Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SM2 Encrypt and Decrypt Operations #1909

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open
4 changes: 3 additions & 1 deletion src/core/config/Categories.json
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,9 @@
"Parse SSH Host Key",
"Parse CSR",
"Public Key from Certificate",
"Public Key from Private Key"
"Public Key from Private Key",
"SM2 Encrypt",
"SM2 Decrypt"
]
},
{
Expand Down
258 changes: 258 additions & 0 deletions src/core/lib/SM2.mjs
Original file line number Diff line number Diff line change
@@ -0,0 +1,258 @@
/**
* Utilities and operations utilized for SM2 encryption and decryption
* @author flakjacket95 [[email protected]]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/

import OperationError from "../errors/OperationError.mjs";
import { fromHex } from "../lib/Hex.mjs";
import Utils from "../Utils.mjs";
import Sm3 from "crypto-api/src/hasher/sm3.mjs";
import {toHex} from "crypto-api/src/encoder/hex.mjs";
import r from "jsrsasign";

/**
* SM2 Class for encryption and decryption operations
*/
export class SM2 {
/**
* Constructor for SM2 class; sets up with the curve and the output format as specified in user args
*
* @param {*} curve
* @param {*} format
*/
constructor(curve, format) {
this.ecParams = null;
this.rng = new r.SecureRandom();
/*
For any additional curve definitions utilized by SM2, add another block like the below for that curve, then add the curve name to the Curve selection dropdown
*/
r.crypto.ECParameterDB.regist(
"sm2p256v1", // name / p = 2**256 - 2**224 - 2**96 + 2**64 - 1
256,
"FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", // p
"FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", // a
"28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", // b
"FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", // n
"1", // h
"32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", // gx
"BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", // gy
[]
); // alias
this.ecParams = r.crypto.ECParameterDB.getByName(curve);

this.format = format;
}

/**
* Set the public key coordinates for the SM2 class
*
* @param {string} publicKeyX
* @param {string} publicKeyY
*/
setPublicKey(publicKeyX, publicKeyY) {
/*
* TODO: This needs some additional length validation; and checking for errors in the decoding process
* TODO: Can probably support other public key encoding methods here as well in the future
*/
this.publicKey = this.ecParams.curve.decodePointHex("04" + publicKeyX + publicKeyY);

if (this.publicKey.isInfinity()) {
throw new OperationError("Invalid Public Key");
}
}

/**
* Set the private key value for the SM2 class
*
* @param {string} privateKey
*/
setPrivateKey(privateKeyHex) {
this.privateKey = new r.BigInteger(privateKeyHex, 16);
}

/**
* Main encryption function; takes user input, processes encryption and returns the result in hex (with the components arranged as configured by the user args)
*
* @param {*} input
* @returns {string}
*/
encrypt(input) {
const G = this.ecParams.G;

/*
* Compute a new, random public key along the same elliptic curve to form the starting point for our encryption process (record the resulting X and Y as hex to provide as part of the operation output)
* k: Randomly generated BigInteger
* c1: Result of dotting our curve generator point `G` with the value of `k`
*/
const k = this.generatePublicKey();
const c1 = G.multiply(k);
const [hexC1X, hexC1Y] = this.getPointAsHex(c1);

/*
* Compute p2 (secret) using the public key, and the chosen k value above
*/
const p2 = this.publicKey.multiply(k);

/*
* Compute the C3 SM3 hash before we transform the array
*/
const c3 = this.c3(p2, input);

/*
* Genreate a proper length encryption key, XOR iteratively, and convert newly encrypted data to hex
*/
const key = this.kdf(p2, input.byteLength);
for (let i = 0; i < input.byteLength; i++) {
input[i] ^= Utils.ord(key[i]);
}
const c2 = Buffer.from(input).toString("hex");

/*
* Check user input specs; order the output components as selected
*/
if (this.format === "C1C3C2") {
return hexC1X + hexC1Y + c3 + c2;
} else {
return hexC1X + hexC1Y + c2 + c3;
}
}
/**
* Function to decrypt an SM2 encrypted message
*
* @param {*} input
*/
decrypt(input) {
const c1X = input.slice(0, 64);
const c1Y = input.slice(64, 128);

let c3 = "";
let c2 = "";

if (this.format === "C1C3C2") {
c3 = input.slice(128, 192);
c2 = input.slice(192);
} else {
c2 = input.slice(128, -64);
c3 = input.slice(-64);
}
c2 = Uint8Array.from(fromHex(c2));
const c1 = this.ecParams.curve.decodePointHex("04" + c1X + c1Y);

/*
* Compute the p2 (secret) value by taking the C1 point provided in the encrypted package, and multiplying by the private k value
*/
const p2 = c1.multiply(this.privateKey);

