Sunyard/chsm-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sdf api

Browse Source
This commit is contained in:
liulu 2024-12-12 10:05:37 +08:00
parent 2250a6234b
commit 44161e70bb
10 changed files with 166 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
chsm-common/src/main/java/com/sunyard/chsm/sdf/AbstractSdfApiService.java
View File

@ -1,8 +1,6 @@
package com.sunyard.chsm.sdf; package com.sunyard.chsm.sdf;
import com.sunyard.chsm.enums.AlgMode;
import com.sunyard.chsm.enums.KeyAlg; import com.sunyard.chsm.enums.KeyAlg;
import com.sunyard.chsm.enums.Padding;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -27,10 +25,10 @@ public abstract class AbstractSdfApiService implements SdfApiService {
* 密钥长度根据 alg 指定的算法自动选择 * 密钥长度根据 alg 指定的算法自动选择
* @return 密钥 * @return 密钥
*/ */
@Override // @Override
public byte[] genSymKey(KeyAlg alg) { // public byte[] genSymKey(KeyAlg alg) {
return genSymKey( alg, algKeyLen.get( alg ) ); // return genSymKey( alg, algKeyLen.get( alg ) );
} // }
/** /**
@ -40,10 +38,10 @@ public abstract class AbstractSdfApiService implements SdfApiService {
* @param key 密钥值明文 * @param key 密钥值明文
* @param data 原始数据 * @param data 原始数据
*/ */
@Override // @Override
public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data){ // public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data){
return symEncrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data ); // return symEncrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data );
} // }
/** /**
@ -53,9 +51,9 @@ public abstract class AbstractSdfApiService implements SdfApiService {
* @param key 密钥值明文 * @param key 密钥值明文
* @param data 密文数据 * @param data 密文数据
*/ */
@Override // @Override
public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) { // public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) {
return symDecrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data ); // return symDecrypt( alg, AlgMode.ECB, Padding.PCKS5Padding, key, data );
} // }
} }

23
chsm-common/src/main/java/com/sunyard/chsm/sdf/SdfApiService.java
View File

@ -1,9 +1,6 @@
package com.sunyard.chsm.sdf; package com.sunyard.chsm.sdf;
import com.sunyard.chsm.enums.AlgMode;
import com.sunyard.chsm.enums.KeyAlg;
import com.sunyard.chsm.enums.Padding;
import com.sunyard.chsm.sdf.context.AlgId; import com.sunyard.chsm.sdf.context.AlgId;
import com.sunyard.chsm.sdf.model.EccKey; import com.sunyard.chsm.sdf.model.EccKey;
@ -32,23 +29,21 @@ public interface SdfApiService {
* 禁止传 null * 禁止传 null
* @return 对称密钥 * @return 对称密钥
*/ */
byte[] genSymKey(KeyAlg alg, Integer keyLen); // byte[] genSymKey(KeyAlg alg, Integer keyLen);
//
byte[] genSymKey(KeyAlg alg); // byte[] genSymKey(KeyAlg alg);
/** /**
* 对称加密 * 对称加密
* *
* @param alg 算法只支持对称算法 * @param alg 算法只支持对称算法
* @param mode 轮模式
* @param padding 填充模式
* @param key 密钥值明文 * @param key 密钥值明文
* @param data 原始数据 * @param data 原始数据
*/ */
byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data); // byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data);
//
byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data); // byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data);
byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data); byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data);
@ -61,9 +56,9 @@ public interface SdfApiService {
* @param padding 填充模式 * @param padding 填充模式
* @param data 密文数据 * @param data 密文数据
*/ */
byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data); // byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data);
//
byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data); // byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data);
byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data); byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data);

40
chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/BcSdfApiAdaptor.java
View File

