**网安go语言国密库
License: Apache License 2.0
go语言国密密码库,实现了数据签名/验签、数据哈希、对称加密、非对称加密、x509证书管理、以及国密tls通信的功能。
Hyperledger Project source code files are made available under the Apache License, Version 2.0 (Apache-2.0), located in the LICENSE file.
| SM2功能 | 支持范围 |
|---|---|
| Generate KeyPair | 是 |
| Sign | 是 |
| Verify | 是 |
| PEM格式导出 | 私钥/公钥/证书 |
| PEM格式导入 | 私钥/公钥/证书 |
| PEM文件加密 | RFC5958 |
| SM4功能 | 支持范围 |
|---|---|
| Generate Key | 是 |
| Encrypt, Decrypt | 是 |
| PEM格式导出 | |
| PEM文件加密 | golang: x509.EncryptPEMBlock |
| 分组模式 | ECB/CBC |
| SM3功能 | 支持范围 |
|---|---|
| 当前语言Hash接口兼容 | 是 |
你好,按照国密规范,建议tls库支持国密双证书模式
#28 其中有值得怀疑的地方
检测到 Hyperledger-TWGC/ccs-gm 一共引入了5个开源组件,存在1个漏洞
漏洞标题:Go SSH拒绝服务漏洞
漏洞编号:CVE-2020-9283
漏洞描述:Go SSH是一个使用go语言开发的极度简洁的ssh工具,用于远程管理linux、unix等机器。
Go SSH存在拒绝服务漏洞,该漏洞源于网络系统或产品未对输入的数据进行正确的验证,攻击者可利用该漏洞导致拒绝服务条件,拒绝向合法用户提供服务。
国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2020-14300
影响范围:(∞, 0.0.0-20200220183623-bac4c82f6975)
最小修复版本:0.0.0-20200220183623-bac4c82f6975
缺陷组件引入路径:github.com/Hyperledger-TWGC/ccs-gm@->golang.org/x/[email protected]>golang.org/x/[email protected]>golang.org/x/[email protected]
另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=n76b1c
@yzwyzwyzw1 @suchongming
云龙,志伟,此issue用于讨论项目重命名问题
简述:orderer/peer启动正常的情况下, 使用peer命令行会创建通道失败,通过断点调试发现是在握手时添加了一层证书非空校验,但是默认情况下peer命令行构建的tls.config并没有设置Certificates这个属性,所以就会出现这个错误
var chainToSend *Certificate
var certRequested bool
certReq, ok := msg.(*certificateRequestMsgGM)
if ok {
certRequested = true
hs.finishedHash.Write(certReq.marshal())
if chainToSend, err = hs.getCertificate(certReq); err != nil || chainToSend.Certificate == nil {
c.sendAlert(alertInternalError)
return err
}
msg, err = c.readHandshake()
if err != nil {
return err
}
}
期望:去掉这层限制,我去掉之后整个流程是能够正常跑通的
当使用M1芯片的mac进行项目开发的时候,报错编译失败
猜测原因应该是包只有amd64架构的代码,而没有arm64架构的对应代码,所以找不到对应的函数,求教该问题应该如何解决
根据现行《SM2 椭圆曲线公钥密码算法第4部分:公钥加密算法》 规范http://www.gmbz.org.cn/main/viewfile/20180108023602687857.html,
其中sm2加解密方法密文的格式应为c= c1 || c3 || c2 顺序.但是现在源码中的顺序确实c1||c2||c3,
根据规范过程进行修改:#23
Now x509.MarshalECPrivateKey could accept an sm2.PrivateKey as input and serialize sm2 private key into DER format.
But I could not find a way to export it this key as PEM. It is required in interopt test.
@suchongming 云龙你能帮忙看下么?看起来现在已经支持序列化成为DER格式了
你也可以将这个issue assign给我,如果这样的话,我会从别的基础库中借鉴几段格式转换代码
Lines 58 to 104 in 2ba39b9
"ENCRYPTED PRIVATE KEY" instead of "PRIVATE KEY"?-----BEGIN PRIVATE KEY-----
MHcCAQEEIBySb2awtSLMTSDgFJeTH7EWdCOV3S5hZNhAr8ta5GUCoAoGCCqBHM9V
AYItoUQDQgAEE2B1Vwnft2uhh6ficRrAwli37lMH5gVTCyPvT3GG7B9/YvNhDggG
VF9gOZhkk4j3QFAb8yqaPcQQ3cQKViRPVQ==
-----END PRIVATE KEY-----
detail error msg
asn1: structure error: tags don't match (16 vs {class:0 tag:4 length:32 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} AlgorithmIdentifier @5
TestLoadSM2PrivateFromPEM: util_test.go:14: asn1: structure error: tags don't match (16 vs {class:0 tag:4 length:32 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} AlgorithmIdentifier @5
--- FAIL: TestLoadSM2PrivateFromPEM (0.00s)
同时也由于TravisCI政策改变原因,我打算清理了这里的travis设置了
Originally posted by @davidkhala in #32 (comment)
As titled, and align with other base crypto library
It leads to current test failure
publish a new version
我使用这个库和ebssec.boc.cn进行握手,但是报错:
remote error: tls: protocol version not supported
想问一下,这个是苦的问题还是对方server的问题(使用360国密浏览器可以正常访问网站)
sm2p256_arm64 行23 println("arch:arm64") 能删除不...每次启动都有一条输出
test code below:
package interop
import (
"testing"
"time"
"crypto/rand"
"fmt"
ccs "github.com/Hyperledger-TWGC/ccs-gm/sm2"
ccsutils "github.com/Hyperledger-TWGC/ccs-gm/utils"
// pku "github.com/Hyperledger-TWGC/pku-gm/gmssl"
tj "github.com/Hyperledger-TWGC/tjfoc-gm/sm2"
tjx509 "github.com/Hyperledger-TWGC/tjfoc-gm/x509"
)
const base_format = "2006-01-02 15:04:05"
func TestSM2(t *testing.T) {
// generate a random string as data
time := time.Now()
str_time := time.Format(base_format)
msg := []byte(str_time)
fmt.Println(string(msg))
// generate key from tj
sm2PrivKey, err := tj.GenerateKey(rand.Reader)
Fatal(err, t)
pemBytes, err := tjx509.WritePrivateKeyToPem(sm2PrivKey, []byte("123"))
fmt.Println(string(pemBytes))
Fatal(err, t)
sm2pub := &sm2PrivKey.PublicKey
// ccs load priv key pem
ccsPrivKey, err := ccsutils.PEMtoPrivateKey(pemBytes,[]byte("123"));
Fatal(err, t)
fmt.Println("ccs load tj priv key")
test, err := ccsutils.PrivateKeyToPEM(ccsPrivKey,[]byte("123"))
fmt.Println(string(test))
// encrypt by tj
d0, err := sm2pub.EncryptAsn1(msg, rand.Reader)
Fatal(err, t)
fmt.Println(string(d0))
// decrypt by ccs
plain, err := ccs.Decrypt(d0, ccsPrivKey)
fmt.Println(string(plain))
// decrypt by pku
// assert decrypt same with original
// sign by tj
sign, err := sm2PrivKey.Sign(rand.Reader, msg, nil) // 签名
Fatal(err, t)
fmt.Println(sign)
// verify by ccs
// verify by pku
}
=== RUN TestSM2
2021-02-16 22:27:01
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIH8MFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAgjB6uSjZtSHgICCAAw
DAYIKoZIhvcNAgcFADAdBglghkgBZQMEASoEEDL4r6PzVRM0516cqCig8AMEgaAP
RUpkWMBK5Qg09+jAgp7vq5ZO/cbmk+ATfQoQtlCZjL2aOc3a2ULOrsjdTrl++ED+
ai0AS0NK8bpjrSb8R8J9FHu34FLql8TipJX1Ca12d9VqGXPIUBkO6seSidNmRmii
0wXUZ2IBPS8mOGx8nnsn1smuqjS0wJz3KrppAtO9aySZk2YTXC/GsLnEyQuD6r42
KVzFsfCyq0sGB+i/A78J
-----END ENCRYPTED PRIVATE KEY-----
detail error msg
asn1: structure error: tags don't match (2 vs {class:0 tag:16 length:87 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} int @2
TestSM2: util_test.go:14: asn1: structure error: tags don't match (2 vs {class:0 tag:16 length:87 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} int @2
--- FAIL: TestSM2 (0.00s)
FAIL
FAIL command-line-arguments 0.744s
FAIL
for un encrypted key, seems able to load, but there some items missing fails following actions.
=== RUN TestSM2
2021-02-16 22:24:25
-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgSrQIzIfZ8Tx1ouwR
6W16+aqiFR0TyMw+t+uJR/toFBugCgYIKoEcz1UBgi2hRANCAASbhqSSBAKIzno2
DZnjrqQCTzzxPadb67IhCLkH1aXPrbAIJuUMeDpsVI0UFdMD/qwSm85oQGlrrjMF
QBT4Nwx3
-----END PRIVATE KEY-----
ccs load tj priv key
-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgSrQIzIfZ8Tx1ouwR
6W16+aqiFR0TyMw+t+uJR/toFBugCgYIKoEcz1UBgi2hRANCAASbhqSSBAKIzno2
DZnjrqQCTzzxPadb67IhCLkH1aXPrbAIJuUMeDpsVI0UFdMD/qwSm85oQGlrrjMF
QBT4Nwx3
-----END PRIVATE KEY-----
0| ]$�1����1=v�an��y�o)�]{ۺ�H!՝<!!F��`dhW+��;�=
Zύ
Q����Gq|2
��N��d(h���������d�˗'�)j "[��
--- FAIL: TestSM2 (0.02s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x4114351]
goroutine 6 [running]:
testing.tRunner.func1.1(0x41a8be0, 0x432c9b0)
/usr/local/Cellar/go/1.14.1/libexec/src/testing/testing.go:941 +0x3d0
testing.tRunner.func1(0xc000130360)
/usr/local/Cellar/go/1.14.1/libexec/src/testing/testing.go:944 +0x3f9
panic(0x41a8be0, 0x432c9b0)
/usr/local/Cellar/go/1.14.1/libexec/src/runtime/panic.go:967 +0x166
math/big.(*Int).Cmp(0x0, 0xc00000ea00, 0x1)
/usr/local/Cellar/go/1.14.1/libexec/src/math/big/int.go:328 +0x41
github.com/Hyperledger-TWGC/ccs-gm/sm2.maybeReduceModP(0x0, 0xc000239c20)
/Users/yuanyi/go/pkg/mod/github.com/!hyperledger-!t!w!g!c/[email protected]/sm2/sm2p256_amd64.go:222 +0x3e
github.com/Hyperledger-TWGC/ccs-gm/sm2.p256Curve.ScalarMult(0xc000012740, 0x0, 0x0, 0xc000016760, 0x20, 0x20, 0x0, 0x4175359)
/Users/yuanyi/go/pkg/mod/github.com/!hyperledger-!t!w!g!c/[email protected]/sm2/sm2p256_amd64.go:323 +0xa0
github.com/Hyperledger-TWGC/ccs-gm/sm2.Decrypt(0xc000024480, 0x7e, 0x7e, 0xc000012780, 0x1, 0x7f, 0x0, 0x0, 0x7e)
/Users/yuanyi/go/pkg/mod/github.com/!hyperledger-!t!w!g!c/[email protected]/sm2/sm2enc.go:129 +0x174
command-line-arguments.TestSM2(0xc000130360)
/Users/yuanyi/go/src/github.com/SamYuan1990/fabric-gm-plugins/interop/sm2Interop_test.go:44 +0x5c0
testing.tRunner(0xc000130360, 0x41e50e0)
/usr/local/Cellar/go/1.14.1/libexec/src/testing/testing.go:992 +0xdc
created by testing.(*T).Run
/usr/local/Cellar/go/1.14.1/libexec/src/testing/testing.go:1043 +0x357
FAIL command-line-arguments 1.305s
FAIL
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.