/*
* Similar to encryption; compute sufficient length key material and XOR the input data to recover the original message
*/
const key = this.kdf(p2, c2.byteLength);

for (let i = 0; i < c2.byteLength; i++) {
c2[i] ^= Utils.ord(key[i]);
}

const check = this.c3(p2, c2);
if (check === c3) {
return c2.buffer;
} else {
throw new OperationError("Decryption Error -- Computed Hashes Do Not Match");
}
}


/**
* Generates a large random number
*
* @param {*} limit
* @returns
*/
getBigRandom(limit) {
return new r.BigInteger(limit.bitLength(), this.rng)
.mod(limit.subtract(r.BigInteger.ONE))
.add(r.BigInteger.ONE);
}

/**
* Helper function for generating a large random K number; utilized for generating our initial C1 point
* TODO: Do we need to do any sort of validation on the resulting k values?
*
* @returns {BigInteger}
*/
generatePublicKey() {
const n = this.ecParams.n;
const k = this.getBigRandom(n);
return k;
}

/**
* SM2 Key Derivation Function (KDF); Takes P2 point, and generates a key material stream large enough to encrypt all of the input data
*
* @param {*} p2
* @param {*} len
* @returns {string}
*/
kdf(p2, len) {
const [hX, hY] = this.getPointAsHex(p2);

const total = Math.ceil(len / 32) + 1;
let cnt = 1;

let keyMaterial = "";

while (cnt < total) {
const num = Utils.intToByteArray(cnt, 4, "big");
const overall = fromHex(hX).concat(fromHex(hY)).concat(num);
keyMaterial += this.sm3(overall);
cnt++;
}
return keyMaterial;
}

/**
* Calculates the C3 component of our final encrypted payload; which is the SM3 hash of the P2 point and the original, unencrypted input data
*
* @param {*} p2
* @param {*} input
* @returns {string}
*/
c3(p2, input) {
const [hX, hY] = this.getPointAsHex(p2);

const overall = fromHex(hX).concat(Array.from(input)).concat(fromHex(hY));

return toHex(this.sm3(overall));

}

/**
* SM3 setup helper function; takes input data as an array, processes the hash and returns the result
*
* @param {*} data
* @returns {string}
*/
sm3(data) {
const hashData = Utils.arrayBufferToStr(Uint8Array.from(data).buffer, false);
const hasher = new Sm3();
hasher.update(hashData);
return hasher.finalize();
}

/**
* Utility function, returns an elliptic curve points X and Y values as hex;
*
* @param {EcPointFp} point
* @returns {[]}
*/
getPointAsHex(point) {
const biX = point.getX().toBigInteger();
const biY = point.getY().toBigInteger();

const charlen = this.ecParams.keycharlen;
const hX = ("0000000000" + biX.toString(16)).slice(- charlen);
const hY = ("0000000000" + biY.toString(16)).slice(- charlen);
return [hX, hY];
}
}
71 changes: 71 additions & 0 deletions src/core/operations/SM2Decrypt.mjs
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
/**
* @author flakjacket95 [[email protected]]
* @copyright Crown Copyright 2024
* @license Apache-2.0
*/

import OperationError from "../errors/OperationError.mjs";
import Operation from "../Operation.mjs";

import { SM2 } from "../lib/SM2.mjs";

/**
* SM2Decrypt operation
*/
class SM2Decrypt extends Operation {

/**
* SM2Decrypt constructor
*/
constructor() {
super();

this.name = "SM2 Decrypt";
this.module = "Crypto";
this.description = "Decrypts a message utilizing the SM2 standard";
this.infoURL = ""; // Usually a Wikipedia link. Remember to remove localisation (i.e. https://wikipedia.org/etc rather than https://en.wikipedia.org/etc)
this.inputType = "string";
this.outputType = "ArrayBuffer";
this.args = [
{
name: "Private Key",
type: "string",
value: "DEADBEEF"
},
{
"name": "Input Format",
"type": "option",
"value": ["C1C3C2", "C1C2C3"],
"defaultIndex": 0
},
{
name: "Curve",
type: "option",
"value": ["sm2p256v1"],
"defaultIndex": 0
}
];
}

/**
* @param {string} input
* @param {Object[]} args
* @returns {ArrayBuffer}
*/
run(input, args) {
const [privateKey, inputFormat, curveName] = args;

if (privateKey.length !== 64) {
throw new OperationError("Input private key must be in hex; and should be 32 bytes");
}

const sm2 = new SM2(curveName, inputFormat);
sm2.setPrivateKey(privateKey);

const result = sm2.decrypt(input);
return result;
}

}

export default SM2Decrypt;
Loading
Loading