# 基于go gmsm编写的sm2国密算法PHP扩展 **Repository Path**: state-secret-series/go-ext-sm2 ## Basic Information - **Project Name**: 基于go gmsm编写的sm2国密算法PHP扩展 - **Description**: 基于go gmsm编写的sm2国密算法PHP扩展 - **Primary Language**: Unknown - **License**: Apache-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 2 - **Forks**: 0 - **Created**: 2024-07-03 - **Last Updated**: 2025-04-22 ## Categories & Tags **Categories**: Uncategorized **Tags**: sm2, 国密, Go语言, go静态库 ## README # go-ext-sm2 #### 介绍 基于go-gmsm静态库编写的SM2椭圆曲线公钥密码算法PHP扩展 相较于openssl-ext-sm2编译更方便 增加了密文指定排序、识别ans1编码等功能 特性:非对称加密 git地址:https://gitee.com/state-secret-series/go-ext-sm2.git #### 软件架构 zend 常规PHP扩展结构 #### 依赖要求 1,包内在lib文件目录下已包含了mac、liunx编译后的gosm2静态库,自动加载对应环境的静态库,可直接编译 2,编译时注意使用make clean时会把编译好的静态库删除 3,如静态库在编译时不可用、请手动编译go-gogmsm库,完成后放到对应环境的目录下 地址:https://gitee.com/state-secret-series/go-gmsm.git #### 安装教程 解压进入openssl-ext-sm2目录 ```asm cd go-ext-sm2 ``` ```asm phpize ``` 检查依赖 ```asm ./configure --with-php-config=/www/server/php/*你的版本*/bin/php-config ``` 检查结果 ```asm [root@6309fccb9e17 go-ext-sm2]# ./configure --with-php-config=/www/server/php/74/bin/php-config checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for a sed that does not truncate output... /usr/bin/sed checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for cc... cc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether the compiler supports GNU C... yes checking whether cc accepts -g... yes checking for cc option to enable C11 features... -std=gnu11 checking how to run the C preprocessor... cc -std=gnu11 -E checking for egrep -e... (cached) /usr/bin/grep -E checking for icc... no checking for suncc... no checking for system library directory... lib checking if compiler supports -R... no checking if compiler supports -Wl,-rpath,... yes checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking target system type... x86_64-pc-linux-gnu checking for PHP prefix... /www/server/php/74 checking for PHP includes... -I/www/server/php/74/include/php -I/www/server/php/74/include/php/main -I/www/server/php/74/include/php/TSRM -I/www/server/php/74/include/php/Zend -I/www/server/php/74/include/php/ext -I/www/server/php/74/include/php/ext/date/lib checking for PHP extension directory... /www/server/php/74/lib/php/extensions/no-debug-non-zts-20190902 checking for PHP installed headers prefix... /www/server/php/74/include/php checking if debug is enabled... no checking if zts is enabled... no checking for gawk... gawk checking whether to enable go_sm2 support... yes, shared checking for gcc... (cached) cc checking whether the compiler supports GNU C... (cached) yes checking whether cc accepts -g... (cached) yes checking for cc option to enable C11 features... (cached) -std=gnu11 checking whether cc -std=gnu11 supports C99... yes checking for macOS... no checking for a sed that does not truncate output... /usr/bin/sed checking for ld used by cc -std=gnu11... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking for BSD-compatible nm... /usr/bin/nm -B checking whether ln -s works... yes checking how to recognize dependent libraries... pass_all checking for stdio.h... yes checking for stdlib.h... yes checking for string.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for strings.h... yes checking for sys/stat.h... yes checking for sys/types.h... yes checking for unistd.h... yes checking for dlfcn.h... yes checking the maximum length of command line arguments... 1572864 checking command to parse /usr/bin/nm -B output from cc -std=gnu11 object... ok checking for objdir... .libs checking for ar... ar checking for ranlib... ranlib checking for strip... strip checking if cc -std=gnu11 supports -fno-rtti -fno-exceptions... no checking for cc -std=gnu11 option to produce PIC... -fPIC checking if cc -std=gnu11 PIC flag -fPIC works... yes checking if cc -std=gnu11 static flag -static works... no checking if cc -std=gnu11 supports -c -o file.o... yes checking whether the cc -std=gnu11 linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no creating libtool appending configuration tag "CXX" to libtool configure: patching config.h.in configure: creating ./config.status config.status: creating config.h config.status: config.h is unchanged ``` 安装编译 ```asm make&&make install ``` 修改php.ini ```asm extension="go_sm2.so" ``` 重启php-fpm或者apache #### 使用说明 全局定义常量 ``` 非ans1加密 GO_SM2_MODE_DEFAULT 结果ans1加密 GO_SM2_MODE_ASN1 密文排列顺序 老规则 GO_SM2_ORDER_C1C2C3 新规则 GO_SM2_ORDER_C1C3C2 ``` 1. 创建公钥和私钥 ``` $pub_key 取地址 结果为二进制 $pri_key 结果为二进制 $key_pair=go_sm2_key_pair(); dump($key_pair); array:3 [ "code" => 200 "msg" => "Key generation successful!" "data" => array:2 [ "publicKey" =>二进制 "privateKey" =>二进制 ] ] 返回值code int 200 成功 其他状态失败 ``` 2. 签名 ``` $msg 信息 $pri_key 私钥 二进制 $mode 签名返回模式 默认 GO_SM2_MODE_DEFAULT $iv userid 默认为1234567812345678 可不传 返回 GO_SM2_MODE_DEFAULT r,s 拼接的64位2进制 返回 GO_SM2_MODE_ANS1 r,s 编码的30开头的2进制 $sign=go_sm2_sign($msg, $pri_key) array:3 [ "code" => 200 "msg" => "Key generation successful!" "data" => array:1 [ "signature" => 二进制 ] ] //转成hex16进制 $iv='1224222232424333'; $sign=go_sm2_sign($msg,$pri_key,GO_SM2_MODE_ANS1) $sign=go_sm2_sign($msg, $pri_key,GO_SM2_MODE_ANS1,$iv); 返回值code int 200 成功 其他状态失败 ``` 3. 验签 自动识别是否是ans1 无需传mode ``` $msg 信息 $signature 输入签名结果 $pub_key 公钥 二进制 $iv userid 默认为1234567812345678 go_sm2_verify($msg, $pub_key,$signature); go_sm2_verify($msg, $pub_key,$signature,$iv); 返回值code int 200 成功 其他状态失败 ``` 4. 公钥加密 ``` $msg 信息 $encrypt 输出加密结果 二进制 $pub_key 公钥 二进制 $order 排序方式 默认C1C3C2 $mode 是否ans1编码 默认不编码 $encrypt=go_sm2_encrypt($msg, $pub_key); $encrypt=go_sm2_encrypt($msg, $pub_key,GO_SM2_ORDER_C1C2C3); $encrypt=go_sm2_encrypt($msg, $pub_key,GO_SM2_ORDER_C1C2C3,GO_SM2_MODE_ASN1); 返回值code int 200 成功 其他状态失败 ``` 5. 私钥解密 自动识别ans1编码格式的密文 ``` $encrypt 加密信息 二进制 $string 输出结果 明文 $pri_key 私钥 $order 排序方式 默认C1C3C2 go_sm2_decrypt($encrypt, $string, $pri_key); go_sm2_decrypt($encrypt, $string, $pri_key,GO_SM2_ORDER_C1C2C3); 返回值code int 200 成功 其他状态失败 ``` 6. 演示 ``` $key_pair = go_sm2_key_pair(); if ($key_pair['code'] != 200) { echo '生成钥匙对失败:' . $key_pair['msg'] . PHP_EOL; exit; } $msg = "这是测试"; $pub_key = $key_pair['data']['publicKey']; $pri_key = $key_pair['data']['privateKey']; echo '公钥:' . bin2hex($pub_key) . PHP_EOL; echo '私钥:', bin2hex($pri_key) . PHP_EOL; $sign = go_sm2_sign($msg, $pri_key); if ($sign['code'] != 200) { echo '签名失败:' . $sign['msg'] . PHP_EOL; exit; } echo '签名:' . bin2hex($sign['data']['signature']) . PHP_EOL; $res = go_sm2_verify($msg, $pub_key, $sign['data']['signature']); if ($res['code'] != 200) { echo '验签失败:' . $res['msg'] . PHP_EOL; exit; } echo '验签:' . $res['msg'] . PHP_EOL; $encrypt = go_sm2_encrypt($msg, $pub_key); if ($encrypt['code'] != 200) { echo '加密失败:' . $encrypt['msg'] . PHP_EOL; exit; } echo '密文:' . bin2hex($encrypt['data']['ciphertext']) . PHP_EOL; $decrypt = go_sm2_decrypt($pri_key, $encrypt['data']['ciphertext']); if ($decrypt['code'] != 200) { echo '解密失败:' . $encrypt['msg'] . PHP_EOL; exit; } echo '明文:' . $decrypt['data']['plaintext'] . PHP_EOL; ``` 输出结果 ``` 公钥:0460fda1fe45d5dfcb84c7b7f4199ebca7bff423c7f1ca1eeb2e2abc1a004df3cd22aab950e476eef30fcff54ee0404d6fea09979a23bc9ee5dd883b05863f2f92 私钥:81905b16e44b267d6a179c5a09774cd698f8eac168f4429d793eb89931e9e7d0 签名:58cc705f11aef46db6469eefff2c26be386cc697d9f6d283f740ef3a116adb38a0a3e6a5e71afc9cd05973723678f25f339c1e38cdccb886e85dfb2a5c8795d9 验签:message verify successful! 密文:0427f56b468097cd763ac108079abb8e7b750d628fbc53c286c21270947e5885eda79451ba6416ebd8dcb4dee70c4e80cfc16971694b5d717ceab88def2d6586b98179419cfcf534bba12767540fc765e0b04a3576fba2cff67b5fe410b98c90672a98761f17e4725d4cde7 明文:这是测试 ```