惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
N
News and Events Feed by Topic
D
DataBreaches.Net
MongoDB | Blog
MongoDB | Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Engineering at Meta
Engineering at Meta
T
Tailwind CSS Blog
博客园_首页
Microsoft Azure Blog
Microsoft Azure Blog
Y
Y Combinator Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
月光博客
月光博客
A
About on SuperTechFans
I
InfoQ
S
Securelist
Last Week in AI
Last Week in AI
S
Schneier on Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
Hacker News: Ask HN
Hacker News: Ask HN
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
腾讯CDC
大猫的无限游戏
大猫的无限游戏
S
Security @ Cisco Blogs
博客园 - 三生石上(FineUI控件)
Simon Willison's Weblog
Simon Willison's Weblog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
美团技术团队
aimingoo的专栏
aimingoo的专栏
G
Google Developers Blog
罗磊的独立博客
Vercel News
Vercel News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
S
Secure Thoughts
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Latest news
Latest news
Recent Announcements
Recent Announcements
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
L
LINUX DO - 热门话题
Security Latest
Security Latest
TaoSecurity Blog
TaoSecurity Blog
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队

Nemo

再见,2025 Complete ORB-SLAM3 Setup Guide for Jetson Xavier NX with RealSense D455 20250723 再见,2024 Using CertBot for Automatic Secure EMQX Broker Create Your Own GPS Data Publisher Support SSL AGV Dispatching System Technical Documentation Finding Nemo No title 香港賽馬會呈獻系列:黑白——攝影敘事 再见,2023 团团是只猫 Design an FSM for Robot State Machines – Basics of Computer Science Data-driven robot lifespan: Collection 数据驱动的机器人寿命:收集、诊断、预测 Exploring the design space of binary search trees 特首来了 Large language models, explained with a minimum of math and jargon 设计有缓存异步逻辑的监控脚本并测试其资源占用 使用loguru记录串口数据并使用Docker搭建ARM开发环境 在vscode的Dev Container中构建.NET开发环境及使用doxygen和graphviz绘制函数调用图 State or Status? A*算法两种时间复杂度 /A* Algorithm: Two Types of Time Complexity 使用KD-Tree快速收敛到最近坐标点/Fast convergence to the nearest coordinate point using KD-Tree 翻译 || 总结 - Go语言中的空结构体(The empty struct) 再见,2022 从PE工作报告中能读出什么 Give me miles, give me truth AMR调度系统性能优化/AMR Dispatch System Performance Optimization 条件触发AMR避让流程/Conditionally triggered AMR avoidance process Docker实现调度系统整体部署/Docker implementation of dispatching system overall deployment 一篇关于北京四天三夜的攻略 2022 藏疆自驾 策划/招募书 AMR仿真模型/AMR Simulation Model 东东有鱼2022年会分享 使用perf-FlameGraph监控系统性能 Beyond Compare 4删除试用 你的灵魂有香气 Pyinstaller打包Python项目 [转载]Python中的单例模式的几种实现方式的及优化 - Nemo 再见! 2020 1024 UML软件建模 入职优必选一个月 写论文时 那些让你开心的软件 - Nemo 分享一个记录刷题次数的模版 LeetCode-查找表类算法题精析 PyCharm 调用vs 2010 C++库导致提示报错R6034解决方法 MySQL基础教程 多种数据结构的Python实现形式 字节跳动-挑战字符串 选择排序 二分查找和大O表示法 算法中的动态规划问题 高高手课程-青山裕企人像摄影 笔记(内含福利)
调度系统中加密算法的使用/增加SM4补0方法/Use of encryption algorithms in scheduling systems/add SM4 complementary 0 method
Nemo · 2022-08-23 · via Nemo

调度系统中加密算法的使用/增加SM4补0方法/Use of encryption algorithms in scheduling systems/add SM4 complementary 0 method

数据加密的基本思想是通过变换信息的表现形式来伪装需要保护的敏感信息,非授权者不能了解被加密的内容。

根据业务场景,使用国密SM3/SM4加算法实现数据传输的安全性,提高数据的可靠性,满足客户场景中其他系统的接入条件

使用github上star最多的https://github.com/duanhongyi/gmssl,但是该项目截止使用时暂未实现0填充算法,后来补齐后https://github.com/kanghaov/gmssl

pr给开发者,现已实现

通讯协议

一般选定加密的通讯协议,双方约定响应的加密流程,笼统的例子:

约定信息生成sign,返回token,在token有效期内作为鉴权标志,根据需要也可以一个操作主体一个token

1.计算sign

# 定制方提供
appId = "1234567890"
appSecret = "1234567890"
person_id = "1234567890"
encryption_methon() # 约定使用sm3加密

# 请求方使用
sign = encryption_methon(appSecret,person_id,timestamp,requestId) # 生命周期7200s,

SM3

使用gmssl的sm3模块加密sign,例子:

sign = '00000158ea0a3cef18c45e769f7136de7977db3f0000015815261641523970076F6B86C8FA70AC4CB'
encoded_sign= sm3.sm3_hash(func.bytes_to_list(bytes(sign, encoding="ascii")))

将请求信息按照预定的格式生成后使用SM4对明文进行加密后请求服务端

SM4

2.加密请求数据:

原数据格式使用json.dumps()bytes()转换成bytes

resData= {'requestId': 'asf0ei8xts9ibvbv809piudtk6qtjkem', 'timestamp': '1660816878517', 'projectId': '00001842', 'robotId': '000018425682', 'sign': 'edcb260f7d2231d695c028362372c705c923d30da7d51892258f6b45d8ad2527'}
resData = bytes(json.dumps(resData),encoding="ascii")

由于该客户要求SM4加密算法使用ECB模式、0补码、utf-8编码,而目前github上主要的基于python的SM4算法均采用PKCS7补码及解码,需要自己补充0补码的实现方式,两者的区别只是以16byte划分数据,对于尾部不满16byte的数据,用[16-尾部数据长度]字符进行填充还是用0进行填充,不同padding方式,加密结果如下:

pkcs7:
data = [34, 123, 92, 34, 114, 101, 113, 117, 101, 115, 116, 73, 100, 92, 34, 58, 32, 92, 34, 101, 97, 48, 97, 51, 99, 101, 102, 49, 56, 99, 52, 53, 101, 55, 54, 57, 102, 55, 49, 51, 54, 100, 101, 55, 57, 55, 55, 100, 98, 51, 102, 92, 34, 44, 32, 92, 34, 115, 105, 103, 110, 92, 34, 58, 32, 92, 34, 97, 101, 50, 98, 97, 56, 49, 49, 48, 49, 57, 99, 55, 49, 49, 50, 101, 98, 56, 101, 55, 52, 100, 50, 54, 53, 99, 55, 51, 52, 98, 48, 53, 101, 97, 55, 54, 49, 102, 56, 56, 50, 56, 99, 101, 50, 102, 54, 101, 102, 50, 98, 100, 99, 54, 100, 49, 100, 50, 54, 100, 53, 51, 50, 92, 34, 44, 32, 92, 34, 114, 111, 98, 111, 116, 73, 100, 92, 34, 58, 32, 92, 34, 48, 48, 48, 48, 48, 49, 53, 56, 49, 53, 50, 54, 92, 34, 44, 32, 92, 34, 112, 114, 111, 106, 101, 99, 116, 73, 100, 92, 34, 58, 32, 92, 34, 48, 48, 48, 48, 48, 49, 53, 56, 92, 34, 44, 32, 92, 34, 116, 105, 109, 101, 115, 116, 97, 109, 112, 92, 34, 58, 32, 92, 34, 49, 54, 52, 49, 53, 50, 51, 57, 55, 48, 48, 55, 54, 92, 34, 125, 34, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11] 240

0:
data = [34, 123, 92, 34, 114, 101, 113, 117, 101, 115, 116, 73, 100, 92, 34, 58, 32, 92, 34, 101, 97, 48, 97, 51, 99, 101, 102, 49, 56, 99, 52, 53, 101, 55, 54, 57, 102, 55, 49, 51, 54, 100, 101, 55, 57, 55, 55, 100, 98, 51, 102, 92, 34, 44, 32, 92, 34, 115, 105, 103, 110, 92, 34, 58, 32, 92, 34, 97, 101, 50, 98, 97, 56, 49, 49, 48, 49, 57, 99, 55, 49, 49, 50, 101, 98, 56, 101, 55, 52, 100, 50, 54, 53, 99, 55, 51, 52, 98, 48, 53, 101, 97, 55, 54, 49, 102, 56, 56, 50, 56, 99, 101, 50, 102, 54, 101, 102, 50, 98, 100, 99, 54, 100, 49, 100, 50, 54, 100, 53, 51, 50, 92, 34, 44, 32, 92, 34, 114, 111, 98, 111, 116, 73, 100, 92, 34, 58, 32, 92, 34, 48, 48, 48, 48, 48, 49, 53, 56, 49, 53, 50, 54, 92, 34, 44, 32, 92, 34, 112, 114, 111, 106, 101, 99, 116, 73, 100, 92, 34, 58, 32, 92, 34, 48, 48, 48, 48, 48, 49, 53, 56, 92, 34, 44, 32, 92, 34, 116, 105, 109, 101, 115, 116, 97, 109, 112, 92, 34, 58, 32, 92, 34, 49, 54, 52, 49, 53, 50, 51, 57, 55, 48, 48, 55, 54, 92, 34, 125, 34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

源代码中gmssl/func.py

padding = lambda data, block=16: data + [(16 - len(data) % block)for _ in range(16 - len(data) % block)]
unpadding = lambda data: data[:-data[-1]]

新增0补码,为:

pkcs7_padding = lambda data, block=16: data + [(16 - len(data) % block)for _ in range(16 - len(data) % block)]

zero_padding = lambda data, block=16: data + [0 for _ in range(16 - len(data) % block)]

pkcs7_unpadding = lambda data: data[:-data[-1]]

zero_unpadding = lambda data,i =1:data[:-i] if data[-i] == 0 else i+1

选择不同补码方式只需要在SM4模块中SM4类实例化的时候传参进去就好了

仓库地址:

3.解密返回数据

直接调用相关函数,选择0填充方式会自动选择响应的解码方式,解密后:

{
    "data": {
        "token": "xAeTiWxw99Eg7QBm5qR6fIGDmrcaaUtLzlZ2zpOl0HKcvV6MYZiiW5e+ThvBzIy8"
    },
    "msg": "成功",
    "msgCode": 0,
    "requestId": "ea0a3cef18c45e769f7136de7977db3f",
    "sign": "d81840ab9ec6a97085afe1bee085f6e0fea2c38ba4d65b5936abcaabc079c6c9",
    "success": true,
    "timestamp": "1641868606481"
}

这样就获取了请求对象专属的token,后续请求时,相应的请求主体附带上token和encryptScript信息就好了

另:

相比于使用python内置的数据结构,某些场景更喜欢使用class搭配__repe__方法实现数据的存储,比如:

class appInfo:
    """
    开发者信息
    """

    def __init__(self, appId="", appSecret="", getTime=""):
        self.appId = appId
        self.appSecret = bytes(appSecret, encoding="ascii")
        self.appSecretStr = appSecret
        self.getTime = getTime

    def __repr__(self):
        return "appId = {0},appSecret={1},appSecretStr={2},getTime={3}".format(
            str(self.appId),self.appSecret,str(self.appSecretStr),str(self.getTime))

可以对数据有更多的处理方式


The basic idea of data encryption is to disguise the sensitive information to be protected by transforming the manifestation of information, so that unauthorized persons cannot understand the encrypted content.

According to the business scenario, we use SM3/SM4 encryption algorithm to realize the security of data transmission, improve the reliability of data, and meet the access conditions of other systems in the customer scenario

Use https://github.com/duanhongyi/gmssl which has the most stars on github, but the project has not implemented the 0-fill algorithm as of the time of use, and then https://github.com/kanghaov/gmssl

pr to the developer, now realized

Communication protocol

Generally selected encryption communication protocol, both sides agree on the encryption process of the response, generalized example.

The agreed information generates a sign, returns a token, which is used as a forensic marker during the validity of the token, and can also be an operation subject a token as needed

  1. Calculate sign
# provided by the customizer
appId = "1234567890"
appSecret = "1234567890"
person_id = "1234567890"
encryption_methon() # covenant to use sm3 encryption

# The requesting party uses
sign = encryption_methon(appSecret,person_id,timestamp,requestId) # Lifecycle 7200s,

SM3

Use the sm3 module of gmssl to encrypt the sign, example:

sign = '0000000158ea0a3cef18c45e769f7136de7977db3f0000015815261641523970076F6B86C8FA70AC4CB'
encoded_sign= sm3.sm3_hash(func.bytes_to_list(bytes(sign, encoding="ascii")))

After generating the request message in the predefined format, use SM4 to encrypt the plaintext and request the server side

SM4

  1. Encrypt the request data.

The original data format is converted to bytes using json.dumps() and bytes().

resData= {'requestId': 'asf0ei8xts9ibvbv809piudtk6qtjkem', 'timestamp': '1660816878517', 'projectId': '00001842', 'robotId': '000018425682 ', 'sign': 'edcb260f7d2231d695c028362372c705c923d30da7d51892258f6b45d8ad2527'}
resData = bytes(json.dumps(resData),encoding="ascii")

Since the customer requires SM4 encryption algorithm to use ECB mode, 0 complement, utf-8 encoding, and the main python-based SM4 algorithms on github currently use PKCS7 complement and decoding, you need to add your own 0 complement implementation, the difference between the two is only to divide the data by 16byte, for the tail is less than 16byte data , padding with [16 – tail data length] characters or padding with 0, different padding methods, the encryption results are as follows.

pkcs7:
data = [34, 123, 92, 34, 114, 101, 113, 117, 101, 115, 116, 73, 100, 92, 34, 58, 32, 92, 34, 101, 97, 48, 97, 51, 99, 101, 102, 49, 56, 99, 52, 53, 101, 55, 54, 57, 102 , 55, 49, 51, 54, 100, 101, 55, 57, 55, 55, 100, 98, 51, 102, 92, 34, 44, 32, 92, 34, 115, 105, 103, 110, 92, 34, 58, 32, 92, 34, 97, 101, 50, 98, 97, 56, 49, 49, 48, 49, 57, 99, 55, 49, 49, 50, 101, 98, 56, 101, 55, 52, 100, 50, 54, 53, 99, 55, 51, 52, 98, 48, 53, 101, 97, 55, 54, 49, 102, 56, 56, 50, 56, 99, 101, 50, 102, 54, 101, 102, 50, 98, 100, 99, 54, 100, 49, 100, 50, 54, 100, 53, 51, 50, 92, 34, 44, 32, 92, 34, 114, 111, 98, 111, 116, 73, 100, 92, 34, 58, 32, 92, 34, 48, 48, 48, 48, 48, 49, 53, 56, 49, 53, 50, 54, 92, 34, 44, 32, 92, 34, 112, 114, 111, 106, 101, 99, 116, 73, 100, 92, 34, 58, 32, 92, 34, 48, 48, 48, 48, 48, 48, 49, 53, 56, 92, 34, 44, 32, 92, 34, 116 , 105, 109, 101, 115, 116, 97, 109, 112, 92, 34, 58, 32, 92, 34, 49, 54, 52, 49, 53, 50, 51, 57, 55, 48, 48, 55, 54, 92, 34, 125, 34, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11] 240

