任何人都可以帮助我使用 OpenSSL gost 引擎的示例。我必须使用 GOST R 34.10-2001 签名算法对数据进行签名,但找不到任何工作示例或文档。顺便说一句,如果我不打算使用该 OpenSSL 命令行实用程序,那么修改该 openssl.cnf 文件是否有任何意义?如果不是,我如何在代码中加载引擎?使用静态 gost 引擎构建 OpenSSL 需要哪些编译标志?提前致谢。
- - 解决方案 - -
最后,以下内容为我成功验证:
ENGINE * LoadEngine()
{
ENGINE *e = NULL;
ENGINE_load_gost();
e = ENGINE_by_id("gost");
if(!e)
{
printf("Filed to get structural reference to engine\n");
}
if(!ENGINE_init(e))
{
ENGINE_free(e);
printf("Failed to get functional reference to engine\n");
}
ENGINE_set_default(e, ENGINE_METHOD_ALL);
OpenSSL_add_all_algorithms();
return e;
}
EVP_PKEY * GenerateKeys(ENGINE *e)
{
EVP_PKEY *pkey = EVP_PKEY_new();
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(NID_id_GostR3410_2001, e);
EVP_PKEY_paramgen_init(ctx);
EVP_PKEY_CTX_ctrl(ctx,
NID_id_GostR3410_2001,
EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_GOST_PARAMSET,
NID_id_GostR3410_2001_CryptoPro_A_ParamSet,
NULL);
EVP_PKEY_keygen_init(ctx);
EVP_PKEY_keygen(ctx, &pkey);
EVP_PKEY_CTX_free(ctx);
return pkey;
}
int main()
{
ENGINE *e = NULL;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned char msg[] = "this is a test message";
Binary hash(32);
SHA256_Calc(msg, sizeof(msg), &hash[0]);
size_t siglen = 0;
int status = 0;
e = LoadEngine();
pkey = GenerateKeys(e);
ctx = EVP_PKEY_CTX_new(pkey, e);
if(ctx == NULL)
{
printf("Failed to create context\n");
return -1;
}
EVP_PKEY_sign_init(ctx);
status = EVP_PKEY_sign_init(ctx);
if(status != 1)
{
printf("Failed to init signing context\n");
return -1;
}
status = EVP_PKEY_sign(ctx, NULL, &siglen, &hash[0], hash.size());
if(status != 1)
{
printf("Failed to get signature length\n");
return -1;
}
Binary signature(siglen);
status = EVP_PKEY_sign(ctx, &signature[0], &siglen, &hash[0], hash.size());
if(status != 1)
{
printf("Failed to sign a message\n");
return -1;
}
EVP_PKEY_verify_init(ctx);
bool result = EVP_PKEY_verify(ctx, &signature[0], siglen, &hash[0], hash.size());
printf("%s\n", result ? "SUCCESS" : "FAILURE");
ENGINE_cleanup();
}