Documentation ¶
Overview ¶
Package sm2 handle shangmi sm2 digital signature and public key encryption algorithm and its curve implementation
Index ¶
- Constants
- Variables
- func ASN1Ciphertext2Plain(ciphertext []byte, opts *EncrypterOpts) ([]byte, error)
- func AdjustCiphertextSplicingOrder(ciphertext []byte, from, to ciphertextSplicingOrder) ([]byte, error)
- func CalculateZA(pub *ecdsa.PublicKey, uid []byte) ([]byte, error)
- func Decrypt(priv *PrivateKey, ciphertext []byte) ([]byte, error)
- func Encrypt(random io.Reader, pub *ecdsa.PublicKey, msg []byte, opts *EncrypterOpts) ([]byte, error)
- func EncryptASN1(random io.Reader, pub *ecdsa.PublicKey, msg []byte) ([]byte, error)
- func IsSM2PublicKey(publicKey interface{}) bool
- func P256() elliptic.Curve
- func PlainCiphertext2ASN1(ciphertext []byte, from ciphertextSplicingOrder) ([]byte, error)
- func Sign(rand io.Reader, priv *ecdsa.PrivateKey, hash []byte) (r, s *big.Int, err error)
- func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte, opts crypto.SignerOpts) ([]byte, error)
- func SignWithSM2(rand io.Reader, priv *ecdsa.PrivateKey, uid, msg []byte) (r, s *big.Int, err error)
- func Verify(pub *ecdsa.PublicKey, hash []byte, r, s *big.Int) bool
- func VerifyASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool
- func VerifyASN1WithSM2(pub *ecdsa.PublicKey, uid, msg, sig []byte) bool
- func VerifyWithSM2(pub *ecdsa.PublicKey, uid, msg []byte, r, s *big.Int) bool
- type DecrypterOpts
- type EncrypterOpts
- type KeyExchange
- func (ke *KeyExchange) ConfirmInitiator(s1 []byte) ([]byte, error)
- func (ke *KeyExchange) ConfirmResponder(rB *ecdsa.PublicKey, sB []byte) ([]byte, []byte, error)
- func (ke *KeyExchange) Destroy()
- func (ke *KeyExchange) InitKeyExchange(rand io.Reader) (*ecdsa.PublicKey, error)
- func (ke *KeyExchange) RepondKeyExchange(rand io.Reader, rA *ecdsa.PublicKey) (*ecdsa.PublicKey, []byte, error)
- func (ke *KeyExchange) SetPeerParameters(peerPub *ecdsa.PublicKey, peerUID []byte) error
- type PrivateKey
- func (priv *PrivateKey) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)
- func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool
- func (priv *PrivateKey) FromECPrivateKey(key *ecdsa.PrivateKey) (*PrivateKey, error)
- func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
- func (priv *PrivateKey) SignWithSM2(rand io.Reader, uid, msg []byte) ([]byte, error)
- type SM2SignerOption
- type Signer
Constants ¶
const ( //MarshalUncompressed uncompressed mashal mode MarshalUncompressed pointMarshalMode = iota //MarshalCompressed compressed mashal mode MarshalCompressed //MarshalHybrid hybrid mashal mode MarshalHybrid )
const ( C1C3C2 ciphertextSplicingOrder = iota C1C2C3 )
const ( ENCODING_PLAIN ciphertextEncoding = iota ENCODING_ASN1 )
Variables ¶
var ASN1DecrypterOpts = &DecrypterOpts{ENCODING_ASN1, C1C3C2}
var ASN1EncrypterOpts = &EncrypterOpts{ENCODING_ASN1, MarshalUncompressed, C1C3C2}
Functions ¶
func ASN1Ciphertext2Plain ¶ added in v0.7.0
func ASN1Ciphertext2Plain(ciphertext []byte, opts *EncrypterOpts) ([]byte, error)
ASN1Ciphertext2Plain utility method to convert ASN.1 encoding ciphertext to plain encoding format
func AdjustCiphertextSplicingOrder ¶ added in v0.7.0
func AdjustCiphertextSplicingOrder(ciphertext []byte, from, to ciphertextSplicingOrder) ([]byte, error)
AdjustCiphertextSplicingOrder utility method to change c2 c3 order
func CalculateZA ¶ added in v0.1.2
CalculateZA ZA = H256(ENTLA || IDA || a || b || xG || yG || xA || yA). Compliance with GB/T 32918.2-2016 5.5
func Decrypt ¶
func Decrypt(priv *PrivateKey, ciphertext []byte) ([]byte, error)
Decrypt sm2 decrypt implementation by default DecrypterOpts{C1C3C2}. Compliance with GB/T 32918.4-2016.
