diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..24525df --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "gmssl"] + path = gmssl + url = https://github.com/guanzhi/GmSSL.git diff --git a/README_en.md b/README_en.md index 9cbef6d..ab32277 100644 --- a/README_en.md +++ b/README_en.md @@ -12,8 +12,7 @@ The project uses the Chinese national standard cryptography algorithm to impleme ├── basedockerfile (being used to build base iamge) ├── dockerfile (being used to build application) ├── doc (development documents) -├── include (gmssl header) -├── lib (gmssl shared object) +├── gmssl (gmssl source code) ├── LICENSE ├── README_en.md ├── README.md @@ -58,6 +57,14 @@ docker version: This project depends on gmssl, so you need to compile it from source first. Visit [GmSSL](https://github.com/guanzhi/GmSSL) to learn how to install. +Or we use git submodule to reference repo of gmssl. + +```bash +git clone --recursive https://git.mamahaha.work/sangge/tpre-python.git +chmod +x install_gmssl.sh +./install_gmssl.sh +``` + Then install essential python libs ```bash diff --git a/basedockerfile b/basedockerfile index 2d607a7..d5510d2 100644 --- a/basedockerfile +++ b/basedockerfile @@ -3,10 +3,12 @@ FROM python:3.11 COPY requirements.txt /app/ # 设置目标平台参数 -ARG TARGETPLATFORM +#ARG TARGETPLATFORM # 根据目标平台复制相应架构的库文件 -COPY lib/${TARGETPLATFORM}/* /lib/ +#COPY lib/${TARGETPLATFORM}/* /lib/ + +COPY lib/* /lib/ WORKDIR /app diff --git a/gmssl b/gmssl new file mode 160000 index 0000000..31efcb5 --- /dev/null +++ b/gmssl @@ -0,0 +1 @@ +Subproject commit 31efcb5d87f99fc50b448c181d0a0e59d7edea03 diff --git a/include/gmssl/aead.h b/include/gmssl/aead.h deleted file mode 100644 index 1bc13b5..0000000 --- a/include/gmssl/aead.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_AEAD_H -#define GMSSL_AEAD_H - -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct { - SM4_CBC_CTX enc_ctx; - SM3_HMAC_CTX mac_ctx; - uint8_t mac[SM3_HMAC_SIZE]; - size_t maclen; -} SM4_CBC_SM3_HMAC_CTX; - -#define SM4_CBC_SM3_HMAC_KEY_SIZE 48 -#define SM4_CBC_SM3_HMAC_IV_SIZE 16 - -_gmssl_export int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx, - const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen); -_gmssl_export int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -_gmssl_export int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, - uint8_t *out, size_t *outlen); -_gmssl_export int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx, - const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen); -_gmssl_export int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -_gmssl_export int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx, - uint8_t *out, size_t *outlen); - - -typedef struct { - SM4_CTR_CTX enc_ctx; - SM3_HMAC_CTX mac_ctx; - uint8_t mac[SM3_HMAC_SIZE]; - size_t maclen; -} SM4_CTR_SM3_HMAC_CTX; - -#define SM4_CTR_SM3_HMAC_KEY_SIZE 48 -#define SM4_CTR_SM3_HMAC_IV_SIZE 16 - -_gmssl_export int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx, - const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen); -_gmssl_export int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -_gmssl_export int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, - uint8_t *out, size_t *outlen); -_gmssl_export int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx, - const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen); -_gmssl_export int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -_gmssl_export int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx, - uint8_t *out, size_t *outlen); - - -typedef struct { - SM4_CTR_CTX enc_ctx; - GHASH_CTX mac_ctx; - uint8_t Y[16]; // E(K, Y_0) - size_t taglen; - uint8_t mac[16]; - size_t maclen; -} SM4_GCM_CTX; - -#define SM4_GCM_KEY_SIZE 16 -#define SM4_GCM_DEFAULT_TAG_SIZE 16 - -_gmssl_export int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx, - const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen, size_t taglen); -_gmssl_export int sm4_gcm_encrypt_update(SM4_GCM_CTX *ctx, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -_gmssl_export int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx, - uint8_t *out, size_t *outlen); -_gmssl_export int sm4_gcm_decrypt_init(SM4_GCM_CTX *ctx, - const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen, size_t taglen); -_gmssl_export int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -_gmssl_export int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx, - uint8_t *out, size_t *outlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/aes.h b/include/gmssl/aes.h deleted file mode 100644 index e43b27a..0000000 --- a/include/gmssl/aes.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_AES_H -#define GMSSL_AES_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define AES128_KEY_BITS 128 -#define AES192_KEY_BITS 192 -#define AES256_KEY_BITS 256 - -#define AES128_KEY_SIZE (AES128_KEY_BITS/8) -#define AES192_KEY_SIZE (AES192_KEY_BITS/8) -#define AES256_KEY_SIZE (AES256_KEY_BITS/8) - -#define AES_BLOCK_SIZE 16 - -#define AES128_ROUNDS 10 -#define AES192_ROUNDS 12 -#define AES256_ROUNDS 14 -#define AES_MAX_ROUNDS AES256_ROUNDS - - -typedef struct { - uint32_t rk[4 * (AES_MAX_ROUNDS + 1)]; - size_t rounds; -} AES_KEY; - -int aes_set_encrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len); -int aes_set_decrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len); -void aes_encrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]); -void aes_decrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]); - - -void aes_cbc_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE], - const uint8_t *in, size_t nblocks, uint8_t *out); -void aes_cbc_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE], - const uint8_t *in, size_t nblocks, uint8_t *out); -int aes_cbc_padding_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE], - const uint8_t *in, size_t inlen, - uint8_t *out, size_t *outlen); -int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE], - const uint8_t *in, size_t inlen, - uint8_t *out, size_t *outlen); - -void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[AES_BLOCK_SIZE], - const uint8_t *in, size_t inlen, uint8_t *out); -#define aes_ctr_decrypt(key,ctr,in,inlen,out) aes_ctr_encrypt(key,ctr,in,inlen,out) - - -#define AES_GCM_IV_MIN_SIZE 1 -#define AES_GCM_IV_MAX_SIZE ((uint64_t)(1 << (64-3))) -#define AES_GCM_IV_DEFAULT_BITS 96 -#define AES_GCM_IV_DEFAULT_SIZE 12 - -#define AES_GCM_MIN_AAD_SIZE 0 -#define AES_GCM_MAX_AAD_SIZE ((uint64_t)(1 << (64-3))) - -#define AES_GCM_MIN_PLAINTEXT_SIZE 0 -#define AES_GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3) - -#define AES_GCM_MAX_TAG_SIZE 16 - -int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen, - uint8_t *out, size_t taglen, uint8_t *tag); -int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen, - const uint8_t *tag, size_t taglen, uint8_t *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/api.h b/include/gmssl/api.h deleted file mode 100644 index d8fd184..0000000 --- a/include/gmssl/api.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_API_H -#define GMSSL_API_H - - -#ifdef WIN32 -#define _gmssl_export __declspec(dllexport) -#elif defined(__GNUC__) -// use -fvisibility=hidden to change the "default" behavior -#define _gmssl_export __attribute__((visibility("default"))) -#else -#define _gmssl_export -#endif - -#endif diff --git a/include/gmssl/asn1.h b/include/gmssl/asn1.h deleted file mode 100644 index 49c0b0b..0000000 --- a/include/gmssl/asn1.h +++ /dev/null @@ -1,301 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_ASN1_H -#define GMSSL_ASN1_H - -#include -#include -#include - -#if __cplusplus -extern "C" { -#endif - - - -#define ASN1_TAG_UNIVERSAL 0x00 -#define ASN1_TAG_APPLICATION 0x40 -#define ASN1_TAG_CONTENT_SPECIFIC 0x80 -#define ASN1_TAG_PRIVATE 0xC0 -#define ASN1_TAG_PRIMITIVE 0x00 -#define ASN1_TAG_CONSTRUCTED 0x20 - -#define ASN1_TAG_IMPLICIT(index) (ASN1_TAG_CONTENT_SPECIFIC|(index)) -#define ASN1_TAG_EXPLICIT(index) ASN1_TAG_IMPLICIT(ASN1_TAG_CONSTRUCTED|(index)) - - -#define ASN1_FMT_FULL 0x01 - - -enum ASN1_TAG { - ASN1_TAG_BOOLEAN = 1, - ASN1_TAG_INTEGER = 2, - ASN1_TAG_BIT_STRING = 3, - ASN1_TAG_OCTET_STRING = 4, - ASN1_TAG_NULL = 5, - ASN1_TAG_OBJECT_IDENTIFIER = 6, - ASN1_TAG_ObjectDescriptor = 7, - ASN1_TAG_EXTERNAL = 8, - ASN1_TAG_REAL = 9, - ASN1_TAG_ENUMERATED = 10, // 0x0A - ASN1_TAG_EMBEDDED = 11, // 0x0B - ASN1_TAG_UTF8String = 12, // 0x0C - ASN1_TAG_RELATIVE_OID = 13, // 0x0D - ASN1_TAG_NumericString = 18, // 0x12 - ASN1_TAG_PrintableString = 19, // 0x13, printable subset of ascii - ASN1_TAG_TeletexString = 20, // 0x14, T61String - ASN1_TAG_VideotexString = 21, // 0x15 - ASN1_TAG_IA5String = 22, // 0x16, 7-bit ascii - ASN1_TAG_UTCTime = 23, // 0x17 - ASN1_TAG_GeneralizedTime = 24, // 0x18 - ASN1_TAG_GraphicString = 25, // 0x19 - ASN1_TAG_VisibleString = 26, // 0x20 - ASN1_TAG_GeneralString = 27, // 0x21 - ASN1_TAG_UniversalString = 28, // 0x22 - ASN1_TAG_CHARACTER_STRING = 29, // 0x23 - ASN1_TAG_BMPString = 30, // 0x24, 2-byte unicode with zeros - ASN1_TAG_SEQUENCE = 0x30, - ASN1_TAG_SET = 0x31, - ASN1_TAG_EXPLICIT = 0xa0, -}; - - -const char *asn1_tag_name(int tag); -int asn1_tag_is_cstring(int tag); -int asn1_tag_to_der(int tag, uint8_t **out, size_t *outlen); -int asn1_tag_from_der(int *tag, const uint8_t **in, size_t *inlen); -int asn1_tag_from_der_readonly(int *tag, const uint8_t **in, size_t *inlen); // read the next tag without changing *in,*inlen -int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen); -int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen); -int asn1_length_is_zero(size_t len); -int asn1_length_le(size_t len1, size_t len2); // less than -int asn1_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int asn1_data_from_der(const uint8_t **d, size_t dlen, const uint8_t **in, size_t *inlen); - -int asn1_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -int asn1_nonempty_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int asn1_nonempty_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV -int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV - -#define ASN1_TRUE 0xff -#define ASN1_FALSE 0x00 - -const char *asn1_boolean_name(int val); -int asn1_boolean_from_name(int *val, const char *name); -int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); -int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); -#define asn1_boolean_to_der(val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen) -#define asn1_boolean_from_der(val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_BOOLEAN,val,in,inlen) -#define asn1_implicit_boolean_to_der(i,val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen) -#define asn1_implicit_boolean_from_der(i,val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen) - -// asn1_integer_ 不支持负数编解码 -int asn1_integer_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -#define asn1_integer_to_der(d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen) -#define asn1_integer_from_der(d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_INTEGER,d,dlen,in,inlen) -#define asn1_implicit_integer_to_der(i,d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_integer_from_der(i,d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen) - -// asn1_int_ 只支持小的无符号整数的编解码,不支持负数 -int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // 当 val == -1 时,不输出,返回 0 -int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // 不支持负数,返回0时 *val 设置为 -1 -#define asn1_int_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen) -#define asn1_int_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen) -#define asn1_implicit_int_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen) -#define asn1_implicit_int_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen) - -// 比特长度不必须为8的整数倍 -int asn1_bit_string_to_der_ex(int tag, const uint8_t *d, size_t nbits, uint8_t **out, size_t *outlen); -int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const uint8_t **in, size_t *inlen); -#define asn1_bit_string_to_der(d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen) -#define asn1_bit_string_from_der(d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_BIT_STRING,d,nbits,in,inlen) -#define asn1_implicit_bit_string_to_der(i,d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,out,outlen) -#define asn1_implicit_bit_string_from_der(i,d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,in,inlen) - -// 比特长度必须为8的整数倍,因此使用字节长度 -int asn1_bit_octets_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -#define asn1_bit_octets_to_der(d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen) -#define asn1_bit_octets_from_der(d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_BIT_STRING,d,dlen,in,inlen) -#define asn1_implicit_bit_octets_to_der(i,d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_bit_octets_from_der(i,d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen) - -// bits == -1 不编码,只支持较少的比特数量 -int asn1_bits_to_der_ex(int tag, int bits, uint8_t **out, size_t *outlen); -int asn1_bits_from_der_ex(int tag, int *bits, const uint8_t **in, size_t *inlen); -#define asn1_bits_to_der(bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,bits,out,outlen) -#define asn1_bits_from_der(bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,bits,in,inlen) -#define asn1_implicit_bits_to_der(i,bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(i),bits,out,outlen) -#define asn1_implicit_bits_from_der(i,bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(i),bits,in,inlen) -// names[i]对应第i个比特 -int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **names, size_t names_cnt, int bits); - -#define asn1_octet_string_to_der_ex(tag,d,dlen,out,outlen) asn1_type_to_der(tag,d,dlen,out,outlen) -#define asn1_octet_string_from_der_ex(tag,d,dlen,in,inlen) asn1_type_from_der(tag,d,dlen,in,inlen) -#define asn1_octet_string_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_OCTET_STRING,d,dlen,out,outlen) -#define asn1_octet_string_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_OCTET_STRING,d,dlen,in,inlen) -#define asn1_implicit_octet_string_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_octet_string_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen) - -const char *asn1_null_name(void); -int asn1_null_to_der(uint8_t **out, size_t *outlen); -int asn1_null_from_der(const uint8_t **in, size_t *inlen); - -#define ASN1_OID_MIN_NODES 2 -#define ASN1_OID_MAX_NODES 32 -#define ASN1_OID_MIN_OCTETS 1 -#define ASN1_OID_MAX_OCTETS (1 + (ASN1_OID_MAX_NODES - 2) * 5) -int asn1_object_identifier_to_octets(const uint32_t *nodes, size_t nodes_cnt, uint8_t *out, size_t *outlen); -int asn1_object_identifier_from_octets(uint32_t *nodes, size_t *nodes_cnt, const uint8_t *in, size_t inlen); - -int asn1_object_identifier_to_der_ex(int tag, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen); -int asn1_object_identifier_from_der_ex(int tag, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen); -#define asn1_object_identifier_to_der(nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,out,outlen) -#define asn1_object_identifier_from_der(nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,in,inlen) -#define asn1_implicit_object_identifier_to_der(i,nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,out,outlen) -#define asn1_implicit_object_identifier_from_der(i,nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,in,inlen) -int asn1_object_identifier_equ(const uint32_t *a, size_t a_cnt, const uint32_t *b, size_t b_cnt); -int asn1_object_identifier_print(FILE *fp, int fmt, int ind, const char *label, const char *name, - const uint32_t *nodes, size_t nodes_cnt); - -typedef struct { - int oid; - char *name; - uint32_t *nodes; - size_t nodes_cnt; - int flags; - char *description; -} ASN1_OID_INFO; - -const ASN1_OID_INFO *asn1_oid_info_from_name(const ASN1_OID_INFO *infos, size_t count, const char *name); -const ASN1_OID_INFO *asn1_oid_info_from_oid(const ASN1_OID_INFO *infos, size_t count, int oid); -// 如果一个正确解析的OID并不在infos列表中,那么仍然返回1,但是调用方必须检查返回的info是否为空 -int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_cnt, - const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen); -int asn1_oid_info_from_der(const ASN1_OID_INFO **info, - const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen); - -#define asn1_enumerated_to_der_ex(tag,val,out,outlen) asn1_int_to_der_ex(tag,val,out,outlen) -#define asn1_enumerated_from_der_ex(tag,val,in,inlen) asn1_int_from_der_ex(tag,val,in,inlen) -#define asn1_enumerated_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen) -#define asn1_enumerated_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_ENUMERATED,val,in,inlen) -#define asn1_implicit_enumerated_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen) -#define asn1_implicit_enumerated_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen) - -int asn1_string_is_utf8_string(const char *d, size_t dlen); -int asn1_utf8_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen); -int asn1_utf8_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen); -#define asn1_utf8_string_to_der(d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_UTF8String,d,dlen,out,outlen) -#define asn1_utf8_string_from_der(d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_UTF8String,d,dlen,in,inlen) -#define asn1_implicit_utf8_string_to_der(i,d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_utf8_string_from_der(i,d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen) - -int asn1_string_is_printable_string(const char *d, size_t dlen); -int asn1_printable_string_case_ignore_match(const char *a, size_t alen, const char *b, size_t blen); -int asn1_printable_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen); -int asn1_printable_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen); -#define asn1_printable_string_to_der(d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_PrintableString,d,dlen,out,outlen) -#define asn1_printable_string_from_der(d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_PrintableString,d,dlen,in,inlen) -#define asn1_implicit_printable_string_to_der(i,d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_printable_string_from_der(i,d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen) - -int asn1_string_is_ia5_string(const char *d, size_t dlen); -int asn1_ia5_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen); -int asn1_ia5_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen); -#define asn1_ia5_string_to_der(d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IA5String,d,dlen,out,outlen) -#define asn1_ia5_string_from_der(d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IA5String,d,dlen,in,inlen) -#define asn1_implicit_ia5_string_to_der(i,d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_ia5_string_from_der(i,d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen) - -int asn1_string_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen); - -#define ASN1_UTC_TIME_STRLEN (sizeof("YYMMDDHHMMSSZ")-1) -#define ASN1_GENERALIZED_TIME_STRLEN (sizeof("YYYYMMDDHHMMSSZ")-1) -#define ASN1_GENERALIZED_TIME_MAX_SIZE (2 + ASN1_GENERALIZED_TIME_STRLEN) - -int asn1_time_to_str(int utc_time, time_t timestamp, char *str); -int asn1_time_from_str(int utc_time, time_t *timestamp, const char *str); - -int asn1_utc_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen); -int asn1_utc_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen); -#define asn1_utc_time_to_der(tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,tv,out,outlen) -#define asn1_utc_time_from_der(tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_UTCTime,tv,in,inlen) -#define asn1_implicit_utc_time_to_der(i,tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen) -#define asn1_implicit_utc_time_from_der(i,tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen) - -int asn1_generalized_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen); -int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen); -#define asn1_generalized_time_to_der(tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_GeneralizedTime,tv,out,outlen) -#define asn1_generalized_time_from_der(tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_GeneralizedTime,tv,in,inlen) -#define asn1_implicit_generalized_time_to_der(i,tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen) -#define asn1_implicit_generalized_time_from_der(i,tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen) - -// BasicConstraints might be an empty sequence in entity certificates -#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen) -#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen) -#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen) - -#define asn1_sequence_of_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen) -#define asn1_sequence_of_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen) -int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen); -int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, size_t max_nums, const uint8_t **in, size_t *inlen); -int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -#define asn1_set_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen) -#define asn1_set_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen) -#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen) - -#define asn1_set_of_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen) -#define asn1_set_of_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen) - -#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen) -#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen) - -int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen); -#define asn1_implicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen) - -#define asn1_octet_string_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_OCTET_STRING,dlen,out,outlen) - -#define asn1_sequence_header_to_der_ex(tag,dlen,out,outlen) asn1_header_to_der(tag,dlen,out,outlen) -#define asn1_sequence_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SEQUENCE,dlen,out,outlen) -#define asn1_implicit_sequence_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen) - -#define asn1_set_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SET,dlen,out,outlen) -#define asn1_implicit_set_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen) - -#define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen) - -#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen) -#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen) - -// d,dlen 是 SEQUENCE OF, SET OF 中的值 -int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt); -int asn1_types_get_item_by_index(const uint8_t *d, size_t dlen, int tag, - int index, const uint8_t **item_d, size_t *item_dlen); - - - - - -int asn1_check(int expr); - - -#if __cplusplus -} -#endif -#endif diff --git a/include/gmssl/base64.h b/include/gmssl/base64.h deleted file mode 100644 index e981aef..0000000 --- a/include/gmssl/base64.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_BASE64_H -#define GMSSL_BASE64_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* -BASE64 Public API - - BASE64_CTX - base64_encode_init - base64_encode_update - base64_encode_finish - base64_decode_init - base64_decode_update - base64_decode_finish - -*/ - - -typedef struct { - /* number saved in a partial encode/decode */ - int num; - /* - * The length is either the output line length (in input bytes) or the - * shortest input line length that is ok. Once decoding begins, the - * length is adjusted up each time a longer line is decoded - */ - int length; - /* data to encode */ - unsigned char enc_data[80]; - /* number read on current line */ - int line_num; - int expect_nl; -} BASE64_CTX; - -# define BASE64_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) -# define BASE64_DECODE_LENGTH(l) ((l+3)/4*3+80) - - -void base64_encode_init(BASE64_CTX *ctx); -int base64_encode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen); -void base64_encode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen); - -void base64_decode_init(BASE64_CTX *ctx); -int base64_decode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen); -int base64_decode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen); - - -int base64_encode_block(unsigned char *t, const unsigned char *f, int dlen); -int base64_decode_block(unsigned char *t, const unsigned char *f, int n); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/block_cipher.h b/include/gmssl/block_cipher.h deleted file mode 100644 index e928663..0000000 --- a/include/gmssl/block_cipher.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - - -#ifndef GMSSL_BLOCK_CIPHER_H -#define GMSSL_BLOCK_CIPHER_H - - -#include -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define BLOCK_CIPHER_BLOCK_SIZE 16 -#define BLOCK_CIPHER_MIN_KEY_SIZE 16 -#define BLOCK_CIPHER_MAX_KEY_SIZE 32 - - -typedef struct BLOCK_CIPHER BLOCK_CIPHER; -typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY; - -struct BLOCK_CIPHER_KEY { - union { - SM4_KEY sm4_key; - AES_KEY aes_key; - } u; - const BLOCK_CIPHER *cipher; -}; - -typedef void (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key); -typedef void (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key); -typedef void (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out); -typedef void (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out); - -struct BLOCK_CIPHER { - int oid; - size_t key_size; - size_t block_size; - block_cipher_set_encrypt_key_func set_encrypt_key; - block_cipher_set_decrypt_key_func set_decrypt_key; - block_cipher_encrypt_func encrypt; - block_cipher_decrypt_func decrypt; -}; - -const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void); -const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void); - -const BLOCK_CIPHER *block_cipher_from_name(const char *name); -const char *block_cipher_name(const BLOCK_CIPHER *cipher); -int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key); -int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key); -int block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out); -int block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/chacha20.h b/include/gmssl/chacha20.h deleted file mode 100644 index 6021575..0000000 --- a/include/gmssl/chacha20.h +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -/* RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols" */ - -#ifndef GMSSL_CHACHA20_H -#define GMSSL_CHACHA20_H - -#define CHACHA20_IS_BIG_ENDIAN 0 - -#include -#include - -#include - -#define CHACHA20_KEY_BITS 256 -#define CHACHA20_NONCE_BITS 96 -#define CHACHA20_COUNTER_BITS 32 - -#define CHACHA20_KEY_SIZE (CHACHA20_KEY_BITS/8) -#define CHACHA20_NONCE_SIZE (CHACHA20_NONCE_BITS/8) -#define CHACHA20_COUNTER_SIZE (CHACHA20_COUNTER_BITS/8) - -#define CHACHA20_KEY_WORDS (CHACHA20_KEY_SIZE/sizeof(uint32_t)) -#define CHACHA20_NONCE_WORDS (CHACHA20_NONCE_SIZE/sizeof(uint32_t)) -#define CHACHA20_COUNTER_WORDS (CHACHA20_COUNTER_SIZE/sizeof(uint32_t)) - - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct { - uint32_t d[16]; -} CHACHA20_STATE; - - -void chacha20_init(CHACHA20_STATE *state, - const uint8_t key[CHACHA20_KEY_SIZE], - const uint8_t nonce[CHACHA20_NONCE_SIZE], uint32_t counter); - -void chacha20_generate_keystream(CHACHA20_STATE *state, - size_t counts, uint8_t *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/cms.h b/include/gmssl/cms.h deleted file mode 100644 index e52e057..0000000 --- a/include/gmssl/cms.h +++ /dev/null @@ -1,552 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -/* -References: - 1. GM/T 0010-2012 SM2 Cryptography Message Syntax Specification - 2. RFC 2315 PKCS #7 Cryptographic Message Syntax Version 1.5 - 3. RFC 5652 Cryptographic Message Syntax (CMS) -*/ - -#ifndef GMSSL_CMS_H -#define GMSSL_CMS_H - - -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - -enum { - CMS_version_v1 = 1, -}; - - -/* -ContentType: - OID_cms_data - OID_cms_signed_data - OID_cms_enveloped_data - OID_cms_signed_and_enveloped_data - OID_cms_encrypted_data - OID_cms_key_agreement_info -*/ -const char *cms_content_type_name(int oid); -int cms_content_type_from_name(const char *name); -int cms_content_type_to_der(int oid, uint8_t **out, size_t *outlen); -int cms_content_type_from_der(int *oid, const uint8_t **in, size_t *inlen); - -/* -ContentInfo ::= SEQUENCE { - contentType OBJECT IDENTIFIER, - content [0] EXPLICIT ANY OPTIONAL } -*/ -int cms_content_info_header_to_der( - int content_type, size_t content_len, - uint8_t **out, size_t *outlen); -int cms_content_info_to_der( - int content_type, - const uint8_t *content, size_t content_len, - uint8_t **out, size_t *outlen); -int cms_content_info_from_der( - int *content_type, - const uint8_t **content, size_t *content_len, // 这里获得的是完整的TLV - const uint8_t **in, size_t *inlen); -int cms_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -Data ::= OCTET STRING -*/ -#define cms_data_to_der(d,dlen,out,outlen) asn1_octet_string_to_der(d,dlen,out,outlen) -#define cms_data_from_der(d,dlen,in,inlen) asn1_octet_string_from_der(d,dlen,in,inlen) -#define cms_data_print(fp,fmt,ind,label,d,dlen) format_bytes(fp,fmt,ind,label,d,dlen) - -/* -EncryptedContentInfo ::= SEQUENCE { - contentType OBJECT IDENTIFIER, - contentEncryptionAlgorithm AlgorithmIdentifier, - encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL, - sharedInfo1 [1] IMPLICIT OCTET STRING OPTIONAL, - sharedInfo2 [2] IMPLICIT OCTET STRING OPTIONAL } -*/ -int cms_enced_content_info_to_der( - int content_type, - int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len, - const uint8_t *enced_content, size_t enced_content_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len, - uint8_t **out, size_t *outlen); -int cms_enced_content_info_from_der( - int *content_type, - int *enc_algor, const uint8_t **enc_iv, size_t *enc_iv_len, - const uint8_t **enced_content, size_t *enced_content_len, - const uint8_t **shared_info1, size_t *shared_info1_len, - const uint8_t **shared_info2, size_t *shared_info2_len, - const uint8_t **in, size_t *inlen); -int cms_enced_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int cms_enced_content_info_encrypt_to_der( - int enc_algor, - const uint8_t *key, size_t keylen, - const uint8_t *iv, size_t ivlen, - int content_type, const uint8_t *content, size_t content_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len, - uint8_t **out, size_t *outlen); -int cms_enced_content_info_decrypt_from_der( - int *enc_algor, - const uint8_t *key, size_t keylen, - int *content_type, uint8_t *content, size_t *content_len, - const uint8_t **shared_info1, size_t *shared_info1_len, - const uint8_t **shared_info2, size_t *shared_info2_len, - const uint8_t **in, size_t *inlen); - -/* -EncryptedData ::= SEQUENCE { - version INTEGER (1), - encryptedContentInfo EncryptedContentInfo } -*/ -int cms_encrypted_data_to_der( - int version, - int content_type, - int enc_algor, const uint8_t *iv, size_t ivlen, - const uint8_t *enced_content, size_t enced_content_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len, - uint8_t **out, size_t *outlen); -int cms_encrypted_data_from_der( - int *version, - int *content_type, - int *enc_algor, const uint8_t **iv, size_t *ivlen, - const uint8_t **enced_content, size_t *enced_content_len, - const uint8_t **shared_info1, size_t *shared_info1_len, - const uint8_t **shared_info2, size_t *shared_info2_len, - const uint8_t **in, size_t *inlen); -int cms_encrypted_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int cms_encrypted_data_encrypt_to_der( - int enc_algor, - const uint8_t *key, size_t keylen, - const uint8_t *iv, size_t ivlen, - int content_type, const uint8_t *content, size_t content_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len, - uint8_t **out, size_t *outlen); -int cms_encrypted_data_decrypt_from_der( - int *enc_algor, - const uint8_t *key, size_t keylen, - int *content_type, uint8_t *content, size_t *content_len, - const uint8_t **shared_info1, size_t *shared_info1_len, - const uint8_t **shared_info2, size_t *shared_info2_len, - const uint8_t **in, size_t *inlen); - -/* -IssuerAndSerialNumber ::= SEQUENCE { - isser Name, - serialNumber INTEGER } -*/ -int cms_issuer_and_serial_number_to_der( - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial_number, size_t serial_number_len, - uint8_t **out, size_t *outlen); -int cms_issuer_and_serial_number_from_der( - const uint8_t **issuer, size_t *issuer_len, - const uint8_t **serial_number, size_t *serial_number_len, - const uint8_t **in, size_t *inlen); -int cms_issuer_and_serial_number_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -SignerInfo ::= SEQUENCE { - version INTEGER (1), - issuerAndSerialNumber IssuerAndSerialNumber, - digestAlgorithm AlgorithmIdentifier, - authenticatedAttributes [0] IMPLICIT SET OF Attribute OPTINOAL, - digestEncryptionAlgorithm AlgorithmIdentifier, - encryptedDigest OCTET STRING, - unauthenticatedAttributes [1] IMPLICIT SET OF Attribute OPTINOAL, } -*/ -int cms_signer_info_to_der( - int version, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial_number, size_t serial_number_len, - int digest_algor, - const uint8_t *authed_attrs, size_t authed_attrs_len, - int signature_algor, - const uint8_t *enced_digest, size_t enced_digest_len, - const uint8_t *unauthed_attrs, size_t unauthed_attrs_len, - uint8_t **out, size_t *outlen); -int cms_signer_info_from_der( - int *version, - const uint8_t **issuer, size_t *issuer_len, - const uint8_t **serial_number, size_t *serial_number_len, - int *digest_algor, - const uint8_t **authed_attrs, size_t *authed_attrs_len, - int *signature_algor, - const uint8_t **enced_digest, size_t *enced_digest_len, - const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len, - const uint8_t **in, size_t *inlen); -int cms_signer_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int cms_signer_info_sign_to_der( - const SM3_CTX *sm3_ctx, const SM2_KEY *sm2_key, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial_number, size_t serial_number_len, - const uint8_t *authed_attrs, size_t authed_attrs_len, - const uint8_t *unauthed_attrs, size_t unauthed_attrs_len, - uint8_t **out, size_t *outlen); -int cms_signer_info_verify_from_der( - const SM3_CTX *sm3_ctx, const uint8_t *certs, size_t certslen, - const uint8_t **cert, size_t *certlen, - const uint8_t **issuer, size_t *issuer_len, - const uint8_t **serial, size_t *serial_len, - const uint8_t **authed_attrs, size_t *authed_attrs_len, - const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len, - const uint8_t **in, size_t *inlen); -/* -SignerInfos ::= SET OF SignerInfo; -*/ -int cms_signer_infos_add_signer_info( - uint8_t *d, size_t *dlen, size_t maxlen, - const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial_number, size_t serial_number_len, - const uint8_t *authed_attrs, size_t authed_attrs_len, - const uint8_t *unauthed_attrs, size_t unauthed_attrs_len); -#define cms_signer_infos_to_der(d,dlen,out,outlen) asn1_set_to_der(d,dlen,out,outlen) -#define cms_signer_infos_from_der(d,dlen,in,inlen) asn1_set_from_der(d,dlen,in,inlen) -int cms_signer_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int cms_digest_algors_to_der(const int *digest_algors, size_t digest_algors_cnt, uint8_t **out, size_t *outlen); -int cms_digest_algors_from_der(int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors, - const uint8_t **in, size_t *inlen); -int cms_digest_algors_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -SignedData ::= SEQUENCE { - version INTEGER (1), - digestAlgorithms SET OF AlgorithmIdentifier, - contentInfo ContentInfo, - certificates [0] IMPLICIT SET OF Certificate OPTIONAL, - crls [1] IMPLICIT SET OF CertificateRevocationList OPTIONAL, - signerInfos SET OF SignerInfo } -*/ -int cms_signed_data_to_der( - int version, - const int *digest_algors, size_t digest_algors_cnt, - const int content_type, const uint8_t *content, const size_t content_len, - const uint8_t *certs, size_t certs_len, - const uint8_t *crls, const size_t crls_len, - const uint8_t *signer_infos, size_t signer_infos_len, - uint8_t **out, size_t *outlen); -int cms_signed_data_from_der( - int *version, - int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors, - int *content_type, const uint8_t **content, size_t *content_len, - const uint8_t **certs, size_t *certs_len, - const uint8_t **crls, size_t *crls_len, - const uint8_t **signer_infos, size_t *signer_infos_len, - const uint8_t **in, size_t *inlen); -int cms_signed_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -typedef struct { - uint8_t *certs; - size_t certs_len; - SM2_KEY *sign_key; -} CMS_CERTS_AND_KEY; - -int cms_signed_data_sign_to_der( - const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, - int content_type, const uint8_t *data, size_t datalen, // 当OID_cms_data时为raw data - const uint8_t *crls, size_t crls_len, // 可以为空 - uint8_t **out, size_t *outlen); -int cms_signed_data_verify_from_der( - const uint8_t *extra_certs, size_t extra_certs_len, - const uint8_t *extra_crls, size_t extra_crls_len, - int *content_type, const uint8_t **content, size_t *content_len, // 是否应该返回raw data呢? - const uint8_t **certs, size_t *certs_len, - const uint8_t **crls, size_t *crls_len, - const uint8_t **signer_infos, size_t *signer_infos_len, - const uint8_t **in, size_t *inlen); - - -/* -RecipientInfo ::= SEQUENCE { - version INTEGER (1), - issuerAndSerialNumber IssuerAndSerialNumber, - keyEncryptionAlgorithm AlgorithmIdentifier, - encryptedKey OCTET STRING -- DER-encoding of SM2Cipher -} -由于encryptedKey的类型为SM2Cipher, 而SM2Cipher中有2个INTEGER,因此长度是不固定的。 -因此不能预先确定输出长度 -*/ -int cms_recipient_info_to_der( - int version, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial_number, size_t serial_number_len, - int public_key_enc_algor, - const uint8_t *enced_key, size_t enced_key_len, - uint8_t **out, size_t *outlen); -int cms_recipient_info_from_der( - int *version, - const uint8_t **issuer, size_t *issuer_len, - const uint8_t **serial_number, size_t *serial_number_len, - int *pke_algor, const uint8_t **params, size_t *params_len,// SM2加密只使用SM3,没有默认参数,但是ECIES可能有 - const uint8_t **enced_key, size_t *enced_key_len, - const uint8_t **in, size_t *inlen); -int cms_recipient_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -int cms_recipient_info_encrypt_to_der( - const SM2_KEY *public_key, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial, size_t serial_len, - const uint8_t *in, size_t inlen, - uint8_t **out, size_t *outlen); -int cms_recipient_info_decrypt_from_der( - const SM2_KEY *sm2_key, - const uint8_t *rcpt_issuer, size_t rcpt_issuer_len, - const uint8_t *rcpt_serial, size_t rcpt_serial_len, - uint8_t *out, size_t *outlen, size_t maxlen, - const uint8_t **in, size_t *inlen); - -int cms_recipient_infos_add_recipient_info( - uint8_t *d, size_t *dlen, size_t maxlen, - const SM2_KEY *public_key, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial, size_t serial_len, - const uint8_t *in, size_t inlen); -#define cms_recipient_infos_to_der(d,dlen,out,outlen) asn1_set_to_der(d,dlen,out,outlen) -#define cms_recipient_infos_from_der(d,dlen,in,inlen) asn1_set_from_der(d,dlen,in,inlen) -int cms_recipient_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -EnvelopedData ::= SEQUENCE { - version Version, - recipientInfos SET OF RecipientInfo, - encryptedContentInfo EncryptedContentInfo } -*/ -int cms_enveloped_data_to_der( - int version, - const uint8_t *rcpt_infos, size_t rcpt_infos_len, - int content_type, - int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len, - const uint8_t *enced_content, size_t enced_content_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len, - uint8_t **out, size_t *outlen); -int cms_enveloped_data_from_der( - int *version, - const uint8_t **rcpt_infos, size_t *rcpt_infos_len, - const uint8_t **enced_content_info, size_t *enced_content_info_len, - const uint8_t **in, size_t *inlen); -int cms_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int cms_enveloped_data_encrypt_to_der( - const uint8_t *rcpt_certs, size_t rcpt_certs_len, - int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - int content_type, const uint8_t *content, size_t content_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len, - uint8_t **out, size_t *outlen); -int cms_enveloped_data_decrypt_from_der( - const SM2_KEY *sm2_key, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial_number, size_t serial_number_len, - int *content_type, uint8_t *content, size_t *content_len, - const uint8_t **rcpt_infos, size_t *rcpt_infos_len, - const uint8_t **shared_info1, size_t *shared_info1_len, - const uint8_t **shared_info2, size_t *shared_info2_len, - const uint8_t **in, size_t *inlen); - -/* -SignedAndEnvelopedData ::= SEQUENCE { - version INTEGER (1), - recipientInfos SET OF RecipientInfo, - digestAlgorithms SET OF AlgorithmIdentifier, - encryptedContentInfo EncryptedContentInfo, - certificates [0] IMPLICIT SET OF Certificate OPTIONAL, - crls [1] IMPLICIT SET OF CertificateRevocationList OPTIONAL, - signerInfos SET OF SignerInfo } -*/ -int cms_signed_and_enveloped_data_to_der( - int version, - const uint8_t *rcpt_infos, size_t rcpt_infos_len, - const int *digest_algors, size_t digest_algors_cnt, - int content_type, - int enc_algor, const uint8_t *iv, size_t ivlen, - const uint8_t *enced_content, size_t enced_content_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len, - const uint8_t *certs, size_t certs_len, - const uint8_t *crls, size_t crls_len, - const uint8_t *signer_infos, size_t signer_infos_len, - uint8_t **out, size_t *outlen); -int cms_signed_and_enveloped_data_from_der( - int *version, - const uint8_t **rcpt_infos, size_t *rcpt_infos_len, - int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors, - const uint8_t **enced_content_info, size_t *enced_content_info_len, - const uint8_t **certs, size_t *certs_len, - const uint8_t **crls, size_t *crls_len, - const uint8_t **signer_infos, size_t *signer_infos_len, - const uint8_t **in, size_t *inlen); -int cms_signed_and_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int cms_signed_and_enveloped_data_encipher_to_der( - const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, - const uint8_t *rcpt_certs, size_t rcpt_certs_len, - int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - int content_type, const uint8_t *content, size_t content_len, - const uint8_t *signers_crls, size_t signers_crls_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len, - uint8_t **out, size_t *outlen); -int cms_signed_and_enveloped_data_decipher_from_der( - const SM2_KEY *rcpt_key, - const uint8_t *rcpt_issuer, size_t rcpt_issuer_len, - const uint8_t *rcpt_serial, size_t rcpt_serial_len, - int *content_type, uint8_t *content, size_t *content_len, - const uint8_t **prcpt_infos, size_t *prcpt_infos_len, - const uint8_t **shared_info1, size_t *shared_info1_len, - const uint8_t **shared_info2, size_t *shared_info2_len, - const uint8_t **certs, size_t *certs_len, - const uint8_t **crls, size_t *crls_len, - const uint8_t **psigner_infos, size_t *psigner_infos_len, - const uint8_t *extra_certs, size_t extra_certs_len, - const uint8_t *extra_crls, size_t extra_crls_len, - const uint8_t **in, size_t *inlen); - -/* -KeyAgreementInfo ::= SEQUENCE { - version INTEGER (1), - tempPublicKeyR SM2PublicKey, - userCertificate Certificate, - userID OCTET STRING } -*/ -int cms_key_agreement_info_to_der( - int version, - const SM2_KEY *temp_public_key_r, - const uint8_t *user_cert, size_t user_cert_len, - const uint8_t *user_id, size_t user_id_len, - uint8_t **out, size_t *outlen); -int cms_key_agreement_info_from_der( - int *version, - SM2_KEY *temp_public_key_r, - const uint8_t **user_cert, size_t *user_cert_len, - const uint8_t **user_id, size_t *user_id_len, - const uint8_t **in, size_t *inlen); -int cms_key_agreement_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - - -// 下面是公开API -// 公开API的设计考虑: -// 1. 不需要调用其他函数 -// 2. 在逻辑上容易理解 -// 3. 将cms,cmslen看做对象 - - -// 生成ContentInfo, type == data -int cms_set_data(uint8_t *cms, size_t *cmslen, - const uint8_t *d, size_t dlen); - -int cms_encrypt( - uint8_t *cms, size_t *cmslen, // 输出的ContentInfo (type encryptedData) - int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, // 对称加密算法、密钥和IV - int content_type, const uint8_t *content, size_t content_len, // 待加密的输入数据 - const uint8_t *shared_info1, size_t shared_info1_len, // 附加信息 - const uint8_t *shared_info2, size_t shared_info2_len); - -int cms_decrypt( - const uint8_t *cms, size_t cmslen, // 输入的ContentInfo (type encryptedData) - int *enc_algor, const uint8_t *key, size_t keylen, // 解密密钥(我们不知道解密算法) - int *content_type, uint8_t *content, size_t *content_len, // 输出的解密数据类型及数据 - const uint8_t **shared_info1, size_t *shared_info1_len, // 附加信息 - const uint8_t **shared_info2, size_t *shared_info2_len); - -int cms_sign( - uint8_t *cms, size_t *cms_len, - const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, // 签名者的签名私钥和证书 - int content_type, const uint8_t *content, size_t content_len, // 待签名的输入数据 - const uint8_t *crls, size_t crls_len); - -int cms_verify( - const uint8_t *cms, size_t cms_len, - const uint8_t *extra_certs, size_t extra_certs_len, - const uint8_t *extra_crls, size_t extra_crls_len, - int *content_type, const uint8_t **content, size_t *content_len, - const uint8_t **certs, size_t *certs_len, - const uint8_t **crls, size_t *crls_len, - const uint8_t **signer_infos, size_t *signer_infos_len); - -int cms_envelop( - uint8_t *cms, size_t *cms_len, - const uint8_t *rcpt_certs, size_t rcpt_certs_len, // 接收方证书,注意这个参数的类型可以容纳多个证书,但是只有在一个接受者时对调用方最方便 - int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, // 对称加密算法及参数 - int content_type, const uint8_t *content, size_t content_len, // 待加密的输入数据 - const uint8_t *shared_info1, size_t shared_info1_len, // 附加输入信息 - const uint8_t *shared_info2, size_t shared_info2_len); - -int cms_deenvelop( - const uint8_t *cms, size_t cms_len, - const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len, // 接收方的解密私钥和对应的证书,注意只需要一个解密方 - int *content_type, uint8_t *content, size_t *content_len, - const uint8_t **rcpt_infos, size_t *rcpt_infos_len, // 解析得到,用于显示 - const uint8_t **shared_info1, size_t *shared_info1_len, - const uint8_t **shared_info2, size_t *shared_info2_len); - -int cms_sign_and_envelop( - uint8_t *cms, size_t *cms_len, - const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, - const uint8_t *rcpt_certs, size_t rcpt_certs_len, - int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, - int content_type, const uint8_t *content, size_t content_len, - const uint8_t *signers_crls, size_t signers_crls_len, - const uint8_t *shared_info1, size_t shared_info1_len, - const uint8_t *shared_info2, size_t shared_info2_len); - -int cms_deenvelop_and_verify( - const uint8_t *cms, size_t cms_len, - const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len, - const uint8_t *extra_signer_certs, size_t extra_signer_certs_len, - const uint8_t *extra_signer_crls, size_t extra_signer_crls_len, - int *content_type, uint8_t *content, size_t *content_len, - const uint8_t **rcpt_infos, size_t *rcpt_infos_len, - const uint8_t **signer_infos, size_t *signer_infos_len, - const uint8_t **signer_certs, size_t *signer_certs_len, - const uint8_t **signer_crls, size_t *signer_crls_len, - const uint8_t **shared_info1, size_t *shared_info1_len, - const uint8_t **shared_info2, size_t *shared_info2_len); - -// 生成ContentInfo, type == keyAgreementInfo -int cms_set_key_agreement_info( - uint8_t *cms, size_t *cms_len, - const SM2_KEY *temp_public_key_r, - const uint8_t *user_cert, size_t user_cert_len, - const uint8_t *user_id, size_t user_id_len); - -#define PEM_CMS "CMS" -int cms_to_pem(const uint8_t *cms, size_t cms_len, FILE *fp); -int cms_from_pem(uint8_t *cms, size_t *cms_len, size_t maxlen, FILE *fp); - - -int cms_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/des.h b/include/gmssl/des.h deleted file mode 100644 index c79d281..0000000 --- a/include/gmssl/des.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -/* FIPS PUB 46-3 "Data Encryption Standard (DES)" */ - -#ifndef GMSSL_DES_H -#define GMSSL_DES_H - - -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define DES_KEY_BITS 56 -#define DES_BLOCK_BITS 64 -#define DES_KEY_SIZE ((DES_KEY_BITS)/7) -#define DES_BLOCK_SIZE (DES_BLOCK_BITS/8) - -#define DES_RK_BITS 48 -#define DES_RK_SIZE (DES_RK_BITS/8) -#define DES_ROUNDS 16 - -#define DES_EDE_KEY_SIZE (DES_KEY_SIZE * 3) - -typedef struct { - uint64_t rk[DES_ROUNDS]; -} DES_KEY; - -void des_set_encrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]); -void des_set_decrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]); -void des_encrypt(DES_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]); - - -typedef struct { - DES_KEY K[3]; -} DES_EDE_KEY; - -void des_ede_set_encrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]); -void des_ede_set_decrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]); -void des_ede_encrypt(DES_EDE_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/digest.h b/include/gmssl/digest.h deleted file mode 100644 index 18a9d69..0000000 --- a/include/gmssl/digest.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_DIGEST_H -#define GMSSL_DIGEST_H - - -#include -#include -#include -#ifdef ENABLE_BROKEN_CRYPTO -#include -#include -#endif -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct DIGEST DIGEST; -typedef struct DIGEST_CTX DIGEST_CTX; - - -#define DIGEST_MAX_SIZE 64 -#define DIGEST_MAX_BLOCK_SIZE (1024/8) - - -struct DIGEST_CTX { - union { - SM3_CTX sm3_ctx; -#ifdef ENABLE_BROKEN_CRYPTO - MD5_CTX md5_ctx; - SHA1_CTX sha1_ctx; -#endif - SHA224_CTX sha224_ctx; - SHA256_CTX sha256_ctx; - SHA384_CTX sha384_ctx; - SHA512_CTX sha512_ctx; - } u; - const DIGEST *digest; -}; - -struct DIGEST { - int oid; - size_t digest_size; - size_t block_size; - size_t ctx_size; - int (*init)(DIGEST_CTX *ctx); - int (*update)(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen); - int (*finish)(DIGEST_CTX *ctx, uint8_t *dgst); -}; - -const DIGEST *DIGEST_sm3(void); -#ifdef ENABLE_BROKEN_CRYPTO -const DIGEST *DIGEST_md5(void); -const DIGEST *DIGEST_sha1(void); -#endif -const DIGEST *DIGEST_sha224(void); -const DIGEST *DIGEST_sha256(void); -const DIGEST *DIGEST_sha384(void); -const DIGEST *DIGEST_sha512(void); -const DIGEST *DIGEST_sha512_224(void); -const DIGEST *DIGEST_sha512_256(void); - -const DIGEST *digest_from_name(const char *name); -const char *digest_name(const DIGEST *digest); -int digest_init(DIGEST_CTX *ctx, const DIGEST *algor); -int digest_update(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen); -int digest_finish(DIGEST_CTX *ctx, uint8_t *dgst, size_t *dgstlen); -int digest(const DIGEST *digest, const uint8_t *data, size_t datalen, uint8_t *dgst, size_t *dgstlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/dylib.h b/include/gmssl/dylib.h deleted file mode 100644 index c2aefaa..0000000 --- a/include/gmssl/dylib.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_DYLIB_H -#define GMSSL_DYLIB_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#ifdef WIN32 - -#include - -typedef HMODULE dylib_handle_t; - -#define dylib_load_library(so_path) LoadLibraryA(so_path) -#define dylib_get_function(handle,name) GetProcAddress(handle,name) -#define dylib_close_library(handle) -#define dylib_error_str() "" - - -#else - -#include - -typedef void *dylib_handle_t; - -#define dylib_load_library(so_path) dlopen(so_path,RTLD_LAZY) -#define dylib_get_function(handle,name) dlsym(handle,name) -#define dylib_close_library(handle) dlclose(handle) -#define dylib_error_str() dlerror() - - -#endif - - - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/ec.h b/include/gmssl/ec.h deleted file mode 100644 index 2dc1c00..0000000 --- a/include/gmssl/ec.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_EC_H -#define GMSSL_EC_H - - -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* -NamedCurve: - OID_sm2 - OID_prime192v1 - OID_prime256v1 - OID_secp256k1 - OID_secp384r1 - OID_secp521r1 -*/ -const char *ec_named_curve_name(int curve); -int ec_named_curve_from_name(const char *name); -int ec_named_curve_to_der(int curve, uint8_t **out, size_t *outlen); -int ec_named_curve_from_der(int *curve, const uint8_t **in, size_t *inlen); - -/* -ECPoint ::= OCTET STRING -- uncompressed point -*/ -int ec_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -ECPrivateKey ::= SEQUENCE { - version INTEGER, -- value MUST be (1) - privateKey OCTET STRING, -- big endian encoding of integer - parameters [0] EXPLICIT OBJECT IDENTIFIER OPTIONAL, -- namedCurve - publicKey [1] EXPLICIT BIT STRING OPTIONAL -- ECPoint -} -*/ - -enum { - EC_private_key_version = 1, -}; - -int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/endian.h b/include/gmssl/endian.h deleted file mode 100644 index 8f4345c..0000000 --- a/include/gmssl/endian.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_ENDIAN_H -#define GMSSL_ENDIAN_H - - -/* Big Endian R/W */ - -#define GETU16(p) \ - ((uint16_t)(p)[0] << 8 | \ - (uint16_t)(p)[1]) - -#define GETU32(p) \ - ((uint32_t)(p)[0] << 24 | \ - (uint32_t)(p)[1] << 16 | \ - (uint32_t)(p)[2] << 8 | \ - (uint32_t)(p)[3]) - -#define GETU64(p) \ - ((uint64_t)(p)[0] << 56 | \ - (uint64_t)(p)[1] << 48 | \ - (uint64_t)(p)[2] << 40 | \ - (uint64_t)(p)[3] << 32 | \ - (uint64_t)(p)[4] << 24 | \ - (uint64_t)(p)[5] << 16 | \ - (uint64_t)(p)[6] << 8 | \ - (uint64_t)(p)[7]) - - -// 注意:PUTU32(buf, val++) 会出错! -#define PUTU16(p,V) \ - ((p)[0] = (uint8_t)((V) >> 8), \ - (p)[1] = (uint8_t)(V)) - -#define PUTU32(p,V) \ - ((p)[0] = (uint8_t)((V) >> 24), \ - (p)[1] = (uint8_t)((V) >> 16), \ - (p)[2] = (uint8_t)((V) >> 8), \ - (p)[3] = (uint8_t)(V)) - -#define PUTU64(p,V) \ - ((p)[0] = (uint8_t)((V) >> 56), \ - (p)[1] = (uint8_t)((V) >> 48), \ - (p)[2] = (uint8_t)((V) >> 40), \ - (p)[3] = (uint8_t)((V) >> 32), \ - (p)[4] = (uint8_t)((V) >> 24), \ - (p)[5] = (uint8_t)((V) >> 16), \ - (p)[6] = (uint8_t)((V) >> 8), \ - (p)[7] = (uint8_t)(V)) - -/* Little Endian R/W */ - -#define GETU16_LE(p) (*(const uint16_t *)(p)) -#define GETU32_LE(p) (*(const uint32_t *)(p)) -#define GETU64_LE(p) (*(const uint64_t *)(p)) - -#define PUTU16_LE(p,V) *(uint16_t *)(p) = (V) -#define PUTU32_LE(p,V) *(uint32_t *)(p) = (V) -#define PUTU64_LE(p,V) *(uint64_t *)(p) = (V) - -/* Rotate */ - -#define ROL32(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) -#define ROL64(a,n) (((a)<<(n))|((a)>>(64-(n)))) - -#define ROR32(a,n) ROL32((a),32-(n)) -#define ROR64(a,n) ROL64(a,64-n) - - -#endif diff --git a/include/gmssl/error.h b/include/gmssl/error.h deleted file mode 100644 index a5902ef..0000000 --- a/include/gmssl/error.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_ERROR_H -#define GMSSL_ERROR_H - - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define GMSSL_FMT_BIN 1 -#define GMSSL_FMT_HEX 2 -#define GMSSL_FMT_DER 4 -#define GMSSL_FMT_PEM 8 - - - -#define DEBUG 1 - -#define warning_print() \ - do { if (DEBUG) fprintf(stderr, "%s:%d:%s():\n",__FILE__, __LINE__, __func__); } while (0) - -#define error_print() \ - do { if (DEBUG) fprintf(stderr, "%s:%d:%s():\n",__FILE__, __LINE__, __func__); } while (0) - -#define error_print_msg(fmt, ...) \ - do { if (DEBUG) fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, __func__, __VA_ARGS__); } while (0) - -#define error_puts(str) \ - do { if (DEBUG) fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, __func__, str); } while (0) - - -void print_der(const uint8_t *in, size_t inlen); -void print_bytes(const uint8_t *in, size_t inlen); -void print_nodes(const uint32_t *in, size_t inlen); - -#define FMT_CARRAY 0x80 - - -int format_print(FILE *fp, int format, int indent, const char *str, ...); -int format_bytes(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen); -int format_string(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen); - - - -//int tls_trace(int format, int indent, const char *str, ...); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/file.h b/include/gmssl/file.h deleted file mode 100644 index 435c37c..0000000 --- a/include/gmssl/file.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_FILE_H -#define GMSSL_FILE_H - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -int file_size(FILE *fp, size_t *size); -int file_read_all(const char *file, uint8_t **out, size_t *outlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/gcm.h b/include/gmssl/gcm.h deleted file mode 100644 index 97c62fc..0000000 --- a/include/gmssl/gcm.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_GCM_H -#define GMSSL_GCM_H - - -#include -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - -#define GCM_IV_MIN_SIZE 1 -#define GCM_IV_MAX_SIZE ((uint64_t)(1 << (64-3))) -#define GCM_IV_DEFAULT_BITS 96 -#define GCM_IV_DEFAULT_SIZE 12 - -#define GCM_MIN_AAD_SIZE 0 -#define GCM_MAX_AAD_SIZE ((uint64_t)(1 << (64-3))) - -#define GCM_MIN_PLAINTEXT_SIZE 0 -#define GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3) - - -#define GHASH_SIZE (16) - - -#define GCM_IS_LITTLE_ENDIAN 1 - - -void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen, - const uint8_t *c, size_t clen, uint8_t out[16]); - -typedef struct { - gf128_t H; - gf128_t X; - size_t aadlen; - size_t clen; - uint8_t block[16]; - size_t num; -} GHASH_CTX; - -void ghash_init(GHASH_CTX *ctx, const uint8_t h[16], const uint8_t *aad, size_t aadlen); -void ghash_update(GHASH_CTX *ctx, const uint8_t *c, size_t clen); -void ghash_finish(GHASH_CTX *ctx, uint8_t out[16]); - - -int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen, - uint8_t *out, size_t taglen, uint8_t *tag); - -int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen, - const uint8_t *tag, size_t taglen, uint8_t *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/gf128.h b/include/gmssl/gf128.h deleted file mode 100644 index 8263e4a..0000000 --- a/include/gmssl/gf128.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -/* GF(2^128) defined by f(x) = x^128 + x^7 + x^2 + x + 1 - * A + B mod f(x) = a xor b - * A * 2 mod f(x) - */ - -#ifndef GMSSL_GF128_H -#define GMSSL_GF128_H - - -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - -//typedef unsigned __int128 gf128_t; - -typedef struct { - uint64_t hi; - uint64_t lo; -} gf128_t; - - -// Note: send by value is comptabile with uint128_t and sse2 -gf128_t gf128_from_hex(const char *s); -int gf128_equ_hex(gf128_t a, const char *s); -gf128_t gf128_zero(void); -gf128_t gf128_add(gf128_t a, gf128_t b); -gf128_t gf128_mul(gf128_t a, gf128_t b); -gf128_t gf128_mul2(gf128_t a); -gf128_t gf128_from_bytes(const uint8_t p[16]); -void gf128_to_bytes(gf128_t a, uint8_t p[16]); -int gf128_print(FILE *fp, int fmt ,int ind, const char *label, gf128_t a); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/hash_drbg.h b/include/gmssl/hash_drbg.h deleted file mode 100644 index db6d187..0000000 --- a/include/gmssl/hash_drbg.h +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -/* NIST SP800-90A Rev.1 "Recommendation for Random Number Generation - * Using Deterministic Random Bit Generators", 10.1.1 Hash_DRBG */ - -#ifndef GMSSL_HASH_DRBG_H -#define GMSSL_HASH_DRBG_H - - -#include -#include -#include - - -/* seedlen for hash_drgb, table 2 of nist sp 800-90a rev.1 */ -#define HASH_DRBG_SM3_SEED_BITS 440 /* 55 bytes */ -#define HASH_DRBG_SHA1_SEED_BITS 440 -#define HASH_DRBG_SHA224_SEED_BITS 440 -#define HASH_DRBG_SHA512_224_SEED_BITS 440 -#define HASH_DRBG_SHA256_SEED_BITS 440 -#define HASH_DRBG_SHA512_256_SEED_BITS 440 -#define HASH_DRBG_SHA384_SEED_BITS 888 /* 110 bytes */ -#define HASH_DRBG_SHA512_SEED_BITS 888 -#define HASH_DRBG_MAX_SEED_BITS 888 - -#define HASH_DRBG_SM3_SEED_SIZE (HASH_DRBG_SM3_SEED_BITS/8) -#define HASH_DRBG_SHA1_SEED_SIZE (HASH_DRBG_SHA1_SEED_BITS/8) -#define HASH_DRBG_SHA224_SEED_SIZE (HASH_DRBG_SHA224_SEED_BITS/8) -#define HASH_DRBG_SHA512_224_SEED_SIZE (HASH_DRBG_SHA512_224_SEED_BITS/8) -#define HASH_DRBG_SHA256_SEED_SIZE (HASH_DRBG_SHA256_SEED_BITS/8) -#define HASH_DRBG_SHA512_256_SEED_SIZE (HASH_DRBG_SHA512_256_SEED_BITS/8) -#define HASH_DRBG_SHA384_SEED_SIZE (HASH_DRBG_SHA384_SEED_BITS/8) -#define HASH_DRBG_SHA512_SEED_SIZE (HASH_DRBG_SHA512_SEED_BITS/8) -#define HASH_DRBG_MAX_SEED_SIZE (HASH_DRBG_MAX_SEED_BITS/8) - -#define HASH_DRBG_RESEED_INTERVAL ((uint64_t)1 << 48) - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct { - const DIGEST *digest; - uint8_t V[HASH_DRBG_MAX_SEED_SIZE]; - uint8_t C[HASH_DRBG_MAX_SEED_SIZE]; - size_t seedlen; - uint64_t reseed_counter; -} HASH_DRBG; - - -int hash_drbg_init(HASH_DRBG *drbg, - const DIGEST *digest, - const uint8_t *entropy, size_t entropy_len, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *personalstr, size_t personalstr_len); - -int hash_drbg_reseed(HASH_DRBG *drbg, - const uint8_t *entropy, size_t entropy_len, - const uint8_t *additional, size_t additional_len); - -int hash_drbg_generate(HASH_DRBG *drbg, - const uint8_t *additional, size_t additional_len, - size_t outlen, uint8_t *out); - - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/hex.h b/include/gmssl/hex.h deleted file mode 100644 index 9917618..0000000 --- a/include/gmssl/hex.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_HEX_H -#define GMSSL_HEX_H - - -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - -int hex_to_bytes(const char *in, size_t inlen, uint8_t *out, size_t *outlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/hkdf.h b/include/gmssl/hkdf.h deleted file mode 100644 index bbefded..0000000 --- a/include/gmssl/hkdf.