crypto

package
v2.3.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 4, 2024 License: Apache-2.0 Imports: 1 Imported by: 70

README

简介

crypto 模块提供了一些密码学算法 (包括加密、签名、哈希等) 能力及其相关的协议的接口。

密码学算法

非对称密码学算法接口

定义了如下的非对称体系公私钥接口:

// Signing options
type SignOpts struct {
	Hash HashType
	UID  string
}

// === 秘钥接口 ===
type Key interface {
	// 获取秘钥字节数组
	Bytes() ([]byte, error)

	// 获取秘钥类型
	Type() KeyType

	// 获取编码后秘钥(PEM格式)
	String() (string, error)
}

// === 非对称秘钥签名+验签接口 ===
// 私钥签名接口
type PrivateKey interface {
	Key

	// 私钥签名
	Sign(data []byte) ([]byte, error)

	SignWithOpts(data []byte, opts *SignOpts) ([]byte, error)

	// 返回公钥
	PublicKey() PublicKey

	// 转换为crypto包中的 PrivateKey 接口类
	ToStandardKey() crypto.PrivateKey
}

// 公钥验签接口
type PublicKey interface {
	Key

	// 公钥验签
	Verify(data []byte, sig []byte) (bool, error)

	VerifyWithOpts(data []byte, sig []byte, opts *SignOpts) (bool, error)

	// 转换为crypto包中的 PublicKey 接口类
	ToStandardKey() crypto.PublicKey
}

SignOpts 结构用于为一个签名、验签操作提供灵活的流程变化。其中,Hash 字段可以设置哈希算法,例如 SHA256、SM3 等。UID 字段是 SM2-SM3 签名套件专用字段,用于设置国密局规定的 user ID。

Key 接口定义了密码学公私钥通用的序列化接口,和一个返回密钥算法的 Type() 接口。

PrivateKey 接口用于签名私钥,通常使用的是 SighWithOpts() 接口,其中入参 data 是数据原文,opts是一个 SignOpts 类型的结构,用于指定哈希算法,在 SM2-SM3 签名套件中也用于指定 user ID。在 ChainMaker中应用时,这个哈希算法可能读取自证书中指定的算法套件,也可能来自配置文件设置。

公私钥的序列化

在应用中,公钥、私钥通常会以字符串形式保存在配置文件中或用于传输。前面提到的 Key 接口中的 String() 为公钥提供了序列化为 PEM 格式字符串的能力。

要把字符串形式的公私钥反序列化为对象,可以调用 crypto/asym 包中的 PublicKeyFromPEM() 或 PrivateKeyFromPEM() 接口。ChainMaker 支持的算法都可以用这两个通用接口反序列化公私钥。

证书

ChainMaker 使用的节点、客户端证书需要满足一下要求:

  1. O 字段需要指明节点或客户端所属的组织的名称。
  2. OU 字段需要指明节点或客户端的身份,默认身份有四种:admin、client、consensus、common,分别代表管理员、普通用户、共识节点、普通节点。

Documentation

Index

Constants

View Source
const (
	// 密码算法默认值,若是此项,将采用配置文件中配置的密码算法
	CRYPTO_ALGO_HASH_DEFAULT = ""
	CRYPTO_ALGO_SYM_DEFAULT  = ""
	CRYPTO_ALGO_ASYM_DEFAULT = ""

	// 哈希算法
	CRYPTO_ALGO_SHA256   = "SHA256"
	CRYPTO_ALGO_SHA3_256 = "SHA3_256"
	CRYPTO_ALGO_SM3      = "SM3"

	// 对称加密
	CRYPTO_ALGO_AES    = "AES"
	CRYPTO_ALGO_AES128 = "AES128"
	CRYPTO_ALGO_AES192 = "AES192"
	CRYPTO_ALGO_AES256 = "AES256"
	CRYPTO_ALGO_SM4    = "SM4"

	// 非对称秘钥
	CRYPTO_ALGO_RSA512        = "RSA512"
	CRYPTO_ALGO_RSA1024       = "RSA1024"
	CRYPTO_ALGO_RSA2048       = "RSA2048"
	CRYPTO_ALGO_RSA3072       = "RSA3072"
	CRYPTO_ALGO_SM2           = "SM2"
	CRYPTO_ALGO_ECC_P256      = "ECC_P256"
	CRYPTO_ALGO_ECC_P384      = "ECC_P384"
	CRYPTO_ALGO_ECC_P521      = "ECC_P521"
	CRYPTO_ALGO_ECC_Ed25519   = "ECC_Ed25519"
	CRYPTO_ALGO_ECC_Secp256k1 = "ECC_Secp256k1"

	//后量子密码(非对称)
	CRYPTO_ALGO_DILITHIUM2 = "DILITHIUM2"
)

nolint

View Source
const CRYPTO_DEFAULT_UID = "1234567812345678"

CRYPTO_DEFAULT_UID constant UID for SM2-SM3

View Source
const (
	// SM3 sm3 hash type definition
	SM3 = crypto.Hash(HASH_TYPE_SM3)
)

Variables

AsymAlgoMap all asymmetric algo name:KeyType map

HashAlgoMap all name:HashType map

KeyType2NameMap all keyType:name map

Name2KeyTypeMap all name:keyType map

SymAlgoMap all symmetric algo name:KeyType map

Functions

This section is empty.

Types

type BitsSize

type BitsSize int

BitsSize bit size definition

const (
	BITS_SIZE_128  BitsSize = 128
	BITS_SIZE_192  BitsSize = 192
	BITS_SIZE_256  BitsSize = 256
	BITS_SIZE_512  BitsSize = 512
	BITS_SIZE_1024 BitsSize = 1024
	BITS_SIZE_2048 BitsSize = 2048
	BITS_SIZE_3072 BitsSize = 3072
)

nolint

type DecryptKey

type DecryptKey interface {
	Key

	Decrypt(ciphertext []byte) ([]byte, error)

	DecryptWithOpts(ciphertext []byte, opts *EncOpts) ([]byte, error)

	EncryptKey() EncryptKey
}

DecryptKey decrypt interface definition

type EncOpts

type EncOpts struct {
	EncodingType string
	BlockMode    string
	EnableMAC    bool
	Hash         HashType
	Label        []byte
	EnableASN1   bool
}

EncOpts Encryption options

type EncryptKey

type EncryptKey interface {
	Key

	// Encrypt
	Encrypt(data []byte) ([]byte, error)

	EncryptWithOpts(data []byte, opts *EncOpts) ([]byte, error)
}

EncryptKey encrypt interface definition

type Encryptor added in v2.1.0

type Encryptor interface {
	Encrypt(data []byte) ([]byte, error)
	Decrypt(ciphertext []byte) ([]byte, error)
}

Encryptor encrypt and decrypt interface definition

type HashType

type HashType uint

HashType hash type definition

const (
	// HASH_TYPE_SM3 sm3 HashType
	HASH_TYPE_SM3 HashType = 20
	// HASH_TYPE_SHA256 sha256 HashType
	HASH_TYPE_SHA256 HashType = HashType(crypto.SHA256)
	// HASH_TYPE_SHA3_256 sha3_256 HashType
	HASH_TYPE_SHA3_256 HashType = HashType(crypto.SHA3_256)
)

type Key

type Key interface {
	// 获取秘钥字节数组
	Bytes() ([]byte, error)

	// 获取秘钥类型
	Type() KeyType

	// 获取编码后秘钥(PEM格式)
	String() (string, error)
}

Key key interface definition

type KeyType

type KeyType int

KeyType 秘钥类型

const (
	// 对称秘钥
	AES KeyType = iota
	SM4
	// 非对称秘钥
	RSA512
	RSA1024
	RSA2048
	RSA3072
	SM2
	ECC_Secp256k1
	ECC_NISTP256
	ECC_NISTP384
	ECC_NISTP521
	ECC_Ed25519

	//后量子密码密钥(非对称密钥)
	DILITHIUM2
)

nolint

type PrivateKey

type PrivateKey interface {
	Key

	// 私钥签名
	Sign(data []byte) ([]byte, error)

	SignWithOpts(data []byte, opts *SignOpts) ([]byte, error)

	// 返回公钥
	PublicKey() PublicKey

	// 转换为crypto包中的 PrivateKey 接口类
	ToStandardKey() crypto.PrivateKey
}

PrivateKey private key signing interface definition

type PublicKey

type PublicKey interface {
	Key

	// 公钥验签
	Verify(data []byte, sig []byte) (bool, error)

	VerifyWithOpts(data []byte, sig []byte, opts *SignOpts) (bool, error)

	// 转换为crypto包中的 PublicKey 接口类
	ToStandardKey() crypto.PublicKey
}

PublicKey public key verifying interface definition

type SignOpts

type SignOpts struct {
	Hash         HashType
	UID          string
	EncodingType string
}

SignOpts Signing options

type SymmetricKey

type SymmetricKey interface {
	Key

	// 加密接口
	Encrypt(plain []byte) ([]byte, error)
	EncryptWithOpts(plain []byte, opts *EncOpts) ([]byte, error)

	// 解密接口
	Decrypt(ciphertext []byte) ([]byte, error)
	DecryptWithOpts(ciphertext []byte, opts *EncOpts) ([]byte, error)
}

SymmetricKey symmetric encryt and decrypt interface definition

Directories

Path Synopsis
dilithium
nolint
nolint
ecdsa
nolint
nolint
rsa
nolint
nolint
sm2
nolint
nolint
hibe_amd64/hibe
Package hibe implements the cryptosystem described in the paper "Hierarchical Identity Based Encyprtion with Constant Size Ciphertext" by Boneh, Boyen, and Goh.
Package hibe implements the cryptosystem described in the paper "Hierarchical Identity Based Encyprtion with Constant Size Ciphertext" by Boneh, Boyen, and Goh.
hibe_amd64/hibe/bn256
Package bn256 implements a particular bilinear group at the 128-bit security level.
Package bn256 implements a particular bilinear group at the 128-bit security level.
hibe_noamd64/hibe
Package hibe implements the cryptosystem described in the paper "Hierarchical Identity Based Encyprtion with Constant Size Ciphertext" by Boneh, Boyen, and Goh.
Package hibe implements the cryptosystem described in the paper "Hierarchical Identity Based Encyprtion with Constant Size Ciphertext" by Boneh, Boyen, and Goh.
hibe_noamd64/hibe/bn256
Package bn256 implements a particular bilinear group.
Package bn256 implements a particular bilinear group.
hsm
kms
Package kms config
Package kms config
nolint
nolint
nolint
nolint
nolint
sdf
nolint
nolint
base
nolint
nolint
sym
aes
nolint
nolint
modes
nolint
nolint
sm4
nolint
nolint
tls
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.
wss

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL