Update Public API

2026-05-07 08:56:17 +08:00 · 2022-05-23 09:42:08 +08:00
parent 252839e196
commit d7a96e3ba1
25 changed files with 1361 additions and 856 deletions
--- a/include/gmssl/base64.h
+++ b/include/gmssl/base64.h
@@ -57,6 +57,20 @@
 extern "C" {
 #endif

+/*
+BASE64 Public API
+
+	BASE64_CTX
+	base64_encode_init
+	base64_encode_update
+	base64_encode_finish
+	base64_decode_init
+	base64_decode_update
+	base64_decode_finish
+
+*/
+
+
 typedef struct {
    /* number saved in a partial encode/decode */
    int num;
--- a/include/gmssl/rand.h
+++ b/include/gmssl/rand.h
@@ -57,6 +57,12 @@
 extern "C" {
 #endif

+/*
+Rand Public API
+
+	rand_bytes
+
+*/

 int rand_bytes(uint8_t *buf, size_t buflen);

--- a/include/gmssl/sdf.h
+++ b/include/gmssl/sdf.h
@@ -58,6 +58,23 @@
 extern "C" {
 #endif

+/*
+SDF Public API
+
+	sdf_load_library
+	sdf_unload_library
+
+	SDF_DEVICE
+	sdf_open_device
+	sdf_close_device
+	sdf_print_device_info
+	sdf_rand_bytes
+	sdf_load_sign_key
+
+	SDF_KEY
+	sdf_sign
+	sdf_release_key
+*/

 typedef struct {
 	void *handle;
--- a/include/gmssl/skf.h
+++ b/include/gmssl/skf.h
@@ -60,6 +60,42 @@ extern "C" {
 #endif


+/*
+SKF Public API
+
+	skf_load_library
+	skf_unload_library
+	skf_list_devices
+	skf_print_device_info
+
+	SKF_DEVICE
+	skf_open_device
+	skf_close_deivce
+	skf_set_label
+	skf_change_authkey
+	skf_list_apps
+	skf_create_app
+	skf_delete_app
+	skf_change_app_admin_pin
+	skf_change_app_user_pin
+	skf_unblock_user_pin
+	skf_list_objects
+	skf_import_object
+	skf_export_object
+	skf_delete_object
+	skf_list_containers
+	skf_create_container
+	skf_delete_container
+	skf_import_sign_cert
+	skf_export_sign_cert
+	skf_rand_bytes
+	skf_load_sign_key
+
+	SKF_KEY
+	skf_sign
+	skf_release_key
+*/
+
 typedef struct {
 	void *handle;
 	char manufacturer[65];
--- a/include/gmssl/sm2.h
+++ b/include/gmssl/sm2.h
@@ -60,7 +60,40 @@ extern "C" {
 #endif


-// 比较重要的是哪些是公开接口，公开接口应该做完整的参数检查
+/*
+SM2 Public API
+
+	SM2_DEFAULT_ID
+	SM2_MAX_ID_LENGTH
+	SM2_MAX_SIGNATURE_SIZE
+	SM2_MAX_PLAINTEXT_SIZE
+	SM2_MAX_CIPHERTEXT_SIZE
+
+	SM2_KEY
+	sm2_key_generate
+	sm2_private_key_info_encrypt_to_der
+	sm2_private_key_info_decrypt_from_der
+	sm2_private_key_info_encrypt_to_pem
+	sm2_private_key_info_decrypt_from_pem
+	sm2_public_key_info_to_der
+	sm2_public_key_info_from_der
+	sm2_public_key_info_to_pem
+	sm2_public_key_info_from_pem
+
+	sm2_sign
+	sm2_verify
+	sm2_encrypt
+	sm2_decrypt
+	sm2_ecdh
+
+	SM2_SIGN_CTX
+	sm2_sign_init
+	sm2_sign_update
+	sm2_sign_finish
+	sm2_verify_init
+	sm2_verify_update
+	sm2_verify_finish
+*/

 typedef uint64_t SM2_BN[8];

@@ -212,6 +245,7 @@ typedef struct {
 	uint8_t private_key[32];
 } SM2_KEY;

+
 int sm2_key_generate(SM2_KEY *key);
 int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // 自动生成公钥
 int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // 自动清空私钥，不要和set_private_key同时用
--- a/include/gmssl/sm3.h
+++ b/include/gmssl/sm3.h
@@ -56,6 +56,25 @@
 extern "C" {
 #endif

+/*
+SM3 Public API
+
+	SM3_DIGEST_SIZE
+	SM3_HMAC_SIZE
+
+	SM3_CTX
+	sm3_init
+	sm3_update
+	sm3_finish
+
+	SM3_HMAC_CTX
+	sm3_hmac_init
+	sm3_hmac_update
+	sm3_hmac_finish
+
+	sm3_digest
+	sm3_hmac
+*/

 #define SM3_IS_BIG_ENDIAN	1

--- a/include/gmssl/sm4.h
+++ b/include/gmssl/sm4.h
@@ -57,6 +57,29 @@ extern "C" {
 #endif


+/*
+SM4 Public API
+
+	SM4_KEY_SIZE
+	SM4_BLOCK_SIZE
+
+	SM4_CBC_CTX
+	sm4_cbc_encrypt_init
+	sm4_cbc_encrypt_update
+	sm4_cbc_encrypt_finish
+	sm4_cbc_decrypt_init
+	sm4_cbc_decrypt_update
+	sm4_cbc_decrypt_finish
+
+	SM4_CTR_CTX
+	sm4_ctr_encrypt_init
+	sm4_ctr_encrypt_update
+	sm4_ctr_encrypt_finish
+	sm4_ctr_decrypt_init
+	sm4_ctr_decrypt_update
+	sm4_ctr_decrypt_finish
+*/
+
 #define SM4_KEY_SIZE		(16)
 #define SM4_BLOCK_SIZE		(16)
 #define SM4_NUM_ROUNDS		(32)
@@ -106,8 +129,6 @@ int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen,
 	const uint8_t *tag, size_t taglen, uint8_t *out);


-// Public API
-
 typedef struct {
 	SM4_KEY sm4_key;
 	uint8_t iv[SM4_BLOCK_SIZE];
@@ -115,11 +136,11 @@ typedef struct {
 	size_t block_nbytes;
 } SM4_CBC_CTX;

-int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
+int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
 int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);

-int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
+int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]);
 int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen);

@@ -131,7 +152,7 @@ typedef struct {
 	size_t block_nbytes;
 } SM4_CTR_CTX;

-int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_BLOCK_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
+int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]);
 int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
 int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen);

--- a/include/gmssl/sm9.h
+++ b/include/gmssl/sm9.h
@@ -51,6 +51,7 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <gmssl/sm3.h>
+#include <gmssl/sm2.h>


 #ifndef GMSSL_SM9_H
@@ -60,99 +61,171 @@
 extern "C" {
 #endif

+/*
+SM9 Public API
+
+	SM9_SIGNATURE_SIZE
+	SM9_MAX_PLAINTEXT_SIZE
+	SM9_MAX_CIPHERTEXT_SIZE
+
+	SM9_SIGN_MASTER_KEY
+	sm9_sign_master_key_generate
+	sm9_sign_master_key_extract_key
+	sm9_sign_master_key_info_encrypt_to_der
+	sm9_sign_master_key_info_decrypt_from_der
+	sm9_sign_master_key_info_encrypt_to_pem
+	sm9_sign_master_key_info_decrypt_from_pem
+	sm9_sign_master_public_key_to_der
+	sm9_sign_master_public_key_from_der
+	sm9_sign_master_public_key_to_pem
+	sm9_sign_master_public_key_from_pem
+
+	SM9_SIGN_KEY
+	sm9_sign_key_info_encrypt_to_der
+	sm9_sign_key_info_decrypt_from_der
+	sm9_sign_key_info_encrypt_to_pem
+	sm9_sign_key_info_decrypt_from_pem
+
+	SM9_SIGN_CTX
+	sm9_sign_init
+	sm9_sign_update
+	sm9_sign_finish
+	sm9_verify_init
+	sm9_verify_update
+	sm9_verify_finish
+
+	SM9_ENC_MASTER_KEY
+	sm9_enc_master_key_generate
+	sm9_enc_master_key_extract_key
+	sm9_enc_master_key_info_encrypt_to_der
+	sm9_enc_master_key_info_decrypt_from_der
+	sm9_enc_master_key_info_encrypt_to_pem
+	sm9_enc_master_key_info_decrypt_from_pem
+	sm9_enc_master_public_key_to_der
+	sm9_enc_master_public_key_from_der
+	sm9_enc_master_public_key_to_pem
+	sm9_enc_master_public_key_from_pem
+
+	SM9_ENC_KEY
+	sm9_enc_key_info_encrypt_to_der
+	sm9_enc_key_info_decrypt_from_der
+	sm9_enc_key_info_encrypt_to_pem
+	sm9_enc_key_info_decrypt_from_pem
+
+	sm9_encrypt
+	sm9_decrypt
+*/
+
+#define SM9_HEX_SEP '\n'
+
 typedef uint64_t sm9_bn_t[8];
-typedef sm9_bn_t sm9_fp_t;
-typedef sm9_bn_t sm9_fn_t;
-typedef uint64_t sm9_barrett_bn_t[9];
-typedef sm9_fp_t sm9_fp2_t[2];
-typedef sm9_fp2_t sm9_fp4_t[2];
-typedef sm9_fp4_t sm9_fp12_t[3];
-
-typedef struct {
-	sm9_fp_t X;
-	sm9_fp_t Y;
-	sm9_fp_t Z;
-} sm9_point_t;
-
-typedef struct {
-	sm9_fp2_t X;
-	sm9_fp2_t Y;
-	sm9_fp2_t Z;
-} sm9_twist_point_t;
-
-
-// FIXME: 公开的参数值应该是序列化之后的
+extern const sm9_bn_t SM9_ZERO;
+extern const sm9_bn_t SM9_ONE;
 extern const sm9_bn_t SM9_P;
 extern const sm9_bn_t SM9_N;
-extern const sm9_point_t *SM9_P1;
-extern const sm9_twist_point_t *SM9_P2;
-extern const sm9_twist_point_t *SM9_Ppubs;

+#define sm9_bn_init(r)		sm9_bn_set_zero(r)
+#define sm9_bn_clean(r)		sm9_bn_set_zero(r)
+#define sm9_bn_set_zero(r)	sm9_bn_copy((r), SM9_ZERO)
+#define sm9_bn_set_one(r)	sm9_bn_copy((r), SM9_ONE)
+#define sm9_bn_is_zero(a)	(sm9_bn_cmp((a), SM9_ZERO) == 0)
+#define sm9_bn_is_one(a)	(sm9_bn_cmp((a), SM9_ONE) == 0)

-#define sm9_bn_init(r)		memset((r),0,sizeof(sm9_bn_t))
-#define sm9_bn_clean(r)		memset((r),0,sizeof(sm9_bn_t))
-#define sm9_bn_set_zero(r)	memset((r),0,sizeof(sm9_bn_t))
-#define sm9_bn_set_one(r)	memcpy((r),&SM9_ONE,sizeof(sm9_bn_t))
-#define sm9_bn_copy(r,a)	memcpy((r),(a),sizeof(sm9_bn_t))
-#define sm9_bn_is_zero(a)	(memcmp((a),&SM9_ZERO, sizeof(sm9_bn_t)) == 0)
-#define sm9_bn_is_one(a)	(memcmp((a),&SM9_ONE, sizeof(sm9_bn_t)) == 0)
-
-void sm9_bn_to_bytes(const sm9_bn_t a, uint8_t out[32]);
-void sm9_bn_from_bytes(sm9_bn_t r, const uint8_t in[32]);
-int sm9_bn_from_hex(sm9_bn_t r, const char hex[65]);
-void sm9_bn_to_hex(const sm9_bn_t a, char hex[65]);
-void sm9_print_bn(const char *prefix, const sm9_bn_t a);
-void sm9_bn_to_bits(const sm9_bn_t a, char bits[256]);
-
-int sm9_bn_cmp(const sm9_bn_t a, const sm9_bn_t b);
-int sm9_bn_equ_hex(const sm9_bn_t a, const char *hex);
 void sm9_bn_set_word(sm9_bn_t r, uint32_t a);
+void sm9_bn_copy(sm9_bn_t r, const sm9_bn_t a);
+int  sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range);
+int  sm9_bn_equ(const sm9_bn_t a, const sm9_bn_t b);
+int  sm9_bn_cmp(const sm9_bn_t a, const sm9_bn_t b);
 void sm9_bn_add(sm9_bn_t r, const sm9_bn_t a, const sm9_bn_t b);
 void sm9_bn_sub(sm9_bn_t ret, const sm9_bn_t a, const sm9_bn_t b);
-void sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range);
+void sm9_bn_to_bits(const sm9_bn_t a, char bits[256]);
+void sm9_bn_to_bytes(const sm9_bn_t a, uint8_t out[32]);
+void sm9_bn_from_bytes(sm9_bn_t r, const uint8_t in[32]);
+void sm9_bn_to_hex(const sm9_bn_t a, char hex[64]);
+int  sm9_bn_from_hex(sm9_bn_t r, const char hex[64]);
+int  sm9_bn_print(FILE *fp, int fmt, int ind, const char *label, const sm9_bn_t a);
+void sm9_print_bn(const char *prefix, const sm9_bn_t a); // 标准打印格式

-#define sm9_fp_init(a)		sm9_bn_init(a)
-#define sm9_fp_clean(a)		sm9_bn_clean(a)
+
+typedef sm9_bn_t sm9_fp_t;
+
+#define sm9_fp_init(r)		sm9_fp_set_zero(r)
+#define sm9_fp_clean(f)		sm9_fp_set_zero(r)
+#define sm9_fp_set_zero(r)	sm9_bn_set_zero(r)
+#define sm9_fp_set_one(r)	sm9_bn_set_one(r)
+#define sm9_fp_copy(r,a)	sm9_bn_copy((r),(a))
+#define sm9_fp_rand(r)		sm9_bn_rand_range((r), SM9_P)
 #define sm9_fp_is_zero(a)	sm9_bn_is_zero(a)
 #define sm9_fp_is_one(a)	sm9_bn_is_one(a)
-#define sm9_fp_set_zero(a)	sm9_bn_set_zero(a)
-#define sm9_fp_set_one(a)	sm9_bn_set_one(a)
-#define sm9_fp_from_hex(a,s) 	sm9_bn_from_hex((a),(s))
+#define sm9_fp_equ(a,b)		sm9_bn_equ((a),(b))
+#define sm9_fp_to_bytes(a,buf)	sm9_bn_to_bytes((a),(buf))
 #define sm9_fp_to_hex(a,s)	sm9_bn_to_hex((a),(s))
-#define sm9_fp_copy(r,a)	sm9_bn_copy((r),(a))
+#define sm9_fp_print(fp,fmt,ind,label,a) sm9_bn_print(fp,fmt,ind,label,a)

