CN111800260B - Intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm - Google Patents

Abstract

The invention relates to the technical field of financial securities, in particular to an intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm, which adopts the following steps: the method comprises the following steps: and (3) packaging: encapsulating a data structure and a function defined by a PKCS #11 interface; step two: calling: utilizing the package in the step one, calling a PKCS #11 interface to obtain slot and session of the certificate, and obtaining an OBJECT _ HANDLE of the certificate, the public key and the private key; step three: mapping a private key containing an RSA intelligent cipher key into EVP _ PKEY to realize an RSA data structure, wherein a signature function pointer in the RSA _ METHOD is replaced by a self-defined Sign function, and the self-defined Sign function calls a signature function of a PKCS #11 interface and carries out signature through an intelligent cipher key EKey; the intelligent cipher key signature method has a signature algorithm which can realize signature by adopting RSA and domestic commercial cipher algorithms according to certificates in the intelligent cipher key.

Description

Intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm

[ technical field ] A method for producing a semiconductor device

The invention relates to the technical field of financial securities, in particular to an intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm.

[ background of the invention ]

In the field of financial securities, non-trading instruction transmission such as registration and storage, clearing and delivery, fund transfer and the like is generally carried out by adopting encryption modes such as identity authentication, signature and the like for communication protection.

With the popularization of domestic commercial cryptographic algorithms, related systems in the field of financial securities face the need for the application system to modify the domestic commercial cryptographic algorithms. In the transformation process, a solution compatible with the RSA algorithm and the domestic commercial cryptographic algorithm is provided, the market reality is met, the system smooth transition is facilitated, and the RSA algorithm and the domestic commercial cryptographic algorithm can be operated in parallel.

[ summary of the invention ]

The invention aims to provide an intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm aiming at the defects and shortcomings of the prior art.

The invention relates to an intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm, which comprises the following steps:

the method comprises the following steps: and (3) packaging: encapsulating a data structure and a function defined by a PKCS #11 interface;

step two: calling: utilizing the package in the step one, calling a PKCS #11 interface to obtain slot and session of the certificate, and obtaining an OBJECT _ HANDLE of the certificate, the public key and the private key;

step three: mapping a private key containing an RSA intelligent cipher key into an EVP _ PKEY to realize an RSA data structure, wherein a signature function pointer in the RSA _ METHOD is replaced by a self-defined Sign function, and the self-defined Sign function calls a signature function of a PKCS #11 interface and carries out signature through an intelligent cipher key EKey;

step four: adapting the RSA certificate loaded EKey supporting PKCS #11 interface;

step five: according to an SKF interface defined in an intelligent cipher key cipher application interface specification of GM/T0016-2012 in the China cipher industry standard, packaging a data structure and a function defined in the interface;

step six: utilizing the encapsulation of the step five, calling an SKF interface to enumerate an intelligent password key Device, acquiring an application and a Container, and acquiring an SM2 signature certificate and an encryption certificate in the corresponding Container storing the domestic commercial password;

step seven: adapting an EKey loaded with an SM2 certificate supporting an SKF interface;

step eight: the SM2 signature is completed through an intelligent cipher key by using an SKF interface, and the method is applied to a cipher suite and a TLS communication method defined by a Chinese cipher industry standard GM/T0024-2014 SSL VPN technical specification;

step nine: changing and extending a correlation function in an SSL handshake protocol state machine in OpenSSL for converting from an SSL3_ ST _ CW _ CERT _ VRFY _ A state to an SSL3_ ST _ CW _ CERT _ VRFY _ B state;

based on the change of the ninth step, the method is compatible with the signature of the RSA intelligent password key in the third step and the signature of the RSA private key file certificate, and is compatible with the signature of the SM2 intelligent password key in the eighth step and the signature of the SM2 private key file certificate;

step ten: the usage of PKCS #11 and an SKF interface and the reading of an intelligent password key EKey are encapsulated by one layer, and a corresponding driver library and an interface function are automatically loaded by judging a signature algorithm of a certificate in the EKey, so that a corresponding processing branch can be adaptively selected, and signature is carried out by using an RSA algorithm or signature is carried out by using a domestic commercial password algorithm.

The invention has the beneficial effects that: the invention relates to an intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm, which adopts a series of abstract operations of an intelligent cryptographic key to be realized as an EKey interface layer, realizes a horizontally expandable framework, and comprises a unified operation interface for enumerating certificates, signing and the like; for an RSA intelligent cipher key EKey, a method of mapping a certificate private key is adopted, and a Sign function defined by the EKey is pointed during signature; for a domestic commercial cryptographic algorithm intelligent cryptographic key EKey, a client in an expanded OpenSSL is adopted to send a relevant verified function, and an interface specified by a domestic commercial cryptographic standard is called to complete signature; the intelligent cipher key signature method has a signature algorithm which can realize signature by adopting RSA and domestic commercial cipher algorithms according to certificates in the intelligent cipher key.

