openssl之DH(Diffie–Hellman)加密

//加密机制初始化
g_HDMgr.init();

//对方的public key
BIGNUM* peerPubKey = NULL;
peerPubKey = BN_bin2bn((unsigned char*)pRegist->DH_PubKey, pRegist->nDH_PubKey_Len, NULL);
if (peerPubKey != NULL)
{
    //计算密钥
    unsigned char* ClientSecret = NULL;
    int nSecretSize = g_HDMgr.ComputeSecret(g_HDMgr.GetdhPriv(), peerPubKey, &ClientSecret);

    if (nSecretSize <= 0)
    {
        return false;
    }
    SHA256(ClientSecret, nSecretSize, key32);
    strHex = DPC::PrintHexMsg((char*)g_HDMgr.ServerSecret, g_HDMgr.nServerSecret_Len);
    gLog.LogText(LOG_INFO, "[%s][%s] 
", ENKEY, strHex.c_str());
}

/*---------------------------------------------------------------------------
Copyright (C) 2013 Bonson Info
文件    : HiredisConn.h
版本    : V1.0
时间    : 2018-08-30
作者    : lial@bonsoninfo.com
描述    : HD加密 控制者
---------------------------------------------------------------------------*/

#pragma once
#include <boost/serialization/singleton.hpp>
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/ossl_typ.h>

#define USE_PREDEF_PARAMETERS 1
#define BUFFER_SIZE 4096
#define ADD            1
#define DES            0


#define g_HDMgr CDHMgr::get_mutable_instance()
class CDHMgr : public  boost::serialization::singleton<CDHMgr>
{
public:
    CDHMgr();
    ~CDHMgr();
public:
    DH *dhPriv;
    unsigned char*    ServerSecret;        // SiteCenter端密码摘要
    int        nServerSecret_Len;            // SiteCenter端密码摘要长度
public:
    void init(); 
    int ComputeSecret(DH* dh, BIGNUM* peerPubKey, unsigned char** secret);
    int PKCS7Pending(unsigned char* plaintext, int nDataLen, int nBlockSize);
    inline unsigned char*    GetServerSecret(){ return ServerSecret; };
    inline DH * GetdhPriv(){ return dhPriv; };
};

#include "DHMrg.h"
#include "../PluginComm/clog.h"



//*************************************************************************
// 函数名:    InitDHParameters
// 参数:      DH** dh
// 返回值:    int
// 描述:      初始化Diffie-Hellman参数p 和 g
//*************************************************************************
int InitDHParameters(DH** dh)
{
#if USE_PREDEF_PARAMETERS
    //使用预定义参数 p 和 g
    const unsigned char p[] = {
        0xcc, 0x0b, 0xea, 0x16, 0x42, 0xc6, 0x55, 0x9c, 0xef, 0x5d,
        0x73, 0x51, 0xd8, 0x03, 0xe9, 0x90, 0x53, 0xdc, 0x27, 0x8e,
        0x97, 0x22, 0x22, 0x67, 0xdf, 0xe1, 0xf3, 0x99, 0xcc, 0x55,
        0xe0, 0xd0, 0x75, 0x6d, 0x51, 0x5e, 0x00, 0x25, 0xca, 0x1d,
        0x5d, 0x01, 0xec, 0x54, 0xae, 0xb2, 0xe9, 0xca, 0xc3, 0xae,
        0xb0, 0xc5, 0xa0, 0x2c, 0x53, 0xc5, 0x10, 0xe6, 0x4d, 0xe7,
        0xba, 0xe8, 0x81, 0xb7, 0x76, 0x79, 0x80, 0xb0, 0x3c, 0xdd,
        0xbf, 0x1a, 0x94, 0x04, 0x7a, 0x51, 0xca, 0xed, 0x89, 0x77,
        0x88, 0xb1, 0xa3, 0x6c, 0xf6, 0x98, 0xba, 0x39, 0xf4, 0x7c,
        0xa2, 0xd9, 0x7a, 0x94, 0x2a, 0x46, 0xcc, 0x9e, 0x7f, 0xd2,
        0x27, 0x1e, 0xe6, 0x02, 0x5a, 0xd3, 0xa6, 0x38, 0x5c, 0x63,
        0x7a, 0xab, 0xc0, 0x69, 0x74, 0x16, 0x92, 0x29, 0x94, 0xbe,
        0x6b, 0xf3, 0x34, 0xd2, 0x36, 0x80, 0xde, 0xdc, 0x46, 0x17,
        0xd0, 0xd0, 0x1a, 0x40, 0x51, 0xce, 0x00, 0x89, 0x93, 0x17,
        0xc8, 0x4f, 0x11, 0x03, 0xc2, 0x67, 0x47, 0x01, 0x26, 0x63,
        0xdd, 0xce, 0xb1, 0xba, 0x49, 0x8a, 0x50, 0x23, 0xd0, 0x3c,
        0x62, 0x18, 0xb6, 0x0b, 0x5a, 0xe4, 0xc8, 0x4b, 0x96, 0xb0,
        0xce, 0x5f, 0x7a, 0xbe, 0xcd, 0xe9, 0xc6, 0x08, 0x5b, 0x9a,
        0x29, 0xd0, 0x7a, 0x44, 0xc9, 0x29, 0x0c, 0x55, 0x7e, 0xc1,
        0x34, 0xc0, 0xdc, 0x1b, 0x64, 0x81, 0xd3, 0xa7, 0x36, 0x7a,
        0x5b, 0x1e, 0xe9, 0x89, 0x5b, 0x26, 0x6b, 0xa8, 0x58, 0x86,
        0x89, 0x3f, 0xc5, 0x87, 0x11, 0xac, 0x21, 0xdd, 0xb6, 0xc0,
        0x7a, 0xbc, 0x4d, 0x2b, 0x86, 0xe8, 0x08, 0xc7, 0x3c, 0x34,
        0xe6, 0xc3, 0xd7, 0x09, 0x6e, 0xed, 0x2c, 0xb0, 0x9e, 0x9b,
        0x0f, 0xd8, 0xdc, 0x56, 0x6c, 0x7a, 0x80, 0x84, 0xc4, 0x17,
        0x73, 0x25, 0xb4, 0xb6, 0x20, 0x2b
    };
    const unsigned char g[] = { 2 };
    *dh = DH_new();

    BIGNUM *pb, *gb;
    pb  = BN_bin2bn(p, sizeof(p), NULL);
    gb = BN_bin2bn(g, sizeof(g), NULL);
    if (pb == NULL || gb == NULL)
    {    
        goto __ERROR;
    }
    DH_set0_pqg(*dh, pb, NULL, gb);

#else
    //p和g可以通过客户端发送过来
#endif    
    return 0;

__ERROR:
    DH_free(*dh);
    *dh = NULL;
    return -1;
}



CDHMgr::CDHMgr()
{
    dhPriv = NULL;
    ServerSecret = NULL;
}

CDHMgr::~CDHMgr()
{

}

//*************************************************************************
// 函数名:    Init
// 返回值:    void
// 描述:      初始化
//*************************************************************************
void  CDHMgr::init()
{
    //初始化参数
    if (0 != InitDHParameters(&dhPriv))
    {
        gLog.LogText(LOG_ERROR,
            "%s: %s", __FUNCTION__, "DH InitDHParameters Fail");
        _exit(0);
    }
    
    // 生成随机数
    if (DH_generate_key(dhPriv) <= 0)
    {
        gLog.LogText(LOG_ERROR,
            "%s: %s
", __FUNCTION__, "DH DH_generate_key Fail");
        _exit(0);
    }

    // 计算自己的公共密钥
    const BIGNUM *pubKey, *PriKey;
    DH_get0_key(dhPriv, &pubKey, &PriKey);

    ServerSecret = (unsigned char*)OPENSSL_malloc(BN_num_bytes(pubKey));
    nServerSecret_Len = BN_bn2bin(pubKey, ServerSecret);
    if (nServerSecret_Len <= 0)
    {
        gLog.LogText(LOG_ERROR,
            "%s: %s", __FUNCTION__, "DH BN_bn2bin Fail");
        _exit(0);
    }
}


//************************************
// Method:    ComputeSecret
// FullName:  ComputeSecret
// Access:    public 
// Returns:   int
// Qualifier:
// Parameter: DH * dh                -- 已经初始化过的DH指针
// Parameter: BIGNUM * peerPubKey    -- 对方的public key
// Parameter: unsigned char * * secret -- 计算出来的密钥
//************************************
int CDHMgr::ComputeSecret(DH* dh, BIGNUM* peerPubKey, unsigned char** secret)
{
    /* Compute the shared secret */
    *secret = (unsigned char *)OPENSSL_malloc(DH_size(dh));
    int nSecretSize = DH_compute_key(*secret, peerPubKey, dh);
    if (nSecretSize < 0)
    {
        OPENSSL_free(*secret);
        *secret = NULL;
    }
    return nSecretSize;
}


/**********************************************************
函数名：PKCS7Pending
参数：unsigned char* plaintext        --输入
参数：int    nDataLen                --字符长度
参数：int   BlockSize                --加密向量
返回值：int                            --0失败  1成功
说明：内容的长度
***********************************************************/
int CDHMgr::PKCS7Pending(unsigned char* plaintext, int nDataLen, int FLAG)
{
    int len = -1;
    if (ADD == FLAG)
    {
        char T = (AES_BLOCK_SIZE - (nDataLen % AES_BLOCK_SIZE));

        for (char i = 0; i < T; ++i)
        {
            plaintext[nDataLen + i] = T;
        }
        len = (nDataLen + T);
    }
    else
    {
        if (AES_BLOCK_SIZE >= plaintext[nDataLen - 1])
        {
            len =  (nDataLen - plaintext[nDataLen - 1]);
        }
    }

    return len;
}