标签 SM3 下的文章

“”

《基于LTE的车联网无线通信技术安全证书管理系统技术要求》 SM2 验证过程

作者: const
时间: 2021-05-21
分类: V2X
3 条评论

《基于LTE的车联网无线通信技术安全证书管理系统技术要求》 SM2 验证过程

已知数据
签名证书对应的SM2私钥：

17 9e 18 ae e3 38 72 e1 60 5e 99 e8 bc 61 20 f7 
95 e7 c8 f8 a9 ce 60 7a 4a 71 78 68 23 53 a1 69

签名证书SM3哈希值：

e3 8c 7c b2 ec ed b9 28 9b 6e 71 ad 30 b6 26 2c 
4a 57 85 73 b9 a4 4d e8 ab 65 9a 6b cd 96 7d 77

ToBeSignedData待签名数据值：

40 03 80 20 34 34 34 34 34 34 34 34 34 34 34 34 
34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 34 
34 34 34 34 40 01 20 00 00 00 00 00 23 73 03

过程数据
签名证书对应的公钥：

X：
1e 5f 89 a5 74 08 2c 8b 36 11 fb a8 d0 65 f3 08 
b4 8f 64 ee ef 71 30 3c 75 ba 8e 95 d5 be 89 42 
Y：
77 84 ef 22 09 41 de eb cf 5b 3e 34 65 98 0a 30 
91 67 34 6f fe 05 0a e1 00 7c 2d 2f 3f 10 57 74

ZA值：

ff 25 43 65 9c 0b 93 c3 9f e3 b4 00 73 98 df 9f 
b4 0c f4 5d e3 65 e7 c9 af 16 5d 42 68 35 0b b9

Hash (ZA || Data input) 值：

7a b1 2a 19 b6 45 df c6 36 e2 0e a7 ae b0 e5 5e 
f3 f3 68 38 87 b2 e0 76 a8 eb 32 94 90 4e e5 d4

签名结果数据

R:
DD F9 07 5D D2 D9 47 05 A1 2F 42 5E 51 CB 27 4C 
B8 F4 AE 65 B3 1C 7C DD CD 31 C2 BC 3C 55 28 81
S:
20 86 11 DE 09 A7 CC 4E 48 76 E6 9E F2 E7 C0 6A 
85 39 A4 67 F2 0B 0E A7 FE EB 2A FE 9D 59 5C C4

附录
ZA值计算方法
SM2是一种椭圆曲线密码学算法， SM2只与单个特定的256位椭圆曲线相关联，因此在本标准中与SM2相关联的标识符不需要额外的曲线指示。
本标准中SM2的签名格式r用整数表示。SM2通过将身份字符串添加到要散列的消息前来命名散列函数，这个身份字符串是：
𝑍𝐴 = 𝐻ASH(𝐸𝑁𝑇𝐿𝐴||𝐼𝐷𝐴||𝑎||𝑏||𝑥𝐺| |𝑦𝐺 ||𝑥𝐴||𝑦𝐴)
其中

1） ENTLA 是由IDA长度转换而成的两个字节字符,值为IDA的有效比特数；
2） IDA 是发送方的ID；
3） a 和b是SM2椭圆曲线的方程参数；
4） xG和yG 是SM2基点的 x和y坐标；
5） xA和yA是验签公钥的x和y坐标；

数字签名用H(ZA || Data input)计算，而不是只用M计算，此处的Data input为待签名的消息数据。
本标准约定IDA为发送方正在使用证书的32字节哈希值，也即IDA=HashedId32(Certificate)并按GB/T 32918进行比特串到字节串的转换，ENTLA 是0x0100。当签发的证书为自签名证书时，IDA为16进制整数31323334353637383132333435363738，并按GB/T 32918进行整数到字节串的转换，因此ENTLA 是0x0080。

V2X trcl.coer TRCL 可信根证书列表证书

作者: const
时间: 2021-06-08
分类: V2X
评论

TRCL　可信根证书列表　Trusted Root Certificate List
相关概念
TDCL　可信域CA证书列表　Trusted Domain CA Certificates List　
TRCLA　可信根证书列表管理机构　Trusted Root Certificate List Authority
v2x trcla.oer详细介绍（链接地址：https://const.net.cn/25.html）

多个车联网PKI系统之间的可信关系是通过一个“可信根证书列表（Trusted Root Certificate List，TRCL）”实现的。该可信列表由可信根证书列表管理机构（Trusted Root Certificate List Authority，TRCLA）签发。
可信根证书列表的存在与否不会影响各个独立PKI系统的运行，但会影响不同PKI系统证书之间是否能够互认。
车联网跨CA证书系统安全认证就是通过TRCL来实现的。
trcl.coer　hex 内容

hexdump -C trcl.coer 
00000000  01 83 08 0b 2c 85 a0 f3  b2 62 2c 00 02 1f 79 ed  |....,....b,...y.|
00000010  3d 32 48 93 3d 01 05 80  80 03 00 81 02 79 81 15  |=2H.=........y..|
00000020  72 63 61 2e 76 32 78 63  61 2e 63 61 74 61 72 63  |rca.v2xca.catarc|
00000030  2e 69 6e 66 6f 00 00 00  00 00 1f 78 a9 c3 86 00  |.info......x....|
00000040  1e 83 01 01 80 00 9c 03  01 02 80 02 0e 2b 80 03  |.............+..|
00000050  80 00 01 00 02 0e 2c 01  02 e0 81 01 03 01 ff c0  |......,.........|
00000060  e0 80 01 03 00 02 0e 2b  00 02 0e 2c 00 02 0e 2d  |.......+...,...-|
00000070  01 03 01 ff c0 01 82 21  83 6a b7 70 34 f5 7b d0  |.......!.j.p4.{.|
00000080  56 05 6e 12 58 8b 0e 6a  9d 5f 0d f5 5f aa 18 ff  |V.n.X..j._.._...|
00000090  b3 86 11 e0 4a 71 8b a2  5b 80 84 21 82 5e f4 92  |....Jq..[..!.^..|
000000a0  df ad da 00 f0 39 bf 50  24 85 b0 ed b9 3a 92 6e  |.....9.P$....:.n|
000000b0  f4 78 13 35 f4 c2 1c 53  d2 3d 73 26 c8 84 40 ba  |.x.5...S.=s&..@.|
000000c0  69 c3 42 6a b8 bb 61 ae  80 7e 11 bc 79 94 ba 05  |i.Bj..a..~..y...|
000000d0  0d 70 09 42 59 86 0d 5b  0b f8 ba 5c de 9f e9 66  |.p.BY..[...\...f|
000000e0  63 d0 8a af 06 e8 e5 c0  4f af 4c 89 f0 ce 3f fe  |c.......O.L...?.|
000000f0  7a 11 d5 43 e4 7a f1 77  12 cd ab d1 73 82 2c 2c  |z..C.z.w....s.,,|
00000100  68 74 74 70 3a 2f 2f 36  30 2e 32 34 37 2e 35 38  |http://60.247.58|
00000110  2e 31 31 37 3a 38 30 39  39 2f 63 61 2f 63 61 74  |.117:8099/ca/cat|
00000120  61 72 63 74 64 63 6c 2e  63 6f 65 72 80 80 03 00  |arctdcl.coer....|
00000130  81 02 58 81 13 72 6f 6f  74 63 61 2e 63 68 69 6e  |..X..rootca.chin|
00000140  61 2d 69 63 76 2e 63 6e  00 00 00 00 00 1f 47 46  |a-icv.cn......GF|
00000150  85 86 00 1e 83 01 01 80  00 9c 01 01 80 02 0e 2b  |...............+|
00000160  80 03 80 00 01 01 04 e0  81 01 03 01 ff c0 e0 80  |................|
00000170  01 01 80 02 0e 2b 81 01  03 01 ff c0 e0 80 01 01  |.....+..........|
00000180  80 02 0e 2c 81 01 03 01  ff c0 e0 80 01 01 80 02  |...,............|
00000190  0e 2d 81 01 03 01 ff c0  80 84 21 83 37 f1 33 b1  |.-........!.7.3.|
000001a0  a0 8d 99 df 06 f7 d6 dd  2a cd 3b f6 7d 6b db fc  |........*.;.}k..|
000001b0  be 32 5d f3 0c ff 1a bf  ad 91 a2 f2 84 40 50 db  |.2]..........@P.|
000001c0  c7 27 f8 76 49 68 ef 61  3e 77 09 7d 4d ff 81 d5  |.'.vIh.a>w.}M...|
000001d0  35 44 70 b9 74 83 ba f4  b5 d3 52 71 55 53 5d a4  |5Dp.t.....RqUS].|
000001e0  c5 75 1f d2 cc b0 f2 c6  72 c1 37 95 af 5d d8 2d  |.u......r.7..].-|
000001f0  f9 6a 38 41 90 fa c5 a7  c3 d2 a5 16 26 57 22 68  |.j8A........&W"h|
00000200  74 74 70 3a 2f 2f 31 30  36 2e 33 37 2e 36 39 2e  |ttp://106.37.69.|
00000210  32 32 3a 36 30 36 30 2f  63 69 63 76 2e 70 63 74  |22:6060/cicv.pct|
00000220  6c 80 80 03 00 81 02 58  81 16 72 6f 6f 74 63 61  |l......X..rootca|
00000230  2e 64 61 74 61 6e 67 6d  6f 62 69 6c 65 2e 63 6e  |.datangmobile.cn|
00000240  00 00 00 00 00 1f 52 53  d5 86 00 1e 83 01 01 80  |......RS........|
00000250  00 9c 01 02 80 02 0e 2b  80 03 80 00 01 80 02 0e  |.......+........|
00000260  2c 80 07 00 01 00 01 01  00 00 01 02 e0 81 01 02  |,...............|
00000270  01 ff c0 60 80 01 03 00  02 0e 2b 00 02 0e 2c 00  |...`......+...,.|
00000280  02 0e 2d 01 ff c0 80 84  21 82 fb 20 48 16 85 dd  |..-.....!.. H...|
00000290  84 80 ed be b4 66 4a f9  a4 76 2c 07 12 0e fe fe  |.....fJ..v,.....|
