More tests

include/gmssl/asn1.h

@@ -85,23 +85,23 @@ enum ASN1_TAG {
 	ASN1_TAG_ObjectDescriptor	= 7,
 	ASN1_TAG_EXTERNAL		= 8,
 	ASN1_TAG_REAL			= 9,
-	ASN1_TAG_ENUMERATED		= 10,
-	ASN1_TAG_EMBEDDED		= 11,
-	ASN1_TAG_UTF8String		= 12,
-	ASN1_TAG_RELATIVE_OID		= 13,
-	ASN1_TAG_NumericString		= 18,
-	ASN1_TAG_PrintableString	= 19, // printable subset of ascii
-	ASN1_TAG_TeletexString		= 20, // T61String
-	ASN1_TAG_VideotexString		= 21,
-	ASN1_TAG_IA5String		= 22, // 7-bit ascii
-	ASN1_TAG_UTCTime		= 23,
-	ASN1_TAG_GeneralizedTime	= 24,
-	ASN1_TAG_GraphicString		= 25,
-	ASN1_TAG_VisibleString		= 26,
-	ASN1_TAG_GeneralString		= 27,
-	ASN1_TAG_UniversalString	= 28,
-	ASN1_TAG_CHARACTER_STRING	= 29,
-	ASN1_TAG_BMPString		= 30, // 2-byte unicode with zeros
+	ASN1_TAG_ENUMERATED		= 10, // 0x0A
+	ASN1_TAG_EMBEDDED		= 11, // 0x0B
+	ASN1_TAG_UTF8String		= 12, // 0x0C
+	ASN1_TAG_RELATIVE_OID		= 13, // 0x0D
+	ASN1_TAG_NumericString		= 18, // 0x12
+	ASN1_TAG_PrintableString	= 19, // 0x13, printable subset of ascii
+	ASN1_TAG_TeletexString		= 20, // 0x14, T61String
+	ASN1_TAG_VideotexString		= 21, // 0x15
+	ASN1_TAG_IA5String		= 22, // 0x16, 7-bit ascii
+	ASN1_TAG_UTCTime		= 23, // 0x17
+	ASN1_TAG_GeneralizedTime	= 24, // 0x18
+	ASN1_TAG_GraphicString		= 25, // 0x19
+	ASN1_TAG_VisibleString		= 26, // 0x20
+	ASN1_TAG_GeneralString		= 27, // 0x21
+	ASN1_TAG_UniversalString	= 28, // 0x22
+	ASN1_TAG_CHARACTER_STRING	= 29, // 0x23
+	ASN1_TAG_BMPString		= 30, // 0x24, 2-byte unicode with zeros
 	ASN1_TAG_SEQUENCE		= 0x30,
 	ASN1_TAG_SET			= 0x31,
 	ASN1_TAG_EXPLICIT		= 0xa0,
@@ -126,6 +126,8 @@ int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint
 int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
 int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 检查输入为TLV
 
+const char *asn1_boolean_name(int val);
+int asn1_boolean_from_name(int *val, const char *name);
 int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen);
 int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen);
 #define asn1_boolean_to_der(val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen)
@@ -182,6 +184,7 @@ int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **
 #define asn1_implicit_octet_string_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
 #define asn1_implicit_octet_string_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
 
+const char *asn1_null_name(void);
 int asn1_null_to_der(uint8_t **out, size_t *outlen);
 int asn1_null_from_der(const uint8_t **in, size_t *inlen);
 

include/gmssl/ec.h

@@ -63,7 +63,7 @@ extern "C" {
 #endif
 
 /*
-curve:
+NamedCurve:
 	OID_sm2
 	OID_prime192v1
 	OID_prime256v1
@@ -71,13 +71,30 @@ curve:
 	OID_secp384r1
 	OID_secp521r1
 */
-const char *ec_curve_name(int curve);
-int ec_curve_from_name(const char *name);
+const char *ec_named_curve_name(int curve);
+int ec_named_curve_from_name(const char *name);
+int ec_named_curve_to_der(int curve, uint8_t **out, size_t *outlen);
+int ec_named_curve_from_der(int *curve, const uint8_t **in, size_t *inlen);
 
-int ec_public_key_algor_to_der(int curve, uint8_t **out, size_t *outlen);
-int ec_public_key_algor_from_der(int *curve, const uint8_t **in, size_t *inlen);
-int ec_public_key_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+/*
+ECPoint ::= OCTET STRING -- uncompressed point
+*/
+int ec_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
+/*
+ECPrivateKey ::= SEQUENCE {
+	version		INTEGER,	-- value MUST be (1)
+	privateKey	OCTET STRING,	-- big endian encoding of integer
+	parameters	[0] EXPLICIT OBJECT IDENTIFIER OPTIONAL, -- namedCurve
+	publicKey	[1] EXPLICIT BIT STRING OPTIONAL -- ECPoint
+}
+*/
+
+enum {
+	EC_private_key_version = 1,
+};
+
+int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 #ifdef __cplusplus
 }

include/gmssl/error.h

@@ -76,11 +76,15 @@ void print_der(const uint8_t *in, size_t inlen);
 void print_bytes(const uint8_t *in, size_t inlen);
 void print_nodes(const uint32_t *in, size_t inlen);
 
+#define FMT_CARRAY 0x80
+
 
 int format_print(FILE *fp, int format, int indent, const char *str, ...);
 int format_bytes(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
 int format_string(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
 
+
+
 //int tls_trace(int format, int indent, const char *str, ...);
 
 

include/gmssl/oid.h

@@ -120,6 +120,9 @@ enum {
 	OID_ce_crl_distribution_points,
 	OID_ce_inhibit_any_policy,
 	OID_ce_freshest_crl,
+	OID_netscape_cert_comment,
+	OID_cert_authority_info_access,
+	OID_ct_precertificate_scts,
 
 	// CRL Extensions
 	//OID_ce_authority_key_identifier,
@@ -237,6 +240,12 @@ id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
 #define oid_pkcs5	oid_pkcs,5
 
 
+#define oid_cnt(nodes)	(sizeof(nodes)/sizeof(int))
+
+
+#define oid_x9_62 1,2,840,10045
+
+
 #ifdef __cplusplus
 }
 #endif

include/gmssl/pbkdf2.h

@@ -66,7 +66,11 @@ extern "C" {
 
 
 int pbkdf2_genkey(const DIGEST *digest,
-	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t count,
+	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
+	size_t outlen, uint8_t *out);
+
+int pbkdf2_hmac_sm3_genkey(
+	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
 	size_t outlen, uint8_t *out);
 
 

include/gmssl/rsa.h

@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2014 - 2021 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+#ifndef GMSSL_RSA_H
+#define GMSSL_RSA_H
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+RSAPublicKey ::= SEQUENCE {
+	modulus			INTEGER,  -- n
+	publicExponent		INTEGER   -- e
+}
+
+RSAPrivateKey ::= SEQUENCE {
+	version			INTEGER, -- 0
+	modulus			INTEGER, -- n
+	publicExponent		INTEGER, -- e
+	privateExponent		INTEGER, -- d
+	prime1			INTEGER, -- p
+	prime2			INTEGER, -- q
+	exponent1		INTEGER, -- d mod (p-1)
+	exponent2		INTEGER, -- d mod (q-1)
+	coefficient		INTEGER  -- q^-1 mod p
+}
+*/
+
+
+int rsa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/sm2.h

@@ -1,4 +1,4 @@
-/*
+/*
  * Copyright (c) 2014 - 2021 The GmSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -68,8 +68,15 @@ typedef struct {
 void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33]);
 void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65]);
 int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen);
+
+/*
+RFC 5480 Elliptic Curve Cryptography Subject Public Key Information
+ECPoint ::= OCTET STRING
+*/
 int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen);
 int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen);
+
+
 int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y);
 int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32]);
 int sm2_point_is_on_curve(const SM2_POINT *P);
@@ -81,14 +88,14 @@ int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POI
 typedef struct {
 	SM2_POINT public_key;
 	uint8_t private_key[32];
-	uint8_t key_usage[4];
 } SM2_KEY;
 
 int sm2_key_generate(SM2_KEY *key);
-int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]);
-int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key);
+int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // 自动生成公钥
+int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // 自动清空私钥，不要和set_private_key同时用
 int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key);
 
+int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key);
 int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key);
 int sm2_public_key_digest(const SM2_KEY *key, uint8_t dgst[32]);
 int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key);
@@ -98,17 +105,21 @@ from RFC 5915
 
 ECPrivateKey ::= SEQUENCE {
 	version		INTEGER,	-- value MUST be (1)
-	privateKey	OCTET STRING,	-- big endian encoding of integer
+	privateKey	OCTET STRING,	-- big endian encoding of integer 这里不是以INTEGER编码的，因此长度固定
 	parameters	[0] EXPLICIT ECParameters OPTIONAL,
 					-- ONLY namedCurve OID is permitted, by RFC 5480
 					-- MUST always include this field, by RFC 5915
-	publicKey	[1] EXPLICIT BIT STRING OPTIONAL
+	publicKey	[1] EXPLICIT BIT STRING OPTIONAL -- compressed_point
 					-- SHOULD always include this field, by RFC 5915 }
 
 ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER }
 */
+#define SM2_PRIVATE_KEY_DEFAULT_SIZE 120 // generated
+#define SM2_PRIVATE_KEY_BUF_SIZE 512 // MUST >= SM2_PRIVATE_KEY_DEFAULT_SIZE
+
 int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
 int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen);
+int sm2_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 int sm2_private_key_to_pem(const SM2_KEY *key, FILE *fp);
 int sm2_private_key_from_pem(SM2_KEY *key, FILE *fp);
 
@@ -141,8 +152,13 @@ PrivateKeyInfo ::= SEQUENCE {
 	privateKey		OCTET STRING, -- DER-encoding of ECPrivateKey
 	attributes		[0] IMPLICIT SET OF Attribute OPTIONAL }
 */
+enum {
+	PKCS8_private_key_info_version = 0,
+};
+
 int sm2_private_key_info_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen);
 int sm2_private_key_info_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, const uint8_t **in, size_t *inlen);
+int sm2_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp);
 int sm2_private_key_info_from_pem(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, FILE *fp);
 
@@ -170,6 +186,7 @@ int sm2_signature_print(FILE *fp, int fmt, int ind, const char *label, const uin
 int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig);
 int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig);
 
+#define SM2_MIN_SIGNATURE_SIZE 8
 #define SM2_MAX_SIGNATURE_SIZE 72
 
 int sm2_sign(const SM2_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
@@ -177,13 +194,10 @@ int sm2_verify(const SM2_KEY *key, const uint8_t dgst[32], const uint8_t *sig, s
 
 
 #define SM2_DEFAULT_ID				"1234567812345678"
-#define SM2_DEFAULT_ID_LENGTH			(sizeof(SM2_DEFAULT_ID) - 1)
+#define SM2_DEFAULT_ID_LENGTH			(sizeof(SM2_DEFAULT_ID) - 1)  // LENGTH for string and SIZE for bytes
 #define SM2_DEFAULT_ID_BITS			(SM2_DEFAULT_ID_LENGTH * 8)
-#define SM2_DEFAULT_ID_DIGEST_LENGTH		SM3_DIGEST_LENGTH
-
 #define SM2_MAX_ID_BITS				65535
 #define SM2_MAX_ID_LENGTH			(SM2_MAX_ID_BITS/8)
-#define SM2_MAX_ID_SIZE				(SM2_MAX_ID_BITS/8)
 
 int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen);
 
@@ -191,7 +205,6 @@ int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t id
 typedef struct {
 	SM2_KEY key;
 	SM3_CTX sm3_ctx;
-	int flags;
 } SM2_SIGN_CTX;
 
 int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen);
@@ -209,29 +222,29 @@ SM2Cipher ::= SEQUENCE {
 	HASH		OCTET STRING SIZE(32),
 	CipherText	OCTET STRING }
 */
+#define SM2_MIN_PLAINTEXT_SIZE	1 // re-compute SM2_MIN_CIPHERTEXT_SIZE when modify
+#define SM2_MAX_PLAINTEXT_SIZE	255 // re-compute SM2_MAX_CIPHERTEXT_SIZE when modify
+
 typedef struct {
 	SM2_POINT point;
 	uint8_t hash[32];
-	uint32_t ciphertext_size;
-	uint8_t ciphertext[1];
+	uint8_t ciphertext_size;
+	uint8_t ciphertext[SM2_MAX_PLAINTEXT_SIZE];
 } SM2_CIPHERTEXT;
 
-#define SM2_MAX_PLAINTEXT_SIZE	256
-#define SM2_MAX_CIPHERTEXT_SIZE	512
-
-#define SM2_CIPHERTEXT_SIZE(inlen) (sizeof(SM2_CIPHERTEXT)-1+(inlen))
-int sm2_ciphertext_size(size_t inlen, size_t *outlen);
 int sm2_ciphertext_to_der(const SM2_CIPHERTEXT *c, uint8_t **out, size_t *outlen);
 int sm2_ciphertext_from_der(SM2_CIPHERTEXT *c, const uint8_t **in, size_t *inlen);
 int sm2_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
 int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out);
 int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, size_t *outlen);
 
+#define SM2_MIN_CIPHERTEXT_SIZE	45 // dependes on SM2_MIN_PLAINTEXT_SIZE
+#define SM2_MAX_CIPHERTEXT_SIZE	366 // depends on SM2_MAX_PLAINTEXT_SIZE
+
 int sm2_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 
 
-
 int sm2_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out);
 
 int sm2_selftest(void);

include/gmssl/x509.h

@@ -310,6 +310,7 @@ IssuerAndSerialNumber ::= SEQUENCE {
 int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen,
 	const uint8_t **issuer, size_t *issuer_len,
 	const uint8_t **serial_number, size_t *serial_number_len);
+int x509_cert_get_issuer(const uint8_t *a, size_t alen, const uint8_t **name, size_t *namelen);
 int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len);
 int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key);
 

include/gmssl/x509_alg.h

@@ -94,10 +94,12 @@ int x509_public_key_encryption_algor_print(FILE *fp, int fmt, int ind, const cha
 
 const char *x509_public_key_algor_name(int oid);
 int x509_public_key_algor_from_name(const char *name);
-int x509_public_key_algor_from_der(int *oid, const uint8_t **params, size_t *paramslen, const uint8_t **in, size_t *inlen);
-int x509_public_key_algor_to_der(int oid, const uint8_t *params, size_t paramslen, uint8_t **out, size_t *outlen);
+int x509_public_key_algor_to_der(int oid, int curve, uint8_t **out, size_t *outlen);
+int x509_public_key_algor_from_der(int *oid, int *curve_or_null, const uint8_t **in, size_t *inlen);
 int x509_public_key_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
+
+
 #ifdef __cplusplus
 }
 #endif

include/gmssl/x509_ext.h

@@ -174,6 +174,21 @@ int x509_general_names_add_general_name(uint8_t *gns, size_t *gnslen, size_t max
 	int choice, const uint8_t *d, size_t dlen);
 int x509_general_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
+int x509_general_names_add_other_name(uint8_t *gns, size_t *gnslen, size_t maxlen,
+	const uint32_t *nodes, size_t nodes_count,
+	const uint8_t *value, size_t value_len);
+#define x509_general_names_add_rfc822_name(a,alen,maxlen,s) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_rfc822_name,(uint8_t*)s,strlen(s))
+#define x509_general_names_add_dns_name(a,alen,maxlen,s) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_dns_name,(uint8_t*)s,strlen(s))
+#define x509_general_names_add_x400_address(a,alen,maxlen,d,dlen) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_x400_address,d,dlen)
+#define x509_general_names_add_directory_name(a,alen,maxlen,d,dlen) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_directory_name,d,dlen)
+int x509_general_names_add_edi_party_name(uint8_t *gns, size_t *gnslen, size_t maxlen,
+	int assigner_tag, const uint8_t *assigner, size_t assigner_len,
+	int party_name_tag, const uint8_t *party_name, size_t party_name_len);
+#define x509_general_names_add_uniform_resource_identifier(a,alen,maxlen,s) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_uniform_resource_identifier,(uint8_t*)s,strlen(s))
+#define x509_general_names_add_ip_address(a,alen,maxlen,s) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_ip_address,(uint8_t*)s,strlen(s))
+int x509_general_names_add_registered_id(uint8_t *gns, size_t *gnslen, size_t maxlen,
+	const uint32_t *nodes, size_t nodes_cnt);
+
 /*
 AuthorityKeyIdentifier ::= SEQUENCE {
 	keyIdentifier			[0] IMPLICIT OCTET STRING OPTIONAL,
@@ -220,6 +235,8 @@ KeyUsage ::= BIT STRING {
 #define X509_KU_ENCIPHER_ONLY		(1 << 7)
 #define X509_KU_DECIPHER_ONLY		(1 << 8)
 
+const char *x509_key_usage_name(int flag);
+int x509_key_usage_from_name(int *flag, const char *name);
 #define x509_key_usage_to_der(bits,out,outlen) asn1_bits_to_der(bits,out,outlen)
 #define x509_key_usage_from_der(bits,in,inlen) asn1_bits_from_der(bits,in,inlen)
 int x509_key_usage_print(FILE *fp, int fmt, int ind, const char *label, int bits);
@@ -266,10 +283,12 @@ PolicyQualifierInfo ::= SEQUENCE {
 	case id-qt-cps		: qualifier ::= IA5String
 	case id-qt-unotice	: qualifier ::= UserNotice
 */
-int x509_policy_qualifier_info_to_der(int oid,
+int x509_policy_qualifier_info_to_der(
+	int oid,
 	const uint8_t *qualifier, size_t qualifier_len,
 	uint8_t **out, size_t *outlen);
-int x509_policy_qualifier_info_from_der(int *oid,
+int x509_policy_qualifier_info_from_der(
+	int *oid,
 	const uint8_t **qualifier, size_t *qualifier_len,
 	const uint8_t **in, size_t *inlen);
 int x509_policy_qualifier_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
@@ -308,7 +327,7 @@ int x509_certificate_policies_print(FILE *fp, int fmt, int ind, const char *labe
 
 /*
 PolicyMapping ::= SEQUENCE {
-	issuerDomainPolicy	CertPolicyId,
+	issuerDomainPolicy	CertPolicyId, -- id-anyPolicy or other undefined
 	subjectDomainPolicy	CertPolicyId }
 */
 int x509_policy_mapping_to_der(
@@ -395,7 +414,8 @@ int x509_general_subtree_print(FILE *fp, int fmt, int ind, const char *label, co
 /*
 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
 */
-int x509_general_subtrees_add_general_subtree(uint8_t *d, size_t *dlen, size_t maxlen,
+// 应该参考general_names_add_xxx来改写这个函数，只是不知道这个函数用的多不多
+int x509_general_subtrees_add_general_subtree(uint8_t *d, size_t *dlen, size_t maxlen, // 这个功能和general_names很类似，只是多了一点点内容
 	int base_choice, const uint8_t *base, size_t base_len,
 	int minimum, int maximum);
 int x509_general_subtrees_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
@@ -431,6 +451,14 @@ int x509_policy_constraints_print(FILE *fp, int fmt, int ind, const char *label,
 
 /*
 ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+KeyPurposeId:
+	OID_kp_server_auth
+	OID_kp_client_auth
+	OID_kp_code_signing
+	OID_kp_email_protection
+	OID_kp_time_stamping
+	OID_kp_ocsp_signing
 */
 #define X509_MAX_KEY_PURPOSES	6
 int x509_ext_key_usage_to_der(const int *oids, size_t oids_cnt, uint8_t **out, size_t *outlen);
@@ -459,6 +487,8 @@ ReasonFlags ::= BIT STRING {
 #define X509_RF_PRIVILEGE_WITHDRAWN	(1 << 7)
 #define X509_RF_AA_COMPROMISE		(1 << 8)
 
+const char *x509_revoke_reason_name(int flag);
+int x509_revoke_reason_from_name(int *flag, const char *name);
 #define x509_revoke_reasons_to_der(bits,out,outlen) asn1_bits_to_der(bits,out,outlen)
 #define x509_revoke_reasons_from_der(bits,in,inlen) asn1_bits_from_der(bits,in,inlen)
 int x509_revoke_reasons_print(FILE *fp, int fmt, int ind, const char *label, int bits);
@@ -525,3 +555,4 @@ FreshestCRL ::= CRLDistributionPoints
 }
 #endif
 #endif
+

include/gmssl/x509_oid.h

@@ -103,6 +103,7 @@ id-ce:
 	OID_ce_crl_distribution_points
 	OID_ce_inhibit_any_policy
 	OID_ce_freshest_crl
+	OID_netscape_cert_comment
 */
 const char *x509_ext_id_name(int oid);
 int x509_ext_id_from_name(const char *name);