diff --git a/include/gmssl/asn1.h b/include/gmssl/asn1.h index a638ad87..32de94bc 100644 --- a/include/gmssl/asn1.h +++ b/include/gmssl/asn1.h @@ -298,8 +298,13 @@ int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen); #define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen) +#if 0 // TODO: why nonempty ? #define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen) #define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen) +#else +#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen) +#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen) +#endif // d,dlen is the V (of TLV) of SEQUENCE OF, SET OF int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt); diff --git a/include/gmssl/ec.h b/include/gmssl/ec.h index a3d90102..91adc44e 100644 --- a/include/gmssl/ec.h +++ b/include/gmssl/ec.h @@ -18,6 +18,8 @@ #include #include #include +#include + #ifdef __cplusplus extern "C" { @@ -50,6 +52,12 @@ ECPrivateKey ::= SEQUENCE { publicKey [1] EXPLICIT BIT STRING OPTIONAL -- ECPoint } */ +// ECPrivateKey when key->algor == OID_ec_public_key +int ec_private_key_to_der(const X509_KEY *key, int encode_params, int encode_pubkey, uint8_t **out, size_t *outlen); +int ec_private_key_from_der(X509_KEY *key, int opt_curve, const uint8_t **in, size_t *inlen); +int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); // from +// X509_KEY lost some information of ECPrivateKey. so no ec_private_key_print_ex(X509_KEY) + enum { EC_private_key_version = 1, diff --git a/include/gmssl/kyber.h b/include/gmssl/kyber.h index 334c4a3e..2802441f 100644 --- a/include/gmssl/kyber.h +++ b/include/gmssl/kyber.h @@ -118,6 +118,9 @@ void kyber_poly_decode1(kyber_poly_t r, const uint8_t in[32]); int kyber_poly_encode1(const kyber_poly_t a, uint8_t out[32]); +// kyber-512 : 2 * 384 + 32 = 800 +// kyber-768 : 3 * 384 + 32 = 1184 +// kyber-1024: 4 * 384 + 32 = 1568 typedef struct { uint8_t t[KYBER_K][384]; uint8_t rho[32]; diff --git a/include/gmssl/oid.h b/include/gmssl/oid.h index e47eb652..748994b3 100644 --- a/include/gmssl/oid.h +++ b/include/gmssl/oid.h @@ -179,6 +179,7 @@ enum { OID_xmss_hashsig, OID_xmssmt_hashsig, OID_sphincs_hashsig, // OID not defined in RFC, so no oid[] + OID_kyber_kem, }; // {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)} @@ -198,6 +199,8 @@ enum { // {iso(1) member-body(2) us(840) ansi-x962(10045)} #define oid_x9_62 1,2,840,10045 +// {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4)} +#define oid_nist_algs 2,16,840,1,101,3,4 #define oid_at 2,5,4 diff --git a/include/gmssl/sm2.h b/include/gmssl/sm2.h index e2004cb2..eb71eee6 100644 --- a/include/gmssl/sm2.h +++ b/include/gmssl/sm2.h @@ -191,6 +191,7 @@ int sm2_sign_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen); int sm2_sign_reset(SM2_SIGN_CTX *ctx); int sm2_sign_finish_fixlen(SM2_SIGN_CTX *ctx, size_t siglen, uint8_t *sig); +// TODO sign_ctx_cleanup! typedef struct { SM3_CTX sm3_ctx; diff --git a/include/gmssl/x509_key.h b/include/gmssl/x509_key.h index 3e1958ef..488da04e 100644 --- a/include/gmssl/x509_key.h +++ b/include/gmssl/x509_key.h @@ -19,11 +19,12 @@ #include #include #include +#include #include #include #include #include -#include +#include #ifdef __cplusplus @@ -36,28 +37,24 @@ typedef struct { int algor_param; union { SM2_KEY sm2_key; + SECP256R1_KEY secp256r1_key; LMS_KEY lms_key; HSS_KEY hss_key; XMSS_KEY xmss_key; XMSSMT_KEY xmssmt_key; SPHINCS_KEY sphincs_key; - SECP256R1_KEY secp256r1_key; + KYBER_KEY kyber_key; } u; - const char *signer_id; - size_t signer_idlen; } X509_KEY; int x509_key_set_sm2_key(X509_KEY *x509_key, const SM2_KEY *sm2_key); +int x509_key_set_secp256r1_key(X509_KEY *x509_key, const SECP256R1_KEY *secp256r1_key); int x509_key_set_lms_key(X509_KEY *x509_key, const LMS_KEY *lms_key); int x509_key_set_hss_key(X509_KEY *x509_key, const HSS_KEY *hss_key); int x509_key_set_xmss_key(X509_KEY *x509_key, const XMSS_KEY *xmss_key); int x509_key_set_xmssmt_key(X509_KEY *x509_key, const XMSSMT_KEY *xmssmt_key); int x509_key_set_sphincs_key(X509_KEY *x509_key, const SPHINCS_KEY *sphincs_key); -int x509_key_set_secp256r1_key(X509_KEY *x509_key, const SECP256R1_KEY *secp256r1_key); - -// hss_key_generate need lms_types[] as input, encode lms_types[] into (int)algor_param -int x509_algor_param_from_lms_types(int *algor_param, const int *lms_types, size_t num); -int x509_algor_param_to_lms_types(int algor_param, int lms_types[5], size_t *num); +int x509_key_set_kyber_key(X509_KEY *x509_key, const KYBER_KEY *kyber_key); /* algor: algor_param: @@ -69,45 +66,61 @@ int x509_algor_param_to_lms_types(int algor_param, int lms_types[5], size_t *num OID_xmsssmt_hashsig xmssmt_type OID_sphincs_hashsig OID_undef */ -int x509_key_generate(X509_KEY *key, int algor, int algor_param); -int x509_private_key_from_file(X509_KEY *key, int algor, const char *pass, FILE *fp); +int x509_key_generate(X509_KEY *key, int algor, const void *param, size_t paramlen); void x509_key_cleanup(X509_KEY *key); - -// SM2_PUBLIC_KEY_SIZE = 65 -// LMS_PUBLIC_KEY_SIZE = 56 -// HSS_PUBLIC_KEY_SIZE = 60 -// XMSS_PUBLIC_KEY_SIZE = 68 -// XMSSMT_PUBLIC_KEY_SIZE = 68 -// SPHINCS_PUBLIC_KEY_SIZE = 32 -// SECP256R1_PUBLIC_KEY_SIZE = 65 -#define X509_PUBLIC_KEY_MAX_SIZE 68 +/* + x509_public_key_to_bytes() outlen + ecPublicKey: 65 + lms-hashsig: 56 + hss-lms-hashsig: 60 + xmss-hashsig: 68 + xmssmt-hashsig: 68 + sphincs-hashsig: 32 + kyber-kem: 800/1184/1568 for kyber 512/768/1024 +*/ +#define X509_PUBLIC_KEY_MAX_SIZE 1184 int x509_public_key_to_bytes(const X509_KEY *key, uint8_t **out, size_t *outlen); +int x509_public_key_from_bytes(X509_KEY *key, int algor, int algor_param, const uint8_t **in, size_t *inlen); int x509_public_key_digest(const X509_KEY *key, uint8_t dgst[32]); int x509_public_key_equ(const X509_KEY *key, const X509_KEY *pub); int x509_public_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key); -int x509_private_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key); +int x509_private_key_print_ex(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key); -// X.509 SubjectPublicKeyInfo +/* + X.509 SubjectPublicKeyInfo + + x509_public_key_info_to_der() outlen + ecPublicKey: 91 + lms-hashsig: 79 + hss-lms-hashsig: 82 + xmss-hashsig: 87 + xmssmt-hashsig: 87 + sphincs-hashsig: 52 + kyber-kem: +*/ +#define X509_PUBLIC_KEY_INFO_MAX_SIZE 1280 // for kyber and 91 for others int x509_public_key_info_to_der(const X509_KEY *key, uint8_t **out, size_t *outlen); int x509_public_key_info_from_der(X509_KEY *key, const uint8_t **in, size_t *inlen); int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); + // ECPrivateKey when key->algor == OID_ec_public_key int ec_private_key_to_der(const X509_KEY *key, int encode_params, int encode_pubkey, uint8_t **out, size_t *outlen); int ec_private_key_from_der(X509_KEY *key, int opt_curve, const uint8_t **in, size_t *inlen); +int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); // from +// X509_KEY lost some information of ECPrivateKey. so no ec_private_key_print_ex(X509_KEY) -// 没有打印的函数! // PKCS #8 PrivateKeyInfo // PrivateKeyInfo.algor.parameters has the named_curve // so omit the optional ECPrivateKey params(named_curve) a nd omit the public_key -#define X509_ENCODE_EC_PRIVATE_KEY_PARAMS 1 +#define X509_ENCODE_EC_PRIVATE_KEY_PARAMS 0 #define X509_ENCODE_EC_PRIVATE_KEY_PUBKEY 1 int x509_private_key_info_to_der(const X509_KEY *key, uint8_t **out, size_t *outlen); int x509_private_key_info_from_der(X509_KEY *key, const uint8_t **attrs, size_t *attrslen, const uint8_t **in, size_t *inlen); -// 没有打印的函数 +// TODO: no x509_private_key_info_print // PKCS #8 EncryptedPrivateKeyInfo #define PKCS8_ENCED_PRIVATE_KEY_INFO_ITER 65536 @@ -117,9 +130,6 @@ int x509_private_key_info_decrypt_from_der(X509_KEY *x509_key, const uint8_t **attrs, size_t *attrs_len, const char *pass, const uint8_t **in, size_t *inlen); -// require stdio -int x509_private_key_info_encrypt_to_pem(const X509_KEY *key, const char *pass, FILE *fp); -int x509_private_key_info_decrypt_from_pem(X509_KEY *key, const uint8_t **attrs, size_t *attrslen, const char *pass, FILE *fp); // SM2_SIGNATURE_MAX_SIZE = 72 @@ -147,15 +157,17 @@ typedef struct { union { SM2_SIGN_CTX sm2_sign_ctx; SM2_VERIFY_CTX sm2_verify_ctx; + ECDSA_SIGN_CTX ecdsa_sign_ctx; + LMS_SIGN_CTX lms_sign_ctx; HSS_SIGN_CTX hss_sign_ctx; XMSS_SIGN_CTX xmss_sign_ctx; XMSSMT_SIGN_CTX xmssmt_sign_ctx; SPHINCS_SIGN_CTX sphincs_sign_ctx; - ECDSA_SIGN_CTX ecdsa_sign_ctx; } u; int sign_algor; uint8_t sig[X509_SIGNATURE_MAX_SIZE]; size_t siglen; + size_t fixed_siglen; } X509_SIGN_CTX; @@ -176,20 +188,50 @@ int x509_key_get_signature_size(const X509_KEY *key, size_t *siglen); // sm2 SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH // TLS13_SM2_ID, TLS13_SM2_ID_LENGTH // sphincs optiona_random, 16 + + +/* + x509_sign_init argumetns + + x509_key->algor:algor_param ctx->sign_algor args argslen + ------------------------------------------------------------------------------------------------ + OID_ec_public_key:OID_sm2 OID_sm2sign_with_sm3 char *id idlen + NULL 0 use SM2_DEFAULT_ID + OID_ec_public_key:OID_secp256r1 OID_ecdsa_with_sha256 NULL 0 + OID_lms_hashsig:OID_undef OID_lms_hashsig NULL 0 + OID_hss_lms_hashsig:OID_undef OID_hss_lms_hashsig NULL 0 + OID_xmss_hashsig:OID_undef OID_xmss_hashsig NULL 0 + OID_xmssmt_hashsig:OID_undef OID_xmssmt_hashsig NULL 0 + OID_sphincs_hashsig:OID_undef OID_sphincs_hashsig u8 rand[16] 16 randomized signature + NULL 0 deterministic signature +*/ int x509_sign_init(X509_SIGN_CTX *ctx, X509_KEY *key, const void *args, size_t argslen); +int x509_sign_set_signature_size(X509_SIGN_CTX *ctx, size_t siglen); int x509_sign_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); int x509_sign_finish(X509_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen); +int x509_sign(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen, uint8_t *sig, size_t *siglen); int x509_verify_init(X509_SIGN_CTX *ctx, const X509_KEY *key, const void *args, size_t argslen, const uint8_t *sig, size_t siglen); int x509_verify_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); int x509_verify_finish(X509_SIGN_CTX *ctx); +int x509_verify(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); void x509_sign_ctx_cleanup(X509_SIGN_CTX *ctx); - // ECDH for key->algor == OID_ec_public_key int x509_key_do_exchange(const X509_KEY *key, const X509_KEY *peer_pub, uint8_t *out, size_t *outlen); int x509_key_exchange(const X509_KEY *key, const uint8_t *peer_pub, size_t peer_publen, uint8_t *out, size_t *outlen); +// KEM +#define X509_KEM_CIPHERTEXT_SIZE sizeof(KYBER_CIPHERTEXT) +int x509_key_encapsulate(const X509_KEY *key, uint8_t *ciphertext, size_t *ciphertext_len, uint8_t secret[32]); +int x509_key_decapsulate(const X509_KEY *key, const uint8_t *ciphertext, size_t ciphertext_len, uint8_t secret[32]); + + +// require stdio +int x509_private_key_info_encrypt_to_pem(const X509_KEY *key, const char *pass, FILE *fp); +int x509_private_key_info_decrypt_from_pem(X509_KEY *key, const uint8_t **attrs, size_t *attrslen, const char *pass, FILE *fp); +int x509_private_key_from_file(X509_KEY *key, int algor, const char *pass, FILE *fp); + #ifdef __cplusplus } diff --git a/include/gmssl/xmss.h b/include/gmssl/xmss.h index 5688f673..a0916293 100644 --- a/include/gmssl/xmss.h +++ b/include/gmssl/xmss.h @@ -270,7 +270,9 @@ typedef struct { int xmss_sign_init(XMSS_SIGN_CTX *ctx, XMSS_KEY *key); int xmss_sign_update(XMSS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); +int xmss_sign_finish_ex(XMSS_SIGN_CTX *ctx, XMSS_SIGNATURE *sig); int xmss_sign_finish(XMSS_SIGN_CTX *ctx, uint8_t *sigbuf, size_t *siglen); +int xmss_verify_init_ex(XMSS_SIGN_CTX *ctx, const XMSS_KEY *key, const XMSS_SIGNATURE *sig); int xmss_verify_init(XMSS_SIGN_CTX *ctx, const XMSS_KEY *key, const uint8_t *sigbuf, size_t siglen); int xmss_verify_update(XMSS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); int xmss_verify_finish(XMSS_SIGN_CTX *ctx); diff --git a/src/secp256r1.c b/src/secp256r1.c index aff453c6..81e50e3b 100644 --- a/src/secp256r1.c +++ b/src/secp256r1.c @@ -502,23 +502,26 @@ void secp256r1_point_sub(SECP256R1_POINT *R, const SECP256R1_POINT *P, const SEC void secp256r1_point_mul(SECP256R1_POINT *R, const secp256r1_t k, const SECP256R1_POINT *P) { + SECP256R1_POINT T; uint32_t bits; int nbits; int i; - secp256r1_point_set_infinity(R); + secp256r1_point_set_infinity(&T); for (i = 7; i >= 0; i--) { bits = k[i]; nbits = 32; while (nbits-- > 0) { - secp256r1_point_dbl(R, R); + secp256r1_point_dbl(&T, &T); if (bits & 0x80000000) { - secp256r1_point_add(R, R, P); + secp256r1_point_add(&T, &T, P); } bits <<= 1; } } + + secp256r1_point_copy(R, &T); } void secp256r1_point_mul_generator(SECP256R1_POINT *R, const secp256r1_t k) diff --git a/src/sm2_sign.c b/src/sm2_sign.c index b9412c63..6aff3b0a 100644 --- a/src/sm2_sign.c +++ b/src/sm2_sign.c @@ -567,8 +567,6 @@ int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen) sm3_finish(&ctx->sm3_ctx, dgst); - format_bytes(stderr, 0, 4, "signed dgst", dgst, 32); - if (ctx->num_pre_comp == 0) { if (sm2_fast_sign_pre_compute(ctx->pre_comp) != 1) { error_print(); @@ -672,8 +670,6 @@ int sm2_verify_finish(SM2_VERIFY_CTX *ctx, const uint8_t *sigbuf, size_t siglen) sm3_finish(&ctx->sm3_ctx, dgst); - format_bytes(stderr, 0, 4, "verify dgst", dgst, 32); - if (sm2_fast_verify(ctx->public_point_table, dgst, &sig) != 1) { error_print(); return -1; diff --git a/src/sphincs.c b/src/sphincs.c index 47cfbeab..5bd491a1 100644 --- a/src/sphincs.c +++ b/src/sphincs.c @@ -1418,6 +1418,7 @@ int sphincs_signature_print(FILE *fp, int fmt, int ind, const char *label, const return 1; } +// when opt_rand is null, generate a determistic signature (without random) int sphincs_sign_init_ex(SPHINCS_SIGN_CTX *ctx, const SPHINCS_KEY *key, const sphincs_hash128_t opt_rand) { if (!ctx || !key) { diff --git a/src/tls12.c b/src/tls12.c index 352c9d00..ec7c631a 100644 --- a/src/tls12.c +++ b/src/tls12.c @@ -781,11 +781,10 @@ int tls_send_server_key_exchange(TLS_CONNECT *conn) tls_trace("send ServerKeyExchange\n"); - if (conn->recordlen == 0) { + int curve_oid = tls_named_curve_oid(conn->ecdh_named_curve); // generate server ecdh_key - if (x509_key_generate(&conn->ecdh_key, - OID_ec_public_key, tls_named_curve_oid(conn->ecdh_named_curve)) != 1) { + if (x509_key_generate(&conn->ecdh_key, OID_ec_public_key, &curve_oid, sizeof(curve_oid)) != 1) { error_print(); return -1; } @@ -1371,8 +1370,8 @@ int tls_send_client_key_exchange(TLS_CONNECT *conn) // 因此在接收到服务器的公钥之后,应该保存这个信息 if (conn->recordlen == 0) { - if (x509_key_generate(&conn->ecdh_key, - OID_ec_public_key, tls_named_curve_oid(conn->ecdh_named_curve)) != 1) { + int curve_oid = tls_named_curve_oid(conn->ecdh_named_curve); + if (x509_key_generate(&conn->ecdh_key, OID_ec_public_key, &curve_oid, sizeof(curve_oid)) != 1) { error_print(); return -1; } diff --git a/src/x509_alg.c b/src/x509_alg.c index 7280e0a0..864e0bf1 100644 --- a/src/x509_alg.c +++ b/src/x509_alg.c @@ -279,10 +279,8 @@ static uint32_t oid_lms_hashsig[] = { oid_pkcs,9,16,3,17,1 }; // TODO: not offi static uint32_t oid_xmss_hashsig[] = { oid_alg, 34 }; static uint32_t oid_xmssmt_hashsig[] = { oid_alg, 35 }; -// joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) -#define oid_nist_algs 2,16,840,1,101,3,4 static uint32_t oid_sphincs_hashsig[] = { oid_nist_algs,3,20 }; // TODO: sphincs+ 128s with sha256, not officially defined - +static uint32_t oid_kyber_kem[] = { oid_nist_algs,22,4 }; /* from RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography @@ -606,6 +604,7 @@ static const ASN1_OID_INFO x509_public_key_algors[] = { #ifdef ENABLE_SPHINCS { OID_sphincs_hashsig, "sphincs-hashsig", oid_sphincs_hashsig, sizeof(oid_sphincs_hashsig)/sizeof(int), 1 }, #endif + { OID_kyber_kem, "kyber-kem", oid_kyber_kem, sizeof(oid_kyber_kem)/sizeof(int), 1 }, }; static const int x509_public_key_algors_count = @@ -631,6 +630,7 @@ int x509_public_key_algor_from_name(const char *name) return info->oid; } +// FIXME: add kyber, and use same code for LMS/XMSS/SPHINCS... int x509_public_key_algor_to_der(int oid, int curve_or_null, uint8_t **out, size_t *outlen) { size_t len = 0; @@ -714,6 +714,16 @@ int x509_public_key_algor_to_der(int oid, int curve_or_null, uint8_t **out, size } break; #endif + case OID_kyber_kem: + if (asn1_object_identifier_to_der(oid_kyber_kem, sizeof(oid_kyber_kem)/sizeof(int), NULL, &len) != 1 + || asn1_null_to_der(NULL, &len) != 1 + || asn1_sequence_header_to_der(len, out, outlen) != 1 + || asn1_object_identifier_to_der(oid_kyber_kem, sizeof(oid_kyber_kem)/sizeof(int), out, outlen) != 1 + || asn1_null_to_der(out, outlen) != 1) { + error_print(); + return -1; + } + break; default: error_print(); return -1; @@ -772,6 +782,7 @@ int x509_public_key_algor_from_der(int *oid , int *curve_or_null, const uint8_t case OID_xmssmt_hashsig: #endif case OID_sphincs_hashsig: + case OID_kyber_kem: // for hashsigs, parmaeters is set to empty if ((ret = asn1_null_from_der(&d, &dlen)) < 0 || asn1_length_is_zero(dlen) != 1) { @@ -779,7 +790,7 @@ int x509_public_key_algor_from_der(int *oid , int *curve_or_null, const uint8_t return -1; } if (ret == 1) { - error_print(); + //error_print(); } *curve_or_null = OID_undef; break; diff --git a/src/x509_cer.c b/src/x509_cer.c index 11761e54..16e927fa 100644 --- a/src/x509_cer.c +++ b/src/x509_cer.c @@ -905,6 +905,7 @@ int x509_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_ return 1; } +/* int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen) { const uint8_t *p = d; @@ -937,6 +938,7 @@ err: error_print(); return -1; } +*/ int x509_explicit_exts_to_der(int index, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen) { @@ -1119,6 +1121,9 @@ int x509_cert_sign_to_der( error_print(); return -1; } + if (sign_key->algor == OID_ec_public_key) { + siglen = SM2_signature_typical_size; + } if (x509_tbs_cert_to_der( version, @@ -1167,9 +1172,18 @@ int x509_cert_sign_to_der( sign_args = SM2_DEFAULT_ID; sign_argslen = SM2_DEFAULT_ID_LENGTH; } - if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1 - || x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1 - || x509_sign_finish(&sign_ctx, sig, &siglen) != 1) { + if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1) { + error_print(); + return -1; + } + if (sign_key->algor == OID_ec_public_key) { + if (x509_sign_set_signature_size(&sign_ctx, siglen) != 1) { + gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx)); + error_print(); + return -1; + } + } + if (x509_sign(&sign_ctx, tbs, *out - tbs, sig, &siglen) != 1) { gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx)); error_print(); return -1; diff --git a/src/x509_crl.c b/src/x509_crl.c index 31ffcbf3..37746b13 100644 --- a/src/x509_crl.c +++ b/src/x509_crl.c @@ -1444,6 +1444,9 @@ int x509_crl_sign_to_der( error_print(); return -1; } + if (sign_key->algor == OID_ec_public_key) { + siglen = SM2_signature_typical_size; + } if (x509_tbs_crl_to_der(version, sig_alg, issuer, issuer_len, this_update, next_update, revoked_certs, revoked_certs_len, @@ -1472,9 +1475,18 @@ int x509_crl_sign_to_der( sign_args = SM2_DEFAULT_ID; sign_argslen = SM2_DEFAULT_ID_LENGTH; } - if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1 - || x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1 - || x509_sign_finish(&sign_ctx, sig, &siglen) != 1) { + if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1) { + error_print(); + return -1; + } + if (sign_key->algor == OID_ec_public_key) { + if (x509_sign_set_signature_size(&sign_ctx, siglen) != 1) { + gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx)); + error_print(); + return -1; + } + } + if (x509_sign(&sign_ctx, tbs, *out - tbs, sig, &siglen) != 1) { gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx)); error_print(); return -1; diff --git a/src/x509_key.c b/src/x509_key.c index 6ebd8e99..1cf8eb0b 100644 --- a/src/x509_key.c +++ b/src/x509_key.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -35,8 +36,19 @@ int x509_key_set_sm2_key(X509_KEY *x509_key, const SM2_KEY *sm2_key) x509_key->algor = OID_ec_public_key; x509_key->algor_param = OID_sm2; x509_key->u.sm2_key = *sm2_key; - x509_key->signer_id = SM2_DEFAULT_ID; - x509_key->signer_idlen = SM2_DEFAULT_ID_LENGTH; + return 1; +} + +int x509_key_set_secp256r1_key(X509_KEY *x509_key, const SECP256R1_KEY *secp256r1_key) +{ + if (!x509_key || !secp256r1_key) { + error_print(); + return -1; + } + memset(x509_key, 0, sizeof(X509_KEY)); + x509_key->algor = OID_ec_public_key; + x509_key->algor_param = OID_secp256r1; + x509_key->u.secp256r1_key = *secp256r1_key; return 1; } @@ -105,500 +117,131 @@ int x509_key_set_sphincs_key(X509_KEY *x509_key, const SPHINCS_KEY *sphincs_key) return 1; } -int x509_key_set_secp256r1_key(X509_KEY *x509_key, const SECP256R1_KEY *secp256r1_key) +int x509_key_set_kyber_key(X509_KEY *x509_key, const KYBER_KEY *kyber_key) { - if (!x509_key || !secp256r1_key) { + if (!x509_key || !kyber_key) { error_print(); return -1; } memset(x509_key, 0, sizeof(X509_KEY)); - x509_key->algor = OID_ec_public_key; - x509_key->algor_param = OID_secp256r1; - x509_key->u.secp256r1_key = *secp256r1_key; + x509_key->algor = OID_kyber_kem; + x509_key->algor_param = OID_undef; + x509_key->u.kyber_key = *kyber_key; return 1; } -// currently the lms_type(s) of SHA-256 and SM3 are smaller than 4-bit -// so we encode the lms_types into 4-bit array and int value -// TODO: if max lms_type > 15, this function must be change! -int x509_algor_param_from_lms_types(int *algor_param, const int *lms_types, size_t num) +int x509_key_generate(X509_KEY *key, int algor, const void *param, size_t paramlen) { - if (!algor_param || !lms_types || !num) { - error_print(); - return -1; - } - if (num > HSS_MAX_LEVELS) { - error_print(); - return -1; - } + int param_val; - *algor_param = 0; - while (num--) { - if (lms_types[num] < 0 || lms_types[num] > 15) { - error_print(); - return -1; - } - *algor_param <<= 4; - *algor_param |= lms_types[num] & 0x0f; - } - return 1; -} - -int x509_algor_param_to_lms_types(int algor_param, int lms_types[5], size_t *num) -{ - if (!lms_types || !num) { - error_print(); - return -1; - } - for (*num = 0; *num < 5; (*num)++) { - if (!algor_param) { - break; - } - lms_types[*num] = algor_param & 0x0f; - if (!lms_type_name(lms_types[*num])) { - error_print(); - return -1; - } - algor_param >>= 4; - } - return 1; -} - -int x509_key_generate(X509_KEY *key, int algor, int algor_param) -{ if (!key) { error_print(); return -1; } - memset(key, 0, sizeof(X509_KEY)); + memset(key, 0, sizeof(X509_KEY)); key->algor = algor; key->algor_param = OID_undef; switch (algor) { case OID_ec_public_key: - if (algor_param == OID_sm2) { - if (sm2_key_generate(&key->u.sm2_key) != 1) { - error_print(); - return -1; - } - key->signer_id = SM2_DEFAULT_ID; - key->signer_idlen = SM2_DEFAULT_ID_LENGTH; - } else if (algor_param == OID_secp256r1) { - if (secp256r1_key_generate(&key->u.secp256r1_key) != 1) { - error_print(); - return -1; - } - } else { - error_print(); - return -1; - } - key->algor_param = algor_param; // only OID_ec_public_key has parameters - break; case OID_lms_hashsig: - if (!lms_type_name(algor_param)) { + case OID_xmss_hashsig: + case OID_xmssmt_hashsig: + if (!param) { error_print(); return -1; } - if (lms_key_generate(&key->u.lms_key, algor_param) != 1) { + if (paramlen != sizeof(int)) { error_print(); return -1; } + param_val = *(const int *)param; break; case OID_hss_lms_hashsig: - { - int lms_types[5]; - size_t num; - if (x509_algor_param_to_lms_types(algor_param, lms_types, &num) != 1) { - error_print(); - return -1; - } - if (hss_key_generate(&key->u.hss_key, lms_types, num) != 1) { - error_print(); - return -1; - } - } - break; - case OID_xmss_hashsig: - if (!xmss_type_name((uint32_t)algor_param)) { + if (!param) { error_print(); return -1; } - if (xmss_key_generate(&key->u.xmss_key, (uint32_t)algor_param) != 1) { + if (paramlen < sizeof(int)) { error_print(); return -1; } - break; - case OID_xmssmt_hashsig: - if (!xmssmt_type_name((uint32_t)algor_param)) { - error_print(); - return -1; - } - if (xmssmt_key_generate(&key->u.xmssmt_key, (uint32_t)algor_param) != 1) { + if (paramlen % sizeof(int)) { error_print(); return -1; } break; case OID_sphincs_hashsig: - if (algor_param != OID_undef) { + if (param || paramlen) { error_print(); return -1; } + break; + case OID_kyber_kem: + if (param && paramlen != 32) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + + switch (algor) { + case OID_ec_public_key: + switch (param_val) { + case OID_sm2: + if (sm2_key_generate(&key->u.sm2_key) != 1) { + error_print(); + return -1; + } + break; + case OID_secp256r1: + if (secp256r1_key_generate(&key->u.secp256r1_key) != 1) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + key->algor_param = param_val; + break; + case OID_lms_hashsig: + if (lms_key_generate(&key->u.lms_key, param_val) != 1) { + error_print(); + return -1; + } + break; + case OID_hss_lms_hashsig: + if (hss_key_generate(&key->u.hss_key, (int *)param, paramlen/sizeof(int)) != 1) { + error_print(); + return -1; + } + break; + case OID_xmss_hashsig: + if (xmss_key_generate(&key->u.xmss_key, param_val) != 1) { + error_print(); + return -1; + } + break; + case OID_xmssmt_hashsig: + if (xmssmt_key_generate(&key->u.xmssmt_key, param_val) != 1) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: if (sphincs_key_generate(&key->u.sphincs_key) != 1) { error_print(); return -1; } break; - default: - error_print(); - return -1; - } - - return 1; -} - - - - - - - - - - - - - - - - - - - - - - - - - - -int x509_public_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key) -{ - switch (key->algor) { - case OID_ec_public_key: - if (key->algor_param == OID_sm2) { - if (sm2_public_key_print(fp, fmt, ind, label, &key->u.sm2_key) != 1) { - error_print(); - return -1; - } - } else if (key->algor_param == OID_secp256r1) { - if (secp256r1_public_key_print(fp, fmt, ind, label, &key->u.secp256r1_key) != 1) { - error_print(); - return -1; - } - } else { - error_print(); - return -1; - } - break; - case OID_lms_hashsig: - if (lms_public_key_print(fp, fmt, ind, label, &key->u.lms_key) != 1) { - error_print(); - return -1; - } - break; - case OID_hss_lms_hashsig: - if (hss_public_key_print(fp, fmt, ind, label, &key->u.hss_key) != 1) { - error_print(); - return -1; - } - break; - case OID_xmss_hashsig: - if (xmss_public_key_print(fp, fmt, ind, label, &key->u.xmss_key) != 1) { - error_print(); - return -1; - } - break; - case OID_xmssmt_hashsig: - if (xmssmt_public_key_print(fp, fmt, ind, label, &key->u.xmssmt_key) != 1) { - error_print(); - return -1; - } - break; - case OID_sphincs_hashsig: - if (sphincs_public_key_print(fp, fmt, ind, label, &key->u.sphincs_key) != 1) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - return 1; -} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -int x509_key_get_sign_algor(const X509_KEY *key, int *algor) -{ - if (!key || !algor) { - error_print(); - return -1; - } - - if (key->algor == OID_ec_public_key) { - if (key->algor_param == OID_sm2) { - *algor = OID_sm2sign_with_sm3; - return 1; - } else if (key->algor_param == OID_secp256r1) { - *algor = OID_ecdsa_with_sha256; - return 1; - } else { - error_print(); - return -1; - } - } - - switch (key->algor) { - case OID_lms_hashsig: - case OID_hss_lms_hashsig: - case OID_xmss_hashsig: - case OID_xmssmt_hashsig: - case OID_sphincs_hashsig: - *algor = key->algor; - break; - default: - fprintf(stderr, "key->algor = %d\n", key->algor); - error_print(); - return -1; - } - return 1; -} - -int x509_public_key_digest(const X509_KEY *key, uint8_t dgst[32]) -{ - SM3_CTX ctx; - uint8_t bits[X509_PUBLIC_KEY_MAX_SIZE]; - uint8_t *p = bits; - size_t len = 0; - - if (x509_public_key_to_bytes(key, &p, &len) != 1) { - error_print(); - return -1; - } - sm3_init(&ctx); - sm3_update(&ctx, bits, len); - sm3_finish(&ctx, dgst); - return 1; -} - -int x509_public_key_equ(const X509_KEY *key, const X509_KEY *pub) -{ - if (!key || !pub) { - error_print(); - return -1; - } - if (key->algor != pub->algor) { - error_print(); - return -1; - } - if (key->algor_param != pub->algor_param) { - error_print(); - return -1; - } - switch (key->algor) { - case OID_ec_public_key: - if (key->algor_param == OID_sm2) { - if (sm2_public_key_equ(&key->u.sm2_key, &pub->u.sm2_key) != 1) { - error_print(); - return -1; - } - } else if (key->algor_param == OID_secp256r1) { - if (secp256r1_public_key_equ(&key->u.secp256r1_key, &pub->u.secp256r1_key) != 1) { - error_print(); - return -1; - } - } else { - error_print(); - return -1; - } - break; - case OID_lms_hashsig: - if (memcmp(&key->u.lms_key.public_key, - &pub->u.lms_key.public_key, LMS_PUBLIC_KEY_SIZE) != 0) { - error_print(); - return -1; - } - break; - case OID_hss_lms_hashsig: - if (hss_public_key_equ(&key->u.hss_key, &pub->u.hss_key) != 1) { - error_print(); - return -1; - } - break; - case OID_xmss_hashsig: - if (memcmp(&key->u.xmss_key.public_key, - &pub->u.xmss_key.public_key, XMSS_PUBLIC_KEY_SIZE) != 0) { - error_print(); - return -1; - } - break; - case OID_xmssmt_hashsig: - if (memcmp(&key->u.xmssmt_key.public_key, - &pub->u.xmssmt_key.public_key, XMSSMT_PUBLIC_KEY_SIZE) != 0) { - error_print(); - return -1; - } - break; - case OID_sphincs_hashsig: - if (memcmp(&key->u.sphincs_key.public_key, - &pub->u.sphincs_key.public_key, SPHINCS_PUBLIC_KEY_SIZE) != 0) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - return 1; -} - -int x509_key_get_signature_size(const X509_KEY *key, size_t *siglen) -{ - switch (key->algor) { - case OID_ec_public_key: - *siglen = SM2_signature_typical_size; - break; - case OID_lms_hashsig: - if (lms_key_get_signature_size(&key->u.lms_key, siglen) != 1) { - error_print(); - return -1; - } - break; - case OID_hss_lms_hashsig: - if (hss_key_get_signature_size(&key->u.hss_key, siglen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmss_hashsig: - if (xmss_key_get_signature_size(&key->u.xmss_key, siglen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmssmt_hashsig: - if (xmssmt_key_get_signature_size(&key->u.xmssmt_key, siglen) != 1) { - error_print(); - return -1; - } - break; - case OID_sphincs_hashsig: - *siglen = SPHINCS_SIGNATURE_SIZE; - break; - default: - error_print(); - return -1; - } - return 1; -} - -// 现在还不支持SPHINCS+呢! -int x509_sign_init(X509_SIGN_CTX *ctx, X509_KEY *key, const void *args, size_t argslen) -{ - if (!ctx || !key) { - error_print(); - return -1; - } - if (args && !argslen) { - error_print(); - return -1; - } - - switch (key->algor) { - case OID_hss_lms_hashsig: - if (hss_sign_init(&ctx->u.hss_sign_ctx, &key->u.hss_key) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = key->algor; - break; - case OID_xmss_hashsig: - if (xmss_sign_init(&ctx->u.xmss_sign_ctx, &key->u.xmss_key) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = key->algor; - break; - case OID_xmssmt_hashsig: - if (xmssmt_sign_init(&ctx->u.xmssmt_sign_ctx, &key->u.xmssmt_key) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = key->algor; - break; - case OID_ec_public_key: - if (key->algor_param == OID_sm2) { - const char *signer_id = SM2_DEFAULT_ID; - size_t signer_idlen = SM2_DEFAULT_ID_LENGTH; - if (args) { - signer_id = (char *)args; - signer_idlen = argslen; - } - if (sm2_sign_init(&ctx->u.sm2_sign_ctx, &key->u.sm2_key, signer_id, signer_idlen) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = OID_sm2sign_with_sm3; - } else if (key->algor_param == OID_secp256r1) { - if (ecdsa_sign_init(&ctx->u.ecdsa_sign_ctx, &key->u.secp256r1_key) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = OID_ecdsa_with_sha256; - } else { + case OID_kyber_kem: + if (kyber_key_generate_ex(&key->u.kyber_key, (uint8_t *)param) != 1) { error_print(); return -1; } @@ -610,488 +253,22 @@ int x509_sign_init(X509_SIGN_CTX *ctx, X509_KEY *key, const void *args, size_t a return 1; } - -int x509_sign_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) -{ - switch (ctx->sign_algor) { - case OID_hss_lms_hashsig: - if (hss_sign_update(&ctx->u.hss_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmss_hashsig: - if (xmss_sign_update(&ctx->u.xmss_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmssmt_hashsig: - if (xmssmt_sign_update(&ctx->u.xmssmt_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - case OID_sm2sign_with_sm3: - if (sm2_sign_update(&ctx->u.sm2_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - case OID_ecdsa_with_sha256: - if (ecdsa_sign_update(&ctx->u.ecdsa_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - return 1; -} - -int x509_sign_finish(X509_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen) -{ - if (!ctx || !sig || !siglen) { - error_print(); - return -1; - } - switch (ctx->sign_algor) { - case OID_hss_lms_hashsig: - if (hss_sign_finish(&ctx->u.hss_sign_ctx, sig, siglen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmss_hashsig: - if (xmss_sign_finish(&ctx->u.xmss_sign_ctx, sig, siglen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmssmt_hashsig: - if (xmssmt_sign_finish(&ctx->u.xmssmt_sign_ctx, sig, siglen) != 1) { - error_print(); - return -1; - } - break; - case OID_sm2sign_with_sm3: - *siglen = SM2_signature_typical_size; - if (sm2_sign_finish_fixlen(&ctx->u.sm2_sign_ctx, *siglen, sig) != 1) { - error_print(); - return -1; - } - break; - case OID_ecdsa_with_sha256: - *siglen = ECDSA_SIGNATURE_TYPICAL_SIZE; - if (ecdsa_sign_finish_fixlen(&ctx->u.ecdsa_sign_ctx, *siglen, sig) != 1) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - return 1; -} - -int x509_verify_init(X509_SIGN_CTX *ctx, const X509_KEY *key, const void *args, size_t argslen, - const uint8_t *sig, size_t siglen) -{ - if (!ctx || !key || !sig || !siglen) { - error_print(); - return -1; - } - if (args && !argslen) { - error_print(); - return -1; - } - - switch (key->algor) { - case OID_hss_lms_hashsig: - if (hss_verify_init(&ctx->u.hss_sign_ctx, &key->u.hss_key, sig, siglen) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = key->algor; - break; - case OID_xmss_hashsig: - if (xmss_verify_init(&ctx->u.xmss_sign_ctx, &key->u.xmss_key, sig, siglen) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = key->algor; - break; - case OID_xmssmt_hashsig: - if (xmssmt_verify_init(&ctx->u.xmssmt_sign_ctx, &key->u.xmssmt_key, sig, siglen) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = key->algor; - break; - case OID_ec_public_key: - if (key->algor_param == OID_sm2) { - const char *signer_id = SM2_DEFAULT_ID; - size_t signer_idlen = SM2_DEFAULT_ID_LENGTH; - if (args) { - signer_id = (char *)args; - signer_idlen = argslen; - } - if (sm2_verify_init(&ctx->u.sm2_verify_ctx, &key->u.sm2_key, signer_id, signer_idlen) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = OID_sm2sign_with_sm3; - if (siglen > sizeof(ctx->sig)) { - error_print(); - return -1; - } - memcpy(ctx->sig, sig, siglen); - ctx->siglen = siglen; - } else if (key->algor_param == OID_secp256r1) { - if (ecdsa_verify_init(&ctx->u.ecdsa_sign_ctx, &key->u.secp256r1_key, sig, siglen) != 1) { - error_print(); - return -1; - } - ctx->sign_algor = OID_ecdsa_with_sha256; - } else { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - return 1; -} - -int x509_verify_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) -{ - switch (ctx->sign_algor) { - case OID_hss_lms_hashsig: - if (hss_verify_update(&ctx->u.hss_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmss_hashsig: - if (xmss_verify_update(&ctx->u.xmss_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmssmt_hashsig: - if (xmssmt_verify_update(&ctx->u.xmssmt_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - case OID_sm2sign_with_sm3: - if (sm2_verify_update(&ctx->u.sm2_verify_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - case OID_ecdsa_with_sha256: - if (ecdsa_verify_update(&ctx->u.ecdsa_sign_ctx, data, datalen) != 1) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - - return 1; -} - -int x509_verify_finish(X509_SIGN_CTX *ctx) -{ - int ret; - - switch (ctx->sign_algor) { - case OID_hss_lms_hashsig: - if ((ret = hss_verify_finish(&ctx->u.hss_sign_ctx)) < 0) { - error_print(); - return -1; - } - break; - case OID_xmss_hashsig: - if ((ret = xmss_verify_finish(&ctx->u.xmss_sign_ctx)) < 0) { - error_print(); - return -1; - } - break; - case OID_xmssmt_hashsig: - if ((ret = xmssmt_verify_finish(&ctx->u.xmssmt_sign_ctx)) < 0) { - error_print(); - return -1; - } - break; - case OID_sm2sign_with_sm3: - if ((ret = sm2_verify_finish(&ctx->u.sm2_verify_ctx, ctx->sig, ctx->siglen)) < 0) { - error_print(); - return -1; - } - break; - case OID_ecdsa_with_sha256: - if ((ret = ecdsa_verify_finish(&ctx->u.ecdsa_sign_ctx)) < 0) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - - - return 1; -} - -int x509_key_do_exchange(const X509_KEY *key, const X509_KEY *pub, uint8_t *out, size_t *outlen) -{ - if (!key || !pub || !out || !outlen) { - error_print(); - return -1; - } - if (key->algor != pub->algor || key->algor_param != pub->algor_param) { - error_print(); - return -1; - } - if (key->algor != OID_ec_public_key) { - error_print(); - return -1; - } - - switch (key->algor_param) { - case OID_sm2: - if (sm2_do_ecdh(&key->u.sm2_key, &pub->u.sm2_key, out) != 1) { - error_print(); - return -1; - } - break; - case OID_secp256r1: - if (secp256r1_do_ecdh(&key->u.secp256r1_key, &pub->u.secp256r1_key, out) != 1) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - *outlen = 32; - return 1; -} - -int x509_key_exchange(const X509_KEY *key, const uint8_t *peer_pub, size_t peer_publen, uint8_t *out, size_t *outlen) -{ - if (!key || !peer_pub || !out || !outlen) { - error_print(); - return -1; - } - if (key->algor != OID_ec_public_key) { - error_print(); - return -1; - } - if (peer_publen != 65) { - error_print(); - return -1; - } - switch (key->algor_param) { - case OID_sm2: - if (sm2_ecdh(&key->u.sm2_key, peer_pub, out) != 1) { - error_print(); - return -1; - } - break; - case OID_secp256r1: - if (secp256r1_ecdh(&key->u.secp256r1_key, peer_pub, out) != 1) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - *outlen = 32; - return 1; -} - - - -int x509_public_key_info_to_der(const X509_KEY *x509_key, uint8_t **out, size_t *outlen) -{ - uint8_t keybuf[300]; - uint8_t *p = keybuf; - size_t keylen = 0; - size_t len = 0; - - if (!x509_key || !outlen) { - error_print(); - return -1; - } - - if (x509_public_key_to_bytes(x509_key, &p, &keylen) != 1) { - error_print(); - return -1; - } - - // 这几个函数需要合并到一起 - if (x509_public_key_algor_to_der(x509_key->algor, x509_key->algor_param, NULL, &len) != 1) { - error_print(); - return -1; - } - if (asn1_bit_octets_to_der(keybuf, keylen, NULL, &len) != 1) { - error_print(); - return -1; - } - - if (asn1_sequence_header_to_der(len, out, outlen) != 1) { - error_print(); - return -1; - } - - if (x509_public_key_algor_to_der(x509_key->algor, x509_key->algor_param, out, outlen) != 1 - || asn1_bit_octets_to_der(keybuf, keylen, out, outlen) != 1) { - error_print(); - return -1; - } - return 1; -} - -int x509_public_key_info_from_der(X509_KEY *x509_key, const uint8_t **in, size_t *inlen) -{ - int ret; - const uint8_t *d; - size_t dlen; - int algor; - int algor_param; - const uint8_t *pub; - size_t publen; - - if (!x509_key || !in || !(*in) || !inlen) { - error_print(); - return -1; - } - - if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) { - if (ret < 0) error_print(); - return ret; - } - if (x509_public_key_algor_from_der(&algor, &algor_param, &d, &dlen) != 1 - || asn1_bit_octets_from_der(&pub, &publen, &d, &dlen) != 1 - || asn1_length_is_zero(dlen) != 1) { - error_print(); - return -1; - } - - memset(x509_key, 0, sizeof(X509_KEY)); - - switch (algor) { - case OID_ec_public_key: - if (publen != 65) { - error_print(); - return -1; - } - if (algor_param == OID_sm2) { - if (sm2_z256_point_from_octets(&x509_key->u.sm2_key.public_key, pub, publen) != 1) { - error_print(); - return -1; - } - publen = 0; - } else if (algor_param == OID_secp256r1) { - if (secp256r1_public_key_from_bytes(&x509_key->u.secp256r1_key, &pub, &publen) != 1) { - error_print(); - return -1; - } - } else { - error_print(); - return -1; - } - break; - case OID_lms_hashsig: - if (lms_public_key_from_bytes(&x509_key->u.lms_key, &pub, &publen) != 1) { - error_print(); - return -1; - } - break; - case OID_hss_lms_hashsig: - if (hss_public_key_from_bytes(&x509_key->u.hss_key, &pub, &publen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmss_hashsig: - if (xmss_public_key_from_bytes(&x509_key->u.xmss_key, &pub, &publen) != 1) { - error_print(); - return -1; - } - break; - case OID_xmssmt_hashsig: - if (xmssmt_public_key_from_bytes(&x509_key->u.xmssmt_key, &pub, &publen) != 1) { - error_print(); - return -1; - } - break; - case OID_sphincs_hashsig: - if (sphincs_public_key_from_bytes(&x509_key->u.sphincs_key, &pub, &publen) != 1) { - error_print(); - return -1; - } - break; - default: - error_print(); - return -1; - } - x509_key->algor = algor; - x509_key->algor_param = algor_param; - - if (publen) { - error_print(); - return -1; - } - return 1; -} - - - - - - - - - - - - - - - - - - - - - - void x509_key_cleanup(X509_KEY *key) { if (key) { switch (key->algor) { case OID_ec_public_key: - if (key->algor_param == OID_sm2) { - //sm2_key_cleanup(&key->u.sm2_key); + switch (key->algor_param) { + case OID_sm2: gmssl_secure_clear(&key->u.sm2_key, sizeof(SM2_KEY)); - } else if (key->algor_param == OID_secp256r1) { + break; + case OID_secp256r1: secp256r1_key_cleanup(&key->u.secp256r1_key); + break; + default: + error_print(); + return; } break; case OID_lms_hashsig: @@ -1109,9 +286,13 @@ void x509_key_cleanup(X509_KEY *key) case OID_sphincs_hashsig: sphincs_key_cleanup(&key->u.sphincs_key); break; + case OID_kyber_kem: + kyber_key_cleanup(&key->u.kyber_key); + break; default: error_print(); } + memset(key, 0, sizeof(X509_KEY)); } } @@ -1173,6 +354,12 @@ int x509_public_key_to_bytes(const X509_KEY *key, uint8_t **out, size_t *outlen) return -1; } break; + case OID_kyber_kem: + if (kyber_public_key_to_bytes(&key->u.kyber_key, out, outlen) != 1) { + error_print(); + return -1; + } + break; default: error_print(); return -1; @@ -1180,40 +367,370 @@ int x509_public_key_to_bytes(const X509_KEY *key, uint8_t **out, size_t *outlen) return 1; } -void x509_sign_ctx_cleanup(X509_SIGN_CTX *ctx) +int x509_public_key_from_bytes(X509_KEY *key, int algor, int algor_param, const uint8_t **in, size_t *inlen) { - if (ctx) { - gmssl_secure_clear(ctx, sizeof(X509_SIGN_CTX)); - memset(ctx, 0, sizeof(X509_SIGN_CTX)); + if (!key || !in || !(*in) || !inlen) { + error_print(); + return -1; } + + memset(key, 0, sizeof(X509_KEY)); + key->algor = algor; + key->algor_param = algor_param; + + switch (algor) { + case OID_ec_public_key: + if (*inlen < 65) { + error_print(); + return -1; + } + switch (algor_param) { + case OID_sm2: + if (sm2_z256_point_from_octets(&key->u.sm2_key.public_key, *in, 65) != 1) { + error_print(); + return -1; + } + *in += 65; + *inlen -= 65; + break; + case OID_secp256r1: + if (secp256r1_public_key_from_bytes(&key->u.secp256r1_key, in, inlen) != 1) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + return 1; + } + if (algor_param != OID_undef) { + error_print(); + return -1; + } + switch (algor) { + case OID_lms_hashsig: + if (lms_public_key_from_bytes(&key->u.lms_key, in, inlen) != 1) { + error_print(); + return -1; + } + break; + case OID_hss_lms_hashsig: + if (hss_public_key_from_bytes(&key->u.hss_key, in, inlen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmss_hashsig: + if (xmss_public_key_from_bytes(&key->u.xmss_key, in, inlen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmssmt_hashsig: + if (xmssmt_public_key_from_bytes(&key->u.xmssmt_key, in, inlen) != 1) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + if (sphincs_public_key_from_bytes(&key->u.sphincs_key, in, inlen) != 1) { + error_print(); + return -1; + } + break; + case OID_kyber_kem: + if (kyber_public_key_from_bytes(&key->u.kyber_key, in, inlen) != 1) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + + return 1; } +int x509_public_key_digest(const X509_KEY *key, uint8_t dgst[32]) +{ + SM3_CTX ctx; + uint8_t bits[X509_PUBLIC_KEY_MAX_SIZE]; + uint8_t *p = bits; + size_t len = 0; + if (x509_public_key_to_bytes(key, &p, &len) != 1) { + error_print(); + return -1; + } + sm3_init(&ctx); + sm3_update(&ctx, bits, len); + sm3_finish(&ctx, dgst); + return 1; +} +int x509_public_key_equ(const X509_KEY *key, const X509_KEY *pub) +{ + int ret; + if (!key || !pub) { + error_print(); + return -1; + } + if (key->algor != pub->algor) { + error_print(); + return 0; + } + if (key->algor_param != pub->algor_param) { + error_print(); + return 0; + } + switch (key->algor) { + case OID_ec_public_key: + if (key->algor_param == OID_sm2) { + if ((ret = sm2_public_key_equ(&key->u.sm2_key, &pub->u.sm2_key)) != 1) { + error_print(); + return ret; + } + } else if (key->algor_param == OID_secp256r1) { + if ((ret = secp256r1_public_key_equ(&key->u.secp256r1_key, &pub->u.secp256r1_key)) != 1) { + error_print(); + return ret; + } + } else { + error_print(); + return -1; + } + return 1; + case OID_hss_lms_hashsig: + if ((ret = hss_public_key_equ(&key->u.hss_key, &pub->u.hss_key)) != 1) { + error_print(); + return ret; + } + return 1; + } + // sizeof(XXX_PUBLIC_KEY) >= XXX_PUBLIC_KEY_SIZE, depends on compiler + switch (key->algor) { + case OID_lms_hashsig: + if (memcmp(&key->u.lms_key, &pub->u.lms_key, sizeof(LMS_PUBLIC_KEY)) != 0) { + error_print(); + return 0; + } + break; + case OID_xmss_hashsig: + if (memcmp(&key->u.xmss_key, &pub->u.xmss_key, sizeof(XMSS_PUBLIC_KEY)) != 0) { + error_print(); + return 0; + } + break; + case OID_xmssmt_hashsig: + if (memcmp(&key->u.xmssmt_key, &pub->u.xmssmt_key, sizeof(XMSSMT_PUBLIC_KEY)) != 0) { + error_print(); + return 0; + } + break; + case OID_sphincs_hashsig: + if (memcmp(&key->u.sphincs_key, &pub->u.sphincs_key, sizeof(SPHINCS_PUBLIC_KEY)) != 0) { + error_print(); + return 0; + } + break; + case OID_kyber_kem: + if (memcmp(&key->u.kyber_key, &pub->u.kyber_key, sizeof(KYBER_PUBLIC_KEY)) != 0) { + error_print(); + return 0; + } + break; + default: + error_print(); + return -1; + } + return 1; +} +int x509_public_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key) +{ + switch (key->algor) { + case OID_ec_public_key: + if (key->algor_param == OID_sm2) { + if (sm2_public_key_print(fp, fmt, ind, label, &key->u.sm2_key) != 1) { + error_print(); + return -1; + } + } else if (key->algor_param == OID_secp256r1) { + if (secp256r1_public_key_print(fp, fmt, ind, label, &key->u.secp256r1_key) != 1) { + error_print(); + return -1; + } + } else { + error_print(); + return -1; + } + break; + case OID_lms_hashsig: + if (lms_public_key_print(fp, fmt, ind, label, &key->u.lms_key) != 1) { + error_print(); + return -1; + } + break; + case OID_hss_lms_hashsig: + if (hss_public_key_print(fp, fmt, ind, label, &key->u.hss_key) != 1) { + error_print(); + return -1; + } + break; + case OID_xmss_hashsig: + if (xmss_public_key_print(fp, fmt, ind, label, &key->u.xmss_key) != 1) { + error_print(); + return -1; + } + break; + case OID_xmssmt_hashsig: + if (xmssmt_public_key_print(fp, fmt, ind, label, &key->u.xmssmt_key) != 1) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + if (sphincs_public_key_print(fp, fmt, ind, label, &key->u.sphincs_key) != 1) { + error_print(); + return -1; + } + break; + case OID_kyber_kem: + if (kyber_public_key_print(fp, fmt, ind, label, &key->u.kyber_key) != 1) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + return 1; +} +int x509_public_key_info_to_der(const X509_KEY *x509_key, uint8_t **out, size_t *outlen) +{ + uint8_t keybuf[X509_PUBLIC_KEY_MAX_SIZE]; + uint8_t *p = keybuf; + size_t keylen = 0; + size_t len = 0; + if (!x509_key || !outlen) { + error_print(); + return -1; + } + if (x509_public_key_to_bytes(x509_key, &p, &keylen) != 1) { + error_print(); + return -1; + } + if (x509_public_key_algor_to_der(x509_key->algor, x509_key->algor_param, NULL, &len) != 1 + || asn1_bit_octets_to_der(keybuf, keylen, NULL, &len) != 1 + || asn1_sequence_header_to_der(len, out, outlen) != 1 + || x509_public_key_algor_to_der(x509_key->algor, x509_key->algor_param, out, outlen) != 1 + || asn1_bit_octets_to_der(keybuf, keylen, out, outlen) != 1) { + error_print(); + return -1; + } + return 1; +} +int x509_public_key_info_from_der(X509_KEY *x509_key, const uint8_t **in, size_t *inlen) +{ + int ret; + const uint8_t *d; + size_t dlen; + int algor; + int algor_param; + const uint8_t *pub; + size_t publen; + if (!x509_key || !in || !(*in) || !inlen) { + error_print(); + return -1; + } + if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) { + if (ret < 0) error_print(); + return ret; + } + if (x509_public_key_algor_from_der(&algor, &algor_param, &d, &dlen) != 1 + || asn1_bit_octets_from_der(&pub, &publen, &d, &dlen) != 1 + || asn1_length_is_zero(dlen) != 1) { + error_print(); + return -1; + } + if (x509_public_key_from_bytes(x509_key, algor, algor_param, &pub, &publen) != 1) { + error_print(); + return -1; + } + if (publen) { + error_print(); + return -1; + } + return 1; +} +int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen) +{ + const uint8_t *p = d; + size_t len = dlen; + int alg; + int params; + format_print(fp, fmt, ind, "%s\n", label); + ind += 4; + if (x509_public_key_algor_from_der(&alg, ¶ms, &p, &len) != 1) goto err; + if (asn1_sequence_from_der(&p, &len, &d, &dlen) != 1) goto err; + x509_public_key_algor_print(fp, fmt, ind, "algorithm", p, len); + format_print(fp, fmt, ind, "subjectPublicKey\n"); + ind += 4; + if (asn1_bit_octets_from_der(&p, &len, &d, &dlen) != 1) goto err; + switch (alg) { + case OID_ec_public_key: + format_bytes(fp, fmt, ind, "ECPoint", p, len); + break; + case OID_rsa_encryption: + rsa_public_key_print(fp, fmt, ind, "RSAPublicKey", p, len); + break; + case OID_lms_hashsig: + case OID_hss_lms_hashsig: + case OID_xmss_hashsig: + case OID_xmssmt_hashsig: + case OID_sphincs_hashsig: + case OID_kyber_kem: + // TODO: print public key without too much details + default: + format_bytes(fp, fmt, ind, "raw_data", p, len); + } + if (asn1_length_is_zero(dlen) != 1) goto err; + return 1; +err: + error_print(); + return -1; +} - +int x509_private_key_print_ex(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key) +{ + // TODO: change lms_private_key_print to lms_private_key_print_ex and xmss ... + error_print(); + return -1; +} #define SM2_PRIVATE_KEY_DER_SIZE 121 - int ec_private_key_to_der(const X509_KEY *key, int encode_params, int encode_pubkey, uint8_t **out, size_t *outlen) { - uint8_t params[64]; - uint8_t pubkey[128]; - uint8_t *params_ptr = params; - uint8_t *pubkey_ptr = pubkey; + uint8_t params_buf[16]; // = 10 for sm2, p256 + uint8_t pubkey_buf[68]; // = 68 for sm2, p256 + uint8_t *params = NULL; + uint8_t *pubkey = NULL; size_t params_len = 0; size_t pubkey_len = 0; uint8_t prikey[32]; @@ -1229,28 +746,34 @@ int ec_private_key_to_der(const X509_KEY *key, int encode_params, int encode_pub } if (encode_params) { - if (ec_named_curve_to_der(key->algor_param, ¶ms_ptr, ¶ms_len) != 1) { + params = params_buf; + if (ec_named_curve_to_der(key->algor_param, ¶ms, ¶ms_len) != 1) { gmssl_secure_clear(prikey, 32); error_print(); return -1; } + params = params_buf; } switch (key->algor_param) { case OID_sm2: if (encode_pubkey) { - if (sm2_public_key_to_der(&key->u.sm2_key, &pubkey_ptr, &pubkey_len) != 1) { + pubkey = pubkey_buf; + if (sm2_public_key_to_der(&key->u.sm2_key, &pubkey, &pubkey_len) != 1) { error_print(); return -1; } + pubkey = pubkey_buf; } sm2_z256_to_bytes(key->u.sm2_key.private_key, prikey); break; case OID_secp256r1: if (encode_pubkey) { - if (secp256r1_public_key_to_der(&key->u.secp256r1_key, &pubkey_ptr, &pubkey_len) != 1) { + pubkey = pubkey_buf; + if (secp256r1_public_key_to_der(&key->u.secp256r1_key, &pubkey, &pubkey_len) != 1) { error_print(); return -1; } + pubkey = pubkey_buf; } secp256r1_to_32bytes(key->u.secp256r1_key.private_key, prikey); break; @@ -1259,16 +782,15 @@ int ec_private_key_to_der(const X509_KEY *key, int encode_params, int encode_pub return -1; } - // 这里有严重的问题,explicit项目提供的数据不能为空,但是我们这的params,pubkey是可以为空的 if (asn1_int_to_der(EC_private_key_version, NULL, &len) != 1 || asn1_octet_string_to_der(prikey, 32, NULL, &len) != 1 - || asn1_explicit_to_der(0, params, params_len, NULL, &len) != 1 - || asn1_explicit_to_der(1, pubkey, pubkey_len, NULL, &len) != 1 + || asn1_explicit_to_der(0, params, params_len, NULL, &len) < 0 + || asn1_explicit_to_der(1, pubkey, pubkey_len, NULL, &len) < 0 || asn1_sequence_header_to_der(len, out, outlen) != 1 || asn1_int_to_der(EC_private_key_version, out, outlen) != 1 || asn1_octet_string_to_der(prikey, 32, out, outlen) != 1 - || asn1_explicit_to_der(0, params, params_len, out, outlen) != 1 - || asn1_explicit_to_der(1, pubkey, pubkey_len, out, outlen) != 1) { + || asn1_explicit_to_der(0, params, params_len, out, outlen) < 0 + || asn1_explicit_to_der(1, pubkey, pubkey_len, out, outlen) < 0) { gmssl_secure_clear(prikey, 32); error_print(); return -1; @@ -1301,8 +823,8 @@ int ec_private_key_from_der(X509_KEY *key, int opt_curve, const uint8_t **in, si } if (asn1_int_from_der(&ver, &d, &dlen) != 1 || asn1_octet_string_from_der(&prikey, &prikey_len, &d, &dlen) != 1 - || asn1_explicit_from_der(0, ¶ms, ¶ms_len, &d, &dlen) != 1 - || asn1_explicit_from_der(1, &pubkey, &pubkey_len, &d, &dlen) != 1 + || asn1_explicit_from_der(0, ¶ms, ¶ms_len, &d, &dlen) < 0 + || asn1_explicit_from_der(1, &pubkey, &pubkey_len, &d, &dlen) < 0 || asn1_check(ver == EC_private_key_version) != 1 || asn1_length_is_zero(dlen) != 1) { error_print(); @@ -1390,9 +912,18 @@ int ec_private_key_from_der(X509_KEY *key, int opt_curve, const uint8_t **in, si return 1; } +int x509_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen) +{ + if (sm2_private_key_info_print(fp, fmt, ind, label, d, dlen) != 1) { + error_print(); + return -1; + } + return 1; +} + int x509_private_key_info_to_der(const X509_KEY *key, uint8_t **out, size_t *outlen) { - uint8_t private_key[256]; // 缓冲大小取决于编译器支持哪些公钥类型 + uint8_t private_key[128]; // 121 uint8_t *p = private_key; size_t private_key_len = 0; size_t len = 0; @@ -1411,6 +942,13 @@ int x509_private_key_info_to_der(const X509_KEY *key, uint8_t **out, size_t *out return -1; } break; + case OID_lms_hashsig: + case OID_hss_lms_hashsig: + case OID_xmss_hashsig: + case OID_xmssmt_hashsig: + case OID_sphincs_hashsig: + case OID_kyber_kem: + // TODO: support these algors, (MUST change private_key[] size)! default: error_print(); return -1; @@ -1450,9 +988,6 @@ int x509_private_key_info_from_der(X509_KEY *key, const uint8_t **attrs, size_t if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) { if (ret < 0) error_print(); if (ret == 0) error_print(); - - format_bytes(stderr, 0, 0, "private_key_info", *in, *inlen); - return ret; } if (asn1_int_from_der(&version, &d, &dlen) != 1 @@ -1477,6 +1012,7 @@ int x509_private_key_info_from_der(X509_KEY *key, const uint8_t **attrs, size_t case OID_xmss_hashsig: case OID_xmssmt_hashsig: case OID_sphincs_hashsig: + case OID_kyber_kem: default: error_print(); return -1; @@ -1488,7 +1024,7 @@ int x509_private_key_info_encrypt_to_der(const X509_KEY *x509_key, const char *p uint8_t **out, size_t *outlen) { int ret = -1; - uint8_t private_key_info[512]; // 设置更合理的大小 + uint8_t private_key_info[168]; // 150 uint8_t *p = private_key_info; size_t private_key_info_len = 0; uint8_t salt[16]; @@ -1557,8 +1093,8 @@ int x509_private_key_info_decrypt_from_der(X509_KEY *x509_key, uint8_t key[16]; SM4_KEY sm4_key; const uint8_t *enced_private_key_info; - size_t enced_private_key_info_len; - uint8_t private_key_info[256]; + size_t enced_private_key_info_len; // 160 + uint8_t private_key_info[168]; const uint8_t *cp = private_key_info; size_t private_key_info_len; @@ -1576,6 +1112,11 @@ int x509_private_key_info_decrypt_from_der(X509_KEY *x509_key, error_print(); return -1; } + if (enced_private_key_info_len > sizeof(private_key_info)) { + // sm4_cbc_padding_decrypt might buffer overflow + error_print(); + return -1; + } if (sm3_pbkdf2(pass, strlen(pass), salt, saltlen, iter, sizeof(key), key) != 1) { error_print(); goto end; @@ -1725,6 +1266,23 @@ int x509_private_key_from_file(X509_KEY *key, int algor, const char *pass, FILE error_print(); return -1; } + } else if (algor == OID_kyber_kem) { + uint8_t buf[KYBER_PRIVATE_KEY_SIZE]; + const uint8_t *cp = buf; + size_t len = sizeof(buf); + + if (fread(buf, 1, len, fp) != len) { + error_print(); + return -1; + } + if (kyber_private_key_from_bytes(&key->u.kyber_key, &cp, &len) != 1) { + error_print(); + return -1; + } + if (len) { + error_print(); + return -1; + } } else { error_print(); return -1; @@ -1732,3 +1290,749 @@ int x509_private_key_from_file(X509_KEY *key, int algor, const char *pass, FILE return 1; } +int x509_key_get_sign_algor(const X509_KEY *key, int *algor) +{ + if (!key || !algor) { + error_print(); + return -1; + } + + switch (key->algor) { + case OID_ec_public_key: + switch (key->algor_param) { + case OID_sm2: + *algor = OID_sm2sign_with_sm3; + break; + case OID_secp256r1: + *algor = OID_ecdsa_with_sha256; + break; + default: + error_print(); + return -1; + } + break; + case OID_lms_hashsig: + case OID_hss_lms_hashsig: + case OID_xmss_hashsig: + case OID_xmssmt_hashsig: + case OID_sphincs_hashsig: + *algor = key->algor; + break; + case OID_kyber_kem: + default: + error_print(); + return -1; + } + return 1; +} + +int x509_key_get_signature_size(const X509_KEY *key, size_t *siglen) +{ + switch (key->algor) { + case OID_ec_public_key: + *siglen = SM2_signature_max_size; + break; + case OID_lms_hashsig: + if (lms_key_get_signature_size(&key->u.lms_key, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_hss_lms_hashsig: + if (hss_key_get_signature_size(&key->u.hss_key, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmss_hashsig: + if (xmss_key_get_signature_size(&key->u.xmss_key, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmssmt_hashsig: + if (xmssmt_key_get_signature_size(&key->u.xmssmt_key, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + *siglen = SPHINCS_SIGNATURE_SIZE; + break; + case OID_kyber_kem: + default: + error_print(); + return -1; + } + return 1; +} + +int x509_sign_init(X509_SIGN_CTX *ctx, X509_KEY *key, const void *args, size_t argslen) +{ + if (!ctx || !key) { + error_print(); + return -1; + } + switch (key->algor) { + case OID_lms_hashsig: + case OID_hss_lms_hashsig: + case OID_xmss_hashsig: + case OID_xmssmt_hashsig: + if (args) { + error_print(); + return -1; + } + break; + } + + memset(ctx, 0, sizeof(X509_SIGN_CTX)); + + switch (key->algor) { + case OID_ec_public_key: + switch (key->algor_param) { + case OID_sm2: + if (!args) { + args = SM2_DEFAULT_ID; + argslen = SM2_DEFAULT_ID_LENGTH; + } + if (!argslen) { + error_print(); + return -1; + } + if (sm2_sign_init(&ctx->u.sm2_sign_ctx, &key->u.sm2_key, args, argslen) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = OID_sm2sign_with_sm3; + break; + case OID_secp256r1: + if (ecdsa_sign_init(&ctx->u.ecdsa_sign_ctx, &key->u.secp256r1_key) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = OID_ecdsa_with_sha256; + break; + default: + error_print(); + return -1; + } + break; + case OID_lms_hashsig: + if (lms_sign_init(&ctx->u.lms_sign_ctx, &key->u.lms_key) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + case OID_hss_lms_hashsig: + if (hss_sign_init(&ctx->u.hss_sign_ctx, &key->u.hss_key) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + case OID_xmss_hashsig: + if (xmss_sign_init(&ctx->u.xmss_sign_ctx, &key->u.xmss_key) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + case OID_xmssmt_hashsig: + if (xmssmt_sign_init(&ctx->u.xmssmt_sign_ctx, &key->u.xmssmt_key) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + + // to generate a random signature (instead of a deterministic one), caller should prepare uint8_t rand[16] + case OID_sphincs_hashsig: + if (args) { + if (argslen != sizeof(sphincs_hash128_t)) { + error_print(); + return -1; + } + } + if (sphincs_sign_init_ex(&ctx->u.sphincs_sign_ctx, &key->u.sphincs_key, args) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + default: + error_print(); + return -1; + } + + return 1; +} + +int x509_sign_set_signature_size(X509_SIGN_CTX *ctx, size_t siglen) +{ + if (!ctx) { + error_print(); + return -1; + } + switch (ctx->sign_algor) { + case OID_sm2sign_with_sm3: + case OID_ecdsa_with_sha256: + switch (siglen) { + case SM2_signature_compact_size: + case SM2_signature_typical_size: + case SM2_signature_max_size: + ctx->fixed_siglen = siglen; + break; + default: + error_print(); + return -1; + } + default: + error_print(); + return -1; + } + return 1; +} + +int x509_sign_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) +{ + if (!ctx) { + error_print(); + return -1; + } + + switch (ctx->sign_algor) { + case OID_sm2sign_with_sm3: + if (sm2_sign_update(&ctx->u.sm2_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_ecdsa_with_sha256: + if (ecdsa_sign_update(&ctx->u.ecdsa_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_lms_hashsig: + if (lms_sign_update(&ctx->u.lms_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_hss_lms_hashsig: + if (hss_sign_update(&ctx->u.hss_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmss_hashsig: + if (xmss_sign_update(&ctx->u.xmss_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmssmt_hashsig: + if (xmssmt_sign_update(&ctx->u.xmssmt_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + error_print(); + return -1; + default: + error_print(); + return -1; + } + return 1; +} + +int x509_sign_finish(X509_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen) +{ + if (!ctx || !sig || !siglen) { + error_print(); + return -1; + } + switch (ctx->sign_algor) { + case OID_sm2sign_with_sm3: + if (ctx->fixed_siglen) { + if (sm2_sign_finish_fixlen(&ctx->u.sm2_sign_ctx, ctx->fixed_siglen, sig) != 1) { + error_print(); + return -1; + } + *siglen = ctx->fixed_siglen; + } else { + if (sm2_sign_finish(&ctx->u.sm2_sign_ctx, sig, siglen) != 1) { + error_print(); + return -1; + } + } + break; + case OID_ecdsa_with_sha256: + if (ctx->fixed_siglen) { + if (ecdsa_sign_finish_fixlen(&ctx->u.ecdsa_sign_ctx, ctx->fixed_siglen, sig) != 1) { + error_print(); + return -1; + } + *siglen = ctx->fixed_siglen; + } else { + if (ecdsa_sign_finish(&ctx->u.ecdsa_sign_ctx, sig, siglen) != 1) { + error_print(); + return -1; + } + } + break; + case OID_lms_hashsig: + if (lms_sign_finish(&ctx->u.lms_sign_ctx, sig, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_hss_lms_hashsig: + if (hss_sign_finish(&ctx->u.hss_sign_ctx, sig, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmss_hashsig: + if (xmss_sign_finish(&ctx->u.xmss_sign_ctx, sig, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmssmt_hashsig: + if (xmssmt_sign_finish(&ctx->u.xmssmt_sign_ctx, sig, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + error_print(); + return -1; + default: + error_print(); + return -1; + } + return 1; +} + +int x509_sign(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen, uint8_t *sig, size_t *siglen) +{ + if (!ctx || !sig || !siglen) { + error_print(); + return -1; + } + if (!data || !datalen) { + error_print(); + return -1; + } + + switch (ctx->sign_algor) { + case OID_sm2sign_with_sm3: + case OID_ecdsa_with_sha256: + case OID_lms_hashsig: + case OID_hss_lms_hashsig: + case OID_xmss_hashsig: + case OID_xmssmt_hashsig: + if (x509_sign_update(ctx, data, datalen) != 1) { + error_print(); + return -1; + } + if (x509_sign_finish(ctx, sig, siglen) != 1) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + if (sphincs_sign_prepare(&ctx->u.sphincs_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + if (sphincs_sign_update(&ctx->u.sphincs_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + if (sphincs_sign_finish(&ctx->u.sphincs_sign_ctx, sig, siglen) != 1) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + return 1; +} + +int x509_verify_init(X509_SIGN_CTX *ctx, const X509_KEY *key, const void *args, size_t argslen, + const uint8_t *sig, size_t siglen) +{ + if (!ctx || !key || !sig || !siglen) { + error_print(); + return -1; + } + if (args && key->algor != OID_ec_public_key) { + error_print(); + return -1; + } + + switch (key->algor) { + case OID_ec_public_key: + switch (key->algor_param) { + case OID_sm2: + if (!args) { + args = SM2_DEFAULT_ID; + argslen = SM2_DEFAULT_ID_LENGTH; + } + if (!argslen) { + error_print(); + return -1; + } + if (sm2_verify_init(&ctx->u.sm2_verify_ctx, &key->u.sm2_key, args, argslen) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = OID_sm2sign_with_sm3; + if (siglen > sizeof(ctx->sig)) { + error_print(); + return -1; + } + memcpy(ctx->sig, sig, siglen); + ctx->siglen = siglen; + break; + case OID_secp256r1: + if (ecdsa_verify_init(&ctx->u.ecdsa_sign_ctx, &key->u.secp256r1_key, sig, siglen) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = OID_ecdsa_with_sha256; + break; + default: + error_print(); + return -1; + } + break; + case OID_lms_hashsig: + if (lms_verify_init(&ctx->u.lms_sign_ctx, &key->u.lms_key, sig, siglen) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + case OID_hss_lms_hashsig: + if (hss_verify_init(&ctx->u.hss_sign_ctx, &key->u.hss_key, sig, siglen) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + case OID_xmss_hashsig: + if (xmss_verify_init(&ctx->u.xmss_sign_ctx, &key->u.xmss_key, sig, siglen) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + case OID_xmssmt_hashsig: + if (xmssmt_verify_init(&ctx->u.xmssmt_sign_ctx, &key->u.xmssmt_key, sig, siglen) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + case OID_sphincs_hashsig: + if (sphincs_verify_init(&ctx->u.sphincs_sign_ctx, &key->u.sphincs_key, sig, siglen) != 1) { + error_print(); + return -1; + } + ctx->sign_algor = key->algor; + break; + default: + error_print(); + return -1; + } + return 1; +} + +int x509_verify_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) +{ + switch (ctx->sign_algor) { + case OID_sm2sign_with_sm3: + if (sm2_verify_update(&ctx->u.sm2_verify_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_ecdsa_with_sha256: + if (ecdsa_verify_update(&ctx->u.ecdsa_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_lms_hashsig: + if (lms_verify_update(&ctx->u.lms_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_hss_lms_hashsig: + if (hss_verify_update(&ctx->u.hss_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmss_hashsig: + if (xmss_verify_update(&ctx->u.xmss_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_xmssmt_hashsig: + if (xmssmt_verify_update(&ctx->u.xmssmt_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + error_print(); + return -1; + default: + error_print(); + return -1; + } + + return 1; +} + +int x509_verify_finish(X509_SIGN_CTX *ctx) +{ + int ret; + + switch (ctx->sign_algor) { + case OID_sm2sign_with_sm3: + if ((ret = sm2_verify_finish(&ctx->u.sm2_verify_ctx, ctx->sig, ctx->siglen)) < 0) { + error_print(); + return -1; + } + break; + case OID_ecdsa_with_sha256: + if ((ret = ecdsa_verify_finish(&ctx->u.ecdsa_sign_ctx)) < 0) { + error_print(); + return -1; + } + break; + case OID_lms_hashsig: + if ((ret = lms_verify_finish(&ctx->u.lms_sign_ctx)) < 0) { + error_print(); + return -1; + } + break; + case OID_hss_lms_hashsig: + if ((ret = hss_verify_finish(&ctx->u.hss_sign_ctx)) < 0) { + error_print(); + return -1; + } + break; + case OID_xmss_hashsig: + if ((ret = xmss_verify_finish(&ctx->u.xmss_sign_ctx)) < 0) { + error_print(); + return -1; + } + break; + case OID_xmssmt_hashsig: + if ((ret = xmssmt_verify_finish(&ctx->u.xmssmt_sign_ctx)) < 0) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + error_print(); + return -1; + default: + error_print(); + return -1; + } + return ret; +} + +int x509_verify(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) +{ + int ret; + + if (!ctx) { + error_print(); + return -1; + } + switch (ctx->sign_algor) { + case OID_sm2sign_with_sm3: + case OID_ecdsa_with_sha256: + case OID_lms_hashsig: + case OID_hss_lms_hashsig: + case OID_xmss_hashsig: + case OID_xmssmt_hashsig: + if (x509_verify_update(ctx, data, datalen) != 1) { + error_print(); + return -1; + } + if ((ret = x509_verify_finish(ctx)) < 0) { + error_print(); + return -1; + } + break; + case OID_sphincs_hashsig: + if (sphincs_verify_update(&ctx->u.sphincs_sign_ctx, data, datalen) != 1) { + error_print(); + return -1; + } + if ((ret = sphincs_verify_finish(&ctx->u.sphincs_sign_ctx)) < 0) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + return ret; +} + +void x509_sign_ctx_cleanup(X509_SIGN_CTX *ctx) +{ + if (ctx) { + switch (ctx->sign_algor) { + case OID_sm2sign_with_sm3: + gmssl_secure_clear(&ctx->u.sm2_sign_ctx, sizeof(SM2_SIGN_CTX)); + break; + case OID_ecdsa_with_sha256: + gmssl_secure_clear(&ctx->u.ecdsa_sign_ctx, sizeof(ECDSA_SIGN_CTX)); + break; + case OID_lms_hashsig: + lms_sign_ctx_cleanup(&ctx->u.lms_sign_ctx); + break; + case OID_hss_lms_hashsig: + hss_sign_ctx_cleanup(&ctx->u.hss_sign_ctx); + break; + case OID_xmss_hashsig: + xmss_sign_ctx_cleanup(&ctx->u.xmss_sign_ctx); + break; + case OID_xmssmt_hashsig: + xmssmt_sign_ctx_cleanup(&ctx->u.xmssmt_sign_ctx); + break; + case OID_sphincs_hashsig: + sphincs_sign_ctx_cleanup(&ctx->u.sphincs_sign_ctx); + break; + } + memset(ctx, 0, sizeof(X509_SIGN_CTX)); + } +} + +int x509_key_do_exchange(const X509_KEY *key, const X509_KEY *pub, uint8_t *out, size_t *outlen) +{ + if (!key || !pub || !out || !outlen) { + error_print(); + return -1; + } + if (key->algor != pub->algor || key->algor_param != pub->algor_param) { + error_print(); + return -1; + } + if (key->algor != OID_ec_public_key) { + error_print(); + return -1; + } + + switch (key->algor_param) { + case OID_sm2: + if (sm2_do_ecdh(&key->u.sm2_key, &pub->u.sm2_key, out) != 1) { + error_print(); + return -1; + } + break; + case OID_secp256r1: + if (secp256r1_do_ecdh(&key->u.secp256r1_key, &pub->u.secp256r1_key, out) != 1) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + *outlen = 32; + return 1; +} + +int x509_key_exchange(const X509_KEY *key, const uint8_t *peer_pub, size_t peer_publen, uint8_t *out, size_t *outlen) +{ + if (!key || !peer_pub || !out || !outlen) { + error_print(); + return -1; + } + if (key->algor != OID_ec_public_key) { + error_print(); + return -1; + } + if (peer_publen != 65) { + error_print(); + return -1; + } + switch (key->algor_param) { + case OID_sm2: + if (sm2_ecdh(&key->u.sm2_key, peer_pub, out) != 1) { + error_print(); + return -1; + } + break; + case OID_secp256r1: + if (secp256r1_ecdh(&key->u.secp256r1_key, peer_pub, out) != 1) { + error_print(); + return -1; + } + break; + default: + error_print(); + return -1; + } + *outlen = 32; + return 1; +} + +int x509_key_encapsulate(const X509_KEY *key, uint8_t *ciphertext, size_t *ciphertext_len, uint8_t secret[32]) +{ + if (!key || !ciphertext || !ciphertext_len || !secret) { + error_print(); + return -1; + } + if (key->algor != OID_kyber_kem) { + error_print(); + return -1; + } + if (kyber_encap(&key->u.kyber_key, (KYBER_CIPHERTEXT *)ciphertext, secret) != 1) { + error_print(); + return -1; + } + *ciphertext_len = sizeof(KYBER_CIPHERTEXT); + return 1; +} + +int x509_key_decapsulate(const X509_KEY *key, const uint8_t *ciphertext, size_t ciphertext_len, uint8_t secret[32]) +{ + if (!key || !ciphertext || !secret) { + error_print(); + return -1; + } + if (key->algor != OID_kyber_kem) { + error_print(); + return -1; + } + if (ciphertext_len != sizeof(KYBER_CIPHERTEXT)) { + error_print(); + return -1; + } + if (kyber_decap(&key->u.kyber_key, (KYBER_CIPHERTEXT *)ciphertext, secret) != 1) { + error_print(); + return -1; + } + return 1; +} diff --git a/src/x509_req.c b/src/x509_req.c index 1a76135a..ab4aa94e 100644 --- a/src/x509_req.c +++ b/src/x509_req.c @@ -180,6 +180,9 @@ int x509_req_sign_to_der( error_print(); return -1; } + if (sign_key->algor == OID_ec_public_key) { + siglen = SM2_signature_typical_size; + } if (x509_request_info_to_der(version, subject, subject_len, subject_public_key, attrs, attrs_len, NULL, &len) != 1 @@ -206,9 +209,18 @@ int x509_req_sign_to_der( sign_args = SM2_DEFAULT_ID; sign_argslen = SM2_DEFAULT_ID_LENGTH; } - if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1 - || x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1 - || x509_sign_finish(&sign_ctx, sig, &siglen) != 1) { + if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1) { + error_print(); + return -1; + } + if (sign_key->algor == OID_ec_public_key) { + if (x509_sign_set_signature_size(&sign_ctx, siglen) != 1) { + gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx)); + error_print(); + return -1; + } + } + if (x509_sign(&sign_ctx, tbs, *out - tbs, sig, &siglen) != 1) { gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx)); error_print(); return -1; diff --git a/src/xmss.c b/src/xmss.c index c04c7905..0124995c 100644 --- a/src/xmss.c +++ b/src/xmss.c @@ -1204,14 +1204,16 @@ int xmss_sign_init(XMSS_SIGN_CTX *ctx, XMSS_KEY *key) xmss_adrs_set_ots_address(adrs, key->index); xmss_wots_derive_sk(key->secret, key->public_key.seed, adrs, ctx->xmss_sig.wots_sig); + // xmss_sig.auth_path + xmss_build_auth_path(key->tree, height, key->index, ctx->xmss_sig.auth_path); + + // update key->index if (xmss_key_update(key) != 1) { error_print(); return -1; } - // xmss_sig.auth_path - xmss_build_auth_path(key->tree, height, key->index, ctx->xmss_sig.auth_path); // H_msg(M) := HASH256(toByte(2, 32) || r || XMSS_ROOT || toByte(idx_sig, 32) || M) xmss_hash256_init(&ctx->hash256_ctx); @@ -1235,6 +1237,30 @@ int xmss_sign_update(XMSS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen) return 1; } +int xmss_sign_finish_ex(XMSS_SIGN_CTX *ctx, XMSS_SIGNATURE *sig) +{ + xmss_adrs_t adrs; + xmss_hash256_t dgst; + + if (!ctx || !sig) { + error_print(); + return -1; + } + + xmss_hash256_finish(&ctx->hash256_ctx, dgst); + + xmss_adrs_set_layer_address(adrs, 0); + xmss_adrs_set_tree_address(adrs, 0); + xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS); + xmss_adrs_set_ots_address(adrs, ctx->xmss_sig.index); + + xmss_wots_sign(ctx->xmss_sig.wots_sig, ctx->xmss_public_key.seed, adrs, dgst, + ctx->xmss_sig.wots_sig); + + *sig = ctx->xmss_sig; + return 1; +} + // TODO: support output *siglen only int xmss_sign_finish(XMSS_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen) { @@ -1365,8 +1391,10 @@ int xmss_verify_finish(XMSS_SIGN_CTX *ctx) xmss_wots_pk_to_root(ctx->xmss_sig.wots_sig, ctx->xmss_public_key.seed, adrs, root); // wots_root (index), auth_path => xmss_root + /* xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_HASHTREE); xmss_adrs_set_padding(adrs, 0); + xmss_adrs_set_key_and_mask(adrs, 0); for (h = 0; h < height; h++) { int right_child = index & 1; index >>= 1; @@ -1376,6 +1404,8 @@ int xmss_verify_finish(XMSS_SIGN_CTX *ctx) xmss_tree_hash(ctx->xmss_sig.auth_path[h], root, ctx->xmss_public_key.seed, adrs, root); else xmss_tree_hash(root, ctx->xmss_sig.auth_path[h], ctx->xmss_public_key.seed, adrs, root); } + */ + xmss_build_root(root, index, ctx->xmss_public_key.seed, adrs, ctx->xmss_sig.auth_path, height, root); if (memcmp(root, ctx->xmss_public_key.root, 32) != 0) { error_print(); @@ -2330,6 +2360,7 @@ int xmssmt_sign_finish_ex(XMSSMT_SIGN_CTX *ctx, XMSSMT_SIGNATURE *sig) return 1; } +// TODO: use ctx->xmssmt_sig int xmssmt_sign_finish(XMSSMT_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen) { XMSSMT_SIGNATURE signature; @@ -2345,7 +2376,7 @@ int xmssmt_sign_finish(XMSSMT_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen) } *siglen = 0; - if (xmssmt_signature_to_bytes(&ctx->xmssmt_sig, ctx->xmssmt_public_key.xmssmt_type, &sig, siglen) != 1) { + if (xmssmt_signature_to_bytes(&signature, ctx->xmssmt_public_key.xmssmt_type, &sig, siglen) != 1) { error_print(); return -1; } diff --git a/tests/cmstest.c b/tests/cmstest.c index 6c9403d6..91b3b4e2 100644 --- a/tests/cmstest.c +++ b/tests/cmstest.c @@ -367,6 +367,8 @@ static int test_cms_signer_info_sign(void) const uint8_t *d; size_t dlen; + int algor = OID_ec_public_key; + int algor_param = OID_sm2; X509_KEY x509_key; uint8_t serial_buf[20]; uint8_t name[256]; @@ -386,7 +388,7 @@ static int test_cms_signer_info_sign(void) const uint8_t *unauth_attrs; size_t serial_len, issuer_len, auth_attrs_len, unauth_attrs_len; - if (x509_key_generate(&x509_key, OID_ec_public_key, OID_sm2) != 1 + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1 || rand_bytes(serial_buf, sizeof(serial_buf)) != 1 || x509_name_set(name, &namelen, sizeof(name), "CN", "Beijing", "Haidian", "PKU", "CS", "Alice") != 1 || time(¬_before) == -1 @@ -456,13 +458,16 @@ static int test_cms_signer_infos(void) size_t signer_infos_len = 0; SM3_CTX sm3_ctx; + + int algor = OID_ec_public_key; + int algor_param = OID_sm2; X509_KEY x509_key; uint8_t issuer_buf[256]; size_t issuer_len; uint8_t serial_buf[20]; - if (x509_key_generate(&x509_key, OID_ec_public_key, OID_sm2) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -563,7 +568,7 @@ static int test_cms_signed_data(void) const uint8_t *d; size_t dlen; - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -683,7 +688,7 @@ static int test_cms_recipient_info(void) uint8_t out[sizeof(in)]; size_t outlen; - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -795,7 +800,7 @@ int test_cms_enveloped_data(void) p = certs; certslen = 0; - if (x509_key_generate(&x509_key1, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key1, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -816,7 +821,7 @@ int test_cms_enveloped_data(void) return -1; } - if (x509_key_generate(&x509_key2, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key2, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -938,7 +943,7 @@ static int test_cms_key_agreement_info(void) size_t idlen; p = cert; - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } diff --git a/tests/sphincstest.c b/tests/sphincstest.c index f7acf09f..743fff79 100644 --- a/tests/sphincstest.c +++ b/tests/sphincstest.c @@ -639,6 +639,8 @@ static int test_sphincs_sign_update(void) SPHINCS_SIGN_CTX ctx; SPHINCS_SIGNATURE sig; uint8_t msg[100] = { 1,2,3 }; + uint8_t sigbuf[SPHINCS_SIGNATURE_SIZE]; + size_t siglen; if (sphincs_key_generate(&key) != 1) { error_print(); @@ -678,6 +680,51 @@ static int test_sphincs_sign_update(void) } + + + + + + + + + // sign/verify sigbuf + + if (sphincs_sign_init(&ctx, &key) != 1) { + error_print(); + return -1; + } + if (sphincs_sign_prepare(&ctx, msg, sizeof(msg)) != 1) { + error_print(); + return -1; + } + if (sphincs_sign_update(&ctx, msg, sizeof(msg)) != 1) { + error_print(); + return -1; + } + if (sphincs_sign_finish(&ctx, sigbuf, &siglen) != 1) { + error_print(); + return -1; + } + + // verify + + if (sphincs_verify_init(&ctx, &key, sigbuf, siglen) != 1) { + error_print(); + return -1; + } + if (sphincs_verify_update(&ctx, msg, sizeof(msg)) != 1) { + error_print(); + return -1; + } + if (sphincs_verify_finish(&ctx) != 1) { + error_print(); + return -1; + } + + + + printf("%s() ok\n", __FUNCTION__); return 1; } diff --git a/tests/x509_exttest.c b/tests/x509_exttest.c index 9953455b..f4312016 100644 --- a/tests/x509_exttest.c +++ b/tests/x509_exttest.c @@ -787,6 +787,8 @@ static int test_x509_cert_with_exts(void) uint8_t name[256]; size_t namelen; time_t not_before, not_after; + int algor = OID_ec_public_key; + int algor_param = OID_sm2; X509_KEY x509_key; uint8_t uniq_id[32]; uint8_t exts[512]; @@ -800,7 +802,7 @@ static int test_x509_cert_with_exts(void) x509_validity_add_days(¬_after, not_before, 365); - if (x509_key_generate(&x509_key, OID_ec_public_key, OID_sm2) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } diff --git a/tests/x509_keytest.c b/tests/x509_keytest.c index c851be4e..d0992622 100644 --- a/tests/x509_keytest.c +++ b/tests/x509_keytest.c @@ -15,99 +15,31 @@ #include #include #include +#include #include +int lms_types[] = { + LMS_HASH256_M32_H5, + LMS_HASH256_M32_H5, + LMS_HASH256_M32_H5, +}; -static int test_x509_algor_param_from_lms_types(void) -{ - int lms_types1[] = { - LMS_HASH256_M32_H5, - LMS_HASH256_M32_H10, - LMS_HASH256_M32_H15, - LMS_HASH256_M32_H20, - LMS_HASH256_M32_H25, - }; - int hss_algor_param1 = 624485; - - int lms_types2[] = { - LMS_HASH256_M32_H5, - LMS_HASH256_M32_H5, - LMS_HASH256_M32_H5, - }; - int hss_algor_param2 = 1365; - - int algor_param1; - int algor_param2; - int lms_types[5]; - size_t num; - - if (x509_algor_param_from_lms_types(&algor_param1, lms_types1, sizeof(lms_types1)/sizeof(lms_types1[0])) != 1) { - error_print(); - return -1; - } - if (algor_param1 != hss_algor_param1) { - format_print(stderr, 0, 4, "hss_algor_param: %d\n", algor_param1); - error_print(); - return -1; - } - if (x509_algor_param_to_lms_types(algor_param1, lms_types, &num) != 1) { - error_print(); - return -1; - } - if (num != sizeof(lms_types1)/sizeof(lms_types1[0])) { - error_print(); - return -1; - } - if (memcmp(lms_types, lms_types1, sizeof(lms_types1)) != 0) { - error_print(); - return -1; - } - - - if (x509_algor_param_from_lms_types(&algor_param2, lms_types2, sizeof(lms_types2)/sizeof(lms_types2[0])) != 1) { - error_print(); - return -1; - } - if (algor_param2 != hss_algor_param2) { - format_print(stderr, 0, 4, "hss_algor_param: %d\n", algor_param2); - error_print(); - return -1; - } - if (x509_algor_param_to_lms_types(algor_param2, lms_types, &num) != 1) { - error_print(); - return -1; - } - if (num != sizeof(lms_types2)/sizeof(lms_types2[0])) { - error_print(); - return -1; - } - if (memcmp(lms_types, lms_types2, sizeof(lms_types2)) != 0) { - error_print(); - return -1; - } - - printf("%s() ok\n", __FUNCTION__); - return 1; -} - -X509_KEY x509_keys[7]; - - - // 这个也要挪到外面,才能判断某个x509_key的类型 - struct { - int algor; - int algor_param; - } tests[] = { - { OID_ec_public_key, OID_sm2 }, - { OID_ec_public_key, OID_secp256r1 }, - { OID_lms_hashsig, LMS_HASH256_M32_H5 }, - { OID_hss_lms_hashsig, 1365 }, - { OID_xmss_hashsig, XMSS_HASH256_10_256 }, - { OID_xmssmt_hashsig, XMSSMT_HASH256_20_4_256 }, - { OID_sphincs_hashsig, OID_undef }, - }; +struct { + int algor; + int algor_param; +} tests[] = { + { OID_ec_public_key, OID_sm2 }, + { OID_ec_public_key, OID_secp256r1 }, + { OID_lms_hashsig, LMS_HASH256_M32_H5 }, + { OID_hss_lms_hashsig, OID_undef }, // use lms_types[] + { OID_xmss_hashsig, XMSS_HASH256_10_256 }, + { OID_xmssmt_hashsig, XMSSMT_HASH256_20_4_256 }, + { OID_sphincs_hashsig, OID_undef }, + { OID_kyber_kem, OID_undef }, +}; +X509_KEY x509_keys[sizeof(tests)/sizeof(tests[0])]; static int test_x509_key_generate(void) @@ -115,15 +47,29 @@ static int test_x509_key_generate(void) size_t i; for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { - if (x509_key_generate(&x509_keys[i], tests[i].algor, tests[i].algor_param) != 1) { + void *param = NULL; + size_t paramlen = 0; + + switch (tests[i].algor) { + case OID_hss_lms_hashsig: + param = lms_types; + paramlen = sizeof(lms_types); + break; + case OID_sphincs_hashsig: + case OID_kyber_kem: + param = NULL; + paramlen = 0; + break; + default: + param = &tests[i].algor_param; + paramlen = sizeof(tests[i].algor_param); + } + if (x509_key_generate(&x509_keys[i], tests[i].algor, param, paramlen) != 1) { error_print(); return -1; } - - // 这个也没有实现啊! - // x509_private_key_print(stderr, 0, 4, "private_key", &x509_keys[i]); - x509_public_key_print(stderr, 0, 4, "private_key", &x509_keys[i]); - + //x509_private_key_print(stderr, 0, 4, "private_key", &x509_keys[i]); + //x509_public_key_print(stderr, 0, 4, "private_key", &x509_keys[i]); } printf("%s() ok\n", __FUNCTION__); @@ -132,31 +78,26 @@ static int test_x509_key_generate(void) static int test_x509_public_key_to_bytes(void) { - int i; - uint8_t buf[128]; + X509_KEY key; + uint8_t buf[1568]; // kyber-1024 uint8_t *p; size_t len; - uint8_t dgst[32]; + int i; - X509_KEY key; - - for (i = 0; i < 7; i++) { + //format_print(stderr, 0, 4, "public_key_to_bytes size\n"); + for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { p = buf; len = 0; if (x509_public_key_to_bytes(&x509_keys[i], &p, &len) != 1) { error_print(); return -1; } - format_print(stderr, 0, 4, "public_key_bytes: %zu\n", len); - + //format_print(stderr, 0, 4, "%s: %zu\n", x509_public_key_algor_name(tests[i].algor), len); if (x509_public_key_digest(&x509_keys[i], dgst) != 1) { error_print(); return -1; } - format_bytes(stderr, 0, 4, "dgst", dgst, 32); - - // 居然没有public_key_from_bytes } printf("%s() ok\n", __FUNCTION__); @@ -166,27 +107,27 @@ static int test_x509_public_key_to_bytes(void) static int test_x509_public_key_info_to_der(void) { X509_KEY key; - uint8_t buf[50240]; + uint8_t buf[2048]; int i; - for (i = 0; i < sizeof(x509_keys)/sizeof(x509_keys[0]); i++) { + //format_print(stderr, 0, 4, "public_key_info_to_bytes size\n"); + for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { const uint8_t *cp = buf; uint8_t *p = buf; size_t len = 0; - fprintf(stderr, "%d: algor = %d param = %d\n", i, x509_keys[i].algor, x509_keys[i].algor_param); - if (x509_public_key_info_to_der(&x509_keys[i], &p, &len) != 1) { error_print(); return -1; } - format_print(stderr, 0, 4, "public_key_der_size: %zu\n", len); + //format_print(stderr, 0, 8, "%s: %zu\n", x509_public_key_algor_name(tests[i].algor), len); if (x509_public_key_info_from_der(&key, &cp, &len) != 1) { error_print(); return -1; } if (len) { + fprintf(stderr, "len = %zu\n", len); error_print(); return -1; } @@ -204,21 +145,79 @@ static int test_x509_public_key_info_to_der(void) static int test_ec_private_key_to_der(void) { X509_KEY key; - uint8_t buf[1024]; + uint8_t buf[512]; int i; - for (i = 0; i < 2; i++) { + for (i = 0; i < sizeof(tests)/sizeof(tests[0]) && tests[i].algor == OID_ec_public_key; i++) { const uint8_t *cp = buf; uint8_t *p = buf; size_t len = 0; - // 目前底层的asn1功能不支持这两个不编码,需要仔细看看是怎么回事,explicit的编码是如何实现的 - int encode_params = 1; // X509_ENCODE_EC_PRIVATE_KEY_PARAMS; - int encode_pubkey = 1; //X509_ENCODE_EC_PRIVATE_KEY_PUBKEY; + int encode_params; + int encode_pubkey; + // test 1 + encode_params = 0; + encode_pubkey = 0; if (ec_private_key_to_der(&x509_keys[i], encode_params, encode_pubkey, &p, &len) != 1) { error_print(); return -1; } + //format_print(stderr, 0, 0, "ECPrivateKey encode_params = %d, encode_pubkey = %d\n", encode_params, encode_pubkey); + //format_bytes(stderr, 0, 0, "ECPrivateKey", buf, len); + if (ec_private_key_from_der(&key, tests[i].algor_param, &cp, &len) != 1) { + error_print(); + return -1; + } + if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { + error_print(); + return -1; + } + + // test 2 + encode_params = 0; + encode_pubkey = 1; + if (ec_private_key_to_der(&x509_keys[i], encode_params, encode_pubkey, &p, &len) != 1) { + error_print(); + return -1; + } + //format_print(stderr, 0, 0, "ECPrivateKey encode_params = %d, encode_pubkey = %d\n", encode_params, encode_pubkey); + //format_bytes(stderr, 0, 0, "ECPrivateKey", buf, len); + if (ec_private_key_from_der(&key, tests[i].algor_param, &cp, &len) != 1) { + error_print(); + return -1; + } + if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { + error_print(); + return -1; + } + + // test 3 + encode_params = 1; + encode_pubkey = 0; + if (ec_private_key_to_der(&x509_keys[i], encode_params, encode_pubkey, &p, &len) != 1) { + error_print(); + return -1; + } + //format_print(stderr, 0, 0, "ECPrivateKey encode_params = %d, encode_pubkey = %d\n", encode_params, encode_pubkey); + //format_bytes(stderr, 0, 0, "ECPrivateKey", buf, len); + if (ec_private_key_from_der(&key, tests[i].algor_param, &cp, &len) != 1) { + error_print(); + return -1; + } + if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { + error_print(); + return -1; + } + + // test 4 + encode_params = 1; + encode_pubkey = 1; + if (ec_private_key_to_der(&x509_keys[i], encode_params, encode_pubkey, &p, &len) != 1) { + error_print(); + return -1; + } + //format_print(stderr, 0, 0, "ECPrivateKey encode_params = %d, encode_pubkey = %d\n", encode_params, encode_pubkey); + //format_bytes(stderr, 0, 0, "ECPrivateKey", buf, len); if (ec_private_key_from_der(&key, tests[i].algor_param, &cp, &len) != 1) { error_print(); return -1; @@ -236,43 +235,36 @@ static int test_ec_private_key_to_der(void) static int test_x509_private_key_info_to_der(void) { X509_KEY key; - uint8_t buf[1024]; + uint8_t buf[512]; int i; - for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { - if (tests[i].algor == OID_ec_public_key) { - const uint8_t *cp = buf; - uint8_t *p = buf; - size_t len = 0; - const uint8_t *attrs; - size_t attrslen; + for (i = 0; i < sizeof(tests)/sizeof(tests[0]) && tests[i].algor == OID_ec_public_key; i++) { + const uint8_t *cp = buf; + uint8_t *p = buf; + size_t len = 0; + const uint8_t *attrs; + size_t attrslen; - if (x509_private_key_info_to_der(&x509_keys[i], &p, &len) != 1) { - error_print(); - return -1; - } - if (x509_private_key_info_from_der(&key, &attrs, &attrslen, &cp, &len) != 1) { - error_print(); - return -1; - } - if (len) { - error_print(); - return -1; - } - if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { - error_print(); - return -1; - } + if (x509_private_key_info_to_der(&x509_keys[i], &p, &len) != 1) { + error_print(); + return -1; + } + if (x509_private_key_info_from_der(&key, &attrs, &attrslen, &cp, &len) != 1) { + error_print(); + return -1; + } + if (len) { + error_print(); + return -1; + } + if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { + error_print(); + return -1; } } printf("%s() ok\n", __FUNCTION__); return 1; - - - - - } static int test_x509_private_key_info_encrypt_to_der(void) @@ -282,30 +274,28 @@ static int test_x509_private_key_info_encrypt_to_der(void) uint8_t buf[1024]; int i; - for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { - if (tests[i].algor == OID_ec_public_key) { - const uint8_t *cp = buf; - uint8_t *p = buf; - size_t len = 0; - const uint8_t *attrs; - size_t attrslen; + for (i = 0; i < sizeof(tests)/sizeof(tests[0]) && tests[i].algor == OID_ec_public_key; i++) { + const uint8_t *cp = buf; + uint8_t *p = buf; + size_t len = 0; + const uint8_t *attrs; + size_t attrslen; - if (x509_private_key_info_encrypt_to_der(&x509_keys[i], pass, &p, &len) != 1) { - error_print(); - return -1; - } - if (x509_private_key_info_decrypt_from_der(&key, &attrs, &attrslen, pass, &cp, &len) != 1) { - error_print(); - return -1; - } - if (len) { - error_print(); - return -1; - } - if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { - error_print(); - return -1; - } + if (x509_private_key_info_encrypt_to_der(&x509_keys[i], pass, &p, &len) != 1) { + error_print(); + return -1; + } + if (x509_private_key_info_decrypt_from_der(&key, &attrs, &attrslen, pass, &cp, &len) != 1) { + error_print(); + return -1; + } + if (len) { + error_print(); + return -1; + } + if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { + error_print(); + return -1; } } @@ -313,7 +303,6 @@ static int test_x509_private_key_info_encrypt_to_der(void) return 1; } - static int test_x509_private_key_info_encrypt_to_pem(void) { const char *pass = "P@ssw0rd"; @@ -323,41 +312,186 @@ static int test_x509_private_key_info_encrypt_to_pem(void) int i; + for (i = 0; i < sizeof(tests)/sizeof(tests[0]) && tests[i].algor == OID_ec_public_key; i++) { + const uint8_t *cp = buf; + uint8_t *p = buf; + size_t len = 0; + const uint8_t *attrs; + size_t attrslen; + + if (!(fp = fopen("test_x509_private_key_info_encrypt_to_pem.pem", "w"))) { + error_print(); + return -1; + } + if (x509_private_key_info_encrypt_to_pem(&x509_keys[i], pass, fp) != 1) { + error_print(); + return -1; + } + fclose(fp); + + if (!(fp = fopen("test_x509_private_key_info_encrypt_to_pem.pem", "r"))) { + error_print(); + return -1; + } + if (x509_private_key_info_decrypt_from_pem(&key, &attrs, &attrslen, pass, fp) != 1) { + error_print(); + return -1; + } + fclose(fp); + if (len) { + error_print(); + return -1; + } + if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { + error_print(); + return -1; + } + } + + printf("%s() ok\n", __FUNCTION__); + return 1; +} + +static int test_x509_sign(void) +{ + size_t i; + X509_SIGN_CTX sign_ctx; + void *args = NULL; + size_t argslen = 0; + uint8_t msg[66]; + uint8_t sig[40969]; + size_t siglen; + for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { - if (tests[i].algor == OID_ec_public_key) { - const uint8_t *cp = buf; - uint8_t *p = buf; - size_t len = 0; - const uint8_t *attrs; - size_t attrslen; + if (tests[i].algor == OID_kyber_kem) { + continue; + } + //format_print(stderr, 0, 4, "%s\n", x509_public_key_algor_name(tests[i].algor)); + if (x509_sign_init(&sign_ctx, &x509_keys[i], args, argslen) != 1) { + error_print(); + return -1; + } + if (x509_sign(&sign_ctx, msg, sizeof(msg), sig, &siglen) != 1) { + error_print(); + return -1; + } + if (x509_verify_init(&sign_ctx, &x509_keys[i], args, argslen, sig, siglen) != 1) { + error_print(); + return -1; + } + if (x509_verify(&sign_ctx, msg, sizeof(msg)) != 1) { + error_print(); + return -1; + } + } - if (!(fp = fopen("test_x509_private_key_info_encrypt_to_pem.pem", "w"))) { - error_print(); - return -1; - } - if (x509_private_key_info_encrypt_to_pem(&x509_keys[i], pass, fp) != 1) { - error_print(); - return -1; - } - fclose(fp); + printf("%s() ok\n", __FUNCTION__); + return 1; +} - if (!(fp = fopen("test_x509_private_key_info_encrypt_to_pem.pem", "r"))) { - error_print(); - return -1; - } - if (x509_private_key_info_decrypt_from_pem(&key, &attrs, &attrslen, pass, fp) != 1) { - error_print(); - return -1; - } - fclose(fp); - if (len) { - error_print(); - return -1; - } - if (x509_public_key_equ(&key, &x509_keys[i]) != 1) { - error_print(); - return -1; - } +static int test_x509_key_exchange(void) +{ + X509_KEY key; + uint8_t point1[65]; + uint8_t point2[65]; + uint8_t share1[32]; + uint8_t share2[32]; + uint8_t *p; + size_t len; + size_t i; + + for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { + if (tests[i].algor != OID_ec_public_key) { + continue; + } + if (x509_key_generate(&key, tests[i].algor, &tests[i].algor_param, sizeof(tests[i].algor_param)) != 1) { + error_print(); + return -1; + } + + // export public key 1 + p = point1; + len = 0; + if (x509_public_key_to_bytes(&key, &p, &len) != 1) { + error_print(); + return -1; + } + if (len != sizeof(point1)) { + error_print(); + return -1; + } + + // export public key 2 + p = point2; + len = 0; + if (x509_public_key_to_bytes(&x509_keys[i], &p, &len) != 1) { + error_print(); + return -1; + } + if (len != sizeof(point2)) { + error_print(); + return -1; + } + + // key exchange 1 + if (x509_key_exchange(&key, point2, sizeof(point2), share1, &len) != 1) { + error_print(); + return -1; + } + if (len != sizeof(share1)) { + error_print(); + return -1; + } + + // key exchange 2 + if (x509_key_exchange(&x509_keys[i], point1, sizeof(point1), share2, &len) != 1) { + error_print(); + return -1; + } + if (len != sizeof(share2)) { + error_print(); + return -1; + } + + // share secrets equal + if (memcmp(share1, share2, sizeof(share1)) != 0) { + error_print(); + return -1; + } + } + + printf("%s() ok\n", __FUNCTION__); + return 1; +} + +static int test_x509_kem(void) +{ + uint8_t ciphertext[sizeof(KYBER_CIPHERTEXT)]; + size_t ciphertext_len; + uint8_t secret1[32]; + uint8_t secret2[32]; + size_t i; + + for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { + if (tests[i].algor != OID_kyber_kem) { + continue; + } + + if (x509_key_encapsulate(&x509_keys[i], ciphertext, &ciphertext_len, secret1) != 1) { + error_print(); + return -1; + } + if (ciphertext_len != sizeof(ciphertext)) { + error_print(); + return -1; + } + if (x509_key_decapsulate(&x509_keys[i], ciphertext, ciphertext_len, secret2) != 1) { + error_print(); + return -1; + } + if (memcmp(secret1, secret2, 32) != 0) { + error_print(); + return -1; } } @@ -366,42 +500,18 @@ static int test_x509_private_key_info_encrypt_to_pem(void) } - - - - - - - - - - - - -// 首先某些头文件中的函数并没有实现,很奇怪! - -// 然后是某些数据长度(公钥、签名之类)还没有计算具体的值,因此没有办法准备最大的缓冲去 - -// 应该把密钥生成放到最外面,这样只需要生成一次就可以了 - -// X509_KEY还不支持Kyber - - - - - - - int main(void) { if (test_x509_key_generate() != 1) goto err; - if (test_x509_algor_param_from_lms_types() != 1) goto err; if (test_x509_public_key_to_bytes() != 1) goto err; if (test_x509_public_key_info_to_der() != 1) goto err; if (test_ec_private_key_to_der() != 1) goto err; if (test_x509_private_key_info_to_der() != 1) goto err; if (test_x509_private_key_info_encrypt_to_der() != 1) goto err; if (test_x509_private_key_info_encrypt_to_pem() != 1) goto err; + if (test_x509_sign() != 1) goto err; + if (test_x509_key_exchange() != 1) goto err; + if (test_x509_kem() != 1) goto err; printf("%s all tests passed!\n", __FILE__); return 0; diff --git a/tests/x509_reqtest.c b/tests/x509_reqtest.c index daf90d28..8422d866 100644 --- a/tests/x509_reqtest.c +++ b/tests/x509_reqtest.c @@ -43,7 +43,7 @@ static int test_x509_request_info(void) X509_KEY pub_key; const uint8_t *attrs; - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -152,7 +152,7 @@ static int test_x509_req(void) uint8_t *p = req; size_t reqlen = 0; - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } diff --git a/tests/x509test.c b/tests/x509test.c index 2bdd340f..1a5515af 100644 --- a/tests/x509test.c +++ b/tests/x509test.c @@ -230,7 +230,7 @@ static int test_x509_public_key_info(void) const uint8_t *d; size_t dlen; - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -242,7 +242,7 @@ static int test_x509_public_key_info(void) } x509_public_key_info_print(stdout, 0, 4, "PublicKeyInfo", d, dlen); - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -296,7 +296,7 @@ static int test_x509_tbs_cert(void) x509_validity_add_days(¬_after, not_before, 365); set_x509_name(subject, &subject_len, sizeof(subject)); - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } @@ -374,7 +374,7 @@ static int test_x509_cert(void) x509_validity_add_days(¬_after, not_before, 365); set_x509_name(subject, &subject_len, sizeof(subject)); - if (x509_key_generate(&x509_key, algor, algor_param) != 1) { + if (x509_key_generate(&x509_key, algor, &algor_param, sizeof(algor_param)) != 1) { error_print(); return -1; } diff --git a/tests/xmsstest.c b/tests/xmsstest.c index 6a9e5bad..558dbeb3 100644 --- a/tests/xmsstest.c +++ b/tests/xmsstest.c @@ -549,12 +549,12 @@ static int test_xmss_sign(void) } - -static int test_xmss_sign_init(void) +static int test_xmss_sign_update(void) { uint32_t xmss_type = XMSS_HASH256_10_256; XMSS_KEY key; XMSS_SIGN_CTX sign_ctx; + XMSS_SIGNATURE signature; uint8_t sig[XMSS_SIGNATURE_MAX_SIZE]; size_t siglen; uint8_t msg[100] = {0}; @@ -573,12 +573,14 @@ static int test_xmss_sign_init(void) error_print(); return -1; } - if (xmss_sign_finish(&sign_ctx, sig, &siglen) != 1) { + if (xmss_sign_finish_ex(&sign_ctx, &signature) != 1) { error_print(); return -1; } + xmss_signature_print_ex(stderr, (int)xmss_type, 4, "xmss_signature", &signature); - if (xmss_verify_init(&sign_ctx, &key, sig, siglen) != 1) { + + if (xmss_verify_init_ex(&sign_ctx, &key, &signature) != 1) { error_print(); return -1; } @@ -1057,7 +1059,8 @@ static int test_xmssmt_sign_update(void) XMSSMT_SIGN_CTX ctx; XMSSMT_SIGNATURE sig; uint8_t msg[100] = {0}; - + uint8_t sigbuf[sizeof(XMSSMT_SIGNATURE) *2 ]; + size_t siglen; if (xmssmt_key_generate(&key, xmssmt_type) != 1) { error_print(); @@ -1092,6 +1095,44 @@ static int test_xmssmt_sign_update(void) return -1; } + + // sigbuf + + if (xmssmt_sign_init(&ctx, &key) != 1) { + error_print(); + return -1; + } + if (xmssmt_sign_update(&ctx, msg, sizeof(msg)) != 1) { + error_print(); + return -1; + } + if (xmssmt_sign_finish(&ctx, sigbuf, &siglen) != 1) { + error_print(); + return -1; + } + + memset(&ctx, 0, sizeof(ctx)); + if (xmssmt_verify_init(&ctx, &key, sigbuf, siglen) != 1) { + error_print(); + return -1; + } + if (xmssmt_verify_update(&ctx, msg, sizeof(msg)) != 1) { + error_print(); + return -1; + } + if (xmssmt_verify_finish(&ctx) != 1) { + error_print(); + return -1; + } + + + + + + + + + printf("%s() ok\n", __FUNCTION__); return 1; } @@ -1114,7 +1155,7 @@ int main(void) //if (test_xmss_private_key_to_bytes() != 1) goto err; if (test_xmss_signature_size() != 1) goto err; if (test_xmss_sign() != 1) goto err; - if (test_xmss_sign_init() != 1) goto err; + if (test_xmss_sign_update() != 1) goto err; if (test_xmssmt_key_generate() != 1) goto err; if (test_xmssmt_index_to_bytes() != 1) goto err; if (test_xmssmt_signature_to_bytes() != 1) goto err;