OpenSSL库的RSA使用(上)-EVP方式
1 RSA加解密方式介绍
使用OpenSSL的RSA方式加解密有两种方式,一种是使用EVP系列函数,这些函数提供了对底层加解密函数的封装;另外一种是直接使用RSA相关的函数进行加解密操作。如果是标准应用,如使用RSA公钥加密,私钥解密,使用EVP函数比较方便,如果有特殊应用,如私钥加密,公钥解密,EVP函数会有问题,可以直接使用RSA提供的函数。
不过OpenSSL的RSA库经过测试,发现也有些问题,最后会对这些问题进行整理总结。
注:关于OpenSSL RSA是谁,有啥本事,去哪能找到它,请自行找度娘或谷歌。
1 EVP函数方式
1.1 步骤
使用EVP函数方式加解密的一般步骤是:
i. 生成公钥和私钥文件(公钥文件和私钥文件都是文本)
ii. 打开公钥,使用公钥对源数据进行加密
iii. 打开私钥,使用私钥对密文进行解密
1.2 代码
1.2.1包含文件与宏定义
#include <stdio.h> #include <openssl/evp.h> #include <crypto/evp/evp_locl.h> #include <openssl/rand.h> #include <openssl/rsa.h> #include <openssl/pem.h> #define RSA_KEY_LENGTH 1024 static const char rnd_seed[] = "string to make the random number generator initialized"; #ifdef WIN32 #define PRIVATE_KEY_FILE "f:\\rsapriv.key" #define PUBLIC_KEY_FILE "f:\\rsapub.key" #else // non-win32 system #define PRIVATE_KEY_FILE "/tmp/avit.data.tmp1" #define PUBLIC_KEY_FILE "/tmp/avit.data.tmp2" #endif #define RSA_PRIKEY_PSW "123" #ifdef WIN32 #pragma comment(lib, "libeay32.lib") #pragma comment(lib, "ssleay32.lib") #endif
2.2.2 生成密钥文件
// 生成公钥文件和私钥文件,私钥文件带密码
int generate_key_files(const char *pub_keyfile, const char *pri_keyfile,
const unsigned char *passwd, int passwd_len)
{
RSA *rsa = NULL;
RAND_seed(rnd_seed, sizeof(rnd_seed));
rsa = RSA_generate_key(RSA_KEY_LENGTH, RSA_F4, NULL, NULL);
if(rsa == NULL)
{
printf("RSA_generate_key error!\n");
return -1;
}
// 开始生成公钥文件
BIO *bp = BIO_new(BIO_s_file());
if(NULL == bp)
{
printf("generate_key bio file new error!\n");
return -1;
}
if(BIO_write_filename(bp, (void *)pub_keyfile) <= 0)
{
printf("BIO_write_filename error!\n");
return -1;
}
if(PEM_write_bio_RSAPublicKey(bp, rsa) != 1)
{
printf("PEM_write_bio_RSAPublicKey error!\n");
return -1;
}
// 公钥文件生成成功,释放资源
printf("Create public key ok!\n");
BIO_free_all(bp);
// 生成私钥文件
bp = BIO_new_file(pri_keyfile, "w+");
if(NULL == bp)
{
printf("generate_key bio file new error2!\n");
return -1;
}
if(PEM_write_bio_RSAPrivateKey(bp, rsa,
EVP_des_ede3_ofb(), (unsigned char *)passwd,
passwd_len, NULL, NULL) != 1)
{
printf("PEM_write_bio_RSAPublicKey error!\n");
return -1;
}
// 释放资源
printf("Create private key ok!\n");
BIO_free_all(bp);
RSA_free(rsa);
return 0;
}
2.2.3 打开公钥
// 打开公钥文件,返回EVP_PKEY结构的指针
EVP_PKEY* open_public_key(const char *keyfile)
{
EVP_PKEY* key = NULL;
RSA *rsa = NULL;
OpenSSL_add_all_algorithms();
BIO *bp = BIO_new(BIO_s_file());;
BIO_read_filename(bp, keyfile);
if(NULL == bp)
{
printf("open_public_key bio file new error!\n");
return NULL;
}
rsa = PEM_read_bio_RSAPublicKey(bp, NULL, NULL, NULL);
if(rsa == NULL)
{
printf("open_public_key failed to PEM_read_bio_RSAPublicKey!\n");
BIO_free(bp);
RSA_free(rsa);
return NULL;
}
printf("open_public_key success to PEM_read_bio_RSAPublicKey!\n");
key = EVP_PKEY_new();
if(NULL == key)
{
printf("open_public_key EVP_PKEY_new failed\n");
RSA_free(rsa);
return NULL;
}
EVP_PKEY_assign_RSA(key, rsa);
return key;
}
2.2.4 打开私钥
// 打开私钥文件,返回EVP_PKEY结构的指针
EVP_PKEY* open_private_key(const char *keyfile, const unsigned char *passwd)
{
EVP_PKEY* key = NULL;
RSA *rsa = RSA_new();
OpenSSL_add_all_algorithms();
BIO *bp = NULL;
bp = BIO_new_file(keyfile, "rb");
if(NULL == bp)
{
printf("open_private_key bio file new error!\n");
return NULL;
}
rsa = PEM_read_bio_RSAPrivateKey(bp, &rsa, NULL, (void *)passwd);
if(rsa == NULL)
{
printf("open_private_key failed to PEM_read_bio_RSAPrivateKey!\n");
BIO_free(bp);
RSA_free(rsa);
return NULL;
}
printf("open_private_key success to PEM_read_bio_RSAPrivateKey!\n");
key = EVP_PKEY_new();
if(NULL == key)
{
printf("open_private_key EVP_PKEY_new failed\n");
RSA_free(rsa);
return NULL;
}
EVP_PKEY_assign_RSA(key, rsa);
return key;
}
2.2.5 公钥加密函数
// 使用密钥加密,这种封装格式只适用公钥加密,私钥解密,这里key必须是公钥
int rsa_key_encrypt(EVP_PKEY *key, const unsigned char *orig_data, size_t orig_data_len,
unsigned char *enc_data, size_t &enc_data_len)
{
EVP_PKEY_CTX *ctx = NULL;
OpenSSL_add_all_ciphers();
ctx = EVP_PKEY_CTX_new(key, NULL);
if(NULL == ctx)
{
printf("ras_pubkey_encryptfailed to open ctx.\n");
EVP_PKEY_free(key);
return -1;
}
if(EVP_PKEY_encrypt_init(ctx) <= 0)
{
printf("ras_pubkey_encryptfailed to EVP_PKEY_encrypt_init.\n");
EVP_PKEY_free(key);
return -1;
}
if(EVP_PKEY_encrypt(ctx,
enc_data,
&enc_data_len,
orig_data,
orig_data_len) <= 0)
{
printf("ras_pubkey_encryptfailed to EVP_PKEY_encrypt.\n");
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(key);
return -1;
}
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(key);
return 0;
}
2.2.6 私钥解密函数
// 使用密钥解密,这种封装格式只适用公钥加密,私钥解密,这里key必须是私钥
int rsa_key_decrypt(EVP_PKEY *key, const unsigned char *enc_data, size_t enc_data_len,
unsigned char *orig_data, size_t &orig_data_len, const unsigned char *passwd)
{
EVP_PKEY_CTX *ctx = NULL;
OpenSSL_add_all_ciphers();
ctx = EVP_PKEY_CTX_new(key, NULL);
if(NULL == ctx)
{
printf("ras_prikey_decryptfailed to open ctx.\n");
EVP_PKEY_free(key);
return -1;
}
if(EVP_PKEY_decrypt_init(ctx) <= 0)
{
printf("ras_prikey_decryptfailed to EVP_PKEY_decrypt_init.\n");
EVP_PKEY_free(key);
return -1;
}
if(EVP_PKEY_decrypt(ctx,
orig_data,
&orig_data_len,
enc_data,
enc_data_len) <= 0)
{
printf("ras_prikey_decryptfailed to EVP_PKEY_decrypt.\n");
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(key);
return -1;
}
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(key);
return 0;
}
2.2.7 测试代码
int main(int argc, char **argv)
{
char origin_text[] = "hello world!";
char enc_text[512] = "";
char dec_text[512] = "";
size_t enc_len = 512;
size_t dec_len = 512;
// 生成公钥和私钥文件
generate_key_files(PUBLIC_KEY_FILE, PRIVATE_KEY_FILE, (const unsigned char *)RSA_PRIKEY_PSW, strlen(RSA_PRIKEY_PSW));
EVP_PKEY *pub_key = open_public_key(PUBLIC_KEY_FILE);
EVP_PKEY *pri_key = open_private_key(PRIVATE_KEY_FILE, (const unsigned char *)RSA_PRIKEY_PSW);
rsa_key_encrypt(pub_key, (const unsigned char *)&origin_text, sizeof(origin_text), (unsigned char *)enc_text, enc_len);
rsa_key_decrypt(pri_key, (const unsigned char *)enc_text, enc_len,
(unsigned char *)dec_text, dec_len, (const unsigned char *)RSA_PRIKEY_PSW);
return 0;
}
2.2.7 注意事项
i. 使用EVP方式只能采取公钥加密,私钥解密的方式,反之运行会出错
ii. Win32下注意添加链接时的lib文件,运行时需要相应的dll文件,需添加的lib文件:“libeay32.lib”和“ssleay32.lib”,运行需使用的dll文件:“libeay32.dll”和“ssleay32.dll”。