Logo
中文版
详情联系: neusar-support@reachauto.com
API 文档
变更履历
修改编号版本修改内容状态修改人/ 日期审批人/ 日期
10.5初版Draft孙佳亮/2021/11/10
20.511.支持UCM/CM/诊断读取上位机配置接口 2.优化验证书、验签接口Draft张亚茹 /2021/11/26
30.52修改《1.说明》:增加对平台lib的说明 Draft张亚茹 /2021/12/17
40.531.修改4.1 构造函数说明
2.修改入参cert短名变证书名
3.修改入参key短名变slotNum
4.GetKeyByObjectName变更为ExportKey
5.GenerateRandom 入参长度由uint8变成uint16
6.增加15接口:
1)GetCertName
2)GetKeySlotNum
3)GetCryptoAlgoNid
4)VerifyCertChainService
5)VerifyCertChainService(overload)
6)VerifySign(overload)
7)VerifySignByContext
8)VerifySignByContext(overload)
9)SignatureHash
10)SignatureContext
11)ExportCert
12)ImportKey
13)CreateHashCtx
14)SymmetricBlockInit
15)SymmetricStreamInit
7.类型定义3.2章节新增3个错误码
Draft张亚茹 /2022/1/14
50.54修改接口4.4GetKeySlotNum 返回值的说明Draft张亚茹 /2022/2/15
60.551.修改4.1 构造函数读取配置文件名
2.修改4.5 GetCryptoAlgoNid sm2相关
3.修改4.12 VerifySignByContext sm2相关NID
4.修改4.13 VerifySignByContext
5.修改4.15 SignatureContext
6.修改4.18,增加预留槽号的详细说明
Draft张亚茹 /2022/3/14
70.56增加4.23 4.24 加密上下文初始化keydraft张亚茹 /2022/4/7
80.57增加4.25 客户端SSL Ctx上下文初始化Draft孙佳亮 /2022/4/12
90.58修改说明节,增加需要依赖的库libssl; 修改4.25节接口定义描述Draft孙佳亮 /2022/4/14
100.59增加公钥验签接口: 1、VerifySign(overload) 2、VerifySignByContext(overload)Draft刘豪 /2022/5/10
110.63.2 增加错误码Draft孙佳亮 /2022/5/17
120.611、在3.2节enum CrytpoMWError中增加kImportCertFailed = 1013 2、增加4.28证书导入接口ImportCertDraft刘豪 /2022/7/26
130.7提交评审In Review刘豪 /2022/7/26
141.0评审通过Approved刘豪 /2022/8/12张会超 /2022/8/12

目录

1 引言

1.1 目的(Goal)

加密中间件模块为应用程序提供面向密码学服务的接口,该文档面向开发人员与测试人员。目的指导使用者用相关服务接口。加密服务的中间件将提供libcrypto_wrapper.a供应用程序调用。

libcrypto_wrapper.a 依赖的平台lib包括:

1)平台PER模块的lib:

ara::ara_kvstype

ara::ara_keyvaluestorage

2)平台Crypto模块的lib:

ara_crypto_api

nap_crypto_c_api

nap_cs_ipc_proto_cli

nap_cs_ipc_com_cli

nap_common

crypto

ssl

应用程序如果集成libcrypto_wrapper.a,需要在应用的CMakeLists.txt下增加对以上lib的依赖。

头文件包括:crypto_services_wrapper.h。

命名空间是middleware::cryptowrapper。

1.2 范围(Scope)

1.3 参考文档(Reference)

编号(No.)SVN路径/文档名(Document Name)文档版本(Revision)

1.4 术语及缩略语(Term and abbreviations)

编号 No缩写 Term/Abbreviation说明 Description

2 DataType

2.1 CryptoServicesWrapper

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00001
ASILQM
NameCryptoServicesWrapper
Kind:class
Description加密中间件服务类定义。
Scopenamespace middleware::cryptowrapper
Derived from
Header file#include " crypto_services_wrapper.h "


2.2 CrytpoMWError

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00002
ASILQM
NameCrytpoMWError
Kind:enum
Description:接口执行结果定义
Symbol:middleware::cryptowrapper::CrytpoMWError
Scope:namespace middleware::cryptowrapper
Syntax:enum CrytpoMWError { kSuccessed = 0,
/* x509证书相关错误 */

/* 解析证书错误 */
kParseCertFailed = 1001,
/* 解析根证书错误 */
kGetRootCertFailed = 1002,
/* 证书验证错误 */
kVerifyCertFailed = 1003,
/* 公钥加载错误 */
kLoadPublickeyFailed = 1004,
/* 验签错误错误 */
kVerifySignFailed = 1005,
/* crypto 未就绪 */
kCryptoNotReady = 1006,
/* slot number 取值范围不正确*/
kSlotNumError = 1007,
/* 加载私钥错误 */
kLoadPrivatekeyFailed = 1008,
/* 签名失败 */
kSignatureFailed = 1009,
/*ClientSSLCtxInit API导出证书失败 */
kExportCertFailed = 1010,
/* ClientSSLCtxInit API导出密钥失败*/
kExportKeyFailed = 1011,
/* ClientSSLCtxInit API初始化SSL CTX失败*/
kInitSSLCtxFailed = 1012,
kImportCertFailed = 1013
/};
Values:kSuccessed = 0成功
kParseCertFailed = 1001解析证书错误
kGetRootCertFailed = 1002解析根证书错误
kVerifyCertFailed = 1003证书验证错误
kLoadPublickeyFailed = 1004公钥加载错误
kVerifySignFailed = 1005验签错误错误
kCryptoNotReady = 1006crypto 未就绪
kSlotNumError = 1007slot number 取值范围不正确
kLoadPrivatekeyFailed = 1008加载私钥错误
kSignatureFailed = 1009签名失败
kExportCertFailed = 1010ClientSSLCtxInit API导出证书失败
kExportKeyFailed = 1011ClientSSLCtxInit API导出密钥失败
kInitSSLCtxFailed = 1012ClientSSLCtxInit API初始化SSL CTX失败
kImportCertFailed = 1013导入证书或证书链失败
Header file:#include"crypto_services_wrapper.h"

3 API

3.1 CryptoServicesWrapper

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00002
ASILQM
Nameclass
Kind:class
Description:为应用程序提供面向密码学服务的接口
Symbol:namespace middleware::cryptowrapper::CryptoServicesWrapper
Scope:namespace middleware::cryptowrapper
Syntax:class CryptoServicesWrapper {…};
Header file:#include " crypto_services_wrapper.h"

3.1.1 CryptoServicesWrapper::CryptoServicesWrapper

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00003
ASILQM
NameCryptoServicesWrapper:: CryptoServicesWrapper
KindCryptoServicesWrapper
Description通过构造函数,查找上位机下发的配置文件cryptoConfig.json(位于当前应用程序的etc/目录下)解析配置文件,创建证书、密钥、算法对应的配置映射表。 初始化加密模块的provider
Symbolnamespace middleware::cryptowrapper::CryptoServicesWrapper()
Scopenamespace middleware::cryptowrapper
Visibilitypublic
SyntaxCryptoServicesWrapper::CryptoServicesWrapper()
Parameters (in)none
Parameters (inout)none
Parameters (out)none
Return valuenone
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例: CryptoServicesWrapper instance;

3.1.2 CryptoServicesWrapper::~CryptoServicesWrapper

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00004
ASILQM
NameCryptoServicesWrapper::~ CryptoServicesWrapper
Kind~CryptoServicesWrapper
Description释放加载的provider
Symbolnamespace middleware::cryptowrapper::~CryptoServicesWrapper()
Scopenamespace middleware::cryptowrapper
Visibilitypublic
SyntaxCryptoServicesWrapper::~CryptoServicesWrapper()
Parameters (in)none
Parameters (inout)none
Parameters (out)none
Return valuenone
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note

3.1.3 CryptoServicesWrapper::GetCertName

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00004
ASILQM
NameCryptoServicesWrapper::GetCertName
KindGetCertName
Description读取配置文件中的证书名
Symbolara::core::String CryptoServicesWrapper::GetCertName(const std::string cert_short_name)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxara::core::String GetCertName(const std::string cert_short_name)
Parameters (in)cert_short_name上位机配置的证书短名
Parameters (inout)none
Parameters (out)none
Return valueara::core::String非空 :配置的证书名 空: 未查找到指定配置
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例: CryptoServicesWrapper instance; ara::core::String cert_name = instance.GetCertName ("RootCA");

|

3.1.4 CryptoServicesWrapper::GetKeySlotNum

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00005
ASILQM
NameCryptoServicesWrapper::GetKeySlotNum
KindGetKeySlotNum
Description读取配置文件中的slotNum
Symbolsize_t CryptoServicesWrapper::GetKeySlotNum(const std::string key_short_name) const
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxsize_t GetKeySlotNum(const std::string key_short_name) const
Parameters (in)key_short_name上位机配置的密钥短名
Parameters (inout)none
Parameters (out)none
Return valuesize_t>= 0 为配置的槽号 0XFFFFFFFF 或 -1LL 为无效槽号
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例: CryptoServicesWrapper instance; size_t slot_num = instance.GetKeySlotNum("CmTlsServerClient");

3.1.5 CryptoServicesWrapper::GetCryptoAlgoNid

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00006
ASILQM
NameCryptoServicesWrapper::GetCryptoAlgoNid
KindGetCryptoAlgoNid
Description读取配置文件中的密钥算法
SymbolCryptoAlgoNid CryptoServicesWrapper::GetCryptoAlgoNid(const std::string primitive_name)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
SyntaxCryptoAlgoNid GetCryptoAlgoNid(const std::string primitive_name)
Parameters (in)primitive_name上位机配置的密钥算法短名
Parameters (inout)none
Parameters (out)none
Return valueCryptoAlgoNid> 0 密钥算法值 = 0 未找到指定算法
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例: CryptoServicesWrapper instance;
CryptoAlgoNid alg_nid = instance. GetCryptoAlgoNid("EncryptionAES128GCM");
目前支持的算法NID:
kNID_sm1_ecb = 2000,
kNID_sm1_cbc = 2001,
kNID_aes_128_ecb = 418,
kNID_aes_128_cbc = 419,
kNID_aes_128_cfb128 = 421,
kNID_aes_128_ctr = 904,
kNID_aes_256_ecb = 426,
kNID_aes_256_cbc = 427,
kNID_aes_256_cfb128 = 429,
kNID_aes_256_ctr =906,
kNID_sm4_ecb =1133,
kNID_sm4_cbc =1134,
kNID_sm4_cfb128 =1137,
kNID_sm4_ctr =1139,
kNID_sha256 =672,
kNID_sha1 = 64,
kNID_sm3 = 1143,
kNID_md5 = 4,
kEVP_PKEY_SM2 =1172,
kEVP_PKEY_EC =408,
kEVP_PKEY_RSA =6,
kNID_hkdf = 1036,
kNID_sha256WithRSAEncryption = 668,
kNID_sha1WithRSAEncryption = 65,
kNID_ecdsa_with_SHA256 = 794,
kNID_ecdsa_with_SHA1 = 416,
///签名算法SM2与SHA256
kNID_sm2_with_SHA256 = 1202,
///签名算法SM2与SHA1
kNID_sm2_with_SHA1 = 1201,
///签名算法SM2与SM3
kNID_sm2_with_SM3 = 1200,
上位机的配置可参考《NeuSAR aCore_使用手册_Crypto.docx》3.3.1章节。具体支持的算法描述如下:
"SM1-ECB","SM1-CBC","AES-128-ECB","AES-128-CBC","AES-128-CFB","AES-128-CTR","AES-256-ECB","AES-256-CBC","AES-256-CFB","AES-256-CTR","SM4-ECB","SM4-CBC","SM4-CFB","SM4-CTR","SHA256","SHA1","SM3", "MD5","SM2",ECC","RSA", "HKDF","RSA-SHA256","RSA-SHA1","ECDSA-SHA256","ECDSA-SHA1 ", "SM2-SM3 ","SM2-SHA1","SM2-SHA256"。

3.1.6 CryptoServicesWrapper::VerifyCertService

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00007
ASILQM
NameCryptoServicesWrapper::VerifyCertService
KindVerifyCertService
Description对目标证书有效性进行验证。
Symbolint CryptoServicesWrapper::VerifyCertService(vector<uint8_t>&cert, ara::core::String ca_cert_name)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint VerifyCertService(vector<uint8_t>&cert, ara::core::String ca_cert_name)
Parameters (in)cert待验证的验证的目标证书数据,证书编码为PEM或者DER编码
ca_cert_name应用模块依赖的证书名
Parameters (inout)none
Parameters (out)none
Return valueintkSuccessed表示验证成功; kParseCertFailed 表示解析证书失败 kGetRootCertFailed 表示解析根证书失败 kVerifyCertFailed 表示证书验证失败 kCryptoNotReady 表示加密守护进程未就绪
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
vector<uint8_t> cert(certBuff, certBuff + readlen);
CryptoServicesWrapper instance1;
ret = instance1.VerifyCertService (cert, instance1.GetCertName("RootCA"));


3.1.7 CryptoServicesWrapper::VerifyCertService(overloaded)

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00008
ASILQM
NameCryptoServicesWrapper::VerifyCertService
KindVerifyCertService
Description对目标证书有效性进行验证,验证成功后,返回证书对象的指针。
Symbolint CryptoServicesWrapper::VerifyCertService(vector<uint8_t>&cert, ara::core::String ca_cert_name, Certificate::Uptr &pstcert_uptr)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint VerifyCertService(vector<uint8_t>&cert, ara::core::String ca_cert_name, Certificate::Uptr &pstcert_uptr)
Parameters (in) cert待验证的验证的目标证书数据,证书编码为PEM或者DER编码
ca_cert_name应用模块依赖的证书名
Parameters (inout)none
Parameters (out)Certificate::Uptr & pstcert_uptr证书的对象指针的指针
Return valueintkSuccessed表示验证成功; kParseCertFailed 表示解析证书失败 kGetRootCertFailed 表示解析根证书失败 kVerifyCertFailed 表示证书验证失败 kCryptoNotReady 表示加密守护进程未就绪
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例: vector<uint8_t> cert(certBuff, certBuff + readlen);
CryptoServicesWrapper instance2;
Certificate::Uptr certUptr;
ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr);
if (ret == 0)
{
ret = instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign,std::move(certUptr));
}
else {
std::cout <<"Verify certificate Failed. "<< std::endl; }
返回验证证书成功后,再去读取证书对象的指针

3.1.8 CryptoServicesWrapper::VerifyCertChainService

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00009
ASILQM
NameCryptoServicesWrapper::VerifyCertChainService
KindVerifyCertChainService
Description对目标证书链有效性进行验证。
Symbolint CryptoServicesWrapper::VerifyCertChainService(vector<uint8_t>&chain, ara::core::String ca_cert_name)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint VerifyCertChainService(vector<uint8_t>&chain, ara::core::String ca_cert_name)
Parameters (in):chain待验证的验证的目标证书链数据,证书链编码为PEM格式
ca_cert_name验证依赖的根证书名
Parameters (inout)none
Parameters (out)none
Return valueintkSuccessed表示验证成功;
kParseCertFailed 表示解析证书链失败
kGetRootCertFailed 表示解析根证书失败
kVerifyCertFailed 表示证书链验证失败
kCryptoNotReady 表示加密守护进程未就绪
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
vector<uint8_t> chain(chainBuff, chainBuff + readlen);
CryptoServicesWrapper instance1;
ret = instance1.VerifyCertChainService(chain, instance1.GetCertName ("RootCA"));

3.1.9 CryptoServicesWrapper::VerifyCertChainService(overloaded)

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00010
ASILQM
NameCryptoServicesWrapper::VerifyCertChainService
KindVerifyCertChainService
Description对目标证书链有效性进行验证。
Symbolint CryptoServicesWrapper::VerifyCertChainService(vector<uint8_t>&chain, ara::core::String ca_cert_name, Certificate::Uptr &pstcert_uptr)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint VerifyCertChainService(vector<uint8_t>&chain, ara::core::String ca_cert_name, Certificate::Uptr &pstcert_uptr)
Parameters (in):chain待验证的验证的目标证书链数据,证书链编码为PEM格式
ca_cert_name验证依赖的根证书名
Parameters (inout):none
Parameters (out)Certificate::Uptr & pstcert_uptr底层证书对象的指针,用于后续的验签
Return valueintkSuccessed表示验证成功;
kParseCertFailed 表示解析证书链失败
kGetRootCertFailed 表示解析根证书失败
kVerifyCertFailed 表示证书链验证失败
kCryptoNotReady 表示加密进程未就绪
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
vector<uint8_t> chain(chainBuff, chainBuff + readlen);
CryptoServicesWrapper instance2;
Certificate::Uptr certUptr;
ret = instance2.VerifyCertChainService(chain, instance1.GetCertName("RootCA"), certUptr);
if (ret == 0)
{
ret = instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign, std::move(certUptr));
}
else {
std::cout <<"Verify certificate chain Failed. "<<std::endl; }
返回验证证书链成功后,再去读取底层证书对象的指针进行后续的验签操作

3.1.10 CryptoServicesWrapper::VerifySign

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00011
ASILQM
NameCryptoServicesWrapper::VerifySign
KindVerifySign
Description通过证书对象,对指定hash和验签算法的摘要数据进行数字签名的验签
Symbolint VerifySign(const CryptoAlgId alg_id, vector<uint8_t> &digest, vector<uint8_t> &sign, const Certificate::Uptr cert_uptr)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::VerifySign(const CryptoAlgId alg_id, vector<uint8_t>& digest, vector<uint8_t>&sign, const Certificate::Uptr cert_uptr)
Parameters (in)alg_id摘要+验签算法:
kNID_sha1WithRSAEncryption,
kNID_sha256WithRSAEncryption
kNID_ecdsa_with_SHA256
kNID_ecdsa_with_SHA1
digestHASH数据
sign签名数据
cert_uptr证书的对象
Parameters (inout)none
Parameters (out)none
Return valueintkSuccessed表示验签成功;
kCryptoNotReady 表示加密守护进程未就绪;
kVerifySignFailed 表示签名验证失败
kLoadPublickeyFailed 表示加载公钥失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
vector<uint8_t> cert(certBuff, certBuff + readlen);
CryptoServicesWrapper instance2;
Certificate::Uptr certUptr;
ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr);
if (ret == 0)
{
ret = instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign, std::move(certUptr));
}
else {
std::cout<<"Verify certificate Failed. "<< std::endl;
} 该函数需要先拿到证书对象,在通过证书对象进行验签。该方法不支持国密证书验签。

3.1.11 CryptoServicesWrapper::VerifySign(overloaded)

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00012
ASILQM
NameCryptoServicesWrapper::VerifySign
KindVerifySign
Description通过指定槽号,对指定hash和验签算法的摘要数据进行数字签名的验签
Symbolint VerifySign(const CryptoAlgId alg_id, vector<uint8_t> &digest, vector<uint8_t> &sign, const size_t slot_num)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::VerifySign(const CryptoAlgId alg_id, vector<uint8_t> &digest, vector<uint8_t> &sign, const size_t slot_num)
Parameters (in)alg_id摘要+验签算法:
kNID_sha1WithRSAEncryption,
kNID_sha256WithRSAEncryption
kNID_ecdsa_with_SHA256
kNID_ecdsa_with_SHA1
digestHASH数据
sign签名数据
slot_num指定公钥槽号
Parameters (inout)none
Parameters (out)none
Return valueintkSuccessed表示验签成功;
kCryptoNotReady 表示加密守护进程未就绪;
kLoadPublickeyFailed 表示加载公钥失败
kVerifySignFailed 表示签名验证失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
vector<uint8_t> cert(certBuff, certBuff + readlen);
CryptoServicesWrapper instance2;
Certificate::Uptr certUptr;
ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr);
if (ret == 0)
{
size_t slotNum = CertUptr->GetPubKeySlotNumber();
ret = instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign, slotNum);
}
else {
std::cout<<"Verify signature Failed. "<< std::endl;
} 指定槽号公钥存在;
该方法不支持sm2公钥。

3.1.12 CryptoServicesWrapper::VerifySign(overloaded)

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00013
ASILQM
NameCryptoServicesWrapper::VerifySign
KindVerifySign
Description通过指定公钥,对指定hash和验签算法的摘要数据进行数字签名的验签
Symbolint VerifySign(const CryptoAlgId alg_id, vector<uint8_t>& digest, vector<uint8_t>&sign, vector<uint8_t>& public_key)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::VerifySign(const CryptoAlgId alg_id, vector<uint8_t>& digest, vector<uint8_t>&sign, vector<uint8_t>& public_key)
Parameters (in)alg_id摘要+验签算法: kNID_sha1WithRSAEncryption, kNID_sha256WithRSAEncryption kNID_ecdsa_with_SHA256 kNID_ecdsa_with_SHA1
digestHASH数据
sign签名数据
public_key公钥数据
Parameters (inout)none
Parameters (out)none
Return valueintkSuccessed表示验签成功; kCryptoNotReady 表示加密守护进程未就绪; kLoadPublickeyFailed 表示加载公钥失败 kVerifySignFailed 表示签名验证失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance2;
/* 读openssl生成的存储公钥的pem文件*/
vector<uint8_t> Public_Key;
Public_Key.clear();
readFile("/containers/NeuSARPlatform/work/common/publicSign/pubkey.pem", Public_Key);
int ret=instance2.VerifySign(CryptoAlgoNid::kNID_sha1WithRSAEncryption,sha1mesg, sign, Public_Key);
if(ret == 0){
std::cout<<"Verify signature success. "<< std::endl;
}
else {
std::cout<<"Verify signature Failed. "<< std::endl;
}
指定公钥存在;
该方法不支持sm2公钥。

3.1.13 CryptoServicesWrapper::VerifySignByContext

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00014
ASILQM
NameCryptoServicesWrapper::VerifySignByContext
KindVerifySignByContext
Description通过证书对象,对指定hash和验签算法的原文进行数字签名的验签
Symbol int VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t>&sign, const Certificate::Uptr cert_uptr, const vector<uint8_t> sm2_id = {})
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t> &sign, const Certificate::Uptr cert_uptr, const vector<uint8_t> sm2_id)
Parameters (in)alg_id摘要+验签算法: kNID_sm2_with_SM3, kNID_sm2_with_SHA1, kNID_sm2_with_SHA256, kNID_sha1WithRSAEncryption, kNID_sha256WithRSAEncryption kNID_ecdsa_with_SHA256 kNID_ecdsa_with_SHA1
context原文数据
sign签名数据
cert_uptr证书的对象
sm2_idSM2验签时提供的用户ID信息,缺省为空
Parameters (inout)none
Parameters (out)none
Return valueintkSuccessed表示验签成功; kCryptoNotReady 表示加密守护进程未就绪; kLoadPublickeyFailed 表示加载公钥失败 kVerifySignFailed 表示签名验证失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
vector<uint8_t> cert(certBuff, certBuff + readlen);
CryptoServicesWrapper instance2;
Certificate::Uptr certUptr;
ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr);
if (ret == 0)
{
ret = instance2.VerifySignByContext (CryptoAlgoNid::kNID_sha1WithRSAEncryption, context, sign,
std::move(certUptr));
}
else {
std::cout<<"Verify certificate Failed. "<< std::endl; }
1.该函数需要先拿到证书对象指针,再通过证书对象指针进行原文验签。
2.sm_id非国密证书进行原文验签时,缺省为空;国密证书验签时可为空,非空时大小必须等于16字节,否则验签不过。

3.1.14 CryptoServicesWrapper::VerifySignByContext(overloaded)

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00015
ASILQM
NameCryptoServicesWrapper::VerifySignByContext
KindVerifySignByContext
Description通过公钥槽号,对指定hash和验签算法的原文进行数字签名的验签
Symbol int VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t>&sign, const size_t slot_num, const vector<uint8_t> sm2_id = {})
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t> &sign, const size_t slot_num, const vector<uint8_t> sm2_id)
Parameters (in)alg_id摘要+验签算法:
kNID_sm2_with_SM3,
kNID_sm2_with_SHA1,
kNID_sm2_with_SHA256,
kNID_sha1WithRSAEncryption,
kNID_sha256WithRSAEncryption
kNID_ecdsa_with_SHA256
kNID_ecdsa_with_SHA1
context原文数据
sign签名数据
slot_num公钥槽号
sm2_idSM2验签时提供的用户ID信息,缺省为空
Parameters (inout)none
Parameters (out)none
Return valueintkSuccessed表示验签成功;
kCryptoNotReady 表示加密守护进程未就绪;
kLoadPublickeyFailed 表示加载公钥失败;
kVerifySignFailed 表示签名验证失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
vector<uint8_t> cert(certBuff, certBuff + readlen); CryptoServicesWrapper instance2;
Certificate::Uptr certUptr;
ret = instance2.VerifyCertService(cert, instance2.GetCertName("RootCA"), certUptr);
if (ret == 0)
{
size_t slotNum = certUptr->GetPubKeySlotNumber();
ret = instance2.VerifySignByContext (CryptoAlgoNid::kNID_sha1WithRSAEncryption, context, sign, slotNum);
}
else {
std::cout<<"Verify certificate Failed. "<< std::endl;
}
指定槽号公钥存在;
sm_id非国密证书进行原文验签时,缺省为空;国密证书验签时可为空,非空时大小必须等于16字节,否则验签不过。

3.1.15 CryptoServicesWrapper::VerifySignByContext(overloaded)

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00016
ASILQM
NameCryptoServicesWrapper::VerifySignByContext
KindVerifySignByContext
Description通过公钥,对指定hash和验签算法的原文进行数字签名的验签
Symbol int VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t> &sign, vector<uint8_t>& public_key, const vector<uint8_t> sm2_id = {})
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::VerifySignByContext(const CryptoAlgId alg_id, vector<uint8_t> &context, vector<uint8_t> &sign, vector<uint8_t>& public_key, const vector<uint8_t> sm2_id)
Parameters (in)alg_id摘要+验签算法:
kNID_sm2_with_SM3,
kNID_sm2_with_SHA1,
kNID_sm2_with_SHA256,
kNID_sha1WithRSAEncryption,
kNID_sha256WithRSAEncryption
kNID_ecdsa_with_SHA256
kNID_ecdsa_with_SHA1
context原文数据
sign签名数据
public_key公钥数据
sm2_idSM2验签时提供的用户ID信息,缺省为空
Parameters (inout)none
Parameters (out)none
Return valueintkSuccessed表示验签成功;
kCryptoNotReady 表示加密守护进程未就绪;
kLoadPublickeyFailed 表示加载公钥失败;
kVerifySignFailed 表示签名验证失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance2;
/* 读openssl生成的存储公钥的pem文件*/
vector<uint8_t> Public_Key;
Public_Key.clear();
readFile("/containers/NeuSARPlatform/work/common/publicSign/pubkey.pem", Public_Key);
int ret = instance2.VerifySignByContext (CryptoAlgoNid::kNID_sha1WithRSAEncryption, context, sign, Public_Key, sm2_id);
if(ret == 0){
std::cout<<" Verify signature success. "<< std::endl;
}
else {
std::cout<<" Verify signature Failed. "<< std::endl;
}
公钥存在;
sm_id非国密证书进行原文验签时,缺省为空;国密证书验签时可为空,非空时大小必须等于16字节,否则验签不过

3.1.16 CryptoServicesWrapper::SignatureHash

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00017
ASILQM
NameCryptoServicesWrapper::SignatureHash
KindSignatureHash
Description通过私钥槽号获取私钥对象,对指定hash和验签算法的摘要数据进行数字签名
Symbol int SignatureHash(const CryptoAlgId alg_id, vector<uint8_t> &digest, const size_t slot_num, vector<uint8_t> &sign)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::SignatureHash(const CryptoAlgId alg_id, vector<uint8_t> &digest, const size_t slot_num, vector<uint8_t> &sign)
Parameters (in)alg_id摘要+验签算法:
kNID_sha1WithRSAEncryption,
kNID_sha256WithRSAEncryption
kNID_ecdsa_with_SHA256
kNID_ecdsa_with_SHA1
digestHASH数据
slot_num私钥槽号
Parameters (inout)none
Parameters (out)sign签名数据
Return valueintkSuccessed表示签名成功;
kLoadPrivatekeyFailed 加载私钥失败;
kSignatureFailed 签名失败;
kCryptoNotReady 加密守护进程未就绪;
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
vector<uint8_t> signature;
ret = instance.SignatureHash(CryptoAlgoNid::kNID_sha1WithRSAEncryption, sha1mesg, 88, signature);
if ((ret == 0) && (signature.size() >0))
{
NAP_PRINT_OK("Signature Ok."<< "signature size:" << dec <<signature.size());
}
else
{
NAP_PRINT_DEBUG("Signature failed. ret: "<<dec <<ret)
NAP_PRINT_ERR("Signature Failed.====");
}
指定槽号上存在私钥
不支持SM2签名
调用者需要判断返回值, 并根据出参signature的size来确认是否签名成功

3.1.17 CryptoServicesWrapper::SignatureContext

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00018
ASILQM
NameCryptoServicesWrapper::SignatureContext
KindSignatureContext
Description通过私钥槽号获取私钥对象,对指定hash和验签算法的原文进行数字签名
Symbolint SignatureContext(const CryptoAlgId alg_id, vector<uint8_t> &context, const size_t slot_num, vector<uint8_t>&sign, const vector<uint8_t> sm2_id = {})
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::SignatureContext(const CryptoAlgId alg_id, vector<uint8_t> &context, const size_t slot_num, vector<uint8_t>&sign, const vector<uint8_t> sm2_id)
Parameters (in)alg_id摘要+验签算法:
kNID_sm2_with_SM3,
kNID_sm2_with_SHA1,
kNID_sm2_with_SHA256,
kNID_sha1WithRSAEncryption,
kNID_sha256WithRSAEncryption
kNID_ecdsa_with_SHA256
kNID_ecdsa_with_SHA1
context原文数据
slot_num私钥槽号
sm2_idSM2签名时提供的用户ID信息,缺省为空
Parameters (inout)none
Parameters (out)sign签名数据
Return valueintkSuccessed表示签名成功;
kLoadPrivatekeyFailed 加载私钥失败;
kSignatureFailed 签名失败;
kCryptoNotReady 加密守护进程未就绪;
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance;
vector<uint8_t> signature;
ret = instance.SignatureContext (CryptoAlgoNid::kNID_sha1WithRSAEncryption, context, instance.GetKeySlotNum("DmPrivateKey "), signature);
指定槽号上存在私钥;
调用者需要判断返回值, 并根据出参signature的size来确认是否签名成功;
sm_id非国密证书进行原文验签时,此参数不填,默认缺省为空;
国密证书验签时可为空,非空时大小必须等于16字节,否则会签名失败。

3.1.18 CryptoServicesWrapper::ExportCert

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00019
ASILQM
NameCryptoServicesWrapper::ExportCert
KindExportCert
Description导出指定证书
Symbolint ExportCert(ara::core::String cert_name, vector<uint8_t> &cert)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::ExportCert(ara::core::String cert_name, vector<uint8_t> &cert)
Parameters (in)cert_name指定证书名
Parameters (inout)none
Parameters (out)cert_buffer证书的二进制数据
Return valueint0-成功 其他-失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance;
vector<uint8_t> cert;
ret = instance.ExportCert(instance.GetCertName("RootCA"), cert);
std::cout << "key size "<< dec << cert.size()<< std::endl;
调用者需要判断返回值,并根据出参cert的size来确认是否获取到证书数据

3.1.19 CryptoServicesWrapper::ExportKey

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00020
ASILQM
NameCryptoServicesWrapper::ExportKey
KindExportKey
Description导出对应槽号上的的密钥
Symbolint ExportKey(const size_t slot_num, vector<uint8_t> &key)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::ExportKey(const size_t slot_num, vector<uint8_t> &key)
Parameters (in)slot_num指定槽号
Parameters (inout)none
Parameters (out)key对应槽号上的密钥
Return valueint0-成功 其他-失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance;
vector<uint8_t> key;
ret = instance.ExportKey(instance.GetKeySlotNum("CmTlsServerClient"), key);
std::cout << "key size "<< dec << key.size()<< std::endl;
调用者需要判断返回值,并根据出参key的size来确认是否获取到密钥


3.1.20 CryptoServicesWrapper::ImportKey

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00021
ASILQM
NameCryptoServicesWrapper::ImportKey
KindImportKey
Description导入秘钥
Symbolint ImportKey(const size_t slot_num, vector<uint8_t> &key, const CryptoObjectType object_type = CryptoObjectType::kUnknown)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::ImportKey(const size_t slot_num, vector<uint8_t> &key, const CryptoObjectType object_type)
Parameters (in)slot_num槽号(非易失性槽)
key导入的密钥值
object_type预期的对象类型 默认值ObjectType :: kUnknown表示不检查导入密钥类型
Parameters (inout)none
Parameters (out)none
Return valueint成功 CryptoMWError::kSlotNumError 错误的槽号 其他-失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
unsigned char key[16] = {0x10, 0x11, 0x12, 0x13, 0x14,0x15, 0x16, 0x17, 0x18, 0x09, 0x0a,0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
vector<uint8_t> symmetric_key(key, key+16);
CryptoServicesWrapper instance;
ret = instance.ImportKey (32, symmetric_key, ObjectType::kSymmetricKey);
非易失性槽号定义:
0-31:存储种子信息;
32-63:存储对称密钥;
64-95:偶数槽号存私钥,奇数槽号存公钥,成对出现;
96-127:存储证书信息;
128-159:存储签名信息;
160-191:存储PasswordHash信息;
192-255:预留映射到PKI和HSM,用于安全芯片的密钥的存储和读取
预留槽号192-255详细划分:
192-207(16):偶数 映射 PKI私钥文件路径, 奇数 映射 PKI 证书路径;
208-223(16):偶数 存储 HSM 的私钥文件ID,奇数 存储 HSM的证书ID;
224-239(16):存储 HSM对应的对称密钥ID;
240-255(16):存储 HSM对应的非对称密钥ID,偶数对应私钥, 奇数对应公钥。

3.1.21 CryptoServicesWrapper::CreateHashCtx

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00022
ASILQM
NameCryptoServicesWrapper::CreateHashCtx
KindCreateHashCtx
Description创建散列计算对象上下文
SymbolHashFunctionCtx::Uptr CreateHashCtx(const CryptoAlgoNid hash_alg_id)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
SyntaxHashFunctionCtx::Uptr CryptoServicesWrapper::CreateHashCtx(const CryptoAlgoNid hash_alg_id)
Parameters (in)hash_alg_id指定的hash算法
Parameters (inout)none
Parameters (out)none
Return valueHashFunctionCtxhash对象上下文
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance;
HashFunctionCtx::Uptr hash_ctx = instance.CreateHashCtx(CryptoAlgoNid::kNID_sha256);
返回值判断非空后再做后续的操作,否则将导致应用进程崩溃

3.1.22 CryptoServicesWrapper::GenerateRandom

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00023
ASILQM
NameCryptoServicesWrapper::GenerateRandom
KindGenerateRandom
Description根据指定长度生成随机数
Symbolint GenerateRandom(const uint16_t rand_len, vector<uint8_t> &random)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::GenerateRandom(const uint16_t rand_len, vector<uint8_t> &random)
Parameters (in)randLen指定生成随机数的长度,取值范围(1-2048)
random应用模块传入的随机数buffer
Parameters (inout)none
Parameters (out)none
Return valueint0-成功 其他-失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance;
vector<uint8_t> random
int iRet = instance.GenerateRandom(20, random);
if ((ret == 0) && (random.size() > 0))
{
std::cout << "random size "<< dec << random.size()<< std::endl;
}
调用者需要判断返回值, 并根据出参random的size来确认是否获取到随机数

3.1.23 CryptoServicesWrapper::SymmetricBlockInit

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00024
ASILQM
NameCryptoServicesWrapper::SymmetricBlockInit
KindSymmetricBlockInit
Description初始化块模式对称加解密对象上下文
SymbolSymmetricBlockCipherCtx::Uptr SymmetricBlockInit(const size_t slot_num, const CryptoAlgoNid symmetric_alg_Id, const bool encrypted = true)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
SyntaxSymmetricBlockCipherCtx::Uptr CryptoServicesWrapper::SymmetricBlockInit(const size_t slot_num, const CryptoAlgoNid symmetric_alg_Id, const bool encrypted)
Parameters (in)slot_num指定对称密钥的槽号
symmetric_alg_Id,加密算法
encrypted加密标志缺省true为加密, false为解密
Parameters (inout)none
Parameters (out)none
Return valueSymmetricBlockCipherCtx块模式对称加密上下文
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance;
SymmetricBlockCipherCtx::Uptr block_ctx = instance.SymmetricBlockInit (32,
CryptoAlgoNid::kNID_aes_128_cbc, true);
if (block_ctx != nullptr)
{
std::out<<"Block init OK" << std::endl;
}
1.返回值判断非空后再做后续的操作,否则将导致应用进程崩溃
2.SymmetricBlockInit 不支持设置IV,系统会为块加密指定默认的IV;
3.槽号取值范围32~63,非此槽号范围内无法初始化对称密钥上下文,即返回空值。

3.1.24 CryptoServicesWrapper::SymmetricStreamInit

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00025
ASILQM
NameCryptoServicesWrapper::SymmetricStreamInit
KindSymmetricStreamInit
Description初始化创建流模式对称加解密对象上下文
SymbolStreamCipherCtx::Uptr SymmetricStreamInit(const size_t slot_num, const CryptoAlgoNid symmetric_alg_Id, vector<uint8_t> &iv, const bool encrypted = true)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
SyntaxStreamCipherCtx::Uptr CryptoServicesWrapper::SymmetricStreamInit(const size_t slot_num, const CryptoAlgoNid symmetric_alg_Id, vector<uint8_t> &iv, const bool encrypted)
Parameters (in)slot_num指定对称密钥的槽号
symmetric_alg_Id,加密算法
vector<uint8_t> &iv向量值
encrypted加密标志缺省true为加密, false为解密
Parameters (inout)none
Parameters (out)none
Return valueStreamCipherCtx流模式对称加密上下文
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
unsigned char iv[16] = {0x10, 0x11, 0x12, 0x13, 0x14,0x15, 0x16, 0x17, 0x18, 0x09, 0x0a,0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
vector<uint8_t> iv_mem(iv, iv+16);
CryptoServicesWrapper instance;
StreamCipherCtx::Uptr stream_ctx = instance. SymmetricStreamInit (32,
CryptoAlgoNid::kNID_aes_128_cbc, iv_mem, true);
if (stream_ctx != nullptr)
{
std::out<<"Stream init OK"<< std::endl;
}
1.返回值判断非空后再做后续的操作,否则将导致应用进程崩溃;
2.槽号取值范围32~63,非此槽号范围内无法初始化对称密钥上下文,即返回空值。

3.1.25 CryptoServicesWrapper::SymmetricBlockInitKey

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00026
ASILQM
NameCryptoServicesWrapper::SymmetricBlockInitKey
KindSymmetricBlockInitKey
Description初始化块模式对称加解密对象上下文
SymbolSymmetricBlockCipherCtx::Uptr SymmetricBlockInitKey(vector<uint8_t> &symmetric_key, const CryptoAlgoNid symmetric_alg_Id, const bool encrypted = true)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
SyntaxSymmetricBlockCipherCtx::Uptr CryptoServicesWrapper::SymmetricBlockInitKey(vector<uint8_t> &symmetric_key, const CryptoAlgoNid symmetric_alg_Id, const bool encrypted)
Parameters (in)symmetric_key指定对称密钥
symmetric_alg_Id,加密算法
encrypted加密标志缺省true为加密, false为解密
Parameters (inout)none
Parameters (out)none
Return valueSymmetricBlockCipherCtx块模式对称加密上下文
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
unsigned char key[16] = {0x10, 0x11, 0x12, 0x13, 0x14,0x15, 0x16, 0x17, 0x18, 0x09, 0x0a,0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
vector<uint8_t> key_mem(key, key+16);
CryptoServicesWrapper instance;
SymmetricBlockCipherCtx::Uptr block_key_ctx= instance.SymmetricBlockInitKey(key_mem, CryptoAlgoNid::kNID_sm4_ecb, false);
if (block_ctx != nullptr)
{
std::out<<"Block init Key OK" << std::endl;
}
1.返回值判断非空后再做后续的操作,否则将导致应用进程崩溃
2.SymmetricBlockInitKey不支持设置IV,系统会为块加密指定默认的IV;
3.密钥不能为空。

3.1.26 CryptoServicesWrapper::SymmetricStreamInitKey

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00027
ASILQM
NameCryptoServicesWrapper::SymmetricStreamInitKey
KindSymmetricStreamInitKey
Description初始化创建流模式对称加解密对象上下文
SymbolStreamCipherCtx::Uptr SymmetricStreamInitKey(vector<uint8_t> &symmetric_key, const CryptoAlgoNid symmetric_alg_Id, vector<uint8_t> &iv, const bool encrypted = true)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
SyntaxStreamCipherCtx::Uptr CryptoServicesWrapper::SymmetricStreamInitKey(vector<uint8_t> &symmetric_key, const CryptoAlgoNid symmetric_alg_Id, vector<uint8_t> &iv, const bool encrypted)
Parameters (in)symmetric_key指定对称密钥
symmetric_alg_Id,加密算法
vector<uint8_t> &iv向量值
encrypted加密标志缺省true为加密, false为解密
Parameters (inout)none
Parameters (out)none
Return valueStreamCipherCtx流模式对称加密上下文
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
unsigned char key[16] = {0x10, 0x11, 0x12, 0x13, 0x14,0x15, 0x16, 0x17, 0x18, 0x09, 0x0a,0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
vector<uint8_t> key_mem(key, key+16);
unsigned char iv[16] = {0x10, 0x11, 0x12, 0x13, 0x14,0x15, 0x16, 0x17, 0x18, 0x09, 0x0a,0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
vector<uint8_t> iv_mem(iv, iv+16);
CryptoServicesWrapper instance;
StreamCipherCtx::Uptr stream_ctx = instance.SymmetricStreamInitKey(key_mem, CryptoAlgoNid::kNID_sm4_ecb, iv_mem, false);
if (stream_ctx != nullptr)
{ std::out<<"Stream init Key OK"<< std::endl;
}
1.返回值判断非空后再做后续的操作,否则将导致应用进程崩溃;
2.密钥不能为空。

3.1.27 CryptoServicesWrapper::ClientSSLCtxInit

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00028
ASILQM
NameCryptoServicesWrapper::ClientSSLCtxInit
KindClientSSLCtxInit
Description初始化客户端SSL CTX 上下文:主要进行了CA证书设置到SSL CTX上,设备证书设置到SSL CTX上,设备证书对应的私钥设置到SSL CTX上,进行设备证书与私钥匹配检测;
Symbolint ClientSSLCtxInit(SSL_CTX * const ssl_ctx, const ara::core::String ca_cert_name, const ara::core::String dev_cert_name, const size_t privkey_slot_num = 192)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::ClientSSLCtxInit(SSL_CTX *const ssl_ctx, const ara::core::String ca_cert_name, const ara::core::String dev_cert_name, const size_t privkey_slot_num)
Parameters (in)ssl_ctxSSL 上下文
ca_cert_name根证书名称
dev_cert_name设备证书名称
privkey_slot_num设备证书对应的私钥槽号
Parameters (inout)none
Parameters (out)none
Return valueint初始化结果: kSuccessed表示初始化成功 kExportCertFailed 表示导出证书失败 kExportKeyFailed 表示导出密钥失败 kInitSSLCtxFailed 表示初始化失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance;
int ret = 0;
size_t slotNum = 192;
SSL_CTX *ctx;
ctx = SSL_CTX_new(SSLv23_server_method());
if (ctx == NULL)
{
return -1;
}
ret = instance.ClientSSLCtxInit(ssl_ctx, "cacert.crt", "clientDevice.crt", slotNum);
if (ret != kSuccessed)
{
std::cout <<” ssl ctx initialized failed” << std::endl;
}
1 目前证书支持的格式为PEM; 私钥文件格式为PEM;
2 根证书可以为证书链,设备证书为单证书;

3.1.28 CryptoServicesWrapper::ImportCert

Interface IDSWSD-cryptowrapper-InterfaceID-SDK-00029
ASILQM
NameCryptoServicesWrapper::ImportCert
KindImportCert
Description导入指定证书
Symbolint ImportCert(vector<uint8_t>& cert_data, const ara::core::String& cert_name)
Scopenamespace middleware::cryptowrapper
Visibilitypublic
Syntaxint CryptoServicesWrapper::ImportCert(vector<uint8_t>& cert_data, const ara::core::String& cert_name)
Parameters (in)cert_data证书的二进制数据
cert_name指定证书名
Parameters (inout)none
Parameters (out)none
Return valueint0-成功 其他-失败
Exception Safetynone
Thread Safetyreentrant
Header file#include " crypto_services_wrapper.h"
Note示例:
CryptoServicesWrapper instance;
vector<uint8_t> cert; //存储证书的二进制数据
ret = instance.ImportCert(cert, “device.crt”);
调用者需要判断返回值,返回值为0则导入证书成功

附录A 信息定义

TypeStructureComment
Interface IDSWSD-{子软件系统名称}-{模块组}-API-{模块名}-{流水号} {}中为可选项,根据项目实际需求进行定义 流水号:从001开始的三位自然数
ASILDescriptionComment
ASIL A根据S – Severity(严重度) E – Exposure(暴露度) C – Controllability(可控性) 排定功能安全等级。详细理解可以参考26262标准文件。
ASIL B 
ASIL C 
ASIL D 
QM 
QM(A)从ASIL A到ASIL D 中拆分出来,拆分的标准,参考功能安全体系文件《功能安全需求分解指南_FS.pdf》 
QM(B) 
QM(C) 
QM(D) 
ASIL A(A) 
ASIL A(B) 
ASIL A(C) 
ASIL A(D) 
ASIL B(B) 
ASIL B(C) 
ASIL B(D) 
ASIL C(C) 
ASIL C(D) 
ASIL D(D)