[ description of the drawings ]

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, and are not to be considered limiting of the invention, in which:

FIG. 1 is a diagram of a pkcs11 package of the present invention

FIG. 2 is an EVP _ PKEY transformation diagram of the present invention;

FIG. 3 is a flow chart of the RSA Sign function of the present invention;

FIG. 4 is a diagram of the SKF package of the present invention;

FIG. 5 is a SKF signature flow diagram of the present invention;

FIG. 6 is a pre-alteration flow diagram of the present invention;

FIG. 7 is a modified flow diagram of the present invention;

FIG. 8 is a further package structure diagram of the present invention;

fig. 9 is an overall implementation activity diagram of the present invention.

[ detailed description ] embodiments

The present invention will now be described in detail with reference to the drawings and specific embodiments, wherein the exemplary embodiments and descriptions are only intended to illustrate the present invention, but not to limit the present invention.

As shown in fig. 1 to fig. 9, the intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm according to the present embodiment adopts the following steps:

the method comprises the following steps: packaging: encapsulating data structures and functions defined by a PKCS #11 interface;

step two: calling: calling a PKCS #11 interface to obtain slots and sessions of the certificate by using the package in the step one, and obtaining an OBJECT _ HANDLE of the certificate, the public key and the private key;

step three: mapping a private key containing an RSA intelligent cipher key into an EVP _ PKEY to realize an RSA data structure, wherein a signature function pointer in the RSA _ METHOD is replaced by a self-defined Sign function, and the self-defined Sign function calls a signature function of a PKCS #11 interface and carries out signature through an intelligent cipher key EKey;

step four: adapting the RSA certificate loaded EKey supporting PKCS #11 interface;

step five: according to an SKF interface defined in an intelligent cipher key cipher application interface specification of GM/T0016-2012 in the China cipher industry standard, packaging a data structure and a function defined in the interface;

step six: utilizing the encapsulation of the step five, calling an SKF interface to enumerate an intelligent password key Device, acquiring an application and a Container, and acquiring an SM2 signature certificate and an encryption certificate in the corresponding Container storing the domestic commercial password;

step seven: adapting an EKey loaded with an SM2 certificate supporting an SKF interface;

step eight: the SM2 signature is completed through an intelligent cipher key by using an SKF interface, and the method is applied to a cipher suite and a TLS communication method defined by GM/T0024-2014 SSL VPN technical specification in China cipher industry standard;

step nine: changing and extending a correlation function in an SSL handshake protocol state machine in OpenSSL for converting from an SSL3_ ST _ CW _ CERT _ VRFY _ A state to an SSL3_ ST _ CW _ CERT _ VRFY _ B state;

based on the change of the ninth step, the method is compatible with the signature of the RSA intelligent password key in the third step and the signature of the RSA private key file certificate, and is compatible with the signature of the SM2 intelligent password key in the eighth step and the signature of the SM2 private key file certificate;

step ten: the usage of PKCS #11 and SKF interfaces and the reading of the intelligent key EKey are encapsulated by one layer, and a corresponding driver library and an interface function are automatically loaded by judging the signature algorithm of the certificate in the EKey, so that a corresponding processing branch can be adaptively selected, and signature is carried out by using an RSA algorithm or signature is carried out by using a domestic commercial cryptographic algorithm.

The invention is further described in detail with respect to its working principle, in conjunction with the accompanying drawings, which set out below:

s1: and packaging the data structure and the function defined by the PKCS #11 interface, calling the PKCS #11 interface to acquire the slot and the session of the certificate and acquire the OBJECT _ HANDLE of the certificate, the public key and the private key by using the packaging. As shown in fig. 1, fig. 1 is a PKCS #11 encapsulation diagram.

[1] Defining an interface Context, packaging a data structure slot in a PKCS #11, and recording an ID (slot Idx) of the slot;

[2] abstractly mapping a drive library of each hardware intelligent password key under each platform into a DSO (DSO _ st data structure), and loading a drive library dll of a Windows platform and a drive library so (pkcs 11. Dll/so) of a Linux platform through DSO _ load;

[3] an interface function realized in a dynamic loading hardware driver library is realized through DSO _ bind _ func in bind series, and a uniform interface (MethodListHandle) is provided for the following certificate extraction and signature operation;

[4] when a Context interface is created, the interface function realized by packaging the intelligent cipher key drive in the 1,2 and 3 is realized to obtain a unified operation interface MethodList, and C _ Initialize initialization is called by using the operation interface;

[5] packaging the C _ GetInfo into GetCryptokiInfo, pointing to a CK _ INFO unit, and acquiring Cryptoki information of the intelligent password key hardware;

[6] packaging InitSlots in Context, and acquiring a list of SLOT in the hardware of the intelligent password key by using C _ GetSlotList, thereby obtaining a SLOT buffer list with CK _ SLOT _ ID as a unit;

[7] packaging a Slot interface, and calling C _ GetSlotInfo by using GetSlotInfo to acquire the information of a specific Slot after InitSlots;

[8] acquiring current information of the intelligent password key hardware by using the specific slot ID acquired in the step (6) and calling C _ GetTokenInfo by using GetTokenInfo to point to CK _ TOKEN _ INFO;

[9] packaging an interface Session, wherein the interface Session comprises a series of operations of the Session so as to establish a logical link between the intelligent password key and the application program;

[10] during NewSession, packaging and calling C _ OpenSession, and opening the connection between an application program and the currently operated intelligent password key;

[11] in a Session, an Object is searched, which is an item stored in the smart key, such as a certificate, a key, etc. Packaging a series of Object operation objects as RefressSession, and mainly executing C _ FindObjectInit, C _ FindObjects and C _ FindObjectsFinal to complete Object search;

[12] obtaining CK _ OBJECT _ CLASS by utilizing the middle [11] search, and packaging GetCertificates which are used for obtaining a CERTIFICATE OBJECT CKO _ CERTIFICATE containing a public key;

[13] encapsulating the GetPubliekey to obtain a PUBLIC KEY object CKO _ PUBLIC _ KEY;

[14] and encapsulating the GetProvateKey to obtain a PRIVATE KEY object CKO _ PRIVATE _ KEY.

And S2, mapping the private key containing the RSA intelligent cipher key into an EVP _ PKEY to realize an RSA data structure, wherein a signature function pointer in the RSA _ METHOD is replaced by a Sign function defined by the signature function pointer. As shown in fig. 2, fig. 2 is an EVP _ PKEY conversion map.

[1] Searching Object in session in S1[11], and acquiring a PRIVATE KEY Object CKO _ PRIVATE _ KEY by using GetPrivateKey in 1[14 ];

[2] encapsulating a GetEvpkey interface, and converting the CKO _ PRIVATE _ KEY into an EVP _ PKEY for subsequent signature;

[3] initializing an EVP _ PKEY structure PKEY;

[4] applying an EVP _ PKEY _ get1_ RSA interface, inputting PKEY in [3], and initializing an RSA (RSA _ st) data structure;

[5] if the RSA data structure obtained by [4] execution is NULL, an RSA data structure RSA _ st1 is newly built by using RSA _ new, an EVP _ PKEY _ set1_ RSA interface is applied, and the input is the PKEY in the RSA _ st1 and [3 ];

[6] customizing the RSA data structure RSA;

[7] customizing a MODULUS n, using a GetAttributeBN interface, and inputting CKA _ MODULUS as a parameter;

[8] customizing a PUBLIC key index e, and inputting CKA _ PUBLIC _ EXPONENT by using a GetAttributeBN interface;

[9] if n and e are successfully customized, customizing an RSA _ METHOD function chain meth in an RSA data structure;

[10] the signature function in the function chain meth points to the signature function Sign redefined by itself;

[11] setting FLAG or equal operation RSA _ FLAG _ SIGN _ VER in RSA data structure;

[12] CRYPTO _ EX _ DATA in the RSA DATA structure can not be null, and an X509_ get _ EX _ new _ index interface is used for reconstructing FreeFunc to point to the release of a Key which is an intelligent pointer set of a Key object converted into EVP _ PKEY;

[13] after the reconstruction of [12] is completed, CRYPTO _ EX _ DATA is set using the RSA _ set _ EX _ DATA interface.

And S3, calling a signature function of a PKCS #11 interface by the redefined Sign function, and signing by the EKey. Refer to fig. 3 for a flow chart of the RSA Sign function.

[1] The input of the Sign function is abstract type, data m to be signed, signature data length (occupied byte number) m _ len, a unit sigret for receiving the signature, and a unit length siglen for receiving the signature, wherein a customized RSA data structure RSA is adopted in the step 2;

[2] initializing a Key object, wherein the Key object is an intelligent pointer Key of the Key object after being converted into EVP _ PKEY;

[3] inputting the customized RSA data structure RSA in2 by using the RSA _ set _ ex _ data reverse interface RSA _ get _ ex _ data in 2[13], and taking out the customized special data to point to key;

[4] initializing a series of structures, including an X509_ SIG structure SIG, an ASN1_ TYPE structure parameter, a temporary variable i for the length of signature data, a temporary variable j for the length of a unit for receiving a signature, temporary storage pointers p and s for data to be signed, an X509_ ALGOR structure ALGOR, an ASN1_ OCTET _ STRING structure digest, and a CK _ MECHANISM signature MECHANISM mechnism _ rsa;

[5] judging the abstract type according to the input abstract type;

[6] and if the digest type is equal to NID _ md5_ sha1, setting the digest LENGTH in the SSL structure to SSL _ SIG _ LENGTH, and setting a temporary variable i = SSL _ SIG _ LENGTH of the signature data LENGTH. The data m to be signed points to a temporary storage pointer s of the data to be signed;

[7] if the digest type is not equal to NID _ md5_ sha1, setting an X509_ SIG structure SIG;

[8] associating an X509_ SIG structure SIG with an X509_ ALGOR structure ALGOR, wherein the address of the X509_ ALGOR in the SIG points to the ALGOR;

[9] ASN1_ OBJECT structure algorithms in algor are assigned by using an OBJ _ nid2OBJ interface, and the parameter is the input abstract type. After execution, attention is paid to determine whether the algorithm is NULL and whether the length in the asn1_ object _ st structure is 0;

[10] setting the TYPE of the ASN1_ TYPE structure parameter as V _ ASN1_ NULL;

[11] setting an X509_ ALGOR structure ALGOR of the X509_ SIG structure SIG, wherein an algorithm parameter points to the parameter set in [10 ];

[12] setting the ASN1_ OCTET _ STRING structure of the SIG in the X509_ SIG structure as digest;

[13] setting the signature data in the digest structure as input data m to be signed;

[14] setting the signature data length in the digest structure as the input m _ len;

[15] calling an i2d _ X509_ SIG interface, wherein the input is the set SIG, and the output is a temporary variable i of the signature data length;

[16] applying an RSA _ size interface to measure a customized RSA data structure RSA, and assigning a temporary variable j of unit length for receiving the signature;

[17] if the input abstract type is not equal to NID _ md5_ sha1, calling OPENSL _ malloc with the parameter of j +1, distributing a memory through a function malloc _ ex _ func (malloc), storing the applied information into a hash table through a function CRYPTO _ malloc _ dbg, and outputting s;

[18] calling an i2d _ X509_ SIG interface, and inputting the set X509_ SIG structures SIG and s;

[19] if the operation handle of the session in the Key is successfully acquired, acquiring a MethodList handle of a data structure and a function encapsulated in the drive, calling an interface C _ SignInit of a PKCS #11, inputting the operation handle (GetHandle) of the session, and setting a signature Mechanism Mechanisms _ RSA as CKM _ RSA _ PKCS;

[20] calling an interface C _ Sign of PKCS #11 in the intelligent password key by using a MethodList operation handle, inputting a session operation handle (GetHandle), data s to be signed, the length i of signature data, a unit signet for receiving a signature and a unit length j for receiving the signature, and signing by using hardware.

And S4, packaging a data structure and a function defined in the interface according to an SKF interface defined in a domestic commercial cipher standard GM/T0016-2012 intelligent cipher key cipher application interface specification, and referring to a SKF interface packaging diagram of FIG. 4.

[1] The data structure and the function of the package loading driver are Init _ SKF _ API, different operating systems call different applications, such as the application of LoadLibrary and GetProcAddress in windows, and the application of dlopen and dlsym in Linux;

[2] obtaining an SKF MethodList function list realized in the intelligent cipher key drive and a corresponding function operation pointer after the Init _ SKF _ API;

[3] enumerating the accessed intelligent cipher key Device by using an SKF _ EnumDev interface operation pointer obtained from the MethodList, and mapping the intelligent cipher key Device into a Device;

[4] linking corresponding equipment by using an SKF _ ConnectDev interface, acquiring information of the equipment by using SKF _ GetDevInfo, and acquiring an operation pointer DEVHANDLE of the equipment;

[5] enumerating Application in the Device by using SKF _ Enumapplication by using the obtained DEVHANDLE;

[6] an SKF _ Openapplication interface is used for acquiring an operation pointer HAPPLICATION of an application;

[7] enumerating a Container in the Application by using the obtained HAPPLICATION and an SKF _ EnumContainer interface, wherein the Container comprises a signature public key, a signature private key, an encryption public key, an encryption private key and a session key;

[8] the corresponding Container is opened by applying the SKF _ OpenContainer interface, and an operation pointer HCONTAINER of the Container is obtained;

[9] and calling SKF _ ExportCertification to acquire the required certificate by using the obtained HCONTAINER.

S5, calling an SKF interface to enumerate the Device of the intelligent password key, acquiring the application and the Container, acquiring the SM2 signature certificate and the encryption certificate in the corresponding Container for storing the domestic commercial password, and finishing SM2 signature through the intelligent password key by using the SKF interface. Referring to the SKF signature flowchart of fig. 5, the following are general steps, and a detailed implementation method is shown in the modified flowchart described in S7 below.

[1] Acquiring operation pointers hDevice, hAppplication and hContainer of the equipment, the application and the container according to the encapsulation in the S4, and acquiring an SKF interface function operation pointer hSKFMethodHandle realized in the intelligent password key drive;

[2] judging whether the system is accessed to an intelligent encryption key EKey of a domestic commercial encryption algorithm;

[3] if not, the method for converting the private EKey private key into EVP _ PKEY and redefining the Sign function is adopted for processing;

[4] if the cipher algorithm is domestic commercial EKey, adopting hSKFMethodHandle to call an SKF _ ExportPublicKey interface to derive a signature public key structure from the EKey;

[5] processing the public key structure;

[6] calculating a Z value;

[7] setting an EVP abstract algorithm as SM3;

[8] creating an EVP _ MD _ CTX context;

[9] processing an EVP _ Digest series function;

[10] using hardware EKey, using hSKFMethodHandle to call SKF _ ECCSignData interface to calculate SM3 (Z | | digest);

[11] calculating the length of the handshake head;

[12] setting the length of the handle head;

[13] changing the state machine state from the SSL3_ ST _ CW _ CERT _ VRFY _ A state to the SSL3_ ST _ CW _ CERT _ VRFY _ B state;

s6, changing and expanding a correlation function of an SSL handshake protocol state machine in OpenSSL, which is converted from an SSL3_ ST _ CW _ CERT _ VRFY _ a state to an SSL3_ ST _ CW _ CERT _ VRFY _ B state, where the main function is SSL3_ send _ client _ verify in SSL \ S3_ client.c, the input is SSL context S, and a process of the SSL3_ send _ client _ verify function before changing is described first, with reference to fig. 6.

[1] Initializing temporary variables including an EVP _ PKEY structure PKEY, an EVP _ PKEY _ CTX context pctx, and an EVP _ MD _ CTX structure mctx;

[2] initializing the summary context by using EVP _ MD _ CTX _ int, and inputting the summary context into mctx in [1 ];

[3] judging whether the state of the state machine is SSL3_ ST handshake, CW _ CERT _ VRFY Client write state, entering the Cert Verify certificate verification state and judging whether the state machine is SSL3_ ST _ CW _ CERT _ VRFY _ A state;

[4] calling SSL _ handshake _ start, inputting SSL context s, and outputting pointer p;

[5] private key pointer privatekey in key of SSL context s points to pkey defined in [1 ];

[6] calling EVP _ PKEY _ CTX _ new to initialize the EVP _ PKEY _ CTX context pctx in [1] by using PKEY;

[7] calling EVP _ PKEY _ sign _ init, inputting pctx, and performing signature initialization;

[8] setting the abstract algorithm structure of the pctx as EVP _ sha1 (sha 1) by using EVP _ PKEY _ CTX _ set _ signature _ md;

[9] if TLS1.2 is adopted to send signature algorithm and structure, special processing is carried out:

a. calling tls12_ get _ sigandheash, and inputting p in [4], pkey in [5] and summary information EVP _ MD structure MD in key configured in SSL context s;

b. calculating an abstract, and inputting mctx, md in a and pkey in 5 defined in [1] by using EVP _ Sign series functions (EVP _ SignInit _ ex, EVP _ SignUpdate and EVP _ SignPinal);

c. a handshake message header n is calculated.

[10] If TLS1.2 is not used to send the signature algorithm and structure. Judging according to the type of the pkey;

[11] when the type of PKEY is EVP _ PKEY _ RSA, MAC verification is carried out, RSA _ sign is called by using the RSA structure in the PKEY to carry out signature, and a handshake message header n is calculated;

[12] when the type of the PKEY is EVP _ PKEY _ DSA, using a DSA structure in the PKEY to call DSA _ sign to carry out signature, and calculating a handshake message header n;

[13] when the type of PKEY is EVP _ PKEY _ EC, an ECDSA _ sign is called by using an EC structure in PKEY for signing, and a handshake message header n is calculated.

S7, the modified ssl3_ send _ client _ verify function flow will be described in detail with reference to fig. 7. Based on the change, the signature of the RSA intelligent password key in the step 3 can be compatible, the signature of the RSA private key file certificate can be compatible, and the signature of the SM2 intelligent password key in the step 5 and the signature of the SM2 private key file certificate can be compatible.

[1] Initializing temporary variables including an EVP _ PKEY structure PKEY, an EVP _ PKEY _ CTX context pctx, and an EVP _ MD _ CTX structure mctx;

[2] the initialization is increased as follows:

an EC _ KEY structure pointer SM2KEY, which is used for preparing and storing an SM2 public KEY calculated by using a sign _ pubkey consisting of an X coordinate and a Y coordinate, and converting the SM2 public KEY into an EC _ KEY _ st structure of the EC _ KEY;

SKF interface: a public key structure ECCPUBLICKEYBLOB (mode length, X coordinate of k times of a base point G on an elliptic curve, and Y coordinate) of an ECC encryption key pair;

and c, SKF interface: an ECC signature data structure (r, s) ECCs signature blob;

d. a digest value digest to be processed;

evp _ MD _ CTX digest context pointer CTX;

an EVP _ MD abstract algorithm structure pointer MD;

g. storing a byte array of temporary signature data;

sign_publice_key；

h. the signature temporarily stores an array of data, 2 times the length of the longest SHA512 digest.

[3] Initializing the summary context by using EVP _ MD _ CTX _ int, and inputting the summary context into mctx in [1 ];

[4] judging whether the state of the state machine is SSL3_ ST handshake, CW _ CERT _ VRFY Client write state, and whether the state just enters Cert Verify certificate check or not is SSL3_ ST _ CW _ CERT _ VRFY _ A state;

[5] calling SSL _ handshake _ start, inputting SSL context s, and outputting pointer p;

[6] the EKey signature algorithm judges that if the EKey is RSA intelligent cipher key EKey, the process is carried out in [7], and if the EKey is domestic commercial cipher algorithm EKey, the process is carried out in [16 ];

[7] private key pointer privatekey in key of SSL context s points to pkey defined in [1 ];

[8] calling EVP _ PKEY _ CTX _ new to initialize the EVP _ PKEY _ CTX context pctx in [1] by using PKEY;

[9] judging whether the abstract algorithm is SM3, adopting SSL _ get _ algorithm2, inputting SSL context s, and if SSL _ HANDSHAKE _ MAC _ SM3, adopting SM3 as the abstract algorithm structure;

[10] otherwise, the abstract algorithm structure adopts sha1;

[11] calling EVP _ PKEY _ sign _ init, inputting pctx, and performing signature initialization;

[12] setting the abstract algorithm structure of the pctx to be SM3 or sha1 by using EVP _ PKEY _ CTX _ set _ signature _ md according to the types of the abstract algorithm structures in [9] and [10 ];

[13] if TLS1.2 is adopted to send signature algorithm and structure, special processing is carried out:

a. calling tls12_ get _ sigandheash, and inputting p in [4], pkey in [5] and summary information EVP _ MD structure MD in key configured in SSL context s;

b. calculating an abstract, and inputting mctx in a and pkey in 5 defined in [1] by using EVP _ Sign series functions (EVP _ SignInit _ ex, EVP _ SignUpdate and EVP _ SignPinal);

c. a handshake message header n is calculated.

[14] If TLS1.2 is not used to send the signature algorithm and structure. Judging according to the type of the pkey;

[15] when the type of PKEY is EVP _ PKEY _ RSA,

a. if the abstract algorithm structure in [9] is sha1, MAC verification is carried out, RSA _ sign is called by using the RSA structure in pkey to carry out signature, and a handshake message header n is calculated;

b. if the structure of the digest algorithm in [9] is SM3, special processing is carried out, RSA structure in pkey is used for calling RSA _ sign to carry out signature, but the signature points to the address where the temporary storage array data [16] of the signature starts.

[16] When the type of the PKEY is EVP _ PKEY _ DSA, using a DSA structure in the PKEY to call DSA _ sign to carry out signature, and calculating a handshake message header n;

[17] when the type of PKEY is EVP _ PKEY _ EC,

a. if the NID of the elliptic curve is SM2, inputting PKEY by using EVP _ PKEY _ size, and outputting j;

b. the abstract algorithm structure adopts SM3 and points to a temporary EVP _ MD structure SM3_ MD;

c. performing EVP _ Digest series processing, and inputting the mctx, sm3_ md and pkey by utilizing EVP _ DigesInit;

d. using EVP _ DigestUpdate to perform information summarization on sm3_ MD summarization structure MD _ size byte data in & (data [ MD5_ DIGEST _ LENGTH ]) into an mctx structure;

e. returning the summary information data in the mctx structure to the address of p [2] by EVP _ DigetSignAil, writing the length (byte) of the summary data into parameter j;

f. inputting j and p by adopting s2n, and storing into a double-byte value;

g. setting the length n of the handshake head as j +2;

h. if the NID of the elliptic curve is not SM2, using the ec structure in pkey to call ECDSA _ sign to sign, and calculating the handshake message header n.

[18] Judging whether signature algorithm expansion is used before signature, and performing MAC verification on communication data by using cert _ verify _ MAC- > SSL3_ handover _ MAC during the actual execution process of the SSL record layer protocol;

[19] clearing the memory where the public key structure ECCPUBLICKEYBLOB of the ECC encryption key pair defined in [2]. B is positioned, and initializing;

[20] deriving a signature public key from an intelligent password key EKey of an access system by using an SKF interface SKF _ ExportPublicKey, and outputting an ECC public key structure to point to ECCPUBLICKEYBLOB in [17 ];

[21] ECC public key structure processing: writing the X coordinate value in the formatted ECCPUBLICKEEYBLOB into sign _ public _ key;

[22] ECC public key structure processing: writing a Y coordinate value in the formatted ECCPUBLICKEEYBLOB into sign _ public _ key;

[23] calculating an SM2 public KEY, calculating the SM2 public KEY by using sign _ public _ KEY formed by the X coordinate and the Y coordinate, converting the SM2 public KEY into an EC _ KEY structure, and pointing to SM2KEY defined in [2]. A;

[24] calculating a Z value, inputting sm2key in [21], and outputting a digest value digest to be processed defined in [2]. D;

[25] wherein the Z value is calculated according to the second part of the elliptic curve public key cryptographic algorithm of the domestic commercial cryptographic standard GM/T003.2-2012 SM 2: as specified in the digital signature algorithm(s),

ZA = SM3 (ENTLA | | IDA | | a | | b | | xG | yG | | xA | | | yA), ENTL is the bit length of ID expressed by two bytes, ID is expressed by user, the length of ID is 16 bytes, a, b are elliptic curve parameters, xG, yG are base points of the elliptic curve, X coordinate and Y coordinate are read out from EKey to eccpblick eblob signature public key structure, and are specified in [21 ];

[26] setting an EVP abstract algorithm structure as SM3, wherein the abstract algorithm structure adopts SM3 and points to an EVP _ MD pointer MD in [2]. F;

[27] creating an EVP _ MD _ CTX context EVP _ MD _ CTX _ create pointing to an EVP _ MD _ CTX pointer CTX in [2]. E;

[28] EVP _ Digest series function processing: using EVP _ DigestInit, inputting ctx and md;

[29] in the process of calculating the hash algorithm, a compression function is called twice to calculate the hash value of the input data in a segmented manner according to the length of the input data,

a. using EVP _ DigestUpdate to abstract the 32 bytes data in the digest into a ctx structure, calculating the hash value of a data block with a given length, and performing iteration once again according to the actual length of the message;

b. the 32 bytes of data in the (data [ MD5_ DIGEST _ LENGTH ]) address are summarized into the ctx structure.

[30] Utilizing EVP _ DigetFinal to finish calculation and output a hash value with a specified length, returning summary information data in the ctx structure to a parameter digest, and writing the length (byte) of the summary data into a parameter dgst _ len;

[31] and SM3 (Z | | digest), utilizing the SKF interface function operation pointer hSKFMethodHandle and the container pointer hContanaine obtained in [5].1 to call SKF _ ExportPublicKey, and digitally signing the designated data digest to be signed by adopting an ECC algorithm and a private key of a hardware intelligent cipher key. The signed result is stored in [2]. C ECC signature data structure (r, s) ECCSIGNATURREBLOB;

[32] BN _ new () creates a big number structure BN;

[33] processing the r part of the signature result, and assigning a binary value signature.r +32 to a large number structure BN by using a BN _ bin2BN function;

[34] acquiring the bit number of BN by using BN _ num _ bits;

[35] judging whether the bit sum of bn and 0x7 bitwise sum is 1, and judging whether the r part needs padding;

[36] processing the s part of the signature result, and assigning a binary value signature.s +32 to a large number structure BN by using a BN _ bin2BN function;

[37] acquiring the bit number of BN by using BN _ num _ bits;

[38] judging whether the sum of the bit number of bn and the bitwise sum of 0x7 is 1, and judging whether the part s needs padding;

[39] the offset value t is initialized to 0;

[40] if the majority of the r part is less than 7 bits, processing is performed: clearing the value with the length of 1 of the created memory space p +2+ offset value t;

[41] copying the r part of the signature to p +2+ t, and shifting the offset value by 32 bits;

[42] if the majority of the s part is less than 7 bits, processing is performed: clearing the value with the length of 1 of the created memory space p +2+ offset value t;

[43] copying the s part of the signature to p +2+ t, and shifting the offset value by 32 bits;

[44] if p is [5], calling SSL _ handshake _ start, inputting SSL context s, and outputting a pointer p;

[45] inputting the t and p by adopting s2n, and storing into a double-byte value;

[46] setting the handshake head length n as an offset value +2;

[47] the state of the SSL context s is set to SSL3_ ST _ CW _ CERT _ VRFY _ B.

And S8, performing one-layer packaging on the usage of PKCS #11 and SKF interfaces and the reading of the intelligent encryption key EKey, and referring to a further packaging structure diagram of FIG. 8.

[1] Abstracting an EKey (intelligent key) accessed in an application system or a plurality of EKey driven by a certain model supported by a manufacturer into an EKey object;

[2] packaging an intelligent pointer set pointing to abstract Ekeyd into EKeys;

[3] packaging an initAPI interface, reading an EKey driver file (dll/so), and mapping a hardware token interface function (PKCS #11 or SKF) realized in a driver into a MethodList Handle so as to further call operation;

[4] packaging an EnumerateAllEKeys interface, enumerating EKey, and returning a plurality of EKey objects in the [1 ];

[5] the Login interface package needs to access a related function of a certificate in an EKey object, such as a verification PIN code VerifyPin;

[6] packaging the certificate intelligent pointer set in the EKey object into certifies;

[7] packaging the intelligent pointer set of the key object converted into EVP _ PKEY into Keys;

[8] after the certificate authority in the EKey object is obtained, the operation of obtaining the certificate certifies is packaged into a uniform interface GetCerlocates;

[9] and encapsulating the EVP _ PKEY structure corresponding to the obtained private key into a unified interface GetPrivateKey.

And S9, based on the change of S7, through further packaging of S8, judging a signature algorithm of the certificate in the EKey, automatically loading a corresponding drive library and an interface function, thus adaptively selecting a corresponding processing branch, carrying out signature by using an RSA algorithm or carrying out signature by using a domestic commercial cryptographic algorithm, and referring to FIG 9 to integrally realize a moving graph.

[1] At the user client, one scenario is to log on to the server, the EKey is checked. When the client program checks the EKey, the signature algorithm of the certificate in the EKey can be judged accordingly;

[2] taking windows, net, free work implementation framework as an example, find out the storage area of the corresponding accessed intelligent password key in the registry through an X509Store interface. Mapping to an X509Certificate2 interface object by traversing certificates in the storage area;

[3] acquiring an algorithm SignatureAlgorithm for creating a Certificate signature in an X509Certificate2 interface object;

[4] according to OID defined by GMT 0006-2012 cipher application identification specification in the domestic commercial cipher algorithm standard, matching SignatureAlgorithm for judgment;

[5] for example, the signature algorithm SignatureAlgorithm value is "1.2.156.10197.1.501", which is SM3WithSM2, domestic commercial cryptographic algorithm EKey;

[6] for example, the signature algorithm SignatureAlgorithm has a value of "1.2.840.113549.1.1.5", which is sha1withRSAEncryp, RSA algorithm EKey;

[7] the packaged EKey middleware realizes the data structure and the related interface of the packaged PKCS #11 and SKF interfaces;

[8] mapping an intelligent password key accessed into the system into an Ekey abstract interface through EnumeratAllEkeys;

[9] judging which interface (PKCS #11, SKF) is used at runtime;

[10] acquiring a MethodList pointer of a corresponding interface operation function;

[11] PKCS11# interface: mapping a certificate operation object by using a GetCertificates interface through EnumreteEkeys, converting a private key into an EVP _ PKEY object by using a GetPrivateKey and a GetEvpkey interface, customizing an RSA structure, and pointing a signature function of the RSA structure to a redefined Sign function;

[12] c _ SignInit and C _ Sign interfaces are called in the Sign function through a MethodList operation pointer, a hardware intelligent password key is used for signing, and the operation corresponds to the processing in ssl3_ send _ client _ verify after S7 is changed, and is mainly the processing of RSA _ Sign;

[13] an SKF interface: enumerating a Device, an Application and a Container through EnumerateEkeys, enumerating certificate objects Certificates from the Container, and saving an hDevice, an hAppplication and an hConontainer operation pointer;

and operating the pointer by using a MethodList, calling a corresponding SKF interface, mainly deriving a signature public key structure from the EKey of the intelligent cipher key by using the SKF _ ExportPublicKey interface, and signing the intelligent cipher key by using the SKF _ ECCSignData interface, so as to realize the operation of SM3 (Z | | | | digest) and participate in the processing in ssl3_ send _ client _ verify after S7 is changed.

The invention has the following beneficial effects:

(1) The series of operations of the intelligent cipher key are abstractly realized into an interface layer, and the EKey interface layer encapsulates the drive of the adaptive EKey and the operation function supported by the drive. The application layer can be directly used without being concerned about the model of the accessed intelligent cipher key EKey.

(2) The original OpenSSL function is changed and expanded, and a signature method using a domestic commercial cryptographic algorithm intelligent cryptographic key EKey is realized.

(3) The change expansion of the original OpenSSL function does not influence the function of the original OpenSSL, so that the effects of being compatible with the EKey signature of the domestic commercial cryptographic algorithm intelligent cryptographic key, the EKey signature of the domestic commercial cryptographic algorithm file certificate, the RSA algorithm intelligent cryptographic key and the RSA algorithm file certificate can be achieved.

(4) And (3) combining the abstract interface method in the step (1), when the RSA and the domestic commercial cryptographic algorithm intelligent cryptographic key is accessed, the interface and the processing branch are adaptively selected to carry out RSA and domestic commercial cryptographic algorithm signature.

(5) The program applying the method is safe and reliable; the structure and the algorithm can be expanded in parallel, any variety of RSA EKey and domestic commercial passwords EKey can be supported, and the compatibility is strong.

The invention relates to an intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm, which adopts a series of operation abstractions of an intelligent cryptographic key to be realized as an EKey interface layer, realizes a framework capable of being horizontally expanded and comprises a unified operation interface for enumerating certificates, signatures and the like; for an RSA intelligent cipher key EKey, a method of mapping a certificate private key is adopted, and a Sign function defined by the EKey is pointed during signature; for a domestic commercial cryptographic algorithm intelligent cryptographic key EKey, a client in an expanded OpenSSL is adopted to send a relevant verified function, and an interface specified by a domestic commercial cryptographic standard is called to complete signature; the intelligent cipher key has signature algorithm based on certificate in the intelligent cipher key and adopts RSA and domestic commercial cipher algorithm to realize signature.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention, and all equivalent changes and modifications made based on the features and principles described in the claims of the present invention are included in the scope of the present invention.

Claims (1)

1. The intelligent key signature method compatible with RSA and domestic commercial cryptographic algorithm adopts the following steps:

the method comprises the following steps: packaging: encapsulating a data structure and a function defined by a PKCS #11 interface;

step two: calling: utilizing the package in the step one, calling a PKCS #11 interface to obtain slot and session of the certificate, and obtaining an OBJECT _ HANDLE of the certificate, the public key and the private key;

step three: mapping a private key containing an RSA intelligent cipher key into an EVP _ PKEY to realize an RSA data structure, wherein a signature function pointer in the RSA _ METHOD is replaced by a self-defined Sign function, and the self-defined Sign function calls a signature function of a PKCS #11 interface and carries out signature through an intelligent cipher key EKey;

step four: adapting the EKey loaded with RSA certificates supporting PKCS #11 interface;

step five: according to an SKF interface defined in a domestic commercial password standard, packaging a data structure and a function defined in the interface;

the method is characterized in that: step six: utilizing the encapsulation of the step five, calling an SKF interface to enumerate an intelligent password key Device, acquiring an application and a Container, and acquiring an SM2 signature certificate and an encryption certificate in the corresponding Container storing the domestic commercial password;

step seven: adapting an EKey loaded with an SM2 certificate supporting an SKF interface;

step eight: the SM2 signature is completed through an intelligent cipher key by using an SKF interface, and the method is applied to a cipher suite and a TLS communication method defined by China cipher industry standards;

step nine: changing and extending a correlation function in an SSL handshake protocol state machine in OpenSSL for converting from an SSL3_ ST _ CW _ CERT _ VRFY _ A state to an SSL3_ ST _ CW _ CERT _ VRFY _ B state;

step ten: the usage of PKCS #11 and an SKF interface and the reading of an intelligent password key EKey are encapsulated by one layer, and a corresponding driver library and an interface function are automatically loaded by judging a signature algorithm of a certificate in the EKey, so that a corresponding processing branch can be adaptively selected, and signature is carried out by using an RSA algorithm or signature is carried out by using a domestic commercial password algorithm.

Images