### Build and Install GmSSL Source: https://github.com/guanzhi/gmssl/blob/master/README.md Standard build and installation process for GmSSL using CMake. This includes creating a build directory, configuring with CMake, compiling, testing, and installing the library and tools. ```bash mkdir build cd build cmake .. make make test sudo make install ``` -------------------------------- ### Context Initialization Examples Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/types.md Demonstrates the required initialization steps for cryptographic contexts before their use. ```c SM3_CTX ctx; sm3_init(&ctx); // Required before use SM4_KEY key; sm4_set_encrypt_key(&key, raw_key); // Required before use SM2_KEY keypair; sm2_key_generate(&keypair); // Required before use ``` -------------------------------- ### SM3 PBKDF2 Example Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Example demonstrating how to use sm3_pbkdf2 to derive a key from a password and salt. Includes error checking for the derivation process. ```c const char *password = "mypassword"; uint8_t salt[8] = {/* random bytes */}; uint8_t key[32]; if (!sm3_pbkdf2(password, strlen(password), salt, sizeof(salt), 10000, sizeof(key), key)) { fprintf(stderr, "PBKDF2 failed\n"); return -1; } ``` -------------------------------- ### Install GmSSL Library and Headers Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Installs the GmSSL library to 'lib' and headers to 'include' directories. ```cmake install(TARGETS gmssl ARCHIVE DESTINATION lib LIBRARY DESTINATION lib RUNTIME DESTINATION bin) install(DIRECTORY ${CMAKE_SOURCE_DIR}/include/gmssl DESTINATION include) ``` -------------------------------- ### CMakeLists.txt Option Example Source: https://github.com/guanzhi/gmssl/blob/master/INSTALL.md Example of an option directive in a CMakeLists.txt file, specifying whether to build shared libraries. ```cmake option(BUILD_SHARED_LIBS "Build using shared libraries" OFF) ``` -------------------------------- ### SM3 KDF Example Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Example demonstrating the usage of SM3 KDF functions to derive a key from a shared secret. ```c SM3_KDF_CTX ctx; uint8_t shared_secret[] = "input_key_material"; uint8_t derived_key[64]; sm3_kdf_init(&ctx, sizeof(derived_key)); sm3_kdf_update(&ctx, shared_secret, sizeof(shared_secret) - 1); sm3_kdf_finish(&ctx, derived_key); ``` -------------------------------- ### Set Install RPATH Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Configures the runtime search path for libraries during installation. ```cmake set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib") ``` -------------------------------- ### HMAC-SHA-256 Initialization Example Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Demonstrates initializing the HMAC-SHA-256 context with a key. Keys longer than 64 bytes are hashed first. ```c SHA256_HMAC_CTX ctx; uint8_t key[] = "secret key"; uint8_t msg[] = "message to authenticate"; uint8_t mac[32]; sha256_hmac_init(&ctx, key, sizeof(key) - 1); sha256_hmac_update(&ctx, msg, sizeof(msg) - 1); sha256_hmac_finish(&ctx, mac); ``` -------------------------------- ### SHA-256 Hashing Example Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Demonstrates the complete process of hashing a message using SHA-256. Requires initialization, updating with data, and finalization. ```c SHA256_CTX ctx; uint8_t dgst[32]; uint8_t msg[] = "message"; sha256_init(&ctx); sha256_update(&ctx, msg, sizeof(msg) - 1); sha256_finish(&ctx, dgst); ``` -------------------------------- ### SM2 Signing Example Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM2.md Demonstrates a typical workflow for generating an SM2 signature, including key generation, context initialization, data updates, and finalization. ```c SM2_SIGN_CTX ctx; SM2_KEY key; uint8_t sig[256]; size_t siglen = sizeof(sig); const char *id = "user@example.com"; sm2_key_generate(&key); sm2_sign_init(&ctx, &key, id, strlen(id)); sm2_sign_update(&ctx, msg, msglen); sm2_sign_finish(&ctx, sig, &siglen); ``` -------------------------------- ### Visual Studio Makefile Generation and Build Source: https://github.com/guanzhi/gmssl/blob/master/INSTALL.md Steps to generate Makefiles for Visual Studio and compile using nmake in a command-line environment. Requires administrator privileges for installation. ```bash C:\Program Files\Microsoft Visual Studio\2022\Community>cd /path/to/gmssl mkdir build cd build cmake .. -G "NMake Makefiles" nmake nmake test ``` -------------------------------- ### Example: SHA-256 HMAC Computation using Generic Interface Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Demonstrates how to compute a SHA-256 HMAC using the generic `hmac` function. Requires obtaining the `sha256_algor` descriptor. ```c uint8_t key[] = "secret"; uint8_t msg[] = "message"; uint8_t mac[32]; size_t maclen; // Using generic interface DIGEST *sha256 = &sha256_algor; // Hash algorithm descriptor hmac(sha256, key, sizeof(key) - 1, msg, sizeof(msg) - 1, mac, &maclen); ``` -------------------------------- ### TLS Cipher Suite Handling Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/README.md Gets cipher suite names, creates them from names, and selects available suites. ```c tls_cipher_suite_name(), tls_cipher_suite_from_name() tls_cipher_suites_select() ``` -------------------------------- ### Single-Shot Hashing with SM3 Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/README.md Demonstrates how to compute a hash of a data block using SM3 in a single operation. Initialize the context, update it with data, and then finalize to get the digest. ```c SM3_CTX ctx; uint8_t dgst[32]; sm3_init(&ctx); sm3_update(&ctx, data, datalen); sm3_finish(&ctx, dgst); ``` -------------------------------- ### Hash a Message Workflow Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/INDEX.md Illustrates the typical workflow for hashing a message using SM3, involving initialization, updating with data, and finalizing to get the hash digest. ```C sm3_init sm3_update sm3_finish ``` -------------------------------- ### SM4 CBC Padding Encrypt Example Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM4.md Encrypts arbitrary-length plaintext using SM4 in CBC mode with PKCS#7 padding. The initialization vector is updated during the process. ```c SM4_KEY key; uint8_t iv[16] = {/* 16 random bytes */}; uint8_t plaintext[] = "Hello, World!"; uint8_t ciphertext[128]; size_t cipherlen; sm4_set_encrypt_key(&key, key_material); sm4_cbc_padding_encrypt(&key, iv, plaintext, sizeof(plaintext) - 1, ciphertext, &cipherlen); ``` -------------------------------- ### Key Derivation using SHA-256 HMAC Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Example of deriving a session key from a master key and a nonce using SHA-256 HMAC. This is a common pattern for secure key generation. ```c // Derive session key from master key and nonce SHA256_HMAC_CTX ctx; uint8_t session_key[32]; uint8_t master_key[32], nonce[16]; sha256_hmac_init(&ctx, master_key, sizeof(master_key)); sha256_hmac_update(&ctx, nonce, sizeof(nonce)); sha256_hmac_finish(&ctx, session_key); ``` -------------------------------- ### Configure CPack for GmSSL Package Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Sets CPack variables for the GmSSL package, including name, vendor, version, and description file. This configures the installation package generation. ```cmake set(CPACK_PACKAGE_NAME "GmSSL") set(CPACK_PACKAGE_VENDOR "GmSSL develop team") set(CPACK_PACKAGE_VERSION "3.1.3-Dev") set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md) set(CPACK_NSIS_MODIFY_PATH ON) include(CPack) ``` -------------------------------- ### SM4 Block Cipher Key Setup Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/README.md Sets the encryption or decryption key for the SM4 block cipher. ```c sm4_set_encrypt_key(), sm4_set_decrypt_key() ``` -------------------------------- ### Get Extension Name from OID Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Returns the human-readable name of an X.509 extension given its Object Identifier (OID). ```c const char *x509_ext_id_name(int oid); ``` -------------------------------- ### Get TLS Certificate Type Name Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/TLS.md Returns the human-readable name for a given TLS certificate type constant. ```c const char *tls_cert_type_name(int type); ``` -------------------------------- ### sm3_kdf_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Initializes the Key Derivation Function (KDF) context for a specified output length. This prepares the context for deriving a key of a certain size. ```APIDOC ## sm3_kdf_init ### Description Initializes the Key Derivation Function (KDF) context for a specified output length. This prepares the context for deriving a key of a certain size. ### Method void ### Parameters #### Path Parameters - **ctx** (SM3_KDF_CTX*) - Yes - KDF context to initialize - **outlen** (size_t) - Yes - Desired output length in bytes ### Return Type void ### Example ```c SM3_KDF_CTX ctx; uint8_t shared_secret[] = "input_key_material"; uint8_t derived_key[64]; sm3_kdf_init(&ctx, sizeof(derived_key)); sm3_kdf_update(&ctx, shared_secret, sizeof(shared_secret) - 1); sm3_kdf_finish(&ctx, derived_key); ``` ``` -------------------------------- ### Get TLS Handshake Type Name Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/TLS.md Returns the human-readable name for a given TLS handshake type constant. ```c const char *tls_handshake_type_name(int type); ``` -------------------------------- ### Building 32-bit Programs with Visual Studio Source: https://github.com/guanzhi/gmssl/blob/master/INSTALL.md To generate 32-bit (X86) programs, use the x86 Native Tools Command Prompt for Visual Studio. This sets up the environment for 32-bit compilation. ```bash Use the x86 Native Tools Command Prompt for VS 2022 (or your installed version) to compile. ``` -------------------------------- ### Get TLS Record Type Name Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/TLS.md Returns the human-readable name for a given TLS record type constant. ```c const char *tls_record_type_name(int type); ``` -------------------------------- ### Building 64-bit Programs with Visual Studio Source: https://github.com/guanzhi/gmssl/blob/master/INSTALL.md To generate 64-bit (X86_64) programs, use the x64 Native Tools Command Prompt for Visual Studio. This ensures the correct architecture is targeted during compilation. ```bash Use the x64 Native Tools Command Prompt for VS 2022 (or your installed version) to compile. ``` -------------------------------- ### Get TLS Compression Method Name Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/TLS.md Returns the human-readable name for a given TLS compression method constant. ```c const char *tls_compression_method_name(int meth); ``` -------------------------------- ### Configure ld.so.conf.d for Linux Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Creates a configuration file for the dynamic linker on Linux systems to include the library path. ```cmake if(UNIX AND NOT APPLE) message(STATUS "Detected Linux, configuring /etc/ld.so.conf.d/gmssl.conf") install(CODE " execute_process(COMMAND mkdir -p /etc/ld.so.conf.d) execute_process(COMMAND bash -c \"echo /usr/local/lib > /etc/ld.so.conf.d/gmssl.conf\") execute_process(COMMAND ldconfig) ") endif() ``` -------------------------------- ### Create a Certificate Workflow Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/INDEX.md Outlines the steps for creating an X.509 certificate, including setting the distinguished name and then signing the certificate to generate the DER-encoded structure. ```C x509_name_set x509_cert_sign_to_der ``` -------------------------------- ### Get TLS Protocol Name Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/TLS.md Converts a TLS protocol constant to its human-readable string representation. Use this to display protocol names. ```c const char *tls_protocol_name(int proto); ``` ```c printf("Protocol: %s\n", tls_protocol_name(TLS_protocol_tls13)); // Output: "TLS 1.3" ``` -------------------------------- ### sm3_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Initializes the SM3 hash context. This function must be called once before any sm3_update calls to set up the context for hashing. ```APIDOC ## sm3_init ### Description Initializes SM3 hash context. ### Method void sm3_init(SM3_CTX *ctx) ### Parameters #### Path Parameters - **ctx** (SM3_CTX*) - Required - Context to initialize ### Response #### Success Response - **Return Type:** void ### Example ```c SM3_CTX ctx; uint8_t dgst[32]; sm3_init(&ctx); sm3_update(&ctx, msg, msglen); sm3_finish(&ctx, dgst); ``` ``` -------------------------------- ### sm2_verify_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM2.md Initializes the SM2 verification context, including the user's identity for verification. ```APIDOC ## sm2_verify_init ### Description Initializes verification context with user identity. ### Parameters #### Path Parameters - None #### Query Parameters - None #### Request Body - None ### Method C Function Call ### Endpoint N/A ### Parameters - **ctx** (SM2_VERIFY_CTX*) - Yes - Verification context to initialize - **key** (SM2_KEY*) - Yes - Key with public key - **id** (const char*) - Yes - User identity string (must match signer's) - **idlen** (size_t) - Yes - Length of identity string ### Return Type int Returns 1 on success, 0 on error. ``` -------------------------------- ### SM4 CBC Encrypt Update Example Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM4.md Encrypts a chunk of data during streaming CBC mode. The output length is updated to reflect the generated ciphertext. ```c SM4_CBC_CTX ctx; uint8_t key[16], iv[16]; uint8_t plaintext[1000], ciphertext[1016]; size_t cipherlen; sm4_cbc_encrypt_init(&ctx, key, iv); sm4_cbc_encrypt_update(&ctx, plaintext, 1000, ciphertext, &cipherlen); // cipherlen now contains output length ``` -------------------------------- ### Digital Signature Generation with SM2 and SM3 Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/README.md Shows how to generate a digital signature using SM2 for signing and SM3 for hashing. This involves key generation, initializing SM3, and then using SM2 signing functions. ```c SM2_KEY key; SM3_CTX sm3_ctx; uint8_t sig[256]; size_t siglen; sm2_key_generate(&key); sm3_init(&sm3_ctx); sm3_update(&sm3_ctx, msg, msglen); SM2_SIGN_CTX sign_ctx; sm2_sign_init(&sign_ctx, &key, id, idlen); sm2_sign_update(&sign_ctx, msg, msglen); sm2_sign_finish(&sign_ctx, sig, &siglen); ``` -------------------------------- ### Get Certificate Chain Count Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Returns the number of certificates present in a certificate chain. Requires the chain data, its length, and a pointer to store the count. ```c int x509_certs_get_count(const uint8_t *d, size_t dlen, size_t *cnt); ``` -------------------------------- ### Get X.509 Certificate Version Name Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Retrieves the string representation of an X.509 certificate version. Accepts version values 0, 1, or 2. ```c const char *x509_version_name(int version); ``` -------------------------------- ### SHA-512/256 Initialization Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Initializes the SHA-512 context for the SHA-512/256 variant. This produces a 32-byte output. ```c void sha512_256_init(SHA512_CTX *ctx); ``` -------------------------------- ### Message Authentication using SHA-256 HMAC Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Example of detecting data tampering by comparing a computed HMAC with a received HMAC. Assumes a shared secret key. ```c // Detect tampering with transmitted data SHA256_HMAC_CTX ctx; uint8_t received_mac[32], computed_mac[32]; sha256_hmac_init(&ctx, shared_key, key_len); sha256_hmac_update(&ctx, message, msg_len); sha256_hmac_finish(&ctx, computed_mac); if (memcmp(computed_mac, received_mac, 32) != 0) { // Message was tampered with or key mismatch } ``` -------------------------------- ### sm3_hmac_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Initializes the HMAC context with the provided key. Keys longer than 64 bytes are hashed first. This function sets up the context for HMAC operations. ```APIDOC ## sm3_hmac_init ### Description Initializes HMAC context with key. ### Method void sm3_hmac_init(SM3_HMAC_CTX *ctx, const uint8_t *key, size_t keylen) ### Parameters #### Path Parameters - **ctx** (SM3_HMAC_CTX*) - Required - Context to initialize - **key** (uint8_t*) - Required - HMAC key material - **keylen** (size_t) - Required - Key length (any length) ### Response #### Success Response - **Return Type:** void ### Example ```c SM3_HMAC_CTX ctx; uint8_t key[] = "secret_key"; uint8_t msg[] = "message to authenticate"; uint8_t mac[32]; sm3_hmac_init(&ctx, key, sizeof(key) - 1); sm3_hmac_update(&ctx, msg, sizeof(msg) - 1); sm3_hmac_finish(&ctx, mac); ``` ``` -------------------------------- ### Get TLS Cipher Suite Name Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/TLS.md Retrieves the human-readable name for a given TLS cipher suite constant. Returns NULL if the cipher suite is unknown. ```c const char *tls_cipher_suite_name(int cipher); ``` -------------------------------- ### Initialize SM3 HMAC