feat(app): support sm2 signature hex format

Leon406 · Leon406 · commit d4e99c39522f · 2026-04-21T19:34:05.000+08:00
diff --git a/app/src/main/kotlin/me/leon/ext/crypto/SM.kt b/app/src/main/kotlin/me/leon/ext/crypto/SM.kt
@@ -3,13 +3,15 @@ package me.leon.ext.crypto
 import java.security.*
 import java.security.spec.PKCS8EncodedKeySpec
 import java.security.spec.X509EncodedKeySpec
+import me.leon.ext.hex2ByteArray
 import org.bouncycastle.asn1.gm.GMNamedCurves
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo
 import org.bouncycastle.asn1.x9.ECNamedCurveTable
 import org.bouncycastle.crypto.CipherParameters
 import org.bouncycastle.crypto.engines.SM2Engine
 import org.bouncycastle.crypto.params.*
+import org.bouncycastle.crypto.signers.SM2Signer
 import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil
 import org.bouncycastle.jcajce.spec.OpenSSHPrivateKeySpec
@@ -19,8 +21,10 @@ import org.bouncycastle.jce.interfaces.ECPublicKey
 import org.bouncycastle.jce.provider.BouncyCastleProvider
 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec
 import org.bouncycastle.util.BigIntegers
+import org.bouncycastle.util.Strings
 
 private val x9ECParameters = GMNamedCurves.getByName("sm2p256v1")
+private val USER_ID = Strings.toByteArray("1234567812345678")
 private val ecDomainParameters =
     ECDomainParameters(x9ECParameters.curve, x9ECParameters.g, x9ECParameters.n, x9ECParameters.h)
 
@@ -58,6 +62,33 @@ fun ByteArray.toECPublicKeyParams(): AsymmetricKeyParameter {
     return generatePublicKeyParameter(public)
 }
 
+fun ByteArray.sm2Sign(privateKeyHex: String, userId: ByteArray = USER_ID): ByteArray {
+    val sm2Signer = SM2Signer()
+    val param = privateKeyHex.hex2ByteArray().toECPrivateKeyParams()
+
+    sm2Signer.init(
+        true,
+        ParametersWithID(ParametersWithRandom(param, SecureRandom.getInstance("SHA1PRNG")), userId),
+    )
+    sm2Signer.update(this, 0, this.size)
+    return sm2Signer.generateSignature()
+}
+
+fun ByteArray.sm2Verify(publicKey: String, signedHex: String) =
+    sm2Verify(publicKey, signedHex.hex2ByteArray())
+
+fun ByteArray.sm2Verify(
+    publicKey: String,
+    signed: ByteArray,
+    userId: ByteArray = USER_ID,
+): Boolean {
+    val sm2Signer = SM2Signer()
+    val param = publicKey.hex2ByteArray().toECPublicKeyParams()
+    sm2Signer.init(false, ParametersWithID(param, userId))
+    sm2Signer.update(this, 0, this.size)
+    return sm2Signer.verifySignature(signed)
+}
+
 private fun generatePrivateKeyParameter(key: PrivateKey): AsymmetricKeyParameter =
     when (key) {
         is ECPrivateKey -> {
@@ -82,10 +113,12 @@ private fun generatePrivateKeyParameter(key: PrivateKey): AsymmetricKeyParameter
                 ECPrivateKeyParameters(key.d, ECDomainParameters(s!!.curve, s.g, s.n, s.h, s.seed))
             }
         }
+
         is java.security.interfaces.ECPrivateKey -> {
             val s = EC5Util.convertSpec(key.params)
             ECPrivateKeyParameters(key.s, ECDomainParameters(s.curve, s.g, s.n, s.h, s.seed))
         }
+
         else -> {
             // see if we can build a key from key.getEncoded()
             val bytes = key.encoded
@@ -100,13 +133,15 @@ private fun generatePublicKeyParameter(key: PublicKey): AsymmetricKeyParameter =
             val s = key.parameters
             ECPublicKeyParameters(key.q, ECDomainParameters(s.curve, s.g, s.n, s.h, s.seed))
         }
+
         is java.security.interfaces.ECPublicKey -> {
             val s = EC5Util.convertSpec(key.params)
             ECPublicKeyParameters(
                 EC5Util.convertPoint(key.params, key.w),
                 ECDomainParameters(s.curve, s.g, s.n, s.h, s.seed),
             )
         }
+
         else -> {
             // see if we can build a key from key.getEncoded()
             val bytes = key.encoded
diff --git a/app/src/main/kotlin/me/leon/ext/crypto/Signature.kt b/app/src/main/kotlin/me/leon/ext/crypto/Signature.kt
@@ -1,31 +1,41 @@
 package me.leon.ext.crypto
 