func Encrypt ¶
func Encrypt(random io.Reader, pub *ecdsa.PublicKey, msg []byte, opts *EncrypterOpts) ([]byte, error)
Encrypt sm2 encrypt implementation, compliance with GB/T 32918.4-2016.
func EncryptASN1 ¶ added in v0.7.0
EncryptASN1 sm2 encrypt and output ASN.1 result, compliance with GB/T 32918.4-2016.
func IsSM2PublicKey ¶ added in v0.4.8
func IsSM2PublicKey(publicKey interface{}) bool
IsSM2PublicKey check if given public key is a SM2 public key or not
func PlainCiphertext2ASN1 ¶ added in v0.7.0
PlainCiphertext2ASN1 utility method to convert plain encoding ciphertext to ASN.1 encoding format
func Sign ¶ added in v0.1.2
Sign signs a hash (which should be the result of hashing a larger message) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. It returns the signature as a pair of integers. Most applications should use SignASN1 instead of dealing directly with r, s.
Compliance with GB/T 32918.2-2016 regardless it's SM2 curve or not.
func SignASN1 ¶ added in v0.4.8
func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte, opts crypto.SignerOpts) ([]byte, error)
SignASN1 signs a hash (which should be the result of hashing a larger message) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. It returns the ASN.1 encoded signature. It invokes priv.Sign directly.
func SignWithSM2 ¶ added in v0.1.2
func SignWithSM2(rand io.Reader, priv *ecdsa.PrivateKey, uid, msg []byte) (r, s *big.Int, err error)
SignWithSM2 follow sm2 dsa standards for hash part, compliance with GB/T 32918.2-2016.
func Verify ¶ added in v0.1.2
Verify verifies the signature in r, s of hash using the public key, pub. Its return value records whether the signature is valid. Most applications should use VerifyASN1 instead of dealing directly with r, s.
Compliance with GB/T 32918.2-2016 regardless it's SM2 curve or not. Caller should make sure the hash's correctness.
func VerifyASN1 ¶ added in v0.4.8
VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the public key, pub. Its return value records whether the signature is valid.
Compliance with GB/T 32918.2-2016 regardless it's SM2 curve or not. Caller should make sure the hash's correctness.
func VerifyASN1WithSM2 ¶ added in v0.4.8
VerifyASN1WithSM2 verifies the signature in ASN.1 encoding format sig of raw msg and uid using the public key, pub.
It returns value records whether the signature is valid. Compliance with GB/T 32918.2-2016.
Types ¶
type DecrypterOpts ¶ added in v0.6.0
type DecrypterOpts struct { CiphertextEncoding ciphertextEncoding CipherTextSplicingOrder ciphertextSplicingOrder }
DecrypterOpts decryption options
func NewPlainDecrypterOpts ¶ added in v0.7.0
func NewPlainDecrypterOpts(splicingOrder ciphertextSplicingOrder) *DecrypterOpts
type EncrypterOpts ¶ added in v0.3.0
type EncrypterOpts struct { CiphertextEncoding ciphertextEncoding PointMarshalMode pointMarshalMode CiphertextSplicingOrder ciphertextSplicingOrder }
EncrypterOpts encryption options
func NewPlainEncrypterOpts ¶ added in v0.7.0
func NewPlainEncrypterOpts(marhsalMode pointMarshalMode, splicingOrder ciphertextSplicingOrder) *EncrypterOpts
type KeyExchange ¶ added in v0.13.3
type KeyExchange struct {
// contains filtered or unexported fields
}
KeyExchange key exchange struct, include internal stat in whole key exchange flow. Initiator's flow will be: NewKeyExchange -> InitKeyExchange -> transmission -> ConfirmResponder Responder's flow will be: NewKeyExchange -> waiting ... -> RepondKeyExchange -> transmission -> ConfirmInitiator
func NewKeyExchange ¶ added in v0.13.3
func NewKeyExchange(priv *PrivateKey, peerPub *ecdsa.PublicKey, uid, peerUID []byte, keyLen int, genSignature bool) (ke *KeyExchange, err error)
NewKeyExchange create one new KeyExchange object
在部分场景中,在初始 KeyExchange 时暂时没有对端的公开信息(如公钥、UID),这些信息可能需要在后续的交换中得到。 这种情况下,可设置 peerPub、peerUID 参数为 nil,并在合适的时候通过 KeyExchange.SetPeerParameters 方法配置相关参数。 注意 KeyExchange.SetPeerParameters 方法必须要在 KeyExchange.RepondKeyExchange 或 KeyExchange.RepondKeyExchange 方法之前调用。
func (*KeyExchange) ConfirmInitiator ¶ added in v0.13.3
func (ke *KeyExchange) ConfirmInitiator(s1 []byte) ([]byte, error)
ConfirmInitiator for responder's step B10
func (*KeyExchange) ConfirmResponder ¶ added in v0.13.3
ConfirmResponder for initiator's step A4-A10, returns keying data and optional signature.
It will check if there are peer's public key and validate the peer's Ephemeral Public Key.
If the peer's signature is not empty, then it will also validate the peer's signature and return generated signature depends on KeyExchange.genSignature value.
func (*KeyExchange) Destroy ¶ added in v0.14.0
func (ke *KeyExchange) Destroy()
Destroy clear all internal state and Ephemeral private/public keys.
func (*KeyExchange) InitKeyExchange ¶ added in v0.13.3
InitKeyExchange is for initiator's step A1-A3, returns generated Ephemeral Public Key which will be passed to Reponder.
func (*KeyExchange) RepondKeyExchange ¶ added in v0.13.3
func (ke *KeyExchange) RepondKeyExchange(rand io.Reader, rA *ecdsa.PublicKey) (*ecdsa.PublicKey, []byte, error)
RepondKeyExchange is for responder's step B1-B8, returns generated Ephemeral Public Key and optional signature depends on KeyExchange.genSignature value.
It will check if there are peer's public key and validate the peer's Ephemeral Public Key.
func (*KeyExchange) SetPeerParameters ¶ added in v0.13.7
func (ke *KeyExchange) SetPeerParameters(peerPub *ecdsa.PublicKey, peerUID []byte) error
SetPeerParameters 设置对端公开信息,该方法用于某些初期状态无法取得对端公开参数的场景。 例如:在TLCP协议中,基于SM2算法ECDHE过程。
注意该方法仅在 NewKeyExchange 没有提供 peerPub、peerUID参数时允许被调用, 且该方法只能调用一次不可重复调用,若多次调用或peerPub、peerUID已经存在则会发生错误。
type PrivateKey ¶ added in v0.1.2
type PrivateKey struct {
ecdsa.PrivateKey
}
PrivateKey represents an ECDSA SM2 private key. It implemented both crypto.Decrypter and crypto.Signer interfaces.
func GenerateKey ¶ added in v0.1.2
func GenerateKey(rand io.Reader) (*PrivateKey, error)
GenerateKey generates a public and private key pair.
func (*PrivateKey) Decrypt ¶ added in v0.3.0
func (priv *PrivateKey) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)
Decrypt decrypts ciphertext msg to plaintext. The opts argument should be appropriate for the primitive used. Compliance with GB/T 32918.4-2016 chapter 7.
func (*PrivateKey) Equal ¶ added in v0.11.1
func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool
func (*PrivateKey) FromECPrivateKey ¶ added in v0.3.0
func (priv *PrivateKey) FromECPrivateKey(key *ecdsa.PrivateKey) (*PrivateKey, error)
FromECPrivateKey convert an ecdsa private key to SM2 private key.
func (*PrivateKey) Sign ¶ added in v0.1.2
func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign signs digest with priv, reading randomness from rand. Compliance with GB/T 32918.2-2016. The opts argument is currently used for SM2SignerOption checking only. If the opts argument is SM2SignerOption and its ForceGMSign is true, digest argument will be treated as raw data and UID will be taken from opts.
This method implements crypto.Signer, which is an interface to support keys where the private part is kept in, for example, a hardware module. Common uses can use the SignASN1 function in this package directly.
func (*PrivateKey) SignWithSM2 ¶ added in v0.2.2
SignWithSM2 signs uid, msg with priv, reading randomness from rand. Compliance with GB/T 32918.2-2016. Deprecated: please use Sign method directly.
type SM2SignerOption ¶ added in v0.4.8
SM2SignerOption implements crypto.SignerOpts interface. It is specific for SM2, used in private key's Sign method.
func NewSM2SignerOption ¶ added in v0.4.8
func NewSM2SignerOption(forceGMSign bool, uid []byte) *SM2SignerOption
NewSM2SignerOption create a SM2 specific signer option. forceGMSign - if use GM specific sign logic, if yes, should pass raw message to sign. uid - if forceGMSign is true, then you can pass uid, if no uid is provided, system will use default one.
func (*SM2SignerOption) HashFunc ¶ added in v0.4.8
func (*SM2SignerOption) HashFunc() crypto.Hash