mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-06 16:36:16 +08:00
Update X509_KEY API to support SM9
This commit is contained in:
Zhi Guan
@@ -266,7 +266,12 @@ typedef struct {
|
||||
LMS_SIGNATURE msg_lms_sig; // = sign(hss->lms_key[levels-1], msg)
|
||||
} HSS_SIGNATURE;
|
||||
|
||||
#define HSS_SIGNATURE_MAX_SIZE sizeof(HSS_SIGNATURE)
|
||||
// not correct
|
||||
#define HSS_SIGNATURE_MAX_SIZE ( \
|
||||
sizeof(uint32_t) + \
|
||||
(LMS_SIGNATURE_MAX_SIZE + LMS_PUBLIC_KEY_SIZE) * (HSS_MAX_LEVELS - 1) + \
|
||||
LMS_SIGNATURE_MAX_SIZE)
|
||||
|
||||
int hss_signature_size(const int *lms_types, size_t levels, size_t *len);
|
||||
int hss_signature_to_bytes(const HSS_SIGNATURE *sig, uint8_t **out, size_t *outlen);
|
||||
int hss_signature_from_bytes(HSS_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
|
||||
|
||||
@@ -142,6 +142,9 @@ PrivateKeyInfo ::= SEQUENCE {
|
||||
attributes [0] Attributes OPTIONAL }
|
||||
*/
|
||||
|
||||
#define PKCS8_ENCED_PRIVATE_KEY_INFO_ITER 65536
|
||||
//#define PKCS8_ENCED_PRIVATE_KEY_INFO_ITER 8000 // if too slow
|
||||
|
||||
int pkcs8_enced_private_key_info_to_der(
|
||||
const uint8_t *salt, size_t saltlen,
|
||||
int iter,
|
||||
|
||||
@@ -42,12 +42,14 @@ int sm9_algor_to_der(int alg, int params, uint8_t **out, size_t *outlen);
|
||||
int sm9_algor_from_der(int *alg, int *params, const uint8_t **in, size_t *inlen);
|
||||
|
||||
|
||||
#define PEM_SM9_SIGN_MASTER_KEY "ENCRYPTED SM9 SIGN MASTER KEY"
|
||||
// ENCRYPTED PRIVATE KEY => PKCS #8 PrivateKeyInfo => public key algro
|
||||
// FIXME: master public key should support public_key_info API
|
||||
#define PEM_SM9_SIGN_MASTER_KEY "ENCRYPTED PRIVATE KEY" //"ENCRYPTED SM9 SIGN MASTER KEY"
|
||||
#define PEM_SM9_SIGN_MASTER_PUBLIC_KEY "SM9 SIGN MASTER PUBLIC KEY"
|
||||
#define PEM_SM9_SIGN_PRIVATE_KEY "ENCRYPTED SM9 SIGN PRIVATE KEY"
|
||||
#define PEM_SM9_ENC_MASTER_KEY "ENCRYPTED SM9 ENC MASTER KEY"
|
||||
#define PEM_SM9_SIGN_PRIVATE_KEY "ENCRYPTED PRIVATE KEY" //"ENCRYPTED SM9 SIGN PRIVATE KEY"
|
||||
#define PEM_SM9_ENC_MASTER_KEY "ENCRYPTED PRIVATE KEY" //"ENCRYPTED SM9 ENC MASTER KEY"
|
||||
#define PEM_SM9_ENC_MASTER_PUBLIC_KEY "SM9 ENC MASTER PUBLIC KEY"
|
||||
#define PEM_SM9_ENC_PRIVATE_KEY "ENCRYPTED SM9 ENC PRIVATE KEY"
|
||||
#define PEM_SM9_ENC_PRIVATE_KEY "ENCRYPTED PRIVATE KEY" //"ENCRYPTED SM9 ENC PRIVATE KEY"
|
||||
|
||||
|
||||
#define SM9_MAX_ID_SIZE (SM2_MAX_ID_SIZE)
|
||||
@@ -87,7 +89,10 @@ int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, cons
|
||||
int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
|
||||
int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk);
|
||||
|
||||
