CTX *ctx, const char *chain
goto end;
}
if (x509_certs_get_cert_by_index(certs, certslen, 1, &cert, &certlen) != 1
|| x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1
|| sm2_public_key_equ(&kenckey, &public_key) != 1) {
|| x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1) {
error_print();
return -1;
}
if (public_key.algor != OID_ec_public_key
|| public_key.algor_param != OID_sm2) {
error_print();
return -1;
}
if (sm2_public_key_equ(&kenckey, &public_key.u.sm2_key) != 1) {
error_print();
goto end;
}

22
src/tls12.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -202,7 +202,7 @@ int tls12_do_connect(TLS_CONNECT *conn)
int signature_algor = -1;
SM2_KEY server_sign_key;
X509_KEY server_sign_key;
SM2_SIGN_CTX sign_ctx;
const uint8_t *sig;
size_t siglen;
@@ -380,7 +380,13 @@ int tls12_do_connect(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
if (tls_verify_server_ecdh_params(&server_sign_key, // 这应该是签名公钥
if (server_sign_key.algor != OID_ec_public_key
|| server_sign_key.algor_param != OID_sm2) {
error_print();
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
if (tls_verify_server_ecdh_params(&server_sign_key.u.sm2_key, // 这应该是签名公钥
client_random, server_random, curve, &server_ecdhe_public, sig, siglen) != 1) {
error_print();
tls_send_alert(conn, TLS_alert_internal_error);
@@ -687,7 +693,7 @@ int tls12_do_accept(TLS_CONNECT *conn)
// ClientCertificate, CertificateVerify
TLS_CLIENT_VERIFY_CTX client_verify_ctx;
SM2_KEY client_sign_key;
X509_KEY client_sign_key;
const uint8_t *sig;
const int verify_depth = 5;
int verify_result;
@@ -933,7 +939,13 @@ int tls12_do_accept(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
if (tls_client_verify_finish(&client_verify_ctx, sig, siglen, &client_sign_key) != 1) {
if (client_sign_key.algor != OID_ec_public_key
|| client_sign_key.algor_param != OID_sm2) {
error_print();
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
if (tls_client_verify_finish(&client_verify_ctx, sig, siglen, &client_sign_key.u.sm2_key) != 1) {
error_print();
tls_send_alert(conn, TLS_alert_decrypt_error);
goto end;

31
src/tls13.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -510,7 +510,7 @@ int tls13_sign_certificate_verify(int tls_mode,
}
int tls13_verify_certificate_verify(int tls_mode,
const SM2_KEY *public_key, const char *signer_id, size_t signer_id_len,
const X509_KEY *public_key, const char *signer_id, size_t signer_id_len,
const DIGEST_CTX *tbs_dgst_ctx, const uint8_t *sig, size_t siglen)
{
int ret;
@@ -541,7 +541,13 @@ int tls13_verify_certificate_verify(int tls_mode,
dgst_ctx = *tbs_dgst_ctx;
digest_finish(&dgst_ctx, dgst, &dgstlen);
sm2_verify_init(&verify_ctx, public_key, signer_id, signer_id_len);
// FIXME: use x509_verify_init/update/finish
if (public_key->algor != OID_ec_public_key
|| public_key->algor_param != OID_sm2) {
error_print();
return -1;
}
sm2_verify_init(&verify_ctx, &public_key->u.sm2_key, signer_id, signer_id_len);
sm2_verify_update(&verify_ctx, prefix, 64);
sm2_verify_update(&verify_ctx, context_str_and_zero, context_str_and_zero_len);
sm2_verify_update(&verify_ctx, dgst, dgstlen);
@@ -1497,7 +1503,7 @@ int tls13_do_connect(TLS_CONNECT *conn)
SM2_KEY client_ecdhe;
SM2_Z256_POINT server_ecdhe_public;
SM2_KEY server_sign_key;
X509_KEY server_sign_key;
const DIGEST *digest = DIGEST_sm3();
DIGEST_CTX dgst_ctx; // secret generation过程中需要ClientHello等数据输入的
@@ -1729,6 +1735,12 @@ int tls13_do_connect(TLS_CONNECT *conn)
tls_send_alert(conn, TLS_alert_unexpected_message);
goto end;
}
if (server_sign_key.algor != OID_ec_public_key
|| server_sign_key.algor_param != OID_sm2) {
error_print();
tls_send_alert(conn, TLS_alert_unexpected_message);
goto end;
}
digest_update(&dgst_ctx, record + 5, recordlen - 5);
tls_seq_num_incr(conn->server_seq_num);
@@ -1975,7 +1987,7 @@ int tls13_do_accept(TLS_CONNECT *conn)
SM2_KEY server_ecdhe;
SM2_Z256_POINT client_ecdhe_public;
SM2_KEY client_sign_key;
X509_KEY client_sign_key;
const BLOCK_CIPHER *cipher = NULL;
const DIGEST *digest = NULL;
DIGEST_CTX dgst_ctx;
@@ -2285,9 +2297,16 @@ int tls13_do_accept(TLS_CONNECT *conn)
}
if (x509_cert_get_subject_public_key(cert, certlen, &client_sign_key) != 1) {
error_print();
tls_send_alert(conn, TLS_alert_unexpected_message);
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
if (client_sign_key.algor != OID_ec_public_key
|| client_sign_key.algor_param != OID_sm2) {
error_print();
tls_send_alert(conn, TLS_alert_bad_certificate);
goto end;
}
digest_update(&dgst_ctx, record + 5, recordlen - 5);
tls_seq_num_incr(conn->client_seq_num);

12
src/x509_alg.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -363,7 +363,7 @@ static const ASN1_OID_INFO x509_sign_algors[] = {
{ OID_rsasign_with_sha256, "sha256WithRSAEncryption", oid_rsasign_with_sha256, sizeof(oid_rsasign_with_sha256)/sizeof(int), 1 },
{ OID_rsasign_with_sha384, "sha384WithRSAEncryption", oid_rsasign_with_sha384, sizeof(oid_rsasign_with_sha384)/sizeof(int), 1 },
{ OID_rsasign_with_sha512, "sha512WithRSAEncryption", oid_rsasign_with_sha512, sizeof(oid_rsasign_with_sha512)/sizeof(int), 1 },
#ifdef ENABLE_LMS_HSS
#ifdef ENABLE_LMS
{ OID_hss_lms_hashsig, "hss-lms-hashsig", oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), 1 },
#endif
#ifdef ENABLE_XMSS
@@ -587,7 +587,7 @@ static uint32_t oid_ec_public_key[] = { oid_x9_62,2,1 };
static const ASN1_OID_INFO x509_public_key_algors[] = {
{ OID_ec_public_key, "ecPublicKey", oid_ec_public_key, sizeof(oid_ec_public_key)/sizeof(int), 0, "X9.62 ecPublicKey" },
{ OID_rsa_encryption, "rsaEncryption", oid_rsa_encryption, sizeof(oid_rsa_encryption)/sizeof(int), 0, "RSAEncryption" },
#ifdef ENABLE_LMS_HSS
#ifdef ENABLE_LMS
{ OID_hss_lms_hashsig, "hss-lms-hashsig", oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), 0, "HSS/LMS HashSig" },
#endif
#ifdef ENABLE_XMSS
@@ -644,7 +644,7 @@ int x509_public_key_algor_to_der(int oid, int curve_or_null, uint8_t **out, size
return -1;
}
break;
#ifdef ENABLE_LMS_HSS
#ifdef ENABLE_LMS
// TODO: rsa, hss/lms, xmss/xmss^mt OID encoding is similar, reduce code size
case OID_hss_lms_hashsig:
if (asn1_object_identifier_to_der(oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), NULL, &len) != 1
@@ -713,7 +713,7 @@ int x509_public_key_algor_from_der(int *oid , int *curve_or_null, const uint8_t
}
break;
case OID_rsa_encryption:
#ifdef ENABLE_LMS_HSS
#ifdef ENABLE_LMS
case OID_hss_lms_hashsig:
#endif
#ifdef ENABLE_XMSS
@@ -750,7 +750,7 @@ int x509_public_key_algor_print(FILE *fp, int fmt, int ind, const char *label, c
format_print(fp, fmt, ind, "namedCurve: %s\n", ec_named_curve_name(val));
break;
case OID_rsa_encryption:
#ifdef ENABLE_LMS_HSS
#ifdef ENABLE_LMS
case OID_hss_lms_hashsig:
#endif
#ifdef ENABLE_XMSS

