openssl3.2 - 官方demo学习 - encode - ec_encode.c

openssl3.2 - 官方demo学习 - encode - ec_encode.c

概述

官方demos/encode 目录中给了2个例子工程
功能是载入(RSA/ECC)公钥, 然后自己就可以拿内存中的公钥对象干活了.
刚开始过官方demo时, 没明白.
现在回头看, 挺简单的.
昨天已经将rsa_encode.c搞定了.
现在准备做ec_encode.c的实验.

肉眼分辨这2个.c, 区别很小. 用BC4看了一下区别, 主要是算法不同.

openssl的高级接口封装的真好, 类似的算法使用, 唯一的区别是算法名称不同.

笔记

产生ecc私钥

根据前面的实现(openssl3.2 - exp - 选择最好的内建椭圆曲线), 强度最好的内建椭圆曲线名称为 sect571k1/sect571r1, 2选1都行, 那我选择sect571r1

查看openssl帮助, 可知 openssl ecparam -genkey 可以产生ecc私钥.
查找ecparam -genkey, 在openssl源码中看到了产生ecc私钥的例子.

下面2种命令都行, 区别在将输出是否加密

输出分2段, 前面是EC参数, 后面是私钥
openssl ecparam -genkey -name sect571r1 -out ec_privkey_sect571r1_001.key

输出只有一段, 内容被加密
openssl ecparam -genkey -name sect571r1 -param_enc explicit -out ec_privkey_sect571r1_001.key

对于ECC, 私钥产生和公钥产生是分开的, 并不像RSA那样(私钥里面包含公钥), 对于使用是这样. 私钥只能当私钥用, 公钥只能当公钥用.
但是用openssl命令是可以从同一个ECC私钥中, 导出相同的ECC公钥, 说明ECC公钥就在ECC私钥里面, ECC私钥是一个KeyPair.

产生ecc公钥

openssl ec -in ec_privkey_sect571r1_001.key -pubout -out ec_pubkey_sect571r1_001.key
openssl ec -in ec_privkey_sect571r1_001.key -pubout
执行多次, 看到的公钥都是一样的, 说明ecc公钥包含在ecc私钥里面
跟一下, 看看怎么从ecc私钥中取ecc公钥.

将ec_privkey_sect571r1_001.key转成C数组, 就可以在工程中, 通过buffer来载入公钥了.
既然载入不同类型(RSA/ECC)公钥, 只有算法名称不同. 将测试程序改了一下, 载入私钥时, 参数为密钥文件类型 + buffer + buffer_lenn

测试工程

/*!
* \file main.cpp
* \note openssl3.2 - 官方demo学习 - encode - ec_encode.c
* 对于ecc的pem数据, 只能载入ecc公钥到 EVP_PKEY
* 如果给的是ecc私钥, 无法从私钥中载入公钥 到 EVP_PKEY
* 如果想从ecc私钥中载入公钥, 可以参照 openssl ec -in ec_privkey_sect571r1_001.key -pubout
*/

#include "my_openSSL_lib.h"
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/decoder.h>
#include <openssl/encoder.h>
#include <openssl/evp.h>

#include <stdlib.h>
#include <stdio.h>
#include <assert.h>

#include "CMemHookRec.h"

// 为了内存操作, 已经将私钥数据文件转成了数组, 嵌入到工程中
//! \ref https://lostspeed.blog.csdn.net/article/details/136486115
//! 数组为 const char ucAry_ecc_priv_key_for_test[472];
#include "ecc_priv_key_for_test.h"
#include "ecc_pub_key_for_test.h" // ucAry_ecc_pub_key_for_test
#include "ec_privkey_sect571r1_pub_priv.h" // ucAry_ec_privkey_sect571r1_pub_priv

#include <cassert>

#define PWD_PRIV_KEY NULL

void my_openssl_app();

// 都是在操作内存, 从内存中的私钥数据, 转出到内存中的公钥数据
bool exportRsaPrivKeyToRsaPubKey(bool isPrivkeyBuffer, const char* key_type, const char* pBufPrivKey, int lenPrivKey, const char* pBufPrivKeyPwd, char*& pBufPubKey, int& lenPubKey);

// 载入buffer到 EVP_PKEY时, 不区分是公钥还是私钥, 只要是有效的key数据, 都能正常载入
EVP_PKEY* load_key(bool isPrivkeyBuffer, const char* key_type, OSSL_LIB_CTX* libctx, const char* pBufPrivKey, int lenPrivKey, const char* passphrase);
bool export_Key(bool isPrivkeyBuffer, EVP_PKEY* pkey, const char* passphrase, char*& pBufPubKey, int& lenPubKey);

int main(int argc, char** argv)
{
	setvbuf(stdout, NULL, _IONBF, 0); // 清掉stdout缓存, 防止调用printf时阻塞
	mem_hook();

	my_openssl_app();

	mem_unhook();

	/*! run result
	*/

	return 0;
}

void my_openssl_app()
{
	bool b_rc = false;
	char* pszPubKey = NULL;
	int lenPubKey = 0;
	BIO* bio_out = BIO_new_fp(stdout, 0);
	assert(NULL != bio_out);

	do {
		// 载入公钥
		// 这个函数只能载入公钥, 如果像ecc私钥, 是无法载入公钥的
		// 但是 openssl ec -in ec_privkey_sect571r1_001.key -pubout -out ec_pubkey_sect571r1_001.key 可以, 一会跟一下
		// 执行上面这个命令多次, 看到的公钥都是一样的, 说明 ecc私钥中包含ecc公钥数据

		// 载入公钥数组(单独的ecc公钥文件转换来的) ok
		// b_rc = exportRsaPrivKeyToRsaPubKey(false, "EC", ucAry_ecc_pub_key_for_test, sizeof(ucAry_ecc_pub_key_for_test), PWD_PRIV_KEY, pszPubKey, lenPubKey); // ok

		// 载入私钥数组(单独的ecc私钥文件转换来的) err
		b_rc = exportRsaPrivKeyToRsaPubKey(true, "EC", ucAry_ecc_priv_key_for_test, sizeof(ucAry_ecc_priv_key_for_test), PWD_PRIV_KEY, pszPubKey, lenPubKey); // err
		
		// 载入公钥和私钥数组(自己手工拼的, 前面是ecc私钥文件, 后面呢是ecc公钥文件), err
		// b_rc = exportRsaPrivKeyToRsaPubKey(false, "EC", ucAry_ec_privkey_sect571r1_pub_priv, sizeof(ucAry_ec_privkey_sect571r1_pub_priv), PWD_PRIV_KEY, pszPubKey, lenPubKey); // err

		// 结论 - 这个官方例子, 只能单独载入ecc公钥文件, 得到公钥数据
		// 对于rsa这种(私钥中包含公钥), 可以直接从私钥中得到公钥
		// 对于ecc这样(私钥中也包含公钥), 却不可以直接从私钥中得到公钥, 一会看看 openssl ec -in ec_privkey_sect571r1_001.key -pubout 咋实现的

		BIO_printf(bio_out, "b_rc = %s\n", (b_rc ? "true" : "false"));

		if (!b_rc)
		{
			assert(false);
			break;
		}

		// now can use pszPubKey
		BIO_printf(bio_out, "the EC public key is below:\n");
		BIO_dump_fp(stdout, pszPubKey, lenPubKey);
	} while (false);

	if (NULL != pszPubKey)
	{
		OPENSSL_free(pszPubKey);
		pszPubKey = NULL;
	}

	if (NULL != bio_out)
	{
		BIO_free(bio_out);
		bio_out = NULL;
	}
}

bool exportRsaPrivKeyToRsaPubKey(bool isPrivkeyBuffer, const char* key_type, const char* pBufPrivKey, int lenPrivKey, const char* pBufPrivKeyPwd, char*& pBufPubKey, int& lenPubKey)
{
	bool b_rc = false;
	EVP_PKEY* pubKey = NULL;

	do {
		// 如果ras私钥是没有口令保护的, 可以不给口令
		if ((NULL == pBufPrivKey) || (lenPrivKey <= 0))
		{
			break;
		}

		pubKey = load_key(isPrivkeyBuffer, "EC", NULL, pBufPrivKey, lenPrivKey, pBufPrivKeyPwd);
		if (NULL == pubKey)
		{
			break;
		}

		if (!export_Key(isPrivkeyBuffer, pubKey, NULL, pBufPubKey, lenPubKey))
		{
			break;
		}

		b_rc = true;
	} while (false);

	if (NULL != pubKey)
	{
		EVP_PKEY_free(pubKey);
		pubKey = NULL;
	}

	return b_rc;
}

EVP_PKEY* load_key(bool isPrivkeyBuffer, const char* key_type, OSSL_LIB_CTX* libctx, const char* pBufPrivKey, int lenPrivKey, const char* passphrase)
{
	int ret = 0;
	EVP_PKEY* pkey = NULL;
	OSSL_DECODER_CTX* dctx = NULL;
	int selection = 0;
	int i_tmp = 0;
	BIO* bio_privKey = NULL;

	if (NULL == key_type)
	{
		goto cleanup;
	}

	bio_privKey = BIO_new(BIO_s_mem());
	if (NULL == bio_privKey)
	{
		goto cleanup;
	}

	i_tmp = BIO_write(bio_privKey, pBufPrivKey, lenPrivKey);
	if (i_tmp != lenPrivKey)
	{
		goto cleanup;
	}

	/*
	 * Create PEM decoder context expecting an RSA key.
	 *
	 * For raw (non-PEM-encoded) keys, change "PEM" to "DER".
	 *
	 * The selection argument here specifies whether we are willing to accept a
	 * public key, private key, or either. If it is set to zero, either will be
	 * accepted. If set to EVP_PKEY_KEYPAIR, a private key will be required, and
	 * if set to EVP_PKEY_PUBLIC_KEY, a public key will be required.
	 */
	dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, key_type,
		selection,
		libctx, NULL);
	if (dctx == NULL) {
		// fprintf(stderr, "OSSL_DECODER_CTX_new_for_pkey() failed\n");
		goto cleanup;
	}

	/*
	 * Set passphrase if provided; needed to decrypt encrypted PEM files.
	 * If the input is not encrypted, any passphrase provided is ignored.
	 *
	 * Alternative methods for specifying passphrases exist, such as a callback
	 * (see OSSL_DECODER_CTX_set_passphrase_cb(3)), which may be more useful for
	 * interactive applications which do not know if a passphrase should be
	 * prompted for in advance, or for GUI applications.
	 */
	if (passphrase != NULL) {
		if (OSSL_DECODER_CTX_set_passphrase(dctx,
			(const unsigned char*)passphrase,
			strlen(passphrase)) == 0) {
			// fprintf(stderr, "OSSL_DECODER_CTX_set_passphrase() failed\n");
			goto cleanup;
		}
	}

	/* Do the decode, reading from file. */
	if (OSSL_DECODER_from_bio(dctx, bio_privKey) == 0) { // 如果f是stdin, 就需要自己输入私钥内容, 所以函数入参的f必须是一个实际文件的FILE*
		// fprintf(stderr, "OSSL_DECODER_from_fp() failed\n");
		goto cleanup;
	}

	ret = 1;
cleanup:
	OSSL_DECODER_CTX_free(dctx);

	/*
	 * pkey is created by OSSL_DECODER_CTX_new_for_pkey, but we
	 * might fail subsequently, so ensure it's properly freed
	 * in this case.
	 */
	if (ret == 0) {
		EVP_PKEY_free(pkey);
		pkey = NULL;
	}

	if (NULL != bio_privKey)
	{
		BIO_free(bio_privKey);
		bio_privKey = NULL;
	}

	return pkey;
}

bool export_Key(bool isPrivkeyBuffer, EVP_PKEY* pkey, const char* passphrase, char*& pBufPubKey, int& lenPubKey)
{
	int ret = 0;
	int selection;
	OSSL_ENCODER_CTX* ectx = NULL;

	unsigned char* pdata = NULL;
	size_t sz_len_data = 0;

	/*
	 * Create a PEM encoder context.
	 *
	 * For raw (non-PEM-encoded) output, change "PEM" to "DER".
	 *
	 * The selection argument controls whether the private key is exported
	 * (EVP_PKEY_KEYPAIR), or only the public key (EVP_PKEY_PUBLIC_KEY). The
	 * former will fail if we only have a public key.
	 *
	 * Note that unlike the decode API, you cannot specify zero here.
	 *
	 * Purely for the sake of demonstration, here we choose to export the whole
	 * key if a passphrase is provided and the public key otherwise.
	 */

	 // 如果给出口令, 就导出公私钥对;
	 // 如果不给口令, 就只导出公钥
	 // 实际应用中, 我们就只有导出公钥的需求
	/*selection = (passphrase != NULL)
		? EVP_PKEY_KEYPAIR
		: EVP_PKEY_PUBLIC_KEY;*/

	// 不根据口令来判断要从EVP_PKEY中选择啥数据
	// 而是按照我们自己传的参数(如果load_key时的buffer是私钥数据, 就会传true; 如果载入的是公钥数据, 就会传false)
	// 如果我们载入的是私钥数据(e.g. ECC私钥, 那么OSSL_ENCODER_CTX_new_for_pkey要选择公钥数据, 就会失败)
	// ecc私钥中就有公钥数据, 但是OSSL_ENCODER_CTX_new_for_pkey载入的是啥, 要指定好
	selection = (isPrivkeyBuffer ? EVP_PKEY_KEYPAIR : EVP_PKEY_PUBLIC_KEY);
	// selection = EVP_PKEY_PUBLIC_KEY; // 就选择公钥呢? 也不行
	// selection = EVP_PKEY_KEYPAIR; // 载入的是私钥数据, 导出私钥数据行么? 也不行

	// 如果载入的是ECC私钥, 确要导出ECC公钥, OSSL_ENCODER_to_data()会失败
	// 就只能载入ECC公钥, 导出ECC公钥数据才行. 关键是我就有要用的公钥/私钥数据, 为啥要导出, 不是很懂官方的意思.

	ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "PEM", NULL, NULL);
	if (ectx == NULL) {
		// fprintf(stderr, "OSSL_ENCODER_CTX_new_for_pkey() failed\n");
		goto cleanup;
	}

	/*
	 * Set passphrase if provided; the encoded output will then be encrypted
	 * using the passphrase.
	 *
	 * Alternative methods for specifying passphrases exist, such as a callback
	 * (see OSSL_ENCODER_CTX_set_passphrase_cb(3), just as for OSSL_DECODER_CTX;
	 * however you are less likely to need them as you presumably know whether
	 * encryption is desired in advance.
	 *
	 * Note that specifying a passphrase alone is not enough to cause the
	 * key to be encrypted. You must set both a cipher and a passphrase.
	 */
	if (passphrase != NULL) {
		/* Set cipher. AES-128-CBC is a reasonable default. */
		if (OSSL_ENCODER_CTX_set_cipher(ectx, "AES-128-CBC", NULL) == 0) {
			// fprintf(stderr, "OSSL_ENCODER_CTX_set_cipher() failed\n");
			goto cleanup;
		}

		/* Set passphrase. */
		if (OSSL_ENCODER_CTX_set_passphrase(ectx,
			(const unsigned char*)passphrase,
			strlen(passphrase)) == 0) {
			// fprintf(stderr, "OSSL_ENCODER_CTX_set_passphrase() failed\n");
			goto cleanup;
		}
	}

	/* Do the encode, writing to the given file. */
	if (OSSL_ENCODER_to_data(ectx, &pdata, &sz_len_data) == 0) {
		// fprintf(stderr, "OSSL_ENCODER_to_fp() failed\n");
		goto cleanup;
	}

	pBufPubKey = (char*)pdata;
	lenPubKey = (int)sz_len_data;

	ret = 1;
cleanup:
	OSSL_ENCODER_CTX_free(ectx);
	return ret;
}

备注

跟了 openssl ec -in ec_privkey_sect571r1_001.key -pubout
大部分都是内部函数, 不好整理出来.

想了一下, 现在用官方demo, 主要是导出key出错.
但是载入私钥/公钥到EVP_PKEY, 都是成功的. 也就是说 load_key()一个有效的密钥/公钥buffer, 总可以得到一个有效的EVP_PKEY.
那就拿这个EVP_PKEY干活就完了, 也不导出什么公钥了.

需要私钥时, 就load_key()私钥buffer, 得到EVP_PKEY干活.
需要公钥时, 就load_key()公钥buffer, 得到EVP_PKEY干活.
官方demo实现中, 如果载入的buffer需要口令, 就当私钥来载入, 这个有点容易误判, 一会改一下. 从参数传入, 这个buffer是公钥还是私钥.
代码已经更新了, 不好使.

载入ECC私钥, 但是要导出ECC公钥数据时失败.
那么就拿官方这个demo当作load_key()用好了, 我们载入一个buffer(里面是有效的公钥文件/私钥文件转换来的数组), 得到一个EVP_PKEY干活. 先这样.

备注

从EVP_PKEY中拿到公钥/私钥, 官方另外一个工程中有演示, openssl3.2 - 官方demo学习 - pkey - EVP_PKEY_EC_keygen.c

那就可以在本工程中载入buffer之后, 得到key. 再从key中得到公钥和私钥的数据.
不行啊, 做了实验了.

int get_key_values(EVP_PKEY* pkey)
{
	// 载入ECC私钥时, 用get_key_values()实现, 除了名字, 啥也得不到.
	/*
	Curve name: sect571r1
	Failed to get public key
	Failed to get private key
	*/
	// 载入手工拼装的合体文件(ECC私钥 + ECC公钥)buffer时, 用get_key_values()实现, 除了名字, 啥也得不到.
	// 载入ECC公钥时,  用get_key_values()实现, 除了名字, 啥也得不到.
	// 为啥呢? get_key_values()用程序来产生ECC密钥对那个工程(EVP_PKEY_EC_keygen.c)好使的

	int ret = 0;
	// 载入密钥对的buffer长度要给够
	char out_curvename[0x100];
	unsigned char out_pubkey[0x100];
	unsigned char out_privkey[0x100];
	BIGNUM* out_priv = NULL;
	size_t out_pubkey_len, out_privkey_len = 0;

	if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
		out_curvename, sizeof(out_curvename),
		NULL)) {
		fprintf(stderr, "Failed to get curve name\n");
		// goto cleanup;
	}
	else {
		fprintf(stdout, "Curve name: %s\n", out_curvename);
	}

	if (!EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY,
		out_pubkey, sizeof(out_pubkey),
		&out_pubkey_len)) {
		fprintf(stderr, "Failed to get public key\n");
		// goto cleanup;
	}
	else {
		fprintf(stdout, "Public key:\n");
		BIO_dump_indent_fp(stdout, out_pubkey, (int)out_pubkey_len, 2);
	}

	if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &out_priv)) {
		fprintf(stderr, "Failed to get private key\n");
		// goto cleanup;
	}
	else {
		out_privkey_len = BN_bn2bin(out_priv, out_privkey);
		if (out_privkey_len <= 0 || out_privkey_len > sizeof(out_privkey)) {
			fprintf(stderr, "BN_bn2bin failed\n");
			// goto cleanup;
		}
		else {
			fprintf(stdout, "Private Key:\n");
			BIO_dump_indent_fp(stdout, out_privkey, (int)out_privkey_len, 2);
		}
	}

	ret = 1;
// cleanup:
	/* Zeroize the private key data when we free it */
	if (NULL != out_priv)
	{
		BN_clear_free(out_priv);
	}
	
	return ret;
}

还是用EVP_PKEY_EC_keygen.c来产生ecc密钥对, 不用openssl自带的了. 跟了一下, 只能看出EVP_PKEY_EC_keygen.c调用的函数比较简洁.

END