跳到主要内容

crypto

简介

基于openssl libcrypto封装的密码算法库

组件接口

ec.gs

函数原型函数作用
ECPublicKey public_key(ECPrivateKey self)提取公钥
buffer sign(ECPrivateKey self, buffer data)签名
bool verify(ECPublicKey self, buffer signature, buffer data)验签
array generate_key(enum Curve curve_nid)生成密钥对

hashes.gs

函数原型函数作用
void update(Hash self, buffer data)更新哈希对象
Hash copy(Hash self)返回哈希对象的副本
buffer digest(Hash self)返回数据摘要
int MD4()返回md4哈希算法
int MD5()返回md5哈希算法
int MD5_SHA1()返回md5_sha1哈希算法
int SHA1()返回sha-1哈希算法
int SHA224()返回sha-224哈希算法
int SHA256()返回sha-256哈希算法
int SHA384()返回sha-384哈希算法
int SHA512()返回sha-512哈希算法
int SHA512_224()返回sha-512/224哈希算法
int SHA512_256()返回sha-512/256哈希算法
int SHA3_224()返回sha3-224哈希算法
int SHA3_256()返回sha3-256哈希算法
int SHA3_384()返回sha3-384哈希算法
int SHA3_512()返回sha3-512哈希算法
int SM3()返回sm3哈希算法(国密哈希)

hmac.gs

函数原型函数作用
void update(HMAC self, buffer data)用data来更新HMAC对象。m.update(a); m.update(b);等价于m.update(a + b);
HMAC copy(HMAC self)返回HMAC对象的副本。(可被用来高效地计算共享相同前缀的数据的摘要)
buffer digest(HMAC self)返回当前已传给update()方法的字节串数据的摘要。
HMAC new(buffer key, int md)返回一个新的HMAC对象。

ECPrivateKey.gs

函数原型函数作用
object public_key()提取公钥
buffer sign(buffer data)签名

ECPublicKey.gs

函数原型函数作用
bool verify(buffer signature, buffer data)验签

Hash.gs

函数原型函数作用
void update(buffer data)更新哈希对象
object copy()返回哈希对象的副本
buffer digest()返回数据摘要

HMAC.gs

函数原型函数作用
void update(buffer data)用data来更新HMAC对象。m.update(a); m.update(b);等价于m.update(a + b);
object copy()返回HMAC对象的副本。(可被用来高效地计算共享相同前缀的数据的摘要)
buffer digest()返回当前已传给update()方法的字节串数据的摘要。

RSAPrivateKey.gs

函数原型函数作用
object public_key()提取公钥
buffer private_bytes()私钥序列化
buffer decrypt(buffer ciphertext, enum RSAPadding pad_mode)解密
buffer sign(buffer data, int type)签名

RSAPublicKey.gs

函数原型函数作用
buffer public_bytes()公钥序列化
buffer encrypt(buffer plaintext, enum RSAPadding pad_mode)加密
bool verify(buffer signature, buffer data, int type)验签

rsa.gs

函数原型函数作用
RSAPublicKey public_key(RSAPrivateKey self)提取公钥
buffer private_bytes(RSAPrivateKey self)私钥序列化
buffer decrypt(RSAPrivateKey self, buffer ciphertext, enum RSAPadding pad_mode)解密
buffer sign(RSAPrivateKey self, buffer data, int type)签名
buffer public_bytes(RSAPublicKey self)公钥序列化
buffer encrypt(RSAPublicKey self, buffer plaintext, enum RSAPadding pad_mode)加密
bool verify(RSAPublicKey self, buffer signature, buffer data, int type)验签
RSAPrivateKey generate_private_key(int bits, int e = 65537)生成私钥
RSAPrivateKey load_pem_private_key(buffer data)加载私钥
RSAPublicKey load_pem_public_key(buffer data)加载公钥

枚举

Curve


    prime192v1 = 409,
    prime256v1 = 415,
    secp224r1 = 713,
    secp256k1 = 714,
    secp384r1 = 715,
    secp521r1 = 716,
    sect163k1 = 721,
    sect163r2 = 723,
    sect233k1 = 726,
    sect233r1 = 727,
    sect283k1 = 729,
    sect283r1 = 730,
    sect409k1 = 731,
    sect409r1 = 732,
    sect571k1 = 733,
    sect571r1 = 734,
    brainpoolP256r1 = 927,
    brainpoolP384r1 = 931,
    brainpoolP512r1 = 933,

RSAPadding


    RSA_PKCS1_PADDING = 1,
    RSA_SSLV23_PADDING = 2,
    RSA_NO_PADDING = 3,
    RSA_PKCS1_OAEP_PADDING = 4,
    RSA_X931_PADDING = 5,
    RSA_PKCS1_PSS_PADDING = 6,

样例

import gs.lang.buffer;

import pkg.crypto;
import pkg.crypto.hashes;
import pkg.crypto.hmac;
import pkg.crypto.Padding;
import pkg.crypto.rsa;

public void sample()
{
    load_static(crypto);

    /**
     * 1. Hash
     */

    // 创建MD5哈希对象(有多种可选的哈希算法)
    mixed md5 = hashes.new(hashes.MD5());

    // 针对缓冲区中的字节数据计算摘要(可分批读取数据,反复调用该函数来计算摘要)
    md5.update((buffer)"Hello, world!");

    // 获取摘要
    buffer digest = md5.digest();

    printf("digest: %O\n", digest);
    printf("hexdigest: %s\n", digest.to_hex());

    // 创建SHA256哈希对象
    mixed sha256 = hashes.new(hashes.SHA256());

    sha256.update((buffer)"Hello,");
    printf("hexdigest (part): %s\n", sha256.digest().to_hex());
    sha256.update((buffer)" world!");
    printf("hexdigest (full): %s\n", sha256.digest().to_hex());

    /**
     * 2. HMAC
     */

    mixed hmac_md5 = hmac.new((buffer)"secret", hashes.MD5());

    hmac_md5.update((buffer)"Hello, world!");
    printf("hmac: %s\n", hmac_md5.digest().to_hex());

    hmac_md5 = hmac.new((buffer)"secret", hashes.MD5());

    hmac_md5.update((buffer)"Hello,");
    printf("hmac (part): %s\n", hmac_md5.digest().to_hex());
    hmac_md5.update((buffer)" world!");
    printf("hmac (full): %s\n", hmac_md5.digest().to_hex());

    /**
     * 3. RSA
     */

    // 生成私钥
    mixed pri_key = rsa.generate_private_key(1024);

    // 私钥序列化
#if 0
    file.write_all("/key.pem", pri_key.private_bytes());
#else
    printf("%s\n", (string)pri_key.private_bytes());
#endif

    // 提取公钥
    mixed pub_key = pri_key.public_key();

    // 公钥序列化
#if 0
    file.write_all("/pub_key.pem", pub_key.public_bytes());
#else
    printf("%s\n", (string)pub_key.public_bytes());
#endif

    // 公钥加密
    buffer ciphertext = pub_key.encrypt((buffer)"Hello, world!", RSAPadding.RSA_PKCS1_OAEP_PADDING);
    printf("Encrypted: %O\n", ciphertext);

    // 私钥解密
    string plaintext = (string)pri_key.decrypt(ciphertext, RSAPadding.RSA_PKCS1_OAEP_PADDING);
    printf("Decrypted: %O\n", plaintext);

    // $ openssl genrsa -out key.pem 1024
    // $ openssl rsa -in key.pem -pubout -out pub_key.pem

    // 读取私钥
    pri_key = rsa.load_pem_private_key(file.read_all("/key.pem", "b"));

    // 读取公钥
    pub_key = rsa.load_pem_public_key(file.read_all("/pub_key.pem", "b"));

    // 私钥签名
    buffer sig = pri_key.sign((buffer)"A message I want to sign", hashes.SHA256());
    printf("Signature: %O\n", sig);

    // 公钥验签
    printf("Verify: %O\n", pub_key.verify(sig, (buffer)"A message I want to sign", hashes.SHA256()));

    // 公钥验签(已篡改)
    printf("Verify: %O\n", pub_key.verify(sig, (buffer)"A message i want to sign", hashes.SHA256()));
}