Skip to content

fix: The hmac-auth plugin support HMAC-SM3 algorithm. Resolved #11927 #11930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

fix: The hmac-auth plugin support HMAC-SM3 algorithm. Resolved #11927 #11930

wants to merge 4 commits into from

Conversation

fanchangjifen
Copy link

Description

The current version of APISIX is built based on OpenSSL 3.x and includes the lua-resty-openssl module. On this basis, the dependency of the HMAC algorithm in the hmac-auth plugin has been modified to enable the plugin to support the HMAC-SM3 message authentication code algorithm.

Fixes #11927

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. enhancement New feature or request plugin labels Jan 21, 2025
@fanchangjifen fanchangjifen changed the title The hmac-auth plugin support HMAC-SM3 algorithm. Resolved #11927 feat:The hmac-auth plugin support HMAC-SM3 algorithm. Resolved #11927 Jan 21, 2025
@fanchangjifen fanchangjifen changed the title feat:The hmac-auth plugin support HMAC-SM3 algorithm. Resolved #11927 feat: The hmac-auth plugin support HMAC-SM3 algorithm. Resolved #11927 Jan 21, 2025
@fanchangjifen fanchangjifen changed the title feat: The hmac-auth plugin support HMAC-SM3 algorithm. Resolved #11927 fix: The hmac-auth plugin support HMAC-SM3 algorithm. Resolved #11927 Jan 21, 2025
@Revolyssup
Copy link
Contributor

@fanchangjifen Can you add some tests. here please?

@fanchangjifen
Copy link
Author

fanchangjifen commented Feb 4, 2025
edited
Loading

@fanchangjifen Can you add some tests. here please?

What kind of example? I might not be very good at automated test cases. Could you provide an implementation of HAMC-SM3 based on Tencent Kona Crypto, similar to this one: #11929 @Revolyssup

@fanchangjifen
Copy link
Author

for java

<dependency>
    <groupId>com.tencent.kona</groupId>
    <artifactId>kona-crypto</artifactId>
    <version>1.0.10</version>
</dependency>

public static String hmacSm3Base64Str(final String key, final String data) {
  try {
      Security.addProvider(new KonaCryptoProvider());
      SecretKey secretKey = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSM3");
      Mac hmac = Mac.getInstance("HmacSM3");
      hmac.init(secretKey);
      byte[] hmacSm3Bytes = hmac.doFinal(data.getBytes(StandardCharsets.UTF_8));
      return new String(Base64.encodeBase64(hmacSm3Bytes), StandardCharsets.UTF_8);
  } catch (Exception e) {
      e.printStackTrace();
  }
  return null;
}

Baoyuantop
Baoyuantop reviewed Mar 31, 2025
View reviewed changes
Copy link
Contributor

@Baoyuantop Baoyuantop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add test case and doc.

@fanchangjifen
Copy link
Author

Please add test case and doc.
测试脚本看不太懂,能否告知在哪里写测试用例和文档

@fanchangjifen
Copy link
Author

Please add test case and doc.

另外我需要通过其他语言来佐证signature的一致性,不太清楚如何下手
test case里面对hmac-sha256的验证,是用两种不同的计算过程实现的

@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:M This PR changes 30-99 lines, ignoring generated files. labels Apr 1, 2025
@Baoyuantop
Copy link
Contributor

Please add test case and doc.
测试脚本看不太懂,能否告知在哪里写测试用例和文档

You can refer to https://apisix.apache.org/docs/apisix/internal/testing-framework/

@fanchangjifen fanchangjifen requested a review from Baoyuantop April 8, 2025 06:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Baoyuantop Baoyuantop Awaiting requested review from Baoyuantop

At least 3 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
enhancement New feature or request plugin size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: The hmac-auth plugin supports HMAC authentication with the SM3 national cryptographic algorithm.
3 participants
@fanchangjifen @Revolyssup @Baoyuantop