RSA crt 签名与验签 systemverilog DPI 制作以及openssl genrsa生成RSA私钥与签名验证指令dgst使用

最新推荐文章于 2024-03-05 20:09:57 发布

XtremeDV

最新推荐文章于 2024-03-05 20:09:57 发布

阅读量5k

点赞数 2

本文链接：https://blog.csdn.net/zhajio/article/details/78688918

版权

system verilog 同时被 2 个专栏收录

95 篇文章 121 订阅

订阅专栏

sv dpi

1 篇文章 1 订阅

订阅专栏

在这次的rsa crt 签名和验签的sv dpi编写过程中，需要生成rsa 私钥和公钥，并用rsa 私钥进行签名，rsa公钥进行验签，本来打算用nist提供的标准测试向量，但是由于标准向量中，没有CRT(中国剩余定理)求模幂使用的一些parameter。

https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/digital-signatures#test-vectors

所以放弃使用nist标准测试向量，使用openssl genrsa tools 产生私钥。

$ openssl genrsa -out privatekey.pem 2048

产生的privatekey.pem 中是pem编码格式的秘钥，大致如下图所示：

很糟糕，看不到具体的的n e d p q等参数，可以使用decode工具

$ openssl rsa -in privatekey.pem -text

生成的modulus，publicexponent， privateExponent 等如下图所示：

$ zhajio@ubuntu:~/nist-testvectors$ opensslrsa -in privatekey.pem -text

Private-Key: (2048 bit)

modulus:

00:aa:45:fc:9b:4d:6b:9f:da:89:2a:90:65:3c:75:

d2:2e:60:6e:98:85:2b:bb:9f:f9:66:19:fb:44:cd:

f2:99:a6:94:1d:0e:a9:9d:fc:b1:95:d1:b2:e9:e1:

84:17:b8:17:3c:e4:1a:86:93:30:e8:7a:65:a6:fe:

47:14:2a:54:d6:07:51:cb:d5:c8:7d:8a:4a:40:7c:

58:ef:ca:9e:26:77:4b:e4:6a:ce:b8:08:df:cc:b6:

3b:c1:b3:a3:d3:8e:6b:98:59:58:66:a8:d7:c7:c1:

d0:de:ba:0f:8d:3c:29:50:8e:bf:7b:98:6a:90:60:

bb:4f:47:06:8d:f7:71:38:2c:cf:07:e0:9b:7c:32:

52:a5:af:1a:3c:2d:09:f2:e3:f3:77:66:9c:70:4b:

85:bd:c9:f0:35:e1:5e:57:ca:a3:24:eb:a8:e4:4f:

04:42:29:ff:39:2f:70:76:95:58:22:74:d7:98:82:

f1:1e:bf:58:17:cf:21:68:51:9e:d2:de:53:91:53:

33:a6:d1:21:60:e5:bb:df:02:8a:cd:0b:3f:d8:15:

ea:9b:c0:95:56:30:8f:1b:11:df:8e:37:e2:31:5b:

7f:0c:3e:c0:f2:8d:4c:be:2e:a7:d2:6a:21:ce:a4:

c2:6a:86:7c:b6:d8:db:36:61:6a:72:f5:e7:bb:3e:

c4:63

publicExponent: 65537 (0x10001)

privateExponent:

4a:ce:24:84:36:27:2a:3b:60:37:8a:e8:6e:ff:74:

2f:5b:be:3a:d3:86:bb:0f:35:0a:5e:2f:bd:b2:9c:

fa:53:ec:8e:37:7a:dd:25:be:ff:0a:f9:87:36:c4:

49:87:5e:ee:29:68:5d:e7:1c:7d:86:08:52:ad:33:

9c:f0:5c:05:0b:82:2c:02:e7:e9:ff:6f:4f:95:51:

9d:47:6e:e3:87:55:98:2c:34:55:35:d0:dc:a6:d2:

e9:ee:79:f2:df:86:f5:8f:8a:fe:ce:fe:bd:8b:b0:

af:a9:1e:5b:f6:2a:50:71:e6:3d:ee:60:22:bd:dc:

8c:9f:af:89:7f:44:06:61:31:bd:aa:4d:6b:8d:30:

43:41:70:7d:3a:d3:7b:c8:e2:4a:42:44:f4:3b:76:

b5:49:40:68:38:b3:c1:a5:0c:ce:46:fd:5c:59:5b:

06:02:99:f9:9d:0f:c1:95:6a:73:36:5c:4b:fb:b6:

7f:63:10:d4:6e:7e:ea:31:51:5e:1c:4d:94:fa:9d:

3c:f4:70:2d:e3:ab:f4:5b:bf:55:cd:57:23:02:4b:

02:cd:c7:7f:77:00:c7:f2:42:ca:36:ab:49:d3:d5:

3d:96:2a:c6:62:62:17:ea:b9:b1:21:0b:14:87:a3:

9c:28:1e:d8:1b:e5:ae:4b:9e:5c:7f:26:d4:3c:06:

prime1:

00:d3:08:26:ba:e9:35:bf:de:da:bd:07:5b:f7:b0:

42:77:bf:57:5c:2d:10:f5:6e:5d:fc:7f:de:ce:83:

33:10:ff:ca:16:50:57:13:45:03:9e:65:7e:12:27:

ad:bb:2c:09:72:35:b6:a5:ff:24:8f:ec:dd:36:29:

57:02:49:4f:e5:f1:02:2f:c1:68:19:68:88:2c:8c:

df:0e:fa:36:41:f0:10:ab:1c:33:40:9a:04:12:55:

42:d5:07:e5:40:ca:d8:d9:40:bd:e6:af:27:13:e6:

2c:03:43:9a:3e:5d:17:b1:9f:07:db:b6:91:6d:cb:

62:79:5e:04:5d:ad:fb:bf:83

prime2:

00:ce:8e:73:25:4e:40:41:8a:91:0a:7e:31:bb:59:

c7:d7:05:e8:47:3f:2b:ab:d4:ca:dc:70:26:4e:27:

e1:10:16:96:31:e1:a7:a3:e3:7e:27:63:07:b5:86:

d6:b8:21:05:0b:07:65:0f:7c:fc:4c:e7:05:61:08:

59:2f:12:6e:d0:33:c4:de:21:25:32:a0:c4:e5:87:

fc:c1:72:68:79:2c:4b:1d:bc:a5:7e:ba:0d:9d:49:

f1:5f:7c:7e:65:ee:3c:60:ed:79:3d:06:09:e3:d2:

6b:55:48:a7:17:d1:44:dd:d4:d9:ca:c0:bc:1a:08:

77:d2:a3:03:93:b2:0b:f1:a1

exponent1:

29:56:c1:6f:7f:db:9d:98:64:34:ff:4a:0e:bd:22:

68:1e:bd:58:3b:23:c5:50:37:6d:0d:07:72:60:d5:

12:11:69:5e:f1:a1:fd:0e:59:e5:1f:70:90:d1:e1:

00:77:61:ea:53:87:52:01:27:02:62:9d:fa:cc:22:

55:3a:53:42:71:f1:c1:b5:1b:55:4e:da:ce:0f:52:

6a:b6:ad:06:41:a6:a2:3e:45:f3:f3:b7:b4:77:ab:

3d:db:ec:16:c3:25:b3:79:31:3a:0d:39:94:76:54:

4c:d7:63:51:b0:1e:c2:16:ab:0d:69:38:17:cf:ed:

9c:64:c4:6a:2d:78:d1:4d

exponent2:

00:b9:1e:43:a6:08:86:5f:f6:fe:dc:47:92:ec:94:

9f:1c:5f:67:f8:0a:6e:6a:36:70:84:b5:62:2f:23:

60:7a:99:b3:8c:0a:ef:c2:5a:cd:22:21:87:b4:31:

9f:58:30:07:a4:05:c1:95:ea:ee:f7:41:08:ba:18:

d0:4c:f6:99:27:b1:6d:db:a2:1b:03:4f:c0:86:f1:

a4:1d:ff:1a:10:97:18:cf:12:d5:c3:48:9d:90:fc:

c6:fd:4b:c6:c0:35:8e:19:54:5b:16:cc:c5:aa:4f:

57:f0:7c:07:7c:ba:09:9d:41:f8:da:d4:77:00:61:

dc:79:83:ad:5d:fd:f0:e4:61

coefficient:

10:bd:5d:f4:c1:a2:85:37:47:ef:ac:f4:95:f0:c6:

49:30:8f:97:76:20:ef:94:bf:22:72:27:23:d7:b0:

16:e0:14:68:9e:19:0c:de:8a:50:04:b0:26:33:5e:

30:96:92:85:28:7a:ce:24:c9:76:85:62:84:7a:09:

b5:bb:67:cd:0b:fc:7b:50:26:4a:2e:c5:45:03:32:

e8:63:df:08:a2:25:e9:1d:2a:1a:8f:3f:1c:16:b5:

5c:02:6b:a3:e8:4f:c4:27:69:a0:34:d1:70:1f:98:

18:91:05:01:ed:a1:35:bc:a3:9c:f6:19:b1:f3:84:

d7:91:cb:61:b7:f2:78:9f

writing RSA key

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEAqkX8m01rn9qJKpBlPHXSLmBumIUru5/5Zhn7RM3ymaaUHQ6p

nfyxldGy6eGEF7gXPOQahpMw6Hplpv5HFCpU1gdRy9XIfYpKQHxY78qeJndL5GrO

uAjfzLY7wbOj045rmFlYZqjXx8HQ3roPjTwpUI6/e5hqkGC7T0cGjfdxOCzPB+Cb

fDJSpa8aPC0J8uPzd2accEuFvcnwNeFeV8qjJOuo5E8EQin/OS9wdpVYInTXmILx

Hr9YF88haFGe0t5TkVMzptEhYOW73wKKzQs/2BXqm8CVVjCPGxHfjjfiMVt/DD7A

8o1Mvi6n0mohzqTCaoZ8ttjbNmFqcvXnuz7EYwIDAQABAoIBAErOJIQ2Jyo7YDeK

6G7/dC9bvjrThrsPNQpeL72ynPpT7I43et0lvv8K+Yc2xEmHXu4paF3nHH2GCFKt

M5zwXAULgiwC5+n/b0+VUZ1HbuOHVZgsNFU10Nym0unuefLfhvWPiv7O/r2LsK+p

Hlv2KlBx5j3uYCK93Iyfr4l/RAZhMb2qTWuNMENBcH0603vI4kpCRPQ7drVJQGg4

s8GlDM5G/VxZWwYCmfmdD8GVanM2XEv7tn9jENRufuoxUV4cTZT6nTz0cC3jq/Rb

v1XNVyMCSwLNx393AMfyQso2q0nT1T2WKsZiYhfqubEhCxSHo5woHtgb5a5Lnlx/

JtQ8BgECgYEA0wgmuuk1v97avQdb97BCd79XXC0Q9W5d/H/ezoMzEP/KFlBXE0UD

nmV+EietuywJcjW2pf8kj+zdNilXAklP5fECL8FoGWiILIzfDvo2QfAQqxwzQJoE

ElVC1QflQMrY2UC95q8nE+YsA0OaPl0XsZ8H27aRbctieV4EXa37v4MCgYEAzo5z

JU5AQYqRCn4xu1nH1wXoRz8rq9TK3HAmTifhEBaWMeGno+N+J2MHtYbWuCEFCwdl

D3z8TOcFYQhZLxJu0DPE3iElMqDE5Yf8wXJoeSxLHbylfroNnUnxX3x+Ze48YO15

PQYJ49JrVUinF9FE3dTZysC8Ggh30qMDk7IL8aECgYApVsFvf9udmGQ0/0oOvSJo

Hr1YOyPFUDdtDQdyYNUSEWle8aH9DlnlH3CQ0eEAd2HqU4dSAScCYp36zCJVOlNC

cfHBtRtVTtrOD1Jqtq0GQaaiPkXz87e0d6s92+wWwyWzeTE6DTmUdlRM12NRsB7C

FqsNaTgXz+2cZMRqLXjRTQKBgQC5HkOmCIZf9v7cR5LslJ8cX2f4Cm5qNnCEtWIv

I2B6mbOMCu/CWs0iIYe0MZ9YMAekBcGV6u73QQi6GNBM9pknsW3bohsDT8CG8aQd

/xoQlxjPEtXDSJ2Q/Mb9S8bANY4ZVFsWzMWqT1fwfAd8ugmdQfja1HcAYdx5g61d

/fDkYQKBgBC9XfTBooU3R++s9JXwxkkwj5d2IO+UvyJyJyPXsBbgFGieGQzeilAE

sCYzXjCWkoUoes4kyXaFYoR6CbW7Z80L/HtQJkouxUUDMuhj3wiiJekdKhqPPxwW

tVwCa6PoT8QnaaA00XAfmBiRBQHtoTW8o5z2GbHzhNeRy2G38nif

-----END RSA PRIVATE KEY-----

这样就可以拿到openssl中RSA秘钥信息：

n：模数 modulus

e：公钥指数 publicExponent

d：私钥指数 privateExponent

p：最初的大素数 prime1

 q：最初的大素数 prime2

dmp1：e*dmp1= 1 (mod (p-1)) exponent1

dmq1：e*dmq1= 1 (mod (q-1)) exponent2

iqmp：q*iqmp= 1 (mod p ) coefficient

其中，公钥为n 和e；私钥为n 和d。在实际应用中，公钥加密一般用来协商密钥；私

钥加密一般用来签名。

使用openssl rsa 工具生成公钥：

$ openssl rsa -in privatekey.pem -pubout -out publickey.pem

查看公钥16进制格式:

$ openssl rsa -in publickey.pem -text -pubin

生成秘钥信息后，就可以将秘钥信息存放于sv中的byte unsigned n_buf类型的动态数组中。

byte unsigned n_buf[] =new[256];

n_buf=‘{8'haa,8'h45,8'hfc,8'h9b,8'h4d,8'h6b,8'h9f,8'hda,8'h89,8'h2a,8'h90,8'h65,8'h3c,8'h75,

8'hd2,8'h2e,8'h60,8'h6e,8'h98,8'h85,8'h2b,8'hbb,8'h9f,8'hf9,8'h66,8'h19,8'hfb,8'h44,8'hcd,

8'hf2,8'h99,8'ha6,8'h94,8'h1d,8'h0e,8'ha9,8'h9d,8'hfc,8'hb1,8'h95,8'hd1,8'hb2,8'he9,8'he1,

8'h84,8'h17,8'hb8,8'h17,8'h3c,8'he4,8'h1a,8'h86,8'h93,8'h30,8'he8,8'h7a,8'h65,8'ha6,8'hfe,

8'h47,8'h14,8'h2a,8'h54,8'hd6,8'h07,8'h51,8'hcb,8'hd5,8'hc8,8'h7d,8'h8a,8'h4a,8'h40,8'h7c,

8'h58,8'hef,8'hca,8'h9e,8'h26,8'h77,8'h4b,8'he4,8'h6a,8'hce,8'hb8,8'h08,8'hdf,8'hcc,8'hb6,

8'h3b,8'hc1,8'hb3,8'ha3,8'hd3,8'h8e,8'h6b,8'h98,8'h59,8'h58,8'h66,8'ha8,8'hd7,8'hc7,8'hc1,

8'hd0,8'hde,8'hba,8'h0f,8'h8d,8'h3c,8'h29,8'h50,8'h8e,8'hbf,8'h7b,8'h98,8'h6a,8'h90,8'h60,

8'hbb,8'h4f,8'h47,8'h06,8'h8d,8'hf7,8'h71,8'h38,8'h2c,8'hcf,8'h07,8'he0,8'h9b,8'h7c,8'h32,

8'h52,8'ha5,8'haf,8'h1a,8'h3c,8'h2d,8'h09,8'hf2,8'he3,8'hf3,8'h77,8'h66,8'h9c,8'h70,8'h4b,

8'h85,8'hbd,8'hc9,8'hf0,8'h35,8'he1,8'h5e,8'h57,8'hca,8'ha3,8'h24,8'heb,8'ha8,8'he4,8'h4f,

8'h04,8'h42,8'h29,8'hff,8'h39,8'h2f,8'h70,8'h76,8'h95,8'h58,8'h22,8'h74,8'hd7,8'h98,8'h82,

8'hf1,8'h1e,8'hbf,8'h58,8'h17,8'hcf,8'h21,8'h68,8'h51,8'h9e,8'hd2,8'hde,8'h53,8'h91,8'h53,

8'h33,8'ha6,8'hd1,8'h21,8'h60,8'he5,8'hbb,8'hdf,8'h02,8'h8a,8'hcd,8'h0b,8'h3f,8'hd8,8'h15,

8'hea,8'h9b,8'hc0,8'h95,8'h56,8'h30,8'h8f,8'h1b,8'h11,8'hdf,8'h8e,8'h37,8'he2,8'h31,8'h5b,

8'h7f,8'h0c,8'h3e,8'hc0,8'hf2,8'h8d,8'h4c,8'hbe,8'h2e,8'ha7,8'hd2,8'h6a,8'h21,8'hce,8'ha4,

8'hc2,8'h6a,8'h86,8'h7c,8'hb6,8'hd8,8'hdb,8'h36,8'h61,8'h6a,8'h72,8'hf5,8'he7,8'hbb,8'h3e,8'hc4,8'h63}；

由于rsa 私钥中的n e d等都是小端对齐的，所以需要将上面的数组reverse。

通常情况下要对明文生成摘要，再对摘要进行签名。所以，在测试中，我随意选择两行文字，对这个文本使用SHA-224生成摘要，并用之前生成的privatekey.pem生成签名。

$ echo -n "The NISTtestvector PDFs are in the public domain; the text extracted from them is aswell. Anything which I might claim copyright is licensed under the" | sha224sum

2e7dfabdf3e6f80c96fbc745e794e010bdb2e7483cb2f9fd6d00af47

或者

$ echo -n "The NISTtestvector PDFs are in the public domain; the text extracted from them is aswell. Anything which I might claim copyright is licensed under the" |openssl dgst -sha224

(stdin)= 2e7dfabdf3e6f80c96fbc745e794e010bdb2e7483cb2f9fd6d00af47

必须带-n，否则把换行符也通过管道传递并进行后续操作。

如果想一步生成最终的签名的话，可以使用下面的命令：

$ echo -n "The NISTtestvector PDFs are in the public domain; the text extracted from them is aswell. Anything which I might claim copyright is licensed under the" |openssl dgst -sha224 -sign privatekey.pem -hex

(stdin)=8f39f311968f3f4ab9437769786c1e31bffb0dce338f62ef16a618864a8451f96b15a46f45ac3a25c74702d75570cd79f327d5ca5031561279b2e00eb49542a49b235694aa24fd1ad64ce77bfac10ee9b346776918fc1ce89a23c5170b1a7c2cfd1f3a5f255e4206d3a69f6358c50e6d183ea8fe55ede66f8077395ebe1e7e8a0d88612c453d846d0dc5b957423f215f0cb086cbe75d41d6f6e78496aa94d30bf283c37de80dc9223ec4b2c840d2c97fac9120704cc4a6de1cddc7cf95d877b273c1ca34daf76d0f88c1336551253ebaccbaf1ed80e57675d33c75b66716e91daa20091ea5955d634c06559221db65183a6ab9bcdbbd3060167c348ae65c647f

这样进行一次RSA签名和验证所需要的所有数据(明文，摘要，签名，以及RSA秘钥信息)我们都准备好了。

我们所要验证的就是自己的sv dpi函数输入明文，RSA秘钥信息和padding模式，hash算法类别，能输出正确的签名。

首先，由于要用到自己定制的CRT模幂函数，可以使用RSA_meth_set_mod_exp()将默认的rsa_ossl_mod_exp函数改为自己定制的crt_mod_exp函数。同时关闭RSA_blinding_off()。

配置完RSA之后，就可以进行摘要的生成，摘要生成采用EVP顶层封装的函数，可以传递不同的HASH算法，完成摘要生成。

EVP_DigestInit();

EVP_DigestUpdate();

EVP_DigestFinal();

最后，应用rsa_pmeth.c中的pkey_rsa_sign函数，为了简化sv dpi传递的参数，我们不使用EVP_PKEY_CTX数据结构，所以提取pkey_rsa_sign函数中有关sign的部分，稍作修改即可完成对三种padding mode（PKCS1，PSS，X931）的支持。

特别提出，在sv中可以直接用字符串，但是需要将字符串转换为16进制动态数组。

string msg_str = " The NISTtestvector PDFs are in the public domain; the text extracted from them is aswell. Anything which I might claim copyright is licensed under the " ;

byte unsigned msg_str_buf[] = new[msg_str.len]；

msg_str_buf[i] = msg_str.getc(i);

即可将string转换为byte类型数组。

常用指令记录如下：

openssl genrsa -out privatekey.txt 1024
openssl rsa -in privatekey.txt -text
openssl rsa -in privatekey.txt -pubout -out publickey.txt
openssl dgst -sha224 -hex -out sign_hex.txt -sign privatekey.txt test.txt
openssl dgst -sha224 -out sign.txt -sign privatekey.txt test.txt
openssl dgst -sha224 -verify publickey.txt -signature sign.txt test.txt

XtremeDV

关注

2
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
RSA crt 签名与验签 systemverilog DPI 制作以及openssl genrsa生成RSA私钥与签名验证指令dgst使用

rsa crt 签名验签 systemverilog DPI 制作在这次的rsa crt 签名和验签的sv dpi编写过程中，需要生成rsa 私钥和公钥，并用rsa 私钥进行签名，rsa公钥进行验签，本来打算用nist提供的标准测试向量，但是由于标准向量中，没有CRT(中国剩余定理)求模幂使用的一些parameter。https://csrc.nist.gov/projects/cryptographic-algorithm-validation-progr
复制链接

扫一扫

专栏目录