Documentation ¶
Overview ¶
Copyright Suzhou Tongji Fintech Research Institute 2017 All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- func CreateCertificateToMem(template, parent *sm2.Certificate, key bccsp.Key) (cert []byte, err error)
- func CreateSm2CertificateRequestToMem(certificateRequest *sm2.CertificateRequest, key bccsp.Key) (csr []byte, err error)
- func GetRandomBytes(len int) ([]byte, error)
- func IsLowS(k *ecdsa.PublicKey, s *big.Int) (bool, error)
- func MarshalSM2Signature(r, s *big.Int) ([]byte, error)
- func NewDefaultSecurityLevel(keyStorePath string) (bccsp.BCCSP, error)
- func NewDefaultSecurityLevelWithKeystore(keyStore bccsp.KeyStore) (bccsp.BCCSP, error)
- func NewDummyKeyStore() bccsp.KeyStore
- func NewFileBasedKeyStore(pwd []byte, path string, readOnly bool) (bccsp.KeyStore, error)
- func NewInMemoryKeyStore() bccsp.KeyStore
- func NewWithParams(securityLevel int, hashFamily string, keyStore bccsp.KeyStore) (bccsp.BCCSP, error)
- func ParseSm2Certificate2X509(sm2Cert *sm2.Certificate) *x509.Certificate
- func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *sm2.Certificate
- func ParseX509CertificateRequest2Sm2(x509req *x509.CertificateRequest) *sm2.CertificateRequest
- func SM4Decrypt(key, src []byte) ([]byte, error)
- func SM4Encrypt(key, src []byte) ([]byte, error)
- func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error)
- func ToLowS(k *ecdsa.PublicKey, s *big.Int) (*big.Int, bool, error)
- func UnmarshalSM2Signature(raw []byte) (*big.Int, *big.Int, error)
- type CSP
- func (csp *CSP) AddWrapper(t reflect.Type, w interface{}) error
- func (csp *CSP) Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error)
- func (csp *CSP) Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) ([]byte, error)
- func (csp *CSP) GetHash(opts bccsp.HashOpts) (h hash.Hash, err error)
- func (csp *CSP) GetKey(ski []byte) (k bccsp.Key, err error)
- func (csp *CSP) Hash(msg []byte, opts bccsp.HashOpts) (digest []byte, err error)
- func (csp *CSP) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error)
- func (csp *CSP) KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error)
- func (csp *CSP) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error)
- func (csp *CSP) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error)
- func (csp *CSP) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error)
- type Decryptor
- type Encryptor
- type Hasher
- type KeyDeriver
- type KeyGenerator
- type KeyImporter
- type SM2Signature
- type Signer
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateCertificateToMem ¶
func CreateCertificateToMem(template, parent *sm2.Certificate, key bccsp.Key) (cert []byte, err error)
调用SM2接口生成SM2证书
func CreateSm2CertificateRequestToMem ¶
func CreateSm2CertificateRequestToMem(certificateRequest *sm2.CertificateRequest, key bccsp.Key) (csr []byte, err error)
调用SM2接口生成SM2证书请求
func GetRandomBytes ¶
GetRandomBytes returns len random looking bytes
func NewDefaultSecurityLevel ¶
func NewDummyKeyStore ¶
NewDummyKeyStore instantiate a dummy key store that neither loads nor stores keys
func NewFileBasedKeyStore ¶
NewFileBasedKeyStore instantiated a file-based key store at a given position. The key store can be encrypted if a non-empty password is specified. It can be also be set as read only. In this case, any store operation will be forbidden
func NewInMemoryKeyStore ¶
NewInMemoryKeyStore instantiates an ephemeral in-memory keystore
func NewWithParams ¶
func NewWithParams(securityLevel int, hashFamily string, keyStore bccsp.KeyStore) (bccsp.BCCSP, error)
NewWithParams returns a new instance of the software-based BCCSP set at the passed security level, hash family and KeyStore.
