Convert utf-8 files to ascii

include/gmssl/asn1.h

@@ -1,4 +1,4 @@
-/*
+/*
  *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
@@ -86,8 +86,8 @@ int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t *
 int asn1_nonempty_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_nonempty_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
 int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
+int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // NOTE: a,alen MUST be TLV
-int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV
+int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // asn1_any_from_der check if input is TLV
 
 #define ASN1_TRUE 0xff
 #define ASN1_FALSE 0x00
@@ -101,7 +101,7 @@ int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inle
 #define asn1_implicit_boolean_to_der(i,val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
 #define asn1_implicit_boolean_from_der(i,val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
 
-// asn1_integer_ 不支持负数编解码
+// asn1_integer_ does not support negative value
 int asn1_integer_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
 #define asn1_integer_to_der(d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen)
@@ -109,15 +109,15 @@ int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uin
 #define asn1_implicit_integer_to_der(i,d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
 #define asn1_implicit_integer_from_der(i,d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
 
-// asn1_int_ 只支持小的无符号整数的编解码，不支持负数
+// asn1_int_ only support small unsigned int, does not support negative integer
-int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // 当 val == -1 时，不输出，返回 0
+int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // when val == -1, return 0 and no output
-int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // 不支持负数，返回0时 *val 设置为 -1
+int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // when return 0, *val is set to -1
 #define asn1_int_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen)
 #define asn1_int_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen)
 #define asn1_implicit_int_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
 #define asn1_implicit_int_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
 
-// 比特长度不必须为8的整数倍
+// bit_string can be any length
 int asn1_bit_string_to_der_ex(int tag, const uint8_t *d, size_t nbits, uint8_t **out, size_t *outlen);
 int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const uint8_t **in, size_t *inlen);
 #define asn1_bit_string_to_der(d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen)
@@ -125,7 +125,7 @@ int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const
 #define asn1_implicit_bit_string_to_der(i,d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,out,outlen)
 #define asn1_implicit_bit_string_from_der(i,d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,in,inlen)
 
-// 比特长度必须为8的整数倍，因此使用字节长度
+// bit string MUST be multiple 8 bits
 int asn1_bit_octets_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
 #define asn1_bit_octets_to_der(d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
@@ -133,14 +133,14 @@ int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const
 #define asn1_implicit_bit_octets_to_der(i,d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
 #define asn1_implicit_bit_octets_from_der(i,d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
 
-// bits == -1 不编码，只支持较少的比特数量
+// bits == -1 means no input
 int asn1_bits_to_der_ex(int tag, int bits, uint8_t **out, size_t *outlen);
 int asn1_bits_from_der_ex(int tag, int *bits, const uint8_t **in, size_t *inlen);
 #define asn1_bits_to_der(bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,bits,out,outlen)
 #define asn1_bits_from_der(bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,bits,in,inlen)
 #define asn1_implicit_bits_to_der(i,bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(i),bits,out,outlen)
 #define asn1_implicit_bits_from_der(i,bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(i),bits,in,inlen)
-// names[i]对应第i个比特
+// names[i] is the i-th bit
 int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **names, size_t names_cnt, int bits);
 
 #define asn1_octet_string_to_der_ex(tag,d,dlen,out,outlen) asn1_type_to_der(tag,d,dlen,out,outlen)
@@ -182,7 +182,8 @@ typedef struct {
 
 const ASN1_OID_INFO *asn1_oid_info_from_name(const ASN1_OID_INFO *infos, size_t count, const char *name);
 const ASN1_OID_INFO *asn1_oid_info_from_oid(const ASN1_OID_INFO *infos, size_t count, int oid);
-// 如果一个正确解析的OID并不在infos列表中，那么仍然返回1，但是调用方必须检查返回的info是否为空
+
+// well-formed but unknown OID will return 1, caller should check if *info == NULL when return 1
 int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_cnt,
 	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
 int asn1_oid_info_from_der(const ASN1_OID_INFO **info,
@@ -283,7 +284,7 @@ int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);
 #define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
 #define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
 
-// d,dlen 是 SEQUENCE OF, SET OF 中的值
+// d,dlen is the V (of TLV) of SEQUENCE OF, SET OF
 int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt);
 int asn1_types_get_item_by_index(const uint8_t *d, size_t dlen, int tag,
 	int index, const uint8_t **item_d, size_t *item_dlen);

include/gmssl/cms.h

@@ -1,4 +1,4 @@
-/*
+/*
  *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
@@ -62,7 +62,7 @@ int cms_content_info_to_der(
 	uint8_t **out, size_t *outlen);
 int cms_content_info_from_der(
 	int *content_type,
-	const uint8_t **content, size_t *content_len, // 这里获得的是完整的TLV
+	const uint8_t **content, size_t *content_len, // content is the full TLV
 	const uint8_t **in, size_t *inlen);
 int cms_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
@@ -269,13 +269,13 @@ typedef struct {
 
 int cms_signed_data_sign_to_der(
 	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
-	int content_type, const uint8_t *data, size_t datalen, // 当OID_cms_data时为raw data
+	int content_type, const uint8_t *data, size_t datalen, // with OID_cms_data, `data` is the raw data
-	const uint8_t *crls, size_t crls_len, // 可以为空
+	const uint8_t *crls, size_t crls_len, // crls can be NULL
 	uint8_t **out, size_t *outlen);
 int cms_signed_data_verify_from_der(
 	const uint8_t *extra_certs, size_t extra_certs_len,
 	const uint8_t *extra_crls, size_t extra_crls_len,
-	int *content_type, const uint8_t **content, size_t *content_len, // 是否应该返回raw data呢？			
+	int *content_type, const uint8_t **content, size_t *content_len, // should we return raw data			
 	const uint8_t **certs, size_t *certs_len,
 	const uint8_t **crls, size_t *crls_len,
 	const uint8_t **signer_infos, size_t *signer_infos_len,
@@ -289,8 +289,8 @@ RecipientInfo ::= SEQUENCE {
 	keyEncryptionAlgorithm		AlgorithmIdentifier,
 	encryptedKey			OCTET STRING -- DER-encoding of SM2Cipher
 }
-由于encryptedKey的类型为SM2Cipher, 而SM2Cipher中有2个INTEGER，因此长度是不固定的。
+
-因此不能预先确定输出长度
+DER-encoding length of RecipientInfo is not fixed (caused by INTEGERs)
 */
 int cms_recipient_info_to_der(
 	int version,
@@ -303,7 +303,7 @@ int cms_recipient_info_from_der(
 	int *version,
 	const uint8_t **issuer, size_t *issuer_len,
 	const uint8_t **serial_number, size_t *serial_number_len,
-	int *pke_algor, const uint8_t **params, size_t *params_len,// SM2加密只使用SM3，没有默认参数，但是ECIES可能有
+	int *pke_algor, const uint8_t **params, size_t *params_len,// sm2encrypt has no params, but ECIES might have params
 	const uint8_t **enced_key, size_t *enced_key_len,
 	const uint8_t **in, size_t *inlen);
 int cms_recipient_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
@@ -452,35 +452,29 @@ int cms_key_agreement_info_print(FILE *fp, int fmt, int ind, const char *label,
 
 
 
-// 下面是公开API
-// 公开API的设计考虑：
-// 1. 不需要调用其他函数
-// 2. 在逻辑上容易理解
-// 3. 将cms,cmslen看做对象
 
-
+// generate ContentInfo, type == data
-// 生成ContentInfo, type == data
 int cms_set_data(uint8_t *cms, size_t *cmslen,
 	const uint8_t *d, size_t dlen);
 
 int cms_encrypt(
-	uint8_t *cms, size_t *cmslen, // 输出的ContentInfo (type encryptedData)
+	uint8_t *cms, size_t *cmslen,
-	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, // 对称加密算法、密钥和IV
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
-	int content_type, const uint8_t *content, size_t content_len, // 待加密的输入数据
+	int content_type, const uint8_t *content, size_t content_len,
-	const uint8_t *shared_info1, size_t shared_info1_len, // 附加信息
+	const uint8_t *shared_info1, size_t shared_info1_len,
 	const uint8_t *shared_info2, size_t shared_info2_len);
 
 int cms_decrypt(
-	const uint8_t *cms, size_t cmslen, // 输入的ContentInfo (type encryptedData)
+	const uint8_t *cms, size_t cmslen, // should be ContentInfo (type encryptedData)
-	int *enc_algor, const uint8_t *key, size_t keylen, // 解密密钥（我们不知道解密算法）
+	int *enc_algor, const uint8_t *key, size_t keylen,
-	int *content_type, uint8_t *content, size_t *content_len, // 输出的解密数据类型及数据
+	int *content_type, uint8_t *content, size_t *content_len,
-	const uint8_t **shared_info1, size_t *shared_info1_len, // 附加信息
+	const uint8_t **shared_info1, size_t *shared_info1_len,
 	const uint8_t **shared_info2, size_t *shared_info2_len);
 
 int cms_sign(
 	uint8_t *cms, size_t *cms_len,
-	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, // 签名者的签名私钥和证书
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
-	int content_type, const uint8_t *content, size_t content_len, // 待签名的输入数据
+	int content_type, const uint8_t *content, size_t content_len,
 	const uint8_t *crls, size_t crls_len);
 
 int cms_verify(
@@ -494,17 +488,17 @@ int cms_verify(
 
 int cms_envelop(
 	uint8_t *cms, size_t *cms_len,
-	const uint8_t *rcpt_certs, size_t rcpt_certs_len, // 接收方证书，注意这个参数的类型可以容纳多个证书，但是只有在一个接受者时对调用方最方便
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len,
-	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, // 对称加密算法及参数
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
-	int content_type, const uint8_t *content, size_t content_len, // 待加密的输入数据
+	int content_type, const uint8_t *content, size_t content_len,
-	const uint8_t *shared_info1, size_t shared_info1_len, // 附加输入信息
+	const uint8_t *shared_info1, size_t shared_info1_len,
 	const uint8_t *shared_info2, size_t shared_info2_len);
 
 int cms_deenvelop(
 	const uint8_t *cms, size_t cms_len,
-	const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len, // 接收方的解密私钥和对应的证书，注意只需要一个解密方
+	const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
 	int *content_type, uint8_t *content, size_t *content_len,
-	const uint8_t **rcpt_infos, size_t *rcpt_infos_len, // 解析得到，用于显示
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
 	const uint8_t **shared_info1, size_t *shared_info1_len,
 	const uint8_t **shared_info2, size_t *shared_info2_len);
 
@@ -531,7 +525,7 @@ int cms_deenvelop_and_verify(
 	const uint8_t **shared_info1, size_t *shared_info1_len,
 	const uint8_t **shared_info2, size_t *shared_info2_len);
 
-// 生成ContentInfo, type == keyAgreementInfo
+// create ContentInfo, type == keyAgreementInfo
 int cms_set_key_agreement_info(
 	uint8_t *cms, size_t *cms_len,
 	const SM2_KEY *temp_public_key_r,

include/gmssl/temp.c

@@ -0,0 +1,546 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+/*
+References:
+  1. GM/T 0010-2012 SM2 Cryptography Message Syntax Specification
+  2. RFC 2315 PKCS #7 Cryptographic Message Syntax Version 1.5
+  3. RFC 5652 Cryptographic Message Syntax (CMS)
+*/
+
+#ifndef GMSSL_CMS_H
+#define GMSSL_CMS_H
+
+
+#include <string.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <gmssl/x509.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum {
+	CMS_version_v1 = 1,
+};
+
+
+/*
+ContentType:
+	OID_cms_data
+	OID_cms_signed_data
+	OID_cms_enveloped_data
+	OID_cms_signed_and_enveloped_data
+	OID_cms_encrypted_data
+	OID_cms_key_agreement_info
+*/
+const char *cms_content_type_name(int oid);
+int cms_content_type_from_name(const char *name);
+int cms_content_type_to_der(int oid, uint8_t **out, size_t *outlen);
+int cms_content_type_from_der(int *oid, const uint8_t **in, size_t *inlen);
+
+/*
+ContentInfo ::= SEQUENCE {
+	contentType	OBJECT IDENTIFIER,
+	content		[0] EXPLICIT ANY OPTIONAL }
+*/
+int cms_content_info_header_to_der(
+	int content_type, size_t content_len,
+	uint8_t **out, size_t *outlen);
+int cms_content_info_to_der(
+	int content_type,
+	const uint8_t *content, size_t content_len,
+	uint8_t **out, size_t *outlen);
+int cms_content_info_from_der(
+	int *content_type,
+	const uint8_t **content, size_t *content_len, // content is the full TLV
+	const uint8_t **in, size_t *inlen);
+int cms_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+Data ::= OCTET STRING
+*/
+#define cms_data_to_der(d,dlen,out,outlen) asn1_octet_string_to_der(d,dlen,out,outlen)
+#define cms_data_from_der(d,dlen,in,inlen) asn1_octet_string_from_der(d,dlen,in,inlen)
+#define cms_data_print(fp,fmt,ind,label,d,dlen) format_bytes(fp,fmt,ind,label,d,dlen)
+
+/*
+EncryptedContentInfo ::= SEQUENCE {
+	contentType			OBJECT IDENTIFIER,
+	contentEncryptionAlgorithm	AlgorithmIdentifier,
+	encryptedContent		[0] IMPLICIT OCTET STRING OPTIONAL,
+	sharedInfo1			[1] IMPLICIT OCTET STRING OPTIONAL,
+	sharedInfo2			[2] IMPLICIT OCTET STRING OPTIONAL }
+*/
+int cms_enced_content_info_to_der(
+	int content_type,
+	int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len,
+	const uint8_t *enced_content, size_t enced_content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_enced_content_info_from_der(
+	int *content_type,
+	int *enc_algor, const uint8_t **enc_iv, size_t *enc_iv_len,
+	const uint8_t **enced_content, size_t *enced_content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+int cms_enced_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_enced_content_info_encrypt_to_der(
+	int enc_algor,
+	const uint8_t *key, size_t keylen,
+	const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_enced_content_info_decrypt_from_der(
+	int *enc_algor,
+	const uint8_t *key, size_t keylen,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+
+/*
+EncryptedData ::= SEQUENCE {
+	version			INTEGER (1),
+	encryptedContentInfo	EncryptedContentInfo }
+*/
+int cms_encrypted_data_to_der(
+	int version,
+	int content_type,
+	int enc_algor, const uint8_t *iv, size_t ivlen,
+	const uint8_t *enced_content, size_t enced_content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_encrypted_data_from_der(
+	int *version,
+	int *content_type,
+	int *enc_algor, const uint8_t **iv, size_t *ivlen,
+	const uint8_t **enced_content, size_t *enced_content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+int cms_encrypted_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_encrypted_data_encrypt_to_der(
+	int enc_algor,
+	const uint8_t *key, size_t keylen,
+	const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_encrypted_data_decrypt_from_der(
+	int *enc_algor,
+	const uint8_t *key, size_t keylen,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+
+/*
+IssuerAndSerialNumber ::= SEQUENCE {
+	isser		Name,
+	serialNumber	INTEGER }
+*/
+int cms_issuer_and_serial_number_to_der(
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	uint8_t **out, size_t *outlen);
+int cms_issuer_and_serial_number_from_der(
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial_number, size_t *serial_number_len,
+	const uint8_t **in, size_t *inlen);
+int cms_issuer_and_serial_number_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+SignerInfo ::= SEQUENCE {
+	version				INTEGER (1),
+	issuerAndSerialNumber		IssuerAndSerialNumber,
+	digestAlgorithm			AlgorithmIdentifier,
+	authenticatedAttributes		[0] IMPLICIT SET OF Attribute OPTINOAL,
+	digestEncryptionAlgorithm	AlgorithmIdentifier,
+	encryptedDigest			OCTET STRING,
+	unauthenticatedAttributes       [1] IMPLICIT SET OF Attribute OPTINOAL, }
+*/
+int cms_signer_info_to_der(
+	int version,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	int digest_algor,
+	const uint8_t *authed_attrs, size_t authed_attrs_len,
+	int signature_algor,
+	const uint8_t *enced_digest, size_t enced_digest_len,
+	const uint8_t *unauthed_attrs, size_t unauthed_attrs_len,
+	uint8_t **out, size_t *outlen);
+int cms_signer_info_from_der(
+	int *version,
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial_number, size_t *serial_number_len,
+	int *digest_algor,
+	const uint8_t **authed_attrs, size_t *authed_attrs_len,
+	int *signature_algor,
+	const uint8_t **enced_digest, size_t *enced_digest_len,
+	const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len,
+	const uint8_t **in, size_t *inlen);
+int cms_signer_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_signer_info_sign_to_der(
+	const SM3_CTX *sm3_ctx, const SM2_KEY *sm2_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	const uint8_t *authed_attrs, size_t authed_attrs_len,
+	const uint8_t *unauthed_attrs, size_t unauthed_attrs_len,
+	uint8_t **out, size_t *outlen);
+int cms_signer_info_verify_from_der(
+	const SM3_CTX *sm3_ctx, const uint8_t *certs, size_t certslen,
+	const uint8_t **cert, size_t *certlen,
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial, size_t *serial_len,
+	const uint8_t **authed_attrs, size_t *authed_attrs_len,
+	const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len,
+	const uint8_t **in, size_t *inlen);
+/*
+SignerInfos ::= SET OF SignerInfo;
+*/
+int cms_signer_infos_add_signer_info(
+	uint8_t *d, size_t *dlen, size_t maxlen,
+	const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	const uint8_t *authed_attrs, size_t authed_attrs_len,
+	const uint8_t *unauthed_attrs, size_t unauthed_attrs_len);
+#define cms_signer_infos_to_der(d,dlen,out,outlen) asn1_set_to_der(d,dlen,out,outlen)
+#define cms_signer_infos_from_der(d,dlen,in,inlen) asn1_set_from_der(d,dlen,in,inlen)
+int cms_signer_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_digest_algors_to_der(const int *digest_algors, size_t digest_algors_cnt, uint8_t **out, size_t *outlen);
+int cms_digest_algors_from_der(int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
+	const uint8_t **in, size_t *inlen);
+int cms_digest_algors_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+SignedData ::= SEQUENCE {
+	version			INTEGER (1),
+	digestAlgorithms	SET OF AlgorithmIdentifier,
+	contentInfo		ContentInfo,
+	certificates		[0] IMPLICIT SET OF Certificate OPTIONAL,
+	crls			[1] IMPLICIT SET OF CertificateRevocationList OPTIONAL,
+	signerInfos		SET OF SignerInfo }
+*/
+int cms_signed_data_to_der(
+	int version,
+	const int *digest_algors, size_t digest_algors_cnt,
+	const int content_type, const uint8_t *content, const size_t content_len,
+	const uint8_t *certs, size_t certs_len,
+	const uint8_t *crls, const size_t crls_len,
+	const uint8_t *signer_infos, size_t signer_infos_len,
+	uint8_t **out, size_t *outlen);
+int cms_signed_data_from_der(
+	int *version,
+	int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
+	int *content_type, const uint8_t **content, size_t *content_len,
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **in, size_t *inlen);
+int cms_signed_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+typedef struct {
+	uint8_t *certs;
+	size_t certs_len;
+	SM2_KEY *sign_key;
+} CMS_CERTS_AND_KEY;
+
+int cms_signed_data_sign_to_der(
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
+	int content_type, const uint8_t *data, size_t datalen, // with OID_cms_data, `data` is the raw data
+	const uint8_t *crls, size_t crls_len, // crls can be NULL
+	uint8_t **out, size_t *outlen);
+int cms_signed_data_verify_from_der(
+	const uint8_t *extra_certs, size_t extra_certs_len,
+	const uint8_t *extra_crls, size_t extra_crls_len,
+	int *content_type, const uint8_t **content, size_t *content_len, // should we return raw data			
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **in, size_t *inlen);
+
+
+/*
+RecipientInfo ::= SEQUENCE {
+	version				INTEGER (1),
+	issuerAndSerialNumber		IssuerAndSerialNumber,
+	keyEncryptionAlgorithm		AlgorithmIdentifier,
+	encryptedKey			OCTET STRING -- DER-encoding of SM2Cipher
+}
+
+DER-encoding length of RecipientInfo is not fixed (caused by INTEGERs)
+*/
+int cms_recipient_info_to_der(
+	int version,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	int public_key_enc_algor,
+	const uint8_t *enced_key, size_t enced_key_len,
+	uint8_t **out, size_t *outlen);
+int cms_recipient_info_from_der(
+	int *version,
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial_number, size_t *serial_number_len,
+	int *pke_algor, const uint8_t **params, size_t *params_len,// sm2encrypt has no params, but ECIES might have params
+	const uint8_t **enced_key, size_t *enced_key_len,
+	const uint8_t **in, size_t *inlen);
+int cms_recipient_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+int cms_recipient_info_encrypt_to_der(
+	const SM2_KEY *public_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial, size_t serial_len,
+	const uint8_t *in, size_t inlen,
+	uint8_t **out, size_t *outlen);
+int cms_recipient_info_decrypt_from_der(
+	const SM2_KEY *sm2_key,
+	const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
+	const uint8_t *rcpt_serial, size_t rcpt_serial_len,
+	uint8_t *out, size_t *outlen, size_t maxlen,
+	const uint8_t **in, size_t *inlen);
+
+int cms_recipient_infos_add_recipient_info(
+	uint8_t *d, size_t *dlen, size_t maxlen,
+	const SM2_KEY *public_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial, size_t serial_len,
+	const uint8_t *in, size_t inlen);
+#define cms_recipient_infos_to_der(d,dlen,out,outlen) asn1_set_to_der(d,dlen,out,outlen)
+#define cms_recipient_infos_from_der(d,dlen,in,inlen) asn1_set_from_der(d,dlen,in,inlen)
+int cms_recipient_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+EnvelopedData ::= SEQUENCE {
+	version			Version,
+	recipientInfos		SET OF RecipientInfo,
+	encryptedContentInfo	EncryptedContentInfo }
+*/
+int cms_enveloped_data_to_der(
+	int version,
+	const uint8_t *rcpt_infos, size_t rcpt_infos_len,
+	int content_type,
+	int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len,
+	const uint8_t *enced_content, size_t enced_content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_enveloped_data_from_der(
+	int *version,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	const uint8_t **enced_content_info, size_t *enced_content_info_len,
+	const uint8_t **in, size_t *inlen);
+int cms_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_enveloped_data_encrypt_to_der(
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len,
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_enveloped_data_decrypt_from_der(
+	const SM2_KEY *sm2_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+
+/*
+SignedAndEnvelopedData ::= SEQUENCE {
+	version			INTEGER (1),
+	recipientInfos		SET OF RecipientInfo,
+	digestAlgorithms	SET OF AlgorithmIdentifier,
+	encryptedContentInfo	EncryptedContentInfo,
+	certificates		[0] IMPLICIT SET OF Certificate OPTIONAL,
+	crls			[1] IMPLICIT SET OF CertificateRevocationList OPTIONAL,
+	signerInfos		SET OF SignerInfo }
+*/
+int cms_signed_and_enveloped_data_to_der(
+	int version,
+	const uint8_t *rcpt_infos, size_t rcpt_infos_len,
+	const int *digest_algors, size_t digest_algors_cnt,
+	int content_type,
+	int enc_algor, const uint8_t *iv, size_t ivlen,
+	const uint8_t *enced_content, size_t enced_content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	const uint8_t *certs, size_t certs_len,
+	const uint8_t *crls, size_t crls_len,
+	const uint8_t *signer_infos, size_t signer_infos_len,
+	uint8_t **out, size_t *outlen);
