openssl-ext-sm2

介绍

基于openssl密码库编写的SM2椭圆曲线公钥密码算法PHP扩展

特性：非对称加密

git地址：https://gitee.com/state-secret-series/openssl-ext-sm2.git

软件架构

zend 常规php扩展结构

依赖要求

1，liunx :openssl/lib必须包含 libcrypto.so和libssl.so 动态库

2，Mac :openssl/lib必须包含 libcrypto.dylib和libssl.dylib 动态库

例：liunx

例：mac

安装教程

解压进入openssl-ext-sm2目录

cd openssl-ext-sm2-master

phpize

检查依赖

./configure  --with-openssl=/usr/local/openssl@1.1

检查结果

[lilunx openssl-ext-sm2]$ ./configure --with-openssl=/usr/local/openssl@1.1checking for grep that handles long lines and -e... /usr/bin/grepchecking for egrep... /usr/bin/grep -Echecking for a sed that does not truncate output... /usr/bin/sedchecking for cc... ccchecking whether the C compiler works... yeschecking for C compiler default output file name... a.outchecking for suffix of executables...checking whether we are cross compiling... nochecking for suffix of object files... ochecking whether we are using the GNU C compiler... yeschecking whether cc accepts -g... yeschecking for cc option to accept ISO C89... none neededchecking how to run the C preprocessor... cc -Echecking for icc... nochecking for suncc... nochecking whether cc understands -c and -o together... yeschecking for system library directory... libchecking if compiler supports -R... nochecking if compiler supports -Wl,-rpath,... yeschecking build system type... x86_64-pc-linux-gnuchecking host system type... x86_64-pc-linux-gnuchecking target system type... x86_64-pc-linux-gnuchecking for PHP prefix... /usr/local/phpchecking for PHP includes... -I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/libchecking for PHP extension directory... /usr/local/php/lib/php/extensions/no-debug-non-zts-20180731checking for PHP installed headers prefix... /usr/local/php/include/phpchecking if debug is enabled... nochecking if zts is enabled... nochecking for re2c... noconfigure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.checking for gawk... gawkchecking for OpenSSL support... yes, sharedchecking for Kerberos support... nochecking whether to use system default cipher list instead of hardcoded value... nochecking whether to enable sm2 support... yes, sharedchecking for RAND_egd... nochecking for pkg-config... /usr/bin/pkg-configchecking for OpenSSL version... >= 1.0.1checking for CRYPTO_free in -lcrypto... yeschecking for SSL_CTX_set_ssl_version in -lssl... yeschecking for ld used by cc... /usr/bin/ldchecking if the linker (/usr/bin/ld) is GNU ld... yeschecking for /usr/bin/ld option to reload object files... -rchecking for BSD-compatible nm... /usr/bin/nm -Bchecking whether ln -s works... yeschecking how to recognize dependent libraries... pass_allchecking for ANSI C header files... yeschecking for sys/types.h... yeschecking for sys/stat.h... yeschecking for stdlib.h... yeschecking for string.h... yeschecking for memory.h... yeschecking for strings.h... yeschecking for inttypes.h... yeschecking for stdint.h... yeschecking for unistd.h... yeschecking dlfcn.h usability... yeschecking dlfcn.h presence... yeschecking for dlfcn.h... yeschecking the maximum length of command line arguments... 1572864checking command to parse /usr/bin/nm -B output from cc object... okchecking for objdir... .libschecking for ar... archecking for ranlib... ranlibchecking for strip... stripchecking if cc supports -fno-rtti -fno-exceptions... nochecking for cc option to produce PIC... -fPICchecking if cc PIC flag -fPIC works... yeschecking if cc static flag -static works... nochecking if cc supports -c -o file.o... yeschecking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yeschecking whether -lc should be explicitly linked in... nochecking dynamic linker characteristics... GNU/linux ld.sochecking how to hardcode library paths into programs... immediatechecking whether stripping libraries is possible... yeschecking if libtool supports shared libraries... yeschecking whether to build shared libraries... yeschecking whether to build static libraries... nocreating libtoolappending configuration tag "CXX" to libtoolconfigure: creating ./config.statusconfig.status: creating config.hconfig.status: config.h is unchanged

安装编译

make&&make install

修改php.ini

extension="sm2.so"

重启php-fpm或者apache

使用说明

创建公钥和私钥

$pub_key 取地址 结果为二进制$pri_key 取地址 结果为二进制sm2_key_pair($pub_key, $pri_key);返回值int 0 成功 其他状态失败

签名

$msg 信息$signature 输出签名结果$pri_key 私钥 二进制$iv userid 没有设置默认为空的操作：如需为空请设置1234567812345678sm2_sign($msg, $signature, $pri_key, $iv)返回值int 0 成功 其他状态失败

验签

$msg 信息$signature 输入签名结果$pub_key 公钥 二进制$iv userid 没有设置默认为空的操作：如需为空请设置1234567812345678sm2_sign_verify($msg, $signature, $pub_key, $iv)；返回值int 0 成功 其他状态失败

公钥加密

$msg 信息$encrypt 输出加密结果 二进制 $pub_key 公钥 二进制sm2_encrypt($msg, $encrypt, $pub_key)返回值int 0 成功 其他状态失败

私钥解密

$encrypt 加密信息 二进制$string 输出结果 明文$pri_key 私钥sm2_decrypt($encrypt, $string, $pri_key)返回值int 0 成功 其他状态失败

演示

 $msg = '这是测试'; $iv = '1234567812345678'; //没有设置默认为空的操作：如需为空请设置1234567812345678 sm2_key_pair($pub_key, $pri_key); base64_encode($pub_key);  base64_encode($pri_key);  #公钥:BHSAPGXtrHNxqJ3/b0+eNu2mdO0mpdfTGNJUMoEWpNpSL53Dw+YM/B/Qt5OoLm4xQtw0hZY5wlWTR+cD629Grek= #私钥:++BuzKd1mPa0RXAJcY6DHDq9SUzo3T6/engbKReQRqI= sm2_sign($msg, $signature, $pri_key, $iv);  base64_encode($signature);    #私钥签名:+YHNtKkXbsRSs2nk5amd/YNqsiH8Kyr+oyLVVzuvRl+lqb40uzPxjsRo9QTYw7kZdWSfvM5lbxDMfF0cugQNfQ== sm2_sign_verify($msg, $signature, $pub_key, $iv); #公钥验签:0 sm2_encrypt($msg, $encrypt, $pub_key); base64_encode($encrypt);  #公钥加密:BBdm04Uh5EgzYKG3Ff8rBFJQZxRSXnrh9/WDZxS6PmzfnTDz0O0C115BPxMDfBNnOK5Ixs9kHTJPNSDoiHoiEmrnuotKN53rxnJtNd3MTbRjJOQ0sas9Kdktl1eHzj2/eseNaGh0LHZIOrBxAQ== sm2_decrypt($encrypt, $string, $pri_key); #私钥解密:这是测试

性能测试

纯php代码实现国密算法：Https://learnku.com/articles/68557

服务器参数

物理cpu：2个逻辑cpu：8个cpu核数：4个运行内存：8G

使用php框架：lumen

参与加密数据

{"request":{"body":{"ntbusmody":[{"busmod":"00001"}],"ntdumaddx1":[{"bbknbr":"75","dyanam":"招商测试","dyanbr":"11111111111","eftdat":"20220602","inbacc":"755936020410404","ovrctl":"N","yurref":"596620626253316098"}]},"head":{"funcode":"NTDUMADD","reqid":"202206021511010000001","userid":"B000001631"}},"signature":{"sigdat":"__signature_sigdat__","sigtim":"20220602161503"}}

userid

1234567812345678

性能分析

关于执行次数：1000/100次是因为使用纯php服务器跑不了10000次。

使用xhorf栈跟踪分析：

1,纯PHP代码性能图

2，PHP-sm2扩展代码性能图

来源地址：https://blog.csdn.net/qq_39316391/article/details/126240650