update cert_auth

go.mod

@@ -36,7 +36,7 @@ require (
 	github.com/rs/cors v1.6.0
 	github.com/spf13/cobra v0.0.5
 	github.com/stretchr/testify v1.4.0
-	github.com/tjfoc/gmsm v1.3.1
+	github.com/tjfoc/gmsm v1.3.2
 	github.com/valyala/fasthttp v1.5.0
 	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
 	go.uber.org/atomic v1.4.0 // indirect

go.sum

@@ -637,6 +637,8 @@ github.com/syndtr/goleveldb v1.0.1-0.20190923125748-758128399b1d/go.mod h1:9OrXJ
 github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
 github.com/tjfoc/gmsm v1.3.1 h1:+k3IAlF81c31/TllJmIfuCYnjl8ziMdTWGWJcP9J1uo=
 github.com/tjfoc/gmsm v1.3.1/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
+github.com/tjfoc/gmsm v1.3.2 h1:7JVkAn5bvUJ7HtU08iW6UiD+UTmJTIToHCfeFzkcCxM=
+github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w=
 github.com/tyler-smith/go-bip39 v1.0.1-0.20181017060643-dbb3b84ba2ef h1:wHSqTBrZW24CsNJDfeh9Ex6Pm0Rcpc7qrgKBiL44vF4=
 github.com/tyler-smith/go-bip39 v1.0.1-0.20181017060643-dbb3b84ba2ef/go.mod h1:sJ5fKU0s6JVwZjjcUEX2zFOnvq0ASQ2K9Zr6cf67kNs=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=

plugin/crypto/sm2/sm2.go

@@ -2,21 +2,253 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// Package sm2 带证书交易的签名
 package sm2
 
 import (
+	"bytes"
+	"crypto/elliptic"
+	"errors"
+	"fmt"
+	"github.com/33cn/chain33/types"
+	pkt "github.com/33cn/plugin/plugin/dapp/cert/types"
+	"math/big"
+
 	"github.com/33cn/chain33/common/crypto"
-	"github.com/33cn/chain33/system/crypto/sm2"
+	"github.com/tjfoc/gmsm/sm2"
+)
+
+//const
+const (
+	SM2PrivateKeyLength    = 32
+	SM2PublicKeyLength     = 65
+	SM2PublicKeyCompressed = 33
 )
 
-type sm2Driver struct {
-	sm2.Driver
+//Driver 驱动
+type Driver struct{}
+
+//GenKey 生成私钥
+func (d Driver) GenKey() (crypto.PrivKey, error) {
+	privKeyBytes := [SM2PrivateKeyLength]byte{}
+	copy(privKeyBytes[:], crypto.CRandBytes(SM2PrivateKeyLength))
+	priv, _ := privKeyFromBytes(sm2.P256Sm2(), privKeyBytes[:])
+	copy(privKeyBytes[:], SerializePrivateKey(priv))
+	return PrivKeySM2(privKeyBytes), nil
+}
+
+//PrivKeyFromBytes 字节转为私钥
+func (d Driver) PrivKeyFromBytes(b []byte) (privKey crypto.PrivKey, err error) {
+	if len(b) != SM2PrivateKeyLength {
+		return nil, errors.New("invalid priv key byte")
+	}
+	privKeyBytes := new([SM2PrivateKeyLength]byte)
+	copy(privKeyBytes[:], b[:SM2PrivateKeyLength])
+
+	priv, _ := privKeyFromBytes(sm2.P256Sm2(), privKeyBytes[:])
+
+	copy(privKeyBytes[:], SerializePrivateKey(priv))
+	return PrivKeySM2(*privKeyBytes), nil
+}
+
+//PubKeyFromBytes 字节转为公钥
+func (d Driver) PubKeyFromBytes(b []byte) (pubKey crypto.PubKey, err error) {
+	if len(b) != SM2PublicKeyLength && len(b) != SM2PublicKeyCompressed {
+		return nil, errors.New("invalid pub key byte")
+	}
+	pubKeyBytes := new([SM2PublicKeyLength]byte)
+	copy(pubKeyBytes[:], b[:])
+	return PubKeySM2(*pubKeyBytes), nil
+}
+
+//SignatureFromBytes 字节转为签名
+func (d Driver) SignatureFromBytes(b []byte) (sig crypto.Signature, err error) {
+	var certSignature pkt.CertSignature
+	err = types.Decode(b, &certSignature)
+	if err != nil {
+		return SignatureSM2(b), nil
+	}
+
+	return &SignatureS{
+		Signature: SignatureSM2(certSignature.Signature),
+		uid:       certSignature.Uid,
+	}, nil
+}
+
+//PrivKeySM2 私钥
+type PrivKeySM2 [SM2PrivateKeyLength]byte
+
+//Bytes 字节格式
+func (privKey PrivKeySM2) Bytes() []byte {
+	s := make([]byte, SM2PrivateKeyLength)
+	copy(s, privKey[:])
+	return s
+}
+
+//Sign 签名
+func (privKey PrivKeySM2) Sign(msg []byte) crypto.Signature {
+	priv, _ := privKeyFromBytes(sm2.P256Sm2(), privKey[:])
+	r, s, err := sm2.Sm2Sign(priv, msg, nil)
+	if err != nil {
+		return nil
+	}
+	//sm2不需要LowS转换
+	//s = ToLowS(pub, s)
+	return SignatureSM2(Serialize(r, s))
+}
+
+//PubKey 私钥生成公钥
+func (privKey PrivKeySM2) PubKey() crypto.PubKey {
+	_, pub := privKeyFromBytes(sm2.P256Sm2(), privKey[:])
+	var pubSM2 PubKeySM2
+	copy(pubSM2[:], sm2.Compress(pub))
+	return pubSM2
+}
+
+//Equals 公钥
+func (privKey PrivKeySM2) Equals(other crypto.PrivKey) bool {
+	if otherSecp, ok := other.(PrivKeySM2); ok {
+		return bytes.Equal(privKey[:], otherSecp[:])
+	}
+
+	return false
+}
+
+func (privKey PrivKeySM2) String() string {
+	return fmt.Sprintf("PrivKeySM2{*****}")
 }
 