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -// RFC 5869 - -#ifndef GMSSL_HKDF_H -#define GMSSL_HKDF_H - -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -int hkdf_extract(const DIGEST *digest, const uint8_t *salt, size_t saltlen, - const uint8_t *ikm, size_t ikmlen, - uint8_t *prk, size_t *prklen); - -int hkdf_expand(const DIGEST *digest, const uint8_t *prk, size_t prklen, - const uint8_t *opt_info, size_t opt_infolen, - size_t L, uint8_t *okm); - -int sm3_hkdf_extract(const uint8_t *salt, size_t saltlen, - const uint8_t *ikm, size_t ikmlen, - uint8_t *prk, size_t *prklen); - -int sm3_hkdf_expand(const uint8_t *prk, size_t prklen, - const uint8_t *opt_info, size_t opt_infolen, - size_t L, uint8_t *okm); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/hmac.h b/include/gmssl/hmac.h deleted file mode 100644 index 670586a..0000000 --- a/include/gmssl/hmac.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_HMAC_H -#define GMSSL_HMAC_H - -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - -#define HMAC_MAX_SIZE (DIGEST_MAX_SIZE) - - -typedef struct hmac_ctx_st { - const DIGEST *digest; - DIGEST_CTX digest_ctx; - DIGEST_CTX i_ctx; - DIGEST_CTX o_ctx; -} HMAC_CTX; - - -size_t hmac_size(const HMAC_CTX *ctx); - -int hmac_init(HMAC_CTX *ctx, const DIGEST *digest, const uint8_t *key, size_t keylen); -int hmac_update(HMAC_CTX *ctx, const uint8_t *data, size_t datalen); -int hmac_finish(HMAC_CTX *ctx, uint8_t *mac, size_t *maclen); - -int hmac(const DIGEST *md, const uint8_t *key, size_t keylen, - const uint8_t *data, size_t dlen, - uint8_t *mac, size_t *maclen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/http.h b/include/gmssl/http.h deleted file mode 100644 index cda8ad7..0000000 --- a/include/gmssl/http.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_HTTP_H -#define GMSSL_HTTP_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -int http_parse_uri(const char *uri, char host[128], int *port, char path[256]); -int http_parse_response(char *buf, size_t buflen, uint8_t **content, size_t *contentlen, size_t *left); -int http_get(const char *uri, uint8_t *buf, size_t *contentlen, size_t buflen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/md5.h b/include/gmssl/md5.h deleted file mode 100644 index dc4b91d..0000000 --- a/include/gmssl/md5.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_MD5_H -#define GMSSL_MD5_H - - -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define MD5_IS_BIG_ENDIAN 0 - -#define MD5_DIGEST_SIZE 16 -#define MD5_BLOCK_SIZE 64 -#define MD5_STATE_WORDS (MD5_BLOCK_SIZE/sizeof(uint32_t)) - -typedef struct { - uint32_t state[MD5_STATE_WORDS]; - uint64_t nblocks; - uint8_t block[MD5_BLOCK_SIZE]; - size_t num; -} MD5_CTX; - - -void md5_init(MD5_CTX *ctx); -void md5_update(MD5_CTX *ctx, const uint8_t *data, size_t datalen); -void md5_finish(MD5_CTX *ctx, uint8_t dgst[MD5_DIGEST_SIZE]); -void md5_digest(const uint8_t *data, size_t datalen, uint8_t dgst[MD5_DIGEST_SIZE]); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/mem.h b/include/gmssl/mem.h deleted file mode 100644 index 9a57eb7..0000000 --- a/include/gmssl/mem.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_MEM_H -#define GMSSL_MEM_H - -#include -#include // where size_t from - - -void memxor(void *r, const void *a, size_t len); -void gmssl_memxor(void *r, const void *a, const void *b, size_t len); - -int gmssl_secure_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len); -void gmssl_secure_clear(void *ptr, size_t len); - -int mem_is_zero(const uint8_t *buf, size_t len); // FIXME: uint8_t * to void * - -#endif - diff --git a/include/gmssl/oid.h b/include/gmssl/oid.h deleted file mode 100644 index f733676..0000000 --- a/include/gmssl/oid.h +++ /dev/null @@ -1,215 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_OID_H -#define GMSSL_OID_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -enum { - OID_undef = 0, - - // ShangMi schemes in GM/T 0006-2012 - OID_sm1, - OID_ssf33, - OID_sm4, - OID_zuc, - OID_sm2, - OID_sm2sign, - OID_sm2keyagreement, - OID_sm2encrypt, - OID_sm9, - OID_sm9sign, - OID_sm9keyagreement, - OID_sm9encrypt, - OID_sm3, - OID_sm3_keyless, - OID_hmac_sm3, - OID_sm2sign_with_sm3, - OID_rsasign_with_sm3, - OID_ec_public_key, // X9.62 ecPublicKey - OID_prime192v1, - OID_prime256v1, - OID_secp256k1, - OID_secp192k1, - OID_secp224k1, - OID_secp224r1, - OID_secp384r1, - OID_secp521r1, - - OID_at_name, - OID_at_surname, - OID_at_given_name, - OID_at_initials, - OID_at_generation_qualifier, - OID_at_common_name, - OID_at_locality_name, - OID_at_state_or_province_name, - OID_at_organization_name, - OID_at_organizational_unit_name, - OID_at_title, - OID_at_dn_qualifier, - OID_at_country_name, - OID_at_serial_number, - OID_at_pseudonym, - OID_domain_component, - OID_email_address, - - // Cert Extensions - OID_ce_authority_key_identifier, - OID_ce_subject_key_identifier, - OID_ce_key_usage, - OID_ce_certificate_policies, - OID_ce_policy_mappings, - OID_ce_subject_alt_name, - OID_ce_issuer_alt_name, - OID_ce_subject_directory_attributes, - OID_ce_basic_constraints, - OID_ce_name_constraints, - OID_ce_policy_constraints, - OID_ce_ext_key_usage, - OID_ce_crl_distribution_points, - OID_ce_inhibit_any_policy, - OID_ce_freshest_crl, - OID_netscape_cert_type, - OID_netscape_cert_comment, - OID_ct_precertificate_scts, - - OID_ad_ca_issuers, - OID_ad_ocsp, - - // CRL Extensions - //OID_ce_authority_key_identifier, - //OID_ce_issuer_alt_name, - OID_ce_crl_number, - OID_ce_delta_crl_indicator, - OID_ce_issuing_distribution_point, - //OID_ce_freshest_crl, - OID_pe_authority_info_access, - - // CRL Entry Extensions - OID_ce_crl_reasons, - OID_ce_invalidity_date, - OID_ce_certificate_issuer, - - // X.509 KeyPropuseID - OID_any_extended_key_usage, - OID_kp_server_auth, - OID_kp_client_auth, - OID_kp_code_signing, - OID_kp_email_protection, - OID_kp_time_stamping, - OID_kp_ocsp_signing, - - OID_qt_cps, - OID_qt_unotice, - - OID_md5, - OID_sha1, - OID_sha224, - OID_sha256, - OID_sha384, - OID_sha512, - OID_sha512_224, - OID_sha512_256, - - - OID_hmac_sha1, - OID_hmac_sha224, - OID_hmac_sha256, - OID_hmac_sha384, - OID_hmac_sha512, - OID_hmac_sha512_224, - OID_hmac_sha512_256, - - OID_pbkdf2, // {pkcs-5 12} - OID_pbes2, // {pkcs-5 13} - - - - OID_sm4_ecb, // 1 2 156 10197 1 104 1 - OID_sm4_cbc, // 1 2 156 10197 1 104 2 - - OID_aes, - OID_aes128_cbc, - OID_aes192_cbc, - OID_aes256_cbc, - - OID_aes128, // 没有OID - - OID_ecdsa_with_sha1, - OID_ecdsa_with_sha224, - OID_ecdsa_with_sha256, - OID_ecdsa_with_sha384, - OID_ecdsa_with_sha512, - - OID_rsasign_with_md5, - OID_rsasign_with_sha1, - OID_rsasign_with_sha224, - OID_rsasign_with_sha256, - OID_rsasign_with_sha384, - OID_rsasign_with_sha512, - - OID_rsa_encryption, - OID_rsaes_oaep, - - OID_any_policy, - - OID_cms_data, - OID_cms_signed_data, - OID_cms_enveloped_data, - OID_cms_signed_and_enveloped_data, - OID_cms_encrypted_data, - OID_cms_key_agreement_info, -}; - -// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)} -#define oid_pkix 1,3,6,1,5,5,7 - -#define oid_pe oid_pkix,1 -#define oid_qt oid_pkix,2 -#define oid_kp oid_pkix,3 -#define oid_ad oid_pkix,48 - -// {iso(1) member-body(2) us(840) rsadsi(113549)} -#define oid_rsadsi 1,2,840,113549 -#define oid_pkcs oid_rsadsi,1 -#define oid_pkcs5 oid_pkcs,5 - -// {iso(1) member-body(2) us(840) ansi-x962(10045)} -#define oid_x9_62 1,2,840,10045 - - - -#define oid_at 2,5,4 -#define oid_ce 2,5,29 - - -#define oid_sm 1,2,156,10197 -#define oid_sm_algors oid_sm,1 -#define oid_sm2_cms oid_sm,6,1,4,2 - - - - - -#define oid_cnt(nodes) (sizeof(nodes)/sizeof((nodes)[0])) - - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/pbkdf2.h b/include/gmssl/pbkdf2.h deleted file mode 100644 index 20aabb5..0000000 --- a/include/gmssl/pbkdf2.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_PBKDF2_H -#define GMSSL_PBKDF2_H - -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* -PBKDF2 Public API - - PBKDF2_MIN_ITER - PBKDF2_DEFAULT_SALT_SIZE - PBKDF2_MAX_SALT_SIZE - - pbkdf2_hmac_sm3_genkey -*/ - - -#define PBKDF2_MIN_ITER 10000 -#define PBKDF2_MAX_ITER (INT_MAX) -#define PBKDF2_MAX_SALT_SIZE 64 -#define PBKDF2_DEFAULT_SALT_SIZE 8 - - -int pbkdf2_genkey(const DIGEST *digest, - const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter, - size_t outlen, uint8_t *out); - -int pbkdf2_hmac_sm3_genkey( - const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter, - size_t outlen, uint8_t *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/pem.h b/include/gmssl/pem.h deleted file mode 100644 index cdaaabb..0000000 --- a/include/gmssl/pem.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_PEM_H -#define GMSSL_PEM_H - - -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -int pem_read(FILE *fp, const char *name, uint8_t *out, size_t *outlen, size_t maxlen); -int pem_write(FILE *fp, const char *name, const uint8_t *in, size_t inlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/pkcs8.h b/include/gmssl/pkcs8.h deleted file mode 100644 index 9233b5c..0000000 --- a/include/gmssl/pkcs8.h +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -// RFC 5208: PKCS #8: Private-Key Information Syntax Specification version 1.2 - - -#ifndef GMSSL_PKCS8_H -#define GMSSL_PKCS8_H - -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -/* -id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} - -PBKDF2-params ::= SEQUENCE { - salt CHOICE { - specified OCTET STRING, - otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} - }, - iterationCount INTEGER (1..MAX), - keyLength INTEGER (1..MAX) OPTIONAL, -- 这个参数可以由函数指定 - prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 -} - -prf must be OID_hmac_sm3 -cipher must be OID_sm4_cbc -*/ -int pbkdf2_params_to_der(const uint8_t *salt, size_t saltlen, int iter, int keylen, int prf, - uint8_t **out, size_t *outlen); -int pbkdf2_params_from_der(const uint8_t **salt, size_t *saltlen, int *iter, int *keylen, int *prf, - const uint8_t **in, size_t *inlen); -int pbkdf2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int pbkdf2_algor_to_der( - const uint8_t *salt, size_t saltlen, - int iter, - int keylen, - int prf, - uint8_t **out, size_t *outlen); -int pbkdf2_algor_from_der( - const uint8_t **salt, size_t *saltlen, - int *iter, - int *keylen, - int *prf, - const uint8_t **in, size_t *inlen); -int pbkdf2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -/* -id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} - -PBES2-params ::= SEQUENCE { - keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, -- id-PBKDF2 - encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}} - -PBES2-Encs: - AES-CBC-Pad [RFC2898] - RC5-CBC-Pad - DES-CBC-Pad legacy - DES-EDE3-CBC-Pad legacy - RC2-CBC-Pad legacy -*/ - -int pbes2_enc_algor_to_der( - int cipher, - const uint8_t *iv, size_t ivlen, - uint8_t **out, size_t *outlen); -int pbes2_enc_algor_from_der( - int *cipher, - const uint8_t **iv, size_t *ivlen, - const uint8_t **in, size_t *inlen); -int pbes2_enc_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -int pbes2_params_to_der( - const uint8_t *salt, size_t saltlen, - int iter, - int keylen, - int prf, - int cipher, - const uint8_t *iv, size_t ivlen, - uint8_t **out, size_t *outlen); -int pbes2_params_from_der( - const uint8_t **salt, size_t *saltlen, - int *iter, - int *keylen, - int *prf, - int *cipher, - const uint8_t **iv, size_t *ivlen, - const uint8_t **in, size_t *inlen); -int pbes2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -int pbes2_algor_to_der( - const uint8_t *salt, size_t saltlen, - int iter, - int keylen, - int prf, - int cipher, - const uint8_t *iv, size_t ivlen, - uint8_t **out, size_t *outlen); -int pbes2_algor_from_der( - const uint8_t **salt, size_t *saltlen, - int *iter, - int *keylen, - int *prf, - int *cipher, - const uint8_t **iv, size_t *ivlen, - const uint8_t **in, size_t *inlen); -int pbes2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -from [RFC 5208] - -EncryptedPrivateKeyInfo ::= SEQUENCE { - encryptionAlgorithm EncryptionAlgorithmIdentifier, - encryptedData OCTET STRING } - -encryptionAlgorithm: - id-PBES2 - -PrivateKeyInfo ::= SEQUENCE { - version INTEGER { v1(0) }, - privateKeyAlgorithm AlgorithmIdentifier, - privateKey OCTET STRING, - attributes [0] Attributes OPTIONAL } -*/ - -int pkcs8_enced_private_key_info_to_der( - const uint8_t *salt, size_t saltlen, - int iter, - int keylen, - int prf, - int cipher, - const uint8_t *iv, size_t ivlen, - const uint8_t *enced, size_t encedlen, - uint8_t **out, size_t *outlen); -int pkcs8_enced_private_key_info_from_der( - const uint8_t **salt, size_t *saltlen, - int *iter, - int *keylen, - int *prf, - int *cipher, - const uint8_t **iv, size_t *ivlen, - const uint8_t **enced, size_t *encedlen, - const uint8_t **in, size_t *inlen); -int pkcs8_enced_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/rand.h b/include/gmssl/rand.h deleted file mode 100644 index 86f5b05..0000000 --- a/include/gmssl/rand.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_RAND_H -#define GMSSL_RAND_H - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define RAND_BYTES_MAX_SIZE (256) - -_gmssl_export int rand_bytes(uint8_t *buf, size_t buflen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/rc4.h b/include/gmssl/rc4.h deleted file mode 100644 index a6a523c..0000000 --- a/include/gmssl/rc4.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_RC4_H -#define GMSSL_RC4_H - - -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define RC4_MIN_KEY_BITS 40 -#define RC4_STATE_NUM_WORDS 256 - - -typedef struct { - uint8_t d[RC4_STATE_NUM_WORDS]; -} RC4_STATE; - -void rc4_init(RC4_STATE *state, const uint8_t *key, size_t keylen); -void rc4_generate_keystream(RC4_STATE *state, size_t outlen, uint8_t *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/rdrand.h b/include/gmssl/rdrand.h deleted file mode 100644 index 61e034a..0000000 --- a/include/gmssl/rdrand.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_RDRAND_H -#define GMSSL_RDRAND_H - -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -int rdrand_bytes(uint8_t *buf, size_t buflen); - -#ifdef INTEL_RDSEED -int rdseed_bytes(uint8_t *buf, size_t buflen); -#endif - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/rsa.h b/include/gmssl/rsa.h deleted file mode 100644 index 4d170c4..0000000 --- a/include/gmssl/rsa.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_RSA_H -#define GMSSL_RSA_H - - -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -/* -RSAPublicKey ::= SEQUENCE { - modulus INTEGER, -- n - publicExponent INTEGER -- e -} - -RSAPrivateKey ::= SEQUENCE { - version INTEGER, -- 0 - modulus INTEGER, -- n - publicExponent INTEGER, -- e - privateExponent INTEGER, -- d - prime1 INTEGER, -- p - prime2 INTEGER, -- q - exponent1 INTEGER, -- d mod (p-1) - exponent2 INTEGER, -- d mod (q-1) - coefficient INTEGER -- q^-1 mod p -} -*/ - - -int rsa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - - - - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sdf.h b/include/gmssl/sdf.h deleted file mode 100644 index 77cf6a0..0000000 --- a/include/gmssl/sdf.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_SDF_H -#define GMSSL_SDF_H - -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - -/* -SDF Public API - - sdf_load_library - sdf_unload_library - - SDF_DEVICE - sdf_open_device - sdf_close_device - sdf_print_device_info - sdf_rand_bytes - sdf_load_sign_key - - SDF_KEY - sdf_sign - sdf_release_key -*/ - -typedef struct { - void *handle; - char issuer[41]; - char name[17]; - char serial[17]; -} SDF_DEVICE; - -typedef struct { - SM2_KEY public_key; - void *session; - int index; -} SDF_KEY; - - -int sdf_load_library(const char *so_path, const char *vendor); -int sdf_open_device(SDF_DEVICE *dev); -int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev); -int sdf_rand_bytes(SDF_DEVICE *dev, uint8_t *buf, size_t len); -int sdf_load_sign_key(SDF_DEVICE *dev, SDF_KEY *key, int index, const char *pass); -int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen); -int sdf_release_key(SDF_KEY *key); -int sdf_close_device(SDF_DEVICE *dev); -void sdf_unload_library(void); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sha1.h b/include/gmssl/sha1.h deleted file mode 100644 index 38aef90..0000000 --- a/include/gmssl/sha1.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_SHA1_H -#define GMSSL_SHA1_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SHA1_IS_BIG_ENDIAN 1 - -#define SHA1_DIGEST_SIZE 20 -#define SHA1_BLOCK_SIZE 64 -#define SHA1_STATE_WORDS (SHA1_DIGEST_SIZE/sizeof(uint32_t)) - - -typedef struct { - uint32_t state[SHA1_STATE_WORDS]; - uint64_t nblocks; - uint8_t block[SHA1_BLOCK_SIZE]; - size_t num; -} SHA1_CTX; - -void sha1_init(SHA1_CTX *ctx); -void sha1_update(SHA1_CTX *ctx, const uint8_t *data, size_t datalen); -void sha1_finish(SHA1_CTX *ctx, uint8_t dgst[SHA1_DIGEST_SIZE]); -void sha1_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SHA1_DIGEST_SIZE]); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sha2.h b/include/gmssl/sha2.h deleted file mode 100644 index 744e7dc..0000000 --- a/include/gmssl/sha2.h +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_SHA2_H -#define GMSSL_SHA2_H - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SHA2_IS_BIG_ENDIAN 1 - - -#define SHA224_DIGEST_SIZE 28 -#define SHA224_BLOCK_SIZE 64 -#define SHA224_STATE_WORDS 8 - -typedef struct { - uint32_t state[SHA224_STATE_WORDS]; - uint64_t nblocks; - uint8_t block[SHA224_BLOCK_SIZE]; - size_t num; -} SHA224_CTX; - -void sha224_init(SHA224_CTX *ctx); -void sha224_update(SHA224_CTX *ctx, const uint8_t* data, size_t datalen); -void sha224_finish(SHA224_CTX *ctx, uint8_t dgst[SHA224_DIGEST_SIZE]); -void sha224_digest(const uint8_t *data, size_t datalen, - uint8_t dgst[SHA224_DIGEST_SIZE]); - - -#define SHA256_DIGEST_SIZE 32 -#define SHA256_BLOCK_SIZE 64 -#define SHA256_STATE_WORDS 8 - -typedef struct { - uint32_t state[SHA256_STATE_WORDS]; - uint64_t nblocks; - uint8_t block[SHA256_BLOCK_SIZE]; - size_t num; -} SHA256_CTX; - -void sha256_init(SHA256_CTX *ctx); -void sha256_update(SHA256_CTX *ctx, const uint8_t* data, size_t datalen); -void sha256_finish(SHA256_CTX *ctx, uint8_t dgst[SHA256_DIGEST_SIZE]); -void sha256_digest(const uint8_t *data, size_t datalen, - uint8_t dgst[SHA256_DIGEST_SIZE]); - - -#define SHA384_DIGEST_SIZE 48 -#define SHA384_BLOCK_SIZE 128 -#define SHA384_STATE_WORDS 8 - -typedef struct { - uint64_t state[SHA384_STATE_WORDS]; - uint64_t nblocks; - uint8_t block[SHA384_BLOCK_SIZE]; - size_t num; -} SHA384_CTX; - -void sha384_init(SHA384_CTX *ctx); -void sha384_update(SHA384_CTX *ctx, const uint8_t* data, size_t datalen); -void sha384_finish(SHA384_CTX *ctx, uint8_t dgst[SHA384_DIGEST_SIZE]); -void sha384_digest(const uint8_t *data, size_t datalen, - uint8_t dgst[SHA384_DIGEST_SIZE]); - - -#define SHA512_DIGEST_SIZE 64 -#define SHA512_BLOCK_SIZE 128 -#define SHA512_STATE_WORDS 8 - -typedef struct { - uint64_t state[SHA512_STATE_WORDS]; - uint64_t nblocks; - uint8_t block[SHA512_BLOCK_SIZE]; - size_t num; -} SHA512_CTX; - -void sha512_init(SHA512_CTX *ctx); -void sha512_update(SHA512_CTX *ctx, const uint8_t* data, size_t datalen); -void sha512_finish(SHA512_CTX *ctx, uint8_t dgst[SHA512_DIGEST_SIZE]); -void sha512_digest(const uint8_t *data, size_t datalen, - uint8_t dgst[SHA512_DIGEST_SIZE]); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sha3.h b/include/gmssl/sha3.h deleted file mode 100644 index cb546cc..0000000 --- a/include/gmssl/sha3.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_SHA3_H -#define GMSSL_SHA3_H - - -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SHA3_KECCAK_P_SIZE (1600/8) - -#define SHA3_224_DIGEST_SIZE (224/8) -#define SHA3_256_DIGEST_SIZE (256/8) -#define SHA3_384_DIGEST_SIZE (384/8) -#define SHA3_512_DIGEST_SIZE (512/8) - -#define SHA3_224_CAPACITY (SHA3_224_DIGEST_SIZE * 2) -#define SHA3_256_CAPACITY (SHA3_256_DIGEST_SIZE * 2) -#define SHA3_384_CAPACITY (SHA3_384_DIGEST_SIZE * 2) -#define SHA3_512_CAPACITY (SHA3_512_DIGEST_SIZE * 2) - -#define SHA3_224_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 144 -#define SHA3_256_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 136 -#define SHA3_384_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 104 -#define SHA3_512_BLOCK_SIZE (SHA3_KECCAK_P_SIZE - SHA3_224_CAPACITY) // 72 - - -typedef struct { - uint64_t A[5][5]; - uint8_t buf[SHA3_224_BLOCK_SIZE]; - int num; -} SHA3_224_CTX; - -void sha3_224_init(SHA3_224_CTX *ctx); -void sha3_224_update(SHA3_224_CTX *ctx, const uint8_t *data, size_t datalen); -void sha3_224_finish(SHA3_224_CTX *ctx, uint8_t dgst[SHA3_224_DIGEST_SIZE]); - -typedef struct { - uint64_t A[5][5]; - uint8_t buf[SHA3_256_BLOCK_SIZE]; - int num; -} SHA3_256_CTX; - -void sha3_256_init(SHA3_256_CTX *ctx); -void sha3_256_update(SHA3_256_CTX *ctx, const uint8_t *data, size_t datalen); -void sha3_256_finish(SHA3_256_CTX *ctx, uint8_t dgst[SHA3_256_DIGEST_SIZE]); - -typedef struct { - uint64_t A[5][5]; - uint8_t buf[SHA3_384_BLOCK_SIZE]; - int num; -} SHA3_384_CTX; - -void sha3_384_init(SHA3_384_CTX *ctx); -void sha3_384_update(SHA3_384_CTX *ctx, const uint8_t *data, size_t datalen); -void sha3_384_finish(SHA3_384_CTX *ctx, uint8_t dgst[SHA3_384_DIGEST_SIZE]); - -typedef struct { - uint64_t A[5][5]; - uint8_t buf[SHA3_512_BLOCK_SIZE]; - int num; -} SHA3_512_CTX; - -void sha3_512_init(SHA3_512_CTX *ctx); -void sha3_512_update(SHA3_512_CTX *ctx, const uint8_t *data, size_t datalen); -void sha3_512_finish(SHA3_512_CTX *ctx, uint8_t dgst[SHA3_512_DIGEST_SIZE]); - -void sha3_shake128(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out); -void sha3_shake256(const uint8_t *in, size_t *inlen, size_t outlen, uint8_t *out); -void sha3_keccak_p(uint8_t state[SHA3_KECCAK_P_SIZE]); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/skf.h b/include/gmssl/skf.h deleted file mode 100644 index 2f23de8..0000000 --- a/include/gmssl/skf.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_SKF_H -#define GMSSL_SKF_H - - -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -/* -SKF Public API - - skf_load_library - skf_unload_library - skf_list_devices - skf_print_device_info - - SKF_DEVICE - skf_open_device - skf_close_deivce - skf_set_label - skf_change_authkey - skf_list_apps - skf_create_app - skf_delete_app - skf_change_app_admin_pin - skf_change_app_user_pin - skf_unblock_user_pin - skf_list_objects - skf_import_object - skf_export_object - skf_delete_object - skf_list_containers - skf_create_container - skf_delete_container - skf_import_sign_cert - skf_export_sign_cert - skf_rand_bytes - skf_load_sign_key - - SKF_KEY - skf_sign - skf_release_key -*/ - -typedef struct { - void *handle; - char manufacturer[65]; - char issuer[65]; - char label[33]; - char serial[33]; - uint8_t hardware_version[2]; - uint8_t firmware_version[2]; -} SKF_DEVICE; - -typedef struct { - SM2_KEY public_key; - void *app_handle; - char app_name[65]; - void *container_handle; - char container_name[65]; -} SKF_KEY; - -int skf_load_library(const char *so_path, const char *vendor); -void skf_unload_library(void); - -int skf_list_devices(FILE *fp, int fmt, int ind, const char *label); -int skf_print_device_info(FILE *fp, int fmt, int ind, const char *devname); -int skf_open_device(SKF_DEVICE *dev, const char *devname, const uint8_t authkey[16]); -int skf_set_label(SKF_DEVICE *dev, const char *label); -int skf_change_authkey(SKF_DEVICE *dev, const uint8_t authkey[16]); -int skf_close_device(SKF_DEVICE *dev); - -int skf_list_apps(SKF_DEVICE *dev, int fmt, int ind, const char *label, FILE *fp); -int skf_create_app(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *user_pin); -int skf_delete_app(SKF_DEVICE *dev, const char *appname); -int skf_change_app_admin_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin); -int skf_change_app_user_pin(SKF_DEVICE *dev, const char *appname, const char *oid_pin, const char *new_pin); -int skf_unblock_user_pin(SKF_DEVICE *dev, const char *appname, const char *admin_pin, const char *new_user_pin); - -int skf_list_objects(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin); -int skf_import_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, const uint8_t *data, size_t datalen); -int skf_export_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname, uint8_t *out, size_t *outlen); -int skf_delete_object(SKF_DEVICE *dev, const char *appname, const char *pin, const char *objname); - -int skf_list_containers(FILE *fp, int fmt, int ind, const char *label, SKF_DEVICE *dev, const char *appname, const char *pin); -int skf_create_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name); -int skf_delete_container(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name); -int skf_import_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, const uint8_t *cert, size_t certlen); -int skf_export_sign_cert(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, uint8_t *cert, size_t *certlen); - -int skf_rand_bytes(SKF_DEVICE *dev, uint8_t *buf, size_t len); -int skf_load_sign_key(SKF_DEVICE *dev, const char *appname, const char *pin, const char *container_name, SKF_KEY *key); -int skf_sign(SKF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen); -int skf_release_key(SKF_KEY *key); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm2.h b/include/gmssl/sm2.h deleted file mode 100644 index 1d39fde..0000000 --- a/include/gmssl/sm2.h +++ /dev/null @@ -1,382 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_SM2_H -#define GMSSL_SM2_H - -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -/* -SM2 Public API - - SM2_DEFAULT_ID - SM2_MAX_ID_LENGTH - SM2_MAX_SIGNATURE_SIZE - SM2_MAX_PLAINTEXT_SIZE - SM2_MAX_CIPHERTEXT_SIZE - - SM2_KEY - sm2_key_generate - sm2_private_key_info_encrypt_to_der - sm2_private_key_info_decrypt_from_der - sm2_private_key_info_encrypt_to_pem - sm2_private_key_info_decrypt_from_pem - sm2_public_key_info_to_der - sm2_public_key_info_from_der - sm2_public_key_info_to_pem - sm2_public_key_info_from_pem - - sm2_sign - sm2_verify - sm2_encrypt - sm2_decrypt - sm2_ecdh - - SM2_SIGN_CTX - sm2_sign_init - sm2_sign_update - sm2_sign_finish - sm2_verify_init - sm2_verify_update - sm2_verify_finish -*/ - -typedef uint64_t SM2_BN[8]; - -int sm2_bn_is_zero(const SM2_BN a); -int sm2_bn_is_one(const SM2_BN a); -int sm2_bn_is_odd(const SM2_BN a); -int sm2_bn_cmp(const SM2_BN a, const SM2_BN b); -int sm2_bn_from_hex(SM2_BN r, const char hex[64]); -int sm2_bn_from_asn1_integer(SM2_BN r, const uint8_t *d, size_t dlen); -int sm2_bn_equ_hex(const SM2_BN a, const char *hex); -int sm2_bn_print(FILE *fp, int fmt, int ind, const char *label, const SM2_BN a); -int sm2_bn_rshift(SM2_BN ret, const SM2_BN a, unsigned int nbits); - -void sm2_bn_to_bytes(const SM2_BN a, uint8_t out[32]); -void sm2_bn_from_bytes(SM2_BN r, const uint8_t in[32]); -void sm2_bn_to_hex(const SM2_BN a, char hex[64]); -void sm2_bn_to_bits(const SM2_BN a, char bits[256]); -void sm2_bn_set_word(SM2_BN r, uint32_t a); -void sm2_bn_add(SM2_BN r, const SM2_BN a, const SM2_BN b); -void sm2_bn_sub(SM2_BN ret, const SM2_BN a, const SM2_BN b); -int sm2_bn_rand_range(SM2_BN r, const SM2_BN range); - -#define sm2_bn_init(r) memset((r),0,sizeof(SM2_BN)) -#define sm2_bn_set_zero(r) memset((r),0,sizeof(SM2_BN)) -#define sm2_bn_set_one(r) sm2_bn_set_word((r),1) -#define sm2_bn_copy(r,a) memcpy((r),(a),sizeof(SM2_BN)) -#define sm2_bn_clean(r) memset((r),0,sizeof(SM2_BN)) - - -// GF(p) -typedef SM2_BN SM2_Fp; - -void sm2_fp_add(SM2_Fp r, const SM2_Fp a, const SM2_Fp b); -void sm2_fp_sub(SM2_Fp r, const SM2_Fp a, const SM2_Fp b); -void sm2_fp_mul(SM2_Fp r, const SM2_Fp a, const SM2_Fp b); -void sm2_fp_exp(SM2_Fp r, const SM2_Fp a, const SM2_Fp e); -void sm2_fp_dbl(SM2_Fp r, const SM2_Fp a); -void sm2_fp_tri(SM2_Fp r, const SM2_Fp a); -void sm2_fp_div2(SM2_Fp r, const SM2_Fp a); -void sm2_fp_neg(SM2_Fp r, const SM2_Fp a); -void sm2_fp_sqr(SM2_Fp r, const SM2_Fp a); -void sm2_fp_inv(SM2_Fp r, const SM2_Fp a); -int sm2_fp_rand(SM2_Fp r); - -int sm2_fp_sqrt(SM2_Fp r, const SM2_Fp a); - -#define sm2_fp_init(r) sm2_bn_init(r) -#define sm2_fp_set_zero(r) sm2_bn_set_zero(r) -#define sm2_fp_set_one(r) sm2_bn_set_one(r) -#define sm2_fp_copy(r,a) sm2_bn_copy(r,a) -#define sm2_fp_clean(r) sm2_bn_clean(r) - -// GF(n) -typedef SM2_BN SM2_Fn; - -void sm2_fn_add(SM2_Fn r, const SM2_Fn a, const SM2_Fn b); -void sm2_fn_sub(SM2_Fn r, const SM2_Fn a, const SM2_Fn b); -void sm2_fn_mul(SM2_Fn r, const SM2_Fn a, const SM2_Fn b); -void sm2_fn_mul_word(SM2_Fn r, const SM2_Fn a, uint32_t b); -void sm2_fn_exp(SM2_Fn r, const SM2_Fn a, const SM2_Fn e); -void sm2_fn_neg(SM2_Fn r, const SM2_Fn a); -void sm2_fn_sqr(SM2_Fn r, const SM2_Fn a); -void sm2_fn_inv(SM2_Fn r, const SM2_Fn a); -int sm2_fn_rand(SM2_Fn r); - -#define sm2_fn_init(r) sm2_bn_init(r) -#define sm2_fn_set_zero(r) sm2_bn_set_zero(r) -#define sm2_fn_set_one(r) sm2_bn_set_one(r) -#define sm2_fn_copy(r,a) sm2_bn_copy(r,a) -#define sm2_fn_clean(r) sm2_bn_clean(r) - - -typedef struct { - SM2_BN X; - SM2_BN Y; - SM2_BN Z; -} SM2_JACOBIAN_POINT; - -void sm2_jacobian_point_init(SM2_JACOBIAN_POINT *R); -void sm2_jacobian_point_set_xy(SM2_JACOBIAN_POINT *R, const SM2_BN x, const SM2_BN y); -void sm2_jacobian_point_get_xy(const SM2_JACOBIAN_POINT *P, SM2_BN x, SM2_BN y); -void sm2_jacobian_point_neg(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P); -void sm2_jacobian_point_dbl(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P); -void sm2_jacobian_point_add(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q); -void sm2_jacobian_point_sub(SM2_JACOBIAN_POINT *R, const SM2_JACOBIAN_POINT *P, const SM2_JACOBIAN_POINT *Q); -void sm2_jacobian_point_mul(SM2_JACOBIAN_POINT *R, const SM2_BN k, const SM2_JACOBIAN_POINT *P); -void sm2_jacobian_point_to_bytes(const SM2_JACOBIAN_POINT *P, uint8_t out[64]); -void sm2_jacobian_point_from_bytes(SM2_JACOBIAN_POINT *P, const uint8_t in[64]); -void sm2_jacobian_point_mul_generator(SM2_JACOBIAN_POINT *R, const SM2_BN k); -void sm2_jacobian_point_mul_sum(SM2_JACOBIAN_POINT *R, const SM2_BN t, const SM2_JACOBIAN_POINT *P, const SM2_BN s); -void sm2_jacobian_point_from_hex(SM2_JACOBIAN_POINT *P, const char hex[64 * 2]); // for testing only - -int sm2_jacobian_point_is_at_infinity(const SM2_JACOBIAN_POINT *P); -int sm2_jacobian_point_is_on_curve(const SM2_JACOBIAN_POINT *P); -int sm2_jacobian_point_equ_hex(const SM2_JACOBIAN_POINT *P, const char hex[128]); // for testing only -int sm2_jacobian_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_JACOBIAN_POINT *P); - -#define sm2_jacobian_point_set_infinity(R) sm2_jacobian_point_init(R) -#define sm2_jacobian_point_copy(R, P) memcpy((R), (P), sizeof(SM2_JACOBIAN_POINT)) - -typedef uint8_t sm2_bn_t[32]; - -typedef struct { - uint8_t x[32]; - uint8_t y[32]; -} SM2_POINT; - -#define sm2_point_init(P) memset((P),0,sizeof(SM2_POINT)) -#define sm2_point_set_infinity(P) sm2_point_init(P) -int sm2_point_from_octets(SM2_POINT *P, const uint8_t *in, size_t inlen); -void sm2_point_to_compressed_octets(const SM2_POINT *P, uint8_t out[33]); -void sm2_point_to_uncompressed_octets(const SM2_POINT *P, uint8_t out[65]); - -int sm2_point_from_x(SM2_POINT *P, const uint8_t x[32], int y); -int sm2_point_from_xy(SM2_POINT *P, const uint8_t x[32], const uint8_t y[32]); -int sm2_point_is_on_curve(const SM2_POINT *P); -int sm2_point_is_at_infinity(const SM2_POINT *P); -int sm2_point_add(SM2_POINT *R, const SM2_POINT *P, const SM2_POINT *Q); -int sm2_point_sub(SM2_POINT *R, const SM2_POINT *P, const SM2_POINT *Q); -int sm2_point_neg(SM2_POINT *R, const SM2_POINT *P); -int sm2_point_dbl(SM2_POINT *R, const SM2_POINT *P); -int sm2_point_mul(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P); -int sm2_point_mul_generator(SM2_POINT *R, const uint8_t k[32]); -int sm2_point_mul_sum(SM2_POINT *R, const uint8_t k[32], const SM2_POINT *P, const uint8_t s[32]); // R = k * P + s * G - -/* -RFC 5480 Elliptic Curve Cryptography Subject Public Key Information -ECPoint ::= OCTET STRING -*/ -#define SM2_POINT_MAX_SIZE (2 + 65) -int sm2_point_to_der(const SM2_POINT *P, uint8_t **out, size_t *outlen); -int sm2_point_from_der(SM2_POINT *P, const uint8_t **in, size_t *inlen); -int sm2_point_print(FILE *fp, int fmt, int ind, const char *label, const SM2_POINT *P); -int sm2_point_from_hash(SM2_POINT *R, const uint8_t *data, size_t datalen); - - -typedef struct { - SM2_POINT public_key; - uint8_t private_key[32]; -} SM2_KEY; - - -_gmssl_export int sm2_key_generate(SM2_KEY *key); -int sm2_key_set_private_key(SM2_KEY *key, const uint8_t private_key[32]); // key->public_key will be replaced -int sm2_key_set_public_key(SM2_KEY *key, const SM2_POINT *public_key); // key->private_key will be cleared // FIXME: support octets as input? -int sm2_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *key); - -int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key); -//int sm2_public_key_copy(SM2_KEY *sm2_key, const SM2_KEY *pub_key); // do we need this? -int sm2_public_key_digest(const SM2_KEY *key, uint8_t dgst[32]); -int sm2_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY *pub_key); - -/* -from RFC 5915 - -ECPrivateKey ::= SEQUENCE { - version INTEGER, -- value MUST be (1) - privateKey OCTET STRING, -- big endian encoding of integer 这里不是以INTEGER编码的,因此长度固定 - parameters [0] EXPLICIT ECParameters OPTIONAL, - -- ONLY namedCurve OID is permitted, by RFC 5480 - -- MUST always include this field, by RFC 5915 - publicKey [1] EXPLICIT BIT STRING OPTIONAL -- compressed_point - -- SHOULD always include this field, by RFC 5915 } - -ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER } -*/ -#define SM2_PRIVATE_KEY_DEFAULT_SIZE 120 // generated -#define SM2_PRIVATE_KEY_BUF_SIZE 512 // MUST >= SM2_PRIVATE_KEY_DEFAULT_SIZE - -int sm2_private_key_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen); -int sm2_private_key_from_der(SM2_KEY *key, const uint8_t **in, size_t *inlen); -int sm2_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); -int sm2_private_key_to_pem(const SM2_KEY *key, FILE *fp); -int sm2_private_key_from_pem(SM2_KEY *key, FILE *fp); - -/* -AlgorithmIdentifier ::= { - algorithm OBJECT IDENTIFIER { id-ecPublicKey }, - parameters OBJECT IDENTIFIER { id-sm2 } } -*/ -int sm2_public_key_algor_to_der(uint8_t **out, size_t *outlen); -int sm2_public_key_algor_from_der(const uint8_t **in, size_t *inlen); - -/* -SubjectPublicKeyInfo from RFC 5280 - -SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING -- uncompressed octets of ECPoint } -*/ -_gmssl_export int sm2_public_key_info_to_der(const SM2_KEY *a, uint8_t **out, size_t *outlen); -_gmssl_export int sm2_public_key_info_from_der(SM2_KEY *a, const uint8_t **in, size_t *inlen); -_gmssl_export int sm2_public_key_info_to_pem(const SM2_KEY *a, FILE *fp); -_gmssl_export int sm2_public_key_info_from_pem(SM2_KEY *a, FILE *fp); - -/* -PKCS #8 PrivateKeyInfo from RFC 5208 - -PrivateKeyInfo ::= SEQUENCE { - version Version { v1(0) }, - privateKeyAlgorithm AlgorithmIdentifier, - privateKey OCTET STRING, -- DER-encoding of ECPrivateKey - attributes [0] IMPLICIT SET OF Attribute OPTIONAL } -*/ -enum { - PKCS8_private_key_info_version = 0, -}; - - -int sm2_private_key_info_to_der(const SM2_KEY *key, uint8_t **out, size_t *outlen); -int sm2_private_key_info_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrslen, const uint8_t **in, size_t *inlen); -int sm2_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); -int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp); -// FIXME: #define default buffer size for sm2_private_key_info_from_pem -int sm2_private_key_info_from_pem(SM2_KEY *key, FILE *fp); - -/* -EncryptedPrivateKeyInfo ::= SEQUENCE { - encryptionAlgorithm EncryptionAlgorithmIdentifier, -- id-PBES2 - encryptedData OCTET STRING } -*/ -_gmssl_export int sm2_private_key_info_encrypt_to_der(const SM2_KEY *key, - const char *pass, uint8_t **out, size_t *outlen); -_gmssl_export int sm2_private_key_info_decrypt_from_der(SM2_KEY *key, const uint8_t **attrs, size_t *attrs_len, - const char *pass, const uint8_t **in, size_t *inlen); -_gmssl_export int sm2_private_key_info_encrypt_to_pem(const SM2_KEY *key, const char *pass, FILE *fp); -// FIXME: #define default buffer size -_gmssl_export int sm2_private_key_info_decrypt_from_pem(SM2_KEY *key, const char *pass, FILE *fp); - - -typedef struct { - uint8_t r[32]; - uint8_t s[32]; -} SM2_SIGNATURE; - -int sm2_do_sign(const SM2_KEY *key, const uint8_t dgst[32], SM2_SIGNATURE *sig); -int sm2_do_sign_fast(const SM2_Fn d, const uint8_t dgst[32], SM2_SIGNATURE *sig); -int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig); - - -#define SM2_MIN_SIGNATURE_SIZE 8 -#define SM2_MAX_SIGNATURE_SIZE 72 -int sm2_signature_to_der(const SM2_SIGNATURE *sig, uint8_t **out, size_t *outlen); -int sm2_signature_from_der(SM2_SIGNATURE *sig, const uint8_t **in, size_t *inlen); -int sm2_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen); -_gmssl_export int sm2_sign(const SM2_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen); -_gmssl_export int sm2_verify(const SM2_KEY *key, const uint8_t dgst[32], const uint8_t *sig, size_t siglen); - -enum { - SM2_signature_compact_size = 70, - SM2_signature_typical_size = 71, - SM2_signature_max_size = 72, -}; -int sm2_sign_fixlen(const SM2_KEY *key, const uint8_t dgst[32], size_t siglen, uint8_t *sig); - -#define SM2_DEFAULT_ID "1234567812345678" -#define SM2_DEFAULT_ID_LENGTH (sizeof(SM2_DEFAULT_ID) - 1) // LENGTH for string and SIZE for bytes -#define SM2_DEFAULT_ID_BITS (SM2_DEFAULT_ID_LENGTH * 8) -#define SM2_MAX_ID_BITS 65535 -#define SM2_MAX_ID_LENGTH (SM2_MAX_ID_BITS/8) - -int sm2_compute_z(uint8_t z[32], const SM2_POINT *pub, const char *id, size_t idlen); - - -typedef struct { - SM3_CTX sm3_ctx; - SM2_KEY key; -} SM2_SIGN_CTX; - -_gmssl_export int sm2_sign_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen); -_gmssl_export int sm2_sign_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -_gmssl_export int sm2_sign_finish(SM2_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen); -int sm2_sign_finish_fixlen(SM2_SIGN_CTX *ctx, size_t siglen, uint8_t *sig); - -_gmssl_export int sm2_verify_init(SM2_SIGN_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen); -_gmssl_export int sm2_verify_update(SM2_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -_gmssl_export int sm2_verify_finish(SM2_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen); - -/* -SM2Cipher ::= SEQUENCE { - XCoordinate INTEGER, - YCoordinate INTEGER, - HASH OCTET STRING SIZE(32), - CipherText OCTET STRING } -*/ -#define SM2_MIN_PLAINTEXT_SIZE 1 // re-compute SM2_MIN_CIPHERTEXT_SIZE when modify -#define SM2_MAX_PLAINTEXT_SIZE 255 // re-compute SM2_MAX_CIPHERTEXT_SIZE when modify - -typedef struct { - SM2_POINT point; - uint8_t hash[32]; - uint8_t ciphertext_size; - uint8_t ciphertext[SM2_MAX_PLAINTEXT_SIZE]; -} SM2_CIPHERTEXT; - -int sm2_do_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, SM2_CIPHERTEXT *out); -int sm2_do_decrypt(const SM2_KEY *key, const SM2_CIPHERTEXT *in, uint8_t *out, size_t *outlen); - -#define SM2_MIN_CIPHERTEXT_SIZE 45 // depends on SM2_MIN_PLAINTEXT_SIZE -#define SM2_MAX_CIPHERTEXT_SIZE 366 // depends on SM2_MAX_PLAINTEXT_SIZE -int sm2_ciphertext_to_der(const SM2_CIPHERTEXT *c, uint8_t **out, size_t *outlen); -int sm2_ciphertext_from_der(SM2_CIPHERTEXT *c, const uint8_t **in, size_t *inlen); -int sm2_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); -_gmssl_export int sm2_encrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -_gmssl_export int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); - -enum { - SM2_ciphertext_compact_point_size = 68, - SM2_ciphertext_typical_point_size = 69, - SM2_ciphertext_max_point_size = 70, -}; -int sm2_do_encrypt_fixlen(const SM2_KEY *key, const uint8_t *in, size_t inlen, int point_size, SM2_CIPHERTEXT *out); -int sm2_encrypt_fixlen(const SM2_KEY *key, const uint8_t *in, size_t inlen, int point_size, uint8_t *out, size_t *outlen); - - -int sm2_do_ecdh(const SM2_KEY *key, const SM2_POINT *peer_public, SM2_POINT *out); -_gmssl_export int sm2_ecdh(const SM2_KEY *key, const uint8_t *peer_public, size_t peer_public_len, SM2_POINT *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm2_blind.h b/include/gmssl/sm2_blind.h deleted file mode 100644 index db34aff..0000000 --- a/include/gmssl/sm2_blind.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ -#ifndef GMSSL_SM2_BLIND_H -#define GMSSL_SM2_BLIND_H - -#include -#include -#include -#include -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct { - SM3_CTX sm3_ctx; - SM2_KEY public_key; - uint8_t blind_factor_a[32]; - uint8_t blind_factor_b[32]; - uint8_t sig_r[32]; -} SM2_BLIND_SIGN_CTX; - - -#define SM2_BLIND_SIGN_MAX_COMMITLEN 65 - -int sm2_blind_sign_commit(SM2_Fn k, uint8_t *commit, size_t *commitlen); -int sm2_blind_sign_init(SM2_BLIND_SIGN_CTX *ctx, const SM2_KEY *public_key, const char *id, size_t idlen); -int sm2_blind_sign_update(SM2_BLIND_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -int sm2_blind_sign_finish(SM2_BLIND_SIGN_CTX *ctx, const uint8_t *commit, size_t commitlen, uint8_t blinded_sig_r[32]); -int sm2_blind_sign(const SM2_KEY *key, const SM2_Fn k, const uint8_t blinded_sig_r[32], uint8_t blinded_sig_s[32]); -int sm2_blind_sign_unblind(SM2_BLIND_SIGN_CTX *ctx, const uint8_t blinded_sig_s[32], uint8_t *sig, size_t *siglen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm2_commit.h b/include/gmssl/sm2_commit.h deleted file mode 100644 index 6df8958..0000000 --- a/include/gmssl/sm2_commit.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ -#ifndef GMSSL_SM2_COMMIT_H -#define GMSSL_SM2_COMMIT_H - - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -int sm2_commit_generate(const uint8_t x[32], uint8_t r[32], uint8_t commit[65], size_t *commitlen); -int sm2_commit_open(const uint8_t x[32], const uint8_t r[32], const uint8_t *commit, size_t commitlen); -int sm2_commit_vector_generate(const sm2_bn_t *x, size_t count, uint8_t r[32], uint8_t commit[65], size_t *commitlen); -int sm2_commit_vector_open(const sm2_bn_t *x, size_t count, const uint8_t r[32], const uint8_t *commit, size_t commitlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm2_elgamal.h b/include/gmssl/sm2_elgamal.h deleted file mode 100644 index e9ee7a9..0000000 --- a/include/gmssl/sm2_elgamal.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_SM2_ELGAMAL_H -#define GMSSL_SM2_ELGAMAL_H - - -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SM2_PRE_COMPUTE_MAX_OFFSETS 6 - -typedef struct { - uint16_t offset[SM2_PRE_COMPUTE_MAX_OFFSETS]; - uint8_t offset_count; - uint8_t x_coordinate[32]; -} SM2_PRE_COMPUTE; - -int sm2_elgamal_decrypt_pre_compute(SM2_PRE_COMPUTE table[1<<16]); -int sm2_elgamal_solve_ecdlp(const SM2_PRE_COMPUTE table[1<<16], const SM2_POINT *point, uint32_t *private); - - -typedef struct { - SM2_POINT C1; - SM2_POINT C2; -} SM2_ELGAMAL_CIPHERTEXT; - -int sm2_elgamal_do_encrypt(const SM2_KEY *pub_key, uint32_t in, SM2_ELGAMAL_CIPHERTEXT *out); -int sm2_elgamal_do_decrypt(const SM2_KEY *key, const SM2_ELGAMAL_CIPHERTEXT *in, uint32_t *out); - -int sm2_elgamal_ciphertext_add(SM2_ELGAMAL_CIPHERTEXT *r, - const SM2_ELGAMAL_CIPHERTEXT *a, - const SM2_ELGAMAL_CIPHERTEXT *b, - const SM2_KEY *pub_key); -int sm2_elgamal_cipehrtext_sub(SM2_ELGAMAL_CIPHERTEXT *r, - const SM2_ELGAMAL_CIPHERTEXT *a, const SM2_ELGAMAL_CIPHERTEXT *b, - const SM2_KEY *pub_key); -int sm2_elgamal_cipehrtext_neg(SM2_ELGAMAL_CIPHERTEXT *r, - const SM2_ELGAMAL_CIPHERTEXT *a, const SM2_KEY *pub_key); -int sm2_elgamal_ciphertext_scalar_mul(SM2_ELGAMAL_CIPHERTEXT *R, - const uint8_t scalar[32], const SM2_ELGAMAL_CIPHERTEXT *A, - const SM2_KEY *pub_key); - -int sm2_elgamal_ciphertext_to_der(const SM2_ELGAMAL_CIPHERTEXT *c, uint8_t **out, size_t *outlen); -int sm2_elgamal_ciphertext_from_der(SM2_ELGAMAL_CIPHERTEXT *c, const uint8_t **in, size_t *inlen); - -int sm2_elgamal_encrypt(const SM2_KEY *pub_key, uint32_t in, uint8_t *out, size_t *outlen); -int sm2_elgamal_decrypt(SM2_KEY *key, const uint8_t *in, size_t inlen, uint32_t *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm2_key_share.h b/include/gmssl/sm2_key_share.h deleted file mode 100644 index 7288d32..0000000 --- a/include/gmssl/sm2_key_share.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -// SM2 Key Shamir Secret Sharing - - -#ifndef GMSSL_SM2_KEY_SHARE_H -#define GMSSL_SM2_KEY_SHARE_H - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SM2_KEY_MAX_SHARES 12 // 12! = 479001600 < 2^31 = 2147483648 - - -typedef struct { - SM2_KEY key; - size_t index; - size_t total_cnt; -} SM2_KEY_SHARE; - -int sm2_key_split(const SM2_KEY *key, size_t recover_cnt, size_t total_cnt, SM2_KEY_SHARE *shares); -int sm2_key_recover(SM2_KEY *key, const SM2_KEY_SHARE *shares, size_t shares_cnt); -int sm2_key_share_encrypt_to_file(const SM2_KEY_SHARE *share, const char *pass, const char *path_prefix); -int sm2_key_share_decrypt_from_file(SM2_KEY_SHARE *share, const char *pass, const char *file); -int sm2_key_share_print(FILE *fp, int fmt, int ind, const char *label, const SM2_KEY_SHARE *share); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm2_recover.h b/include/gmssl/sm2_recover.h deleted file mode 100644 index 92d2c01..0000000 --- a/include/gmssl/sm2_recover.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_SM2_RECOVER_H -#define GMSSL_SM2_RECOVER_H - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -int sm2_signature_to_public_key_points(const SM2_SIGNATURE *sig, const uint8_t dgst[32], - SM2_POINT points[4], size_t *points_cnt); -int sm2_signature_conjugate(const SM2_SIGNATURE *sig, SM2_SIGNATURE *new_sig); - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm2_ring.h b/include/gmssl/sm2_ring.h deleted file mode 100644 index 6ce4e49..0000000 --- a/include/gmssl/sm2_ring.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_SM2_RING_H -#define GMSSL_SM2_RING_H - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef uint8_t sm2_bn_t[32]; - -int sm2_ring_do_sign(const SM2_KEY *sign_key, const SM2_POINT *public_keys, size_t public_keys_cnt, - const uint8_t dgst[32], uint8_t r[32], sm2_bn_t *s); -int sm2_ring_do_verify(const SM2_POINT *public_keys, size_t public_keys_cnt, - const uint8_t dgst[32], const uint8_t r[32], const sm2_bn_t *s); -int sm2_ring_signature_to_der(const sm2_bn_t r, const sm2_bn_t *s, size_t s_cnt, uint8_t **out, size_t *outlen); -int sm2_ring_signature_from_der(sm2_bn_t r, sm2_bn_t *s, size_t *s_cnt, const uint8_t **in, size_t *inlen); -int sm2_ring_sign(const SM2_KEY *sign_key, const SM2_POINT *public_keys, size_t public_keys_cnt, - const uint8_t dgst[32], uint8_t *sig, size_t *siglen); -int sm2_ring_verify(const SM2_POINT *public_keys, size_t public_keys_cnt, - const uint8_t dgst[32], const uint8_t *sig, size_t siglen); - - -#define SM2_RING_SIGN_MAX_SIGNERS 32 -typedef struct { - int state; - SM3_CTX sm3_ctx; - SM2_KEY sign_key; - SM2_POINT public_keys[SM2_RING_SIGN_MAX_SIGNERS]; - size_t public_keys_count; - char *id; - size_t idlen; -} SM2_RING_SIGN_CTX; - -int sm2_ring_sign_init(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *sign_key, const char *id, size_t idlen); -int sm2_ring_sign_add_signer(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *public_key); -int sm2_ring_sign_update(SM2_RING_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -int sm2_ring_sign_finish(SM2_RING_SIGN_CTX *ctx, uint8_t *sig, size_t *siglen); -int sm2_ring_verify_init(SM2_RING_SIGN_CTX *ctx, const char *id, size_t idlen); -int sm2_ring_verify_add_signer(SM2_RING_SIGN_CTX *ctx, const SM2_KEY *public_key); -int sm2_ring_verify_update(SM2_RING_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -int sm2_ring_verify_finish(SM2_RING_SIGN_CTX *ctx, uint8_t *sig, size_t siglen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm3.h b/include/gmssl/sm3.h deleted file mode 100644 index ba02da8..0000000 --- a/include/gmssl/sm3.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_SM3_H -#define GMSSL_SM3_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* -SM3 Public API - - SM3_DIGEST_SIZE - SM3_HMAC_SIZE - - SM3_CTX - sm3_init - sm3_update - sm3_finish - - SM3_HMAC_CTX - sm3_hmac_init - sm3_hmac_update - sm3_hmac_finish - - sm3_digest - sm3_hmac -*/ - -#define SM3_IS_BIG_ENDIAN 1 - -#define SM3_DIGEST_SIZE 32 -#define SM3_BLOCK_SIZE 64 -#define SM3_STATE_WORDS 8 -#define SM3_HMAC_SIZE (SM3_DIGEST_SIZE) - - -typedef struct { - uint32_t digest[SM3_STATE_WORDS]; - uint64_t nblocks; - uint8_t block[SM3_BLOCK_SIZE]; - size_t num; -} SM3_CTX; - -void sm3_init(SM3_CTX *ctx); -void sm3_update(SM3_CTX *ctx, const uint8_t *data, size_t datalen); -void sm3_finish(SM3_CTX *ctx, uint8_t dgst[SM3_DIGEST_SIZE]); -void sm3_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SM3_DIGEST_SIZE]); - -void sm3_compress_blocks(uint32_t digest[8], const uint8_t *data, size_t blocks); - -typedef struct { - SM3_CTX sm3_ctx; - uint8_t key[SM3_BLOCK_SIZE]; -} SM3_HMAC_CTX; - -void sm3_hmac_init(SM3_HMAC_CTX *ctx, const uint8_t *key, size_t keylen); -void sm3_hmac_update(SM3_HMAC_CTX *ctx, const uint8_t *data, size_t datalen); -void sm3_hmac_finish(SM3_HMAC_CTX *ctx, uint8_t mac[SM3_HMAC_SIZE]); -void sm3_hmac(const uint8_t *key, size_t keylen, - const uint8_t *data, size_t datalen, - uint8_t mac[SM3_HMAC_SIZE]); - - -typedef struct { - SM3_CTX sm3_ctx; - size_t outlen; -} SM3_KDF_CTX; - -void sm3_kdf_init(SM3_KDF_CTX *ctx, size_t outlen); -void sm3_kdf_update(SM3_KDF_CTX *ctx, const uint8_t *data, size_t datalen); -void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm3_rng.h b/include/gmssl/sm3_rng.h deleted file mode 100644 index 418ddf3..0000000 --- a/include/gmssl/sm3_rng.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_SM3_RNG_H -#define GMSSL_SM3_RNG_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SM3_RNG_MAX_RESEED_COUNTER (1<<20) -#define SM3_RNG_MAX_RESEED_SECONDS 600 - - -typedef struct { - uint8_t V[55]; - uint8_t C[55]; - uint32_t reseed_counter; - time_t last_reseed_time; -} SM3_RNG; - -int sm3_rng_init(SM3_RNG *rng, const uint8_t *nonce, size_t nonce_len, - const uint8_t *label, size_t label_len); -int sm3_rng_reseed(SM3_RNG *rng, const uint8_t *addin, size_t addin_len); -int sm3_rng_generate(SM3_RNG *rng, const uint8_t *addin, size_t addin_len, - uint8_t *out, size_t outlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm3_x8_avx2.h b/include/gmssl/sm3_x8_avx2.h deleted file mode 100644 index f3674c2..0000000 --- a/include/gmssl/sm3_x8_avx2.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_SM3_X8_AVX2_H -#define GMSSL_SM3_X8_AVX2_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct { - __m256i digest[8]; -} SM3_X8_CTX; - -void sm3_x8_init(SM3_X8_CTX *ctx); -void sm3_x8_compress_blocks(__m256i digest[8], const uint8_t *data, size_t datalen); -void sm3_x8_digest(const uint8_t *data, size_t datalen, uint8_t dgst[8][32]); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm4.h b/include/gmssl/sm4.h deleted file mode 100644 index d4c4678..0000000 --- a/include/gmssl/sm4.h +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_SM4_H -#define GMSSL_SM4_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -/* -SM4 Public API - - SM4_KEY_SIZE - SM4_BLOCK_SIZE - - SM4_CBC_CTX - sm4_cbc_encrypt_init - sm4_cbc_encrypt_update - sm4_cbc_encrypt_finish - sm4_cbc_decrypt_init - sm4_cbc_decrypt_update - sm4_cbc_decrypt_finish - - SM4_CTR_CTX - sm4_ctr_encrypt_init - sm4_ctr_encrypt_update - sm4_ctr_encrypt_finish - sm4_ctr_decrypt_init - sm4_ctr_decrypt_update - sm4_ctr_decrypt_finish -*/ - -#define SM4_KEY_SIZE (16) -#define SM4_BLOCK_SIZE (16) -#define SM4_NUM_ROUNDS (32) - - -typedef struct { - uint32_t rk[SM4_NUM_ROUNDS]; -} SM4_KEY; - -void sm4_set_encrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]); -void sm4_set_decrypt_key(SM4_KEY *key, const uint8_t raw_key[SM4_KEY_SIZE]); -void sm4_encrypt(const SM4_KEY *key, const uint8_t in[SM4_BLOCK_SIZE], uint8_t out[SM4_BLOCK_SIZE]); -#define sm4_decrypt(key,in,out) sm4_encrypt(key,in,out) - - -void sm4_cbc_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE], - const uint8_t *in, size_t nblocks, uint8_t *out); -void sm4_cbc_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE], - const uint8_t *in, size_t nblocks, uint8_t *out); -int sm4_cbc_padding_encrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE], - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int sm4_cbc_padding_decrypt(const SM4_KEY *key, const uint8_t iv[SM4_BLOCK_SIZE], - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); - - -void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[SM4_BLOCK_SIZE], - const uint8_t *in, size_t inlen, uint8_t *out); -#define sm4_ctr_decrypt(key,ctr,in,inlen,out) sm4_ctr_encrypt(key,ctr,in,inlen,out) - - -#define SM4_GCM_IV_MIN_SIZE 1 -#define SM4_GCM_IV_MAX_SIZE (((uint64_t)1 << (64-3)) - 1) // 2305843009213693951 - -#define SM4_GCM_IV_DEFAULT_BITS 96 -#define SM4_GCM_IV_DEFAULT_SIZE 12 - -//#define NIST_SP800_GCM_MAX_IV_SIZE (((uint64_t)1 << (64-3)) - 1) // 2305843009213693951 - -#define SM4_GCM_MAX_IV_SIZE 64 -#define SM4_GCM_MIN_IV_SIZE 1 -#define SM4_GCM_DEFAULT_IV_SIZE 12 - -#define SM4_GCM_MIN_AAD_SIZE 0 -#define SM4_GCM_MAX_AAD_SIZE (((uint64_t)1 << (64-3)) - 1) // 2305843009213693951 - -#define SM4_GCM_MIN_PLAINTEXT_SIZE 0 -#define SM4_GCM_MAX_PLAINTEXT_SIZE ((((uint64_t)1 << 39) - 256) >> 3) // 68719476704 - -#define SM4_GCM_MAX_TAG_SIZE 16 -#define SM4_GCM_MIN_TAG_SIZE 12 -// For certain applications (voice or video), tag may be 64 or 32 bits -// see NIST Special Publication 800-38D, Appendix C for more details - - -int sm4_gcm_encrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen, - uint8_t *out, size_t taglen, uint8_t *tag); -int sm4_gcm_decrypt(const SM4_KEY *key, const uint8_t *iv, size_t ivlen, - const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen, - const uint8_t *tag, size_t taglen, uint8_t *out); - - -typedef struct { - SM4_KEY sm4_key; - uint8_t iv[SM4_BLOCK_SIZE]; - uint8_t block[SM4_BLOCK_SIZE]; - size_t block_nbytes; -} SM4_CBC_CTX; - -int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]); -int sm4_cbc_encrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int sm4_cbc_encrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen); - -int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]); -int sm4_cbc_decrypt_update(SM4_CBC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int sm4_cbc_decrypt_finish(SM4_CBC_CTX *ctx, uint8_t *out, size_t *outlen); - - -typedef struct { - SM4_KEY sm4_key; - uint8_t ctr[SM4_BLOCK_SIZE]; - uint8_t block[SM4_BLOCK_SIZE]; - size_t block_nbytes; -} SM4_CTR_CTX; - -int sm4_ctr_encrypt_init(SM4_CTR_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t ctr[SM4_BLOCK_SIZE]); -int sm4_ctr_encrypt_update(SM4_CTR_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int sm4_ctr_encrypt_finish(SM4_CTR_CTX *ctx, uint8_t *out, size_t *outlen); - -#define sm4_ctr_decrypt_init(ctx,key,ctr) sm4_ctr_encrypt_init(ctx,key,ctr) -#define sm4_ctr_decrypt_update(ctx,in,inlen,out,outlen) sm4_ctr_encrypt_update(ctx,in,inlen,out,outlen) -#define sm4_ctr_decrypt_finish(ctx,out,outlen) sm4_ctr_encrypt_finish(ctx,out,outlen) - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm4_cbc_mac.h b/include/gmssl/sm4_cbc_mac.h deleted file mode 100644 index e803c8d..0000000 --- a/include/gmssl/sm4_cbc_mac.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_SM4_CBC_MAC_H -#define GMSSL_SM4_CBC_MAC_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -typedef struct { - SM4_KEY key; - uint8_t iv[16]; - size_t ivlen; -} SM4_CBC_MAC_CTX; - -void sm4_cbc_mac_init(SM4_CBC_MAC_CTX *ctx, const uint8_t key[16]); -void sm4_cbc_mac_update(SM4_CBC_MAC_CTX *ctx, const uint8_t *data, size_t datalen); -void sm4_cbc_mac_finish(SM4_CBC_MAC_CTX *ctx, uint8_t mac[16]); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm4_cl.h b/include/gmssl/sm4_cl.h deleted file mode 100644 index 5f1ca13..0000000 --- a/include/gmssl/sm4_cl.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_SM4_CL_H -#define GMSSL_SM4_CL_H - - -#ifdef __cplusplus -extern "C" { -#endif - -#include -#include -#include -#include -#include - - -#ifdef APPLE -#include -#else -#include -#endif - - -typedef struct { - uint32_t rk[32]; - cl_context context; - cl_command_queue queue; - cl_program program; - cl_kernel kernel; - cl_mem mem_rk; - cl_mem mem_io; - size_t workgroup_size; -} SM4_CL_CTX; - - -int sm4_cl_set_encrypt_key(SM4_CL_CTX *ctx, const uint8_t key[16]); -int sm4_cl_set_decrypt_key(SM4_CL_CTX *ctx, const uint8_t key[16]); -int sm4_cl_encrypt(SM4_CL_CTX *ctx, const uint8_t *in, size_t nblocks, uint8_t *out); -void sm4_cl_cleanup(SM4_CL_CTX *ctx); - -int test_sm4_cl_encrypt(void); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm4_rng.h b/include/gmssl/sm4_rng.h deleted file mode 100644 index 67e86dc..0000000 --- a/include/gmssl/sm4_rng.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - -#ifndef GMSSL_SM4_RNG_H -#define GMSSL_SM4_RNG_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -#define SM4_RNG_MAX_RESEED_COUNTER (1<<20) -#define SM4_RNG_MAX_RESEED_SECONDS 600 - -typedef struct { - uint8_t V[16]; - uint8_t K[16]; - uint32_t reseed_counter; - time_t last_reseed_time; -} SM4_RNG; - - -int sm4_rng_init(SM4_RNG *rng, const uint8_t *nonce, size_t nonce_len, - const uint8_t *label, size_t label_len); -int sm4_rng_update(SM4_RNG *rng, const uint8_t seed[32]); -int sm4_rng_reseed(SM4_RNG *rng, const uint8_t *addin, size_t addin_len); -int sm4_rng_generate(SM4_RNG *rng, const uint8_t *addin, size_t addin_len, - uint8_t *out, size_t outlen); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/sm9.h b/include/gmssl/sm9.h deleted file mode 100644 index bda9189..0000000 --- a/include/gmssl/sm9.h +++ /dev/null @@ -1,561 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#include -#include -#include -#include -#include -#include - - -#ifndef GMSSL_SM9_H -#define GMSSL_SM9_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* -SM9 Public API - - SM9_SIGNATURE_SIZE - SM9_MAX_PLAINTEXT_SIZE - SM9_MAX_CIPHERTEXT_SIZE - - SM9_SIGN_MASTER_KEY - sm9_sign_master_key_generate - sm9_sign_master_key_extract_key - sm9_sign_master_key_info_encrypt_to_der - sm9_sign_master_key_info_decrypt_from_der - sm9_sign_master_key_info_encrypt_to_pem - sm9_sign_master_key_info_decrypt_from_pem - sm9_sign_master_public_key_to_der - sm9_sign_master_public_key_from_der - sm9_sign_master_public_key_to_pem - sm9_sign_master_public_key_from_pem - - SM9_SIGN_KEY - sm9_sign_key_info_encrypt_to_der - sm9_sign_key_info_decrypt_from_der - sm9_sign_key_info_encrypt_to_pem - sm9_sign_key_info_decrypt_from_pem - - SM9_SIGN_CTX - sm9_sign_init - sm9_sign_update - sm9_sign_finish - sm9_verify_init - sm9_verify_update - sm9_verify_finish - - SM9_ENC_MASTER_KEY - sm9_enc_master_key_generate - sm9_enc_master_key_extract_key - sm9_enc_master_key_info_encrypt_to_der - sm9_enc_master_key_info_decrypt_from_der - sm9_enc_master_key_info_encrypt_to_pem - sm9_enc_master_key_info_decrypt_from_pem - sm9_enc_master_public_key_to_der - sm9_enc_master_public_key_from_der - sm9_enc_master_public_key_to_pem - sm9_enc_master_public_key_from_pem - - SM9_ENC_KEY - sm9_enc_key_info_encrypt_to_der - sm9_enc_key_info_decrypt_from_der - sm9_enc_key_info_encrypt_to_pem - sm9_enc_key_info_decrypt_from_pem - - sm9_encrypt - sm9_decrypt -*/ - -#define SM9_HEX_SEP '\n' - -typedef uint64_t sm9_bn_t[8]; - -#define sm9_bn_init(r) sm9_bn_set_zero(r) -#define sm9_bn_clean(r) sm9_bn_set_zero(r) - -void sm9_bn_set_zero(sm9_bn_t r); -void sm9_bn_set_one(sm9_bn_t r); -int sm9_bn_is_zero(const sm9_bn_t a); -int sm9_bn_is_one(const sm9_bn_t a); -void sm9_bn_set_word(sm9_bn_t r, uint32_t a); -void sm9_bn_copy(sm9_bn_t r, const sm9_bn_t a); -int sm9_bn_rand_range(sm9_bn_t r, const sm9_bn_t range); -int sm9_bn_equ(const sm9_bn_t a, const sm9_bn_t b); -int sm9_bn_cmp(const sm9_bn_t a, const sm9_bn_t b); -void sm9_bn_add(sm9_bn_t r, const sm9_bn_t a, const sm9_bn_t b); -void sm9_bn_sub(sm9_bn_t ret, const sm9_bn_t a, const sm9_bn_t b); -void sm9_bn_to_bits(const sm9_bn_t a, char bits[256]); -void sm9_bn_to_bytes(const sm9_bn_t a, uint8_t out[32]); -void sm9_bn_from_bytes(sm9_bn_t r, const uint8_t in[32]); -void sm9_bn_to_hex(const sm9_bn_t a, char hex[64]); -int sm9_bn_from_hex(sm9_bn_t r, const char hex[64]); -int sm9_bn_print(FILE *fp, int fmt, int ind, const char *label, const sm9_bn_t a); -void sm9_print_bn(const char *prefix, const sm9_bn_t a); // 标准打印格式 - - -typedef sm9_bn_t sm9_fp_t; - -#define sm9_fp_init(r) sm9_fp_set_zero(r) -#define sm9_fp_clean(f) sm9_fp_set_zero(r) -#define sm9_fp_set_zero(r) sm9_bn_set_zero(r) -#define sm9_fp_set_one(r) sm9_bn_set_one(r) -#define sm9_fp_copy(r,a) sm9_bn_copy((r),(a)) -#define sm9_fp_rand(r) sm9_bn_rand_range((r), SM9_P) -#define sm9_fp_is_zero(a) sm9_bn_is_zero(a) -#define sm9_fp_is_one(a) sm9_bn_is_one(a) -#define sm9_fp_equ(a,b) sm9_bn_equ((a),(b)) -#define sm9_fp_to_bytes(a,buf) sm9_bn_to_bytes((a),(buf)) -#define sm9_fp_to_hex(a,s) sm9_bn_to_hex((a),(s)) -#define sm9_fp_print(fp,fmt,ind,label,a) sm9_bn_print(fp,fmt,ind,label,a) - -void sm9_fp_add(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); -void sm9_fp_sub(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); -void sm9_fp_dbl(sm9_fp_t r, const sm9_fp_t a); -void sm9_fp_tri(sm9_fp_t r, const sm9_fp_t a); -void sm9_fp_neg(sm9_fp_t r, const sm9_fp_t a); -void sm9_fp_mul(sm9_fp_t r, const sm9_fp_t a, const sm9_fp_t b); -void sm9_fp_sqr(sm9_fp_t r, const sm9_fp_t a); -void sm9_fp_pow(sm9_fp_t r, const sm9_fp_t a, const sm9_bn_t e); -void sm9_fp_inv(sm9_fp_t r, const sm9_fp_t a); -void sm9_fp_div2(sm9_fp_t r, const sm9_fp_t a); -int sm9_fp_from_bytes(sm9_fp_t r, const uint8_t buf[32]); -int sm9_fp_from_hex(sm9_fp_t r, const char hex[64]); - - -typedef sm9_bn_t