Openssl 编程
Openssl 编程
赵春平 著
Email: forxy@126.com
Openssl 编程
第一章
第二章
2.1
2.2
2.2.1
2.2.2
基础知识 ........................................................................................................................ 8
1.1 对称算法 ........................................................................................................................ 8
1.2 摘要算法 ........................................................................................................................ 9
1.3 公钥算法 ........................................................................................................................ 9
1.4 回调函数 ...................................................................................................................... 11
openssl 简介................................................................................................................. 13
openssl 简介................................................................................................................. 13
openssl 安装................................................................................................................. 13
linux 下的安装.................................................................................................13
windows 编译与安装 ...................................................................................... 14
2.3
openssl 源代码............................................................................................................. 14
2.4
openssl 学习方法......................................................................................................... 16
堆栈 .............................................................................................................................. 17
第三章
3.1
openssl 堆栈................................................................................................................. 17
3.2 数据结构 ...................................................................................................................... 17
3.3 源码 .............................................................................................................................. 18
3.4 定义用户自己的堆栈函数 ..........................................................................................18
3.5 编程示例 ...................................................................................................................... 19
哈希表 .......................................................................................................................... 21
4.1 哈希表 .......................................................................................................................... 21
4.2 哈希表数据结构 ..........................................................................................................21
4.3 函数说明 ...................................................................................................................... 23
4.4 编程示例 ...................................................................................................................... 25
内存分配 ...................................................................................................................... 27
第五章
5.1
openssl 内存分配......................................................................................................... 27
5.2 内存数据结构 .............................................................................................................. 27
5.3 主要函数 ...................................................................................................................... 28
5.4 编程示例 ...................................................................................................................... 29
动态模块加载 .............................................................................................................. 30
6.1 动态库加载 .................................................................................................................. 30
6.2
DSO 概述 ..................................................................................................................... 30
6.3 数据结构 ...................................................................................................................... 31
6.4 编程示例 ...................................................................................................................... 32
抽象 IO.........................................................................................................................34
第七章
7.1
openssl 抽象 IO ............................................................................................................34
7.2 数据结构 ...................................................................................................................... 34
7.3
BIO 函数..................................................................................................................... 36
7.4 编程示例 ...................................................................................................................... 36
mem bio............................................................................................................36
file bio...............................................................................................................37
socket bio..........................................................................................................38
md BIO ............................................................................................................. 39
cipher BIO ........................................................................................................ 40
ssl BIO..............................................................................................................41
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
第四章
第六章
2
Openssl 编程
7.4.7
第八章
第九章
第十章
10.1
10.2
10.3
10.4
第十一章
第十二章
其他示例 ..........................................................................................................42
配置文件 ...................................................................................................................... 43
8.1 概述 .............................................................................................................................. 43
8.2
openssl 配置文件读取.................................................................................................43
8.3 主要函数 ...................................................................................................................... 44
8.4 编程示例 ...................................................................................................................... 44
随机数 .......................................................................................................................... 46
9.1 随机数 .......................................................................................................................... 46
9.2
openssl 随机数数据结构与源码.................................................................................46
9.3 主要函数 ...................................................................................................................... 48
9.4 编程示例 ...................................................................................................................... 48
文本数据库 .................................................................................................................. 50
概述 .......................................................................................................................... 50
数据结构 .................................................................................................................. 51
函数说明 .................................................................................................................. 51
编程示例 .................................................................................................................. 52
大数 .......................................................................................................................... 54
11.1 介绍 .............................................................................................................................. 54
11.2
openssl 大数表示......................................................................................................... 54
11.3 大数函数 ...................................................................................................................... 55
11.4 使用示例 ...................................................................................................................... 58
BASE64 编解码.......................................................................................................64
12.1 BASE64 编码介绍 .......................................................................................................64
12.2 BASE64 编解码原理 ...................................................................................................64
主要函数 .................................................................................................................. 65
12.3
12.4
编程示例 .................................................................................................................. 66
ASN1 库 ................................................................................................................... 68
第十三章
13.1 ASN1 简介 ................................................................................................................... 68
13.2 DER 编码 ..................................................................................................................... 70
13.3 ASN1 基本类型示例 ...................................................................................................70
openssl 的 ASN.1 库 ...................................................................................................73
13.4
13.5
用 openssl 的 ASN.1 库 DER 编解码.....................................................................74
13.6 Openssl 的 ASN.1 宏................................................................................................... 74
13.7 ASN1 常用函数 ...........................................................................................................75
13.8 属性证书编码 ............................................................................................................ 89
错误处理 .................................................................................................................. 93
概述 .......................................................................................................................... 93
数据结构 .................................................................................................................. 93
主要函数 .................................................................................................................. 95
编程示例 .................................................................................................................. 97
摘要与 HMAC.......................................................................................................100
概述 ........................................................................................................................ 100
openssl 摘要实现.......................................................................................................100
函数说明 ................................................................................................................ 101
第十四章
14.1
14.2
14.3
14.4
第十五章
15.1
15.2
15.3
3
Openssl 编程
第十六章
16.1
16.2
16.3
16.4
16.5
第十七章
15.4
编程示例 ................................................................................................................ 101
15.5 HMAC ........................................................................................................................ 103
数据压缩 ................................................................................................................ 104
简介 ................................................................................................................................ 104
数据结构 ................................................................................................................ 104
函数说明 ................................................................................................................ 105
openssl 中压缩算法协商...........................................................................................106
编程示例 ................................................................................................................ 106
RSA........................................................................................................................ 107
17.1 RSA 介绍 .................................................................................................................... 107
17.2
openssl 的 RSA 实现 ................................................................................................. 107
17.3 RSA 签名与验证过程............................................................................................... 108
17.4
数据结构 ................................................................................................................ 109
17.4.1 RSA_METHOD ..................................................................................................109
RSA................................................................................................................ 110
17.4.2
17.5
主要函数 ................................................................................................................ 110
17.6 编程示例 ........................................................................................................................ 112
17.6.1 密钥生成 ............................................................................................................. 112
17.6.2
RSA 加解密运算........................................................................................... 113
17.6.3 签名与验证 ......................................................................................................... 116
DSA ........................................................................................................................ 119
第十八章
DSA 简介............................................................................................................... 119
18.1
openssl 的 DSA 实现 .................................................................................................120
18.2
18.3 DSA 数据结构 ...........................................................................................................120
主要函数 ................................................................................................................ 121
18.4
18.5
编程示例 ................................................................................................................ 122
18.5.1 密钥生成 ............................................................................................................. 122
18.5.2 签名与验证 .........................................................................................................124
第十九章 DH..................................................................................................................................126
19.1 DH 算法介绍 ............................................................................................................. 126
19.2
openssl 的 DH 实现 ................................................................................................... 127
19.3 数据结构 ........................................................................................................................ 127
19.4
主要函数 ................................................................................................................ 128
编程示例 ................................................................................................................ 129
19.5
椭圆曲线 ................................................................................................................ 132
第二十章
ECC 介绍 ................................................................................................................... 132
20.1
openssl 的 ECC 实现 ................................................................................................. 133
20.2
20.3
主要函数 ................................................................................................................ 134
20.3.1 参数设置 ............................................................................................................. 134
20.3.2 参数获取 ............................................................................................................. 135
20.3.3 转化函数 ............................................................................................................. 136
20.3.4 其他函数 ............................................................................................................. 137
编程示例 ................................................................................................................ 139
EVP.....................................................................................................................143
20.4
第二十一章
4
Openssl 编程
第二十二章
22.1
22.2
22.3
22.4
第二十三章
第二十四章
21.2.1
21.2.2
21.2.3
21.2.4
21.1 EVP 简介 ........................................................................................................................143
21.2 数据结构....................................................................................................................... 143
EVP_PKEY....................................................................................................143
EVP_MD ........................................................................................................144
EVP_CIPHER ................................................................................................ 145
EVP_CIPHER_CTX ......................................................................................146
21.3 源码结构....................................................................................................................... 146
21.4 摘要函数....................................................................................................................... 147
21.5 对称加解密函数...........................................................................................................147
21.6 非对称函数................................................................................................................... 148
21.7 BASE64 编解码函数 .................................................................................................149
21.8 其他函数 ........................................................................................................................ 149
21.9 对称加密过程 ............................................................................................................. 151
21.10 编程示例 ................................................................................................................ 152
PEM 格式 ...........................................................................................................159
PEM 概述 ...................................................................................................................159
openssl 的 PEM 实现 .................................................................................................159
PEM 函数 ...................................................................................................................160
编程示例 ................................................................................................................ 161
Engine.................................................................................................................165
Engine 概述 ................................................................................................................165
Engine 支持的原理....................................................................................................165
Engine 数据结构 ........................................................................................................165
openssl 的 Engine 源码 .............................................................................................166
Engine 函数 ................................................................................................................167
实现 Engine 示例 ...................................................................................................168
通用数据结构 ....................................................................................................182
24.1 通用数据结构 ................................................................................................................ 182
24.2 X509_ALGOR........................................................................................................... 182
24.3 X509_VAL..................................................................................................................183
24.4 X509_SIG ...................................................................................................................185
24.5 X509_NAME_ENTRY.............................................................................................. 186
24.6 X509_NAME ............................................................................................................. 186
24.7 X509_EXTENSION ...................................................................................................192
24.8 X509_ATTRIBUTE................................................................................................... 198
24.9 GENERAL_NAME ....................................................................................................199
证书申请 ............................................................................................................ 203
证书申请介绍 ........................................................................................................203
数据结构 ................................................................................................................ 203
主要函数 ................................................................................................................ 204
编程示例 ................................................................................................................ 206
25.4.1 生成证书请求文件 .............................................................................................206
25.4.2 解码证书请求文件 ........................................................................................208
X509 数字证书 ..................................................................................................210
23.1
23.2
23.3
23.4
23.5
23.6
25.1
25.2
25.3
25.4
第二十五章
第二十六章
5
Openssl 编程
第二十七章
第二十八章
第二十九章
26.1 X509 数字证书 .......................................................................................................... 210
26.2
opessl 实现 ................................................................................................................. 210
26.3 X509 数据结构 .......................................................................................................... 210
26.4 X509_TRUST 与 X509_CERT_AUX.......................................................................213
26.5 X509_PURPOSE ........................................................................................................215
主要函数 ................................................................................................................ 218
26.6
26.7
证书验证 ................................................................................................................ 221
26.7.1 证书验证项 .........................................................................................................221
Openssl 中的证书验证 ..................................................................................221
26.7.2
OCSP.................................................................................................................. 222
概述 ........................................................................................................................ 222
27.1
openssl 实现............................................................................................................... 222
27.2
27.3
主要函数 ................................................................................................................ 222
27.4 编程示例 ........................................................................................................................ 227
CRL .................................................................................................................... 228
28.1 CRL 介绍 ................................................................................................................... 228
28.2
数据结构 ................................................................................................................ 228
28.3 CRL 函数 ................................................................................................................... 229
编程示例 ................................................................................................................ 230
28.4
PKCS7 ................................................................................................................ 233
29.1 概述 ................................................................................................................................ 233
数据结构 ................................................................................................................ 233
29.2
29.3
函数 ........................................................................................................................ 234
29.4 消息编解码 ..............................................................................................................234
29.4.1
data............................................................................................................... 235
29.4.2
signed data....................................................................................................235
29.4.3
enveloped......................................................................................................236
29.4.4
signed_and_enveloped................................................................................. 237
29.4.5
digest.............................................................................................................238
29.4.6
encrypted...................................................................................................... 238
29.4.7 读取 PEM.......................................................................................................239
29.4.8 解码 pkcs7......................................................................................................240
PKCS12................................................................................................................ 241
第三十章
概述 ........................................................................................................................ 241
30.1
30.2
openss 实现 ................................................................................................................ 241
30.3 数据结构 ........................................................................................................................ 241
30.4 函数 ................................................................................................................................ 242
编程示例 ................................................................................................................ 244
30.5
SSL 实现 ............................................................................................................ 254
31.1 概述 ................................................................................................................................ 254
openssl 实现............................................................................................................... 254
31.2
31.3
建立 SSL 测试环境 ...............................................................................................254
数据结构 ................................................................................................................ 255
31.4
31.5
加密套件 ................................................................................................................ 256
第三十一章
6
Openssl 编程
第三十二章
密钥信息 ................................................................................................................ 257
31.6
SESSION ....................................................................................................................257
31.7
多线程支持............................................................................................................ 258
31.8
编程示例 ................................................................................................................ 258
31.9
31.10 函数 ........................................................................................................................ 269
Openssl 命令 ...................................................................................................... 272
32.1 概述 ................................................................................................................................ 272
asn1parse.................................................................................................................... 272
32.2
dgst ..............................................................................................................................274
32.3
32.4
gendh.......................................................................................................................... 275
passwd........................................................................................................................ 275
32.5
rand............................................................................................................................. 276
32.6
genrsa ..........................................................................................................................277
32.7
32.8
req............................................................................................................................... 277
x509............................................................................................................................ 280
32.9
version.................................................................................................................... 283
32.10
32.11
speed.......................................................................................................................283
sess_id...................................................................................................................284
32.12
s_server.................................................................................................................284
32.13
32.14
s_client..................................................................................................................286
rsa..........................................................................................................................288
32.15
pkcs7.....................................................................................................................289
32.16
32.17
dsaparam...............................................................................................................289
gendsa...................................................................................................................290
32.18
enc.........................................................................................................................291
32.19
32.20
ciphers...................................................................................................................292
CA.........................................................................................................................292
32.21
verify.....................................................................................................................296
32.22
rsatul..................................................................................................................... 297
32.23
32.24
crl............................................................................................................................298
crl2pkcs7.............................................................................................................299
32.25
32.26
errstr ....................................................................................................................300
32.27 ocsp...............................................................................................................................300
pkcs12...................................................................................................................303
32.28
pkcs8.....................................................................................................................305
32.29
32.30
s_time................................................................................................................... 306
32.31 dhparam 和 dh.............................................................................................................. 307
ecparam...................................................................................................................309
32.32
32.33
ec...........................................................................................................................310
dsa.........................................................................................................................311
32.34
nseq.......................................................................................................................312
32.35
32.36
prime.....................................................................................................................312
smime................................................................................................................... 313
32.37
7
Openssl 编程
第一章 基础知识
1.1 对称算法
对称算法使用一个密钥。给定一个明文和一个密钥,加密产生密文,其长度和明文大致
相同。解密时,使用读密钥与加密密钥相同。
对称算法主要有四种加密模式:
(1) 电子密码本模式 Electronic Code Book(ECB)
这种模式是最早采用和最简单的模式,它将加密的数据分成若干组,每组的大小跟加密
密钥长度相同,然后每组都用相同的密钥进行加密。
其缺点是:电子编码薄模式用一个密钥加密消息的所有块,如果原消息中重复明文
块,则加密消息中的相应密文块也会重复,因此,电子编码薄模式适于加密小消息。
(2)加密块链模式 Cipher Block Chaining(CBC)
CBC 模式的加密首先也是将明文分成固定长度的块,然后将前面一个加密块输出
的密文与下一个要加密的明文块进行异或操作,将计算结果再用密钥进行加密得到密
文。第一明文块加密的时候,因为前面没有加密的密文,所以需要一个初始化向量。跟
ECB 方式不一样,通过连接关系,使得密文跟明文不再是一一对应的关系,破解起来
更困难,而且克服了只要简单调换密文块可能达到目的的攻击。
(3)加密反馈模式
Cipher Feedback Mode(CFB)
面向字符的应用程序的加密要使用流加密法,可以使用加密反馈模式。在此模式下,
数据用更小的单元加密,如可以是 8 位,这个长度小于定义的块长(通常是 64 位)。其
加密步骤是:
a) 使用 64 位的初始化向量。初始化向量放在移位寄存器中,在第一步加密,产
生相应的 64 位初始化密文;
b) 始化向量最左边的 8 位与明文前 8 位进行异或运算,产生密文第一部分(假设
为 c),然后将 c 传输到接收方;
c) 向量的位(即初始化向量所在的移位寄存器内容)左移 8 位,使移位寄存器最
右边的 8 位为不可预测的数据,在其中填入 c 的内容;
d) 第 1-3 步,直到加密所有的明文单元。
解密过程相反
4)输出反馈模式
Output Feedback Mode(OFB)
输出反馈模式与 CFB 相似,惟一差别是,CFB 中密文填入加密过程下一阶段,而
在 OFB 中,初始化向量加密过程的输入填入加密过程下一阶段。
8