openssl3.2 – 官方demo学习 – encrypt – rsa_encrypt.c

openssl3.2 – 官方demo学习 – encrypt – rsa_encrypt.c

概述

从内存中的DER共钥数据构造pub_key, 用公钥加密明文, 输出密文. 非对称加密
从内存中的DER私钥数据构造priv_key, 用私钥解密密文, 输出明文, 非对称解密
使用的哪种非堆成加解密算法是生成证书中指定的.
在从DER证书中构造key时, 也要指定RSA参数.
在加解密初始化, 要设置RSA相关参数
加解密之前, 都有API可以从要操作的数据长度估算出操作后的数据长度
这个例子演示了从内存中拿数据来进行非对称加解密, 避免了公钥/私钥数据落地

笔记

/*!
file rsa_encrypt.c
note openssl3.2 - 官方demo学习 - encrypt - rsa_encrypt.c
从内存中的DER共钥数据构造pub_key, 用公钥加密明文, 输出密文. 非对称加密
从内存中的DER私钥数据构造priv_key, 用私钥解密密文, 输出铭文, 非对称解密
使用的哪种非堆成加解密算法是生成证书中指定的.
在从DER证书中构造key时, 也要指定RSA参数.
在加解密初始化, 要设置RSA相关参数
加解密之前, 都有API可以从要操作的数据长度估算出操作后的数据长度
这个例子演示了从内存中拿数据来进行非对称加解密, 避免了公钥/私钥数据落地
*/

/*-
 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

 /*
  * An example that uses EVP_PKEY_encrypt and EVP_PKEY_decrypt methods
  * to encrypt and decrypt data using an RSA keypair.
  * RSA encryption produces different encrypted output each time it is run,
  * hence this is not a known answer test.
  */

#include <stdio.h>
#include <stdlib.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/decoder.h>
#include <openssl/core_names.h>
#include "rsa_encrypt.h"

#include "my_openSSL_lib.h"

  /* Input data to encrypt */
static const unsigned char msg[] =
"To be, or not to be, that is the question,n"
"Whether tis nobler in the minde to suffern"
"The slings and arrowes of outragious fortune,n"
"Or to take Armes again in a sea of troubles";

/*
 * For do_encrypt(), load an RSA public key from pub_key_der[].
 * For do_decrypt(), load an RSA private key from priv_key_der[].
 */
static EVP_PKEY* get_key(OSSL_LIB_CTX* libctx, const char* propq, int public)
{
	OSSL_DECODER_CTX* dctx = NULL;
	EVP_PKEY* pkey = NULL;
	int selection;
	const unsigned char* data;
	size_t data_len;

	if (public) {
		selection = EVP_PKEY_PUBLIC_KEY;
		data = g_pub_key_der;
		data_len = sizeof(g_pub_key_der);
	}
	else {
		selection = EVP_PKEY_KEYPAIR;
		data = g_priv_key_der;
		data_len = sizeof(g_priv_key_der);
	}
	dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "RSA",
		selection, libctx, propq);
	(void)OSSL_DECODER_from_data(dctx, &data, &data_len);
	OSSL_DECODER_CTX_free(dctx);
	return pkey;
}

/* Set optional parameters for RSA OAEP Padding */
static void set_optional_params(OSSL_PARAM* p, const char* propq)
{
	static unsigned char label[] = "label";

	/* "pkcs1" is used by default if the padding mode is not set */
	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE,
		OSSL_PKEY_RSA_PAD_MODE_OAEP, 0);
	/* No oaep_label is used if this is not set */
	*p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL,
		label, sizeof(label));
	/* "SHA1" is used if this is not set */
	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
		"SHA256", 0);
	/*
	 * If a non default property query needs to be specified when fetching the
	 * OAEP digest then it needs to be specified here.
	 */
	if (propq != NULL)
		*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS,
			(char*)propq, 0);

	/*
	 * OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST and
	 * OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS can also be optionally added
	 * here if the MGF1 digest differs from the OAEP digest.
	 */

	*p = OSSL_PARAM_construct_end();
}

/*
 * The length of the input data that can be encrypted is limited by the
 * RSA key length minus some additional bytes that depends on the padding mode.
 *
 */
static int do_encrypt(OSSL_LIB_CTX* libctx,
	const unsigned char* in, size_t in_len,
	unsigned char** out, size_t* out_len)
{
	int ret = 0, public = 1;
	size_t buf_len = 0;
	unsigned char* buf = NULL;
	const char* propq = NULL;
	EVP_PKEY_CTX* ctx = NULL;
	EVP_PKEY* pub_key = NULL;
	OSSL_PARAM params[5];

	/* Get public key */
	pub_key = get_key(libctx, propq, public);
	if (pub_key == NULL) {
		fprintf(stderr, "Get public key failed.n");
		goto cleanup;
	}
	ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pub_key, propq);
	if (ctx == NULL) {
		fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed.n");
		goto cleanup;
	}
	set_optional_params(params, propq);
	/* If no optional parameters are required then NULL can be passed */
	if (EVP_PKEY_encrypt_init_ex(ctx, params) <= 0) {
		fprintf(stderr, "EVP_PKEY_encrypt_init_ex() failed.n");
		goto cleanup;
	}
	/* Calculate the size required to hold the encrypted data */
	if (EVP_PKEY_encrypt(ctx, NULL, &buf_len, in, in_len) <= 0) {
		fprintf(stderr, "EVP_PKEY_encrypt() failed.n");
		goto cleanup;
	}
	buf = OPENSSL_zalloc(buf_len);
	if (buf == NULL) {
		fprintf(stderr, "Malloc failed.n");
		goto cleanup;
	}
	if (EVP_PKEY_encrypt(ctx, buf, &buf_len, in, in_len) <= 0) {
		fprintf(stderr, "EVP_PKEY_encrypt() failed.n");
		goto cleanup;
	}
	*out_len = buf_len;
	*out = buf;
	fprintf(stdout, "Encrypted:n");
	BIO_dump_indent_fp(stdout, buf, (int)buf_len, 2);
	fprintf(stdout, "n");
	ret = 1;

cleanup:
	if (!ret)
		OPENSSL_free(buf);
	EVP_PKEY_free(pub_key);
	EVP_PKEY_CTX_free(ctx);
	return ret;
}

static int do_decrypt(OSSL_LIB_CTX* libctx, const char* in, size_t in_len,
	unsigned char** out, size_t* out_len)
{
	int ret = 0, public = 0;
	size_t buf_len = 0;
	unsigned char* buf = NULL;
	const char* propq = NULL;
	EVP_PKEY_CTX* ctx = NULL;
	EVP_PKEY* priv_key = NULL;
	OSSL_PARAM params[5];

	/* Get private key */
	priv_key = get_key(libctx, propq, public);
	if (priv_key == NULL) {
		fprintf(stderr, "Get private key failed.n");
		goto cleanup;
	}
	ctx = EVP_PKEY_CTX_new_from_pkey(libctx, priv_key, propq);
	if (ctx == NULL) {
		fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed.n");
		goto cleanup;
	}

	/* The parameters used for encryption must also be used for decryption */
	set_optional_params(params, propq);
	/* If no optional parameters are required then NULL can be passed */
	if (EVP_PKEY_decrypt_init_ex(ctx, params) <= 0) {
		fprintf(stderr, "EVP_PKEY_decrypt_init_ex() failed.n");
		goto cleanup;
	}
	/* Calculate the size required to hold the decrypted data */
	if (EVP_PKEY_decrypt(ctx, NULL, &buf_len, in, in_len) <= 0) {
		fprintf(stderr, "EVP_PKEY_decrypt() failed.n");
		goto cleanup;
	}
	buf = OPENSSL_zalloc(buf_len);
	if (buf == NULL) {
		fprintf(stderr, "Malloc failed.n");
		goto cleanup;
	}
	if (EVP_PKEY_decrypt(ctx, buf, &buf_len, in, in_len) <= 0) {
		fprintf(stderr, "EVP_PKEY_decrypt() failed.n");
		goto cleanup;
	}
	*out_len = buf_len;
	*out = buf;
	fprintf(stdout, "Decrypted:n");
	BIO_dump_indent_fp(stdout, buf, (int)buf_len, 2);
	fprintf(stdout, "n");
	ret = 1;

cleanup:
	if (!ret)
		OPENSSL_free(buf);
	EVP_PKEY_free(priv_key);
	EVP_PKEY_CTX_free(ctx);
	return ret;
}

int main(void)
{
	int ret = EXIT_FAILURE;
	size_t msg_len = sizeof(msg) - 1;
	size_t encrypted_len = 0, decrypted_len = 0;
	unsigned char* encrypted = NULL, * decrypted = NULL;
	OSSL_LIB_CTX* libctx = NULL;

	if (!do_encrypt(libctx, msg, msg_len, &encrypted, &encrypted_len)) {
		fprintf(stderr, "encryption failed.n");
		goto cleanup;
	}
	if (!do_decrypt(libctx, encrypted, encrypted_len,
		&decrypted, &decrypted_len)) {
		fprintf(stderr, "decryption failed.n");
		goto cleanup;
	}
	if (CRYPTO_memcmp(msg, decrypted, decrypted_len) != 0) {
		fprintf(stderr, "Decrypted data does not match expected valuen");
		goto cleanup;
	}
	ret = EXIT_SUCCESS;

cleanup:
	OPENSSL_free(decrypted);
	OPENSSL_free(encrypted);
	OSSL_LIB_CTX_free(libctx);
	if (ret != EXIT_SUCCESS)
		ERR_print_errors_fp(stderr);
	return ret;
}

END

代码007普通

打赏 收藏 海报 链接