GmSSL-Go

GmSSL-Go [https://github.com/guanzhi/GmSSL/tree/master/go] is the Go language binding for GmSSL. The GmSSL crypto library is required and the capabilities of GmSSL-Go is depending on the specific GmSSL library (check the version with GetVersion().

GmSSL-Go API provides:

  1. Random number generation
  2. Message digests/hashes including SM3, SHA-1, SHA-256, etc
  3. Symmetric encryption with different modes including SMS4-CBC, SMS4-OFB, SMS4-CFB, AES-GCM, etc.
  4. Message Authentication Codes including HMAC-SM3, CMAC-SM3, HMAC-SHA1, CMAC-AES, etc.
  5. Public key cryptography include SM2/ECC, RSA, DSA, etc.
  6. Crypto engines as key storage and accelerator

API

func GetVersions() []string

func SeedRandom(seed []byte) error
func GenerateRandom(length int) ([]byte, error)

func GetDigestNames() []string
func GetDigestLength(name string) (int, error)
type DigestContext
    func NewDigestContext(name string, eng Engine) (*DigestContext, error)
    func (ctx *DigestContext) Update(data []byte) error
    func (ctx *DigestContext) Final() ([]byte, error)

func GetCipherNames() []string
func GetCipherKeyLength(name string) (int, error)
func GetCipherIVLength(name string) (int, error)
func GetCipherBlockSize(name string) (int, error)
type CipherContext
    func NewCipherContext(name string, eng Engine, key, iv []byte, encrypt bool) (*CipherContext, error)
    func (ctx *CipherContext) Update(data []byte) ([]byte, error)
    func (ctx *CipherContext) Final() ([]byte, error)

func GetMacNames() []string
func GetMacKeyLength(name string) (int, error)
func GetMacLength(name string) (int, error)
type MACContext
    func NewMACContext(name string, eng Engine, key []byte) (*MACContext, error)
    func (ctx *MACContext) Update(data []byte) error
    func (ctx *MACContext) Final() ([]byte, error)

func GetPublicKeyAlgorithmNames() []string
func GetSignAlgorithmNames(pkey string) ([]string, error)
func GetPublicKeyEncryptionNames(pkey string) ([]string, error)
func GetDeriveKeyAlgorithmNames(pkey string) ([]string, error)

type PrivateKey
    func GeneratePrivateKey(alg string, args map[string]string, eng Engine) (*PrivateKey, error)
    func NewPrivateKeyFromPEM(pem string, pass string) (*PrivateKey, error)
    func (sk *PrivateKey) GetPEM(cipher string, pass string) (string, error)
    func (sk *PrivateKey) GetPublicKeyPEM() (string, error)
    func (sk *PrivateKey) GetText() (string, error)
    func (sk *PrivateKey) Sign(alg string, dgst []byte, eng Engine) ([]byte, error)
    func (sk *PrivateKey) Decrypt(alg string, in []byte, eng Engine) ([]byte, error)
    func (sk *PrivateKey) DeriveKey(alg string, peer PublicKey, eng Engine) ([]byte, error)

type PublicKey
    func NewPublicKeyFromPEM(pem string)(*PublicKey, error)
    func (pk *PublicKey) GetPEM() (string, error)
    func (pk *PublicKey) GetText() (string, error)
    func (pk *PublicKey) Verify(alg string, dgst, sig []byte, eng Engine) error
    func (pk *PublicKey) Encrypt(alg string, in []byte, eng Engine) ([]byte, error)

func GetEngineNames() []string
type Engine
    func (eng *Engine) RunCommand(name, arg string) error
    func (eng *Engine) LoadConfig(path string) error
    func (eng *Engine) GetPrivateKey(id, pass string) (*PrivateKey, error)
    func (eng *Engine) GetPublicKey(id string) (*PublicKey, error)

Supported Crypto Algorithms

Supported Ciphers:

"AES-128-CBC"
"AES-128-CBC-HMAC-SHA1"
"AES-128-CBC-HMAC-SHA256"
"AES-128-CFB"
"AES-128-CFB1"
"AES-128-CFB8"
"AES-128-CTR"
"AES-128-ECB"
"AES-128-OCB"
"AES-128-OFB"
"AES-128-XTS"
"AES-192-CBC"
"AES-192-CFB"
"AES-192-CFB1"
"AES-192-CFB8"
"AES-192-CTR"
"AES-192-ECB"
"AES-192-OCB"
"AES-192-OFB"
"AES-256-CBC"
"AES-256-CBC-HMAC-SHA1"
"AES-256-CBC-HMAC-SHA256"
"AES-256-CFB"
"AES-256-CFB1"
"AES-256-CFB8"
"AES-256-CTR"
"AES-256-ECB"
"AES-256-OCB"
"AES-256-OFB"
"AES-256-XTS"
"AES128"
"aes128-wrap"
"AES192"
"aes192-wrap"
"AES256"
"aes256-wrap"
"BF"
"BF-CBC"
"BF-CFB"
"BF-ECB"
"BF-OFB"
"blowfish"
"CAMELLIA-128-CBC"
"CAMELLIA-128-CFB"
"CAMELLIA-128-CFB1"
"CAMELLIA-128-CFB8"
"CAMELLIA-128-CTR"
"CAMELLIA-128-ECB"
"CAMELLIA-128-OFB"
"CAMELLIA-192-CBC"
"CAMELLIA-192-CFB"
"CAMELLIA-192-CFB1"
"CAMELLIA-192-CFB8"
"CAMELLIA-192-CTR"
"CAMELLIA-192-ECB"
"CAMELLIA-192-OFB"
"CAMELLIA-256-CBC"
"CAMELLIA-256-CFB"
"CAMELLIA-256-CFB1"
"CAMELLIA-256-CFB8"
"CAMELLIA-256-CTR"
"CAMELLIA-256-ECB"
"CAMELLIA-256-OFB"
"CAMELLIA128"
"CAMELLIA192"
"CAMELLIA256"
"CAST"
"CAST-cbc"
"CAST5-CBC"
"CAST5-CFB"
"CAST5-ECB"
"CAST5-OFB"
"ChaCha20"
"ChaCha20-Poly1305"
"DES"
"DES-CBC"
"DES-CFB"
"DES-CFB1"
"DES-CFB8"
"DES-ECB"
"DES-EDE"
"DES-EDE-CBC"
"DES-EDE-CFB"
"DES-EDE-ECB"
"DES-EDE-OFB"
"DES-EDE3"
"DES-EDE3-CBC"
"DES-EDE3-CFB"
"DES-EDE3-CFB1"
"DES-EDE3-CFB8"
"DES-EDE3-ECB"
"DES-EDE3-OFB"
"DES-OFB"
"DES3"
"des3-wrap"
"DESX"
"DESX-CBC"
"id-aes128-CCM"
"id-aes128-GCM"
"id-aes128-wrap"
"id-aes128-wrap-pad"
"id-aes192-CCM"
"id-aes192-GCM"
"id-aes192-wrap"
"id-aes192-wrap-pad"
"id-aes256-CCM"
"id-aes256-GCM"
"id-aes256-wrap"
"id-aes256-wrap-pad"
"id-smime-alg-CMS3DESwrap"
"IDEA"
"IDEA-CBC"
"IDEA-CFB"
"IDEA-ECB"
"IDEA-OFB"
"RC2"
"rc2-128"
"rc2-40"
"RC2-40-CBC"
"rc2-64"
"RC2-64-CBC"
"RC2-CBC"
"RC2-CFB"
"RC2-ECB"
"RC2-OFB"
"RC4"
"RC4-40"
"RC4-HMAC-MD5"
"SEED"
"SEED-CBC"
"SEED-CFB"
"SEED-ECB"
"SEED-OFB"
"SMS4"
"SMS4-CBC"
"SMS4-CCM"
"SMS4-CFB"
"SMS4-CFB1"
"SMS4-CFB8"
"SMS4-CTR"
"SMS4-ECB"
"SMS4-GCM"
"SMS4-OCB"
"SMS4-OFB"
"SMS4-WRAP"
"SMS4-WRAP-PAD"
"SMS4-XTS"

Supported Digest Algorithms:

"BLAKE2b512"
"BLAKE2s256"
"MD4"
"md4WithRSAEncryption"
"MD5"
"MD5-SHA1"
"md5WithRSAEncryption"
"MDC2"
"mdc2WithRSA"
"ripemd"
"RIPEMD160"
"ripemd160WithRSA"
"rmd160"
"RSA-MD4"
"RSA-MD5"
"RSA-MDC2"
"RSA-RIPEMD160"
"RSA-SHA1"
"RSA-SHA1-2"
"RSA-SHA224"
"RSA-SHA256"
"RSA-SHA384"
"RSA-SHA512"
"SHA1"
"sha1WithRSAEncryption"
"SHA224"
"sha224WithRSAEncryption"
"SHA256"
"sha256WithRSAEncryption"
"SHA384"
"sha384WithRSAEncryption"
"SHA512"
"sha512WithRSAEncryption"
"SM2Sign-with-SM3"
"SM3"
"ssl3-md5"
"ssl3-sha1"
"whirlpool"

