diff --git a/docs/sm2.md b/docs/sm2.md index 07bff0a..321429b 100644 --- a/docs/sm2.md +++ b/docs/sm2.md @@ -89,7 +89,7 @@ func ExampleNewPublicKey() { | PKCS#8 | ```smx509.ParsePKCS8PrivateKey```可以处理未加密的;```pkcs8.ParsePKCS8PrivateKeySM2```可以处理未加密的,也可以处理加密的 | | PKCS#7 | Cryptographic Message Syntax, 可以参考github.com/emmansun/pkcs7/sign_enveloped_test.go中的```TestParseSignedEvnvelopedData```,测试数据来自 https://www.gmcert.org/ | | CFCA自定义封装 | 顾名思义,这个封装是CFCA特定的,修改自PKCS#12,使用```cfca.ParseSM2```方法来解析 | -|《GB/T 35276-2017 信息安全技术 SM2密码算法使用规范》| 这个规范还比较新,可能实现的系统比较少,而且加密方是使用您已知的SM2公钥加密对称加密密钥的(类似信封加密),而不是基于密码/口令的KDF方法来产生对称加密密钥。使用```sm2.ParseEnvelopedPrivateKey```解析 | +|《GB/T 35276-2017 信息安全技术 SM2密码算法使用规范》| 这个规范还比较新,使用```sm2.ParseEnvelopedPrivateKey```解析。典型的应用场景是CA机构返回CSRResponse, 里面包含签名证书、CA生成的SM2加密私钥以及相应的SM2加密证书,其中SM2加密私钥就用该规范定义的方式加密封装。请参考《GM/T 0092-2020 基于SM2算法的证书申请语法规范》 | 有些系统可能会直接存储、得到私钥的字节数组,那么您可以使用如下方法来构造私钥: ```go diff --git a/sm2/sm2_envelopedkey.go b/sm2/sm2_envelopedkey.go index fb02355..b324eb0 100644 --- a/sm2/sm2_envelopedkey.go +++ b/sm2/sm2_envelopedkey.go @@ -32,6 +32,9 @@ var ( // // This implementation follows GB/T 35276-2017, uses SM4 cipher to encrypt sm2 private key. // Please note the standard did NOT clarify if the ECB mode requires padding or not. +// +// This function can be used in CSRResponse.encryptedPrivateKey, reference GM/T 0092-2020 +// Specification of certificate request syntax based on SM2 cryptographic algorithm. func MarshalEnvelopedPrivateKey(rand io.Reader, pub *ecdsa.PublicKey, tobeEnveloped *PrivateKey) ([]byte, error) { // encrypt sm2 private key size := (tobeEnveloped.Curve.Params().N.BitLen() + 7) / 8 diff --git a/smx509/csr_rsp.go b/smx509/csr_rsp.go new file mode 100644 index 0000000..1405b81 --- /dev/null +++ b/smx509/csr_rsp.go @@ -0,0 +1,145 @@ +// Marshal & Parse CSRResponse which is defined in GM/T 0092-2020 +// Specification of certificate request syntax based on SM2 cryptographic algorithm. + +package smx509 + +import ( + "bytes" + "crypto/ecdsa" + "crypto/rand" + "encoding/asn1" + "errors" + + "github.com/emmansun/gmsm/sm2" +) + +// CSRResponse represents the response of a certificate signing request. +type CSRResponse struct { + SignCerts []*Certificate + EncryptPrivateKey *sm2.PrivateKey + EncryptCerts []*Certificate +} + +type tbsCSRResponse struct { + SignCerts rawCertificates + EncryptedPrivateKey asn1.RawValue `asn1:"optional,tag:0"` + EncryptCerts rawCertificates `asn1:"optional,tag:1"` +} + +type rawCertificates struct { + Raw asn1.RawContent +} + +// ParseCSRResponse parses a CSRResponse from DER format. +func ParseCSRResponse(signPrivateKey *sm2.PrivateKey, der []byte) (CSRResponse, error) { + result := CSRResponse{} + resp := &tbsCSRResponse{} + rest, err := asn1.Unmarshal(der, resp) + if err != nil || len(rest) > 0 { + return result, errors.New("smx509: invalid CSRResponse asn1 data") + } + signCerts, err := resp.SignCerts.Parse() + if err != nil || len(signCerts) == 0 { + return result, errors.New("smx509: invalid sign certificates") + } + + // further check sign public key against the private key + if !signPrivateKey.PublicKey.Equal(signCerts[0].PublicKey) { + return result, errors.New("smx509: sign public key mismatch") + } + + var encPrivateKey *sm2.PrivateKey + if len(resp.EncryptedPrivateKey.Bytes) > 0 { + encPrivateKey, err = sm2.ParseEnvelopedPrivateKey(signPrivateKey, resp.EncryptedPrivateKey.Bytes) + if err != nil { + return result, err + } + } + var encryptCerts []*Certificate + if len(resp.EncryptCerts.Raw) > 0 { + encryptCerts, err = resp.EncryptCerts.Parse() + if err != nil { + return result, err + } + } + + // further check the public key of the encrypt certificate + if encPrivateKey != nil && len(encryptCerts) == 0 { + return result, errors.New("smx509: missing encrypt certificate") + } + + if encPrivateKey != nil && !encPrivateKey.PublicKey.Equal(encryptCerts[0].PublicKey) { + return result, errors.New("smx509: encrypt key pair mismatch") + } + + result.SignCerts = signCerts + result.EncryptPrivateKey = encPrivateKey + result.EncryptCerts = encryptCerts + return result, nil +} + +// MarshalCSRResponse marshals a CSRResponse to DER format. +func MarshalCSRResponse(signCerts []*Certificate, encryptPrivateKey *sm2.PrivateKey, encryptCerts []*Certificate) ([]byte, error) { + if len(signCerts) == 0 { + return nil, errors.New("smx509: no sign certificate") + } + signPubKey, ok := signCerts[0].PublicKey.(*ecdsa.PublicKey) + if !ok || !sm2.IsSM2PublicKey(signPubKey) { + return nil, errors.New("smx509: invalid sign public key") + } + + // further check the public key of the encrypt certificate + if encryptPrivateKey != nil && len(encryptCerts) == 0 { + return nil, errors.New("smx509: missing encrypt certificate") + } + if encryptPrivateKey != nil && !encryptPrivateKey.PublicKey.Equal(encryptCerts[0].PublicKey) { + return nil, errors.New("smx509: encrypt key pair mismatch") + } + + resp := tbsCSRResponse{} + resp.SignCerts = marshalCertificates(signCerts) + if encryptPrivateKey != nil && len(encryptCerts) > 0 { + privateKeyBytes, err := sm2.MarshalEnvelopedPrivateKey(rand.Reader, signPubKey, encryptPrivateKey) + if err != nil { + return nil, err + } + resp.EncryptedPrivateKey = asn1.RawValue{Class: 2, Tag: 0, IsCompound: true, Bytes: privateKeyBytes} + resp.EncryptCerts = marshalCertificates(encryptCerts) + } + return asn1.Marshal(resp) +} + +// concats and wraps the certificates in the RawValue structure +func marshalCertificates(certs []*Certificate) rawCertificates { + var buf bytes.Buffer + for _, cert := range certs { + buf.Write(cert.Raw) + } + rawCerts, _ := marshalCertificateBytes(buf.Bytes()) + return rawCerts +} + +// Even though, the tag & length are stripped out during marshalling the +// RawContent, we have to encode it into the RawContent. If its missing, +// then `asn1.Marshal()` will strip out the certificate wrapper instead. +func marshalCertificateBytes(certs []byte) (rawCertificates, error) { + var val = asn1.RawValue{Bytes: certs, Class: 2, Tag: 0, IsCompound: true} + b, err := asn1.Marshal(val) + if err != nil { + return rawCertificates{}, err + } + return rawCertificates{Raw: b}, nil +} + +func (raw rawCertificates) Parse() ([]*Certificate, error) { + if len(raw.Raw) == 0 { + return nil, nil + } + + var val asn1.RawValue + if _, err := asn1.Unmarshal(raw.Raw, &val); err != nil { + return nil, err + } + + return ParseCertificates(val.Bytes) +} diff --git a/smx509/csr_rsp_test.go b/smx509/csr_rsp_test.go new file mode 100644 index 0000000..b324380 --- /dev/null +++ b/smx509/csr_rsp_test.go @@ -0,0 +1,155 @@ +package smx509_test + +import ( + "crypto" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "fmt" + "math/big" + "os" + "testing" + "time" + + "github.com/emmansun/gmsm/sm2" + "github.com/emmansun/gmsm/smx509" +) + +type certKeyPair struct { + Certificate *smx509.Certificate + PrivateKey *crypto.PrivateKey +} + +func createTestCertificate() ([]*certKeyPair, error) { + signer, err := createTestCertificateByIssuer("Test CA", nil, true) + if err != nil { + return nil, err + } + pair1, err := createTestCertificateByIssuer("Test Org Sign", signer, false) + if err != nil { + return nil, err + } + pair2, err := createTestCertificateByIssuer("Test Org Enc", signer, false) + if err != nil { + return nil, err + } + return []*certKeyPair{pair1, pair2, signer}, nil +} + +func createTestCertificateByIssuer(name string, issuer *certKeyPair, isCA bool) (*certKeyPair, error) { + var ( + err error + priv crypto.PrivateKey + derCert []byte + issuerCert *smx509.Certificate + issuerKey crypto.PrivateKey + ) + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 32) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + if err != nil { + return nil, err + } + + template := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + CommonName: name, + Organization: []string{"Acme Co"}, + }, + NotBefore: time.Now().Add(-1 * time.Second), + NotAfter: time.Now().AddDate(1, 0, 0), + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection}, + } + if issuer != nil { + issuerCert = issuer.Certificate + issuerKey = *issuer.PrivateKey + } + + priv, err = sm2.GenerateKey(rand.Reader) + if err != nil { + return nil, err + } + + pkey := priv.(crypto.Signer) + if isCA { + template.IsCA = true + template.KeyUsage |= x509.KeyUsageCertSign + template.BasicConstraintsValid = true + } + if issuer == nil { + // no issuer given,make this a self-signed root cert + issuerCert = (*smx509.Certificate)(&template) + issuerKey = priv + } + + derCert, err = smx509.CreateCertificate(rand.Reader, &template, (*x509.Certificate)(issuerCert), pkey.Public(), issuerKey) + if err != nil { + return nil, err + } + if len(derCert) == 0 { + return nil, fmt.Errorf("no certificate created, probably due to wrong keys. types were %T and %T", priv, issuerKey) + } + cert, err := smx509.ParseCertificate(derCert) + if err != nil { + return nil, err + } + pem.Encode(os.Stdout, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}) + return &certKeyPair{ + Certificate: cert, + PrivateKey: &priv, + }, nil +} + +func TestMarshalCSRResponse(t *testing.T) { + pairs, err := createTestCertificate() + if err != nil { + t.Fatal(err) + } + + signPrivKey, _ := (*pairs[0].PrivateKey).(*sm2.PrivateKey) + encPrivKey, _ := (*pairs[1].PrivateKey).(*sm2.PrivateKey) + + // Call the function + result, err := smx509.MarshalCSRResponse([]*smx509.Certificate{pairs[0].Certificate, pairs[2].Certificate}, encPrivKey, []*smx509.Certificate{pairs[1].Certificate, pairs[2].Certificate}) + + // Check the result + if err != nil { + t.Errorf("Unexpected error: %v", err) + } + + resp, err := smx509.ParseCSRResponse(signPrivKey, result) + if err != nil { + t.Errorf("Unexpected error: %v", err) + } + if len(resp.SignCerts) != 2 { + t.Errorf("Unexpected number of sign certs: %d", len(resp.SignCerts)) + } + if resp.EncryptPrivateKey == nil || !encPrivKey.Equal(resp.EncryptPrivateKey) { + t.Errorf("Unexpected encrypt private key") + } + if len(resp.EncryptCerts) != 2 { + t.Errorf("Unexpected number of encrypt certs: %d", len(resp.EncryptCerts)) + } + + // Marshal sign certificate only + result, err = smx509.MarshalCSRResponse([]*smx509.Certificate{pairs[0].Certificate, pairs[2].Certificate}, nil, nil) + // Check the result + if err != nil { + t.Errorf("Unexpected error: %v", err) + } + resp, err = smx509.ParseCSRResponse(signPrivKey, result) + if err != nil { + t.Errorf("Unexpected error: %v", err) + } + if len(resp.SignCerts) != 2 { + t.Errorf("Unexpected number of sign certs: %d", len(resp.SignCerts)) + } + if resp.EncryptPrivateKey != nil { + t.Errorf("Unexpected encrypt private key") + } + if resp.EncryptCerts != nil { + t.Errorf("Unexpected encrypt certs") + } +}