-int sm9_fp_equ(const sm9_fp_t a, const sm9_fp_t b);
 void sm9_fp_add(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b);
 void sm9_fp_sub(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b);
 void sm9_fp_dbl(sm9_fp_t r, const sm9_fp_t a);
 void sm9_fp_tri(sm9_fp_t r, const sm9_fp_t a);
-void sm9_fp_div2(sm9_fp_t r, const sm9_fp_t a);
 void sm9_fp_neg(sm9_fp_t r, const sm9_fp_t a);
 void sm9_fp_mul(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b);
 void sm9_fp_sqr(sm9_fp_t r, const sm9_fp_t a);
 void sm9_fp_pow(sm9_fp_t r, const sm9_fp_t a, const sm9_bn_t e);
 void sm9_fp_inv(sm9_fp_t r, const sm9_fp_t a);
+void sm9_fp_div2(sm9_fp_t r, const sm9_fp_t a);
+int sm9_fp_from_bytes(sm9_fp_t r, const uint8_t buf[32]);
+int sm9_fp_from_hex(sm9_fp_t r, const char hex[64]);

-int sm9_barrett_bn_cmp(const sm9_barrett_bn_t a, const sm9_barrett_bn_t b);
+
+typedef sm9_bn_t sm9_fn_t;
+
+#define sm9_fn_init(r)		sm9_fn_set_zero(r)
+#define sm9_fn_clean(f)		sm9_fn_set_zero(r)
+#define sm9_fn_set_zero(r)	sm9_bn_set_zero(r)
+#define sm9_fn_set_one(r)	sm9_bn_set_one(r)
+#define sm9_fn_copy(r,a)	sm9_bn_copy((r),(a))
+#define sm9_fn_rand(r)		sm9_bn_rand_range((r), SM9_N)
+#define sm9_fn_is_zero(a)	sm9_bn_is_zero(a)
+#define sm9_fn_is_one(a)	sm9_bn_is_one(a)
+#define sm9_fn_equ(a,b)		sm9_bn_equ((a),(b))
+#define sm9_fn_to_bytes(a,out)	sm9_bn_to_bytes((a),(out))
+#define sm9_fn_to_hex(a,s)	sm9_bn_to_hex((a),(s))
+#define sm9_fn_print(fp,fmt,ind,label,a) sm9_bn_print(fp,fmt,ind,label,a)
+
+void sm9_fn_add(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b);
+void sm9_fn_sub(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b);
+void sm9_fn_mul(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b);
+void sm9_fn_pow(sm9_fn_t r, const sm9_fn_t a, const sm9_bn_t e);
+void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a);
+void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]);
+int  sm9_fn_from_bytes(sm9_fn_t a, const uint8_t in[32]);
+int  sm9_fn_from_hex(sm9_fn_t r, const char hex[64]);
+
+
+typedef uint64_t sm9_barrett_bn_t[9];
+
+int  sm9_barrett_bn_cmp(const sm9_barrett_bn_t a, const sm9_barrett_bn_t b);
 void sm9_barrett_bn_add(sm9_barrett_bn_t r, const sm9_barrett_bn_t a, const sm9_barrett_bn_t b);
 void sm9_barrett_bn_sub(sm9_barrett_bn_t ret, const sm9_barrett_bn_t a, const sm9_barrett_bn_t b);

-#define sm9_fp2_init(a)		memset((a), 0, sizeof(sm9_fp2_t))
-#define sm9_fp2_clean(a)	memset((a), 0, sizeof(sm9_fp2_t))
-#define sm9_fp2_is_zero(a)	(memcmp((a), &SM9_FP2_ZERO, sizeof(sm9_fp2_t)) == 0)
-#define sm9_fp2_is_one(a)	(memcmp((a), &SM9_FP2_ONE, sizeof(sm9_fp2_t)) == 0)
-#define sm9_fp2_copy(r,a)	memcpy((r), (a), sizeof(sm9_fp2_t))
-#define sm9_fp2_equ(a,b)	(memcmp((a),(b),sizeof(sm9_fp2_t)) == 0)

-void sm9_fp2_from_hex(sm9_fp2_t r, const char hex[65 * 2]);
-void sm9_fp2_to_hex(const sm9_fp2_t a, char hex[65 * 2]);
-void sm9_fp2_print(const char *prefix, const sm9_fp2_t a);
-#define sm9_fp2_set_zero(a)	memset((a), 0, sizeof(sm9_fp2_t))
-#define sm9_fp2_set_one(a)	memcpy((a), &SM9_FP2_ONE, sizeof(sm9_fp2_t))
+typedef sm9_fp_t sm9_fp2_t[2];
+extern const sm9_fp2_t SM9_FP2_ZERO;
+extern const sm9_fp2_t SM9_FP2_ONE;
+extern const sm9_fp2_t SM9_FP2_U;
+
+#define sm9_fp2_init(a)		sm9_fp2_set_zero(a)
+#define sm9_fp2_clean(a)	sm9_fp2_set_zero(a)
+#define sm9_fp2_set_zero(a)	sm9_fp2_copy((a), SM9_FP2_ZERO)
+#define sm9_fp2_set_one(a)	sm9_fp2_copy((a), SM9_FP2_ONE)
+#define sm9_fp2_set_u(a)	sm9_fp2_copy((a), SM9_FP2_U)
+#define sm9_fp2_is_zero(a)	sm9_fp2_equ((a), SM9_FP2_ZERO)
+#define sm9_fp2_is_one(a)	sm9_fp2_equ((a), SM9_FP2_ONE)
+
 void sm9_fp2_set_fp(sm9_fp2_t r, const sm9_fp_t a);
-#define sm9_fp2_set_u(a)	memcpy((a), &SM9_FP2_U, sizeof(sm9_fp2_t))
 void sm9_fp2_set(sm9_fp2_t r, const sm9_fp_t a0, const sm9_fp_t a1);
-
+void sm9_fp2_copy(sm9_fp2_t r, const sm9_fp2_t a);
+int  sm9_fp2_rand(sm9_fp2_t r);
+int  sm9_fp2_equ(const sm9_fp2_t a, const sm9_fp2_t b);
 void sm9_fp2_add(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b);
 void sm9_fp2_dbl(sm9_fp2_t r, const sm9_fp2_t a);
 void sm9_fp2_tri(sm9_fp2_t r, const sm9_fp2_t a);
@@ -166,24 +239,32 @@ void sm9_fp2_sqr_u(sm9_fp2_t r, const sm9_fp2_t a);
 void sm9_fp2_inv(sm9_fp2_t r, const sm9_fp2_t a);
 void sm9_fp2_div(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b);
 void sm9_fp2_div2(sm9_fp2_t r, const sm9_fp2_t a);
+void sm9_fp2_to_hex(const sm9_fp2_t a, char hex[129]);
+int  sm9_fp2_from_hex(sm9_fp2_t r, const char hex[129]);
+int  sm9_fp2_print(FILE *fp, int fmt, int ind, const char *label, const sm9_fp2_t a);

-#define sm9_fp4_init(r)	memcpy((r), &SM9_FP4_ZERO, sizeof(sm9_fp4_t))
-#define sm9_fp4_clean(r)	memcpy((r), &SM9_FP4_ZERO, sizeof(sm9_fp4_t))
-#define sm9_fp4_set_zero(r)	memcpy((r), &SM9_FP4_ZERO, sizeof(sm9_fp4_t))
-#define sm9_fp4_set_one(r)	memcpy((r), &SM9_FP4_ONE, sizeof(sm9_fp4_t))
-#define sm9_fp4_is_zero(a)	(memcmp((a), &SM9_FP4_ZERO, sizeof(sm9_fp4_t)) == 0)
-#define sm9_fp4_is_one(a)	(memcmp((a), &SM9_FP4_ONE, sizeof(sm9_fp4_t)) == 0)
-#define sm9_fp4_equ(a,b)	(memcmp((a), (b), sizeof(sm9_fp4_t)) == 0)
-#define sm9_fp4_copy(r,a)	memcpy((r), (a), sizeof(sm9_fp4_t))

