tjfoc / gmtls Goto Github PK

View Code? Open in Web Editor NEW

105.0 6.0 67.0 2.03 MB

GM TLS/SSL Based on Golang (基于国密算法的TLS/SSL代码库)

Home Page: http://www.wutongchain.com

License: Apache License 2.0

Go 100.00%

gm tls ssl sm2 go

gmtls's Introduction

gmtls

GM TLS/SSL Based on Golang (基于国密算法的TLS/SSL代码库)

you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and limitations under the License.

联系我们：[email protected]

gmtls's People

Contributors

Stargazers

Watchers

Forkers

liuqun xshrim cryptofanorg dengyi9 qiushuizy zhulianhai gongliaoan ylsn19821104 kevinyzy1 hpy777 fakerjayden jovijovi walkerwaqi ozloop gideshi dsalcedo yangfanimb xycpand wanghongxing inrg tianbingsheng wqx0532 wanetcn zyxs2018 izouxv hjun007 sintan1071 ssy1997 grantrepository junahan daniel-007 carryon elitetony gordon-h fanweixiao coladacoder yarailee dulumao gopperin matrix-zhang colin0724 allchain qdbkppkbdq 0086 tanhual jcobcn chenxifun yuanbosoft renaissanxe pat-shao yiitz jasonjieliu lizhenyu0128 zjsunzone layneguol echo5188 lusu2004 yourkeychen jc-bobo whtech viecks lost-temple pedroalbanese aldler lnwdl smnaonwh windgoogle

gmtls's Issues

测试里面数据不是双证书。国密tls不是需要双证书的吗

你好国密tls不是需要双证书的吗我们以前给银行系统做的tls都是双证书 tassl里面也是双证书。希望可以一起交流一下

gmtls 不支持sm4 sm3

看了下似乎证书部分使用了sm2算法，其它部分没有，是否有计划继续？

pkix.name 中的country字段该如何设置呢？

在设置pkix.name中的country字段的时候，始终发现证书中显示的是NL字段，这是否是个bug呢？

这个库是不是没有修改完，

net/http不能替换性地直接使用gmtls库做tls通信

哪里有java版本的gmtls？

gmtls握手panic

2023/08/0117:38:35http:panicserving171.91.3.32:9055:runtimeerror:invalidmemoryaddressornilpointerdereference
goroutine207732[running]:
net/http.(*conn).serve.func1()
/usr/go/src/net/http/server.go:1802+0xb9
panic({0xf8f440,0x1b17d90})
/usr/go/src/runtime/panic.go:1047+0x266
github.com/tjfoc/gmsm/gmtls.finishedHash.clientSum({{0x127a458,0xc003b61500},{0x127a458,0xc003b61570},{0x127a418,0xc00b498d20},{0x127a418,0xc00b498d80},{0x0,0x0,...},...},...)
/root/go/pkg/mod/github.com/tjfoc/[email protected]/gmtls/prf.go:328+0x100
github.com/tjfoc/gmsm/gmtls.(*serverHandshakeState).readFinished(0xc00351b4a0,{0xc0023580e9,0xc,0xc0003e2240})
/root/go/pkg/mod/github.com/tjfoc/[email protected]/gmtls/handshake_server.go:615+0x1df
github.com/tjfoc/gmsm/gmtls.(*Conn).serverHandshake(0xc002358000)
/root/go/pkg/mod/github.com/tjfoc/[email protected]/gmtls/handshake_server.go:103+0x232
github.com/tjfoc/gmsm/gmtls.(*Conn).Handshake(0xc002358000)
/root/go/pkg/mod/github.com/tjfoc/[email protected]/gmtls/conn.go:1289+0x1ca
github.com/tjfoc/gmsm/gmtls.(*Conn).Read(0xc002358000,{0xc004389000,0x1000,0xc009c42788})
/root/go/pkg/mod/github.com/tjfoc/[email protected]/gmtls/conn.go:1141+0x55
git.woa.com/bmax/go-nginx/chttp.(*SecConn).Read(0xc009c42780,{0xc004389000,0x10538a0,0xc00c0e8601})
/root/go/pkg/mod/git.woa.com/bmax/[email protected]/chttp/chttp_conn.go:24+0x26
net/http.(*connReader).Read(0xc009c42780,{0xc004389000,0x1000,0x1000})

有没有支持tls 1.3的计划

请问gmtls有没有支持tls 1.3的计划

Doubt

Greetings!

Sorry, but which version of TLS is this? 1.1, 1.2?

	if *tcpip == "listen" {
		cert, err := gmtls.X509KeyPair(certpem, pripem)

		if err != nil {
			log.Fatal(err)
		}
		config := gmtls.Config{Certificates: []gmtls.Certificate{cert}, ClientAuth: gmtls.RequireAnyClientCert}
		config.Rand = rand.Reader

		port := "8081"
		if *public != "" {
			port = *public
		}

		ln, err := gmtls.Listen("tcp", ":"+port, &config)
		if err != nil {
			log.Fatal(err)
		}

		fmt.Fprintln(os.Stderr, "Server(TLS) up and listening on port "+port)

		conn, err := ln.Accept()
		if err != nil {
			log.Println(err)
		}
		defer ln.Close()

		fmt.Println("Connection accepted")

		for {
			message, err := bufio.NewReader(conn).ReadString('\n')
			if err != nil {
				fmt.Println(err)
				os.Exit(3)
			}
			fmt.Print("Received: ", string(message))

			newmessage := strings.ToUpper(message)
			conn.Write([]byte(newmessage + "\n"))
		}
	}
	
	if *tcpip == "dial" {
		cert, err := gmtls.X509KeyPair(certpem, pripem)

		if err != nil {
			log.Fatal(err)
		}

		ipport := "127.0.0.1:8081"
		if *public != "" {
			ipport = *public
		}

		config := gmtls.Config{Certificates: []gmtls.Certificate{cert}, InsecureSkipVerify: true}
		conn, err := gmtls.Dial("tcp", ipport, &config)
		if err != nil {
			log.Fatal(err)
		}
		certs := conn.ConnectionState().PeerCertificates
		for _, cert := range certs {
			fmt.Printf("Issuer Name: %s\n", cert.Issuer)
			fmt.Printf("Expiry: %s \n", cert.NotAfter.Format("Monday, 02-Jan-06 15:04:05 MST"))
			fmt.Printf("Common Name: %s \n", cert.Issuer.CommonName)
			fmt.Printf("IP Address: %s \n", cert.IPAddresses)
		}
		if err != nil {
			log.Fatal(err)
		}
		defer conn.Close()

		for {
			reader := bufio.NewReader(os.Stdin)
			fmt.Print("Text to be sent: ")
			text, err := reader.ReadString('\n')
			if err != nil {
				fmt.Println(err)
				os.Exit(3)
			}
			fmt.Fprintf(conn, text+"\n")

			message, err := bufio.NewReader(conn).ReadString('\n')
			if err != nil {
				fmt.Println(err)
				os.Exit(3)
			}
			fmt.Print("Server response: " + message)
		}
	}

Thanks in advance!

能提供相应的demo程序吗？

如题，谢谢！

Crypto Go ：we are a research group to help developers build secure applications.

Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language. We found your great public repository from Github, and several security issues detected by CryptoGo are shown in the following.
Note that the cryptographic algorithms are categorized with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications. Moreover, CryptoGo defined certain rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors. The specific security issues we found are as follows:
(1) Location: key_agreement.go:115
Broken rule: MD5 is an insecure algorithm;
(2) Location: prf.go:219
Broken rule: MD5 is an insecure algorithm;
(3) Location: prf.go:352
Broken rule: MD5 is an insecure algorithm;
(4) Location: prf.go:95
Broken rule: MD5 is an insecure algorithm;
(5) Location: cipher_suites.go:120
Broken rule: RC4 is an insecure algorithm;
(6) Location: cipher_suites.go:144
Broken rule: SHA-1 is an insecure algorithm;
(7) Location: key_agreement.go:104
Broken rule: SHA-1 is an insecure algorithm;
(8) Location: prf.go:219
Broken rule: SHA-1 is an insecure algorithm;
(9) Location: prf.go:354
Broken rule: SHA-1 is an insecure algorithm;
(10) Location: prf.go:94
Broken rule: SHA-1 is an insecure algorithm;
(11) Location: cipher_suites.go:125
Broken rule: 3TDEA is acceptable but not recommended;
(12) Location: prf.go:38
Broken rule: HMAC-MD5 is acceptable but not recommended;
(13) Location: cipher_suites.go:133
Broken rule: Constant key in AES;
(14) Location: ticket.go:206
Broken rule: Not unique IV in CTR;
(15) Location: key_agreement.go:90
Broken rule: RSAES-PKCS1-v1_5 is deprecated;
(16) Location: key_agreement.go:329
Broken rule: The ScalarMult method of Package curve25519 is deprecated;
(17) Location: key_agreement.go:477
Broken rule: The ScalarMult method of Package curve25519 is deprecated;
We wish the above security issues could truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.