60
src/x509_cer.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -983,7 +983,7 @@ int x509_tbs_cert_to_der(
const uint8_t *issuer, size_t issuer_len,
time_t not_before, time_t not_after,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const X509_KEY *subject_public_key,
const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
const uint8_t *subject_unique_id, size_t subject_unique_id_len,
const uint8_t *exts, size_t exts_len,
@@ -1024,7 +1024,7 @@ int x509_tbs_cert_from_der(
const uint8_t **issuer, size_t *issuer_len,
time_t *not_before, time_t *not_after,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
X509_KEY *subject_public_key,
const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
const uint8_t **exts, size_t *exts_len,
@@ -1098,18 +1098,27 @@ int x509_cert_sign_to_der(
const uint8_t *issuer, size_t issuer_len,
time_t not_before, time_t not_after,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const X509_KEY *subject_public_key,
const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
const uint8_t *subject_unique_id, size_t subject_unique_id_len,
const uint8_t *exts, size_t exts_len,
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen)
{
size_t len = 0;
uint8_t *tbs = NULL;
int sig_alg = OID_sm2sign_with_sm3;
uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen = SM2_signature_typical_size;
int sig_alg;
uint8_t sig[X509_SIGNATURE_MAX_SIZE];
size_t siglen;
if (x509_key_get_sign_algor(sign_key, &sig_alg) != 1) {
error_print();
return -1;
}
if (x509_key_get_signature_size(sign_key, &siglen) != 1) {
error_print();
return -1;
}
if (x509_tbs_cert_to_der(
version,
@@ -1150,10 +1159,10 @@ int x509_cert_sign_to_der(
}
if (out && *out) {
SM2_SIGN_CTX sign_ctx;
if (sm2_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
|| sm2_sign_update(&sign_ctx, tbs, *out - tbs) != 1
|| sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) {
X509_SIGN_CTX sign_ctx;
if (x509_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
|| x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1
|| x509_sign_finish(&sign_ctx, sig, &siglen) != 1) {
gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
error_print();
return -1;
@@ -1197,27 +1206,34 @@ int x509_signed_from_der(const uint8_t **tbs, size_t *tbslen,
}
int x509_signed_verify(const uint8_t *a, size_t alen,
const SM2_KEY *pub_key, const char *signer_id, size_t signer_id_len)
const X509_KEY *key, const char *signer_id, size_t signer_id_len)
{
const uint8_t *tbs;
size_t tbslen;
int sig_alg;
const uint8_t *sig;
size_t siglen;
SM2_VERIFY_CTX verify_ctx;
int key_sig_alg;
X509_SIGN_CTX verify_ctx;
if (x509_key_get_sign_algor(key, &key_sig_alg) != 1) {
error_print();
return -1;
}
if (x509_signed_from_der(&tbs, &tbslen, &sig_alg, &sig, &siglen, &a, &alen) != 1
|| asn1_length_is_zero(alen) != 1) {
error_print();
return -1;
}
if (sig_alg != OID_sm2sign_with_sm3) {
if (sig_alg != key_sig_alg) {
error_print();
return -1;
}
if (sm2_verify_init(&verify_ctx, pub_key, signer_id, signer_id_len) != 1
|| sm2_verify_update(&verify_ctx, tbs, tbslen) != 1
|| sm2_verify_finish(&verify_ctx, sig, siglen) != 1) {
if (x509_verify_init(&verify_ctx, key, signer_id, signer_id_len, sig, siglen) != 1
|| x509_verify_update(&verify_ctx, tbs, tbslen) != 1
|| x509_verify_finish(&verify_ctx) != 1) {
error_print();
return -1;
}
@@ -1229,7 +1245,7 @@ int x509_signed_verify_by_ca_cert(const uint8_t *a, size_t alen,
const char *signer_id, size_t signer_id_len)
{
int ret;
SM2_KEY public_key;
X509_KEY public_key;
if (x509_cert_get_subject_public_key(cacert, cacertlen, &public_key) != 1
|| (ret = x509_signed_verify(a, alen, &public_key, signer_id, signer_id_len)) < 0) {
@@ -1387,7 +1403,7 @@ int x509_cert_get_details(const uint8_t *a, size_t alen,
const uint8_t **issuer, size_t *issuer_len,
time_t *not_before, time_t *not_after,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
X509_KEY *subject_public_key,
const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
const uint8_t **extensions, size_t *extensions_len,
@@ -1407,7 +1423,7 @@ int x509_cert_get_details(const uint8_t *a, size_t alen,
const uint8_t *issuer; size_t issuer_len;
time_t not_before; time_t not_after;
const uint8_t *subject; size_t subject_len;
SM2_KEY subject_public_key;
X509_KEY subject_public_key;
const uint8_t *issuer_unique_id; size_t issuer_unique_id_len;
const uint8_t *subject_unique_id; size_t subject_unique_id_len;
const uint8_t *exts; size_t exts_len;
@@ -1475,7 +1491,7 @@ int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
NULL, NULL); // signature
}
int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key)
int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, X509_KEY *public_key)
{
return x509_cert_get_details(a, alen,
NULL, // version

30
src/x509_crl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
#include <gmssl/x509_crl.h>
#include <gmssl/x509_alg.h>
#include <gmssl/x509_ext.h>
#include <gmssl/x509_key.h>
#include <gmssl/pem.h>
#include <gmssl/mem.h>
#include <gmssl/http.h>
@@ -1046,7 +1047,7 @@ int x509_crl_exts_add_authority_key_identifier(
}
int x509_crl_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
const SM2_KEY *public_key)
const X509_KEY *public_key)
{
int ret;
if ((ret = x509_exts_add_default_authority_key_identifier(exts, extslen, maxlen, public_key)) != 1) {
@@ -1422,15 +1423,24 @@ int x509_crl_sign_to_der(
time_t this_update, time_t next_update,
const uint8_t *revoked_certs, size_t revoked_certs_len,
const uint8_t *crl_exts, size_t crl_exts_len,
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen)
{
int key_sig_alg;
size_t len = 0;
uint8_t *tbs = NULL;
uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen = SM2_signature_typical_size;
uint8_t sig[X509_SIGNATURE_MAX_SIZE];
size_t siglen;
if (sig_alg != OID_sm2sign_with_sm3) {
if (x509_key_get_sign_algor(sign_key, &key_sig_alg) != 1) {
error_print();
return -1;
}
if (sig_alg != key_sig_alg) {
error_print();
return -1;
}
if (x509_key_get_signature_size(sign_key, &siglen) != 1) {
error_print();
return -1;
}
@@ -1454,10 +1464,10 @@ int x509_crl_sign_to_der(
return -1;
}
if (out && *out) {
SM2_SIGN_CTX sign_ctx;
if (sm2_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
|| sm2_sign_update(&sign_ctx, tbs, *out - tbs) != 1
|| sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) {
X509_SIGN_CTX sign_ctx;
if (x509_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
|| x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1
|| x509_sign_finish(&sign_ctx, sig, &siglen) != 1) {
gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
error_print();
return -1;

9
src/x509_ext.c
View File

@@ -19,6 +19,7 @@
#include <gmssl/asn1.h>
#include <gmssl/x509.h>
#include <gmssl/x509_ext.h>
#include <gmssl/x509_key.h>
#include <gmssl/error.h>
@@ -348,7 +349,7 @@ int x509_exts_add_authority_key_identifier(uint8_t *exts, size_t *extslen, size_
}
int x509_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen,
const SM2_KEY *public_key)
const X509_KEY *public_key)
{
uint8_t id[32];
int critical = -1;
@@ -357,7 +358,7 @@ int x509_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extsle
return 0;
}
if (sm2_public_key_digest(public_key, id) != 1) {
if (x509_public_key_digest(public_key, id) != 1) {
error_print();
return -1;
}
@@ -399,7 +400,7 @@ int x509_exts_add_subject_key_identifier(uint8_t *exts, size_t *extslen, size_t
}
int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size_t maxlen,
int critical, const SM2_KEY *subject_key)
int critical, const X509_KEY *subject_key)
{
uint8_t id[32];
@@ -407,7 +408,7 @@ int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size
return 0;
}
if (sm2_public_key_digest(subject_key, id) != 1) {
if (x509_public_key_digest(subject_key, id) != 1) {
error_print();
return -1;
}

737
src/x509_key.c Normal file
View File

@@ -0,0 +1,737 @@
/*
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <gmssl/ec.h>
#include <gmssl/oid.h>
#include <gmssl/asn1.h>
#include <gmssl/sm2.h>
#include <gmssl/mem.h>
#include <gmssl/error.h>
#include <gmssl/x509_alg.h>
#include <gmssl/x509_cer.h>
#include <gmssl/x509_key.h>
// currently the lms_type(s) of SHA-256 and SM3 are smaller than 4-bit
// so we encode the lms_types into 4-bit array and int value
// TODO: if max lms_type > 15, this function must be change!
int x509_algor_param_from_lms_types(int *algor_param, const int *lms_types, size_t num)
{
if (!algor_param || !lms_types || !num) {
error_print();
return -1;
}
if (num > HSS_MAX_LEVELS) {
error_print();
return -1;
}
*algor_param = 0;
while (num--) {
if (lms_types[num] < 0 || lms_types[num] > 15) {
error_print();
return -1;
}
*algor_param <<= 4;
*algor_param |= lms_types[num] & 0x0f;
}
return 1;
}
int x509_algor_param_to_lms_types(int algor_param, int lms_types[5], size_t *num)
{
if (!lms_types || !num) {
error_print();
return -1;
}
for (*num = 0; *num < 5; (*num)++) {
if (!algor_param) {
break;
}
lms_types[*num] = algor_param & 0x0f;
if (!lms_type_name(lms_types[*num])) {
error_print();
return -1;
}
algor_param >>= 4;
}
return 1;
}
int x509_key_generate(X509_KEY *key, int algor, int algor_param)
{
if (!key) {
error_print();
return -1;
}
memset(key, 0, sizeof(X509_KEY));
switch (algor) {
case OID_ec_public_key:
if (algor_param != OID_sm2) {
error_print();
return -1;
}
if (sm2_key_generate(&key->u.sm2_key) != 1) {
error_print();
return -1;
}
break;
case OID_lms_hashsig:
if (!lms_type_name(algor_param)) {
error_print();
return -1;
}
if (lms_key_generate(&key->u.lms_key, algor_param) != 1) {
error_print();
return -1;
}
break;
case OID_hss_lms_hashsig:
{
int lms_types[5];
size_t num;
if (x509_algor_param_to_lms_types(algor_param, lms_types, &num) != 1) {
error_print();
return -1;
}
if (hss_key_generate(&key->u.hss_key, lms_types, num) != 1) {
error_print();
return -1;
}
}
break;
case OID_xmss_hashsig:
if (!xmss_type_name((uint32_t)algor_param)) {
error_print();
return -1;
}
if (xmss_key_generate(&key->u.xmss_key, (uint32_t)algor_param) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (!xmssmt_type_name((uint32_t)algor_param)) {
error_print();
return -1;
}
if (xmssmt_key_generate(&key->u.xmssmt_key, (uint32_t)algor_param) != 1) {
error_print();
return -1;
}
break;
case OID_sphincs_hashsig:
if (algor_param != OID_undef) {
error_print();
return -1;
}
if (sphincs_key_generate(&key->u.sphincs_key) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
key->algor = algor;
key->algor_param = algor_param;
return 1;
}
int x509_public_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key)
{
switch (key->algor) {
case OID_ec_public_key:
if (sm2_public_key_print(fp, fmt, ind, label, &key->u.sm2_key) != 1) {
error_print();
return -1;
}
break;
case OID_lms_hashsig:
if (lms_public_key_print(fp, fmt, ind, label, &key->u.lms_key.public_key) != 1) {
error_print();
return -1;
}
break;
case OID_hss_lms_hashsig:
if (hss_public_key_print(fp, fmt, ind, label, &key->u.hss_key) != 1) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if (xmss_public_key_print(fp, fmt, ind, label, &key->u.xmss_key) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (xmssmt_public_key_print(fp, fmt, ind, label, &key->u.xmssmt_key) != 1) {
error_print();
return -1;
}
break;
case OID_sphincs_hashsig:
if (sphincs_public_key_print(fp, fmt, ind, label, &key->u.sphincs_key) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
return 1;
}
int x509_key_set_sm2_key(X509_KEY *x509_key, SM2_KEY *sm2_key)
{
memset(x509_key, 0, sizeof(X509_KEY));
x509_key->algor = OID_ec_public_key;
x509_key->algor_param = OID_sm2;
x509_key->u.sm2_key = *sm2_key;
return 1;
}
int x509_key_set_lms_key(X509_KEY *x509_key, LMS_KEY *lms_key)
{
memset(x509_key, 0, sizeof(X509_KEY));
x509_key->algor = OID_lms_hashsig;
x509_key->algor_param = OID_undef;
x509_key->u.lms_key = *lms_key;
return -1;
}
int x509_key_set_hss_key(X509_KEY *x509_key, HSS_KEY *hss_key)
{
memset(x509_key, 0, sizeof(X509_KEY));
x509_key->algor = OID_hss_lms_hashsig;
x509_key->algor_param = OID_undef;
x509_key->u.hss_key = *hss_key;
return 1;
}
int x509_key_set_xmss_key(X509_KEY *x509_key, XMSS_KEY *xmss_key)
{
memset(x509_key, 0, sizeof(X509_KEY));
x509_key->algor = OID_xmss_hashsig;
x509_key->algor_param = OID_undef;
x509_key->u.xmss_key = *xmss_key;
return 1;
}
int x509_key_set_xmssmt_key(X509_KEY *x509_key, XMSSMT_KEY *xmssmt_key)
{
memset(x509_key, 0, sizeof(X509_KEY));
x509_key->algor = OID_xmssmt_hashsig;
x509_key->algor_param = OID_undef;
x509_key->u.xmssmt_key = *xmssmt_key;
return 1;
}
int x509_key_set_sphincs_key(X509_KEY *x509_key, SPHINCS_KEY *sphincs_key)
{
memset(x509_key, 0, sizeof(X509_KEY));
x509_key->algor = OID_sphincs_hashsig;
x509_key->algor_param = OID_undef;
x509_key->u.sphincs_key = *sphincs_key;
return 1;
}
int x509_key_get_sign_algor(const X509_KEY *key, int *algor)
{
if (!key || !algor) {
error_print();
return -1;
}
switch (key->algor) {
case OID_lms_hashsig:
case OID_hss_lms_hashsig:
case OID_xmss_hashsig:
case OID_xmssmt_hashsig:
case OID_sphincs_hashsig:
*algor = key->algor;
break;
case OID_ec_public_key:
*algor = OID_sm2sign_with_sm3;
break;
default:
fprintf(stderr, "key->algor = %d\n", key->algor);
error_print();
return -1;
}
return 1;
}
int x509_public_key_digest(const X509_KEY *key, uint8_t dgst[32])
{
SM3_CTX ctx;
uint8_t bits[X509_PUBLIC_KEY_MAX_SIZE];
uint8_t *p = bits;
size_t len = 0;
switch (key->algor) {
case OID_ec_public_key:
if (sm2_z256_point_to_uncompressed_octets(&key->u.sm2_key.public_key, bits) != 1) {
error_print();
return -1;
}
len = 65;
break;
case OID_hss_lms_hashsig:
if (hss_public_key_to_bytes(&key->u.hss_key, &p, &len) != 1) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if (xmss_public_key_to_bytes(&key->u.xmss_key, &p, &len) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (xmssmt_public_key_to_bytes(&key->u.xmssmt_key, &p, &len) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
sm3_init(&ctx);
sm3_update(&ctx, bits, len);
sm3_finish(&ctx, dgst);
return 1;
}
int x509_key_get_signature_size(const X509_KEY *key, size_t *siglen)
{
switch (key->algor) {
case OID_hss_lms_hashsig:
if (hss_key_get_signature_size(&key->u.hss_key, siglen) != 1) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if (xmss_key_get_signature_size(&key->u.xmss_key, siglen) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (xmssmt_key_get_signature_size(&key->u.xmssmt_key, siglen) != 1) {
error_print();
return -1;
}
break;
case OID_ec_public_key:
*siglen = SM2_signature_typical_size;
break;
default:
error_print();
return -1;
}
return 1;
}
int x509_sign_init(X509_SIGN_CTX *ctx, X509_KEY *key, const char *signer_id, size_t signer_idlen)
{
if (!ctx || !key) {
error_print();
return -1;
}
switch (key->algor) {
case OID_hss_lms_hashsig:
if (hss_sign_init(&ctx->u.hss_sign_ctx, &key->u.hss_key) != 1) {
error_print();
return -1;
}
ctx->sign_algor = key->algor;
break;
case OID_xmss_hashsig:
if (xmss_sign_init(&ctx->u.xmss_sign_ctx, &key->u.xmss_key) != 1) {
error_print();
return -1;
}
ctx->sign_algor = key->algor;
break;
case OID_xmssmt_hashsig:
if (xmssmt_sign_init(&ctx->u.xmssmt_sign_ctx, &key->u.xmssmt_key) != 1) {
error_print();
return -1;
}
ctx->sign_algor = key->algor;
break;
case OID_ec_public_key:
if (sm2_sign_init(&ctx->u.sm2_sign_ctx, &key->u.sm2_key, signer_id, signer_idlen) != 1) {
error_print();
return -1;
}
ctx->sign_algor = OID_sm2sign_with_sm3;
break;
default:
error_print();
return -1;
}
return 1;
}
int x509_sign_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
{
switch (ctx->sign_algor) {
case OID_hss_lms_hashsig:
if (hss_sign_update(&ctx->u.hss_sign_ctx, data, datalen) != 1) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if (xmss_sign_update(&ctx->u.xmss_sign_ctx, data, datalen) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (xmssmt_sign_update(&ctx->u.xmssmt_sign_ctx, data, datalen) != 1) {
error_print();
return -1;
}
break;
case OID_sm2sign_with_sm3:
if (sm2_sign_update(&ctx->u.sm2_sign_ctx, data, datalen) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
return 1;
}
int x509_sign_finish(X509_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
{
if (!ctx || !sig || !siglen) {
error_print();
return -1;
}
switch (ctx->sign_algor) {
case OID_hss_lms_hashsig:
if (hss_sign_finish(&ctx->u.hss_sign_ctx, sig, siglen) != 1) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if (xmss_sign_finish(&ctx->u.xmss_sign_ctx, sig, siglen) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (xmssmt_sign_finish(&ctx->u.xmssmt_sign_ctx, sig, siglen) != 1) {
error_print();
return -1;
}
break;
case OID_sm2sign_with_sm3:
*siglen = SM2_signature_typical_size;
if (sm2_sign_finish_fixlen(&ctx->u.sm2_sign_ctx, *siglen, sig) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
return 1;
}
int x509_verify_init(X509_SIGN_CTX *ctx, const X509_KEY *key, const char *signer_id, size_t signer_idlen,
const uint8_t *sig, size_t siglen)
{
if (!ctx || !key || !sig || !siglen) {
error_print();
return -1;
}
switch (key->algor) {
case OID_hss_lms_hashsig:
if (hss_verify_init(&ctx->u.hss_sign_ctx, &key->u.hss_key, sig, siglen) != 1) {
error_print();
return -1;
}
ctx->sign_algor = key->algor;
break;
case OID_xmss_hashsig:
if (xmss_verify_init(&ctx->u.xmss_sign_ctx, &key->u.xmss_key, sig, siglen) != 1) {
error_print();
return -1;
}
ctx->sign_algor = key->algor;
break;
case OID_xmssmt_hashsig:
if (xmssmt_verify_init(&ctx->u.xmssmt_sign_ctx, &key->u.xmssmt_key, sig, siglen) != 1) {
error_print();
return -1;
}
ctx->sign_algor = key->algor;
break;
case OID_ec_public_key:
if (sm2_verify_init(&ctx->u.sm2_verify_ctx, &key->u.sm2_key, signer_id, signer_idlen) != 1) {
error_print();
return -1;
}
ctx->sign_algor = OID_sm2sign_with_sm3;
if (siglen > sizeof(ctx->sig)) {
error_print();
return -1;
}
memcpy(ctx->sig, sig, siglen);
ctx->siglen = siglen;
break;
default:
error_print();
return -1;
}
return 1;
}
int x509_verify_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
{
switch (ctx->sign_algor) {
case OID_hss_lms_hashsig:
if (hss_verify_update(&ctx->u.hss_sign_ctx, data, datalen) != 1) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if (xmss_verify_update(&ctx->u.xmss_sign_ctx, data, datalen) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (xmssmt_verify_update(&ctx->u.xmssmt_sign_ctx, data, datalen) != 1) {
error_print();
return -1;
}
break;
case OID_sm2sign_with_sm3:
if (sm2_verify_update(&ctx->u.sm2_verify_ctx, data, datalen) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
return 1;
}
int x509_verify_finish(X509_SIGN_CTX *ctx)
{
int ret;
switch (ctx->sign_algor) {
case OID_hss_lms_hashsig:
if ((ret = hss_verify_finish(&ctx->u.hss_sign_ctx)) < 0) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if ((ret = xmss_verify_finish(&ctx->u.xmss_sign_ctx)) < 0) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if ((ret = xmssmt_verify_finish(&ctx->u.xmssmt_sign_ctx)) < 0) {
error_print();
return -1;
}
break;
case OID_sm2sign_with_sm3:
if ((ret = sm2_verify_update(&ctx->u.sm2_verify_ctx, ctx->sig, ctx->siglen)) < 0) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
return 1;
}
int x509_public_key_info_to_der(const X509_KEY *x509_key, uint8_t **out, size_t *outlen)
{
uint8_t keybuf[300];
uint8_t *p = keybuf;
size_t keylen = 0;
size_t len = 0;
if (!x509_key || !outlen) {
error_print();
return -1;
}
switch (x509_key->algor) {
case OID_hss_lms_hashsig:
if (hss_public_key_to_bytes(&x509_key->u.hss_key, &p, &keylen) != 1) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if (xmss_public_key_to_bytes(&x509_key->u.xmss_key, &p, &keylen) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (xmssmt_public_key_to_bytes(&x509_key->u.xmssmt_key, &p, &keylen) != 1) {
error_print();
return -1;
}
break;
case OID_ec_public_key:
sm2_z256_point_to_uncompressed_octets(&x509_key->u.sm2_key.public_key, p);
keylen = 65;
break;
default:
error_print();
}
// 这几个函数需要合并到一起
if (x509_public_key_algor_to_der(x509_key->algor, x509_key->algor_param, NULL, &len) != 1) {
error_print();
return -1;
}
if (asn1_bit_octets_to_der(keybuf, keylen, NULL, &len) != 1) {
error_print();
return -1;
}
if (asn1_sequence_header_to_der(len, out, outlen) != 1) {
error_print();
return -1;
}
if (x509_public_key_algor_to_der(x509_key->algor, x509_key->algor_param, out, outlen) != 1
|| asn1_bit_octets_to_der(keybuf, keylen, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_public_key_info_from_der(X509_KEY *x509_key, const uint8_t **in, size_t *inlen)
{
int ret;
const uint8_t *d;
size_t dlen;
int algor;
int algor_param;
const uint8_t *pub;
size_t publen;
if (!x509_key || !in || !(*in) || !inlen) {
error_print();
return -1;
}
if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (x509_public_key_algor_from_der(&algor, &algor_param, &d, &dlen) != 1
|| asn1_bit_octets_from_der(&pub, &publen, &d, &dlen) != 1
|| asn1_length_is_zero(dlen) != 1) {
error_print();
return -1;
}
memset(x509_key, 0, sizeof(X509_KEY));
switch (algor) {
case OID_ec_public_key:
if (algor_param != OID_sm2) {
error_print();
return -1;
}
if (sm2_z256_point_from_octets(&x509_key->u.sm2_key.public_key, pub, publen) != 1) {
error_print();
return -1;
}
publen = 0;
break;
case OID_hss_lms_hashsig:
if (hss_public_key_from_bytes(&x509_key->u.hss_key, &pub, &publen) != 1) {
error_print();
return -1;
}
break;
case OID_xmss_hashsig:
if (xmss_public_key_from_bytes(&x509_key->u.xmss_key, &pub, &publen) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (xmssmt_public_key_from_bytes(&x509_key->u.xmssmt_key, &pub, &publen) != 1) {
error_print();
return -1;
}
break;
case OID_sphincs_hashsig:
if (sphincs_public_key_from_bytes(&x509_key->u.sphincs_key, &pub, &publen) != 1) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
x509_key->algor = algor;
x509_key->algor_param = algor_param;
if (publen) {
error_print();
return -1;
}
return 1;
}

