1[简体中文](./README-zh.md) | English 2 3# openHiTLS 4Welcome to visit the openHiTLS Code Repository, which is under the openHiTLS community: <https://openhitls.net>. openHiTLS aims to provide highly efficient and agile open-source SDKs for Cryptography and Transport Layer Security in all scenarios. openHiTLS is developing and supports some common standard cryptographic algorithms, (D)TLS, (D)TLCP protocols currently. More features are to be planned. 5 6## Overview 7 8The architecture of openHiTLS is highly modular, and openHiTLS can be configured in modules and features. The RAM/ROM footprint depends on the features selected. It provides the optimal performance optimization for cryptographic algorithms. Currently, 5 components and cryptographic algorithms are configured, and the performance optimization of ShangMi cryptographic algorithms on ARM, x86 is ready. More architectures and features are to be planned. 9 10## Feature Introduction 11 12### Functional Features 13 14- Protocols:Support TLS1.3, TLS1.3-Hybrid-Key-Exchange, TLS-Provider, TLS-Multi-KeyShare, TLS-Custom-Extension, TLCP, DTLCP, TLS1.2, DTLS1.2, Auth; 15- Algorithms:Support ML-DSA,ML-KEM,SLH-DSA,AES,SM4,Chacha20,RSA,RSA-Bind,DSA,ECDSA,ECDH,DH,SM2,DRBG,DRBG-GM,HKDF,SCRYPT,PBKDF2,SHA2,SHA3,MD5,SM3,HMAC etc.; 16- PKI:Support Certificate, CRL parsing, Certificate, CRL validation, Certificate requests, generation etc. 17 18### DFX Features 19 20- Highly modular features, support trimming features as required. 21- Algorithm performance optimization based on ARMv8 and x8664 CPU. 22- Support for maintainability and testability based on logging and error stack functionality. 23 24## Component Introduction 25 26openHiTLS include 5 components currently. The BSL component will be used with other components. 27- The bsl is short for Base Support Layer, which provides the base C standand enhanced functions and OS adapter. It will be used with other modules 28- The crypto is short for cryptographic algorithms, which provides the full cryptographic functions with high performance. It will be used by tls, and can also be used with bsl 29- The tls is short for Transport Layer Security, which provides all tls protocol versions up to tls1.3. It will be used with crypto and bsl or other third-party crypto and pki libraries 30- The PKI component provides functions such as certificate and CRL parsing, certificate and CRL validation, as well as certificate request and generation. 31- The Auth component provides the authentication function. Currently, it provides the publicly token authentication based on RFC9578 32 33## Development 34 35### Dependency Preparation 36 37openHiTLS depends on Secure C which should be downloaded to ${openHiTLS_dir}/platform/Secure_C. One of the official git repositories of Secure C is located at <https://gitee.com/openeuler/libboundscheck>. 38 39* Download the security library 40 41```bash 42# Method 1: Pull it with the openHiTLS code repository 43git clone --recurse-submodules https://gitcode.com/openhitls/openhitls.git 44 45# Method 2: Pull the security library separately 46git clone https://gitcode.com/openhitls/openhitls.git 47cd ${openHiTLS_dir} 48git clone https://gitee.com/openeuler/libboundscheck platform/Secure_C 49``` 50 51* Build security library 52```bash 53cd ${openHiTLS_dir}/platform/Secure_C 54make -j 55``` 56 57### For Application Developers 58 59Source code mirroring of the official releases is pending for planning. 60 61 62The official source code repository is located at <https://gitcode.com/openhitls>. A local copy of the git repository can be obtained by cloning it using: 63``` 64git clone https://gitcode.com/openhitls/openhitls.git 65``` 66If you are going to contribute, you need to fork the openhitls repository on gitee and clone your public fork instead: 67``` 68git clone https://gitcode.com/"your gitcode name"/openhitls.git 69``` 70 71## Document 72This document is designed to improve the learning efficiency of developers and contributors on openHiTLS. Refer to the [docs](docs/index/index.md). 73 74## Build and Installation 75The major steps in Linux are as follows. Refer to [build & install](docs/en/4_User%20Guide/1_Build%20and%20Installation%20Guide.md) 76The major steps in Linux: 77 78Step 1 (Prepare the build directory): 79``` 80cd openHiTLS && mkdir -p ./build && cd ./build 81``` 82Step 2 (Generate configurations): 83``` 84python3 ../configure.py ["option"] 85``` 86 87* C Full build: 88``` 89python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_pki hitls_auth --lib_type static --bits=64 --system=linux 90``` 91 92* x8664 Optimize the full build: 93``` 94python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_pki hitls_auth --lib_type static --bits=64 --system=linux --asm_type x8664 95``` 96The options are described in [Build Installation Guide](docs/en/4_User%20Guide/1_Build%20and%20Installation%20Guide.md) 97 98Step 3 (Generate the build script): 99``` 100cmake .. 101``` 102Step 4 (Build and install): 103``` 104make && make install 105``` 106 107## Contribution 108 109If you plan to contribute to the openHiTLS community, please visit the link [CLA Signing](https://cla.openhitls.net) to complete CLA signing. 110