diff --git a/chsm-common/src/main/java/com/sunyard/chsm/sdf/AbstractSdfApiService.java b/chsm-common/src/main/java/com/sunyard/chsm/sdf/AbstractSdfApiService.java index cb4b764..ae59c58 100644 --- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/AbstractSdfApiService.java +++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/AbstractSdfApiService.java @@ -1,8 +1,6 @@ package com.sunyard.chsm.sdf; -import com.sunyard.chsm.enums.AlgMode; import com.sunyard.chsm.enums.KeyAlg; -import com.sunyard.chsm.enums.Padding; import java.util.HashMap; import java.util.Map; @@ -27,10 +25,10 @@ public abstract class AbstractSdfApiService implements SdfApiService { * 密钥长度根据 alg 指定的算法自动选择。 * @return 密钥 */ - @Override - public byte[] genSymKey(KeyAlg alg) { - return genSymKey( alg, algKeyLen.get( alg ) ); - } +// @Override +// public byte[] genSymKey(KeyAlg alg) { +// return genSymKey( alg, algKeyLen.get( alg ) ); +// } /** @@ -40,10 +38,10 @@ public abstract class AbstractSdfApiService implements SdfApiService { * @param key 密钥值,明文 * @param data 原始数据 */ - @Override - public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data){ - return symEncrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data ); - } +// @Override +// public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data){ +// return symEncrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data ); +// } /** @@ -53,9 +51,9 @@ public abstract class AbstractSdfApiService implements SdfApiService { * @param key 密钥值,明文 * @param data 密文数据 */ - @Override - public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) { - return symDecrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data ); - } +// @Override +// public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) { +// return symDecrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data ); +// } } diff --git a/chsm-common/src/main/java/com/sunyard/chsm/sdf/SdfApiService.java b/chsm-common/src/main/java/com/sunyard/chsm/sdf/SdfApiService.java index 840addf..f61ca0b 100644 --- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/SdfApiService.java +++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/SdfApiService.java @@ -1,9 +1,6 @@ package com.sunyard.chsm.sdf; -import com.sunyard.chsm.enums.AlgMode; -import com.sunyard.chsm.enums.KeyAlg; -import com.sunyard.chsm.enums.Padding; import com.sunyard.chsm.sdf.context.AlgId; import com.sunyard.chsm.sdf.model.EccKey; @@ -32,23 +29,21 @@ public interface SdfApiService { * 禁止传 null * @return 对称密钥 */ - byte[] genSymKey(KeyAlg alg, Integer keyLen); - - byte[] genSymKey(KeyAlg alg); +// byte[] genSymKey(KeyAlg alg, Integer keyLen); +// +// byte[] genSymKey(KeyAlg alg); /** * 对称加密 * * @param alg 算法,只支持对称算法 - * @param mode 轮模式 - * @param padding 填充模式 * @param key 密钥值,明文 * @param data 原始数据 */ - byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data); - - byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data); +// byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data); +// +// byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data); byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data); @@ -61,9 +56,9 @@ public interface SdfApiService { * @param padding 填充模式 * @param data 密文数据 */ - byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data); - - byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data); +// byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data); +// +// byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data); byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data); diff --git a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/BcSdfApiAdaptor.java b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/BcSdfApiAdaptor.java index c2f4058..4a2b29c 100644 --- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/BcSdfApiAdaptor.java +++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/BcSdfApiAdaptor.java @@ -11,6 +11,7 @@ import com.sunyard.chsm.utils.gm.BCSM2Utils; import com.sunyard.chsm.utils.gm.BCSM4Utils; import lombok.SneakyThrows; import org.bouncycastle.crypto.InvalidCipherTextException; +import org.bouncycastle.crypto.digests.SM3Digest; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey; @@ -23,6 +24,7 @@ import java.math.BigInteger; import java.security.KeyPair; import java.security.SecureRandom; import java.util.Map; +import