Add GMSSL support

core/src/main/java/org/bouncycastle/asn1/gm/SM2Cipher.java

@@ -0,0 +1,180 @@
+package org.bouncycastle.asn1.gm;
+
+import org.bouncycastle.asn1.*;
+import org.bouncycastle.util.BigIntegers;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.Enumeration;
+
+/**
+ * GMT 0009-2012
+ * <p>
+ * sm2 encrypted data specific struct
+ *
+ *
+ * @since 2021-03-10 13:28:12
+ */
+public class SM2Cipher extends ASN1Object
+{
+    /*
+     * SM2Cipher ::== SEQUENCE{
+     *     XCoordinate          INTEGER,                --X Portion
+     *     YCoordinate          INTEGER,                --Y Portion
+     *     HASH                 OCTET STRING SIZE(32),  --Plaintext sm3 hash
+     *     CipherText           OCTET STRING            --CipherText
+     * }
+     */
+
+    private ASN1Integer xCoordinate;
+    private ASN1Integer yCoordinate;
+    private ASN1OctetString hash;
+    private ASN1OctetString cipherText;
+
+    public SM2Cipher()
+    {
+        super();
+    }
+
+    public SM2Cipher(ASN1Sequence seq)
+    {
+        Enumeration<?> e = seq.getObjects();
+        xCoordinate = ASN1Integer.getInstance(e.nextElement());
+        yCoordinate = ASN1Integer.getInstance(e.nextElement());
+        hash = ASN1OctetString.getInstance(e.nextElement());
+        cipherText = ASN1OctetString.getInstance(e.nextElement());
+    }
+
+    public static SM2Cipher getInstance(Object o)
+    {
+        if(o instanceof SM2Cipher)
+        {
+            return (SM2Cipher) o;
+        }
+        else if(o != null)
+        {
+            return new SM2Cipher(ASN1Sequence.getInstance(o));
+        }
+        return null;
+    }
+
+    public ASN1Integer getxCoordinate()
+    {
+        return xCoordinate;
+    }
+
+    public void setxCoordinate(ASN1Integer xCoordinate)
+    {
+        this.xCoordinate = xCoordinate;
+    }
+
+    public ASN1Integer getyCoordinate()
+    {
+        return yCoordinate;
+    }
+
+    public void setyCoordinate(ASN1Integer yCoordinate)
+    {
+        this.yCoordinate = yCoordinate;
+    }
+
+    public ASN1OctetString getHash()
+    {
+        return hash;
+    }
+
+    public void setHash(ASN1OctetString hash)
+    {
+        this.hash = hash;
+    }
+
+    public ASN1OctetString getCipherText()
+    {
+        return cipherText;
+    }
+
+    public void setCipherText(ASN1OctetString cipherText)
+    {
+        this.cipherText = cipherText;
+    }
+
+    public ASN1Primitive toASN1Primitive()
+    {
+        ASN1EncodableVector v = new ASN1EncodableVector(4);
+        v.add(xCoordinate);
+        v.add(yCoordinate);
+        v.add(hash);
+        v.add(cipherText);
+        return new DERSequence(v);
+    }
+
+    /**
+     * Convert ASN.1 Struct to C1C3C2 format
+     *
+     * @return C1C3C2
+     * @throws IOException
+     */
+    public byte[] convertC1C3C2() throws IOException
+    {
+        /*
+         * construct GMT0009-2012 encrypted data struct
+         */
+        ByteArrayOutputStream stream = new ByteArrayOutputStream();
+
+
+        final byte[] x = new byte[32];
+        final byte[] y = new byte[32];
+
+        byte[] tmp = BigIntegers.asUnsignedByteArray(getxCoordinate().getValue());
+        System.arraycopy(tmp, 0, x, 32 - tmp.length, tmp.length);
+        tmp = BigIntegers.asUnsignedByteArray(getyCoordinate().getValue());
+        System.arraycopy(tmp, 0, y, 32 - tmp.length, tmp.length);
+
+        // C1
+        // read 1 byte for uncompressed point prefix 0x04
+        stream.write(0x04);
+        stream.write(x);
+        stream.write(y);
+        // C3
+        stream.write(getHash().getOctets());
+        // C2
+        stream.write(getCipherText().getOctets());
+        stream.flush();
+        return stream.toByteArray();
+    }
+
+    /**
+     * Convert SM2 encrypted result format of c1c3c2 to ASN.1 SM2Cipher
+     *
+     * @param c1c3c2 encrypted result
+     * @return SM2Cipher
+     * @throws IOException
+     */
+    static public SM2Cipher fromC1C3C2(byte[] c1c3c2) throws IOException
+    {
+        /*
+         * construct GMT0009-2012 encrypted data struct
+         */
+        ByteArrayInputStream stream = new ByteArrayInputStream(c1c3c2);
+        // read 1 byte for uncompressed point prefix 0x04
+        stream.read();
+        final byte[] x = new byte[32];
+        final byte[] y = new byte[32];
+        final byte[] hash = new byte[32];
+        int length = c1c3c2.length - 1 - 32 - 32 - 32;
+        final byte[] cipherText = new byte[length];
+        stream.read(x);
+        stream.read(y);
+        stream.read(hash);
+        stream.read(cipherText);
+
+        final SM2Cipher sm2Cipher = new SM2Cipher();
+        sm2Cipher.setxCoordinate(new ASN1Integer(new BigInteger(1, x)));
+        sm2Cipher.setyCoordinate(new ASN1Integer(new BigInteger(1, y)));
+        sm2Cipher.setHash(new DEROctetString(hash));
+        sm2Cipher.setCipherText(new DEROctetString(cipherText));
+        return sm2Cipher;
+    }
+}

