使用OPENSSL模擬建立TPM2.0密鑰層次結構

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<openssl/rsa.h>
#include<openssl/pem.h>
#include<openssl/err.h>
#define PUBPARENT "parent_pub.key"
#define PRIPARENT "parent.key"
#define PRIMIG "mig.key"
#define PUBMIG "mig_pub.key"

#define BUFFSIZE 1024
int  my_createKey(int bits,char *prikey_path,char *pubkey_path)
{
    //生成密鑰對
    RSA *r = RSA_new();
    BIGNUM *e = BN_new();
    BN_set_word(e, 65537);
    RSA_generate_key_ex(r, bits, e, NULL);

    //RSA_print_fp(stdout, r, 0);

    BIO *pri,*pub;
    pri= BIO_new_file(prikey_path,"w");
    //這裏生成的私鑰沒有加密，可選加密
    int ret = PEM_write_bio_RSAPrivateKey(pri, r, NULL, NULL, 0, NULL, NULL);
    //printf("writepri:%d\n",ret);
    BIO_flush(pri);
    BIO_free(pri);

    pub = BIO_new_file(pubkey_path,"w");
    ret = PEM_write_bio_RSAPublicKey(pub, r);
    //printf("writepub:%d\n",ret);
    BIO_flush(pub);
    BIO_free(pub);

    BN_free(e);
    RSA_free(r);
    return 1;
}

 char* my_encrypt(char *str,char *path_key);//加密
 char* my_decrypt(char *str,char *path_key);//解密
 int main(void){
     //char *source="i like dancing !";
     char source[202];

    char *ptr_en,*ptr_de;
     FILE *migkeyfp;
     printf("-------------source TPM: create hierarchy start----------------\n");
     if( my_createKey(4096,PRIPARENT,PUBPARENT)==1)
        printf("source TPM:create parentkey success\n");//產生父密鑰
     if(my_createKey(128,PRIMIG,PUBMIG)==1)
        printf("source TPM:create migratekey success\n");//產生遷移密鑰
     migkeyfp=fopen(PRIMIG,"r");
     if(migkeyfp==NULL){
        printf("open file %s failed\n",PRIMIG);
        return 0;
     }
     //把文件的位置指針移到文件尾
      fseek(migkeyfp,0L,SEEK_END);
     //獲取文件長度
     long  length=ftell(migkeyfp);
     //printf("該文件的長度爲%ld字節\n",length);
     //把文件的位置指針移到文件頭
     fseek(migkeyfp,0L,SEEK_SET);
     fread(source,1,length,migkeyfp);
     printf("source TPM: use parentkey protected migratekey start....\n");
     //printf("source TPM: migratekey private patr is the follow:\n");
     //printf("%s\n",source);
     ptr_en=my_encrypt(source,PUBPARENT);
     printf("source TPM: use parentkey protected migratekey finished....\n");
     //printf("source TPM: after encrypt migratekey's information is follow\n");
     printf("%s\n",ptr_en);
     printf("-------------source TPM: create hierarchy finished----------------\n");
     printf("source TPM: hierarchy structer is follow\n");
     printf("                  O    parentkey\n");
     printf("                  |\n");
     printf("                  |\n");
     printf("                  O    migratekey\n");
     printf("source TPM: use parentkey decrypt  migratekey start....\n");
     ptr_de=my_decrypt(ptr_en,PRIPARENT);
     //printf("source TPM: after decrypt migratekey's information is follow\n");
     //printf("%s\n",ptr_de);
     printf("source TPM: use parentkey decrypt  migratekey finished....\n");
     if(ptr_en!=NULL){
         free(ptr_en);
     }
     if(ptr_de!=NULL){
         free(ptr_de);
     }
     fclose(migkeyfp);

     return 0;
 }
 char *my_encrypt(char *str,char *path_key){
     char *p_en;
     RSA *p_rsa;
     FILE *file;
     int flen,rsa_len;
     if((file=fopen(path_key,"r"))==NULL){
         perror("source TPM: open key file error");
         return NULL;
     }
     //if((p_rsa=PEM_read_RSA_PUBKEY(file,NULL,NULL,NULL))==NULL){
     if((p_rsa=PEM_read_RSAPublicKey(file,NULL,NULL,NULL))==NULL){  // 換成這句死活通不過，不管是否將公鑰分離源文件
         ERR_print_errors_fp(stdout);
         return NULL;
     }
     flen=strlen(str);
     rsa_len=RSA_size(p_rsa);
     p_en=(unsigned char *)malloc(rsa_len+1);
     memset(p_en,0,rsa_len+1);
     if(RSA_public_encrypt(rsa_len,(unsigned char *)str,(unsigned char*)p_en,p_rsa,RSA_NO_PADDING)<0){
         return NULL;
     }
     RSA_free(p_rsa);
     fclose(file);
     return p_en;
 }
 char *my_decrypt(char *str,char *path_key){
     char *p_de;
     RSA *p_rsa;
     FILE *file;
     int rsa_len;
     if((file=fopen(path_key,"r"))==NULL){
         perror("source TPM: open key file error");
         return NULL;
     }
     if((p_rsa=PEM_read_RSAPrivateKey(file,NULL,NULL,NULL))==NULL){
         ERR_print_errors_fp(stdout);
         return NULL;
     }
     rsa_len=RSA_size(p_rsa);
     p_de=(unsigned char *)malloc(rsa_len+1);
     memset(p_de,0,rsa_len+1);
     if(RSA_private_decrypt(rsa_len,(unsigned char *)str,(unsigned char*)p_de,p_rsa,RSA_NO_PADDING)<0){

             return NULL;
     }
     RSA_free(p_rsa);
     fclose(file);
     return p_de;
 }

實驗結果以下：