openssl evp 对称加密(AES_ecb,ccb)
openssl evp 对称加密(AES_ecb,ccb)
evp.h 封装了openssl常用密码学工具,以下主要说对称加密的接口
1. 如下使用 aes_256_ecb 模式的加密解密测试代码
unsigned char key[32] = {1};unsigned char iv[16] = {0};unsigned char *inStr = "this is test string";int inLen = strlen(inStr);int encLen = 0;int outlen = 0;unsigned char encData[1024];printf("source: %s\n",inStr);//加密EVP_CIPHER_CTX *ctx;ctx = EVP_CIPHER_CTX_new();EVP_CipherInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, iv, 1);EVP_CipherUpdate(ctx, encData, &outlen, inStr, inLen);encLen = outlen;EVP_CipherFinal(ctx, encData+outlen, &outlen);encLen += outlen;EVP_CIPHER_CTX_free(ctx);//解密int decLen = 0;outlen = 0;unsigned char decData[1024];EVP_CIPHER_CTX *ctx2;ctx2 = EVP_CIPHER_CTX_new();EVP_CipherInit_ex(ctx2, EVP_aes_256_ecb(), NULL, key, iv, 0);EVP_CipherUpdate(ctx2, decData, &outlen, encData, encLen);decLen = outlen;EVP_CipherFinal(ctx2, decData+outlen, &outlen);decLen += outlen;EVP_CIPHER_CTX_free(ctx2);decData[decLen] = '\0';printf("decrypt: %s\n",decData);
如上这种init,update,final的调用方式和之前 提供的哈希接口调用方式差不多
大致流程
EVP_CipherInit_ex 初始化加密使用的key,iv,算法模式,最后 一个参数,1表示加密,0表示解密
EVP_CipherUpdate 加密解密处理
EVP_CipherFinal 获取结果
2. 由上测试代码中 EVP_CipherInit_ex(ctx, EVP_aes_256_ecb(), NULL, key, iv, 1); 使用的算法模式为 EVP_aes_256_ecb()
根据接口 evp.h可知其他的对称加密算法有如下
const EVP_CIPHER *EVP_des_ecb(void); const EVP_CIPHER *EVP_des_ede(void); const EVP_CIPHER *EVP_des_ede3(void); ... const EVP_CIPHER *EVP_idea_ecb(void); const EVP_CIPHER *EVP_idea_cfb64(void); const EVP_CIPHER *EVP_idea_ofb(void); ..... const EVP_CIPHER *EVP_bf_cbc(void); const EVP_CIPHER *EVP_bf_cfb64(void); ..... const EVP_CIPHER *EVP_cast5_ecb(void); const EVP_CIPHER *EVP_cast5_cbc(void); ..... const EVP_CIPHER *EVP_aes_128_ecb(void); const EVP_CIPHER *EVP_aes_128_cbc(void); const EVP_CIPHER *EVP_aes_128_cfb1(void); ...... const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); const EVP_CIPHER *EVP_aes_256_cfb1(void); .... const EVP_CIPHER *EVP_camellia_128_cfb1(void); const EVP_CIPHER *EVP_camellia_128_cfb8(void); const EVP_CIPHER *EVP_camellia_128_cfb128(void); ......//以上省略表示还有很多,这里只是列出部分
选取相应的算法对应修改上面的测试代码即可,实现对称加密体系中其他算法的加密解密
3. EVP中对称加密的主要接口有
__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,const unsigned char *key, const unsigned char *iv); /*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,const unsigned char *key,const unsigned char *iv); /*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, const unsigned char *in, int inl); /*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl); /*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl);__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,const unsigned char *key, const unsigned char *iv); /*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,const unsigned char *key,const unsigned char *iv); /*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, const unsigned char *in, int inl); __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,int *outl); /*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,int *outl);__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,const unsigned char *key, const unsigned char *iv,int enc); /*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,const unsigned char *key,const unsigned char *iv, int enc); __owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, const unsigned char *in, int inl); __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,int *outl); __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,int *outl);
4. 上面的例子之中,我使用的是EVP_Cipher相关api处理的对称加密
如下,我们还可以直接使用上面的 EVP_Encrypt,EVP_Decrypt 接口来处理加密解密
封装加密解密
//加密 int kk_encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key,unsigned char *iv, unsigned char *ciphertext) {EVP_CIPHER_CTX *ctx;int len;int ciphertext_len;ctx = EVP_CIPHER_CTX_new();EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len);ciphertext_len = len;EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);ciphertext_len += len;EVP_CIPHER_CTX_free(ctx);return ciphertext_len; }//解密 int kk_decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *key,unsigned char *iv, unsigned char *plaintext) {EVP_CIPHER_CTX *ctx;int len;int plaintext_len;ctx = EVP_CIPHER_CTX_new();EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len);plaintext_len = len;EVP_DecryptFinal_ex(ctx, plaintext + len, &len);plaintext_len += len;EVP_CIPHER_CTX_free(ctx);return plaintext_len; }
调用测试:
unsigned char key[32] = {8};unsigned char iv[16] = {6};unsigned char *plaintext = (unsigned char *)"This is Test Plain Data,This is Test Plain Data.";unsigned char ciphertext[128];unsigned char decryptedtext[128];int decryptedtext_len, ciphertext_len;printf("source is: \n%s\n",plaintext);//加密ciphertext_len = kk_encrypt (plaintext, strlen ((char *)plaintext), key, iv,ciphertext);//解密decryptedtext_len = kk_decrypt(ciphertext, ciphertext_len, key, iv,decryptedtext);decryptedtext[decryptedtext_len] = '\0';printf("Decrypted text is:\n");printf("%s\n", decryptedtext);
和上面第一个例子的流程差不多,修改其中的对称体系使用的算法即可实现其他算法处理
5. 如果不使用EVP提供的接口,当然还可以直接使用 aes.h 提供的接口
主要接口有
/* This should be a hidden type, but EVP requires that the size be known */ struct aes_key_st { # ifdef AES_LONGunsigned long rd_key[4 * (AES_MAXNR + 1)]; # elseunsigned int rd_key[4 * (AES_MAXNR + 1)]; # endifint rounds; }; typedef struct aes_key_st AES_KEY;const char *AES_options(void);int AES_set_encrypt_key(const unsigned char *userKey, const int bits,AES_KEY *key); int AES_set_decrypt_key(const unsigned char *userKey, const int bits,AES_KEY *key);void AES_encrypt(const unsigned char *in, unsigned char *out,const AES_KEY *key); void AES_decrypt(const unsigned char *in, unsigned char *out,const AES_KEY *key);void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,const AES_KEY *key, const int enc); void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,size_t length, const AES_KEY *key,unsigned char *ivec, const int enc); void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,size_t length, const AES_KEY *key,unsigned char *ivec, int *num, const int enc); void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,size_t length, const AES_KEY *key,unsigned char *ivec, int *num, const int enc); void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,size_t length, const AES_KEY *key,unsigned char *ivec, int *num, const int enc); void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,size_t length, const AES_KEY *key,unsigned char *ivec, int *num); /* NB: the IV is _two_ blocks long */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,size_t length, const AES_KEY *key,unsigned char *ivec, const int enc); /* NB: the IV is _four_ blocks long */ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,size_t length, const AES_KEY *key,const AES_KEY *key2, const unsigned char *ivec,const int enc);int AES_wrap_key(AES_KEY *key, const unsigned char *iv,unsigned char *out,const unsigned char *in, unsigned int inlen); int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,unsigned char *out,const unsigned char *in, unsigned int inlen);
测试接口AES_encrypt,AES_decrypt
//测试1 void kk_aes_encrypt(char *inData,char *key,char *outData) {AES_KEY encKey;AES_set_encrypt_key(key, 128, &encKey);int inLen = strlen(inData);int encLen = 0;//分组加密while (encLen <inLen) {AES_encrypt(inData, outData, &encKey);inData += AES_BLOCK_SIZE;outData+=AES_BLOCK_SIZE;encLen +=AES_BLOCK_SIZE;}}void kk_aes_decrypt(char *inData,char *key,char *outData) {AES_KEY decKey;AES_set_decrypt_key(key, 128, &decKey);int inLen = strlen(inData);int decLen = 0;//分组处理while (decLen < inLen) {AES_decrypt(inData, outData, &decKey);inData += AES_BLOCK_SIZE;outData+=AES_BLOCK_SIZE;decLen +=AES_BLOCK_SIZE;} }//测试 void testSIMPLEAES() {char *key = "this key";char *ins = "test str dat,test str dat,test str dat,test str dat,QQQS";printf("src:%s\n",ins);char *encDT = malloc(strlen(ins));kk_aes_encrypt(ins, key, encDT);char *decDT = malloc(strlen(encDT));kk_aes_decrypt(encDT, key, decDT);printf("dec:%s\n",decDT); }
测试AES_cbc_encrypt接口
AES_KEY encKEy;unsigned char *uk = "uk123";char encIV[AES_BLOCK_SIZE] = {0};AES_set_encrypt_key(uk, 128, &encKEy);char *inStr = "This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.";char *encData = malloc(1024);AES_cbc_encrypt(inStr, encData, strlen(inStr), &encKEy, encIV, AES_ENCRYPT);printf("src:%s\n",inStr);AES_KEY decKey;AES_set_decrypt_key(uk, 128, &decKey);char decIV[AES_BLOCK_SIZE] = {0};char *decData = malloc(1024);AES_cbc_encrypt(encData,decData, strlen(encData), &decKey, decIV, AES_DECRYPT);decData[strlen(inStr)] = '\0';printf("dec:%s\n",decData);if (strcmp(inStr, decData)==0) {printf("PASS\n");}
总结:EVP 提供的两套对称加密的接口和上篇文章提到的哈希接口调用流程上很相似;
功能非常完善。
参考:https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
测试使用openssl 1.1.0c
转载于:https://www.cnblogs.com/cocoajin/p/6121706.html
openssl evp 对称加密(AES_ecb,ccb)相关推荐
- 基于openssl的EVP对称加密C语言单独实现
基于openssl的EVP对称加密C语言单独实现 代码实现 运行结果 说明 在 <基于openssl的EVP对称加密C语言实战案例>这篇博客的基础上将代码提出到独立的.c文件,可以单独进行 ...
- 基于openssl的EVP对称加密C语言实战案例
根据解密算法代码反推实现加密算法 说明 先上已经实现的解密代码 加密接口实现 参考 说明 为保证项目安全,本文章使用的加解密相关的代码变量szSalt,szKey,nrounds,gszKey等变量为 ...
- openssl evp
openssl evp 对称加密(AES_ecb,ccb) evp.h 封装了openssl常用密码学工具,以下主要说对称加密的接口 1. 如下使用 aes_256_ecb 模式的加密解密测试代码 u ...
- linux 对称加密命令,linux安全和加密篇(三)—openssl工具和CA证书
OpenSSL:开源项目 三个组件: openssl: 多用途的命令行工具,包openssl libcrypto: 加密算法库,包openssl-libs[root@centos7-4 data]# ...
- 对称加密、非对称加密、DES、AES、RSA、OpenSSL、数字签名、防篡改
本公众号分享的所有技术仅用于学习交流,请勿用于其他非法活动,如果错漏,欢迎留言指正 <加密与解密>第4版 加解密 安全领域的重要分支和基础设施 互联网重要数据的传输需要加解密 TCP/IP ...
- Python代码实现MD5、AES对称加密和RSA非对称加密以及OpenSSl实践
1.MD5加密算法 1.1 MD5加密的特点 不可逆运算 对不同的数据加密的结果是定长的32位和16位字符(不管文件多大都一样) 对相同的数据加密,得到的结果是一样的(也就是复制). 抗修改性 :信息 ...
- 【下】安全HTTPS-全面详解对称加密,非对称加密,数字签名,数字证书和HTTPS
此文章转载来源于http://blog.csdn.net/tenfyguo/article/details/40958727点击打开链接 1. HTTPS 1.1. 什么是HTTPS HTTPS(H ...
- Android 在 NDK 层使用 OpenSSL 进行 RSA 加密
前言 需求:需要在NDK层对一个Java层的字符串进行RSA加密,然后对加密的结果进行Base64返回到Java层 方案:选择使用OpenSSL来实现. 编译libssl.a和libcrypto.a静 ...
- 苹果封装的对称加密和非对称加密API
一.信息摘要算法5:MD5 1.系统库位置:<CommonCrypto/CommonHMAC.h>. 2.非加密算法,属于哈希散列,不可逆,用于检验数据完整性. 二.安全散列(哈希)算法S ...
最新文章
- 科技部:学术不端零容忍!违规人员所获职称、奖金等全部清退归零
- 『Python』VS2015编译源码注意事项
- 原创 | 分布式事务科普(终结篇)
- SAP ABAP实用技巧介绍系列之 关于View framework处理Before save event的讨论
- python 爬虫 selenium
- maven构建java web项目(idea开发)
- Docker GitLab镜像部署
- [暴力]JZOJ 5842 a
- 程序员面试金典——17.4无判断max
- linux clac countif的使用
- 欧文分校计算机新sat多少分录取,新SAT多少分能进美国TOP100大学
- Unity实现打地鼠游戏操作步骤、总结、问题及解决办法
- 全系统进程隐藏win7winn10win11器风铃进程隐藏器软件
- DeFi 2.0的LaaS协议Elephant,或许是你熊市下为数不多的获利手段
- 【知识贴】战争中的数学应用
- 7-4 sdust-Java-字符串集合求并集 (20分)
- 高德地图完整功能的html,揭秘高德地图八大不为人知的强大功能
- ESXI虚拟机搭建华三vFW2000虚拟防火墙
- 最全最详细数据结构与算法视频-【附课件和源码】
- Android gradle阿里云仓库