mbedtls学习(4)消息认证码

已于 2023-03-25 20:50:42 修改
阅读量3.1k 收藏
点赞数
文章标签: 学习 算法 c++
于 2023-03-24 01:00:00 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_27182175/article/details/129653562
版权

消息认证码(Massage Authentication Code)用来检查消息的完整性和真实性。消息认证码的输入为任意长度的消息和发送者与接收者之间共享的密钥,输出为固定长度的数据,该数据被称作MAC值、Tag或T。发送者与接收者判断这个MAC判断消息完整性和真实性

消息认证码的实现

  • 单项散列算法实现,这类方法统称为HMAC,与SHA1算法结合称为HMAC-SHA1,与SHA256算法结合称为HMAC-SHA256,与MD5算法结合称为HMAC-MD5
  • 分组密码实现,采用CBC模式称作CBC-MAC,还有CMAC
  • 认证加密算法实现,是对称加密算法和消息认证码的结合,有GCM和CCM
HMAC-SHA256例子

要打开以下宏
MBEDTLS_MD_C 使能MD层接口
MBEDTLS_SHA256_C 若使用HMAC-SHA256则需使能SHA256
MBEDTLS_SHA1_C 若使用HMAC-SHA1则需使能SHA1

#include <stdio.h>
#include <string.h>
#include <stdint.h>

#include “mbedtls/md.h”
#include “mbedtls/platform.h”

static void dump_buf(char info, uint8_t buf, uint32_t len)
{
mbedtls_printf(“%s”, info);
for (int i = 0; i < len; i++) {
mbedtls_printf(“%s%02X%s”, i % 16 0 ? "\n “:” ",
buf[i], i len - 1 ? “\n”:“”);
}
}

int main(void)
{
uint8_t mac[32];
char secret = “Jefe”;
char msg = “what do ya want for nothing?”;

mbedtls_md_context_t ctx<span class="token punctuation">;</span>
<span class="token keyword">const</span> mbedtls_md_info_t <span class="token operator">*</span>info<span class="token punctuation">;</span>

<span class="token function">mbedtls_md_init</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">)</span><span class="token punctuation">;</span>
info <span class="token operator">=</span> <span class="token function">mbedtls_md_info_from_type</span><span class="token punctuation">(</span>MBEDTLS_MD_SHA256<span class="token punctuation">)</span><span class="token punctuation">;</span>

<span class="token function">mbedtls_md_setup</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> info<span class="token punctuation">,</span> <span class="token number">1</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">mbedtls_printf</span><span class="token punctuation">(</span><span class="token string">"\n  md info setup, name: %s, digest size: %d\n"</span><span class="token punctuation">,</span> 
               <span class="token function">mbedtls_md_get_name</span><span class="token punctuation">(</span>info<span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token function">mbedtls_md_get_size</span><span class="token punctuation">(</span>info<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

<span class="token function">mbedtls_md_hmac_starts</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> secret<span class="token punctuation">,</span> <span class="token function">strlen</span><span class="token punctuation">(</span>secret<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">mbedtls_md_hmac_update</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> msg<span class="token punctuation">,</span> <span class="token function">strlen</span><span class="token punctuation">(</span>msg<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">mbedtls_md_hmac_finish</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> mac<span class="token punctuation">)</span><span class="token punctuation">;</span>

<span class="token function">dump_buf</span><span class="token punctuation">(</span><span class="token string">"\n  md hmac-sha-256 mac:"</span><span class="token punctuation">,</span> mac<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>mac<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

<span class="token function">mbedtls_md_free</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">)</span><span class="token punctuation">;</span>  

<span class="token keyword">return</span> <span class="token number">0</span><span class="token punctuation">;</span>

}

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43

注意和计算SHA256 api接口区别
运行结果
在这里插入图片描述
openssl验证

openssl dgst -sha256 -hmac Jefe -hex text

 
 

 
 
  • 1

在这里插入图片描述

GCM例子

要注意打开以下宏
MBEDTLS_AES_C 使能AES接口
MBEDTLS_CIPHER_C 使能cipher接口
MBEDTLS_GCM_C 使能GCM模式
MBEDTLS_AES_ROM_TABLES 使用预定义S盒,节省ram

#include <stdio.h>
#include <string.h>
#include <stdint.h>

#include “mbedtls/cipher.h”
#include “mbedtls/platform.h”

/*
[Keylen = 128]
[IVlen = 96]
[PTlen = 128]
[AADlen = 128]
[Taglen = 128]

Count = 0
Key = c939cc13397c1d37de6ae0e1cb7c423c
IV = b3d8cc017cbb89b39e0f67e2
PT = c3b3c41f113a31b73d9a5cd432103069
AAD = 24825602bd12a984e0092d3e448eda5f
CT = 93fe7d9e9bfd10348a5606e5cafa7354
Tag = 0032a1dc85f1c9786925a2e71d8272dd

*/
//密钥
static uint8_t key[] =
{
0xc9, 0x39, 0xcc, 0x13, 0x39, 0x7c, 0x1d, 0x37,
0xde, 0x6a, 0xe0, 0xe1, 0xcb, 0x7c, 0x42, 0x3c
};
//初始化向量
static uint8_t iv[] =
{
0xb3, 0xd8, 0xcc, 0x01, 0x7c, 0xbb, 0x89, 0xb3,
0x9e, 0x0f, 0x67, 0xe2,
};
//明文
static uint8_t pt[] =
{
0xc3, 0xb3, 0xc4, 0x1f, 0x11, 0x3a, 0x31, 0xb7,
0x3d, 0x9a, 0x5c, 0xd4, 0x32, 0x10, 0x30, 0x69
};
//相关数据
static uint8_t add[] =
{
0x24, 0x82, 0x56, 0x02, 0xbd, 0x12, 0xa9, 0x84,
0xe0, 0x09, 0x2d, 0x3e, 0x44, 0x8e, 0xda, 0x5f
};
//密文
static uint8_t ct[] =
{
0x93, 0xfe, 0x7d, 0x9e, 0x9b, 0xfd, 0x10, 0x34,
0x8a, 0x56, 0x06, 0xe5, 0xca, 0xfa, 0x73, 0x54
};
//消息认证码tag
static uint8_t tag[] =
{
0x00, 0x32, 0xa1, 0xdc, 0x85, 0xf1, 0xc9, 0x78,
0x69, 0x25, 0xa2, 0xe7, 0x1d, 0x82, 0x72, 0xdd
};

#define assert_exit(cond, ret)
do { if (!(cond)) {
printf(" !. assert: failed [line: %d, error: -0x%04X]\n", LINE, -ret);
goto cleanup;
} } while (0)

static void dump_buf(char info, uint8_t buf, uint32_t len)
{
mbedtls_printf(“%s”, info);
for (int i = 0; i < len; i++) {
mbedtls_printf(“%s%02X%s”, i % 16 0 ? "\n “:” ",
buf[i], i len - 1 ? “\n”:“”);
}
}

int main(void)
{
int ret;
size_t len;
uint8_t buf[16], tag_buf[16];

mbedtls_cipher_context_t ctx<span class="token punctuation">;</span>
<span class="token keyword">const</span> mbedtls_cipher_info_t <span class="token operator">*</span>info<span class="token punctuation">;</span>

<span class="token function">mbedtls_cipher_init</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">)</span><span class="token punctuation">;</span>
info <span class="token operator">=</span> <span class="token function">mbedtls_cipher_info_from_type</span><span class="token punctuation">(</span>MBEDTLS_CIPHER_AES_128_GCM<span class="token punctuation">)</span><span class="token punctuation">;</span>

<span class="token function">mbedtls_cipher_setup</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> info<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">mbedtls_printf</span><span class="token punctuation">(</span><span class="token string">"\n  cipher info setup, name: %s, block size: %d\n"</span><span class="token punctuation">,</span> 
                    <span class="token function">mbedtls_cipher_get_name</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">)</span><span class="token punctuation">,</span> 
                    <span class="token function">mbedtls_cipher_get_block_size</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

<span class="token function">mbedtls_cipher_setkey</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> key<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>key<span class="token punctuation">)</span><span class="token operator">*</span><span class="token number">8</span><span class="token punctuation">,</span> MBEDTLS_ENCRYPT<span class="token punctuation">)</span><span class="token punctuation">;</span>

ret <span class="token operator">=</span> <span class="token function">mbedtls_cipher_auth_encrypt</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> iv<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>iv<span class="token punctuation">)</span><span class="token punctuation">,</span> add<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>add<span class="token punctuation">)</span><span class="token punctuation">,</span>
                                    pt<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>pt<span class="token punctuation">)</span><span class="token punctuation">,</span> buf<span class="token punctuation">,</span> <span class="token operator">&amp;</span>len<span class="token punctuation">,</span> tag_buf<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">assert_exit</span><span class="token punctuation">(</span>ret <span class="token operator">==</span> <span class="token number">0</span><span class="token punctuation">,</span> ret<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">assert_exit</span><span class="token punctuation">(</span><span class="token function">memcmp</span><span class="token punctuation">(</span>buf<span class="token punctuation">,</span> ct<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>ct<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token number">0</span><span class="token punctuation">,</span> <span class="token operator">-</span><span class="token number">1</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">assert_exit</span><span class="token punctuation">(</span><span class="token function">memcmp</span><span class="token punctuation">(</span>tag_buf<span class="token punctuation">,</span> tag<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token number">0</span><span class="token punctuation">,</span> <span class="token operator">-</span><span class="token number">1</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">dump_buf</span><span class="token punctuation">(</span><span class="token string">"\n  cipher gcm auth encrypt:"</span><span class="token punctuation">,</span> buf<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">dump_buf</span><span class="token punctuation">(</span><span class="token string">"\n  cipher gcm auth tag:"</span><span class="token punctuation">,</span> tag_buf<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

<span class="token function">mbedtls_cipher_setkey</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> key<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>key<span class="token punctuation">)</span><span class="token operator">*</span><span class="token number">8</span><span class="token punctuation">,</span> MBEDTLS_DECRYPT<span class="token punctuation">)</span><span class="token punctuation">;</span>
ret <span class="token operator">=</span> <span class="token function">mbedtls_cipher_auth_decrypt</span><span class="token punctuation">(</span><span class="token operator">&amp;</span>ctx<span class="token punctuation">,</span> iv<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>iv<span class="token punctuation">)</span><span class="token punctuation">,</span> add<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>add<span class="token punctuation">)</span><span class="token punctuation">,</span>
                                    ct<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>ct<span class="token punctuation">)</span><span class="token punctuation">,</span> buf<span class="token punctuation">,</span> <span class="token operator">&amp;</span>len<span class="token punctuation">,</span> tag<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">assert_exit</span><span class="token punctuation">(</span>ret <span class="token operator">==</span> <span class="token number">0</span><span class="token punctuation">,</span> ret<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">assert_exit</span><span class="token punctuation">(</span><span class="token function">memcmp</span><span class="token punctuation">(</span>buf<span class="token punctuation">,</span> pt<span class="token punctuation">,</span> <span class="token keyword">sizeof</span><span class="token punctuation">(</span>pt<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token operator">==</span> <span class="token number">0</span><span class="token punctuation">,</span> <span class="token operator">-</span><span class="token number">1</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token function">dump_buf</span><span class="token punctuation">(</span><span class="token string">"\n  cipher gcm auth decrypt:"</span><span class="token punctuation">,</span> buf<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>

