sm9

package
v0.26.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2024 License: MIT Imports: 20 Imported by: 4

README

SM9 current supported functions:

  • Keys generation(密钥生成)
  • Sign/Verify (数字签名算法)
  • Key Exchange (密钥交换协议)
  • Wrap/Unwrap Key (密钥封装机制)
  • Encryption/Decryption (公钥加密算法)

Reference

  • Information security technology—Identity-based cryptographic algorithms SM9—Part 1:General《GB/T 38635.1-2020 信息安全技术 SM9标识密码算法 第1部分:总则》
  • Information security technology—Identity-based cryptographic algorithms SM9—Part 2:Algorithms《GB/T 38635.2-2020 信息安全技术 SM9标识密码算法 第2部分:算法》
  • Information security technology—SM9 cryptographic algorithm application specification《GB/T 41389-2022 信息安全技术 SM9密码算法使用规范》

您可以从国家标准全文公开系统在线阅读这些标准。

SM9 current performance (for reference only):

SM9 Sign/Verify/Enc/Dec Benchmark

goos: windows
goarch: amd64
pkg: github.com/emmansun/gmsm/sm9
cpu: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
BenchmarkSign-8          	    3492	    319540 ns/op	   19752 B/op	     545 allocs/op
BenchmarkVerify-8        	     806	   1475192 ns/op	  161320 B/op	    3894 allocs/op
BenchmarkEncrypt-8       	    3351	    357549 ns/op	   20971 B/op	     551 allocs/op
BenchmarkDecrypt-8       	    1052	   1135588 ns/op	  142868 B/op	    3356 allocs/op
BenchmarkDecryptASN1-8   	    1063	   1129712 ns/op	  142888 B/op	    3358 allocs/op

SM9 Generate User Sign/Encrypt Private Key Benchmark

goos: windows
goarch: amd64
pkg: github.com/emmansun/gmsm/sm9
cpu: Intel(R) Core(TM) i5-8265U CPU @ 1.60GHz
BenchmarkGenerateSignPrivKey-8      	   18608	     65422 ns/op	     944 B/op	      14 allocs/op
BenchmarkGenerateEncryptPrivKey-8   	    8486	    151201 ns/op	    1072 B/op	      14 allocs/op

Documentation

Overview

Package sm9 implements ShangMi(SM) sm9 digital signature, encryption and key exchange algorithms.

Index

Examples

Constants

View Source 
const (
	// hashmode used in h1: 0x01
	H1 hashMode = 1 + iota
	// hashmode used in h2: 0x02
	H2
)
View Source 
const (
	ENC_TYPE_XOR encryptType = 0
	ENC_TYPE_ECB encryptType = 1
	ENC_TYPE_CBC encryptType = 2
	ENC_TYPE_OFB encryptType = 4
	ENC_TYPE_CFB encryptType = 8
)

Variables

View Source 
var DefaultEncrypterOpts = new(XOREncrypterOpts)

DefaultEncrypterOpts default option represents XOR mode

View Source 
var ErrDecryption = errors.New("sm9: decryption error")

ErrDecryption represents a failure to decrypt a message. It is deliberately vague to avoid adaptive attacks.

View Source 
var ErrEmptyPlaintext = errors.New("sm9: empty plaintext")

ErrEmptyPlaintext represents a failure to encrypt an empty message.

View Source 
var SM4CBCEncrypterOpts = NewCBCEncrypterOpts(padding.NewPKCS7Padding(sm4.BlockSize), sm4.NewCipher, sm4.BlockSize)

SM4CBCEncrypterOpts option represents SM4 CBC mode

View Source 
var SM4CFBEncrypterOpts = NewCFBEncrypterOpts(sm4.NewCipher, sm4.BlockSize)

SM4CFBEncrypterOpts option represents SM4 CFB mode

View Source 
var SM4ECBEncrypterOpts = NewECBEncrypterOpts(padding.NewPKCS7Padding(sm4.BlockSize), sm4.NewCipher, sm4.BlockSize)

SM4ECBEncrypterOpts option represents SM4 ECB mode

View Source 
var SM4OFBEncrypterOpts = NewOFBEncrypterOpts(sm4.NewCipher, sm4.BlockSize)

SM4OFBEncrypterOpts option represents SM4 OFB mode

Functions

func Decrypt added in v0.13.0 

func Decrypt(priv *EncryptPrivateKey, uid, ciphertext []byte, opts EncrypterOpts) ([]byte, error)

Decrypt decrypts chipher, the ciphertext should be with format C1||C3||C2

func DecryptASN1 added in v0.13.0 

func DecryptASN1(priv *EncryptPrivateKey, uid, ciphertext []byte) ([]byte, error)

DecryptASN1 decrypts chipher, the ciphertext should be with ASN.1 format according SM9 cryptographic algorithm application specification, SM9Cipher definition.

func Encrypt added in v0.13.0 

func Encrypt(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, plaintext []byte, opts EncrypterOpts) ([]byte, error)

Encrypt encrypts plaintext, returns ciphertext with format C1||C3||C2.

func EncryptASN1 added in v0.13.0 

func EncryptASN1(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, plaintext []byte, opts EncrypterOpts) ([]byte, error)

EncryptASN1 encrypts plaintext and returns ciphertext with ASN.1 format according SM9 cryptographic algorithm application specification, SM9Cipher definition.

func Sign added in v0.13.0 

func Sign(rand io.Reader, priv *SignPrivateKey, hash []byte) (h *big.Int, s *bn256.G1, err error)

Sign signs a hash (which should be the result of hashing a larger message) using the user dsa key. It returns the signature as a pair of h and s. Please use SignASN1 instead.

The signature is randomized. Most applications should use crypto/rand.Reader as rand. Note that the returned signature does not depend deterministically on the bytes read from rand, and may change between calls and/or between versions.

func SignASN1 added in v0.13.0 

func SignASN1(rand io.Reader, priv *SignPrivateKey, hash []byte) ([]byte, error)

SignASN1 signs a hash (which should be the result of hashing a larger message) using the private key, priv. It returns the ASN.1 encoded signature of type SM9Signature.

The signature is randomized. Most applications should use crypto/rand.Reader as rand. Note that the returned signature does not depend deterministically on the bytes read from rand, and may change between calls and/or between versions.

func UnmarshalSM9KeyPackage added in v0.13.0 

func UnmarshalSM9KeyPackage(der []byte) ([]byte, *bn256.G1, error)

UnmarshalSM9KeyPackage is an utility to unmarshal SM9KeyPackage

func UnwrapKey added in v0.13.2 

func UnwrapKey(priv *EncryptPrivateKey, uid []byte, cipher *bn256.G1, kLen int) ([]byte, error)

UnwrapKey unwraps key from cipher, user id and aligned key length

func Verify added in v0.13.0 

func Verify(pub *SignMasterPublicKey, uid []byte, hid byte, hash []byte, h *big.Int, s *bn256.G1) bool

Verify verifies the signature in h, s of hash using the master dsa public key and user id, uid and hid. Its return value records whether the signature is valid. Please use VerifyASN1 instead.

func VerifyASN1 added in v0.13.0 

func VerifyASN1(pub *SignMasterPublicKey, uid []byte, hid byte, hash, sig []byte) bool

VerifyASN1 verifies the ASN.1 encoded signature of type SM9Signature, sig, of hash using the public key, pub. Its return value records whether the signature is valid.

Example 
package main

import (
	"encoding/hex"
	"fmt"

	"os"

	"github.com/emmansun/gmsm/sm9"
)

func main() {
	// get master public key, can be from pem
	masterPubKey := new(sm9.SignMasterPublicKey)
	keyBytes, _ := hex.DecodeString("03818200049f64080b3084f733e48aff4b41b565011ce0711c5e392cfb0ab1b6791b94c40829dba116152d1f786ce843ed24a3b573414d2177386a92dd8f14d65696ea5e3269850938abea0112b57329f447e3a0cbad3e2fdb1a77f335e89e1408d0ef1c2541e00a53dda532da1a7ce027b7a46f741006e85f5cdff0730e75c05fb4e3216d")
	err := masterPubKey.UnmarshalASN1(keyBytes)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
		return
	}
	hid := byte(0x01)
	uid := []byte("Alice")
	hash := []byte("Chinese IBS standard")
	sig, _ := hex.DecodeString("30660420b0d0c0bb1b57ea0d5b51cb5c96be850b8c2eef6b0fff5fcccb524b972574e6eb03420004901819575c9211c7b4e6e137794d23d0095608bcdad5c82dbff05777c5b49c763e4425acea2aaedf9e48d4784b4e4a5621cc3663fe0aae44dcbeac183fee9b0f")
	ok := sm9.VerifyASN1(masterPubKey, uid, hid, hash, sig)

	fmt.Printf("%v\n", ok)
}

Output:

true

func WrapKey added in v0.13.2 

func WrapKey(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, kLen int) (key []byte, cipher *bn256.G1, err error)

WrapKey generates and wraps key with reciever's uid and system hid, returns generated key and cipher.

The rand parameter is used as a source of entropy to ensure that calls this function twice doesn't result in the same key. Most applications should use crypto/rand.Reader as random.

