当前位置:网站首页>铜锁密码库

铜锁密码库

2022-08-10 15:37:00 PamShao

BabaSSL

介绍

BabaSSL是一款轻巧、灵活且靠谱的密码学和TLS协议工具集。BabaSSL是蚂蚁集团和阿里集团的各主要业务中所使用的底层密码库,现在开源出来供业界使用。BabaSSL广泛的应用在包括网络、存储、移动端App等场景中。

BabaSSL 是 OpenSSL 的衍生版,内部支持了很多椭圆曲线算法的实现。

网站:https://www.babassl.cn/

github:https://github.com/Tongsuo-Project/Tongsuo

文档:https://babassl.readthedocs.io/zh/latest/

实现功能:

  • 密码学算法
    • 中国商用密码算法:SM2、SM3、SM4、祖冲之等
    • 国际主流算法:ECDSA、RSA、AES、SHA等
    • 同态加密算法:EC-ElGamal、Paillier*等
    • 后量子密码学*:LAC、NTRU、Saber、Dilithium等
  • 安全通信协议
    • 支持GB/T 38636-2020 TLCP标准,即双证书国密通信协议
    • 支持RFC 8998,即TLS 1.3 + 国密单证书
    • 支持QUIC API
    • 支持Delegated Credentials功能,基于draft-ietf-tls-subcerts-10
    • 支持TLS证书压缩
    • 支持紧凑TLS协议*

安装

参考:https://tongsuo.readthedocs.io/zh/latest/Tutorial/PHE/ec-elgamal-sample/

  • 下载
git clone [email protected]:Tongsuo-Project/Tongsuo.git
  • 编译
# 编译参数需要加上:enable-ec_elgamal,我这里是在 macOS 系统上编译,所以是 darwin64-x86_64-cc,其他系统需要切换一下
./Configure darwin64-x86_64-cc --debug no-shared no-threads enable-ec_elgamal --strict-warnings -fPIC --prefix=/usr/local/tongsuo-debug

# 编译
make -j4

# 安装到目录 /usr/local/tongsuo-debug
sudo make install
  • Demo(ec_elgamal_test.c)
#include <stdio.h>
#include <time.h>
#include <openssl/ec.h>
#include <openssl/pem.h>

#define CLOCKS_PER_MSEC (CLOCKS_PER_SEC/1000)

int main(int argc, char *argv[])
{
    int ret = -1;
    uint32_t r;
    //密钥生成
    clock_t begin, end;
    EC_KEY *sk_eckey = NULL, *pk_eckey = NULL;
    EC_ELGAMAL_CTX *ctx1 = NULL, *ctx2 = NULL;
    EC_ELGAMAL_CIPHERTEXT *c1 = NULL, *c2 = NULL, *c3 = NULL;
    EC_ELGAMAL_DECRYPT_TABLE *table = NULL;
    FILE *pk_file = fopen("ec-pk.pem", "rb");
    FILE *sk_file = fopen("ec-sk.pem", "rb");
    if ((pk_eckey = PEM_read_EC_PUBKEY(pk_file, NULL, NULL, NULL)) == NULL)
        goto err;
    if ((sk_eckey = PEM_read_ECPrivateKey(sk_file, NULL, NULL, NULL)) == NULL)
        goto err;

    if ((ctx1 = EC_ELGAMAL_CTX_new(pk_eckey)) == NULL)
        goto err;
    if ((ctx2 = EC_ELGAMAL_CTX_new(sk_eckey)) == NULL)
        goto err;

    //创建解密表
    begin = clock();
    if ((table = EC_ELGAMAL_DECRYPT_TABLE_new(ctx2, 0)) == NULL)
        goto err;

    EC_ELGAMAL_CTX_set_decrypt_table(ctx2, table);
    end = clock();
    printf("EC_ELGAMAL_DECRYPT_TABLE_new(1) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    if ((c1 = EC_ELGAMAL_CIPHERTEXT_new(ctx1)) == NULL)
        goto err;
    if ((c2 = EC_ELGAMAL_CIPHERTEXT_new(ctx1)) == NULL)
        goto err;

    //加密20000021
    begin = clock();
    if (!EC_ELGAMAL_encrypt(ctx1, c1, 20000021))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_encrypt(20000021) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    //加密500
    begin = clock();
    if (!EC_ELGAMAL_encrypt(ctx1, c2, 500))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_encrypt(500) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    if ((c3 = EC_ELGAMAL_CIPHERTEXT_new(ctx1)) == NULL)
        goto err;

    //密文相加:20000021+500
    begin = clock();
    if (!EC_ELGAMAL_add(ctx1, c3, c1, c2))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_add(C2000021,C500) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    //解密:20000021+500
    begin = clock();
    if (!(EC_ELGAMAL_decrypt(ctx2, &r, c3)))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_decrypt(C20000021,C500) result: %d, cost: %lfms\n", r, (double)(end - begin)/CLOCKS_PER_MSEC);

    //标量乘:500*800
    begin = clock();
    if (!EC_ELGAMAL_mul(ctx1, c3, c2, 800))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_mul(C500,800) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    //解密:500*800
    begin = clock();
    if (!(EC_ELGAMAL_decrypt(ctx2, &r, c3)))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_decrypt(C500,800) result: %d, cost: %lfms\n", r, (double)(end - begin)/CLOCKS_PER_MSEC);

    //将密文500*800编码为二进制文件
    printf("EC_ELGAMAL_CIPHERTEXT_encode size: %zu\n", EC_ELGAMAL_CIPHERTEXT_encode(ctx2, NULL, 0, NULL, 1));

    ret = 0;
    err:
    EC_KEY_free(sk_eckey);
    EC_KEY_free(pk_eckey);
    EC_ELGAMAL_DECRYPT_TABLE_free(table);
    EC_ELGAMAL_CIPHERTEXT_free(c1);
    EC_ELGAMAL_CIPHERTEXT_free(c2);
    EC_ELGAMAL_CIPHERTEXT_free(c3);
    EC_ELGAMAL_CTX_free(ctx1);
    EC_ELGAMAL_CTX_free(ctx2);
    fclose(sk_file);
    fclose(pk_file);
    return ret;
}
  • 编译demo
gcc -Wall -g -o ec_elgamal_test ./ec_elgamal_test.c -I/usr/local/tongsuo-debug/include -L/usr/local/tongsuo-debug/lib -lssl -lcrypto
  • 生成公私钥
# 先生成私钥,这里生成的是 SM2 曲线的私钥
/usr/local/tongsuo-debug/bin/openssl ecparam -genkey -name SM2 -out ec-sk.pem
# 用私钥生成公钥
/usr/local/tongsuo-debug/bin/openssl ec -in ./ec-sk.pem -pubout -out ec-pk.pem
  • 运行
./ec_elgamal_test
EC_ELGAMAL_DECRYPT_TABLE_new(1) cost: 2410.917000ms
EC_ELGAMAL_encrypt(20000021) cost: 1.605000ms
EC_ELGAMAL_encrypt(500) cost: 1.547000ms
EC_ELGAMAL_add(C2000021,C500) cost: 0.019000ms
EC_ELGAMAL_decrypt(C20000021,C500) result: 20000521, cost: 12.281000ms
EC_ELGAMAL_mul(C500,800) cost: 2.257000ms
EC_ELGAMAL_decrypt(C500,800) result: 400000, cost: 1.216000ms
EC_ELGAMAL_CIPHERTEXT_encode size: 66
  • 注意

EC_ELGAMAL_DECRYPT_TABLE_new 函数第二个参数(0不支持,1支持)指定是否支持负数解密(为 1 时表示该解密表可以解密负数,初始化解密表时将可能的负数运算后插入到 hash 中),如果支持负数解密会影响解密性能,因为查询解密表的次数变多了,以及点的运算变多了,同时构造支持负数的解密表需要的时间也比较长。如下是支持负数解密的运行结果:

EC_ELGAMAL_DECRYPT_TABLE_new(1) cost: 114581.404000ms
EC_ELGAMAL_encrypt(20000021) cost: 1.806000ms
EC_ELGAMAL_encrypt(500) cost: 1.783000ms
EC_ELGAMAL_add(C2000021,C500) cost: 0.011000ms
EC_ELGAMAL_decrypt(C20000021,C500) result: 20000521, cost: 532.148000ms
EC_ELGAMAL_mul(C500,800) cost: 1.759000ms
EC_ELGAMAL_decrypt(C500,800) result: 400000, cost: 292.958000ms
EC_ELGAMAL_CIPHERTEXT_encode size: 66
原网站

版权声明
本文为[PamShao]所创,转载请带上原文链接,感谢
https://www.cnblogs.com/pam-sh/p/16572542.html