python wrapper of GmSSL
Project description
gmssl_pyx
python wrapper (C extension) of GmSSL
使用的版本是 GmSSL-3.1.0
支持 Python 3.7, 3.8, 3.9, 3.10
安装
pip install gmssl-pyx
SM2
加密和解密
from gmssl_pyx import sm2_key_generate, sm2_encrypt, sm2_decrypt
# 生成 SM2 公私钥
public_key, private_key = sm2_key_generate()
# 加密
plaintext = b"hello world"
ciphertext = sm2_encrypt(public_key, plaintext)
print("ciphertext", ciphertext)
# 解密
plaintext = sm2_decrypt(private_key, ciphertext)
print("plaintext", plaintext)
签名和验签
from gmssl_pyx import sm2_key_generate, sm2_sign, sm2_verify
# 生成 SM2 公私钥
public_key, private_key = sm2_key_generate()
# 没有 signer_id 和 SM3 杂凑值 z
# 签名
message = b"hello world"
signature = sm2_sign(private_key, public_key, message, signer_id=None)
print("signature", signature)
# 验证签名
verify = sm2_verify(public_key, message, signature, signer_id=None)
print("verify", verify)
# 默认 signer_id 和 SM3 杂凑值 z
signature = sm2_sign(private_key, public_key, message)
print("signature", signature)
# 验证签名
verify = sm2_verify(public_key, message, signature)
print("verify", verify)
# 自定义 signer_id 和 SM3 杂凑值 z
signer_id = b"signer_id"
signature = sm2_sign(private_key, public_key, message, signer_id=signer_id)
print("signature", signature)
# 验证签名
verify = sm2_verify(public_key, message, signature, signer_id=signer_id)
print("verify", verify)
ASN.1 DER 编码
加密和签名的结果都是 ASN.1 DER 编码,如果要得到原始的密文和签名,可以参考下面的例子
需要安装 pycryptodomex 库
pip install pycryptodomex
from Cryptodome.Util.asn1 import DerSequence, DerOctetString, DerInteger
from gmssl_pyx import sm2_key_generate, sm2_encrypt, sm2_decrypt
# 生成 SM2 公私钥
public_key, private_key = sm2_key_generate()
# 加密
plaintext = b"hello world"
ciphertext = sm2_encrypt(public_key, plaintext)
print("ciphertext", ciphertext)
seq_der = DerSequence()
decoded_ciphertext = seq_der.decode(ciphertext)
# ASN.1 DER 解码
# c1: point(x, y) 64bytes
# c2: ciphertext len(data)
# c3: hash 32bytes
# der order: c1x c1y hash ciphertext
c1x = decoded_ciphertext[0]
c1y = decoded_ciphertext[1]
c3 = DerOctetString().decode(decoded_ciphertext[2]).payload
c2 = DerOctetString().decode(decoded_ciphertext[3]).payload
# 模式为 C1C3C2
raw_ciphertext = c1x.to_bytes(32, "big") + c1y.to_bytes(32, "big") + c3 + c2
# 如果需要解密原始密文,需要先进行 ASN.1 DER 编码
seq_der = DerSequence()
c1x = raw_ciphertext[:32]
x = DerInteger(int.from_bytes(c1x, byteorder='big'))
seq_der.append(x)
c1y = raw_ciphertext[32:64]
y = DerInteger(int.from_bytes(c1y, byteorder='big'))
seq_der.append(y)
c3 = raw_ciphertext[64:64 + 32]
seq_der.append(DerOctetString(c3))
c2 = raw_ciphertext[64 +32:]
seq_der.append(DerOctetString(c2))
ciphertext = seq_der.encode()
plaintext = sm2_decrypt(private_key, ciphertext)
print("plaintext", plaintext)
# 签名
signature = sm2_sign(private_key, public_key, message)
seq_der = DerSequence()
decoded_sign = seq_der.decode(signature)
# ASN.1 DER 解码,两个 32 字节的整数
r = decoded_sign[0]
s = decoded_sign[1]
print('r', r)
print('s', s)
raw_signature = '%064x%064x' % (r, s)
# 验证原始签名同样需要先进行 ASN.1 DER 编码
r = int(raw_signature[:64], base=16)
s = int(raw_signature[64:], base=16)
seq_der = DerSequence()
seq_der.append(DerInteger(r))
seq_der.append(DerInteger(s))
signature = seq_der.encode()
verify = sm2_verify(private_key, public_key, message, signature)
print('verify', verify)
公私钥的一些补充说明
公钥长度为 64 字节,是两个 32 字节的整数 x y 拼接而成。
如果公钥长度为 65 字节,那么第一个字节为 '\x04' ,表示后面的 64 字节就是公钥。
如果公钥长度为 33 字节,那么第一个字节为 '\x02' 或者 '\x03' , 这是一种压缩格式,后面的 32 字节为整数 x , y 可以根据 x 计算出来。
私钥长度为 32 字节,没有其他变化。
from gmssl_pyx import sm2_key_generate, normalize_sm2_public_key
raw_public_key, _ = sm2_key_generate()
k1 = normalize_sm2_public_key(raw_public_key)
assert k1 == raw_public_key
k1 = normalize_sm2_public_key(b'\x04' + raw_public_key)
assert k1 == raw_public_key
# 压缩版公钥
y = int.from_bytes(raw_public_key[32:], byteorder='big')
if y % 2 == 0:
# y 是偶数
compressed_public_key = b'\x02' +raw_public_key[:32]
else:
compressed_public_key = b'\x03' + raw_public_key[:32]
k1 = normalize_sm2_public_key(compressed_public_key)
assert k1 == raw_public_key
SM3
hash 计算
from gmssl_pyx import sm3_hash
message = b'hello world'
signature = sm3_hash(message)
print('message', message)
print('signature', signature.hex())
hmac 计算
import secrets
from gmssl_pyx import sm3_hmac
key = secrets.token_bytes(32)
message = b"sm3_hmac"
hmac_data = sm3_hmac(key, message)
print("message", message)
print("hmac_data", hmac_data)
kdf 计算
import secrets
from gmssl_pyx import sm3_kdf
key = secrets.token_bytes(32)
new_key = sm3_kdf(key, 32)
print('kdf new_key', new_key)
SM4
CBC 模式加密和解密
import secrets
from gmssl_pyx import (
sm4_cbc_padding_encrypt,
sm4_cbc_padding_decrypt,
SM4_KEY_SIZE,
SM4_BLOCK_SIZE,
)
key = secrets.token_bytes(SM4_KEY_SIZE)
iv = secrets.token_bytes(SM4_BLOCK_SIZE)
plaintext = b"hello world"
# 加密
ciphertext = sm4_cbc_padding_encrypt(key, iv, plaintext)
print("ciphertext", ciphertext.hex())
# 解密
decrypted = sm4_cbc_padding_decrypt(key, iv, ciphertext)
print("decrypted", decrypted)
CTR 模式加密和解密
import secrets
from gmssl_pyx import (
sm4_ctr_encrypt,
sm4_ctr_decrypt,
SM4_KEY_SIZE,
SM4_BLOCK_SIZE,
)
key = secrets.token_bytes(SM4_KEY_SIZE)
ctr = secrets.token_bytes(SM4_BLOCK_SIZE)
plaintext = b"hello world"
# 加密
ciphertext = sm4_ctr_encrypt(key, ctr, plaintext)
print("ciphertext", ciphertext.hex())
# 解密
decrypted = sm4_ctr_decrypt(key, ctr, ciphertext)
print("decrypted", decrypted)
GCM 模式加密和解密
import secrets
from gmssl_pyx import sm4_gcm_encrypt, sm4_gcm_decrypt, SM4_KEY_SIZE, SM4_BLOCK_SIZE
plaintext = b'hello world'
key = secrets.token_bytes(SM4_KEY_SIZE)
iv = secrets.token_bytes(SM4_BLOCK_SIZE)
aad = secrets.token_bytes(16)
# 加密
ciphertext, tag = sm4_gcm_encrypt(key, iv, aad, plaintext=plaintext)
print('ciphertext', ciphertext)
# 解密
plaintext = sm4_gcm_decrypt(key, iv=iv, aad=aad, ciphertext=ciphertext, tag=tag)
print('plaintext', plaintext)
其他
如果要查看所有可用的 API ,可以看 gmsslext.pyi 文件。
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
gmssl_pyx-2.0.0.tar.gz
(25.1 kB
view hashes)
Built Distributions
Close
Hashes for gmssl_pyx-2.0.0-cp310-cp310-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 109fefeef6ef4f66295238dafae4a8abbd8dc5ba475e97ad7fe76a648201080a |
|
| MD5 | 263b28bd4cea8747b9b6a013826201ed |
|
| BLAKE2b-256 | 8288d011d61e23197e9e69511822b5dc2bfdf543ba7a19ac131e5e0533f23d32 |
Close
Hashes for gmssl_pyx-2.0.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6fd4668998acfb37e73a1657d1d4e70c32df82e88ca013bc45589bd50e3d8a81 |
|
| MD5 | 4b8067c58d21b0ee2f64e7e79cfc0117 |
|
| BLAKE2b-256 | 767dbbb9f9f1ab281aca590cba6f0cd2de20cbb2313a1c7f0183fe9e8cc6b459 |
Close
Hashes for gmssl_pyx-2.0.0-cp310-cp310-macosx_10_9_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2d60450fb7535fc1c4aac4cd78f320237bf2074ea997a947014a20fa1016dd01 |
|
| MD5 | 1f228718bdd13dcb1a4de0403f32be3a |
|
| BLAKE2b-256 | 76653086f99ac8fdc489709e47a32c8e76deee843e03ab53d5a30e9a17709040 |
Close
Hashes for gmssl_pyx-2.0.0-cp39-cp39-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a0fce6721c24c9b739ccd652fc6ad9df774d2102a48c6d8c876d113acd4910d0 |
|
| MD5 | b966795d53a91e4b2f5cb3ad23f23300 |
|
| BLAKE2b-256 | 4bcddfaa186e5e3d9ede9c2983b1cdb481395d3c51fc5d64c3ced3ccf15917d7 |
Close
Hashes for gmssl_pyx-2.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f8678cef5bd78133aadae23fc7867a9b8eaef171cf0e0f78f871ac3e06f4a16b |
|
| MD5 | 4626573044bbe6eacbc3b967091e027d |
|
| BLAKE2b-256 | f1fa6a067ef16978eba411c3ff1df347db1aa8f6bca9961972491b7360606198 |
Close
Hashes for gmssl_pyx-2.0.0-cp39-cp39-macosx_10_9_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1fa80a460b6286ba289a0cc35b60ced8f04a4c8f3004612b2b2fac987740a609 |
|
| MD5 | ba23d8bca7f9450fa178cceda4c4ab32 |
|
| BLAKE2b-256 | b5c3934466c99b623731ba857c737e36ea8da5896fc29655baf347b195e82f4e |
Close
Hashes for gmssl_pyx-2.0.0-cp38-cp38-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b686b205a0cc992bab01e3fe9d7ef7955d751e5c6eca2b1f9aeeeedbaa61d2ca |
|
| MD5 | a5ba4399e25260e6354d88830e71d261 |
|
| BLAKE2b-256 | fd6c7aaf19673f08447385696631bf3d9d6cf17f40609cda3160f903440243c5 |
Close
Hashes for gmssl_pyx-2.0.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b213abc736fc5af0219d61df06bfd32613bd9df96a16790ddeeae8d5c0c6569d |
|
| MD5 | 990321458120e557fe53c04589044352 |
|
| BLAKE2b-256 | 3b790cba94cf9996a5ce349f3dc38165c46026e36389bf699f6c02cf36fe02b1 |
Close
Hashes for gmssl_pyx-2.0.0-cp38-cp38-macosx_10_9_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b7ab2e54094b61b08f5dadd040614b1543331e87b0433bf6d7fb4747cb23dc30 |
|
| MD5 | 9a85cc99e9fc43685652d5d1bc47b92b |
|
| BLAKE2b-256 | ba996851de43c8592cd6e326ddd83ce10826410d8f7b6ca18522448a862fba72 |
Close
Hashes for gmssl_pyx-2.0.0-cp37-cp37m-win_amd64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2eba6b15c52cf96ebf2d9bcf7e1518a3447f39da94faa759614702e54904ff0d |
|
| MD5 | 25de84d31c58bc1d63bfd092ad2c6a6e |
|
| BLAKE2b-256 | 06b08e15fa864436afffbfbfb3b4f42d3bad4e6aafad48c3d7cfd9fe8e2d5f77 |
Close
Hashes for gmssl_pyx-2.0.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c07a403030a748e17cf702fca1527b810901399c1558bbf7116c0df962a5ec14 |
|
| MD5 | 5559deb8674e049f2ae916431a82c708 |
|
| BLAKE2b-256 | e81aafd6c8ca682dd8ee0797729e6ebd0e9153e4bff387ce607c99acdf4bb18c |
Close
Hashes for gmssl_pyx-2.0.0-cp37-cp37m-macosx_10_9_x86_64.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d1e01e604c789306be796f5a58c5e9b6a9d2f4a8bbcd700b6f30d0dec3def335 |
|
| MD5 | c28b56a960d4f0fb4986122514ed9ccc |
|
| BLAKE2b-256 | ea5da87c66ce59250ef50923f4ae4f30f82d8845e84b65b58c776db49e1c95ab |
