Openssl是很常见的C接⼝的库,个⼈觉得易⽤。以下是AES加密的使⽤备忘。如果你有⼀定的密码学基础,那么就很好理解。代码是从⽹上弄下来的(原始地址已经忘记了),然后在尝试的过程中改了⼀点东西。其它的cbc、cfb、ecb加密⽅式的⽤法都是类似的,只是函数名有点区别,就不⼀⼀列举了。 【yasi】IV: Initialization Vector,即初始化向量
⼀、接⼝简介
int AES_set_encrypt_key(
const unsigned char *userKey,
const int bits,
AES_KEY *key);
//设置解密密钥,同样适⽤字符缓冲区
int AES_set_decrypt_key(
const unsigned char *userKey,
const int bits,
AES_KEY *key);
//加解密的接⼝,通过最后的enc来区分是加密还是解密操作
//每次执⾏AES_cbc_encrypt后,iv(向量)会被更新,
//所以需要⾃⼰保存它。
void AES_cbc_encrypt(
const unsigned char *in,
unsigned char *out,
const unsigned long length,
const AES_KEY *key,
unsigned char *ivec,
const int enc);
⼆、⼀个简单的Makefile
【yasi】针对CentOS环境,做了修改装配
LNK_OPT = -g -L/usr/lib64/ -lssl
all:
rm -f codec
g++ -g aes_codec.cpp -o codec $(LNK_OPT)
clean:
rm -f codec
三、⽰例代码
【yasi】对源链接的代码做了点修改:随机明码改静态明码 #include <stdio.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
/* file testaes.cpp */
static void hexdump(
FILE *f,
const char *title,
const unsigned char *s,
int l)
{
int n = 0;
fprintf(f, "%s", title);
for (; n < l; ++n) {
if ((n % 16) == 0) {
fprintf(f, "\n%04x", n);
}
fprintf(f, " %02x", s[n]);
}
fprintf(f, "\n");
}
int main(int argc, char **argv)
{
//128bits key.
unsigned char rkey[16];
//Internal key.
AES_KEY key;
//Testdata.
// [yasi] Make static content instead of random text
unsigned char plaintext[AES_BLOCK_SIZE * 4] =
{
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'i', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'i',
'0', '1', '2', '3', '4', '5', '6', '7', '0', '1', '2', '3', '4', '5', '6', '7', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'i', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'i',
'0', '1', '2', '3', '4', '5', '6', '7', '0', '1', '2', '3', '4', '5', '6', '7' };
unsigned char ciphertext[AES_BLOCK_SIZE * 4];
unsigned char checktext[AES_BLOCK_SIZE * 4];
//Init vector.
unsigned char iv[AES_BLOCK_SIZE * 4];
//Save vector.
unsigned char saved_iv[AES_BLOCK_SIZE * 4];
int nr_of_bits = 0;
int nr_of_bytes = 0;
//Zeror buffer.
memset(ciphertext, 0, sizeof ciphertext);
memset(checktext, 0, sizeof checktext);
//Generate random
RAND_pseudo_bytes(rkey, sizeof rkey);
RAND_pseudo_bytes(saved_iv, sizeof saved_iv);
hexdump(stdout, "== rkey ==",
rkey,
sizeof(rkey));
hexdump(stdout, "== iv ==",
saved_iv,
sizeof(saved_iv));
printf("\n");
hexdump(stdout, "== plaintext ==",
plaintext,
sizeof(plaintext));
sizeof(plaintext));
printf("\n");
//Entrypt
memcpy(iv, saved_iv, sizeof(iv));
nr_of_bits = 8 * sizeof(rkey);
AES_set_encrypt_key(rkey, nr_of_bits, &key);
nr_of_bytes = sizeof(plaintext);
AES_cbc_encrypt(plaintext,
ciphertext,
nr_of_bytes,
培养基的制备&key,
iv,
AES_ENCRYPT);
hexdump(stdout, "== ciphertext ==",
ciphertext,
sizeof(ciphertext));
printf("\n");
/
/ [yasi] iv is changed in encryption
hexdump(stdout, "== iv changed ==",
iv,
sizeof(iv));
printf("\n");
//Decrypt
memcpy(iv, saved_iv, sizeof(iv)); // [yasi] without this line, decrypt will fail because iv is changed in encryption nr_of_bits = 8 * sizeof(rkey);
AES_set_decrypt_key(rkey, nr_of_bits, &key);
nr_of_bytes = sizeof(ciphertext);
AES_cbc_encrypt(ciphertext,
checktext,
nr_of_bytes,
&key, iv,
AES_DECRYPT);
hexdump(stdout, "== checktext ==",
checktext,
两辊矫直机sizeof(checktext));
printf("\n");
return 0;
}
【yasi 运⾏结果】
0000 81 ac 9b 38 1c 02 c5 c8 1d 7c a0 3f 87 be f2 c6
== iv ==
0000 34 a2 f1 f5 f3 93 76 32 cd 77 ad fb c8 82 f2 1b
0010 f3 cc 51 f6 35 f3 49 8d 44 97 8c 2c 89 50 0d d7
0020 68 21 d7 2f 0a 90 29 c1 dd c9 39 bc 7c 4f 18 2f
空包弹助退器0030 04 cc 42 5e 84 8e fe a9 c5 49 00 9f 30 55 94 c0
== plaintext ==
碟片播放机0000 61 62 63 64 65 66 67 69 61 62 63 64 65 66 67 69
0010 30 31 32 33 34 35 36 37 30 31 32 33 34 35 36 37
0020 61 62 63 64 65 66 67 69 61 62 63 64 65 66 67 69
0030 30 31 32 33 34 35 36 37 30 31 32 33 34 35 36 37
== ciphertext ==
0000 c4 63 72 29 21 28 7b a2 27 24 4a e4 bb 95 1a d1
0010 b8 13 0e 77 0c 8a a4 09 2f ca 85 43 41 b5 5b d5
0020 a3 60 92 58 5b dd 45 0c e2 62 af f9 43 81 d7 06
0030 41 8e 85 28 3e eb 72 b5 ee 84 8c 27 7e 67 20 f6
== iv changed ==
0000 41 8e 85 28 3e eb 72 b5 ee 84 8c 27 7e 67 20 f6
0010 f3 cc 51 f6 35 f3 49 8d 44 97 8c 2c 89 50 0d d7
0020 68 21 d7 2f 0a 90 29 c1 dd c9 39 bc 7c 4f 18 2f
0030 04 cc 42 5e 84 8e fe a9 c5 49 00 9f 30 55 94 c0
== checktext ==
0000 61 62 63 64 65 66 67 69 61 62 63 64 65 66 67 69
0010 30 31 32 33 34 35 36 37 30 31 32 33 34 35 36 37
0020 61 62 63 64 65 66 67 69 61 62 63 64 65 66 67 69
0030 30 31 32 33 34 35 36 37 30 31 32 33 34 35 36 37
可见,encryption之后,IV⽴即被修改了。所以,为了能正确decrypt,在decrypt时,必须使⽤先前encrypt时的IV,即代码第98⾏。【第⼆次运⾏的结果】
0000 29 68 75 4d a5 9e 83 9a ed f8 ec bc 2e b8 09 7e
== iv ==
0000 b8 21 09 de 8f 58 6e be 73 be a7 10 fb 91 87 65
0010 65 9c d7 0e 4c 88 d2 65 ae de 0b 49 40 c7 75 df
0020 19 69 53 0b 11 5d ac e7 08 f6 ae df 16 66 e0 13
0030 75 41 f7 bb be 56 a1 dd a7 3e fb 4e 5d 9e e4 a2
== plaintext ==
0000 61 62 63 64 65 66 67 69 61 62 63 64 65 66 67 69
0010 30 31 32 33 34 35 36 37 30 31 32 33 34 35 36 37
0020 61 62 63 64 65 66 67 69 61 62 63 64 65 66 67 69
0030 30 31 32 33 34 35 36 37 30 31 32 33 34 35 36 37
== ciphertext ==
0000 5e 85 9c e8 65 d6 3b f9 03 9a a0 b5 78 bd f6 d4
0010 11 70 94 c1 c3 78 9a 1d 12 9a 84 48 3a 70 88 13
0020 d6 b5 bf c6 e8 e1 76 dc 3c b9 b0 4e b9 bb c4 74
0030 35 3d ac fc 29 e3 a0 64 d7 76 ab 76 c7 af dd 39
== iv changed ==
0000 35 3d ac fc 29 e3 a0 64 d7 76 ab 76 c7 af dd 39
0010 65 9c d7 0e 4c 88 d2 65 ae de 0b 49 40 c7 75 df
0020 19 69 53 0b 11 5d ac e7 08 f6 ae df 16 66 e0 13电磁屏蔽导电胶
0030 75 41 f7 bb be 56 a1 dd a7 3e fb 4e 5d 9e e4 a2
== checktext ==
0000 61 62 63 64 65 66 67 69 61 62 63 64 65 66 67 69
0010 30 31 32 33 34 35 36 37 30 31 32 33 34 35 36 37
0020 61 62 63 64 65 66 67 69 61 62 63 64 65 66 67 69
0030 30 31 32 33 34 35 36 37 30 31 32 33 34 35 36 37
可见,两次运⾏,虽然encrypt的明码是⼀样的,但encrypt出来的结果是不同的。随机明码改静态明码的⽬的就是为了⽐较两次encrypt的结果。即,相同的明码⽤不同的IV做encrypt,结果是不同的。
【屏蔽第98⾏重新编译后的执⾏结果】
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议