-const name = "auth_sm2"
-const id = 258
+//PubKeySM2 公钥
+type PubKeySM2 [SM2PublicKeyLength]byte
+
+//Bytes 字节格式
+func (pubKey PubKeySM2) Bytes() []byte {
+	length := SM2PublicKeyLength
+	if pubKey.isCompressed() {
+		length = SM2PublicKeyCompressed
+	}
+	s := make([]byte, length)
+	copy(s, pubKey[0:length])
+	return s
+}
+
+func (pubKey PubKeySM2) isCompressed() bool {
+	return pubKey[0] != pubkeyUncompressed
+}
+
+//VerifyBytes 验证字节
+func (pubKey PubKeySM2) VerifyBytes(msg []byte, sig crypto.Signature) bool {
+	var uid []byte
+	if wrap, ok := sig.(*SignatureS); ok {
+		sig = wrap.Signature
+		uid = wrap.uid
+	}
+	sigSM2, ok := sig.(SignatureSM2)
+	if !ok {
+		fmt.Printf("convert failed\n")
+		return false
+	}
+	var pub *sm2.PublicKey
+	if pubKey.isCompressed() {
+		pub = sm2.Decompress(pubKey[0:SM2PublicKeyCompressed])
+	} else {
+		var err error
+		pub, err = parsePubKey(pubKey[:], sm2.P256Sm2())
+		if err != nil {
+			fmt.Printf("parse pubkey failed\n")
+			return false
+		}
+	}
+	r, s, err := Deserialize(sigSM2)
+	if err != nil {
+		fmt.Printf("unmarshal sign failed")
+		return false
+	}
+	//国密签名算法和ecdsa不一样，-s验签不通过，所以不需要LowS检查
+	//fmt.Printf("verify:%x, r:%d, s:%d\n", crypto.Sm3Hash(msg), r, s)
+	//lowS := IsLowS(s)
+	//if !lowS {
+	//	fmt.Printf("lowS check failed")
+	//	return false
+	//}
+
+	return sm2.Sm2Verify(pub, msg, uid, r, s)
+}
+
+func (pubKey PubKeySM2) String() string {
+	return fmt.Sprintf("PubKeySM2{%X}", pubKey[:])
+}
+
+//KeyString Must return the full bytes in hex.
+// Used for map keying, etc.
+func (pubKey PubKeySM2) KeyString() string {
+	return fmt.Sprintf("%X", pubKey[:])
+}
+
+//Equals 相等
+func (pubKey PubKeySM2) Equals(other crypto.PubKey) bool {
+	if otherSecp, ok := other.(PubKeySM2); ok {
+		return bytes.Equal(pubKey[:], otherSecp[:])
+	}
+	return false
+}
+
+//SignatureSM2 签名
+type SignatureSM2 []byte
+
+//SignatureS 签名
+type SignatureS struct {
+	crypto.Signature
+	uid []byte
+}
+
+//Bytes 字节格式
+func (sig SignatureSM2) Bytes() []byte {
+	s := make([]byte, len(sig))
+	copy(s, sig[:])
+	return s
+}
+
+//IsZero 是否为0
+func (sig SignatureSM2) IsZero() bool { return len(sig) == 0 }
+
+func (sig SignatureSM2) String() string {
+	fingerprint := make([]byte, len(sig[:]))
+	copy(fingerprint, sig[:])
+	return fmt.Sprintf("/%X.../", fingerprint)
+
+}
+
+//Equals 相等
+func (sig SignatureSM2) Equals(other crypto.Signature) bool {
+	if otherEd, ok := other.(SignatureSM2); ok {
+		return bytes.Equal(sig[:], otherEd[:])
+	}
+	return false
+}
+
+//const
+const (
+	Name = "auth_sm2"
+	ID   = 258
+)
 
 func init() {
-	crypto.Register(name, &sm2Driver{}, false)
-	crypto.RegisterType(name, id)
+	crypto.Register(Name, &Driver{}, false)
+	crypto.RegisterType(Name, ID)
+}
+
+func privKeyFromBytes(curve elliptic.Curve, pk []byte) (*sm2.PrivateKey, *sm2.PublicKey) {
+	x, y := curve.ScalarBaseMult(pk)
+
+	priv := &sm2.PrivateKey{
+		PublicKey: sm2.PublicKey{
+			Curve: curve,
+			X:     x,
+			Y:     y,
+		},
+		D: new(big.Int).SetBytes(pk),
+	}
+
+	return priv, &priv.PublicKey
 }

plugin/crypto/sm2/utils.go

+// Copyright Fuzamei Corp. 2018 All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sm2
+
+import (
+	"crypto/elliptic"
+	"errors"
+	"fmt"
+	"math/big"
+
+	"github.com/btcsuite/btcd/btcec"
+	"github.com/tjfoc/gmsm/sm2"
+)
+
+const (
+	pubkeyUncompressed byte = 0x4 // x coord + y coord
+)
+
+func canonicalizeInt(val *big.Int) []byte {
+	b := val.Bytes()
+	if len(b) == 0 {
+		b = []byte{0x00}
+	}
+	if b[0]&0x80 != 0 {
+		paddedBytes := make([]byte, len(b)+1)
+		copy(paddedBytes[1:], b)
+		b = paddedBytes
+	}
+	return b
+}
+
+//Serialize 序列化
+func Serialize(r, s *big.Int) []byte {
+	rb := canonicalizeInt(r)
+	sb := canonicalizeInt(s)
+
+	length := 6 + len(rb) + len(sb)
+	b := make([]byte, length)
+
+	b[0] = 0x30
+	b[1] = byte(length - 2)
+	b[2] = 0x02
+	b[3] = byte(len(rb))
+	offset := copy(b[4:], rb) + 4
+	b[offset] = 0x02
+	b[offset+1] = byte(len(sb))
+	copy(b[offset+2:], sb)
+
+	return b
+}
+
+//Deserialize 反序列化
+func Deserialize(sigStr []byte) (*big.Int, *big.Int, error) {
+	sig, err := btcec.ParseDERSignature(sigStr, sm2.P256Sm2())
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return sig.R, sig.S, nil
+}
+
+func parsePubKey(pubKeyStr []byte, curve elliptic.Curve) (key *sm2.PublicKey, err error) {
+	pubkey := sm2.PublicKey{}
+	pubkey.Curve = curve
+
+	if len(pubKeyStr) == 0 {
+		return nil, errors.New("pubkey string is empty")
+	}
+
+	pubkey.X = new(big.Int).SetBytes(pubKeyStr[1:33])
+	pubkey.Y = new(big.Int).SetBytes(pubKeyStr[33:])
+	if pubkey.X.Cmp(pubkey.Curve.Params().P) >= 0 {
+		return nil, fmt.Errorf("pubkey X parameter is >= to P")
+	}
+	if pubkey.Y.Cmp(pubkey.Curve.Params().P) >= 0 {
+		return nil, fmt.Errorf("pubkey Y parameter is >= to P")
+	}
+	if !pubkey.Curve.IsOnCurve(pubkey.X, pubkey.Y) {
+		return nil, fmt.Errorf("pubkey isn't on secp256k1 curve")
+	}
+	return &pubkey, nil
+}
+
+//SerializePublicKey 公钥序列化
+func SerializePublicKey(p *sm2.PublicKey, isCompress bool) []byte {
+	if isCompress {
+		return sm2.Compress(p)
+	}
+
+	b := make([]byte, 0, SM2PublicKeyLength)
+	b = append(b, pubkeyUncompressed)
+	b = paddedAppend(32, b, p.X.Bytes())
+	return paddedAppend(32, b, p.Y.Bytes())
+}
+
+//SerializePrivateKey 私钥序列化
+func SerializePrivateKey(p *sm2.PrivateKey) []byte {
+	b := make([]byte, 0, SM2PrivateKeyLength)
+	return paddedAppend(SM2PrivateKeyLength, b, p.D.Bytes())
+}
+
+func paddedAppend(size uint, dst, src []byte) []byte {
+	for i := 0; i < int(size)-len(src); i++ {
+		dst = append(dst, 0)
+	}
+	return append(dst, src...)
+}

plugin/dapp/cert/authority/authority.go

@@ -11,8 +11,6 @@ import (
 	"runtime"
 	"sync"
 
