Update tests and tools

tools/certgen.c

@@ -84,11 +84,11 @@ void print_usage(const char *prog)
 	printf("\n");
 	printf("Options:\n");
 	printf("  -C <str>           country name\n");
+	printf("  -ST <str>          state of province name\n");
+	printf("  -L <str>           locality name\n");
 	printf("  -O <str>           orgnization name\n");
 	printf("  -OU <str>          orgnizational unit name\n");
 	printf("  -CN <str>          common name\n");
-	printf("  -L <str>           locality name\n");
-	printf("  -ST <str>          state of province name\n");
 	printf("  -days <num>        validity days\n");
 	printf("  -key <file>        private key file\n");
 	printf("  -pass pass         password\n");
@@ -96,45 +96,30 @@ void print_usage(const char *prog)
 
 int main(int argc, char **argv)
 {
-	int ret = -1;
 	char *prog = argv[0];
+
 	char *country = NULL;
 	char *state = NULL;
+	char *locality = NULL;
 	char *org = NULL;
 	char *org_unit = NULL;
 	char *common_name = NULL;
-	char *keyfile = NULL;
 	int days = 0;
-	char *outfile = NULL;
-
+	char *keyfile = NULL;
 	FILE *keyfp = NULL;
+	char *pass = NULL;
+	char *outfile = NULL;
 	FILE *outfp = stdout;
 
-	X509_CERTIFICATE cert;
-
-	char *pass = NULL;
-
+	SM2_KEY sm2_key;
 	uint8_t serial[12];
-	X509_NAME name;
+	uint8_t name[256];
+	size_t namelen;
 	time_t not_before;
-	SM2_KEY sm2_key; // 这个应该是从文件中读取的！
+	time_t not_after;
 	uint8_t uniq_id[32];
-
-	uint8_t buf[1024];
-	const uint8_t *cp = buf;
-	uint8_t *p = buf;
-	size_t len = 0;
-
-
-
-	int kp[] = {
-		OID_kp_serverAuth,
-		OID_kp_clientAuth,
-		OID_kp_codeSigning,
-		OID_kp_emailProtection,
-		OID_kp_timeStamping,
-		OID_kp_OCSPSigning,
-	};
+	uint8_t cert[1024];
+	size_t certlen;
 
