Update tests and tools

include/gmssl/asn1.h

@@ -72,6 +72,9 @@ extern "C" {
 #define ASN1_TAG_EXPLICIT(index)	ASN1_TAG_IMPLICIT(ASN1_TAG_CONSTRUCTED|(index))
 
 
+#define ASN1_FMT_FULL	0x01
+
+
 enum ASN1_TAG {
 	ASN1_TAG_BOOLEAN		= 1,
 	ASN1_TAG_INTEGER		= 2,
@@ -229,6 +232,9 @@ int asn1_ia5_string_from_der_ex(int tag, const char **d, size_t *dlen, const uin
 
 int asn1_string_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
 
+#define ASN1_UTC_TIME_LEN		(sizeof("YYMMDDHHMMSSZ")-1)
+#define ASN1_GENERALIZED_TIME_LEN	(sizeof("YYYYMMDDHHMMSSZ")-1)
+
 int asn1_utc_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
 int asn1_utc_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
 #define asn1_utc_time_to_der(tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,tv,out,outlen)
@@ -253,8 +259,8 @@ int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, s
 #define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
 #define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
 
-#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
 
 int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);
 #define asn1_implicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)

include/gmssl/oid.h

@@ -155,10 +155,19 @@ enum {
 	OID_sha512_224,
 	OID_sha512_256,
 
+
+	OID_hmac_sha1,
+	OID_hmac_sha224,
+	OID_hmac_sha256,
+	OID_hmac_sha384,
+	OID_hmac_sha512,
+	OID_hmac_sha512_224,
+	OID_hmac_sha512_256,
+
 	OID_pbkdf2, // {pkcs-5 12}
 	OID_pbes2,  // {pkcs-5 13}
-	OID_hmacWithSHA1,
-	OID_hmacWithSHA224,
+
+
 
 	OID_sm4_ecb, // 1 2 156 10197 1 104 1
 	OID_sm4_cbc, // 1 2 156 10197 1 104 2
@@ -209,8 +218,24 @@ enum {
 #define oid_ce	2,5,29
 
 
+#define oid_sm		1,2,156,10197
+#define oid_sm_algors	oid_sm,1
+
+
 #define oid_sm2_cms 1,2,156,10197,6,1,4,2
 
+/*
+rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549}
+pkcs OBJECT IDENTIFIER   ::= {rsadsi 1}
+pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5}
+id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+*/
+
+#define oid_rsadsi	1,2,840,113549
+#define oid_pkcs	oid_rsadsi,1
+#define oid_pkcs5	oid_pkcs,5
+
 
 #ifdef __cplusplus
 }

include/gmssl/pkcs8.h

@@ -1,4 +1,4 @@
-/*
+/*
  * Copyright (c) 2021 - 2021 The GmSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -63,22 +63,27 @@ extern "C" {
 #endif
 
 
-// EncryptedPrivateKeyInfo
-int sm2_enced_private_key_info_to_der(const SM2_KEY *key,
-	const char *pass, uint8_t **out, size_t *outlen);
-int sm2_enced_private_key_info_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen,
-	const char *pass, const uint8_t **in, size_t *inlen);
-int sm2_enced_private_key_info_to_pem(const SM2_KEY *key, const char *pass, FILE *fp);
-int sm2_enced_private_key_info_from_pem(SM2_KEY *key, const char *pass, FILE *fp);
-
 /*
-	prf must be OID_hmac_sm3
-	cipher must be OID_sm4_cbc
+id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+
+PBKDF2-params ::= SEQUENCE {
+	salt CHOICE {
+		specified	OCTET STRING,
+		otherSource	AlgorithmIdentifier {{PBKDF2-SaltSources}}
+	},
+	iterationCount		INTEGER (1..MAX),
+	keyLength		INTEGER (1..MAX) OPTIONAL, -- 这个参数可以由函数指定
+	prf			AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+}
+
+prf must be OID_hmac_sm3
+cipher must be OID_sm4_cbc
 */
 int pbkdf2_params_to_der(const uint8_t *salt, size_t saltlen, int iter, int keylen, int prf,
 	uint8_t **out, size_t *outlen);
 int pbkdf2_params_from_der(const uint8_t **salt, size_t *saltlen, int *iter, int *keylen, int *prf,
 	const uint8_t **in, size_t *inlen);
+int pbkdf2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 int pbkdf2_algor_to_der(
 	const uint8_t *salt, size_t saltlen,
@@ -92,6 +97,23 @@ int pbkdf2_algor_from_der(
 	int *keylen,
 	int *prf,
 	const uint8_t **in, size_t *inlen);
+int pbkdf2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+/*
+id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+
+PBES2-params ::= SEQUENCE {
+	keyDerivationFunc	AlgorithmIdentifier {{PBES2-KDFs}}, -- id-PBKDF2
+	encryptionScheme	AlgorithmIdentifier {{PBES2-Encs}}}
+
+PBES2-Encs:
+	AES-CBC-Pad [RFC2898]
+	RC5-CBC-Pad
+	DES-CBC-Pad		legacy
+	DES-EDE3-CBC-Pad	legacy
+	RC2-CBC-Pad		legacy
+*/
 
 int pbes2_enc_algor_to_der(
 	int cipher,
@@ -101,10 +123,13 @@ int pbes2_enc_algor_from_der(
 	int *cipher,
 	const uint8_t **iv, size_t *ivlen,
 	const uint8_t **in, size_t *inlen);
+int pbes2_enc_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
 
 int pbes2_params_to_der(
 	const uint8_t *salt, size_t saltlen,
 	int iter,
+	int keylen,
 	int prf,
 	int cipher,
 	const uint8_t *iv, size_t ivlen,
@@ -112,14 +137,18 @@ int pbes2_params_to_der(
 int pbes2_params_from_der(
 	const uint8_t **salt, size_t *saltlen,
 	int *iter,
+	int *keylen,
 	int *prf,
 	int *cipher,
 	const uint8_t **iv, size_t *ivlen,
 	const uint8_t **in, size_t *inlen);
+int pbes2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
 
 int pbes2_algor_to_der(
 	const uint8_t *salt, size_t saltlen,
 	int iter,
+	int keylen,
 	int prf,
 	int cipher,
 	const uint8_t *iv, size_t ivlen,
@@ -127,14 +156,34 @@ int pbes2_algor_to_der(
 int pbes2_algor_from_der(
 	const uint8_t **salt, size_t *saltlen,
 	int *iter,
+	int *keylen,
 	int *prf,
 	int *cipher,
 	const uint8_t **iv, size_t *ivlen,
 	const uint8_t **in, size_t *inlen);
+int pbes2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+from [RFC 5208]
+
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+	encryptionAlgorithm	EncryptionAlgorithmIdentifier,
+	encryptedData		OCTET STRING }
+
+encryptionAlgorithm:
+	id-PBES2
+
+PrivateKeyInfo ::= SEQUENCE {
+	version			INTEGER { v1(0) },
+	privateKeyAlgorithm	AlgorithmIdentifier,
+	privateKey		OCTET STRING,
+	attributes		[0] Attributes OPTIONAL }
+*/
 
 int pkcs8_enced_private_key_info_to_der(
 	const uint8_t *salt, size_t saltlen,
 	int iter,
+	int keylen,
 	int prf,
 	int cipher,
 	const uint8_t *iv, size_t ivlen,
@@ -143,11 +192,13 @@ int pkcs8_enced_private_key_info_to_der(
 int pkcs8_enced_private_key_info_from_der(
 	const uint8_t **salt, size_t *saltlen,
 	int *iter,
+	int *keylen,
 	int *prf,
 	int *cipher,
 	const uint8_t **iv, size_t *ivlen,
 	const uint8_t **enced, size_t *encedlen,
 	const uint8_t **in, size_t *inlen);
+int pkcs8_enced_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 
 
 #ifdef __cplusplus

include/gmssl/sm2.h

@@ -120,7 +120,6 @@ AlgorithmIdentifier ::= {
 int sm2_public_key_algor_to_der(uint8_t **out, size_t *outlen);
 int sm2_public_key_algor_from_der(const uint8_t **in, size_t *inlen);
 
-
 /*
 X.509 SubjectPublicKeyInfo from RFC 5280
 
@@ -147,6 +146,18 @@ int sm2_private_key_info_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *a
 int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp);
 int sm2_private_key_info_from_pem(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, FILE *fp);
 
+/*
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+	encryptionAlgorithm	EncryptionAlgorithmIdentifier, -- id-PBES2
+	encryptedData		OCTET STRING }
+*/
+int sm2_private_key_info_encrypt_to_der(const SM2_KEY *key,
+	const char *pass, uint8_t **out, size_t *outlen);
+int sm2_private_key_info_decrypt_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrs_len,
+	const char *pass, const uint8_t **in, size_t *inlen);
+int sm2_private_key_info_encrypt_to_pem(const SM2_KEY *key, const char *pass, FILE *fp);
+int sm2_private_key_info_decrypt_from_pem(SM2_KEY *key, const char *pass, FILE *fp);
+
 
 typedef struct {
 	uint8_t r[32];

include/gmssl/x509.h

@@ -150,6 +150,10 @@ int x509_name_add_organizational_unit_name(uint8_t *d, size_t *dlen, int maxlen,
 int x509_name_add_common_name(uint8_t *d, size_t *dlen, int maxlen, int tag, const uint8_t *val, size_t vlen);
 int x509_name_add_domain_component(uint8_t *d, size_t *dlen, int maxlen, const char *val, size_t vlen); // val: IA5String
 
+int x509_name_set(uint8_t *d, size_t *dlen, size_t maxlen,
+	const char *country, const char *state, const char *locality,
+	const char *org, const char *org_unit, const char *common_name);
+
 int x509_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
 int x509_name_get_printable(const uint8_t *d, size_t dlen, char *str, size_t maxlen);
 int x509_name_get_value_by_type(const uint8_t *d, size_t dlen, int oid, int *tag, const uint8_t **val, size_t *vlen);
@@ -269,9 +273,12 @@ int x509_cert_sign(
 	const uint8_t *issuer_unique_id, size_t issuer_unique_id_len,
 	const uint8_t *subject_unique_id, size_t subject_unique_id_len,
 	const uint8_t *exts, size_t exts_len,
-	const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
-int x509_cert_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key, const char *signer_id, size_t signer_id_len);
-int x509_cert_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen);
+	const SM2_KEY *sign_key,
+	const char *signer_id, size_t signer_id_len);
+int x509_cert_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key,
+	const char *signer_id, size_t signer_id_len);
+int x509_cert_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen,
+	const char *signer_id, size_t signer_id_len);
 
 int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
 int x509_cert_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
@@ -279,7 +286,7 @@ int x509_cert_to_pem(const uint8_t *a, size_t alen, FILE *fp);
 int x509_cert_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp);
 int x509_cert_from_pem_by_index(uint8_t *a, size_t *alen, size_t maxlen, int index, FILE *fp);
 int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, const uint8_t *name, size_t namelen, FILE *fp);
-int x509_cert_print(FILE *fp, int fmt, int ind, const uint8_t *a, size_t alen);
+int x509_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
 
 int x509_cert_get_details(const uint8_t *a, size_t alen,
 	int *version,

include/gmssl/x509_ext.h

@@ -459,8 +459,8 @@ ReasonFlags ::= BIT STRING {
 #define X509_RF_PRIVILEGE_WITHDRAWN	(1 << 7)
 #define X509_RF_AA_COMPROMISE		(1 << 8)
 
-int x509_revoke_reasons_to_der(int bits, uint8_t **out, size_t *outlen);
-int x509_revoke_reasons_from_der(int *bits, const uint8_t **in, size_t *inlen);
+#define x509_revoke_reasons_to_der(bits,out,outlen) asn1_bits_to_der(bits,out,outlen)
+#define x509_revoke_reasons_from_der(bits,in,inlen) asn1_bits_from_der(bits,in,inlen)
 int x509_revoke_reasons_print(FILE *fp, int fmt, int ind, const char *label, int bits);
 
 /*

include/gmssl/x509_req.h

@@ -121,7 +121,7 @@ int x509_req_get_details(const uint8_t *req, size_t reqlen,
 	const uint8_t **attributes, size_t *attributes_len,
 	int *signature_algor,
 	const uint8_t **signature, size_t *signature_len);
-int x509_req_print(FILE *fp, int fmt, int ind, const uint8_t *req, size_t reqlen);
+int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen);
 int x509_req_to_pem(const uint8_t *req, size_t reqlen, FILE *fp);
 int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp);