init

.cargo/config.toml

@@ -0,0 +1,2 @@
+[build]
+# target = "x86_64-unknown-linux-musl"

.gitignore

@@ -0,0 +1,63 @@
+# File created using '.gitignore Generator' for Visual Studio Code: https://bit.ly/vscode-gig
+# Created by https://www.toptal.com/developers/gitignore/api/visualstudiocode,linux,rust,rust-analyzer
+# Edit at https://www.toptal.com/developers/gitignore?templates=visualstudiocode,linux,rust,rust-analyzer
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### Rust ###
+# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+# MSVC Windows builds of rustc generate these, which store debugging information
+*.pdb
+
+### rust-analyzer ###
+# Can be generated by other build systems other than cargo (ex: bazelbuild/rust_rules) 
+rust-project.json
+
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+.github
+# End of https://www.toptal.com/developers/gitignore/api/visualstudiocode,linux,rust,rust-analyzer
+
+# Custom rules (everything added below won't be overriden by 'Generate .gitignore File' if you use 'Update' option)
+

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "files.associations": {
+        "pkcs8.h": "c"
+    }
+}

Cargo.toml

@@ -0,0 +1,13 @@
+[package]
+name = "sd-proxy"
+version = "0.1.0"
+edition = "2021"
+build = "build.rs"
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+
+
+[build-dependencies]
+cc = "1"
+cmake = "0.1"

GmSSL-3.1.0/.gitignore

@@ -0,0 +1,43 @@
+
+# generated file
+/build*
+/demos/*.pem
+/demos/.private
+/demos/scripts/*.pem
+/demos/scripts/*.der
+/demos/scripts/*.txt
+/demos/scripts/*.bin
+/demos/scripts/*.sig
+
+# Object files
+*.o
+*.obj
+
+# All kinds of executables
+*.so
+*.so.*
+*.dylib
+*.dylib.*
+*.dll
+*.dll.*
+*.exe
+*.pyc
+*.exp
+*.lib
+*.pdb
+*.ilk
+*.def
+*.rc
+*.res
+
+# macOS
+.DS_Store
+*.tar.gz
+
+# editor artefacts
+.vscode/*
+*.swp
+.#*
+\#*#
+*~
+

GmSSL-3.1.0/CMakeLists.txt

@@ -0,0 +1,366 @@
+cmake_minimum_required(VERSION 3.6)
+project(GmSSL)
+
+SET(CMAKE_PROJECT_HOMEPAGE_URL "http://gmssl.org")
+
+set(LIBRARY_OUTPUT_PATH ${PROJECT_BINARY_DIR}/bin)
+set(EXECUTABLE_OUTPUT_PATH ${PROJECT_BINARY_DIR}/bin)
+SET(CMAKE_MODULE_PATH "${CMAKE_MODULE_PATH};${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+
+include_directories(include)
+
+set(src
+	src/version.c
+	src/debug.c
+	src/sm4_common.c
+	src/sm4_enc.c
+	src/sm4_modes.c
+	src/sm4_setkey.c
+	src/sm3.c
+	src/sm3_hmac.c
+	src/sm3_kdf.c
+	src/sm2_alg.c
+	src/sm2_key.c
+	src/sm2_lib.c
+	src/sm9_alg.c
+	src/sm9_key.c
+	src/sm9_lib.c
+	src/zuc.c
+	src/zuc_modes.c
+	src/aes.c
+	src/aes_modes.c
+	src/sha256.c
+	src/sha512.c
+	src/chacha20.c
+	src/hash_drbg.c
+	src/block_cipher.c
+	src/digest.c
+	src/hmac.c
+	src/hkdf.c
+	src/pbkdf2.c
+	src/gf128.c
+	src/gcm.c
+	src/aead.c
+	src/pkcs8.c
+	src/ec.c
+	src/rsa.c
+	src/asn1.c
+	src/hex.c
+	src/base64.c
+	src/pem.c
+	src/x509_alg.c
+	src/x509_cer.c
+	src/x509_ext.c
+	src/x509_req.c
+	src/x509_crl.c
+	src/x509_new.c
+	src/cms.c
+	src/sdf/sdf.c
+	src/sdf/sdf_lib.c
+	src/sdf/sdf_meth.c
+	src/sdf/sdf_ext.c
+	src/sdf/sdf_sansec.c
+	src/skf/skf.c
+	src/skf/skf_lib.c
+	src/skf/skf_meth.c
+	src/skf/skf_ext.c
+	src/skf/skf_prn.c
+	src/skf/skf_wisec.c
+	src/socket.c
+	src/tls.c
+	src/tls_ext.c
+	src/tls_trace.c
+	src/tlcp.c
+	src/tls12.c
+	src/tls13.c
+	src/file.c
+)
+
+set(tools
+	tools/gmssl.c
+	tools/version.c
+	tools/sm4.c
+	tools/sm3.c
+	tools/sm3hmac.c
+	tools/sm2keygen.c
+	tools/sm2sign.c
+	tools/sm2verify.c
+	tools/sm2encrypt.c
+	tools/sm2decrypt.c
+	tools/sm9setup.c
+	tools/sm9keygen.c
+	tools/sm9sign.c
+	tools/sm9verify.c
+	tools/sm9encrypt.c
+	tools/sm9decrypt.c
+	tools/zuc.c
+	tools/rand.c
+	tools/pbkdf2.c
+	tools/certgen.c
+	tools/certparse.c
+	tools/certverify.c
+	tools/certrevoke.c
+	tools/reqgen.c
+	tools/reqparse.c
+	tools/reqsign.c
+	tools/crlgen.c
+	tools/crlget.c
+	tools/crlparse.c
+	tools/crlverify.c
+	tools/cmssign.c
+	tools/cmsverify.c
+	tools/cmsencrypt.c
+	tools/cmsdecrypt.c
+	tools/cmsparse.c
+	tools/sdfutil.c
+	tools/skfutil.c
+	tools/tlcp_client.c
+	tools/tlcp_server.c
+	tools/tls12_client.c
+	tools/tls12_server.c
+	tools/tls13_client.c
+	tools/tls13_server.c
+)
+
+set(tests
+	sm4
+	sm3
+	sm2
+	sm9
+	zuc
+	aes
+	sha224
+	sha256
+	sha384
+	sha512
+	chacha20
+	hash_drbg
+	block_cipher
+	digest
+	hmac
+	hkdf
+	pbkdf2
+	gf128
+	gcm
+	aead
+	pkcs8
+	ec
+	asn1
+	hex
+	base64
+	pem
+	x509
+	x509_oid
+	x509_alg
+	x509_str
+	x509_ext
+	x509_req
+	x509_crl
+	cms
+	tls
+	tls13
+)
+
+set(demos
+	demo_sm2_encrypt
+	demo_sm2_keygen
+	demo_sm2_keyparse
+	demo_sm2_private_key
+	demo_sm2_private_key_parse
+	demo_sm2_public_key
+	demo_sm2_sign
+	demo_sm2_sign_ctx
+	demo_sm3
+	demo_sm3_hmac
+	demo_sm3_kdf
+	demo_sm4
+	demo_sm4_cbc
+	demo_sm4_cbc_decrypt_update
+	demo_sm4_cbc_encrypt_update
+	demo_sm4_cbc_padding
+	demo_sm4_ctr
+	demo_sm4_ctr_encrypt_update
+	demo_sm4_gcm
+	demo_sm9_encrypt
+	demo_sm9_keygen
+	demo_sm9_sign
+#	demo_tlcp_get
+#	demo_tlcp_post
+#	demo_wget
+	demo_zuc
+)
+
+# when an option has been enabled, `cmake ..` will not refresh the value
+# use `cmake .. -DENABLE_XXX=OFF` to disable the option
+
+option(ENABLE_SM2_ALGOR_ID_ENCODE_NULL "Enable AlgorithmIdenifier with algorithm sm2sign_with_sm3 encode a NULL object as parameters" OFF)
+if (ENABLE_SM2_ALGOR_ID_ENCODE_NULL)
+	message(STATUS "ENABLE_SM2_ALGOR_ID_ENCODE_NULL")
+	add_definitions(-DSM2_ALGOR_ID_ENCODE_NULL)
+endif()
+
+
+option(ENABLE_SM2_PRIVATE_KEY_EXPORT "Enable export un-encrypted SM2 private key" OFF)
+if (ENABLE_SM2_PRIVATE_KEY_EXPORT)
+	message(STATUS "ENABLE_SM2_PRIVATE_KEY_EXPORT")
+	add_definitions(-DSM2_PRIVATE_KEY_EXPORT)
+	list(APPEND demos demo_sm2_key_export)
+endif()
+
+
+option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" OFF)
+if (ENABLE_TLS_DEBUG)
+	message(STATUS "ENABLE_TLS_DEBUG")
+	add_definitions(-DTLS_DEBUG)
+endif()
+
+option(ENABLE_SM3_AVX_BMI2 "Enable SM3 AVX+BMI2 assembly implementation" OFF)
+if (ENABLE_SM3_AVX_BMI2)
+	message(STATUS "ENABLE_SM3_AVX_BMI2")
+	add_definitions(-DSM3_AVX_BMI2)
+	enable_language(ASM)
+	list(APPEND src src/sm3_avx_bmi2.s)
+endif()
+
+
+option(ENABLE_SM4_AESNI_AVX "Enable SM4 AESNI+AVX assembly implementation" OFF)
+if (ENABLE_SM4_AESNI_AVX)
+	message(STATUS "ENABLE_SM4_AESNI_AVX")
+	add_definitions(-DSM4_AESNI_AVX)
+	list(APPEND src src/sm4_aesni_avx.c)
+	list(APPEND tests sm4_aesni_avx)
+	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=native")
+endif()
+
+
+option(ENABLE_SM2_EXTS "Enable SM2 Extensions" OFF)
+if (ENABLE_SM2_EXTS)
+	message(STATUS "ENABLE_SM4_AESNI_AVX")
+	list(APPEND src
+		src/sm2_key_share.c
+		src/sm2_recover.c
+		src/sm2_blind.c
+		src/sm2_ring.c
+		src/sm2_elgamal.c
+		src/sm2_commit.c)
+	list(APPEND tests sm2_key_share sm2_blind sm2_ring sm2_elgamal sm2_commit)
+endif()
+
+
+option(ENABLE_BROKEN_CRYPTO "Enable broken crypto algorithms" OFF)
+if (ENABLE_BROKEN_CRYPTO)
+	message(STATUS "ENABLE_BROKEN_CRYPTO")
+	list(APPEND src src/des.c src/sha1.c src/md5.c src/rc4.c)
+	list(APPEND tests des sha1 md5 rc4)
+endif()
+
+
+option(ENABLE_RDRND "Enable Intel RDRND instructions" OFF)
+if (${CMAKE_SYSTEM_PROCESSOR} MATCHES x86_64)
+	set(ENABLE_RDRND ON)
+endif()
+if (ENABLE_RDRND)
+	message(STATUS "ENABLE_RDRND")
+	list(APPEND src src/rdrand.c)
+	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd -mrdseed")
+endif()
+
+option(ENABLE_GMT_0105_RNG "Enable GM/T 0105 Software RNG" OFF)
+if (ENABLE_GMT_0105_RNG)
+	message(STATUS "ENABLE_GMT_0105_RNG")
+	list(APPEND src src/sm3_rng.c src/sm4_cbc_mac.c src/sm4_rng.c)
+	list(APPEND tests sm3_rng sm4_cbc_mac sm4_rng)
+endif()
+
+if (WIN32)
+	list(APPEND src src/rand_win.c src/http_win.c)
+elseif (APPLE)
+	list(APPEND src src/rand_apple.c src/http.c)
+elseif (ANDROID)
+	list(APPEND src src/rand.c src/http.c)
+else()
+	list(APPEND src src/rand_unix.c src/http.c)
+endif()
+
+option(ENABLE_HTTP_TESTS "Enable HTTP GET/POST related tests" OFF)
+if (ENABLE_HTTP_TESTS)
+	message(STATUS "ENABLE_HTTP_TESTS")
+	list(APPEND tests http http_crl)
+endif()
+
+
+option(BUILD_SHARED_LIBS "Build using shared libraries" ON)
+
+if (CMAKE_C_COMPILER_ID MATCHES "MSVC")
+	message(STATUS "CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS")
+	set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON) # set before add_library
+endif()
+
+add_library(gmssl ${src})
+
+
+if (WIN32)
+	target_link_libraries(gmssl -lws2_32)
+elseif (APPLE)
+	target_link_libraries(gmssl dl)
+	target_link_libraries(gmssl "-framework Security")
+	#target_link_libraries(gmssl "-framework CoreFoundation") # rand_apple.c CFRelease()
+elseif (MINGW)
+	target_link_libraries(gmssl PRIVATE wsock32)
+else()
+	target_link_libraries(gmssl dl)
+endif()
+
+
+SET_TARGET_PROPERTIES(gmssl PROPERTIES VERSION 3.0 SOVERSION 3)
+
+
+install(TARGETS gmssl ARCHIVE DESTINATION lib LIBRARY DESTINATION lib RUNTIME DESTINATION bin)
+install(DIRECTORY ${CMAKE_SOURCE_DIR}/include/gmssl DESTINATION include)
+
+if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "iOS")
+
+	add_library(sdf_dummy SHARED src/sdf/sdf_dummy.c)
+	set_target_properties(sdf_dummy PROPERTIES VERSION 3.0 SOVERSION 3)
+
+	add_library(skf_dummy SHARED src/skf/skf_dummy.c)
+	set_target_properties(skf_dummy PROPERTIES VERSION 3.0 SOVERSION 3)
+
+	add_executable(gmssl-bin ${tools})
+	target_link_libraries(gmssl-bin LINK_PUBLIC gmssl)
+	set_target_properties(gmssl-bin PROPERTIES RUNTIME_OUTPUT_NAME gmssl)
+	if (MINGW)
+		target_link_libraries(gmssl-bin PRIVATE Ws2_32)
+	endif()
+
+	enable_testing()
+	foreach(name ${tests})
+		add_test(NAME ${name} COMMAND ${name}test)
+		add_executable(${name}test tests/${name}test.c)
+		target_link_libraries (${name}test LINK_PUBLIC gmssl)
+	endforeach()
+
+	foreach(name ${demos})
+		add_executable(${name} demos/src/${name}.c)
+		target_link_libraries(${name} LINK_PUBLIC gmssl)
+	endforeach()
+
+	install(TARGETS gmssl-bin RUNTIME DESTINATION bin)
+endif()
+
+if (CMAKE_C_COMPILER_ID MATCHES "MSVC")
+	set_property(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT gmssl-bin)
+	set(CMAKE_INSTALL_PREFIX "C:/Program Files/GmSSL") # change by `cmake -DCMAKE_INSTALL_PREFIX=C:\path\to\install`
+	# run `set path=%path%;C:\Program Files\GmSSL\bin`
+	add_compile_definitions(_CRT_SECURE_NO_WARNINGS)
+#	target_compile_options(gmssl PRIVATE /wd4996)
+#	target_compile_options(gmssl-bin PRIVATE /wd4996)
+endif()
+
+if (UNIX)
+	# packaging
+	include(LinuxPacking)
+	include(DebPacking)
+	include(RpmPacking)
+	include(CPack)
+endif (UNIX)

GmSSL-3.1.0/INSTALL.md

@@ -0,0 +1,254 @@
+# 编译与安装
+
+[TOC]
+
+## 概述
+
+GmSSL当前版本采用CMake构建系统。由于CMake是一个跨平台的编译、安装工具，因此GmSSL可以在大多数主流操作系统上编译、安装和运行。GmSSL项目官方测试了Windows (包括Visual Stduio和Cygwin)、Linux、Mac、Android和iOS这几个主流操作系统上的编译，并通过GitHub的CI工作流对提交的最新代码进行自动化的编译测试。
+
+和其他基于CMake的开源项目类似，GmSSL的构建过程主要包含配置、编译、测试、安装这几个步骤。以Linux操作系统环境为例，在下载并解压GmSSL源代码后，进入源代码目录，执行如下命令：
+
+```bash
+mkdir build
+cd build
+cmake ..
+make
+make test
+sudo make install
+```
+
+就可以完成配置、编译、测试和安装。
+
+在执行`make`编译成功后，在`build/bin`目录下会生成项目的可执行文件和库文件。对于密码工具来说，在安装使用之前通过`make test`进行测试是重要的一步，如果测试失败，那么不应该使用这个软件。在发生某个测试错误后，可以执行`build/bin`下的具体某个测试命令行，如`sm4test`，这样可以看到具体的错误打印信息。
+
+执行`sudo make install`，安装完成后，可以命令行中调用`gmssl`命令行工具。在Linux和Mac环境下，头文件通常被安装在`/usr/local/include/gmssl`目录下，库文件被安装在`/usr/local/lib`目录下。
+
+## 项目源代码
+
+GmSSL项目的源代码在GitHub中发布和维护。
+
+项目在GitHub的主页为：https://github.com/guanzhi/GmSSL
+
+源代码包含主分支的最新代码和定期发布的Release版本，建议优先采用主分支最新版。
+
+### 通过CI判断当前代码状态
+
+有时候最新提交的代码可能存在编译错误，通常这些错误会在1-2天内被新的提交修复。如果当前最新代码还没有修复，那么可以通过GitHub的CI状态来选择没有错误的代码。
+
+通过GitHub的CI工作流状态可以判断某次提交是否存在编译错误，目前GmSSL项目中配置了如下编译环境：
+
+* CMake ubuntu-latest
+* CMake windows-latest
+* CMake macos-latest
+* CMake-Android
+* CMake-iOS
+
+通过查看这些CI的状态，可以判断当前代码是否可以在对应操作系统上成功编译。如果当前最新代码无法在某个平台上编译，那么可以选择之前某个通过测试的Commit版本。
+
+##配置编译选项
+
+在执行`cmake`阶段可以对项目的默认编译配置进行修改，修改是通过设置CMake变量来完成的，可以查看项目源代码中的`CMakeLists.txt`中所有的`option`指令来查看可选的配置。例如：
+
+```cmake
+option(BUILD_SHARED_LIBS "Build using shared libraries" OFF)
+```
+
+表明项目默认生成静态库，不生成动态库。
+
+###设置生成动态库或静态库
+
+GmSSL的CMake默认生成动态库，可以通过设定CMake变量`BUILD_SHARED_LIBS`为`ON`或者`OFF`来指定生成动态库或静态库。
+
+```
+cmake .. -DBUILD_SHARED_LIBS=ON
+```
+
+ ### 设置优化的密码算法实现
+
+GmSSL包含了针对特定硬件和处理指令集的密码算法优化实现，如针对Intel AVX2等指令集的优化，针对GPU的优化等，这些优化实现在匹配的处理器上的实现速度或安全性会大大超过默认的C语言实现。
+
+在配置阶段可以显式地指定采用优化实现，可选的CMake配置变量包括：
+
+* `ENABLE_SM3_AVX_BMI2`  SM3算法的AVX + BMI2指令集实现。
+* `ENABLE_SM3_X8_AVX2` SM3算法的AVX2指令集并行实现。
+* `ENABLE_SM3_X16_AVX512` SM3算法的AVX512指令集并行实现。
+* `ENABLE_SM4_AESNI_AVX` SM4算法的AESNI +AVX指令集实现。
+* `ENABLE_RDRND` 基于Intel RDRND指令的硬件随机数生成器。
+* `ENABLE_GF128_PCLMULQDQ` 基于Intel PCLMULQDQ指令的GCM模式实现。
+
+### 编译不安全的密码算法
+
+处于教学目的，GmSSL源代码中包含了一组不安全的密码算法，这些算法默认情况下不被编译到二进制文件中，可以通过设置`ENABLE_BROKEN_CRYPTO`，在配置阶段启用这些算法，在当前`build`目录中执行：
+
+```bash
+cmake .. -DENABLE_BROKEN_CRYPTO=ON
+make
+```
+
+重新编译后，加入GmSSL库文件的算法包括：
+
+* DES分组密码
+* SHA1哈希函数
+* MD5哈希函数
+* RC4序列密码
+
+## 在Visual Studio环境中编译
+
+CMake支持通过指定不同的构建系统生成器（Generator），生成不同类型的Makefile。在Windows和Visual Studio环境下，CMake即可以生成常规的Visual Studio解决方案(.sln)文件，在Visual Studio图形界面中完成编译，也可以生成类似于Linux环境下的Makefile文件，在命令行环境下完成编译和测试。
+
+### 生成Makefile编译
+
+在安装完Visual Studio之后，在启动菜单栏中会出现Visual Studio菜单目录，其中包含x64 Native Tools Command Prompt for VS 2022等多个终端命令行环境菜单项。
+
+```bash
+C:\Program Files\Microsoft Visual Studio\2022\Community>cd /path/to/gmssl
+mkdir build
+cd build
+cmake .. -G "NMake Makefiles"
+nmake
+nmake test
+```
+
+在编译完成后直接执行安装会报权限错误，这是因为安装过程需要向系统目录中写入文件，而当前打开命令行环境的用户不具备该权限。可以通过右键选择“更多-以管理员身份运行”打开x64 Native Tools Command Prompt for VS 2022终端，执行
+
+```
+nmake install
+```
+
+那么`gmssl`命令行程序、头文件和库文件分别被写入`C:/Program Files/GmSSL/bin`、`C:/Program Files/GmSSL/include`、`C:/Program Files/GmSSL/lib`这几个系统目录中。为了能够直接在命令行环境任意目录下执行`gmssl`命令行程序，需要将其安装目录加入到系统路径中，可以执行：
+
+```bash
+set path=%path%;C:\Program Files\GmSSL\bin
+```
+
+设置完毕后可以在命令行中执行`path`，查看新的路径是否已经成功加入。
+
+### 在Visual Studio图形界面中编译
+
+在安装完Visual Studio之后，在启动菜单栏中会出现Visual Studio菜单目录，其中包含x64 Native Tools Command Prompt for VS 2022等多个终端命令行环境菜单项。
+
+```bash
+C:\Program Files\Microsoft Visual Studio\2022\Community>cd /path/to/gmssl
+mkdir build
+cd build
+cmake ..
+```
+
+完成后可以看到CMake在`build`目录下生成了一个`GmSSL.sln`文件和大量的`.vcxproj`文件。
+
+点击`GmSSL.sln`就打开Visual Studio，点击Visual Studio工具栏上的"本地Windows调试器"按钮，可以启动编译。
+
+在Visual Studio界面中可以选择Debug、Release、MinSizeRel等不同配置。
+
+### 在Visual Studio中运行测试
+
+在解决方案资源管理器中找到`RUN_TESTS`项目，右键菜单选择"调试-启动新实例"，即可运行测试，并且在”输出“窗口中看到测试结果。测试完成后会出现RUN_TESTS拒绝访问的对话框。
+
+### 选择生成32位或64位程序
+
+通过在Visual Studio不同的命令行环境中编译GmSSL，可以生成32位的X86或者64位的X86_64程序，在x64 Native Tools Command Prompt for VS 2022命令行环境下，生成的是64位的程序，在x86 Native Tools Command Prompt for VS 2022命令行环境下，生成的是32位的程序。
+
+可以通过Windows操作系统内置的资源管理器来检查编译生成的可执行程序是32位还是64位，在资源管理器的CPU页面中，通过“选择列”增加“平台”列，这样就可以显示每个进程的是32位或64位。可以运行`gmssl tlcp_client`或者在某个测试文件中增加循环时间来保持命令行运行一段时间。
+
+## 在Cygwin环境中编译
+
+Cygwin是Windows上的Linux模拟运行环境。Cygwin提供了Linux Shell和大量Linux命令行工具，也提供了应用程序开发必须的编译工具、头文件和库文件。面向Linux开发的应用通常依赖`unistd.h`、`sys/socket.h`等头文件及函数，但是Visual Studio的C库并没有提供这些POSIX函数实现，因此这些Linux应用没有办法直接在Windows环境下编译。Cygwin通过封装Windows操作系统原生功能，提供了一个POSIX接口层，以及封装这些功能的动态库(`cygwin1.dll`)，并且提供了GCC、CMake等完整的Linux编译工具链，这意味着标准所有Linux环境下的标准头文件都存在，并且代码中依赖GCC编译器的特殊语法都可以被编译器识别（Visual Studio的`cl`编译器不能完整支持C99语法），因此标准的Linux应用都可以通过Cygwin移植到Windows环境，编译为Windows本地应用。Cygwin提供的Linux Shell环境意味Shell脚本也是可以使用的。
+
+在Cygwin环境下编译生成的可执行程序是原生的Windows程序，和Visual Studio编译的程序的主要区别在于，Cygwin下编译的程序都必须依赖`cygwin1.dll`这个动态库，因为应用所有的POSIX函数调用都需要通过这个动态库翻译为Windows本地的系统调用（如WinSock2），因此发布Cygwin的程序不太方便，必须要包含一个较大的`cygwin1.dll`库文件。另外如果应用涉及大量的系统调用，那么通过Cygwin中间层会引入一定的开销，理论上会比Visual Studio编译的应用效率略低。
+
+总的来说，如果你想在Windows环境下快速尝试一下GmSSL的命令行功能，并且可能需要利用Linux Shell环境下的一些常用工具做实验和测试，或者不太熟悉Visual Studio开发环境，那么采用Cygwin环境是一个非常方便的选择。
+
+### 准备Cygwin环境
+
+Cygwin的安装、配置都是通过一个单一的`setup-x86_64.exe`应用程序完成的。在Cygwin的官网 https://www.cygwin.com/ 可以下载这个应用程序。
+
+注意，在首次安装的时候可能没有选择所有需要的程序，再次运行`setup-x86_64.exe`程序可以对环境进行配置和更新。有些工具，例如CMake，官方提供了独立的Windows安装包，在Cygwin环境下没有必要独立安装这些工具，也不建议安装，所有依赖的Linux工具都应该通过Cygwin环境来配置管理。
+
+在安装、配置完成之后，可以通过运行`Cygwin64 Terminal`应用，打开一个命令行环境。
+
+### 在Cygwin环境中编译GmSSL
+
+Cygwin环境相对标准的Linux环境有一些细微的差别。首先，在Cygwin命令行环境中，文件系统是一个类似Linux文件系统结构的独立目录，如果源代码已经下载到Windows操作系统中（比如，下载到用户的Download目录），那么需要首先将源代码拷贝到Cygwin文件系统的用户目录中（例如当前用户默认目录`~`）。在Cygwin文件系统中，Windows文件系统被映射到`/cygdrive`目录中，Windows当前用户Guan Zhi的下载目录中的`GmSSL-master.zip`文件就被映射到`/cygdrive/c/Users/Guan Zhi/Downloads/GmSSL-master.zip`中。
+
+```bash
+cp "/cygdrive/c/Users/Guan Zhi/Downloads/GmSSL-master.zip" ~/
+```
+
+然后可以按照Linux环境下相似的过程编译、安装
+
+```bash
+unzip GmSSL-master.zip
+cd GmSSL-master
+mkdir build
+cd build
+cmake ..
+make
+make test
+make install
+```
+
+注意，由于在Cygwin环境中用户本身具有系统权限，因此在执行`make install`时不需要`sudo`。
+
+在安装完成之后，可以在Cygwin的命令行环境下执行`gmssl`命令行，或者运行源代码`demo`目录下的演示脚本。
+
+注意，将`gmssl`等可执行程序直接从Cygwin目录拷贝到Windows文件系统下，在执行时会提示找不到`cygwin1.dll`的错误，运行或者发布可执行程序时，应处理好对这个动态库的依赖问题。
+
+### 存在的问题
+
+似乎CMake选项`BUILD_SHARED_LIBS` 不起作用，总会同时生成静态库和动态库。
+
+Cygwin的动态库名称比较特殊，是以`cyg`开头的。
+
+## 面向iOS/iPhoneOS的交叉编译
+
+下载 https://github.com/leetal/ios-cmake ，将`ios.toolchain.cmake`文件复制到`build`目录。
+
+```bash
+mkdir build; cd build
+cmake .. -G Xcode -DCMAKE_TOOLCHAIN_FILE=../ios.toolchain.cmake -DPLATFORM=OS64
+cmake --build . --config Release
+```
+
+如果出现“error: Signing for "gmssl" requires a development team.”错误，可以用Xcode打开工程文件，在Signing配置中设置Development Team。
+
+## 面向Android的交叉编译
+
+下载Android NDK，执行
+
+```bash
+mkdir build; cd build
+cmake .. -DCMAKE_TOOLCHAIN_FILE=$NDK/build/cmake/android.toolchain.cmake  -DANDROID_ABI=arm64-v8a  -DANDROID_PLATFORM=android-23
+make
+```
+
+## 安装包构建
+
+依赖cmake工具包中的cpack工具，生成可发布的安装包。
+
+生成的安装包在`build`目录下。
+
+### 构建DEB安装包
+
+```
+mkdir build; cd build
+cmake .. -DCMAKE_BUILD_TYPE=Release
+cpack -G DEB
+```
+
+### 构建RPM安装包
+
+```
+mkdir build; cd build
+cmake .. -DCMAKE_BUILD_TYPE=Release
+cpack -G RPM
+```
+
+### 构建`.sh`安装脚本
+
+```
+mkdir build; cd build
+cmake .. -DCMAKE_BUILD_TYPE=Release
+cpack -G DEB
+make package
+```
+

GmSSL-3.1.0/LICENSE

@@ -0,0 +1,176 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS

GmSSL-3.1.0/README.md

@@ -0,0 +1,91 @@
+# GmSSL
+
+[![CMake](https://github.com/guanzhi/GmSSL/workflows/CMake/badge.svg)](https://github.com/guanzhi/GmSSL/actions/workflows/cmake.yml)
+[![CMake-Android](https://github.com/guanzhi/GmSSL/actions/workflows/android-ci.yml/badge.svg)](https://github.com/guanzhi/GmSSL/actions/workflows/android-ci.yml)
+[![CMake-iOS](https://github.com/guanzhi/GmSSL/actions/workflows/ios.yml/badge.svg)](https://github.com/guanzhi/GmSSL/actions/workflows/ios.yml)
+
+GmSSL是由由北京大学自主开发的国产商用密码开源库，实现了对国密算法、标准和安全通信协议的全面功能覆盖，支持包括移动端在内的主流操作系统和处理器，支持密码钥匙、密码卡等典型国产密码硬件，提供功能丰富的命令行工具及多种编译语言编程接口。
+
+
+## 主要特性
+
+* 超轻量：GmSSL 3 大幅度降低了内存需求和二进制代码体积，不依赖动态内存，可以用于无操作系统的低功耗嵌入式环境(MCU、SOC等)，开发者也可以更容易地将国密算法和SSL协议嵌入到现有的项目中。
+* 更合规：GmSSL 3 可以配置为仅包含国密算法和国密协议(TLCP协议)，依赖GmSSL 的密码应用更容易满足密码产品型号检测的要求，避免由于混杂非国密算法、不安全算法等导致的安全问题和合规问题。
+* 更安全：TLS 1.3在安全性和通信延迟上相对之前的TLS协议有巨大的提升，GmSSL 3 支持TLS 1.3协议和RFC 8998的国密套件。GmSSL 3 默认支持密钥的加密保护，提升了密码算法的抗侧信道攻击能力。
+* 跨平台：GmSSL 3 更容易跨平台，构建系统不再依赖Perl，默认的CMake构建系统可以容易地和Visual Studio、Android NDK等默认编译工具配合使用，开发者也可以手工编写Makefile在特殊环境中编译、剪裁。
+
+## 下载
+
+* GmSSL的主分支版本为 [GmSSL-3.1.0](https://github.com/guanzhi/GmSSL/releases/tag/v3.1.0)，主要增加跨平台特性，特别是对Windows/Visual Studio的支持，Windows、Android、iOS平台的开发者需要使用该版本。
+
+## 编译与安装
+
+GmSSL 3 采用了cmake构建系统。下载源代码后将其解压缩，进入源码目录，执行：
+
+```bash
+mkdir build
+cd build
+cmake ..
+make
+make test
+sudo make install
+```
+
+在`make install`完成后，GmSSL会在默认安装目录中安装`gmssl`命令行工具，在头文件目录中创建`gmssl`目录，并且在库目录中安装`libgmssl.a`、`libgmssl.so`等库文件。
+
+### Visual Studio环境编译
+
+在Visual Studio命令提示符下执行：
+
+```bash
+mkdir build
+cd build
+cmake .. -G "NMake Makefiles"
+nmake
+```
+
+## 主要功能
+
+### 密码算法
+
+* 分组密码：SM4 (CBC/CTR/GCM), AES (CBC/CTR/GCM)
+* 序列密码：ZUC/ZUC-256, ChaCha20, RC4
+* 哈希函数: SM3, SHA-224/256/384/512, SHA-1, MD5
+* 公钥密码：SM2加密/签名, SM9加密/签名
+* MAC算法：HMAC, GHASH
+* 密钥导出函数：PBKDF2、HKDF
+* 随机数生成器：Intel RDRAND, HASH_DRBG (NIST.SP.800-90A)
+
+### 证书和数字信封
+
+* 数字证书：X.509证书, CRL证书注销列表, CSR (PKCS #10) 证书签名请求
+* 私钥加密：基于SM4/SM3口令加密的PEM格式私钥 (PKCS #8)
+* 数字信封：SM2密码消息 (GM/T 0010-2012)
+
+### SSL协议
+
+* TLCP 1.1，支持密码套`TLS_ECC_SM4_CBC_SM3 {0xE0,0x13}` (GB/T 38636-2020、GM/T 0024-2014)
+* TLS 1.2，支持密码套件`TLS_ECDHE_SM4_CBC_SM3 {0xE0,0x11}` (GB/T 38636-2020、GM/T 0024-2014)
+* TLS 1.3，支持密码套件`TLS_SM4_GCM_SM3 {0x00,0xC6}`  (RFC 8998)
+
+## 典型应用
+
+#### Nginx-with-GmSSL3.0
+
+GmSSL支持Nginx的适配，并提供了Docker实现，具体参见[Nginx-with-GmSSL3.0](https://github.com/zhaoxiaomeng/Nginx-with-GmSSLv3) 项目。
+
+## Roadmap
+
+- [X] Add Windows Visual Studio support
+- [X] Add Windows Cygwin support
+- [X] Add iOS support
+- [X] Add Android support
+- [x] **Version 3.1.0 release**
+- [ ] Add GCC specific optimization
+- [ ] Add X86_64 assembly implementation
+- [ ] Add GPU implementation
+- [ ] Add performance benchmark tool
+- [ ] Add GCM cipher suites
+- [ ] Release official open interfaces
+- [ ] **Version 3.2.0 release**
+

GmSSL-3.1.0/cmake/DebPacking.cmake

@@ -0,0 +1,3 @@
+set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT)
+set(CPACK_DEBIAN_PACKAGE_RELEASE ${CPACK_NOARCH_PACKAGE_RELEASE})
+set(CPACK_DEBIAN_PACKAGE_MAINTAINER ${CPACK_PACKAGE_VENDOR})

GmSSL-3.1.0/cmake/LinuxPacking.cmake

@@ -0,0 +1,17 @@
+set(CPACK_PACKAGE_NAME "gmssl")
+set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
+set(CPACK_PACKAGE_VERSION_MAJOR 3)
+set(CPACK_PACKAGE_VERSION_MINOR 0)
+set(CPACK_PACKAGE_VERSION_PATCH 0)
+set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
+string(CONCAT CPACK_PACKAGE_DESCRIPTION_SUMMARY 
+    "GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 "
+    "and other national secret (national commercial password) algorithm. ")
+set(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE")
+set(CPACK_PACKAGE_INSTALL_DIRECTORY /usr)
+set(CPACK_PACKAGE_CONTACT "https://github.com/guanzhi/GmSSL/issues")
+# The general number of package itself. 
+# Should be incremented when the package content changes for the same version.
+# Can be used to distinguish between different builds of the same version.
+# Can be overridden by `cmake -DCPACK_NOARCH_PACKAGE_RELEASE=1`
+set(CPACK_NOARCH_PACKAGE_RELEASE 1 CACHE STRING "The general release number of package")

GmSSL-3.1.0/cmake/RpmPacking.cmake

@@ -0,0 +1,2 @@
+set(CPACK_RPM_FILE_NAME RPM-DEFAULT)
+set(CPACK_RPM_PACKAGE_RELEASE ${CPACK_NOARCH_PACKAGE_RELEASE})

GmSSL-3.1.0/demos/certs/ca/Ant Financial Certification Authority S1.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAnKgAwIBAgIQZMsSZdRKbxEiVT+tvsQxfzAMBggqgRzPVQGDdQUAMC4x
+CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X
+DTE4MDMwNTA3MDEwOFoXDTM4MDIyODA3MDEwOFowejELMAkGA1UEBhMCQ04xFjAU
+BgNVBAoMDUFudCBGaW5hbmNpYWwxIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MTEwLwYDVQQDDChBbnQgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IFMxMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEGmfMCs2ZerI5lvrO
+bxfY8HJyIcTwfMtXb3R1KgqJmUTmsdlb3g13lkvkp2GwqGOpptUOxE09hZAeF4tY
+QzSkSaOCASIwggEeMB8GA1UdIwQYMBaAFEwysZfZMxvEpgXBxuWLYlvwl3ZYMA8G
+A1UdEwEB/wQFMAMBAf8wgboGA1UdHwSBsjCBrzBBoD+gPaQ7MDkxCzAJBgNVBAYT
+AkNOMQ4wDAYDVQQKDAVOUkNBQzEMMAoGA1UECwwDQVJMMQwwCgYDVQQDDANhcmww
+KqAooCaGJGh0dHA6Ly93d3cucm9vdGNhLmdvdi5jbi9hcmwvYXJsLmNybDA+oDyg
+OoY4bGRhcDovL2xkYXAucm9vdGNhLmdvdi5jbjozODkvQ049YXJsLE9VPUFSTCxP
+PU5SQ0FDLEM9Q04wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQ3NFyrGaAF5BAy
+72g+BP4NTGdGEzAMBggqgRzPVQGDdQUAA0gAMEUCIQCXq5uO1PaKFI764ak1Ah5R
+5vc7E6WGBsO7Jv8+GM8xFgIgbCi8GfqKKiAAhJ3grv5vbQy5kPeC5I/8X3igW4k5
+1Tc=
+-----END CERTIFICATE-----

GmSSL-3.1.0/demos/certs/ca/TJCA.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCApKgAwIBAgIQS66cxft/wk8MdWCL2qSImjAMBggqgRzPVQGDdQUAMDox
+CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEbMBkGA1UEAwwSQ2l2aWwgU2Vy
+dmFudCBST09UMB4XDTE3MTIwNjAyNTczMFoXDTM3MTIwMTAyNTczMFowVjELMAkG
+A1UEBhMCQ04xEjAQBgNVBAgMCeWkqea0peW4gjEkMCIGA1UECgwb5aSp5rSl5biC
+55S15a2Q6K6k6K+B5Lit5b+DMQ0wCwYDVQQDDARUSkNBMFkwEwYHKoZIzj0CAQYI
+KoEcz1UBgi0DQgAE2GJUeLtgaq271GSkgvmvBHJVxrg6K8Nx6AogQxNB/qoQjup4
+YDw9odBrYiqdTbOgYL5I+iiPCXJg+6xKL3VA6aOCAVowggFWMB8GA1UdIwQYMBaA
+FJ/cX1elCW5m8PJ1du0BYnAE/PpUMA8GA1UdEwEB/wQFMAMBAf8wgfIGA1UdHwSB
+6jCB5zBPoE2gS6RJMEcxCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEMMAoG
+A1UECwwDQVJMMRowGAYDVQQDDBFDaXZpbF9TZXJ2YW50X0FSTDBGoESgQoZAaHR0
+cDovL3d3dy5yb290Y2EuZ292LmNuL0NpdmlsX1NlcnZhbnRfYXJsL0NpdmlsX1Nl
+cnZhbnRfQVJMLmNybDBMoEqgSIZGbGRhcDovL2xkYXAucm9vdGNhLmdvdi5jbjoz
+OTAvQ049Q2l2aWxfU2VydmFudF9BUkwsT1U9QVJMLE89TlJDQUMsQz1DTjAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFE6BR1+l7EDGRDMxpkHLpByil04oMAwGCCqB
+HM9VAYN1BQADSAAwRQIgC79X9bYZNHi88AOzS1mcL8iMOTnuOhISxkw6Hbou9bIC
+IQCGFTlCuEYGX3Qc+HlufzqyKjyYyUCTb0FkfhOfhcEU+g==
+-----END CERTIFICATE-----

GmSSL-3.1.0/demos/certs/ca/Taier CA.pem

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIChDCCAiigAwIBAgIQLXrZ9QK+bZE4WSoVyuo7GzAMBggqgRzPVQGDdQUAMC4x
+CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEPMA0GA1UEAwwGUk9PVENBMB4X
+DTE2MDcxMzA4MjQ1NFoXDTM2MDcwODA4MjQ1NFowMDELMAkGA1UEBhMCQ04xDjAM
+BgNVBAoMBUNBSUNUMREwDwYDVQQDDAhUYWllciBDQTBZMBMGByqGSM49AgEGCCqB
+HM9VAYItA0IABAxbfsHfqwv8GmfhJYnj0R+fFFqkegyvdZgzRtnnnEDmoy4GNwQa
+kVNElUTsMFIJDOEbXTfYazvOghVNsR1UFRujggEiMIIBHjAfBgNVHSMEGDAWgBRM
+MrGX2TMbxKYFwcbli2Jb8Jd2WDAPBgNVHRMBAf8EBTADAQH/MIG6BgNVHR8EgbIw
+ga8wQaA/oD2kOzA5MQswCQYDVQQGEwJDTjEOMAwGA1UECgwFTlJDQUMxDDAKBgNV
+BAsMA0FSTDEMMAoGA1UEAwwDYXJsMCqgKKAmhiRodHRwOi8vd3d3LnJvb3RjYS5n
+b3YuY24vYXJsL2FybC5jcmwwPqA8oDqGOGxkYXA6Ly9sZGFwLnJvb3RjYS5nb3Yu
+Y246Mzg5L0NOPWFybCxPVT1BUkwsTz1OUkNBQyxDPUNOMA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUi2kQa6VC3y6m96DZs4ykCLs9UDkwDAYIKoEcz1UBg3UFAANI
+ADBFAiAnOTxqRKjk7+RlMuu6dRIoncmZPPkmVytXeGkvxmN8zAIhAI4zYqRtqy4e
+754IdYX8fZDRQi9Mf2ZIkEEgIy9o1+Gf
+-----END CERTIFICATE-----

GmSSL-3.1.0/demos/certs/rootca/Civil Servant ROOT.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB0jCCAXegAwIBAgIQEdZMMEt/UB6aBlClCPrHdDAMBggqgRzPVQGDdQUAMDox
+CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEbMBkGA1UEAwwSQ2l2aWwgU2Vy
+dmFudCBST09UMB4XDTE0MDcxNTA2NDg1NloXDTQ0MDcwNzA2NDg1NlowOjELMAkG
+A1UEBhMCQ04xDjAMBgNVBAoMBU5SQ0FDMRswGQYDVQQDDBJDaXZpbCBTZXJ2YW50
+IFJPT1QwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAR1whSysIMDakj11nL+KgJ1
+J+HtXJU2D/EhV+QC1b+/yDXWdcZay7X79wC/g4vJdUIAdyZfLVy3lYYFc3aJ2smr
+o10wWzAfBgNVHSMEGDAWgBSf3F9XpQluZvDydXbtAWJwBPz6VDAMBgNVHRMEBTAD
+AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUn9xfV6UJbmbw8nV27QFicAT8+lQw
+DAYIKoEcz1UBg3UFAANHADBEAiAkrV4rtXx+4fdJBIVSxHFKh2znz2vnSgk/eBIl
+gNQK7AIgNVusahBBOxafSdIB1cX8zJCnq+OcCNLRezYSbXQ45Jg=
+-----END CERTIFICATE-----

GmSSL-3.1.0/demos/certs/rootca/Device ROOT.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBxjCCAWmgAwIBAgIQVWEAYiD7bkTypcG5eLcUIzAMBggqgRzPVQGDdQUAMDMx
+CzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVOUkNBQzEUMBIGA1UEAwwLRGV2aWNlIFJP
+T1QwHhcNMTQwNzE1MDY0OTE0WhcNNDQwNzA3MDY0OTE0WjAzMQswCQYDVQQGEwJD
+TjEOMAwGA1UECgwFTlJDQUMxFDASBgNVBAMMC0RldmljZSBST09UMFkwEwYHKoZI
+zj0CAQYIKoEcz1UBgi0DQgAErrT3rKewd5fIH38K5dUcB6dxxYcFCqHlklxWnwiU
+n39eP3O8D3h7gncGBJoxX5XToyqwy4saICZq3MEIBf6XKqNdMFswHwYDVR0jBBgw
+FoAUodkX9LXKzt+c9s0ZP86nFwz5gPUwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
+AQYwHQYDVR0OBBYEFKHZF/S1ys7fnPbNGT/OpxcM+YD1MAwGCCqBHM9VAYN1BQAD
+SQAwRgIhAO6XHWXfSyMUt/fn6yB5vPH9bHofYkylecmwqbN7jNlBAiEA2b8vR1TR
+u1rh597JnGgp8tdjAiBbPWYjHcJDRBGcljA=
+-----END CERTIFICATE-----

GmSSL-3.1.0/demos/certs/rootca/ROOTCA.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBszCCAVegAwIBAgIIaeL+wBcKxnswDAYIKoEcz1UBg3UFADAuMQswCQYDVQQG
+EwJDTjEOMAwGA1UECgwFTlJDQUMxDzANBgNVBAMMBlJPT1RDQTAeFw0xMjA3MTQw
+MzExNTlaFw00MjA3MDcwMzExNTlaMC4xCzAJBgNVBAYTAkNOMQ4wDAYDVQQKDAVO
+UkNBQzEPMA0GA1UEAwwGUk9PVENBMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE
+MPCca6pmgcchsTf2UnBeL9rtp4nw+itk1Kzrmbnqo05lUwkwlWK+4OIrtFdAqnRT
+V7Q9v1htkv42TsIutzd126NdMFswHwYDVR0jBBgwFoAUTDKxl9kzG8SmBcHG5Yti
+W/CXdlgwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFEwysZfZ
+MxvEpgXBxuWLYlvwl3ZYMAwGCCqBHM9VAYN1BQADSAAwRQIgG1bSLeOXp3oB8H7b
+53W+CKOPl2PknmWEq/lMhtn25HkCIQDaHDgWxWFtnCrBjH16/W3Ezn7/U/Vjo5xI
+pDoiVhsLwg==
+-----END CERTIFICATE-----

GmSSL-3.1.0/demos/scripts/cademo.sh

@@ -0,0 +1,44 @@
+#!/bin/bash -x
+
+set -e
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+
+rm -fr revoked_certs.der
+gmssl certrevoke -in signcert.pem -reason keyCompromise -out revoked_certs.der
+gmssl certrevoke -in enccert.pem -reason keyCompromise -out revoked_certs.der
+gmssl crlgen -in revoked_certs.der -cacert cacert.pem -key cakey.pem -pass 1234 -next_update 20240101000000Z -gen_authority_key_id -crl_num 1 -out crl.der
+gmssl crlparse -in crl.der
+
+rm -fr rootcakey.pem
+rm -fr rootcacert.pem
+rm -fr cakey.pem
+rm -fr careq.pem
+rm -fr cacert.pem
+rm -fr signkey.pem
+rm -fr signreq.pem
+rm -fr signcert.pem
+rm -fr enckey.pem
+rm -fr encreq.pem
+rm -fr enccert.pem
+rm -fr revoked_certs.der
+rm -fr crl.der
+
+echo "all ok"

GmSSL-3.1.0/demos/scripts/certdemo.sh

@@ -0,0 +1,43 @@
+#!/bin/bash -x
+
+set -e
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \
+	-key rootcakey.pem -pass 1234 \
+	-out rootcacert.pem \
+	-ca -path_len_constraint 6 \
+	-key_usage keyCertSign -key_usage cRLSign \
+	-crl_http_uri http://pku.edu.cn/ca.crl -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
+
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem \
+	-crl_http_uri http://pku.edu.cn/ca.crl -ca_issuers_uri http://pku.edu.cn/ca.crt -ocsp_uri http://ocsp.pku.edu.cn
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem \
+	-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem \
+	-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
+gmssl certparse -in enccert.pem
+
+cat signcert.pem > certs.pem
+cat cacert.pem >> certs.pem
+gmssl certverify -in certs.pem -cacert rootcacert.pem #-check_crl
+
+cat signcert.pem > dbl_certs.pem
+cat enccert.pem >> dbl_certs.pem
+cat cacert.pem >> dbl_certs.pem
+gmssl certverify -double_certs -in dbl_certs.pem -cacert rootcacert.pem #-check_crl
+
+echo ok
+

GmSSL-3.1.0/demos/scripts/certs.sh

@@ -0,0 +1,27 @@
+#!/bin/bash -x
+
+set -e
+
+cd ../certs
+
+gmssl certparse -in "rootca/Civil Servant ROOT.pem"
+gmssl certverify -in "rootca/Civil Servant ROOT.pem" -cacert "rootca/Civil Servant ROOT.pem"
+gmssl crlparse -in "crl/Civil Servant ROOT.crl"
+gmssl crlverify -in "crl/Civil Servant ROOT.crl" -cacert "rootca/Civil Servant ROOT.pem"
+
+gmssl certparse -in "rootca/Device ROOT.pem"
+gmssl certverify -in "rootca/Device ROOT.pem" -cacert "rootca/Device ROOT.pem"
+gmssl crlparse -in "crl/Device ROOT.crl"
+gmssl crlverify -in "crl/Device ROOT.crl" -cacert "rootca/Device ROOT.pem"
+
+gmssl certparse -in "rootca/ROOTCA.pem"
+gmssl certverify -in "rootca/ROOTCA.pem" -cacert "rootca/ROOTCA.pem"
+gmssl crlparse -in "crl/ROOTCA.crl"
+gmssl crlverify -in "crl/ROOTCA.crl" -cacert "rootca/ROOTCA.pem" # now > next_update
+
+# The CRL URI of ROOTCA.pem is in Base64 format, not DER
+gmssl certverify -in "ca/TJCA.pem" -cacert "rootca/Civil Servant ROOT.pem" #-check_crl
+gmssl certverify -in "ca/Taier CA.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
+gmssl certverify -in "ca/Ant Financial Certification Authority S1.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
+
+echo ok

GmSSL-3.1.0/demos/scripts/certverify.sh

@@ -0,0 +1,129 @@
+#!/bin/bash -x
+
+set -e
+
+signcert=ebssec.boc.cn-sign.pem
+enccert=ebssec.boc.cn-enc.pem
+crl=CFCA_SM2_OCA1.crl
+cacert=CFCA_SM2_OCA1.pem
+rootcacert=CFCA_CS_SM2_CA.pem
+
+
+cat << EOF > $signcert
+-----BEGIN CERTIFICATE-----
+MIICzzCCAnKgAwIBAgIFEzY5M3AwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD
+TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2
+MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD
+VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF
+rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN
+ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPsNUnoZQM9C
+SnvC57TbvdfyOTCuPOSlZmPAyxBKFj+Y1QH/xlubHdVf5XqHrO1jCDRi7aN5IKGX
+QF1492c803OjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB
+ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF
+BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f
+BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j
+cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCBsAwHQYD
+VR0OBBYEFJ6oFo/OrKgDhHFORpaq04kX7T1KMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0kAMEYCIQCvhSvbv5h6ERl1YcCLg+fz
+9UleQbaPfBYwUjUD2dAHVQIhAMRC4k9S/mSC0UpUvCqh/DQC2Ui8Tccd5G2IgYSs
+cnUN
+-----END CERTIFICATE-----
+EOF
+
+cat << EOF > $enccert
+-----BEGIN CERTIFICATE-----
+MIICzjCCAnKgAwIBAgIFEzY5M3EwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD
+TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2
+MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD
+VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF
+rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN
+ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABMn1q+hbV0i1
+qnKAy7QeZ3ZfAD+gqHX4F5MqIhsarODlWsavf/dcprC0F277zc44aYBB/3ucy4PF
+qXaRHQp8PEyjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB
+ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF
+BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f
+BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j
+cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCAzgwHQYD
+VR0OBBYEFF/a1JHvzLzbpFbBljX7hNxRpj/2MB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0gAMEUCIQDCOFi1eZcgiN6t+h6lxLwS
+grAh3Jall+ZyA2ePw6xcjwIgNyDvo761dpwJhcyWfyVCAnaTf0Vf4DLWI1K+S7po
+Ur8=
+-----END CERTIFICATE-----
+EOF
+
+
+cat << EOF > $cacert
+-----BEGIN CERTIFICATE-----
+MIICNTCCAdmgAwIBAgIFEAAAAAgwDAYIKoEcz1UBg3UFADBYMQswCQYDVQQGEwJD
+TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5MRcwFQYDVQQDDA5DRkNBIENTIFNNMiBDQTAeFw0xMzAxMjQwODQ2NDBaFw0z
+MzAxMTkwODQ2NDBaMCUxCzAJBgNVBAYTAkNOMRYwFAYDVQQKDA1DRkNBIFNNMiBP
+Q0ExMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEfJqQoo0+JoyCRy0msS2Ym076
+8nV1pSLuK9utS1ij38obWDymq0oMRRwUzDMEQI19Cajo3JUoGFxOvsA+YWu3XKOB
+wDCBvTAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD
+AQH/MGAGA1UdHwRZMFcwVaBToFGkTzBNMQswCQYDVQQGEwJDTjETMBEGA1UECgwK
+Q0ZDQSBDUyBDQTEMMAoGA1UECwwDQ1JMMQwwCgYDVQQLDANTTTIxDTALBgNVBAMM
+BGNybDEwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBRck1ggWiRzVhAbZFAQ7OmnygdB
+ETAMBggqgRzPVQGDdQUAA0gAMEUCIBVscoZJhUy4eToK4C//LjvhjKK2qpBFac/h
+Pr6yYTLzAiEAiyqrqsGUU5vGkDo5bEpmF1EbnY8xovsM9vCx98yBrVM=
+-----END CERTIFICATE-----
+EOF
+
+
+cat << EOF > $rootcacert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAaegAwIBAgIEFy9CWTAMBggqgRzPVQGDdQUAMFgxCzAJBgNVBAYTAkNO
+MTAwLgYDVQQKDCdDaGluYSBGaW5hbmNpYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkxFzAVBgNVBAMMDkNGQ0EgQ1MgU00yIENBMB4XDTEyMDgzMTAyMDY1OVoXDTQy
+MDgyNDAyMDY1OVowWDELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFu
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEXMBUGA1UEAwwOQ0ZDQSBDUyBT
+TTIgQ0EwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAATuRh26wmtyKNMz+Pmneo3a
+Sme+BCjRon8SvAxZBgLSuIxNUewq4kNujeb1I4A0yg7xNcjuOgXglAoQv+Tc+P0V
+o10wWzAfBgNVHSMEGDAWgBTkjt3Uo+e2D+4dJ5bNddwlJXJp3TAMBgNVHRMEBTAD
+AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU5I7d1KPntg/uHSeWzXXcJSVyad0w
+DAYIKoEcz1UBg3UFAANIADBFAiBhP/rmIvles3RK1FfcmmEeS9RZdu+5lCzxF0nk
+cof2QAIhAPVRpqOuceEQHsR77FBe/DgVPqF6lOyoZs0TzTDHrN8c
+-----END CERTIFICATE-----
+EOF
+
+gmssl certverify -in $signcert -cacert $cacert
+gmssl certverify -in $enccert -cacert $cacert
+gmssl certverify -in $cacert -cacert $rootcacert
+
+chain=chain.pem
+cat $signcert > $chain
+cat $cacert >> $chain
+gmssl certverify -in $chain -cacert $rootcacert
+
+chain_with_root=chain_with_root.pem
+cp $chain $chain_with_root
+cat $rootcacert >> $chain_with_root
+gmssl certverify -in $chain_with_root -cacert $rootcacert
+
+double_certs=double_certs.pem
+cat $signcert > $double_certs
+cat $enccert >> $double_certs
+gmssl certverify -in $double_certs -cacert $cacert -double_certs
+
+double_chain=double_chain.pem
+cat $double_certs > $double_chain
+cat $cacert >> $double_chain
+gmssl certverify -in $double_chain -cacert $rootcacert -double_certs
+
+gmssl certparse -in $double_chain
+gmssl certverify -in $double_chain -cacert $rootcacert -double_certs -check_crl
+gmssl crlget -cert $signcert -out $crl
+gmssl crlparse -in $crl
+
+rm -fr $signcert
+rm -fr $enccert
+rm -fr $crl
+rm -fr $cacert
+rm -fr $rootcacert
+rm -fr $chain
+rm -fr $chain_with_root
+rm -fr $double_certs
+rm -fr $double_chain
+
+echo ok
+

GmSSL-3.1.0/demos/scripts/cmsdemo.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+
+gmssl sm2keygen -pass 1234 -out key.pem -pubout keypub.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key_usage dataEncipherment -days 365 -key key.pem -pass 1234 -out cert.pem
+
+echo "<html>The plaintext message.</html>" > plain.txt
+
+gmssl cmsencrypt -in plain.txt -rcptcert cert.pem -out enveloped_data.pem
+gmssl cmsparse -in enveloped_data.pem
+gmssl cmsdecrypt -key key.pem -pass 1234 -cert cert.pem -in enveloped_data.pem
+
+gmssl cmssign -key key.pem -pass 1234 -cert cert.pem -in plain.txt -out signed_data.pem
+gmssl cmsparse -in signed_data.pem
+gmssl cmsverify -in signed_data.pem -out signed_data.txt
+cat signed_data.txt
+

GmSSL-3.1.0/demos/scripts/pbkdf2demo.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+
+gmssl pbkdf2 -pass 1234 -salt 1122334455667788 -iter 60000 -outlen 16
+

GmSSL-3.1.0/demos/scripts/reqdemo.sh

@@ -0,0 +1,42 @@
+#!/bin/bash -x
+
+set -e
+
+# generate self-signed CA certificate
+gmssl sm2keygen -pass 1234 -out cakey.pem -pubout pubkey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN CA -days 365 -key cakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+# generate a req and sign by CA certificate
+gmssl sm2keygen -pass 1234 -out signkey.pem -pubout pubkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+# sign a encryption certificate with the same DN, different KeyUsage extension
+gmssl sm2keygen -pass 1234 -out enckey.pem -pubout pubkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Alice -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+
+# 中文
+gmssl sm2keygen -pass 1234 -out alicekey.pem -pubout alicepubkey.pem
+gmssl reqgen -O "北京大学" -CN "爱丽丝" -key alicekey.pem -pass 1234 -out alicereq.pem
+gmssl reqsign -in alicereq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out alicecert.pem
+gmssl certparse -in alicecert.pem
+
+
+rm -fr pubkey.pem
+rm -fr cacert.pem
+rm -fr signkey.pem
+rm -fr signreq.pem
+rm -fr signcert.pem
+rm -fr enckey.pem
+rm -fr encreq.pem
+rm -fr enccert.pem
+rm -fr alicekey.pem
+rm -fr alicepubkey.pem
+rm -fr alicereq.pem
+rm -fr alicecert.pem
+
+echo ok

GmSSL-3.1.0/demos/scripts/sm2demo.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
+
+echo hello | gmssl sm2sign -key sm2.pem -pass 1234 -out sm2.sig #-id 1234567812345678
+echo hello | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig -id 1234567812345678
+
+echo hello | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der
+gmssl sm2decrypt -key sm2.pem -pass 1234 -in sm2.der
+

GmSSL-3.1.0/demos/scripts/sm3demo.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+echo -n abc | gmssl sm3
+
+gmssl sm2keygen -pass 1234 -out sm2.pem -pubout sm2pub.pem
+echo -n abc | gmssl sm3 -pubkey sm2pub.pem -id 1234567812345678
+
+
+echo -n abc | gmssl sm3hmac -key 11223344556677881122334455667788
+

GmSSL-3.1.0/demos/scripts/sm4demo.sh

@@ -0,0 +1,115 @@
+#!/bin/bash -x
+
+set -e
+
+gmssl sm4 -help
+
+# CBC
+echo hello | gmssl sm4 -cbc -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -out ciphertext.bin
+gmssl sm4 -cbc -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# CTR
+echo hello | gmssl sm4 -ctr -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -out ciphertext.bin
+gmssl sm4 -ctr -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# GCM IV length = 12
+echo hello | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -out ciphertext.bin
+gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -in ciphertext.bin
+
+# GCM IV length = 1
+echo hello | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 11 -out ciphertext.bin
+gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 11 -in ciphertext.bin
+
+# GCM IV length = 16
+echo hello | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -out ciphertext.bin
+gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# GCM IV length = 32
+echo hello | gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 1122334455667788112233445566778811223344556677881122334455667788 -out ciphertext.bin
+gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 1122334455667788112233445566778811223344556677881122334455667788 -in ciphertext.bin
+
+# CBC-SM3-HMAC
+echo hello | gmssl sm4 -cbc_sm3_hmac -encrypt \
+	-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
+	-iv 11223344556677881122334455667788 -out ciphertext.bin
+gmssl sm4 -cbc_sm3_hmac -decrypt \
+	-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
+	 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# CTR-SM3-HMAC
+echo hello | gmssl sm4 -ctr_sm3_hmac -encrypt \
+	-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
+	-iv 11223344556677881122334455667788 -out ciphertext.bin
+gmssl sm4 -ctr_sm3_hmac -decrypt \
+	-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
+	 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# encrypt/decrypt long text file
+
+cat << EOF > plaintext.txt
+-----BEGIN CERTIFICATE-----
+MIICzzCCAnKgAwIBAgIFEzY5M3AwDAYIKoEcz1UBg3UFADAlMQswCQYDVQQGEwJD
+TjEWMBQGA1UECgwNQ0ZDQSBTTTIgT0NBMTAeFw0yMTA2MTEwOTA1MjBaFw0yNjA2
+MTkwODE2NTZaMIGRMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG5YyX5LqsMQ8wDQYD
+VQQHDAbljJfkuqwxJzAlBgNVBAoMHuS4reWbvemTtuihjOiCoeS7veaciemZkOWF
+rOWPuDERMA8GA1UECwwITG9jYWwgUkExDDAKBgNVBAsMA1NTTDEWMBQGA1UEAwwN
+ZWJzc2VjLmJvYy5jbjBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABPsNUnoZQM9C
+SnvC57TbvdfyOTCuPOSlZmPAyxBKFj+Y1QH/xlubHdVf5XqHrO1jCDRi7aN5IKGX
+QF1492c803OjggEeMIIBGjAfBgNVHSMEGDAWgBRck1ggWiRzVhAbZFAQ7OmnygdB
+ETAMBgNVHRMBAf8EAjAAMEgGA1UdIARBMD8wPQYIYIEchu8qAQEwMTAvBggrBgEF
+BQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91cy0xNC5odG0wNwYDVR0f
+BDAwLjAsoCqgKIYmaHR0cDovL2NybC5jZmNhLmNvbS5jbi9TTTIvY3JsNTYxOC5j
+cmwwGAYDVR0RBBEwD4INZWJzc2VjLmJvYy5jbjAOBgNVHQ8BAf8EBAMCBsAwHQYD
+VR0OBBYEFJ6oFo/OrKgDhHFORpaq04kX7T1KMB0GA1UdJQQWMBQGCCsGAQUFBwMC
+BggrBgEFBQcDATAMBggqgRzPVQGDdQUAA0kAMEYCIQCvhSvbv5h6ERl1YcCLg+fz
+9UleQbaPfBYwUjUD2dAHVQIhAMRC4k9S/mSC0UpUvCqh/DQC2Ui8Tccd5G2IgYSs
+cnUN
+-----END CERTIFICATE-----
+EOF
+
+
+# CBC
+gmssl sm4 -cbc -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
+gmssl sm4 -cbc -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# CTR
+gmssl sm4 -ctr -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
+gmssl sm4 -ctr -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# GCM IV length = 12
+gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -in plaintext.txt -out ciphertext.bin
+gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 112233445566778811223344 -in ciphertext.bin
+
+# GCM IV length = 1
+gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 11 -in plaintext.txt -out ciphertext.bin
+gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 11 -in ciphertext.bin
+
+# GCM IV length = 16
+gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
+gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# GCM IV length = 32
+gmssl sm4 -gcm -encrypt -key 11223344556677881122334455667788 -iv 1122334455667788112233445566778811223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
+gmssl sm4 -gcm -decrypt -key 11223344556677881122334455667788 -iv 1122334455667788112233445566778811223344556677881122334455667788 -in ciphertext.bin
+
+# CBC-SM3-HMAC
+gmssl sm4 -cbc_sm3_hmac -encrypt \
+	-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
+	-iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
+gmssl sm4 -cbc_sm3_hmac -decrypt \
+	-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
+	 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+# CTR-SM3-HMAC
+gmssl sm4 -ctr_sm3_hmac -encrypt \
+	-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
+	-iv 11223344556677881122334455667788 -in plaintext.txt -out ciphertext.bin
+gmssl sm4 -ctr_sm3_hmac -decrypt \
+	-key 112233445566778811223344556677881122334455667788112233445566778811223344556677881122334455667788 \
+	 -iv 11223344556677881122334455667788 -in ciphertext.bin
+
+
+rm -fr plaintext.txt
+rm -fr ciphertext.bin
+
+

GmSSL-3.1.0/demos/scripts/sm9demo.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+gmssl sm9setup -alg sm9sign -pass 1234 -out sign_msk.pem -pubout sign_mpk.pem
+gmssl sm9keygen -alg sm9sign -in sign_msk.pem -inpass 1234 -id alice -out alice.pem -outpass 1234
+echo hello | gmssl sm9sign -key alice.pem -pass 1234  -out hello.sig
+echo hello | gmssl sm9verify -pubmaster sign_mpk.pem -id alice -sig hello.sig
+
+gmssl sm9setup -alg sm9encrypt -pass 1234 -out enc_msk.pem -pubout enc_mpk.pem
+gmssl sm9keygen -alg sm9encrypt -in enc_msk.pem -inpass 1234 -id bob -out bob.pem -outpass 1234
+echo hello | gmssl sm9encrypt -pubmaster enc_mpk.pem -id bob -out hello.der
+gmssl sm9decrypt -key bob.pem -pass 1234 -id bob -in hello.der
+

GmSSL-3.1.0/demos/scripts/tlcp_client.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -x
+
+
+# https://ebssec.boc.cn
+gmssl tlcp_client -host 123.124.191.183
+
+# https://zffw.jxzwfww.gov.cn
+gmssl tlcp_client -host 218.87.21.62

GmSSL-3.1.0/demos/scripts/tlcp_server.sh

@@ -0,0 +1,49 @@
+#!/bin/bash -x
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem -ca
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+
+cat signcert.pem > double_certs.pem
+cat enccert.pem >> double_certs.pem
+cat cacert.pem >> double_certs.pem
+
+sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem  1>/dev/null  2>/dev/null &
+#sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234  1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+# build and install BabaSSL 8.3.2
+# Download
+# ./config enable-ntls; make; sudo make install
+
+# current /demos/scripts
+#  /build/bin
+
+openssl version
+
+../../build/bin/demo_sm2_key_export clientkey.pem 1234 > clientpkey.pem
+
+#openssl s_client -enable_ntls -ntls -connect localhost:443 -no_ticket -CAfile rootcacert.pem -sign_cert clientcert.pem -sign_key clientpkey.pem -pass pass:1234
+
+

GmSSL-3.1.0/demos/scripts/tlcpdemo.sh

@@ -0,0 +1,43 @@
+#!/bin/bash -x
+
+#set -e # which sudo will cause failure on windows
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+gmssl sm2keygen -pass 1234 -out enckey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
+gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
+gmssl certparse -in enccert.pem
+
+cat signcert.pem > double_certs.pem
+cat enccert.pem >> double_certs.pem
+cat cacert.pem >> double_certs.pem
+
+# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
+# TODO: check if `gmssl` is failed
+which sudo
+if [ $? -eq 0 ]; then
+	SUDO=sudo
+fi
+$SUDO gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234 -cacert cacert.pem &  1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+gmssl tlcp_client -host 127.0.0.1 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
+

GmSSL-3.1.0/demos/scripts/tls12demo.sh

@@ -0,0 +1,36 @@
+#!/bin/bash -x
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem -ca -path_len_constraint 0
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+cat signcert.pem > certs.pem
+cat cacert.pem >> certs.pem
+
+# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
+# TODO: check if `gmssl` is failed
+which sudo
+if [ $? -eq 0 ]; then
+	SUDO=sudo
+fi
+$SUDO gmssl tls12_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem & #1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+gmssl tls12_client -host 127.0.0.1 -port 4430 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
+

GmSSL-3.1.0/demos/scripts/tls13demo.sh

@@ -0,0 +1,36 @@
+#!/bin/bash -x
+
+
+gmssl sm2keygen -pass 1234 -out rootcakey.pem
+gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
+gmssl certparse -in rootcacert.pem
+
+gmssl sm2keygen -pass 1234 -out cakey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
+gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
+gmssl certparse -in cacert.pem
+
+gmssl sm2keygen -pass 1234 -out signkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
+gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
+gmssl certparse -in signcert.pem
+
+cat signcert.pem > certs.pem
+cat cacert.pem >> certs.pem
+
+# If port is already in use, `gmssl` will fail, use `ps aux | grep gmssl` and `sudo kill -9` to kill existing proc
+# TODO: check if `gmssl` is failed
+which sudo
+if [ $? -eq 0 ]; then
+	SUDO=sudo
+fi
+$SUDO gmssl tls13_server -port 4433 -cert certs.pem -key signkey.pem -pass 1234 -cacert cacert.pem & # 1>/dev/null  2>/dev/null &
+sleep 3
+
+gmssl sm2keygen -pass 1234 -out clientkey.pem
+gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
+gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
+gmssl certparse -in clientcert.pem
+
+gmssl tls13_client -host 127.0.0.1 -port 4433 -cacert rootcacert.pem -cert clientcert.pem -key clientkey.pem -pass 1234
+

GmSSL-3.1.0/demos/scripts/zucdemo.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+
+KEY=11223344556677881122334455667788
+IV=11223344556677881122334455667788
+
+echo hello | gmssl zuc -key $KEY -iv $IV -out zuc.bin
+gmssl zuc -key $KEY -iv $IV -in zuc.bin
+
+

GmSSL-3.1.0/demos/src/demo_sm2_encrypt.c

@@ -0,0 +1,39 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/error.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	SM2_KEY pub_key;
+	unsigned char plaintext[SM2_MAX_PLAINTEXT_SIZE];
+	unsigned char ciphertext[SM2_MAX_CIPHERTEXT_SIZE];
+	size_t len;
+
+	sm2_key_generate(&sm2_key);
+	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
+
+	sm2_encrypt(&pub_key, (uint8_t *)"hello world", strlen("hello world"), ciphertext, &len);
+	format_bytes(stdout, 0, 0, "ciphertext", ciphertext, len);
+
+	if (sm2_decrypt(&sm2_key, ciphertext, len, plaintext, &len) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+	plaintext[len] = 0;
+	printf("plaintext: %s\n", plaintext);
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm2_key_export.c

@@ -0,0 +1,64 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/mem.h>
+#include <gmssl/sm2.h>
+
+
+int main(int argc, char **argv)
+{
+	int ret = -1;
+	char *prog = argv[0];
+	char *keyfile;
+	char *pass;
+	FILE *keyfp = NULL;
+	SM2_KEY sm2_key;
+
+	if (argc < 3) {
+		fprintf(stderr, "usage: %s <key.pem> <pass>\n", prog);
+		return -1;
+	}
+	keyfile = argv[1];
+	pass = argv[2];
+
+	if (!(keyfp = fopen(keyfile, "rb"))) {
+		fprintf(stderr, "%s: open file '%s' failure\n", prog, keyfile);
+		return -1;
+	}
+	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
+		fprintf(stderr, "%s: load key failure\n", prog);
+		goto end;
+	}
+	if (sm2_private_key_info_to_pem(&sm2_key, stdout) != 1) {
+		fprintf(stderr, "%s: export failure\n", prog);
+		goto end;
+	}
+	ret = 0;
+
+end:
+	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
+	if (keyfp) fclose(keyfp);
+	return ret;
+}
+
+
+
+
+
+
+
+
+
+
+
+

GmSSL-3.1.0/demos/src/demo_sm2_keygen.c

@@ -0,0 +1,28 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+
+	if (sm2_key_generate(&sm2_key) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	sm2_key_print(stdout, 0, 0, "SM2PrivateKey", &sm2_key);
+	sm2_public_key_print(stdout, 0, 0, "SM2PublicKey", &sm2_key);
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm2_keyparse.c

@@ -0,0 +1,60 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/mem.h>
+#include <gmssl/sm2.h>
+
+
+int main(int argc, char **argv)
+{
+	char *prog = argv[0];
+	char *keyfile;
+	char *pass;
+	FILE *keyfp = NULL;
+	SM2_KEY sm2_key;
+
+	if (argc < 3) {
+		fprintf(stderr, "usage: %s <key.pem> <pass>\n", prog);
+		return -1;
+	}
+	keyfile = argv[1];
+	pass = argv[2];
+
+	if (!(keyfp = fopen(keyfile, "rb"))) {
+		fprintf(stderr, "%s: open file '%s' failure\n", prog, keyfile);
+		return -1;
+	}
+	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
+		fprintf(stderr, "%s: load key failure\n", prog);
+		fclose(keyfp);
+		return -1;
+	}
+
+	sm2_key_print(stdout, 0, 0, "SM2_KEY", &sm2_key);
+
+	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
+	fclose(keyfp);
+	return 0;
+}
+
+
+
+
+
+
+
+
+
+
+
+

GmSSL-3.1.0/demos/src/demo_sm2_private_key.c

@@ -0,0 +1,31 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	char *password = "123456";
+
+	if (sm2_key_generate(&sm2_key) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	if (sm2_private_key_info_encrypt_to_pem(&sm2_key, password, stdout) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm2_private_key_parse.c

@@ -0,0 +1,41 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/mem.h>
+#include <gmssl/sm2.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	char *password = "123456";
+	unsigned char buf[512];
+	unsigned char *p;
+	size_t len;
+
+	printf("Read SM2 private key file (PEM) from stdin ...\n");
+	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	p = buf;
+	len = 0;
+	if (sm2_private_key_to_der(&sm2_key, &p, &len) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+	fwrite(buf, 1, len, stdout);
+
+	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm2_public_key.c

@@ -0,0 +1,33 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/mem.h>
+#include <gmssl/sm2.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	char *password = "123456";
+
+	printf("Read SM2 private key file (PEM) from stdin ...\n");
+	if (sm2_private_key_info_decrypt_from_pem(&sm2_key, password, stdin) != 1) {
+		fprintf(stderr, "error\n");
+		return 1;
+	}
+
+	// openssl ec -pubin -in sm2pub.pem -text
+	sm2_public_key_info_to_pem(&sm2_key, stdout);
+
+	gmssl_secure_clear(&sm2_key, sizeof(sm2_key));
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm2_sign.c

@@ -0,0 +1,43 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/error.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	SM2_KEY pub_key;
+	unsigned char dgst[32];
+	unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
+	size_t siglen;
+	int ret;
+
+	sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
+	format_bytes(stdout, 0, 0, "to be signed digest", dgst, sizeof(dgst));
+
+	sm2_key_generate(&sm2_key);
+
+	sm2_sign(&sm2_key, dgst, sig, &siglen);
+	format_bytes(stdout, 0, 0, "signature", sig, siglen);
+
+	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
+
+	if ((ret = sm2_verify(&pub_key, dgst, sig, siglen)) != 1) {
+		fprintf(stderr, "verify failed\n");
+	} else {
+		printf("verify success\n");
+	}
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm2_sign_ctx.c

@@ -0,0 +1,62 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/error.h>
+
+
+int main(void)
+{
+	SM2_KEY sm2_key;
+	SM2_KEY pub_key;
+	SM2_SIGN_CTX sign_ctx;
+	unsigned char dgst[32];
+	unsigned char sig[SM2_MAX_SIGNATURE_SIZE];
+	size_t siglen;
+	int ret;
+
+	sm2_key_generate(&sm2_key);
+
+	memcpy(&pub_key, &sm2_key, sizeof(SM2_POINT));
+
+	// sign without signer ID (and Z value)
+	sm2_sign_init(&sign_ctx, &sm2_key, NULL, 0);
+	sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
+	sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
+	sm2_sign_finish(&sign_ctx, sig, &siglen);
+	format_bytes(stdout, 0, 0, "signature", sig, siglen);
+
+	// digest and verify
+	sm3_digest((unsigned char *)"hello world", strlen("hello world"), dgst);
+	ret = sm2_verify(&pub_key, dgst, sig, siglen);
+	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
+
+	// use verify update API
+	sm2_verify_init(&sign_ctx, &pub_key, NULL, 0);
+	sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
+	ret = sm2_verify_finish(&sign_ctx, sig, siglen);
+	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
+
+	// sign use default signer ID
+	sm2_sign_init(&sign_ctx, &sm2_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
+	sm2_sign_update(&sign_ctx, (unsigned char *)"hello ", strlen("hello "));
+	sm2_sign_update(&sign_ctx, (unsigned char *)"world", strlen("world"));
+	sm2_sign_finish(&sign_ctx, sig, &siglen);
+	format_bytes(stdout, 0, 0, "signature", sig, siglen);
+
+	sm2_verify_init(&sign_ctx, &pub_key, SM2_DEFAULT_ID, SM2_DEFAULT_ID_LENGTH);
+	sm2_verify_update(&sign_ctx, (unsigned char *)"hello world", strlen("hello world"));
+	ret = sm2_verify_finish(&sign_ctx, sig, siglen);
+	printf("verify result: %s\n", ret == 1 ? "success" : "failure");
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm3.c

@@ -0,0 +1,36 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm3.h>
+
+
+int main(int argc, char **argv)
+{
+	SM3_CTX sm3_ctx;
+	uint8_t buf[4096];
+	size_t len;
+	uint8_t dgst[32];
+	int i;
+
+	sm3_init(&sm3_ctx);
+	while ((len = fread(buf, 1, sizeof(buf), stdin)) > 0) {
+		sm3_update(&sm3_ctx, buf, len);
+	}
+	sm3_finish(&sm3_ctx, dgst);
+
+	for (i = 0; i < sizeof(dgst); i++) {
+		printf("%02x", dgst[i]);
+	}
+	printf("\n");
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm3_hmac.c

@@ -0,0 +1,51 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm3.h>
+
+
+int main(void)
+{
+	SM3_HMAC_CTX hmac_ctx;
+	unsigned char key[16] = {
+		0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+		0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
+	};
+	unsigned char mbuf[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char hmac[32] = {0};
+	int i;
+
+
+	sm3_hmac_init(&hmac_ctx, key, sizeof(key));
+	sm3_hmac_update(&hmac_ctx, mbuf, sizeof(mbuf));
+	sm3_hmac_finish(&hmac_ctx, hmac);
+
+	printf("hmac: ");
+	for (i = 0; i < sizeof(hmac); i++) {
+		printf("%02X", hmac[i]);
+	}
+	printf("\n");
+
+	memset(hmac, 0, sizeof(hmac));
+	sm3_hmac(key, sizeof(key), mbuf, sizeof(mbuf), hmac);
+
+	printf("hmac: ");
+	for (i = 0; i < sizeof(hmac); i++) {
+		printf("%02X", hmac[i]);
+	}
+	printf("\n");
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm3_kdf.c

@@ -0,0 +1,37 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm3.h>
+
+
+int main(void)
+{
+	SM3_KDF_CTX kdf_ctx;
+	unsigned char key[16] = {0};
+	unsigned char raw[32] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	int i;
+
+	sm3_kdf_init(&kdf_ctx, sizeof(key));
+	sm3_kdf_update(&kdf_ctx, raw, sizeof(raw));
+	sm3_kdf_finish(&kdf_ctx, key);
+
+	printf("key: ");
+	for (i = 0; i < sizeof(key); i++) {
+		printf("%02X", key[i]);
+	}
+	printf("\n");
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm4.c

@@ -0,0 +1,64 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+// sm4 demo1: encrypt and decrypt a block of message (16 bytes)
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm4.h>
+
+
+int main(void)
+{
+	SM4_KEY sm4_key;
+	unsigned char key[16] = {
+		0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+		0x01,0xf2,0x03,0x04,0x05,0x06,0x07,0x08,
+	};
+	unsigned char mbuf[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char cbuf[16];
+	unsigned char pbuf[16];
+	int i;
+
+	printf("key: ");
+	for (i = 0; i < sizeof(key); i++) {
+		printf("%02X", key[i]);
+	}
+	printf("\n");
+
+	printf("plaintext: ");
+	for (i = 0; i < sizeof(mbuf); i++) {
+		printf("%02X", mbuf[i]);
+	}
+	printf("\n");
+
+	sm4_set_encrypt_key(&sm4_key, key);
+	sm4_encrypt(&sm4_key, mbuf, cbuf);
+
+	printf("ciphertext: ");
+	for (i = 0; i < sizeof(cbuf); i++) {
+		printf("%02X", cbuf[i]);
+	}
+	printf("\n");
+
+	sm4_set_decrypt_key(&sm4_key, key);
+	sm4_decrypt(&sm4_key, cbuf, pbuf);
+
+	printf("decrypted: ");
+	for (i = 0; i < sizeof(pbuf); i++) {
+		printf("%02X", pbuf[i]);
+	}
+	printf("\n");
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm4_cbc.c

@@ -0,0 +1,72 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm4.h>
+#include <gmssl/rand.h>
+
+
+int main(void)
+{
+	SM4_KEY sm4_key;
+	unsigned char key[16];
+	unsigned char iv[16];
+	unsigned char mbuf[32] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char cbuf[32] = {0};
+	unsigned char pbuf[32] = {0};
+	int i;
+
+	rand_bytes(key, sizeof(key));
+	rand_bytes(iv, sizeof(iv));
+
+	printf("key: ");
+	for (i = 0; i < sizeof(key); i++) {
+		printf("%02X", key[i]);
+	}
+	printf("\n");
+
+	printf("iv: ");
+	for (i = 0; i < sizeof(iv); i++) {
+		printf("%02X", iv[i]);
+	}
+	printf("\n");
+
+	printf("plaintext: ");
+	for (i = 0; i < sizeof(mbuf); i++) {
+		printf("%02X", mbuf[i]);
+	}
+	printf("\n");
+
+	sm4_set_encrypt_key(&sm4_key, key);
+	sm4_cbc_encrypt(&sm4_key, iv, mbuf, sizeof(mbuf)/SM4_BLOCK_SIZE, cbuf);
+
+	printf("ciphertext: ");
+	for (i = 0; i < sizeof(cbuf); i++) {
+		printf("%02X", cbuf[i]);
+	}
+	printf("\n");
+
+	sm4_set_decrypt_key(&sm4_key, key);
+	sm4_cbc_decrypt(&sm4_key, iv, cbuf, sizeof(cbuf)/SM4_BLOCK_SIZE, pbuf);
+
+	printf("decrypted: ");
+	for (i = 0; i < sizeof(pbuf); i++) {
+		printf("%02X", pbuf[i]);
+	}
+	printf("\n");
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm4_cbc_decrypt_update.c

@@ -0,0 +1,51 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm4.h>
+#include <gmssl/rand.h>
+
+
+int main(void)
+{
+	SM4_CBC_CTX cbc_ctx;
+	unsigned char key[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char iv[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char inbuf[1024];
+	unsigned char outbuf[1024 + 32];
+	size_t inlen;
+	size_t outlen;
+
+	if (sm4_cbc_decrypt_init(&cbc_ctx, key, iv) != 1) {
+		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+		return 1;
+	}
+	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
+		if (sm4_cbc_decrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
+			fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+			return 1;
+		}
+		fwrite(outbuf, 1, outlen, stdout);
+	}
+	if (sm4_cbc_decrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
+		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+		return 1;
+	}
+	fwrite(outbuf, 1, outlen, stdout);
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm4_cbc_encrypt_update.c

@@ -0,0 +1,51 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm4.h>
+#include <gmssl/rand.h>
+
+
+int main(void)
+{
+	SM4_CBC_CTX cbc_ctx;
+	unsigned char key[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char iv[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char inbuf[1024];
+	unsigned char outbuf[1024 + 32];
+	size_t inlen;
+	size_t outlen;
+
+	if (sm4_cbc_encrypt_init(&cbc_ctx, key, iv) != 1) {
+		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+		return 1;
+	}
+	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
+		if (sm4_cbc_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
+			fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+			return 1;
+		}
+		fwrite(outbuf, 1, outlen, stdout);
+	}
+	if (sm4_cbc_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
+		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+		return 1;
+	}
+	fwrite(outbuf, 1, outlen, stdout);
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm4_cbc_padding.c

@@ -0,0 +1,105 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm4.h>
+#include <gmssl/rand.h>
+
+
+int main(void)
+{
+	SM4_KEY sm4_key;
+	unsigned char key[16];
+	unsigned char iv[16];
+	unsigned char mbuf[32] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char cbuf[32] = {0};
+	unsigned char pbuf[32] = {0};
+	size_t mlen1 = 20, mlen2 = 16;
+	size_t clen1, clen2;
+	size_t plen1, plen2;
+	int i;
+
+	rand_bytes(key, sizeof(key));
+	rand_bytes(iv, sizeof(iv));
+
+	printf("key: ");
+	for (i = 0; i < sizeof(key); i++) {
+		printf("%02X", key[i]);
+	}
+	printf("\n");
+
+	printf("iv: ");
+	for (i = 0; i < sizeof(iv); i++) {
+		printf("%02X", iv[i]);
+	}
+	printf("\n");
+
+
+	printf("sm4_cbc_pading encrypt %zu bytes\n", mlen1);
+
+	printf("plaintext: ");
+	for (i = 0; i < mlen1; i++) {
+		printf("%02X", mbuf[i]);
+	}
+	printf("\n");
+
+	sm4_set_encrypt_key(&sm4_key, key);
+	sm4_cbc_padding_encrypt(&sm4_key, iv, mbuf, mlen1, cbuf, &clen1);
+
+	printf("ciphertext: ");
+	for (i = 0; i < clen1; i++) {
+		printf("%02X", cbuf[i]);
+	}
+	printf("\n");
+
+	sm4_set_decrypt_key(&sm4_key, key);
+	sm4_cbc_padding_decrypt(&sm4_key, iv, cbuf, clen1, pbuf, &plen1);
+
+	printf("decrypted: ");
+	for (i = 0; i < plen1; i++) {
+		printf("%02X", pbuf[i]);
+	}
+	printf("\n");
+
+	printf("sm4_cbc_pading encrypt %zu bytes\n", mlen2);
+
+	printf("plaintext: ");
+	for (i = 0; i < mlen2; i++) {
+		printf("%02X", mbuf[i]);
+	}
+	printf("\n");
+
+	sm4_set_encrypt_key(&sm4_key, key);
+	sm4_cbc_padding_encrypt(&sm4_key, iv, mbuf, mlen2, cbuf, &clen2);
+
+	printf("ciphertext: ");
+	for (i = 0; i < clen2; i++) {
+		printf("%02X", cbuf[i]);
+	}
+	printf("\n");
+
+	sm4_set_decrypt_key(&sm4_key, key);
+	sm4_cbc_padding_decrypt(&sm4_key, iv, cbuf, clen2, pbuf, &plen2);
+
+	printf("decrypted: ");
+	for (i = 0; i < plen2; i++) {
+		printf("%02X", pbuf[i]);
+	}
+	printf("\n");
+
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm4_ctr.c

@@ -0,0 +1,76 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm4.h>
+#include <gmssl/rand.h>
+
+
+int main(void)
+{
+	SM4_KEY sm4_key;
+	unsigned char key[16];
+	unsigned char iv[16];
+	unsigned char ctr[16];
+	unsigned char mbuf[20] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,
+	};
+	unsigned char cbuf[20] = {0};
+	unsigned char pbuf[20] = {0};
+	int i;
+
+	rand_bytes(key, sizeof(key));
+	rand_bytes(iv, sizeof(iv));
+
+	printf("key: ");
+	for (i = 0; i < sizeof(key); i++) {
+		printf("%02X", key[i]);
+	}
+	printf("\n");
+
+	printf("ctr: ");
+	for (i = 0; i < sizeof(iv); i++) {
+		printf("%02X", iv[i]);
+	}
+	printf("\n");
+
+	sm4_set_encrypt_key(&sm4_key, key);
+
+	printf("sm4 ctr encrypt %zu bytes\n", sizeof(mbuf));
+
+	printf("plaintext: ");
+	for (i = 0; i < sizeof(mbuf); i++) {
+		printf("%02X", mbuf[i]);
+	}
+	printf("\n");
+
+	memcpy(ctr, iv, 16);
+	sm4_ctr_encrypt(&sm4_key, ctr, mbuf, sizeof(mbuf), cbuf);
+
+	printf("ciphertext: ");
+	for (i = 0; i < sizeof(cbuf); i++) {
+		printf("%02X", cbuf[i]);
+	}
+	printf("\n");
+
+	memcpy(ctr, iv, 16);
+	sm4_ctr_decrypt(&sm4_key, ctr, cbuf, sizeof(cbuf), pbuf);
+
+	printf("decrypted: ");
+	for (i = 0; i < sizeof(pbuf); i++) {
+		printf("%02X", pbuf[i]);
+	}
+	printf("\n");
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm4_ctr_encrypt_update.c

@@ -0,0 +1,51 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm4.h>
+#include <gmssl/rand.h>
+
+
+int main(void)
+{
+	SM4_CTR_CTX cbc_ctx;
+	unsigned char key[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char ctr[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char inbuf[1024];
+	unsigned char outbuf[1024 + 32];
+	size_t inlen;
+	size_t outlen;
+
+	if (sm4_ctr_encrypt_init(&cbc_ctx, key, ctr) != 1) {
+		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+		return 1;
+	}
+	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
+		if (sm4_ctr_encrypt_update(&cbc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
+			fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+			return 1;
+		}
+		fwrite(outbuf, 1, outlen, stdout);
+	}
+	if (sm4_ctr_encrypt_finish(&cbc_ctx, outbuf, &outlen) != 1) {
+		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+		return 1;
+	}
+	fwrite(outbuf, 1, outlen, stdout);
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm4_gcm.c

@@ -0,0 +1,90 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm4.h>
+#include <gmssl/rand.h>
+
+
+int main(void)
+{
+	SM4_KEY sm4_key;
+	unsigned char key[16];
+	unsigned char iv[16];
+	unsigned char aad[20];
+	unsigned char mbuf[64] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,
+	};
+	unsigned char cbuf[64] = {0};
+	unsigned char pbuf[64] = {0};
+	unsigned char tag[16];
+	int i;
+
+	rand_bytes(key, sizeof(key));
+	rand_bytes(iv, sizeof(iv));
+
+	printf("key: ");
+	for (i = 0; i < sizeof(key); i++) {
+		printf("%02X", key[i]);
+	}
+	printf("\n");
+
+	printf("iv: ");
+	for (i = 0; i < sizeof(iv); i++) {
+		printf("%02X", iv[i]);
+	}
+	printf("\n");
+
+	sm4_set_encrypt_key(&sm4_key, key);
+
+	printf("sm4 gcm encrypt\n");
+
+	printf("auth-only data: ");
+	for (i = 0; i < sizeof(aad); i++) {
+		printf("%02X", aad[i]);
+	}
+	printf("\n");
+
+	printf("plaintext: ");
+	for (i = 0; i < sizeof(mbuf); i++) {
+		printf("%02X", mbuf[i]);
+	}
+	printf("\n");
+
+	sm4_gcm_encrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), mbuf, sizeof(mbuf), cbuf, sizeof(tag), tag);
+
+	printf("ciphertext: ");
+	for (i = 0; i < sizeof(cbuf); i++) {
+		printf("%02X", cbuf[i]);
+	}
+	printf("\n");
+
+	printf("mac-tag: ");
+	for (i = 0; i < sizeof(tag); i++) {
+		printf("%02X", tag[i]);
+	}
+	printf("\n");
+
+	if (sm4_gcm_decrypt(&sm4_key, iv, sizeof(iv), aad, sizeof(aad), cbuf, sizeof(mbuf), tag, sizeof(tag), pbuf) != 1) {
+		fprintf(stderr, "sm4 gcm decrypt failed\n");
+		return 1;
+	}
+
+	printf("decrypted: ");
+	for (i = 0; i < sizeof(pbuf); i++) {
+		printf("%02X", pbuf[i]);
+	}
+	printf("\n");
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm9_encrypt.c

@@ -0,0 +1,47 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm9.h>
+#include <gmssl/error.h>
+
+
+int main(void)
+{
+	SM9_ENC_MASTER_KEY master;
+	SM9_ENC_MASTER_KEY master_public;
+	SM9_ENC_KEY key;
+	const char *id = "Alice";
+	uint8_t buf[512];
+	uint8_t *p = buf;
+	const uint8_t *cp = buf;
+	size_t len;
+	char mbuf[256];
+	size_t mlen;
+	int ret;
+
+	sm9_enc_master_key_generate(&master);
+	sm9_enc_master_key_extract_key(&master, id, strlen(id), &key);
+
+	sm9_enc_master_public_key_to_der(&master, &p, &len);
+	sm9_enc_master_public_key_from_der(&master_public, &cp, &len);
+
+	sm9_encrypt(&master_public, id, strlen(id), (uint8_t *)"hello", strlen("hello"), buf, &len);
+	ret = sm9_decrypt(&key, id, strlen(id), buf, len, (uint8_t *)mbuf, &mlen);
+	if (ret != 1) {
+		fprintf(stderr, "decrypt failed\n");
+		return 1;
+	}
+	mbuf[mlen] = 0;
+	printf("decrypt result: %s\n", mbuf);
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm9_keygen.c

@@ -0,0 +1,35 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm9.h>
+
+
+int main(void)
+{
+	SM9_SIGN_MASTER_KEY sign_master;
+	SM9_SIGN_KEY sign_key;
+
+	sm9_sign_master_key_generate(&sign_master);
+
+	printf("SM9 Master Secret\n");
+	sm9_sign_master_key_info_encrypt_to_pem(&sign_master, "P@ssw0rd", stdout);
+
+	printf("SM9 Public Parameters\n");
+	sm9_sign_master_public_key_to_pem(&sign_master, stdout);
+
+	sm9_sign_master_key_extract_key(&sign_master, "alice", strlen("alice"), &sign_key);
+
+	printf("SM9 private key for ID '%s'\n", "alice");
+	sm9_sign_key_info_encrypt_to_pem(&sign_key, "123456", stdout);
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_sm9_sign.c

@@ -0,0 +1,53 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/sm9.h>
+#include <gmssl/error.h>
+
+
+int main(void)
+{
+	SM9_SIGN_MASTER_KEY sign_master;
+	SM9_SIGN_MASTER_KEY sign_master_public;
+	SM9_SIGN_KEY sign_key;
+	SM9_SIGN_CTX sign_ctx;
+	const char *id = "Alice";
+	uint8_t sig[SM9_SIGNATURE_SIZE];
+	size_t siglen;
+	uint8_t buf[512];
+	uint8_t *p = buf;
+	const uint8_t *cp = buf;
+	size_t len;
+	int ret;
+
+	sm9_sign_master_key_generate(&sign_master);
+
+	sm9_sign_master_key_extract_key(&sign_master, id, strlen(id), &sign_key);
+
+	sm9_sign_init(&sign_ctx);
+	sm9_sign_update(&sign_ctx, (uint8_t *)"hello world", strlen("hello world"));
+	sm9_sign_finish(&sign_ctx, &sign_key, sig, &siglen);
+
+	format_bytes(stdout, 0, 0, "signature", sig, siglen);
+
+
+	sm9_sign_master_public_key_to_der(&sign_master, &p, &len);
+	sm9_sign_master_public_key_from_der(&sign_master_public, &cp, &len);
+
+	sm9_verify_init(&sign_ctx);
+	sm9_verify_update(&sign_ctx, (uint8_t *)"hello world", strlen("hello world"));
+	ret = sm9_verify_finish(&sign_ctx, sig, siglen, &sign_master_public, id, strlen(id));
+	printf("verify %s\n", ret == 1 ? "success" : "failure");
+
+
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_tlcp_get.c

