Question

我正在尝试将我从select SS.ALLOC_CLUSTER_ID,SS.ALLOC_CLUSTER_NAME,SS.SKU,SUM (L.ALLOCATED_QTY) as total_allocated,count(b.location) as store_number FROM fdt_maptool_sas_data ss inner join FDT_MAP_CLUSTER_LOCATION b on B.CLUSTER_ID =A.ALLOC_CLUSTER_ID AND B.LOCATION_TYPE = 'S' inner join store s on S.STORE = b.location AND S.STORE_CLOSE_DATE IS NULL AND S.DISTRICT NOT IN (997, 998, 999) AND S.STORE_OPEN_DATE <= SYSDATE left outer join ALC_ITEM_LOC L on L.ITEM_ID = ss.SKU AND L.LOCATION_ID = b.location WHERE SS.SKU IN (1099866, 1099896, 1000898, 1000960, 1000988) AND SS.ORDER_NO IS NOT NULL AND ALLOC_CLUSTER_NAME NOT LIKE '%DC Cluster%'包围区获得的公钥加载到SGX椭圆曲线公钥对象中。

OpenSSL内置的加密库使用SGX SDK上的点作为公钥，并将它们表示为（x，y）对。所以我试图做到以下几点：

1）从SECP256R1对象中提取仿射坐标（x，y）。

2）在SGX上创建一个OpenSSL公钥对象。

3）将其设置为（x，y）。

但是，最后一次调用失败，并显示错误消息：SECP256R1。这可能在哪里出错了？它可能是一个字节序问题吗？

"error:1007C06B:elliptic curve routines:EC_POINT_set_affine_coordinates_GFp:point is not on curve"

作为参考，此处定义了一个示例密钥对：

#include <stdio.h>

#include <sgx_tcrypto.h>

#include <openssl/obj_mac.h>
#include <openssl/ec.h>
#include <openssl/err.h>

const sgx_ec256_public_t sgx_pk;
const sgx_ec256_private_t sgx_sk;

int main()
{
    //init openssl objects
    EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); //assuming this the same as secp256r1
    BN_CTX *bn_ctx = BN_CTX_new();

    //extract affine coordinates from sgx object
    BIGNUM *x = BN_bin2bn((uint8_t*)&sgx_pk.gx, sizeof(sgx_pk) / 2, NULL);
    BIGNUM *y = BN_bin2bn((uint8_t*)&sgx_pk.gy, sizeof(sgx_pk) / 2, NULL);

    //create openssl key and load the coordinates into it
    EC_KEY *ec_key = EC_KEY_new();
    EC_KEY_set_group(ec_key, group);
    EC_KEY_set_public_key_affine_coordinates(ec_key, x, y);

    //last call fails. extract error
    long error_code = ERR_get_error();
    char error_string[300];
    ERR_error_string_n(error_code, error_string, sizeof(error_string));
    puts(error_string);

    return 0;
}

Answer 1

这确实是一个字节序问题。以下C ++代码有效：

#include <stdio.h>
#include <algorithm>

#include <openssl/obj_mac.h>
#include <openssl/ec.h>
#include <openssl/err.h>

#include <sgx_tcrypto.h>

extern const sgx_ec256_public_t sgx_pk;
extern const sgx_ec256_private_t sgx_sk;

int main()
{
  //init openssl objects
  EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); 
  //assuming this the same as secp256r1
  BN_CTX *bn_ctx = BN_CTX_new();

  //extract affine coordinates from sgx object
  sgx_ec256_public_t sgx_pk_reversed;
  constexpr size_t COORDINATE_SIZE = sizeof(sgx_ec256_public_t) / 2;
  std::reverse_copy(sgx_pk.gx, sgx_pk.gx + COORDINATE_SIZE, sgx_pk_reversed.gx);
  std::reverse_copy(sgx_pk.gy, sgx_pk.gy + COORDINATE_SIZE, sgx_pk_reversed.gy);

  BIGNUM *x = BN_bin2bn((uint8_t*)&sgx_pk_reversed.gx, COORDINATE_SIZE, NULL);
  BIGNUM *y = BN_bin2bn((uint8_t*)&sgx_pk_reversed.gy, COORDINATE_SIZE, NULL);

  //create openssl key and load the coordinates into it
  EC_KEY *ec_key = EC_KEY_new();
  EC_KEY_set_group(ec_key, group);

  if (1 == EC_KEY_set_public_key_affine_coordinates(ec_key, x, y))
    puts("Holy shit it worked.");

  return 0;
}

sgx_tcrypto和OpenSSL libcrypt之间明显不兼容

1 个答案: