x509_key all tests passed

src/secp256r1.c

@@ -502,23 +502,26 @@ void secp256r1_point_sub(SECP256R1_POINT *R, const SECP256R1_POINT *P, const SEC
 
 void secp256r1_point_mul(SECP256R1_POINT *R, const secp256r1_t k, const SECP256R1_POINT *P)
 {
+	SECP256R1_POINT T;
 	uint32_t bits;
 	int nbits;
 	int i;
 
-	secp256r1_point_set_infinity(R);
+	secp256r1_point_set_infinity(&T);
 
 	for (i = 7; i >= 0; i--) {
 		bits = k[i];
 		nbits = 32;
 		while (nbits-- > 0) {
-			secp256r1_point_dbl(R, R);
+			secp256r1_point_dbl(&T, &T);
 			if (bits & 0x80000000) {
-				secp256r1_point_add(R, R, P);
+				secp256r1_point_add(&T, &T, P);
 			}
 			bits <<= 1;
 		}
 	}
+
+	secp256r1_point_copy(R, &T);
 }
 
 void secp256r1_point_mul_generator(SECP256R1_POINT *R, const secp256r1_t k)

src/sm2_sign.c

@@ -567,8 +567,6 @@ int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
 
 	sm3_finish(&ctx->sm3_ctx, dgst);
 
-	format_bytes(stderr, 0, 4, "signed dgst", dgst, 32);
-
 	if (ctx->num_pre_comp == 0) {
 		if (sm2_fast_sign_pre_compute(ctx->pre_comp) != 1) {
 			error_print();
@@ -672,8 +670,6 @@ int sm2_verify_finish(SM2_VERIFY_CTX *ctx, const uint8_t *sigbuf, size_t siglen)
 
 	sm3_finish(&ctx->sm3_ctx, dgst);
 
-	format_bytes(stderr, 0, 4, "verify dgst", dgst, 32);
-
 	if (sm2_fast_verify(ctx->public_point_table, dgst, &sig) != 1) {
 		error_print();
 		return -1;

src/sphincs.c

@@ -1418,6 +1418,7 @@ int sphincs_signature_print(FILE *fp, int fmt, int ind, const char *label, const
 	return 1;
 }
 
+// when opt_rand is null, generate a determistic signature (without random)
 int sphincs_sign_init_ex(SPHINCS_SIGN_CTX *ctx, const SPHINCS_KEY *key, const sphincs_hash128_t opt_rand)
 {
 	if (!ctx || !key) {

src/tls12.c

@@ -781,11 +781,10 @@ int tls_send_server_key_exchange(TLS_CONNECT *conn)
 
 	tls_trace("send ServerKeyExchange\n");
 
-
 	if (conn->recordlen == 0) {
+		int curve_oid = tls_named_curve_oid(conn->ecdh_named_curve);
 		// generate server ecdh_key
-		if (x509_key_generate(&conn->ecdh_key,
-			OID_ec_public_key, tls_named_curve_oid(conn->ecdh_named_curve)) != 1) {
+		if (x509_key_generate(&conn->ecdh_key, OID_ec_public_key, &curve_oid, sizeof(curve_oid)) != 1) {
 			error_print();
 			return -1;
 		}
@@ -1371,8 +1370,8 @@ int tls_send_client_key_exchange(TLS_CONNECT *conn)
 	// 因此在接收到服务器的公钥之后，应该保存这个信息
 
 	if (conn->recordlen == 0) {
-		if (x509_key_generate(&conn->ecdh_key,
-			OID_ec_public_key, tls_named_curve_oid(conn->ecdh_named_curve)) != 1) {
+		int curve_oid = tls_named_curve_oid(conn->ecdh_named_curve);
+		if (x509_key_generate(&conn->ecdh_key, OID_ec_public_key, &curve_oid, sizeof(curve_oid)) != 1) {
 			error_print();
 			return -1;
 		}

src/x509_alg.c

@@ -279,10 +279,8 @@ static uint32_t  oid_lms_hashsig[] = { oid_pkcs,9,16,3,17,1 }; // TODO: not offi
 static uint32_t  oid_xmss_hashsig[] = { oid_alg, 34 };
 static uint32_t  oid_xmssmt_hashsig[] = { oid_alg, 35 };
 
-// joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4)
-#define oid_nist_algs       2,16,840,1,101,3,4
 static uint32_t oid_sphincs_hashsig[] = { oid_nist_algs,3,20 }; // TODO: sphincs+ 128s with sha256, not officially defined
-
+static uint32_t oid_kyber_kem[] = { oid_nist_algs,22,4 };
 
 /*
 from RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
@@ -606,6 +604,7 @@ static const ASN1_OID_INFO x509_public_key_algors[] = {
 #ifdef ENABLE_SPHINCS
 	{ OID_sphincs_hashsig, "sphincs-hashsig", oid_sphincs_hashsig, sizeof(oid_sphincs_hashsig)/sizeof(int), 1 },
 #endif
+	{ OID_kyber_kem, "kyber-kem", oid_kyber_kem, sizeof(oid_kyber_kem)/sizeof(int), 1 },
 };
 
 static const int x509_public_key_algors_count =
@@ -631,6 +630,7 @@ int x509_public_key_algor_from_name(const char *name)
 	return info->oid;
 }
 
+// FIXME: add kyber, and use same code for LMS/XMSS/SPHINCS...
 int x509_public_key_algor_to_der(int oid, int curve_or_null, uint8_t **out, size_t *outlen)
 {
 	size_t len = 0;
@@ -714,6 +714,16 @@ int x509_public_key_algor_to_der(int oid, int curve_or_null, uint8_t **out, size
 		}
 		break;
 #endif
+	case OID_kyber_kem:
+		if (asn1_object_identifier_to_der(oid_kyber_kem, sizeof(oid_kyber_kem)/sizeof(int), NULL, &len) != 1
+			|| asn1_null_to_der(NULL, &len) != 1
+			|| asn1_sequence_header_to_der(len, out, outlen) != 1
+			|| asn1_object_identifier_to_der(oid_kyber_kem, sizeof(oid_kyber_kem)/sizeof(int), out, outlen) != 1
+			|| asn1_null_to_der(out, outlen) != 1) {
+			error_print();
+			return -1;
+		}
+		break;
 	default:
 		error_print();
 		return -1;
@@ -772,6 +782,7 @@ int x509_public_key_algor_from_der(int *oid , int *curve_or_null, const uint8_t
 	case OID_xmssmt_hashsig:
 #endif
 	case OID_sphincs_hashsig:
+	case OID_kyber_kem:
 		// for hashsigs, parmaeters is set to empty
 		if ((ret = asn1_null_from_der(&d, &dlen)) < 0
 			|| asn1_length_is_zero(dlen) != 1) {
@@ -779,7 +790,7 @@ int x509_public_key_algor_from_der(int *oid , int *curve_or_null, const uint8_t
 			return -1;
 		}
 		if (ret == 1) {
-			error_print();
+			//error_print();				
 		}
 		*curve_or_null = OID_undef;
 		break;

src/x509_cer.c

@@ -905,6 +905,7 @@ int x509_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_
 	return 1;
 }
 
+/*
 int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
 {
 	const uint8_t *p = d;
@@ -937,6 +938,7 @@ err:
 	error_print();
 	return -1;
 }
+*/
 
 int x509_explicit_exts_to_der(int index, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen)
 {
@@ -1119,6 +1121,9 @@ int x509_cert_sign_to_der(
 		error_print();
 		return -1;
 	}
+	if (sign_key->algor == OID_ec_public_key) {
+		siglen = SM2_signature_typical_size;
+	}
 
 	if (x509_tbs_cert_to_der(
 		version,
@@ -1167,9 +1172,18 @@ int x509_cert_sign_to_der(
 			sign_args = SM2_DEFAULT_ID;
 			sign_argslen = SM2_DEFAULT_ID_LENGTH;
 		}
-		if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1
-			|| x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1
-			|| x509_sign_finish(&sign_ctx, sig, &siglen) != 1) {
+		if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1) {
+			error_print();
+			return -1;
+		}
+		if (sign_key->algor == OID_ec_public_key) {
+			if (x509_sign_set_signature_size(&sign_ctx, siglen) != 1) {
+				gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
+				error_print();
+				return -1;
+			}
+		}
+		if (x509_sign(&sign_ctx, tbs, *out - tbs, sig, &siglen) != 1) {
 			gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
 			error_print();
 			return -1;

src/x509_crl.c

@@ -1444,6 +1444,9 @@ int x509_crl_sign_to_der(
 		error_print();
 		return -1;
 	}
+	if (sign_key->algor == OID_ec_public_key) {
+		siglen = SM2_signature_typical_size;
+	}
 
 	if (x509_tbs_crl_to_der(version, sig_alg, issuer, issuer_len,
 			this_update, next_update, revoked_certs, revoked_certs_len,
@@ -1472,9 +1475,18 @@ int x509_crl_sign_to_der(
 			sign_args = SM2_DEFAULT_ID;
 			sign_argslen = SM2_DEFAULT_ID_LENGTH;
 		}
-		if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1
-			|| x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1
-			|| x509_sign_finish(&sign_ctx, sig, &siglen) != 1) {
+		if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1) {
+			error_print();
+			return -1;
+		}
+		if (sign_key->algor == OID_ec_public_key) {
+			if (x509_sign_set_signature_size(&sign_ctx, siglen) != 1) {
+				gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
+				error_print();
+				return -1;
+			}
+		}
+		if (x509_sign(&sign_ctx, tbs, *out - tbs, sig, &siglen) != 1) {
 			gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
 			error_print();
 			return -1;

src/x509_req.c

@@ -180,6 +180,9 @@ int x509_req_sign_to_der(
 		error_print();
 		return -1;
 	}
+	if (sign_key->algor == OID_ec_public_key) {
+		siglen = SM2_signature_typical_size;
+	}
 
 	if (x509_request_info_to_der(version, subject, subject_len, subject_public_key,
 			attrs, attrs_len, NULL, &len) != 1
@@ -206,9 +209,18 @@ int x509_req_sign_to_der(
 			sign_args = SM2_DEFAULT_ID;
 			sign_argslen = SM2_DEFAULT_ID_LENGTH;
 		}
-		if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1
-			|| x509_sign_update(&sign_ctx, tbs, *out - tbs) != 1
-			|| x509_sign_finish(&sign_ctx, sig, &siglen) != 1) {
+		if (x509_sign_init(&sign_ctx, sign_key, sign_args, sign_argslen) != 1) {
+			error_print();
+			return -1;
+		}
+		if (sign_key->algor == OID_ec_public_key) {
+			if (x509_sign_set_signature_size(&sign_ctx, siglen) != 1) {
+				gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
+				error_print();
+				return -1;
+			}
+		}
+		if (x509_sign(&sign_ctx, tbs, *out - tbs, sig, &siglen) != 1) {
 			gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
 			error_print();
 			return -1;

src/xmss.c

@@ -1204,14 +1204,16 @@ int xmss_sign_init(XMSS_SIGN_CTX *ctx, XMSS_KEY *key)
 	xmss_adrs_set_ots_address(adrs, key->index);
 	xmss_wots_derive_sk(key->secret, key->public_key.seed, adrs, ctx->xmss_sig.wots_sig);
 
+	// xmss_sig.auth_path
+	xmss_build_auth_path(key->tree, height, key->index, ctx->xmss_sig.auth_path);
+
+
 	// update key->index
 	if (xmss_key_update(key) != 1) {
 		error_print();
 		return -1;
 	}
 
-	// xmss_sig.auth_path
-	xmss_build_auth_path(key->tree, height, key->index, ctx->xmss_sig.auth_path);
 
 	// H_msg(M) := HASH256(toByte(2, 32) || r || XMSS_ROOT || toByte(idx_sig, 32) || M)
 	xmss_hash256_init(&ctx->hash256_ctx);
@@ -1235,6 +1237,30 @@ int xmss_sign_update(XMSS_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
 	return 1;
 }
 
+int xmss_sign_finish_ex(XMSS_SIGN_CTX *ctx, XMSS_SIGNATURE *sig)
+{
+	xmss_adrs_t adrs;
+	xmss_hash256_t dgst;
+
+	if (!ctx || !sig) {
+		error_print();
+		return -1;
+	}
+
+	xmss_hash256_finish(&ctx->hash256_ctx, dgst);
+
+	xmss_adrs_set_layer_address(adrs, 0);
+	xmss_adrs_set_tree_address(adrs, 0);
+	xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_OTS);
+	xmss_adrs_set_ots_address(adrs, ctx->xmss_sig.index);
+
+	xmss_wots_sign(ctx->xmss_sig.wots_sig, ctx->xmss_public_key.seed, adrs, dgst,
+		ctx->xmss_sig.wots_sig);
+
+	*sig = ctx->xmss_sig;
+	return 1;
+}
+
 // TODO: support output *siglen only
 int xmss_sign_finish(XMSS_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
 {
@@ -1365,8 +1391,10 @@ int xmss_verify_finish(XMSS_SIGN_CTX *ctx)
 	xmss_wots_pk_to_root(ctx->xmss_sig.wots_sig, ctx->xmss_public_key.seed, adrs, root);
 
 	// wots_root (index), auth_path => xmss_root
+	/*
 	xmss_adrs_set_type(adrs, XMSS_ADRS_TYPE_HASHTREE);
 	xmss_adrs_set_padding(adrs, 0);
+	xmss_adrs_set_key_and_mask(adrs, 0);
 	for (h = 0; h < height; h++) {
 		int right_child = index & 1;
 		index >>= 1;
@@ -1376,6 +1404,8 @@ int xmss_verify_finish(XMSS_SIGN_CTX *ctx)
 			xmss_tree_hash(ctx->xmss_sig.auth_path[h], root, ctx->xmss_public_key.seed, adrs, root);
 		else	xmss_tree_hash(root, ctx->xmss_sig.auth_path[h], ctx->xmss_public_key.seed, adrs, root);
 	}
+	*/
+	xmss_build_root(root, index, ctx->xmss_public_key.seed, adrs, ctx->xmss_sig.auth_path, height, root);
 
 	if (memcmp(root, ctx->xmss_public_key.root, 32) != 0) {
 		error_print();
@@ -2330,6 +2360,7 @@ int xmssmt_sign_finish_ex(XMSSMT_SIGN_CTX *ctx, XMSSMT_SIGNATURE *sig)
 	return 1;
 }
 
+// TODO: use ctx->xmssmt_sig				
 int xmssmt_sign_finish(XMSSMT_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
 {
 	XMSSMT_SIGNATURE signature;
@@ -2345,7 +2376,7 @@ int xmssmt_sign_finish(XMSSMT_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen)
 	}
 
 	*siglen = 0;
-	if (xmssmt_signature_to_bytes(&ctx->xmssmt_sig, ctx->xmssmt_public_key.xmssmt_type, &sig, siglen) != 1) {
+	if (xmssmt_signature_to_bytes(&signature, ctx->xmssmt_public_key.xmssmt_type, &sig, siglen) != 1) {
 		error_print();
 		return -1;
 	}