Types

type CBCEncrypterOpts added in v0.15.7 

type CBCEncrypterOpts struct {
	// contains filtered or unexported fields
}

CBCEncrypterOpts represents CBC (Cipher block chaining) mode.

func (*CBCEncrypterOpts) Decrypt added in v0.15.7 

func (opts *CBCEncrypterOpts) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*CBCEncrypterOpts) Encrypt added in v0.15.7 

func (opts *CBCEncrypterOpts) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*CBCEncrypterOpts) GetEncryptType added in v0.15.7 

func (opts *CBCEncrypterOpts) GetEncryptType() encryptType

func (*CBCEncrypterOpts) GetKeySize added in v0.15.7 

func (opts *CBCEncrypterOpts) GetKeySize(plaintext []byte) int

type CFBEncrypterOpts added in v0.15.7 

type CFBEncrypterOpts struct {
	// contains filtered or unexported fields
}

CFBEncrypterOpts represents CFB (Cipher Feedback) mode.

func (*CFBEncrypterOpts) Decrypt added in v0.15.7 

func (opts *CFBEncrypterOpts) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*CFBEncrypterOpts) Encrypt added in v0.15.7 

func (opts *CFBEncrypterOpts) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*CFBEncrypterOpts) GetEncryptType added in v0.15.7 

func (opts *CFBEncrypterOpts) GetEncryptType() encryptType

func (*CFBEncrypterOpts) GetKeySize added in v0.15.7 

func (opts *CFBEncrypterOpts) GetKeySize(plaintext []byte) int

type ECBEncrypterOpts added in v0.15.7 

type ECBEncrypterOpts struct {
	// contains filtered or unexported fields
}

ECBEncrypterOpts represents ECB (Electronic Code Book) mode.

func (*ECBEncrypterOpts) Decrypt added in v0.15.7 

func (opts *ECBEncrypterOpts) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*ECBEncrypterOpts) Encrypt added in v0.15.7 

func (opts *ECBEncrypterOpts) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

func (*ECBEncrypterOpts) GetEncryptType added in v0.15.7 

func (opts *ECBEncrypterOpts) GetEncryptType() encryptType

func (*ECBEncrypterOpts) GetKeySize added in v0.15.7 

func (opts *ECBEncrypterOpts) GetKeySize(plaintext []byte) int

type EncryptMasterPrivateKey added in v0.13.0 

type EncryptMasterPrivateKey struct {
	*EncryptMasterPublicKey          // master public key
	D                       *big.Int // master private key
}

EncryptMasterPrivateKey master private key for encryption, generated by KGC

func GenerateEncryptMasterKey added in v0.13.0 

func GenerateEncryptMasterKey(rand io.Reader) (*EncryptMasterPrivateKey, error)

GenerateEncryptMasterKey generates a master public and private key pair for encryption usage.

func (*EncryptMasterPrivateKey) GenerateUserKey added in v0.13.0 

func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*EncryptPrivateKey, error)

GenerateUserKey generate an user key for encryption.

func (*EncryptMasterPrivateKey) MarshalASN1 added in v0.13.0 

func (master *EncryptMasterPrivateKey) MarshalASN1() ([]byte, error)

MarshalASN1 marshal encrypt master private key to asn.1 format data according SM9 cryptographic algorithm application specification

func (*EncryptMasterPrivateKey) Public added in v0.13.0 

func (master *EncryptMasterPrivateKey) Public() *EncryptMasterPublicKey

Public returns the public key corresponding to priv.

func (*EncryptMasterPrivateKey) UnmarshalASN1 added in v0.13.0 

func (master *EncryptMasterPrivateKey) UnmarshalASN1(der []byte) error

UnmarshalASN1 unmarsal der data to encrypt master private key

type EncryptMasterPublicKey added in v0.13.0 

type EncryptMasterPublicKey struct {
	MasterPublicKey *bn256.G1 // public key
	// contains filtered or unexported fields
}

EncryptMasterPublicKey master private key for encryption, generated by KGC

func (*EncryptMasterPublicKey) Encrypt added in v0.13.0 

func (pub *EncryptMasterPublicKey) Encrypt(rand io.Reader, uid []byte, hid byte, plaintext []byte, opts EncrypterOpts) ([]byte, error)

Encrypt encrypts plaintext and returns ciphertext with ASN.1 format according SM9 cryptographic algorithm application specification, SM9Cipher definition.

Example 
package main

import (
	"crypto/rand"
	"encoding/hex"
	"fmt"

	"os"

	"github.com/emmansun/gmsm/sm9"
)

func main() {
	// get master public key, can be from pem
	masterPubKey := new(sm9.EncryptMasterPublicKey)
	keyBytes, _ := hex.DecodeString("03420004787ed7b8a51f3ab84e0a66003f32da5c720b17eca7137d39abc66e3c80a892ff769de61791e5adc4b9ff85a31354900b202871279a8c49dc3f220f644c57a7b1")
	err := masterPubKey.UnmarshalASN1(keyBytes)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
		return
	}
	hid := byte(0x03)
	uid := []byte("Bob")

	ciphertext, err := masterPubKey.Encrypt(rand.Reader, uid, hid, []byte("Chinese IBE standard"), sm9.DefaultEncrypterOpts)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from Encrypt: %s\n", err)
		return
	}
	// Since Encrypt is a randomized function, result will be
	// different each time.
	fmt.Printf("%s\n", hex.EncodeToString(ciphertext))
}

Output:

func (*EncryptMasterPublicKey) GenerateUserPublicKey added in v0.13.0 

func (pub *EncryptMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) *bn256.G1

GenerateUserPublicKey generate user encrypt public key

func (*EncryptMasterPublicKey) MarshalASN1 added in v0.13.0 

func (pub *EncryptMasterPublicKey) MarshalASN1() ([]byte, error)

MarshalASN1 marshal encrypt master public key to asn.1 format data according SM9 cryptographic algorithm application specification

func (*EncryptMasterPublicKey) MarshalCompressedASN1 added in v0.13.7 

func (pub *EncryptMasterPublicKey) MarshalCompressedASN1() ([]byte, error)

MarshalCompressedASN1 marshal encrypt master public key to asn.1 format data according SM9 cryptographic algorithm application specification, the curve point is in compressed form.

func (*EncryptMasterPublicKey) ParseFromPEM added in v0.15.0 

func (pub *EncryptMasterPublicKey) ParseFromPEM(data []byte) error

ParseFromPEM just for GMSSL, there are no Algorithm pkix.AlgorithmIdentifier

func (*EncryptMasterPublicKey) ScalarBaseMult added in v0.13.0 

func (pub *EncryptMasterPublicKey) ScalarBaseMult(scalar []byte) (*bn256.GT, error)

ScalarBaseMult compute basepoint^r with precomputed table. The base point = pair(<master public key>, Gen2)

func (*EncryptMasterPublicKey) UnmarshalASN1 added in v0.13.0 

func (pub *EncryptMasterPublicKey) UnmarshalASN1(der []byte) error

UnmarshalASN1 unmarsal der data to encrypt master public key

func (*EncryptMasterPublicKey) UnmarshalRaw added in v0.15.0 

func (pub *EncryptMasterPublicKey) UnmarshalRaw(bytes []byte) error

UnmarshalRaw unmarsal raw bytes data to encrypt master public key

func (*EncryptMasterPublicKey) WrapKey added in v0.13.2 

func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte, kLen int) ([]byte, []byte, error)

WrapKey wraps key and converts the cipher as ASN1 format, SM9PublicKey1 definition.

The rand parameter is used as a source of entropy to ensure that calls this function twice doesn't result in the same key. Most applications should use crypto/rand.Reader as random.

Example 
package main

import (
	"crypto/rand"
	"encoding/hex"
	"fmt"

	"os"

	"github.com/emmansun/gmsm/sm9"
)

func main() {
	// get master public key, can be from pem
	masterPubKey := new(sm9.EncryptMasterPublicKey)
	keyBytes, _ := hex.DecodeString("03420004787ed7b8a51f3ab84e0a66003f32da5c720b17eca7137d39abc66e3c80a892ff769de61791e5adc4b9ff85a31354900b202871279a8c49dc3f220f644c57a7b1")
	err := masterPubKey.UnmarshalASN1(keyBytes)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
		return
	}
	hid := byte(0x03)
	uid := []byte("Bob")
	key, cipherDer, err := masterPubKey.WrapKey(rand.Reader, uid, hid, 32)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from WrapKeyASN1: %s\n", err)
		return
	}

	// Since WrapKey is a randomized function, result will be
	// different each time.
	fmt.Printf("%s %s\n", hex.EncodeToString(key), hex.EncodeToString(cipherDer))
}

Output:

func (*EncryptMasterPublicKey) WrapKeyASN1 added in v0.13.2 

func (pub *EncryptMasterPublicKey) WrapKeyASN1(rand io.Reader, uid []byte, hid byte, kLen int) ([]byte, error)

WrapKeyASN1 wraps key and converts the result of SM9KeyPackage as ASN1 format. according SM9 cryptographic algorithm application specification, SM9KeyPackage defnition.

The rand parameter is used as a source of entropy to ensure that calls this function twice doesn't result in the same key. Most applications should use crypto/rand.Reader as random.

type EncryptPrivateKey added in v0.13.0 

type EncryptPrivateKey struct {
	PrivateKey              *bn256.G2 // user private key
	*EncryptMasterPublicKey           // master public key
}

EncryptPrivateKey user private key for encryption, generated by KGC

func (*EncryptPrivateKey) Decrypt added in v0.13.2 

func (priv *EncryptPrivateKey) Decrypt(uid, ciphertext []byte, opts EncrypterOpts) ([]byte, error)

Decrypt decrypts chipher, the ciphertext should be with format C1||C3||C2

Example 
package main

import (
	"encoding/hex"
	"fmt"

	"os"

	"github.com/emmansun/gmsm/sm9"
)

func main() {
	// real user encrypt private key should be from secret storage, e.g. password protected pkcs8 file
	kb, _ := hex.DecodeString("038182000494736acd2c8c8796cc4785e938301a139a059d3537b6414140b2d31eecf41683115bae85f5d8bc6c3dbd9e5342979acccf3c2f4f28420b1cb4f8c0b59a19b1587aa5e47570da7600cd760a0cf7beaf71c447f3844753fe74fa7ba92ca7d3b55f27538a62e7f7bfb51dce08704796d94c9d56734f119ea44732b50e31cdeb75c1")
	userKey := new(sm9.EncryptPrivateKey)
	err := userKey.UnmarshalASN1(kb)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
		return
	}
	uid := []byte("Bob")
	cipherDer, _ := hex.DecodeString("307f020100034200042cb3e90b0977211597652f26ee4abbe275ccb18dd7f431876ab5d40cc2fc563d9417791c75bc8909336a4e6562450836cc863f51002e31ecf0c4aae8d98641070420638ca5bfb35d25cff7cbd684f3ed75f2d919da86a921a2e3e2e2f4cbcf583f240414b7e776811774722a8720752fb1355ce45dc3d0df")
	plaintext, err := userKey.DecryptASN1(uid, cipherDer)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from Decrypt: %s\n", err)
		return
	}
	fmt.Printf("%s\n", plaintext)
}

Output:

Chinese IBE standard

func (*EncryptPrivateKey) DecryptASN1 added in v0.15.7 

func (priv *EncryptPrivateKey) DecryptASN1(uid, ciphertext []byte) ([]byte, error)

DecryptASN1 decrypts chipher, the ciphertext should be with ASN.1 format according SM9 cryptographic algorithm application specification, SM9Cipher definition.

func (*EncryptPrivateKey) MarshalASN1 added in v0.13.0 

func (priv *EncryptPrivateKey) MarshalASN1() ([]byte, error)

MarshalASN1 marshal encrypt user private key to asn.1 format data according SM9 cryptographic algorithm application specification

func (*EncryptPrivateKey) MarshalCompressedASN1 added in v0.13.7 

func (priv *EncryptPrivateKey) MarshalCompressedASN1() ([]byte, error)

MarshalCompressedASN1 marshal encrypt user private key to asn.1 format data according SM9 cryptographic algorithm application specification, the curve point is in compressed form.

func (*EncryptPrivateKey) MasterPublic added in v0.13.0 

func (priv *EncryptPrivateKey) MasterPublic() *EncryptMasterPublicKey

MasterPublic returns the master public key corresponding to priv.

func (*EncryptPrivateKey) SetMasterPublicKey added in v0.13.0 

func (priv *EncryptPrivateKey) SetMasterPublicKey(pub *EncryptMasterPublicKey)

SetMasterPublicKey bind the encrypt master public key to it.

func (*EncryptPrivateKey) UnmarshalASN1 added in v0.13.0 

func (priv *EncryptPrivateKey) UnmarshalASN1(der []byte) error

UnmarshalASN1 unmarsal der data to encrypt user private key Note, priv's EncryptMasterPublicKey should be handled separately.

func (*EncryptPrivateKey) UnmarshalRaw added in v0.15.0 

func (priv *EncryptPrivateKey) UnmarshalRaw(bytes []byte) error

UnmarshalRaw unmarsal raw bytes data to encrypt user private key Note, priv's EncryptMasterPublicKey should be handled separately.

func (*EncryptPrivateKey) UnwrapKey added in v0.13.2 

func (priv *EncryptPrivateKey) UnwrapKey(uid, cipherDer []byte, kLen int) ([]byte, error)

UnwrapKey unwraps key from cipherDer, user id and aligned key length. cipherDer is SM9PublicKey1 format according SM9 cryptographic algorithm application specification.

Example 
package main

import (
	"encoding/hex"
	"fmt"

	"os"

	"github.com/emmansun/gmsm/sm9"
)

func main() {
	// real user encrypt private key should be from secret storage, e.g. password protected pkcs8 file
	kb, _ := hex.DecodeString("038182000494736acd2c8c8796cc4785e938301a139a059d3537b6414140b2d31eecf41683115bae85f5d8bc6c3dbd9e5342979acccf3c2f4f28420b1cb4f8c0b59a19b1587aa5e47570da7600cd760a0cf7beaf71c447f3844753fe74fa7ba92ca7d3b55f27538a62e7f7bfb51dce08704796d94c9d56734f119ea44732b50e31cdeb75c1")
	userKey := new(sm9.EncryptPrivateKey)
	err := userKey.UnmarshalASN1(kb)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
		return
	}

	cipherDer, _ := hex.DecodeString("0342000447689629d1fa57e8def447f42b75e28518a1b692891528ca596f7bcbf581c7cf429ed01b114ce157ed4eadd0b2ded9a7e475e347f67b6affa3a6cf654573f978")
	key, err := userKey.UnwrapKey([]byte("Bob"), cipherDer, 32)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from UnwrapKey: %s\n", err)
		return
	}
	fmt.Printf("%s\n", hex.EncodeToString(key))
}

Output:

270c42505bca90a8084064ea8af279364405a8195f30664082ead3d6991ed70f

type EncrypterOpts added in v0.15.7 

type EncrypterOpts interface {
	// GetEncryptType returns the encrypt type/mode.
	GetEncryptType() encryptType
	// GetKeySize returns key size used by this encrypt mode.
	GetKeySize(plaintext []byte) int
	// Encrypt encrypts the plaintext with the key, returns ciphertext.
	Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)
	// Decrypt decrypts the ciphertext with the key, returns plaintext.
	Decrypt(key, ciphertext []byte) ([]byte, error)
}

EncrypterOpts is an interface implemented by detail encrypt/decrypt mode.

func NewCBCEncrypterOpts added in v0.15.7 

func NewCBCEncrypterOpts(padding padding.Padding, newCipher newCipher, keySize int) EncrypterOpts

func NewCFBEncrypterOpts added in v0.15.7 

func NewCFBEncrypterOpts(newCipher newCipher, keySize int) EncrypterOpts

func NewECBEncrypterOpts added in v0.15.7 

func NewECBEncrypterOpts(padding padding.Padding, newCipher newCipher, keySize int) EncrypterOpts

func NewOFBEncrypterOpts added in v0.15.7 

func NewOFBEncrypterOpts(newCipher newCipher, keySize int) EncrypterOpts

type KeyExchange added in v0.13.2 

type KeyExchange struct {
	// contains filtered or unexported fields
}

KeyExchange represents key exchange struct, include internal stat in whole key exchange flow. Initiator's flow will be: NewKeyExchange -> InitKeyExchange -> transmission -> ConfirmResponder Responder's flow will be: NewKeyExchange -> waiting ... -> RepondKeyExchange -> transmission -> ConfirmInitiator

func NewKeyExchange added in v0.13.2 

func NewKeyExchange(priv *EncryptPrivateKey, uid, peerUID []byte, keyLen int, genSignature bool) *KeyExchange

NewKeyExchange creates one new KeyExchange object

func (*KeyExchange) ConfirmInitiator added in v0.13.2 

func (ke *KeyExchange) ConfirmInitiator(s1 []byte) ([]byte, error)

ConfirmInitiator for responder's step B8

func (*KeyExchange) ConfirmResponder added in v0.13.2 

func (ke *KeyExchange) ConfirmResponder(rB *bn256.G1, sB []byte) ([]byte, []byte, error)

ConfirmResponder for initiator's step A5-A7

func (*KeyExchange) Destroy added in v0.14.0 

func (ke *KeyExchange) Destroy()

Destroy clears all internal state and Ephemeral private/public keys

func (*KeyExchange) InitKeyExchange added in v0.13.2 

func (ke *KeyExchange) InitKeyExchange(rand io.Reader, hid byte) (*bn256.G1, error)

InitKeyExchange generates random with responder uid, for initiator's step A1-A4

func (*KeyExchange) RepondKeyExchange added in v0.13.2 

func (ke *KeyExchange) RepondKeyExchange(rand io.Reader, hid byte, rA *bn256.G1) (*bn256.G1, []byte, error)

RepondKeyExchange when responder receive rA, for responder's step B1-B7

type OFBEncrypterOpts added in v0.15.7 

type OFBEncrypterOpts struct {
	// contains filtered or unexported fields
}

OFBEncrypterOpts represents OFB (Output Feedback) mode.

func (*OFBEncrypterOpts) Decrypt added in v0.15.7 

func (opts *OFBEncrypterOpts) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*OFBEncrypterOpts) Encrypt added in v0.15.7 

func (opts *OFBEncrypterOpts) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*OFBEncrypterOpts) GetEncryptType added in v0.15.7 

func (opts *OFBEncrypterOpts) GetEncryptType() encryptType

func (*OFBEncrypterOpts) GetKeySize added in v0.15.7 

func (opts *OFBEncrypterOpts) GetKeySize(plaintext []byte) int

type SignMasterPrivateKey added in v0.13.0 

type SignMasterPrivateKey struct {
	*SignMasterPublicKey          // master public key
	D                    *big.Int // master private key
}

SignMasterPrivateKey master private key for sign, generated by KGC

func GenerateSignMasterKey added in v0.13.0 

func GenerateSignMasterKey(rand io.Reader) (*SignMasterPrivateKey, error)

GenerateSignMasterKey generates a master public and private key pair for DSA usage.

func (*SignMasterPrivateKey) GenerateUserKey added in v0.13.0 

func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*SignPrivateKey, error)

GenerateUserKey generate an user dsa key.

func (*SignMasterPrivateKey) MarshalASN1 added in v0.13.0 

func (master *SignMasterPrivateKey) MarshalASN1() ([]byte, error)

MarshalASN1 marshal sign master private key to asn.1 format data according SM9 cryptographic algorithm application specification

func (*SignMasterPrivateKey) Public added in v0.13.0 

func (master *SignMasterPrivateKey) Public() *SignMasterPublicKey

Public returns the public key corresponding to priv.

func (*SignMasterPrivateKey) UnmarshalASN1 added in v0.13.0 

func (master *SignMasterPrivateKey) UnmarshalASN1(der []byte) error

UnmarshalASN1 unmarsal der data to sign master private key

type SignMasterPublicKey added in v0.13.0 

type SignMasterPublicKey struct {
	MasterPublicKey *bn256.G2 // master public key
	// contains filtered or unexported fields
}

SignMasterPublicKey master public key for sign, generated by KGC

func (*SignMasterPublicKey) GenerateUserPublicKey added in v0.13.0 

func (pub *SignMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) *bn256.G2

GenerateUserPublicKey generate user sign public key

func (*SignMasterPublicKey) MarshalASN1 added in v0.13.0 

func (pub *SignMasterPublicKey) MarshalASN1() ([]byte, error)

MarshalASN1 marshal sign master public key to asn.1 format data according SM9 cryptographic algorithm application specification

func (*SignMasterPublicKey) MarshalCompressedASN1 added in v0.13.7 

func (pub *SignMasterPublicKey) MarshalCompressedASN1() ([]byte, error)

MarshalCompressedASN1 marshal sign master public key to asn.1 format data according SM9 cryptographic algorithm application specification, the curve point is in compressed form.

func (*SignMasterPublicKey) ParseFromPEM added in v0.15.0 

func (pub *SignMasterPublicKey) ParseFromPEM(data []byte) error

ParseFromPEM just for GMSSL, there are no Algorithm pkix.AlgorithmIdentifier

func (*SignMasterPublicKey) ScalarBaseMult added in v0.13.0 

func (pub *SignMasterPublicKey) ScalarBaseMult(scalar []byte) (*bn256.GT, error)

ScalarBaseMult compute basepoint^r with precomputed table The base point = pair(Gen1, <master public key>)

func (*SignMasterPublicKey) UnmarshalASN1 added in v0.13.0 

func (pub *SignMasterPublicKey) UnmarshalASN1(der []byte) error

UnmarshalASN1 unmarsal der data to sign master public key

func (*SignMasterPublicKey) UnmarshalRaw added in v0.15.0 

func (pub *SignMasterPublicKey) UnmarshalRaw(bytes []byte) error

UnmarshalRaw unmarsal raw bytes data to sign master public key

func (*SignMasterPublicKey) Verify added in v0.13.0 

func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, sig []byte) bool

Verify verifies the ASN.1 encoded signature, sig, of hash using the public key, pub. Its return value records whether the signature is valid.

Example 
package main

import (
	"encoding/hex"
	"fmt"

	"os"

	"github.com/emmansun/gmsm/sm9"
)

func main() {
	// get master public key, can be from pem
	masterPubKey := new(sm9.SignMasterPublicKey)
	keyBytes, _ := hex.DecodeString("03818200049f64080b3084f733e48aff4b41b565011ce0711c5e392cfb0ab1b6791b94c40829dba116152d1f786ce843ed24a3b573414d2177386a92dd8f14d65696ea5e3269850938abea0112b57329f447e3a0cbad3e2fdb1a77f335e89e1408d0ef1c2541e00a53dda532da1a7ce027b7a46f741006e85f5cdff0730e75c05fb4e3216d")
	err := masterPubKey.UnmarshalASN1(keyBytes)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
		return
	}
	hid := byte(0x01)
	uid := []byte("Alice")
	hash := []byte("Chinese IBS standard")
	sig, _ := hex.DecodeString("30660420b0d0c0bb1b57ea0d5b51cb5c96be850b8c2eef6b0fff5fcccb524b972574e6eb03420004901819575c9211c7b4e6e137794d23d0095608bcdad5c82dbff05777c5b49c763e4425acea2aaedf9e48d4784b4e4a5621cc3663fe0aae44dcbeac183fee9b0f")
	ok := masterPubKey.Verify(uid, hid, hash, sig)

	fmt.Printf("%v\n", ok)
}

Output:

true

type SignPrivateKey added in v0.13.0 

type SignPrivateKey struct {
	PrivateKey           *bn256.G1 // user private key
	*SignMasterPublicKey           // master public key
}

SignPrivateKey user private key for sign, generated by KGC

func (*SignPrivateKey) MarshalASN1 added in v0.13.0 

func (priv *SignPrivateKey) MarshalASN1() ([]byte, error)

MarshalASN1 marshal sign user private key to asn.1 format data according SM9 cryptographic algorithm application specification

func (*SignPrivateKey) MarshalCompressedASN1 added in v0.13.7 

func (priv *SignPrivateKey) MarshalCompressedASN1() ([]byte, error)

MarshalCompressedASN1 marshal sign user private key to asn.1 format data according SM9 cryptographic algorithm application specification, the curve point is in compressed form.

func (*SignPrivateKey) MasterPublic added in v0.13.0 

func (priv *SignPrivateKey) MasterPublic() *SignMasterPublicKey

MasterPublic returns the master public key corresponding to priv.

func (*SignPrivateKey) SetMasterPublicKey added in v0.13.0 

func (priv *SignPrivateKey) SetMasterPublicKey(pub *SignMasterPublicKey)

SetMasterPublicKey bind the sign master public key to it.

func (*SignPrivateKey) Sign added in v0.13.0 

func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with user's DSA key, reading randomness from rand. The opts argument is not currently used but, in keeping with the crypto.Signer interface. The result is SM9Signature ASN.1 format.

The signature is randomized. Most applications should use crypto/rand.Reader as rand. Note that the returned signature does not depend deterministically on the bytes read from rand, and may change between calls and/or between versions.

Example 
package main

import (
	"crypto/rand"
	"encoding/hex"
	"fmt"
	"math/big"
	"os"

	"github.com/emmansun/gmsm/sm9"
	"golang.org/x/crypto/cryptobyte"
)

func main() {
	// real user sign private key should be from secret storage, e.g. password protected pkcs8 file
	kb, _ := hex.DecodeString("0130E78459D78545CB54C587E02CF480CE0B66340F319F348A1D5B1F2DC5F4")
	var b cryptobyte.Builder
	b.AddASN1BigInt(new(big.Int).SetBytes(kb))
	kb, _ = b.Bytes()
	masterkey := new(sm9.SignMasterPrivateKey)
	err := masterkey.UnmarshalASN1(kb)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from UnmarshalASN1: %s\n", err)
		return
	}
	hid := byte(0x01)
	uid := []byte("Alice")
	userKey, err := masterkey.GenerateUserKey(uid, hid)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from GenerateUserKey: %s\n", err)
		return
	}

	// sm9 sign
	hash := []byte("Chinese IBS standard")
	sig, err := userKey.Sign(rand.Reader, hash, nil)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Error from Sign: %s\n", err)
		return
	}

	// Since sign is a randomized function, signature will be
	// different each time.
	fmt.Printf("%x\n", sig)
}

Output:

func (*SignPrivateKey) UnmarshalASN1 added in v0.13.0 

func (priv *SignPrivateKey) UnmarshalASN1(der []byte) error

UnmarshalASN1 unmarsal der data to sign user private key Note, priv's SignMasterPublicKey should be handled separately.

func (*SignPrivateKey) UnmarshalRaw added in v0.15.0 

func (priv *SignPrivateKey) UnmarshalRaw(bytes []byte) error

UnmarshalRaw unmarsal raw bytes data to sign user private key Note, priv's SignMasterPublicKey should be handled separately.

type XOREncrypterOpts added in v0.15.7 

type XOREncrypterOpts struct{}

XOREncrypterOpts represents XOR mode.

func (*XOREncrypterOpts) Decrypt added in v0.15.7 

func (opts *XOREncrypterOpts) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*XOREncrypterOpts) Encrypt added in v0.15.7 

func (opts *XOREncrypterOpts) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

func (*XOREncrypterOpts) GetEncryptType added in v0.15.7 

func (opts *XOREncrypterOpts) GetEncryptType() encryptType

func (*XOREncrypterOpts) GetKeySize added in v0.15.7 

func (opts *XOREncrypterOpts) GetKeySize(plaintext []byte) int

Source Files

View all Source files

Directories

Path Synopsis
Package bn256 defines/implements ShangMi(SM) sm9's curves and pairing.
 Package bn256 defines/implements ShangMi(SM) sm9's curves and pairing.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.