openssl之DH(Diffie–Hellman)加密
//加密机制初始化 g_HDMgr.init();
//对方的public key BIGNUM* peerPubKey = NULL; peerPubKey = BN_bin2bn((unsigned char*)pRegist->DH_PubKey, pRegist->nDH_PubKey_Len, NULL); if (peerPubKey != NULL) { //计算密钥 unsigned char* ClientSecret = NULL; int nSecretSize = g_HDMgr.ComputeSecret(g_HDMgr.GetdhPriv(), peerPubKey, &ClientSecret); if (nSecretSize <= 0) { return false; } SHA256(ClientSecret, nSecretSize, key32); strHex = DPC::PrintHexMsg((char*)g_HDMgr.ServerSecret, g_HDMgr.nServerSecret_Len); gLog.LogText(LOG_INFO, "[%s][%s] \n", ENKEY, strHex.c_str()); }
/*--------------------------------------------------------------------------- 文件 : 版本 : 时间 : 作者 : 描述 : HD加密 控制者 ---------------------------------------------------------------------------*/ #pragma once #include <boost/serialization/singleton.hpp> #include <openssl/dh.h> #include <openssl/bn.h> #include <openssl/crypto.h> #include <openssl/aes.h> #include <openssl/sha.h> #include <openssl/ossl_typ.h> #define USE_PREDEF_PARAMETERS 1 #define BUFFER_SIZE 4096 #define ADD 1 #define DES 0 #define g_HDMgr CDHMgr::get_mutable_instance() class CDHMgr : public boost::serialization::singleton<CDHMgr> { public: CDHMgr(); ~CDHMgr(); public: DH *dhPriv; unsigned char* ServerSecret; // SiteCenter端密码摘要 int nServerSecret_Len; // SiteCenter端密码摘要长度 public: void init(); int ComputeSecret(DH* dh, BIGNUM* peerPubKey, unsigned char** secret); int PKCS7Pending(unsigned char* plaintext, int nDataLen, int nBlockSize); inline unsigned char* GetServerSecret(){ return ServerSecret; }; inline DH * GetdhPriv(){ return dhPriv; }; };
#include "DHMrg.h" #include "../PluginComm/clog.h" //************************************************************************* // 函数名: InitDHParameters // 参数: DH** dh // 返回值: int // 描述: 初始化Diffie-Hellman参数p 和 g //************************************************************************* int InitDHParameters(DH** dh) { #if USE_PREDEF_PARAMETERS //使用预定义参数 p 和 g const unsigned char p[] = { 0xcc, 0x0b, 0xea, 0x16, 0x42, 0xc6, 0x55, 0x9c, 0xef, 0x5d, 0x73, 0x51, 0xd8, 0x03, 0xe9, 0x90, 0x53, 0xdc, 0x27, 0x8e, 0x97, 0x22, 0x22, 0x67, 0xdf, 0xe1, 0xf3, 0x99, 0xcc, 0x55, 0xe0, 0xd0, 0x75, 0x6d, 0x51, 0x5e, 0x00, 0x25, 0xca, 0x1d, 0x5d, 0x01, 0xec, 0x54, 0xae, 0xb2, 0xe9, 0xca, 0xc3, 0xae, 0xb0, 0xc5, 0xa0, 0x2c, 0x53, 0xc5, 0x10, 0xe6, 0x4d, 0xe7, 0xba, 0xe8, 0x81, 0xb7, 0x76, 0x79, 0x80, 0xb0, 0x3c, 0xdd, 0xbf, 0x1a, 0x94, 0x04, 0x7a, 0x51, 0xca, 0xed, 0x89, 0x77, 0x88, 0xb1, 0xa3, 0x6c, 0xf6, 0x98, 0xba, 0x39, 0xf4, 0x7c, 0xa2, 0xd9, 0x7a, 0x94, 0x2a, 0x46, 0xcc, 0x9e, 0x7f, 0xd2, 0x27, 0x1e, 0xe6, 0x02, 0x5a, 0xd3, 0xa6, 0x38, 0x5c, 0x63, 0x7a, 0xab, 0xc0, 0x69, 0x74, 0x16, 0x92, 0x29, 0x94, 0xbe, 0x6b, 0xf3, 0x34, 0xd2, 0x36, 0x80, 0xde, 0xdc, 0x46, 0x17, 0xd0, 0xd0, 0x1a, 0x40, 0x51, 0xce, 0x00, 0x89, 0x93, 0x17, 0xc8, 0x4f, 0x11, 0x03, 0xc2, 0x67, 0x47, 0x01, 0x26, 0x63, 0xdd, 0xce, 0xb1, 0xba, 0x49, 0x8a, 0x50, 0x23, 0xd0, 0x3c, 0x62, 0x18, 0xb6, 0x0b, 0x5a, 