-	"bytes"
-
 	"github.com/33cn/chain33/common/crypto"
 	log "github.com/33cn/chain33/common/log/log15"
 	"github.com/33cn/chain33/types"
@@ -45,8 +43,6 @@ type Authority struct {
 	validator core.Validator
 	// 签名类型
 	signType int
-	// 有效证书缓存
-	validCertCache [][]byte
 	// 历史证书缓存
 	HistoryCertCache *HistoryCertData
 }
@@ -91,7 +87,6 @@ func (auth *Authority) Init(conf *ty.Authority) error {
 	}
 	auth.validator = vldt
 
-	auth.validCertCache = make([][]byte, 0)
 	auth.HistoryCertCache = &HistoryCertData{authConfig, -1, -1}
 
 	IsAuthEnable = true
@@ -139,9 +134,6 @@ func (auth *Authority) ReloadCert(store *types.HistoryCertStore) error {
 		auth.validator = vldt
 	}
 
-	// 清空有效证书缓存
-	auth.validCertCache = auth.validCertCache[:0]
-
 	// 更新最新历史数据
 	auth.HistoryCertCache = &HistoryCertData{auth.authConfig, store.CurHeigth, store.NxtHeight}
 
@@ -168,9 +160,6 @@ func (auth *Authority) ReloadCertByHeght(currentHeight int64) error {
 	}
 	auth.validator = vldt
 
-	// 清空有效证书缓存
-	auth.validCertCache = auth.validCertCache[:0]
-
 	// 更新最新历史数据
 	auth.HistoryCertCache = &HistoryCertData{auth.authConfig, currentHeight, -1}
 
@@ -248,11 +237,11 @@ func (auth *Authority) Validate(signature *types.Signature) error {
 	}
 
 	// 是否在有效证书缓存中
-	for _, v := range auth.validCertCache {
-		if bytes.Equal(v, cert) {
-			return nil
-		}
-	}
+	//for _, v := range auth.validCertCache {
+	//	if bytes.Equal(v, cert) {
+	//		return nil
+	//	}
+	//}
 
 	// 校验
 	err = auth.validator.Validate(cert, signature.GetPubkey())
@@ -260,7 +249,6 @@ func (auth *Authority) Validate(signature *types.Signature) error {
 		alog.Error(fmt.Sprintf("validate cert failed. %s", err.Error()))
 		return fmt.Errorf("validate cert failed. error:%s", err.Error())
 	}
-	auth.validCertCache = append(auth.validCertCache, cert)
 
 	return nil
 }

plugin/dapp/cert/authority/authority_test.go

@@ -59,7 +59,7 @@ var SIGNTYPE = ct.AuthSM2
 
 func signtx(tx *types.Transaction, priv crypto.PrivKey, cert []byte) {
 	tx.Sign(int32(SIGNTYPE), priv)
-	tx.Signature.Signature, _ = utils.EncodeCertToSignature(tx.Signature.Signature, cert)
+	tx.Signature.Signature = utils.EncodeCertToSignature(tx.Signature.Signature, cert, nil)
 }
 
 func signtxs(priv crypto.PrivKey, cert []byte) {

plugin/dapp/cert/authority/test/authdir/crypto/cacerts/ca-cert.pem

 -----BEGIN CERTIFICATE-----
-MIIB6zCCAZGgAwIBAgIQVq9SxucwdINw2WUMlNFpdjAKBggqgRzPVQGDdTBHMQsw
+MIIB7DCCAZGgAwIBAgIQETH0EMzvdWOEEg3FoAe/iDAKBggqgRzPVQGDdTBHMQsw
 CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
-YW5jaXNjbzELMAkGA1UEAxMCY2EwHhcNMjAwNjE4MDMxNDQ2WhcNMzAwNjE2MDMx
-NDQ2WjBHMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
+YW5jaXNjbzELMAkGA1UEAxMCY2EwHhcNMjAwODE0MDkyNTIwWhcNMzAwODEyMDky
+NTIwWjBHMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
 BxMNU2FuIEZyYW5jaXNjbzELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqgRzP
-VQGCLQNCAARACzXYM8dLleVhjAwyljePO1Vltf2YL2xGKCLAB1/YITkM4q3GVE8D
-LZxsydaG0zncKUswQA97HM6F1qarbFuvo18wXTAOBgNVHQ8BAf8EBAMCAaYwDwYD
-VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MCkGA1UdDgQiBCDpAuHxKpzW
-gxCIZxodcdzpHpzKFhlEJARmhKOPuN1yaTAKBggqgRzPVQGDdQNIADBFAiEAowXR
-RYYCWcBT0gVSbHk7k+aJzG3uRdORTbbvmLgbG2QCIF3e0/m0aNRlvF6gPxBJ+JBR
-R0sbv9eyrSEFMwx/ZyGJ
+VQGCLQNCAAQlKmH6RVHN/nBE4qR+uF7lHmlc62jQA4kpoAwtJFRiFbczZx/KNDaD
+9+USLAo9ecxcdOKR4lIcuT7jvKX6tXQ7o18wXTAOBgNVHQ8BAf8EBAMCAaYwDwYD
+VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MCkGA1UdDgQiBCC8fKlLiayf
++80blLEiRIzTyY7uYDUpP5K2RtOmfY0NKjAKBggqgRzPVQGDdQNJADBGAiEA8vh+
+3joELxPxq0n1h07XFGeEnmpxutVoIocuky2HkF4CIQDnWIavlpJOq3tU76cmn3ur
+KQeyi9GM7Uoi25S1QIxu9A==
 -----END CERTIFICATE-----

plugin/dapp/cert/authority/test/authdir/crypto/keystore/68fe61b66aa6d9cd39b7eabbe756c179c69889ce70421b8b67bb2373be84fa24_sk

------BEGIN PRIVATE KEY-----
-MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQg86AAL0bRgFW6RhFX
-no7CVphI1U2csfrjwPuYn3FXaF2gCgYIKoEcz1UBgi2hRANCAASR8Yb//+y/GMLy
-D36FLLO80oxUPtD6AtVoh9UIuC1b0QzA4+zkUDUk3zwdZ1pMZZKGZ48vE6KtAcFB
-uqU7L784
------END PRIVATE KEY-----

plugin/dapp/cert/authority/test/authdir/crypto/keystore/c26e4e9eb45028c297c0bc925e5890b27ad017865ab6208f7bf5346919019260_sk

+-----BEGIN PRIVATE KEY-----
+MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQg4Ork9oT6d6CRxg0f
+EbHlr5eQPUcHWniEgRhDCi2dA/GgCgYIKoEcz1UBgi2hRANCAAQqXuEWh+sW/YtP
+FlHmxiFhYi0o3Tb8He9NAaJ6uKe+OF5/eXa+VmRrKKGeE+dG8LrMiJ5+AlIj+ryd
+blX5UKZ8
+-----END PRIVATE KEY-----

plugin/dapp/cert/authority/test/authdir/crypto/signcerts/User@Chain33-cert.pem

 -----BEGIN CERTIFICATE-----
-MIIB4zCCAYmgAwIBAgIQdKBE3pdDBMaadMbZ30K7aTAKBggqgRzPVQGDdTBHMQsw
+MIIB4zCCAYmgAwIBAgIQVs0txvOG+iVu/oISaV2KyzAKBggqgRzPVQGDdTBHMQsw
 CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
-YW5jaXNjbzELMAkGA1UEAxMCY2EwHhcNMjAwNjE4MDMxNDQ2WhcNMzAwNjE2MDMx
-NDQ2WjBRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
+YW5jaXNjbzELMAkGA1UEAxMCY2EwHhcNMjAwODE0MDkyNTIwWhcNMzAwODEyMDky
+NTIwWjBRMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
 BxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEAwwMVXNlckBDaGFpbjMzMFkwEwYHKoZI
-zj0CAQYIKoEcz1UBgi0DQgAEkfGG///svxjC8g9+hSyzvNKMVD7Q+gLVaIfVCLgt
-W9EMwOPs5FA1JN88HWdaTGWShmePLxOirQHBQbqlOy+/OKNNMEswDgYDVR0PAQH/
-BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAg6QLh8Sqc1oMQiGcaHXHc
-6R6cyhYZRCQEZoSjj7jdcmkwCgYIKoEcz1UBg3UDSAAwRQIgBSqSzSkoXopLR830
-zMjWsMVlZERtUuW3+uYm+bCRjOgCIQDZf8dKxkBd155hiilDQ4RR4Xa8+ZGcPslm
-Nm+S1txiqA==
+zj0CAQYIKoEcz1UBgi0DQgAEKl7hFofrFv2LTxZR5sYhYWItKN02/B3vTQGierin
+vjhef3l2vlZkayihnhPnRvC6zIiefgJSI/q8nW5V+VCmfKNNMEswDgYDVR0PAQH/
+BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgvHypS4msn/vNG5SxIkSM
+08mO7mA1KT+StkbTpn2NDSowCgYIKoEcz1UBg3UDSAAwRQIhAND6HO/EN/dTeokX
+mIvczQBcxPHTAq3+QIa2NHIC8bYvAiAZ5N4C4rwRJCqTw8J6As69MFO10XixWHxH
+qrTJ9LnI3g==
 -----END CERTIFICATE-----

plugin/dapp/cert/authority/utils/keys.go

@@ -11,13 +11,11 @@ import (
 	"crypto/x509"
 	"encoding/hex"
 	"encoding/pem"
+	"github.com/33cn/chain33/types"
 	"math/big"
 
-	"encoding/asn1"
-
 	"fmt"
 
-	"github.com/33cn/chain33/common/crypto"
 	sm2_util "github.com/33cn/chain33/system/crypto/sm2"
 	ecdsa_util "github.com/33cn/plugin/plugin/crypto/ecdsa"
 	ty "github.com/33cn/plugin/plugin/dapp/cert/types"
@@ -65,22 +63,23 @@ func GetPublicKeySKIFromCert(cert []byte, signType int) (string, error) {
 }
 
 // EncodeCertToSignature 证书编码进签名
-func EncodeCertToSignature(signByte []byte, cert []byte) ([]byte, error) {
-	certSign := crypto.CertSignature{}
+func EncodeCertToSignature(signByte []byte, cert []byte, uid []byte) []byte {
+	var certSign ty.CertSignature
 	certSign.Signature = append(certSign.Signature, signByte...)
 	certSign.Cert = append(certSign.Cert, cert...)
-	return asn1.Marshal(certSign)
+	certSign.Uid = append(certSign.Uid, uid...)
+	return types.Encode(&certSign)
 }
 
 // DecodeCertFromSignature 从签名中解码证书
-func DecodeCertFromSignature(signByte []byte) ([]byte, []byte, error) {
-	var certSignature crypto.CertSignature
-	_, err := asn1.Unmarshal(signByte, &certSignature)
+func DecodeCertFromSignature(signByte []byte) (*ty.CertSignature, error) {
+	var certSign ty.CertSignature
+	err := types.Decode(signByte, &certSign)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
-	return certSignature.Cert, certSignature.Signature, nil
+	return &certSign, nil
 }
 
 // PrivKeyByteFromRaw pem结构转成byte类型私钥

plugin/dapp/cert/proto/cert.proto

@@ -37,4 +37,10 @@ message Authority {
     bool   enable     = 1;
     string cryptoPath = 2;
     string signType   = 3;
+}
+
+message CertSignature {
+    bytes signature = 1;
+    bytes cert      = 2;
+    bytes uid       = 3;
 }
\ No newline at end of file

plugin/dapp/cert/types/cert.pb.go

@@ -5,9 +5,8 @@ package types
 
 import (
 	fmt "fmt"
-	math "math"
-
 	proto "github.com/golang/protobuf/proto"
+	math "math"
 )
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -383,6 +382,61 @@ func (m *Authority) GetSignType() string {
 	return ""
 }
 
+type CertSignature struct {
+	Signature            []byte   `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
+	Cert                 []byte   `protobuf:"bytes,2,opt,name=cert,proto3" json:"cert,omitempty"`
+	Uid                  []byte   `protobuf:"bytes,3,opt,name=uid,proto3" json:"uid,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CertSignature) Reset()         { *m = CertSignature{} }
+func (m *CertSignature) String() string { return proto.CompactTextString(m) }
+func (*CertSignature) ProtoMessage()    {}
+func (*CertSignature) Descriptor() ([]byte, []int) {
+	return fileDescriptor_a142e29cbef9b1cf, []int{6}
+}
+
+func (m *CertSignature) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CertSignature.Unmarshal(m, b)
+}
+func (m *CertSignature) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CertSignature.Marshal(b, m, deterministic)
+}
+func (m *CertSignature) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CertSignature.Merge(m, src)
+}
+func (m *CertSignature) XXX_Size() int {
+	return xxx_messageInfo_CertSignature.Size(m)
+}
+func (m *CertSignature) XXX_DiscardUnknown() {
+	xxx_messageInfo_CertSignature.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CertSignature proto.InternalMessageInfo
+
+func (m *CertSignature) GetSignature() []byte {
+	if m != nil {
+		return m.Signature
+	}
+	return nil
+}
+
+func (m *CertSignature) GetCert() []byte {
+	if m != nil {
+		return m.Cert
+	}
+	return nil
+}
+
+func (m *CertSignature) GetUid() []byte {
+	if m != nil {
+		return m.Uid
+	}
+	return nil
+}
+
 func init() {
 	proto.RegisterType((*Cert)(nil), "types.Cert")
 	proto.RegisterType((*CertAction)(nil), "types.CertAction")
@@ -390,31 +444,33 @@ func init() {
 	proto.RegisterType((*CertUpdate)(nil), "types.CertUpdate")
 	proto.RegisterType((*CertNormal)(nil), "types.CertNormal")
 	proto.RegisterType((*Authority)(nil), "types.Authority")
+	proto.RegisterType((*CertSignature)(nil), "types.CertSignature")
 }
 
-func init() {
-	proto.RegisterFile("cert.proto", fileDescriptor_a142e29cbef9b1cf)
-}
+func init() { proto.RegisterFile("cert.proto", fileDescriptor_a142e29cbef9b1cf) }
 
 var fileDescriptor_a142e29cbef9b1cf = []byte{
-	// 300 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x52, 0xcd, 0x4a, 0xf3, 0x40,
-	0x14, 0xed, 0x24, 0xfd, 0xbd, 0xfd, 0x28, 0x9f, 0x83, 0x48, 0x70, 0x21, 0x25, 0xab, 0x82, 0x10,
-	0xb0, 0xfa, 0x02, 0xd5, 0x4d, 0xdd, 0x14, 0x19, 0xea, 0x5a, 0xa6, 0xe9, 0xd5, 0x06, 0xd3, 0x4c,
-	0x98, 0xde, 0x58, 0xe6, 0x79, 0x7c, 0x51, 0x99, 0x1f, 0x25, 0x82, 0x0b, 0xdd, 0xe5, 0xdc, 0x73,
-	0x4e, 0xee, 0x39, 0xdc, 0x01, 0xc8, 0x51, 0x53, 0x56, 0x6b, 0x45, 0x8a, 0xf7, 0xc8, 0xd4, 0x78,
-	0x48, 0x9f, 0xa1, 0x7b, 0x87, 0x9a, 0xf8, 0x19, 0xf4, 0x2d, 0x79, 0xbf, 0x4d, 0xd8, 0x94, 0xcd,
-	0xfe, 0x89, 0x80, 0xf8, 0x05, 0x40, 0xae, 0x51, 0x12, 0xae, 0x8b, 0x3d, 0x26, 0xd1, 0x94, 0xcd,
-	0x62, 0xd1, 0x9a, 0xf0, 0xff, 0x10, 0xbf, 0xa2, 0x49, 0xe2, 0x29, 0x9b, 0x8d, 0x84, 0xfd, 0xe4,
-	0xa7, 0xd0, 0x7b, 0x93, 0x65, 0x83, 0x49, 0xd7, 0xfd, 0xc8, 0x83, 0xf4, 0x9d, 0x01, 0xd8, 0x45,
-	0x8b, 0x9c, 0x0a, 0x55, 0xf1, 0x14, 0xe2, 0x0a, 0x8f, 0x6e, 0xd7, 0x78, 0x3e, 0xc9, 0x5c, 0x96,
-	0xcc, 0xf2, 0x2b, 0x3c, 0x2e, 0x3b, 0xc2, 0x92, 0xfc, 0x12, 0xfa, 0x4d, 0xbd, 0x95, 0xe4, 0xd7,
-	0x8e, 0xe7, 0x27, 0x2d, 0xd9, 0xa3, 0x23, 0x96, 0x1d, 0x11, 0x24, 0x56, 0x5c, 0x29, 0xbd, 0x97,
-	0xa5, 0x8b, 0xf2, 0x5d, 0xbc, 0x72, 0x84, 0x15, 0x7b, 0x09, 0x9f, 0x40, 0x44, 0xc6, 0xe5, 0xeb,
-	0x89, 0x88, 0xcc, 0xed, 0x20, 0x44, 0x4e, 0xaf, 0x60, 0x10, 0x42, 0x7c, 0x16, 0x63, 0x3f, 0x14,
-	0x8b, 0xda, 0xc5, 0x6e, 0x7c, 0x2f, 0x1f, 0xe8, 0xaf, 0x2e, 0x9f, 0xec, 0xd7, 0xae, 0x27, 0x18,
-	0x2d, 0x1a, 0xda, 0x29, 0x5d, 0x90, 0xb1, 0x17, 0xc3, 0x4a, 0x6e, 0x4a, 0x74, 0xbe, 0xa1, 0x08,
-	0xc8, 0x5f, 0xcc, 0xd4, 0xa4, 0x1e, 0x24, 0xed, 0x9c, 0x7f, 0x24, 0x5a, 0x13, 0x7e, 0x0e, 0xc3,
-	0x43, 0xf1, 0x52, 0xad, 0x4d, 0x8d, 0xe1, 0x6c, 0x5f, 0x78, 0xd3, 0x77, 0x6f, 0xe3, 0xfa, 0x23,
-	0x00, 0x00, 0xff, 0xff, 0x1d, 0xbc, 0xa5, 0x33, 0x29, 0x02, 0x00, 0x00,