#define SM9_SIGN_MASTER_PUBLIC_KEY_BYTES (1 + 32*4) // = 129
|
||||
#define SM9_SIGN_MASTER_PUBLIC_KEY_SIZE 136
|
||||
int sm9_sign_master_public_key_to_bytes(const SM9_SIGN_MASTER_KEY *msk, uint8_t **out, size_t *outlen);
|
||||
int sm9_sign_master_public_key_from_bytes(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, size_t *inlen);
|
||||
int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
|
||||
int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
|
||||
int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
|
||||
@@ -173,7 +178,10 @@ int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const
|
||||
int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
|
||||
int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk);
|
||||
|
||||
#define SM9_ENC_MASTER_PUBLIC_KEY_BYTES (1 + 32*2) // = 65
|
||||
#define SM9_ENC_MASTER_PUBLIC_KEY_SIZE 70
|
||||
int sm9_enc_master_public_key_to_bytes(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
|
||||
int sm9_enc_master_public_key_from_bytes(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
|
||||
int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
|
||||
int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
|
||||
int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp);
|
||||
|
||||
@@ -246,6 +246,9 @@ typedef struct {
|
||||
sphincs_hash128_t auth_path[SPHINCS_XMSS_HEIGHT];
|
||||
} SPHINCS_XMSS_SIGNATURE;
|
||||
|
||||
#define SPHINCS_XMSS_SIGNATURE_SIZE sizeof(SPHINCS_XMSS_SIGNATURE)
|
||||
|
||||
|
||||
int sphincs_xmss_signature_print_ex(FILE *fp, int fmt, int ind, const char *label, const SPHINCS_XMSS_SIGNATURE *sig);
|
||||
int sphincs_xmss_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
|
||||
int sphincs_xmss_signature_to_bytes(const SPHINCS_XMSS_SIGNATURE *sig, uint8_t **out, size_t *outlen);
|
||||
@@ -291,7 +294,7 @@ typedef struct {
|
||||
sphincs_hash128_t auth_path[SPHINCS_FORS_NUM_TREES][SPHINCS_FORS_TREE_HEIGHT];
|
||||
} SPHINCS_FORS_SIGNATURE;
|
||||
|
||||
#define SPHINCS_FORS_SIGNATURE_SIZE sizeof(SPHINCS_FORS_SIGNATURE)
|
||||
#define SPHINCS_FORS_SIGNATURE_SIZE sizeof(SPHINCS_FORS_SIGNATURE) // = 2912
|
||||
|
||||
int sphincs_fors_signature_to_bytes(const SPHINCS_FORS_SIGNATURE *sig, uint8_t **out, size_t *outlen);
|
||||
int sphincs_fors_signature_from_bytes(SPHINCS_FORS_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
|
||||
@@ -339,7 +342,7 @@ typedef struct {
|
||||
SPHINCS_XMSS_SIGNATURE xmss_sigs[SPHINCS_HYPERTREE_LAYERS];
|
||||
} SPHINCS_SIGNATURE;
|
||||
|
||||
#define SPHINCS_SIGNATURE_SIZE sizeof(SPHINCS_SIGNATURE)
|
||||
#define SPHINCS_SIGNATURE_SIZE sizeof(SPHINCS_SIGNATURE) // =7856?
