Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
cn.luues.tool.crypto.asymmetric.SM2 Maven / Gradle / Ivy
package cn.luues.tool.crypto.asymmetric;
import cn.luues.tool.core.lang.Assert;
import cn.luues.tool.core.util.HexUtil;
import cn.luues.tool.crypto.BCUtil;
import cn.luues.tool.crypto.CryptoException;
import cn.luues.tool.crypto.KeyUtil;
import cn.luues.tool.crypto.SecureUtil;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithID;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.signers.DSAEncoding;
import org.bouncycastle.crypto.signers.PlainDSAEncoding;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.crypto.signers.StandardDSAEncoding;
import java.security.PrivateKey;
import java.security.PublicKey;
/**
* 国密SM2算法实现,基于BC库 {
/**
* 算法EC
*/
private static final String ALGORITHM_SM2 = "SM2";
protected SM2Engine engine;
protected SM2Signer signer;
private ECPrivateKeyParameters privateKeyParams;
private ECPublicKeyParameters publicKeyParams;
private DSAEncoding encoding = StandardDSAEncoding.INSTANCE;
private Digest digest = new SM3Digest();
private SM2Engine.Mode mode = SM2Engine.Mode.C1C3C2;
// ------------------------------------------------------------------ Constructor start
/**
* 构造,生成新的私钥公钥对
*/
public SM2() {
this(null, (byte[]) null);
}
/**
* 构造
* C1 生成随机数的计算出的椭圆曲线点
* C2 密文数据
* C3 SM3的摘要值
*
*
* @param data 被加密的bytes
* @param keyType 私钥或公钥 {@link KeyType}
* @return 加密后的bytes
* @throws CryptoException 包括InvalidKeyException和InvalidCipherTextException的包装异常
*/
@Override
public byte[] encrypt(byte[] data, KeyType keyType) throws CryptoException {
if (KeyType.PublicKey != keyType) {
throw new IllegalArgumentException("Encrypt is only support by public key");
}
return encrypt(data, new ParametersWithRandom(getCipherParameters(keyType)));
}
/**
* 加密,SM2非对称加密的结果由C1,C2,C3三部分组成,其中:
*
*
* C1 生成随机数的计算出的椭圆曲线点
* C2 密文数据
* C3 SM3的摘要值
*
*
* @param data 被加密的bytes
* @param pubKeyParameters 公钥参数
* @return 加密后的bytes
* @throws CryptoException 包括InvalidKeyException和InvalidCipherTextException的包装异常
* @since 5.1.6
*/
public byte[] encrypt(byte[] data, CipherParameters pubKeyParameters) throws CryptoException {
lock.lock();
final SM2Engine engine = getEngine();
try {
engine.init(true, pubKeyParameters);
return engine.processBlock(data, 0, data.length);
} catch (InvalidCipherTextException e) {
throw new CryptoException(e);
} finally {
lock.unlock();
}
}
// --------------------------------------------------------------------------------- Decrypt
/**
* 解密
*
* @param data SM2密文,实际包含三部分:ECC公钥、真正的密文、公钥和原文的SM3-HASH值
* @param keyType 私钥或公钥 {@link KeyType}
* @return 加密后的bytes
* @throws CryptoException 包括InvalidKeyException和InvalidCipherTextException的包装异常
*/
@Override
public byte[] decrypt(byte[] data, KeyType keyType) throws CryptoException {
if (KeyType.PrivateKey != keyType) {
throw new IllegalArgumentException("Decrypt is only support by private key");
}
return decrypt(data, getCipherParameters(keyType));
}
/**
* 解密
*
* @param data SM2密文,实际包含三部分:ECC公钥、真正的密文、公钥和原文的SM3-HASH值
* @param privateKeyParameters 私钥参数
* @return 加密后的bytes
* @throws CryptoException 包括InvalidKeyException和InvalidCipherTextException的包装异常
* @since 5.1.6
*/
public byte[] decrypt(byte[] data, CipherParameters privateKeyParameters) throws CryptoException {
lock.lock();
final SM2Engine engine = getEngine();
try {
engine.init(false, privateKeyParameters);
return engine.processBlock(data, 0, data.length);
} catch (InvalidCipherTextException e) {
throw new CryptoException(e);
} finally {
lock.unlock();
}
}
// --------------------------------------------------------------------------------- Sign and Verify
/**
* 用私钥对信息生成数字签名
*
* @param dataHex 被签名的数据数据
* @return 签名
*/
public String signHex(String dataHex) {
return signHex(dataHex, null);
}
/**
* 用私钥对信息生成数字签名
*
* @param data 加密数据
* @return 签名
*/
public byte[] sign(byte[] data) {
return sign(data, null);
}
/**
* 用私钥对信息生成数字签名
*
* @param dataHex 被签名的数据数据
* @param idHex 可以为null,若为null,则默认withId为字节数组:"1234567812345678".getBytes()
* @return 签名
*/
public String signHex(String dataHex, String idHex) {
return HexUtil.encodeHexStr(sign(HexUtil.decodeHex(dataHex), HexUtil.decodeHex(idHex)));
}
/**
* 用私钥对信息生成数字签名
*
* @param data 被签名的数据数据
* @param id 可以为null,若为null,则默认withId为字节数组:"1234567812345678".getBytes()
* @return 签名
*/
public byte[] sign(byte[] data, byte[] id) {
lock.lock();
final SM2Signer signer = getSigner();
try {
CipherParameters param = new ParametersWithRandom(getCipherParameters(KeyType.PrivateKey));
if (id != null) {
param = new ParametersWithID(param, id);
}
signer.init(true, param);
signer.update(data, 0, data.length);
return signer.generateSignature();
} catch (org.bouncycastle.crypto.CryptoException e) {
throw new CryptoException(e);
} finally {
lock.unlock();
}
}
/**
* 用公钥检验数字签名的合法性
*
* @param dataHex 数据签名后的数据
* @param signHex 签名
* @return 是否验证通过
* @since 5.2.0
*/
public boolean verifyHex(String dataHex, String signHex) {
return verifyHex(dataHex, signHex, null);
}
/**
* 用公钥检验数字签名的合法性
*
* @param data 签名后的数据
* @param sign 签名
* @return 是否验证通过
*/
public boolean verify(byte[] data, byte[] sign) {
return verify(data, sign, null);
}
/**
* 用公钥检验数字签名的合法性
*
* @param dataHex 数据签名后的数据的Hex值
* @param signHex 签名的Hex值
* @param idHex ID的Hex值
* @return 是否验证通过
* @since 5.2.0
*/
public boolean verifyHex(String dataHex, String signHex, String idHex) {
return verify(HexUtil.decodeHex(dataHex), HexUtil.decodeHex(signHex), HexUtil.decodeHex(idHex));
}
/**
* 用公钥检验数字签名的合法性
*
* @param data 数据签名后的数据
* @param sign 签名
* @param id 可以为null,若为null,则默认withId为字节数组:"1234567812345678".getBytes()
* @return 是否验证通过
*/
public boolean verify(byte[] data, byte[] sign, byte[] id) {
lock.lock();
final SM2Signer signer = getSigner();
try {
CipherParameters param = getCipherParameters(KeyType.PublicKey);
if (id != null) {
param = new ParametersWithID(param, id);
}
signer.init(false, param);
signer.update(data, 0, data.length);
return signer.verifySignature(sign);
} finally {
lock.unlock();
}
}
@Override
public SM2 setPrivateKey(PrivateKey privateKey) {
super.setPrivateKey(privateKey);
// 重新初始化密钥参数,防止重新设置密钥时导致密钥无法更新
this.privateKeyParams = BCUtil.toParams(privateKey);
return this;
}
/**
* 设置私钥参数
*
* @param privateKeyParams 私钥参数
* @return this
* @since 5.2.0
*/
public SM2 setPrivateKeyParams(ECPrivateKeyParameters privateKeyParams) {
this.privateKeyParams = privateKeyParams;
return this;
}
@Override
public SM2 setPublicKey(PublicKey publicKey) {
super.setPublicKey(publicKey);
// 重新初始化密钥参数,防止重新设置密钥时导致密钥无法更新
this.publicKeyParams = BCUtil.toParams(publicKey);
return this;
}
/**
* 设置公钥参数
*
* @param publicKeyParams 公钥参数
* @return this
*/
public SM2 setPublicKeyParams(ECPublicKeyParameters publicKeyParams) {
this.publicKeyParams = publicKeyParams;
return this;
}
/**
* 设置DSA signatures的编码为PlainDSAEncoding
*
* @return this
* @since 5.3.1
*/
public SM2 usePlainEncoding() {
return setEncoding(PlainDSAEncoding.INSTANCE);
}
/**
* 设置DSA signatures的编码
*
* @param encoding {@link DSAEncoding}实现
* @return this
* @since 5.3.1
*/
public SM2 setEncoding(DSAEncoding encoding) {
this.encoding = encoding;
this.signer = null;
return this;
}
/**
* 设置Hash算法
*
* @param digest {@link Digest}实现
* @return this
* @since 5.3.1
*/
public SM2 setDigest(Digest digest) {
this.digest = digest;
this.engine = null;
this.signer = null;
return this;
}
/**
* 设置SM2模式,旧版是C1C2C3,新版本是C1C3C2
*
* @param mode {@link SM2Engine.Mode}
* @return this
*/
public SM2 setMode(SM2Engine.Mode mode) {
this.mode = mode;
this.engine = null;
return this;
}
// ------------------------------------------------------------------------------------------------------------------------- Private method start
/**
* 获取密钥类型对应的加密参数对象{@link CipherParameters}
*
* @param keyType Key类型枚举,包括私钥或公钥
* @return {@link CipherParameters}
*/
private CipherParameters getCipherParameters(KeyType keyType) {
switch (keyType) {
case PublicKey:
Assert.notNull(this.publicKeyParams, "PublicKey must be not null !");
return this.publicKeyParams;
case PrivateKey:
Assert.notNull(this.privateKeyParams, "PrivateKey must be not null !");
return this.privateKeyParams;
}
return null;
}
/**
* 获取{@link SM2Engine},此对象为懒加载模式
*
* @return {@link SM2Engine}
*/
private SM2Engine getEngine() {
if (null == this.engine) {
Assert.notNull(this.digest, "digest must be not null !");
this.engine = new SM2Engine(this.digest, this.mode);
}
this.digest.reset();
return this.engine;
}
/**
* 获取{@link SM2Signer},此对象为懒加载模式
*
* @return {@link SM2Signer}
*/
private SM2Signer getSigner() {
if (null == this.signer) {
Assert.notNull(this.digest, "digest must be not null !");
this.signer = new SM2Signer(this.encoding, this.digest);
}
this.digest.reset();
return this.signer;
}
// ------------------------------------------------------------------------------------------------------------------------- Private method end
}