0:
data = [34, 123, 92, 34, 114, 101, 113, 117, 101, 115, 116, 73, 100, 92, 34, 58, 32, 92, 34, 101, 97, 48, 97, 51, 99, 101, 102, 49, 56, 99, 52, 53, 101, 55, 54, 57, 102 , 55, 49, 51, 54, 100, 101, 55, 57, 55, 55, 100, 98, 51, 102, 92, 34, 44, 32, 92, 34, 115, 105, 103, 110, 92, 34, 58, 32, 92, 34, 97, 101, 50, 98, 97, 56, 49, 49, 48, 49, 57, 99, 55, 49, 49, 50, 101, 98, 56, 101, 55, 52, 100, 50, 54, 53, 99, 55, 51, 52, 98, 48, 53, 101, 97, 55, 54, 49, 102, 56, 56, 50, 56, 99, 101, 50, 102, 54, 101, 102, 50, 98, 100, 99, 54, 100, 49, 100, 50, 54, 100, 53, 51, 50, 92, 34, 44, 32, 92, 34, 114, 111, 98, 111, 116, 73, 100, 92, 34, 58, 32, 92, 34, 48, 48, 48, 48, 48, 49, 53, 56, 49, 53, 50, 54, 92, 34, 44, 32, 92, 34, 112, 114, 111, 106, 101, 99, 116, 73, 100, 92, 34, 58, 32, 92, 34, 48, 48, 48, 48, 48, 48, 49, 53, 56, 92, 34, 44, 32, 92, 34, 116 , 105, 109, 101, 115, 116, 97, 109, 112, 92, 34, 58, 32, 92, 34, 49, 54, 52, 49, 53, 50, 51, 57, 55, 48, 48, 55, 54, 92, 34, 125, 34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

Source code in gmssl/func.py.

padding = lambda data, block=16: data + [(16 - len(data) % block) for _ in range(16 - len(data) % block)]
unpadding = lambda data: data[:-data[-1]]

Add 0-complement as

pkcs7_padding = lambda data, block=16: data + [(16 - len(data) % block) for _ in range(16 - len(data) % block)]

zero_padding = lambda data, block=16: data + [0 for _ in range(16 - len(data) % block)]

pkcs7_unpadding = lambda data: data[:-data[-1]]

zero_unpadding = lambda data,i =1:data[:-i] if data[-i] == 0 else i+1

Choosing a different complement method is just a matter of passing in a reference when the SM4 class is instantiated in the SM4 module

Repository address.

  1. Decrypt the returned data

Directly call the relevant function, select 0 fill method will automatically select the response decoding method, after decrypting.

{
    "data": {
        "token": "xAeTiWxw99Eg7QBm5qR6fIGDmrcaaUtLzlZ2zpOl0HKcvV6MYZiiW5e+ThvBzIy8"
    },
    "msg": "Success",
    "msgCode": 0,
    "requestId": "ea0a3cef18c45e769f7136de7977db3f",
    "sign": "d81840ab9ec6a97085afe1bee085f6e0fea2c38ba4d65b5936abcaabc079c6c9",
    "success": true,
    "timestamp": "1641868606481"
}

This will get the request object exclusive token, subsequent requests, the corresponding request body with the token and encryptScript information on the good

Also.

Rather than using python’s built-in data structures, some scenarios prefer to use class with __repe__ methods to achieve data storage, such as:

class appInfo:
    """
    开发者信息
    """

    def __init__(self, appId="", appSecret="", getTime=""):
        self.appId = appId
        self.appSecret = bytes(appSecret, encoding="ascii")
        self.appSecretStr = appSecret
        self.getTime = getTime

    def __repr__(self):
        return "appId = {0},appSecret={1},appSecretStr={2},getTime={3}".format(
            str(self.appId),self.appSecret,str(self.appSecretStr),str(self.getTime))

You can have more ways to handle data