Merge pull request #1909 from flakjacket95/master

Add SM2 Encrypt and Decrypt Operations

Author: a3957273

src/core/config/Categories.json

@@ -193,7 +193,9 @@
             "Parse SSH Host Key",
             "Parse CSR",
             "Public Key from Certificate",
-            "Public Key from Private Key"
+            "Public Key from Private Key",
+            "SM2 Encrypt",
+            "SM2 Decrypt"
         ]
     },
     {

src/core/lib/SM2.mjs

@@ -0,0 +1,258 @@
+/**
+ * Utilities and operations utilized for SM2 encryption and decryption
+ * @author flakjacket95 [[email protected]]
+ * @copyright Crown Copyright 2024
+ * @license Apache-2.0
+ */
+
+import OperationError from "../errors/OperationError.mjs";
+import { fromHex } from "../lib/Hex.mjs";
+import Utils from "../Utils.mjs";
+import Sm3 from "crypto-api/src/hasher/sm3.mjs";
+import {toHex} from "crypto-api/src/encoder/hex.mjs";
+import r from "jsrsasign";
+
+/**
+ * SM2 Class for encryption and decryption operations
+ */
+export class SM2 {
+    /**
+     * Constructor for SM2 class; sets up with the curve and the output format as specified in user args
+     *
+     * @param {*} curve
+     * @param {*} format
+     */
+    constructor(curve, format) {
+        this.ecParams = null;
+        this.rng = new r.SecureRandom();
+        /*
+        For any additional curve definitions utilized by SM2, add another block like the below for that curve, then add the curve name to the Curve selection dropdown
+        */
+        r.crypto.ECParameterDB.regist(
+            "sm2p256v1", // name / p = 2**256 - 2**224 - 2**96 + 2**64 - 1
+            256,
+            "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", // p
+            "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", // a
+            "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", // b
+            "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", // n
+            "1", // h
+            "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", // gx
+            "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", // gy
+            []
+        ); // alias
+        this.ecParams = r.crypto.ECParameterDB.getByName(curve);
+
+        this.format = format;
+    }
+
+    /**
+     * Set the public key coordinates for the SM2 class
+     *
+     * @param {string} publicKeyX
+     * @param {string} publicKeyY
+     */
+    setPublicKey(publicKeyX, publicKeyY) {
+        /*
+        * TODO: This needs some additional length validation; and checking for errors in the decoding process
+        * TODO: Can probably support other public key encoding methods here as well in the future
+        */
+        this.publicKey = this.ecParams.curve.decodePointHex("04" + publicKeyX + publicKeyY);
+
+        if (this.publicKey.isInfinity()) {
+            throw new OperationError("Invalid Public Key");
+        }
+    }
+
+    /**
+     * Set the private key value for the SM2 class
+     *
+     * @param {string} privateKey
+     */
+    setPrivateKey(privateKeyHex) {
+        this.privateKey = new r.BigInteger(privateKeyHex, 16);
+    }
+
+    /**
+     * Main encryption function; takes user input, processes encryption and returns the result in hex (with the components arranged as configured by the user args)
+     *
+     * @param {*} input
+     * @returns {string}
+     */
+    encrypt(input) {
+        const G = this.ecParams.G;
+
+        /*
+        * Compute a new, random public key along the same elliptic curve to form the starting point for our encryption process (record the resulting X and Y as hex to provide as part of the operation output)
+        * k: Randomly generated BigInteger
+        * c1: Result of dotting our curve generator point `G` with the value of `k`
+        */
+        const k = this.generatePublicKey();
+        const c1 = G.multiply(k);
+        const [hexC1X, hexC1Y] = this.getPointAsHex(c1);
+
+        /*
+        * Compute p2 (secret) using the public key, and the chosen k value above
+        */
+        const p2 = this.publicKey.multiply(k);
+
+        /*
+        * Compute the C3 SM3 hash before we transform the array
+        */
+        const c3 = this.c3(p2, input);
+
+        /*
+        * Genreate a proper length encryption key, XOR iteratively, and convert newly encrypted data to hex
+        */
+        const key = this.kdf(p2, input.byteLength);
+        for (let i = 0; i < input.byteLength; i++) {
+            input[i] ^= Utils.ord(key[i]);
+        }
+        const c2 = Buffer.from(input).toString("hex");
+
+        /*
+         * Check user input specs; order the output components as selected
+         */
+        if (this.format === "C1C3C2") {
+            return hexC1X + hexC1Y + c3 + c2;
+        } else {
+            return hexC1X + hexC1Y + c2 + c3;
+        }
+    }
+    /**
+     * Function to decrypt an SM2 encrypted message
+     *
+     * @param {*} input
+     */
+    decrypt(input) {
+        const c1X = input.slice(0, 64);
+        const c1Y = input.slice(64, 128);
+
+        let c3 = "";
+        let c2 = "";
+
+        if (this.format === "C1C3C2") {
+            c3 = input.slice(128, 192);
+            c2 = input.slice(192);
+        } else {
+            c2 = input.slice(128, -64);
+            c3 = input.slice(-64);
+        }
+        c2 = Uint8Array.from(fromHex(c2));
+        const c1 = this.ecParams.curve.decodePointHex("04" + c1X + c1Y);
+
+        /*
+        * Compute the p2 (secret) value by taking the C1 point provided in the encrypted package, and multiplying by the private k value
+        */
+        const p2 = c1.multiply(this.privateKey);
+
+        /*
+         * Similar to encryption; compute sufficient length key material and XOR the input data to recover the original message
+         */
+        const key = this.kdf(p2, c2.byteLength);
+
+        for (let i = 0; i < c2.byteLength; i++) {
+            c2[i] ^= Utils.ord(key[i]);
+        }
+
+        const check = this.c3(p2, c2);
+        if (check === c3) {
+            return c2.buffer;
+        } else {
+            throw new OperationError("Decryption Error -- Computed Hashes Do Not Match");
+        }
+    }
+
+
+    /**
+     * Generates a large random number
+     *
+     * @param {*} limit
+     * @returns
+     */
+    getBigRandom(limit) {
+        return new r.BigInteger(limit.bitLength(), this.rng)
+	    .mod(limit.subtract(r.BigInteger.ONE))
+	    .add(r.BigInteger.ONE);
+    }
+
+    /**
+     * Helper function for generating a large random K number; utilized for generating our initial C1 point
+     * TODO: Do we need to do any sort of validation on the resulting k values?
+     *
+     * @returns {BigInteger}
+     */
+    generatePublicKey() {
+        const n = this.ecParams.n;
+        const k = this.getBigRandom(n);
+        return k;
+    }
+
+    /**
+     * SM2 Key Derivation Function (KDF); Takes P2 point, and generates a key material stream large enough to encrypt all of the input data
+     *
+     * @param {*} p2
+     * @param {*} len
+     * @returns {string}
+     */
+    kdf(p2, len) {
+        const [hX, hY] = this.getPointAsHex(p2);
+
+        const total = Math.ceil(len / 32) + 1;
+        let cnt = 1;
+
+        let keyMaterial = "";
+
+        while (cnt < total) {
+            const num = Utils.intToByteArray(cnt, 4, "big");
+            const overall = fromHex(hX).concat(fromHex(hY)).concat(num);
+            keyMaterial += this.sm3(overall);
+            cnt++;
+        }
+        return keyMaterial;
+    }
+
+    /**
+     * Calculates the C3 component of our final encrypted payload; which is the SM3 hash of the P2 point and the original, unencrypted input data
+     *
+     * @param {*} p2
+     * @param {*} input
+     * @returns {string}
+     */
+    c3(p2, input) {
+        const [hX, hY] = this.getPointAsHex(p2);
+
+        const overall = fromHex(hX).concat(Array.from(input)).concat(fromHex(hY));
+
+        return toHex(this.sm3(overall));
+
+    }
+
+    /**
+     * SM3 setup helper function; takes input data as an array, processes the hash and returns the result
+     *
+     * @param {*} data
+     * @returns {string}
+     */
+    sm3(data) {
+        const hashData = Utils.arrayBufferToStr(Uint8Array.from(data).buffer, false);
+        const hasher = new Sm3();
+        hasher.update(hashData);
+        return hasher.finalize();
+    }
+
+    /**
+    * Utility function, returns an elliptic curve points X and Y values as hex;
+    *
+    * @param {EcPointFp} point
+    * @returns {[]}
+    */
+    getPointAsHex(point) {
+        const biX = point.getX().toBigInteger();
+        const biY = point.getY().toBigInteger();
+
+        const charlen = this.ecParams.keycharlen;
+        const hX   = ("0000000000" + biX.toString(16)).slice(- charlen);
+        const hY   = ("0000000000" + biY.toString(16)).slice(- charlen);
+        return [hX, hY];
+    }
+}

