OpenSSL go 引擎问题

发布于 2024-12-26 17:03:34 字数 1286 浏览 1 评论 0原文

我正在尝试使用 OpenSSL 1.0.0d 实现 ECDH 密钥交换 GOST 34.10-2001。我正在像这样加载 gost 引擎：

    ENGINE * e = ENGINE_by_id("gost");

    if(!e)
    {
        e = ENGINE_by_id("dynamic");
        if (!e)
        {
            ENGINE_load_dynamic();
            e = ENGINE_by_id("dynamic");
        }

        if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)))
            return 1;
    }

    if(!ENGINE_init(e))
        return 1;

    ENGINE_set_default(e, ENGINE_METHOD_ALL);
    OpenSSL_add_all_algorithms();

此时 GOST 引擎已加载并且工作正常（我认为是这样）。我已经用散列和加密算法做了一些测试。

但是当我尝试实现 ECDH（通过导入另一方公钥生成共享密钥）时，我得到了不正确的结果（共享密钥与另一方不同）。

我检查了 a、b、p、q、x、y 参数，检查了代码流程，但无法找出问题所在。

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94
a6
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893
1
8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14

有一件事：VKO 34.10-2001算法是在openssl\engines\ccgost\gost2001_keyx.c（函数VKO_compute_key）中实现的，但是当我调用通用函数ECDH_compute_key时，它不会导致VKO_compute_key（通过在以下位置设置int3来检查这一点） VKO_compute_key 的开头）。

我是不是误会了什么？或者有人可以展示使用 openssl 的 gost 引擎生成共享密钥的示例吗？

原文

I'm trying to implement ECDH key exchange GOST 34.10-2001 using OpenSSL 1.0.0d.
I'm loading gost engine like this:

    ENGINE * e = ENGINE_by_id("gost");

    if(!e)
    {
        e = ENGINE_by_id("dynamic");
        if (!e)
        {
            ENGINE_load_dynamic();
            e = ENGINE_by_id("dynamic");
        }

        if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)))
            return 1;
    }

    if(!ENGINE_init(e))
        return 1;

    ENGINE_set_default(e, ENGINE_METHOD_ALL);
    OpenSSL_add_all_algorithms();

At this point GOST engine is loaded and works fine (I think so). I've done some testings with hashing and encryption algorithms.

But when I'm trying to implement ECDH (shared key generation by importing other side public key), I'm getting improper result (shared key differs with other side).

I've checked a, b, p, q, x, y parameters, checked code flow, but can't figure out what's wrong.

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94
a6
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893
1
8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14

There's one thing: VKO 34.10-2001 algorithm is implemented in openssl\engines\ccgost\gost2001_keyx.c (function VKO_compute_key), BUT when I'm calling a generic function ECDH_compute_key it doesn't lead to VKO_compute_key (checked this by setting int3 at the beginning of VKO_compute_key).

Did I misunderstood something? Or can someone show an example of generating shared key using gost engine from openssl?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

抚你发端 2025-01-02 17:03:34

我知道这是一个老问题，但对某些人来说可能仍然是热门话题。

使用 GOST 引擎时，以下代码可以很好地生成共享密钥。

int get_shared_key(
    EVP_PKEY *priv, 
    EVP_PKEY *peer,     
    unsigned char *ukm, 
    int ukm_size, 
    unsigned char *secret, 
    size_t *secret_len)
{
    int result = 0;
    EVP_PKEY_CTX *ctx = NULL;
    int key_size = 0;

    if((ctx = EVP_PKEY_CTX_new(priv, NULL)) == NULL) 
        goto err;
    if(EVP_PKEY_derive_init(ctx) != 1) 
        goto err;
    if(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SET_IV, ukm_size, ukm) != 1) 
        goto err;
    if(EVP_PKEY_derive_set_peer(ctx, peer) != 1) 
        goto err;
    key_size=EVP_PKEY_derive(ctx, NULL, secret_len);
    if(key_size != GOST_R_34_12_2015_KEY_SIZE) 
        goto err;
    if(EVP_PKEY_derive(ctx, secret, secret_len) != 1) 
        goto err;

    result = 1;
    goto end;
err:
    ERR_print_errors_fp(stderr);
end:
    if(ctx)
        EVP_PKEY_CTX_free(ctx);
    return result;
}

I know it's an old question, but it may still be topical for some.

The following code generates a shared secret just fine when using the GOST engine.

int get_shared_key(
    EVP_PKEY *priv, 
    EVP_PKEY *peer,     
    unsigned char *ukm, 
    int ukm_size, 
    unsigned char *secret, 
    size_t *secret_len)
{
    int result = 0;
    EVP_PKEY_CTX *ctx = NULL;
    int key_size = 0;

    if((ctx = EVP_PKEY_CTX_new(priv, NULL)) == NULL) 
        goto err;
    if(EVP_PKEY_derive_init(ctx) != 1) 
        goto err;
    if(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SET_IV, ukm_size, ukm) != 1) 
        goto err;
    if(EVP_PKEY_derive_set_peer(ctx, peer) != 1) 
        goto err;
    key_size=EVP_PKEY_derive(ctx, NULL, secret_len);
    if(key_size != GOST_R_34_12_2015_KEY_SIZE) 
        goto err;
    if(EVP_PKEY_derive(ctx, secret, secret_len) != 1) 
        goto err;

    result = 1;
    goto end;
err:
    ERR_print_errors_fp(stderr);
end:
    if(ctx)
        EVP_PKEY_CTX_free(ctx);
    return result;
}

回复收藏 0 原文

~没有更多了~