基于openssl密码库编写的sm2国密算法PHP扩展.rar

共30个文件

h：8个

c：8个

png：4个

需积分: 5 36 浏览量 2023-05-25 07:15:29 上传评论收藏 4.75MB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

基于openssl密码库编写的sm2国密算法PHP扩展.rar （30个子文件）

基于openssl密码库编写的sm2国密算法PHP扩展

新建文本文档.txt 19B

openssl-ext-sm2-master

config.m4 4KB

doc

image

php-sm2-xhorf.png 3.13MB

mac-openssl.png 200KB

callgraph.png 2.36MB

bat.jpg 235KB

liunx-openssl.png 142KB

LICENSE 11KB

sm2.c 10KB

tests

003.phpt 227B

002.phpt 212B

001.phpt 203B

php_sm2.h 406B

config.w32 646B

openssl_sm2

sm2_sign_and_verify.c 13KB

test_sm2_encrypt_and_decrypt.h 1KB

test_sm2_encrypt_and_decrypt.c 9KB

test_sm2_sign_and_verify.h 1KB

sm3_with_preprocess.c 4KB

test_sm2_sign_and_verify.c 6KB

sm2_encrypt_and_decrypt.c 16KB

sm3_with_preprocess.h 3KB

sm2_sign_and_verify.h 4KB

test_demo.c 1KB

sm2_cipher_error_codes.h 1KB

sm2_encrypt_and_decrypt.h 5KB

sm2_create_key_pair.h 1KB

sm2_create_key_pair.c 4KB

.gitignore 435B

README.md 8KB

# openssl-ext-sm2 #### 介绍基于openssl密码库编写的SM2椭圆曲线公钥密码算法PHP扩展特性：非对称加密 git地址：https://gitee.com/state-secret-series/openssl-ext-sm2.git #### 软件架构 zend 常规PHP扩展结构 #### 依赖要求 1，liunx :openssl/lib必须包含 libcrypto.so和libssl.so 动态库 2，mac :openssl/lib必须包含 libcrypto.dylib和libssl.dylib 动态库如出现：: undefined symbol: BN_CTX_secure_new 或其他类似的情况，就是没有动态库，openssl 不必升级以免影响正常的openssl扩展受影响，可在新目录安装openssl 教程：https://blog.csdn.net/qq_39316391/article/details/126363284 例：liunx ![liunx-openssl位置](doc/image/liunx-openssl.png) 例：mac ![mac-openssl位置](doc/image/mac-openssl.png) #### 安装教程解压进入openssl-ext-sm2目录 ```asm cd openssl-ext-sm2-master ``` ```asm phpize ``` 检查依赖 ```asm ./configure --with-openssl=/usr/local/openssl@1.1 ``` 检查结果 ```asm [lilunx openssl-ext-sm2]$ ./configure --with-openssl=/usr/local/openssl@1.1 checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for a sed that does not truncate output... /usr/bin/sed checking for cc... cc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether cc accepts -g... yes checking for cc option to accept ISO C89... none needed checking how to run the C preprocessor... cc -E checking for icc... no checking for suncc... no checking whether cc understands -c and -o together... yes checking for system library directory... lib checking if compiler supports -R... no checking if compiler supports -Wl,-rpath,... yes checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking target system type... x86_64-pc-linux-gnu checking for PHP prefix... /usr/local/php checking for PHP includes... -I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib checking for PHP extension directory... /usr/local/php/lib/php/extensions/no-debug-non-zts-20180731 checking for PHP installed headers prefix... /usr/local/php/include/php checking if debug is enabled... no checking if zts is enabled... no checking for re2c... no configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers. checking for gawk... gawk checking for OpenSSL support... yes, shared checking for Kerberos support... no checking whether to use system default cipher list instead of hardcoded value... no checking whether to enable sm2 support... yes, shared checking for RAND_egd... no checking for pkg-config... /usr/bin/pkg-config checking for OpenSSL version... >= 1.0.1 checking for CRYPTO_free in -lcrypto... yes checking for SSL_CTX_set_ssl_version in -lssl... yes checking for ld used by cc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking for BSD-compatible nm... /usr/bin/nm -B checking whether ln -s works... yes checking how to recognize dependent libraries... pass_all checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking dlfcn.h usability... yes checking dlfcn.h presence... yes checking for dlfcn.h... yes checking the maximum length of command line arguments... 1572864 checking command to parse /usr/bin/nm -B output from cc object... ok checking for objdir... .libs checking for ar... ar checking for ranlib... ranlib checking for strip... strip checking if cc supports -fno-rtti -fno-exceptions... no checking for cc option to produce PIC... -fPIC checking if cc PIC flag -fPIC works... yes checking if cc static flag -static works... no checking if cc supports -c -o file.o... yes checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no creating libtool appending configuration tag "CXX" to libtool configure: creating ./config.status config.status: creating config.h config.status: config.h is unchanged ``` 安装编译 ```asm make&&make install ``` 修改php.ini ```asm extension="sm2.so" ``` 重启php-fpm或者apache #### 使用说明 1. 创建公钥和私钥 ``` $pub_key 取地址结果为二进制 $pri_key 取地址结果为二进制 sm2_key_pair($pub_key, $pri_key); 返回值int 0 成功其他状态失败 ``` 2. 签名 ``` $msg 信息 $signature 输出签名结果 $pri_key 私钥二进制 $iv userid 没有设置默认为空的操作：如需为空请设置1234567812345678 sm2_sign($msg, $signature, $pri_key, $iv) 返回值int 0 成功其他状态失败 ``` 3. 验签 ``` $msg 信息 $signature 输入签名结果 $pub_key 公钥二进制 $iv userid 没有设置默认为空的操作：如需为空请设置1234567812345678 sm2_sign_verify($msg, $signature, $pub_key, $iv)；返回值int 0 成功其他状态失败 ``` 4. 公钥加密 ``` $msg 信息 $encrypt 输出加密结果二进制 $pub_key 公钥二进制 sm2_encrypt($msg, $encrypt, $pub_key) 返回值int 0 成功其他状态失败 ``` 5. 私钥解密 ``` $encrypt 加密信息二进制 $string 输出结果明文 $pri_key 私钥 sm2_decrypt($encrypt, $string, $pri_key) 返回值int 0 成功其他状态失败 ``` 6. 演示 ``` $msg = '这是测试'; $iv = '1234567812345678'; //没有设置默认为空的操作：如需为空请设置1234567812345678 sm2_key_pair($pub_key, $pri_key); base64_encode($pub_key); base64_encode($pri_key); #公钥:BHSAPGXtrHNxqJ3/b0+eNu2mdO0mpDfTGNJUMoEWpNpSL53Dw+YM/B/QT5OoLm4xQtw0hZY5wlWTR+cD629Grek= #私钥:++BuzKd1mPa0RXAJcY6DHDq9SUzo3T6/engbKReQRqI= sm2_sign($msg, $signature, $pri_key, $iv); base64_encode($signature); #私钥签名:+YHNtKkXbsRSs2nk5amd/YNqsiH8Kyr+oyLVVzuvRl+lqb40uzPxjsRo9QTYw7kZdWSfvM5lbxDMfF0cugQNfQ== sm2_sign_verify($msg, $signature, $pub_key, $iv); #公钥验签:0 sm2_encrypt($msg, $encrypt, $pub_key); base64_encode($encrypt); #公钥加密:BBdm04Uh5EgzYKG3Ff8rBFJQZxRSXnrh9/WDZxS6PmzfnTDz0O0C115BPxMDfBNnOK5Ixs9kHTJPNSDoiHoiEmrnuotKN53rxnJtNd3MTbRjJOQ0sas9Kdktl1eHzj2/eseNaGh0LHZIOrBxAQ== sm2_decrypt($encrypt, $string, $pri_key); #私钥解密:这是测试 ``` #### 性能测试纯php代码实现国密算法：https://learnku.com/articles/68557 注意事项：此sm2扩展加密结果额外增加了04开头,如两方加解密不互通请查看此处 ```asm 04c30f5ef97396dc63273cb4fc70a3a0695ad8041b8019d1f0e74236d4d014842a6f1c5318ce0aaa33d360252640b850cd6a59e4cf33477076d79948e90cf664227675aa024a904fecdffc2b5ade4af0a02365e0812c0359ae38ede53d72ebd5e7b95c2560bcb7 ``` 服务器参数 ``` 物理cpu：2个逻辑cpu：8个 cpu核数：4个运行内存：8G ``` 使用php框架：lumen 参与加密数据 ```asm {"request":{"body":{

评论收藏

内容反馈