Chinaunix首页 | 论坛 | 博客
  • 博客访问: 408393
  • 博文数量: 118
  • 博客积分: 120
  • 博客等级: 入伍新兵
  • 技术积分: 657
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-03 19:50
个人简介

进来看看呗,觉得好看就点个赞。

文章分类

全部博文(118)

文章存档

2020年(13)

2019年(102)

2011年(1)

2008年(2)

我的朋友

分类: 网络与安全

2020-01-10 23:19:32

转自:https://www.jianshu.com/p/a1c3ee349345 
作者:阿群1986 

参考英文博客: https://www.openssl.org/blog/blog/2018/09/11/release111/

OpenSSL项目最近6个月添加了许多新特性, 包括对中国SM2/SM3/SM4算法的支持:

参考: 中国国家密码管理局制定的商业密码算法标准

  • 《GM/T 0006-2012 密码应用标识规范》定义国密算法OID标识

  • 《GB/T 32907-2016 SM4分组密码算法》(原GM/T 0002-2012)

  • 《GB/T 329??-2016 SM2椭圆曲线公钥密码算法》(原GM/T 0003-2012)

  • 《GB/T 32905-2016 SM3密码杂凑算法》(原GM/T 0004-2012)

下载源码, 编译, 以及验证步骤

下载源码

解压缩

tar xzvf openssl-1.1.1-pre4.tar.gz
tar xzvf openssl-1.1.1-pre5.tar.gz

编译步骤

cd openssl-1.1.1-pre5
./config
make

本地安装(可选步骤)

sudo make install

配置LD_LIBRARY_PATH并检查openssl可执行程序版本号

$ export LD_LIBRARY_PATH=`pwd`


$ ./apps/openssl version
OpenSSL 1.1.1-pre5 (beta) 17 Apr 2018

检查 SM3 哈希校验和

$ echo -n "abc" | ./apps/openssl dgst -SM3
(stdin)= 66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8f4ba8e0

检查椭圆曲线是否包含SM2

$ ./apps/openssl ecparam -list_curves | grep SM2 
SM2 : SM2 curve over a 256 bit prime field

检查SM4对称算法

./apps/openssl enc -ciphers
-sm4
-sm4-cbc
-sm4-cfb
-sm4-ctr
-sm4-ecb
-sm4-ofb

SM4-自测试数据

  1. 测试SM4-ECB电子密码本模式, 选取AES-128-ECB作为参考
    https://github.com/liuqun/openssl-sm4-demo/tree/master

  1. /** 文件名: https://github.com/liuqun/openssl-sm4-demo/blob/cmake/src/main.c */
  2. #include <stddef.h>
  3. #include <stdio.h>
  4. #include <stdlib.h>
  5. #include <string.h>
  6. #include "openssl/err.h"
  7. #include "openssl/evp.h"

  8. /* Before OpenSSL 1.1.1-pre1, we did not have EVP_sm4_ecb() */
  9. #if defined(OPENSSL_VERSION_NUMBER) \
  10.     && OPENSSL_VERSION_NUMBER < 0x10101001L
  11. static const EVP_CIPHER *(*EVP_sm4_ecb)()=EVP_aes_128_ecb;
  12. #endif

  13. typedef struct {
  14.     const unsigned char *in_data;
  15.     size_t in_data_len;
  16.     int in_data_is_already_padded;
  17.     const unsigned char *in_ivec;
  18.     const unsigned char *in_key;
  19.     size_t in_key_len;
  20. } test_case_t;


  21. void test_encrypt_with_cipher(const test_case_t *in, const EVP_CIPHER *cipher)
  22. {
  23.     unsigned char *out_buf = NULL;
  24.     int out_len;
  25.     int out_padding_len;
  26.     EVP_CIPHER_CTX *ctx;

  27.     ctx = EVP_CIPHER_CTX_new();
  28.     EVP_EncryptInit_ex(ctx, cipher, NULL, in->in_key, in->in_ivec);

