Fatal编程技术网
  • c/
  • C 将OpenSSL RSA加密转换为GnuTLS

C 将OpenSSL RSA加密转换为GnuTLS

c openssl

C 将OpenSSL RSA加密转换为GnuTLS,c,openssl,gnutls,C,Openssl,Gnutls,出于许可的原因,我正在尝试将以下代码从OpenSSL转换为GnuTLS: BIO *bioKey = BIO_new(BIO_s_mem()); if (!bioKey) { DEBUG_ERROR("failed to allocate bioKey"); spice_disconnect_channel(channel); return false; } BIO_write(bioKey, reply.pub_key, SPICE_TICKET_

出于许可的原因,我正在尝试将以下代码从OpenSSL转换为GnuTLS:

  BIO *bioKey = BIO_new(BIO_s_mem());
  if (!bioKey)
  {
    DEBUG_ERROR("failed to allocate bioKey");
    spice_disconnect_channel(channel);
    return false;
  }

  BIO_write(bioKey, reply.pub_key, SPICE_TICKET_PUBKEY_BYTES);
  EVP_PKEY *rsaKey = d2i_PUBKEY_bio(bioKey, NULL);
  RSA *rsa = EVP_PKEY_get1_RSA(rsaKey);

  char enc[RSA_size(rsa)];
  if (RSA_public_encrypt(
        strlen(spice.password) + 1,
        (uint8_t*)spice.password,
        (uint8_t*)enc,
        rsa,
        RSA_PKCS1_OAEP_PADDING
  ) <= 0)
  {
    DEBUG_ERROR("rsa public encrypt failed");
    spice_disconnect_channel(channel);
    EVP_PKEY_free(rsaKey);
    BIO_free(bioKey);
    return false;
  }

  ssize_t rsaSize = RSA_size(rsa);
  EVP_PKEY_free(rsaKey);
  BIO_free(bioKey);

BIO*bioKey=BIO_new(BIO_s_mem());
如果(!bioKey)
{
调试_错误(“未能分配生物密钥”);
spice_断开_通道(通道);
返回false;
}
BIO_写入(bioKey、reply.pub_key、SPICE_TICKET_PUBKEY_字节);
EVP_PKEY*rsaKey=d2i_PUBKEY_bio(bioKey,NULL);
RSA*RSA=EVP_PKEY_get1_RSA(rsaKey);
字符加密[RSA_大小(RSA)];
如果(RSA_公共_加密(
strlen(spice.password)+1,
(uint8_t*)spice.password,
(uint8_t*)附件,
rsa,
RSA_PKCS1_OAEP_填充

)GnuTLS根本不支持ES-OEAP。
GnuTLS_pubkey_encrypt_data
生成PKCS#1填充数据,无法使用

解决方案是完全避免GnuTLS,并使用nettle和libgmp手动执行加密。我的解决方案基于FreeTDS中的示例:




这实现了OEAP填充功能,并使用GMP执行RSA加密。
您能提供一个完整的示例吗?上面提供的代码是一个完整的、最少的、可验证的示例。

  const gnutls_datum_t pubData =
  {
    .data = (void *)reply.pub_key,
    .size = SPICE_TICKET_PUBKEY_BYTES
  };

  gnutls_pubkey_t pubkey;
  if (gnutls_pubkey_init(&pubkey) < 0)
  {
    spice_disconnect_channel(channel);
    DEBUG_ERROR("gnutls_pubkey_init failed");
    return false;
  }

  if (gnutls_pubkey_import(pubkey, &pubData, GNUTLS_X509_FMT_DER) < 0)
  {
    gnutls_pubkey_deinit(pubkey);
    spice_disconnect_channel(channel);
    DEBUG_ERROR("gnutls_pubkey_import failed");
    return false;
  }

  const gnutls_datum_t input =
  {
    .data = (void *)spice.password,
    .size = strlen(spice.password) + 1
  };

  gnutls_datum_t out;
  if (gnutls_pubkey_encrypt_data(pubkey, 0, &input, &out) < 0)
  {
    gnutls_pubkey_deinit(pubkey);
    spice_disconnect_channel(channel);
    DEBUG_ERROR("gnutls_pubkey_encrypt_data failed");
    return false;
  }

  const char        *enc     = (char *)out.data;
  const unsigned int rsaSize = out.size;