-import java.security.*
+import java.security.KeyPair
+import java.security.KeyPairGenerator
+import java.security.SecureRandom
+import java.security.Signature
 import java.security.spec.ECGenParameterSpec
-import me.leon.encode.base.base64
 import me.leon.ext.catch
 
 private fun String.properKeyPairAlg() = takeUnless { it.equals("SM2", true) } ?: "EC"
 
 fun ByteArray.sign(kpAlg: String, sigAlg: String, pri: String): ByteArray =
-    Signature.getInstance(sigAlg.properKeyPairAlg())
-        .apply {
-            initSign(pri.toPrivateKey(kpAlg))
-            update(this@sign)
-        }
-        .sign()
+    if (kpAlg == "SM2" && HEX_REGEX.matches(pri)) {
+        sm2Sign(pri)
+    } else {
+        Signature.getInstance(sigAlg.properKeyPairAlg())
+            .apply {
+                initSign(pri.toPrivateKey(kpAlg))
+                update(this@sign)
+            }
+            .sign()
+    }
 
 fun ByteArray.verify(kpAlg: String, sigAlg: String, pub: String, signed: ByteArray) =
     catch({
         println("verify err  $it")
         false
     }) {
-        Signature.getInstance(sigAlg.properKeyPairAlg())
-            .apply {
-                initVerify(pub.toPublicKey(kpAlg))
-                update(this@verify)
-            }
-            .verify(signed)
+        if (kpAlg == "SM2" && HEX_REGEX.matches(pub)) {
+            sm2Verify(pub, signed)
+        } else {
+            Signature.getInstance(sigAlg.properKeyPairAlg())
+                .apply {
+                    initVerify(pub.toPublicKey(kpAlg))
+                    update(this@verify)
+                }
+                .verify(signed)
+        }
     }
 
 val ecdsaCurveMap = mapOf("ES256" to "secp256r1", "ES384" to "secp384r1", "ES512" to "secp521r1")
@@ -36,10 +46,3 @@ fun generateEcKeyPair(jwtAlg: String = "ES256"): KeyPair? {
     kpg.initialize(spec, SecureRandom())
     return kpg.generateKeyPair()
 }
-
-fun main() {
-    generateEcKeyPair()?.let {
-        println(it.public.encoded.base64())
-        println(it.private.encoded.base64())
-    }
-}
diff --git a/app/src/test/kotlin/me/leon/sign/SmSignatureTest.kt b/app/src/test/kotlin/me/leon/sign/SmSignatureTest.kt
@@ -0,0 +1,21 @@
+package me.leon.sign
+
+import kotlin.test.Test
+import me.leon.ext.crypto.sm2Sign
+import me.leon.ext.crypto.sm2Verify
+import me.leon.ext.toHex
+import kotlin.test.assertTrue
+
+class SmSignatureTest {
+    val pub =
+        "042b515d98e00cd3f5770e20ba69998da6f9637085a0c89dec0a5dec7771fa4d0569a68a3d" +
+                "eba36ee5ffd89391e62d775551f6d69de7d155f0a3fdcbacb0631ea9"
+    val pri = "7ac2d094b66dbde1170875190bca025ed38c8293dabad39e00692318ca624e60"
+
+    @Test
+    fun smSignatureTest() {
+        val text = "Hello, SM2!"
+        val sign = text.toByteArray().sm2Sign(pri).toHex()
+        assertTrue(text.toByteArray().sm2Verify(pub, sign))
+    }
+}
