简体中文 | English
Welcome to visit the openHiTLS Code Repository, which is under the openHiTLS community: https://openhitls.net. openHiTLS aims to provide highly efficient and agile open-source SDKs for Cryptography and Transport Layer Security in all scenarios. openHiTLS is developing and supports some common standard cryptographic algorithms, (D)TLS, (D)TLCP protocols currently. More features are to be planned.
The architecture of openHiTLS is highly modular, and openHiTLS can be configured in modules and features. The RAM/ROM footprint depends on the features selected. It provides the optimal performance optimization for cryptographic algorithms. Currently, 5 components and cryptographic algorithms are configured, and the performance optimization of ShangMi cryptographic algorithms on ARM, x86 is ready. More architectures and features are to be planned.
- Protocols:Support TLS1.3, TLS1.3-Hybrid-Key-Exchange, TLS-Provider, TLS-Multi-KeyShare, TLS-Custom-Extension, TLCP, DTLCP, TLS1.2, DTLS1.2, Auth;
- Algorithms:Support ML-DSA,ML-KEM,SLH-DSA,AES,SM4,Chacha20,RSA,RSA-Bind,DSA,ECDSA,ECDH,DH,SM2,DRBG,DRBG-GM,HKDF,SCRYPT,PBKDF2,SHA2,SHA3,MD5,SM3,HMAC etc.;
- PKI:Support Certificate, CRL parsing, Certificate, CRL validation, Certificate requests, generation etc.
- Highly modular features, support trimming features as required.
- Algorithm performance optimization based on ARMv8 and x8664 CPU.
- Support for maintainability and testability based on logging and error stack functionality.
openHiTLS include 5 components currently. The BSL component will be used with other components.
- The bsl is short for Base Support Layer, which provides the base C standand enhanced functions and OS adapter. It will be used with other modules
- The crypto is short for cryptographic algorithms, which provides the full cryptographic functions with high performance. It will be used by tls, and can also be used with bsl
- The tls is short for Transport Layer Security, which provides all tls protocol versions up to tls1.3. It will be used with crypto and bsl or other third-party crypto and pki libraries
- The PKI component provides functions such as certificate and CRL parsing, certificate and CRL validation, as well as certificate request and generation.
- The Auth component provides the authentication function. Currently, it provides the publicly token authentication based on RFC9578
openHiTLS depends on Secure C (libboundscheck), which is now automatically managed by the configure.py script.
Quick Start (Automatic - Recommended):
# Simply clone and configure - securec will be automatically initialized and built
git clone https://gitcode.com/openhitls/openhitls.git
cd openhitls
mkdir -p build && cd build
python3 ../configure.py # Securec is automatically handled here
cmake .. && make && make installAlternative Methods:
-
Clone with submodules (if you prefer to have everything ready):
git clone --recurse-submodules https://gitcode.com/openhitls/openhitls.git cd openhitls # Securec is already initialized, configure.py will build it automatically
-
Manual dependency management (if you need full control):
git clone https://gitcode.com/openhitls/openhitls.git cd openhitls git clone https://gitee.com/openeuler/libboundscheck platform/Secure_C cd platform/Secure_C && make -j && cd ../.. # Use --no-auto-deps to skip automatic dependency handling python3 configure.py --no-auto-deps
Dependency Management Options:
--no-auto-deps: Disable automatic dependency initialization and build--force-rebuild-deps: Force rebuild securec even if already built
The official Secure C repository is at https://gitee.com/openeuler/libboundscheck.
Source code mirroring of the official releases is pending for planning.
The official source code repository is located at https://gitcode.com/openhitls. A local copy of the git repository can be obtained by cloning it using:
git clone https://gitcode.com/openhitls/openhitls.git
If you are going to contribute, you need to fork the openhitls repository on gitee and clone your public fork instead:
git clone https://gitcode.com/"your gitcode name"/openhitls.git
This document is designed to improve the learning efficiency of developers and contributors on openHiTLS. Refer to the docs.
The major steps in Linux are as follows. Refer to build & install The major steps in Linux:
Step 1 (Prepare the build directory):
cd openhitls && mkdir -p ./build && cd ./build
Step 2 (Generate configurations):
python3 ../configure.py ["option"]
- C Full build:
python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_pki hitls_auth --lib_type static --bits=64 --system=linux
- x8664 Optimize the full build:
python3 ../configure.py --enable hitls_bsl hitls_crypto hitls_tls hitls_pki hitls_auth --lib_type static --bits=64 --system=linux --asm_type x8664
- build the app:
python3 ../configure.py --executes hitls
The options are described in Build Installation Guide
Step 3 (Generate the build script):
cmake ..
Step 4 (Build and install):
make && make install
If you plan to contribute to the openHiTLS community, please visit the link CLA Signing to complete CLA signing.