安全算法实验(三)

编程实现实验二中的功能

目录

  • 实验环境配置
  • 具体实现过程

环境配置

  • 添加相关属性


    1

    2
  • 将OpenSSL安装目录下bin文件夹中的“libcrypto-1_1-x64.dll”和“libssl-1_1-x64.dll”\(名字后面的版本号可能因更新而不同)复制到新建的项目工程目录下。

实现过程

  • rsa的密钥生成与保存
rsa.h文件
#include
#include
#include
#include
#include
#include
#include 
#include  
#include

#define KEY_LENGTH  1024               // 密钥长度  
#define PUB_KEY_FILE "pubkey.pem"    // 公钥路径  
#define PRI_KEY_FILE "prikey.pem"    // 私钥路径  
  
// 函数方法生成密钥对   
void generateRSAKey(std::string strKey[2])  
{  
    // 公私密钥对    
    size_t pri_len;  
    size_t pub_len;  
    char *pri_key = NULL;  
    char *pub_key = NULL;  
  
    // 生成密钥对    
    RSA *keypair = RSA_generate_key(KEY_LENGTH, RSA_F4, NULL, NULL);  
  
    BIO *pri = BIO_new(BIO_s_mem());
    BIO *pub = BIO_new(BIO_s_mem()); 
  
    PEM_write_bio_RSAPrivateKey(pri, keypair, NULL, NULL, 0, NULL, NULL);  
    PEM_write_bio_RSAPublicKey(pub, keypair);  
  
    // 获取长度    
    pri_len = BIO_pending(pri);  
    pub_len = BIO_pending(pub); 
  
    // 密钥对读取到字符串
    pri_key = (char *)malloc(pri_len + 1);  
    pub_key = (char *)malloc(pub_len + 1);  
  
    BIO_read(pri, pri_key, pri_len);  
    BIO_read(pub, pub_key, pub_len);  
  
    pri_key[pri_len] = '\0';  
    pub_key[pub_len] = '\0';  
  
    // 存储密钥对    
    strKey[0] = pub_key;  
    strKey[1] = pri_key;  
  
    // 存储到磁盘(这种方式存储的是begin rsa public key/ begin rsa private key开头的)  
    FILE *pubFile = fopen(PUB_KEY_FILE, "w");  
    if (pubFile == NULL)  
    {  
        //assert(false);  
        return;  
    }  
    fputs(pub_key, pubFile);  
    fclose(pubFile);  
  
    FILE *priFile = fopen(PRI_KEY_FILE, "w");  
    if (priFile == NULL)  
    {  
        //assert(false);  
        return;  
    }  
    fputs(pri_key, priFile);  
    fclose(priFile);  
  
    // 内存释放  
    RSA_free(keypair);  
    BIO_free_all(pub);  
    BIO_free_all(pri);  
  
    free(pri_key);  
    free(pub_key);  
}  
main函数
#include 
#include "rsa.h"
using namespace std;
int main()  {   
    string a[2];
    generateRSAKey(a);
    system("pause");
    return 0;  
}
  • 证书请求文件和证书的生成
#include 
#include 
#include 
#include 
#include 
#include  
#include

bool MakeCsrSSL(const  char * keyFilePath, const  char *email, const  char *name, const  char *country, const  char *saveCsrFilePath) {
    int             ret = 0;
    RSA             *r = NULL;
    BIGNUM          *bne = NULL;

    int             nVersion = 1;
    int             bits = 2048;
    unsigned long   e = RSA_F4;

    X509            *crt = NULL;
    X509_REQ        *x509_req = NULL;
    X509_NAME       *x509_name = NULL;
    EVP_PKEY        *pKey = NULL;
    RSA             *tem = NULL;
    BIO             *out = NULL, *keyFileBIO = NULL;
    FILE            *pubKeyFile = NULL;

    if (strlen(saveCsrFilePath) == 0) {
        fprintf(stderr, "MakeLocalCsrSSLApi save path is empty\n");
        return false;
    }

    //not exists public key file, create one immediately.
    if (strlen(keyFilePath) == 0) {
        // 1. generate rsa key
        bne = BN_new();
        ret = BN_set_word(bne, e);
        if (ret != 1) {
            fprintf(stderr, "MakeLocalCsrSSLApi BN_set_word err\n");
            goto free_all;
        }

        r = RSA_new();
        ret = RSA_generate_key_ex(r, bits, bne, NULL);
        if (ret != 1) {
            fprintf(stderr, "MakeLocalCsrSSLApi RSA_generate_key_ex err\n");
            goto free_all;
        }
    } else { //open it
        pubKeyFile = fopen(keyFilePath, "r");
        if (pubKeyFile == NULL) {
            fprintf(stderr, "MakeLocalCsrSSLApi opening file %s err\n", keyFilePath);
            goto free_all;
        }

        keyFileBIO = BIO_new_file(keyFilePath, "r");
        if (keyFileBIO == NULL) {
            fprintf(stderr, "MakeLocalCsrSSLApi BIO_new_file err %s\n", keyFilePath);
            goto free_all;
        }

        r = PEM_read_bio_RSAPrivateKey(keyFileBIO, NULL, NULL, NULL);
        if (r == NULL) {
            fprintf(stderr, "MakeLocalCsrSSLApi PEM_read_bio_RSAPrivateKey err\n");
            goto free_all;
        }

        /*
        //从csr文件中获取私钥
        BIO* bio = bio_open_default(csrFilePath, "r", 1);
        r = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
        if (r == NULL) {
            fprintf(stderr, "Error PEM_read_RSAPublicKey file %s\n", savePrivateKeyFilePath);
            return false;
        }*/
    }

    // 2. set version of x509 req
    x509_req = X509_REQ_new();
    ret = X509_REQ_set_version(x509_req, nVersion);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_set_version err\n");
        goto free_all;
    }

    // 3. set subject of x509 req
    x509_name = X509_REQ_get_subject_name(x509_req); //x509_req->req_info.subject;

    ret = X509_NAME_add_entry_by_txt(x509_name, "emailAddress", MBSTRING_ASC, (const unsigned char*)email, -1, -1, 0);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt emailAddress err\n");
        goto free_all;
    }

    ret = X509_NAME_add_entry_by_txt(x509_name, "CN", MBSTRING_ASC, (const unsigned char*)name, -1, -1, 0);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt CN err\n");
        goto free_all;
    }

    ret = X509_NAME_add_entry_by_txt(x509_name, "C", MBSTRING_ASC, (const unsigned char*)country, -1, -1, 0);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt C err\n");
        goto free_all;
    }

    // 4. set public key of x509 req
    pKey = EVP_PKEY_new();
    EVP_PKEY_assign_RSA(pKey, r);
    r = NULL;   // will be free rsa when EVP_PKEY_free(pKey)

    ret = X509_REQ_set_pubkey(x509_req, pKey);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_set_pubkey err\n");
        goto free_all;
    }

    // 5. set sign key of x509 req
    ret = X509_REQ_sign(x509_req, pKey, EVP_sha1());    // return x509_req->signature->length
    if (ret <= 0) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_sign err\n");
        goto free_all;
    }

    out = BIO_new_file(saveCsrFilePath, "w");
    crt = X509_REQ_to_X509(x509_req, 1000, pKey);
    ret = PEM_write_bio_X509_REQ(out, x509_req);

    // 6. free
free_all:
    BIO_free_all(keyFileBIO);
    X509_REQ_free(x509_req);
    BIO_free_all(out);
    // r = NULL; 
    EVP_PKEY_free(pKey);
    BN_free(bne);
    if (pubKeyFile) fclose(pubKeyFile);

    return (ret == 1);
}

而crt的生成,只需要对csr文件调用一个简单的x509转换函数就可以得到,即函数X509_REQ_to_X509

#include 
#include 
#include 
#include 
#include 
#include  
#include

bool MakeCsrSSL(const  char * keyFilePath, const  char *email, const  char *name, const  char *country, const  char *saveCsrFilePath) {
    int             ret = 0;
    RSA             *r = NULL;
    BIGNUM          *bne = NULL;

    int             nVersion = 1;
    int             bits = 2048;
    unsigned long   e = RSA_F4;

