Sunyard/chsm-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
liulu 2024-12-20 10:34:08 +08:00
parent 427df73a40
commit e3bf63ddef
9 changed files with 98 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
chsm-common/src/main/java/com/sunyard/chsm/constant/CryptoConst.java
View File

@ -8,6 +8,8 @@ import com.sunyard.chsm.utils.CodecUtils;
*/ */
public interface CryptoConst { public interface CryptoConst {
byte[] iv = CodecUtils.decodeHex("30303030303030303030303030303030"); static byte[] iv() {
return CodecUtils.decodeHex("30303030303030303030303030303030");
}
} }

4
chsm-common/src/main/java/com/sunyard/chsm/service/TmkService.java
View File

@ -134,6 +134,10 @@ public class TmkService {
cipher = EccCipher.fromHex(check.getEncTmk()); cipher = EccCipher.fromHex(check.getEncTmk());
log.debug("device serial, pubKey not changed, use origin device enc tmk"); log.debug("device serial, pubKey not changed, use origin device enc tmk");
} else { } else {
if (DeviceTmkStatus.finished.name().equals(check.getTmkStatus())) {
res.setStatus(DeviceTmkStatus.available);
return res;
}
log.debug("device serial, pubKey is changed, or no tmk in origin device"); log.debug("device serial, pubKey is changed, or no tmk in origin device");
Device device = getOneByStatus(DeviceTmkStatus.finished); Device device = getOneByStatus(DeviceTmkStatus.finished);
Assert.notNull(device, "系统主密钥设备异常,请联系管理员排查"); Assert.notNull(device, "系统主密钥设备异常,请联系管理员排查");

19
chsm-params/src/main/java/com/sunyard/chsm/param/HashReq.java Normal file
View File

@ -0,0 +1,19 @@
package com.sunyard.chsm.param;
import com.sunyard.chsm.enums.HashAlg;
import lombok.Data;
import javax.validation.constraints.NotBlank;
@Data
public class HashReq {
// 明文,使用Base64编码
@NotBlank(message = "明文不能为空")
private String plainData;
// 填充方式, 默认PCKS7
private HashAlg alg = HashAlg.SM3;
}

12
chsm-params/src/main/java/com/sunyard/chsm/param/HashResp.java Normal file
View File

@ -0,0 +1,12 @@
package com.sunyard.chsm.param;
import lombok.Data;
@Data
public class HashResp {
// mac值,使用Base64编码
private String hash;
}

6
chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java
View File

@ -169,13 +169,13 @@ public class SingleSdfApiService implements SdfApiService, InitializingBean {
public byte[] encryptByTMK(byte[] data) { public byte[] encryptByTMK(byte[] data) {
checkKey(); checkKey();
byte[] pad = PaddingUtil.PKCS7Padding(data); byte[] pad = PaddingUtil.PKCS7Padding(data);
return sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv, pad); return sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv(), pad);
} }
@Override @Override
public byte[] decryptByTMK(byte[] data) { public byte[] decryptByTMK(byte[] data) {
checkKey(); checkKey();
byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv, data); byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv(), data);
return PaddingUtil.PKCS7Unpadding(decrypt); return PaddingUtil.PKCS7Unpadding(decrypt);
} }
@ -193,7 +193,7 @@ public class SingleSdfApiService implements SdfApiService, InitializingBean {
Device device = spDeviceMapper.selectOneByStatus(status); Device device = spDeviceMapper.selectOneByStatus(status);
if (Objects.nonNull(device)) { if (Objects.nonNull(device)) {
DeviceCheckRes checkRes = tmkService.checkDevice(device); DeviceCheckRes checkRes = tmkService.checkDevice(device);
if (!checkRes.isHasError()) { if (!checkRes.isHasError() && checkRes.getStatus() == status) {
this.sdfApiAdapter = checkRes.getSdfApiAdapter(); this.sdfApiAdapter = checkRes.getSdfApiAdapter();
this.deviceHandle = sdfApiAdapter.openDevice(); this.deviceHandle = sdfApiAdapter.openDevice();
this.sessionHandle = sdfApiAdapter.openSession(deviceHandle); this.sessionHandle = sdfApiAdapter.openSession(deviceHandle);

46
chsm-web-server/src/main/java/com/sunyard/chsm/controller/HashController.java Normal file
View File

@ -0,0 +1,46 @@
package com.sunyard.chsm.controller;
import com.sunyard.chsm.auth.AuthCode;
import com.sunyard.chsm.constant.AuthCodeConst;
import com.sunyard.chsm.model.R;
import com.sunyard.chsm.param.HashReq;
import com.sunyard.chsm.param.HashResp;
import com.sunyard.chsm.sdf.SdfApiService;
import com.sunyard.chsm.utils.CodecUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
import javax.validation.Valid;
/**
* 杂凑运算类接口
*
* @author liulu
* @since 2024/12/19
*/
@RestController
public class HashController {
@Resource
private SdfApiService sdfApiService;
/**
* 计算Hash
*
* @param req
* @return
*/
@PostMapping("/hash")
@AuthCode(AuthCodeConst.cal_hash)
public R<HashResp> hash(@Valid @RequestBody HashReq req) {
byte[] bytes = CodecUtils.decodeBase64(req.getPlainData());
byte[] hash = sdfApiService.hash(bytes);
HashResp resp = new HashResp();
resp.setHash(CodecUtils.encodeBase64(hash));
return R.data(resp);
}
}

4
chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java
View File

@ -183,12 +183,12 @@ public class LoadBalancedSdfApiService implements SdfApiService {
@Override @Override
public byte[] encryptByTMK(byte[] data) { public byte[] encryptByTMK(byte[] data) {
byte[] pad = PaddingUtil.PKCS7Padding(data); byte[] pad = PaddingUtil.PKCS7Padding(data);
return apply(s -> s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, CryptoConst.iv, pad)); return apply(s -> s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, CryptoConst.iv(), pad));
} }
@Override @Override
public byte[] decryptByTMK(byte[] data) { public byte[] decryptByTMK(byte[] data) {
byte[] decrypt = apply(s -> s.getSdfApiAdapter().symDecrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, CryptoConst.iv, data)); byte[] decrypt = apply(s -> s.getSdfApiAdapter().symDecrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, CryptoConst.iv(), data));
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("decryptByTMK res: {}", CodecUtils.encodeHex(decrypt)); log.debug("decryptByTMK res: {}", CodecUtils.encodeHex(decrypt));
} }

12
chsm-web-server/src/test/java/api/SymKeyTest.java
View File

@ -23,12 +23,13 @@ public class SymKeyTest extends BaseTest {
@Test @Test
public void testEncrypt() { public void testEncrypt() {
Long keyId = 1869562427636801538L; Long keyId = 1869666111835049985L;
SymEncryptReq symEncryptReq = new SymEncryptReq(); SymEncryptReq symEncryptReq = new SymEncryptReq();
symEncryptReq.setKeyId(keyId); symEncryptReq.setKeyId(keyId);
symEncryptReq.setPlainData(CodecUtils.encodeBase64(plain.getBytes())); symEncryptReq.setPlainData(CodecUtils.encodeBase64(plain.getBytes()));
symEncryptReq.setMode(AlgMode.ECB); symEncryptReq.setIv(CodecUtils.encodeBase64(iv));
symEncryptReq.setMode(AlgMode.CBC);
SymEncryptResp symEncryptResp = execute("/sym/encrypt", symEncryptReq, SymEncryptResp.class); SymEncryptResp symEncryptResp = execute("/sym/encrypt", symEncryptReq, SymEncryptResp.class);
log.info("SymEncryptResp: {}", symEncryptResp); log.info("SymEncryptResp: {}", symEncryptResp);
@ -40,12 +41,13 @@ public class SymKeyTest extends BaseTest {
SymDecryptReq decryptReq = new SymDecryptReq(); SymDecryptReq decryptReq = new SymDecryptReq();
decryptReq.setKeyId(keyId); decryptReq.setKeyId(keyId);
decryptReq.setKeyIndex(symEncryptResp.getKeyIndex()); decryptReq.setKeyIndex(symEncryptResp.getKeyIndex());
decryptReq.setMode(AlgMode.ECB); decryptReq.setIv(CodecUtils.encodeBase64(iv));
decryptReq.setMode(AlgMode.CBC);
decryptReq.setCipherData(symEncryptResp.getCipherData()); decryptReq.setCipherData(symEncryptResp.getCipherData());
SymDecryptResp decryptResp = execute("/sym/decrypt", decryptReq, SymDecryptResp.class); SymDecryptResp decryptResp = execute("/sym/decrypt", decryptReq, SymDecryptResp.class);
log.info("SymDecryptResp: {}", decryptResp);
Assertions.assertNotNull(decryptResp);
String calPlain = new String(CodecUtils.decodeBase64(decryptResp.getPlainData())); String calPlain = new String(CodecUtils.decodeBase64(decryptResp.getPlainData()));
log.info("SymDecryptResp: {}, {}", calPlain, decryptResp);
Assertions. assertNotNull(decryptResp);
Assertions.assertEquals(plain, calPlain); Assertions.assertEquals(plain, calPlain);

4
chsm-web-server/src/test/java/sdf/adapter/SingleSdfApiService.java
View File

@ -149,13 +149,13 @@ public class SingleSdfApiService implements SdfApiService {
public byte[] encryptByTMK(byte[] data) { public byte[] encryptByTMK(byte[] data) {
checkKey(); checkKey();
byte[] pad = PaddingUtil.PKCS7Padding(data); byte[] pad = PaddingUtil.PKCS7Padding(data);
return sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv, pad); return sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv(), pad);
} }
@Override @Override
public byte[] decryptByTMK(byte[] data) { public byte[] decryptByTMK(byte[] data) {
checkKey(); checkKey();
byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv, data); byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, CryptoConst.iv(), data);
return PaddingUtil.PKCS7Unpadding(decrypt); return PaddingUtil.PKCS7Unpadding(decrypt);
} }