tongsuo-project / tongsuo-python-sdk Goto Github PK

View Code? Open in Web Editor NEW

16.0 16.0 10.0 86 KB

Tongsuo-Python-SDK底层使用Tongsuo密码库，旨在为Python开发者提供密码学原语和安全传输协议的支持，目前以国密算法和协议为主

License: Apache License 2.0

Python 99.13% Dockerfile 0.87%

tongsuo-python-sdk's People

Contributors

Stargazers

Watchers

Forkers

dongbeiouba zhuozhuocrayon veydy fury-fox liu8447 web-logs2 cybershang j1nj1cl

tongsuo-python-sdk's Issues

SM2 提供加解密样例

现在只有签名验证的demo

增加HMAC功能

增加SM2DH密钥交换功能

通过文本载入公钥验签异常：tongsuopy.crypto.exceptions.InvalidSignature

def sm2_demo():
    msg = b"message"
    key = ec.generate_private_key(ec.SM2()).private_numbers().private_key()

    # 验证 key.public_key 签名 & 验签
    signature = key.sign(msg, ec.ECDSA(hashes.SM3()))
    key.public_key().verify(signature, msg, ec.ECDSA(hashes.SM3()))

    # 将公钥导出为文本
    pem_public_key_str = key.public_key().public_bytes(
        encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo
    ).decode()

    # 通过文本加载公钥
    pubkey_from_text = serialization.load_pem_public_key(pem_public_key_str.encode())

    # 验证公钥等价
    assert pubkey_from_text.public_numbers() == key.public_key().public_numbers()
    assert pubkey_from_text.public_bytes(
        encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo
    ) == key.public_key().public_bytes(
        encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo
    )
    # 验签
    pubkey_from_text.verify(signature, msg, ec.ECDSA(hashes.SM3()))

使用文本载入的公钥验签异常：

InvalidSignature                          Traceback (most recent call last)
<ipython-input-3-621b0280cfd7> in <module>
----> 1 sm2_demo()

<ipython-input-2-3f024d497b2a> in sm2_demo()
     23     )
     24     # 验签
---> 25     pubkey_from_text.verify(signature, msg, ec.ECDSA(hashes.SM3()))

/nm-bkdev-venv-36/lib/python3.6/site-packages/tongsuopy/backends/tongsuo/ec.py in verify(self, signature, data, signature_algorithm)
    361         _check_signature_algorithm(signature_algorithm)
    362         _ecdsa_sig_verify(
--> 363             self._backend, signature_algorithm.algorithm, self, signature, data
    364         )

/nm-bkdev-venv-36/lib/python3.6/site-packages/tongsuopy/backends/tongsuo/ec.py in _ecdsa_sig_verify(backend, algorithm, public_key, signature, data)
    144     if res == 0:
    145         backend._consume_errors()
--> 146         raise InvalidSignature
    147 
    148

支持 Linux ARM 架构

其他主流密码学库，例如 pycryptodome cryptography 均支持 arm 架构

支持SM2加解密功能

Mac M1 运行 demos 报错：Unable to sign/verify with this key

版本：1.0.0

运行 demos 代码：

from tongsuopy.crypto import hashes
from tongsuopy.crypto.asymciphers import ec


msg = b"message digest"
d = b"3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8"
Qx = b"09F9DF311E5421A150DD7D161E4BC5C672179FAD1833FC076BB08FF356F35020"
Qy = b"CCEA490CE26775A52DC6EA718CC1AA600AED05FBF35E084A6632F6072DA9AD13"

key = ec.EllipticCurvePrivateNumbers(
    int(d, 16),
    ec.EllipticCurvePublicNumbers(int(Qx, 16), int(Qy, 16), ec.SM2()),
).private_key()
signature = key.sign(msg, ec.ECDSA(hashes.SM3()))

pubkey = key.public_key()
pubkey.verify(signature, msg, ec.ECDSA(hashes.SM3()))

报错：

Traceback (most recent call last):
  File "/lib/python3.7/site-packages/IPython/core/interactiveshell.py", line 3524, in run_code
    exec(code_obj, self.user_global_ns, self.user_ns)
  File "<ipython-input-2-ebc580c1d414>", line 14, in <module>
    signature = key.sign(msg, ec.ECDSA(hashes.SM3()))
  File "/lib/python3.7/site-packages/tongsuopy/backends/tongsuo/ec.py", line 264, in sign
    self._backend, signature_algorithm.algorithm, self, data
  File "/lib/python3.7/site-packages/tongsuopy/backends/tongsuo/ec.py", line 104, in _ecdsa_sig_sign
    backend._lib.EVP_DigestSignInit,
  File "/lib/python3.7/site-packages/tongsuopy/backends/tongsuo/ec.py", line 173, in _ecdsa_sig_setup
    raise ValueError("Unable to sign/verify with this key", errors)
ValueError: ('Unable to sign/verify with this key', [<tongsuopy.backends.tongsuo.binding._OpenSSLError object at 0x11680d888>])

希望能增加KDF、随机数生成、CBC-MAC等部分功能

KDF希望能支持SM3、SM4两种生成方式；
另外我看到之前添加的hmac好像只在序列化密钥的时候用到，而且我好像无法单独调用hmac函数，希望能添加CBC-MAC的功能；
SM4的XTS模式好像也不能用，希望能添加CCM的工作模式。

SM2 加解密功能出包

该功能已合入 2 个月，求出一个 pypi 的版本（可以是 rc 等预发布版本）

SM2 pubkey.encrypt(xxx)加密报错：AttributeError: '_EllipticCurvePublicKey' object has no attribute 'encrypt'

环境：

Github Codespaces(Python 3.10.8)+tongsuopy(1.0.1)
Win11(Python 3.11.4)+tongsuopy(1.0.1)

运行样例时报错：AttributeError: '_EllipticCurvePublicKey' object has no attribute 'encrypt'

from tongsuopy.crypto import serialization
from tongsuopy.crypto.asymciphers import ec

msg = b"hello"
key = ec.generate_private_key(ec.SM2())

pem = key.public_key().public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
pubkey = serialization.load_pem_public_key(pem)

ciphertext = pubkey.encrypt(msg)
decrypt_text = key.decrypt(ciphertext)
assert decrypt_text == msg

tongsuo-project / tongsuo-python-sdk Goto Github PK

tongsuo-python-sdk's People

Contributors

Stargazers

Watchers

Forkers

tongsuo-python-sdk's Issues

SM2 提供加解密样例

增加HMAC功能

增加SM2DH密钥交换功能

通过文本载入公钥验签异常：tongsuopy.crypto.exceptions.InvalidSignature

支持 Linux ARM 架构

支持SM2加解密功能

Mac M1 运行 demos 报错：Unable to sign/verify with this key

希望能增加KDF、随机数生成、CBC-MAC等部分功能

SM2 加解密功能出包

SM2 pubkey.encrypt(xxx)加密报错：AttributeError: '_EllipticCurvePublicKey' object has no attribute 'encrypt'

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent