sdf api

2024-12-12 10:05:37 +08:00 · 2024-12-12 10:05:37 +08:00 · 44161e70bb
commit 44161e70bb
parent 2250a6234b
10 changed files with 166 additions and 264 deletions
--- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/AbstractSdfApiService.java
+++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/AbstractSdfApiService.java
@ -1,8 +1,6 @@
 package com.sunyard.chsm.sdf;

-import com.sunyard.chsm.enums.AlgMode;
 import com.sunyard.chsm.enums.KeyAlg;
-import com.sunyard.chsm.enums.Padding;

 import java.util.HashMap;
 import java.util.Map;
@ -27,10 +25,10 @@ public abstract class AbstractSdfApiService implements SdfApiService {
     *            密钥长度根据 alg 指定的算法自动选择。
     * @return 密钥
     */
-    @Override
-    public byte[] genSymKey(KeyAlg alg) {
-        return genSymKey( alg, algKeyLen.get( alg ) );
-    }
+//    @Override
+//    public byte[] genSymKey(KeyAlg alg) {
+//        return genSymKey( alg, algKeyLen.get( alg ) );
+//    }


    /**
@ -40,10 +38,10 @@ public abstract class AbstractSdfApiService implements SdfApiService {
     * @param key 密钥值，明文
     * @param data 原始数据
     */
-    @Override
-    public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data){
-        return symEncrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data );
-    }
+//    @Override
+//    public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data){
+//        return symEncrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data );
+//    }


    /**
@ -53,9 +51,9 @@ public abstract class AbstractSdfApiService implements SdfApiService {
     * @param key 密钥值，明文
     * @param data 密文数据
     */
-    @Override
-    public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) {
-        return symDecrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data );
-    }
+//    @Override
+//    public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) {
+//        return symDecrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data );
+//    }

 }
--- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/SdfApiService.java
+++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/SdfApiService.java
@ -1,9 +1,6 @@
 package com.sunyard.chsm.sdf;


-import com.sunyard.chsm.enums.AlgMode;
-import com.sunyard.chsm.enums.KeyAlg;
-import com.sunyard.chsm.enums.Padding;
 import com.sunyard.chsm.sdf.context.AlgId;
 import com.sunyard.chsm.sdf.model.EccKey;

@ -32,23 +29,21 @@ public interface SdfApiService {
     *               禁止传 null
     * @return 对称密钥
     */
-    byte[] genSymKey(KeyAlg alg, Integer keyLen);
-
-    byte[] genSymKey(KeyAlg alg);
+//    byte[] genSymKey(KeyAlg alg, Integer keyLen);
+//
+//    byte[] genSymKey(KeyAlg alg);


    /**
     * 对称加密
     *
     * @param alg     算法，只支持对称算法
-     * @param mode    轮模式
-     * @param padding 填充模式
     * @param key     密钥值，明文
     * @param data    原始数据
     */
-    byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data);
-
-    byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data);
+//    byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data);
+//
+//    byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data);

    byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data);

@ -61,9 +56,9 @@ public interface SdfApiService {
     * @param padding 填充模式
     * @param data    密文数据
     */
-    byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data);
-
-    byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data);
+//    byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data);
+//
+//    byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data);

    byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data);

--- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/BcSdfApiAdaptor.java
+++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/BcSdfApiAdaptor.java
@ -11,6 +11,7 @@ import com.sunyard.chsm.utils.gm.BCSM2Utils;
 import com.sunyard.chsm.utils.gm.BCSM4Utils;
 import lombok.SneakyThrows;
 import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.digests.SM3Digest;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
@ -23,6 +24,7 @@ import java.math.BigInteger;
 import java.security.KeyPair;
 import java.security.SecureRandom;
 import java.util.Map;
+import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;

@ -62,7 +64,7 @@ public class BcSdfApiAdaptor implements SdfApiAdapter {

    @Override
    public String openSession(String deviceHandle) {
-        return "6975feaffaa35b31b6d4e4555ac403a1";
+        return UUID.randomUUID().toString();
    }

    @Override
@ -171,14 +173,9 @@ public class BcSdfApiAdaptor implements SdfApiAdapter {


    @Override
+    @SneakyThrows
    public byte[] symEncrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucData) {
        byte[] symKey = getSymKey(keyHandle);
-        return externalSymEncrypt(sessionHandle, symKey, alg, pucIv, pucData);
-    }
-
-    @Override
-    @SneakyThrows
-    public byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData) {
        switch (alg) {
            case SGD_SM4_ECB:
                return BCSM4Utils.encrypt_ECB_NoPadding(symKey, pucData);
@ -190,14 +187,9 @@ public class BcSdfApiAdaptor implements SdfApiAdapter {
    }

    @Override
+    @SneakyThrows
    public byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData) {
        byte[] symKey = getSymKey(keyHandle);
-        return externalSymDecrypt(sessionHandle, symKey, alg, pucIv, pucEncData);
-    }
-
-    @Override
-    @SneakyThrows
-    public byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData) {
        switch (alg) {
            case SGD_SM4_ECB:
                return BCSM4Utils.decrypt_ECB_NoPadding(symKey, pucEncData);
@ -215,32 +207,34 @@ public class BcSdfApiAdaptor implements SdfApiAdapter {
    }

    @Override
+    @SneakyThrows
    public byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData) {
-        return new byte[0];
+        byte[] symKey = getSymKey(keyHandle);
+        return BCSM4Utils.doCBCMac(symKey, pucIv, null, pucData);
    }

-    @Override
-    public byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData) {
-        return new byte[0];
-    }
+    protected static final Map<String, SM3Digest> HASH_CONTEXT = new ConcurrentHashMap<>();

    @Override
    public int hashInit(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID) {
+        HASH_CONTEXT.put(sessionHandle, new SM3Digest());
        return 0;
    }

    @Override
    public int hashUpdate(String sessionHandle, byte[] pucData) {
+        Optional.ofNullable(HASH_CONTEXT.get(sessionHandle))
+                .ifPresent(it -> it.update(pucData, 0, pucData.length));
        return 0;
    }

    @Override
    public byte[] hashFinish(String sessionHandle) {
-        return new byte[0];
+        SM3Digest digest = HASH_CONTEXT.remove(sessionHandle);
+        Assert.notNull(digest, "session异常");
+        byte[] hash = new byte[digest.getDigestSize()];
+        digest.doFinal(hash, 0);
+        return hash;
    }

-    @Override
-    public byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData) {
-        return new byte[0];
-    }
 }
--- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/JnaSdfAdaptor.java
+++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/JnaSdfAdaptor.java
@ -206,25 +206,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter {
        return pucEncData;
    }

-    @Override
-    public byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData) {
-        int uiDataLength = pucData.length;
-        byte[] pucEncData = new byte[uiDataLength];
-        Pointer hSessionHandle = getSessionHandle(sessionHandle);
-        int length = symKey.length;
-        PointerByReference phKeyHandle = new PointerByReference();
-        // 先导入密钥
-        sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle);
-        //加密
-        Pointer hKeyHandle = phKeyHandle.getValue();
-        IntByReference puiLength = new IntByReference();
-        sdfLibrary.SDF_Encrypt(hSessionHandle, hKeyHandle, getAlgId(alg),
-                pucIv, pucData, uiDataLength, pucEncData, puiLength);
-        // 使用后销毁密钥
-        sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle);
-        return pucEncData;
-    }
-
    @Override
    public byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData) {
        Pointer hSessionHandle = getSessionHandle(sessionHandle);
@ -238,26 +219,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter {
        return pucData;
    }

-    @Override
-    public byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData) {
-        int uiEncDataLength = pucEncData.length;
-        byte[] pucData = new byte[uiEncDataLength];
-
-        PointerByReference phKeyHandle = new PointerByReference();
-        Pointer hSessionHandle = getSessionHandle(sessionHandle);
-        int length = symKey.length;
-        // 导入会话密钥
-        sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle);
-        // 解密
-        Pointer hKeyHandle = phKeyHandle.getValue();
-        IntByReference puiLength = new IntByReference();
-        sdfLibrary.SDF_Decrypt(hSessionHandle, hKeyHandle, getAlgId(alg),
-                pucIv, pucEncData, uiEncDataLength, pucData, puiLength);
-        // 销毁会话密钥
-        sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle);
-        return pucData;
-    }
-
    @Override
    public byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData) {
        Pointer hSessionHandle = getSessionHandle(sessionHandle);
@ -272,24 +233,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter {
        return pucMac;
    }

-    @Override
-    public byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData) {
-        PointerByReference phKeyHandle = new PointerByReference();
-        Pointer hSessionHandle = getSessionHandle(sessionHandle);
-        int length = symKey.length;
-        // 导入会话密钥
-        sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle);
-
-        int uiMacLength = pucData.length;
-        byte[] pucMac = new byte[uiMacLength];
-        Pointer hKeyHandle = phKeyHandle.getValue();
-        IntByReference puiLength = new IntByReference();
-        sdfLibrary.SDF_CalculateMAC(hSessionHandle, hKeyHandle, getAlgId(uiAlg), pucIv, pucData, uiMacLength, pucMac, puiLength);
-        // 销毁会话密钥
-        sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle);
-        return pucMac;
-    }
-
    @Override
    public int hashInit(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID) {
        Pointer hSessionHandle = getSessionHandle(sessionHandle);
@ -312,15 +255,4 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter {
        return pucHash;
    }

-    @Override
-    public byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData) {
-        Pointer hSessionHandle = getSessionHandle(sessionHandle);
-        byte[] pubPub = pucPublicKey == null ? null : pucPublicKey.toSdfData();
-        sdfLibrary.SDF_HashInit(hSessionHandle, getAlgId(AlgId.SGD_SM3), pubPub, pucID, pucID.length);
-        sdfLibrary.SDF_HashUpdate(hSessionHandle, pucData, pucData.length);
-        byte[] pucHash = new byte[32];
-        IntByReference puiLength = new IntByReference();
-        sdfLibrary.SDF_HashFinal(hSessionHandle, pucHash, puiLength);
-        return pucHash;
-    }
 }
--- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/SdfApiAdapter.java
+++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/SdfApiAdapter.java
@ -120,8 +120,6 @@ public interface SdfApiAdapter {
     */
    byte[] symEncrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucData);

-    byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData);
-
    /**
     * 对称解密
     *
@ -134,8 +132,6 @@ public interface SdfApiAdapter {
     */
    byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData);

-    byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData);
-
    /**
     * @param sessionHandle 与设备建立的会话句柄
     * @param keyHandle     指定的密钥句柄
@ -145,7 +141,6 @@ public interface SdfApiAdapter {
     * @return MAC值
     */
    byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData);
-    byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData);

    /**
     * 杂凑运算初始化
@ -175,7 +170,4 @@ public interface SdfApiAdapter {
     */
    byte[] hashFinish(String sessionHandle);

-
-    byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData);
-
 }
--- a/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java
+++ b/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java
@ -1,9 +1,6 @@
 package com.sunyard.chsm.sdf;

-import com.sunyard.chsm.enums.AlgMode;
 import com.sunyard.chsm.enums.DeviceTmkStatus;
-import com.sunyard.chsm.enums.KeyAlg;
-import com.sunyard.chsm.enums.Padding;
 import com.sunyard.chsm.mapper.SpDeviceMapper;
 import com.sunyard.chsm.model.dto.DeviceCheckRes;
 import com.sunyard.chsm.model.entity.Device;
@ -14,12 +11,16 @@ import com.sunyard.chsm.sdf.context.AlgId;
 import com.sunyard.chsm.sdf.model.DeviceInfo;
 import com.sunyard.chsm.sdf.model.EccCipher;
 import com.sunyard.chsm.sdf.model.EccKey;
+import com.sunyard.chsm.sdf.util.PaddingUtil;
 import com.sunyard.chsm.service.TmkService;
-import lombok.RequiredArgsConstructor;
+import com.sunyard.chsm.utils.gm.BCSM3Utils;
+import lombok.NoArgsConstructor;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.stereotype.Service;
+import org.springframework.util.Assert;

+import javax.annotation.Resource;
 import java.util.Objects;
 import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
@ -29,88 +30,103 @@ import java.util.concurrent.TimeUnit;
 * @since 2024/12/11
 */
@Service
-@RequiredArgsConstructor
+@NoArgsConstructor
 public class SingleSdfApiService implements SdfApiService, InitializingBean {

    private String tmkHandle;
+    private String deviceHandle;
    private String sessionHandle;
    private SdfApiAdapter sdfApiAdapter;
-    private final TmkService tmkService;
-    private final SpDeviceMapper spDeviceMapper;
+
+    @Resource
+    public TmkService tmkService;
+    @Resource
+    private SpDeviceMapper spDeviceMapper;
+
+    public SingleSdfApiService(SdfApiAdapter sdfApiAdapter) {
+        this.sdfApiAdapter = sdfApiAdapter;
+        this.deviceHandle = sdfApiAdapter.openDevice();
+        this.sessionHandle = sdfApiAdapter.openSession(deviceHandle);
+    }

    @Override
    public byte[] generateRandom(int len) {
-        return new byte[0];
-    }
-
-    @Override
-    public byte[] genSymKey(KeyAlg alg, Integer keyLen) {
-        return new byte[0];
-    }
-
-    @Override
-    public byte[] genSymKey(KeyAlg alg) {
-        return new byte[0];
-    }
-
-    @Override
-    public byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) {
-        return new byte[0];
-    }
-
-    @Override
-    public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data) {
-        return new byte[0];
+        checkStatus();
+        return sdfApiAdapter.generateRandom(sessionHandle, len);
    }

    @Override
    public byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) {
-        return new byte[0];
-    }
-
-    @Override
-    public byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) {
-        return new byte[0];
-    }
-
-    @Override
-    public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) {
-        return new byte[0];
+        checkStatus();
+        byte[] pad = PaddingUtil.PKCS7Padding(data);
+        String hk = sdfApiAdapter.importKey(sessionHandle, key);
+        byte[] encrypt = sdfApiAdapter.symEncrypt(sessionHandle, hk, alg, iv, pad);
+        sdfApiAdapter.destroyKey(sessionHandle, hk);
+        return encrypt;
    }

    @Override
    public byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) {
-        return new byte[0];
+        checkStatus();
+        String hk = sdfApiAdapter.importKey(sessionHandle, key);
+        byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, hk, alg, iv, data);
+        sdfApiAdapter.destroyKey(sessionHandle, hk);
+        return PaddingUtil.PKCS7Unpadding(decrypt);
    }

    @Override
    public EccKey genKeyPairEcc() {
-        return null;
+        checkStatus();
+        return sdfApiAdapter.generateKeyPairECC(sessionHandle, AlgId.SGD_SM2_1);
    }

    @Override
    public byte[] calculateMAC(byte[] symKey, byte[] pucIv, byte[] pucData) {
-        return new byte[0];
+        checkStatus();
+        String hk = sdfApiAdapter.importKey(sessionHandle, symKey);
+        byte[] mac = sdfApiAdapter.calculateMAC(sessionHandle, hk, AlgId.SGD_SM4_MAC, pucIv, pucData);
+        sdfApiAdapter.destroyKey(sessionHandle, hk);
+        return mac;
    }

    @Override
    public byte[] hmac(byte[] key, byte[] srcData) {
-        return new byte[0];
+        return BCSM3Utils.hmac(key, srcData);
    }

    @Override
    public byte[] hash(byte[] pucData) {
-        return new byte[0];
+        checkStatus();
+        String newSession = sdfApiAdapter.openSession(deviceHandle);
+        sdfApiAdapter.hashInit(newSession, AlgId.SGD_SM3, null, null);
+        sdfApiAdapter.hashUpdate(newSession, pucData);
+        byte[] hash = sdfApiAdapter.hashFinish(newSession);
+        sdfApiAdapter.closeSession(newSession);
+        return hash;
    }

    @Override
    public byte[] encryptByTMK(byte[] data) {
+        checkKey();
+        byte[] pad = PaddingUtil.PKCS7Padding(data);
+        sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, new byte[8], pad);
        return new byte[0];
    }

    @Override
    public byte[] decryptByTMK(byte[] data) {
-        return new byte[0];
+        checkKey();
+        byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, new byte[8], data);
+        return PaddingUtil.PKCS7Unpadding(decrypt);
+    }
+
+    private void checkStatus() {
+        Assert.notNull(sdfApiAdapter, "没有可用设备");
+    }
+
+    private void checkKey() {
+        checkStatus();
+        Assert.hasText(tmkHandle, "没有可用的主密钥设备");
    }

    private void changeDevice(boolean tmkInit) {
@ -120,8 +136,8 @@ public class SingleSdfApiService implements SdfApiService, InitializingBean {
            DeviceCheckRes checkRes = tmkService.checkDevice(device);
            if (!checkRes.isHasError()) {
                this.sdfApiAdapter = checkRes.getSdfApiAdapter();
-                String hd = sdfApiAdapter.openDevice();
-                this.sessionHandle = sdfApiAdapter.openSession(hd);
+                this.deviceHandle = sdfApiAdapter.openDevice();
+                this.sessionHandle = sdfApiAdapter.openSession(deviceHandle);
                if (tmkInit) {
                    sdfApiAdapter.getPrivateKeyAccessRight(sessionHandle, device.getEncKeyIdx(), device.getAccessCredentials().getBytes());
                    this.tmkHandle = sdfApiAdapter.importKeyWithISKECC(sessionHandle, device.getEncKeyIdx(), EccCipher.fromHex(device.getEncTmk()));
--- a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/DeviceManager.java
+++ b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/DeviceManager.java
@ -17,8 +17,7 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.pool2.impl.GenericObjectPool;
 import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
-import org.springframework.boot.ApplicationArguments;
-import org.springframework.boot.ApplicationRunner;
+import org.springframework.beans.factory.InitializingBean;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
@ -44,7 +43,7 @@ import java.util.stream.Collectors;
@Slf4j
@Component
@RequiredArgsConstructor
-public class DeviceManager implements ApplicationRunner {
+public class DeviceManager implements InitializingBean {

    private static final Map<Long, AtomicInteger> ROUND_MAP = new HashMap<>();

@ -238,7 +237,7 @@ public class DeviceManager implements ApplicationRunner {
    }

    @Override
-    public void run(ApplicationArguments args) throws Exception {
+    public void afterPropertiesSet() throws Exception {
        Executors.newSingleThreadScheduledExecutor()
                .scheduleWithFixedDelay(this::syncDevice, 0L, 5L, TimeUnit.MINUTES);
    }
--- a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java
+++ b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java
@ -1,8 +1,5 @@
 package com.sunyard.chsm.pool;

-import com.sunyard.chsm.enums.AlgMode;
-import com.sunyard.chsm.enums.KeyAlg;
-import com.sunyard.chsm.enums.Padding;
 import com.sunyard.chsm.sdf.SdfApiService;
 import com.sunyard.chsm.sdf.context.AlgId;
 import com.sunyard.chsm.sdf.model.EccKey;
@ -40,58 +37,24 @@ public class LoadBalancedSdfApiService implements SdfApiService {
        return apply(s -> s.getSdfApiAdapter().generateRandom(s.getSessionHandle(), len));
    }

-    @Override
-    public byte[] genSymKey(KeyAlg alg, Integer keyLen) {
-        return generateRandom(keyLen);
-    }
-
-    @Override
-    public byte[] genSymKey(KeyAlg alg) {
-        return generateRandom(16);
-    }
-
-    @Override
-    public byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) {
-        byte[] paddingData = null;
-        switch (padding) {
-            case NOPadding:
-                paddingData = data;
-                break;
-            case PCKS5Padding:
-                paddingData = PaddingUtil.PKCS5Padding(data);
-                break;
-            case PCKS7Padding:
-                paddingData = PaddingUtil.PKCS7Padding(data);
-                break;
-        }
-        byte[] finalPaddingData = paddingData;
-        return apply(s -> s.getSdfApiAdapter()
-                .externalSymEncrypt(s.getSessionHandle(), key, null, null, finalPaddingData));
-    }
-
-    @Override
-    public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data) {
-        return new byte[0];
-    }
-
    @Override
    public byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) {
-        return apply(s -> s.getSdfApiAdapter().externalSymEncrypt(s.getSessionHandle(), key, alg, iv, PaddingUtil.PKCS7Padding(data)));
-    }
-
-    @Override
-    public byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) {
-        return new byte[0];
-    }
-
-    @Override
-    public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) {
-        return new byte[0];
+        return apply(s -> {
+            String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), key);
+            byte[] encrypt = s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), keyHandle, alg, iv, PaddingUtil.PKCS7Padding(data));
+            s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle);
+            return encrypt;
+        });
    }

    @Override
    public byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) {
-        byte[] decrypt = apply(s -> s.getSdfApiAdapter().externalSymDecrypt(s.getSessionHandle(), key, alg, iv, data));
+        byte[] decrypt = apply(s -> {
+            String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), key);
+            byte[] d = s.getSdfApiAdapter().symDecrypt(s.getSessionHandle(), keyHandle, alg, iv, data);
+            s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle);
+            return d;
+        });
        return PaddingUtil.PKCS7Unpadding(decrypt);
    }

@ -102,7 +65,12 @@ public class LoadBalancedSdfApiService implements SdfApiService {

