本文介绍: 从内存中的DER共钥数据构造pub_key, 用公钥加密明文, 输出密文. 非对称加密从内存中的DER私钥数据构造priv_key, 用私钥解密密文, 输出铭文, 非对称解密使用的哪种非堆成加解密算法是生成证书中指定的.在从DER证书中构造key时, 也要指定RSA参数.在加解密初始化, 要设置RSA相关参数加解密之前, 都有API可以从要操作的数据长度估算出操作后的数据长度这个例子演示了从内存中拿数据来进行非对称加解密, 避免了公钥/私钥数据落地。

openssl3.2 – 官方demo学习 – encrypt – rsa_encrypt.c

概述

从内存中的DER共钥数据构造pub_key, 用公钥加密明文, 输出密文. 非对称加密
从内存中的DER私钥数据构造priv_key, 用私钥解密密文, 输出明文, 非对称解密
使用的哪种非堆成加解密算法是生成证书中指定的.
在从DER证书中构造key时, 也要指定RSA参数.
在加解密初始化, 要设置RSA相关参数
加解密之前, 都有API可以从要操作的数据长度估算出操作后的数据长度
这个例子演示了从内存中拿数据来进行非对称加解密, 避免了公钥/私钥数据落地

笔记

/*!
file rsa_encrypt.c
note openssl3.2 - 官方demo学习 - encrypt - rsa_encrypt.c
从内存中的DER共钥数据构造pub_key, 用公钥加密明文, 输出密文. 非对称加密
从内存中的DER私钥数据构造priv_key, 用私钥解密密文, 输出铭文, 非对称解密
使用的哪种非堆成加解密算法是生成证书中指定的.
在从DER证书中构造key时, 也要指定RSA参数.
在加解密初始化, 要设置RSA相关参数
加解密之前, 都有API可以从要操作的数据长度估算出操作后的数据长度
这个例子演示了从内存中拿数据来进行非对称加解密, 避免了公钥/私钥数据落地
*/

/*-
 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

 /*
  * An example that uses EVP_PKEY_encrypt and EVP_PKEY_decrypt methods
  * to encrypt and decrypt data using an RSA keypair.
  * RSA encryption produces different encrypted output each time it is run,
  * hence this is not a known answer test.
  */

#include <stdio.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/decoder.h>
#include <openssl/core_names.h>
#include "rsa_encrypt.h"

#include "my_openSSL_lib.h"

  /* Input data to encrypt */
static const unsigned char msg[] =
"To be, or not to be, that is the question,n"
"Whether tis nobler in the minde to suffern"
"The slings and arrowes of outragious fortune,n"
"Or to take Armes again in a sea of troubles";

/*
 * For do_encrypt(), load an RSA public key from pub_key_der[].
 * For do_decrypt(), load an RSA private key from priv_key_der[].
 */
static EVP_PKEY* get_key(OSSL_LIB_CTX* libctx, const char* propq, int public)
{
	OSSL_DECODER_CTX* dctx = NULL;
	EVP_PKEY* pkey = NULL;
	int selection;
	const unsigned char* data;
	size_t data_len;

	if (public) {
		selection = EVP_PKEY_PUBLIC_KEY;
		data = g_pub_key_der;
		data_len = sizeof(g_pub_key_der);
	}
	else {
		selection = EVP_PKEY_KEYPAIR;
		data = g_priv_key_der;
		data_len = sizeof(g_priv_key_der);
	}
	dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "RSA",
		selection, libctx, propq);
	(void)OSSL_DECODER_from_data(dctx, &data, &data_len);
	OSSL_DECODER_CTX_free(dctx);
	return pkey;
}

/* Set optional parameters for RSA OAEP Padding */
static void set_optional_params(OSSL_PARAM* p, const char* propq)
{
	static unsigned char label[] = "label";

	/* "pkcs1" is used by default if the padding mode is not set */
	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
		OSSL_PKEY_RSA_PAD_MODE_OAEP, 0);
	/* No oaep_label is used if this is not set */
	*p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL,
		label, sizeof(label));
	/* "SHA1" is used if this is not set */
	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
		"SHA256", 0);
	/*
	 * If a non default property query needs to be specified when fetching the
	 * OAEP digest then it needs to be specified here.
	 */
	if (propq != NULL)
		*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS,
			(char*)propq, 0);

	/*
	 * OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST and
	 * OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS can also be optionally added
	 * here if the MGF1 digest differs from the OAEP digest.
	 */

	*p = OSSL_PARAM_construct_end();
}

/*
 * The length of the input data that can be encrypted is limited by the
 * RSA key length minus some additional bytes that depends on the padding mode.
 *
 */
static int do_encrypt(OSSL_LIB_CTX* libctx,
	const unsigned char* in, size_t in_len,
	unsigned char** out, size_t* out_len)
{
	int ret = 0, public = 1;
	size_t buf_len = 0;
	unsigned char* buf = NULL;
	const char* propq = NULL;
	EVP_PKEY_CTX* ctx = NULL;
	EVP_PKEY* pub_key = NULL;
	OSSL_PARAM params[5];

	/* Get public key */
	pub_key = get_key(libctx, propq, public);
	if (pub_key == NULL) {
		fprintf(stderr, "Get public key failed.n");
		goto cleanup;
	}
	ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub_key, propq);
	if (ctx == NULL) {
		fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed.n");
		goto cleanup;
	}
	set_optional_params(params, propq);
	/* If no optional parameters are required then NULL can be passed */
	if (EVP_PKEY_encrypt_init_ex(ctx, params) <= 0) {
		fprintf(stderr, "EVP_PKEY_encrypt_init_ex() failed.n");
		goto cleanup;
	}
	/* Calculate the size required to hold the encrypted data */
	if (EVP_PKEY_encrypt(ctx, NULL, &buf_len, in, in_len) <= 0) {
		fprintf(stderr, "EVP_PKEY_encrypt() failed.n");
		goto cleanup;
	}
	buf = OPENSSL_zalloc(buf_len);
	if (buf == NULL) {
		fprintf(stderr, "Malloc failed.n");
		goto cleanup;
	}
	if (EVP_PKEY_encrypt(ctx, buf, &buf_len, in, in_len) <= 0) {
		fprintf(stderr, "EVP_PKEY_encrypt() failed.n");
		goto cleanup;
	}
	*out_len = buf_len;
	*out = buf;
	fprintf(stdout, "Encrypted:n");
	BIO_dump_indent_fp(stdout, buf, (int)buf_len, 2);
	fprintf(stdout, "n");
	ret = 1;

cleanup:
	if (!ret)
		OPENSSL_free(buf);
	EVP_PKEY_free(pub_key);
	EVP_PKEY_CTX_free(ctx);
	return ret;
}

static int do_decrypt(OSSL_LIB_CTX* libctx, const char* in, size_t in_len,
	unsigned char** out, size_t* out_len)
{
	int ret = 0, public = 0;
	size_t buf_len = 0;
	unsigned char* buf = NULL;
	const char* propq = NULL;
	EVP_PKEY_CTX* ctx = NULL;
	EVP_PKEY* priv_key = NULL;
	OSSL_PARAM params[5];

	/* Get private key */
	priv_key = get_key(libctx, propq, public);
	if (priv_key == NULL) {
		fprintf(stderr, "Get private key failed.n");
		goto cleanup;
	}
	ctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv_key, propq);
	if (ctx == NULL) {
		fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed.n");
		goto cleanup;
	}

	/* The parameters used for encryption must also be used for decryption */
	set_optional_params(params, propq);
	/* If no optional parameters are required then NULL can be passed */
	if (EVP_PKEY_decrypt_init_ex(ctx, params) <= 0) {
		fprintf(stderr, "EVP_PKEY_decrypt_init_ex() failed.n");
		goto cleanup;
	}
	/* Calculate the size required to hold the decrypted data */
	if (EVP_PKEY_decrypt(ctx, NULL, &buf_len, in, in_len) <= 0) {
		fprintf(stderr, "EVP_PKEY_decrypt() failed.n");
		goto cleanup;
	}
	buf = OPENSSL_zalloc(buf_len);
	if (buf == NULL) {
		fprintf(stderr, "Malloc failed.n");
		goto cleanup;
	}
	if (EVP_PKEY_decrypt(ctx, buf, &buf_len, in, in_len) <= 0) {
		fprintf(stderr, "EVP_PKEY_decrypt() failed.n");
		goto cleanup;
	}
	*out_len = buf_len;
	*out = buf;
	fprintf(stdout, "Decrypted:n");
	BIO_dump_indent_fp(stdout, buf, (int)buf_len, 2);
	fprintf(stdout, "n");
	ret = 1;

cleanup:
	if (!ret)
		OPENSSL_free(buf);
	EVP_PKEY_free(priv_key);
	EVP_PKEY_CTX_free(ctx);
	return ret;
}

int main(void)
{
	int ret = EXIT_FAILURE;
	size_t msg_len = sizeof(msg) - 1;
	size_t encrypted_len = 0, decrypted_len = 0;
	unsigned char* encrypted = NULL, * decrypted = NULL;
	OSSL_LIB_CTX* libctx = NULL;

	if (!do_encrypt(libctx, msg, msg_len, &encrypted, &encrypted_len)) {
		fprintf(stderr, "encryption failed.n");
		goto cleanup;
	}
	if (!do_decrypt(libctx, encrypted, encrypted_len,
		&decrypted, &decrypted_len)) {
		fprintf(stderr, "decryption failed.n");
		goto cleanup;
	}
	if (CRYPTO_memcmp(msg, decrypted, decrypted_len) != 0) {
		fprintf(stderr, "Decrypted data does not match expected valuen");
		goto cleanup;
	}
	ret = EXIT_SUCCESS;

cleanup:
	OPENSSL_free(decrypted);
	OPENSSL_free(encrypted);
	OSSL_LIB_CTX_free(libctx);
	if (ret != EXIT_SUCCESS)
		ERR_print_errors_fp(stderr);
	return ret;
}

END

原文地址:https://blog.csdn.net/LostSpeed/article/details/135582638

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。

如若转载,请注明出处:http://www.7code.cn/show_57622.html

如若内容造成侵权/违法违规/事实不符,请联系代码007邮箱:suwngjj01@126.com进行投诉反馈,一经查实,立即删除!

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注