163 blogs的博客：[原] RSA 示例程序

/********************************************************************

RSA 示例程序

OpenSSL 签名，验签

OpenSSL 加密，解密

MS cryptAPI 签名，OpenSSL 验签

MS cryptAPI 加密，OpenSSL 解密

*********************************************************************/

#include "stdafx.h"

#define TEST_CSP MS_ENHANCED_PROV

const static unsigned char szTemp[] = "This is a test!";

const static char *szContainer = "My Container";

void OpensslSelf();

void MsSelf();

void MsSignOpenSSLVerify();

void MsEncryptOpenSSLDecrypt();

void FlipBuffer(unsigned char *pBuf, unsigned long ulLen)

{

return;

}

//char tmp;

unsigned char ucTemp;

for(unsigned long i = 0; i < ulLen >> 1; ++i)

{

ucTemp = pBuf[i];

pBuf[i] = pBuf[ulLen - i - 1];

pBuf[ulLen - i - 1] = ucTemp;

}

int main(int argc, char* argv[])

{

MsSelf();

OpensslSelf();

MsSignOpenSSLVerify();

MsEncryptOpenSSLDecrypt();

return 0;

}

void MsSignOpenSSLVerify()

{

printf("=====================================================\n\n");

printf("测试由微软CSP签名，Openssl验签\n");

const ULONG ulTestLen = 0x80;

unsigned char szTestData[0x80] = {0};

memcpy(szTestData, szTemp, sizeof(szTemp));

HCRYPTPROV hProv = NULL;

if (!CryptAcquireContext(&hProv, szContainer, TEST_CSP, PROV_RSA_FULL, 0))

{

if (NTE_BAD_KEYSET == GetLastError())

{

if (!CryptAcquireContext(&hProv, szContainer, TEST_CSP, PROV_RSA_FULL, CRYPT_NEWKEYSET))

{

printf("Creating container error!\n");

return;

}

printf("Creating container OK!\n");

HCRYPTKEY hKey = NULL;

if (!CryptGenKey(hProv, AT_KEYEXCHANGE, RSA1024BIT_KEY|CRYPT_EXPORTABLE, &hKey))

{

printf("Generating key pair error!\n");

return;

}

HCRYPTHASH hHash = NULL;

if (!CryptCreateHash(hProv, CALG_SHA1, NULL, 0, &hHash))

{

printf("Create hash error!\n");

}

if (!CryptSetHashParam(hHash, HP_HASHVAL, szTestData, 0))

{

printf("Create hash data error!\n");

}

DWORD dwSignLen = 0;

if (!CryptSignHash(hHash, AT_KEYEXCHANGE, NULL, NULL, NULL, &dwSignLen))

{

printf("get sign data len error!\n");

}

vector<BYTE> vSignedData;

vSignedData.resize(dwSignLen);

ZeroMemory(&vSignedData[0], dwSignLen);

if (!CryptSignHash(hHash, AT_KEYEXCHANGE, NULL, NULL, &vSignedData[0], &dwSignLen))

{

printf("get sign data len error!\n");

}

FlipBuffer(&vSignedData[0], dwSignLen);

// Export public key

DWORD dwExportedDataLen = 0;

if (!CryptExportKey(hKey, NULL, PUBLICKEYBLOB, 0, NULL, &dwExportedDataLen))

{

printf("Get the size of the exported public key error!\n");

}

vector<BYTE> vPubBlob;

vPubBlob.resize(dwExportedDataLen);

ZeroMemory(&vPubBlob[0], dwExportedDataLen);

if (!CryptExportKey(hKey, NULL, PUBLICKEYBLOB, 0, &vPubBlob[0], &dwExportedDataLen))

{

printf("Get exported public key error!\n");

}

BYTE *pszPubBlob = &vPubBlob[0];

RSAPUBKEY *rsapubkey = reinterpret_cast<RSAPUBKEY *>(pszPubBlob + sizeof(PUBLICKEYSTRUC));

BYTE *pE = (BYTE *)&(rsapubkey->pubexp);

DWORD dwElen = sizeof(DWORD);

FlipBuffer(pE, dwElen);

while(0x00 == *pE)

{

pE = pE + 1;

dwElen = dwElen - 1;

}

DWORD dwModulusLen = rsapubkey->bitlen / 8;

BYTE *pN = pszPubBlob + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY);

FlipBuffer(pN, dwModulusLen);

BIGNUM *pBN = BN_new();

pBN = BN_bin2bn(pN, dwModulusLen, pBN);

BIGNUM *pBE = BN_new();

pBE = BN_bin2bn(pE, dwElen, pBE);

RSA *pRsa = RSA_new();

pRsa->n = pBN;

pRsa->e = pBE;

unsigned char pbHashInfo[0x80] = {0};

int nRet = RSA_public_decrypt(dwSignLen, &vSignedData[0], pbHashInfo, pRsa, RSA_PKCS1_PADDING/*RSA_PKCS1_PADDING*/);

//解析解密结果，即获得了一个DER编码的哈希信息

DWORD dwHashInfoLen = (DWORD)pbHashInfo[1];

DWORD dwTLen = (DWORD)pbHashInfo[3];

DWORD dwHashLen = dwHashInfoLen - dwTLen - 4;

//解析哈希值，哈希值包括两部分，H1和H2

BYTE *pp = pbHashInfo+4+dwTLen+2;

if (0 == memcmp(szTemp, pp, sizeof(szTemp)))

printf("verify success!\n");

else

printf("verify failed!\n");

}

void MsSelf()

{

printf("=====================================================\n\n");

printf("测试由微软CSP自加解密\n");

HCRYPTPROV hProv = NULL;

if (!CryptAcquireContext(&hProv, szContainer, TEST_CSP, PROV_RSA_FULL, 0))

{

if (NTE_BAD_KEYSET == GetLastError())

{

if (!CryptAcquireContext(&hProv, szContainer, TEST_CSP, PROV_RSA_FULL, CRYPT_NEWKEYSET))

{

printf("Creating container error!\n");

return;

}

printf("Creating container OK!\n");

HCRYPTKEY hKey = NULL;

if (!CryptGenKey(hProv, AT_KEYEXCHANGE, RSA1024BIT_KEY|CRYPT_EXPORTABLE, &hKey))

{

printf("Generating key pair error!\n");

return;

}

DWORD dwDataLen = 0;

if (!CryptEncrypt(hKey, NULL, TRUE, 0, NULL, &dwDataLen, 0))

{

printf("Get encrypt ken length error!\n");

return;

}

//const ULONG ulTestLen = 0x80;

unsigned char *szTestData = new unsigned char[dwDataLen];

ZeroMemory(szTestData, dwDataLen);

memcpy(szTestData, szTemp, sizeof(szTemp));

DWORD dwLen = sizeof(szTemp);

if (!CryptEncrypt(hKey, NULL, TRUE, 0, szTestData, &dwLen, dwDataLen))

{

printf("Encrypt data error!\n");

return;

}

if (!CryptDecrypt(hKey, NULL, TRUE, 0, szTestData, &dwLen))

{

printf("Decrypt data error!\n");

}

if (0 == memcmp(szTestData, szTemp, dwLen))

{

printf("Encrypt and decrypt success!\n");

}

else

{

printf("Encrypt and decrypt failed!\n");

}

void MsEncryptOpenSSLDecrypt()

{

printf("=====================================================\n\n");

printf("测试由微软CSP签名，Openssl验签\n");

HCRYPTPROV hProv = NULL;

if (!CryptAcquireContext(&hProv, szContainer, TEST_CSP, PROV_RSA_FULL, 0))

{

if (NTE_BAD_KEYSET == GetLastError())

{

if (!CryptAcquireContext(&hProv, szContainer, TEST_CSP, PROV_RSA_FULL, CRYPT_NEWKEYSET))

