修改编号 | 版本 | 修改内容 | 状态 | 修改人/ 日期 | 审批人/ 日期 |
1 | 0.5 | 初版 | Draft | 孙佳亮/2021/11/10 | |
2 | 0.51 | 1.支持UCM/CM/诊断读取上位机配置接口 2.优化验证书、验签接口 | Draft | 张亚茹 /2021/11/26 | |
3 | 0.52 | 修改《1.说明》:增加对平台lib的说明 | Draft | 张亚茹 /2021/12/17 | |
4 | 0.53 | 1.修改4.1 构造函数说明 2.修改入参cert短名变证书名 3.修改入参key短名变slotNum 4.GetKeyByObjectName变更为ExportKey 5.GenerateRandom 入参长度由uint8变成uint16 6.增加15接口: 1)GetCertName 2)GetKeySlotNum 3)GetCryptoAlgoNid 4)VerifyCertChainService 5)VerifyCertChainService(overload) 6)VerifySign(overload) 7)VerifySignByContext 8)VerifySignByContext(overload) 9)SignatureHash 10)SignatureContext 11)ExportCert 12)ImportKey 13)CreateHashCtx 14)SymmetricBlockInit 15)SymmetricStreamInit 7.类型定义3.2章节新增3个错误码 | Draft | 张亚茹 /2022/1/14 | |
5 | 0.54 | 修改接口4.4GetKeySlotNum 返回值的说明 | Draft | 张亚茹 /2022/2/15 | |
6 | 0.55 | 1.修改4.1 构造函数读取配置文件名 2.修改4.5 GetCryptoAlgoNid sm2相关 3.修改4.12 VerifySignByContext sm2相关NID 4.修改4.13 VerifySignByContext 5.修改4.15 SignatureContext 6.修改4.18,增加预留槽号的详细说明 | Draft | 张亚茹 /2022/3/14 | |
7 | 0.56 | 增加4.23 4.24 加密上下文初始化key | draft | 张亚茹 /2022/4/7 | |
8 | 0.57 | 增加4.25 客户端SSL Ctx上下文初始化 | Draft | 孙佳亮 /2022/4/12 | |
9 | 0.58 | 修改说明节,增加需要依赖的库libssl; 修改4.25节接口定义描述 | Draft | 孙佳亮 /2022/4/14 | |
10 | 0.59 | 增加公钥验签接口: 1、VerifySign(overload) 2、VerifySignByContext(overload) | Draft | 刘豪 /2022/5/10 | |
11 | 0.6 | 3.2 增加错误码 | Draft | 孙佳亮 /2022/5/17 | |
12 | 0.61 | 1、在3.2节enum CrytpoMWError中增加kImportCertFailed = 1013 2、增加4.28证书导入接口ImportCert | Draft | 刘豪 /2022/7/26 | |
13 | 0.7 | 提交评审 | In Review | 刘豪 /2022/7/26 | |
14 | 1.0 | 评审通过 | Approved | 刘豪 /2022/8/12 | 张会超 /2022/8/12 |
加密中间件模块为应用程序提供面向密码学服务的接口,该文档面向开发人员与测试人员。目的指导使用者用相关服务接口。加密服务的中间件将提供libcrypto_wrapper.a供应用程序调用。
libcrypto_wrapper.a 依赖的平台lib包括:
1)平台PER模块的lib:
ara::ara_kvstype
ara::ara_keyvaluestorage
2)平台Crypto模块的lib:
ara_crypto_api
nap_crypto_c_api
nap_cs_ipc_proto_cli
nap_cs_ipc_com_cli
nap_common
crypto
ssl
应用程序如果集成libcrypto_wrapper.a,需要在应用的CMakeLists.txt下增加对以上lib的依赖。
头文件包括:crypto_services_wrapper.h。
命名空间是middleware::cryptowrapper。
编号(No.) | SVN路径/文档名(Document Name) | 文档版本(Revision) |
编号 No | 缩写 Term/Abbreviation | 说明 Description |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00001 |
ASIL | QM |
Name | CryptoServicesWrapper |
Kind: | class |
Description | 加密中间件服务类定义。 |
Scope | namespace middleware::cryptowrapper |
Derived from | |
Header file | #include " crypto_services_wrapper.h " |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00002 | ||
ASIL | QM | ||
Name | CrytpoMWError | ||
Kind: | enum | ||
Description: | 接口执行结果定义 | ||
Symbol: | middleware::cryptowrapper::CrytpoMWError | ||
Scope: | namespace middleware::cryptowrapper | ||
Syntax: | enum CrytpoMWError { kSuccessed = 0, /* x509证书相关错误 */ /* 解析证书错误 */ kParseCertFailed = 1001, /* 解析根证书错误 */ kGetRootCertFailed = 1002, /* 证书验证错误 */ kVerifyCertFailed = 1003, /* 公钥加载错误 */ kLoadPublickeyFailed = 1004, /* 验签错误错误 */ kVerifySignFailed = 1005, /* crypto 未就绪 */ kCryptoNotReady = 1006, /* slot number 取值范围不正确*/ kSlotNumError = 1007, /* 加载私钥错误 */ kLoadPrivatekeyFailed = 1008, /* 签名失败 */ kSignatureFailed = 1009, /*ClientSSLCtxInit API导出证书失败 */ kExportCertFailed = 1010, /* ClientSSLCtxInit API导出密钥失败*/ kExportKeyFailed = 1011, /* ClientSSLCtxInit API初始化SSL CTX失败*/ kInitSSLCtxFailed = 1012, kImportCertFailed = 1013 /}; | ||
Values: | kSuccessed = 0 | 成功 | |
kParseCertFailed = 1001 | 解析证书错误 | ||
kGetRootCertFailed = 1002 | 解析根证书错误 | ||
kVerifyCertFailed = 1003 | 证书验证错误 | ||
kLoadPublickeyFailed = 1004 | 公钥加载错误 | ||
kVerifySignFailed = 1005 | 验签错误错误 | ||
kCryptoNotReady = 1006 | crypto 未就绪 | ||
kSlotNumError = 1007 | slot number 取值范围不正确 | ||
kLoadPrivatekeyFailed = 1008 | 加载私钥错误 | ||
kSignatureFailed = 1009 | 签名失败 | ||
kExportCertFailed = 1010 | ClientSSLCtxInit API导出证书失败 | ||
kExportKeyFailed = 1011 | ClientSSLCtxInit API导出密钥失败 | ||
kInitSSLCtxFailed = 1012 | ClientSSLCtxInit API初始化SSL CTX失败 | ||
kImportCertFailed = 1013 | 导入证书或证书链失败 | ||
Header file: | #include"crypto_services_wrapper.h" |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00002 |
ASIL | QM |
Name | class |
Kind: | class |
Description: | 为应用程序提供面向密码学服务的接口 |
Symbol: | namespace middleware::cryptowrapper::CryptoServicesWrapper |
Scope: | namespace middleware::cryptowrapper |
Syntax: | class CryptoServicesWrapper {…}; |
Header file: | #include " crypto_services_wrapper.h" |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00003 | |
ASIL | QM | |
Name | CryptoServicesWrapper:: CryptoServicesWrapper | |
Kind | CryptoServicesWrapper | |
Description | 通过构造函数,查找上位机下发的配置文件cryptoConfig.json(位于当前应用程序的etc/目录下)解析配置文件,创建证书、密钥、算法对应的配置映射表。 初始化加密模块的provider | |
Symbol | namespace middleware::cryptowrapper::CryptoServicesWrapper() | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | CryptoServicesWrapper::CryptoServicesWrapper() | |
Parameters (in) | none | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | none | |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: CryptoServicesWrapper instance; |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00004 | |
ASIL | QM | |
Name | CryptoServicesWrapper::~ CryptoServicesWrapper | |
Kind | ~CryptoServicesWrapper | |
Description | 释放加载的provider | |
Symbol | namespace middleware::cryptowrapper::~CryptoServicesWrapper() | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | CryptoServicesWrapper::~CryptoServicesWrapper() | |
Parameters (in) | none | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | none | |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00004 | |
ASIL | QM | |
Name | CryptoServicesWrapper::GetCertName | |
Kind | GetCertName | |
Description | 读取配置文件中的证书名 | |
Symbol | ara::core::String CryptoServicesWrapper::GetCertName(const std::string cert_short_name) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | ara::core::String GetCertName(const std::string cert_short_name) | |
Parameters (in) | cert_short_name | 上位机配置的证书短名 |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | ara::core::String | 非空 :配置的证书名 空: 未查找到指定配置 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: CryptoServicesWrapper instance; ara::core::String cert_name = instance.GetCertName ("RootCA"); |
|
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00005 | |
ASIL | QM | |
Name | CryptoServicesWrapper::GetKeySlotNum | |
Kind | GetKeySlotNum | |
Description | 读取配置文件中的slotNum | |
Symbol | size_t CryptoServicesWrapper::GetKeySlotNum(const std::string key_short_name) const | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | size_t GetKeySlotNum(const std::string key_short_name) const | |
Parameters (in) | key_short_name | 上位机配置的密钥短名 |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | size_t | >= 0 为配置的槽号 0XFFFFFFFF 或 -1LL 为无效槽号 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: CryptoServicesWrapper instance; size_t slot_num = instance.GetKeySlotNum("CmTlsServerClient"); |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00006 | |
ASIL | QM | |
Name | CryptoServicesWrapper::GetCryptoAlgoNid | |
Kind | GetCryptoAlgoNid | |
Description | 读取配置文件中的密钥算法 | |
Symbol | CryptoAlgoNid CryptoServicesWrapper::GetCryptoAlgoNid(const std::string primitive_name) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | CryptoAlgoNid GetCryptoAlgoNid(const std::string primitive_name) | |
Parameters (in) | primitive_name | 上位机配置的密钥算法短名 |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | CryptoAlgoNid | > 0 密钥算法值 = 0 未找到指定算法 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: CryptoServicesWrapper instance; CryptoAlgoNid alg_nid = instance. GetCryptoAlgoNid("EncryptionAES128GCM"); 目前支持的算法NID: kNID_sm1_ecb = 2000, kNID_sm1_cbc = 2001, kNID_aes_128_ecb = 418, kNID_aes_128_cbc = 419, kNID_aes_128_cfb128 = 421, kNID_aes_128_ctr = 904, kNID_aes_256_ecb = 426, kNID_aes_256_cbc = 427, kNID_aes_256_cfb128 = 429, kNID_aes_256_ctr =906, kNID_sm4_ecb =1133, kNID_sm4_cbc =1134, kNID_sm4_cfb128 =1137, kNID_sm4_ctr =1139, kNID_sha256 =672, kNID_sha1 = 64, kNID_sm3 = 1143, kNID_md5 = 4, kEVP_PKEY_SM2 =1172, kEVP_PKEY_EC =408, kEVP_PKEY_RSA =6, kNID_hkdf = 1036, kNID_sha256WithRSAEncryption = 668, kNID_sha1WithRSAEncryption = 65, kNID_ecdsa_with_SHA256 = 794, kNID_ecdsa_with_SHA1 = 416, ///签名算法SM2与SHA256 kNID_sm2_with_SHA256 = 1202, ///签名算法SM2与SHA1 kNID_sm2_with_SHA1 = 1201, ///签名算法SM2与SM3 kNID_sm2_with_SM3 = 1200, 上位机的配置可参考《NeuSAR aCore_使用手册_Crypto.docx》3.3.1章节。具体支持的算法描述如下: "SM1-ECB","SM1-CBC","AES-128-ECB","AES-128-CBC","AES-128-CFB","AES-128-CTR","AES-256-ECB","AES-256-CBC","AES-256-CFB","AES-256-CTR","SM4-ECB","SM4-CBC","SM4-CFB","SM4-CTR","SHA256","SHA1","SM3", "MD5","SM2",ECC","RSA", "HKDF","RSA-SHA256","RSA-SHA1","ECDSA-SHA256","ECDSA-SHA1 ", "SM2-SM3 ","SM2-SHA1","SM2-SHA256"。 |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00007 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifyCertService | |
Kind | VerifyCertService | |
Description | 对目标证书有效性进行验证。 | |
Symbol | int CryptoServicesWrapper::VerifyCertService(vector<uint8_t>&cert, ara::core::String ca_cert_name) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int VerifyCertService(vector<uint8_t>&cert, ara::core::String ca_cert_name) | |
Parameters (in) | cert | 待验证的验证的目标证书数据,证书编码为PEM或者DER编码 |
ca_cert_name | 应用模块依赖的证书名 | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | int | kSuccessed表示验证成功; kParseCertFailed 表示解析证书失败 kGetRootCertFailed 表示解析根证书失败 kVerifyCertFailed 表示证书验证失败 kCryptoNotReady 表示加密守护进程未就绪 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: vector<uint8_t> cert(certBuff, certBuff + readlen); CryptoServicesWrapper instance1; ret = instance1.VerifyCertService (cert, instance1.GetCertName("RootCA")); |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00008 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifyCertService | |
Kind | VerifyCertService | |
Description | 对目标证书有效性进行验证,验证成功后,返回证书对象的指针。 | |
Symbol | int CryptoServicesWrapper::VerifyCertService(vector<uint8_t>&cert, ara::core::String ca_cert_name, Certificate::Uptr &pstcert_uptr) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int VerifyCertService(vector<uint8_t>&cert, ara::core::String ca_cert_name, Certificate::Uptr &pstcert_uptr) | |
Parameters (in) | cert | 待验证的验证的目标证书数据,证书编码为PEM或者DER编码 |
ca_cert_name | 应用模块依赖的证书名 | |
Parameters (inout) | none | |
Parameters (out) | Certificate::Uptr & pstcert_uptr | 证书的对象指针的指针 |
Return value | int | kSuccessed表示验证成功; kParseCertFailed 表示解析证书失败 kGetRootCertFailed 表示解析根证书失败 kVerifyCertFailed 表示证书验证失败 kCryptoNotReady 表示加密守护进程未就绪 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: vector<uint8_t> cert(certBuff, certBuff + readlen); CryptoServicesWrapper instance2; Certificate::Uptr certUptr; ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr); if (ret == 0) { ret = instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign,std::move(certUptr)); } else { std::cout <<"Verify certificate Failed. "<< std::endl; } 返回验证证书成功后,再去读取证书对象的指针 |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00009 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifyCertChainService | |
Kind | VerifyCertChainService | |
Description | 对目标证书链有效性进行验证。 | |
Symbol | int CryptoServicesWrapper::VerifyCertChainService(vector<uint8_t>&chain, ara::core::String ca_cert_name) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int VerifyCertChainService(vector<uint8_t>&chain, ara::core::String ca_cert_name) | |
Parameters (in): | chain | 待验证的验证的目标证书链数据,证书链编码为PEM格式 |
ca_cert_name | 验证依赖的根证书名 | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | int | kSuccessed表示验证成功; kParseCertFailed 表示解析证书链失败 kGetRootCertFailed 表示解析根证书失败 kVerifyCertFailed 表示证书链验证失败 kCryptoNotReady 表示加密守护进程未就绪 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: vector<uint8_t> chain(chainBuff, chainBuff + readlen); CryptoServicesWrapper instance1; ret = instance1.VerifyCertChainService(chain, instance1.GetCertName ("RootCA")); |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00010 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifyCertChainService | |
Kind | VerifyCertChainService | |
Description | 对目标证书链有效性进行验证。 | |
Symbol | int CryptoServicesWrapper::VerifyCertChainService(vector<uint8_t>&chain, ara::core::String ca_cert_name, Certificate::Uptr &pstcert_uptr) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int VerifyCertChainService(vector<uint8_t>&chain, ara::core::String ca_cert_name, Certificate::Uptr &pstcert_uptr) | |
Parameters (in): | chain | 待验证的验证的目标证书链数据,证书链编码为PEM格式 |
ca_cert_name | 验证依赖的根证书名 | |
Parameters (inout): | none | |
Parameters (out) | Certificate::Uptr & pstcert_uptr | 底层证书对象的指针,用于后续的验签 |
Return value | int | kSuccessed表示验证成功; kParseCertFailed 表示解析证书链失败 kGetRootCertFailed 表示解析根证书失败 kVerifyCertFailed 表示证书链验证失败 kCryptoNotReady 表示加密进程未就绪 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: vector<uint8_t> chain(chainBuff, chainBuff + readlen); CryptoServicesWrapper instance2; Certificate::Uptr certUptr; ret = instance2.VerifyCertChainService(chain, instance1.GetCertName("RootCA"), certUptr); if (ret == 0) { ret = instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign, std::move(certUptr)); } else { std::cout <<"Verify certificate chain Failed. "<<std::endl; } 返回验证证书链成功后,再去读取底层证书对象的指针进行后续的验签操作 |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00011 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifySign | |
Kind | VerifySign | |
Description | 通过证书对象,对指定hash和验签算法的摘要数据进行数字签名的验签 | |
Symbol | int VerifySign(const CryptoAlgId alg_id, vector<uint8_t> &digest, vector<uint8_t> &sign, const Certificate::Uptr cert_uptr) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int CryptoServicesWrapper::VerifySign(const CryptoAlgId alg_id, vector<uint8_t>& digest, vector<uint8_t>&sign, const Certificate::Uptr cert_uptr) | |
Parameters (in) | alg_id | 摘要+验签算法: kNID_sha1WithRSAEncryption, kNID_sha256WithRSAEncryption kNID_ecdsa_with_SHA256 kNID_ecdsa_with_SHA1 |
digest | HASH数据 | |
sign | 签名数据 | |
cert_uptr | 证书的对象 | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | int | kSuccessed表示验签成功; kCryptoNotReady 表示加密守护进程未就绪; kVerifySignFailed 表示签名验证失败 kLoadPublickeyFailed 表示加载公钥失败 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: vector<uint8_t> cert(certBuff, certBuff + readlen); CryptoServicesWrapper instance2; Certificate::Uptr certUptr; ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr); if (ret == 0) { ret = instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign, std::move(certUptr)); } else { std::cout<<"Verify certificate Failed. "<< std::endl; } 该函数需要先拿到证书对象,在通过证书对象进行验签。该方法不支持国密证书验签。 |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00012 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifySign | |
Kind | VerifySign | |
Description | 通过指定槽号,对指定hash和验签算法的摘要数据进行数字签名的验签 | |
Symbol | int VerifySign(const CryptoAlgId alg_id, vector<uint8_t> &digest, vector<uint8_t> &sign, const size_t slot_num) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int CryptoServicesWrapper::VerifySign(const CryptoAlgId alg_id, vector<uint8_t> &digest, vector<uint8_t> &sign, const size_t slot_num) | |
Parameters (in) | alg_id | 摘要+验签算法: kNID_sha1WithRSAEncryption, kNID_sha256WithRSAEncryption kNID_ecdsa_with_SHA256 kNID_ecdsa_with_SHA1 |
digest | HASH数据 | |
sign | 签名数据 | |
slot_num | 指定公钥槽号 | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | int | kSuccessed表示验签成功; kCryptoNotReady 表示加密守护进程未就绪; kLoadPublickeyFailed 表示加载公钥失败 kVerifySignFailed 表示签名验证失败 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: vector<uint8_t> cert(certBuff, certBuff + readlen); CryptoServicesWrapper instance2; Certificate::Uptr certUptr; ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr); if (ret == 0) { size_t slotNum = CertUptr->GetPubKeySlotNumber(); ret = instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign, slotNum); } else { std::cout<<"Verify signature Failed. "<< std::endl; } 指定槽号公钥存在; 该方法不支持sm2公钥。 |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00013 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifySign | |
Kind | VerifySign | |
Description | 通过指定公钥,对指定hash和验签算法的摘要数据进行数字签名的验签 | |
Symbol | int VerifySign(const CryptoAlgId alg_id, vector<uint8_t>& digest, vector<uint8_t>&sign, vector<uint8_t>& public_key) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int CryptoServicesWrapper::VerifySign(const CryptoAlgId alg_id, vector<uint8_t>& digest, vector<uint8_t>&sign, vector<uint8_t>& public_key) | |
Parameters (in) | alg_id | 摘要+验签算法: kNID_sha1WithRSAEncryption, kNID_sha256WithRSAEncryption kNID_ecdsa_with_SHA256 kNID_ecdsa_with_SHA1 |
digest | HASH数据 | |
sign | 签名数据 | |
public_key | 公钥数据 | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | int | kSuccessed表示验签成功; kCryptoNotReady 表示加密守护进程未就绪; kLoadPublickeyFailed 表示加载公钥失败 kVerifySignFailed 表示签名验证失败 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: CryptoServicesWrapper instance2; /* 读openssl生成的存储公钥的pem文件*/ vector<uint8_t> Public_Key; Public_Key.clear(); readFile("/containers/NeuSARPlatform/work/common/publicSign/pubkey.pem", Public_Key); int ret=instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign, Public_Key); if(ret == 0){ std::cout<<"Verify signature success. "<< std::endl; } else { std::cout<<"Verify signature Failed. "<< std::endl; } 指定公钥存在; 该方法不支持sm2公钥。 |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00014 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifySignByContext | |
Kind | VerifySignByContext | |
Description | 通过证书对象,对指定hash和验签算法的原文进行数字签名的验签 | |
Symbol | int VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t>&sign, const Certificate::Uptr cert_uptr, const vector<uint8_t> sm2_id = {}) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int CryptoServicesWrapper::VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t> &sign, const Certificate::Uptr cert_uptr, const vector<uint8_t> sm2_id) | |
Parameters (in) | alg_id | 摘要+验签算法: kNID_sm2_with_SM3, kNID_sm2_with_SHA1, kNID_sm2_with_SHA256, kNID_sha1WithRSAEncryption, kNID_sha256WithRSAEncryption kNID_ecdsa_with_SHA256 kNID_ecdsa_with_SHA1 |
context | 原文数据 | |
sign | 签名数据 | |
cert_uptr | 证书的对象 | |
sm2_id | SM2验签时提供的用户ID信息,缺省为空 | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | int | kSuccessed表示验签成功; kCryptoNotReady 表示加密守护进程未就绪; kLoadPublickeyFailed 表示加载公钥失败 kVerifySignFailed 表示签名验证失败 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: vector<uint8_t> cert(certBuff, certBuff + readlen); CryptoServicesWrapper instance2; Certificate::Uptr certUptr; ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr); if (ret == 0) { ret = instance2.VerifySignByContext (CryptoAlgoNid::kNID_sha1WithRSAEncryption, context, sign, std::move(certUptr)); } else { std::cout<<"Verify certificate Failed. "<< std::endl; } 1.该函数需要先拿到证书对象指针,再通过证书对象指针进行原文验签。 2.sm_id非国密证书进行原文验签时,缺省为空;国密证书验签时可为空,非空时大小必须等于16字节,否则验签不过。 |
Interface ID | SWSD-cryptowrapper-InterfaceID-SDK-00015 | |
ASIL | QM | |
Name | CryptoServicesWrapper::VerifySignByContext | |
Kind | VerifySignByContext | |
Description | 通过公钥槽号,对指定hash和验签算法的原文进行数字签名的验签 | |
Symbol | int VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t>&sign, const size_t slot_num, const vector<uint8_t> sm2_id = {}) | |
Scope | namespace middleware::cryptowrapper | |
Visibility | public | |
Syntax | int CryptoServicesWrapper::VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t> &sign, const size_t slot_num, const vector<uint8_t> sm2_id) | |
Parameters (in) | alg_id | 摘要+验签算法: kNID_sm2_with_SM3, kNID_sm2_with_SHA1, kNID_sm2_with_SHA256, kNID_sha1WithRSAEncryption, kNID_sha256WithRSAEncryption kNID_ecdsa_with_SHA256 kNID_ecdsa_with_SHA1 |
context | 原文数据 | |
sign | 签名数据 | |
slot_num | 公钥槽号 | |
sm2_id | SM2验签时提供的用户ID信息,缺省为空 | |
Parameters (inout) | none | |
Parameters (out) | none | |
Return value | int | kSuccessed表示验签成功; kCryptoNotReady 表示加密守护进程未就绪; kLoadPublickeyFailed 表示加载公钥失败; kVerifySignFailed 表示签名验证失败 |
Exception Safety | none | |
Thread Safety | reentrant | |
Header file | #include " crypto_services_wrapper.h" | |
Note | 示例: vector<uint8_t> cert(certBuff, certBuff + readlen); CryptoServicesWrapper instance2; Certificate::Uptr certUptr; ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr); if (ret == 0) { size_t slotNum = certUptr->GetPubKeySlotNumber(); ret = instance2.VerifySignByContext (CryptoAlgoNid::kNID_sha1WithRSAEncryption, context, sign, slotNum); } else { std::cout<<"Verify certificate Failed. "<< std::endl; } 指定槽号公钥存在; sm_id非国密证书进行原文验签时,缺省为空;国密证书验签时可为空,非空时大小必须等于16字节,否则验签不过。 |