sm2

Author: Anton-Dodonov

build.sh

@@ -0,0 +1,3 @@
+CGO_ENABLED=0 go build -o xray -trimpath -buildvcs=false -ldflags="-s -w -buildid=" -v ./main
+
+

common/crypto/gost/gost.go

@@ -0,0 +1,119 @@
+package gost
+
+import (
+	"crypto/rand"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"time"
+	"crypto/x509/pkix"
+
+	"github.com/tjfoc/gmsm/sm2"
+	sm2x509 "github.com/tjfoc/gmsm/x509"
+)
+
+// GOSTCurve represents GOST curve types
+type GOSTCurve int
+
+const (
+	GOST2012_256 GOSTCurve = iota
+	GOST2012_512
+)
+
+// String returns the string representation of the GOST curve
+func (c GOSTCurve) String() string {
+	switch c {
+	case GOST2012_256:
+		return "GOST2012_256"
+	case GOST2012_512:
+		return "GOST2012_512"
+	default:
+		return "Unknown"
+	}
+}
+
+// GenerateKeyPair generates a GOST key pair
+func GenerateKeyPair(curve GOSTCurve) (*sm2.PrivateKey, error) {
+	// For now, we'll use SM2 as a base since GOST curves aren't directly supported
+	// In a real implementation, you'd need a GOST-specific library
+	privKey, err := sm2.GenerateKey(rand.Reader)
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate GOST %s key: %w", curve.String(), err)
+	}
+	return privKey, nil
+}
+
+// GenerateCertificate generates a GOST certificate
+func GenerateCertificate(privKey *sm2.PrivateKey, domain string, isCA bool, expireHours int) ([]byte, []byte, error) {
+	// Create certificate template
+	serialNumber, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to generate serial number: %w", err)
+	}
+
+	notBefore := time.Now()
+	notAfter := notBefore.Add(time.Duration(expireHours) * time.Hour)
+
+	template := &sm2x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"Xray GOST Certificate"},
+			CommonName:   domain,
+		},
+		NotBefore:             notBefore,
+		NotAfter:              notAfter,
+		KeyUsage:              sm2x509.KeyUsageKeyEncipherment | sm2x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []sm2x509.ExtKeyUsage{sm2x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+
+	if isCA {
+		template.IsCA = true
+		template.KeyUsage |= sm2x509.KeyUsageCertSign
+	} else {
+		template.DNSNames = []string{domain}
+	}
+
+	// Create certificate using SM2 (since GOST isn't directly supported)
+	certDER, err := sm2x509.CreateCertificate(template, template, &privKey.PublicKey, privKey)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to create GOST certificate: %w", err)
+	}
+
+	// Encode certificate
+	certPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certDER,
+	})
+
+	// Encode private key
+	privKeyPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: privKey.D.Bytes(),
+	})
+
+	return certPEM, privKeyPEM, nil
+}
+
+// ParsePrivateKey parses a GOST private key from PEM format
+func ParsePrivateKey(pemData []byte) (*sm2.PrivateKey, error) {
+	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return nil, fmt.Errorf("failed to decode PEM block")
+	}
+
+	privKey, err := sm2x509.ParsePKCS8UnecryptedPrivateKey(block.Bytes)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse GOST private key: %w", err)
+	}
+
+	return privKey, nil
+}
+
+// GetPublicKeyInfo returns public key information
+func GetPublicKeyInfo(privKey *sm2.PrivateKey, curve GOSTCurve) (string, string, string) {
+	pubKey := privKey.PublicKey
+	return "GOST " + curve.String() + "-bit",
+		fmt.Sprintf("%x", pubKey.X.Bytes()),
+		fmt.Sprintf("%x", pubKey.Y.Bytes())
+} 

common/crypto/sm2/sm2.go

@@ -0,0 +1,97 @@
+package sm2crypto
+
+import (
+	"crypto/rand"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"time"
+	"crypto/x509/pkix"
+
+	"github.com/tjfoc/gmsm/sm2"
+	sm2x509 "github.com/tjfoc/gmsm/x509"
+)
+
+// GenerateKeyPair generates an SM2 key pair
+func GenerateKeyPair() (*sm2.PrivateKey, error) {
+	privKey, err := sm2.GenerateKey(rand.Reader)
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate SM2 key: %w", err)
+	}
+	return privKey, nil
+}
+
+// GenerateCertificate generates an SM2 certificate
+func GenerateCertificate(privKey *sm2.PrivateKey, domain string, isCA bool, expireHours int) ([]byte, []byte, error) {
+	// Create certificate template
+	serialNumber, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), 128))
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to generate serial number: %w", err)
+	}
+
+	notBefore := time.Now()
+	notAfter := notBefore.Add(time.Duration(expireHours) * time.Hour)
+
+	template := &sm2x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"Xray SM2 Certificate"},
+			CommonName:   domain,
+		},
+		NotBefore:             notBefore,
+		NotAfter:              notAfter,
+		KeyUsage:              sm2x509.KeyUsageKeyEncipherment | sm2x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []sm2x509.ExtKeyUsage{sm2x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+
+	if isCA {
+		template.IsCA = true
+		template.KeyUsage |= sm2x509.KeyUsageCertSign
+	} else {
+		template.DNSNames = []string{domain}
+	}
+
+	// Create certificate using SM2
+	certDER, err := sm2x509.CreateCertificate(template, template, &privKey.PublicKey, privKey)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to create SM2 certificate: %w", err)
+	}
+
+	// Encode certificate
+	certPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certDER,
+	})
+
+	// Encode private key
+	privKeyPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: privKey.D.Bytes(),
+	})
+
+	return certPEM, privKeyPEM, nil
+}
+
+// ParsePrivateKey parses an SM2 private key from PEM format
+func ParsePrivateKey(pemData []byte) (*sm2.PrivateKey, error) {
+	block, _ := pem.Decode(pemData)
+	if block == nil {
+		return nil, fmt.Errorf("failed to decode PEM block")
+	}
+
+	privKey, err := sm2x509.ParsePKCS8UnecryptedPrivateKey(block.Bytes)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse SM2 private key: %w", err)
+	}
+
+	return privKey, nil
+}
+
+// GetPublicKeyInfo returns public key information
+func GetPublicKeyInfo(privKey *sm2.PrivateKey) (string, string, string) {
+	pubKey := privKey.PublicKey
+	return "SM2",
+		fmt.Sprintf("%x", pubKey.X.Bytes()),
+		fmt.Sprintf("%x", pubKey.Y.Bytes())
+} 

main/commands/all/gost.go

@@ -0,0 +1,63 @@
+package all
+
+import (
+	"encoding/base64"
+	"flag"
+	"fmt"
+	"os"
+
+	"github.com/xtls/xray-core/common/crypto/gost"
+	"github.com/tjfoc/gmsm/sm2"
+)
+
+func cmdGost() {
+	var (
+		curveType = flag.String("c", "256", "GOST curve type (256 or 512)")
+		inputFile = flag.String("i", "", "Input private key file")
+	)
+	flag.Parse()
+
+	var curve gost.GOSTCurve
+	switch *curveType {
+	case "256":
+		curve = gost.GOST2012_256
+	case "512":
+		curve = gost.GOST2012_512
+	default:
+		fmt.Fprintf(os.Stderr, "Unsupported curve type: %s. Supported: 256, 512\n", *curveType)
+		os.Exit(1)
+	}
+
+	var privKey *sm2.PrivateKey
+	var err error
+
+	if *inputFile != "" {
+		// Read private key from file
+		data, err := os.ReadFile(*inputFile)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to read private key file: %v\n", err)
+			os.Exit(1)
+		}
+		privKey, err = gost.ParsePrivateKey(data)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to parse private key: %v\n", err)
+			os.Exit(1)
+		}
+	} else {
+		// Generate new key pair
+		privKey, err = gost.GenerateKeyPair(curve)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to generate GOST key pair: %v\n", err)
+			os.Exit(1)
+		}
+	}
+
+	// Get public key information
+	curveName, pubX, pubY := gost.GetPublicKeyInfo(privKey, curve)
+	privKeyBase64 := base64.StdEncoding.EncodeToString(privKey.D.Bytes())
+
+	fmt.Printf("%s\n", curveName)
+	fmt.Printf("Private key: %s\n", privKeyBase64)
+	fmt.Printf("Public key X: %s\n", pubX)
+	fmt.Printf("Public key Y: %s\n", pubY)
+} 

