From d4f44924f8f653cbb626cb2157be6b33b9f11ad0 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 21 Jun 2026 11:43:28 +0800 Subject: [PATCH 1/2] Update GmSSL v3.2.0 compatibility --- .github/workflows/ci.yml | 53 ++++++++++++++++++++++++++++++ gmssl.py | 70 +++++++++++++++++++++++++++++++++------- 2 files changed, 112 insertions(+), 11 deletions(-) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..5a7bf09 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,53 @@ +name: CI + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + workflow_dispatch: + +jobs: + test: + name: Python ${{ matrix.python-version }} on ${{ matrix.os }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ubuntu-22.04, macos-14] + python-version: ["3.10", "3.11", "3.12"] + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + + - name: Install build dependencies + run: | + if [ "$RUNNER_OS" = "Linux" ]; then + sudo apt-get update + sudo apt-get install -y build-essential cmake + else + brew install cmake + fi + + - name: Build and install GmSSL v3.2.0 + run: | + git clone --depth 1 --branch v3.2.0 https://github.com/guanzhi/GmSSL.git "$RUNNER_TEMP/GmSSL" + cmake -S "$RUNNER_TEMP/GmSSL" -B "$RUNNER_TEMP/GmSSL/build" \ + -DCMAKE_BUILD_TYPE=Release + cmake --build "$RUNNER_TEMP/GmSSL/build" --parallel 4 + sudo cmake --install "$RUNNER_TEMP/GmSSL/build" + if [ "$RUNNER_OS" = "Linux" ]; then + sudo ldconfig + fi + + - name: Run tests + env: + LD_LIBRARY_PATH: /usr/local/lib + DYLD_LIBRARY_PATH: /usr/local/lib + run: python -m unittest -v diff --git a/gmssl.py b/gmssl.py index d9a786d..336ddcd 100755 --- a/gmssl.py +++ b/gmssl.py @@ -133,7 +133,7 @@ def sm3_pbkdf2(passwd, salt, iterator, keylen): passwd = passwd.encode('utf-8') key = create_string_buffer(keylen) - if gmssl.pbkdf2_hmac_sm3_genkey(c_char_p(passwd), c_size_t(len(passwd)), + if gmssl.sm3_pbkdf2(c_char_p(passwd), c_size_t(len(passwd)), salt, c_size_t(len(salt)), c_size_t(iterator), c_size_t(keylen), key) != 1: raise NativeError('libgmssl inner error') @@ -328,7 +328,8 @@ class Sm4Gcm(Structure): ("Y", c_uint8 * 16), ("taglen", c_size_t), ("mac", c_uint8 * 16), - ("maclen", c_size_t) + ("maclen", c_size_t), + ("encedlen", c_uint64) ] def __init__(self, key, iv, aad, taglen = SM4_GCM_DEFAULT_TAG_SIZE, encrypt = True): @@ -387,8 +388,9 @@ def finish(self): class Sm2Point(Structure): _fields_ = [ - ("x", c_uint8 * 32), - ("y", c_uint8 * 32) + ("X", c_uint64 * 4), + ("Y", c_uint64 * 4), + ("Z", c_uint64 * 4) ] @@ -396,7 +398,7 @@ class Sm2Key(Structure): _fields_ = [ ("public_key", Sm2Point), - ("private_key", c_uint8 * 32) + ("private_key", c_uint64 * 4) ] def __init__(self): @@ -503,17 +505,61 @@ def decrypt(self, ciphertext): raise NativeError('libgmssl inner error') return outbuf[:outlen.value] +class X509Key(Structure): + + _fields_ = [ + ("algor", c_int), + ("algor_param", c_int), + ("sm2_key", Sm2Key), + ("_padding", c_uint8 * 20000) + ] + DO_ENCRYPT = True DO_DECRYPT = False DO_SIGN = True DO_VERIFY = False -class Sm2Signature(Structure): +class Sm2Z256Point(Structure): + + _fields_ = [ + ("X", c_uint64 * 4), + ("Y", c_uint64 * 4), + ("Z", c_uint64 * 4) + ] + +class Sm2SignPreComp(Structure): + + _fields_ = [ + ("k", c_uint64 * 4), + ("x1_modn", c_uint64 * 4) + ] + +class Sm2Sign(Structure): _fields_ = [ ("sm3_ctx", Sm3), - ("key", Sm2Key) + ("saved_sm3_ctx", Sm3), + ("key", Sm2Key), + ("fast_sign_private", c_uint64 * 4), + ("pre_comp", Sm2SignPreComp * 32), + ("num_pre_comp", c_uint), + ("public_point_table", Sm2Z256Point * 16) + ] + +class Sm2Verify(Structure): + + _fields_ = [ + ("sm3_ctx", Sm3), + ("saved_sm3_ctx", Sm3), + ("key", Sm2Key), + ("public_point_table", Sm2Z256Point * 16) + ] + +class Sm2Signature(Structure): + + _fields_ = [ + ("ctx", Sm2Sign) ] def __init__(self, sm2_key, signer_id = SM2_DEFAULT_ID, sign = DO_SIGN): @@ -559,7 +605,7 @@ def verify(self, signature): class sm9_bn_t(Structure): _fields_ = [ - ("d", c_uint64 * 8) + ("d", c_uint64 * 4) ] class sm9_fp2_t(Structure): @@ -1013,7 +1059,11 @@ def get_subject(self): def get_subject_public_key(self): public_key = Sm2Key() - gmssl.x509_cert_get_subject_public_key(self._cert, c_size_t(len(self._cert)), byref(public_key)) + x509_key = X509Key() + if gmssl.x509_cert_get_subject_public_key(self._cert, c_size_t(len(self._cert)), byref(x509_key)) != 1: + raise NativeError('libgmssl inner error') + public_key.public_key = x509_key.sm2_key.public_key + public_key.private_key = x509_key.sm2_key.private_key public_key._has_private_key = False public_key._has_public_key = True return public_key @@ -1037,5 +1087,3 @@ def verify_by_ca_certificate(self, cacert, sm2_id): cacert_raw, c_size_t(len(cacert_raw)), c_char_p(sm2_id), c_size_t(len(sm2_id))) != 1: return False return True - - From ca69e8caa1c5e536e377b4b8d92c783fd3739472 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Sun, 21 Jun 2026 11:46:22 +0800 Subject: [PATCH 2/2] Fix X509 key buffer for v3.2.0 ABI --- gmssl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gmssl.py b/gmssl.py index 336ddcd..b9d8c47 100755 --- a/gmssl.py +++ b/gmssl.py @@ -511,7 +511,7 @@ class X509Key(Structure): ("algor", c_int), ("algor_param", c_int), ("sm2_key", Sm2Key), - ("_padding", c_uint8 * 20000) + ("_padding", c_uint8 * 1048576) ]