add API for HSM

作者：  LucasLi
Date：  Thu Feb 16 20:00:33 2023 +0800

Author: kyonRay

build.gradle

@@ -25,7 +25,7 @@ ext {
     junitVersion = '4.13.2'
     commonsCollections4Version = "4.4"
     guavaVersion = '30.1.1-jre'
-    bcosSdkJniVersion = "3.2.0"
+    bcosSdkJniVersion = "3.3.0-SNAPSHOT"
     slf4jApiVerison = '1.7.36'
     mockitoVersion = '4.8.0'
     gsonVersion = '2.10'
@@ -135,6 +135,7 @@ dependencies {
         exclude group : "org.slf4j"
         exclude group : "com.fasterxml.jackson.core"
     }
+
     api("org.bouncycastle:bcprov-jdk15on:${bcprovJDK15onVersion}")
     api("com.google.code.gson:gson:${gsonVersion}")
     api("org.apache.commons:commons-lang3:${commonsLang3Version}")

src/main/java/org/fisco/bcos/sdk/v3/client/ClientImpl.java

@@ -155,8 +155,13 @@ protected ClientImpl(String groupID, ConfigOption configOption, long nativePoint
 
             // init crypto suite
             if (smCrypto) {
-                this.cryptoSuite = new CryptoSuite(CryptoType.SM_TYPE, configOption);
-
+                // init HSM crypto suite
+                if (configOption.getCryptoMaterialConfig() != null
+                        && configOption.getCryptoMaterialConfig().getEnableHsm()) {
+                    this.cryptoSuite = new CryptoSuite(CryptoType.HSM_TYPE, configOption);
+                } else {
+                    this.cryptoSuite = new CryptoSuite(CryptoType.SM_TYPE, configOption);
+                }
             } else {
                 this.cryptoSuite = new CryptoSuite(CryptoType.ECDSA_TYPE, configOption);
             }

src/main/java/org/fisco/bcos/sdk/v3/config/model/CryptoMaterialConfig.java

@@ -27,6 +27,7 @@ public class CryptoMaterialConfig {
 
     private Boolean useSmCrypto = false;
     private Boolean disableSsl = false;
+    private Boolean enableHsm = false;
     private String certPath = "conf";
 
     private String caCertPath;
@@ -41,23 +42,43 @@ public class CryptoMaterialConfig {
     private String enSdkCert;
     private String enSdkPrivateKey;
 
+    private String hsmLibPath;
+    private String hsmKeyIndex;
+    private String hsmPassword;
+
     public CryptoMaterialConfig() {}
 
     public CryptoMaterialConfig(ConfigProperty configProperty) throws ConfigException {
 
         Map<String, Object> cryptoMaterialProperty = configProperty.getCryptoMaterial();
         String useSMCrypto = (String) cryptoMaterialProperty.get("useSMCrypto");
         String disableSsl = (String) cryptoMaterialProperty.get("disableSsl");
+        String enableHsm = (String) cryptoMaterialProperty.get("enableHsm");
 
         this.useSmCrypto = Boolean.valueOf(useSMCrypto);
         this.disableSsl = Boolean.valueOf(disableSsl);
+        this.enableHsm = Boolean.valueOf(enableHsm);
+
+        if (this.enableHsm) {
+            this.hsmLibPath = (String) cryptoMaterialProperty.get("hsmLibPath");
+            this.hsmKeyIndex = (String) cryptoMaterialProperty.get("hsmKeyIndex");
+            this.hsmPassword = (String) cryptoMaterialProperty.get("hsmPassword");
+
+            if (this.hsmLibPath == null || this.hsmKeyIndex == null || this.hsmPassword == null) {
+                throw new ConfigException(
+                        "hsmLibPath hsmKeyIndex and hsmPassword, must be set in HSM model");
+            }
+        }
 
         if (this.disableSsl) {
             logger.info("Load cryptoMaterial, disableSsl has been set");
             return;
         }
 
-        int cryptoType = this.useSmCrypto ? CryptoType.SM_TYPE : CryptoType.ECDSA_TYPE;
+        int cryptoType =
+                this.useSmCrypto
+                        ? (this.enableHsm ? CryptoType.HSM_TYPE : CryptoType.SM_TYPE)
+                        : CryptoType.ECDSA_TYPE;
         this.certPath =
                 ConfigProperty.getConfigFilePath(
                         ConfigProperty.getValue(cryptoMaterialProperty, "certPath", this.certPath));
@@ -117,8 +138,10 @@ public CryptoMaterialConfig(ConfigProperty configProperty) throws ConfigExceptio
         }
 
         logger.debug(
-                "Load cryptoMaterial, useSmCrypto: {}, caCertPath: {}, sdkCertPath: {}, sdkPrivateKeyPath:{}, enSSLCertPath: {}, enSSLPrivateKeyPath:{}",
+                "Load cryptoMaterial, useSmCrypto: {}, useHSMCrypto: {}, cryptoType: {}, caCertPath: {}, sdkCertPath: {}, sdkPrivateKeyPath:{}, enSSLCertPath: {}, enSSLPrivateKeyPath:{}",
                 this.useSmCrypto,
+                this.enableHsm,
+                cryptoType,
                 this.getCaCertPath(),
                 this.getSdkCertPath(),
                 this.getSdkPrivateKeyPath(),
@@ -134,7 +157,7 @@ public CryptoMaterialConfig getDefaultCaCertPath(int cryptoType, String certPath
             cryptoMaterialConfig.setCaCertPath(certPath + "/" + "ca.crt");
             cryptoMaterialConfig.setSdkCertPath(certPath + "/" + "sdk.crt");
             cryptoMaterialConfig.setSdkPrivateKeyPath(certPath + "/" + "sdk.key");
-        } else if (cryptoType == CryptoType.SM_TYPE) {
+        } else if (cryptoType == CryptoType.SM_TYPE || cryptoType == CryptoType.HSM_TYPE) {
             cryptoMaterialConfig.setCaCertPath(certPath + "/" + "sm_ca.crt");
             cryptoMaterialConfig.setSdkCertPath(certPath + "/" + "sm_sdk.crt");
             cryptoMaterialConfig.setSdkPrivateKeyPath(certPath + "/" + "sm_sdk.key");
@@ -220,6 +243,38 @@ public boolean isUseSmCrypto() {
         return useSmCrypto;
     }
 
+    public Boolean getEnableHsm() {
+        return enableHsm;
+    }
+
+    public void setEnableHsm(Boolean enableHsm) {
+        this.enableHsm = enableHsm;
+    }
+
+    public String getHsmLibPath() {
+        return hsmLibPath;
+    }
+
+    public void setHsmLibPath(String hsmLibPath) {
+        this.hsmLibPath = hsmLibPath;
+    }
+
+    public String getHsmKeyIndex() {
+        return hsmKeyIndex;
+    }
+
+    public void setHsmKeyIndex(String hsmKeyIndex) {
+        this.hsmKeyIndex = hsmKeyIndex;
+    }
+
+    public String getHsmPassword() {
+        return hsmPassword;
+    }
+
+    public void setHsmPassword(String hsmPassword) {
+        this.hsmPassword = hsmPassword;
+    }
+
     public String getCaCertPath() {
         return caCertPath;
     }
@@ -265,6 +320,8 @@ public String toString() {
         return "CryptoMaterialConfig{"
                 + "useSmCrypto="
                 + useSmCrypto
+                + "useHSMCrypto="
+                + enableHsm
                 + ", certPath='"
                 + certPath
                 + '\''

src/main/java/org/fisco/bcos/sdk/v3/crypto/CryptoSuite.java

@@ -23,11 +23,13 @@
 import org.fisco.bcos.sdk.v3.crypto.hash.SM3Hash;
 import org.fisco.bcos.sdk.v3.crypto.keypair.CryptoKeyPair;
 import org.fisco.bcos.sdk.v3.crypto.keypair.ECDSAKeyPair;
+import org.fisco.bcos.sdk.v3.crypto.keypair.HsmSM2KeyPair;
 import org.fisco.bcos.sdk.v3.crypto.keypair.SM2KeyPair;
 import org.fisco.bcos.sdk.v3.crypto.keystore.KeyTool;
 import org.fisco.bcos.sdk.v3.crypto.keystore.P12KeyStore;
 import org.fisco.bcos.sdk.v3.crypto.keystore.PEMKeyStore;
 import org.fisco.bcos.sdk.v3.crypto.signature.ECDSASignature;
+import org.fisco.bcos.sdk.v3.crypto.signature.HsmSM2Signature;
 import org.fisco.bcos.sdk.v3.crypto.signature.SM2Signature;
 import org.fisco.bcos.sdk.v3.crypto.signature.Signature;
 import org.fisco.bcos.sdk.v3.crypto.signature.SignatureResult;
@@ -39,11 +41,10 @@ public class CryptoSuite {
 
     private static final Logger logger = LoggerFactory.getLogger(CryptoSuite.class);
 
-    public final int cryptoTypeConfig;
-
-    public final Signature signatureImpl;
-    public final Hash hashImpl;
-    private final CryptoKeyPair keyPairFactory;
+    public int cryptoTypeConfig;
+    public Signature signatureImpl;
+    public Hash hashImpl;
+    private CryptoKeyPair keyPair;
     private CryptoKeyPair cryptoKeyPair;
     private ConfigOption config;
 
@@ -54,7 +55,7 @@ public CryptoSuite(int cryptoTypeConfig, CryptoKeyPair cryptoKeyPair) {
 
     public CryptoSuite(int cryptoTypeConfig, String hexedPrivateKey) {
         this(cryptoTypeConfig);
-        this.cryptoKeyPair = this.keyPairFactory.createKeyPair(hexedPrivateKey);
+        this.cryptoKeyPair = this.keyPair.createKeyPair(hexedPrivateKey);
     }
 
     /**
@@ -64,12 +65,17 @@ public CryptoSuite(int cryptoTypeConfig, String hexedPrivateKey) {
      * @param configOption the configuration of account.
      */
     public CryptoSuite(int cryptoTypeConfig, ConfigOption configOption) {
-        this(cryptoTypeConfig);
         logger.info("init CryptoSuite, cryptoType: {}", cryptoTypeConfig);
         this.setConfig(configOption);
+        this.initCryptoSuite(cryptoTypeConfig);
         // doesn't set the account name, generate the keyPair randomly
         if (!configOption.getAccountConfig().isAccountConfigured()) {
-            this.generateRandomKeyPair();
+            if (configOption.getCryptoMaterialConfig().getEnableHsm()) {
+                HsmSM2KeyPair hsmKeyPair = (HsmSM2KeyPair) this.keyPair;
+                this.cryptoKeyPair = hsmKeyPair.useKeyPair();
+            } else {
+                this.generateRandomKeyPair();
+            }
             return;
         }
         this.loadAccount(configOption);
@@ -81,27 +87,44 @@ public CryptoSuite(int cryptoTypeConfig, ConfigOption configOption) {
      * @param cryptoTypeConfig the crypto type config number
      */
     public CryptoSuite(int cryptoTypeConfig) {
+        initCryptoSuite(cryptoTypeConfig);
+    }
+
+    public void initCryptoSuite(int cryptoTypeConfig) {
         this.cryptoTypeConfig = cryptoTypeConfig;
         if (this.cryptoTypeConfig == CryptoType.ECDSA_TYPE) {
             this.signatureImpl = new ECDSASignature();
             this.hashImpl = new Keccak256();
-            this.keyPairFactory = new ECDSAKeyPair();
-
+            this.keyPair = new ECDSAKeyPair();
+            this.generateRandomKeyPair();
         } else if (this.cryptoTypeConfig == CryptoType.SM_TYPE) {
             this.signatureImpl = new SM2Signature();
             this.hashImpl = new SM3Hash();
-            this.keyPairFactory = new SM2KeyPair();
-
+            this.keyPair = new SM2KeyPair();
+            this.generateRandomKeyPair();
+        } else if (this.cryptoTypeConfig == CryptoType.HSM_TYPE) {
+            String hsmLibPath = this.config.getCryptoMaterialConfig().getHsmLibPath();
+            int hsmKeyIndex =
+                    Integer.parseInt(this.config.getCryptoMaterialConfig().getHsmKeyIndex());
+            String hsmPassword = this.config.getCryptoMaterialConfig().getHsmPassword();
+
+            HsmSM2Signature hsmSM2Signature = new HsmSM2Signature();
+            hsmSM2Signature.setHsmLibPath(hsmLibPath);
+            this.signatureImpl = hsmSM2Signature;
+            this.hashImpl = new SM3Hash();
+            this.keyPair = new HsmSM2KeyPair(hsmLibPath, hsmKeyIndex, hsmPassword);
+            HsmSM2KeyPair hsmKeyPair = (HsmSM2KeyPair) this.keyPair;
+            this.cryptoKeyPair = hsmKeyPair.useKeyPair();
         } else {
             throw new UnsupportedCryptoTypeException(
                     "only support "
                             + CryptoType.ECDSA_TYPE
                             + "/"
                             + CryptoType.SM_TYPE
+                            + "/"
+                            + CryptoType.HSM_TYPE
                             + " crypto type");
         }
-        // create keyPair randomly
-        this.generateRandomKeyPair();
     }
 