main/commands/all/gost_cmd.go

@@ -0,0 +1,31 @@
+package all
+
+import (
+	"github.com/xtls/xray-core/main/commands/base"
+)
+
+var cmdGOST = &base.Command{
+	UsageLine: "{{.Exec}} gost [-i <private_key>] [-c <curve_type>]",
+	Short:     "Generate GOST 2012-256/512 key pair",
+	Long: `
+Generate GOST 2012-256 or GOST 2012-512 key pair.
+
+Arguments:
+
+	-i
+		The base64 encoded private key (optional).
+	-c
+		The curve type: 256 or 512 (default: 256).
+`,
+}
+
+func init() {
+	cmdGOST.Run = executeGOST // break init loop
+}
+
+var gostInputStr = cmdGOST.Flag.String("i", "", "")
+var gostCurveType = cmdGOST.Flag.String("c", "256", "")
+
+func executeGOST(cmd *base.Command, args []string) {
+	cmdGost()
+} 

main/commands/all/sm2.go

@@ -0,0 +1,73 @@
+package all
+
+import (
+	"encoding/base64"
+	"fmt"
+	"os"
+
+	sm2crypto "github.com/xtls/xray-core/common/crypto/sm2"
+	"github.com/xtls/xray-core/main/commands/base"
+	"github.com/tjfoc/gmsm/sm2"
+)
+
+var cmdSM2 = &base.Command{
+	UsageLine: "{{.Exec}} sm2 [-i <private_key>]",
+	Short:     "Generate SM2 key pair",
+	Long: `
+Generate SM2 key pair.
+
+Arguments:
+
+	-i
+		The base64 encoded private key (optional).
+`,
+}
+
+func init() {
+	cmdSM2.Run = executeSM2 // break init loop
+}
+
+var sm2InputStr = cmdSM2.Flag.String("i", "", "")
+
+func executeSM2(cmd *base.Command, args []string) {
+	cmdSM2Func()
+}
+
+func cmdSM2Func() {
+	var (
+		inputFile = *sm2InputStr
+	)
+
+	var privKey *sm2.PrivateKey
+	var err error
+
+	if inputFile != "" {
+		// Read private key from file
+		data, err := os.ReadFile(inputFile)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to read private key file: %v\n", err)
+			os.Exit(1)
+		}
+		privKey, err = sm2crypto.ParsePrivateKey(data)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to parse private key: %v\n", err)
+			os.Exit(1)
+		}
+	} else {
+		// Generate new key pair
+		privKey, err = sm2crypto.GenerateKeyPair()
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Failed to generate SM2 key pair: %v\n", err)
+			os.Exit(1)
+		}
+	}
+
+	// Get public key information
+	curveName, pubX, pubY := sm2crypto.GetPublicKeyInfo(privKey)
+	privKeyBase64 := base64.StdEncoding.EncodeToString(privKey.D.Bytes())
+
+	fmt.Printf("%s\n", curveName)
+	fmt.Printf("Private key: %s\n", privKeyBase64)
+	fmt.Printf("Public key X: %s\n", pubX)
+	fmt.Printf("Public key Y: %s\n", pubY)
+}