我想在 php 和 c 之间实现密钥交换,但是DH_compute_key在两种语言上计算的密钥总是不匹配,所以我对细节进行了一些挖掘,发现似乎 openssl 在不同的语言上生成了不同的密钥。
我希望由相同参数和私钥生成的 DH 公钥应该是相同的,但我在 php 和 c 上得到了不同的值。
这是PHP代码:
$dh_param = array(
"dh" => array(
"p" => hex2bin("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
. "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
. "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
. "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
. "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
. "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
. "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
. "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
. "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
. "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
. "15728E5A8AACAA68FFFFFFFFFFFFFFFF"),
"g" => "2",
"priv_key" => hex2bin("581268c890b5cf1a4924f74f1a7f5b160949bde05133ef4bd1bcc89792c37c00"
. "f20166d63ef442196e7f663c3ffd8e927ff7ed1f140079c1fbb069a127435a2c"
. "2e0476ae185f6526db3c7a818cd3106d43fd1befc30925fcdccc658ebfdd1b21"
. "6311844cdf674076a14e490d761b6328c978753ef20283b50a251dc06b2f7966"
. "b626d202707bb9ab49c12b7d7e32bbe78b17a73ba1ceaa118088e5dcc58f3226"
. "8650342a7b2baf3372f993d15bd663934a6015f7e066ddd7575b70819dda6e8d"
. "6b1468f418dc13744cffd6f80ef259e26e247ba49c97b658776e64b76aec421b"
. "083ec4b2f68045cf310f3cb245354a6a1ad2c76915d7a83ff18b126665039de5")
)
);
$dh = openssl_pkey_new($dh_param);
$dh_detail = openssl_pkey_get_details($dh);
echo substr(bin2hex($dh_detail['dh']['pub_key']), 0, 10), "'n";
输出为:a0a4ad686e
和 C 代码:
const char *p_hex =
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
"29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
"EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
"E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
"EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
"C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
"83655D23DCA3AD961C62F356208552BB9ED529077096966D"
"670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
"E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
"DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
"15728E5A8AACAA68FFFFFFFFFFFFFFFF";
const char *priv_key_hex =
"581268c890b5cf1a4924f74f1a7f5b160949bde05133ef4bd1bcc89792c37c00"
"f20166d63ef442196e7f663c3ffd8e927ff7ed1f140079c1fbb069a127435a2c"
"2e0476ae185f6526db3c7a818cd3106d43fd1befc30925fcdccc658ebfdd1b21"
"6311844cdf674076a14e490d761b6328c978753ef20283b50a251dc06b2f7966"
"b626d202707bb9ab49c12b7d7e32bbe78b17a73ba1ceaa118088e5dcc58f3226"
"8650342a7b2baf3372f993d15bd663934a6015f7e066ddd7575b70819dda6e8d"
"6b1468f418dc13744cffd6f80ef259e26e247ba49c97b658776e64b76aec421b"
"083ec4b2f68045cf310f3cb245354a6a1ad2c76915d7a83ff18b126665039de5";
DH *dh = DH_new();
BN_dec2bn(&dh->g, "2");
BN_hex2bn(&dh->p, p_hex);
BN_hex2bn(&dh->priv_key, priv_key_hex);
DH_generate_key(dh);
const char *pub_key_hex = BN_bn2hex(dh->pub_key);
printf("%.10s'n", pub_key_hex);
输出1606378B62
我有研究 php openssl 扩展的源代码,上面的 c 代码应该具有相同的行为。
好吧...我花了很多时间来检查主密钥和私钥,但他们都很好。
错误在生成器上,它应该是二进制 2,而不是 ASCII"2"。
只需将参数更改为"g" => hex2bin("02")
即可正常工作