同步操作将从 国密系列/openssl-ext-sm2 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
基于openssl密码库编写的SM2椭圆曲线公钥密码算法PHP扩展
特性:非对称加密
git地址:https://gitee.com/state-secret-series/openssl-ext-sm2.git
zend 常规PHP扩展结构
1,liunx :openssl/lib必须包含 libcrypto.so和libssl.so 动态库
2,mac :openssl/lib必须包含 libcrypto.dylib和libssl.dylib 动态库
如出现:: undefined symbol: BN_CTX_secure_new 或其他类似的情况,就是没有动态库,openssl 不必升级以免影响正常的openssl扩展受影响,可在新目录安装openssl
教程:https://blog.csdn.net/qq_39316391/article/details/126363284
例:liunx
例:mac
解压进入openssl-ext-sm2目录
cd openssl-ext-sm2-master
phpize
检查依赖
./configure --with-openssl=/usr/local/openssl@1.1
检查结果
[lilunx openssl-ext-sm2]$ ./configure --with-openssl=/usr/local/openssl@1.1
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for a sed that does not truncate output... /usr/bin/sed
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
checking for PHP prefix... /usr/local/php
checking for PHP includes... -I/usr/local/php/include/php -I/usr/local/php/include/php/main -I/usr/local/php/include/php/TSRM -I/usr/local/php/include/php/Zend -I/usr/local/php/include/php/ext -I/usr/local/php/include/php/ext/date/lib
checking for PHP extension directory... /usr/local/php/lib/php/extensions/no-debug-non-zts-20180731
checking for PHP installed headers prefix... /usr/local/php/include/php
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... no
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk... gawk
checking for OpenSSL support... yes, shared
checking for Kerberos support... no
checking whether to use system default cipher list instead of hardcoded value... no
checking whether to enable sm2 support... yes, shared
checking for RAND_egd... no
checking for pkg-config... /usr/bin/pkg-config
checking for OpenSSL version... >= 1.0.1
checking for CRYPTO_free in -lcrypto... yes
checking for SSL_CTX_set_ssl_version in -lssl... yes
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking the maximum length of command line arguments... 1572864
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC
checking if cc PIC flag -fPIC works... yes
checking if cc static flag -static works... no
checking if cc supports -c -o file.o... yes
checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
creating libtool
appending configuration tag "CXX" to libtool
configure: creating ./config.status
config.status: creating config.h
config.status: config.h is unchanged
安装编译
make&&make install
修改php.ini
extension="sm2.so"
重启php-fpm或者apache
$pub_key 取地址 结果为二进制
$pri_key 取地址 结果为二进制
sm2_key_pair($pub_key, $pri_key);
返回值int 0 成功 其他状态失败
$msg 信息
$signature 输出签名结果
$pri_key 私钥 二进制
$iv userid 没有设置默认为空的操作:如需为空请设置1234567812345678
sm2_sign($msg, $signature, $pri_key, $iv)
返回值int 0 成功 其他状态失败
$msg 信息
$signature 输入签名结果
$pub_key 公钥 二进制
$iv userid 没有设置默认为空的操作:如需为空请设置1234567812345678
sm2_sign_verify($msg, $signature, $pub_key, $iv);
返回值int 0 成功 其他状态失败
$msg 信息
$encrypt 输出加密结果 二进制
$pub_key 公钥 二进制
sm2_encrypt($msg, $encrypt, $pub_key)
返回值int 0 成功 其他状态失败
$encrypt 加密信息 二进制
$string 输出结果 明文
$pri_key 私钥
sm2_decrypt($encrypt, $string, $pri_key)
返回值int 0 成功 其他状态失败
$msg = '这是测试';
$iv = '1234567812345678'; //没有设置默认为空的操作:如需为空请设置1234567812345678
sm2_key_pair($pub_key, $pri_key);
base64_encode($pub_key);
base64_encode($pri_key);
#公钥:BHSAPGXtrHNxqJ3/b0+eNu2mdO0mpDfTGNJUMoEWpNpSL53Dw+YM/B/QT5OoLm4xQtw0hZY5wlWTR+cD629Grek=
#私钥:++BuzKd1mPa0RXAJcY6DHDq9SUzo3T6/engbKReQRqI=
sm2_sign($msg, $signature, $pri_key, $iv);
base64_encode($signature);
#私钥签名:+YHNtKkXbsRSs2nk5amd/YNqsiH8Kyr+oyLVVzuvRl+lqb40uzPxjsRo9QTYw7kZdWSfvM5lbxDMfF0cugQNfQ==
sm2_sign_verify($msg, $signature, $pub_key, $iv);
#公钥验签:0
sm2_encrypt($msg, $encrypt, $pub_key);
base64_encode($encrypt);
#公钥加密:BBdm04Uh5EgzYKG3Ff8rBFJQZxRSXnrh9/WDZxS6PmzfnTDz0O0C115BPxMDfBNnOK5Ixs9kHTJPNSDoiHoiEmrnuotKN53rxnJtNd3MTbRjJOQ0sas9Kdktl1eHzj2/eseNaGh0LHZIOrBxAQ==
sm2_decrypt($encrypt, $string, $pri_key);
#私钥解密:这是测试
纯php代码实现国密算法:https://learnku.com/articles/68557 注意事项:此sm2扩展加密结果额外增加了04开头,如两方加解密不互通请查看此处
04c30f5ef97396dc63273cb4fc70a3a0695ad8041b8019d1f0e74236d4d014842a6f1c5318ce0aaa33d360252640b850cd6a59e4cf33477076d79948e90cf664227675aa024a904fecdffc2b5ade4af0a02365e0812c0359ae38ede53d72ebd5e7b95c2560bcb7
服务器参数
物理cpu:2个
逻辑cpu:8个
cpu核数:4个
运行内存:8G
使用php框架:lumen
参与加密数据
{"request":{"body":{"ntbusmody":[{"busmod":"00001"}],"ntdumaddx1":[{"bbknbr":"75","dyanam":"招商
测试","dyanbr":"11111111111","eftdat":"20220602","inbacc":"755936020410404","ovrctl":"N","yurref":"596620626253316098"}]},"head":{"funcode":"NTDUMADD","reqid":"202206021511010000001","userid":"B000001631"}},"signature":{"sigdat":"__signature_sigdat__","sigtim":"20220602161503"}}
userid
1234567812345678
性能分析
关于执行次数:1000/100次是因为使用纯php服务器跑不了10000次。
使用xhorf栈跟踪分析:
1,纯PHP代码性能图
2,PHP-sm2扩展代码性能图
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。