-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
49 changed files
with
1,728 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
sidebar_position: 0 | ||
title: 社区 | ||
--- | ||
|
||
铜锁密码学开源社区一直致力于保持中立性和多样化,以便更多的社会力量参与其中,提供更多普遍适用的安全技术,为社会创造一个更加安全的互联网环境。 | ||
|
||
## 铜锁开源社区管理制度 | ||
|
||
铜锁已经从单一的密码学底层算法库,成长为了一个拥有多个密码学基础设施开源项目的开源社区。为了让社区更好的得到治理和发展,基于实际情况,我们制定了《铜锁开源社区管理制度》并在铜锁官网对社会公开发布:[铜锁开源社区管理制度](https://www.tongsuo.net/bylaws/) | ||
|
||
## 铜锁项目管理委员会 | ||
|
||
铜锁项目管理委员会,简称铜锁PMC,依照《铜锁开源社区管理制度》设立,是铜锁开源社区的对外官方代表和决策机构,行使铜锁开源社区的治理权利。现公布铜锁PMC成员代表(委员)名单和联络方式如下(排名不分先后): | ||
|
||
| 成员姓名 | PMC公司 | 邮箱 | | ||
|------|-------|-----------------------------| | ||
| 张天佳 | 阿里云 | tianjia.ztj@alibaba-inc.com | | ||
| 李延昭 | 天威诚信 | li_yanzhao@itrus.com.cn | | ||
| 杨洋 | 蚂蚁集团 | paul@tongsuo.net | | ||
| 金添 | 问天量子 | jintian@qasky.com | | ||
| 张志磊 | 360 | zhangzhilei@360.cn | | ||
| 李昆阳 | 豪符检测 | li_kunyang@cdhfct.com | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
--- | ||
sidebar_position: 8 | ||
title: 生态合作 | ||
--- | ||
|
||
铜锁密码库为应用程序提供密码学算法和安全通信协议的相关能力,同时对底层密码学硬件(包括加密卡等硬件密码模块、加密机、CPU特定指令集等)进行抽象,实现应用程序和硬件设备的无感结合。由此,围绕铜锁密码库可以构建出一种生态效应,即通过铜锁上下游共同对用户提供诸如使用铜锁密码库构建的产品和服务、可以被铜锁调用的密码学硬件设备、围绕铜锁而产生的实用工具等等。 | ||
|
||
本页面列举出铜锁开源社区的生态伙伴和合作方,旨在为用户提供更加完整的密码学产品和服务。 | ||
|
||
铜锁开源社区目前不直接提供有偿的商业服务,我们计划由铜锁的生态合作方展开相关业务。 | ||
|
||
## 开源项目 | ||
|
||
| 项目 | 说明 | | ||
| ------ | ------ | | ||
| Angie | Angie是由原NGINX团队的核心成员创建的新型Web服务器和反向代理服务器,目前已经实现了对Tongsuo的全面集成。Angie和NGINX在ABI层面兼容,因此建议寻求NGINX+Tongsuo的用户可以使用Angie来替代NGINX。 | | ||
|
||
## 商业产品、系统和服务 | ||
|
||
| 厂商 | 说明 | | ||
|------|------| | ||
| 天威诚信 | 天威诚信是国内最具影响力的CA厂商,同时也提供多种电子认证相关产品和服务。天威诚信使用铜锁构建其基础密码学能力。如果存在数字证书(如SM2证书等)、电子证据等方面的需求可咨询天威诚信。 | | ||
| 问天量子 | 问天量子是我国首批从事量子信息技术产业化的企业,也是密标委指定的量子密码标准制定工作组牵头单位。问天量子的商用密码系列产品,如量子随机数生成器,可增强铜锁的真随机数能力,帮助应用程序提升安全水位。 | | ||
| 阿里云 | 阿里云是领先的云计算提供商,其多个云服务使用铜锁提供基础的密码学以及合规能力。此外,龙蜥操作系统对国密也有特定支持,其中龙蜥国密版集成了铜锁,详情可咨询阿里云。 | | ||
| BTQ | BTQ是一家注册于列支敦士登的初创公司,其主营业务是提供抗量子计算攻击的前沿密码学产品以期望解决Web3和区块链领域未来的量子威胁。BTQ公司的零知识证明语言编译器Keelung和零知识证明算法加速硬件Kenting分别位列铜锁的上下游环节。与铜锁一起可实现完整的零知识证明解决方案。 | | ||
| 蚂蚁集团 | 蚂蚁集团起步于2004年诞生的支付宝,是具有影响力的金融科技企业,也是铜锁项目的创始公司和捐赠方。蚂蚁集团自主研发的多种硬件密码设备,例如国密加密卡、同态加密算法加速芯片等,均已实现了和铜锁的适配,可通过铜锁对上层应用程序进行无感支持。 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
--- | ||
sidebar_position: 7 | ||
title: 铜锁迷你版 | ||
--- | ||
铜锁迷你版(tongsuo-mini),简称“迷你锁”,是一个轻量级的密码学算法库,专为嵌入式系统和物联网设备等资源受限场景提供常用的密码学算法和安全传输协议,并可以适应超低内存和存储的极限要求。“迷你锁”通过高度模块化,允许用户在编译时只开启需要的功能,不浪费存储空间。 同时,通过紧凑的内存对齐等方式,压缩运行时内存。 | ||
|
||
代码仓库地址:https://github.com/Tongsuo-Project/tongsuo-mini | ||
|
||
## 构建依赖 | ||
迷你锁依赖于cmake进行构建,以及python工具链进行自动化测试,具体来说,有: | ||
|
||
cmake | ||
python | ||
pytest | ||
上述工具在不同操作系统的安装方式也有所不同,请参考对应操作系统的安装说明。以下是在macOS上安装上述构建依赖的一个典型例子(基于homebrew): | ||
|
||
```bash | ||
brew install cmake | ||
brew install python | ||
sudo pip3 install -r test/requirements.txt | ||
``` | ||
|
||
## 构建 | ||
|
||
构建使用cmake,下载源代码后进入源代码根目录执行: | ||
|
||
```bash | ||
mkdir build | ||
cd build | ||
cmake .. | ||
make | ||
make test | ||
``` | ||
|
||
## 特性 | ||
迷你锁(tongsuo-mini)提供如下特性: | ||
|
||
- 高度可定制的模块化编译 | ||
- 轻量级密码学算法 | ||
- ASCON AEAD | ||
- ASCON HASH | ||
- 轻量级安全通信协议 | ||
- OSCORE | ||
- EDHOC | ||
- 基于可预测逻辑的动态二进制加载能力 | ||
- 传统密码学算法 | ||
- 商用密码算法:SM2,SM3,SM4 | ||
- 国际密码学算法:AES,SHA系列,RSA,ECDSA,EdDSA | ||
- 传统安全通信协议 | ||
- TLS协议 | ||
- TLCP协议 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
sidebar_position: 9 | ||
title: 安全制度 | ||
--- | ||
|
||
## 报告安全问题 | ||
|
||
Tongsuo 目前使用蚂蚁集团提供的漏洞收集渠道来接受第三方漏洞的反馈。可以通过:https://security.alipay.com 进行安全漏洞的提交。 | ||
|
||
## 漏洞等级 | ||
|
||
Tongsuo 根据漏洞的严重程度和影响范围定义如下几个漏洞等级: | ||
|
||
- 高危漏洞:该等级的漏洞一般较容易被利用,并造成严重损失。例如内存内容泄露、用户机密数据泄露、远程拒绝服务等。 | ||
- 中危漏洞:该等级的漏洞相比高危漏洞具有相对较低的风险,并且不是很容易的被利用。 | ||
- 低危漏洞:该等级的漏洞的风险相对较小,一般不会对生产环境引起重大危害。 | ||
|
||
## 漏洞优先披露制度 | ||
|
||
对于高危和中危漏洞,Tongsuo 会优先向特定的群体披露漏洞细节和修复方案,在一段时间后(可能是数天或者数周),再对Tongsuo进行公开修复并公告漏洞详情。这样做是为了防止严重的漏洞对关键互联网应用产生重大影响。上述特定的群体包括: | ||
|
||
- 默认集成了 Tongsuo 的重要操作系统发行版 | ||
- Tongsuo的 重要商业用户 | ||
- 其他 Tongsuo 技术委员会认为有必要通知的个人或组织 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.