README
¶
GM-Standards SM2/SM3/SM4/SM9/ZUC for Go
Packages
-
SM2 - This is a SM2 sm2p256v1 implementation whose performance is similar like golang native NIST P256 under amd64 and arm64, for implementation detail, please refer SM2实现细节. It supports ShangMi sm2 digital signature, public key encryption algorithm and also key exchange.
-
SM3 - This is also a SM3 implementation whose performance is similar like golang native SHA 256 with SIMD under amd64, for implementation detail, please refer SM3性能优化. It also provides A64 cryptographic instructions SM3 tested with QEMU.
-
SM4 - For SM4 implementation, SIMD & AES-NI are used under amd64 and arm64, for detail please refer SM4性能优化, it supports ECB/CBC/CFB/OFB/CTR/GCM/CCM/XTS modes. It also provides A64 cryptographic instructions SM4 tested with QEMU.
-
SM9 - For SM9 implementation, please reference SM9实现及优化
-
ZUC - For ZUC implementation, SIMD, AES-NI and CLMUL are used under amd64 and arm64, for detail please refer Efficient Software Implementations of ZUC
-
CFCA - some cfca specific implementations.
-
CIPHER - ECB/CCM/XTS cipher modes, XTS mode also supports GB/T 17964-2021.
-
SMX509 - a fork of golang X509 that supports ShangMi.
-
PKCS7 - a fork of mozilla-services/pkcs7 that supports ShangMi.
-
PKCS8 - a fork of youmark/pkcs8 that supports ShangMi.
-
ECDH - a similar implementation of golang ECDH that supports SM2 ECDH & SM2MQV without usage of big.Int, a replacement of SM2 key exchange. For detail, pleaes refer is my code constant time?
-
DRBG - Random Number Generation Using Deterministic Random Bit Generators, for detail, please reference NIST Special Publication 800-90A and GM/T 0105-2021: CTR-DRBG using derivation function and HASH-DRBG. NIST related implementations are tested with part of NIST provided test vectors. It's NOT concurrent safe! You can also use randomness tool to check the generated random bits.
Some Related Projects
- TLCP - An implementation of GB/T 38636-2020 Information security technology Transport Layer Cryptography Protocol (TLCP).
- PKCS12 - pkcs12 supports ShangMi, a fork of SSLMate/go-pkcs12.
- MKSMCERT - A simple tool for making locally-trusted development ShangMi certificates, a fork of FiloSottile/mkcert.
Acknowledgements
The basic architecture, design and some codes are from golang crypto.
The SM4 amd64 SIMD AES-NI implementation is inspired by code from mjosaarinen/sm4ni.
The original SM9/BN256 version is based on code from cloudflare/bn256.
The ZUC amd64 SIMD AES-NI, CLMUL implementation is inspired by code from Intel(R) Multi-Buffer Crypto for IPsec Library.
The pkcs7 is based on code from mozilla-services/pkcs7.
The pkcs8 is based on code from youmark/pkcs8.
Disclaimer
Please read disclaimer carefully!
Directories
¶
| Path | Synopsis |
|---|---|
|
Package cfca handles cfca issued key and certificate
|
Package cfca handles cfca issued key and certificate |
|
Package cipher provides several extra chipher modes.
|
Package cipher provides several extra chipher modes. |
|
Package drbg implements Random Number Generation Using Deterministic Random Bit Generators.
|
Package drbg implements Random Number Generation Using Deterministic Random Bit Generators. |
|
Package ecdh implements Elliptic Curve Diffie-Hellman / SM2-MQV over SM2 curve.
|
Package ecdh implements Elliptic Curve Diffie-Hellman / SM2-MQV over SM2 curve. |
|
internal
|
|
|
godebug
Package godebug parses the GODEBUG environment variable.
|
Package godebug parses the GODEBUG environment variable. |
|
randutil
Package randutil contains internal randomness utilities for various crypto packages.
|
Package randutil contains internal randomness utilities for various crypto packages. |
|
sm2ec
Package sm2ec implements the SM2 Prime elliptic curves.
|
Package sm2ec implements the SM2 Prime elliptic curves. |
|
Package kdf implements ShangMi(SM) used Key Derivation Function, compliances with GB/T 32918.4-2016 5.4.3.
|
Package kdf implements ShangMi(SM) used Key Derivation Function, compliances with GB/T 32918.4-2016 5.4.3. |
|
Package padding implements some padding schemes for padding octets at the trailing end.
|
Package padding implements some padding schemes for padding octets at the trailing end. |
|
Package pkcs implements ciphers used by PKCS#7 & PKCS#8.
|
Package pkcs implements ciphers used by PKCS#7 & PKCS#8. |
|
Package pkcs7 implements parsing and generation of some PKCS#7 structures.
|
Package pkcs7 implements parsing and generation of some PKCS#7 structures. |
|
Package pkcs8 implements functions to parse and convert private keys in PKCS#8 format with ShangMi(SM) support, as defined in RFC5208 and RFC5958.
|
Package pkcs8 implements functions to parse and convert private keys in PKCS#8 format with ShangMi(SM) support, as defined in RFC5208 and RFC5958. |
|
Package sm2 implements ShangMi(SM) sm2 digital signature, public key encryption and key exchange algorithms.
|
Package sm2 implements ShangMi(SM) sm2 digital signature, public key encryption and key exchange algorithms. |
|
sm2ec
Package sm2ec defines/implements SM2 curve structure.
|
Package sm2ec defines/implements SM2 curve structure. |
|
Package sm3 implements ShangMi(SM) sm3 hash algorithm.
|
Package sm3 implements ShangMi(SM) sm3 hash algorithm. |
|
Package sm4 implements ShangMi(SM) sm4 symmetric encryption algorithm.
|
Package sm4 implements ShangMi(SM) sm4 symmetric encryption algorithm. |
|
Package sm9 implements ShangMi(SM) sm9 digital signature, encryption and key exchange algorithms.
|
Package sm9 implements ShangMi(SM) sm9 digital signature, encryption and key exchange algorithms. |
|
bn256
Package bn256 defines/implements ShangMi(SM) sm9's curves and pairing.
|
Package bn256 defines/implements ShangMi(SM) sm9's curves and pairing. |
|
Package smx509 parses X.509-encoded keys and certificates include SM2/SM3 support.
|
Package smx509 parses X.509-encoded keys and certificates include SM2/SM3 support. |
|
Package zuc implements ShangMi(SM) zuc stream cipher and integrity algorithm.
|
Package zuc implements ShangMi(SM) zuc stream cipher and integrity algorithm. |