Add hmac-sm3 example; rename MDAlgo to DigestAlgo

Add example for HMAC-SM3. Rename MDAlgo to DigestAlgo.
Tongsuo-Project · Jan 7, 2025 · c698f20 · c698f20
1 parent c5bd3b9
commit c698f20
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 46 deletions.
diff --git a/crypto/cert.go b/crypto/cert.go
@@ -27,23 +27,23 @@ import (
 	"unsafe"
 )
 
-type MDAlgo int
+type DigestAlgo int
 
 const (
-	MDNull      MDAlgo = iota
-	MDMD5       MDAlgo = iota
-	MDMD4       MDAlgo = iota
-	MDSHA       MDAlgo = iota
-	MDSHA1      MDAlgo = iota
-	MDDSS       MDAlgo = iota
-	MDDSS1      MDAlgo = iota
-	MDMDC2      MDAlgo = iota
-	MDRipemd160 MDAlgo = iota
-	MDSHA224    MDAlgo = iota
-	MDSHA256    MDAlgo = iota
-	MDSHA384    MDAlgo = iota
-	MDSHA512    MDAlgo = iota
-	MDSM3       MDAlgo = iota
+	DigestNull      DigestAlgo = iota
+	DigestMD5       DigestAlgo = iota
+	DigestMD4       DigestAlgo = iota
+	DigestSHA       DigestAlgo = iota
+	DigestSHA1      DigestAlgo = iota
+	DigestDSS       DigestAlgo = iota
+	DigestDSS1      DigestAlgo = iota
+	DigestMDC2      DigestAlgo = iota
+	DigestRipemd160 DigestAlgo = iota
+	DigestSHA224    DigestAlgo = iota
+	DigestSHA256    DigestAlgo = iota
+	DigestSHA384    DigestAlgo = iota
+	DigestSHA512    DigestAlgo = iota
+	DigestSM3       DigestAlgo = iota
 )
 
 type GMDoubleCertKey struct {
@@ -289,19 +289,19 @@ func (c *Certificate) SetPubKey(pubKey PublicKey) error {
 
 // Sign a certificate using a private key and a digest name.
 // Accepted digest names are 'sm3', 'sha256', 'sha384', and 'sha512'.
-func (c *Certificate) Sign(privKey PrivateKey, digest MDAlgo) error {
+func (c *Certificate) Sign(privKey PrivateKey, digest DigestAlgo) error {
 	switch digest {
-	case MDSM3:
-	case MDSHA256:
-	case MDSHA384:
-	case MDSHA512:
+	case DigestSM3:
+	case DigestSHA256:
+	case DigestSHA384:
+	case DigestSHA512:
 	default:
 		return ErrUnsupportedDigest
 	}
 	return c.insecureSign(privKey, digest)
 }
 
-func (c *Certificate) insecureSign(privKey PrivateKey, digest MDAlgo) error {
+func (c *Certificate) insecureSign(privKey PrivateKey, digest DigestAlgo) error {
 	var md *C.EVP_MD = getDigestFunction(digest)
 	if C.X509_sign(c.x, privKey.EvpPKey(), md) <= 0 {
 		return fmt.Errorf("failed to sign certificate: %w", PopError())
@@ -461,30 +461,30 @@ func (c *Certificate) SetVersion(version X509Version) error {
 	return nil
 }
 
-func getDigestFunction(digest MDAlgo) *C.EVP_MD {
+func getDigestFunction(digest DigestAlgo) *C.EVP_MD {
 	var md *C.EVP_MD
 	switch digest {
-	case MDNull:
+	case DigestNull:
 		md = C.X_EVP_md_null()
-	case MDMD5:
+	case DigestMD5:
 		md = C.X_EVP_md5()
-	case MDSHA:
+	case DigestSHA:
 		md = C.X_EVP_sha()
-	case MDSHA1:
+	case DigestSHA1:
 		md = C.X_EVP_sha1()
-	case MDDSS:
+	case DigestDSS:
 		md = C.X_EVP_dss()
-	case MDDSS1:
+	case DigestDSS1:
 		md = C.X_EVP_dss1()
-	case MDSHA224:
+	case DigestSHA224:
 		md = C.X_EVP_sha224()
-	case MDSHA256:
+	case DigestSHA256:
 		md = C.X_EVP_sha256()
-	case MDSHA384:
+	case DigestSHA384:
 		md = C.X_EVP_sha384()
-	case MDSHA512:
+	case DigestSHA512:
 		md = C.X_EVP_sha512()
-	case MDSM3:
+	case DigestSM3:
 		md = C.X_EVP_sm3()
 	}
 	return md

diff --git a/crypto/cert_test.go b/crypto/cert_test.go
@@ -46,7 +46,7 @@ func TestCertGenerate(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := cert.Sign(key, crypto.MDSHA256); err != nil {
+	if err := cert.Sign(key, crypto.DigestSHA256); err != nil {
 		t.Fatal(err)
 	}
 }
@@ -73,7 +73,7 @@ func TestCertGenerateSM2(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := cert.Sign(key, crypto.MDSM3); err != nil {
+	if err := cert.Sign(key, crypto.DigestSM3); err != nil {
 		t.Fatal(err)
 	}
 }
@@ -109,7 +109,7 @@ func TestCAGenerate(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := ca.Sign(cakey, crypto.MDSHA256); err != nil {
+	if err := ca.Sign(cakey, crypto.DigestSHA256); err != nil {
 		t.Fatal(err)
 	}
 
