基于 gmssl实现的sm2加密(C++)(改进版)

此文章基于https://blog.csdn.net/hacker_lpy/article/details/124211114提供的方法,经过测试修正代码后,与https://the-x.cn/zh-cn/cryptography/Sm2.aspx提供的工具的加密解密数据一致。
大概做了如下变更:
1、修正SM2加密解密使用C1C3C2的顺序(手动调整的)。
2、修正SM2结果不正确的问题。
3、增加错误码信息的获取GmGetErrorMessage。
4、增加将公钥、私钥PEM字符串转十六进制字符串的方法。
5、增加将公钥十六进制转PEM字符串的方法。
但是私钥十六进制转字符串始终未能成功,如果有通过测试的朋友,请留言告知,不胜感激!

修改后的gmutil.cpp如下:

#include "../include/gmutil.h"
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

using namespace std;

/**
 * @brief 使用公钥/私钥数据获取EV_KEY对象
 * @param key 公钥/私钥数据
 * @param is_public 是否公钥
 * @return 失败返回NULL
 */
static EC_KEY *CreateEC(unsigned char *key, int is_public)
{
    EC_KEY *ec_key = NULL;
    BIO *keybio = NULL;
    keybio = BIO_new_mem_buf(key, -1);
    if (keybio == NULL)
    {
        printf("[BIO_new_mem_buf]->key len=%lu,Failed to Get Key", strlen((char *)key));
        return NULL;
    }

    if (is_public)
    {
        ec_key = PEM_read_bio_EC_PUBKEY(keybio, NULL, NULL, NULL);
    }
    else
    {
        ec_key = PEM_read_bio_ECPrivateKey(keybio, NULL, NULL, NULL);
    }

    if (ec_key == NULL)
    {
        printf("Failed to Get Key");
        BIO_free_all(keybio);
        return NULL;
    }

    BIO_free_all(keybio); // 此处是不是要free?
    return ec_key;
}

/**
 * @brief 加密
 *
 * @param strPubKey 公钥内容
 * @param strIn 原始字符串
 * @param strCiphertext 加密后内容
 * @return int 成功返回0,失败返回非零值
 */
int GmSm2Encrypt(string strPubKey, const string &strIn, string &strCiphertext)
{
    EC_KEY *evKey = CreateEC((unsigned char *)strPubKey.c_str(), 1);
    if (NULL == evKey)
    {
        return GM_UTIL_CODE_CREATE_EV_KEY_FAILED;
    }
    // 只支持默认的sm2p256v1椭圆曲线参数
    if (!EC_KEY_is_sm2p256v1(evKey))
    {
        EC_KEY_free(evKey);
        return GM_UTIL_CODE_NOT_SM2P256V1;
    }
    // 加密后的密文会比明文长97字节
    SM2CiphertextValue *cval = NULL;
    if (NULL == (cval = SM2_do_encrypt(EVP_sm3(), (const unsigned char *)strIn.c_str(), strIn.size(), evKey)))
    {
        EC_KEY_free(evKey);
        return GM_UTIL_CODE_SM2_ENCRYPT_FAILED;
    }

    const EC_GROUP *group = EC_KEY_get0_group(evKey);
    unsigned char *cipher_buf = (unsigned char *)malloc(strIn.size() + 97);
    unsigned char *cipher_text = cipher_buf;                                 // 因为i2o_SM2CiphertextValue会改掉指针(这是一个BUG)
    int cipher_text_len = i2o_SM2CiphertextValue(group, cval, &cipher_text); // 将标准密文cv转化为字符形式,存在cipher_buf中
    // C1 为随机产生的公钥,C2 为密文,与明文长度等长, C3 为 SM3 算法对明文数计算得到消息摘要,长度固定为 256 位
    // 转换成C1|C3|C2
    int c1Len = 65;
    int c2Len = strIn.size();
    int c3Len = 32;
    const char *buffer = (char *)cipher_buf;
    strCiphertext.assign(buffer, c1Len);
    strCiphertext.append(buffer + c1Len + c2Len, c3Len);
    strCiphertext.append(buffer + c1Len, c2Len);
    // 释放内存
    SM2CiphertextValue_free(cval);
    EC_KEY_free(evKey);
    free(cipher_buf);
    return GM_UTIL_CODE_OK;
}

