sm2

package
v0.13.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 13, 2022 License: MIT Imports: 21 Imported by: 0

Documentation

Overview

Package sm2 handle shangmi sm2 digital signature and public key encryption algorithm and its curve implementation

Index

Constants

View Source 
const (
	//MarshalUncompressed uncompressed mashal mode
	MarshalUncompressed pointMarshalMode = iota
	//MarshalCompressed compressed mashal mode
	MarshalCompressed
	//MarshalHybrid hybrid mashal mode
	MarshalHybrid
)
View Source 
const (
	C1C3C2 ciphertextSplicingOrder = iota
	C1C2C3
)
View Source 
const (
	ENCODING_PLAIN ciphertextEncoding = iota
	ENCODING_ASN1
)

Variables

View Source 
var ASN1DecrypterOpts = &DecrypterOpts{ENCODING_ASN1, C1C3C2}
View Source 
var ASN1EncrypterOpts = &EncrypterOpts{ENCODING_ASN1, MarshalUncompressed, C1C3C2}

Functions

func ASN1Ciphertext2Plain added in v0.13.6 

func ASN1Ciphertext2Plain(ciphertext []byte, opts *EncrypterOpts) ([]byte, error)

ASN1Ciphertext2Plain utility method to convert ASN.1 encoding ciphertext to plain encoding format

func AdjustCiphertextSplicingOrder added in v0.13.6 

func AdjustCiphertextSplicingOrder(ciphertext []byte, from, to ciphertextSplicingOrder) ([]byte, error)

AdjustCiphertextSplicingOrder utility method to change c2 c3 order

func CalculateZA added in v0.13.6 

func CalculateZA(pub *ecdsa.PublicKey, uid []byte) ([]byte, error)

CalculateZA ZA = H256(ENTLA || IDA || a || b || xG || yG || xA || yA). Compliance with GB/T 32918.2-2016 5.5

func Decrypt 

func Decrypt(priv *PrivateKey, ciphertext []byte) ([]byte, error)

Decrypt sm2 decrypt implementation by default DecrypterOpts{C1C3C2}. Compliance with GB/T 32918.4-2016.

func Encrypt 

func Encrypt(random io.Reader, pub *ecdsa.PublicKey, msg []byte, opts *EncrypterOpts) ([]byte, error)

Encrypt sm2 encrypt implementation, compliance with GB/T 32918.4-2016.

func EncryptASN1 added in v0.13.6 

func EncryptASN1(random io.Reader, pub *ecdsa.PublicKey, msg []byte) ([]byte, error)

EncryptASN1 sm2 encrypt and output ASN.1 result, compliance with GB/T 32918.4-2016.

func GenTables added in v0.13.6 

func GenTables()

func IsSM2PublicKey added in v0.13.6 

func IsSM2PublicKey(publicKey interface{}) bool

IsSM2PublicKey check if given public key is a SM2 public key or not

func P256 

func P256() elliptic.Curve

P256 init and return the singleton.

func PlainCiphertext2ASN1 added in v0.13.6 

func PlainCiphertext2ASN1(ciphertext []byte, from ciphertextSplicingOrder) ([]byte, error)

PlainCiphertext2ASN1 utility method to convert plain encoding ciphertext to ASN.1 encoding format

func Sign added in v0.13.6 

func Sign(rand io.Reader, priv *ecdsa.PrivateKey, hash []byte) (r, s *big.Int, err error)

Sign signs a hash (which should be the result of hashing a larger message) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. It returns the signature as a pair of integers. Most applications should use SignASN1 instead of dealing directly with r, s.

Compliance with GB/T 32918.2-2016 regardless it's SM2 curve or not.

func SignASN1 added in v0.13.6 

func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte, opts crypto.SignerOpts) ([]byte, error)

SignASN1 signs a hash (which should be the result of hashing a larger message) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. It returns the ASN.1 encoded signature. It invokes priv.Sign directly.

func SignWithSM2 added in v0.13.6 

func SignWithSM2(rand io.Reader, priv *ecdsa.PrivateKey, uid, msg []byte) (r, s *big.Int, err error)

SignWithSM2 follow sm2 dsa standards for hash part, compliance with GB/T 32918.2-2016.

func Verify added in v0.13.6 

func Verify(pub *ecdsa.PublicKey, hash []byte, r, s *big.Int) bool

Verify verifies the signature in r, s of hash using the public key, pub. Its return value records whether the signature is valid. Most applications should use VerifyASN1 instead of dealing directly with r, s.

Compliance with GB/T 32918.2-2016 regardless it's SM2 curve or not. Caller should make sure the hash's correctness.

func VerifyASN1 added in v0.13.6 

func VerifyASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool

VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the public key, pub. Its return value records whether the signature is valid.

Compliance with GB/T 32918.2-2016 regardless it's SM2 curve or not. Caller should make sure the hash's correctness.

func VerifyASN1WithSM2 added in v0.13.6 

func VerifyASN1WithSM2(pub *ecdsa.PublicKey, uid, msg, sig []byte) bool

VerifyASN1WithSM2 verifies the signature in ASN.1 encoding format sig of raw msg and uid using the public key, pub.

It returns value records whether the signature is valid. Compliance with GB/T 32918.2-2016.

func VerifyWithSM2 added in v0.13.6 

func VerifyWithSM2(pub *ecdsa.PublicKey, uid, msg []byte, r, s *big.Int) bool

VerifyWithSM2 verifies the signature in r, s of raw msg and uid using the public key, pub. It returns value records whether the signature is valid. Compliance with GB/T 32918.2-2016.

Types

type DecrypterOpts added in v0.13.6 

type DecrypterOpts struct {
	CiphertextEncoding      ciphertextEncoding
	CipherTextSplicingOrder ciphertextSplicingOrder
}

DecrypterOpts decryption options

func NewPlainDecrypterOpts added in v0.13.6 

func NewPlainDecrypterOpts(splicingOrder ciphertextSplicingOrder) *DecrypterOpts

type EncrypterOpts added in v0.13.6 

type EncrypterOpts struct {
	CiphertextEncoding      ciphertextEncoding
	PointMarshalMode        pointMarshalMode
	CiphertextSplicingOrder ciphertextSplicingOrder
}

EncrypterOpts encryption options

func NewPlainEncrypterOpts added in v0.13.6 

func NewPlainEncrypterOpts(marhsalMode pointMarshalMode, splicingOrder ciphertextSplicingOrder) *EncrypterOpts

type KeyExchange added in v0.13.6 

type KeyExchange struct {
	// contains filtered or unexported fields
}

KeyExchange key exchange struct, include internal stat in whole key exchange flow. Initiator's flow will be: NewKeyExchange -> InitKeyExchange -> transmission -> ConfirmResponder Responder's flow will be: NewKeyExchange -> waiting ... -> RepondKeyExchange -> transmission -> ConfirmInitiator

func NewKeyExchange added in v0.13.6 

func NewKeyExchange(priv *PrivateKey, peerPub *ecdsa.PublicKey, uid, peerUID []byte, keyLen int, genSignature bool) (ke *KeyExchange, err error)

NewKeyExchange create one new KeyExchange object

func (*KeyExchange) ConfirmInitiator added in v0.13.6 

func (ke *KeyExchange) ConfirmInitiator(s1 []byte) error

ConfirmInitiator for responder's step B10

func (*KeyExchange) ConfirmResponder added in v0.13.6 

func (ke *KeyExchange) ConfirmResponder(rB *ecdsa.PublicKey, sB []byte) ([]byte, error)

ConfirmResponder for initiator's step A4-A10

func (*KeyExchange) GetSharedKey added in v0.13.6 

func (ke *KeyExchange) GetSharedKey() []byte

GetSharedKey return shared key after key agreement

func (*KeyExchange) InitKeyExchange added in v0.13.6 

func (ke *KeyExchange) InitKeyExchange(rand io.Reader) (*ecdsa.PublicKey, error)

InitKeyExchange generate random with responder uid, for initiator's step A1-A3

func (*KeyExchange) RepondKeyExchange added in v0.13.6 

func (ke *KeyExchange) RepondKeyExchange(rand io.Reader, rA *ecdsa.PublicKey) (*ecdsa.PublicKey, []byte, error)

RepondKeyExchange when responder receive rA, for responder's step B1-B8

type PrivateKey added in v0.13.6 

type PrivateKey struct {
	ecdsa.PrivateKey
}

PrivateKey represents an ECDSA SM2 private key. It implemented both crypto.Decrypter and crypto.Signer interfaces.

func GenerateKey added in v0.13.6 

func GenerateKey(rand io.Reader) (*PrivateKey, error)

GenerateKey generates a public and private key pair.

func (*PrivateKey) Decrypt added in v0.13.6 

func (priv *PrivateKey) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)

Decrypt decrypts ciphertext msg to plaintext. The opts argument should be appropriate for the primitive used. Compliance with GB/T 32918.4-2016 chapter 7.

func (*PrivateKey) Equal added in v0.13.6 

func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool

func (*PrivateKey) FromECPrivateKey added in v0.13.6 

func (priv *PrivateKey) FromECPrivateKey(key *ecdsa.PrivateKey) (*PrivateKey, error)

FromECPrivateKey convert an ecdsa private key to SM2 private key.

func (*PrivateKey) Sign added in v0.13.6 

func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)

Sign signs digest with priv, reading randomness from rand. Compliance with GB/T 32918.2-2016. The opts argument is currently used for SM2SignerOption checking only. If the opts argument is SM2SignerOption and its ForceGMSign is true, digest argument will be treated as raw data and UID will be taken from opts.

This method implements crypto.Signer, which is an interface to support keys where the private part is kept in, for example, a hardware module. Common uses can use the SignASN1 function in this package directly.

func (*PrivateKey) SignWithSM2 added in v0.13.6 

func (priv *PrivateKey) SignWithSM2(rand io.Reader, uid, msg []byte) ([]byte, error)

SignWithSM2 signs uid, msg with priv, reading randomness from rand. Compliance with GB/T 32918.2-2016. Deprecated: please use Sign method directly.

type SM2SignerOption added in v0.13.6 

type SM2SignerOption struct {
	UID         []byte
	ForceGMSign bool
}

SM2SignerOption implements crypto.SignerOpts interface. It is specific for SM2, used in private key's Sign method.

func NewSM2SignerOption added in v0.13.6 

func NewSM2SignerOption(forceGMSign bool, uid []byte) *SM2SignerOption

NewSM2SignerOption create a SM2 specific signer option. forceGMSign - if use GM specific sign logic, if yes, should pass raw message to sign. uid - if forceGMSign is true, then you can pass uid, if no uid is provided, system will use default one.

func (*SM2SignerOption) HashFunc added in v0.13.6 

func (*SM2SignerOption) HashFunc() crypto.Hash

type Signer added in v0.13.6 

type Signer interface {
	SignWithSM2(rand io.Reader, uid, msg []byte) ([]byte, error)
}

Signer SM2 special signer

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.