abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add XMSS/XMSS^MT OID

Browse Source
This commit is contained in:
Zhi Guan
2025-12-10 08:56:27 +08:00
parent 4db8dfa263
commit 4791a30466
2 changed files with 53 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/gmssl/oid.h
View File

@@ -175,6 +175,8 @@ enum {
OID_cms_key_agreement_info, OID_cms_key_agreement_info,
OID_hss_lms_hashsig, // LMS/HSS public key OID_hss_lms_hashsig, // LMS/HSS public key
OID_xmss_hashsig,
OID_xmssmt_hashsig,
}; };
// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)} // {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
@@ -183,6 +185,7 @@ enum {
#define oid_pe oid_pkix,1 #define oid_pe oid_pkix,1
#define oid_qt oid_pkix,2 #define oid_qt oid_pkix,2
#define oid_kp oid_pkix,3 #define oid_kp oid_pkix,3
#define oid_alg oid_pkix,6
#define oid_ad oid_pkix,48 #define oid_ad oid_pkix,48
// {iso(1) member-body(2) us(840) rsadsi(113549)} // {iso(1) member-body(2) us(840) rsadsi(113549)}

53
src/x509_alg.c
View File

@@ -264,11 +264,19 @@ from RFC 9708
id-alg-hss-lms-hashsig OBJECT IDENTIFIER ::= { id-alg-hss-lms-hashsig OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) alg(3) 17 pkcs-9(9) smime(16) alg(3) 17 }
}
id-alg-xmss-hashsig OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) 34 }
id-alg-xmssmt-hashsig OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) algorithms(6) 35 }
*/ */
static uint32_t oid_hss_lms_hashsig[] = { oid_pkcs,9,16,3,17 }; static uint32_t oid_hss_lms_hashsig[] = { oid_pkcs,9,16,3,17 };
static uint32_t oid_xmss_hashsig[] = { oid_alg, 34 };
static uint32_t oid_xmssmt_hashsig[] = { oid_alg, 35 };
/* /*
from RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography from RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
@@ -358,6 +366,10 @@ static const ASN1_OID_INFO x509_sign_algors[] = {
#ifdef ENABLE_LMS_HSS #ifdef ENABLE_LMS_HSS
{ OID_hss_lms_hashsig, "hss-lms-hashsig", oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), 1 }, { OID_hss_lms_hashsig, "hss-lms-hashsig", oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), 1 },
#endif #endif
#ifdef ENABLE_XMSS
{ OID_xmss_hashsig, "xmss-hashsig", oid_xmss_hashsig, sizeof(oid_xmss_hashsig)/sizeof(int), 1 },
{ OID_xmssmt_hashsig, "xmssmt-hashsig", oid_xmssmt_hashsig, sizeof(oid_xmssmt_hashsig)/sizeof(int), 1 },
#endif
}; };
static const int x509_sign_algors_count = static const int x509_sign_algors_count =
@@ -578,6 +590,10 @@ static const ASN1_OID_INFO x509_public_key_algors[] = {
#ifdef ENABLE_LMS_HSS #ifdef ENABLE_LMS_HSS
{ OID_hss_lms_hashsig, "hss-lms-hashsig", oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), 0, "HSS/LMS HashSig" }, { OID_hss_lms_hashsig, "hss-lms-hashsig", oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), 0, "HSS/LMS HashSig" },
#endif #endif
#ifdef ENABLE_XMSS
{ OID_xmss_hashsig, "xmss-hashsig", oid_xmss_hashsig, sizeof(oid_xmss_hashsig)/sizeof(int), 1 },
{ OID_xmssmt_hashsig, "xmssmt-hashsig", oid_xmssmt_hashsig, sizeof(oid_xmssmt_hashsig)/sizeof(int), 1 },
#endif
}; };
static const int x509_public_key_algors_count = static const int x509_public_key_algors_count =
@@ -629,6 +645,7 @@ int x509_public_key_algor_to_der(int oid, int curve_or_null, uint8_t **out, size
} }
break; break;
#ifdef ENABLE_LMS_HSS #ifdef ENABLE_LMS_HSS
// TODO: rsa, hss/lms, xmss/xmss^mt OID encoding is similar, reduce code size
case OID_hss_lms_hashsig: case OID_hss_lms_hashsig:
if (asn1_object_identifier_to_der(oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), NULL, &len) != 1 if (asn1_object_identifier_to_der(oid_hss_lms_hashsig, sizeof(oid_hss_lms_hashsig)/sizeof(int), NULL, &len) != 1
|| asn1_null_to_der(NULL, &len) != 1 || asn1_null_to_der(NULL, &len) != 1
@@ -639,6 +656,28 @@ int x509_public_key_algor_to_der(int oid, int curve_or_null, uint8_t **out, size
return -1; return -1;
} }
break; break;
#endif
#ifdef ENABLE_XMSS
case OID_xmss_hashsig:
if (asn1_object_identifier_to_der(oid_xmss_hashsig, sizeof(oid_xmss_hashsig)/sizeof(int), NULL, &len) != 1
|| asn1_null_to_der(NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|| asn1_object_identifier_to_der(oid_xmss_hashsig, sizeof(oid_xmss_hashsig)/sizeof(int), out, outlen) != 1
|| asn1_null_to_der(out, outlen) != 1) {
error_print();
return -1;
}
break;
case OID_xmssmt_hashsig:
if (asn1_object_identifier_to_der(oid_xmssmt_hashsig, sizeof(oid_xmssmt_hashsig)/sizeof(int), NULL, &len) != 1
|| asn1_null_to_der(NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|| asn1_object_identifier_to_der(oid_xmssmt_hashsig, sizeof(oid_xmssmt_hashsig)/sizeof(int), out, outlen) != 1
|| asn1_null_to_der(out, outlen) != 1) {
error_print();
return -1;
}
break;
#endif #endif
default: default:
error_print(); error_print();
@@ -676,6 +715,10 @@ int x509_public_key_algor_from_der(int *oid , int *curve_or_null, const uint8_t
case OID_rsa_encryption: case OID_rsa_encryption:
#ifdef ENABLE_LMS_HSS #ifdef ENABLE_LMS_HSS
case OID_hss_lms_hashsig: case OID_hss_lms_hashsig:
#endif
#ifdef ENABLE_XMSS
case OID_xmss_hashsig:
case OID_xmssmt_hashsig:
#endif #endif
if ((*curve_or_null = asn1_null_from_der(&d, &dlen)) < 0 if ((*curve_or_null = asn1_null_from_der(&d, &dlen)) < 0
|| asn1_length_is_zero(dlen) != 1) { || asn1_length_is_zero(dlen) != 1) {
@@ -709,6 +752,10 @@ int x509_public_key_algor_print(FILE *fp, int fmt, int ind, const char *label, c
case OID_rsa_encryption: case OID_rsa_encryption:
#ifdef ENABLE_LMS_HSS #ifdef ENABLE_LMS_HSS
case OID_hss_lms_hashsig: case OID_hss_lms_hashsig:
#endif
#ifdef ENABLE_XMSS
case OID_xmss_hashsig:
case OID_xmssmt_hashsig:
#endif #endif
if ((val = asn1_null_from_der(&d, &dlen)) < 0) goto err; if ((val = asn1_null_from_der(&d, &dlen)) < 0) goto err;
else if (val) format_print(fp, fmt, ind, "parameters: %s\n", asn1_null_name()); else if (val) format_print(fp, fmt, ind, "parameters: %s\n", asn1_null_name());