go-ext-sm2

介绍

基于go-gmsm静态库编写的SM2椭圆曲线公钥密码算法PHP扩展
相较于openssl-ext-sm2编译更方便
增加了密文指定排序、识别ans1编码等功能

特性：非对称加密

git地址：https://gitee.com/state-secret-series/go-ext-sm2.git

软件架构

zend 常规PHP扩展结构

依赖要求

1，包内在lib文件目录下已包含了mac、liunx编译后的gosm2静态库，自动加载对应环境的静态库，可直接编译

2，编译时注意使用make clean时会把编译好的静态库删除

3，如静态库在编译时不可用、请手动编译go-gogmsm库，完成后放到对应环境的目录下 地址:https://gitee.com/state-secret-series/go-gmsm.git

安装教程

解压进入openssl-ext-sm2目录

cd go-ext-sm2

phpize

检查依赖

./configure --with-php-config=/www/server/php/*你的版本*/bin/php-config

检查结果

[root@6309fccb9e17 go-ext-sm2]# ./configure --with-php-config=/www/server/php/74/bin/php-config
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for a sed that does not truncate output... /usr/bin/sed
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether cc accepts -g... yes
checking for cc option to enable C11 features... -std=gnu11
checking how to run the C preprocessor... cc -std=gnu11 -E
checking for egrep -e... (cached) /usr/bin/grep -E
checking for icc... no
checking for suncc... no
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
checking for PHP prefix... /www/server/php/74
checking for PHP includes... -I/www/server/php/74/include/php -I/www/server/php/74/include/php/main -I/www/server/php/74/include/php/TSRM -I/www/server/php/74/include/php/Zend -I/www/server/php/74/include/php/ext -I/www/server/php/74/include/php/ext/date/lib
checking for PHP extension directory... /www/server/php/74/lib/php/extensions/no-debug-non-zts-20190902
checking for PHP installed headers prefix... /www/server/php/74/include/php
checking if debug is enabled... no
checking if zts is enabled... no
checking for gawk... gawk
checking whether to enable go_sm2 support... yes, shared
checking for gcc... (cached) cc
checking whether the compiler supports GNU C... (cached) yes
checking whether cc accepts -g... (cached) yes
checking for cc option to enable C11 features... (cached) -std=gnu11
checking whether cc -std=gnu11 supports C99... yes
checking for macOS... no
checking for a sed that does not truncate output... /usr/bin/sed
checking for ld used by cc -std=gnu11... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking the maximum length of command line arguments... 1572864
checking command to parse /usr/bin/nm -B output from cc -std=gnu11 object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if cc -std=gnu11 supports -fno-rtti -fno-exceptions... no
checking for cc -std=gnu11 option to produce PIC... -fPIC
checking if cc -std=gnu11 PIC flag -fPIC works... yes
checking if cc -std=gnu11 static flag -static works... no
checking if cc -std=gnu11 supports -c -o file.o... yes
checking whether the cc -std=gnu11 linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no

creating libtool
appending configuration tag "CXX" to libtool
configure: patching config.h.in
configure: creating ./config.status
config.status: creating config.h
config.status: config.h is unchanged

安装编译

make&&make install

修改php.ini

extension="go_sm2.so"

重启php-fpm或者apache

使用说明

全局定义常量

php">非ans1加密
GO_SM2_MODE_DEFAULT 
结果ans1加密
GO_SM2_MODE_ASN1

密文排列顺序
老规则
GO_SM2_ORDER_C1C2C3
新规则
GO_SM2_ORDER_C1C3C2

1. 创建公钥和私钥

php">$pub_key 取地址 结果为二进制
$pri_key 结果为二进制

$key_pair=go_sm2_key_pair();
dump($key_pair);

array:3 [
  "code" => 200
  "msg" => "Key generation successful!"
  "data" => array:2 [
    "publicKey" =>二进制
    "privateKey" =>二进制
  ]
]

返回值code int 200 成功 其他状态失败

2. 签名

php">$msg 信息
$pri_key 私钥 二进制
$mode 签名返回模式 默认 GO_SM2_MODE_DEFAULT
$iv userid 默认为1234567812345678 可不传
返回 GO_SM2_MODE_DEFAULT r,s 拼接的64位2进制
返回 GO_SM2_MODE_ANS1 r,s 编码的30开头的2进制
$sign=go_sm2_sign($msg, $pri_key)

array:3 [
  "code" => 200
  "msg" => "Key generation successful!"
  "data" => array:1 [
    "signature" => 二进制
  ]
]
//转成hex16进制

$iv='1224222232424333';
$sign=go_sm2_sign($msg,$pri_key,GO_SM2_MODE_ANS1)

$sign=go_sm2_sign($msg, $pri_key,GO_SM2_MODE_ANS1,$iv);

返回值code int 200 成功 其他状态失败

3. 验签 自动识别是否是ans1 无需传mode

php">$msg 信息
$signature 输入签名结果
$pub_key 公钥 二进制
$iv userid 默认为1234567812345678

go_sm2_verify($msg, $pub_key,$signature)；

go_sm2_verify($msg, $pub_key,$signature,$iv)；

返回值code int 200 成功 其他状态失败

4. 公钥加密

php">$msg 信息
$encrypt 输出加密结果 二进制 
$pub_key 公钥 二进制
$order 排序方式 默认C1C3C2
$mode  是否ans1编码 默认不编码

$encrypt=go_sm2_encrypt($msg, $pub_key);

$encrypt=go_sm2_encrypt($msg, $pub_key,GO_SM2_ORDER_C1C2C3);

$encrypt=go_sm2_encrypt($msg, $pub_key,GO_SM2_ORDER_C1C2C3,GO_SM2_MODE_ASN1);

返回值code int 200 成功 其他状态失败

5. 私钥解密 自动识别ans1编码格式的密文

php">$encrypt 加密信息 二进制
$string 输出结果 明文
$pri_key 私钥
$order 排序方式 默认C1C3C2

go_sm2_decrypt($encrypt, $string, $pri_key);
go_sm2_decrypt($encrypt, $string, $pri_key,GO_SM2_ORDER_C1C2C3);

返回值code int 200 成功 其他状态失败

6. 演示

php">$key_pair = go_sm2_key_pair();

if ($key_pair['code'] != 200) {
    echo '生成钥匙对失败：' . $key_pair['msg'] . PHP_EOL;
    exit;
}
$msg     = "这是测试";
$pub_key = $key_pair['data']['publicKey'];
$pri_key = $key_pair['data']['privateKey'];
echo '公钥：' . bin2hex($pub_key) . PHP_EOL;
echo '私钥：', bin2hex($pri_key) . PHP_EOL;
$sign = go_sm2_sign($msg, $pri_key);
if ($sign['code'] != 200) {
    echo '签名失败：' . $sign['msg'] . PHP_EOL;
    exit;
}
echo '签名：' . bin2hex($sign['data']['signature']) . PHP_EOL;

$res = go_sm2_verify($msg, $pub_key, $sign['data']['signature']);
if ($res['code'] != 200) {
    echo '验签失败：' . $res['msg'] . PHP_EOL;
    exit;
}
echo '验签：' . $res['msg'] . PHP_EOL;

$encrypt = go_sm2_encrypt($msg, $pub_key);
if ($encrypt['code'] != 200) {
    echo '加密失败：' . $encrypt['msg'] . PHP_EOL;
    exit;
}
echo '密文：' . bin2hex($encrypt['data']['ciphertext']) . PHP_EOL;

$decrypt = go_sm2_decrypt($pri_key, $encrypt['data']['ciphertext']);
if ($decrypt['code'] != 200) {
    echo '解密失败：' . $encrypt['msg'] . PHP_EOL;
    exit;
}
echo '明文：' . $decrypt['data']['plaintext'] . PHP_EOL;

输出结果

php">公钥：0460fda1fe45d5dfcb84c7b7f4199ebca7bff423c7f1ca1eeb2e2abc1a004df3cd22aab950e476eef30fcff54ee0404d6fea09979a23bc9ee5dd883b05863f2f92
私钥：81905b16e44b267d6a179c5a09774cd698f8eac168f4429d793eb89931e9e7d0
签名：58cc705f11aef46db6469eefff2c26be386cc697d9f6d283f740ef3a116adb38a0a3e6a5e71afc9cd05973723678f25f339c1e38cdccb886e85dfb2a5c8795d9
验签：message verify successful!
密文：0427f56b468097cd763ac108079abb8e7b750d628fbc53c286c21270947e5885eda79451ba6416ebd8dcb4dee70c4e80cfc16971694b5d717ceab88def2d6586b98179419cfcf534bba12767540fc765e0b04a3576fba2cff67b5fe410b98c90672a98761f17e4725d4cde7
明文：这是测试