@@ -144,7 +144,7 @@ func TestCAGenerate(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := cert.Sign(cakey, crypto.MDSHA256); err != nil {
+	if err := cert.Sign(cakey, crypto.DigestSHA256); err != nil {
 		t.Fatal(err)
 	}
 }
@@ -186,7 +186,7 @@ func TestCAGenerateSM2(t *testing.T) {
 	}
 
 	signAndSaveCert := func(cert *crypto.Certificate, caKey crypto.PrivateKey, filename string) {
-		err := cert.Sign(caKey, crypto.MDSM3)
+		err := cert.Sign(caKey, crypto.DigestSM3)
 		if err != nil {
 			t.Fatal(err)
 		}

diff --git a/crypto/hmac.go b/crypto/hmac.go
@@ -29,12 +29,12 @@ type HMAC struct {
 	md     *C.EVP_MD
 }
 
-func NewHMAC(key []byte, digestAlgorithm MDAlgo) (*HMAC, error) {
-	return NewHMACWithEngine(key, digestAlgorithm, nil)
+func NewHMAC(key []byte, digest DigestAlgo) (*HMAC, error) {
+	return NewHMACWithEngine(key, digest, nil)
 }
 
-func NewHMACWithEngine(key []byte, digestAlgorithm MDAlgo, e *Engine) (*HMAC, error) {
-	var md *C.EVP_MD = getDigestFunction(digestAlgorithm)
+func NewHMACWithEngine(key []byte, digest DigestAlgo, e *Engine) (*HMAC, error) {
+	var md *C.EVP_MD = getDigestFunction(digest)
 	hmac := &HMAC{ctx: nil, engine: e, md: md}
 	hmac.ctx = C.X_HMAC_CTX_new()
 	if hmac.ctx == nil {

diff --git a/crypto/hmac_test.go b/crypto/hmac_test.go
@@ -29,7 +29,7 @@ func TestSHA256HMAC(t *testing.T) {
 	key := []byte("d741787cc61851af045ccd37")
 	data := []byte("5912EEFD-59EC-43E3-ADB8-D5325AEC3271")
 
-	tsHmac, err := crypto.NewHMAC(key, crypto.MDSHA256)
+	tsHmac, err := crypto.NewHMAC(key, crypto.DigestSHA256)
 	if err != nil {
 		t.Fatalf("Unable to create new HMAC: %s", err)
 	}
@@ -60,7 +60,7 @@ func BenchmarkSHA256HMAC(b *testing.B) {
 	key := []byte("d741787cc61851af045ccd37")
 	data := []byte("5912EEFD-59EC-43E3-ADB8-D5325AEC3271")
 
-	tsHmac, err := crypto.NewHMAC(key, crypto.MDSHA256)
+	tsHmac, err := crypto.NewHMAC(key, crypto.DigestSHA256)
 	if err != nil {
 		b.Fatalf("Unable to create new HMAC: %s", err)
 	}

diff --git a/examples/cert_gen/main.go b/examples/cert_gen/main.go
@@ -48,7 +48,7 @@ func main() {
 
 	// Helper function: sign and save certificate
 	signAndSaveCert := func(cert *crypto.Certificate, caKey crypto.PrivateKey, filename string) {
-		err := cert.Sign(caKey, crypto.MDSM3)
+		err := cert.Sign(caKey, crypto.DigestSM3)
 		if err != nil {
 			panic(err)
 		}

diff --git a/examples/hmac_sm3/main.go b/examples/hmac_sm3/main.go
@@ -0,0 +1,40 @@
+// Copyright 2025 The Tongsuo Project Authors. All Rights Reserved.
+//
+// Licensed under the Apache License 2.0 (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://github.com/Tongsuo-Project/tongsuo-go-sdk/blob/main/LICENSE
+
+package main
+
+import (
+	"fmt"
+
+	"github.com/tongsuo-project/tongsuo-go-sdk/crypto"
+)
+
+func main() {
+	key := []byte("1234567890123456")
+
+	h, err := crypto.NewHMAC(key, crypto.DigestSM3)
+	if err != nil {
+		panic(err)
+	}
+
+	_, err = h.Write([]byte("hello"))
+	if err != nil {
+		panic(err)
+	}
+
+	_, err = h.Write([]byte(" world"))
+	if err != nil {
+		panic(err)
+	}
+
+	res, err := h.Final()
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("HMAC-SM3(hello world)=%x\n", res)
+}
diff --git a/ntls_test.go b/ntls_test.go
@@ -69,7 +69,7 @@ func TestCAGenerateSM2AndNTLS(t *testing.T) {
 	})
 
 	signAndSaveCert := func(cert *crypto.Certificate, caKey crypto.PrivateKey, filename string) {
-		err := cert.Sign(caKey, crypto.MDSM3)
+		err := cert.Sign(caKey, crypto.DigestSM3)
 		if err != nil {
 			t.Fatal(err)
 		}