Skip to content
/ hsmconn Public

HSMConn全称为Hardware Security Module Connector,其定位为开发者提供商用密码异构硬件设备连接的统一接口开发库

hsmc.idslab.io

License

Apache-2.0 license
15 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hitsz-ids/hsmconn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github/workflows
.github/workflows
 
 
cmake
cmake
 
 
docs
docs
 
 
emu
emu
 
 
include/hsmc
include/hsmc
 
 
src
src
 
 
test
test
 
 
.clang-format
.clang-format
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hsmc-config.cmake.in
hsmc-config.cmake.in
 
 

Repository files navigation

概述

HSMConn是一个以C++语言封装的开发库(C++ Headers & Library)。面向需要进行国密改造的业务系统,为其提供异构厂商的密码设备调用能力。业务系统应用程序动态或静态链接HSMConn库可实现对底层包括服务器密码机、签名验签服务器、时间戳服务器等设备算力的统一访问。

您可以访问HSMConn官方网站 了解更多信息。

架构

HSMConn Architecture

HSMConn为应用程序或密码工具套件提供统一的HSMConn API接口,通过HSMConn库对底层异构密码设备的管理和调度,实现上层应用或密码工具对底层设备的透明访问。

在业务实际开发阶段,可借助自带的密码机软件模拟器提供的SDF接口库,实现业务开发测试闭环。在需要满足密评合规的场景下,无需更改业务代码,仅通过变更HSMConn配置,即可实现密评合规的无缝迁移。

开发

HSMConn使用cmake进行编译

第三方依赖

HSMConn依赖的三方库包括:

如果编译单元测试,则需要依赖以下库:

编译&安装

请准备好cmake编译环境以及以上依赖后,可执行:

mkdir build
cd build
cmake ..
make -j
make install

可根据编译需要,开启或关闭

  • HSMC_BUILD_WITH_OPENTELEMETRY, 启用SDF性能监控(可通过prometheus监控SDF相关metric)

集成示例

#include <iostream>
#include <hsmc/hsmc.h>

int main(int argc, char **argv) {
    if (argc < 2) {
        return -1;
    }

    // load configuration from yaml file
    hsmc::SessionFactory factory;
    factory.init(argv[1]);

    // create session pool and fetch a session
    hsmc::SessionPool pool(factory);
    auto session = pool.get();

    int kekIndex = 1;
    unsigned char dek[32] = {0};
    unsigned int deklen = 32;
    void *keyHandle = nullptr;

    // generate dek
    session.SDF_GenerateKeyWithKEK(128, SGD_SM4_ECB, kekIndex, dek,
                                   &deklen, &keyHandle);

    unsigned char plaintext[16] = "hello world!";
    unsigned char ciphertext[32] = {0};
    unsigned int ciphertextlen = sizeof(ciphertext);

    // encrypt plaintext with dek
    session.SDF_Encrypt(keyHandle, SGD_SM4_ECB, nullptr, plaintext,
                        sizeof(plaintext), ciphertext, &ciphertextlen);

    // destroy dek
    session.SDF_DestroyKey(keyHandle);
    keyHandle = nullptr;

    // import dek and the key handle returned
    session.SDF_ImportKeyWithKEK(SGD_SM4_ECB, kekIndex, dek,
                                 deklen, &keyHandle);

    unsigned char decrypttext[16] = {0};
    unsigned int decrypttextlen = sizeof(decrypttext);

    // decrypt ciphertext with the imported dek
    session.SDF_Decrypt(keyHandle, SGD_SM4_ECB, nullptr, ciphertext,
                        ciphertextlen, decrypttext, &decrypttextlen);

    if (memcmp(plaintext, decrypttext, sizeof(plaintext)) == 0) {
        std::cout << "SM4 ECB encrypt/decrypt success" << std::endl;
    } else {
        std::cout << "SM4 ECB encrypt/decrypt failed" << std::endl;
    }

    return 0;
}

更多使用方式,可以参考test中的单元测试示例

License

HSMConn is released under the Apache License 2.0 License.

About

HSMConn全称为Hardware Security Module Connector,其定位为开发者提供商用密码异构硬件设备连接的统一接口开发库

hsmc.idslab.io

Topics

encryption connector hsm sm2 sm3 sm4

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

15 stars

Watchers

5 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages