这是我写的一个dh测试程序,分别在wince和xp下运行,xp下获得的共享密钥相等,而wince下的不等,呵呵,由于本人水平有限,写得代码比较乱
/*本程序dh交换中,两端分别用x,y表示,其中x,gx分别为x端的私钥和公钥,y,gy分别表示y端的私钥和公钥,p为192字节的大素数,已定,g为基数,也是定值,为2*/
#include "testike.h"
#include <openssl/pem.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <assert.h>
#include <openssl/rand.h>
//初始化
static DH * _dh_init(const unsigned char * g, size_t glen,
const unsigned char * p, size_t plen,
const unsigned char * x, size_t xlen)
{
DH * dh;
assert(p && plen && g && glen && x && xlen);
dh = DH_new();
assert(dh);
dh->p=BN_bin2bn(p, plen, 0);
BN_is_prime(dh->p, 0,0,0,0);
//assert(BN_is_prime(dh->p, 0,0,0,0));
dh->g=BN_bin2bn(g, glen, 0);
dh->priv_key = BN_bin2bn(x, xlen, 0);
return dh;
}
//生成公钥
unsigned char* x4_dh_public(const unsigned char * g, size_t glen,
const unsigned char * p, size_t plen,
const unsigned char * x, size_t xlen)
{
DH * dh;
unsigned char *gx=(unsigned char *)malloc(192);
dh = _dh_init(g,glen, p,plen, x,xlen);
assert(dh);
DH_generate_key(dh);
BN_bn2bin(dh->pub_key, gx);
DH_free(dh);
return gx;
}
//生成共享密钥
unsigned char * x4_dh_shared(const unsigned char * g, size_t glen,
const unsigned char * p, size_t plen,
const unsigned char * x, size_t xlen,
const unsigned char * gx, size_t gxlen,
const unsigned char * gy, size_t gylen)
{
DH * dh;
BIGNUM * bn;
unsigned char *gxy=(unsigned char *)malloc(192);
assert(gx && gxlen && gy && gylen);
dh = _dh_init(g,glen, p,plen, x,xlen);
assert(dh);
dh->pub_key = BN_bin2bn(gx, gxlen, 0);
assert(dh->pub_key);
bn = BN_bin2bn(gy, gylen, 0);
assert(bn);
DH_compute_key(gxy, bn, dh);
DH_free(dh);
return gxy;
}
int _tmain(int argc, _TCHAR* argv[])
{
DH *dh;
unsigned char g[1],x[192],y[192];
unsigned char * gx;
unsigned char * shared1;
unsigned char * shared2;
unsigned char * gy;
unsigned char p[192]={
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
};
g[0]=2;
//初始化
SSLeay_add_all_algorithms();
RAND_poll();
//获得私钥
RAND_bytes(x, 192);//x端私钥(随机数)
RAND_bytes(y, 192);//y端私钥(随机数)
//计算获得公钥
gx=x4_dh_public(g,1,p,192,x,192);//x端公钥
gy=x4_dh_public(g,1,p,192,y,192);//y端公钥
shared1=x4_dh_shared(g,1,p,192,x,192,gx,192,gy,192);//共享密钥一
shared2=x4_dh_shared(g,1,p,192,y,192,gy,192,gx,192);//共享密钥二
if(memcmp(shared1,shared2,192)!=0)
{
printf("生成共享密钥失败\n");
return -1;
}
printf("生成共享密钥成功");
return 0;
}
2 个解决方案
#1
我以前遇到过unix平台下产生rsa密钥失败,是那个平台随机数产生函数的问题,你这个没遇到过
不知道是否和随机数有关。
不知道是否和随机数有关。
#2
谢谢,问题已经查出来了,是openssl的dh算法的问题,而具体到内部函数,我怀疑是g的x次方计算的问题,现在我将dh算法替换成另一个加解密包的dh算法,已经连通了,美中不足的是这个加密包的dh算法速度明显低于openssl,也只能将就了,谢谢关注:)
#1
我以前遇到过unix平台下产生rsa密钥失败,是那个平台随机数产生函数的问题,你这个没遇到过
不知道是否和随机数有关。
不知道是否和随机数有关。
#2
谢谢,问题已经查出来了,是openssl的dh算法的问题,而具体到内部函数,我怀疑是g的x次方计算的问题,现在我将dh算法替换成另一个加解密包的dh算法,已经连通了,美中不足的是这个加密包的dh算法速度明显低于openssl,也只能将就了,谢谢关注:)