因为我的项目须要验证签名,这里不做签名,只验签
间接上代码:
应用办法:
openssl 版本:1.0.2g 其余的自行验证
编译:g++ x509.cpp -o x509 -lssl -lcrypto
执行:./x509
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <cstring>
#include <iostream>
// base64 编码
char *base64_encode(const char *buffer, int length) {
BIO *bmem = NULL;
BIO *b64 = NULL;
BUF_MEM *bptr;
char *buff = NULL;
b64 = BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
bmem = BIO_new(BIO_s_mem());
b64 = BIO_push(b64, bmem);
BIO_write(b64, buffer, length);
BIO_flush(b64);
BIO_get_mem_ptr(b64, &bptr);
BIO_set_close(b64, BIO_NOCLOSE);
buff = (char *)malloc(bptr->length + 1);
memcpy(buff, bptr->data, bptr->length);
buff[bptr->length] = 0;
BIO_free_all(b64);
return buff;
}
// base64 解码
char *base64_decode(char *input, int length) {
BIO *b64 = NULL;
BIO *bmem = NULL;
char *buffer = NULL;
buffer = (char *)malloc(length);
memset(buffer, 0, length);
b64 = BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
bmem = BIO_new_mem_buf(input, length);
bmem = BIO_push(b64, bmem);
BIO_read(bmem, buffer, length);
BIO_free_all(bmem);
return buffer;
}
int get_str_len(const char *in) {
int num = 0;
if(in == NULL) {return 0;}
while (!((*(in + num) == NULL) && (*(in + num + 1) == NULL) \
&& (*(in + num + 2) == NULL) && (*(in + num + 3) == NULL) \
&& (*(in + num + 4) == NULL)&& (*(in + num + 5) == NULL) \
&& (*(in + num + 6) == NULL)&& (*(in + num + 7) == NULL))) {num++;}
return num;
}
static const char hex_table[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
// 字节转十六进制字符串
std::string BytesToHexStr(const char* aInStr, int len)
{
std::string hex_str;
for (int i = 0; i < len; ++i) {hex_str.append(&hex_table[(aInStr[i] & 0xF0) >> 4], 1);
hex_str.append(&hex_table[aInStr[i] & 0xF], 1);
}
std::cout << hex_str << std::endl;
return hex_str;
}
// 字符串截取
char* substring(char* ch,int pos,int length)
{
// 定义字符指针 指向传递进来的 ch 地址
char *pch = ch;
// 通过 calloc 来调配一个 length 长度的字符数组,返回的是字符指针。char *subch = (char*)calloc(sizeof(char),length+1);
int i;
// 只有在 C99 下 for 循环中才能够申明变量,这里写在里面,进步兼容性。pch = pch + pos;
// 是 pch 指针指向 pos 地位。for(i = 0; i < length; i++) {subch[i] = *(pch++); // 循环遍历赋值数组。}
subch[length]='\0'; // 加上字符串结束符。return subch; // 返回调配的字符数组地址。}
int ECDSA_WithSHA256_do_verify(const char *strx509, char *message, unsigned int messageLen, char *signBuf, unsigned int signLen) {
EC_KEY * ec_key;
EVP_MD_CTX md_ctx;
int ret = -1;
char *Sigbuff = NULL, *Signature = NULL, *r = NULL, *s = NULL;
char dst_str[2][512+1];
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digestLen = 0;
BIO *bio_mem = BIO_new(BIO_s_mem());
BIO_puts(bio_mem, strx509);
X509 * x509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);
EVP_PKEY *pkey = X509_get_pubkey(x509); // 获取证书的公钥
if (pkey->type == EVP_PKEY_EC) {ec_key = EVP_PKEY_get1_EC_KEY(pkey);
if (!ec_key) {printf("get EVP_PKEY_get1_EC_KEY fail \n");
}
}
EVP_PKEY_free(pkey);
Sigbuff = base64_decode(message,messageLen); // base64 解码后的验证数据
Signature = base64_decode(signBuf,signLen); // base64 解码后的签名数据
printf("Sigbuff: %s\n", Sigbuff);
printf("Signature: %s\n Signature len: %d\n EVP_MAX_MD_SIZE: %d\n", Signature,get_str_len(Signature), EVP_MAX_MD_SIZE);
r = substring(Signature,0,get_str_len(Signature)/2);
s = substring(Signature,get_str_len(Signature)/2,get_str_len(Signature));
std::string rSignatureInHex = BytesToHexStr(r,get_str_len(Signature)/2);
std::string sSignatureInHex = BytesToHexStr(s,get_str_len(Signature)/2);
free(r);
free(s);
EVP_MD_CTX_init(&md_ctx);
if (!EVP_DigestInit(&md_ctx, EVP_sha256())) {printf("EVP_digest fail \n");
}
if (!EVP_DigestUpdate(&md_ctx, (const void *)Sigbuff, get_str_len(Sigbuff))) {printf("EVP_DigestUpdate fail \n");
}
if (!EVP_DigestFinal(&md_ctx, digest, &digestLen)) {printf("EVP_DigestFinal fail \n");
}
free(Sigbuff);
free(Signature);
ECDSA_SIG *sig = (ECDSA_SIG *)malloc(sizeof(ECDSA_SIG));
strncpy(dst_str[0], rSignatureInHex.c_str(), 512);
strncpy(dst_str[1], sSignatureInHex.c_str(), 512);
printf("dst_str[0]: %s\n", &dst_str[0]);
printf("dst_str[1]: %s\n", &dst_str[1]);
sig->r = BN_new();
sig->s = BN_new();
BN_hex2bn(&(sig->r), dst_str[0]); // 十六进制转二进制
BN_hex2bn(&(sig->s), dst_str[1]);
/*do verify*/
ret = ECDSA_do_verify((const unsigned char*)digest, digestLen, sig, ec_key);
if (ret == -1) {printf("ECDSA_verify failed\n");
} else if (ret == 0) {printf("ECDSA_verify incorrect signature\n");
} else {printf("ECDSA_verify ok\n");
}
BN_free(sig->r);
BN_free(sig->s);
free(sig);
if (ec_key) {EC_KEY_free(ec_key);
ec_key = NULL;
}
BIO_free(bio_mem);
X509_free(x509);
return ret;
}
int main(int argc, char **argv)
{OpenSSL_add_all_algorithms();
// 须要验证的数据的 base64 编码
char message[] = "hGpTaWduYXR1cmUxTaIESDSaQrDC0HKOASZAWQECpAQaZF2BgAYaYUOemQFiSVQ5AQOhAaRhdoGqYmRuAWJtYW1PUkctMTAwMDAxNjk5YnZwajExMTkzMDUwMDViZHRqMjAyMS0wNS0wNWJjb2JJVGJjaXgmMDFJVDVBMUM2NEYyREYwODQ3RjI5Rjc0MTA2MjA1OEFGQUUwIzFibXBsRVUvMS8yMS8xNTI5Ymlzdk1pbmlzdGVybyBkZWxsYSBTYWx1dGVic2QBYnRnaTg0MDUzOTAwNmNuYW2kY2ZudGdQQU5ESU5JYmZuZ1BBTkRJTkljZ250ZkFORFJFQWJnbmZBTkRSRUFjdmVyZTEuMC4wY2RvYmoxOTUyLTA5LTI4";
// 摘要签名数据的 base64 编码
char signBuf[] = "a0KNpWa23iFQue19IioU/jrUPd/Utoo9A4prMG9LvS3FCsNEHHAwoAUpO4/KIfLB6R1MiIakaIJo4lIBawvUOA==";
// 证书
std::string str = "MIIEDzCCAfegAwIBAgIURldu5rsfrDeZtDBxrJ+SujMr2IswDQYJKoZIhvcNAQELBQAwSTELMAkGA1UEBhMCSVQxHzAdBgNVBAoMFk1pbmlzdGVybyBkZWxsYSBTYWx1dGUxGTAXBgNVBAMMEEl0YWx5IERHQyBDU0NBIDEwHhcNMjEwNTEyMDgxODE3WhcNMjMwNTEyMDgxMTU5WjBIMQswCQYDVQQGEwJJVDEfMB0GA1UECgwWTWluaXN0ZXJvIGRlbGxhIFNhbHV0ZTEYMBYGA1UEAwwPSXRhbHkgREdDIERTQyAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnL9+WnIp9fvbcocZSGUFlSw9ffW/jbMONzcvm1X4c+pXOPEs7C4/83+PxS8Swea2hgm/tKt4PI0z8wgnIehoj6OBujCBtzAfBgNVHSMEGDAWgBS+VOVpXmeSQImXYEEAB/pLRVCw/zBlBgNVHR8EXjBcMFqgWKBWhlRsZGFwOi8vY2Fkcy5kZ2MuZ292Lml0L0NOPUl0YWx5JTIwREdDJTIwQ1NDQSUyMHhcMSxPPU1pbmlzdGVybyUyMGRlbGxhJTIwU2FsdXRlLEM9SVQwHQYDVR0OBBYEFC4bAbCvpArrgZ0E+RrqS8V7TNNIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAjxTeF7yhKz/3PKZ9+WfgZPaIzZvnO/nmuUartgVd3xuTPNtd5tuYRNS/1B78HNNk7fXiq5hH2q8xHF9yxYxExov2qFrfUMD5HOZzYKHZcjcWFNHvH6jx7qDCtb5PrOgSK5QUQzycR7MgWIFinoWwsWIrA1AJOwfUoi7v1aoWNMK1eHZmR3Y9LQ84qeE2yDk3jqEGjlJVCbgBp7O8emzy2KhWv3JyRZgTmFz7p6eRXDzUYHtJaufveIhkNM/U8p3S7egQegliIFMmufvEyZemD2BMvb97H9PQpuzeMwB8zcFbuZmNl42AFMQ2PhQe27pU0wFsDEqLe0ETb5eR3T9L6zdSrWldw6UuXoYV0/5fvjA55qCjAaLJ0qi16Ca/jt6iKuws/KKh9yr+FqZMnZUH2D2j2i8LBA67Ie0JoZPSojr8cwSTxQBdJFI722uczCj/Rt69Y4sLdV3hNQ2A9hHrXesyQslr0ez3UHHzDRFMVlOXWCayj3LIgvtfTjKrT1J+/3Vu9fvs1+CCJELuC9gtVLxMsdRc/A6/bvW4mAsyY78ROX27Bi8CxPN5IZbtiyjpmdfr2bufDcwhwzdwsdQQDoSiIF1LZqCn7sHBmUhzoPcBJdXFET58EKow0BWcerZzpvsVHcMTE2uuAUr/JUh1SBpoJCiMIRSl+XPoEA2qqYU=";
str.insert(0,"-----BEGIN CERTIFICATE-----" "\n");
str.append("\n" "-----END CERTIFICATE-----" "\n");
int ret = ECDSA_WithSHA256_do_verify(str.c_str(), message, sizeof(message), signBuf, sizeof(signBuf));
printf("ECDSA_WithSHA256 ret = %d\n", ret);
}
/*
应用办法:openssl 版本:1.0.2g 其余的自行验证
编译:g++ x509.cpp -o x509 -lssl -lcrypto
执行:./x509
*/