sm9_fn_t; - -#define sm9_fn_init(r) sm9_fn_set_zero(r) -#define sm9_fn_clean(f) sm9_fn_set_zero(r) -#define sm9_fn_set_zero(r) sm9_bn_set_zero(r) -#define sm9_fn_set_one(r) sm9_bn_set_one(r) -#define sm9_fn_copy(r,a) sm9_bn_copy((r),(a)) -#define sm9_fn_rand(r) sm9_bn_rand_range((r), SM9_N) -#define sm9_fn_is_zero(a) sm9_bn_is_zero(a) -#define sm9_fn_is_one(a) sm9_bn_is_one(a) -#define sm9_fn_equ(a,b) sm9_bn_equ((a),(b)) -#define sm9_fn_to_bytes(a,out) sm9_bn_to_bytes((a),(out)) -#define sm9_fn_to_hex(a,s) sm9_bn_to_hex((a),(s)) -#define sm9_fn_print(fp,fmt,ind,label,a) sm9_bn_print(fp,fmt,ind,label,a) - -void sm9_fn_add(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); -void sm9_fn_sub(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); -void sm9_fn_mul(sm9_fn_t r, const sm9_fn_t a, const sm9_fn_t b); -void sm9_fn_pow(sm9_fn_t r, const sm9_fn_t a, const sm9_bn_t e); -void sm9_fn_inv(sm9_fn_t r, const sm9_fn_t a); -void sm9_fn_from_hash(sm9_fn_t h, const uint8_t Ha[40]); -int sm9_fn_from_bytes(sm9_fn_t a, const uint8_t in[32]); -int sm9_fn_from_hex(sm9_fn_t r, const char hex[64]); - - -typedef uint64_t sm9_barrett_bn_t[9]; - -int sm9_barrett_bn_cmp(const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); -void sm9_barrett_bn_add(sm9_barrett_bn_t r, const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); -void sm9_barrett_bn_sub(sm9_barrett_bn_t ret, const sm9_barrett_bn_t a, const sm9_barrett_bn_t b); - - -typedef sm9_fp_t sm9_fp2_t[2]; -extern const sm9_fp2_t SM9_FP2_ZERO; -extern const sm9_fp2_t SM9_FP2_ONE; -extern const sm9_fp2_t SM9_FP2_U; - -#define sm9_fp2_init(a) sm9_fp2_set_zero(a) -#define sm9_fp2_clean(a) sm9_fp2_set_zero(a) -#define sm9_fp2_set_zero(a) sm9_fp2_copy((a), SM9_FP2_ZERO) -#define sm9_fp2_set_one(a) sm9_fp2_copy((a), SM9_FP2_ONE) -#define sm9_fp2_set_u(a) sm9_fp2_copy((a), SM9_FP2_U) -#define sm9_fp2_is_zero(a) sm9_fp2_equ((a), SM9_FP2_ZERO) -#define sm9_fp2_is_one(a) sm9_fp2_equ((a), SM9_FP2_ONE) - -void sm9_fp2_set_fp(sm9_fp2_t r, const sm9_fp_t a); -void sm9_fp2_set(sm9_fp2_t r, const sm9_fp_t a0, const sm9_fp_t a1); -void sm9_fp2_copy(sm9_fp2_t r, const sm9_fp2_t a); -int sm9_fp2_rand(sm9_fp2_t r); -int sm9_fp2_equ(const sm9_fp2_t a, const sm9_fp2_t b); -void sm9_fp2_add(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); -void sm9_fp2_dbl(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp2_tri(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp2_sub(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); -void sm9_fp2_neg(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp2_mul(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); -void sm9_fp2_mul_u(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); -void sm9_fp2_mul_fp(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp_t k); -void sm9_fp2_sqr(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp2_sqr_u(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp2_inv(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp2_div(sm9_fp2_t r, const sm9_fp2_t a, const sm9_fp2_t b); -void sm9_fp2_div2(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp2_to_hex(const sm9_fp2_t a, char hex[129]); -int sm9_fp2_from_hex(sm9_fp2_t r, const char hex[129]); -int sm9_fp2_print(FILE *fp, int fmt, int ind, const char *label, const sm9_fp2_t a); - - -typedef sm9_fp2_t sm9_fp4_t[2]; -extern const sm9_fp4_t SM9_FP4_ZERO; -extern const sm9_fp4_t SM9_FP4_ONE; -extern const sm9_fp4_t SM9_FP4_U; -extern const sm9_fp4_t SM9_FP4_V; - -#define sm9_fp4_init(a) sm9_fp4_set_zero(a) -#define sm9_fp4_clean(a) sm9_fp4_set_zero(a) -#define sm9_fp4_set_zero(a) sm9_fp4_copy((a), SM9_FP4_ZERO) -#define sm9_fp4_set_one(a) sm9_fp4_copy((a), SM9_FP4_ONE) -#define sm9_fp4_is_zero(a) sm9_fp4_equ((a), SM9_FP4_ZERO) -#define sm9_fp4_is_one(a) sm9_fp4_equ((a), SM9_FP4_ONE) - -void sm9_fp4_set_u(sm9_fp4_t r); -void sm9_fp4_set_v(sm9_fp4_t r); -void sm9_fp4_set_fp(sm9_fp4_t r, const sm9_fp_t a); -void sm9_fp4_set_fp2(sm9_fp4_t r, const sm9_fp2_t a); -void sm9_fp4_set(sm9_fp4_t r, const sm9_fp2_t a0, const sm9_fp2_t a1); -void sm9_fp4_copy(sm9_fp4_t r, const sm9_fp4_t a); -int sm9_fp4_rand(sm9_fp4_t r); -int sm9_fp4_equ(const sm9_fp4_t a, const sm9_fp4_t b); -void sm9_fp4_add(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); -void sm9_fp4_dbl(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp4_sub(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); -void sm9_fp4_neg(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp4_mul(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); -void sm9_fp4_mul_fp(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp_t k); -void sm9_fp4_mul_fp2(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp2_t b0); -void sm9_fp4_mul_v(sm9_fp4_t r, const sm9_fp4_t a, const sm9_fp4_t b); -void sm9_fp4_sqr(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp4_sqr_v(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp4_inv(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp4_to_bytes(const sm9_fp4_t a, uint8_t buf[128]); -int sm9_fp4_from_bytes(sm9_fp4_t r, const uint8_t buf[128]); -void sm9_fp4_to_hex(const sm9_fp4_t a, char hex[259]); -int sm9_fp4_from_hex(sm9_fp4_t r, const char hex[259]); - - -typedef sm9_fp4_t sm9_fp12_t[3]; - -#define sm9_fp12_init(r) sm9_fp12_set_zero(a) -#define sm9_fp12_clean(r) sm9_fp12_set_zero(a) - -void sm9_fp12_set_zero(sm9_fp12_t r); -void sm9_fp12_set_one(sm9_fp12_t r); -void sm9_fp12_set_u(sm9_fp12_t r); -void sm9_fp12_set_v(sm9_fp12_t r); -void sm9_fp12_set_w(sm9_fp12_t r); -void sm9_fp12_set_w_sqr(sm9_fp12_t r); -void sm9_fp12_set_fp(sm9_fp12_t r, const sm9_fp_t a); -void sm9_fp12_set_fp2(sm9_fp12_t r, const sm9_fp2_t a); -void sm9_fp12_set_fp4(sm9_fp12_t r, const sm9_fp4_t a); -void sm9_fp12_set(sm9_fp12_t r, const sm9_fp4_t a0, const sm9_fp4_t a1, const sm9_fp4_t a2); -void sm9_fp12_copy(sm9_fp12_t r, const sm9_fp12_t a); -int sm9_fp12_rand(sm9_fp12_t r); -int sm9_fp12_is_one(const sm9_fp12_t a); -int sm9_fp12_is_zero(const sm9_fp12_t a); -int sm9_fp12_equ(const sm9_fp12_t a, const sm9_fp12_t b); -void sm9_fp12_add(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b); -void sm9_fp12_dbl(sm9_fp12_t r, const sm9_fp12_t a); -void sm9_fp12_tri(sm9_fp12_t r, const sm9_fp12_t a); -void sm9_fp12_sub(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b); -void sm9_fp12_neg(sm9_fp12_t r, const sm9_fp12_t a); -void sm9_fp12_mul(sm9_fp12_t r, const sm9_fp12_t a, const sm9_fp12_t b); -void sm9_fp12_sqr(sm9_fp12_t r, const sm9_fp12_t a); -void sm9_fp12_inv(sm9_fp12_t r, const sm9_fp12_t a); -void sm9_fp12_pow(sm9_fp12_t r, const sm9_fp12_t a, const sm9_bn_t k); -void sm9_fp12_to_bytes(const sm9_fp12_t a, uint8_t buf[32 * 12]); -int sm9_fp12_from_bytes(sm9_fp12_t r, const uint8_t in[32 * 12]); -void sm9_fp12_to_hex(const sm9_fp12_t a, char hex[65 * 12]); -int sm9_fp12_from_hex(sm9_fp12_t r, const char hex[65 * 12]); // 这个明显是不对的 -void sm9_fp12_print(const char *prefix, const sm9_fp12_t a); - - -void sm9_fp2_conjugate(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp2_frobenius(sm9_fp2_t r, const sm9_fp2_t a); -void sm9_fp4_frobenius(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp4_conjugate(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp4_frobenius2(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp4_frobenius3(sm9_fp4_t r, const sm9_fp4_t a); -void sm9_fp12_frobenius(sm9_fp12_t r, const sm9_fp12_t x); -void sm9_fp12_frobenius2(sm9_fp12_t r, const sm9_fp12_t x); -void sm9_fp12_frobenius3(sm9_fp12_t r, const sm9_fp12_t x); -void sm9_fp12_frobenius6(sm9_fp12_t r, const sm9_fp12_t x); - - -typedef struct { - sm9_fp_t X; - sm9_fp_t Y; - sm9_fp_t Z; -} SM9_POINT; - -#define sm9_point_init(R) sm9_point_set_infinity(R) -#define sm9_point_clean(R) sm9_point_set_infinity(R) - -void sm9_point_set_infinity(SM9_POINT *R); -void sm9_point_copy(SM9_POINT *R, const SM9_POINT *P); -void sm9_point_get_xy(const SM9_POINT *P, sm9_fp_t x, sm9_fp_t y); -int sm9_point_is_at_infinity(const SM9_POINT *P); -int sm9_point_equ(const SM9_POINT *P, const SM9_POINT *Q); -int sm9_point_is_on_curve(const SM9_POINT *P); -void sm9_point_dbl(SM9_POINT *R, const SM9_POINT *P); -void sm9_point_add(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q); -void sm9_point_neg(SM9_POINT *R, const SM9_POINT *P); -void sm9_point_sub(SM9_POINT *R, const SM9_POINT *P, const SM9_POINT *Q); -void sm9_point_mul(SM9_POINT *R, const sm9_bn_t k, const SM9_POINT *P); -void sm9_point_mul_generator(SM9_POINT *R, const sm9_bn_t k); -void sm9_point_from_hex(SM9_POINT *R, const char hex[65 * 2]); -int sm9_point_to_uncompressed_octets(const SM9_POINT *P, uint8_t octets[65]); -int sm9_point_from_uncompressed_octets(SM9_POINT *P, const uint8_t octets[65]); -int sm9_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_POINT *P); - - -typedef struct { - sm9_fp2_t X; - sm9_fp2_t Y; - sm9_fp2_t Z; -} SM9_TWIST_POINT; - -#define sm9_twist_point_copy(R, P) memcpy((R), (P), sizeof(SM9_TWIST_POINT)) - -int sm9_twist_point_to_uncompressed_octets(const SM9_TWIST_POINT *P, uint8_t octets[129]); -int sm9_twist_point_from_uncompressed_octets(SM9_TWIST_POINT *P, const uint8_t octets[129]); - - -void sm9_twist_point_from_hex(SM9_TWIST_POINT *R, const char hex[65 * 4]); -int sm9_twist_point_is_at_infinity(const SM9_TWIST_POINT *P); -void sm9_twist_point_set_infinity(SM9_TWIST_POINT *R); -void sm9_twist_point_get_xy(const SM9_TWIST_POINT *P, sm9_fp2_t x, sm9_fp2_t y); - -int sm9_twist_point_equ(const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); -int sm9_twist_point_is_on_curve(const SM9_TWIST_POINT *P); -void sm9_twist_point_neg(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); -void sm9_twist_point_dbl(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); -void sm9_twist_point_add(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); -void sm9_twist_point_sub(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); -void sm9_twist_point_add_full(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P, const SM9_TWIST_POINT *Q); -void sm9_twist_point_mul(SM9_TWIST_POINT *R, const sm9_bn_t k, const SM9_TWIST_POINT *P); -void sm9_twist_point_mul_generator(SM9_TWIST_POINT *R, const sm9_bn_t k); -int sm9_twist_point_print(FILE *fp, int fmt, int ind, const char *label, const SM9_TWIST_POINT *P); - - - -void sm9_eval_g_tangent(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *P, const SM9_POINT *Q); -void sm9_eval_g_line(sm9_fp12_t num, sm9_fp12_t den, const SM9_TWIST_POINT *T, const SM9_TWIST_POINT *P, const SM9_POINT *Q); -void sm9_twist_point_pi1(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); -void sm9_twist_point_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); -void sm9_twist_point_neg_pi2(SM9_TWIST_POINT *R, const SM9_TWIST_POINT *P); -void sm9_final_exponent_hard_part(sm9_fp12_t r, const sm9_fp12_t f); -void sm9_final_exponent(sm9_fp12_t r, const sm9_fp12_t f); -void sm9_pairing(sm9_fp12_t r, const SM9_TWIST_POINT *Q, const SM9_POINT *P); - - -/* private key extract algorithms */ -#define SM9_HID_SIGN 0x01 -#define SM9_HID_EXCH 0x02 -#define SM9_HID_ENC 0x03 - -#define SM9_HASH1_PREFIX 0x01 -#define SM9_HASH2_PREFIX 0x02 - -int sm9_hash1(sm9_bn_t h1, const char *id, size_t idlen, uint8_t hid); - - -const char *sm9_oid_name(int oid); -int sm9_oid_from_name(const char *name); -int sm9_oid_to_der(int oid, uint8_t **out, size_t *outlen); -int sm9_oid_from_der(int *oid, const uint8_t **in, size_t *inlen); -int sm9_algor_to_der(int alg, int params, uint8_t **out, size_t *outlen); -int sm9_algor_from_der(int *alg, int *params, const uint8_t **in, size_t *inlen); - - -#define PEM_SM9_SIGN_MASTER_KEY "ENCRYPTED SM9 SIGN MASTER KEY" -#define PEM_SM9_SIGN_MASTER_PUBLIC_KEY "SM9 SIGN MASTER PUBLIC KEY" -#define PEM_SM9_SIGN_PRIVATE_KEY "ENCRYPTED SM9 SIGN PRIVATE KEY" -#define PEM_SM9_ENC_MASTER_KEY "ENCRYPTED SM9 ENC MASTER KEY" -#define PEM_SM9_ENC_MASTER_PUBLIC_KEY "SM9 ENC MASTER PUBLIC KEY" -#define PEM_SM9_ENC_PRIVATE_KEY "ENCRYPTED SM9 ENC PRIVATE KEY" - - -#define SM9_MAX_ID_SIZE (SM2_MAX_ID_SIZE) - -/* -SM9SignMasterKey ::= SEQUENCE { - ks INTEGER, - Ppubs BIT STRING -- uncompressed octets of twisted point } - -SM9SignMasterPublicKey ::= SEQUENCE { - Ppubs BIT STRING -- uncompressed octets of twisted point } - -SM9SignPrivateKey ::= SEQUENCE { - ds BIT STRING, -- uncompressed octets of ECPoint - Ppubs BIT STRING -- uncompressed octets of twisted point } -*/ -typedef struct { - SM9_TWIST_POINT Ppubs; // Ppubs = ks * P2 - sm9_fn_t ks; -} SM9_SIGN_MASTER_KEY; - -typedef struct { - SM9_TWIST_POINT Ppubs; - SM9_POINT ds; -} SM9_SIGN_KEY; - -int sm9_sign_master_key_generate(SM9_SIGN_MASTER_KEY *master); -int sm9_sign_master_key_extract_key(SM9_SIGN_MASTER_KEY *master, const char *id, size_t idlen, SM9_SIGN_KEY *key); - -// algorthm,parameters = sm9,sm9sign -#define SM9_SIGN_MASTER_KEY_MAX_SIZE 171 -int sm9_sign_master_key_to_der(const SM9_SIGN_MASTER_KEY *msk, uint8_t **out, size_t *outlen); -int sm9_sign_master_key_from_der(SM9_SIGN_MASTER_KEY *msk, const uint8_t **in, size_t *inlen); -int sm9_sign_master_key_info_encrypt_to_der(const SM9_SIGN_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen); -int sm9_sign_master_key_info_decrypt_from_der(SM9_SIGN_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen); -int sm9_sign_master_key_info_encrypt_to_pem(const SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp); -int sm9_sign_master_key_info_decrypt_from_pem(SM9_SIGN_MASTER_KEY *msk, const char *pass, FILE *fp); -int sm9_sign_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *msk); - -#define SM9_SIGN_MASTER_PUBLIC_KEY_SIZE 136 -int sm9_sign_master_public_key_to_der(const SM9_SIGN_MASTER_KEY *mpk, uint8_t **out, size_t *outlen); -int sm9_sign_master_public_key_from_der(SM9_SIGN_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen); -int sm9_sign_master_public_key_to_pem(const SM9_SIGN_MASTER_KEY *mpk, FILE *fp); -int sm9_sign_master_public_key_from_pem(SM9_SIGN_MASTER_KEY *mpk, FILE *fp); -int sm9_sign_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_MASTER_KEY *mpk); - -// algorithm,parameters = sm9sign, -#define SM9_SIGN_KEY_SIZE 204 -int sm9_sign_key_to_der(const SM9_SIGN_KEY *key, uint8_t **out, size_t *outlen); -int sm9_sign_key_from_der(SM9_SIGN_KEY *key, const uint8_t **in, size_t *inlen); -int sm9_sign_key_info_encrypt_to_der(const SM9_SIGN_KEY *key, const char *pass, uint8_t **out, size_t *outlen); -int sm9_sign_key_info_decrypt_from_der(SM9_SIGN_KEY *key, const char *pass, const uint8_t **in, size_t *inlen); -int sm9_sign_key_info_encrypt_to_pem(const SM9_SIGN_KEY *key, const char *pass, FILE *fp); -int sm9_sign_key_info_decrypt_from_pem(SM9_SIGN_KEY *key, const char *pass, FILE *fp); -int sm9_sign_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_SIGN_KEY *key); - -/* -from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification -SM9Signature ::= SEQUENCE { - h OCTET STRING, - S BIT STRING -- uncompressed octets of ECPoint } -*/ -typedef struct { - sm9_fn_t h; - SM9_POINT S; -} SM9_SIGNATURE; - -int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *sig); -int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen, const SM3_CTX *sm3_ctx, const SM9_SIGNATURE *sig); - -#define SM9_SIGNATURE_SIZE 104 -int sm9_signature_to_der(const SM9_SIGNATURE *sig, uint8_t **out, size_t *outlen); -int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen); -int sm9_signature_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *sig, size_t siglen); - -typedef struct { - SM3_CTX sm3_ctx; -} SM9_SIGN_CTX; - -int sm9_sign_init(SM9_SIGN_CTX *ctx); -int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, size_t *siglen); -int sm9_verify_init(SM9_SIGN_CTX *ctx); -int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen); -int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen, - const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen); - - -/* -SM9EncMasterKey ::= SEQUENCE { - de INTEGER, - Ppube BIT STRING -- uncompressed octets of ECPoint } - -SM9EncMasterPublicKey ::= SEQUENCE { - Ppube BIT STRING -- uncompressed octets of ECPoint } - -SM9EncPrivateKey ::= SEQUENCE { - de BIT STRING, -- uncompressed octets of twisted point - Ppube BIT STRING -- uncompressed octets of ECPoint } -*/ - -typedef struct { - SM9_POINT Ppube; // Ppube = ke * P1 - sm9_fn_t ke; -} SM9_ENC_MASTER_KEY; - -typedef struct { - SM9_POINT Ppube; - SM9_TWIST_POINT de; -} SM9_ENC_KEY; - -int sm9_enc_master_key_generate(SM9_ENC_MASTER_KEY *master); -int sm9_enc_master_key_extract_key(SM9_ENC_MASTER_KEY *master, const char *id, size_t idlen, SM9_ENC_KEY *key); - -// algorithm,parameters = sm9,sm9encrypt -#define SM9_ENC_MASTER_KEY_MAX_SIZE 105 -int sm9_enc_master_key_to_der(const SM9_ENC_MASTER_KEY *msk, uint8_t **out, size_t *outlen); -int sm9_enc_master_key_from_der(SM9_ENC_MASTER_KEY *msk, const uint8_t **in, size_t *inlen); -int sm9_enc_master_key_info_encrypt_to_der(const SM9_ENC_MASTER_KEY *msk, const char *pass, uint8_t **out, size_t *outlen); -int sm9_enc_master_key_info_decrypt_from_der(SM9_ENC_MASTER_KEY *msk, const char *pass, const uint8_t **in, size_t *inlen); -int sm9_enc_master_key_info_encrypt_to_pem(const SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp); -int sm9_enc_master_key_info_decrypt_from_pem(SM9_ENC_MASTER_KEY *msk, const char *pass, FILE *fp); -int sm9_enc_master_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *msk); - -#define SM9_ENC_MASTER_PUBLIC_KEY_SIZE 70 -int sm9_enc_master_public_key_to_der(const SM9_ENC_MASTER_KEY *mpk, uint8_t **out, size_t *outlen); -int sm9_enc_master_public_key_from_der(SM9_ENC_MASTER_KEY *mpk, const uint8_t **in, size_t *inlen); -int sm9_enc_master_public_key_to_pem(const SM9_ENC_MASTER_KEY *mpk, FILE *fp); -int sm9_enc_master_public_key_from_pem(SM9_ENC_MASTER_KEY *mpk, FILE *fp); -int sm9_enc_master_public_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_MASTER_KEY *mpk); - -// algorithm,parameters = sm9encrypt, -#define SM9_ENC_KEY_SIZE 204 -int sm9_enc_key_to_der(const SM9_ENC_KEY *key, uint8_t **out, size_t *outlen); -int sm9_enc_key_from_der(SM9_ENC_KEY *key, const uint8_t **in, size_t *inlen); -int sm9_enc_key_info_encrypt_to_der(const SM9_ENC_KEY *key, const char *pass, uint8_t **out, size_t *outlen); -int sm9_enc_key_info_decrypt_from_der(SM9_ENC_KEY *key, const char *pass, const uint8_t **in, size_t *inlen); -int sm9_enc_key_info_encrypt_to_pem(const SM9_ENC_KEY *key, const char *pass, FILE *fp); -int sm9_enc_key_info_decrypt_from_pem(SM9_ENC_KEY *key, const char *pass, FILE *fp); -int sm9_enc_key_print(FILE *fp, int fmt, int ind, const char *label, const SM9_ENC_KEY *key); - -#define SM9_MAX_PRIVATE_KEY_SIZE (SM9_SIGN_KEY_SIZE) // MAX(SIGN_MASTER_KEY, SIGN_KEY, ENC_MASTER_KEY, ENC_KEY) -#define SM9_MAX_PRIVATE_KEY_INFO_SIZE 512 -#define SM9_MAX_ENCED_PRIVATE_KEY_INFO_SIZE 1024 - -/* -from GM/T 0080-2020 SM9 Cryptographic Alagorithm Application Specification -SM9Cipher ::= SEQUENCE { - EnType INTEGER, -- 0 for XOR - C1 BIT STRING, -- uncompressed octets of ECPoint - C3 OCTET STRING, -- 32 bytes HMAC-SM3 tag - CipherText OCTET STRING } -*/ - -int sm9_kem_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, size_t klen, uint8_t *kbuf, SM9_POINT *C); -int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const SM9_POINT *C, size_t klen, uint8_t *kbuf); -int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, - const uint8_t *in, size_t inlen, SM9_POINT *C1, uint8_t *c2, uint8_t c3[SM3_HMAC_SIZE]); -int sm9_do_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, - const SM9_POINT *C1, const uint8_t *c2, size_t c2len, const uint8_t c3[SM3_HMAC_SIZE], uint8_t *out); - -#define SM9_MAX_PLAINTEXT_SIZE 255 -#define SM9_MAX_CIPHERTEXT_SIZE 367 // calculated in test_sm9_ciphertext() -int sm9_ciphertext_to_der(const SM9_POINT *C1, const uint8_t *c2, size_t c2len, - const uint8_t c3[SM3_HMAC_SIZE], uint8_t **out, size_t *outlen); -int sm9_ciphertext_from_der(SM9_POINT *C1, const uint8_t **c2, size_t *c2len, - const uint8_t **c3, const uint8_t **in, size_t *inlen); -int sm9_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); -int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); - - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/socket.h b/include/gmssl/socket.h deleted file mode 100644 index e5c5d92..0000000 --- a/include/gmssl/socket.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_SOCKET_H -#define GMSSL_SOCKET_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - - -#ifdef WIN32 -#pragma comment (lib, "Ws2_32.lib") -#pragma comment (lib, "Mswsock.lib") -#pragma comment (lib, "AdvApi32.lib") - -#include - -typedef SOCKET tls_socket_t; -typedef int tls_ret_t; -typedef int tls_socklen_t; - - -#define tls_socket_send(sock,buf,len,flags) send(sock,buf,(int)(len),flags) -#define tls_socket_recv(sock,buf,len,flags) recv(sock,buf,(int)(len),flags) -#define tls_socket_close(sock) closesocket(sock) - - -#else - -#include -#include -#include -#include -#include -#include -#include - -typedef int tls_socket_t; -typedef ssize_t tls_ret_t; -typedef socklen_t tls_socklen_t; - - -#define tls_socket_send(sock,buf,len,flags) send(sock,buf,len,flags) -#define tls_socket_recv(sock,buf,len,flags) recv(sock,buf,len,flags) -#define tls_socket_close(sock) close(sock) - -#endif - -int tls_socket_lib_init(void); -int tls_socket_lib_cleanup(void); -int tls_socket_create(tls_socket_t *sock, int af, int type, int protocl); -int tls_socket_connect(tls_socket_t sock, const struct sockaddr_in *addr); -int tls_socket_bind(tls_socket_t sock, const struct sockaddr_in *addr); -int tls_socket_listen(tls_socket_t sock, int backlog); -int tls_socket_accept(tls_socket_t sock, struct sockaddr_in *addr, tls_socket_t *conn_sock); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/tls.h b/include/gmssl/tls.h deleted file mode 100644 index 4d39ac9..0000000 --- a/include/gmssl/tls.h +++ /dev/null @@ -1,875 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_TLS_H -#define GMSSL_TLS_H - - -#include -#include -#include -#include -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -/* -TLS Public API - - TLS_PROTOCOL - TLS_protocol_tlcp - TLS_protocol_tls12 - TLS_protocol_tls13 - - TLS_CIPHER_SUITE - TLS_cipher_ecc_sm4_cbc_sm3 - TLS_cipher_ecc_sm4_gcm_sm3 - TLS_cipher_ecdhe_sm4_cbc_sm3 - TLS_cipher_ecdhe_sm4_gcm_sm3 - TLS_cipher_sm4_gcm_sm3 - - TLS_CTX - tls_ctx_init - tls_ctx_set_cipher_suites - tls_ctx_set_ca_certificates - tls_ctx_set_certificate_and_key - tls_ctx_set_tlcp_server_certificate_and_keys - tls_ctx_cleanup - - TLS_CONNECT - tls_init - tls_set_socket - tls_do_handshake - tls_send - tls_recv - tls_shutdown - tls_cleanup -*/ - -typedef uint32_t uint24_t; - -#define tls_uint8_size() 1 -#define tls_uint16_size() 2 -#define tls_uint24_size() 3 - -void tls_uint8_to_bytes(uint8_t a, uint8_t **out, size_t *outlen); -void tls_uint16_to_bytes(uint16_t a, uint8_t **out, size_t *outlen); -void tls_uint24_to_bytes(uint24_t a, uint8_t **out, size_t *outlen); -void tls_uint32_to_bytes(uint32_t a, uint8_t **out, size_t *outlen); -void tls_array_to_bytes(const uint8_t *data, size_t len, uint8_t **out, size_t *outlen); -void tls_uint8array_to_bytes(const uint8_t *data, size_t datalen, uint8_t **out, size_t *outlen); -void tls_uint16array_to_bytes(const uint8_t *data, size_t datalen, uint8_t **out, size_t *outlen); -void tls_uint24array_to_bytes(const uint8_t *data, size_t datalen, uint8_t **out, size_t *outlen); -int tls_uint8_from_bytes(uint8_t *a, const uint8_t **in, size_t *inlen); -int tls_uint16_from_bytes(uint16_t *a, const uint8_t **in, size_t *inlen); -int tls_uint24_from_bytes(uint24_t *a, const uint8_t **in, size_t *inlen); -int tls_uint32_from_bytes(uint32_t *a, const uint8_t **in, size_t *inlen); -int tls_array_from_bytes(const uint8_t **data, size_t datalen, const uint8_t **in, size_t *inlen); -int tls_uint8array_from_bytes(const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen); -int tls_uint16array_from_bytes(const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen); -int tls_uint24array_from_bytes(const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen); -int tls_length_is_zero(size_t len); - - -typedef enum { - TLS_protocol_tlcp = 0x0101, - TLS_protocol_ssl2 = 0x0200, - TLS_protocol_ssl3 = 0x0300, - TLS_protocol_tls1 = 0x0301, - TLS_protocol_tls11 = 0x0302, - TLS_protocol_tls12 = 0x0303, - TLS_protocol_tls13 = 0x0304, - TLS_protocol_dtls1 = 0xfeff, // {254, 255} - TLS_protocol_dtls12 = 0xfefd, // {254, 253} -} TLS_PROTOCOL; - -const char *tls_protocol_name(int proto); - - -typedef enum { - TLS_cipher_null_with_null_null = 0x0000, - - // TLS 1.3, RFC 8998 - TLS_cipher_sm4_gcm_sm3 = 0x00c6, - TLS_cipher_sm4_ccm_sm3 = 0x00c7, - - // TLCP, GB/T 38636-2020, GM/T 0024-2012 - TLS_cipher_ecdhe_sm4_cbc_sm3 = 0xe011, // 可以让TLSv1.2使用这个 - TLS_cipher_ecdhe_sm4_gcm_sm3 = 0xe051, - TLS_cipher_ecc_sm4_cbc_sm3 = 0xe013, - TLS_cipher_ecc_sm4_gcm_sm3 = 0xe053, - TLS_cipher_ibsdh_sm4_cbc_sm3 = 0xe015, - TLS_cipher_ibsdh_sm4_gcm_sm3 = 0xe055, - TLS_cipher_ibc_sm4_cbc_sm3 = 0xe017, - TLS_cipher_ibc_sm4_gcm_sm3 = 0xe057, - TLS_cipher_rsa_sm4_cbc_sm3 = 0xe019, - TLS_cipher_rsa_sm4_gcm_sm3 = 0xe059, - TLS_cipher_rsa_sm4_cbc_sha256 = 0xe01c, - TLS_cipher_rsa_sm4_gcm_sha256 = 0xe05a, - - // TLS 1.3 RFC 8446 - TLS_cipher_aes_128_gcm_sha256 = 0x1301, // Mandatory-to-implement - TLS_cipher_aes_256_gcm_sha384 = 0x1302, // SHOULD implement - TLS_cipher_chacha20_poly1305_sha256 = 0x1303, // SHOULD implement - TLS_cipher_aes_128_ccm_sha256 = 0x1304, - TLS_cipher_aes_128_ccm_8_sha256 = 0x1305, - - TLS_cipher_empty_renegotiation_info_scsv = 0x00ff, -} TLS_CIPHER_SUITE; - -const char *tls_cipher_suite_name(int cipher); -int tls_cipher_suites_select(const uint8_t *client_ciphers, size_t client_ciphers_len, - const int *server_ciphers, size_t server_ciphers_cnt, int *selected_cipher); -int tls_cipher_suite_in_list(int cipher, const int *list, size_t list_count); - - -typedef enum { - TLS_compression_null = 0, - TLS_compression_default = 1, -} TLS_COMPRESSION_METHOD; - -const char *tls_compression_method_name(int meth); - - -typedef enum { - TLS_record_invalid = 0, // TLS 1.3 - TLS_record_change_cipher_spec = 20, // 0x14 - TLS_record_alert = 21, // 0x15 - TLS_record_handshake = 22, // 0x16 - TLS_record_application_data = 23, // 0x17 - TLS_record_heartbeat = 24, // 0x18 - TLS_record_tls12_cid = 25, // 0x19 -} TLS_RECORD_TYPE; - -const char *tls_record_type_name(int type); - - -typedef enum { - TLS_handshake_hello_request = 0, - TLS_handshake_client_hello = 1, - TLS_handshake_server_hello = 2, - TLS_handshake_hello_verify_request = 3, - TLS_handshake_new_session_ticket = 4, - TLS_handshake_end_of_early_data = 5, - TLS_handshake_hello_retry_request = 6, - TLS_handshake_encrypted_extensions = 8, - TLS_handshake_certificate = 11, - TLS_handshake_server_key_exchange = 12, - TLS_handshake_certificate_request = 13, - TLS_handshake_server_hello_done = 14, - TLS_handshake_certificate_verify = 15, - TLS_handshake_client_key_exchange = 16, - TLS_handshake_finished = 20, - TLS_handshake_certificate_url = 21, - TLS_handshake_certificate_status = 22, - TLS_handshake_supplemental_data = 23, - TLS_handshake_key_update = 24, - TLS_handshake_compressed_certificate = 25, - TLS_handshake_ekt_key = 26, - TLS_handshake_message_hash = 254, -} TLS_HANDSHAKE_TYPE; - -const char *tls_handshake_type_name(int type); - - -typedef enum { - TLS_cert_type_rsa_sign = 1, - TLS_cert_type_dss_sign = 2, - TLS_cert_type_rsa_fixed_dh = 3, - TLS_cert_type_dss_fixed_dh = 4, - TLS_cert_type_rsa_ephemeral_dh_RESERVED = 5, - TLS_cert_type_dss_ephemeral_dh_RESERVED = 6, - TLS_cert_type_fortezza_dms_RESERVED = 20, - TLS_cert_type_ecdsa_sign = 64, // also for sm2 - TLS_cert_type_rsa_fixed_ecdh = 65, - TLS_cert_type_ecdsa_fixed_ecdh = 66, - TLS_cert_type_gost_sign256 = 67, - TLS_cert_type_gost_sign512 = 68, - TLS_cert_type_ibc_params = 80, -} TLS_CERTIFICATE_TYPE; - -const char *tls_cert_type_name(int type); -int tls_cert_type_from_oid(int oid); - -typedef enum { - TLS_extension_server_name = 0, - TLS_extension_max_fragment_length = 1, - TLS_extension_client_certificate_url = 2, - TLS_extension_trusted_ca_keys = 3, - TLS_extension_truncated_hmac = 4, - TLS_extension_status_request = 5, - TLS_extension_user_mapping = 6, - TLS_extension_client_authz = 7, - TLS_extension_server_authz = 8, - TLS_extension_cert_type = 9, - TLS_extension_supported_groups = 10, - TLS_extension_ec_point_formats = 11, - TLS_extension_srp = 12, - TLS_extension_signature_algorithms = 13, - TLS_extension_use_srtp = 14, - TLS_extension_heartbeat = 15, - TLS_extension_application_layer_protocol_negotiation= 16, - TLS_extension_status_request_v2 = 17, - TLS_extension_signed_certificate_timestamp = 18, - TLS_extension_client_certificate_type = 19, - TLS_extension_server_certificate_type = 20, - TLS_extension_padding = 21, - TLS_extension_encrypt_then_mac = 22, - TLS_extension_extended_master_secret = 23, - TLS_extension_token_binding = 24, - TLS_extension_cached_info = 25, - TLS_extension_tls_lts = 26, - TLS_extension_compress_certificate = 27, - TLS_extension_record_size_limit = 28, - TLS_extension_pwd_protect = 29, - TLS_extension_pwd_clear = 30, - TLS_extension_password_salt = 31, - TLS_extension_ticket_pinning = 32, - TLS_extension_tls_cert_with_extern_psk = 33, - TLS_extension_delegated_credentials = 34, - TLS_extension_session_ticket = 35, - TLS_extension_TLMSP = 36, - TLS_extension_TLMSP_proxying = 37, - TLS_extension_TLMSP_delegate = 38, - TLS_extension_supported_ekt_ciphers = 39, - TLS_extension_pre_shared_key = 41, - TLS_extension_early_data = 42, - TLS_extension_supported_versions = 43, - TLS_extension_cookie = 44, - TLS_extension_psk_key_exchange_modes = 46, - TLS_extension_certificate_authorities = 47, - TLS_extension_oid_filters = 48, - TLS_extension_post_handshake_auth = 49, - TLS_extension_signature_algorithms_cert = 50, - TLS_extension_key_share = 51, - TLS_extension_transparency_info = 52, - TLS_extension_connection_id = 53, - TLS_extension_external_id_hash = 55, - TLS_extension_external_session_id = 56, - TLS_extension_quic_transport_parameters = 57, - TLS_extension_ticket_request = 58, - TLS_extension_renegotiation_info = 65281, -} TLS_EXTENSION_TYPE; - -const char *tls_extension_name(int ext); - - -typedef enum { - TLS_point_uncompressed = 0, - TLS_point_ansix962_compressed_prime = 1, - TLS_point_ansix962_compressed_char2 = 2, -} TLS_EC_POINT_FORMAT; - -const char *tls_ec_point_format_name(int format); - - -typedef enum { - TLS_curve_type_explicit_prime = 1, - TLS_curve_type_explicit_char2 = 2, - TLS_curve_type_named_curve = 3, -} TLS_CURVE_TYPE; - -const char *tls_curve_type_name(int type); - - -// 与其支持v2,还不如直接修改v2,让v2和v3兼容 - -typedef enum { - TLS_curve_secp256k1 = 22, - TLS_curve_secp256r1 = 23, - TLS_curve_secp384r1 = 