Context Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Initializes an SM3_HMAC_CTX with a given key. Keys longer than 64 bytes are hashed first. ```c void sm3_hmac_init(SM3_HMAC_CTX *ctx, const uint8_t *key, size_t keylen); ``` ```c SM3_HMAC_CTX ctx; uint8_t key[] = "secret_key"; uint8_t msg[] = "message to authenticate"; uint8_t mac[32]; sm3_hmac_init(&ctx, key, sizeof(key) - 1); sm3_hmac_update(&ctx, msg, sizeof(msg) - 1); sm3_hmac_finish(&ctx, mac); ``` -------------------------------- ### PBKDF2 Key Derivation with SM3 Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/README.md Illustrates how to derive a cryptographic key from a password using the PBKDF2 algorithm with SM3 as the underlying hash function. Requires a salt and specifies iteration count and key length. ```c uint8_t salt[8]; // Random salt uint8_t key[32]; rand_bytes(salt, sizeof(salt)); sm3_pbkdf2(password, strlen(password), salt, sizeof(salt), 10000, sizeof(key), key); ``` -------------------------------- ### Initialize KDF Context Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Initializes the SM3 KDF context for a specified output length. Use this before processing input material. ```c void sm3_kdf_init(SM3_KDF_CTX *ctx, size_t outlen); ``` -------------------------------- ### sm4_ctr32_encrypt_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM4.md Initializes the context for streaming CTR32 mode encryption with a given key and initial counter value. ```APIDOC ## sm4_ctr32_encrypt_init ### Description Initializes streaming CTR32 mode. ### Parameters #### Path Parameters - None #### Query Parameters - None #### Request Body - None ### Parameters - **ctx** (SM4_CTR_CTX*) - Yes - Context to initialize - **key** (uint8_t[SM4_KEY_SIZE]) - Yes - Encryption key - **ctr** (uint8_t[SM4_BLOCK_SIZE]) - Yes - Initial counter value ### Return Type int ``` -------------------------------- ### MSVC Specific Settings Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Configures MSVC specific settings like startup project and compile definitions. ```cmake if (CMAKE_C_COMPILER_ID MATCHES "MSVC") set_property(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT gmssl-bin) set(CMAKE_INSTALL_PREFIX "C:/Program Files/GmSSL") # change by `cmake -DCMAKE_INSTALL_PREFIX=C:\path\to\install` # run `set path=%path%;C:\ Program Files\GmSSL\bin` add_compile_definitions(_CRT_SECURE_NO_WARNINGS) target_compile_options(gmssl PRIVATE /utf-8) target_compile_options(gmssl-bin PRIVATE /utf-8) endif() ``` -------------------------------- ### Enable Kyber Post-Quantum Cryptography Support Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Enables support for the CRYSTALS-Kyber key encapsulation mechanism. ```cmake if (ENABLE_KYBER) message(STATUS "ENABLE_KYBER is ON") add_definitions(-DENABLE_KYBER) list(APPEND src src/kyber.c) list(APPEND tools tools/kyberkeygen.c tools/kyberencap.c tools/kyberdecap.c) list(APPEND tests kyber) endif() ``` -------------------------------- ### SM4 CBC Encrypt Init Function Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM4.md Initializes the context for streaming CBC mode encryption. Requires the encryption key and an initial IV. ```c int sm4_cbc_encrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]); ``` -------------------------------- ### Adding GmSSL Bin Directory to System Path Source: https://github.com/guanzhi/gmssl/blob/master/INSTALL.md Appends the GmSSL binary directory to the system's PATH environment variable for command-line access. This is typically done after installation. ```bash set path=%path%;C:\Program Files\GmSSL\bin ``` -------------------------------- ### SHA-512 Initialization Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Initializes the SHA-512 hash context. Prepare the context before processing data. ```c void sha512_init(SHA512_CTX *ctx); ``` -------------------------------- ### Get X.509 Extension by OID Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Use this function to extract a specific X.509 extension from a DER-encoded list based on its OID. It returns the extension's critical flag and its value. ```c int x509_exts_get_ext_by_oid(const uint8_t *d, size_t dlen, int oid, int *critical, const uint8_t **val, size_t *vlen); ``` -------------------------------- ### Derive Key from Password Workflow Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/INDEX.md Illustrates the workflow for deriving a key from a password using the PBKDF2 function with SM3 hashing. ```C sm3_pbkdf2 ``` -------------------------------- ### sm4_cbc_encrypt_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM4.md Initializes the SM4 CBC streaming context for encryption with the provided key and initialization vector. ```APIDOC ## sm4_cbc_encrypt_init ### Description Initializes streaming CBC encryption. ### Parameters #### Parameters - **ctx** (SM4_CBC_CTX*) - Yes - Context to initialize - **key** (uint8_t[16]) - Yes - Encryption key - **iv** (uint8_t[16]) - Yes - Initialization vector ### Return Type int Returns 1 on success, 0 on error. ``` -------------------------------- ### Get Certificate by Index from Chain Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Extracts a specific certificate from a chain by its index. Requires the chain data, its length, the index of the desired certificate, and pointers to store the certificate data and its length. ```c int x509_certs_get_cert_by_index(const uint8_t *d, size_t dlen, int index, const uint8_t **cert, size_t *certlen); ``` -------------------------------- ### Get Certificate by Subject from Chain Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Finds a certificate within a chain by its subject distinguished name. Requires the chain data, its length, the subject name and its length, and pointers to store the found certificate and its length. ```c int x509_certs_get_cert_by_subject(const uint8_t *d, size_t dlen, const uint8_t *subject, size_t subject_len, const uint8_t **cert, size_t *certlen); ``` -------------------------------- ### SHA-256 Initialization Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Initializes the SHA-256 context. This function must be called before any sha256_update or sha256_finish calls. ```c void sha256_init(SHA256_CTX *ctx); ``` -------------------------------- ### SM9 Key Exchange - Alice's First Step Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM9.md Performs Alice's first step in the SM9 key exchange protocol. Outputs Alice's ephemeral point and random scalar. ```c int sm9_exch_step_1A(const SM9_EXCH_MASTER_KEY *mpk, const char *idB, size_t idBlen, SM9_Z256_POINT *RA, sm9_z256_t rA); ``` -------------------------------- ### Initialize SM3 Hash Context Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Initializes an SM3_CTX structure for hashing. Must be called before sm3_update. ```c void sm3_init(SM3_CTX *ctx); ``` ```c SM3_CTX ctx; uint8_t dgst[32]; sm3_init(&ctx); sm3_update(&ctx, msg, msglen); sm3_finish(&ctx, dgst); ``` -------------------------------- ### sm9_exch_step_1B Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM9.md Performs Bob's first step in the SM9 key exchange protocol. ```APIDOC ## sm9_exch_step_1B ### Description SM9 key exchange - Bob's first step. ### Method Not applicable (C function) ### Parameters #### Input Parameters - **mpk** (SM9_EXCH_MASTER_KEY*) - Yes - Master public key - **idA** (const char*) - Yes - Alice's identity - **idAlen** (size_t) - Yes - Alice's identity length - **idB** (const char*) - Yes - Bob's identity - **idBlen** (size_t) - Yes - Bob's identity length - **key** (SM9_EXCH_KEY*) - Yes - **RA** (const SM9_Z256_POINT*) - Yes - **RB** (SM9_Z256_POINT*) - Yes - **sk** (uint8_t*) - Yes - **klen** (size_t) - Yes ### Return Type int ``` -------------------------------- ### sm2_sign_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM2.md Initializes the SM2 signature context, incorporating the user's identity for hash computation. ```APIDOC ## sm2_sign_init ### Description Initializes signature context with user identity (for signing with Z value). ### Parameters #### Path Parameters - None #### Query Parameters - None #### Request Body - None ### Method C Function Call ### Endpoint N/A ### Parameters #### Path Parameters - None #### Query Parameters - None #### Request Body - None ### Parameters - **ctx** (SM2_SIGN_CTX*) - Yes - Signature context to initialize - **key** (SM2_KEY*) - Yes - Key with private key - **id** (const char*) - Yes - User identity string - **idlen** (size_t) - Yes - Length of identity string ### Return Type int Returns 1 on success, 0 on error. ### Description SM2 signature includes an identity value in the hash computation. This function initializes the context to include the identity in subsequent updates. ### Example ```c SM2_SIGN_CTX ctx; SM2_KEY key; uint8_t sig[256]; size_t siglen = sizeof(sig); const char *id = "user@example.com"; sm2_key_generate(&key); sm2_sign_init(&ctx, &key, id, strlen(id)); sm2_sign_update(&ctx, msg, msglen); sm2_sign_finish(&ctx, sig, &siglen); ``` ``` -------------------------------- ### sm4_ctr_encrypt_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM4.md Initializes the context for streaming CTR mode encryption with a given key and initial counter value. ```APIDOC ## sm4_ctr_encrypt_init ### Description Initializes streaming CTR mode encryption. ### Parameters #### Path Parameters - None #### Query Parameters - None #### Request Body - None ### Parameters - **ctx** (SM4_CTR_CTX*) - Yes - Context to initialize - **key** (uint8_t[SM4_KEY_SIZE]) - Yes - Encryption key - **ctr** (uint8_t[SM4_BLOCK_SIZE]) - Yes - Initial counter value ### Return Type int Returns 1 on success, 0 on error. ``` -------------------------------- ### SM9 Key Exchange - Bob's First Step Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM9.md Performs Bob's first step in the SM9 key exchange protocol. ```c int sm9_exch_step_1B(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idAlen, const char *idB, size_t idBlen, const SM9_EXCH_KEY *key, const SM9_Z256_POINT *RA, SM9_Z256_POINT *RB, uint8_t *sk, size_t klen); ``` -------------------------------- ### Enable LMS Signature Scheme Support Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Enables support for the Leighton-Micali Signature (LMS) scheme. Optionally enables cross-checking with SHA-256. ```cmake if (ENABLE_LMS) message(STATUS "ENABLE_LMS is ON") add_definitions(-DENABLE_LMS) list(APPEND src src/lms.c) list(APPEND tools tools/lmskeygen.c tools/lmssign.c tools/lmsverify.c) list(APPEND tools tools/hsskeygen.c tools/hsssign.c tools/hssverify.c) list(APPEND tests lms) option(ENABLE_LMS_CROSSCHECK "Enable LMS SHA-256 cross-check" OFF) if (ENABLE_LMS_CROSSCHECK) message(STATUS "ENABLE_LMS_CROSSCHECK is ON") add_definitions(-DENABLE_LMS_CROSSCHECK) endif() endif() ``` -------------------------------- ### Generic HMAC Initialization Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Initializes a generic HMAC context with a specified hash algorithm, key, and key length. Returns 1 on success, 0 on error. ```c int hmac_init(HMAC_CTX *ctx, const DIGEST *digest, const uint8_t *key, size_t keylen); ``` -------------------------------- ### HMAC-SHA-256 Initialization Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Initializes the HMAC context with the provided key. The key can be of any length; longer keys are processed internally. ```c void sha256_hmac_init(SHA256_HMAC_CTX *ctx, const uint8_t *key, size_t keylen); ``` -------------------------------- ### Add GmSSL Executable and Link Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Creates the main GmSSL executable and links it against the GmSSL library, excluding iOS. ```cmake if (NOT ${CMAKE_SYSTEM_NAME} STREQUAL "iOS") add_executable(gmssl-bin ${tools}) target_link_libraries(gmssl-bin LINK_PUBLIC gmssl) set_target_properties(gmssl-bin PROPERTIES RUNTIME_OUTPUT_NAME gmssl) if (WIN32) target_link_libraries(gmssl-bin PRIVATE Ws2_32) endif() ``` -------------------------------- ### Define Tool Source Files Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Lists the C source files for the GmSSL command-line tools. ```cmake set(tools tools/gmssl.c tools/version.c tools/sm4.c tools/sm4_cbc.c tools/sm4_ctr.c tools/sm4_gcm.c tools/sm4_cbc_sm3_hmac.c tools/sm4_ctr_sm3_hmac.c tools/sm3.c tools/sm3hmac.c tools/sm3_pbkdf2.c tools/sm2keygen.c tools/sm2sign.c tools/sm2verify.c tools/sm2encrypt.c tools/sm2decrypt.c tools/rand.c tools/certgen.c tools/certparse.c tools/certverify.c tools/certrevoke.c tools/ocspreq.c tools/reqgen.c tools/reqparse.c tools/reqsign.c tools/crlgen.c tools/crlget.c tools/crlparse.c tools/crlverify.c ) ``` -------------------------------- ### Build and Test GmSSL Source: https://github.com/guanzhi/gmssl/blob/master/README.md Commands to build the GmSSL project with testing enabled and run various test executables. ```bash cmake .. -DENABLE_TEST_SPEED=ON make ./bin/sm4_cltest; ./bin/sm4test; ./bin/sm3test; ./bin/sm2_signtest; ./bin/sm2_enctest; ./bin/sm9test; ./bin/zuctest ``` -------------------------------- ### Sign a Message Workflow Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/INDEX.md Shows the workflow for signing a message, involving hashing with SM3 and then performing the SM2 signing operation. ```C sm3_init/update sm2_sign_init/update/finish ``` -------------------------------- ### sm9_exch_step_1A Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM9.md Performs Alice's first step in the SM9 key exchange protocol, generating her ephemeral point and random scalar. ```APIDOC ## sm9_exch_step_1A ### Description SM9 key exchange - Alice's first step. ### Method Not applicable (C function) ### Parameters #### Input Parameters - **mpk** (SM9_EXCH_MASTER_KEY*) - Yes - Master public key - **idB** (const char*) - Yes - Bob's identity - **idBlen** (size_t) - Yes - Bob's identity length #### Output Parameters - **RA** (SM9_Z256_POINT*) - Yes - Output Alice's ephemeral point - **rA** (sm9_z256_t) - Yes - Output Alice's random scalar ### Return Type int Returns 1 on success, 0 on error. ``` -------------------------------- ### Link Libraries for GmSSL (Unix/Linux) Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Links the dl library on Unix/Linux systems if ENABLE_SDF is enabled. ```cmake else() if (ENABLE_SDF) target_link_libraries(gmssl dl) endif() endif() ``` -------------------------------- ### Enable Testing and Add Tests Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Enables testing and defines individual test executables for each test module. ```cmake enable_testing() foreach(name ${tests}) add_test(NAME ${name} COMMAND ${name}test) add_executable(${name}test tests/${name}test.c) target_link_libraries (${name}test LINK_PUBLIC gmssl) endforeach() install(TARGETS gmssl-bin RUNTIME DESTINATION bin) endif() ``` -------------------------------- ### hmac_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Initializes a generic HMAC context with a specified hash algorithm, key, and key length. This function sets up the context for HMAC computations that can use various digest algorithms. ```APIDOC ## hmac_init ### Description Initializes generic HMAC with specified hash algorithm. ### Parameters #### Path Parameters - **ctx** (HMAC_CTX*) - Yes - Context to initialize - **digest** (DIGEST*) - Yes - Hash algorithm (SM3, SHA256, etc.) - **key** (uint8_t*) - Yes - HMAC key - **keylen** (size_t) - Yes - Key length ### Return Type int Returns 1 on success, 0 on error. ``` -------------------------------- ### Set Library and Executable Output Paths Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Specifies the output directories for libraries and executables within the build directory. ```cmake set(LIBRARY_OUTPUT_PATH ${PROJECT_BINARY_DIR}/bin) set(EXECUTABLE_OUTPUT_PATH ${PROJECT_BINARY_DIR}/bin) ``` -------------------------------- ### sm4_cbc_decrypt_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM4.md Initializes the SM4 CBC streaming context for decryption with the provided key and initialization vector. ```APIDOC ## sm4_cbc_decrypt_init ### Description Initializes streaming CBC decryption. ### Parameters #### Parameters - **ctx** (SM4_CBC_CTX*) - Yes - Context to initialize - **key** (uint8_t[16]) - Yes - Decryption key - **iv** (uint8_t[16]) - Yes - Initialization vector ### Return Type int Returns 1 on success, 0 on error. ``` -------------------------------- ### SHA-1 Initialization Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md Initializes the SHA-1 hash context. Call this before processing any data with sha1_update. ```c void sha1_init(SHA1_CTX *ctx); ``` -------------------------------- ### Enable SHA-2 Hash Functions Support Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Enables support for SHA-2 family hash functions (SHA-224, SHA-256, SHA-384, SHA-512) and HMAC. ```cmake if (ENABLE_SHA2) message(STATUS "ENABLE_SHA2 is ON") add_definitions(-DENABLE_SHA2) list(APPEND src src/sha256.c src/sha512.c) list(APPEND src src/sha256_hmac.c) list(APPEND tests sha224 sha256 sha384 sha512 hmac) endif() ``` -------------------------------- ### Initialize SM9 Streaming Signature Context Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM9.md Initializes a context for creating SM9 signatures in a streaming fashion. This must be called before any update operations. ```c int sm9_sign_init(SM9_SIGN_CTX *ctx); ``` -------------------------------- ### Streaming Encryption with SM4 CBC Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/README.md Illustrates how to perform streaming encryption using SM4 in CBC mode. Initialize the context with key and IV, update with data chunks, and finish the operation. ```c SM4_CBC_CTX ctx; uint8_t key[16], iv[16], out[1024]; size_t outlen; sm4_cbc_encrypt_init(&ctx, key, iv); sm4_cbc_encrypt_update(&ctx, chunk1, len1, out, &outlen); sm4_cbc_encrypt_update(&ctx, chunk2, len2, out + outlen, &outlen); sm4_cbc_encrypt_finish(&ctx, out + outlen, &outlen); ``` -------------------------------- ### sm9_verify_init / sm9_verify_update / sm9_verify_finish Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM9.md These functions are part of the verification process, mirroring the signing functions but using the master public key and identity. They allow for streaming verification of signatures. ```APIDOC ## sm9_verify_init / sm9_verify_update / sm9_verify_finish ### Description Functions for initializing, updating, and finishing the SM9 signature verification process, supporting streaming verification. ### Method N/A (C functions) ### Parameters N/A (Specific parameters depend on each function, similar to signing functions but using master public key and identity.) ### Request Example N/A ### Response #### Success Response (1) Returns 1 on success. #### Response Example N/A ``` -------------------------------- ### Compare SM2 Public Keys Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM2.md Compares two SM2 public keys for equality. Returns 1 if they are identical, 0 otherwise. Ensure both key pointers are valid. ```c int sm2_public_key_equ(const SM2_KEY *sm2_key, const SM2_KEY *pub_key); ``` -------------------------------- ### Enable AES Option Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Defines a boolean option to enable AES symmetric encryption algorithm. Defaults to OFF. ```cmake option(ENABLE_AES "Enable AES" OFF) ``` -------------------------------- ### Link Libraries for GmSSL (Windows) Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Links the Winsock library to the GmSSL library on Windows systems. ```cmake if (WIN32) target_link_libraries(gmssl PRIVATE Ws2_32) ``` -------------------------------- ### sm9_sign_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM9.md Initializes the SM9 signature context for processing message data in chunks. This is the first step in a streaming signature process. ```APIDOC ## sm9_sign_init ### Description Initializes signature context for streaming. ### Method N/A (C function) ### Parameters #### Path Parameters N/A #### Query Parameters N/A #### Request Body N/A ### Request Example N/A ### Response #### Success Response (1) Returns 1 on success. #### Response Example N/A ### Parameters - **ctx** (SM9_SIGN_CTX*) - Yes - Context to initialize ``` -------------------------------- ### Enable SPHINCS+ Hash-Based Signature Scheme Support Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Enables support for the SPHINCS+ hash-based signature scheme. Optionally enables cross-checking with SHA-256. ```cmake if (ENABLE_SPHINCS) message(STATUS "ENABLE_SPHINCS is ON") add_definitions(-DENABLE_SPHINCS) list(APPEND src src/sphincs.c) list(APPEND tools tools/sphincskeygen.c tools/sphincssign.c tools/sphincsverify.c) list(APPEND tests sphincs) option(ENABLE_SPHINCS_CROSSCHECK "Enable SPHINCS SHA-256 cross-check" ON) if (ENABLE_SPHINCS_CROSSCHECK) message(STATUS "ENABLE_SPHINCS_CROSSCHECK is ON") add_definitions(-DENABLE_SPHINCS_CROSSCHECK) endif() endif() ``` -------------------------------- ### Shared Libraries Option Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Configures whether to build using shared libraries. ```cmake option(BUILD_SHARED_LIBS "Build using shared libraries" ON) ``` -------------------------------- ### Initialize SM2 Verification Context Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM2.md Initializes the verification context for verifying SM2 signatures. The provided identity must match the one used during signing. ```c int sm2_verify_init(SM2_VERIFY_CTX *ctx, const SM2_KEY *key, const char *id, size_t idlen); ``` -------------------------------- ### Include Project Headers Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Adds the 'include' directory to the compiler's include path. ```cmake include_directories(include) ``` -------------------------------- ### Running Tests in Visual Studio Source: https://github.com/guanzhi/gmssl/blob/master/INSTALL.md Instructions to run tests within the Visual Studio IDE by locating and debugging the RUN_TESTS project. Test results will appear in the 'Output' window. ```bash Right-click on the 'RUN_TESTS' project in the Solution Explorer and select 'Debug' -> 'Start new instance'. ``` -------------------------------- ### Visual Studio Solution Generation Source: https://github.com/guanzhi/gmssl/blob/master/INSTALL.md Configure CMake to generate a Visual Studio solution file (.sln) and associated project files (.vcxproj) for building within the Visual Studio IDE. ```bash C:\Program Files\Microsoft Visual Studio\2022\Community>cd /path/to/gmssl mkdir build cd build cmake .. ``` -------------------------------- ### SM4 CBC Decrypt Init Function Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM4.md Initializes the context for streaming CBC mode decryption. Requires the decryption key and the initial IV. ```c int sm4_cbc_decrypt_init(SM4_CBC_CTX *ctx, const uint8_t key[SM4_KEY_SIZE], const uint8_t iv[SM4_BLOCK_SIZE]); ``` -------------------------------- ### Set Project Name and Language Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Defines the project name as 'GmSSL' and specifies the primary language as C. ```cmake project(GmSSL