-void sm9_fp4_from_hex(sm9_fp4_t r, const char hex[65 * 4]);
-void sm9_fp4_to_hex(const sm9_fp4_t a, char hex[65 * 4]);
+typedef sm9_fp2_t sm9_fp4_t[2];
+extern const sm9_fp4_t SM9_FP4_ZERO;
+extern const sm9_fp4_t SM9_FP4_ONE;
+extern const sm9_fp4_t SM9_FP4_U;
+extern const sm9_fp4_t SM9_FP4_V;
+
+#define sm9_fp4_init(a)		sm9_fp4_set_zero(a)
+#define sm9_fp4_clean(a)	sm9_fp4_set_zero(a)
+#define sm9_fp4_set_zero(a)	sm9_fp4_copy((a), SM9_FP4_ZERO)
+#define sm9_fp4_set_one(a)	sm9_fp4_copy((a), SM9_FP4_ONE)
+#define sm9_fp4_is_zero(a)	sm9_fp4_equ((a), SM9_FP4_ZERO)
+#define sm9_fp4_is_one(a)	sm9_fp4_equ((a), SM9_FP4_ONE)
+
+void sm9_fp4_set_u(sm9_fp4_t r);
+void sm9_fp4_set_v(sm9_fp4_t r);
 void sm9_fp4_set_fp(sm9_fp4_t r, const sm9_fp_t a);
 void sm9_fp4_set_fp2(sm9_fp4_t r, const sm9_fp2_t a);
 void sm9_fp4_set(sm9_fp4_t r, const sm9_fp2_t a0, const sm9_fp2_t a1);
-void sm9_fp4_set_u(sm9_fp4_t r);
-void sm9_fp4_set_v(sm9_fp4_t r);
-
+void sm9_fp4_copy(sm9_fp4_t r, const sm9_fp4_t a);
+int  sm9_fp4_rand(sm9_fp4_t r);
+int  sm9_fp4_equ(const sm9_fp4_t a, const sm9_fp4_t b);
 void sm9_fp4_add(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b);
 void sm9_fp4_dbl(sm9_fp4_t r, const sm9_fp4_t a);
 void sm9_fp4_sub(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b);
@@ -195,28 +276,32 @@ void sm9_fp4_mul_v(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b);
 void sm9_fp4_sqr(sm9_fp4_t r, const sm9_fp4_t a);
 void sm9_fp4_sqr_v(sm9_fp4_t r, const sm9_fp4_t a);
 void sm9_fp4_inv(sm9_fp4_t r, const sm9_fp4_t a);
+void sm9_fp4_to_bytes(const sm9_fp4_t a, uint8_t buf[128]);
+int  sm9_fp4_from_bytes(sm9_fp4_t r, const uint8_t buf[128]);
+void sm9_fp4_to_hex(const sm9_fp4_t a, char hex[259]);
+int  sm9_fp4_from_hex(sm9_fp4_t r, const char hex[259]);

-#define sm9_fp12_init(r)	memset((r), 0, sizeof(sm9_fp12_t))
-#define sm9_fp12_clean(r)	memset((r), 0, sizeof(sm9_fp12_t))
-#define sm9_fp12_set_zero(r)	memset((r), 0, sizeof(sm9_fp12_t))
-#define sm9_fp12_copy(r, a)	memcpy((r), (a), sizeof(sm9_fp12_t))

+typedef sm9_fp4_t sm9_fp12_t[3];
+
+#define sm9_fp12_init(r)	sm9_fp12_set_zero(a)
+#define sm9_fp12_clean(r)	sm9_fp12_set_zero(a)
+
+void sm9_fp12_set_zero(sm9_fp12_t r);
 void sm9_fp12_set_one(sm9_fp12_t r);
-int sm9_fp12_is_one(const sm9_fp12_t a);
-int sm9_fp12_is_zero(const sm9_fp12_t a);
-void sm9_fp12_from_hex(sm9_fp12_t r, const char hex[65 * 12]);
-void sm9_fp12_to_hex(const sm9_fp12_t a, char hex[65 * 12]);
-void sm9_fp12_print(const char *prefix, const sm9_fp12_t a);
-void sm9_fp12_set(sm9_fp12_t r, const sm9_fp4_t a0, const sm9_fp4_t a1, const sm9_fp4_t a2);
-void sm9_fp12_set_fp(sm9_fp12_t r, const sm9_fp_t a);
-void sm9_fp12_set_fp2(sm9_fp12_t r, const sm9_fp2_t a);
-void sm9_fp12_set_fp4(sm9_fp12_t r, const sm9_fp4_t a);
 void sm9_fp12_set_u(sm9_fp12_t r);
 void sm9_fp12_set_v(sm9_fp12_t r);
 void sm9_fp12_set_w(sm9_fp12_t r);
 void sm9_fp12_set_w_sqr(sm9_fp12_t r);
-
-int sm9_fp12_equ(const sm9_fp12_t a, const sm9_fp12_t b);
+void sm9_fp12_set_fp(sm9_fp12_t r, const sm9_fp_t a);
+void sm9_fp12_set_fp2(sm9_fp12_t r, const sm9_fp2_t a);
+void sm9_fp12_set_fp4(sm9_fp12_t r, const sm9_fp4_t a);
+void sm9_fp12_set(sm9_fp12_t r, const sm9_fp4_t a0, const sm9_fp4_t a1, const sm9_fp4_t a2);
+void sm9_fp12_copy(sm9_fp12_t r, const sm9_fp12_t a);
+int  sm9_fp12_rand(sm9_fp12_t r);
+int  sm9_fp12_is_one(const sm9_fp12_t a);
+int  sm9_fp12_is_zero(const sm9_fp12_t a);
+int  sm9_fp12_equ(const sm9_fp12_t a, const sm9_fp12_t b);
 void sm9_fp12_add(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b);
 void sm9_fp12_dbl(sm9_fp12_t r, const sm9_fp12_t a);
 void sm9_fp12_tri(sm9_fp12_t r, const sm9_fp12_t a);
@@ -226,6 +311,12 @@ void sm9_fp12_mul(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b);
 void sm9_fp12_sqr(sm9_fp12_t r, const sm9_fp12_t a);
 void sm9_fp12_inv(sm9_fp12_t r, const sm9_fp12_t a);
 void sm9_fp12_pow(sm9_fp12_t r, const sm9_fp12_t a, const sm9_bn_t k);
+void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]);
+int  sm9_fp12_from_bytes(sm9_fp12_t r, const uint8_t in[32 * 12]);
+void sm9_fp12_to_hex(const sm9_fp12_t a, char hex[65 * 12]);
+int  sm9_fp12_from_hex(sm9_fp12_t r, const char hex[65 * 12]); // 这个明显是不对的
+void sm9_fp12_print(const char *prefix, const sm9_fp12_t a);
+

 void sm9_fp2_conjugate(sm9_fp2_t r, const sm9_fp2_t a);
 void sm9_fp2_frobenius(sm9_fp2_t r, const sm9_fp2_t a);
@@ -238,51 +329,76 @@ void sm9_fp12_frobenius2(sm9_fp12_t r, const sm9_fp12_t x);
 void sm9_fp12_frobenius3(sm9_fp12_t r, const sm9_fp12_t x);
 void sm9_fp12_frobenius6(sm9_fp12_t r, const sm9_fp12_t x);

-void sm9_point_init(sm9_point_t *R);
-void sm9_point_from_hex(sm9_point_t *R, const char hex[65 * 2]);
-#define sm9_point_copy(R, P)	memcpy((R), (P), sizeof(sm9_point_t))
-int sm9_point_is_at_infinity(const sm9_point_t *P);
-void sm9_point_set_infinity(sm9_point_t *R);
-void sm9_point_get_xy(const sm9_point_t *P, sm9_fp_t x, sm9_fp_t y);

-int sm9_point_equ(const sm9_point_t *P, const sm9_point_t *Q);
-int sm9_point_is_on_curve(const sm9_point_t *P);
-void sm9_point_dbl(sm9_point_t *R, const sm9_point_t *P);
-void sm9_point_add(sm9_point_t *R, const sm9_point_t *P, const sm9_point_t *Q);
-void sm9_point_neg(sm9_point_t *R, const sm9_point_t *P);
-void sm9_point_sub(sm9_point_t *R, const sm9_point_t *P, const sm9_point_t *Q);
-void sm9_point_mul(sm9_point_t *R, const sm9_bn_t k, const sm9_point_t *P);
-void sm9_point_mul_generator(sm9_point_t *R, const sm9_bn_t k);
+typedef struct {
+	sm9_fp_t X;
+	sm9_fp_t Y;
+	sm9_fp_t Z;
+} SM9_POINT;
+extern const SM9_POINT *SM9_P1;

-void sm9_twist_point_from_hex(sm9_twist_point_t *R, const char hex[65 * 4]);
-#define sm9_twist_point_copy(R, P)	memcpy((R), (P), sizeof(sm9_twist_point_t))
-int sm9_twist_point_is_at_infinity(const sm9_twist_point_t *P);
-void sm9_twist_point_set_infinity(sm9_twist_point_t *R);
-void sm9_twist_point_get_xy(const sm9_twist_point_t *P, sm9_fp2_t x, sm9_fp2_t y);
+#define sm9_point_init(R)	sm9_point_set_infinity(R)
+#define sm9_point_clean(R)	sm9_point_set_infinity(R)

-int sm9_twist_point_equ(const sm9_twist_point_t *P, const sm9_twist_point_t *Q);
-int sm9_twist_point_is_on_curve(const sm9_twist_point_t *P);
-void sm9_twist_point_neg(sm9_twist_point_t *R, const sm9_twist_point_t *P);
-void sm9_twist_point_dbl(sm9_twist_point_t *R, const sm9_twist_point_t *P);
-void sm9_twist_point_add(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q);
-void sm9_twist_point_sub(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q);
-void sm9_twist_point_add_full(sm9_twist_point_t *R, const sm9_twist_point_t *P, const sm9_twist_point_t *Q);
-void sm9_twist_point_mul(sm9_twist_point_t *R, const sm9_bn_t k, const sm9_twist_point_t *P);
-void sm9_twist_point_mul_generator(sm9_twist_point_t *R, const sm9_bn_t k);
+void sm9_point_set_infinity(SM9_POINT *R);
+void sm9_point_copy(SM9_POINT *R, const SM9_POINT *P);
+void sm9_point_get_xy(const SM9_POINT *P, sm9_fp_t x, sm9_fp_t y);
+int  sm9_point_is_at_infinity(const SM9_POINT *P);
+int  sm9_point_equ(const SM9_POINT *P, const SM9_POINT *Q);
+int  sm9_point_is_on_curve(const SM9_POINT *P);
+void sm9_point_dbl(SM9_POINT *R, const SM9_POINT *P);
+void sm9_point_add(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q);
+void sm9_point_neg(SM9_POINT *R, const SM9_POINT *P);
+void sm9_point_sub(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q);
+void sm9_point_mul(SM9_POINT *R, const sm9_bn_t k, const SM9_POINT *P);
+void sm9_point_mul_generator(SM9_POINT *R, const sm9_bn_t k);
+void sm9_point_from_hex(SM9_POINT *R, const char hex[65 * 2]);		
+int sm9_point_to_uncompressed_octets(const SM9_POINT *P, uint8_t octets[65]);
+int sm9_point_from_uncompressed_octets(SM9_POINT *P, const uint8_t octets[65]);
+int sm9_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_POINT *P);

-void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const sm9_twist_point_t *P, const sm9_point_t *Q);
-void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const sm9_twist_point_t *T, const sm9_twist_point_t *P, const sm9_point_t *Q);

-void sm9_twist_point_pi1(sm9_twist_point_t *R, const sm9_twist_point_t *P);
-void sm9_twist_point_pi2(sm9_twist_point_t *R, const sm9_twist_point_t *P);
-void sm9_twist_point_neg_pi2(sm9_twist_point_t *R, const sm9_twist_point_t *P);
+typedef struct {
+	sm9_fp2_t X;
+	sm9_fp2_t Y;
+	sm9_fp2_t Z;
+} SM9_TWIST_POINT;

+extern const SM9_TWIST_POINT *SM9_P2;
+extern const SM9_TWIST_POINT *SM9_Ppubs;
+
+#define sm9_twist_point_copy(R, P)	memcpy((R), (P), sizeof(SM9_TWIST_POINT))
+
+int sm9_twist_point_to_uncompressed_octets(const SM9_TWIST_POINT *P, uint8_t octets[129]);
+int sm9_twist_point_from_uncompressed_octets(SM9_TWIST_POINT *P, const uint8_t octets[129]);
+
+
+void sm9_twist_point_from_hex(SM9_TWIST_POINT *R, const char hex[65 * 4]);
+int  sm9_twist_point_is_at_infinity(const SM9_TWIST_POINT *P);
+void sm9_twist_point_set_infinity(SM9_TWIST_POINT *R);
+void sm9_twist_point_get_xy(const SM9_TWIST_POINT *P, sm9_fp2_t x, sm9_fp2_t y);
+
+int  sm9_twist_point_equ(const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q);
+int  sm9_twist_point_is_on_curve(const SM9_TWIST_POINT *P);
+void sm9_twist_point_neg(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P);
+void sm9_twist_point_dbl(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P);
+void sm9_twist_point_add(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q);
+void sm9_twist_point_sub(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q);
+void sm9_twist_point_add_full(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q);
+void sm9_twist_point_mul(SM9_TWIST_POINT *R, const sm9_bn_t k, const SM9_TWIST_POINT *P);
+void sm9_twist_point_mul_generator(SM9_TWIST_POINT *R, const sm9_bn_t k);
+int sm9_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_TWIST_POINT *P);
+
+
+
+void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *P, const SM9_POINT *Q);
+void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *T, const SM9_TWIST_POINT *P, const SM9_POINT *Q);
+void sm9_twist_point_pi1(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P);
+void sm9_twist_point_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P);
+void sm9_twist_point_neg_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P);
 void sm9_final_exponent_hard_part(sm9_fp12_t r, const sm9_fp12_t f);
 void sm9_final_exponent(sm9_fp12_t r, const sm9_fp12_t f);
-void sm9_pairing(sm9_fp12_t r, const sm9_twist_point_t *Q, const sm9_point_t *P);
-
-
-
+void sm9_pairing(sm9_fp12_t r, const SM9_TWIST_POINT *Q, const SM9_POINT *P);


 /* private key extract algorithms */
@@ -290,263 +406,11 @@ void sm9_pairing(sm9_fp12_t r, const sm9_twist_point_t *Q, const sm9_point_t *P)
 #define SM9_HID_EXCH		0x02
 #define SM9_HID_ENC		0x03

-#define SM9_HASH1		0x01
-#define SM9_HASH2		0x02
-
-void sm9_fn_add(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b);
-void sm9_fn_sub(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b);
-void sm9_fn_mul(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b);
-void sm9_fn_pow(sm9_fn_t r, const sm9_fn_t a, const sm9_bn_t e);
-void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a);
-int sm9_fn_is_zero(const sm9_fn_t a);
-int sm9_fn_equ(const sm9_fn_t a, const sm9_fn_t b);
-void sm9_fn_rand(sm9_fn_t r);
-void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]);
-
-void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]);
+#define SM9_HASH1_PREFIX	0x01
+#define SM9_HASH2_PREFIX	0x02

 int sm9_hash1(sm9_bn_t h1, const char *id, size_t idlen, uint8_t hid);

-int sm9_point_to_bytes(const sm9_point_t *P, uint8_t out[32 * 2]);
-int sm9_point_from_bytes(sm9_point_t *P, const uint8_t in[32 * 2]);
-int sm9_twist_point_to_bytes(const sm9_twist_point_t *P, uint8_t out[32 * 2]);
-int sm9_twist_point_from_bytes(sm9_twist_point_t *P, const uint8_t in[32 * 2]);
-
-void sm9_fn_to_bytes(const sm9_fn_t a, uint8_t out[32]);
-int sm9_fn_from_bytes(sm9_fn_t a, const uint8_t in[32]);
-int sm9_point_to_uncompressed_octets(const sm9_point_t *P, uint8_t octets[65]);
-int sm9_point_from_uncompressed_octets(sm9_point_t *P, const uint8_t octets[65]);
-int sm9_twist_point_to_uncompressed_octets(const sm9_twist_point_t *P, uint8_t octets[129]);
-int sm9_twist_point_from_uncompressed_octets(sm9_twist_point_t *P, const uint8_t octets[129]);
-
-
-// set the same value as sm2
-#define SM9_MAX_ID_BITS		65535
-#define SM9_MAX_ID_SIZE		(SM9_MAX_ID_BITS/8)
-
-typedef struct {
-	uint8_t x[32];
-	uint8_t y[32];
-} SM9_POINT;
-
-typedef struct {
-	uint8_t x[64];
-	uint8_t y[64];
-} SM9_TWIST_POINT;
-
-
-/*
-SM9私钥如何存储：
-
-可以用PrivateKeyInfo, EncryptedPrivateKeyInfo 来存储SM9的主密钥
-这需要SM9签名、加密等方案的OID，并且需要区分主密钥和用户私钥
-否则无法通过AlgorithmIdentifier来区分
-
-SM9的主密钥和EC密钥类型很像，都是一个大整数和一个曲线点。
-但是SM9的主密钥存在KeyUsage这个特性，签名和加密的格式并不一样。
-是否将其整合在一个ASN.1对象中呢？
-
-主密钥、用户密钥、签名、加密，这用一个OID来区分还是2个OID来区分？
-
-
-PrivateKeyInfo ::= SEQUENCE {
-	version			Version { v1(0) },
-	privateKeyAlgorithm	AlgorithmIdentifier,
-	privateKey		OCTET STRING, -- DER-encoding of ECPrivateKey
-	attributes		[0] IMPLICIT SET OF Attribute OPTIONAL }
-
-这里privateKeyAlgorithm只有一个值，因此必须为上述提供4个不同OID
-
-主公钥其实是无所谓的，
-
-SM9 OIDs from GM/T 0006-2012
-
-	1.2.156.10197.1.302	sm9
-	1.2.156.10197.1.302.1	sm9sign
-	1.2.156.10197.1.302.2	sm9keyagreement
-	1.2.156.10197.1.302.3	sm9encrypt
-
-*/
-
-#define PEM_SM9_SIGN_MASTER_KEY		"ENCRYPTED SM9 SIGN MASTER KEY"
-#define PEM_SM9_SIGN_MASTER_PUBLIC_KEY	"SM9 SIGN MASTER PUBLIC KEY"
-#define PEM_SM9_SIGN_PRIVATE_KEY	"ENCRYPTED SM9 SIGN PRIVATE KEY"
-#define PEM_SM9_ENC_MASTER_KEY		"ENCRYPTED SM9 ENC MASTER KEY"
-#define PEM_SM9_ENC_MASTER_PUBLIC_KEY	"SM9 ENC MASTER PUBLIC KEY"
-#define PEM_SM9_ENC_PRIVATE_KEY		"ENCRYPTED SM9 ENC PRIVATE KEY"
-
-
-/*
-SM9SignMasterKey ::= SEQUENCE {
-	ks	INTEGER,
-	Ppubs	BIT STRING, -- uncompressed octets of twisted point
-}
-*/
-typedef struct {
-	sm9_twist_point_t Ppubs; // Ppubs = ks * P2
-	sm9_fn_t ks;
-} SM9_SIGN_MASTER_KEY;
-
-// algorthm,parameters = sm9,sm9sign
-int sm9_sign_master_key_to_der(const SM9_SIGN_MASTER_KEY *msk, uint8_t **out, size_t *outlen);
-int sm9_sign_master_key_from_der(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, size_t *inlen);
-int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen);
-int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen);
-int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
-int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
-
-/*
-SM9SignMasterPublicKey ::= SEQUENCE {
-	Ppubs   BIT STRING, -- uncompressed octets of twisted point
-}
-*/
-int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
-int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
-int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
-int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
-
-
-/*
-SM9SignPrivateKey ::= SEQUENCE {
-	ds	BIT STRING, -- uncompressed octets of ECPoint
-	Ppubs	BIT STRING -- uncompressed octets of twisted point
-}
-
-SM9的用户私钥和椭圆曲线的就没有任何关系了。
-*/
-typedef struct {
-	sm9_twist_point_t Ppubs;
-	sm9_point_t ds;
-} SM9_SIGN_KEY;
-
-// algorithm,parameters = sm9sign,<null>
-int sm9_sign_key_to_der(const SM9_SIGN_KEY *key, uint8_t **out, size_t *outlen);
-int sm9_sign_key_from_der(SM9_SIGN_KEY *key, const uint8_t **in, size_t *inlen);
-int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen);
-int sm9_sign_key_info_decrypt_from_der(SM9_SIGN_KEY *key, const char *pass, const uint8_t **in, size_t *inlen);
-int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp);
-int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp);
-
-int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master);
-int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key);
-
-
-/*
-from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification
-SM9Signature ::= SEQUENCE {
-	h	OCTET STRING,
-	S	BIT STRING,  -- uncompressed octets of ECPoint }
-*/
-typedef struct {
-	sm9_fn_t h;
-	sm9_point_t S;
-} SM9_SIGNATURE;
-
-int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *sig);
-int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen,
-	const SM3_CTX *sm3_ctx, const SM9_SIGNATURE *sig);
-
-#define SM9_MAX_SIGNATURE_SIZE 512 // TODO: calcalate this size		
-int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen);
-int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
-
-
-typedef struct {
-	SM3_CTX sm3_ctx;
-} SM9_SIGN_CTX;
-
-int sm9_sign_init(SM9_SIGN_CTX *ctx);
-int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
-int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, size_t *siglen);
-
-int sm9_verify_init(SM9_SIGN_CTX *ctx);
-int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
-int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen,
-	const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen);
-
-typedef struct {
-	sm9_point_t Ppube; // Ppube = ke * P1
-	sm9_fn_t ke;
-} SM9_ENC_MASTER_KEY;
-
-// algorithm,parameters = sm9,sm9encrypt
-int sm9_enc_master_key_to_der(const SM9_ENC_MASTER_KEY *msk, uint8_t **out, size_t *outlen);
-int sm9_enc_master_key_from_der(SM9_ENC_MASTER_KEY *msk, const uint8_t **in, size_t *inlen);
-int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen);
-int sm9_enc_master_key_info_decrypt_from_der(SM9_ENC_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen);
-int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
-int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
-
-int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
-int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
-int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp);
-int sm9_enc_master_public_key_from_pem(SM9_ENC_MASTER_KEY *mpk, FILE *fp);
-
-/*
-SM9EncPrivateKey ::= SEQUENCE {
-	de	BIT STRING, -- uncompressed octets of twisted point
-	Ppube	BIT STRING -- uncompressed octets of ECPoint
-}
-*/
-typedef struct {
-	sm9_point_t Ppube;
-	sm9_twist_point_t de;
-} SM9_ENC_KEY;
-
-// algorithm,parameters = sm9encrypt,<null>
-int sm9_enc_key_to_der(const SM9_ENC_KEY *key, uint8_t **out, size_t *outlen);
-int sm9_enc_key_from_der(SM9_ENC_KEY *key, const uint8_t **in, size_t *inlen);
-int sm9_enc_key_info_encrypt_to_der(const SM9_ENC_KEY *key, const char *pass, uint8_t **out, size_t *outlen);
-int sm9_enc_key_info_decrypt_from_der(SM9_ENC_KEY *key, const char *pass, const uint8_t **in, size_t *inlen);
-int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp);
-int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp);
-
-int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master);
-int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key);
-
-/*
-from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification
-SM9Cipher ::= SEQUENCE {
-	EnType		INTEGER, -- 0 for XOR
-	C1		BIT STRING, -- uncompressed octets of ECPoint
-	C3		OCTET STRING, -- 32 bytes HMAC-SM3 tag
-	CipherText	OCTET STRING,
-}
-*/
-int sm9_ciphertext_to_der(const sm9_point_t *C1, const uint8_t *c2, size_t c2len,
-	const uint8_t c3[SM3_HMAC_SIZE], uint8_t **out, size_t *outlen);
-int sm9_ciphertext_from_der(sm9_point_t *C1, const uint8_t **c2, size_t *c2len,
-	const uint8_t *c3[SM3_HMAC_SIZE], const uint8_t **in, size_t *inlen);
-
-#define SM9_MAX_PLAINTEXT_SIZE 512 // FIXME		
-#define SM9_MAX_CIPHERTEXT_SIZE 512 // FIXME		
-
-
-int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, size_t klen, uint8_t *kbuf, sm9_point_t *C);
-int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const sm9_point_t *C, size_t klen, uint8_t *kbuf);
-
-int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
-	const uint8_t *in, size_t inlen, sm9_point_t *C1, uint8_t *c2, uint8_t c3[SM3_HMAC_SIZE]);
-int sm9_do_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen,
-	const sm9_point_t *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], uint8_t *out);
-int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
-	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen,
-	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
-
-
-int sm9_fn_print(FILE *fp, int fmt, int ind, const char *label, const sm9_fn_t a);
-int sm9_point_print(FILE *fp, int fmt, int ind, const char *label, const sm9_point_t *P);
-int sm9_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const sm9_twist_point_t *P);
-
-int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk);
-int sm9_sign_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *mpk);
-int sm9_sign_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_KEY *key);
-int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk);
-int sm9_enc_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *mpk);
-int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_KEY *key);
-int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
-int sm9_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);

 const char *sm9_oid_name(int oid);
 int sm9_oid_from_name(const char *name);
@@ -556,8 +420,188 @@ int sm9_algor_to_der(int alg, int params, uint8_t **out, size_t *outlen);
 int sm9_algor_from_der(int *alg, int *params, const uint8_t **in, size_t *inlen);


+#define PEM_SM9_SIGN_MASTER_KEY		"ENCRYPTED SM9 SIGN MASTER KEY"
+#define PEM_SM9_SIGN_MASTER_PUBLIC_KEY	"SM9 SIGN MASTER PUBLIC KEY"
+#define PEM_SM9_SIGN_PRIVATE_KEY	"ENCRYPTED SM9 SIGN PRIVATE KEY"
+#define PEM_SM9_ENC_MASTER_KEY		"ENCRYPTED SM9 ENC MASTER KEY"
+#define PEM_SM9_ENC_MASTER_PUBLIC_KEY	"SM9 ENC MASTER PUBLIC KEY"
+#define PEM_SM9_ENC_PRIVATE_KEY		"ENCRYPTED SM9 ENC PRIVATE KEY"

-#  ifdef  __cplusplus
+
+#define SM9_MAX_ID_SIZE		(SM2_MAX_ID_SIZE)
+
+/*
+SM9SignMasterKey ::= SEQUENCE {
+	ks	INTEGER,
+	Ppubs	BIT STRING -- uncompressed octets of twisted point }
+
+SM9SignMasterPublicKey ::= SEQUENCE {
+	Ppubs   BIT STRING -- uncompressed octets of twisted point }
+
+SM9SignPrivateKey ::= SEQUENCE {
+	ds	BIT STRING, -- uncompressed octets of ECPoint
+	Ppubs	BIT STRING -- uncompressed octets of twisted point }
+*/
+typedef struct {
+	SM9_TWIST_POINT Ppubs; // Ppubs = ks * P2
+	sm9_fn_t ks;
+} SM9_SIGN_MASTER_KEY;
+
+typedef struct {
+	SM9_TWIST_POINT Ppubs;
+	SM9_POINT ds;
+} SM9_SIGN_KEY;
+
+int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master);
+int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key);
+
+// algorthm,parameters = sm9,sm9sign
+#define SM9_SIGN_MASTER_KEY_MAX_SIZE 171
+int sm9_sign_master_key_to_der(const SM9_SIGN_MASTER_KEY *msk, uint8_t **out, size_t *outlen);
+int sm9_sign_master_key_from_der(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, size_t *inlen);
+int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen);
+int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen);
+int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
+int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp);
+int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk);
+
+#define SM9_SIGN_MASTER_PUBLIC_KEY_SIZE 136
+int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
+int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
+int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
+int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp);
+int sm9_sign_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *mpk);
+
+// algorithm,parameters = sm9sign,<null>
+#define SM9_SIGN_KEY_SIZE 204
+int sm9_sign_key_to_der(const SM9_SIGN_KEY *key, uint8_t **out, size_t *outlen);
+int sm9_sign_key_from_der(SM9_SIGN_KEY *key, const uint8_t **in, size_t *inlen);
+int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen);
+int sm9_sign_key_info_decrypt_from_der(SM9_SIGN_KEY *key, const char *pass, const uint8_t **in, size_t *inlen);
+int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp);
+int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp);
+int sm9_sign_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_KEY *key);
+
+/*
+from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification
+SM9Signature ::= SEQUENCE {
+	h	OCTET STRING,
+	S	BIT STRING -- uncompressed octets of ECPoint }
+*/
+typedef struct {
+	sm9_fn_t h;
+	SM9_POINT S;
+} SM9_SIGNATURE;
+
+int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *sig);
+int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, const SM3_CTX *sm3_ctx, const SM9_SIGNATURE *sig);
+
+#define SM9_SIGNATURE_SIZE 104
+int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen);
+int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
+int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen);
+
+typedef struct {
+	SM3_CTX sm3_ctx;
+} SM9_SIGN_CTX;
+
+int sm9_sign_init(SM9_SIGN_CTX *ctx);
+int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
+int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, size_t *siglen);
+int sm9_verify_init(SM9_SIGN_CTX *ctx);
+int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen);
+int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen,
+	const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen);
+
+
+/*
+SM9EncMasterKey ::= SEQUENCE {
+	de	INTEGER,
+	Ppube	BIT STRING -- uncompressed octets of ECPoint }
+
+SM9EncMasterPublicKey ::= SEQUENCE {
+	Ppube	BIT STRING -- uncompressed octets of ECPoint }
+
+SM9EncPrivateKey ::= SEQUENCE {
+	de	BIT STRING, -- uncompressed octets of twisted point
+	Ppube	BIT STRING -- uncompressed octets of ECPoint }
+*/
+
+typedef struct {
+	SM9_POINT Ppube; // Ppube = ke * P1
+	sm9_fn_t ke;
+} SM9_ENC_MASTER_KEY;
+
+typedef struct {
+	SM9_POINT Ppube;
+	SM9_TWIST_POINT de;
+} SM9_ENC_KEY;
+
+int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master);
+int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key);
+
+// algorithm,parameters = sm9,sm9encrypt
+#define SM9_ENC_MASTER_KEY_MAX_SIZE 105
+int sm9_enc_master_key_to_der(const SM9_ENC_MASTER_KEY *msk, uint8_t **out, size_t *outlen);
+int sm9_enc_master_key_from_der(SM9_ENC_MASTER_KEY *msk, const uint8_t **in, size_t *inlen);
+int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen);
+int sm9_enc_master_key_info_decrypt_from_der(SM9_ENC_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen);
+int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
+int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp);
+int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk);