func ParseSm2Certificate2X509 ¶
func ParseSm2Certificate2X509(sm2Cert *sm2.Certificate) *x509.Certificate
sm2 证书转换 x509 证书
func ParseX509Certificate2Sm2 ¶
func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *sm2.Certificate
X509证书格式转换为 SM2证书格式
func ParseX509CertificateRequest2Sm2 ¶
func ParseX509CertificateRequest2Sm2(x509req *x509.CertificateRequest) *sm2.CertificateRequest
X509 证书请求转换 SM2证书请求
func SM4Decrypt ¶
AESCBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding
func SM4Encrypt ¶
AESCBCPKCS7Encrypt combines CBC encryption and PKCS7 padding
Types ¶
type CSP ¶
type CSP struct { KeyGenerators map[reflect.Type]KeyGenerator KeyDerivers map[reflect.Type]KeyDeriver KeyImporters map[reflect.Type]KeyImporter Encryptors map[reflect.Type]Encryptor Decryptors map[reflect.Type]Decryptor Signers map[reflect.Type]Signer Verifiers map[reflect.Type]Verifier Hashers map[reflect.Type]Hasher // contains filtered or unexported fields }
CSP provides a generic implementation of the BCCSP interface based on wrappers. It can be customized by providing implementations for the following algorithm-based wrappers: KeyGenerator, KeyDeriver, KeyImporter, Encryptor, Decryptor, Signer, Verifier, Hasher. Each wrapper is bound to a goland type representing either an option or a key.
func (*CSP) AddWrapper ¶
AddWrapper 根据反射获取的type绑定到相应的map,使NewGMCSP中代码看起来简洁些
func (*CSP) Decrypt ¶
func (csp *CSP) Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error)
根据opts使用k对ciphertext进行解密
func (*CSP) KeyDeriv ¶
todo: 有空研究下派生key的使用场景 Notice! gm's keyDriv not implement! KeyDeriv 根据opts从k中重新生成一个key.
type Decryptor ¶
type Decryptor interface { // Decrypt decrypts ciphertext using key k. // The opts argument should be appropriate for the algorithm used. Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpts) (plaintext []byte, err error) }
Decryptor is a BCCSP-like interface that provides decryption algorithms
type Encryptor ¶
type Encryptor interface { // Encrypt encrypts plaintext using key k. // The opts argument should be appropriate for the algorithm used. Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) (ciphertext []byte, err error) }
Encryptor is a BCCSP-like interface that provides encryption algorithms
type Hasher ¶
type Hasher interface { // Hash hashes messages msg using options opts. // If opts is nil, the default hash function will be used. Hash(msg []byte, opts bccsp.HashOpts) (hash []byte, err error) // GetHash returns and instance of hash.Hash using options opts. // If opts is nil, the default hash function will be returned. GetHash(opts bccsp.HashOpts) (h hash.Hash, err error) }
Hasher is a BCCSP-like interface that provides hash algorithms
type KeyDeriver ¶
type KeyDeriver interface { // KeyDeriv derives a key from k using opts. // The opts argument should be appropriate for the primitive used. KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error) }
KeyDeriver is a BCCSP-like interface that provides key derivation algorithms
type KeyGenerator ¶
type KeyGenerator interface { // KeyGen generates a key using opts. KeyGen(opts bccsp.KeyGenOpts) (k bccsp.Key, err error) }
KeyGenerator is a BCCSP-like interface that provides key generation algorithms
type KeyImporter ¶
type KeyImporter interface { // KeyImport imports a key from its raw representation using opts. // The opts argument should be appropriate for the primitive used. KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.Key, err error) }
KeyImporter is a BCCSP-like interface that provides key import algorithms
type SM2Signature ¶
type Signer ¶
type Signer interface { // Sign signs digest using key k. // The opts argument should be appropriate for the algorithm used. // // Note that when a signature of a hash of a larger message is needed, // the caller is responsible for hashing the larger message and passing // the hash (as digest). Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) }
Signer is a BCCSP-like interface that provides signing algorithms
type Verifier ¶
type Verifier interface { // Verify verifies signature against key k and digest // The opts argument should be appropriate for the algorithm used. Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) }
Verifier is a BCCSP-like interface that provides verifying algorithms