gm

package
v1.0.0-gm Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2021 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Overview

Copyright Suzhou Tongji Fintech Research Institute 2017 All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright IBM Corp. 2016 All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateCertificateToMem 

func CreateCertificateToMem(template, parent *sm2.Certificate, key bccsp.Key) (cert []byte, err error)

调用SM2接口生成SM2证书

func CreateSm2CertificateRequestToMem 

func CreateSm2CertificateRequestToMem(certificateRequest *sm2.CertificateRequest, key bccsp.Key) (csr []byte, err error)

调用SM2接口生成SM2证书请求

func GetRandomBytes 

func GetRandomBytes(len int) ([]byte, error)

GetRandomBytes returns len random looking bytes

func IsLowS 

func IsLowS(k *ecdsa.PublicKey, s *big.Int) (bool, error)

IsLow checks that s is a low-S

func MarshalSM2Signature 

func MarshalSM2Signature(r, s *big.Int) ([]byte, error)

func NewDefaultSecurityLevel 

func NewDefaultSecurityLevel(keyStorePath string) (bccsp.BCCSP, error)

func NewDefaultSecurityLevelWithKeystore 

func NewDefaultSecurityLevelWithKeystore(keyStore bccsp.KeyStore) (bccsp.BCCSP, error)

func NewDummyKeyStore 

func NewDummyKeyStore() bccsp.KeyStore

NewDummyKeyStore instantiate a dummy key store that neither loads nor stores keys

func NewFileBasedKeyStore 

func NewFileBasedKeyStore(pwd []byte, path string, readOnly bool) (bccsp.KeyStore, error)

NewFileBasedKeyStore instantiated a file-based key store at a given position. The key store can be encrypted if a non-empty password is specified. It can be also be set as read only. In this case, any store operation will be forbidden

func NewInMemoryKeyStore 

func NewInMemoryKeyStore() bccsp.KeyStore

NewInMemoryKeyStore instantiates an ephemeral in-memory keystore

func NewWithParams 

func NewWithParams(securityLevel int, hashFamily string, keyStore bccsp.KeyStore) (bccsp.BCCSP, error)

NewWithParams returns a new instance of the software-based BCCSP set at the passed security level, hash family and KeyStore.

func ParseSm2Certificate2X509 

func ParseSm2Certificate2X509(sm2Cert *sm2.Certificate) *x509.Certificate

sm2 证书转换 x509 证书

func ParseX509Certificate2Sm2 

func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *sm2.Certificate

X509证书格式转换为 SM2证书格式

func ParseX509CertificateRequest2Sm2 

func ParseX509CertificateRequest2Sm2(x509req *x509.CertificateRequest) *sm2.CertificateRequest

X509 证书请求转换 SM2证书请求

func SM4Decrypt 

func SM4Decrypt(key, src []byte) ([]byte, error)

AESCBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding

func SM4Encrypt 

func SM4Encrypt(key, src []byte) ([]byte, error)

AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding

func SignatureToLowS 

func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error)

func ToLowS 

func ToLowS(k *ecdsa.PublicKey, s *big.Int) (*big.Int, bool, error)

TODO: Notice here! *ecdsa.PublicKey change to *sm2.PubKey?

func UnmarshalSM2Signature 

func UnmarshalSM2Signature(raw []byte) (*big.Int, *big.Int, error)

Types

type CSP 

type CSP struct {
	KeyGenerators map[reflect.Type]KeyGenerator
	KeyDerivers   map[reflect.Type]KeyDeriver
	KeyImporters  map[reflect.Type]KeyImporter
	Encryptors    map[reflect.Type]Encryptor
	Decryptors    map[reflect.Type]Decryptor
	Signers       map[reflect.Type]Signer
	Verifiers     map[reflect.Type]Verifier
	Hashers       map[reflect.Type]Hasher
	// contains filtered or unexported fields
}

CSP provides a generic implementation of the BCCSP interface based on wrappers. It can be customized by providing implementations for the following algorithm-based wrappers: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher. Each wrapper is bound to a goland type representing either an option or a key.

func NewGMCSP 

func NewGMCSP(keyStore bccsp.KeyStore) (*CSP, error)

func (*CSP) AddWrapper 

func (csp *CSP) AddWrapper(t reflect.Type, w interface{}) error

AddWrapper 根据反射获取的type绑定到相应的map,使NewGMCSP中代码看起来简洁些

func (*CSP) Decrypt 

func (csp *CSP) Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error)

根据opts使用k对ciphertext进行解密

func (*CSP) Encrypt 

func (csp *CSP) Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) ([]byte, error)

根据opts使用k进行加密

func (*CSP) GetHash 

func (csp *CSP) GetHash(opts bccsp.HashOpts) (h hash.Hash, err error)

获取hash

func (*CSP) GetKey 

func (csp *CSP) GetKey(ski []byte) (k bccsp.Key, err error)

根据ski返回相关的key

func (*CSP) Hash 

func (csp *CSP) Hash(msg []byte, opts bccsp.HashOpts) (digest []byte, err error)

//根据哈希选项opts哈希一个消息msg

func (*CSP) KeyDeriv 

func (csp *CSP) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)

todo: 有空研究下派生key的使用场景 Notice! gm's keyDriv not implement! KeyDeriv 根据opts从k中重新生成一个key.

func (*CSP) KeyGen 

func (csp *CSP) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)

KeyGen use opts to generate a key.

func (*CSP) KeyImport 

func (csp *CSP) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)

根据key导入选项opts从一个key原始数据中导入一个key

func (*CSP) Sign 

func (csp *CSP) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)

通过key对消息进行签名,如果message较大, 调用者要负责对message hash后进行签名. todo:// 应该对所有msg先hash再sign

func (*CSP) Verify 

func (csp *CSP) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)

通过对比k和digest,验证签名

type Decryptor 

type Decryptor interface {

	// Decrypt decrypts ciphertext using key k.
	// The opts argument should be appropriate for the algorithm used.
	Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error)
}

Decryptor is a BCCSP-like interface that provides decryption algorithms

type Encryptor 

type Encryptor interface {

	// Encrypt encrypts plaintext using key k.
	// The opts argument should be appropriate for the algorithm used.
	Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) (ciphertext []byte, err error)
}

Encryptor is a BCCSP-like interface that provides encryption algorithms

type Hasher 

type Hasher interface {

	// Hash hashes messages msg using options opts.
	// If opts is nil, the default hash function will be used.
	Hash(msg []byte, opts bccsp.HashOpts) (hash []byte, err error)

	// GetHash returns and instance of hash.Hash using options opts.
	// If opts is nil, the default hash function will be returned.
	GetHash(opts bccsp.HashOpts) (h hash.Hash, err error)
}

Hasher is a BCCSP-like interface that provides hash algorithms

type KeyDeriver 

type KeyDeriver interface {

	// KeyDeriv derives a key from k using opts.
	// The opts argument should be appropriate for the primitive used.
	KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)
}

KeyDeriver is a BCCSP-like interface that provides key derivation algorithms

type KeyGenerator 

type KeyGenerator interface {

	// KeyGen generates a key using opts.
	KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)
}

KeyGenerator is a BCCSP-like interface that provides key generation algorithms

type KeyImporter 

type KeyImporter interface {

	// KeyImport imports a key from its raw representation using opts.
	// The opts argument should be appropriate for the primitive used.
	KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
}

KeyImporter is a BCCSP-like interface that provides key import algorithms

type SM2Signature 

type SM2Signature struct {
	R, S *big.Int
}

type Signer 

type Signer interface {

	// Sign signs digest using key k.
	// The opts argument should be appropriate for the algorithm used.
	//
	// Note that when a signature of a hash of a larger message is needed,
	// the caller is responsible for hashing the larger message and passing
	// the hash (as digest).
	Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)
}

Signer is a BCCSP-like interface that provides signing algorithms

type Verifier 

type Verifier interface {

	// Verify verifies signature against key k and digest
	// The opts argument should be appropriate for the algorithm used.
	Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)
}

Verifier is a BCCSP-like interface that provides verifying algorithms

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.