gpt4 book ai didi

C++ 在 OpenSSL 中读取和使用 RSA 私钥

转载 作者:塔克拉玛干 更新时间:2023-11-03 07:54:08 25 4
gpt4 key购买 nike

假设有一个程序使用 OpenSSL RSA 来确保其安全性,并且我有它用来解密/加密其数据的私钥。

这是引用谁写的程序协议(protocol)的确切工作方式:

For the session opening, the client generates a 256-bits AES session key, and a 128-bits AES session IV (Initialisation Vector).

The client sends a GSP SESSION INIT message to the server, encrypted with the client's RSA private key (that is, encrypted with the private key). The RSA private key is the same for all Garena Clients, has been ripped from the windows EXE, and is given at the end of this file :) Because of this, the encryption is worthless: if someone is able to sniff the GSP session, he can get the encrypted GSP SESSION INIT message, decrypt it with the RSA public key (which can be derived from the RSA private key very easily with OpenSSL), and so get the AES session key and IV.

After the GSP SESSION INIT message, all the other GSP messages are encrypted in AES CBC with the session key and IV. The key and IV stay the same during all the session, in both directions (that is, the IV used for the encryption of each subsequent message is really the starting IV and not the last ciphertext block like it should be).

正如他提到的,我只需要 RSA 一次(加密 GSP SESSION INIT),然后我们与 AES CBC 通信。

这是我使用的 SSL 类:(这只是 RSA 的东西)

CGarenaEncrypt::CGarenaEncrypt() {
localKeypair = NULL;
remotePubKey = NULL;

#ifdef PSUEDO_CLIENT
genTestClientKey();
#endif

init();
}

int CGarenaEncrypt::rsaEncrypt(const unsigned char *msg, size_t msgLen, unsigned char **encMsg, unsigned char **ek, size_t *ekl, unsigned char **iv, size_t *ivl) {
size_t encMsgLen = 0;
size_t blockLen = 0;

*ek = (unsigned char*)malloc(EVP_PKEY_size(localKeypair));
*iv = (unsigned char*)malloc(EVP_MAX_IV_LENGTH);
if(*ek == NULL || *iv == NULL) return FAILURE;
*ivl = EVP_MAX_IV_LENGTH;

*encMsg = (unsigned char*)malloc(msgLen + EVP_MAX_IV_LENGTH);
if(encMsg == NULL) return FAILURE;

if(!EVP_SealInit(rsaEncryptCtx, EVP_aes_256_cbc(), ek, (int*)ekl, *iv, &localKeypair, 1)) {
return FAILURE;
}

if(!EVP_SealUpdate(rsaEncryptCtx, *encMsg + encMsgLen, (int*)&blockLen, (const unsigned char*)msg, (int)msgLen)) {
return FAILURE;
}
encMsgLen += blockLen;

if(!EVP_SealFinal(rsaEncryptCtx, *encMsg + encMsgLen, (int*)&blockLen)) {
return FAILURE;
}
encMsgLen += blockLen;

EVP_CIPHER_CTX_cleanup(rsaEncryptCtx);

return (int)encMsgLen;
}

int CGarenaEncrypt::rsaDecrypt(unsigned char *encMsg, size_t encMsgLen, unsigned char *ek, size_t ekl, unsigned char *iv, size_t ivl, unsigned char **decMsg) {
size_t decLen = 0;
size_t blockLen = 0;
EVP_PKEY *key;

*decMsg = (unsigned char*)malloc(encMsgLen + ivl);
if(decMsg == NULL) return FAILURE;

#ifdef PSUEDO_CLIENT
key = remotePubKey;
#else
key = localKeypair;
#endif

if(!EVP_OpenInit(rsaDecryptCtx, EVP_aes_256_cbc(), ek, ekl, iv, key)) {
return FAILURE;
}

if(!EVP_OpenUpdate(rsaDecryptCtx, (unsigned char*)*decMsg + decLen, (int*)&blockLen, encMsg, (int)encMsgLen)) {
return FAILURE;
}
decLen += blockLen;

if(!EVP_OpenFinal(rsaDecryptCtx, (unsigned char*)*decMsg + decLen, (int*)&blockLen)) {
return FAILURE;
}
decLen += blockLen;

EVP_CIPHER_CTX_cleanup(rsaDecryptCtx);

return (int)decLen;
}

int CGarenaEncrypt::readPrivateKey(FILE *fd) {
if(!PEM_read_PrivateKey(fd, &localKeypair, NULL, NULL))
return FAILURE;

return SUCCESS;
}

int CGarenaEncrypt::init() {
// Initalize contexts
rsaEncryptCtx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
aesEncryptCtx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));

rsaDecryptCtx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));
aesDecryptCtx = (EVP_CIPHER_CTX*)malloc(sizeof(EVP_CIPHER_CTX));

// Always a good idea to check if malloc failed
if(rsaEncryptCtx == NULL || aesEncryptCtx == NULL || rsaDecryptCtx == NULL || aesDecryptCtx == NULL) {
return FAILURE;
}

// Init these here to make valgrind happy
EVP_CIPHER_CTX_init(rsaEncryptCtx);
EVP_CIPHER_CTX_init(aesEncryptCtx);

EVP_CIPHER_CTX_init(rsaDecryptCtx);
EVP_CIPHER_CTX_init(aesDecryptCtx);

// Init RSA
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);

if(EVP_PKEY_keygen_init(ctx) <= 0) {
return FAILURE;
}

if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, RSA_KEYLEN) <= 0) {
return FAILURE;
}

if(EVP_PKEY_keygen(ctx, &localKeypair) <= 0) {
return FAILURE;
}

EVP_PKEY_CTX_free(ctx);

// Init AES
aesKey = (unsigned char*)malloc(AES_KEYLEN/8);
aesIV = (unsigned char*)malloc(AES_KEYLEN/16);

unsigned char *aesPass = (unsigned char*)malloc(AES_KEYLEN/8);
unsigned char *aesSalt = (unsigned char*)malloc(8);

if(aesKey == NULL || aesIV == NULL || aesPass == NULL || aesSalt == NULL) {
return FAILURE;
}

// For the AES key we have the option of using a PBKDF (password-baswed key derivation formula)
// or just using straight random data for the key and IV. Depending on your use case, you will
// want to pick one or another.
#ifdef USE_PBKDF
// Get some random data to use as the AES pass and salt
if(RAND_bytes(aesPass, AES_KEYLEN/8) == 0) {
return FAILURE;
}

if(RAND_bytes(aesSalt, 8) == 0) {
return FAILURE;
}

if(EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), aesSalt, aesPass, AES_KEYLEN/8, AES_ROUNDS, aesKey, aesIV) == 0) {
return FAILURE;
}
#else
if(RAND_bytes(aesKey, AES_KEYLEN/8) == 0) {
return FAILURE;
}

if(RAND_bytes(aesIV, AES_KEYLEN/16) == 0) {
return FAILURE;
}
#endif

free(aesPass);
free(aesSalt);

return SUCCESS;
}

这就是我尝试做所有事情的方式:

if (!AfxSocketInit())
Util_Log(0, 2, _T("AfxSocketInit() failed."));

FILE* privKey;

int err = fopen_s( &privKey, "E:\\gkey.pem", "r" );

if( err != 0 ){
Util_Log(0, 2, _T("Failed to open 'gkey.pem' file."));
return;
}

err = m_encrypt.readPrivateKey(privKey);

fclose(privKey);

if( err != 0 ){
Util_Log(0, 2, _T("readPrivateKey Failed."));
return;
}


sendGSPSessionInit();

bool CGarenaInterface::sendGSPSessionInit(void)
{
FILE *f;
if(AllocConsole()) {
freopen_s(&f, "CONOUT$", "wt", stdout);
SetConsoleTitle(_T("Debug Console"));
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_RED);
}

Util_Log(0, 0, _T("Sending GSP session init ..."));

int nEncSize = 0;
int nDecSize = 0;
uint8_t* EncOut = NULL;
uint8_t* DecOut = NULL;
unsigned char *ek;
unsigned char *iv;
size_t ekl;
size_t ivl;

CByteBuffer *bytebuffer = new CByteBuffer();
CByteBuffer *bytebuffer2 = new CByteBuffer();
bytebuffer->Allocate(50);
bytebuffer->PutBytes(m_encrypt.aesKey, 32);
bytebuffer->PutBytes(m_encrypt.aesIV, 16);
bytebuffer->PutShort(0xF00F);

printf("\n original:\n");
Util_HexPrint(*bytebuffer, bytebuffer->ByteBuffer->len);

nEncSize = m_encrypt.rsaEncrypt(*bytebuffer, bytebuffer->ByteBuffer->len, &EncOut, &ek, &ekl, &iv, &ivl);

printf("encrypted:\n");
Util_HexPrint(EncOut, nEncSize);

nDecSize = m_encrypt.rsaDecrypt(EncOut, nEncSize, ek, ekl, iv, ivl, &DecOut);

printf("decrypted:\n");
Util_HexPrint(DecOut, nDecSize);

bytebuffer2->Allocate(nEncSize + 6);
bytebuffer2->PutInt(258);
bytebuffer2->PutShort(0x00AD);
bytebuffer2->PutBytes(EncOut, nEncSize);

printf("\n final:\n");
Util_HexPrint(*bytebuffer2, bytebuffer2->ByteBuffer->len);

// m_socket.Create();
// m_socket.m_buffer = *bytebuffer2;
// m_socket.nBufLen = bytebuffer2->ByteBuffer->len;
// m_socket.Connect(GARENA_MAIN_SERVER_ADDRESS, 7456);


delete bytebuffer;
bytebuffer = NULL;
// delete bytebuffer2;
// bytebuffer2 = NULL;

free(EncOut);
free(DecOut);
free(ek);
free(iv);
EncOut = NULL;
DecOut = NULL;
ek = NULL;
iv = NULL;


return true;
}

proof

如图所示,一切正常,但问题是我连接到的服务器,预计数据包长度约为 200-250,而我的数据包长度约为 70。这意味着当他们加密他们的数据时(我使用的和原始客户端使用的相同)加密长度将是一个很大的数字(~240)。对于原始客户端(我实际做的)还有一个替代方案,它是用 java 编写的,可以生成具有正确长度的正确加密数据。

GCB

我认为读取私钥时应该有问题,因为当我调用
PEM_write_PrivateKey(stdout, localKeypair, NULL, NULL, 0, 0, NULL)在控制台中打印的 key 与我想要读取的私钥完全不同,或者我使用的 key 长度错误?!我不知道。

欢迎任何帮助

最佳答案

首先,你的信息有误。 EVP_Seal...操作不使用rsa私有(private)加密。 EVP_Seal.. 使用 rsa_public_encryption 和 EVP_Open.. 使用 rsa_private_decryption。

秒,加密 key 的大小取决于 RSA key 的大小。在您的代码中,您使用 RSA_KEYLEN 作为 key 大小。我认为您的服务器的 key 大小可能为 2048(位)长。你使用 512(位)长。

关于C++ 在 OpenSSL 中读取和使用 RSA 私钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22866623/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com