 	argc--;
 	argv++;
@@ -216,91 +201,34 @@ int main(int argc, char **argv)
 		}
 	}
 
-	if (sm2_enced_private_key_info_from_pem(&sm2_key, pass, keyfp) != 1) {
-		error_print();
-		goto end;
-	}
-
-
-	rand_bytes(serial, sizeof(serial));
-
-
-
-	memset(&name, 0, sizeof(name));
-
-
-
-	if (country) {
-		if (x509_name_set_country(&name, country) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-	if (state) {
-		if (x509_name_set_state_or_province(&name, state) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-	if (org) {
-		if (x509_name_set_organization(&name, org) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-	if (org_unit) {
-		if (x509_name_set_organizational_unit(&name, org_unit) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-	if (!common_name) {
-		error_print();
-		goto end;
-	} else {
-		if (x509_name_set_common_name(&name, common_name) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-
 	time(&not_before);
-
-
-	memset(&cert, 0, sizeof(cert));
-	x509_certificate_set_version(&cert, X509_version_v3);
-	x509_certificate_set_serial_number(&cert, serial, sizeof(serial));
-	x509_certificate_set_signature_algor(&cert, OID_sm2sign_with_sm3);
-	x509_certificate_set_issuer(&cert, &name);
-	x509_certificate_set_subject(&cert, &name);
-	x509_certificate_set_validity(&cert, not_before, days);
-	x509_certificate_set_subject_public_key_info_sm2(&cert, &sm2_key);
-	x509_certificate_set_issuer_unique_id_from_public_key(&cert, &sm2_key);
-	x509_certificate_set_subject_unique_id_from_public_key(&cert, &sm2_key);
-
-	x509_certificate_set_basic_constraints(&cert, ASN1_TRUE, ASN1_TRUE, 6);
-
-	x509_certificate_set_ext_key_usage(&cert, ASN1_TRUE, kp, sizeof(kp)/sizeof(kp[0]));
-
-	x509_certificate_generate_subject_key_identifier(&cert, ASN1_TRUE);
-
-	x509_certificate_set_inhibit_any_policy(&cert, ASN1_TRUE, 20);
-
-
-
-	x509_certificate_set_policy_constraints(&cert, ASN1_FALSE, 5, 5);
-
-
-
-
-	x509_certificate_sign_sm2(&cert, &sm2_key);
-	x509_certificate_to_pem(&cert, outfp);
-	ret = 0;
-	goto end;
+	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1
+		|| rand_bytes(serial, sizeof(serial)) != 1
+		|| x509_name_set(name, &namelen, sizeof(name),
+			country, state, locality, org, org_unit, common_name) != 1
+		|| x509_validity_add_days(&not_after, not_before, days) != 1
+		|| x509_cert_sign(
+			cert, &certlen, sizeof(cert),
+			X509_version_v3,
+			serial, sizeof(serial),
+			OID_sm2sign_with_sm3,
+			name, namelen,
+			not_before, not_after,
+			name, namelen,
+			&sm2_key,
+			NULL, 0,
+			NULL, 0,
+			NULL, 0,
+			&sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1
+		|| x509_cert_to_pem(cert, certlen, outfp) != 1) {
+		error_print();
+		return -1;
+	}
+	return 0;
 
 bad:
 	fprintf(stderr, "%s: commands should not be used together\n", prog);
 
 end:
-	return ret;
+	return -1;
 }

tools/certparse.c

@@ -69,7 +69,7 @@ int main(void)
 			goto end;
 		}
 		fprintf(stdout, "Certificate\n");
-		x509_cert_print(stdout, 0, 0, cert, certlen);
+		x509_cert_print(stdout, 0, 0, "Certificate", cert, certlen);
 		x509_cert_to_pem(cert, certlen, stdout);
 		fprintf(stdout, "\n");
 	}

tools/certverify.c

@@ -59,66 +59,21 @@
 // 比如最基本的是证书中的签名、有效期、各个扩展等
 // 外部相关的：证书链、CRL等
 
-
-static int verify_cert(const X509_CERTIFICATE *cert, const X509_CERTIFICATE *cacert)
-{
-	int ret;
-	SM2_KEY ca_pubkey;
-
-	if (x509_name_equ(&cert->tbs_certificate.issuer, &cacert->tbs_certificate.subject) != 1) {
-		error_print();
-		return -1;
-	}
-	if (x509_certificate_get_public_key(cacert, &ca_pubkey) != 1) {
-		error_print();
-		return -1;
-	}
-	if ((ret = x509_certificate_verify(cert, &ca_pubkey)) < 0) {
-		error_print();
-		return -1;
-	}
-	return ret;
-}
-
-static int find_cacert(X509_CERTIFICATE *cacert, FILE *fp, const X509_NAME *issuer)
-{
-	int ret;
-	for (;;) {
-		if ((ret = x509_certificate_from_pem(cacert, fp)) != 1) {
-			if (ret < 0) error_print();
-			return ret;
-		}
-		if (x509_name_equ(&cacert->tbs_certificate.subject, issuer) == 1) {
-			return 1;
-		}
-	}
-	return 0;
-}
-
-
-void print_usage(const char *prog)
-{
-	printf("Usage: %s command [options] ...\n", prog);
-	printf("\n");
-	printf("Options:\n");
-	printf("  -cert <file>        PKCS #10 certificate request file\n");
-	printf("  -cacert <file>     CA certificate file\n");
-}
-
 int main(int argc, char **argv)
 {
-	int ret = -1;
+	int ret = 0;
 	char *prog = argv[0];
 	char *certfile = NULL;
-	char *cacertfile = NULL;
 	FILE *certfp = NULL;
+
+	char *cacertfile = NULL;
 	FILE *cacertfp = NULL;
 
-	X509_CERTIFICATE cert1;
-	X509_CERTIFICATE cert2;
-	X509_CERTIFICATE *cert = &cert1;
-	X509_CERTIFICATE *cacert = &cert2;
-	X509_CERTIFICATE *tmpcert;
+	uint8_t cert[1024];
+	size_t certlen;
+	uint8_t cacert[1024];
+	size_t cacertlen;
+	char *signer_id = SM2_DEFAULT_ID;
 
 	SM2_KEY ca_pubkey;
 
@@ -126,7 +81,7 @@ int main(int argc, char **argv)
 	argv++;
 	while (argc >= 1) {
 		if (!strcmp(*argv, "-help")) {
-			print_usage(prog);
+			printf("Usage: %s [-cert pem] -cacert pem\n", prog);
 			return 0;
 
 		} else if (!strcmp(*argv, "-cert")) {
@@ -144,7 +99,7 @@ int main(int argc, char **argv)
 				return -1;
 			}
 		} else {
-			print_usage(prog);
+			printf("Usage: %s [-cert pem] -cacert pem\n", prog);
 			return 0;
 			break;
 		}
@@ -154,36 +109,24 @@ int main(int argc, char **argv)
 	}
 
 	if (!certfp || !cacertfp) {
-		print_usage(prog);
+		error_print();
 		return -1;
 	}
 
-	if (x509_certificate_from_pem(cert, certfp) != 1) {
-		error_print();
-		return -1;
-	}
-	for (;;) {
-		if ((ret = x509_certificate_from_pem(cacert, certfp)) != 1) {
-			if (ret < 0) error_print();
-			break;
-		}
-		if (verify_cert(cert, cacert) != 1) {
-			error_print();
-			return -1;
-		}
-		tmpcert = cacert;
-		cert = cacert;
-		cacert = tmpcert;
-	}
 
-	if (find_cacert(cacert, cacertfp, &cert->tbs_certificate.issuer) != 1) {
+	if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1) {
 		error_print();
 		return -1;
 	}
-	if ((ret = verify_cert(cert, cacert)) < 0) {
+	if (x509_cert_from_pem(cacert, &cacertlen, sizeof(cacert), cacertfp) != 1) {
 		error_print();
 		return -1;
 	}
+	if (x509_cert_verify_by_ca_cert(cert, certlen, cacert, cacertlen, signer_id, strlen(signer_id)) != 1) {
+		error_print();
+		return -1;
+	}
+	ret = 1;
 	printf("Verification %s\n", ret ? "success" : "failure");
 
 	ret = 0;

tools/reqgen.c

@@ -1,4 +1,4 @@
-/*
+/*
  * Copyright (c) 2021 - 2021 The GmSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -51,6 +51,7 @@
 #include <stdlib.h>
 #include <gmssl/pem.h>
 #include <gmssl/x509.h>
+#include <gmssl/x509_req.h>
 #include <gmssl/pkcs8.h>
 #include <gmssl/rand.h>
 #include <gmssl/error.h>
@@ -98,9 +99,12 @@ int main(int argc, char **argv)
 	FILE *keyfp = NULL;
 	FILE *outfp = stdout;
 
-	X509_CERT_REQUEST req;
+	uint8_t req[1024];
+	size_t reqlen = 0;
+
+	uint8_t name[256];
+	size_t namelen = 0;
 
-	X509_NAME name;
 	SM2_KEY sm2_key; // 这个应该是从文件中读取的！
 
 
@@ -171,7 +175,6 @@ int main(int argc, char **argv)
 		goto bad;
 	}
 
-
 	if (outfile) {
 		if (!(outfp = fopen(outfile, "w"))) {
 			error_print();
@@ -187,57 +190,35 @@ int main(int argc, char **argv)
 #endif
 	}
 
-	if (sm2_enced_private_key_info_from_pem(&sm2_key, pass, keyfp) != 1) {
+	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
 		error_print();
 		goto end;
 	}
 
 
-
-	memset(&name, 0, sizeof(name));
-
-
-
-	if (country) {
-		if (x509_name_set_country(&name, country) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-	if (state) {
-		if (x509_name_set_state_or_province(&name, state) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-	if (org) {
-		if (x509_name_set_organization(&name, org) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-	if (org_unit) {
-		if (x509_name_set_organizational_unit(&name, org_unit) != 1) {
-			error_print();
-			goto end;
-		}
-	}
-	if (!common_name) {
+	if (x509_name_set(name, &namelen, sizeof(name),
+		country, state, NULL, org, org_unit, common_name) != 1) {
 		error_print();
-		goto end;
-	} else {
-		if (x509_name_set_common_name(&name, common_name) != 1) {
-			error_print();
-			goto end;
-		}
+		return -1;
 	}
 
 
-	memset(&req, 0, sizeof(req));
-	x509_cert_request_set(&req, &name, &sm2_key);
-	x509_cert_request_sign(&req, &sm2_key);
+	if (x509_req_sign(req, &reqlen, sizeof(req),
+		X509_version_v1,
+		name, namelen,
+		&sm2_key,
+		NULL, 0,
+		OID_sm2sign_with_sm3,
+		&sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1) {
+		error_print();
+		return -1;
+	}
 
-	x509_cert_request_to_pem(&req, outfp);
+
+	if (x509_req_to_pem(req, reqlen, outfp) != 1) {
+		error_print();
+		return -1;
+	}
 
 	ret = 0;
 	goto end;

tools/reqparse.c

@@ -51,6 +51,7 @@
 #include <stdlib.h>
 #include <gmssl/pem.h>
 #include <gmssl/x509.h>
+#include <gmssl/x509_req.h>
 #include <gmssl/error.h>
 
 
@@ -58,8 +59,9 @@ int main(int argc, char **argv)
 {
 	char *prog = argv[0];
 	char *infile = NULL;
-	X509_CERT_REQUEST req;
 	FILE *infp = stdin;
+	uint8_t req[1024];
+	size_t reqlen;
 
 	argc--;
 	argv++;
@@ -90,16 +92,12 @@ help:
 		}
 	}
 
-	int ret = x509_cert_request_from_pem(&req, infp);
-	if (ret < 0) {
+	if (x509_req_from_pem(req, &reqlen, sizeof(req), infp) != 1) {
 		error_print();
 		return -1;
 	}
-	if (ret == 0) {
-		error_print();
-		return -1;
-	}
-	x509_cert_request_print(stdout, &req, 0, 0);
+	x509_req_print(stdout, 0, 0, "CertificationRequest", req, reqlen);
+	x509_req_to_pem(req, reqlen, stdout);
 	return 0;
 
 bad:

tools/sm2decrypt.c

@@ -143,7 +143,7 @@ help:
 		}
 	}
 
-	if (sm2_enced_private_key_info_from_pem(&key, pass, keyfp) != 1) {
+	if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
 		error_puts("private key decryption failure");
 		return -1;
 	}

tools/sm2keygen.c

@@ -134,7 +134,7 @@ help:
 		return -1;
 	}
 
-	if (sm2_enced_private_key_info_to_pem(&key, pass, outfp) != 1) {
+	if (sm2_private_key_info_encrypt_to_pem(&key, pass, outfp) != 1) {
 		memset(&key, 0, sizeof(SM2_KEY));
 		error_print();
 		return -1;

tools/sm2sign.c

@@ -151,7 +151,7 @@ help:
 		}
 	}
 
-	if (sm2_enced_private_key_info_from_pem(&key, pass, keyfp) != 1) {
+	if (sm2_private_key_info_decrypt_from_pem(&key, pass, keyfp) != 1) {
 		error_puts("private key decryption failure");
 		return -1;
 	}