From 82ccb955272486393b22a4ab3f2ca64472ed02fc Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Fri, 14 Mar 2025 15:26:34 +0800 Subject: [PATCH] sm9,internal/sm9: update comments #314 --- internal/sm9/sm9.go | 64 +++++++++++++++---------- internal/sm9/sm9_key.go | 42 ++++++++-------- internal/sm9/sm9_test.go | 42 ++++++++++++++++ sm9/sm9_key.go | 100 +++++++++++++++++++-------------------- smx509/parser_test.go | 2 +- 5 files changed, 153 insertions(+), 97 deletions(-) diff --git a/internal/sm9/sm9.go b/internal/sm9/sm9.go index 85d2d97..46f6d33 100644 --- a/internal/sm9/sm9.go +++ b/internal/sm9/sm9.go @@ -103,7 +103,7 @@ func randomScalar(rand io.Reader) (k *bigmod.Nat, err error) { // The signature is randomized. Most applications should use [crypto/rand.Reader] // as rand. Note that the returned signature does not depend deterministically on // the bytes read from rand, and may change between calls and/or between versions. -func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.SignerOpts) ([]byte, []byte, error) { +func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.SignerOpts) (h []byte, S []byte, err error) { var ( hNat *bigmod.Nat s *bn256.G1 @@ -120,13 +120,12 @@ func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.Signer return nil, nil, err } - var buffer []byte - buffer = append(append(buffer, hash...), w.Marshal()...) + buffer := append(append([]byte{}, hash...), w.Marshal()...) hNat = hashH2(buffer) r.Sub(hNat, orderNat) - if r.IsZero() == 0 { + if r.IsZero() == 0 { // r != 0 s, err = new(bn256.G1).ScalarMult(priv.PrivateKey, r.Bytes(orderNat)) if err != nil { return nil, nil, err @@ -134,13 +133,18 @@ func (priv *SignPrivateKey) Sign(rand io.Reader, hash []byte, opts crypto.Signer break } } - return hNat.Bytes(orderNat), s.MarshalUncompressed(), nil + h = hNat.Bytes(orderNat) + S = s.MarshalUncompressed() + return } // Verify checks the validity of a signature using the provided parameters. -func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, h, s []byte) bool { +func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, h, S []byte) bool { sPoint := new(bn256.G1) - _, err := sPoint.Unmarshal(s[1:]) + if len(S) == len(bn256.OrderMinus1Bytes)+1 && S[0] != 0x04 { + return false + } + _, err := sPoint.Unmarshal(S[1:]) if err != nil || !sPoint.IsOnCurve() { return false } @@ -178,14 +182,12 @@ func (pub *SignMasterPublicKey) Verify(uid []byte, hid byte, hash, h, s []byte) // - A byte slice containing the generated key. // - A byte slice containing the uncompressed ciphertext. // - An error if any occurs during the key wrapping process. -func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte, kLen int) ([]byte, []byte, error) { +func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte, kLen int) (key []byte, cipher []byte, err error) { q := pub.GenerateUserPublicKey(uid, hid) var ( - err error - r *bigmod.Nat - w *bn256.GT - cipher *bn256.G1 - key []byte + r *bigmod.Nat + w *bn256.GT + c *bn256.G1 ) for { r, err = randomScalar(rand) @@ -194,7 +196,7 @@ func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte, } rBytes := r.Bytes(orderNat) - cipher, err = new(bn256.G1).ScalarMult(q, rBytes) + c, err = new(bn256.G1).ScalarMult(q, rBytes) if err != nil { return nil, nil, err } @@ -204,7 +206,7 @@ func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte, return nil, nil, err } var buffer []byte - buffer = append(buffer, cipher.Marshal()...) + buffer = append(buffer, c.Marshal()...) buffer = append(buffer, w.Marshal()...) buffer = append(buffer, uid...) @@ -213,21 +215,25 @@ func (pub *EncryptMasterPublicKey) WrapKey(rand io.Reader, uid []byte, hid byte, break } } - return key, cipher.MarshalUncompressed(), nil + cipher = c.MarshalUncompressed() + return } - // UnwrapKey decrypts the given cipher text using the private key and user ID (uid). // It returns the decrypted key of the specified length (kLen) or an error if decryption fails. -func (priv *EncryptPrivateKey) UnwrapKey(uid, cipher []byte, kLen int) ([]byte, error) { - if len(cipher) == 65 && cipher[0] != 0x04 { - return nil, ErrDecryption - } - if len(cipher) == 65 { +func (priv *EncryptPrivateKey) UnwrapKey(uid, cipher []byte, kLen int) (key []byte, err error) { + numBytes := 2 * len(bn256.OrderBytes) + if len(cipher) == numBytes+1 { + if cipher[0] != 0x04 { + return nil, ErrDecryption + } cipher = cipher[1:] } + if len(cipher) != numBytes { + return nil, ErrDecryption + } p := new(bn256.G1) - _, err := p.Unmarshal(cipher) + _, err = p.Unmarshal(cipher) if err != nil || !p.IsOnCurve() { return nil, ErrDecryption } @@ -239,11 +245,11 @@ func (priv *EncryptPrivateKey) UnwrapKey(uid, cipher []byte, kLen int) ([]byte, buffer = append(buffer, w.Marshal()...) buffer = append(buffer, uid...) - key := sm3.Kdf(buffer, kLen) + key = sm3.Kdf(buffer, kLen) if subtle.ConstantTimeAllZero(key) == 1 { return nil, ErrDecryption } - return key, nil + return } // ErrDecryption represents a failure to decrypt a message. @@ -359,6 +365,10 @@ func (ke *KeyExchange) generateSharedKey(isResponder bool) ([]byte, error) { } func respondKeyExchange(ke *KeyExchange, hid byte, r *bigmod.Nat, rA []byte) ([]byte, []byte, error) { + numBytes := 2 * len(bn256.OrderBytes) + if len(rA) != numBytes+1 || rA[0] != 0x04 { + return nil, nil, errors.New("sm9: invalid initiator's ephemeral public key") + } rP := new(bn256.G1) _, err := rP.Unmarshal(rA[1:]) if err != nil || !rP.IsOnCurve() { @@ -406,6 +416,10 @@ func (ke *KeyExchange) RespondKeyExchange(rand io.Reader, hid byte, rA []byte) ( // ConfirmResponder for initiator's step A5-A7 func (ke *KeyExchange) ConfirmResponder(rB, sB []byte) ([]byte, []byte, error) { + numBytes := 2 * len(bn256.OrderBytes) + if len(rB) != numBytes+1 || rB[0] != 0x04 { + return nil, nil, errors.New("sm9: invalid responder's ephemeral public key") + } pB := new(bn256.G1) _, err := pB.Unmarshal(rB[1:]) if err != nil || !pB.IsOnCurve() { diff --git a/internal/sm9/sm9_key.go b/internal/sm9/sm9_key.go index eea6109..9143afc 100644 --- a/internal/sm9/sm9_key.go +++ b/internal/sm9/sm9_key.go @@ -16,13 +16,13 @@ import ( "github.com/emmansun/gmsm/internal/subtle" ) -// SignMasterPrivateKey master private key for sign, generated by KGC +// SignMasterPrivateKey is a signature master private key, generated by KGC type SignMasterPrivateKey struct { *SignMasterPublicKey // master public key privateKey []byte // master private key } -// SignMasterPublicKey master public key for sign, generated by KGC +// SignMasterPublicKey is a signature master public key, generated by KGC type SignMasterPublicKey struct { MasterPublicKey *bn256.G2 // master public key pairOnce sync.Once @@ -31,19 +31,19 @@ type SignMasterPublicKey struct { table *[32 * 2]bn256.GTFieldTable // precomputed basePoint^n } -// SignPrivateKey user private key for sign, generated by KGC +// SignPrivateKey is a signature private key, generated by KGC type SignPrivateKey struct { PrivateKey *bn256.G1 // user private key *SignMasterPublicKey // master public key } -// EncryptMasterPrivateKey master private key for encryption, generated by KGC +// EncryptMasterPrivateKey is an encryption master private key, generated by KGC type EncryptMasterPrivateKey struct { *EncryptMasterPublicKey // master public key privateKey []byte // master private key } -// EncryptMasterPublicKey master private key for encryption, generated by KGC +// EncryptMasterPublicKey is an encryption master public key, generated by KGC type EncryptMasterPublicKey struct { MasterPublicKey *bn256.G1 // public key pairOnce sync.Once @@ -52,13 +52,13 @@ type EncryptMasterPublicKey struct { table *[32 * 2]bn256.GTFieldTable // precomputed basePoint^n } -// EncryptPrivateKey user private key for encryption, generated by KGC +// EncryptPrivateKey is an encryption private key, generated by KGC type EncryptPrivateKey struct { PrivateKey *bn256.G2 // user private key *EncryptMasterPublicKey // master public key } -// GenerateSignMasterKey generates a master public and private key pair for DSA usage. +// GenerateSignMasterKey generates a signature master key pair for DSA usage. func GenerateSignMasterKey(rand io.Reader) (*SignMasterPrivateKey, error) { key := make([]byte, len(bn256.OrderMinus1Bytes)) randutil.MaybeReadByte(rand) @@ -137,7 +137,7 @@ func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*Sign t1Nat.Add(d, orderNat) if t1Nat.IsZero() == 1 { - return nil, errors.New("sm9: need to re-generate sign master private key") + return nil, errors.New("sm9: need to re-generate signature master private key") } t1Nat = bigmod.NewNat().Exp(t1Nat, bn256.OrderMinus2Bytes, orderNat) @@ -154,7 +154,7 @@ func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*Sign return priv, nil } -// Public returns the public key corresponding to priv. +// Public returns the public key corresponding to the private key. func (master *SignMasterPrivateKey) Public() *SignMasterPublicKey { return master.SignMasterPublicKey } @@ -195,7 +195,7 @@ func (pub *SignMasterPublicKey) ScalarBaseMult(scalar []byte) (*bn256.GT, error) return bn256.ScalarBaseMultGT(tables, scalar) } -// GenerateUserPublicKey generate user sign public key +// GenerateUserPublicKey generate a signature public key for given user. func (pub *SignMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) *bn256.G2 { var buffer []byte buffer = append(append(buffer, uid...), hid) @@ -220,12 +220,12 @@ func (priv *SignPrivateKey) Bytes() []byte { return priv.PrivateKey.MarshalUncompressed() } -// MasterPublic returns the master public key corresponding to priv. +// MasterPublic returns the master public key corresponding to the private key. func (priv *SignPrivateKey) MasterPublic() *SignMasterPublicKey { return priv.SignMasterPublicKey } -// SetMasterPublicKey bind the sign master public key to it. +// SetMasterPublicKey bind the signature master public key to it. func (priv *SignPrivateKey) SetMasterPublicKey(pub *SignMasterPublicKey) { if priv.SignMasterPublicKey == nil || priv.SignMasterPublicKey.MasterPublicKey == nil { priv.SignMasterPublicKey = pub @@ -251,7 +251,7 @@ func unmarshalG2(bytes []byte) (*bn256.G2, error) { return g2, nil } -// UnmarshalRaw unmarsal raw bytes data to sign master public key +// UnmarshalRaw unmarsal raw bytes data to signature master public key func (pub *SignMasterPublicKey) UnmarshalRaw(bytes []byte) error { g2, err := unmarshalG2(bytes) if err != nil { @@ -280,7 +280,7 @@ func unmarshalG1(bytes []byte) (*bn256.G1, error) { return g, nil } -// UnmarshalRaw unmarsal raw bytes data to sign user private key +// UnmarshalRaw unmarsal raw bytes data to the signature private key // Note, priv's SignMasterPublicKey should be handled separately. func (priv *SignPrivateKey) UnmarshalRaw(bytes []byte) error { g, err := unmarshalG1(bytes) @@ -291,7 +291,7 @@ func (priv *SignPrivateKey) UnmarshalRaw(bytes []byte) error { return nil } -// GenerateEncryptMasterKey generates a master public and private key pair for encryption usage. +// GenerateEncryptMasterKey generates an encryption master key pair. func GenerateEncryptMasterKey(rand io.Reader) (*EncryptMasterPrivateKey, error) { key := make([]byte, len(bn256.OrderMinus1Bytes)) randutil.MaybeReadByte(rand) @@ -356,7 +356,7 @@ func (master *EncryptMasterPrivateKey) Equal(x *EncryptMasterPrivateKey) bool { return master.EncryptMasterPublicKey.Equal(x.EncryptMasterPublicKey) && _subtle.ConstantTimeCompare(master.privateKey, x.privateKey) == 1 } -// GenerateUserKey generate an user key for encryption. +// GenerateUserKey generate an encryption private key for the given user. func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*EncryptPrivateKey, error) { var id []byte id = append(append(id, uid...), hid) @@ -370,7 +370,7 @@ func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*E t1Nat.Add(d, orderNat) if t1Nat.IsZero() == 1 { - return nil, errors.New("sm9: need to re-generate encrypt master private key") + return nil, errors.New("sm9: need to re-generate encryption master private key") } t1Nat = bigmod.NewNat().Exp(t1Nat, bn256.OrderMinus2Bytes, orderNat) @@ -387,7 +387,7 @@ func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*E return priv, nil } -// Public returns the public key corresponding to priv. +// Public returns the public key corresponding to the private key. func (master *EncryptMasterPrivateKey) Public() *EncryptMasterPublicKey { return master.EncryptMasterPublicKey } @@ -426,7 +426,7 @@ func (pub *EncryptMasterPublicKey) ScalarBaseMult(scalar []byte) (*bn256.GT, err return bn256.ScalarBaseMultGT(tables, scalar) } -// GenerateUserPublicKey generate user encrypt public key +// GenerateUserPublicKey generate an encrypt public key for the given user. func (pub *EncryptMasterPublicKey) GenerateUserPublicKey(uid []byte, hid byte) *bn256.G1 { var buffer []byte buffer = append(append(buffer, uid...), hid) @@ -463,7 +463,7 @@ func (priv *EncryptPrivateKey) SetMasterPublicKey(pub *EncryptMasterPublicKey) { } } -// UnmarshalRaw unmarsal raw bytes data to encrypt master public key +// UnmarshalRaw unmarsal raw bytes data to the encryption master public key func (pub *EncryptMasterPublicKey) UnmarshalRaw(bytes []byte) error { g, err := unmarshalG1(bytes) if err != nil { @@ -473,7 +473,7 @@ func (pub *EncryptMasterPublicKey) UnmarshalRaw(bytes []byte) error { return nil } -// UnmarshalRaw unmarsal raw bytes data to encrypt user private key +// UnmarshalRaw unmarsal raw bytes data to the encryption private key // Note, priv's EncryptMasterPublicKey should be handled separately. func (priv *EncryptPrivateKey) UnmarshalRaw(bytes []byte) error { g, err := unmarshalG2(bytes) diff --git a/internal/sm9/sm9_test.go b/internal/sm9/sm9_test.go index b4862d9..6c267f2 100644 --- a/internal/sm9/sm9_test.go +++ b/internal/sm9/sm9_test.go @@ -175,6 +175,25 @@ func TestWrapKey(t *testing.T) { if !bytes.Equal(key, key2) { t.Errorf("expected %x, got %x", key, key2) } + + key2, err = userKey.UnwrapKey(uid, cipher[1:], 16) + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(key, key2) { + t.Errorf("expected %x, got %x", key, key2) + } + + cipher[0] = 0 + _, err = userKey.UnwrapKey(uid, cipher, 16) + if err != ErrDecryption { + t.Errorf("expected ErrDecryption, got %v", err) + } + _, err = userKey.UnwrapKey(uid, nil, 16) + if err != ErrDecryption { + t.Errorf("expected ErrDecryption, got %v", err) + } } // SM9 Appendix C @@ -431,12 +450,35 @@ func TestKeyExchange(t *testing.T) { } // B1 - B7 + if _, _, err = responder.RespondKeyExchange(rand.Reader, hid, nil); err == nil { + t.Errorf("should fail") + } + if _, _, err = responder.RespondKeyExchange(rand.Reader, hid, rA[1:]); err == nil { + t.Errorf("should fail") + } + rA[0] = 0 + if _, _, err = responder.RespondKeyExchange(rand.Reader, hid, rA); err == nil { + t.Errorf("should fail") + } + rA[0] = 0x4 + rB, sigB, err := responder.RespondKeyExchange(rand.Reader, hid, rA) if err != nil { t.Fatal(err) } // A5 -A8 + if _, _, err = initiator.ConfirmResponder(nil, sigB); err == nil { + t.Errorf("should fail") + } + if _, _, err = initiator.ConfirmResponder(rB[1:], sigB); err == nil { + t.Errorf("should fail") + } + rB[0] = 0 + if _, _, err = initiator.ConfirmResponder(rB, sigB); err == nil { + t.Errorf("should fail") + } + rB[0] = 0x4 key1, sigA, err := initiator.ConfirmResponder(rB, sigB) if err != nil { t.Fatal(err) diff --git a/sm9/sm9_key.go b/sm9/sm9_key.go index 5568890..819985e 100644 --- a/sm9/sm9_key.go +++ b/sm9/sm9_key.go @@ -12,37 +12,37 @@ import ( cryptobyte_asn1 "golang.org/x/crypto/cryptobyte/asn1" ) -// SignMasterPrivateKey master private key for sign, generated by KGC +// SignMasterPrivateKey is a signature master private key, generated by KGC type SignMasterPrivateKey struct { privateKey *sm9.SignMasterPrivateKey } -// SignMasterPublicKey master public key for sign, generated by KGC +// SignMasterPublicKey is a signature master public key, generated by KGC type SignMasterPublicKey struct { publicKey *sm9.SignMasterPublicKey } -// SignPrivateKey user private key for sign, generated by KGC +// SignPrivateKey is a signature private key, generated by KGC type SignPrivateKey struct { privateKey *sm9.SignPrivateKey } -// EncryptMasterPrivateKey master private key for encryption, generated by KGC +// EncryptMasterPrivateKey is an encryption master private key, generated by KGC type EncryptMasterPrivateKey struct { privateKey *sm9.EncryptMasterPrivateKey } -// EncryptMasterPublicKey master private key for encryption, generated by KGC +// EncryptMasterPublicKey is an encryption master public key, generated by KGC type EncryptMasterPublicKey struct { publicKey *sm9.EncryptMasterPublicKey } -// EncryptPrivateKey user private key for encryption, generated by KGC +// EncryptPrivateKey is an encryption private key, generated by KGC type EncryptPrivateKey struct { privateKey *sm9.EncryptPrivateKey } -// GenerateSignMasterKey generates a master public and private key pair for DSA usage. +// GenerateSignMasterKey generates a signature master key pair for DSA usage. func GenerateSignMasterKey(rand io.Reader) (*SignMasterPrivateKey, error) { priv, err := sm9.GenerateSignMasterKey(rand) if err != nil { @@ -72,7 +72,7 @@ func (master *SignMasterPrivateKey) MarshalASN1() ([]byte, error) { return b.Bytes() } -// UnmarshalSignMasterPrivateKeyASN1 unmarsal der data to sign master private key +// UnmarshalSignMasterPrivateKeyASN1 unmarsal der data to a signature master private key func UnmarshalSignMasterPrivateKeyASN1(der []byte) (*SignMasterPrivateKey, error) { input := cryptobyte.String(der) d := &big.Int{} @@ -83,16 +83,16 @@ func UnmarshalSignMasterPrivateKeyASN1(der []byte) (*SignMasterPrivateKey, error if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) || !input.Empty() || !inner.ReadASN1Integer(d) { - return nil, errors.New("sm9: invalid sign master private key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for signature master private key") } // Just parse it, didn't validate it if !inner.Empty() && (!inner.ReadASN1BitStringAsBytes(&pubBytes) || !inner.Empty()) { - return nil, errors.New("sm9: invalid sign master public key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for signature master public key") } } else if !input.ReadASN1Integer(d) || !input.Empty() { - return nil, errors.New("sm9: invalid sign master private key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for signature master private key") } - + privateKey, err := sm9.NewSignMasterPrivateKey(d.Bytes()) if err != nil { return nil, err @@ -100,7 +100,7 @@ func UnmarshalSignMasterPrivateKeyASN1(der []byte) (*SignMasterPrivateKey, error return &SignMasterPrivateKey{privateKey: privateKey}, nil } -// GenerateUserKey generate an user dsa key. +// GenerateUserKey generate a signature private key for the given user. func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*SignPrivateKey, error) { priv, err := master.privateKey.GenerateUserKey(uid, hid) if err != nil { @@ -109,7 +109,7 @@ func (master *SignMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*Sign return &SignPrivateKey{privateKey: priv}, nil } -// Public returns the public key corresponding to priv. +// Public returns the public key corresponding to the private key. func (master *SignMasterPrivateKey) Public() *SignMasterPublicKey { return &SignMasterPublicKey{master.privateKey.Public()} } @@ -126,7 +126,7 @@ func (pub *SignMasterPublicKey) Bytes() []byte { return pub.publicKey.Bytes() } -// MarshalASN1 marshal sign master public key to asn.1 format data according +// MarshalASN1 marshal signature master public key to asn.1 format data according // SM9 cryptographic algorithm application specification func (pub *SignMasterPublicKey) MarshalASN1() ([]byte, error) { var b cryptobyte.Builder @@ -134,7 +134,7 @@ func (pub *SignMasterPublicKey) MarshalASN1() ([]byte, error) { return b.Bytes() } -// MarshalCompressedASN1 marshal sign master public key to asn.1 format data according +// MarshalCompressedASN1 marshal signature master public key to asn.1 format data according // SM9 cryptographic algorithm application specification, the curve point is in compressed form. func (pub *SignMasterPublicKey) MarshalCompressedASN1() ([]byte, error) { var b cryptobyte.Builder @@ -142,7 +142,7 @@ func (pub *SignMasterPublicKey) MarshalCompressedASN1() ([]byte, error) { return b.Bytes() } -// UnmarshalSignMasterPublicKeyRaw unmarsal raw bytes data to sign master public key +// UnmarshalSignMasterPublicKeyRaw unmarsal raw bytes data to signature master public key func UnmarshalSignMasterPublicKeyRaw(bytes []byte) (pub *SignMasterPublicKey, err error) { pub = new(SignMasterPublicKey) pub.publicKey = new(sm9.SignMasterPublicKey) @@ -150,7 +150,7 @@ func UnmarshalSignMasterPublicKeyRaw(bytes []byte) (pub *SignMasterPublicKey, er return } -// UnmarshalSignMasterPublicKeyASN1 unmarsal der data to sign master public key +// UnmarshalSignMasterPublicKeyASN1 unmarsal der data to signature master public key func UnmarshalSignMasterPublicKeyASN1(der []byte) (*SignMasterPublicKey, error) { var bytes []byte var inner cryptobyte.String @@ -160,10 +160,10 @@ func UnmarshalSignMasterPublicKeyASN1(der []byte) (*SignMasterPublicKey, error) !input.Empty() || !inner.ReadASN1BitStringAsBytes(&bytes) || !inner.Empty() { - return nil, errors.New("sm9: invalid sign master public key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for signature master public key") } } else if !input.ReadASN1BitStringAsBytes(&bytes) || !input.Empty() { - return nil, errors.New("sm9: invalid sign master public key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for signature master public key") } return UnmarshalSignMasterPublicKeyRaw(bytes) } @@ -185,17 +185,17 @@ func (priv *SignPrivateKey) Bytes() []byte { return priv.privateKey.Bytes() } -// MasterPublic returns the master public key corresponding to priv. +// MasterPublic returns the signature master public key corresponding to priv. func (priv *SignPrivateKey) MasterPublic() *SignMasterPublicKey { return &SignMasterPublicKey{priv.privateKey.MasterPublic()} } -// setMasterPublicKey bind the sign master public key to it. +// setMasterPublicKey bind the signature master public key to it. func (priv *SignPrivateKey) setMasterPublicKey(pub *SignMasterPublicKey) { priv.privateKey.SetMasterPublicKey(pub.publicKey) } -// MarshalASN1 marshal sign user private key to asn.1 format data according +// MarshalASN1 marshal signature private key to asn.1 format data according // SM9 cryptographic algorithm application specification func (priv *SignPrivateKey) MarshalASN1() ([]byte, error) { var b cryptobyte.Builder @@ -203,7 +203,7 @@ func (priv *SignPrivateKey) MarshalASN1() ([]byte, error) { return b.Bytes() } -// MarshalCompressedASN1 marshal sign user private key to asn.1 format data according +// MarshalCompressedASN1 marshal signature private key to asn.1 format data according // SM9 cryptographic algorithm application specification, the curve point is in compressed form. func (priv *SignPrivateKey) MarshalCompressedASN1() ([]byte, error) { var b cryptobyte.Builder @@ -211,7 +211,7 @@ func (priv *SignPrivateKey) MarshalCompressedASN1() ([]byte, error) { return b.Bytes() } -// UnmarshalSignPrivateKeyRaw unmarsal raw bytes data to sign user private key +// UnmarshalSignPrivateKeyRaw unmarsal raw bytes data to signature private key // Note, priv's SignMasterPublicKey should be handled separately. func UnmarshalSignPrivateKeyRaw(bytes []byte) (*SignPrivateKey, error) { priv := new(SignPrivateKey) @@ -223,7 +223,7 @@ func UnmarshalSignPrivateKeyRaw(bytes []byte) (*SignPrivateKey, error) { return priv, nil } -// UnmarshalSignPrivateKeyASN1 unmarsal der data to sign user private key +// UnmarshalSignPrivateKeyASN1 unmarsal der data to signature private key // Note, priv's SignMasterPublicKey should be handled separately. func UnmarshalSignPrivateKeyASN1(der []byte) (*SignPrivateKey, error) { var bytes []byte @@ -234,13 +234,13 @@ func UnmarshalSignPrivateKeyASN1(der []byte) (*SignPrivateKey, error) { if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) || !input.Empty() || !inner.ReadASN1BitStringAsBytes(&bytes) { - return nil, errors.New("sm9: invalid sign user private key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for signature private key") } if !inner.Empty() && (!inner.ReadASN1BitStringAsBytes(&pubBytes) || !inner.Empty()) { - return nil,errors.New("sm9: invalid sign master public key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for signature master public key") } } else if !input.ReadASN1BitStringAsBytes(&bytes) || !input.Empty() { - return nil, errors.New("sm9: invalid sign user private key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for signature private key") } priv, err := UnmarshalSignPrivateKeyRaw(bytes) @@ -257,7 +257,7 @@ func UnmarshalSignPrivateKeyASN1(der []byte) (*SignPrivateKey, error) { return priv, nil } -// GenerateEncryptMasterKey generates a master public and private key pair for encryption usage. +// GenerateEncryptMasterKey