sm9

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2026 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EncTypeXOR int = 0
	EncTypeECB int = 1
	EncTypeCBC int = 2
	EncTypeOFB int = 4
	EncTypeCFB int = 8
)
View Source 
const (
	// hashmode used in h1: 0x01
	H1 hashMode = iota + 1
	// hashmode used in h2: 0x02
	H2
)
View Source 
const DefaultEncryptHid byte = 0x03

默认 HID

View Source 
const DefaultSignHid byte = 0x01

默认 HID

Variables

View Source 
var (
	ErrDecryption = errors.New("go-cryptobin/sm9: decryption error")

	ErrEmptyPlaintext = errors.New("go-cryptobin/sm9: empty plaintext")
)
View Source 
var (
	// HmacSM3
	HmacSM3Hash = NewHashHmac(sm3.New)

	// HmacSHA256
	HmacSHA256Hash = NewHashHmac(sha256.New)

	// SM3Hash
	SM3Hash = NewHashMac(sm3.New)

	// SHA256Hash
	SHA256Hash = NewHashMac(sha256.New)

	// Default Hash
	DefaultHash = SM3Hash
)
View Source 
var DefaultEncrypt = SM4CBCEncrypt

Default Encrypt

View Source 
var DefaultOpts = &Opts{
	Encrypt: DefaultEncrypt,
	Hash:    DefaultHash,
}
View Source 
var SM4CBCEncrypt = NewCBCEncrypt(sm4.NewCipher, sm4.BlockSize)

SM4CBCEncrypt option represents SM4 CBC mode

View Source 
var SM4CFBEncrypt = NewCFBEncrypt(sm4.NewCipher, sm4.BlockSize)

SM4CFBEncrypt option represents SM4 CFB mode

View Source 
var SM4ECBEncrypt = NewECBEncrypt(sm4.NewCipher, sm4.BlockSize)

SM4ECBEncrypt option represents SM4 ECB mode

View Source 
var SM4OFBEncrypt = NewOFBEncrypt(sm4.NewCipher, sm4.BlockSize)

SM4OFBEncrypt option represents SM4 OFB mode

View Source 
var XorEncrypt = NewXOREncrypt()

XorEncrypt default option represents XOR mode

Functions

func Decrypt 

func Decrypt(priv *EncryptPrivateKey, uid, ciphertext []byte, opts *Opts) ([]byte, error)

Decrypt

func DecryptASN1 

func DecryptASN1(priv *EncryptPrivateKey, uid, ciphertext []byte, opts *Opts) ([]byte, error)

func Encrypt 

func Encrypt(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, plaintext []byte, opts *Opts) ([]byte, error)

Encrypt

func EncryptASN1 

func EncryptASN1(rand io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, plaintext []byte, opts *Opts) ([]byte, error)

func EncryptMasterPrivateKeyTo 

func EncryptMasterPrivateKeyTo(priv *EncryptMasterPrivateKey) []byte

输出加密私钥明文

func EncryptMasterPublicKeyTo 

func EncryptMasterPublicKeyTo(pub *EncryptMasterPublicKey) []byte

输出加密主公钥明文

func EncryptPrivateKeyTo 

func EncryptPrivateKeyTo(priv *EncryptPrivateKey) []byte

输出明文

func Equal 

func Equal(b1, b2 []byte) bool

func MarshalPrivateKey 

func MarshalPrivateKey(key any) ([]byte, error)

func MarshalPublicKey 

func MarshalPublicKey(key any) ([]byte, error)

func ParsePrivateKey 

func ParsePrivateKey(der []byte) (any, error)

func ParsePublicKey 

func ParsePublicKey(der []byte) (key any, err error)

func Sign 

func Sign(rand io.Reader, pri *SignPrivateKey, msg []byte) (h *big.Int, s *sm9curve.G1, err error)

sm9 sign algorithm: A1:compute g = e(P1,Ppub); A2:choose random num r in [1,n-1]; A3:compute w = g^r; A4:compute h = H2(M||w,n); A5:compute l = (r-h) mod n, if l = 0 goto A2; A6:compute S = l·sk.

func SignASN1 

func SignASN1(rand io.Reader, priv *SignPrivateKey, hash []byte) ([]byte, error)

func SignMasterPrivateKeyTo 

func SignMasterPrivateKeyTo(priv *SignMasterPrivateKey) []byte

输出签名主私钥明文

func SignMasterPublicKeyTo 

func SignMasterPublicKeyTo(pub *SignMasterPublicKey) []byte

输出签名主公钥明文

func SignPrivateKeyTo 

func SignPrivateKeyTo(priv *SignPrivateKey) []byte

输出签名私钥明文

func UnwrapKey 

func UnwrapKey(priv *EncryptPrivateKey, uid []byte, cipher *sm9curve.G1, kLen int) ([]byte, error)

UnwrapKey unwraps key from cipher, user id and aligned key length

func Verify 

func Verify(pub *SignMasterPublicKey, id []byte, hid byte, msg []byte, h *big.Int, s *sm9curve.G1) bool

sm9 verify algorithm(given h',S', message M' and user's id): B1:compute g = e(P1,Ppub); B2:compute t = g^h'; B3:compute h1 = H1(id||hid,n); B4:compute P = h1·P2+Ppub; B5:compute u = e(S',P); B6:compute w' = u·t; B7:compute h2 = H2(M'||w',n), check if h2 = h'.

func VerifyASN1 

func VerifyASN1(pub *SignMasterPublicKey, uid []byte, hid byte, hash, sig []byte) bool

func WrapKey 

func WrapKey(random io.Reader, pub *EncryptMasterPublicKey, uid []byte, hid byte, kLen int) (key []byte, C1 *sm9curve.G1, err error)

Types

type CBCEncrypt 

type CBCEncrypt struct {
	// contains filtered or unexported fields
}

func (*CBCEncrypt) Decrypt 

func (this *CBCEncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*CBCEncrypt) Encrypt 

func (this *CBCEncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*CBCEncrypt) KeySize 

func (this *CBCEncrypt) KeySize() int

func (*CBCEncrypt) Type 

func (this *CBCEncrypt) Type() int

type CFBEncrypt 

type CFBEncrypt struct {
	// contains filtered or unexported fields
}

CFBEncrypt represents CFB (Cipher Feedback) mode.

func (*CFBEncrypt) Decrypt 

func (this *CFBEncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*CFBEncrypt) Encrypt 

func (this *CFBEncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*CFBEncrypt) KeySize 

func (this *CFBEncrypt) KeySize() int

func (*CFBEncrypt) Type 

func (this *CFBEncrypt) Type() int

type ECBEncrypt 

type ECBEncrypt struct {
	// contains filtered or unexported fields
}

ECBEncrypt represents ECB (Electronic Code Book) mode.

func (*ECBEncrypt) Decrypt 

func (this *ECBEncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*ECBEncrypt) Encrypt 

func (this *ECBEncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

func (*ECBEncrypt) KeySize 

func (this *ECBEncrypt) KeySize() int

func (*ECBEncrypt) Type 

func (this *ECBEncrypt) Type() int

type EncryptMasterPrivateKey 

type EncryptMasterPrivateKey struct {
	EncryptMasterPublicKey
	D *big.Int
}

func GenerateEncryptMasterKey 

func GenerateEncryptMasterKey(rand io.Reader) (mk *EncryptMasterPrivateKey, err error)

generate matser's secret encrypt key.

func NewEncryptMasterPrivateKey 

func NewEncryptMasterPrivateKey(bytes []byte) (priv *EncryptMasterPrivateKey, err error)

解析加密主私钥明文

func (*EncryptMasterPrivateKey) Equal 

func (priv *EncryptMasterPrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (*EncryptMasterPrivateKey) GenerateUserKey 

func (priv *EncryptMasterPrivateKey) GenerateUserKey(id []byte, hid byte) (uk *EncryptPrivateKey, err error)

generate user's secret key.

func (*EncryptMasterPrivateKey) Marshal 

func (priv *EncryptMasterPrivateKey) Marshal() []byte

func (*EncryptMasterPrivateKey) Public 

func (priv *EncryptMasterPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*EncryptMasterPrivateKey) PublicKey 

func (priv *EncryptMasterPrivateKey) PublicKey() *EncryptMasterPublicKey

func (*EncryptMasterPrivateKey) Unmarshal 

func (priv *EncryptMasterPrivateKey) Unmarshal(bytes []byte) (err error)

type EncryptMasterPublicKey 

type EncryptMasterPublicKey struct {
	Mpk *sm9curve.G1
}

func NewEncryptMasterPublicKey 

func NewEncryptMasterPublicKey(bytes []byte) (pub *EncryptMasterPublicKey, err error)

解析加密主公钥明文

func (*EncryptMasterPublicKey) Encrypt 

func (pub *EncryptMasterPublicKey) Encrypt(rand io.Reader, uid []byte, hid byte, plaintext []byte, enc IEncrypt) ([]byte, error)

func (*EncryptMasterPublicKey) Equal 

func (pub *EncryptMasterPublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether pub and x have the same value.

func (*EncryptMasterPublicKey) GenerateUserPublicKey 

func (pub *EncryptMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) (*sm9curve.G1, error)

func (*EncryptMasterPublicKey) Marshal 

func (pub *EncryptMasterPublicKey) Marshal() []byte

func (*EncryptMasterPublicKey) MarshalCompress 

func (pub *EncryptMasterPublicKey) MarshalCompress() []byte

func (*EncryptMasterPublicKey) Unmarshal 

func (pub *EncryptMasterPublicKey) Unmarshal(bytes []byte) (err error)

func (*EncryptMasterPublicKey) UnmarshalCompress 

func (pub *EncryptMasterPublicKey) UnmarshalCompress(bytes []byte) (err error)

type EncryptPrivateKey 

type EncryptPrivateKey struct {
	Sk *sm9curve.G2
	EncryptMasterPublicKey
}

func GenerateEncryptUserKey 

func GenerateEncryptUserKey(priv *EncryptMasterPrivateKey, id []byte, hid byte) (*EncryptPrivateKey, error)

generate user's secret encrypt key.

func NewEncryptPrivateKey 

func NewEncryptPrivateKey(bytes []byte) (priv *EncryptPrivateKey, err error)

解析加密私钥明文

func (*EncryptPrivateKey) Decrypt 

func (priv *EncryptPrivateKey) Decrypt(uid, msg []byte) (plaintext []byte, err error)

func (*EncryptPrivateKey) Equal 

func (priv *EncryptPrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (*EncryptPrivateKey) Marshal 

func (priv *EncryptPrivateKey) Marshal() []byte

func (*EncryptPrivateKey) Public 

func (priv *EncryptPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*EncryptPrivateKey) PublicKey 

func (priv *EncryptPrivateKey) PublicKey() *EncryptMasterPublicKey

func (*EncryptPrivateKey) Unmarshal 

func (priv *EncryptPrivateKey) Unmarshal(bytes []byte) (err error)

type HashHmac 

type HashHmac struct {
	// contains filtered or unexported fields
}

func (*HashHmac) Mac 

func (this *HashHmac) Mac(k, c []byte) []byte

func (*HashHmac) Size 

func (this *HashHmac) Size() int

type HashMac 

type HashMac struct {
	// contains filtered or unexported fields
}

func (*HashMac) Mac 

func (this *HashMac) Mac(k, c []byte) []byte

func (*HashMac) Size 

func (this *HashMac) Size() int

type IEncrypt 

type IEncrypt interface {
	// Type
	Type() int

	// KeySize
	KeySize() int

	// Encrypt
	Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

	// Decrypt
	Decrypt(key, ciphertext []byte) ([]byte, error)
}

IEncrypt

func GetEncryptType 

func GetEncryptType(encType int) IEncrypt

func NewCBCEncrypt 

func NewCBCEncrypt(cipherFunc cipherFunc, keySize int) IEncrypt

func NewCFBEncrypt 

func NewCFBEncrypt(cipherFunc cipherFunc, keySize int) IEncrypt

func NewECBEncrypt 

func NewECBEncrypt(cipherFunc cipherFunc, keySize int) IEncrypt

func NewOFBEncrypt 

func NewOFBEncrypt(cipherFunc cipherFunc, keySize int) IEncrypt

func NewXOREncrypt 

func NewXOREncrypt() IEncrypt

type IHash 

type IHash interface {
	// Size
	Size() int

	// Mac
	Mac(k, c []byte) []byte
}

IHash

func NewHashHmac 

func NewHashHmac(h func() go_hash.Hash) IHash

func NewHashMac 

func NewHashMac(h func() go_hash.Hash) IHash

type KeyExchange 

type KeyExchange struct {
	// contains filtered or unexported fields
}

KeyExchange represents key exchange struct, include internal stat in whole key exchange flow. Initiator's flow will be: NewKeyExchange -> InitKeyExchange -> transmission -> ConfirmResponder Responder's flow will be: NewKeyExchange -> waiting ... -> Repond -> transmission -> ConfirmInitiator

func NewKeyExchange 

func NewKeyExchange(priv *EncryptPrivateKey, uid, peerUID []byte, keyLen int, genSignature bool) *KeyExchange

NewKeyExchange creates one new KeyExchange object

func (*KeyExchange) ConfirmInitiator 

func (ke *KeyExchange) ConfirmInitiator(s1 []byte) ([]byte, error)

ConfirmInitiator for responder's step B8

func (*KeyExchange) ConfirmResponder 

func (ke *KeyExchange) ConfirmResponder(rB *sm9curve.G1, sB []byte) ([]byte, []byte, error)

ConfirmResponder for initiator's step A5-A7

func (*KeyExchange) Init 

func (ke *KeyExchange) Init(rand io.Reader, hid byte) (*sm9curve.G1, error)

Init generates random with responder uid, for initiator's step A1-A4

func (*KeyExchange) Repond 

func (ke *KeyExchange) Repond(rand io.Reader, hid byte, rA *sm9curve.G1) (*sm9curve.G1, []byte, error)

Repond when responder receive rA, for responder's step B1-B7

func (*KeyExchange) Reset 

func (ke *KeyExchange) Reset()

Reset clears all internal state and Ephemeral private/public keys

type OFBEncrypt 

type OFBEncrypt struct {
	// contains filtered or unexported fields
}

OFBEncrypt represents OFB (Output Feedback) mode.

func (*OFBEncrypt) Decrypt 

func (this *OFBEncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*OFBEncrypt) Encrypt 

func (this *OFBEncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

Encrypt encrypts the plaintext with the key, includes generated IV at the beginning of the ciphertext.

func (*OFBEncrypt) KeySize 

func (this *OFBEncrypt) KeySize() int

func (*OFBEncrypt) Type 

func (this *OFBEncrypt) Type() int

type Opts 

type Opts struct {
	Encrypt IEncrypt
	Hash    IHash
}

type SignMasterPrivateKey 

type SignMasterPrivateKey struct {
	SignMasterPublicKey
	D *big.Int
}

SignMasterPrivateKey contains a master secret key and a master public key.

func GenerateSignMasterKey 

func GenerateSignMasterKey(rand io.Reader) (mk *SignMasterPrivateKey, err error)

generate master key for KGC(Key Generate Center).

func NewSignMasterPrivateKey 

func NewSignMasterPrivateKey(bytes []byte) (priv *SignMasterPrivateKey, err error)

解析签名主私钥明文

func (*SignMasterPrivateKey) Equal 

func (priv *SignMasterPrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (*SignMasterPrivateKey) GenerateUserKey 

func (priv *SignMasterPrivateKey) GenerateUserKey(id []byte, hid byte) (uk *SignPrivateKey, err error)

generate user's secret key.

func (*SignMasterPrivateKey) Marshal 

func (priv *SignMasterPrivateKey) Marshal() []byte

func (*SignMasterPrivateKey) Public 

func (priv *SignMasterPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*SignMasterPrivateKey) PublicKey 

func (priv *SignMasterPrivateKey) PublicKey() *SignMasterPublicKey

func (*SignMasterPrivateKey) Unmarshal 

func (priv *SignMasterPrivateKey) Unmarshal(bytes []byte) (err error)

type SignMasterPublicKey 

type SignMasterPublicKey struct {
	Mpk *sm9curve.G2
}

G2Bytes = G2.Marshal()

func NewSignMasterPublicKey 

func NewSignMasterPublicKey(bytes []byte) (pub *SignMasterPublicKey, err error)

解析签名主公钥明文

func (*SignMasterPublicKey) Equal 

func (pub *SignMasterPublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether pub and x have the same value.

func (*SignMasterPublicKey) GenerateUserPublicKey 

func (pub *SignMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) (*sm9curve.G2, error)

func (*SignMasterPublicKey) Marshal 

func (pub *SignMasterPublicKey) Marshal() []byte

func (*SignMasterPublicKey) MarshalCompress 

func (pub *SignMasterPublicKey) MarshalCompress() []byte

压缩明文

func (*SignMasterPublicKey) Unmarshal 

func (pub *SignMasterPublicKey) Unmarshal(bytes []byte) (err error)

func (*SignMasterPublicKey) UnmarshalCompress 

func (pub *SignMasterPublicKey) UnmarshalCompress(bytes []byte) (err error)

解压缩明文

func (*SignMasterPublicKey) Verify 

func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, sig []byte) bool

type SignPrivateKey 

type SignPrivateKey struct {
	Sk *sm9curve.G1
	SignMasterPublicKey
}

SignPrivateKey contains a secret key. G1Bytes = G1.Marshal()

func GenerateSignUserKey 

func GenerateSignUserKey(mk *SignMasterPrivateKey, id []byte, hid byte) (*SignPrivateKey, error)

generate user's secret key.

func NewSignPrivateKey 

func NewSignPrivateKey(bytes []byte) (priv *SignPrivateKey, err error)

解析签名私钥明文

func (*SignPrivateKey) Equal 

func (priv *SignPrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

func (*SignPrivateKey) Marshal 

func (priv *SignPrivateKey) Marshal() []byte

func (*SignPrivateKey) Public 

func (priv *SignPrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*SignPrivateKey) PublicKey 

func (priv *SignPrivateKey) PublicKey() *SignMasterPublicKey

func (*SignPrivateKey) Sign 

func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte) ([]byte, error)

Sign

func (*SignPrivateKey) Unmarshal 

func (priv *SignPrivateKey) Unmarshal(bytes []byte) (err error)

type XOREncrypt 

type XOREncrypt struct{}

XOREncrypt represents XOR mode.

func (*XOREncrypt) Decrypt 

func (this *XOREncrypt) Decrypt(key, ciphertext []byte) ([]byte, error)

func (*XOREncrypt) Encrypt 

func (this *XOREncrypt) Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, error)

func (*XOREncrypt) KeySize 

func (this *XOREncrypt) KeySize() int

func (*XOREncrypt) Type 

func (this *XOREncrypt) Type() int

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.