我正在使用openssl库实现ETSI标准,更具体地说,是实现与PKI的通信。 为此,我必须使用ECIES加密方案,但未在openssl中实现。
我找到了这段代码here in the crypto++ google group:
int curve_id = EC_GROUP_get_curve_name(EC_KEY_get0_group((EC_KEY*)m_pPrivKey));
EC_KEY* temp_key = EC_KEY_new_by_curve_name(curve_id);
size_t uPubLen = i2o_ECPublicKey((EC_KEY*)m_pPrivKey, NULL);
o2i_ECPublicKey(&temp_key, (const byte**)&pCiphertext, uPubLen); // warnign this moves the pCiphertext pointer
uCiphertextSize -= uPubLen;
size_t SecLen = (EC_GROUP_get_degree(EC_KEY_get0_group((EC_KEY*)m_pPrivKey)) + 7) / 8;
byte* pSec = new byte[SecLen];
int ret = ECDH_compute_key(pSec, SecLen, EC_KEY_get0_public_key(temp_key), (EC_KEY*)m_pPrivKey, NULL);
ASSERT(ret == SecLen);
EC_KEY_free(temp_key);
CHashFunction GenFx(CHashFunction::eSHA1); // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
uPlaintextSize = (uCiphertextSize > GenFx.GetSize()) ? (uCiphertextSize - GenFx.GetSize()) : 0;
int mac_key_len = 16;
int GenLen = uPlaintextSize + mac_key_len;
uint32 counter = 1;
CBuffer GenHash;
while(GenHash.GetSize() < GenLen)
{
GenFx.Add(pSec, SecLen);
CBuffer Buff;
Buff.WriteValue<uint32>(counter++, true);
GenFx.Add(&Buff);
GenFx.Finish();
GenHash.AppendData(GenFx.GetKey(), GenFx.GetSize());
GenFx.Reset();
}
GenHash.SetSize(GenLen); // truncate
delete pSec;
byte* key = GenHash.GetBuffer();
byte* macKey = key + uPlaintextSize;
unsigned char* result;
size_t mac_len = uCiphertextSize - uPlaintextSize;
ASSERT(mac_len == 20);
byte* mac_result = new byte[mac_len];
HMAC_CTX ctx;
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, macKey, mac_key_len, EVP_sha1(), NULL);
HMAC_Update(&ctx, pCiphertext, uPlaintextSize);
HMAC_Final(&ctx, mac_result, &mac_len);
HMAC_CTX_cleanup(&ctx);
Ret = memcmp(pCiphertext + uPlaintextSize, mac_result, mac_len) == 0 ? 1 : 0;
delete mac_result;
ASSERT(pPlaintext == NULL);
pPlaintext = new byte[uPlaintextSize];
for(int i=0; i < uPlaintextSize; i++)
pPlaintext[i] = pCiphertext[i] ^ key[i];
但是我不确定它是否可以正常工作,我也不知道如何使用这段代码。
有人已经实施了该方案吗?