sm-crypto-v2 0.3.12

package/src/sm2/index.ts

@@ -0,0 +1,267 @@
+/* eslint-disable no-use-before-define */
+import { BigInteger } from 'jsbn'
+import { encodeDer, decodeDer } from './asn1'
+import { arrayToHex, arrayToUtf8, concatArray, generateEcparam, generateKeyPairHex, getGlobalCurve, hexToArray, leftPad, utf8ToHex } from './utils'
+import { sm3 } from './sm3'
+export * from './utils'
+const { G, curve, n } = generateEcparam()
+const C1C2C3 = 0
+
+/**
+ * 加密
+ */
+export function doEncrypt(msg: string | Uint8Array, publicKey: string, cipherMode = 1) {
+
+  const msgArr = typeof msg === 'string' ? hexToArray(utf8ToHex(msg)) : Uint8Array.from(msg)
+  const publicKeyPoint = getGlobalCurve().decodePointHex(publicKey) // 先将公钥转成点
+
+  const keypair = generateKeyPairHex()
+  const k = new BigInteger(keypair.privateKey, 16) // 随机数 k
+
+  // c1 = k * G
+  let c1 = keypair.publicKey
+  if (c1.length > 128) c1 = c1.substring(c1.length - 128)
+
+  // (x2, y2) = k * publicKey
+  const p = publicKeyPoint!.multiply(k)
+  const x2 = hexToArray(leftPad(p.getX().toBigInteger().toRadix(16), 64))
+  const y2 = hexToArray(leftPad(p.getY().toBigInteger().toRadix(16), 64))
+
+  // c3 = hash(x2 || msg || y2)
+  const c3 = arrayToHex(Array.from(sm3(concatArray(x2, msgArr, y2))));
+
+  let ct = 1
+  let offset = 0
+  let t: Uint8Array = new Uint8Array() // 256 位
+  const z = concatArray(x2, y2)
+  const nextT = () => {
+    // (1) Hai = hash(z || ct)
+    // (2) ct++
+    t = sm3(Uint8Array.from([...z, ct >> 24 & 0x00ff, ct >> 16 & 0x00ff, ct >> 8 & 0x00ff, ct & 0x00ff]))
+    ct++
+    offset = 0
+  }
+  nextT() // 先生成 Ha1
+
+  for (let i = 0, len = msgArr.length; i < len; i++) {
+    // t = Ha1 || Ha2 || Ha3 || Ha4
+    if (offset === t.length) nextT()
+
+    // c2 = msg ^ t
+    msgArr[i] ^= t[offset++] & 0xff
+  }
+  const c2 = arrayToHex(Array.from(msgArr))
+
+  return cipherMode === C1C2C3 ? c1 + c2 + c3 : c1 + c3 + c2
+}
+
+/**
+ * 解密
+ */
+export function doDecrypt(encryptData: string, privateKey: string, cipherMode?: number, options?: {
+  output: 'array'
+}): Uint8Array
+export function doDecrypt(encryptData: string, privateKey: string, cipherMode?: number, options?: {
+  output: 'string'
+}): string
+export function doDecrypt(encryptData: string, privateKey: string, cipherMode = 1, {
+  output = 'string',
+} = {}) {
+  const privateKeyInteger = new BigInteger(privateKey, 16)
+
+  let c3 = encryptData.substring(128, 128 + 64)
+  let c2 = encryptData.substring(128 + 64)
+
+  if (cipherMode === C1C2C3) {
+    c3 = encryptData.substring(encryptData.length - 64)
+    c2 = encryptData.substring(128, encryptData.length - 64)
+  }
+
+  const msg = hexToArray(c2)
+  const c1 = getGlobalCurve().decodePointHex('04' + encryptData.substring(0, 128))!
+
+  const p = c1.multiply(privateKeyInteger)
+  const x2 = hexToArray(leftPad(p.getX().toBigInteger().toRadix(16), 64))
+  const y2 = hexToArray(leftPad(p.getY().toBigInteger().toRadix(16), 64))
+  let ct = 1
+  let offset = 0
+  let t = new Uint8Array() // 256 位
+  const z = concatArray(x2, y2)
+  const nextT = () => {
+    // (1) Hai = hash(z || ct)
+    // (2) ct++
+    t = sm3(Uint8Array.from([...z, ct >> 24 & 0x00ff, ct >> 16 & 0x00ff, ct >> 8 & 0x00ff, ct & 0x00ff]))
+    ct++
+    offset = 0
+  }
+  nextT() // 先生成 Ha1
+
+  for (let i = 0, len = msg.length; i < len; i++) {
+    // t = Ha1 || Ha2 || Ha3 || Ha4
+    if (offset === t.length) nextT()
+
+    // c2 = msg ^ t
+    msg[i] ^= t[offset++] & 0xff
+  }
+  // c3 = hash(x2 || msg || y2)
+  const checkC3 = arrayToHex(Array.from(sm3(concatArray(x2, msg, y2))))
+
+  if (checkC3 === c3.toLowerCase()) {
+    return output === 'array' ? msg : arrayToUtf8(msg)
+  } else {
+    return output === 'array' ? [] : ''
+  }
+}
+
+export interface SignaturePoint {
+  k: BigInteger
+  x1: BigInteger
+}
+
+/**
+ * 签名
+ */
+export function doSignature(msg: Uint8Array | string, privateKey: string, options: {
+  pointPool?: SignaturePoint[], der?: boolean, hash?: boolean, publicKey?: string, userId?: string
+} = {}) {
+  let {
+    pointPool, der, hash, publicKey, userId
+  } = options
+  let hashHex = typeof msg === 'string' ? utf8ToHex(msg) : arrayToHex(Array.from(msg))
+
+  if (hash) {
+    // sm3杂凑
+    publicKey = publicKey || getPublicKeyFromPrivateKey(privateKey)
+    hashHex = getHash(hashHex, publicKey, userId)
+  }
+
+  const dA = new BigInteger(privateKey, 16)
+  const e = new BigInteger(hashHex, 16)
+
+  // k
+  let k: BigInteger | null = null
+  let r: BigInteger | null = null
+  let s: BigInteger | null = null
+
+  do {
+    do {
+      let point: SignaturePoint
+      if (pointPool && pointPool.length) {
+        point = pointPool.pop()!
+      } else {
+        point = getPoint()
+      }
+      k = point.k
+
+      // r = (e + x1) mod n
+      r = e.add(point.x1).mod(n)
+    } while (r.equals(BigInteger.ZERO) || r.add(k).equals(n))
+
+    // s = ((1 + dA)^-1 * (k - r * dA)) mod n
+    s = dA.add(BigInteger.ONE).modInverse(n).multiply(k.subtract(r.multiply(dA))).mod(n)
+  } while (s.equals(BigInteger.ZERO))
+
+  if (der) return encodeDer(r, s) // asn.1 der 编码
+
+  return leftPad(r.toString(16), 64) + leftPad(s.toString(16), 64)
+}
+
+/**
+ * 验签
+ */
+export function doVerifySignature(msg: string | Uint8Array, signHex: string, publicKey: string, options: { der?: boolean, hash?: boolean, userId?: string } = {}) {
+  let hashHex: string
+  const {
+    hash,
+    der,
+    userId,
+  } = options
+  if (hash) {
+    // sm3杂凑
+    hashHex = getHash(typeof msg === 'string' ? utf8ToHex(msg) : msg, publicKey, userId)
+  } else {
+    hashHex = typeof msg === 'string' ? utf8ToHex(msg) : arrayToHex(Array.from(msg))
+  }
+
+  let r: BigInteger;
+  let s: BigInteger;
+  if (der) {
+    const decodeDerObj = decodeDer(signHex) // asn.1 der 解码
+    r = decodeDerObj.r
+    s = decodeDerObj.s
+  } else {
+    r = new BigInteger(signHex.substring(0, 64), 16)
+    s = new BigInteger(signHex.substring(64), 16)
+  }
+
+  const PA = curve.decodePointHex(publicKey)!
+  const e = new BigInteger(hashHex, 16)
+
+  // t = (r + s) mod n
+  const t = r.add(s).mod(n)
+
+  if (t.equals(BigInteger.ZERO)) return false
+
+  // x1y1 = s * G + t * PA
+  const x1y1 = G.multiply(s).add(PA.multiply(t))
+
+  // R = (e + x1) mod n
+  const R = e.add(x1y1.getX().toBigInteger()).mod(n)
+
+  return r.equals(R)
+}
+
+/**
+ * sm3杂凑算法
+ */
+export function getHash(hashHex: string | Uint8Array, publicKey: string, userId = '1234567812345678') {
+  // z = hash(entl || userId || a || b || gx || gy || px || py)
+  userId = utf8ToHex(userId)
+  const a = leftPad(G.curve.a.toBigInteger().toRadix(16), 64)
+  const b = leftPad(G.curve.b.toBigInteger().toRadix(16), 64)
+  const gx = leftPad(G.getX().toBigInteger().toRadix(16), 64)
+  const gy = leftPad(G.getY().toBigInteger().toRadix(16), 64)
+  let px: string
+  let py: string
+  if (publicKey.length === 128) {
+    px = publicKey.substring(0, 64)
+    py = publicKey.substring(64, 128)
+  } else {
+    const point = G.curve.decodePointHex(publicKey)!
+    px = leftPad(point.getX().toBigInteger().toRadix(16), 64)
+    py = leftPad(point.getY().toBigInteger().toRadix(16), 64)
+  }
+  const data = hexToArray(userId + a + b + gx + gy + px + py)
+
+  const entl = userId.length * 4
+
+  const z = sm3(concatArray(new Uint8Array([entl >> 8 & 0x00ff, entl & 0x00ff]), data))
+
+  // e = hash(z || msg)
+  return arrayToHex(Array.from(sm3(concatArray(z, typeof hashHex === 'string' ? hexToArray(hashHex) : hashHex))))
+}
+
+/**
+ * 计算公钥
+ */
+export function getPublicKeyFromPrivateKey(privateKey: string) {
+  const PA = G.multiply(new BigInteger(privateKey, 16))
+  const x = leftPad(PA.getX().toBigInteger().toString(16), 64)
+  const y = leftPad(PA.getY().toBigInteger().toString(16), 64)
+  return '04' + x + y
+}
+
+/**
+ * 获取椭圆曲线点
+ */
+export function getPoint() {
+  const keypair = generateKeyPairHex()
+  const PA = curve.decodePointHex(keypair.publicKey)
+
+  return {
+    ...keypair,
+    k: new BigInteger(keypair.privateKey, 16),
+    x1: PA!.getX().toBigInteger()
+  }
+}
+

package/src/sm2/sm3.ts

@@ -0,0 +1,174 @@
+import { concatArray } from './utils'
+
+// 消息扩展
+const W = new Uint32Array(68)
+const M = new Uint32Array(64) // W'
+
+/**
+ * 循环左移
+ */
+export function rotl(x: number, n: number) {
+  const s = n & 31
+  return (x << s) | (x >>> (32 - s))
+}
+
+/**
+ * 二进制异或运算
+ */
+function xor(x: Uint8Array, y: Uint8Array) {
+  const result = new Uint8Array(x.length)
+  for (let i = x.length - 1; i >= 0; i--) result[i] = (x[i] ^ y[i]) & 0xff
+  return result
+}
+
+/**
+ * 压缩函数中的置换函数 P0(X) = X xor (X <<< 9) xor (X <<< 17)
+ */
+function P0(X: number) {
+  return (X ^ rotl(X, 9)) ^ rotl(X, 17)
+}
+
+/**
+ * 消息扩展中的置换函数 P1(X) = X xor (X <<< 15) xor (X <<< 23)
+ */
+function P1(X: number) {
+  return (X ^ rotl(X, 15)) ^ rotl(X, 23)
+}
+
+/**
+ * sm3 本体
+ */
+export function sm3(array: Uint8Array) {
+  let len = array.length * 8
+  // k 是满足 len + 1 + k = 448mod512 的最小的非负整数
+  let k = len % 512
+  // 如果 448 <= (512 % len) < 512，需要多补充 (len % 448) 比特'0'以满足总比特长度为512的倍数
+  k = k >= 448 ? 512 - (k % 448) - 1 : 448 - k - 1
+
+  // 填充
+  const kArr = new Array((k - 7) / 8)
+  const lenArr = new Array(8)
+  for (let i = 0, len = kArr.length; i < len; i++) kArr[i] = 0
+  for (let i = 0, len = lenArr.length; i < len; i++) lenArr[i] = 0
+  let lenString = len.toString(2)
+  for (let i = 7; i >= 0; i--) {
+    if (lenString.length > 8) {
+      const start = lenString.length - 8
+      lenArr[i] = parseInt(lenString.substring(start), 2)
+      lenString = lenString.substring(0, start)
+    } else if (lenString.length > 0) {
+      lenArr[i] = parseInt(lenString, 2)
+      lenString = ''
+    }
+  }
+  const m = Uint8Array.from([...array, 0x80, ...kArr, ...lenArr])
+  const dataView = new DataView(m.buffer, 0)
+
+  // 迭代压缩
+  const n = m.length / 64
+  const V = new Uint32Array([0x7380166f, 0x4914b2b9, 0x172442d7, 0xda8a0600, 0xa96f30bc, 0x163138aa, 0xe38dee4d, 0xb0fb0e4e])
+  for (let i = 0; i < n; i++) {
+    W.fill(0)
+    M.fill(0)
+
+    // 将消息分组B划分为 16 个字 W0， W1，……，W15
+    const start = 16 * i
+    for (let j = 0; j < 16; j++) {
+      W[j] = dataView.getUint32((start + j) * 4, false)
+    }
+
+    // W16 ～ W67：W[j] <- P1(W[j−16] xor W[j−9] xor (W[j−3] <<< 15)) xor (W[j−13] <<< 7) xor W[j−6]
+    for (let j = 16; j < 68; j++) {
+      W[j] = (P1((W[j - 16] ^ W[j - 9]) ^ rotl(W[j - 3], 15)) ^ rotl(W[j - 13], 7)) ^ W[j - 6]
+    }
+
+    // W′0 ～ W′63：W′[j] = W[j] xor W[j+4]
+    for (let j = 0; j < 64; j++) {
+      M[j] = W[j] ^ W[j + 4]
+    }
+
+    // 压缩
+    const T1 = 0x79cc4519
+    const T2 = 0x7a879d8a
+    // 字寄存器
+    let A = V[0]
+    let B = V[1]
+    let C = V[2]
+    let D = V[3]
+    let E = V[4]
+    let F = V[5]
+    let G = V[6]
+    let H = V[7]
+    // 中间变量
+    let SS1: number
+    let SS2: number
+    let TT1: number
+    let TT2: number
+    let T: number
+    for (let j = 0; j < 64; j++) {
+      T = j >= 0 && j <= 15 ? T1 : T2
+      SS1 = rotl(rotl(A, 12) + E + rotl(T, j), 7)
+      SS2 = SS1 ^ rotl(A, 12)
+
+      TT1 = (j >= 0 && j <= 15 ? ((A ^ B) ^ C) : (((A & B) | (A & C)) | (B & C))) + D + SS2 + M[j]
+      TT2 = (j >= 0 && j <= 15 ? ((E ^ F) ^ G) : ((E & F) | ((~E) & G))) + H + SS1 + W[j]
+
+      D = C
+      C = rotl(B, 9)
+      B = A
+      A = TT1
+      H = G
+      G = rotl(F, 19)
+      F = E
+      E = P0(TT2)
+    }
+
+    V[0] ^= A
+    V[1] ^= B
+    V[2] ^= C
+    V[3] ^= D
+    V[4] ^= E
+    V[5] ^= F
+    V[6] ^= G
+    V[7] ^= H
+  }
+
+  // 转回 uint8
+  const result = new Uint8Array(V.length * 4)
+  for (let i = 0, len = V.length; i < len; i++) {
+    const word = V[i]
+    result[i * 4] = (word & 0xff000000) >>> 24
+    result[i * 4 + 1] = (word & 0xff0000) >>> 16
+    result[i * 4 + 2] = (word & 0xff00) >>> 8
+    result[i * 4 + 3] = word & 0xff
+  }
+
+  return result
+}
+
+/**
+ * hmac 实现
+ */
+const blockLen = 64
+const iPad = new Uint8Array(blockLen)
+const oPad = new Uint8Array(blockLen)
+for (let i = 0; i < blockLen; i++) {
+  iPad[i] = 0x36
+  oPad[i] = 0x5c
+}
+
+export function hmac(input: Uint8Array, key: Uint8Array) {
+  // 密钥填充
+  if (key.length > blockLen) key = sm3(key)
+  while (key.length < blockLen) {
+    const padKey = new Uint8Array(blockLen)
+    padKey.set(key)
+    key = padKey
+  }
+
+  const iPadKey = xor(key, iPad)
+  const oPadKey = xor(key, oPad)
+
+  const hash = sm3(concatArray(iPadKey, input))
+  return sm3(concatArray(oPadKey, hash))
+}

package/src/sm2/utils.ts

@@ -0,0 +1,208 @@
+/* eslint-disable no-bitwise, no-mixed-operators, no-use-before-define, max-len */
+import { BigInteger, RandomGenerator, SecureRandom } from 'jsbn'
+import { ECCurveFp } from './ec'
+
+declare module 'jsbn' {
+  export class SecureRandom implements RandomGenerator {
+    nextBytes(bytes: number[]): void;
+  }
+}
+
+const rng = new SecureRandom()
+const {curve, G, n} = generateEcparam()
+
+/**
+ * 获取公共椭圆曲线
+ */
+export function getGlobalCurve() {
+  return curve
+}
+
+/**
+ * 生成ecparam
+ */
+export function generateEcparam() {
+  // 椭圆曲线
+  const p = new BigInteger('FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF', 16)
+  const a = new BigInteger('FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC', 16)
+  const b = new BigInteger('28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93', 16)
+  const curve = new ECCurveFp(p, a, b)
+
+  // 基点
+  const gxHex = '32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7'
+  const gyHex = 'BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0'
+  const G = curve.decodePointHex('04' + gxHex + gyHex)!
+
+  const n = new BigInteger('FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123', 16)
+
+  return {curve, G, n}
+}
+
+/**
+ * 生成密钥对：publicKey = privateKey * G
+ */
+export function generateKeyPairHex(a?: number | string, b?: number, c?: RandomGenerator) {
+  const random = typeof a === 'string' ? new BigInteger(a, b) :
+    a ? new BigInteger(a, b!, c!) : new BigInteger(n.bitLength(), rng)
+  const d = random.mod(n.subtract(BigInteger.ONE)).add(BigInteger.ONE) // 随机数
+  const privateKey = leftPad(d.toString(16), 64)
+
+  const P = G!.multiply(d) // P = dG，p 为公钥，d 为私钥
+  const Px = leftPad(P.getX().toBigInteger().toString(16), 64)
+  const Py = leftPad(P.getY().toBigInteger().toString(16), 64)
+  const publicKey = '04' + Px + Py
+  return {privateKey, publicKey}
+}
+
+/**
+ * 生成压缩公钥
+ */
+export function compressPublicKeyHex(s: string) {
+  if (s.length !== 130) throw new Error('Invalid public key to compress')
+
+  const len = (s.length - 2) / 2
+  const xHex = s.substring(2, 2 + len)
+  const y = new BigInteger(s.substring(len + 2, len + len + 2), 16)
+
+  let prefix = '03'
+  if (y.mod(new BigInteger('2')).equals(BigInteger.ZERO)) prefix = '02'
+  return prefix + xHex
+}
+
+/**
+ * utf8串转16进制串
+ */
+export function utf8ToHex(input: string) {
+  input = decodeURIComponent(encodeURIComponent(input))
+
+  const length = input.length
+
+  // 转换到字数组
+  const words = new Uint32Array((length >>> 2) + 1)
+  for (let i = 0; i < length; i++) {
+    words[i >>> 2] |= (input.charCodeAt(i) & 0xff) << (24 - (i % 4) * 8)
+  }
+
+  // 转换到16进制
+  const hexChars: string[]= []
+  for (let i = 0; i < length; i++) {
+    const bite = (words[i >>> 2] >>> (24 - (i % 4) * 8)) & 0xff
+    hexChars.push((bite >>> 4).toString(16))
+    hexChars.push((bite & 0x0f).toString(16))
+  }
+
+  return hexChars.join('')
+}
+
+/**
+ * 补全16进制字符串
+ */
+export function leftPad(input: string, num: number) {
+  if (input.length >= num) return input
+
+  return (new Array(num - input.length + 1)).join('0') + input
+}
+
+/**
+ * 转成16进制串
+ */
+export function arrayToHex(arr: number[]) {
+  return arr.map(item => {
+    const hex = item.toString(16)
+    return hex.length === 1 ? '0' + hex : hex
+  }).join('')
+}
+
+/**
+ * 转成utf8串
+ */
+export function arrayToUtf8(arr: Uint8Array) {
+  const str: string[] = []
+  for (let i = 0, len = arr.length; i < len; i++) {
+    if (arr[i] >= 0xf0 && arr[i] <= 0xf7) {
+      // 四字节
+      str.push(String.fromCodePoint(((arr[i] & 0x07) << 18) + ((arr[i + 1] & 0x3f) << 12) + ((arr[i + 2] & 0x3f) << 6) + (arr[i + 3] & 0x3f)))
+      i += 3
+    } else if (arr[i] >= 0xe0 && arr[i] <= 0xef) {
+      // 三字节
+      str.push(String.fromCodePoint(((arr[i] & 0x0f) << 12) + ((arr[i + 1] & 0x3f) << 6) + (arr[i + 2] & 0x3f)))
+      i += 2
+    } else if (arr[i] >= 0xc0 && arr[i] <= 0xdf) {
+      // 双字节
+      str.push(String.fromCodePoint(((arr[i] & 0x1f) << 6) + (arr[i + 1] & 0x3f)))
+      i++
+    } else {
+      // 单字节
+      str.push(String.fromCodePoint(arr[i]))
+    }
+  }
+
+  return str.join('')
+}
+
+/**
+ * 转成字节数组
+ */
+export function hexToArray(hexStr: string) {
+  let hexStrLength = hexStr.length
+
+  if (hexStrLength % 2 !== 0) {
+    hexStr = leftPad(hexStr, hexStrLength + 1)
+  }
+
+  hexStrLength = hexStr.length
+  const wordLength = hexStrLength / 2
+  const words = new Uint8Array(wordLength)
+
+  for (let i = 0; i < wordLength; i++) {
+    words[i] = (parseInt(hexStr.substring(i * 2, i * 2 + 2), 16))
+  }
+  return words
+}
+
+/**
+ * 验证公钥是否为椭圆曲线上的点
+ */
+export function verifyPublicKey(publicKey: string) {
+  const point = curve.decodePointHex(publicKey)
+  if (!point) return false
+
+  const x = point.getX()
+  const y = point.getY()
+
+  // 验证 y^2 是否等于 x^3 + ax + b
+  return y.square().equals(x.multiply(x.square()).add(x.multiply(curve.a)).add(curve.b))
+}
+
+/**
+ * 验证公钥是否等价，等价返回true
+ */
+export function comparePublicKeyHex(publicKey1: string, publicKey2: string) {
+  const point1 = curve.decodePointHex(publicKey1)
+  if (!point1) return false
+
+  const point2 = curve.decodePointHex(publicKey2)
+  if (!point2) return false
+
+  return point1.equals(point2)
+}
+
+
+export function concatArray(...arrays: Uint8Array[]) {
+  // sum of individual array lengths
+  let totalLength = arrays.reduce((acc, value) => acc + value.length, 0);
+
+  if (!arrays.length) return new Uint8Array();
+
+  let result = new Uint8Array(totalLength);
+
+  // for each array - copy it over result
+  // next array is copied right after the previous one
+  let length = 0;
+  for (let array of arrays) {
+    result.set(array, length);
+    length += array.length;
+  }
+
+  return result;
+}