     /**
@@ -115,16 +138,19 @@ public void loadAccount(String accountFileFormat, String accountFilePath, String
         KeyTool keyTool = null;
         if (accountFileFormat.compareToIgnoreCase("p12") == 0) {
             keyTool = new P12KeyStore(accountFilePath, password);
+            this.loadKeyPair(keyTool.getKeyPair());
         } else if (accountFileFormat.compareToIgnoreCase("pem") == 0) {
             keyTool = new PEMKeyStore(accountFilePath);
+            this.loadKeyPair(keyTool.getKeyPair());
+        } else if (accountFileFormat.compareToIgnoreCase("HSM") == 0) {
+            this.loadHsmKeyPair();
         } else {
             throw new LoadKeyStoreException(
                     "unsupported account file format : "
                             + accountFileFormat
                             + ", current supported are p12 and pem");
         }
         logger.debug("Load account from {}", accountFilePath);
-        this.loadKeyPair(keyTool.getKeyPair());
     }
 
     /**
@@ -138,12 +164,10 @@ private void loadAccount(ConfigOption configOption) {
         if (accountFilePath == null || accountFilePath.equals("")) {
             if (accountConfig.getAccountFileFormat().compareToIgnoreCase("p12") == 0) {
                 accountFilePath =
-                        this.keyPairFactory.getP12KeyStoreFilePath(
-                                accountConfig.getAccountAddress());
+                        this.keyPair.getP12KeyStoreFilePath(accountConfig.getAccountAddress());
             } else if (accountConfig.getAccountFileFormat().compareToIgnoreCase("pem") == 0) {
                 accountFilePath =
-                        this.keyPairFactory.getPemKeyStoreFilePath(
-                                accountConfig.getAccountAddress());
+                        this.keyPair.getPemKeyStoreFilePath(accountConfig.getAccountAddress());
             }
         }
         this.loadAccount(
@@ -159,7 +183,6 @@ private void loadAccount(ConfigOption configOption) {
      */
     public void setConfig(ConfigOption config) {
         this.config = config;
-        this.keyPairFactory.setConfig(config);
     }
 
     public int getCryptoTypeConfig() {
@@ -231,7 +254,7 @@ public SignatureResult sign(final String message, final CryptoKeyPair keyPair) {
      * @return the string type signature
      */
     public String sign(KeyTool keyTool, String message) {
-        CryptoKeyPair cryptoKeyPair = this.keyPairFactory.createKeyPair(keyTool.getKeyPair());
+        CryptoKeyPair cryptoKeyPair = this.keyPair.createKeyPair(keyTool.getKeyPair());
         return this.signatureImpl.signWithStringSignature(message, cryptoKeyPair);
     }
 
@@ -289,7 +312,7 @@ public boolean verify(final String publicKey, final byte[] message, final byte[]
      * @return a generated key pair
      */
     public CryptoKeyPair generateRandomKeyPair() {
-        this.cryptoKeyPair = this.keyPairFactory.generateKeyPair();
+        this.cryptoKeyPair = this.keyPair.generateKeyPair();
         this.cryptoKeyPair.setConfig(this.config);
         return this.cryptoKeyPair;
     }
@@ -301,7 +324,7 @@ public CryptoKeyPair generateRandomKeyPair() {
      * @return CryptoKeyPair type key pair
      */
     public CryptoKeyPair loadKeyPair(KeyPair keyPair) {
-        this.cryptoKeyPair = this.keyPairFactory.createKeyPair(keyPair);
+        this.cryptoKeyPair = this.keyPair.createKeyPair(keyPair);
         this.cryptoKeyPair.setConfig(this.config);
         return this.cryptoKeyPair;
     }
@@ -313,11 +336,23 @@ public CryptoKeyPair loadKeyPair(KeyPair keyPair) {
      * @return CryptoKeyPair type key pair
      */
     public CryptoKeyPair loadKeyPair(String hexedPrivateKey) {
-        this.cryptoKeyPair = this.keyPairFactory.createKeyPair(hexedPrivateKey);
+        this.cryptoKeyPair = this.keyPair.createKeyPair(hexedPrivateKey);
         this.cryptoKeyPair.setConfig(this.config);
         return this.cryptoKeyPair;
     }
 
+    /**
+     * Create key pair from a private key string
+     *
+     * @param hexedPrivateKey a hex string of private key
+     * @return CryptoKeyPair type key pair
+     */
+    public CryptoKeyPair loadHsmKeyPair() {
+        HsmSM2KeyPair hsmSM2KeyPair = (HsmSM2KeyPair) this.keyPair;
+        this.cryptoKeyPair = hsmSM2KeyPair.useKeyPair();
+        return this.cryptoKeyPair;
+    }
+
     /**
      * Set the key pair in CryptoSuite
      *
@@ -352,7 +387,7 @@ public ConfigOption getConfig() {
      * @return CryptoKeyPair
      */
     public CryptoKeyPair getKeyPairFactory() {
-        return this.keyPairFactory;
+        return this.keyPair;
     }
 
     public void destroy() {