C) ``` -------------------------------- ### x509_certs_verify Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Verifies a certificate chain against a store of root certificates. ```APIDOC ## x509_certs_verify ### Description Verifies certificate chain against root certificates. ### Parameters #### Path Parameters - **certs** (const uint8_t*) - Required - Certificate chain to verify - **certslen** (size_t) - Required - Chain length - **certs_type** (int) - Required - Chain format (DER/PEM) - **rootcerts** (const uint8_t*) - Required - Root certificate store - **rootcertslen** (size_t) - Required - Root store length - **depth** (int) - Required - Max verification depth - **verify_result** (int*) - Required - Output verification result ### Return Type int Returns 1 if verification succeeds, 0 if fails or error. ``` -------------------------------- ### x509_certs_from_pem Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Reads a certificate chain from PEM format from a specified file pointer into a buffer. ```APIDOC ## x509_certs_from_pem ### Description Reads certificate chain from PEM format. ### Parameters #### Path Parameters - **d** (uint8_t*) - Required - **dlen** (size_t*) - Required - **maxlen** (size_t) - Required - **fp** (FILE*) - Required ### Return Type int ``` -------------------------------- ### Enable SPHINCS+ Signature Option Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Defines a boolean option to enable SPHINCS+ signature support. Defaults to OFF. ```cmake option(ENABLE_SPHINCS "Enable SPHINCS+ signature" OFF) ``` -------------------------------- ### sm3_digest_init Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Initializes a generic digest context, which can be used for either plain hashing or HMAC based on the provided key. If the key is NULL or its length is 0, it initializes for plain hashing. ```APIDOC ## sm3_digest_init ### Description Initializes a generic digest context, which can be used for either plain hashing or HMAC based on the provided key. If the key is NULL or its length is 0, it initializes for plain hashing. ### Method int ### Parameters #### Path Parameters - **ctx** (SM3_DIGEST_CTX*) - Yes - Context to initialize - **key** (uint8_t*) - Yes - HMAC key (NULL for plain hash) - **keylen** (size_t) - Yes - Key length (0 for plain hash) ### Return Type int Returns 1 on success, 0 on error. ``` -------------------------------- ### Enabling Shared Libraries with CMake Source: https://github.com/guanzhi/gmssl/blob/master/INSTALL.md Configure CMake to build shared libraries by setting the BUILD_SHARED_LIBS variable to ON. ```bash cmake .. -DBUILD_SHARED_LIBS=ON ``` -------------------------------- ### Enable SM4 AES-NI Implementation Option Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Defines a boolean option to enable SM4 AES-NI (4x) implementation. Defaults to OFF. ```cmake option(ENABLE_SM4_AESNI "Enable SM4 AES-NI (4x) implementation" OFF) ``` -------------------------------- ### Enable SM2 Encryption Precomputing Option Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Defines a boolean option to enable SM2 encryption precomputing. Defaults to ON. ```cmake option (ENABLE_SM2_ENC_PRE_COMPUTE "Enable SM2 encryption precomputing" ON) ``` -------------------------------- ### Convert Certificate to PEM Format Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Writes a certificate in DER format to a file pointer in PEM format. Requires the certificate data, its length, and a file pointer for output. ```c int x509_cert_to_pem(const uint8_t *a, size_t alen, FILE *fp); ``` -------------------------------- ### Server-Side Challenge-Response Authentication with SHA256_HMAC Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/HASH-HMAC.md This C code snippet demonstrates how a server can verify a client's response in a challenge-response authentication system using SHA256_HMAC. It initializes the HMAC context, updates it with the challenge, and computes the expected response to compare against the received response. ```c // Server-side authentication verification SHA256_HMAC_CTX ctx; uint8_t expected_response[32], received_response[32]; uint8_t challenge[16], password_hash[32]; sha256_hmac_init(&ctx, password_hash, sizeof(password_hash)); sha256_hmac_update(&ctx, challenge, sizeof(challenge)); sha256_hmac_finish(&ctx, expected_response); if (memcmp(expected_response, received_response, 32) == 0) { // Authentication successful } ``` -------------------------------- ### x509_certs_to_pem Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/X509.md Writes a certificate chain (multiple certificates) from DER format to PEM format to a specified file pointer. ```APIDOC ## x509_certs_to_pem ### Description Writes certificate chain to PEM format (multiple certificates). ### Parameters #### Path Parameters - **d** (const uint8_t*) - Required - **dlen** (size_t) - Required - **fp** (FILE*) - Required ### Return Type int ``` -------------------------------- ### Enable Kyber Option Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Defines a boolean option to enable Kyber (post-quantum cryptography) support. Defaults to OFF. ```cmake option(ENABLE_KYBER "Enable Kyber" OFF) ``` -------------------------------- ### Link Libraries for GmSSL (MinGW) Source: https://github.com/guanzhi/gmssl/blob/master/CMakeLists.txt Links the Winsock library to the GmSSL library on MinGW systems. ```cmake elseif (MINGW) target_link_libraries(gmssl PRIVATE wsock32) ``` -------------------------------- ### Finalize KDF and Output Key Source: https://github.com/guanzhi/gmssl/blob/master/_autodocs/api-reference/SM3.md Finalizes the SM3 key derivation process and outputs the derived key. Ensure the context is initialized with the correct output length. ```c void sm3_kdf_finish(SM3_KDF_CTX *ctx, uint8_t *out); ```