{

printf("Creating container error!\n");

return;

}

printf("Creating container OK!\n");

HCRYPTKEY hKey = NULL;

if (!CryptGenKey(hProv, AT_KEYEXCHANGE, RSA1024BIT_KEY|CRYPT_EXPORTABLE, &hKey))

{

printf("Generating key pair error!\n");

return;

}

DWORD dwDataLen = 0;

if (!CryptEncrypt(hKey, NULL, TRUE, 0, NULL, &dwDataLen, 0))

{

printf("Get encrypt ken length error!\n");

return;

}

//const ULONG ulTestLen = 0x80;

unsigned char *szTestData = new unsigned char[dwDataLen];

ZeroMemory(szTestData, dwDataLen);

memcpy(szTestData, szTemp, sizeof(szTemp));

DWORD dwLen = sizeof(szTemp);

if (!CryptEncrypt(hKey, NULL, TRUE, 0, szTestData, &dwLen, dwDataLen))

{

printf("Encrypt data error!\n");

return;

}

FlipBuffer(szTestData, dwLen);

// Export public key

DWORD dwExportedDataLen = 0;

if (!CryptExportKey(hKey, NULL, PRIVATEKEYBLOB, 0, NULL, &dwExportedDataLen))

{

printf("Get the size of the exported public key error!\n");

}

vector<BYTE> vPubBlob;

vPubBlob.resize(dwExportedDataLen);

ZeroMemory(&vPubBlob[0], dwExportedDataLen);

if (!CryptExportKey(hKey, NULL, PRIVATEKEYBLOB, 0, &vPubBlob[0], &dwExportedDataLen))

{

printf("Get exported public key error!\n");

}

BYTE *pszPubBlob = &vPubBlob[0];

RSAPUBKEY *rsapubkey = reinterpret_cast<RSAPUBKEY *>(pszPubBlob + sizeof(PUBLICKEYSTRUC));

BYTE *pE = (BYTE *)&(rsapubkey->pubexp);

DWORD dwElen = sizeof(DWORD);

DWORD dwModulusLen = rsapubkey->bitlen / 8;

DWORD dwPrimeLen = rsapubkey->bitlen/16;

BYTE *pOffset = pszPubBlob + sizeof(BLOBHEADER) + sizeof(RSAPUBKEY);

BYTE *pN = pOffset;

pOffset += dwModulusLen;

BYTE *pP = pOffset;

pOffset += dwPrimeLen;

BYTE *pQ = pOffset;

pOffset += dwPrimeLen;

BYTE *pP1 = pOffset;

pOffset += dwPrimeLen;

BYTE *pQ1 = pOffset;

pOffset += dwPrimeLen;

BYTE *pPQ = pOffset;

pOffset += dwPrimeLen;

BYTE *pD = pOffset;

pOffset += dwModulusLen;

FlipBuffer(pE, dwElen);

FlipBuffer(pN, dwModulusLen);

FlipBuffer(pP, dwPrimeLen);

FlipBuffer(pQ, dwPrimeLen);

FlipBuffer(pP1, dwPrimeLen);

FlipBuffer(pQ1, dwPrimeLen);

FlipBuffer(pPQ, dwPrimeLen);

FlipBuffer(pD, dwModulusLen);

while(0x00 == *pE)

{

pE = pE + 1;

dwElen = dwElen - 1;

}

BIGNUM *pBE = BN_new();

pBE = BN_bin2bn(pE, dwElen, pBE);

BIGNUM *pBN = BN_new();

pBN = BN_bin2bn(pN, dwModulusLen, pBN);

BIGNUM *pBP = BN_new();

pBP = BN_bin2bn(pP, dwPrimeLen, pBP);

BIGNUM *pBQ = BN_new();

pBQ = BN_bin2bn(pQ, dwPrimeLen, pBQ);

BIGNUM *pBP1 = BN_new();

pBP1 = BN_bin2bn(pP1, dwPrimeLen, pBP1);

BIGNUM *pBQ1 = BN_new();

pBQ1 = BN_bin2bn(pQ1, dwPrimeLen, pBQ1);

BIGNUM *pBPQ = BN_new();

pBPQ = BN_bin2bn(pPQ, dwPrimeLen, pBPQ);

BIGNUM *pBD = BN_new();

pBD = BN_bin2bn(pD, dwModulusLen, pBD);

RSA *pRsa = RSA_new();

pRsa->n = pBN;

pRsa->e = pBE;

pRsa->p = pBP;

pRsa->q = pBQ;

pRsa->dmp1 = pBP1;

pRsa->dmq1 = pBQ1;

pRsa->iqmp = pBPQ;

pRsa->d = pBD;

unsigned char pbHashInfo[0x80] = {0};

int nRet = RSA_private_decrypt(dwLen, szTestData, pbHashInfo, pRsa, RSA_PKCS1_PADDING);

//解析解密结果，即获得了一个DER编码的哈希信息

DWORD dwHashInfoLen = (DWORD)pbHashInfo[1];

DWORD dwTLen = (DWORD)pbHashInfo[3];

DWORD dwHashLen = dwHashInfoLen - dwTLen - 4;

//解析哈希值，哈希值包括两部分，H1和H2

BYTE *pp = pbHashInfo+4+dwTLen+2;

if (0 == memcmp(szTemp, pp, sizeof(szTemp)))

printf("verify success!\n");

else

printf("verify failed!\n");

}

void OpensslSelf()

{

const ULONG ulTestLen = 0x80;

unsigned char szTestData[0x80] = {0};

memcpy(szTestData, szTemp, sizeof(szTemp));

unsigned char szDecData[0x80] = {0};

// Generate key pair

RSA *pRsa = RSA_generate_key(1024, 0x10001, NULL, NULL);

ULONG ulSize = BN_num_bytes(pRsa->n);

unsigned char *pszBuf = new unsigned char[ulSize + 1];

ZeroMemory(pszBuf, ulSize+1);

printf("==============Used to verify a person=====================\n");

printf("Using the RSA private key to encrypt messages\n");

int nRet = RSA_private_encrypt(sizeof(szTemp), szTemp, pszBuf, pRsa, RSA_PKCS1_PADDING);

if (nRet == -1)

printf("Private encrypt error!\n");

else

printf("Encrypt successfully\n");

printf("Using the RSA public key to decrypt messages\n");

ZeroMemory(szTestData, 0x80);

nRet = RSA_public_decrypt(nRet, pszBuf, szDecData, pRsa, RSA_PKCS1_PADDING);

if (nRet == -1)

printf("Public decrypt error!\n");

if (0 == memcmp(szDecData, szTemp, sizeof(szTemp)))

printf("Verify successfully!\n");

else

printf("Verify unsuccessfully\n");

ZeroMemory(szDecData, 0x80);

printf("=====================================================\n\n");

printf("===========Used to transfer encrypted messages===========\n");

printf("Using the RSA public key to encrypt messages\n");

nRet = RSA_public_encrypt(sizeof(szTemp), szTemp, pszBuf, pRsa, RSA_PKCS1_PADDING);

if (nRet == -1)

printf("Private encrypt error!\n");

else

printf("Encrypt successfully\n");

printf("Using the RSA private key to decrypt messages\n");

nRet = RSA_private_decrypt(nRet, pszBuf, szDecData, pRsa, RSA_PKCS1_PADDING);

if (nRet == -1)

printf("Public decrypt error!\n");

if (0 == memcmp(szDecData, szTemp, sizeof(szTemp)))

printf("Verify successfully!\n");

else

printf("Verify unsuccessfully\n");

printf("=====================================================\n\n");

if (NULL != pszBuf)

{

delete[] pszBuf;

pszBuf = NULL;

}