mbedtls里面的rsa应用函数
笔者自己总结的mbedtls里面rsa的函数应用并加上简单的注释,方便以后自己使用的时候可以直接参考。
#RSA结构体成员
准备函数如下
static void dump_rsa_key(mbedtls_rsa_context* rsa)
{
size_t olen;
char buf[516];
mbedtls_mpi* x;
mbedtls_printf("\n+++++++++++++++++ rsa keypair +++++++++++++++++\n");
mbedtls_printf("{\n");
for (x = &rsa->N; x < &rsa->QP; x++)
{
mbedtls_mpi_write_string(x, 16, buf, sizeof(buf), &olen);
mbedtls_printf("\"%s\",\n", buf);
}
mbedtls_printf("}");
mbedtls_printf("\n +++++++++++++++++ rsa keypair +++++++++++++++++\n\n");
}
#define assert_exit(cond, ret) \
if(!cond)\
{printf(" !. assert: failed [line: %d, error: -0x%04X]\n", __LINE__, -ret); \
return 1;}
使用自己生成的密钥进行加解密代码
int RsaShow0(void)//自己生成密钥进行加解密测试
{
int ret;
const uint8_t ctr_drbg_byte[]= "rsa sample";
uint8_t sendmes[] = "hello word\r\n";
uint8_t outmes[256];
mbedtls_rsa_context rsa;//定义密钥结构体
mbedtls_entropy_context entropy;//定义熵结构体
mbedtls_ctr_drbg_context ctr_drbg;//定义随机数结构体
mbedtls_entropy_init(&entropy);//初始化熵结构体
mbedtls_ctr_drbg_init(&ctr_drbg);//初始化随机数结构体
mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256);//填充方案1.5 SHA256做散列算法
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
ctr_drbg_byte, strlen((const char*)ctr_drbg_byte));//根据个性化字符串更新种子
assert_exit(ret == 0, ret);
//生成rsa密钥
ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, //随机数生成接口
&ctr_drbg,2048,0x01001);//随机数结构体,模数位长度,公开指数0x01001
dump_rsa_key(&rsa);
assert_exit(ret == 0, ret);
//RSA加密
ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,//随机数生成接口,随机数结构体
MBEDTLS_RSA_PUBLIC, strlen((const char*)sendmes),sendmes, outmes); //公钥操作,消息长度,输入消息指针,输出密文指针
assert_exit(ret == 0, ret);
//RSA解密
size_t outlen=0;
ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,//随机数生成接口,随机数结构体
MBEDTLS_RSA_PRIVATE, &outlen, outmes,outmes, sizeof(outmes));
//私钥操作,输出长度,输入密文指针,输出明文指针,最大输出明文数组长度
assert_exit(ret == 0, ret);
printf("%s\r\n", outmes);
}
使用已经生成的密钥进行加解密
int RsaShow1(void)//使用已经生成密钥进行加解密测试
{
int ret;
const uint8_t ctr_drbg_byte[] = "rsa sample";
uint8_t sendmes[] = "hello word\r\n";
uint8_t outmes[256];
mbedtls_rsa_context rsa;//定义密钥结构体
mbedtls_entropy_context entropy;//定义熵结构体
mbedtls_ctr_drbg_context ctr_drbg;//定义随机数结构体
mbedtls_entropy_init(&entropy);//初始化熵结构体
mbedtls_ctr_drbg_init(&ctr_drbg);//初始化随机数结构体
mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256);//填充方案1.5 SHA256做散列算法
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
ctr_drbg_byte, strlen((const char*)ctr_drbg_byte));//根据个性化字符串更新种子
assert_exit(ret == 0, ret);
//加载rsa密钥 加密必须要有N,P;解密必须要有P,Q,D,E
ret = mbedtls_mpi_read_string(&rsa.N, 16, rsa_priv.N) ||
mbedtls_mpi_read_string(&rsa.P, 16, rsa_priv.P) ||
mbedtls_mpi_read_string(&rsa.Q, 16, rsa_priv.Q) ||
mbedtls_mpi_read_string(&rsa.D, 16, rsa_priv.D) ||
mbedtls_mpi_read_string(&rsa.E, 16, rsa_priv.E) ||
mbedtls_mpi_read_string(&rsa.DP, 16, rsa_priv.DP) ||
mbedtls_mpi_read_string(&rsa.DQ, 16, rsa_priv.DQ) ||
mbedtls_mpi_read_string(&rsa.QP, 16, rsa_priv.QP);
assert_exit(ret == 0, ret);
ret = mbedtls_rsa_import(&rsa, &rsa.N, &rsa.P, &rsa.Q, &rsa.D, &rsa.E);
assert_exit(ret == 0, ret);
ret = mbedtls_rsa_complete(&rsa);
assert_exit(ret == 0, ret);
dump_rsa_key(&rsa);
//RSA加密
ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,//随机数生成接口,随机数结构体
MBEDTLS_RSA_PUBLIC, strlen((const char*)sendmes), sendmes, outmes); //公钥操作,消息长度,输入消息指针,输出密文指针
assert_exit(ret == 0, ret);
//RSA解密
size_t outlen = 0;
ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,//随机数生成接口,随机数结构体
MBEDTLS_RSA_PRIVATE, &outlen, outmes, outmes, sizeof(outmes));
//私钥操作,输出长度,输入密文指针,输出明文指针,最大输出明文数组长度
printf("%s\r\n", outmes);
}
使用自己生成的密钥进行签名和验签
int RsaShow2(void)//自己生成密钥进行签名验证
{
int ret;
const uint8_t ctr_drbg_byte[] = "rsa sample";
uint8_t sendmes[] = "hello word\r\n";
uint8_t outmes[256];
mbedtls_rsa_context rsa;//定义密钥结构体
mbedtls_entropy_context entropy;//定义熵结构体
mbedtls_ctr_drbg_context ctr_drbg;//定义随机数结构体
mbedtls_entropy_init(&entropy);//初始化熵结构体
mbedtls_ctr_drbg_init(&ctr_drbg);//初始化随机数结构体
mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256);//填充方案1.5 SHA256做散列算法
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
ctr_drbg_byte, strlen((const char*)ctr_drbg_byte));//根据个性化字符串更新种子
assert_exit(ret == 0, ret);
//生成rsa密钥
ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, //随机数生成接口
&ctr_drbg, 2048, 0x01001);//随机数结构体,模数位长度,公开指数0x01001
assert_exit(ret == 0, ret);
dump_rsa_key(&rsa);
//进行签名
ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,sizeof(sendmes), sendmes, outmes);
//签名信息 输出加密签名
assert_exit(ret == 0, ret);
//进行验签
ret = mbedtls_rsa_pkcs1_verify(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, sizeof(sendmes), sendmes, outmes);
if (!ret)
{
printf("验签完成");
}
else
{
printf("验签失败");
}
}
使用已经生成的密钥进行验签
int RsaShow3(void)//使用已经生成密钥进行签名验证
{
int ret;
const uint8_t ctr_drbg_byte[] = "rsa sample";
uint8_t sendmes[] = "hello word\r\n";
uint8_t outmes[256];
mbedtls_rsa_context rsa;//定义密钥结构体
mbedtls_entropy_context entropy;//定义熵结构体
mbedtls_ctr_drbg_context ctr_drbg;//定义随机数结构体
mbedtls_entropy_init(&entropy);//初始化熵结构体
mbedtls_ctr_drbg_init(&ctr_drbg);//初始化随机数结构体
mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256);//填充方案1.5 SHA256做散列算法
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
ctr_drbg_byte, strlen((const char*)ctr_drbg_byte));//根据个性化字符串更新种子
assert_exit(ret == 0, ret);
//加载rsa密钥 签名必须要有P,Q,D,E;解签必须要有N,P;
ret = mbedtls_mpi_read_string(&rsa.N, 16, rsa_priv.N) ||
mbedtls_mpi_read_string(&rsa.P, 16, rsa_priv.P) ||
mbedtls_mpi_read_string(&rsa.Q, 16, rsa_priv.Q) ||
mbedtls_mpi_read_string(&rsa.D, 16, rsa_priv.D) ||
mbedtls_mpi_read_string(&rsa.E, 16, rsa_priv.E) ||
mbedtls_mpi_read_string(&rsa.DP, 16, rsa_priv.DP) ||
mbedtls_mpi_read_string(&rsa.DQ, 16, rsa_priv.DQ) ||
mbedtls_mpi_read_string(&rsa.QP, 16, rsa_priv.QP);
assert_exit(ret == 0, ret);
ret = mbedtls_rsa_import(&rsa, &rsa.N, &rsa.P, &rsa.Q, &rsa.D, &rsa.E);
assert_exit(ret == 0, ret);
ret = mbedtls_rsa_complete(&rsa);
assert_exit(ret == 0, ret);
//进行签名
ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, sizeof(sendmes), sendmes, outmes);
//签名信息 输出加密签名
//输出签名信息
printf("{\n");
for (int i=0;i<sizeof(outmes);i++)
{
if (i % 16 == 0)
{
printf("\n");
}
printf("%x,",outmes[i]);
}
printf("\n}");
assert_exit(ret == 0, ret);
//进行验签
ret = mbedtls_rsa_pkcs1_verify(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, sizeof(sendmes), sendmes, outmes);
if (!ret)
{
printf("验签完成");
}
else
{
printf("验签失败");
}
}