24, - TLS_curve_secp521r1 = 25, - TLS_curve_brainpoolp256r1 = 26, - TLS_curve_brainpoolp384r1 = 27, - TLS_curve_brainpoolp512r1 = 28, - TLS_curve_x25519 = 29, - TLS_curve_x448 = 30, - TLS_curve_brainpoolp256r1tls13 = 31, - TLS_curve_brainpoolp384r1tls13 = 32, - TLS_curve_brainpoolp512r1tls13 = 33, - TLS_curve_sm2p256v1 = 41, // GmSSLv2: 30 -} TLS_NAMED_CURVE; - -const char *tls_named_curve_name(int curve); - - -typedef enum { - TLS_sig_rsa_pkcs1_sha1 = 0x0201, - TLS_sig_ecdsa_sha1 = 0x0203, - TLS_sig_rsa_pkcs1_sha256 = 0x0401, - TLS_sig_ecdsa_secp256r1_sha256 = 0x0403, - TLS_sig_rsa_pkcs1_sha256_legacy = 0x0420, - TLS_sig_rsa_pkcs1_sha384 = 0x0501, - TLS_sig_ecdsa_secp384r1_sha384 = 0x0503, - TLS_sig_rsa_pkcs1_sha384_legacy = 0x0520, - TLS_sig_rsa_pkcs1_sha512 = 0x0601, - TLS_sig_ecdsa_secp521r1_sha512 = 0x0603, - TLS_sig_rsa_pkcs1_sha512_legacy = 0x0620, - TLS_sig_sm2sig_sm3 = 0x0708, // GmSSLv2: 0x0707 - TLS_sig_rsa_pss_rsae_sha256 = 0x0804, - TLS_sig_rsa_pss_rsae_sha384 = 0x0805, - TLS_sig_rsa_pss_rsae_sha512 = 0x0806, - TLS_sig_ed25519 = 0x0807, - TLS_sig_ed448 = 0x0808, - TLS_sig_rsa_pss_pss_sha256 = 0x0809, - TLS_sig_rsa_pss_pss_sha384 = 0x080A, - TLS_sig_rsa_pss_pss_sha512 = 0x080B, - TLS_sig_ecdsa_brainpoolP256r1tls13_sha256 = 0x081A, - TLS_sig_ecdsa_brainpoolP384r1tls13_sha384 = 0x081B, - TLS_sig_ecdsa_brainpoolP512r1tls13_sha512 = 0x081C, -} TLS_SIGNATURE_SCHEME; - -const char *tls_signature_scheme_name(int scheme); - - -typedef enum { - TLS_change_cipher_spec = 1, -} TLS_CHANGE_CIPHER_SPEC_TYPE; - - -typedef enum { - TLS_alert_level_warning = 1, - TLS_alert_level_fatal = 2, -} TLS_ALERT_LEVEL; - -const char *tls_alert_level_name(int level); - - -typedef enum { - TLS_alert_close_notify = 0, - TLS_alert_unexpected_message = 10, - TLS_alert_bad_record_mac = 20, - TLS_alert_decryption_failed = 21, - TLS_alert_record_overflow = 22, - TLS_alert_decompression_failure = 30, - TLS_alert_handshake_failure = 40, - TLS_alert_no_certificate = 41, - TLS_alert_bad_certificate = 42, - TLS_alert_unsupported_certificate = 43, - TLS_alert_certificate_revoked = 44, - TLS_alert_certificate_expired = 45, - TLS_alert_certificate_unknown = 46, - TLS_alert_illegal_parameter = 47, - TLS_alert_unknown_ca = 48, - TLS_alert_access_denied = 49, - TLS_alert_decode_error = 50, - TLS_alert_decrypt_error = 51, - TLS_alert_export_restriction = 60, - TLS_alert_protocol_version = 70, - TLS_alert_insufficient_security = 71, - TLS_alert_internal_error = 80, - TLS_alert_user_canceled = 90, - TLS_alert_no_renegotiation = 100, - TLS_alert_unsupported_extension = 110, - TLS_alert_unsupported_site2site = 200, - TLS_alert_no_area = 201, - TLS_alert_unsupported_areatype = 202, - TLS_alert_bad_ibcparam = 203, - TLS_alert_unsupported_ibcparam = 204, - TLS_alert_identity_need = 205, -} TLS_ALERT_DESCRIPTION; - -const char *tls_alert_description_text(int description); - - -int tls_prf(const uint8_t *secret, size_t secretlen, const char *label, - const uint8_t *seed, size_t seedlen, - const uint8_t *more, size_t morelen, - size_t outlen, uint8_t *out); -int tls13_hkdf_extract(const DIGEST *digest, const uint8_t salt[32], const uint8_t in[32], uint8_t out[32]); -int tls13_hkdf_expand_label(const DIGEST *digest, const uint8_t secret[32], - const char *label, const uint8_t *context, size_t context_len, - size_t outlen, uint8_t *out); -int tls13_derive_secret(const uint8_t secret[32], const char *label, const DIGEST_CTX *dgst_ctx, uint8_t out[32]); - -int tls_cbc_encrypt(const SM3_HMAC_CTX *hmac_ctx, const SM4_KEY *enc_key, - const uint8_t seq_num[8], const uint8_t header[5], - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int tls_cbc_decrypt(const SM3_HMAC_CTX *hmac_ctx, const SM4_KEY *dec_key, - const uint8_t seq_num[8], const uint8_t header[5], - const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int tls_record_encrypt(const SM3_HMAC_CTX *hmac_ctx, const SM4_KEY *cbc_key, - const uint8_t seq_num[8], const uint8_t *in, size_t inlen, - uint8_t *out, size_t *outlen); -int tls_record_decrypt(const SM3_HMAC_CTX *hmac_ctx, const SM4_KEY *cbc_key, - const uint8_t seq_num[8], const uint8_t *in, size_t inlen, - uint8_t *out, size_t *outlen); - -int tls_seq_num_incr(uint8_t seq_num[8]); -int tls_random_generate(uint8_t random[32]); -int tls_random_print(FILE *fp, const uint8_t random[32], int format, int indent); -int tls_pre_master_secret_generate(uint8_t pre_master_secret[48], int protocol); -int tls_pre_master_secret_print(FILE *fp, const uint8_t pre_master_secret[48], int format, int indent); - -int tls_secrets_print(FILE *fp, - const uint8_t *pre_master_secret, size_t pre_master_secret_len, - const uint8_t client_random[32], const uint8_t server_random[32], - const uint8_t master_secret[48], - const uint8_t *key_block, size_t key_block_len, - int format, int indent); - - -typedef struct { - uint8_t type; - uint8_t protocol[2]; - uint8_t data_length[2]; -} TLS_RECORD_HEADER; - -#define TLS_RECORD_HEADER_SIZE (1 + tls_uint16_size() + tls_uint16_size()) // 5 -#define TLS_MAX_PLAINTEXT_SIZE (1 << 14) // 16384 -#define TLS_MAX_COMPRESSED_SIZE ((1 << 14) + 1024) // 17408 -#define TLS_MAX_CIPHERTEXT_SIZE ((1 << 14) + 2048) // 18432 -#define TLS_MAX_RECORD_SIZE (TLS_RECORD_HEADER_SIZE + TLS_MAX_CIPHERTEXT_SIZE) // 18437 - -#define tls_record_type(record) ((record)[0]) -#define tls_record_header(record) ((record)+0) -#define tls_record_protocol(record) (((uint16_t)((record)[1]) << 8) | (record)[2]) -#define tls_record_data(record) ((record)+TLS_RECORD_HEADER_SIZE) -#define tls_record_data_length(record) (((uint16_t)((record)[3]) << 8) | (record)[4]) -#define tls_record_length(record) (TLS_RECORD_HEADER_SIZE + tls_record_data_length(record)) - -int tls_record_set_type(uint8_t *record, int type); -int tls_record_set_protocol(uint8_t *record, int protocol); -int tls_record_set_data_length(uint8_t *record, size_t length); -int tls_record_set_data(uint8_t *record, const uint8_t *data, size_t datalen); - -// 握手消息ServerKeyExchange, ClientKeyExchange的解析依赖当前密码套件 -#define tls_format_set_cipher_suite(fmt,cipher) do {(fmt)|=((cipher)<<8);} while (0) -int tls_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent); -int tlcp_record_print(FILE *fp, const uint8_t *record, size_t recordlen, int format, int indent); - -int tls_record_send(const uint8_t *record, size_t recordlen, tls_socket_t sock); -int tls_record_recv(uint8_t *record, size_t *recordlen, tls_socket_t sock); -int tls12_record_recv(uint8_t *record, size_t *recordlen, tls_socket_t sock); - - -// Handshake -typedef struct { - uint8_t type; - uint8_t length[3]; -} TLS_HANDSHAKE_HEADER; - -#define TLS_HANDSHAKE_HEADER_SIZE 4 -#define TLS_MAX_HANDSHAKE_DATA_SIZE (TLS_MAX_PLAINTEXT_SIZE - TLS_HANDSHAKE_HEADER_SIZE) - -#define tls_handshake_data(p) ((p) + TLS_HANDSHAKE_HEADER_SIZE) -//#define tls_handshake_data_length(p) - - -int tls_record_set_handshake(uint8_t *record, size_t *recordlen, - int type, const uint8_t *data, size_t datalen); -int tls_record_get_handshake(const uint8_t *record, - int *type, const uint8_t **data, size_t *datalen); -int tls_handshake_print(FILE *fp, const uint8_t *handshake, size_t handshakelen, int format, int indent); - -// HelloRequest -int tls_hello_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); - -// ClientHello, ServerHello -#define TLS_MIN_SESSION_ID_SIZE 0 -#define TLS_MAX_SESSION_ID_SIZE 32 - -int tls_record_set_handshake_client_hello(uint8_t *record, size_t *recordlen, - int client_protocol, const uint8_t random[32], - const uint8_t *session_id, size_t session_id_len, - const int *cipher_suites, size_t cipher_suites_count, - const uint8_t *exts, size_t exts_len); -int tls_record_get_handshake_client_hello(const uint8_t *record, - int *client_protocol, const uint8_t **random, - const uint8_t **session_id, size_t *session_id_len, - const uint8_t **cipher_suites, size_t *cipher_suites_len, - const uint8_t **exts, size_t *exts_len); -int tls_client_hello_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); - -int tls_record_set_handshake_server_hello(uint8_t *record, size_t *recordlen, - int server_protocol, const uint8_t random[32], - const uint8_t *session_id, size_t session_id_len, - int cipher_suite, const uint8_t *exts, size_t exts_len); -int tls_record_get_handshake_server_hello(const uint8_t *record, - int *protocol, const uint8_t **random, const uint8_t **session_id, size_t *session_id_len, - int *cipher_suite, const uint8_t **exts, size_t *exts_len); -int tls_server_hello_print(FILE *fp, const uint8_t *server_hello, size_t len, int format, int indent); - -// Extensions -int tls_ec_point_formats_ext_to_bytes(const int *formats, size_t formats_cnt, - uint8_t **out, size_t *outlen); -int tls_process_client_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen, - uint8_t **out, size_t *outlen); -int tls_process_server_ec_point_formats(const uint8_t *ext_data, size_t ext_datalen); - -int tls_supported_groups_ext_to_bytes(const int *groups, size_t groups_cnt, - uint8_t **out, size_t *outlen); -int tls_process_client_supported_groups(const uint8_t *ext_data, size_t ext_datalen, - uint8_t **out, size_t *outlen); -int tls_process_server_supported_groups(const uint8_t *ext_data, size_t ext_datalen); - -int tls_signature_algorithms_ext_to_bytes_ex(int ext_type, const int *algs, size_t algs_cnt, - uint8_t **out, size_t *outlen); -int tls_signature_algorithms_ext_to_bytes(const int *algs, size_t algs_cnt, - uint8_t **out, size_t *outlen); -int tls13_signature_algorithms_cert_ext_to_bytes(const int *algs, size_t algs_cnt, - uint8_t **out, size_t *outlen); -int tls_process_client_signature_algorithms(const uint8_t *ext_data, size_t ext_datalen, - uint8_t **out, size_t *outlen); -int tls_process_server_signature_algors(const uint8_t *ext_data, size_t ext_datalen); - -int tls13_supported_versions_ext_to_bytes(int handshake_type, const int *protos, size_t protos_cnt, - uint8_t **out, size_t *outlen); -int tls13_process_client_supported_versions(const uint8_t *ext_data, size_t ext_datalen, - uint8_t **out, size_t *outlen); - -int tls13_process_server_supported_versions(const uint8_t *ext_data, size_t ext_datalen); - -int tls13_key_share_entry_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen); -int tls13_client_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen); -int tls13_server_key_share_ext_to_bytes(const SM2_POINT *point, uint8_t **out, size_t *outlen); -int tls13_process_client_key_share(const uint8_t *ext_data, size_t ext_datalen, - const SM2_KEY *server_ecdhe_key, SM2_POINT *client_ecdhe_public, - uint8_t **out, size_t *outlen); -int tls13_process_server_key_share(const uint8_t *ext_data, size_t ext_datalen, SM2_POINT *point); - - -int tls13_certificate_authorities_ext_to_bytes(const uint8_t *ca_names, size_t ca_names_len, - uint8_t **out, size_t *outlen); - -int tls_ext_from_bytes(int *type, const uint8_t **data, size_t *datalen, const uint8_t **in, size_t *inlen); -int tls_process_client_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen); -int tls_process_server_exts(const uint8_t *exts, size_t extslen, - int *ec_point_format, int *supported_group, int *signature_algor); - - -// Certificate -int tls_record_set_handshake_certificate(uint8_t *record, size_t *recordlen, - const uint8_t *certs, size_t certslen); -// 这个函数比较特殊,是直接解析了证书链,而不是返回指针 -// 应该提供一个独立的解析函数来解析TLS的证书链 -int tls_record_get_handshake_certificate(const uint8_t *record, uint8_t *certs, size_t *certslen); - -// ServerKeyExchange -int tls_server_key_exchange_print(FILE *fp, const uint8_t *ske, size_t skelen, int format, int indent); - -#define TLS_MAX_SIGNATURE_SIZE SM2_MAX_SIGNATURE_SIZE -int tls_sign_server_ecdh_params(const SM2_KEY *server_sign_key, - const uint8_t client_random[32], const uint8_t server_random[32], - int curve, const SM2_POINT *point, uint8_t *sig, size_t *siglen); -int tls_verify_server_ecdh_params(const SM2_KEY *server_sign_key, - const uint8_t client_random[32], const uint8_t server_random[32], - int curve, const SM2_POINT *point, const uint8_t *sig, size_t siglen); -int tls_record_set_handshake_server_key_exchange_ecdhe(uint8_t *record, size_t *recordlen, - int curve, const SM2_POINT *point, const uint8_t *sig, size_t siglen); -int tls_record_get_handshake_server_key_exchange_ecdhe(const uint8_t *record, - int *curve, SM2_POINT *point, const uint8_t **sig, size_t *siglen); -int tls_server_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen, - int format, int indent); - -int tlcp_record_set_handshake_server_key_exchange_pke(uint8_t *record, size_t *recordlen, - const uint8_t *sig, size_t siglen); -int tlcp_record_get_handshake_server_key_exchange_pke(const uint8_t *record, - const uint8_t **sig, size_t *siglen); -int tlcp_server_key_exchange_pke_print(FILE *fp, const uint8_t *sig, size_t siglen, int format, int indent); - - - -// CertificateRequest -#define TLS_MAX_CERTIFICATE_TYPES 256 -#define TLS_MAX_CA_NAMES_SIZE (TLS_MAX_HANDSHAKE_DATA_SIZE - tls_uint8_size() - tls_uint16_size()) - -int tls_authorities_from_certs(uint8_t *ca_names, size_t *ca_names_len, size_t maxlen, const uint8_t *certs, size_t certslen); -int tls_authorities_issued_certificate(const uint8_t *ca_names, size_t ca_namelen, const uint8_t *certs, size_t certslen); -int tls_cert_types_accepted(const uint8_t *types, size_t types_len, const uint8_t *client_certs, size_t client_certs_len); - -int tls_record_set_handshake_certificate_request(uint8_t *record, size_t *recordlen, - const uint8_t *cert_types, size_t cert_types_len, - const uint8_t *ca_names, size_t ca_names_len); -int tls_record_get_handshake_certificate_request(const uint8_t *record, - const uint8_t **cert_types, size_t *cert_types_len, - const uint8_t **ca_names, size_t *ca_names_len); -int tls_certificate_request_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); - - -// ServerHelloDone -int tls_record_set_handshake_server_hello_done(uint8_t *record, size_t *recordlen); -int tls_record_get_handshake_server_hello_done(const uint8_t *record); -int tls_server_hello_done_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); - -// ClientKeyExchange -int tls_record_set_handshake_client_key_exchange_pke(uint8_t *record, size_t *recordlen, - const uint8_t *enced_pms, size_t enced_pms_len); -int tls_record_get_handshake_client_key_exchange_pke(const uint8_t *record, - const uint8_t **enced_pms, size_t *enced_pms_len); -int tls_client_key_exchange_pke_print(FILE *fp, const uint8_t *cke, size_t ckelen, int format, int indent); -int tls_client_key_exchange_print(FILE *fp, const uint8_t *cke, size_t ckelen, int format, int indent); - -int tls_record_set_handshake_client_key_exchange_ecdhe(uint8_t *record, size_t *recordlen, - const SM2_POINT *point); // 这里不应该支持SM2_POINT类型 -int tls_record_get_handshake_client_key_exchange_ecdhe(const uint8_t *record, SM2_POINT *point); -int tls_client_key_exchange_ecdhe_print(FILE *fp, const uint8_t *data, size_t datalen, - int format, int indent); - -// CertificateVerify -int tls_record_set_handshake_certificate_verify(uint8_t *record, size_t *recordlen, - const uint8_t *sig, size_t siglen); -int tls_record_get_handshake_certificate_verify(const uint8_t *record, - const uint8_t **sig, size_t *siglen); -int tls_certificate_verify_print(FILE *fp, const uint8_t *p, size_t len, int format, int indent); - -typedef enum { - TLS_client_verify_client_hello = 0, - TLS_client_verify_server_hello = 1, - TLS_client_verify_server_certificate = 2, - TLS_client_verify_server_key_exchange = 3, - TLS_client_verify_cert_request = 4, - TLS_client_verify_server_hello_done = 5, - TLS_client_verify_client_certificate = 6, - TLS_client_verify_client_key_exchange = 7, -} TLS_CLIENT_VERIFY_INDEX; - -typedef struct { - TLS_CLIENT_VERIFY_INDEX index; - uint8_t *handshake[8]; // Record data only, no record header - size_t handshake_len[8]; -} TLS_CLIENT_VERIFY_CTX; - -int tls_client_verify_init(TLS_CLIENT_VERIFY_CTX *ctx); -int tls_client_verify_update(TLS_CLIENT_VERIFY_CTX *ctx, const uint8_t *handshake, size_t handshake_len); -int tls_client_verify_finish(TLS_CLIENT_VERIFY_CTX *ctx, const uint8_t *sig, size_t siglen, const SM2_KEY *public_key); -void tls_client_verify_cleanup(TLS_CLIENT_VERIFY_CTX *ctx); - -// Finished -// FIXME: 支持TLS 1.3 提供MIN, MAX或TLS12, TLS13, TLCP... -#define TLS_VERIFY_DATA_SIZE 12 // TLS 1.3或者其他版本支持更长的verify_data -#define TLS_FINISHED_RECORD_SIZE (TLS_RECORD_HEADER_SIZE + TLS_HANDSHAKE_HEADER_SIZE + TLS_VERIFY_DATA_SIZE) // 21 -#define TLS_MAX_PADDING_SIZE (1 + 255) -#define TLS_MAC_SIZE SM3_HMAC_SIZE -#define TLS_FINISHED_RECORD_BUF_SIZE (TLS_FINISHED_RECORD_SIZE + TLS_MAC_SIZE + TLS_MAX_PADDING_SIZE) // 309 - - -int tls_record_set_handshake_finished(uint8_t *record, size_t *recordlen, - const uint8_t *verify_data, size_t verify_data_len); -int tls_record_get_handshake_finished(const uint8_t *record, - const uint8_t **verify_data, size_t *verify_data_len); -int tls_finished_print(FILE *fp, const uint8_t *a, size_t len, int format, int indent); - - -// Alert -typedef struct { - uint8_t level; - uint8_t description; -} TLS_ALERT; - -#define TLS_ALERT_RECORD_SIZE (TLS_RECORD_HEADER_SIZE + 2) - -int tls_record_set_alert(uint8_t *record, size_t *recordlen, int alert_level, int alert_description); -int tls_record_get_alert(const uint8_t *record, int *alert_level, int *alert_description); -int tls_alert_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); - - -// ChangeCipherSpec -typedef struct { - uint8_t type; -} TLS_CHANGE_CIPHER_SPEC; - -const char *tls_change_cipher_spec_text(int change_cipher_spec); -int tls_change_cipher_spec_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); -int tls_record_set_change_cipher_spec(uint8_t *record, size_t *recordlen); -int tls_record_get_change_cipher_spec(const uint8_t *record); - -// ApplicationData -int tls_record_set_application_data(uint8_t *record, size_t *recordlen, - const uint8_t *data, size_t datalen); -int tls_record_get_application_data(uint8_t *record, - const uint8_t **data, size_t *datalen); -int tls_application_data_print(FILE *fp, const uint8_t *data, size_t datalen, int format, int indent); - - - -enum { - TLS_server_mode = 0, - TLS_client_mode = 1, -}; - -#define TLS_MAX_CIPHER_SUITES_COUNT 64 - -typedef struct { - int protocol; - int is_client; - int cipher_suites[TLS_MAX_CIPHER_SUITES_COUNT]; - size_t cipher_suites_cnt; - uint8_t *cacerts; - size_t cacertslen; - uint8_t *certs; - size_t certslen; - SM2_KEY signkey; - SM2_KEY kenckey; - int verify_depth; -} TLS_CTX; - -int tls_ctx_init(TLS_CTX *ctx, int protocol, int is_client); -int tls_ctx_set_cipher_suites(TLS_CTX *ctx, const int *cipher_suites, size_t cipher_suites_cnt); -int tls_ctx_set_ca_certificates(TLS_CTX *ctx, const char *cacertsfile, int depth); -int tls_ctx_set_certificate_and_key(TLS_CTX *ctx, const char *chainfile, - const char *keyfile, const char *keypass); -int tls_ctx_set_tlcp_server_certificate_and_keys(TLS_CTX *ctx, const char *chainfile, - const char *signkeyfile, const char *signkeypass, - const char *kenckeyfile, const char *kenckeypass); -void tls_ctx_cleanup(TLS_CTX *ctx); - - - -#define TLS_MAX_CERTIFICATES_SIZE 2048 -#define TLS_DEFAULT_VERIFY_DEPTH 4 -#define TLS_MAX_VERIFY_DEPTH 5 - - -typedef struct { - int protocol; - int is_client; - int cipher_suites[TLS_MAX_CIPHER_SUITES_COUNT]; - size_t cipher_suites_cnt; - tls_socket_t sock; - - uint8_t enced_record[TLS_MAX_RECORD_SIZE]; - size_t enced_record_len; - - - uint8_t record[TLS_MAX_RECORD_SIZE]; - - // 其实这个就不太对了,还是应该有一个完整的密文记录 - uint8_t databuf[TLS_MAX_PLAINTEXT_SIZE]; - uint8_t *data; - size_t datalen; - - int cipher_suite; - uint8_t session_id[32]; - size_t session_id_len; - uint8_t server_certs[TLS_MAX_CERTIFICATES_SIZE]; // 动态的可能会好一点 - size_t server_certs_len; - uint8_t client_certs[TLS_MAX_CERTIFICATES_SIZE]; - size_t client_certs_len; - uint8_t ca_certs[2048]; - size_t ca_certs_len; - - SM2_KEY sign_key; - SM2_KEY kenc_key; - - int verify_result; - - uint8_t master_secret[48]; - uint8_t key_block[96]; - - SM3_HMAC_CTX client_write_mac_ctx; - SM3_HMAC_CTX server_write_mac_ctx; - SM4_KEY client_write_enc_key; - SM4_KEY server_write_enc_key; - uint8_t client_seq_num[8]; - uint8_t server_seq_num[8]; - - uint8_t client_write_iv[12]; // tls13 - uint8_t server_write_iv[12]; // tls13 - BLOCK_CIPHER_KEY client_write_key; - BLOCK_CIPHER_KEY server_write_key; - -} TLS_CONNECT; - - -#define TLS_MAX_EXTENSIONS_SIZE 512 // 这个应该再考虑一下数值,是否可以用其他的缓冲区装载? - - -int tls_init(TLS_CONNECT *conn, const TLS_CTX *ctx); -int tls_set_socket(TLS_CONNECT *conn, tls_socket_t sock); -int tls_do_handshake(TLS_CONNECT *conn); -int tls_send(TLS_CONNECT *conn, const uint8_t *in, size_t inlen, size_t *sentlen); -int tls_recv(TLS_CONNECT *conn, uint8_t *out, size_t outlen, size_t *recvlen); -int tls_shutdown(TLS_CONNECT *conn); -void tls_cleanup(TLS_CONNECT *conn); - -int tlcp_do_connect(TLS_CONNECT *conn); -int tlcp_do_accept(TLS_CONNECT *conn); -int tls12_do_connect(TLS_CONNECT *conn); -int tls12_do_accept(TLS_CONNECT *conn); - - -#define TLS13_SM2_ID "TLSv1.3+GM+Cipher+Suite" -#define TLS13_SM2_ID_LENGTH (sizeof(TLS13_SM2_ID)-1) - -int tls13_do_connect(TLS_CONNECT *conn); -int tls13_do_accept(TLS_CONNECT *conn); - -int tls_send_alert(TLS_CONNECT *conn, int alert); -int tls_send_warning(TLS_CONNECT *conn, int alert); - -int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *sentlen); -int tls13_recv(TLS_CONNECT *conn, uint8_t *out, size_t outlen, size_t *recvlen); - - -int tls13_connect(TLS_CONNECT *conn, const char *hostname, int port, FILE *server_cacerts_fp, - FILE *client_certs_fp, const SM2_KEY *client_sign_key); -int tls13_accept(TLS_CONNECT *conn, int port, - FILE *server_certs_fp, const SM2_KEY *server_sign_key, - FILE *client_cacerts_fp); - - -int tls13_supported_versions_ext_print(FILE *fp, int fmt, int ind, int handshake_type, const uint8_t *data, size_t datalen); -int tls13_key_share_ext_print(FILE *fp, int fmt, int ind, int handshake_type, const uint8_t *data, size_t datalen); - - -int tls_process_client_hello_exts(const uint8_t *exts, size_t extslen, uint8_t *out, size_t *outlen, size_t maxlen); -int tls_process_server_hello_exts(const uint8_t *exts, size_t extslen, - int *ec_point_format, int *supported_group, int *signature_algor); - - -int tls13_encrypted_extensions_print(FILE *fp, int fmt, int ind, const uint8_t *data, size_t datalen); - -int tls13_extension_print(FILE *fp, int fmt, int ind, - int handshake_type, int ext_type, const uint8_t *ext_data, size_t ext_datalen); -int tls13_extensions_print(FILE *fp, int fmt, int ind, - int handshake_type, const uint8_t *exts, size_t extslen); - -int tls13_certificate_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen); -int tls13_certificate_request_print(FILE *fp, int fmt, int ind, const uint8_t *cert, size_t certlen); -int tls13_certificate_verify_print(FILE *fp, int fmt, int ind, const uint8_t *d, size_t dlen); -int tls13_record_print(FILE *fp, int format, int indent, const uint8_t *record, size_t recordlen); - - -int tls13_gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], - const uint8_t seq_num[8], int record_type, - const uint8_t *in, size_t inlen, size_t padding_len, // TLSInnerPlaintext.content - uint8_t *out, size_t *outlen); // TLSCiphertext.encrypted_record -int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12], - const uint8_t seq_num[8], const uint8_t *in, size_t inlen, - int *record_type, uint8_t *out, size_t *outlen); - - -#ifdef TLS_DEBUG -# define tls_trace(s) fprintf(stderr,(s)) -# define tls_record_trace(fp,rec,reclen,fmt,ind) tls_record_print(fp,rec,reclen,fmt,ind) -# define tlcp_record_trace(fp,rec,reclen,fmt,ind) tlcp_record_print(fp,rec,reclen,fmt,ind) -# define tls12_record_trace(fp,rec,reclen,fmt,ind) tls12_record_print(fp,rec,reclen,fmt,ind) -# define tls13_record_trace(fp,rec,reclen,fmt,ind) tls13_record_print(fp,fmt,ind,rec,reclen) -#else -# define tls_trace(s) -# define tls_record_trace(fp,rec,reclen,fmt,ind) -# define tlcp_record_trace(fp,rec,reclen,fmt,ind) -# define tls12_record_trace(fp,rec,reclen,fmt,ind) -# define tls13_record_trace(fp,rec,reclen,fmt,ind) -#endif - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/version.h b/include/gmssl/version.h deleted file mode 100644 index 71ac63b..0000000 --- a/include/gmssl/version.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_VERSION_H -#define GMSSL_VERSION_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -// Also update CPACK_PACKAGE_VERSION in CMakeLists.txt -#define GMSSL_VERSION_NUM 30101 -#define GMSSL_VERSION_STR "GmSSL 3.1.1 PR1" - -_gmssl_export int gmssl_version_num(void); -_gmssl_export const char *gmssl_version_str(void); - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/x509.h b/include/gmssl/x509.h deleted file mode 100644 index 1b57971..0000000 --- a/include/gmssl/x509.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_X509_H -#define GMSSL_X509_H - -#include - -#endif diff --git a/include/gmssl/x509_alg.h b/include/gmssl/x509_alg.h deleted file mode 100644 index e764b3f..0000000 --- a/include/gmssl/x509_alg.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_X509_ALG_H -#define GMSSL_X509_ALG_H - - -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* -AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY } -*/ - -const char *x509_digest_algor_name(int oid); -int x509_digest_algor_from_name(const char *name); -int x509_digest_algor_from_der(int *oid, const uint8_t **in, size_t *inlen); -int x509_digest_algor_to_der(int oid, uint8_t **out, size_t *outlen); -int x509_digest_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -const char *x509_encryption_algor_name(int oid); -int x509_encryption_algor_from_name(const char *name); -int x509_encryption_algor_from_der(int *oid, const uint8_t **iv, size_t *ivlen, const uint8_t **in, size_t *inlen); -int x509_encryption_algor_to_der(int oid, const uint8_t *iv, size_t ivlen, uint8_t **out, size_t *outlen); -int x509_encryption_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -const char *x509_signature_algor_name(int oid); -int x509_signature_algor_from_name(const char *name); -int x509_signature_algor_from_der(int *oid, const uint8_t **in, size_t *inlen); -int x509_signature_algor_to_der(int oid, uint8_t **out, size_t *outlen); -int x509_signature_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -const char *x509_public_key_encryption_algor_name(int oid); -int x509_public_key_encryption_algor_from_name(const char *name); -int x509_public_key_encryption_algor_from_der(int *oid, const uint8_t **params, size_t *params_len, const uint8_t **in, size_t *inlen); -int x509_public_key_encryption_algor_to_der(int oid, uint8_t **out, size_t *outlen); -int x509_public_key_encryption_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -const char *x509_public_key_algor_name(int oid); -int x509_public_key_algor_from_name(const char *name); -int x509_public_key_algor_to_der(int oid, int curve, uint8_t **out, size_t *outlen); -int x509_public_key_algor_from_der(int *oid, int *curve_or_null, const uint8_t **in, size_t *inlen); -int x509_public_key_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/x509_cer.h b/include/gmssl/x509_cer.h deleted file mode 100644 index f8d3857..0000000 --- a/include/gmssl/x509_cer.h +++ /dev/null @@ -1,390 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_X509_CER_H -#define GMSSL_X509_CER_H - - -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -enum X509_Version { - X509_version_v1 = 0, - X509_version_v2 = 1, - X509_version_v3 = 2, -}; - -const char *x509_version_name(int version); -int x509_explicit_version_to_der(int index, int version, uint8_t **out, size_t *outlen); -int x509_explicit_version_from_der(int index, int *version, const uint8_t **in, size_t *inlen); - -/* -Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } -*/ -#define X509_MAX_UTC_TIME 2524607999 // "20491231235959Z" -#define X509_MAX_GENERALIZED_TIME 253402300799 // "99991231235959Z" -int x509_time_to_der(time_t a, uint8_t **out, size_t *outlen); -int x509_time_from_der(time_t *a, const uint8_t **in, size_t *inlen); - -/* -Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } -*/ -#define X509_VALIDITY_MIN_DAYS 1 -#define X509_VALIDITY_MAX_DAYS 3653 -#define X509_VALIDITY_MAX_SECONDS (X509_VALIDITY_MAX_DAYS * 86400) -int x509_validity_add_days(time_t *not_after, time_t not_before, int days); -int x509_validity_to_der(time_t not_before, time_t not_after, uint8_t **out, size_t *outlen); -int x509_validity_from_der(time_t *not_before, time_t *not_after, const uint8_t **in, size_t *inlen); -int x509_validity_check(time_t not_before, time_t not_after, time_t now, int max_secs); -int x509_validity_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -DirectoryString or DirectoryName - -DirectoryName ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1..MAX)), - bmpString BMPString (SIZE (1..MAX)), -} -*/ -int x509_directory_name_check(int tag, const uint8_t *d, size_t dlen); -int x509_directory_name_check_ex(int tag, const uint8_t *d, size_t dlen, size_t minlen, size_t maxlen); -int x509_directory_name_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int x509_directory_name_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -int x509_explicit_directory_name_to_der(int index, int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int x509_explicit_directory_name_from_der(int index, int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -int x509_directory_name_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen); - -/* -AttributeTypeAndValue ::= SEQUENCE { - type OBJECT IDENTIFIER, - value ANY -- DEFINED BY AttributeType } - -id-at - OID_at_name name DirectoryName 1..ub-name - OID_at_surname surname DirectoryName 1..ub-name - OID_at_given_name givenName DirectoryName 1..ub-name - OID_at_initials initials DirectoryName 1..ub-name - OID_at_generation_qualifier generationQualifier DirectoryName 1..ub-name - OID_at_common_name commonName DirectoryName 1..ub-common-name - OID_at_locality_name localityName DirectoryName 1..ub-locality-name - OID_at_state_or_province_name stateOrProvinceName DirectoryName 1..ub-state-name - OID_at_organization_name organizationName DirectoryName 1..ub-organization-name - OID_at_organizational_unit_name organizationalUnitName DirectoryName 1..ub-organizational-unit-name - OID_at_title title DirectoryName 1..ub-title - OID_at_dn_qualifier dnQualifier PrintableString N/A - OID_at_country_name countryName PrintableString 2..2 - OID_at_serial_number serialNumber PrintableString 1..ub-serial-number - OID_at_pseudonym pseudonym DirectoryName 1..ub-pseudonym - OID_domain_component domainComponent IA5String N/A -*/ -const char *x509_name_type_name(int oid); -int x509_name_type_from_name(const char *name); -int x509_name_type_from_der(int *oid, const uint8_t **in, size_t *inlen); -int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen); - -#define X509_ub_name 32768 -#define X509_ub_common_name 64 -#define X509_ub_locality_name 128 -#define X509_ub_state_name 128 -#define X509_ub_organization_name 64 -#define X509_ub_organizational_unit_name 64 -#define X509_ub_title 64 -#define X509_ub_serial_number 64 -#define X509_ub_pseudonym 128 - -int x509_attr_type_and_value_check(int oid, int tag, const uint8_t *val, size_t vlen); -int x509_attr_type_and_value_to_der(int oid, int tag, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen); -int x509_attr_type_and_value_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen); -int x509_attr_type_and_value_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue -*/ -int x509_rdn_to_der(int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen, uint8_t **out, size_t *outlen); -int x509_rdn_from_der(int *oid, int *tag, const uint8_t **val, size_t *vlen, const uint8_t **more, size_t *mlen, const uint8_t **in, size_t *inlen); -int x509_rdn_check(const uint8_t *d, size_t dlen); -int x509_rdn_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -Name ::= SEQUENCE OF RelativeDistinguishedName -*/ -int x509_name_add_rdn(uint8_t *d, size_t *dlen, size_t maxlen, int oid, int tag, const uint8_t *val, size_t vlen, const uint8_t *more, size_t mlen); -int x509_name_add_country_name(uint8_t *d, size_t *dlen, size_t maxlen, const char val[2] ); // val: PrintableString SIZE(2) -int x509_name_add_state_or_province_name(uint8_t *d, size_t *dlen, size_t maxlen, int tag, const uint8_t *val, size_t vlen); -int x509_name_add_locality_name(uint8_t *d, size_t *dlen, size_t maxlen, int tag, const uint8_t *val, size_t vlen); -int x509_name_add_organization_name(uint8_t *d, size_t *dlen, size_t maxlen, int tag, const uint8_t *val, size_t vlen); -int x509_name_add_organizational_unit_name(uint8_t *d, size_t *dlen, size_t maxlen, int tag, const uint8_t *val, size_t vlen); -int x509_name_add_common_name(uint8_t *d, size_t *dlen, size_t maxlen, int tag, const uint8_t *val, size_t vlen); -int x509_name_add_domain_component(uint8_t *d, size_t *dlen, size_t maxlen, const char *val, size_t vlen); // val: IA5String - -int x509_name_set(uint8_t *d, size_t *dlen, size_t maxlen, - const char country[2], const char *state, const char *locality, - const char *org, const char *org_unit, const char *common_name); - -#define x509_name_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen) -#define x509_name_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen) -int x509_name_check(const uint8_t *d, size_t dlen); -int x509_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); -int x509_name_get_value_by_type(const uint8_t *d, size_t dlen, int oid, int *tag, const uint8_t **val, size_t *vlen); -int x509_name_get_common_name(const uint8_t *d, size_t dlen, int *tag, const uint8_t **val, size_t *vlen); -int x509_name_equ(const uint8_t *a, size_t alen, const uint8_t *b, size_t blen); - -int x509_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } - -algorithm.algorithm = OID_ec_public_key; -algorithm.parameters = OID_sm2; -subjectPublicKey = ECPoint -*/ -#define x509_public_key_info_to_der(key,out,outlen) sm2_public_key_info_to_der(key,out,outlen) -#define x509_public_key_info_from_der(key,in,inlen) sm2_public_key_info_from_der(key,in,inlen) -int x509_public_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value - -id-ce: - OID_ce_authority_key_identifier - OID_ce_subject_key_identifier - OID_ce_key_usage - OID_ce_certificate_policies - OID_ce_policy_mappings - OID_ce_subject_alt_name - OID_ce_issuer_alt_name - OID_ce_subject_directory_attributes - OID_ce_basic_constraints - OID_ce_name_constraints - OID_ce_policy_constraints - OID_ce_ext_key_usage - OID_ce_crl_distribution_points - OID_ce_inhibit_any_policy - OID_ce_freshest_crl - OID_netscape_cert_comment -*/ -const char *x509_ext_id_name(int oid); -int x509_ext_id_from_name(const char *name); -int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_count, const uint8_t **in, size_t *inlen); -int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen); - -int x509_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen); -int x509_ext_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen); -int x509_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -[3] EXPLICIT SEQUENCE OF Extension - */ -int x509_explicit_exts_to_der(int index, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int x509_explicit_exts_from_der(int index, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -#define x509_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(3,d,dlen,out,outlen) -#define x509_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(3,d,dlen,in,inlen) - -int x509_exts_get_ext_by_oid(const uint8_t *d, size_t dlen, int oid, - int *critical, const uint8_t **val, size_t *vlen); -int x509_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -TBSCertificate ::= SEQUENCE { - version [0] EXPLICIT INTEGER DEFAULT v1, - serialNumber INTEGER, - siganture AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPulbicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3 - subjectUniqueID [2] IMPLICIT BIT STRING OPTIONAL, -- If present, must be v2,v3 - extensions [3] EXPLICIT Extensions OPTIONAL -- If present, must be v3 } -*/ -#define X509_SERIAL_NUMBER_MIN_LEN 1 -#define X509_SERIAL_NUMBER_MAX_LEN 20 -#define X509_UNIQUE_ID_MIN_LEN 32 -#define X509_UNIQUE_ID_MAX_LEN 32 - -int x509_tbs_cert_to_der( - int version, - const uint8_t *serial, size_t serial_len, - int signature_algor, - const uint8_t *issuer, size_t issuer_len, - time_t not_before, time_t not_after, - const uint8_t *subject, size_t subject_len, - const SM2_KEY *subject_public_key, - const uint8_t *issuer_unique_id, size_t issuer_unique_id_len, - const uint8_t *subject_unique_id, size_t subject_unique_id_len, - const uint8_t *exts, size_t exts_len, - uint8_t **out, size_t *outlen); -int x509_tbs_cert_from_der( - int *version, - const uint8_t **serial, size_t *serial_len, - int *signature_algor, - const uint8_t **issuer, size_t *issuer_len, - time_t *not_before, time_t *not_after, - const uint8_t **subject, size_t *subject_len, - SM2_KEY *subject_public_key, - const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len, - const uint8_t **subject_unique_id, size_t *subject_unique_id_len, - const uint8_t **exts, size_t *exts_len, - const uint8_t **in, size_t *inlen); -int x509_tbs_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } -*/ -int x509_certificate_to_der( - const uint8_t *tbs, size_t tbslen, - int signature_algor, - const uint8_t *sig, size_t siglen, - uint8_t **out, size_t *outlen); -int x509_certificate_from_der( - const uint8_t **tbs, size_t *tbslen, - int *signature_algor, - const uint8_t **sig, size_t *siglen, - const uint8_t **in, size_t *inlen); - -int x509_signed_from_der( - const uint8_t **tbs, size_t *tbslen, - int *signature_algor, - const uint8_t **sig, size_t *siglen, - const uint8_t **in, size_t *inlen); -int x509_signed_verify(const uint8_t *a, size_t alen, const SM2_KEY *pub_key, - const char *signer_id, size_t signer_id_len); -int x509_signed_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen, - const char *signer_id, size_t signer_id_len); - -// x509_cert functions -int x509_cert_sign_to_der( - int version, - const uint8_t *serial, size_t serial_len, - int signature_algor, - const uint8_t *issuer, size_t issuer_len, - time_t not_before, time_t not_after, - const uint8_t *subject, size_t subject_len, - const SM2_KEY *subject_public_key, - const uint8_t *issuer_unique_id, size_t issuer_unique_id_len, - const uint8_t *subject_unique_id, size_t subject_unique_id_len, - const uint8_t *exts, size_t exts_len, - const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len, - uint8_t **out, size_t *outlen); - -int x509_cert_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); -int x509_cert_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); -int x509_cert_to_pem(const uint8_t *a, size_t alen, FILE *fp); -int x509_cert_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp); -int x509_cert_from_pem_by_subject(uint8_t *a, size_t *alen, size_t maxlen, const uint8_t *name, size_t namelen, FILE *fp); -int x509_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); - -int x509_cert_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen, - const char *signer_id, size_t signer_id_len); - -int x509_cert_get_details(const uint8_t *a, size_t alen, - int *version, - const uint8_t **serial_number, size_t *serial_number_len, - int *inner_signature_algor, - const uint8_t **issuer, size_t *issuer_len, - time_t *not_before, time_t *not_after, - const uint8_t **subject, size_t *subject_len, - SM2_KEY *subject_public_key, - const uint8_t **issuer_unique_id, size_t *issuer_unique_id_len, - const uint8_t **subject_unique_id, size_t *subject_unique_id_len, - const uint8_t **extensions, size_t *extensions_len, - int *signature_algor, - const uint8_t **signature, size_t *signature_len); - - -typedef enum { - X509_cert_server_auth, - X509_cert_client_auth, - X509_cert_server_key_encipher, - X509_cert_client_key_encipher, - X509_cert_ca, - X509_cert_root_ca, - X509_cert_crl_sign, -} X509_CERT_TYPE; - -int x509_cert_check(const uint8_t *cert, size_t certlen, int cert_type, int *path_len_constraint); - -/* -IssuerAndSerialNumber ::= SEQUENCE { - isser Name, - serialNumber INTEGER } -*/ -int x509_cert_get_issuer_and_serial_number(const uint8_t *a, size_t alen, - const uint8_t **issuer, size_t *issuer_len, - const uint8_t **serial_number, size_t *serial_number_len); -int x509_cert_get_issuer(const uint8_t *a, size_t alen, const uint8_t **name, size_t *namelen); -int x509_cert_get_subject(const uint8_t *a, size_t alen, const uint8_t **subj, size_t *subj_len); -int x509_cert_get_subject_public_key(const uint8_t *a, size_t alen, SM2_KEY *public_key); -int x509_cert_get_exts(const uint8_t *a, size_t alen, const uint8_t **d, size_t *dlen); - -int x509_certs_to_pem(const uint8_t *d, size_t dlen, FILE *fp); -int x509_certs_from_pem(uint8_t *d, size_t *dlen, size_t maxlen, FILE *fp); -int x509_certs_get_count(const uint8_t *d, size_t dlen, size_t *cnt); -int x509_certs_get_cert_by_index(const uint8_t *d, size_t dlen, int index, const uint8_t **cert, size_t *certlen); -int x509_certs_get_cert_by_subject(const uint8_t *d, size_t dlen, const uint8_t *subject, size_t subject_len, const uint8_t **cert, size_t *certlen); -int x509_certs_get_last(const uint8_t *d, size_t dlen, const uint8_t **cert, size_t *certlen); - -int x509_certs_get_cert_by_subject_and_key_identifier(const uint8_t *d, size_t dlen, - const uint8_t *subject, size_t subject_len, - const uint8_t *key_id, size_t key_id_len, - const uint8_t **cert, size_t *certlen); -int x509_certs_get_cert_by_issuer_and_serial_number( - const uint8_t *certs, size_t certs_len, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial, size_t serial_len, - const uint8_t **cert, size_t *cert_len); - -typedef enum { - X509_cert_chain_server, - X509_cert_chain_client, -} X509_CERT_CHAIN_TYPE; - -#define X509_MAX_VERIFY_DEPTH 6 -int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type, - const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result); -int x509_certs_verify_tlcp(const uint8_t *certs, size_t certslen, int certs_type, - const uint8_t *rootcerts, size_t rootcertslen, int depth, int *verify_result); -int x509_certs_get_subjects(const uint8_t *certs, size_t certslen, uint8_t *names, size_t *nameslen); -int x509_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -int x509_cert_new_from_file(uint8_t **out, size_t *outlen, const char *file); -int x509_certs_new_from_file(uint8_t **out, size_t *outlen, const char *file); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/x509_crl.h b/include/gmssl/x509_crl.h deleted file mode 100644 index 76a9e94..0000000 --- a/include/gmssl/x509_crl.h +++ /dev/null @@ -1,309 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - - -#ifndef GMSSL_X509_CRL_H -#define GMSSL_X509_CRL_H - - -#include -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -/* -CRLReason ::= ENUMERATED -*/ -typedef enum { - X509_cr_unspecified = 0, - X509_cr_key_compromise = 1, - X509_cr_ca_compromise = 2 , - X509_cr_affiliation_changed = 3, - X509_cr_superseded = 4, - X509_cr_cessation_of_operation = 5, - X509_cr_certificate_hold = 6, - X509_cr_not_assigned = 7, - X509_cr_remove_from_crl = 8, - X509_cr_privilege_withdrawn = 9, - X509_cr_aa_compromise = 10, -} X509_CRL_REASON; - -const char *x509_crl_reason_name(int reason); -int x509_crl_reason_from_name(int *reason, const char *name); -int x509_crl_reason_to_der(int reason, uint8_t **out, size_t *outlen); -int x509_crl_reason_from_der(int *reason, const uint8_t **in, size_t *inlen); -int x509_implicit_crl_reason_from_der(int index, int *reason, const uint8_t **in, size_t *inlen); - -/* -CRL Entry Extensions: - OID_ce_crl_reasons ENUMERATED non-critical - OID_ce_invalidity_date GeneralizedTime non-critical - OID_ce_certificate_issuer GeneralNames MUST critical -*/ -const char *x509_crl_entry_ext_id_name(int oid); -int x509_crl_entry_ext_id_from_name(const char *name); -int x509_crl_entry_ext_id_to_der(int oid, uint8_t **out, size_t *outlen); -int x509_crl_entry_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen); - -int x509_crl_entry_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen); -int x509_crl_entry_ext_from_der(int *oid, int *critical, const uint8_t **val, size_t *vlen, const uint8_t **in, size_t *inlen); -int x509_crl_entry_ext_critical_check(int oid, int critical); -int x509_crl_entry_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int x509_crl_reason_ext_to_der(int critical, int reason, uint8_t **out, size_t *outlen); -int x509_invalidity_date_ext_to_der(int critical, time_t date, uint8_t **out, size_t *outlen); -int x509_cert_issuer_ext_to_der(int critical, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int x509_crl_entry_ext_from_der_ex(int *oid, int *critical, - int *reason, time_t *invalid_date, const uint8_t **cert_issuer, size_t *cert_issuer_len, - const uint8_t **in, size_t *inlen); - -int x509_crl_entry_exts_to_der( - int reason, time_t invalid_date, const uint8_t *cert_issuer, size_t cert_issuer_len, - uint8_t **out, size_t *outlen); -int x509_crl_entry_exts_from_der( - int *reason, time_t *invalid_date, const uint8_t **cert_issuer, size_t *cert_issuer_len, - const uint8_t **in, size_t *inlen); -int x509_crl_entry_exts_get(const uint8_t *d, size_t dlen, - int *reason, time_t *invalid_date, const uint8_t **cert_issuer, size_t *cert_issuer_len); -int x509_crl_entry_exts_check(const uint8_t *d, size_t dlen); -int x509_crl_entry_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -RevokedCertificate ::= SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL } -*/ -int x509_revoked_cert_to_der( - const uint8_t *serial, size_t serial_len, time_t revoke_date, - const uint8_t *crl_entry_exts, size_t crl_entry_exts_len, - uint8_t **out, size_t *outlen); -int x509_revoked_cert_from_der( - const uint8_t **serial, size_t *serial_len, time_t *revoke_date, - const uint8_t **crl_entry_exts, size_t *crl_entry_exts_len, - const uint8_t **in, size_t *inlen); -int x509_revoked_cert_to_der_ex( - const uint8_t *serial, size_t serial_len, time_t revoke_date, - int reason, time_t invalid_date, const uint8_t *cert_issuer, size_t cert_issuer_len, - uint8_t **out, size_t *outlen); -int x509_revoked_cert_from_der_ex( - const uint8_t **serial, size_t *serial_len, time_t *revoke_date, - int *reason, time_t *invalid_date, const uint8_t **cert_issuer, size_t *cert_issuer_len, - const uint8_t **in, size_t *inlen); -int x509_revoked_cert_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int x509_cert_revoke_to_der(const uint8_t *cert, size_t certlen, - time_t revoke_date, int reason, time_t invalid_date, const uint8_t *cert_issuer, size_t cert_issuer_len, - uint8_t **out, size_t *outlen); - -/* -RevokedCertificates ::= SEQUENCE OF RevokedCertificate -*/ -int x509_revoked_certs_find_revoked_cert_by_serial_number(const uint8_t *d, size_t dlen, - const uint8_t *serial, size_t serial_len, time_t *revoke_date, - const uint8_t **crl_entry_exts, size_t *crl_entry_exts_len); -int x509_revoked_certs_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -CRL Extensions: - OID_ce_authority_key_identifier AuthorityKeyIdentifier critical or non-critical - OID_ce_issuer_alt_name GeneralNames SHOULD non-critical - OID_ce_crl_number INTEGER MUST non-critical - OID_ce_delta_crl_indicator INTEGER MUST critical - OID_ce_issuing_distribution_point IssuingDistributionPoint critical - OID_ce_freshest_crl CRLDistributionPoints MUST non-critical - OID_pe_authority_info_access AccessDescriptions MUST non-critical -*/ -const char *x509_crl_ext_id_name(int oid); -int x509_crl_ext_id_from_name(const char *name); -int x509_crl_ext_id_to_der(int oid, uint8_t **out, size_t *outlen); -int x509_crl_ext_id_from_der(int *oid, const uint8_t **in, size_t *inlen); -int x509_crl_ext_id_from_der_ex(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen); - -/* -IssuingDistributionPoint ::= SEQUENCE { - distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, - onlyContainsUserCerts [1] IMPLICIT BOOLEAN DEFAULT FALSE, - onlyContainsCACerts [2] IMPLICIT BOOLEAN DEFAULT FALSE, - onlySomeReasons [3] IMPLICIT ReasonFlags OPTIONAL, - indirectCRL [4] IMPLICIT BOOLEAN DEFAULT FALSE, - onlyContainsAttributeCerts [5] IMPLICIT BOOLEAN DEFAULT FALSE } -*/ -int x509_issuing_distribution_point_to_der( - const char *dist_point_uri, size_t dist_point_uri_len, - int only_contains_user_certs, - int only_contains_ca_certs, - int only_some_reasons, - int indirect_crl, - int only_contains_attr_certs, - uint8_t **out, size_t *outlen); -int x509_issuing_distribution_point_from_der( - int *dist_point_choice, const uint8_t **dist_point, size_t *dist_point_len, - int *only_contains_user_certs, - int *only_contains_ca_certs, - int *only_some_reasons, - int *indirect_crl, - int *only_contains_attr_certs, - const uint8_t **in, size_t *inlen); -int x509_issuing_distribution_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int x509_crl_ext_to_der(int oid, int critical, const uint8_t *val, size_t vlen, uint8_t **out, size_t *outlen); -int x509_crl_ext_from_der_ex(int *oid, uint32_t *nodes, size_t *nodes_cnt, - int *critical, const uint8_t **val, size_t *vlen, - const uint8_t **in, size_t *inlen); -int x509_crl_ext_critical_check(int oid, int critical); -int x509_crl_ext_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -int x509_crl_exts_add_authority_key_identifier( - uint8_t *exts, size_t *extslen, size_t maxlen, - int critical, - const uint8_t *keyid, size_t keyid_len, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial, size_t serial_len); -int x509_crl_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen, - const SM2_KEY *public_key); -int x509_crl_exts_add_issuer_alt_name( - uint8_t *exts, size_t *extslen, size_t maxlen, - int critical, - const uint8_t *d, size_t dlen); -int x509_crl_exts_add_crl_number_ex( - uint8_t *exts, size_t *extslen, size_t maxlen, - int oid, int critical, int num); -int x509_crl_exts_add_crl_number( - uint8_t *exts, size_t *extslen, size_t maxlen, - int critical, - int num); -int x509_crl_exts_add_delta_crl_indicator( - uint8_t *exts, size_t *extslen, size_t maxlen, - int critical, - int num); -int x509_crl_exts_add_issuing_distribution_point( - uint8_t *exts, size_t *extslen, size_t maxlen, - int critical, - const char *dist_point_uri, size_t dist_point_uri_len, - int only_contains_user_certs, - int only_contains_ca_certs, - int only_some_reasons, - int indirect_crl, - int only_contains_attr_certs); -int x509_crl_exts_add_freshest_crl( - uint8_t *exts, size_t *extslen, size_t maxlen, int critical, - const char *http_uri, size_t http_urilen, - const char *ldap_uri, size_t ldap_urilen); -int x509_crl_exts_add_authority_info_acess( - uint8_t *exts, size_t *extslen, size_t maxlen, int critical, - const char *ca_issuers_uri, size_t ca_issuers_urilen, - const char *ocsp_uri, size_t ocsp_urilen); - -#define x509_crl_exts_to_der(d,dlen,out,outlen) x509_explicit_exts_to_der(0,d,dlen,out,outlen) -#define x509_crl_exts_from_der(d,dlen,in,inlen) x509_explicit_exts_from_der(0,d,dlen,in,inlen) -int x509_crl_exts_check(const uint8_t *d, size_t dlen); -int x509_crl_exts_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -TBSCertList ::= SEQUENCE { - version INTEGER OPTIONAL, -- if present, MUST be v2 - signature AlgorithmIdentifier, - issuer Name, - thisUpdate Time, - nextUpdate Time OPTIONAL, - revokedCertificates RevokedCertificates OPTIONAL, - crlExtensions [0] EXPLICIT Extensions OPTIONAL, -- if present, MUST be v2 } -*/ -int x509_tbs_crl_to_der( - int version, - int signature_algor, - const uint8_t *issuer, size_t issuer_len, - time_t this_update, - time_t next_update, - const uint8_t *revoked_certs, size_t revoked_certs_len, - const uint8_t *exts, size_t exts_len, - uint8_t **out, size_t *outlen); -int x509_tbs_crl_from_der( - int *version, - int *signature_algor, - const uint8_t **issuer, size_t *issuer_len, - time_t *this_update, - time_t *next_update, - const uint8_t **revoked_certs, size_t *revoked_certs_len, - const uint8_t **exts, size_t *exts_len, - const uint8_t **in, size_t *inlen); -int x509_tbs_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -CertificateList ::= SEQUENCE { - tbsCertList TBSCertList, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } -*/ -int x509_crl_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); -int x509_crl_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); -int x509_crl_to_pem(const uint8_t *a, size_t alen, FILE *fp); -int x509_crl_from_pem(uint8_t *a, size_t *alen, size_t maxlen, FILE *fp); -int x509_crl_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen); - - -int x509_crl_sign_to_der( - int version, int sig_alg, - const uint8_t *issuer, size_t issuer_len, - time_t this_update, time_t next_update, - const uint8_t *revoked_certs, size_t revoked_certs_len, - const uint8_t *crl_exts, size_t crl_exts_len, - const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len, - uint8_t **out, size_t *outlen); -int x509_crl_from_der_ex( - int *version, - int *inner_sig_alg, - const uint8_t **issuer, size_t *issuer_len, - time_t *this_update, time_t *next_update, - const uint8_t **revoked_certs, size_t *revoked_certs_len, - const uint8_t **exts, size_t *exts_len, - int *sig_alg, const uint8_t **sig, size_t *siglen, - const uint8_t **in, size_t *inlen); -int x509_crl_check(const uint8_t *a, size_t alen, time_t now); -int x509_crl_verify(const uint8_t *a, size_t alen, - const SM2_KEY *sign_pub_key, const char *signer_id, size_t signer_id_len); -int x509_crl_verify_by_ca_cert(const uint8_t *a, size_t alen, const uint8_t *cacert, size_t cacertlen, - const char *signer_id, size_t signer_id_len); -int x509_crl_get_details(const uint8_t *crl, size_t crl_len, - int *version, - int *inner_sig_alg, - const uint8_t **issuer, size_t *issuer_len, - time_t *this_update, - time_t *next_update, - const uint8_t **revoked_certs, size_t *revoked_certs_len, - const uint8_t **exts, size_t *exts_len, - int *signature_algor, - const uint8_t **sig, size_t *siglen); -int x509_crl_get_issuer(const uint8_t *crl, size_t crl_len, - const uint8_t **issuer, size_t *issuer_len); -int x509_crl_get_revoked_certs(const uint8_t *a, size_t alen, const uint8_t **d, size_t *dlen); -int x509_crl_find_revoked_cert_by_serial_number(const uint8_t *a, size_t alen, - const uint8_t *serial, size_t serial_len, time_t *revoke_date, - const uint8_t **entry_exts, size_t *entry_exts_len); - -int x509_crls_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int x509_crl_new_from_uri(uint8_t **crl, size_t *crl_len, const char *uri, size_t urilen); -int x509_crl_new_from_cert(uint8_t **crl, size_t *crl_len, const uint8_t *cert, size_t certlen); -int x509_cert_check_crl(const uint8_t *cert, size_t certlen, const uint8_t *cacert, size_t cacertlen, - const char *ca_signer_id, size_t ca_signer_id_len); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/x509_ext.h b/include/gmssl/x509_ext.h deleted file mode 100644 index 0765fd8..0000000 --- a/include/gmssl/x509_ext.h +++ /dev/null @@ -1,641 +0,0 @@ -/* - * Copyright 2014-2023 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_X509_EXT_H -#define GMSSL_X509_EXT_H - - -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -enum { - X509_non_critical = 0, - X509_critical = 1, -}; - -/* -Extensions: - - 1. AuthorityKeyIdentifier SEQUENCE AuthorityKeyIdentifier MUST non-critical - 2. SubjectKeyIdentifier OCTET STRING MUST non-critical - 3. KeyUsage BIT STRING SHOULD critical - 4. CertificatePolicies SEQUENCE OF SEQUENCE CertificatePolicies - 5. PolicyMappings SEQUENCE OF SEQUENCE PolicyMappings SHOULD critical - 6. SubjectAltName SEQUENCE OF SEQUENCE GeneralNames SHOULD non-critical - 7. IssuerAltName SEQUENCE OF SEQUENCE GeneralNames SHOULD non-critical - 8. SubjectDirectoryAttributes SEQUENCE OF SEQUENCE Attributes MUST non-critical - 9. BasicConstraints SEQUENCE BasicConstraints CA: MUST critical, End-entity: MAY critical or non-critical - 10. NameConstraints SEQUENCE NameConstraints - 11. PolicyConstraints SEQUENCE PolicyConstraints MUST critical - 12. ExtKeyUsageSyntax SEQUENCE OF OBJECT IDENTIFIER MAY critical or non-critical - 13. CRLDistributionPoints SEQUENCE OF SEQUENCE DistributionPoints - 14. InhibitAnyPolicy INTEGER MUST critical - 15. FreshestCRL SEQUENCE OF SEQUENCE DistributionPoints MUST non-critical -*/ - -int x509_exts_add_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, - const uint8_t *keyid, size_t keyid_len, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial, size_t serial_len); -int x509_exts_add_default_authority_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen, - const SM2_KEY *public_key); -int x509_exts_add_subject_key_identifier(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen); -int x509_exts_add_subject_key_identifier_ex(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const SM2_KEY *subject_key); -int x509_exts_add_key_usage(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, int bits); -int x509_exts_add_certificate_policies(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen); -int x509_exts_add_policy_mappings(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen); -int x509_exts_add_subject_alt_name(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen); -int x509_exts_add_issuer_alt_name(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen); -int x509_exts_add_subject_directory_attributes(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen); -int x509_exts_add_name_constraints(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, - const uint8_t *permitted_subtrees, size_t permitted_subtrees_len, - const uint8_t *excluded_subtrees, size_t excluded_subtrees_len); -int x509_exts_add_policy_constraints(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, - int require_explicit_policy, int inhibit_policy_mapping); -int x509_exts_add_basic_constraints(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, int ca, int path_len_constraint); -int x509_exts_add_ext_key_usage(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const int *key_purposes, size_t key_purposes_cnt); -int x509_exts_add_crl_distribution_points_ex(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, int oid, - const char *http_uri, size_t http_urilen, const char *ldap_uri, size_t ldap_urilen); -int x509_exts_add_crl_distribution_points(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, - const char *http_uri, size_t http_urilen, const char *ldap_uri, size_t ldap_urilen); -int x509_exts_add_inhibit_any_policy(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, int skip_certs); -int x509_exts_add_freshest_crl(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, const uint8_t *d, size_t dlen); -int x509_exts_add_authority_info_access(uint8_t *exts, size_t *extslen, size_t maxlen, int critical, - const char *ca_issuers_uri, size_t ca_issuers_urilen, // ca_issuers_uri is the URI (http://examaple.com/subCA.crt) of DER-encoded CA cert - const char *ocsp_uri, size_t ocsp_urilen); - -int x509_exts_add_sequence(uint8_t *exts, size_t *extslen, size_t maxlen, - int oid, int critical, const uint8_t *d, size_t dlen); - -/* -OtherName ::= SEQUENCE { - type-id OBJECT IDENTIFIER, -- known oid from x509_rdn_oid such as OID_at_common_name, or oid nodes - value [0] EXPLICIT ANY DEFINED BY type-id } -*/ -int x509_other_name_to_der( - const uint32_t *nodes, size_t nodes_count, - const uint8_t *value, size_t value_len, - uint8_t **out, size_t *outlen); -int x509_other_name_from_der( - uint32_t *nodes, size_t *nodes_count, - const uint8_t **value, size_t *valuelen, - const uint8_t **in, size_t *inlen); -int x509_other_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -EDIPartyName ::= SEQUENCE { - nameAssigner [0] EXPLICIT DirectoryString OPTIONAL, - partyName [1] EXPLICIT DirectoryString } -*/ -int x509_edi_party_name_to_der( - int assigner_tag, const uint8_t *assigner, size_t assigner_len, - int party_name_tag, const uint8_t *party_name, size_t party_name_len, - uint8_t **out, size_t *outlen); -int x509_edi_party_name_from_der( - int *assigner_tag, const uint8_t **assigner, size_t *assigner_len, - int *party_name_tag, const uint8_t **party_name, size_t *party_name_len, - const uint8_t **in, size_t *inlen); -int x509_edi_party_name_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -GeneralName ::= CHOICE { - otherName [0] IMPLICIT OtherName, -- Only in GeneralName - rfc822Name [1] IMPLICIT IA5String, - dNSName [2] IMPLICIT IA5String, - x400Address [3] IMPLICIT ORAddress, - directoryName [4] IMPLICIT Name, -- SEQENCE OF - ediPartyName [5] IMPLICIT EDIPartyName, -- Only in GeneralName - uniformResourceIdentifier [6] IMPLICIT IA5String, - iPAddress [7] IMPLICIT OCTET STRING, -- 4 bytes or string? - registeredID [8] IMPLICIT OBJECT IDENTIFIER } -*/ -typedef enum { - X509_gn_other_name = 0, - X509_gn_rfc822_name = 1, - X509_gn_dns_name = 2, - X509_gn_x400_address = 3, - X509_gn_directory_name = 4, - X509_gn_edi_party_name = 5, - X509_gn_uniform_resource_identifier = 6, - X509_gn_ip_address = 7, - X509_gn_registered_id = 8, -} X509_GENERAL_NAME_CHOICE; - -int x509_general_name_to_der(int choice, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int x509_general_name_from_der(int *choice, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -int x509_general_name_print(FILE *fp, int fmt, int ind, const char *label, int choice, const uint8_t *d, size_t dlen); - -/* -GeneralNames ::= SEQUENCE OF GeneralName -*/ -#define x509_general_names_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen) -#define x509_general_names_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen) -int x509_general_names_add_general_name(uint8_t *gns, size_t *gnslen, size_t maxlen, - int choice, const uint8_t *d, size_t dlen); -int x509_general_names_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int x509_general_names_add_other_name(uint8_t *gns, size_t *gnslen, size_t maxlen, - const uint32_t *nodes, size_t nodes_count, - const uint8_t *value, size_t value_len); -#define x509_general_names_add_rfc822_name(a,alen,maxlen,s) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_rfc822_name,(uint8_t*)s,strlen(s)) -#define x509_general_names_add_dns_name(a,alen,maxlen,s) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_dns_name,(uint8_t*)s,strlen(s)) -#define x509_general_names_add_x400_address(a,alen,maxlen,d,dlen) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_x400_address,d,dlen) -#define x509_general_names_add_directory_name(a,alen,maxlen,d,dlen) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_directory_name,d,dlen) -int x509_general_names_add_edi_party_name(uint8_t *gns, size_t *gnslen, size_t maxlen, - int assigner_tag, const uint8_t *assigner, size_t assigner_len, - int party_name_tag, const uint8_t *party_name, size_t party_name_len); -#define x509_general_names_add_uniform_resource_identifier(a,alen,maxlen,s) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_uniform_resource_identifier,(uint8_t*)s,strlen(s)) -#define x509_general_names_add_ip_address(a,alen,maxlen,s) x509_general_names_add_general_name(a,alen,maxlen,X509_gn_ip_address,(uint8_t*)s,strlen(s)) -int x509_general_names_add_registered_id(uint8_t *gns, size_t *gnslen, size_t maxlen, - const uint32_t *nodes, size_t nodes_cnt); - -int x509_uri_as_general_names_to_der_ex(int tag, const char *uri, size_t urilen, uint8_t **out, size_t *outlen); -#define x509_uri_as_general_names_to_der(uri,urilen,out,outlen) x509_uri_as_general_names_to_der_ex(ASN1_TAG_SEQUENCE,uri,urilen,out,outlen) - -/* -AuthorityKeyIdentifier ::= SEQUENCE { - keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, - authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL, - authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL } -*/ -int x509_authority_key_identifier_to_der( - const uint8_t *keyid, size_t keyid_len, - const uint8_t *issuer, size_t issuer_len, - const uint8_t *serial, size_t serial_len, - uint8_t **out, size_t *outlen); -int x509_authority_key_identifier_from_der( - const uint8_t **keyid, size_t *keyid_len, - const uint8_t **issuer, size_t *issuer_len, - const uint8_t **serial, size_t *serial_len, - const uint8_t **in, size_t *inlen); -int x509_authority_key_identifier_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -SubjectKeyIdentifier ::= OCTET STRING -*/ -#define X509_SUBJECT_KEY_IDENTIFIER_MIN_LEN 16 -#define X509_SUBJECT_KEY_IDENTIFIER_MAX_LEN 64 - -/* -KeyUsage ::= BIT STRING { - digitalSignature (0), - nonRepudiation (1), -- recent renamed contentCommitment - keyEncipherment (2), - dataEncipherment (3), - keyAgreement (4), - keyCertSign (5), - cRLSign (6), - encipherOnly (7), - decipherOnly (8) } -*/ -#define X509_KU_DIGITAL_SIGNATURE (1 << 0) -#define X509_KU_NON_REPUDIATION (1 << 1) -#define X509_KU_KEY_ENCIPHERMENT (1 << 2) -#define X509_KU_DATA_ENCIPHERMENT (1 << 3) -#define X509_KU_KEY_AGREEMENT (1 << 4) -#define X509_KU_KEY_CERT_SIGN (1 << 5) -#define X509_KU_CRL_SIGN (1 << 6) -#define X509_KU_ENCIPHER_ONLY (1 << 7) -#define X509_KU_DECIPHER_ONLY (1 << 8) - -const char *x509_key_usage_name(int flag); -int x509_key_usage_from_name(int *flag, const char *name); -#define x509_key_usage_to_der(bits,out,outlen) asn1_bits_to_der(bits,out,outlen) -#define x509_key_usage_from_der(bits,in,inlen) asn1_bits_from_der(bits,in,inlen) -int x509_key_usage_check(int bits, int cert_type); -int x509_key_usage_print(FILE *fp, int fmt, int ind, const char *label, int bits); - -/* -DisplayText ::= CHOICE { - ia5String IA5String (SIZE (1..200)), - visibleString VisibleString (SIZE (1..200)), - bmpString BMPString (SIZE (1..200)), - utf8String UTF8String (SIZE (1..200)) -} -*/ -#define X509_DISPLAY_TEXT_MIN_LEN 1 -#define X509_DISPLAY_TEXT_MAX_LEN 200 - -int x509_display_text_check(int tag, const uint8_t *d, size_t dlen); -int x509_display_text_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); -int x509_display_text_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -int x509_display_text_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen); - -/* -NoticeReference ::= SEQUENCE { - organization DisplayText, - noticeNumbers SEQUENCE OF INTEGER } - -UserNotice ::= SEQUENCE { - noticeRef NoticeReference OPTIONAL, - explicitText DisplayText OPTIONAL } -*/ -#define X509_MAX_NOTICE_NUMBERS 32 - -int x509_notice_reference_to_der( - int org_tag, const uint8_t *org, size_t org_len, - const int *notice_numbers, size_t notice_numbers_cnt, - uint8_t **out, size_t *outlen); -int x509_notice_reference_from_der( - int *org_tag, const uint8_t **org, size_t *org_len, - int *notice_numbers, size_t *notice_numbers_cnt, size_t max_notice_numbers, - const uint8_t **in, size_t *inlen); -int x509_notice_reference_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int x509_user_notice_to_der( - int notice_ref_org_tag, const uint8_t *notice_ref_org, size_t notice_ref_org_len, - const int *notice_ref_notice_numbers, size_t notice_ref_notice_numbers_cnt, - int explicit_text_tag, const uint8_t *explicit_text, size_t explicit_text_len, - uint8_t **out, size_t *outlen); -int x509_user_notice_from_der( - int *notice_ref_org_tag, const uint8_t **notice_ref_org, size_t *notice_ref_org_len, - int *notice_ref_notice_numbers, size_t *notice_ref_notice_numbers_cnt, size_t max_notice_ref_notice_numbers, - int *explicit_text_tag, const uint8_t **explicit_text, size_t *explicit_text_len, - const uint8_t **in, size_t *inlen); -int x509_user_notice_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -PolicyQualifierInfo ::= SEQUENCE { - policyQualifierId PolicyQualifierId, - qualifier ANY DEFINED BY policyQualifierId } - -id-qt - OID_qt_cps - OID_qt_unotice - - switch(policyQualifierId) - case id-qt-cps : qualifier ::= IA5String - case id-qt-unotice : qualifier ::= UserNotice -*/ -const char *x509_qualifier_id_name(int oid); -int x509_qualifier_id_from_name(const char *name); -int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen); -int x509_qualifier_id_to_der(int oid, uint8_t **out, size_t *outlen); - -int x509_policy_qualifier_info_to_der( - int oid, - const uint8_t *qualifier, size_t qualifier_len, - uint8_t **out, size_t *outlen); -int x509_policy_qualifier_info_from_der( - int *oid, - const uint8_t **qualifier, size_t *qualifier_len, - const uint8_t **in, size_t *inlen); -int x509_policy_qualifier_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -#define x509_policy_qualifier_infos_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen) -#define x509_policy_qualifier_infos_from_der(d,dlen,in,ineln) asn1_sequence_from_der(d,dlen,in,inlen) -int x509_policy_qualifier_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -PolicyInformation ::= SEQUENCE { - policyIdentifier CertPolicyId, - policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL } - -CertPolicyId ::= OBJECT IDENTIFIER -- undefined - - OID_any_policy -*/ -char *x509_cert_policy_id_name(int oid); -int x509_cert_policy_id_from_name(const char *name); -int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen); -int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen); - -int x509_policy_information_to_der( - int policy_oid, const uint32_t *policy_nodes, size_t policy_nodes_cnt, - const uint8_t *qualifiers, size_t qualifiers_len, - uint8_t **out, size_t *outlen); -int x509_policy_information_from_der( - int *policy_oid, uint32_t *policy_nodes, size_t *policy_nodes_cnt, - const uint8_t **qualifiers, size_t *qualifiers_len, - const uint8_t **in, size_t *inlen); -int x509_policy_information_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation -*/ -int x509_certificate_policies_add_policy_information(uint8_t *d, size_t *dlen, size_t maxlen, - int policy_oid, const uint32_t *policy_nodes, size_t policy_nodes_cnt, - const uint8_t *qualifiers, size_t qualifiers_len); -int x509_certificate_policies_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); -#define x509_certificate_policies_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen) -#define x509_certificate_policies_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen) - -/* -PolicyMapping ::= SEQUENCE { - issuerDomainPolicy CertPolicyId, -- id-anyPolicy or other undefined - subjectDomainPolicy CertPolicyId } -*/ -int x509_policy_mapping_to_der( - int issuer_policy_oid, const uint32_t *issuer_policy_nodes, size_t issuer_policy_nodes_cnt, - int subject_policy_oid, const uint32_t *subject_policy_nodes, size_t subject_policy_nodes_cnt, - uint8_t **out, size_t *outlen); -int x509_policy_mapping_from_der( - int *issuer_policy_oid, uint32_t *issuer_policy_nodes, size_t *issuer_policy_nodes_cnt, - int *subject_policy_oid, uint32_t *subject_policy_nodes, size_t *subject_policy_nodes_cnt, - const uint8_t **in, size_t *inlen); -int x509_policy_mapping_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -PolicyMappings ::= SEQUENCE OF PolicyMapping -*/ -int x509_policy_mappings_add_policy_mapping(uint8_t *d, size_t *dlen, size_t maxlen, - int issuer_policy_oid, const uint32_t *issuer_policy_nodes, size_t issuer_policy_nodes_cnt, - int subject_policy_oid, const uint32_t *subject_policy_nodes, size_t subject_policy_nodes_cnt); -int x509_policy_mappings_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); -#define x509_policy_mappings_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen) -#define x509_policy_mappings_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen) - -/* -SubjectAltName ::= GeneralNames -*/ -#define x509_subject_alt_name_print(fp,fmt,ind,label,d,dlen) x509_general_names_print(fp,fmt,ind,label,d,dlen) - -/* -IssuerAltName ::= GeneralNames -*/ -#define x509_issuer_alt_name_print(fp,fmt,ind,label,d,dlen) x509_general_names_print(fp,fmt,ind,label,d,dlen) - -/* -SubjectDirectoryAttributes ::= SEQUENCE OF Attribute - -Attribute ::= SEQUENCE { - type OBJECT IDENTIFIER, - values SET OF ANY } -*/ -int x509_attribute_to_der( - const uint32_t *nodes, size_t nodes_cnt, - const uint8_t *values, size_t values_len, - uint8_t **out, size_t *outlen); -int x509_attribute_from_der( - int *oid, uint32_t *nodes, size_t *nodes_cnt, - const uint8_t **values, size_t *values_len, - const uint8_t **in, size_t *inlen); -int x509_attribute_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int x509_attributes_add_attribute(uint8_t *d, size_t *dlen, size_t maxlen, - const uint32_t *nodes, size_t nodes_cnt, - const uint8_t *values, size_t values_len); -int x509_attributes_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); -#define x509_attributes_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen) -#define x509_attributes_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen) - -/* -BasicConstraints ::= SEQUENCE { - cA BOOLEAN DEFAULT FALSE, - pathLenConstraint INTEGER (0..MAX) OPTIONAL } -*/ -#define X509_MAX_PATH_LEN_CONSTRAINT 6 -int x509_basic_constraints_to_der(int ca, int path_len_cons, uint8_t **out, size_t *outlen); -int x509_basic_constraints_from_der(int *ca, int *path_len_cons, const uint8_t **in, size_t *inlen); -int x509_basic_constraints_check(int ca, int path_len_cons, int cert_type); -int x509_basic_constraints_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -GeneralSubtree ::= SEQUENCE { - base GeneralName, - minimum [0] IMPLICIT BaseDistance DEFAULT 0, - maximum [1] IMPLICIT BaseDistance OPTIONAL } - -BaseDistance ::= INTEGER (0..MAX) -*/ -int x509_general_subtree_to_der( - int base_choice, const uint8_t *base, size_t base_len, - int minimum, int maximum, - uint8_t **out, size_t *outlen); -int x509_general_subtree_from_der( - int *base_choice, const uint8_t **base, size_t *base_len, - int *minimum, int *maximum, - const uint8_t **in, size_t *inlen); -int x509_general_subtree_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree -*/ -int x509_general_subtrees_add_general_subtree(uint8_t *d, size_t *dlen, size_t maxlen, - int base_choice, const uint8_t *base, size_t base_len, - int minimum, int maximum); -int x509_general_subtrees_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); -#define x509_general_subtrees_to_der(d,dlen,out,outlen) asn1_sequence_to_der(d,dlen,out,outlen) -#define x509_general_subtrees_from_der(d,dlen,in,inlen) asn1_sequence_from_der(d,dlen,in,inlen) - -/* -NameConstraints ::= SEQUENCE { - permittedSubtrees [0] GeneralSubtrees OPTIONAL, - excludedSubtrees [1] GeneralSubtrees OPTIONAL } -*/ -int x509_name_constraints_to_der( - const uint8_t *permitted_subtrees, size_t permitted_subtrees_len, - const uint8_t *excluded_subtrees, size_t excluded_subtrees_len, - uint8_t **out, size_t *outlen); -int x509_name_constraints_from_der( - const uint8_t **permitted_subtrees, size_t *permitted_subtrees_len, - const uint8_t **excluded_subtrees, size_t *excluded_subtrees_len, - const uint8_t **in, size_t *inlen); -int x509_name_constraints_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -PolicyConstraints ::= SEQUENCE { - requireExplicitPolicy [0] IMPLICIT SkipCerts OPTIONAL, - inhibitPolicyMapping [1] IMPLICIT SkipCerts OPTIONAL -} - -SkipCerts ::= INTEGER (0..MAX) -*/ -int x509_policy_constraints_to_der(int require_explicit_policy, int inhibit_policy_mapping, uint8_t **out, size_t *outlen); -int x509_policy_constraints_from_der(int *require_explicit_policy, int *inhibit_policy_mapping, const uint8_t **in, size_t *inlen); -int x509_policy_constraints_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - -KeyPurposeId: - OID_any_extended_key_usage - id-kp - OID_kp_server_auth - OID_kp_client_auth - OID_kp_code_signing - OID_kp_email_protection - OID_kp_time_stamping - OID_kp_ocsp_signing -*/ -#define X509_MAX_KEY_PURPOSES 7 -const char *x509_key_purpose_name(int oid); -const char *x509_key_purpose_text(int oid); -int x509_key_purpose_from_name(const char *name); -int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen); -int x509_key_purpose_to_der(int oid, uint8_t **out, size_t *outlen); - -int x509_ext_key_usage_to_der(const int *oids, size_t oids_cnt, uint8_t **out, size_t *outlen); -int x509_ext_key_usage_from_der(int *oids, size_t *oids_cnt, size_t max_cnt, const uint8_t **in, size_t *inlen); -int x509_ext_key_usage_check(const int *oids, size_t oids_cnt, int cert_type); -int x509_ext_key_usage_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -ReasonFlags ::= BIT STRING { - unused (0), - keyCompromise (1), - cACompromise (2), - affiliationChanged (3), - superseded (4), - cessationOfOperation (5), - certificateHold (6), - privilegeWithdrawn (7), - aACompromise (8) } -*/ -#define X509_RF_UNUSED (1 << 0) -#define X509_RF_KEY_COMPROMISE (1 << 1) -#define X509_RF_CA_COMPROMISE (1 << 2) -#define X509_RF_AFFILIATION_CHANGED (1 << 3) -#define X509_RF_SUPERSEDED (1 << 4) -#define X509_RF_CESSATION_OF_OPERATION (1 << 5) -#define X509_RF_CERTIFICATE_HOLD (1 << 6) -#define X509_RF_PRIVILEGE_WITHDRAWN (1 << 7) -#define X509_RF_AA_COMPROMISE (1 << 8) - -const char *x509_revoke_reason_flag_name(int flag); -int x509_revoke_reason_flag_from_name(int *flag, const char *name); -#define x509_revoke_reason_flags_to_der(bits,out,outlen) asn1_bits_to_der(bits,out,outlen) -#define x509_revoke_reason_flags_from_der(bits,in,inlen) asn1_bits_from_der(bits,in,inlen) -int x509_revoke_reason_flags_print(FILE *fp, int fmt, int ind, const char *label, int bits); - -/* -DistributionPointName ::= CHOICE { - fullName [0] IMPLICIT GeneralNames, -- SEQUENCE OF - nameRelativeToCRLIssuer [1] IMPLICIT RelativeDistinguishedName } -- SET OF -*/ -enum { - X509_full_name = 0, - X509_name_relative_to_crl_issuer = 1, -}; - -int x509_uri_as_distribution_point_name_to_der(const char *uri, size_t urilen, uint8_t **out, size_t *outlen); -int x509_distribution_point_name_from_der(int *choice, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); -int x509_uri_as_distribution_point_name_from_der(const char **uri, size_t *urilen, const uint8_t **in, size_t *inlen); -int x509_distribution_point_name_print(FILE *fp, int fmt, int ind, const char *label,const uint8_t *a, size_t alen); - -int x509_uri_as_explicit_distribution_point_name_to_der(int index, const char *uri, size_t urilen, uint8_t **out, size_t *outlen); -int x509_uri_as_explicit_distribution_point_name_from_der(int index, const char **uri, size_t *urilen, const uint8_t **in, size_t *inlen); - -/* -DistributionPoint ::= SEQUENCE { - distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, - reasons [1] IMPLICIT ReasonFlags OPTIONAL, - cRLIssuer [2] IMPLICIT GeneralNames OPTIONAL } -*/ -int x509_uri_as_distribution_point_to_der(const char *uri, size_t urilen, - int reasons, const uint8_t *crl_issuer, size_t crl_issuer_len, - uint8_t **out, size_t *outlen); -int x509_uri_as_distribution_point_from_der(const char **uri, size_t *urilen, - int *reasons, const uint8_t **crl_issuer, size_t *crl_issuer_len, - const uint8_t **in, size_t *inlen); -int x509_distribution_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -DistributionPoints ::= SEQUENCE OF DistributionPoint -*/ -int x509_uri_as_distribution_points_to_der(const char *uri, size_t urilen, - int reasons, const uint8_t *crl_issuer, size_t crl_issuer_len, - uint8_t **out, size_t *outlen); -int x509_uri_as_distribution_points_from_der(const char **uri, size_t *urilen, - int *reasons, const uint8_t **crl_issuer, size_t *crl_issuer_len, - const uint8_t **in, size_t *inlen); -int x509_distribution_points_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -/* -CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint -*/ -#define x509_crl_distribution_points_to_der(d,dlen,out,outlen) x509_distribution_points_to_der(d,dlen,out,outlen) -#define x509_crl_distribution_points_from_der(d,dlen,in,inlen) x509_distribution_points_from_der(d,dlen,in,inlen) -#define x509_crl_distribution_points_print(fp,fmt,ind,label,d,dlen) x509_distribution_points_print(fp,fmt,ind,label,d,dlen) - - -/* -InhibitAnyPolicy ::= SkipCerts -SkipCerts ::= INTEGER (0..MAX) -*/ -#define x509_inhibit_any_policy_to_der(val,out,outlen) asn1_int_to_der(val,out,outlen) -#define x509_inhibit_any_policy_from_der(val,in,inlen) asn1_int_from_der(val,in,inlen) - -/* -FreshestCRL ::= CRLDistributionPoints - */ -#define x509_freshest_crl_to_der(d,dlen,out,outlen) x509_crl_distribution_points_to_der(d,dlen,out,outlen) -#define x509_freshest_crl_from_der(d,dlen,in,inlen) x509_crl_distribution_points_from_der(d,dlen,in,inlen) -#define x509_freshest_crl_print(fp,fmt,ind,label,d,dlen) x509_crl_distribution_points_print(fp,fmt,ind,label,d,dlen) - -/* -Netscape-Defined Certificate Extensions -https://docs.oracle.com/cd/E19957-01/816-5533-10/ext.htm#1023061 - -NetscapeCertType ::= BIT STRING - - bit 0: SSL Client certificate - bit 1: SSL Server certificate - bit 2: S/MIME certificate - bit 3: Object-signing certificate - bit 4: Reserved for future use - bit 5: SSL CA certificate - bit 6: S/MIME CA certificate - bit 7: Object-signing CA certificate - -NetscapeCertComment ::= IA5String -*/ -int x509_netscape_cert_type_print(FILE *fp, int fmt, int ind, const char *label, int bits); - -int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type, - int *path_len_constraints); - -/* -AuthorityInfoAccessSyntax ::= SEQUENCE OF AccessDescription - -AccessDescription ::= SEQUENCE { - accessMethod OBJECT IDENTIFIER, - accessLocation GeneralName } - -accessMethods: - OID_ad_ca_issuers - OID_ad_ocsp -*/ -const char *x509_access_method_name(int oid); -int x509_access_method_from_name(const char *name); -int x509_access_method_to_der(int oid, uint8_t **out, size_t *outlen); -int x509_access_method_from_der(int *oid, const uint8_t **in, size_t *inlen); - -int x509_access_description_to_der(int oid, const char *uri, size_t urilen, uint8_t **out, size_t *outlen); -int x509_access_description_from_der(int *oid, const char **uri, size_t *urilen, const uint8_t **in, size_t *inlen); -int x509_access_description_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -int x509_authority_info_access_to_der( - const char *ca_issuers_uri, size_t ca_issuers_urilen, - const char *ocsp_uri, size_t ocsp_urilen, - uint8_t **out, size_t *outlen); -int x509_authority_info_access_from_der( - const char **ca_issuers_uri, size_t *ca_issuers_urilen, - const char **ocsp_uri, size_t *ocsp_urilen, - const uint8_t **in, size_t *inlen); -int x509_authority_info_access_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/include/gmssl/x509_req.h b/include/gmssl/x509_req.h deleted file mode 100644 index 43536ae..0000000 --- a/include/gmssl/x509_req.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_X509_REQ_H -#define GMSSL_X509_REQ_H - - -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* -from RFC 2986 - -CertificationRequestInfo ::= SEQUENCE { - version INTEGER { v1(0) }, - subject Name, - subjectPKInfo SubjectPublicKeyInfo, - attributes [0] IMPLICIT SET OF Attribute } -*/ -int x509_request_info_to_der(int version, const uint8_t *subject, size_t subject_len, - const SM2_KEY *subject_public_key, const uint8_t *attrs, size_t attrs_len, - uint8_t **out, size_t *outlen); -int x509_request_info_from_der(int *version, const uint8_t **subject, size_t *subject_len, - SM2_KEY *subject_public_key, const uint8_t **attrs, size_t *attrs_len, - const uint8_t **in, size_t *inlen); -int x509_request_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); - -/* -CertificationRequest ::= SEQUENCE { - certificationRequestInfo CertificationRequestInfo, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } -*/ -int x509_req_sign_to_der( - int version, - const uint8_t *subject, size_t subject_len, - const SM2_KEY *subject_public_key, - const uint8_t *attrs, size_t attrs_len, - int signature_algor, - const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len, - uint8_t **out, size_t *outlen); -int x509_req_verify(const uint8_t *req, size_t reqlen, - const char *signer_id, size_t signer_id_len); -int x509_req_get_details(const uint8_t *req, size_t reqlen, - int *verison, - const uint8_t **subject, size_t *subject_len, - SM2_KEY *subject_public_key, - const uint8_t **attributes, size_t *attributes_len, - int *signature_algor, - const uint8_t **signature, size_t *signature_len); -int x509_req_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); -int x509_req_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); -int x509_req_to_pem(const uint8_t *req, size_t reqlen, FILE *fp); -int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp); -int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen); - -int x509_req_new_from_pem(uint8_t **req, size_t *reqlen, FILE *fp); -int x509_req_new_from_file(uint8_t **req, size_t *reqlen, const char *file); - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/gmssl/zuc.h b/include/gmssl/zuc.h deleted file mode 100644 index 20db893..0000000 --- a/include/gmssl/zuc.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the License); you may - * not use this file except in compliance with the License. - * - * http://www.apache.org/licenses/LICENSE-2.0 - */ - - -#ifndef GMSSL_ZUC_H -#define GMSSL_ZUC_H - - -#include -#include - - -#ifdef __cplusplus -extern "C" { -#endif - - -/* -ZUC Public API - - ZUC_KEY_SIZE - ZUC_IV_SIZE - ZUC_MAC_SIZE - - ZUC_CTX - zuc_encrypt_init - zuc_encrypt_update - zuc_encrypt_finish - zuc_decrypt_init - zuc_decrypt_update - zuc_decrypt_finish - - ZUC_MAC_CTX - zuc_mac_init - zuc_mac_update - zuc_mac_finish - - zuc_eea_encrypt - zuc_eia_generate_mac -*/ - - -# define ZUC_KEY_SIZE 16 -# define ZUC_IV_SIZE 16 -# define ZUC_MAC_SIZE 4 - -typedef uint32_t ZUC_BIT; -typedef uint32_t ZUC_UINT5; -typedef uint8_t ZUC_UINT6; -typedef uint32_t ZUC_UINT15; -typedef uint32_t ZUC_UINT31; -typedef uint32_t ZUC_UINT32; - -typedef struct { - ZUC_UINT31 LFSR[16]; - ZUC_UINT32 R1; - ZUC_UINT32 R2; -} ZUC_STATE; - -void zuc_init(ZUC_STATE *state, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]); -void zuc_generate_keystream(ZUC_STATE *state, size_t nwords, ZUC_UINT32 *words); -ZUC_UINT32 zuc_generate_keyword(ZUC_STATE *state); -void zuc_encrypt(ZUC_STATE *state, const uint8_t *in, size_t inlen, uint8_t *out); - -typedef struct ZUC_MAC_CTX_st { - ZUC_UINT31 LFSR[16]; - ZUC_UINT32 R1; - ZUC_UINT32 R2; - ZUC_UINT32 T; - ZUC_UINT32 K0; - uint8_t buf[4]; - size_t buflen; -} ZUC_MAC_CTX; - -void zuc_mac_init(ZUC_MAC_CTX *ctx, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]); -void zuc_mac_update(ZUC_MAC_CTX *ctx, const uint8_t *data, size_t len); -void zuc_mac_finish(ZUC_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]); - -#define ZUC_EEA_ENCRYPT_NWORDS(nbits) ((nbits + 31)/32) -#define ZUC_EEA_ENCRYPT_NBYTES(nbits) (ZUC_EEA_ENCRYPT_NWORDS(nbits)*4) -void zuc_eea_encrypt(const ZUC_UINT32 *in, ZUC_UINT32 *out, size_t nbits, - const uint8_t key[ZUC_KEY_SIZE], ZUC_UINT32 count, ZUC_UINT5 bearer, - ZUC_BIT direction); -ZUC_UINT32 zuc_eia_generate_mac(const ZUC_UINT32 *data, size_t nbits, - const uint8_t key[ZUC_KEY_SIZE], ZUC_UINT32 count, ZUC_UINT5 bearer, - ZUC_BIT direction); - - -# define ZUC256_KEY_SIZE 32 -# define ZUC256_IV_SIZE 23 -# define ZUC256_MAC32_SIZE 4 -# define ZUC256_MAC64_SIZE 8 -# define ZUC256_MAC128_SIZE 16 -# define ZUC256_MIN_MAC_SIZE ZUC256_MAC32_SIZE -# define ZUC256_MAX_MAC_SIZE ZUC256_MAC128_SIZE - -typedef ZUC_STATE ZUC256_STATE; - -void zuc256_init(ZUC256_STATE *state, const uint8_t key[ZUC256_KEY_SIZE], const uint8_t iv[ZUC256_IV_SIZE]); -#define zuc256_generate_keystream(state,nwords,words) zuc_generate_keystream(state,nwords,words) -#define zuc256_generate_keyword(state) zuc_generate_keyword(state) - - -typedef struct ZUC256_MAC_CTX_st { - ZUC_UINT31 LFSR[16]; - ZUC_UINT32 R1; - ZUC_UINT32 R2; - ZUC_UINT32 T[4]; - ZUC_UINT32 K0[4]; - uint8_t buf[4]; - size_t buflen; - int macbits; -} ZUC256_MAC_CTX; - -void zuc256_mac_init(ZUC256_MAC_CTX *ctx, const uint8_t key[ZUC256_KEY_SIZE], - const uint8_t iv[ZUC256_IV_SIZE], int macbits); -void zuc256_mac_update(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t len); -void zuc256_mac_finish(ZUC256_MAC_CTX *ctx, const uint8_t *data, size_t nbits, uint8_t mac[ZUC_MAC_SIZE]); - - -// Public API - -typedef struct { - ZUC_STATE zuc_state; - uint8_t block[4]; - size_t block_nbytes; -} ZUC_CTX; - -int zuc_encrypt_init(ZUC_CTX *ctx, const uint8_t key[ZUC_KEY_SIZE], const uint8_t iv[ZUC_IV_SIZE]); -int zuc_encrypt_update(ZUC_CTX *ctx, const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen); -int zuc_encrypt_finish(ZUC_CTX *ctx, uint8_t *out, size_t *outlen); - -#define zuc_decrypt_init(ctx,key,iv) zuc_encrypt_init(ctx,key,iv) -#define zuc_decrypt_update(ctx,in,inlen,out,outlen) zuc_encrypt_update(ctx,in,inlen,out,outlen) -#define zuc_decrypt_finish(ctx,out,outlen) zuc_encrypt_finish(ctx,out,outlen) - - -#ifdef __cplusplus -} -#endif -#endif diff --git a/install_gmssl.sh b/install_gmssl.sh new file mode 100644 index 0000000..d77cae8 --- /dev/null +++ b/install_gmssl.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +mkdir lib +mkdir include + +cp gmssl/include include + +mkdir gmssl/build +cd gmssl/build +cmake .. +make +cp bin/lib* ../../lib diff --git a/lib/linux/amd64/libgmssl.so b/lib/linux/amd64/libgmssl.so deleted file mode 100755 index 77d83a0..0000000 Binary files a/lib/linux/amd64/libgmssl.so and /dev/null differ diff --git a/lib/linux/amd64/libgmssl.so.3 b/lib/linux/amd64/libgmssl.so.3 deleted file mode 100755 index 77d83a0..0000000 Binary files a/lib/linux/amd64/libgmssl.so.3 and /dev/null differ diff --git a/lib/linux/amd64/libgmssl.so.3.1 b/lib/linux/amd64/libgmssl.so.3.1 deleted file mode 100755 index 77d83a0..0000000 Binary files a/lib/linux/amd64/libgmssl.so.3.1 and /dev/null differ diff --git a/lib/linux/amd64/libsdf_dummy.so b/lib/linux/amd64/libsdf_dummy.so deleted file mode 100755 index 3bc7df3..0000000 Binary files a/lib/linux/amd64/libsdf_dummy.so and /dev/null differ diff --git a/lib/linux/amd64/libsdf_dummy.so.3 b/lib/linux/amd64/libsdf_dummy.so.3 deleted file mode 100755 index 3bc7df3..0000000 Binary files a/lib/linux/amd64/libsdf_dummy.so.3 and /dev/null differ diff --git a/lib/linux/amd64/libsdf_dummy.so.3.1 b/lib/linux/amd64/libsdf_dummy.so.3.1 deleted file mode 100755 index 3bc7df3..0000000 Binary files a/lib/linux/amd64/libsdf_dummy.so.3.1 and /dev/null differ diff --git a/lib/linux/amd64/libskf_dummy.so b/lib/linux/amd64/libskf_dummy.so deleted file mode 100755 index 9157a79..0000000 Binary files a/lib/linux/amd64/libskf_dummy.so and /dev/null differ diff --git a/lib/linux/amd64/libskf_dummy.so.3 b/lib/linux/amd64/libskf_dummy.so.3 deleted file mode 100755 index 9157a79..0000000 Binary files a/lib/linux/amd64/libskf_dummy.so.3 and /dev/null differ diff --git a/lib/linux/amd64/libskf_dummy.so.3.1 b/lib/linux/amd64/libskf_dummy.so.3.1 deleted file mode 100755 index 9157a79..0000000 Binary files a/lib/linux/amd64/libskf_dummy.so.3.1 and /dev/null differ diff --git a/lib/linux/arm64/libgmssl.so b/lib/linux/arm64/libgmssl.so deleted file mode 100755 index 64eddf8..0000000 Binary files a/lib/linux/arm64/libgmssl.so and /dev/null differ diff --git a/lib/linux/arm64/libgmssl.so.3 b/lib/linux/arm64/libgmssl.so.3 deleted file mode 100755 index 64eddf8..0000000 Binary files a/lib/linux/arm64/libgmssl.so.3 and /dev/null differ diff --git a/lib/linux/arm64/libgmssl.so.3.1 b/lib/linux/arm64/libgmssl.so.3.1 deleted file mode 100755 index 64eddf8..0000000 Binary files a/lib/linux/arm64/libgmssl.so.3.1 and /dev/null differ diff --git a/lib/linux/arm64/libsdf_dummy.so b/lib/linux/arm64/libsdf_dummy.so deleted file mode 100755 index 1d88467..0000000 Binary files a/lib/linux/arm64/libsdf_dummy.so and /dev/null differ diff --git a/lib/linux/arm64/libsdf_dummy.so.3 b/lib/linux/arm64/libsdf_dummy.so.3 deleted file mode 100755 index 1d88467..0000000 Binary files a/lib/linux/arm64/libsdf_dummy.so.3 and /dev/null differ diff --git a/lib/linux/arm64/libsdf_dummy.so.3.1 b/lib/linux/arm64/libsdf_dummy.so.3.1 deleted file mode 100755 index 1d88467..0000000 Binary files a/lib/linux/arm64/libsdf_dummy.so.3.1 and /dev/null differ diff --git a/lib/linux/arm64/libskf_dummy.so b/lib/linux/arm64/libskf_dummy.so deleted file mode 100755 index 40b1e0e..0000000 Binary files a/lib/linux/arm64/libskf_dummy.so and /dev/null differ diff --git a/lib/linux/arm64/libskf_dummy.so.3 b/lib/linux/arm64/libskf_dummy.so.3 deleted file mode 100755 index 40b1e0e..0000000 Binary files a/lib/linux/arm64/libskf_dummy.so.3 and /dev/null differ diff --git a/lib/linux/arm64/libskf_dummy.so.3.1 b/lib/linux/arm64/libskf_dummy.so.3.1 deleted file mode 100755 index 40b1e0e..0000000 Binary files a/lib/linux/arm64/libskf_dummy.so.3.1 and /dev/null differ