Revert "修改License"

This reverts commit 0b4308b948.

include/gmssl/aes.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,85 +7,84 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_AES_H
-#define GMSSL_AES_H
-
-#include <stdint.h>
-#include <stdlib.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-#define AES128_KEY_BITS		128
-#define AES192_KEY_BITS		192
-#define AES256_KEY_BITS		256
-
-#define AES128_KEY_SIZE		(AES128_KEY_BITS/8)
-#define AES192_KEY_SIZE		(AES192_KEY_BITS/8)
-#define AES256_KEY_SIZE		(AES256_KEY_BITS/8)
-
-#define AES_BLOCK_SIZE		16
-
-#define AES128_ROUNDS		10
-#define AES192_ROUNDS		12
-#define AES256_ROUNDS		14
-#define AES_MAX_ROUNDS		AES256_ROUNDS
-
-
-typedef struct {
-	uint32_t rk[4 * (AES_MAX_ROUNDS + 1)];
-	size_t rounds;
-} AES_KEY;
-
-int aes_set_encrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
-int aes_set_decrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
-void aes_encrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
-void aes_decrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
-
-
-void aes_cbc_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
-	const uint8_t *in, size_t nblocks, uint8_t *out);
-void aes_cbc_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
-	const uint8_t *in, size_t nblocks, uint8_t *out);
-int aes_cbc_padding_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
-	const uint8_t *in, size_t inlen,
-	uint8_t *out, size_t *outlen);
-int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
-	const uint8_t *in, size_t inlen,
-	uint8_t *out, size_t *outlen);
-
-void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[AES_BLOCK_SIZE],
-	const uint8_t *in, size_t inlen, uint8_t *out);
-#define aes_ctr_decrypt(key,ctr,in,inlen,out) aes_ctr_encrypt(key,ctr,in,inlen,out)
-
-
-#define AES_GCM_IV_MIN_SIZE		1
-#define AES_GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
-#define AES_GCM_IV_DEFAULT_BITS		96
-#define AES_GCM_IV_DEFAULT_SIZE		12
-
-#define AES_GCM_MIN_AAD_SIZE		0
-#define AES_GCM_MAX_AAD_SIZE		((uint64_t)(1 << (64-3)))
-
-#define AES_GCM_MIN_PLAINTEXT_SIZE	0
-#define AES_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
-
-#define AES_GCM_MAX_TAG_SIZE		16
-
-int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
-	uint8_t *out, size_t taglen, uint8_t *tag);
-int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
-	const uint8_t *tag, size_t taglen, uint8_t *out);
-
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_AES_H
+#define GMSSL_AES_H
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+#define AES128_KEY_BITS		128
+#define AES192_KEY_BITS		192
+#define AES256_KEY_BITS		256
+
+#define AES128_KEY_SIZE		(AES128_KEY_BITS/8)
+#define AES192_KEY_SIZE		(AES192_KEY_BITS/8)
+#define AES256_KEY_SIZE		(AES256_KEY_BITS/8)
+
+#define AES_BLOCK_SIZE		16
+
+#define AES128_ROUNDS		10
+#define AES192_ROUNDS		12
+#define AES256_ROUNDS		14
+#define AES_MAX_ROUNDS		AES256_ROUNDS
+
+
+typedef struct {
+	uint32_t rk[4 * (AES_MAX_ROUNDS + 1)];
+	size_t rounds;
+} AES_KEY;
+
+int aes_set_encrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
+int aes_set_decrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
+void aes_encrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
+void aes_decrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
+
+
+void aes_cbc_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t nblocks, uint8_t *out);
+void aes_cbc_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t nblocks, uint8_t *out);
+int aes_cbc_padding_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t *outlen);
+int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t *outlen);
+
+void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen, uint8_t *out);
+#define aes_ctr_decrypt(key,ctr,in,inlen,out) aes_ctr_encrypt(key,ctr,in,inlen,out)
+
+
+#define AES_GCM_IV_MIN_SIZE		1
+#define AES_GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
+#define AES_GCM_IV_DEFAULT_BITS		96
+#define AES_GCM_IV_DEFAULT_SIZE		12
+
+#define AES_GCM_MIN_AAD_SIZE		0
+#define AES_GCM_MAX_AAD_SIZE		((uint64_t)(1 << (64-3)))
+
+#define AES_GCM_MIN_PLAINTEXT_SIZE	0
+#define AES_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
+
+#define AES_GCM_MAX_TAG_SIZE		16
+
+int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t taglen, uint8_t *tag);
+int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

include/gmssl/asn1.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,272 +7,271 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_ASN1_H
-#define GMSSL_ASN1_H
-
-#include <time.h>
-#include <stdlib.h>
-#include <stdint.h>
-
-#if __cplusplus
-extern "C" {
-#endif
-
-
-#define ASN1_TAG_UNIVERSAL		0x00
-#define ASN1_TAG_APPLICATION		0x40
-#define ASN1_TAG_CONTENT_SPECIFIC	0x80
-#define ASN1_TAG_PRIVATE		0xC0
-#define ASN1_TAG_PRIMITIVE		0x00
-#define ASN1_TAG_CONSTRUCTED		0x20
-
-#define ASN1_TAG_IMPLICIT(index)	(ASN1_TAG_CONTENT_SPECIFIC|(index))
-#define ASN1_TAG_EXPLICIT(index)	ASN1_TAG_IMPLICIT(ASN1_TAG_CONSTRUCTED|(index))
-
-
-#define ASN1_FMT_FULL	0x01
-
-
-enum ASN1_TAG {
-	ASN1_TAG_BOOLEAN		= 1,
-	ASN1_TAG_INTEGER		= 2,
-	ASN1_TAG_BIT_STRING		= 3,
-	ASN1_TAG_OCTET_STRING		= 4,
-	ASN1_TAG_NULL			= 5,
-	ASN1_TAG_OBJECT_IDENTIFIER	= 6,
-	ASN1_TAG_ObjectDescriptor	= 7,
-	ASN1_TAG_EXTERNAL		= 8,
-	ASN1_TAG_REAL			= 9,
-	ASN1_TAG_ENUMERATED		= 10, // 0x0A
-	ASN1_TAG_EMBEDDED		= 11, // 0x0B
-	ASN1_TAG_UTF8String		= 12, // 0x0C
-	ASN1_TAG_RELATIVE_OID		= 13, // 0x0D
-	ASN1_TAG_NumericString		= 18, // 0x12
-	ASN1_TAG_PrintableString	= 19, // 0x13, printable subset of ascii
-	ASN1_TAG_TeletexString		= 20, // 0x14, T61String
-	ASN1_TAG_VideotexString		= 21, // 0x15
-	ASN1_TAG_IA5String		= 22, // 0x16, 7-bit ascii
-	ASN1_TAG_UTCTime		= 23, // 0x17
-	ASN1_TAG_GeneralizedTime	= 24, // 0x18
-	ASN1_TAG_GraphicString		= 25, // 0x19
-	ASN1_TAG_VisibleString		= 26, // 0x20
-	ASN1_TAG_GeneralString		= 27, // 0x21
-	ASN1_TAG_UniversalString	= 28, // 0x22
-	ASN1_TAG_CHARACTER_STRING	= 29, // 0x23
-	ASN1_TAG_BMPString		= 30, // 0x24, 2-byte unicode with zeros
-	ASN1_TAG_SEQUENCE		= 0x30,
-	ASN1_TAG_SET			= 0x31,
-	ASN1_TAG_EXPLICIT		= 0xa0,
-};
-
-const char *asn1_tag_name(int tag);
-int asn1_tag_to_der(int tag, uint8_t **out, size_t *outlen);
-int asn1_tag_from_der(int tag, const uint8_t **in, size_t *inlen);
-int asn1_any_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
-int asn1_tag_get(int *tag, const uint8_t **in, size_t *inlen); // 尝试读取下一个tag，但是并不修改in,inlen
-int asn1_tag_is_cstring(int tag);
-int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen);
-int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen);
-int asn1_length_is_zero(size_t len);
-int asn1_length_le(size_t len1, size_t len2); // less than
-int asn1_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int asn1_data_from_der(const uint8_t **d, size_t dlen, const uint8_t **in, size_t *inlen);
-
-int asn1_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
-int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV
-
-const char *asn1_boolean_name(int val);
-int asn1_boolean_from_name(int *val, const char *name);
-int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen);
-int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen);
-#define asn1_boolean_to_der(val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen)
-#define asn1_boolean_from_der(val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_BOOLEAN,val,in,inlen)
-#define asn1_implicit_boolean_to_der(i,val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
-#define asn1_implicit_boolean_from_der(i,val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
-
-// asn1_integer_ 不支持负数编解码
-int asn1_integer_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-#define asn1_integer_to_der(d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen)
-#define asn1_integer_from_der(d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_INTEGER,d,dlen,in,inlen)
-#define asn1_implicit_integer_to_der(i,d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_integer_from_der(i,d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
-
-// asn1_int_ 只支持小的无符号整数的编解码，不支持负数
-int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // 当 val == -1 时，不输出，返回 0
-int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // 不支持负数，返回0时 *val 设置为 -1
-#define asn1_int_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen)
-#define asn1_int_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen)
-#define asn1_implicit_int_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
-#define asn1_implicit_int_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
-
-// 比特长度不必须为8的整数倍
-int asn1_bit_string_to_der_ex(int tag, const uint8_t *d, size_t nbits, uint8_t **out, size_t *outlen);
-int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const uint8_t **in, size_t *inlen);
-#define asn1_bit_string_to_der(d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen)
-#define asn1_bit_string_from_der(d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_BIT_STRING,d,nbits,in,inlen)
-#define asn1_implicit_bit_string_to_der(i,d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,out,outlen)
-#define asn1_implicit_bit_string_from_der(i,d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,in,inlen)
-
-// 比特长度必须为8的整数倍，因此使用字节长度
-int asn1_bit_octets_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-#define asn1_bit_octets_to_der(d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
-#define asn1_bit_octets_from_der(d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_BIT_STRING,d,dlen,in,inlen)
-#define asn1_implicit_bit_octets_to_der(i,d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_bit_octets_from_der(i,d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
-
-// bits == -1 不编码，只支持较少的比特数量
-int asn1_bits_to_der_ex(int tag, int bits, uint8_t **out, size_t *outlen);
-int asn1_bits_from_der_ex(int tag, int *bits, const uint8_t **in, size_t *inlen);
-#define asn1_bits_to_der(bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,bits,out,outlen)
-#define asn1_bits_from_der(bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,bits,in,inlen)
-#define asn1_implicit_bits_to_der(i,bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(i),bits,out,outlen)
-#define asn1_implicit_bits_from_der(i,bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(i),bits,in,inlen)
-// names[i]对应第i个比特
-int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **names, size_t names_cnt, int bits);
-
-#define asn1_octet_string_to_der_ex(tag,d,dlen,out,outlen) asn1_type_to_der(tag,d,dlen,out,outlen)
-#define asn1_octet_string_from_der_ex(tag,d,dlen,in,inlen) asn1_type_from_der(tag,d,dlen,in,inlen)
-#define asn1_octet_string_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_OCTET_STRING,d,dlen,out,outlen)
-#define asn1_octet_string_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_OCTET_STRING,d,dlen,in,inlen)
-#define asn1_implicit_octet_string_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_octet_string_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
-
-const char *asn1_null_name(void);
-int asn1_null_to_der(uint8_t **out, size_t *outlen);
-int asn1_null_from_der(const uint8_t **in, size_t *inlen);
-
-#define ASN1_OID_MAX_NODES 32
-int asn1_object_identifier_to_octets(const uint32_t *nodes, size_t nodes_cnt, uint8_t *out, size_t *outlen);
-int asn1_object_identifier_from_octets(uint32_t *nodes, size_t *nodes_cnt, const uint8_t *in, size_t inlen);
-
-int asn1_object_identifier_equ(const uint32_t *a, size_t a_cnt, const uint32_t *b, size_t b_cnt);
-int asn1_object_identifier_to_der_ex(int tag, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
-int asn1_object_identifier_from_der_ex(int tag, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
-#define asn1_object_identifier_to_der(nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,out,outlen)
-#define asn1_object_identifier_from_der(nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,in,inlen)
-#define asn1_implicit_object_identifier_to_der(i,nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,out,outlen)
-#define asn1_implicit_object_identifier_from_der(i,nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,in,inlen)
-int asn1_object_identifier_print(FILE *fp, int fmt, int ind, const char *label, const char *name,
-	const uint32_t *nodes, size_t nodes_cnt);
-
-#define asn1_enumerated_to_der_ex(tag,val,out,outlen) asn1_int_to_der_ex(tag,val,out,outlen)
-#define asn1_enumerated_from_der_ex(tag,val,in,inlen) asn1_int_from_der_ex(tag,val,in,inlen)
-#define asn1_enumerated_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen)
-#define asn1_enumerated_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_ENUMERATED,val,in,inlen)
-#define asn1_implicit_enumerated_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
-#define asn1_implicit_enumerated_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
-
-int asn1_utf8_string_check(const char *d, size_t dlen);
-int asn1_utf8_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
-int asn1_utf8_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-#define asn1_utf8_string_to_der(d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_UTF8String,d,dlen,out,outlen)
-#define asn1_utf8_string_from_der(d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_UTF8String,d,dlen,in,inlen)
-#define asn1_implicit_utf8_string_to_der(i,d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_utf8_string_from_der(i,d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
-
-int asn1_printable_string_check(const char *d, size_t dlen);
-int asn1_printable_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
-int asn1_printable_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-#define asn1_printable_string_to_der(d,dlen,out,outlen)	asn1_printable_string_to_der_ex(ASN1_TAG_PrintableString,d,dlen,out,outlen)
-#define asn1_printable_string_from_der(d,dlen,in,inlen)	asn1_printable_string_from_der_ex(ASN1_TAG_PrintableString,d,dlen,in,inlen)
-#define asn1_implicit_printable_string_to_der(i,d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_printable_string_from_der(i,d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
-
-int asn1_ia5_string_check(const char *d, size_t dlen);
-int asn1_ia5_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
-int asn1_ia5_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-#define asn1_ia5_string_to_der(d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IA5String,d,dlen,out,outlen)
-#define asn1_ia5_string_from_der(d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IA5String,d,dlen,in,inlen)
-#define asn1_implicit_ia5_string_to_der(i,d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_ia5_string_from_der(i,d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
-
-int asn1_string_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
-
-#define ASN1_UTC_TIME_LEN		(sizeof("YYMMDDHHMMSSZ")-1)
-#define ASN1_GENERALIZED_TIME_LEN	(sizeof("YYYYMMDDHHMMSSZ")-1)
-
-int asn1_utc_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
-int asn1_utc_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
-#define asn1_utc_time_to_der(tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,tv,out,outlen)
-#define asn1_utc_time_from_der(tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_UTCTime,tv,in,inlen)
-#define asn1_implicit_utc_time_to_der(i,tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
-#define asn1_implicit_utc_time_from_der(i,tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
-
-int asn1_generalized_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
-int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
-#define asn1_generalized_time_to_der(tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_GeneralizedTime,tv,out,outlen)
-#define asn1_generalized_time_from_der(tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_GeneralizedTime,tv,in,inlen)
-#define asn1_implicit_generalized_time_to_der(i,tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
-#define asn1_implicit_generalized_time_from_der(i,tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
-
-#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
-#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
-#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
-
-#define asn1_set_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
-#define asn1_set_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
-#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
-
-#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
-
-int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);
-#define asn1_implicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
-
-#define asn1_octet_string_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_OCTET_STRING,dlen,out,outlen)
-
-#define asn1_sequence_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SEQUENCE,dlen,out,outlen)
-#define asn1_implicit_sequence_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
-
-#define asn1_set_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SET,dlen,out,outlen)
-#define asn1_implicit_set_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
-
-#define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
-
-#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
-#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
-
-// d,dlen 是 SEQUENCE OF, SET OF 中的值
-int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt);
-int asn1_types_get_item_by_index(const uint8_t *d, size_t *dlen, int tag,
-	int index, const uint8_t **item_d, size_t *item_dlen);
-
-int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
-int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, const uint8_t **in, size_t *inlen);
-int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-typedef struct {
-	int oid;
-	char *name;
-	uint32_t *nodes;
-	size_t nodes_cnt;
-	int flags;
-	char *description;
-} ASN1_OID_INFO;
-
-const ASN1_OID_INFO *asn1_oid_info_from_name(const ASN1_OID_INFO *infos, size_t count, const char *name);
-const ASN1_OID_INFO *asn1_oid_info_from_oid(const ASN1_OID_INFO *infos, size_t count, int oid);
-int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_cnt,
-	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
-int asn1_oid_info_from_der(const ASN1_OID_INFO **info,
-	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
-
-
-int asn1_check(int expr);
-
-
-#if __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_ASN1_H
+#define GMSSL_ASN1_H
+
+#include <time.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+#if __cplusplus
+extern "C" {
+#endif
+
+
+#define ASN1_TAG_UNIVERSAL		0x00
+#define ASN1_TAG_APPLICATION		0x40
+#define ASN1_TAG_CONTENT_SPECIFIC	0x80
+#define ASN1_TAG_PRIVATE		0xC0
+#define ASN1_TAG_PRIMITIVE		0x00
+#define ASN1_TAG_CONSTRUCTED		0x20
+
+#define ASN1_TAG_IMPLICIT(index)	(ASN1_TAG_CONTENT_SPECIFIC|(index))
+#define ASN1_TAG_EXPLICIT(index)	ASN1_TAG_IMPLICIT(ASN1_TAG_CONSTRUCTED|(index))
+
+
+#define ASN1_FMT_FULL	0x01
+
+
+enum ASN1_TAG {
+	ASN1_TAG_BOOLEAN		= 1,
+	ASN1_TAG_INTEGER		= 2,
+	ASN1_TAG_BIT_STRING		= 3,
+	ASN1_TAG_OCTET_STRING		= 4,
+	ASN1_TAG_NULL			= 5,
+	ASN1_TAG_OBJECT_IDENTIFIER	= 6,
+	ASN1_TAG_ObjectDescriptor	= 7,
+	ASN1_TAG_EXTERNAL		= 8,
+	ASN1_TAG_REAL			= 9,
+	ASN1_TAG_ENUMERATED		= 10, // 0x0A
+	ASN1_TAG_EMBEDDED		= 11, // 0x0B
+	ASN1_TAG_UTF8String		= 12, // 0x0C
+	ASN1_TAG_RELATIVE_OID		= 13, // 0x0D
+	ASN1_TAG_NumericString		= 18, // 0x12
+	ASN1_TAG_PrintableString	= 19, // 0x13, printable subset of ascii
+	ASN1_TAG_TeletexString		= 20, // 0x14, T61String
+	ASN1_TAG_VideotexString		= 21, // 0x15
+	ASN1_TAG_IA5String		= 22, // 0x16, 7-bit ascii
+	ASN1_TAG_UTCTime		= 23, // 0x17
+	ASN1_TAG_GeneralizedTime	= 24, // 0x18
+	ASN1_TAG_GraphicString		= 25, // 0x19
+	ASN1_TAG_VisibleString		= 26, // 0x20
+	ASN1_TAG_GeneralString		= 27, // 0x21
+	ASN1_TAG_UniversalString	= 28, // 0x22
+	ASN1_TAG_CHARACTER_STRING	= 29, // 0x23
+	ASN1_TAG_BMPString		= 30, // 0x24, 2-byte unicode with zeros
+	ASN1_TAG_SEQUENCE		= 0x30,
+	ASN1_TAG_SET			= 0x31,
+	ASN1_TAG_EXPLICIT		= 0xa0,
+};
+
+const char *asn1_tag_name(int tag);
+int asn1_tag_to_der(int tag, uint8_t **out, size_t *outlen);
+int asn1_tag_from_der(int tag, const uint8_t **in, size_t *inlen);
+int asn1_any_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
+int asn1_tag_get(int *tag, const uint8_t **in, size_t *inlen); // 尝试读取下一个tag，但是并不修改in,inlen
+int asn1_tag_is_cstring(int tag);
+int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen);
+int asn1_length_is_zero(size_t len);
+int asn1_length_le(size_t len1, size_t len2); // less than
+int asn1_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_data_from_der(const uint8_t **d, size_t dlen, const uint8_t **in, size_t *inlen);
+
+int asn1_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
+int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV
+
+const char *asn1_boolean_name(int val);
+int asn1_boolean_from_name(int *val, const char *name);
+int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen);
+int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen);
+#define asn1_boolean_to_der(val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen)
+#define asn1_boolean_from_der(val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_BOOLEAN,val,in,inlen)
+#define asn1_implicit_boolean_to_der(i,val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_boolean_from_der(i,val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
+
+// asn1_integer_ 不支持负数编解码
+int asn1_integer_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_integer_to_der(d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen)
+#define asn1_integer_from_der(d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_INTEGER,d,dlen,in,inlen)
+#define asn1_implicit_integer_to_der(i,d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_integer_from_der(i,d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+// asn1_int_ 只支持小的无符号整数的编解码，不支持负数
+int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // 当 val == -1 时，不输出，返回 0
+int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // 不支持负数，返回0时 *val 设置为 -1
+#define asn1_int_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen)
+#define asn1_int_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen)
+#define asn1_implicit_int_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_int_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
+
+// 比特长度不必须为8的整数倍
+int asn1_bit_string_to_der_ex(int tag, const uint8_t *d, size_t nbits, uint8_t **out, size_t *outlen);
+int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const uint8_t **in, size_t *inlen);
+#define asn1_bit_string_to_der(d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen)
+#define asn1_bit_string_from_der(d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_BIT_STRING,d,nbits,in,inlen)
+#define asn1_implicit_bit_string_to_der(i,d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,out,outlen)
+#define asn1_implicit_bit_string_from_der(i,d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,in,inlen)
+
+// 比特长度必须为8的整数倍，因此使用字节长度
+int asn1_bit_octets_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_bit_octets_to_der(d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
+#define asn1_bit_octets_from_der(d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_BIT_STRING,d,dlen,in,inlen)
+#define asn1_implicit_bit_octets_to_der(i,d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_bit_octets_from_der(i,d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+// bits == -1 不编码，只支持较少的比特数量
+int asn1_bits_to_der_ex(int tag, int bits, uint8_t **out, size_t *outlen);
+int asn1_bits_from_der_ex(int tag, int *bits, const uint8_t **in, size_t *inlen);
+#define asn1_bits_to_der(bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,bits,out,outlen)
+#define asn1_bits_from_der(bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,bits,in,inlen)
+#define asn1_implicit_bits_to_der(i,bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(i),bits,out,outlen)
+#define asn1_implicit_bits_from_der(i,bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(i),bits,in,inlen)
+// names[i]对应第i个比特
+int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **names, size_t names_cnt, int bits);
+
+#define asn1_octet_string_to_der_ex(tag,d,dlen,out,outlen) asn1_type_to_der(tag,d,dlen,out,outlen)
+#define asn1_octet_string_from_der_ex(tag,d,dlen,in,inlen) asn1_type_from_der(tag,d,dlen,in,inlen)
+#define asn1_octet_string_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_OCTET_STRING,d,dlen,out,outlen)
+#define asn1_octet_string_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_OCTET_STRING,d,dlen,in,inlen)
+#define asn1_implicit_octet_string_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_octet_string_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+const char *asn1_null_name(void);
+int asn1_null_to_der(uint8_t **out, size_t *outlen);
+int asn1_null_from_der(const uint8_t **in, size_t *inlen);
+
+#define ASN1_OID_MAX_NODES 32
+int asn1_object_identifier_to_octets(const uint32_t *nodes, size_t nodes_cnt, uint8_t *out, size_t *outlen);
+int asn1_object_identifier_from_octets(uint32_t *nodes, size_t *nodes_cnt, const uint8_t *in, size_t inlen);
+
+int asn1_object_identifier_equ(const uint32_t *a, size_t a_cnt, const uint32_t *b, size_t b_cnt);
+int asn1_object_identifier_to_der_ex(int tag, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
+int asn1_object_identifier_from_der_ex(int tag, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
+#define asn1_object_identifier_to_der(nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,out,outlen)
+#define asn1_object_identifier_from_der(nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,in,inlen)
+#define asn1_implicit_object_identifier_to_der(i,nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,out,outlen)
+#define asn1_implicit_object_identifier_from_der(i,nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,in,inlen)
+int asn1_object_identifier_print(FILE *fp, int fmt, int ind, const char *label, const char *name,
+	const uint32_t *nodes, size_t nodes_cnt);
+
+#define asn1_enumerated_to_der_ex(tag,val,out,outlen) asn1_int_to_der_ex(tag,val,out,outlen)
+#define asn1_enumerated_from_der_ex(tag,val,in,inlen) asn1_int_from_der_ex(tag,val,in,inlen)
+#define asn1_enumerated_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen)
+#define asn1_enumerated_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_ENUMERATED,val,in,inlen)
+#define asn1_implicit_enumerated_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_enumerated_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
+
+int asn1_utf8_string_check(const char *d, size_t dlen);
+int asn1_utf8_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_utf8_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_utf8_string_to_der(d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_UTF8String,d,dlen,out,outlen)
+#define asn1_utf8_string_from_der(d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_UTF8String,d,dlen,in,inlen)
+#define asn1_implicit_utf8_string_to_der(i,d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_utf8_string_from_der(i,d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+int asn1_printable_string_check(const char *d, size_t dlen);
+int asn1_printable_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_printable_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_printable_string_to_der(d,dlen,out,outlen)	asn1_printable_string_to_der_ex(ASN1_TAG_PrintableString,d,dlen,out,outlen)
+#define asn1_printable_string_from_der(d,dlen,in,inlen)	asn1_printable_string_from_der_ex(ASN1_TAG_PrintableString,d,dlen,in,inlen)
+#define asn1_implicit_printable_string_to_der(i,d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_printable_string_from_der(i,d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+int asn1_ia5_string_check(const char *d, size_t dlen);
+int asn1_ia5_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_ia5_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_ia5_string_to_der(d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IA5String,d,dlen,out,outlen)
+#define asn1_ia5_string_from_der(d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IA5String,d,dlen,in,inlen)
+#define asn1_implicit_ia5_string_to_der(i,d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_ia5_string_from_der(i,d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+int asn1_string_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
+
+#define ASN1_UTC_TIME_LEN		(sizeof("YYMMDDHHMMSSZ")-1)
+#define ASN1_GENERALIZED_TIME_LEN	(sizeof("YYYYMMDDHHMMSSZ")-1)
+
+int asn1_utc_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
+int asn1_utc_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
+#define asn1_utc_time_to_der(tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,tv,out,outlen)
+#define asn1_utc_time_from_der(tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_UTCTime,tv,in,inlen)
+#define asn1_implicit_utc_time_to_der(i,tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
+#define asn1_implicit_utc_time_from_der(i,tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
+
+int asn1_generalized_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
+int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
+#define asn1_generalized_time_to_der(tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_GeneralizedTime,tv,out,outlen)
+#define asn1_generalized_time_from_der(tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_GeneralizedTime,tv,in,inlen)
+#define asn1_implicit_generalized_time_to_der(i,tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
+#define asn1_implicit_generalized_time_from_der(i,tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
+
+#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
+#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
+#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+
+#define asn1_set_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
+#define asn1_set_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
+#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+
+#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);
+#define asn1_implicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
+
+#define asn1_octet_string_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_OCTET_STRING,dlen,out,outlen)
+
+#define asn1_sequence_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SEQUENCE,dlen,out,outlen)
+#define asn1_implicit_sequence_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
+
+#define asn1_set_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SET,dlen,out,outlen)
+#define asn1_implicit_set_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
+
+#define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
+
+#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+
+// d,dlen 是 SEQUENCE OF, SET OF 中的值
+int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt);
+int asn1_types_get_item_by_index(const uint8_t *d, size_t *dlen, int tag,
+	int index, const uint8_t **item_d, size_t *item_dlen);
+
+int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
+int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, const uint8_t **in, size_t *inlen);
+int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+typedef struct {
+	int oid;
+	char *name;
+	uint32_t *nodes;
+	size_t nodes_cnt;
+	int flags;
+	char *description;
+} ASN1_OID_INFO;
+
+const ASN1_OID_INFO *asn1_oid_info_from_name(const ASN1_OID_INFO *infos, size_t count, const char *name);
+const ASN1_OID_INFO *asn1_oid_info_from_oid(const ASN1_OID_INFO *infos, size_t count, int oid);
+int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_cnt,
+	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
+int asn1_oid_info_from_der(const ASN1_OID_INFO **info,
+	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
+
+
+int asn1_check(int expr);
+
+
+#if __cplusplus
+}
+#endif
+#endif

include/gmssl/base64.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,67 +7,66 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_BASE64_H
-#define GMSSL_BASE64_H
-
-#include <stdint.h>
-#include <stdlib.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-BASE64 Public API
-
-	BASE64_CTX
-	base64_encode_init
-	base64_encode_update
-	base64_encode_finish
-	base64_decode_init
-	base64_decode_update
-	base64_decode_finish
-
-*/
-
-
-typedef struct {
-    /* number saved in a partial encode/decode */
-    int num;
-    /*
-     * The length is either the output line length (in input bytes) or the
-     * shortest input line length that is ok.  Once decoding begins, the
-     * length is adjusted up each time a longer line is decoded
-     */
-    int length;
-    /* data to encode */
-    unsigned char enc_data[80];
-    /* number read on current line */
-    int line_num;
-    int expect_nl;
-} BASE64_CTX;
-
-# define BASE64_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
-# define BASE64_DECODE_LENGTH(l)    ((l+3)/4*3+80)
-
-
-void base64_encode_init(BASE64_CTX *ctx);
-int  base64_encode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
-void base64_encode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
-
-void base64_decode_init(BASE64_CTX *ctx);
-int  base64_decode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
-int  base64_decode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
-
-
-int base64_encode_block(unsigned char *t, const unsigned char *f, int dlen);
-int base64_decode_block(unsigned char *t, const unsigned char *f, int n);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_BASE64_H
+#define GMSSL_BASE64_H
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+BASE64 Public API
+
+	BASE64_CTX
+	base64_encode_init
+	base64_encode_update
+	base64_encode_finish
+	base64_decode_init
+	base64_decode_update
+	base64_decode_finish
+
+*/
+
+
+typedef struct {
+    /* number saved in a partial encode/decode */
+    int num;
+    /*
+     * The length is either the output line length (in input bytes) or the
+     * shortest input line length that is ok.  Once decoding begins, the
+     * length is adjusted up each time a longer line is decoded
+     */
+    int length;
+    /* data to encode */
+    unsigned char enc_data[80];
+    /* number read on current line */
+    int line_num;
+    int expect_nl;
+} BASE64_CTX;
+
+# define BASE64_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
+# define BASE64_DECODE_LENGTH(l)    ((l+3)/4*3+80)
+
+
+void base64_encode_init(BASE64_CTX *ctx);
+int  base64_encode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
+void base64_encode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
+
+void base64_decode_init(BASE64_CTX *ctx);
+int  base64_decode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
+int  base64_decode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
+
+
+int base64_encode_block(unsigned char *t, const unsigned char *f, int dlen);
+int base64_decode_block(unsigned char *t, const unsigned char *f, int n);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/block_cipher.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,69 +7,68 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-
-#ifndef GMSSL_BLOCK_CIPHER_H
-#define GMSSL_BLOCK_CIPHER_H
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/aes.h>
-#include <gmssl/sm4.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define BLOCK_CIPHER_BLOCK_SIZE		16
-#define BLOCK_CIPHER_MIN_KEY_SIZE	16
-#define BLOCK_CIPHER_MAX_KEY_SIZE	32
-
-
-typedef struct BLOCK_CIPHER BLOCK_CIPHER;
-typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY;
-
-struct BLOCK_CIPHER_KEY {
-	union {
-		SM4_KEY sm4_key;
-		AES_KEY aes_key;
-	} u;
-	const BLOCK_CIPHER *cipher;
-};
-
-typedef void (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
-typedef void (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
-typedef void (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
-typedef void (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
-
-struct BLOCK_CIPHER {
-	int oid;
-	size_t key_size;
-	size_t block_size;
-	block_cipher_set_encrypt_key_func set_encrypt_key;
-	block_cipher_set_decrypt_key_func set_decrypt_key;
-	block_cipher_encrypt_func encrypt;
-	block_cipher_decrypt_func decrypt;
-};
-
-const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void);
-const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void);
-
-const BLOCK_CIPHER *block_cipher_from_name(const char *name);
-const char *block_cipher_name(const BLOCK_CIPHER *cipher);
-int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
-int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
-int block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
-int block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+
+#ifndef GMSSL_BLOCK_CIPHER_H
+#define GMSSL_BLOCK_CIPHER_H
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/aes.h>
+#include <gmssl/sm4.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define BLOCK_CIPHER_BLOCK_SIZE		16
+#define BLOCK_CIPHER_MIN_KEY_SIZE	16
+#define BLOCK_CIPHER_MAX_KEY_SIZE	32
+
+
+typedef struct BLOCK_CIPHER BLOCK_CIPHER;
+typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY;
+
+struct BLOCK_CIPHER_KEY {
+	union {
+		SM4_KEY sm4_key;
+		AES_KEY aes_key;
+	} u;
+	const BLOCK_CIPHER *cipher;
+};
+
+typedef void (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
+typedef void (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
+typedef void (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+typedef void (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+
+struct BLOCK_CIPHER {
+	int oid;
+	size_t key_size;
+	size_t block_size;
+	block_cipher_set_encrypt_key_func set_encrypt_key;
+	block_cipher_set_decrypt_key_func set_decrypt_key;
+	block_cipher_encrypt_func encrypt;
+	block_cipher_decrypt_func decrypt;
+};
+
+const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void);
+const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void);
+
+const BLOCK_CIPHER *block_cipher_from_name(const char *name);
+const char *block_cipher_name(const BLOCK_CIPHER *cipher);
+int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
+int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
+int block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+int block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/chacha20.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,52 +7,51 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-/* RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols" */
-
-#ifndef GMSSL_CHACHA20_H
-#define GMSSL_CHACHA20_H
-
-#define CHACHA20_IS_BIG_ENDIAN	0
-
-#include <stdint.h>
-#include <stdlib.h>
-
-#include <string.h>
-
-#define CHACHA20_KEY_BITS	256
-#define CHACHA20_NONCE_BITS	96
-#define CHACHA20_COUNTER_BITS	32
-
-#define CHACHA20_KEY_SIZE	(CHACHA20_KEY_BITS/8)
-#define CHACHA20_NONCE_SIZE	(CHACHA20_NONCE_BITS/8)
-#define CHACHA20_COUNTER_SIZE	(CHACHA20_COUNTER_BITS/8)
-
-#define CHACHA20_KEY_WORDS	(CHACHA20_KEY_SIZE/sizeof(uint32_t))
-#define CHACHA20_NONCE_WORDS	(CHACHA20_NONCE_SIZE/sizeof(uint32_t))
-#define CHACHA20_COUNTER_WORDS	(CHACHA20_COUNTER_SIZE/sizeof(uint32_t))
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-typedef struct {
-	uint32_t d[16];
-} CHACHA20_STATE;
-
-
-void chacha20_init(CHACHA20_STATE *state,
-	const uint8_t key[CHACHA20_KEY_SIZE],
-	const uint8_t nonce[CHACHA20_NONCE_SIZE], uint32_t counter);
-
-void chacha20_generate_keystream(CHACHA20_STATE *state,
-	size_t counts, uint8_t *out);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+/* RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols" */
+
+#ifndef GMSSL_CHACHA20_H
+#define GMSSL_CHACHA20_H
+
+#define CHACHA20_IS_BIG_ENDIAN	0
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <string.h>
+
+#define CHACHA20_KEY_BITS	256
+#define CHACHA20_NONCE_BITS	96
+#define CHACHA20_COUNTER_BITS	32
+
+#define CHACHA20_KEY_SIZE	(CHACHA20_KEY_BITS/8)
+#define CHACHA20_NONCE_SIZE	(CHACHA20_NONCE_BITS/8)
+#define CHACHA20_COUNTER_SIZE	(CHACHA20_COUNTER_BITS/8)
+
+#define CHACHA20_KEY_WORDS	(CHACHA20_KEY_SIZE/sizeof(uint32_t))
+#define CHACHA20_NONCE_WORDS	(CHACHA20_NONCE_SIZE/sizeof(uint32_t))
+#define CHACHA20_COUNTER_WORDS	(CHACHA20_COUNTER_SIZE/sizeof(uint32_t))
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct {
+	uint32_t d[16];
+} CHACHA20_STATE;
+
+
+void chacha20_init(CHACHA20_STATE *state,
+	const uint8_t key[CHACHA20_KEY_SIZE],
+	const uint8_t nonce[CHACHA20_NONCE_SIZE], uint32_t counter);
+
+void chacha20_generate_keystream(CHACHA20_STATE *state,
+	size_t counts, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/des.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,53 +7,52 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-/* FIPS PUB 46-3 "Data Encryption Standard (DES)" */
-
-#ifndef GMSSL_DES_H
-#define GMSSL_DES_H
-
-
-#include <stdint.h>
-#include <stdlib.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define DES_KEY_BITS	56
-#define DES_BLOCK_BITS	64
-#define DES_KEY_SIZE	((DES_KEY_BITS)/7)
-#define DES_BLOCK_SIZE	(DES_BLOCK_BITS/8)
-
-#define DES_RK_BITS	48
-#define DES_RK_SIZE	(DES_RK_BITS/8)
-#define DES_ROUNDS	16
-
-#define DES_EDE_KEY_SIZE	(DES_KEY_SIZE * 3)
-
-typedef struct {
-	uint64_t rk[DES_ROUNDS];
-} DES_KEY;
-
-void des_set_encrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
-void des_set_decrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
-void des_encrypt(DES_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
-
-
-typedef struct {
-	DES_KEY K[3];
-} DES_EDE_KEY;
-
-void des_ede_set_encrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
-void des_ede_set_decrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
-void des_ede_encrypt(DES_EDE_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+/* FIPS PUB 46-3 "Data Encryption Standard (DES)" */
+
+#ifndef GMSSL_DES_H
+#define GMSSL_DES_H
+
+
+#include <stdint.h>
+#include <stdlib.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define DES_KEY_BITS	56
+#define DES_BLOCK_BITS	64
+#define DES_KEY_SIZE	((DES_KEY_BITS)/7)
+#define DES_BLOCK_SIZE	(DES_BLOCK_BITS/8)
+
+#define DES_RK_BITS	48
+#define DES_RK_SIZE	(DES_RK_BITS/8)
+#define DES_ROUNDS	16
+
+#define DES_EDE_KEY_SIZE	(DES_KEY_SIZE * 3)
+
+typedef struct {
+	uint64_t rk[DES_ROUNDS];
+} DES_KEY;
+
+void des_set_encrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
+void des_set_decrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
+void des_encrypt(DES_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
+
+
+typedef struct {
+	DES_KEY K[3];
+} DES_EDE_KEY;
+
+void des_ede_set_encrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
+void des_ede_set_decrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
+void des_ede_encrypt(DES_EDE_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/digest.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,76 +7,75 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_DIGEST_H
-#define GMSSL_DIGEST_H
-
-
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm3.h>
-#include <gmssl/md5.h>
-#include <gmssl/sha1.h>
-#include <gmssl/sha2.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-typedef struct DIGEST DIGEST;
-typedef struct DIGEST_CTX DIGEST_CTX;
-
-
-#define DIGEST_MAX_SIZE		64
-#define DIGEST_MAX_BLOCK_SIZE (1024/8)
-
-
-struct DIGEST_CTX {
-	union {
-		SM3_CTX sm3_ctx;
-//		MD5_CTX md5_ctx;
-		SHA1_CTX sha1_ctx;
-		SHA224_CTX sha224_ctx;
-		SHA256_CTX sha256_ctx;
-		SHA384_CTX sha384_ctx;
-		SHA512_CTX sha512_ctx;
-	} u;
-	const DIGEST *digest;
-};
-
-struct DIGEST {
-	int oid;
-	size_t digest_size;
-	size_t block_size;
-	size_t ctx_size;
-	int (*init)(DIGEST_CTX *ctx);
-	int (*update)(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
-	int (*finish)(DIGEST_CTX *ctx, uint8_t *dgst);
-};
-
-const DIGEST *DIGEST_sm3(void);
-//const DIGEST *DIGEST_md5(void);
-const DIGEST *DIGEST_sha1(void);
-const DIGEST *DIGEST_sha224(void);
-const DIGEST *DIGEST_sha256(void);
-const DIGEST *DIGEST_sha384(void);
-const DIGEST *DIGEST_sha512(void);
-const DIGEST *DIGEST_sha512_224(void);
-const DIGEST *DIGEST_sha512_256(void);
-
-const DIGEST *digest_from_name(const char *name);
-const char *digest_name(const DIGEST *digest);
-int digest_init(DIGEST_CTX *ctx, const DIGEST *algor);
-int digest_update(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
-int digest_finish(DIGEST_CTX *ctx, uint8_t *dgst, size_t *dgstlen);
-int digest(const DIGEST *digest, const uint8_t *data, size_t datalen, uint8_t *dgst, size_t *dgstlen);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_DIGEST_H
+#define GMSSL_DIGEST_H
+
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm3.h>
+#include <gmssl/md5.h>
+#include <gmssl/sha1.h>
+#include <gmssl/sha2.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct DIGEST DIGEST;
+typedef struct DIGEST_CTX DIGEST_CTX;
+
+
+#define DIGEST_MAX_SIZE		64
+#define DIGEST_MAX_BLOCK_SIZE (1024/8)
+
+
+struct DIGEST_CTX {
+	union {
+		SM3_CTX sm3_ctx;
+//		MD5_CTX md5_ctx;
+		SHA1_CTX sha1_ctx;
+		SHA224_CTX sha224_ctx;
+		SHA256_CTX sha256_ctx;
+		SHA384_CTX sha384_ctx;
+		SHA512_CTX sha512_ctx;
+	} u;
+	const DIGEST *digest;
+};
+
+struct DIGEST {
+	int oid;
+	size_t digest_size;
+	size_t block_size;
+	size_t ctx_size;
+	int (*init)(DIGEST_CTX *ctx);
+	int (*update)(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
+	int (*finish)(DIGEST_CTX *ctx, uint8_t *dgst);
+};
+
+const DIGEST *DIGEST_sm3(void);
+//const DIGEST *DIGEST_md5(void);
+const DIGEST *DIGEST_sha1(void);
+const DIGEST *DIGEST_sha224(void);
+const DIGEST *DIGEST_sha256(void);
+const DIGEST *DIGEST_sha384(void);
+const DIGEST *DIGEST_sha512(void);
+const DIGEST *DIGEST_sha512_224(void);
+const DIGEST *DIGEST_sha512_256(void);
+
+const DIGEST *digest_from_name(const char *name);
+const char *digest_name(const DIGEST *digest);
+int digest_init(DIGEST_CTX *ctx, const DIGEST *algor);
+int digest_update(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
+int digest_finish(DIGEST_CTX *ctx, uint8_t *dgst, size_t *dgstlen);
+int digest(const DIGEST *digest, const uint8_t *data, size_t datalen, uint8_t *dgst, size_t *dgstlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/ec.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,59 +7,58 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_EC_H
-#define GMSSL_EC_H
-
-
-#include <time.h>
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-NamedCurve:
-	OID_sm2
-	OID_prime192v1
-	OID_prime256v1
-	OID_secp256k1
-	OID_secp384r1
-	OID_secp521r1
-*/
-const char *ec_named_curve_name(int curve);
-int ec_named_curve_from_name(const char *name);
-int ec_named_curve_to_der(int curve, uint8_t **out, size_t *outlen);
-int ec_named_curve_from_der(int *curve, const uint8_t **in, size_t *inlen);
-
-/*
-ECPoint ::= OCTET STRING -- uncompressed point
-*/
-int ec_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-ECPrivateKey ::= SEQUENCE {
-	version		INTEGER,	-- value MUST be (1)
-	privateKey	OCTET STRING,	-- big endian encoding of integer
-	parameters	[0] EXPLICIT OBJECT IDENTIFIER OPTIONAL, -- namedCurve
-	publicKey	[1] EXPLICIT BIT STRING OPTIONAL -- ECPoint
-}
-*/
-
-enum {
-	EC_private_key_version = 1,
-};
-
-int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_EC_H
+#define GMSSL_EC_H
+
+
+#include <time.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/oid.h>
+#include <gmssl/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+NamedCurve:
+	OID_sm2
+	OID_prime192v1
+	OID_prime256v1
+	OID_secp256k1
+	OID_secp384r1
+	OID_secp521r1
+*/
+const char *ec_named_curve_name(int curve);
+int ec_named_curve_from_name(const char *name);
+int ec_named_curve_to_der(int curve, uint8_t **out, size_t *outlen);
+int ec_named_curve_from_der(int *curve, const uint8_t **in, size_t *inlen);
+
+/*
+ECPoint ::= OCTET STRING -- uncompressed point
+*/
+int ec_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+ECPrivateKey ::= SEQUENCE {
+	version		INTEGER,	-- value MUST be (1)
+	privateKey	OCTET STRING,	-- big endian encoding of integer
+	parameters	[0] EXPLICIT OBJECT IDENTIFIER OPTIONAL, -- namedCurve
+	publicKey	[1] EXPLICIT BIT STRING OPTIONAL -- ECPoint
+}
+*/
+
+enum {
+	EC_private_key_version = 1,
+};
+
+int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/endian.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,73 +7,72 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_ENDIAN_H
-#define GMSSL_ENDIAN_H
-
-
-/* Big Endian R/W */
-
-#define GETU16(p) \
-	((uint16_t)(p)[0] <<  8 | \
-	 (uint16_t)(p)[1])
-
-#define GETU32(p) \
-	((uint32_t)(p)[0] << 24 | \
-	 (uint32_t)(p)[1] << 16 | \
-	 (uint32_t)(p)[2] <<  8 | \
-	 (uint32_t)(p)[3])
-
-#define GETU64(p) \
-	((uint64_t)(p)[0] << 56 | \
-	 (uint64_t)(p)[1] << 48 | \
-	 (uint64_t)(p)[2] << 40 | \
-	 (uint64_t)(p)[3] << 32 | \
-	 (uint64_t)(p)[4] << 24 | \
-	 (uint64_t)(p)[5] << 16 | \
-	 (uint64_t)(p)[6] <<  8 | \
-	 (uint64_t)(p)[7])
-
-
-// 注意：PUTU32(buf, val++) 会出错！
-#define PUTU16(p,V) \
-	((p)[0] = (uint8_t)((V) >> 8), \
-	 (p)[1] = (uint8_t)(V))
-
-#define PUTU32(p,V) \
-	((p)[0] = (uint8_t)((V) >> 24), \
-	 (p)[1] = (uint8_t)((V) >> 16), \
-	 (p)[2] = (uint8_t)((V) >>  8), \
-	 (p)[3] = (uint8_t)(V))
-
-#define PUTU64(p,V) \
-	((p)[0] = (uint8_t)((V) >> 56), \
-	 (p)[1] = (uint8_t)((V) >> 48), \
-	 (p)[2] = (uint8_t)((V) >> 40), \
-	 (p)[3] = (uint8_t)((V) >> 32), \
-	 (p)[4] = (uint8_t)((V) >> 24), \
-	 (p)[5] = (uint8_t)((V) >> 16), \
-	 (p)[6] = (uint8_t)((V) >>  8), \
-	 (p)[7] = (uint8_t)(V))
-
-/* Little Endian R/W */
-
-#define GETU16_LE(p)	(*(const uint16_t *)(p))
-#define GETU32_LE(p)	(*(const uint32_t *)(p))
-#define GETU64_LE(p)	(*(const uint64_t *)(p))
-
-#define PUTU16_LE(p,V)	*(uint16_t *)(p) = (V)
-#define PUTU32_LE(p,V)	*(uint32_t *)(p) = (V)
-#define PUTU64_LE(p,V)	*(uint64_t *)(p) = (V)
-
-/* Rotate */
-
-#define ROL32(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#define ROL64(a,n)	(((a)<<(n))|((a)>>(64-(n))))
-
-#define ROR32(a,n)	ROL32((a),32-(n))
-#define ROR64(a,n)	ROL64(a,64-n)
-
-
-#endif
+
+#ifndef GMSSL_ENDIAN_H
+#define GMSSL_ENDIAN_H
+
+
+/* Big Endian R/W */
+
+#define GETU16(p) \
+	((uint16_t)(p)[0] <<  8 | \
+	 (uint16_t)(p)[1])
+
+#define GETU32(p) \
+	((uint32_t)(p)[0] << 24 | \
+	 (uint32_t)(p)[1] << 16 | \
+	 (uint32_t)(p)[2] <<  8 | \
+	 (uint32_t)(p)[3])
+
+#define GETU64(p) \
+	((uint64_t)(p)[0] << 56 | \
+	 (uint64_t)(p)[1] << 48 | \
+	 (uint64_t)(p)[2] << 40 | \
+	 (uint64_t)(p)[3] << 32 | \
+	 (uint64_t)(p)[4] << 24 | \
+	 (uint64_t)(p)[5] << 16 | \
+	 (uint64_t)(p)[6] <<  8 | \
+	 (uint64_t)(p)[7])
+
+
+// 注意：PUTU32(buf, val++) 会出错！
+#define PUTU16(p,V) \
+	((p)[0] = (uint8_t)((V) >> 8), \
+	 (p)[1] = (uint8_t)(V))
+
+#define PUTU32(p,V) \
+	((p)[0] = (uint8_t)((V) >> 24), \
+	 (p)[1] = (uint8_t)((V) >> 16), \
+	 (p)[2] = (uint8_t)((V) >>  8), \
+	 (p)[3] = (uint8_t)(V))
+
+#define PUTU64(p,V) \
+	((p)[0] = (uint8_t)((V) >> 56), \
+	 (p)[1] = (uint8_t)((V) >> 48), \
+	 (p)[2] = (uint8_t)((V) >> 40), \
+	 (p)[3] = (uint8_t)((V) >> 32), \
+	 (p)[4] = (uint8_t)((V) >> 24), \
+	 (p)[5] = (uint8_t)((V) >> 16), \
+	 (p)[6] = (uint8_t)((V) >>  8), \
+	 (p)[7] = (uint8_t)(V))
+
+/* Little Endian R/W */
+
+#define GETU16_LE(p)	(*(const uint16_t *)(p))
+#define GETU32_LE(p)	(*(const uint32_t *)(p))
+#define GETU64_LE(p)	(*(const uint64_t *)(p))
+
+#define PUTU16_LE(p,V)	*(uint16_t *)(p) = (V)
+#define PUTU32_LE(p,V)	*(uint32_t *)(p) = (V)
+#define PUTU64_LE(p,V)	*(uint64_t *)(p) = (V)
+
+/* Rotate */
+
+#define ROL32(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#define ROL64(a,n)	(((a)<<(n))|((a)>>(64-(n))))
+
+#define ROR32(a,n)	ROL32((a),32-(n))
+#define ROR64(a,n)	ROL64(a,64-n)
+
+
+#endif

include/gmssl/error.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,59 +7,58 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_ERROR_H
-#define GMSSL_ERROR_H
-
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define GMSSL_FMT_BIN	1
-#define GMSSL_FMT_HEX	2
-#define GMSSL_FMT_DER	4
-#define GMSSL_FMT_PEM	8
-
-
-
-#define DEBUG 1
-
-#define error_print() \
-	do { if (DEBUG) fprintf(stderr, "%s:%d:%s():\n",__FILE__, __LINE__, __func__); } while (0)
-
-#define error_print_msg(fmt, ...) \
-	do { if (DEBUG) fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, __func__, __VA_ARGS__); } while (0)
-
-#define error_puts(str) \
-            do { if (DEBUG) fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, __func__, str); } while (0)
-
-
-void print_der(const uint8_t *in, size_t inlen);
-void print_bytes(const uint8_t *in, size_t inlen);
-void print_nodes(const uint32_t *in, size_t inlen);
-
-#define FMT_CARRAY 0x80
-
-
-int format_print(FILE *fp, int format, int indent, const char *str, ...);
-int format_bytes(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
-int format_string(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
-
-
-
-//int tls_trace(int format, int indent, const char *str, ...);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_ERROR_H
+#define GMSSL_ERROR_H
+
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define GMSSL_FMT_BIN	1
+#define GMSSL_FMT_HEX	2
+#define GMSSL_FMT_DER	4
+#define GMSSL_FMT_PEM	8
+
+
+
+#define DEBUG 1
+
+#define error_print() \
+	do { if (DEBUG) fprintf(stderr, "%s:%d:%s():\n",__FILE__, __LINE__, __func__); } while (0)
+
+#define error_print_msg(fmt, ...) \
+	do { if (DEBUG) fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, __func__, __VA_ARGS__); } while (0)
+
+#define error_puts(str) \
+            do { if (DEBUG) fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, __func__, str); } while (0)
+
+
+void print_der(const uint8_t *in, size_t inlen);
+void print_bytes(const uint8_t *in, size_t inlen);
+void print_nodes(const uint32_t *in, size_t inlen);
+
+#define FMT_CARRAY 0x80
+
+
+int format_print(FILE *fp, int format, int indent, const char *str, ...);
+int format_bytes(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
+int format_string(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
+
+
+
+//int tls_trace(int format, int indent, const char *str, ...);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/gcm.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,54 +7,53 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_GCM_H
-#define GMSSL_GCM_H
-
-
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-#include <gmssl/gf128.h>
-#include <gmssl/block_cipher.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define GCM_IV_MIN_SIZE		1
-#define GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
-#define GCM_IV_DEFAULT_BITS	96
-#define GCM_IV_DEFAULT_SIZE	12
-
-#define GCM_MIN_AAD_SIZE	0
-#define GCM_MAX_AAD_SIZE	((uint64_t)(1 << (64-3)))
-
-#define GCM_MIN_PLAINTEXT_SIZE	0
-#define GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
-
-
-#define GHASH_SIZE		(16)
-
-
-#define GCM_IS_LITTLE_ENDIAN 1
-
-
-void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen,
-	const uint8_t *c, size_t clen, uint8_t out[16]);
-
-int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
-	uint8_t *out, size_t taglen, uint8_t *tag);
-
-int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
-	const uint8_t *tag, size_t taglen, uint8_t *out);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_GCM_H
+#define GMSSL_GCM_H
+
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <gmssl/gf128.h>
+#include <gmssl/block_cipher.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define GCM_IV_MIN_SIZE		1
+#define GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
+#define GCM_IV_DEFAULT_BITS	96
+#define GCM_IV_DEFAULT_SIZE	12
+
+#define GCM_MIN_AAD_SIZE	0
+#define GCM_MAX_AAD_SIZE	((uint64_t)(1 << (64-3)))
+
+#define GCM_MIN_PLAINTEXT_SIZE	0
+#define GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
+
+
+#define GHASH_SIZE		(16)
+
+
+#define GCM_IS_LITTLE_ENDIAN 1
+
+
+void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen,
+	const uint8_t *c, size_t clen, uint8_t out[16]);
+
+int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t taglen, uint8_t *tag);
+
+int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/gf128.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,48 +7,47 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-/* GF(2^128) defined by f(x) = x^128 + x^7 + x^2 + x + 1
- * A + B mod f(x) = a xor b
- * A * 2 mod f(x)
- */
-
-#ifndef GMSSL_GF128_H
-#define GMSSL_GF128_H
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdint.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-//typedef unsigned __int128 gf128_t;
-
-typedef struct {
-	uint64_t hi;
-	uint64_t lo;
-} gf128_t;
-
-
-// Note: send by value is comptabile with uint128_t and sse2
-gf128_t gf128_from_hex(const char *s);
-int gf128_equ_hex(gf128_t a, const char *s);
-gf128_t gf128_zero(void);
-gf128_t gf128_add(gf128_t a, gf128_t b);
-gf128_t gf128_mul(gf128_t a, gf128_t b);
-gf128_t gf128_mul2(gf128_t a);
-gf128_t gf128_from_bytes(const uint8_t p[16]);
-void gf128_to_bytes(gf128_t a, uint8_t p[16]);
-int gf128_print(FILE *fp, int fmt ,int ind, const char *label, gf128_t a);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+/* GF(2^128) defined by f(x) = x^128 + x^7 + x^2 + x + 1
+ * A + B mod f(x) = a xor b
+ * A * 2 mod f(x)
+ */
+
+#ifndef GMSSL_GF128_H
+#define GMSSL_GF128_H
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//typedef unsigned __int128 gf128_t;
+
+typedef struct {
+	uint64_t hi;
+	uint64_t lo;
+} gf128_t;
+
+
+// Note: send by value is comptabile with uint128_t and sse2
+gf128_t gf128_from_hex(const char *s);
+int gf128_equ_hex(gf128_t a, const char *s);
+gf128_t gf128_zero(void);
+gf128_t gf128_add(gf128_t a, gf128_t b);
+gf128_t gf128_mul(gf128_t a, gf128_t b);
+gf128_t gf128_mul2(gf128_t a);
+gf128_t gf128_from_bytes(const uint8_t p[16]);
+void gf128_to_bytes(gf128_t a, uint8_t p[16]);
+int gf128_print(FILE *fp, int fmt ,int ind, const char *label, gf128_t a);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/hash_drbg.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,74 +7,73 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-/* NIST SP800-90A Rev.1 "Recommendation for Random Number Generation
- * Using Deterministic Random Bit Generators", 10.1.1 Hash_DRBG */
-
-#ifndef GMSSL_HASH_DRBG_H
-#define GMSSL_HASH_DRBG_H
-
-
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/digest.h>
-
-
-/* seedlen for hash_drgb, table 2 of nist sp 800-90a rev.1 */
-#define HASH_DRBG_SM3_SEED_BITS		440 /* 55 bytes */
-#define HASH_DRBG_SHA1_SEED_BITS	440
-#define HASH_DRBG_SHA224_SEED_BITS	440
-#define HASH_DRBG_SHA512_224_SEED_BITS	440
-#define HASH_DRBG_SHA256_SEED_BITS	440
-#define HASH_DRBG_SHA512_256_SEED_BITS	440
-#define HASH_DRBG_SHA384_SEED_BITS	888 /* 110 bytes */
-#define HASH_DRBG_SHA512_SEED_BITS	888
-#define HASH_DRBG_MAX_SEED_BITS		888
-
-#define HASH_DRBG_SM3_SEED_SIZE		(HASH_DRBG_SM3_SEED_BITS/8)
-#define HASH_DRBG_SHA1_SEED_SIZE	(HASH_DRBG_SHA1_SEED_BITS/8)
-#define HASH_DRBG_SHA224_SEED_SIZE	(HASH_DRBG_SHA224_SEED_BITS/8)
-#define HASH_DRBG_SHA512_224_SEED_SIZE	(HASH_DRBG_SHA512_224_SEED_BITS/8)
-#define HASH_DRBG_SHA256_SEED_SIZE	(HASH_DRBG_SHA256_SEED_BITS/8)
-#define HASH_DRBG_SHA512_256_SEED_SIZE	(HASH_DRBG_SHA512_256_SEED_BITS/8)
-#define HASH_DRBG_SHA384_SEED_SIZE	(HASH_DRBG_SHA384_SEED_BITS/8)
-#define HASH_DRBG_SHA512_SEED_SIZE	(HASH_DRBG_SHA512_SEED_BITS/8)
-#define HASH_DRBG_MAX_SEED_SIZE		(HASH_DRBG_MAX_SEED_BITS/8)
-
-#define HASH_DRBG_RESEED_INTERVAL	((uint64_t)1 << 48)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-typedef struct {
-	const DIGEST *digest;
-	uint8_t V[HASH_DRBG_MAX_SEED_SIZE];
-	uint8_t C[HASH_DRBG_MAX_SEED_SIZE];
-	size_t seedlen;
-	uint64_t reseed_counter;
-} HASH_DRBG;
-
-
-int hash_drbg_init(HASH_DRBG *drbg,
-	const DIGEST *digest,
-	const uint8_t *entropy, size_t entropy_len,
-	const uint8_t *nonce, size_t nonce_len,
-	const uint8_t *personalstr, size_t personalstr_len);
-
-int hash_drbg_reseed(HASH_DRBG *drbg,
-	const uint8_t *entropy, size_t entropy_len,
-	const uint8_t *additional, size_t additional_len);
-
-int hash_drbg_generate(HASH_DRBG *drbg,
-	const uint8_t *additional, size_t additional_len,
-	size_t outlen, uint8_t *out);
-
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+/* NIST SP800-90A Rev.1 "Recommendation for Random Number Generation
+ * Using Deterministic Random Bit Generators", 10.1.1 Hash_DRBG */
+
+#ifndef GMSSL_HASH_DRBG_H
+#define GMSSL_HASH_DRBG_H
+
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/digest.h>
+
+
+/* seedlen for hash_drgb, table 2 of nist sp 800-90a rev.1 */
+#define HASH_DRBG_SM3_SEED_BITS		440 /* 55 bytes */
+#define HASH_DRBG_SHA1_SEED_BITS	440
+#define HASH_DRBG_SHA224_SEED_BITS	440
+#define HASH_DRBG_SHA512_224_SEED_BITS	440
+#define HASH_DRBG_SHA256_SEED_BITS	440
+#define HASH_DRBG_SHA512_256_SEED_BITS	440
+#define HASH_DRBG_SHA384_SEED_BITS	888 /* 110 bytes */
+#define HASH_DRBG_SHA512_SEED_BITS	888
+#define HASH_DRBG_MAX_SEED_BITS		888
+
+#define HASH_DRBG_SM3_SEED_SIZE		(HASH_DRBG_SM3_SEED_BITS/8)
+#define HASH_DRBG_SHA1_SEED_SIZE	(HASH_DRBG_SHA1_SEED_BITS/8)
+#define HASH_DRBG_SHA224_SEED_SIZE	(HASH_DRBG_SHA224_SEED_BITS/8)
+#define HASH_DRBG_SHA512_224_SEED_SIZE	(HASH_DRBG_SHA512_224_SEED_BITS/8)
+#define HASH_DRBG_SHA256_SEED_SIZE	(HASH_DRBG_SHA256_SEED_BITS/8)
+#define HASH_DRBG_SHA512_256_SEED_SIZE	(HASH_DRBG_SHA512_256_SEED_BITS/8)
+#define HASH_DRBG_SHA384_SEED_SIZE	(HASH_DRBG_SHA384_SEED_BITS/8)
+#define HASH_DRBG_SHA512_SEED_SIZE	(HASH_DRBG_SHA512_SEED_BITS/8)
+#define HASH_DRBG_MAX_SEED_SIZE		(HASH_DRBG_MAX_SEED_BITS/8)
+
+#define HASH_DRBG_RESEED_INTERVAL	((uint64_t)1 << 48)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct {
+	const DIGEST *digest;
+	uint8_t V[HASH_DRBG_MAX_SEED_SIZE];
+	uint8_t C[HASH_DRBG_MAX_SEED_SIZE];
+	size_t seedlen;
+	uint64_t reseed_counter;
+} HASH_DRBG;
+
+
+int hash_drbg_init(HASH_DRBG *drbg,
+	const DIGEST *digest,
+	const uint8_t *entropy, size_t entropy_len,
+	const uint8_t *nonce, size_t nonce_len,
+	const uint8_t *personalstr, size_t personalstr_len);
+
+int hash_drbg_reseed(HASH_DRBG *drbg,
+	const uint8_t *entropy, size_t entropy_len,
+	const uint8_t *additional, size_t additional_len);
+
+int hash_drbg_generate(HASH_DRBG *drbg,
+	const uint8_t *additional, size_t additional_len,
+	size_t outlen, uint8_t *out);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/hex.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,27 +7,26 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_HEX_H
-#define GMSSL_HEX_H
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdint.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int hex_to_bytes(const char *in, size_t inlen, uint8_t *out, size_t *outlen);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_HEX_H
+#define GMSSL_HEX_H
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int hex_to_bytes(const char *in, size_t inlen, uint8_t *out, size_t *outlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/hkdf.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,40 +7,39 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-// RFC 5869
-
-#ifndef GMSSL_HKDF_H
-#define GMSSL_HKDF_H
-
-#include <string.h>
-#include <gmssl/digest.h>
-#include <gmssl/hmac.h>
-
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-int hkdf_extract(const DIGEST *digest, const uint8_t *salt, size_t saltlen,
-	const uint8_t *ikm, size_t ikmlen,
-	uint8_t *prk, size_t *prklen);
-
-int hkdf_expand(const DIGEST *digest, const uint8_t *prk, size_t prklen,
-	const uint8_t *opt_info, size_t opt_infolen,
-	size_t L, uint8_t *okm);
-
-int sm3_hkdf_extract(const uint8_t *salt, size_t saltlen,
-	const uint8_t *ikm, size_t ikmlen,
-	uint8_t *prk, size_t *prklen);
-
-int sm3_hkdf_expand(const uint8_t *prk, size_t prklen,
-	const uint8_t *opt_info, size_t opt_infolen,
-	size_t L, uint8_t *okm);
-
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
+// RFC 5869
+
+#ifndef GMSSL_HKDF_H
+#define GMSSL_HKDF_H
+
+#include <string.h>
+#include <gmssl/digest.h>
+#include <gmssl/hmac.h>
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+int hkdf_extract(const DIGEST *digest, const uint8_t *salt, size_t saltlen,
+	const uint8_t *ikm, size_t ikmlen,
+	uint8_t *prk, size_t *prklen);
+
+int hkdf_expand(const DIGEST *digest, const uint8_t *prk, size_t prklen,
+	const uint8_t *opt_info, size_t opt_infolen,
+	size_t L, uint8_t *okm);
+
+int sm3_hkdf_extract(const uint8_t *salt, size_t saltlen,
+	const uint8_t *ikm, size_t ikmlen,
+	uint8_t *prk, size_t *prklen);
+
+int sm3_hkdf_expand(const uint8_t *prk, size_t prklen,
+	const uint8_t *opt_info, size_t opt_infolen,
+	size_t L, uint8_t *okm);
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

include/gmssl/hmac.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,42 +7,41 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_HMAC_H
-#define GMSSL_HMAC_H
-
-#include <string.h>
-#include <gmssl/digest.h>
-
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define HMAC_MAX_SIZE	(DIGEST_MAX_SIZE)
-
-
-typedef struct hmac_ctx_st {
-	const DIGEST *digest;
-	DIGEST_CTX digest_ctx;
-	DIGEST_CTX i_ctx;
-	DIGEST_CTX o_ctx;
-} HMAC_CTX;
-
-
-size_t hmac_size(const HMAC_CTX *ctx);
-
-int hmac_init(HMAC_CTX *ctx, const DIGEST *digest, const uint8_t *key, size_t keylen);
-int hmac_update(HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
-int hmac_finish(HMAC_CTX *ctx, uint8_t *mac, size_t *maclen);
-
-int hmac(const DIGEST *md, const uint8_t *key, size_t keylen,
-	const uint8_t *data, size_t dlen,
-	uint8_t *mac, size_t *maclen);
-
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_HMAC_H
+#define GMSSL_HMAC_H
+
+#include <string.h>
+#include <gmssl/digest.h>
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define HMAC_MAX_SIZE	(DIGEST_MAX_SIZE)
+
+
+typedef struct hmac_ctx_st {
+	const DIGEST *digest;
+	DIGEST_CTX digest_ctx;
+	DIGEST_CTX i_ctx;
+	DIGEST_CTX o_ctx;
+} HMAC_CTX;
+
+
+size_t hmac_size(const HMAC_CTX *ctx);
+
+int hmac_init(HMAC_CTX *ctx, const DIGEST *digest, const uint8_t *key, size_t keylen);
+int hmac_update(HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
+int hmac_finish(HMAC_CTX *ctx, uint8_t *mac, size_t *maclen);
+
+int hmac(const DIGEST *md, const uint8_t *key, size_t keylen,
+	const uint8_t *data, size_t dlen,
+	uint8_t *mac, size_t *maclen);
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

include/gmssl/md5.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,43 +7,42 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_MD5_H
-#define GMSSL_MD5_H
-
-
-#include <string.h>
-#include <stdint.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define MD5_IS_BIG_ENDIAN	0
-
-#define MD5_DIGEST_SIZE		16
-#define MD5_BLOCK_SIZE		64
-#define MD5_STATE_WORDS		(MD5_BLOCK_SIZE/sizeof(uint32_t))
-
-typedef struct {
-	uint32_t state[MD5_STATE_WORDS];
-	uint64_t nblocks;
-	uint8_t block[MD5_BLOCK_SIZE];
-	size_t num;
-} MD5_CTX;
-
-
-void md5_init(MD5_CTX *ctx);
-void md5_update(MD5_CTX *ctx, const uint8_t *data, size_t datalen);
-void md5_finish(MD5_CTX *ctx, uint8_t dgst[MD5_DIGEST_SIZE]);
-void md5_digest(const uint8_t *data, size_t datalen, uint8_t dgst[MD5_DIGEST_SIZE]);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_MD5_H
+#define GMSSL_MD5_H
+
+
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define MD5_IS_BIG_ENDIAN	0
+
+#define MD5_DIGEST_SIZE		16
+#define MD5_BLOCK_SIZE		64
+#define MD5_STATE_WORDS		(MD5_BLOCK_SIZE/sizeof(uint32_t))
+
+typedef struct {
+	uint32_t state[MD5_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[MD5_BLOCK_SIZE];
+	size_t num;
+} MD5_CTX;
+
+
+void md5_init(MD5_CTX *ctx);
+void md5_update(MD5_CTX *ctx, const uint8_t *data, size_t datalen);
+void md5_finish(MD5_CTX *ctx, uint8_t dgst[MD5_DIGEST_SIZE]);
+void md5_digest(const uint8_t *data, size_t datalen, uint8_t dgst[MD5_DIGEST_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/mem.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,22 +7,21 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_MEM_H
-#define GMSSL_MEM_H
-
-#include <stdint.h>
-#include <stddef.h> // where size_t from
-
-
-void memxor(void *r, const void *a, size_t len);
-void gmssl_memxor(void *r, const void *a, const void *b, size_t len);
-
-int gmssl_secure_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
-void gmssl_secure_clear(void *ptr, size_t len);
-
-int mem_is_zero(const uint8_t *buf, size_t len); // FIXME: uint8_t * to void *
-
-#endif
-
+
+#ifndef GMSSL_MEM_H
+#define GMSSL_MEM_H
+
+#include <stdint.h>
+#include <stddef.h> // where size_t from
+
+
+void memxor(void *r, const void *a, size_t len);
+void gmssl_memxor(void *r, const void *a, const void *b, size_t len);
+
+int gmssl_secure_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
+void gmssl_secure_clear(void *ptr, size_t len);
+
+int mem_is_zero(const uint8_t *buf, size_t len); // FIXME: uint8_t * to void *
+
+#endif
+

include/gmssl/oid.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,208 +7,207 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_OID_H
-#define GMSSL_OID_H
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-enum {
-	OID_undef = 0,
-
-	// ShangMi schemes in GM/T 0006-2012
-	OID_sm1,
-	OID_ssf33,
-	OID_sm4,
-	OID_zuc,
-	OID_sm2,
-	OID_sm2sign,
-	OID_sm2keyagreement,
-	OID_sm2encrypt,
-	OID_sm9,
-	OID_sm9sign,
-	OID_sm9keyagreement,
-	OID_sm9encrypt,
-	OID_sm3,
-	OID_sm3_keyless,
-	OID_hmac_sm3,
-	OID_sm2sign_with_sm3,
-	OID_rsasign_with_sm3,
-	OID_ec_public_key, // X9.62 ecPublicKey
-	OID_prime192v1,
-	OID_prime256v1,
-	OID_secp256k1,
-	OID_secp192k1,
-	OID_secp224k1,
-	OID_secp224r1,
-	OID_secp384r1,
-	OID_secp521r1,
-
-	OID_at_name,
-	OID_at_surname,
-	OID_at_given_name,
-	OID_at_initials,
-	OID_at_generation_qualifier,
-	OID_at_common_name,
-	OID_at_locality_name,
-	OID_at_state_or_province_name,
-	OID_at_organization_name,
-	OID_at_organizational_unit_name,
-	OID_at_title,
-	OID_at_dn_qualifier,
-	OID_at_country_name,
-	OID_at_serial_number,
-	OID_at_pseudonym,
-	OID_domain_component,
-	OID_email_address,
-
-	// Cert Extensions
-	OID_ce_authority_key_identifier,
-	OID_ce_subject_key_identifier,
-	OID_ce_key_usage,
-	OID_ce_certificate_policies,
-	OID_ce_policy_mappings,
-	OID_ce_subject_alt_name,
-	OID_ce_issuer_alt_name,
-	OID_ce_subject_directory_attributes,
-	OID_ce_basic_constraints,
-	OID_ce_name_constraints,
-	OID_ce_policy_constraints,
-	OID_ce_ext_key_usage,
-	OID_ce_crl_distribution_points,
-	OID_ce_inhibit_any_policy,
-	OID_ce_freshest_crl,
-	OID_netscape_cert_type,
-	OID_netscape_cert_comment,
-	OID_cert_authority_info_access,
-	OID_ct_precertificate_scts,
-
-	// CRL Extensions
-	//OID_ce_authority_key_identifier,
-	//OID_ce_issuer_alt_name,
-	OID_ce_crl_number,
-	OID_ce_delta_crl_indicator,
-	OID_ce_issuing_distribution_point,
-	//OID_ce_freshest_crl,
-	OID_pe_authority_info_access,
-
-	// CRL Entry Extensions
-	OID_ce_crl_reasons,
-	OID_ce_invalidity_date,
-	OID_ce_certificate_issuer,
-
-	// X.509 KeyPropuseID
-	OID_kp_server_auth,
-	OID_kp_client_auth,
-	OID_kp_code_signing,
-	OID_kp_email_protection,
-	OID_kp_time_stamping,
-	OID_kp_ocsp_signing,
-
-	OID_qt_cps,
-	OID_qt_unotice,
-
-	OID_md5,
-	OID_sha1,
-	OID_sha224,
-	OID_sha256,
-	OID_sha384,
-	OID_sha512,
-	OID_sha512_224,
-	OID_sha512_256,
-
-
-	OID_hmac_sha1,
-	OID_hmac_sha224,
-	OID_hmac_sha256,
-	OID_hmac_sha384,
-	OID_hmac_sha512,
-	OID_hmac_sha512_224,
-	OID_hmac_sha512_256,
-
-	OID_pbkdf2, // {pkcs-5 12}
-	OID_pbes2,  // {pkcs-5 13}
-
-
-
-	OID_sm4_ecb, // 1 2 156 10197 1 104 1
-	OID_sm4_cbc, // 1 2 156 10197 1 104 2
-
-	OID_aes,
-	OID_aes128_cbc,
-	OID_aes192_cbc,
-	OID_aes256_cbc,
-
-	OID_aes128, // 没有OID
-
-	OID_ecdsa_with_sha1,
-	OID_ecdsa_with_sha224,
-	OID_ecdsa_with_sha256,
-	OID_ecdsa_with_sha384,
-	OID_ecdsa_with_sha512,
-
-	OID_rsasign_with_md5,
-	OID_rsasign_with_sha1,
-	OID_rsasign_with_sha224,
-	OID_rsasign_with_sha256,
-	OID_rsasign_with_sha384,
-	OID_rsasign_with_sha512,
-
-	OID_rsa_encryption,
-	OID_rsaes_oaep,
-
-	OID_any_policy,
-
-	OID_cms_data,
-	OID_cms_signed_data,
-	OID_cms_enveloped_data,
-	OID_cms_signed_and_enveloped_data,
-	OID_cms_encrypted_data,
-	OID_cms_key_agreement_info,
-};
-
-// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
-#define oid_pkix	1,3,6,1,5,5,7
-
-#define oid_pe		oid_pkix,1
-#define oid_qt		oid_pkix,2
-#define oid_kp		oid_pkix,3
-#define oid_ad		oid_pkix,48
-
-// {iso(1) member-body(2) us(840) rsadsi(113549)}
-#define oid_rsadsi	1,2,840,113549
-#define oid_pkcs	oid_rsadsi,1
-#define oid_pkcs5	oid_pkcs,5
-
-// {iso(1) member-body(2) us(840) ansi-x962(10045)}
-#define oid_x9_62	1,2,840,10045
-
-
-
-#define oid_at	2,5,4
-#define oid_ce	2,5,29
-
-
-#define oid_sm		1,2,156,10197
-#define oid_sm_algors	oid_sm,1
-#define oid_sm2_cms	oid_sm,6,1,4,2
-
-
-
-
-
-#define oid_cnt(nodes)	(sizeof(nodes)/sizeof(int))
-
-
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_OID_H
+#define GMSSL_OID_H
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum {
+	OID_undef = 0,
+
+	// ShangMi schemes in GM/T 0006-2012
+	OID_sm1,
+	OID_ssf33,
+	OID_sm4,
+	OID_zuc,
+	OID_sm2,
+	OID_sm2sign,
+	OID_sm2keyagreement,
+	OID_sm2encrypt,
+	OID_sm9,
+	OID_sm9sign,
+	OID_sm9keyagreement,
+	OID_sm9encrypt,
+	OID_sm3,
+	OID_sm3_keyless,
+	OID_hmac_sm3,
+	OID_sm2sign_with_sm3,
+	OID_rsasign_with_sm3,
+	OID_ec_public_key, // X9.62 ecPublicKey
+	OID_prime192v1,
+	OID_prime256v1,
+	OID_secp256k1,
+	OID_secp192k1,
+	OID_secp224k1,
+	OID_secp224r1,
+	OID_secp384r1,
+	OID_secp521r1,
+
+	OID_at_name,
+	OID_at_surname,
+	OID_at_given_name,
+	OID_at_initials,
+	OID_at_generation_qualifier,
+	OID_at_common_name,
+	OID_at_locality_name,
+	OID_at_state_or_province_name,
+	OID_at_organization_name,
+	OID_at_organizational_unit_name,
+	OID_at_title,
+	OID_at_dn_qualifier,
+	OID_at_country_name,
+	OID_at_serial_number,
+	OID_at_pseudonym,
+	OID_domain_component,
+	OID_email_address,
+
+	// Cert Extensions
+	OID_ce_authority_key_identifier,
+	OID_ce_subject_key_identifier,
+	OID_ce_key_usage,
+	OID_ce_certificate_policies,
+	OID_ce_policy_mappings,
+	OID_ce_subject_alt_name,
+	OID_ce_issuer_alt_name,
+	OID_ce_subject_directory_attributes,
+	OID_ce_basic_constraints,
+	OID_ce_name_constraints,
+	OID_ce_policy_constraints,
+	OID_ce_ext_key_usage,
+	OID_ce_crl_distribution_points,
+	OID_ce_inhibit_any_policy,
+	OID_ce_freshest_crl,
+	OID_netscape_cert_type,
+	OID_netscape_cert_comment,
+	OID_cert_authority_info_access,
+	OID_ct_precertificate_scts,
+
+	// CRL Extensions
+	//OID_ce_authority_key_identifier,
+	//OID_ce_issuer_alt_name,
+	OID_ce_crl_number,
+	OID_ce_delta_crl_indicator,
+	OID_ce_issuing_distribution_point,
+	//OID_ce_freshest_crl,
+	OID_pe_authority_info_access,
+
+	// CRL Entry Extensions
+	OID_ce_crl_reasons,
+	OID_ce_invalidity_date,
+	OID_ce_certificate_issuer,
+
+	// X.509 KeyPropuseID
+	OID_kp_server_auth,
+	OID_kp_client_auth,
+	OID_kp_code_signing,
+	OID_kp_email_protection,
+	OID_kp_time_stamping,
+	OID_kp_ocsp_signing,
+
+	OID_qt_cps,
+	OID_qt_unotice,
+
+	OID_md5,
+	OID_sha1,
+	OID_sha224,
+	OID_sha256,
+	OID_sha384,
+	OID_sha512,
+	OID_sha512_224,
+	OID_sha512_256,
+
+
+	OID_hmac_sha1,
+	OID_hmac_sha224,
+	OID_hmac_sha256,
+	OID_hmac_sha384,
+	OID_hmac_sha512,
+	OID_hmac_sha512_224,
+	OID_hmac_sha512_256,
+
+	OID_pbkdf2, // {pkcs-5 12}
+	OID_pbes2,  // {pkcs-5 13}
+
+
+
+	OID_sm4_ecb, // 1 2 156 10197 1 104 1
+	OID_sm4_cbc, // 1 2 156 10197 1 104 2
+
+	OID_aes,
+	OID_aes128_cbc,
+	OID_aes192_cbc,
+	OID_aes256_cbc,
+
+	OID_aes128, // 没有OID
+
+	OID_ecdsa_with_sha1,
+	OID_ecdsa_with_sha224,
+	OID_ecdsa_with_sha256,
+	OID_ecdsa_with_sha384,
+	OID_ecdsa_with_sha512,
+
+	OID_rsasign_with_md5,
+	OID_rsasign_with_sha1,
+	OID_rsasign_with_sha224,
+	OID_rsasign_with_sha256,
+	OID_rsasign_with_sha384,
+	OID_rsasign_with_sha512,
+
+	OID_rsa_encryption,
+	OID_rsaes_oaep,
+
+	OID_any_policy,
+
+	OID_cms_data,
+	OID_cms_signed_data,
+	OID_cms_enveloped_data,
+	OID_cms_signed_and_enveloped_data,
+	OID_cms_encrypted_data,
+	OID_cms_key_agreement_info,
+};
+
+// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
+#define oid_pkix	1,3,6,1,5,5,7
+
+#define oid_pe		oid_pkix,1
+#define oid_qt		oid_pkix,2
+#define oid_kp		oid_pkix,3
+#define oid_ad		oid_pkix,48
+
+// {iso(1) member-body(2) us(840) rsadsi(113549)}
+#define oid_rsadsi	1,2,840,113549
+#define oid_pkcs	oid_rsadsi,1
+#define oid_pkcs5	oid_pkcs,5
+
+// {iso(1) member-body(2) us(840) ansi-x962(10045)}
+#define oid_x9_62	1,2,840,10045
+
+
+
+#define oid_at	2,5,4
+#define oid_ce	2,5,29
+
+
+#define oid_sm		1,2,156,10197
+#define oid_sm_algors	oid_sm,1
+#define oid_sm2_cms	oid_sm,6,1,4,2
+
+
+
+
+
+#define oid_cnt(nodes)	(sizeof(nodes)/sizeof(int))
+
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/pbkdf2.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,49 +7,48 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_PBKDF2_H
-#define GMSSL_PBKDF2_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdint.h>
-#include <limits.h>
-#include <gmssl/hmac.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-PBKDF2 Public API
-
-	PBKDF2_MIN_ITER
-	PBKDF2_DEFAULT_SALT_SIZE
-	PBKDF2_MAX_SALT_SIZE
-
-	pbkdf2_hmac_sm3_genkey
-*/
-
-
-#define PBKDF2_MIN_ITER			10000
-#define PBKDF2_MAX_ITER			(INT_MAX)
-#define PBKDF2_MAX_SALT_SIZE		64
-#define PBKDF2_DEFAULT_SALT_SIZE	8
-
-
-int pbkdf2_genkey(const DIGEST *digest,
-	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
-	size_t outlen, uint8_t *out);
-
-int pbkdf2_hmac_sm3_genkey(
-	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
-	size_t outlen, uint8_t *out);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_PBKDF2_H
+#define GMSSL_PBKDF2_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <limits.h>
+#include <gmssl/hmac.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+PBKDF2 Public API
+
+	PBKDF2_MIN_ITER
+	PBKDF2_DEFAULT_SALT_SIZE
+	PBKDF2_MAX_SALT_SIZE
+
+	pbkdf2_hmac_sm3_genkey
+*/
+
+
+#define PBKDF2_MIN_ITER			10000
+#define PBKDF2_MAX_ITER			(INT_MAX)
+#define PBKDF2_MAX_SALT_SIZE		64
+#define PBKDF2_DEFAULT_SALT_SIZE	8
+
+
+int pbkdf2_genkey(const DIGEST *digest,
+	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
+	size_t outlen, uint8_t *out);
+
+int pbkdf2_hmac_sm3_genkey(
+	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
+	size_t outlen, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/pem.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,28 +7,27 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_PEM_H
-#define GMSSL_PEM_H
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <gmssl/base64.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-int pem_read(FILE *fp, const char *name, uint8_t *out, size_t *outlen, size_t maxlen);
-int pem_write(FILE *fp, const char *name, const uint8_t *in, size_t inlen);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_PEM_H
+#define GMSSL_PEM_H
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/base64.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+int pem_read(FILE *fp, const char *name, uint8_t *out, size_t *outlen, size_t maxlen);
+int pem_write(FILE *fp, const char *name, const uint8_t *in, size_t inlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/pkcs8.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,164 +7,163 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-// RFC 5208: PKCS #8: Private-Key Information Syntax Specification version 1.2
-
-
-#ifndef GMSSL_PKCS8_H
-#define GMSSL_PKCS8_H
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <gmssl/sm2.h>
-#include <gmssl/pem.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
-id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
-
-PBKDF2-params ::= SEQUENCE {
-	salt CHOICE {
-		specified	OCTET STRING,
-		otherSource	AlgorithmIdentifier {{PBKDF2-SaltSources}}
-	},
-	iterationCount		INTEGER (1..MAX),
-	keyLength		INTEGER (1..MAX) OPTIONAL, -- 这个参数可以由函数指定
-	prf			AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
-}
-
-prf must be OID_hmac_sm3
-cipher must be OID_sm4_cbc
-*/
-int pbkdf2_params_to_der(const uint8_t *salt, size_t saltlen, int iter, int keylen, int prf,
-	uint8_t **out, size_t *outlen);
-int pbkdf2_params_from_der(const uint8_t **salt, size_t *saltlen, int *iter, int *keylen, int *prf,
-	const uint8_t **in, size_t *inlen);
-int pbkdf2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-int pbkdf2_algor_to_der(
-	const uint8_t *salt, size_t saltlen,
-	int iter,
-	int keylen,
-	int prf,
-	uint8_t **out, size_t *outlen);
-int pbkdf2_algor_from_der(
-	const uint8_t **salt, size_t *saltlen,
-	int *iter,
-	int *keylen,
-	int *prf,
-	const uint8_t **in, size_t *inlen);
-int pbkdf2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-/*
-id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
-
-PBES2-params ::= SEQUENCE {
-	keyDerivationFunc	AlgorithmIdentifier {{PBES2-KDFs}}, -- id-PBKDF2
-	encryptionScheme	AlgorithmIdentifier {{PBES2-Encs}}}
-
-PBES2-Encs:
-	AES-CBC-Pad [RFC2898]
-	RC5-CBC-Pad
-	DES-CBC-Pad		legacy
-	DES-EDE3-CBC-Pad	legacy
-	RC2-CBC-Pad		legacy
-*/
-
-int pbes2_enc_algor_to_der(
-	int cipher,
-	const uint8_t *iv, size_t ivlen,
-	uint8_t **out, size_t *outlen);
-int pbes2_enc_algor_from_der(
-	int *cipher,
-	const uint8_t **iv, size_t *ivlen,
-	const uint8_t **in, size_t *inlen);
-int pbes2_enc_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-int pbes2_params_to_der(
-	const uint8_t *salt, size_t saltlen,
-	int iter,
-	int keylen,
-	int prf,
-	int cipher,
-	const uint8_t *iv, size_t ivlen,
-	uint8_t **out, size_t *outlen);
-int pbes2_params_from_der(
-	const uint8_t **salt, size_t *saltlen,
-	int *iter,
-	int *keylen,
-	int *prf,
-	int *cipher,
-	const uint8_t **iv, size_t *ivlen,
-	const uint8_t **in, size_t *inlen);
-int pbes2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-int pbes2_algor_to_der(
-	const uint8_t *salt, size_t saltlen,
-	int iter,
-	int keylen,
-	int prf,
-	int cipher,
-	const uint8_t *iv, size_t ivlen,
-	uint8_t **out, size_t *outlen);
-int pbes2_algor_from_der(
-	const uint8_t **salt, size_t *saltlen,
-	int *iter,
-	int *keylen,
-	int *prf,
-	int *cipher,
-	const uint8_t **iv, size_t *ivlen,
-	const uint8_t **in, size_t *inlen);
-int pbes2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-from [RFC 5208]
-
-EncryptedPrivateKeyInfo ::= SEQUENCE {
-	encryptionAlgorithm	EncryptionAlgorithmIdentifier,
-	encryptedData		OCTET STRING }
-
-encryptionAlgorithm:
-	id-PBES2
-
-PrivateKeyInfo ::= SEQUENCE {
-	version			INTEGER { v1(0) },
-	privateKeyAlgorithm	AlgorithmIdentifier,
-	privateKey		OCTET STRING,
-	attributes		[0] Attributes OPTIONAL }
-*/
-
-int pkcs8_enced_private_key_info_to_der(
-	const uint8_t *salt, size_t saltlen,
-	int iter,
-	int keylen,
-	int prf,
-	int cipher,
-	const uint8_t *iv, size_t ivlen,
-	const uint8_t *enced, size_t encedlen,
-	uint8_t **out, size_t *outlen);
-int pkcs8_enced_private_key_info_from_der(
-	const uint8_t **salt, size_t *saltlen,
-	int *iter,
-	int *keylen,
-	int *prf,
-	int *cipher,
-	const uint8_t **iv, size_t *ivlen,
-	const uint8_t **enced, size_t *encedlen,
-	const uint8_t **in, size_t *inlen);
-int pkcs8_enced_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+// RFC 5208: PKCS #8: Private-Key Information Syntax Specification version 1.2
+
+
+#ifndef GMSSL_PKCS8_H
+#define GMSSL_PKCS8_H
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <gmssl/sm2.h>
+#include <gmssl/pem.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+
+PBKDF2-params ::= SEQUENCE {
+	salt CHOICE {
+		specified	OCTET STRING,
+		otherSource	AlgorithmIdentifier {{PBKDF2-SaltSources}}
+	},
+	iterationCount		INTEGER (1..MAX),
+	keyLength		INTEGER (1..MAX) OPTIONAL, -- 这个参数可以由函数指定
+	prf			AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+}
+
+prf must be OID_hmac_sm3
+cipher must be OID_sm4_cbc
+*/
+int pbkdf2_params_to_der(const uint8_t *salt, size_t saltlen, int iter, int keylen, int prf,
+	uint8_t **out, size_t *outlen);
+int pbkdf2_params_from_der(const uint8_t **salt, size_t *saltlen, int *iter, int *keylen, int *prf,
+	const uint8_t **in, size_t *inlen);
+int pbkdf2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int pbkdf2_algor_to_der(
+	const uint8_t *salt, size_t saltlen,
+	int iter,
+	int keylen,
+	int prf,
+	uint8_t **out, size_t *outlen);
+int pbkdf2_algor_from_der(
+	const uint8_t **salt, size_t *saltlen,
+	int *iter,
+	int *keylen,
+	int *prf,
+	const uint8_t **in, size_t *inlen);
+int pbkdf2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+/*
+id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+
+PBES2-params ::= SEQUENCE {
+	keyDerivationFunc	AlgorithmIdentifier {{PBES2-KDFs}}, -- id-PBKDF2
+	encryptionScheme	AlgorithmIdentifier {{PBES2-Encs}}}
+
+PBES2-Encs:
+	AES-CBC-Pad [RFC2898]
+	RC5-CBC-Pad
+	DES-CBC-Pad		legacy
+	DES-EDE3-CBC-Pad	legacy
+	RC2-CBC-Pad		legacy
+*/
+
+int pbes2_enc_algor_to_der(
+	int cipher,
+	const uint8_t *iv, size_t ivlen,
+	uint8_t **out, size_t *outlen);
+int pbes2_enc_algor_from_der(
+	int *cipher,
+	const uint8_t **iv, size_t *ivlen,
+	const uint8_t **in, size_t *inlen);
+int pbes2_enc_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+int pbes2_params_to_der(
+	const uint8_t *salt, size_t saltlen,
+	int iter,
+	int keylen,
+	int prf,
+	int cipher,
+	const uint8_t *iv, size_t ivlen,
+	uint8_t **out, size_t *outlen);
+int pbes2_params_from_der(
+	const uint8_t **salt, size_t *saltlen,
+	int *iter,
+	int *keylen,
+	int *prf,
+	int *cipher,
+	const uint8_t **iv, size_t *ivlen,
+	const uint8_t **in, size_t *inlen);
+int pbes2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+int pbes2_algor_to_der(
+	const uint8_t *salt, size_t saltlen,
+	int iter,
+	int keylen,
+	int prf,
+	int cipher,
+	const uint8_t *iv, size_t ivlen,
+	uint8_t **out, size_t *outlen);
+int pbes2_algor_from_der(
+	const uint8_t **salt, size_t *saltlen,
+	int *iter,
+	int *keylen,
+	int *prf,
+	int *cipher,
+	const uint8_t **iv, size_t *ivlen,
+	const uint8_t **in, size_t *inlen);
+int pbes2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+from [RFC 5208]
+
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+	encryptionAlgorithm	EncryptionAlgorithmIdentifier,
+	encryptedData		OCTET STRING }
+
+encryptionAlgorithm:
+	id-PBES2
+
+PrivateKeyInfo ::= SEQUENCE {
+	version			INTEGER { v1(0) },
+	privateKeyAlgorithm	AlgorithmIdentifier,
+	privateKey		OCTET STRING,
+	attributes		[0] Attributes OPTIONAL }
+*/
+
+int pkcs8_enced_private_key_info_to_der(
+	const uint8_t *salt, size_t saltlen,
+	int iter,
+	int keylen,
+	int prf,
+	int cipher,
+	const uint8_t *iv, size_t ivlen,
+	const uint8_t *enced, size_t encedlen,
+	uint8_t **out, size_t *outlen);
+int pkcs8_enced_private_key_info_from_der(
+	const uint8_t **salt, size_t *saltlen,
+	int *iter,
+	int *keylen,
+	int *prf,
+	int *cipher,
+	const uint8_t **iv, size_t *ivlen,
+	const uint8_t **enced, size_t *encedlen,
+	const uint8_t **in, size_t *inlen);
+int pkcs8_enced_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/rand.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,33 +7,32 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_RAND_H
-#define GMSSL_RAND_H
-
-#include <stdint.h>
-#include <stdlib.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-Rand Public API
-
-	rand_bytes
-
-*/
-
-int rand_bytes(uint8_t *buf, size_t buflen);
-
-int rdrand_bytes(uint8_t *buf, size_t buflen);
-int rdseed_bytes(uint8_t *buf, size_t buflen);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_RAND_H
+#define GMSSL_RAND_H
+
+#include <stdint.h>
+#include <stdlib.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+Rand Public API
+
+	rand_bytes
+
+*/
+
+int rand_bytes(uint8_t *buf, size_t buflen);
+
+int rdrand_bytes(uint8_t *buf, size_t buflen);
+int rdseed_bytes(uint8_t *buf, size_t buflen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/rc4.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,35 +7,34 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_RC4_H
-#define GMSSL_RC4_H
-
-
-#include <string.h>
-#include <stdint.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define RC4_MIN_KEY_BITS	40
-#define RC4_STATE_NUM_WORDS	256
-
-
-typedef struct {
-	uint8_t d[RC4_STATE_NUM_WORDS];
-} RC4_STATE;
-
-void rc4_init(RC4_STATE *state, const uint8_t *key, size_t keylen);
-void rc4_generate_keystream(RC4_STATE *state, size_t outlen, uint8_t *out);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_RC4_H
+#define GMSSL_RC4_H
+
+
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define RC4_MIN_KEY_BITS	40
+#define RC4_STATE_NUM_WORDS	256
+
+
+typedef struct {
+	uint8_t d[RC4_STATE_NUM_WORDS];
+} RC4_STATE;
+
+void rc4_init(RC4_STATE *state, const uint8_t *key, size_t keylen);
+void rc4_generate_keystream(RC4_STATE *state, size_t outlen, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/rsa.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,51 +7,50 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_RSA_H
-#define GMSSL_RSA_H
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdint.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
-RSAPublicKey ::= SEQUENCE {
-	modulus			INTEGER,  -- n
-	publicExponent		INTEGER   -- e
-}
-
-RSAPrivateKey ::= SEQUENCE {
-	version			INTEGER, -- 0
-	modulus			INTEGER, -- n
-	publicExponent		INTEGER, -- e
-	privateExponent		INTEGER, -- d
-	prime1			INTEGER, -- p
-	prime2			INTEGER, -- q
-	exponent1		INTEGER, -- d mod (p-1)
-	exponent2		INTEGER, -- d mod (q-1)
-	coefficient		INTEGER  -- q^-1 mod p
-}
-*/
-
-
-int rsa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-
-
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_RSA_H
+#define GMSSL_RSA_H
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+RSAPublicKey ::= SEQUENCE {
+	modulus			INTEGER,  -- n
+	publicExponent		INTEGER   -- e
+}
+
+RSAPrivateKey ::= SEQUENCE {
+	version			INTEGER, -- 0
+	modulus			INTEGER, -- n
+	publicExponent		INTEGER, -- e
+	privateExponent		INTEGER, -- d
+	prime1			INTEGER, -- p
+	prime2			INTEGER, -- q
+	exponent1		INTEGER, -- d mod (p-1)
+	exponent2		INTEGER, -- d mod (q-1)
+	coefficient		INTEGER  -- q^-1 mod p
+}
+*/
+
+
+int rsa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/sdf.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,64 +7,63 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_SDF_H
-#define GMSSL_SDF_H
-
-#include <string.h>
-#include <stdint.h>
-#include <gmssl/sm2.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-SDF Public API
-
-	sdf_load_library
-	sdf_unload_library
-
-	SDF_DEVICE
-	sdf_open_device
-	sdf_close_device
-	sdf_print_device_info
-	sdf_rand_bytes
-	sdf_load_sign_key
-
-	SDF_KEY
-	sdf_sign
-	sdf_release_key
-*/
-
-typedef struct {
-	void *handle;
-	char issuer[41];
-	char name[17];
-	char serial[17];
-} SDF_DEVICE;
-
-typedef struct {
-	SM2_KEY public_key;
-	void *session;
-	int index;
-} SDF_KEY;
-
-
-int sdf_load_library(const char *so_path, const char *vendor);
-int sdf_open_device(SDF_DEVICE *dev);
-int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev);
-int sdf_rand_bytes(SDF_DEVICE *dev, uint8_t *buf, size_t len);
-int sdf_load_sign_key(SDF_DEVICE *dev, SDF_KEY *key, int index, const char *pass);
-int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
-int sdf_release_key(SDF_KEY *key);
-int sdf_close_device(SDF_DEVICE *dev);
-void sdf_unload_library(void);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_SDF_H
+#define GMSSL_SDF_H
+
+#include <string.h>
+#include <stdint.h>
+#include <gmssl/sm2.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+SDF Public API
+
+	sdf_load_library
+	sdf_unload_library
+
+	SDF_DEVICE
+	sdf_open_device
+	sdf_close_device
+	sdf_print_device_info
+	sdf_rand_bytes
+	sdf_load_sign_key
+
+	SDF_KEY
+	sdf_sign
+	sdf_release_key
+*/
+
+typedef struct {
+	void *handle;
+	char issuer[41];
+	char name[17];
+	char serial[17];
+} SDF_DEVICE;
+
+typedef struct {
+	SM2_KEY public_key;
+	void *session;
+	int index;
+} SDF_KEY;
+
+
+int sdf_load_library(const char *so_path, const char *vendor);
+int sdf_open_device(SDF_DEVICE *dev);
+int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev);
+int sdf_rand_bytes(SDF_DEVICE *dev, uint8_t *buf, size_t len);
+int sdf_load_sign_key(SDF_DEVICE *dev, SDF_KEY *key, int index, const char *pass);
+int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
+int sdf_release_key(SDF_KEY *key);
+int sdf_close_device(SDF_DEVICE *dev);
+void sdf_unload_library(void);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/sha1.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,40 +7,39 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_SHA1_H
-#define GMSSL_SHA1_H
-
-#include <string.h>
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define SHA1_IS_BIG_ENDIAN	1
-
-#define SHA1_DIGEST_SIZE	20
-#define SHA1_BLOCK_SIZE		64
-#define SHA1_STATE_WORDS	(SHA1_DIGEST_SIZE/sizeof(uint32_t))
-
-
-typedef struct {
-	uint32_t state[SHA1_STATE_WORDS];
-	uint64_t nblocks;
-	uint8_t block[SHA1_BLOCK_SIZE];
-	size_t num;
-} SHA1_CTX;
-
-void sha1_init(SHA1_CTX *ctx);
-void sha1_update(SHA1_CTX *ctx, const uint8_t *data, size_t datalen);
-void sha1_finish(SHA1_CTX *ctx, uint8_t dgst[SHA1_DIGEST_SIZE]);
-void sha1_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SHA1_DIGEST_SIZE]);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_SHA1_H
+#define GMSSL_SHA1_H
+
+#include <string.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define SHA1_IS_BIG_ENDIAN	1
+
+#define SHA1_DIGEST_SIZE	20
+#define SHA1_BLOCK_SIZE		64
+#define SHA1_STATE_WORDS	(SHA1_DIGEST_SIZE/sizeof(uint32_t))
+
+
+typedef struct {
+	uint32_t state[SHA1_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA1_BLOCK_SIZE];
+	size_t num;
+} SHA1_CTX;
+
+void sha1_init(SHA1_CTX *ctx);
+void sha1_update(SHA1_CTX *ctx, const uint8_t *data, size_t datalen);
+void sha1_finish(SHA1_CTX *ctx, uint8_t dgst[SHA1_DIGEST_SIZE]);
+void sha1_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SHA1_DIGEST_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/sha2.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,97 +7,96 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_SHA2_H
-#define GMSSL_SHA2_H
-
-#include <string.h>
-#include <stdint.h>
-#include <sys/types.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define SHA2_IS_BIG_ENDIAN	1
-
-
-#define SHA224_DIGEST_SIZE	28
-#define SHA224_BLOCK_SIZE	64
-#define SHA224_STATE_WORDS	8
-
-typedef struct {
-	uint32_t state[SHA224_STATE_WORDS];
-	uint64_t nblocks;
-	uint8_t block[SHA224_BLOCK_SIZE];
-	int num;
-} SHA224_CTX;
-
-void sha224_init(SHA224_CTX *ctx);
-void sha224_update(SHA224_CTX *ctx, const uint8_t* data, size_t datalen);
-void sha224_finish(SHA224_CTX *ctx, uint8_t dgst[SHA224_DIGEST_SIZE]);
-void sha224_digest(const uint8_t *data, size_t datalen,
-	uint8_t dgst[SHA224_DIGEST_SIZE]);
-
-
-#define SHA256_DIGEST_SIZE	32
-#define SHA256_BLOCK_SIZE	64
-#define SHA256_STATE_WORDS	8
-
-typedef struct {
-	uint32_t state[SHA256_STATE_WORDS];
-	uint64_t nblocks;
-	uint8_t block[SHA256_BLOCK_SIZE];
-	int num;
-} SHA256_CTX;
-
-void sha256_init(SHA256_CTX *ctx);
-void sha256_update(SHA256_CTX *ctx, const uint8_t* data, size_t datalen);
-void sha256_finish(SHA256_CTX *ctx, uint8_t dgst[SHA256_DIGEST_SIZE]);
-void sha256_digest(const uint8_t *data, size_t datalen,
-	uint8_t dgst[SHA256_DIGEST_SIZE]);
-
-
-#define SHA384_DIGEST_SIZE	48
-#define SHA384_BLOCK_SIZE	128
-#define SHA384_STATE_WORDS	8
-
-typedef struct {
-	uint64_t state[SHA384_STATE_WORDS];
-	uint64_t nblocks;
-	uint8_t block[SHA384_BLOCK_SIZE];
-	int num;
-} SHA384_CTX;
-
-void sha384_init(SHA384_CTX *ctx);
-void sha384_update(SHA384_CTX *ctx, const uint8_t* data, size_t datalen);
-void sha384_finish(SHA384_CTX *ctx, uint8_t dgst[SHA384_DIGEST_SIZE]);
-void sha384_digest(const uint8_t *data, size_t datalen,
-	uint8_t dgst[SHA384_DIGEST_SIZE]);
-
-
-#define SHA512_DIGEST_SIZE	64
-#define SHA512_BLOCK_SIZE	128
-#define SHA512_STATE_WORDS	8
-
-typedef struct {
-	uint64_t state[SHA512_STATE_WORDS];
-	uint64_t nblocks;
-	uint8_t block[SHA512_BLOCK_SIZE];
-	int num;
-} SHA512_CTX;
-
-void sha512_init(SHA512_CTX *ctx);
-void sha512_update(SHA512_CTX *ctx, const uint8_t* data, size_t datalen);
-void sha512_finish(SHA512_CTX *ctx, uint8_t dgst[SHA512_DIGEST_SIZE]);
-void sha512_digest(const uint8_t *data, size_t datalen,
-	uint8_t dgst[SHA512_DIGEST_SIZE]);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_SHA2_H
+#define GMSSL_SHA2_H
+
+#include <string.h>
+#include <stdint.h>
+#include <sys/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define SHA2_IS_BIG_ENDIAN	1
+
+
+#define SHA224_DIGEST_SIZE	28
+#define SHA224_BLOCK_SIZE	64
+#define SHA224_STATE_WORDS	8
+
+typedef struct {
+	uint32_t state[SHA224_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA224_BLOCK_SIZE];
+	int num;
+} SHA224_CTX;
+
+void sha224_init(SHA224_CTX *ctx);
+void sha224_update(SHA224_CTX *ctx, const uint8_t* data, size_t datalen);
+void sha224_finish(SHA224_CTX *ctx, uint8_t dgst[SHA224_DIGEST_SIZE]);
+void sha224_digest(const uint8_t *data, size_t datalen,
+	uint8_t dgst[SHA224_DIGEST_SIZE]);
+
+
+#define SHA256_DIGEST_SIZE	32
+#define SHA256_BLOCK_SIZE	64
+#define SHA256_STATE_WORDS	8
+
+typedef struct {
+	uint32_t state[SHA256_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA256_BLOCK_SIZE];
+	int num;
+} SHA256_CTX;
+
+void sha256_init(SHA256_CTX *ctx);
+void sha256_update(SHA256_CTX *ctx, const uint8_t* data, size_t datalen);
+void sha256_finish(SHA256_CTX *ctx, uint8_t dgst[SHA256_DIGEST_SIZE]);
+void sha256_digest(const uint8_t *data, size_t datalen,
+	uint8_t dgst[SHA256_DIGEST_SIZE]);
+
+
+#define SHA384_DIGEST_SIZE	48
+#define SHA384_BLOCK_SIZE	128
+#define SHA384_STATE_WORDS	8
+
+typedef struct {
+	uint64_t state[SHA384_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA384_BLOCK_SIZE];
+	int num;
+} SHA384_CTX;
+
+void sha384_init(SHA384_CTX *ctx);
+void sha384_update(SHA384_CTX *ctx, const uint8_t* data, size_t datalen);
+void sha384_finish(SHA384_CTX *ctx, uint8_t dgst[SHA384_DIGEST_SIZE]);
+void sha384_digest(const uint8_t *data, size_t datalen,
+	uint8_t dgst[SHA384_DIGEST_SIZE]);
+
+
+#define SHA512_DIGEST_SIZE	64
+#define SHA512_BLOCK_SIZE	128
+#define SHA512_STATE_WORDS	8
+
+typedef struct {
+	uint64_t state[SHA512_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA512_BLOCK_SIZE];
+	int num;
+} SHA512_CTX;
+
+void sha512_init(SHA512_CTX *ctx);
+void sha512_update(SHA512_CTX *ctx, const uint8_t* data, size_t datalen);
+void sha512_finish(SHA512_CTX *ctx, uint8_t dgst[SHA512_DIGEST_SIZE]);
+void sha512_digest(const uint8_t *data, size_t datalen,
+	uint8_t dgst[SHA512_DIGEST_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/sha3.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,87 +7,86 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_SHA3_H
-#define GMSSL_SHA3_H
-
-
-#include <string.h>
-#include <stdint.h>
-#include <sys/types.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#define SHA3_KECCAK_P_SIZE (1600/8)
-
-#define SHA3_224_DIGEST_SIZE (224/8)
-#define SHA3_256_DIGEST_SIZE (256/8)
-#define SHA3_384_DIGEST_SIZE (384/8)
-#define SHA3_512_DIGEST_SIZE (512/8)
-
-#define SHA3_224_CAPACITY (SHA3_224_DIGEST_SIZE * 2)
-#define SHA3_256_CAPACITY (SHA3_256_DIGEST_SIZE * 2)
-#define SHA3_384_CAPACITY (SHA3_384_DIGEST_SIZE * 2)
-#define SHA3_512_CAPACITY (SHA3_512_DIGEST_SIZE * 2)
-
-#define SHA3_224_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 144
-#define SHA3_256_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 136
-#define SHA3_384_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 104
-#define SHA3_512_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 72
-
-
-typedef struct {
-	uint64_t A[5][5];
-	uint8_t buf[SHA3_224_BLOCK_SIZE];
-	int num;
-} SHA3_224_CTX;
-
-void sha3_224_init(SHA3_224_CTX *ctx);
-void sha3_224_update(SHA3_224_CTX *ctx, const uint8_t *data, size_t datalen);
-void sha3_224_finish(SHA3_224_CTX *ctx, uint8_t dgst[SHA3_224_DIGEST_SIZE]);
-
-typedef struct {
-	uint64_t A[5][5];
-	uint8_t buf[SHA3_256_BLOCK_SIZE];
-	int num;
-} SHA3_256_CTX;
-
-void sha3_256_init(SHA3_256_CTX *ctx);
-void sha3_256_update(SHA3_256_CTX *ctx, const uint8_t *data, size_t datalen);
-void sha3_256_finish(SHA3_256_CTX *ctx, uint8_t dgst[SHA3_256_DIGEST_SIZE]);
-
-typedef struct {
-	uint64_t A[5][5];
-	uint8_t buf[SHA3_384_BLOCK_SIZE];
-	int num;
-} SHA3_384_CTX;
-
-void sha3_384_init(SHA3_384_CTX *ctx);
-void sha3_384_update(SHA3_384_CTX *ctx, const uint8_t *data, size_t datalen);
-void sha3_384_finish(SHA3_384_CTX *ctx, uint8_t dgst[SHA3_384_DIGEST_SIZE]);
-
-typedef struct {
-	uint64_t A[5][5];
-	uint8_t buf[SHA3_512_BLOCK_SIZE];
-	int num;
-} SHA3_512_CTX;
-
-void sha3_512_init(SHA3_512_CTX *ctx);
-void sha3_512_update(SHA3_512_CTX *ctx, const uint8_t *data, size_t datalen);
-void sha3_512_finish(SHA3_512_CTX *ctx, uint8_t dgst[SHA3_512_DIGEST_SIZE]);
-
-void sha3_shake128(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out);
-void sha3_shake256(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out);
-void sha3_keccak_p(uint8_t state[SHA3_KECCAK_P_SIZE]);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_SHA3_H
+#define GMSSL_SHA3_H
+
+
+#include <string.h>
+#include <stdint.h>
+#include <sys/types.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define SHA3_KECCAK_P_SIZE (1600/8)
+
+#define SHA3_224_DIGEST_SIZE (224/8)
+#define SHA3_256_DIGEST_SIZE (256/8)
+#define SHA3_384_DIGEST_SIZE (384/8)
+#define SHA3_512_DIGEST_SIZE (512/8)
+
+#define SHA3_224_CAPACITY (SHA3_224_DIGEST_SIZE * 2)
+#define SHA3_256_CAPACITY (SHA3_256_DIGEST_SIZE * 2)
+#define SHA3_384_CAPACITY (SHA3_384_DIGEST_SIZE * 2)
+#define SHA3_512_CAPACITY (SHA3_512_DIGEST_SIZE * 2)
+
+#define SHA3_224_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 144
+#define SHA3_256_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 136
+#define SHA3_384_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 104
+#define SHA3_512_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 72
+
+
+typedef struct {
+	uint64_t A[5][5];
+	uint8_t buf[SHA3_224_BLOCK_SIZE];
+	int num;
+} SHA3_224_CTX;
+
+void sha3_224_init(SHA3_224_CTX *ctx);
+void sha3_224_update(SHA3_224_CTX *ctx, const uint8_t *data, size_t datalen);
+void sha3_224_finish(SHA3_224_CTX *ctx, uint8_t dgst[SHA3_224_DIGEST_SIZE]);
+
+typedef struct {
+	uint64_t A[5][5];
+	uint8_t buf[SHA3_256_BLOCK_SIZE];
+	int num;
+} SHA3_256_CTX;
+
+void sha3_256_init(SHA3_256_CTX *ctx);
+void sha3_256_update(SHA3_256_CTX *ctx, const uint8_t *data, size_t datalen);
+void sha3_256_finish(SHA3_256_CTX *ctx, uint8_t dgst[SHA3_256_DIGEST_SIZE]);
+
+typedef struct {
+	uint64_t A[5][5];
+	uint8_t buf[SHA3_384_BLOCK_SIZE];
+	int num;
+} SHA3_384_CTX;
+
+void sha3_384_init(SHA3_384_CTX *ctx);
+void sha3_384_update(SHA3_384_CTX *ctx, const uint8_t *data, size_t datalen);
+void sha3_384_finish(SHA3_384_CTX *ctx, uint8_t dgst[SHA3_384_DIGEST_SIZE]);
+
+typedef struct {
+	uint64_t A[5][5];
+	uint8_t buf[SHA3_512_BLOCK_SIZE];
+	int num;
+} SHA3_512_CTX;
+
+void sha3_512_init(SHA3_512_CTX *ctx);
+void sha3_512_update(SHA3_512_CTX *ctx, const uint8_t *data, size_t datalen);
+void sha3_512_finish(SHA3_512_CTX *ctx, uint8_t dgst[SHA3_512_DIGEST_SIZE]);
+
+void sha3_shake128(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out);
+void sha3_shake256(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out);
+void sha3_keccak_p(uint8_t state[SHA3_KECCAK_P_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/skf.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,111 +7,110 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_SKF_H
-#define GMSSL_SKF_H
-
-
-#include <string.h>
-#include <stdint.h>
-#include <gmssl/sm2.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
-SKF Public API
-
-	skf_load_library
-	skf_unload_library
-	skf_list_devices
-	skf_print_device_info
-
-	SKF_DEVICE
-	skf_open_device
-	skf_close_deivce
-	skf_set_label
-	skf_change_authkey
-	skf_list_apps
-	skf_create_app
-	skf_delete_app
-	skf_change_app_admin_pin
-	skf_change_app_user_pin
-	skf_unblock_user_pin
-	skf_list_objects
-	skf_import_object
-	skf_export_object
-	skf_delete_object
-	skf_list_containers
-	skf_create_container
-	skf_delete_container
-	skf_import_sign_cert
-	skf_export_sign_cert
-	skf_rand_bytes
-	skf_load_sign_key
-
-	SKF_KEY
-	skf_sign
-	skf_release_key
-*/
-
-typedef struct {
-	void *handle;
-	char manufacturer[65];
-	char issuer[65];
-	char label[33];
-	char serial[33];
-	uint8_t hardware_version[2];
-	uint8_t firmware_version[2];
-} SKF_DEVICE;
-
-typedef struct {
-	SM2_KEY public_key;
-	void *app_handle;
-	char app_name[65];
-	void *container_handle;
-	char container_name[65];
-} SKF_KEY;
-
-int skf_load_library(const char *so_path, const char *vendor);
-void skf_unload_library(void);
-
-int skf_list_devices(FILE *fp, int fmt, int ind, const char *label);
-int skf_print_device_info(FILE *fp, int fmt, int ind, const char *devname);
-int skf_open_device(SKF_DEVICE *dev, const char *devname, const uint8_t authkey[16]);
-int skf_set_label(SKF_DEVICE *dev, const char *label);
-int skf_change_authkey(SKF_DEVICE *dev, const uint8_t authkey[16]);
-int skf_close_device(SKF_DEVICE *dev);
-
-int skf_list_apps(SKF_DEVICE *dev, int fmt, int ind, const char *label, FILE *fp);
-int skf_create_app(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *user_pin);
-int skf_delete_app(SKF_DEVICE *dev, const char *appname);
-int skf_change_app_admin_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin);
-int skf_change_app_user_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin);
-int skf_unblock_user_pin(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *new_user_pin);
-
-int skf_list_objects(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin);
-int skf_import_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, const uint8_t *data, size_t datalen);
-int skf_export_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, uint8_t *out, size_t *outlen);
-int skf_delete_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname);
-
-int skf_list_containers(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin);
-int skf_create_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name);
-int skf_delete_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name);
-int skf_import_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, const uint8_t *cert, size_t certlen);
-int skf_export_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, uint8_t *cert, size_t *certlen);
-
-int skf_rand_bytes(SKF_DEVICE *dev, uint8_t *buf, size_t len);
-int skf_load_sign_key(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, SKF_KEY *key);
-int skf_sign(SKF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
-int skf_release_key(SKF_KEY *key);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_SKF_H
+#define GMSSL_SKF_H
+
+
+#include <string.h>
+#include <stdint.h>
+#include <gmssl/sm2.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+SKF Public API
+
+	skf_load_library
+	skf_unload_library
+	skf_list_devices
+	skf_print_device_info
+
+	SKF_DEVICE
+	skf_open_device
+	skf_close_deivce
+	skf_set_label
+	skf_change_authkey
+	skf_list_apps
+	skf_create_app
+	skf_delete_app
+	skf_change_app_admin_pin
+	skf_change_app_user_pin
+	skf_unblock_user_pin
+	skf_list_objects
+	skf_import_object
+	skf_export_object
+	skf_delete_object
+	skf_list_containers
+	skf_create_container
+	skf_delete_container
+	skf_import_sign_cert
+	skf_export_sign_cert
+	skf_rand_bytes
+	skf_load_sign_key
+
+	SKF_KEY
+	skf_sign
+	skf_release_key
+*/
+
+typedef struct {
+	void *handle;
+	char manufacturer[65];
+	char issuer[65];
+	char label[33];
+	char serial[33];
+	uint8_t hardware_version[2];
+	uint8_t firmware_version[2];
+} SKF_DEVICE;
+
+typedef struct {
+	SM2_KEY public_key;
+	void *app_handle;
+	char app_name[65];
+	void *container_handle;
+	char container_name[65];
+} SKF_KEY;
+
+int skf_load_library(const char *so_path, const char *vendor);
+void skf_unload_library(void);
+
+int skf_list_devices(FILE *fp, int fmt, int ind, const char *label);
+int skf_print_device_info(FILE *fp, int fmt, int ind, const char *devname);
+int skf_open_device(SKF_DEVICE *dev, const char *devname, const uint8_t authkey[16]);
+int skf_set_label(SKF_DEVICE *dev, const char *label);
+int skf_change_authkey(SKF_DEVICE *dev, const uint8_t authkey[16]);
+int skf_close_device(SKF_DEVICE *dev);
+
+int skf_list_apps(SKF_DEVICE *dev, int fmt, int ind, const char *label, FILE *fp);
+int skf_create_app(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *user_pin);
+int skf_delete_app(SKF_DEVICE *dev, const char *appname);
+int skf_change_app_admin_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin);
+int skf_change_app_user_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin);
+int skf_unblock_user_pin(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *new_user_pin);
+
+int skf_list_objects(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin);
+int skf_import_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, const uint8_t *data, size_t datalen);
+int skf_export_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, uint8_t *out, size_t *outlen);
+int skf_delete_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname);
+
+int skf_list_containers(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin);
+int skf_create_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name);
+int skf_delete_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name);
+int skf_import_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, const uint8_t *cert, size_t certlen);
+int skf_export_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, uint8_t *cert, size_t *certlen);
+
+int skf_rand_bytes(SKF_DEVICE *dev, uint8_t *buf, size_t len);
+int skf_load_sign_key(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, SKF_KEY *key);
+int skf_sign(SKF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
+int skf_release_key(SKF_KEY *key);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/sm2.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,369 +7,368 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_SM2_H
-#define GMSSL_SM2_H
-
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm3.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
-SM2 Public API
-
-	SM2_DEFAULT_ID
-	SM2_MAX_ID_LENGTH
-	SM2_MAX_SIGNATURE_SIZE
-	SM2_MAX_PLAINTEXT_SIZE
-	SM2_MAX_CIPHERTEXT_SIZE
-
-	SM2_KEY
-	sm2_key_generate
-	sm2_private_key_info_encrypt_to_der
-	sm2_private_key_info_decrypt_from_der
-	sm2_private_key_info_encrypt_to_pem
-	sm2_private_key_info_decrypt_from_pem
-	sm2_public_key_info_to_der
-	sm2_public_key_info_from_der
-	sm2_public_key_info_to_pem
-	sm2_public_key_info_from_pem
-
-	sm2_sign
-	sm2_verify
-	sm2_encrypt
-	sm2_decrypt
-	sm2_ecdh
-
-	SM2_SIGN_CTX
-	sm2_sign_init
-	sm2_sign_update
-	sm2_sign_finish
-	sm2_verify_init
-	sm2_verify_update
-	sm2_verify_finish
-*/
-
-typedef uint64_t SM2_BN[8];
-
-int sm2_bn_is_zero(const SM2_BN a);
-int sm2_bn_is_one(const SM2_BN a);
-int sm2_bn_is_odd(const SM2_BN a);
-int sm2_bn_cmp(const SM2_BN a, const SM2_BN b);
-int sm2_bn_from_hex(SM2_BN r, const char hex[64]);
-int sm2_bn_from_asn1_integer(SM2_BN r, const uint8_t *d, size_t dlen);
-int sm2_bn_equ_hex(const SM2_BN a, const char *hex);
-int sm2_bn_print(FILE *fp, int fmt, int ind, const char *label, const SM2_BN a);
-
-void sm2_bn_to_bytes(const SM2_BN a, uint8_t out[32]);
-void sm2_bn_from_bytes(SM2_BN r, const uint8_t in[32]);
-void sm2_bn_to_hex(const SM2_BN a, char hex[64]);
-void sm2_bn_to_bits(const SM2_BN a, char bits[256]);
-void sm2_bn_set_word(SM2_BN r, uint32_t a);
-void sm2_bn_add(SM2_BN r, const SM2_BN a, const SM2_BN b);
-void sm2_bn_sub(SM2_BN ret, const SM2_BN a, const SM2_BN b);
-void sm2_bn_rand_range(SM2_BN r, const SM2_BN range); // 这个函数需要修改一下，从外部引入随机数
-
-#define sm2_bn_init(r) memset((r),0,sizeof(SM2_BN))
-#define sm2_bn_set_zero(r) memset((r),0,sizeof(SM2_BN))
-#define sm2_bn_set_one(r) sm2_bn_set_word((r),1)
-#define sm2_bn_copy(r,a) memcpy((r),(a),sizeof(SM2_BN))
-#define sm2_bn_clean(r) memset((r),0,sizeof(SM2_BN))
-
-
-// GF(p)
-typedef SM2_BN SM2_Fp;
-
-void sm2_fp_add(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
-void sm2_fp_sub(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
-void sm2_fp_mul(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
-void sm2_fp_exp(SM2_Fp r, const SM2_Fp a, const SM2_Fp e);
-void sm2_fp_dbl(SM2_Fp r, const SM2_Fp a);
-void sm2_fp_tri(SM2_Fp r, const SM2_Fp a);
-void sm2_fp_div2(SM2_Fp r, const SM2_Fp a);
-void sm2_fp_neg(SM2_Fp r, const SM2_Fp a);
-void sm2_fp_sqr(SM2_Fp r, const SM2_Fp a);
-void sm2_fp_inv(SM2_Fp r, const SM2_Fp a);
-void sm2_fp_rand(SM2_Fp r); // 外部提供随机性，如果满足条件就输出，如果不满足条件就哈希一下再输出
-
-#define sm2_fp_init(r)		sm2_bn_init(r)
-#define sm2_fp_set_zero(r)	sm2_bn_set_zero(r)
-#define sm2_fp_set_one(r)	sm2_bn_set_one(r)
-#define sm2_fp_copy(r,a)	sm2_bn_copy(r,a)
-#define sm2_fp_clean(r)		sm2_bn_clean(r)
-
-// GF(n)
-typedef SM2_BN SM2_Fn;
-
-void sm2_fn_add(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
-void sm2_fn_sub(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
-void sm2_fn_mul(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
-void sm2_fn_exp(SM2_Fn r, const SM2_Fn a, const SM2_Fn e);
-void sm2_fn_neg(SM2_Fn r, const SM2_Fn a);
-void sm2_fn_sqr(SM2_Fn r, const SM2_Fn a);
-void sm2_fn_inv(SM2_Fn r, const SM2_Fn a);
-void sm2_fn_rand(SM2_Fn r);
-
-#define sm2_fn_init(r)		sm2_bn_init(r)
-#define sm2_fn_set_zero(r)	sm2_bn_set_zero(r)
-#define sm2_fn_set_one(r)	sm2_bn_set_one(r)
-#define sm2_fn_copy(r,a)	sm2_bn_copy(r,a)
-#define sm2_fn_clean(r)		sm2_bn_clean(r)
-
-
-typedef struct {
-	SM2_BN X;
-	SM2_BN Y;
-	SM2_BN Z;
-} SM2_JACOBIAN_POINT;
-
-void sm2_jacobian_point_init(SM2_JACOBIAN_POINT *R);
-void sm2_jacobian_point_set_xy(SM2_JACOBIAN_POINT *R, const SM2_BN x, const SM2_BN y); // 应该返回错误
-void sm2_jacobian_point_get_xy(const SM2_JACOBIAN_POINT *P, SM2_BN x, SM2_BN y);
-void sm2_jacobian_point_neg(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P);
-void sm2_jacobian_point_dbl(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P);
-void sm2_jacobian_point_add(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q);
-void sm2_jacobian_point_sub(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q);
-void sm2_jacobian_point_mul(SM2_JACOBIAN_POINT *R, const SM2_BN k, const SM2_JACOBIAN_POINT *P);
-void sm2_jacobian_point_to_bytes(const SM2_JACOBIAN_POINT *P, uint8_t out[64]);
-void sm2_jacobian_point_from_bytes(SM2_JACOBIAN_POINT *P, const uint8_t in[64]);
-void sm2_jacobian_point_mul_generator(SM2_JACOBIAN_POINT *R, const SM2_BN k);
-void sm2_jacobian_point_mul_sum(SM2_JACOBIAN_POINT *R, const SM2_BN t, const SM2_JACOBIAN_POINT *P, const SM2_BN s); // 应该返回错误
-void sm2_jacobian_point_from_hex(SM2_JACOBIAN_POINT *P, const char hex[64 * 2]); // 应该返回错误
-
-int sm2_jacobian_point_is_at_infinity(const SM2_JACOBIAN_POINT *P);
-int sm2_jacobian_point_is_on_curve(const SM2_JACOBIAN_POINT *P);
-int sm2_jacobian_point_equ_hex(const SM2_JACOBIAN_POINT *P, const char hex[128]);
-int sm2_jacobian_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_JACOBIAN_POINT *P);
-
-#define sm2_jacobian_point_set_infinity(R) sm2_jacobian_point_init(R)
-#define sm2_jacobian_point_copy(R, P) memcpy((R), (P), sizeof(SM2_JACOBIAN_POINT))
-
-
-
-/*
-SM2 Public API
-
-SM2接口有两个层次，基本的和ASN.1/PKI的
-基本的接口不依赖ASN.1编码，可以直接将结构体的内存输出(endian一致即可)
-基本的接口也不进行输入的格式检查，调用方应保证输入不为空
-*/
-
-
-// 这里应该用#define 给出常量的值
-extern const SM2_BN SM2_P;
-//extern const SM2_BN SM2_A;
-extern const SM2_BN SM2_B;
-extern const SM2_BN SM2_N;
-extern const SM2_BN SM2_ONE;
-extern const SM2_BN SM2_TWO;
-extern const SM2_BN SM2_THREE;
-extern const SM2_BN SM2_U_PLUS_ONE;
-extern const SM2_JACOBIAN_POINT *SM2_G; // 应该同时给出Affine的
-
-
-typedef struct {
-	uint8_t x[32];
-	uint8_t y[32];
-} SM2_POINT;
-
-void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33]);
-void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65]);
-int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen);
-
-
-int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y);
-int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32]);
-int sm2_point_is_on_curve(const SM2_POINT *P);
-int sm2_point_mul(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P);
-int sm2_point_mul_generator(SM2_POINT *R, const uint8_t k[32]);
-int sm2_point_mul_sum(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P, const uint8_t s[32]); // R = k * P + s * G
-
-/*
-RFC 5480 Elliptic Curve Cryptography Subject Public Key Information
-ECPoint ::= OCTET STRING
-*/
-#define SM2_POINT_MAX_SIZE (2 + 65)
-int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen);
-int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen);
-int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POINT *P);
-
-
-typedef struct {
-	SM2_POINT public_key;
-	uint8_t private_key[32];
-} SM2_KEY;
-
-
-int sm2_key_generate(SM2_KEY *key);
-int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // 自动生成公钥
-int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // 自动清空私钥，不要和set_private_key同时用
-int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key);
-
-int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key);
-//int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key); // 这个函数的逻辑不清楚
-int sm2_public_key_digest(const SM2_KEY *key, uint8_t dgst[32]);
-int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key); // 和private_key_print参数不一致
-
-/*
-from RFC 5915
-
-ECPrivateKey ::= SEQUENCE {
-	version		INTEGER,	-- value MUST be (1)
-	privateKey	OCTET STRING,	-- big endian encoding of integer 这里不是以INTEGER编码的，因此长度固定
-	parameters	[0] EXPLICIT ECParameters OPTIONAL,
-					-- ONLY namedCurve OID is permitted, by RFC 5480
-					-- MUST always include this field, by RFC 5915
-	publicKey	[1] EXPLICIT BIT STRING OPTIONAL -- compressed_point
-					-- SHOULD always include this field, by RFC 5915 }
-
-ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER }
-*/
-#define SM2_PRIVATE_KEY_DEFAULT_SIZE 120 // generated
-#define SM2_PRIVATE_KEY_BUF_SIZE 512 // MUST >= SM2_PRIVATE_KEY_DEFAULT_SIZE
-
-int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
-int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen);
-int sm2_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-//int sm2_private_key_to_pem(const SM2_KEY *key, FILE *fp);
-//int sm2_private_key_from_pem(SM2_KEY *key, FILE *fp);
-
-/*
-AlgorithmIdentifier ::= {
-	algorithm	OBJECT IDENTIFIER { id-ecPublicKey },
-	parameters	OBJECT IDENTIFIER { id-sm2 } }
-*/
-int sm2_public_key_algor_to_der(uint8_t **out, size_t *outlen);
-int sm2_public_key_algor_from_der(const uint8_t **in, size_t *inlen);
-
-/*
-X.509 SubjectPublicKeyInfo from RFC 5280
-
-SubjectPublicKeyInfo  ::=  SEQUENCE  {
-	algorithm            AlgorithmIdentifier,
-	subjectPublicKey     BIT STRING  -- uncompressed octets of ECPoint }
-*/
-int sm2_public_key_info_to_der(const SM2_KEY *a, uint8_t **out, size_t *outlen);
-int sm2_public_key_info_from_der(SM2_KEY *a, const uint8_t **in, size_t *inlen);
-int sm2_public_key_info_to_pem(const SM2_KEY *a, FILE *fp);
-int sm2_public_key_info_from_pem(SM2_KEY *a, FILE *fp);
-
-/*
-PKCS #8 PrivateKeyInfo from RFC 5208
-
-PrivateKeyInfo ::= SEQUENCE {
-	version			Version { v1(0) },
-	privateKeyAlgorithm	AlgorithmIdentifier,
-	privateKey		OCTET STRING, -- DER-encoding of ECPrivateKey
-	attributes		[0] IMPLICIT SET OF Attribute OPTIONAL }
-*/
-enum {
-	PKCS8_private_key_info_version = 0,
-};
-
-int sm2_private_key_info_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
-int sm2_private_key_info_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, const uint8_t **in, size_t *inlen);
-int sm2_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-//int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp);
-//int sm2_private_key_info_from_pem(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, FILE *fp);
-
-/*
-EncryptedPrivateKeyInfo ::= SEQUENCE {
-	encryptionAlgorithm	EncryptionAlgorithmIdentifier, -- id-PBES2
-	encryptedData		OCTET STRING }
-*/
-int sm2_private_key_info_encrypt_to_der(const SM2_KEY *key,
-	const char *pass, uint8_t **out, size_t *outlen);
-int sm2_private_key_info_decrypt_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrs_len,
-	const char *pass, const uint8_t **in, size_t *inlen);
-int sm2_private_key_info_encrypt_to_pem(const SM2_KEY *key, const char *pass, FILE *fp);
-int sm2_private_key_info_decrypt_from_pem(SM2_KEY *key, const char *pass, FILE *fp);
-
-
-typedef struct {
-	uint8_t r[32];
-	uint8_t s[32];
-} SM2_SIGNATURE;
-
-int sm2_do_sign_ex(const SM2_KEY *key, int flags, const uint8_t dgst[32], SM2_SIGNATURE *sig);
-int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig);
-int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig);
-
-#define SM2_MIN_SIGNATURE_SIZE 8
-#define SM2_MAX_SIGNATURE_SIZE 72
-int sm2_signature_to_der(const SM2_SIGNATURE *sig, uint8_t **out, size_t *outlen);
-int sm2_signature_from_der(SM2_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
-int sm2_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
-int sm2_sign_ex(const SM2_KEY *key, int flags, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
-int sm2_sign(const SM2_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
-int sm2_verify(const SM2_KEY *key, const uint8_t dgst[32], const uint8_t *sig, size_t siglen);
-
-
-#define SM2_DEFAULT_ID		"1234567812345678"
-#define SM2_DEFAULT_ID_LENGTH	(sizeof(SM2_DEFAULT_ID) - 1)  // LENGTH for string and SIZE for bytes
-#define SM2_DEFAULT_ID_BITS	(SM2_DEFAULT_ID_LENGTH * 8)
-#define SM2_MAX_ID_BITS		65535
-#define SM2_MAX_ID_LENGTH	(SM2_MAX_ID_BITS/8)
-
-int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen);
-
-
-typedef struct {
-	SM3_CTX sm3_ctx;
-	SM2_KEY key;
-} SM2_SIGN_CTX;
-
-int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
-int sm2_sign_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
-int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
-
-int sm2_verify_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
-int sm2_verify_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
-int sm2_verify_finish(SM2_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen);
-
-/*
-SM2Cipher ::= SEQUENCE {
-	XCoordinate	INTEGER,
-	YCoordinate	INTEGER,
-	HASH		OCTET STRING SIZE(32),
-	CipherText	OCTET STRING }
-*/
-#define SM2_MIN_PLAINTEXT_SIZE	1 // re-compute SM2_MIN_CIPHERTEXT_SIZE when modify
-#define SM2_MAX_PLAINTEXT_SIZE	255 // re-compute SM2_MAX_CIPHERTEXT_SIZE when modify
-
-typedef struct {
-	SM2_POINT point;
-	uint8_t hash[32];
-	uint8_t ciphertext_size;
-	uint8_t ciphertext[SM2_MAX_PLAINTEXT_SIZE];
-} SM2_CIPHERTEXT;
-
-int sm2_do_encrypt_ex(const SM2_KEY *key, int flags, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
-int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
-int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, size_t *outlen);
-
-#define SM2_MIN_CIPHERTEXT_SIZE	45 // dependes on SM2_MIN_PLAINTEXT_SIZE
-#define SM2_MAX_CIPHERTEXT_SIZE	366 // depends on SM2_MAX_PLAINTEXT_SIZE
-int sm2_ciphertext_to_der(const SM2_CIPHERTEXT *c, uint8_t **out, size_t *outlen);
-int sm2_ciphertext_from_der(SM2_CIPHERTEXT *c, const uint8_t **in, size_t *inlen);
-int sm2_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
-int sm2_encrypt_ex(const SM2_KEY *key, int flags, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm2_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-
-
-int sm2_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_SM2_H
+#define GMSSL_SM2_H
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm3.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+SM2 Public API
+
+	SM2_DEFAULT_ID
+	SM2_MAX_ID_LENGTH
+	SM2_MAX_SIGNATURE_SIZE
+	SM2_MAX_PLAINTEXT_SIZE
+	SM2_MAX_CIPHERTEXT_SIZE
+
+	SM2_KEY
+	sm2_key_generate
+	sm2_private_key_info_encrypt_to_der
+	sm2_private_key_info_decrypt_from_der
+	sm2_private_key_info_encrypt_to_pem
+	sm2_private_key_info_decrypt_from_pem
+	sm2_public_key_info_to_der
+	sm2_public_key_info_from_der
+	sm2_public_key_info_to_pem
+	sm2_public_key_info_from_pem
+
+	sm2_sign
+	sm2_verify
+	sm2_encrypt
+	sm2_decrypt
+	sm2_ecdh
+
+	SM2_SIGN_CTX
+	sm2_sign_init
+	sm2_sign_update
+	sm2_sign_finish
+	sm2_verify_init
+	sm2_verify_update
+	sm2_verify_finish
+*/
+
+typedef uint64_t SM2_BN[8];
+
+int sm2_bn_is_zero(const SM2_BN a);
+int sm2_bn_is_one(const SM2_BN a);
+int sm2_bn_is_odd(const SM2_BN a);
+int sm2_bn_cmp(const SM2_BN a, const SM2_BN b);
+int sm2_bn_from_hex(SM2_BN r, const char hex[64]);
+int sm2_bn_from_asn1_integer(SM2_BN r, const uint8_t *d, size_t dlen);
+int sm2_bn_equ_hex(const SM2_BN a, const char *hex);
+int sm2_bn_print(FILE *fp, int fmt, int ind, const char *label, const SM2_BN a);
+
+void sm2_bn_to_bytes(const SM2_BN a, uint8_t out[32]);
+void sm2_bn_from_bytes(SM2_BN r, const uint8_t in[32]);
+void sm2_bn_to_hex(const SM2_BN a, char hex[64]);
+void sm2_bn_to_bits(const SM2_BN a, char bits[256]);
+void sm2_bn_set_word(SM2_BN r, uint32_t a);
+void sm2_bn_add(SM2_BN r, const SM2_BN a, const SM2_BN b);
+void sm2_bn_sub(SM2_BN ret, const SM2_BN a, const SM2_BN b);
+void sm2_bn_rand_range(SM2_BN r, const SM2_BN range); // 这个函数需要修改一下，从外部引入随机数
+
+#define sm2_bn_init(r) memset((r),0,sizeof(SM2_BN))
+#define sm2_bn_set_zero(r) memset((r),0,sizeof(SM2_BN))
+#define sm2_bn_set_one(r) sm2_bn_set_word((r),1)
+#define sm2_bn_copy(r,a) memcpy((r),(a),sizeof(SM2_BN))
+#define sm2_bn_clean(r) memset((r),0,sizeof(SM2_BN))
+
+
+// GF(p)
+typedef SM2_BN SM2_Fp;
+
+void sm2_fp_add(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
+void sm2_fp_sub(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
+void sm2_fp_mul(SM2_Fp r, const SM2_Fp a, const SM2_Fp b);
+void sm2_fp_exp(SM2_Fp r, const SM2_Fp a, const SM2_Fp e);
+void sm2_fp_dbl(SM2_Fp r, const SM2_Fp a);
+void sm2_fp_tri(SM2_Fp r, const SM2_Fp a);
+void sm2_fp_div2(SM2_Fp r, const SM2_Fp a);
+void sm2_fp_neg(SM2_Fp r, const SM2_Fp a);
+void sm2_fp_sqr(SM2_Fp r, const SM2_Fp a);
+void sm2_fp_inv(SM2_Fp r, const SM2_Fp a);
+void sm2_fp_rand(SM2_Fp r); // 外部提供随机性，如果满足条件就输出，如果不满足条件就哈希一下再输出
+
+#define sm2_fp_init(r)		sm2_bn_init(r)
+#define sm2_fp_set_zero(r)	sm2_bn_set_zero(r)
+#define sm2_fp_set_one(r)	sm2_bn_set_one(r)
+#define sm2_fp_copy(r,a)	sm2_bn_copy(r,a)
+#define sm2_fp_clean(r)		sm2_bn_clean(r)
+
+// GF(n)
+typedef SM2_BN SM2_Fn;
+
+void sm2_fn_add(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
+void sm2_fn_sub(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
+void sm2_fn_mul(SM2_Fn r, const SM2_Fn a, const SM2_Fn b);
+void sm2_fn_exp(SM2_Fn r, const SM2_Fn a, const SM2_Fn e);
+void sm2_fn_neg(SM2_Fn r, const SM2_Fn a);
+void sm2_fn_sqr(SM2_Fn r, const SM2_Fn a);
+void sm2_fn_inv(SM2_Fn r, const SM2_Fn a);
+void sm2_fn_rand(SM2_Fn r);
+
+#define sm2_fn_init(r)		sm2_bn_init(r)
+#define sm2_fn_set_zero(r)	sm2_bn_set_zero(r)
+#define sm2_fn_set_one(r)	sm2_bn_set_one(r)
+#define sm2_fn_copy(r,a)	sm2_bn_copy(r,a)
+#define sm2_fn_clean(r)		sm2_bn_clean(r)
+
+
+typedef struct {
+	SM2_BN X;
+	SM2_BN Y;
+	SM2_BN Z;
+} SM2_JACOBIAN_POINT;
+
+void sm2_jacobian_point_init(SM2_JACOBIAN_POINT *R);
+void sm2_jacobian_point_set_xy(SM2_JACOBIAN_POINT *R, const SM2_BN x, const SM2_BN y); // 应该返回错误
+void sm2_jacobian_point_get_xy(const SM2_JACOBIAN_POINT *P, SM2_BN x, SM2_BN y);
+void sm2_jacobian_point_neg(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P);
+void sm2_jacobian_point_dbl(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P);
+void sm2_jacobian_point_add(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q);
+void sm2_jacobian_point_sub(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q);
+void sm2_jacobian_point_mul(SM2_JACOBIAN_POINT *R, const SM2_BN k, const SM2_JACOBIAN_POINT *P);
+void sm2_jacobian_point_to_bytes(const SM2_JACOBIAN_POINT *P, uint8_t out[64]);
+void sm2_jacobian_point_from_bytes(SM2_JACOBIAN_POINT *P, const uint8_t in[64]);
+void sm2_jacobian_point_mul_generator(SM2_JACOBIAN_POINT *R, const SM2_BN k);
+void sm2_jacobian_point_mul_sum(SM2_JACOBIAN_POINT *R, const SM2_BN t, const SM2_JACOBIAN_POINT *P, const SM2_BN s); // 应该返回错误
+void sm2_jacobian_point_from_hex(SM2_JACOBIAN_POINT *P, const char hex[64 * 2]); // 应该返回错误
+
+int sm2_jacobian_point_is_at_infinity(const SM2_JACOBIAN_POINT *P);
+int sm2_jacobian_point_is_on_curve(const SM2_JACOBIAN_POINT *P);
+int sm2_jacobian_point_equ_hex(const SM2_JACOBIAN_POINT *P, const char hex[128]);
+int sm2_jacobian_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_JACOBIAN_POINT *P);
+
+#define sm2_jacobian_point_set_infinity(R) sm2_jacobian_point_init(R)
+#define sm2_jacobian_point_copy(R, P) memcpy((R), (P), sizeof(SM2_JACOBIAN_POINT))
+
+
+
+/*
+SM2 Public API
+
+SM2接口有两个层次，基本的和ASN.1/PKI的
+基本的接口不依赖ASN.1编码，可以直接将结构体的内存输出(endian一致即可)
+基本的接口也不进行输入的格式检查，调用方应保证输入不为空
+*/
+
+
+// 这里应该用#define 给出常量的值
+extern const SM2_BN SM2_P;
+//extern const SM2_BN SM2_A;
+extern const SM2_BN SM2_B;
+extern const SM2_BN SM2_N;
+extern const SM2_BN SM2_ONE;
+extern const SM2_BN SM2_TWO;
+extern const SM2_BN SM2_THREE;
+extern const SM2_BN SM2_U_PLUS_ONE;
+extern const SM2_JACOBIAN_POINT *SM2_G; // 应该同时给出Affine的
+
+
+typedef struct {
+	uint8_t x[32];
+	uint8_t y[32];
+} SM2_POINT;
+
+void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33]);
+void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65]);
+int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen);
+
+
+int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y);
+int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32]);
+int sm2_point_is_on_curve(const SM2_POINT *P);
+int sm2_point_mul(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P);
+int sm2_point_mul_generator(SM2_POINT *R, const uint8_t k[32]);
+int sm2_point_mul_sum(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P, const uint8_t s[32]); // R = k * P + s * G
+
+/*
+RFC 5480 Elliptic Curve Cryptography Subject Public Key Information
+ECPoint ::= OCTET STRING
+*/
+#define SM2_POINT_MAX_SIZE (2 + 65)
+int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen);
+int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen);
+int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POINT *P);
+
+
+typedef struct {
+	SM2_POINT public_key;
+	uint8_t private_key[32];
+} SM2_KEY;
+
+
+int sm2_key_generate(SM2_KEY *key);
+int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // 自动生成公钥
+int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // 自动清空私钥，不要和set_private_key同时用
+int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key);
+
+int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key);
+//int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key); // 这个函数的逻辑不清楚
+int sm2_public_key_digest(const SM2_KEY *key, uint8_t dgst[32]);
+int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key); // 和private_key_print参数不一致
+
+/*
+from RFC 5915
+
+ECPrivateKey ::= SEQUENCE {
+	version		INTEGER,	-- value MUST be (1)
+	privateKey	OCTET STRING,	-- big endian encoding of integer 这里不是以INTEGER编码的，因此长度固定
+	parameters	[0] EXPLICIT ECParameters OPTIONAL,
+					-- ONLY namedCurve OID is permitted, by RFC 5480
+					-- MUST always include this field, by RFC 5915
+	publicKey	[1] EXPLICIT BIT STRING OPTIONAL -- compressed_point
+					-- SHOULD always include this field, by RFC 5915 }
+
+ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER }
+*/
+#define SM2_PRIVATE_KEY_DEFAULT_SIZE 120 // generated
+#define SM2_PRIVATE_KEY_BUF_SIZE 512 // MUST >= SM2_PRIVATE_KEY_DEFAULT_SIZE
+
+int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
+int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen);
+int sm2_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+//int sm2_private_key_to_pem(const SM2_KEY *key, FILE *fp);
+//int sm2_private_key_from_pem(SM2_KEY *key, FILE *fp);
+
+/*
+AlgorithmIdentifier ::= {
+	algorithm	OBJECT IDENTIFIER { id-ecPublicKey },
+	parameters	OBJECT IDENTIFIER { id-sm2 } }
+*/
+int sm2_public_key_algor_to_der(uint8_t **out, size_t *outlen);
+int sm2_public_key_algor_from_der(const uint8_t **in, size_t *inlen);
+
+/*
+X.509 SubjectPublicKeyInfo from RFC 5280
+
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
+	algorithm            AlgorithmIdentifier,
+	subjectPublicKey     BIT STRING  -- uncompressed octets of ECPoint }
+*/
+int sm2_public_key_info_to_der(const SM2_KEY *a, uint8_t **out, size_t *outlen);
+int sm2_public_key_info_from_der(SM2_KEY *a, const uint8_t **in, size_t *inlen);
+int sm2_public_key_info_to_pem(const SM2_KEY *a, FILE *fp);
+int sm2_public_key_info_from_pem(SM2_KEY *a, FILE *fp);
+
+/*
+PKCS #8 PrivateKeyInfo from RFC 5208
+
+PrivateKeyInfo ::= SEQUENCE {
+	version			Version { v1(0) },
+	privateKeyAlgorithm	AlgorithmIdentifier,
+	privateKey		OCTET STRING, -- DER-encoding of ECPrivateKey
+	attributes		[0] IMPLICIT SET OF Attribute OPTIONAL }
+*/
+enum {
+	PKCS8_private_key_info_version = 0,
+};
+
+int sm2_private_key_info_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
+int sm2_private_key_info_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, const uint8_t **in, size_t *inlen);
+int sm2_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+//int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp);
+//int sm2_private_key_info_from_pem(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, FILE *fp);
+
+/*
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+	encryptionAlgorithm	EncryptionAlgorithmIdentifier, -- id-PBES2
+	encryptedData		OCTET STRING }
+*/
+int sm2_private_key_info_encrypt_to_der(const SM2_KEY *key,
+	const char *pass, uint8_t **out, size_t *outlen);
+int sm2_private_key_info_decrypt_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrs_len,
+	const char *pass, const uint8_t **in, size_t *inlen);
+int sm2_private_key_info_encrypt_to_pem(const SM2_KEY *key, const char *pass, FILE *fp);
+int sm2_private_key_info_decrypt_from_pem(SM2_KEY *key, const char *pass, FILE *fp);
+
+
+typedef struct {
+	uint8_t r[32];
+	uint8_t s[32];
+} SM2_SIGNATURE;
+
+int sm2_do_sign_ex(const SM2_KEY *key, int flags, const uint8_t dgst[32], SM2_SIGNATURE *sig);
+int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig);
+int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig);
+
+#define SM2_MIN_SIGNATURE_SIZE 8
+#define SM2_MAX_SIGNATURE_SIZE 72
+int sm2_signature_to_der(const SM2_SIGNATURE *sig, uint8_t **out, size_t *outlen);
+int sm2_signature_from_der(SM2_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
+int sm2_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
+int sm2_sign_ex(const SM2_KEY *key, int flags, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
+int sm2_sign(const SM2_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
+int sm2_verify(const SM2_KEY *key, const uint8_t dgst[32], const uint8_t *sig, size_t siglen);
+
+
+#define SM2_DEFAULT_ID		"1234567812345678"
+#define SM2_DEFAULT_ID_LENGTH	(sizeof(SM2_DEFAULT_ID) - 1)  // LENGTH for string and SIZE for bytes
+#define SM2_DEFAULT_ID_BITS	(SM2_DEFAULT_ID_LENGTH * 8)
+#define SM2_MAX_ID_BITS		65535
+#define SM2_MAX_ID_LENGTH	(SM2_MAX_ID_BITS/8)
+
+int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen);
+
+
+typedef struct {
+	SM3_CTX sm3_ctx;
+	SM2_KEY key;
+} SM2_SIGN_CTX;
+
+int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
+int sm2_sign_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
+int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
+
+int sm2_verify_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
+int sm2_verify_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
+int sm2_verify_finish(SM2_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen);
+
+/*
+SM2Cipher ::= SEQUENCE {
+	XCoordinate	INTEGER,
+	YCoordinate	INTEGER,
+	HASH		OCTET STRING SIZE(32),
+	CipherText	OCTET STRING }
+*/
+#define SM2_MIN_PLAINTEXT_SIZE	1 // re-compute SM2_MIN_CIPHERTEXT_SIZE when modify
+#define SM2_MAX_PLAINTEXT_SIZE	255 // re-compute SM2_MAX_CIPHERTEXT_SIZE when modify
+
+typedef struct {
+	SM2_POINT point;
+	uint8_t hash[32];
+	uint8_t ciphertext_size;
+	uint8_t ciphertext[SM2_MAX_PLAINTEXT_SIZE];
+} SM2_CIPHERTEXT;
+
+int sm2_do_encrypt_ex(const SM2_KEY *key, int flags, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
+int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
+int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, size_t *outlen);
+
+#define SM2_MIN_CIPHERTEXT_SIZE	45 // dependes on SM2_MIN_PLAINTEXT_SIZE
+#define SM2_MAX_CIPHERTEXT_SIZE	366 // depends on SM2_MAX_PLAINTEXT_SIZE
+int sm2_ciphertext_to_der(const SM2_CIPHERTEXT *c, uint8_t **out, size_t *outlen);
+int sm2_ciphertext_from_der(SM2_CIPHERTEXT *c, const uint8_t **in, size_t *inlen);
+int sm2_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
+int sm2_encrypt_ex(const SM2_KEY *key, int flags, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+int sm2_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+
+
+int sm2_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/sm3.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,83 +7,82 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_SM3_H
-#define GMSSL_SM3_H
-
-#include <string.h>
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-SM3 Public API
-
-	SM3_DIGEST_SIZE
-	SM3_HMAC_SIZE
-
-	SM3_CTX
-	sm3_init
-	sm3_update
-	sm3_finish
-
-	SM3_HMAC_CTX
-	sm3_hmac_init
-	sm3_hmac_update
-	sm3_hmac_finish
-
-	sm3_digest
-	sm3_hmac
-*/
-
-#define SM3_IS_BIG_ENDIAN	1
-
-#define SM3_DIGEST_SIZE		32
-#define SM3_BLOCK_SIZE		64
-#define SM3_STATE_WORDS		8
-#define SM3_HMAC_SIZE		(SM3_DIGEST_SIZE)
-
-
-typedef struct {
-	uint32_t digest[SM3_STATE_WORDS];
-	uint64_t nblocks;
-	uint8_t block[SM3_BLOCK_SIZE];
-	size_t num;
-} SM3_CTX;
-
-void sm3_init(SM3_CTX *ctx);
-void sm3_update(SM3_CTX *ctx, const uint8_t *data, size_t datalen);
-void sm3_finish(SM3_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]);
-void sm3_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SM3_DIGEST_SIZE]);
-
-
-typedef struct {
-	SM3_CTX sm3_ctx;
-	unsigned char key[SM3_BLOCK_SIZE];
-} SM3_HMAC_CTX;
-
-void sm3_hmac_init(SM3_HMAC_CTX *ctx, const uint8_t *key, size_t keylen);
-void sm3_hmac_update(SM3_HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
-void sm3_hmac_finish(SM3_HMAC_CTX *ctx, uint8_t mac[SM3_HMAC_SIZE]);
-void sm3_hmac(const uint8_t *key, size_t keylen,
-	const uint8_t *data, size_t datalen,
-	uint8_t mac[SM3_HMAC_SIZE]);
-
-
-typedef struct {
-	SM3_CTX sm3_ctx;
-	size_t outlen;
-} SM3_KDF_CTX;
-
-void sm3_kdf_init(SM3_KDF_CTX *ctx, size_t outlen);
-void sm3_kdf_update(SM3_KDF_CTX *ctx, const uint8_t *data, size_t datalen);
-void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_SM3_H
+#define GMSSL_SM3_H
+
+#include <string.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+SM3 Public API
+
+	SM3_DIGEST_SIZE
+	SM3_HMAC_SIZE
+
+	SM3_CTX
+	sm3_init
+	sm3_update
+	sm3_finish
+
+	SM3_HMAC_CTX
+	sm3_hmac_init
+	sm3_hmac_update
+	sm3_hmac_finish
+
+	sm3_digest
+	sm3_hmac
+*/
+
+#define SM3_IS_BIG_ENDIAN	1
+
+#define SM3_DIGEST_SIZE		32
+#define SM3_BLOCK_SIZE		64
+#define SM3_STATE_WORDS		8
+#define SM3_HMAC_SIZE		(SM3_DIGEST_SIZE)
+
+
+typedef struct {
+	uint32_t digest[SM3_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SM3_BLOCK_SIZE];
+	size_t num;
+} SM3_CTX;
+
+void sm3_init(SM3_CTX *ctx);
+void sm3_update(SM3_CTX *ctx, const uint8_t *data, size_t datalen);
+void sm3_finish(SM3_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]);
+void sm3_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SM3_DIGEST_SIZE]);
+
+
+typedef struct {
+	SM3_CTX sm3_ctx;
+	unsigned char key[SM3_BLOCK_SIZE];
+} SM3_HMAC_CTX;
+
+void sm3_hmac_init(SM3_HMAC_CTX *ctx, const uint8_t *key, size_t keylen);
+void sm3_hmac_update(SM3_HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
+void sm3_hmac_finish(SM3_HMAC_CTX *ctx, uint8_t mac[SM3_HMAC_SIZE]);
+void sm3_hmac(const uint8_t *key, size_t keylen,
+	const uint8_t *data, size_t datalen,
+	uint8_t mac[SM3_HMAC_SIZE]);
+
+
+typedef struct {
+	SM3_CTX sm3_ctx;
+	size_t outlen;
+} SM3_KDF_CTX;
+
+void sm3_kdf_init(SM3_KDF_CTX *ctx, size_t outlen);
+void sm3_kdf_update(SM3_KDF_CTX *ctx, const uint8_t *data, size_t datalen);
+void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/sm4.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,126 +7,125 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_SM4_H
-#define GMSSL_SM4_H
-
-#include <stdint.h>
-#include <string.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
-SM4 Public API
-
-	SM4_KEY_SIZE
-	SM4_BLOCK_SIZE
-
-	SM4_CBC_CTX
-	sm4_cbc_encrypt_init
-	sm4_cbc_encrypt_update
-	sm4_cbc_encrypt_finish
-	sm4_cbc_decrypt_init
-	sm4_cbc_decrypt_update
-	sm4_cbc_decrypt_finish
-
-	SM4_CTR_CTX
-	sm4_ctr_encrypt_init
-	sm4_ctr_encrypt_update
-	sm4_ctr_encrypt_finish
-	sm4_ctr_decrypt_init
-	sm4_ctr_decrypt_update
-	sm4_ctr_decrypt_finish
-*/
-
-#define SM4_KEY_SIZE		(16)
-#define SM4_BLOCK_SIZE		(16)
-#define SM4_NUM_ROUNDS		(32)
-
-
-typedef struct {
-	uint32_t rk[SM4_NUM_ROUNDS];
-} SM4_KEY;
-
-void sm4_set_encrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
-void sm4_set_decrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
-void sm4_encrypt(const SM4_KEY *key, const uint8_t in[SM4_BLOCK_SIZE], uint8_t out[SM4_BLOCK_SIZE]);
-#define sm4_decrypt(key,in,out) sm4_encrypt(key,in,out)
-
-
-void sm4_cbc_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
-	const uint8_t *in, size_t nblocks, uint8_t *out);
-void sm4_cbc_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
-	const uint8_t *in, size_t nblocks, uint8_t *out);
-int sm4_cbc_padding_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
-	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_cbc_padding_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
-	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-
-
-void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[SM4_BLOCK_SIZE],
-	const uint8_t *in, size_t inlen, uint8_t *out);
-#define sm4_ctr_decrypt(key,ctr,in,inlen,out) sm4_ctr_encrypt(key,ctr,in,inlen,out)
-
-
-#define SM4_GCM_IV_MIN_SIZE		1
-#define SM4_GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
-#define SM4_GCM_IV_DEFAULT_BITS		96
-#define SM4_GCM_IV_DEFAULT_SIZE		12
-
-#define SM4_GCM_MIN_AAD_SIZE		0
-#define SM4_GCM_MAX_AAD_SIZE		((uint64_t)(1 << (64-3)))
-
-#define SM4_GCM_MIN_PLAINTEXT_SIZE	0
-#define SM4_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
-
-#define SM4_GCM_MAX_TAG_SIZE		16
-
-int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
-	uint8_t *out, size_t taglen, uint8_t *tag);
-int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
-	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
-	const uint8_t *tag, size_t taglen, uint8_t *out);
-
-
-typedef struct {
-	SM4_KEY sm4_key;
-	uint8_t iv[SM4_BLOCK_SIZE];
-	uint8_t block[SM4_BLOCK_SIZE];
-	size_t block_nbytes;
-} SM4_CBC_CTX;
-
-int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
-int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
-
-int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
-int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
-
-
-typedef struct {
-	SM4_KEY sm4_key;
-	uint8_t ctr[SM4_BLOCK_SIZE];
-	uint8_t block[SM4_BLOCK_SIZE];
-	size_t block_nbytes;
-} SM4_CTR_CTX;
-
-int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
-int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen);
-
-#define sm4_ctr_decrypt_init(ctx,key,ctr) sm4_ctr_encrypt_init(ctx,key,ctr)
-#define sm4_ctr_decrypt_update(ctx,in,inlen,out,outlen) sm4_ctr_encrypt_update(ctx,in,inlen,out,outlen)
-#define sm4_ctr_decrypt_finish(ctx,out,outlen) sm4_ctr_encrypt_finish(ctx,out,outlen)
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_SM4_H
+#define GMSSL_SM4_H
+
+#include <stdint.h>
+#include <string.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+SM4 Public API
+
+	SM4_KEY_SIZE
+	SM4_BLOCK_SIZE
+
+	SM4_CBC_CTX
+	sm4_cbc_encrypt_init
+	sm4_cbc_encrypt_update
+	sm4_cbc_encrypt_finish
+	sm4_cbc_decrypt_init
+	sm4_cbc_decrypt_update
+	sm4_cbc_decrypt_finish
+
+	SM4_CTR_CTX
+	sm4_ctr_encrypt_init
+	sm4_ctr_encrypt_update
+	sm4_ctr_encrypt_finish
+	sm4_ctr_decrypt_init
+	sm4_ctr_decrypt_update
+	sm4_ctr_decrypt_finish
+*/
+
+#define SM4_KEY_SIZE		(16)
+#define SM4_BLOCK_SIZE		(16)
+#define SM4_NUM_ROUNDS		(32)
+
+
+typedef struct {
+	uint32_t rk[SM4_NUM_ROUNDS];
+} SM4_KEY;
+
+void sm4_set_encrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
+void sm4_set_decrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]);
+void sm4_encrypt(const SM4_KEY *key, const uint8_t in[SM4_BLOCK_SIZE], uint8_t out[SM4_BLOCK_SIZE]);
+#define sm4_decrypt(key,in,out) sm4_encrypt(key,in,out)
+
+
+void sm4_cbc_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
+	const uint8_t *in, size_t nblocks, uint8_t *out);
+void sm4_cbc_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
+	const uint8_t *in, size_t nblocks, uint8_t *out);
+int sm4_cbc_padding_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+int sm4_cbc_padding_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+
+
+void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[SM4_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen, uint8_t *out);
+#define sm4_ctr_decrypt(key,ctr,in,inlen,out) sm4_ctr_encrypt(key,ctr,in,inlen,out)
+
+
+#define SM4_GCM_IV_MIN_SIZE		1
+#define SM4_GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
+#define SM4_GCM_IV_DEFAULT_BITS		96
+#define SM4_GCM_IV_DEFAULT_SIZE		12
+
+#define SM4_GCM_MIN_AAD_SIZE		0
+#define SM4_GCM_MAX_AAD_SIZE		((uint64_t)(1 << (64-3)))
+
+#define SM4_GCM_MIN_PLAINTEXT_SIZE	0
+#define SM4_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
+
+#define SM4_GCM_MAX_TAG_SIZE		16
+
+int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t taglen, uint8_t *tag);
+int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
+
+typedef struct {
+	SM4_KEY sm4_key;
+	uint8_t iv[SM4_BLOCK_SIZE];
+	uint8_t block[SM4_BLOCK_SIZE];
+	size_t block_nbytes;
+} SM4_CBC_CTX;
+
+int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
+int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
+
+int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
+int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);
+
+
+typedef struct {
+	SM4_KEY sm4_key;
+	uint8_t ctr[SM4_BLOCK_SIZE];
+	uint8_t block[SM4_BLOCK_SIZE];
+	size_t block_nbytes;
+} SM4_CTR_CTX;
+
+int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
+int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen);
+
+#define sm4_ctr_decrypt_init(ctx,key,ctr) sm4_ctr_encrypt_init(ctx,key,ctr)
+#define sm4_ctr_decrypt_update(ctx,in,inlen,out,outlen) sm4_ctr_encrypt_update(ctx,in,inlen,out,outlen)
+#define sm4_ctr_decrypt_finish(ctx,out,outlen) sm4_ctr_encrypt_finish(ctx,out,outlen)
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/version.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,30 +7,29 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_VERSION_H
-#define GMSSL_VERSION_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-Version Public API
-
-	gmssl_version_num
-	gmssl_version_str
-*/
-
-#define GMSSL_VERSION_NUM	30000
-#define GMSSL_VERSION_STR	"GmSSL 3.0.0 Beta"
-
-int gmssl_version_num(void);
-const char *gmssl_version_str(void);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_VERSION_H
+#define GMSSL_VERSION_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+Version Public API
+
+	gmssl_version_num
+	gmssl_version_str
+*/
+
+#define GMSSL_VERSION_NUM	30000
+#define GMSSL_VERSION_STR	"GmSSL 3.0.0 Beta"
+
+int gmssl_version_num(void);
+const char *gmssl_version_str(void);
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/x509.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,356 +7,355 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_X509_H
-#define GMSSL_X509_H
-
-
-#include <time.h>
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-X509 Public API
-
-	x509_name_add_rdn
-	x509_name_add_country_name
-	x509_name_add_state_or_province_name
-	x509_name_add_locality_name
-	x509_name_add_organization_name
-	x509_name_add_organizational_unit_name
-	x509_name_add_common_name
-	x509_name_add_domain_component
-	x509_name_to_der
-	x509_name_from_der
-	x509_name_print
-	x509_name_get_value_by_type
-	x509_name_get_common_name
-
-	x509_cert_sign
-	x509_cert_verify
-	x509_cert_verify_by_ca_cert
-	x509_cert_get_issuer_and_serial_number
-	x509_cert_get_issuer
-	x509_cert_get_subject
-	x509_cert_get_subject_public_key
-	x509_cert_to_der
-	x509_cert_from_der
-	x509_cert_to_pem
-	x509_cert_from_pem
-	x509_cert_print
-*/
-
-enum X509_Version {
-	X509_version_v1 = 0,
-	X509_version_v2 = 1,
-	X509_version_v3 = 2,
-};
-
-const char *x509_version_name(int version);
-int x509_explicit_version_to_der(int index, int version, uint8_t **out, size_t *outlen);
-int x509_explicit_version_from_der(int index, int *version, const uint8_t **in, size_t *inlen);
-
-/*
-Time ::= CHOICE {
-	utcTime		UTCTime,
-	generalTime	GeneralizedTime }
-*/
-int x509_time_to_der(time_t a, uint8_t **out, size_t *outlen);
-int x509_time_from_der(time_t *a, const uint8_t **in, size_t *inlen);
-
-/*
-Validity ::= SEQUENCE {
-	notBefore	Time,
-	notAfter	Time }
-*/
-#define X509_VALIDITY_MIN_DAYS 1
-#define X509_VALIDITY_MAX_DAYS (365 * 10) // ROOTCA, CA需要更长的时间！
-int x509_validity_add_days(time_t *not_after, time_t not_before, int days);
-int x509_validity_to_der(time_t not_before, time_t not_after, uint8_t **out, size_t *outlen);
-int x509_validity_from_der(time_t *not_before, time_t *not_after, const uint8_t **in, size_t *inlen);
-int x509_validity_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-AttributeTypeAndValue ::= SEQUENCE {
-	type OBJECT IDENTIFIER,
-	value ANY -- DEFINED BY AttributeType }
-
-id-at
-	name			DirectoryName		1..ub-name
-	surname			DirectoryName		1..ub-name
-	givenName		DirectoryName		1..ub-name
-	initials		DirectoryName		1..ub-name
-	generationQualifier	DirectoryName		1..ub-name
-	commonName		DirectoryName		1..ub-common-name
-	localityName		DirectoryName		1..ub-locality-name
-	stateOrProvinceName	DirectoryName		1..ub-state-name
-	organizationName	DirectoryName		1..ub-organization-name
-	organizationalUnitName	DirectoryName		1..ub-organizational-unit-name
-	title			DirectoryName		1..ub-title
-	dnQualifier		PrintableString		N/A
-	countryName		PrintableString		2..2
-	serialNumber		PrintableString		1..ub-serial-number
-	pseudonym		DirectoryName		1..ub-pseudonym
-	domainComponent		IA5String		N/A
-*/
-#define X509_ub_name 32768
-#define X509_ub_common_name 64
-#define X509_ub_locality_name 128
-#define X509_ub_state_name 128
-#define X509_ub_organization_name 64
-#define X509_ub_organizational_unit_name 64
-#define X509_ub_title 64
-#define X509_ub_serial_number 64
-#define X509_ub_pseudonym 128
-
-int x509_attr_type_and_value_check(int oid, int tag, const uint8_t *val, size_t vlen);
-int x509_attr_type_and_value_to_der(int oid, int tag, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
-int x509_attr_type_and_value_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
-int x509_attr_type_and_value_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
-*/
-int x509_rdn_to_der(int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen, uint8_t **out, size_t *outlen);
-int x509_rdn_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **more, size_t *mlen, const uint8_t **in, size_t *inlen);
-int x509_rdn_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-Name ::= SEQUENCE OF RelativeDistinguishedName
-
-Example:
-    SEQUENCE LEN
-      SET LEN
-          SEQUENCE LEN OID=countryName, String=CN
-      SET LEN
-          SEQUENCE LEN OID=stateName, String=CN
-          SEQUENCE LEN OID=unknown, String=ABC
-      SET LEN
-          SEQUENCE LEN OID=commonNmame, String=ABC
-*/
-int x509_name_add_rdn(uint8_t *d, size_t *dlen, size_t maxlen, int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen);
-int x509_name_add_country_name(uint8_t *d, size_t *dlen, int maxlen, const char val[2] ); // val: PrintableString SIZE(2)
-int x509_name_add_state_or_province_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
-int x509_name_add_locality_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
-int x509_name_add_organization_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
-int x509_name_add_organizational_unit_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
-int x509_name_add_common_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
-int x509_name_add_domain_component(uint8_t *d, size_t *dlen, int maxlen, const char *val, size_t vlen); // val: IA5String
-
-int x509_name_set(uint8_t *d, size_t *dlen, size_t maxlen,
-	const char *country, const char *state, const char *locality,
-	const char *org, const char *org_unit, const char *common_name);
-
-#define x509_name_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
-#define x509_name_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
-int x509_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-int x509_name_get_value_by_type(const uint8_t *d, size_t dlen, int oid, int *tag, const uint8_t **val, size_t *vlen);
-int x509_name_get_common_name(const uint8_t *d, size_t dlen, int *tag, const uint8_t **val, size_t *vlen);
-int x509_name_equ(const uint8_t *a, size_t alen, const uint8_t *b, size_t blen);
-
-int x509_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-SubjectPublicKeyInfo  ::=  SEQUENCE  {
-	algorithm            AlgorithmIdentifier,
-	subjectPublicKey     BIT STRING  }
-
-algorithm.algorithm = OID_ec_public_key;
-algorithm.parameters = OID_sm2;
-subjectPublicKey = ECPoint
-*/
-#define x509_public_key_info_to_der(key,out,outlen) sm2_public_key_info_to_der(key,out,outlen)
-#define x509_public_key_info_from_der(key,in,inlen) sm2_public_key_info_from_der(key,in,inlen)
-int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-Extension  ::=  SEQUENCE  {
-	extnID OBJECT IDENTIFIER,
-	critical BOOLEAN DEFAULT FALSE,
-	extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value
-*/
-int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
-int x509_ext_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
-int x509_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-[3] EXPLICIT SEQUENCE OF Extension
- */
-int x509_explicit_exts_to_der(int index, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int x509_explicit_exts_from_der(int index, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-#define x509_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(3,d,dlen,out,outlen)
-#define x509_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(3,d,dlen,in,inlen)
-
-int x509_exts_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
-int x509_exts_get_ext_by_index(const uint8_t *d, size_t dlen, int index,
-	int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical,
-	const uint8_t **val, size_t *vlen);
-int x509_exts_get_ext_by_oid(const uint8_t *d, size_t dlen, int oid,
-	int *critical, const uint8_t **val, size_t *vlen);
-int x509_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-TBSCertificate ::= SEQUENCE {
-	version			[0] EXPLICIT INTEGER DEFAULT v1,
-	serialNumber		INTEGER,
-	siganture		AlgorithmIdentifier,
-	issuer			Name,
-	validity		Validity,
-	subject			Name,
-	subjectPulbicKeyInfo	SubjectPublicKeyInfo,
-	issuerUniqueID		[1] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3
-	subjectUniqueID		[2] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3
-	extensions		[3] EXPLICIT Extensions OPTIONAL  -- If present, must be v3 }
-*/
-#define X509_SERIAL_NUMBER_MIN_LEN	1
-#define X509_SERIAL_NUMBER_MAX_LEN	20
-#define X509_UNIQUE_ID_MIN_LEN 		32
-#define X509_UNIQUE_ID_MAX_LEN 		32
-
-int x509_tbs_cert_to_der(
-	int version,
-	const uint8_t *serial, size_t serial_len,
-	int signature_algor,
-	const uint8_t *issuer, size_t issuer_len,
-	time_t not_before, time_t not_after,
-	const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key,
-	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
-	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
-	const uint8_t *exts, size_t exts_len,
-	uint8_t **out, size_t *outlen);
-int x509_tbs_cert_from_der(
-	int *version,
-	const uint8_t **serial, size_t *serial_len,
-	int *signature_algor,
-	const uint8_t **issuer, size_t *issuer_len,
-	time_t *not_before, time_t *not_after,
-	const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key,
-	const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
-	const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
-	const uint8_t **exts, size_t *exts_len,
-	const uint8_t **in, size_t *inlen);
-int x509_tbs_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-Certificate  ::=  SEQUENCE  {
-	tbsCertificate       TBSCertificate,
-	signatureAlgorithm   AlgorithmIdentifier,
-	signatureValue       BIT STRING }
-*/
-int x509_certificate_to_der(
-	const uint8_t *tbs, size_t tbslen,
-	int signature_algor,
-	const uint8_t *sig, size_t siglen,
-	uint8_t **out, size_t *outlen);
-int x509_certificate_from_der(
-	const uint8_t **tbs, size_t *tbslen,
-	int *signature_algor,
-	const uint8_t **sig, size_t *siglen,
-	const uint8_t **in, size_t *inlen);
-int x509_certificate_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-// x509_cert functions
-int x509_cert_sign(
-	uint8_t *cert, size_t *certlen, size_t maxlen,
-	int version,
-	const uint8_t *serial, size_t serial_len,
-	int signature_algor,
-	const uint8_t *issuer, size_t issuer_len,
-	time_t not_before, time_t not_after,
-	const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key,
-	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
-	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
-	const uint8_t *exts, size_t exts_len,
-	const SM2_KEY *sign_key,
-	const char *signer_id, size_t signer_id_len);
-int x509_cert_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key,
-	const char *signer_id, size_t signer_id_len);
-int x509_cert_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
-	const char *signer_id, size_t signer_id_len);
-
-int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
-int x509_cert_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
-int x509_cert_to_pem(const uint8_t *a, size_t alen, FILE *fp);
-int x509_cert_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp);
-int x509_cert_from_pem_by_index(uint8_t *a, size_t *alen, size_t maxlen, int index, FILE *fp);
-int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, const uint8_t *name, size_t namelen, FILE *fp);
-int x509_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
-
-int x509_cert_get_details(const uint8_t *a, size_t alen,
-	int *version,
-	const uint8_t **serial_number, size_t *serial_number_len,
-	int *inner_signature_algor,
-	const uint8_t **issuer, size_t *issuer_len,
-	time_t *not_before, time_t *not_after,
-	const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key,
-	const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
-	const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
-	const uint8_t **extensions, size_t *extensions_len,
-	int *signature_algor,
-	const uint8_t **signature, size_t *signature_len);
-
-/*
-IssuerAndSerialNumber ::= SEQUENCE {
-	isser		Name,
-	serialNumber	INTEGER }
-*/
-int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
-	const uint8_t **issuer, size_t *issuer_len,
-	const uint8_t **serial_number, size_t *serial_number_len);
-int x509_cert_get_issuer(const uint8_t *a, size_t alen, const uint8_t **name, size_t *namelen);
-int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len);
-int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key);
-
-int x509_certs_to_pem(const uint8_t *d, size_t dlen, FILE *fp);
-int x509_certs_from_pem(uint8_t *d, size_t *dlen, size_t maxlen, FILE *fp);
-int x509_certs_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
-int x509_certs_get_cert_by_index(const uint8_t *d, size_t dlen, int index, const uint8_t **cert, size_t *certlen);
-int x509_certs_get_cert_by_subject(const uint8_t *d, size_t dlen, const uint8_t *subject, size_t subject_len, const uint8_t **cert, size_t *certlen);
-int x509_certs_get_last(const uint8_t *d, size_t dlen, const uint8_t **cert, size_t *certlen);
-
-int x509_certs_get_cert_by_issuer_and_serial_number(
-	const uint8_t *certs, size_t certs_len,
-	const uint8_t *issuer, size_t issuer_len,
-	const uint8_t *serial, size_t serial_len,
-	const uint8_t **cert, size_t *cert_len);
-
-
-typedef enum {
-	X509_verify_err_cert_revoked		= -2,
-	X509_verify_err_cert_not_yet_valid	= -3,
-	X509_verify_err_cert_has_expired	= -4,
-	X509_verify_err_cert_chain_too_long	= -5,
-} X509_VERIFY_ERR;
-
-int x509_certs_verify(const uint8_t *certs, size_t certslen,
-	const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
-int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen,
-	const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
-int x509_certs_get_subjects(const uint8_t *certs, size_t certslen, uint8_t *names, size_t *nameslen);
-int x509_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-int x509_cert_new_from_file(uint8_t **out, size_t *outlen, const char *file);
-int x509_certs_new_from_file(uint8_t **out, size_t *outlen, const char *file);
-
-
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_X509_H
+#define GMSSL_X509_H
+
+
+#include <time.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/oid.h>
+#include <gmssl/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+X509 Public API
+
+	x509_name_add_rdn
+	x509_name_add_country_name
+	x509_name_add_state_or_province_name
+	x509_name_add_locality_name
+	x509_name_add_organization_name
+	x509_name_add_organizational_unit_name
+	x509_name_add_common_name
+	x509_name_add_domain_component
+	x509_name_to_der
+	x509_name_from_der
+	x509_name_print
+	x509_name_get_value_by_type
+	x509_name_get_common_name
+
+	x509_cert_sign
+	x509_cert_verify
+	x509_cert_verify_by_ca_cert
+	x509_cert_get_issuer_and_serial_number
+	x509_cert_get_issuer
+	x509_cert_get_subject
+	x509_cert_get_subject_public_key
+	x509_cert_to_der
+	x509_cert_from_der
+	x509_cert_to_pem
+	x509_cert_from_pem
+	x509_cert_print
+*/
+
+enum X509_Version {
+	X509_version_v1 = 0,
+	X509_version_v2 = 1,
+	X509_version_v3 = 2,
+};
+
+const char *x509_version_name(int version);
+int x509_explicit_version_to_der(int index, int version, uint8_t **out, size_t *outlen);
+int x509_explicit_version_from_der(int index, int *version, const uint8_t **in, size_t *inlen);
+
+/*
+Time ::= CHOICE {
+	utcTime		UTCTime,
+	generalTime	GeneralizedTime }
+*/
+int x509_time_to_der(time_t a, uint8_t **out, size_t *outlen);
+int x509_time_from_der(time_t *a, const uint8_t **in, size_t *inlen);
+
+/*
+Validity ::= SEQUENCE {
+	notBefore	Time,
+	notAfter	Time }
+*/
+#define X509_VALIDITY_MIN_DAYS 1
+#define X509_VALIDITY_MAX_DAYS (365 * 10) // ROOTCA, CA需要更长的时间！
+int x509_validity_add_days(time_t *not_after, time_t not_before, int days);
+int x509_validity_to_der(time_t not_before, time_t not_after, uint8_t **out, size_t *outlen);
+int x509_validity_from_der(time_t *not_before, time_t *not_after, const uint8_t **in, size_t *inlen);
+int x509_validity_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+AttributeTypeAndValue ::= SEQUENCE {
+	type OBJECT IDENTIFIER,
+	value ANY -- DEFINED BY AttributeType }
+
+id-at
+	name			DirectoryName		1..ub-name
+	surname			DirectoryName		1..ub-name
+	givenName		DirectoryName		1..ub-name
+	initials		DirectoryName		1..ub-name
+	generationQualifier	DirectoryName		1..ub-name
+	commonName		DirectoryName		1..ub-common-name
+	localityName		DirectoryName		1..ub-locality-name
+	stateOrProvinceName	DirectoryName		1..ub-state-name
+	organizationName	DirectoryName		1..ub-organization-name
+	organizationalUnitName	DirectoryName		1..ub-organizational-unit-name
+	title			DirectoryName		1..ub-title
+	dnQualifier		PrintableString		N/A
+	countryName		PrintableString		2..2
+	serialNumber		PrintableString		1..ub-serial-number
+	pseudonym		DirectoryName		1..ub-pseudonym
+	domainComponent		IA5String		N/A
+*/
+#define X509_ub_name 32768
+#define X509_ub_common_name 64
+#define X509_ub_locality_name 128
+#define X509_ub_state_name 128
+#define X509_ub_organization_name 64
+#define X509_ub_organizational_unit_name 64
+#define X509_ub_title 64
+#define X509_ub_serial_number 64
+#define X509_ub_pseudonym 128
+
+int x509_attr_type_and_value_check(int oid, int tag, const uint8_t *val, size_t vlen);
+int x509_attr_type_and_value_to_der(int oid, int tag, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
+int x509_attr_type_and_value_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
+int x509_attr_type_and_value_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
+*/
+int x509_rdn_to_der(int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen, uint8_t **out, size_t *outlen);
+int x509_rdn_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **more, size_t *mlen, const uint8_t **in, size_t *inlen);
+int x509_rdn_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+Name ::= SEQUENCE OF RelativeDistinguishedName
+
+Example:
+    SEQUENCE LEN
+      SET LEN
+          SEQUENCE LEN OID=countryName, String=CN
+      SET LEN
+          SEQUENCE LEN OID=stateName, String=CN
+          SEQUENCE LEN OID=unknown, String=ABC
+      SET LEN
+          SEQUENCE LEN OID=commonNmame, String=ABC
+*/
+int x509_name_add_rdn(uint8_t *d, size_t *dlen, size_t maxlen, int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen);
+int x509_name_add_country_name(uint8_t *d, size_t *dlen, int maxlen, const char val[2] ); // val: PrintableString SIZE(2)
+int x509_name_add_state_or_province_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
+int x509_name_add_locality_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
+int x509_name_add_organization_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
+int x509_name_add_organizational_unit_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
+int x509_name_add_common_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
+int x509_name_add_domain_component(uint8_t *d, size_t *dlen, int maxlen, const char *val, size_t vlen); // val: IA5String
+
+int x509_name_set(uint8_t *d, size_t *dlen, size_t maxlen,
+	const char *country, const char *state, const char *locality,
+	const char *org, const char *org_unit, const char *common_name);
+
+#define x509_name_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
+#define x509_name_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
+int x509_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+int x509_name_get_value_by_type(const uint8_t *d, size_t dlen, int oid, int *tag, const uint8_t **val, size_t *vlen);
+int x509_name_get_common_name(const uint8_t *d, size_t dlen, int *tag, const uint8_t **val, size_t *vlen);
+int x509_name_equ(const uint8_t *a, size_t alen, const uint8_t *b, size_t blen);
+
+int x509_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
+	algorithm            AlgorithmIdentifier,
+	subjectPublicKey     BIT STRING  }
+
+algorithm.algorithm = OID_ec_public_key;
+algorithm.parameters = OID_sm2;
+subjectPublicKey = ECPoint
+*/
+#define x509_public_key_info_to_der(key,out,outlen) sm2_public_key_info_to_der(key,out,outlen)
+#define x509_public_key_info_from_der(key,in,inlen) sm2_public_key_info_from_der(key,in,inlen)
+int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+Extension  ::=  SEQUENCE  {
+	extnID OBJECT IDENTIFIER,
+	critical BOOLEAN DEFAULT FALSE,
+	extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value
+*/
+int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen);
+int x509_ext_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen);
+int x509_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+[3] EXPLICIT SEQUENCE OF Extension
+ */
+int x509_explicit_exts_to_der(int index, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int x509_explicit_exts_from_der(int index, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define x509_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(3,d,dlen,out,outlen)
+#define x509_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(3,d,dlen,in,inlen)
+
+int x509_exts_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
+int x509_exts_get_ext_by_index(const uint8_t *d, size_t dlen, int index,
+	int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical,
+	const uint8_t **val, size_t *vlen);
+int x509_exts_get_ext_by_oid(const uint8_t *d, size_t dlen, int oid,
+	int *critical, const uint8_t **val, size_t *vlen);
+int x509_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+TBSCertificate ::= SEQUENCE {
+	version			[0] EXPLICIT INTEGER DEFAULT v1,
+	serialNumber		INTEGER,
+	siganture		AlgorithmIdentifier,
+	issuer			Name,
+	validity		Validity,
+	subject			Name,
+	subjectPulbicKeyInfo	SubjectPublicKeyInfo,
+	issuerUniqueID		[1] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3
+	subjectUniqueID		[2] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3
+	extensions		[3] EXPLICIT Extensions OPTIONAL  -- If present, must be v3 }
+*/
+#define X509_SERIAL_NUMBER_MIN_LEN	1
+#define X509_SERIAL_NUMBER_MAX_LEN	20
+#define X509_UNIQUE_ID_MIN_LEN 		32
+#define X509_UNIQUE_ID_MAX_LEN 		32
+
+int x509_tbs_cert_to_der(
+	int version,
+	const uint8_t *serial, size_t serial_len,
+	int signature_algor,
+	const uint8_t *issuer, size_t issuer_len,
+	time_t not_before, time_t not_after,
+	const uint8_t *subject, size_t subject_len,
+	const SM2_KEY *subject_public_key,
+	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
+	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
+	const uint8_t *exts, size_t exts_len,
+	uint8_t **out, size_t *outlen);
+int x509_tbs_cert_from_der(
+	int *version,
+	const uint8_t **serial, size_t *serial_len,
+	int *signature_algor,
+	const uint8_t **issuer, size_t *issuer_len,
+	time_t *not_before, time_t *not_after,
+	const uint8_t **subject, size_t *subject_len,
+	SM2_KEY *subject_public_key,
+	const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
+	const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
+	const uint8_t **exts, size_t *exts_len,
+	const uint8_t **in, size_t *inlen);
+int x509_tbs_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+Certificate  ::=  SEQUENCE  {
+	tbsCertificate       TBSCertificate,
+	signatureAlgorithm   AlgorithmIdentifier,
+	signatureValue       BIT STRING }
+*/
+int x509_certificate_to_der(
+	const uint8_t *tbs, size_t tbslen,
+	int signature_algor,
+	const uint8_t *sig, size_t siglen,
+	uint8_t **out, size_t *outlen);
+int x509_certificate_from_der(
+	const uint8_t **tbs, size_t *tbslen,
+	int *signature_algor,
+	const uint8_t **sig, size_t *siglen,
+	const uint8_t **in, size_t *inlen);
+int x509_certificate_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+// x509_cert functions
+int x509_cert_sign(
+	uint8_t *cert, size_t *certlen, size_t maxlen,
+	int version,
+	const uint8_t *serial, size_t serial_len,
+	int signature_algor,
+	const uint8_t *issuer, size_t issuer_len,
+	time_t not_before, time_t not_after,
+	const uint8_t *subject, size_t subject_len,
+	const SM2_KEY *subject_public_key,
+	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
+	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
+	const uint8_t *exts, size_t exts_len,
+	const SM2_KEY *sign_key,
+	const char *signer_id, size_t signer_id_len);
+int x509_cert_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key,
+	const char *signer_id, size_t signer_id_len);
+int x509_cert_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
+	const char *signer_id, size_t signer_id_len);
+
+int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
+int x509_cert_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
+int x509_cert_to_pem(const uint8_t *a, size_t alen, FILE *fp);
+int x509_cert_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp);
+int x509_cert_from_pem_by_index(uint8_t *a, size_t *alen, size_t maxlen, int index, FILE *fp);
+int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, const uint8_t *name, size_t namelen, FILE *fp);
+int x509_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
+
+int x509_cert_get_details(const uint8_t *a, size_t alen,
+	int *version,
+	const uint8_t **serial_number, size_t *serial_number_len,
+	int *inner_signature_algor,
+	const uint8_t **issuer, size_t *issuer_len,
+	time_t *not_before, time_t *not_after,
+	const uint8_t **subject, size_t *subject_len,
+	SM2_KEY *subject_public_key,
+	const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len,
+	const uint8_t **subject_unique_id, size_t *subject_unique_id_len,
+	const uint8_t **extensions, size_t *extensions_len,
+	int *signature_algor,
+	const uint8_t **signature, size_t *signature_len);
+
+/*
+IssuerAndSerialNumber ::= SEQUENCE {
+	isser		Name,
+	serialNumber	INTEGER }
+*/
+int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial_number, size_t *serial_number_len);
+int x509_cert_get_issuer(const uint8_t *a, size_t alen, const uint8_t **name, size_t *namelen);
+int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len);
+int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key);
+
+int x509_certs_to_pem(const uint8_t *d, size_t dlen, FILE *fp);
+int x509_certs_from_pem(uint8_t *d, size_t *dlen, size_t maxlen, FILE *fp);
+int x509_certs_get_count(const uint8_t *d, size_t dlen, size_t *cnt);
+int x509_certs_get_cert_by_index(const uint8_t *d, size_t dlen, int index, const uint8_t **cert, size_t *certlen);
+int x509_certs_get_cert_by_subject(const uint8_t *d, size_t dlen, const uint8_t *subject, size_t subject_len, const uint8_t **cert, size_t *certlen);
+int x509_certs_get_last(const uint8_t *d, size_t dlen, const uint8_t **cert, size_t *certlen);
+
+int x509_certs_get_cert_by_issuer_and_serial_number(
+	const uint8_t *certs, size_t certs_len,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial, size_t serial_len,
+	const uint8_t **cert, size_t *cert_len);
+
+
+typedef enum {
+	X509_verify_err_cert_revoked		= -2,
+	X509_verify_err_cert_not_yet_valid	= -3,
+	X509_verify_err_cert_has_expired	= -4,
+	X509_verify_err_cert_chain_too_long	= -5,
+} X509_VERIFY_ERR;
+
+int x509_certs_verify(const uint8_t *certs, size_t certslen,
+	const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
+int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen,
+	const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result);
+int x509_certs_get_subjects(const uint8_t *certs, size_t certslen, uint8_t *names, size_t *nameslen);
+int x509_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+int x509_cert_new_from_file(uint8_t **out, size_t *outlen, const char *file);
+int x509_certs_new_from_file(uint8_t **out, size_t *outlen, const char *file);
+
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/x509_alg.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,64 +7,63 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_X509_ALG_H
-#define GMSSL_X509_ALG_H
-
-
-#include <time.h>
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-AlgorithmIdentifier ::= SEQUENCE {
-	algorithm	OBJECT IDENTIFIER,
-	parameters	ANY }
-*/
-
-const char *x509_digest_algor_name(int oid);
-int x509_digest_algor_from_name(const char *name);
-int x509_digest_algor_from_der(int *oid, const uint8_t **in, size_t *inlen);
-int x509_digest_algor_to_der(int oid, uint8_t **out, size_t *outlen);
-int x509_digest_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-const char *x509_encryption_algor_name(int oid);
-int x509_encryption_algor_from_name(const char *name);
-int x509_encryption_algor_from_der(int *oid, const uint8_t **iv, size_t *ivlen, const uint8_t **in, size_t *inlen);
-int x509_encryption_algor_to_der(int oid, const uint8_t *iv, size_t ivlen, uint8_t **out, size_t *outlen);
-int x509_encryption_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-#define X509_ALGOR_ALLOW_EC_NULL_PARAM 1
-const char *x509_signature_algor_name(int oid);
-int x509_signature_algor_from_name(const char *name);
-int x509_signature_algor_from_der(int *oid, const uint8_t **in, size_t *inlen);
-int x509_signature_algor_to_der(int oid, uint8_t **out, size_t *outlen);
-int x509_signature_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-const char *x509_public_key_encryption_algor_name(int oid);
-int x509_public_key_encryption_algor_from_name(const char *name);
-int x509_public_key_encryption_algor_from_der(int *oid, const uint8_t **params, size_t *params_len, const uint8_t **in, size_t *inlen);
-int x509_public_key_encryption_algor_to_der(int oid, uint8_t **out, size_t *outlen);
-int x509_public_key_encryption_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-const char *x509_public_key_algor_name(int oid);
-int x509_public_key_algor_from_name(const char *name);
-int x509_public_key_algor_to_der(int oid, int curve, uint8_t **out, size_t *outlen);
-int x509_public_key_algor_from_der(int *oid, int *curve_or_null, const uint8_t **in, size_t *inlen);
-int x509_public_key_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_X509_ALG_H
+#define GMSSL_X509_ALG_H
+
+
+#include <time.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/oid.h>
+#include <gmssl/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+AlgorithmIdentifier ::= SEQUENCE {
+	algorithm	OBJECT IDENTIFIER,
+	parameters	ANY }
+*/
+
+const char *x509_digest_algor_name(int oid);
+int x509_digest_algor_from_name(const char *name);
+int x509_digest_algor_from_der(int *oid, const uint8_t **in, size_t *inlen);
+int x509_digest_algor_to_der(int oid, uint8_t **out, size_t *outlen);
+int x509_digest_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+const char *x509_encryption_algor_name(int oid);
+int x509_encryption_algor_from_name(const char *name);
+int x509_encryption_algor_from_der(int *oid, const uint8_t **iv, size_t *ivlen, const uint8_t **in, size_t *inlen);
+int x509_encryption_algor_to_der(int oid, const uint8_t *iv, size_t ivlen, uint8_t **out, size_t *outlen);
+int x509_encryption_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+#define X509_ALGOR_ALLOW_EC_NULL_PARAM 1
+const char *x509_signature_algor_name(int oid);
+int x509_signature_algor_from_name(const char *name);
+int x509_signature_algor_from_der(int *oid, const uint8_t **in, size_t *inlen);
+int x509_signature_algor_to_der(int oid, uint8_t **out, size_t *outlen);
+int x509_signature_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+const char *x509_public_key_encryption_algor_name(int oid);
+int x509_public_key_encryption_algor_from_name(const char *name);
+int x509_public_key_encryption_algor_from_der(int *oid, const uint8_t **params, size_t *params_len, const uint8_t **in, size_t *inlen);
+int x509_public_key_encryption_algor_to_der(int oid, uint8_t **out, size_t *outlen);
+int x509_public_key_encryption_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+const char *x509_public_key_algor_name(int oid);
+int x509_public_key_algor_from_name(const char *name);
+int x509_public_key_algor_to_der(int oid, int curve, uint8_t **out, size_t *outlen);
+int x509_public_key_algor_from_der(int *oid, int *curve_or_null, const uint8_t **in, size_t *inlen);
+int x509_public_key_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/x509_crl.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,271 +7,270 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-
-#ifndef GMSSL_X509_CRL_H
-#define GMSSL_X509_CRL_H
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-X509 CRL Public API
-
-
-*/
-
-
-
-/*
-CRLReason ::= ENUMERATED
-*/
-typedef enum {
-	X509_cr_unspecified = 0,
-	X509_cr_key_compromise = 1,
-	X509_cr_ca_compromise = 2 ,
-	X509_cr_affiliation_changed = 3,
-	X509_cr_superseded = 4,
-	X509_cr_cessation_of_operation = 5,
-	X509_cr_certificate_hold = 6,
-	X509_cr_not_assigned = 7,
-	X509_cr_remove_from_crl = 8,
-	X509_cr_privilege_withdrawn = 9,
-	X509_cr_aa_compromise = 10,
-} X509_CRL_REASON;
-
-const char *x509_crl_reason_name(int reason);
-int x509_crl_reason_from_name(int *reason, const char *name);
-int x509_crl_reason_to_der(int reason, uint8_t **out, size_t *outlen);
-int x509_crl_reason_from_der(int *reason, const uint8_t **in, size_t *inlen);
-
-/*
-CRL Entry Extensions:
-	OID_ce_crl_reasons		ENUMERATED
-	OID_ce_invalidity_date		GeneralizedTime
-	OID_ce_certificate_issuer	SEQUENCE		GeneralNames
-*/
-const char *x509_crl_entry_ext_id_name(int oid);
-int x509_crl_entry_ext_id_from_name(const char *name);
-int x509_crl_entry_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
-int x509_crl_entry_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
-
-int x509_crl_entry_exts_add_reason(
-	uint8_t *exts, size_t *extslen, size_t maxlen,
-	int critical,
-	int reason);
-int x509_crl_entry_exts_add_invalidity_date(
-	uint8_t *exts, size_t *extslen, size_t maxlen,
-	int critical,
-	time_t tv);
-int x509_crl_entry_exts_add_certificate_issuer(
-	uint8_t *exts, size_t *extslen, size_t maxlen,
-	int critical,
-	const uint8_t *d, size_t dlen);
-#define x509_crl_entry_exts_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
-#define x509_crl_entry_exts_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
-int x509_crl_entry_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-RevokedCertificate ::= SEQUENCE {
-	userCertificate		CertificateSerialNumber,
-	revocationDate		Time,
-	crlEntryExtensions	Extensions OPTIONAL }
-*/
-int x509_revoked_cert_to_der(
-	const uint8_t *serial, size_t serial_len,
-	time_t revoke_date,
-	const uint8_t *entry_exts, size_t entry_exts_len,
-	uint8_t **out, size_t *outlen);
-int x509_revoked_cert_from_der(
-	const uint8_t **serial, size_t *serial_len,
-	time_t *revoke_date,
-	const uint8_t **entry_exts, size_t *entry_exts_len,
-	const uint8_t **in, size_t *inlen);
-int x509_revoked_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-RevokedCertificates ::= SEQUENCE OF RevokedCertificate
-*/
-int x509_revoked_certs_add_revoked_cert(uint8_t *d, size_t *dlen, size_t maxlen,
-	const uint8_t *serial, size_t serial_len,
-	time_t revoke_date,
-	const uint8_t *entry_exts, size_t entry_exts_len);
-int x509_revoked_certs_get_revoked_cert_by_serial_number(const uint8_t *d, size_t dlen,
-	const uint8_t *serial, size_t serial_len,
-	time_t *revoke_date,
-	const uint8_t **entry_exts, size_t *entry_exts_len);
-#define x509_revoked_certs_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
-#define x509_revoked_certs_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
-int x509_revoked_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-CRL Extensions:
-	OID_ce_authority_key_identifier		SEQUENCE	AuthorityKeyIdentifier
-	OID_ce_issuer_alt_name			SEQUENCE	GeneralNames
-	OID_ce_crl_number			INTEGER
-	OID_ce_delta_crl_indicator		INTEGER
-	OID_ce_issuing_distribution_point	SEQUENCE	IssuingDistributionPoint
-*/
-const char *x509_crl_ext_id_name(int oid);
-int x509_crl_ext_id_from_name(const char *name);
-int x509_crl_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
-int x509_crl_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
-
-
-/*
-IssuingDistributionPoint ::= SEQUENCE {
-	distributionPoint		[0] EXPLICIT DistributionPointName OPTIONAL,
-	onlyContainsUserCerts		[1] IMPLICIT BOOLEAN DEFAULT FALSE,
-	onlyContainsCACerts		[2] IMPLICIT BOOLEAN DEFAULT FALSE,
-	onlySomeReasons			[3] IMPLICIT ReasonFlags OPTIONAL,
-	indirectCRL			[4] IMPLICIT BOOLEAN DEFAULT FALSE,
-	onlyContainsAttributeCerts	[5] IMPLICIT BOOLEAN DEFAULT FALSE }
-*/
-
-int x509_issuing_distribution_point_to_der(
-	int dist_point_choice, const uint8_t *dist_point, size_t dist_point_len,
-	int only_contains_user_certs,
-	int only_contains_ca_certs,
-	int only_some_reasons,
-	int indirect_crl,
-	int only_contains_attr_certs,
-	uint8_t **out, size_t *outlen);
-int x509_issuing_distribution_point_from_der(
-	int *dist_point_choice, const uint8_t **dist_point, size_t *dist_point_len,
-	int *only_contains_user_certs,
-	int *only_contains_ca_certs,
-	int *only_some_reasons,
-	int *indirect_crl,
-	int *only_contains_attr_certs,
-	const uint8_t **in, size_t *inlen);
-
-int x509_crl_exts_add_authority_key_identifier(
-	uint8_t *exts, size_t *extslen, size_t maxlen,
-	int critical,
-	const uint8_t *keyid, size_t keyid_len,
-	const uint8_t *issuer, size_t issuer_len,
-	const uint8_t *serial, size_t serial_len);
-int x509_crl_exts_add_issuer_alt_name(
-	uint8_t *exts, size_t *extslen, size_t maxlen,
-	int critical,
-	const uint8_t *d, size_t dlen);
-int x509_crl_exts_add_crl_number(
-	uint8_t *exts, size_t *extslen, size_t maxlen,
-	int critical,
-	int num);
-int x509_crl_exts_add_delta_crl_indicator(
-	uint8_t *exts, size_t *extslen, size_t maxlen,
-	int critical,
-	int num);
-int x509_crl_exts_add_issuing_distribution_point(
-	uint8_t *exts, size_t *extslen, size_t maxlen,
-	int critical,
-	const uint8_t *dist_point, size_t dist_point_len,
-	int only_contains_user_certs,
-	int only_contains_ca_certs,
-	int only_some_reasons,
-	int indirect_crl,
-	int only_contains_attr_certs);
-
-#define x509_crl_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(0,d,dlen,out,outlen)
-#define x509_crl_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(0,d,dlen,in,inlen)
-int x509_crl_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-
-/*
-TBSCertList ::= SEQUENCE {
-	version			INTEGER OPTIONAL, -- if present, MUST be v2
-	signature		AlgorithmIdentifier,
-	issuer			Name,
-	thisUpdate		Time,
-	nextUpdate		Time OPTIONAL,
-	revokedCertificates	RevokedCertificates OPTIONAL,
-	crlExtensions		[0] EXPLICIT Extensions OPTIONAL, -- if present, MUST be v2 }
-*/
-int x509_tbs_crl_to_der(
-	int version,
-	int signature_algor,
-	const uint8_t *issuer, size_t issuer_len,
-	time_t this_update,
-	time_t next_update,
-	const uint8_t *revoked_certs, size_t revoked_certs_len,
-	const uint8_t *exts, size_t exts_len,
-	uint8_t **out, size_t *outlen);
-int x509_tbs_crl_from_der(
-	int *version,
-	int *signature_algor,
-	const uint8_t **issuer, size_t *issuer_len,
-	time_t *this_update,
-	time_t *next_update,
-	const uint8_t **revoked_certs, size_t *revoked_certs_len,
-	const uint8_t **exts, size_t *exts_len,
-	const uint8_t **in, size_t *inlen);
-int x509_tbs_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-CertificateList ::= SEQUENCE {
-	tbsCertList		TBSCertList,
-	signatureAlgorithm	AlgorithmIdentifier,
-	signatureValue		BIT STRING }
-*/
-int x509_cert_list_to_der(const uint8_t *tbs_crl, size_t tbs_crl_len,
-	int signature_algor, const uint8_t *sig, size_t siglen,
-	uint8_t **out, size_t *outlen);
-int x509_cert_list_from_der(const uint8_t **tbs_crl, size_t *tbs_crl_len,
-	int *signature_algor, const uint8_t **sig, size_t *siglen,
-	const uint8_t **in, size_t *inlen);
-int x509_cert_list_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-// x509_crl_ functions
-int x509_crl_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
-int x509_crl_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
-int x509_crl_to_pem(const uint8_t *a, size_t alen, FILE *fp);
-int x509_crl_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp);
-int x509_crl_to_fp(const uint8_t *a, size_t alen, FILE *fp); // 去掉这个函数
-int x509_crl_from_fp(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp); // 去掉这个函数
-
-
-int x509_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
-
-int x509_crl_sign(uint8_t *crl, size_t *crl_len,
-	int version,
-	int signature_algor,
-	const uint8_t *issuer, size_t issuer_len,
-	time_t this_update,
-	time_t next_update,
-	const uint8_t *revoked_certs, size_t revoked_certs_len,
-	const uint8_t *exts, size_t exts_len,
-	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
-int x509_crl_verify(const uint8_t *a, size_t alen,
-	const SM2_KEY *sign_pub_key, const char *signer_id, size_t signer_id_len);
-int x509_crl_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
-	const char *signer_id, size_t signer_id_len);
-
-int x509_crl_get_details(const uint8_t *crl, size_t crl_len,
-	int *version,
-	const uint8_t **issuer, size_t *issuer_len,
-	time_t *this_update,
-	time_t *next_update,
-	const uint8_t **revoked_certs, size_t *revoked_certs_len,
-	const uint8_t **exts, size_t *exts_len,
-	int *signature_algor,
-	const uint8_t **sig, size_t *siglen);
-int x509_crl_get_issuer(const uint8_t *crl, size_t crl_len,
-	const uint8_t **issuer, size_t *issuer_len);
-
-int x509_crl_find_revoked_cert_by_serial_number(const uint8_t *a, size_t alen,
-	const uint8_t *serial, size_t serial_len, time_t *revoke_date,
-	const uint8_t **entry_exts, size_t *entry_exts_len);
-
-
-
-int x509_crls_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
+
+
+#ifndef GMSSL_X509_CRL_H
+#define GMSSL_X509_CRL_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+X509 CRL Public API
+
+
+*/
+
+
+
+/*
+CRLReason ::= ENUMERATED
+*/
+typedef enum {
+	X509_cr_unspecified = 0,
+	X509_cr_key_compromise = 1,
+	X509_cr_ca_compromise = 2 ,
+	X509_cr_affiliation_changed = 3,
+	X509_cr_superseded = 4,
+	X509_cr_cessation_of_operation = 5,
+	X509_cr_certificate_hold = 6,
+	X509_cr_not_assigned = 7,
+	X509_cr_remove_from_crl = 8,
+	X509_cr_privilege_withdrawn = 9,
+	X509_cr_aa_compromise = 10,
+} X509_CRL_REASON;
+
+const char *x509_crl_reason_name(int reason);
+int x509_crl_reason_from_name(int *reason, const char *name);
+int x509_crl_reason_to_der(int reason, uint8_t **out, size_t *outlen);
+int x509_crl_reason_from_der(int *reason, const uint8_t **in, size_t *inlen);
+
+/*
+CRL Entry Extensions:
+	OID_ce_crl_reasons		ENUMERATED
+	OID_ce_invalidity_date		GeneralizedTime
+	OID_ce_certificate_issuer	SEQUENCE		GeneralNames
+*/
+const char *x509_crl_entry_ext_id_name(int oid);
+int x509_crl_entry_ext_id_from_name(const char *name);
+int x509_crl_entry_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
+int x509_crl_entry_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
+
+int x509_crl_entry_exts_add_reason(
+	uint8_t *exts, size_t *extslen, size_t maxlen,
+	int critical,
+	int reason);
+int x509_crl_entry_exts_add_invalidity_date(
+	uint8_t *exts, size_t *extslen, size_t maxlen,
+	int critical,
+	time_t tv);
+int x509_crl_entry_exts_add_certificate_issuer(
+	uint8_t *exts, size_t *extslen, size_t maxlen,
+	int critical,
+	const uint8_t *d, size_t dlen);
+#define x509_crl_entry_exts_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
+#define x509_crl_entry_exts_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
+int x509_crl_entry_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+RevokedCertificate ::= SEQUENCE {
+	userCertificate		CertificateSerialNumber,
+	revocationDate		Time,
+	crlEntryExtensions	Extensions OPTIONAL }
+*/
+int x509_revoked_cert_to_der(
+	const uint8_t *serial, size_t serial_len,
+	time_t revoke_date,
+	const uint8_t *entry_exts, size_t entry_exts_len,
+	uint8_t **out, size_t *outlen);
+int x509_revoked_cert_from_der(
+	const uint8_t **serial, size_t *serial_len,
+	time_t *revoke_date,
+	const uint8_t **entry_exts, size_t *entry_exts_len,
+	const uint8_t **in, size_t *inlen);
+int x509_revoked_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+RevokedCertificates ::= SEQUENCE OF RevokedCertificate
+*/
+int x509_revoked_certs_add_revoked_cert(uint8_t *d, size_t *dlen, size_t maxlen,
+	const uint8_t *serial, size_t serial_len,
+	time_t revoke_date,
+	const uint8_t *entry_exts, size_t entry_exts_len);
+int x509_revoked_certs_get_revoked_cert_by_serial_number(const uint8_t *d, size_t dlen,
+	const uint8_t *serial, size_t serial_len,
+	time_t *revoke_date,
+	const uint8_t **entry_exts, size_t *entry_exts_len);
+#define x509_revoked_certs_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen)
+#define x509_revoked_certs_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen)
+int x509_revoked_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+CRL Extensions:
+	OID_ce_authority_key_identifier		SEQUENCE	AuthorityKeyIdentifier
+	OID_ce_issuer_alt_name			SEQUENCE	GeneralNames
+	OID_ce_crl_number			INTEGER
+	OID_ce_delta_crl_indicator		INTEGER
+	OID_ce_issuing_distribution_point	SEQUENCE	IssuingDistributionPoint
+*/
+const char *x509_crl_ext_id_name(int oid);
+int x509_crl_ext_id_from_name(const char *name);
+int x509_crl_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
+int x509_crl_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
+
+
+/*
+IssuingDistributionPoint ::= SEQUENCE {
+	distributionPoint		[0] EXPLICIT DistributionPointName OPTIONAL,
+	onlyContainsUserCerts		[1] IMPLICIT BOOLEAN DEFAULT FALSE,
+	onlyContainsCACerts		[2] IMPLICIT BOOLEAN DEFAULT FALSE,
+	onlySomeReasons			[3] IMPLICIT ReasonFlags OPTIONAL,
+	indirectCRL			[4] IMPLICIT BOOLEAN DEFAULT FALSE,
+	onlyContainsAttributeCerts	[5] IMPLICIT BOOLEAN DEFAULT FALSE }
+*/
+
+int x509_issuing_distribution_point_to_der(
+	int dist_point_choice, const uint8_t *dist_point, size_t dist_point_len,
+	int only_contains_user_certs,
+	int only_contains_ca_certs,
+	int only_some_reasons,
+	int indirect_crl,
+	int only_contains_attr_certs,
+	uint8_t **out, size_t *outlen);
+int x509_issuing_distribution_point_from_der(
+	int *dist_point_choice, const uint8_t **dist_point, size_t *dist_point_len,
+	int *only_contains_user_certs,
+	int *only_contains_ca_certs,
+	int *only_some_reasons,
+	int *indirect_crl,
+	int *only_contains_attr_certs,
+	const uint8_t **in, size_t *inlen);
+
+int x509_crl_exts_add_authority_key_identifier(
+	uint8_t *exts, size_t *extslen, size_t maxlen,
+	int critical,
+	const uint8_t *keyid, size_t keyid_len,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial, size_t serial_len);
+int x509_crl_exts_add_issuer_alt_name(
+	uint8_t *exts, size_t *extslen, size_t maxlen,
+	int critical,
+	const uint8_t *d, size_t dlen);
+int x509_crl_exts_add_crl_number(
+	uint8_t *exts, size_t *extslen, size_t maxlen,
+	int critical,
+	int num);
+int x509_crl_exts_add_delta_crl_indicator(
+	uint8_t *exts, size_t *extslen, size_t maxlen,
+	int critical,
+	int num);
+int x509_crl_exts_add_issuing_distribution_point(
+	uint8_t *exts, size_t *extslen, size_t maxlen,
+	int critical,
+	const uint8_t *dist_point, size_t dist_point_len,
+	int only_contains_user_certs,
+	int only_contains_ca_certs,
+	int only_some_reasons,
+	int indirect_crl,
+	int only_contains_attr_certs);
+
+#define x509_crl_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(0,d,dlen,out,outlen)
+#define x509_crl_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(0,d,dlen,in,inlen)
+int x509_crl_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+/*
+TBSCertList ::= SEQUENCE {
+	version			INTEGER OPTIONAL, -- if present, MUST be v2
+	signature		AlgorithmIdentifier,
+	issuer			Name,
+	thisUpdate		Time,
+	nextUpdate		Time OPTIONAL,
+	revokedCertificates	RevokedCertificates OPTIONAL,
+	crlExtensions		[0] EXPLICIT Extensions OPTIONAL, -- if present, MUST be v2 }
+*/
+int x509_tbs_crl_to_der(
+	int version,
+	int signature_algor,
+	const uint8_t *issuer, size_t issuer_len,
+	time_t this_update,
+	time_t next_update,
+	const uint8_t *revoked_certs, size_t revoked_certs_len,
+	const uint8_t *exts, size_t exts_len,
+	uint8_t **out, size_t *outlen);
+int x509_tbs_crl_from_der(
+	int *version,
+	int *signature_algor,
+	const uint8_t **issuer, size_t *issuer_len,
+	time_t *this_update,
+	time_t *next_update,
+	const uint8_t **revoked_certs, size_t *revoked_certs_len,
+	const uint8_t **exts, size_t *exts_len,
+	const uint8_t **in, size_t *inlen);
+int x509_tbs_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+CertificateList ::= SEQUENCE {
+	tbsCertList		TBSCertList,
+	signatureAlgorithm	AlgorithmIdentifier,
+	signatureValue		BIT STRING }
+*/
+int x509_cert_list_to_der(const uint8_t *tbs_crl, size_t tbs_crl_len,
+	int signature_algor, const uint8_t *sig, size_t siglen,
+	uint8_t **out, size_t *outlen);
+int x509_cert_list_from_der(const uint8_t **tbs_crl, size_t *tbs_crl_len,
+	int *signature_algor, const uint8_t **sig, size_t *siglen,
+	const uint8_t **in, size_t *inlen);
+int x509_cert_list_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+// x509_crl_ functions
+int x509_crl_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
+int x509_crl_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
+int x509_crl_to_pem(const uint8_t *a, size_t alen, FILE *fp);
+int x509_crl_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp);
+int x509_crl_to_fp(const uint8_t *a, size_t alen, FILE *fp); // 去掉这个函数
+int x509_crl_from_fp(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp); // 去掉这个函数
+
+
+int x509_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
+
+int x509_crl_sign(uint8_t *crl, size_t *crl_len,
+	int version,
+	int signature_algor,
+	const uint8_t *issuer, size_t issuer_len,
+	time_t this_update,
+	time_t next_update,
+	const uint8_t *revoked_certs, size_t revoked_certs_len,
+	const uint8_t *exts, size_t exts_len,
+	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
+int x509_crl_verify(const uint8_t *a, size_t alen,
+	const SM2_KEY *sign_pub_key, const char *signer_id, size_t signer_id_len);
+int x509_crl_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
+	const char *signer_id, size_t signer_id_len);
+
+int x509_crl_get_details(const uint8_t *crl, size_t crl_len,
+	int *version,
+	const uint8_t **issuer, size_t *issuer_len,
+	time_t *this_update,
+	time_t *next_update,
+	const uint8_t **revoked_certs, size_t *revoked_certs_len,
+	const uint8_t **exts, size_t *exts_len,
+	int *signature_algor,
+	const uint8_t **sig, size_t *siglen);
+int x509_crl_get_issuer(const uint8_t *crl, size_t crl_len,
+	const uint8_t **issuer, size_t *issuer_len);
+
+int x509_crl_find_revoked_cert_by_serial_number(const uint8_t *a, size_t alen,
+	const uint8_t *serial, size_t serial_len, time_t *revoke_date,
+	const uint8_t **entry_exts, size_t *entry_exts_len);
+
+
+
+int x509_crls_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

include/gmssl/x509_oid.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,106 +7,105 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_X509_OID_H
-#define GMSSL_X509_OID_H
-
-
-#include <time.h>
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-id-at:
-	OID_at_name
-	OID_at_surname
-	OID_at_given_name
-	OID_at_initials
-	OID_at_generation_qualifier
-	OID_at_common_name
-	OID_at_locality_name
-	OID_at_state_or_province_name
-	OID_at_organization_name
-	OID_at_organizational_unit_name
-	OID_at_title
-	OID_at_dn_qualifier
-	OID_at_country_name
-	OID_at_serial_number
-	OID_at_pseudonym
-	OID_domain_component
-*/
-const char *x509_name_type_name(int oid);
-int x509_name_type_from_name(const char *name);
-int x509_name_type_from_der(int *oid, const uint8_t **in, size_t *inlen);
-int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen);
-
-/*
-id-ce:
-	OID_ce_authority_key_identifier
-	OID_ce_subject_key_identifier
-	OID_ce_key_usage
-	OID_ce_certificate_policies
-	OID_ce_policy_mappings
-	OID_ce_subject_alt_name
-	OID_ce_issuer_alt_name
-	OID_ce_subject_directory_attributes
-	OID_ce_basic_constraints
-	OID_ce_name_constraints
-	OID_ce_policy_constraints
-	OID_ce_ext_key_usage
-	OID_ce_crl_distribution_points
-	OID_ce_inhibit_any_policy
-	OID_ce_freshest_crl
-	OID_netscape_cert_comment
-*/
-const char *x509_ext_id_name(int oid);
-int x509_ext_id_from_name(const char *name);
-int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_count, const uint8_t **in, size_t *inlen);
-int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
-
-/*
-id-qt
-	OID_qt_cps
-	OID_qt_unotice
-*/
-const char *x509_qualifier_id_name(int oid);
-int x509_qualifier_id_from_name(const char *name);
-int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
-int x509_qualifier_id_to_der(int oid, uint8_t **out, size_t *outlen);
-
-/*
-	OID_any_policy
-*/
-char *x509_cert_policy_id_name(int oid);
-int x509_cert_policy_id_from_name(const char *name);
-int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
-int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
-
-/*
-id-kp
-	OID_kp_server_auth
-	OID_kp_client_auth
-	OID_kp_code_signing
-	OID_kp_email_protection
-	OID_kp_time_stamping
-	OID_kp_ocsp_signing
-*/
-const char *x509_key_purpose_name(int oid);
-const char *x509_key_purpose_text(int oid);
-int x509_key_purpose_from_name(const char *name);
-int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen);
-int x509_key_purpose_to_der(int oid, uint8_t **out, size_t *outlen);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_X509_OID_H
+#define GMSSL_X509_OID_H
+
+
+#include <time.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/oid.h>
+#include <gmssl/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+id-at:
+	OID_at_name
+	OID_at_surname
+	OID_at_given_name
+	OID_at_initials
+	OID_at_generation_qualifier
+	OID_at_common_name
+	OID_at_locality_name
+	OID_at_state_or_province_name
+	OID_at_organization_name
+	OID_at_organizational_unit_name
+	OID_at_title
+	OID_at_dn_qualifier
+	OID_at_country_name
+	OID_at_serial_number
+	OID_at_pseudonym
+	OID_domain_component
+*/
+const char *x509_name_type_name(int oid);
+int x509_name_type_from_name(const char *name);
+int x509_name_type_from_der(int *oid, const uint8_t **in, size_t *inlen);
+int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen);
+
+/*
+id-ce:
+	OID_ce_authority_key_identifier
+	OID_ce_subject_key_identifier
+	OID_ce_key_usage
+	OID_ce_certificate_policies
+	OID_ce_policy_mappings
+	OID_ce_subject_alt_name
+	OID_ce_issuer_alt_name
+	OID_ce_subject_directory_attributes
+	OID_ce_basic_constraints
+	OID_ce_name_constraints
+	OID_ce_policy_constraints
+	OID_ce_ext_key_usage
+	OID_ce_crl_distribution_points
+	OID_ce_inhibit_any_policy
+	OID_ce_freshest_crl
+	OID_netscape_cert_comment
+*/
+const char *x509_ext_id_name(int oid);
+int x509_ext_id_from_name(const char *name);
+int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_count, const uint8_t **in, size_t *inlen);
+int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen);
+
+/*
+id-qt
+	OID_qt_cps
+	OID_qt_unotice
+*/
+const char *x509_qualifier_id_name(int oid);
+int x509_qualifier_id_from_name(const char *name);
+int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen);
+int x509_qualifier_id_to_der(int oid, uint8_t **out, size_t *outlen);
+
+/*
+	OID_any_policy
+*/
+char *x509_cert_policy_id_name(int oid);
+int x509_cert_policy_id_from_name(const char *name);
+int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
+int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
+
+/*
+id-kp
+	OID_kp_server_auth
+	OID_kp_client_auth
+	OID_kp_code_signing
+	OID_kp_email_protection
+	OID_kp_time_stamping
+	OID_kp_ocsp_signing
+*/
+const char *x509_key_purpose_name(int oid);
+const char *x509_key_purpose_text(int oid);
+int x509_key_purpose_from_name(const char *name);
+int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen);
+int x509_key_purpose_to_der(int oid, uint8_t **out, size_t *outlen);
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/x509_req.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,100 +7,99 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_X509_REQ_H
-#define GMSSL_X509_REQ_H
-
-
-#include <time.h>
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-#include <gmssl/x509.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-X509 REQ Public API
-
-	x509_req_sign
-	x509_req_verify
-	x509_req_get_details
-	x509_req_print
-	x509_req_to_pem
-	x509_req_from_pem
-*/
-
-
-/*
-from RFC 2986
-
-CertificationRequestInfo ::= SEQUENCE {
-	version                   INTEGER { v1(0) },
-	subject                   Name,
-	subjectPKInfo             SubjectPublicKeyInfo,
-	attributes                [0] IMPLICIT SET OF Attribute }
-*/
-int x509_request_info_to_der(int version, const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key, const uint8_t *attrs, size_t attrs_len,
-	uint8_t **out, size_t *outlen);
-int x509_request_info_from_der(int *version, const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key, const uint8_t **attrs, size_t *attrs_len,
-	const uint8_t **in, size_t *inlen);
-int x509_request_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-/*
-CertificationRequest ::= SEQUENCE {
-	certificationRequestInfo  CertificationRequestInfo,
-	signatureAlgorithm        AlgorithmIdentifier,
-	signature                 BIT STRING }
-*/
-int x509_request_to_der(
-	int version,
-	const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key,
-	const uint8_t *attrs, size_t attrs_len,
-	int signature_algor,
-	const uint8_t *sig, size_t siglen,
-	uint8_t **out, size_t *outlen);
-int x509_request_from_der(
-	int *version,
-	const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key,
-	const uint8_t **attrs, size_t *attrs_len,
-	int *signature_algor,
-	const uint8_t **sig, size_t *siglen,
-	const uint8_t **in, size_t *inlen);
-int x509_request_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
-
-int x509_req_sign(uint8_t *req, size_t *reqlen, size_t maxlen,
-	int version,
-	const uint8_t *subject, size_t subject_len,
-	const SM2_KEY *subject_public_key,
-	const uint8_t *attrs, size_t attrs_len,
-	int signature_algor,
-	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
-int x509_req_verify(const uint8_t *req, size_t reqlen,
-	const SM2_KEY *sign_pubkey, const char *signer_id, size_t signer_id_len);
-int x509_req_get_details(const uint8_t *req, size_t reqlen,
-	int *verison,
-	const uint8_t **subject, size_t *subject_len,
-	SM2_KEY *subject_public_key,
-	const uint8_t **attributes, size_t *attributes_len,
-	int *signature_algor,
-	const uint8_t **signature, size_t *signature_len);
-int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen);
-int x509_req_to_pem(const uint8_t *req, size_t reqlen, FILE *fp);
-int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_X509_REQ_H
+#define GMSSL_X509_REQ_H
+
+
+#include <time.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/oid.h>
+#include <gmssl/asn1.h>
+#include <gmssl/x509.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+X509 REQ Public API
+
+	x509_req_sign
+	x509_req_verify
+	x509_req_get_details
+	x509_req_print
+	x509_req_to_pem
+	x509_req_from_pem
+*/
+
+
+/*
+from RFC 2986
+
+CertificationRequestInfo ::= SEQUENCE {
+	version                   INTEGER { v1(0) },
+	subject                   Name,
+	subjectPKInfo             SubjectPublicKeyInfo,
+	attributes                [0] IMPLICIT SET OF Attribute }
+*/
+int x509_request_info_to_der(int version, const uint8_t *subject, size_t subject_len,
+	const SM2_KEY *subject_public_key, const uint8_t *attrs, size_t attrs_len,
+	uint8_t **out, size_t *outlen);
+int x509_request_info_from_der(int *version, const uint8_t **subject, size_t *subject_len,
+	SM2_KEY *subject_public_key, const uint8_t **attrs, size_t *attrs_len,
+	const uint8_t **in, size_t *inlen);
+int x509_request_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+CertificationRequest ::= SEQUENCE {
+	certificationRequestInfo  CertificationRequestInfo,
+	signatureAlgorithm        AlgorithmIdentifier,
+	signature                 BIT STRING }
+*/
+int x509_request_to_der(
+	int version,
+	const uint8_t *subject, size_t subject_len,
+	const SM2_KEY *subject_public_key,
+	const uint8_t *attrs, size_t attrs_len,
+	int signature_algor,
+	const uint8_t *sig, size_t siglen,
+	uint8_t **out, size_t *outlen);
+int x509_request_from_der(
+	int *version,
+	const uint8_t **subject, size_t *subject_len,
+	SM2_KEY *subject_public_key,
+	const uint8_t **attrs, size_t *attrs_len,
+	int *signature_algor,
+	const uint8_t **sig, size_t *siglen,
+	const uint8_t **in, size_t *inlen);
+int x509_request_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int x509_req_sign(uint8_t *req, size_t *reqlen, size_t maxlen,
+	int version,
+	const uint8_t *subject, size_t subject_len,
+	const SM2_KEY *subject_public_key,
+	const uint8_t *attrs, size_t attrs_len,
+	int signature_algor,
+	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
+int x509_req_verify(const uint8_t *req, size_t reqlen,
+	const SM2_KEY *sign_pubkey, const char *signer_id, size_t signer_id_len);
+int x509_req_get_details(const uint8_t *req, size_t reqlen,
+	int *verison,
+	const uint8_t **subject, size_t *subject_len,
+	SM2_KEY *subject_public_key,
+	const uint8_t **attributes, size_t *attributes_len,
+	int *signature_algor,
+	const uint8_t **signature, size_t *signature_len);
+int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen);
+int x509_req_to_pem(const uint8_t *req, size_t reqlen, FILE *fp);
+int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/x509_str.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,62 +7,61 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_X509_STR_H
-#define GMSSL_X509_STR_H
-
-
-#include <time.h>
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <gmssl/sm2.h>
-#include <gmssl/oid.h>
-#include <gmssl/asn1.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-DirectoryString or DirectoryName
-
-DirectoryName ::= CHOICE {
-	teletexString		TeletexString	(SIZE (1..MAX)),
-	printableString		PrintableString	(SIZE (1..MAX)),
-	universalString		UniversalString	(SIZE (1..MAX)),
-	utf8String		UTF8String	(SIZE (1..MAX)),
-	bmpString		BMPString	(SIZE (1..MAX)),
-}
-*/
-int x509_directory_name_check(int tag, const uint8_t *d, size_t dlen);
-int x509_directory_name_check_ex(int tag, const uint8_t *d, size_t dlen, size_t minlen, size_t maxlen);
-int x509_directory_name_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int x509_directory_name_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-int x509_explicit_directory_name_to_der(int index, int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int x509_explicit_directory_name_from_der(int index, int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-int x509_directory_name_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
-
-
-/*
-DisplayText ::= CHOICE {
-	ia5String		IA5String	(SIZE (1..200)),
-	visibleString		VisibleString	(SIZE (1..200)),
-	bmpString		BMPString	(SIZE (1..200)),
-	utf8String		UTF8String	(SIZE (1..200))
-}
-*/
-#define X509_DISPLAY_TEXT_MIN_LEN 1
-#define X509_DISPLAY_TEXT_MAX_LEN 200
-
-int x509_display_text_check(int tag, const uint8_t *d, size_t dlen);
-int x509_display_text_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
-int x509_display_text_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-int x509_display_text_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_X509_STR_H
+#define GMSSL_X509_STR_H
+
+
+#include <time.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/oid.h>
+#include <gmssl/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+DirectoryString or DirectoryName
+
+DirectoryName ::= CHOICE {
+	teletexString		TeletexString	(SIZE (1..MAX)),
+	printableString		PrintableString	(SIZE (1..MAX)),
+	universalString		UniversalString	(SIZE (1..MAX)),
+	utf8String		UTF8String	(SIZE (1..MAX)),
+	bmpString		BMPString	(SIZE (1..MAX)),
+}
+*/
+int x509_directory_name_check(int tag, const uint8_t *d, size_t dlen);
+int x509_directory_name_check_ex(int tag, const uint8_t *d, size_t dlen, size_t minlen, size_t maxlen);
+int x509_directory_name_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int x509_directory_name_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+int x509_explicit_directory_name_to_der(int index, int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int x509_explicit_directory_name_from_der(int index, int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+int x509_directory_name_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
+
+
+/*
+DisplayText ::= CHOICE {
+	ia5String		IA5String	(SIZE (1..200)),
+	visibleString		VisibleString	(SIZE (1..200)),
+	bmpString		BMPString	(SIZE (1..200)),
+	utf8String		UTF8String	(SIZE (1..200))
+}
+*/
+#define X509_DISPLAY_TEXT_MIN_LEN 1
+#define X509_DISPLAY_TEXT_MAX_LEN 200
+
+int x509_display_text_check(int tag, const uint8_t *d, size_t dlen);
+int x509_display_text_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int x509_display_text_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+int x509_display_text_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/zuc.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -7,140 +7,139 @@
  *  http://www.apache.org/licenses/LICENSE-2.0
  */
 
-
-
-#ifndef GMSSL_ZUC_H
-#define GMSSL_ZUC_H
-
-
-#include <stdlib.h>
-#include <stdint.h>
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
-ZUC Public API
-
-	ZUC_KEY_SIZE
-	ZUC_IV_SIZE
-	ZUC_MAC_SIZE
-
-	ZUC_CTX
-	zuc_encrypt_init
-	zuc_encrypt_update
-	zuc_encrypt_finish
-	zuc_decrypt_init
-	zuc_decrypt_update
-	zuc_decrypt_finish
-
-	ZUC_MAC_CTX
-	zuc_mac_init
-	zuc_mac_update
-	zuc_mac_finish
-
-	zuc_eea_encrypt
-	zuc_eia_generate_mac
-*/
-
-
-# define ZUC_KEY_SIZE	16
-# define ZUC_IV_SIZE	16
-# define ZUC_MAC_SIZE	4
-
-typedef uint32_t ZUC_BIT;
-typedef uint32_t ZUC_UINT5;
-typedef uint8_t  ZUC_UINT6;
-typedef uint32_t ZUC_UINT15;
-typedef uint32_t ZUC_UINT31;
-typedef uint32_t ZUC_UINT32;
-
-typedef struct {
-	ZUC_UINT31 LFSR[16];
-	ZUC_UINT32 R1;
-	ZUC_UINT32 R2;
-} ZUC_STATE;
-
-void zuc_init(ZUC_STATE *state, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]);
-void zuc_generate_keystream(ZUC_STATE *state, size_t nwords, ZUC_UINT32 *words);
-ZUC_UINT32 zuc_generate_keyword(ZUC_STATE *state);
-void zuc_encrypt(ZUC_STATE *state, const uint8_t *in, size_t inlen, uint8_t *out);
-
-typedef struct ZUC_MAC_CTX_st {
-	ZUC_UINT31 LFSR[16];
-	ZUC_UINT32 R1;
-	ZUC_UINT32 R2;
-	ZUC_UINT32 T;
-	ZUC_UINT32 K0;
-	uint8_t buf[4];
-	size_t buflen;
-} ZUC_MAC_CTX;
-
-void zuc_mac_init(ZUC_MAC_CTX *ctx, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]);
-void zuc_mac_update(ZUC_MAC_CTX *ctx, const uint8_t *data, size_t len);
-void zuc_mac_finish(ZUC_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]);
-
-void zuc_eea_encrypt(const ZUC_UINT32 *in, ZUC_UINT32 *out, size_t nbits,
-	const uint8_t key[ZUC_KEY_SIZE], ZUC_UINT32 count, ZUC_UINT5 bearer,
-	ZUC_BIT direction);
-ZUC_UINT32 zuc_eia_generate_mac(const ZUC_UINT32 *data, size_t nbits,
-	const uint8_t key[ZUC_KEY_SIZE], ZUC_UINT32 count, ZUC_UINT5 bearer,
-	ZUC_BIT direction);
-
-
-# define ZUC256_KEY_SIZE	32
-# define ZUC256_IV_SIZE		23
-# define ZUC256_MAC32_SIZE	4
-# define ZUC256_MAC64_SIZE	8
-# define ZUC256_MAC128_SIZE	16
-# define ZUC256_MIN_MAC_SIZE	ZUC256_MAC32_SIZE
-# define ZUC256_MAX_MAC_SIZE	ZUC256_MAC128_SIZE
-
-typedef ZUC_STATE ZUC256_STATE;
-
-void zuc256_init(ZUC256_STATE *state, const uint8_t key[ZUC256_KEY_SIZE], const uint8_t iv[ZUC256_IV_SIZE]);
-#define zuc256_generate_keystream(state,nwords,words) zuc_generate_keystream(state,nwords,words)
-#define zuc256_generate_keyword(state) zuc_generate_keyword(state)
-
-
-typedef struct ZUC256_MAC_CTX_st {
-	ZUC_UINT31 LFSR[16];
-	ZUC_UINT32 R1;
-	ZUC_UINT32 R2;
-	ZUC_UINT32 T[4];
-	ZUC_UINT32 K0[4];
-	uint8_t buf[4];
-	int buflen;
-	int macbits;
-} ZUC256_MAC_CTX;
-
-void zuc256_mac_init(ZUC256_MAC_CTX *ctx, const uint8_t key[ZUC256_KEY_SIZE],
-	const uint8_t iv[ZUC256_IV_SIZE], int macbits);
-void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len);
-void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]);
-
-
-// Public API
-
-typedef struct {
-	ZUC_STATE zuc_state;
-	uint8_t block[4];
-	size_t block_nbytes;
-} ZUC_CTX;
-
-int zuc_encrypt_init(ZUC_CTX *ctx, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]);
-int zuc_encrypt_update(ZUC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int zuc_encrypt_finish(ZUC_CTX *ctx, uint8_t *out, size_t *outlen);
-
-#define zuc_decrypt_init(ctx,key,iv) zuc_encrypt_init(ctx,key,iv)
-#define zuc_decrypt_update(ctx,in,inlen,out,outlen) zuc_encrypt_update(ctx,in,inlen,out,outlen)
-#define zuc_decrypt_finish(ctx,out,outlen) zuc_encrypt_finish(ctx,out,outlen)
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif
+
+#ifndef GMSSL_ZUC_H
+#define GMSSL_ZUC_H
+
+
+#include <stdlib.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+ZUC Public API
+
+	ZUC_KEY_SIZE
+	ZUC_IV_SIZE
+	ZUC_MAC_SIZE
+
+	ZUC_CTX
+	zuc_encrypt_init
+	zuc_encrypt_update
+	zuc_encrypt_finish
+	zuc_decrypt_init
+	zuc_decrypt_update
+	zuc_decrypt_finish
+
+	ZUC_MAC_CTX
+	zuc_mac_init
+	zuc_mac_update
+	zuc_mac_finish
+
+	zuc_eea_encrypt
+	zuc_eia_generate_mac
+*/
+
+
+# define ZUC_KEY_SIZE	16
+# define ZUC_IV_SIZE	16
+# define ZUC_MAC_SIZE	4
+
+typedef uint32_t ZUC_BIT;
+typedef uint32_t ZUC_UINT5;
+typedef uint8_t  ZUC_UINT6;
+typedef uint32_t ZUC_UINT15;
+typedef uint32_t ZUC_UINT31;
+typedef uint32_t ZUC_UINT32;
+
+typedef struct {
+	ZUC_UINT31 LFSR[16];
+	ZUC_UINT32 R1;
+	ZUC_UINT32 R2;
+} ZUC_STATE;
+
+void zuc_init(ZUC_STATE *state, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]);
+void zuc_generate_keystream(ZUC_STATE *state, size_t nwords, ZUC_UINT32 *words);
+ZUC_UINT32 zuc_generate_keyword(ZUC_STATE *state);
+void zuc_encrypt(ZUC_STATE *state, const uint8_t *in, size_t inlen, uint8_t *out);
+
+typedef struct ZUC_MAC_CTX_st {
+	ZUC_UINT31 LFSR[16];
+	ZUC_UINT32 R1;
+	ZUC_UINT32 R2;
+	ZUC_UINT32 T;
+	ZUC_UINT32 K0;
+	uint8_t buf[4];
+	size_t buflen;
+} ZUC_MAC_CTX;
+
+void zuc_mac_init(ZUC_MAC_CTX *ctx, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]);
+void zuc_mac_update(ZUC_MAC_CTX *ctx, const uint8_t *data, size_t len);
+void zuc_mac_finish(ZUC_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]);
+
+void zuc_eea_encrypt(const ZUC_UINT32 *in, ZUC_UINT32 *out, size_t nbits,
+	const uint8_t key[ZUC_KEY_SIZE], ZUC_UINT32 count, ZUC_UINT5 bearer,
+	ZUC_BIT direction);
+ZUC_UINT32 zuc_eia_generate_mac(const ZUC_UINT32 *data, size_t nbits,
+	const uint8_t key[ZUC_KEY_SIZE], ZUC_UINT32 count, ZUC_UINT5 bearer,
+	ZUC_BIT direction);
+
+
+# define ZUC256_KEY_SIZE	32
+# define ZUC256_IV_SIZE		23
+# define ZUC256_MAC32_SIZE	4
+# define ZUC256_MAC64_SIZE	8
+# define ZUC256_MAC128_SIZE	16
+# define ZUC256_MIN_MAC_SIZE	ZUC256_MAC32_SIZE
+# define ZUC256_MAX_MAC_SIZE	ZUC256_MAC128_SIZE
+
+typedef ZUC_STATE ZUC256_STATE;
+
+void zuc256_init(ZUC256_STATE *state, const uint8_t key[ZUC256_KEY_SIZE], const uint8_t iv[ZUC256_IV_SIZE]);
+#define zuc256_generate_keystream(state,nwords,words) zuc_generate_keystream(state,nwords,words)
+#define zuc256_generate_keyword(state) zuc_generate_keyword(state)
+
+
+typedef struct ZUC256_MAC_CTX_st {
+	ZUC_UINT31 LFSR[16];
+	ZUC_UINT32 R1;
+	ZUC_UINT32 R2;
+	ZUC_UINT32 T[4];
+	ZUC_UINT32 K0[4];
+	uint8_t buf[4];
+	int buflen;
+	int macbits;
+} ZUC256_MAC_CTX;
+
+void zuc256_mac_init(ZUC256_MAC_CTX *ctx, const uint8_t key[ZUC256_KEY_SIZE],
+	const uint8_t iv[ZUC256_IV_SIZE], int macbits);
+void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len);
+void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]);
+
+
+// Public API
+
+typedef struct {
+	ZUC_STATE zuc_state;
+	uint8_t block[4];
+	size_t block_nbytes;
+} ZUC_CTX;
+
+int zuc_encrypt_init(ZUC_CTX *ctx, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]);
+int zuc_encrypt_update(ZUC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+int zuc_encrypt_finish(ZUC_CTX *ctx, uint8_t *out, size_t *outlen);
+
+#define zuc_decrypt_init(ctx,key,iv) zuc_encrypt_init(ctx,key,iv)
+#define zuc_decrypt_update(ctx,in,inlen,out,outlen) zuc_encrypt_update(ctx,in,inlen,out,outlen)
+#define zuc_decrypt_finish(ctx,out,outlen) zuc_encrypt_finish(ctx,out,outlen)
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif