sm9

package
v1.0.5007 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 24, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	EncTypeXOR int = 0
	EncTypeECB int = 1
	EncTypeCBC int = 2
	EncTypeOFB int = 4
	EncTypeCFB int = 8
)
View Source
const (
	// hashmode used in h1: 0x01
	H1 hashMode = iota + 1
	// hashmode used in h2: 0x02
	H2
)
View Source
const DefaultEncryptHid byte = 0x03

默认 HID

View Source
const DefaultSignHid byte = 0x01

默认 HID

Variables

View Source
var (
	ErrDecryption = errors.New("sm9: decryption error")

	ErrEmptyPlaintext = errors.New("sm9: empty plaintext")
)
View Source
var (
	// HmacSM3
	HmacSM3Hash = NewHashHmac(sm3.New)

	// HmacSHA256
	HmacSHA256Hash = NewHashHmac(sha256.New)

	// SM3Hash
	SM3Hash = NewHashMac(sm3.New)

	// SHA256Hash
	SHA256Hash = NewHashMac(sha256.New)

	// Default Hash
	DefaultHash = SM3Hash
)
View Source
var DefaultEncrypt = SM4CBCEncrypt

Default Encrypt

View Source
var DefaultOpts = &Opts{
	Encrypt: DefaultEncrypt,
	Hash:    DefaultHash,
}

SM4CBCEncrypt option represents SM4 CBC mode

SM4CFBEncrypt option represents SM4 CFB mode

SM4ECBEncrypt option represents SM4 ECB mode

SM4OFBEncrypt option represents SM4 OFB mode

View Source
var XorEncrypt = NewXOREncrypt()

XorEncrypt default option represents XOR mode

Functions

func Decrypt added in v1.0.2040

func Decrypt(priv *EncryptPrivateKey, uid, ciphertext []byte, opts *Opts) ([]byte, error)

Decrypt

func DecryptASN1 added in v1.0.2040

func DecryptASN1(priv *EncryptPrivateKey, uid, ciphertext []byte, opts *Opts) ([]byte, error)

func Encrypt added in v1.0.2040

func Encrypt(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, plaintext []byte, opts *Opts) ([]byte, error)

Encrypt

func EncryptASN1 added in v1.0.2040

func EncryptASN1(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, plaintext []byte, opts *Opts) ([]byte, error)

func EncryptMasterPrivateKeyTo added in v1.0.3030

func EncryptMasterPrivateKeyTo(priv *EncryptMasterPrivateKey) []byte

输出加密私钥明文

func EncryptMasterPublicKeyTo added in v1.0.3030

func EncryptMasterPublicKeyTo(pub *EncryptMasterPublicKey) []byte

输出加密主公钥明文

func EncryptPrivateKeyTo added in v1.0.3030

func EncryptPrivateKeyTo(priv *EncryptPrivateKey) []byte

输出明文

func Equal added in v1.0.2040

func Equal(b1, b2 []byte) bool

func MarshalPrivateKey added in v1.0.2040

func MarshalPrivateKey(key any) ([]byte, error)

func MarshalPublicKey added in v1.0.2040

func MarshalPublicKey(key any) ([]byte, error)

func ParsePrivateKey added in v1.0.2040

func ParsePrivateKey(der []byte) (any, error)

func ParsePublicKey added in v1.0.2040

func ParsePublicKey(der []byte) (key any, err error)

func Sign

func Sign(rand io.Reader, pri *SignPrivateKey, msg []byte) (h *big.Int, s *sm9curve.G1, err error)

sm9 sign algorithm: A1:compute g = e(P1,Ppub); A2:choose random num r in [1,n-1]; A3:compute w = g^r; A4:compute h = H2(M||w,n); A5:compute l = (r-h) mod n, if l = 0 goto A2; A6:compute S = l·sk.

func SignASN1 added in v1.0.2040

func SignASN1(rand io.Reader, priv *SignPrivateKey, hash []byte) ([]byte, error)

func SignMasterPrivateKeyTo added in v1.0.3030

func SignMasterPrivateKeyTo(priv *SignMasterPrivateKey) []byte

输出签名主私钥明文

func SignMasterPublicKeyTo added in v1.0.3030

func SignMasterPublicKeyTo(pub *SignMasterPublicKey) []byte

输出签名主公钥明文

func SignPrivateKeyTo added in v1.0.3030

func SignPrivateKeyTo(priv *SignPrivateKey) []byte

输出签名私钥明文

func UnwrapKey added in v1.0.2040

func UnwrapKey(priv *EncryptPrivateKey, uid []byte, cipher *sm9curve.G1, kLen int) ([]byte, error)

UnwrapKey unwraps key from cipher, user id and aligned key length

func Verify

func Verify(pub *SignMasterPublicKey, id []byte, hid byte, msg []byte, h *big.Int, s *sm9curve.G1) bool

sm9 verify algorithm(given h',S', message M' and user's id): B1:compute g = e(P1,Ppub); B2:compute t = g^h'; B3:compute h1 = H1(id||hid,n); B4:compute P = h1·P2+Ppub; B5:compute u = e(S',P); B6:compute w' = u·t; B7:compute h2 = H2(M'||w',n), check if h2 = h'.

func VerifyASN1 added in v1.0.2040

func VerifyASN1(pub *SignMasterPublicKey, uid []byte, hid byte, hash, sig []byte) bool

func WrapKey added in v1.0.2040

func WrapKey(random io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, kLen int) (key []byte, C1 *sm9curve.G1, err error)

Types

type CBCEncrypt added in v1.0.2040

type CBCEncrypt struct {
	// contains filtered or unexported fields
}

func (*CBCEncrypt) Decrypt added in v1.0.2040

func (this *CBCEncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*CBCEncrypt) Encrypt added in v1.0.2040

func (this *CBCEncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*CBCEncrypt) KeySize added in v1.0.2040

func (this *CBCEncrypt) KeySize() int

func (*CBCEncrypt) Type added in v1.0.2040

func (this *CBCEncrypt) Type() int

type CFBEncrypt added in v1.0.2040

type CFBEncrypt struct {
	// contains filtered or unexported fields
}

CFBEncrypt represents CFB (Cipher Feedback) mode.

func (*CFBEncrypt) Decrypt added in v1.0.2040

func (this *CFBEncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*CFBEncrypt) Encrypt added in v1.0.2040

func (this *CFBEncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*CFBEncrypt) KeySize added in v1.0.2040

func (this *CFBEncrypt) KeySize() int

func (*CFBEncrypt) Type added in v1.0.2040

func (this *CFBEncrypt) Type() int

type ECBEncrypt added in v1.0.2040

type ECBEncrypt struct {
	// contains filtered or unexported fields
}

ECBEncrypt represents ECB (Electronic Code Book) mode.

func (*ECBEncrypt) Decrypt added in v1.0.2040

func (this *ECBEncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*ECBEncrypt) Encrypt added in v1.0.2040

func (this *ECBEncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

func (*ECBEncrypt) KeySize added in v1.0.2040

func (this *ECBEncrypt) KeySize() int

func (*ECBEncrypt) Type added in v1.0.2040

func (this *ECBEncrypt) Type() int

type EncryptMasterPrivateKey added in v1.0.2040

type EncryptMasterPrivateKey struct {
	EncryptMasterPublicKey
	D *big.Int
}

func GenerateEncryptMasterKey added in v1.0.2040

func GenerateEncryptMasterKey(rand io.Reader) (mk *EncryptMasterPrivateKey, err error)

generate matser's secret encrypt key.

func NewEncryptMasterPrivateKey added in v1.0.2040

func NewEncryptMasterPrivateKey(bytes []byte) (priv *EncryptMasterPrivateKey, err error)

解析加密主私钥明文

func (*EncryptMasterPrivateKey) Equal added in v1.0.2040

Equal reports whether priv and x have the same value.

func (*EncryptMasterPrivateKey) GenerateUserKey added in v1.0.2040

func (priv *EncryptMasterPrivateKey) GenerateUserKey(id []byte, hid byte) (uk *EncryptPrivateKey, err error)

generate user's secret key.

func (*EncryptMasterPrivateKey) Marshal added in v1.0.2040

func (priv *EncryptMasterPrivateKey) Marshal() []byte

func (*EncryptMasterPrivateKey) Public added in v1.0.2040

func (priv *EncryptMasterPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*EncryptMasterPrivateKey) PublicKey added in v1.0.2040

func (*EncryptMasterPrivateKey) Unmarshal added in v1.0.2040

func (priv *EncryptMasterPrivateKey) Unmarshal(bytes []byte) (err error)

type EncryptMasterPublicKey added in v1.0.2040

type EncryptMasterPublicKey struct {
	Mpk *sm9curve.G1
}

func NewEncryptMasterPublicKey added in v1.0.2040

func NewEncryptMasterPublicKey(bytes []byte) (pub *EncryptMasterPublicKey, err error)

解析加密主公钥明文

func (*EncryptMasterPublicKey) Encrypt added in v1.0.2040

func (pub *EncryptMasterPublicKey) Encrypt(rand io.Reader, uid []byte, hid byte, plaintext []byte, enc IEncrypt) ([]byte, error)

func (*EncryptMasterPublicKey) Equal added in v1.0.2040

Equal reports whether pub and x have the same value.

func (*EncryptMasterPublicKey) GenerateUserPublicKey added in v1.0.2040

func (pub *EncryptMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) (*sm9curve.G1, error)

func (*EncryptMasterPublicKey) Marshal added in v1.0.2040

func (pub *EncryptMasterPublicKey) Marshal() []byte

func (*EncryptMasterPublicKey) MarshalCompress added in v1.0.2040

func (pub *EncryptMasterPublicKey) MarshalCompress() []byte

func (*EncryptMasterPublicKey) Unmarshal added in v1.0.2040

func (pub *EncryptMasterPublicKey) Unmarshal(bytes []byte) (err error)

func (*EncryptMasterPublicKey) UnmarshalCompress added in v1.0.2040

func (pub *EncryptMasterPublicKey) UnmarshalCompress(bytes []byte) (err error)

type EncryptPrivateKey added in v1.0.2040

type EncryptPrivateKey struct {
	Sk *sm9curve.G2
	EncryptMasterPublicKey
}

func GenerateEncryptUserKey added in v1.0.2040

func GenerateEncryptUserKey(priv *EncryptMasterPrivateKey, id []byte, hid byte) (*EncryptPrivateKey, error)

generate user's secret encrypt key.

func NewEncryptPrivateKey added in v1.0.2040

func NewEncryptPrivateKey(bytes []byte) (priv *EncryptPrivateKey, err error)

解析加密私钥明文

func (*EncryptPrivateKey) Decrypt added in v1.0.2040

func (priv *EncryptPrivateKey) Decrypt(uid, msg []byte) (plaintext []byte, err error)

func (*EncryptPrivateKey) Equal added in v1.0.2040

func (priv *EncryptPrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (*EncryptPrivateKey) Marshal added in v1.0.2040

func (priv *EncryptPrivateKey) Marshal() []byte

func (*EncryptPrivateKey) Public added in v1.0.2040

func (priv *EncryptPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*EncryptPrivateKey) PublicKey added in v1.0.2040

func (priv *EncryptPrivateKey) PublicKey() *EncryptMasterPublicKey

func (*EncryptPrivateKey) Unmarshal added in v1.0.2040

func (priv *EncryptPrivateKey) Unmarshal(bytes []byte) (err error)

type HashHmac added in v1.0.2040

type HashHmac struct {
	// contains filtered or unexported fields
}

func (*HashHmac) Mac added in v1.0.2041

func (this *HashHmac) Mac(k, c []byte) []byte

func (*HashHmac) Size added in v1.0.2040

func (this *HashHmac) Size() int

type HashMac added in v1.0.2040

type HashMac struct {
	// contains filtered or unexported fields
}

func (*HashMac) Mac added in v1.0.2041

func (this *HashMac) Mac(k, c []byte) []byte

func (*HashMac) Size added in v1.0.2040

func (this *HashMac) Size() int

type IEncrypt added in v1.0.2040

type IEncrypt interface {
	// Type
	Type() int

	// KeySize
	KeySize() int

	// Encrypt
	Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

	// Decrypt
	Decrypt(key, ciphertext []byte) ([]byte, error)
}

IEncrypt

func GetEncryptType added in v1.0.2040

func GetEncryptType(encType int) IEncrypt

func NewCBCEncrypt added in v1.0.2040

func NewCBCEncrypt(cipherFunc cipherFunc, keySize int) IEncrypt

func NewCFBEncrypt added in v1.0.2040

func NewCFBEncrypt(cipherFunc cipherFunc, keySize int) IEncrypt

func NewECBEncrypt added in v1.0.2040

func NewECBEncrypt(cipherFunc cipherFunc, keySize int) IEncrypt

func NewOFBEncrypt added in v1.0.2040

func NewOFBEncrypt(cipherFunc cipherFunc, keySize int) IEncrypt

func NewXOREncrypt added in v1.0.2040

func NewXOREncrypt() IEncrypt

type IHash added in v1.0.2040

type IHash interface {
	// Size
	Size() int

	// Mac
	Mac(k, c []byte) []byte
}

IHash

func NewHashHmac added in v1.0.2040

func NewHashHmac(h func() go_hash.Hash) IHash

func NewHashMac added in v1.0.2040

func NewHashMac(h func() go_hash.Hash) IHash

type KeyExchange added in v1.0.2040

type KeyExchange struct {
	// contains filtered or unexported fields
}

KeyExchange represents key exchange struct, include internal stat in whole key exchange flow. Initiator's flow will be: NewKeyExchange -> InitKeyExchange -> transmission -> ConfirmResponder Responder's flow will be: NewKeyExchange -> waiting ... -> Repond -> transmission -> ConfirmInitiator

func NewKeyExchange added in v1.0.2040

func NewKeyExchange(priv *EncryptPrivateKey, uid, peerUID []byte, keyLen int, genSignature bool) *KeyExchange

NewKeyExchange creates one new KeyExchange object

func (*KeyExchange) ConfirmInitiator added in v1.0.2040

func (ke *KeyExchange) ConfirmInitiator(s1 []byte) ([]byte, error)

ConfirmInitiator for responder's step B8

func (*KeyExchange) ConfirmResponder added in v1.0.2040

func (ke *KeyExchange) ConfirmResponder(rB *sm9curve.G1, sB []byte) ([]byte, []byte, error)

ConfirmResponder for initiator's step A5-A7

func (*KeyExchange) Init added in v1.0.2052

func (ke *KeyExchange) Init(rand io.Reader, hid byte) (*sm9curve.G1, error)

Init generates random with responder uid, for initiator's step A1-A4

func (*KeyExchange) Repond added in v1.0.2052

func (ke *KeyExchange) Repond(rand io.Reader, hid byte, rA *sm9curve.G1) (*sm9curve.G1, []byte, error)

Repond when responder receive rA, for responder's step B1-B7

func (*KeyExchange) Reset added in v1.0.2040

func (ke *KeyExchange) Reset()

Reset clears all internal state and Ephemeral private/public keys

type OFBEncrypt added in v1.0.2040

type OFBEncrypt struct {
	// contains filtered or unexported fields
}

OFBEncrypt represents OFB (Output Feedback) mode.

func (*OFBEncrypt) Decrypt added in v1.0.2040

func (this *OFBEncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*OFBEncrypt) Encrypt added in v1.0.2040

func (this *OFBEncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*OFBEncrypt) KeySize added in v1.0.2040

func (this *OFBEncrypt) KeySize() int

func (*OFBEncrypt) Type added in v1.0.2040

func (this *OFBEncrypt) Type() int

type Opts added in v1.0.2040

type Opts struct {
	Encrypt IEncrypt
	Hash    IHash
}

type SignMasterPrivateKey added in v1.0.2040

type SignMasterPrivateKey struct {
	SignMasterPublicKey
	D *big.Int
}

SignMasterPrivateKey contains a master secret key and a master public key.

func GenerateSignMasterKey added in v1.0.2040

func GenerateSignMasterKey(rand io.Reader) (mk *SignMasterPrivateKey, err error)

generate master key for KGC(Key Generate Center).

func NewSignMasterPrivateKey added in v1.0.2040

func NewSignMasterPrivateKey(bytes []byte) (priv *SignMasterPrivateKey, err error)

解析签名主私钥明文

func (*SignMasterPrivateKey) Equal added in v1.0.2040

func (priv *SignMasterPrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (*SignMasterPrivateKey) GenerateUserKey added in v1.0.2040

func (priv *SignMasterPrivateKey) GenerateUserKey(id []byte, hid byte) (uk *SignPrivateKey, err error)

generate user's secret key.

func (*SignMasterPrivateKey) Marshal added in v1.0.2040

func (priv *SignMasterPrivateKey) Marshal() []byte

func (*SignMasterPrivateKey) Public added in v1.0.2040

func (priv *SignMasterPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*SignMasterPrivateKey) PublicKey added in v1.0.2040

func (priv *SignMasterPrivateKey) PublicKey() *SignMasterPublicKey

func (*SignMasterPrivateKey) Unmarshal added in v1.0.2040

func (priv *SignMasterPrivateKey) Unmarshal(bytes []byte) (err error)

type SignMasterPublicKey added in v1.0.2040

type SignMasterPublicKey struct {
	Mpk *sm9curve.G2
}

G2Bytes = G2.Marshal()

func NewSignMasterPublicKey added in v1.0.2040

func NewSignMasterPublicKey(bytes []byte) (pub *SignMasterPublicKey, err error)

解析签名主公钥明文

func (*SignMasterPublicKey) Equal added in v1.0.2040

func (pub *SignMasterPublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether pub and x have the same value.

func (*SignMasterPublicKey) GenerateUserPublicKey added in v1.0.2040

func (pub *SignMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) (*sm9curve.G2, error)

func (*SignMasterPublicKey) Marshal added in v1.0.2040

func (pub *SignMasterPublicKey) Marshal() []byte

func (*SignMasterPublicKey) MarshalCompress added in v1.0.2040

func (pub *SignMasterPublicKey) MarshalCompress() []byte

压缩明文

func (*SignMasterPublicKey) Unmarshal added in v1.0.2040

func (pub *SignMasterPublicKey) Unmarshal(bytes []byte) (err error)

func (*SignMasterPublicKey) UnmarshalCompress added in v1.0.2040

func (pub *SignMasterPublicKey) UnmarshalCompress(bytes []byte) (err error)

解压缩明文

func (*SignMasterPublicKey) Verify added in v1.0.2040

func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, sig []byte) bool

type SignPrivateKey added in v1.0.2040

type SignPrivateKey struct {
	Sk *sm9curve.G1
	SignMasterPublicKey
}

SignPrivateKey contains a secret key. G1Bytes = G1.Marshal()

func GenerateSignUserKey added in v1.0.2040

func GenerateSignUserKey(mk *SignMasterPrivateKey, id []byte, hid byte) (*SignPrivateKey, error)

generate user's secret key.

func NewSignPrivateKey added in v1.0.2040

func NewSignPrivateKey(bytes []byte) (priv *SignPrivateKey, err error)

解析签名私钥明文

func (*SignPrivateKey) Equal added in v1.0.2040

func (priv *SignPrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (*SignPrivateKey) Marshal added in v1.0.2040

func (priv *SignPrivateKey) Marshal() []byte

func (*SignPrivateKey) Public added in v1.0.2040

func (priv *SignPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*SignPrivateKey) PublicKey added in v1.0.2040

func (priv *SignPrivateKey) PublicKey() *SignMasterPublicKey

func (*SignPrivateKey) Sign added in v1.0.2040

func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte) ([]byte, error)

Sign

func (*SignPrivateKey) Unmarshal added in v1.0.2040

func (priv *SignPrivateKey) Unmarshal(bytes []byte) (err error)

type XOREncrypt added in v1.0.2040

type XOREncrypt struct{}

XOREncrypt represents XOR mode.

func (*XOREncrypt) Decrypt added in v1.0.2040

func (this *XOREncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*XOREncrypt) Encrypt added in v1.0.2040

func (this *XOREncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

func (*XOREncrypt) KeySize added in v1.0.2040

func (this *XOREncrypt) KeySize() int

func (*XOREncrypt) Type added in v1.0.2040

func (this *XOREncrypt) Type() int

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL