优化 CA

deatil · Jan 21, 2025 · 248b811 · 248b811
1 parent 57a86eb
commit 248b811
Show file tree

Hide file tree

Showing 10 changed files with 342 additions and 4 deletions.
diff --git a/cryptobin/ca/ca.go b/cryptobin/ca/ca.go
@@ -7,6 +7,7 @@ import (
     "crypto/elliptic"
 
     "github.com/deatil/go-cryptobin/x509"
+    "github.com/deatil/go-cryptobin/pubkey/gost"
 )
 
 // public key type
@@ -26,6 +27,8 @@ func (typ PublicKeyType) String() string {
             return "EdDSA"
         case KeyTypeSM2:
             return "SM2"
+        case KeyTypeGost:
+            return "Gost"
         default:
             return "unknown KeyType value " + strconv.Itoa(int(typ))
     }
@@ -38,6 +41,7 @@ const (
     KeyTypeECDSA
     KeyTypeEdDSA
     KeyTypeSM2
+    KeyTypeGost
 )
 
 // Options
@@ -51,6 +55,9 @@ type Options struct {
     // ecc curve
     Curve elliptic.Curve
 
+    // gost curve
+    GostCurve *gost.Curve
+
     // generates RSA private key bit size
     Bits int
 }
@@ -93,6 +100,7 @@ func NewCA() CA {
             PublicKeyType:  KeyTypeRSA,
             ParameterSizes: dsa.L1024N160,
             Curve:          elliptic.P256(),
+            GostCurve:      gost.CurveDefault(),
             Bits:           2048,
         },
         Errors: make([]error, 0),

diff --git a/cryptobin/ca/ca_test.go b/cryptobin/ca/ca_test.go
@@ -12,6 +12,7 @@ import (
     "crypto/x509/pkix"
     "crypto/elliptic"
 
+    "github.com/deatil/go-cryptobin/pubkey/gost"
     cryptobin_x509 "github.com/deatil/go-cryptobin/x509"
     cryptobin_test "github.com/deatil/go-cryptobin/tool/test"
 )
@@ -446,6 +447,40 @@ func Test_GenerateKey(t *testing.T) {
         assertEqual(pubkey22, obj.GetPublicKey(), "Test_GenerateKey-FromPublicKey")
     })
 
+    t.Run("GenerateGostKey", func(t *testing.T) {
+        obj := New().
+            SetPublicKeyType("Gost").
+            SetGostCurve("IdGostR34102001CryptoProAParamSet").
+            GenerateKey()
+
+        prikey := obj.CreatePrivateKey().ToKeyString()
+        pubkey := obj.CreatePublicKey().ToKeyString()
+
+        assertError(obj.Error(), "Test_GenerateKey")
+        assertNotEmpty(prikey, "Test_GenerateKey-prikey")
+        assertNotEmpty(pubkey, "Test_GenerateKey-pubkey")
+
+        pass := []byte("12345678")
+        prikey2 := obj.CreatePrivateKeyWithPassword(pass).ToKeyString()
+
+        assertNotEmpty(prikey2, "Test_GenerateKey-prikey2")
+
+        prikey22 := New().
+            FromPrivateKey([]byte(prikey)).
+            GetPrivateKey()
+        assertEqual(prikey22, obj.GetPrivateKey(), "Test_GenerateKey-FromPrivateKey")
+
+        prikey223 := New().
+            FromPrivateKeyWithPassword([]byte(prikey2), pass).
+            GetPrivateKey()
+        assertEqual(prikey223, obj.GetPrivateKey(), "Test_GenerateKey-FromPrivateKeyWithPassword")
+
+        pubkey22 := New().
+            FromPublicKey([]byte(pubkey)).
+            GetPublicKey()
+        assertEqual(pubkey22, obj.GetPublicKey(), "Test_GenerateKey-FromPublicKey")
+    })
+
     t.Run("GenerateRSAKey 2", func(t *testing.T) {
         obj := New().
             SetGenerateType("RSA").
@@ -545,6 +580,18 @@ func Test_GenerateKey2(t *testing.T) {
         assertNotEmpty(pubkey, "Test_GenerateKey2-pubkey")
     })
 
+    t.Run("GenerateGostKey", func(t *testing.T) {
+        obj := New().
+            GenerateGostKey("Idtc26gost34102012256paramSetB")
+
+        prikey := obj.CreatePrivateKey().ToKeyString()
+        pubkey := obj.CreatePublicKey().ToKeyString()
+
+        assertError(obj.Error(), "Test_GenerateKey2")
+        assertNotEmpty(prikey, "Test_GenerateKey2-prikey")
+        assertNotEmpty(pubkey, "Test_GenerateKey2-pubkey")
+    })
+
 }
 
 var prikey = `
@@ -710,6 +757,7 @@ func Test_Get(t *testing.T) {
         PublicKeyType:  KeyTypeRSA,
         ParameterSizes: dsa.L1024N160,
         Curve:          elliptic.P256(),
+        GostCurve:      gost.CurveIdGostR34102001CryptoProAParamSet(),
         Bits:           2048,
     }
 
@@ -735,6 +783,7 @@ func Test_Get(t *testing.T) {
     assertEqual(newCA2.GetOptions(), opts, "Test_Get-GetOptions")
     assertEqual(newCA2.GetParameterSizes(), dsa.L1024N160, "Test_Get-GetParameterSizes")
     assertEqual(newCA2.GetCurve(), elliptic.P256(), "Test_Get-GetCurve")
+    assertEqual(newCA2.GetGostCurve(), gost.CurveIdGostR34102001CryptoProAParamSet(), "Test_Get-GetGostCurve")
     assertEqual(newCA2.GetBits(), 2048, "Test_Get-GetBits")
 
     assertEqual(newCA2.GetKeyData(), []byte("test-keyData"), "Test_Get-GetKeyData")
@@ -806,6 +855,12 @@ func Test_With(t *testing.T) {
     tmp = newCA.SetCurve("P521")
     assertEqual(tmp.options.Curve, elliptic.P521(), "Test_Get-SetCurve")
 
+    tmp = newCA.WithGostCurve(gost.CurveIdtc26gost34102012256paramSetB())
+    assertEqual(tmp.options.GostCurve, gost.CurveIdtc26gost34102012256paramSetB(), "Test_Get-WithGostCurve")
+
+    tmp = newCA.SetGostCurve("IdGostR34102001CryptoProXchBParamSet")
+    assertEqual(tmp.options.GostCurve, gost.CurveIdGostR34102001CryptoProXchBParamSet(), "Test_Get-SetGostCurve")
+
     tmp = newCA.WithBits(2048)
     assertEqual(tmp.options.Bits, 2048, "Test_Get-WithBits")
 

diff --git a/cryptobin/ca/create.go b/cryptobin/ca/create.go
@@ -15,6 +15,7 @@ import (
     "github.com/deatil/go-cryptobin/pkcs8"
     "github.com/deatil/go-cryptobin/pkcs12"
     "github.com/deatil/go-cryptobin/gm/sm2"
+    "github.com/deatil/go-cryptobin/pubkey/gost"
     cryptobin_x509 "github.com/deatil/go-cryptobin/x509"
     pubkey_dsa "github.com/deatil/go-cryptobin/pubkey/dsa"
 )
@@ -133,6 +134,8 @@ func (this CA) CreatePrivateKey() CA {
             privateKeyBytes, err = x509.MarshalPKCS8PrivateKey(privateKey)
         case *sm2.PrivateKey:
             privateKeyBytes, err = sm2.MarshalPrivateKey(privateKey)
+        case *gost.PrivateKey:
+            privateKeyBytes, err = gost.MarshalPrivateKey(privateKey)
         default:
             err = fmt.Errorf("unsupported private key type: %T", privateKey)
     }
@@ -177,6 +180,8 @@ func (this CA) CreatePrivateKeyWithPassword(password []byte, opts ...any) CA {
             privateKeyBytes, err = x509.MarshalPKCS8PrivateKey(prikey)
         case *sm2.PrivateKey:
             privateKeyBytes, err = sm2.MarshalPrivateKey(prikey)
+        case *gost.PrivateKey:
+            privateKeyBytes, err = gost.MarshalPrivateKey(prikey)
         default:
             err = errors.New("privateKey error.")
     }
@@ -223,6 +228,8 @@ func (this CA) CreatePublicKey() CA {
             publicKeyBytes, err = x509.MarshalPKIXPublicKey(pubkey)
         case *sm2.PublicKey:
             publicKeyBytes, err = sm2.MarshalPublicKey(pubkey)
+        case *gost.PublicKey:
+            publicKeyBytes, err = gost.MarshalPublicKey(pubkey)
         default:
             err = errors.New("privateKey error.")
     }

diff --git a/cryptobin/ca/from.go b/cryptobin/ca/from.go
@@ -11,6 +11,7 @@ import (
     "github.com/deatil/go-cryptobin/x509"
     "github.com/deatil/go-cryptobin/pkcs12"
     "github.com/deatil/go-cryptobin/gm/sm2"
+    "github.com/deatil/go-cryptobin/pubkey/gost"
 )
 
 // Generate Key with Reader
@@ -53,6 +54,14 @@ func (this CA) GenerateKeyWithSeed(reader io.Reader) CA {
                 return this.AppendError(err)
             }
 
+            this.privateKey = privateKey
+            this.publicKey  = &privateKey.PublicKey
+        case KeyTypeGost:
+            privateKey, err := gost.GenerateKey(reader, this.options.GostCurve)
+            if err != nil {
+                return this.AppendError(err)
+            }
+
             this.privateKey = privateKey
             this.publicKey  = &privateKey.PublicKey
     }
@@ -260,10 +269,21 @@ func GenerateEdDSAKey() CA {
 func (this CA) GenerateSM2Key() CA {
     return this.SetPublicKeyType("SM2").
             GenerateKey()
-
 }
 
 // Generate SM2 Key
 func GenerateSM2Key() CA {
     return defaultCA.GenerateSM2Key()
 }
+
+// Generate Gost key
+func (this CA) GenerateGostKey(curve string) CA {
+    return this.SetPublicKeyType("Gost").
+            SetGostCurve(curve).
+            GenerateKey()
+}
+
+// Generate Gost Key
+func GenerateGostKey(curve string) CA {
+    return defaultCA.GenerateGostKey(curve)
+}
diff --git a/cryptobin/ca/get.go b/cryptobin/ca/get.go
@@ -10,6 +10,7 @@ import (
 
     "github.com/deatil/go-cryptobin/x509"
     "github.com/deatil/go-cryptobin/gm/sm2"
+    "github.com/deatil/go-cryptobin/pubkey/gost"
 )
 
 // 获取 cert
@@ -40,6 +41,8 @@ func (this CA) GetPrivateKeyType() PublicKeyType {
             return KeyTypeEdDSA
         case *sm2.PrivateKey:
             return KeyTypeSM2
+        case *gost.PrivateKey:
+            return KeyTypeGost
     }
 
     return KeyTypeUnknown
@@ -63,6 +66,8 @@ func (this CA) GetPublicKeyType() PublicKeyType {
             return KeyTypeEdDSA
         case *sm2.PublicKey:
             return KeyTypeSM2
+        case *gost.PublicKey:
+            return KeyTypeGost
     }
 
     return KeyTypeUnknown
@@ -83,6 +88,11 @@ func (this CA) GetCurve() elliptic.Curve {
     return this.options.Curve
 }
 
+// 获取 Curve
+func (this CA) GetGostCurve() *gost.Curve {
+    return this.options.GostCurve
+}
+
 // get Options Bits
 func (this CA) GetBits() int {
     return this.options.Bits

diff --git a/cryptobin/ca/parse.go b/cryptobin/ca/parse.go
@@ -10,6 +10,7 @@ import (
 
     "github.com/deatil/go-cryptobin/pkcs8"
     "github.com/deatil/go-cryptobin/gm/sm2"
+    "github.com/deatil/go-cryptobin/pubkey/gost"
     cryptobin_x509 "github.com/deatil/go-cryptobin/x509"
     pubkey_dsa "github.com/deatil/go-cryptobin/pubkey/dsa"
 )
@@ -27,6 +28,10 @@ var (
     oidPublicKeyDSA     = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1}
     oidPublicKeyECDSA   = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
     oidPublicKeyEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
+
+    oidGOSTPublicKey         = asn1.ObjectIdentifier{1, 2, 643, 2, 2, 19}
+    oidGost2012PublicKey256  = asn1.ObjectIdentifier{1, 2, 643, 7, 1, 1, 1, 1}
+    oidGost2012PublicKey512  = asn1.ObjectIdentifier{1, 2, 643, 7, 1, 1, 1, 2}
 )
 
 type pkcs8Info struct {
@@ -80,6 +85,10 @@ func (this CA) ParsePKCS8PrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error
             }
         case privKey.Algo.Algorithm.Equal(oidPublicKeyEd25519):
             parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes)
+        case privKey.Algo.Algorithm.Equal(oidGOSTPublicKey),
+            privKey.Algo.Algorithm.Equal(oidGost2012PublicKey256),
+            privKey.Algo.Algorithm.Equal(oidGost2012PublicKey512):
+            parsedKey, err = gost.ParsePrivateKey(block.Bytes)
         default:
             return nil, ErrPrivateKeyError
     }
@@ -135,6 +144,10 @@ func (this CA) ParsePKCS8PrivateKeyFromPEMWithPassword(key []byte, password []by
             }
         case privKey.Algo.Algorithm.Equal(oidPublicKeyEd25519):
             parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted)
+        case privKey.Algo.Algorithm.Equal(oidGOSTPublicKey),
+            privKey.Algo.Algorithm.Equal(oidGost2012PublicKey256),
+            privKey.Algo.Algorithm.Equal(oidGost2012PublicKey512):
+            parsedKey, err = gost.ParsePrivateKey(blockDecrypted)
         default:
             return nil, ErrPrivateKeyError
     }
@@ -185,6 +198,10 @@ func (this CA) ParsePKCS8PublicKeyFromPEM(key []byte) (crypto.PublicKey, error)
             }
         case pubkey.Algo.Algorithm.Equal(oidPublicKeyEd25519):
             parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes)
+        case pubkey.Algo.Algorithm.Equal(oidGOSTPublicKey),
+            pubkey.Algo.Algorithm.Equal(oidGost2012PublicKey256),
+            pubkey.Algo.Algorithm.Equal(oidGost2012PublicKey512):
+            parsedKey, err = gost.ParsePublicKey(block.Bytes)
         default:
             return nil, ErrPublicKeyError
     }