+int cms_signed_and_enveloped_data_from_der(
+	int *version,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
+	const uint8_t **enced_content_info, size_t *enced_content_info_len,
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **in, size_t *inlen);
+int cms_signed_and_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_signed_and_enveloped_data_encipher_to_der(
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len,
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *signers_crls, size_t signers_crls_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_signed_and_enveloped_data_decipher_from_der(
+	const SM2_KEY *rcpt_key,
+	const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
+	const uint8_t *rcpt_serial, size_t rcpt_serial_len,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **prcpt_infos, size_t *prcpt_infos_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **psigner_infos, size_t *psigner_infos_len,
+	const uint8_t *extra_certs, size_t extra_certs_len,
+	const uint8_t *extra_crls, size_t extra_crls_len,
+	const uint8_t **in, size_t *inlen);
+
+/*
+KeyAgreementInfo ::= SEQUENCE {
+	version			INTEGER (1),
+	tempPublicKeyR		SM2PublicKey,
+	userCertificate		Certificate,
+	userID			OCTET STRING }
+*/
+int cms_key_agreement_info_to_der(
+	int version,
+	const SM2_KEY *temp_public_key_r,
+	const uint8_t *user_cert, size_t user_cert_len,
+	const uint8_t *user_id, size_t user_id_len,
+	uint8_t **out, size_t *outlen);
+int cms_key_agreement_info_from_der(
+	int *version,
+	SM2_KEY *temp_public_key_r,
+	const uint8_t **user_cert, size_t *user_cert_len,
+	const uint8_t **user_id, size_t *user_id_len,
+	const uint8_t **in, size_t *inlen);
+int cms_key_agreement_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+
+
+// generate ContentInfo, type == data
+int cms_set_data(uint8_t *cms, size_t *cmslen,
+	const uint8_t *d, size_t dlen);
+
+int cms_encrypt(
+	uint8_t *cms, size_t *cmslen,
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len);
+
+int cms_decrypt(
+	const uint8_t *cms, size_t cmslen, // should be ContentInfo (type encryptedData)
+	int *enc_algor, const uint8_t *key, size_t keylen,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len);
+
+int cms_sign(
+	uint8_t *cms, size_t *cms_len,
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *crls, size_t crls_len);
+
+int cms_verify(
+	const uint8_t *cms, size_t cms_len,
+	const uint8_t *extra_certs, size_t extra_certs_len,
+	const uint8_t *extra_crls, size_t extra_crls_len,
+	int *content_type, const uint8_t **content, size_t *content_len,
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len);
+
+int cms_envelop(
+	uint8_t *cms, size_t *cms_len,
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len,
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len);
+
+int cms_deenvelop(
+	const uint8_t *cms, size_t cms_len,
+	const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len);
+
+int cms_sign_and_envelop(
+	uint8_t *cms, size_t *cms_len,
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len,
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *signers_crls, size_t signers_crls_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len);
+
+int cms_deenvelop_and_verify(
+	const uint8_t *cms, size_t cms_len,
+	const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
+	const uint8_t *extra_signer_certs, size_t extra_signer_certs_len,
+	const uint8_t *extra_signer_crls, size_t extra_signer_crls_len,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **signer_certs, size_t *signer_certs_len,
+	const uint8_t **signer_crls, size_t *signer_crls_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len);
+
+// create ContentInfo, type == keyAgreementInfo
+int cms_set_key_agreement_info(
+	uint8_t *cms, size_t *cms_len,
+	const SM2_KEY *temp_public_key_r,
+	const uint8_t *user_cert, size_t user_cert_len,
+	const uint8_t *user_id, size_t user_id_len);
+
+#define PEM_CMS "CMS"
+int cms_to_pem(const uint8_t *cms, size_t cms_len, FILE *fp);
+int cms_from_pem(uint8_t *cms, size_t *cms_len, size_t maxlen, FILE *fp);
+
+
+int cms_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

