Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
924ec89a
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
924ec89a
编写于
3月 01, 2016
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add KDF support to pkeyutl. Update documentation.
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
8185e649
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
63 addition
and
18 deletion
+63
-18
apps/pkeyutl.c
apps/pkeyutl.c
+46
-18
doc/apps/pkeyutl.pod
doc/apps/pkeyutl.pod
+17
-0
未找到文件。
apps/pkeyutl.c
浏览文件 @
924ec89a
...
...
@@ -62,11 +62,12 @@
#include <openssl/pem.h>
#include <openssl/evp.h>
#define KEY_NONE 0
#define KEY_PRIVKEY 1
#define KEY_PUBKEY 2
#define KEY_CERT 3
static
EVP_PKEY_CTX
*
init_ctx
(
int
*
pkeysize
,
static
EVP_PKEY_CTX
*
init_ctx
(
const
char
*
kdfalg
,
int
*
pkeysize
,
const
char
*
keyfile
,
int
keyform
,
int
key_type
,
char
*
passinarg
,
int
pkey_op
,
ENGINE
*
e
,
const
int
impl
);
...
...
@@ -84,7 +85,7 @@ typedef enum OPTION_choice {
OPT_PUBIN
,
OPT_CERTIN
,
OPT_ASN1PARSE
,
OPT_HEXDUMP
,
OPT_SIGN
,
OPT_VERIFY
,
OPT_VERIFYRECOVER
,
OPT_REV
,
OPT_ENCRYPT
,
OPT_DECRYPT
,
OPT_DERIVE
,
OPT_SIGFILE
,
OPT_INKEY
,
OPT_PEERKEY
,
OPT_PASSIN
,
OPT_PEERFORM
,
OPT_KEYFORM
,
OPT_PKEYOPT
OPT_PEERFORM
,
OPT_KEYFORM
,
OPT_PKEYOPT
,
OPT_KDF
,
OPT_KDFLEN
}
OPTION_CHOICE
;
OPTIONS
pkeyutl_options
[]
=
{
...
...
@@ -103,6 +104,8 @@ OPTIONS pkeyutl_options[] = {
{
"encrypt"
,
OPT_ENCRYPT
,
'-'
,
"Encrypt input data with public key"
},
{
"decrypt"
,
OPT_DECRYPT
,
'-'
,
"Decrypt input data with private key"
},
{
"derive"
,
OPT_DERIVE
,
'-'
,
"Derive shared secret"
},
{
"kdf"
,
OPT_KDF
,
's'
,
"Use KDF algorithm"
},
{
"kdflen"
,
OPT_KDFLEN
,
'p'
,
"KDF algorithm output length"
},
{
"sigfile"
,
OPT_SIGFILE
,
'<'
,
"Signature file (verify operation only)"
},
{
"inkey"
,
OPT_INKEY
,
's'
,
"Input private key file"
},
{
"peerkey"
,
OPT_PEERKEY
,
's'
,
"Peer key file used in key derivation"
},
...
...
@@ -135,6 +138,8 @@ int pkeyutl_main(int argc, char **argv)
size_t
buf_outlen
;
const
char
*
inkey
=
NULL
;
const
char
*
peerkey
=
NULL
;
const
char
*
kdfalg
=
NULL
;
int
kdflen
=
0
;
STACK_OF
(
OPENSSL_STRING
)
*
pkeyopts
=
NULL
;
prog
=
opt_init
(
argc
,
argv
,
pkeyutl_options
);
...
...
@@ -211,6 +216,14 @@ int pkeyutl_main(int argc, char **argv)
case
OPT_DERIVE
:
pkey_op
=
EVP_PKEY_OP_DERIVE
;
break
;
case
OPT_KDF
:
pkey_op
=
EVP_PKEY_OP_DERIVE
;
key_type
=
KEY_NONE
;
kdfalg
=
opt_arg
();
break
;
case
OPT_KDFLEN
:
kdflen
=
atoi
(
opt_arg
());
break
;
case
OPT_REV
:
rev
=
1
;
break
;
...
...
@@ -228,11 +241,14 @@ int pkeyutl_main(int argc, char **argv)
if
(
argc
!=
0
)
goto
opthelp
;
if
(
inkey
==
NULL
||
(
peerkey
!=
NULL
&&
pkey_op
!=
EVP_PKEY_OP_DERIVE
))
if
(
kdfalg
!=
NULL
)
{
if
(
kdflen
==
0
)
goto
opthelp
;
}
else
if
((
inkey
==
NULL
)
||
(
peerkey
!=
NULL
&&
pkey_op
!=
EVP_PKEY_OP_DERIVE
))
{
goto
opthelp
;
ctx
=
init_ctx
(
&
keysize
,
inkey
,
keyform
,
key_type
,
}
ctx
=
init_ctx
(
kdfalg
,
&
keysize
,
inkey
,
keyform
,
key_type
,
passinarg
,
pkey_op
,
e
,
engine_impl
);
if
(
ctx
==
NULL
)
{
BIO_printf
(
bio_err
,
"%s: Error initializing context
\n
"
,
prog
);
...
...
@@ -326,8 +342,13 @@ int pkeyutl_main(int argc, char **argv)
BIO_puts
(
out
,
"Signature Verification Failure
\n
"
);
goto
end
;
}
rv
=
do_keyop
(
ctx
,
pkey_op
,
NULL
,
(
size_t
*
)
&
buf_outlen
,
buf_in
,
(
size_t
)
buf_inlen
);
if
(
kdflen
!=
0
)
{
buf_outlen
=
kdflen
;
rv
=
1
;
}
else
{
rv
=
do_keyop
(
ctx
,
pkey_op
,
NULL
,
(
size_t
*
)
&
buf_outlen
,
buf_in
,
(
size_t
)
buf_inlen
);
}
if
(
rv
>
0
&&
buf_outlen
!=
0
)
{
buf_out
=
app_malloc
(
buf_outlen
,
"buffer output"
);
rv
=
do_keyop
(
ctx
,
pkey_op
,
...
...
@@ -360,7 +381,7 @@ int pkeyutl_main(int argc, char **argv)
return
ret
;
}
static
EVP_PKEY_CTX
*
init_ctx
(
int
*
pkeysize
,
static
EVP_PKEY_CTX
*
init_ctx
(
const
char
*
kdfalg
,
int
*
pkeysize
,
const
char
*
keyfile
,
int
keyform
,
int
key_type
,
char
*
passinarg
,
int
pkey_op
,
ENGINE
*
e
,
const
int
engine_impl
)
...
...
@@ -373,7 +394,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
X509
*
x
;
if
(((
pkey_op
==
EVP_PKEY_OP_SIGN
)
||
(
pkey_op
==
EVP_PKEY_OP_DECRYPT
)
||
(
pkey_op
==
EVP_PKEY_OP_DERIVE
))
&&
(
key_type
!=
KEY_PRIVKEY
))
{
&&
(
key_type
!=
KEY_PRIVKEY
&&
kdfalg
==
NULL
))
{
BIO_printf
(
bio_err
,
"A private key is needed for this operation
\n
"
);
goto
end
;
}
...
...
@@ -398,21 +419,28 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
}
break
;
}
*
pkeysize
=
EVP_PKEY_size
(
pkey
);
case
KEY_NONE
:
break
;
if
(
!
pkey
)
goto
end
;
}
#ifndef OPENSSL_NO_ENGINE
if
(
engine_impl
)
impl
=
e
;
#endif
ctx
=
EVP_PKEY_CTX_new
(
pkey
,
impl
);
EVP_PKEY_free
(
pkey
);
if
(
kdfalg
)
{
int
kdfnid
=
OBJ_sn2nid
(
kdfalg
);
if
(
kdfnid
==
NID_undef
)
goto
end
;
ctx
=
EVP_PKEY_CTX_new_id
(
kdfnid
,
impl
);
}
else
{
if
(
pkey
==
NULL
)
goto
end
;
*
pkeysize
=
EVP_PKEY_size
(
pkey
);
ctx
=
EVP_PKEY_CTX_new
(
pkey
,
impl
);
EVP_PKEY_free
(
pkey
);
}
if
(
ctx
==
NULL
)
goto
end
;
...
...
doc/apps/pkeyutl.pod
浏览文件 @
924ec89a
...
...
@@ -25,6 +25,8 @@ B<openssl> B<pkeyutl>
[B<-encrypt>]
[B<-decrypt>]
[B<-derive>]
[B<-kdf algorithm>]
[B<-kdflen length>]
[B<-pkeyopt opt:value>]
[B<-hexdump>]
[B<-asn1parse>]
...
...
@@ -119,6 +121,15 @@ decrypt the input data using a private key.
derive a shared secret using the peer key.
=item B<-kdf algorithm>
Use key derivation function B<algorithm>. Note: additional paramers
will normally have to be set and the KDF output length for this to work.
=item B<-kdflen length>
Set the ouput length for KDF.
=item B<-pkeyopt opt:value>
Public key options specified as opt:value. See NOTES below for more details.
...
...
@@ -249,6 +260,12 @@ Derive a shared secret value:
openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret
Hexdump 48 bytes of TLS1 PRF using digest B<SHA256> and shared secret and
seed consisting of the single byte 0xFF.
openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
-pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
=head1 SEE ALSO
L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录