mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-07 00:46:17 +08:00
x509_key all tests passed
This commit is contained in:
Zhi Guan
@@ -19,11 +19,12 @@
|
||||
#include <gmssl/oid.h>
|
||||
#include <gmssl/asn1.h>
|
||||
#include <gmssl/sm2.h>
|
||||
#include <gmssl/secp256r1_key.h>
|
||||
#include <gmssl/ecdsa.h>
|
||||
#include <gmssl/lms.h>
|
||||
#include <gmssl/xmss.h>
|
||||
#include <gmssl/sphincs.h>
|
||||
#include <gmssl/secp256r1_key.h>
|
||||
#include <gmssl/kyber.h>
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -36,28 +37,24 @@ typedef struct {
|
||||
int algor_param;
|
||||
union {
|
||||
SM2_KEY sm2_key;
|
||||
SECP256R1_KEY secp256r1_key;
|
||||
LMS_KEY lms_key;
|
||||
HSS_KEY hss_key;
|
||||
XMSS_KEY xmss_key;
|
||||
XMSSMT_KEY xmssmt_key;
|
||||
SPHINCS_KEY sphincs_key;
|
||||
SECP256R1_KEY secp256r1_key;
|
||||
KYBER_KEY kyber_key;
|
||||
} u;
|
||||
const char *signer_id;
|
||||
size_t signer_idlen;
|
||||
} X509_KEY;
|
||||
|
||||
int x509_key_set_sm2_key(X509_KEY *x509_key, const SM2_KEY *sm2_key);
|
||||
int x509_key_set_secp256r1_key(X509_KEY *x509_key, const SECP256R1_KEY *secp256r1_key);
|
||||
int x509_key_set_lms_key(X509_KEY *x509_key, const LMS_KEY *lms_key);
|
||||
int x509_key_set_hss_key(X509_KEY *x509_key, const HSS_KEY *hss_key);
|
||||
int x509_key_set_xmss_key(X509_KEY *x509_key, const XMSS_KEY *xmss_key);
|
||||
int x509_key_set_xmssmt_key(X509_KEY *x509_key, const XMSSMT_KEY *xmssmt_key);
|
||||
int x509_key_set_sphincs_key(X509_KEY *x509_key, const SPHINCS_KEY *sphincs_key);
|
||||
int x509_key_set_secp256r1_key(X509_KEY *x509_key, const SECP256R1_KEY *secp256r1_key);
|
||||
|
||||
// hss_key_generate need lms_types[] as input, encode lms_types[] into (int)algor_param
|
||||
int x509_algor_param_from_lms_types(int *algor_param, const int *lms_types, size_t num);
|
||||
int x509_algor_param_to_lms_types(int algor_param, int lms_types[5], size_t *num);
|
||||
int x509_key_set_kyber_key(X509_KEY *x509_key, const KYBER_KEY *kyber_key);
|
||||
|
||||
/*
|
||||
algor: algor_param:
|
||||
@@ -69,45 +66,61 @@ int x509_algor_param_to_lms_types(int algor_param, int lms_types[5], size_t *num
|
||||
OID_xmsssmt_hashsig xmssmt_type
|
||||
OID_sphincs_hashsig OID_undef
|
||||
*/
|
||||
int x509_key_generate(X509_KEY *key, int algor, int algor_param);
|
||||
int x509_private_key_from_file(X509_KEY *key, int algor, const char *pass, FILE *fp);
|
||||
int x509_key_generate(X509_KEY *key, int algor, const void *param, size_t paramlen);
|
||||
void x509_key_cleanup(X509_KEY *key);
|
||||
|
||||
|
||||
// SM2_PUBLIC_KEY_SIZE = 65
|
||||
// LMS_PUBLIC_KEY_SIZE = 56
|
||||
// HSS_PUBLIC_KEY_SIZE = 60
|
||||
// XMSS_PUBLIC_KEY_SIZE = 68
|
||||
// XMSSMT_PUBLIC_KEY_SIZE = 68
|
||||
// SPHINCS_PUBLIC_KEY_SIZE = 32
|
||||
// SECP256R1_PUBLIC_KEY_SIZE = 65
|
||||
#define X509_PUBLIC_KEY_MAX_SIZE 68
|
||||
/*
|
||||
x509_public_key_to_bytes() outlen
|
||||
ecPublicKey: 65
|
||||
lms-hashsig: 56
|
||||
hss-lms-hashsig: 60
|
||||
xmss-hashsig: 68
|
||||
xmssmt-hashsig: 68
|
||||
sphincs-hashsig: 32
|
||||
kyber-kem: 800/1184/1568 for kyber 512/768/1024
|
||||
*/
|
||||
#define X509_PUBLIC_KEY_MAX_SIZE 1184
|
||||
int x509_public_key_to_bytes(const X509_KEY *key, uint8_t **out, size_t *outlen);
|
||||
int x509_public_key_from_bytes(X509_KEY *key, int algor, int algor_param, const uint8_t **in, size_t *inlen);
|
||||
int x509_public_key_digest(const X509_KEY *key, uint8_t dgst[32]);
|
||||
int x509_public_key_equ(const X509_KEY *key, const X509_KEY *pub);
|
||||
int x509_public_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key);
|
||||
int x509_private_key_print(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key);
|
||||
int x509_private_key_print_ex(FILE *fp, int fmt, int ind, const char *label, const X509_KEY *key);
|
||||
|
||||
// X.509 SubjectPublicKeyInfo
|
||||
/*
|
||||
X.509 SubjectPublicKeyInfo
|
||||
|
||||
x509_public_key_info_to_der() outlen
|
||||
ecPublicKey: 91
|
||||
lms-hashsig: 79
|
||||
hss-lms-hashsig: 82
|
||||
xmss-hashsig: 87
|
||||
xmssmt-hashsig: 87
|
||||
sphincs-hashsig: 52
|
||||
kyber-kem:
|
||||
*/
|
||||
#define X509_PUBLIC_KEY_INFO_MAX_SIZE 1280 // for kyber and 91 for others
|
||||
int x509_public_key_info_to_der(const X509_KEY *key, uint8_t **out, size_t *outlen);
|
||||
int x509_public_key_info_from_der(X509_KEY *key, const uint8_t **in, size_t *inlen);
|
||||
int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
|
||||
|
||||
|
||||
// ECPrivateKey when key->algor == OID_ec_public_key
|
||||
int ec_private_key_to_der(const X509_KEY *key, int encode_params, int encode_pubkey, uint8_t **out, size_t *outlen);
|
||||
int ec_private_key_from_der(X509_KEY *key, int opt_curve, const uint8_t **in, size_t *inlen);
|
||||
int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); // from <gmssl/ec.h>
|
||||
// X509_KEY lost some information of ECPrivateKey. so no ec_private_key_print_ex(X509_KEY)
|
||||
|
||||
// 没有打印的函数!
|
||||
|
||||
// PKCS #8 PrivateKeyInfo
|
||||
// PrivateKeyInfo.algor.parameters has the named_curve
|
||||
// so omit the optional ECPrivateKey params(named_curve) a nd omit the public_key
|
||||
#define X509_ENCODE_EC_PRIVATE_KEY_PARAMS 1
|
||||
#define X509_ENCODE_EC_PRIVATE_KEY_PARAMS 0
|
||||
#define X509_ENCODE_EC_PRIVATE_KEY_PUBKEY 1
|
||||
int x509_private_key_info_to_der(const X509_KEY *key, uint8_t **out, size_t *outlen);
|
||||
int x509_private_key_info_from_der(X509_KEY *key, const uint8_t **attrs, size_t *attrslen,
|
||||
const uint8_t **in, size_t *inlen);
|
||||
// 没有打印的函数
|
||||
// TODO: no x509_private_key_info_print
|
||||
|
||||
// PKCS #8 EncryptedPrivateKeyInfo
|
||||
#define PKCS8_ENCED_PRIVATE_KEY_INFO_ITER 65536
|
||||
@@ -117,9 +130,6 @@ int x509_private_key_info_decrypt_from_der(X509_KEY *x509_key,
|
||||
const uint8_t **attrs, size_t *attrs_len,
|
||||
const char *pass, const uint8_t **in, size_t *inlen);
|
||||
|
||||
// require stdio
|
||||
int x509_private_key_info_encrypt_to_pem(const X509_KEY *key, const char *pass, FILE *fp);
|
||||
int x509_private_key_info_decrypt_from_pem(X509_KEY *key, const uint8_t **attrs, size_t *attrslen, const char *pass, FILE *fp);
|
||||
|
||||
|
||||
// SM2_SIGNATURE_MAX_SIZE = 72
|
||||
@@ -147,15 +157,17 @@ typedef struct {
|
||||
union {
|
||||
SM2_SIGN_CTX sm2_sign_ctx;
|
||||
SM2_VERIFY_CTX sm2_verify_ctx;
|
||||
ECDSA_SIGN_CTX ecdsa_sign_ctx;
|
||||
LMS_SIGN_CTX lms_sign_ctx;
|
||||
HSS_SIGN_CTX hss_sign_ctx;
|
||||
XMSS_SIGN_CTX xmss_sign_ctx;
|
||||
XMSSMT_SIGN_CTX xmssmt_sign_ctx;
|
||||
SPHINCS_SIGN_CTX sphincs_sign_ctx;
|
||||
ECDSA_SIGN_CTX ecdsa_sign_ctx;
|
||||
} u;
|
||||
int sign_algor;
|
||||
uint8_t sig[X509_SIGNATURE_MAX_SIZE];
|
||||
size_t siglen;
|
||||
size_t fixed_siglen;
|
||||
} X509_SIGN_CTX;
|
||||
|
||||
|
||||
@@ -176,20 +188,50 @@ int x509_key_get_signature_size(const X509_KEY *key, size_t *siglen);
|
||||
// sm2 SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH
|
||||
// TLS13_SM2_ID, TLS13_SM2_ID_LENGTH
|
||||
// sphincs optiona_random, 16
|
||||
|
||||
|
||||
/*
|
||||
x509_sign_init argumetns
|
||||
|
||||
x509_key->algor:algor_param ctx->sign_algor args argslen
|
||||
------------------------------------------------------------------------------------------------
|
||||
OID_ec_public_key:OID_sm2 OID_sm2sign_with_sm3 char *id idlen
|
||||
NULL 0 use SM2_DEFAULT_ID
|
||||
OID_ec_public_key:OID_secp256r1 OID_ecdsa_with_sha256 NULL 0
|
||||
OID_lms_hashsig:OID_undef OID_lms_hashsig NULL 0
|
||||
OID_hss_lms_hashsig:OID_undef OID_hss_lms_hashsig NULL 0
|
||||
OID_xmss_hashsig:OID_undef OID_xmss_hashsig NULL 0
|
||||
OID_xmssmt_hashsig:OID_undef OID_xmssmt_hashsig NULL 0
|
||||
OID_sphincs_hashsig:OID_undef OID_sphincs_hashsig u8 rand[16] 16 randomized signature
|
||||
NULL 0 deterministic signature
|
||||
*/
|
||||
int x509_sign_init(X509_SIGN_CTX *ctx, X509_KEY *key, const void *args, size_t argslen);
|
||||
int x509_sign_set_signature_size(X509_SIGN_CTX *ctx, size_t siglen);
|
||||
int x509_sign_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
|
||||
int x509_sign_finish(X509_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen);
|
||||
int x509_sign(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen, uint8_t *sig, size_t *siglen);
|
||||
int x509_verify_init(X509_SIGN_CTX *ctx, const X509_KEY *key, const void *args, size_t argslen,
|
||||
const uint8_t *sig, size_t siglen);
|
||||
int x509_verify_update(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
|
||||
int x509_verify_finish(X509_SIGN_CTX *ctx);
|
||||
int x509_verify(X509_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
|
||||
void x509_sign_ctx_cleanup(X509_SIGN_CTX *ctx);
|
||||
|
||||
|
||||
// ECDH for key->algor == OID_ec_public_key
|
||||
int x509_key_do_exchange(const X509_KEY *key, const X509_KEY *peer_pub, uint8_t *out, size_t *outlen);
|
||||
int x509_key_exchange(const X509_KEY *key, const uint8_t *peer_pub, size_t peer_publen, uint8_t *out, size_t *outlen);
|
||||
|
||||
// KEM
|
||||
#define X509_KEM_CIPHERTEXT_SIZE sizeof(KYBER_CIPHERTEXT)
|
||||
int x509_key_encapsulate(const X509_KEY *key, uint8_t *ciphertext, size_t *ciphertext_len, uint8_t secret[32]);
|
||||
int x509_key_decapsulate(const X509_KEY *key, const uint8_t *ciphertext, size_t ciphertext_len, uint8_t secret[32]);
|
||||
|
||||
|
||||
// require stdio
|
||||
int x509_private_key_info_encrypt_to_pem(const X509_KEY *key, const char *pass, FILE *fp);
|
||||
int x509_private_key_info_decrypt_from_pem(X509_KEY *key, const uint8_t **attrs, size_t *attrslen, const char *pass, FILE *fp);
|
||||
int x509_private_key_from_file(X509_KEY *key, int algor, const char *pass, FILE *fp);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user