cleanup:
mbedtls_cipher_free(&ctx);
return(0);
}

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112

运行结果
在这里插入图片描述

qq_27182175
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
HDCP @HMAC-SHA256[基于mbedtls]
无线互联&网络介绍
05-16 392
目录 原理 定义1 HMAC算法 HMAC计算步骤 应用 实现 原理 定义1 HMAC算法 HMAC算法的数学公式为: HMAC ( k , m ) = H ( k’ ⊕ opad , H ( k’ ⊕ ipad, m ) ) 其中: H 为密码Hash函数(如MD5或SHA-2),能够对明文进行分组循环压缩; k 为密钥(secret ...
c语言mbedtlssha256计算
最新发布
萧海的博客
06-26 39
【代码】c语言mbedtlssha256计算
mbedtls 入门第四课--移植mbedtls到VS和ESP8266--8266SDK SHA256移植
candleer的博客
05-21 795
移植mbedtls SHA256 算法到ESP8266 SDK,并运行
mbedtls | 03 - 单向散列算法的配置与使用(MD5、SHA1、SHA256、SHA512)
Mculover666的博客(嵌入式)
09-22 3002
mbedtls系列文章 mbedtls | 01 - 移植mbedtls库到STM32的两种方法 mbedtls | 02 - 伪随机数生成器(ctr_drbg)的配置与使用 文章目录mbedtls系列文章一、单向散列算法1. 单向散列函数2. 单向散列算法2.1. MD系列实现2.2. SHA系列算法3. mbedtls中提供的单向散列算法二、功能模块的使用方法1. 配置宏2. md通用接口API3. 编写测试函数4. 调用测试函数5. 测试结果 一、单向散列算法 1. 单向散列函数 单向散列函数
mbedtls 2.16.0
03-04
哈希函数在数据校验、消息认证码(MAC)和数字签名中起到关键作用。mbedtls提供了MD5、SHA-1、SHA-256等哈希算法,虽然MD5和SHA-1的安全性相对较弱,但它们仍被用于兼容性和某些特定场景。 **5. 移植教程与资源** ...
开源密码库 mbedtls develop 分支
02-07
4. **合规性检查**: 确保使用 mbedtls 符合相关法律法规和标准,如 FIPS 140-2 或者 EU GDPR。 综上所述,mbedtls 作为一个强大的开源密码库,为开发者提供了丰富的安全工具,适用于多种应用场景。通过深入了解和...
mbedtls-development.zip
07-21
mbedtls:构建安全的密码库基础》 mbedtls,原名称为 PolarSSL,是一个开源的...mbedtls-development.zip这个压缩包是开发者探索和应用mbedtls的宝贵资源,通过学习和实践,我们可以构建更安全、更高效的软件系统。
mbedtls.zip
01-21
4. **随机数生成**: 安全的随机数生成器是密码学的基础,Mbedtls 包含了一个强大的随机数生成器,确保在加密过程中产生的随机数不可预测。 5. **密钥交换**: Mbedtls 实现了Diffie-Hellman、ECDH(椭圆曲线 Diffie-...
在ESP32下,使用mbedtls库,测试sha、aes.的简单DEMO
08-06
在ESP32下,使用mbedtls库,测试sha1和sha256/224 aes_ecb、aes_cbc的简单DEMO
c语言 sha1 小写输出,C语言实现MD5/SHA1/SHA256/SHA512-Go语言中文社区
weixin_36324916的博客
05-22 229
哈希函数是我们做校验时经常会用到的密码学工具,目前常用的工具有MD5、SHA1、SHA256、SHA512等。其中MD5已经被证实不安全,目前只能作为一种辅助的校验手段,而不能防篡改。下面介绍如何使用mbedTLS协议栈中的hash代码生成上述4种哈希摘要。和上一篇AES一样,也是新建VisualStudioC工程,添加头文件mbedtls文件夹到工程目录下。然后是添加C文件,这次需要用到4...
mbedtls学习--消息认证码
言京的博客
07-10 798
消息认证码 MAC,Message Authentication Code,帮助接收者判断消息是否被第三方篡改,确保消息的完整性和真实性。常使用单向散列函数实现,称为HMAC-SHA1和HMAC-SHA256。也可以使用分组加密构建,称为CMAC、GCM和CCM。MAC和Hash的不同在于输入多一个密钥。 实现形式 HMACHMAC是基于单向散列函数的算法 CBC-MAC和CMAC 认证加密CCM,输入包括明文、一次性整数Nonce、相关数据A和密钥K,输出密文C和认证码T,使用的算法是CBC-MAC
mbedtls中的加密算法
b_tyro的博客
06-27 1841
AES(Advanced Encryption Standard)是目前最为流行的加密算法之一。它可以使用128位、192位或256位的密钥进行加密,安全性非常高,同时运算速度也比较快,因此得到了广泛的应用。AES加密算法采用分组加密方式,将明文按照固定的长度分成若干个块,每个块独立地进行加密。加密过程中,先将明文和密钥进行混淆,然后再通过多轮的置换和代换操作来实现加密。解密时,只需要按照相同的密钥和加密方式进行逆向操作就可以了。
数据加密与安全专题《mbedtls工具篇,实用教程3@单向散列函数,MD5,SHA256算法应用》
物联网研究室BBC的博客
01-24 987
什么是单向散列函数 单向散列函数又称安全散列函数或哈希函数,可以根据消息的内容计算出散列值。是一种单向、不可逆的算法,通过散列算法输出的数据通常称为消息摘要,经常用于检测消息的完整性 如上面案例,电脑A向电脑B发送消息的过程中,如何应用单向散列函数确保消息的完整性 电脑A准备好需要传输的消息、消息通过单向散列算法生成消息摘要A 电脑A同时发送消息、消息摘要A到电脑B 电脑B收到消息,对消息使用单向散列算法,生成消息摘要B 电脑B比较消息摘要A与消息摘要B是否一致,若一致,说明消息是完整的 单
mbedtls学习--单向散列函数
言京的博客
06-29 916
文章目录单向散列函数原理性质应用单向散列函数实现方法MD算法SHA算法 单向散列函数 原理 满足密码学算法安全属性的特殊散列函数,保证数据的完整性,抵御篡改攻击,原数据称作消息,计算后的输出称为摘要,在通信中,Bob接受Alice发来的消息及摘要,通过相同的算法计算摘要比对以验证消息是否被篡改。 性质 输入长度可变,输出长度固定,计算过程应当高效率,具备单向性。 抗弱碰撞性,对于给定a,能找到b使得h(a)=h(b)不可行 抗强碰撞性,给定一个输出z,能够找到h(a)=z不可行 应用 消息完整性检测、伪
mbedtls学习(2)单项散列函数
qq_27182175的博客
03-22 1543
include/mbedtls/md.h 是md通用接口文件,把是md算法和sha算法的抽象。又称安全散列函数或者哈希函数,是根据消息内容算出散列值,散列值又称为消息摘要。mbedtls所支持的单项散列算法在接口文件如下。下面使用md通用接口采用SHA256计算摘要。单项散列函数实现有下面2种方式。sha256sum验证。
mbedtls 入门第五课--编译mbedtls静态库到VS--VS SHA256移植
candleer的博客
05-22 1142
编译mbedtls静态库到VS,以及 移植SHA256算法到VS
mbedTLS简介
热门推荐
HORHEART的博客
08-28 1万+
mbedTLS简介mbedTLS的背景介绍关于mbedTLS的简要概括mbedTLS常用结构体1. 公钥算法类型mbedtls_pk_type_t2. 摘要算法类型mbedtls_md_type_t3. 公钥上下文mbedtls_pk_context4. 解析证书得到的mbedtls_pk_info_tmbedTLS使用事例mbedTLS_API分析参考文章 mbedTLS的背景介绍 MbedTLS前身是开源加密算法库PolarSLL,现已被arm公司收购并由arm技术团队进行维护更新,是对TLS和SSL协
mbedtls 双向认证 代码
08-26
mbedtls是一个开源的加密库,提供了双向认证的功能。以下是mbedtls进行双向认证的一般代码示例: 1. 初始化mbedtls库并配置客户端和服务器端的身份验证参数。 ``` mbedtls_ssl_config client_config; mbedtls_ssl_config server_config; mbedtls_ssl_config_init(&client_config); mbedtls_ssl_config_init(&server_config); // 配置客户端和服务器端的身份验证参数 mbedtls_ssl_conf_authmode(&client_config, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_authmode(&server_config, MBEDTLS_SSL_VERIFY_REQUIRED); // 配置CA证书和私钥 mbedtls_ssl_conf_ca_chain(&client_config, ca_cert, NULL); mbedtls_ssl_conf_ca_chain(&server_config, ca_cert, NULL); mbedtls_ssl_conf_own_cert(&client_config, client_cert, client_key); mbedtls_ssl_conf_own_cert(&server_config, server_cert, server_key); ``` 2. 创建一个mbedtlsTLS上下文。 ``` mbedtls_ssl_context ssl_ctx; mbedtls_ssl_init(&ssl_ctx); ``` 3. 设置TLS上下文的配置。 ``` mbedtls_ssl_setup(&ssl_ctx, &client_config); mbedtls_ssl_setup(&ssl_ctx, &server_config); ``` 4. 在客户端和服务器端分别进行握手。 ``` // 客户端握手 mbedtls_ssl_set_hostname(&ssl_ctx, server_hostname); mbedtls_ssl_set_bio(&ssl_ctx, sockfd, mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout); mbedtls_ssl_handshake_client(&ssl_ctx); // 服务器端握手 mbedtls_ssl_set_bio(&ssl_ctx, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL); mbedtls_ssl_handshake_server(&ssl_ctx); ``` 5. 进行双向验证。 ``` // 客户端验证服务器端证书 if (mbedtls_ssl_get_verify_result(&ssl_ctx) != 0) { // 验证失败 } // 服务器端验证客户端证书 if (mbedtls_ssl_get_verify_result(&ssl_ctx) != 0) { // 验证失败 } ``` 以上代码示例演示了mbedtls进行双向认证的基本步骤。在实际应用中,还需根据具体需求进行适当的配置和处理。<span class="em">1</span><span class="em">2</span> #### 引用[.reference_title] - *1* *2* [Mbedtls随笔](https://blog.csdn.net/qq_44455716/article/details/102790232)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_1"}}] [.reference_item style="max-width: 100%"] [ .reference_list ]
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值