|
||||
|
||||
int sphincs_signature_to_bytes(const SPHINCS_SIGNATURE *sig, uint8_t **out, size_t *outlen);
|
||||
int sphincs_signature_from_bytes(SPHINCS_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
|
||||
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <gmssl/oid.h>
|
||||
#include <gmssl/asn1.h>
|
||||
#include <gmssl/sm2.h>
|
||||
#include <gmssl/sm9.h>
|
||||
#include <gmssl/secp256r1_key.h>
|
||||
#include <gmssl/ecdsa.h>
|
||||
#include <gmssl/lms.h>
|
||||
@@ -44,6 +45,8 @@ typedef struct {
|
||||
XMSSMT_KEY xmssmt_key;
|
||||
SPHINCS_KEY sphincs_key;
|
||||
KYBER_KEY kyber_key;
|
||||
SM9_SIGN_MASTER_KEY sm9_sign_master_key; // OID_sm9,OID_sm9sign
|
||||
SM9_SIGN_KEY sm9_sign_key; // OID_sm9sign,OID_undef
|
||||
} u;
|
||||
} X509_KEY;
|
||||
|
||||
@@ -55,16 +58,18 @@ int x509_key_set_xmss_key(X509_KEY *x509_key, const XMSS_KEY *xmss_key);
|
||||
int x509_key_set_xmssmt_key(X509_KEY *x509_key, const XMSSMT_KEY *xmssmt_key);
|
||||
int x509_key_set_sphincs_key(X509_KEY *x509_key, const SPHINCS_KEY *sphincs_key);
|
||||
int x509_key_set_kyber_key(X509_KEY *x509_key, const KYBER_KEY *kyber_key);
|
||||
int x509_key_set_sm9_sign_key(X509_KEY *x509_key, const SM9_SIGN_KEY *sm9_sign_key);
|
||||
int x509_key_set_sm9_sign_master_key(X509_KEY *x509_key, const SM9_SIGN_MASTER_KEY *sm9_sign_master_key);
|
||||
|
||||
/*
|
||||
algor: algor_param:
|
||||
algor: param paramlen
|
||||
-------------------------------------------------------------------------
|
||||
OID_ec_public_key OID_sm2 or OID_secp256r1
|
||||
OID_lms_hashsig lms_type
|
||||
OID_hss_lms_hashsig x509_algor_param_from_lms_types(lms_types[])
|
||||
OID_xmsss_hashsig xmss_type
|
||||
OID_xmsssmt_hashsig xmssmt_type
|
||||
OID_sphincs_hashsig OID_undef
|
||||
OID_ec_public_key OID_sm2 or OID_secp256r1 sizeof(oid)
|
||||
OID_lms_hashsig lms_type sizeof(lms_type)
|
||||
OID_hss_lms_hashsig lms_types[] sizeof(lms_types[])
|
||||
OID_xmsss_hashsig xmss_type sizeof(xmss_type)
|
||||
OID_xmsssmt_hashsig xmssmt_type sizeof(xmssmt_type)
|
||||
OID_sphincs_hashsig NULL 0
|
||||
*/
|
||||
int x509_key_generate(X509_KEY *key, int algor, const void *param, size_t paramlen);
|
||||
void x509_key_cleanup(X509_KEY *key);
|
||||
@@ -123,21 +128,24 @@ int x509_private_key_info_from_der(X509_KEY *key, const uint8_t **attrs, size_t
|
||||
// TODO: no x509_private_key_info_print
|
||||
|
||||
// PKCS #8 EncryptedPrivateKeyInfo
|
||||
#define PKCS8_ENCED_PRIVATE_KEY_INFO_ITER 65536
|
||||
int x509_private_key_info_encrypt_to_der(const X509_KEY *x509_key, const char *pass,
|
||||
uint8_t **out, size_t *outlen);
|
||||
int x509_private_key_info_decrypt_from_der(X509_KEY *x509_key,
|
||||
const uint8_t **attrs, size_t *attrs_len,
|
||||
const char *pass, const uint8_t **in, size_t *inlen);
|
||||
// require stdio
|
||||
int x509_private_key_info_encrypt_to_pem(const X509_KEY *key, const char *pass, FILE *fp);
|
||||
int x509_private_key_info_decrypt_from_pem(X509_KEY *key, const uint8_t **attrs, size_t *attrslen, const char *pass, FILE *fp);
|
||||
int x509_private_key_from_file(X509_KEY *key, int algor, const char *pass, FILE *fp);
|
||||
|
||||
|
||||
|
||||
// SM2_SIGNATURE_MAX_SIZE = 72
|
||||
// LMS_SIGNATURE_MAX_SIZE = 1932
|
||||
// HSS_SIGNATURE_MAX_SIZE = ?
|
||||
// HSS_SIGNATURE_MAX_SIZE = 9888?
|
||||
// XMSS_SIGNATURE_MAX_SIZE = 2820
|
||||
// XMSSMT_SIGNATURE_MAX_SIZE >= 27688 ?
|
||||
// SPHINCS_SIGNATURE_SIZE = ?
|
||||
// XMSSMT_SIGNATURE_MAX_SIZE = 8356?
|
||||
// SPHINCS_SIGNATURE_SIZE = 7856?
|
||||
// ECDSA_SIGNATURE_MAX_SIZE = 72
|
||||
|
||||
typedef union {
|
||||
@@ -158,14 +166,18 @@ typedef struct {
|
||||
SM2_SIGN_CTX sm2_sign_ctx;
|
||||
SM2_VERIFY_CTX sm2_verify_ctx;
|
||||
ECDSA_SIGN_CTX ecdsa_sign_ctx;
|
||||
SM9_SIGN_CTX sm9_sign_ctx;
|
||||
LMS_SIGN_CTX lms_sign_ctx;
|
||||
HSS_SIGN_CTX hss_sign_ctx;
|
||||
XMSS_SIGN_CTX xmss_sign_ctx;
|
||||
XMSSMT_SIGN_CTX xmssmt_sign_ctx;
|
||||
SPHINCS_SIGN_CTX sphincs_sign_ctx;
|
||||
} u;
|
||||
X509_KEY key;
|
||||
const void *args;
|
||||
size_t argslen;
|
||||
int sign_algor;
|
||||
uint8_t sig[X509_SIGNATURE_MAX_SIZE];
|
||||
const uint8_t *sig;
|
||||
size_t siglen;
|
||||
size_t fixed_siglen;
|
||||
} X509_SIGN_CTX;
|
||||
@@ -184,18 +196,14 @@ typedef struct {
|
||||
int x509_key_get_sign_algor(const X509_KEY *key, int *algor);
|
||||
int x509_key_get_signature_size(const X509_KEY *key, size_t *siglen);
|
||||
|
||||
// args, argslen:
|
||||
// sm2 SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH
|
||||
// TLS13_SM2_ID, TLS13_SM2_ID_LENGTH
|
||||
// sphincs optiona_random, 16
|
||||
|
||||
|
||||
/*
|
||||
x509_sign_init argumetns
|
||||
x509_sign_init
|
||||
|
||||
x509_key->algor:algor_param ctx->sign_algor args argslen
|
||||
------------------------------------------------------------------------------------------------
|
||||
OID_ec_public_key:OID_sm2 OID_sm2sign_with_sm3 char *id idlen
|
||||
SM2_DEFAULT_ID[_LENGTH]
|
||||
TLS13_SM2_ID[_LENGTH] for TLS1.3
|
||||
NULL 0 use SM2_DEFAULT_ID
|
||||
OID_ec_public_key:OID_secp256r1 OID_ecdsa_with_sha256 NULL 0
|
||||
OID_lms_hashsig:OID_undef OID_lms_hashsig NULL 0
|
||||
@@ -227,11 +235,6 @@ int x509_key_encapsulate(const X509_KEY *key, uint8_t *ciphertext, size_t *ciphe
|
||||
int x509_key_decapsulate(const X509_KEY *key, const uint8_t *ciphertext, size_t ciphertext_len, uint8_t secret[32]);
|
||||
|
||||
|
||||
// require stdio
|
||||
int x509_private_key_info_encrypt_to_pem(const X509_KEY *key, const char *pass, FILE *fp);
|
||||
int x509_private_key_info_decrypt_from_pem(X509_KEY *key, const uint8_t **attrs, size_t *attrslen, const char *pass, FILE *fp);
|
||||
int x509_private_key_from_file(X509_KEY *key, int algor, const char *pass, FILE *fp);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user