    @Override
    public byte[] calculateMAC(byte[] symKey, byte[] pucIv, byte[] pucData) {
-        return apply(s -> s.getSdfApiAdapter().calculateMAC(s.getSessionHandle(), symKey, AlgId.SGD_SM4_MAC, pucIv, pucData));
+        return apply(s -> {
+            String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), symKey);
+            byte[] mac = s.getSdfApiAdapter().calculateMAC(s.getSessionHandle(), keyHandle, AlgId.SGD_SM4_MAC, pucIv, pucData);
+            s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle);
+            return mac;
+        });
    }

    @Override
@ -112,12 +80,19 @@ public class LoadBalancedSdfApiService implements SdfApiService {

    @Override
    public byte[] hash(byte[] pucData) {
-        return apply(s -> s.getSdfApiAdapter().hashOperation(s.getSessionHandle(), AlgId.SGD_SM3, null, null, pucData));
+        return apply(s -> {
+            String newSession = s.getSdfApiAdapter().openSession(s.getDeviceHandle());
+            s.getSdfApiAdapter().hashInit(newSession, AlgId.SGD_SM3, null, null);
+            s.getSdfApiAdapter().hashUpdate(newSession, pucData);
+            byte[] hash = s.getSdfApiAdapter().hashFinish(newSession);
+            s.getSdfApiAdapter().closeSession(newSession);
+            return hash;
+        });
    }

    @Override
    public byte[] encryptByTMK(byte[] data) {
-        byte[] pad = PaddingUtil.PKCS7Unpadding(data);
+        byte[] pad = PaddingUtil.PKCS7Padding(data);
        return apply(s -> s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, new byte[8], pad));
    }

--- a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/TMKContextFactory.java
+++ b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/TMKContextFactory.java
@ -44,6 +44,7 @@ public class TMKContextFactory extends BasePooledObjectFactory<TMKContext> {
            this.deviceHandle = sdfApiAdapter.openDevice();
            hs = sdfApiAdapter.openSession(deviceHandle);
        }
+        keyHandle.setDeviceHandle(deviceHandle);
        keyHandle.setSessionHandle(hs);
        keyHandle.setEncTmk(context.getEncTmk());

--- a/chsm-web-server/src/test/java/sdf/BCSdfApiServiceTest.java
+++ b/chsm-web-server/src/test/java/sdf/BCSdfApiServiceTest.java
@ -1,34 +1,34 @@
-package sdf;
-import com.sunyard.chsm.WebServerApp;
-import com.sunyard.chsm.enums.KeyAlg;
-import com.sunyard.chsm.sdf.BCSdfApiService;
-import lombok.extern.slf4j.Slf4j;
-import org.junit.Assert;
-import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.context.SpringBootTest;
-
-import java.util.Random;
-
-
-@Slf4j
-@SpringBootTest(classes = WebServerApp.class)
-public class BCSdfApiServiceTest {
-
-    @Autowired
-    private BCSdfApiService bcSdfApiService;
-
-    // 对称加密解密测试
-    @Test
-    void testSym() {
-        byte[] data = new byte[128];
-        new Random().nextBytes( data );
-
-        byte[] key = bcSdfApiService.genSymKey( KeyAlg.SM4 );
-        byte[] enData = bcSdfApiService.symEncrypt( KeyAlg.SM4, key, data );
-        byte[] deData = bcSdfApiService.symDecrypt( KeyAlg.SM4, key, enData );
-
-        Assert.assertArrayEquals( data, deData );
-
-    }
-}
+//package sdf;
+//import com.sunyard.chsm.WebServerApp;
+//import com.sunyard.chsm.enums.KeyAlg;
+//import com.sunyard.chsm.sdf.BCSdfApiService;
+//import lombok.extern.slf4j.Slf4j;
+//import org.junit.Assert;
+//import org.junit.jupiter.api.Test;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.boot.test.context.SpringBootTest;
+//
+//import java.util.Random;
+//
+//
+//@Slf4j
+//@SpringBootTest(classes = WebServerApp.class)
+//public class BCSdfApiServiceTest {
+//
+//    @Autowired
+//    private BCSdfApiService bcSdfApiService;
+//
+//    // 对称加密解密测试
+//    @Test
+//    void testSym() {
+//        byte[] data = new byte[128];
+//        new Random().nextBytes( data );
+//
+//        byte[] key = bcSdfApiService.genSymKey( KeyAlg.SM4 );
+//        byte[] enData = bcSdfApiService.symEncrypt( KeyAlg.SM4, key, data );
+//        byte[] deData = bcSdfApiService.symDecrypt( KeyAlg.SM4, key, enData );
+//
+//        Assert.assertArrayEquals( data, deData );
+//
+//    }
+//}