PHP sm2 國密擴充套件

介紹

基於openssl密碼庫編寫的SM2橢圓曲線公鑰密碼演算法PHP擴充套件

特性：非對稱加密

git地址：gitee.com/state-secret-series/open...

軟體架構

zend 常規PHP擴充套件結構

依賴要求

1，liunx :openssl/lib必須包含 libcrypto.so和libssl.so 動態庫

2，mac :openssl/lib必須包含 libcrypto.dylib和libssl.dylib 動態庫

例：liunx

例：mac

安裝教程

解壓進入openssl-ext-sm2目錄

cd openssl-ext-sm2-master

phpize

檢查依賴

./configure  --with-openssl=/usr/local/openssl@1.1

檢查結果

[lilunx openssl-ext-sm2]$ ./configure --with-openssl=/usr/local/openssl@1.1
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for a sed that does not truncate output... /usr/bin/sed
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
checking for PHP prefix... /usr/local/php
checking for PHP includes... -I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib
checking for PHP extension directory... /usr/local/php/lib/php/extensions/no-debug-non-zts-20180731
checking for PHP installed headers prefix... /usr/local/php/include/php
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... no
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk... gawk
checking for OpenSSL support... yes, shared
checking for Kerberos support... no
checking whether to use system default cipher list instead of hardcoded value... no
checking whether to enable sm2 support... yes, shared
checking for RAND_egd... no
checking for pkg-config... /usr/bin/pkg-config
checking for OpenSSL version... >= 1.0.1
checking for CRYPTO_free in -lcrypto... yes
checking for SSL_CTX_set_ssl_version in -lssl... yes
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking the maximum length of command line arguments... 1572864
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC
checking if cc PIC flag -fPIC works... yes
checking if cc static flag -static works... no
checking if cc supports -c -o file.o... yes
checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no

creating libtool
appending configuration tag "CXX" to libtool
configure: creating ./config.status
config.status: creating config.h
config.status: config.h is unchanged

安裝編譯

make&&make install

修改php.ini

extension="sm2.so"

重啟php-fpm或者apache

使用說明

1. 建立公鑰和私鑰

$pub_key 取地址 結果為二進位制
$pri_key 取地址 結果為二進位制

sm2_key_pair($pub_key, $pri_key);

返回值int 0 成功 其他狀態失敗

2. 簽名

$msg 資訊
$signature 輸出簽名結果
$pri_key 私鑰 二進位制
$iv userid 沒有設定預設為空的操作：如需為空請設定1234567812345678

sm2_sign($msg, $signature, $pri_key, $iv)

返回值int 0 成功 其他狀態失敗

3. 驗籤

$msg 資訊
$signature 輸入簽名結果
$pub_key 公鑰 二進位制
$iv userid 沒有設定預設為空的操作：如需為空請設定1234567812345678

sm2_sign_verify($msg, $signature, $pub_key, $iv)；

返回值int 0 成功 其他狀態失敗

4. 公鑰加密

$msg 資訊
$encrypt 輸出加密結果 二進位制 
$pub_key 公鑰 二進位制
sm2_encrypt($msg, $encrypt, $pub_key)

返回值int 0 成功 其他狀態失敗

5. 私鑰解密

$encrypt 加密資訊 二進位制
$string 輸出結果 明文
$pri_key 私鑰
sm2_decrypt($encrypt, $string, $pri_key)

返回值int 0 成功 其他狀態失敗

6. 演示

 $msg = '這是測試';
 $iv = '1234567812345678'; //沒有設定預設為空的操作：如需為空請設定1234567812345678

 sm2_key_pair($pub_key, $pri_key);
 base64_encode($pub_key); 
 base64_encode($pri_key); 
 #公鑰:BHSAPGXtrHNxqJ3/b0+eNu2mdO0mpDfTGNJUMoEWpNpSL53Dw+YM/B/QT5OoLm4xQtw0hZY5wlWTR+cD629Grek=
 #私鑰:++BuzKd1mPa0RXAJcY6DHDq9SUzo3T6/engbKReQRqI=

 sm2_sign($msg, $signature, $pri_key, $iv); 
 base64_encode($signature);  
 #私鑰簽名:+YHNtKkXbsRSs2nk5amd/YNqsiH8Kyr+oyLVVzuvRl+lqb40uzPxjsRo9QTYw7kZdWSfvM5lbxDMfF0cugQNfQ==

 sm2_sign_verify($msg, $signature, $pub_key, $iv);
 #公鑰驗籤:0

 sm2_encrypt($msg, $encrypt, $pub_key); 
 base64_encode($encrypt);  
 #公鑰加密:BBdm04Uh5EgzYKG3Ff8rBFJQZxRSXnrh9/WDZxS6PmzfnTDz0O0C115BPxMDfBNnOK5Ixs9kHTJPNSDoiHoiEmrnuotKN53rxnJtNd3MTbRjJOQ0sas9Kdktl1eHzj2/eseNaGh0LHZIOrBxAQ==
 sm2_decrypt($encrypt, $string, $pri_key);
 #私鑰解密:這是測試

效能測試

純php程式碼實現國密演算法：部落格：國密招商銀行對接

伺服器引數

物理cpu：2個
邏輯cpu：8個
cpu核數：4個
執行記憶體：8G

使用php框架：lumen

參與加密資料

{"request":{"body":{"ntbusmody":[{"busmod":"00001"}],"ntdumaddx1":[{"bbknbr":"75","dyanam":"招商
測試","dyanbr":"11111111111","eftdat":"20220602","inbacc":"755936020410404","ovrctl":"N","yurref":"596620626253316098"}]},"head":{"funcode":"NTDUMADD","reqid":"202206021511010000001","userid":"B000001631"}},"signature":{"sigdat":"__signature_sigdat__","sigtim":"20220602161503"}}

userid

1234567812345678

效能分析

關於執行次數：1000/100次是因為使用純php伺服器跑不了10000次。

使用xhorf棧跟蹤分析：

1,純PHP程式碼效能圖

2，PHP-sm2擴充套件程式碼效能圖

本作品採用《CC 協議》，轉載必須註明作者和本文連結