java.util.Optional; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; @@ -62,7 +64,7 @@ public class BcSdfApiAdaptor implements SdfApiAdapter { @Override public String openSession(String deviceHandle) { - return "6975feaffaa35b31b6d4e4555ac403a1"; + return UUID.randomUUID().toString(); } @Override @@ -171,14 +173,9 @@ public class BcSdfApiAdaptor implements SdfApiAdapter { @Override + @SneakyThrows public byte[] symEncrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucData) { byte[] symKey = getSymKey(keyHandle); - return externalSymEncrypt(sessionHandle, symKey, alg, pucIv, pucData); - } - - @Override - @SneakyThrows - public byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData) { switch (alg) { case SGD_SM4_ECB: return BCSM4Utils.encrypt_ECB_NoPadding(symKey, pucData); @@ -190,14 +187,9 @@ public class BcSdfApiAdaptor implements SdfApiAdapter { } @Override + @SneakyThrows public byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData) { byte[] symKey = getSymKey(keyHandle); - return externalSymDecrypt(sessionHandle, symKey, alg, pucIv, pucEncData); - } - - @Override - @SneakyThrows - public byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData) { switch (alg) { case SGD_SM4_ECB: return BCSM4Utils.decrypt_ECB_NoPadding(symKey, pucEncData); @@ -215,32 +207,34 @@ public class BcSdfApiAdaptor implements SdfApiAdapter { } @Override + @SneakyThrows public byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData) { - return new byte[0]; + byte[] symKey = getSymKey(keyHandle); + return BCSM4Utils.doCBCMac(symKey, pucIv, null, pucData); } - @Override - public byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData) { - return new byte[0]; - } + protected static final Map HASH_CONTEXT = new ConcurrentHashMap<>(); @Override public int hashInit(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID) { + HASH_CONTEXT.put(sessionHandle, new SM3Digest()); return 0; } @Override public int hashUpdate(String sessionHandle, byte[] pucData) { + Optional.ofNullable(HASH_CONTEXT.get(sessionHandle)) + .ifPresent(it -> it.update(pucData, 0, pucData.length)); return 0; } @Override public byte[] hashFinish(String sessionHandle) { - return new byte[0]; + SM3Digest digest = HASH_CONTEXT.remove(sessionHandle); + Assert.notNull(digest, "session异常"); + byte[] hash = new byte[digest.getDigestSize()]; + digest.doFinal(hash, 0); + return hash; } - @Override - public byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData) { - return new byte[0]; - } } diff --git a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/JnaSdfAdaptor.java b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/JnaSdfAdaptor.java index bd1ea49..652320b 100644 --- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/JnaSdfAdaptor.java +++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/JnaSdfAdaptor.java @@ -206,25 +206,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter { return pucEncData; } - @Override - public byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData) { - int uiDataLength = pucData.length; - byte[] pucEncData = new byte[uiDataLength]; - Pointer hSessionHandle = getSessionHandle(sessionHandle); - int length = symKey.length; - PointerByReference phKeyHandle = new PointerByReference(); - // 先导入密钥 - sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle); - //加密 - Pointer hKeyHandle = phKeyHandle.getValue(); - IntByReference puiLength = new IntByReference(); - sdfLibrary.SDF_Encrypt(hSessionHandle, hKeyHandle, getAlgId(alg), - pucIv, pucData, uiDataLength, pucEncData, puiLength); - // 使用后销毁密钥 - sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle); - return pucEncData; - } - @Override public byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData) { Pointer hSessionHandle = getSessionHandle(sessionHandle); @@ -238,26 +219,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter { return pucData; } - @Override - public byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData) { - int uiEncDataLength = pucEncData.length; - byte[] pucData = new byte[uiEncDataLength]; - - PointerByReference phKeyHandle = new PointerByReference(); - Pointer hSessionHandle = getSessionHandle(sessionHandle); - int length = symKey.length; - // 导入会话密钥 - sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle); - // 解密 - Pointer hKeyHandle = phKeyHandle.getValue(); - IntByReference puiLength = new IntByReference(); - sdfLibrary.SDF_Decrypt(hSessionHandle, hKeyHandle, getAlgId(alg), - pucIv, pucEncData, uiEncDataLength, pucData, puiLength); - // 销毁会话密钥 - sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle); - return pucData; - } - @Override public byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData) { Pointer hSessionHandle = getSessionHandle(sessionHandle); @@ -272,24 +233,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter { return pucMac; } - @Override - public byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData) { - PointerByReference phKeyHandle = new PointerByReference(); - Pointer hSessionHandle = getSessionHandle(sessionHandle); - int length = symKey.length; - // 导入会话密钥 - sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle); - - int uiMacLength = pucData.length; - byte[] pucMac = new byte[uiMacLength]; - Pointer hKeyHandle = phKeyHandle.getValue(); - IntByReference puiLength = new IntByReference(); - sdfLibrary.SDF_CalculateMAC(hSessionHandle, hKeyHandle, getAlgId(uiAlg), pucIv, pucData, uiMacLength, pucMac, puiLength); - // 销毁会话密钥 - sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle); - return pucMac; - } - @Override public int hashInit(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID) { Pointer hSessionHandle = getSessionHandle(sessionHandle); @@ -312,15 +255,4 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter { return pucHash; } - @Override - public byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData) { - Pointer hSessionHandle = getSessionHandle(sessionHandle); - byte[] pubPub = pucPublicKey == null ? null : pucPublicKey.toSdfData(); - sdfLibrary.SDF_HashInit(hSessionHandle, getAlgId(AlgId.SGD_SM3), pubPub, pucID, pucID.length); - sdfLibrary.SDF_HashUpdate(hSessionHandle, pucData, pucData.length); - byte[] pucHash = new byte[32]; - IntByReference puiLength = new IntByReference(); - sdfLibrary.SDF_HashFinal(hSessionHandle, pucHash, puiLength); - return pucHash; - } } diff --git a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/SdfApiAdapter.java b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/SdfApiAdapter.java index 2f49faf..6bef870 100644 --- a/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/SdfApiAdapter.java +++ b/chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/SdfApiAdapter.java @@ -120,8 +120,6 @@ public interface SdfApiAdapter { */ byte[] symEncrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucData); - byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData); - /** * 对称解密 * @@ -134,8 +132,6 @@ public interface SdfApiAdapter { */ byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData); - byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData); - /** * @param sessionHandle 与设备建立的会话句柄 * @param keyHandle 指定的密钥句柄 @@ -145,7 +141,6 @@ public interface SdfApiAdapter { * @return MAC值 */ byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData); - byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData); /** * 杂凑运算初始化 @@ -175,7 +170,4 @@ public interface SdfApiAdapter { */ byte[] hashFinish(String sessionHandle); - - byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData); - } diff --git a/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java b/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java index c40f1da..7fdfb0b 100644 --- a/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java +++ b/chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java @@ -1,9 +1,6 @@ package com.sunyard.chsm.sdf; -import com.sunyard.chsm.enums.AlgMode; import com.sunyard.chsm.enums.DeviceTmkStatus; -import com.sunyard.chsm.enums.KeyAlg; -import com.sunyard.chsm.enums.Padding; import com.sunyard.chsm.mapper.SpDeviceMapper; import com.sunyard.chsm.model.dto.DeviceCheckRes; import com.sunyard.chsm.model.entity.Device; @@ -14,12 +11,16 @@ import com.sunyard.chsm.sdf.context.AlgId; import com.sunyard.chsm.sdf.model.DeviceInfo; import com.sunyard.chsm.sdf.model.EccCipher; import com.sunyard.chsm.sdf.model.EccKey; +import com.sunyard.chsm.sdf.util.PaddingUtil; import com.sunyard.chsm.service.TmkService; -import lombok.RequiredArgsConstructor; +import com.sunyard.chsm.utils.gm.BCSM3Utils; +import lombok.NoArgsConstructor; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.InitializingBean; import