/**
 * @brief SM2解密
 *
 * @param strPriKey 私钥字符串
 * @param strCiphertext 已加密的内容,顺序为C1|C3|C2
 * @param strOut 解密后的原始字符串
 * @return int 成功返回0,失败返回非零值
 */
int GmSm2Decrypt(string strPriKey, const string &strCiphertext, string &strOut)
{
    EC_KEY *evKey = CreateEC((unsigned char *)strPriKey.c_str(), 0);
    if (NULL == evKey)
    {
        return GM_UTIL_CODE_CREATE_EV_KEY_FAILED;
    }
    // 只支持默认的sm2p256v1椭圆曲线参数
    if (!EC_KEY_is_sm2p256v1(evKey))
    {
        EC_KEY_free(evKey);
        return GM_UTIL_CODE_NOT_SM2P256V1;
    }
    const EVP_MD *md = EVP_sm3();
    const EC_GROUP *group = EC_KEY_get0_group(evKey);
    // 顺序从C1|C3|C2改回C1|C2|C3
    int c1Len = 65;
    int c3Len = 32;
    int c2Len = strCiphertext.size() - c1Len - c3Len;
    if (c2Len < 0)
    {
        EC_KEY_free(evKey);
        return GM_UTIL_CODE_SM2_NOT_VALID_CIPHER;
    }
    const char *buffer = strCiphertext.c_str();
    string c1c2c3Cipher;
    if (buffer[0] != 0x04)
    {
        c1Len--;
        c2Len++;
        c1c2c3Cipher.append(1, 0x04);
    }
    c1c2c3Cipher.append(buffer, c1Len);                 // C1
    c1c2c3Cipher.append(buffer + c1Len + c3Len, c2Len); // C2
    c1c2c3Cipher.append(buffer + c1Len, c3Len);         // C3
    // cout << c1Len << " " << c2Len << " " << c3Len << endl;
    const unsigned char *data = (const unsigned char *)c1c2c3Cipher.c_str();
    SM2CiphertextValue *cval = o2i_SM2CiphertextValue(group, md, NULL, &data, c1c2c3Cipher.size());
    unsigned char *outbuff = (unsigned char *)malloc(c1c2c3Cipher.size() - 97);
    size_t outlen = 0;
    if (0 == SM2_do_decrypt(md, cval, outbuff, &outlen, evKey))
    {
        SM2CiphertextValue_free(cval);
        EC_KEY_free(evKey);
        return GM_UTIL_CODE_SM2_DECRYPT_FAILED;
    }
    strOut.assign((char *)outbuff, outlen);
    // 释放内存
    SM2CiphertextValue_free(cval);
    EC_KEY_free(evKey);
    return GM_UTIL_CODE_OK;
}

static streamsize Read(istream &stream, char *buffer, streamsize count)
{
    streamsize reads = stream.rdbuf()->sgetn(buffer, count);
    stream.rdstate();
    stream.peek();
    return reads;
}

string GmReadKeyFromFile(string strFileName)
{
    fstream myfile;
    myfile.open(strFileName, ifstream::in | ifstream::binary);
    if (!myfile.is_open())
    {
        return "";
    }

    char buff[1024];
    ostringstream oss;
    int len;
    while (!myfile.eof())
    {
        size_t read = Read(myfile, buff, sizeof(buff));
        oss << string(buff, read);
    }

    myfile.close();
    return oss.str();
}

static char sDigit1[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
static char sDigit2[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
string GmByte2HexStr(const string &data, bool bLowerCase)
{
    char *sDigit = sDigit1;
    if (!bLowerCase)
    {
        sDigit = sDigit2;
    }
    const char *pData = data.c_str();
    char cTemp;
    string strHex;
    for (unsigned int i = 0; i < data.size(); i++)
    {
        cTemp = *pData;
        pData++;
        strHex += sDigit[(cTemp >> 4) & 0x0F];
        strHex += sDigit[cTemp & 0x0F];
    }

    return strHex;
}

string GmHexStr2Byte(const string &hex, bool bLowerCase)
{
    if (hex.size() % 2 != 0)
    {
        // 十六进制字符串必须是偶数长度
        return "";
    }

    char chA = 'a';
    if (!bLowerCase)
    {
        chA = 'A';
    }

    ostringstream oss;
    for (int i = 0; i < hex.size(); i += 2)
    {
        unsigned int highBit;
        if (hex[i] >= '0' && hex[i] <= '9')
        {
            highBit = hex[i] - '0';
        }
        else
        {
            highBit = hex[i] - chA + 10;
        }
        unsigned int lowBit;
        if (hex[i + 1] >= '0' && hex[i + 1] <= '9')
        {
            lowBit = hex[i + 1] - '0';
        }
        else
        {
            lowBit = hex[i + 1] - chA + 10;
        }
        unsigned char ch = (highBit << 4) + lowBit;
        oss << ch;
    }

    return oss.str();
}

// 根据错误码获取错误信息
string GmGetErrorMessage(int code)
{
    const char *msgs[] = {
        "成功",
        "密钥解析失败",
        "SM2加密失败",
        "SM2解密失败",
        "不是SM2加密结果",
        "不是默认的sm2p256v1椭圆曲线参数",
        "初始化BIO失败",
        "加密数据存储到BIO失败",
        "BIO数据转存到缓冲区失败",
        "BIO数据转成Ciphertext结构失败",
    };
    int size = sizeof msgs / sizeof(char *);
    string msgstr = (code < size && code >= 0) ? msgs[code] : "未知错误";
    return string("(") + to_string(code) + ")" + msgstr;
}

string Sm2PubKeyPem2Hex(const string &pemPubKeyStr)
{
    EC_KEY *eckey = CreateEC((unsigned char *)pemPubKeyStr.c_str(), 1);
    if (!eckey)
        return "";

    EC_POINT *pub_key;
    unsigned char pubbuf[1024] = {0};
    pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
    EC_GROUP *group = (EC_GROUP *)EC_KEY_get0_group(eckey);
    int buflen = EC_POINT_point2oct(group, pub_key, EC_KEY_get_conv_form(eckey), pubbuf, sizeof(pubbuf), NULL);

    BIGNUM *pub_key_BIGNUM;
    pub_key_BIGNUM = BN_new();
    BN_bin2bn(pubbuf, buflen, pub_key_BIGNUM);
    string hexKey = BN_bn2hex(pub_key_BIGNUM);
    BN_free(pub_key_BIGNUM);
    return hexKey;
}

string Sm2PriKeyPem2Hex(const string &pemPriKeyStr)
{
    EC_KEY *eckey = CreateEC((unsigned char *)pemPriKeyStr.c_str(), 0);
    if (!eckey)
        return "";
    BIGNUM *private_key;
    private_key = BN_new();
    private_key = (BIGNUM *)EC_KEY_get0_private_key(eckey);
    string hexKey = BN_bn2hex(private_key);
    BN_free(private_key);

    return hexKey;
}

string Sm2PubKeyHex2Pem(const string &hex)
{
    ERR_load_crypto_strings();
    EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_sm2p256v1);
    if (!eckey)
    {
        return "";
    }
    EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
    string bytes = GmHexStr2Byte(hex, false);
    const unsigned char *ptr = (const unsigned char *)bytes.c_str();
    if (!o2i_ECPublicKey(&eckey, &ptr, bytes.size()))
    {
        return "";
    }
    EVP_PKEY *pkey = EVP_PKEY_new();
    if (!EVP_PKEY_assign_EC_KEY(pkey, eckey))
    {
        return "";
    }

    BIO *bio = BIO_new(BIO_s_mem());
    if (!PEM_write_bio_PUBKEY(bio, pkey))
    {
        return "";
    }
    char *pemKey = NULL;
    long len = BIO_get_mem_data(bio, &pemKey);
    string str(pemKey, len);
    return str;
}

修改后的gmutil.h如下:

#ifndef __GM_UTIL_H__
#define __GM_UTIL_H__
#include 
using namespace std;

#ifdef _WIN32
#define UNIX_EXPORT
#else
#define UNIX_EXPORT __attribute__((visibility("default")))
#endif
// namespace GM
//{

// 错误码
enum EGMErrorCode
{
    GM_UTIL_CODE_OK = 0,
    GM_UTIL_CODE_CREATE_EV_KEY_FAILED,           // 密钥解析失败
    GM_UTIL_CODE_SM2_ENCRYPT_FAILED,             // SM2加密失败
    GM_UTIL_CODE_SM2_DECRYPT_FAILED,             // SM2解密失败
    GM_UTIL_CODE_SM2_NOT_VALID_CIPHER,           // 不是SM2加密结果
    GM_UTIL_CODE_NOT_SM2P256V1,                  // 不是默认的sm2p256v1椭圆曲线参数
    GM_UTIL_CODE_INIT_BIO_FAILED,                // 初始化BIO失败
    GM_UTIL_CODE_CIPHER_TEXT_TO_BIO_FAILED,      // 加密数据存储到BIO失败
    GM_UTIL_CODE_BIO_DATA_TO_MEM_FAILED,         // BIO数据转存到缓冲区失败
    GM_UTIL_CODE_BIO_DATA_TO_CIPHER_TEXT_FAILED, // BIO数据转成Ciphertext结构失败
};

extern "C"
{
    // 从文件中读入公钥/私钥数据到string中,失败返回空字符串
    UNIX_EXPORT string GmReadKeyFromFile(string strFileName);

    /**
     * @brief sm2加密,使用默认的椭圆曲线参数(NID_sm2p256v1),ASN.1/DER编码方式(C1|C3|C2编码方式) ,哈希(杂凑)算法使用sm3
     * @param strPubKey 公钥数据
     * @param strIn 需要加密的数据
     * @param strCiphertext 密文,加密后的密文不是可见字符
     * @return 返回GM_UTIL_ERR_OK表示加密成功,否则失败,具体见EGMErrorCode定义
     */
    UNIX_EXPORT int GmSm2Encrypt(string strPubKey, const string &strIn, string &strCiphertext);

    /**
     * @brief sm2解密,使用默认的椭圆曲线参数(NID_sm2p256v1),ASN.1/DER编码方式(C1|C3|C2编码方式),哈希(杂凑)算法使用sm3
     * @param strPubKeyFile 私钥数据
     * @param strCiphertext 需要解密的数据(不是可见字符)
     * @param strOut 解密后的明文
     * @return 返回GM_UTIL_ERR_OK表示解密成功,否则失败,具体见EGMErrorCode定义
     */
    UNIX_EXPORT int GmSm2Decrypt(string strPriKey, const string &strCiphertext, string &strOut);

    // 将二进制数据转换成十六进制字符串
    UNIX_EXPORT string GmByte2HexStr(const string &data, bool bLowerCase = true);

    // 将十六进制字符串转换成二进制
    UNIX_EXPORT string GmHexStr2Byte(const string &hex, bool bLowerCase = true);

    UNIX_EXPORT string GmGetErrorMessage(int code); // 根据错误码获取错误信息

    UNIX_EXPORT string Sm2PubKeyPem2Hex(const string &pemPubKeyStr);
    UNIX_EXPORT string Sm2PriKeyPem2Hex(const string &pemPriKeyStr);
    UNIX_EXPORT string Sm2PubKeyHex2Pem(const string &hex);
}

// } // namespace GM
#endif // end __GM_UTIL_H__

测试代码如下:

#include "gmutil.h"
#include 
#include 

int main(int argc, char** argv)
{
    string strPriKey = GmReadKeyFromFile("sm2_server_private_key.key");
    string strPubKey = GmReadKeyFromFile("sm2_server_public_key.key");
    cout << "HexPubKey: " << Sm2PubKeyPem2Hex(strPubKey) << endl;
    cout << "HexPriKey: " << Sm2PriKeyPem2Hex(strPriKey) << endl;
    cout << "PemPubKey: " << endl << Sm2PubKeyHex2Pem(Sm2PubKeyPem2Hex(strPubKey)) << endl;
    string strText = "登录密码";
    string strCipher;
    string strOut;
    std::cout << "plaintext: " << strText << std::endl;
    int nRet = GmSm2Encrypt(strPubKey, strText, strCipher);
    if (GM_UTIL_CODE_OK != nRet)
    {
        cout << "GmSm2Encrypt fail" << endl;
        return -1;
    }
	cout << "Chipher size: " << strCipher.size() << endl;
    string strCipherTextHex = GmByte2HexStr(strCipher);
    cout << "hex ciper Hex: " << strCipherTextHex << endl;

    strCipherTextHex = "049dc20e2fc3fa7ae2d325a4dc23f9e400f1a945f3dad3b62822d176ed8a9f204af9f585ef36b8fdfd6f91eb1dfb515fcff8c5a18cd0f94d38a3e2b5566e2cf8eeadaa20d608955522f2b09ea525ddd7fb68e6a18df585dea1080be35c3638992ca7d91372bcfd56f48d98991b53e22b3b78f010ae42d6195976ef7bd9914fb79d";
    string strCipher1 = GmHexStr2Byte(strCipherTextHex);
    nRet = GmSm2Decrypt(strPriKey, strCipher1, strOut);
    if (GM_UTIL_CODE_OK != nRet)
    {
        cout << "GmSm2Decrypt fail" << endl;
        return -1;
    }
    std::cout << "after decrypt: " << strOut << std::endl;

    return 0;
}

将上述三个文件替换掉该项目中的相应文件,make即可得到libgmutil.so和test文件。

你可能感兴趣的:(c++,算法,开发语言)