diff --git a/chsm-common/src/main/java/com/sunyard/chsm/constant/CryptoConst.java b/chsm-common/src/main/java/com/sunyard/chsm/constant/CryptoConst.java index 29ef717..5ec0746 100644 --- a/chsm-common/src/main/java/com/sunyard/chsm/constant/CryptoConst.java +++ b/chsm-common/src/main/java/com/sunyard/chsm/constant/CryptoConst.java @@ -8,6 +8,8 @@ import com.sunyard.chsm.utils.CodecUtils; */ public interface CryptoConst { - byte[] iv = CodecUtils.decodeHex("30303030303030303030303030303030"); + static byte[] iv() { + return CodecUtils.decodeHex("30303030303030303030303030303030"); + } } diff --git a/chsm-common/src/main/java/com/sunyard/chsm/service/TmkService.java b/chsm-common/src/main/java/com/sunyard/chsm/service/TmkService.java index a4669b7..ceced96 100644 --- a/chsm-common/src/main/java/com/sunyard/chsm/service/TmkService.java +++ b/chsm-common/src/main/java/com/sunyard/chsm/service/TmkService.java @@ -134,6 +134,10 @@ public class TmkService { cipher = EccCipher.fromHex(check.getEncTmk()); log.debug("device serial, pubKey not changed, use origin device enc tmk"); } else { + if (DeviceTmkStatus.finished.name().equals(check.getTmkStatus())) { + res.setStatus(DeviceTmkStatus.available); + return res; + } log.debug("device serial, pubKey is changed, or no tmk in origin device"); Device device = getOneByStatus(DeviceTmkStatus.finished); Assert.notNull(device, "系统主密钥设备异常,请联系管理员排查"); diff --git a/chsm-params/src/main/java/com/sunyard/chsm/param/HashReq.java b/chsm-params/src/main/java/com/sunyard/chsm/param/HashReq.java new file mode 100644 index 0000000..633ac50 --- /dev/null +++ b/chsm-params/src/main/java/com/sunyard/chsm/param/HashReq.java @@ -0,0 +1,19 @@ +package com.sunyard.chsm.param; + +import com.sunyard.chsm.enums.HashAlg; +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class HashReq { + + // 明文,使用Base64编码 + @NotBlank(message = "明文不能为空") + private String plainData; + + // 填充方式, 默认PCKS7 + private HashAlg alg = HashAlg.SM3; + + +} diff --git a/chsm-params/src/main/java/com/sunyard/chsm/param/HashResp.java b/chsm-params/src/main/java/com/sunyard/chsm/param/HashResp.java new file mode 100644 index 0000000..c096316 --- /dev/null +++ b/chsm-params/src/main/java/com/sunyard/chsm/param/HashResp.java @@ -0,0 +1,12 @@ +package com.sunyard.chsm.param; + +import lombok.Data; + +@Data +public class HashResp { + + // mac值,使用Base64编码 + private String hash; + + +} diff --git a/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java b/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java index daebaa6..3c2948f 100644 --- a/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java +++ b/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java @@ -169,13 +169,13 @@ public class SingleSdfApiService implements SdfApiService, InitializingBean { public byte[] encryptByTMK(byte[] data) { checkKey(); byte[] pad = PaddingUtil.PKCS7Padding(data); - return sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv, pad); + return sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv(), pad); } @Override public byte[] decryptByTMK(byte[] data) { checkKey(); - byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv, data); + byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv(), data); return PaddingUtil.PKCS7Unpadding(decrypt); } @@ -193,7 +193,7 @@ public class SingleSdfApiService implements SdfApiService, InitializingBean { Device device = spDeviceMapper.selectOneByStatus(status); if (Objects.nonNull(device)) { DeviceCheckRes checkRes = tmkService.checkDevice(device); - if (!checkRes.isHasError()) { + if (!checkRes.isHasError() && checkRes.getStatus() == status) { this.sdfApiAdapter = checkRes.getSdfApiAdapter(); this.deviceHandle = sdfApiAdapter.openDevice(); this.sessionHandle = sdfApiAdapter.openSession(deviceHandle); diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/controller/HashController.java b/chsm-web-server/src/main/java/com/sunyard/chsm/controller/HashController.java new file mode 100644 index 0000000..c083e65 --- /dev/null +++ b/chsm-web-server/src/main/java/com/sunyard/chsm/controller/HashController.java @@ -0,0 +1,46 @@ +package com.sunyard.chsm.controller; + +import com.sunyard.chsm.auth.AuthCode; +import com.sunyard.chsm.constant.AuthCodeConst; +import com.sunyard.chsm.model.R; +import com.sunyard.chsm.param.HashReq; +import com.sunyard.chsm.param.HashResp; +import com.sunyard.chsm.sdf.SdfApiService; +import com.sunyard.chsm.utils.CodecUtils; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RestController; + +import javax.annotation.Resource; +import javax.validation.Valid; + +/** + * 杂凑运算类接口 + * + * @author liulu + * @since 2024/12/19 + */ +@RestController +public class HashController { + + @Resource + private SdfApiService sdfApiService; + + /** + * 计算Hash + * + * @param req + * @return + */ + @PostMapping("/hash") + @AuthCode(AuthCodeConst.cal_hash) + public R hash(@Valid @RequestBody HashReq req) { + byte[] bytes = CodecUtils.decodeBase64(req.getPlainData()); + byte[] hash = sdfApiService.hash(bytes); + HashResp resp = new HashResp(); + resp.setHash(CodecUtils.encodeBase64(hash)); + return R.data(resp); + } + + +} diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java index 8671929..259841e 100644 --- a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java +++ b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java @@ -183,12 +183,12 @@ public class LoadBalancedSdfApiService implements SdfApiService { @Override public byte[] encryptByTMK(byte[] data) { byte[] pad = PaddingUtil.PKCS7Padding(data); - return apply(s -> s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, CryptoConst.iv, pad)); + return apply(s -> s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, CryptoConst.iv(), pad)); } @Override public byte[] decryptByTMK(byte[] data) { - byte[] decrypt = apply(s -> s.getSdfApiAdapter().symDecrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, CryptoConst.iv, data)); + byte[] decrypt = apply(s -> s.getSdfApiAdapter().symDecrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, CryptoConst.iv(), data)); if (log.isDebugEnabled()) { log.debug("decryptByTMK res: {}", CodecUtils.encodeHex(decrypt)); } diff --git a/chsm-web-server/src/test/java/api/SymKeyTest.java b/chsm-web-server/src/test/java/api/SymKeyTest.java index d688072..dbfc5ae 100644 --- a/chsm-web-server/src/test/java/api/SymKeyTest.java +++ b/chsm-web-server/src/test/java/api/SymKeyTest.java @@ -23,12 +23,13 @@ public class SymKeyTest extends BaseTest { @Test public void testEncrypt() { - Long keyId = 1869562427636801538L; + Long keyId = 1869666111835049985L; SymEncryptReq symEncryptReq = new SymEncryptReq(); symEncryptReq.setKeyId(keyId); symEncryptReq.setPlainData(CodecUtils.encodeBase64(plain.getBytes())); - symEncryptReq.setMode(AlgMode.ECB); + symEncryptReq.setIv(CodecUtils.encodeBase64(iv)); + symEncryptReq.setMode(AlgMode.CBC); SymEncryptResp symEncryptResp = execute("/sym/encrypt", symEncryptReq, SymEncryptResp.class); log.info("SymEncryptResp: {}", symEncryptResp); @@ -40,12 +41,13 @@ public class SymKeyTest extends BaseTest { SymDecryptReq decryptReq = new SymDecryptReq(); decryptReq.setKeyId(keyId); decryptReq.setKeyIndex(symEncryptResp.getKeyIndex()); - decryptReq.setMode(AlgMode.ECB); + decryptReq.setIv(CodecUtils.encodeBase64(iv)); + decryptReq.setMode(AlgMode.CBC); decryptReq.setCipherData(symEncryptResp.getCipherData()); SymDecryptResp decryptResp = execute("/sym/decrypt", decryptReq, SymDecryptResp.class); - log.info("SymDecryptResp: {}", decryptResp); - Assertions.assertNotNull(decryptResp); String calPlain = new String(CodecUtils.decodeBase64(decryptResp.getPlainData())); + log.info("SymDecryptResp: {}, {}", calPlain, decryptResp); + Assertions. assertNotNull(decryptResp); Assertions.assertEquals(plain, calPlain); diff --git a/chsm-web-server/src/test/java/sdf/adapter/SingleSdfApiService.java b/chsm-web-server/src/test/java/sdf/adapter/SingleSdfApiService.java index b23deb2..8f03ec8 100644 --- a/chsm-web-server/src/test/java/sdf/adapter/SingleSdfApiService.java +++ b/chsm-web-server/src/test/java/sdf/adapter/SingleSdfApiService.java @@ -149,13 +149,13 @@ public class SingleSdfApiService implements SdfApiService { public byte[] encryptByTMK(byte[] data) { checkKey(); byte[] pad = PaddingUtil.PKCS7Padding(data); - return sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv, pad); + return sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv(), pad); } @Override public byte[] decryptByTMK(byte[] data) { checkKey(); - byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv, data); + byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv(), data); return PaddingUtil.PKCS7Unpadding(decrypt); }