国密算法的加解密

对称密码算法 SM4(ECB/CBC/CTR/GCM)
非对称密码算法 SM2(加解密/签名验签)
Hash算法 SM3
基于SM3实现的随机数生成器(多线程加速)

pom引入

<dependency>
    <groupId>io.github.KongkongRuan</groupId>
    <artifactId>gm-java</artifactId>
    <version>1.0.3</version>
</dependency>

SM2密钥对生成

 KeyPair keyPair = SM2KeyPairGenerate.generateSM2KeyPair();

SM2加解密

SM2Cipher sm2Cipher = new SM2Cipher();
byte[] mi = sm2Cipher.SM2CipherEncrypt(msg.getBytes(), keyPair.getPublic().getEncoded());
byte[] ming = sm2Cipher.SM2CipherDecrypt(mi, keyPair.getPrivate().getEncoded());
System.out.println("SM2解密结果:"+new String(ming));

SM2签名验签

//ca证书密钥
KeyPair caKeyPair = SM2KeyPairGenerate.generateSM2KeyPair();
//终端证书密钥
KeyPair equipKeyPair = SM2KeyPairGenerate.generateSM2KeyPair();

SM2CertGenerator sm2CertGenerator = new SM2CertGenerator();
String DN_CA = "CN=Digicert,OU=Digicert,O=Digicert,L=Linton,ST=Utah,C=US";
String DN_CHILD = "CN=DD,OU=DD,O=DD,L=Linton,ST=Utah,C=CN";
CertTest certTest = new CertTest();
byte[] rootCert = sm2CertGenerator.generatorCert(DN_CA, 365 * 10, DN_CA, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign), true, caKeyPair.getPrivate().getEncoded(), caKeyPair.getPublic().getEncoded(),false,0);
try {
    FileUtils.writeFile("D:/certtest/java-ca-3.cer",rootCert);
} catch (Exception e) {
    throw new RuntimeException(e);
}
byte[] ownerCert = sm2CertGenerator.generatorCert(DN_CA, 365, DN_CHILD, new KeyUsage(KeyUsage.digitalSignature), false, caKeyPair.getPrivate().getEncoded(), equipKeyPair.getPublic().getEncoded(),false,0);
try {
    FileUtils.writeFile("D:/certtest/java-ownerCert-3.cer",ownerCert);
} catch (Exception e) {
    throw new RuntimeException(e);
}
//使用HSM签名制作SM2证书
int hsmSigPriIndex=0;
rootCert = sm2CertGenerator.generatorCert(DN_CA, 365 * 10, DN_CA, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign), true, caKeyPair.getPrivate().getEncoded(), caKeyPair.getPublic().getEncoded(),true,hsmSigPriIndex);

制作SM2证书

//ca证书密钥

KeyPair caKeyPair = SM2KeyPairGenerate.generateSM2KeyPair();
//终端证书密钥
KeyPair equipKeyPair = SM2KeyPairGenerate.generateSM2KeyPair();

SM2CertGenerator sm2CertGenerator = new SM2CertGenerator();
String DN_CA = "CN=Digicert,OU=Digicert,O=Digicert,L=Linton,ST=Utah,C=US";
String DN_CHILD = "CN=DD,OU=DD,O=DD,L=Linton,ST=Utah,C=CN";
CertTest certTest = new CertTest();
byte[] rootCert = sm2CertGenerator.generatorCert(DN_CA, 365 * 10, DN_CA, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign), true, caKeyPair.getPrivate().getEncoded(), caKeyPair.getPublic().getEncoded(),false,0);
try {
    FileUtils.writeFile("D:/certtest/java-ca-3.cer",rootCert);
} catch (Exception e) {
    throw new RuntimeException(e);
}
byte[] ownerCert = sm2CertGenerator.generatorCert(DN_CA, 365, DN_CHILD, new KeyUsage(KeyUsage.digitalSignature), false, caKeyPair.getPrivate().getEncoded(), equipKeyPair.getPublic().getEncoded(),false,0);
try {
    FileUtils.writeFile("D:/certtest/java-ownerCert-3.cer",ownerCert);
} catch (Exception e) {
    throw new RuntimeException(e);
}
//使用HSM签名制作SM2证书
int hsmSigPriIndex=0;
rootCert = sm2CertGenerator.generatorCert(DN_CA, 365 * 10, DN_CA, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign), true, caKeyPair.getPrivate().getEncoded(), caKeyPair.getPublic().getEncoded(),true,hsmSigPriIndex);

SM3摘要计算

        SM3Digest sm3Digest = new SM3Digest();
        sm3Digest.update(msg.getBytes());
        byte[] md = sm3Digest.doFinal();
        byte[] md2 = sm3Digest.doFinal(msg.getBytes());
        sm3Digest.update("gm-java-".getBytes());
        sm3Digest.update("1.0".getBytes());
        byte[] md3 = sm3Digest.doFinal();
        System.out.println(Hex.toHexString(md));
        System.out.println(Hex.toHexString(md2));
        System.out.println(Hex.toHexString(md3));

随机数生成(通过SM3实现)

      byte[] random = Random.RandomBySM3(16);
      System.out.println(Hex.toHexString(random));

SM4加解密

        SecureRandom secureRandom = new SecureRandom();
        byte[] key = new byte[16];
        byte[] iv = new byte[16];
        secureRandom.nextBytes(key);
        secureRandom.nextBytes(iv);
        //ECB模式
        SM4Cipher sm4CipherECB = new SM4Cipher(ModeEnum.ECB);
        byte[] ecbmi = sm4CipherECB.cipherEncrypt(key, msg.getBytes(), null);
        byte[] ecbming = sm4CipherECB.cipherDecrypt(key, ecbmi, iv);
        System.out.println("ECB明文:"+new String(ecbming));
        //CBC模式
        SM4Cipher sm4CipherCBC = new SM4Cipher(ModeEnum.CBC);
        byte[] cbcmi = sm4CipherCBC.cipherEncrypt(key, msg.getBytes(), iv);
        byte[] cbcming = sm4CipherCBC.cipherDecrypt(key, cbcmi, iv);
        System.out.println("CBC明文:"+new String(cbcming));
        //CTR模式
        SM4Cipher sm4CipherCTR = new SM4Cipher(ModeEnum.CTR);
        byte[] ctrmi = sm4CipherCTR.cipherEncrypt(key, msg.getBytes(), iv);
        byte[] ctrming = sm4CipherCTR.cipherDecrypt(key, ctrmi, iv);
        System.out.println("CTR明文:"+new String(ctrming));
        //GCM模式
        SM4Cipher sm4_gcm = new SM4Cipher();
        AEADExecution aeadExecution = sm4_gcm.cipherEncryptGCM(key, msg, new byte[12], "aad".getBytes(), 16);
        System.out.println("GCM密文:"+Hex.toHexString(aeadExecution.getCipherText()));
        System.out.println("GCMtag:"+Hex.toHexString(aeadExecution.getTag()));
        byte[] ming_gcm = sm4_gcm.cipherDecryptGCM(key, aeadExecution.getCipherText(), new byte[12], "aad".getBytes(), aeadExecution.getTag());
        System.out.println("GCM明文:"+new String(ming_gcm));

模拟TLS握手进行密钥协商(Netty)
服务端(默认使用4433端口)

        NettyTlsServer nettyTlsServer = new NettyTlsServer(4432);
        new Thread(()->{
            try {
                nettyTlsServer.start();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }).start();
        new Thread(()->{
            while (true){
                System.out.println("server sleep");
                try {
                    Thread.sleep(1000);
                } catch (InterruptedException e) {
                    throw new RuntimeException(e);
                }
                if(nettyTlsServer.getRandom()!=null){
                    System.out.println("netty server random:"+Hex.toHexString(nettyTlsServer.getRandom()));
                    break;
                }
            }
            nettyTlsServer.shutdown();
        }).start();

客户端

        NettyTlsClient nettyTlsClient = new NettyTlsClient("localhost", 4432);
        new Thread(()->{
            try {
                nettyTlsClient.start();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }).start();
        new Thread(()->{
            while (true){
                try {
                    Thread.sleep(1000);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
                if(nettyTlsClient.getRandom()!=null){
                    System.out.println("netty client random:"+Hex.toHexString(nettyTlsClient.getRandom()));
                    break;
                }
            }
            nettyTlsClient.shutdown();
            System.out.println(i.incrementAndGet() +"---------TLS握手测试通过(NETTY)---------");

        }).start();

服务端(使用私有服务端证书以及自定义端口)

NettyTlsServer nettyTlsServer = new NettyTlsServer(4432,cert,pri);

客户端

NettyTlsClient nettyTlsClient = new NettyTlsClient("localhost",4432);

模拟TLS握手进行密钥协商(Socket)
服务端(默认使用4433端口)

        TlsServer tlsServer = new TlsServer();
        tlsServer.setDEBUG(true);
        tlsServer.start();
        System.out.println("握手完成!");
        System.out.println("服务端随机数:"+Hex.toHexString(tlsServer.getRandom()));

客户端

        TlsClient tlsClient = new TlsClient("127.0.0.1");
        tlsClient.setDEBUG(true);
        tlsClient.start();
        System.out.println("握手完成!");
        System.out.println("客户端随机数:"+Hex.toHexString(tlsClient.getRandom()));

服务端(使用私有服务端证书以及自定义端口)

        TlsServer tlsServer = new TlsServer(serverCert,serverCertPriKey,447);
        tlsServer.setDEBUG(true);
        tlsServer.start();
        System.out.println("握手完成!");
        System.out.println("服务端随机数:"+Hex.toHexString(tlsServer.getRandom()));

客户端

        TlsClient tlsClient = new TlsClient("127.0.0.1",447);
        tlsClient.setDEBUG(true);
        tlsClient.start();
        System.out.println("握手完成!");
        System.out.println("客户端随机数:"+Hex.toHexString(tlsClient.getRandom()));

你可能感兴趣的:(java,算法)