  29.     if (in->in_data_is_already_padded)
  30.     {
  31.         /* Check whether the input data is already padded.
  32.         And its length must be an integral multiple of the cipher's block size. */
  33.         const size_t bs = EVP_CIPHER_block_size(cipher);
  34.         if (in->in_data_len % bs != 0)
  35.         {
  36.             printf("ERROR-1: data length=%d which is not added yet; block size=%d\n", (int) in->in_data_len, (int) bs);
  37.             /* Warning: Remember to do some clean-ups */
  38.             EVP_CIPHER_CTX_free(ctx);
  39.             return;
  40.         }
  41.         /* Disable the implicit PKCS#7 padding defined in EVP_CIPHER */
  42.         EVP_CIPHER_CTX_set_padding(ctx, 0);
  43.     }

  44.     out_buf = (unsigned char *) malloc(((in->in_data_len>>4)+1) << 4);
  45.     out_len = 0;
  46.     EVP_EncryptUpdate(ctx, out_buf, &out_len, in->in_data, in->in_data_len);
  47.     if (1)
  48.     {
  49.         printf("Debug: out_len=%d\n", out_len);
  50.     }

  51.     out_padding_len = 0;
  52.     EVP_EncryptFinal_ex(ctx, out_buf+out_len, &out_padding_len);
  53.     if (1)
  54.     {
  55.         printf("Debug: out_padding_len=%d\n", out_padding_len);
  56.     }

  57.     EVP_CIPHER_CTX_free(ctx);
  58.     if (1)
  59.     {
  60.         int i;
  61.         int len;
  62.         len = out_len + out_padding_len;
  63.         for (i=0; i<len; i++)
  64.         {
  65.             printf("%02x ", out_buf[i]);
  66.         }
  67.         printf("\n");
  68.     }

  69.     if (out_buf)
  70.     {
  71.         free(out_buf);
  72.         out_buf = NULL;
  73.     }
  74. }

  75. void main()
  76. {
  77.     int have_sm4 = (OPENSSL_VERSION_NUMBER >= 0x10101001L);
  78.     int have_aes = 1;
  79.     const unsigned char data[]=
  80.     {
  81.         0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  82.         0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  83.     };
  84.     unsigned char ivec[EVP_MAX_IV_LENGTH]; ///< IV 向量
  85.     const unsigned char key1[16] = ///< key_data, 密钥内容, 至少16字节
  86.     {
  87.         0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  88.         0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  89.     };
  90.     test_case_t tc;

  91.     tc.in_data = data;
  92.     tc.in_data_len = sizeof(data);
  93.     tc.in_data_is_already_padded = (tc.in_data_len % 16)==0; // Hard coded 16 as the cipher's block size
  94.     tc.in_key = key1;
  95.     tc.in_key_len = sizeof(key1);
  96.     memset(ivec, 0x00, EVP_MAX_IV_LENGTH);
  97.     tc.in_ivec = ivec;

  98. #if defined(OPENSSL_NO_SM4)
  99.     have_sm4 = 0;
  100. #endif
  101.     if (have_sm4)
  102.     {
  103.         printf("[1]\n");
  104.         printf("Debug: EVP_sm4_ecb() test\n");
  105.         test_encrypt_with_cipher(&tc, EVP_sm4_ecb());
  106.     }
  107. #if defined(OPENSSL_NO_AES)
  108.     have_aes = 0;
  109. #endif
  110.     if (have_aes)
  111.     {
  112.         printf("[2]\n");
  113.         printf("Debug: EVP_aes_128_ecb() test\n");
  114.         test_encrypt_with_cipher(&tc, EVP_aes_128_ecb());
  115.     }
  116. }
  1. 假定当前是把main.c放在 openssl-1.1.1-pre5/文件夹内
  2. gcc -Iinclude -c main.c
  3. gcc main.o libcrypto.so -o a.out

  4. export LD_LIBRARY_PATH=`pwd`
  5. ldd a.out

  6. ./a.out
9.1. GM/T OIDs
9.1.1. SCA OID Prefix
All SM4 GM/T OIDs belong under the "1.2.156.10197" OID prefix,
registered by the Chinese Cryptography Standardization Technology
Committee ("CCSTC"), a committee under the SCA. Its components are
described below in ASN.1 notation.


作者:阿群1986
链接:https://www.jianshu.com/p/a1c3ee349345
来源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
阅读(20) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~
评论热议
请登录后评论。

登录 注册