@ -11,6 +11,7 @@ import com.sunyard.chsm.utils.gm.BCSM2Utils;
import com.sunyard.chsm.utils.gm.BCSM4Utils; import com.sunyard.chsm.utils.gm.BCSM4Utils;
import lombok.SneakyThrows; import lombok.SneakyThrows;
import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey; import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
@ -23,6 +24,7 @@ import java.math.BigInteger;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Map; import java.util.Map;
import java.util.Optional;
import java.util.UUID; import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
@ -62,7 +64,7 @@ public class BcSdfApiAdaptor implements SdfApiAdapter {
@Override @Override
public String openSession(String deviceHandle) { public String openSession(String deviceHandle) {
return "6975feaffaa35b31b6d4e4555ac403a1"; return UUID.randomUUID().toString();
} }
@Override @Override
@ -171,14 +173,9 @@ public class BcSdfApiAdaptor implements SdfApiAdapter {
@Override @Override
@SneakyThrows
public byte[] symEncrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucData) { public byte[] symEncrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucData) {
byte[] symKey = getSymKey(keyHandle); byte[] symKey = getSymKey(keyHandle);
return externalSymEncrypt(sessionHandle, symKey, alg, pucIv, pucData);
}
@Override
@SneakyThrows
public byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData) {
switch (alg) { switch (alg) {
case SGD_SM4_ECB: case SGD_SM4_ECB:
return BCSM4Utils.encrypt_ECB_NoPadding(symKey, pucData); return BCSM4Utils.encrypt_ECB_NoPadding(symKey, pucData);
@ -190,14 +187,9 @@ public class BcSdfApiAdaptor implements SdfApiAdapter {
} }
@Override @Override
@SneakyThrows
public byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData) { public byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData) {
byte[] symKey = getSymKey(keyHandle); byte[] symKey = getSymKey(keyHandle);
return externalSymDecrypt(sessionHandle, symKey, alg, pucIv, pucEncData);
}
@Override
@SneakyThrows
public byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData) {
switch (alg) { switch (alg) {
case SGD_SM4_ECB: case SGD_SM4_ECB:
return BCSM4Utils.decrypt_ECB_NoPadding(symKey, pucEncData); return BCSM4Utils.decrypt_ECB_NoPadding(symKey, pucEncData);
@ -215,32 +207,34 @@ public class BcSdfApiAdaptor implements SdfApiAdapter {
} }
@Override @Override
@SneakyThrows
public byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData) { public byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData) {
return new byte[0]; byte[] symKey = getSymKey(keyHandle);
return BCSM4Utils.doCBCMac(symKey, pucIv, null, pucData);
} }
@Override protected static final Map<String, SM3Digest> HASH_CONTEXT = new ConcurrentHashMap<>();
public byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData) {
return new byte[0];
}
@Override @Override
public int hashInit(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID) { public int hashInit(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID) {
HASH_CONTEXT.put(sessionHandle, new SM3Digest());
return 0; return 0;
} }
@Override @Override
public int hashUpdate(String sessionHandle, byte[] pucData) { public int hashUpdate(String sessionHandle, byte[] pucData) {
Optional.ofNullable(HASH_CONTEXT.get(sessionHandle))
.ifPresent(it -> it.update(pucData, 0, pucData.length));
return 0; return 0;
} }
@Override @Override
public byte[] hashFinish(String sessionHandle) { public byte[] hashFinish(String sessionHandle) {
return new byte[0]; SM3Digest digest = HASH_CONTEXT.remove(sessionHandle);
Assert.notNull(digest, "session异常");
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
return hash;
} }
@Override
public byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData) {
return new byte[0];
}
} }

68
chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/JnaSdfAdaptor.java
View File