@@ -0,0 +1,109 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <sys/types.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <gmssl/tls.h>
+#include <gmssl/error.h>
+#include "url_parser.h"
+
+
+int main(int argc, char *argv[])
+{
+	int ret = -1;
+	char *prog = argv[0];
+	const int cipher = TLS_cipher_ecc_sm4_cbc_sm3;
+	URL_COMPONENTS *url;
+	struct hostent *hp;
+	int port = 443;
+	struct sockaddr_in server;
+	int sock;
+	TLS_CTX ctx;
+	TLS_CONNECT conn;
+	char request[1024];
+	uint8_t buf[16800];
+	char *p;
+	size_t len;
+
+	if (argc != 2) {
+		fprintf(stderr, "example: tlcp_get https://sm2only.ovssl.cn\n");
+		return 1;
+	}
+
+	if (!(url = parse_url(argv[1]))) {
+		fprintf(stderr, "parse url '%s' failure\n", argv[1]);
+		return 1;
+	}
+	if (!(hp = gethostbyname(url->host))) {
+		herror("tlcp_client: '-host' invalid");
+		goto end;
+	}
+	if (url->port != -1) {
+		port = url->port;
+	}
+
+	server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
+	server.sin_family = AF_INET;
+	server.sin_port = htons(port);
+
+	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket");
+		goto end;
+	}
+	if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
+		perror("connect");
+		goto end;
+	}
+
+	memset(&ctx, 0, sizeof(ctx));
+	memset(&conn, 0, sizeof(conn));
+
+	tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode);
+	tls_ctx_set_cipher_suites(&ctx, &cipher, 1);
+	tls_init(&conn, &ctx);
+	tls_set_socket(&conn, sock);
+
+	if (tls_do_handshake(&conn) != 1) {
+		fprintf(stderr, "%s: error\n", prog);
+		goto end;
+	}
+
+	snprintf(request, sizeof(request)-1, "GET %s HTTP/1.1\r\nHost: %s\r\n\r\n",
+		url->path ? url->path : "/",
+		url->host);
+
+	tls_send(&conn, (uint8_t *)request, strlen(request), &len);
+
+	if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) {
+		fprintf(stderr, "recv failure\n");
+		goto end;
+	}
+	buf[len] = 0;
+
+	p = strstr((char *)buf, "\r\n\r\n");
+	if (p) {
+		printf("%s", p + 4);
+		fflush(stdout);
+	}
+
+end:
+	free_url_components(url);
+	close(sock);
+	tls_ctx_cleanup(&ctx);
+	tls_cleanup(&conn);
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_tlcp_post.c

@@ -0,0 +1,114 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <netdb.h>
+#include <sys/types.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <gmssl/tls.h>
+#include <gmssl/error.h>
+#include "url_parser.h"
+
+
+int main(int argc, char *argv[])
+{
+	int ret = -1;
+	char *prog = argv[0];
+	const int cipher = TLS_cipher_ecc_sm4_cbc_sm3;
+	URL_COMPONENTS *url;
+	struct hostent *hp;
+	int port = 443;
+	struct sockaddr_in server;
+	int sock;
+	TLS_CTX ctx;
+	TLS_CONNECT conn;
+	char request[1024];
+	uint8_t buf[16800];
+	char *p;
+	size_t len;
+
+	if (argc != 2) {
+		fprintf(stderr, "example: echo \"key=word\" | tlcp_post https://sm2only.ovssl.cn\n");
+		return 1;
+	}
+
+	if (!(url = parse_url(argv[1]))) {
+		fprintf(stderr, "parse url '%s' failure\n", argv[1]);
+		return 1;
+	}
+	if (!(hp = gethostbyname(url->host))) {
+		herror("tlcp_client: '-host' invalid");
+		goto end;
+	}
+	if (url->port != -1) {
+		port = url->port;
+	}
+
+	server.sin_addr = *((struct in_addr *)hp->h_addr_list[0]);
+	server.sin_family = AF_INET;
+	server.sin_port = htons(port);
+
+	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		perror("socket");
+		goto end;
+	}
+	if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
+		perror("connect");
+		goto end;
+	}
+
+	memset(&ctx, 0, sizeof(ctx));
+	memset(&conn, 0, sizeof(conn));
+
+	tls_ctx_init(&ctx, TLS_protocol_tlcp, TLS_client_mode);
+	tls_ctx_set_cipher_suites(&ctx, &cipher, 1);
+	tls_init(&conn, &ctx);
+	tls_set_socket(&conn, sock);
+
+	if (tls_do_handshake(&conn) != 1) {
+		fprintf(stderr, "%s: error\n", prog);
+		goto end;
+	}
+
+	snprintf(request, sizeof(request)-1, "POST %s HTTP/1.1\r\nHost: %s\r\n\r\n",
+		url->path ? url->path : "/",
+		url->host);
+
+	tls_send(&conn, (uint8_t *)request, strlen(request), &len);
+
+	len = fread(buf, 1, sizeof(buf), stdin);
+	if (len) {
+		tls_send(&conn, buf, len, &len);
+	}
+
+	if (tls_recv(&conn, buf, sizeof(buf), &len) != 1) {
+		fprintf(stderr, "recv failure\n");
+		goto end;
+	}
+	buf[len] = 0;
+
+	p = strstr((char *)buf, "\r\n\r\n");
+	if (p) {
+		printf("%s", p + 4);
+		fflush(stdout);
+	}
+
+end:
+	free_url_components(url);
+	close(sock);
+	tls_ctx_cleanup(&ctx);
+	tls_cleanup(&conn);
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_wget.c

@@ -0,0 +1,33 @@
+/*
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/http.h>
+#include <gmssl/error.h>
+
+int main(int argc, char **argv)
+{
+	uint8_t buf[65536];
+	uint8_t *content;
+	size_t contentlen;
+
+	if (argc < 2) {
+		printf("usage: %s <uri>\n", argv[0]);
+		return 1;
+	}
+	if (http_get(argv[1], buf, sizeof(buf), &content, &contentlen) != 1) {
+		error_print();
+		return -1;
+	}
+	fwrite(content, contentlen, 1, stdout);
+	return 0;
+}

GmSSL-3.1.0/demos/src/demo_zuc.c

@@ -0,0 +1,50 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/zuc.h>
+
+
+int main(void)
+{
+	ZUC_CTX zuc_ctx;
+	unsigned char key[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char iv[16] = {
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+		0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,
+	};
+	unsigned char inbuf[1024];
+	unsigned char outbuf[1024 + 32];
+	size_t inlen;
+	size_t outlen;
+
+	if (zuc_encrypt_init(&zuc_ctx, key, iv) != 1) {
+		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+		return 1;
+	}
+	while ((inlen = fread(inbuf, 1, sizeof(inbuf), stdin)) > 0) {
+		if (zuc_encrypt_update(&zuc_ctx, inbuf, inlen, outbuf, &outlen) != 1) {
+			fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+			return 1;
+		}
+		fwrite(outbuf, 1, outlen, stdout);
+	}
+	if (zuc_encrypt_finish(&zuc_ctx, outbuf, &outlen) != 1) {
+		fprintf(stderr, "%s %d: error\n", __FILE__, __LINE__);
+		return 1;
+	}
+	fwrite(outbuf, 1, outlen, stdout);
+
+	return 0;
+}

GmSSL-3.1.0/include/gmssl/aead.h

@@ -0,0 +1,111 @@
+/*
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#ifndef GMSSL_AEAD_H
+#define GMSSL_AEAD_H
+
+#include <string.h>
+#include <stdint.h>
+#include <gmssl/sm3.h>
+#include <gmssl/sm4.h>
+#include <gmssl/gcm.h>
+#include <gmssl/api.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct {
+	SM4_CBC_CTX enc_ctx;
+	SM3_HMAC_CTX mac_ctx;
+	uint8_t mac[SM3_HMAC_SIZE];
+	size_t maclen;
+} SM4_CBC_SM3_HMAC_CTX;
+
+#define SM4_CBC_SM3_HMAC_KEY_SIZE 48
+#define SM4_CBC_SM3_HMAC_IV_SIZE  16
+
+_gmssl_export int sm4_cbc_sm3_hmac_encrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
+	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen);
+_gmssl_export int sm4_cbc_sm3_hmac_encrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx,
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_cbc_sm3_hmac_encrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx,
+	uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_cbc_sm3_hmac_decrypt_init(SM4_CBC_SM3_HMAC_CTX *ctx,
+	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen);
+_gmssl_export int sm4_cbc_sm3_hmac_decrypt_update(SM4_CBC_SM3_HMAC_CTX *ctx,
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_cbc_sm3_hmac_decrypt_finish(SM4_CBC_SM3_HMAC_CTX *ctx,
+	uint8_t *out, size_t *outlen);
+
+
+typedef struct {
+	SM4_CTR_CTX enc_ctx;
+	SM3_HMAC_CTX mac_ctx;
+	uint8_t mac[SM3_HMAC_SIZE];
+	size_t maclen;
+} SM4_CTR_SM3_HMAC_CTX;
+
+#define SM4_CTR_SM3_HMAC_KEY_SIZE 48
+#define SM4_CTR_SM3_HMAC_IV_SIZE  16
+
+_gmssl_export int sm4_ctr_sm3_hmac_encrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
+	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen);
+_gmssl_export int sm4_ctr_sm3_hmac_encrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx,
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_ctr_sm3_hmac_encrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx,
+	uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_ctr_sm3_hmac_decrypt_init(SM4_CTR_SM3_HMAC_CTX *ctx,
+	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen);
+_gmssl_export int sm4_ctr_sm3_hmac_decrypt_update(SM4_CTR_SM3_HMAC_CTX *ctx,
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_ctr_sm3_hmac_decrypt_finish(SM4_CTR_SM3_HMAC_CTX *ctx,
+	uint8_t *out, size_t *outlen);
+
+
+typedef struct {
+	SM4_CTR_CTX enc_ctx;
+	GHASH_CTX mac_ctx;
+	uint8_t Y[16]; // E(K, Y_0)
+	size_t taglen;
+	uint8_t mac[16];
+	size_t maclen;
+} SM4_GCM_CTX;
+
+#define SM4_GCM_KEY_SIZE 16
+#define SM4_GCM_MIN_IV_SIZE 1
+#define SM4_GCM_DEFAULT_IV_SIZE 12
+#define SM4_GCM_MAX_IV_SIZE 64
+#define SM4_GCM_DEFAULT_TAG_SIZE 16
+
+_gmssl_export int sm4_gcm_encrypt_init(SM4_GCM_CTX *ctx,
+	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, size_t taglen);
+_gmssl_export int sm4_gcm_encrypt_update(SM4_GCM_CTX *ctx,
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_gcm_encrypt_finish(SM4_GCM_CTX *ctx,
+	uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_gcm_decrypt_init(SM4_GCM_CTX *ctx,
+	const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, size_t taglen);
+_gmssl_export int sm4_gcm_decrypt_update(SM4_GCM_CTX *ctx,
+	const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen);
+_gmssl_export int sm4_gcm_decrypt_finish(SM4_GCM_CTX *ctx,
+	uint8_t *out, size_t *outlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/aes.h

@@ -0,0 +1,90 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_AES_H
+#define GMSSL_AES_H
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+#define AES128_KEY_BITS		128
+#define AES192_KEY_BITS		192
+#define AES256_KEY_BITS		256
+
+#define AES128_KEY_SIZE		(AES128_KEY_BITS/8)
+#define AES192_KEY_SIZE		(AES192_KEY_BITS/8)
+#define AES256_KEY_SIZE		(AES256_KEY_BITS/8)
+
+#define AES_BLOCK_SIZE		16
+
+#define AES128_ROUNDS		10
+#define AES192_ROUNDS		12
+#define AES256_ROUNDS		14
+#define AES_MAX_ROUNDS		AES256_ROUNDS
+
+
+typedef struct {
+	uint32_t rk[4 * (AES_MAX_ROUNDS + 1)];
+	size_t rounds;
+} AES_KEY;
+
+int aes_set_encrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
+int aes_set_decrypt_key(AES_KEY *key, const uint8_t *raw_key, size_t raw_key_len);
+void aes_encrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
+void aes_decrypt(const AES_KEY *key, const uint8_t in[AES_BLOCK_SIZE], uint8_t out[AES_BLOCK_SIZE]);
+
+
+void aes_cbc_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t nblocks, uint8_t *out);
+void aes_cbc_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t nblocks, uint8_t *out);
+int aes_cbc_padding_encrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t *outlen);
+int aes_cbc_padding_decrypt(const AES_KEY *key, const uint8_t iv[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t *outlen);
+
+void aes_ctr_encrypt(const AES_KEY *key, uint8_t ctr[AES_BLOCK_SIZE],
+	const uint8_t *in, size_t inlen, uint8_t *out);
+#define aes_ctr_decrypt(key,ctr,in,inlen,out) aes_ctr_encrypt(key,ctr,in,inlen,out)
+
+
+#define AES_GCM_IV_MIN_SIZE		1
+#define AES_GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
+#define AES_GCM_IV_DEFAULT_BITS		96
+#define AES_GCM_IV_DEFAULT_SIZE		12
+
+#define AES_GCM_MIN_AAD_SIZE		0
+#define AES_GCM_MAX_AAD_SIZE		((uint64_t)(1 << (64-3)))
+
+#define AES_GCM_MIN_PLAINTEXT_SIZE	0
+#define AES_GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
+
+#define AES_GCM_MAX_TAG_SIZE		16
+
+int aes_gcm_encrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t taglen, uint8_t *tag);
+int aes_gcm_decrypt(const AES_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/api.h

@@ -0,0 +1,22 @@
+/*
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#ifndef GMSSL_API_H
+#define GMSSL_API_H
+
+
+#ifdef WIN32
+#define _gmssl_export  __declspec(dllexport)
+#else
+// use -fvisibility=hidden to change the "default" behavior
+#define _gmssl_export  __attribute__((visibility("default")))
+#endif
+
+
+#endif

GmSSL-3.1.0/include/gmssl/asn1.h

@@ -0,0 +1,301 @@
+/*
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_ASN1_H
+#define GMSSL_ASN1_H
+
+#include <time.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+#if __cplusplus
+extern "C" {
+#endif
+
+
+
+#define ASN1_TAG_UNIVERSAL		0x00
+#define ASN1_TAG_APPLICATION		0x40
+#define ASN1_TAG_CONTENT_SPECIFIC	0x80
+#define ASN1_TAG_PRIVATE		0xC0
+#define ASN1_TAG_PRIMITIVE		0x00
+#define ASN1_TAG_CONSTRUCTED		0x20
+
+#define ASN1_TAG_IMPLICIT(index)	(ASN1_TAG_CONTENT_SPECIFIC|(index))
+#define ASN1_TAG_EXPLICIT(index)	ASN1_TAG_IMPLICIT(ASN1_TAG_CONSTRUCTED|(index))
+
+
+#define ASN1_FMT_FULL	0x01
+
+
+enum ASN1_TAG {
+	ASN1_TAG_BOOLEAN		= 1,
+	ASN1_TAG_INTEGER		= 2,
+	ASN1_TAG_BIT_STRING		= 3,
+	ASN1_TAG_OCTET_STRING		= 4,
+	ASN1_TAG_NULL			= 5,
+	ASN1_TAG_OBJECT_IDENTIFIER	= 6,
+	ASN1_TAG_ObjectDescriptor	= 7,
+	ASN1_TAG_EXTERNAL		= 8,
+	ASN1_TAG_REAL			= 9,
+	ASN1_TAG_ENUMERATED		= 10, // 0x0A
+	ASN1_TAG_EMBEDDED		= 11, // 0x0B
+	ASN1_TAG_UTF8String		= 12, // 0x0C
+	ASN1_TAG_RELATIVE_OID		= 13, // 0x0D
+	ASN1_TAG_NumericString		= 18, // 0x12
+	ASN1_TAG_PrintableString	= 19, // 0x13, printable subset of ascii
+	ASN1_TAG_TeletexString		= 20, // 0x14, T61String
+	ASN1_TAG_VideotexString		= 21, // 0x15
+	ASN1_TAG_IA5String		= 22, // 0x16, 7-bit ascii
+	ASN1_TAG_UTCTime		= 23, // 0x17
+	ASN1_TAG_GeneralizedTime	= 24, // 0x18
+	ASN1_TAG_GraphicString		= 25, // 0x19
+	ASN1_TAG_VisibleString		= 26, // 0x20
+	ASN1_TAG_GeneralString		= 27, // 0x21
+	ASN1_TAG_UniversalString	= 28, // 0x22
+	ASN1_TAG_CHARACTER_STRING	= 29, // 0x23
+	ASN1_TAG_BMPString		= 30, // 0x24, 2-byte unicode with zeros
+	ASN1_TAG_SEQUENCE		= 0x30,
+	ASN1_TAG_SET			= 0x31,
+	ASN1_TAG_EXPLICIT		= 0xa0,
+};
+
+
+const char *asn1_tag_name(int tag);
+int asn1_tag_is_cstring(int tag);
+int asn1_tag_to_der(int tag, uint8_t **out, size_t *outlen);
+int asn1_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
+int asn1_tag_from_der_readonly(int *tag, const uint8_t **in, size_t *inlen); // read the next tag without changing *in,*inlen
+int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen);
+int asn1_length_is_zero(size_t len);
+int asn1_length_le(size_t len1, size_t len2); // less than
+int asn1_data_to_der(const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_data_from_der(const uint8_t **d, size_t dlen, const uint8_t **in, size_t *inlen);
+
+int asn1_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+int asn1_nonempty_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_nonempty_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
+int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV
+
+#define ASN1_TRUE 0xff
+#define ASN1_FALSE 0x00
+
+const char *asn1_boolean_name(int val);
+int asn1_boolean_from_name(int *val, const char *name);
+int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen);
+int asn1_boolean_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen);
+#define asn1_boolean_to_der(val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_BOOLEAN,val,out,outlen)
+#define asn1_boolean_from_der(val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_BOOLEAN,val,in,inlen)
+#define asn1_implicit_boolean_to_der(i,val,out,outlen) asn1_boolean_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_boolean_from_der(i,val,in,inlen) asn1_boolean_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
+
+// asn1_integer_ 不支持负数编解码
+int asn1_integer_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_integer_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_integer_to_der(d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_INTEGER,d,dlen,out,outlen)
+#define asn1_integer_from_der(d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_INTEGER,d,dlen,in,inlen)
+#define asn1_implicit_integer_to_der(i,d,dlen,out,outlen) asn1_integer_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_integer_from_der(i,d,dlen,in,inlen) asn1_integer_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+// asn1_int_ 只支持小的无符号整数的编解码，不支持负数
+int asn1_int_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen); // 当 val == -1 时，不输出，返回 0
+int asn1_int_from_der_ex(int tag, int *val, const uint8_t **in, size_t *inlen); // 不支持负数，返回0时 *val 设置为 -1
+#define asn1_int_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_INTEGER,val,out,outlen)
+#define asn1_int_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_INTEGER,val,in,inlen)
+#define asn1_implicit_int_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_int_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
+
+// 比特长度不必须为8的整数倍
+int asn1_bit_string_to_der_ex(int tag, const uint8_t *d, size_t nbits, uint8_t **out, size_t *outlen);
+int asn1_bit_string_from_der_ex(int tag, const uint8_t **d, size_t *nbits, const uint8_t **in, size_t *inlen);
+#define asn1_bit_string_to_der(d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_BIT_STRING,d,nbits,out,outlen)
+#define asn1_bit_string_from_der(d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_BIT_STRING,d,nbits,in,inlen)
+#define asn1_implicit_bit_string_to_der(i,d,nbits,out,outlen) asn1_bit_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,out,outlen)
+#define asn1_implicit_bit_string_from_der(i,d,nbits,in,inlen) asn1_bit_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,nbits,in,inlen)
+
+// 比特长度必须为8的整数倍，因此使用字节长度
+int asn1_bit_octets_to_der_ex(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_bit_octets_from_der_ex(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_bit_octets_to_der(d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_BIT_STRING,d,dlen,out,outlen)
+#define asn1_bit_octets_from_der(d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_BIT_STRING,d,dlen,in,inlen)
+#define asn1_implicit_bit_octets_to_der(i,d,dlen,out,outlen) asn1_bit_octets_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_bit_octets_from_der(i,d,dlen,in,inlen) asn1_bit_octets_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+// bits == -1 不编码，只支持较少的比特数量
+int asn1_bits_to_der_ex(int tag, int bits, uint8_t **out, size_t *outlen);
+int asn1_bits_from_der_ex(int tag, int *bits, const uint8_t **in, size_t *inlen);
+#define asn1_bits_to_der(bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_BIT_STRING,bits,out,outlen)
+#define asn1_bits_from_der(bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_BIT_STRING,bits,in,inlen)
+#define asn1_implicit_bits_to_der(i,bits,out,outlen) asn1_bits_to_der_ex(ASN1_TAG_IMPLICIT(i),bits,out,outlen)
+#define asn1_implicit_bits_from_der(i,bits,in,inlen) asn1_bits_from_der_ex(ASN1_TAG_IMPLICIT(i),bits,in,inlen)
+// names[i]对应第i个比特
+int asn1_bits_print(FILE *fp, int fmt, int ind, const char *label, const char **names, size_t names_cnt, int bits);
+
+#define asn1_octet_string_to_der_ex(tag,d,dlen,out,outlen) asn1_type_to_der(tag,d,dlen,out,outlen)
+#define asn1_octet_string_from_der_ex(tag,d,dlen,in,inlen) asn1_type_from_der(tag,d,dlen,in,inlen)
+#define asn1_octet_string_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_OCTET_STRING,d,dlen,out,outlen)
+#define asn1_octet_string_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_OCTET_STRING,d,dlen,in,inlen)
+#define asn1_implicit_octet_string_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_octet_string_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+const char *asn1_null_name(void);
+int asn1_null_to_der(uint8_t **out, size_t *outlen);
+int asn1_null_from_der(const uint8_t **in, size_t *inlen);
+
+#define ASN1_OID_MIN_NODES 2
+#define ASN1_OID_MAX_NODES 32
+#define ASN1_OID_MIN_OCTETS 1
+#define ASN1_OID_MAX_OCTETS (1 + (ASN1_OID_MAX_NODES - 2) * 5)
+int asn1_object_identifier_to_octets(const uint32_t *nodes, size_t nodes_cnt, uint8_t *out, size_t *outlen);
+int asn1_object_identifier_from_octets(uint32_t *nodes, size_t *nodes_cnt, const uint8_t *in, size_t inlen);
+
+int asn1_object_identifier_to_der_ex(int tag, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen);
+int asn1_object_identifier_from_der_ex(int tag, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen);
+#define asn1_object_identifier_to_der(nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,out,outlen)
+#define asn1_object_identifier_from_der(nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_OBJECT_IDENTIFIER,nodes,nodes_cnt,in,inlen)
+#define asn1_implicit_object_identifier_to_der(i,nodes,nodes_cnt,out,outlen) asn1_object_identifier_to_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,out,outlen)
+#define asn1_implicit_object_identifier_from_der(i,nodes,nodes_cnt,in,inlen) asn1_object_identifier_from_der_ex(ASN1_TAG_IMPLICIT(i),nodes,nodes_cnt,in,inlen)
+int asn1_object_identifier_equ(const uint32_t *a, size_t a_cnt, const uint32_t *b, size_t b_cnt);
+int asn1_object_identifier_print(FILE *fp, int fmt, int ind, const char *label, const char *name,
+	const uint32_t *nodes, size_t nodes_cnt);
+
+typedef struct {
+	int oid;
+	char *name;
+	uint32_t *nodes;
+	size_t nodes_cnt;
+	int flags;
+	char *description;
+} ASN1_OID_INFO;
+
+const ASN1_OID_INFO *asn1_oid_info_from_name(const ASN1_OID_INFO *infos, size_t count, const char *name);
+const ASN1_OID_INFO *asn1_oid_info_from_oid(const ASN1_OID_INFO *infos, size_t count, int oid);
+// 如果一个正确解析的OID并不在infos列表中，那么仍然返回1，但是调用方必须检查返回的info是否为空
+int asn1_oid_info_from_der_ex(const ASN1_OID_INFO **info, uint32_t *nodes, size_t *nodes_cnt,
+	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
+int asn1_oid_info_from_der(const ASN1_OID_INFO **info,
+	const ASN1_OID_INFO *infos, size_t count, const uint8_t **in, size_t *inlen);
+
+#define asn1_enumerated_to_der_ex(tag,val,out,outlen) asn1_int_to_der_ex(tag,val,out,outlen)
+#define asn1_enumerated_from_der_ex(tag,val,in,inlen) asn1_int_from_der_ex(tag,val,in,inlen)
+#define asn1_enumerated_to_der(val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_ENUMERATED,val,out,outlen)
+#define asn1_enumerated_from_der(val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_ENUMERATED,val,in,inlen)
+#define asn1_implicit_enumerated_to_der(i,val,out,outlen) asn1_int_to_der_ex(ASN1_TAG_IMPLICIT(i),val,out,outlen)
+#define asn1_implicit_enumerated_from_der(i,val,in,inlen) asn1_int_from_der_ex(ASN1_TAG_IMPLICIT(i),val,in,inlen)
+
+int asn1_string_is_utf8_string(const char *d, size_t dlen);
+int asn1_utf8_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_utf8_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_utf8_string_to_der(d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_UTF8String,d,dlen,out,outlen)
+#define asn1_utf8_string_from_der(d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_UTF8String,d,dlen,in,inlen)
+#define asn1_implicit_utf8_string_to_der(i,d,dlen,out,outlen) asn1_utf8_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_utf8_string_from_der(i,d,dlen,in,inlen) asn1_utf8_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+int asn1_string_is_printable_string(const char *d, size_t dlen);
+int asn1_printable_string_case_ignore_match(const char *a, size_t alen, const char *b, size_t blen);
+int asn1_printable_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_printable_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_printable_string_to_der(d,dlen,out,outlen)	asn1_printable_string_to_der_ex(ASN1_TAG_PrintableString,d,dlen,out,outlen)
+#define asn1_printable_string_from_der(d,dlen,in,inlen)	asn1_printable_string_from_der_ex(ASN1_TAG_PrintableString,d,dlen,in,inlen)
+#define asn1_implicit_printable_string_to_der(i,d,dlen,out,outlen) asn1_printable_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_printable_string_from_der(i,d,dlen,in,inlen) asn1_printable_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+int asn1_string_is_ia5_string(const char *d, size_t dlen);
+int asn1_ia5_string_to_der_ex(int tag, const char *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_ia5_string_from_der_ex(int tag, const char **d, size_t *dlen, const uint8_t **in, size_t *inlen);
+#define asn1_ia5_string_to_der(d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IA5String,d,dlen,out,outlen)
+#define asn1_ia5_string_from_der(d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IA5String,d,dlen,in,inlen)
+#define asn1_implicit_ia5_string_to_der(i,d,dlen,out,outlen) asn1_ia5_string_to_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_ia5_string_from_der(i,d,dlen,in,inlen) asn1_ia5_string_from_der_ex(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+int asn1_string_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
+
+#define ASN1_UTC_TIME_STRLEN		(sizeof("YYMMDDHHMMSSZ")-1)
+#define ASN1_GENERALIZED_TIME_STRLEN	(sizeof("YYYYMMDDHHMMSSZ")-1)
+#define ASN1_GENERALIZED_TIME_MAX_SIZE	(2 + ASN1_GENERALIZED_TIME_STRLEN)
+
+int asn1_time_to_str(int utc_time, time_t timestamp, char *str);
+int asn1_time_from_str(int utc_time, time_t *timestamp, const char *str);
+
+int asn1_utc_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
+int asn1_utc_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
+#define asn1_utc_time_to_der(tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_UTCTime,tv,out,outlen)
+#define asn1_utc_time_from_der(tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_UTCTime,tv,in,inlen)
+#define asn1_implicit_utc_time_to_der(i,tv,out,outlen) asn1_utc_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
+#define asn1_implicit_utc_time_from_der(i,tv,in,inlen) asn1_utc_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
+
+int asn1_generalized_time_to_der_ex(int tag, time_t tv, uint8_t **out, size_t *outlen);
+int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, size_t *inlen);
+#define asn1_generalized_time_to_der(tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_GeneralizedTime,tv,out,outlen)
+#define asn1_generalized_time_from_der(tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_GeneralizedTime,tv,in,inlen)
+#define asn1_implicit_generalized_time_to_der(i,tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
+#define asn1_implicit_generalized_time_from_der(i,tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)
+
+// BasicConstraints might be an empty sequence in entity certificates
+#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
+#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
+#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+
+#define asn1_sequence_of_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
+#define asn1_sequence_of_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
+int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
+int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, size_t max_nums, const uint8_t **in, size_t *inlen);
+int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+#define asn1_set_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
+#define asn1_set_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
+#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+
+#define asn1_set_of_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
+#define asn1_set_of_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
+
+#define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
+
+int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);
+#define asn1_implicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
+
+#define asn1_octet_string_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_OCTET_STRING,dlen,out,outlen)
+
+#define asn1_sequence_header_to_der_ex(tag,dlen,out,outlen) asn1_header_to_der(tag,dlen,out,outlen)
+#define asn1_sequence_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SEQUENCE,dlen,out,outlen)
+#define asn1_implicit_sequence_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
+
+#define asn1_set_header_to_der(dlen,out,outlen) asn1_header_to_der(ASN1_TAG_SET,dlen,out,outlen)
+#define asn1_implicit_set_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
+
+#define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)
+
+#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+
+// d,dlen 是 SEQUENCE OF, SET OF 中的值
+int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt);
+int asn1_types_get_item_by_index(const uint8_t *d, size_t dlen, int tag,
+	int index, const uint8_t **item_d, size_t *item_dlen);
+
+
+
+
+
+int asn1_check(int expr);
+
+
+#if __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/base64.h

@@ -0,0 +1,72 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_BASE64_H
+#define GMSSL_BASE64_H
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+BASE64 Public API
+
+	BASE64_CTX
+	base64_encode_init
+	base64_encode_update
+	base64_encode_finish
+	base64_decode_init
+	base64_decode_update
+	base64_decode_finish
+
+*/
+
+
+typedef struct {
+    /* number saved in a partial encode/decode */
+    int num;
+    /*
+     * The length is either the output line length (in input bytes) or the
+     * shortest input line length that is ok.  Once decoding begins, the
+     * length is adjusted up each time a longer line is decoded
+     */
+    int length;
+    /* data to encode */
+    unsigned char enc_data[80];
+    /* number read on current line */
+    int line_num;
+    int expect_nl;
+} BASE64_CTX;
+
+# define BASE64_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
+# define BASE64_DECODE_LENGTH(l)    ((l+3)/4*3+80)
+
+
+void base64_encode_init(BASE64_CTX *ctx);
+int  base64_encode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
+void base64_encode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
+
+void base64_decode_init(BASE64_CTX *ctx);
+int  base64_decode_update(BASE64_CTX *ctx, const uint8_t *in, int inlen, uint8_t *out, int *outlen);
+int  base64_decode_finish(BASE64_CTX *ctx, uint8_t *out, int *outlen);
+
+
+int base64_encode_block(unsigned char *t, const unsigned char *f, int dlen);
+int base64_decode_block(unsigned char *t, const unsigned char *f, int n);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/block_cipher.h

@@ -0,0 +1,74 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+
+#ifndef GMSSL_BLOCK_CIPHER_H
+#define GMSSL_BLOCK_CIPHER_H
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/aes.h>
+#include <gmssl/sm4.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define BLOCK_CIPHER_BLOCK_SIZE		16
+#define BLOCK_CIPHER_MIN_KEY_SIZE	16
+#define BLOCK_CIPHER_MAX_KEY_SIZE	32
+
+
+typedef struct BLOCK_CIPHER BLOCK_CIPHER;
+typedef struct BLOCK_CIPHER_KEY BLOCK_CIPHER_KEY;
+
+struct BLOCK_CIPHER_KEY {
+	union {
+		SM4_KEY sm4_key;
+		AES_KEY aes_key;
+	} u;
+	const BLOCK_CIPHER *cipher;
+};
+
+typedef void (*block_cipher_set_encrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
+typedef void (*block_cipher_set_decrypt_key_func)(BLOCK_CIPHER_KEY *key, const uint8_t *raw_key);
+typedef void (*block_cipher_encrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+typedef void (*block_cipher_decrypt_func)(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+
+struct BLOCK_CIPHER {
+	int oid;
+	size_t key_size;
+	size_t block_size;
+	block_cipher_set_encrypt_key_func set_encrypt_key;
+	block_cipher_set_decrypt_key_func set_decrypt_key;
+	block_cipher_encrypt_func encrypt;
+	block_cipher_decrypt_func decrypt;
+};
+
+const BLOCK_CIPHER *BLOCK_CIPHER_sm4(void);
+const BLOCK_CIPHER *BLOCK_CIPHER_aes128(void);
+
+const BLOCK_CIPHER *block_cipher_from_name(const char *name);
+const char *block_cipher_name(const BLOCK_CIPHER *cipher);
+int block_cipher_set_encrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
+int block_cipher_set_decrypt_key(BLOCK_CIPHER_KEY *key, const BLOCK_CIPHER *cipher, const uint8_t *raw_key);
+int block_cipher_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+int block_cipher_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *in, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/chacha20.h

@@ -0,0 +1,57 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+/* RFC 8439 "ChaCha20 and Poly1305 for IETF Protocols" */
+
+#ifndef GMSSL_CHACHA20_H
+#define GMSSL_CHACHA20_H
+
+#define CHACHA20_IS_BIG_ENDIAN	0
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <string.h>
+
+#define CHACHA20_KEY_BITS	256
+#define CHACHA20_NONCE_BITS	96
+#define CHACHA20_COUNTER_BITS	32
+
+#define CHACHA20_KEY_SIZE	(CHACHA20_KEY_BITS/8)
+#define CHACHA20_NONCE_SIZE	(CHACHA20_NONCE_BITS/8)
+#define CHACHA20_COUNTER_SIZE	(CHACHA20_COUNTER_BITS/8)
+
+#define CHACHA20_KEY_WORDS	(CHACHA20_KEY_SIZE/sizeof(uint32_t))
+#define CHACHA20_NONCE_WORDS	(CHACHA20_NONCE_SIZE/sizeof(uint32_t))
+#define CHACHA20_COUNTER_WORDS	(CHACHA20_COUNTER_SIZE/sizeof(uint32_t))
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct {
+	uint32_t d[16];
+} CHACHA20_STATE;
+
+
+void chacha20_init(CHACHA20_STATE *state,
+	const uint8_t key[CHACHA20_KEY_SIZE],
+	const uint8_t nonce[CHACHA20_NONCE_SIZE], uint32_t counter);
+
+void chacha20_generate_keystream(CHACHA20_STATE *state,
+	size_t counts, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/cms.h

@@ -0,0 +1,552 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+/*
+References:
+  1. GM/T 0010-2012 SM2 Cryptography Message Syntax Specification
+  2. RFC 2315 PKCS #7 Cryptographic Message Syntax Version 1.5
+  3. RFC 5652 Cryptographic Message Syntax (CMS)
+*/
+
+#ifndef GMSSL_CMS_H
+#define GMSSL_CMS_H
+
+
+#include <string.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <gmssl/x509.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum {
+	CMS_version_v1 = 1,
+};
+
+
+/*
+ContentType:
+	OID_cms_data
+	OID_cms_signed_data
+	OID_cms_enveloped_data
+	OID_cms_signed_and_enveloped_data
+	OID_cms_encrypted_data
+	OID_cms_key_agreement_info
+*/
+const char *cms_content_type_name(int oid);
+int cms_content_type_from_name(const char *name);
+int cms_content_type_to_der(int oid, uint8_t **out, size_t *outlen);
+int cms_content_type_from_der(int *oid, const uint8_t **in, size_t *inlen);
+
+/*
+ContentInfo ::= SEQUENCE {
+	contentType	OBJECT IDENTIFIER,
+	content		[0] EXPLICIT ANY OPTIONAL }
+*/
+int cms_content_info_header_to_der(
+	int content_type, size_t content_len,
+	uint8_t **out, size_t *outlen);
+int cms_content_info_to_der(
+	int content_type,
+	const uint8_t *content, size_t content_len,
+	uint8_t **out, size_t *outlen);
+int cms_content_info_from_der(
+	int *content_type,
+	const uint8_t **content, size_t *content_len, // 这里获得的是完整的TLV
+	const uint8_t **in, size_t *inlen);
+int cms_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+Data ::= OCTET STRING
+*/
+#define cms_data_to_der(d,dlen,out,outlen) asn1_octet_string_to_der(d,dlen,out,outlen)
+#define cms_data_from_der(d,dlen,in,inlen) asn1_octet_string_from_der(d,dlen,in,inlen)
+#define cms_data_print(fp,fmt,ind,label,d,dlen) format_bytes(fp,fmt,ind,label,d,dlen)
+
+/*
+EncryptedContentInfo ::= SEQUENCE {
+	contentType			OBJECT IDENTIFIER,
+	contentEncryptionAlgorithm	AlgorithmIdentifier,
+	encryptedContent		[0] IMPLICIT OCTET STRING OPTIONAL,
+	sharedInfo1			[1] IMPLICIT OCTET STRING OPTIONAL,
+	sharedInfo2			[2] IMPLICIT OCTET STRING OPTIONAL }
+*/
+int cms_enced_content_info_to_der(
+	int content_type,
+	int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len,
+	const uint8_t *enced_content, size_t enced_content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_enced_content_info_from_der(
+	int *content_type,
+	int *enc_algor, const uint8_t **enc_iv, size_t *enc_iv_len,
+	const uint8_t **enced_content, size_t *enced_content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+int cms_enced_content_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_enced_content_info_encrypt_to_der(
+	int enc_algor,
+	const uint8_t *key, size_t keylen,
+	const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_enced_content_info_decrypt_from_der(
+	int *enc_algor,
+	const uint8_t *key, size_t keylen,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+
+/*
+EncryptedData ::= SEQUENCE {
+	version			INTEGER (1),
+	encryptedContentInfo	EncryptedContentInfo }
+*/
+int cms_encrypted_data_to_der(
+	int version,
+	int content_type,
+	int enc_algor, const uint8_t *iv, size_t ivlen,
+	const uint8_t *enced_content, size_t enced_content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_encrypted_data_from_der(
+	int *version,
+	int *content_type,
+	int *enc_algor, const uint8_t **iv, size_t *ivlen,
+	const uint8_t **enced_content, size_t *enced_content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+int cms_encrypted_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_encrypted_data_encrypt_to_der(
+	int enc_algor,
+	const uint8_t *key, size_t keylen,
+	const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_encrypted_data_decrypt_from_der(
+	int *enc_algor,
+	const uint8_t *key, size_t keylen,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+
+/*
+IssuerAndSerialNumber ::= SEQUENCE {
+	isser		Name,
+	serialNumber	INTEGER }
+*/
+int cms_issuer_and_serial_number_to_der(
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	uint8_t **out, size_t *outlen);
+int cms_issuer_and_serial_number_from_der(
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial_number, size_t *serial_number_len,
+	const uint8_t **in, size_t *inlen);
+int cms_issuer_and_serial_number_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+SignerInfo ::= SEQUENCE {
+	version				INTEGER (1),
+	issuerAndSerialNumber		IssuerAndSerialNumber,
+	digestAlgorithm			AlgorithmIdentifier,
+	authenticatedAttributes		[0] IMPLICIT SET OF Attribute OPTINOAL,
+	digestEncryptionAlgorithm	AlgorithmIdentifier,
+	encryptedDigest			OCTET STRING,
+	unauthenticatedAttributes       [1] IMPLICIT SET OF Attribute OPTINOAL, }
+*/
+int cms_signer_info_to_der(
+	int version,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	int digest_algor,
+	const uint8_t *authed_attrs, size_t authed_attrs_len,
+	int signature_algor,
+	const uint8_t *enced_digest, size_t enced_digest_len,
+	const uint8_t *unauthed_attrs, size_t unauthed_attrs_len,
+	uint8_t **out, size_t *outlen);
+int cms_signer_info_from_der(
+	int *version,
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial_number, size_t *serial_number_len,
+	int *digest_algor,
+	const uint8_t **authed_attrs, size_t *authed_attrs_len,
+	int *signature_algor,
+	const uint8_t **enced_digest, size_t *enced_digest_len,
+	const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len,
+	const uint8_t **in, size_t *inlen);
+int cms_signer_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_signer_info_sign_to_der(
+	const SM3_CTX *sm3_ctx, const SM2_KEY *sm2_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	const uint8_t *authed_attrs, size_t authed_attrs_len,
+	const uint8_t *unauthed_attrs, size_t unauthed_attrs_len,
+	uint8_t **out, size_t *outlen);
+int cms_signer_info_verify_from_der(
+	const SM3_CTX *sm3_ctx, const uint8_t *certs, size_t certslen,
+	const uint8_t **cert, size_t *certlen,
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial, size_t *serial_len,
+	const uint8_t **authed_attrs, size_t *authed_attrs_len,
+	const uint8_t **unauthed_attrs, size_t *unauthed_attrs_len,
+	const uint8_t **in, size_t *inlen);
+/*
+SignerInfos ::= SET OF SignerInfo;
+*/
+int cms_signer_infos_add_signer_info(
+	uint8_t *d, size_t *dlen, size_t maxlen,
+	const SM3_CTX *sm3_ctx, const SM2_KEY *sign_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	const uint8_t *authed_attrs, size_t authed_attrs_len,
+	const uint8_t *unauthed_attrs, size_t unauthed_attrs_len);
+#define cms_signer_infos_to_der(d,dlen,out,outlen) asn1_set_to_der(d,dlen,out,outlen)
+#define cms_signer_infos_from_der(d,dlen,in,inlen) asn1_set_from_der(d,dlen,in,inlen)
+int cms_signer_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_digest_algors_to_der(const int *digest_algors, size_t digest_algors_cnt, uint8_t **out, size_t *outlen);
+int cms_digest_algors_from_der(int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
+	const uint8_t **in, size_t *inlen);
+int cms_digest_algors_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+SignedData ::= SEQUENCE {
+	version			INTEGER (1),
+	digestAlgorithms	SET OF AlgorithmIdentifier,
+	contentInfo		ContentInfo,
+	certificates		[0] IMPLICIT SET OF Certificate OPTIONAL,
+	crls			[1] IMPLICIT SET OF CertificateRevocationList OPTIONAL,
+	signerInfos		SET OF SignerInfo }
+*/
+int cms_signed_data_to_der(
+	int version,
+	const int *digest_algors, size_t digest_algors_cnt,
+	const int content_type, const uint8_t *content, const size_t content_len,
+	const uint8_t *certs, size_t certs_len,
+	const uint8_t *crls, const size_t crls_len,
+	const uint8_t *signer_infos, size_t signer_infos_len,
+	uint8_t **out, size_t *outlen);
+int cms_signed_data_from_der(
+	int *version,
+	int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
+	int *content_type, const uint8_t **content, size_t *content_len,
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **in, size_t *inlen);
+int cms_signed_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+typedef struct {
+	uint8_t *certs;
+	size_t certs_len;
+	SM2_KEY *sign_key;
+} CMS_CERTS_AND_KEY;
+
+int cms_signed_data_sign_to_der(
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
+	int content_type, const uint8_t *data, size_t datalen, // 当OID_cms_data时为raw data
+	const uint8_t *crls, size_t crls_len, // 可以为空
+	uint8_t **out, size_t *outlen);
+int cms_signed_data_verify_from_der(
+	const uint8_t *extra_certs, size_t extra_certs_len,
+	const uint8_t *extra_crls, size_t extra_crls_len,
+	int *content_type, const uint8_t **content, size_t *content_len, // 是否应该返回raw data呢？			
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **in, size_t *inlen);
+
+
+/*
+RecipientInfo ::= SEQUENCE {
+	version				INTEGER (1),
+	issuerAndSerialNumber		IssuerAndSerialNumber,
+	keyEncryptionAlgorithm		AlgorithmIdentifier,
+	encryptedKey			OCTET STRING -- DER-encoding of SM2Cipher
+}
+由于encryptedKey的类型为SM2Cipher, 而SM2Cipher中有2个INTEGER，因此长度是不固定的。
+因此不能预先确定输出长度
+*/
+int cms_recipient_info_to_der(
+	int version,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	int public_key_enc_algor,
+	const uint8_t *enced_key, size_t enced_key_len,
+	uint8_t **out, size_t *outlen);
+int cms_recipient_info_from_der(
+	int *version,
+	const uint8_t **issuer, size_t *issuer_len,
+	const uint8_t **serial_number, size_t *serial_number_len,
+	int *pke_algor, const uint8_t **params, size_t *params_len,// SM2加密只使用SM3，没有默认参数，但是ECIES可能有
+	const uint8_t **enced_key, size_t *enced_key_len,
+	const uint8_t **in, size_t *inlen);
+int cms_recipient_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+int cms_recipient_info_encrypt_to_der(
+	const SM2_KEY *public_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial, size_t serial_len,
+	const uint8_t *in, size_t inlen,
+	uint8_t **out, size_t *outlen);
+int cms_recipient_info_decrypt_from_der(
+	const SM2_KEY *sm2_key,
+	const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
+	const uint8_t *rcpt_serial, size_t rcpt_serial_len,
+	uint8_t *out, size_t *outlen, size_t maxlen,
+	const uint8_t **in, size_t *inlen);
+
+int cms_recipient_infos_add_recipient_info(
+	uint8_t *d, size_t *dlen, size_t maxlen,
+	const SM2_KEY *public_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial, size_t serial_len,
+	const uint8_t *in, size_t inlen);
+#define cms_recipient_infos_to_der(d,dlen,out,outlen) asn1_set_to_der(d,dlen,out,outlen)
+#define cms_recipient_infos_from_der(d,dlen,in,inlen) asn1_set_from_der(d,dlen,in,inlen)
+int cms_recipient_infos_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+EnvelopedData ::= SEQUENCE {
+	version			Version,
+	recipientInfos		SET OF RecipientInfo,
+	encryptedContentInfo	EncryptedContentInfo }
+*/
+int cms_enveloped_data_to_der(
+	int version,
+	const uint8_t *rcpt_infos, size_t rcpt_infos_len,
+	int content_type,
+	int enc_algor, const uint8_t *enc_iv, size_t enc_iv_len,
+	const uint8_t *enced_content, size_t enced_content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_enveloped_data_from_der(
+	int *version,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	const uint8_t **enced_content_info, size_t *enced_content_info_len,
+	const uint8_t **in, size_t *inlen);
+int cms_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_enveloped_data_encrypt_to_der(
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len,
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_enveloped_data_decrypt_from_der(
+	const SM2_KEY *sm2_key,
+	const uint8_t *issuer, size_t issuer_len,
+	const uint8_t *serial_number, size_t serial_number_len,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **in, size_t *inlen);
+
+/*
+SignedAndEnvelopedData ::= SEQUENCE {
+	version			INTEGER (1),
+	recipientInfos		SET OF RecipientInfo,
+	digestAlgorithms	SET OF AlgorithmIdentifier,
+	encryptedContentInfo	EncryptedContentInfo,
+	certificates		[0] IMPLICIT SET OF Certificate OPTIONAL,
+	crls			[1] IMPLICIT SET OF CertificateRevocationList OPTIONAL,
+	signerInfos		SET OF SignerInfo }
+*/
+int cms_signed_and_enveloped_data_to_der(
+	int version,
+	const uint8_t *rcpt_infos, size_t rcpt_infos_len,
+	const int *digest_algors, size_t digest_algors_cnt,
+	int content_type,
+	int enc_algor, const uint8_t *iv, size_t ivlen,
+	const uint8_t *enced_content, size_t enced_content_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	const uint8_t *certs, size_t certs_len,
+	const uint8_t *crls, size_t crls_len,
+	const uint8_t *signer_infos, size_t signer_infos_len,
+	uint8_t **out, size_t *outlen);
+int cms_signed_and_enveloped_data_from_der(
+	int *version,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	int *digest_algors, size_t *digest_algors_cnt, size_t max_digest_algors,
+	const uint8_t **enced_content_info, size_t *enced_content_info_len,
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **in, size_t *inlen);
+int cms_signed_and_enveloped_data_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int cms_signed_and_enveloped_data_encipher_to_der(
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len,
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *signers_crls, size_t signers_crls_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len,
+	uint8_t **out, size_t *outlen);
+int cms_signed_and_enveloped_data_decipher_from_der(
+	const SM2_KEY *rcpt_key,
+	const uint8_t *rcpt_issuer, size_t rcpt_issuer_len,
+	const uint8_t *rcpt_serial, size_t rcpt_serial_len,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **prcpt_infos, size_t *prcpt_infos_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len,
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **psigner_infos, size_t *psigner_infos_len,
+	const uint8_t *extra_certs, size_t extra_certs_len,
+	const uint8_t *extra_crls, size_t extra_crls_len,
+	const uint8_t **in, size_t *inlen);
+
+/*
+KeyAgreementInfo ::= SEQUENCE {
+	version			INTEGER (1),
+	tempPublicKeyR		SM2PublicKey,
+	userCertificate		Certificate,
+	userID			OCTET STRING }
+*/
+int cms_key_agreement_info_to_der(
+	int version,
+	const SM2_KEY *temp_public_key_r,
+	const uint8_t *user_cert, size_t user_cert_len,
+	const uint8_t *user_id, size_t user_id_len,
+	uint8_t **out, size_t *outlen);
+int cms_key_agreement_info_from_der(
+	int *version,
+	SM2_KEY *temp_public_key_r,
+	const uint8_t **user_cert, size_t *user_cert_len,
+	const uint8_t **user_id, size_t *user_id_len,
+	const uint8_t **in, size_t *inlen);
+int cms_key_agreement_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+
+// 下面是公开API
+// 公开API的设计考虑：
+// 1. 不需要调用其他函数
+// 2. 在逻辑上容易理解
+// 3. 将cms,cmslen看做对象
+
+
+// 生成ContentInfo, type == data
+int cms_set_data(uint8_t *cms, size_t *cmslen,
+	const uint8_t *d, size_t dlen);
+
+int cms_encrypt(
+	uint8_t *cms, size_t *cmslen, // 输出的ContentInfo (type encryptedData)
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, // 对称加密算法、密钥和IV
+	int content_type, const uint8_t *content, size_t content_len, // 待加密的输入数据
+	const uint8_t *shared_info1, size_t shared_info1_len, // 附加信息
+	const uint8_t *shared_info2, size_t shared_info2_len);
+
+int cms_decrypt(
+	const uint8_t *cms, size_t cmslen, // 输入的ContentInfo (type encryptedData)
+	int *enc_algor, const uint8_t *key, size_t keylen, // 解密密钥（我们不知道解密算法）
+	int *content_type, uint8_t *content, size_t *content_len, // 输出的解密数据类型及数据
+	const uint8_t **shared_info1, size_t *shared_info1_len, // 附加信息
+	const uint8_t **shared_info2, size_t *shared_info2_len);
+
+int cms_sign(
+	uint8_t *cms, size_t *cms_len,
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt, // 签名者的签名私钥和证书
+	int content_type, const uint8_t *content, size_t content_len, // 待签名的输入数据
+	const uint8_t *crls, size_t crls_len);
+
+int cms_verify(
+	const uint8_t *cms, size_t cms_len,
+	const uint8_t *extra_certs, size_t extra_certs_len,
+	const uint8_t *extra_crls, size_t extra_crls_len,
+	int *content_type, const uint8_t **content, size_t *content_len,
+	const uint8_t **certs, size_t *certs_len,
+	const uint8_t **crls, size_t *crls_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len);
+
+int cms_envelop(
+	uint8_t *cms, size_t *cms_len,
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len, // 接收方证书，注意这个参数的类型可以容纳多个证书，但是只有在一个接受者时对调用方最方便
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen, // 对称加密算法及参数
+	int content_type, const uint8_t *content, size_t content_len, // 待加密的输入数据
+	const uint8_t *shared_info1, size_t shared_info1_len, // 附加输入信息
+	const uint8_t *shared_info2, size_t shared_info2_len);
+
+int cms_deenvelop(
+	const uint8_t *cms, size_t cms_len,
+	const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len, // 接收方的解密私钥和对应的证书，注意只需要一个解密方
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len, // 解析得到，用于显示
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len);
+
+int cms_sign_and_envelop(
+	uint8_t *cms, size_t *cms_len,
+	const CMS_CERTS_AND_KEY *signers, size_t signers_cnt,
+	const uint8_t *rcpt_certs, size_t rcpt_certs_len,
+	int enc_algor, const uint8_t *key, size_t keylen, const uint8_t *iv, size_t ivlen,
+	int content_type, const uint8_t *content, size_t content_len,
+	const uint8_t *signers_crls, size_t signers_crls_len,
+	const uint8_t *shared_info1, size_t shared_info1_len,
+	const uint8_t *shared_info2, size_t shared_info2_len);
+
+int cms_deenvelop_and_verify(
+	const uint8_t *cms, size_t cms_len,
+	const SM2_KEY *rcpt_key, const uint8_t *rcpt_cert, size_t rcpt_cert_len,
+	const uint8_t *extra_signer_certs, size_t extra_signer_certs_len,
+	const uint8_t *extra_signer_crls, size_t extra_signer_crls_len,
+	int *content_type, uint8_t *content, size_t *content_len,
+	const uint8_t **rcpt_infos, size_t *rcpt_infos_len,
+	const uint8_t **signer_infos, size_t *signer_infos_len,
+	const uint8_t **signer_certs, size_t *signer_certs_len,
+	const uint8_t **signer_crls, size_t *signer_crls_len,
+	const uint8_t **shared_info1, size_t *shared_info1_len,
+	const uint8_t **shared_info2, size_t *shared_info2_len);
+
+// 生成ContentInfo, type == keyAgreementInfo
+int cms_set_key_agreement_info(
+	uint8_t *cms, size_t *cms_len,
+	const SM2_KEY *temp_public_key_r,
+	const uint8_t *user_cert, size_t user_cert_len,
+	const uint8_t *user_id, size_t user_id_len);
+
+#define PEM_CMS "CMS"
+int cms_to_pem(const uint8_t *cms, size_t cms_len, FILE *fp);
+int cms_from_pem(uint8_t *cms, size_t *cms_len, size_t maxlen, FILE *fp);
+
+
+int cms_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *a, size_t alen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/des.h

@@ -0,0 +1,58 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+/* FIPS PUB 46-3 "Data Encryption Standard (DES)" */
+
+#ifndef GMSSL_DES_H
+#define GMSSL_DES_H
+
+
+#include <stdint.h>
+#include <stdlib.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define DES_KEY_BITS	56
+#define DES_BLOCK_BITS	64
+#define DES_KEY_SIZE	((DES_KEY_BITS)/7)
+#define DES_BLOCK_SIZE	(DES_BLOCK_BITS/8)
+
+#define DES_RK_BITS	48
+#define DES_RK_SIZE	(DES_RK_BITS/8)
+#define DES_ROUNDS	16
+
+#define DES_EDE_KEY_SIZE	(DES_KEY_SIZE * 3)
+
+typedef struct {
+	uint64_t rk[DES_ROUNDS];
+} DES_KEY;
+
+void des_set_encrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
+void des_set_decrypt_key(DES_KEY *key, const uint8_t raw_key[DES_KEY_SIZE]);
+void des_encrypt(DES_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
+
+
+typedef struct {
+	DES_KEY K[3];
+} DES_EDE_KEY;
+
+void des_ede_set_encrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
+void des_ede_set_decrypt_key(DES_EDE_KEY *key, const uint8_t raw_key[DES_EDE_KEY_SIZE]);
+void des_ede_encrypt(DES_EDE_KEY *key, const uint8_t in[DES_BLOCK_SIZE], uint8_t out[DES_BLOCK_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/digest.h

@@ -0,0 +1,87 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_DIGEST_H
+#define GMSSL_DIGEST_H
+
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm3.h>
+#ifdef ENABLE_BROKEN_CRYPTO
+#include <gmssl/md5.h>
+#include <gmssl/sha1.h>
+#endif
+#include <gmssl/sha2.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct DIGEST DIGEST;
+typedef struct DIGEST_CTX DIGEST_CTX;
+
+
+#define DIGEST_MAX_SIZE		64
+#define DIGEST_MAX_BLOCK_SIZE (1024/8)
+
+
+struct DIGEST_CTX {
+	union {
+		SM3_CTX sm3_ctx;
+#ifdef ENABLE_BROKEN_CRYPTO
+		MD5_CTX md5_ctx;
+		SHA1_CTX sha1_ctx;
+#endif
+		SHA224_CTX sha224_ctx;
+		SHA256_CTX sha256_ctx;
+		SHA384_CTX sha384_ctx;
+		SHA512_CTX sha512_ctx;
+	} u;
+	const DIGEST *digest;
+};
+
+struct DIGEST {
+	int oid;
+	size_t digest_size;
+	size_t block_size;
+	size_t ctx_size;
+	int (*init)(DIGEST_CTX *ctx);
+	int (*update)(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
+	int (*finish)(DIGEST_CTX *ctx, uint8_t *dgst);
+};
+
+const DIGEST *DIGEST_sm3(void);
+#ifdef ENABLE_BROKEN_CRYPTO
+const DIGEST *DIGEST_md5(void);
+const DIGEST *DIGEST_sha1(void);
+#endif
+const DIGEST *DIGEST_sha224(void);
+const DIGEST *DIGEST_sha256(void);
+const DIGEST *DIGEST_sha384(void);
+const DIGEST *DIGEST_sha512(void);
+const DIGEST *DIGEST_sha512_224(void);
+const DIGEST *DIGEST_sha512_256(void);
+
+const DIGEST *digest_from_name(const char *name);
+const char *digest_name(const DIGEST *digest);
+int digest_init(DIGEST_CTX *ctx, const DIGEST *algor);
+int digest_update(DIGEST_CTX *ctx, const uint8_t *data, size_t datalen);
+int digest_finish(DIGEST_CTX *ctx, uint8_t *dgst, size_t *dgstlen);
+int digest(const DIGEST *digest, const uint8_t *data, size_t datalen, uint8_t *dgst, size_t *dgstlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/dylib.h

@@ -0,0 +1,54 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_DYLIB_H
+#define GMSSL_DYLIB_H
+
+#include <string.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#ifdef WIN32
+
+#include <windows.h>
+
+typedef HMODULE dylib_handle_t;
+
+#define dylib_load_library(so_path)	LoadLibraryA(so_path)
+#define dylib_get_function(handle,name)	GetProcAddress(handle,name)
+#define dylib_close_library(handle)
+#define dylib_error_str()		""
+
+
+#else
+
+#include <dlfcn.h>
+
+typedef void *dylib_handle_t;
+
+#define dylib_load_library(so_path)	dlopen(so_path,RTLD_LAZY)
+#define dylib_get_function(handle,name)	dlsym(handle,name)
+#define dylib_close_library(handle)	dlclose(handle)
+#define dylib_error_str()		dlerror()
+
+
+#endif
+
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/ec.h

@@ -0,0 +1,64 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_EC_H
+#define GMSSL_EC_H
+
+
+#include <time.h>
+#include <string.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/sm2.h>
+#include <gmssl/oid.h>
+#include <gmssl/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+NamedCurve:
+	OID_sm2
+	OID_prime192v1
+	OID_prime256v1
+	OID_secp256k1
+	OID_secp384r1
+	OID_secp521r1
+*/
+const char *ec_named_curve_name(int curve);
+int ec_named_curve_from_name(const char *name);
+int ec_named_curve_to_der(int curve, uint8_t **out, size_t *outlen);
+int ec_named_curve_from_der(int *curve, const uint8_t **in, size_t *inlen);
+
+/*
+ECPoint ::= OCTET STRING -- uncompressed point
+*/
+int ec_point_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+ECPrivateKey ::= SEQUENCE {
+	version		INTEGER,	-- value MUST be (1)
+	privateKey	OCTET STRING,	-- big endian encoding of integer
+	parameters	[0] EXPLICIT OBJECT IDENTIFIER OPTIONAL, -- namedCurve
+	publicKey	[1] EXPLICIT BIT STRING OPTIONAL -- ECPoint
+}
+*/
+
+enum {
+	EC_private_key_version = 1,
+};
+
+int ec_private_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/endian.h

@@ -0,0 +1,78 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_ENDIAN_H
+#define GMSSL_ENDIAN_H
+
+
+/* Big Endian R/W */
+
+#define GETU16(p) \
+	((uint16_t)(p)[0] <<  8 | \
+	 (uint16_t)(p)[1])
+
+#define GETU32(p) \
+	((uint32_t)(p)[0] << 24 | \
+	 (uint32_t)(p)[1] << 16 | \
+	 (uint32_t)(p)[2] <<  8 | \
+	 (uint32_t)(p)[3])
+
+#define GETU64(p) \
+	((uint64_t)(p)[0] << 56 | \
+	 (uint64_t)(p)[1] << 48 | \
+	 (uint64_t)(p)[2] << 40 | \
+	 (uint64_t)(p)[3] << 32 | \
+	 (uint64_t)(p)[4] << 24 | \
+	 (uint64_t)(p)[5] << 16 | \
+	 (uint64_t)(p)[6] <<  8 | \
+	 (uint64_t)(p)[7])
+
+
+// 注意：PUTU32(buf, val++) 会出错！
+#define PUTU16(p,V) \
+	((p)[0] = (uint8_t)((V) >> 8), \
+	 (p)[1] = (uint8_t)(V))
+
+#define PUTU32(p,V) \
+	((p)[0] = (uint8_t)((V) >> 24), \
+	 (p)[1] = (uint8_t)((V) >> 16), \
+	 (p)[2] = (uint8_t)((V) >>  8), \
+	 (p)[3] = (uint8_t)(V))
+
+#define PUTU64(p,V) \
+	((p)[0] = (uint8_t)((V) >> 56), \
+	 (p)[1] = (uint8_t)((V) >> 48), \
+	 (p)[2] = (uint8_t)((V) >> 40), \
+	 (p)[3] = (uint8_t)((V) >> 32), \
+	 (p)[4] = (uint8_t)((V) >> 24), \
+	 (p)[5] = (uint8_t)((V) >> 16), \
+	 (p)[6] = (uint8_t)((V) >>  8), \
+	 (p)[7] = (uint8_t)(V))
+
+/* Little Endian R/W */
+
+#define GETU16_LE(p)	(*(const uint16_t *)(p))
+#define GETU32_LE(p)	(*(const uint32_t *)(p))
+#define GETU64_LE(p)	(*(const uint64_t *)(p))
+
+#define PUTU16_LE(p,V)	*(uint16_t *)(p) = (V)
+#define PUTU32_LE(p,V)	*(uint32_t *)(p) = (V)
+#define PUTU64_LE(p,V)	*(uint64_t *)(p) = (V)
+
+/* Rotate */
+
+#define ROL32(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#define ROL64(a,n)	(((a)<<(n))|((a)>>(64-(n))))
+
+#define ROR32(a,n)	ROL32((a),32-(n))
+#define ROR64(a,n)	ROL64(a,64-n)
+
+
+#endif

GmSSL-3.1.0/include/gmssl/error.h

@@ -0,0 +1,67 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_ERROR_H
+#define GMSSL_ERROR_H
+
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define GMSSL_FMT_BIN	1
+#define GMSSL_FMT_HEX	2
+#define GMSSL_FMT_DER	4
+#define GMSSL_FMT_PEM	8
+
+
+
+#define DEBUG 1
+
+#define warning_print() \
+	do { if (DEBUG) fprintf(stderr, "%s:%d:%s():\n",__FILE__, __LINE__, __func__); } while (0)
+
+#define error_print() \
+	do { if (DEBUG) fprintf(stderr, "%s:%d:%s():\n",__FILE__, __LINE__, __func__); } while (0)
+
+#define error_print_msg(fmt, ...) \
+	do { if (DEBUG) fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, __func__, __VA_ARGS__); } while (0)
+
+#define error_puts(str) \
+            do { if (DEBUG) fprintf(stderr, "%s: %d: %s: %s", __FILE__, __LINE__, __func__, str); } while (0)
+
+
+void print_der(const uint8_t *in, size_t inlen);
+void print_bytes(const uint8_t *in, size_t inlen);
+void print_nodes(const uint32_t *in, size_t inlen);
+
+#define FMT_CARRAY 0x80
+
+
+int format_print(FILE *fp, int format, int indent, const char *str, ...);
+int format_bytes(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
+int format_string(FILE *fp, int format, int indent, const char *str, const uint8_t *data, size_t datalen);
+
+
+
+//int tls_trace(int format, int indent, const char *str, ...);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/file.h

@@ -0,0 +1,29 @@
+/*
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#ifndef GMSSL_FILE_H
+#define GMSSL_FILE_H
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+int file_size(FILE *fp, size_t *size);
+int file_read_all(const char *file, uint8_t **out, size_t *outlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/gcm.h

@@ -0,0 +1,73 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_GCM_H
+#define GMSSL_GCM_H
+
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <gmssl/gf128.h>
+#include <gmssl/block_cipher.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define GCM_IV_MIN_SIZE		1
+#define GCM_IV_MAX_SIZE		((uint64_t)(1 << (64-3)))
+#define GCM_IV_DEFAULT_BITS	96
+#define GCM_IV_DEFAULT_SIZE	12
+
+#define GCM_MIN_AAD_SIZE	0
+#define GCM_MAX_AAD_SIZE	((uint64_t)(1 << (64-3)))
+
+#define GCM_MIN_PLAINTEXT_SIZE	0
+#define GCM_MAX_PLAINTEXT_SIZE	((((uint64_t)1 << 39) - 256) >> 3)
+
+
+#define GHASH_SIZE		(16)
+
+
+#define GCM_IS_LITTLE_ENDIAN 1
+
+
+void ghash(const uint8_t h[16], const uint8_t *aad, size_t aadlen,
+	const uint8_t *c, size_t clen, uint8_t out[16]);
+
+typedef struct {
+	gf128_t H;
+	gf128_t X;
+	size_t aadlen;
+	size_t clen;
+	uint8_t block[16];
+	size_t num;
+} GHASH_CTX;
+
+void ghash_init(GHASH_CTX *ctx, const uint8_t h[16], const uint8_t *aad, size_t aadlen);
+void ghash_update(GHASH_CTX *ctx, const uint8_t *c, size_t clen);
+void ghash_finish(GHASH_CTX *ctx, uint8_t out[16]);
+
+
+int gcm_encrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	uint8_t *out, size_t taglen, uint8_t *tag);
+
+int gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t *iv, size_t ivlen,
+	const uint8_t *aad, size_t aadlen, const uint8_t *in, size_t inlen,
+	const uint8_t *tag, size_t taglen, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/gf128.h

@@ -0,0 +1,53 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+/* GF(2^128) defined by f(x) = x^128 + x^7 + x^2 + x + 1
+ * A + B mod f(x) = a xor b
+ * A * 2 mod f(x)
+ */
+
+#ifndef GMSSL_GF128_H
+#define GMSSL_GF128_H
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//typedef unsigned __int128 gf128_t;
+
+typedef struct {
+	uint64_t hi;
+	uint64_t lo;
+} gf128_t;
+
+
+// Note: send by value is comptabile with uint128_t and sse2
+gf128_t gf128_from_hex(const char *s);
+int gf128_equ_hex(gf128_t a, const char *s);
+gf128_t gf128_zero(void);
+gf128_t gf128_add(gf128_t a, gf128_t b);
+gf128_t gf128_mul(gf128_t a, gf128_t b);
+gf128_t gf128_mul2(gf128_t a);
+gf128_t gf128_from_bytes(const uint8_t p[16]);
+void gf128_to_bytes(gf128_t a, uint8_t p[16]);
+int gf128_print(FILE *fp, int fmt ,int ind, const char *label, gf128_t a);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/hash_drbg.h

@@ -0,0 +1,79 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+/* NIST SP800-90A Rev.1 "Recommendation for Random Number Generation
+ * Using Deterministic Random Bit Generators", 10.1.1 Hash_DRBG */
+
+#ifndef GMSSL_HASH_DRBG_H
+#define GMSSL_HASH_DRBG_H
+
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/digest.h>
+
+
+/* seedlen for hash_drgb, table 2 of nist sp 800-90a rev.1 */
+#define HASH_DRBG_SM3_SEED_BITS		440 /* 55 bytes */
+#define HASH_DRBG_SHA1_SEED_BITS	440
+#define HASH_DRBG_SHA224_SEED_BITS	440
+#define HASH_DRBG_SHA512_224_SEED_BITS	440
+#define HASH_DRBG_SHA256_SEED_BITS	440
+#define HASH_DRBG_SHA512_256_SEED_BITS	440
+#define HASH_DRBG_SHA384_SEED_BITS	888 /* 110 bytes */
+#define HASH_DRBG_SHA512_SEED_BITS	888
+#define HASH_DRBG_MAX_SEED_BITS		888
+
+#define HASH_DRBG_SM3_SEED_SIZE		(HASH_DRBG_SM3_SEED_BITS/8)
+#define HASH_DRBG_SHA1_SEED_SIZE	(HASH_DRBG_SHA1_SEED_BITS/8)
+#define HASH_DRBG_SHA224_SEED_SIZE	(HASH_DRBG_SHA224_SEED_BITS/8)
+#define HASH_DRBG_SHA512_224_SEED_SIZE	(HASH_DRBG_SHA512_224_SEED_BITS/8)
+#define HASH_DRBG_SHA256_SEED_SIZE	(HASH_DRBG_SHA256_SEED_BITS/8)
+#define HASH_DRBG_SHA512_256_SEED_SIZE	(HASH_DRBG_SHA512_256_SEED_BITS/8)
+#define HASH_DRBG_SHA384_SEED_SIZE	(HASH_DRBG_SHA384_SEED_BITS/8)
+#define HASH_DRBG_SHA512_SEED_SIZE	(HASH_DRBG_SHA512_SEED_BITS/8)
+#define HASH_DRBG_MAX_SEED_SIZE		(HASH_DRBG_MAX_SEED_BITS/8)
+
+#define HASH_DRBG_RESEED_INTERVAL	((uint64_t)1 << 48)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct {
+	const DIGEST *digest;
+	uint8_t V[HASH_DRBG_MAX_SEED_SIZE];
+	uint8_t C[HASH_DRBG_MAX_SEED_SIZE];
+	size_t seedlen;
+	uint64_t reseed_counter;
+} HASH_DRBG;
+
+
+int hash_drbg_init(HASH_DRBG *drbg,
+	const DIGEST *digest,
+	const uint8_t *entropy, size_t entropy_len,
+	const uint8_t *nonce, size_t nonce_len,
+	const uint8_t *personalstr, size_t personalstr_len);
+
+int hash_drbg_reseed(HASH_DRBG *drbg,
+	const uint8_t *entropy, size_t entropy_len,
+	const uint8_t *additional, size_t additional_len);
+
+int hash_drbg_generate(HASH_DRBG *drbg,
+	const uint8_t *additional, size_t additional_len,
+	size_t outlen, uint8_t *out);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/hex.h

@@ -0,0 +1,32 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_HEX_H
+#define GMSSL_HEX_H
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int hex_to_bytes(const char *in, size_t inlen, uint8_t *out, size_t *outlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/hkdf.h

@@ -0,0 +1,45 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+// RFC 5869
+
+#ifndef GMSSL_HKDF_H
+#define GMSSL_HKDF_H
+
+#include <string.h>
+#include <gmssl/digest.h>
+#include <gmssl/hmac.h>
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+int hkdf_extract(const DIGEST *digest, const uint8_t *salt, size_t saltlen,
+	const uint8_t *ikm, size_t ikmlen,
+	uint8_t *prk, size_t *prklen);
+
+int hkdf_expand(const DIGEST *digest, const uint8_t *prk, size_t prklen,
+	const uint8_t *opt_info, size_t opt_infolen,
+	size_t L, uint8_t *okm);
+
+int sm3_hkdf_extract(const uint8_t *salt, size_t saltlen,
+	const uint8_t *ikm, size_t ikmlen,
+	uint8_t *prk, size_t *prklen);
+
+int sm3_hkdf_expand(const uint8_t *prk, size_t prklen,
+	const uint8_t *opt_info, size_t opt_infolen,
+	size_t L, uint8_t *okm);
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/hmac.h

@@ -0,0 +1,47 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_HMAC_H
+#define GMSSL_HMAC_H
+
+#include <string.h>
+#include <gmssl/digest.h>
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#define HMAC_MAX_SIZE	(DIGEST_MAX_SIZE)
+
+
+typedef struct hmac_ctx_st {
+	const DIGEST *digest;
+	DIGEST_CTX digest_ctx;
+	DIGEST_CTX i_ctx;
+	DIGEST_CTX o_ctx;
+} HMAC_CTX;
+
+
+size_t hmac_size(const HMAC_CTX *ctx);
+
+int hmac_init(HMAC_CTX *ctx, const DIGEST *digest, const uint8_t *key, size_t keylen);
+int hmac_update(HMAC_CTX *ctx, const uint8_t *data, size_t datalen);
+int hmac_finish(HMAC_CTX *ctx, uint8_t *mac, size_t *maclen);
+
+int hmac(const DIGEST *md, const uint8_t *key, size_t keylen,
+	const uint8_t *data, size_t dlen,
+	uint8_t *mac, size_t *maclen);
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/http.h

@@ -0,0 +1,29 @@
+/*
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_HTTP_H
+#define GMSSL_HTTP_H
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+int http_parse_uri(const char *uri, char host[128], int *port, char path[256]);
+int http_parse_response(char *buf, size_t buflen, uint8_t **content, size_t *contentlen, size_t *left);
+int http_get(const char *uri, uint8_t *buf, size_t *contentlen, size_t buflen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/md5.h

@@ -0,0 +1,48 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_MD5_H
+#define GMSSL_MD5_H
+
+
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define MD5_IS_BIG_ENDIAN	0
+
+#define MD5_DIGEST_SIZE		16
+#define MD5_BLOCK_SIZE		64
+#define MD5_STATE_WORDS		(MD5_BLOCK_SIZE/sizeof(uint32_t))
+
+typedef struct {
+	uint32_t state[MD5_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[MD5_BLOCK_SIZE];
+	size_t num;
+} MD5_CTX;
+
+
+void md5_init(MD5_CTX *ctx);
+void md5_update(MD5_CTX *ctx, const uint8_t *data, size_t datalen);
+void md5_finish(MD5_CTX *ctx, uint8_t dgst[MD5_DIGEST_SIZE]);
+void md5_digest(const uint8_t *data, size_t datalen, uint8_t dgst[MD5_DIGEST_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/mem.h

@@ -0,0 +1,27 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_MEM_H
+#define GMSSL_MEM_H
+
+#include <stdint.h>
+#include <stddef.h> // where size_t from
+
+
+void memxor(void *r, const void *a, size_t len);
+void gmssl_memxor(void *r, const void *a, const void *b, size_t len);
+
+int gmssl_secure_memcmp(const volatile void * volatile in_a, const volatile void * volatile in_b, size_t len);
+void gmssl_secure_clear(void *ptr, size_t len);
+
+int mem_is_zero(const uint8_t *buf, size_t len); // FIXME: uint8_t * to void *
+
+#endif
+

GmSSL-3.1.0/include/gmssl/oid.h

@@ -0,0 +1,215 @@
+/*
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_OID_H
+#define GMSSL_OID_H
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum {
+	OID_undef = 0,
+
+	// ShangMi schemes in GM/T 0006-2012
+	OID_sm1,
+	OID_ssf33,
+	OID_sm4,
+	OID_zuc,
+	OID_sm2,
+	OID_sm2sign,
+	OID_sm2keyagreement,
+	OID_sm2encrypt,
+	OID_sm9,
+	OID_sm9sign,
+	OID_sm9keyagreement,
+	OID_sm9encrypt,
+	OID_sm3,
+	OID_sm3_keyless,
+	OID_hmac_sm3,
+	OID_sm2sign_with_sm3,
+	OID_rsasign_with_sm3,
+	OID_ec_public_key, // X9.62 ecPublicKey
+	OID_prime192v1,
+	OID_prime256v1,
+	OID_secp256k1,
+	OID_secp192k1,
+	OID_secp224k1,
+	OID_secp224r1,
+	OID_secp384r1,
+	OID_secp521r1,
+
+	OID_at_name,
+	OID_at_surname,
+	OID_at_given_name,
+	OID_at_initials,
+	OID_at_generation_qualifier,
+	OID_at_common_name,
+	OID_at_locality_name,
+	OID_at_state_or_province_name,
+	OID_at_organization_name,
+	OID_at_organizational_unit_name,
+	OID_at_title,
+	OID_at_dn_qualifier,
+	OID_at_country_name,
+	OID_at_serial_number,
+	OID_at_pseudonym,
+	OID_domain_component,
+	OID_email_address,
+
+	// Cert Extensions
+	OID_ce_authority_key_identifier,
+	OID_ce_subject_key_identifier,
+	OID_ce_key_usage,
+	OID_ce_certificate_policies,
+	OID_ce_policy_mappings,
+	OID_ce_subject_alt_name,
+	OID_ce_issuer_alt_name,
+	OID_ce_subject_directory_attributes,
+	OID_ce_basic_constraints,
+	OID_ce_name_constraints,
+	OID_ce_policy_constraints,
+	OID_ce_ext_key_usage,
+	OID_ce_crl_distribution_points,
+	OID_ce_inhibit_any_policy,
+	OID_ce_freshest_crl,
+	OID_netscape_cert_type,
+	OID_netscape_cert_comment,
+	OID_ct_precertificate_scts,
+
+	OID_ad_ca_issuers,
+	OID_ad_ocsp,
+
+	// CRL Extensions
+	//OID_ce_authority_key_identifier,
+	//OID_ce_issuer_alt_name,
+	OID_ce_crl_number,
+	OID_ce_delta_crl_indicator,
+	OID_ce_issuing_distribution_point,
+	//OID_ce_freshest_crl,
+	OID_pe_authority_info_access,
+
+	// CRL Entry Extensions
+	OID_ce_crl_reasons,
+	OID_ce_invalidity_date,
+	OID_ce_certificate_issuer,
+
+	// X.509 KeyPropuseID
+	OID_any_extended_key_usage,
+	OID_kp_server_auth,
+	OID_kp_client_auth,
+	OID_kp_code_signing,
+	OID_kp_email_protection,
+	OID_kp_time_stamping,
+	OID_kp_ocsp_signing,
+
+	OID_qt_cps,
+	OID_qt_unotice,
+
+	OID_md5,
+	OID_sha1,
+	OID_sha224,
+	OID_sha256,
+	OID_sha384,
+	OID_sha512,
+	OID_sha512_224,
+	OID_sha512_256,
+
+
+	OID_hmac_sha1,
+	OID_hmac_sha224,
+	OID_hmac_sha256,
+	OID_hmac_sha384,
+	OID_hmac_sha512,
+	OID_hmac_sha512_224,
+	OID_hmac_sha512_256,
+
+	OID_pbkdf2, // {pkcs-5 12}
+	OID_pbes2,  // {pkcs-5 13}
+
+
+
+	OID_sm4_ecb, // 1 2 156 10197 1 104 1
+	OID_sm4_cbc, // 1 2 156 10197 1 104 2
+
+	OID_aes,
+	OID_aes128_cbc,
+	OID_aes192_cbc,
+	OID_aes256_cbc,
+
+	OID_aes128, // 没有OID
+
+	OID_ecdsa_with_sha1,
+	OID_ecdsa_with_sha224,
+	OID_ecdsa_with_sha256,
+	OID_ecdsa_with_sha384,
+	OID_ecdsa_with_sha512,
+
+	OID_rsasign_with_md5,
+	OID_rsasign_with_sha1,
+	OID_rsasign_with_sha224,
+	OID_rsasign_with_sha256,
+	OID_rsasign_with_sha384,
+	OID_rsasign_with_sha512,
+
+	OID_rsa_encryption,
+	OID_rsaes_oaep,
+
+	OID_any_policy,
+
+	OID_cms_data,
+	OID_cms_signed_data,
+	OID_cms_enveloped_data,
+	OID_cms_signed_and_enveloped_data,
+	OID_cms_encrypted_data,
+	OID_cms_key_agreement_info,
+};
+
+// {iso(1) org(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
+#define oid_pkix	1,3,6,1,5,5,7
+
+#define oid_pe		oid_pkix,1
+#define oid_qt		oid_pkix,2
+#define oid_kp		oid_pkix,3
+#define oid_ad		oid_pkix,48
+
+// {iso(1) member-body(2) us(840) rsadsi(113549)}
+#define oid_rsadsi	1,2,840,113549
+#define oid_pkcs	oid_rsadsi,1
+#define oid_pkcs5	oid_pkcs,5
+
+// {iso(1) member-body(2) us(840) ansi-x962(10045)}
+#define oid_x9_62	1,2,840,10045
+
+
+
+#define oid_at	2,5,4
+#define oid_ce	2,5,29
+
+
+#define oid_sm		1,2,156,10197
+#define oid_sm_algors	oid_sm,1
+#define oid_sm2_cms	oid_sm,6,1,4,2
+
+
+
+
+
+#define oid_cnt(nodes)	(sizeof(nodes)/sizeof((nodes)[0]))
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/pbkdf2.h

@@ -0,0 +1,54 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_PBKDF2_H
+#define GMSSL_PBKDF2_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <limits.h>
+#include <gmssl/hmac.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+PBKDF2 Public API
+
+	PBKDF2_MIN_ITER
+	PBKDF2_DEFAULT_SALT_SIZE
+	PBKDF2_MAX_SALT_SIZE
+
+	pbkdf2_hmac_sm3_genkey
+*/
+
+
+#define PBKDF2_MIN_ITER			10000
+#define PBKDF2_MAX_ITER			(INT_MAX)
+#define PBKDF2_MAX_SALT_SIZE		64
+#define PBKDF2_DEFAULT_SALT_SIZE	8
+
+
+int pbkdf2_genkey(const DIGEST *digest,
+	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
+	size_t outlen, uint8_t *out);
+
+int pbkdf2_hmac_sm3_genkey(
+	const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, size_t iter,
+	size_t outlen, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/pem.h

@@ -0,0 +1,33 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_PEM_H
+#define GMSSL_PEM_H
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <gmssl/base64.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+int pem_read(FILE *fp, const char *name, uint8_t *out, size_t *outlen, size_t maxlen);
+int pem_write(FILE *fp, const char *name, const uint8_t *in, size_t inlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/pkcs8.h

@@ -0,0 +1,169 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+// RFC 5208: PKCS #8: Private-Key Information Syntax Specification version 1.2
+
+
+#ifndef GMSSL_PKCS8_H
+#define GMSSL_PKCS8_H
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <gmssl/sm2.h>
+#include <gmssl/pem.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12}
+
+PBKDF2-params ::= SEQUENCE {
+	salt CHOICE {
+		specified	OCTET STRING,
+		otherSource	AlgorithmIdentifier {{PBKDF2-SaltSources}}
+	},
+	iterationCount		INTEGER (1..MAX),
+	keyLength		INTEGER (1..MAX) OPTIONAL, -- 这个参数可以由函数指定
+	prf			AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
+}
+
+prf must be OID_hmac_sm3
+cipher must be OID_sm4_cbc
+*/
+int pbkdf2_params_to_der(const uint8_t *salt, size_t saltlen, int iter, int keylen, int prf,
+	uint8_t **out, size_t *outlen);
+int pbkdf2_params_from_der(const uint8_t **salt, size_t *saltlen, int *iter, int *keylen, int *prf,
+	const uint8_t **in, size_t *inlen);
+int pbkdf2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+int pbkdf2_algor_to_der(
+	const uint8_t *salt, size_t saltlen,
+	int iter,
+	int keylen,
+	int prf,
+	uint8_t **out, size_t *outlen);
+int pbkdf2_algor_from_der(
+	const uint8_t **salt, size_t *saltlen,
+	int *iter,
+	int *keylen,
+	int *prf,
+	const uint8_t **in, size_t *inlen);
+int pbkdf2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+/*
+id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
+
+PBES2-params ::= SEQUENCE {
+	keyDerivationFunc	AlgorithmIdentifier {{PBES2-KDFs}}, -- id-PBKDF2
+	encryptionScheme	AlgorithmIdentifier {{PBES2-Encs}}}
+
+PBES2-Encs:
+	AES-CBC-Pad [RFC2898]
+	RC5-CBC-Pad
+	DES-CBC-Pad		legacy
+	DES-EDE3-CBC-Pad	legacy
+	RC2-CBC-Pad		legacy
+*/
+
+int pbes2_enc_algor_to_der(
+	int cipher,
+	const uint8_t *iv, size_t ivlen,
+	uint8_t **out, size_t *outlen);
+int pbes2_enc_algor_from_der(
+	int *cipher,
+	const uint8_t **iv, size_t *ivlen,
+	const uint8_t **in, size_t *inlen);
+int pbes2_enc_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+int pbes2_params_to_der(
+	const uint8_t *salt, size_t saltlen,
+	int iter,
+	int keylen,
+	int prf,
+	int cipher,
+	const uint8_t *iv, size_t ivlen,
+	uint8_t **out, size_t *outlen);
+int pbes2_params_from_der(
+	const uint8_t **salt, size_t *saltlen,
+	int *iter,
+	int *keylen,
+	int *prf,
+	int *cipher,
+	const uint8_t **iv, size_t *ivlen,
+	const uint8_t **in, size_t *inlen);
+int pbes2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+int pbes2_algor_to_der(
+	const uint8_t *salt, size_t saltlen,
+	int iter,
+	int keylen,
+	int prf,
+	int cipher,
+	const uint8_t *iv, size_t ivlen,
+	uint8_t **out, size_t *outlen);
+int pbes2_algor_from_der(
+	const uint8_t **salt, size_t *saltlen,
+	int *iter,
+	int *keylen,
+	int *prf,
+	int *cipher,
+	const uint8_t **iv, size_t *ivlen,
+	const uint8_t **in, size_t *inlen);
+int pbes2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+/*
+from [RFC 5208]
+
+EncryptedPrivateKeyInfo ::= SEQUENCE {
+	encryptionAlgorithm	EncryptionAlgorithmIdentifier,
+	encryptedData		OCTET STRING }
+
+encryptionAlgorithm:
+	id-PBES2
+
+PrivateKeyInfo ::= SEQUENCE {
+	version			INTEGER { v1(0) },
+	privateKeyAlgorithm	AlgorithmIdentifier,
+	privateKey		OCTET STRING,
+	attributes		[0] Attributes OPTIONAL }
+*/
+
+int pkcs8_enced_private_key_info_to_der(
+	const uint8_t *salt, size_t saltlen,
+	int iter,
+	int keylen,
+	int prf,
+	int cipher,
+	const uint8_t *iv, size_t ivlen,
+	const uint8_t *enced, size_t encedlen,
+	uint8_t **out, size_t *outlen);
+int pkcs8_enced_private_key_info_from_der(
+	const uint8_t **salt, size_t *saltlen,
+	int *iter,
+	int *keylen,
+	int *prf,
+	int *cipher,
+	const uint8_t **iv, size_t *ivlen,
+	const uint8_t **enced, size_t *encedlen,
+	const uint8_t **in, size_t *inlen);
+int pkcs8_enced_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/rand.h

@@ -0,0 +1,35 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_RAND_H
+#define GMSSL_RAND_H
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <gmssl/api.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+Rand Public API
+
+	rand_bytes
+
+*/
+
+_gmssl_export int rand_bytes(uint8_t *buf, size_t buflen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/rc4.h

@@ -0,0 +1,40 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_RC4_H
+#define GMSSL_RC4_H
+
+
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define RC4_MIN_KEY_BITS	40
+#define RC4_STATE_NUM_WORDS	256
+
+
+typedef struct {
+	uint8_t d[RC4_STATE_NUM_WORDS];
+} RC4_STATE;
+
+void rc4_init(RC4_STATE *state, const uint8_t *key, size_t keylen);
+void rc4_generate_keystream(RC4_STATE *state, size_t outlen, uint8_t *out);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/rdrand.h

@@ -0,0 +1,30 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_RDRAND_H
+#define GMSSL_RDRAND_H
+
+#include <stdint.h>
+#include <stdlib.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+int rdrand_bytes(uint8_t *buf, size_t buflen);
+int rdseed_bytes(uint8_t *buf, size_t buflen);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/rsa.h

@@ -0,0 +1,56 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_RSA_H
+#define GMSSL_RSA_H
+
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+RSAPublicKey ::= SEQUENCE {
+	modulus			INTEGER,  -- n
+	publicExponent		INTEGER   -- e
+}
+
+RSAPrivateKey ::= SEQUENCE {
+	version			INTEGER, -- 0
+	modulus			INTEGER, -- n
+	publicExponent		INTEGER, -- e
+	privateExponent		INTEGER, -- d
+	prime1			INTEGER, -- p
+	prime2			INTEGER, -- q
+	exponent1		INTEGER, -- d mod (p-1)
+	exponent2		INTEGER, -- d mod (q-1)
+	coefficient		INTEGER  -- q^-1 mod p
+}
+*/
+
+
+int rsa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+
+
+
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/sdf.h

@@ -0,0 +1,69 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_SDF_H
+#define GMSSL_SDF_H
+
+#include <string.h>
+#include <stdint.h>
+#include <gmssl/sm2.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+SDF Public API
+
+	sdf_load_library
+	sdf_unload_library
+
+	SDF_DEVICE
+	sdf_open_device
+	sdf_close_device
+	sdf_print_device_info
+	sdf_rand_bytes
+	sdf_load_sign_key
+
+	SDF_KEY
+	sdf_sign
+	sdf_release_key
+*/
+
+typedef struct {
+	void *handle;
+	char issuer[41];
+	char name[17];
+	char serial[17];
+} SDF_DEVICE;
+
+typedef struct {
+	SM2_KEY public_key;
+	void *session;
+	int index;
+} SDF_KEY;
+
+
+int sdf_load_library(const char *so_path, const char *vendor);
+int sdf_open_device(SDF_DEVICE *dev);
+int sdf_print_device_info(FILE *fp, int fmt, int ind, const char *lable, SDF_DEVICE *dev);
+int sdf_rand_bytes(SDF_DEVICE *dev, uint8_t *buf, size_t len);
+int sdf_load_sign_key(SDF_DEVICE *dev, SDF_KEY *key, int index, const char *pass);
+int sdf_sign(SDF_KEY *key, const uint8_t dgst[32], uint8_t *sig, size_t *siglen);
+int sdf_release_key(SDF_KEY *key);
+int sdf_close_device(SDF_DEVICE *dev);
+void sdf_unload_library(void);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/sha1.h

@@ -0,0 +1,45 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+#ifndef GMSSL_SHA1_H
+#define GMSSL_SHA1_H
+
+#include <string.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define SHA1_IS_BIG_ENDIAN	1
+
+#define SHA1_DIGEST_SIZE	20
+#define SHA1_BLOCK_SIZE		64
+#define SHA1_STATE_WORDS	(SHA1_DIGEST_SIZE/sizeof(uint32_t))
+
+
+typedef struct {
+	uint32_t state[SHA1_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA1_BLOCK_SIZE];
+	size_t num;
+} SHA1_CTX;
+
+void sha1_init(SHA1_CTX *ctx);
+void sha1_update(SHA1_CTX *ctx, const uint8_t *data, size_t datalen);
+void sha1_finish(SHA1_CTX *ctx, uint8_t dgst[SHA1_DIGEST_SIZE]);
+void sha1_digest(const uint8_t *data, size_t datalen, uint8_t dgst[SHA1_DIGEST_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif

GmSSL-3.1.0/include/gmssl/sha2.h

@@ -0,0 +1,102 @@
+/*
+ *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the License); you may
+ *  not use this file except in compliance with the License.
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+
+
+#ifndef GMSSL_SHA2_H
+#define GMSSL_SHA2_H
+
+#include <string.h>
+#include <stdint.h>
+#include <sys/types.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+#define SHA2_IS_BIG_ENDIAN	1
+
+
+#define SHA224_DIGEST_SIZE	28
+#define SHA224_BLOCK_SIZE	64
+#define SHA224_STATE_WORDS	8
+
+typedef struct {
+	uint32_t state[SHA224_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA224_BLOCK_SIZE];
+	size_t num;
+} SHA224_CTX;
+
+void sha224_init(SHA224_CTX *ctx);
+void sha224_update(SHA224_CTX *ctx, const uint8_t* data, size_t datalen);
+void sha224_finish(SHA224_CTX *ctx, uint8_t dgst[SHA224_DIGEST_SIZE]);
+void sha224_digest(const uint8_t *data, size_t datalen,
+	uint8_t dgst[SHA224_DIGEST_SIZE]);
+
+
+#define SHA256_DIGEST_SIZE	32
+#define SHA256_BLOCK_SIZE	64
+#define SHA256_STATE_WORDS	8
+
+typedef struct {
+	uint32_t state[SHA256_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA256_BLOCK_SIZE];
+	size_t num;
+} SHA256_CTX;
+
+void sha256_init(SHA256_CTX *ctx);
+void sha256_update(SHA256_CTX *ctx, const uint8_t* data, size_t datalen);
+void sha256_finish(SHA256_CTX *ctx, uint8_t dgst[SHA256_DIGEST_SIZE]);
+void sha256_digest(const uint8_t *data, size_t datalen,
+	uint8_t dgst[SHA256_DIGEST_SIZE]);
+
+
+#define SHA384_DIGEST_SIZE	48
+#define SHA384_BLOCK_SIZE	128
+#define SHA384_STATE_WORDS	8
+
+typedef struct {
+	uint64_t state[SHA384_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA384_BLOCK_SIZE];
+	size_t num;
+} SHA384_CTX;
+
+void sha384_init(SHA384_CTX *ctx);
+void sha384_update(SHA384_CTX *ctx, const uint8_t* data, size_t datalen);
+void sha384_finish(SHA384_CTX *ctx, uint8_t dgst[SHA384_DIGEST_SIZE]);
+void sha384_digest(const uint8_t *data, size_t datalen,
+	uint8_t dgst[SHA384_DIGEST_SIZE]);
+
+
+#define SHA512_DIGEST_SIZE	64
+#define SHA512_BLOCK_SIZE	128
+#define SHA512_STATE_WORDS	8
+
+typedef struct {
+	uint64_t state[SHA512_STATE_WORDS];
+	uint64_t nblocks;
+	uint8_t block[SHA512_BLOCK_SIZE];
+	size_t num;
+} SHA512_CTX;
+
+void sha512_init(SHA512_CTX *ctx);
+void sha512_update(SHA512_CTX *ctx, const uint8_t* data, size_t datalen);
+void sha512_finish(SHA512_CTX *ctx, uint8_t dgst[SHA512_DIGEST_SIZE]);
+void sha512_digest(const uint8_t *data, size_t datalen,
+	uint8_t dgst[SHA512_DIGEST_SIZE]);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif