From c698f2036440d771a925368e332bd08d0b42b8b6 Mon Sep 17 00:00:00 2001 From: K1 Date: Tue, 7 Jan 2025 12:06:16 +0800 Subject: [PATCH] Add hmac-sm3 example; rename MDAlgo to DigestAlgo Add example for HMAC-SM3. Rename MDAlgo to DigestAlgo. --- crypto/cert.go | 66 +++++++++++++++++++-------------------- crypto/cert_test.go | 10 +++--- crypto/hmac.go | 8 ++--- crypto/hmac_test.go | 4 +-- examples/cert_gen/main.go | 2 +- examples/hmac_sm3/main.go | 40 ++++++++++++++++++++++++ ntls_test.go | 2 +- 7 files changed, 86 insertions(+), 46 deletions(-) create mode 100644 examples/hmac_sm3/main.go diff --git a/crypto/cert.go b/crypto/cert.go index b49df89..62c4853 100644 --- a/crypto/cert.go +++ b/crypto/cert.go @@ -27,23 +27,23 @@ import ( "unsafe" ) -type MDAlgo int +type DigestAlgo int const ( - MDNull MDAlgo = iota - MDMD5 MDAlgo = iota - MDMD4 MDAlgo = iota - MDSHA MDAlgo = iota - MDSHA1 MDAlgo = iota - MDDSS MDAlgo = iota - MDDSS1 MDAlgo = iota - MDMDC2 MDAlgo = iota - MDRipemd160 MDAlgo = iota - MDSHA224 MDAlgo = iota - MDSHA256 MDAlgo = iota - MDSHA384 MDAlgo = iota - MDSHA512 MDAlgo = iota - MDSM3 MDAlgo = iota + DigestNull DigestAlgo = iota + DigestMD5 DigestAlgo = iota + DigestMD4 DigestAlgo = iota + DigestSHA DigestAlgo = iota + DigestSHA1 DigestAlgo = iota + DigestDSS DigestAlgo = iota + DigestDSS1 DigestAlgo = iota + DigestMDC2 DigestAlgo = iota + DigestRipemd160 DigestAlgo = iota + DigestSHA224 DigestAlgo = iota + DigestSHA256 DigestAlgo = iota + DigestSHA384 DigestAlgo = iota + DigestSHA512 DigestAlgo = iota + DigestSM3 DigestAlgo = iota ) type GMDoubleCertKey struct { @@ -289,19 +289,19 @@ func (c *Certificate) SetPubKey(pubKey PublicKey) error { // Sign a certificate using a private key and a digest name. // Accepted digest names are 'sm3', 'sha256', 'sha384', and 'sha512'. -func (c *Certificate) Sign(privKey PrivateKey, digest MDAlgo) error { +func (c *Certificate) Sign(privKey PrivateKey, digest DigestAlgo) error { switch digest { - case MDSM3: - case MDSHA256: - case MDSHA384: - case MDSHA512: + case DigestSM3: + case DigestSHA256: + case DigestSHA384: + case DigestSHA512: default: return ErrUnsupportedDigest } return c.insecureSign(privKey, digest) } -func (c *Certificate) insecureSign(privKey PrivateKey, digest MDAlgo) error { +func (c *Certificate) insecureSign(privKey PrivateKey, digest DigestAlgo) error { var md *C.EVP_MD = getDigestFunction(digest) if C.X509_sign(c.x, privKey.EvpPKey(), md) <= 0 { return fmt.Errorf("failed to sign certificate: %w", PopError()) @@ -461,30 +461,30 @@ func (c *Certificate) SetVersion(version X509Version) error { return nil } -func getDigestFunction(digest MDAlgo) *C.EVP_MD { +func getDigestFunction(digest DigestAlgo) *C.EVP_MD { var md *C.EVP_MD switch digest { - case MDNull: + case DigestNull: md = C.X_EVP_md_null() - case MDMD5: + case DigestMD5: md = C.X_EVP_md5() - case MDSHA: + case DigestSHA: md = C.X_EVP_sha() - case MDSHA1: + case DigestSHA1: md = C.X_EVP_sha1() - case MDDSS: + case DigestDSS: md = C.X_EVP_dss() - case MDDSS1: + case DigestDSS1: md = C.X_EVP_dss1() - case MDSHA224: + case DigestSHA224: md = C.X_EVP_sha224() - case MDSHA256: + case DigestSHA256: md = C.X_EVP_sha256() - case MDSHA384: + case DigestSHA384: md = C.X_EVP_sha384() - case MDSHA512: + case DigestSHA512: md = C.X_EVP_sha512() - case MDSM3: + case DigestSM3: md = C.X_EVP_sm3() } return md diff --git a/crypto/cert_test.go b/crypto/cert_test.go index 5595ec1..a9d95f6 100644 --- a/crypto/cert_test.go +++ b/crypto/cert_test.go @@ -46,7 +46,7 @@ func TestCertGenerate(t *testing.T) { t.Fatal(err) } - if err := cert.Sign(key, crypto.MDSHA256); err != nil { + if err := cert.Sign(key, crypto.DigestSHA256); err != nil { t.Fatal(err) } } @@ -73,7 +73,7 @@ func TestCertGenerateSM2(t *testing.T) { t.Fatal(err) } - if err := cert.Sign(key, crypto.MDSM3); err != nil { + if err := cert.Sign(key, crypto.DigestSM3); err != nil { t.Fatal(err) } } @@ -109,7 +109,7 @@ func TestCAGenerate(t *testing.T) { t.Fatal(err) } - if err := ca.Sign(cakey, crypto.MDSHA256); err != nil { + if err := ca.Sign(cakey, crypto.DigestSHA256); err != nil { t.Fatal(err) } @@ -144,7 +144,7 @@ func TestCAGenerate(t *testing.T) { t.Fatal(err) } - if err := cert.Sign(cakey, crypto.MDSHA256); err != nil { + if err := cert.Sign(cakey, crypto.DigestSHA256); err != nil { t.Fatal(err) } } @@ -186,7 +186,7 @@ func TestCAGenerateSM2(t *testing.T) { } signAndSaveCert := func(cert *crypto.Certificate, caKey crypto.PrivateKey, filename string) { - err := cert.Sign(caKey, crypto.MDSM3) + err := cert.Sign(caKey, crypto.DigestSM3) if err != nil { t.Fatal(err) } diff --git a/crypto/hmac.go b/crypto/hmac.go index 3134b82..b69f26f 100644 --- a/crypto/hmac.go +++ b/crypto/hmac.go @@ -29,12 +29,12 @@ type HMAC struct { md *C.EVP_MD } -func NewHMAC(key []byte, digestAlgorithm MDAlgo) (*HMAC, error) { - return NewHMACWithEngine(key, digestAlgorithm, nil) +func NewHMAC(key []byte, digest DigestAlgo) (*HMAC, error) { + return NewHMACWithEngine(key, digest, nil) } -func NewHMACWithEngine(key []byte, digestAlgorithm MDAlgo, e *Engine) (*HMAC, error) { - var md *C.EVP_MD = getDigestFunction(digestAlgorithm) +func NewHMACWithEngine(key []byte, digest DigestAlgo, e *Engine) (*HMAC, error) { + var md *C.EVP_MD = getDigestFunction(digest) hmac := &HMAC{ctx: nil, engine: e, md: md} hmac.ctx = C.X_HMAC_CTX_new() if hmac.ctx == nil { diff --git a/crypto/hmac_test.go b/crypto/hmac_test.go index 51f02ae..ebd801c 100644 --- a/crypto/hmac_test.go +++ b/crypto/hmac_test.go @@ -29,7 +29,7 @@ func TestSHA256HMAC(t *testing.T) { key := []byte("d741787cc61851af045ccd37") data := []byte("5912EEFD-59EC-43E3-ADB8-D5325AEC3271") - tsHmac, err := crypto.NewHMAC(key, crypto.MDSHA256) + tsHmac, err := crypto.NewHMAC(key, crypto.DigestSHA256) if err != nil { t.Fatalf("Unable to create new HMAC: %s", err) } @@ -60,7 +60,7 @@ func BenchmarkSHA256HMAC(b *testing.B) { key := []byte("d741787cc61851af045ccd37") data := []byte("5912EEFD-59EC-43E3-ADB8-D5325AEC3271") - tsHmac, err := crypto.NewHMAC(key, crypto.MDSHA256) + tsHmac, err := crypto.NewHMAC(key, crypto.DigestSHA256) if err != nil { b.Fatalf("Unable to create new HMAC: %s", err) } diff --git a/examples/cert_gen/main.go b/examples/cert_gen/main.go index 9bb14ce..4b7b6a1 100644 --- a/examples/cert_gen/main.go +++ b/examples/cert_gen/main.go @@ -48,7 +48,7 @@ func main() { // Helper function: sign and save certificate signAndSaveCert := func(cert *crypto.Certificate, caKey crypto.PrivateKey, filename string) { - err := cert.Sign(caKey, crypto.MDSM3) + err := cert.Sign(caKey, crypto.DigestSM3) if err != nil { panic(err) } diff --git a/examples/hmac_sm3/main.go b/examples/hmac_sm3/main.go new file mode 100644 index 0000000..60deea0 --- /dev/null +++ b/examples/hmac_sm3/main.go @@ -0,0 +1,40 @@ +// Copyright 2025 The Tongsuo Project Authors. All Rights Reserved. +// +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy +// in the file LICENSE in the source distribution or at +// https://github.com/Tongsuo-Project/tongsuo-go-sdk/blob/main/LICENSE + +package main + +import ( + "fmt" + + "github.com/tongsuo-project/tongsuo-go-sdk/crypto" +) + +func main() { + key := []byte("1234567890123456") + + h, err := crypto.NewHMAC(key, crypto.DigestSM3) + if err != nil { + panic(err) + } + + _, err = h.Write([]byte("hello")) + if err != nil { + panic(err) + } + + _, err = h.Write([]byte(" world")) + if err != nil { + panic(err) + } + + res, err := h.Final() + if err != nil { + panic(err) + } + + fmt.Printf("HMAC-SM3(hello world)=%x\n", res) +} diff --git a/ntls_test.go b/ntls_test.go index b9f3a66..688caef 100644 --- a/ntls_test.go +++ b/ntls_test.go @@ -69,7 +69,7 @@ func TestCAGenerateSM2AndNTLS(t *testing.T) { }) signAndSaveCert := func(cert *crypto.Certificate, caKey crypto.PrivateKey, filename string) { - err := cert.Sign(caKey, crypto.MDSM3) + err := cert.Sign(caKey, crypto.DigestSM3) if err != nil { t.Fatal(err) }