支持国密

Author: springrain

go.mod

@@ -34,10 +34,11 @@ require (
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/viper v1.6.2
 	github.com/syndtr/goleveldb v1.0.1-0.20200815110645-5c35d600f0ca
+	github.com/tjfoc/gmsm v1.4.1
 	github.com/xuperchain/crypto v0.0.0-20201028025054-4d560674bcd6
 	github.com/xuperchain/log15 v0.0.0-20190620081506-bc88a9198230
 	github.com/xuperchain/xvm v0.0.0-20210126142521-68fd016c56d7
-	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+	golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee
 	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
 	google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013
 	google.golang.org/grpc v1.35.0

kernel/network/p2p/util.go

@@ -2,16 +2,21 @@ package p2p
 
 import (
 	"crypto/rand"
-	"crypto/tls"
-	"crypto/x509"
+	defaulttls "crypto/tls"
+	defaultx509 "crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
 	"io/ioutil"
 	math_rand "math/rand"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
+	tls "github.com/tjfoc/gmsm/gmtls"
+	"github.com/tjfoc/gmsm/gmtls/gmcredentials"
+	"github.com/tjfoc/gmsm/x509"
+
 	iaddr "github.com/ipfs/go-ipfs-addr"
 	"github.com/libp2p/go-libp2p-core/crypto"
 	"github.com/libp2p/go-libp2p-core/peer"
@@ -25,27 +30,59 @@ func NewTLS(path, serviceName string) (credentials.TransportCredentials, error)
 	if err != nil {
 		return nil, err
 	}
-
-	certPool := x509.NewCertPool()
-	ok := certPool.AppendCertsFromPEM(bs)
-	if !ok {
+	cacert, err := ioutil.ReadFile(filepath.Join(path, "cacert.pem"))
+	if err != nil {
 		return nil, err
 	}
-
-	certificate, err := tls.LoadX509KeyPair(filepath.Join(path, "cert.pem"), filepath.Join(path, "private.key"))
+	pb, _ := pem.Decode(cacert)
+	x509cert, err := x509.ParseCertificate(pb.Bytes)
 	if err != nil {
 		return nil, err
 	}
+	if strings.Contains(strings.ToLower(x509cert.SignatureAlgorithm.String()), "sm") {
+		certPool := x509.NewCertPool()
+		ok := certPool.AppendCertsFromPEM(bs)
+		if !ok {
+			return nil, err
+		}
+		certificate, err := tls.LoadX509KeyPair(filepath.Join(path, "cert.pem"), filepath.Join(path, "private.key"))
+		if err != nil {
+			return nil, err
+		}
+		creds := gmcredentials.NewTLS(
+			&tls.Config{
+				GMSupport:    &tls.GMSupport{},
+				ServerName:   serviceName,
+				Certificates: []tls.Certificate{certificate, certificate},
+				RootCAs:      certPool,
+				ClientCAs:    certPool,
+				ClientAuth:   tls.RequireAndVerifyClientCert,
+			})
+		return creds, nil
+	} else {
+
+		certPool := defaultx509.NewCertPool()
+		ok := certPool.AppendCertsFromPEM(bs)
+		if !ok {
+			return nil, err
+		}
+
+		certificate, err := defaulttls.LoadX509KeyPair(filepath.Join(path, "cert.pem"), filepath.Join(path, "private.key"))
+		if err != nil {
+			return nil, err
+		}
+
+		creds := credentials.NewTLS(
+			&defaulttls.Config{
+				ServerName:   serviceName,
+				Certificates: []defaulttls.Certificate{certificate},
+				RootCAs:      certPool,
+				ClientCAs:    certPool,
+				ClientAuth:   defaulttls.RequireAndVerifyClientCert,
+			})
+		return creds, nil
+	}
 
-	creds := credentials.NewTLS(
-		&tls.Config{
-			ServerName:   serviceName,
-			Certificates: []tls.Certificate{certificate},
-			RootCAs:      certPool,
-			ClientCAs:    certPool,
-			ClientAuth:   tls.RequireAndVerifyClientCert,
-		})
-	return creds, nil
 }
 
 // GenerateKeyPairWithPath generate xuper net key pair