【网络安全】使用mbedtls 实现 RSA 签名、验签、加密、解密
简介
mbedtls(前身是 PolarSSL)是一个开源、轻量级的 SSL/TLS 库,专为嵌入式系统和资源受限环境设计。
RSA是一种广泛应用的非对称加密算法,是公开密钥密码体制(Public Key Cryptosystem)的一个典型代表,它的核心特点是采用一对密钥,分别是公开密钥(Public Key)和私有密钥(Private Key)。
相关头文件
#include RSA 签名
- 使用 sha256 生成数据摘要(256位的哈希值)
int main(int argc, char const *argv[])
{
mbedtls_sha256_context ctx;
unsigned char data[] = "Hello";
unsigned char output[32] = {0};
unsigned char sig[256] = {0};
size_t data_len = sizeof(data) - 1;
mbedtls_sha256_init(&ctx);
if (mbedtls_sha256_update(&ctx, data, data_len) != 0) {
printf("failed\n");
}
mbedtls_sha256_finish(&ctx, output);
for (size_t i = 0; i < 256; i++)
{
printf("%02x", output[i]);
}
printf("\n");
int sig_len;
printf("len = %d\n", strlen(output));
mbedtls_sha256_free(&ctx);
}
- 加载私钥
- 使用私钥对数据摘要进行签名(随机数填充)
int RSA_signature(const unsigned char* m, unsigned int m_length, unsigned char* sigret, unsigned int* siglen, const char* key)
{
int ret;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) != 0) {
// Handle error
printf("random init error\n");
ret = -1;
} else {
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
size_t keylen = strlen((const char *) key);
// 解析公钥
ret = mbedtls_pk_parse_key(&pk, key, keylen + 1, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg);
// 加载私钥
// ret = mbedtls_pk_parse_keyfile( &pk, "cert_pri.pem", NULL, mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
printf("pass private key error\n");
} else {
printf("pass private key success\n");
// 执行RSA加密
ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, m, m_length, sigret, 256, siglen,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
char error_buf[100];
mbedtls_strerror(ret, error_buf, sizeof(error_buf));
printf("rsa private encrypt error:%s\n", error_buf);
}
}
mbedtls_pk_free(&pk);
}
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
return ret;
}
RSA 验签
- 加载公钥
- 验证签名
int RSA_signature_verify(const unsigned char* m, int m_length, const char* key, unsigned char* sigret, unsigned int siglen)
{
int ret;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
ret = mbedtls_pk_parse_public_key(&pk, key, strlen(key) + 1);
if (ret != 0) {
printf("pass public key error\n");
ret = -1;
} else {
printf("pass public key success\n");
ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, m, m_length, sigret, (long unsigned int)siglen);
if (ret != 0) {
char error_buf[100];
mbedtls_strerror(ret, error_buf, sizeof(error_buf));
printf("rsa public encrypt error:%s\n", error_buf);
printf("ret = %d\n", ret);
}
}
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
return ret;
}
加密数据
- 加载公钥
- 加密数据(随机数填充)
int rsa_public_encrypt(const unsigned char *public_key_pem, const unsigned char *plaintext,
size_t plaintext_len, unsigned char *ciphertext, size_t *ciphertext_len)
{
int ret;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) != 0)
{
// Handle error
printf("random init error\n");
ret = -1;
}
else
{
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
size_t keylen = strlen((const char *)public_key_pem);
// 解析公钥
ret = mbedtls_pk_parse_public_key(&pk, public_key_pem, keylen + 1);
if (ret != 0)
{
printf("pass public key error\n");
}
else
{
printf("pass public key success\n");
// 执行RSA加密
ret = mbedtls_pk_encrypt(&pk, plaintext, plaintext_len, ciphertext, ciphertext_len,
1024, mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0)
{
char error_buf[100];
mbedtls_strerror(ret, error_buf, sizeof(error_buf));
printf("rsa public encrypt error:%s\n", error_buf);
}
}
mbedtls_pk_free(&pk);
}
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
return ret;
}
解密数据
- 加载私钥
- 解密数据
int rsa_private_decrypt(const unsigned char *private_key_pem, const unsigned char *ciphertext,
size_t ciphertext_len, unsigned char *plaintext, size_t *plaintext_len)
{
int ret;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) != 0)
{
// Handle error
printf("random init error\n");
ret = -1;
}
else
{
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
size_t keylen = strlen((char *)private_key_pem);
// 解析私钥
ret = mbedtls_pk_parse_key(&pk, private_key_pem, keylen + 1, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg);
char error_buf[100];
if (ret != 0)
{
printf("pass private key error\n");
mbedtls_strerror(ret, error_buf, sizeof(error_buf));
printf("rsa public decrypt error:%s\n", error_buf);
}
else
{
printf("pass private key success\n");
// 执行RSA解密
ret = mbedtls_pk_decrypt(&pk, ciphertext, ciphertext_len, plaintext, plaintext_len,
512, mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0)
{
char error_buf[100];
mbedtls_strerror(ret, error_buf, sizeof(error_buf));
printf("rsa public decrypt error:%s\n", error_buf);
}
else
{
}
}
mbedtls_pk_free(&pk);
}
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
return ret;
}