如何检查EVP_PKEY是否包含私钥？

该过程的一般概述是：

// private key:
PEM_read_PrivateKey      // load private key
EVP_PKEY_get1_EC_KEY     // EVP_PKEY to EC_KEY
EC_KEY_check_key         // validate key (OK)
EC_KEY_get0_private_key  // if result is not NULL: has private key (OK)
EC_KEY_get0_public_key   // if result is not NULL: has public key (OK)

// public key (only thing that changes is LOAD function):
PEM_read_PUBKEY          // load public key
EVP_PKEY_get1_EC_KEY     // EVP_PKEY to EC_KEY
EC_KEY_check_key         // validate key (OK)
EC_KEY_get0_private_key  // if result is not NULL: has private key (false)
EC_KEY_get0_public_key   // if result is not NULL: has public key (OK)

请注意,当我们读取私钥时,它似乎填充私钥和公钥,而当我们读取公钥时,它只填充公钥参数.我想这是预期的.

验证EVP_PKEY并检查它是否具有公钥/私钥

这仅适用于EVP_PKEY_EC类型,但可以扩展为支持其他类型.我们将调用validate_pkey,其余的将是每种类型的密钥的内部支持函数.

static int validate_pkey_ec(EVP_PKEY *pkey)
{
    int result = 0;

    EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pkey);
    if (!ec_key)
        return -1;

    if (1 != EC_KEY_check_key(ec_key)) {
        EC_KEY_free(ec_key);
        return -1;
    }

    if (EC_KEY_get0_private_key(ec_key))
        result = 2;

    if (EC_KEY_get0_public_key(ec_key))
        result++;

    EC_KEY_free(ec_key);

    return result;
}

/**
** Performs sanity checks on the given EVP_PKEY.
**
** Returns 1,2,or 3 when valid:
**   - Returns 1 if only public key is present.
**   - Returns 2 if only private key is present.
**   - Returns 3 if both public and private keys are present.
**/
int validate_pkey(EVP_PKEY *pkey)
{
    int key_type = EVP_PKEY_type(pkey->type);

    switch (key_type) {
    case EVP_PKEY_RSA:
    case EVP_PKEY_DSA:
    case EVP_PKEY_DH:
        // not implemented
        return -1;
    case EVP_PKEY_EC:
        return validate_pkey_ec(pkey);
    default:
        // unknown type,NID_undef?
        return -2;
    }
}