由于openssl中的ASN1的结构是通过宏来定义的,导致我们经常找不到他的结构在哪里,通过阅读rfc,并且对照OPENSSL,发现OPENSSL中的结构基本是按照相关rfc中的名称,在openssl中进行搜索,就能找到具体的定义了。
搜索这两个结构,基本就能搜索出对应的结构,这些定义在asn1t.h中
ASN1_SEQUENCE
ASN1_SEQUENCE_ref()
- pkcs1中定义的公私钥
某个类的ans1的结构查看rfc,openssl中的asn1结构和rfc中的名称一致
pkcs1 rfc
pkcs1公钥私钥 对应
RSAPrivateKey
RSAPublicKey 定义在rsa_asn1.c中 - pkcs8中定义的私钥
rfc pkcs8
https://www.rfc-editor.org/rfc/rfc5208#section-5
rfc中的名称为PrivateKeyInfo 还有一种EncryptedPrivateKeyInfo
在openssl中搜索PrivateKeyInfo 可以搜索,对应的是PKCS8_PRIV_KEY_INFO
定义在ossl_type.h中
- x509的定义
x509 rfc
https://www.rfc-editor.org/rfc/rfc5280#section-3.1
可以找到证书的定义,定义在x_x509.c中
ASN1_SEQUENCE_ref(X509, x509_cb) = {
ASN1_EMBED(X509, cert_info, X509_CINF),
ASN1_EMBED(X509, sig_alg, X509_ALGOR),
ASN1_EMBED(X509, signature, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END_ref(X509, X509)
openssl定义在pk7_asn1.c中
ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = {
ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
ASN1_ADB_OBJECT(PKCS7)
}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7)
-
sm2密文的定义
sm2密文封装
定义在sm2_crypt.c中
ASN1_SEQUENCE(SM2_Ciphertext) = {
ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM),
ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM),
ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING),
ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING),
} ASN1_SEQUENCE_END(SM2_Ciphertext)
-
sm2签名的定义
sm2签名
看sm2_sign.c中,其实生成了ECDSA_SIG,搜索,可得
定义在ec_asn1.c中
ASN1_SEQUENCE(ECDSA_SIG) = {
ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
} static_ASN1_SEQUENCE_END(ECDSA_SIG)
-
ec 公私钥的定义
ec_asn1.c
ASN1_SEQUENCE(EC_PRIVATEKEY) = {
ASN1_EMBED(EC_PRIVATEKEY, version, INT32),
ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
-
公钥编码
所有公钥最后都编码成X509_PUBKEY
定义在x_pubkey.c中
ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)