000002a0  16 6c 17 d9 41 3e 3e 5e  3d d3 84 40 68 25 12 b9  |.l..A>>^=..@h%..|
000002b0  fd f8 98 cb b9 d2 9b e0  a2 38 68 ba d5 dc 3d ed  |.........8h...=.|
000002c0  74 23 f9 8e 64 4a 66 96  b1 2f dd 51 58 72 17 6a  |t#..dJf../.QXr.j|
000002d0  51 76 fc 28 b3 1e 19 2e  04 f2 06 55 f1 18 cb 28  |Qv.(.......U...(|
000002e0  f0 dd 36 3d 5e d3 45 23  d0 f4 94 4e 39 68 74 74  |..6=^.E#...N9htt|
000002f0  70 73 3a 2f 2f 73 6d 61  72 74 63 61 72 2e 64 61  |ps://smartcar.da|
00000300  74 61 6e 67 6d 6f 62 69  6c 65 2e 63 6e 2f 61 70  |tangmobile.cn/ap|
00000310  69 2f 63 61 2f 76 31 2f  63 74 6c 2f 44 54 43 54  |i/ca/v1/ctl/DTCT|
00000320  4c 2e 63 6f 65 72 80 80  03 00 81 02 58 81 17 72  |L.coer......X..r|
00000330  6f 6f 74 63 61 2e 74 65  73 74 2e 76 32 78 2e 74  |ootca.test.v2x.t|
00000340  6b 63 61 2e 63 6e 00 00  00 00 00 1f 5b a9 05 86  |kca.cn......[...|
00000350  00 1e 83 01 01 80 00 9c  01 02 80 02 0e 2b 80 03  |.............+..|
00000360  80 00 01 00 02 0e 2c 01  04 e0 81 01 02 01 ff c0  |......,.........|
00000370  60 80 01 01 00 02 0e 2b  01 ff c0 60 80 01 01 00  |`......+...`....|
00000380  02 0e 2c 01 ff c0 60 80  01 01 00 02 0e 2d 01 ff  |..,...`......-..|
00000390  c0 80 84 21 82 fb 7c 6a  4d 53 d7 42 e2 2e c1 b3  |...!..|jMS.B....|
000003a0  ed 0c 55 93 96 83 90 9e  67 7c e1 97 47 46 52 a0  |..U.....g|..GFR.|
000003b0  18 52 b9 67 d6 84 40 6c  f6 0f 29 bd d9 2d db b4  |.R.g..@l..)..-..|
000003c0  c5 1c a6 55 5a b8 94 b4  30 a6 f6 cf 1c 47 e1 99  |...UZ...0....G..|
000003d0  a3 e5 d9 80 2a 2e 8c 46  83 63 82 05 88 32 af 99  |....*..F.c...2..|
000003e0  c6 0e 54 69 c6 0b 69 ff  32 6b 8c c5 e0 14 65 2f  |..Ti..i.2k....e/|
000003f0  78 52 84 82 40 84 0d 33  68 74 74 70 3a 2f 2f 33  |xR..@..3http://3|
00000400  36 2e 31 31 32 2e 38 38  2e 32 30 34 3a 38 30 39  |6.112.88.204:809|
00000410  33 2f 64 63 2d 61 70 69  2f 67 65 74 63 74 6c 2f  |3/dc-api/getctl/|
00000420  54 4b 43 41 43 54 4c 2e  6f 65 72 80 80 03 00 81  |TKCACTL.oer.....|
00000430  02 58 81 17 72 6f 6f 74  63 61 2e 76 32 78 2e 6a  |.X..rootca.v2x.j|
00000440  73 69 74 73 2e 6f 72 67  2e 63 6e 00 00 00 00 00  |sits.org.cn.....|
00000450  1f 55 09 9a 86 00 1e 83  01 01 80 00 9c 01 02 80  |.U..............|
00000460  02 0e 2b 80 03 80 00 01  00 02 0e 2c 01 04 e0 81  |..+........,....|
00000470  01 02 01 ff c0 60 80 01  01 00 02 0e 2b 01 ff c0  |.....`......+...|
00000480  60 80 01 01 00 02 0e 2c  01 ff c0 60 80 01 01 00  |`......,...`....|
00000490  02 0e 2d 01 ff c0 80 84  21 83 9e ce 5d 51 f6 06  |..-.....!...]Q..|
000004a0  88 65 cb 97 d4 61 03 2c  86 28 d2 9e 9b f0 44 0f  |.e...a.,.(....D.|
000004b0  f8 0e bd cf 89 e1 96 1f  51 19 84 40 1e 16 6e 9f  |........Q..@..n.|
000004c0  4f 21 4a 2b 87 8a 74 85  e6 68 d8 ba 19 aa d2 a1  |O!J+..t..h......|
000004d0  78 47 d0 7b 2c 3d 23 8d  d7 e8 82 22 1e 93 6c a7  |xG.{,=#...."..l.|
000004e0  8e 02 62 4b 18 21 39 88  9c af 60 91 05 73 7b 5a  |..bK.!9...`..s{Z|
000004f0  6c aa ea b8 2a c0 a7 71  ef 5f 00 ab 26 68 74 74  |l...*..q._..&htt|
00000500  70 3a 2f 2f 64 63 2e 76  32 78 2e 6a 73 69 74 73  |p://dc.v2x.jsits|
00000510  2e 6f 72 67 2e 63 6e 3a  38 30 39 33 2f 67 65 74  |.org.cn:8093/get|
00000520  63 74 6c 84 40 91 4e e2  e1 79 cf 8d 2e 8a c5 ea  |ctl.@.N..y......|
00000530  26 c2 fa fb 44 e4 6d bf  97 9b 4d ff f0 59 79 43  |&...D.m...M..YyC|
00000540  b0 fa 13 c3 af 71 91 06  71 26 8e a4 0f f2 22 2f  |.....q..q&...."/|
00000550  1c f8 08 63 ca 00 55 dc  c2 6f cd 83 38 a8 37 9a  |...c..U..o..8.7.|
00000560  84 8c 47 a1 21                                    |..G.!|
00000565

trcl.coer xml 内容

<?xml version="1.0"?>
<RootCtl>
    <toBeSignedRootCtl>
        <version>1</version>
        <issuer>
            <sm3AndDigest>0B 2C 85 A0 F3 B2 62 2C</sm3AndDigest>
        </issuer>
        <series>2</series>
        <issueDate>528084285</issueDate>
        <nextRootCtl>843617085</nextRootCtl>
        <pkiCtlInfoList>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rca.v2xca.catarc.info</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>528001475</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <assuranceLevel>03</assuranceLevel>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <encryptionKey>
                            <supportedSymmAlg>
                                <sm4Ccm/>
                            </supportedSymmAlg>
                            <publicKey>
                                <ecencSm2>
                                    <compressed-y-1>
                                        6A B7 70 34 F5 7B D0 56 05 6E 12 58 8B 0E 6A 9D 
                                        5F 0D F5 5F AA 18 FF B3 86 11 E0 4A 71 8B A2 5B
                                    </compressed-y-1>
                                </ecencSm2>
                            </publicKey>
                        </encryptionKey>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        5E F4 92 DF AD DA 00 F0 39 BF 50 24 85 B0 ED B9 
                                        3A 92 6E F4 78 13 35 F4 C2 1C 53 D2 3D 73 26 C8
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                BA 69 C3 42 6A B8 BB 61 AE 80 7E 11 BC 79 94 BA 
                                05 0D 70 09 42 59 86 0D 5B 0B F8 BA 5C DE 9F E9
                            </rSig>
                            <sSig>
                                66 63 D0 8A AF 06 E8 E5 C0 4F AF 4C 89 F0 CE 3F 
                                FE 7A 11 D5 43 E4 7A F1 77 12 CD AB D1 73 82 2C
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://60.247.58.117:8099/ca/catarctdcl.coer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.china-icv.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>524764805</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                            <sspRange>
                                                <all/>
                                            </sspRange>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>3</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-1>
                                        37 F1 33 B1 A0 8D 99 DF 06 F7 D6 DD 2A CD 3B F6 
                                        7D 6B DB FC BE 32 5D F3 0C FF 1A BF AD 91 A2 F2
                                    </compressed-y-1>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                50 DB C7 27 F8 76 49 68 EF 61 3E 77 09 7D 4D FF 
                                81 D5 35 44 70 B9 74 83 BA F4 B5 D3 52 71 55 53
                            </rSig>
                            <sSig>
                                5D A4 C5 75 1F D2 CC B0 F2 C6 72 C1 37 95 AF 5D 
                                D8 2D F9 6A 38 41 90 FA C5 A7 C3 D2 A5 16 26 57
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://106.37.69.22:6060/cicv.pctl</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.datangmobile.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>525489109</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                                <ssp>
                                    <opaque>00 01 00 01 01 00 00</opaque>
                                </ssp>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        FB 20 48 16 85 DD 84 80 ED BE B4 66 4A F9 A4 76 
                                        2C 07 12 0E FE FE 16 6C 17 D9 41 3E 3E 5E 3D D3
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                68 25 12 B9 FD F8 98 CB B9 D2 9B E0 A2 38 68 BA 
                                D5 DC 3D ED 74 23 F9 8E 64 4A 66 96 B1 2F DD 51
                            </rSig>
                            <sSig>
                                58 72 17 6A 51 76 FC 28 B3 1E 19 2E 04 F2 06 55 
                                F1 18 CB 28 F0 DD 36 3D 5E D3 45 23 D0 F4 94 4E
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>https://smartcar.datangmobile.cn/api/ca/v1/ctl/DTCTL.coer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.test.v2x.tkca.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>526100741</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-0>
                                        FB 7C 6A 4D 53 D7 42 E2 2E C1 B3 ED 0C 55 93 96 
                                        83 90 9E 67 7C E1 97 47 46 52 A0 18 52 B9 67 D6
                                    </compressed-y-0>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                6C F6 0F 29 BD D9 2D DB B4 C5 1C A6 55 5A B8 94 
                                B4 30 A6 F6 CF 1C 47 E1 99 A3 E5 D9 80 2A 2E 8C
                            </rSig>
                            <sSig>
                                46 83 63 82 05 88 32 AF 99 C6 0E 54 69 C6 0B 69 
                                FF 32 6B 8C C5 E0 14 65 2F 78 52 84 82 40 84 0D
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://36.112.88.204:8093/dc-api/getctl/TKCACTL.oer</caListUrl>
            </PkiCtlInfo>
            <PkiCtlInfo>
                <rootCertificate>
                    <version>3</version>
                    <type>
                        <explicit/>
                    </type>
                    <issuer>
                        <self>
                            <sm3/>
                        </self>
                    </issuer>
                    <toBeSigned>
                        <id>
                            <name>rootca.v2x.jsits.org.cn</name>
                        </id>
                        <cracaId>00 00 00</cracaId>
                        <crlSeries>0</crlSeries>
                        <validityPeriod>
                            <start>525666714</start>
                            <duration>
                                <years>30</years>
                            </duration>
                        </validityPeriod>
                        <region>
                            <identifiedRegion>
                                <countryOnly>156</countryOnly>
                            </identifiedRegion>
                        </region>
                        <appPermissions>
                            <AidSsp>
                                <aid>3627</aid>
                                <ssp>
                                    <opaque>80 00 01</opaque>
                                </ssp>
                            </AidSsp>
                            <AidSsp>
                                <aid>3628</aid>
                            </AidSsp>
                        </appPermissions>
                        <certIssuePermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <all/>
                                </subjectPermissions>
                                <minChainLength>2</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3627</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3628</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                            <AidGroupPermissions>
                                <subjectPermissions>
                                    <explicit>
                                        <AidSspRange>
                                            <aid>3629</aid>
                                        </AidSspRange>
                                    </explicit>
                                </subjectPermissions>
                                <minChainLength>1</minChainLength>
                                <chainLengthRange>-1</chainLengthRange>
                                <eeType>
                                    11000000
                                </eeType>
                            </AidGroupPermissions>
                        </certIssuePermissions>
                        <verifyKeyIndicator>
                            <verificationKey>
                                <ecsigSm2>
                                    <compressed-y-1>
                                        9E CE 5D 51 F6 06 88 65 CB 97 D4 61 03 2C 86 28 
                                        D2 9E 9B F0 44 0F F8 0E BD CF 89 E1 96 1F 51 19
                                    </compressed-y-1>
                                </ecsigSm2>
                            </verificationKey>
                        </verifyKeyIndicator>
                    </toBeSigned>
                    <signature>
                        <sm2Signature>
                            <rSig>
                                1E 16 6E 9F 4F 21 4A 2B 87 8A 74 85 E6 68 D8 BA 
                                19 AA D2 A1 78 47 D0 7B 2C 3D 23 8D D7 E8 82 22
                            </rSig>
                            <sSig>
                                1E 93 6C A7 8E 02 62 4B 18 21 39 88 9C AF 60 91 
                                05 73 7B 5A 6C AA EA B8 2A C0 A7 71 EF 5F 00 AB
                            </sSig>
                        </sm2Signature>
                    </signature>
                </rootCertificate>
                <caListUrl>http://dc.v2x.jsits.org.cn:8093/getctl</caListUrl>
            </PkiCtlInfo>
        </pkiCtlInfoList>
    </toBeSignedRootCtl>
    <signature>
        <sm2Signature>
            <rSig>
                91 4E E2 E1 79 CF 8D 2E 8A C5 EA 26 C2 FA FB 44 
                E4 6D BF 97 9B 4D FF F0 59 79 43 B0 FA 13 C3 AF
            </rSig>
            <sSig>
                71 91 06 71 26 8E A4 0F F2 22 2F 1C F8 08 63 CA 
                00 55 DC C2 6F CD 83 38 A8 37 9A 84 8C 47 A1 21
            </sSig>
        </sm2Signature>
    </signature>
</RootCtl>