generates an encryption master key pair. func GenerateEncryptMasterKey(rand io.Reader) (*EncryptMasterPrivateKey, error) { priv, err := sm9.GenerateEncryptMasterKey(rand) if err != nil { @@ -278,7 +278,7 @@ func (master *EncryptMasterPrivateKey) Equal(x *EncryptMasterPrivateKey) bool { return master.privateKey.Equal(x.privateKey) } -// GenerateUserKey generate an user key for encryption. +// GenerateUserKey generate an encryption private key for the given user. func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*EncryptPrivateKey, error) { priv, err := master.privateKey.GenerateUserKey(uid, hid) if err != nil { @@ -287,12 +287,12 @@ func (master *EncryptMasterPrivateKey) GenerateUserKey(uid []byte, hid byte) (*E return &EncryptPrivateKey{privateKey: priv}, nil } -// Public returns the public key corresponding to priv. +// Public returns the public key corresponding to the private key. func (master *EncryptMasterPrivateKey) Public() *EncryptMasterPublicKey { return &EncryptMasterPublicKey{publicKey: master.privateKey.Public()} } -// MarshalASN1 marshal encrypt master private key to asn.1 format data according +// MarshalASN1 marshal encryption master private key to asn.1 format data according // SM9 cryptographic algorithm application specification func (master *EncryptMasterPrivateKey) MarshalASN1() ([]byte, error) { d := new(big.Int).SetBytes(master.privateKey.Bytes()) @@ -301,7 +301,7 @@ func (master *EncryptMasterPrivateKey) MarshalASN1() ([]byte, error) { return b.Bytes() } -// UnmarshalEncryptMasterPrivateKeyASN1 unmarsal der data to encrypt master private key +// UnmarshalEncryptMasterPrivateKeyASN1 unmarsal der data to master encryption private key func UnmarshalEncryptMasterPrivateKeyASN1(der []byte) (*EncryptMasterPrivateKey, error) { input := cryptobyte.String(der) d := &big.Int{} @@ -311,14 +311,14 @@ func UnmarshalEncryptMasterPrivateKeyASN1(der []byte) (*EncryptMasterPrivateKey, if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) || !input.Empty() || !inner.ReadASN1Integer(d) { - return nil, errors.New("sm9: invalid encrypt master private key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for encryption master private key") } // Just parse it, did't validate it if !inner.Empty() && (!inner.ReadASN1BitStringAsBytes(&pubBytes) || !inner.Empty()) { - return nil, errors.New("sm9: invalid encrypt master public key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for encryption master public key") } } else if !input.ReadASN1Integer(d) || !input.Empty() { - return nil, errors.New("sm9: invalid encrypt master private key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for encryption master private key") } privateKey, err := sm9.NewEncryptMasterPrivateKey(d.Bytes()) if err != nil { @@ -339,7 +339,7 @@ func (pub *EncryptMasterPublicKey) Bytes() []byte { return pub.publicKey.Bytes() } -// MarshalASN1 marshal encrypt master public key to asn.1 format data according +// MarshalASN1 marshal encryption master public key to asn.1 format data according // SM9 cryptographic algorithm application specification func (pub *EncryptMasterPublicKey) MarshalASN1() ([]byte, error) { var b cryptobyte.Builder @@ -347,7 +347,7 @@ func (pub *EncryptMasterPublicKey) MarshalASN1() ([]byte, error) { return b.Bytes() } -// MarshalCompressedASN1 marshal encrypt master public key to asn.1 format data according +// MarshalCompressedASN1 marshal encryption master public key to asn.1 format data according // SM9 cryptographic algorithm application specification, the curve point is in compressed form. func (pub *EncryptMasterPublicKey) MarshalCompressedASN1() ([]byte, error) { var b cryptobyte.Builder @@ -355,7 +355,7 @@ func (pub *EncryptMasterPublicKey) MarshalCompressedASN1() ([]byte, error) { return b.Bytes() } -// UnmarshalEncryptMasterPublicKeyRaw unmarsal raw bytes data to encrypt master public key +// UnmarshalEncryptMasterPublicKeyRaw unmarsal raw bytes data to encryption master public key func UnmarshalEncryptMasterPublicKeyRaw(bytes []byte) (*EncryptMasterPublicKey, error) { pub := new(EncryptMasterPublicKey) pub.publicKey = new(sm9.EncryptMasterPublicKey) @@ -375,7 +375,7 @@ func ParseEncryptMasterPublicKeyPEM(data []byte) (*EncryptMasterPublicKey, error return UnmarshalEncryptMasterPublicKeyASN1(block.Bytes) } -// UnmarshalEncryptMasterPublicKeyASN1 unmarsal der data to encrypt master public key +// UnmarshalEncryptMasterPublicKeyASN1 unmarsal der data to encryption master public key func UnmarshalEncryptMasterPublicKeyASN1(der []byte) (*EncryptMasterPublicKey, error) { var bytes []byte var inner cryptobyte.String @@ -385,10 +385,10 @@ func UnmarshalEncryptMasterPublicKeyASN1(der []byte) (*EncryptMasterPublicKey, e !input.Empty() || !inner.ReadASN1BitStringAsBytes(&bytes) || !inner.Empty() { - return nil, errors.New("sm9: invalid encrypt master public key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for encryption master public key") } } else if !input.ReadASN1BitStringAsBytes(&bytes) || !input.Empty() { - return nil, errors.New("sm9: invalid encrypt master public key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for encryption master public key") } return UnmarshalEncryptMasterPublicKeyRaw(bytes) } @@ -403,7 +403,7 @@ func (priv *EncryptPrivateKey) setMasterPublicKey(pub *EncryptMasterPublicKey) { priv.privateKey.SetMasterPublicKey(pub.publicKey) } -// MarshalASN1 marshal encrypt user private key to asn.1 format data according +// MarshalASN1 marshal encryption private key to asn.1 format data according // SM9 cryptographic algorithm application specification func (priv *EncryptPrivateKey) MarshalASN1() ([]byte, error) { var b cryptobyte.Builder @@ -411,7 +411,7 @@ func (priv *EncryptPrivateKey) MarshalASN1() ([]byte, error) { return b.Bytes() } -// MarshalCompressedASN1 marshal encrypt user private key to asn.1 format data according +// MarshalCompressedASN1 marshal encryption private key to asn.1 format data according // SM9 cryptographic algorithm application specification, the curve point is in compressed form. func (priv *EncryptPrivateKey) MarshalCompressedASN1() ([]byte, error) { var b cryptobyte.Builder @@ -419,7 +419,7 @@ func (priv *EncryptPrivateKey) MarshalCompressedASN1() ([]byte, error) { return b.Bytes() } -// UnmarshalEncryptPrivateKeyRaw unmarsal raw bytes data to encrypt user private key +// UnmarshalEncryptPrivateKeyRaw unmarsal raw bytes data to encryption private key // Note, priv's EncryptMasterPublicKey should be handled separately. func UnmarshalEncryptPrivateKeyRaw(bytes []byte) (*EncryptPrivateKey, error) { priv := new(EncryptPrivateKey) @@ -431,7 +431,7 @@ func UnmarshalEncryptPrivateKeyRaw(bytes []byte) (*EncryptPrivateKey, error) { return priv, nil } -// UnmarshalEncryptPrivateKeyASN1 unmarsal der data to encrypt user private key +// UnmarshalEncryptPrivateKeyASN1 unmarsal der data to encryption private key // Note, priv's EncryptMasterPublicKey should be handled separately. func UnmarshalEncryptPrivateKeyASN1(der []byte) (*EncryptPrivateKey, error) { var bytes []byte @@ -442,13 +442,13 @@ func UnmarshalEncryptPrivateKeyASN1(der []byte) (*EncryptPrivateKey, error) { if !input.ReadASN1(&inner, cryptobyte_asn1.SEQUENCE) || !input.Empty() || !inner.ReadASN1BitStringAsBytes(&bytes) { - return nil, errors.New("sm9: invalid encrypt user private key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for encryption private key") } if !inner.Empty() && (!inner.ReadASN1BitStringAsBytes(&pubBytes) || !inner.Empty()) { - return nil, errors.New("sm9: invalid encrypt master public key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for encryption master public key") } } else if !input.ReadASN1BitStringAsBytes(&bytes) || !input.Empty() { - return nil, errors.New("sm9: invalid encrypt user private key asn1 data") + return nil, errors.New("sm9: invalid ASN.1 data for encryption private key") } priv, err := UnmarshalEncryptPrivateKeyRaw(bytes) if err != nil { diff --git a/smx509/parser_test.go b/smx509/parser_test.go index fb97025..0ac9ad6 100644 --- a/smx509/parser_test.go +++ b/smx509/parser_test.go @@ -81,7 +81,7 @@ func TestParseASN1String(t *testing.T) { tag: cryptobyte_asn1.Tag(asn1.TagBMPString), value: []byte{80, 81, 255, 254}, expectedErr: "invalid BMPString", - }, + }, { name: "IA5String", tag: cryptobyte_asn1.IA5String,