RSA算法
RSA算法是一种非对称加密算法,特点时加密解密算法不同且加密解密密钥不同,即一般公钥加密,私钥解密。
下面时RSA算法关键参数
- n 模数,位长度为1024比特或者2048比特
- e 公开指数,一般为3,7或者65537
- d 私密指数
- (n,e)公钥
- (n,d)私钥
RSA加速技术
RSA私钥操作可以用中国剩余定理(CRT)进行加速执行,再mbedtls配置文件中通过MBEDTLS_RSA_NO_CRT宏打开CRT加速,(默认时打开的)
RSA填充方法
对于RSA加密,给定一个明文,给定一个公钥,就会得到特定密文,这样带来一定安全隐患,所以RSA通常包含填充方案,通过填充动作把随机性注入明文,这样每次加密出来的密文不会相同。RSA有2种填充方案:RSAES-OAEP和RSAES-PKCS1-v1_5.前者目前已经不再推荐使用,后者再实现过程种引入了单项散列函数。
RSA加解密例子
下面例子用伪随机生成器生成rsa密钥对,(当然也可以直接拿外部已经生成的rsa密钥对来加密解密)然后对消息进行加密解密。
需要打开以下宏
#define MBEDTLS_AES_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_GENPRIME
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C 开启OID数据结构模块
#define MBEDTLS_RSA_C 开启RSA算法
#define MBEDTLS_PKCS1_V21 开启PKCS#1 v2.1方案
#define MBEDTLS_AES_ROM_TABLES
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include "mbedtls/rsa.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/platform.h"
#define assert_exit(cond, ret) \
do { if (!(cond)) { \
printf(" !. assert: failed [line: %d, error: -0x%04X]\n", __LINE__, -ret); \
goto cleanup; \
} } while (0)
static void dump_buf(char *info, uint8_t *buf, uint32_t len)
{
mbedtls_printf("%s", info);
for (int i = 0; i < len; i++) {
mbedtls_printf("%s%02X%s", i % 16 == 0 ? "\n ":" ",
buf[i], i == len - 1 ? "\n":"");
}
}
static void dump_rsa_key(mbedtls_rsa_context *ctx)
{
size_t olen;
uint8_t buf[516];
mbedtls_printf("\n +++++++++++++++++ rsa keypair +++++++++++++++++\n\n");
mbedtls_mpi_write_string(&ctx->N , 16, buf, sizeof(buf), &olen);
mbedtls_printf("N: %s\n", buf);
mbedtls_mpi_write_string(&ctx->E , 16, buf, sizeof(buf), &olen);
mbedtls_printf("E: %s\n", buf);
mbedtls_mpi_write_string(&ctx->D , 16, buf, sizeof(buf), &olen);
mbedtls_printf("D: %s\n", buf);
mbedtls_mpi_write_string(&ctx->P , 16, buf, sizeof(buf), &olen);
mbedtls_printf("P: %s\n", buf);
mbedtls_mpi_write_string(&ctx->Q , 16, buf, sizeof(buf), &olen);
mbedtls_printf("Q: %s\n", buf);
mbedtls_mpi_write_string(&ctx->DP, 16, buf, sizeof(buf), &olen);
mbedtls_printf("DP: %s\n", buf);
mbedtls_mpi_write_string(&ctx->DQ, 16, buf, sizeof(buf), &olen);
mbedtls_printf("DQ: %s\n", buf);
mbedtls_mpi_write_string(&ctx->QP, 16, buf, sizeof(buf), &olen);
mbedtls_printf("QP: %s\n", buf);
mbedtls_printf("\n +++++++++++++++++ rsa keypair +++++++++++++++++\n\n");
}
int main(void)
{
int ret;
size_t olen = 0;
uint8_t out[2048/8];
mbedtls_rsa_context ctx;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "simple_rsa";
const char *msg = "Hello, World!";
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21,
MBEDTLS_MD_SHA256);
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const uint8_t *) pers, strlen(pers));
assert_exit(ret == 0, ret);
mbedtls_printf("\n . setup rng ... ok\n");
mbedtls_printf("\n ! RSA Generating large primes may take minutes! \n");
ret = mbedtls_rsa_gen_key(&ctx, mbedtls_ctr_drbg_random,
&ctr_drbg,
2048,
65537);
assert_exit(ret == 0, ret);
mbedtls_printf("\n 1. RSA generate key ... ok\n");
dump_rsa_key(&ctx);
ret = mbedtls_rsa_pkcs1_encrypt(&ctx, mbedtls_ctr_drbg_random,
&ctr_drbg,
MBEDTLS_RSA_PUBLIC,
strlen(msg),
msg,
out);
assert_exit(ret == 0, ret);
dump_buf("\n 2. RSA encryption ... ok", out, sizeof(out));
ret = mbedtls_rsa_pkcs1_decrypt(&ctx, mbedtls_ctr_drbg_random,
&ctr_drbg,
MBEDTLS_RSA_PRIVATE,
&olen,
out,
out,
sizeof(out));
assert_exit(ret == 0, ret);
out[olen] = 0;
mbedtls_printf("\n 3. RSA decryption ... ok\n %s\n", out);
ret = memcmp(out, msg, olen);
assert_exit(ret == 0, ret);
mbedtls_printf("\n 4. RSA Compare results and plaintext ... ok\n");
cleanup:
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_rsa_free(&ctx);
return ret;
}
log如下
. setup rng ... ok
! RSA Generating large primes may take minutes!
1. RSA generate key ... ok
+++++++++++++++++ rsa keypair +++++++++++++++++
N: BD0A07624B031275BEF49D82B3FF020F69D456B76607956663D303C594AC48C02583DC6D069667BE7DB279A0E4A94A087F4E5A42E3658AED06DF82672CAABABF7C29CDA03A7A74E5FBFBA1F402781FD3EA1EFCE10691DAACD467BC4652E434FDA012BFA62B8F88F530BCCBC648F58B3957B99630244C0EDBF52AFF960239907EB3B2782BB0422302A3FC2CF1BB80C28638E007FF7BC89DC07DAE78044B301B162848C2F0298C8B7DB25A9BB356B481F0F9A5A471B4DF77819D0468EAA83AB37BBB9B16C9A78168D2474A197540B1AFB7D21CDE7A6B3226D271C4D9351B5829B80FBBD73ED7AF26A8FA028871FE22767748E263E1B4D09FCB5F6BD9BDFD605927
E: 010001
D: 6F9F7E60B1FE6C660E8D8E7C612090ECDD06BEF5A84F8E0E599F7E38AAE35849ED5D0149777C54620D02D80303425B2ECD4D4CCAF64F3D4B5CA599F0A65561D433D2D3526B7567956DC75608297519061ED69167A66375865C1DACF4B1798338C7CE8A4FEAA4E4B0334927E23BAE91B9186DC39B45B38B8AA227F3A77644DB6690DAA76F97FF92C0BBD7ACF19FC40F82DA3C2424623BF54E9A6C002A67B31E30B18D14878EB4CF74390A8C9CCE854F2F491DDB628C410C7350BD3235842A8B4C0BF53EDA6E551D1D356859C4C5E3FAEB47EA86E43BC3696B7762F8967387091285F02299FF131793C75C4E344286773531087D741DB31345A881CC31A7722261
P: ED163A4809279C687C89B21089889628F1AB331FE89B0EF7100A9154DC95F9673DA4B716A026FE61D5F91B7EBF94E29C41E396A93FBD566A38CF09B112BEF7A8D3EF74B97DEC02D90D11D162CE4D0B76342A13A0A038A19FB4FBBD669AF410471F3924EC26691D58BBCDEEB85E9344194B5279B55D34F5CCBD06A53CDADA5C89
Q: CC1E93364EF40867F75D40B8EA9794BF8B3EBD2252332F0F2E9E5DE77034C5B1168E0B0D3BE3993F6BEDAB2ED07381B77EF3851B8FCBB715BE333587C9B0ECAAE31C4CCB2EE46033EDAB90D1EC55CA9DEBF88AD95A17D2EC28E753DE676D9BB690D5D59F1D69ED459CD13DBA84A4B628F5DD3119484E37F46BF7CF336EFF7C2F
DP: 88580512523976685C5E6F89B51E5884995E841B3090A38D8FAB1423026C392E9733B79B0A65025BCF4ADFF607451F010F9F4B906FB87A0EC236C6730FBDC4FD514C5F0B21906D9ED7364CFD0E791E434F0277A123230E47A334369AE037C578B14B12A1C00129405358BD9547C6571E58C3C87C756AB484969C50C06B77B249
DQ: BFCB8AEFE0C8148DFC34B77809965CC28E88691732BDBD5E3AA3BC0097C23E6FE38D9C7CD6E5493DFA9FDBD5A530A39653C7662F3BB2635A1ED9E756AC017EA023BE97B9E359DBBB6F7B621C9E410E9DCCF8411F7234289096EEA633B8639988B616F71F07785CE6A82F441D5A3D9A9C6A4968B524E7BA54048F59362EFA0929
QP: 9FE7C2E91937AD577C22FF4E07A6F79EF89850B13E9E010E6FEA0173BB1B117F6E6FD12D886FA68E7911DD8A3225A0C3F0FA80882A9A0AC1CA84AE6C7DD962621FC558CD551BFAB7CE22A5D07DB302DAE2CE143565F413E16A6B0998F62C9DF222C33E3695C29E8ABA12FD147B431FF45DC71AC616221BFB782A44B760331DB8
+++++++++++++++++ rsa keypair +++++++++++++++++
2. RSA encryption ... ok
59 BA E5 46 99 AE DF B1 03 35 DF 90 80 51 BC 8A
7B EC BE 0E 6E 82 2A 9B 24 4E 26 6A 52 3D 75 5E
24 AF 2E 5E 76 EC C0 78 95 5F 15 0B B1 53 46 4F
93 07 29 4F A6 10 2F 41 F0 B3 96 1A 02 5C C4 B4
71 E3 87 67 68 EB 74 69 A8 85 70 08 62 AA 3B 83
21 EC 35 1C E1 0E 43 B4 01 9C 00 8E AD 9C 3F 90
21 23 26 2E EF 73 55 3F 30 7F 3C C3 E1 55 4B 0C
60 BD 76 6B AD 38 09 26 F2 BD CC 01 65 C1 B0 E7
BE D3 A6 93 D9 81 11 D4 6C 1F 89 02 92 27 3D A5
35 9A 9E 88 CA D9 76 D5 0B AE DE E2 D6 F6 FD 6F
FC 7E B0 90 9C 1C DD E5 49 A4 3C CE E3 BB 66 EB
B8 16 62 FA 82 45 A7 96 5E 9D E9 77 67 22 37 AB
62 74 B8 91 E4 6C BA E5 C9 B8 47 12 D8 77 C4 F9
07 93 0F 5A 4D 57 7B 1A 6A 0D F7 63 84 2F AE CC
DE 78 4F 5B C2 22 CC EA B5 FC BE 1D 7C F3 2E B4
6A 4E 1E 77 46 0D 62 63 69 18 A7 27 5C 42 2E BF
3. RSA decryption ... ok
Hello, World!
4. RSA Compare results and plaintext ... ok
上面的rsa keypair中
N和E是公钥
N、E、D、P、Q、DP、DQ、QP属于私钥,其中DP、DQ、QP用于加速解密过程
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)