Supported MACs

Supported Public Key Algorithms

"DH",
"DSA",
"EC",
"RSA",
"SM2",
"X25519",

Supported Sign Algorithms:

"sm2sign",
"ecdsa-with-Recommended",
"ecdsa-with-SHA1",
"ecdsa-with-SHA256",
"ecdsa-with-SHA512",
"RSA-SHA1",
"RSA-SHA256",
"RSA-SHA512",
"DSA-SHA1",

Supported Public Key Encryption Algorithms:

"RSAES-OAEP",
"ecies-recommendedParameters",
"ecies-specifiedParameters",
"ecies-with-x9-63-sha1-xor-hmac",
"ecies-with-x9-63-sha256-xor-hmac",
"ecies-with-x9-63-sha512-xor-hmac",
"ecies-with-x9-63-sha1-aes128-cbc-hmac",
"ecies-with-x9-63-sha256-aes128-cbc-hmac",
"ecies-with-x9-63-sha512-aes256-cbc-hmac",
"ecies-with-x9-63-sha256-aes128-ctr-hmac",
"ecies-with-x9-63-sha512-aes256-ctr-hmac",
"ecies-with-x9-63-sha256-aes128-cbc-hmac-half",
"ecies-with-x9-63-sha512-aes256-cbc-hmac-half",
"ecies-with-x9-63-sha256-aes128-ctr-hmac-half",
"ecies-with-x9-63-sha512-aes256-ctr-hmac-half",
"ecies-with-x9-63-sha1-aes128-cbc-cmac",
"ecies-with-x9-63-sha256-aes128-cbc-cmac",
"ecies-with-x9-63-sha512-aes256-cbc-cmac",
"ecies-with-x9-63-sha256-aes128-ctr-cmac",
"ecies-with-x9-63-sha512-aes256-ctr-cmac",
"sm2encrypt-with-sm3",
"sm2encrypt-with-sha1",
"sm2encrypt-with-sha256",
"sm2encrypt-with-sha512",

Supported Key Exchange Algorithms:

"sm2exchange",
"dhSinglePass-stdDH-sha1kdf-scheme",
"dhSinglePass-stdDH-sha224kdf-scheme",
"dhSinglePass-stdDH-sha256kdf-scheme",
"dhSinglePass-stdDH-sha384kdf-scheme",
"dhSinglePass-stdDH-sha512kdf-scheme",
"dhSinglePass-cofactorDH-sha1kdf-scheme",
"dhSinglePass-cofactorDH-sha224kdf-scheme",
"dhSinglePass-cofactorDH-sha256kdf-scheme",
"dhSinglePass-cofactorDH-sha384kdf-scheme",
"dhSinglePass-cofactorDH-sha512kdf-scheme",
"dhKeyAgreement",

Examples

Get GmSSL library version

versions := gmssl.GetVersions()
for _, versions := range versions {
	fmt.Println(version)
}

List supported algorithms

digest_algors := GetDigests(false)
cipher_algors := GetCiphers(false)
mac_algors := GetMacs(false)

Generate SM3 digest

sm3, err := NewDigestContext("SM3", nil)
err := sm3.Update(data1)
err := sm3.Update(data2)
sm3digest, err := sm3.Final()

Generate HMAC-SM3 message authentication code (MAC)

hmac, err := NewMACContext("HMAC-SM3", nil)
err = hmac_sm3.Update(data1)
err = hmac_sm3.Update(data2)
mactag, err := hmac_sm3.Final()

Encrypt with SMS4:

sms4, err := NewCipherContext("SMS4", nil, key, iv, true)
ciphertext1, err := sms4.Update(plaintext)
ciphertext2, err := sms4.Final()

Decrypt with SMS4

sms4, err := NewCipherContext("SMS4", nil, key, iv, false)
plaintext1, err := sms4.Update(ciphertext)
plaintext2, err := sms4.Final()

Sign/Verify with SM2:

verifyKey, signKey, err := GenerateKeyPair("EC", nil, 256)
signature, err := signKey.Sign("sm-scheme", nil, sm3digest)
err := verifyKey.Verify("sm-scheme", nil, sm3digest, signature)