include/gmssl/tls.h

@@ -1,4 +1,4 @@
-/*
+/*
  *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
@@ -413,7 +413,8 @@ int tls_record_set_protocol(uint8_t *record, int protocol);
 int tls_record_set_data_length(uint8_t *record, size_t length);
 int tls_record_set_data(uint8_t *record, const uint8_t *data, size_t datalen);
 
-// 握手消息ServerKeyExchange, ClientKeyExchange的解析依赖当前密码套件
+
+// parse ServerKeyExchange, ClientKeyExchange depends on current cipher_suite		
 #define tls_format_set_cipher_suite(fmt,cipher)	do {(fmt)|=((cipher)<<8);} while (0)
 int tls_record_print(FILE *fp, const uint8_t *record,  size_t recordlen, int format, int indent);
 int tlcp_record_print(FILE *fp, const uint8_t *record,  size_t recordlen, int format, int indent);
@@ -521,8 +522,8 @@ int tls_process_server_exts(const uint8_t *exts, size_t extslen,
 // Certificate
 int tls_record_set_handshake_certificate(uint8_t *record, size_t *recordlen,
 	const uint8_t *certs, size_t certslen);
-// 这个函数比较特殊，是直接解析了证书链，而不是返回指针
+// see the impl of tls_record_get_handshake_certificate			
-// 应该提供一个独立的解析函数来解析TLS的证书链
+// a standalone cert-chain parsing function should be given			
 int tls_record_get_handshake_certificate(const uint8_t *record, uint8_t *certs, size_t *certslen);
 
 // ServerKeyExchange
@@ -581,7 +582,7 @@ int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *cke, size_t ckele
 int tls_client_key_exchange_print(FILE *fp, const uint8_t *cke, size_t ckelen, int format, int indent);
 
 int tls_record_set_handshake_client_key_exchange_ecdhe(uint8_t *record, size_t *recordlen,
-	const SM2_Z256_POINT *point); // 这里不应该支持SM2_POINT类型						
+	const SM2_Z256_POINT *point); // shoulde we use SM2_Z256_POITN?						
 int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_Z256_POINT *point);			
 int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen,
 	int format, int indent);
@@ -616,8 +617,8 @@ int tls_client_verify_finish(TLS_CLIENT_VERIFY_CTX *ctx, const uint8_t *sig, siz
 void tls_client_verify_cleanup(TLS_CLIENT_VERIFY_CTX *ctx);
 
 // Finished
-// FIXME: 支持TLS 1.3 提供MIN, MAX或TLS12, TLS13, TLCP...
+// FIXME: to support TLS 1.3  need MIN, MAX or TLS12, TLS13, TLCP...			
-#define TLS_VERIFY_DATA_SIZE 12 // TLS 1.3或者其他版本支持更长的verify_data
+#define TLS_VERIFY_DATA_SIZE 12 // TLS 1.3 use longer verify_data (>= 12 bytes)		
 #define TLS_FINISHED_RECORD_SIZE	(TLS_RECORD_HEADER_SIZE + TLS_HANDSHAKE_HEADER_SIZE + TLS_VERIFY_DATA_SIZE) // 21
 #define TLS_MAX_PADDING_SIZE		(1 + 255)
 #define TLS_MAC_SIZE			SM3_HMAC_SIZE
@@ -723,7 +724,7 @@ typedef struct {
 	int cipher_suite;
 	uint8_t session_id[32];
 	size_t session_id_len;
-	uint8_t server_certs[TLS_MAX_CERTIFICATES_SIZE]; // 动态的可能会好一点
+	uint8_t server_certs[TLS_MAX_CERTIFICATES_SIZE]; // TODO: use ptr and malloc			
 	size_t server_certs_len;
 	uint8_t client_certs[TLS_MAX_CERTIFICATES_SIZE];
 	size_t client_certs_len;
@@ -754,7 +755,7 @@ typedef struct {
 } TLS_CONNECT;
 
 
-#define TLS_MAX_EXTENSIONS_SIZE 512 // 这个应该再考虑一下数值，是否可以用其他的缓冲区装载？
+#define TLS_MAX_EXTENSIONS_SIZE 512 // FIXME: no reason to give fixed max length			
 
 
 int tls_init(TLS_CONNECT *conn, const TLS_CTX *ctx);