dream-common 1.1.41 → 1.1.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/CryptoJS/HttpRequest.js +9 -6
  2. package/package.json +1 -1
package/lib/CryptoJS/HttpRequest.js CHANGED
@@ -2,7 +2,8 @@
2
2
 
3
3
  import {
4
4
  sm2,
5
- sm4
5
+ sm4,
6
+ sm3
6
7
  } from 'sm-crypto';
7
8
  import {base64ToHex, hexToBase64} from './Base64Utils.js';
8
9
  import {md5} from './md5.js';
@@ -49,8 +50,9 @@ export function encryptSecureData(request = {}, privateKey, useBase64 = true) {
49
50
 
50
51
  const signValue = useBase64 ? hexToBase64(signValueStr) : signValueStr;
51
52
  // 3. 生成 SM4 密钥和 IV(通过 MD5)
52
- const keyHex = md5_32(signValue); // 32 hex → 16 bytes
53
- const ivHex = md5_32(signSource); // 32 hex → 16 bytes
53
+ const hashData = sm3(signValue) // 杂凑
54
+ const keyHex = md5_32(signValue + hashData); // 32 hex → 16 bytes
55
+ const ivHex = md5_32(signSource + keyHex + hashData); // 32 hex → 16 bytes
54
56
 
55
57
  // 4. 序列化业务数据
56
58
  const dataJson = typeof request.data === 'string' ? request.data : JSON.stringify(request.data);
@@ -86,7 +88,7 @@ export function encryptSecureData(request = {}, privateKey, useBase64 = true) {
86
88
  * @returns {boolean}
87
89
  */
88
90
  export function verifySecureSign(request, publicKey, useBase64 = true) {
89
- const signSource = objectToSignString(request, 'encData', 'signData', 'data');
91
+ const signSource = objectToSignString(request, 'signData', 'data');
90
92
  const signatureHex = useBase64 ? base64ToHex(request.signData) : request.signData;
91
93
  return sm2.doVerifySignature(signSource, signatureHex, publicKey, {
92
94
  der: true
@@ -104,8 +106,9 @@ export function verifySecureSign(request, publicKey, useBase64 = true) {
104
106
  export function decryptSecureData(request, privateKey, useBase64 = true) {
105
107
  // 1. 重算签名原文(用于生成 key/iv)
106
108
  const signSource = objectToSignString(request, 'encData', 'signData', 'data');
107
- const lvHax = md5_32(signSource);
108
- const keyHax = md5_32(request.signData);
109
+ const hashData = sm3(signValue) // 杂凑
110
+ const keyHex = md5_32(signValue + hashData); // 32 hex → 16 bytes
111
+ const ivHex = md5_32(signSource + keyHex + hashData); // 32 hex → 16 bytes
109
112
 
110
113
  // 3. 处理 encData(base64 → hex)
111
114
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "dream-common",
3
- "version": "1.1.41",
3
+ "version": "1.1.44",
4
4
  "description": "",
5
5
  "main": "index.js",
6
6
  "scripts": {