铜锁密码库

BabaSSL

介绍

BabaSSL是一款轻巧、灵活且靠谱的密码学和TLS协议工具集。BabaSSL是蚂蚁集团和阿里集团的各主要业务中所使用的底层密码库，现在开源出来供业界使用。BabaSSL广泛的应用在包括网络、存储、移动端App等场景中。

BabaSSL 是 OpenSSL 的衍生版，内部支持了很多椭圆曲线算法的实现。

网站：https://www.babassl.cn/

github：https://github.com/Tongsuo-Project/Tongsuo

文档：https://babassl.readthedocs.io/zh/latest/

实现功能：

• 密码学算法
  • 中国商用密码算法：SM2、SM3、SM4、祖冲之等
  • 国际主流算法：ECDSA、RSA、AES、SHA等
  • 同态加密算法：EC-ElGamal、Paillier*等
  • 后量子密码学*：LAC、NTRU、Saber、Dilithium等
• 安全通信协议
  • 支持GB/T 38636-2020 TLCP标准，即双证书国密通信协议
  • 支持RFC 8998，即TLS 1.3 + 国密单证书
  • 支持QUIC API
  • 支持Delegated Credentials功能，基于draft-ietf-tls-subcerts-10
  • 支持TLS证书压缩
  • 支持紧凑TLS协议*

安装

参考：https://tongsuo.readthedocs.io/zh/latest/Tutorial/PHE/ec-elgamal-sample/

• 下载

git clone [email protected]:Tongsuo-Project/Tongsuo.git

• 编译

# 编译参数需要加上：enable-ec_elgamal，我这里是在 macOS 系统上编译，所以是 darwin64-x86_64-cc，其他系统需要切换一下
./Configure darwin64-x86_64-cc --debug no-shared no-threads enable-ec_elgamal --strict-warnings -fPIC --prefix=/usr/local/tongsuo-debug

# 编译
make -j4

# 安装到目录 /usr/local/tongsuo-debug
sudo make install

• Demo(ec_elgamal_test.c)

#include <stdio.h>
#include <time.h>
#include <openssl/ec.h>
#include <openssl/pem.h>

#define CLOCKS_PER_MSEC (CLOCKS_PER_SEC/1000)

int main(int argc, char *argv[])
{
    int ret = -1;
    uint32_t r;
    //密钥生成
    clock_t begin, end;
    EC_KEY *sk_eckey = NULL, *pk_eckey = NULL;
    EC_ELGAMAL_CTX *ctx1 = NULL, *ctx2 = NULL;
    EC_ELGAMAL_CIPHERTEXT *c1 = NULL, *c2 = NULL, *c3 = NULL;
    EC_ELGAMAL_DECRYPT_TABLE *table = NULL;
    FILE *pk_file = fopen("ec-pk.pem", "rb");
    FILE *sk_file = fopen("ec-sk.pem", "rb");
    if ((pk_eckey = PEM_read_EC_PUBKEY(pk_file, NULL, NULL, NULL)) == NULL)
        goto err;
    if ((sk_eckey = PEM_read_ECPrivateKey(sk_file, NULL, NULL, NULL)) == NULL)
        goto err;

    if ((ctx1 = EC_ELGAMAL_CTX_new(pk_eckey)) == NULL)
        goto err;
    if ((ctx2 = EC_ELGAMAL_CTX_new(sk_eckey)) == NULL)
        goto err;

    //创建解密表
    begin = clock();
    if ((table = EC_ELGAMAL_DECRYPT_TABLE_new(ctx2, 0)) == NULL)
        goto err;

    EC_ELGAMAL_CTX_set_decrypt_table(ctx2, table);
    end = clock();
    printf("EC_ELGAMAL_DECRYPT_TABLE_new(1) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    if ((c1 = EC_ELGAMAL_CIPHERTEXT_new(ctx1)) == NULL)
        goto err;
    if ((c2 = EC_ELGAMAL_CIPHERTEXT_new(ctx1)) == NULL)
        goto err;

    //加密20000021
    begin = clock();
    if (!EC_ELGAMAL_encrypt(ctx1, c1, 20000021))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_encrypt(20000021) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    //加密500
    begin = clock();
    if (!EC_ELGAMAL_encrypt(ctx1, c2, 500))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_encrypt(500) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    if ((c3 = EC_ELGAMAL_CIPHERTEXT_new(ctx1)) == NULL)
        goto err;

    //密文相加：20000021+500
    begin = clock();
    if (!EC_ELGAMAL_add(ctx1, c3, c1, c2))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_add(C2000021,C500) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    //解密：20000021+500
    begin = clock();
    if (!(EC_ELGAMAL_decrypt(ctx2, &r, c3)))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_decrypt(C20000021,C500) result: %d, cost: %lfms\n", r, (double)(end - begin)/CLOCKS_PER_MSEC);

    //标量乘：500*800
    begin = clock();
    if (!EC_ELGAMAL_mul(ctx1, c3, c2, 800))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_mul(C500,800) cost: %lfms\n", (double)(end - begin)/CLOCKS_PER_MSEC);

    //解密：500*800
    begin = clock();
    if (!(EC_ELGAMAL_decrypt(ctx2, &r, c3)))
        goto err;
    end = clock();
    printf("EC_ELGAMAL_decrypt(C500,800) result: %d, cost: %lfms\n", r, (double)(end - begin)/CLOCKS_PER_MSEC);

    //将密文500*800编码为二进制文件
    printf("EC_ELGAMAL_CIPHERTEXT_encode size: %zu\n", EC_ELGAMAL_CIPHERTEXT_encode(ctx2, NULL, 0, NULL, 1));

    ret = 0;
    err:
    EC_KEY_free(sk_eckey);
    EC_KEY_free(pk_eckey);
    EC_ELGAMAL_DECRYPT_TABLE_free(table);
    EC_ELGAMAL_CIPHERTEXT_free(c1);
    EC_ELGAMAL_CIPHERTEXT_free(c2);
    EC_ELGAMAL_CIPHERTEXT_free(c3);
    EC_ELGAMAL_CTX_free(ctx1);
    EC_ELGAMAL_CTX_free(ctx2);
    fclose(sk_file);
    fclose(pk_file);
    return ret;
}

• 编译demo

gcc -Wall -g -o ec_elgamal_test ./ec_elgamal_test.c -I/usr/local/tongsuo-debug/include -L/usr/local/tongsuo-debug/lib -lssl -lcrypto

• 生成公私钥

# 先生成私钥，这里生成的是 SM2 曲线的私钥
/usr/local/tongsuo-debug/bin/openssl ecparam -genkey -name SM2 -out ec-sk.pem
# 用私钥生成公钥
/usr/local/tongsuo-debug/bin/openssl ec -in ./ec-sk.pem -pubout -out ec-pk.pem

• 运行

./ec_elgamal_test
EC_ELGAMAL_DECRYPT_TABLE_new(1) cost: 2410.917000ms
EC_ELGAMAL_encrypt(20000021) cost: 1.605000ms
EC_ELGAMAL_encrypt(500) cost: 1.547000ms
EC_ELGAMAL_add(C2000021,C500) cost: 0.019000ms
EC_ELGAMAL_decrypt(C20000021,C500) result: 20000521, cost: 12.281000ms
EC_ELGAMAL_mul(C500,800) cost: 2.257000ms
EC_ELGAMAL_decrypt(C500,800) result: 400000, cost: 1.216000ms
EC_ELGAMAL_CIPHERTEXT_encode size: 66

• 注意

EC_ELGAMAL_DECRYPT_TABLE_new 函数第二个参数（0不支持，1支持）指定是否支持负数解密（为 1 时表示该解密表可以解密负数，初始化解密表时将可能的负数运算后插入到 hash 中），如果支持负数解密会影响解密性能，因为查询解密表的次数变多了，以及点的运算变多了，同时构造支持负数的解密表需要的时间也比较长。如下是支持负数解密的运行结果：

EC_ELGAMAL_DECRYPT_TABLE_new(1) cost: 114581.404000ms
EC_ELGAMAL_encrypt(20000021) cost: 1.806000ms
EC_ELGAMAL_encrypt(500) cost: 1.783000ms
EC_ELGAMAL_add(C2000021,C500) cost: 0.011000ms
EC_ELGAMAL_decrypt(C20000021,C500) result: 20000521, cost: 532.148000ms
EC_ELGAMAL_mul(C500,800) cost: 1.759000ms
EC_ELGAMAL_decrypt(C500,800) result: 400000, cost: 292.958000ms
EC_ELGAMAL_CIPHERTEXT_encode size: 66