使用椭圆曲线Diffie-Hellman,我想连接SLCL - JS(文档)在客户端和OpenSSL - Ruby(文档)在服务器上。
我在这里发现了一个类似的问题,但它并没有真正正确地回答,它也不是我真正想要的,因为它使用sjcl.ecc.elGamal.generateKeys(384, 10),而我希望使用sjcl.ecc.curves['c384'] <- NIST
尽管如此,我仍然使用并修改了他的代码来测试,因为我在使用sjcl.ecc.curves['c384']产生单个公共点密钥时遇到了问题,这就是我想到的。
//Javascript
keypair = sjcl.ecc.elGamal.generateKeys(384, 10);
console.log(keypair.pub._point.toBits()); //Changed from his serialize()
输出到
[-1992414123, 638637875, 1917312913, 73389700, -425224557, 743777818, 970253455, 723842951, -1751664279, 982132367, -1949786746, 1067402923, -869929568, 157928816, 1651634060, 1968161300, -216192372, -1858642177, -1345910998, -2128793177, -1325754797, 143080818, 1868787479, -484135391]
使用ruby的输出:
#Ruby
pointArr = [-1992414123, 638637875, 1917312913, 73389700, -425224557, 743777818, 970253455, 723842951, -1751664279, 982132367, -1949786746, 1067402923, -869929568, 157928816, 1651634060, 1968161300, -216192372, -1858642177, -1345910998, -2128793177, -1325754797, 143080818, 1868787479, -484135391]
# ugly bit magic to somehow convert the above array into a proper byte array (in form of a string)
pointStr = [(pointArr.map { |i| (i>=0)?('0'*(8-i.to_s(16).length)+i.to_s(16)):("%08X" % (2**32-1+i+1)) }*'').upcase].pack("H*")
#My modified code
pointInt = pointStr.unpack('B*').first.to_i(2) #Convert BitStr to integer
pointBN = OpenSSL::BN.new(pointInt.to_s, 10) #Int to BigNumber (to be used as param below)
group = OpenSSL::PKey::EC::Group.new('secp384r1') #EC Group to be used
client_pub_point = OpenSSL::PKey::EC::Point.new(group, pointBN)
# ^
# ^ ABOVE'S MY PROBLEM -> OpenSSL::PKey::EC::Point::Error: invalid encoding
# ^
#Server EC: code taken and modified from https://www.ruby-forum.com/topic/3966195
ec = OpenSSL::PKey::EC.new(group)
ec.generate_key
pub = OpenSSL::PKey::EC.new(group)
pub.public_key = client_pub_point
#Compute Shared Key
shared_key = ec.dh_compute_key(pub.public_key)
puts shared_key.unpack('I>*')
当使用上面[(link)] (https://www.ruby-forum.com/topic/3966195)的原始代码时,这将"放置"如下所示
3747233514
2683763564
475565567
1087119841
857380668
2490387914
3548975947
2348082236
2093543365
1477205987
4289120093
3330807042
应该是这样的,但为了以防万一,这是我的测试
irb(main):113:0> ec = OpenSSL::PKey::EC.new(group)
=> #<OpenSSL::PKey::EC:0x37f4250>
irb(main):114:0> ec.generate_key
=> #<OpenSSL::PKey::EC:0x37f4250>
irb(main):115:0> pub = OpenSSL::PKey::EC.new(group)
=> #<OpenSSL::PKey::EC:0x374f070>
irb(main):116:0> pub.public_key = ec.public_key
=> #<OpenSSL::PKey::EC::Point:0x37f8090>
irb(main):117:0> pub.public_key.to_bn
=> 7699789176960498967958014210931326569901199635665512831714857096185925821659134057981449113945854620725216613989823482205311316333140754760317456176281271361802541262755346331375041208726203461213190230560617504850860621520632944763
irb(main):119:0> OpenSSL::PKey::EC::Point.new(group, pub.public_key.to_bn)
=> #<OpenSSL::PKey::EC:0x4029f48>
#The ABOVE FORMAT works, unlike the error I got like the following
irb(main):122:0> pointBN
=> 832312614609895991150696681555479456971598284480953722479085426901428295415600048953528780331647571635767075686130334170313461289491500162782258792834115040597490936949579748064005380309022482780162833924377801386781542770068991521
irb(main):123:0> OpenSSL::PKey::EC::Point.new(group, pointBN)
OpenSSL::PKey::EC::Point::Error: invalid encoding
但是比较上面的工作和不工作,似乎总小数位数是相同的,所以我认为我的轨道是正确的,但我只是不能真正计算出来。
对于那些可能遇到这种问题的人,这些是我的参考代码(1)(2)(3)(4)(5)
我已经在这上面呆了两天了,网上似乎没有太多关于这个的文章,我找不到任何其他支持椭圆曲线的JS库。
我终于解决了这个问题!:)
我使用了不同的Javascript库。如果你想解决类似的问题,请参考我的另一个问题(链接)
#Server EC:取自https://www.ruby-forum.com/topic/3966195的代码ec = OpenSSL::PKey:: ec .new(group)ec.generate_key…
通常我们用已知曲线的NID来称呼EC_KEY_new_by_curve_name。NIDs将包括:
-
NID_secp160k1 -
NID_secp192k1 -
NID_secp224k1 -
NID_secp256k1 -
NID_secp384r1 -
NID_secp521r1 - 其他原野曲线
- 其他双星场曲线
我想完整的列表可以在OpenSSL源代码中找到,obj_mac.h:
#define SN_secp112r1 "secp112r1"
#define NID_secp112r1 704
#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L
#define SN_secp112r2 "secp112r2"
#define NID_secp112r2 705
#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L
#define SN_secp128r1 "secp128r1"
#define NID_secp128r1 706
#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L
#define SN_secp128r2 "secp128r2"
#define NID_secp128r2 707
#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L
#define SN_secp160k1 "secp160k1"
#define NID_secp160k1 708
#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L
#define SN_secp160r1 "secp160r1"
#define NID_secp160r1 709
#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L
#define SN_secp160r2 "secp160r2"
#define NID_secp160r2 710
#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L
#define SN_secp192k1 "secp192k1"
#define NID_secp192k1 711
#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L
#define SN_secp224k1 "secp224k1"
#define NID_secp224k1 712
#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L
#define SN_secp224r1 "secp224r1"
#define NID_secp224r1 713
#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L
#define SN_secp256k1 "secp256k1"
#define NID_secp256k1 714
#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L
#define SN_secp384r1 "secp384r1"
#define NID_secp384r1 715
#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L
#define SN_secp521r1 "secp521r1"
#define NID_secp521r1 716
#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L
#define SN_sect113r1 "sect113r1"
#define NID_sect113r1 717
#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L
#define SN_sect113r2 "sect113r2"
#define NID_sect113r2 718
#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L
#define SN_sect131r1 "sect131r1"
#define NID_sect131r1 719
#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L
#define SN_sect131r2 "sect131r2"
#define NID_sect131r2 720
#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L
#define SN_sect163k1 "sect163k1"
#define NID_sect163k1 721
#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L
#define SN_sect163r1 "sect163r1"
#define NID_sect163r1 722
#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L
#define SN_sect163r2 "sect163r2"
#define NID_sect163r2 723
#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L
#define SN_sect193r1 "sect193r1"
#define NID_sect193r1 724
#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L
#define SN_sect193r2 "sect193r2"
#define NID_sect193r2 725
#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L
#define SN_sect233k1 "sect233k1"
#define NID_sect233k1 726
#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L
#define SN_sect233r1 "sect233r1"
#define NID_sect233r1 727
#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L
#define SN_sect239k1 "sect239k1"
#define NID_sect239k1 728
#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L
#define SN_sect283k1 "sect283k1"
#define NID_sect283k1 729
#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L
#define SN_sect283r1 "sect283r1"
#define NID_sect283r1 730
#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L
#define SN_sect409k1 "sect409k1"
#define NID_sect409k1 731
#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L
#define SN_sect409r1 "sect409r1"
#define NID_sect409r1 732
#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L
#define SN_sect571k1 "sect571k1"
#define NID_sect571k1 733
#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L
#define SN_sect571r1 "sect571r1"
#define NID_sect571r1 734
#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L
...
#计算共享密钥Shared_key = ec.dh_compute_key(pub.public_key)
在OpenSSL wiki上有一个ECDH的例子。我相信是马特·卡斯韦尔提供的。你可以在椭圆曲线Diffie Hellman找到它。
我认为OpenSSL wiki的例子也在这里复制/粘贴了一次:由BouncyCastle Java API和OpenSSL生成的ECDH秘密是不同的。
我不懂SJCL和Ruby,所以我帮不了你。
sjcl.ecc。curves['c384'] <- NIST
我相信你会想要NID_secp384r1,但我不懂Ruby,所以接受它的表面价值。有关命名曲线到NIDs的列表,请参见OpenSSL: OpenSSL/CHANGES OpenSSL/apps/ecparam.c OpenSSL/crypto....
如果您打算将密钥保存到磁盘上,并可能以后在证书中使用它(例如,ECDSA签名),那么您将需要设置OPENSSL_EC_NAMED_CURVE标志。该标志只是按名称保存组参数(例如,ASN1 OID: prime256v1),而不是列出ASN1对象中的所有域参数(字段类型、主或二进制字段、基点等)。
你可以这样做:
EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE);
如果你没有设置标志,那么在协商套件时你会遇到"no shared cipher "错误。以下是客户机和服务器上的症状:
客户端(s_client):
-
139925962778272:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40 -
139925962778272:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
-
服务器(s_server):
-
140339533272744:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1353:
-