tls/src/main/java/org/bouncycastle/jsse/provider/CipherSuiteInfo.java

@@ -16,7 +16,7 @@ class CipherSuiteInfo
 {
     static CipherSuiteInfo forCipherSuite(int cipherSuite, String name)
     {
-        if (!name.startsWith("TLS_"))
+        if (!name.startsWith("TLS_") && !name.startsWith("GMSSL_"))
         {
             throw new IllegalArgumentException();
         }
@@ -81,6 +81,14 @@ boolean isTLSv13()
         return isTLSv13;
     }
 
+    /**
+     * GMSSL 1.1 crypto suites Start with 0xe0
+     * @return true - GMSSL suite; false - not
+     */
+    boolean isGMSSLv11(){
+        return ((cipherSuite >> 8) & 0xFF) == 0xe0;
+    }
+
     private static void addAll(Set<String> decomposition, String... entries)
     {
         for (String entry : entries)
@@ -150,6 +158,9 @@ private static void decomposeEncryptionAlgorithm(Set<String> decomposition, int
         case EncryptionAlgorithm.CHACHA20_POLY1305:
             // NOTE: Following SunJSSE, nothing beyond the transformation added above (i.e "ChaCha20-Poly1305")
             break;
+        case EncryptionAlgorithm.SM4_CBC:
+            decomposition.add("SM4_CBC");
+            break;
         case EncryptionAlgorithm.NULL:
             decomposition.add("C_NULL");
             break;
@@ -170,6 +181,9 @@ private static void decomposeHashAlgorithm(Set<String> decomposition, short hash
         case HashAlgorithm.sha384:
             addAll(decomposition, "SHA384", "SHA-384", "HmacSHA384");
             break;
+        case HashAlgorithm.sm3:
+            addAll(decomposition, "SM3");
+            break;
 //        case HashAlgorithm.sha512:
 //            addAll(decomposition, "SHA512", "SHA-512", "HmacSHA512");
 //            break;
@@ -200,6 +214,9 @@ private static void decomposeKeyExchangeAlgorithm(Set<String> decomposition, int
         case KeyExchangeAlgorithm.RSA:
             addAll(decomposition, "RSA");
             break;
+        case KeyExchangeAlgorithm.SM2:
+            addAll(decomposition, "SM2");
+            break;
         default:
             throw new IllegalArgumentException();
         }
@@ -227,6 +244,9 @@ private static void decomposeMACAlgorithm(Set<String> decomposition, int cipherT
         case MACAlgorithm.hmac_sha384:
             addAll(decomposition, "SHA384", "SHA-384", "HmacSHA384");
             break;
+        case MACAlgorithm.hmac_sm3:
+            addAll(decomposition, "SM3", "HmacSM3");
+            break;
 //        case MACAlgorithm.hmac_sha512:
 //            addAll(decomposition, "SHA512", "SHA-512", "HmacSHA512");
 //            break;
@@ -354,6 +374,9 @@ private static short getHashAlgorithm(int cipherSuite)
         case CipherSuite.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384:
             return HashAlgorithm.sha384;
 
+        case CipherSuite.GMSSL_ECC_SM4_SM3:
+            return HashAlgorithm.sm3;
+
         default:
             throw new IllegalArgumentException();
         }
@@ -392,6 +415,8 @@ private static String getTransformation(int encryptionAlgorithm)
             return "ChaCha20-Poly1305";
         case EncryptionAlgorithm.NULL:
             return "NULL";
+        case EncryptionAlgorithm.SM4_CBC:
+            return "SM4/CBC/NoPadding";
         default:
             throw new IllegalArgumentException();
         }