trcl.coer包含各个厂家的根证书，我们要做的是将根证书解析出来并保存
通过解析得到五个厂家的根证书，分别为

rca.v2xca.catarc.info
rootca.china-icv.cn
rootca.datangmobile.cn
rootca.test.v2x.tkca.cn
rootca.v2x.jsits.org.cn

rca.v2xca.catarc.info　内容

hex = 80 03 00 81 02 79 81 15 72 63 61 2e 76 32 78 63 61 2e 63 61 74 61 72 63 2e 69 6e 66 6f 00 00 00 00 00 1f 78 a9 c3 86 00 1e 83 01 01 80 00 9c 03 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 02 e0 81 01 03 01 ff c0 e0 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 03 01 ff c0 01 82 21 83 6a b7 70 34 f5 7b d0 56 05 6e 12 58 8b 0e 6a 9d 5f 0d f5 5f aa 18 ff b3 86 11 e0 4a 71 8b a2 5b 80 84 21 82 5e f4 92 df ad da 00 f0 39 bf 50 24 85 b0 ed b9 3a 92 6e f4 78 13 35 f4 c2 1c 53 d2 3d 73 26 c8 84 40 ba 69 c3 42 6a b8 bb 61 ae 80 7e 11 bc 79 94 ba 05 0d 70 09 42 59 86 0d 5b 0b f8 ba 5c de 9f e9 66 63 d0 8a af 06 e8 e5 c0 4f af 4c 89 f0 ce 3f fe 7a 11 d5 43 e4 7a f1 77 12 cd ab d1 73 82 2c 
sm3 hashid32 = f8 43 4e 66 2f f5 61 12 d4 12 3a 29 89 88 ff 65 ee 25 20 fa 0b 47 42 14 0b 89 cb 67 a9 3c a5 8c
sm3 hashid8 = 0b 89 cb 67 a9 3c a5 8c

rootca.china-icv.cn 内容

hex = 80 03 00 81 02 58 81 13 72 6f 6f 74 63 61 2e 63 68 69 6e 61 2d 69 63 76 2e 63 6e 00 00 00 00 00 1f 47 46 85 86 00 1e 83 01 01 80 00 9c 01 01 80 02 0e 2b 80 03 80 00 01 01 04 e0 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2b 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2c 81 01 03 01 ff c0 e0 80 01 01 80 02 0e 2d 81 01 03 01 ff c0 80 84 21 83 37 f1 33 b1 a0 8d 99 df 06 f7 d6 dd 2a cd 3b f6 7d 6b db fc be 32 5d f3 0c ff 1a bf ad 91 a2 f2 84 40 50 db c7 27 f8 76 49 68 ef 61 3e 77 09 7d 4d ff 81 d5 35 44 70 b9 74 83 ba f4 b5 d3 52 71 55 53 5d a4 c5 75 1f d2 cc b0 f2 c6 72 c1 37 95 af 5d d8 2d f9 6a 38 41 90 fa c5 a7 c3 d2 a5 16 26 57 
sm3 hashid32 = 80 0a 70 9a fa bf 11 bb 27 36 7c b5 a4 eb 4d 5f 7c 7f dd 89 79 7b 50 f5 46 82 80 66 9c a1 f5 4e 
sm3 hashid8 = 46 82 80 66 9c a1 f5 4e

rootca.datangmobile.cn 内容

hex = 80 03 00 81 02 58 81 16 72 6f 6f 74 63 61 2e 64 61 74 61 6e 67 6d 6f 62 69 6c 65 2e 63 6e 00 00 00 00 00 1f 52 53 d5 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 80 02 0e 2c 80 07 00 01 00 01 01 00 00 01 02 e0 81 01 02 01 ff c0 60 80 01 03 00 02 0e 2b 00 02 0e 2c 00 02 0e 2d 01 ff c0 80 84 21 82 fb 20 48 16 85 dd 84 80 ed be b4 66 4a f9 a4 76 2c 07 12 0e fe fe 16 6c 17 d9 41 3e 3e 5e 3d d3 84 40 68 25 12 b9 fd f8 98 cb b9 d2 9b e0 a2 38 68 ba d5 dc 3d ed 74 23 f9 8e 64 4a 66 96 b1 2f dd 51 58 72 17 6a 51 76 fc 28 b3 1e 19 2e 04 f2 06 55 f1 18 cb 28 f0 dd 36 3d 5e d3 45 23 d0 f4 94 4e 

sm3 hashid32 = f2 55 82 a5 5a a2 51 b1 a4 01 0c 38 7b e5 13 15 14 0e bb df 27 97 e7 0d 26 de ec 8e eb 3f 5f fb 
sm3 hashid8 = 26 de ec 8e eb 3f 5f fb