+
+#define SM9_ENC_MASTER_PUBLIC_KEY_SIZE 70
+int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen);
+int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen);
+int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp);
+int sm9_enc_master_public_key_from_pem(SM9_ENC_MASTER_KEY *mpk, FILE *fp);
+int sm9_enc_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *mpk);
+
+// algorithm,parameters = sm9encrypt,<null>
+#define SM9_ENC_KEY_SIZE 204
+int sm9_enc_key_to_der(const SM9_ENC_KEY *key, uint8_t **out, size_t *outlen);
+int sm9_enc_key_from_der(SM9_ENC_KEY *key, const uint8_t **in, size_t *inlen);
+int sm9_enc_key_info_encrypt_to_der(const SM9_ENC_KEY *key, const char *pass, uint8_t **out, size_t *outlen);
+int sm9_enc_key_info_decrypt_from_der(SM9_ENC_KEY *key, const char *pass, const uint8_t **in, size_t *inlen);
+int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp);
+int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp);
+int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_KEY *key);
+
+#define SM9_MAX_PRIVATE_KEY_SIZE (SM9_SIGN_KEY_SIZE) // MAX(SIGN_MASTER_KEY, SIGN_KEY, ENC_MASTER_KEY, ENC_KEY)
+#define SM9_MAX_PRIVATE_KEY_INFO_SIZE 512
+#define SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE 1024
+
+/*
+from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification
+SM9Cipher ::= SEQUENCE {
+	EnType		INTEGER, -- 0 for XOR
+	C1		BIT STRING, -- uncompressed octets of ECPoint
+	C3		OCTET STRING, -- 32 bytes HMAC-SM3 tag
+	CipherText	OCTET STRING }
+*/
+
+int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, size_t klen, uint8_t *kbuf, SM9_POINT *C);
+int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const SM9_POINT *C, size_t klen, uint8_t *kbuf);
+int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
+	const uint8_t *in, size_t inlen, SM9_POINT *C1, uint8_t *c2, uint8_t c3[SM3_HMAC_SIZE]);
+int sm9_do_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen,
+	const SM9_POINT *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], uint8_t *out);
+
+#define SM9_MAX_PLAINTEXT_SIZE 255
+#define SM9_MAX_CIPHERTEXT_SIZE 367 // calculated in test_sm9_ciphertext()
+int sm9_ciphertext_to_der(const SM9_POINT *C1, const uint8_t *c2, size_t c2len,
+	const uint8_t c3[SM3_HMAC_SIZE], uint8_t **out, size_t *outlen);
+int sm9_ciphertext_from_der(SM9_POINT *C1, const uint8_t **c2, size_t *c2len,
+	const uint8_t *c3[SM3_HMAC_SIZE], const uint8_t **in, size_t *inlen);
+int sm9_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
+int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen,
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+
+
+
+#ifdef  __cplusplus
 }
-#  endif
-# endif
+#endif
+#endif
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -54,6 +54,13 @@
 extern "C" {
 #endif

+/*
+Version Public API
+
+	gmssl_version_num
+	gmssl_version_str
+*/
+
 #define GMSSL_VERSION_NUM	30000
 #define GMSSL_VERSION_STR	"GmSSL 3.0.0 Alpha"

--- a/include/gmssl/x509.h
+++ b/include/gmssl/x509.h
@@ -62,6 +62,37 @@
 extern "C" {
 #endif

+/*
+X509 Public API
+
+	x509_name_add_rdn
+	x509_name_add_country_name
+	x509_name_add_state_or_province_name
+	x509_name_add_locality_name
+	x509_name_add_organization_name
+	x509_name_add_organizational_unit_name
+	x509_name_add_common_name
+	x509_name_add_domain_component
+	x509_name_to_der
+	x509_name_from_der
+	x509_name_print
+	x509_name_get_printable
+	x509_name_get_value_by_type
+	x509_name_get_common_name
+
+	x509_cert_sign
+	x509_cert_verify
+	x509_cert_verify_by_ca_cert
+	x509_cert_get_issuer_and_serial_number
+	x509_cert_get_issuer
+	x509_cert_get_subject
+	x509_cert_get_subject_public_key
+	x509_cert_to_der
+	x509_cert_from_der
+	x509_cert_to_pem
+	x509_cert_from_pem
+	x509_cert_print
+*/

 enum X509_Version {
 	X509_version_v1 = 0,
@@ -331,6 +362,7 @@ int x509_certs_get_cert_by_issuer_and_serial_number(
 int x509_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);


+
 #ifdef __cplusplus
 }
 #endif
--- a/include/gmssl/x509_crl.h
+++ b/include/gmssl/x509_crl.h
@@ -55,6 +55,14 @@
 extern "C" {
 #endif

+/*
+X509 CRL Public API
+
+
+*/
+
+
+
 /*
 CRLReason ::= ENUMERATED
 */
--- a/include/gmssl/x509_req.h
+++ b/include/gmssl/x509_req.h
@@ -63,6 +63,17 @@
 extern "C" {
 #endif

+/*
+X509 REQ Public API
+
+	x509_req_sign
+	x509_req_verify
+	x509_req_get_details
+	x509_req_print
+	x509_req_to_pem
+	x509_req_from_pem
+*/
+

 /*
 from RFC 2986
--- a/include/gmssl/zuc.h
+++ b/include/gmssl/zuc.h
@@ -59,6 +59,31 @@ extern "C" {
 #endif


+/*
+ZUC Public API
+
+	ZUC_KEY_SIZE
+	ZUC_IV_SIZE
+	ZUC_MAC_SIZE
+
+	ZUC_CTX
+	zuc_encrypt_init
+	zuc_encrypt_update
+	zuc_encrypt_finish
+	zuc_decrypt_init
+	zuc_decrypt_update
+	zuc_decrypt_finish
+
+	ZUC_MAC_CTX
+	zuc_mac_init
+	zuc_mac_update
+	zuc_mac_finish
+
+	zuc_eea_encrypt
+	zuc_eia_generate_mac
+*/
+
+
 # define ZUC_KEY_SIZE	16
 # define ZUC_IV_SIZE	16
 # define ZUC_MAC_SIZE	4
@@ -132,7 +157,7 @@ typedef struct ZUC256_MAC_CTX_st {
 void zuc256_mac_init(ZUC256_MAC_CTX *ctx, const uint8_t key[ZUC256_KEY_SIZE],
 	const uint8_t iv[ZUC256_IV_SIZE], int macbits);
 void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len);
-void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t *mac);
+void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]);


 // Public API