@ -206,25 +206,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter {
return pucEncData; return pucEncData;
} }
@Override
public byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData) {
int uiDataLength = pucData.length;
byte[] pucEncData = new byte[uiDataLength];
Pointer hSessionHandle = getSessionHandle(sessionHandle);
int length = symKey.length;
PointerByReference phKeyHandle = new PointerByReference();
// 先导入密钥
sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle);
//加密
Pointer hKeyHandle = phKeyHandle.getValue();
IntByReference puiLength = new IntByReference();
sdfLibrary.SDF_Encrypt(hSessionHandle, hKeyHandle, getAlgId(alg),
pucIv, pucData, uiDataLength, pucEncData, puiLength);
// 使用后销毁密钥
sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle);
return pucEncData;
}
@Override @Override
public byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData) { public byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData) {
Pointer hSessionHandle = getSessionHandle(sessionHandle); Pointer hSessionHandle = getSessionHandle(sessionHandle);
@ -238,26 +219,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter {
return pucData; return pucData;
} }
@Override
public byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData) {
int uiEncDataLength = pucEncData.length;
byte[] pucData = new byte[uiEncDataLength];
PointerByReference phKeyHandle = new PointerByReference();
Pointer hSessionHandle = getSessionHandle(sessionHandle);
int length = symKey.length;
// 导入会话密钥
sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle);
// 解密
Pointer hKeyHandle = phKeyHandle.getValue();
IntByReference puiLength = new IntByReference();
sdfLibrary.SDF_Decrypt(hSessionHandle, hKeyHandle, getAlgId(alg),
pucIv, pucEncData, uiEncDataLength, pucData, puiLength);
// 销毁会话密钥
sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle);
return pucData;
}
@Override @Override
public byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData) { public byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData) {
Pointer hSessionHandle = getSessionHandle(sessionHandle); Pointer hSessionHandle = getSessionHandle(sessionHandle);
@ -272,24 +233,6 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter {
return pucMac; return pucMac;
} }
@Override
public byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData) {
PointerByReference phKeyHandle = new PointerByReference();
Pointer hSessionHandle = getSessionHandle(sessionHandle);
int length = symKey.length;
// 导入会话密钥
sdfLibrary.SDF_ImportKey(hSessionHandle, symKey, length, phKeyHandle);
int uiMacLength = pucData.length;
byte[] pucMac = new byte[uiMacLength];
Pointer hKeyHandle = phKeyHandle.getValue();
IntByReference puiLength = new IntByReference();
sdfLibrary.SDF_CalculateMAC(hSessionHandle, hKeyHandle, getAlgId(uiAlg), pucIv, pucData, uiMacLength, pucMac, puiLength);
// 销毁会话密钥
sdfLibrary.SDF_DestroyKey(hSessionHandle, hKeyHandle);
return pucMac;
}
@Override @Override
public int hashInit(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID) { public int hashInit(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID) {
Pointer hSessionHandle = getSessionHandle(sessionHandle); Pointer hSessionHandle = getSessionHandle(sessionHandle);
@ -312,15 +255,4 @@ public abstract class JnaSdfAdaptor implements SdfApiAdapter {
return pucHash; return pucHash;
} }
@Override
public byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData) {
Pointer hSessionHandle = getSessionHandle(sessionHandle);
byte[] pubPub = pucPublicKey == null ? null : pucPublicKey.toSdfData();
sdfLibrary.SDF_HashInit(hSessionHandle, getAlgId(AlgId.SGD_SM3), pubPub, pucID, pucID.length);
sdfLibrary.SDF_HashUpdate(hSessionHandle, pucData, pucData.length);
byte[] pucHash = new byte[32];
IntByReference puiLength = new IntByReference();
sdfLibrary.SDF_HashFinal(hSessionHandle, pucHash, puiLength);
return pucHash;
}
} }

8
chsm-common/src/main/java/com/sunyard/chsm/sdf/adapter/SdfApiAdapter.java
View File

@ -120,8 +120,6 @@ public interface SdfApiAdapter {
*/ */
byte[] symEncrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucData); byte[] symEncrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucData);
byte[] externalSymEncrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucData);
/** /**
* 对称解密 * 对称解密
* *
@ -134,8 +132,6 @@ public interface SdfApiAdapter {
*/ */
byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData); byte[] symDecrypt(String sessionHandle, String keyHandle, AlgId alg, byte[] pucIv, byte[] pucEncData);
byte[] externalSymDecrypt(String sessionHandle, byte[] symKey, AlgId alg, byte[] pucIv, byte[] pucEncData);
/** /**
* @param sessionHandle 与设备建立的会话句柄 * @param sessionHandle 与设备建立的会话句柄
* @param keyHandle 指定的密钥句柄 * @param keyHandle 指定的密钥句柄
@ -145,7 +141,6 @@ public interface SdfApiAdapter {
* @return MAC值 * @return MAC值
*/ */
byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData); byte[] calculateMAC(String sessionHandle, String keyHandle, AlgId uiAlg, byte[] pucIv, byte[] pucData);
byte[] calculateMAC(String sessionHandle, byte[] symKey, AlgId uiAlg, byte[] pucIv, byte[] pucData);
/** /**
* 杂凑运算初始化 * 杂凑运算初始化
@ -175,7 +170,4 @@ public interface SdfApiAdapter {
*/ */
byte[] hashFinish(String sessionHandle); byte[] hashFinish(String sessionHandle);
byte[] hashOperation(String sessionHandle, AlgId alg, EccPubKey pucPublicKey, byte[] pucID, byte[] pucData);
} }

110
chsm-web-manage/src/main/java/com/sunyard/chsm/sdf/SingleSdfApiService.java
View File

@ -1,9 +1,6 @@
package com.sunyard.chsm.sdf; package com.sunyard.chsm.sdf;
import com.sunyard.chsm.enums.AlgMode;
import com.sunyard.chsm.enums.DeviceTmkStatus; import com.sunyard.chsm.enums.DeviceTmkStatus;
import com.sunyard.chsm.enums.KeyAlg;
import com.sunyard.chsm.enums.Padding;
import com.sunyard.chsm.mapper.SpDeviceMapper; import com.sunyard.chsm.mapper.SpDeviceMapper;
import com.sunyard.chsm.model.dto.DeviceCheckRes; import com.sunyard.chsm.model.dto.DeviceCheckRes;
import com.sunyard.chsm.model.entity.Device; import com.sunyard.chsm.model.entity.Device;
@ -14,12 +11,16 @@ import com.sunyard.chsm.sdf.context.AlgId;
import com.sunyard.chsm.sdf.model.DeviceInfo; import com.sunyard.chsm.sdf.model.DeviceInfo;
import com.sunyard.chsm.sdf.model.EccCipher; import com.sunyard.chsm.sdf.model.EccCipher;
import com.sunyard.chsm.sdf.model.EccKey; import com.sunyard.chsm.sdf.model.EccKey;
import com.sunyard.chsm.sdf.util.PaddingUtil;
import com.sunyard.chsm.service.TmkService; import com.sunyard.chsm.service.TmkService;
import lombok.RequiredArgsConstructor; import com.sunyard.chsm.utils.gm.BCSM3Utils;
import lombok.NoArgsConstructor;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import javax.annotation.Resource;
import java.util.Objects; import java.util.Objects;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
@ -29,88 +30,103 @@ import java.util.concurrent.TimeUnit;
* @since 2024/12/11 * @since 2024/12/11
*/ */
@Service @Service
@RequiredArgsConstructor @NoArgsConstructor
public class SingleSdfApiService implements SdfApiService, InitializingBean { public class SingleSdfApiService implements SdfApiService, InitializingBean {
private String tmkHandle; private String tmkHandle;
private String deviceHandle;
private String sessionHandle; private String sessionHandle;
private SdfApiAdapter sdfApiAdapter; private SdfApiAdapter sdfApiAdapter;
private final TmkService tmkService;
private final SpDeviceMapper spDeviceMapper; @Resource
public TmkService tmkService;
@Resource
private SpDeviceMapper spDeviceMapper;
public SingleSdfApiService(SdfApiAdapter sdfApiAdapter) {
this.sdfApiAdapter = sdfApiAdapter;
this.deviceHandle = sdfApiAdapter.openDevice();
this.sessionHandle = sdfApiAdapter.openSession(deviceHandle);
}
@Override @Override
public byte[] generateRandom(int len) { public byte[] generateRandom(int len) {
return new byte[0]; checkStatus();
} return sdfApiAdapter.generateRandom(sessionHandle, len);
@Override
public byte[] genSymKey(KeyAlg alg, Integer keyLen) {
return new byte[0];
}
@Override
public byte[] genSymKey(KeyAlg alg) {
return new byte[0];
}
@Override
public byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) {
return new byte[0];
}
@Override
public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data) {
return new byte[0];
} }
@Override @Override
public byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) { public byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) {
return new byte[0]; checkStatus();
} byte[] pad = PaddingUtil.PKCS7Padding(data);
String hk = sdfApiAdapter.importKey(sessionHandle, key);
@Override byte[] encrypt = sdfApiAdapter.symEncrypt(sessionHandle, hk, alg, iv, pad);
public byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) { sdfApiAdapter.destroyKey(sessionHandle, hk);
return new byte[0]; return encrypt;
}
@Override
public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) {
return new byte[0];
} }
@Override @Override
public byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) { public byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) {
return new byte[0]; checkStatus();
String hk = sdfApiAdapter.importKey(sessionHandle, key);
byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, hk, alg, iv, data);
sdfApiAdapter.destroyKey(sessionHandle, hk);
return PaddingUtil.PKCS7Unpadding(decrypt);
} }
@Override @Override
public EccKey genKeyPairEcc() { public EccKey genKeyPairEcc() {
return null; checkStatus();
return sdfApiAdapter.generateKeyPairECC(sessionHandle, AlgId.SGD_SM2_1);
} }
@Override @Override
public byte[] calculateMAC(byte[] symKey, byte[] pucIv, byte[] pucData) { public byte[] calculateMAC(byte[] symKey, byte[] pucIv, byte[] pucData) {
return new byte[0]; checkStatus();
String hk = sdfApiAdapter.importKey(sessionHandle, symKey);
byte[] mac = sdfApiAdapter.calculateMAC(sessionHandle, hk, AlgId.SGD_SM4_MAC, pucIv, pucData);
sdfApiAdapter.destroyKey(sessionHandle, hk);
return mac;
} }
@Override @Override
public byte[] hmac(byte[] key, byte[] srcData) { public byte[] hmac(byte[] key, byte[] srcData) {
return new byte[0]; return BCSM3Utils.hmac(key, srcData);
} }
@Override @Override
public byte[] hash(byte[] pucData) { public byte[] hash(byte[] pucData) {
return new byte[0]; checkStatus();
String newSession = sdfApiAdapter.openSession(deviceHandle);
sdfApiAdapter.hashInit(newSession, AlgId.SGD_SM3, null, null);
sdfApiAdapter.hashUpdate(newSession, pucData);
byte[] hash = sdfApiAdapter.hashFinish(newSession);
sdfApiAdapter.closeSession(newSession);
return hash;
} }
@Override @Override
public byte[] encryptByTMK(byte[] data) { public byte[] encryptByTMK(byte[] data) {
checkKey();
byte[] pad = PaddingUtil.PKCS7Padding(data);
sdfApiAdapter.symEncrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, new byte[8], pad);
return new byte[0]; return new byte[0];
} }
@Override @Override
public byte[] decryptByTMK(byte[] data) { public byte[] decryptByTMK(byte[] data) {
return new byte[0]; checkKey();
byte[] decrypt = sdfApiAdapter.symDecrypt(sessionHandle, tmkHandle, AlgId.SGD_SM4_CBC, new byte[8], data);
return PaddingUtil.PKCS7Unpadding(decrypt);
}
private void checkStatus() {
Assert.notNull(sdfApiAdapter, "没有可用设备");
}
private void checkKey() {
checkStatus();
Assert.hasText(tmkHandle, "没有可用的主密钥设备");
} }
private void changeDevice(boolean tmkInit) { private void changeDevice(boolean tmkInit) {
@ -120,8 +136,8 @@ public class SingleSdfApiService implements SdfApiService, InitializingBean {
DeviceCheckRes checkRes = tmkService.checkDevice(device); DeviceCheckRes checkRes = tmkService.checkDevice(device);
if (!checkRes.isHasError()) { if (!checkRes.isHasError()) {
this.sdfApiAdapter = checkRes.getSdfApiAdapter(); this.sdfApiAdapter = checkRes.getSdfApiAdapter();
String hd = sdfApiAdapter.openDevice(); this.deviceHandle = sdfApiAdapter.openDevice();
this.sessionHandle = sdfApiAdapter.openSession(hd); this.sessionHandle = sdfApiAdapter.openSession(deviceHandle);
if (tmkInit) { if (tmkInit) {
sdfApiAdapter.getPrivateKeyAccessRight(sessionHandle, device.getEncKeyIdx(), device.getAccessCredentials().getBytes()); sdfApiAdapter.getPrivateKeyAccessRight(sessionHandle, device.getEncKeyIdx(), device.getAccessCredentials().getBytes());
this.tmkHandle = sdfApiAdapter.importKeyWithISKECC(sessionHandle, device.getEncKeyIdx(), EccCipher.fromHex(device.getEncTmk())); this.tmkHandle = sdfApiAdapter.importKeyWithISKECC(sessionHandle, device.getEncKeyIdx(), EccCipher.fromHex(device.getEncTmk()));

7
chsm-web-server/src/main/java/com/sunyard/chsm/pool/DeviceManager.java
View File

@ -17,8 +17,7 @@ import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.pool2.impl.GenericObjectPool; import org.apache.commons.pool2.impl.GenericObjectPool;
import org.apache.commons.pool2.impl.GenericObjectPoolConfig; import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
import org.springframework.boot.ApplicationArguments; import org.springframework.beans.factory.InitializingBean;
import org.springframework.boot.ApplicationRunner;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils; import org.springframework.util.CollectionUtils;
@ -44,7 +43,7 @@ import java.util.stream.Collectors;
@Slf4j @Slf4j
@Component @Component
@RequiredArgsConstructor @RequiredArgsConstructor
public class DeviceManager implements ApplicationRunner { public class DeviceManager implements InitializingBean {
private static final Map<Long, AtomicInteger> ROUND_MAP = new HashMap<>(); private static final Map<Long, AtomicInteger> ROUND_MAP = new HashMap<>();
@ -238,7 +237,7 @@ public class DeviceManager implements ApplicationRunner {
} }
@Override @Override
public void run(ApplicationArguments args) throws Exception { public void afterPropertiesSet() throws Exception {
Executors.newSingleThreadScheduledExecutor() Executors.newSingleThreadScheduledExecutor()
.scheduleWithFixedDelay(this::syncDevice, 0L, 5L, TimeUnit.MINUTES); .scheduleWithFixedDelay(this::syncDevice, 0L, 5L, TimeUnit.MINUTES);
} }

79
chsm-web-server/src/main/java/com/sunyard/chsm/pool/LoadBalancedSdfApiService.java
View File

@ -1,8 +1,5 @@
package com.sunyard.chsm.pool; package com.sunyard.chsm.pool;
import com.sunyard.chsm.enums.AlgMode;
import com.sunyard.chsm.enums.KeyAlg;
import com.sunyard.chsm.enums.Padding;
import com.sunyard.chsm.sdf.SdfApiService; import com.sunyard.chsm.sdf.SdfApiService;
import com.sunyard.chsm.sdf.context.AlgId; import com.sunyard.chsm.sdf.context.AlgId;
import com.sunyard.chsm.sdf.model.EccKey; import com.sunyard.chsm.sdf.model.EccKey;
@ -40,58 +37,24 @@ public class LoadBalancedSdfApiService implements SdfApiService {
return apply(s -> s.getSdfApiAdapter().generateRandom(s.getSessionHandle(), len)); return apply(s -> s.getSdfApiAdapter().generateRandom(s.getSessionHandle(), len));
} }
@Override
public byte[] genSymKey(KeyAlg alg, Integer keyLen) {
return generateRandom(keyLen);
}
@Override
public byte[] genSymKey(KeyAlg alg) {
return generateRandom(16);
}
@Override
public byte[] symEncrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) {
byte[] paddingData = null;
switch (padding) {
case NOPadding:
paddingData = data;
break;
case PCKS5Padding:
paddingData = PaddingUtil.PKCS5Padding(data);
break;
case PCKS7Padding:
paddingData = PaddingUtil.PKCS7Padding(data);
break;
}
byte[] finalPaddingData = paddingData;
return apply(s -> s.getSdfApiAdapter()
.externalSymEncrypt(s.getSessionHandle(), key, null, null, finalPaddingData));
}
@Override
public byte[] symEncrypt(KeyAlg alg, byte[] key, byte[] data) {
return new byte[0];
}
@Override @Override
public byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) { public byte[] symEncrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) {
return apply(s -> s.getSdfApiAdapter().externalSymEncrypt(s.getSessionHandle(), key, alg, iv, PaddingUtil.PKCS7Padding(data))); return apply(s -> {
} String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), key);
byte[] encrypt = s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), keyHandle, alg, iv, PaddingUtil.PKCS7Padding(data));
@Override s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle);
public byte[] symDecrypt(KeyAlg alg, AlgMode mode, Padding padding, byte[] key, byte[] data) { return encrypt;
return new byte[0]; });
}
@Override
public byte[] symDecrypt(KeyAlg alg, byte[] key, byte[] data) {
return new byte[0];
} }
@Override @Override
public byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) { public byte[] symDecrypt(AlgId alg, byte[] key, byte[] iv, byte[] data) {
byte[] decrypt = apply(s -> s.getSdfApiAdapter().externalSymDecrypt(s.getSessionHandle(), key, alg, iv, data)); byte[] decrypt = apply(s -> {
String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), key);
byte[] d = s.getSdfApiAdapter().symDecrypt(s.getSessionHandle(), keyHandle, alg, iv, data);
s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle);
return d;
});
return PaddingUtil.PKCS7Unpadding(decrypt); return PaddingUtil.PKCS7Unpadding(decrypt);
} }
@ -102,7 +65,12 @@ public class LoadBalancedSdfApiService implements SdfApiService {
@Override @Override
public byte[] calculateMAC(byte[] symKey, byte[] pucIv, byte[] pucData) { public byte[] calculateMAC(byte[] symKey, byte[] pucIv, byte[] pucData) {
return apply(s -> s.getSdfApiAdapter().calculateMAC(s.getSessionHandle(), symKey, AlgId.SGD_SM4_MAC, pucIv, pucData)); return apply(s -> {
String keyHandle = s.getSdfApiAdapter().importKey(s.getSessionHandle(), symKey);
byte[] mac = s.getSdfApiAdapter().calculateMAC(s.getSessionHandle(), keyHandle, AlgId.SGD_SM4_MAC, pucIv, pucData);
s.getSdfApiAdapter().destroyKey(s.getSessionHandle(), keyHandle);
return mac;
});
} }
@Override @Override
@ -112,12 +80,19 @@ public class LoadBalancedSdfApiService implements SdfApiService {
@Override @Override
public byte[] hash(byte[] pucData) { public byte[] hash(byte[] pucData) {
return apply(s -> s.getSdfApiAdapter().hashOperation(s.getSessionHandle(), AlgId.SGD_SM3, null, null, pucData)); return apply(s -> {
String newSession = s.getSdfApiAdapter().openSession(s.getDeviceHandle());
s.getSdfApiAdapter().hashInit(newSession, AlgId.SGD_SM3, null, null);
s.getSdfApiAdapter().hashUpdate(newSession, pucData);
byte[] hash = s.getSdfApiAdapter().hashFinish(newSession);
s.getSdfApiAdapter().closeSession(newSession);
return hash;
});
} }
@Override @Override
public byte[] encryptByTMK(byte[] data) { public byte[] encryptByTMK(byte[] data) {
byte[] pad = PaddingUtil.PKCS7Unpadding(data); byte[] pad = PaddingUtil.PKCS7Padding(data);
return apply(s -> s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, new byte[8], pad)); return apply(s -> s.getSdfApiAdapter().symEncrypt(s.getSessionHandle(), s.getKeyHandle(), AlgId.SGD_SM4_CBC, new byte[8], pad));
} }

1
chsm-web-server/src/main/java/com/sunyard/chsm/pool/TMKContextFactory.java
View File

@ -44,6 +44,7 @@ public class TMKContextFactory extends BasePooledObjectFactory<TMKContext> {
this.deviceHandle = sdfApiAdapter.openDevice(); this.deviceHandle = sdfApiAdapter.openDevice();
hs = sdfApiAdapter.openSession(deviceHandle); hs = sdfApiAdapter.openSession(deviceHandle);
} }
keyHandle.setDeviceHandle(deviceHandle);
keyHandle.setSessionHandle(hs); keyHandle.setSessionHandle(hs);
keyHandle.setEncTmk(context.getEncTmk()); keyHandle.setEncTmk(context.getEncTmk());

68
chsm-web-server/src/test/java/sdf/BCSdfApiServiceTest.java
View File

@ -1,34 +1,34 @@
package sdf; //package sdf;
import com.sunyard.chsm.WebServerApp; //import com.sunyard.chsm.WebServerApp;
import com.sunyard.chsm.enums.KeyAlg; //import com.sunyard.chsm.enums.KeyAlg;
import com.sunyard.chsm.sdf.BCSdfApiService; //import com.sunyard.chsm.sdf.BCSdfApiService;
import lombok.extern.slf4j.Slf4j; //import lombok.extern.slf4j.Slf4j;
import org.junit.Assert; //import org.junit.Assert;
import org.junit.jupiter.api.Test; //import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; //import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest; //import org.springframework.boot.test.context.SpringBootTest;
//
import java.util.Random; //import java.util.Random;
//
//
@Slf4j //@Slf4j
@SpringBootTest(classes = WebServerApp.class) //@SpringBootTest(classes = WebServerApp.class)
public class BCSdfApiServiceTest { //public class BCSdfApiServiceTest {
//
@Autowired // @Autowired
private BCSdfApiService bcSdfApiService; // private BCSdfApiService bcSdfApiService;
//
// 对称加密解密测试 // // 对称加密解密测试
@Test // @Test
void testSym() { // void testSym() {
byte[] data = new byte[128]; // byte[] data = new byte[128];
new Random().nextBytes( data ); // new Random().nextBytes( data );
//
byte[] key = bcSdfApiService.genSymKey( KeyAlg.SM4 ); // byte[] key = bcSdfApiService.genSymKey( KeyAlg.SM4 );
byte[] enData = bcSdfApiService.symEncrypt( KeyAlg.SM4, key, data ); // byte[] enData = bcSdfApiService.symEncrypt( KeyAlg.SM4, key, data );
byte[] deData = bcSdfApiService.symDecrypt( KeyAlg.SM4, key, enData ); // byte[] deData = bcSdfApiService.symDecrypt( KeyAlg.SM4, key, enData );
//
Assert.assertArrayEquals( data, deData ); // Assert.assertArrayEquals( data, deData );
//
} // }
} //}