rootca.test.v2x.tkca.cn 内容

hex = 80 03 00 81 02 58 81 17 72 6f 6f 74 63 61 2e 74 65 73 74 2e 76 32 78 2e 74 6b 63 61 2e 63 6e 00 00 00 00 00 1f 5b a9 05 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 04 e0 81 01 02 01 ff c0 60 80 01 01 00 02 0e 2b 01 ff c0 60 80 01 01 00 02 0e 2c 01 ff c0 60 80 01 01 00 02 0e 2d 01 ff c0 80 84 21 82 fb 7c 6a 4d 53 d7 42 e2 2e c1 b3 ed 0c 55 93 96 83 90 9e 67 7c e1 97 47 46 52 a0 18 52 b9 67 d6 84 40 6c f6 0f 29 bd d9 2d db b4 c5 1c a6 55 5a b8 94 b4 30 a6 f6 cf 1c 47 e1 99 a3 e5 d9 80 2a 2e 8c 46 83 63 82 05 88 32 af 99 c6 0e 54 69 c6 0b 69 ff 32 6b 8c c5 e0 14 65 2f 78 52 84 82 40 84 0d 

sm3 hashid32 = a7 c2 cf 36 d3 2c e6 fb 99 f1 53 85 2b 37 6d 8d b3 d3 88 e9 0c 4a e4 4c eb 03 52 f8 9c e6 9f 39 
sm3 hashid8 = eb 03 52 f8 9c e6 9f 39

rootca.v2x.jsits.org.cn 内容

hex = 80 03 00 81 02 58 81 17 72 6f 6f 74 63 61 2e 76 32 78 2e 6a 73 69 74 73 2e 6f 72 67 2e 63 6e 00 00 00 00 00 1f 55 09 9a 86 00 1e 83 01 01 80 00 9c 01 02 80 02 0e 2b 80 03 80 00 01 00 02 0e 2c 01 04 e0 81 01 02 01 ff c0 60 80 01 01 00 02 0e 2b 01 ff c0 60 80 01 01 00 02 0e 2c 01 ff c0 60 80 01 01 00 02 0e 2d 01 ff c0 80 84 21 83 9e ce 5d 51 f6 06 88 65 cb 97 d4 61 03 2c 86 28 d2 9e 9b f0 44 0f f8 0e bd cf 89 e1 96 1f 51 19 84 40 1e 16 6e 9f 4f 21 4a 2b 87 8a 74 85 e6 68 d8 ba 19 aa d2 a1 78 47 d0 7b 2c 3d 23 8d d7 e8 82 22 1e 93 6c a7 8e 02 62 4b 18 21 39 88 9c af 60 91 05 73 7b 5a 6c aa ea b8 2a c0 a7 71 ef 5f 00 ab 

sm3 hashid32 = 48 6d 43 34 ef c7 b5 77 8a 18 13 ba 4e f3 4a b4 2b e5 22 6a c5 e4 f9 26 56 6b ed 42 32 5c 48 a7
sm3 hashid8 =  56 6b ed 42 32 5c 48 a7

根据上述5个根证书的sm3 hashid8，可以将对应的根证书文件保存为对应的名字，类似：

0B89CB67A93CA58C.rca
26DEEC8EEB3F5FFB.rca
468280669CA1F54E.rca
566BED42325C48A7.rca
EB0352F89CE69F39.rca

而每一个根证书所对应的PKI体系证书信息可以包含在下述文件中,列表中的CA证书应为从相关CA至该PKI根证书的证书链

0B89CB67A93CA58C.tdcl
26DEEC8EEB3F5FFB.tdcl
468280669CA1F54E.tdcl
566BED42325C48A7.tdcl
EB0352F89CE69F39.tdcl

OpenSSL 命令行 SM2 SM3操作

作者: const
时间: 2021-06-08
分类: OpenSSL
评论

OpenSSL 生成 SM2 密钥

openssl ecparam -name SM2 -genkey -out sm2_ec.key 
cat sm2_ec.key 
-----BEGIN EC PARAMETERS-----
BggqgRzPVQGCLQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIB9dGHE5+6AD9DGmA8g/cEqn8HYTMBhbM+g2XJ16RqZ1oAoGCCqBHM9V
AYItoUQDQgAEJg19rra1BeuYx9ZU1GbfD0ceE9X67/c2hdb6XZLQor5oNVa+o9HZ
WBioc1hNCC2avO1Dpg5ZAb2YsS71TT7Bsw==
-----END EC PRIVATE KEY-----

OpenSSL 根据SM2私钥生成公钥

openssl ec -in sm2_ec.key -pubout -out sm2_ec.pubkey 
read EC key
writing EC key
cat sm2_ec.pubkey 
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEJg19rra1BeuYx9ZU1GbfD0ceE9X6
7/c2hdb6XZLQor5oNVa+o9HZWBioc1hNCC2avO1Dpg5ZAb2YsS71TT7Bsw==
-----END PUBLIC KEY-----

OpenSSL SM3 计算文件Hash

echo "https://const.net.cn" > sign.data 
openssl dgst -SM3 sign.data 
SM3(sign.data)= 8c13610aeb3040b2899ac224ae7db0710030803c424f776e7241340c66a6d553

OpenSSL 使用　SM2 签名文件

openssl dgst -SM3 -sign sm2_ec.key -out sm2_ec.sig sign.data 
Error setting context
140524048778560:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:../crypto/ec/ec_pmeth.c:331:

在当前版本(OpenSSL 1.1.1f)还不支持命令行使用SM2结合SM3签名。将hash算法换成sha256试试。
OpenSSL 使用　SM2 结合　sha256签名

openssl dgst -sha256 -sign sm2_ec.key -out sm2_ec.sig sign.data 
root@hesy-ThinkPad-P15v-Gen-1:/home/hesy/2021/asn1/src/sm# hexdump -C sm2_ec.sig 
00000000  30 46 02 21 00 d7 52 c2  63 a3 12 ff ef af 69 8e  |0F.!..R.c.....i.|
00000010  8a 35 17 9f f2 0c e2 b1  80 fb dd a1 38 a3 59 14  |.5..........8.Y.|
00000020  5a 18 33 ba 43 02 21 00  9d 10 91 a7 5f a4 cf bb  |Z.3.C.!....._...|
00000030  7b 75 c0 27 17 d5 2d 55  09 cc 10 49 29 f8 bc 0d  |{u.'..-U...I)...|
00000040  10 d6 02 db b1 e4 7c 7a                           |......|z|
00000048

OpenSSL 使用　SM2 结合　sha256 验签

openssl dgst -sha256 -verify sm2_ec.pubkey -signature sm2_ec.sig sign.data 
Verified OK

OpenSSL 使用　SM2 结合　SM3 验签

openssl dgst -SM3 -verify sm2_ec.pubkey -signature sm2_ec.sig sign.data 
Error setting context
140471948707136:error:100C508A:elliptic curve routines:pkey_ec_ctrl:invalid digest type:../crypto/ec/ec_pmeth.c:331:

同上面一样的原因，官方没实现，命令行用不了。

Go 利用OpenSSL 实现sm3计算方法

作者: const
时间: 2021-06-18
分类: OpenSSL,Go,Demo
评论

SM3是中华人民共和国政府采用的一种密码散列函数标准，前身为SCH4杂凑算法，由国家密码管理局于2010年12月17日发布，相关标准为“GM/T 0004-2012 《SM3密码杂凑算法》”。2016年，成为中国国家密码标准（GB/T 32905-2016）。
在商用密码体系中，SM3主要用于数字签名及验证、消息认证码生成及验证、随机数生成等，其算法公开，安全性及效率与SHA-256相当。
SM3签名算法收录于ISO/IEC 10118-3:2018《信息安全技术杂凑函数第3部分：专用杂凑函数》
代码：

package main

/*
#cgo CFLAGS: -I ./include
#cgo LDFLAGS: -L ./lib -lcrypto -ldl
#include <stdlib.h>
#include <openssl/evp.h>
*/
import "C"

import (
    "fmt"
    "os"
    "unsafe"
)

func main() {
    strdigestname := "sm3"
    fmt.Printf("go OpenSSL cgo %s demo/example.\n", strdigestname)
    strdata := "https://const.net.cn/"
    digestname := []byte(strdigestname)
    md := C.EVP_get_digestbyname((*C.char)(unsafe.Pointer(&digestname[0])))
    if md == nil {
        fmt.Printf("Unknown message digest %s\n", strdigestname)
        os.Exit(1)
    }
    md_value := make([]byte, 128)
    md_len := 0
    data := []byte(strdata)
    mdctx := C.EVP_MD_CTX_new()
    C.EVP_DigestInit(mdctx, md)
    C.EVP_DigestUpdate(mdctx, unsafe.Pointer(&data[0]), C.size_t(len(data)))
    C.EVP_DigestFinal_ex(mdctx, (*C.uchar)(unsafe.Pointer(&md_value[0])), (*C.uint)(unsafe.Pointer(&md_len)))
    C.EVP_MD_CTX_free(mdctx)

    fmt.Printf("message digest=%x %s message digest len=%d\n", md_value[0:md_len], strdigestname, md_len)
}

输出：

go run .
go OpenSSL cgo sm3 demo/example.
message digest=bc028f836a92dced100b500f087d4223201ff2f60ef0bb76e84e9a5a6f9be74a sm3 message digest len=32
echo -n "https://const.net.cn/" |openssl dgst -sm3
(stdin)= bc028f836a92dced100b500f087d4223201ff2f60ef0bb76e84e9a5a6f9be74a