    X509            *crt = NULL;
    X509_REQ        *x509_req = NULL;
    X509_NAME       *x509_name = NULL;
    EVP_PKEY        *pKey = NULL;
    RSA             *tem = NULL;
    BIO             *out = NULL, *keyFileBIO = NULL;
    FILE            *pubKeyFile = NULL;

    if (strlen(saveCsrFilePath) == 0) {
        fprintf(stderr, "MakeLocalCsrSSLApi save path is empty\n");
        return false;
    }

    //not exists public key file, create one immediately.
    if (strlen(keyFilePath) == 0) {
        // 1. generate rsa key
        bne = BN_new();
        ret = BN_set_word(bne, e);
        if (ret != 1) {
            fprintf(stderr, "MakeLocalCsrSSLApi BN_set_word err\n");
            goto free_all;
        }

        r = RSA_new();
        ret = RSA_generate_key_ex(r, bits, bne, NULL);
        if (ret != 1) {
            fprintf(stderr, "MakeLocalCsrSSLApi RSA_generate_key_ex err\n");
            goto free_all;
        }
    } else { //open it
        pubKeyFile = fopen(keyFilePath, "r");
        if (pubKeyFile == NULL) {
            fprintf(stderr, "MakeLocalCsrSSLApi opening file %s err\n", keyFilePath);
            goto free_all;
        }

        keyFileBIO = BIO_new_file(keyFilePath, "r");
        if (keyFileBIO == NULL) {
            fprintf(stderr, "MakeLocalCsrSSLApi BIO_new_file err %s\n", keyFilePath);
            goto free_all;
        }

        r = PEM_read_bio_RSAPrivateKey(keyFileBIO, NULL, NULL, NULL);
        if (r == NULL) {
            fprintf(stderr, "MakeLocalCsrSSLApi PEM_read_bio_RSAPrivateKey err\n");
            goto free_all;
        }

        /*
        //从csr文件中获取私钥
        BIO* bio = bio_open_default(csrFilePath, "r", 1);
        r = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
        if (r == NULL) {
            fprintf(stderr, "Error PEM_read_RSAPublicKey file %s\n", savePrivateKeyFilePath);
            return false;
        }*/
    }

    // 2. set version of x509 req
    x509_req = X509_REQ_new();
    ret = X509_REQ_set_version(x509_req, nVersion);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_set_version err\n");
        goto free_all;
    }

    // 3. set subject of x509 req
    x509_name = X509_REQ_get_subject_name(x509_req); //x509_req->req_info.subject;

    ret = X509_NAME_add_entry_by_txt(x509_name, "emailAddress", MBSTRING_ASC, (const unsigned char*)email, -1, -1, 0);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt emailAddress err\n");
        goto free_all;
    }

    ret = X509_NAME_add_entry_by_txt(x509_name, "CN", MBSTRING_ASC, (const unsigned char*)name, -1, -1, 0);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt CN err\n");
        goto free_all;
    }

    ret = X509_NAME_add_entry_by_txt(x509_name, "C", MBSTRING_ASC, (const unsigned char*)country, -1, -1, 0);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_NAME_add_entry_by_txt C err\n");
        goto free_all;
    }

    // 4. set public key of x509 req
    pKey = EVP_PKEY_new();
    EVP_PKEY_assign_RSA(pKey, r);
    r = NULL;   // will be free rsa when EVP_PKEY_free(pKey)

    ret = X509_REQ_set_pubkey(x509_req, pKey);
    if (ret != 1) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_set_pubkey err\n");
        goto free_all;
    }

    // 5. set sign key of x509 req
    ret = X509_REQ_sign(x509_req, pKey, EVP_sha1());    // return x509_req->signature->length
    if (ret <= 0) {
        fprintf(stderr, "MakeLocalCsrSSLApi X509_REQ_sign err\n");
        goto free_all;
    }

    out = BIO_new_file(saveCsrFilePath, "w");
    crt = X509_REQ_to_X509(x509_req, 1000, pKey);
    ret = PEM_write_bio_X509_REQ(out, x509_req);

    // 6. free
free_all:
    BIO_free_all(keyFileBIO);
    X509_REQ_free(x509_req);
    BIO_free_all(out);
    // r = NULL; 
    EVP_PKEY_free(pKey);
    BN_free(bne);
    if (pubKeyFile) fclose(pubKeyFile);

    return (ret == 1);
}

你可能感兴趣的:(安全算法实验(三))