package util import ( "crypto" "crypto/rand" "crypto/rsa" "crypto/sha256" "encoding/asn1" "encoding/base64" "encoding/hex" "github.com/tjfoc/gmsm/sm2" "github.com/tjfoc/gmsm/x509" "math/big" "qteam/app/third/dfpOpenSdk/config" ) // SignatureByRSA RSA签名 func SignatureByRSA(content string, privateKey string) string { decodeString, err := base64.StdEncoding.DecodeString(privateKey) if err != nil { return "" } hash := sha256.New() hash.Write([]byte(content)) //Step3:获得明文的散列值 hashText := hash.Sum(nil) private, err := x509.ParsePKCS1PrivateKey(decodeString) sign, err := rsa.SignPKCS1v15( rand.Reader, private, crypto.SHA256, hashText, ) return base64.StdEncoding.EncodeToString(sign) } type sm2Signature struct { R, S *big.Int } // SignatureBySM2 SM2签名 func SignatureBySM2(content string, privateKey string) (string, error) { decodeString, _ := base64.StdEncoding.DecodeString(privateKey) pri, err := FormatPri(decodeString) if err != nil { return "", err } sign, _ := pri.Sign(rand.Reader, []byte(content), nil) signature := sm2Signature{} _, err = asn1.Unmarshal(sign, &signature) if err != nil { return "", err } rbytes := signature.R.Bytes() sbytes := signature.S.Bytes() resultbytes := append(rbytes, sbytes...) return base64.StdEncoding.EncodeToString(resultbytes), nil } func VerifyBySM2(contentBytes []byte, sign string, publicKey string) (bool, error) { pubKey := FromPublicKey(publicKey) //pri, err := FormatPri(decodeString) //if err != nil { // log.Fatal(err) // return false, err //} bytes, _ := base64.StdEncoding.DecodeString(sign) verify := pubKey.Verify(contentBytes, bytes) //verify := pri.Verify(contentBytes, bytes) return verify, nil } // EncryptBySM2PublicKey sm2公钥加密, 结果为base64格式 func EncryptBySM2PublicKey(encodedPublicKey string, contentBytes []byte) (string, error) { decodeString, err2 := base64.StdEncoding.DecodeString(encodedPublicKey) if err2 != nil { return "", nil } public, err := x509.ReadPublicKeyFromHex(hex.EncodeToString(decodeString)) if err != nil { return "", err } // asn1Encrypt, err := public.EncryptAsn1(contentBytes, rand.Reader) if err != nil { return "", err } unmarshal, err := sm2.CipherUnmarshal(asn1Encrypt) return base64.StdEncoding.EncodeToString(unmarshal), nil } // DecryptBySM2PrivateKey sm2私钥解密 func DecryptBySM2PrivateKey(encodedPrivateKey string, contentBytes []byte) ([]byte, error) { privateKeyBytes, err := base64.StdEncoding.DecodeString(encodedPrivateKey) if err != nil { return nil, err } privateKey, err := x509.ReadPrivateKeyFromHex(hex.EncodeToString(privateKeyBytes)) if err != nil { return nil, err } plaintext, err := privateKey.Decrypt(rand.Reader, contentBytes, nil) if err != nil { return nil, err } return plaintext, nil } // FormatPri 从私钥base64格式生成对应私钥格式 func FormatPri(priByte []byte) (*sm2.PrivateKey, error) { // 椭圆曲线 c := sm2.P256Sm2() // k倍点 k := new(big.Int).SetBytes(priByte) priv := new(sm2.PrivateKey) priv.PublicKey.Curve = c priv.D = k priv.PublicKey.X, priv.PublicKey.Y = c.ScalarBaseMult(k.Bytes()) return priv, nil } func FromPublicKey(publicKey string) *sm2.PublicKey { decodeKey, _ := base64.StdEncoding.DecodeString(publicKey) hexPublic := hex.EncodeToString(decodeKey) pubKey, _ := x509.ReadPublicKeyFromHex(hexPublic) return pubKey } func SM2_GenerateKeyPair() (publicKey string, privateKey string, err error) { privKey, err := sm2.GenerateKey(nil) // 生成密钥对 if err != nil { return } privateKey = x509.WritePrivateKeyToHex(privKey) publicKey = x509.WritePublicKeyToHex(&privKey.PublicKey) return } func SM4_GenerateKeyPair() string { str := "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890" buffer := make([]byte, 16) for i := 0; i < 16; i++ { nextInt, _ := rand.Int(rand.Reader, big.NewInt(int64(len(str)))) buffer[i] = str[nextInt.Int64()] } return string(buffer) } func encryptBody(bodyParamString string, keyConfigure config.KeyConfigure, flag bool) { encryptBodyParamMap := make(map[string]string, 10) var encData string var encPassword string if keyConfigure.RespSignAlgorithm == "sm4" { pwd := SM4_GenerateKeyPair() encData, _ = Sm4Encrypt(bodyParamString, pwd) encPassword, _ = SignatureBySM2(bodyParamString, keyConfigure.PriKey) } encryptBodyParamMap["encData"] = encData encryptBodyParamMap["encPassword"] = encPassword }