org.springframework.stereotype.Service; +import org.springframework.util.Assert; +import javax.annotation.Resource; import java.util.Objects; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; @@ -29,88 +30,103 @@ import java.util.concurrent.TimeUnit; * @since 2024/12/11 */ @Service -@RequiredArgsConstructor +@NoArgsConstructor public class SingleSdfApiService implements SdfApiService, InitializingBean { private String tmkHandle; + private String deviceHandle; private String sessionHandle; private SdfApiAdapter sdfApiAdapter; - private final TmkService tmkService; - private final SpDeviceMapper spDeviceMapper; + + @Resource + public TmkService tmkService; + @Resource + private SpDeviceMapper spDeviceMapper; + + public SingleSdfApiService(SdfApiAdapter sdfApiAdapter) { + this.sdfApiAdapter = sdfApiAdapter; + this.deviceHandle = sdfApiAdapter.openDevice(); + this.sessionHandle = sdfApiAdapter.openSession(deviceHandle); + } @Override public byte[] generateRandom(int len) { - return new byte[0]; - } - - @Override - public byte[] genSymKey(KeyAlg alg, Integer keyLen) { - return new byte[0]; - } - - @Override - public byte[] genSymKey(KeyAlg alg) { - return new byte[0]; - } - - @Override - public byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) { - return new byte[0]; - } - - @Override - public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data) { - return new byte[0]; + checkStatus(); + return sdfApiAdapter.generateRandom(sessionHandle, len); } @Override public byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) { - return new byte[0]; - } - - @Override - public byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) { - return new byte[0]; - } - - @Override - public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) { - return new byte[0]; + checkStatus(); + byte[] pad = PaddingUtil.PKCS7Padding(data); + String hk = sdfApiAdapter.importKey(sessionHandle, key); + byte[] encrypt = sdfApiAdapter.symEncrypt(sessionHandle, hk, alg, iv, pad); + sdfApiAdapter.destroyKey(sessionHandle, hk); + return encrypt; } @Override public byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) { - return new byte[0]; + checkStatus(); + String hk = sdfApiAdapter.importKey(sessionHandle, key); + byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, hk, alg, iv, data); + sdfApiAdapter.destroyKey(sessionHandle, hk); + return PaddingUtil.PKCS7Unpadding(decrypt); } @Override public EccKey genKeyPairEcc() { - return null; + checkStatus(); + return sdfApiAdapter.generateKeyPairECC(sessionHandle, AlgId.SGD_SM2_1); } @Override public byte[] calculateMAC(byte[] symKey, byte[] pucIv, byte[] pucData) { - return new byte[0]; + checkStatus(); + String hk = sdfApiAdapter.importKey(sessionHandle, symKey); + byte[] mac = sdfApiAdapter.calculateMAC(sessionHandle, hk, AlgId.SGD_SM4_MAC, pucIv, pucData); + sdfApiAdapter.destroyKey(sessionHandle, hk); + return mac; } @Override public byte[] hmac(byte[] key, byte[] srcData) { - return new byte[0]; + return BCSM3Utils.hmac(key, srcData); } @Override public byte[] hash(byte[] pucData) { - return new byte[0]; + checkStatus(); + String newSession = sdfApiAdapter.openSession(deviceHandle); + sdfApiAdapter.hashInit(newSession, AlgId.SGD_SM3, null, null); + sdfApiAdapter.hashUpdate(newSession, pucData); + byte[] hash = sdfApiAdapter.hashFinish(newSession); + sdfApiAdapter.closeSession(newSession); + return hash; } @Override public byte[] encryptByTMK(byte[] data) { + checkKey(); + byte[] pad = PaddingUtil.PKCS7Padding(data); + sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, new byte[8], pad); return new byte[0]; } @Override public byte[] decryptByTMK(byte[] data) { - return new byte[0]; + checkKey(); + byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, new byte[8], data); + return PaddingUtil.PKCS7Unpadding(decrypt); + } + + private void checkStatus() { + Assert.notNull(sdfApiAdapter, "没有可用设备"); + } + + private void checkKey() { + checkStatus(); + Assert.hasText(tmkHandle, "没有可用的主密钥设备"); } private void changeDevice(boolean tmkInit) { @@ -120,8 +136,8 @@ public class SingleSdfApiService implements SdfApiService, InitializingBean { DeviceCheckRes checkRes = tmkService.checkDevice(device); if (!checkRes.isHasError()) { this.sdfApiAdapter = checkRes.getSdfApiAdapter(); - String hd = sdfApiAdapter.openDevice(); - this.sessionHandle = sdfApiAdapter.openSession(hd); + this.deviceHandle = sdfApiAdapter.openDevice(); + this.sessionHandle = sdfApiAdapter.openSession(deviceHandle); if (tmkInit) { sdfApiAdapter.getPrivateKeyAccessRight(sessionHandle, device.getEncKeyIdx(), device.getAccessCredentials().getBytes()); this.tmkHandle = sdfApiAdapter.importKeyWithISKECC(sessionHandle, device.getEncKeyIdx(), EccCipher.fromHex(device.getEncTmk())); diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/DeviceManager.java b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/DeviceManager.java index 8e1c86e..01553d4 100644 --- a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/DeviceManager.java +++ b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/DeviceManager.java @@ -17,8 +17,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.commons.pool2.impl.GenericObjectPool; import org.apache.commons.pool2.impl.GenericObjectPoolConfig; -import org.springframework.boot.ApplicationArguments; -import org.springframework.boot.ApplicationRunner; +import org.springframework.beans.factory.InitializingBean; import org.springframework.stereotype.Component; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; @@ -44,7 +43,7 @@ import java.util.stream.Collectors; @Slf4j @Component @RequiredArgsConstructor -public class DeviceManager implements ApplicationRunner { +public class DeviceManager implements InitializingBean { private static final Map ROUND_MAP = new HashMap<>(); @@ -238,7 +237,7 @@ public class DeviceManager implements ApplicationRunner { } @Override - public void run(ApplicationArguments args) throws Exception { + public void afterPropertiesSet() throws Exception { Executors.newSingleThreadScheduledExecutor() .scheduleWithFixedDelay(this::syncDevice, 0L, 5L, TimeUnit.MINUTES); } diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java index 1807c31..18fc70a 100644 --- a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java +++ b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java @@ -1,8 +1,5 @@ package com.sunyard.chsm.pool; -import com.sunyard.chsm.enums.AlgMode; -import com.sunyard.chsm.enums.KeyAlg; -import com.sunyard.chsm.enums.Padding; import com.sunyard.chsm.sdf.SdfApiService; import com.sunyard.chsm.sdf.context.AlgId; import com.sunyard.chsm.sdf.model.EccKey; @@ -40,58 +37,24 @@ public class LoadBalancedSdfApiService implements SdfApiService { return apply(s -> s.getSdfApiAdapter().generateRandom(s.getSessionHandle(), len)); } - @Override - public byte[] genSymKey(KeyAlg alg, Integer keyLen) { - return generateRandom(keyLen); - } - - @Override - public byte[] genSymKey(KeyAlg alg) { - return generateRandom(16); - } - - @Override - public byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) { - byte[] paddingData = null; - switch (padding) { - case NOPadding: - paddingData = data; - break; - case PCKS5Padding: - paddingData = PaddingUtil.PKCS5Padding(data); - break; - case PCKS7Padding: - paddingData = PaddingUtil.PKCS7Padding(data); - break; - } - byte[] finalPaddingData = paddingData; - return apply(s -> s.getSdfApiAdapter() - .externalSymEncrypt(s.getSessionHandle(), key, null, null, finalPaddingData)); - } - - @Override - public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data) { - return new byte[0]; - } - @Override public byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) { - return apply(s -> s.getSdfApiAdapter().externalSymEncrypt(s.getSessionHandle(), key, alg, iv, PaddingUtil.PKCS7Padding(data))); - } - - @Override - public byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) { - return new byte[0]; - } - - @Override - public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) { - return new byte[0]; + return apply(s -> { + String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), key); + byte[] encrypt = s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), keyHandle, alg, iv, PaddingUtil.PKCS7Padding(data)); + s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle); + return encrypt; + }); } @Override public byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) { - byte[] decrypt = apply(s -> s.getSdfApiAdapter().externalSymDecrypt(s.getSessionHandle(), key, alg, iv, data)); + byte[] decrypt = apply(s -> { + String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), key); + byte[] d = s.getSdfApiAdapter().symDecrypt(s.getSessionHandle(), keyHandle, alg, iv, data); + s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle); + return d; + }); return PaddingUtil.PKCS7Unpadding(decrypt); } @@ -102,7 +65,12 @@ public class LoadBalancedSdfApiService implements SdfApiService { @Override public byte[] calculateMAC(byte[] symKey, byte[] pucIv, byte[] pucData) { - return apply(s -> s.getSdfApiAdapter().calculateMAC(s.getSessionHandle(), symKey, AlgId.SGD_SM4_MAC, pucIv, pucData)); + return apply(s -> { + String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), symKey); + byte[] mac = s.getSdfApiAdapter().calculateMAC(s.getSessionHandle(), keyHandle, AlgId.SGD_SM4_MAC, pucIv, pucData); + s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle); + return mac; + }); } @Override @@ -112,12 +80,19 @@ public class LoadBalancedSdfApiService implements SdfApiService { @Override public byte[] hash(byte[] pucData) { - return apply(s -> s.getSdfApiAdapter().hashOperation(s.getSessionHandle(), AlgId.SGD_SM3, null, null, pucData)); + return apply(s -> { + String newSession = s.getSdfApiAdapter().openSession(s.getDeviceHandle()); + s.getSdfApiAdapter().hashInit(newSession, AlgId.SGD_SM3, null, null); + s.getSdfApiAdapter().hashUpdate(newSession, pucData); + byte[] hash = s.getSdfApiAdapter().hashFinish(newSession); + s.getSdfApiAdapter().closeSession(newSession); + return hash; + }); } @Override public byte[] encryptByTMK(byte[] data) { - byte[] pad = PaddingUtil.PKCS7Unpadding(data); + byte[] pad = PaddingUtil.PKCS7Padding(data); return apply(s -> s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, new byte[8], pad)); } diff --git a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/TMKContextFactory.java b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/TMKContextFactory.java index 03d79bc..87762b9 100644 --- a/chsm-web-server/src/main/java/com/sunyard/chsm/pool/TMKContextFactory.java +++ b/chsm-web-server/src/main/java/com/sunyard/chsm/pool/TMKContextFactory.java @@ -44,6 +44,7 @@ public class TMKContextFactory extends BasePooledObjectFactory { this.deviceHandle = sdfApiAdapter.openDevice(); hs = sdfApiAdapter.openSession(deviceHandle); } + keyHandle.setDeviceHandle(deviceHandle); keyHandle.setSessionHandle(hs); keyHandle.setEncTmk(context.getEncTmk()); diff --git a/chsm-web-server/src/test/java/sdf/BCSdfApiServiceTest.java b/chsm-web-server/src/test/java/sdf/BCSdfApiServiceTest.java index 40232e8..5e0ff3e 100644 --- a/chsm-web-server/src/test/java/sdf/BCSdfApiServiceTest.java +++ b/chsm-web-server/src/test/java/sdf/BCSdfApiServiceTest.java @@ -1,34 +1,34 @@ -package sdf; -import com.sunyard.chsm.WebServerApp; -import com.sunyard.chsm.enums.KeyAlg; -import com.sunyard.chsm.sdf.BCSdfApiService; -import lombok.extern.slf4j.Slf4j; -import org.junit.Assert; -import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; - -import java.util.Random; - - -@Slf4j -@SpringBootTest(classes = WebServerApp.class) -public class BCSdfApiServiceTest { - - @Autowired - private BCSdfApiService bcSdfApiService; - - // 对称加密解密测试 - @Test - void testSym() { - byte[] data = new byte[128]; - new Random().nextBytes( data ); - - byte[] key = bcSdfApiService.genSymKey( KeyAlg.SM4 ); - byte[] enData = bcSdfApiService.symEncrypt( KeyAlg.SM4, key, data ); - byte[] deData = bcSdfApiService.symDecrypt( KeyAlg.SM4, key, enData ); - - Assert.assertArrayEquals( data, deData ); - - } -} +//package sdf; +//import com.sunyard.chsm.WebServerApp; +//import com.sunyard.chsm.enums.KeyAlg; +//import com.sunyard.chsm.sdf.BCSdfApiService; +//import lombok.extern.slf4j.Slf4j; +//import org.junit.Assert; +//import org.junit.jupiter.api.Test; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.boot.test.context.SpringBootTest; +// +//import java.util.Random; +// +// +//@Slf4j +//@SpringBootTest(classes = WebServerApp.class) +//public class BCSdfApiServiceTest { +// +// @Autowired +// private BCSdfApiService bcSdfApiService; +// +// // 对称加密解密测试 +// @Test +// void testSym() { +// byte[] data = new byte[128]; +// new Random().nextBytes( data ); +// +// byte[] key = bcSdfApiService.genSymKey( KeyAlg.SM4 ); +// byte[] enData = bcSdfApiService.symEncrypt( KeyAlg.SM4, key, data ); +// byte[] deData = bcSdfApiService.symDecrypt( KeyAlg.SM4, key, enData ); +// +// Assert.assertArrayEquals( data, deData ); +// +// } +//}