代码之家 › 专栏 › 技术社区 › Arya Pourtabatabaie

sgx\U tcrypto和OpenSSL libcrypt之间明显不兼容

sgx elliptic-curve cryptography openssl c

0

Arya Pourtabatabaie · 技术社区 · 7 年前

我正在尝试加载从 SGX 包围成一个 OpenSSL 椭圆曲线公钥对象。

内置于 SGX SDK 在上使用点 SECP256R1 ,并将它们表示为(x,y)对。因此,我尝试执行以下操作:

1) 从 新加坡证券交易所 对象

2) 在上创建OpenSSL公钥对象 SECP256R1 。

3) 将其设置为(x,y)。

但是,最后一次调用失败,并显示错误消息: "error:1007C06B:elliptic curve routines:EC_POINT_set_affine_coordinates_GFp:point is not on curve" .哪里出了问题?这会是一个持久性问题吗?

#include <stdio.h>

#include <sgx_tcrypto.h>

#include <openssl/obj_mac.h>
#include <openssl/ec.h>
#include <openssl/err.h>

const sgx_ec256_public_t sgx_pk;
const sgx_ec256_private_t sgx_sk;

int main()
{
    //init openssl objects
    EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); //assuming this the same as secp256r1
    BN_CTX *bn_ctx = BN_CTX_new();

    //extract affine coordinates from sgx object
    BIGNUM *x = BN_bin2bn((uint8_t*)&sgx_pk.gx, sizeof(sgx_pk) / 2, NULL);
    BIGNUM *y = BN_bin2bn((uint8_t*)&sgx_pk.gy, sizeof(sgx_pk) / 2, NULL);

    //create openssl key and load the coordinates into it
    EC_KEY *ec_key = EC_KEY_new();
    EC_KEY_set_group(ec_key, group);
    EC_KEY_set_public_key_affine_coordinates(ec_key, x, y);

    //last call fails. extract error
    long error_code = ERR_get_error();
    char error_string[300];
    ERR_error_string_n(error_code, error_string, sizeof(error_string));
    puts(error_string);

    return 0;
}

作为参考,此处定义了一个示例密钥对:

const sgx_ec256_private_t sgx_sk =
{
    0xc1, 0xe7, 0x59, 0x90, 0x4e, 0x80, 0xa5, 0x52,
    0x45, 0x25, 0xec, 0x2a, 0xc, 0x98, 0x89, 0x6e,
    0x63, 0x96, 0x4d, 0x5d, 0x58, 0x48, 0x86, 0xf4,
    0x9b, 0x70, 0xad, 0xb5, 0xa2, 0x56, 0xe9, 0x13
};

const sgx_ec256_public_t sgx_pk =
{
    0x82, 0xcb, 0x6f, 0x41, 0x3a, 0xd4, 0xfa, 0x57,
    0x6c, 0xc4, 0x1b, 0x77, 0xf6, 0xd9, 0x51, 0xc1,
    0xbc, 0x17, 0x7a, 0x88, 0xd0, 0x2e, 0x94, 0xd6,
    0x91, 0xa3, 0x1d, 0x75, 0xc, 0xbf, 0xa9, 0xca,
    0x8, 0x6c, 0xf3, 0x78, 0x92, 0xdb, 0x2f, 0x52,
    0x0, 0x44, 0x20, 0xd6, 0xa, 0xd3, 0x58, 0x3,
    0xb2, 0x35, 0xda, 0xe2, 0x1b, 0xdb, 0x2b, 0xd2,
    0xb0, 0xaf, 0x5e, 0x29, 0xc8, 0xb4, 0x93, 0x41
};

1 回复 | 直到 7 年前

1

Arya Pourtabatabaie 7 年前

这确实是一个持久性问题。以下C++代码有效:

#include <stdio.h>
#include <algorithm>

#include <openssl/obj_mac.h>
#include <openssl/ec.h>
#include <openssl/err.h>

#include <sgx_tcrypto.h>

extern const sgx_ec256_public_t sgx_pk;
extern const sgx_ec256_private_t sgx_sk;

int main()
{
  //init openssl objects
  EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); 
  //assuming this the same as secp256r1
  BN_CTX *bn_ctx = BN_CTX_new();

  //extract affine coordinates from sgx object
  sgx_ec256_public_t sgx_pk_reversed;
  constexpr size_t COORDINATE_SIZE = sizeof(sgx_ec256_public_t) / 2;
  std::reverse_copy(sgx_pk.gx, sgx_pk.gx + COORDINATE_SIZE, sgx_pk_reversed.gx);
  std::reverse_copy(sgx_pk.gy, sgx_pk.gy + COORDINATE_SIZE, sgx_pk_reversed.gy);

  BIGNUM *x = BN_bin2bn((uint8_t*)&sgx_pk_reversed.gx, COORDINATE_SIZE, NULL);
  BIGNUM *y = BN_bin2bn((uint8_t*)&sgx_pk_reversed.gy, COORDINATE_SIZE, NULL);

  //create openssl key and load the coordinates into it
  EC_KEY *ec_key = EC_KEY_new();
  EC_KEY_set_group(ec_key, group);

  if (1 == EC_KEY_set_public_key_affine_coordinates(ec_key, x, y))
    puts("Holy shit it worked.");

  return 0;
}