Cryptography 如何使用CNG API在RSAES-OAEP中指定掩码生成功能?
我正在用windows CNG库实现RSA-OAEP。到目前为止,我已经能够使用CNG库实现完整的(加密/解密)流程,并且能够使用OpenSSL验证结果。但是,这仅在哈希函数与MGF1相同时才有效。如果这两个命令不同,我的CNG实现将失败,例如,如果OpenSSL命令从:Cryptography 如何使用CNG API在RSAES-OAEP中指定掩码生成功能?,cryptography,rsa,cng,Cryptography,Rsa,Cng,我正在用windows CNG库实现RSA-OAEP。到目前为止,我已经能够使用CNG库实现完整的(加密/解密)流程,并且能够使用OpenSSL验证结果。但是,这仅在哈希函数与MGF1相同时才有效。如果这两个命令不同,我的CNG实现将失败,例如,如果OpenSSL命令从: pkeyutl -encrypt -in test.txt -pubin -inkey keypair.pem -out out.bin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_
pkeyutl -encrypt -in test.txt -pubin -inkey keypair.pem -out out.bin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256
致:
CNG将无法解密(请注意mgf1参数中从SHA256更改为SHA1)。我的猜测是,我需要指定使用SHA1作为CNG API的掩码生成函数,但我不知道如何做到这一点。到目前为止,我的研究已经指出了CRYPT_RSAES_OAEP_PARAMETERS结构的存在,该结构允许指定掩码生成函数。但是我还没有找到一个关于如何将这些参数用于CNG的示例
非常感谢您的帮助
这是我的CNG代码:
BCRYPT_OAEP_PADDING_INFO paddingParams = { BCRYPT_SHA256_ALGORITHM, NULL, 0 };
///Encryption
status = BCryptEncrypt(hKey, pbInput, cbInput, &paddingParams, NULL /*pbIV*/, 0 /*cbIV*/, NULL /*pbOutput*/, 0 /*cbOutput*/, &cbBuffer, BCRYPT_PAD_OAEP);
if (!NT_SUCCESS(status))
{
printf("Failed to get required size of buffer..status : %08x\n", status);
}
pbBuffer = (PUCHAR) LocalAlloc(0, cbBuffer);
status = BCryptEncrypt(hKey, pbInput, cbInput, &paddingParams, NULL /*pbIV*/, 0 /*cbIV*/, pbBuffer, cbBuffer, &cbBuffer, BCRYPT_PAD_OAEP);
if (!NT_SUCCESS(status))
{
printf("Failed encrypt data..status : %08x\n", status);
}
//Decryption
status = BCryptDecrypt(hKey, pbBuffer, cbBuffer, &paddingParams, NULL/*pbIV*/, 0/*cbIV*/, NULL, 0, &cbBufferRaw, BCRYPT_PAD_OAEP);
if (!NT_SUCCESS(status))
{
printf("Failed to get required size of buffer..status : %08x\n", status);
}
pBufferRaw = (PUCHAR) LocalAlloc(0, cbBufferRaw);
status = BCryptDecrypt(hKey, pbBuffer, cbBuffer, &paddingParams, NULL/*pbIV*/, 0/*cbIV*/, pBufferRaw, cbBufferRaw, &cbBufferRaw, BCRYPT_PAD_OAEP);
if (!NT_SUCCESS(status))
{
printf("Failed to get required size of buffer..status : %08x\n", status);
}
BCRYPT_OAEP_PADDING_INFO paddingParams = { BCRYPT_SHA256_ALGORITHM, NULL, 0 };
///Encryption
status = BCryptEncrypt(hKey, pbInput, cbInput, &paddingParams, NULL /*pbIV*/, 0 /*cbIV*/, NULL /*pbOutput*/, 0 /*cbOutput*/, &cbBuffer, BCRYPT_PAD_OAEP);
if (!NT_SUCCESS(status))
{
printf("Failed to get required size of buffer..status : %08x\n", status);
}
pbBuffer = (PUCHAR) LocalAlloc(0, cbBuffer);
status = BCryptEncrypt(hKey, pbInput, cbInput, &paddingParams, NULL /*pbIV*/, 0 /*cbIV*/, pbBuffer, cbBuffer, &cbBuffer, BCRYPT_PAD_OAEP);
if (!NT_SUCCESS(status))
{
printf("Failed encrypt data..status : %08x\n", status);
}
//Decryption
status = BCryptDecrypt(hKey, pbBuffer, cbBuffer, &paddingParams, NULL/*pbIV*/, 0/*cbIV*/, NULL, 0, &cbBufferRaw, BCRYPT_PAD_OAEP);
if (!NT_SUCCESS(status))
{
printf("Failed to get required size of buffer..status : %08x\n", status);
}
pBufferRaw = (PUCHAR) LocalAlloc(0, cbBufferRaw);
status = BCryptDecrypt(hKey, pbBuffer, cbBuffer, &paddingParams, NULL/*pbIV*/, 0/*cbIV*/, pBufferRaw, cbBufferRaw, &cbBufferRaw, BCRYPT_PAD_OAEP);
if (!NT_SUCCESS(status))
{
printf("Failed to get required size of buffer..status : %08x\n", status);
}