+	// 340 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x52, 0xdd, 0x4a, 0xf3, 0x40,
+	0x10, 0x6d, 0x92, 0xfe, 0x65, 0xda, 0xaf, 0x7c, 0x2e, 0x22, 0x41, 0x44, 0x4a, 0xae, 0x0a, 0x42,
+	0xc1, 0xea, 0x0b, 0x54, 0x6f, 0xea, 0x4d, 0x91, 0x6d, 0xbd, 0x96, 0x6d, 0x3b, 0xb6, 0xc1, 0x36,
+	0x1b, 0xb6, 0x13, 0xcb, 0x3e, 0x8f, 0x2f, 0x2a, 0xfb, 0x53, 0x8d, 0xe0, 0x85, 0xde, 0xed, 0x99,
+	0x73, 0x66, 0xe7, 0x1c, 0x66, 0x00, 0x96, 0xa8, 0x68, 0x58, 0x28, 0x49, 0x92, 0x35, 0x48, 0x17,
+	0xb8, 0x4f, 0x5f, 0xa0, 0x7e, 0x8f, 0x8a, 0xd8, 0x19, 0x34, 0x0d, 0xf9, 0xb0, 0x4a, 0x82, 0x7e,
+	0x30, 0xe8, 0x72, 0x8f, 0xd8, 0x25, 0xc0, 0x52, 0xa1, 0x20, 0x9c, 0x67, 0x3b, 0x4c, 0xc2, 0x7e,
+	0x30, 0x88, 0x78, 0xa5, 0xc2, 0xfe, 0x43, 0xf4, 0x8a, 0x3a, 0x89, 0xfa, 0xc1, 0x20, 0xe6, 0xe6,
+	0xc9, 0x4e, 0xa1, 0xf1, 0x26, 0xb6, 0x25, 0x26, 0x75, 0xfb, 0x91, 0x03, 0xe9, 0x7b, 0x00, 0x60,
+	0x06, 0x8d, 0x97, 0x94, 0xc9, 0x9c, 0xa5, 0x10, 0xe5, 0x78, 0xb0, 0xb3, 0x3a, 0xa3, 0xde, 0xd0,
+	0x7a, 0x19, 0x1a, 0x7e, 0x8a, 0x87, 0x49, 0x8d, 0x1b, 0x92, 0x5d, 0x41, 0xb3, 0x2c, 0x56, 0x82,
+	0xdc, 0xd8, 0xce, 0xe8, 0xa4, 0x22, 0x7b, 0xb2, 0xc4, 0xa4, 0xc6, 0xbd, 0xc4, 0x88, 0x73, 0xa9,
+	0x76, 0x62, 0x6b, 0xad, 0x7c, 0x17, 0x4f, 0x2d, 0x61, 0xc4, 0x4e, 0xc2, 0x7a, 0x10, 0x92, 0xb6,
+	0xfe, 0x1a, 0x3c, 0x24, 0x7d, 0xd7, 0xf2, 0x96, 0xd3, 0x6b, 0x68, 0x79, 0x13, 0xc7, 0x60, 0xc1,
+	0x0f, 0xc1, 0xc2, 0x6a, 0xb0, 0x5b, 0x97, 0xcb, 0x19, 0xfa, 0x6b, 0x97, 0x73, 0xf6, 0xeb, 0xae,
+	0x67, 0x88, 0xc7, 0x25, 0x6d, 0xa4, 0xca, 0x48, 0x9b, 0x8d, 0x61, 0x2e, 0x16, 0x5b, 0xb4, 0x7d,
+	0x6d, 0xee, 0x91, 0xdb, 0x98, 0x2e, 0x48, 0x3e, 0x0a, 0xda, 0xd8, 0xfe, 0x98, 0x57, 0x2a, 0xec,
+	0x1c, 0xda, 0xfb, 0x6c, 0x9d, 0xcf, 0x75, 0x81, 0x7e, 0x6d, 0x9f, 0x38, 0x9d, 0xc1, 0x3f, 0x63,
+	0x6b, 0x96, 0xad, 0x73, 0x41, 0xa5, 0x42, 0x76, 0x01, 0xf1, 0xfe, 0x08, 0xfc, 0x65, 0x7c, 0x15,
+	0x18, 0x83, 0xba, 0x39, 0x13, 0x6f, 0xd2, 0xbe, 0x4d, 0x96, 0x32, 0x5b, 0xd9, 0x9f, 0xbb, 0xdc,
+	0x3c, 0x17, 0x4d, 0x7b, 0x70, 0x37, 0x1f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x97, 0xaa, 0x8b, 0x1d,
+	0x7e, 0x02, 0x00, 0x00,
 }