0xe4, 0xc8, 0x4b, 0x96, 0xb0, 0xce, 0x5f, 0x7a, 0xbe, 0xcd, 0xe9, 0xc6, 0x08, 0x5b, 0x9a, 0x29, 0xd0, 0x7a, 0x44, 0xc9, 0x29, 0x0c, 0x55, 0x7e, 0xc1, 0x34, 0xc0, 0xdc, 0x1b, 0x64, 0x81, 0xd3, 0xa7, 0x36, 0x7a, 0x5b, 0x1e, 0xe9, 0x89, 0x5b, 0x26, 0x6b, 0xa8, 0x58, 0x86, 0x89, 0x3f, 0xc5, 0x87, 0x11, 0xac, 0x21, 0xdd, 0xb6, 0xc0, 0x7a, 0xbc, 0x4d, 0x2b, 0x86, 0xe8, 0x08, 0xc7, 0x3c, 0x34, 0xe6, 0xc3, 0xd7, 0x09, 0x6e, 0xed, 0x2c, 0xb0, 0x9e, 0x9b, 0x0f, 0xd8, 0xdc, 0x56, 0x6c, 0x7a, 0x80, 0x84, 0xc4, 0x17, 0x73, 0x25, 0xb4, 0xb6, 0x20, 0x2b }; const unsigned char g[] = { 2 }; *dh = DH_new(); BIGNUM *pb, *gb; pb = BN_bin2bn(p, sizeof(p), NULL); gb = BN_bin2bn(g, sizeof(g), NULL); if (pb == NULL || gb == NULL) { goto __ERROR; } DH_set0_pqg(*dh, pb, NULL, gb); #else //p和g可以通过客户端发送过来 #endif return 0; __ERROR: DH_free(*dh); *dh = NULL; return -1; } CDHMgr::CDHMgr() { dhPriv = NULL; ServerSecret = NULL; } CDHMgr::~CDHMgr() { } //************************************************************************* // 函数名: Init // 返回值: void // 描述: 初始化 //************************************************************************* void CDHMgr::init() { //初始化参数 if (0 != InitDHParameters(&dhPriv)) { gLog.LogText(LOG_ERROR, "%s: %s", __FUNCTION__, "DH InitDHParameters Fail"); _exit(0); } // 生成随机数 if (DH_generate_key(dhPriv) <= 0) { gLog.LogText(LOG_ERROR, "%s: %s\n", __FUNCTION__, "DH DH_generate_key Fail"); _exit(0); } // 计算自己的公共密钥 const BIGNUM *pubKey, *PriKey; DH_get0_key(dhPriv, &pubKey, &PriKey); ServerSecret = (unsigned char*)OPENSSL_malloc(BN_num_bytes(pubKey)); nServerSecret_Len = BN_bn2bin(pubKey, ServerSecret); if (nServerSecret_Len <= 0) { gLog.LogText(LOG_ERROR, "%s: %s", __FUNCTION__, "DH BN_bn2bin Fail"); _exit(0); } } //************************************ // Method: ComputeSecret // FullName: ComputeSecret // Access: public // Returns: int // Qualifier: // Parameter: DH * dh -- 已经初始化过的DH指针 // Parameter: BIGNUM * peerPubKey -- 对方的public key // Parameter: unsigned char * * secret -- 计算出来的密钥 //************************************ int CDHMgr::ComputeSecret(DH* dh, BIGNUM* peerPubKey, unsigned char** secret) { /* Compute the shared secret */ *secret = (unsigned char *)OPENSSL_malloc(DH_size(dh)); int nSecretSize = DH_compute_key(*secret, peerPubKey, dh); if (nSecretSize < 0) { OPENSSL_free(*secret); *secret = NULL; } return nSecretSize; } /********************************************************** 函数名:PKCS7Pending 参数:unsigned char* plaintext --输入 参数:int nDataLen --字符长度 参数:int BlockSize --加密向量 返回值:int --0失败 1成功 说明:内容的长度 ***********************************************************/ int CDHMgr::PKCS7Pending(unsigned char* plaintext, int nDataLen, int FLAG) { int len = -1; if (ADD == FLAG) { char T = (AES_BLOCK_SIZE - (nDataLen % AES_BLOCK_SIZE)); for (char i = 0; i < T; ++i) { plaintext[nDataLen + i] = T; } len = (nDataLen + T); } else { if (AES_BLOCK_SIZE >= plaintext[nDataLen - 1]) { len = (nDataLen - plaintext[nDataLen - 1]); } } return len; }