From 0181f67b766e85affda9911eadb21d7bfc4ccf85 Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Thu, 4 Jun 2026 21:15:39 +0800
Subject: [PATCH] fix: align ctypes structures and add CI

---
 .github/workflows/ci.yml | 78 ++++++++++++++++++++++++++++++++++++++++
 gmssl.py                 | 29 +++++++++++----
 test.py                  |  6 +++-
 3 files changed, 106 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..7ff8e6b
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,78 @@
+name: CI
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: ${{ matrix.name }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: Linux x64
+            os: ubuntu-latest
+            python-version: "3.12"
+          - name: macOS ARM64
+            os: macos-latest
+            python-version: "3.12"
+          - name: Windows x64
+            os: windows-latest
+            python-version: "3.12"
+
+    steps:
+      - name: Checkout GmSSL-Python
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Checkout GmSSL
+        uses: actions/checkout@v4
+        with:
+          repository: guanzhi/GmSSL
+          path: GmSSL
+
+      - name: Build and install GmSSL on Linux
+        if: runner.os == 'Linux'
+        run: |
+          cmake -S GmSSL -B GmSSL/build -DCMAKE_BUILD_TYPE=Release
+          cmake --build GmSSL/build --parallel 2
+          sudo cmake --install GmSSL/build
+          sudo ldconfig
+
+      - name: Build and install GmSSL on macOS
+        if: runner.os == 'macOS'
+        run: |
+          cmake -S GmSSL -B GmSSL/build -DCMAKE_BUILD_TYPE=Release
+          cmake --build GmSSL/build --parallel 2
+          sudo cmake --install GmSSL/build
+          echo "DYLD_LIBRARY_PATH=/usr/local/lib:$DYLD_LIBRARY_PATH" >> "$GITHUB_ENV"
+
+      - name: Build GmSSL on Windows
+        if: runner.os == 'Windows'
+        run: |
+          cmake -S GmSSL -B GmSSL\build -A x64 -DCMAKE_BUILD_TYPE=Release
+          cmake --build GmSSL\build --config Release --parallel 2
+          $dll = Get-ChildItem -Path GmSSL\build -Filter gmssl.dll -Recurse | Select-Object -First 1
+          if (-not $dll) { throw "gmssl.dll was not built" }
+          $dll.Directory.FullName | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+
+      - name: Install package
+        run: python -m pip install .
+
+      - name: Verify library loading
+        run: python -c "import gmssl; print(gmssl.GMSSL_LIBRARY_VERSION); print(gmssl.GMSSL_PYTHON_VERSION)"
+
+      - name: Run tests
+        run: python -m unittest -v
diff --git a/gmssl.py b/gmssl.py
index d9a786d..50be3d2 100755
--- a/gmssl.py
+++ b/gmssl.py
@@ -133,7 +133,12 @@ def sm3_pbkdf2(passwd, salt, iterator, keylen):
 	passwd = passwd.encode('utf-8')
 	key = create_string_buffer(keylen)
 
-	if gmssl.pbkdf2_hmac_sm3_genkey(c_char_p(passwd), c_size_t(len(passwd)),
+	try:
+		pbkdf2_func = gmssl.pbkdf2_hmac_sm3_genkey
+	except AttributeError:
+		pbkdf2_func = gmssl.sm3_pbkdf2
+
+	if pbkdf2_func(c_char_p(passwd), c_size_t(len(passwd)),
 		salt, c_size_t(len(salt)), c_size_t(iterator), c_size_t(keylen), key) != 1:
 		raise NativeError('libgmssl inner error')
 
@@ -387,8 +392,9 @@ def finish(self):
 
 class Sm2Point(Structure):
 	_fields_ = [
-		("x", c_uint8 * 32),
-		("y", c_uint8 * 32)
+		("x", c_uint64 * 4),
+		("y", c_uint64 * 4),
+		("z", c_uint64 * 4)
 	]
 
 
@@ -509,11 +515,24 @@ def decrypt(self, ciphertext):
 DO_SIGN = True
 DO_VERIFY = False
 
+class Sm2SignPreComp(Structure):
+
+	_fields_ = [
+		("k", c_uint64 * 4),
+		("x1_modn", c_uint64 * 4)
+	]
+
+
 class Sm2Signature(Structure):
 
 	_fields_ = [
 		("sm3_ctx", Sm3),
-		("key", Sm2Key)
+		("saved_sm3_ctx", Sm3),
+		("key", Sm2Key),
+		("fast_sign_private", c_uint64 * 4),
+		("pre_comp", Sm2SignPreComp * 32),
+		("num_pre_comp", c_uint),
+		("public_point_table", Sm2Point * 16)
 	]
 
 	def __init__(self, sm2_key, signer_id = SM2_DEFAULT_ID, sign = DO_SIGN):
@@ -1037,5 +1056,3 @@ def verify_by_ca_certificate(self, cacert, sm2_id):
 			cacert_raw, c_size_t(len(cacert_raw)), c_char_p(sm2_id), c_size_t(len(sm2_id))) != 1:
 			return False
 		return True
-
-
diff --git a/test.py b/test.py
index ce80cf2..5d35fd0 100644
--- a/test.py
+++ b/test.py
@@ -18,6 +18,11 @@ def test_version(self):
 		self.assertTrue(len(GMSSL_LIBRARY_VERSION) > 0)
 		self.assertTrue(len(GMSSL_PYTHON_VERSION) > 0)
 
+	def test_sm2_struct_sizes(self):
+		self.assertEqual(sizeof(Sm2Point), 96)
+		self.assertEqual(sizeof(Sm2Key), 128)
+		self.assertEqual(sizeof(Sm2Signature), 3976)
+
 	def test_rand(self):
 		keylen = 20
 		key = rand_bytes(keylen)
@@ -229,4 +234,3 @@ def test_sm2_cert(self):
 
 if __name__ == '__main__':
 	unittest.main()
-