diff --git a/README.en.md b/README.en.md index 9ab11011e06bfcdeb1e8c573424f4d204b6beb0a..b039727474a038416d46aab002b2a62354a50918 100644 --- a/README.en.md +++ b/README.en.md @@ -1,36 +1,99 @@ +[简体中文](./README.md) | English + # openHiTLS +Welcome to visit the openHiTLS Code Repository, which is under the openHiTLS community: . openHiTLS aims to provide highly efficient and agile open-source SDKs for Cryptography and Transport Layer Security in all scenarios. openHiTLS is developing and supports some common standard cryptographic algorithms, (D)TLS, TLCP protocols currently. More features are to be planned. + +## Overview + +The architecture of openHiTLS is highly modular, and openHiTLS can be configured in modules and features. The RAM/ROM footprint depends on the features selected. It provides the optimal performance optimization for cryptographic algorithms. Currently, 4 components and cryptographic algorithms are configured, and the performance optimization of ShangMi cryptographic algorithms on ARM, x86 is ready. More architectures and features are to be planned. + +## Feature Introduction + +1. Functional feature: TLS1.2, TLS1.3, DTLS1.2. TLCP; AES, SM4, Chacha20, RSA, ECDSA, ECDH, SM2, DRBG, HKDF, SCRYPT, PBKDF2, SHA2, SHA3, MD5, SM3, HMAC; X509 +2. DFX feature: highly modular with features configured, performance optimization on ARM, x86 maintainability and testability with logs and error stacks. + +## Component Introduction + +openHiTLS include 4 components currently. The BSL component will be used with other components. +- The bsl is short for Base Support Layer, which provides the base C standand enhanced functions and OS adapter. It will be used with other modules +- The crypto is short for cryptographic algorithms, which provides the full cryptographic functions with high performance. It will be used by tls, and can also be used with bsl +- The tls is short for Transport Layer Security, which provides all tls protocol versions up to tls1.3. It will be used with crypto and bsl or other third-party crypto and pki libraries +- The X509 component currently provides basic functions that can support TLS to work, and will gradually improve the functions in the future + +## Development + +### Dependency Preparation + +openHiTLS depends on Secure C which should be downloaded to ${openHiTLS_dir}/platform/Secure_C. One of the official git repositories of Secure C is located at . + +* Download the security library + +```bash +# Method 1: Pull it with the openHiTLS code repository +git clone --recurse-submodules https://gitcode.com/openhitls/openhitls.git + +# Method 2: Pull the security library separately +git clone https://gitcode.com/openhitls/openhitls.git +cd ${openHiTLS_dir} +git clone https://gitee.com/openeuler/libboundscheck platform/Secure_C +``` + +* Build security library +```bash +cd ${openHiTLS_dir}/platform/Secure_C +make -j +``` + +### For Application Developers -#### Description -openHiTLS, an efficient and agile open-source SDK of Cryptography and TLS +Source code mirroring of the official releases is pending for planning. -#### Software Architecture -Software architecture description -#### Installation +The official source code repository is located at . A local copy of the git repository can be obtained by cloning it using: +``` +git clone https://gitcode.com/openhitls/openhitls.git +``` +If you are going to contribute, you need to fork the openhitls repository on gitee and clone your public fork instead: +``` +git clone https://gitcode.com/"your gitcode name"/openhitls.git +``` -1. xxxx -2. xxxx -3. xxxx +## Document +This document is designed to improve the learning efficiency of developers and contributors on openHiTLS. Refer to the [docs](docs/index/index.md). -#### Instructions +## Build and Installation +The major steps in Linux are as follows. Refer to [build & install](docs/en/4_User%20Guide/1_Build%20and%20Installation%20Guide.md) +The major steps in Linux: -1. xxxx -2. xxxx -3. xxxx +Step 1 (Prepare the build directory): +``` +cd openHiTLS && mkdir -p ./build && cd ./build +``` +Step 2 (Generate configurations): +``` +python3 ../configure.py ["option"] +``` -#### Contribution +* C Full build: +``` +python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_x509 --lib_type static --bits=64 --system=linux +``` -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request +* x8664 Optimize the full build: +``` +python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_x509 --lib_type static --bits=64 --system=linux --asm_type x8664 +``` +The options are described in [Build Installation Guide](docs/en/4_User%20Guide/1_Build%20and%20Installation%20Guide.md) +Step 3 (Generate the build script): +``` +cmake .. +``` +Step 4 (Build and install): +``` +make && make install +``` -#### Gitee Feature +## Contribution -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) +If you plan to contribute to the openHiTLS community, please visit the link [CLA Signing](https://cla.openhitls.net) to complete CLA signing. diff --git a/README.md b/README.md index c62a26d4da531a8972fd784d64e24128d3104a0d..4928803a9f38d9a7be40071237f038288c586fff 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,100 @@ +[English](./README.en.md) | 简体中文 + # openHiTLS +欢迎访问openHiTLS代码仓,该代码仓的项目官网是openHiTLS社区,openHiTLS的目标是提供高效、敏捷的全场景开源密码学开发套件。openHiTLS已支持通用的标准密码算法、(D)TLS、TLCP等安全通信协议,更多特性待规划。 + +## 概述 + +openHiTLS架构高度模块化,可通过模块和特性配置。RAM/ROM尺寸取决于所选的特性。openHiTLS为密码算法提供最佳性能优化。当前已支持4个组件和算法特性可按需配置,支持ARM、x86架构CPU上的算法性能优化,更多架构和特性待规划。 + +## 特性简介 + +1. 功能特性:TLS1.2、TLS1.3、DTLS1.2、TLCP;AES,SM4,Chacha20,RSA,DSA,ECDSA,ECDH,DH,SM2,DRBG,HKDF,SCRYPT,PBKDF2,SHA2,SHA3,MD5,SM3,HMAC;X509 +2. DFX特性:高度模块化特性按需配置的敏捷架构,ARM、x86上的算法性能优化,日志和错误堆栈功能的可维可测性 + +## 组件简介 + +目前,openHiTLS有4个组件,其中BSL组件需和其他组件一起使用。 +- BSL是Base Support Layer的缩写,提供基础C类标准的增强功能和OS适配器,需与其他模块一起使用 +- 密码算法组件(Crypto)提供了完整的密码功能,且性能较优。该组件既可以被TLS使用,也可与BSL一起使用 +- TLS是Transport Layer Security的缩写,涵盖了TLS1.3及之前的TLS版本,会与Crypto、BSL以及其他三方密码组件或PKI库一起使用 +- X509组件当前提供了能够支撑TLS协议建链的基础功能,后续逐步完善功能 + + +## 开发 + +### 依赖准备 + +openHiTLS依赖于Secure C,因此需将Secure C下载到${openHiTLS_dir}/platform/Secure_C,Secure C的一个官方Git库是 。 + +* 下载安全函数库 +```bash +# 方式1 与openHiTLS代码仓一起拉取 +git clone --recurse-submodules https://gitcode.com/openhitls/openhitls.git + +# 方式2 单独拉取安全函数库 +git clone https://gitcode.com/openhitls/openhitls.git +cd ${openHiTLS_dir} +git clone https://gitee.com/openeuler/libboundscheck platform/Secure_C +``` + +* 构建安全函数库 +```bash +cd ${openHiTLS_dir}/platform/Secure_C +make -j +``` + +### 致应用开发人员 -#### 介绍 -openHiTLS, an efficient and agile open-source SDK of Cryptography and TLS +正式版本的源码镜像尚未正式开放、还在规划当中。 -#### 软件架构 -软件架构说明 +官方代码仓库托管在,您可以通过如下命令将Git库克隆为一个本地副本进行使用: +``` +git clone https://gitcode.com/openhitls/openhitls.git +``` +如果您有意贡献代码,请在gitcode上复制openhitls库,再克隆您的公共副本: +``` +git clone https://gitcode.com/"your gitcode name"/openhitls.git +``` -#### 安装教程 +## 文档 -1. xxxx -2. xxxx -3. xxxx +本文档旨在帮助开发者和贡献者更快地上手openHiTLS,详情参考[文档列表](docs/index/index.md) 。 -#### 使用说明 +## 构建与安装 -1. xxxx -2. xxxx -3. xxxx +在Linux系统中进行构建与安装时,可参考[构建安装指导](docs/zh/4_使用指南/1_构建及安装指导.md) +Linux系统中的主要步骤有: -#### 参与贡献 +1. 准备构建目录: +``` +cd openHiTLS && mkdir -p ./build && cd ./build +``` +2. 生成构建配置: +``` +python3 ../configure.py ["option"] +``` +* C全量构建 +``` +python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_x509 --lib_type static --bits=64 --system=linux +``` -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request +* x8664优化全量构建: +``` +python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_x509 --lib_type static --bits=64 --system=linux --asm_type x8664 +``` +选项介绍可参考[构建安装指导](docs/zh/4_使用指南/1_构建及安装指导.md) +3. 生成构建脚本: +``` +cmake .. +``` +4. 执行构建和安装: +``` +make && make install +``` -#### 特技 +## 贡献 -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目 -5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) +如果您有意为openHiTLS社区做贡献,请先在[CLA签署](https://cla.openhitls.net)平台上完成CLA签署。 diff --git a/openhitls-0.1.0.tar.gz b/openhitls-0.1.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..37903fc5dc7ff4c00030b1f7a001807a5b94b36e Binary files /dev/null and b/openhitls-0.1.0.tar.gz differ diff --git a/openhitls.spec b/openhitls.spec new file mode 100644 index 0000000000000000000000000000000000000000..19c03400181c0e2d54dcdf193f84936a749536ba --- /dev/null +++ b/openhitls.spec @@ -0,0 +1,99 @@ +# spec file for package openHiTLS +# +# Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. +# +Name: openhitls +Summary: Cryptography and SSL/TLS Toolkit +Version: 0.1.0 +Release: 1 +License: Mulan PSL V2 +URL: https://www.openhitls.net/ +Source0: https://raw.gitcode.com/openHiTLS/openHiTLS/archive/refs/heads/%{name}-%{version}.tar.gz + +BuildRoot: %{_tmppath}/%{name}-v%{release}-build +BuildRequires: gcc cmake make rpm libboundscheck +Requires: glibc libboundscheck + +%description +openHiTLS is an efficient and agile open-source SDK of Cryptography +and TLS Transport Layer Security (TLS). + +%package devel +Summary: Development kits for openHiTLS + +%description devel +%{summary}. + +%prep +%autosetup -n %{name}-%{version} -p1 + +%build +openhitls_build_platform=%{_os}-%{_target_cpu} +%ifarch i686 +build_arch=x86 +%endif +%ifarch x86_64 +build_arch=x8664 +%endif +%ifarch aarch64 +build_arch=armv8 +%endif + +RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes $RPM_LD_FLAGS" + +mkdir build +cd build +python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_pki \ + --lib_type shared --bits=64 --system=linux --asm_type $build_arch \ + --add_options="$RPM_OPT_FLAGS" + +cmake .. +make -j 16 + +%install +# Install openHiTLS +install -d %{buildroot}/%{_libdir} +install build/libhitls_bsl.so %{buildroot}/%{_libdir}/ +install build/libhitls_crypto.so %{buildroot}/%{_libdir}/ +install build/libhitls_tls.so %{buildroot}/%{_libdir}/ +install build/libhitls_pki.so %{buildroot}/%{_libdir}/ + +install -d %{buildroot}/%{_includedir}/openhitls +install include/bsl/* %{buildroot}/%{_includedir}/openhitls/ +install include/crypto/* %{buildroot}/%{_includedir}/openhitls/ +install include/tls/* %{buildroot}/%{_includedir}/openhitls/ + +%check +cd testcode/demo +mkdir -p build +cd build +cmake .. +make -j 16 +executales=$(find ./ -maxdepth 1 -type f -perm -a=x ) +for e in $executales +do + if [[ ! "$e" == *"client"* ]] && [[ ! "$e" == *"server"* ]]; then + echo "${e} start" + eval "${e}" + fi +done +# run server and client in order. +./server >/dev/null & +sleep 1 +./client + +%files devel +%defattr(-,root,root) +%{_includedir}/openhitls +%{_libdir}/libhitls_bsl.so +%{_libdir}/libhitls_crypto.so +%{_libdir}/libhitls_tls.so +%{_libdir}/libhitls_pki.so +%license LICENSE +%license Third_Party_Open_Source_Software_Notice +%doc README.md +%doc README-zh.md + +%changelog +* Thu Nov 14 2024 xuhuiyue - 0.1.0-1 +- Package init diff --git a/openhitls.yaml b/openhitls.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c38d26bdee04d620f9fc1f922cbffa349a8ee967 --- /dev/null +++ b/openhitls.yaml @@ -0,0 +1,5 @@ +version_control: gitcode +src_repo: openhitls/openhitls +tag_prefix: "^openhitls-" +separator: "." +git_url: https://gitcode.com/openHiTLS/openhitls \ No newline at end of file