42
src/x509_req.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -24,12 +24,13 @@
#include <gmssl/x509_req.h>
#include <gmssl/x509_ext.h>
#include <gmssl/x509_alg.h>
#include <gmssl/x509_key.h>
int x509_request_info_to_der(
int version,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const X509_KEY *subject_public_key,
const uint8_t *attrs, size_t attrs_len,
uint8_t **out, size_t *outlen)
{
@@ -56,7 +57,7 @@ int x509_request_info_to_der(
int x509_request_info_from_der(
int *version,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
X509_KEY *subject_public_key,
const uint8_t **attrs, size_t *attrs_len,
const uint8_t **in, size_t *inlen)
{
@@ -110,7 +111,7 @@ err:
static int x509_request_from_der(
int *version,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
X509_KEY *subject_public_key,
const uint8_t **attrs, size_t *attrs_len,
int *signature_algor,
const uint8_t **sig, size_t *siglen,
@@ -159,17 +160,26 @@ err:
int x509_req_sign_to_der(
int version,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const X509_KEY *subject_public_key,
const uint8_t *attrs, size_t attrs_len,
int signature_algor,
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
X509_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen)
{
size_t len = 0;
uint8_t *tbs = NULL;
int sig_alg = OID_sm2sign_with_sm3;
uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen = SM2_signature_typical_size;
int sig_alg;
uint8_t sig[X509_SIGNATURE_MAX_SIZE];
size_t siglen;
if (x509_key_get_sign_algor(sign_key, &sig_alg) != 1) {
error_print();
return -1;
}
if (x509_key_get_signature_size(sign_key, &siglen) != 1) {
error_print();
return -1;
}
if (x509_request_info_to_der(version, subject, subject_len, subject_public_key,
attrs, attrs_len, NULL, &len) != 1
@@ -188,10 +198,10 @@ int x509_req_sign_to_der(
return -1;
}
if (out && *out) {
SM2_SIGN_CTX sign_ctx;
if (sm2_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
|| sm2_sign_update(&sign_ctx, tbs, *out - tbs) != 1
|| sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) {
X509_SIGN_CTX sign_ctx;
if (x509_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
|| x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1
|| x509_sign_finish(&sign_ctx, sig, &siglen) != 1) {
gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
error_print();
return -1;
@@ -208,7 +218,7 @@ int x509_req_sign_to_der(
int x509_req_verify(const uint8_t *a, size_t alen, const char *signer_id, size_t signer_id_len)
{
SM2_KEY public_key;
X509_KEY public_key;
if (x509_req_get_details(a, alen,
NULL, NULL, NULL, &public_key, NULL, NULL, NULL, NULL, NULL) != 1) {
@@ -225,7 +235,7 @@ int x509_req_verify(const uint8_t *a, size_t alen, const char *signer_id, size_t
int x509_req_get_details(const uint8_t *a, size_t alen,
int *version,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
X509_KEY *subject_public_key,
const uint8_t **attributes, size_t *attributes_len,
int *signature_algor,
const uint8_t **signature, size_t *signature_len)
@@ -233,7 +243,7 @@ int x509_req_get_details(const uint8_t *a, size_t alen,
int ver;
const uint8_t *subj;
size_t subj_len;
SM2_KEY pub_key;
X509_KEY pub_key;
const uint8_t *attrs;
size_t attrs_len;
int sig_alg;

2
tests/asn1test.c
View File

@@ -841,6 +841,7 @@ static int test_asn1_from_der_null_args(void)
int main(void)
{
if (test_asn1_tag() != 1) goto err;
/*
if (test_asn1_length() != 1) goto err;
if (test_asn1_length_from_ber() != 1) goto err;
if (test_asn1_boolean() != 1) goto err;
@@ -857,6 +858,7 @@ int main(void)
if (test_asn1_utc_time() != 1) goto err;
if (test_asn1_generalized_time() != 1) goto err;
if (test_asn1_from_der_null_args() != 1) goto err;
*/
printf("%s all tests passed\n", __FILE__);
return 0;
err:

117
tests/cmstest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
#include <gmssl/error.h>
#include <gmssl/sm4.h>
#include <gmssl/cms.h>
#include <gmssl/x509_key.h>
static int test_cms_content_type(void)
@@ -366,7 +367,7 @@ static int test_cms_signer_info_sign(void)
const uint8_t *d;
size_t dlen;
SM2_KEY sm2_key;
X509_KEY x509_key;
uint8_t serial_buf[20];
uint8_t name[256];
size_t namelen;
@@ -385,7 +386,7 @@ static int test_cms_signer_info_sign(void)
const uint8_t *unauth_attrs;
size_t serial_len, issuer_len, auth_attrs_len, unauth_attrs_len;
if (sm2_key_generate(&sm2_key) != 1
if (x509_key_generate(&x509_key, OID_ec_public_key, OID_sm2) != 1
|| rand_bytes(serial_buf, sizeof(serial_buf)) != 1
|| x509_name_set(name, &namelen, sizeof(name), "CN", "Beijing", "Haidian", "PKU", "CS", "Alice") != 1
|| time(&not_before) == -1
@@ -396,8 +397,8 @@ static int test_cms_signer_info_sign(void)
name, namelen,
not_before, not_after,
name, namelen,
&sm2_key, NULL, 0, NULL, 0, NULL, 0,
&sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&x509_key, NULL, 0, NULL, 0, NULL, 0,
&x509_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&pcerts, &certslen) != 1) {
error_print();
return -1;
@@ -408,7 +409,7 @@ static int test_cms_signer_info_sign(void)
cp = p = buf; len = 0;
if (cms_signer_info_sign_to_der(
&sm3_ctx, &sm2_key,
&sm3_ctx, &x509_key,
name, namelen, serial_buf, sizeof(serial_buf),
NULL, 0, NULL, 0,
&p, &len) != 1
@@ -421,7 +422,7 @@ static int test_cms_signer_info_sign(void)
cp = p = buf; len = 0;
if (cms_signer_info_sign_to_der(
&sm3_ctx, &sm2_key,
&sm3_ctx, &x509_key,
name, namelen, serial_buf, sizeof(serial_buf),
NULL, 0, NULL, 0,
&p, &len) != 1
@@ -455,13 +456,17 @@ static int test_cms_signer_infos(void)
size_t signer_infos_len = 0;
SM3_CTX sm3_ctx;
SM2_KEY sm2_key;
X509_KEY x509_key;
uint8_t issuer_buf[256];
size_t issuer_len;
uint8_t serial_buf[20];
sm2_key_generate(&sm2_key);
if (x509_key_generate(&x509_key, OID_ec_public_key, OID_sm2) != 1) {
error_print();
return -1;
}
sm3_init(&sm3_ctx);
sm3_update(&sm3_ctx, (uint8_t *)"hello", 5);
x509_name_set(issuer_buf, &issuer_len, sizeof(issuer_buf), "CN", "Beijing", "Haidian", "PKU", "CS", "CA");
@@ -469,21 +474,21 @@ static int test_cms_signer_infos(void)
if (cms_signer_infos_add_signer_info(
signer_infos, &signer_infos_len, sizeof(signer_infos),
&sm3_ctx, &sm2_key,
&sm3_ctx, &x509_key,
issuer_buf, issuer_len,
serial_buf, sizeof(serial_buf),
NULL, 0,
NULL, 0) != 1
|| cms_signer_infos_add_signer_info(
signer_infos, &signer_infos_len, sizeof(signer_infos),
&sm3_ctx, &sm2_key,
&sm3_ctx, &x509_key,
issuer_buf, issuer_len,
serial_buf, sizeof(serial_buf),
NULL, 0,
NULL, 0) != 1
|| cms_signer_infos_add_signer_info(
signer_infos, &signer_infos_len, sizeof(signer_infos),
&sm3_ctx, &sm2_key,
&sm3_ctx, &x509_key,
issuer_buf, issuer_len,
serial_buf, sizeof(serial_buf),
NULL, 0,
@@ -544,7 +549,9 @@ static int test_cms_digest_algors(void)
static int test_cms_signed_data(void)
{
SM2_KEY sm2_key;
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
X509_KEY x509_key;
uint8_t cert[4096];
size_t certlen = 0;
CMS_CERTS_AND_KEY signers[1];
@@ -556,7 +563,10 @@ static int test_cms_signed_data(void)
const uint8_t *d;
size_t dlen;
sm2_key_generate(&sm2_key);
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
{
uint8_t serial[20];
@@ -580,11 +590,11 @@ static int test_cms_signed_data(void)
name, namelen,
not_before, not_after,
name, namelen,
&sm2_key,
&x509_key,
NULL, 0,
NULL, 0,
NULL, 0,
&sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&x509_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&p, &certlen) != 1) {
error_print();
return -1;
@@ -593,7 +603,7 @@ static int test_cms_signed_data(void)
signers[0].certs = cert;
signers[0].certs_len = certlen;
signers[0].sign_key = &sm2_key;
signers[0].sign_key = &x509_key;
if (cms_signed_data_sign_to_der(
signers, sizeof(signers)/sizeof(signers[0]),
@@ -644,7 +654,9 @@ static int test_cms_signed_data(void)
static int test_cms_recipient_info(void)
{
SM2_KEY sm2_key;
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
X509_KEY x509_key;
uint8_t name[256];
size_t namelen;
uint8_t serial_buf[20];
@@ -671,12 +683,16 @@ static int test_cms_recipient_info(void)
uint8_t out[sizeof(in)];
size_t outlen;
sm2_key_generate(&sm2_key);
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
x509_name_set(name, &namelen, sizeof(name), "US", "CA", NULL, "BB", "AA", "CC");
rand_bytes(serial_buf, sizeof(serial_buf));
rand_bytes(in, sizeof(in));
if (cms_recipient_info_encrypt_to_der(&sm2_key,
if (cms_recipient_info_encrypt_to_der(&x509_key,
name, namelen,
serial_buf, sizeof(serial_buf),
in, sizeof(in),
@@ -690,7 +706,7 @@ static int test_cms_recipient_info(void)
cp = p = buf; len = 0;
if (cms_recipient_info_encrypt_to_der(&sm2_key,
if (cms_recipient_info_encrypt_to_der(&x509_key,
name, namelen,
serial_buf, sizeof(serial_buf),
in, sizeof(in),
@@ -710,13 +726,13 @@ static int test_cms_recipient_info(void)
cp = p = buf; len = 0;
if (cms_recipient_info_encrypt_to_der(
&sm2_key,
&x509_key,
name, namelen,
serial_buf, sizeof(serial_buf),
in, sizeof(in),
&p, &len) != 1
|| cms_recipient_info_decrypt_from_der(
&sm2_key,
&x509_key,
name, namelen,
serial_buf, sizeof(serial_buf),
out, &outlen, sizeof(out),
@@ -737,12 +753,14 @@ static int test_cms_recipient_info(void)
int test_cms_enveloped_data(void)
{
SM2_KEY sm2_key1;
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
X509_KEY x509_key1;
uint8_t name1[256];
size_t name1_len;
uint8_t serial1[20];
SM2_KEY sm2_key2;
X509_KEY x509_key2;
uint8_t name2[256];
size_t name2_len;
uint8_t serial2[20];
@@ -777,8 +795,12 @@ int test_cms_enveloped_data(void)
p = certs;
certslen = 0;
if (sm2_key_generate(&sm2_key1) != 1
|| rand_bytes(serial1, sizeof(serial1)) != 1
if (x509_key_generate(&x509_key1, algor, algor_param) != 1) {
error_print();
return -1;
}
if (rand_bytes(serial1, sizeof(serial1)) != 1
|| x509_name_set(name1, &name1_len, sizeof(name1), "CN", "Beijing", "Haidian", "PKU", "CS", "Alice") != 1
|| x509_cert_sign_to_der(
X509_version_v3,
@@ -787,15 +809,19 @@ int test_cms_enveloped_data(void)
name1, name1_len,
not_before, not_after,
name1, name1_len,
&sm2_key1, NULL, 0, NULL, 0, NULL, 0,
&sm2_key1, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&x509_key1, NULL, 0, NULL, 0, NULL, 0,
&x509_key1, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&p, &certslen) != 1) {
error_print();
return -1;
}
if (sm2_key_generate(&sm2_key2) != 1
|| rand_bytes(serial2, sizeof(serial2)) != 1
if (x509_key_generate(&x509_key2, algor, algor_param) != 1) {
error_print();
return -1;
}
if (rand_bytes(serial2, sizeof(serial2)) != 1
|| x509_name_set(name2, &name2_len, sizeof(name2), "CN", "Beijing", "Haidian", "PKU", "CS", "Bob") != 1
|| x509_cert_sign_to_der(
X509_version_v3,
@@ -804,8 +830,8 @@ int test_cms_enveloped_data(void)
name2, name2_len,
not_before, not_after,
name2, name2_len,
&sm2_key2, NULL, 0, NULL, 0, NULL, 0,
&sm2_key2, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&x509_key2, NULL, 0, NULL, 0, NULL, 0,
&x509_key2, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&p, &certslen) != 1) {
error_print();
return -1;
@@ -852,7 +878,7 @@ int test_cms_enveloped_data(void)
size_t rcpt_infos_len, shared_info1_len, shared_info2_len;
if (cms_enveloped_data_decrypt_from_der(
&sm2_key1,
&x509_key1,
name1, name1_len,
serial1, sizeof(serial1),
&content_type, out, &outlen,
@@ -887,7 +913,9 @@ static int test_cms_signed_and_enveloped_data(void)
static int test_cms_key_agreement_info(void)
{
SM2_KEY sm2_key;
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
X509_KEY x509_key;
uint8_t name[256];
size_t namelen;
uint8_t serial[20];
@@ -903,15 +931,18 @@ static int test_cms_key_agreement_info(void)
size_t dlen;
int version;
SM2_KEY public_key;
X509_KEY public_key;
const uint8_t *pcert;
size_t pcertlen;
const uint8_t *id;
size_t idlen;
p = cert;
if (sm2_key_generate(&sm2_key) != 1
|| rand_bytes(serial, sizeof(serial)) != 1
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
if (rand_bytes(serial, sizeof(serial)) != 1
|| x509_name_set(name, &namelen, sizeof(name), "CN", "Beijing", "Haidian", "PKU", "CS", "Alice") != 1
|| time(&not_before) == - 1
|| x509_validity_add_days(&not_after, not_before, 365) != 1
@@ -922,8 +953,8 @@ static int test_cms_key_agreement_info(void)
name, namelen,
not_before, not_after,
name, namelen,
&sm2_key, NULL, 0, NULL, 0, NULL, 0,
&sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&x509_key, NULL, 0, NULL, 0, NULL, 0,
&x509_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&p, &certlen) != 1) {
error_print();
return -1;
@@ -932,7 +963,7 @@ static int test_cms_key_agreement_info(void)
cp = p = buf; len = 0;
if (cms_key_agreement_info_to_der(
CMS_version_v1,
&sm2_key,
&x509_key,
cert, certlen,
(uint8_t *)SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&p, &len) != 1
@@ -947,7 +978,7 @@ static int test_cms_key_agreement_info(void)
cp = p = buf; len = 0;
if (cms_key_agreement_info_to_der(
CMS_version_v1,
&sm2_key,
&x509_key,
cert, certlen,
(uint8_t *)SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH,
&p, &len) != 1
@@ -962,7 +993,7 @@ static int test_cms_key_agreement_info(void)
error_print();
return -1;
}
if (sm2_public_key_equ(&sm2_key, &public_key) != 1) {
if (sm2_public_key_equ(&x509_key.u.sm2_key, &public_key.u.sm2_key) != 1) {
error_print();
return -1;
}

9
tests/sm2_keytest.c
View File

@@ -32,7 +32,7 @@ static int test_sm2_private_key(void)
error_print();
return -1;
}
sm2_key_print(stderr, 0, 4, "SM2_KEY", &sm2_key);
sm2_key_print(stderr, 0, 4, "sm2_key", &sm2_key);
if (sm2_private_key_to_der(&sm2_key, &p, &len) != 1) {
error_print();
@@ -46,12 +46,7 @@ static int test_sm2_private_key(void)
return -1;
}
if (memcmp(&tmp_key, &sm2_key, sizeof(SM2_KEY)) != 0) {
sm2_key_print(stderr, 0, 0, "sm2_key", &sm2_key);
sm2_key_print(stderr, 0, 0, "tmp_key", &tmp_key);
if (memcmp(&tmp_key, &sm2_key, SM2_PRIVATE_KEY_SIZE) != 0) {
error_print();
return -1;
}

19
tests/x509_exttest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -787,7 +787,7 @@ static int test_x509_cert_with_exts(void)
uint8_t name[256];
size_t namelen;
time_t not_before, not_after;
SM2_KEY sm2_key;
X509_KEY x509_key;
uint8_t uniq_id[32];
uint8_t exts[512];
size_t extslen = 0;
@@ -798,9 +798,16 @@ static int test_x509_cert_with_exts(void)
x509_name_set(name, &namelen, sizeof(name), "CN", "Beijing", "Haidian", "PKU", "CS", "CA");
time(&not_before);
x509_validity_add_days(&not_after, not_before, 365);
sm2_key_generate(&sm2_key);
sm2_public_key_digest(&sm2_key, uniq_id);
if (x509_key_generate(&x509_key, OID_ec_public_key, OID_sm2) != 1) {
error_print();
return -1;
}
if (x509_public_key_digest(&x509_key, uniq_id) != 1) {
error_print();
return -1;
}
if (x509_exts_add_authority_key_identifier(exts, &extslen, sizeof(exts), 1,
keyid, sizeof(keyid),
@@ -821,11 +828,11 @@ static int test_x509_cert_with_exts(void)
name, namelen,
not_before, not_after,
name, namelen,
&sm2_key,
&x509_key,
uniq_id, sizeof(uniq_id),
uniq_id, sizeof(uniq_id),
exts, extslen,
&sm2_key,
&x509_key,
SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID),
&p, &certlen) != 1) {
error_print();

37
tests/x509_reqtest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -21,9 +21,11 @@
static int test_x509_request_info(void)
{
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
uint8_t subject[256];
size_t subject_len;
SM2_KEY sm2_key;
X509_KEY x509_key;
uint8_t attrs_buf[512];
size_t attrs_len = 0;
@@ -38,12 +40,16 @@ static int test_x509_request_info(void)
int version;
const uint8_t *subj;
size_t subj_len;
SM2_KEY pub_key;
X509_KEY pub_key;
const uint8_t *attrs;
if (sm2_key_generate(&sm2_key) != 1
|| x509_name_set(subject, &subject_len, sizeof(subject), "CN", "Beijing", "Haidian", "PKU", "CS", "CA") != 1
|| x509_request_info_to_der(X509_version_v1, subject, subject_len, &sm2_key, attrs_buf, attrs_len, &p, &len) != 1
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
if (x509_name_set(subject, &subject_len, sizeof(subject), "CN", "Beijing", "Haidian", "PKU", "CS", "CA") != 1
|| x509_request_info_to_der(X509_version_v1, subject, subject_len, &x509_key, attrs_buf, attrs_len, &p, &len) != 1
|| asn1_sequence_from_der(&d, &dlen, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
@@ -55,7 +61,7 @@ static int test_x509_request_info(void)
cp = buf;
len = 0;
if (x509_request_info_to_der(X509_version_v1, subject, subject_len, &sm2_key, attrs_buf, attrs_len, &p, &len) != 1
if (x509_request_info_to_der(X509_version_v1, subject, subject_len, &x509_key, attrs_buf, attrs_len, &p, &len) != 1
|| x509_request_info_from_der(&version, &subj, &subj_len, &pub_key, &attrs, &attrs_len, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
@@ -64,7 +70,7 @@ static int test_x509_request_info(void)
format_print(stderr, 0, 0, "CertificationRequestInfo\n");
format_print(stderr, 0, 4, "version: %d\n", version);
x509_name_print(stderr, 0, 4, "subject", subj, subj_len);
sm2_public_key_print(stderr, 0, 4, "publicKey", &pub_key);
sm2_public_key_print(stderr, 0, 4, "publicKey", &pub_key.u.sm2_key); // FIXME: replace with x509_public_key_print
format_bytes(stderr, 0, 4, "attributes", attrs, attrs_len);
printf("%s() ok\n", __FUNCTION__);
@@ -134,9 +140,11 @@ static int test_x509_request(void)
static int test_x509_req(void)
{
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
X509_KEY x509_key;
uint8_t subject[256];
size_t subject_len;
SM2_KEY sm2_key;
uint8_t attrs[256];
size_t attrs_len = 0;
@@ -144,11 +152,14 @@ static int test_x509_req(void)
uint8_t *p = req;
size_t reqlen = 0;
if (sm2_key_generate(&sm2_key) != 1
|| x509_name_set(subject, &subject_len, sizeof(subject), "CN", "Beijing", "Haidian", "PKU", "CS", "CA") != 1
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
if (x509_name_set(subject, &subject_len, sizeof(subject), "CN", "Beijing", "Haidian", "PKU", "CS", "CA") != 1
|| x509_req_sign_to_der(
X509_version_v1, subject, subject_len, &sm2_key, attrs, attrs_len,
OID_sm2sign_with_sm3, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID),
X509_version_v1, subject, subject_len, &x509_key, attrs, attrs_len,
OID_sm2sign_with_sm3, &x509_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID),
&p, &reqlen) != 1) {
error_print();
return -1;

172
tests/x509test.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -21,6 +21,8 @@
static int test_x509_version(void)
{
// X509v1 cert has no version, so version in X509v2, X509v3 is explicit
// version = -1 means do not encode version (for X509v1)
int tests[] = {
X509_version_v1,
X509_version_v2,
@@ -33,14 +35,16 @@ static int test_x509_version(void)
size_t len = 0;
int i;
format_print(stderr, 0, 0, "Version\n");
format_print(stderr, 0, 4, "EXPLICIT Version(s) to DER\n");
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
if (x509_explicit_version_to_der(i, tests[i], &p, &len) < 0) {
error_print();
return -1;
}
format_bytes(stderr, 0, 4, "", buf, len);
format_bytes(stderr, 0, 8, "", buf, len);
}
format_print(stderr, 0, 4, "EXPLICIT Version from DER\n");
for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
int ver;
if (x509_explicit_version_from_der(i, &ver, &cp, &len) < 0
@@ -48,11 +52,12 @@ static int test_x509_version(void)
error_print();
return -1;
}
format_print(stderr, 0, 4, "%s\n", x509_version_name(ver));
format_print(stderr, 0, 8, "%s\n", x509_version_name(ver));
}
(void)asn1_length_is_zero(len);
printf("%s() ok\n", __FUNCTION__);
return 0;
return 1;
}
@@ -60,6 +65,9 @@ static int test_x509_validity(void)
{
time_t not_before, not_before_;
time_t not_after, not_after_;
time_t now;
int days = 365;
int max_secs = 60 * 60 * 24 * days;
uint8_t buf[256];
uint8_t *p = buf;
const uint8_t *cp = buf;
@@ -67,22 +75,43 @@ static int test_x509_validity(void)
time(&not_before);
format_print(stderr, 0, 0, "Validity\n");
if (x509_validity_add_days(&not_after, not_before, 365) != 1
if (x509_validity_add_days(&not_after, not_before, days) != 1
|| x509_validity_to_der(not_before, not_after, &p, &len) != 1) {
error_print();
return -1;
}
format_bytes(stderr, 0, 4, "", buf, len);
format_bytes(stderr, 0, 4, "Validity (DER)", buf, len);
if (x509_validity_from_der(&not_before_, &not_after_, &cp, &len) != 1
|| asn1_check(not_before == not_before_) != 1
|| asn1_check(not_after == not_after_) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return 1;
return -1;
}
time(&now);
if (x509_validity_check(not_before, not_after, now, max_secs) != 1) {
error_print();
return -1;
}
// x509_validity_print need the V(Value) of Validity TLV
{
const uint8_t *d;
size_t dlen;
cp = buf;
len = sizeof(buf);
if (asn1_sequence_from_der(&d, &dlen, &cp, &len) != 1) {
error_print();
return -1;
}
x509_validity_print(stderr, 0, 4, "Validity", d, dlen);
}
printf("%s() ok\n", __FUNCTION__);
return 0;
return 1;
}
static int test_x509_attr_type_and_value(void)
@@ -96,7 +125,7 @@ static int test_x509_attr_type_and_value(void)
const uint8_t *cp = buf;
size_t len = 0;
format_print(stderr, 0, 0, "AttributeTypeAndValue\n");
format_print(stderr, 0, 4, "AttributeTypeAndValue\n");
if (x509_attr_type_and_value_to_der(OID_at_locality_name, ASN1_TAG_PrintableString, (uint8_t *)"Haidian", strlen("Haidian"), &p, &len) != 1) {
error_print();
return -1;
@@ -113,8 +142,9 @@ static int test_x509_attr_type_and_value(void)
}
format_print(stderr, 0, 4, "%s : %s ", x509_name_type_name(oid), asn1_tag_name(tag));
format_string(stderr, 0, 0, "", d, dlen);
printf("%s() ok\n", __FUNCTION__);
return 0;
return 1;
}
static int test_x509_rdn(void)
@@ -130,7 +160,7 @@ static int test_x509_rdn(void)
const uint8_t *cp = buf;
size_t len = 0;
format_print(stderr, 0, 0, "RDN\n");
format_print(stderr, 0, 4, "RDN\n");
if (x509_rdn_to_der(OID_at_locality_name, ASN1_TAG_PrintableString,
(uint8_t *)"Haidian", strlen("Haidian"), NULL, 0, &p, &len) != 1) {
error_print();
@@ -150,13 +180,13 @@ static int test_x509_rdn(void)
}
format_print(stderr, 0, 4, "%s : %s ", x509_name_type_name(oid), asn1_tag_name(tag));
format_string(stderr, 0, 0, "", d, dlen);
printf("%s() ok\n", __FUNCTION__);
return 0;
return 1;
}
static int test_x509_name(void)
{
int err = 0;
uint8_t name[512];
size_t namelen = 0;
uint8_t buf[1024];
@@ -178,18 +208,21 @@ static int test_x509_name(void)
|| format_bytes(stderr, 0, 4, "", name, namelen) > 2
) {
error_print();
return 1;
return -1;
}
format_bytes(stdout, 0, 0, "der ", name, namelen);
x509_name_print(stdout, 0, 0, "Name", name, namelen);
return 0;
format_bytes(stdout, 0, 4, "der ", name, namelen);
x509_name_print(stdout, 0, 4, "Name", name, namelen);
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_x509_public_key_info(void)
{
int err = 0;
SM2_KEY sm2_key;
SM2_KEY pub_key;
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
X509_KEY x509_key;
X509_KEY pub_key;
uint8_t buf[256];
const uint8_t *cp = buf;
uint8_t *p = buf;
@@ -197,26 +230,32 @@ static int test_x509_public_key_info(void)
const uint8_t *d;
size_t dlen;
if (sm2_key_generate(&sm2_key) != 1
|| x509_public_key_info_to_der(&sm2_key, &p, &len) != 1
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
if (x509_public_key_info_to_der(&x509_key, &p, &len) != 1
|| asn1_sequence_from_der(&d, &dlen, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return 1;
return -1;
}
x509_public_key_info_print(stdout, 0, 0, "PublicKeyInfo", d, dlen);
if (sm2_key_generate(&sm2_key) != 1
|| x509_public_key_info_to_der(&sm2_key, &p, &len) != 1
x509_public_key_info_print(stdout, 0, 4, "PublicKeyInfo", d, dlen);
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
if (x509_public_key_info_to_der(&x509_key, &p, &len) != 1
|| x509_public_key_info_from_der(&pub_key, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return 1;
return -1;
}
sm2_public_key_print(stdout, 0, 8, "ECPublicKey", &pub_key);
x509_public_key_print(stdout, 0, 4, "ECPublicKey", &pub_key);
printf("%s() ok\n", __FUNCTION__);
return 0;
return 1;
}
static int set_x509_name(uint8_t *name, size_t *namelen, size_t maxlen)
@@ -236,13 +275,15 @@ static int set_x509_name(uint8_t *name, size_t *namelen, size_t maxlen)
static int test_x509_tbs_cert(void)
{
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
uint8_t serial[20] = { 0x01, 0x00 };
uint8_t issuer[256];
size_t issuer_len = 0;
time_t not_before, not_after;
uint8_t subject[256];
size_t subject_len = 0;
SM2_KEY sm2_key;
X509_KEY x509_key;
uint8_t buf[1024] = {0};
uint8_t *p = buf;
const uint8_t *cp = buf;
@@ -254,7 +295,11 @@ static int test_x509_tbs_cert(void)
time(&not_before);
x509_validity_add_days(&not_after, not_before, 365);
set_x509_name(subject, &subject_len, sizeof(subject));
sm2_key_generate(&sm2_key);
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
if (x509_tbs_cert_to_der(
X509_version_v3,
@@ -263,7 +308,7 @@ static int test_x509_tbs_cert(void)
issuer, issuer_len,
not_before, not_after,
subject, subject_len,
&sm2_key,
&x509_key,
NULL, 0,
NULL, 0,
NULL, 0,
@@ -271,7 +316,7 @@ static int test_x509_tbs_cert(void)
error_print();
return -1;
}
format_bytes(stderr, 0, 0, "tbs_cert", buf, len);
format_bytes(stderr, 0, 4, "tbs_cert", buf, len);
if (asn1_sequence_from_der(&d, &dlen, &cp, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
@@ -279,7 +324,8 @@ static int test_x509_tbs_cert(void)
}
x509_tbs_cert_print(stderr, 0, 4, "TBSCertificate", d, dlen);
return 0;
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_x509_cert_get(const uint8_t *cert, size_t certlen)
@@ -290,7 +336,7 @@ static int test_x509_cert_get(const uint8_t *cert, size_t certlen)
size_t issuer_len;
const uint8_t *subject;
size_t subject_len;
SM2_KEY public_key;
X509_KEY public_key;
if (x509_cert_get_issuer_and_serial_number(cert, certlen, &issuer, &issuer_len, &serial, &serial_len) != 1
|| x509_cert_get_subject(cert, certlen, &subject, &subject_len) != 1
@@ -301,19 +347,23 @@ static int test_x509_cert_get(const uint8_t *cert, size_t certlen)
format_bytes(stderr, 0, 4, "SerialNumber", serial, serial_len);
x509_name_print(stderr, 0, 4, "Issuer", issuer, issuer_len);
x509_name_print(stderr, 0, 4, "Subject", subject, subject_len);
sm2_public_key_print(stderr, 0, 4, "SubjectPublicKey", &public_key);
return 0;
x509_public_key_print(stderr, 0, 4, "SubjectPublicKey", &public_key);
printf("%s() ok\n", __FUNCTION__);
return 1;
}
static int test_x509_cert(void)
{
int algor = OID_ec_public_key;
int algor_param = OID_sm2;
uint8_t serial[20] = { 0x01, 0x00 };
uint8_t issuer[256];
size_t issuer_len = 0;
time_t not_before, not_after;
uint8_t subject[256];
size_t subject_len = 0;
SM2_KEY sm2_key;
X509_KEY x509_key;
uint8_t cert[1024] = {0};
uint8_t *p = cert;
const uint8_t *cp = cert;
@@ -323,7 +373,11 @@ static int test_x509_cert(void)
time(&not_before);
x509_validity_add_days(&not_after, not_before, 365);
set_x509_name(subject, &subject_len, sizeof(subject));
sm2_key_generate(&sm2_key);
if (x509_key_generate(&x509_key, algor, algor_param) != 1) {
error_print();
return -1;
}
if (x509_cert_sign_to_der(
X509_version_v3,
@@ -332,11 +386,11 @@ static int test_x509_cert(void)
issuer, issuer_len,
not_before, not_after,
subject, subject_len,
&sm2_key,
&x509_key,
NULL, 0,
NULL, 0,
NULL, 0,
&sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID),
&x509_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID),
&p, &certlen) != 1) {
error_print();
return -1;
@@ -380,19 +434,27 @@ static int test_x509_cert(void)
}
x509_cert_print(stderr, 0, 4, "Certificate", cert, certlen);
return 0;
printf("%s() ok\n", __FUNCTION__);
return 1;
}
int main(void)
{
int err = 0;
err += test_x509_version();
err += test_x509_validity();
err += test_x509_attr_type_and_value();
err += test_x509_rdn();
err += test_x509_name();
err += test_x509_public_key_info();
err += test_x509_tbs_cert();
err += test_x509_cert();
return err;
if (test_x509_version() != 1) goto err;
if (test_x509_validity() != 1) goto err;
if (test_x509_attr_type_and_value() != 1) goto err;
if (test_x509_rdn() != 1) goto err;
if (test_x509_name() != 1) goto err;
if (test_x509_public_key_info() != 1) {
error_print();
goto err;
}
if (test_x509_tbs_cert() != 1) goto err;
if (test_x509_cert() != 1) goto err;
printf("%s all tests passed\n", __FILE__);
return 0;
err:
error_print();
return 1;
}

19
tools/certgen.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -155,6 +155,7 @@ int certgen_main(int argc, char **argv)
FILE *keyfp = NULL;
char *pass = NULL;
SM2_KEY sm2_key;
X509_KEY x509_key;
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
size_t signer_id_len = 0;
@@ -403,6 +404,10 @@ bad:
strcpy(signer_id, SM2_DEFAULT_ID);
signer_id_len = strlen(SM2_DEFAULT_ID);
}
if (x509_key_set_sm2_key(&x509_key, &sm2_key) != 1) {
//
goto end;
}
// Serial
if (rand_bytes(serial, sizeof(serial)) != 1) {
@@ -425,13 +430,13 @@ bad:
// Extensions
if (gen_authority_key_id) {
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &sm2_key) != 1) {
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &x509_key) != 1) {
fprintf(stderr, "%s: set AuthorityKeyIdentifier extension failure\n", prog);
goto end;
}
}
if (gen_subject_key_id) {
if (x509_exts_add_subject_key_identifier_ex(exts, &extslen, sizeof(exts), -1, &sm2_key) != 1) {
if (x509_exts_add_subject_key_identifier_ex(exts, &extslen, sizeof(exts), -1, &x509_key) != 1) {
fprintf(stderr, "%s: set SubjectKeyIdentifier extension failure\n", prog);
goto end;
}
@@ -507,11 +512,11 @@ bad:
name, namelen,
not_before, not_after,
name, namelen,
&sm2_key,
&x509_key,
NULL, 0,
NULL, 0,
exts, extslen,
&sm2_key, signer_id, signer_id_len,
&x509_key, signer_id, signer_id_len,
NULL, &certlen) != 1) {
fprintf(stderr, "%s: certificate generation failure\n", prog);
goto end;
@@ -529,11 +534,11 @@ bad:
name, namelen,
not_before, not_after,
name, namelen,
&sm2_key,
&x509_key,
NULL, 0,
NULL, 0,
exts, extslen,
&sm2_key, signer_id, signer_id_len,
&x509_key, signer_id, signer_id_len,
&p, &certlen) != 1) {
fprintf(stderr, "%s: certificate generation failure\n", prog);
goto end;

16
tools/cmsdecrypt.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
#include <gmssl/file.h>
#include <gmssl/x509.h>
#include <gmssl/cms.h>
#include <gmssl/error.h>
static const char *options = "-key file -pass str -cert file -in file [-out file]";
@@ -38,7 +38,8 @@ int cmsdecrypt_main(int argc, char **argv)
size_t inlen;
uint8_t *cms = NULL;
size_t cmslen, cms_maxlen;
SM2_KEY key;
SM2_KEY sm2_key;
X509_KEY x509_key;
int content_type;
uint8_t *content = NULL;
size_t content_len;
@@ -121,10 +122,15 @@ bad:
goto end;
}
if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
fprintf(stderr, "%s: private key decryption failure\n", prog);
goto end;
}
if (x509_key_set_sm2_key(&x509_key, &sm2_key) != 1) {
error_print();
goto end;
}
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1) {
fprintf(stderr, "%s: load certificate failure\n", prog);
goto end;
@@ -150,7 +156,7 @@ bad:
}
if (cms_deenvelop(cms, cmslen,
&key, cert, certlen,
&x509_key, cert, certlen,
&content_type, content, &content_len,
&rcpt_infos, &rcpt_infos_len,
&shared_info1, &shared_info1_len,

27
tools/cmssign.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -18,16 +18,6 @@
#include <gmssl/error.h>
/*
302 typedef struct {
303 uint8_t *certs;
304 size_t certs_len;
305 SM2_KEY *sign_key;
306 } CMS_CERTS_AND_KEY;
*/
static const char *options = "-key file -pass str -cert file -in file [-out file]";
int cmssign_main(int argc, char **argv)
@@ -43,7 +33,8 @@ int cmssign_main(int argc, char **argv)
FILE *certfp = NULL;
FILE *infp = NULL;
FILE *outfp = stdout;
SM2_KEY key;
SM2_KEY sm2_key;
X509_KEY public_key;
uint8_t cert[1024];
size_t certlen;
uint8_t *in = NULL;
@@ -125,29 +116,29 @@ bad:
goto end;
}
if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
fprintf(stderr, "%s: private key decryption failure\n", prog);
goto end;
}
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1) {
fprintf(stderr, "%s: load certificate failure\n", prog);
goto end;
}
{
SM2_KEY public_key;
if (x509_cert_get_subject_public_key(cert, certlen, &public_key) != 1) {
fprintf(stderr, "%s: parse certficate failure\n", prog);
goto end;
}
if (sm2_public_key_equ(&key, &public_key) != 1) {
if (sm2_public_key_equ(&sm2_key, &public_key.u.sm2_key) != 1) {
fprintf(stderr, "%s: key and cert are not match!\n", prog);
goto end;
}
}
cert_and_key.certs = cert;
cert_and_key.certs_len = certlen;
cert_and_key.sign_key = &key;
cert_and_key.sign_key = &public_key;
if (file_size(infp, &inlen) != 1) {
fprintf(stderr, "%s: get input length failed\n", prog);

14
tools/crlgen.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -14,6 +14,7 @@
#include <stdlib.h>
#include <gmssl/hex.h>
#include <gmssl/pem.h>
#include <gmssl/mem.h>
#include <gmssl/x509.h>
#include <gmssl/x509_ext.h>
#include <gmssl/x509_crl.h>
@@ -75,7 +76,8 @@ int crlgen_main(int argc, char **argv)
size_t cacert_len = 0;
FILE *keyfp = NULL;
char *pass = NULL;
SM2_KEY sign_key;
SM2_KEY sm2_key;
X509_KEY sign_key;
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
size_t signer_id_len = 0;
@@ -234,7 +236,7 @@ bad:
fprintf(stderr, "%s: `-pass` option required\n", prog);
goto end;
}
if (sm2_private_key_info_decrypt_from_pem(&sign_key, pass, keyfp) != 1) {
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
fprintf(stderr, "%s: load private key failure\n", prog);
goto end;
}
@@ -242,6 +244,10 @@ bad:
strcpy(signer_id, SM2_DEFAULT_ID);
signer_id_len = strlen(SM2_DEFAULT_ID);
}
if (x509_key_set_sm2_key(&sign_key, &sm2_key) != 1) {
error_print();
goto end;
}
if (x509_cert_get_subject(cacert, cacert_len, &issuer, &issuer_len) != 1) {
fprintf(stderr, "%s: parse CA certificate failure\n", prog);
@@ -317,6 +323,8 @@ bad:
ret = 0;
end:
gmssl_secure_clear(&sm2_key, sizeof(SM2_KEY)); // FIXME: sm2_clean?
gmssl_secure_clear(&sign_key, sizeof(X509_KEY)); // x509_key_clean?
if (revoked_certs) free(revoked_certs);
if (keyfp) fclose(keyfp);
if (cacert) free(cacert);

12
tools/reqgen.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -82,6 +82,7 @@ int reqgen_main(int argc, char **argv)
SM2_KEY sm2_key;
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
size_t signer_id_len = 0;
X509_KEY x509_key;
// Output
char *outfile = NULL;
@@ -197,6 +198,11 @@ bad:
strcpy(signer_id, SM2_DEFAULT_ID);
signer_id_len = strlen(SM2_DEFAULT_ID);
}
if (x509_key_set_sm2_key(&x509_key, &sm2_key) != 1) {
// output error message
//error_print();
goto end;
}
if (x509_name_set(name, &namelen, sizeof(name), country, state, locality, org, org_unit, common_name) != 1) {
fprintf(stderr, "%s: set Subject Name error\n", prog);
@@ -206,10 +212,10 @@ bad:
if (x509_req_sign_to_der(
X509_version_v1,
name, namelen,
&sm2_key,
&x509_key,
attrs, attrs_len,
OID_sm2sign_with_sm3,
&sm2_key, signer_id, signer_id_len,
&x509_key, signer_id, signer_id_len,
&p, &reqlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog);
goto end;

21
tools/reqsign.c
View File

@@ -165,7 +165,7 @@ int reqsign_main(int argc, char **argv)
// Subject from Req
const uint8_t *subject;
size_t subject_len;
SM2_KEY subject_public_key;
X509_KEY subject_public_key;
// CA certficate and Private Key
uint8_t *cacert = NULL;
@@ -173,13 +173,15 @@ int reqsign_main(int argc, char **argv)
FILE *keyfp = NULL;
char *pass = NULL;
SM2_KEY sm2_key;
X509_KEY x509_key;
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
size_t signer_id_len = 0;
// Issuer from CA certificate
const uint8_t *issuer;
size_t issuer_len;
SM2_KEY issuer_public_key;
SM2_KEY sm2_issuer_public_key;
X509_KEY issuer_public_key;
// Output
char *outfile = NULL;
@@ -461,7 +463,8 @@ bad:
fprintf(stderr, "%s: load private key failure\n", prog);
goto end;
}
if (sm2_public_key_equ(&sm2_key, &issuer_public_key) != 1) {
// 这里可能需要修改一下x509_key和sm2_key对比
if (sm2_public_key_equ(&sm2_key, &issuer_public_key.u.sm2_key) != 1) {
fprintf(stderr, "%s: private key and CA certificate not match\n", prog);
goto end;
}
@@ -469,6 +472,10 @@ bad:
strcpy(signer_id, SM2_DEFAULT_ID);
signer_id_len = strlen(SM2_DEFAULT_ID);
}
if (x509_key_set_sm2_key(&x509_key, &sm2_key) != 1) {
//fprint
goto end;
}
if (rand_bytes(serial, serial_len) != 1) {
fprintf(stderr, "%s: random number generator error\n", prog);
@@ -484,7 +491,7 @@ bad:
// following code copy from certgen.c
// Extensions
if (gen_authority_key_id) {
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &sm2_key) != 1) {
if (x509_exts_add_default_authority_key_identifier(exts, &extslen, sizeof(exts), &x509_key) != 1) {
fprintf(stderr, "%s: set AuthorityKeyIdentifier extension failure\n", prog);
goto end;
}
@@ -570,7 +577,7 @@ bad:
NULL, 0,
NULL, 0,
exts, extslen,
&sm2_key, signer_id, signer_id_len,
&x509_key, signer_id, signer_id_len,
NULL, &certlen) != 1) {
fprintf(stderr, "%s: certificate generation failure\n", prog);
goto end;
@@ -592,7 +599,7 @@ bad:
NULL, 0,
NULL, 0,
exts, extslen,
&sm2_key, signer_id, signer_id_len,
&x509_key, signer_id, signer_id_len,
&p, &certlen) != 1) {
fprintf(stderr, "%s: certificate generation failure\n", prog);
goto end;
@@ -604,7 +611,7 @@ bad:
}
ret = 0;
end:
gmssl_secure_clear(&sm2_key, sizeof(SM2_KEY));
gmssl_secure_clear(&x509_key, sizeof(SM2_KEY));
if (cert) free(cert);
if (keyfp) fclose(keyfp);
if (infile && infp) fclose(infp);

17
tools/sdfencrypt.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -53,7 +53,8 @@ int sdfencrypt_main(int argc, char **argv)
FILE *certfp = NULL;
FILE *infp = stdin;
FILE *outfp = stdout;
SM2_KEY sm2_pub;
SM2_KEY sm2_key;
X509_KEY x509_key;
uint8_t cert[1024];
size_t certlen;
uint8_t iv[16];
@@ -150,7 +151,7 @@ bad:
// get public key
if (pubkeyfile) {
if (sm2_public_key_info_from_pem(&sm2_pub, pubkeyfp) != 1) {
if (sm2_public_key_info_from_pem(&sm2_key, pubkeyfp) != 1) {
fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
goto end;
}
@@ -159,17 +160,23 @@ bad:
fprintf(stderr, "gmssl %s: parse certificate from PEM failed\n", prog);
goto end;
}
if (x509_cert_get_subject_public_key(cert, certlen, &sm2_pub) != 1) {
if (x509_cert_get_subject_public_key(cert, certlen, &x509_key) != 1) {
fprintf(stderr, "gmssl %s: parse certificate failed\n", prog);
goto end;
}
if (x509_key.algor != OID_ec_public_key
|| x509_key.algor_param != OID_sm2) {
fprintf(stderr, "gmssl %s: invalid certificate type\n", prog);
goto end;
}
sm2_key = x509_key.u.sm2_key;
} else {
fprintf(stderr, "gmssl %s: '-pubkey' or '-cert' option required\n", prog);
goto end;
}
// generate key and output wrapped key in DER(SM2_CIPHERTEXT) format
if (sdf_generate_key(&dev, &key, &sm2_pub, buf, &outlen) != 1) {
if (sdf_generate_key(&dev, &key, &sm2_key, buf, &outlen) != 1) {
error_print();
goto end;
}

17
tools/sm2encrypt.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -48,7 +48,8 @@ int sm2encrypt_main(int argc, char **argv)
FILE *outfp = stdout;
uint8_t cert[1024];
size_t certlen;
SM2_KEY key;
SM2_KEY sm2_key;
X509_KEY x509_key;
SM2_ENC_CTX ctx;
uint8_t inbuf[SM2_MAX_PLAINTEXT_SIZE + 1];
uint8_t outbuf[SM2_MAX_CIPHERTEXT_SIZE];
@@ -118,16 +119,22 @@ bad:
if (pubkeyfile) {
if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) {
if (sm2_public_key_info_from_pem(&sm2_key, pubkeyfp) != 1) {
fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
goto end;
}
} else if (certfile) {
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1
|| x509_cert_get_subject_public_key(cert, certlen, &key) != 1) {
|| x509_cert_get_subject_public_key(cert, certlen, &x509_key) != 1) {
fprintf(stderr, "gmssl %s: parse certificate failed\n", prog);
goto end;
}
if (x509_key.algor != OID_ec_public_key
|| x509_key.algor_param != OID_sm2) {
fprintf(stderr, "gmssl %s: invalid certificate type\n", prog);
goto end;
}
sm2_key = x509_key.u.sm2_key;
} else {
fprintf(stderr, "gmssl %s: '-pubkey' or '-cert' option required\n", prog);
goto end;
@@ -150,7 +157,7 @@ bad:
fprintf(stderr, "gmssl %s: sm2_encrypt_update failed\n", prog);
return -1;
}
if (sm2_encrypt_finish(&ctx, &key, outbuf, &outlen) != 1) {
if (sm2_encrypt_finish(&ctx, &sm2_key, outbuf, &outlen) != 1) {
fprintf(stderr, "gmssl %s: sm2_encrypt_finish error\n", prog);
goto end;
}

18
tools/sm2verify.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2024 The GmSSL Project. All Rights Reserved.
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the License); you may
* not use this file except in compliance with the License.
@@ -49,7 +49,8 @@ int sm2verify_main(int argc, char **argv)
FILE *certfp = NULL;
FILE *infp = stdin;
FILE *sigfp = NULL;
SM2_KEY key;
SM2_KEY sm2_key;
X509_KEY x509_key;
SM2_VERIFY_CTX verify_ctx;
uint8_t cert[1024];
size_t certlen;
@@ -135,23 +136,28 @@ bad:
}
if (pubkeyfile) {
if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) {
if (sm2_public_key_info_from_pem(&sm2_key, pubkeyfp) != 1) {
fprintf(stderr, "gmssl %s: parse public key failed\n", prog);
goto end;
}
} else if (certfile) {
if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1
|| x509_cert_get_subject_public_key(cert, certlen, &key) != 1) {
|| x509_cert_get_subject_public_key(cert, certlen, &x509_key) != 1) {
fprintf(stderr, "gmssl %s: parse certificate failed\n", prog);
goto end;
}
if (x509_key.algor != OID_ec_public_key
|| x509_key.algor_param != OID_sm2) {
fprintf(stderr, "gmssl %s: invalid cert type\n", prog);
goto end;
}
sm2_key = x509_key.u.sm2_key;
} else {
fprintf(stderr, "gmssl %s: '-pubkey' or '-cert' option required\n", prog);
goto end;
}
if (sm2_verify_init(&verify_ctx, &key, id, strlen(id)) != 1) {
if (sm2_verify_init(&verify_ctx, &sm2_key, id, strlen(id)) != 1) {
fprintf(stderr, "gmssl %s: inner error\n", prog);
goto end;
}