Skip to main content
The hls-hsm component is a C++17 library that provides a software abstraction over a Hardware Security Module (HSM). It exposes a simple API for RSA and AES key generation, key retrieval, and cryptographically-seeded random byte generation. Keys are stored in a static in-memory map for the lifetime of the process.
This is a simulation/stub implementation. Key material consists of zero-filled byte vectors — no real cryptographic operations are performed. Do not use in production environments where genuine key security is required.

Data types

KeyType enum

hsm.h
enum class KeyType { RSA, AES };
Distinguishes the algorithm family of a stored key.

Key struct

hsm.h
struct Key {
    std::string id;
    KeyType type;
    std::vector<uint8_t> data;
};
String identifier for the key. Derived automatically from the algorithm and bit size (e.g., "RSA_2048", "AES_256").
KeyType::RSA or KeyType::AES.
Raw key bytes as a std::vector<uint8_t>. In the current stub implementation this is always a zero-filled vector of length bits / 8.

HSM class

hsm.h
class HSM {
public:
    void init();
    std::string generate_rsa_key(int bits = 2048);
    std::string generate_aes_key(int bits = 256);
    Key get_key(const std::string& id);
    std::vector<uint8_t> get_random_bytes(size_t length);
private:
    std::map<std::string, Key> keys_;
    int key_counter_ = 0;
};

Public methods

HSM::init
void
Initialises the HSM instance. Currently prints "HSM initialized" to stdout. Must be called before generating or retrieving keys.
HSM::generate_rsa_key
std::string
Generates a stub RSA key and stores it in the global key_store. Returns the key ID.Parameter: bits (int, default 2048) — desired key size in bits. The key data vector will have length bits / 8.Key ID format: "RSA_<bits>" — for example, generate_rsa_key(2048) returns "RSA_2048".
HSM::generate_aes_key
std::string
Generates a stub AES key and stores it in the global key_store. Returns the key ID.Parameter: bits (int, default 256) — desired key size in bits. The key data vector will have length bits / 8.Key ID format: "AES_<bits>" — for example, generate_aes_key(256) returns "AES_256".
HSM::get_key
Key
Looks up a key by its string ID in the global key_store. Returns the matching Key struct, or a default-constructed (empty) Key if the ID is not found.Parameter: id (const std::string&) — the key ID returned by a prior generate_* call.
HSM::get_random_bytes
std::vector<uint8_t>
Returns a vector of length random bytes sourced from std::random_device. Each byte is produced by calling rd() & 0xFF.Parameter: length (size_t) — number of random bytes to generate.

Key storage

Keys are stored in a static global map (key_store) defined in hsm.cpp, not in the HSM instance itself. This means all HSM instances within the same process share a single key store. Calling generate_rsa_key(2048) twice overwrites the previous entry under "RSA_2048".
hsm.cpp
static std::map<std::string, Key> key_store;

Build instructions

1

Prerequisites

A C++17-capable compiler (GCC 8+, Clang 7+) and CMake 3.20 or later.
2

Configure

cmake -S hls-hsm -B hls-hsm/build
3

Build

cmake --build hls-hsm/build
The build produces the hls_hsm executable from src/main.cpp and src/hsm.cpp.
The CMakeLists.txt sets CMAKE_CXX_STANDARD to 17 and adds include/ to the include path:
CMakeLists.txt
cmake_minimum_required(VERSION 3.20)
project(hls_hsm)
set(CMAKE_CXX_STANDARD 17)
include_directories(include)
add_executable(hls_hsm src/main.cpp src/hsm.cpp)

Usage example

main.cpp
#include "hsm.h"
#include <iostream>

int main() {
    HSM hsm;
    hsm.init(); // prints "HSM initialized"

    // Generate a 2048-bit RSA key; returns "RSA_2048"
    std::string rsa_id = hsm.generate_rsa_key(2048);

    // Generate a 256-bit AES key; returns "AES_256"
    std::string aes_id = hsm.generate_aes_key(256);

    // Retrieve the RSA key by ID
    Key k = hsm.get_key(rsa_id);
    std::cout << "Key ID: " << k.id
              << ", size: " << k.data.size() << " bytes\n";
    // Output: Key ID: RSA_2048, size: 256 bytes

    // Generate 32 random bytes
    auto rand_bytes = hsm.get_random_bytes(32);
    std::cout << "Random bytes count: " << rand_bytes.size() << "\n";

    return 0;
}
The key_counter_ and keys_ private members are declared in the class but unused in the current implementation — all persistence goes through the module-level key_store map.

Build docs developers (and LLMs) love

Get started for freeTalk to us