为什么启用FIPS模式时RSA_generate_key_ex会生成较小的键(一半是精确的)

时间:2014-08-24 20:51:36

标签: c++ encryption openssl rsa fips

我使用openssl-1.0.1i和FIPS openssl-fips-2.0.7(我下载并编译动态dll')。

我的程序非常简单,我想了解为什么在启用或禁用FIPS模式时更改函数RSA_generate_key_ex的结果。

我运行下面的代码输出是:

64
128
尺寸不同
按任意键继续 。 。 。 

#include "stdafx.h"

#include <stdio.h>
#include <openssl/rsa.h>
#include <iostream>

typedef int (__cdecl *f_FIPS_mode_set)(int);
typedef int (__cdecl *f_RSA_generate_key_ex)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
typedef RSA* (__cdecl *f_RSA_new)(void);
typedef BIGNUM* (__cdecl *f_BN_new)(void);
typedef int (__cdecl *f_BN_set_word)(BIGNUM *a, unsigned long w);
typedef int (__cdecl *f_RSA_size)(const RSA *rsa);

#define INT_POINTER_FUNCTION( function ) \
    f_##function p_##function = (f_##function)GetProcAddress(hGetProcIDDLL, #function); \
    if (!p_##function) { \
    std::cout << "could not locate the ##function" << std::endl; \
    return EXIT_FAILURE; \
    } 

int _tmain(int argc, _TCHAR* argv[])
{
    HINSTANCE hGetProcIDDLL = LoadLibrary(L"C:\\Users\\amos_zamir\\Desktop\\openssl_project\\openssl-1.0.1i\\out32dll\\libeay32.dll");

  if (hGetProcIDDLL == NULL) {
    std::cout << "cannot locate the .dll file" << std::endl;
    return -1;
  }

  INT_POINTER_FUNCTION( FIPS_mode_set );
  INT_POINTER_FUNCTION( RSA_generate_key_ex );
  INT_POINTER_FUNCTION( RSA_new );
  INT_POINTER_FUNCTION( BN_new );
  INT_POINTER_FUNCTION( BN_set_word );
  INT_POINTER_FUNCTION( RSA_size );


  int status=p_FIPS_mode_set(1);
  if (status == 0)
  {
      std::cout << "cannot FIPS_mode_set" << std::endl;
      goto free_all;
  }


    int             ret = 0;
    RSA             *r = NULL;
    RSA             *r1 = NULL;
    BIGNUM          *bne = NULL;
    BIO             *bp_public = NULL, *bp_private = NULL;

    int             bits = 1024;
    unsigned long   e = RSA_F4;

    // 1. generate rsa key
    bne = p_BN_new();
    ret = p_BN_set_word(bne,e);
    if(ret != 1){
        std::cout << "cannot BN_set_word" << std::endl;
        goto free_all;
    }

    r = p_RSA_new();
    ret = p_RSA_generate_key_ex(r, bits, bne, NULL);
    if(ret != 1){
        std::cout << "cannot RSA_generate_key_ex" << std::endl;
        goto free_all;
    }

    int num_bytes_with_fips=p_RSA_size(r);
    std::cout << num_bytes_with_fips << std::endl;

    status=p_FIPS_mode_set(0);
    if (status == 0)
    {
        std::cout << "cannot FIPS_mode_set" << std::endl;
        goto free_all;
    }

    r1 = p_RSA_new();
    ret = p_RSA_generate_key_ex(r1, bits, bne, NULL);
    if(ret != 1){
        std::cout << "cannot RSA_generate_key_ex" << std::endl;
        goto free_all;
    }

    int num_bytes_without_fips=p_RSA_size(r1);
    std::cout << num_bytes_without_fips << std::endl;

    if(num_bytes_without_fips!= num_bytes_with_fips)
    {
        std::cout << "Size are diffrent" << std::endl;
    }


free_all:
    system("pause");
     return 0;
}

此外,当启用FIPS并且我用RSA对象加密(RSA_public_encrypt)时,RSA_size函数返回64,输出缓冲区长度为128,我认为这是一个错误,因为手册说

  

RSA_public_encrypt()返回加密数据的大小(即RSA_size(rsa))。

https://www.openssl.org/docs/crypto/RSA_public_encrypt.html/

有些事情我做错了或者是一个错误(我非常怀疑)。

0 个答案:

没有答案
相关问题
最新问题