src/core/operations/SM2Decrypt.mjs

@@ -0,0 +1,71 @@
+/**
+ * @author flakjacket95 [[email protected]]
+ * @copyright Crown Copyright 2024
+ * @license Apache-2.0
+ */
+
+import OperationError from "../errors/OperationError.mjs";
+import Operation from "../Operation.mjs";
+
+import { SM2 } from "../lib/SM2.mjs";
+
+/**
+ * SM2Decrypt operation
+ */
+class SM2Decrypt extends Operation {
+
+    /**
+     * SM2Decrypt constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "SM2 Decrypt";
+        this.module = "Crypto";
+        this.description = "Decrypts a message utilizing the SM2 standard";
+        this.infoURL = ""; // Usually a Wikipedia link. Remember to remove localisation (i.e. https://wikipedia.org/etc rather than https://en.wikipedia.org/etc)
+        this.inputType = "string";
+        this.outputType = "ArrayBuffer";
+        this.args = [
+            {
+                name: "Private Key",
+                type: "string",
+                value: "DEADBEEF"
+            },
+            {
+                "name": "Input Format",
+                "type": "option",
+                "value": ["C1C3C2", "C1C2C3"],
+                "defaultIndex": 0
+            },
+            {
+                name: "Curve",
+                type: "option",
+                "value": ["sm2p256v1"],
+                "defaultIndex": 0
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {ArrayBuffer}
+     */
+    run(input, args) {
+        const [privateKey, inputFormat, curveName] = args;
+
+        if (privateKey.length !== 64) {
+            throw new OperationError("Input private key must be in hex; and should be 32 bytes");
+        }
+
+        const sm2 = new SM2(curveName, inputFormat);
+        sm2.setPrivateKey(privateKey);
+
+        const result = sm2.decrypt(input);
+        return result;
+    }
+
+}
+
+export default SM2Decrypt;